@pengzi/kms 1.0.0

package/dist/core/crypto.js

@@ -0,0 +1,100 @@
+"use strict";
+/**
+ * 加密/解密工具函数
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateRandomBytes = generateRandomBytes;
+exports.generateIV = generateIV;
+exports.encryptAES256GCM = encryptAES256GCM;
+exports.decryptAES256GCM = decryptAES256GCM;
+exports.timingSafeEqual = timingSafeEqual;
+exports.generateRandomKey = generateRandomKey;
+exports.hexToBuffer = hexToBuffer;
+exports.bufferToHex = bufferToHex;
+const crypto_1 = require("crypto");
+const types_1 = require("../types");
+const constants_1 = require("../utils/constants");
+/**
+ * 生成随机字节
+ */
+function generateRandomBytes(length) {
+    return (0, crypto_1.randomBytes)(length);
+}
+/**
+ * 生成随机IV
+ */
+function generateIV() {
+    return generateRandomBytes(constants_1.SECURITY_CONFIG.ENCRYPTION.IV_LENGTH);
+}
+/**
+ * 使用AES-256-GCM加密数据
+ */
+function encryptAES256GCM(plaintext, key) {
+    try {
+        const iv = generateIV();
+        const cipher = (0, crypto_1.createCipheriv)(constants_1.SECURITY_CONFIG.ENCRYPTION.ALGORITHM, key, iv);
+        let encrypted = cipher.update(plaintext, 'utf8', 'hex');
+        encrypted += cipher.final('hex');
+        const authTag = cipher.getAuthTag();
+        return {
+            encrypted,
+            iv: iv.toString('hex'),
+            authTag: authTag.toString('hex'),
+        };
+    }
+    catch (error) {
+        throw new types_1.CryptoError(`Encryption failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+}
+/**
+ * 使用AES-256-GCM解密数据
+ */
+function decryptAES256GCM(encryptedData, iv, authTag, key) {
+    try {
+        const decipher = (0, crypto_1.createDecipheriv)(constants_1.SECURITY_CONFIG.ENCRYPTION.ALGORITHM, key, Buffer.from(iv, 'hex'));
+        decipher.setAuthTag(Buffer.from(authTag, 'hex'));
+        let decrypted = decipher.update(encryptedData, 'hex', 'utf8');
+        decrypted += decipher.final('utf8');
+        return decrypted;
+    }
+    catch (error) {
+        throw new types_1.CryptoError(`Decryption failed: ${error instanceof Error ? error.message : 'Unknown error'}`);
+    }
+}
+/**
+ * 比较两个恒定时间字符串（防止时序攻击）
+ */
+function timingSafeEqual(a, b) {
+    if (a.length !== b.length) {
+        return false;
+    }
+    const aBuffer = Buffer.from(a);
+    const bBuffer = Buffer.from(b);
+    if (aBuffer.length !== bBuffer.length) {
+        return false;
+    }
+    let result = 0;
+    for (let i = 0; i < aBuffer.length; i++) {
+        result |= aBuffer[i] ^ bBuffer[i];
+    }
+    return result === 0;
+}
+/**
+ * 生成随机密钥
+ */
+function generateRandomKey() {
+    return generateRandomBytes(constants_1.SECURITY_CONFIG.ENCRYPTION.KEY_LENGTH);
+}
+/**
+ * 从十六进制字符串转换为Buffer
+ */
+function hexToBuffer(hex) {
+    return Buffer.from(hex, 'hex');
+}
+/**
+ * 将Buffer转换为十六进制字符串
+ */
+function bufferToHex(buffer) {
+    return buffer.toString('hex');
+}
+//# sourceMappingURL=crypto.js.map

package/dist/core/crypto.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.js","sourceRoot":"","sources":["../../src/core/crypto.ts"],"names":[],"mappings":";AAAA;;GAEG;;AASH,kDAEC;AAKD,gCAEC;AAKD,4CAkBC;AAKD,4CAsBC;AAKD,0CAkBC;AAKD,8CAEC;AAKD,kCAEC;AAKD,kCAEC;AA9GD,mCAAuE;AACvE,oCAAsD;AACtD,kDAAqD;AAErD;;GAEG;AACH,SAAgB,mBAAmB,CAAC,MAAc;IAChD,OAAO,IAAA,oBAAW,EAAC,MAAM,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,SAAgB,UAAU;IACxB,OAAO,mBAAmB,CAAC,2BAAe,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;AACnE,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAAC,SAAiB,EAAE,GAAW;IAC7D,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,IAAA,uBAAc,EAAC,2BAAe,CAAC,UAAU,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;QAE7E,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;QACxD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QAEjC,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEpC,OAAO;YACL,SAAS;YACT,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC;YACtB,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;SACjC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,mBAAW,CAAC,sBAAsB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;IAC1G,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,gBAAgB,CAC9B,aAAqB,EACrB,EAAU,EACV,OAAe,EACf,GAAW;IAEX,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAA,yBAAgB,EAC/B,2BAAe,CAAC,UAAU,CAAC,SAAS,EACpC,GAAG,EACH,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,KAAK,CAAC,CACvB,CAAC;QAEF,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;QAEjD,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,aAAa,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;QAC9D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEpC,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,MAAM,IAAI,mBAAW,CAAC,sBAAsB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC;IAC1G,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAgB,eAAe,CAAC,CAAS,EAAE,CAAS;IAClD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,EAAE,CAAC;QAC1B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAE/B,IAAI,OAAO,CAAC,MAAM,KAAK,OAAO,CAAC,MAAM,EAAE,CAAC;QACtC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACxC,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;IACpC,CAAC;IAED,OAAO,MAAM,KAAK,CAAC,CAAC;AACtB,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB;IAC/B,OAAO,mBAAmB,CAAC,2BAAe,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;AACpE,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,GAAW;IACrC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,MAAc;IACxC,OAAO,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AAChC,CAAC"}

package/dist/core/crypto.service.d.ts

@@ -0,0 +1,35 @@
+/**
+ * 加密服务
+ * 负责所有密钥加密和解密操作
+ */
+import { EncryptedData } from '../types';
+/**
+ * 加密服务类
+ */
+export declare class CryptoService {
+    /**
+     * 加密密钥值
+     */
+    encryptKey(plainValue: string, masterKey: Buffer): Promise<EncryptedData>;
+    /**
+     * 解密密钥值
+     */
+    decryptKey(encryptedValue: string, iv: string, authTag: string, masterKey: Buffer): Promise<string>;
+    /**
+     * 从主密码派生项目主密钥
+     */
+    deriveMasterKey(masterPassword: string, salt: string): Promise<Buffer>;
+    /**
+     * 生成主密钥哈希
+     */
+    hashMasterKey(masterKey: Buffer): Promise<string>;
+    /**
+     * 验证主密钥
+     */
+    verifyMasterKey(masterKey: Buffer, storedHash: string): Promise<boolean>;
+    /**
+     * 使用主密码解锁项目主密钥
+     */
+    unlockProjectMasterKey(masterPassword: string, salt: string, masterKeyHash: string): Promise<Buffer>;
+}
+//# sourceMappingURL=crypto.service.d.ts.map

package/dist/core/crypto.service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.service.d.ts","sourceRoot":"","sources":["../../src/core/crypto.service.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH,OAAO,EAAE,aAAa,EAAe,MAAM,UAAU,CAAC;AAEtD;;GAEG;AACH,qBAAa,aAAa;IACxB;;OAEG;IACG,UAAU,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC;IAI/E;;OAEG;IACG,UAAU,CACd,cAAc,EAAE,MAAM,EACtB,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,MAAM,EACf,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,MAAM,CAAC;IAIlB;;OAEG;IACG,eAAe,CAAC,cAAc,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAI5E;;OAEG;IACG,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAIvD;;OAEG;IACG,eAAe,CACnB,SAAS,EAAE,MAAM,EACjB,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,OAAO,CAAC;IAKnB;;OAEG;IACG,sBAAsB,CAC1B,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,EACZ,aAAa,EAAE,MAAM,GACpB,OAAO,CAAC,MAAM,CAAC;CAUnB"}

package/dist/core/crypto.service.js

@@ -0,0 +1,67 @@
+"use strict";
+/**
+ * 加密服务
+ * 负责所有密钥加密和解密操作
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CryptoService = void 0;
+const crypto_1 = require("./crypto");
+const key_derivation_1 = require("./key-derivation");
+const types_1 = require("../types");
+/**
+ * 加密服务类
+ */
+class CryptoService {
+    /**
+     * 加密密钥值
+     */
+    async encryptKey(plainValue, masterKey) {
+        return (0, crypto_1.encryptAES256GCM)(plainValue, masterKey);
+    }
+    /**
+     * 解密密钥值
+     */
+    async decryptKey(encryptedValue, iv, authTag, masterKey) {
+        return (0, crypto_1.decryptAES256GCM)(encryptedValue, iv, authTag, masterKey);
+    }
+    /**
+     * 从主密码派生项目主密钥
+     */
+    async deriveMasterKey(masterPassword, salt) {
+        return (0, key_derivation_1.deriveProjectMasterKey)(masterPassword, salt);
+    }
+    /**
+     * 生成主密钥哈希
+     */
+    async hashMasterKey(masterKey) {
+        return (0, key_derivation_1.hashMasterKey)(masterKey);
+    }
+    /**
+     * 验证主密钥
+     */
+    async verifyMasterKey(masterKey, storedHash) {
+        const derivedHash = await this.hashMasterKey(masterKey);
+        return derivedHash === storedHash;
+    }
+    /**
+     * 使用主密码解锁项目主密钥
+     */
+    async unlockProjectMasterKey(masterPassword, salt, masterKeyHash) {
+        const masterKey = await this.deriveMasterKey(masterPassword, salt);
+        const isValid = await this.verifyMasterKey(masterKey, masterKeyHash);
+        if (!isValid) {
+            throw new types_1.CryptoError('Invalid master password');
+        }
+        return masterKey;
+    }
+}
+exports.CryptoService = CryptoService;
+/**
+ * 简单的依赖注入装饰器（TypeScript版本）
+ */
+function Injectable() {
+    return function decorator(target) {
+        return target;
+    };
+}
+//# sourceMappingURL=crypto.service.js.map

package/dist/core/crypto.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"crypto.service.js","sourceRoot":"","sources":["../../src/core/crypto.service.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;AAEH,qCAA8D;AAC9D,qDAAyE;AACzE,oCAAsD;AAEtD;;GAEG;AACH,MAAa,aAAa;IACxB;;OAEG;IACH,KAAK,CAAC,UAAU,CAAC,UAAkB,EAAE,SAAiB;QACpD,OAAO,IAAA,yBAAgB,EAAC,UAAU,EAAE,SAAS,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,UAAU,CACd,cAAsB,EACtB,EAAU,EACV,OAAe,EACf,SAAiB;QAEjB,OAAO,IAAA,yBAAgB,EAAC,cAAc,EAAE,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;IAClE,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CAAC,cAAsB,EAAE,IAAY;QACxD,OAAO,IAAA,uCAAsB,EAAC,cAAc,EAAE,IAAI,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,SAAiB;QACnC,OAAO,IAAA,8BAAa,EAAC,SAAS,CAAC,CAAC;IAClC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,eAAe,CACnB,SAAiB,EACjB,UAAkB;QAElB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QACxD,OAAO,WAAW,KAAK,UAAU,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,sBAAsB,CAC1B,cAAsB,EACtB,IAAY,EACZ,aAAqB;QAErB,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;QAErE,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,mBAAW,CAAC,yBAAyB,CAAC,CAAC;QACnD,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AA9DD,sCA8DC;AAED;;GAEG;AACH,SAAS,UAAU;IACjB,OAAO,SAAS,SAAS,CAAwC,MAAS;QACxE,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/dist/core/key-derivation.d.ts

@@ -0,0 +1,25 @@
+/**
+ * 密钥派生功能
+ * 使用PBKDF2从密码派生密钥
+ */
+/**
+ * 生成随机盐值
+ */
+export declare function generateSalt(): string;
+/**
+ * 使用PBKDF2从密码派生密钥
+ */
+export declare function deriveKeyFromPassword(password: string, salt: string, iterations?: number, keyLength?: number): Promise<Buffer>;
+/**
+ * 派生项目主密钥
+ */
+export declare function deriveProjectMasterKey(masterPassword: string, salt: string): Promise<Buffer>;
+/**
+ * 生成主密钥哈希（用于验证密码）
+ */
+export declare function hashMasterKey(masterKey: Buffer): Promise<string>;
+/**
+ * 验证主密码
+ */
+export declare function verifyMasterPassword(masterPassword: string, salt: string, storedHash: string): Promise<boolean>;
+//# sourceMappingURL=key-derivation.d.ts.map

package/dist/core/key-derivation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-derivation.d.ts","sourceRoot":"","sources":["../../src/core/key-derivation.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAMH;;GAEG;AACH,wBAAgB,YAAY,IAAI,MAAM,CAErC;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,UAAU,CAAC,EAAE,MAAM,EACnB,SAAS,CAAC,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CAmBjB;AAED;;GAEG;AACH,wBAAsB,sBAAsB,CAC1C,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,GACX,OAAO,CAAC,MAAM,CAAC,CAEjB;AAED;;GAEG;AACH,wBAAsB,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAGtE;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,cAAc,EAAE,MAAM,EACtB,IAAI,EAAE,MAAM,EACZ,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,OAAO,CAAC,CAQlB"}

package/dist/core/key-derivation.js

@@ -0,0 +1,96 @@
+"use strict";
+/**
+ * 密钥派生功能
+ * 使用PBKDF2从密码派生密钥
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateSalt = generateSalt;
+exports.deriveKeyFromPassword = deriveKeyFromPassword;
+exports.deriveProjectMasterKey = deriveProjectMasterKey;
+exports.hashMasterKey = hashMasterKey;
+exports.verifyMasterPassword = verifyMasterPassword;
+const crypto_1 = require("crypto");
+const types_1 = require("../types");
+const constants_1 = require("../utils/constants");
+/**
+ * 生成随机盐值
+ */
+function generateSalt() {
+    return (0, crypto_1.randomBytes)(16).toString('hex');
+}
+/**
+ * 使用PBKDF2从密码派生密钥
+ */
+async function deriveKeyFromPassword(password, salt, iterations, keyLength) {
+    return new Promise((resolve, reject) => {
+        const config = constants_1.SECURITY_CONFIG.KEY_DERIVATION;
+        (0, crypto_1.pbkdf2)(password, salt, iterations || config.ITERATIONS, keyLength || config.KEY_LENGTH, config.DIGEST, (err, derivedKey) => {
+            if (err) {
+                reject(new types_1.CryptoError(`Key derivation failed: ${err.message}`));
+            }
+            else {
+                resolve(derivedKey);
+            }
+        });
+    });
+}
+/**
+ * 派生项目主密钥
+ */
+async function deriveProjectMasterKey(masterPassword, salt) {
+    return deriveKeyFromPassword(masterPassword, salt);
+}
+/**
+ * 生成主密钥哈希（用于验证密码）
+ */
+async function hashMasterKey(masterKey) {
+    const { createHash } = await Promise.resolve().then(() => __importStar(require('crypto')));
+    return createHash('sha256').update(masterKey).digest('hex');
+}
+/**
+ * 验证主密码
+ */
+async function verifyMasterPassword(masterPassword, salt, storedHash) {
+    try {
+        const derivedKey = await deriveProjectMasterKey(masterPassword, salt);
+        const derivedHash = await hashMasterKey(derivedKey);
+        return derivedHash === storedHash;
+    }
+    catch (error) {
+        return false;
+    }
+}
+//# sourceMappingURL=key-derivation.js.map

package/dist/core/key-derivation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"key-derivation.js","sourceRoot":"","sources":["../../src/core/key-derivation.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AASH,oCAEC;AAKD,sDAwBC;AAKD,wDAKC;AAKD,sCAGC;AAKD,oDAYC;AAzED,mCAA6C;AAC7C,oCAA4D;AAC5D,kDAAqD;AAErD;;GAEG;AACH,SAAgB,YAAY;IAC1B,OAAO,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,qBAAqB,CACzC,QAAgB,EAChB,IAAY,EACZ,UAAmB,EACnB,SAAkB;IAElB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,MAAM,GAAG,2BAAe,CAAC,cAAc,CAAC;QAE9C,IAAA,eAAM,EACJ,QAAQ,EACR,IAAI,EACJ,UAAU,IAAI,MAAM,CAAC,UAAU,EAC/B,SAAS,IAAI,MAAM,CAAC,UAAU,EAC9B,MAAM,CAAC,MAAM,EACb,CAAC,GAAG,EAAE,UAAU,EAAE,EAAE;YAClB,IAAI,GAAG,EAAE,CAAC;gBACR,MAAM,CAAC,IAAI,mBAAW,CAAC,0BAA0B,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACnE,CAAC;iBAAM,CAAC;gBACN,OAAO,CAAC,UAAU,CAAC,CAAC;YACtB,CAAC;QACH,CAAC,CACF,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,sBAAsB,CAC1C,cAAsB,EACtB,IAAY;IAEZ,OAAO,qBAAqB,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;AACrD,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,aAAa,CAAC,SAAiB;IACnD,MAAM,EAAE,UAAU,EAAE,GAAG,wDAAa,QAAQ,GAAC,CAAC;IAC9C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC9D,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,oBAAoB,CACxC,cAAsB,EACtB,IAAY,EACZ,UAAkB;IAElB,IAAI,CAAC;QACH,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,cAAc,EAAE,IAAI,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,MAAM,aAAa,CAAC,UAAU,CAAC,CAAC;QACpD,OAAO,WAAW,KAAK,UAAU,CAAC;IACpC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,10 @@
+/**
+ * KMS - 密钥管理系统
+ * 主入口文件
+ */
+export { KMSClient } from './client';
+export * from './types';
+export { KMSError, ProjectNotFoundError, KeyNotFoundError, UserNotFoundError, AuthenticationError, ForbiddenError, ValidationError, CryptoError, } from './types';
+export { generateRSAKeyPair, encryptConnectionString, decryptConnectionString, generateKeyId, isValidPEMKey, getPrivateKeyPassphrase, type RSAKeyPair, type EncryptedConnectionString } from './core/asymmetric-crypto';
+export { loadEncryptedConfig, loadConfigFromEnvironment, createClientFromEncryptedConfig, readPrivateKeyFile, type EncryptedDatabaseConfig, type KMSClientConfig } from './utils/config-loader';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAE,SAAS,EAAE,MAAM,UAAU,CAAC;AAGrC,cAAc,SAAS,CAAC;AAGxB,OAAO,EACL,QAAQ,EACR,oBAAoB,EACpB,gBAAgB,EAChB,iBAAiB,EACjB,mBAAmB,EACnB,cAAc,EACd,eAAe,EACf,WAAW,GACZ,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,kBAAkB,EAClB,uBAAuB,EACvB,uBAAuB,EACvB,aAAa,EACb,aAAa,EACb,uBAAuB,EACvB,KAAK,UAAU,EACf,KAAK,yBAAyB,EAC/B,MAAM,0BAA0B,CAAC;AAGlC,OAAO,EACL,mBAAmB,EACnB,yBAAyB,EACzB,+BAA+B,EAC/B,kBAAkB,EAClB,KAAK,uBAAuB,EAC5B,KAAK,eAAe,EACrB,MAAM,uBAAuB,CAAC"}

package/dist/index.js

@@ -0,0 +1,51 @@
+"use strict";
+/**
+ * KMS - 密钥管理系统
+ * 主入口文件
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readPrivateKeyFile = exports.createClientFromEncryptedConfig = exports.loadConfigFromEnvironment = exports.loadEncryptedConfig = exports.getPrivateKeyPassphrase = exports.isValidPEMKey = exports.generateKeyId = exports.decryptConnectionString = exports.encryptConnectionString = exports.generateRSAKeyPair = exports.CryptoError = exports.ValidationError = exports.ForbiddenError = exports.AuthenticationError = exports.UserNotFoundError = exports.KeyNotFoundError = exports.ProjectNotFoundError = exports.KMSError = exports.KMSClient = void 0;
+// 导出主类
+var client_1 = require("./client");
+Object.defineProperty(exports, "KMSClient", { enumerable: true, get: function () { return client_1.KMSClient; } });
+// 导出所有类型
+__exportStar(require("./types"), exports);
+// 导出错误类
+var types_1 = require("./types");
+Object.defineProperty(exports, "KMSError", { enumerable: true, get: function () { return types_1.KMSError; } });
+Object.defineProperty(exports, "ProjectNotFoundError", { enumerable: true, get: function () { return types_1.ProjectNotFoundError; } });
+Object.defineProperty(exports, "KeyNotFoundError", { enumerable: true, get: function () { return types_1.KeyNotFoundError; } });
+Object.defineProperty(exports, "UserNotFoundError", { enumerable: true, get: function () { return types_1.UserNotFoundError; } });
+Object.defineProperty(exports, "AuthenticationError", { enumerable: true, get: function () { return types_1.AuthenticationError; } });
+Object.defineProperty(exports, "ForbiddenError", { enumerable: true, get: function () { return types_1.ForbiddenError; } });
+Object.defineProperty(exports, "ValidationError", { enumerable: true, get: function () { return types_1.ValidationError; } });
+Object.defineProperty(exports, "CryptoError", { enumerable: true, get: function () { return types_1.CryptoError; } });
+// 导出加密工具（用于连接字符串加密）
+var asymmetric_crypto_1 = require("./core/asymmetric-crypto");
+Object.defineProperty(exports, "generateRSAKeyPair", { enumerable: true, get: function () { return asymmetric_crypto_1.generateRSAKeyPair; } });
+Object.defineProperty(exports, "encryptConnectionString", { enumerable: true, get: function () { return asymmetric_crypto_1.encryptConnectionString; } });
+Object.defineProperty(exports, "decryptConnectionString", { enumerable: true, get: function () { return asymmetric_crypto_1.decryptConnectionString; } });
+Object.defineProperty(exports, "generateKeyId", { enumerable: true, get: function () { return asymmetric_crypto_1.generateKeyId; } });
+Object.defineProperty(exports, "isValidPEMKey", { enumerable: true, get: function () { return asymmetric_crypto_1.isValidPEMKey; } });
+Object.defineProperty(exports, "getPrivateKeyPassphrase", { enumerable: true, get: function () { return asymmetric_crypto_1.getPrivateKeyPassphrase; } });
+// 导出配置加载工具
+var config_loader_1 = require("./utils/config-loader");
+Object.defineProperty(exports, "loadEncryptedConfig", { enumerable: true, get: function () { return config_loader_1.loadEncryptedConfig; } });
+Object.defineProperty(exports, "loadConfigFromEnvironment", { enumerable: true, get: function () { return config_loader_1.loadConfigFromEnvironment; } });
+Object.defineProperty(exports, "createClientFromEncryptedConfig", { enumerable: true, get: function () { return config_loader_1.createClientFromEncryptedConfig; } });
+Object.defineProperty(exports, "readPrivateKeyFile", { enumerable: true, get: function () { return config_loader_1.readPrivateKeyFile; } });
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAAA;;;GAGG;;;;;;;;;;;;;;;;;AAEH,OAAO;AACP,mCAAqC;AAA5B,mGAAA,SAAS,OAAA;AAElB,SAAS;AACT,0CAAwB;AAExB,QAAQ;AACR,iCASiB;AARf,iGAAA,QAAQ,OAAA;AACR,6GAAA,oBAAoB,OAAA;AACpB,yGAAA,gBAAgB,OAAA;AAChB,0GAAA,iBAAiB,OAAA;AACjB,4GAAA,mBAAmB,OAAA;AACnB,uGAAA,cAAc,OAAA;AACd,wGAAA,eAAe,OAAA;AACf,oGAAA,WAAW,OAAA;AAGb,oBAAoB;AACpB,8DASkC;AARhC,uHAAA,kBAAkB,OAAA;AAClB,4HAAA,uBAAuB,OAAA;AACvB,4HAAA,uBAAuB,OAAA;AACvB,kHAAA,aAAa,OAAA;AACb,kHAAA,aAAa,OAAA;AACb,4HAAA,uBAAuB,OAAA;AAKzB,WAAW;AACX,uDAO+B;AAN7B,oHAAA,mBAAmB,OAAA;AACnB,0HAAA,yBAAyB,OAAA;AACzB,gIAAA,+BAA+B,OAAA;AAC/B,mHAAA,kBAAkB,OAAA"}

package/dist/models/audit.model.d.ts

@@ -0,0 +1,40 @@
+/**
+ * 审计日志数据模型
+ */
+import { AuditLog, AuditSeverity, AuditAction, ResourceType } from '../types';
+/**
+ * 创建审计日志
+ */
+export declare function createAuditLog(data: {
+    projectId: string;
+    userId?: string;
+    action: AuditAction;
+    resourceType: ResourceType;
+    resourceId: string;
+    details: {
+        keyName?: string;
+        keyType?: string;
+        ipAddress?: string;
+        userAgent?: string;
+        success: boolean;
+        errorMessage?: string;
+        [key: string]: any;
+    };
+}): AuditLog;
+/**
+ * 计算日志严重级别
+ */
+export declare function calculateSeverity(action: AuditAction, success: boolean): AuditSeverity;
+/**
+ * 格式化审计日志详情
+ */
+export declare function formatAuditDetails(details: {
+    keyName?: string;
+    keyType?: string;
+    ipAddress?: string;
+    userAgent?: string;
+    success: boolean;
+    errorMessage?: string;
+    [key: string]: any;
+}): string;
+//# sourceMappingURL=audit.model.d.ts.map

package/dist/models/audit.model.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.model.d.ts","sourceRoot":"","sources":["../../src/models/audit.model.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,QAAQ,EAAE,aAAa,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,UAAU,CAAC;AAG9E;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE;IACnC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,EAAE,WAAW,CAAC;IACpB,YAAY,EAAE,YAAY,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE;QACP,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,OAAO,CAAC,EAAE,MAAM,CAAC;QACjB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;KACpB,CAAC;CACH,GAAG,QAAQ,CAgBX;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,WAAW,EAAE,OAAO,EAAE,OAAO,GAAG,aAAa,CAkCtF;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,OAAO,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,CAAC,GAAG,EAAE,MAAM,GAAG,GAAG,CAAC;CACpB,GAAG,MAAM,CAoBT"}

package/dist/models/audit.model.js

@@ -0,0 +1,83 @@
+"use strict";
+/**
+ * 审计日志数据模型
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuditLog = createAuditLog;
+exports.calculateSeverity = calculateSeverity;
+exports.formatAuditDetails = formatAuditDetails;
+const types_1 = require("../types");
+const constants_1 = require("../utils/constants");
+/**
+ * 创建审计日志
+ */
+function createAuditLog(data) {
+    const timestamp = new Date();
+    return {
+        _id: (0, constants_1.generateId)('audit'),
+        projectId: data.projectId,
+        userId: data.userId,
+        action: data.action,
+        resourceType: data.resourceType,
+        resourceId: data.resourceId,
+        details: {
+            ...data.details,
+        },
+        timestamp,
+        severity: calculateSeverity(data.action, data.details.success),
+    };
+}
+/**
+ * 计算日志严重级别
+ */
+function calculateSeverity(action, success) {
+    if (!success) {
+        const criticalActions = [
+            types_1.AuditAction.DELETE_PROJECT,
+            types_1.AuditAction.DELETE_KEY,
+            types_1.AuditAction.LOGIN_FAILED,
+        ];
+        const warningActions = [
+            types_1.AuditAction.UPDATE_KEY,
+            types_1.AuditAction.UPDATE_PROJECT,
+            types_1.AuditAction.PERMISSION_DENIED,
+        ];
+        if (criticalActions.includes(action)) {
+            return types_1.AuditSeverity.CRITICAL;
+        }
+        if (warningActions.includes(action)) {
+            return types_1.AuditSeverity.WARNING;
+        }
+        return types_1.AuditSeverity.ERROR;
+    }
+    // 成功的操作
+    const criticalActions = [
+        types_1.AuditAction.DELETE_PROJECT,
+        types_1.AuditAction.DELETE_KEY,
+        types_1.AuditAction.DELETE_USER,
+    ];
+    if (criticalActions.includes(action)) {
+        return types_1.AuditSeverity.CRITICAL;
+    }
+    return types_1.AuditSeverity.INFO;
+}
+/**
+ * 格式化审计日志详情
+ */
+function formatAuditDetails(details) {
+    const parts = [];
+    if (details.keyName) {
+        parts.push(`Key: ${details.keyName}`);
+    }
+    if (details.keyType) {
+        parts.push(`Type: ${details.keyType}`);
+    }
+    if (details.ipAddress) {
+        parts.push(`IP: ${details.ipAddress}`);
+    }
+    if (!details.success && details.errorMessage) {
+        parts.push(`Error: ${details.errorMessage}`);
+    }
+    return parts.join(' | ');
+}
+//# sourceMappingURL=audit.model.js.map

package/dist/models/audit.model.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit.model.js","sourceRoot":"","sources":["../../src/models/audit.model.ts"],"names":[],"mappings":";AAAA;;GAEG;;AAQH,wCA+BC;AAKD,8CAkCC;AAKD,gDA4BC;AA7GD,oCAA8E;AAC9E,kDAAgD;AAEhD;;GAEG;AACH,SAAgB,cAAc,CAAC,IAe9B;IACC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAE7B,OAAO;QACL,GAAG,EAAE,IAAA,sBAAU,EAAC,OAAO,CAAC;QACxB,SAAS,EAAE,IAAI,CAAC,SAAS;QACzB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,UAAU,EAAE,IAAI,CAAC,UAAU;QAC3B,OAAO,EAAE;YACP,GAAG,IAAI,CAAC,OAAO;SAChB;QACD,SAAS;QACT,QAAQ,EAAE,iBAAiB,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;KAC/D,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,MAAmB,EAAE,OAAgB;IACrE,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,eAAe,GAAG;YACtB,mBAAW,CAAC,cAAc;YAC1B,mBAAW,CAAC,UAAU;YACtB,mBAAW,CAAC,YAAY;SACzB,CAAC;QACF,MAAM,cAAc,GAAG;YACrB,mBAAW,CAAC,UAAU;YACtB,mBAAW,CAAC,cAAc;YAC1B,mBAAW,CAAC,iBAAiB;SAC9B,CAAC;QAEF,IAAI,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,OAAO,qBAAa,CAAC,QAAQ,CAAC;QAChC,CAAC;QACD,IAAI,cAAc,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;YACpC,OAAO,qBAAa,CAAC,OAAO,CAAC;QAC/B,CAAC;QACD,OAAO,qBAAa,CAAC,KAAK,CAAC;IAC7B,CAAC;IAED,QAAQ;IACR,MAAM,eAAe,GAAG;QACtB,mBAAW,CAAC,cAAc;QAC1B,mBAAW,CAAC,UAAU;QACtB,mBAAW,CAAC,WAAW;KACxB,CAAC;IAEF,IAAI,eAAe,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACrC,OAAO,qBAAa,CAAC,QAAQ,CAAC;IAChC,CAAC;IAED,OAAO,qBAAa,CAAC,IAAI,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,OAQlC;IACC,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,QAAQ,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,KAAK,CAAC,IAAI,CAAC,SAAS,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;QACtB,KAAK,CAAC,IAAI,CAAC,OAAO,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;IACzC,CAAC;IAED,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;QAC7C,KAAK,CAAC,IAAI,CAAC,UAAU,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAC/C,CAAC;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC3B,CAAC"}

package/dist/models/key.model.d.ts

@@ -0,0 +1,40 @@
+/**
+ * 密钥数据模型
+ */
+import { Key, KeyValue, CreateKeyData, UpdateKeyData } from '../types';
+/**
+ * 创建新密钥
+ */
+export declare function createKey(projectId: string, keyData: CreateKeyData, encryptedData: {
+    encrypted: string;
+    iv: string;
+    authTag: string;
+}, createdBy: string): Key;
+/**
+ * 验证密钥数据
+ */
+export declare function validateKey(keyData: Partial<CreateKeyData>): {
+    valid: boolean;
+    errors: string[];
+};
+/**
+ * 更新密钥
+ */
+export declare function updateKey(key: Key, updates: UpdateKeyData, newEncryptedData?: {
+    encrypted: string;
+    iv: string;
+    authTag: string;
+}): Key;
+/**
+ * 转换密钥为KeyValue（包含解密值）
+ */
+export declare function toKeyValue(key: Key, decryptedValue: string): KeyValue;
+/**
+ * 检查密钥是否已过期
+ */
+export declare function isKeyExpired(key: Key): boolean;
+/**
+ * 检查密钥是否可用
+ */
+export declare function isKeyAccessible(key: Key): boolean;
+//# sourceMappingURL=key.model.d.ts.map

package/dist/models/key.model.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"key.model.d.ts","sourceRoot":"","sources":["../../src/models/key.model.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,aAAa,EAAE,aAAa,EAAsB,MAAM,UAAU,CAAC;AAG3F;;GAEG;AACH,wBAAgB,SAAS,CACvB,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,aAAa,EACtB,aAAa,EAAE;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EACjE,SAAS,EAAE,MAAM,GAChB,GAAG,CAoBL;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CA+BjG;AAED;;GAEG;AACH,wBAAgB,SAAS,CAAC,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,aAAa,EAAE,gBAAgB,CAAC,EAAE;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,GAAG,CA8BtI;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,GAAG,EAAE,GAAG,EAAE,cAAc,EAAE,MAAM,GAAG,QAAQ,CAMrE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAE9C;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAUjD"}