@project-chip/matter.js 0.9.2 → 0.9.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (288) hide show
  1. package/dist/cjs/CommissioningServer.d.ts.map +1 -1
  2. package/dist/cjs/CommissioningServer.js +0 -1
  3. package/dist/cjs/CommissioningServer.js.map +2 -2
  4. package/dist/cjs/MatterDevice.d.ts +3 -0
  5. package/dist/cjs/MatterDevice.d.ts.map +1 -1
  6. package/dist/cjs/MatterDevice.js +21 -7
  7. package/dist/cjs/MatterDevice.js.map +2 -2
  8. package/dist/cjs/behavior/AccessControl.js +2 -2
  9. package/dist/cjs/behavior/AccessControl.js.map +2 -2
  10. package/dist/cjs/behavior/definitions/general-commissioning/ServerNodeFailsafeContext.d.ts +1 -0
  11. package/dist/cjs/behavior/definitions/general-commissioning/ServerNodeFailsafeContext.d.ts.map +1 -1
  12. package/dist/cjs/behavior/definitions/general-commissioning/ServerNodeFailsafeContext.js +14 -0
  13. package/dist/cjs/behavior/definitions/general-commissioning/ServerNodeFailsafeContext.js.map +2 -2
  14. package/dist/cjs/behavior/definitions/operational-credentials/OperationalCredentialsServer.d.ts.map +1 -1
  15. package/dist/cjs/behavior/definitions/operational-credentials/OperationalCredentialsServer.js +11 -2
  16. package/dist/cjs/behavior/definitions/operational-credentials/OperationalCredentialsServer.js.map +2 -2
  17. package/dist/cjs/behavior/state/transaction/Transaction.d.ts +18 -18
  18. package/dist/cjs/certificate/CertificateManager.d.ts.map +1 -1
  19. package/dist/cjs/certificate/CertificateManager.js +1 -0
  20. package/dist/cjs/certificate/CertificateManager.js.map +2 -2
  21. package/dist/cjs/certificate/CertificationDeclarationManager.d.ts +1 -1
  22. package/dist/cjs/certificate/CertificationDeclarationManager.d.ts.map +1 -1
  23. package/dist/cjs/certificate/CertificationDeclarationManager.js +3 -2
  24. package/dist/cjs/certificate/CertificationDeclarationManager.js.map +2 -2
  25. package/dist/cjs/cluster/server/AccessControlServer.js.map +1 -1
  26. package/dist/cjs/cluster/server/AttributeServer.d.ts +9 -0
  27. package/dist/cjs/cluster/server/AttributeServer.d.ts.map +1 -1
  28. package/dist/cjs/cluster/server/AttributeServer.js +62 -0
  29. package/dist/cjs/cluster/server/AttributeServer.js.map +3 -3
  30. package/dist/cjs/cluster/server/ClusterServer.d.ts.map +1 -1
  31. package/dist/cjs/cluster/server/ClusterServer.js +8 -1
  32. package/dist/cjs/cluster/server/ClusterServer.js.map +2 -2
  33. package/dist/cjs/cluster/server/ClusterServerTypes.d.ts +3 -3
  34. package/dist/cjs/cluster/server/ClusterServerTypes.d.ts.map +1 -1
  35. package/dist/cjs/cluster/server/ClusterServerTypes.js.map +1 -1
  36. package/dist/cjs/cluster/server/EventServer.d.ts +8 -2
  37. package/dist/cjs/cluster/server/EventServer.d.ts.map +1 -1
  38. package/dist/cjs/cluster/server/EventServer.js +33 -7
  39. package/dist/cjs/cluster/server/EventServer.js.map +2 -2
  40. package/dist/cjs/cluster/server/OperationalCredentialsServer.d.ts.map +1 -1
  41. package/dist/cjs/cluster/server/OperationalCredentialsServer.js +31 -8
  42. package/dist/cjs/cluster/server/OperationalCredentialsServer.js.map +2 -2
  43. package/dist/cjs/common/FailsafeContext.d.ts +1 -0
  44. package/dist/cjs/common/FailsafeContext.d.ts.map +1 -1
  45. package/dist/cjs/common/FailsafeContext.js +16 -2
  46. package/dist/cjs/common/FailsafeContext.js.map +2 -2
  47. package/dist/cjs/crypto/Crypto.d.ts +1 -1
  48. package/dist/cjs/crypto/Crypto.d.ts.map +1 -1
  49. package/dist/cjs/crypto/Crypto.js +2 -2
  50. package/dist/cjs/crypto/Crypto.js.map +2 -2
  51. package/dist/cjs/device/LegacyInteractionServer.d.ts +2 -2
  52. package/dist/cjs/device/LegacyInteractionServer.d.ts.map +1 -1
  53. package/dist/cjs/device/LegacyInteractionServer.js +13 -1
  54. package/dist/cjs/device/LegacyInteractionServer.js.map +2 -2
  55. package/dist/cjs/fabric/Fabric.d.ts +1 -0
  56. package/dist/cjs/fabric/Fabric.d.ts.map +1 -1
  57. package/dist/cjs/fabric/Fabric.js +5 -0
  58. package/dist/cjs/fabric/Fabric.js.map +2 -2
  59. package/dist/cjs/fabric/FabricManager.d.ts +1 -0
  60. package/dist/cjs/fabric/FabricManager.d.ts.map +1 -1
  61. package/dist/cjs/fabric/FabricManager.js +2 -1
  62. package/dist/cjs/fabric/FabricManager.js.map +2 -2
  63. package/dist/cjs/model/models/EventModel.d.ts +1 -0
  64. package/dist/cjs/model/models/EventModel.d.ts.map +1 -1
  65. package/dist/cjs/model/models/EventModel.js +3 -0
  66. package/dist/cjs/model/models/EventModel.js.map +2 -2
  67. package/dist/cjs/model/models/FieldModel.d.ts +1 -0
  68. package/dist/cjs/model/models/FieldModel.d.ts.map +1 -1
  69. package/dist/cjs/model/models/FieldModel.js +3 -0
  70. package/dist/cjs/model/models/FieldModel.js.map +2 -2
  71. package/dist/cjs/node/server/TransactionalInteractionServer.d.ts +2 -2
  72. package/dist/cjs/node/server/TransactionalInteractionServer.d.ts.map +1 -1
  73. package/dist/cjs/node/server/TransactionalInteractionServer.js +0 -2
  74. package/dist/cjs/node/server/TransactionalInteractionServer.js.map +2 -2
  75. package/dist/cjs/protocol/interaction/AttributeDataEncoder.d.ts +6 -3
  76. package/dist/cjs/protocol/interaction/AttributeDataEncoder.d.ts.map +1 -1
  77. package/dist/cjs/protocol/interaction/AttributeDataEncoder.js +14 -8
  78. package/dist/cjs/protocol/interaction/AttributeDataEncoder.js.map +2 -2
  79. package/dist/cjs/protocol/interaction/EventHandler.d.ts.map +1 -1
  80. package/dist/cjs/protocol/interaction/EventHandler.js +1 -3
  81. package/dist/cjs/protocol/interaction/EventHandler.js.map +2 -2
  82. package/dist/cjs/protocol/interaction/InteractionClient.js +1 -1
  83. package/dist/cjs/protocol/interaction/InteractionClient.js.map +2 -2
  84. package/dist/cjs/protocol/interaction/InteractionEndpointStructure.d.ts +3 -3
  85. package/dist/cjs/protocol/interaction/InteractionEndpointStructure.d.ts.map +1 -1
  86. package/dist/cjs/protocol/interaction/InteractionEndpointStructure.js +1 -0
  87. package/dist/cjs/protocol/interaction/InteractionEndpointStructure.js.map +2 -2
  88. package/dist/cjs/protocol/interaction/InteractionMessenger.d.ts +1 -1
  89. package/dist/cjs/protocol/interaction/InteractionMessenger.d.ts.map +1 -1
  90. package/dist/cjs/protocol/interaction/InteractionMessenger.js +11 -4
  91. package/dist/cjs/protocol/interaction/InteractionMessenger.js.map +2 -2
  92. package/dist/cjs/protocol/interaction/InteractionServer.d.ts +5 -6
  93. package/dist/cjs/protocol/interaction/InteractionServer.d.ts.map +1 -1
  94. package/dist/cjs/protocol/interaction/InteractionServer.js +44 -37
  95. package/dist/cjs/protocol/interaction/InteractionServer.js.map +2 -2
  96. package/dist/cjs/protocol/interaction/SubscriptionHandler.d.ts +31 -12
  97. package/dist/cjs/protocol/interaction/SubscriptionHandler.d.ts.map +1 -1
  98. package/dist/cjs/protocol/interaction/SubscriptionHandler.js +161 -69
  99. package/dist/cjs/protocol/interaction/SubscriptionHandler.js.map +3 -3
  100. package/dist/cjs/session/SecureSession.d.ts.map +1 -1
  101. package/dist/cjs/session/SecureSession.js +2 -1
  102. package/dist/cjs/session/SecureSession.js.map +2 -2
  103. package/dist/cjs/session/SessionManager.d.ts +2 -0
  104. package/dist/cjs/session/SessionManager.d.ts.map +1 -1
  105. package/dist/cjs/session/SessionManager.js +7 -0
  106. package/dist/cjs/session/SessionManager.js.map +2 -2
  107. package/dist/cjs/tlv/TlvArray.d.ts +2 -2
  108. package/dist/cjs/tlv/TlvArray.d.ts.map +1 -1
  109. package/dist/cjs/tlv/TlvArray.js +2 -2
  110. package/dist/cjs/tlv/TlvArray.js.map +2 -2
  111. package/dist/cjs/tlv/TlvNullable.d.ts +2 -2
  112. package/dist/cjs/tlv/TlvNullable.d.ts.map +1 -1
  113. package/dist/cjs/tlv/TlvNullable.js +2 -2
  114. package/dist/cjs/tlv/TlvNullable.js.map +2 -2
  115. package/dist/cjs/tlv/TlvObject.d.ts +2 -2
  116. package/dist/cjs/tlv/TlvObject.d.ts.map +1 -1
  117. package/dist/cjs/tlv/TlvObject.js +18 -12
  118. package/dist/cjs/tlv/TlvObject.js.map +2 -2
  119. package/dist/cjs/tlv/TlvSchema.d.ts +14 -2
  120. package/dist/cjs/tlv/TlvSchema.d.ts.map +1 -1
  121. package/dist/cjs/tlv/TlvSchema.js +2 -2
  122. package/dist/cjs/tlv/TlvSchema.js.map +2 -2
  123. package/dist/cjs/tlv/TlvWrapper.d.ts +2 -2
  124. package/dist/cjs/tlv/TlvWrapper.d.ts.map +1 -1
  125. package/dist/cjs/tlv/TlvWrapper.js +2 -2
  126. package/dist/cjs/tlv/TlvWrapper.js.map +2 -2
  127. package/dist/esm/CommissioningServer.d.ts.map +1 -1
  128. package/dist/esm/CommissioningServer.js +0 -1
  129. package/dist/esm/CommissioningServer.js.map +2 -2
  130. package/dist/esm/MatterDevice.d.ts +3 -0
  131. package/dist/esm/MatterDevice.d.ts.map +1 -1
  132. package/dist/esm/MatterDevice.js +21 -7
  133. package/dist/esm/MatterDevice.js.map +2 -2
  134. package/dist/esm/behavior/AccessControl.js +2 -2
  135. package/dist/esm/behavior/AccessControl.js.map +2 -2
  136. package/dist/esm/behavior/definitions/general-commissioning/ServerNodeFailsafeContext.d.ts +1 -0
  137. package/dist/esm/behavior/definitions/general-commissioning/ServerNodeFailsafeContext.d.ts.map +1 -1
  138. package/dist/esm/behavior/definitions/general-commissioning/ServerNodeFailsafeContext.js +15 -1
  139. package/dist/esm/behavior/definitions/general-commissioning/ServerNodeFailsafeContext.js.map +2 -2
  140. package/dist/esm/behavior/definitions/operational-credentials/OperationalCredentialsServer.d.ts.map +1 -1
  141. package/dist/esm/behavior/definitions/operational-credentials/OperationalCredentialsServer.js +11 -2
  142. package/dist/esm/behavior/definitions/operational-credentials/OperationalCredentialsServer.js.map +2 -2
  143. package/dist/esm/behavior/state/transaction/Transaction.d.ts +18 -18
  144. package/dist/esm/certificate/CertificateManager.d.ts.map +1 -1
  145. package/dist/esm/certificate/CertificateManager.js +1 -0
  146. package/dist/esm/certificate/CertificateManager.js.map +2 -2
  147. package/dist/esm/certificate/CertificationDeclarationManager.d.ts +1 -1
  148. package/dist/esm/certificate/CertificationDeclarationManager.d.ts.map +1 -1
  149. package/dist/esm/certificate/CertificationDeclarationManager.js +3 -2
  150. package/dist/esm/certificate/CertificationDeclarationManager.js.map +2 -2
  151. package/dist/esm/cluster/server/AccessControlServer.js.map +1 -1
  152. package/dist/esm/cluster/server/AttributeServer.d.ts +9 -0
  153. package/dist/esm/cluster/server/AttributeServer.d.ts.map +1 -1
  154. package/dist/esm/cluster/server/AttributeServer.js +69 -1
  155. package/dist/esm/cluster/server/AttributeServer.js.map +2 -2
  156. package/dist/esm/cluster/server/ClusterServer.d.ts.map +1 -1
  157. package/dist/esm/cluster/server/ClusterServer.js +9 -2
  158. package/dist/esm/cluster/server/ClusterServer.js.map +2 -2
  159. package/dist/esm/cluster/server/ClusterServerTypes.d.ts +3 -3
  160. package/dist/esm/cluster/server/ClusterServerTypes.d.ts.map +1 -1
  161. package/dist/esm/cluster/server/ClusterServerTypes.js.map +1 -1
  162. package/dist/esm/cluster/server/EventServer.d.ts +8 -2
  163. package/dist/esm/cluster/server/EventServer.d.ts.map +1 -1
  164. package/dist/esm/cluster/server/EventServer.js +33 -7
  165. package/dist/esm/cluster/server/EventServer.js.map +2 -2
  166. package/dist/esm/cluster/server/OperationalCredentialsServer.d.ts.map +1 -1
  167. package/dist/esm/cluster/server/OperationalCredentialsServer.js +31 -8
  168. package/dist/esm/cluster/server/OperationalCredentialsServer.js.map +2 -2
  169. package/dist/esm/common/FailsafeContext.d.ts +1 -0
  170. package/dist/esm/common/FailsafeContext.d.ts.map +1 -1
  171. package/dist/esm/common/FailsafeContext.js +17 -3
  172. package/dist/esm/common/FailsafeContext.js.map +2 -2
  173. package/dist/esm/crypto/Crypto.d.ts +1 -1
  174. package/dist/esm/crypto/Crypto.d.ts.map +1 -1
  175. package/dist/esm/crypto/Crypto.js +2 -2
  176. package/dist/esm/crypto/Crypto.js.map +2 -2
  177. package/dist/esm/device/LegacyInteractionServer.d.ts +2 -2
  178. package/dist/esm/device/LegacyInteractionServer.d.ts.map +1 -1
  179. package/dist/esm/device/LegacyInteractionServer.js +13 -1
  180. package/dist/esm/device/LegacyInteractionServer.js.map +2 -2
  181. package/dist/esm/fabric/Fabric.d.ts +1 -0
  182. package/dist/esm/fabric/Fabric.d.ts.map +1 -1
  183. package/dist/esm/fabric/Fabric.js +5 -0
  184. package/dist/esm/fabric/Fabric.js.map +2 -2
  185. package/dist/esm/fabric/FabricManager.d.ts +1 -0
  186. package/dist/esm/fabric/FabricManager.d.ts.map +1 -1
  187. package/dist/esm/fabric/FabricManager.js +2 -1
  188. package/dist/esm/fabric/FabricManager.js.map +2 -2
  189. package/dist/esm/model/models/EventModel.d.ts +1 -0
  190. package/dist/esm/model/models/EventModel.d.ts.map +1 -1
  191. package/dist/esm/model/models/EventModel.js +3 -0
  192. package/dist/esm/model/models/EventModel.js.map +2 -2
  193. package/dist/esm/model/models/FieldModel.d.ts +1 -0
  194. package/dist/esm/model/models/FieldModel.d.ts.map +1 -1
  195. package/dist/esm/model/models/FieldModel.js +3 -0
  196. package/dist/esm/model/models/FieldModel.js.map +2 -2
  197. package/dist/esm/node/server/TransactionalInteractionServer.d.ts +2 -2
  198. package/dist/esm/node/server/TransactionalInteractionServer.d.ts.map +1 -1
  199. package/dist/esm/node/server/TransactionalInteractionServer.js +0 -2
  200. package/dist/esm/node/server/TransactionalInteractionServer.js.map +2 -2
  201. package/dist/esm/protocol/interaction/AttributeDataEncoder.d.ts +6 -3
  202. package/dist/esm/protocol/interaction/AttributeDataEncoder.d.ts.map +1 -1
  203. package/dist/esm/protocol/interaction/AttributeDataEncoder.js +14 -8
  204. package/dist/esm/protocol/interaction/AttributeDataEncoder.js.map +2 -2
  205. package/dist/esm/protocol/interaction/EventHandler.d.ts.map +1 -1
  206. package/dist/esm/protocol/interaction/EventHandler.js +1 -3
  207. package/dist/esm/protocol/interaction/EventHandler.js.map +2 -2
  208. package/dist/esm/protocol/interaction/InteractionClient.js +1 -1
  209. package/dist/esm/protocol/interaction/InteractionClient.js.map +2 -2
  210. package/dist/esm/protocol/interaction/InteractionEndpointStructure.d.ts +3 -3
  211. package/dist/esm/protocol/interaction/InteractionEndpointStructure.d.ts.map +1 -1
  212. package/dist/esm/protocol/interaction/InteractionEndpointStructure.js +1 -0
  213. package/dist/esm/protocol/interaction/InteractionEndpointStructure.js.map +2 -2
  214. package/dist/esm/protocol/interaction/InteractionMessenger.d.ts +1 -1
  215. package/dist/esm/protocol/interaction/InteractionMessenger.d.ts.map +1 -1
  216. package/dist/esm/protocol/interaction/InteractionMessenger.js +11 -4
  217. package/dist/esm/protocol/interaction/InteractionMessenger.js.map +2 -2
  218. package/dist/esm/protocol/interaction/InteractionServer.d.ts +5 -6
  219. package/dist/esm/protocol/interaction/InteractionServer.d.ts.map +1 -1
  220. package/dist/esm/protocol/interaction/InteractionServer.js +44 -37
  221. package/dist/esm/protocol/interaction/InteractionServer.js.map +2 -2
  222. package/dist/esm/protocol/interaction/SubscriptionHandler.d.ts +31 -12
  223. package/dist/esm/protocol/interaction/SubscriptionHandler.d.ts.map +1 -1
  224. package/dist/esm/protocol/interaction/SubscriptionHandler.js +161 -69
  225. package/dist/esm/protocol/interaction/SubscriptionHandler.js.map +3 -3
  226. package/dist/esm/session/SecureSession.d.ts.map +1 -1
  227. package/dist/esm/session/SecureSession.js +2 -1
  228. package/dist/esm/session/SecureSession.js.map +2 -2
  229. package/dist/esm/session/SessionManager.d.ts +2 -0
  230. package/dist/esm/session/SessionManager.d.ts.map +1 -1
  231. package/dist/esm/session/SessionManager.js +7 -0
  232. package/dist/esm/session/SessionManager.js.map +2 -2
  233. package/dist/esm/tlv/TlvArray.d.ts +2 -2
  234. package/dist/esm/tlv/TlvArray.d.ts.map +1 -1
  235. package/dist/esm/tlv/TlvArray.js +2 -2
  236. package/dist/esm/tlv/TlvArray.js.map +2 -2
  237. package/dist/esm/tlv/TlvNullable.d.ts +2 -2
  238. package/dist/esm/tlv/TlvNullable.d.ts.map +1 -1
  239. package/dist/esm/tlv/TlvNullable.js +2 -2
  240. package/dist/esm/tlv/TlvNullable.js.map +2 -2
  241. package/dist/esm/tlv/TlvObject.d.ts +2 -2
  242. package/dist/esm/tlv/TlvObject.d.ts.map +1 -1
  243. package/dist/esm/tlv/TlvObject.js +19 -13
  244. package/dist/esm/tlv/TlvObject.js.map +2 -2
  245. package/dist/esm/tlv/TlvSchema.d.ts +14 -2
  246. package/dist/esm/tlv/TlvSchema.d.ts.map +1 -1
  247. package/dist/esm/tlv/TlvSchema.js +2 -2
  248. package/dist/esm/tlv/TlvSchema.js.map +2 -2
  249. package/dist/esm/tlv/TlvWrapper.d.ts +2 -2
  250. package/dist/esm/tlv/TlvWrapper.d.ts.map +1 -1
  251. package/dist/esm/tlv/TlvWrapper.js +2 -2
  252. package/dist/esm/tlv/TlvWrapper.js.map +2 -2
  253. package/package.json +3 -3
  254. package/src/CommissioningServer.ts +0 -1
  255. package/src/MatterDevice.ts +34 -7
  256. package/src/behavior/AccessControl.ts +2 -2
  257. package/src/behavior/definitions/general-commissioning/ServerNodeFailsafeContext.ts +21 -1
  258. package/src/behavior/definitions/operational-credentials/OperationalCredentialsServer.ts +13 -0
  259. package/src/certificate/CertificateManager.ts +1 -2
  260. package/src/certificate/CertificationDeclarationManager.ts +2 -2
  261. package/src/cluster/server/AccessControlServer.ts +3 -3
  262. package/src/cluster/server/AttributeServer.ts +79 -1
  263. package/src/cluster/server/ClusterServer.ts +9 -2
  264. package/src/cluster/server/ClusterServerTypes.ts +3 -3
  265. package/src/cluster/server/EventServer.ts +57 -10
  266. package/src/cluster/server/OperationalCredentialsServer.ts +35 -5
  267. package/src/common/FailsafeContext.ts +19 -7
  268. package/src/crypto/Crypto.ts +1 -1
  269. package/src/device/LegacyInteractionServer.ts +15 -4
  270. package/src/fabric/Fabric.ts +6 -0
  271. package/src/fabric/FabricManager.ts +1 -0
  272. package/src/model/models/EventModel.ts +4 -0
  273. package/src/model/models/FieldModel.ts +4 -0
  274. package/src/node/server/TransactionalInteractionServer.ts +2 -4
  275. package/src/protocol/interaction/AttributeDataEncoder.ts +20 -9
  276. package/src/protocol/interaction/EventHandler.ts +1 -3
  277. package/src/protocol/interaction/InteractionClient.ts +1 -1
  278. package/src/protocol/interaction/InteractionEndpointStructure.ts +4 -4
  279. package/src/protocol/interaction/InteractionMessenger.ts +12 -3
  280. package/src/protocol/interaction/InteractionServer.ts +53 -52
  281. package/src/protocol/interaction/SubscriptionHandler.ts +215 -92
  282. package/src/session/SecureSession.ts +2 -1
  283. package/src/session/SessionManager.ts +9 -0
  284. package/src/tlv/TlvArray.ts +3 -3
  285. package/src/tlv/TlvNullable.ts +3 -3
  286. package/src/tlv/TlvObject.ts +20 -14
  287. package/src/tlv/TlvSchema.ts +17 -3
  288. package/src/tlv/TlvWrapper.ts +3 -3
package/dist/esm/certificate/CertificateManager.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../src/certificate/CertificateManager.ts"],
4
- "sourcesContent": ["/**\n * @license\n * Copyright 2022-2024 Matter.js Authors\n * SPDX-License-Identifier: Apache-2.0\n */\n\nimport {\n BitByteArray,\n BYTES_KEY,\n ContextTagged,\n ContextTaggedBytes,\n DatatypeOverride,\n DerCodec,\n DerObject,\n DerType,\n ELEMENTS_KEY,\n OBJECT_ID_KEY,\n RawBytes,\n} from \"../codec/DerCodec.js\";\nimport { MatterError } from \"../common/MatterError.js\";\nimport { Crypto } from \"../crypto/Crypto.js\";\nimport { Key, PublicKey } from \"../crypto/Key.js\";\nimport { CaseAuthenticatedTag, TlvCaseAuthenticatedTag } from \"../datatype/CaseAuthenticatedTag.js\";\nimport { FabricId, TlvFabricId } from \"../datatype/FabricId.js\";\nimport { NodeId, TlvNodeId } from \"../datatype/NodeId.js\";\nimport { TlvVendorId, VendorId } from \"../datatype/VendorId.js\";\nimport { Logger } from \"../log/Logger.js\";\nimport { BitFlag, BitmapSchema, TypeFromPartialBitSchema } from \"../schema/BitmapSchema.js\";\nimport { Time } from \"../time/Time.js\";\nimport { TlvArray } from \"../tlv/TlvArray.js\";\nimport { TlvBoolean } from \"../tlv/TlvBoolean.js\";\nimport { TlvBitmap, TlvUInt16, TlvUInt32, TlvUInt64, TlvUInt8 } from \"../tlv/TlvNumber.js\";\nimport { TlvField, TlvObject, TlvOptionalField, TlvOptionalRepeatedField, TlvTaggedList } from \"../tlv/TlvObject.js\";\nimport { TypeFromSchema } from \"../tlv/TlvSchema.js\";\nimport { TlvByteString, TlvString } from \"../tlv/TlvString.js\";\nimport { ByteArray } from \"../util/ByteArray.js\";\nimport { Pkcs7, SHA256_CMS, X509, X520, X962 } from \"./CertificateDerTypes.js\";\n\nconst logger = Logger.get(\"CertificateManager\");\n\nexport class CertificateError extends MatterError {}\n\nconst YEAR_S = 365 * 24 * 60 * 60;\nconst EPOCH_OFFSET_S = 10957 * 24 * 60 * 60;\n\n// TODO replace usage of Date by abstraction\n\nexport function matterToJsDate(date: number) {\n return date === 0 ? X520.NON_WELL_DEFINED_DATE : new Date((date + EPOCH_OFFSET_S) * 1000);\n}\n\nexport function jsToMatterDate(date: Date, addYears = 0) {\n return date.getTime() === X520.NON_WELL_DEFINED_DATE.getTime()\n ? 0\n : Math.floor(date.getTime() / 1000) - EPOCH_OFFSET_S + addYears * YEAR_S;\n}\n\nfunction intTo16Chars(value: bigint | number) {\n const byteArray = new ByteArray(8);\n const dataView = byteArray.getDataView();\n dataView.setBigUint64(0, typeof value === \"bigint\" ? value : BigInt(value));\n return byteArray.toHex().toUpperCase();\n}\n\nfunction uInt16To8Chars(value: number) {\n const byteArray = new ByteArray(4);\n const dataView = byteArray.getDataView();\n dataView.setUint32(0, value);\n return byteArray.toHex().toUpperCase();\n}\n\nfunction uInt16To4Chars(value: number) {\n const byteArray = new ByteArray(2);\n const dataView = byteArray.getDataView();\n dataView.setUint16(0, value);\n return byteArray.toHex().toUpperCase();\n}\n\n/**\n * Matter specific ASN.1 OIDs\n * @see {@link MatterSpecification.v12.Core} Appendix E\n */\n\n/**\n * Generator function to create a specific ASN field for a Matter OpCert DN with the OID base 1.3.6.1.4.1.37244.1.*.\n * The returned function takes the value and returns the ASN.1 DER object.\n */\nconst GenericMatterOpCertObject =\n <T>(id: number, valueConverter?: (value: T) => string) =>\n (value: T) => [\n DerObject(`2b0601040182a27c01${id.toString(16).padStart(2, \"0\")}`, {\n value: (valueConverter ?? intTo16Chars)(value as any),\n }),\n ];\n\n/**\n * Generator function to create a specific ASN field for a Matter AttCert DN with the OID base 1.3.6.1.4.1.37244.2.*.\n * The returned function takes the value and returns the ASN.1 DER object.\n */\nconst GenericMatterAttCertObject =\n <T>(id: number, valueConverter?: (value: T) => string) =>\n (value: T) => [\n DerObject(`2b0601040182a27c02${id.toString(16).padStart(2, \"0\")}`, {\n value: (valueConverter ?? intTo16Chars)(value as any),\n }),\n ];\n\n/** matter-node-id = ASN.1 OID 1.3.6.1.4.1.37244.1.1 */\nexport const NodeId_Matter = GenericMatterOpCertObject<NodeId>(1);\n\n/** matter-firmware-signing-id = ASN.1 OID 1.3.6.1.4.1.37244.1.2 */\nexport const FirmwareSigningId_Matter = GenericMatterOpCertObject<number>(2);\n\n/** matter-icac-id = ASN.1 OID 1.3.6.1.4.1.37244.1.3 */\nexport const IcacId_Matter = GenericMatterOpCertObject<bigint | number>(3);\n\n/** matter-rcac-id = ASN.1 OID 1.3.6.1.4.1.37244.1.4 */\nexport const RcacId_Matter = GenericMatterOpCertObject<bigint | number>(4);\n\n/** matter-fabric-id = ASN.1 OID 1.3.6.1.4.1.37244.1.5 */\nexport const FabricId_Matter = GenericMatterOpCertObject<FabricId>(5);\n\n/** matter-noc-cat = ASN.1 OID 1.3.6.1.4.1.37244.1.6 */\nexport const NocCat_Matter = GenericMatterOpCertObject<number>(6, uInt16To8Chars);\n\n/** matter-oid-vid = ASN.1 OID 1.3.6.1.4.1.37244.2.1 */\nexport const VendorId_Matter = GenericMatterAttCertObject<VendorId>(1, uInt16To4Chars);\n\n/** matter-oid-pid = ASN.1 OID 1.3.6.1.4.1.37244.2.2 */\nexport const ProductId_Matter = GenericMatterAttCertObject<number>(2, uInt16To4Chars);\n\n/** All defined Matter fields for subject and issuer that we always allow optionally to be encoded */\nconst AllowedSubjectAndIssuerMatterFields = {\n nodeId: TlvOptionalField(17, TlvNodeId),\n firmwareSigningId: TlvOptionalField(18, TlvUInt32),\n icacId: TlvOptionalField(19, TlvUInt64),\n rcacId: TlvOptionalField(20, TlvUInt64),\n fabricId: TlvOptionalField(21, TlvFabricId),\n caseAuthenticatedTags: TlvOptionalRepeatedField(22, TlvCaseAuthenticatedTag, { maxLength: 3 }),\n};\n\n/**\n * TLV schema for a generic subject or issuer field in a certificate. We handle all fields as optional here for the TLV\n * parsing and check required fields in the logic to make sure we return the correct errors.\n */\nconst TlvGenericMatterSubjectOrIssuerTaggedList = <T>(matterFields: T) => {\n const fields = {\n // Standard DNs\n commonName: TlvOptionalField(1, TlvString),\n sureName: TlvOptionalField(2, TlvString),\n serialNum: TlvOptionalField(3, TlvString),\n countryName: TlvOptionalField(4, TlvString),\n localityName: TlvOptionalField(5, TlvString),\n stateOrProvinceName: TlvOptionalField(6, TlvString),\n orgName: TlvOptionalField(7, TlvString),\n orgUnitName: TlvOptionalField(8, TlvString),\n title: TlvOptionalField(9, TlvString),\n name: TlvOptionalField(10, TlvString),\n givenName: TlvOptionalField(11, TlvString),\n initials: TlvOptionalField(12, TlvString),\n genQualifier: TlvOptionalField(13, TlvString),\n dnQualifier: TlvOptionalField(14, TlvString),\n pseudonym: TlvOptionalField(15, TlvString),\n domainComponent: TlvOptionalField(16, TlvString),\n\n // Matter specific DNs\n ...matterFields,\n\n // Standard DNs when encoded as Printable String\n commonNamePs: TlvOptionalField(129, TlvString),\n sureNamePs: TlvOptionalField(130, TlvString),\n serialNumPs: TlvOptionalField(131, TlvString),\n countryNamePs: TlvOptionalField(132, TlvString),\n localityNamePs: TlvOptionalField(133, TlvString),\n stateOrProvinceNamePs: TlvOptionalField(134, TlvString),\n orgNamePs: TlvOptionalField(135, TlvString),\n orgUnitNamePs: TlvOptionalField(136, TlvString),\n titlePs: TlvOptionalField(137, TlvString),\n namePs: TlvOptionalField(138, TlvString),\n givenNamePs: TlvOptionalField(139, TlvString),\n initialsPs: TlvOptionalField(140, TlvString),\n genQualifierPs: TlvOptionalField(141, TlvString),\n dnQualifierPs: TlvOptionalField(142, TlvString),\n pseudonymPs: TlvOptionalField(143, TlvString),\n };\n return TlvTaggedList(fields);\n};\n\nconst ExtensionKeyUsageBitmap = {\n digitalSignature: BitFlag(0),\n nonRepudiation: BitFlag(1),\n keyEncipherment: BitFlag(2),\n dataEncipherment: BitFlag(3),\n keyAgreement: BitFlag(4),\n keyCertSign: BitFlag(5),\n cRLSign: BitFlag(6),\n encipherOnly: BitFlag(7),\n decipherOnly: BitFlag(8),\n};\nconst ExtensionKeyUsageSchema = BitmapSchema(ExtensionKeyUsageBitmap);\n\n/**\n * This generator enhances the generic Matter Certificate definition by allowing to override the subject and issuer\n * fields. The overriding serves two needs:\n * 1. to make some fields mandatory for the Tlv parsing and definition for the typescript types\n * 2. have typing guidance when generating certificates ourself in code\n *\n * On Tlv definition level also all not specified allowed Matter Fields are optionally allowed and are decoded,\n * re-encoded into Tlv and also encoded into ASN if the certificate is converted. Just the typing system do not know\n * about them.\n */\nconst BaseMatterCertificate = <S, I>(matterFields?: { subject?: S; issuer?: I }) =>\n TlvObject({\n serialNumber: TlvField(1, TlvByteString.bound({ maxLength: 20 })),\n signatureAlgorithm: TlvField(2, TlvUInt8),\n issuer: TlvField(\n 3,\n TlvGenericMatterSubjectOrIssuerTaggedList<I>({\n ...AllowedSubjectAndIssuerMatterFields,\n ...(matterFields?.issuer ?? {}),\n } as I),\n ),\n notBefore: TlvField(4, TlvUInt32),\n notAfter: TlvField(5, TlvUInt32),\n subject: TlvField(\n 6,\n TlvGenericMatterSubjectOrIssuerTaggedList<S>({\n ...AllowedSubjectAndIssuerMatterFields,\n ...(matterFields?.subject ?? {}),\n } as S),\n ),\n publicKeyAlgorithm: TlvField(7, TlvUInt8),\n ellipticCurveIdentifier: TlvField(8, TlvUInt8),\n ellipticCurvePublicKey: TlvField(9, TlvByteString),\n extensions: TlvField(\n 10,\n TlvTaggedList({\n basicConstraints: TlvField(\n 1,\n TlvObject({\n isCa: TlvField(1, TlvBoolean),\n pathLen: TlvOptionalField(2, TlvUInt8),\n }),\n ),\n keyUsage: TlvField(2, TlvBitmap(TlvUInt16, ExtensionKeyUsageBitmap)),\n extendedKeyUsage: TlvOptionalField(3, TlvArray(TlvUInt8)),\n subjectKeyIdentifier: TlvField(4, TlvByteString.bound({ length: 20 })),\n authorityKeyIdentifier: TlvField(5, TlvByteString.bound({ length: 20 })),\n futureExtension: TlvOptionalRepeatedField(6, TlvByteString),\n }),\n ),\n signature: TlvField(11, TlvByteString),\n });\n\nexport const TlvRootCertificate = BaseMatterCertificate({\n subject: {\n rcacId: TlvField(20, TlvUInt64),\n fabricId: TlvOptionalField(21, TlvFabricId),\n },\n issuer: AllowedSubjectAndIssuerMatterFields,\n});\n\nexport const TlvOperationalCertificate = BaseMatterCertificate({\n subject: {\n nodeId: TlvField(17, TlvNodeId),\n fabricId: TlvField(21, TlvFabricId),\n caseAuthenticatedTags: TlvOptionalRepeatedField(22, TlvCaseAuthenticatedTag, { maxLength: 3 }),\n },\n issuer: AllowedSubjectAndIssuerMatterFields,\n});\n\nexport const TlvIntermediateCertificate = BaseMatterCertificate({\n subject: {\n icacId: TlvField(19, TlvUInt64),\n fabricId: TlvOptionalField(21, TlvFabricId),\n },\n issuer: AllowedSubjectAndIssuerMatterFields,\n});\n\nconst TlvBaseCertificate = BaseMatterCertificate();\n\ninterface AttestationCertificateBase {\n serialNumber: ByteArray;\n signatureAlgorithm: number;\n issuer: {};\n notBefore: number;\n notAfter: number;\n subject: {};\n publicKeyAlgorithm: number;\n ellipticCurveIdentifier: number;\n ellipticCurvePublicKey: ByteArray;\n extensions: {\n basicConstraints: {\n isCa: boolean;\n pathLen?: number;\n };\n keyUsage: TypeFromPartialBitSchema<typeof ExtensionKeyUsageBitmap>;\n extendedKeyUsage?: number[];\n subjectKeyIdentifier: ByteArray;\n authorityKeyIdentifier: ByteArray;\n futureExtension?: ByteArray[];\n };\n signature: ByteArray;\n}\n\nexport interface DeviceAttestationCertificate extends AttestationCertificateBase {\n issuer: {\n commonName: string;\n productId?: number;\n vendorId: VendorId;\n };\n subject: {\n commonName: string;\n productId: number;\n vendorId: VendorId;\n };\n}\n\nexport interface ProductAttestationIntermediateCertificate extends AttestationCertificateBase {\n issuer: {\n commonName: string;\n vendorId?: VendorId;\n };\n subject: {\n commonName: string;\n productId?: number;\n vendorId: VendorId;\n };\n}\n\nexport interface ProductAttestationAuthorityCertificate extends AttestationCertificateBase {\n issuer: {\n commonName: string;\n vendorId?: VendorId;\n };\n subject: {\n commonName: string;\n vendorId?: VendorId;\n };\n}\n\nexport const TlvCertificationDeclaration = TlvObject({\n formatVersion: TlvField(0, TlvUInt16),\n vendorId: TlvField(1, TlvVendorId),\n produceIdArray: TlvField(2, TlvArray(TlvUInt16, { minLength: 1, maxLength: 100 })),\n deviceTypeId: TlvField(3, TlvUInt32),\n certificateId: TlvField(4, TlvString.bound({ length: 19 })),\n securityLevel: TlvField(5, TlvUInt8),\n securityInformation: TlvField(6, TlvUInt16),\n versionNumber: TlvField(7, TlvUInt16),\n certificationType: TlvField(8, TlvUInt8),\n dacOriginVendorId: TlvOptionalField(9, TlvVendorId),\n dacOriginProductId: TlvOptionalField(10, TlvUInt16),\n authorizedPaaList: TlvOptionalField(\n 11,\n TlvArray(TlvByteString.bound({ length: 20 }), { minLength: 1, maxLength: 10 }),\n ),\n});\n\nexport type BaseCertificate = TypeFromSchema<typeof TlvBaseCertificate>;\nexport type RootCertificate = TypeFromSchema<typeof TlvRootCertificate>;\nexport type IntermediateCertificate = TypeFromSchema<typeof TlvIntermediateCertificate>;\nexport type OperationalCertificate = TypeFromSchema<typeof TlvOperationalCertificate>;\nexport type Unsigned<Type> = { [Property in keyof Type as Exclude<Property, \"signature\">]: Type[Property] };\n\n/**\n * Preserve order of keys from original subject and also copy potential custom elements\n * @param data\n */\nfunction subjectOrIssuerToAsn1(data: { [field: string]: any }) {\n const asn = {} as { [field: string]: any[] };\n Object.entries(data).forEach(([key, value]) => {\n if (value === undefined) {\n return;\n }\n switch (key) {\n case \"commonName\":\n asn.commonName = X520.CommonName(value as string);\n break;\n case \"sureName\":\n asn.sureName = X520.SurName(value as string);\n break;\n case \"serialNum\":\n asn.serialNum = X520.SerialNumber(value as string);\n break;\n case \"countryName\":\n asn.countryName = X520.CountryName(value as string);\n break;\n case \"localityName\":\n asn.localityName = X520.LocalityName(value as string);\n break;\n case \"stateOrProvinceName\":\n asn.stateOrProvinceName = X520.StateOrProvinceName(value as string);\n break;\n case \"orgName\":\n asn.orgName = X520.OrganisationName(value as string);\n break;\n case \"orgUnitName\":\n asn.orgUnitName = X520.OrganizationalUnitName(value as string);\n break;\n case \"title\":\n asn.title = X520.Title(value as string);\n break;\n case \"name\":\n asn.name = X520.Name(value as string);\n break;\n case \"givenName\":\n asn.givenName = X520.GivenName(value as string);\n break;\n case \"initials\":\n asn.initials = X520.Initials(value as string);\n break;\n case \"genQualifier\":\n asn.genQualifier = X520.GenerationQualifier(value as string);\n break;\n case \"dnQualifier\":\n asn.dnQualifier = X520.DnQualifier(value as string);\n break;\n case \"pseudonym\":\n asn.pseudonym = X520.Pseudonym(value as string);\n break;\n case \"domainComponent\":\n asn.domainComponent = X520.DomainComponent(value as string);\n break;\n case \"nodeId\":\n asn.nodeId = NodeId_Matter(value as NodeId);\n break;\n case \"firmwareSigningId\":\n asn.firmwareSigningId = FirmwareSigningId_Matter(value as number);\n break;\n case \"icacId\":\n asn.icacId = IcacId_Matter(value as number | bigint);\n break;\n case \"rcacId\":\n asn.rcacId = RcacId_Matter(value as number | bigint);\n break;\n case \"fabricId\":\n asn.fabricId = FabricId_Matter(value as FabricId);\n break;\n case \"caseAuthenticatedTags\":\n // In theory if someone mixes multiple caseAuthenticatedTag fields with other fields we currently would\n // code them in ASN.1 as fields at the first position from the original data which might fail\n // certificate validation. Changing this would require to change Tlv decoding, so lets try that way for now.\n const caseAuthenticatedTags = value as CaseAuthenticatedTag[];\n CaseAuthenticatedTag.validateNocTagList(caseAuthenticatedTags);\n\n const cat0 = caseAuthenticatedTags[0];\n const cat1 = caseAuthenticatedTags[1];\n const cat2 = caseAuthenticatedTags[2];\n if (cat0 !== undefined) {\n asn.caseAuthenticatedTag0 = NocCat_Matter(cat0);\n }\n if (cat1 !== undefined) {\n asn.caseAuthenticatedTag1 = NocCat_Matter(cat1);\n }\n if (cat2 !== undefined) {\n asn.caseAuthenticatedTag2 = NocCat_Matter(cat2);\n }\n break;\n case \"vendorId\": // Only relevant for ASN.1 encoding of DAC/PAA/PAI certificates\n asn.vendorId = VendorId_Matter(value as VendorId);\n break;\n case \"productId\": // Only relevant for ASN.1 encoding of DAC/PAA/PAI certificates\n asn.productId = ProductId_Matter(value as number);\n break;\n case \"commonNamePs\":\n asn.commonNamePs = X520.CommonName(value as string, true);\n break;\n case \"sureNamePs\":\n asn.sureNamePs = X520.SurName(value as string, true);\n break;\n case \"serialNumPs\":\n asn.serialNumPs = X520.SerialNumber(value as string, true);\n break;\n case \"countryNamePs\":\n asn.countryNamePs = X520.CountryName(value as string, true);\n break;\n case \"localityNamePs\":\n asn.localityNamePs = X520.LocalityName(value as string, true);\n break;\n case \"stateOrProvinceNamePs\":\n asn.stateOrProvinceNamePs = X520.StateOrProvinceName(value as string, true);\n break;\n case \"orgNamePs\":\n asn.orgNamePs = X520.OrganisationName(value as string, true);\n break;\n case \"orgUnitNamePs\":\n asn.orgUnitNamePs = X520.OrganizationalUnitName(value as string, true);\n break;\n case \"titlePs\":\n asn.titlePs = X520.Title(value as string, true);\n break;\n case \"namePs\":\n asn.namePs = X520.Name(value as string, true);\n break;\n case \"givenNamePs\":\n asn.givenNamePs = X520.GivenName(value as string, true);\n break;\n case \"initialsPs\":\n asn.initialsPs = X520.Initials(value as string, true);\n break;\n case \"genQualifierPs\":\n asn.genQualifierPs = X520.GenerationQualifier(value as string, true);\n break;\n case \"dnQualifierPs\":\n asn.dnQualifierPs = X520.DnQualifier(value as string, true);\n break;\n case \"pseudonymPs\":\n asn.pseudonymPs = X520.Pseudonym(value as string, true);\n break;\n }\n });\n return asn;\n}\n\nfunction extensionsToAsn1(extensions: BaseCertificate[\"extensions\"]) {\n const asn = {} as { [field: string]: any[] | any };\n Object.entries(extensions).forEach(([key, value]) => {\n if (value === undefined) {\n return;\n }\n switch (key) {\n case \"basicConstraints\":\n asn.basicConstraints = X509.BasicConstraints(value);\n break;\n case \"keyUsage\":\n asn.keyUsage = X509.KeyUsage(\n ExtensionKeyUsageSchema.encode(value as TypeFromPartialBitSchema<typeof ExtensionKeyUsageBitmap>),\n );\n break;\n case \"extendedKeyUsage\":\n asn.extendedKeyUsage = X509.ExtendedKeyUsage(value as number[] | undefined);\n break;\n case \"subjectKeyIdentifier\":\n asn.subjectKeyIdentifier = X509.SubjectKeyIdentifier(value as ByteArray);\n break;\n case \"authorityKeyIdentifier\":\n asn.authorityKeyIdentifier = X509.AuthorityKeyIdentifier(value as ByteArray);\n break;\n case \"futureExtension\":\n asn.futureExtension = RawBytes(ByteArray.concat(...((value as ByteArray[] | undefined) ?? [])));\n break;\n }\n });\n return asn;\n}\n\nexport class CertificateManager {\n static #genericBuildAsn1Structure({\n serialNumber,\n notBefore,\n notAfter,\n issuer,\n subject,\n ellipticCurvePublicKey,\n extensions,\n }: Unsigned<BaseCertificate>) {\n const {\n basicConstraints: { isCa, pathLen },\n } = extensions;\n if (!isCa && pathLen !== undefined) {\n throw new CertificateError(\"Path length must be undefined for non-CA certificates.\");\n }\n return {\n version: ContextTagged(0, 2), // v3\n serialNumber: DatatypeOverride(DerType.Integer, serialNumber),\n signatureAlgorithm: X962.EcdsaWithSHA256,\n issuer: subjectOrIssuerToAsn1(issuer),\n validity: {\n notBefore: matterToJsDate(notBefore),\n notAfter: matterToJsDate(notAfter),\n },\n subject: subjectOrIssuerToAsn1(subject),\n publicKey: X962.PublicKeyEcPrime256v1(ellipticCurvePublicKey),\n extensions: ContextTagged(3, extensionsToAsn1(extensions)),\n };\n }\n\n static #genericCertToAsn1(cert: Unsigned<BaseCertificate>) {\n return DerCodec.encode(this.#genericBuildAsn1Structure(cert));\n }\n\n static rootCertToAsn1(cert: Unsigned<RootCertificate>) {\n const {\n extensions: {\n basicConstraints: { isCa },\n },\n } = cert;\n if (!isCa) {\n throw new CertificateError(\"Root certificate must be a CA.\");\n }\n return this.#genericCertToAsn1(cert);\n }\n\n static intermediateCaCertToAsn1(cert: Unsigned<IntermediateCertificate>) {\n const {\n extensions: {\n basicConstraints: { isCa },\n },\n } = cert;\n if (!isCa) {\n throw new CertificateError(\"Intermediate certificate must be a CA.\");\n }\n return this.#genericCertToAsn1(cert);\n }\n\n static nodeOperationalCertToAsn1(cert: Unsigned<OperationalCertificate>) {\n const {\n issuer: { icacId, rcacId },\n extensions: {\n basicConstraints: { isCa },\n },\n } = cert;\n if (icacId === undefined && rcacId === undefined) {\n throw new CertificateError(\"Issuer RCAC or ICAC ID must be defined for an operational certificate.\");\n }\n if (isCa) {\n throw new CertificateError(\"Node operational certificate must not be a CA.\");\n }\n\n return this.#genericCertToAsn1(cert);\n }\n\n static deviceAttestationCertToAsn1(cert: Unsigned<DeviceAttestationCertificate>, key: Key) {\n const certificate = this.#genericBuildAsn1Structure(cert);\n return DerCodec.encode({\n certificate,\n signAlgorithm: X962.EcdsaWithSHA256,\n signature: BitByteArray(Crypto.sign(key, DerCodec.encode(certificate), \"der\")),\n });\n }\n\n static productAttestationIntermediateCertToAsn1(\n cert: Unsigned<ProductAttestationIntermediateCertificate>,\n key: Key,\n ) {\n const certificate = this.#genericBuildAsn1Structure(cert);\n return DerCodec.encode({\n certificate,\n signAlgorithm: X962.EcdsaWithSHA256,\n signature: BitByteArray(Crypto.sign(key, DerCodec.encode(certificate), \"der\")),\n });\n }\n\n static productAttestationAuthorityCertToAsn1(cert: Unsigned<ProductAttestationAuthorityCertificate>, key: Key) {\n const certificate = this.#genericBuildAsn1Structure(cert);\n return DerCodec.encode({\n certificate,\n signAlgorithm: X962.EcdsaWithSHA256,\n signature: BitByteArray(Crypto.sign(key, DerCodec.encode(certificate), \"der\")),\n });\n }\n\n static CertificationDeclarationToAsn1(\n eContent: ByteArray,\n subjectKeyIdentifier: ByteArray,\n privateKey: JsonWebKey,\n ) {\n const certificate = {\n version: 3,\n digestAlgorithm: [SHA256_CMS],\n encapContentInfo: Pkcs7.Data(eContent),\n signerInfo: [\n {\n version: 3,\n subjectKeyIdentifier: ContextTaggedBytes(0, subjectKeyIdentifier),\n digestAlgorithm: SHA256_CMS,\n signatureAlgorithm: X962.EcdsaWithSHA256,\n signature: Crypto.sign(privateKey, eContent, \"der\"),\n },\n ],\n };\n\n return DerCodec.encode(Pkcs7.SignedData(certificate));\n }\n\n /**\n * Validate general requirements a Matter certificate fields must fulfill.\n * Rules for this are listed in @see {@link MatterSpecification.v12.Core} \u00A76.5.x\n */\n static validateGeneralCertificateFields(cert: RootCertificate | OperationalCertificate | IntermediateCertificate) {\n if (cert.serialNumber.length > 20)\n throw new CertificateError(\n `Serial number must not be longer then 20 octets. Current serial number has ${cert.serialNumber.length} octets.`,\n );\n\n if (cert.signatureAlgorithm !== 1) {\n // ecdsa-with-sha256\n throw new CertificateError(`Unsupported signature algorithm: ${cert.signatureAlgorithm}`);\n }\n\n if (cert.publicKeyAlgorithm !== 1) {\n // ec-pub-key\n throw new CertificateError(`Unsupported public key algorithm: ${cert.publicKeyAlgorithm}`);\n }\n\n if (cert.ellipticCurveIdentifier !== 1) {\n // prime256v1\n throw new CertificateError(`Unsupported elliptic curve identifier: ${cert.ellipticCurveIdentifier}`);\n }\n\n // All implementations SHALL reject Matter certificates with more than 5 RDNs in a single DN.\n if (Object.keys(cert.subject).length > 5) {\n throw new CertificateError(`Certificate subject must not contain more than 5 RDNs.`);\n }\n if (Object.keys(cert.issuer).length > 5) {\n throw new CertificateError(`Certificate issuer must not contain more than 5 RDNs.`);\n }\n\n // notBefore date should be already reached, notAfter is not checked right now\n // TODO: implement real checks when we add \"Last known Good UTC time\"\n if (cert.notBefore * 1000 > Time.nowMs()) {\n logger.warn(`Certificate notBefore date is in the future: ${cert.notBefore * 1000} vs ${Time.nowMs()}`);\n /*throw new CertificateError(\n `Certificate notBefore date is in the future: ${cert.notBefore * 1000} vs ${Time.nowMs()}`,\n );*/\n }\n }\n\n /**\n * Verify requirements a Matter Root certificate must fulfill.\n * Rules for this are listed in @see {@link MatterSpecification.v12.Core} \u00A76.5.x\n */\n static verifyRootCertificate(rootCert: RootCertificate) {\n CertificateManager.validateGeneralCertificateFields(rootCert);\n\n // The subject DN SHALL NOT encode any matter-node-id attribute.\n if (\"nodeId\" in rootCert.subject) {\n throw new CertificateError(`Root certificate must not contain a nodeId.`);\n }\n\n // The subject DN MAY encode at most one matter-fabric-id attribute.\n if (rootCert.subject.fabricId !== undefined) {\n if (Array.isArray(rootCert.subject.fabricId)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(rootCert.subject.fabricId)}`,\n );\n }\n // If present, the matter-fabric-id attribute\u2019s value SHALL NOT be 0\n if (rootCert.subject.fabricId === FabricId(0)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(rootCert.subject.fabricId)}`,\n );\n }\n }\n\n // The subject DN SHALL NOT encode any matter-icac-id attribute.\n if (\"icacId\" in rootCert.subject) {\n throw new CertificateError(`Root certificate must not contain an icacId.`);\n }\n\n // The subject DN SHALL encode exactly one matter-rcac-id attribute.\n if (rootCert.subject.rcacId === undefined || Array.isArray(rootCert.subject.rcacId)) {\n throw new CertificateError(`Invalid rcacId in Root certificate: ${Logger.toJSON(rootCert.subject.rcacId)}`);\n }\n\n // The subject DN SHALL NOT encode any matter-noc-cat attribute.\n if (\"caseAuthenticatedTags\" in rootCert.subject) {\n throw new CertificateError(`Root certificate must not contain a caseAuthenticatedTags.`);\n }\n\n // The basic constraints extension SHALL be encoded with is-ca set to true.\n if (rootCert.extensions.basicConstraints.isCa !== true) {\n throw new CertificateError(`Root certificate must have isCa set to true.`);\n }\n\n // The key usage extension SHALL be encoded with exactly two flags: keyCertSign (0x0020) and CRLSign (0x0040).\n // Formally the check should be the following line but Amazon uses a wrong Root cert which also has\n // digitalCertificate set, so we just check the the two needed are set and ignore additionally set parameters.\n //if (ExtensionKeyUsageSchema.encode(rootCert.extensions.keyUsage) !== 0x0060) {\n if (!rootCert.extensions.keyUsage.keyCertSign || !rootCert.extensions.keyUsage.cRLSign) {\n throw new CertificateError(`Root certificate keyUsage must have keyCertSign and CRLSign set.`);\n }\n\n // The extended key usage extension SHALL NOT be present.\n if (rootCert.extensions.extendedKeyUsage !== undefined) {\n throw new CertificateError(`Root certificate must not have extendedKeyUsage set.`);\n }\n\n // The subject key identifier extension SHALL be present and 160 bit long.\n if (rootCert.extensions.subjectKeyIdentifier === undefined) {\n throw new CertificateError(`Root certificate must have subjectKeyIdentifier set.`);\n }\n if (rootCert.extensions.subjectKeyIdentifier.length !== 20) {\n throw new CertificateError(`Root certificate subjectKeyIdentifier must be 160 bit.`);\n }\n\n // The authority key identifier extension SHALL be present and 160 bit long.\n if (rootCert.extensions.authorityKeyIdentifier === undefined) {\n throw new CertificateError(`Root certificate must have authorityKeyIdentifier set.`);\n }\n if (rootCert.extensions.authorityKeyIdentifier.length !== 20) {\n throw new CertificateError(`Root certificate authorityKeyIdentifier must be 160 bit.`);\n }\n\n // The authority key identifier extension SHALL be equal to the subject key identifier extension.\n if (!rootCert.extensions.authorityKeyIdentifier.equals(rootCert.extensions.subjectKeyIdentifier)) {\n throw new CertificateError(\n `Root certificate authorityKeyIdentifier must be equal to subjectKeyIdentifier.`,\n );\n }\n\n // Root cert is self signed anyway, so we do not need to verify it with itself\n //Crypto.verify(PublicKey(rootCert.ellipticCurvePublicKey), this.rootCertToAsn1(rootCert), rootCert.signature);\n }\n\n /**\n * Verify requirements a Matter Node Operational certificate must fulfill.\n * Rules for this are listed in @see {@link MatterSpecification.v12.Core} \u00A76.5.x\n */\n static verifyNodeOperationalCertificate(\n rootOrIcaCert: RootCertificate | IntermediateCertificate,\n nocCert: OperationalCertificate,\n ) {\n CertificateManager.validateGeneralCertificateFields(nocCert);\n\n // The subject DN SHALL encode exactly one matter-node-id attribute.\n if (nocCert.subject.nodeId === undefined || Array.isArray(nocCert.subject.nodeId)) {\n throw new CertificateError(`Invalid nodeId in NoC certificate: ${Logger.toJSON(nocCert.subject.nodeId)}`);\n }\n // The matter-node-id attribute\u2019s value SHALL be in the Operational Node ID\n if (!NodeId.isOperationalNodeId(nocCert.subject.nodeId)) {\n throw new CertificateError(`Invalid nodeId in NoC certificate: ${Logger.toJSON(nocCert.subject.nodeId)}`);\n }\n\n // The subject DN SHALL encode exactly one matter-fabric-id attribute.\n if (nocCert.subject.fabricId === undefined || Array.isArray(nocCert.subject.fabricId)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(nocCert.subject.fabricId)}`,\n );\n }\n // The matter-fabric-id attribute\u2019s value SHALL NOT be 0\n if (nocCert.subject.fabricId === FabricId(0)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(nocCert.subject.fabricId)}`,\n );\n }\n\n // The subject DN SHALL NOT encode any matter-icac-id attribute.\n if (\"icacId\" in nocCert.subject) {\n throw new CertificateError(`Noc certificate must not contain an icacId.`);\n }\n\n // The subject DN SHALL NOT encode any matter-rcac-id attribute.\n if (\"rcacId\" in nocCert.subject) {\n throw new CertificateError(`Noc certificate must not contain an rcacId.`);\n }\n\n // The subject DN MAY encode at most three matter-noc-cat attributes.\n if (nocCert.subject.caseAuthenticatedTags !== undefined) {\n CaseAuthenticatedTag.validateNocTagList(nocCert.subject.caseAuthenticatedTags); // throws ValidationError\n }\n\n // When any matter-fabric-id attributes are present in either the Matter Root CA Certificate or the Matter ICA\n // Certificate, the value SHALL match the one present in the Matter Node Operational Certificate (NOC) within\n // the same certificate chain.\n if (\n rootOrIcaCert.subject.fabricId !== undefined &&\n rootOrIcaCert.subject.fabricId !== nocCert.subject.fabricId\n ) {\n throw new CertificateError(\n `FabricId in NoC certificate does not match the fabricId in the parent certificate. ${Logger.toJSON(\n rootOrIcaCert.subject.fabricId,\n )} !== ${Logger.toJSON(nocCert.subject.fabricId)}`,\n );\n }\n\n // The basic constraints extension SHALL be encoded with is-ca set to false.\n if (nocCert.extensions.basicConstraints.isCa) {\n throw new CertificateError(`Noc certificate must not have isCa set to true.`);\n }\n\n // The key usage extension SHALL be encoded with exactly two flags: keyCertSign (0x0020) and CRLSign (0x0040).\n // Formally the check should be the following line but Amazon uses a wrong Root cert which also has\n // digitalCertificate set, so we just check the the two needed are set and ignore additionally set parameters.\n //if (ExtensionKeyUsageSchema.encode(nocCert.extensions.keyUsage) !== 1) {\n if (!nocCert.extensions.keyUsage.digitalSignature) {\n throw new CertificateError(`Noc certificate must have keyUsage set to digitalSignature.`);\n }\n\n // The extended key usage extension SHALL be encoded with exactly two key-purpose-id values: serverAuth and clientAuth.\n if (\n nocCert.extensions.extendedKeyUsage === undefined ||\n (!nocCert.extensions.extendedKeyUsage.includes(1) && !nocCert.extensions.extendedKeyUsage.includes(2))\n ) {\n throw new CertificateError(\n `Noc certificate must have extendedKeyUsage with serverAuth and clientAuth: ${Logger.toJSON(nocCert.extensions.extendedKeyUsage)}`,\n );\n }\n\n // The subject key identifier extension SHALL be present and 160 bit long.\n if (nocCert.extensions.subjectKeyIdentifier === undefined) {\n throw new CertificateError(`Noc certificate must have subjectKeyIdentifier set.`);\n }\n if (nocCert.extensions.subjectKeyIdentifier.length !== 20) {\n throw new CertificateError(`Noc certificate subjectKeyIdentifier must be 160 bit.`);\n }\n\n // The authority key identifier extension SHALL be present and 160 bit long.\n if (nocCert.extensions.authorityKeyIdentifier === undefined) {\n throw new CertificateError(`Noc certificate must have authorityKeyIdentifier set.`);\n }\n if (nocCert.extensions.authorityKeyIdentifier.length !== 20) {\n throw new CertificateError(`Noc certificate authorityKeyIdentifier must be 160 bit.`);\n }\n\n // Validate authority key identifier against subject key identifier\n if (!nocCert.extensions.authorityKeyIdentifier.equals(rootOrIcaCert.extensions.subjectKeyIdentifier)) {\n throw new CertificateError(\n `Noc certificate authorityKeyIdentifier must be equal to Root/Ica subjectKeyIdentifier.`,\n );\n }\n\n Crypto.verify(\n PublicKey(rootOrIcaCert.ellipticCurvePublicKey),\n this.nodeOperationalCertToAsn1(nocCert),\n nocCert.signature,\n );\n }\n\n /**\n * Verify requirements a Matter Intermediate CA certificate must fulfill.\n * Rules for this are listed in @see {@link MatterSpecification.v12.Core} \u00A76.5.x\n */\n static verifyIntermediateCaCertificate(rootCert: RootCertificate, icaCert: IntermediateCertificate) {\n CertificateManager.validateGeneralCertificateFields(icaCert);\n\n // The subject DN SHALL NOT encode any matter-node-id attribute.\n if (\"nodeId\" in icaCert.subject) {\n throw new CertificateError(`Ica certificate must not contain a nodeId.`);\n }\n\n // The subject DN MAY encode at most one matter-fabric-id attribute.\n if (icaCert.subject.fabricId !== undefined) {\n if (Array.isArray(icaCert.subject.fabricId)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(icaCert.subject.fabricId)}`,\n );\n }\n // If present, the matter-fabric-id attribute\u2019s value SHALL NOT be 0\n if (icaCert.subject.fabricId === FabricId(0)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(icaCert.subject.fabricId)}`,\n );\n }\n // If present on root certificate fabric-id needs to match with Ica fabric Id\n if (rootCert.subject.fabricId !== icaCert.subject.fabricId) {\n throw new CertificateError(\n `FabricId in Ica certificate does not match the fabricId in the parent certificate. ${Logger.toJSON(\n rootCert.subject.fabricId,\n )} !== ${Logger.toJSON(icaCert.subject.fabricId)}`,\n );\n }\n }\n\n // The subject DN SHALL encode exactly one matter-icac-id attribute.\n if (icaCert.subject.icacId === undefined || Array.isArray(icaCert.subject.icacId)) {\n throw new CertificateError(`Invalid icacId in Ica certificate: ${Logger.toJSON(icaCert.subject.icacId)}`);\n }\n\n // The subject DN SHALL NOT encode any matter-rcac-id attribute.\n if (\"rcacId\" in icaCert.subject) {\n throw new CertificateError(`Ica certificate must not contain an rcacId.`);\n }\n\n // The subject DN SHALL NOT encode any matter-noc-cat attribute.\n if (\"caseAuthenticatedTags\" in icaCert.subject) {\n throw new CertificateError(`Ica certificate must not contain a caseAuthenticatedTags.`);\n }\n\n // When any matter-fabric-id attributes are present in either the Matter Root CA Certificate or the Matter ICA\n // Certificate, the value SHALL match the one present in the Matter Node Operational Certificate (NOC) within\n // the same certificate chain.\n if (rootCert.subject.fabricId !== icaCert.subject.fabricId) {\n throw new CertificateError(\n `FabricId in Ica certificate does not match the fabricId in the parent certificate. ${Logger.toJSON(\n rootCert.subject.fabricId,\n )} !== ${Logger.toJSON(icaCert.subject.fabricId)}`,\n );\n }\n\n // Verify the certificate chain by checking rcac ids in subject and issuer\n if (rootCert.subject.rcacId !== icaCert.issuer.rcacId) {\n throw new CertificateError(\n `RcacId in Ica certificate does not match the rcacId in the parent certificate. ${Logger.toJSON(\n rootCert.subject.rcacId,\n )} !== ${Logger.toJSON(icaCert.issuer.rcacId)}`,\n );\n }\n\n // The basic constraints extension SHALL be encoded with is-ca set to true.\n if (!icaCert.extensions.basicConstraints.isCa) {\n throw new CertificateError(`Ica certificate must have isCa set to true.`);\n }\n\n // The key usage extension SHALL be encoded with exactly two flags: keyCertSign (0x0020) and CRLSign (0x0040).\n // Formally the check should be the following line but Amazon uses a wrong Root cert which also has\n // digitalCertificate set, so we just check the the two needed are set and ignore additionally set parameters.\n //if (ExtensionKeyUsageSchema.encode(icaCert.extensions.keyUsage) !== 0x0060) {\n if (!icaCert.extensions.keyUsage.keyCertSign || !icaCert.extensions.keyUsage.cRLSign) {\n throw new CertificateError(`Ica certificate must have keyUsage set to keyCertSign and CRLSign.`);\n }\n\n // The extended key usage extension SHALL NOT be present.\n if (icaCert.extensions.extendedKeyUsage !== undefined) {\n throw new CertificateError(`Ica certificate must not have extendedKeyUsage set.`);\n }\n\n // The subject key identifier extension SHALL be present and 160 bit long.\n if (icaCert.extensions.subjectKeyIdentifier === undefined) {\n throw new CertificateError(`Ica certificate must have subjectKeyIdentifier set.`);\n }\n if (icaCert.extensions.subjectKeyIdentifier.length !== 20) {\n throw new CertificateError(`Ica certificate subjectKeyIdentifier must be 160 bit.`);\n }\n\n // The authority key identifier extension SHALL be present and 160 bit long.\n if (icaCert.extensions.authorityKeyIdentifier === undefined) {\n throw new CertificateError(`Ica certificate must have authorityKeyIdentifier set.`);\n }\n if (icaCert.extensions.authorityKeyIdentifier.length !== 20) {\n throw new CertificateError(`Ica certificate authorityKeyIdentifier must be 160 bit.`);\n }\n\n // Validate authority key identifier against subject key identifier\n if (!icaCert.extensions.authorityKeyIdentifier.equals(rootCert.extensions.subjectKeyIdentifier)) {\n throw new CertificateError(\n `Ica certificate authorityKeyIdentifier must be equal to root cert subjectKeyIdentifier.`,\n );\n }\n\n Crypto.verify(\n PublicKey(rootCert.ellipticCurvePublicKey),\n this.intermediateCaCertToAsn1(icaCert),\n icaCert.signature,\n );\n }\n\n static createCertificateSigningRequest(key: Key) {\n const request = {\n version: 0,\n subject: { organization: X520.OrganisationName(\"CSR\") },\n publicKey: X962.PublicKeyEcPrime256v1(key.publicKey),\n endSignedBytes: ContextTagged(0),\n };\n\n return DerCodec.encode({\n request,\n signAlgorithm: X962.EcdsaWithSHA256,\n signature: BitByteArray(Crypto.sign(key, DerCodec.encode(request), \"der\")),\n });\n }\n\n static getPublicKeyFromCsr(csr: ByteArray) {\n const { [ELEMENTS_KEY]: rootElements } = DerCodec.decode(csr);\n if (rootElements?.length !== 3) throw new CertificateError(\"Invalid CSR data\");\n const [requestNode, signAlgorithmNode, signatureNode] = rootElements;\n\n // Extract the public key\n const { [ELEMENTS_KEY]: requestElements } = requestNode;\n if (requestElements?.length !== 4) throw new CertificateError(\"Invalid CSR data\");\n const [versionNode, _subjectNode, publicKeyNode] = requestElements;\n const requestVersion = versionNode[BYTES_KEY][0];\n if (requestVersion !== 0) throw new CertificateError(`Unsupported request version${requestVersion}`);\n // TODO: verify subject = { OrganisationName: \"CSR\" }\n\n const { [ELEMENTS_KEY]: publicKeyElements } = publicKeyNode;\n if (publicKeyElements?.length !== 2) throw new CertificateError(\"Invalid CSR data\");\n const [_publicKeyTypeNode, publicKeyBytesNode] = publicKeyElements;\n // TODO: verify publicKey algorithm\n const publicKey = publicKeyBytesNode[BYTES_KEY];\n\n // Verify the CSR signature\n if (!X962.EcdsaWithSHA256[OBJECT_ID_KEY][BYTES_KEY].equals(signAlgorithmNode[ELEMENTS_KEY]?.[0]?.[BYTES_KEY]))\n throw new CertificateError(\"Unsupported signature type\");\n Crypto.verify(PublicKey(publicKey), DerCodec.encode(requestNode), signatureNode[BYTES_KEY], \"der\");\n\n return publicKey;\n }\n}\n"],
5
- "mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AACP,SAAS,mBAAmB;AAC5B,SAAS,cAAc;AACvB,SAAc,iBAAiB;AAC/B,SAAS,sBAAsB,+BAA+B;AAC9D,SAAS,UAAU,mBAAmB;AACtC,SAAS,QAAQ,iBAAiB;AAClC,SAAS,mBAA6B;AACtC,SAAS,cAAc;AACvB,SAAS,SAAS,oBAA8C;AAChE,SAAS,YAAY;AACrB,SAAS,gBAAgB;AACzB,SAAS,kBAAkB;AAC3B,SAAS,WAAW,WAAW,WAAW,WAAW,gBAAgB;AACrE,SAAS,UAAU,WAAW,kBAAkB,0BAA0B,qBAAqB;AAE/F,SAAS,eAAe,iBAAiB;AACzC,SAAS,iBAAiB;AAC1B,SAAS,OAAO,YAAY,MAAM,MAAM,YAAY;AAEpD,MAAM,SAAS,OAAO,IAAI,oBAAoB;AAEvC,MAAM,yBAAyB,YAAY;AAAC;AAEnD,MAAM,SAAS,MAAM,KAAK,KAAK;AAC/B,MAAM,iBAAiB,QAAQ,KAAK,KAAK;AAIlC,SAAS,eAAe,MAAc;AACzC,SAAO,SAAS,IAAI,KAAK,wBAAwB,IAAI,MAAM,OAAO,kBAAkB,GAAI;AAC5F;AAEO,SAAS,eAAe,MAAY,WAAW,GAAG;AACrD,SAAO,KAAK,QAAQ,MAAM,KAAK,sBAAsB,QAAQ,IACvD,IACA,KAAK,MAAM,KAAK,QAAQ,IAAI,GAAI,IAAI,iBAAiB,WAAW;AAC1E;AAEA,SAAS,aAAa,OAAwB;AAC1C,QAAM,YAAY,IAAI,UAAU,CAAC;AACjC,QAAM,WAAW,UAAU,YAAY;AACvC,WAAS,aAAa,GAAG,OAAO,UAAU,WAAW,QAAQ,OAAO,KAAK,CAAC;AAC1E,SAAO,UAAU,MAAM,EAAE,YAAY;AACzC;AAEA,SAAS,eAAe,OAAe;AACnC,QAAM,YAAY,IAAI,UAAU,CAAC;AACjC,QAAM,WAAW,UAAU,YAAY;AACvC,WAAS,UAAU,GAAG,KAAK;AAC3B,SAAO,UAAU,MAAM,EAAE,YAAY;AACzC;AAEA,SAAS,eAAe,OAAe;AACnC,QAAM,YAAY,IAAI,UAAU,CAAC;AACjC,QAAM,WAAW,UAAU,YAAY;AACvC,WAAS,UAAU,GAAG,KAAK;AAC3B,SAAO,UAAU,MAAM,EAAE,YAAY;AACzC;AAWA,MAAM,4BACF,CAAI,IAAY,mBAChB,CAAC,UAAa;AAAA,EACV,UAAU,qBAAqB,GAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI;AAAA,IAC/D,QAAQ,kBAAkB,cAAc,KAAY;AAAA,EACxD,CAAC;AACL;AAMJ,MAAM,6BACF,CAAI,IAAY,mBAChB,CAAC,UAAa;AAAA,EACV,UAAU,qBAAqB,GAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI;AAAA,IAC/D,QAAQ,kBAAkB,cAAc,KAAY;AAAA,EACxD,CAAC;AACL;AAGG,MAAM,gBAAgB,0BAAkC,CAAC;AAGzD,MAAM,2BAA2B,0BAAkC,CAAC;AAGpE,MAAM,gBAAgB,0BAA2C,CAAC;AAGlE,MAAM,gBAAgB,0BAA2C,CAAC;AAGlE,MAAM,kBAAkB,0BAAoC,CAAC;AAG7D,MAAM,gBAAgB,0BAAkC,GAAG,cAAc;AAGzE,MAAM,kBAAkB,2BAAqC,GAAG,cAAc;AAG9E,MAAM,mBAAmB,2BAAmC,GAAG,cAAc;AAGpF,MAAM,sCAAsC;AAAA,EACxC,QAAQ,iBAAiB,IAAI,SAAS;AAAA,EACtC,mBAAmB,iBAAiB,IAAI,SAAS;AAAA,EACjD,QAAQ,iBAAiB,IAAI,SAAS;AAAA,EACtC,QAAQ,iBAAiB,IAAI,SAAS;AAAA,EACtC,UAAU,iBAAiB,IAAI,WAAW;AAAA,EAC1C,uBAAuB,yBAAyB,IAAI,yBAAyB,EAAE,WAAW,EAAE,CAAC;AACjG;AAMA,MAAM,4CAA4C,CAAI,iBAAoB;AACtE,QAAM,SAAS;AAAA;AAAA,IAEX,YAAY,iBAAiB,GAAG,SAAS;AAAA,IACzC,UAAU,iBAAiB,GAAG,SAAS;AAAA,IACvC,WAAW,iBAAiB,GAAG,SAAS;AAAA,IACxC,aAAa,iBAAiB,GAAG,SAAS;AAAA,IAC1C,cAAc,iBAAiB,GAAG,SAAS;AAAA,IAC3C,qBAAqB,iBAAiB,GAAG,SAAS;AAAA,IAClD,SAAS,iBAAiB,GAAG,SAAS;AAAA,IACtC,aAAa,iBAAiB,GAAG,SAAS;AAAA,IAC1C,OAAO,iBAAiB,GAAG,SAAS;AAAA,IACpC,MAAM,iBAAiB,IAAI,SAAS;AAAA,IACpC,WAAW,iBAAiB,IAAI,SAAS;AAAA,IACzC,UAAU,iBAAiB,IAAI,SAAS;AAAA,IACxC,cAAc,iBAAiB,IAAI,SAAS;AAAA,IAC5C,aAAa,iBAAiB,IAAI,SAAS;AAAA,IAC3C,WAAW,iBAAiB,IAAI,SAAS;AAAA,IACzC,iBAAiB,iBAAiB,IAAI,SAAS;AAAA;AAAA,IAG/C,GAAG;AAAA;AAAA,IAGH,cAAc,iBAAiB,KAAK,SAAS;AAAA,IAC7C,YAAY,iBAAiB,KAAK,SAAS;AAAA,IAC3C,aAAa,iBAAiB,KAAK,SAAS;AAAA,IAC5C,eAAe,iBAAiB,KAAK,SAAS;AAAA,IAC9C,gBAAgB,iBAAiB,KAAK,SAAS;AAAA,IAC/C,uBAAuB,iBAAiB,KAAK,SAAS;AAAA,IACtD,WAAW,iBAAiB,KAAK,SAAS;AAAA,IAC1C,eAAe,iBAAiB,KAAK,SAAS;AAAA,IAC9C,SAAS,iBAAiB,KAAK,SAAS;AAAA,IACxC,QAAQ,iBAAiB,KAAK,SAAS;AAAA,IACvC,aAAa,iBAAiB,KAAK,SAAS;AAAA,IAC5C,YAAY,iBAAiB,KAAK,SAAS;AAAA,IAC3C,gBAAgB,iBAAiB,KAAK,SAAS;AAAA,IAC/C,eAAe,iBAAiB,KAAK,SAAS;AAAA,IAC9C,aAAa,iBAAiB,KAAK,SAAS;AAAA,EAChD;AACA,SAAO,cAAc,MAAM;AAC/B;AAEA,MAAM,0BAA0B;AAAA,EAC5B,kBAAkB,QAAQ,CAAC;AAAA,EAC3B,gBAAgB,QAAQ,CAAC;AAAA,EACzB,iBAAiB,QAAQ,CAAC;AAAA,EAC1B,kBAAkB,QAAQ,CAAC;AAAA,EAC3B,cAAc,QAAQ,CAAC;AAAA,EACvB,aAAa,QAAQ,CAAC;AAAA,EACtB,SAAS,QAAQ,CAAC;AAAA,EAClB,cAAc,QAAQ,CAAC;AAAA,EACvB,cAAc,QAAQ,CAAC;AAC3B;AACA,MAAM,0BAA0B,aAAa,uBAAuB;AAYpE,MAAM,wBAAwB,CAAO,iBACjC,UAAU;AAAA,EACN,cAAc,SAAS,GAAG,cAAc,MAAM,EAAE,WAAW,GAAG,CAAC,CAAC;AAAA,EAChE,oBAAoB,SAAS,GAAG,QAAQ;AAAA,EACxC,QAAQ;AAAA,IACJ;AAAA,IACA,0CAA6C;AAAA,MACzC,GAAG;AAAA,MACH,GAAI,cAAc,UAAU,CAAC;AAAA,IACjC,CAAM;AAAA,EACV;AAAA,EACA,WAAW,SAAS,GAAG,SAAS;AAAA,EAChC,UAAU,SAAS,GAAG,SAAS;AAAA,EAC/B,SAAS;AAAA,IACL;AAAA,IACA,0CAA6C;AAAA,MACzC,GAAG;AAAA,MACH,GAAI,cAAc,WAAW,CAAC;AAAA,IAClC,CAAM;AAAA,EACV;AAAA,EACA,oBAAoB,SAAS,GAAG,QAAQ;AAAA,EACxC,yBAAyB,SAAS,GAAG,QAAQ;AAAA,EAC7C,wBAAwB,SAAS,GAAG,aAAa;AAAA,EACjD,YAAY;AAAA,IACR;AAAA,IACA,cAAc;AAAA,MACV,kBAAkB;AAAA,QACd;AAAA,QACA,UAAU;AAAA,UACN,MAAM,SAAS,GAAG,UAAU;AAAA,UAC5B,SAAS,iBAAiB,GAAG,QAAQ;AAAA,QACzC,CAAC;AAAA,MACL;AAAA,MACA,UAAU,SAAS,GAAG,UAAU,WAAW,uBAAuB,CAAC;AAAA,MACnE,kBAAkB,iBAAiB,GAAG,SAAS,QAAQ,CAAC;AAAA,MACxD,sBAAsB,SAAS,GAAG,cAAc,MAAM,EAAE,QAAQ,GAAG,CAAC,CAAC;AAAA,MACrE,wBAAwB,SAAS,GAAG,cAAc,MAAM,EAAE,QAAQ,GAAG,CAAC,CAAC;AAAA,MACvE,iBAAiB,yBAAyB,GAAG,aAAa;AAAA,IAC9D,CAAC;AAAA,EACL;AAAA,EACA,WAAW,SAAS,IAAI,aAAa;AACzC,CAAC;AAEE,MAAM,qBAAqB,sBAAsB;AAAA,EACpD,SAAS;AAAA,IACL,QAAQ,SAAS,IAAI,SAAS;AAAA,IAC9B,UAAU,iBAAiB,IAAI,WAAW;AAAA,EAC9C;AAAA,EACA,QAAQ;AACZ,CAAC;AAEM,MAAM,4BAA4B,sBAAsB;AAAA,EAC3D,SAAS;AAAA,IACL,QAAQ,SAAS,IAAI,SAAS;AAAA,IAC9B,UAAU,SAAS,IAAI,WAAW;AAAA,IAClC,uBAAuB,yBAAyB,IAAI,yBAAyB,EAAE,WAAW,EAAE,CAAC;AAAA,EACjG;AAAA,EACA,QAAQ;AACZ,CAAC;AAEM,MAAM,6BAA6B,sBAAsB;AAAA,EAC5D,SAAS;AAAA,IACL,QAAQ,SAAS,IAAI,SAAS;AAAA,IAC9B,UAAU,iBAAiB,IAAI,WAAW;AAAA,EAC9C;AAAA,EACA,QAAQ;AACZ,CAAC;AAED,MAAM,qBAAqB,sBAAsB;AA8D1C,MAAM,8BAA8B,UAAU;AAAA,EACjD,eAAe,SAAS,GAAG,SAAS;AAAA,EACpC,UAAU,SAAS,GAAG,WAAW;AAAA,EACjC,gBAAgB,SAAS,GAAG,SAAS,WAAW,EAAE,WAAW,GAAG,WAAW,IAAI,CAAC,CAAC;AAAA,EACjF,cAAc,SAAS,GAAG,SAAS;AAAA,EACnC,eAAe,SAAS,GAAG,UAAU,MAAM,EAAE,QAAQ,GAAG,CAAC,CAAC;AAAA,EAC1D,eAAe,SAAS,GAAG,QAAQ;AAAA,EACnC,qBAAqB,SAAS,GAAG,SAAS;AAAA,EAC1C,eAAe,SAAS,GAAG,SAAS;AAAA,EACpC,mBAAmB,SAAS,GAAG,QAAQ;AAAA,EACvC,mBAAmB,iBAAiB,GAAG,WAAW;AAAA,EAClD,oBAAoB,iBAAiB,IAAI,SAAS;AAAA,EAClD,mBAAmB;AAAA,IACf;AAAA,IACA,SAAS,cAAc,MAAM,EAAE,QAAQ,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,WAAW,GAAG,CAAC;AAAA,EACjF;AACJ,CAAC;AAYD,SAAS,sBAAsB,MAAgC;AAC3D,QAAM,MAAM,CAAC;AACb,SAAO,QAAQ,IAAI,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAC3C,QAAI,UAAU,QAAW;AACrB;AAAA,IACJ;AACA,YAAQ,KAAK;AAAA,MACT,KAAK;AACD,YAAI,aAAa,KAAK,WAAW,KAAe;AAChD;AAAA,MACJ,KAAK;AACD,YAAI,WAAW,KAAK,QAAQ,KAAe;AAC3C;AAAA,MACJ,KAAK;AACD,YAAI,YAAY,KAAK,aAAa,KAAe;AACjD;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,YAAY,KAAe;AAClD;AAAA,MACJ,KAAK;AACD,YAAI,eAAe,KAAK,aAAa,KAAe;AACpD;AAAA,MACJ,KAAK;AACD,YAAI,sBAAsB,KAAK,oBAAoB,KAAe;AAClE;AAAA,MACJ,KAAK;AACD,YAAI,UAAU,KAAK,iBAAiB,KAAe;AACnD;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,uBAAuB,KAAe;AAC7D;AAAA,MACJ,KAAK;AACD,YAAI,QAAQ,KAAK,MAAM,KAAe;AACtC;AAAA,MACJ,KAAK;AACD,YAAI,OAAO,KAAK,KAAK,KAAe;AACpC;AAAA,MACJ,KAAK;AACD,YAAI,YAAY,KAAK,UAAU,KAAe;AAC9C;AAAA,MACJ,KAAK;AACD,YAAI,WAAW,KAAK,SAAS,KAAe;AAC5C;AAAA,MACJ,KAAK;AACD,YAAI,eAAe,KAAK,oBAAoB,KAAe;AAC3D;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,YAAY,KAAe;AAClD;AAAA,MACJ,KAAK;AACD,YAAI,YAAY,KAAK,UAAU,KAAe;AAC9C;AAAA,MACJ,KAAK;AACD,YAAI,kBAAkB,KAAK,gBAAgB,KAAe;AAC1D;AAAA,MACJ,KAAK;AACD,YAAI,SAAS,cAAc,KAAe;AAC1C;AAAA,MACJ,KAAK;AACD,YAAI,oBAAoB,yBAAyB,KAAe;AAChE;AAAA,MACJ,KAAK;AACD,YAAI,SAAS,cAAc,KAAwB;AACnD;AAAA,MACJ,KAAK;AACD,YAAI,SAAS,cAAc,KAAwB;AACnD;AAAA,MACJ,KAAK;AACD,YAAI,WAAW,gBAAgB,KAAiB;AAChD;AAAA,MACJ,KAAK;AAID,cAAM,wBAAwB;AAC9B,6BAAqB,mBAAmB,qBAAqB;AAE7D,cAAM,OAAO,sBAAsB,CAAC;AACpC,cAAM,OAAO,sBAAsB,CAAC;AACpC,cAAM,OAAO,sBAAsB,CAAC;AACpC,YAAI,SAAS,QAAW;AACpB,cAAI,wBAAwB,cAAc,IAAI;AAAA,QAClD;AACA,YAAI,SAAS,QAAW;AACpB,cAAI,wBAAwB,cAAc,IAAI;AAAA,QAClD;AACA,YAAI,SAAS,QAAW;AACpB,cAAI,wBAAwB,cAAc,IAAI;AAAA,QAClD;AACA;AAAA,MACJ,KAAK;AACD,YAAI,WAAW,gBAAgB,KAAiB;AAChD;AAAA,MACJ,KAAK;AACD,YAAI,YAAY,iBAAiB,KAAe;AAChD;AAAA,MACJ,KAAK;AACD,YAAI,eAAe,KAAK,WAAW,OAAiB,IAAI;AACxD;AAAA,MACJ,KAAK;AACD,YAAI,aAAa,KAAK,QAAQ,OAAiB,IAAI;AACnD;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,aAAa,OAAiB,IAAI;AACzD;AAAA,MACJ,KAAK;AACD,YAAI,gBAAgB,KAAK,YAAY,OAAiB,IAAI;AAC1D;AAAA,MACJ,KAAK;AACD,YAAI,iBAAiB,KAAK,aAAa,OAAiB,IAAI;AAC5D;AAAA,MACJ,KAAK;AACD,YAAI,wBAAwB,KAAK,oBAAoB,OAAiB,IAAI;AAC1E;AAAA,MACJ,KAAK;AACD,YAAI,YAAY,KAAK,iBAAiB,OAAiB,IAAI;AAC3D;AAAA,MACJ,KAAK;AACD,YAAI,gBAAgB,KAAK,uBAAuB,OAAiB,IAAI;AACrE;AAAA,MACJ,KAAK;AACD,YAAI,UAAU,KAAK,MAAM,OAAiB,IAAI;AAC9C;AAAA,MACJ,KAAK;AACD,YAAI,SAAS,KAAK,KAAK,OAAiB,IAAI;AAC5C;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,UAAU,OAAiB,IAAI;AACtD;AAAA,MACJ,KAAK;AACD,YAAI,aAAa,KAAK,SAAS,OAAiB,IAAI;AACpD;AAAA,MACJ,KAAK;AACD,YAAI,iBAAiB,KAAK,oBAAoB,OAAiB,IAAI;AACnE;AAAA,MACJ,KAAK;AACD,YAAI,gBAAgB,KAAK,YAAY,OAAiB,IAAI;AAC1D;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,UAAU,OAAiB,IAAI;AACtD;AAAA,IACR;AAAA,EACJ,CAAC;AACD,SAAO;AACX;AAEA,SAAS,iBAAiB,YAA2C;AACjE,QAAM,MAAM,CAAC;AACb,SAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACjD,QAAI,UAAU,QAAW;AACrB;AAAA,IACJ;AACA,YAAQ,KAAK;AAAA,MACT,KAAK;AACD,YAAI,mBAAmB,KAAK,iBAAiB,KAAK;AAClD;AAAA,MACJ,KAAK;AACD,YAAI,WAAW,KAAK;AAAA,UAChB,wBAAwB,OAAO,KAAiE;AAAA,QACpG;AACA;AAAA,MACJ,KAAK;AACD,YAAI,mBAAmB,KAAK,iBAAiB,KAA6B;AAC1E;AAAA,MACJ,KAAK;AACD,YAAI,uBAAuB,KAAK,qBAAqB,KAAkB;AACvE;AAAA,MACJ,KAAK;AACD,YAAI,yBAAyB,KAAK,uBAAuB,KAAkB;AAC3E;AAAA,MACJ,KAAK;AACD,YAAI,kBAAkB,SAAS,UAAU,OAAO,GAAK,SAAqC,CAAC,CAAE,CAAC;AAC9F;AAAA,IACR;AAAA,EACJ,CAAC;AACD,SAAO;AACX;AAEO,MAAM,mBAAmB;AAAA,EAC5B,OAAO,2BAA2B;AAAA,IAC9B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ,GAA8B;AAC1B,UAAM;AAAA,MACF,kBAAkB,EAAE,MAAM,QAAQ;AAAA,IACtC,IAAI;AACJ,QAAI,CAAC,QAAQ,YAAY,QAAW;AAChC,YAAM,IAAI,iBAAiB,wDAAwD;AAAA,IACvF;AACA,WAAO;AAAA,MACH,SAAS,cAAc,GAAG,CAAC;AAAA;AAAA,MAC3B,cAAc,iBAAiB,QAAQ,SAAS,YAAY;AAAA,MAC5D,oBAAoB,KAAK;AAAA,MACzB,QAAQ,sBAAsB,MAAM;AAAA,MACpC,UAAU;AAAA,QACN,WAAW,eAAe,SAAS;AAAA,QACnC,UAAU,eAAe,QAAQ;AAAA,MACrC;AAAA,MACA,SAAS,sBAAsB,OAAO;AAAA,MACtC,WAAW,KAAK,sBAAsB,sBAAsB;AAAA,MAC5D,YAAY,cAAc,GAAG,iBAAiB,UAAU,CAAC;AAAA,IAC7D;AAAA,EACJ;AAAA,EAEA,OAAO,mBAAmB,MAAiC;AACvD,WAAO,SAAS,OAAO,KAAK,2BAA2B,IAAI,CAAC;AAAA,EAChE;AAAA,EAEA,OAAO,eAAe,MAAiC;AACnD,UAAM;AAAA,MACF,YAAY;AAAA,QACR,kBAAkB,EAAE,KAAK;AAAA,MAC7B;AAAA,IACJ,IAAI;AACJ,QAAI,CAAC,MAAM;AACP,YAAM,IAAI,iBAAiB,gCAAgC;AAAA,IAC/D;AACA,WAAO,KAAK,mBAAmB,IAAI;AAAA,EACvC;AAAA,EAEA,OAAO,yBAAyB,MAAyC;AACrE,UAAM;AAAA,MACF,YAAY;AAAA,QACR,kBAAkB,EAAE,KAAK;AAAA,MAC7B;AAAA,IACJ,IAAI;AACJ,QAAI,CAAC,MAAM;AACP,YAAM,IAAI,iBAAiB,wCAAwC;AAAA,IACvE;AACA,WAAO,KAAK,mBAAmB,IAAI;AAAA,EACvC;AAAA,EAEA,OAAO,0BAA0B,MAAwC;AACrE,UAAM;AAAA,MACF,QAAQ,EAAE,QAAQ,OAAO;AAAA,MACzB,YAAY;AAAA,QACR,kBAAkB,EAAE,KAAK;AAAA,MAC7B;AAAA,IACJ,IAAI;AACJ,QAAI,WAAW,UAAa,WAAW,QAAW;AAC9C,YAAM,IAAI,iBAAiB,wEAAwE;AAAA,IACvG;AACA,QAAI,MAAM;AACN,YAAM,IAAI,iBAAiB,gDAAgD;AAAA,IAC/E;AAEA,WAAO,KAAK,mBAAmB,IAAI;AAAA,EACvC;AAAA,EAEA,OAAO,4BAA4B,MAA8C,KAAU;AACvF,UAAM,cAAc,KAAK,2BAA2B,IAAI;AACxD,WAAO,SAAS,OAAO;AAAA,MACnB;AAAA,MACA,eAAe,KAAK;AAAA,MACpB,WAAW,aAAa,OAAO,KAAK,KAAK,SAAS,OAAO,WAAW,GAAG,KAAK,CAAC;AAAA,IACjF,CAAC;AAAA,EACL;AAAA,EAEA,OAAO,yCACH,MACA,KACF;AACE,UAAM,cAAc,KAAK,2BAA2B,IAAI;AACxD,WAAO,SAAS,OAAO;AAAA,MACnB;AAAA,MACA,eAAe,KAAK;AAAA,MACpB,WAAW,aAAa,OAAO,KAAK,KAAK,SAAS,OAAO,WAAW,GAAG,KAAK,CAAC;AAAA,IACjF,CAAC;AAAA,EACL;AAAA,EAEA,OAAO,sCAAsC,MAAwD,KAAU;AAC3G,UAAM,cAAc,KAAK,2BAA2B,IAAI;AACxD,WAAO,SAAS,OAAO;AAAA,MACnB;AAAA,MACA,eAAe,KAAK;AAAA,MACpB,WAAW,aAAa,OAAO,KAAK,KAAK,SAAS,OAAO,WAAW,GAAG,KAAK,CAAC;AAAA,IACjF,CAAC;AAAA,EACL;AAAA,EAEA,OAAO,+BACH,UACA,sBACA,YACF;AACE,UAAM,cAAc;AAAA,MAChB,SAAS;AAAA,MACT,iBAAiB,CAAC,UAAU;AAAA,MAC5B,kBAAkB,MAAM,KAAK,QAAQ;AAAA,MACrC,YAAY;AAAA,QACR;AAAA,UACI,SAAS;AAAA,UACT,sBAAsB,mBAAmB,GAAG,oBAAoB;AAAA,UAChE,iBAAiB;AAAA,UACjB,oBAAoB,KAAK;AAAA,UACzB,WAAW,OAAO,KAAK,YAAY,UAAU,KAAK;AAAA,QACtD;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO,SAAS,OAAO,MAAM,WAAW,WAAW,CAAC;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,iCAAiC,MAA0E;AAC9G,QAAI,KAAK,aAAa,SAAS;AAC3B,YAAM,IAAI;AAAA,QACN,8EAA8E,KAAK,aAAa,MAAM;AAAA,MAC1G;AAEJ,QAAI,KAAK,uBAAuB,GAAG;AAE/B,YAAM,IAAI,iBAAiB,oCAAoC,KAAK,kBAAkB,EAAE;AAAA,IAC5F;AAEA,QAAI,KAAK,uBAAuB,GAAG;AAE/B,YAAM,IAAI,iBAAiB,qCAAqC,KAAK,kBAAkB,EAAE;AAAA,IAC7F;AAEA,QAAI,KAAK,4BAA4B,GAAG;AAEpC,YAAM,IAAI,iBAAiB,0CAA0C,KAAK,uBAAuB,EAAE;AAAA,IACvG;AAGA,QAAI,OAAO,KAAK,KAAK,OAAO,EAAE,SAAS,GAAG;AACtC,YAAM,IAAI,iBAAiB,wDAAwD;AAAA,IACvF;AACA,QAAI,OAAO,KAAK,KAAK,MAAM,EAAE,SAAS,GAAG;AACrC,YAAM,IAAI,iBAAiB,uDAAuD;AAAA,IACtF;AAIA,QAAI,KAAK,YAAY,MAAO,KAAK,MAAM,GAAG;AACtC,aAAO,KAAK,gDAAgD,KAAK,YAAY,GAAI,OAAO,KAAK,MAAM,CAAC,EAAE;AAAA,IAI1G;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,sBAAsB,UAA2B;AACpD,uBAAmB,iCAAiC,QAAQ;AAG5D,QAAI,YAAY,SAAS,SAAS;AAC9B,YAAM,IAAI,iBAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,SAAS,QAAQ,aAAa,QAAW;AACzC,UAAI,MAAM,QAAQ,SAAS,QAAQ,QAAQ,GAAG;AAC1C,cAAM,IAAI;AAAA,UACN,wCAAwC,OAAO,OAAO,SAAS,QAAQ,QAAQ,CAAC;AAAA,QACpF;AAAA,MACJ;AAEA,UAAI,SAAS,QAAQ,aAAa,SAAS,CAAC,GAAG;AAC3C,cAAM,IAAI;AAAA,UACN,wCAAwC,OAAO,OAAO,SAAS,QAAQ,QAAQ,CAAC;AAAA,QACpF;AAAA,MACJ;AAAA,IACJ;AAGA,QAAI,YAAY,SAAS,SAAS;AAC9B,YAAM,IAAI,iBAAiB,8CAA8C;AAAA,IAC7E;AAGA,QAAI,SAAS,QAAQ,WAAW,UAAa,MAAM,QAAQ,SAAS,QAAQ,MAAM,GAAG;AACjF,YAAM,IAAI,iBAAiB,uCAAuC,OAAO,OAAO,SAAS,QAAQ,MAAM,CAAC,EAAE;AAAA,IAC9G;AAGA,QAAI,2BAA2B,SAAS,SAAS;AAC7C,YAAM,IAAI,iBAAiB,4DAA4D;AAAA,IAC3F;AAGA,QAAI,SAAS,WAAW,iBAAiB,SAAS,MAAM;AACpD,YAAM,IAAI,iBAAiB,8CAA8C;AAAA,IAC7E;AAMA,QAAI,CAAC,SAAS,WAAW,SAAS,eAAe,CAAC,SAAS,WAAW,SAAS,SAAS;AACpF,YAAM,IAAI,iBAAiB,kEAAkE;AAAA,IACjG;AAGA,QAAI,SAAS,WAAW,qBAAqB,QAAW;AACpD,YAAM,IAAI,iBAAiB,sDAAsD;AAAA,IACrF;AAGA,QAAI,SAAS,WAAW,yBAAyB,QAAW;AACxD,YAAM,IAAI,iBAAiB,sDAAsD;AAAA,IACrF;AACA,QAAI,SAAS,WAAW,qBAAqB,WAAW,IAAI;AACxD,YAAM,IAAI,iBAAiB,wDAAwD;AAAA,IACvF;AAGA,QAAI,SAAS,WAAW,2BAA2B,QAAW;AAC1D,YAAM,IAAI,iBAAiB,wDAAwD;AAAA,IACvF;AACA,QAAI,SAAS,WAAW,uBAAuB,WAAW,IAAI;AAC1D,YAAM,IAAI,iBAAiB,0DAA0D;AAAA,IACzF;AAGA,QAAI,CAAC,SAAS,WAAW,uBAAuB,OAAO,SAAS,WAAW,oBAAoB,GAAG;AAC9F,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AAAA,EAIJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,iCACH,eACA,SACF;AACE,uBAAmB,iCAAiC,OAAO;AAG3D,QAAI,QAAQ,QAAQ,WAAW,UAAa,MAAM,QAAQ,QAAQ,QAAQ,MAAM,GAAG;AAC/E,YAAM,IAAI,iBAAiB,sCAAsC,OAAO,OAAO,QAAQ,QAAQ,MAAM,CAAC,EAAE;AAAA,IAC5G;AAEA,QAAI,CAAC,OAAO,oBAAoB,QAAQ,QAAQ,MAAM,GAAG;AACrD,YAAM,IAAI,iBAAiB,sCAAsC,OAAO,OAAO,QAAQ,QAAQ,MAAM,CAAC,EAAE;AAAA,IAC5G;AAGA,QAAI,QAAQ,QAAQ,aAAa,UAAa,MAAM,QAAQ,QAAQ,QAAQ,QAAQ,GAAG;AACnF,YAAM,IAAI;AAAA,QACN,wCAAwC,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,MACnF;AAAA,IACJ;AAEA,QAAI,QAAQ,QAAQ,aAAa,SAAS,CAAC,GAAG;AAC1C,YAAM,IAAI;AAAA,QACN,wCAAwC,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,MACnF;AAAA,IACJ;AAGA,QAAI,YAAY,QAAQ,SAAS;AAC7B,YAAM,IAAI,iBAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,YAAY,QAAQ,SAAS;AAC7B,YAAM,IAAI,iBAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,QAAQ,QAAQ,0BAA0B,QAAW;AACrD,2BAAqB,mBAAmB,QAAQ,QAAQ,qBAAqB;AAAA,IACjF;AAKA,QACI,cAAc,QAAQ,aAAa,UACnC,cAAc,QAAQ,aAAa,QAAQ,QAAQ,UACrD;AACE,YAAM,IAAI;AAAA,QACN,sFAAsF,OAAO;AAAA,UACzF,cAAc,QAAQ;AAAA,QAC1B,CAAC,QAAQ,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,MACpD;AAAA,IACJ;AAGA,QAAI,QAAQ,WAAW,iBAAiB,MAAM;AAC1C,YAAM,IAAI,iBAAiB,iDAAiD;AAAA,IAChF;AAMA,QAAI,CAAC,QAAQ,WAAW,SAAS,kBAAkB;AAC/C,YAAM,IAAI,iBAAiB,6DAA6D;AAAA,IAC5F;AAGA,QACI,QAAQ,WAAW,qBAAqB,UACvC,CAAC,QAAQ,WAAW,iBAAiB,SAAS,CAAC,KAAK,CAAC,QAAQ,WAAW,iBAAiB,SAAS,CAAC,GACtG;AACE,YAAM,IAAI;AAAA,QACN,8EAA8E,OAAO,OAAO,QAAQ,WAAW,gBAAgB,CAAC;AAAA,MACpI;AAAA,IACJ;AAGA,QAAI,QAAQ,WAAW,yBAAyB,QAAW;AACvD,YAAM,IAAI,iBAAiB,qDAAqD;AAAA,IACpF;AACA,QAAI,QAAQ,WAAW,qBAAqB,WAAW,IAAI;AACvD,YAAM,IAAI,iBAAiB,uDAAuD;AAAA,IACtF;AAGA,QAAI,QAAQ,WAAW,2BAA2B,QAAW;AACzD,YAAM,IAAI,iBAAiB,uDAAuD;AAAA,IACtF;AACA,QAAI,QAAQ,WAAW,uBAAuB,WAAW,IAAI;AACzD,YAAM,IAAI,iBAAiB,yDAAyD;AAAA,IACxF;AAGA,QAAI,CAAC,QAAQ,WAAW,uBAAuB,OAAO,cAAc,WAAW,oBAAoB,GAAG;AAClG,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,UAAU,cAAc,sBAAsB;AAAA,MAC9C,KAAK,0BAA0B,OAAO;AAAA,MACtC,QAAQ;AAAA,IACZ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,gCAAgC,UAA2B,SAAkC;AAChG,uBAAmB,iCAAiC,OAAO;AAG3D,QAAI,YAAY,QAAQ,SAAS;AAC7B,YAAM,IAAI,iBAAiB,4CAA4C;AAAA,IAC3E;AAGA,QAAI,QAAQ,QAAQ,aAAa,QAAW;AACxC,UAAI,MAAM,QAAQ,QAAQ,QAAQ,QAAQ,GAAG;AACzC,cAAM,IAAI;AAAA,UACN,wCAAwC,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,QACnF;AAAA,MACJ;AAEA,UAAI,QAAQ,QAAQ,aAAa,SAAS,CAAC,GAAG;AAC1C,cAAM,IAAI;AAAA,UACN,wCAAwC,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,QACnF;AAAA,MACJ;AAEA,UAAI,SAAS,QAAQ,aAAa,QAAQ,QAAQ,UAAU;AACxD,cAAM,IAAI;AAAA,UACN,sFAAsF,OAAO;AAAA,YACzF,SAAS,QAAQ;AAAA,UACrB,CAAC,QAAQ,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,QACpD;AAAA,MACJ;AAAA,IACJ;AAGA,QAAI,QAAQ,QAAQ,WAAW,UAAa,MAAM,QAAQ,QAAQ,QAAQ,MAAM,GAAG;AAC/E,YAAM,IAAI,iBAAiB,sCAAsC,OAAO,OAAO,QAAQ,QAAQ,MAAM,CAAC,EAAE;AAAA,IAC5G;AAGA,QAAI,YAAY,QAAQ,SAAS;AAC7B,YAAM,IAAI,iBAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,2BAA2B,QAAQ,SAAS;AAC5C,YAAM,IAAI,iBAAiB,2DAA2D;AAAA,IAC1F;AAKA,QAAI,SAAS,QAAQ,aAAa,QAAQ,QAAQ,UAAU;AACxD,YAAM,IAAI;AAAA,QACN,sFAAsF,OAAO;AAAA,UACzF,SAAS,QAAQ;AAAA,QACrB,CAAC,QAAQ,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,MACpD;AAAA,IACJ;AAGA,QAAI,SAAS,QAAQ,WAAW,QAAQ,OAAO,QAAQ;AACnD,YAAM,IAAI;AAAA,QACN,kFAAkF,OAAO;AAAA,UACrF,SAAS,QAAQ;AAAA,QACrB,CAAC,QAAQ,OAAO,OAAO,QAAQ,OAAO,MAAM,CAAC;AAAA,MACjD;AAAA,IACJ;AAGA,QAAI,CAAC,QAAQ,WAAW,iBAAiB,MAAM;AAC3C,YAAM,IAAI,iBAAiB,6CAA6C;AAAA,IAC5E;AAMA,QAAI,CAAC,QAAQ,WAAW,SAAS,eAAe,CAAC,QAAQ,WAAW,SAAS,SAAS;AAClF,YAAM,IAAI,iBAAiB,oEAAoE;AAAA,IACnG;AAGA,QAAI,QAAQ,WAAW,qBAAqB,QAAW;AACnD,YAAM,IAAI,iBAAiB,qDAAqD;AAAA,IACpF;AAGA,QAAI,QAAQ,WAAW,yBAAyB,QAAW;AACvD,YAAM,IAAI,iBAAiB,qDAAqD;AAAA,IACpF;AACA,QAAI,QAAQ,WAAW,qBAAqB,WAAW,IAAI;AACvD,YAAM,IAAI,iBAAiB,uDAAuD;AAAA,IACtF;AAGA,QAAI,QAAQ,WAAW,2BAA2B,QAAW;AACzD,YAAM,IAAI,iBAAiB,uDAAuD;AAAA,IACtF;AACA,QAAI,QAAQ,WAAW,uBAAuB,WAAW,IAAI;AACzD,YAAM,IAAI,iBAAiB,yDAAyD;AAAA,IACxF;AAGA,QAAI,CAAC,QAAQ,WAAW,uBAAuB,OAAO,SAAS,WAAW,oBAAoB,GAAG;AAC7F,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,UAAU,SAAS,sBAAsB;AAAA,MACzC,KAAK,yBAAyB,OAAO;AAAA,MACrC,QAAQ;AAAA,IACZ;AAAA,EACJ;AAAA,EAEA,OAAO,gCAAgC,KAAU;AAC7C,UAAM,UAAU;AAAA,MACZ,SAAS;AAAA,MACT,SAAS,EAAE,cAAc,KAAK,iBAAiB,KAAK,EAAE;AAAA,MACtD,WAAW,KAAK,sBAAsB,IAAI,SAAS;AAAA,MACnD,gBAAgB,cAAc,CAAC;AAAA,IACnC;AAEA,WAAO,SAAS,OAAO;AAAA,MACnB;AAAA,MACA,eAAe,KAAK;AAAA,MACpB,WAAW,aAAa,OAAO,KAAK,KAAK,SAAS,OAAO,OAAO,GAAG,KAAK,CAAC;AAAA,IAC7E,CAAC;AAAA,EACL;AAAA,EAEA,OAAO,oBAAoB,KAAgB;AACvC,UAAM,EAAE,CAAC,YAAY,GAAG,aAAa,IAAI,SAAS,OAAO,GAAG;AAC5D,QAAI,cAAc,WAAW,EAAG,OAAM,IAAI,iBAAiB,kBAAkB;AAC7E,UAAM,CAAC,aAAa,mBAAmB,aAAa,IAAI;AAGxD,UAAM,EAAE,CAAC,YAAY,GAAG,gBAAgB,IAAI;AAC5C,QAAI,iBAAiB,WAAW,EAAG,OAAM,IAAI,iBAAiB,kBAAkB;AAChF,UAAM,CAAC,aAAa,cAAc,aAAa,IAAI;AACnD,UAAM,iBAAiB,YAAY,SAAS,EAAE,CAAC;AAC/C,QAAI,mBAAmB,EAAG,OAAM,IAAI,iBAAiB,8BAA8B,cAAc,EAAE;AAGnG,UAAM,EAAE,CAAC,YAAY,GAAG,kBAAkB,IAAI;AAC9C,QAAI,mBAAmB,WAAW,EAAG,OAAM,IAAI,iBAAiB,kBAAkB;AAClF,UAAM,CAAC,oBAAoB,kBAAkB,IAAI;AAEjD,UAAM,YAAY,mBAAmB,SAAS;AAG9C,QAAI,CAAC,KAAK,gBAAgB,aAAa,EAAE,SAAS,EAAE,OAAO,kBAAkB,YAAY,IAAI,CAAC,IAAI,SAAS,CAAC;AACxG,YAAM,IAAI,iBAAiB,4BAA4B;AAC3D,WAAO,OAAO,UAAU,SAAS,GAAG,SAAS,OAAO,WAAW,GAAG,cAAc,SAAS,GAAG,KAAK;AAEjG,WAAO;AAAA,EACX;AACJ;",
4
+ "sourcesContent": ["/**\n * @license\n * Copyright 2022-2024 Matter.js Authors\n * SPDX-License-Identifier: Apache-2.0\n */\n\nimport {\n BitByteArray,\n BYTES_KEY,\n ContextTagged,\n ContextTaggedBytes,\n DatatypeOverride,\n DerCodec,\n DerObject,\n DerType,\n ELEMENTS_KEY,\n OBJECT_ID_KEY,\n RawBytes,\n} from \"../codec/DerCodec.js\";\nimport { MatterError } from \"../common/MatterError.js\";\nimport { Crypto } from \"../crypto/Crypto.js\";\nimport { Key, PublicKey } from \"../crypto/Key.js\";\nimport { CaseAuthenticatedTag, TlvCaseAuthenticatedTag } from \"../datatype/CaseAuthenticatedTag.js\";\nimport { FabricId, TlvFabricId } from \"../datatype/FabricId.js\";\nimport { NodeId, TlvNodeId } from \"../datatype/NodeId.js\";\nimport { TlvVendorId, VendorId } from \"../datatype/VendorId.js\";\nimport { Logger } from \"../log/Logger.js\";\nimport { BitFlag, BitmapSchema, TypeFromPartialBitSchema } from \"../schema/BitmapSchema.js\";\nimport { Time } from \"../time/Time.js\";\nimport { TlvArray } from \"../tlv/TlvArray.js\";\nimport { TlvBoolean } from \"../tlv/TlvBoolean.js\";\nimport { TlvBitmap, TlvUInt16, TlvUInt32, TlvUInt64, TlvUInt8 } from \"../tlv/TlvNumber.js\";\nimport { TlvField, TlvObject, TlvOptionalField, TlvOptionalRepeatedField, TlvTaggedList } from \"../tlv/TlvObject.js\";\nimport { TypeFromSchema } from \"../tlv/TlvSchema.js\";\nimport { TlvByteString, TlvString } from \"../tlv/TlvString.js\";\nimport { ByteArray } from \"../util/ByteArray.js\";\nimport { Pkcs7, SHA256_CMS, X509, X520, X962 } from \"./CertificateDerTypes.js\";\n\nconst logger = Logger.get(\"CertificateManager\");\n\nexport class CertificateError extends MatterError {}\n\nconst YEAR_S = 365 * 24 * 60 * 60;\nconst EPOCH_OFFSET_S = 10957 * 24 * 60 * 60;\n\n// TODO replace usage of Date by abstraction\n\nexport function matterToJsDate(date: number) {\n return date === 0 ? X520.NON_WELL_DEFINED_DATE : new Date((date + EPOCH_OFFSET_S) * 1000);\n}\n\nexport function jsToMatterDate(date: Date, addYears = 0) {\n return date.getTime() === X520.NON_WELL_DEFINED_DATE.getTime()\n ? 0\n : Math.floor(date.getTime() / 1000) - EPOCH_OFFSET_S + addYears * YEAR_S;\n}\n\nfunction intTo16Chars(value: bigint | number) {\n const byteArray = new ByteArray(8);\n const dataView = byteArray.getDataView();\n dataView.setBigUint64(0, typeof value === \"bigint\" ? value : BigInt(value));\n return byteArray.toHex().toUpperCase();\n}\n\nfunction uInt16To8Chars(value: number) {\n const byteArray = new ByteArray(4);\n const dataView = byteArray.getDataView();\n dataView.setUint32(0, value);\n return byteArray.toHex().toUpperCase();\n}\n\nfunction uInt16To4Chars(value: number) {\n const byteArray = new ByteArray(2);\n const dataView = byteArray.getDataView();\n dataView.setUint16(0, value);\n return byteArray.toHex().toUpperCase();\n}\n\n/**\n * Matter specific ASN.1 OIDs\n * @see {@link MatterSpecification.v12.Core} Appendix E\n */\n\n/**\n * Generator function to create a specific ASN field for a Matter OpCert DN with the OID base 1.3.6.1.4.1.37244.1.*.\n * The returned function takes the value and returns the ASN.1 DER object.\n */\nconst GenericMatterOpCertObject =\n <T>(id: number, valueConverter?: (value: T) => string) =>\n (value: T) => [\n DerObject(`2b0601040182a27c01${id.toString(16).padStart(2, \"0\")}`, {\n value: (valueConverter ?? intTo16Chars)(value as any),\n }),\n ];\n\n/**\n * Generator function to create a specific ASN field for a Matter AttCert DN with the OID base 1.3.6.1.4.1.37244.2.*.\n * The returned function takes the value and returns the ASN.1 DER object.\n */\nconst GenericMatterAttCertObject =\n <T>(id: number, valueConverter?: (value: T) => string) =>\n (value: T) => [\n DerObject(`2b0601040182a27c02${id.toString(16).padStart(2, \"0\")}`, {\n value: (valueConverter ?? intTo16Chars)(value as any),\n }),\n ];\n\n/** matter-node-id = ASN.1 OID 1.3.6.1.4.1.37244.1.1 */\nexport const NodeId_Matter = GenericMatterOpCertObject<NodeId>(1);\n\n/** matter-firmware-signing-id = ASN.1 OID 1.3.6.1.4.1.37244.1.2 */\nexport const FirmwareSigningId_Matter = GenericMatterOpCertObject<number>(2);\n\n/** matter-icac-id = ASN.1 OID 1.3.6.1.4.1.37244.1.3 */\nexport const IcacId_Matter = GenericMatterOpCertObject<bigint | number>(3);\n\n/** matter-rcac-id = ASN.1 OID 1.3.6.1.4.1.37244.1.4 */\nexport const RcacId_Matter = GenericMatterOpCertObject<bigint | number>(4);\n\n/** matter-fabric-id = ASN.1 OID 1.3.6.1.4.1.37244.1.5 */\nexport const FabricId_Matter = GenericMatterOpCertObject<FabricId>(5);\n\n/** matter-noc-cat = ASN.1 OID 1.3.6.1.4.1.37244.1.6 */\nexport const NocCat_Matter = GenericMatterOpCertObject<number>(6, uInt16To8Chars);\n\n/** matter-oid-vid = ASN.1 OID 1.3.6.1.4.1.37244.2.1 */\nexport const VendorId_Matter = GenericMatterAttCertObject<VendorId>(1, uInt16To4Chars);\n\n/** matter-oid-pid = ASN.1 OID 1.3.6.1.4.1.37244.2.2 */\nexport const ProductId_Matter = GenericMatterAttCertObject<number>(2, uInt16To4Chars);\n\n/** All defined Matter fields for subject and issuer that we always allow optionally to be encoded */\nconst AllowedSubjectAndIssuerMatterFields = {\n nodeId: TlvOptionalField(17, TlvNodeId),\n firmwareSigningId: TlvOptionalField(18, TlvUInt32),\n icacId: TlvOptionalField(19, TlvUInt64),\n rcacId: TlvOptionalField(20, TlvUInt64),\n fabricId: TlvOptionalField(21, TlvFabricId),\n caseAuthenticatedTags: TlvOptionalRepeatedField(22, TlvCaseAuthenticatedTag, { maxLength: 3 }),\n};\n\n/**\n * TLV schema for a generic subject or issuer field in a certificate. We handle all fields as optional here for the TLV\n * parsing and check required fields in the logic to make sure we return the correct errors.\n */\nconst TlvGenericMatterSubjectOrIssuerTaggedList = <T>(matterFields: T) => {\n const fields = {\n // Standard DNs\n commonName: TlvOptionalField(1, TlvString),\n sureName: TlvOptionalField(2, TlvString),\n serialNum: TlvOptionalField(3, TlvString),\n countryName: TlvOptionalField(4, TlvString),\n localityName: TlvOptionalField(5, TlvString),\n stateOrProvinceName: TlvOptionalField(6, TlvString),\n orgName: TlvOptionalField(7, TlvString),\n orgUnitName: TlvOptionalField(8, TlvString),\n title: TlvOptionalField(9, TlvString),\n name: TlvOptionalField(10, TlvString),\n givenName: TlvOptionalField(11, TlvString),\n initials: TlvOptionalField(12, TlvString),\n genQualifier: TlvOptionalField(13, TlvString),\n dnQualifier: TlvOptionalField(14, TlvString),\n pseudonym: TlvOptionalField(15, TlvString),\n domainComponent: TlvOptionalField(16, TlvString),\n\n // Matter specific DNs\n ...matterFields,\n\n // Standard DNs when encoded as Printable String\n commonNamePs: TlvOptionalField(129, TlvString),\n sureNamePs: TlvOptionalField(130, TlvString),\n serialNumPs: TlvOptionalField(131, TlvString),\n countryNamePs: TlvOptionalField(132, TlvString),\n localityNamePs: TlvOptionalField(133, TlvString),\n stateOrProvinceNamePs: TlvOptionalField(134, TlvString),\n orgNamePs: TlvOptionalField(135, TlvString),\n orgUnitNamePs: TlvOptionalField(136, TlvString),\n titlePs: TlvOptionalField(137, TlvString),\n namePs: TlvOptionalField(138, TlvString),\n givenNamePs: TlvOptionalField(139, TlvString),\n initialsPs: TlvOptionalField(140, TlvString),\n genQualifierPs: TlvOptionalField(141, TlvString),\n dnQualifierPs: TlvOptionalField(142, TlvString),\n pseudonymPs: TlvOptionalField(143, TlvString),\n };\n return TlvTaggedList(fields);\n};\n\nconst ExtensionKeyUsageBitmap = {\n digitalSignature: BitFlag(0),\n nonRepudiation: BitFlag(1),\n keyEncipherment: BitFlag(2),\n dataEncipherment: BitFlag(3),\n keyAgreement: BitFlag(4),\n keyCertSign: BitFlag(5),\n cRLSign: BitFlag(6),\n encipherOnly: BitFlag(7),\n decipherOnly: BitFlag(8),\n};\nconst ExtensionKeyUsageSchema = BitmapSchema(ExtensionKeyUsageBitmap);\n\n/**\n * This generator enhances the generic Matter Certificate definition by allowing to override the subject and issuer\n * fields. The overriding serves two needs:\n * 1. to make some fields mandatory for the Tlv parsing and definition for the typescript types\n * 2. have typing guidance when generating certificates ourself in code\n *\n * On Tlv definition level also all not specified allowed Matter Fields are optionally allowed and are decoded,\n * re-encoded into Tlv and also encoded into ASN if the certificate is converted. Just the typing system do not know\n * about them.\n */\nconst BaseMatterCertificate = <S, I>(matterFields?: { subject?: S; issuer?: I }) =>\n TlvObject({\n serialNumber: TlvField(1, TlvByteString.bound({ maxLength: 20 })),\n signatureAlgorithm: TlvField(2, TlvUInt8),\n issuer: TlvField(\n 3,\n TlvGenericMatterSubjectOrIssuerTaggedList<I>({\n ...AllowedSubjectAndIssuerMatterFields,\n ...(matterFields?.issuer ?? {}),\n } as I),\n ),\n notBefore: TlvField(4, TlvUInt32),\n notAfter: TlvField(5, TlvUInt32),\n subject: TlvField(\n 6,\n TlvGenericMatterSubjectOrIssuerTaggedList<S>({\n ...AllowedSubjectAndIssuerMatterFields,\n ...(matterFields?.subject ?? {}),\n } as S),\n ),\n publicKeyAlgorithm: TlvField(7, TlvUInt8),\n ellipticCurveIdentifier: TlvField(8, TlvUInt8),\n ellipticCurvePublicKey: TlvField(9, TlvByteString),\n extensions: TlvField(\n 10,\n TlvTaggedList({\n basicConstraints: TlvField(\n 1,\n TlvObject({\n isCa: TlvField(1, TlvBoolean),\n pathLen: TlvOptionalField(2, TlvUInt8),\n }),\n ),\n keyUsage: TlvField(2, TlvBitmap(TlvUInt16, ExtensionKeyUsageBitmap)),\n extendedKeyUsage: TlvOptionalField(3, TlvArray(TlvUInt8)),\n subjectKeyIdentifier: TlvField(4, TlvByteString.bound({ length: 20 })),\n authorityKeyIdentifier: TlvField(5, TlvByteString.bound({ length: 20 })),\n futureExtension: TlvOptionalRepeatedField(6, TlvByteString),\n }),\n ),\n signature: TlvField(11, TlvByteString),\n });\n\nexport const TlvRootCertificate = BaseMatterCertificate({\n subject: {\n rcacId: TlvField(20, TlvUInt64),\n fabricId: TlvOptionalField(21, TlvFabricId),\n },\n issuer: AllowedSubjectAndIssuerMatterFields,\n});\n\nexport const TlvOperationalCertificate = BaseMatterCertificate({\n subject: {\n nodeId: TlvField(17, TlvNodeId),\n fabricId: TlvField(21, TlvFabricId),\n caseAuthenticatedTags: TlvOptionalRepeatedField(22, TlvCaseAuthenticatedTag, { maxLength: 3 }),\n },\n issuer: AllowedSubjectAndIssuerMatterFields,\n});\n\nexport const TlvIntermediateCertificate = BaseMatterCertificate({\n subject: {\n icacId: TlvField(19, TlvUInt64),\n fabricId: TlvOptionalField(21, TlvFabricId),\n },\n issuer: AllowedSubjectAndIssuerMatterFields,\n});\n\nconst TlvBaseCertificate = BaseMatterCertificate();\n\ninterface AttestationCertificateBase {\n serialNumber: ByteArray;\n signatureAlgorithm: number;\n issuer: {};\n notBefore: number;\n notAfter: number;\n subject: {};\n publicKeyAlgorithm: number;\n ellipticCurveIdentifier: number;\n ellipticCurvePublicKey: ByteArray;\n extensions: {\n basicConstraints: {\n isCa: boolean;\n pathLen?: number;\n };\n keyUsage: TypeFromPartialBitSchema<typeof ExtensionKeyUsageBitmap>;\n extendedKeyUsage?: number[];\n subjectKeyIdentifier: ByteArray;\n authorityKeyIdentifier: ByteArray;\n futureExtension?: ByteArray[];\n };\n signature: ByteArray;\n}\n\nexport interface DeviceAttestationCertificate extends AttestationCertificateBase {\n issuer: {\n commonName: string;\n productId?: number;\n vendorId: VendorId;\n };\n subject: {\n commonName: string;\n productId: number;\n vendorId: VendorId;\n };\n}\n\nexport interface ProductAttestationIntermediateCertificate extends AttestationCertificateBase {\n issuer: {\n commonName: string;\n vendorId?: VendorId;\n };\n subject: {\n commonName: string;\n productId?: number;\n vendorId: VendorId;\n };\n}\n\nexport interface ProductAttestationAuthorityCertificate extends AttestationCertificateBase {\n issuer: {\n commonName: string;\n vendorId?: VendorId;\n };\n subject: {\n commonName: string;\n vendorId?: VendorId;\n };\n}\n\nexport const TlvCertificationDeclaration = TlvObject({\n formatVersion: TlvField(0, TlvUInt16),\n vendorId: TlvField(1, TlvVendorId),\n produceIdArray: TlvField(2, TlvArray(TlvUInt16, { minLength: 1, maxLength: 100 })),\n deviceTypeId: TlvField(3, TlvUInt32),\n certificateId: TlvField(4, TlvString.bound({ length: 19 })),\n securityLevel: TlvField(5, TlvUInt8),\n securityInformation: TlvField(6, TlvUInt16),\n versionNumber: TlvField(7, TlvUInt16),\n certificationType: TlvField(8, TlvUInt8),\n dacOriginVendorId: TlvOptionalField(9, TlvVendorId),\n dacOriginProductId: TlvOptionalField(10, TlvUInt16),\n authorizedPaaList: TlvOptionalField(\n 11,\n TlvArray(TlvByteString.bound({ length: 20 }), { minLength: 1, maxLength: 10 }),\n ),\n});\n\nexport type BaseCertificate = TypeFromSchema<typeof TlvBaseCertificate>;\nexport type RootCertificate = TypeFromSchema<typeof TlvRootCertificate>;\nexport type IntermediateCertificate = TypeFromSchema<typeof TlvIntermediateCertificate>;\nexport type OperationalCertificate = TypeFromSchema<typeof TlvOperationalCertificate>;\nexport type Unsigned<Type> = { [Property in keyof Type as Exclude<Property, \"signature\">]: Type[Property] };\n\n/**\n * Preserve order of keys from original subject and also copy potential custom elements\n * @param data\n */\nfunction subjectOrIssuerToAsn1(data: { [field: string]: any }) {\n const asn = {} as { [field: string]: any[] };\n Object.entries(data).forEach(([key, value]) => {\n if (value === undefined) {\n return;\n }\n switch (key) {\n case \"commonName\":\n asn.commonName = X520.CommonName(value as string);\n break;\n case \"sureName\":\n asn.sureName = X520.SurName(value as string);\n break;\n case \"serialNum\":\n asn.serialNum = X520.SerialNumber(value as string);\n break;\n case \"countryName\":\n asn.countryName = X520.CountryName(value as string);\n break;\n case \"localityName\":\n asn.localityName = X520.LocalityName(value as string);\n break;\n case \"stateOrProvinceName\":\n asn.stateOrProvinceName = X520.StateOrProvinceName(value as string);\n break;\n case \"orgName\":\n asn.orgName = X520.OrganisationName(value as string);\n break;\n case \"orgUnitName\":\n asn.orgUnitName = X520.OrganizationalUnitName(value as string);\n break;\n case \"title\":\n asn.title = X520.Title(value as string);\n break;\n case \"name\":\n asn.name = X520.Name(value as string);\n break;\n case \"givenName\":\n asn.givenName = X520.GivenName(value as string);\n break;\n case \"initials\":\n asn.initials = X520.Initials(value as string);\n break;\n case \"genQualifier\":\n asn.genQualifier = X520.GenerationQualifier(value as string);\n break;\n case \"dnQualifier\":\n asn.dnQualifier = X520.DnQualifier(value as string);\n break;\n case \"pseudonym\":\n asn.pseudonym = X520.Pseudonym(value as string);\n break;\n case \"domainComponent\":\n asn.domainComponent = X520.DomainComponent(value as string);\n break;\n case \"nodeId\":\n asn.nodeId = NodeId_Matter(value as NodeId);\n break;\n case \"firmwareSigningId\":\n asn.firmwareSigningId = FirmwareSigningId_Matter(value as number);\n break;\n case \"icacId\":\n asn.icacId = IcacId_Matter(value as number | bigint);\n break;\n case \"rcacId\":\n asn.rcacId = RcacId_Matter(value as number | bigint);\n break;\n case \"fabricId\":\n asn.fabricId = FabricId_Matter(value as FabricId);\n break;\n case \"caseAuthenticatedTags\":\n // In theory if someone mixes multiple caseAuthenticatedTag fields with other fields we currently would\n // code them in ASN.1 as fields at the first position from the original data which might fail\n // certificate validation. Changing this would require to change Tlv decoding, so lets try that way for now.\n const caseAuthenticatedTags = value as CaseAuthenticatedTag[];\n CaseAuthenticatedTag.validateNocTagList(caseAuthenticatedTags);\n\n const cat0 = caseAuthenticatedTags[0];\n const cat1 = caseAuthenticatedTags[1];\n const cat2 = caseAuthenticatedTags[2];\n if (cat0 !== undefined) {\n asn.caseAuthenticatedTag0 = NocCat_Matter(cat0);\n }\n if (cat1 !== undefined) {\n asn.caseAuthenticatedTag1 = NocCat_Matter(cat1);\n }\n if (cat2 !== undefined) {\n asn.caseAuthenticatedTag2 = NocCat_Matter(cat2);\n }\n break;\n case \"vendorId\": // Only relevant for ASN.1 encoding of DAC/PAA/PAI certificates\n asn.vendorId = VendorId_Matter(value as VendorId);\n break;\n case \"productId\": // Only relevant for ASN.1 encoding of DAC/PAA/PAI certificates\n asn.productId = ProductId_Matter(value as number);\n break;\n case \"commonNamePs\":\n asn.commonNamePs = X520.CommonName(value as string, true);\n break;\n case \"sureNamePs\":\n asn.sureNamePs = X520.SurName(value as string, true);\n break;\n case \"serialNumPs\":\n asn.serialNumPs = X520.SerialNumber(value as string, true);\n break;\n case \"countryNamePs\":\n asn.countryNamePs = X520.CountryName(value as string, true);\n break;\n case \"localityNamePs\":\n asn.localityNamePs = X520.LocalityName(value as string, true);\n break;\n case \"stateOrProvinceNamePs\":\n asn.stateOrProvinceNamePs = X520.StateOrProvinceName(value as string, true);\n break;\n case \"orgNamePs\":\n asn.orgNamePs = X520.OrganisationName(value as string, true);\n break;\n case \"orgUnitNamePs\":\n asn.orgUnitNamePs = X520.OrganizationalUnitName(value as string, true);\n break;\n case \"titlePs\":\n asn.titlePs = X520.Title(value as string, true);\n break;\n case \"namePs\":\n asn.namePs = X520.Name(value as string, true);\n break;\n case \"givenNamePs\":\n asn.givenNamePs = X520.GivenName(value as string, true);\n break;\n case \"initialsPs\":\n asn.initialsPs = X520.Initials(value as string, true);\n break;\n case \"genQualifierPs\":\n asn.genQualifierPs = X520.GenerationQualifier(value as string, true);\n break;\n case \"dnQualifierPs\":\n asn.dnQualifierPs = X520.DnQualifier(value as string, true);\n break;\n case \"pseudonymPs\":\n asn.pseudonymPs = X520.Pseudonym(value as string, true);\n break;\n }\n });\n return asn;\n}\n\nfunction extensionsToAsn1(extensions: BaseCertificate[\"extensions\"]) {\n const asn = {} as { [field: string]: any[] | any };\n Object.entries(extensions).forEach(([key, value]) => {\n if (value === undefined) {\n return;\n }\n switch (key) {\n case \"basicConstraints\":\n asn.basicConstraints = X509.BasicConstraints(value);\n break;\n case \"keyUsage\":\n asn.keyUsage = X509.KeyUsage(\n ExtensionKeyUsageSchema.encode(value as TypeFromPartialBitSchema<typeof ExtensionKeyUsageBitmap>),\n );\n break;\n case \"extendedKeyUsage\":\n asn.extendedKeyUsage = X509.ExtendedKeyUsage(value as number[] | undefined);\n break;\n case \"subjectKeyIdentifier\":\n asn.subjectKeyIdentifier = X509.SubjectKeyIdentifier(value as ByteArray);\n break;\n case \"authorityKeyIdentifier\":\n asn.authorityKeyIdentifier = X509.AuthorityKeyIdentifier(value as ByteArray);\n break;\n case \"futureExtension\":\n asn.futureExtension = RawBytes(ByteArray.concat(...((value as ByteArray[] | undefined) ?? [])));\n break;\n }\n });\n return asn;\n}\n\nexport class CertificateManager {\n static #genericBuildAsn1Structure({\n serialNumber,\n notBefore,\n notAfter,\n issuer,\n subject,\n ellipticCurvePublicKey,\n extensions,\n }: Unsigned<BaseCertificate>) {\n const {\n basicConstraints: { isCa, pathLen },\n } = extensions;\n if (!isCa && pathLen !== undefined) {\n throw new CertificateError(\"Path length must be undefined for non-CA certificates.\");\n }\n return {\n version: ContextTagged(0, 2), // v3\n serialNumber: DatatypeOverride(DerType.Integer, serialNumber),\n signatureAlgorithm: X962.EcdsaWithSHA256,\n issuer: subjectOrIssuerToAsn1(issuer),\n validity: {\n notBefore: matterToJsDate(notBefore),\n notAfter: matterToJsDate(notAfter),\n },\n subject: subjectOrIssuerToAsn1(subject),\n publicKey: X962.PublicKeyEcPrime256v1(ellipticCurvePublicKey),\n extensions: ContextTagged(3, extensionsToAsn1(extensions)),\n };\n }\n\n static #genericCertToAsn1(cert: Unsigned<BaseCertificate>) {\n return DerCodec.encode(this.#genericBuildAsn1Structure(cert));\n }\n\n static rootCertToAsn1(cert: Unsigned<RootCertificate>) {\n const {\n extensions: {\n basicConstraints: { isCa },\n },\n } = cert;\n if (!isCa) {\n throw new CertificateError(\"Root certificate must be a CA.\");\n }\n return this.#genericCertToAsn1(cert);\n }\n\n static intermediateCaCertToAsn1(cert: Unsigned<IntermediateCertificate>) {\n const {\n extensions: {\n basicConstraints: { isCa },\n },\n } = cert;\n if (!isCa) {\n throw new CertificateError(\"Intermediate certificate must be a CA.\");\n }\n return this.#genericCertToAsn1(cert);\n }\n\n static nodeOperationalCertToAsn1(cert: Unsigned<OperationalCertificate>) {\n const {\n issuer: { icacId, rcacId },\n extensions: {\n basicConstraints: { isCa },\n },\n } = cert;\n if (icacId === undefined && rcacId === undefined) {\n throw new CertificateError(\"Issuer RCAC or ICAC ID must be defined for an operational certificate.\");\n }\n if (isCa) {\n throw new CertificateError(\"Node operational certificate must not be a CA.\");\n }\n\n return this.#genericCertToAsn1(cert);\n }\n\n static deviceAttestationCertToAsn1(cert: Unsigned<DeviceAttestationCertificate>, key: Key) {\n const certificate = this.#genericBuildAsn1Structure(cert);\n return DerCodec.encode({\n certificate,\n signAlgorithm: X962.EcdsaWithSHA256,\n signature: BitByteArray(Crypto.sign(key, DerCodec.encode(certificate), \"der\")),\n });\n }\n\n static productAttestationIntermediateCertToAsn1(\n cert: Unsigned<ProductAttestationIntermediateCertificate>,\n key: Key,\n ) {\n const certificate = this.#genericBuildAsn1Structure(cert);\n return DerCodec.encode({\n certificate,\n signAlgorithm: X962.EcdsaWithSHA256,\n signature: BitByteArray(Crypto.sign(key, DerCodec.encode(certificate), \"der\")),\n });\n }\n\n static productAttestationAuthorityCertToAsn1(cert: Unsigned<ProductAttestationAuthorityCertificate>, key: Key) {\n const certificate = this.#genericBuildAsn1Structure(cert);\n return DerCodec.encode({\n certificate,\n signAlgorithm: X962.EcdsaWithSHA256,\n signature: BitByteArray(Crypto.sign(key, DerCodec.encode(certificate), \"der\")),\n });\n }\n\n static CertificationDeclarationToAsn1(\n eContent: ByteArray,\n subjectKeyIdentifier: ByteArray,\n privateKey: JsonWebKey,\n ) {\n const certificate = {\n version: 3,\n digestAlgorithm: [SHA256_CMS],\n encapContentInfo: Pkcs7.Data(eContent),\n signerInfo: [\n {\n version: 3,\n subjectKeyIdentifier: ContextTaggedBytes(0, subjectKeyIdentifier),\n digestAlgorithm: SHA256_CMS,\n signatureAlgorithm: X962.EcdsaWithSHA256,\n signature: Crypto.sign(privateKey, eContent, \"der\"),\n },\n ],\n };\n\n return DerCodec.encode(Pkcs7.SignedData(certificate));\n }\n\n /**\n * Validate general requirements a Matter certificate fields must fulfill.\n * Rules for this are listed in @see {@link MatterSpecification.v12.Core} \u00A76.5.x\n */\n static validateGeneralCertificateFields(cert: RootCertificate | OperationalCertificate | IntermediateCertificate) {\n if (cert.serialNumber.length > 20)\n throw new CertificateError(\n `Serial number must not be longer then 20 octets. Current serial number has ${cert.serialNumber.length} octets.`,\n );\n\n if (cert.signatureAlgorithm !== 1) {\n // ecdsa-with-sha256\n throw new CertificateError(`Unsupported signature algorithm: ${cert.signatureAlgorithm}`);\n }\n\n if (cert.publicKeyAlgorithm !== 1) {\n // ec-pub-key\n throw new CertificateError(`Unsupported public key algorithm: ${cert.publicKeyAlgorithm}`);\n }\n\n if (cert.ellipticCurveIdentifier !== 1) {\n // prime256v1\n throw new CertificateError(`Unsupported elliptic curve identifier: ${cert.ellipticCurveIdentifier}`);\n }\n\n // All implementations SHALL reject Matter certificates with more than 5 RDNs in a single DN.\n if (Object.keys(cert.subject).length > 5) {\n throw new CertificateError(`Certificate subject must not contain more than 5 RDNs.`);\n }\n if (Object.keys(cert.issuer).length > 5) {\n throw new CertificateError(`Certificate issuer must not contain more than 5 RDNs.`);\n }\n\n // notBefore date should be already reached, notAfter is not checked right now\n // TODO: implement real checks when we add \"Last known Good UTC time\"\n if (cert.notBefore * 1000 > Time.nowMs()) {\n logger.warn(`Certificate notBefore date is in the future: ${cert.notBefore * 1000} vs ${Time.nowMs()}`);\n /*throw new CertificateError(\n `Certificate notBefore date is in the future: ${cert.notBefore * 1000} vs ${Time.nowMs()}`,\n );*/\n }\n }\n\n /**\n * Verify requirements a Matter Root certificate must fulfill.\n * Rules for this are listed in @see {@link MatterSpecification.v12.Core} \u00A76.5.x\n */\n static verifyRootCertificate(rootCert: RootCertificate) {\n CertificateManager.validateGeneralCertificateFields(rootCert);\n\n // The subject DN SHALL NOT encode any matter-node-id attribute.\n if (\"nodeId\" in rootCert.subject) {\n throw new CertificateError(`Root certificate must not contain a nodeId.`);\n }\n\n // The subject DN MAY encode at most one matter-fabric-id attribute.\n if (rootCert.subject.fabricId !== undefined) {\n if (Array.isArray(rootCert.subject.fabricId)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(rootCert.subject.fabricId)}`,\n );\n }\n // If present, the matter-fabric-id attribute\u2019s value SHALL NOT be 0\n if (rootCert.subject.fabricId === FabricId(0)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(rootCert.subject.fabricId)}`,\n );\n }\n }\n\n // The subject DN SHALL NOT encode any matter-icac-id attribute.\n if (\"icacId\" in rootCert.subject) {\n throw new CertificateError(`Root certificate must not contain an icacId.`);\n }\n\n // The subject DN SHALL encode exactly one matter-rcac-id attribute.\n if (rootCert.subject.rcacId === undefined || Array.isArray(rootCert.subject.rcacId)) {\n throw new CertificateError(`Invalid rcacId in Root certificate: ${Logger.toJSON(rootCert.subject.rcacId)}`);\n }\n\n // The subject DN SHALL NOT encode any matter-noc-cat attribute.\n if (\"caseAuthenticatedTags\" in rootCert.subject) {\n throw new CertificateError(`Root certificate must not contain a caseAuthenticatedTags.`);\n }\n\n // The basic constraints extension SHALL be encoded with is-ca set to true.\n if (rootCert.extensions.basicConstraints.isCa !== true) {\n throw new CertificateError(`Root certificate must have isCa set to true.`);\n }\n\n // The key usage extension SHALL be encoded with exactly two flags: keyCertSign (0x0020) and CRLSign (0x0040).\n // Formally the check should be the following line but Amazon uses a wrong Root cert which also has\n // digitalCertificate set, so we just check the the two needed are set and ignore additionally set parameters.\n //if (ExtensionKeyUsageSchema.encode(rootCert.extensions.keyUsage) !== 0x0060) {\n if (!rootCert.extensions.keyUsage.keyCertSign || !rootCert.extensions.keyUsage.cRLSign) {\n throw new CertificateError(`Root certificate keyUsage must have keyCertSign and CRLSign set.`);\n }\n\n // The extended key usage extension SHALL NOT be present.\n if (rootCert.extensions.extendedKeyUsage !== undefined) {\n throw new CertificateError(`Root certificate must not have extendedKeyUsage set.`);\n }\n\n // The subject key identifier extension SHALL be present and 160 bit long.\n if (rootCert.extensions.subjectKeyIdentifier === undefined) {\n throw new CertificateError(`Root certificate must have subjectKeyIdentifier set.`);\n }\n if (rootCert.extensions.subjectKeyIdentifier.length !== 20) {\n throw new CertificateError(`Root certificate subjectKeyIdentifier must be 160 bit.`);\n }\n\n // The authority key identifier extension SHALL be present and 160 bit long.\n if (rootCert.extensions.authorityKeyIdentifier === undefined) {\n throw new CertificateError(`Root certificate must have authorityKeyIdentifier set.`);\n }\n if (rootCert.extensions.authorityKeyIdentifier.length !== 20) {\n throw new CertificateError(`Root certificate authorityKeyIdentifier must be 160 bit.`);\n }\n\n // The authority key identifier extension SHALL be equal to the subject key identifier extension.\n if (!rootCert.extensions.authorityKeyIdentifier.equals(rootCert.extensions.subjectKeyIdentifier)) {\n throw new CertificateError(\n `Root certificate authorityKeyIdentifier must be equal to subjectKeyIdentifier.`,\n );\n }\n\n Crypto.verify(PublicKey(rootCert.ellipticCurvePublicKey), this.rootCertToAsn1(rootCert), rootCert.signature);\n }\n\n /**\n * Verify requirements a Matter Node Operational certificate must fulfill.\n * Rules for this are listed in @see {@link MatterSpecification.v12.Core} \u00A76.5.x\n */\n static verifyNodeOperationalCertificate(\n rootOrIcaCert: RootCertificate | IntermediateCertificate,\n nocCert: OperationalCertificate,\n ) {\n CertificateManager.validateGeneralCertificateFields(nocCert);\n\n // The subject DN SHALL encode exactly one matter-node-id attribute.\n if (nocCert.subject.nodeId === undefined || Array.isArray(nocCert.subject.nodeId)) {\n throw new CertificateError(`Invalid nodeId in NoC certificate: ${Logger.toJSON(nocCert.subject.nodeId)}`);\n }\n // The matter-node-id attribute\u2019s value SHALL be in the Operational Node ID\n if (!NodeId.isOperationalNodeId(nocCert.subject.nodeId)) {\n throw new CertificateError(`Invalid nodeId in NoC certificate: ${Logger.toJSON(nocCert.subject.nodeId)}`);\n }\n\n // The subject DN SHALL encode exactly one matter-fabric-id attribute.\n if (nocCert.subject.fabricId === undefined || Array.isArray(nocCert.subject.fabricId)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(nocCert.subject.fabricId)}`,\n );\n }\n // The matter-fabric-id attribute\u2019s value SHALL NOT be 0\n if (nocCert.subject.fabricId === FabricId(0)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(nocCert.subject.fabricId)}`,\n );\n }\n\n // The subject DN SHALL NOT encode any matter-icac-id attribute.\n if (\"icacId\" in nocCert.subject) {\n throw new CertificateError(`Noc certificate must not contain an icacId.`);\n }\n\n // The subject DN SHALL NOT encode any matter-rcac-id attribute.\n if (\"rcacId\" in nocCert.subject) {\n throw new CertificateError(`Noc certificate must not contain an rcacId.`);\n }\n\n // The subject DN MAY encode at most three matter-noc-cat attributes.\n if (nocCert.subject.caseAuthenticatedTags !== undefined) {\n CaseAuthenticatedTag.validateNocTagList(nocCert.subject.caseAuthenticatedTags); // throws ValidationError\n }\n\n // When any matter-fabric-id attributes are present in either the Matter Root CA Certificate or the Matter ICA\n // Certificate, the value SHALL match the one present in the Matter Node Operational Certificate (NOC) within\n // the same certificate chain.\n if (\n rootOrIcaCert.subject.fabricId !== undefined &&\n rootOrIcaCert.subject.fabricId !== nocCert.subject.fabricId\n ) {\n throw new CertificateError(\n `FabricId in NoC certificate does not match the fabricId in the parent certificate. ${Logger.toJSON(\n rootOrIcaCert.subject.fabricId,\n )} !== ${Logger.toJSON(nocCert.subject.fabricId)}`,\n );\n }\n\n // The basic constraints extension SHALL be encoded with is-ca set to false.\n if (nocCert.extensions.basicConstraints.isCa) {\n throw new CertificateError(`Noc certificate must not have isCa set to true.`);\n }\n\n // The key usage extension SHALL be encoded with exactly two flags: keyCertSign (0x0020) and CRLSign (0x0040).\n // Formally the check should be the following line but Amazon uses a wrong Root cert which also has\n // digitalCertificate set, so we just check the the two needed are set and ignore additionally set parameters.\n //if (ExtensionKeyUsageSchema.encode(nocCert.extensions.keyUsage) !== 1) {\n if (!nocCert.extensions.keyUsage.digitalSignature) {\n throw new CertificateError(`Noc certificate must have keyUsage set to digitalSignature.`);\n }\n\n // The extended key usage extension SHALL be encoded with exactly two key-purpose-id values: serverAuth and clientAuth.\n if (\n nocCert.extensions.extendedKeyUsage === undefined ||\n (!nocCert.extensions.extendedKeyUsage.includes(1) && !nocCert.extensions.extendedKeyUsage.includes(2))\n ) {\n throw new CertificateError(\n `Noc certificate must have extendedKeyUsage with serverAuth and clientAuth: ${Logger.toJSON(nocCert.extensions.extendedKeyUsage)}`,\n );\n }\n\n // The subject key identifier extension SHALL be present and 160 bit long.\n if (nocCert.extensions.subjectKeyIdentifier === undefined) {\n throw new CertificateError(`Noc certificate must have subjectKeyIdentifier set.`);\n }\n if (nocCert.extensions.subjectKeyIdentifier.length !== 20) {\n throw new CertificateError(`Noc certificate subjectKeyIdentifier must be 160 bit.`);\n }\n\n // The authority key identifier extension SHALL be present and 160 bit long.\n if (nocCert.extensions.authorityKeyIdentifier === undefined) {\n throw new CertificateError(`Noc certificate must have authorityKeyIdentifier set.`);\n }\n if (nocCert.extensions.authorityKeyIdentifier.length !== 20) {\n throw new CertificateError(`Noc certificate authorityKeyIdentifier must be 160 bit.`);\n }\n\n // Validate authority key identifier against subject key identifier\n if (!nocCert.extensions.authorityKeyIdentifier.equals(rootOrIcaCert.extensions.subjectKeyIdentifier)) {\n throw new CertificateError(\n `Noc certificate authorityKeyIdentifier must be equal to Root/Ica subjectKeyIdentifier.`,\n );\n }\n\n Crypto.verify(\n PublicKey(rootOrIcaCert.ellipticCurvePublicKey),\n this.nodeOperationalCertToAsn1(nocCert),\n nocCert.signature,\n );\n }\n\n /**\n * Verify requirements a Matter Intermediate CA certificate must fulfill.\n * Rules for this are listed in @see {@link MatterSpecification.v12.Core} \u00A76.5.x\n */\n static verifyIntermediateCaCertificate(rootCert: RootCertificate, icaCert: IntermediateCertificate) {\n CertificateManager.validateGeneralCertificateFields(icaCert);\n\n // The subject DN SHALL NOT encode any matter-node-id attribute.\n if (\"nodeId\" in icaCert.subject) {\n throw new CertificateError(`Ica certificate must not contain a nodeId.`);\n }\n\n // The subject DN MAY encode at most one matter-fabric-id attribute.\n if (icaCert.subject.fabricId !== undefined) {\n if (Array.isArray(icaCert.subject.fabricId)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(icaCert.subject.fabricId)}`,\n );\n }\n // If present, the matter-fabric-id attribute\u2019s value SHALL NOT be 0\n if (icaCert.subject.fabricId === FabricId(0)) {\n throw new CertificateError(\n `Invalid fabricId in NoC certificate: ${Logger.toJSON(icaCert.subject.fabricId)}`,\n );\n }\n // If present on root certificate fabric-id needs to match with Ica fabric Id\n if (rootCert.subject.fabricId !== icaCert.subject.fabricId) {\n throw new CertificateError(\n `FabricId in Ica certificate does not match the fabricId in the parent certificate. ${Logger.toJSON(\n rootCert.subject.fabricId,\n )} !== ${Logger.toJSON(icaCert.subject.fabricId)}`,\n );\n }\n }\n\n // The subject DN SHALL encode exactly one matter-icac-id attribute.\n if (icaCert.subject.icacId === undefined || Array.isArray(icaCert.subject.icacId)) {\n throw new CertificateError(`Invalid icacId in Ica certificate: ${Logger.toJSON(icaCert.subject.icacId)}`);\n }\n\n // The subject DN SHALL NOT encode any matter-rcac-id attribute.\n if (\"rcacId\" in icaCert.subject) {\n throw new CertificateError(`Ica certificate must not contain an rcacId.`);\n }\n\n // The subject DN SHALL NOT encode any matter-noc-cat attribute.\n if (\"caseAuthenticatedTags\" in icaCert.subject) {\n throw new CertificateError(`Ica certificate must not contain a caseAuthenticatedTags.`);\n }\n\n // When any matter-fabric-id attributes are present in either the Matter Root CA Certificate or the Matter ICA\n // Certificate, the value SHALL match the one present in the Matter Node Operational Certificate (NOC) within\n // the same certificate chain.\n if (rootCert.subject.fabricId !== icaCert.subject.fabricId) {\n throw new CertificateError(\n `FabricId in Ica certificate does not match the fabricId in the parent certificate. ${Logger.toJSON(\n rootCert.subject.fabricId,\n )} !== ${Logger.toJSON(icaCert.subject.fabricId)}`,\n );\n }\n\n // Verify the certificate chain by checking rcac ids in subject and issuer\n if (rootCert.subject.rcacId !== icaCert.issuer.rcacId) {\n throw new CertificateError(\n `RcacId in Ica certificate does not match the rcacId in the parent certificate. ${Logger.toJSON(\n rootCert.subject.rcacId,\n )} !== ${Logger.toJSON(icaCert.issuer.rcacId)}`,\n );\n }\n\n // The basic constraints extension SHALL be encoded with is-ca set to true.\n if (!icaCert.extensions.basicConstraints.isCa) {\n throw new CertificateError(`Ica certificate must have isCa set to true.`);\n }\n\n // The key usage extension SHALL be encoded with exactly two flags: keyCertSign (0x0020) and CRLSign (0x0040).\n // Formally the check should be the following line but Amazon uses a wrong Root cert which also has\n // digitalCertificate set, so we just check the the two needed are set and ignore additionally set parameters.\n //if (ExtensionKeyUsageSchema.encode(icaCert.extensions.keyUsage) !== 0x0060) {\n if (!icaCert.extensions.keyUsage.keyCertSign || !icaCert.extensions.keyUsage.cRLSign) {\n throw new CertificateError(`Ica certificate must have keyUsage set to keyCertSign and CRLSign.`);\n }\n\n // The extended key usage extension SHALL NOT be present.\n if (icaCert.extensions.extendedKeyUsage !== undefined) {\n throw new CertificateError(`Ica certificate must not have extendedKeyUsage set.`);\n }\n\n // The subject key identifier extension SHALL be present and 160 bit long.\n if (icaCert.extensions.subjectKeyIdentifier === undefined) {\n throw new CertificateError(`Ica certificate must have subjectKeyIdentifier set.`);\n }\n if (icaCert.extensions.subjectKeyIdentifier.length !== 20) {\n throw new CertificateError(`Ica certificate subjectKeyIdentifier must be 160 bit.`);\n }\n\n // The authority key identifier extension SHALL be present and 160 bit long.\n if (icaCert.extensions.authorityKeyIdentifier === undefined) {\n throw new CertificateError(`Ica certificate must have authorityKeyIdentifier set.`);\n }\n if (icaCert.extensions.authorityKeyIdentifier.length !== 20) {\n throw new CertificateError(`Ica certificate authorityKeyIdentifier must be 160 bit.`);\n }\n\n // Validate authority key identifier against subject key identifier\n if (!icaCert.extensions.authorityKeyIdentifier.equals(rootCert.extensions.subjectKeyIdentifier)) {\n throw new CertificateError(\n `Ica certificate authorityKeyIdentifier must be equal to root cert subjectKeyIdentifier.`,\n );\n }\n\n Crypto.verify(\n PublicKey(rootCert.ellipticCurvePublicKey),\n this.intermediateCaCertToAsn1(icaCert),\n icaCert.signature,\n );\n }\n\n static createCertificateSigningRequest(key: Key) {\n const request = {\n version: 0,\n subject: { organization: X520.OrganisationName(\"CSR\") },\n publicKey: X962.PublicKeyEcPrime256v1(key.publicKey),\n endSignedBytes: ContextTagged(0),\n };\n\n return DerCodec.encode({\n request,\n signAlgorithm: X962.EcdsaWithSHA256,\n signature: BitByteArray(Crypto.sign(key, DerCodec.encode(request), \"der\")),\n });\n }\n\n static getPublicKeyFromCsr(csr: ByteArray) {\n const { [ELEMENTS_KEY]: rootElements } = DerCodec.decode(csr);\n if (rootElements?.length !== 3) throw new CertificateError(\"Invalid CSR data\");\n const [requestNode, signAlgorithmNode, signatureNode] = rootElements;\n\n // Extract the public key\n const { [ELEMENTS_KEY]: requestElements } = requestNode;\n if (requestElements?.length !== 4) throw new CertificateError(\"Invalid CSR data\");\n const [versionNode, _subjectNode, publicKeyNode] = requestElements;\n const requestVersion = versionNode[BYTES_KEY][0];\n if (requestVersion !== 0) throw new CertificateError(`Unsupported request version${requestVersion}`);\n // TODO: verify subject = { OrganisationName: \"CSR\" }\n\n const { [ELEMENTS_KEY]: publicKeyElements } = publicKeyNode;\n if (publicKeyElements?.length !== 2) throw new CertificateError(\"Invalid CSR data\");\n const [_publicKeyTypeNode, publicKeyBytesNode] = publicKeyElements;\n // TODO: verify publicKey algorithm\n const publicKey = publicKeyBytesNode[BYTES_KEY];\n\n // Verify the CSR signature\n if (!X962.EcdsaWithSHA256[OBJECT_ID_KEY][BYTES_KEY].equals(signAlgorithmNode[ELEMENTS_KEY]?.[0]?.[BYTES_KEY]))\n throw new CertificateError(\"Unsupported signature type\");\n Crypto.verify(PublicKey(publicKey), DerCodec.encode(requestNode), signatureNode[BYTES_KEY], \"der\");\n\n return publicKey;\n }\n}\n"],
5
+ "mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACG;AACP,SAAS,mBAAmB;AAC5B,SAAS,cAAc;AACvB,SAAc,iBAAiB;AAC/B,SAAS,sBAAsB,+BAA+B;AAC9D,SAAS,UAAU,mBAAmB;AACtC,SAAS,QAAQ,iBAAiB;AAClC,SAAS,mBAA6B;AACtC,SAAS,cAAc;AACvB,SAAS,SAAS,oBAA8C;AAChE,SAAS,YAAY;AACrB,SAAS,gBAAgB;AACzB,SAAS,kBAAkB;AAC3B,SAAS,WAAW,WAAW,WAAW,WAAW,gBAAgB;AACrE,SAAS,UAAU,WAAW,kBAAkB,0BAA0B,qBAAqB;AAE/F,SAAS,eAAe,iBAAiB;AACzC,SAAS,iBAAiB;AAC1B,SAAS,OAAO,YAAY,MAAM,MAAM,YAAY;AAEpD,MAAM,SAAS,OAAO,IAAI,oBAAoB;AAEvC,MAAM,yBAAyB,YAAY;AAAC;AAEnD,MAAM,SAAS,MAAM,KAAK,KAAK;AAC/B,MAAM,iBAAiB,QAAQ,KAAK,KAAK;AAIlC,SAAS,eAAe,MAAc;AACzC,SAAO,SAAS,IAAI,KAAK,wBAAwB,IAAI,MAAM,OAAO,kBAAkB,GAAI;AAC5F;AAEO,SAAS,eAAe,MAAY,WAAW,GAAG;AACrD,SAAO,KAAK,QAAQ,MAAM,KAAK,sBAAsB,QAAQ,IACvD,IACA,KAAK,MAAM,KAAK,QAAQ,IAAI,GAAI,IAAI,iBAAiB,WAAW;AAC1E;AAEA,SAAS,aAAa,OAAwB;AAC1C,QAAM,YAAY,IAAI,UAAU,CAAC;AACjC,QAAM,WAAW,UAAU,YAAY;AACvC,WAAS,aAAa,GAAG,OAAO,UAAU,WAAW,QAAQ,OAAO,KAAK,CAAC;AAC1E,SAAO,UAAU,MAAM,EAAE,YAAY;AACzC;AAEA,SAAS,eAAe,OAAe;AACnC,QAAM,YAAY,IAAI,UAAU,CAAC;AACjC,QAAM,WAAW,UAAU,YAAY;AACvC,WAAS,UAAU,GAAG,KAAK;AAC3B,SAAO,UAAU,MAAM,EAAE,YAAY;AACzC;AAEA,SAAS,eAAe,OAAe;AACnC,QAAM,YAAY,IAAI,UAAU,CAAC;AACjC,QAAM,WAAW,UAAU,YAAY;AACvC,WAAS,UAAU,GAAG,KAAK;AAC3B,SAAO,UAAU,MAAM,EAAE,YAAY;AACzC;AAWA,MAAM,4BACF,CAAI,IAAY,mBAChB,CAAC,UAAa;AAAA,EACV,UAAU,qBAAqB,GAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI;AAAA,IAC/D,QAAQ,kBAAkB,cAAc,KAAY;AAAA,EACxD,CAAC;AACL;AAMJ,MAAM,6BACF,CAAI,IAAY,mBAChB,CAAC,UAAa;AAAA,EACV,UAAU,qBAAqB,GAAG,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,IAAI;AAAA,IAC/D,QAAQ,kBAAkB,cAAc,KAAY;AAAA,EACxD,CAAC;AACL;AAGG,MAAM,gBAAgB,0BAAkC,CAAC;AAGzD,MAAM,2BAA2B,0BAAkC,CAAC;AAGpE,MAAM,gBAAgB,0BAA2C,CAAC;AAGlE,MAAM,gBAAgB,0BAA2C,CAAC;AAGlE,MAAM,kBAAkB,0BAAoC,CAAC;AAG7D,MAAM,gBAAgB,0BAAkC,GAAG,cAAc;AAGzE,MAAM,kBAAkB,2BAAqC,GAAG,cAAc;AAG9E,MAAM,mBAAmB,2BAAmC,GAAG,cAAc;AAGpF,MAAM,sCAAsC;AAAA,EACxC,QAAQ,iBAAiB,IAAI,SAAS;AAAA,EACtC,mBAAmB,iBAAiB,IAAI,SAAS;AAAA,EACjD,QAAQ,iBAAiB,IAAI,SAAS;AAAA,EACtC,QAAQ,iBAAiB,IAAI,SAAS;AAAA,EACtC,UAAU,iBAAiB,IAAI,WAAW;AAAA,EAC1C,uBAAuB,yBAAyB,IAAI,yBAAyB,EAAE,WAAW,EAAE,CAAC;AACjG;AAMA,MAAM,4CAA4C,CAAI,iBAAoB;AACtE,QAAM,SAAS;AAAA;AAAA,IAEX,YAAY,iBAAiB,GAAG,SAAS;AAAA,IACzC,UAAU,iBAAiB,GAAG,SAAS;AAAA,IACvC,WAAW,iBAAiB,GAAG,SAAS;AAAA,IACxC,aAAa,iBAAiB,GAAG,SAAS;AAAA,IAC1C,cAAc,iBAAiB,GAAG,SAAS;AAAA,IAC3C,qBAAqB,iBAAiB,GAAG,SAAS;AAAA,IAClD,SAAS,iBAAiB,GAAG,SAAS;AAAA,IACtC,aAAa,iBAAiB,GAAG,SAAS;AAAA,IAC1C,OAAO,iBAAiB,GAAG,SAAS;AAAA,IACpC,MAAM,iBAAiB,IAAI,SAAS;AAAA,IACpC,WAAW,iBAAiB,IAAI,SAAS;AAAA,IACzC,UAAU,iBAAiB,IAAI,SAAS;AAAA,IACxC,cAAc,iBAAiB,IAAI,SAAS;AAAA,IAC5C,aAAa,iBAAiB,IAAI,SAAS;AAAA,IAC3C,WAAW,iBAAiB,IAAI,SAAS;AAAA,IACzC,iBAAiB,iBAAiB,IAAI,SAAS;AAAA;AAAA,IAG/C,GAAG;AAAA;AAAA,IAGH,cAAc,iBAAiB,KAAK,SAAS;AAAA,IAC7C,YAAY,iBAAiB,KAAK,SAAS;AAAA,IAC3C,aAAa,iBAAiB,KAAK,SAAS;AAAA,IAC5C,eAAe,iBAAiB,KAAK,SAAS;AAAA,IAC9C,gBAAgB,iBAAiB,KAAK,SAAS;AAAA,IAC/C,uBAAuB,iBAAiB,KAAK,SAAS;AAAA,IACtD,WAAW,iBAAiB,KAAK,SAAS;AAAA,IAC1C,eAAe,iBAAiB,KAAK,SAAS;AAAA,IAC9C,SAAS,iBAAiB,KAAK,SAAS;AAAA,IACxC,QAAQ,iBAAiB,KAAK,SAAS;AAAA,IACvC,aAAa,iBAAiB,KAAK,SAAS;AAAA,IAC5C,YAAY,iBAAiB,KAAK,SAAS;AAAA,IAC3C,gBAAgB,iBAAiB,KAAK,SAAS;AAAA,IAC/C,eAAe,iBAAiB,KAAK,SAAS;AAAA,IAC9C,aAAa,iBAAiB,KAAK,SAAS;AAAA,EAChD;AACA,SAAO,cAAc,MAAM;AAC/B;AAEA,MAAM,0BAA0B;AAAA,EAC5B,kBAAkB,QAAQ,CAAC;AAAA,EAC3B,gBAAgB,QAAQ,CAAC;AAAA,EACzB,iBAAiB,QAAQ,CAAC;AAAA,EAC1B,kBAAkB,QAAQ,CAAC;AAAA,EAC3B,cAAc,QAAQ,CAAC;AAAA,EACvB,aAAa,QAAQ,CAAC;AAAA,EACtB,SAAS,QAAQ,CAAC;AAAA,EAClB,cAAc,QAAQ,CAAC;AAAA,EACvB,cAAc,QAAQ,CAAC;AAC3B;AACA,MAAM,0BAA0B,aAAa,uBAAuB;AAYpE,MAAM,wBAAwB,CAAO,iBACjC,UAAU;AAAA,EACN,cAAc,SAAS,GAAG,cAAc,MAAM,EAAE,WAAW,GAAG,CAAC,CAAC;AAAA,EAChE,oBAAoB,SAAS,GAAG,QAAQ;AAAA,EACxC,QAAQ;AAAA,IACJ;AAAA,IACA,0CAA6C;AAAA,MACzC,GAAG;AAAA,MACH,GAAI,cAAc,UAAU,CAAC;AAAA,IACjC,CAAM;AAAA,EACV;AAAA,EACA,WAAW,SAAS,GAAG,SAAS;AAAA,EAChC,UAAU,SAAS,GAAG,SAAS;AAAA,EAC/B,SAAS;AAAA,IACL;AAAA,IACA,0CAA6C;AAAA,MACzC,GAAG;AAAA,MACH,GAAI,cAAc,WAAW,CAAC;AAAA,IAClC,CAAM;AAAA,EACV;AAAA,EACA,oBAAoB,SAAS,GAAG,QAAQ;AAAA,EACxC,yBAAyB,SAAS,GAAG,QAAQ;AAAA,EAC7C,wBAAwB,SAAS,GAAG,aAAa;AAAA,EACjD,YAAY;AAAA,IACR;AAAA,IACA,cAAc;AAAA,MACV,kBAAkB;AAAA,QACd;AAAA,QACA,UAAU;AAAA,UACN,MAAM,SAAS,GAAG,UAAU;AAAA,UAC5B,SAAS,iBAAiB,GAAG,QAAQ;AAAA,QACzC,CAAC;AAAA,MACL;AAAA,MACA,UAAU,SAAS,GAAG,UAAU,WAAW,uBAAuB,CAAC;AAAA,MACnE,kBAAkB,iBAAiB,GAAG,SAAS,QAAQ,CAAC;AAAA,MACxD,sBAAsB,SAAS,GAAG,cAAc,MAAM,EAAE,QAAQ,GAAG,CAAC,CAAC;AAAA,MACrE,wBAAwB,SAAS,GAAG,cAAc,MAAM,EAAE,QAAQ,GAAG,CAAC,CAAC;AAAA,MACvE,iBAAiB,yBAAyB,GAAG,aAAa;AAAA,IAC9D,CAAC;AAAA,EACL;AAAA,EACA,WAAW,SAAS,IAAI,aAAa;AACzC,CAAC;AAEE,MAAM,qBAAqB,sBAAsB;AAAA,EACpD,SAAS;AAAA,IACL,QAAQ,SAAS,IAAI,SAAS;AAAA,IAC9B,UAAU,iBAAiB,IAAI,WAAW;AAAA,EAC9C;AAAA,EACA,QAAQ;AACZ,CAAC;AAEM,MAAM,4BAA4B,sBAAsB;AAAA,EAC3D,SAAS;AAAA,IACL,QAAQ,SAAS,IAAI,SAAS;AAAA,IAC9B,UAAU,SAAS,IAAI,WAAW;AAAA,IAClC,uBAAuB,yBAAyB,IAAI,yBAAyB,EAAE,WAAW,EAAE,CAAC;AAAA,EACjG;AAAA,EACA,QAAQ;AACZ,CAAC;AAEM,MAAM,6BAA6B,sBAAsB;AAAA,EAC5D,SAAS;AAAA,IACL,QAAQ,SAAS,IAAI,SAAS;AAAA,IAC9B,UAAU,iBAAiB,IAAI,WAAW;AAAA,EAC9C;AAAA,EACA,QAAQ;AACZ,CAAC;AAED,MAAM,qBAAqB,sBAAsB;AA8D1C,MAAM,8BAA8B,UAAU;AAAA,EACjD,eAAe,SAAS,GAAG,SAAS;AAAA,EACpC,UAAU,SAAS,GAAG,WAAW;AAAA,EACjC,gBAAgB,SAAS,GAAG,SAAS,WAAW,EAAE,WAAW,GAAG,WAAW,IAAI,CAAC,CAAC;AAAA,EACjF,cAAc,SAAS,GAAG,SAAS;AAAA,EACnC,eAAe,SAAS,GAAG,UAAU,MAAM,EAAE,QAAQ,GAAG,CAAC,CAAC;AAAA,EAC1D,eAAe,SAAS,GAAG,QAAQ;AAAA,EACnC,qBAAqB,SAAS,GAAG,SAAS;AAAA,EAC1C,eAAe,SAAS,GAAG,SAAS;AAAA,EACpC,mBAAmB,SAAS,GAAG,QAAQ;AAAA,EACvC,mBAAmB,iBAAiB,GAAG,WAAW;AAAA,EAClD,oBAAoB,iBAAiB,IAAI,SAAS;AAAA,EAClD,mBAAmB;AAAA,IACf;AAAA,IACA,SAAS,cAAc,MAAM,EAAE,QAAQ,GAAG,CAAC,GAAG,EAAE,WAAW,GAAG,WAAW,GAAG,CAAC;AAAA,EACjF;AACJ,CAAC;AAYD,SAAS,sBAAsB,MAAgC;AAC3D,QAAM,MAAM,CAAC;AACb,SAAO,QAAQ,IAAI,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AAC3C,QAAI,UAAU,QAAW;AACrB;AAAA,IACJ;AACA,YAAQ,KAAK;AAAA,MACT,KAAK;AACD,YAAI,aAAa,KAAK,WAAW,KAAe;AAChD;AAAA,MACJ,KAAK;AACD,YAAI,WAAW,KAAK,QAAQ,KAAe;AAC3C;AAAA,MACJ,KAAK;AACD,YAAI,YAAY,KAAK,aAAa,KAAe;AACjD;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,YAAY,KAAe;AAClD;AAAA,MACJ,KAAK;AACD,YAAI,eAAe,KAAK,aAAa,KAAe;AACpD;AAAA,MACJ,KAAK;AACD,YAAI,sBAAsB,KAAK,oBAAoB,KAAe;AAClE;AAAA,MACJ,KAAK;AACD,YAAI,UAAU,KAAK,iBAAiB,KAAe;AACnD;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,uBAAuB,KAAe;AAC7D;AAAA,MACJ,KAAK;AACD,YAAI,QAAQ,KAAK,MAAM,KAAe;AACtC;AAAA,MACJ,KAAK;AACD,YAAI,OAAO,KAAK,KAAK,KAAe;AACpC;AAAA,MACJ,KAAK;AACD,YAAI,YAAY,KAAK,UAAU,KAAe;AAC9C;AAAA,MACJ,KAAK;AACD,YAAI,WAAW,KAAK,SAAS,KAAe;AAC5C;AAAA,MACJ,KAAK;AACD,YAAI,eAAe,KAAK,oBAAoB,KAAe;AAC3D;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,YAAY,KAAe;AAClD;AAAA,MACJ,KAAK;AACD,YAAI,YAAY,KAAK,UAAU,KAAe;AAC9C;AAAA,MACJ,KAAK;AACD,YAAI,kBAAkB,KAAK,gBAAgB,KAAe;AAC1D;AAAA,MACJ,KAAK;AACD,YAAI,SAAS,cAAc,KAAe;AAC1C;AAAA,MACJ,KAAK;AACD,YAAI,oBAAoB,yBAAyB,KAAe;AAChE;AAAA,MACJ,KAAK;AACD,YAAI,SAAS,cAAc,KAAwB;AACnD;AAAA,MACJ,KAAK;AACD,YAAI,SAAS,cAAc,KAAwB;AACnD;AAAA,MACJ,KAAK;AACD,YAAI,WAAW,gBAAgB,KAAiB;AAChD;AAAA,MACJ,KAAK;AAID,cAAM,wBAAwB;AAC9B,6BAAqB,mBAAmB,qBAAqB;AAE7D,cAAM,OAAO,sBAAsB,CAAC;AACpC,cAAM,OAAO,sBAAsB,CAAC;AACpC,cAAM,OAAO,sBAAsB,CAAC;AACpC,YAAI,SAAS,QAAW;AACpB,cAAI,wBAAwB,cAAc,IAAI;AAAA,QAClD;AACA,YAAI,SAAS,QAAW;AACpB,cAAI,wBAAwB,cAAc,IAAI;AAAA,QAClD;AACA,YAAI,SAAS,QAAW;AACpB,cAAI,wBAAwB,cAAc,IAAI;AAAA,QAClD;AACA;AAAA,MACJ,KAAK;AACD,YAAI,WAAW,gBAAgB,KAAiB;AAChD;AAAA,MACJ,KAAK;AACD,YAAI,YAAY,iBAAiB,KAAe;AAChD;AAAA,MACJ,KAAK;AACD,YAAI,eAAe,KAAK,WAAW,OAAiB,IAAI;AACxD;AAAA,MACJ,KAAK;AACD,YAAI,aAAa,KAAK,QAAQ,OAAiB,IAAI;AACnD;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,aAAa,OAAiB,IAAI;AACzD;AAAA,MACJ,KAAK;AACD,YAAI,gBAAgB,KAAK,YAAY,OAAiB,IAAI;AAC1D;AAAA,MACJ,KAAK;AACD,YAAI,iBAAiB,KAAK,aAAa,OAAiB,IAAI;AAC5D;AAAA,MACJ,KAAK;AACD,YAAI,wBAAwB,KAAK,oBAAoB,OAAiB,IAAI;AAC1E;AAAA,MACJ,KAAK;AACD,YAAI,YAAY,KAAK,iBAAiB,OAAiB,IAAI;AAC3D;AAAA,MACJ,KAAK;AACD,YAAI,gBAAgB,KAAK,uBAAuB,OAAiB,IAAI;AACrE;AAAA,MACJ,KAAK;AACD,YAAI,UAAU,KAAK,MAAM,OAAiB,IAAI;AAC9C;AAAA,MACJ,KAAK;AACD,YAAI,SAAS,KAAK,KAAK,OAAiB,IAAI;AAC5C;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,UAAU,OAAiB,IAAI;AACtD;AAAA,MACJ,KAAK;AACD,YAAI,aAAa,KAAK,SAAS,OAAiB,IAAI;AACpD;AAAA,MACJ,KAAK;AACD,YAAI,iBAAiB,KAAK,oBAAoB,OAAiB,IAAI;AACnE;AAAA,MACJ,KAAK;AACD,YAAI,gBAAgB,KAAK,YAAY,OAAiB,IAAI;AAC1D;AAAA,MACJ,KAAK;AACD,YAAI,cAAc,KAAK,UAAU,OAAiB,IAAI;AACtD;AAAA,IACR;AAAA,EACJ,CAAC;AACD,SAAO;AACX;AAEA,SAAS,iBAAiB,YAA2C;AACjE,QAAM,MAAM,CAAC;AACb,SAAO,QAAQ,UAAU,EAAE,QAAQ,CAAC,CAAC,KAAK,KAAK,MAAM;AACjD,QAAI,UAAU,QAAW;AACrB;AAAA,IACJ;AACA,YAAQ,KAAK;AAAA,MACT,KAAK;AACD,YAAI,mBAAmB,KAAK,iBAAiB,KAAK;AAClD;AAAA,MACJ,KAAK;AACD,YAAI,WAAW,KAAK;AAAA,UAChB,wBAAwB,OAAO,KAAiE;AAAA,QACpG;AACA;AAAA,MACJ,KAAK;AACD,YAAI,mBAAmB,KAAK,iBAAiB,KAA6B;AAC1E;AAAA,MACJ,KAAK;AACD,YAAI,uBAAuB,KAAK,qBAAqB,KAAkB;AACvE;AAAA,MACJ,KAAK;AACD,YAAI,yBAAyB,KAAK,uBAAuB,KAAkB;AAC3E;AAAA,MACJ,KAAK;AACD,YAAI,kBAAkB,SAAS,UAAU,OAAO,GAAK,SAAqC,CAAC,CAAE,CAAC;AAC9F;AAAA,IACR;AAAA,EACJ,CAAC;AACD,SAAO;AACX;AAEO,MAAM,mBAAmB;AAAA,EAC5B,OAAO,2BAA2B;AAAA,IAC9B;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACJ,GAA8B;AAC1B,UAAM;AAAA,MACF,kBAAkB,EAAE,MAAM,QAAQ;AAAA,IACtC,IAAI;AACJ,QAAI,CAAC,QAAQ,YAAY,QAAW;AAChC,YAAM,IAAI,iBAAiB,wDAAwD;AAAA,IACvF;AACA,WAAO;AAAA,MACH,SAAS,cAAc,GAAG,CAAC;AAAA;AAAA,MAC3B,cAAc,iBAAiB,QAAQ,SAAS,YAAY;AAAA,MAC5D,oBAAoB,KAAK;AAAA,MACzB,QAAQ,sBAAsB,MAAM;AAAA,MACpC,UAAU;AAAA,QACN,WAAW,eAAe,SAAS;AAAA,QACnC,UAAU,eAAe,QAAQ;AAAA,MACrC;AAAA,MACA,SAAS,sBAAsB,OAAO;AAAA,MACtC,WAAW,KAAK,sBAAsB,sBAAsB;AAAA,MAC5D,YAAY,cAAc,GAAG,iBAAiB,UAAU,CAAC;AAAA,IAC7D;AAAA,EACJ;AAAA,EAEA,OAAO,mBAAmB,MAAiC;AACvD,WAAO,SAAS,OAAO,KAAK,2BAA2B,IAAI,CAAC;AAAA,EAChE;AAAA,EAEA,OAAO,eAAe,MAAiC;AACnD,UAAM;AAAA,MACF,YAAY;AAAA,QACR,kBAAkB,EAAE,KAAK;AAAA,MAC7B;AAAA,IACJ,IAAI;AACJ,QAAI,CAAC,MAAM;AACP,YAAM,IAAI,iBAAiB,gCAAgC;AAAA,IAC/D;AACA,WAAO,KAAK,mBAAmB,IAAI;AAAA,EACvC;AAAA,EAEA,OAAO,yBAAyB,MAAyC;AACrE,UAAM;AAAA,MACF,YAAY;AAAA,QACR,kBAAkB,EAAE,KAAK;AAAA,MAC7B;AAAA,IACJ,IAAI;AACJ,QAAI,CAAC,MAAM;AACP,YAAM,IAAI,iBAAiB,wCAAwC;AAAA,IACvE;AACA,WAAO,KAAK,mBAAmB,IAAI;AAAA,EACvC;AAAA,EAEA,OAAO,0BAA0B,MAAwC;AACrE,UAAM;AAAA,MACF,QAAQ,EAAE,QAAQ,OAAO;AAAA,MACzB,YAAY;AAAA,QACR,kBAAkB,EAAE,KAAK;AAAA,MAC7B;AAAA,IACJ,IAAI;AACJ,QAAI,WAAW,UAAa,WAAW,QAAW;AAC9C,YAAM,IAAI,iBAAiB,wEAAwE;AAAA,IACvG;AACA,QAAI,MAAM;AACN,YAAM,IAAI,iBAAiB,gDAAgD;AAAA,IAC/E;AAEA,WAAO,KAAK,mBAAmB,IAAI;AAAA,EACvC;AAAA,EAEA,OAAO,4BAA4B,MAA8C,KAAU;AACvF,UAAM,cAAc,KAAK,2BAA2B,IAAI;AACxD,WAAO,SAAS,OAAO;AAAA,MACnB;AAAA,MACA,eAAe,KAAK;AAAA,MACpB,WAAW,aAAa,OAAO,KAAK,KAAK,SAAS,OAAO,WAAW,GAAG,KAAK,CAAC;AAAA,IACjF,CAAC;AAAA,EACL;AAAA,EAEA,OAAO,yCACH,MACA,KACF;AACE,UAAM,cAAc,KAAK,2BAA2B,IAAI;AACxD,WAAO,SAAS,OAAO;AAAA,MACnB;AAAA,MACA,eAAe,KAAK;AAAA,MACpB,WAAW,aAAa,OAAO,KAAK,KAAK,SAAS,OAAO,WAAW,GAAG,KAAK,CAAC;AAAA,IACjF,CAAC;AAAA,EACL;AAAA,EAEA,OAAO,sCAAsC,MAAwD,KAAU;AAC3G,UAAM,cAAc,KAAK,2BAA2B,IAAI;AACxD,WAAO,SAAS,OAAO;AAAA,MACnB;AAAA,MACA,eAAe,KAAK;AAAA,MACpB,WAAW,aAAa,OAAO,KAAK,KAAK,SAAS,OAAO,WAAW,GAAG,KAAK,CAAC;AAAA,IACjF,CAAC;AAAA,EACL;AAAA,EAEA,OAAO,+BACH,UACA,sBACA,YACF;AACE,UAAM,cAAc;AAAA,MAChB,SAAS;AAAA,MACT,iBAAiB,CAAC,UAAU;AAAA,MAC5B,kBAAkB,MAAM,KAAK,QAAQ;AAAA,MACrC,YAAY;AAAA,QACR;AAAA,UACI,SAAS;AAAA,UACT,sBAAsB,mBAAmB,GAAG,oBAAoB;AAAA,UAChE,iBAAiB;AAAA,UACjB,oBAAoB,KAAK;AAAA,UACzB,WAAW,OAAO,KAAK,YAAY,UAAU,KAAK;AAAA,QACtD;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO,SAAS,OAAO,MAAM,WAAW,WAAW,CAAC;AAAA,EACxD;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,iCAAiC,MAA0E;AAC9G,QAAI,KAAK,aAAa,SAAS;AAC3B,YAAM,IAAI;AAAA,QACN,8EAA8E,KAAK,aAAa,MAAM;AAAA,MAC1G;AAEJ,QAAI,KAAK,uBAAuB,GAAG;AAE/B,YAAM,IAAI,iBAAiB,oCAAoC,KAAK,kBAAkB,EAAE;AAAA,IAC5F;AAEA,QAAI,KAAK,uBAAuB,GAAG;AAE/B,YAAM,IAAI,iBAAiB,qCAAqC,KAAK,kBAAkB,EAAE;AAAA,IAC7F;AAEA,QAAI,KAAK,4BAA4B,GAAG;AAEpC,YAAM,IAAI,iBAAiB,0CAA0C,KAAK,uBAAuB,EAAE;AAAA,IACvG;AAGA,QAAI,OAAO,KAAK,KAAK,OAAO,EAAE,SAAS,GAAG;AACtC,YAAM,IAAI,iBAAiB,wDAAwD;AAAA,IACvF;AACA,QAAI,OAAO,KAAK,KAAK,MAAM,EAAE,SAAS,GAAG;AACrC,YAAM,IAAI,iBAAiB,uDAAuD;AAAA,IACtF;AAIA,QAAI,KAAK,YAAY,MAAO,KAAK,MAAM,GAAG;AACtC,aAAO,KAAK,gDAAgD,KAAK,YAAY,GAAI,OAAO,KAAK,MAAM,CAAC,EAAE;AAAA,IAI1G;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,sBAAsB,UAA2B;AACpD,uBAAmB,iCAAiC,QAAQ;AAG5D,QAAI,YAAY,SAAS,SAAS;AAC9B,YAAM,IAAI,iBAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,SAAS,QAAQ,aAAa,QAAW;AACzC,UAAI,MAAM,QAAQ,SAAS,QAAQ,QAAQ,GAAG;AAC1C,cAAM,IAAI;AAAA,UACN,wCAAwC,OAAO,OAAO,SAAS,QAAQ,QAAQ,CAAC;AAAA,QACpF;AAAA,MACJ;AAEA,UAAI,SAAS,QAAQ,aAAa,SAAS,CAAC,GAAG;AAC3C,cAAM,IAAI;AAAA,UACN,wCAAwC,OAAO,OAAO,SAAS,QAAQ,QAAQ,CAAC;AAAA,QACpF;AAAA,MACJ;AAAA,IACJ;AAGA,QAAI,YAAY,SAAS,SAAS;AAC9B,YAAM,IAAI,iBAAiB,8CAA8C;AAAA,IAC7E;AAGA,QAAI,SAAS,QAAQ,WAAW,UAAa,MAAM,QAAQ,SAAS,QAAQ,MAAM,GAAG;AACjF,YAAM,IAAI,iBAAiB,uCAAuC,OAAO,OAAO,SAAS,QAAQ,MAAM,CAAC,EAAE;AAAA,IAC9G;AAGA,QAAI,2BAA2B,SAAS,SAAS;AAC7C,YAAM,IAAI,iBAAiB,4DAA4D;AAAA,IAC3F;AAGA,QAAI,SAAS,WAAW,iBAAiB,SAAS,MAAM;AACpD,YAAM,IAAI,iBAAiB,8CAA8C;AAAA,IAC7E;AAMA,QAAI,CAAC,SAAS,WAAW,SAAS,eAAe,CAAC,SAAS,WAAW,SAAS,SAAS;AACpF,YAAM,IAAI,iBAAiB,kEAAkE;AAAA,IACjG;AAGA,QAAI,SAAS,WAAW,qBAAqB,QAAW;AACpD,YAAM,IAAI,iBAAiB,sDAAsD;AAAA,IACrF;AAGA,QAAI,SAAS,WAAW,yBAAyB,QAAW;AACxD,YAAM,IAAI,iBAAiB,sDAAsD;AAAA,IACrF;AACA,QAAI,SAAS,WAAW,qBAAqB,WAAW,IAAI;AACxD,YAAM,IAAI,iBAAiB,wDAAwD;AAAA,IACvF;AAGA,QAAI,SAAS,WAAW,2BAA2B,QAAW;AAC1D,YAAM,IAAI,iBAAiB,wDAAwD;AAAA,IACvF;AACA,QAAI,SAAS,WAAW,uBAAuB,WAAW,IAAI;AAC1D,YAAM,IAAI,iBAAiB,0DAA0D;AAAA,IACzF;AAGA,QAAI,CAAC,SAAS,WAAW,uBAAuB,OAAO,SAAS,WAAW,oBAAoB,GAAG;AAC9F,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO,OAAO,UAAU,SAAS,sBAAsB,GAAG,KAAK,eAAe,QAAQ,GAAG,SAAS,SAAS;AAAA,EAC/G;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,iCACH,eACA,SACF;AACE,uBAAmB,iCAAiC,OAAO;AAG3D,QAAI,QAAQ,QAAQ,WAAW,UAAa,MAAM,QAAQ,QAAQ,QAAQ,MAAM,GAAG;AAC/E,YAAM,IAAI,iBAAiB,sCAAsC,OAAO,OAAO,QAAQ,QAAQ,MAAM,CAAC,EAAE;AAAA,IAC5G;AAEA,QAAI,CAAC,OAAO,oBAAoB,QAAQ,QAAQ,MAAM,GAAG;AACrD,YAAM,IAAI,iBAAiB,sCAAsC,OAAO,OAAO,QAAQ,QAAQ,MAAM,CAAC,EAAE;AAAA,IAC5G;AAGA,QAAI,QAAQ,QAAQ,aAAa,UAAa,MAAM,QAAQ,QAAQ,QAAQ,QAAQ,GAAG;AACnF,YAAM,IAAI;AAAA,QACN,wCAAwC,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,MACnF;AAAA,IACJ;AAEA,QAAI,QAAQ,QAAQ,aAAa,SAAS,CAAC,GAAG;AAC1C,YAAM,IAAI;AAAA,QACN,wCAAwC,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,MACnF;AAAA,IACJ;AAGA,QAAI,YAAY,QAAQ,SAAS;AAC7B,YAAM,IAAI,iBAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,YAAY,QAAQ,SAAS;AAC7B,YAAM,IAAI,iBAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,QAAQ,QAAQ,0BAA0B,QAAW;AACrD,2BAAqB,mBAAmB,QAAQ,QAAQ,qBAAqB;AAAA,IACjF;AAKA,QACI,cAAc,QAAQ,aAAa,UACnC,cAAc,QAAQ,aAAa,QAAQ,QAAQ,UACrD;AACE,YAAM,IAAI;AAAA,QACN,sFAAsF,OAAO;AAAA,UACzF,cAAc,QAAQ;AAAA,QAC1B,CAAC,QAAQ,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,MACpD;AAAA,IACJ;AAGA,QAAI,QAAQ,WAAW,iBAAiB,MAAM;AAC1C,YAAM,IAAI,iBAAiB,iDAAiD;AAAA,IAChF;AAMA,QAAI,CAAC,QAAQ,WAAW,SAAS,kBAAkB;AAC/C,YAAM,IAAI,iBAAiB,6DAA6D;AAAA,IAC5F;AAGA,QACI,QAAQ,WAAW,qBAAqB,UACvC,CAAC,QAAQ,WAAW,iBAAiB,SAAS,CAAC,KAAK,CAAC,QAAQ,WAAW,iBAAiB,SAAS,CAAC,GACtG;AACE,YAAM,IAAI;AAAA,QACN,8EAA8E,OAAO,OAAO,QAAQ,WAAW,gBAAgB,CAAC;AAAA,MACpI;AAAA,IACJ;AAGA,QAAI,QAAQ,WAAW,yBAAyB,QAAW;AACvD,YAAM,IAAI,iBAAiB,qDAAqD;AAAA,IACpF;AACA,QAAI,QAAQ,WAAW,qBAAqB,WAAW,IAAI;AACvD,YAAM,IAAI,iBAAiB,uDAAuD;AAAA,IACtF;AAGA,QAAI,QAAQ,WAAW,2BAA2B,QAAW;AACzD,YAAM,IAAI,iBAAiB,uDAAuD;AAAA,IACtF;AACA,QAAI,QAAQ,WAAW,uBAAuB,WAAW,IAAI;AACzD,YAAM,IAAI,iBAAiB,yDAAyD;AAAA,IACxF;AAGA,QAAI,CAAC,QAAQ,WAAW,uBAAuB,OAAO,cAAc,WAAW,oBAAoB,GAAG;AAClG,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,UAAU,cAAc,sBAAsB;AAAA,MAC9C,KAAK,0BAA0B,OAAO;AAAA,MACtC,QAAQ;AAAA,IACZ;AAAA,EACJ;AAAA;AAAA;AAAA;AAAA;AAAA,EAMA,OAAO,gCAAgC,UAA2B,SAAkC;AAChG,uBAAmB,iCAAiC,OAAO;AAG3D,QAAI,YAAY,QAAQ,SAAS;AAC7B,YAAM,IAAI,iBAAiB,4CAA4C;AAAA,IAC3E;AAGA,QAAI,QAAQ,QAAQ,aAAa,QAAW;AACxC,UAAI,MAAM,QAAQ,QAAQ,QAAQ,QAAQ,GAAG;AACzC,cAAM,IAAI;AAAA,UACN,wCAAwC,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,QACnF;AAAA,MACJ;AAEA,UAAI,QAAQ,QAAQ,aAAa,SAAS,CAAC,GAAG;AAC1C,cAAM,IAAI;AAAA,UACN,wCAAwC,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,QACnF;AAAA,MACJ;AAEA,UAAI,SAAS,QAAQ,aAAa,QAAQ,QAAQ,UAAU;AACxD,cAAM,IAAI;AAAA,UACN,sFAAsF,OAAO;AAAA,YACzF,SAAS,QAAQ;AAAA,UACrB,CAAC,QAAQ,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,QACpD;AAAA,MACJ;AAAA,IACJ;AAGA,QAAI,QAAQ,QAAQ,WAAW,UAAa,MAAM,QAAQ,QAAQ,QAAQ,MAAM,GAAG;AAC/E,YAAM,IAAI,iBAAiB,sCAAsC,OAAO,OAAO,QAAQ,QAAQ,MAAM,CAAC,EAAE;AAAA,IAC5G;AAGA,QAAI,YAAY,QAAQ,SAAS;AAC7B,YAAM,IAAI,iBAAiB,6CAA6C;AAAA,IAC5E;AAGA,QAAI,2BAA2B,QAAQ,SAAS;AAC5C,YAAM,IAAI,iBAAiB,2DAA2D;AAAA,IAC1F;AAKA,QAAI,SAAS,QAAQ,aAAa,QAAQ,QAAQ,UAAU;AACxD,YAAM,IAAI;AAAA,QACN,sFAAsF,OAAO;AAAA,UACzF,SAAS,QAAQ;AAAA,QACrB,CAAC,QAAQ,OAAO,OAAO,QAAQ,QAAQ,QAAQ,CAAC;AAAA,MACpD;AAAA,IACJ;AAGA,QAAI,SAAS,QAAQ,WAAW,QAAQ,OAAO,QAAQ;AACnD,YAAM,IAAI;AAAA,QACN,kFAAkF,OAAO;AAAA,UACrF,SAAS,QAAQ;AAAA,QACrB,CAAC,QAAQ,OAAO,OAAO,QAAQ,OAAO,MAAM,CAAC;AAAA,MACjD;AAAA,IACJ;AAGA,QAAI,CAAC,QAAQ,WAAW,iBAAiB,MAAM;AAC3C,YAAM,IAAI,iBAAiB,6CAA6C;AAAA,IAC5E;AAMA,QAAI,CAAC,QAAQ,WAAW,SAAS,eAAe,CAAC,QAAQ,WAAW,SAAS,SAAS;AAClF,YAAM,IAAI,iBAAiB,oEAAoE;AAAA,IACnG;AAGA,QAAI,QAAQ,WAAW,qBAAqB,QAAW;AACnD,YAAM,IAAI,iBAAiB,qDAAqD;AAAA,IACpF;AAGA,QAAI,QAAQ,WAAW,yBAAyB,QAAW;AACvD,YAAM,IAAI,iBAAiB,qDAAqD;AAAA,IACpF;AACA,QAAI,QAAQ,WAAW,qBAAqB,WAAW,IAAI;AACvD,YAAM,IAAI,iBAAiB,uDAAuD;AAAA,IACtF;AAGA,QAAI,QAAQ,WAAW,2BAA2B,QAAW;AACzD,YAAM,IAAI,iBAAiB,uDAAuD;AAAA,IACtF;AACA,QAAI,QAAQ,WAAW,uBAAuB,WAAW,IAAI;AACzD,YAAM,IAAI,iBAAiB,yDAAyD;AAAA,IACxF;AAGA,QAAI,CAAC,QAAQ,WAAW,uBAAuB,OAAO,SAAS,WAAW,oBAAoB,GAAG;AAC7F,YAAM,IAAI;AAAA,QACN;AAAA,MACJ;AAAA,IACJ;AAEA,WAAO;AAAA,MACH,UAAU,SAAS,sBAAsB;AAAA,MACzC,KAAK,yBAAyB,OAAO;AAAA,MACrC,QAAQ;AAAA,IACZ;AAAA,EACJ;AAAA,EAEA,OAAO,gCAAgC,KAAU;AAC7C,UAAM,UAAU;AAAA,MACZ,SAAS;AAAA,MACT,SAAS,EAAE,cAAc,KAAK,iBAAiB,KAAK,EAAE;AAAA,MACtD,WAAW,KAAK,sBAAsB,IAAI,SAAS;AAAA,MACnD,gBAAgB,cAAc,CAAC;AAAA,IACnC;AAEA,WAAO,SAAS,OAAO;AAAA,MACnB;AAAA,MACA,eAAe,KAAK;AAAA,MACpB,WAAW,aAAa,OAAO,KAAK,KAAK,SAAS,OAAO,OAAO,GAAG,KAAK,CAAC;AAAA,IAC7E,CAAC;AAAA,EACL;AAAA,EAEA,OAAO,oBAAoB,KAAgB;AACvC,UAAM,EAAE,CAAC,YAAY,GAAG,aAAa,IAAI,SAAS,OAAO,GAAG;AAC5D,QAAI,cAAc,WAAW,EAAG,OAAM,IAAI,iBAAiB,kBAAkB;AAC7E,UAAM,CAAC,aAAa,mBAAmB,aAAa,IAAI;AAGxD,UAAM,EAAE,CAAC,YAAY,GAAG,gBAAgB,IAAI;AAC5C,QAAI,iBAAiB,WAAW,EAAG,OAAM,IAAI,iBAAiB,kBAAkB;AAChF,UAAM,CAAC,aAAa,cAAc,aAAa,IAAI;AACnD,UAAM,iBAAiB,YAAY,SAAS,EAAE,CAAC;AAC/C,QAAI,mBAAmB,EAAG,OAAM,IAAI,iBAAiB,8BAA8B,cAAc,EAAE;AAGnG,UAAM,EAAE,CAAC,YAAY,GAAG,kBAAkB,IAAI;AAC9C,QAAI,mBAAmB,WAAW,EAAG,OAAM,IAAI,iBAAiB,kBAAkB;AAClF,UAAM,CAAC,oBAAoB,kBAAkB,IAAI;AAEjD,UAAM,YAAY,mBAAmB,SAAS;AAG9C,QAAI,CAAC,KAAK,gBAAgB,aAAa,EAAE,SAAS,EAAE,OAAO,kBAAkB,YAAY,IAAI,CAAC,IAAI,SAAS,CAAC;AACxG,YAAM,IAAI,iBAAiB,4BAA4B;AAC3D,WAAO,OAAO,UAAU,SAAS,GAAG,SAAS,OAAO,WAAW,GAAG,cAAc,SAAS,GAAG,KAAK;AAEjG,WAAO;AAAA,EACX;AACJ;",
6
6
  "names": []
7
7
  }
package/dist/esm/certificate/CertificationDeclarationManager.d.ts CHANGED
@@ -1,5 +1,5 @@
1
1
  import { VendorId } from "../datatype/VendorId.js";
2
2
  export declare class CertificationDeclarationManager {
3
- static generate(vendorId: VendorId, productId: number): Uint8Array;
3
+ static generate(vendorId: VendorId, productId: number, provisional?: boolean): Uint8Array;
4
4
  }
5
5
  //# sourceMappingURL=CertificationDeclarationManager.d.ts.map
package/dist/esm/certificate/CertificationDeclarationManager.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"CertificationDeclarationManager.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificationDeclarationManager.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AA0BnD,qBAAa,+BAA+B;IACxC,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM;CAmBxD"}
1
+ {"version":3,"file":"CertificationDeclarationManager.d.ts","sourceRoot":"","sources":["../../../src/certificate/CertificationDeclarationManager.ts"],"names":[],"mappings":"AAMA,OAAO,EAAE,QAAQ,EAAE,MAAM,yBAAyB,CAAC;AA0BnD,qBAAa,+BAA+B;IACxC,MAAM,CAAC,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,UAAQ;CAmB7E"}
package/dist/esm/certificate/CertificationDeclarationManager.js CHANGED
@@ -9,7 +9,7 @@ import { CertificateManager, TlvCertificationDeclaration } from "./CertificateMa
9
9
  const TestCMS_SignerPrivateKey = ByteArray.fromHex("AEF3484116E9481EC57BE0472DF41BF499064E5024AD869ECA5E889802D48075");
10
10
  const TestCMS_SignerSubjectKeyIdentifier = ByteArray.fromHex("62FA823359ACFAA9963E1CFA140ADDF504F37160");
11
11
  class CertificationDeclarationManager {
12
- static generate(vendorId, productId) {
12
+ static generate(vendorId, productId, provisional = false) {
13
13
  const certificationElements = TlvCertificationDeclaration.encode({
14
14
  formatVersion: 1,
15
15
  vendorId,
@@ -19,7 +19,8 @@ class CertificationDeclarationManager {
19
19
  securityLevel: 0,
20
20
  securityInformation: 0,
21
21
  versionNumber: 1,
22
- certificationType: 0
22
+ certificationType: provisional ? 1 : 0
23
+ // 0 = Test, 1 = Provisional/In certification, 2 = official
23
24
  });
24
25
  return CertificateManager.CertificationDeclarationToAsn1(
25
26
  certificationElements,
package/dist/esm/certificate/CertificationDeclarationManager.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../src/certificate/CertificationDeclarationManager.ts"],
4
- "sourcesContent": ["/**\n * @license\n * Copyright 2022-2024 Matter.js Authors\n * SPDX-License-Identifier: Apache-2.0\n */\nimport { PrivateKey } from \"../crypto/Key.js\";\nimport { VendorId } from \"../datatype/VendorId.js\";\nimport { ByteArray } from \"../util/ByteArray.js\";\nimport { CertificateManager, TlvCertificationDeclaration } from \"./CertificateManager.js\";\n\n// This is the private key from Appendix F of the Matter 1.1 Core Specification.\n// The specification specifies it in PEM format:\n//\n// -----BEGIN EC PRIVATE KEY-----\n// MHcCAQEEIK7zSEEW6UgexXvgRy30G/SZBk5QJK2GnspeiJgC1IB1oAoGCCqGSM49\n// AwEHoUQDQgAEPDmJIkUrVcrzicJb0bykZWlSzLkOiGkkmthHRlMBTL+V1oeWXgNr\n// UhxRA35rjO3vyh60QEZpT6CIgu7WUZ3sug==\n// -----END EC PRIVATE KEY-----\n//\n// You can extract the key using openssl:\n//\n// openssl asn1parse -in key.txt\nconst TestCMS_SignerPrivateKey = ByteArray.fromHex(\"AEF3484116E9481EC57BE0472DF41BF499064E5024AD869ECA5E889802D48075\");\n\n// You can extract the subject key identifier from the certificate in the same\n// section. The x509 command is best for that:\n//\n// openssl x509 -in cert.txt -text\n//\n// Look for the line under \"X509v3 Subject Key Identifier:\"\nconst TestCMS_SignerSubjectKeyIdentifier = ByteArray.fromHex(\"62FA823359ACFAA9963E1CFA140ADDF504F37160\");\n\nexport class CertificationDeclarationManager {\n static generate(vendorId: VendorId, productId: number) {\n const certificationElements = TlvCertificationDeclaration.encode({\n formatVersion: 1,\n vendorId,\n produceIdArray: [productId],\n deviceTypeId: 22,\n certificateId: \"CSA00000SWC00000-00\",\n securityLevel: 0,\n securityInformation: 0,\n versionNumber: 1,\n certificationType: 0,\n });\n\n return CertificateManager.CertificationDeclarationToAsn1(\n certificationElements,\n TestCMS_SignerSubjectKeyIdentifier,\n PrivateKey(TestCMS_SignerPrivateKey),\n );\n }\n}\n"],
5
- "mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAKA,SAAS,kBAAkB;AAE3B,SAAS,iBAAiB;AAC1B,SAAS,oBAAoB,mCAAmC;AAchE,MAAM,2BAA2B,UAAU,QAAQ,kEAAkE;AAQrH,MAAM,qCAAqC,UAAU,QAAQ,0CAA0C;AAEhG,MAAM,gCAAgC;AAAA,EACzC,OAAO,SAAS,UAAoB,WAAmB;AACnD,UAAM,wBAAwB,4BAA4B,OAAO;AAAA,MAC7D,eAAe;AAAA,MACf;AAAA,MACA,gBAAgB,CAAC,SAAS;AAAA,MAC1B,cAAc;AAAA,MACd,eAAe;AAAA,MACf,eAAe;AAAA,MACf,qBAAqB;AAAA,MACrB,eAAe;AAAA,MACf,mBAAmB;AAAA,IACvB,CAAC;AAED,WAAO,mBAAmB;AAAA,MACtB;AAAA,MACA;AAAA,MACA,WAAW,wBAAwB;AAAA,IACvC;AAAA,EACJ;AACJ;",
4
+ "sourcesContent": ["/**\n * @license\n * Copyright 2022-2024 Matter.js Authors\n * SPDX-License-Identifier: Apache-2.0\n */\nimport { PrivateKey } from \"../crypto/Key.js\";\nimport { VendorId } from \"../datatype/VendorId.js\";\nimport { ByteArray } from \"../util/ByteArray.js\";\nimport { CertificateManager, TlvCertificationDeclaration } from \"./CertificateManager.js\";\n\n// This is the private key from Appendix F of the Matter 1.1 Core Specification.\n// The specification specifies it in PEM format:\n//\n// -----BEGIN EC PRIVATE KEY-----\n// MHcCAQEEIK7zSEEW6UgexXvgRy30G/SZBk5QJK2GnspeiJgC1IB1oAoGCCqGSM49\n// AwEHoUQDQgAEPDmJIkUrVcrzicJb0bykZWlSzLkOiGkkmthHRlMBTL+V1oeWXgNr\n// UhxRA35rjO3vyh60QEZpT6CIgu7WUZ3sug==\n// -----END EC PRIVATE KEY-----\n//\n// You can extract the key using openssl:\n//\n// openssl asn1parse -in key.txt\nconst TestCMS_SignerPrivateKey = ByteArray.fromHex(\"AEF3484116E9481EC57BE0472DF41BF499064E5024AD869ECA5E889802D48075\");\n\n// You can extract the subject key identifier from the certificate in the same\n// section. The x509 command is best for that:\n//\n// openssl x509 -in cert.txt -text\n//\n// Look for the line under \"X509v3 Subject Key Identifier:\"\nconst TestCMS_SignerSubjectKeyIdentifier = ByteArray.fromHex(\"62FA823359ACFAA9963E1CFA140ADDF504F37160\");\n\nexport class CertificationDeclarationManager {\n static generate(vendorId: VendorId, productId: number, provisional = false) {\n const certificationElements = TlvCertificationDeclaration.encode({\n formatVersion: 1,\n vendorId,\n produceIdArray: [productId],\n deviceTypeId: 22,\n certificateId: \"CSA00000SWC00000-00\",\n securityLevel: 0,\n securityInformation: 0,\n versionNumber: 1,\n certificationType: provisional ? 1 : 0, // 0 = Test, 1 = Provisional/In certification, 2 = official\n });\n\n return CertificateManager.CertificationDeclarationToAsn1(\n certificationElements,\n TestCMS_SignerSubjectKeyIdentifier,\n PrivateKey(TestCMS_SignerPrivateKey),\n );\n }\n}\n"],
5
+ "mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAKA,SAAS,kBAAkB;AAE3B,SAAS,iBAAiB;AAC1B,SAAS,oBAAoB,mCAAmC;AAchE,MAAM,2BAA2B,UAAU,QAAQ,kEAAkE;AAQrH,MAAM,qCAAqC,UAAU,QAAQ,0CAA0C;AAEhG,MAAM,gCAAgC;AAAA,EACzC,OAAO,SAAS,UAAoB,WAAmB,cAAc,OAAO;AACxE,UAAM,wBAAwB,4BAA4B,OAAO;AAAA,MAC7D,eAAe;AAAA,MACf;AAAA,MACA,gBAAgB,CAAC,SAAS;AAAA,MAC1B,cAAc;AAAA,MACd,eAAe;AAAA,MACf,eAAe;AAAA,MACf,qBAAqB;AAAA,MACrB,eAAe;AAAA,MACf,mBAAmB,cAAc,IAAI;AAAA;AAAA,IACzC,CAAC;AAED,WAAO,mBAAmB;AAAA,MACtB;AAAA,MACA;AAAA,MACA,WAAW,wBAAwB;AAAA,IACvC;AAAA,EACJ;AACJ;",
6
6
  "names": []
7
7
  }
package/dist/esm/cluster/server/AccessControlServer.js.map CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "version": 3,
3
3
  "sources": ["../../../../src/cluster/server/AccessControlServer.ts"],
4
- "sourcesContent": ["/**\n * @license\n * Copyright 2022-2024 Matter.js Authors\n * SPDX-License-Identifier: Apache-2.0\n */\n\nimport { InternalError } from \"../../common/MatterError.js\";\nimport { CaseAuthenticatedTag } from \"../../datatype/CaseAuthenticatedTag.js\";\nimport { ClusterId } from \"../../datatype/ClusterId.js\";\nimport { DeviceTypeId } from \"../../datatype/DeviceTypeId.js\";\nimport { EndpointNumber } from \"../../datatype/EndpointNumber.js\";\nimport { GroupId } from \"../../datatype/GroupId.js\";\nimport { NodeId } from \"../../datatype/NodeId.js\";\nimport { Logger } from \"../../log/Logger.js\";\nimport { AclExtensionEntry } from \"../../protocol/interaction/AccessControlManager.js\";\nimport { StatusCode, StatusResponseError } from \"../../protocol/interaction/StatusCode.js\";\nimport { TypeFromBitmapSchema } from \"../../schema/BitmapSchema.js\";\nimport { assertSecureSession } from \"../../session/SecureSession.js\";\nimport { SyncStorage } from \"../../storage/Storage.js\";\nimport { TlvType } from \"../../tlv/TlvCodec.js\";\nimport { TlvTaggedList } from \"../../tlv/TlvObject.js\";\nimport { isDeepEqual } from \"../../util/DeepEqual.js\";\nimport { AccessControl, AccessControlCluster } from \"../definitions/AccessControlCluster.js\";\nimport {\n genericFabricScopedAttributeGetter,\n genericFabricScopedAttributeGetterFromFabric,\n genericFabricScopedAttributeSetterForFabric,\n} from \"./AttributeServer.js\";\nimport { ClusterServer } from \"./ClusterServer.js\";\nimport { ClusterServerHandlers } from \"./ClusterServerTypes.js\";\nimport { EventServer } from \"./EventServer.js\";\n\nconst logger = Logger.get(\"AccessControlClusterServer\");\n\nexport const AccessControlClusterHandler: () => ClusterServerHandlers<typeof AccessControlCluster> = () => {\n let accessControlEntryChangedEvent:\n | EventServer<AccessControl.AccessControlEntryChangedEvent, SyncStorage>\n | undefined = undefined;\n let accessControlExtensionChangedEvent:\n | EventServer<AccessControl.AccessControlExtensionChangedEvent, SyncStorage>\n | undefined = undefined;\n\n return {\n initializeClusterServer: ({ events: { accessControlEntryChanged, accessControlExtensionChanged } }) => {\n if (accessControlEntryChanged !== undefined) {\n accessControlEntryChangedEvent = accessControlEntryChanged;\n }\n if (accessControlExtensionChanged !== undefined) {\n accessControlExtensionChangedEvent = accessControlExtensionChanged;\n }\n },\n\n aclAttributeGetter: ({ session, isFabricFiltered }) => {\n return genericFabricScopedAttributeGetter(\n session,\n !!isFabricFiltered,\n AccessControlCluster,\n \"acl\",\n new Array<TypeFromBitmapSchema<typeof AccessControl.TlvAccessControlEntryStruct>>(),\n );\n },\n\n aclAttributeValidator: (\n value,\n {\n attributes: {\n accessControlEntriesPerFabric,\n subjectsPerAccessControlEntry,\n targetsPerAccessControlEntry,\n },\n },\n ) => {\n if (value.length > accessControlEntriesPerFabric.getLocal()) {\n throw new StatusResponseError(\"AccessControlEntriesPerFabric exceeded\", StatusCode.ResourceExhausted);\n }\n\n for (const entry of value) {\n const { subjects, targets, privilege, authMode } = entry;\n if (privilege < 1 || privilege > 5) {\n throw new StatusResponseError(\n \"Privilege must be a valid enum value between 1 and 5\",\n StatusCode.ConstraintError,\n );\n }\n if (authMode < 1 || authMode > 3) {\n throw new StatusResponseError(\n \"AuthMode must be a valid enum value between 1 and 3\",\n StatusCode.ConstraintError,\n );\n }\n\n if (subjects !== null && subjects.length > subjectsPerAccessControlEntry.getLocal()) {\n throw new StatusResponseError(\n \"SubjectsPerAccessControlEntry exceeded\",\n StatusCode.ResourceExhausted,\n );\n }\n\n if (targets !== null && targets.length > targetsPerAccessControlEntry.getLocal()) {\n throw new StatusResponseError(\n \"TargetsPerAccessControlEntry exceeded\",\n StatusCode.ResourceExhausted,\n );\n }\n\n if (authMode === AccessControl.AccessControlEntryAuthMode.Pase) {\n throw new StatusResponseError(\"AuthMode for ACL must not be PASE\", StatusCode.ConstraintError);\n } else if (authMode === AccessControl.AccessControlEntryAuthMode.Case) {\n if (subjects !== null) {\n for (const subject of subjects) {\n if (NodeId.isCaseAuthenticatedTag(subject)) {\n const cat = NodeId.extractAsCaseAuthenticatedTag(subject);\n if (CaseAuthenticatedTag.getVersion(cat) === 0) {\n throw new StatusResponseError(\n \"CaseAuthenticatedTag version 0 is not allowed\",\n StatusCode.ConstraintError,\n );\n }\n } else if (!NodeId.isOperationalNodeId(subject)) {\n throw new StatusResponseError(\n \"Subject must be a valid OperationalNodeId or CaseAuthenticatedTag\",\n StatusCode.ConstraintError,\n );\n }\n }\n }\n } else if (authMode === AccessControl.AccessControlEntryAuthMode.Group) {\n if (privilege === AccessControl.AccessControlEntryPrivilege.Administer) {\n throw new StatusResponseError(\n \"Group ACLs must not have Administer privilege\",\n StatusCode.ConstraintError,\n );\n }\n\n if (subjects !== null) {\n for (const subject of subjects) {\n if (GroupId(subject) === GroupId.UNSPECIFIED_GROUP_ID) {\n throw new StatusResponseError(\n \"Subject must be a valid GroupId for Group ACLs\",\n StatusCode.ConstraintError,\n );\n }\n }\n }\n // TODO For Group authentication, the Group ID identifies the required group, as defined in the Group Key Management Cluster.\n }\n\n if (targets !== null) {\n for (const target of targets) {\n const { deviceType, endpoint, cluster } = target;\n if (deviceType !== null && endpoint !== null) {\n throw new StatusResponseError(\n \"DeviceType and Endpoint are mutually exclusive\",\n StatusCode.ConstraintError,\n );\n }\n if (cluster === null && endpoint === null && deviceType === null) {\n throw new StatusResponseError(\n \"At least one field must be present\",\n StatusCode.ConstraintError,\n );\n }\n if (cluster !== null && !ClusterId.isValid(cluster)) {\n throw new StatusResponseError(\n \"Cluster must be a valid ClusterId\",\n StatusCode.ConstraintError,\n );\n }\n if (endpoint !== null && !EndpointNumber.isValid(endpoint)) {\n throw new StatusResponseError(\n \"Endpoint must be a valid OperationalNodeId\",\n StatusCode.ConstraintError,\n );\n }\n if (deviceType !== null && !DeviceTypeId.isValid(deviceType)) {\n throw new StatusResponseError(\n \"DeviceType must be a valid DeviceType\",\n StatusCode.ConstraintError,\n );\n }\n }\n }\n }\n },\n\n aclAttributeSetter: (value, { session }) => {\n assertSecureSession(session!);\n // it can happen internally that we set a value for another fabricIndex, so handle this here\n const fabric = session.context.getFabricByIndex(\n value[0]?.fabricIndex ?? session.associatedFabric.fabricIndex,\n );\n if (fabric === undefined) {\n throw new InternalError(\"Fabric not found. SHould never happen\");\n }\n const oldValue =\n genericFabricScopedAttributeGetterFromFabric(\n fabric,\n AccessControlCluster,\n \"acl\",\n new Array<TypeFromBitmapSchema<typeof AccessControl.TlvAccessControlEntryStruct>>(),\n ) ?? [];\n\n const changed = genericFabricScopedAttributeSetterForFabric(fabric, AccessControlCluster, \"acl\", value, []);\n\n if (changed && accessControlEntryChangedEvent !== undefined) {\n const adminPasscodeId = session.isPase ? 0 : null;\n const adminNodeId = adminPasscodeId === null ? session.associatedFabric.rootNodeId : null;\n\n let i = 0;\n for (; i < value.length; i++) {\n if (!isDeepEqual(value[i], oldValue[i])) {\n const changeType =\n oldValue[i] === undefined\n ? AccessControl.ChangeType.Added\n : value[i] === undefined\n ? AccessControl.ChangeType.Removed\n : AccessControl.ChangeType.Changed;\n accessControlEntryChangedEvent.triggerEvent({\n changeType,\n adminNodeId,\n adminPasscodeId,\n latestValue:\n (changeType === AccessControl.ChangeType.Removed ? oldValue[i] : value[i]) ?? null,\n fabricIndex: session.associatedFabric.fabricIndex,\n });\n }\n }\n if (oldValue.length > i) {\n for (let j = oldValue.length - 1; j >= i; j--) {\n accessControlEntryChangedEvent.triggerEvent({\n changeType: AccessControl.ChangeType.Removed,\n adminNodeId,\n adminPasscodeId,\n latestValue: oldValue[j],\n fabricIndex: session.associatedFabric.fabricIndex,\n });\n }\n }\n }\n return changed;\n },\n\n extensionAttributeGetter: ({ session }) => {\n return genericFabricScopedAttributeGetter(\n session,\n true,\n AccessControlCluster,\n \"extension\",\n new Array<AclExtensionEntry>(),\n );\n },\n\n extensionAttributeValidator: value => {\n if (value.length === 0) {\n return;\n }\n if (value.length > 1) {\n throw new StatusResponseError(\"Extension list must contain a single entry\", StatusCode.ConstraintError);\n }\n\n // we have exactly one entry\n const { data } = value[0];\n if (data.length < 2 || data[0] !== TlvType.List || data[data.length - 1] !== TlvType.EndOfContainer) {\n // Easier to check that way that it is an Listen without any tags in general\n throw new StatusResponseError(\"Extension must be a valid TLV\", StatusCode.ConstraintError);\n }\n try {\n const decoded = TlvTaggedList({}, true).decode(data);\n logger.info(`Extension TLV decoded:`, decoded);\n } catch (error) {\n logger.debug(`Extension TLV decoding failed:`, error);\n throw new StatusResponseError(\"Extension must be a valid TLV\", StatusCode.ConstraintError);\n }\n },\n\n extensionAttributeSetter: (value, { session }) => {\n assertSecureSession(session!);\n // it can happen internally that we set a value for another fabricIndex, so handle this here\n const fabric = session.context.getFabricByIndex(\n value[0]?.fabricIndex ?? session.associatedFabric.fabricIndex,\n );\n if (fabric === undefined) {\n throw new InternalError(\"Fabric not found. SHould never happen\");\n }\n const oldValue =\n genericFabricScopedAttributeGetterFromFabric(\n fabric,\n AccessControlCluster,\n \"extension\",\n new Array<AclExtensionEntry>(),\n ) ?? [];\n\n const changed = genericFabricScopedAttributeSetterForFabric(\n fabric,\n AccessControlCluster,\n \"extension\",\n value,\n [],\n );\n\n if (changed && accessControlExtensionChangedEvent !== undefined) {\n const changeType =\n value.length > oldValue.length\n ? AccessControl.ChangeType.Added\n : value.length < oldValue.length\n ? AccessControl.ChangeType.Removed\n : AccessControl.ChangeType.Changed;\n const adminPasscodeId = session.isPase ? 0 : null;\n const adminNodeId = adminPasscodeId === null ? session.associatedFabric.rootNodeId : null;\n accessControlExtensionChangedEvent.triggerEvent({\n changeType,\n adminNodeId,\n adminPasscodeId,\n latestValue: (changeType === AccessControl.ChangeType.Removed ? oldValue[0] : value[0]) ?? null,\n fabricIndex: session.associatedFabric.fabricIndex,\n });\n }\n\n return changed;\n },\n };\n};\n\nexport const createDefaultAccessControlClusterServer = () =>\n ClusterServer(\n AccessControlCluster,\n {\n acl: [],\n extension: [],\n subjectsPerAccessControlEntry: 4,\n targetsPerAccessControlEntry: 4,\n accessControlEntriesPerFabric: 4,\n },\n AccessControlClusterHandler(),\n {\n accessControlEntryChanged: true,\n accessControlExtensionChanged: true,\n },\n );\n"],
4
+ "sourcesContent": ["/**\n * @license\n * Copyright 2022-2024 Matter.js Authors\n * SPDX-License-Identifier: Apache-2.0\n */\n\nimport { InternalError } from \"../../common/MatterError.js\";\nimport { CaseAuthenticatedTag } from \"../../datatype/CaseAuthenticatedTag.js\";\nimport { ClusterId } from \"../../datatype/ClusterId.js\";\nimport { DeviceTypeId } from \"../../datatype/DeviceTypeId.js\";\nimport { EndpointNumber } from \"../../datatype/EndpointNumber.js\";\nimport { GroupId } from \"../../datatype/GroupId.js\";\nimport { NodeId } from \"../../datatype/NodeId.js\";\nimport { Logger } from \"../../log/Logger.js\";\nimport { AclExtensionEntry } from \"../../protocol/interaction/AccessControlManager.js\";\nimport { StatusCode, StatusResponseError } from \"../../protocol/interaction/StatusCode.js\";\nimport { TypeFromBitmapSchema } from \"../../schema/BitmapSchema.js\";\nimport { assertSecureSession } from \"../../session/SecureSession.js\";\nimport { SyncStorage } from \"../../storage/Storage.js\";\nimport { TlvType } from \"../../tlv/TlvCodec.js\";\nimport { TlvTaggedList } from \"../../tlv/TlvObject.js\";\nimport { isDeepEqual } from \"../../util/DeepEqual.js\";\nimport { AccessControl, AccessControlCluster } from \"../definitions/AccessControlCluster.js\";\nimport {\n genericFabricScopedAttributeGetter,\n genericFabricScopedAttributeGetterFromFabric,\n genericFabricScopedAttributeSetterForFabric,\n} from \"./AttributeServer.js\";\nimport { ClusterServer } from \"./ClusterServer.js\";\nimport { ClusterServerHandlers } from \"./ClusterServerTypes.js\";\nimport { FabricSensitiveEventServer } from \"./EventServer.js\";\n\nconst logger = Logger.get(\"AccessControlClusterServer\");\n\nexport const AccessControlClusterHandler: () => ClusterServerHandlers<typeof AccessControlCluster> = () => {\n let accessControlEntryChangedEvent:\n | FabricSensitiveEventServer<AccessControl.AccessControlEntryChangedEvent, SyncStorage>\n | undefined = undefined;\n let accessControlExtensionChangedEvent:\n | FabricSensitiveEventServer<AccessControl.AccessControlExtensionChangedEvent, SyncStorage>\n | undefined = undefined;\n\n return {\n initializeClusterServer: ({ events: { accessControlEntryChanged, accessControlExtensionChanged } }) => {\n if (accessControlEntryChanged !== undefined) {\n accessControlEntryChangedEvent = accessControlEntryChanged;\n }\n if (accessControlExtensionChanged !== undefined) {\n accessControlExtensionChangedEvent = accessControlExtensionChanged;\n }\n },\n\n aclAttributeGetter: ({ session, isFabricFiltered }) => {\n return genericFabricScopedAttributeGetter(\n session,\n !!isFabricFiltered,\n AccessControlCluster,\n \"acl\",\n new Array<TypeFromBitmapSchema<typeof AccessControl.TlvAccessControlEntryStruct>>(),\n );\n },\n\n aclAttributeValidator: (\n value,\n {\n attributes: {\n accessControlEntriesPerFabric,\n subjectsPerAccessControlEntry,\n targetsPerAccessControlEntry,\n },\n },\n ) => {\n if (value.length > accessControlEntriesPerFabric.getLocal()) {\n throw new StatusResponseError(\"AccessControlEntriesPerFabric exceeded\", StatusCode.ResourceExhausted);\n }\n\n for (const entry of value) {\n const { subjects, targets, privilege, authMode } = entry;\n if (privilege < 1 || privilege > 5) {\n throw new StatusResponseError(\n \"Privilege must be a valid enum value between 1 and 5\",\n StatusCode.ConstraintError,\n );\n }\n if (authMode < 1 || authMode > 3) {\n throw new StatusResponseError(\n \"AuthMode must be a valid enum value between 1 and 3\",\n StatusCode.ConstraintError,\n );\n }\n\n if (subjects !== null && subjects.length > subjectsPerAccessControlEntry.getLocal()) {\n throw new StatusResponseError(\n \"SubjectsPerAccessControlEntry exceeded\",\n StatusCode.ResourceExhausted,\n );\n }\n\n if (targets !== null && targets.length > targetsPerAccessControlEntry.getLocal()) {\n throw new StatusResponseError(\n \"TargetsPerAccessControlEntry exceeded\",\n StatusCode.ResourceExhausted,\n );\n }\n\n if (authMode === AccessControl.AccessControlEntryAuthMode.Pase) {\n throw new StatusResponseError(\"AuthMode for ACL must not be PASE\", StatusCode.ConstraintError);\n } else if (authMode === AccessControl.AccessControlEntryAuthMode.Case) {\n if (subjects !== null) {\n for (const subject of subjects) {\n if (NodeId.isCaseAuthenticatedTag(subject)) {\n const cat = NodeId.extractAsCaseAuthenticatedTag(subject);\n if (CaseAuthenticatedTag.getVersion(cat) === 0) {\n throw new StatusResponseError(\n \"CaseAuthenticatedTag version 0 is not allowed\",\n StatusCode.ConstraintError,\n );\n }\n } else if (!NodeId.isOperationalNodeId(subject)) {\n throw new StatusResponseError(\n \"Subject must be a valid OperationalNodeId or CaseAuthenticatedTag\",\n StatusCode.ConstraintError,\n );\n }\n }\n }\n } else if (authMode === AccessControl.AccessControlEntryAuthMode.Group) {\n if (privilege === AccessControl.AccessControlEntryPrivilege.Administer) {\n throw new StatusResponseError(\n \"Group ACLs must not have Administer privilege\",\n StatusCode.ConstraintError,\n );\n }\n\n if (subjects !== null) {\n for (const subject of subjects) {\n if (GroupId(subject) === GroupId.UNSPECIFIED_GROUP_ID) {\n throw new StatusResponseError(\n \"Subject must be a valid GroupId for Group ACLs\",\n StatusCode.ConstraintError,\n );\n }\n }\n }\n // TODO For Group authentication, the Group ID identifies the required group, as defined in the Group Key Management Cluster.\n }\n\n if (targets !== null) {\n for (const target of targets) {\n const { deviceType, endpoint, cluster } = target;\n if (deviceType !== null && endpoint !== null) {\n throw new StatusResponseError(\n \"DeviceType and Endpoint are mutually exclusive\",\n StatusCode.ConstraintError,\n );\n }\n if (cluster === null && endpoint === null && deviceType === null) {\n throw new StatusResponseError(\n \"At least one field must be present\",\n StatusCode.ConstraintError,\n );\n }\n if (cluster !== null && !ClusterId.isValid(cluster)) {\n throw new StatusResponseError(\n \"Cluster must be a valid ClusterId\",\n StatusCode.ConstraintError,\n );\n }\n if (endpoint !== null && !EndpointNumber.isValid(endpoint)) {\n throw new StatusResponseError(\n \"Endpoint must be a valid OperationalNodeId\",\n StatusCode.ConstraintError,\n );\n }\n if (deviceType !== null && !DeviceTypeId.isValid(deviceType)) {\n throw new StatusResponseError(\n \"DeviceType must be a valid DeviceType\",\n StatusCode.ConstraintError,\n );\n }\n }\n }\n }\n },\n\n aclAttributeSetter: (value, { session }) => {\n assertSecureSession(session!);\n // it can happen internally that we set a value for another fabricIndex, so handle this here\n const fabric = session.context.getFabricByIndex(\n value[0]?.fabricIndex ?? session.associatedFabric.fabricIndex,\n );\n if (fabric === undefined) {\n throw new InternalError(\"Fabric not found. SHould never happen\");\n }\n const oldValue =\n genericFabricScopedAttributeGetterFromFabric(\n fabric,\n AccessControlCluster,\n \"acl\",\n new Array<TypeFromBitmapSchema<typeof AccessControl.TlvAccessControlEntryStruct>>(),\n ) ?? [];\n\n const changed = genericFabricScopedAttributeSetterForFabric(fabric, AccessControlCluster, \"acl\", value, []);\n\n if (changed && accessControlEntryChangedEvent !== undefined) {\n const adminPasscodeId = session.isPase ? 0 : null;\n const adminNodeId = adminPasscodeId === null ? session.associatedFabric.rootNodeId : null;\n\n let i = 0;\n for (; i < value.length; i++) {\n if (!isDeepEqual(value[i], oldValue[i])) {\n const changeType =\n oldValue[i] === undefined\n ? AccessControl.ChangeType.Added\n : value[i] === undefined\n ? AccessControl.ChangeType.Removed\n : AccessControl.ChangeType.Changed;\n accessControlEntryChangedEvent.triggerEvent({\n changeType,\n adminNodeId,\n adminPasscodeId,\n latestValue:\n (changeType === AccessControl.ChangeType.Removed ? oldValue[i] : value[i]) ?? null,\n fabricIndex: session.associatedFabric.fabricIndex,\n });\n }\n }\n if (oldValue.length > i) {\n for (let j = oldValue.length - 1; j >= i; j--) {\n accessControlEntryChangedEvent.triggerEvent({\n changeType: AccessControl.ChangeType.Removed,\n adminNodeId,\n adminPasscodeId,\n latestValue: oldValue[j],\n fabricIndex: session.associatedFabric.fabricIndex,\n });\n }\n }\n }\n return changed;\n },\n\n extensionAttributeGetter: ({ session }) => {\n return genericFabricScopedAttributeGetter(\n session,\n true,\n AccessControlCluster,\n \"extension\",\n new Array<AclExtensionEntry>(),\n );\n },\n\n extensionAttributeValidator: value => {\n if (value.length === 0) {\n return;\n }\n if (value.length > 1) {\n throw new StatusResponseError(\"Extension list must contain a single entry\", StatusCode.ConstraintError);\n }\n\n // we have exactly one entry\n const { data } = value[0];\n if (data.length < 2 || data[0] !== TlvType.List || data[data.length - 1] !== TlvType.EndOfContainer) {\n // Easier to check that way that it is an Listen without any tags in general\n throw new StatusResponseError(\"Extension must be a valid TLV\", StatusCode.ConstraintError);\n }\n try {\n const decoded = TlvTaggedList({}, true).decode(data);\n logger.info(`Extension TLV decoded:`, decoded);\n } catch (error) {\n logger.debug(`Extension TLV decoding failed:`, error);\n throw new StatusResponseError(\"Extension must be a valid TLV\", StatusCode.ConstraintError);\n }\n },\n\n extensionAttributeSetter: (value, { session }) => {\n assertSecureSession(session!);\n // it can happen internally that we set a value for another fabricIndex, so handle this here\n const fabric = session.context.getFabricByIndex(\n value[0]?.fabricIndex ?? session.associatedFabric.fabricIndex,\n );\n if (fabric === undefined) {\n throw new InternalError(\"Fabric not found. SHould never happen\");\n }\n const oldValue =\n genericFabricScopedAttributeGetterFromFabric(\n fabric,\n AccessControlCluster,\n \"extension\",\n new Array<AclExtensionEntry>(),\n ) ?? [];\n\n const changed = genericFabricScopedAttributeSetterForFabric(\n fabric,\n AccessControlCluster,\n \"extension\",\n value,\n [],\n );\n\n if (changed && accessControlExtensionChangedEvent !== undefined) {\n const changeType =\n value.length > oldValue.length\n ? AccessControl.ChangeType.Added\n : value.length < oldValue.length\n ? AccessControl.ChangeType.Removed\n : AccessControl.ChangeType.Changed;\n const adminPasscodeId = session.isPase ? 0 : null;\n const adminNodeId = adminPasscodeId === null ? session.associatedFabric.rootNodeId : null;\n accessControlExtensionChangedEvent.triggerEvent({\n changeType,\n adminNodeId,\n adminPasscodeId,\n latestValue: (changeType === AccessControl.ChangeType.Removed ? oldValue[0] : value[0]) ?? null,\n fabricIndex: session.associatedFabric.fabricIndex,\n });\n }\n\n return changed;\n },\n };\n};\n\nexport const createDefaultAccessControlClusterServer = () =>\n ClusterServer(\n AccessControlCluster,\n {\n acl: [],\n extension: [],\n subjectsPerAccessControlEntry: 4,\n targetsPerAccessControlEntry: 4,\n accessControlEntriesPerFabric: 4,\n },\n AccessControlClusterHandler(),\n {\n accessControlEntryChanged: true,\n accessControlExtensionChanged: true,\n },\n );\n"],
5
5
  "mappings": "AAAA;AAAA;AAAA;AAAA;AAAA;AAMA,SAAS,qBAAqB;AAC9B,SAAS,4BAA4B;AACrC,SAAS,iBAAiB;AAC1B,SAAS,oBAAoB;AAC7B,SAAS,sBAAsB;AAC/B,SAAS,eAAe;AACxB,SAAS,cAAc;AACvB,SAAS,cAAc;AAEvB,SAAS,YAAY,2BAA2B;AAEhD,SAAS,2BAA2B;AAEpC,SAAS,eAAe;AACxB,SAAS,qBAAqB;AAC9B,SAAS,mBAAmB;AAC5B,SAAS,eAAe,4BAA4B;AACpD;AAAA,EACI;AAAA,EACA;AAAA,EACA;AAAA,OACG;AACP,SAAS,qBAAqB;AAI9B,MAAM,SAAS,OAAO,IAAI,4BAA4B;AAE/C,MAAM,8BAAwF,MAAM;AACvG,MAAI,iCAEc;AAClB,MAAI,qCAEc;AAElB,SAAO;AAAA,IACH,yBAAyB,CAAC,EAAE,QAAQ,EAAE,2BAA2B,8BAA8B,EAAE,MAAM;AACnG,UAAI,8BAA8B,QAAW;AACzC,yCAAiC;AAAA,MACrC;AACA,UAAI,kCAAkC,QAAW;AAC7C,6CAAqC;AAAA,MACzC;AAAA,IACJ;AAAA,IAEA,oBAAoB,CAAC,EAAE,SAAS,iBAAiB,MAAM;AACnD,aAAO;AAAA,QACH;AAAA,QACA,CAAC,CAAC;AAAA,QACF;AAAA,QACA;AAAA,QACA,IAAI,MAA8E;AAAA,MACtF;AAAA,IACJ;AAAA,IAEA,uBAAuB,CACnB,OACA;AAAA,MACI,YAAY;AAAA,QACR;AAAA,QACA;AAAA,QACA;AAAA,MACJ;AAAA,IACJ,MACC;AACD,UAAI,MAAM,SAAS,8BAA8B,SAAS,GAAG;AACzD,cAAM,IAAI,oBAAoB,0CAA0C,WAAW,iBAAiB;AAAA,MACxG;AAEA,iBAAW,SAAS,OAAO;AACvB,cAAM,EAAE,UAAU,SAAS,WAAW,SAAS,IAAI;AACnD,YAAI,YAAY,KAAK,YAAY,GAAG;AAChC,gBAAM,IAAI;AAAA,YACN;AAAA,YACA,WAAW;AAAA,UACf;AAAA,QACJ;AACA,YAAI,WAAW,KAAK,WAAW,GAAG;AAC9B,gBAAM,IAAI;AAAA,YACN;AAAA,YACA,WAAW;AAAA,UACf;AAAA,QACJ;AAEA,YAAI,aAAa,QAAQ,SAAS,SAAS,8BAA8B,SAAS,GAAG;AACjF,gBAAM,IAAI;AAAA,YACN;AAAA,YACA,WAAW;AAAA,UACf;AAAA,QACJ;AAEA,YAAI,YAAY,QAAQ,QAAQ,SAAS,6BAA6B,SAAS,GAAG;AAC9E,gBAAM,IAAI;AAAA,YACN;AAAA,YACA,WAAW;AAAA,UACf;AAAA,QACJ;AAEA,YAAI,aAAa,cAAc,2BAA2B,MAAM;AAC5D,gBAAM,IAAI,oBAAoB,qCAAqC,WAAW,eAAe;AAAA,QACjG,WAAW,aAAa,cAAc,2BAA2B,MAAM;AACnE,cAAI,aAAa,MAAM;AACnB,uBAAW,WAAW,UAAU;AAC5B,kBAAI,OAAO,uBAAuB,OAAO,GAAG;AACxC,sBAAM,MAAM,OAAO,8BAA8B,OAAO;AACxD,oBAAI,qBAAqB,WAAW,GAAG,MAAM,GAAG;AAC5C,wBAAM,IAAI;AAAA,oBACN;AAAA,oBACA,WAAW;AAAA,kBACf;AAAA,gBACJ;AAAA,cACJ,WAAW,CAAC,OAAO,oBAAoB,OAAO,GAAG;AAC7C,sBAAM,IAAI;AAAA,kBACN;AAAA,kBACA,WAAW;AAAA,gBACf;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAAA,QACJ,WAAW,aAAa,cAAc,2BAA2B,OAAO;AACpE,cAAI,cAAc,cAAc,4BAA4B,YAAY;AACpE,kBAAM,IAAI;AAAA,cACN;AAAA,cACA,WAAW;AAAA,YACf;AAAA,UACJ;AAEA,cAAI,aAAa,MAAM;AACnB,uBAAW,WAAW,UAAU;AAC5B,kBAAI,QAAQ,OAAO,MAAM,QAAQ,sBAAsB;AACnD,sBAAM,IAAI;AAAA,kBACN;AAAA,kBACA,WAAW;AAAA,gBACf;AAAA,cACJ;AAAA,YACJ;AAAA,UACJ;AAAA,QAEJ;AAEA,YAAI,YAAY,MAAM;AAClB,qBAAW,UAAU,SAAS;AAC1B,kBAAM,EAAE,YAAY,UAAU,QAAQ,IAAI;AAC1C,gBAAI,eAAe,QAAQ,aAAa,MAAM;AAC1C,oBAAM,IAAI;AAAA,gBACN;AAAA,gBACA,WAAW;AAAA,cACf;AAAA,YACJ;AACA,gBAAI,YAAY,QAAQ,aAAa,QAAQ,eAAe,MAAM;AAC9D,oBAAM,IAAI;AAAA,gBACN;AAAA,gBACA,WAAW;AAAA,cACf;AAAA,YACJ;AACA,gBAAI,YAAY,QAAQ,CAAC,UAAU,QAAQ,OAAO,GAAG;AACjD,oBAAM,IAAI;AAAA,gBACN;AAAA,gBACA,WAAW;AAAA,cACf;AAAA,YACJ;AACA,gBAAI,aAAa,QAAQ,CAAC,eAAe,QAAQ,QAAQ,GAAG;AACxD,oBAAM,IAAI;AAAA,gBACN;AAAA,gBACA,WAAW;AAAA,cACf;AAAA,YACJ;AACA,gBAAI,eAAe,QAAQ,CAAC,aAAa,QAAQ,UAAU,GAAG;AAC1D,oBAAM,IAAI;AAAA,gBACN;AAAA,gBACA,WAAW;AAAA,cACf;AAAA,YACJ;AAAA,UACJ;AAAA,QACJ;AAAA,MACJ;AAAA,IACJ;AAAA,IAEA,oBAAoB,CAAC,OAAO,EAAE,QAAQ,MAAM;AACxC,0BAAoB,OAAQ;AAE5B,YAAM,SAAS,QAAQ,QAAQ;AAAA,QAC3B,MAAM,CAAC,GAAG,eAAe,QAAQ,iBAAiB;AAAA,MACtD;AACA,UAAI,WAAW,QAAW;AACtB,cAAM,IAAI,cAAc,uCAAuC;AAAA,MACnE;AACA,YAAM,WACF;AAAA,QACI;AAAA,QACA;AAAA,QACA;AAAA,QACA,IAAI,MAA8E;AAAA,MACtF,KAAK,CAAC;AAEV,YAAM,UAAU,4CAA4C,QAAQ,sBAAsB,OAAO,OAAO,CAAC,CAAC;AAE1G,UAAI,WAAW,mCAAmC,QAAW;AACzD,cAAM,kBAAkB,QAAQ,SAAS,IAAI;AAC7C,cAAM,cAAc,oBAAoB,OAAO,QAAQ,iBAAiB,aAAa;AAErF,YAAI,IAAI;AACR,eAAO,IAAI,MAAM,QAAQ,KAAK;AAC1B,cAAI,CAAC,YAAY,MAAM,CAAC,GAAG,SAAS,CAAC,CAAC,GAAG;AACrC,kBAAM,aACF,SAAS,CAAC,MAAM,SACV,cAAc,WAAW,QACzB,MAAM,CAAC,MAAM,SACX,cAAc,WAAW,UACzB,cAAc,WAAW;AACrC,2CAA+B,aAAa;AAAA,cACxC;AAAA,cACA;AAAA,cACA;AAAA,cACA,cACK,eAAe,cAAc,WAAW,UAAU,SAAS,CAAC,IAAI,MAAM,CAAC,MAAM;AAAA,cAClF,aAAa,QAAQ,iBAAiB;AAAA,YAC1C,CAAC;AAAA,UACL;AAAA,QACJ;AACA,YAAI,SAAS,SAAS,GAAG;AACrB,mBAAS,IAAI,SAAS,SAAS,GAAG,KAAK,GAAG,KAAK;AAC3C,2CAA+B,aAAa;AAAA,cACxC,YAAY,cAAc,WAAW;AAAA,cACrC;AAAA,cACA;AAAA,cACA,aAAa,SAAS,CAAC;AAAA,cACvB,aAAa,QAAQ,iBAAiB;AAAA,YAC1C,CAAC;AAAA,UACL;AAAA,QACJ;AAAA,MACJ;AACA,aAAO;AAAA,IACX;AAAA,IAEA,0BAA0B,CAAC,EAAE,QAAQ,MAAM;AACvC,aAAO;AAAA,QACH;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,IAAI,MAAyB;AAAA,MACjC;AAAA,IACJ;AAAA,IAEA,6BAA6B,WAAS;AAClC,UAAI,MAAM,WAAW,GAAG;AACpB;AAAA,MACJ;AACA,UAAI,MAAM,SAAS,GAAG;AAClB,cAAM,IAAI,oBAAoB,8CAA8C,WAAW,eAAe;AAAA,MAC1G;AAGA,YAAM,EAAE,KAAK,IAAI,MAAM,CAAC;AACxB,UAAI,KAAK,SAAS,KAAK,KAAK,CAAC,MAAM,QAAQ,QAAQ,KAAK,KAAK,SAAS,CAAC,MAAM,QAAQ,gBAAgB;AAEjG,cAAM,IAAI,oBAAoB,iCAAiC,WAAW,eAAe;AAAA,MAC7F;AACA,UAAI;AACA,cAAM,UAAU,cAAc,CAAC,GAAG,IAAI,EAAE,OAAO,IAAI;AACnD,eAAO,KAAK,0BAA0B,OAAO;AAAA,MACjD,SAAS,OAAO;AACZ,eAAO,MAAM,kCAAkC,KAAK;AACpD,cAAM,IAAI,oBAAoB,iCAAiC,WAAW,eAAe;AAAA,MAC7F;AAAA,IACJ;AAAA,IAEA,0BAA0B,CAAC,OAAO,EAAE,QAAQ,MAAM;AAC9C,0BAAoB,OAAQ;AAE5B,YAAM,SAAS,QAAQ,QAAQ;AAAA,QAC3B,MAAM,CAAC,GAAG,eAAe,QAAQ,iBAAiB;AAAA,MACtD;AACA,UAAI,WAAW,QAAW;AACtB,cAAM,IAAI,cAAc,uCAAuC;AAAA,MACnE;AACA,YAAM,WACF;AAAA,QACI;AAAA,QACA;AAAA,QACA;AAAA,QACA,IAAI,MAAyB;AAAA,MACjC,KAAK,CAAC;AAEV,YAAM,UAAU;AAAA,QACZ;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA,CAAC;AAAA,MACL;AAEA,UAAI,WAAW,uCAAuC,QAAW;AAC7D,cAAM,aACF,MAAM,SAAS,SAAS,SAClB,cAAc,WAAW,QACzB,MAAM,SAAS,SAAS,SACtB,cAAc,WAAW,UACzB,cAAc,WAAW;AACrC,cAAM,kBAAkB,QAAQ,SAAS,IAAI;AAC7C,cAAM,cAAc,oBAAoB,OAAO,QAAQ,iBAAiB,aAAa;AACrF,2CAAmC,aAAa;AAAA,UAC5C;AAAA,UACA;AAAA,UACA;AAAA,UACA,cAAc,eAAe,cAAc,WAAW,UAAU,SAAS,CAAC,IAAI,MAAM,CAAC,MAAM;AAAA,UAC3F,aAAa,QAAQ,iBAAiB;AAAA,QAC1C,CAAC;AAAA,MACL;AAEA,aAAO;AAAA,IACX;AAAA,EACJ;AACJ;AAEO,MAAM,0CAA0C,MACnD;AAAA,EACI;AAAA,EACA;AAAA,IACI,KAAK,CAAC;AAAA,IACN,WAAW,CAAC;AAAA,IACZ,+BAA+B;AAAA,IAC/B,8BAA8B;AAAA,IAC9B,+BAA+B;AAAA,EACnC;AAAA,EACA,4BAA4B;AAAA,EAC5B;AAAA,IACI,2BAA2B;AAAA,IAC3B,+BAA+B;AAAA,EACnC;AACJ;",
6
6
  "names": []
7
7
  }
package/dist/esm/cluster/server/AttributeServer.d.ts CHANGED
@@ -49,6 +49,7 @@ export declare abstract class BaseAttributeServer<T> {
49
49
  protected endpoint?: EndpointInterface;
50
50
  readonly defaultValue: T;
51
51
  constructor(id: AttributeId, name: string, readAcl: AccessLevel | undefined, writeAcl: AccessLevel | undefined, schema: TlvSchema<T>, isWritable: boolean, isSubscribable: boolean, requiresTimedInteraction: boolean, initValue: T, defaultValue: T | undefined);
52
+ get hasFabricSensitiveData(): boolean;
52
53
  validateWithSchema(value: T): void;
53
54
  assignToEndpoint(endpoint: EndpointInterface): void;
54
55
  /**
@@ -253,10 +254,18 @@ export declare function genericFabricScopedAttributeSetter<T>(value: T, session:
253
254
  * on fabric level if no custom getter or setter is defined.
254
255
  */
255
256
  export declare class FabricScopedAttributeServer<T> extends AttributeServer<T> {
257
+ #private;
256
258
  readonly cluster: Cluster<any, any, any, any, any>;
257
259
  private readonly isCustomGetter;
258
260
  private readonly isCustomSetter;
261
+ private readonly fabricSensitiveElementsToRemove;
259
262
  constructor(id: AttributeId, name: string, readAcl: AccessLevel | undefined, writeAcl: AccessLevel | undefined, schema: TlvSchema<T>, isWritable: boolean, isSubscribable: boolean, requiresTimedInteraction: boolean, initValue: T, defaultValue: T | undefined, cluster: Cluster<any, any, any, any, any>, datasource: ClusterDatasource, getter?: (session?: Session<MatterDevice>, endpoint?: EndpointInterface, isFabricFiltered?: boolean) => T, setter?: (value: T, session?: Session<MatterDevice>, endpoint?: EndpointInterface, message?: Message) => boolean, validator?: (value: T, session?: Session<MatterDevice>, endpoint?: EndpointInterface) => void);
263
+ get hasFabricSensitiveData(): boolean;
264
+ /**
265
+ * Sanitize the value of the attribute by removing fabric sensitive fields that do not belong to the
266
+ * associated fabric
267
+ */
268
+ sanitizeFabricSensitiveFields(value: T, associatedFabric?: Fabric): any[] | T;
260
269
  /**
261
270
  * Initialize the attribute with a value. Because the value is stored on fabric level this method only initializes
262
271
  * the version number.
package/dist/esm/cluster/server/AttributeServer.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AttributeServer.d.ts","sourceRoot":"","sources":["../../../../src/cluster/server/AttributeServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAC;AACtD,OAAO,EAAsC,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAG9F,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,QAAQ,IAAI,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AACzE,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAIhD,OAAO,EAAE,SAAS,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACnF,OAAO,EAA2B,aAAa,EAAuB,MAAM,gCAAgC,CAAC;AAC7G,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAGnD,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC9F,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAI5D;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,WAAW;CAAG;AAEpD,MAAM,MAAM,kBAAkB,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,GAAG,2BAA2B,CAAC,CAAC,CAAC,GAAG,oBAAoB,CAAC,CAAC,CAAC,CAAC;AAElH,KAAK,iBAAiB,GAAG;IACrB,QAAQ,EAAE,GAAG,CAAC;IACd,QAAQ,EAAE,GAAG,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,wBAAgB,qBAAqB,CACjC,CAAC,EACD,CAAC,SAAS,SAAS,EACnB,EAAE,SAAS,wBAAwB,CAAC,CAAC,CAAC,EACtC,CAAC,SAAS,UAAU,EACpB,CAAC,SAAS,QAAQ,EAClB,CAAC,SAAS,MAAM,EAEhB,UAAU,EAAE,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EACnC,YAAY,EAAE,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,EAC7B,aAAa,EAAE,MAAM,EACrB,SAAS,EAAE,CAAC,EACZ,UAAU,EAAE,iBAAiB,EAC7B,MAAM,CAAC,EAAE,CACL,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,gBAAgB,CAAC,EAAE,OAAO,EAC1B,OAAO,CAAC,EAAE,OAAO,KAChB,CAAC,EACN,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,OAAO,KAAK,OAAO,EAChH,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,KAAK,IAAI,2BAoEhG;AAED;;GAEG;AACH,8BAAsB,mBAAmB,CAAC,CAAC;;IAWnC,QAAQ,CAAC,EAAE,EAAE,WAAW;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM;IAGrB,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;IAC7B,QAAQ,CAAC,UAAU,EAAE,OAAO;IAC5B,QAAQ,CAAC,cAAc,EAAE,OAAO;IAChC,QAAQ,CAAC,wBAAwB,EAAE,OAAO;IAjB9C;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,CAAC,GAAG,SAAS,CAAa;IAC3C,SAAS,CAAC,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IACvC,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC;gBAKZ,EAAE,EAAE,WAAW,EACf,IAAI,EAAE,MAAM,EACrB,OAAO,EAAE,WAAW,GAAG,SAAS,EAChC,QAAQ,EAAE,WAAW,GAAG,SAAS,EACxB,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EACpB,UAAU,EAAE,OAAO,EACnB,cAAc,EAAE,OAAO,EACvB,wBAAwB,EAAE,OAAO,EAC1C,SAAS,EAAE,CAAC,EACZ,YAAY,EAAE,CAAC,GAAG,SAAS;IAsB/B,kBAAkB,CAAC,KAAK,EAAE,CAAC;IAW3B,gBAAgB,CAAC,QAAQ,EAAE,iBAAiB;IAI5C;;;OAGG;IACH,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,IAAI;IAEzC,IAAI,QAAQ,gBAEX;IAED,IAAI,OAAO,gBAEV;CACJ;AAED;;;GAGG;AACH,qBAAa,oBAAoB,CAAC,CAAC,CAAE,SAAQ,mBAAmB,CAAC,CAAC,CAAC;IAoB3D,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,iBAAiB;IAnBpD,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAQ;IACjC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,CACvB,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,gBAAgB,CAAC,EAAE,OAAO,EAC1B,OAAO,CAAC,EAAE,OAAO,KAChB,CAAC,CAAC;gBAGH,EAAE,EAAE,WAAW,EACf,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,WAAW,GAAG,SAAS,EAChC,QAAQ,EAAE,WAAW,GAAG,SAAS,EACjC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EACpB,UAAU,EAAE,OAAO,EACnB,cAAc,EAAE,OAAO,EACvB,wBAAwB,EAAE,OAAO,EACjC,SAAS,EAAE,CAAC,EACZ,YAAY,EAAE,CAAC,GAAG,SAAS,EACR,UAAU,EAAE,iBAAiB;IAEhD;;;;;;;OAOG;IACH,MAAM,CAAC,EAAE,CACL,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,gBAAgB,CAAC,EAAE,OAAO,EAC1B,OAAO,CAAC,EAAE,OAAO,KAChB,CAAC;IA4BV;;;;;OAKG;IACH,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,CAAC;IAMpF;;;;;;OAMG;IACH,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,OAAO;;;;IAI3F;;;;OAIG;IACH,QAAQ,IAAI,CAAC;IAIb;;;;OAIG;IACH,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,SAAS;IAQzB;;;OAGG;IACH,sBAAsB,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI;IAIrE;;OAEG;IACH,yBAAyB,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI;IAIxE;;;OAGG;IACH,mBAAmB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;IAIjE;;;OAGG;IACH,SAAS,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;IAIvD;;OAEG;IACH,sBAAsB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;CAGvE;AAED;;GAEG;AACH,qBAAa,eAAe,CAAC,CAAC,CAAE,SAAQ,oBAAoB,CAAC,CAAC,CAAC;IAC3D,SAAkB,OAAO,SAAS;IAClC,SAAS,CAAC,QAAQ,CAAC,oBAAoB,WAAqB,CAAC,WAAW,MAAM,KAAK,IAAI,IAAI;IAC3F,SAAS,CAAC,QAAQ,CAAC,iBAAiB,cAAwB,CAAC,YAAY,CAAC,KAAK,IAAI,IAAI;IACvF,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,CACvB,KAAK,EAAE,CAAC,EACR,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,OAAO,CAAC,EAAE,OAAO,KAChB,OAAO,CAAC;IACb,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,KAAK,IAAI,CAAC;IAChH,SAAS,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,CAAa;gBAGxD,EAAE,EAAE,WAAW,EACf,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,WAAW,GAAG,SAAS,EAChC,QAAQ,EAAE,WAAW,GAAG,SAAS,EACjC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EACpB,UAAU,EAAE,OAAO,EACnB,cAAc,EAAE,OAAO,EACvB,wBAAwB,EAAE,OAAO,EACjC,SAAS,EAAE,CAAC,EACZ,YAAY,EAAE,CAAC,GAAG,SAAS,EAC3B,UAAU,EAAE,iBAAiB,EAC7B,MAAM,CAAC,EAAE,CACL,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,gBAAgB,CAAC,EAAE,OAAO,EAC1B,OAAO,CAAC,EAAE,OAAO,KAChB,CAAC;IAEN;;;;;;;;;OASG;IACH,MAAM,CAAC,EAAE,CACL,KAAK,EAAE,CAAC,EACR,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,OAAO,CAAC,EAAE,OAAO,KAChB,OAAO;IAEZ;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,KAAK,IAAI;IA6CjG;;;OAGG;IACM,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,SAAS;IAWlC;;;;;;;OAOG;IACH,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,iBAAiB,UAAQ;IAQ1F;;OAEG;IACH,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,iBAAiB,UAAQ;IAK1G;;;;;;;;;OASG;IACH,QAAQ,CAAC,KAAK,EAAE,CAAC;IAKjB;;OAEG;IACH,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,iBAAiB,UAAQ;IAgB5G,0BAA0B;IAS1B;;;OAGG;IACH,SAAS,CAAC,gCAAgC,CAAC,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,GAAG,SAAS,EAAE,sBAAsB,EAAE,OAAO;IAU7G;;;;;;OAMG;IACH,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC,YAAY,CAAC;IAU5C;;;;;;OAMG;IACH,YAAY;IAMZ;;;OAGG;IACM,sBAAsB,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI;IAI7E;;OAEG;IACM,yBAAyB,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI;IAOhF;;;OAGG;IACM,mBAAmB,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;IAIzE;;;OAGG;IACM,SAAS,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;IAI/D;;OAEG;IACM,sBAAsB,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;CAM/E;AAED,wBAAgB,4CAA4C,CAAC,CAAC,EAC1D,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EACzC,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,CAAC,KAIlB;AAED,wBAAgB,kCAAkC,CAAC,CAAC,EAChD,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,SAAS,EAC1C,gBAAgB,EAAE,OAAO,EACzB,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EACzC,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,CAAC,KA4BlB;AAED,wBAAgB,2CAA2C,CAAC,CAAC,EACzD,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EACzC,aAAa,EAAE,MAAM,EACrB,KAAK,EAAE,CAAC,EACR,YAAY,CAAC,EAAE,CAAC,WAanB;AAED,wBAAgB,kCAAkC,CAAC,CAAC,EAChD,KAAK,EAAE,CAAC,EACR,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,SAAS,EAC1C,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EACzC,aAAa,EAAE,MAAM,EACrB,YAAY,CAAC,EAAE,CAAC,WAUnB;AAED;;;GAGG;AACH,qBAAa,2BAA2B,CAAC,CAAC,CAAE,SAAQ,eAAe,CAAC,CAAC,CAAC;IAe9D,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;IAdtD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;gBAGrC,EAAE,EAAE,WAAW,EACf,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,WAAW,GAAG,SAAS,EAChC,QAAQ,EAAE,WAAW,GAAG,SAAS,EACjC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EACpB,UAAU,EAAE,OAAO,EACnB,cAAc,EAAE,OAAO,EACvB,wBAAwB,EAAE,OAAO,EACjC,SAAS,EAAE,CAAC,EACZ,YAAY,EAAE,CAAC,GAAG,SAAS,EAClB,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAClD,UAAU,EAAE,iBAAiB,EAC7B,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,EAAE,gBAAgB,CAAC,EAAE,OAAO,KAAK,CAAC,EACzG,MAAM,CAAC,EAAE,CACL,KAAK,EAAE,CAAC,EACR,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,OAAO,CAAC,EAAE,OAAO,KAChB,OAAO,EACZ,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,KAAK,IAAI;IAoEjG;;;OAGG;IACM,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,SAAS;IAMlC;;OAEG;IACM,GAAG,CACR,KAAK,EAAE,CAAC,EACR,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAC9B,OAAO,EAAE,OAAO,EAChB,iBAAiB,UAAQ,EACzB,mBAAmB,UAAQ;IAS/B;;;OAGG;cACgB,SAAS,CACxB,KAAK,EAAE,CAAC,EACR,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAC9B,OAAO,EAAE,OAAO,EAChB,iBAAiB,UAAQ,EACzB,mBAAmB,UAAQ;IAc/B;;OAEG;IACM,QAAQ,CAAC,MAAM,EAAE,CAAC;IAM3B;;;;;;OAMG;IACH,iBAAiB,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM;IAqB1C;;;;;OAKG;IACH,qBAAqB,CAAC,MAAM,EAAE,MAAM;IAUpC;;;;OAIG;IACH,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC;CAQvC"}
1
+ {"version":3,"file":"AttributeServer.d.ts","sourceRoot":"","sources":["../../../../src/cluster/server/AttributeServer.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AACrD,OAAO,EAAE,OAAO,EAAE,MAAM,6BAA6B,CAAC;AACtD,OAAO,EAAsC,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAG9F,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AAC5D,OAAO,EAAE,QAAQ,IAAI,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AACzE,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAUhD,OAAO,EAAE,SAAS,EAAE,wBAAwB,EAAE,MAAM,8BAA8B,CAAC;AACnF,OAAO,EAA2B,aAAa,EAAuB,MAAM,gCAAgC,CAAC;AAC7G,OAAO,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAInD,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAC9F,OAAO,EAAE,iBAAiB,EAAE,MAAM,yBAAyB,CAAC;AAO5D;;;GAGG;AACH,qBAAa,gBAAiB,SAAQ,WAAW;CAAG;AAEpD,MAAM,MAAM,kBAAkB,CAAC,CAAC,IAAI,eAAe,CAAC,CAAC,CAAC,GAAG,2BAA2B,CAAC,CAAC,CAAC,GAAG,oBAAoB,CAAC,CAAC,CAAC,CAAC;AAElH,KAAK,iBAAiB,GAAG;IACrB,QAAQ,EAAE,GAAG,CAAC;IACd,QAAQ,EAAE,GAAG,CAAC;IACd,OAAO,EAAE,OAAO,CAAC;CACpB,CAAC;AAEF;;GAEG;AACH,wBAAgB,qBAAqB,CACjC,CAAC,EACD,CAAC,SAAS,SAAS,EACnB,EAAE,SAAS,wBAAwB,CAAC,CAAC,CAAC,EACtC,CAAC,SAAS,UAAU,EACpB,CAAC,SAAS,QAAQ,EAClB,CAAC,SAAS,MAAM,EAEhB,UAAU,EAAE,OAAO,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EACnC,YAAY,EAAE,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,EAC7B,aAAa,EAAE,MAAM,EACrB,SAAS,EAAE,CAAC,EACZ,UAAU,EAAE,iBAAiB,EAC7B,MAAM,CAAC,EAAE,CACL,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,gBAAgB,CAAC,EAAE,OAAO,EAC1B,OAAO,CAAC,EAAE,OAAO,KAChB,CAAC,EACN,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,EAAE,OAAO,CAAC,EAAE,OAAO,KAAK,OAAO,EAChH,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,KAAK,IAAI,2BAoEhG;AAED;;GAEG;AACH,8BAAsB,mBAAmB,CAAC,CAAC;;IAWnC,QAAQ,CAAC,EAAE,EAAE,WAAW;IACxB,QAAQ,CAAC,IAAI,EAAE,MAAM;IAGrB,QAAQ,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC;IAC7B,QAAQ,CAAC,UAAU,EAAE,OAAO;IAC5B,QAAQ,CAAC,cAAc,EAAE,OAAO;IAChC,QAAQ,CAAC,wBAAwB,EAAE,OAAO;IAjB9C;;OAEG;IACH,SAAS,CAAC,KAAK,EAAE,CAAC,GAAG,SAAS,CAAa;IAC3C,SAAS,CAAC,QAAQ,CAAC,EAAE,iBAAiB,CAAC;IACvC,QAAQ,CAAC,YAAY,EAAE,CAAC,CAAC;gBAKZ,EAAE,EAAE,WAAW,EACf,IAAI,EAAE,MAAM,EACrB,OAAO,EAAE,WAAW,GAAG,SAAS,EAChC,QAAQ,EAAE,WAAW,GAAG,SAAS,EACxB,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EACpB,UAAU,EAAE,OAAO,EACnB,cAAc,EAAE,OAAO,EACvB,wBAAwB,EAAE,OAAO,EAC1C,SAAS,EAAE,CAAC,EACZ,YAAY,EAAE,CAAC,GAAG,SAAS;IAsB/B,IAAI,sBAAsB,YAEzB;IAED,kBAAkB,CAAC,KAAK,EAAE,CAAC;IAW3B,gBAAgB,CAAC,QAAQ,EAAE,iBAAiB;IAI5C;;;OAGG;IACH,QAAQ,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,SAAS,GAAG,IAAI;IAEzC,IAAI,QAAQ,gBAEX;IAED,IAAI,OAAO,gBAEV;CACJ;AAED;;;GAGG;AACH,qBAAa,oBAAoB,CAAC,CAAC,CAAE,SAAQ,mBAAmB,CAAC,CAAC,CAAC;IAoB3D,SAAS,CAAC,QAAQ,CAAC,UAAU,EAAE,iBAAiB;IAnBpD,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAQ;IACjC,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,CACvB,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,gBAAgB,CAAC,EAAE,OAAO,EAC1B,OAAO,CAAC,EAAE,OAAO,KAChB,CAAC,CAAC;gBAGH,EAAE,EAAE,WAAW,EACf,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,WAAW,GAAG,SAAS,EAChC,QAAQ,EAAE,WAAW,GAAG,SAAS,EACjC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EACpB,UAAU,EAAE,OAAO,EACnB,cAAc,EAAE,OAAO,EACvB,wBAAwB,EAAE,OAAO,EACjC,SAAS,EAAE,CAAC,EACZ,YAAY,EAAE,CAAC,GAAG,SAAS,EACR,UAAU,EAAE,iBAAiB;IAEhD;;;;;;;OAOG;IACH,MAAM,CAAC,EAAE,CACL,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,gBAAgB,CAAC,EAAE,OAAO,EAC1B,OAAO,CAAC,EAAE,OAAO,KAChB,CAAC;IA4BV;;;;;OAKG;IACH,GAAG,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,OAAO,GAAG,CAAC;IAMpF;;;;;;OAMG;IACH,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,gBAAgB,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,OAAO;;;;IAI3F;;;;OAIG;IACH,QAAQ,IAAI,CAAC;IAIb;;;;OAIG;IACH,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,SAAS;IAQzB;;;OAGG;IACH,sBAAsB,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI;IAIrE;;OAEG;IACH,yBAAyB,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI;IAIxE;;;OAGG;IACH,mBAAmB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;IAIjE;;;OAGG;IACH,SAAS,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;IAIvD;;OAEG;IACH,sBAAsB,CAAC,SAAS,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;CAGvE;AAED;;GAEG;AACH,qBAAa,eAAe,CAAC,CAAC,CAAE,SAAQ,oBAAoB,CAAC,CAAC,CAAC;IAC3D,SAAkB,OAAO,SAAS;IAClC,SAAS,CAAC,QAAQ,CAAC,oBAAoB,WAAqB,CAAC,WAAW,MAAM,KAAK,IAAI,IAAI;IAC3F,SAAS,CAAC,QAAQ,CAAC,iBAAiB,cAAwB,CAAC,YAAY,CAAC,KAAK,IAAI,IAAI;IACvF,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,CACvB,KAAK,EAAE,CAAC,EACR,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,OAAO,CAAC,EAAE,OAAO,KAChB,OAAO,CAAC;IACb,SAAS,CAAC,QAAQ,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,KAAK,IAAI,CAAC;IAChH,SAAS,CAAC,iBAAiB,CAAC,EAAE,iBAAiB,CAAa;gBAGxD,EAAE,EAAE,WAAW,EACf,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,WAAW,GAAG,SAAS,EAChC,QAAQ,EAAE,WAAW,GAAG,SAAS,EACjC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EACpB,UAAU,EAAE,OAAO,EACnB,cAAc,EAAE,OAAO,EACvB,wBAAwB,EAAE,OAAO,EACjC,SAAS,EAAE,CAAC,EACZ,YAAY,EAAE,CAAC,GAAG,SAAS,EAC3B,UAAU,EAAE,iBAAiB,EAC7B,MAAM,CAAC,EAAE,CACL,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,gBAAgB,CAAC,EAAE,OAAO,EAC1B,OAAO,CAAC,EAAE,OAAO,KAChB,CAAC;IAEN;;;;;;;;;OASG;IACH,MAAM,CAAC,EAAE,CACL,KAAK,EAAE,CAAC,EACR,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,OAAO,CAAC,EAAE,OAAO,KAChB,OAAO;IAEZ;;;;;;;;;;OAUG;IACH,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,KAAK,IAAI;IA6CjG;;;OAGG;IACM,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,SAAS;IAWlC;;;;;;;OAOG;IACH,GAAG,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,iBAAiB,UAAQ;IAQ1F;;OAEG;IACH,SAAS,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,iBAAiB,UAAQ;IAK1G;;;;;;;;;OASG;IACH,QAAQ,CAAC,KAAK,EAAE,CAAC;IAKjB;;OAEG;IACH,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,EAAE,iBAAiB,UAAQ;IAgB5G,0BAA0B;IAS1B;;;OAGG;IACH,SAAS,CAAC,gCAAgC,CAAC,KAAK,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,GAAG,SAAS,EAAE,sBAAsB,EAAE,OAAO;IAU7G;;;;;;OAMG;IACH,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC,YAAY,CAAC;IAU5C;;;;;;OAMG;IACH,YAAY;IAMZ;;;OAGG;IACM,sBAAsB,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI;IAI7E;;OAEG;IACM,yBAAyB,CAAC,QAAQ,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI;IAOhF;;;OAGG;IACM,mBAAmB,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;IAIzE;;;OAGG;IACM,SAAS,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;IAI/D;;OAEG;IACM,sBAAsB,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,KAAK,IAAI;CAM/E;AAED,wBAAgB,4CAA4C,CAAC,CAAC,EAC1D,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EACzC,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,CAAC,KAIlB;AAED,wBAAgB,kCAAkC,CAAC,CAAC,EAChD,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,SAAS,EAC1C,gBAAgB,EAAE,OAAO,EACzB,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EACzC,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,CAAC,KA4BlB;AAED,wBAAgB,2CAA2C,CAAC,CAAC,EACzD,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EACzC,aAAa,EAAE,MAAM,EACrB,KAAK,EAAE,CAAC,EACR,YAAY,CAAC,EAAE,CAAC,WAanB;AAED,wBAAgB,kCAAkC,CAAC,CAAC,EAChD,KAAK,EAAE,CAAC,EACR,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,GAAG,SAAS,EAC1C,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EACzC,aAAa,EAAE,MAAM,EACrB,YAAY,CAAC,EAAE,CAAC,WAUnB;AAED;;;GAGG;AACH,qBAAa,2BAA2B,CAAC,CAAC,CAAE,SAAQ,eAAe,CAAC,CAAC,CAAC;;IAgB9D,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC;IAftD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAU;IACzC,OAAO,CAAC,QAAQ,CAAC,+BAA+B,CAAuB;gBAGnE,EAAE,EAAE,WAAW,EACf,IAAI,EAAE,MAAM,EACZ,OAAO,EAAE,WAAW,GAAG,SAAS,EAChC,QAAQ,EAAE,WAAW,GAAG,SAAS,EACjC,MAAM,EAAE,SAAS,CAAC,CAAC,CAAC,EACpB,UAAU,EAAE,OAAO,EACnB,cAAc,EAAE,OAAO,EACvB,wBAAwB,EAAE,OAAO,EACjC,SAAS,EAAE,CAAC,EACZ,YAAY,EAAE,CAAC,GAAG,SAAS,EAClB,OAAO,EAAE,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAClD,UAAU,EAAE,iBAAiB,EAC7B,MAAM,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,EAAE,gBAAgB,CAAC,EAAE,OAAO,KAAK,CAAC,EACzG,MAAM,CAAC,EAAE,CACL,KAAK,EAAE,CAAC,EACR,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAC/B,QAAQ,CAAC,EAAE,iBAAiB,EAC5B,OAAO,CAAC,EAAE,OAAO,KAChB,OAAO,EACZ,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,EAAE,OAAO,CAAC,EAAE,OAAO,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,EAAE,iBAAiB,KAAK,IAAI;IA0GjG,IAAa,sBAAsB,YAElC;IAED;;;OAGG;IACH,6BAA6B,CAAC,KAAK,EAAE,CAAC,EAAE,gBAAgB,CAAC,EAAE,MAAM;IAiBjE;;;OAGG;IACM,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,SAAS;IAMlC;;OAEG;IACM,GAAG,CACR,KAAK,EAAE,CAAC,EACR,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAC9B,OAAO,EAAE,OAAO,EAChB,iBAAiB,UAAQ,EACzB,mBAAmB,UAAQ;IAS/B;;;OAGG;cACgB,SAAS,CACxB,KAAK,EAAE,CAAC,EACR,OAAO,EAAE,OAAO,CAAC,YAAY,CAAC,EAC9B,OAAO,EAAE,OAAO,EAChB,iBAAiB,UAAQ,EACzB,mBAAmB,UAAQ;IAc/B;;OAEG;IACM,QAAQ,CAAC,MAAM,EAAE,CAAC;IAM3B;;;;;;OAMG;IACH,iBAAiB,CAAC,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,MAAM;IAqB1C;;;;;OAKG;IACH,qBAAqB,CAAC,MAAM,EAAE,MAAM;IAUpC;;;;OAIG;IACH,iBAAiB,CAAC,MAAM,EAAE,MAAM,GAAG,CAAC;CAQvC"}