@reclaimprotocol/attestor-core 3.0.1

package/lib/server/utils/iso.js

@@ -0,0 +1,260 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.isValidCountryCode = isValidCountryCode;
+const countries = {
+    AF: 'Afghanistan',
+    AX: 'Åland Islands',
+    AL: 'Albania',
+    DZ: 'Algeria',
+    AS: 'American Samoa',
+    AD: 'Andorra',
+    AO: 'Angola',
+    AI: 'Anguilla',
+    AQ: 'Antarctica',
+    AG: 'Antigua and Barbuda',
+    AR: 'Argentina',
+    AM: 'Armenia',
+    AW: 'Aruba',
+    AU: 'Australia',
+    AT: 'Austria',
+    AZ: 'Azerbaijan',
+    BS: 'Bahamas',
+    BH: 'Bahrain',
+    BD: 'Bangladesh',
+    BB: 'Barbados',
+    BY: 'Belarus',
+    BE: 'Belgium',
+    BZ: 'Belize',
+    BJ: 'Benin',
+    BM: 'Bermuda',
+    BT: 'Bhutan',
+    BO: 'Bolivia, Plurinational State of',
+    BQ: 'Bonaire, Sint Eustatius and Saba',
+    BA: 'Bosnia and Herzegovina',
+    BW: 'Botswana',
+    BV: 'Bouvet Island',
+    BR: 'Brazil',
+    IO: 'British Indian Ocean Territory',
+    BN: 'Brunei Darussalam',
+    BG: 'Bulgaria',
+    BF: 'Burkina Faso',
+    BI: 'Burundi',
+    KH: 'Cambodia',
+    CM: 'Cameroon',
+    CA: 'Canada',
+    CV: 'Cape Verde',
+    KY: 'Cayman Islands',
+    CF: 'Central African Republic',
+    TD: 'Chad',
+    CL: 'Chile',
+    CN: 'China',
+    CX: 'Christmas Island',
+    CC: 'Cocos (Keeling) Islands',
+    CO: 'Colombia',
+    KM: 'Comoros',
+    CG: 'Congo',
+    CD: 'Congo, the Democratic Republic of the',
+    CK: 'Cook Islands',
+    CR: 'Costa Rica',
+    CI: "Côte d'Ivoire",
+    HR: 'Croatia',
+    CU: 'Cuba',
+    CW: 'Curaçao',
+    CY: 'Cyprus',
+    CZ: 'Czech Republic',
+    DK: 'Denmark',
+    DJ: 'Djibouti',
+    DM: 'Dominica',
+    DO: 'Dominican Republic',
+    EC: 'Ecuador',
+    EG: 'Egypt',
+    SV: 'El Salvador',
+    GQ: 'Equatorial Guinea',
+    ER: 'Eritrea',
+    EE: 'Estonia',
+    ET: 'Ethiopia',
+    FK: 'Falkland Islands (Malvinas)',
+    FO: 'Faroe Islands',
+    FJ: 'Fiji',
+    FI: 'Finland',
+    FR: 'France',
+    GF: 'French Guiana',
+    PF: 'French Polynesia',
+    TF: 'French Southern Territories',
+    GA: 'Gabon',
+    GM: 'Gambia',
+    GE: 'Georgia',
+    DE: 'Germany',
+    GH: 'Ghana',
+    GI: 'Gibraltar',
+    GR: 'Greece',
+    GL: 'Greenland',
+    GD: 'Grenada',
+    GP: 'Guadeloupe',
+    GU: 'Guam',
+    GT: 'Guatemala',
+    GG: 'Guernsey',
+    GN: 'Guinea',
+    GW: 'Guinea-Bissau',
+    GY: 'Guyana',
+    HT: 'Haiti',
+    HM: 'Heard Island and McDonald Mcdonald Islands',
+    VA: 'Holy See (Vatican City State)',
+    HN: 'Honduras',
+    HK: 'Hong Kong',
+    HU: 'Hungary',
+    IS: 'Iceland',
+    IN: 'India',
+    ID: 'Indonesia',
+    IR: 'Iran, Islamic Republic of',
+    IQ: 'Iraq',
+    IE: 'Ireland',
+    IM: 'Isle of Man',
+    IL: 'Israel',
+    IT: 'Italy',
+    JM: 'Jamaica',
+    JP: 'Japan',
+    JE: 'Jersey',
+    JO: 'Jordan',
+    KZ: 'Kazakhstan',
+    KE: 'Kenya',
+    KI: 'Kiribati',
+    XK: 'Kosovo',
+    KP: "Korea, Democratic People's Republic of",
+    KR: 'Korea, Republic of',
+    KW: 'Kuwait',
+    KG: 'Kyrgyzstan',
+    LA: "Lao People's Democratic Republic",
+    LV: 'Latvia',
+    LB: 'Lebanon',
+    LS: 'Lesotho',
+    LR: 'Liberia',
+    LY: 'Libya',
+    LI: 'Liechtenstein',
+    LT: 'Lithuania',
+    LU: 'Luxembourg',
+    MO: 'Macao',
+    MK: 'North Macedonia',
+    MG: 'Madagascar',
+    MW: 'Malawi',
+    MY: 'Malaysia',
+    MV: 'Maldives',
+    ML: 'Mali',
+    MT: 'Malta',
+    MH: 'Marshall Islands',
+    MQ: 'Martinique',
+    MR: 'Mauritania',
+    MU: 'Mauritius',
+    YT: 'Mayotte',
+    MX: 'Mexico',
+    FM: 'Micronesia, Federated States of',
+    MD: 'Moldova, Republic of',
+    MC: 'Monaco',
+    MN: 'Mongolia',
+    ME: 'Montenegro',
+    MS: 'Montserrat',
+    MA: 'Morocco',
+    MZ: 'Mozambique',
+    MM: 'Myanmar',
+    NA: 'Namibia',
+    NR: 'Nauru',
+    NP: 'Nepal',
+    NL: 'Netherlands',
+    AN: 'Netherlands Antilles',
+    NC: 'New Caledonia',
+    NZ: 'New Zealand',
+    NI: 'Nicaragua',
+    NE: 'Niger',
+    NG: 'Nigeria',
+    NU: 'Niue',
+    NF: 'Norfolk Island',
+    MP: 'Northern Mariana Islands',
+    NO: 'Norway',
+    OM: 'Oman',
+    PK: 'Pakistan',
+    PW: 'Palau',
+    PS: 'Palestine, State of',
+    PA: 'Panama',
+    PG: 'Papua New Guinea',
+    PY: 'Paraguay',
+    PE: 'Peru',
+    PH: 'Philippines',
+    PN: 'Pitcairn',
+    PL: 'Poland',
+    PT: 'Portugal',
+    PR: 'Puerto Rico',
+    QA: 'Qatar',
+    RE: 'Réunion',
+    RO: 'Romania',
+    RU: 'Russian Federation',
+    RW: 'Rwanda',
+    BL: 'Saint Barthélemy',
+    SH: 'Saint Helena, Ascension and Tristan da Cunha',
+    KN: 'Saint Kitts and Nevis',
+    LC: 'Saint Lucia',
+    MF: 'Saint Martin (French part)',
+    PM: 'Saint Pierre and Miquelon',
+    VC: 'Saint Vincent and the Grenadines',
+    WS: 'Samoa',
+    SM: 'San Marino',
+    ST: 'Sao Tome and Principe',
+    SA: 'Saudi Arabia',
+    SN: 'Senegal',
+    RS: 'Serbia',
+    SC: 'Seychelles',
+    SL: 'Sierra Leone',
+    SG: 'Singapore',
+    SX: 'Sint Maarten (Dutch part)',
+    SK: 'Slovakia',
+    SI: 'Slovenia',
+    SB: 'Solomon Islands',
+    SO: 'Somalia',
+    ZA: 'South Africa',
+    GS: 'South Georgia and the South Sandwich Islands',
+    SS: 'South Sudan',
+    ES: 'Spain',
+    LK: 'Sri Lanka',
+    SD: 'Sudan',
+    SR: 'Suriname',
+    SJ: 'Svalbard and Jan Mayen',
+    SZ: 'Swaziland',
+    SE: 'Sweden',
+    CH: 'Switzerland',
+    SY: 'Syrian Arab Republic',
+    TW: 'Taiwan, Province of China',
+    TJ: 'Tajikistan',
+    TZ: 'Tanzania, United Republic of',
+    TH: 'Thailand',
+    TL: 'Timor-Leste',
+    TG: 'Togo',
+    TK: 'Tokelau',
+    TO: 'Tonga',
+    TT: 'Trinidad and Tobago',
+    TN: 'Tunisia',
+    TR: 'Turkey',
+    TM: 'Turkmenistan',
+    TC: 'Turks and Caicos Islands',
+    TV: 'Tuvalu',
+    UG: 'Uganda',
+    UA: 'Ukraine',
+    AE: 'United Arab Emirates',
+    GB: 'United Kingdom',
+    US: 'United States',
+    UM: 'United States Minor Outlying Islands',
+    UY: 'Uruguay',
+    UZ: 'Uzbekistan',
+    VU: 'Vanuatu',
+    VE: 'Venezuela, Bolivarian Republic of',
+    VN: 'Viet Nam',
+    VG: 'Virgin Islands, British',
+    VI: 'Virgin Islands, U.S.',
+    WF: 'Wallis and Futuna',
+    EH: 'Western Sahara',
+    YE: 'Yemen',
+    ZM: 'Zambia',
+    ZW: 'Zimbabwe'
+};
+function isValidCountryCode(countryCode) {
+    return (countryCode.toUpperCase() in countries);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaXNvLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3NlcnZlci91dGlscy9pc28udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUErUEEsZ0RBRUM7QUFoUUQsTUFBTSxTQUFTLEdBQUc7SUFDakIsRUFBRSxFQUFFLGFBQWE7SUFDakIsRUFBRSxFQUFFLGVBQWU7SUFDbkIsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxnQkFBZ0I7SUFDcEIsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsUUFBUTtJQUNaLEVBQUUsRUFBRSxVQUFVO0lBQ2QsRUFBRSxFQUFFLFlBQVk7SUFDaEIsRUFBRSxFQUFFLHFCQUFxQjtJQUN6QixFQUFFLEVBQUUsV0FBVztJQUNmLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLE9BQU87SUFDWCxFQUFFLEVBQUUsV0FBVztJQUNmLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLFlBQVk7SUFDaEIsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxZQUFZO0lBQ2hCLEVBQUUsRUFBRSxVQUFVO0lBQ2QsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxRQUFRO0lBQ1osRUFBRSxFQUFFLE9BQU87SUFDWCxFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxRQUFRO0lBQ1osRUFBRSxFQUFFLGlDQUFpQztJQUNyQyxFQUFFLEVBQUUsa0NBQWtDO0lBQ3RDLEVBQUUsRUFBRSx3QkFBd0I7SUFDNUIsRUFBRSxFQUFFLFVBQVU7SUFDZCxFQUFFLEVBQUUsZUFBZTtJQUNuQixFQUFFLEVBQUUsUUFBUTtJQUNaLEVBQUUsRUFBRSxnQ0FBZ0M7SUFDcEMsRUFBRSxFQUFFLG1CQUFtQjtJQUN2QixFQUFFLEVBQUUsVUFBVTtJQUNkLEVBQUUsRUFBRSxjQUFjO0lBQ2xCLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLFVBQVU7SUFDZCxFQUFFLEVBQUUsVUFBVTtJQUNkLEVBQUUsRUFBRSxRQUFRO0lBQ1osRUFBRSxFQUFFLFlBQVk7SUFDaEIsRUFBRSxFQUFFLGdCQUFnQjtJQUNwQixFQUFFLEVBQUUsMEJBQTBCO0lBQzlCLEVBQUUsRUFBRSxNQUFNO0lBQ1YsRUFBRSxFQUFFLE9BQU87SUFDWCxFQUFFLEVBQUUsT0FBTztJQUNYLEVBQUUsRUFBRSxrQkFBa0I7SUFDdEIsRUFBRSxFQUFFLHlCQUF5QjtJQUM3QixFQUFFLEVBQUUsVUFBVTtJQUNkLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLE9BQU87SUFDWCxFQUFFLEVBQUUsdUNBQXVDO0lBQzNDLEVBQUUsRUFBRSxjQUFjO0lBQ2xCLEVBQUUsRUFBRSxZQUFZO0lBQ2hCLEVBQUUsRUFBRSxlQUFlO0lBQ25CLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLE1BQU07SUFDVixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxRQUFRO0lBQ1osRUFBRSxFQUFFLGdCQUFnQjtJQUNwQixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxVQUFVO0lBQ2QsRUFBRSxFQUFFLFVBQVU7SUFDZCxFQUFFLEVBQUUsb0JBQW9CO0lBQ3hCLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLE9BQU87SUFDWCxFQUFFLEVBQUUsYUFBYTtJQUNqQixFQUFFLEVBQUUsbUJBQW1CO0lBQ3ZCLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsVUFBVTtJQUNkLEVBQUUsRUFBRSw2QkFBNkI7SUFDakMsRUFBRSxFQUFFLGVBQWU7SUFDbkIsRUFBRSxFQUFFLE1BQU07SUFDVixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxRQUFRO0lBQ1osRUFBRSxFQUFFLGVBQWU7SUFDbkIsRUFBRSxFQUFFLGtCQUFrQjtJQUN0QixFQUFFLEVBQUUsNkJBQTZCO0lBQ2pDLEVBQUUsRUFBRSxPQUFPO0lBQ1gsRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLE9BQU87SUFDWCxFQUFFLEVBQUUsV0FBVztJQUNmLEVBQUUsRUFBRSxRQUFRO0lBQ1osRUFBRSxFQUFFLFdBQVc7SUFDZixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxZQUFZO0lBQ2hCLEVBQUUsRUFBRSxNQUFNO0lBQ1YsRUFBRSxFQUFFLFdBQVc7SUFDZixFQUFFLEVBQUUsVUFBVTtJQUNkLEVBQUUsRUFBRSxRQUFRO0lBQ1osRUFBRSxFQUFFLGVBQWU7SUFDbkIsRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsT0FBTztJQUNYLEVBQUUsRUFBRSw0Q0FBNEM7SUFDaEQsRUFBRSxFQUFFLCtCQUErQjtJQUNuQyxFQUFFLEVBQUUsVUFBVTtJQUNkLEVBQUUsRUFBRSxXQUFXO0lBQ2YsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxPQUFPO0lBQ1gsRUFBRSxFQUFFLFdBQVc7SUFDZixFQUFFLEVBQUUsMkJBQTJCO0lBQy9CLEVBQUUsRUFBRSxNQUFNO0lBQ1YsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsYUFBYTtJQUNqQixFQUFFLEVBQUUsUUFBUTtJQUNaLEVBQUUsRUFBRSxPQUFPO0lBQ1gsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsT0FBTztJQUNYLEVBQUUsRUFBRSxRQUFRO0lBQ1osRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsWUFBWTtJQUNoQixFQUFFLEVBQUUsT0FBTztJQUNYLEVBQUUsRUFBRSxVQUFVO0lBQ2QsRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsd0NBQXdDO0lBQzVDLEVBQUUsRUFBRSxvQkFBb0I7SUFDeEIsRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsWUFBWTtJQUNoQixFQUFFLEVBQUUsa0NBQWtDO0lBQ3RDLEVBQUUsRUFBRSxRQUFRO0lBQ1osRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLE9BQU87SUFDWCxFQUFFLEVBQUUsZUFBZTtJQUNuQixFQUFFLEVBQUUsV0FBVztJQUNmLEVBQUUsRUFBRSxZQUFZO0lBQ2hCLEVBQUUsRUFBRSxPQUFPO0lBQ1gsRUFBRSxFQUFFLGlCQUFpQjtJQUNyQixFQUFFLEVBQUUsWUFBWTtJQUNoQixFQUFFLEVBQUUsUUFBUTtJQUNaLEVBQUUsRUFBRSxVQUFVO0lBQ2QsRUFBRSxFQUFFLFVBQVU7SUFDZCxFQUFFLEVBQUUsTUFBTTtJQUNWLEVBQUUsRUFBRSxPQUFPO0lBQ1gsRUFBRSxFQUFFLGtCQUFrQjtJQUN0QixFQUFFLEVBQUUsWUFBWTtJQUNoQixFQUFFLEVBQUUsWUFBWTtJQUNoQixFQUFFLEVBQUUsV0FBVztJQUNmLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsaUNBQWlDO0lBQ3JDLEVBQUUsRUFBRSxzQkFBc0I7SUFDMUIsRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsVUFBVTtJQUNkLEVBQUUsRUFBRSxZQUFZO0lBQ2hCLEVBQUUsRUFBRSxZQUFZO0lBQ2hCLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLFlBQVk7SUFDaEIsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxPQUFPO0lBQ1gsRUFBRSxFQUFFLE9BQU87SUFDWCxFQUFFLEVBQUUsYUFBYTtJQUNqQixFQUFFLEVBQUUsc0JBQXNCO0lBQzFCLEVBQUUsRUFBRSxlQUFlO0lBQ25CLEVBQUUsRUFBRSxhQUFhO0lBQ2pCLEVBQUUsRUFBRSxXQUFXO0lBQ2YsRUFBRSxFQUFFLE9BQU87SUFDWCxFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxNQUFNO0lBQ1YsRUFBRSxFQUFFLGdCQUFnQjtJQUNwQixFQUFFLEVBQUUsMEJBQTBCO0lBQzlCLEVBQUUsRUFBRSxRQUFRO0lBQ1osRUFBRSxFQUFFLE1BQU07SUFDVixFQUFFLEVBQUUsVUFBVTtJQUNkLEVBQUUsRUFBRSxPQUFPO0lBQ1gsRUFBRSxFQUFFLHFCQUFxQjtJQUN6QixFQUFFLEVBQUUsUUFBUTtJQUNaLEVBQUUsRUFBRSxrQkFBa0I7SUFDdEIsRUFBRSxFQUFFLFVBQVU7SUFDZCxFQUFFLEVBQUUsTUFBTTtJQUNWLEVBQUUsRUFBRSxhQUFhO0lBQ2pCLEVBQUUsRUFBRSxVQUFVO0lBQ2QsRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsVUFBVTtJQUNkLEVBQUUsRUFBRSxhQUFhO0lBQ2pCLEVBQUUsRUFBRSxPQUFPO0lBQ1gsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxvQkFBb0I7SUFDeEIsRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsa0JBQWtCO0lBQ3RCLEVBQUUsRUFBRSw4Q0FBOEM7SUFDbEQsRUFBRSxFQUFFLHVCQUF1QjtJQUMzQixFQUFFLEVBQUUsYUFBYTtJQUNqQixFQUFFLEVBQUUsNEJBQTRCO0lBQ2hDLEVBQUUsRUFBRSwyQkFBMkI7SUFDL0IsRUFBRSxFQUFFLGtDQUFrQztJQUN0QyxFQUFFLEVBQUUsT0FBTztJQUNYLEVBQUUsRUFBRSxZQUFZO0lBQ2hCLEVBQUUsRUFBRSx1QkFBdUI7SUFDM0IsRUFBRSxFQUFFLGNBQWM7SUFDbEIsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsUUFBUTtJQUNaLEVBQUUsRUFBRSxZQUFZO0lBQ2hCLEVBQUUsRUFBRSxjQUFjO0lBQ2xCLEVBQUUsRUFBRSxXQUFXO0lBQ2YsRUFBRSxFQUFFLDJCQUEyQjtJQUMvQixFQUFFLEVBQUUsVUFBVTtJQUNkLEVBQUUsRUFBRSxVQUFVO0lBQ2QsRUFBRSxFQUFFLGlCQUFpQjtJQUNyQixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxjQUFjO0lBQ2xCLEVBQUUsRUFBRSw4Q0FBOEM7SUFDbEQsRUFBRSxFQUFFLGFBQWE7SUFDakIsRUFBRSxFQUFFLE9BQU87SUFDWCxFQUFFLEVBQUUsV0FBVztJQUNmLEVBQUUsRUFBRSxPQUFPO0lBQ1gsRUFBRSxFQUFFLFVBQVU7SUFDZCxFQUFFLEVBQUUsd0JBQXdCO0lBQzVCLEVBQUUsRUFBRSxXQUFXO0lBQ2YsRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsYUFBYTtJQUNqQixFQUFFLEVBQUUsc0JBQXNCO0lBQzFCLEVBQUUsRUFBRSwyQkFBMkI7SUFDL0IsRUFBRSxFQUFFLFlBQVk7SUFDaEIsRUFBRSxFQUFFLDhCQUE4QjtJQUNsQyxFQUFFLEVBQUUsVUFBVTtJQUNkLEVBQUUsRUFBRSxhQUFhO0lBQ2pCLEVBQUUsRUFBRSxNQUFNO0lBQ1YsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsT0FBTztJQUNYLEVBQUUsRUFBRSxxQkFBcUI7SUFDekIsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsUUFBUTtJQUNaLEVBQUUsRUFBRSxjQUFjO0lBQ2xCLEVBQUUsRUFBRSwwQkFBMEI7SUFDOUIsRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsUUFBUTtJQUNaLEVBQUUsRUFBRSxTQUFTO0lBQ2IsRUFBRSxFQUFFLHNCQUFzQjtJQUMxQixFQUFFLEVBQUUsZ0JBQWdCO0lBQ3BCLEVBQUUsRUFBRSxlQUFlO0lBQ25CLEVBQUUsRUFBRSxzQ0FBc0M7SUFDMUMsRUFBRSxFQUFFLFNBQVM7SUFDYixFQUFFLEVBQUUsWUFBWTtJQUNoQixFQUFFLEVBQUUsU0FBUztJQUNiLEVBQUUsRUFBRSxtQ0FBbUM7SUFDdkMsRUFBRSxFQUFFLFVBQVU7SUFDZCxFQUFFLEVBQUUseUJBQXlCO0lBQzdCLEVBQUUsRUFBRSxzQkFBc0I7SUFDMUIsRUFBRSxFQUFFLG1CQUFtQjtJQUN2QixFQUFFLEVBQUUsZ0JBQWdCO0lBQ3BCLEVBQUUsRUFBRSxPQUFPO0lBQ1gsRUFBRSxFQUFFLFFBQVE7SUFDWixFQUFFLEVBQUUsVUFBVTtDQUNkLENBQUE7QUFFRCxTQUFnQixrQkFBa0IsQ0FBQyxXQUFtQjtJQUNyRCxPQUFPLENBQUMsV0FBVyxDQUFDLFdBQVcsRUFBRSxJQUFJLFNBQVMsQ0FBQyxDQUFBO0FBQ2hELENBQUMifQ==

package/lib/server/utils/keep-alive.d.ts

@@ -0,0 +1,7 @@
+import { Logger } from 'pino';
+import { WebSocket } from 'ws';
+/**
+ * Adds a keep-alive mechanism to the WebSocket
+ * client
+ */
+export declare function addKeepAlive(ws: WebSocket, logger: Logger): void;

package/lib/server/utils/keep-alive.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.addKeepAlive = addKeepAlive;
+const config_1 = require("src/config");
+/**
+ * Adds a keep-alive mechanism to the WebSocket
+ * client
+ */
+function addKeepAlive(ws, logger) {
+    let sendTimeout;
+    let killTimeout;
+    ws.on('message', () => {
+        logger.trace('data recv, resetting timer');
+        resetTimer();
+    });
+    ws.on('pong', () => {
+        logger.trace('pong received, resetting timer');
+        resetTimer();
+    });
+    ws.on('error', cleanup);
+    ws.on('close', cleanup);
+    function resetTimer() {
+        cleanup();
+        resetSendTimeout();
+        killTimeout = setTimeout(() => {
+            logger.warn('no data received in a while, closing connection');
+            ws.close();
+        }, config_1.MAX_NO_DATA_INTERVAL_MS);
+    }
+    function resetSendTimeout() {
+        // reset ping
+        sendTimeout = setTimeout(() => {
+            ws.ping();
+            resetSendTimeout();
+        }, config_1.PING_INTERVAL_MS);
+    }
+    function cleanup() {
+        clearTimeout(killTimeout);
+        clearTimeout(sendTimeout);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2VlcC1hbGl2ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9zZXJ2ZXIvdXRpbHMva2VlcC1hbGl2ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQVFBLG9DQXdDQztBQS9DRCx1Q0FBc0U7QUFHdEU7OztHQUdHO0FBQ0gsU0FBZ0IsWUFBWSxDQUFDLEVBQWEsRUFBRSxNQUFjO0lBQ3pELElBQUksV0FBMkIsQ0FBQTtJQUMvQixJQUFJLFdBQTJCLENBQUE7SUFFL0IsRUFBRSxDQUFDLEVBQUUsQ0FBQyxTQUFTLEVBQUUsR0FBRyxFQUFFO1FBQ3JCLE1BQU0sQ0FBQyxLQUFLLENBQUMsNEJBQTRCLENBQUMsQ0FBQTtRQUMxQyxVQUFVLEVBQUUsQ0FBQTtJQUNiLENBQUMsQ0FBQyxDQUFBO0lBQ0YsRUFBRSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsR0FBRyxFQUFFO1FBQ2xCLE1BQU0sQ0FBQyxLQUFLLENBQUMsZ0NBQWdDLENBQUMsQ0FBQTtRQUM5QyxVQUFVLEVBQUUsQ0FBQTtJQUNiLENBQUMsQ0FBQyxDQUFBO0lBRUYsRUFBRSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUE7SUFDdkIsRUFBRSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUE7SUFFdkIsU0FBUyxVQUFVO1FBQ2xCLE9BQU8sRUFBRSxDQUFBO1FBQ1QsZ0JBQWdCLEVBQUUsQ0FBQTtRQUVsQixXQUFXLEdBQUcsVUFBVSxDQUFDLEdBQUcsRUFBRTtZQUM3QixNQUFNLENBQUMsSUFBSSxDQUNWLGlEQUFpRCxDQUNqRCxDQUFBO1lBQ0QsRUFBRSxDQUFDLEtBQUssRUFBRSxDQUFBO1FBQ1gsQ0FBQyxFQUFFLGdDQUF1QixDQUFDLENBQUE7SUFDNUIsQ0FBQztJQUVELFNBQVMsZ0JBQWdCO1FBQ3hCLGFBQWE7UUFDYixXQUFXLEdBQUcsVUFBVSxDQUFDLEdBQUcsRUFBRTtZQUM3QixFQUFFLENBQUMsSUFBSSxFQUFFLENBQUE7WUFDVCxnQkFBZ0IsRUFBRSxDQUFBO1FBQ25CLENBQUMsRUFBRSx5QkFBZ0IsQ0FBQyxDQUFBO0lBQ3JCLENBQUM7SUFFRCxTQUFTLE9BQU87UUFDZixZQUFZLENBQUMsV0FBVyxDQUFDLENBQUE7UUFDekIsWUFBWSxDQUFDLFdBQVcsQ0FBQyxDQUFBO0lBQzFCLENBQUM7QUFDRixDQUFDIn0=

package/lib/server/utils/process-handshake.d.ts

@@ -0,0 +1,13 @@
+import { ClaimTunnelRequest } from 'src/proto/api';
+import { Logger } from 'src/types';
+/**
+ * Verifies server cert chain and removes handshake messages from transcript
+ * @param receipt
+ * @param logger
+ */
+export declare function processHandshake(receipt: ClaimTunnelRequest['transcript'], logger: Logger): Promise<{
+    tlsVersion: "TLS1_3" | "TLS1_2";
+    cipherSuite: "TLS_CHACHA20_POLY1305_SHA256" | "TLS_AES_256_GCM_SHA384" | "TLS_AES_128_GCM_SHA256" | "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" | "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" | "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" | "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" | "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" | "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" | "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" | "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
+    hostname: string;
+    nextMsgIndex: number;
+}>;

package/lib/server/utils/process-handshake.js

@@ -0,0 +1,179 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.processHandshake = processHandshake;
+const tls_1 = require("@reclaimprotocol/tls");
+const parse_certificate_1 = require("@reclaimprotocol/tls/lib/utils/parse-certificate");
+const api_1 = require("src/proto/api");
+const utils_1 = require("src/utils");
+const RECORD_LENGTH_BYTES = 3;
+/**
+ * Verifies server cert chain and removes handshake messages from transcript
+ * @param receipt
+ * @param logger
+ */
+async function processHandshake(receipt, logger) {
+    //const handshakeMessages = extractHandshakeFromTranscript(receipt)
+    let currentPacketIdx = 0;
+    let readPacketIdx = 0;
+    let handshakeData;
+    let packetData;
+    const handshakeRawMessages = [];
+    const certificates = [];
+    let cipherSuite = undefined;
+    let tlsVersion = undefined;
+    let serverRandom = undefined;
+    let clientRandom = undefined;
+    let serverFinishedIdx = -1;
+    let clientFinishedIdx = -1;
+    let certVerified = false;
+    let hostname = undefined;
+    let clientChangeCipherSpecMsgIdx = -1;
+    let serverChangeCipherSpecMsgIdx = -1;
+    while ((packetData = await readPacket())) {
+        const { type, content } = packetData;
+        switch (type) {
+            case tls_1.SUPPORTED_RECORD_TYPE_MAP.CLIENT_HELLO:
+                const clientHello = (0, tls_1.parseClientHello)(handshakeRawMessages[0]);
+                clientRandom = clientHello.serverRandom;
+                const { SERVER_NAME: sni } = clientHello.extensions;
+                hostname = sni === null || sni === void 0 ? void 0 : sni.serverName;
+                if (!hostname) {
+                    throw new Error('client hello has no SNI');
+                }
+                break;
+            case tls_1.SUPPORTED_RECORD_TYPE_MAP.SERVER_HELLO:
+                const serverHello = await (0, tls_1.parseServerHello)(content);
+                cipherSuite = serverHello.cipherSuite;
+                tlsVersion = serverHello.serverTlsVersion;
+                serverRandom = serverHello.serverRandom;
+                logger.info({ serverTLSVersion: tlsVersion, cipherSuite }, 'extracted server hello params');
+                break;
+            case tls_1.SUPPORTED_RECORD_TYPE_MAP.CERTIFICATE:
+                const parseResult = (0, tls_1.parseCertificates)(content, { version: tlsVersion });
+                certificates.push(...parseResult.certificates);
+                break;
+            case tls_1.SUPPORTED_RECORD_TYPE_MAP.CERTIFICATE_VERIFY:
+                const signature = (0, tls_1.parseServerCertificateVerify)(content);
+                if (!(certificates === null || certificates === void 0 ? void 0 : certificates.length)) {
+                    throw new Error('No provider certificates received');
+                }
+                const signatureData = await (0, tls_1.getSignatureDataTls13)(handshakeRawMessages.slice(0, -1), cipherSuite);
+                await (0, tls_1.verifyCertificateSignature)({
+                    ...signature,
+                    publicKey: certificates[0].getPublicKey(),
+                    signatureData,
+                });
+                await (0, parse_certificate_1.verifyCertificateChain)(certificates, hostname);
+                logger.info({ host: hostname }, 'verified provider certificate chain');
+                certVerified = true;
+                break;
+            case tls_1.SUPPORTED_RECORD_TYPE_MAP.SERVER_KEY_SHARE:
+                if (!(certificates === null || certificates === void 0 ? void 0 : certificates.length)) {
+                    throw new Error('No provider certificates received');
+                }
+                const keyShare = await (0, tls_1.processServerKeyShare)(content);
+                const signatureData12 = await (0, tls_1.getSignatureDataTls12)({
+                    clientRandom: clientRandom,
+                    serverRandom: serverRandom,
+                    curveType: keyShare.publicKeyType,
+                    publicKey: keyShare.publicKey,
+                });
+                // verify signature
+                await (0, tls_1.verifyCertificateSignature)({
+                    signature: keyShare.signatureBytes,
+                    algorithm: keyShare.signatureAlgorithm,
+                    publicKey: certificates[0].getPublicKey(),
+                    signatureData: signatureData12,
+                });
+                await (0, parse_certificate_1.verifyCertificateChain)(certificates, hostname);
+                logger.info({ host: hostname }, 'verified provider certificate chain');
+                certVerified = true;
+                break;
+            case tls_1.SUPPORTED_RECORD_TYPE_MAP.FINISHED:
+                if (receipt[readPacketIdx].sender === api_1.TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT) {
+                    clientFinishedIdx = readPacketIdx;
+                }
+                else {
+                    serverFinishedIdx = readPacketIdx;
+                }
+                break;
+        }
+    }
+    if (!certVerified) {
+        throw new Error('No provider certificates received');
+    }
+    if (tlsVersion === 'TLS1_3' && serverFinishedIdx < 0) {
+        throw new Error('server finished message not found');
+    }
+    if (tlsVersion === 'TLS1_2' && (serverChangeCipherSpecMsgIdx < 0 || clientChangeCipherSpecMsgIdx < 0)) {
+        throw new Error('change cipher spec message not found');
+    }
+    async function readPacket() {
+        var _a;
+        if (currentPacketIdx > (receipt.length - 1)) {
+            return;
+        }
+        if (certVerified && serverFinishedIdx > 0 && clientFinishedIdx > 0) {
+            return;
+        }
+        readPacketIdx = currentPacketIdx;
+        if (!(handshakeData === null || handshakeData === void 0 ? void 0 : handshakeData.length)) {
+            const { message, reveal, sender } = receipt[currentPacketIdx];
+            const recordHeader = message.slice(0, 5);
+            const content = getWithoutHeader(message);
+            if (message[0] === tls_1.PACKET_TYPE['CHANGE_CIPHER_SPEC']) { //skip change cipher spec message
+                if (sender === api_1.TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT) {
+                    clientChangeCipherSpecMsgIdx = currentPacketIdx;
+                }
+                else {
+                    serverChangeCipherSpecMsgIdx = currentPacketIdx;
+                }
+                currentPacketIdx++;
+                return await readPacket();
+            }
+            if (message[0] === tls_1.PACKET_TYPE['WRAPPED_RECORD'] ||
+                (serverChangeCipherSpecMsgIdx > 0 && sender === api_1.TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_SERVER) ||
+                (clientChangeCipherSpecMsgIdx > 0 && sender === api_1.TranscriptMessageSenderType.TRANSCRIPT_MESSAGE_SENDER_TYPE_CLIENT)) { // encrypted
+                if (!tlsVersion || !cipherSuite) {
+                    throw new Error('Could not find cipherSuite to use');
+                }
+                if (!((_a = reveal === null || reveal === void 0 ? void 0 : reveal.directReveal) === null || _a === void 0 ? void 0 : _a.key)) {
+                    throw new Error('no direct reveal for handshake packet');
+                }
+                const { plaintext } = await (0, utils_1.decryptDirect)(reveal === null || reveal === void 0 ? void 0 : reveal.directReveal, cipherSuite, recordHeader, tlsVersion, content);
+                handshakeData = plaintext;
+                if (tlsVersion === 'TLS1_3') {
+                    handshakeData = handshakeData.slice(0, -1);
+                }
+            }
+            else {
+                handshakeData = content;
+            }
+        }
+        const type = handshakeData[0];
+        const content = (0, tls_1.readWithLength)(handshakeData.slice(1), RECORD_LENGTH_BYTES);
+        if (!content) {
+            logger.warn('missing bytes from packet');
+            return;
+        }
+        const totalLength = 1 + RECORD_LENGTH_BYTES + content.length;
+        handshakeRawMessages.push(handshakeData.slice(0, totalLength));
+        handshakeData = handshakeData.slice(totalLength);
+        if (!handshakeData.length) {
+            currentPacketIdx++;
+        }
+        return { type, content };
+    }
+    const nextMsgIndex = Math.max(serverFinishedIdx, clientFinishedIdx) + 1;
+    return {
+        tlsVersion: tlsVersion,
+        cipherSuite: cipherSuite,
+        hostname: hostname,
+        nextMsgIndex
+    };
+}
+function getWithoutHeader(message) {
+    // strip the record header (xx 03 03 xx xx)
+    return message.slice(5);
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicHJvY2Vzcy1oYW5kc2hha2UuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvc2VydmVyL3V0aWxzL3Byb2Nlc3MtaGFuZHNoYWtlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBNkJBLDRDQXlNQztBQXRPRCw4Q0FlNkI7QUFDN0Isd0ZBQXlGO0FBQ3pGLHVDQUErRTtBQUUvRSxxQ0FBeUM7QUFHekMsTUFBTSxtQkFBbUIsR0FBRyxDQUFDLENBQUE7QUFFN0I7Ozs7R0FJRztBQUNJLEtBQUssVUFBVSxnQkFBZ0IsQ0FBQyxPQUF5QyxFQUFFLE1BQWM7SUFDL0YsbUVBQW1FO0lBQ25FLElBQUksZ0JBQWdCLEdBQUcsQ0FBQyxDQUFBO0lBQ3hCLElBQUksYUFBYSxHQUFHLENBQUMsQ0FBQTtJQUNyQixJQUFJLGFBQXlCLENBQUE7SUFDN0IsSUFBSSxVQUFrRCxDQUFBO0lBQ3RELE1BQU0sb0JBQW9CLEdBQWlCLEVBQUUsQ0FBQTtJQUM3QyxNQUFNLFlBQVksR0FBc0IsRUFBRSxDQUFBO0lBQzFDLElBQUksV0FBVyxHQUE0QixTQUFTLENBQUE7SUFDcEQsSUFBSSxVQUFVLEdBQW1DLFNBQVMsQ0FBQTtJQUMxRCxJQUFJLFlBQVksR0FBMkIsU0FBUyxDQUFBO0lBQ3BELElBQUksWUFBWSxHQUEyQixTQUFTLENBQUE7SUFDcEQsSUFBSSxpQkFBaUIsR0FBRyxDQUFDLENBQUMsQ0FBQTtJQUMxQixJQUFJLGlCQUFpQixHQUFHLENBQUMsQ0FBQyxDQUFBO0lBQzFCLElBQUksWUFBWSxHQUFHLEtBQUssQ0FBQTtJQUN4QixJQUFJLFFBQVEsR0FBdUIsU0FBUyxDQUFBO0lBQzVDLElBQUksNEJBQTRCLEdBQUcsQ0FBQyxDQUFDLENBQUE7SUFDckMsSUFBSSw0QkFBNEIsR0FBRyxDQUFDLENBQUMsQ0FBQTtJQUNyQyxPQUFNLENBQUMsVUFBVSxHQUFHLE1BQU0sVUFBVSxFQUFFLENBQUMsRUFBRSxDQUFDO1FBQ3pDLE1BQU0sRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLEdBQUcsVUFBVSxDQUFBO1FBRXBDLFFBQVEsSUFBSSxFQUFFLENBQUM7WUFDZixLQUFLLCtCQUF5QixDQUFDLFlBQVk7Z0JBQzFDLE1BQU0sV0FBVyxHQUFHLElBQUEsc0JBQWdCLEVBQUMsb0JBQW9CLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtnQkFDN0QsWUFBWSxHQUFHLFdBQVcsQ0FBQyxZQUFZLENBQUE7Z0JBQ3ZDLE1BQU0sRUFBRSxXQUFXLEVBQUUsR0FBRyxFQUFFLEdBQUcsV0FBVyxDQUFDLFVBQVUsQ0FBQTtnQkFDbkQsUUFBUSxHQUFHLEdBQUcsYUFBSCxHQUFHLHVCQUFILEdBQUcsQ0FBRSxVQUFVLENBQUE7Z0JBQzFCLElBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztvQkFDZCxNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixDQUFDLENBQUE7Z0JBQzNDLENBQUM7Z0JBRUQsTUFBSztZQUdOLEtBQUssK0JBQXlCLENBQUMsWUFBWTtnQkFDMUMsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFBLHNCQUFnQixFQUFDLE9BQU8sQ0FBQyxDQUFBO2dCQUNuRCxXQUFXLEdBQUcsV0FBVyxDQUFDLFdBQVcsQ0FBQTtnQkFDckMsVUFBVSxHQUFHLFdBQVcsQ0FBQyxnQkFBZ0IsQ0FBQTtnQkFDekMsWUFBWSxHQUFHLFdBQVcsQ0FBQyxZQUFZLENBQUE7Z0JBQ3ZDLE1BQU0sQ0FBQyxJQUFJLENBQ1YsRUFBRSxnQkFBZ0IsRUFBRSxVQUFVLEVBQUUsV0FBVyxFQUFFLEVBQzdDLCtCQUErQixDQUMvQixDQUFBO2dCQUNELE1BQUs7WUFHTixLQUFLLCtCQUF5QixDQUFDLFdBQVc7Z0JBQ3pDLE1BQU0sV0FBVyxHQUFHLElBQUEsdUJBQWlCLEVBQUMsT0FBTyxFQUFFLEVBQUUsT0FBTyxFQUFDLFVBQVcsRUFBRSxDQUFDLENBQUE7Z0JBQ3ZFLFlBQVksQ0FBQyxJQUFJLENBQUMsR0FBRyxXQUFXLENBQUMsWUFBWSxDQUFDLENBQUE7Z0JBQzlDLE1BQUs7WUFFTixLQUFLLCtCQUF5QixDQUFDLGtCQUFrQjtnQkFDaEQsTUFBTSxTQUFTLEdBQUcsSUFBQSxrQ0FBNEIsRUFBQyxPQUFPLENBQUMsQ0FBQTtnQkFDdkQsSUFBRyxDQUFDLENBQUEsWUFBWSxhQUFaLFlBQVksdUJBQVosWUFBWSxDQUFFLE1BQU0sQ0FBQSxFQUFFLENBQUM7b0JBQzFCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQTtnQkFDckQsQ0FBQztnQkFFRCxNQUFNLGFBQWEsR0FBRyxNQUFNLElBQUEsMkJBQXFCLEVBQ2hELG9CQUFvQixDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFDakIsV0FBWSxDQUM1QixDQUFBO2dCQUNELE1BQU0sSUFBQSxnQ0FBMEIsRUFBQztvQkFDaEMsR0FBRyxTQUFTO29CQUNaLFNBQVMsRUFBRSxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsWUFBWSxFQUFFO29CQUN6QyxhQUFhO2lCQUNiLENBQUMsQ0FBQTtnQkFDRixNQUFNLElBQUEsMENBQXNCLEVBQUMsWUFBWSxFQUFFLFFBQVMsQ0FBQyxDQUFBO2dCQUNyRCxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsSUFBSSxFQUFDLFFBQVEsRUFBRSxFQUFFLHFDQUFxQyxDQUFDLENBQUE7Z0JBQ3JFLFlBQVksR0FBRyxJQUFJLENBQUE7Z0JBQ25CLE1BQUs7WUFHTixLQUFLLCtCQUF5QixDQUFDLGdCQUFnQjtnQkFDOUMsSUFBRyxDQUFDLENBQUEsWUFBWSxhQUFaLFlBQVksdUJBQVosWUFBWSxDQUFFLE1BQU0sQ0FBQSxFQUFFLENBQUM7b0JBQzFCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQTtnQkFDckQsQ0FBQztnQkFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUEsMkJBQXFCLEVBQUMsT0FBTyxDQUFDLENBQUE7Z0JBQ3JELE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBQSwyQkFBcUIsRUFDbEQ7b0JBQ0MsWUFBWSxFQUFFLFlBQWE7b0JBQzNCLFlBQVksRUFBRSxZQUFhO29CQUMzQixTQUFTLEVBQUUsUUFBUSxDQUFDLGFBQWE7b0JBQ2pDLFNBQVMsRUFBRSxRQUFRLENBQUMsU0FBUztpQkFDN0IsQ0FDRCxDQUFBO2dCQUNELG1CQUFtQjtnQkFDbkIsTUFBTSxJQUFBLGdDQUEwQixFQUFDO29CQUNoQyxTQUFTLEVBQUUsUUFBUSxDQUFDLGNBQWM7b0JBQ2xDLFNBQVMsRUFBRSxRQUFRLENBQUMsa0JBQWtCO29CQUN0QyxTQUFTLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLFlBQVksRUFBRTtvQkFDekMsYUFBYSxFQUFFLGVBQWU7aUJBQzlCLENBQUMsQ0FBQTtnQkFDRixNQUFNLElBQUEsMENBQXNCLEVBQUMsWUFBWSxFQUFFLFFBQVMsQ0FBQyxDQUFBO2dCQUNyRCxNQUFNLENBQUMsSUFBSSxDQUFDLEVBQUUsSUFBSSxFQUFDLFFBQVEsRUFBRSxFQUFFLHFDQUFxQyxDQUFDLENBQUE7Z0JBQ3JFLFlBQVksR0FBRyxJQUFJLENBQUE7Z0JBQ25CLE1BQUs7WUFHTixLQUFLLCtCQUF5QixDQUFDLFFBQVE7Z0JBQ3RDLElBQUcsT0FBTyxDQUFDLGFBQWEsQ0FBQyxDQUFDLE1BQU0sS0FBSyxpQ0FBMkIsQ0FBQyxxQ0FBcUMsRUFBRSxDQUFDO29CQUN4RyxpQkFBaUIsR0FBRyxhQUFhLENBQUE7Z0JBQ2xDLENBQUM7cUJBQU0sQ0FBQztvQkFDUCxpQkFBaUIsR0FBRyxhQUFhLENBQUE7Z0JBQ2xDLENBQUM7Z0JBRUQsTUFBSztRQUNOLENBQUM7SUFDRixDQUFDO0lBRUQsSUFBRyxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQ2xCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQTtJQUNyRCxDQUFDO0lBRUQsSUFBRyxVQUFVLEtBQUssUUFBUSxJQUFJLGlCQUFpQixHQUFHLENBQUMsRUFBRSxDQUFDO1FBQ3JELE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQTtJQUNyRCxDQUFDO0lBRUQsSUFBRyxVQUFVLEtBQUssUUFBUSxJQUFJLENBQUMsNEJBQTRCLEdBQUcsQ0FBQyxJQUFJLDRCQUE0QixHQUFHLENBQUMsQ0FBQyxFQUFFLENBQUM7UUFDdEcsTUFBTSxJQUFJLEtBQUssQ0FBQyxzQ0FBc0MsQ0FBQyxDQUFBO0lBQ3hELENBQUM7SUFHRCxLQUFLLFVBQVUsVUFBVTs7UUFDeEIsSUFBRyxnQkFBZ0IsR0FBRyxDQUFDLE9BQU8sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUM1QyxPQUFNO1FBQ1AsQ0FBQztRQUVELElBQUcsWUFBWSxJQUFJLGlCQUFpQixHQUFHLENBQUMsSUFBSSxpQkFBaUIsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNuRSxPQUFNO1FBQ1AsQ0FBQztRQUVELGFBQWEsR0FBRyxnQkFBZ0IsQ0FBQTtRQUNoQyxJQUFHLENBQUMsQ0FBQSxhQUFhLGFBQWIsYUFBYSx1QkFBYixhQUFhLENBQUUsTUFBTSxDQUFBLEVBQUUsQ0FBQztZQUMzQixNQUFNLEVBQUUsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsR0FBRyxPQUFPLENBQUMsZ0JBQWdCLENBQUMsQ0FBQTtZQUM3RCxNQUFNLFlBQVksR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQTtZQUN4QyxNQUFNLE9BQU8sR0FBRyxnQkFBZ0IsQ0FBQyxPQUFPLENBQUMsQ0FBQTtZQUV6QyxJQUFHLE9BQU8sQ0FBQyxDQUFDLENBQUMsS0FBSyxpQkFBVyxDQUFDLG9CQUFvQixDQUFDLEVBQUUsQ0FBQyxDQUFDLGlDQUFpQztnQkFFdkYsSUFBRyxNQUFNLEtBQUssaUNBQTJCLENBQUMscUNBQXFDLEVBQUUsQ0FBQztvQkFDakYsNEJBQTRCLEdBQUcsZ0JBQWdCLENBQUE7Z0JBQ2hELENBQUM7cUJBQU0sQ0FBQztvQkFDUCw0QkFBNEIsR0FBRyxnQkFBZ0IsQ0FBQTtnQkFDaEQsQ0FBQztnQkFFRCxnQkFBZ0IsRUFBRSxDQUFBO2dCQUNsQixPQUFPLE1BQU0sVUFBVSxFQUFFLENBQUE7WUFDMUIsQ0FBQztZQUdELElBQUcsT0FBTyxDQUFDLENBQUMsQ0FBQyxLQUFLLGlCQUFXLENBQUMsZ0JBQWdCLENBQUM7Z0JBQzlDLENBQUMsNEJBQTRCLEdBQUcsQ0FBQyxJQUFJLE1BQU0sS0FBSyxpQ0FBMkIsQ0FBQyxxQ0FBcUMsQ0FBQztnQkFDbEgsQ0FBQyw0QkFBNEIsR0FBRyxDQUFDLElBQUksTUFBTSxLQUFLLGlDQUEyQixDQUFDLHFDQUFxQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLFlBQVk7Z0JBRWxJLElBQUcsQ0FBQyxVQUFVLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztvQkFDaEMsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQ0FBbUMsQ0FBQyxDQUFBO2dCQUNyRCxDQUFDO2dCQUVELElBQUcsQ0FBQyxDQUFBLE1BQUEsTUFBTSxhQUFOLE1BQU0sdUJBQU4sTUFBTSxDQUFFLFlBQVksMENBQUUsR0FBRyxDQUFBLEVBQUUsQ0FBQztvQkFDL0IsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFBO2dCQUN6RCxDQUFDO2dCQUdELE1BQU0sRUFBRSxTQUFTLEVBQUUsR0FBRyxNQUFNLElBQUEscUJBQWEsRUFBQyxNQUFNLGFBQU4sTUFBTSx1QkFBTixNQUFNLENBQUUsWUFBWSxFQUFFLFdBQVcsRUFBRSxZQUFZLEVBQUUsVUFBVSxFQUFFLE9BQU8sQ0FBQyxDQUFBO2dCQUMvRyxhQUFhLEdBQUcsU0FBUyxDQUFBO2dCQUV6QixJQUFHLFVBQVUsS0FBSyxRQUFRLEVBQUUsQ0FBQztvQkFDNUIsYUFBYSxHQUFHLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUE7Z0JBQzNDLENBQUM7WUFDRixDQUFDO2lCQUFNLENBQUM7Z0JBQ1AsYUFBYSxHQUFHLE9BQU8sQ0FBQTtZQUN4QixDQUFDO1FBQ0YsQ0FBQztRQUdELE1BQU0sSUFBSSxHQUFHLGFBQWEsQ0FBQyxDQUFDLENBQUMsQ0FBQTtRQUM3QixNQUFNLE9BQU8sR0FBRyxJQUFBLG9CQUFjLEVBQUMsYUFBYSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxtQkFBbUIsQ0FBQyxDQUFBO1FBQzNFLElBQUcsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNiLE1BQU0sQ0FBQyxJQUFJLENBQUMsMkJBQTJCLENBQUMsQ0FBQTtZQUN4QyxPQUFNO1FBQ1AsQ0FBQztRQUVELE1BQU0sV0FBVyxHQUFHLENBQUMsR0FBRyxtQkFBbUIsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFBO1FBQzVELG9CQUFvQixDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxXQUFXLENBQUMsQ0FBQyxDQUFBO1FBQzlELGFBQWEsR0FBRyxhQUFhLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFBO1FBQ2hELElBQUcsQ0FBQyxhQUFhLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDMUIsZ0JBQWdCLEVBQUUsQ0FBQTtRQUNuQixDQUFDO1FBRUQsT0FBTyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsQ0FBQTtJQUN6QixDQUFDO0lBRUQsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxpQkFBaUIsRUFBRSxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsQ0FBQTtJQUV2RSxPQUFPO1FBQ04sVUFBVSxFQUFFLFVBQVc7UUFDdkIsV0FBVyxFQUFFLFdBQVk7UUFDekIsUUFBUSxFQUFFLFFBQVM7UUFDbkIsWUFBWTtLQUNaLENBQUE7QUFDRixDQUFDO0FBRUQsU0FBUyxnQkFBZ0IsQ0FBQyxPQUFtQjtJQUM1QywyQ0FBMkM7SUFDM0MsT0FBTyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFBO0FBQ3hCLENBQUMifQ==

package/lib/server/utils/verify-server-certificates.d.ts

@@ -0,0 +1,7 @@
+import { IDecryptedTranscript } from 'src/types';
+/**
+ * Verifies server cert chain and removes handshake messages from transcript, returning new one
+ * @param receipt
+ * @param logger
+ */
+export declare function verifyServerCertificates(receipt: IDecryptedTranscript, logger: any): Promise<IDecryptedTranscript>;

package/lib/server/utils/verify-server-certificates.js

@@ -0,0 +1,102 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verifyServerCertificates = verifyServerCertificates;
+const tls_1 = require("@reclaimprotocol/tls");
+const parse_certificate_1 = require("@reclaimprotocol/tls/lib/utils/parse-certificate");
+const utils_1 = require("src/utils");
+const RECORD_LENGTH_BYTES = 3;
+/**
+ * Verifies server cert chain and removes handshake messages from transcript, returning new one
+ * @param receipt
+ * @param logger
+ */
+async function verifyServerCertificates(receipt, logger) {
+    const handshakeMsgs = (0, utils_1.extractHandshakeFromTranscript)(receipt);
+    let handshakeData = (0, tls_1.concatenateUint8Arrays)(handshakeMsgs.messages.map(m => m.message));
+    let packetData;
+    const handshakeRawMessages = [];
+    const certificates = [];
+    let cipherSuite = undefined;
+    let serverRandom = undefined;
+    let clientRandom = undefined;
+    let certVerified = false;
+    while ((packetData = readPacket()) && !certVerified) {
+        const { type, content } = packetData;
+        switch (type) {
+            case tls_1.SUPPORTED_RECORD_TYPE_MAP.CLIENT_HELLO:
+                const clientHello = (0, tls_1.parseClientHello)(handshakeRawMessages[0]);
+                clientRandom = clientHello.serverRandom;
+                break;
+            case tls_1.SUPPORTED_RECORD_TYPE_MAP.SERVER_HELLO:
+                const serverHello = await (0, tls_1.parseServerHello)(content);
+                cipherSuite = serverHello.cipherSuite;
+                serverRandom = serverHello.serverRandom;
+                break;
+            case tls_1.SUPPORTED_RECORD_TYPE_MAP.CERTIFICATE:
+                const parseResult = (0, tls_1.parseCertificates)(content, { version: receipt.tlsVersion });
+                certificates.push(...parseResult.certificates);
+                break;
+            case tls_1.SUPPORTED_RECORD_TYPE_MAP.CERTIFICATE_VERIFY:
+                const signature = (0, tls_1.parseServerCertificateVerify)(content);
+                if (!(certificates === null || certificates === void 0 ? void 0 : certificates.length)) {
+                    throw new Error('No provider certificates received');
+                }
+                const signatureData = await (0, tls_1.getSignatureDataTls13)(handshakeRawMessages.slice(0, -1), cipherSuite);
+                await (0, tls_1.verifyCertificateSignature)({
+                    ...signature,
+                    publicKey: certificates[0].getPublicKey(),
+                    signatureData,
+                });
+                await (0, parse_certificate_1.verifyCertificateChain)(certificates, receipt.hostname);
+                logger.info({ host: receipt.hostname }, 'verified provider certificate chain');
+                certVerified = true;
+                break;
+            case tls_1.SUPPORTED_RECORD_TYPE_MAP.SERVER_KEY_SHARE:
+                if (!(certificates === null || certificates === void 0 ? void 0 : certificates.length)) {
+                    throw new Error('No provider certificates received');
+                }
+                const keyShare = await (0, tls_1.processServerKeyShare)(content);
+                const signatureData12 = await (0, tls_1.getSignatureDataTls12)({
+                    clientRandom: clientRandom,
+                    serverRandom: serverRandom,
+                    curveType: keyShare.publicKeyType,
+                    publicKey: keyShare.publicKey,
+                });
+                // verify signature
+                await (0, tls_1.verifyCertificateSignature)({
+                    signature: keyShare.signatureBytes,
+                    algorithm: keyShare.signatureAlgorithm,
+                    publicKey: certificates[0].getPublicKey(),
+                    signatureData: signatureData12,
+                });
+                await (0, parse_certificate_1.verifyCertificateChain)(certificates, receipt.hostname);
+                logger.info({ host: receipt.hostname }, 'verified provider certificate chain');
+                certVerified = true;
+                break;
+        }
+    }
+    if (!certVerified) {
+        throw new Error('No provider certificates received');
+    }
+    function readPacket() {
+        if (!handshakeData.length) {
+            return;
+        }
+        const type = handshakeData[0];
+        const content = (0, tls_1.readWithLength)(handshakeData.slice(1), RECORD_LENGTH_BYTES);
+        if (!content) {
+            logger.warn('missing bytes from packet');
+            return;
+        }
+        const totalLength = 1 + RECORD_LENGTH_BYTES + content.length;
+        handshakeRawMessages.push(handshakeData.slice(0, totalLength));
+        handshakeData = handshakeData.slice(totalLength);
+        return { type, content };
+    }
+    return {
+        tlsVersion: receipt.tlsVersion,
+        hostname: receipt.hostname,
+        transcript: receipt.transcript.slice(handshakeMsgs.lastMsgIndex)
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidmVyaWZ5LXNlcnZlci1jZXJ0aWZpY2F0ZXMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvc2VydmVyL3V0aWxzL3ZlcmlmeS1zZXJ2ZXItY2VydGlmaWNhdGVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBbUJBLDREQWdIQztBQW5JRCw4Q0FNNkI7QUFDN0Isd0ZBQXlGO0FBRXpGLHFDQUEwRDtBQUcxRCxNQUFNLG1CQUFtQixHQUFHLENBQUMsQ0FBQTtBQUU3Qjs7OztHQUlHO0FBQ0ksS0FBSyxVQUFVLHdCQUF3QixDQUFDLE9BQTZCLEVBQUUsTUFBTTtJQUNuRixNQUFNLGFBQWEsR0FBRyxJQUFBLHNDQUE4QixFQUFDLE9BQU8sQ0FBQyxDQUFBO0lBQzdELElBQUksYUFBYSxHQUFHLElBQUEsNEJBQXNCLEVBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQTtJQUN0RixJQUFJLFVBQXlDLENBQUE7SUFDN0MsTUFBTSxvQkFBb0IsR0FBaUIsRUFBRSxDQUFBO0lBQzdDLE1BQU0sWUFBWSxHQUFzQixFQUFFLENBQUE7SUFDMUMsSUFBSSxXQUFXLEdBQTRCLFNBQVMsQ0FBQTtJQUNwRCxJQUFJLFlBQVksR0FBMkIsU0FBUyxDQUFBO0lBQ3BELElBQUksWUFBWSxHQUEyQixTQUFTLENBQUE7SUFFcEQsSUFBSSxZQUFZLEdBQUcsS0FBSyxDQUFBO0lBQ3hCLE9BQU0sQ0FBQyxVQUFVLEdBQUcsVUFBVSxFQUFFLENBQUMsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQ3BELE1BQU0sRUFBRSxJQUFJLEVBQUUsT0FBTyxFQUFFLEdBQUcsVUFBVSxDQUFBO1FBRXBDLFFBQVEsSUFBSSxFQUFFLENBQUM7WUFDZixLQUFLLCtCQUF5QixDQUFDLFlBQVk7Z0JBQzFDLE1BQU0sV0FBVyxHQUFHLElBQUEsc0JBQWdCLEVBQUMsb0JBQW9CLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQTtnQkFDN0QsWUFBWSxHQUFHLFdBQVcsQ0FBQyxZQUFZLENBQUE7Z0JBQ3ZDLE1BQUs7WUFHTixLQUFLLCtCQUF5QixDQUFDLFlBQVk7Z0JBQzFDLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBQSxzQkFBZ0IsRUFBQyxPQUFPLENBQUMsQ0FBQTtnQkFDbkQsV0FBVyxHQUFHLFdBQVcsQ0FBQyxXQUFXLENBQUE7Z0JBQ3JDLFlBQVksR0FBRyxXQUFXLENBQUMsWUFBWSxDQUFBO2dCQUN2QyxNQUFLO1lBR04sS0FBSywrQkFBeUIsQ0FBQyxXQUFXO2dCQUN6QyxNQUFNLFdBQVcsR0FBRyxJQUFBLHVCQUFpQixFQUFDLE9BQU8sRUFBRSxFQUFFLE9BQU8sRUFBQyxPQUFPLENBQUMsVUFBVSxFQUFFLENBQUMsQ0FBQTtnQkFDOUUsWUFBWSxDQUFDLElBQUksQ0FBQyxHQUFHLFdBQVcsQ0FBQyxZQUFZLENBQUMsQ0FBQTtnQkFDOUMsTUFBSztZQUVOLEtBQUssK0JBQXlCLENBQUMsa0JBQWtCO2dCQUNoRCxNQUFNLFNBQVMsR0FBRyxJQUFBLGtDQUE0QixFQUFDLE9BQU8sQ0FBQyxDQUFBO2dCQUN2RCxJQUFHLENBQUMsQ0FBQSxZQUFZLGFBQVosWUFBWSx1QkFBWixZQUFZLENBQUUsTUFBTSxDQUFBLEVBQUUsQ0FBQztvQkFDMUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQ0FBbUMsQ0FBQyxDQUFBO2dCQUNyRCxDQUFDO2dCQUVELE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBQSwyQkFBcUIsRUFDaEQsb0JBQW9CLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUNqQyxXQUFZLENBQ1osQ0FBQTtnQkFDRCxNQUFNLElBQUEsZ0NBQTBCLEVBQUM7b0JBQ2hDLEdBQUcsU0FBUztvQkFDWixTQUFTLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLFlBQVksRUFBRTtvQkFDekMsYUFBYTtpQkFDYixDQUFDLENBQUE7Z0JBQ0YsTUFBTSxJQUFBLDBDQUFzQixFQUFDLFlBQVksRUFBRSxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUE7Z0JBQzVELE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxJQUFJLEVBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxFQUFFLHFDQUFxQyxDQUFDLENBQUE7Z0JBQzdFLFlBQVksR0FBRyxJQUFJLENBQUE7Z0JBQ25CLE1BQUs7WUFHTixLQUFLLCtCQUF5QixDQUFDLGdCQUFnQjtnQkFDOUMsSUFBRyxDQUFDLENBQUEsWUFBWSxhQUFaLFlBQVksdUJBQVosWUFBWSxDQUFFLE1BQU0sQ0FBQSxFQUFFLENBQUM7b0JBQzFCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQTtnQkFDckQsQ0FBQztnQkFFRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUEsMkJBQXFCLEVBQUMsT0FBTyxDQUFDLENBQUE7Z0JBQ3JELE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBQSwyQkFBcUIsRUFDbEQ7b0JBQ0MsWUFBWSxFQUFFLFlBQWE7b0JBQzNCLFlBQVksRUFBRSxZQUFhO29CQUMzQixTQUFTLEVBQUUsUUFBUSxDQUFDLGFBQWE7b0JBQ2pDLFNBQVMsRUFBRSxRQUFRLENBQUMsU0FBUztpQkFDN0IsQ0FDRCxDQUFBO2dCQUNELG1CQUFtQjtnQkFDbkIsTUFBTSxJQUFBLGdDQUEwQixFQUFDO29CQUNoQyxTQUFTLEVBQUUsUUFBUSxDQUFDLGNBQWM7b0JBQ2xDLFNBQVMsRUFBRSxRQUFRLENBQUMsa0JBQWtCO29CQUN0QyxTQUFTLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLFlBQVksRUFBRTtvQkFDekMsYUFBYSxFQUFFLGVBQWU7aUJBQzlCLENBQUMsQ0FBQTtnQkFDRixNQUFNLElBQUEsMENBQXNCLEVBQUMsWUFBWSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQTtnQkFDNUQsTUFBTSxDQUFDLElBQUksQ0FBQyxFQUFFLElBQUksRUFBQyxPQUFPLENBQUMsUUFBUSxFQUFFLEVBQUUscUNBQXFDLENBQUMsQ0FBQTtnQkFDN0UsWUFBWSxHQUFHLElBQUksQ0FBQTtnQkFDbkIsTUFBSztRQUNOLENBQUM7SUFFRixDQUFDO0lBRUQsSUFBRyxDQUFDLFlBQVksRUFBRSxDQUFDO1FBQ2xCLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQTtJQUNyRCxDQUFDO0lBR0QsU0FBUyxVQUFVO1FBQ2xCLElBQUcsQ0FBQyxhQUFhLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDMUIsT0FBTTtRQUNQLENBQUM7UUFFRCxNQUFNLElBQUksR0FBRyxhQUFhLENBQUMsQ0FBQyxDQUFDLENBQUE7UUFDN0IsTUFBTSxPQUFPLEdBQUcsSUFBQSxvQkFBYyxFQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsbUJBQW1CLENBQUMsQ0FBQTtRQUMzRSxJQUFHLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixNQUFNLENBQUMsSUFBSSxDQUFDLDJCQUEyQixDQUFDLENBQUE7WUFDeEMsT0FBTTtRQUNQLENBQUM7UUFFRCxNQUFNLFdBQVcsR0FBRyxDQUFDLEdBQUcsbUJBQW1CLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQTtRQUM1RCxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsV0FBVyxDQUFDLENBQUMsQ0FBQTtRQUM5RCxhQUFhLEdBQUcsYUFBYSxDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsQ0FBQTtRQUVoRCxPQUFPLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxDQUFBO0lBQ3pCLENBQUM7SUFFRCxPQUFPO1FBQ04sVUFBVSxFQUFDLE9BQU8sQ0FBQyxVQUFVO1FBQzdCLFFBQVEsRUFBQyxPQUFPLENBQUMsUUFBUTtRQUN6QixVQUFVLEVBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsYUFBYSxDQUFDLFlBQVksQ0FBQztLQUMvRCxDQUFBO0FBQ0YsQ0FBQyJ9