@reclaimprotocol/attestor-core 4.0.0 → 4.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/avs/tests/test.operator.js +4 -4
- package/lib/client/create-claim.js +28 -14
- package/lib/client/tunnels/make-rpc-tcp-tunnel.js +3 -3
- package/lib/client/tunnels/make-rpc-tls-tunnel.js +3 -3
- package/lib/client/utils/client-socket.d.ts +2 -2
- package/lib/client/utils/client-socket.js +14 -8
- package/lib/client/utils/message-handler.js +5 -4
- package/lib/config/index.d.ts +6 -2
- package/lib/config/index.js +6 -4
- package/lib/index.d.ts +1 -0
- package/lib/index.js +2 -1
- package/lib/mechain/abis/governanceABI.d.ts +50 -0
- package/lib/mechain/abis/governanceABI.js +462 -0
- package/lib/mechain/abis/taskABI.d.ts +157 -0
- package/lib/mechain/abis/taskABI.js +513 -0
- package/lib/mechain/client/create-claim-on-mechain.d.ts +10 -0
- package/lib/mechain/client/create-claim-on-mechain.js +32 -0
- package/lib/mechain/client/index.d.ts +1 -0
- package/lib/mechain/client/index.js +18 -0
- package/lib/mechain/constants/index.d.ts +3 -0
- package/lib/mechain/constants/index.js +7 -0
- package/lib/mechain/index.d.ts +2 -0
- package/lib/mechain/index.js +19 -0
- package/lib/mechain/types/index.d.ts +23 -0
- package/lib/mechain/types/index.js +3 -0
- package/lib/proto/api.d.ts +16 -0
- package/lib/proto/api.js +194 -2
- package/lib/providers/http/index.js +45 -12
- package/lib/scripts/check-avs-registration.js +2 -2
- package/lib/scripts/generate-provider-types.js +2 -2
- package/lib/scripts/generate-toprf-keys.js +2 -2
- package/lib/scripts/register-avs-operator.js +2 -2
- package/lib/scripts/start-server.js +10 -3
- package/lib/scripts/update-avs-metadata.js +2 -2
- package/lib/scripts/verify-root-ca.js +2 -2
- package/lib/scripts/whitelist-operator.js +2 -2
- package/lib/server/handlers/claimTunnel.js +2 -2
- package/lib/server/handlers/createTaskOnMechain.d.ts +2 -0
- package/lib/server/handlers/createTaskOnMechain.js +52 -0
- package/lib/server/handlers/createTunnel.js +3 -3
- package/lib/server/handlers/index.js +3 -1
- package/lib/server/socket.js +11 -12
- package/lib/server/tunnels/make-tcp-tunnel.js +15 -8
- package/lib/server/utils/apm.js +8 -4
- package/lib/server/utils/assert-valid-claim-request.d.ts +2 -2
- package/lib/server/utils/assert-valid-claim-request.js +14 -11
- package/lib/tests/test.claim-creation.js +2 -2
- package/lib/tests/test.http-provider-utils.js +383 -230
- package/lib/tests/test.http-provider.js +30 -2
- package/lib/tests/test.rpc-tunnel.js +10 -6
- package/lib/tests/test.zk.d.ts +1 -1
- package/lib/tests/test.zk.js +127 -9
- package/lib/types/client.d.ts +2 -2
- package/lib/types/providers.d.ts +18 -3
- package/lib/types/providers.gen.d.ts +2 -3
- package/lib/types/providers.gen.js +2 -2
- package/lib/types/tunnel.d.ts +2 -2
- package/lib/types/zk.d.ts +0 -1
- package/lib/utils/http-parser.d.ts +4 -0
- package/lib/utils/http-parser.js +6 -3
- package/lib/utils/socket-base.js +2 -1
- package/lib/utils/zk.d.ts +1 -1
- package/lib/utils/zk.js +94 -55
- package/lib/window-rpc/setup-window-rpc.js +32 -1
- package/lib/window-rpc/types.d.ts +14 -1
- package/lib/window-rpc/utils.js +2 -2
- package/package.json +4 -3
- package/lib/providers/httpb64/index.d.ts +0 -3
- package/lib/providers/httpb64/index.js +0 -209
- package/lib/providers/httpb64/utils.d.ts +0 -77
- package/lib/providers/httpb64/utils.js +0 -358
- package/lib/server/utils/verify-server-certificates.d.ts +0 -7
- package/lib/server/utils/verify-server-certificates.js +0 -101
|
@@ -1,358 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
// noinspection ExceptionCaughtLocallyJS
|
|
3
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
-
exports.extractHTMLElement = extractHTMLElement;
|
|
5
|
-
exports.extractHTMLElements = extractHTMLElements;
|
|
6
|
-
exports.extractHTMLElementIndex = extractHTMLElementIndex;
|
|
7
|
-
exports.extractHTMLElementsIndexes = extractHTMLElementsIndexes;
|
|
8
|
-
exports.extractJSONValueIndex = extractJSONValueIndex;
|
|
9
|
-
exports.extractJSONValueIndexes = extractJSONValueIndexes;
|
|
10
|
-
exports.buildHeaders = buildHeaders;
|
|
11
|
-
exports.convertResponsePosToAbsolutePos = convertResponsePosToAbsolutePos;
|
|
12
|
-
exports.getRedactionsForChunkHeaders = getRedactionsForChunkHeaders;
|
|
13
|
-
exports.parseHttpResponse = parseHttpResponse;
|
|
14
|
-
exports.makeRegex = makeRegex;
|
|
15
|
-
exports.matchRedactedStrings = matchRedactedStrings;
|
|
16
|
-
exports.generateRequstAndResponseFromTranscript = generateRequstAndResponseFromTranscript;
|
|
17
|
-
const tls_1 = require("@reclaimprotocol/tls");
|
|
18
|
-
const esprima_next_1 = require("esprima-next");
|
|
19
|
-
const jsonpath_plus_1 = require("jsonpath-plus");
|
|
20
|
-
const utils_1 = require("../../utils");
|
|
21
|
-
let RE2;
|
|
22
|
-
try {
|
|
23
|
-
RE2 = require('re2');
|
|
24
|
-
if (!Object.keys(RE2).length) {
|
|
25
|
-
RE2 = undefined;
|
|
26
|
-
throw new Error();
|
|
27
|
-
}
|
|
28
|
-
}
|
|
29
|
-
catch (_a) {
|
|
30
|
-
console.log('RE2 not found. Using standard regex');
|
|
31
|
-
}
|
|
32
|
-
let jsd;
|
|
33
|
-
if (typeof window !== 'undefined') {
|
|
34
|
-
// @ts-ignore
|
|
35
|
-
jsd = window.jsdom;
|
|
36
|
-
}
|
|
37
|
-
else {
|
|
38
|
-
jsd = require('jsdom');
|
|
39
|
-
}
|
|
40
|
-
/**
|
|
41
|
-
* Returns only first extracted element
|
|
42
|
-
* @param html
|
|
43
|
-
* @param xpathExpression
|
|
44
|
-
* @param contentsOnly
|
|
45
|
-
*/
|
|
46
|
-
function extractHTMLElement(html, xpathExpression, contentsOnly) {
|
|
47
|
-
const { start, end } = extractHTMLElementIndex(html, xpathExpression, contentsOnly);
|
|
48
|
-
return html.slice(start, end);
|
|
49
|
-
}
|
|
50
|
-
/**
|
|
51
|
-
* Returns all extracted elements
|
|
52
|
-
* @param html
|
|
53
|
-
* @param xpathExpression
|
|
54
|
-
* @param contentsOnly
|
|
55
|
-
*/
|
|
56
|
-
function extractHTMLElements(html, xpathExpression, contentsOnly) {
|
|
57
|
-
const indexes = extractHTMLElementsIndexes(html, xpathExpression, contentsOnly);
|
|
58
|
-
const res = [];
|
|
59
|
-
for (const { start, end } of indexes) {
|
|
60
|
-
res.push(html.slice(start, end));
|
|
61
|
-
}
|
|
62
|
-
return res;
|
|
63
|
-
}
|
|
64
|
-
/**
|
|
65
|
-
* returns a single index of extracted element
|
|
66
|
-
* @param html
|
|
67
|
-
* @param xpathExpression
|
|
68
|
-
* @param contentsOnly
|
|
69
|
-
*/
|
|
70
|
-
function extractHTMLElementIndex(html, xpathExpression, contentsOnly) {
|
|
71
|
-
return extractHTMLElementsIndexes(html, xpathExpression, contentsOnly)[0];
|
|
72
|
-
}
|
|
73
|
-
/**
|
|
74
|
-
* Returns indexes of all extracted elements
|
|
75
|
-
* @param html
|
|
76
|
-
* @param xpathExpression
|
|
77
|
-
* @param contentsOnly
|
|
78
|
-
*/
|
|
79
|
-
function extractHTMLElementsIndexes(html, xpathExpression, contentsOnly) {
|
|
80
|
-
const dom = new jsd.JSDOM(html, {
|
|
81
|
-
contentType: 'text/html',
|
|
82
|
-
includeNodeLocations: true
|
|
83
|
-
});
|
|
84
|
-
const document = dom.window.document;
|
|
85
|
-
const xpathResult = document.evaluate(xpathExpression, document, null, dom.window.XPathResult.ORDERED_NODE_SNAPSHOT_TYPE, null);
|
|
86
|
-
const nodes = [];
|
|
87
|
-
if ((xpathResult === null || xpathResult === void 0 ? void 0 : xpathResult.resultType) === dom.window.XPathResult.ORDERED_NODE_SNAPSHOT_TYPE &&
|
|
88
|
-
(xpathResult === null || xpathResult === void 0 ? void 0 : xpathResult.snapshotLength)) {
|
|
89
|
-
for (let i = 0; i < xpathResult.snapshotLength; ++i) {
|
|
90
|
-
nodes.push(xpathResult.snapshotItem(i));
|
|
91
|
-
}
|
|
92
|
-
}
|
|
93
|
-
if (!nodes.length) {
|
|
94
|
-
throw new Error(`Failed to find XPath: "${xpathExpression}"`);
|
|
95
|
-
}
|
|
96
|
-
const res = [];
|
|
97
|
-
for (const node of nodes) {
|
|
98
|
-
const nodeLocation = dom.nodeLocation(node);
|
|
99
|
-
if (!nodeLocation) {
|
|
100
|
-
throw new Error(`Failed to find XPath node location: "${xpathExpression}"`);
|
|
101
|
-
}
|
|
102
|
-
if (contentsOnly) {
|
|
103
|
-
const start = nodeLocation.startTag ? nodeLocation.startTag.endOffset : nodeLocation.startOffset;
|
|
104
|
-
const end = nodeLocation.endTag ? nodeLocation.endTag.startOffset : nodeLocation.endOffset;
|
|
105
|
-
res.push({ start, end });
|
|
106
|
-
}
|
|
107
|
-
else {
|
|
108
|
-
res.push({ start: nodeLocation.startOffset, end: nodeLocation.endOffset });
|
|
109
|
-
}
|
|
110
|
-
}
|
|
111
|
-
return res;
|
|
112
|
-
}
|
|
113
|
-
function extractJSONValueIndex(json, jsonPath) {
|
|
114
|
-
return extractJSONValueIndexes(json, jsonPath)[0];
|
|
115
|
-
}
|
|
116
|
-
function extractJSONValueIndexes(json, jsonPath) {
|
|
117
|
-
const pointers = (0, jsonpath_plus_1.JSONPath)({
|
|
118
|
-
path: jsonPath,
|
|
119
|
-
json: JSON.parse(json),
|
|
120
|
-
wrap: false,
|
|
121
|
-
resultType: 'pointer',
|
|
122
|
-
eval: 'safe',
|
|
123
|
-
// @ts-ignore
|
|
124
|
-
ignoreEvalErrors: true
|
|
125
|
-
});
|
|
126
|
-
if (!pointers) {
|
|
127
|
-
throw new Error('jsonPath not found');
|
|
128
|
-
}
|
|
129
|
-
const tree = (0, esprima_next_1.parseScript)('(' + json + ')', { range: true }); //wrap in parentheses for esprima to parse
|
|
130
|
-
if (tree.body[0] instanceof esprima_next_1.ExpressionStatement
|
|
131
|
-
&& (tree.body[0].expression instanceof esprima_next_1.ObjectExpression || tree.body[0].expression instanceof esprima_next_1.ArrayExpression)) {
|
|
132
|
-
const traversePointers = Array.isArray(pointers) ? pointers : [pointers];
|
|
133
|
-
const res = [];
|
|
134
|
-
for (const pointer of traversePointers) {
|
|
135
|
-
const index = traverse(tree.body[0].expression, '', [pointer]);
|
|
136
|
-
if (index) {
|
|
137
|
-
res.push({
|
|
138
|
-
start: index.start - 1, //account for '('
|
|
139
|
-
end: index.end - 1,
|
|
140
|
-
});
|
|
141
|
-
}
|
|
142
|
-
}
|
|
143
|
-
return res;
|
|
144
|
-
}
|
|
145
|
-
throw new Error('jsonPath not found');
|
|
146
|
-
}
|
|
147
|
-
/**
|
|
148
|
-
* recursively go through AST tree and build a JSON path while it's not equal to the one we search for
|
|
149
|
-
* @param o - esprima expression for root object
|
|
150
|
-
* @param path - path that is being built
|
|
151
|
-
* @param pointers - JSON pointers to compare to
|
|
152
|
-
*/
|
|
153
|
-
function traverse(o, path, pointers) {
|
|
154
|
-
if (o instanceof esprima_next_1.ObjectExpression) {
|
|
155
|
-
for (const p of o.properties) {
|
|
156
|
-
if (!(p instanceof esprima_next_1.Property)) {
|
|
157
|
-
continue;
|
|
158
|
-
}
|
|
159
|
-
const localPath = p.key.type === esprima_next_1.Syntax.Literal
|
|
160
|
-
? path + '/' + p.key.value
|
|
161
|
-
: path;
|
|
162
|
-
if (pointers.includes(localPath) && 'range' in p && Array.isArray(p.range)) {
|
|
163
|
-
return {
|
|
164
|
-
start: p.range[0],
|
|
165
|
-
end: p.range[1],
|
|
166
|
-
};
|
|
167
|
-
}
|
|
168
|
-
if (p.value instanceof esprima_next_1.ObjectExpression
|
|
169
|
-
|| p.value instanceof esprima_next_1.ArrayExpression) {
|
|
170
|
-
const res = traverse(p.value, localPath, pointers);
|
|
171
|
-
if (res) {
|
|
172
|
-
return res;
|
|
173
|
-
}
|
|
174
|
-
}
|
|
175
|
-
}
|
|
176
|
-
}
|
|
177
|
-
if (o instanceof esprima_next_1.ArrayExpression) {
|
|
178
|
-
for (let i = 0; i < o.elements.length; i++) {
|
|
179
|
-
const element = o.elements[i];
|
|
180
|
-
if (!element) {
|
|
181
|
-
continue;
|
|
182
|
-
}
|
|
183
|
-
const localPath = path + '/' + i;
|
|
184
|
-
if (pointers.includes(localPath) &&
|
|
185
|
-
'range' in element &&
|
|
186
|
-
Array.isArray(element.range)) {
|
|
187
|
-
return {
|
|
188
|
-
start: element.range[0],
|
|
189
|
-
end: element.range[1],
|
|
190
|
-
};
|
|
191
|
-
}
|
|
192
|
-
if (element instanceof esprima_next_1.ObjectExpression) {
|
|
193
|
-
const res = traverse(element, localPath, pointers);
|
|
194
|
-
if (res) {
|
|
195
|
-
return res;
|
|
196
|
-
}
|
|
197
|
-
}
|
|
198
|
-
if (element instanceof esprima_next_1.ArrayExpression) {
|
|
199
|
-
const res = traverse(element, localPath, pointers);
|
|
200
|
-
if (res) {
|
|
201
|
-
return res;
|
|
202
|
-
}
|
|
203
|
-
}
|
|
204
|
-
}
|
|
205
|
-
}
|
|
206
|
-
return null;
|
|
207
|
-
}
|
|
208
|
-
function buildHeaders(input) {
|
|
209
|
-
const headers = [];
|
|
210
|
-
for (const [key, value] of Object.entries(input || {})) {
|
|
211
|
-
headers.push(`${key}: ${value}`);
|
|
212
|
-
}
|
|
213
|
-
return headers;
|
|
214
|
-
}
|
|
215
|
-
/**
|
|
216
|
-
* Converts position in HTTP response body to an absolute position in TLS transcript considering chunked encoding
|
|
217
|
-
* @param pos
|
|
218
|
-
* @param bodyStartIdx
|
|
219
|
-
* @param chunks
|
|
220
|
-
*/
|
|
221
|
-
function convertResponsePosToAbsolutePos(pos, bodyStartIdx, chunks) {
|
|
222
|
-
if (chunks === null || chunks === void 0 ? void 0 : chunks.length) {
|
|
223
|
-
let chunkBodyStart = 0;
|
|
224
|
-
for (const chunk of chunks) {
|
|
225
|
-
const chunkSize = chunk.toIndex - chunk.fromIndex;
|
|
226
|
-
if (pos >= chunkBodyStart && pos <= (chunkBodyStart + chunkSize)) {
|
|
227
|
-
return pos - chunkBodyStart + chunk.fromIndex;
|
|
228
|
-
}
|
|
229
|
-
chunkBodyStart += chunkSize;
|
|
230
|
-
}
|
|
231
|
-
throw new Error('position out of range');
|
|
232
|
-
}
|
|
233
|
-
return bodyStartIdx + pos;
|
|
234
|
-
}
|
|
235
|
-
/**
|
|
236
|
-
* Returns parts of response which contain chunk headers and must be redacted out
|
|
237
|
-
* of revealed response part
|
|
238
|
-
* @param from
|
|
239
|
-
* @param to
|
|
240
|
-
* @param chunks
|
|
241
|
-
*/
|
|
242
|
-
function getRedactionsForChunkHeaders(from, to, chunks) {
|
|
243
|
-
const res = [];
|
|
244
|
-
if (chunks === null || chunks === void 0 ? void 0 : chunks.length) {
|
|
245
|
-
for (let i = 1; i < (chunks === null || chunks === void 0 ? void 0 : chunks.length); i++) {
|
|
246
|
-
if (chunks[i].fromIndex > from && chunks[i].fromIndex < to) {
|
|
247
|
-
res.push({ fromIndex: chunks[i - 1].toIndex, toIndex: chunks[i].fromIndex });
|
|
248
|
-
}
|
|
249
|
-
}
|
|
250
|
-
}
|
|
251
|
-
return res;
|
|
252
|
-
}
|
|
253
|
-
function parseHttpResponse(buff) {
|
|
254
|
-
const parser = (0, utils_1.makeHttpResponseParser)();
|
|
255
|
-
parser.onChunk(buff);
|
|
256
|
-
parser.streamEnded();
|
|
257
|
-
return parser.res;
|
|
258
|
-
}
|
|
259
|
-
function makeRegex(str) {
|
|
260
|
-
if (RE2 !== undefined) {
|
|
261
|
-
return RE2(str, 'sgiu');
|
|
262
|
-
}
|
|
263
|
-
return new RegExp(str, 'sgi');
|
|
264
|
-
}
|
|
265
|
-
const TEMPLATE_START_CHARCODE = '{'.charCodeAt(0);
|
|
266
|
-
const TEMPLATE_END_CHARCODE = '}'.charCodeAt(0);
|
|
267
|
-
/**
|
|
268
|
-
* Try to match strings that contain templates like {{param}}
|
|
269
|
-
* against redacted string that has *** instead of that param
|
|
270
|
-
*/
|
|
271
|
-
function matchRedactedStrings(templateString, redactedString) {
|
|
272
|
-
if (templateString.length === 0 && (redactedString === null || redactedString === void 0 ? void 0 : redactedString.length) === 0) {
|
|
273
|
-
return true;
|
|
274
|
-
}
|
|
275
|
-
if (!redactedString) {
|
|
276
|
-
return false;
|
|
277
|
-
}
|
|
278
|
-
let ts = -1;
|
|
279
|
-
let rs = -1;
|
|
280
|
-
while (ts < templateString.length && rs < redactedString.length) {
|
|
281
|
-
let ct = getTChar();
|
|
282
|
-
let cr = getRChar();
|
|
283
|
-
if (ct !== cr) {
|
|
284
|
-
// only valid if param contains "{" & redacted contains "*"
|
|
285
|
-
if (ct === TEMPLATE_START_CHARCODE && cr === utils_1.REDACTION_CHAR_CODE) {
|
|
286
|
-
//check that the char after first "{" is also "{"
|
|
287
|
-
if (getTChar() !== TEMPLATE_START_CHARCODE) {
|
|
288
|
-
return false;
|
|
289
|
-
}
|
|
290
|
-
//look for first closing bracket
|
|
291
|
-
while (((ct = getTChar()) !== TEMPLATE_END_CHARCODE) && ct !== -1) {
|
|
292
|
-
}
|
|
293
|
-
//look for second closing bracket
|
|
294
|
-
while (((ct = getTChar()) !== TEMPLATE_END_CHARCODE) && ct !== -1) {
|
|
295
|
-
}
|
|
296
|
-
if (ct === -1) {
|
|
297
|
-
return false;
|
|
298
|
-
}
|
|
299
|
-
//find the end of redaction
|
|
300
|
-
while (((cr = getRChar()) === utils_1.REDACTION_CHAR_CODE) && cr !== -1) {
|
|
301
|
-
}
|
|
302
|
-
if (cr === -1) {
|
|
303
|
-
//if there's nothing after template too then both ended at the end of strings
|
|
304
|
-
return getTChar() === -1;
|
|
305
|
-
}
|
|
306
|
-
//rewind redacted string position back 1 char because we read one extra
|
|
307
|
-
rs--;
|
|
308
|
-
}
|
|
309
|
-
else {
|
|
310
|
-
return false;
|
|
311
|
-
}
|
|
312
|
-
}
|
|
313
|
-
}
|
|
314
|
-
function getTChar() {
|
|
315
|
-
ts++;
|
|
316
|
-
if (ts < templateString.length) {
|
|
317
|
-
return templateString[ts];
|
|
318
|
-
}
|
|
319
|
-
else {
|
|
320
|
-
return -1;
|
|
321
|
-
}
|
|
322
|
-
}
|
|
323
|
-
function getRChar() {
|
|
324
|
-
if (!redactedString) {
|
|
325
|
-
return -1;
|
|
326
|
-
}
|
|
327
|
-
rs++;
|
|
328
|
-
if (rs < redactedString.length) {
|
|
329
|
-
return redactedString[rs];
|
|
330
|
-
}
|
|
331
|
-
else {
|
|
332
|
-
return -1;
|
|
333
|
-
}
|
|
334
|
-
}
|
|
335
|
-
return ts === templateString.length && rs === redactedString.length;
|
|
336
|
-
}
|
|
337
|
-
function generateRequstAndResponseFromTranscript(transcript, tlsVersion) {
|
|
338
|
-
const allPackets = transcript;
|
|
339
|
-
const packets = [];
|
|
340
|
-
for (const b of allPackets) {
|
|
341
|
-
if (b.message.type !== 'ciphertext'
|
|
342
|
-
|| !(0, utils_1.isApplicationData)(b.message, tlsVersion)) {
|
|
343
|
-
continue;
|
|
344
|
-
}
|
|
345
|
-
const plaintext = tlsVersion === 'TLS1_3'
|
|
346
|
-
? b.message.plaintext.slice(0, -1)
|
|
347
|
-
: b.message.plaintext;
|
|
348
|
-
packets.push({
|
|
349
|
-
message: plaintext,
|
|
350
|
-
sender: b.sender
|
|
351
|
-
});
|
|
352
|
-
}
|
|
353
|
-
const req = (0, utils_1.getHttpRequestDataFromTranscript)(packets);
|
|
354
|
-
const responsePackets = (0, tls_1.concatenateUint8Arrays)(packets.filter(p => p.sender === 'server').map(p => p.message).filter(b => !b.every(b => b === utils_1.REDACTION_CHAR_CODE)));
|
|
355
|
-
const res = parseHttpResponse(responsePackets);
|
|
356
|
-
return { req, res };
|
|
357
|
-
}
|
|
358
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidXRpbHMuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcHJvdmlkZXJzL2h0dHBiNjQvdXRpbHMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLHdDQUF3Qzs7QUFpRHhDLGdEQU9DO0FBUUQsa0RBWUM7QUFRRCwwREFNQztBQVFELGdFQTRDQztBQUVELHNEQUVDO0FBRUQsMERBa0NDO0FBaUZELG9DQVFDO0FBUUQsMEVBa0JDO0FBU0Qsb0VBV0M7QUFFRCw4Q0FLQztBQUVELDhCQU1DO0FBU0Qsb0RBNEVDO0FBRUQsMEZBMEJDO0FBM2JELDhDQUE2RDtBQUM3RCwrQ0FRcUI7QUFDckIsaURBQXdDO0FBRXhDLHFDQUF1SjtBQVN2SixJQUFJLEdBQUcsQ0FBQTtBQUNQLElBQUksQ0FBQztJQUNKLEdBQUcsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUE7SUFDcEIsSUFBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDN0IsR0FBRyxHQUFHLFNBQVMsQ0FBQTtRQUNmLE1BQU0sSUFBSSxLQUFLLEVBQUUsQ0FBQTtJQUNsQixDQUFDO0FBQ0YsQ0FBQztBQUFDLFdBQUssQ0FBQztJQUNQLE9BQU8sQ0FBQyxHQUFHLENBQUMscUNBQXFDLENBQUMsQ0FBQTtBQUNuRCxDQUFDO0FBRUQsSUFBSSxHQUFHLENBQUE7QUFFUCxJQUFHLE9BQU8sTUFBTSxLQUFLLFdBQVcsRUFBRSxDQUFDO0lBQ2xDLGFBQWE7SUFDYixHQUFHLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQTtBQUNuQixDQUFDO0tBQU0sQ0FBQztJQUNQLEdBQUcsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUE7QUFDdkIsQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0gsU0FBZ0Isa0JBQWtCLENBQ2pDLElBQVksRUFDWixlQUF1QixFQUN2QixZQUFxQjtJQUVyQixNQUFNLEVBQUUsS0FBSyxFQUFFLEdBQUcsRUFBRSxHQUFHLHVCQUF1QixDQUFDLElBQUksRUFBRSxlQUFlLEVBQUUsWUFBWSxDQUFDLENBQUE7SUFDbkYsT0FBTyxJQUFJLENBQUMsS0FBSyxDQUFDLEtBQUssRUFBRSxHQUFHLENBQUMsQ0FBQTtBQUM5QixDQUFDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxTQUFnQixtQkFBbUIsQ0FDbEMsSUFBWSxFQUNaLGVBQXVCLEVBQ3ZCLFlBQXFCO0lBRXJCLE1BQU0sT0FBTyxHQUFHLDBCQUEwQixDQUFDLElBQUksRUFBRSxlQUFlLEVBQUUsWUFBWSxDQUFDLENBQUE7SUFDL0UsTUFBTSxHQUFHLEdBQWEsRUFBRSxDQUFBO0lBQ3hCLEtBQUksTUFBTSxFQUFFLEtBQUssRUFBRSxHQUFHLEVBQUUsSUFBSSxPQUFPLEVBQUUsQ0FBQztRQUNyQyxHQUFHLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUE7SUFDakMsQ0FBQztJQUVELE9BQU8sR0FBRyxDQUFBO0FBQ1gsQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0gsU0FBZ0IsdUJBQXVCLENBQ3RDLElBQVksRUFDWixlQUF1QixFQUN2QixZQUFxQjtJQUVyQixPQUFPLDBCQUEwQixDQUFDLElBQUksRUFBRSxlQUFlLEVBQUUsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUE7QUFDMUUsQ0FBQztBQUVEOzs7OztHQUtHO0FBQ0gsU0FBZ0IsMEJBQTBCLENBQ3pDLElBQVksRUFDWixlQUF1QixFQUN2QixZQUFxQjtJQUdyQixNQUFNLEdBQUcsR0FBRyxJQUFJLEdBQUcsQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFO1FBQy9CLFdBQVcsRUFBRSxXQUFXO1FBQ3hCLG9CQUFvQixFQUFFLElBQUk7S0FDMUIsQ0FBQyxDQUFBO0lBRUYsTUFBTSxRQUFRLEdBQUcsR0FBRyxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUE7SUFDcEMsTUFBTSxXQUFXLEdBQUcsUUFBUSxDQUFDLFFBQVEsQ0FBQyxlQUFlLEVBQUUsUUFBUSxFQUFFLElBQUksRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQywwQkFBMEIsRUFBRSxJQUFJLENBQUMsQ0FBQTtJQUMvSCxNQUFNLEtBQUssR0FBVyxFQUFFLENBQUE7SUFDeEIsSUFBRyxDQUFBLFdBQVcsYUFBWCxXQUFXLHVCQUFYLFdBQVcsQ0FBRSxVQUFVLE1BQUssR0FBRyxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsMEJBQTBCO1NBQy9FLFdBQVcsYUFBWCxXQUFXLHVCQUFYLFdBQVcsQ0FBRSxjQUFjLENBQUEsRUFBRSxDQUFDO1FBQzlCLEtBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxXQUFXLENBQUMsY0FBYyxFQUFFLEVBQUUsQ0FBQyxFQUFFLENBQUM7WUFDcEQsS0FBSyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUE7UUFDeEMsQ0FBQztJQUNGLENBQUM7SUFFRCxJQUFHLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ2xCLE1BQU0sSUFBSSxLQUFLLENBQUMsMEJBQTBCLGVBQWUsR0FBRyxDQUFDLENBQUE7SUFDOUQsQ0FBQztJQUdELE1BQU0sR0FBRyxHQUFxQyxFQUFFLENBQUE7SUFFaEQsS0FBSSxNQUFNLElBQUksSUFBSSxLQUFLLEVBQUUsQ0FBQztRQUN6QixNQUFNLFlBQVksR0FBRyxHQUFHLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxDQUFBO1FBQzNDLElBQUcsQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUNsQixNQUFNLElBQUksS0FBSyxDQUFDLHdDQUF3QyxlQUFlLEdBQUcsQ0FBQyxDQUFBO1FBQzVFLENBQUM7UUFFRCxJQUFHLFlBQVksRUFBRSxDQUFDO1lBQ2pCLE1BQU0sS0FBSyxHQUFHLFlBQVksQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLFlBQVksQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFBO1lBQ2hHLE1BQU0sR0FBRyxHQUFHLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLFlBQVksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxZQUFZLENBQUMsU0FBUyxDQUFBO1lBQzFGLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxLQUFLLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQTtRQUN6QixDQUFDO2FBQU0sQ0FBQztZQUNQLEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxLQUFLLEVBQUMsWUFBWSxDQUFDLFdBQVcsRUFBRSxHQUFHLEVBQUUsWUFBWSxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUE7UUFDMUUsQ0FBQztJQUNGLENBQUM7SUFFRCxPQUFPLEdBQUcsQ0FBQTtBQUNYLENBQUM7QUFFRCxTQUFnQixxQkFBcUIsQ0FBQyxJQUFZLEVBQUUsUUFBZ0I7SUFDbkUsT0FBTyx1QkFBdUIsQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUE7QUFDbEQsQ0FBQztBQUVELFNBQWdCLHVCQUF1QixDQUFDLElBQVksRUFBRSxRQUFnQjtJQUNyRSxNQUFNLFFBQVEsR0FBRyxJQUFBLHdCQUFRLEVBQUM7UUFDekIsSUFBSSxFQUFFLFFBQVE7UUFDZCxJQUFJLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUM7UUFDdEIsSUFBSSxFQUFFLEtBQUs7UUFDWCxVQUFVLEVBQUUsU0FBUztRQUNyQixJQUFJLEVBQUMsTUFBTTtRQUNYLGFBQWE7UUFDYixnQkFBZ0IsRUFBRSxJQUFJO0tBQ3RCLENBQUMsQ0FBQTtJQUNGLElBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUNkLE1BQU0sSUFBSSxLQUFLLENBQUMsb0JBQW9CLENBQUMsQ0FBQTtJQUN0QyxDQUFDO0lBRUQsTUFBTSxJQUFJLEdBQUcsSUFBQSwwQkFBVyxFQUFDLEdBQUcsR0FBRyxJQUFJLEdBQUcsR0FBRyxFQUFFLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUEsQ0FBQywwQ0FBMEM7SUFDdEcsSUFBRyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxZQUFZLGtDQUFtQjtXQUMxQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsVUFBVSxZQUFZLCtCQUFnQixJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsVUFBVSxZQUFZLDhCQUFlLENBQUMsRUFBRSxDQUFDO1FBRWpILE1BQU0sZ0JBQWdCLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxDQUFBO1FBQ3hFLE1BQU0sR0FBRyxHQUFxQyxFQUFFLENBQUE7UUFDaEQsS0FBSSxNQUFNLE9BQU8sSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3ZDLE1BQU0sS0FBSyxHQUFHLFFBQVEsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLFVBQVUsRUFBRSxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFBO1lBQzlELElBQUcsS0FBSyxFQUFFLENBQUM7Z0JBQ1YsR0FBRyxDQUFDLElBQUksQ0FBQztvQkFDUixLQUFLLEVBQUUsS0FBSyxDQUFDLEtBQUssR0FBRyxDQUFDLEVBQUUsaUJBQWlCO29CQUN6QyxHQUFHLEVBQUUsS0FBSyxDQUFDLEdBQUcsR0FBRyxDQUFDO2lCQUNsQixDQUFDLENBQUE7WUFDSCxDQUFDO1FBQ0YsQ0FBQztRQUVELE9BQU8sR0FBRyxDQUFBO0lBQ1gsQ0FBQztJQUVELE1BQU0sSUFBSSxLQUFLLENBQUMsb0JBQW9CLENBQUMsQ0FBQTtBQUN0QyxDQUFDO0FBRUQ7Ozs7O0dBS0c7QUFDSCxTQUFTLFFBQVEsQ0FDaEIsQ0FBYSxFQUNiLElBQVksRUFDWixRQUFrQjtJQUVsQixJQUFHLENBQUMsWUFBWSwrQkFBZ0IsRUFBRSxDQUFDO1FBQ2xDLEtBQUksTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLFVBQVUsRUFBRSxDQUFDO1lBQzdCLElBQUcsQ0FBQyxDQUFDLENBQUMsWUFBWSx1QkFBUSxDQUFDLEVBQUUsQ0FBQztnQkFDN0IsU0FBUTtZQUNULENBQUM7WUFFRCxNQUFNLFNBQVMsR0FBRyxDQUFDLENBQUMsR0FBRyxDQUFDLElBQUksS0FBSyxxQkFBTSxDQUFDLE9BQU87Z0JBQzlDLENBQUMsQ0FBQyxJQUFJLEdBQUcsR0FBRyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsS0FBSztnQkFDMUIsQ0FBQyxDQUFDLElBQUksQ0FBQTtZQUVQLElBQUcsUUFBUSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsSUFBSSxPQUFPLElBQUksQ0FBQyxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7Z0JBQzNFLE9BQU87b0JBQ04sS0FBSyxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO29CQUNqQixHQUFHLEVBQUUsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7aUJBQ2YsQ0FBQTtZQUNGLENBQUM7WUFFRCxJQUNDLENBQUMsQ0FBQyxLQUFLLFlBQVksK0JBQWdCO21CQUNoQyxDQUFDLENBQUMsS0FBSyxZQUFZLDhCQUFlLEVBQ3BDLENBQUM7Z0JBQ0YsTUFBTSxHQUFHLEdBQUcsUUFBUSxDQUFDLENBQUMsQ0FBQyxLQUFLLEVBQUUsU0FBUyxFQUFFLFFBQVEsQ0FBQyxDQUFBO2dCQUNsRCxJQUFHLEdBQUcsRUFBRSxDQUFDO29CQUNSLE9BQU8sR0FBRyxDQUFBO2dCQUNYLENBQUM7WUFDRixDQUFDO1FBQ0YsQ0FBQztJQUNGLENBQUM7SUFFRCxJQUFHLENBQUMsWUFBWSw4QkFBZSxFQUFFLENBQUM7UUFDakMsS0FBSSxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxRQUFRLENBQUMsTUFBTSxFQUFFLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDM0MsTUFBTSxPQUFPLEdBQUcsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQTtZQUM3QixJQUFHLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ2IsU0FBUTtZQUNULENBQUM7WUFFRCxNQUFNLFNBQVMsR0FBRyxJQUFJLEdBQUcsR0FBRyxHQUFHLENBQUMsQ0FBQTtZQUVoQyxJQUNDLFFBQVEsQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDO2dCQUNoQixPQUFPLElBQUksT0FBTztnQkFDbEIsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLEVBQ3ZDLENBQUM7Z0JBQ0YsT0FBTztvQkFDTixLQUFLLEVBQUUsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7b0JBQ3ZCLEdBQUcsRUFBRSxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztpQkFDckIsQ0FBQTtZQUNGLENBQUM7WUFFRCxJQUFHLE9BQU8sWUFBWSwrQkFBZ0IsRUFBRSxDQUFDO2dCQUN4QyxNQUFNLEdBQUcsR0FBRyxRQUFRLENBQUMsT0FBTyxFQUFFLFNBQVMsRUFBRSxRQUFRLENBQUMsQ0FBQTtnQkFDbEQsSUFBRyxHQUFHLEVBQUUsQ0FBQztvQkFDUixPQUFPLEdBQUcsQ0FBQTtnQkFDWCxDQUFDO1lBQ0YsQ0FBQztZQUVELElBQUcsT0FBTyxZQUFZLDhCQUFlLEVBQUUsQ0FBQztnQkFDdkMsTUFBTSxHQUFHLEdBQUcsUUFBUSxDQUFDLE9BQU8sRUFBRSxTQUFTLEVBQUUsUUFBUSxDQUFDLENBQUE7Z0JBQ2xELElBQUcsR0FBRyxFQUFFLENBQUM7b0JBQ1IsT0FBTyxHQUFHLENBQUE7Z0JBQ1gsQ0FBQztZQUNGLENBQUM7UUFDRixDQUFDO0lBQ0YsQ0FBQztJQUVELE9BQU8sSUFBSSxDQUFBO0FBQ1osQ0FBQztBQUVELFNBQWdCLFlBQVksQ0FBQyxLQUFvQztJQUNoRSxNQUFNLE9BQU8sR0FBYSxFQUFFLENBQUE7SUFFNUIsS0FBSSxNQUFNLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxJQUFJLEVBQUUsQ0FBQyxFQUFFLENBQUM7UUFDdkQsT0FBTyxDQUFDLElBQUksQ0FBQyxHQUFHLEdBQUcsS0FBSyxLQUFLLEVBQUUsQ0FBQyxDQUFBO0lBQ2pDLENBQUM7SUFFRCxPQUFPLE9BQU8sQ0FBQTtBQUNmLENBQUM7QUFFRDs7Ozs7R0FLRztBQUNILFNBQWdCLCtCQUErQixDQUFDLEdBQVcsRUFBRSxZQUFvQixFQUFFLE1BQXFCO0lBQ3ZHLElBQUcsTUFBTSxhQUFOLE1BQU0sdUJBQU4sTUFBTSxDQUFFLE1BQU0sRUFBRSxDQUFDO1FBQ25CLElBQUksY0FBYyxHQUFHLENBQUMsQ0FBQTtRQUN0QixLQUFJLE1BQU0sS0FBSyxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBRTNCLE1BQU0sU0FBUyxHQUFHLEtBQUssQ0FBQyxPQUFPLEdBQUcsS0FBSyxDQUFDLFNBQVMsQ0FBQTtZQUVqRCxJQUFHLEdBQUcsSUFBSSxjQUFjLElBQUksR0FBRyxJQUFJLENBQUMsY0FBYyxHQUFHLFNBQVMsQ0FBQyxFQUFFLENBQUM7Z0JBQ2pFLE9BQU8sR0FBRyxHQUFHLGNBQWMsR0FBRyxLQUFLLENBQUMsU0FBUyxDQUFBO1lBQzlDLENBQUM7WUFFRCxjQUFjLElBQUksU0FBUyxDQUFBO1FBQzVCLENBQUM7UUFFRCxNQUFNLElBQUksS0FBSyxDQUFDLHVCQUF1QixDQUFDLENBQUE7SUFDekMsQ0FBQztJQUVELE9BQU8sWUFBWSxHQUFHLEdBQUcsQ0FBQTtBQUMxQixDQUFDO0FBRUQ7Ozs7OztHQU1HO0FBQ0gsU0FBZ0IsNEJBQTRCLENBQUMsSUFBSSxFQUFFLEVBQVUsRUFBRSxNQUFxQjtJQUNuRixNQUFNLEdBQUcsR0FBaUIsRUFBRSxDQUFBO0lBQzVCLElBQUcsTUFBTSxhQUFOLE1BQU0sdUJBQU4sTUFBTSxDQUFFLE1BQU0sRUFBRSxDQUFDO1FBQ25CLEtBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsSUFBRyxNQUFNLGFBQU4sTUFBTSx1QkFBTixNQUFNLENBQUUsTUFBTSxDQUFBLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUN4QyxJQUFHLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLEdBQUcsSUFBSSxJQUFJLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLEdBQUcsRUFBRSxFQUFFLENBQUM7Z0JBQzNELEdBQUcsQ0FBQyxJQUFJLENBQUMsRUFBRSxTQUFTLEVBQUMsTUFBTSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxPQUFPLEVBQUUsT0FBTyxFQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFBO1lBQzNFLENBQUM7UUFDRixDQUFDO0lBQ0YsQ0FBQztJQUVELE9BQU8sR0FBRyxDQUFBO0FBQ1gsQ0FBQztBQUVELFNBQWdCLGlCQUFpQixDQUFDLElBQWdCO0lBQ2pELE1BQU0sTUFBTSxHQUFHLElBQUEsOEJBQXNCLEdBQUUsQ0FBQTtJQUN2QyxNQUFNLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFBO0lBQ3BCLE1BQU0sQ0FBQyxXQUFXLEVBQUUsQ0FBQTtJQUNwQixPQUFPLE1BQU0sQ0FBQyxHQUFHLENBQUE7QUFDbEIsQ0FBQztBQUVELFNBQWdCLFNBQVMsQ0FBQyxHQUFXO0lBQ3BDLElBQUcsR0FBRyxLQUFLLFNBQVMsRUFBRSxDQUFDO1FBQ3RCLE9BQU8sR0FBRyxDQUFDLEdBQUcsRUFBRSxNQUFNLENBQUMsQ0FBQTtJQUN4QixDQUFDO0lBRUQsT0FBTyxJQUFJLE1BQU0sQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLENBQUE7QUFDOUIsQ0FBQztBQUVELE1BQU0sdUJBQXVCLEdBQUcsR0FBRyxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQTtBQUNqRCxNQUFNLHFCQUFxQixHQUFHLEdBQUcsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUE7QUFFL0M7OztHQUdHO0FBQ0gsU0FBZ0Isb0JBQW9CLENBQUMsY0FBMEIsRUFBRSxjQUEyQjtJQUUzRixJQUFHLGNBQWMsQ0FBQyxNQUFNLEtBQUssQ0FBQyxJQUFJLENBQUEsY0FBYyxhQUFkLGNBQWMsdUJBQWQsY0FBYyxDQUFFLE1BQU0sTUFBSyxDQUFDLEVBQUUsQ0FBQztRQUNoRSxPQUFPLElBQUksQ0FBQTtJQUNaLENBQUM7SUFFRCxJQUFHLENBQUMsY0FBYyxFQUFFLENBQUM7UUFDcEIsT0FBTyxLQUFLLENBQUE7SUFDYixDQUFDO0lBRUQsSUFBSSxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUE7SUFDWCxJQUFJLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQTtJQUNYLE9BQU0sRUFBRSxHQUFHLGNBQWMsQ0FBQyxNQUFNLElBQUksRUFBRSxHQUFHLGNBQWMsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUNoRSxJQUFJLEVBQUUsR0FBRyxRQUFRLEVBQUUsQ0FBQTtRQUNuQixJQUFJLEVBQUUsR0FBRyxRQUFRLEVBQUUsQ0FBQTtRQUNuQixJQUFHLEVBQUUsS0FBSyxFQUFFLEVBQUUsQ0FBQztZQUNkLDJEQUEyRDtZQUMzRCxJQUFHLEVBQUUsS0FBSyx1QkFBdUIsSUFBSSxFQUFFLEtBQUssMkJBQW1CLEVBQUUsQ0FBQztnQkFDakUsaURBQWlEO2dCQUNqRCxJQUFHLFFBQVEsRUFBRSxLQUFLLHVCQUF1QixFQUFFLENBQUM7b0JBQzNDLE9BQU8sS0FBSyxDQUFBO2dCQUNiLENBQUM7Z0JBRUQsZ0NBQWdDO2dCQUNoQyxPQUFNLENBQUMsQ0FBQyxFQUFFLEdBQUcsUUFBUSxFQUFFLENBQUMsS0FBSyxxQkFBcUIsQ0FBQyxJQUFJLEVBQUUsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO2dCQUNuRSxDQUFDO2dCQUVELGlDQUFpQztnQkFDakMsT0FBTSxDQUFDLENBQUMsRUFBRSxHQUFHLFFBQVEsRUFBRSxDQUFDLEtBQUsscUJBQXFCLENBQUMsSUFBSSxFQUFFLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDbkUsQ0FBQztnQkFFRCxJQUFHLEVBQUUsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO29CQUNkLE9BQU8sS0FBSyxDQUFBO2dCQUNiLENBQUM7Z0JBRUQsMkJBQTJCO2dCQUMzQixPQUFNLENBQUMsQ0FBQyxFQUFFLEdBQUcsUUFBUSxFQUFFLENBQUMsS0FBSywyQkFBbUIsQ0FBQyxJQUFJLEVBQUUsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDO2dCQUNqRSxDQUFDO2dCQUVELElBQUcsRUFBRSxLQUFLLENBQUMsQ0FBQyxFQUFFLENBQUM7b0JBQ2QsNkVBQTZFO29CQUM3RSxPQUFPLFFBQVEsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFBO2dCQUN6QixDQUFDO2dCQUVELHVFQUF1RTtnQkFDdkUsRUFBRSxFQUFFLENBQUE7WUFDTCxDQUFDO2lCQUFNLENBQUM7Z0JBQ1AsT0FBTyxLQUFLLENBQUE7WUFDYixDQUFDO1FBQ0YsQ0FBQztJQUNGLENBQUM7SUFHRCxTQUFTLFFBQVE7UUFDaEIsRUFBRSxFQUFFLENBQUE7UUFDSixJQUFHLEVBQUUsR0FBRyxjQUFjLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDL0IsT0FBTyxjQUFjLENBQUMsRUFBRSxDQUFDLENBQUE7UUFDMUIsQ0FBQzthQUFNLENBQUM7WUFDUCxPQUFPLENBQUMsQ0FBQyxDQUFBO1FBQ1YsQ0FBQztJQUNGLENBQUM7SUFFRCxTQUFTLFFBQVE7UUFDaEIsSUFBRyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ3BCLE9BQU8sQ0FBQyxDQUFDLENBQUE7UUFDVixDQUFDO1FBRUQsRUFBRSxFQUFFLENBQUE7UUFDSixJQUFHLEVBQUUsR0FBRyxjQUFjLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDL0IsT0FBTyxjQUFjLENBQUMsRUFBRSxDQUFDLENBQUE7UUFDMUIsQ0FBQzthQUFNLENBQUM7WUFDUCxPQUFPLENBQUMsQ0FBQyxDQUFBO1FBQ1YsQ0FBQztJQUNGLENBQUM7SUFFRCxPQUFPLEVBQUUsS0FBSyxjQUFjLENBQUMsTUFBTSxJQUFJLEVBQUUsS0FBSyxjQUFjLENBQUMsTUFBTSxDQUFBO0FBQ3BFLENBQUM7QUFFRCxTQUFnQix1Q0FBdUMsQ0FBQyxVQUF5QyxFQUFFLFVBQWtCO0lBQ3BILE1BQU0sVUFBVSxHQUFHLFVBQVUsQ0FBQTtJQUU3QixNQUFNLE9BQU8sR0FBMkIsRUFBRSxDQUFBO0lBQzFDLEtBQUksTUFBTSxDQUFDLElBQUksVUFBVSxFQUFFLENBQUM7UUFDM0IsSUFBRyxDQUFDLENBQUMsT0FBTyxDQUFDLElBQUksS0FBSyxZQUFZO2VBQzlCLENBQUMsSUFBQSx5QkFBaUIsRUFBQyxDQUFDLENBQUMsT0FBTyxFQUFFLFVBQVUsQ0FBQyxFQUFFLENBQUM7WUFDL0MsU0FBUTtRQUNULENBQUM7UUFFRCxNQUFNLFNBQVMsR0FBRyxVQUFVLEtBQUssUUFBUTtZQUN4QyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztZQUNsQyxDQUFDLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUE7UUFFdEIsT0FBTyxDQUFDLElBQUksQ0FBQztZQUNaLE9BQU8sRUFBRSxTQUFTO1lBQ2xCLE1BQU0sRUFBRSxDQUFDLENBQUMsTUFBTTtTQUNoQixDQUFDLENBQUE7SUFDSCxDQUFDO0lBRUQsTUFBTSxHQUFHLEdBQUcsSUFBQSx3Q0FBZ0MsRUFBQyxPQUFPLENBQUMsQ0FBQTtJQUVyRCxNQUFNLGVBQWUsR0FBRyxJQUFBLDRCQUFzQixFQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxLQUFLLFFBQVEsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLEtBQUssMkJBQW1CLENBQUMsQ0FBQyxDQUFDLENBQUE7SUFDcEssTUFBTSxHQUFHLEdBQUcsaUJBQWlCLENBQUMsZUFBZSxDQUFDLENBQUE7SUFFOUMsT0FBTyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsQ0FBQTtBQUNwQixDQUFDIn0=
|
|
@@ -1,7 +0,0 @@
|
|
|
1
|
-
import { IDecryptedTranscript } from '../../types';
|
|
2
|
-
/**
|
|
3
|
-
* Verifies server cert chain and removes handshake messages from transcript, returning new one
|
|
4
|
-
* @param receipt
|
|
5
|
-
* @param logger
|
|
6
|
-
*/
|
|
7
|
-
export declare function verifyServerCertificates(receipt: IDecryptedTranscript, logger: any): Promise<IDecryptedTranscript>;
|
|
@@ -1,101 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.verifyServerCertificates = verifyServerCertificates;
|
|
4
|
-
const tls_1 = require("@reclaimprotocol/tls");
|
|
5
|
-
const parse_certificate_1 = require("@reclaimprotocol/tls/lib/utils/parse-certificate");
|
|
6
|
-
const utils_1 = require("../../utils");
|
|
7
|
-
const RECORD_LENGTH_BYTES = 3;
|
|
8
|
-
/**
|
|
9
|
-
* Verifies server cert chain and removes handshake messages from transcript, returning new one
|
|
10
|
-
* @param receipt
|
|
11
|
-
* @param logger
|
|
12
|
-
*/
|
|
13
|
-
async function verifyServerCertificates(receipt, logger) {
|
|
14
|
-
const handshakeMsgs = (0, utils_1.extractHandshakeFromTranscript)(receipt);
|
|
15
|
-
let handshakeData = (0, tls_1.concatenateUint8Arrays)(handshakeMsgs.messages.map(m => m.message));
|
|
16
|
-
let packetData;
|
|
17
|
-
const handshakeRawMessages = [];
|
|
18
|
-
const certificates = [];
|
|
19
|
-
let cipherSuite = undefined;
|
|
20
|
-
let serverRandom = undefined;
|
|
21
|
-
let clientRandom = undefined;
|
|
22
|
-
let certVerified = false;
|
|
23
|
-
while ((packetData = readPacket()) && !certVerified) {
|
|
24
|
-
const { type, content } = packetData;
|
|
25
|
-
switch (type) {
|
|
26
|
-
case tls_1.SUPPORTED_RECORD_TYPE_MAP.CLIENT_HELLO:
|
|
27
|
-
const clientHello = (0, tls_1.parseClientHello)(handshakeRawMessages[0]);
|
|
28
|
-
clientRandom = clientHello.serverRandom;
|
|
29
|
-
break;
|
|
30
|
-
case tls_1.SUPPORTED_RECORD_TYPE_MAP.SERVER_HELLO:
|
|
31
|
-
const serverHello = await (0, tls_1.parseServerHello)(content);
|
|
32
|
-
cipherSuite = serverHello.cipherSuite;
|
|
33
|
-
serverRandom = serverHello.serverRandom;
|
|
34
|
-
break;
|
|
35
|
-
case tls_1.SUPPORTED_RECORD_TYPE_MAP.CERTIFICATE:
|
|
36
|
-
const parseResult = (0, tls_1.parseCertificates)(content, { version: receipt.tlsVersion });
|
|
37
|
-
certificates.push(...parseResult.certificates);
|
|
38
|
-
break;
|
|
39
|
-
case tls_1.SUPPORTED_RECORD_TYPE_MAP.CERTIFICATE_VERIFY:
|
|
40
|
-
const signature = (0, tls_1.parseServerCertificateVerify)(content);
|
|
41
|
-
if (!(certificates === null || certificates === void 0 ? void 0 : certificates.length)) {
|
|
42
|
-
throw new Error('No provider certificates received');
|
|
43
|
-
}
|
|
44
|
-
const signatureData = await (0, tls_1.getSignatureDataTls13)(handshakeRawMessages.slice(0, -1), cipherSuite);
|
|
45
|
-
await (0, tls_1.verifyCertificateSignature)({
|
|
46
|
-
...signature,
|
|
47
|
-
publicKey: certificates[0].getPublicKey(),
|
|
48
|
-
signatureData,
|
|
49
|
-
});
|
|
50
|
-
await (0, parse_certificate_1.verifyCertificateChain)(certificates, receipt.hostname);
|
|
51
|
-
logger.info({ host: receipt.hostname }, 'verified provider certificate chain');
|
|
52
|
-
certVerified = true;
|
|
53
|
-
break;
|
|
54
|
-
case tls_1.SUPPORTED_RECORD_TYPE_MAP.SERVER_KEY_SHARE:
|
|
55
|
-
if (!(certificates === null || certificates === void 0 ? void 0 : certificates.length)) {
|
|
56
|
-
throw new Error('No provider certificates received');
|
|
57
|
-
}
|
|
58
|
-
const keyShare = await (0, tls_1.processServerKeyShare)(content);
|
|
59
|
-
const signatureData12 = await (0, tls_1.getSignatureDataTls12)({
|
|
60
|
-
clientRandom: clientRandom,
|
|
61
|
-
serverRandom: serverRandom,
|
|
62
|
-
curveType: keyShare.publicKeyType,
|
|
63
|
-
publicKey: keyShare.publicKey,
|
|
64
|
-
});
|
|
65
|
-
// verify signature
|
|
66
|
-
await (0, tls_1.verifyCertificateSignature)({
|
|
67
|
-
signature: keyShare.signatureBytes,
|
|
68
|
-
algorithm: keyShare.signatureAlgorithm,
|
|
69
|
-
publicKey: certificates[0].getPublicKey(),
|
|
70
|
-
signatureData: signatureData12,
|
|
71
|
-
});
|
|
72
|
-
await (0, parse_certificate_1.verifyCertificateChain)(certificates, receipt.hostname);
|
|
73
|
-
logger.info({ host: receipt.hostname }, 'verified provider certificate chain');
|
|
74
|
-
certVerified = true;
|
|
75
|
-
break;
|
|
76
|
-
}
|
|
77
|
-
}
|
|
78
|
-
if (!certVerified) {
|
|
79
|
-
throw new Error('No provider certificates received');
|
|
80
|
-
}
|
|
81
|
-
function readPacket() {
|
|
82
|
-
if (!handshakeData.length) {
|
|
83
|
-
return;
|
|
84
|
-
}
|
|
85
|
-
const type = handshakeData[0];
|
|
86
|
-
const content = (0, tls_1.readWithLength)(handshakeData.slice(1), RECORD_LENGTH_BYTES);
|
|
87
|
-
if (!content) {
|
|
88
|
-
logger.warn('missing bytes from packet');
|
|
89
|
-
return;
|
|
90
|
-
}
|
|
91
|
-
const totalLength = 1 + RECORD_LENGTH_BYTES + content.length;
|
|
92
|
-
handshakeRawMessages.push(handshakeData.slice(0, totalLength));
|
|
93
|
-
handshakeData = handshakeData.slice(totalLength);
|
|
94
|
-
return { type, content };
|
|
95
|
-
}
|
|
96
|
-
return {
|
|
97
|
-
tlsVersion: receipt.tlsVersion,
|
|
98
|
-
hostname: receipt.hostname,
|
|
99
|
-
transcript: receipt.transcript.slice(handshakeMsgs.lastMsgIndex)
|
|
100
|
-
};
|
|
101
|
-
}
|