@opentdf/sdk 0.1.0-beta.1701

package/dist/web/src/policy/granter.js

@@ -0,0 +1,141 @@
+import { ConfigurationError } from '../errors.js';
+export function booleanOperatorFor(rule) {
+    if (!rule) {
+        return 'allOf';
+    }
+    switch (rule) {
+        case 'ATTRIBUTE_RULE_TYPE_ENUM_UNSPECIFIED':
+        case 'ATTRIBUTE_RULE_TYPE_ENUM_ALL_OF':
+            return 'allOf';
+        case 'ATTRIBUTE_RULE_TYPE_ENUM_ANY_OF':
+            return 'anyOf';
+        case 'ATTRIBUTE_RULE_TYPE_ENUM_HIERARCHY':
+            return 'hierarchy';
+    }
+}
+export function plan(dataAttrs) {
+    // KASes by value
+    const grants = {};
+    // KAS detail by KAS url
+    const kasInfo = {};
+    // Attribute definitions in use
+    const prefixes = new Set();
+    // Values grouped by normalized attribute prefix
+    const allClauses = {};
+    // Values by normalized FQN
+    const allValues = {};
+    const addGrants = (val, gs) => {
+        if (!gs?.length) {
+            if (!(val in grants)) {
+                grants[val] = new Set();
+            }
+            return false;
+        }
+        for (const g of gs) {
+            if (val in grants) {
+                grants[val].add(g.uri);
+            }
+            else {
+                grants[val] = new Set([g.uri]);
+            }
+            kasInfo[g.uri] = g;
+        }
+        return true;
+    };
+    for (const v of dataAttrs) {
+        const { attribute, fqn } = v;
+        if (!attribute) {
+            throw new ConfigurationError(`attribute not defined for [${fqn}]`);
+        }
+        const valFqn = fqn.toLowerCase();
+        const attrFqn = attribute.fqn.toLowerCase();
+        if (!prefixes.has(attrFqn)) {
+            prefixes.add(attrFqn);
+            allClauses[attrFqn] = {
+                def: attribute,
+                values: [],
+            };
+        }
+        allClauses[attrFqn].values.push(valFqn);
+        allValues[valFqn] = v;
+        if (!addGrants(valFqn, v.grants)) {
+            if (!addGrants(valFqn, attribute.grants)) {
+                addGrants(valFqn, attribute.namespace?.grants);
+            }
+        }
+    }
+    const kcs = [];
+    for (const attrClause of Object.values(allClauses)) {
+        const ccv = [];
+        for (const term of attrClause.values) {
+            const grantsForTerm = Array.from(grants[term] || []);
+            if (grantsForTerm?.length) {
+                ccv.push({
+                    op: 'anyOf',
+                    kases: grantsForTerm,
+                });
+            }
+        }
+        const op = booleanOperatorFor(attrClause.def.rule);
+        kcs.push({
+            op,
+            children: ccv,
+        });
+    }
+    return simplify(kcs, kasInfo);
+}
+function simplify(clauses, kasInfo) {
+    const conjunction = {};
+    function keyFor(kases) {
+        const k = Array.from(new Set([kases])).sort();
+        return k.join('|');
+    }
+    for (const { op, children } of clauses) {
+        if (!children) {
+            continue;
+        }
+        if (op === 'anyOf') {
+            const anyKids = [];
+            for (const bc of children) {
+                if (bc.op != 'anyOf') {
+                    throw new Error('internal: autoconfigure inversion in disjunction');
+                }
+                if (!bc.kases?.length) {
+                    continue;
+                }
+                anyKids.push(...bc.kases);
+            }
+            if (!anyKids?.length) {
+                continue;
+            }
+            const k = keyFor(anyKids);
+            conjunction[k] = anyKids;
+        }
+        else {
+            for (const bc of children) {
+                if (bc.op != 'anyOf') {
+                    throw new Error('insternal: autoconfigure inversion in conjunction');
+                }
+                if (!bc.kases?.length) {
+                    continue;
+                }
+                const k = keyFor(bc.kases);
+                conjunction[k] = bc.kases;
+            }
+        }
+    }
+    const t = [];
+    let i = 0;
+    for (const k of Object.keys(conjunction).sort()) {
+        if (!conjunction[k]) {
+            continue;
+        }
+        i += 1;
+        const sid = '' + i;
+        for (const kas of conjunction[k]) {
+            t.push({ sid, kas: kasInfo[kas] });
+        }
+    }
+    return t;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ3JhbnRlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9wb2xpY3kvZ3JhbnRlci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFxQ2xELE1BQU0sVUFBVSxrQkFBa0IsQ0FBQyxJQUF3QjtJQUN6RCxJQUFJLENBQUMsSUFBSSxFQUFFO1FBQ1QsT0FBTyxPQUFPLENBQUM7S0FDaEI7SUFDRCxRQUFRLElBQUksRUFBRTtRQUNaLEtBQUssc0NBQXNDLENBQUM7UUFDNUMsS0FBSyxpQ0FBaUM7WUFDcEMsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxpQ0FBaUM7WUFDcEMsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxvQ0FBb0M7WUFDdkMsT0FBTyxXQUFXLENBQUM7S0FDdEI7QUFDSCxDQUFDO0FBRUQsTUFBTSxVQUFVLElBQUksQ0FBQyxTQUFrQjtJQUNyQyxpQkFBaUI7SUFDakIsTUFBTSxNQUFNLEdBQWdDLEVBQUUsQ0FBQztJQUMvQyx3QkFBd0I7SUFDeEIsTUFBTSxPQUFPLEdBQW9DLEVBQUUsQ0FBQztJQUNwRCwrQkFBK0I7SUFDL0IsTUFBTSxRQUFRLEdBQWdCLElBQUksR0FBRyxFQUFFLENBQUM7SUFDeEMsZ0RBQWdEO0lBQ2hELE1BQU0sVUFBVSxHQUFvQyxFQUFFLENBQUM7SUFDdkQsMkJBQTJCO0lBQzNCLE1BQU0sU0FBUyxHQUEwQixFQUFFLENBQUM7SUFFNUMsTUFBTSxTQUFTLEdBQUcsQ0FBQyxHQUFXLEVBQUUsRUFBc0IsRUFBVyxFQUFFO1FBQ2pFLElBQUksQ0FBQyxFQUFFLEVBQUUsTUFBTSxFQUFFO1lBQ2YsSUFBSSxDQUFDLENBQUMsR0FBRyxJQUFJLE1BQU0sQ0FBQyxFQUFFO2dCQUNwQixNQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxHQUFHLEVBQUUsQ0FBQzthQUN6QjtZQUNELE9BQU8sS0FBSyxDQUFDO1NBQ2Q7UUFDRCxLQUFLLE1BQU0sQ0FBQyxJQUFJLEVBQUUsRUFBRTtZQUNsQixJQUFJLEdBQUcsSUFBSSxNQUFNLEVBQUU7Z0JBQ2pCLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2FBQ3hCO2lCQUFNO2dCQUNMLE1BQU0sQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFJLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO2FBQ2hDO1lBQ0QsT0FBTyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7U0FDcEI7UUFDRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUMsQ0FBQztJQUVGLEtBQUssTUFBTSxDQUFDLElBQUksU0FBUyxFQUFFO1FBQ3pCLE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQzdCLElBQUksQ0FBQyxTQUFTLEVBQUU7WUFDZCxNQUFNLElBQUksa0JBQWtCLENBQUMsOEJBQThCLEdBQUcsR0FBRyxDQUFDLENBQUM7U0FDcEU7UUFDRCxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakMsTUFBTSxPQUFPLEdBQUcsU0FBUyxDQUFDLEdBQUcsQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUM1QyxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsRUFBRTtZQUMxQixRQUFRLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQ3RCLFVBQVUsQ0FBQyxPQUFPLENBQUMsR0FBRztnQkFDcEIsR0FBRyxFQUFFLFNBQVM7Z0JBQ2QsTUFBTSxFQUFFLEVBQUU7YUFDWCxDQUFDO1NBQ0g7UUFDRCxVQUFVLENBQUMsT0FBTyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN4QyxTQUFTLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3RCLElBQUksQ0FBQyxTQUFTLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxNQUFNLENBQUMsRUFBRTtZQUNoQyxJQUFJLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxTQUFTLENBQUMsTUFBTSxDQUFDLEVBQUU7Z0JBQ3hDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsU0FBUyxDQUFDLFNBQVMsRUFBRSxNQUFNLENBQUMsQ0FBQzthQUNoRDtTQUNGO0tBQ0Y7SUFDRCxNQUFNLEdBQUcsR0FBMkIsRUFBRSxDQUFDO0lBQ3ZDLEtBQUssTUFBTSxVQUFVLElBQUksTUFBTSxDQUFDLE1BQU0sQ0FBQyxVQUFVLENBQUMsRUFBRTtRQUNsRCxNQUFNLEdBQUcsR0FBb0IsRUFBRSxDQUFDO1FBQ2hDLEtBQUssTUFBTSxJQUFJLElBQUksVUFBVSxDQUFDLE1BQU0sRUFBRTtZQUNwQyxNQUFNLGFBQWEsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztZQUNyRCxJQUFJLGFBQWEsRUFBRSxNQUFNLEVBQUU7Z0JBQ3pCLEdBQUcsQ0FBQyxJQUFJLENBQUM7b0JBQ1AsRUFBRSxFQUFFLE9BQU87b0JBQ1gsS0FBSyxFQUFFLGFBQWE7aUJBQ3JCLENBQUMsQ0FBQzthQUNKO1NBQ0Y7UUFDRCxNQUFNLEVBQUUsR0FBRyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ25ELEdBQUcsQ0FBQyxJQUFJLENBQUM7WUFDUCxFQUFFO1lBQ0YsUUFBUSxFQUFFLEdBQUc7U0FDZCxDQUFDLENBQUM7S0FDSjtJQUNELE9BQU8sUUFBUSxDQUFDLEdBQUcsRUFBRSxPQUFPLENBQUMsQ0FBQztBQUNoQyxDQUFDO0FBRUQsU0FBUyxRQUFRLENBQ2YsT0FBK0IsRUFDL0IsT0FBd0M7SUFFeEMsTUFBTSxXQUFXLEdBQTZCLEVBQUUsQ0FBQztJQUNqRCxTQUFTLE1BQU0sQ0FBQyxLQUFlO1FBQzdCLE1BQU0sQ0FBQyxHQUFHLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxHQUFHLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDOUMsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQ3JCLENBQUM7SUFDRCxLQUFLLE1BQU0sRUFBRSxFQUFFLEVBQUUsUUFBUSxFQUFFLElBQUksT0FBTyxFQUFFO1FBQ3RDLElBQUksQ0FBQyxRQUFRLEVBQUU7WUFDYixTQUFTO1NBQ1Y7UUFDRCxJQUFJLEVBQUUsS0FBSyxPQUFPLEVBQUU7WUFDbEIsTUFBTSxPQUFPLEdBQUcsRUFBRSxDQUFDO1lBQ25CLEtBQUssTUFBTSxFQUFFLElBQUksUUFBUSxFQUFFO2dCQUN6QixJQUFJLEVBQUUsQ0FBQyxFQUFFLElBQUksT0FBTyxFQUFFO29CQUNwQixNQUFNLElBQUksS0FBSyxDQUFDLGtEQUFrRCxDQUFDLENBQUM7aUJBQ3JFO2dCQUNELElBQUksQ0FBQyxFQUFFLENBQUMsS0FBSyxFQUFFLE1BQU0sRUFBRTtvQkFDckIsU0FBUztpQkFDVjtnQkFDRCxPQUFPLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDLEtBQUssQ0FBQyxDQUFDO2FBQzNCO1lBQ0QsSUFBSSxDQUFDLE9BQU8sRUFBRSxNQUFNLEVBQUU7Z0JBQ3BCLFNBQVM7YUFDVjtZQUNELE1BQU0sQ0FBQyxHQUFHLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUMxQixXQUFXLENBQUMsQ0FBQyxDQUFDLEdBQUcsT0FBTyxDQUFDO1NBQzFCO2FBQU07WUFDTCxLQUFLLE1BQU0sRUFBRSxJQUFJLFFBQVEsRUFBRTtnQkFDekIsSUFBSSxFQUFFLENBQUMsRUFBRSxJQUFJLE9BQU8sRUFBRTtvQkFDcEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxtREFBbUQsQ0FBQyxDQUFDO2lCQUN0RTtnQkFDRCxJQUFJLENBQUMsRUFBRSxDQUFDLEtBQUssRUFBRSxNQUFNLEVBQUU7b0JBQ3JCLFNBQVM7aUJBQ1Y7Z0JBQ0QsTUFBTSxDQUFDLEdBQUcsTUFBTSxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQztnQkFDM0IsV0FBVyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsQ0FBQyxLQUFLLENBQUM7YUFDM0I7U0FDRjtLQUNGO0lBQ0QsTUFBTSxDQUFDLEdBQW1CLEVBQUUsQ0FBQztJQUM3QixJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDVixLQUFLLE1BQU0sQ0FBQyxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUU7UUFDL0MsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQUMsRUFBRTtZQUNuQixTQUFTO1NBQ1Y7UUFDRCxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ1AsTUFBTSxHQUFHLEdBQUcsRUFBRSxHQUFHLENBQUMsQ0FBQztRQUNuQixLQUFLLE1BQU0sR0FBRyxJQUFJLFdBQVcsQ0FBQyxDQUFDLENBQUMsRUFBRTtZQUNoQyxDQUFDLENBQUMsSUFBSSxDQUFDLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxPQUFPLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1NBQ3BDO0tBQ0Y7SUFDRCxPQUFPLENBQUMsQ0FBQztBQUNYLENBQUMifQ==

package/dist/web/src/tdf/AttributeObject.js

@@ -0,0 +1,11 @@
+export async function createAttribute(attribute, pubKey, kasUrl) {
+    return {
+        attribute,
+        isDefault: false,
+        displayName: '',
+        pubKey: pubKey.publicKey,
+        kasUrl,
+        schemaVersion: '1.1.0',
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXR0cmlidXRlT2JqZWN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9BdHRyaWJ1dGVPYmplY3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBYUEsTUFBTSxDQUFDLEtBQUssVUFBVSxlQUFlLENBQ25DLFNBQWlCLEVBQ2pCLE1BQXdCLEVBQ3hCLE1BQWM7SUFFZCxPQUFPO1FBQ0wsU0FBUztRQUNULFNBQVMsRUFBRSxLQUFLO1FBQ2hCLFdBQVcsRUFBRSxFQUFFO1FBQ2YsTUFBTSxFQUFFLE1BQU0sQ0FBQyxTQUFTO1FBQ3hCLE1BQU07UUFDTixhQUFhLEVBQUUsT0FBTztLQUN2QixDQUFDO0FBQ0osQ0FBQyJ9

package/dist/web/src/tdf/AttributeObjectJwt.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQXR0cmlidXRlT2JqZWN0Snd0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9BdHRyaWJ1dGVPYmplY3RKd3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/web/src/tdf/Crypto.js

@@ -0,0 +1,44 @@
+export var AlgorithmName;
+(function (AlgorithmName) {
+    AlgorithmName["ECDH"] = "ECDH";
+    AlgorithmName["ECDSA"] = "ECDSA";
+    AlgorithmName["ES256"] = "ES256";
+    AlgorithmName["HKDF"] = "HKDF";
+    AlgorithmName["RSA_OAEP"] = "RSA-OAEP";
+    AlgorithmName["RSA_PSS"] = "RSA-PSS";
+})(AlgorithmName || (AlgorithmName = {}));
+export var NamedCurve;
+(function (NamedCurve) {
+    NamedCurve["P256"] = "P-256";
+    NamedCurve["P384"] = "P-384";
+    NamedCurve["P512"] = "P-512";
+})(NamedCurve || (NamedCurve = {}));
+export var CipherType;
+(function (CipherType) {
+    CipherType["AesGcm"] = "AES-GCM";
+})(CipherType || (CipherType = {}));
+export var HashType;
+(function (HashType) {
+    HashType["Sha256"] = "SHA-256";
+})(HashType || (HashType = {}));
+export var KeyFormat;
+(function (KeyFormat) {
+    KeyFormat["Raw"] = "raw";
+    KeyFormat["Pkcs8"] = "pkcs8";
+    KeyFormat["Spki"] = "spki";
+})(KeyFormat || (KeyFormat = {}));
+export var KeyType;
+(function (KeyType) {
+    KeyType["Private"] = "private";
+    KeyType["Public"] = "public";
+})(KeyType || (KeyType = {}));
+export var KeyUsageType;
+(function (KeyUsageType) {
+    KeyUsageType["Encrypt"] = "encrypt";
+    KeyUsageType["Decrypt"] = "decrypt";
+    KeyUsageType["Verify"] = "verify";
+    KeyUsageType["Sign"] = "sign";
+    KeyUsageType["UnwrapKey"] = "unwrapKey";
+    KeyUsageType["WrapKey"] = "wrapKey";
+})(KeyUsageType || (KeyUsageType = {}));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiQ3J5cHRvLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9DcnlwdG8udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsTUFBTSxDQUFOLElBQVksYUFPWDtBQVBELFdBQVksYUFBYTtJQUN2Qiw4QkFBYSxDQUFBO0lBQ2IsZ0NBQWUsQ0FBQTtJQUNmLGdDQUFlLENBQUE7SUFDZiw4QkFBYSxDQUFBO0lBQ2Isc0NBQXFCLENBQUE7SUFDckIsb0NBQW1CLENBQUE7QUFDckIsQ0FBQyxFQVBXLGFBQWEsS0FBYixhQUFhLFFBT3hCO0FBRUQsTUFBTSxDQUFOLElBQVksVUFJWDtBQUpELFdBQVksVUFBVTtJQUNwQiw0QkFBYyxDQUFBO0lBQ2QsNEJBQWMsQ0FBQTtJQUNkLDRCQUFjLENBQUE7QUFDaEIsQ0FBQyxFQUpXLFVBQVUsS0FBVixVQUFVLFFBSXJCO0FBRUQsTUFBTSxDQUFOLElBQVksVUFFWDtBQUZELFdBQVksVUFBVTtJQUNwQixnQ0FBa0IsQ0FBQTtBQUNwQixDQUFDLEVBRlcsVUFBVSxLQUFWLFVBQVUsUUFFckI7QUFFRCxNQUFNLENBQU4sSUFBWSxRQUVYO0FBRkQsV0FBWSxRQUFRO0lBQ2xCLDhCQUFrQixDQUFBO0FBQ3BCLENBQUMsRUFGVyxRQUFRLEtBQVIsUUFBUSxRQUVuQjtBQUVELE1BQU0sQ0FBTixJQUFZLFNBSVg7QUFKRCxXQUFZLFNBQVM7SUFDbkIsd0JBQVcsQ0FBQTtJQUNYLDRCQUFlLENBQUE7SUFDZiwwQkFBYSxDQUFBO0FBQ2YsQ0FBQyxFQUpXLFNBQVMsS0FBVCxTQUFTLFFBSXBCO0FBRUQsTUFBTSxDQUFOLElBQVksT0FHWDtBQUhELFdBQVksT0FBTztJQUNqQiw4QkFBbUIsQ0FBQTtJQUNuQiw0QkFBaUIsQ0FBQTtBQUNuQixDQUFDLEVBSFcsT0FBTyxLQUFQLE9BQU8sUUFHbEI7QUFFRCxNQUFNLENBQU4sSUFBWSxZQU9YO0FBUEQsV0FBWSxZQUFZO0lBQ3RCLG1DQUFtQixDQUFBO0lBQ25CLG1DQUFtQixDQUFBO0lBQ25CLGlDQUFpQixDQUFBO0lBQ2pCLDZCQUFhLENBQUE7SUFDYix1Q0FBdUIsQ0FBQTtJQUN2QixtQ0FBbUIsQ0FBQTtBQUNyQixDQUFDLEVBUFcsWUFBWSxLQUFaLFlBQVksUUFPdkIifQ==

package/dist/web/src/tdf/EntityObject.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiRW50aXR5T2JqZWN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9FbnRpdHlPYmplY3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/web/src/tdf/NanoTDF/NanoTDF.js

@@ -0,0 +1,35 @@
+var CipherType;
+(function (CipherType) {
+    CipherType[CipherType["Aes256Gcm64"] = 0] = "Aes256Gcm64";
+    CipherType[CipherType["Aes256Gcm96"] = 1] = "Aes256Gcm96";
+    CipherType[CipherType["Aes256Gcm104"] = 2] = "Aes256Gcm104";
+    CipherType[CipherType["Aes256Gcm112"] = 3] = "Aes256Gcm112";
+    CipherType[CipherType["Aes256Gcm120"] = 4] = "Aes256Gcm120";
+    CipherType[CipherType["Aes256Gcm128"] = 5] = "Aes256Gcm128";
+})(CipherType || (CipherType = {}));
+/**
+ * The Signature ECC Mode is used to determine the length of the signature at the end of a nanotdf. This, in
+ * combination with the previous HAS_SIGNATURE section, describe the signature of the nanotdf. The following table
+ * describes the valid values and the associated ECC Params.
+ */
+var CurveName;
+(function (CurveName) {
+    CurveName[CurveName["Secp256R1"] = 0] = "Secp256R1";
+    CurveName[CurveName["Secp384R1"] = 1] = "Secp384R1";
+    CurveName[CurveName["Secp521R1"] = 2] = "Secp521R1";
+})(CurveName || (CurveName = {}));
+export var ResourceLocatorProtocol;
+(function (ResourceLocatorProtocol) {
+    ResourceLocatorProtocol[ResourceLocatorProtocol["Http"] = 0] = "Http";
+    ResourceLocatorProtocol[ResourceLocatorProtocol["Https"] = 1] = "Https";
+    ResourceLocatorProtocol[ResourceLocatorProtocol["Unreserverd"] = 2] = "Unreserverd";
+    ResourceLocatorProtocol[ResourceLocatorProtocol["SharedResourceDirectory"] = 255] = "SharedResourceDirectory";
+})(ResourceLocatorProtocol || (ResourceLocatorProtocol = {}));
+export var PolicyType;
+(function (PolicyType) {
+    PolicyType[PolicyType["Remote"] = 0] = "Remote";
+    PolicyType[PolicyType["EmbeddedText"] = 1] = "EmbeddedText";
+    PolicyType[PolicyType["EmbeddedEncrypted"] = 2] = "EmbeddedEncrypted";
+    PolicyType[PolicyType["EmbeddedEncryptedPKA"] = 3] = "EmbeddedEncryptedPKA";
+})(PolicyType || (PolicyType = {}));
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiTmFub1RERi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uL3NyYy90ZGYvTmFub1RERi9OYW5vVERGLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLElBQUssVUFPSjtBQVBELFdBQUssVUFBVTtJQUNiLHlEQUFXLENBQUE7SUFDWCx5REFBVyxDQUFBO0lBQ1gsMkRBQVksQ0FBQTtJQUNaLDJEQUFZLENBQUE7SUFDWiwyREFBWSxDQUFBO0lBQ1osMkRBQVksQ0FBQTtBQUNkLENBQUMsRUFQSSxVQUFVLEtBQVYsVUFBVSxRQU9kO0FBRUQ7Ozs7R0FJRztBQUNILElBQUssU0FJSjtBQUpELFdBQUssU0FBUztJQUNaLG1EQUFTLENBQUE7SUFDVCxtREFBUyxDQUFBO0lBQ1QsbURBQVMsQ0FBQTtBQUNYLENBQUMsRUFKSSxTQUFTLEtBQVQsU0FBUyxRQUliO0FBRUQsTUFBTSxDQUFOLElBQVksdUJBS1g7QUFMRCxXQUFZLHVCQUF1QjtJQUNqQyxxRUFBSSxDQUFBO0lBQ0osdUVBQUssQ0FBQTtJQUNMLG1GQUFXLENBQUE7SUFDWCw2R0FBOEIsQ0FBQTtBQUNoQyxDQUFDLEVBTFcsdUJBQXVCLEtBQXZCLHVCQUF1QixRQUtsQztBQUVELE1BQU0sQ0FBTixJQUFZLFVBS1g7QUFMRCxXQUFZLFVBQVU7SUFDcEIsK0NBQU0sQ0FBQTtJQUNOLDJEQUFZLENBQUE7SUFDWixxRUFBaUIsQ0FBQTtJQUNqQiwyRUFBb0IsQ0FBQTtBQUN0QixDQUFDLEVBTFcsVUFBVSxLQUFWLFVBQVUsUUFLckIifQ==

package/dist/web/src/tdf/Policy.js

@@ -0,0 +1,48 @@
+import { v4 as uuid } from 'uuid';
+class Policy {
+    constructor() {
+        this.uuidStr = uuid();
+        this.dataAttributesList = [];
+        this.dissemList = [];
+    }
+    // private schemaVersionStr = Policy.CURRENT_VERSION;
+    /**
+     * Adds a group of entities, to the Policy's dissem list
+     *
+     * @param entities The entities will be added to the policy and
+     * they will have access to the TDF
+     */
+    addEntities(entities) {
+        this.dissemList.push(...entities);
+        // Remove any duplicates
+        this.dissemList = this.dissemList.filter((elem, index, self) => {
+            return index === self.indexOf(elem);
+        });
+    }
+    /**
+     *
+     * Adds an Attribute object to the policy
+     *
+     * @param attribute will be added to the policy
+     */
+    addAttribute(attribute) {
+        this.dataAttributesList.push(attribute);
+    }
+    /**
+     * Returns the JSON string of Policy object
+     *
+     * @return {string} [The constructed Policy object as JSON string]
+     */
+    toJSON() {
+        return JSON.stringify({
+            uuid: this.uuidStr,
+            body: {
+                dataAttributes: this.dataAttributesList,
+                dissem: this.dissemList,
+            },
+        });
+    }
+}
+Policy.CURRENT_VERSION = '1.1.0';
+export default Policy;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUG9saWN5LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9Qb2xpY3kudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQ0EsT0FBTyxFQUFFLEVBQUUsSUFBSSxJQUFJLEVBQUUsTUFBTSxNQUFNLENBQUM7QUFFbEMsTUFBcUIsTUFBTTtJQUEzQjtRQUdVLFlBQU8sR0FBRyxJQUFJLEVBQUUsQ0FBQztRQUNqQix1QkFBa0IsR0FBc0IsRUFBRSxDQUFDO1FBQzNDLGVBQVUsR0FBYSxFQUFFLENBQUM7SUEwQ3BDLENBQUM7SUF6Q0MscURBQXFEO0lBRXJEOzs7OztPQUtHO0lBQ0gsV0FBVyxDQUFDLFFBQWtCO1FBQzVCLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsUUFBUSxDQUFDLENBQUM7UUFFbEMsd0JBQXdCO1FBQ3hCLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRSxFQUFFO1lBQzdELE9BQU8sS0FBSyxLQUFLLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDdEMsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxZQUFZLENBQUMsU0FBMEI7UUFDckMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztJQUMxQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILE1BQU07UUFDSixPQUFPLElBQUksQ0FBQyxTQUFTLENBQUM7WUFDcEIsSUFBSSxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ2xCLElBQUksRUFBRTtnQkFDSixjQUFjLEVBQUUsSUFBSSxDQUFDLGtCQUFrQjtnQkFDdkMsTUFBTSxFQUFFLElBQUksQ0FBQyxVQUFVO2FBQ3hCO1NBQ0YsQ0FBQyxDQUFDO0lBQ0wsQ0FBQzs7QUE3Q00sc0JBQWUsR0FBRyxPQUFPLEFBQVYsQ0FBVztlQURkLE1BQU0ifQ==

package/dist/web/src/tdf/PolicyObject.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUG9saWN5T2JqZWN0LmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL3RkZi9Qb2xpY3lPYmplY3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/web/src/tdf/TypedArray.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiVHlwZWRBcnJheS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy90ZGYvVHlwZWRBcnJheS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiIn0=

package/dist/web/src/tdf/index.js

@@ -0,0 +1,4 @@
+export { createAttribute } from './AttributeObject.js';
+export { default as Policy } from './Policy.js';
+export * as Crypto from './Crypto.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvdGRmL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBd0IsZUFBZSxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFJN0UsT0FBTyxFQUFFLE9BQU8sSUFBSSxNQUFNLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDaEQsT0FBTyxLQUFLLE1BQU0sTUFBTSxhQUFhLENBQUMifQ==

package/dist/web/src/types/index.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi9zcmMvdHlwZXMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/web/src/utils.js

@@ -0,0 +1,133 @@
+import { exportSPKI, importX509 } from 'jose';
+import { base64 } from './encodings/index.js';
+import { pemCertToCrypto, pemPublicToCrypto } from './nanotdf-crypto/index.js';
+import { ConfigurationError } from './errors.js';
+/**
+ * Check to see if the given URL is 'secure'. This assumes:
+ *
+ * - `https` URLs are always secure
+ * - `http` URLS are allowed for localhost
+ * - And also for '`svc.cluster.local` and `.internal` URLs
+ *
+ * Note that this does not resolve the URL, so it is possible this could
+ * resolve to some other internal URL, and may return `false` on non-fully
+ * qualified internal URLs.
+ *
+ * @param url remote service to validate
+ * @returns the url is local or `https`
+ */
+export function validateSecureUrl(url) {
+    const httpsRegex = /^https:/;
+    if (/^http:\/\/(localhost|127\.0\.0\.1)(:[0-9]{1,5})?($|\/)/.test(url)) {
+        console.warn(`Development URL detected: [${url}]`);
+    }
+    else if (/^http:\/\/([a-zA-Z.-]*[.])?svc\.cluster\.local($|\/)/.test(url) ||
+        /^http:\/\/([a-zA-Z.-]*[.])?internal(:[0-9]{1,5})?($|\/)/.test(url)) {
+        console.info(`Internal URL detected: [${url}]`);
+    }
+    else if (!httpsRegex.test(url)) {
+        console.error(`Insecure KAS URL loaded. Are you running in a secure environment? [${url}]`);
+        return false;
+    }
+    return true;
+}
+export function padSlashToUrl(u) {
+    if (u.endsWith('/')) {
+        return u;
+    }
+    return `${u}/`;
+}
+export function isBrowser() {
+    return typeof window !== 'undefined'; // eslint-disable-line
+}
+export const isFirefox = () => isBrowser() && 'InstallTrigger' in window;
+export const rstrip = (str, suffix = ' ') => {
+    while (str && suffix && str.endsWith(suffix)) {
+        str = str.slice(0, -suffix.length);
+    }
+    return str;
+};
+/**
+ * Rough estimate of number of seconds to add to the current system clock time
+ * to get the clock time on the given server, or origin if not specified
+ * @param server a server to compute skew with
+ * @returns the number of seconds to add to the current local system clock time
+ * to get an rough guess of the time on the given server
+ */
+export const estimateSkew = async (serverEndpoint = window.origin) => {
+    const localUnixTimeBefore = Date.now();
+    const response = await fetch(serverEndpoint);
+    return estimateSkewFromHeaders(response.headers, localUnixTimeBefore);
+};
+/**
+ * Rough estimate of number of seconds to add to the curren time to get
+ * the clock time on the server that responded with the headers object.
+ * @param headers A set of headers, which must include the `date` header
+ * @param dateNowBefore time before initiating the request, usually by calling
+ * `Date.now()`. Note this is in milliseconds since the epoch, while the
+ * estimate is given in seconds.
+ * @returns the number of seconds to add to the current local system clock time
+ * to get an rough guess of the time on the server that was used
+ */
+export const estimateSkewFromHeaders = (headers, dateNowBefore) => {
+    const localUnixTimeBefore = (dateNowBefore || Date.now()) / 1000;
+    let serverDateString;
+    if (headers.get) {
+        serverDateString = headers.get('Date');
+    }
+    else {
+        serverDateString = headers.date;
+    }
+    if (serverDateString === null) {
+        throw Error('Cannot get access to Date header!');
+    }
+    const serverUnixTime = Date.parse(serverDateString) / 1000;
+    const localUnixTimeAfter = Date.now() / 1000;
+    const deltaBefore = serverUnixTime - localUnixTimeBefore;
+    const deltaAfter = serverUnixTime - localUnixTimeAfter;
+    return Math.round((deltaBefore + deltaAfter) / 2);
+};
+export function addNewLines(str) {
+    if (!str) {
+        return str;
+    }
+    let inputString = str;
+    let finalString = '';
+    while (inputString.length > 0) {
+        finalString += inputString.substring(0, 64) + '\r\n';
+        inputString = inputString.substring(64);
+    }
+    return finalString;
+}
+export async function cryptoPublicToPem(publicKey) {
+    if (publicKey.type !== 'public') {
+        throw new ConfigurationError('incorrect key type');
+    }
+    const exportedPublicKey = await crypto.subtle.exportKey('spki', publicKey);
+    const b64 = base64.encodeArrayBuffer(exportedPublicKey);
+    const pem = addNewLines(b64);
+    return `-----BEGIN PUBLIC KEY-----\r\n${pem}-----END PUBLIC KEY-----`;
+}
+export async function pemToCryptoPublicKey(pem) {
+    if (/-----BEGIN PUBLIC KEY-----/.test(pem)) {
+        return pemPublicToCrypto(pem);
+    }
+    else if (/-----BEGIN CERTIFICATE-----/.test(pem)) {
+        return pemCertToCrypto(pem);
+    }
+    // This can happen in several circumstances:
+    // - When parsing a PEM key from a KAS server
+    // - When converting between PEM and CryptoKey formats for user provided session keys (e.g. for DPoP)
+    throw new TypeError(`unsupported pem type [${pem}]`);
+}
+export async function extractPemFromKeyString(keyString) {
+    let pem = keyString;
+    // Skip the public key extraction if we find that the KAS url provides a
+    // PEM-encoded key instead of certificate
+    if (keyString.includes('CERTIFICATE')) {
+        const cert = await importX509(keyString, 'RS256', { extractable: true });
+        pem = await exportSPKI(cert);
+    }
+    return pem;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvdXRpbHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQ0EsT0FBTyxFQUFFLFVBQVUsRUFBRSxVQUFVLEVBQUUsTUFBTSxNQUFNLENBQUM7QUFFOUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQzlDLE9BQU8sRUFBRSxlQUFlLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSwyQkFBMkIsQ0FBQztBQUMvRSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFakQ7Ozs7Ozs7Ozs7Ozs7R0FhRztBQUNILE1BQU0sVUFBVSxpQkFBaUIsQ0FBQyxHQUFXO0lBQzNDLE1BQU0sVUFBVSxHQUFHLFNBQVMsQ0FBQztJQUM3QixJQUFJLHdEQUF3RCxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRTtRQUN0RSxPQUFPLENBQUMsSUFBSSxDQUFDLDhCQUE4QixHQUFHLEdBQUcsQ0FBQyxDQUFDO0tBQ3BEO1NBQU0sSUFDTCxzREFBc0QsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDO1FBQ2hFLHlEQUF5RCxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsRUFDbkU7UUFDQSxPQUFPLENBQUMsSUFBSSxDQUFDLDJCQUEyQixHQUFHLEdBQUcsQ0FBQyxDQUFDO0tBQ2pEO1NBQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUU7UUFDaEMsT0FBTyxDQUFDLEtBQUssQ0FBQyxzRUFBc0UsR0FBRyxHQUFHLENBQUMsQ0FBQztRQUM1RixPQUFPLEtBQUssQ0FBQztLQUNkO0lBQ0QsT0FBTyxJQUFJLENBQUM7QUFDZCxDQUFDO0FBRUQsTUFBTSxVQUFVLGFBQWEsQ0FBQyxDQUFTO0lBQ3JDLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsRUFBRTtRQUNuQixPQUFPLENBQUMsQ0FBQztLQUNWO0lBQ0QsT0FBTyxHQUFHLENBQUMsR0FBRyxDQUFDO0FBQ2pCLENBQUM7QUFFRCxNQUFNLFVBQVUsU0FBUztJQUN2QixPQUFPLE9BQU8sTUFBTSxLQUFLLFdBQVcsQ0FBQyxDQUFDLHNCQUFzQjtBQUM5RCxDQUFDO0FBRUQsTUFBTSxDQUFDLE1BQU0sU0FBUyxHQUFHLEdBQVksRUFBRSxDQUFDLFNBQVMsRUFBRSxJQUFJLGdCQUFnQixJQUFJLE1BQU0sQ0FBQztBQUVsRixNQUFNLENBQUMsTUFBTSxNQUFNLEdBQUcsQ0FBQyxHQUFXLEVBQUUsTUFBTSxHQUFHLEdBQUcsRUFBVSxFQUFFO0lBQzFELE9BQU8sR0FBRyxJQUFJLE1BQU0sSUFBSSxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxFQUFFO1FBQzVDLEdBQUcsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztLQUNwQztJQUNELE9BQU8sR0FBRyxDQUFDO0FBQ2IsQ0FBQyxDQUFDO0FBRUY7Ozs7OztHQU1HO0FBQ0gsTUFBTSxDQUFDLE1BQU0sWUFBWSxHQUFHLEtBQUssRUFBRSxjQUFjLEdBQUcsTUFBTSxDQUFDLE1BQU0sRUFBbUIsRUFBRTtJQUNwRixNQUFNLG1CQUFtQixHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztJQUN2QyxNQUFNLFFBQVEsR0FBRyxNQUFNLEtBQUssQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUM3QyxPQUFPLHVCQUF1QixDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsbUJBQW1CLENBQUMsQ0FBQztBQUN4RSxDQUFDLENBQUM7QUFJRjs7Ozs7Ozs7O0dBU0c7QUFDSCxNQUFNLENBQUMsTUFBTSx1QkFBdUIsR0FBRyxDQUFDLE9BQW1CLEVBQUUsYUFBc0IsRUFBVSxFQUFFO0lBQzdGLE1BQU0sbUJBQW1CLEdBQUcsQ0FBQyxhQUFhLElBQUksSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDLEdBQUcsSUFBSSxDQUFDO0lBQ2pFLElBQUksZ0JBQWdCLENBQUM7SUFDckIsSUFBSSxPQUFPLENBQUMsR0FBRyxFQUFFO1FBQ2YsZ0JBQWdCLEdBQUksT0FBbUIsQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7S0FDckQ7U0FBTTtRQUNMLGdCQUFnQixHQUFJLE9BQTBELENBQUMsSUFBSSxDQUFDO0tBQ3JGO0lBQ0QsSUFBSSxnQkFBZ0IsS0FBSyxJQUFJLEVBQUU7UUFDN0IsTUFBTSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztLQUNsRDtJQUNELE1BQU0sY0FBYyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsZ0JBQWdCLENBQUMsR0FBRyxJQUFJLENBQUM7SUFDM0QsTUFBTSxrQkFBa0IsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsSUFBSSxDQUFDO0lBQzdDLE1BQU0sV0FBVyxHQUFHLGNBQWMsR0FBRyxtQkFBbUIsQ0FBQztJQUN6RCxNQUFNLFVBQVUsR0FBRyxjQUFjLEdBQUcsa0JBQWtCLENBQUM7SUFFdkQsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsV0FBVyxHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0FBQ3BELENBQUMsQ0FBQztBQUVGLE1BQU0sVUFBVSxXQUFXLENBQUMsR0FBVztJQUNyQyxJQUFJLENBQUMsR0FBRyxFQUFFO1FBQ1IsT0FBTyxHQUFHLENBQUM7S0FDWjtJQUNELElBQUksV0FBVyxHQUFHLEdBQUcsQ0FBQztJQUN0QixJQUFJLFdBQVcsR0FBRyxFQUFFLENBQUM7SUFDckIsT0FBTyxXQUFXLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRTtRQUM3QixXQUFXLElBQUksV0FBVyxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLEdBQUcsTUFBTSxDQUFDO1FBQ3JELFdBQVcsR0FBRyxXQUFXLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0tBQ3pDO0lBQ0QsT0FBTyxXQUFXLENBQUM7QUFDckIsQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUsaUJBQWlCLENBQUMsU0FBb0I7SUFDMUQsSUFBSSxTQUFTLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFBRTtRQUMvQixNQUFNLElBQUksa0JBQWtCLENBQUMsb0JBQW9CLENBQUMsQ0FBQztLQUNwRDtJQUVELE1BQU0saUJBQWlCLEdBQUcsTUFBTSxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsU0FBUyxDQUFDLENBQUM7SUFDM0UsTUFBTSxHQUFHLEdBQUcsTUFBTSxDQUFDLGlCQUFpQixDQUFDLGlCQUFpQixDQUFDLENBQUM7SUFDeEQsTUFBTSxHQUFHLEdBQUcsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzdCLE9BQU8saUNBQWlDLEdBQUcsMEJBQTBCLENBQUM7QUFDeEUsQ0FBQztBQUVELE1BQU0sQ0FBQyxLQUFLLFVBQVUsb0JBQW9CLENBQUMsR0FBVztJQUNwRCxJQUFJLDRCQUE0QixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRTtRQUMxQyxPQUFPLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDO0tBQy9CO1NBQU0sSUFBSSw2QkFBNkIsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUU7UUFDbEQsT0FBTyxlQUFlLENBQUMsR0FBRyxDQUFDLENBQUM7S0FDN0I7SUFDRCw0Q0FBNEM7SUFDNUMsNkNBQTZDO0lBQzdDLHFHQUFxRztJQUNyRyxNQUFNLElBQUksU0FBUyxDQUFDLHlCQUF5QixHQUFHLEdBQUcsQ0FBQyxDQUFDO0FBQ3ZELENBQUM7QUFFRCxNQUFNLENBQUMsS0FBSyxVQUFVLHVCQUF1QixDQUFDLFNBQWlCO0lBQzdELElBQUksR0FBRyxHQUFXLFNBQVMsQ0FBQztJQUU1Qix3RUFBd0U7SUFDeEUseUNBQXlDO0lBQ3pDLElBQUksU0FBUyxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUMsRUFBRTtRQUNyQyxNQUFNLElBQUksR0FBRyxNQUFNLFVBQVUsQ0FBQyxTQUFTLEVBQUUsT0FBTyxFQUFFLEVBQUUsV0FBVyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7UUFDekUsR0FBRyxHQUFHLE1BQU0sVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO0tBQzlCO0lBRUQsT0FBTyxHQUFHLENBQUM7QUFDYixDQUFDIn0=

package/dist/web/src/version.js

@@ -0,0 +1,9 @@
+/**
+ * Exposes the released version number of the `@opentdf/sdk` package
+ */
+export const version = '0.1.0';
+/**
+ * A string name used to label requests as coming from this library client.
+ */
+export const clientType = 'web-sdk';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmVyc2lvbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy92ZXJzaW9uLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBOztHQUVHO0FBQ0gsTUFBTSxDQUFDLE1BQU0sT0FBTyxHQUFHLE9BQU8sQ0FBQztBQUUvQjs7R0FFRztBQUNILE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRyxTQUFTLENBQUMifQ==

package/dist/web/tdf3/index.js

@@ -0,0 +1,13 @@
+import { Binary } from './src/binary.js';
+import { DecoratedReadableStream } from './src/client/DecoratedReadableStream.js';
+import { DecryptParamsBuilder, EncryptParamsBuilder, } from './src/client/builders.js';
+import { createSessionKeys } from './src/client/index.js';
+import { Client, Errors, TDF3Client } from './src/index.js';
+import { SplitKey, } from './src/models/encryption-information.js';
+import { AppIdAuthProvider, HttpRequest, withHeaders, } from '../src/auth/auth.js';
+import { AesGcmCipher } from './src/ciphers/aes-gcm-cipher.js';
+import { NanoTDFClient, NanoTDFDatasetClient, AuthProviders, version, clientType, } from '../src/index.js';
+import { Algorithms } from './src/ciphers/algorithms.js';
+export { AesGcmCipher, Algorithms, AppIdAuthProvider, AuthProviders, Binary, Client, DecoratedReadableStream, DecryptParamsBuilder, EncryptParamsBuilder, Errors, HttpRequest, NanoTDFClient, NanoTDFDatasetClient, SplitKey, TDF3Client, clientType, createSessionKeys, withHeaders, version, };
+export * as WebCryptoService from './src/crypto/index.js';
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi90ZGYzL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUN6QyxPQUFPLEVBQUUsdUJBQXVCLEVBQUUsTUFBTSx5Q0FBeUMsQ0FBQztBQUNsRixPQUFPLEVBRUwsb0JBQW9CLEVBT3BCLG9CQUFvQixHQUVyQixNQUFNLDBCQUEwQixDQUFDO0FBQ2xDLE9BQU8sRUFBcUIsaUJBQWlCLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQU83RSxPQUFPLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQUM1RCxPQUFPLEVBRUwsUUFBUSxHQUVULE1BQU0sd0NBQXdDLENBQUM7QUFDaEQsT0FBTyxFQUVMLGlCQUFpQixFQUVqQixXQUFXLEVBQ1gsV0FBVyxHQUNaLE1BQU0scUJBQXFCLENBQUM7QUFDN0IsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLGlDQUFpQyxDQUFDO0FBQy9ELE9BQU8sRUFDTCxhQUFhLEVBQ2Isb0JBQW9CLEVBQ3BCLGFBQWEsRUFDYixPQUFPLEVBQ1AsVUFBVSxHQUNYLE1BQU0saUJBQWlCLENBQUM7QUFDekIsT0FBTyxFQUFFLFVBQVUsRUFBeUMsTUFBTSw2QkFBNkIsQ0FBQztBQW9CaEcsT0FBTyxFQUNMLFlBQVksRUFDWixVQUFVLEVBQ1YsaUJBQWlCLEVBQ2pCLGFBQWEsRUFDYixNQUFNLEVBQ04sTUFBTSxFQUVOLHVCQUF1QixFQUV2QixvQkFBb0IsRUFJcEIsb0JBQW9CLEVBQ3BCLE1BQU0sRUFDTixXQUFXLEVBRVgsYUFBYSxFQUNiLG9CQUFvQixFQUNwQixRQUFRLEVBQ1IsVUFBVSxFQUNWLFVBQVUsRUFDVixpQkFBaUIsRUFDakIsV0FBVyxFQUNYLE9BQU8sR0FDUixDQUFDO0FBRUYsT0FBTyxLQUFLLGdCQUFnQixNQUFNLHVCQUF1QixDQUFDIn0=

package/dist/web/tdf3/src/assertions.js

@@ -0,0 +1,111 @@
+import { canonicalizeEx } from 'json-canonicalize';
+import { SignJWT, jwtVerify } from 'jose';
+import { base64, hex } from '../../src/encodings/index.js';
+import { ConfigurationError, IntegrityError, InvalidFileError } from '../../src/errors.js';
+/**
+ * Computes the SHA-256 hash of the assertion object, excluding the 'binding' and 'hash' properties.
+ *
+ * @returns the hexadecimal string representation of the hash
+ */
+export async function hash(a) {
+    const result = canonicalizeEx(a, { exclude: ['binding', 'hash', 'sign', 'verify'] });
+    const hash = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(result));
+    return hex.encodeArrayBuffer(hash);
+}
+/**
+ * Signs the given hash and signature using the provided key and sets the binding method and signature.
+ *
+ * @param hash - The hash to be signed.
+ * @param sig - The signature to be signed.
+ * @param {AssertionKey} key - The key used for signing.
+ * @returns {Promise<void>} A promise that resolves when the signing is complete.
+ */
+async function sign(thiz, assertionHash, sig, key) {
+    const payload = {
+        assertionHash,
+        assertionSig: sig,
+    };
+    let token;
+    try {
+        token = await new SignJWT(payload).setProtectedHeader({ alg: key.alg }).sign(key.key);
+    }
+    catch (error) {
+        throw new ConfigurationError(`Signing assertion failed: ${error.message}`, error);
+    }
+    thiz.binding.method = 'jws';
+    thiz.binding.signature = token;
+    return thiz;
+}
+// a function that takes an unknown or any object and asserts that it is or is not an AssertionConfig object
+export function isAssertionConfig(obj) {
+    return (!!obj &&
+        typeof obj === 'object' &&
+        'id' in obj &&
+        typeof obj.id === 'string' &&
+        'type' in obj &&
+        (obj.type === 'handling' || obj.type === 'other') &&
+        'scope' in obj &&
+        (obj.scope === 'tdo' || obj.scope === 'payload') &&
+        'appliesToState' in obj &&
+        (obj.appliesToState === 'encrypted' || obj.appliesToState === 'unencrypted') &&
+        'statement' in obj &&
+        !!obj.statement &&
+        typeof obj.statement === 'object' &&
+        'format' in obj.statement &&
+        'schema' in obj.statement &&
+        'value' in obj.statement);
+}
+/**
+ * Verifies the signature of the assertion using the provided key.
+ *
+ * @param {AssertionKey} key - The key used for verification.
+ * @returns {Promise<[string, string]>} A promise that resolves to a tuple containing the assertion hash and signature.
+ * @throws {Error} If the verification fails.
+ */
+export async function verify(thiz, aggregateHash, key) {
+    let payload;
+    try {
+        const uj = await jwtVerify(thiz.binding.signature, key.key, {
+            algorithms: [key.alg],
+        });
+        payload = uj.payload;
+    }
+    catch (error) {
+        throw new InvalidFileError(`Verifying assertion failed: ${error.message}`, error);
+    }
+    const { assertionHash, assertionSig } = payload;
+    // Get the hash of the assertion
+    const hashOfAssertion = await hash(thiz);
+    const combinedHash = aggregateHash + hashOfAssertion;
+    const encodedHash = base64.encode(combinedHash);
+    // check if assertionHash is same as hashOfAssertion
+    if (hashOfAssertion !== assertionHash) {
+        throw new IntegrityError('Assertion hash mismatch');
+    }
+    // check if assertionSig is same as encodedHash
+    if (assertionSig !== encodedHash) {
+        throw new IntegrityError('Failed integrity check on assertion signature');
+    }
+}
+/**
+ * Creates an Assertion object with the specified properties.
+ */
+export async function CreateAssertion(aggregateHash, assertionConfig) {
+    if (!assertionConfig.signingKey) {
+        throw new ConfigurationError('Assertion signing key is required');
+    }
+    const a = {
+        id: assertionConfig.id,
+        type: assertionConfig.type,
+        scope: assertionConfig.scope,
+        appliesToState: assertionConfig.appliesToState,
+        statement: assertionConfig.statement,
+        // empty binding
+        binding: { method: '', signature: '' },
+    };
+    const assertionHash = await hash(a);
+    const combinedHash = aggregateHash + assertionHash;
+    const encodedHash = base64.encode(combinedHash);
+    return await sign(a, assertionHash, encodedHash, assertionConfig.signingKey);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXNzZXJ0aW9ucy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3RkZjMvc3JjL2Fzc2VydGlvbnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ25ELE9BQU8sRUFBZ0IsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLE1BQU0sQ0FBQztBQUN4RCxPQUFPLEVBQUUsTUFBTSxFQUFFLEdBQUcsRUFBRSxNQUFNLDhCQUE4QixDQUFDO0FBQzNELE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxjQUFjLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQW9DM0Y7Ozs7R0FJRztBQUNILE1BQU0sQ0FBQyxLQUFLLFVBQVUsSUFBSSxDQUFDLENBQVk7SUFDckMsTUFBTSxNQUFNLEdBQUcsY0FBYyxDQUFDLENBQUMsRUFBRSxFQUFFLE9BQU8sRUFBRSxDQUFDLFNBQVMsRUFBRSxNQUFNLEVBQUUsTUFBTSxFQUFFLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUVyRixNQUFNLElBQUksR0FBRyxNQUFNLE1BQU0sQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLFNBQVMsRUFBRSxJQUFJLFdBQVcsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO0lBQ3JGLE9BQU8sR0FBRyxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxDQUFDO0FBQ3JDLENBQUM7QUFFRDs7Ozs7OztHQU9HO0FBQ0gsS0FBSyxVQUFVLElBQUksQ0FDakIsSUFBZSxFQUNmLGFBQXFCLEVBQ3JCLEdBQVcsRUFDWCxHQUFpQjtJQUVqQixNQUFNLE9BQU8sR0FBcUI7UUFDaEMsYUFBYTtRQUNiLFlBQVksRUFBRSxHQUFHO0tBQ2xCLENBQUM7SUFFRixJQUFJLEtBQWEsQ0FBQztJQUNsQixJQUFJO1FBQ0YsS0FBSyxHQUFHLE1BQU0sSUFBSSxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUMsa0JBQWtCLENBQUMsRUFBRSxHQUFHLEVBQUUsR0FBRyxDQUFDLEdBQUcsRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztLQUN2RjtJQUFDLE9BQU8sS0FBSyxFQUFFO1FBQ2QsTUFBTSxJQUFJLGtCQUFrQixDQUFDLDZCQUE2QixLQUFLLENBQUMsT0FBTyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7S0FDbkY7SUFDRCxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sR0FBRyxLQUFLLENBQUM7SUFDNUIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEdBQUcsS0FBSyxDQUFDO0lBQy9CLE9BQU8sSUFBSSxDQUFDO0FBQ2QsQ0FBQztBQUVELDRHQUE0RztBQUM1RyxNQUFNLFVBQVUsaUJBQWlCLENBQUMsR0FBWTtJQUM1QyxPQUFPLENBQ0wsQ0FBQyxDQUFDLEdBQUc7UUFDTCxPQUFPLEdBQUcsS0FBSyxRQUFRO1FBQ3ZCLElBQUksSUFBSSxHQUFHO1FBQ1gsT0FBTyxHQUFHLENBQUMsRUFBRSxLQUFLLFFBQVE7UUFDMUIsTUFBTSxJQUFJLEdBQUc7UUFDYixDQUFDLEdBQUcsQ0FBQyxJQUFJLEtBQUssVUFBVSxJQUFJLEdBQUcsQ0FBQyxJQUFJLEtBQUssT0FBTyxDQUFDO1FBQ2pELE9BQU8sSUFBSSxHQUFHO1FBQ2QsQ0FBQyxHQUFHLENBQUMsS0FBSyxLQUFLLEtBQUssSUFBSSxHQUFHLENBQUMsS0FBSyxLQUFLLFNBQVMsQ0FBQztRQUNoRCxnQkFBZ0IsSUFBSSxHQUFHO1FBQ3ZCLENBQUMsR0FBRyxDQUFDLGNBQWMsS0FBSyxXQUFXLElBQUksR0FBRyxDQUFDLGNBQWMsS0FBSyxhQUFhLENBQUM7UUFDNUUsV0FBVyxJQUFJLEdBQUc7UUFDbEIsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxTQUFTO1FBQ2YsT0FBTyxHQUFHLENBQUMsU0FBUyxLQUFLLFFBQVE7UUFDakMsUUFBUSxJQUFJLEdBQUcsQ0FBQyxTQUFTO1FBQ3pCLFFBQVEsSUFBSSxHQUFHLENBQUMsU0FBUztRQUN6QixPQUFPLElBQUksR0FBRyxDQUFDLFNBQVMsQ0FDekIsQ0FBQztBQUNKLENBQUM7QUFFRDs7Ozs7O0dBTUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLE1BQU0sQ0FDMUIsSUFBZSxFQUNmLGFBQXFCLEVBQ3JCLEdBQWlCO0lBRWpCLElBQUksT0FBeUIsQ0FBQztJQUM5QixJQUFJO1FBQ0YsTUFBTSxFQUFFLEdBQUcsTUFBTSxTQUFTLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxTQUFTLEVBQUUsR0FBRyxDQUFDLEdBQUcsRUFBRTtZQUMxRCxVQUFVLEVBQUUsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDO1NBQ3RCLENBQUMsQ0FBQztRQUNILE9BQU8sR0FBRyxFQUFFLENBQUMsT0FBMkIsQ0FBQztLQUMxQztJQUFDLE9BQU8sS0FBSyxFQUFFO1FBQ2QsTUFBTSxJQUFJLGdCQUFnQixDQUFDLCtCQUErQixLQUFLLENBQUMsT0FBTyxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7S0FDbkY7SUFDRCxNQUFNLEVBQUUsYUFBYSxFQUFFLFlBQVksRUFBRSxHQUFHLE9BQU8sQ0FBQztJQUVoRCxnQ0FBZ0M7SUFDaEMsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDekMsTUFBTSxZQUFZLEdBQUcsYUFBYSxHQUFHLGVBQWUsQ0FBQztJQUNyRCxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDO0lBRWhELG9EQUFvRDtJQUNwRCxJQUFJLGVBQWUsS0FBSyxhQUFhLEVBQUU7UUFDckMsTUFBTSxJQUFJLGNBQWMsQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO0tBQ3JEO0lBRUQsK0NBQStDO0lBQy9DLElBQUksWUFBWSxLQUFLLFdBQVcsRUFBRTtRQUNoQyxNQUFNLElBQUksY0FBYyxDQUFDLCtDQUErQyxDQUFDLENBQUM7S0FDM0U7QUFDSCxDQUFDO0FBRUQ7O0dBRUc7QUFDSCxNQUFNLENBQUMsS0FBSyxVQUFVLGVBQWUsQ0FDbkMsYUFBcUIsRUFDckIsZUFBZ0M7SUFFaEMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxVQUFVLEVBQUU7UUFDL0IsTUFBTSxJQUFJLGtCQUFrQixDQUFDLG1DQUFtQyxDQUFDLENBQUM7S0FDbkU7SUFFRCxNQUFNLENBQUMsR0FBYztRQUNuQixFQUFFLEVBQUUsZUFBZSxDQUFDLEVBQUU7UUFDdEIsSUFBSSxFQUFFLGVBQWUsQ0FBQyxJQUFJO1FBQzFCLEtBQUssRUFBRSxlQUFlLENBQUMsS0FBSztRQUM1QixjQUFjLEVBQUUsZUFBZSxDQUFDLGNBQWM7UUFDOUMsU0FBUyxFQUFFLGVBQWUsQ0FBQyxTQUFTO1FBQ3BDLGdCQUFnQjtRQUNoQixPQUFPLEVBQUUsRUFBRSxNQUFNLEVBQUUsRUFBRSxFQUFFLFNBQVMsRUFBRSxFQUFFLEVBQUU7S0FDdkMsQ0FBQztJQUVGLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ3BDLE1BQU0sWUFBWSxHQUFHLGFBQWEsR0FBRyxhQUFhLENBQUM7SUFDbkQsTUFBTSxXQUFXLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUVoRCxPQUFPLE1BQU0sSUFBSSxDQUFDLENBQUMsRUFBRSxhQUFhLEVBQUUsV0FBVyxFQUFFLGVBQWUsQ0FBQyxVQUFVLENBQUMsQ0FBQztBQUMvRSxDQUFDIn0=