npm - @opentdf/sdk - Versions diffs - 0.3.1 → 0.3.2-beta.2 - Mend

@opentdf/sdk 0.3.1 → 0.3.2-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (219) hide show

package/dist/cjs/src/access/access-fetch.js ADDED Viewed

@@ -0,0 +1,155 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchWrappedKey = fetchWrappedKey;
+exports.fetchKeyAccessServers = fetchKeyAccessServers;
+exports.fetchKasPubKey = fetchKasPubKey;
+const access_js_1 = require("../access.js");
+const errors_js_1 = require("../errors.js");
+const utils_js_1 = require("../utils.js");
+/**
+ * Get a rewrapped access key to the document, if possible
+ * @param url Key access server rewrap endpoint
+ * @param requestBody a signed request with an encrypted document key
+ * @param authProvider Authorization middleware
+ */
+async function fetchWrappedKey(url, requestBody, authProvider) {
+    const req = await authProvider.withCreds({
+        url,
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(requestBody),
+    });
+    let response;
+    try {
+        response = await fetch(req.url, {
+            method: req.method,
+            mode: 'cors', // no-cors, *cors, same-origin
+            cache: 'no-cache', // *default, no-cache, reload, force-cache, only-if-cached
+            credentials: 'same-origin', // include, *same-origin, omit
+            headers: req.headers,
+            redirect: 'follow', // manual, *follow, error
+            referrerPolicy: 'no-referrer', // no-referrer, *no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url
+            body: req.body,
+        });
+    }
+    catch (e) {
+        throw new errors_js_1.NetworkError(`unable to fetch wrapped key from [${url}]`, e);
+    }
+    if (!response.ok) {
+        switch (response.status) {
+            case 400:
+                throw new errors_js_1.InvalidFileError(`400 for [${req.url}]: rewrap bad request [${await response.text()}]`);
+            case 401:
+                throw new errors_js_1.UnauthenticatedError(`401 for [${req.url}]; rewrap auth failure`);
+            case 403:
+                throw new errors_js_1.PermissionDeniedError(`403 for [${req.url}]; rewrap permission denied`);
+            default:
+                if (response.status >= 500) {
+                    throw new errors_js_1.ServiceError(`${response.status} for [${req.url}]: rewrap failure due to service error [${await response.text()}]`);
+                }
+                throw new errors_js_1.NetworkError(`${req.method} ${req.url} => ${response.status} ${response.statusText}`);
+        }
+    }
+    return response.json();
+}
+async function fetchKeyAccessServers(platformUrl, authProvider) {
+    let nextOffset = 0;
+    const allServers = [];
+    do {
+        const req = await authProvider.withCreds({
+            url: `${platformUrl}/key-access-servers?pagination.offset=${nextOffset}`,
+            method: 'GET',
+            headers: {
+                'Content-Type': 'application/json',
+            },
+        });
+        let response;
+        try {
+            response = await fetch(req.url, {
+                method: req.method,
+                headers: req.headers,
+                body: req.body,
+                mode: 'cors',
+                cache: 'no-cache',
+                credentials: 'same-origin',
+                redirect: 'follow',
+                referrerPolicy: 'no-referrer',
+            });
+        }
+        catch (e) {
+            throw new errors_js_1.NetworkError(`unable to fetch kas list from [${req.url}]`, e);
+        }
+        // if we get an error from the kas registry, throw an error
+        if (!response.ok) {
+            throw new errors_js_1.ServiceError(`unable to fetch kas list from [${req.url}], status: ${response.status}`);
+        }
+        const { keyAccessServers = [], pagination = {} } = await response.json();
+        allServers.push(...keyAccessServers);
+        nextOffset = pagination.nextOffset || 0;
+    } while (nextOffset > 0);
+    const serverUrls = allServers.map((server) => server.uri);
+    // add base platform kas
+    if (!serverUrls.includes(`${platformUrl}/kas`)) {
+        serverUrls.push(`${platformUrl}/kas`);
+    }
+    return new access_js_1.OriginAllowList(serverUrls, false);
+}
+async function fetchKasPubKey(kasEndpoint, algorithm) {
+    if (!kasEndpoint) {
+        throw new errors_js_1.ConfigurationError('KAS definition not found');
+    }
+    // Logs insecure KAS. Secure is enforced in constructor
+    (0, utils_js_1.validateSecureUrl)(kasEndpoint);
+    // Parse kasEndpoint to URL, then append to its path and update its query parameters
+    let pkUrlV2;
+    try {
+        pkUrlV2 = new URL(kasEndpoint);
+    }
+    catch (e) {
+        throw new errors_js_1.ConfigurationError(`KAS definition invalid: [${kasEndpoint}]`, e);
+    }
+    if (!pkUrlV2.pathname.endsWith('kas_public_key')) {
+        if (!pkUrlV2.pathname.endsWith('/')) {
+            pkUrlV2.pathname += '/';
+        }
+        pkUrlV2.pathname += 'v2/kas_public_key';
+    }
+    pkUrlV2.searchParams.set('algorithm', algorithm || 'rsa:2048');
+    if (!pkUrlV2.searchParams.get('v')) {
+        pkUrlV2.searchParams.set('v', '2');
+    }
+    let kasPubKeyResponseV2;
+    try {
+        kasPubKeyResponseV2 = await fetch(pkUrlV2);
+    }
+    catch (e) {
+        throw new errors_js_1.NetworkError(`unable to fetch public key from [${pkUrlV2}]`, e);
+    }
+    if (!kasPubKeyResponseV2.ok) {
+        switch (kasPubKeyResponseV2.status) {
+            case 404:
+                throw new errors_js_1.ConfigurationError(`404 for [${pkUrlV2}]`);
+            case 401:
+                throw new errors_js_1.UnauthenticatedError(`401 for [${pkUrlV2}]`);
+            case 403:
+                throw new errors_js_1.PermissionDeniedError(`403 for [${pkUrlV2}]`);
+            default:
+                throw new errors_js_1.NetworkError(`${pkUrlV2} => ${kasPubKeyResponseV2.status} ${kasPubKeyResponseV2.statusText}`);
+        }
+    }
+    const jsonContent = await kasPubKeyResponseV2.json();
+    const { publicKey, kid } = jsonContent;
+    if (!publicKey) {
+        throw new errors_js_1.NetworkError(`invalid response from public key endpoint [${JSON.stringify(jsonContent)}]`);
+    }
+    return {
+        key: (0, access_js_1.noteInvalidPublicKey)(pkUrlV2, (0, utils_js_1.pemToCryptoPublicKey)(publicKey)),
+        publicKey,
+        url: kasEndpoint,
+        algorithm: algorithm || 'rsa:2048',
+        ...(kid && { kid }),
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLWZldGNoLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vc3JjL2FjY2Vzcy9hY2Nlc3MtZmV0Y2gudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFrQ0EsMENBc0RDO0FBRUQsc0RBK0NDO0FBRUQsd0NBOERDO0FBek1ELDRDQUtzQjtBQUV0Qiw0Q0FPc0I7QUFDdEIsMENBQXNFO0FBYXRFOzs7OztHQUtHO0FBQ0ksS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLFdBQTBCLEVBQzFCLFlBQTBCO0lBRTFCLE1BQU0sR0FBRyxHQUFHLE1BQU0sWUFBWSxDQUFDLFNBQVMsQ0FBQztRQUN2QyxHQUFHO1FBQ0gsTUFBTSxFQUFFLE1BQU07UUFDZCxPQUFPLEVBQUU7WUFDUCxjQUFjLEVBQUUsa0JBQWtCO1NBQ25DO1FBQ0QsSUFBSSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDO0tBQ2xDLENBQUMsQ0FBQztJQUVILElBQUksUUFBa0IsQ0FBQztJQUV2QixJQUFJLENBQUM7UUFDSCxRQUFRLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRTtZQUM5QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07WUFDbEIsSUFBSSxFQUFFLE1BQU0sRUFBRSw4QkFBOEI7WUFDNUMsS0FBSyxFQUFFLFVBQVUsRUFBRSwwREFBMEQ7WUFDN0UsV0FBVyxFQUFFLGFBQWEsRUFBRSw4QkFBOEI7WUFDMUQsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO1lBQ3BCLFFBQVEsRUFBRSxRQUFRLEVBQUUseUJBQXlCO1lBQzdDLGNBQWMsRUFBRSxhQUFhLEVBQUUsc0pBQXNKO1lBQ3JMLElBQUksRUFBRSxHQUFHLENBQUMsSUFBZ0I7U0FDM0IsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksd0JBQVksQ0FBQyxxQ0FBcUMsR0FBRyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDekUsQ0FBQztJQUVELElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxFQUFFLENBQUM7UUFDakIsUUFBUSxRQUFRLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDeEIsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSw0QkFBZ0IsQ0FDeEIsWUFBWSxHQUFHLENBQUMsR0FBRywwQkFBMEIsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FDdEUsQ0FBQztZQUNKLEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksZ0NBQW9CLENBQUMsWUFBWSxHQUFHLENBQUMsR0FBRyx3QkFBd0IsQ0FBQyxDQUFDO1lBQzlFLEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksaUNBQXFCLENBQUMsWUFBWSxHQUFHLENBQUMsR0FBRyw2QkFBNkIsQ0FBQyxDQUFDO1lBQ3BGO2dCQUNFLElBQUksUUFBUSxDQUFDLE1BQU0sSUFBSSxHQUFHLEVBQUUsQ0FBQztvQkFDM0IsTUFBTSxJQUFJLHdCQUFZLENBQ3BCLEdBQUcsUUFBUSxDQUFDLE1BQU0sU0FBUyxHQUFHLENBQUMsR0FBRywyQ0FBMkMsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FDdEcsQ0FBQztnQkFDSixDQUFDO2dCQUNELE1BQU0sSUFBSSx3QkFBWSxDQUNwQixHQUFHLEdBQUcsQ0FBQyxNQUFNLElBQUksR0FBRyxDQUFDLEdBQUcsT0FBTyxRQUFRLENBQUMsTUFBTSxJQUFJLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FDeEUsQ0FBQztRQUNOLENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7QUFDekIsQ0FBQztBQUVNLEtBQUssVUFBVSxxQkFBcUIsQ0FDekMsV0FBbUIsRUFDbkIsWUFBMEI7SUFFMUIsSUFBSSxVQUFVLEdBQUcsQ0FBQyxDQUFDO0lBQ25CLE1BQU0sVUFBVSxHQUFHLEVBQUUsQ0FBQztJQUN0QixHQUFHLENBQUM7UUFDRixNQUFNLEdBQUcsR0FBRyxNQUFNLFlBQVksQ0FBQyxTQUFTLENBQUM7WUFDdkMsR0FBRyxFQUFFLEdBQUcsV0FBVyx5Q0FBeUMsVUFBVSxFQUFFO1lBQ3hFLE1BQU0sRUFBRSxLQUFLO1lBQ2IsT0FBTyxFQUFFO2dCQUNQLGNBQWMsRUFBRSxrQkFBa0I7YUFDbkM7U0FDRixDQUFDLENBQUM7UUFDSCxJQUFJLFFBQWtCLENBQUM7UUFDdkIsSUFBSSxDQUFDO1lBQ0gsUUFBUSxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUU7Z0JBQzlCLE1BQU0sRUFBRSxHQUFHLENBQUMsTUFBTTtnQkFDbEIsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO2dCQUNwQixJQUFJLEVBQUUsR0FBRyxDQUFDLElBQWdCO2dCQUMxQixJQUFJLEVBQUUsTUFBTTtnQkFDWixLQUFLLEVBQUUsVUFBVTtnQkFDakIsV0FBVyxFQUFFLGFBQWE7Z0JBQzFCLFFBQVEsRUFBRSxRQUFRO2dCQUNsQixjQUFjLEVBQUUsYUFBYTthQUM5QixDQUFDLENBQUM7UUFDTCxDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNYLE1BQU0sSUFBSSx3QkFBWSxDQUFDLGtDQUFrQyxHQUFHLENBQUMsR0FBRyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDMUUsQ0FBQztRQUNELDJEQUEyRDtRQUMzRCxJQUFJLENBQUMsUUFBUSxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQ2pCLE1BQU0sSUFBSSx3QkFBWSxDQUNwQixrQ0FBa0MsR0FBRyxDQUFDLEdBQUcsY0FBYyxRQUFRLENBQUMsTUFBTSxFQUFFLENBQ3pFLENBQUM7UUFDSixDQUFDO1FBQ0QsTUFBTSxFQUFFLGdCQUFnQixHQUFHLEVBQUUsRUFBRSxVQUFVLEdBQUcsRUFBRSxFQUFFLEdBQUcsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDekUsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLGdCQUFnQixDQUFDLENBQUM7UUFDckMsVUFBVSxHQUFHLFVBQVUsQ0FBQyxVQUFVLElBQUksQ0FBQyxDQUFDO0lBQzFDLENBQUMsUUFBUSxVQUFVLEdBQUcsQ0FBQyxFQUFFO0lBRXpCLE1BQU0sVUFBVSxHQUFHLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUMxRCx3QkFBd0I7SUFDeEIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsR0FBRyxXQUFXLE1BQU0sQ0FBQyxFQUFFLENBQUM7UUFDL0MsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVELE9BQU8sSUFBSSwyQkFBZSxDQUFDLFVBQVUsRUFBRSxLQUFLLENBQUMsQ0FBQztBQUNoRCxDQUFDO0FBRU0sS0FBSyxVQUFVLGNBQWMsQ0FDbEMsV0FBbUIsRUFDbkIsU0FBaUM7SUFFakMsSUFBSSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBQ2pCLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQywwQkFBMEIsQ0FBQyxDQUFDO0lBQzNELENBQUM7SUFDRCx1REFBdUQ7SUFDdkQsSUFBQSw0QkFBaUIsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUUvQixvRkFBb0Y7SUFDcEYsSUFBSSxPQUFZLENBQUM7SUFDakIsSUFBSSxDQUFDO1FBQ0gsT0FBTyxHQUFHLElBQUksR0FBRyxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDRCQUE0QixXQUFXLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUM5RSxDQUFDO0lBQ0QsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLGdCQUFnQixDQUFDLEVBQUUsQ0FBQztRQUNqRCxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNwQyxPQUFPLENBQUMsUUFBUSxJQUFJLEdBQUcsQ0FBQztRQUMxQixDQUFDO1FBQ0QsT0FBTyxDQUFDLFFBQVEsSUFBSSxtQkFBbUIsQ0FBQztJQUMxQyxDQUFDO0lBQ0QsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLFNBQVMsSUFBSSxVQUFVLENBQUMsQ0FBQztJQUMvRCxJQUFJLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUNuQyxPQUFPLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVELElBQUksbUJBQTZCLENBQUM7SUFDbEMsSUFBSSxDQUFDO1FBQ0gsbUJBQW1CLEdBQUcsTUFBTSxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDN0MsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksd0JBQVksQ0FBQyxvQ0FBb0MsT0FBTyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDNUUsQ0FBQztJQUNELElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxFQUFFLEVBQUUsQ0FBQztRQUM1QixRQUFRLG1CQUFtQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ25DLEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksOEJBQWtCLENBQUMsWUFBWSxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQ3ZELEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksZ0NBQW9CLENBQUMsWUFBWSxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQ3pELEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksaUNBQXFCLENBQUMsWUFBWSxPQUFPLEdBQUcsQ0FBQyxDQUFDO1lBQzFEO2dCQUNFLE1BQU0sSUFBSSx3QkFBWSxDQUNwQixHQUFHLE9BQU8sT0FBTyxtQkFBbUIsQ0FBQyxNQUFNLElBQUksbUJBQW1CLENBQUMsVUFBVSxFQUFFLENBQ2hGLENBQUM7UUFDTixDQUFDO0lBQ0gsQ0FBQztJQUNELE1BQU0sV0FBVyxHQUFHLE1BQU0sbUJBQW1CLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDckQsTUFBTSxFQUFFLFNBQVMsRUFBRSxHQUFHLEVBQUUsR0FBcUIsV0FBVyxDQUFDO0lBQ3pELElBQUksQ0FBQyxTQUFTLEVBQUUsQ0FBQztRQUNmLE1BQU0sSUFBSSx3QkFBWSxDQUNwQiw4Q0FBOEMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUM3RSxDQUFDO0lBQ0osQ0FBQztJQUNELE9BQU87UUFDTCxHQUFHLEVBQUUsSUFBQSxnQ0FBb0IsRUFBQyxPQUFPLEVBQUUsSUFBQSwrQkFBb0IsRUFBQyxTQUFTLENBQUMsQ0FBQztRQUNuRSxTQUFTO1FBQ1QsR0FBRyxFQUFFLFdBQVc7UUFDaEIsU0FBUyxFQUFFLFNBQVMsSUFBSSxVQUFVO1FBQ2xDLEdBQUcsQ0FBQyxHQUFHLElBQUksRUFBRSxHQUFHLEVBQUUsQ0FBQztLQUNwQixDQUFDO0FBQ0osQ0FBQyJ9

package/dist/cjs/src/access/access-rpc.js ADDED Viewed

@@ -0,0 +1,131 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchWrappedKey = fetchWrappedKey;
+exports.fetchKeyAccessServers = fetchKeyAccessServers;
+exports.fetchKasPubKey = fetchKasPubKey;
+exports.fetchKasBasePubKey = fetchKasBasePubKey;
+const access_js_1 = require("../access.js");
+const errors_js_1 = require("../errors.js");
+const platform_js_1 = require("../platform.js");
+const utils_js_1 = require("../utils.js");
+/**
+ * Get a rewrapped access key to the document, if possible
+ * @param url Key access server rewrap endpoint
+ * @param requestBody a signed request with an encrypted document key
+ * @param authProvider Authorization middleware
+ * @param clientVersion
+ */
+async function fetchWrappedKey(url, signedRequestToken, authProvider) {
+    const platformUrl = (0, utils_js_1.getPlatformUrlFromKasEndpoint)(url);
+    const platform = new platform_js_1.PlatformClient({ authProvider, platformUrl });
+    try {
+        return await platform.v1.access.rewrap({
+            signedRequestToken,
+        });
+    }
+    catch (e) {
+        throw new errors_js_1.NetworkError(`[${platformUrl}] [Rewrap] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
+    }
+}
+async function fetchKeyAccessServers(platformUrl, authProvider) {
+    let nextOffset = 0;
+    const allServers = [];
+    const platform = new platform_js_1.PlatformClient({ authProvider, platformUrl });
+    do {
+        let response;
+        try {
+            response = await platform.v1.keyAccessServerRegistry.listKeyAccessServers({
+                pagination: {
+                    offset: nextOffset,
+                },
+            });
+        }
+        catch (e) {
+            throw new errors_js_1.NetworkError(`[${platformUrl}] [ListKeyAccessServers] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
+        }
+        allServers.push(...response.keyAccessServers);
+        nextOffset = response?.pagination?.nextOffset || 0;
+    } while (nextOffset > 0);
+    const serverUrls = allServers.map((server) => server.uri);
+    // add base platform kas
+    if (!serverUrls.includes(`${platformUrl}/kas`)) {
+        serverUrls.push(`${platformUrl}/kas`);
+    }
+    return new access_js_1.OriginAllowList(serverUrls, false);
+}
+function isBaseKey(baseKey) {
+    if (!baseKey) {
+        return false;
+    }
+    const bk = baseKey;
+    return (!!bk.kas_uri &&
+        !!bk.public_key &&
+        typeof bk.public_key === 'object' &&
+        !!bk.public_key.pem &&
+        !!bk.public_key.algorithm &&
+        (0, access_js_1.isPublicKeyAlgorithm)(bk.public_key.algorithm));
+}
+async function fetchKasPubKey(kasEndpoint, algorithm) {
+    if (!kasEndpoint) {
+        throw new errors_js_1.ConfigurationError('KAS definition not found');
+    }
+    // Logs insecure KAS. Secure is enforced in constructor
+    (0, utils_js_1.validateSecureUrl)(kasEndpoint);
+    const platformUrl = (0, utils_js_1.getPlatformUrlFromKasEndpoint)(kasEndpoint);
+    const platform = new platform_js_1.PlatformClient({
+        platformUrl,
+    });
+    try {
+        const { kid, publicKey } = await platform.v1.access.publicKey({
+            algorithm: algorithm || 'rsa:2048',
+            v: '2',
+        });
+        const result = {
+            key: (0, access_js_1.noteInvalidPublicKey)(new URL(platformUrl), (0, utils_js_1.pemToCryptoPublicKey)(publicKey)),
+            publicKey,
+            url: kasEndpoint,
+            algorithm: algorithm || 'rsa:2048',
+            ...(kid && { kid }),
+        };
+        return result;
+    }
+    catch (e) {
+        throw new errors_js_1.NetworkError(`[${platformUrl}] [PublicKey] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
+    }
+}
+/**
+ * Fetch the base public key from WellKnownConfiguration of the platform.
+ * @param kasEndpoint The KAS endpoint URL.
+ * @throws {ConfigurationError} If the KAS endpoint is not defined.
+ * @throws {NetworkError} If there is an error fetching the public key from the KAS endpoint.
+ * @returns The base public key information for the KAS endpoint.
+ */
+async function fetchKasBasePubKey(kasEndpoint) {
+    if (!kasEndpoint) {
+        throw new errors_js_1.ConfigurationError('KAS definition not found');
+    }
+    (0, utils_js_1.validateSecureUrl)(kasEndpoint);
+    const platformUrl = (0, utils_js_1.getPlatformUrlFromKasEndpoint)(kasEndpoint);
+    const platform = new platform_js_1.PlatformClient({
+        platformUrl,
+    });
+    try {
+        const { configuration } = await platform.v1.wellknown.getWellKnownConfiguration({});
+        const baseKey = configuration?.base_key;
+        if (!isBaseKey(baseKey)) {
+            throw new errors_js_1.NetworkError(`Invalid Platform Configuration: [${kasEndpoint}] is missing BaseKey in WellKnownConfiguration`);
+        }
+        const result = {
+            key: (0, access_js_1.noteInvalidPublicKey)(new URL(baseKey.kas_uri), (0, utils_js_1.pemToCryptoPublicKey)(baseKey.public_key.pem)),
+            publicKey: baseKey.public_key.pem,
+            url: baseKey.kas_uri,
+            algorithm: baseKey.public_key.algorithm,
+            kid: baseKey.public_key.kid,
+        };
+        return result;
+    }
+    catch (e) {
+        throw new errors_js_1.NetworkError(`[${platformUrl}] [PublicKey] ${(0, utils_js_1.extractRpcErrorMessage)(e)}`);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLXJwYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hY2Nlc3MvYWNjZXNzLXJwYy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQTBCQSwwQ0FjQztBQUVELHNEQWlDQztBQTJCRCx3Q0E4QkM7QUFTRCxnREFpQ0M7QUE5S0QsNENBTXNCO0FBRXRCLDRDQUFnRTtBQUNoRSxnREFBZ0Q7QUFHaEQsMENBS3FCO0FBRXJCOzs7Ozs7R0FNRztBQUNJLEtBQUssVUFBVSxlQUFlLENBQ25DLEdBQVcsRUFDWCxrQkFBMEIsRUFDMUIsWUFBMEI7SUFFMUIsTUFBTSxXQUFXLEdBQUcsSUFBQSx3Q0FBNkIsRUFBQyxHQUFHLENBQUMsQ0FBQztJQUN2RCxNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUMsRUFBRSxZQUFZLEVBQUUsV0FBVyxFQUFFLENBQUMsQ0FBQztJQUNuRSxJQUFJLENBQUM7UUFDSCxPQUFPLE1BQU0sUUFBUSxDQUFDLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDO1lBQ3JDLGtCQUFrQjtTQUNuQixDQUFDLENBQUM7SUFDTCxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSx3QkFBWSxDQUFDLElBQUksV0FBVyxjQUFjLElBQUEsaUNBQXNCLEVBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQ25GLENBQUM7QUFDSCxDQUFDO0FBRU0sS0FBSyxVQUFVLHFCQUFxQixDQUN6QyxXQUFtQixFQUNuQixZQUEwQjtJQUUxQixJQUFJLFVBQVUsR0FBRyxDQUFDLENBQUM7SUFDbkIsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDO0lBQ3RCLE1BQU0sUUFBUSxHQUFHLElBQUksNEJBQWMsQ0FBQyxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDO0lBRW5FLEdBQUcsQ0FBQztRQUNGLElBQUksUUFBc0MsQ0FBQztRQUMzQyxJQUFJLENBQUM7WUFDSCxRQUFRLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLHVCQUF1QixDQUFDLG9CQUFvQixDQUFDO2dCQUN4RSxVQUFVLEVBQUU7b0JBQ1YsTUFBTSxFQUFFLFVBQVU7aUJBQ25CO2FBQ0YsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztRQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDWCxNQUFNLElBQUksd0JBQVksQ0FDcEIsSUFBSSxXQUFXLDRCQUE0QixJQUFBLGlDQUFzQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQ3ZFLENBQUM7UUFDSixDQUFDO1FBRUQsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1FBQzlDLFVBQVUsR0FBRyxRQUFRLEVBQUUsVUFBVSxFQUFFLFVBQVUsSUFBSSxDQUFDLENBQUM7SUFDckQsQ0FBQyxRQUFRLFVBQVUsR0FBRyxDQUFDLEVBQUU7SUFFekIsTUFBTSxVQUFVLEdBQUcsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzFELHdCQUF3QjtJQUN4QixJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxHQUFHLFdBQVcsTUFBTSxDQUFDLEVBQUUsQ0FBQztRQUMvQyxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsV0FBVyxNQUFNLENBQUMsQ0FBQztJQUN4QyxDQUFDO0lBRUQsT0FBTyxJQUFJLDJCQUFlLENBQUMsVUFBVSxFQUFFLEtBQUssQ0FBQyxDQUFDO0FBQ2hELENBQUM7QUFZRCxTQUFTLFNBQVMsQ0FBQyxPQUFpQjtJQUNsQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7UUFDYixPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFDRCxNQUFNLEVBQUUsR0FBRyxPQUEwQixDQUFDO0lBQ3RDLE9BQU8sQ0FDTCxDQUFDLENBQUMsRUFBRSxDQUFDLE9BQU87UUFDWixDQUFDLENBQUMsRUFBRSxDQUFDLFVBQVU7UUFDZixPQUFPLEVBQUUsQ0FBQyxVQUFVLEtBQUssUUFBUTtRQUNqQyxDQUFDLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxHQUFHO1FBQ25CLENBQUMsQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVM7UUFDekIsSUFBQSxnQ0FBb0IsRUFBQyxFQUFFLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxDQUM5QyxDQUFDO0FBQ0osQ0FBQztBQUVNLEtBQUssVUFBVSxjQUFjLENBQ2xDLFdBQW1CLEVBQ25CLFNBQWlDO0lBRWpDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNqQixNQUFNLElBQUksOEJBQWtCLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUMzRCxDQUFDO0lBQ0QsdURBQXVEO0lBQ3ZELElBQUEsNEJBQWlCLEVBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0IsTUFBTSxXQUFXLEdBQUcsSUFBQSx3Q0FBNkIsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUMvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUM7UUFDbEMsV0FBVztLQUNaLENBQUMsQ0FBQztJQUNILElBQUksQ0FBQztRQUNILE1BQU0sRUFBRSxHQUFHLEVBQUUsU0FBUyxFQUFFLEdBQUcsTUFBTSxRQUFRLENBQUMsRUFBRSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUM7WUFDNUQsU0FBUyxFQUFFLFNBQVMsSUFBSSxVQUFVO1lBQ2xDLENBQUMsRUFBRSxHQUFHO1NBQ1AsQ0FBQyxDQUFDO1FBQ0gsTUFBTSxNQUFNLEdBQXFCO1lBQy9CLEdBQUcsRUFBRSxJQUFBLGdDQUFvQixFQUFDLElBQUksR0FBRyxDQUFDLFdBQVcsQ0FBQyxFQUFFLElBQUEsK0JBQW9CLEVBQUMsU0FBUyxDQUFDLENBQUM7WUFDaEYsU0FBUztZQUNULEdBQUcsRUFBRSxXQUFXO1lBQ2hCLFNBQVMsRUFBRSxTQUFTLElBQUksVUFBVTtZQUNsQyxHQUFHLENBQUMsR0FBRyxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7U0FDcEIsQ0FBQztRQUNGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQUMsSUFBSSxXQUFXLGlCQUFpQixJQUFBLGlDQUFzQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN0RixDQUFDO0FBQ0gsQ0FBQztBQUVEOzs7Ozs7R0FNRztBQUNJLEtBQUssVUFBVSxrQkFBa0IsQ0FBQyxXQUFtQjtJQUMxRCxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDakIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDM0QsQ0FBQztJQUNELElBQUEsNEJBQWlCLEVBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0IsTUFBTSxXQUFXLEdBQUcsSUFBQSx3Q0FBNkIsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUMvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLDRCQUFjLENBQUM7UUFDbEMsV0FBVztLQUNaLENBQUMsQ0FBQztJQUNILElBQUksQ0FBQztRQUNILE1BQU0sRUFBRSxhQUFhLEVBQUUsR0FBRyxNQUFNLFFBQVEsQ0FBQyxFQUFFLENBQUMsU0FBUyxDQUFDLHlCQUF5QixDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3BGLE1BQU0sT0FBTyxHQUFHLGFBQWEsRUFBRSxRQUFzQyxDQUFDO1FBQ3RFLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksd0JBQVksQ0FDcEIsb0NBQW9DLFdBQVcsZ0RBQWdELENBQ2hHLENBQUM7UUFDSixDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQXFCO1lBQy9CLEdBQUcsRUFBRSxJQUFBLGdDQUFvQixFQUN2QixJQUFJLEdBQUcsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLEVBQ3hCLElBQUEsK0JBQW9CLEVBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FDN0M7WUFDRCxTQUFTLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxHQUFHO1lBQ2pDLEdBQUcsRUFBRSxPQUFPLENBQUMsT0FBTztZQUNwQixTQUFTLEVBQUUsT0FBTyxDQUFDLFVBQVUsQ0FBQyxTQUFTO1lBQ3ZDLEdBQUcsRUFBRSxPQUFPLENBQUMsVUFBVSxDQUFDLEdBQUc7U0FDNUIsQ0FBQztRQUNGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQUMsSUFBSSxXQUFXLGlCQUFpQixJQUFBLGlDQUFzQixFQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN0RixDQUFDO0FBQ0gsQ0FBQyJ9

package/dist/cjs/src/access.js CHANGED Viewed

@@ -2,10 +2,18 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.OriginAllowList = exports.publicKeyAlgorithmToJwa = exports.keyAlgorithmToPublicKeyAlgorithm = exports.isPublicKeyAlgorithm = void 0;
 exports.fetchWrappedKey = fetchWrappedKey;
+exports.noteInvalidPublicKey = noteInvalidPublicKey;
+exports.fetchKeyAccessServers = fetchKeyAccessServers;
 exports.fetchECKasPubKey = fetchECKasPubKey;
 exports.fetchKasPubKey = fetchKasPubKey;
 const errors_js_1 = require("./errors.js");
 const utils_js_1 = require("./utils.js");
+const access_rpc_js_1 = require("./access/access-rpc.js");
+const access_fetch_js_1 = require("./access/access-fetch.js");
+const access_rpc_js_2 = require("./access/access-rpc.js");
+const access_fetch_js_2 = require("./access/access-fetch.js");
+const access_rpc_js_3 = require("./access/access-rpc.js");
+const access_fetch_js_3 = require("./access/access-fetch.js");
 /**
  * Get a rewrapped access key to the document, if possible
  * @param url Key access server rewrap endpoint
@@ -13,70 +21,41 @@ const utils_js_1 = require("./utils.js");
  * @param authProvider Authorization middleware
  * @param clientVersion
  */
-async function fetchWrappedKey(url, requestBody, authProvider, clientVersion) {
-    const req = await authProvider.withCreds({
-        url,
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json',
-        },
-        body: JSON.stringify(requestBody),
-    });
-    let response;
-    try {
-        response = await fetch(req.url, {
-            method: req.method,
-            mode: 'cors', // no-cors, *cors, same-origin
-            cache: 'no-cache', // *default, no-cache, reload, force-cache, only-if-cached
-            credentials: 'same-origin', // include, *same-origin, omit
-            headers: req.headers,
-            redirect: 'follow', // manual, *follow, error
-            referrerPolicy: 'no-referrer', // no-referrer, *no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url
-            body: req.body,
-        });
-    }
-    catch (e) {
-        throw new errors_js_1.NetworkError(`unable to fetch wrapped key from [${url}]`, e);
-    }
-    if (!response.ok) {
-        switch (response.status) {
-            case 400:
-                throw new errors_js_1.InvalidFileError(`400 for [${req.url}]: rewrap bad request [${await response.text()}]`);
-            case 401:
-                throw new errors_js_1.UnauthenticatedError(`401 for [${req.url}]; rewrap auth failure`);
-            case 403:
-                throw new errors_js_1.PermissionDeniedError(`403 for [${req.url}]; rewrap permission denied`);
-            default:
-                if (response.status >= 500) {
-                    throw new errors_js_1.ServiceError(`${response.status} for [${req.url}]: rewrap failure due to service error [${await response.text()}]`);
-                }
-                throw new errors_js_1.NetworkError(`${req.method} ${req.url} => ${response.status} ${response.statusText}`);
-        }
-    }
-    return response.json();
+async function fetchWrappedKey(url, signedRequestToken, authProvider) {
+    const platformUrl = (0, utils_js_1.getPlatformUrlFromKasEndpoint)(url);
+    return await tryPromisesUntilFirstSuccess(() => (0, access_rpc_js_2.fetchWrappedKey)(platformUrl, signedRequestToken, authProvider), () => (0, access_fetch_js_2.fetchWrappedKey)(url, { signedRequestToken }, authProvider));
 }
 const isPublicKeyAlgorithm = (a) => {
     return a === 'ec:secp256r1' || a === 'rsa:2048';
 };
 exports.isPublicKeyAlgorithm = isPublicKeyAlgorithm;
-const keyAlgorithmToPublicKeyAlgorithm = (a) => {
+const keyAlgorithmToPublicKeyAlgorithm = (k) => {
+    const a = k.algorithm;
     if (a.name === 'ECDSA' || a.name === 'ECDH') {
         const eca = a;
-        if (eca.namedCurve === 'P-256') {
-            return 'ec:secp256r1';
+        switch (eca.namedCurve) {
+            case 'P-256':
+                return 'ec:secp256r1';
+            case 'P-384':
+                return 'ec:secp384r1';
+            case 'P-521':
+                return 'ec:secp521r1';
+            default:
+                throw new Error(`unsupported EC curve: ${eca.namedCurve}`);
         }
-        throw new Error(`unsupported EC curve: ${eca.namedCurve}`);
     }
-    if (a.name === 'RSA-OAEP') {
+    if (a.name === 'RSA-OAEP' || a.name === 'RSASSA-PKCS1-v1_5') {
         const rsaa = a;
-        if (rsaa.modulusLength === 2048) {
-            // if (rsaa.hash.name !== 'RSASSA-PKCS1-v1_5') {
-            //   throw new Error(`unsupported RSA hash: ${rsaa.hash.name}`);
-            // }
-            if (rsaa.publicExponent.toString() !== '1,0,1') {
-                throw new Error(`unsupported RSA public exponent: ${rsaa.publicExponent}`);
-            }
-            return 'rsa:2048';
+        if (rsaa.publicExponent.toString() !== '1,0,1') {
+            throw new Error(`unsupported RSA public exponent: ${rsaa.publicExponent}`);
+        }
+        switch (rsaa.modulusLength) {
+            case 2048:
+                return 'rsa:2048';
+            case 4096:
+                return 'rsa:4096';
+            default:
+                throw new Error(`unsupported RSA modulus length: ${rsaa.modulusLength}`);
         }
     }
     throw new Error(`unsupported key algorithm: ${a.name}`);
@@ -88,6 +67,14 @@ const publicKeyAlgorithmToJwa = (a) => {
             return 'ES256';
         case 'rsa:2048':
             return 'RS256';
+        case 'rsa:4096':
+            return 'RS512';
+        case 'ec:secp384r1':
+            return 'ES384';
+        case 'ec:secp521r1':
+            return 'ES512';
+        default:
+            throw new Error(`unsupported public key algorithm: ${a}`);
     }
 };
 exports.publicKeyAlgorithmToJwa = publicKeyAlgorithmToJwa;
@@ -102,68 +89,35 @@ async function noteInvalidPublicKey(url, r) {
         throw e;
     }
 }
+async function fetchKeyAccessServers(platformUrl, authProvider) {
+    return await tryPromisesUntilFirstSuccess(() => (0, access_rpc_js_1.fetchKeyAccessServers)(platformUrl, authProvider), () => (0, access_fetch_js_1.fetchKeyAccessServers)(platformUrl, authProvider));
+}
 /**
- * If we have KAS url but not public key we can fetch it from KAS, fetching
- * the value from `${kas}/kas_public_key`.
+ * Fetch the EC (secp256r1) public key for a KAS endpoint.
+ * @param kasEndpoint The KAS endpoint URL.
+ * @returns The public key information for the KAS endpoint.
  */
 async function fetchECKasPubKey(kasEndpoint) {
     return fetchKasPubKey(kasEndpoint, 'ec:secp256r1');
 }
+/**
+ * Fetch the public key for a KAS endpoint.
+ * This function will first try to fetch the base public key,
+ * then it will try to fetch the public key using the RPC method,
+ * and finally it will try to fetch the public key using the legacy method.
+ * If all attempts fail, it will return the error from RPC Public Key fetch.
+ * @param kasEndpoint The KAS endpoint URL.
+ * @param algorithm Optional algorithm to fetch the public key for.
+ * @returns The public key information.
+ */
 async function fetchKasPubKey(kasEndpoint, algorithm) {
-    if (!kasEndpoint) {
-        throw new errors_js_1.ConfigurationError('KAS definition not found');
-    }
-    // Logs insecure KAS. Secure is enforced in constructor
-    (0, utils_js_1.validateSecureUrl)(kasEndpoint);
-    // Parse kasEndpoint to URL, then append to its path and update its query parameters
-    let pkUrlV2;
     try {
-        pkUrlV2 = new URL(kasEndpoint);
+        return await (0, access_rpc_js_1.fetchKasBasePubKey)(kasEndpoint);
     }
     catch (e) {
-        throw new errors_js_1.ConfigurationError(`KAS definition invalid: [${kasEndpoint}]`, e);
-    }
-    if (!pkUrlV2.pathname.endsWith('kas_public_key')) {
-        if (!pkUrlV2.pathname.endsWith('/')) {
-            pkUrlV2.pathname += '/';
-        }
-        pkUrlV2.pathname += 'v2/kas_public_key';
-    }
-    pkUrlV2.searchParams.set('algorithm', algorithm || 'rsa:2048');
-    if (!pkUrlV2.searchParams.get('v')) {
-        pkUrlV2.searchParams.set('v', '2');
+        console.log(e);
     }
-    let kasPubKeyResponseV2;
-    try {
-        kasPubKeyResponseV2 = await fetch(pkUrlV2);
-    }
-    catch (e) {
-        throw new errors_js_1.NetworkError(`unable to fetch public key from [${pkUrlV2}]`, e);
-    }
-    if (!kasPubKeyResponseV2.ok) {
-        switch (kasPubKeyResponseV2.status) {
-            case 404:
-                throw new errors_js_1.ConfigurationError(`404 for [${pkUrlV2}]`);
-            case 401:
-                throw new errors_js_1.UnauthenticatedError(`401 for [${pkUrlV2}]`);
-            case 403:
-                throw new errors_js_1.PermissionDeniedError(`403 for [${pkUrlV2}]`);
-            default:
-                throw new errors_js_1.NetworkError(`${pkUrlV2} => ${kasPubKeyResponseV2.status} ${kasPubKeyResponseV2.statusText}`);
-        }
-    }
-    const jsonContent = await kasPubKeyResponseV2.json();
-    const { publicKey, kid } = jsonContent;
-    if (!publicKey) {
-        throw new errors_js_1.NetworkError(`invalid response from public key endpoint [${JSON.stringify(jsonContent)}]`);
-    }
-    return {
-        key: noteInvalidPublicKey(pkUrlV2, (0, utils_js_1.pemToCryptoPublicKey)(publicKey)),
-        publicKey,
-        url: kasEndpoint,
-        algorithm: algorithm || 'rsa:2048',
-        ...(kid && { kid }),
-    };
+    return await tryPromisesUntilFirstSuccess(() => (0, access_rpc_js_3.fetchKasPubKey)(kasEndpoint, algorithm), () => (0, access_fetch_js_3.fetchKasPubKey)(kasEndpoint, algorithm));
 }
 const origin = (u) => {
     try {
@@ -188,4 +142,24 @@ class OriginAllowList {
     }
 }
 exports.OriginAllowList = OriginAllowList;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FjY2Vzcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUE2QkEsMENBdURDO0FBOEVELDRDQUVDO0FBRUQsd0NBOERDO0FBbk9ELDJDQU9xQjtBQUNyQix5Q0FBcUU7QUFhckU7Ozs7OztHQU1HO0FBQ0ksS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLFdBQTBCLEVBQzFCLFlBQTBCLEVBQzFCLGFBQXFCO0lBRXJCLE1BQU0sR0FBRyxHQUFHLE1BQU0sWUFBWSxDQUFDLFNBQVMsQ0FBQztRQUN2QyxHQUFHO1FBQ0gsTUFBTSxFQUFFLE1BQU07UUFDZCxPQUFPLEVBQUU7WUFDUCxjQUFjLEVBQUUsa0JBQWtCO1NBQ25DO1FBQ0QsSUFBSSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDO0tBQ2xDLENBQUMsQ0FBQztJQUVILElBQUksUUFBa0IsQ0FBQztJQUV2QixJQUFJLENBQUM7UUFDSCxRQUFRLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsRUFBRTtZQUM5QixNQUFNLEVBQUUsR0FBRyxDQUFDLE1BQU07WUFDbEIsSUFBSSxFQUFFLE1BQU0sRUFBRSw4QkFBOEI7WUFDNUMsS0FBSyxFQUFFLFVBQVUsRUFBRSwwREFBMEQ7WUFDN0UsV0FBVyxFQUFFLGFBQWEsRUFBRSw4QkFBOEI7WUFDMUQsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO1lBQ3BCLFFBQVEsRUFBRSxRQUFRLEVBQUUseUJBQXlCO1lBQzdDLGNBQWMsRUFBRSxhQUFhLEVBQUUsc0pBQXNKO1lBQ3JMLElBQUksRUFBRSxHQUFHLENBQUMsSUFBZ0I7U0FDM0IsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxNQUFNLElBQUksd0JBQVksQ0FBQyxxQ0FBcUMsR0FBRyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDekUsQ0FBQztJQUVELElBQUksQ0FBQyxRQUFRLENBQUMsRUFBRSxFQUFFLENBQUM7UUFDakIsUUFBUSxRQUFRLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDeEIsS0FBSyxHQUFHO2dCQUNOLE1BQU0sSUFBSSw0QkFBZ0IsQ0FDeEIsWUFBWSxHQUFHLENBQUMsR0FBRywwQkFBMEIsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FDdEUsQ0FBQztZQUNKLEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksZ0NBQW9CLENBQUMsWUFBWSxHQUFHLENBQUMsR0FBRyx3QkFBd0IsQ0FBQyxDQUFDO1lBQzlFLEtBQUssR0FBRztnQkFDTixNQUFNLElBQUksaUNBQXFCLENBQUMsWUFBWSxHQUFHLENBQUMsR0FBRyw2QkFBNkIsQ0FBQyxDQUFDO1lBQ3BGO2dCQUNFLElBQUksUUFBUSxDQUFDLE1BQU0sSUFBSSxHQUFHLEVBQUUsQ0FBQztvQkFDM0IsTUFBTSxJQUFJLHdCQUFZLENBQ3BCLEdBQUcsUUFBUSxDQUFDLE1BQU0sU0FBUyxHQUFHLENBQUMsR0FBRywyQ0FBMkMsTUFBTSxRQUFRLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FDdEcsQ0FBQztnQkFDSixDQUFDO2dCQUNELE1BQU0sSUFBSSx3QkFBWSxDQUNwQixHQUFHLEdBQUcsQ0FBQyxNQUFNLElBQUksR0FBRyxDQUFDLEdBQUcsT0FBTyxRQUFRLENBQUMsTUFBTSxJQUFJLFFBQVEsQ0FBQyxVQUFVLEVBQUUsQ0FDeEUsQ0FBQztRQUNOLENBQUM7SUFDSCxDQUFDO0lBRUQsT0FBTyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7QUFDekIsQ0FBQztBQUlNLE1BQU0sb0JBQW9CLEdBQUcsQ0FBQyxDQUFTLEVBQThCLEVBQUU7SUFDNUUsT0FBTyxDQUFDLEtBQUssY0FBYyxJQUFJLENBQUMsS0FBSyxVQUFVLENBQUM7QUFDbEQsQ0FBQyxDQUFDO0FBRlcsUUFBQSxvQkFBb0Isd0JBRS9CO0FBRUssTUFBTSxnQ0FBZ0MsR0FBRyxDQUFDLENBQWUsRUFBeUIsRUFBRTtJQUN6RixJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssT0FBTyxJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssTUFBTSxFQUFFLENBQUM7UUFDNUMsTUFBTSxHQUFHLEdBQUcsQ0FBbUIsQ0FBQztRQUNoQyxJQUFJLEdBQUcsQ0FBQyxVQUFVLEtBQUssT0FBTyxFQUFFLENBQUM7WUFDL0IsT0FBTyxjQUFjLENBQUM7UUFDeEIsQ0FBQztRQUNELE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLEdBQUcsQ0FBQyxVQUFVLEVBQUUsQ0FBQyxDQUFDO0lBQzdELENBQUM7SUFDRCxJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssVUFBVSxFQUFFLENBQUM7UUFDMUIsTUFBTSxJQUFJLEdBQUcsQ0FBMEIsQ0FBQztRQUN4QyxJQUFJLElBQUksQ0FBQyxhQUFhLEtBQUssSUFBSSxFQUFFLENBQUM7WUFDaEMsZ0RBQWdEO1lBQ2hELGdFQUFnRTtZQUNoRSxJQUFJO1lBQ0osSUFBSSxJQUFJLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSxLQUFLLE9BQU8sRUFBRSxDQUFDO2dCQUMvQyxNQUFNLElBQUksS0FBSyxDQUFDLG9DQUFvQyxJQUFJLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQztZQUM3RSxDQUFDO1lBQ0QsT0FBTyxVQUFVLENBQUM7UUFDcEIsQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLElBQUksS0FBSyxDQUFDLDhCQUE4QixDQUFDLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztBQUMxRCxDQUFDLENBQUM7QUFyQlcsUUFBQSxnQ0FBZ0Msb0NBcUIzQztBQUVLLE1BQU0sdUJBQXVCLEdBQUcsQ0FBQyxDQUF3QixFQUFVLEVBQUU7SUFDMUUsUUFBUSxDQUFDLEVBQUUsQ0FBQztRQUNWLEtBQUssY0FBYztZQUNqQixPQUFPLE9BQU8sQ0FBQztRQUNqQixLQUFLLFVBQVU7WUFDYixPQUFPLE9BQU8sQ0FBQztJQUNuQixDQUFDO0FBQ0gsQ0FBQyxDQUFDO0FBUFcsUUFBQSx1QkFBdUIsMkJBT2xDO0FBeUJGLEtBQUssVUFBVSxvQkFBb0IsQ0FBQyxHQUFRLEVBQUUsQ0FBcUI7SUFDakUsSUFBSSxDQUFDO1FBQ0gsT0FBTyxNQUFNLENBQUMsQ0FBQztJQUNqQixDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLElBQUksQ0FBQyxZQUFZLFNBQVMsRUFBRSxDQUFDO1lBQzNCLE1BQU0sSUFBSSx3QkFBWSxDQUFDLDRCQUE0QixHQUFHLEdBQUcsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNoRSxDQUFDO1FBQ0QsTUFBTSxDQUFDLENBQUM7SUFDVixDQUFDO0FBQ0gsQ0FBQztBQUVEOzs7R0FHRztBQUNJLEtBQUssVUFBVSxnQkFBZ0IsQ0FBQyxXQUFtQjtJQUN4RCxPQUFPLGNBQWMsQ0FBQyxXQUFXLEVBQUUsY0FBYyxDQUFDLENBQUM7QUFDckQsQ0FBQztBQUVNLEtBQUssVUFBVSxjQUFjLENBQ2xDLFdBQW1CLEVBQ25CLFNBQWlDO0lBRWpDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUNqQixNQUFNLElBQUksOEJBQWtCLENBQUMsMEJBQTBCLENBQUMsQ0FBQztJQUMzRCxDQUFDO0lBQ0QsdURBQXVEO0lBQ3ZELElBQUEsNEJBQWlCLEVBQUMsV0FBVyxDQUFDLENBQUM7SUFFL0Isb0ZBQW9GO0lBQ3BGLElBQUksT0FBWSxDQUFDO0lBQ2pCLElBQUksQ0FBQztRQUNILE9BQU8sR0FBRyxJQUFJLEdBQUcsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw0QkFBNEIsV0FBVyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7SUFDOUUsQ0FBQztJQUNELElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxnQkFBZ0IsQ0FBQyxFQUFFLENBQUM7UUFDakQsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDcEMsT0FBTyxDQUFDLFFBQVEsSUFBSSxHQUFHLENBQUM7UUFDMUIsQ0FBQztRQUNELE9BQU8sQ0FBQyxRQUFRLElBQUksbUJBQW1CLENBQUM7SUFDMUMsQ0FBQztJQUNELE9BQU8sQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLFdBQVcsRUFBRSxTQUFTLElBQUksVUFBVSxDQUFDLENBQUM7SUFDL0QsSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7UUFDbkMsT0FBTyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFRCxJQUFJLG1CQUE2QixDQUFDO0lBQ2xDLElBQUksQ0FBQztRQUNILG1CQUFtQixHQUFHLE1BQU0sS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1FBQ1gsTUFBTSxJQUFJLHdCQUFZLENBQUMsb0NBQW9DLE9BQU8sR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQzVFLENBQUM7SUFDRCxJQUFJLENBQUMsbUJBQW1CLENBQUMsRUFBRSxFQUFFLENBQUM7UUFDNUIsUUFBUSxtQkFBbUIsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNuQyxLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLDhCQUFrQixDQUFDLFlBQVksT0FBTyxHQUFHLENBQUMsQ0FBQztZQUN2RCxLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLGdDQUFvQixDQUFDLFlBQVksT0FBTyxHQUFHLENBQUMsQ0FBQztZQUN6RCxLQUFLLEdBQUc7Z0JBQ04sTUFBTSxJQUFJLGlDQUFxQixDQUFDLFlBQVksT0FBTyxHQUFHLENBQUMsQ0FBQztZQUMxRDtnQkFDRSxNQUFNLElBQUksd0JBQVksQ0FDcEIsR0FBRyxPQUFPLE9BQU8sbUJBQW1CLENBQUMsTUFBTSxJQUFJLG1CQUFtQixDQUFDLFVBQVUsRUFBRSxDQUNoRixDQUFDO1FBQ04sQ0FBQztJQUNILENBQUM7SUFDRCxNQUFNLFdBQVcsR0FBRyxNQUFNLG1CQUFtQixDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3JELE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyxFQUFFLEdBQXFCLFdBQVcsQ0FBQztJQUN6RCxJQUFJLENBQUMsU0FBUyxFQUFFLENBQUM7UUFDZixNQUFNLElBQUksd0JBQVksQ0FDcEIsOENBQThDLElBQUksQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FDN0UsQ0FBQztJQUNKLENBQUM7SUFDRCxPQUFPO1FBQ0wsR0FBRyxFQUFFLG9CQUFvQixDQUFDLE9BQU8sRUFBRSxJQUFBLCtCQUFvQixFQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ25FLFNBQVM7UUFDVCxHQUFHLEVBQUUsV0FBVztRQUNoQixTQUFTLEVBQUUsU0FBUyxJQUFJLFVBQVU7UUFDbEMsR0FBRyxDQUFDLEdBQUcsSUFBSSxFQUFFLEdBQUcsRUFBRSxDQUFDO0tBQ3BCLENBQUM7QUFDSixDQUFDO0FBRUQsTUFBTSxNQUFNLEdBQUcsQ0FBQyxDQUFTLEVBQVUsRUFBRTtJQUNuQyxJQUFJLENBQUM7UUFDSCxPQUFPLElBQUksR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQztJQUMzQixDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMscUJBQXFCLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDdkMsTUFBTSxDQUFDLENBQUM7SUFDVixDQUFDO0FBQ0gsQ0FBQyxDQUFDO0FBRUYsTUFBYSxlQUFlO0lBRzFCLFlBQVksSUFBYyxFQUFFLFFBQWtCO1FBQzVDLElBQUksQ0FBQyxPQUFPLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNoQyxJQUFJLENBQUMsT0FBTyxDQUFDLDRCQUFpQixDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLFFBQVEsR0FBRyxDQUFDLENBQUMsUUFBUSxDQUFDO0lBQzdCLENBQUM7SUFDRCxNQUFNLENBQUMsR0FBVztRQUNoQixJQUFJLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNsQixPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7UUFDRCxPQUFPLElBQUksQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDO0lBQzVDLENBQUM7Q0FDRjtBQWRELDBDQWNDIn0=
+/**
+ * Tries two promise-returning functions in order and returns the first successful result.
+ * If both fail, throws the error from the second.
+ * @param first First function returning a promise to try.
+ * @param second Second function returning a promise to try if the first fails.
+ */
+async function tryPromisesUntilFirstSuccess(first, second) {
+    try {
+        return await first();
+    }
+    catch (e1) {
+        console.info('v2 request error', e1);
+        try {
+            return await second();
+        }
+        catch (err) {
+            throw err;
+        }
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjZXNzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2FjY2Vzcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7QUEwQkEsMENBZ0JDO0FBcUZELG9EQVNDO0FBRUQsc0RBUUM7QUFPRCw0Q0FFQztBQVlELHdDQWNDO0FBcExELDJDQUEyQztBQUUzQyx5Q0FBOEU7QUFFOUUsMERBR2dDO0FBQ2hDLDhEQUFnRztBQUNoRywwREFBZ0Y7QUFDaEYsOERBQXFGO0FBQ3JGLDBEQUE2RTtBQUM3RSw4REFBa0Y7QUFNbEY7Ozs7OztHQU1HO0FBQ0ksS0FBSyxVQUFVLGVBQWUsQ0FDbkMsR0FBVyxFQUNYLGtCQUEwQixFQUMxQixZQUEwQjtJQUUxQixNQUFNLFdBQVcsR0FBRyxJQUFBLHdDQUE2QixFQUFDLEdBQUcsQ0FBQyxDQUFDO0lBRXZELE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQUMsSUFBQSwrQkFBbUIsRUFBQyxXQUFXLEVBQUUsa0JBQWtCLEVBQUUsWUFBWSxDQUFDLEVBQ3hFLEdBQUcsRUFBRSxDQUNILElBQUEsaUNBQXNCLEVBQ3BCLEdBQUcsRUFDSCxFQUFFLGtCQUFrQixFQUFFLEVBQ3RCLFlBQVksQ0FDeUIsQ0FDMUMsQ0FBQztBQUNKLENBQUM7QUFTTSxNQUFNLG9CQUFvQixHQUFHLENBQUMsQ0FBUyxFQUE4QixFQUFFO0lBQzVFLE9BQU8sQ0FBQyxLQUFLLGNBQWMsSUFBSSxDQUFDLEtBQUssVUFBVSxDQUFDO0FBQ2xELENBQUMsQ0FBQztBQUZXLFFBQUEsb0JBQW9CLHdCQUUvQjtBQUVLLE1BQU0sZ0NBQWdDLEdBQUcsQ0FBQyxDQUFZLEVBQXlCLEVBQUU7SUFDdEYsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDLFNBQVMsQ0FBQztJQUN0QixJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssT0FBTyxJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssTUFBTSxFQUFFLENBQUM7UUFDNUMsTUFBTSxHQUFHLEdBQUcsQ0FBbUIsQ0FBQztRQUNoQyxRQUFRLEdBQUcsQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUN2QixLQUFLLE9BQU87Z0JBQ1YsT0FBTyxjQUFjLENBQUM7WUFDeEIsS0FBSyxPQUFPO2dCQUNWLE9BQU8sY0FBYyxDQUFDO1lBQ3hCLEtBQUssT0FBTztnQkFDVixPQUFPLGNBQWMsQ0FBQztZQUN4QjtnQkFDRSxNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixHQUFHLENBQUMsVUFBVSxFQUFFLENBQUMsQ0FBQztRQUMvRCxDQUFDO0lBQ0gsQ0FBQztJQUNELElBQUksQ0FBQyxDQUFDLElBQUksS0FBSyxVQUFVLElBQUksQ0FBQyxDQUFDLElBQUksS0FBSyxtQkFBbUIsRUFBRSxDQUFDO1FBQzVELE1BQU0sSUFBSSxHQUFHLENBQTBCLENBQUM7UUFDeEMsSUFBSSxJQUFJLENBQUMsY0FBYyxDQUFDLFFBQVEsRUFBRSxLQUFLLE9BQU8sRUFBRSxDQUFDO1lBQy9DLE1BQU0sSUFBSSxLQUFLLENBQUMsb0NBQW9DLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQyxDQUFDO1FBQzdFLENBQUM7UUFDRCxRQUFRLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUMzQixLQUFLLElBQUk7Z0JBQ1AsT0FBTyxVQUFVLENBQUM7WUFDcEIsS0FBSyxJQUFJO2dCQUNQLE9BQU8sVUFBVSxDQUFDO1lBQ3BCO2dCQUNFLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQyxDQUFDO1FBQzdFLENBQUM7SUFDSCxDQUFDO0lBQ0QsTUFBTSxJQUFJLEtBQUssQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7QUFDMUQsQ0FBQyxDQUFDO0FBOUJXLFFBQUEsZ0NBQWdDLG9DQThCM0M7QUFFSyxNQUFNLHVCQUF1QixHQUFHLENBQUMsQ0FBd0IsRUFBVSxFQUFFO0lBQzFFLFFBQVEsQ0FBQyxFQUFFLENBQUM7UUFDVixLQUFLLGNBQWM7WUFDakIsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxVQUFVO1lBQ2IsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxVQUFVO1lBQ2IsT0FBTyxPQUFPLENBQUM7UUFDakIsS0FBSyxjQUFjO1lBQ2pCLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLEtBQUssY0FBYztZQUNqQixPQUFPLE9BQU8sQ0FBQztRQUNqQjtZQUNFLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDOUQsQ0FBQztBQUNILENBQUMsQ0FBQztBQWZXLFFBQUEsdUJBQXVCLDJCQWVsQztBQXlCSyxLQUFLLFVBQVUsb0JBQW9CLENBQUMsR0FBUSxFQUFFLENBQXFCO0lBQ3hFLElBQUksQ0FBQztRQUNILE9BQU8sTUFBTSxDQUFDLENBQUM7SUFDakIsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxJQUFJLENBQUMsWUFBWSxTQUFTLEVBQUUsQ0FBQztZQUMzQixNQUFNLElBQUksd0JBQVksQ0FBQyw0QkFBNEIsR0FBRyxHQUFHLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDaEUsQ0FBQztRQUNELE1BQU0sQ0FBQyxDQUFDO0lBQ1YsQ0FBQztBQUNILENBQUM7QUFFTSxLQUFLLFVBQVUscUJBQXFCLENBQ3pDLFdBQW1CLEVBQ25CLFlBQTBCO0lBRTFCLE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQUMsSUFBQSxxQ0FBd0IsRUFBQyxXQUFXLEVBQUUsWUFBWSxDQUFDLEVBQ3pELEdBQUcsRUFBRSxDQUFDLElBQUEsdUNBQTJCLEVBQUMsV0FBVyxFQUFFLFlBQVksQ0FBQyxDQUM3RCxDQUFDO0FBQ0osQ0FBQztBQUVEOzs7O0dBSUc7QUFDSSxLQUFLLFVBQVUsZ0JBQWdCLENBQUMsV0FBbUI7SUFDeEQsT0FBTyxjQUFjLENBQUMsV0FBVyxFQUFFLGNBQWMsQ0FBQyxDQUFDO0FBQ3JELENBQUM7QUFFRDs7Ozs7Ozs7O0dBU0c7QUFDSSxLQUFLLFVBQVUsY0FBYyxDQUNsQyxXQUFtQixFQUNuQixTQUFpQztJQUVqQyxJQUFJLENBQUM7UUFDSCxPQUFPLE1BQU0sSUFBQSxrQ0FBa0IsRUFBQyxXQUFXLENBQUMsQ0FBQztJQUMvQyxDQUFDO0lBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztRQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUM7SUFDakIsQ0FBQztJQUVELE9BQU8sTUFBTSw0QkFBNEIsQ0FDdkMsR0FBRyxFQUFFLENBQUMsSUFBQSw4QkFBaUIsRUFBQyxXQUFXLEVBQUUsU0FBUyxDQUFDLEVBQy9DLEdBQUcsRUFBRSxDQUFDLElBQUEsZ0NBQW9CLEVBQUMsV0FBVyxFQUFFLFNBQVMsQ0FBQyxDQUNuRCxDQUFDO0FBQ0osQ0FBQztBQUVELE1BQU0sTUFBTSxHQUFHLENBQUMsQ0FBUyxFQUFVLEVBQUU7SUFDbkMsSUFBSSxDQUFDO1FBQ0gsT0FBTyxJQUFJLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUM7SUFDM0IsQ0FBQztJQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7UUFDWCxPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3ZDLE1BQU0sQ0FBQyxDQUFDO0lBQ1YsQ0FBQztBQUNILENBQUMsQ0FBQztBQUVGLE1BQWEsZUFBZTtJQUcxQixZQUFZLElBQWMsRUFBRSxRQUFrQjtRQUM1QyxJQUFJLENBQUMsT0FBTyxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDaEMsSUFBSSxDQUFDLE9BQU8sQ0FBQyw0QkFBaUIsQ0FBQyxDQUFDO1FBQ2hDLElBQUksQ0FBQyxRQUFRLEdBQUcsQ0FBQyxDQUFDLFFBQVEsQ0FBQztJQUM3QixDQUFDO0lBQ0QsTUFBTSxDQUFDLEdBQVc7UUFDaEIsSUFBSSxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7WUFDbEIsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQztJQUM1QyxDQUFDO0NBQ0Y7QUFkRCwwQ0FjQztBQUVEOzs7OztHQUtHO0FBQ0gsS0FBSyxVQUFVLDRCQUE0QixDQUN6QyxLQUF1QixFQUN2QixNQUF3QjtJQUV4QixJQUFJLENBQUM7UUFDSCxPQUFPLE1BQU0sS0FBSyxFQUFFLENBQUM7SUFDdkIsQ0FBQztJQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7UUFDWixPQUFPLENBQUMsSUFBSSxDQUFDLGtCQUFrQixFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQ3JDLElBQUksQ0FBQztZQUNILE9BQU8sTUFBTSxNQUFNLEVBQUUsQ0FBQztRQUN4QixDQUFDO1FBQUMsT0FBTyxHQUFHLEVBQUUsQ0FBQztZQUNiLE1BQU0sR0FBRyxDQUFDO1FBQ1osQ0FBQztJQUNILENBQUM7QUFDSCxDQUFDIn0=

package/dist/cjs/src/auth/oidc.js CHANGED Viewed

@@ -148,7 +148,7 @@ class AccessToken {
             }
             catch (e) {
                 console.log('access_token fails on user_info endpoint; attempting to renew', e);
-                if (this.data.refresh_token) {
+                if (this.data?.refresh_token) {
                     // Prefer the latest refresh_token if present over creds passed in
                     // to constructor
                     this.config = {
@@ -219,4 +219,4 @@ class AccessToken {
     }
 }
 exports.AccessToken = AccessToken;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL29pZGMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsZ0RBQXlDO0FBQ3pDLHVDQUFxRDtBQUNyRCxvREFBK0M7QUFDL0MsNENBQTREO0FBQzVELDBDQUF3RDtBQWtEeEQsTUFBTSxVQUFVLEdBQUcsQ0FBQyxHQUEyQixFQUFFLEVBQUUsQ0FBQyxJQUFJLGVBQWUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztBQU94Rjs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBcUJHO0FBQ0gsTUFBYSxXQUFXO0lBZXRCLFlBQVksR0FBb0IsRUFBRSxPQUFzQjtRQUp4RCxpQkFBWSxHQUEyQixFQUFFLENBQUM7UUFLeEMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNsQixNQUFNLElBQUksOEJBQWtCLENBQzFCLDRFQUE0RSxDQUM3RSxDQUFDO1FBQ0osQ0FBQztRQUNELElBQUksR0FBRyxDQUFDLFFBQVEsS0FBSyxRQUFRLElBQUksQ0FBQyxHQUFHLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDbkQsTUFBTSxJQUFJLDhCQUFrQixDQUMxQiw0RUFBNEUsQ0FDN0UsQ0FBQztRQUNKLENBQUM7UUFDRCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEtBQUssU0FBUyxJQUFJLENBQUMsR0FBRyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3BELE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw0REFBNEQsQ0FBQyxDQUFDO1FBQzdGLENBQUM7UUFDRCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEtBQUssVUFBVSxJQUFJLENBQUMsR0FBRyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3BELE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxtREFBbUQsQ0FBQyxDQUFDO1FBQ3BGLENBQUM7UUFDRCxJQUFJLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2xCLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO1FBQzdELENBQUM7UUFDRCxJQUFJLENBQUMsTUFBTSxHQUFHLEdBQUcsQ0FBQztRQUNsQixJQUFJLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQztRQUN2QixJQUFJLENBQUMsT0FBTyxHQUFHLElBQUEsaUJBQU0sRUFBQyxHQUFHLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQzNDLElBQUksQ0FBQyxVQUFVLEdBQUcsR0FBRyxDQUFDLFVBQVUsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyxJQUFJLENBQUMsV0FBbUI7UUFDNUIsTUFBTSxHQUFHLEdBQUcsR0FBRyxJQUFJLENBQUMsT0FBTyxtQ0FBbUMsQ0FBQztRQUMvRCxNQUFNLE9BQU8sR0FBRztZQUNkLEdBQUcsSUFBSSxDQUFDLFlBQVk7WUFDcEIsYUFBYSxFQUFFLFVBQVUsV0FBVyxFQUFFO1NBQ2IsQ0FBQztRQUM1QixJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxJQUFJLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUMvQyxPQUFPLENBQUMsSUFBSSxHQUFHLE1BQU0sSUFBQSxjQUFNLEVBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxHQUFHLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDNUQsQ0FBQztRQUNELE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxJQUFJLEtBQUssQ0FBQyxDQUFDLEdBQUcsRUFBRTtZQUNsRCxPQUFPO1NBQ1IsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNqQixPQUFPLENBQUMsS0FBSyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDckMsTUFBTSxJQUFJLG9CQUFRLENBQ2hCLHdCQUF3QixHQUFHLFFBQVEsUUFBUSxDQUFDLE1BQU0sSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQzVFLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFZLENBQUM7SUFDNUMsQ0FBQztJQUVELEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBVyxFQUFFLENBQXlCO1FBQ2pELE1BQU0sT0FBTyxHQUEyQjtZQUN0QyxjQUFjLEVBQUUsbUNBQW1DO1lBQ25ELE1BQU0sRUFBRSxrQkFBa0I7U0FDM0IsQ0FBQztRQUNGLGlDQUFpQztRQUNqQyxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDNUIsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztnQkFDckIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLHlCQUF5QixDQUFDLENBQUM7WUFDMUQsQ0FBQztZQUNELE1BQU0sWUFBWSxHQUFHLE1BQU0sSUFBQSw0QkFBaUIsRUFBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3hFLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLGlCQUFNLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQ3hELE9BQU8sQ0FBQyxJQUFJLEdBQUcsTUFBTSxJQUFBLGNBQU0sRUFBQyxJQUFJLENBQUMsVUFBVSxFQUFFLEdBQUcsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUM1RCxDQUFDO1FBQ0QsT0FBTyxDQUFDLElBQUksQ0FBQyxPQUFPLElBQUksS0FBSyxDQUFDLENBQUMsR0FBRyxFQUFFO1lBQ2xDLE1BQU0sRUFBRSxNQUFNO1lBQ2QsT0FBTztZQUNQLElBQUksRUFBRSxVQUFVLENBQUMsQ0FBQyxDQUFDO1NBQ3BCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsaUJBQWlCLENBQUMsR0FBb0I7UUFDMUMsTUFBTSxHQUFHLEdBQUcsR0FBRyxJQUFJLENBQUMsT0FBTyxnQ0FBZ0MsQ0FBQztRQUM1RCxJQUFJLElBQUksQ0FBQztRQUNULFFBQVEsR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ3JCLEtBQUssUUFBUTtnQkFDWCxJQUFJLEdBQUc7b0JBQ0wsVUFBVSxFQUFFLG9CQUFvQjtvQkFDaEMsU0FBUyxFQUFFLEdBQUcsQ0FBQyxRQUFRO29CQUN2QixhQUFhLEVBQUUsR0FBRyxDQUFDLFlBQVk7aUJBQ2hDLENBQUM7Z0JBQ0YsTUFBTTtZQUNSLEtBQUssVUFBVTtnQkFDYixJQUFJLEdBQUc7b0JBQ0wsVUFBVSxFQUFFLGlEQUFpRDtvQkFDN0QsYUFBYSxFQUFFLEdBQUcsQ0FBQyxXQUFXO29CQUM5QixrQkFBa0IsRUFBRSxzQ0FBc0M7b0JBQzFELFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtvQkFDdEIsU0FBUyxFQUFFLEdBQUcsQ0FBQyxRQUFRO2lCQUN4QixDQUFDO2dCQUNGLE1BQU07WUFDUixLQUFLLFNBQVM7Z0JBQ1osSUFBSSxHQUFHO29CQUNMLFVBQVUsRUFBRSxlQUFlO29CQUMzQixhQUFhLEVBQUUsR0FBRyxDQUFDLFlBQVk7b0JBQy9CLFNBQVMsRUFBRSxHQUFHLENBQUMsUUFBUTtpQkFDeEIsQ0FBQztnQkFDRixNQUFNO1FBQ1YsQ0FBQztRQUNELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDOUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNqQixPQUFPLENBQUMsS0FBSyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDckMsTUFBTSxJQUFJLG9CQUFRLENBQ2hCLG1DQUFtQyxHQUFHLFFBQVEsUUFBUSxDQUFDLE1BQU0sSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQ3ZGLENBQUM7UUFDSixDQUFDO1FBQ0QsT0FBTyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsR0FBRyxDQUFDLFFBQVEsR0FBRyxJQUFJO1FBQ3ZCLElBQUksSUFBSSxDQUFDLElBQUksRUFBRSxZQUFZLEVBQUUsQ0FBQztZQUM1QixJQUFJLENBQUM7Z0JBQ0gsSUFBSSxRQUFRLEVBQUUsQ0FBQztvQkFDYixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztnQkFDMUMsQ0FBQztnQkFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDO1lBQ2hDLENBQUM7WUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMsK0RBQStELEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQ2hGLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztvQkFDNUIsa0VBQWtFO29CQUNsRSxpQkFBaUI7b0JBQ2pCLElBQUksQ0FBQyxNQUFNLEdBQUc7d0JBQ1osR0FBRyxJQUFJLENBQUMsTUFBTTt3QkFDZCxRQUFRLEVBQUUsU0FBUzt3QkFDbkIsWUFBWSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsYUFBYTtxQkFDdEMsQ0FBQztnQkFDSixDQUFDO2dCQUNELE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQztZQUNuQixDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUM5RSxPQUFPLGFBQWEsQ0FBQyxZQUFZLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILEtBQUssQ0FBQywwQ0FBMEMsQ0FBQyxVQUF5QjtRQUN4RSxzREFBc0Q7UUFDdEQsNkNBQTZDO1FBQzdDLDJEQUEyRDtRQUMzRCxJQUFJLElBQUksQ0FBQyxrQkFBa0IsSUFBSSxVQUFVLEtBQUssSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQzlELE9BQU87UUFDVCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsa0JBQWtCLENBQUM7UUFDL0IsSUFBSSxDQUFDLFVBQVUsR0FBRyxVQUFVLENBQUM7SUFDL0IsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLHVCQUF1QjtRQUMzQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDO1FBQ3hCLElBQUksR0FBRyxDQUFDLFFBQVEsSUFBSSxVQUFVLElBQUksR0FBRyxDQUFDLFFBQVEsSUFBSSxTQUFTLEVBQUUsQ0FBQztZQUM1RCxNQUFNLElBQUksOEJBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBQ0QsTUFBTSxhQUFhLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQzlFLElBQUksQ0FBQyxhQUFhLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDakMsT0FBTyxDQUFDLEdBQUcsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO1lBQ3pDLE9BQU8sQ0FDTCxDQUFDLEdBQUcsQ0FBQyxRQUFRLElBQUksU0FBUyxJQUFJLEdBQUcsQ0FBQyxZQUFZLENBQUM7Z0JBQy9DLENBQUMsR0FBRyxDQUFDLFFBQVEsSUFBSSxVQUFVLElBQUksR0FBRyxDQUFDLFdBQVcsQ0FBQztnQkFDL0MsRUFBRSxDQUNILENBQUM7UUFDSixDQUFDO1FBQ0Qsa0VBQWtFO1FBQ2xFLGlCQUFpQjtRQUNqQixJQUFJLENBQUMsTUFBTSxHQUFHO1lBQ1osR0FBRyxJQUFJLENBQUMsTUFBTTtZQUNkLFFBQVEsRUFBRSxTQUFTO1lBQ25CLFlBQVksRUFBRSxhQUFhLENBQUMsYUFBYTtTQUMxQyxDQUFDO1FBQ0YsT0FBTyxhQUFhLENBQUMsWUFBWSxDQUFDO0lBQ3BDLENBQUM7SUFFRCxLQUFLLENBQUMsU0FBUyxDQUFDLE9BQW9CO1FBQ2xDLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDckIsTUFBTSxJQUFJLDhCQUFrQixDQUMxQiwwSUFBMEksQ0FDM0ksQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLFdBQVcsR0FBRyxDQUFDLElBQUksQ0FBQyxrQkFBa0IsS0FBSyxNQUFNLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQ25FLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQy9DLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBQSxjQUFNLEVBQzVCLElBQUksQ0FBQyxVQUFVLEVBQ2YsT0FBTyxDQUFDLEdBQUcsRUFDWCxPQUFPLENBQUMsTUFBTTtZQUNkLFdBQVcsQ0FBQyxTQUFTLEVBQ3JCLFdBQVcsQ0FDWixDQUFDO1lBQ0YsdUVBQXVFO1lBQ3ZFLE9BQU8sSUFBQSxxQkFBVyxFQUFDLE9BQU8sRUFBRSxFQUFFLGFBQWEsRUFBRSxVQUFVLFdBQVcsRUFBRSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDO1FBQzNGLENBQUM7UUFDRCxPQUFPLElBQUEscUJBQVcsRUFBQyxPQUFPLEVBQUUsRUFBRSxhQUFhLEVBQUUsVUFBVSxXQUFXLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDMUUsQ0FBQztDQUNGO0FBL05ELGtDQStOQyJ9
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2lkYy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9hdXRoL29pZGMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsZ0RBQXlDO0FBQ3pDLHVDQUFxRDtBQUNyRCxvREFBK0M7QUFDL0MsNENBQTREO0FBQzVELDBDQUF3RDtBQWtEeEQsTUFBTSxVQUFVLEdBQUcsQ0FBQyxHQUEyQixFQUFFLEVBQUUsQ0FBQyxJQUFJLGVBQWUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztBQU94Rjs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0dBcUJHO0FBQ0gsTUFBYSxXQUFXO0lBZXRCLFlBQVksR0FBb0IsRUFBRSxPQUFzQjtRQUp4RCxpQkFBWSxHQUEyQixFQUFFLENBQUM7UUFLeEMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNsQixNQUFNLElBQUksOEJBQWtCLENBQzFCLDRFQUE0RSxDQUM3RSxDQUFDO1FBQ0osQ0FBQztRQUNELElBQUksR0FBRyxDQUFDLFFBQVEsS0FBSyxRQUFRLElBQUksQ0FBQyxHQUFHLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDbkQsTUFBTSxJQUFJLDhCQUFrQixDQUMxQiw0RUFBNEUsQ0FDN0UsQ0FBQztRQUNKLENBQUM7UUFDRCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEtBQUssU0FBUyxJQUFJLENBQUMsR0FBRyxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3BELE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw0REFBNEQsQ0FBQyxDQUFDO1FBQzdGLENBQUM7UUFDRCxJQUFJLEdBQUcsQ0FBQyxRQUFRLEtBQUssVUFBVSxJQUFJLENBQUMsR0FBRyxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3BELE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyxtREFBbUQsQ0FBQyxDQUFDO1FBQ3BGLENBQUM7UUFDRCxJQUFJLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ2xCLE1BQU0sSUFBSSw4QkFBa0IsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO1FBQzdELENBQUM7UUFDRCxJQUFJLENBQUMsTUFBTSxHQUFHLEdBQUcsQ0FBQztRQUNsQixJQUFJLENBQUMsT0FBTyxHQUFHLE9BQU8sQ0FBQztRQUN2QixJQUFJLENBQUMsT0FBTyxHQUFHLElBQUEsaUJBQU0sRUFBQyxHQUFHLENBQUMsVUFBVSxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQzNDLElBQUksQ0FBQyxVQUFVLEdBQUcsR0FBRyxDQUFDLFVBQVUsQ0FBQztJQUNuQyxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILEtBQUssQ0FBQyxJQUFJLENBQUMsV0FBbUI7UUFDNUIsTUFBTSxHQUFHLEdBQUcsR0FBRyxJQUFJLENBQUMsT0FBTyxtQ0FBbUMsQ0FBQztRQUMvRCxNQUFNLE9BQU8sR0FBRztZQUNkLEdBQUcsSUFBSSxDQUFDLFlBQVk7WUFDcEIsYUFBYSxFQUFFLFVBQVUsV0FBVyxFQUFFO1NBQ2IsQ0FBQztRQUM1QixJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxJQUFJLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUMvQyxPQUFPLENBQUMsSUFBSSxHQUFHLE1BQU0sSUFBQSxjQUFNLEVBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxHQUFHLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFDNUQsQ0FBQztRQUNELE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxJQUFJLEtBQUssQ0FBQyxDQUFDLEdBQUcsRUFBRTtZQUNsRCxPQUFPO1NBQ1IsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNqQixPQUFPLENBQUMsS0FBSyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDckMsTUFBTSxJQUFJLG9CQUFRLENBQ2hCLHdCQUF3QixHQUFHLFFBQVEsUUFBUSxDQUFDLE1BQU0sSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQzVFLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFZLENBQUM7SUFDNUMsQ0FBQztJQUVELEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBVyxFQUFFLENBQXlCO1FBQ2pELE1BQU0sT0FBTyxHQUEyQjtZQUN0QyxjQUFjLEVBQUUsbUNBQW1DO1lBQ25ELE1BQU0sRUFBRSxrQkFBa0I7U0FDM0IsQ0FBQztRQUNGLGlDQUFpQztRQUNqQyxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxFQUFFLENBQUM7WUFDNUIsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLEVBQUUsQ0FBQztnQkFDckIsTUFBTSxJQUFJLDhCQUFrQixDQUFDLHlCQUF5QixDQUFDLENBQUM7WUFDMUQsQ0FBQztZQUNELE1BQU0sWUFBWSxHQUFHLE1BQU0sSUFBQSw0QkFBaUIsRUFBQyxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBQ3hFLE9BQU8sQ0FBQyxnQkFBZ0IsQ0FBQyxHQUFHLGlCQUFNLENBQUMsTUFBTSxDQUFDLFlBQVksQ0FBQyxDQUFDO1lBQ3hELE9BQU8sQ0FBQyxJQUFJLEdBQUcsTUFBTSxJQUFBLGNBQU0sRUFBQyxJQUFJLENBQUMsVUFBVSxFQUFFLEdBQUcsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUM1RCxDQUFDO1FBQ0QsT0FBTyxDQUFDLElBQUksQ0FBQyxPQUFPLElBQUksS0FBSyxDQUFDLENBQUMsR0FBRyxFQUFFO1lBQ2xDLE1BQU0sRUFBRSxNQUFNO1lBQ2QsT0FBTztZQUNQLElBQUksRUFBRSxVQUFVLENBQUMsQ0FBQyxDQUFDO1NBQ3BCLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxLQUFLLENBQUMsaUJBQWlCLENBQUMsR0FBb0I7UUFDMUMsTUFBTSxHQUFHLEdBQUcsR0FBRyxJQUFJLENBQUMsT0FBTyxnQ0FBZ0MsQ0FBQztRQUM1RCxJQUFJLElBQUksQ0FBQztRQUNULFFBQVEsR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ3JCLEtBQUssUUFBUTtnQkFDWCxJQUFJLEdBQUc7b0JBQ0wsVUFBVSxFQUFFLG9CQUFvQjtvQkFDaEMsU0FBUyxFQUFFLEdBQUcsQ0FBQyxRQUFRO29CQUN2QixhQUFhLEVBQUUsR0FBRyxDQUFDLFlBQVk7aUJBQ2hDLENBQUM7Z0JBQ0YsTUFBTTtZQUNSLEtBQUssVUFBVTtnQkFDYixJQUFJLEdBQUc7b0JBQ0wsVUFBVSxFQUFFLGlEQUFpRDtvQkFDN0QsYUFBYSxFQUFFLEdBQUcsQ0FBQyxXQUFXO29CQUM5QixrQkFBa0IsRUFBRSxzQ0FBc0M7b0JBQzFELFFBQVEsRUFBRSxHQUFHLENBQUMsUUFBUTtvQkFDdEIsU0FBUyxFQUFFLEdBQUcsQ0FBQyxRQUFRO2lCQUN4QixDQUFDO2dCQUNGLE1BQU07WUFDUixLQUFLLFNBQVM7Z0JBQ1osSUFBSSxHQUFHO29CQUNMLFVBQVUsRUFBRSxlQUFlO29CQUMzQixhQUFhLEVBQUUsR0FBRyxDQUFDLFlBQVk7b0JBQy9CLFNBQVMsRUFBRSxHQUFHLENBQUMsUUFBUTtpQkFDeEIsQ0FBQztnQkFDRixNQUFNO1FBQ1YsQ0FBQztRQUNELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDOUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNqQixPQUFPLENBQUMsS0FBSyxDQUFDLE1BQU0sUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUM7WUFDckMsTUFBTSxJQUFJLG9CQUFRLENBQ2hCLG1DQUFtQyxHQUFHLFFBQVEsUUFBUSxDQUFDLE1BQU0sSUFBSSxRQUFRLENBQUMsVUFBVSxFQUFFLENBQ3ZGLENBQUM7UUFDSixDQUFDO1FBQ0QsT0FBTyxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsR0FBRyxDQUFDLFFBQVEsR0FBRyxJQUFJO1FBQ3ZCLElBQUksSUFBSSxDQUFDLElBQUksRUFBRSxZQUFZLEVBQUUsQ0FBQztZQUM1QixJQUFJLENBQUM7Z0JBQ0gsSUFBSSxRQUFRLEVBQUUsQ0FBQztvQkFDYixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztnQkFDMUMsQ0FBQztnQkFDRCxPQUFPLElBQUksQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDO1lBQ2hDLENBQUM7WUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUNYLE9BQU8sQ0FBQyxHQUFHLENBQUMsK0RBQStELEVBQUUsQ0FBQyxDQUFDLENBQUM7Z0JBQ2hGLElBQUksSUFBSSxDQUFDLElBQUksRUFBRSxhQUFhLEVBQUUsQ0FBQztvQkFDN0Isa0VBQWtFO29CQUNsRSxpQkFBaUI7b0JBQ2pCLElBQUksQ0FBQyxNQUFNLEdBQUc7d0JBQ1osR0FBRyxJQUFJLENBQUMsTUFBTTt3QkFDZCxRQUFRLEVBQUUsU0FBUzt3QkFDbkIsWUFBWSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsYUFBYTtxQkFDdEMsQ0FBQztnQkFDSixDQUFDO2dCQUNELE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQztZQUNuQixDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FBQztRQUM5RSxPQUFPLGFBQWEsQ0FBQyxZQUFZLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILEtBQUssQ0FBQywwQ0FBMEMsQ0FBQyxVQUF5QjtRQUN4RSxzREFBc0Q7UUFDdEQsNkNBQTZDO1FBQzdDLDJEQUEyRDtRQUMzRCxJQUFJLElBQUksQ0FBQyxrQkFBa0IsSUFBSSxVQUFVLEtBQUssSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQzlELE9BQU87UUFDVCxDQUFDO1FBQ0QsT0FBTyxJQUFJLENBQUMsa0JBQWtCLENBQUM7UUFDL0IsSUFBSSxDQUFDLFVBQVUsR0FBRyxVQUFVLENBQUM7SUFDL0IsQ0FBQztJQUVEOztPQUVHO0lBQ0gsS0FBSyxDQUFDLHVCQUF1QjtRQUMzQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDO1FBQ3hCLElBQUksR0FBRyxDQUFDLFFBQVEsSUFBSSxVQUFVLElBQUksR0FBRyxDQUFDLFFBQVEsSUFBSSxTQUFTLEVBQUUsQ0FBQztZQUM1RCxNQUFNLElBQUksOEJBQWtCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBQ0QsTUFBTSxhQUFhLEdBQUcsQ0FBQyxJQUFJLENBQUMsSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQzlFLElBQUksQ0FBQyxhQUFhLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDakMsT0FBTyxDQUFDLEdBQUcsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO1lBQ3pDLE9BQU8sQ0FDTCxDQUFDLEdBQUcsQ0FBQyxRQUFRLElBQUksU0FBUyxJQUFJLEdBQUcsQ0FBQyxZQUFZLENBQUM7Z0JBQy9DLENBQUMsR0FBRyxDQUFDLFFBQVEsSUFBSSxVQUFVLElBQUksR0FBRyxDQUFDLFdBQVcsQ0FBQztnQkFDL0MsRUFBRSxDQUNILENBQUM7UUFDSixDQUFDO1FBQ0Qsa0VBQWtFO1FBQ2xFLGlCQUFpQjtRQUNqQixJQUFJLENBQUMsTUFBTSxHQUFHO1lBQ1osR0FBRyxJQUFJLENBQUMsTUFBTTtZQUNkLFFBQVEsRUFBRSxTQUFTO1lBQ25CLFlBQVksRUFBRSxhQUFhLENBQUMsYUFBYTtTQUMxQyxDQUFDO1FBQ0YsT0FBTyxhQUFhLENBQUMsWUFBWSxDQUFDO0lBQ3BDLENBQUM7SUFFRCxLQUFLLENBQUMsU0FBUyxDQUFDLE9BQW9CO1FBQ2xDLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDckIsTUFBTSxJQUFJLDhCQUFrQixDQUMxQiwwSUFBMEksQ0FDM0ksQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLFdBQVcsR0FBRyxDQUFDLElBQUksQ0FBQyxrQkFBa0IsS0FBSyxNQUFNLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQ25FLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLElBQUksSUFBSSxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQy9DLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBQSxjQUFNLEVBQzVCLElBQUksQ0FBQyxVQUFVLEVBQ2YsT0FBTyxDQUFDLEdBQUcsRUFDWCxPQUFPLENBQUMsTUFBTTtZQUNkLFdBQVcsQ0FBQyxTQUFTLEVBQ3JCLFdBQVcsQ0FDWixDQUFDO1lBQ0YsdUVBQXVFO1lBQ3ZFLE9BQU8sSUFBQSxxQkFBVyxFQUFDLE9BQU8sRUFBRSxFQUFFLGFBQWEsRUFBRSxVQUFVLFdBQVcsRUFBRSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDO1FBQzNGLENBQUM7UUFDRCxPQUFPLElBQUEscUJBQVcsRUFBQyxPQUFPLEVBQUUsRUFBRSxhQUFhLEVBQUUsVUFBVSxXQUFXLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDMUUsQ0FBQztDQUNGO0FBL05ELGtDQStOQyJ9