@rockcarver/frodo-lib 2.0.0-73 → 2.0.0-74

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (233) hide show
  1. package/build.zip +0 -0
  2. package/cjs/ops/AuthenticateOps.js +38 -8
  3. package/cjs/ops/AuthenticateOps.js.map +1 -1
  4. package/cjs/ops/ConnectionProfileOps.js +9 -3
  5. package/cjs/ops/ConnectionProfileOps.js.map +1 -1
  6. package/cjs/ops/cloud/ServiceAccountOps.js +40 -0
  7. package/cjs/ops/cloud/ServiceAccountOps.js.map +1 -1
  8. package/cjs/shared/State.js +6 -0
  9. package/cjs/shared/State.js.map +1 -1
  10. package/docs/assets/search.js +1 -1
  11. package/docs/classes/FrodoError.html +2 -2
  12. package/docs/index.html +2 -2
  13. package/docs/interfaces/Reference.AdminFederationExportInterface.html +2 -2
  14. package/docs/interfaces/Reference.AgentExportInterface.html +2 -2
  15. package/docs/interfaces/Reference.ApplicationExportInterface.html +9 -9
  16. package/docs/interfaces/Reference.AuthenticationSettingsExportInterface.html +2 -2
  17. package/docs/interfaces/Reference.CirclesOfTrustExportInterface.html +2 -2
  18. package/docs/interfaces/Reference.ConfigEntityExportInterface.html +2 -2
  19. package/docs/interfaces/Reference.ConfigEntityImportOptions.html +3 -3
  20. package/docs/interfaces/Reference.ConnectionProfileInterface.html +3 -2
  21. package/docs/interfaces/Reference.ConnectionsFileInterface.html +1 -1
  22. package/docs/interfaces/Reference.ConnectorExportInterface.html +2 -2
  23. package/docs/interfaces/Reference.ConnectorExportOptions.html +4 -4
  24. package/docs/interfaces/Reference.ConnectorImportOptions.html +3 -3
  25. package/docs/interfaces/Reference.ConnectorServerStatusInterface.html +2 -2
  26. package/docs/interfaces/Reference.EmailTemplateExportInterface.html +2 -2
  27. package/docs/interfaces/Reference.EnvInfoInterface.html +2 -2
  28. package/docs/interfaces/Reference.ExportMetaData.html +2 -2
  29. package/docs/interfaces/Reference.FeatureInterface.html +2 -2
  30. package/docs/interfaces/Reference.FullExportInterface.html +2 -2
  31. package/docs/interfaces/Reference.FullExportOptions.html +6 -6
  32. package/docs/interfaces/Reference.FullImportOptions.html +8 -8
  33. package/docs/interfaces/Reference.FullService.html +2 -2
  34. package/docs/interfaces/Reference.IdObjectSkeletonInterface.html +2 -2
  35. package/docs/interfaces/Reference.InnerNodeRefSkeletonInterface.html +2 -2
  36. package/docs/interfaces/Reference.JwkInterface.html +2 -2
  37. package/docs/interfaces/Reference.JwksInterface.html +2 -2
  38. package/docs/interfaces/Reference.ManagedObjectPatchOperationInterface.html +3 -3
  39. package/docs/interfaces/Reference.MappingExportInterface.html +2 -2
  40. package/docs/interfaces/Reference.MappingImportOptions.html +3 -3
  41. package/docs/interfaces/Reference.MultiTreeExportInterface.html +2 -2
  42. package/docs/interfaces/Reference.NoIdObjectSkeletonInterface.html +2 -2
  43. package/docs/interfaces/Reference.NodeRefSkeletonInterface.html +2 -2
  44. package/docs/interfaces/Reference.OAuth2ClientExportInterface.html +2 -2
  45. package/docs/interfaces/Reference.OAuth2ClientExportOptions.html +4 -4
  46. package/docs/interfaces/Reference.OAuth2ClientImportOptions.html +3 -3
  47. package/docs/interfaces/Reference.OAuth2TrustedJwtIssuerExportInterface.html +2 -2
  48. package/docs/interfaces/Reference.OAuth2TrustedJwtIssuerExportOptions.html +4 -4
  49. package/docs/interfaces/Reference.OAuth2TrustedJwtIssuerImportOptions.html +3 -3
  50. package/docs/interfaces/Reference.PlatformInfoInterface.html +2 -2
  51. package/docs/interfaces/Reference.PolicyExportInterface.html +2 -2
  52. package/docs/interfaces/Reference.PolicyExportOptions.html +5 -5
  53. package/docs/interfaces/Reference.PolicyImportOptions.html +5 -5
  54. package/docs/interfaces/Reference.PolicySetExportInterface.html +2 -2
  55. package/docs/interfaces/Reference.PolicySetExportOptions.html +5 -5
  56. package/docs/interfaces/Reference.PolicySetImportOptions.html +4 -4
  57. package/docs/interfaces/Reference.ResourceTypeExportInterface.html +2 -2
  58. package/docs/interfaces/Reference.Saml2EntitiesExportOptions.html +2 -2
  59. package/docs/interfaces/Reference.Saml2EntitiesImportOptions.html +2 -2
  60. package/docs/interfaces/Reference.Saml2ExportInterface.html +2 -2
  61. package/docs/interfaces/Reference.ScriptExportInterface.html +2 -2
  62. package/docs/interfaces/Reference.ScriptImportOptions.html +4 -4
  63. package/docs/interfaces/Reference.SecretsExportInterface.html +2 -2
  64. package/docs/interfaces/Reference.SecureConnectionProfileInterface.html +3 -2
  65. package/docs/interfaces/Reference.ServiceExportInterface.html +2 -2
  66. package/docs/interfaces/Reference.ServiceImportOptions.html +5 -5
  67. package/docs/interfaces/Reference.ServiceListItem.html +4 -4
  68. package/docs/interfaces/Reference.ServiceNextDescendent.html +1 -1
  69. package/docs/interfaces/Reference.SingleTreeExportInterface.html +2 -2
  70. package/docs/interfaces/Reference.SocialIdentityProviderExportOptions.html +4 -4
  71. package/docs/interfaces/Reference.SocialIdentityProviderImportOptions.html +3 -3
  72. package/docs/interfaces/Reference.SocialProviderExportInterface.html +2 -2
  73. package/docs/interfaces/Reference.StateInterface.html +3 -2
  74. package/docs/interfaces/Reference.SystemObjectPatchOperationInterface.html +2 -2
  75. package/docs/interfaces/Reference.SystemStatusInterface.html +2 -2
  76. package/docs/interfaces/Reference.ThemeExportInterface.html +2 -2
  77. package/docs/interfaces/Reference.TokenCacheInterface.html +1 -1
  78. package/docs/interfaces/Reference.TreeDependencyMapInterface.html +1 -1
  79. package/docs/interfaces/Reference.TreeExportOptions.html +5 -5
  80. package/docs/interfaces/Reference.TreeExportResolverInterface.html +1 -1
  81. package/docs/interfaces/Reference.TreeImportOptions.html +4 -4
  82. package/docs/interfaces/Reference.UiConfigInterface.html +2 -2
  83. package/docs/interfaces/Reference.Updates.html +4 -4
  84. package/docs/interfaces/Reference.VariablesExportInterface.html +2 -2
  85. package/docs/modules/Reference.html +2 -2
  86. package/docs/modules.html +2 -2
  87. package/docs/types/Reference.AccessTokenMetaType.html +1 -1
  88. package/docs/types/Reference.AccessTokenResponseType.html +1 -1
  89. package/docs/types/Reference.Admin.html +13 -13
  90. package/docs/types/Reference.AdminFederation.html +15 -15
  91. package/docs/types/Reference.AdminFederationConfigSkeleton.html +1 -1
  92. package/docs/types/Reference.Agent.html +53 -53
  93. package/docs/types/Reference.AgentSkeleton.html +1 -1
  94. package/docs/types/Reference.AgentType.html +1 -1
  95. package/docs/types/Reference.AmServiceSkeleton.html +1 -1
  96. package/docs/types/Reference.AmServiceType.html +1 -1
  97. package/docs/types/Reference.Application.html +19 -19
  98. package/docs/types/Reference.ApplicationExportOptions.html +2 -2
  99. package/docs/types/Reference.ApplicationImportOptions.html +2 -2
  100. package/docs/types/Reference.ApplicationSkeleton.html +1 -1
  101. package/docs/types/Reference.Authenticate.html +3 -3
  102. package/docs/types/Reference.AuthenticationSettings.html +5 -5
  103. package/docs/types/Reference.AuthenticationSettingsSkeleton.html +1 -1
  104. package/docs/types/Reference.Base64.html +1 -1
  105. package/docs/types/Reference.Callback.html +1 -1
  106. package/docs/types/Reference.CallbackHandler.html +1 -1
  107. package/docs/types/Reference.CallbackKeyValuePair.html +1 -1
  108. package/docs/types/Reference.CallbackType.html +1 -1
  109. package/docs/types/Reference.CircleOfTrustSkeleton.html +1 -1
  110. package/docs/types/Reference.CirclesOfTrust.html +15 -15
  111. package/docs/types/Reference.Config.html +3 -3
  112. package/docs/types/Reference.ConnectionProfile.html +9 -9
  113. package/docs/types/Reference.Connector.html +13 -13
  114. package/docs/types/Reference.ConnectorSkeleton.html +1 -1
  115. package/docs/types/Reference.Constants.html +1 -1
  116. package/docs/types/Reference.DeleteJourneyStatus.html +1 -1
  117. package/docs/types/Reference.DeleteJourneysStatus.html +1 -1
  118. package/docs/types/Reference.EmailTemplate.html +13 -13
  119. package/docs/types/Reference.EmailTemplateSkeleton.html +1 -1
  120. package/docs/types/Reference.ExportImport.html +7 -7
  121. package/docs/types/Reference.FRUtils.html +1 -1
  122. package/docs/types/Reference.Feature.html +3 -3
  123. package/docs/types/Reference.Frodo.html +4 -4
  124. package/docs/types/Reference.GatewayAgentType.html +1 -1
  125. package/docs/types/Reference.IdmConfig.html +19 -19
  126. package/docs/types/Reference.IdmConfigStub.html +1 -1
  127. package/docs/types/Reference.IdmSystem.html +14 -14
  128. package/docs/types/Reference.Idp.html +21 -21
  129. package/docs/types/Reference.Info.html +2 -2
  130. package/docs/types/Reference.JavaAgentType.html +1 -1
  131. package/docs/types/Reference.Jose.html +1 -1
  132. package/docs/types/Reference.Journey.html +28 -28
  133. package/docs/types/Reference.JourneyClassificationType.html +1 -1
  134. package/docs/types/Reference.Json.html +7 -7
  135. package/docs/types/Reference.JwkRsa.html +1 -1
  136. package/docs/types/Reference.JwkRsaPublic.html +1 -1
  137. package/docs/types/Reference.Log.html +13 -13
  138. package/docs/types/Reference.LogApiKey.html +1 -1
  139. package/docs/types/Reference.LogEventPayloadSkeleton.html +1 -1
  140. package/docs/types/Reference.LogEventSkeleton.html +1 -1
  141. package/docs/types/Reference.ManagedObject.html +13 -13
  142. package/docs/types/Reference.Mapping.html +15 -15
  143. package/docs/types/Reference.MappingPolicy.html +1 -1
  144. package/docs/types/Reference.MappingProperty.html +1 -1
  145. package/docs/types/Reference.MappingSkeleton.html +1 -1
  146. package/docs/types/Reference.Node.html +16 -16
  147. package/docs/types/Reference.NodeClassificationType.html +1 -1
  148. package/docs/types/Reference.NodeSkeleton.html +1 -1
  149. package/docs/types/Reference.OAuth2Client.html +16 -16
  150. package/docs/types/Reference.OAuth2ClientSkeleton.html +1 -1
  151. package/docs/types/Reference.OAuth2Oidc.html +1 -1
  152. package/docs/types/Reference.OAuth2Provider.html +6 -6
  153. package/docs/types/Reference.OAuth2ProviderSkeleton.html +1 -1
  154. package/docs/types/Reference.OAuth2TrustedJwtIssuer.html +16 -16
  155. package/docs/types/Reference.OAuth2TrustedJwtIssuerSkeleton.html +1 -1
  156. package/docs/types/Reference.ObjectPropertyFlag.html +1 -1
  157. package/docs/types/Reference.ObjectPropertyNativeType.html +1 -1
  158. package/docs/types/Reference.ObjectPropertySkeleton.html +1 -1
  159. package/docs/types/Reference.ObjectPropertyType.html +1 -1
  160. package/docs/types/Reference.ObjectTypeSkeleton.html +1 -1
  161. package/docs/types/Reference.Organization.html +4 -4
  162. package/docs/types/Reference.PagedResult.html +1 -1
  163. package/docs/types/Reference.PlatformInfo.html +1 -1
  164. package/docs/types/Reference.Policy.html +18 -18
  165. package/docs/types/Reference.PolicyCondition.html +1 -1
  166. package/docs/types/Reference.PolicyConditionType.html +1 -1
  167. package/docs/types/Reference.PolicySet.html +11 -11
  168. package/docs/types/Reference.PolicySetSkeleton.html +1 -1
  169. package/docs/types/Reference.PolicySkeleton.html +1 -1
  170. package/docs/types/Reference.ProgressIndicatorStatusType.html +1 -1
  171. package/docs/types/Reference.ProgressIndicatorType.html +1 -1
  172. package/docs/types/Reference.Readable.html +1 -1
  173. package/docs/types/Reference.Realm.html +13 -13
  174. package/docs/types/Reference.RealmSkeleton.html +1 -1
  175. package/docs/types/Reference.Recon.html +6 -6
  176. package/docs/types/Reference.ReconStatusType.html +1 -1
  177. package/docs/types/Reference.ReconType.html +1 -1
  178. package/docs/types/Reference.ResourceType.html +18 -18
  179. package/docs/types/Reference.ResourceTypeSkeleton.html +1 -1
  180. package/docs/types/Reference.Saml2.html +19 -19
  181. package/docs/types/Reference.Saml2ProiderLocation.html +1 -1
  182. package/docs/types/Reference.Saml2ProviderSkeleton.html +1 -1
  183. package/docs/types/Reference.Saml2ProviderStub.html +1 -1
  184. package/docs/types/Reference.Script.html +18 -18
  185. package/docs/types/Reference.ScriptContext.html +1 -1
  186. package/docs/types/Reference.ScriptLanguage.html +1 -1
  187. package/docs/types/Reference.ScriptSkeleton.html +1 -1
  188. package/docs/types/Reference.ScriptValidation.html +1 -1
  189. package/docs/types/Reference.Secret.html +22 -22
  190. package/docs/types/Reference.SecretEncodingType.html +2 -2
  191. package/docs/types/Reference.SecretSkeleton.html +2 -2
  192. package/docs/types/Reference.Service.html +9 -9
  193. package/docs/types/Reference.ServiceAccount.html +4 -4
  194. package/docs/types/Reference.ServiceAccountType.html +1 -1
  195. package/docs/types/Reference.Session.html +2 -2
  196. package/docs/types/Reference.SessionInfoType.html +1 -1
  197. package/docs/types/Reference.SocialIdpSkeleton.html +1 -1
  198. package/docs/types/Reference.Startup.html +3 -3
  199. package/docs/types/Reference.State.html +7 -7
  200. package/docs/types/Reference.Theme.html +20 -20
  201. package/docs/types/Reference.ThemeSkeleton.html +1 -1
  202. package/docs/types/Reference.TokenCache.html +16 -16
  203. package/docs/types/Reference.TokenInfoResponseType.html +1 -1
  204. package/docs/types/Reference.Tokens.html +1 -1
  205. package/docs/types/Reference.TreeSkeleton.html +1 -1
  206. package/docs/types/Reference.UserSessionMetaType.html +1 -1
  207. package/docs/types/Reference.Variable.html +13 -13
  208. package/docs/types/Reference.VariableExpressionType.html +2 -2
  209. package/docs/types/Reference.VariableSkeleton.html +2 -2
  210. package/docs/types/Reference.Version.html +1 -1
  211. package/docs/types/Reference.VersionOfSecretSkeleton.html +2 -2
  212. package/docs/types/Reference.VersionOfSecretStatus.html +1 -1
  213. package/docs/types/Reference.WebAgentType.html +1 -1
  214. package/docs/types/Reference.Writable.html +1 -1
  215. package/docs/types/Reference.tokenType.html +1 -1
  216. package/docs/variables/frodo.html +2 -2
  217. package/docs/variables/state.html +2 -2
  218. package/esm/ops/AuthenticateOps.js +40 -10
  219. package/esm/ops/AuthenticateOps.js.map +1 -1
  220. package/esm/ops/ConnectionProfileOps.js +10 -4
  221. package/esm/ops/ConnectionProfileOps.js.map +1 -1
  222. package/esm/ops/cloud/ServiceAccountOps.js +39 -0
  223. package/esm/ops/cloud/ServiceAccountOps.js.map +1 -1
  224. package/esm/shared/State.js +6 -0
  225. package/esm/shared/State.js.map +1 -1
  226. package/package.json +1 -1
  227. package/types/ops/AuthenticateOps.d.ts.map +1 -1
  228. package/types/ops/ConnectionProfileOps.d.ts +2 -0
  229. package/types/ops/ConnectionProfileOps.d.ts.map +1 -1
  230. package/types/ops/cloud/ServiceAccountOps.d.ts +2 -0
  231. package/types/ops/cloud/ServiceAccountOps.d.ts.map +1 -1
  232. package/types/shared/State.d.ts +3 -0
  233. package/types/shared/State.d.ts.map +1 -1
package/build.zip CHANGED
Binary file
package/cjs/ops/AuthenticateOps.js CHANGED
@@ -65,7 +65,8 @@ var adminClientPassword = 'doesnotmatter';
65
65
  var redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';
66
66
  var cloudIdmAdminScopes = 'openid fr:idm:* fr:idc:esv:*';
67
67
  var forgeopsIdmAdminScopes = 'openid fr:idm:*';
68
- var serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';
68
+ var serviceAccountDefaultScopes = _ServiceAccountOps.SERVICE_ACCOUNT_DEFAULT_SCOPES.join(' '); //'fr:am:* fr:idm:* fr:idc:esv:*';
69
+
69
70
  var fidcClientId = 'idmAdminClient';
70
71
  var forgeopsClientId = 'idm-admin-ui';
71
72
  var adminClientId = fidcClientId;
@@ -687,13 +688,33 @@ function _getFreshSaBearerToken() {
687
688
  saJwk = saJwk ? saJwk : state.getServiceAccountJwk();
688
689
  var payload = createPayload(saId, state.getHost());
689
690
  var jwt = yield (0, _JoseOps.createSignedJwtToken)(payload, saJwk);
690
- var bodyFormData = "assertion=".concat(jwt, "&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=").concat(serviceAccountScopes);
691
- var response = yield (0, _OAuth2OidcOps.accessToken)({
692
- amBaseUrl: state.getHost(),
693
- data: bodyFormData,
694
- config: {},
695
- state
696
- });
691
+ var scope = state.getServiceAccountScope() || serviceAccountDefaultScopes;
692
+ var bodyFormData = "assertion=".concat(jwt, "&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=").concat(scope);
693
+ var response;
694
+ try {
695
+ response = yield (0, _OAuth2OidcOps.accessToken)({
696
+ amBaseUrl: state.getHost(),
697
+ data: bodyFormData,
698
+ config: {},
699
+ state
700
+ });
701
+ } catch (error) {
702
+ var _err$httpDescription;
703
+ var err = error;
704
+ if (err.isHttpError && err.httpErrorMessage === 'invalid_scope' && (_err$httpDescription = err.httpDescription) !== null && _err$httpDescription !== void 0 && _err$httpDescription.startsWith('Unsupported scope for service account: ')) {
705
+ var invalidScopes = err.httpDescription.substring(39).split(',');
706
+ var finalScopes = scope.split(' ').filter(el => {
707
+ return !invalidScopes.includes(el);
708
+ });
709
+ var _bodyFormData2 = "assertion=".concat(jwt, "&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=").concat(finalScopes.join(' '));
710
+ response = yield (0, _OAuth2OidcOps.accessToken)({
711
+ amBaseUrl: state.getHost(),
712
+ data: _bodyFormData2,
713
+ config: {},
714
+ state
715
+ });
716
+ }
717
+ }
697
718
  if ('access_token' in response) {
698
719
  (0, _Console.debugMessage)({
699
720
  message: "AuthenticateOps.getFreshSaBearerToken: end",
@@ -895,12 +916,14 @@ function _getTokens() {
895
916
  if (!state.getHost()) {
896
917
  throw new _FrodoError.FrodoError("No host specified");
897
918
  }
919
+ var usingConnectionProfile = false;
898
920
  try {
899
921
  // if username/password on cli are empty, try to read from connections.json
900
922
  if (state.getUsername() == null && state.getPassword() == null && !state.getServiceAccountId() && !state.getServiceAccountJwk()) {
901
923
  var conn = yield (0, _ConnectionProfileOps.getConnectionProfile)({
902
924
  state
903
925
  });
926
+ usingConnectionProfile = true;
904
927
  state.setHost(conn.tenant);
905
928
  state.setDeploymentType(conn.deploymentType);
906
929
  state.setUsername(conn.username);
@@ -909,6 +932,7 @@ function _getTokens() {
909
932
  state.setAuthenticationHeaderOverrides(conn.authenticationHeaderOverrides);
910
933
  state.setServiceAccountId(conn.svcacctId);
911
934
  state.setServiceAccountJwk(conn.svcacctJwk);
935
+ state.setServiceAccountScope(conn.svcacctScope);
912
936
  }
913
937
 
914
938
  // if host is not a valid URL, try to locate a valid URL and deployment type from connections.json
@@ -934,6 +958,12 @@ function _getTokens() {
934
958
  state
935
959
  });
936
960
  state.setBearerTokenMeta(token);
961
+ if (usingConnectionProfile && !token.from_cache) {
962
+ (0, _ConnectionProfileOps.saveConnectionProfile)({
963
+ host: state.getHost(),
964
+ state
965
+ });
966
+ }
937
967
  state.setUseBearerTokenForAmApis(true);
938
968
  yield determineDeploymentTypeAndDefaultRealmAndVersion(state);
939
969
  } catch (saErr) {
package/cjs/ops/AuthenticateOps.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"AuthenticateOps.js","names":["_crypto","require","_url","_interopRequireDefault","_uuid","_AuthenticateApi","_ServerInfoApi","_Constants","_Base64Utils","_Console","_ExportImportUtils","_ServiceAccountOps","_ConnectionProfileOps","_FrodoError","_JoseOps","_OAuth2OidcOps","_SessionOps","_TokenCacheOps","obj","__esModule","default","asyncGeneratorStep","gen","resolve","reject","_next","_throw","key","arg","info","value","error","done","Promise","then","_asyncToGenerator","fn","self","args","arguments","apply","err","undefined","_default","state","getTokens","_arguments","forceLoginAsUser","length","autoRefresh","callbackHandler","getAccessTokenForServiceAccount","_arguments2","saId","saJwk","access_token","getFreshSaBearerToken","exports","adminClientPassword","redirectUrlTemplate","cloudIdmAdminScopes","forgeopsIdmAdminScopes","serviceAccountScopes","fidcClientId","forgeopsClientId","adminClientId","determineCookieName","_x","_determineCookieName","data","getServerInfo","debugMessage","message","concat","cookieName","checkAndHandle2FA","_ref","payload","otpCallbackHandler","callback","callbacks","type","localAuth","output","provider","input","includes","nextStep","need2fa","factor","supported","FrodoError","getUsername","getPassword","determineDefaultRealm","getRealm","Constants","DEFAULT_REALM_KEY","setRealm","DEPLOYMENT_TYPE_REALM_MAP","getDeploymentType","determineDeploymentType","_x2","_determineDeploymentType","cookieValue","getCookieValue","deploymentType","CLOUD_DEPLOYMENT_TYPE_KEY","FORGEOPS_DEPLOYMENT_TYPE_KEY","CLASSIC_DEPLOYMENT_TYPE_KEY","getUseBearerTokenForAmApis","verifier","encodeBase64Url","randomBytes","challenge","createHash","update","digest","challengeMethod","redirectURL","url","getHost","config","maxRedirects","headers","getCookieName","bodyFormData","authorize","amBaseUrl","e","_e$response","_e$response$headers","response","status","location","indexOf","verboseMessage","ex","_ex$response","_ex$response$headers","getSemanticVersion","versionInfo","versionString","version","rx","match","Error","getFreshUserSessionToken","_x3","_getFreshUserSessionToken","_ref2","step","body","skip2FA","steps","maxSteps","sessionInfo","getSessionInfo","tokenId","Date","parse","maxIdleExpirationTime","getUserSessionToken","_x4","_x5","_getUserSessionToken","otpCallback","token","getUseTokenCache","hasUserSessionToken","readUserSessionToken","from_cache","saveUserSessionToken","getAuthCode","_x6","_x7","_x8","_x9","_getAuthCode","codeChallenge","codeChallengeMethod","_response$headers","redirectLocationURL","queryObject","query","code","getFreshUserBearerToken","_x10","_getFreshUserBearerToken","_ref3","authCode","auth","username","password","accessToken","getUserBearerToken","_x11","_getUserBearerToken","hasUserBearerToken","readUserBearerToken","saveUserBearerToken","createPayload","serviceAccountId","host","u","parseUrl","aud","origin","port","protocol","pathname","exp","Math","floor","getTime","jti","v4","iss","sub","_x12","_getFreshSaBearerToken","_ref4","getServiceAccountId","getServiceAccountJwk","jwt","createSignedJwtToken","getSaBearerToken","_x13","_getSaBearerToken","_ref5","hasSaBearerToken","readSaBearerToken","saveSaBearerToken","determineDeploymentTypeAndDefaultRealmAndVersion","_x14","_determineDeploymentTypeAndDefaultRealmAndVersion","setDeploymentType","getServerVersionInfo","fullVersion","setAmVersion","getLoggedInSubject","_x15","_getLoggedInSubject","subjectString","name","getServiceAccount","scheduleAutoRefresh","timer","getAutoRefreshTimer","clearTimeout","_state$getUserSession","_state$getBearerToken","_state$getBearerToken2","_state$getUserSession2","expires","getUserSessionTokenMeta","getBearerTokenMeta","min","timeout","now","ceil","getMinutes","getSeconds","setTimeout","setAutoRefreshTimer","unref","_x16","_getTokens","_ref6","conn","getConnectionProfile","setHost","tenant","setUsername","setPassword","setAuthenticationService","authenticationService","setAuthenticationHeaderOverrides","authenticationHeaderOverrides","setServiceAccountId","svcacctId","setServiceAccountJwk","svcacctJwk","isValidUrl","setCookieName","setBearerTokenMeta","setUseBearerTokenForAmApis","saErr","setUserSessionTokenMeta","getBearerToken","_state$getBearerToken3","_state$getUserSession3","tokens","bearerToken","userSessionToken","subject","realm"],"sources":["../../src/ops/AuthenticateOps.ts"],"sourcesContent":["import { createHash, randomBytes } from 'crypto';\nimport url from 'url';\nimport { v4 } from 'uuid';\n\nimport { step } from '../api/AuthenticateApi';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport Constants from '../shared/Constants';\nimport { State } from '../shared/State';\nimport { encodeBase64Url } from '../utils/Base64Utils';\nimport { debugMessage, verboseMessage } from '../utils/Console';\nimport { isValidUrl, parseUrl } from '../utils/ExportImportUtils';\nimport { CallbackHandler } from './CallbackOps';\nimport { getServiceAccount } from './cloud/ServiceAccountOps';\nimport { getConnectionProfile } from './ConnectionProfileOps';\nimport { FrodoError } from './FrodoError';\nimport { createSignedJwtToken, JwkRsa } from './JoseOps';\nimport {\n accessToken,\n type AccessTokenMetaType,\n authorize,\n} from './OAuth2OidcOps';\nimport { getSessionInfo } from './SessionOps';\nimport {\n hasSaBearerToken,\n hasUserBearerToken,\n hasUserSessionToken,\n readSaBearerToken,\n readUserBearerToken,\n readUserSessionToken,\n saveSaBearerToken,\n saveUserBearerToken,\n saveUserSessionToken,\n} from './TokenCacheOps';\n\nexport type Authenticate = {\n /**\n * Get tokens and store them in State\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {CallbackHandler} callbackHandler function allowing the library to collect responses from the user through callbacks\n * @returns {Promise<Tokens>} object containing the tokens\n */\n getTokens(\n forceLoginAsUser?: boolean,\n autoRefresh?: boolean,\n callbackHandler?: CallbackHandler\n ): Promise<Tokens>;\n\n // Deprecated\n /**\n * Get access token for service account\n * @param {string} saId optional service account id\n * @param {JwkRsa} saJwk optional service account JWK\n * @returns {string | null} Access token or null\n * @deprecated since v2.0.0 use {@link Authenticate.getTokens | getTokens} instead\n * ```javascript\n * getTokens(): Promise<boolean>\n * ```\n * @group Deprecated\n */\n getAccessTokenForServiceAccount(\n saId?: string,\n saJwk?: JwkRsa\n ): Promise<string | null>;\n};\n\nexport default (state: State): Authenticate => {\n return {\n async getTokens(\n forceLoginAsUser = false,\n autoRefresh = true,\n callbackHandler = null\n ) {\n return getTokens({\n forceLoginAsUser,\n autoRefresh,\n callbackHandler,\n state,\n });\n },\n\n // Deprecated\n async getAccessTokenForServiceAccount(\n saId: string = undefined,\n saJwk: JwkRsa = undefined\n ): Promise<string | null> {\n const { access_token } = await getFreshSaBearerToken({\n saId,\n saJwk,\n state,\n });\n return access_token;\n },\n };\n};\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst cloudIdmAdminScopes = 'openid fr:idm:* fr:idc:esv:*';\nconst forgeopsIdmAdminScopes = 'openid fr:idm:*';\nconst serviceAccountScopes = 'fr:am:* fr:idm:* fr:idc:esv:*';\n\nconst fidcClientId = 'idmAdminClient';\nconst forgeopsClientId = 'idm-admin-ui';\nlet adminClientId = fidcClientId;\n\n/**\n * Helper function to get cookie name\n * @param {State} state library state\n * @returns {string} cookie name\n */\nasync function determineCookieName(state: State) {\n const data = await getServerInfo({ state });\n debugMessage({\n message: `AuthenticateOps.determineCookieName: cookieName=${data.cookieName}`,\n state,\n });\n return data.cookieName;\n}\n\n/**\n * Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @param {State} state library state\n * @returns {Object} an object indicating if 2fa is required and the original payload\n */\nfunction checkAndHandle2FA({\n payload,\n otpCallbackHandler,\n state,\n}: {\n payload;\n otpCallbackHandler: CallbackHandler;\n state: State;\n}) {\n debugMessage({ message: `AuthenticateOps.checkAndHandle2FA: start`, state });\n // let skippable = false;\n if ('callbacks' in payload) {\n for (let callback of payload.callbacks) {\n // select localAuthentication if Admin Federation is enabled\n if (callback.type === 'SelectIdPCallback') {\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: Admin federation enabled. Allowed providers:`,\n state,\n });\n let localAuth = false;\n for (const value of callback.output[0].value) {\n debugMessage({ message: `${value.provider}`, state });\n if (value.provider === 'localAuthentication') {\n localAuth = true;\n }\n }\n if (localAuth) {\n debugMessage({ message: `local auth allowed`, state });\n callback.input[0].value = 'localAuthentication';\n } else {\n debugMessage({ message: `local auth NOT allowed`, state });\n }\n }\n if (callback.type === 'HiddenValueCallback') {\n if (callback.input[0].value.includes('skip')) {\n // skippable = true;\n callback.input[0].value = 'Skip';\n // debugMessage(\n // `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=true]`\n // );\n // return {\n // nextStep: true,\n // need2fa: true,\n // factor: 'None',\n // supported: true,\n // payload,\n // };\n }\n if (callback.input[0].value.includes('webAuthnOutcome')) {\n // webauthn!!!\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, unsupported factor: webauthn]`,\n state,\n });\n return {\n nextStep: false,\n need2fa: true,\n factor: 'WebAuthN',\n supported: false,\n payload,\n };\n }\n }\n if (callback.type === 'NameCallback') {\n if (callback.output[0].value.includes('code')) {\n // skippable = false;\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: need2fa=true, skippable=false`,\n state,\n });\n if (!otpCallbackHandler)\n throw new FrodoError(\n `2fa required but no otpCallback function provided.`\n );\n callback = otpCallbackHandler(callback);\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=false, factor=Code]`,\n state,\n });\n return {\n nextStep: true,\n need2fa: true,\n factor: 'Code',\n supported: true,\n payload,\n };\n } else {\n // answer callback\n callback.input[0].value = state.getUsername();\n }\n }\n if (callback.type === 'PasswordCallback') {\n // answer callback\n callback.input[0].value = state.getPassword();\n }\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: true,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: false,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n}\n\n/**\n * Helper function to set the default realm by deployment type\n * @param {State} state library state\n */\nfunction determineDefaultRealm(state: State) {\n if (!state.getRealm() || state.getRealm() === Constants.DEFAULT_REALM_KEY) {\n state.setRealm(\n Constants.DEPLOYMENT_TYPE_REALM_MAP[state.getDeploymentType()]\n );\n }\n}\n\n/**\n * Helper function to determine the deployment type\n * @param {State} state library state\n * @returns {Promise<string>} deployment type\n */\nasync function determineDeploymentType(state: State): Promise<string> {\n const cookieValue = state.getCookieValue();\n let deploymentType = state.getDeploymentType();\n\n switch (deploymentType) {\n case Constants.CLOUD_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n case Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY:\n adminClientId = forgeopsClientId;\n return deploymentType;\n\n case Constants.CLASSIC_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n // detect deployment type\n default: {\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${cloudIdmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n deploymentType = Constants.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage({\n message: `ForgeRock Identity Cloud`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${forgeopsIdmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage({\n message: `ForgeOps deployment`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage({\n message: `Classic deployment`['brightCyan'] + ` detected.`,\n state,\n });\n }\n }\n }\n }\n return deploymentType;\n }\n }\n}\n\n/**\n * Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n */\nfunction getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d])*)/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\nexport type UserSessionMetaType = {\n tokenId: string;\n successUrl: string;\n realm: string;\n expires: number;\n from_cache?: boolean;\n};\n\n/**\n * Helper function to authenticate and obtain and store session cookie\n * @param {State} state library state\n * @returns {string} Session token or null\n */\nasync function getFreshUserSessionToken({\n otpCallbackHandler,\n state,\n}: {\n otpCallbackHandler: CallbackHandler;\n state: State;\n}): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: start`,\n state,\n });\n const config = {\n headers: {\n 'X-OpenAM-Username': state.getUsername(),\n 'X-OpenAM-Password': state.getPassword(),\n },\n };\n let response = await step({ body: {}, config, state });\n\n let skip2FA = null;\n let steps = 0;\n const maxSteps = 3;\n do {\n skip2FA = checkAndHandle2FA({\n payload: response,\n otpCallbackHandler: otpCallbackHandler,\n state,\n });\n\n // throw exception if 2fa required but factor not supported by frodo (e.g. WebAuthN)\n if (!skip2FA.supported) {\n throw new Error(`Unsupported 2FA factor: ${skip2FA.factor}`);\n }\n\n if (skip2FA.nextStep) {\n steps++;\n response = await step({ body: skip2FA.payload, state });\n }\n\n if ('tokenId' in response) {\n response['from_cache'] = false;\n // get session expiration\n const sessionInfo = await getSessionInfo({\n tokenId: response['tokenId'],\n state,\n });\n response['expires'] = Date.parse(sessionInfo.maxIdleExpirationTime);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [tokenId=${response['tokenId']}]`,\n state,\n });\n debugMessage({\n message: response,\n state,\n });\n return response as UserSessionMetaType;\n }\n } while (skip2FA.nextStep && steps < maxSteps);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [no session]`,\n state,\n });\n return null;\n}\n\n/**\n * Helper function to obtain user session token\n * @param {State} state library state\n * @returns {Promise<UserSessionMetaType>} session token or null\n */\nasync function getUserSessionToken(\n otpCallback: CallbackHandler,\n state: State\n): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: start`,\n state,\n });\n let token: UserSessionMetaType = null;\n if (state.getUseTokenCache() && (await hasUserSessionToken({ state }))) {\n try {\n token = await readUserSessionToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: cached`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: failed cache read`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserSessionToken({\n otpCallbackHandler: otpCallback,\n state,\n });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: fresh`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserSessionToken({ token, state });\n }\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: end`,\n state,\n });\n return token;\n}\n\n/**\n * Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @param {State} state library state\n * @returns {string} oauth2 authorization code or null\n */\nasync function getAuthCode(\n redirectURL: string,\n codeChallenge: string,\n codeChallengeMethod: string,\n state: State\n): Promise<string> {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${\n state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY\n ? cloudIdmAdminScopes\n : forgeopsIdmAdminScopes\n }&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (error) {\n response = error.response;\n if (response.status < 200 || response.status > 399) {\n throw error;\n }\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code as string;\n }\n throw new FrodoError(`Authz code not found`);\n } catch (error) {\n throw new FrodoError(`Error getting authz code`, error);\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getFreshUserBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: start`,\n state,\n });\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(\n redirectURL,\n challenge,\n challengeMethod,\n state\n );\n let response: AccessTokenMetaType = null;\n if (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n }\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: end with token`,\n state,\n });\n return response;\n }\n throw new FrodoError(`No access token in response`);\n } catch (error) {\n throw new FrodoError(`Error getting access token for user`, error);\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getUserBearerToken(state: State): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasUserBearerToken({ state }))) {\n try {\n token = await readUserBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserBearerToken({ token, state });\n }\n return token;\n}\n\nfunction createPayload(serviceAccountId: string, host: string) {\n const u = parseUrl(host);\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/**\n * Get fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getFreshSaBearerToken({\n saId = undefined,\n saJwk = undefined,\n state,\n}: {\n saId?: string;\n saJwk?: JwkRsa;\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: start`,\n state,\n });\n saId = saId ? saId : state.getServiceAccountId();\n saJwk = saJwk ? saJwk : state.getServiceAccountJwk();\n const payload = createPayload(saId, state.getHost());\n const jwt = await createSignedJwtToken(payload, saJwk);\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${serviceAccountScopes}`;\n const response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end`,\n state,\n });\n return response;\n }\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end [No access token in response]`,\n state,\n });\n return null;\n}\n\n/**\n * Get cached or fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getSaBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n try {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasSaBearerToken({ state }))) {\n try {\n token = await readSaBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshSaBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveSaBearerToken({ token, state });\n }\n return token;\n } catch (error) {\n throw new FrodoError(\n `Error getting access token for service account`,\n error\n );\n }\n}\n\n/**\n * Helper function to determine deployment type, default realm, and version and update library state\n * @param state library state\n */\nasync function determineDeploymentTypeAndDefaultRealmAndVersion(\n state: State\n): Promise<void> {\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`,\n state,\n });\n state.setDeploymentType(await determineDeploymentType(state));\n determineDefaultRealm(state);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`,\n state,\n });\n\n const versionInfo = await getServerVersionInfo({ state });\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage({ message: `Full version: ${versionInfo.fullVersion}`, state });\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`,\n state,\n });\n}\n\n/**\n * Get logged-in subject\n * @param {State} state library state\n * @returns {string} a string identifying subject type and id\n */\nasync function getLoggedInSubject(state: State): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n try {\n const name = (\n await getServiceAccount({\n serviceAccountId: state.getServiceAccountId(),\n state,\n })\n ).name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n } catch (error) {\n subjectString = `service account ${state.getServiceAccountId()}`;\n }\n }\n return subjectString;\n}\n\n/**\n * Helper method to set, reset, or cancel timer to auto refresh tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n */\nfunction scheduleAutoRefresh(\n forceLoginAsUser: boolean,\n autoRefresh: boolean,\n state: State\n) {\n let timer = state.getAutoRefreshTimer();\n // clear existing timer\n if (timer) {\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: cancel existing timer`,\n state,\n });\n clearTimeout(timer);\n }\n // new timer\n if (autoRefresh) {\n const expires =\n state.getDeploymentType() === Constants.CLASSIC_DEPLOYMENT_TYPE_KEY\n ? state.getUserSessionTokenMeta()?.expires\n : state.getUseBearerTokenForAmApis()\n ? state.getBearerTokenMeta()?.expires\n : Math.min(\n state.getBearerTokenMeta()?.expires,\n state.getUserSessionTokenMeta()?.expires\n );\n let timeout = expires - Date.now() - 1000 * 25;\n if (timeout < 1000 * 30) {\n debugMessage({\n message: `Timeout below threshold of 30 seconds (${Math.ceil(\n timeout / 1000\n )}), resetting timeout to 10ms.`,\n state,\n });\n if (timeout < 10) timeout = 10;\n }\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: set new timer [${Math.floor(\n timeout / 1000\n )}s (${new Date(timeout).getMinutes()}m ${new Date(\n timeout\n ).getSeconds()}s)]`,\n state,\n });\n timer = setTimeout(getTokens, timeout, {\n forceLoginAsUser,\n autoRefresh,\n state,\n // Volker's Visual Studio Code doesn't want to have it any other way.\n }) as unknown as NodeJS.Timeout;\n state.setAutoRefreshTimer(timer);\n timer.unref();\n }\n}\n\nexport type Tokens = {\n bearerToken?: AccessTokenMetaType;\n userSessionToken?: UserSessionMetaType;\n subject?: string;\n host?: string;\n realm?: string;\n};\n\n/**\n * Get tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n * @returns {Promise<Tokens>} object containing the tokens\n */\nexport async function getTokens({\n forceLoginAsUser = false,\n autoRefresh = true,\n callbackHandler = null,\n state,\n}: {\n forceLoginAsUser?: boolean;\n autoRefresh?: boolean;\n callbackHandler?: CallbackHandler;\n state: State;\n}): Promise<Tokens> {\n debugMessage({ message: `AuthenticateOps.getTokens: start`, state });\n if (!state.getHost()) {\n throw new FrodoError(`No host specified`);\n }\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile({ state });\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n }\n\n // if host is not a valid URL, try to locate a valid URL and deployment type from connections.json\n if (!isValidUrl(state.getHost())) {\n const conn = await getConnectionProfile({ state });\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n }\n\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName(state));\n\n // use service account to login?\n if (\n !forceLoginAsUser &&\n state.getServiceAccountId() &&\n state.getServiceAccountJwk()\n ) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`,\n state,\n });\n try {\n const token = await getSaBearerToken({ state });\n state.setBearerTokenMeta(token);\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n } catch (saErr) {\n throw new FrodoError(`Service account login error`, saErr);\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`,\n state,\n });\n const token = await getUserSessionToken(callbackHandler, state);\n if (token) state.setUserSessionTokenMeta(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n if (\n state.getCookieValue() &&\n // !state.getBearerToken() &&\n (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY ||\n state.getDeploymentType() === Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getUserBearerToken(state);\n if (accessToken) state.setBearerTokenMeta(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n throw new FrodoError(`Incomplete or no credentials`);\n }\n if (\n state.getCookieValue() ||\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n if (state.getBearerTokenMeta()?.from_cache) {\n verboseMessage({ message: `Using cached bearer token.`, state });\n }\n if (\n !state.getUseBearerTokenForAmApis() &&\n state.getUserSessionTokenMeta()?.from_cache\n ) {\n verboseMessage({ message: `Using cached session token.`, state });\n }\n scheduleAutoRefresh(forceLoginAsUser, autoRefresh, state);\n const tokens: Tokens = {\n bearerToken: state.getBearerTokenMeta(),\n userSessionToken: state.getUserSessionTokenMeta(),\n subject: await getLoggedInSubject(state),\n host: state.getHost(),\n realm: state.getRealm() ? state.getRealm() : 'root',\n };\n debugMessage({\n message: `AuthenticateOps.getTokens: end with tokens`,\n state,\n });\n // `Connected to ${state.getHost()} [${state.getRealm() ? state.getRealm() : 'root'}] as ${await getLoggedInSubject(state)}`\n return tokens;\n }\n } catch (error) {\n throw new FrodoError(`Error getting tokens`, error);\n }\n}\n"],"mappings":";;;;;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,KAAA,GAAAH,OAAA;AAA0B,IAAAI,gBAAA,GAAAJ,OAAA;AAAA,IAAAK,cAAA,GAAAL,OAAA;AAAA,IAAAM,UAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAAA,IAAAO,YAAA,GAAAP,OAAA;AAAA,IAAAQ,QAAA,GAAAR,OAAA;AAAA,IAAAS,kBAAA,GAAAT,OAAA;AAAA,IAAAU,kBAAA,GAAAV,OAAA;AAAA,IAAAW,qBAAA,GAAAX,OAAA;AAAA,IAAAY,WAAA,GAAAZ,OAAA;AAAA,IAAAa,QAAA,GAAAb,OAAA;AAAA,IAAAc,cAAA,GAAAd,OAAA;AAAA,IAAAe,WAAA,GAAAf,OAAA;AAAA,IAAAgB,cAAA,GAAAhB,OAAA;AAAA,SAAAE,uBAAAe,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,mBAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,GAAA,EAAAC,GAAA,cAAAC,IAAA,GAAAP,GAAA,CAAAK,GAAA,EAAAC,GAAA,OAAAE,KAAA,GAAAD,IAAA,CAAAC,KAAA,WAAAC,KAAA,IAAAP,MAAA,CAAAO,KAAA,iBAAAF,IAAA,CAAAG,IAAA,IAAAT,OAAA,CAAAO,KAAA,YAAAG,OAAA,CAAAV,OAAA,CAAAO,KAAA,EAAAI,IAAA,CAAAT,KAAA,EAAAC,MAAA;AAAA,SAAAS,kBAAAC,EAAA,6BAAAC,IAAA,SAAAC,IAAA,GAAAC,SAAA,aAAAN,OAAA,WAAAV,OAAA,EAAAC,MAAA,QAAAF,GAAA,GAAAc,EAAA,CAAAI,KAAA,CAAAH,IAAA,EAAAC,IAAA,YAAAb,MAAAK,KAAA,IAAAT,kBAAA,CAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,UAAAI,KAAA,cAAAJ,OAAAe,GAAA,IAAApB,kBAAA,CAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,WAAAe,GAAA,KAAAhB,KAAA,CAAAiB,SAAA;AAAA,IAAAC,QAAA,GAgEVC,KAAY,IAAmB;EAC7C,OAAO;IACCC,SAASA,CAAA,EAIb;MAAA,IAAAC,UAAA,GAAAP,SAAA;MAAA,OAAAJ,iBAAA;QAAA,IAHAY,gBAAgB,GAAAD,UAAA,CAAAE,MAAA,QAAAF,UAAA,QAAAJ,SAAA,GAAAI,UAAA,MAAG,KAAK;QAAA,IACxBG,WAAW,GAAAH,UAAA,CAAAE,MAAA,QAAAF,UAAA,QAAAJ,SAAA,GAAAI,UAAA,MAAG,IAAI;QAAA,IAClBI,eAAe,GAAAJ,UAAA,CAAAE,MAAA,QAAAF,UAAA,QAAAJ,SAAA,GAAAI,UAAA,MAAG,IAAI;QAEtB,OAAOD,SAAS,CAAC;UACfE,gBAAgB;UAChBE,WAAW;UACXC,eAAe;UACfN;QACF,CAAC,CAAC;MAAC;IACL,CAAC;IAED;IACMO,+BAA+BA,CAAA,EAGX;MAAA,IAAAC,WAAA,GAAAb,SAAA;MAAA,OAAAJ,iBAAA;QAAA,IAFxBkB,IAAY,GAAAD,WAAA,CAAAJ,MAAA,QAAAI,WAAA,QAAAV,SAAA,GAAAU,WAAA,MAAGV,SAAS;QAAA,IACxBY,KAAa,GAAAF,WAAA,CAAAJ,MAAA,QAAAI,WAAA,QAAAV,SAAA,GAAAU,WAAA,MAAGV,SAAS;QAEzB,IAAM;UAAEa;QAAa,CAAC,SAASC,qBAAqB,CAAC;UACnDH,IAAI;UACJC,KAAK;UACLV;QACF,CAAC,CAAC;QACF,OAAOW,YAAY;MAAC;IACtB;EACF,CAAC;AACH,CAAC;AAAAE,OAAA,CAAArC,OAAA,GAAAuB,QAAA;AAED,IAAMe,mBAAmB,GAAG,eAAe;AAC3C,IAAMC,mBAAmB,GAAG,sCAAsC;AAElE,IAAMC,mBAAmB,GAAG,8BAA8B;AAC1D,IAAMC,sBAAsB,GAAG,iBAAiB;AAChD,IAAMC,oBAAoB,GAAG,+BAA+B;AAE5D,IAAMC,YAAY,GAAG,gBAAgB;AACrC,IAAMC,gBAAgB,GAAG,cAAc;AACvC,IAAIC,aAAa,GAAGF,YAAY;;AAEhC;AACA;AACA;AACA;AACA;AAJA,SAKeG,mBAAmBA,CAAAC,EAAA;EAAA,OAAAC,oBAAA,CAAA5B,KAAA,OAAAD,SAAA;AAAA;AASlC;AACA;AACA;AACA;AACA;AACA;AALA,SAAA6B,qBAAA;EAAAA,oBAAA,GAAAjC,iBAAA,CATA,WAAmCS,KAAY,EAAE;IAC/C,IAAMyB,IAAI,SAAS,IAAAC,4BAAa,EAAC;MAAE1B;IAAM,CAAC,CAAC;IAC3C,IAAA2B,qBAAY,EAAC;MACXC,OAAO,qDAAAC,MAAA,CAAqDJ,IAAI,CAACK,UAAU,CAAE;MAC7E9B;IACF,CAAC,CAAC;IACF,OAAOyB,IAAI,CAACK,UAAU;EACxB,CAAC;EAAA,OAAAN,oBAAA,CAAA5B,KAAA,OAAAD,SAAA;AAAA;AAQD,SAASoC,iBAAiBA,CAAAC,IAAA,EAQvB;EAAA,IARwB;IACzBC,OAAO;IACPC,kBAAkB;IAClBlC;EAKF,CAAC,GAAAgC,IAAA;EACC,IAAAL,qBAAY,EAAC;IAAEC,OAAO,4CAA4C;IAAE5B;EAAM,CAAC,CAAC;EAC5E;EACA,IAAI,WAAW,IAAIiC,OAAO,EAAE;IAC1B,KAAK,IAAIE,QAAQ,IAAIF,OAAO,CAACG,SAAS,EAAE;MACtC;MACA,IAAID,QAAQ,CAACE,IAAI,KAAK,mBAAmB,EAAE;QACzC,IAAAV,qBAAY,EAAC;UACXC,OAAO,mFAAmF;UAC1F5B;QACF,CAAC,CAAC;QACF,IAAIsC,SAAS,GAAG,KAAK;QACrB,KAAK,IAAMpD,KAAK,IAAIiD,QAAQ,CAACI,MAAM,CAAC,CAAC,CAAC,CAACrD,KAAK,EAAE;UAC5C,IAAAyC,qBAAY,EAAC;YAAEC,OAAO,KAAAC,MAAA,CAAK3C,KAAK,CAACsD,QAAQ,CAAE;YAAExC;UAAM,CAAC,CAAC;UACrD,IAAId,KAAK,CAACsD,QAAQ,KAAK,qBAAqB,EAAE;YAC5CF,SAAS,GAAG,IAAI;UAClB;QACF;QACA,IAAIA,SAAS,EAAE;UACb,IAAAX,qBAAY,EAAC;YAAEC,OAAO,sBAAsB;YAAE5B;UAAM,CAAC,CAAC;UACtDmC,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACvD,KAAK,GAAG,qBAAqB;QACjD,CAAC,MAAM;UACL,IAAAyC,qBAAY,EAAC;YAAEC,OAAO,0BAA0B;YAAE5B;UAAM,CAAC,CAAC;QAC5D;MACF;MACA,IAAImC,QAAQ,CAACE,IAAI,KAAK,qBAAqB,EAAE;QAC3C,IAAIF,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACvD,KAAK,CAACwD,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC5C;UACAP,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACvD,KAAK,GAAG,MAAM;UAChC;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;QACF;QACA,IAAIiD,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACvD,KAAK,CAACwD,QAAQ,CAAC,iBAAiB,CAAC,EAAE;UACvD;UACA,IAAAf,qBAAY,EAAC;YACXC,OAAO,uFAAuF;YAC9F5B;UACF,CAAC,CAAC;UACF,OAAO;YACL2C,QAAQ,EAAE,KAAK;YACfC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,UAAU;YAClBC,SAAS,EAAE,KAAK;YAChBb;UACF,CAAC;QACH;MACF;MACA,IAAIE,QAAQ,CAACE,IAAI,KAAK,cAAc,EAAE;QACpC,IAAIF,QAAQ,CAACI,MAAM,CAAC,CAAC,CAAC,CAACrD,KAAK,CAACwD,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC7C;UACA,IAAAf,qBAAY,EAAC;YACXC,OAAO,oEAAoE;YAC3E5B;UACF,CAAC,CAAC;UACF,IAAI,CAACkC,kBAAkB,EACrB,MAAM,IAAIa,sBAAU,qDAEpB,CAAC;UACHZ,QAAQ,GAAGD,kBAAkB,CAACC,QAAQ,CAAC;UACvC,IAAAR,qBAAY,EAAC;YACXC,OAAO,uFAAuF;YAC9F5B;UACF,CAAC,CAAC;UACF,OAAO;YACL2C,QAAQ,EAAE,IAAI;YACdC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,MAAM;YACdC,SAAS,EAAE,IAAI;YACfb;UACF,CAAC;QACH,CAAC,MAAM;UACL;UACAE,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACvD,KAAK,GAAGc,KAAK,CAACgD,WAAW,CAAC,CAAC;QAC/C;MACF;MACA,IAAIb,QAAQ,CAACE,IAAI,KAAK,kBAAkB,EAAE;QACxC;QACAF,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACvD,KAAK,GAAGc,KAAK,CAACiD,WAAW,CAAC,CAAC;MAC/C;IACF;IACA,IAAAtB,qBAAY,EAAC;MACXC,OAAO,0DAA0D;MACjE5B;IACF,CAAC,CAAC;IACF;IACA,OAAO;MACL2C,QAAQ,EAAE,IAAI;MACdC,OAAO,EAAE,KAAK;MACdC,MAAM,EAAE,MAAM;MACdC,SAAS,EAAE,IAAI;MACfb;IACF,CAAC;EACH;EACA,IAAAN,qBAAY,EAAC;IACXC,OAAO,0DAA0D;IACjE5B;EACF,CAAC,CAAC;EACF;EACA,OAAO;IACL2C,QAAQ,EAAE,KAAK;IACfC,OAAO,EAAE,KAAK;IACdC,MAAM,EAAE,MAAM;IACdC,SAAS,EAAE,IAAI;IACfb;EACF,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA,SAASiB,qBAAqBA,CAAClD,KAAY,EAAE;EAC3C,IAAI,CAACA,KAAK,CAACmD,QAAQ,CAAC,CAAC,IAAInD,KAAK,CAACmD,QAAQ,CAAC,CAAC,KAAKC,kBAAS,CAACC,iBAAiB,EAAE;IACzErD,KAAK,CAACsD,QAAQ,CACZF,kBAAS,CAACG,yBAAyB,CAACvD,KAAK,CAACwD,iBAAiB,CAAC,CAAC,CAC/D,CAAC;EACH;AACF;;AAEA;AACA;AACA;AACA;AACA;AAJA,SAKeC,uBAAuBA,CAAAC,GAAA;EAAA,OAAAC,wBAAA,CAAA/D,KAAA,OAAAD,SAAA;AAAA;AAyFtC;AACA;AACA;AACA;AACA;AAJA,SAAAgE,yBAAA;EAAAA,wBAAA,GAAApE,iBAAA,CAzFA,WAAuCS,KAAY,EAAmB;IACpE,IAAM4D,WAAW,GAAG5D,KAAK,CAAC6D,cAAc,CAAC,CAAC;IAC1C,IAAIC,cAAc,GAAG9D,KAAK,CAACwD,iBAAiB,CAAC,CAAC;IAE9C,QAAQM,cAAc;MACpB,KAAKV,kBAAS,CAACW,yBAAyB;QACtC,OAAOD,cAAc;MAEvB,KAAKV,kBAAS,CAACY,4BAA4B;QACzC3C,aAAa,GAAGD,gBAAgB;QAChC,OAAO0C,cAAc;MAEvB,KAAKV,kBAAS,CAACa,2BAA2B;QACxC,OAAOH,cAAc;;MAEvB;MACA;QAAS;UACP;UACA,IAAI9D,KAAK,CAACkE,0BAA0B,CAAC,CAAC,EACpC,OAAOd,kBAAS,CAACW,yBAAyB;UAE5C,IAAMI,QAAQ,GAAG,IAAAC,4BAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;UACjD,IAAMC,SAAS,GAAG,IAAAF,4BAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,CAAC,CAC/C,CAAC;UACD,IAAMC,eAAe,GAAG,MAAM;UAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACjG,OAAO,CAACqB,KAAK,CAAC6E,OAAO,CAAC,CAAC,EAAE9D,mBAAmB,CAAC;UAErE,IAAM+D,MAAM,GAAG;YACbC,YAAY,EAAE,CAAC;YACfC,OAAO,EAAE;cACP,CAAChF,KAAK,CAACiF,aAAa,CAAC,CAAC,GAAGjF,KAAK,CAAC6D,cAAc,CAAC;YAChD;UACF,CAAC;UACD,IAAIqB,YAAY,mBAAArD,MAAA,CAAmB8C,WAAW,aAAA9C,MAAA,CAAUb,mBAAmB,oCAAAa,MAAA,CAAiCV,YAAY,YAAAU,MAAA,CAAS+B,WAAW,qCAAA/B,MAAA,CAAkCyC,SAAS,6BAAAzC,MAAA,CAA0B6C,eAAe,CAAE;UAElOZ,cAAc,GAAGV,kBAAS,CAACa,2BAA2B;UACtD,IAAI;YACF,MAAM,IAAAkB,wBAAS,EAAC;cACdC,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;cAC1BpD,IAAI,EAAEyD,YAAY;cAClBJ,MAAM;cACN9E;YACF,CAAC,CAAC;UACJ,CAAC,CAAC,OAAOqF,CAAC,EAAE;YAAA,IAAAC,WAAA,EAAAC,mBAAA;YACV;YACA,IACE,EAAAD,WAAA,GAAAD,CAAC,CAACG,QAAQ,cAAAF,WAAA,uBAAVA,WAAA,CAAYG,MAAM,MAAK,GAAG,IAC1B,EAAAF,mBAAA,GAAAF,CAAC,CAACG,QAAQ,CAACR,OAAO,cAAAO,mBAAA,gBAAAA,mBAAA,GAAlBA,mBAAA,CAAoBG,QAAQ,cAAAH,mBAAA,uBAA5BA,mBAAA,CAA8BI,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACnD;cACA,IAAAC,uBAAc,EAAC;gBACbhE,OAAO,EAAE,2BAA2B,YAAY,CAAC,eAAe;gBAChE5B;cACF,CAAC,CAAC;cACF8D,cAAc,GAAGV,kBAAS,CAACW,yBAAyB;YACtD,CAAC,MAAM;cACL,IAAI;gBACFmB,YAAY,mBAAArD,MAAA,CAAmB8C,WAAW,aAAA9C,MAAA,CAAUZ,sBAAsB,oCAAAY,MAAA,CAAiCT,gBAAgB,YAAAS,MAAA,CAAS7B,KAAK,CAAC6D,cAAc,CAAC,CAAC,qCAAAhC,MAAA,CAAkCyC,SAAS,6BAAAzC,MAAA,CAA0B6C,eAAe,CAAE;gBAChP,MAAM,IAAAS,wBAAS,EAAC;kBACdC,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;kBAC1BpD,IAAI,EAAEyD,YAAY;kBAClBJ,MAAM;kBACN9E;gBACF,CAAC,CAAC;cACJ,CAAC,CAAC,OAAO6F,EAAE,EAAE;gBAAA,IAAAC,YAAA,EAAAC,oBAAA;gBACX,IACE,EAAAD,YAAA,GAAAD,EAAE,CAACL,QAAQ,cAAAM,YAAA,uBAAXA,YAAA,CAAaL,MAAM,MAAK,GAAG,IAC3B,EAAAM,oBAAA,GAAAF,EAAE,CAACL,QAAQ,CAACR,OAAO,cAAAe,oBAAA,gBAAAA,oBAAA,GAAnBA,oBAAA,CAAqBL,QAAQ,cAAAK,oBAAA,uBAA7BA,oBAAA,CAA+BJ,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACpD;kBACAtE,aAAa,GAAGD,gBAAgB;kBAChC,IAAAwE,uBAAc,EAAC;oBACbhE,OAAO,EAAE,sBAAsB,YAAY,CAAC,eAAe;oBAC3D5B;kBACF,CAAC,CAAC;kBACF8D,cAAc,GAAGV,kBAAS,CAACY,4BAA4B;gBACzD,CAAC,MAAM;kBACL,IAAA4B,uBAAc,EAAC;oBACbhE,OAAO,EAAE,qBAAqB,YAAY,CAAC,eAAe;oBAC1D5B;kBACF,CAAC,CAAC;gBACJ;cACF;YACF;UACF;UACA,OAAO8D,cAAc;QACvB;IACF;EACF,CAAC;EAAA,OAAAH,wBAAA,CAAA/D,KAAA,OAAAD,SAAA;AAAA;AAOD,SAASqG,kBAAkBA,CAACC,WAAW,EAAE;EACvC,IAAI,SAAS,IAAIA,WAAW,EAAE;IAC5B,IAAMC,aAAa,GAAGD,WAAW,CAACE,OAAO;IACzC,IAAMC,EAAE,GAAG,8BAA8B;IACzC,IAAMD,OAAO,GAAGD,aAAa,CAACG,KAAK,CAACD,EAAE,CAAC;IACvC,OAAOD,OAAO,CAAC,CAAC,CAAC;EACnB;EACA,MAAM,IAAIG,KAAK,CAAC,2DAA2D,CAAC;AAC9E;AAUA;AACA;AACA;AACA;AACA;AAJA,SAKeC,wBAAwBA,CAAAC,GAAA;EAAA,OAAAC,yBAAA,CAAA7G,KAAA,OAAAD,SAAA;AAAA;AAiEvC;AACA;AACA;AACA;AACA;AAJA,SAAA8G,0BAAA;EAAAA,yBAAA,GAAAlH,iBAAA,CAjEA,WAAAmH,KAAA,EAMiC;IAAA,IANO;MACtCxE,kBAAkB;MAClBlC;IAIF,CAAC,GAAA0G,KAAA;IACC,IAAA/E,qBAAY,EAAC;MACXC,OAAO,mDAAmD;MAC1D5B;IACF,CAAC,CAAC;IACF,IAAM8E,MAAM,GAAG;MACbE,OAAO,EAAE;QACP,mBAAmB,EAAEhF,KAAK,CAACgD,WAAW,CAAC,CAAC;QACxC,mBAAmB,EAAEhD,KAAK,CAACiD,WAAW,CAAC;MACzC;IACF,CAAC;IACD,IAAIuC,QAAQ,SAAS,IAAAmB,qBAAI,EAAC;MAAEC,IAAI,EAAE,CAAC,CAAC;MAAE9B,MAAM;MAAE9E;IAAM,CAAC,CAAC;IAEtD,IAAI6G,OAAO,GAAG,IAAI;IAClB,IAAIC,KAAK,GAAG,CAAC;IACb,IAAMC,QAAQ,GAAG,CAAC;IAClB,GAAG;MACDF,OAAO,GAAG9E,iBAAiB,CAAC;QAC1BE,OAAO,EAAEuD,QAAQ;QACjBtD,kBAAkB,EAAEA,kBAAkB;QACtClC;MACF,CAAC,CAAC;;MAEF;MACA,IAAI,CAAC6G,OAAO,CAAC/D,SAAS,EAAE;QACtB,MAAM,IAAIwD,KAAK,4BAAAzE,MAAA,CAA4BgF,OAAO,CAAChE,MAAM,CAAE,CAAC;MAC9D;MAEA,IAAIgE,OAAO,CAAClE,QAAQ,EAAE;QACpBmE,KAAK,EAAE;QACPtB,QAAQ,SAAS,IAAAmB,qBAAI,EAAC;UAAEC,IAAI,EAAEC,OAAO,CAAC5E,OAAO;UAAEjC;QAAM,CAAC,CAAC;MACzD;MAEA,IAAI,SAAS,IAAIwF,QAAQ,EAAE;QACzBA,QAAQ,CAAC,YAAY,CAAC,GAAG,KAAK;QAC9B;QACA,IAAMwB,WAAW,SAAS,IAAAC,0BAAc,EAAC;UACvCC,OAAO,EAAE1B,QAAQ,CAAC,SAAS,CAAC;UAC5BxF;QACF,CAAC,CAAC;QACFwF,QAAQ,CAAC,SAAS,CAAC,GAAG2B,IAAI,CAACC,KAAK,CAACJ,WAAW,CAACK,qBAAqB,CAAC;QACnE,IAAA1F,qBAAY,EAAC;UACXC,OAAO,4DAAAC,MAAA,CAA4D2D,QAAQ,CAAC,SAAS,CAAC,MAAG;UACzFxF;QACF,CAAC,CAAC;QACF,IAAA2B,qBAAY,EAAC;UACXC,OAAO,EAAE4D,QAAQ;UACjBxF;QACF,CAAC,CAAC;QACF,OAAOwF,QAAQ;MACjB;IACF,CAAC,QAAQqB,OAAO,CAAClE,QAAQ,IAAImE,KAAK,GAAGC,QAAQ;IAC7C,IAAApF,qBAAY,EAAC;MACXC,OAAO,8DAA8D;MACrE5B;IACF,CAAC,CAAC;IACF,OAAO,IAAI;EACb,CAAC;EAAA,OAAAyG,yBAAA,CAAA7G,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOc2H,mBAAmBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,oBAAA,CAAA7H,KAAA,OAAAD,SAAA;AAAA;AA6ClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPA,SAAA8H,qBAAA;EAAAA,oBAAA,GAAAlI,iBAAA,CA7CA,WACEmI,WAA4B,EAC5B1H,KAAY,EACkB;IAC9B,IAAA2B,qBAAY,EAAC;MACXC,OAAO,8CAA8C;MACrD5B;IACF,CAAC,CAAC;IACF,IAAI2H,KAA0B,GAAG,IAAI;IACrC,IAAI3H,KAAK,CAAC4H,gBAAgB,CAAC,CAAC,WAAW,IAAAC,kCAAmB,EAAC;MAAE7H;IAAM,CAAC,CAAC,CAAC,EAAE;MACtE,IAAI;QACF2H,KAAK,SAAS,IAAAG,mCAAoB,EAAC;UAAE9H;QAAM,CAAC,CAAC;QAC7C2H,KAAK,CAACI,UAAU,GAAG,IAAI;QACvB,IAAApG,qBAAY,EAAC;UACXC,OAAO,+CAA+C;UACtD5B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACd,IAAAwC,qBAAY,EAAC;UACXC,OAAO,0DAA0D;UACjE5B;QACF,CAAC,CAAC;MACJ;IACF;IACA,IAAI,CAAC2H,KAAK,EAAE;MACVA,KAAK,SAASpB,wBAAwB,CAAC;QACrCrE,kBAAkB,EAAEwF,WAAW;QAC/B1H;MACF,CAAC,CAAC;MACF2H,KAAK,CAACI,UAAU,GAAG,KAAK;MACxB,IAAApG,qBAAY,EAAC;QACXC,OAAO,8CAA8C;QACrD5B;MACF,CAAC,CAAC;IACJ;IACA,IAAIA,KAAK,CAAC4H,gBAAgB,CAAC,CAAC,EAAE;MAC5B,MAAM,IAAAI,mCAAoB,EAAC;QAAEL,KAAK;QAAE3H;MAAM,CAAC,CAAC;IAC9C;IACA,IAAA2B,qBAAY,EAAC;MACXC,OAAO,4CAA4C;MACnD5B;IACF,CAAC,CAAC;IACF,OAAO2H,KAAK;EACd,CAAC;EAAA,OAAAF,oBAAA,CAAA7H,KAAA,OAAAD,SAAA;AAAA;AAAA,SAUcsI,WAAWA,CAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,YAAA,CAAA1I,KAAA,OAAAD,SAAA;AAAA;AA2C1B;AACA;AACA;AACA;AACA;AAJA,SAAA2I,aAAA;EAAAA,YAAA,GAAA/I,iBAAA,CA3CA,WACEoF,WAAmB,EACnB4D,aAAqB,EACrBC,mBAA2B,EAC3BxI,KAAY,EACK;IACjB,IAAI;MAAA,IAAAyI,iBAAA;MACF,IAAMvD,YAAY,mBAAArD,MAAA,CAAmB8C,WAAW,aAAA9C,MAAA,CAC9C7B,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,GAC7D/C,mBAAmB,GACnBC,sBAAsB,oCAAAY,MAAA,CACKR,aAAa,YAAAQ,MAAA,CAAS7B,KAAK,CAAC6D,cAAc,CAAC,CAAC,qCAAAhC,MAAA,CAAkC0G,aAAa,6BAAA1G,MAAA,CAA0B2G,mBAAmB,CAAE;MAC3K,IAAM1D,MAAM,GAAG;QACbE,OAAO,EAAE;UACP,cAAc,EAAE;QAClB,CAAC;QACDD,YAAY,EAAE;MAChB,CAAC;MACD,IAAIS,QAAQ,GAAG1F,SAAS;MACxB,IAAI;QACF0F,QAAQ,SAAS,IAAAL,wBAAS,EAAC;UACzBC,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;UAC1BpD,IAAI,EAAEyD,YAAY;UAClBJ,MAAM;UACN9E;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACdqG,QAAQ,GAAGrG,KAAK,CAACqG,QAAQ;QACzB,IAAIA,QAAQ,CAACC,MAAM,GAAG,GAAG,IAAID,QAAQ,CAACC,MAAM,GAAG,GAAG,EAAE;UAClD,MAAMtG,KAAK;QACb;MACF;MACA,IAAMuJ,mBAAmB,IAAAD,iBAAA,GAAGjD,QAAQ,CAACR,OAAO,cAAAyD,iBAAA,uBAAhBA,iBAAA,CAAkB/C,QAAQ;MACtD,IAAMiD,WAAW,GAAG/D,YAAG,CAACwC,KAAK,CAACsB,mBAAmB,EAAE,IAAI,CAAC,CAACE,KAAK;MAC9D,IAAI,MAAM,IAAID,WAAW,EAAE;QACzB,OAAOA,WAAW,CAACE,IAAI;MACzB;MACA,MAAM,IAAI9F,sBAAU,uBAAuB,CAAC;IAC9C,CAAC,CAAC,OAAO5D,KAAK,EAAE;MACd,MAAM,IAAI4D,sBAAU,6BAA6B5D,KAAK,CAAC;IACzD;EACF,CAAC;EAAA,OAAAmJ,YAAA,CAAA1I,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOcmJ,uBAAuBA,CAAAC,IAAA;EAAA,OAAAC,wBAAA,CAAApJ,KAAA,OAAAD,SAAA;AAAA;AA2DtC;AACA;AACA;AACA;AACA;AAJA,SAAAqJ,yBAAA;EAAAA,wBAAA,GAAAzJ,iBAAA,CA3DA,WAAA0J,KAAA,EAIiC;IAAA,IAJM;MACrCjJ;IAGF,CAAC,GAAAiJ,KAAA;IACC,IAAAtH,qBAAY,EAAC;MACXC,OAAO,gDAAgD;MACvD5B;IACF,CAAC,CAAC;IACF,IAAI;MACF,IAAMmE,QAAQ,GAAG,IAAAC,4BAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;MACjD,IAAMC,SAAS,GAAG,IAAAF,4BAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,CAAC,CAC/C,CAAC;MACD,IAAMC,eAAe,GAAG,MAAM;MAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACjG,OAAO,CAACqB,KAAK,CAAC6E,OAAO,CAAC,CAAC,EAAE9D,mBAAmB,CAAC;MACrE,IAAMmI,QAAQ,SAASjB,WAAW,CAChCtD,WAAW,EACXL,SAAS,EACTI,eAAe,EACf1E,KACF,CAAC;MACD,IAAIwF,QAA6B,GAAG,IAAI;MACxC,IAAIxF,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,EAAE;QACrE,IAAMe,MAAM,GAAG;UACbqE,IAAI,EAAE;YACJC,QAAQ,EAAE/H,aAAa;YACvBgI,QAAQ,EAAEvI;UACZ;QACF,CAAC;QACD,IAAMoE,YAAY,mBAAArD,MAAA,CAAmB8C,WAAW,0CAAA9C,MAAA,CAAuCqH,QAAQ,qBAAArH,MAAA,CAAkBsC,QAAQ,CAAE;QAC3HqB,QAAQ,SAAS,IAAA8D,0BAAW,EAAC;UAC3BlE,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;UAC1BpD,IAAI,EAAEyD,YAAY;UAClBJ,MAAM;UACN9E;QACF,CAAC,CAAC;MACJ,CAAC,MAAM;QACL,IAAMkF,aAAY,gBAAArD,MAAA,CAAgBR,aAAa,oBAAAQ,MAAA,CAAiB8C,WAAW,0CAAA9C,MAAA,CAAuCqH,QAAQ,qBAAArH,MAAA,CAAkBsC,QAAQ,CAAE;QACtJqB,QAAQ,SAAS,IAAA8D,0BAAW,EAAC;UAC3BlE,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;UAC1BpD,IAAI,EAAEyD,aAAY;UAClBJ,MAAM,EAAE,CAAC,CAAC;UACV9E;QACF,CAAC,CAAC;MACJ;MACA,IAAI,cAAc,IAAIwF,QAAQ,EAAE;QAC9B,IAAA7D,qBAAY,EAAC;UACXC,OAAO,yDAAyD;UAChE5B;QACF,CAAC,CAAC;QACF,OAAOwF,QAAQ;MACjB;MACA,MAAM,IAAIzC,sBAAU,8BAA8B,CAAC;IACrD,CAAC,CAAC,OAAO5D,KAAK,EAAE;MACd,MAAM,IAAI4D,sBAAU,wCAAwC5D,KAAK,CAAC;IACpE;EACF,CAAC;EAAA,OAAA6J,wBAAA,CAAApJ,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOc4J,kBAAkBA,CAAAC,IAAA;EAAA,OAAAC,mBAAA,CAAA7J,KAAA,OAAAD,SAAA;AAAA;AAAA,SAAA8J,oBAAA;EAAAA,mBAAA,GAAAlK,iBAAA,CAAjC,WAAkCS,KAAY,EAAgC;IAC5E,IAAA2B,qBAAY,EAAC;MACXC,OAAO,6CAA6C;MACpD5B;IACF,CAAC,CAAC;IACF,IAAI2H,KAA0B,GAAG,IAAI;IACrC,IAAI3H,KAAK,CAAC4H,gBAAgB,CAAC,CAAC,WAAW,IAAA8B,iCAAkB,EAAC;MAAE1J;IAAM,CAAC,CAAC,CAAC,EAAE;MACrE,IAAI;QACF2H,KAAK,SAAS,IAAAgC,kCAAmB,EAAC;UAAE3J;QAAM,CAAC,CAAC;QAC5C2H,KAAK,CAACI,UAAU,GAAG,IAAI;QACvB,IAAApG,qBAAY,EAAC;UACXC,OAAO,oDAAoD;UAC3D5B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACd,IAAAwC,qBAAY,EAAC;UACXC,OAAO,+DAA+D;UACtE5B;QACF,CAAC,CAAC;MACJ;IACF;IACA,IAAI,CAAC2H,KAAK,EAAE;MACVA,KAAK,SAASmB,uBAAuB,CAAC;QAAE9I;MAAM,CAAC,CAAC;MAChD2H,KAAK,CAACI,UAAU,GAAG,KAAK;MACxB,IAAApG,qBAAY,EAAC;QACXC,OAAO,mDAAmD;QAC1D5B;MACF,CAAC,CAAC;IACJ;IACA,IAAIA,KAAK,CAAC4H,gBAAgB,CAAC,CAAC,EAAE;MAC5B,MAAM,IAAAgC,kCAAmB,EAAC;QAAEjC,KAAK;QAAE3H;MAAM,CAAC,CAAC;IAC7C;IACA,OAAO2H,KAAK;EACd,CAAC;EAAA,OAAA8B,mBAAA,CAAA7J,KAAA,OAAAD,SAAA;AAAA;AAED,SAASkK,aAAaA,CAACC,gBAAwB,EAAEC,IAAY,EAAE;EAC7D,IAAMC,CAAC,GAAG,IAAAC,2BAAQ,EAACF,IAAI,CAAC;EACxB,IAAMG,GAAG,MAAArI,MAAA,CAAMmI,CAAC,CAACG,MAAM,OAAAtI,MAAA,CACrBmI,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACK,QAAQ,KAAK,OAAO,GAAG,KAAK,GAAG,IAAI,EAAAxI,MAAA,CACtDmI,CAAC,CAACM,QAAQ,yBAAsB;;EAEnC;EACA,IAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAAC,IAAItD,IAAI,CAAC,CAAC,CAACuD,OAAO,CAAC,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC;;EAEzD;EACA,IAAMC,GAAG,GAAG,IAAAC,QAAE,EAAC,CAAC;EAEhB,IAAMC,GAAG,GAAGf,gBAAgB;EAC5B,IAAMgB,GAAG,GAAGhB,gBAAgB;;EAE5B;EACA,IAAM7H,OAAO,GAAG;IAAE4I,GAAG;IAAEC,GAAG;IAAEZ,GAAG;IAAEK,GAAG;IAAEI;EAAI,CAAC;EAE3C,OAAO1I,OAAO;AAChB;;AAEA;AACA;AACA;AACA;AACA;AAJA,SAKsBrB,qBAAqBA,CAAAmK,IAAA;EAAA,OAAAC,sBAAA,CAAApL,KAAA,OAAAD,SAAA;AAAA;AAsC3C;AACA;AACA;AACA;AACA;AAJA,SAAAqL,uBAAA;EAAAA,sBAAA,GAAAzL,iBAAA,CAtCO,WAAA0L,KAAA,EAQ0B;IAAA,IARW;MAC1CxK,IAAI,GAAGX,SAAS;MAChBY,KAAK,GAAGZ,SAAS;MACjBE;IAKF,CAAC,GAAAiL,KAAA;IACC,IAAAtJ,qBAAY,EAAC;MACXC,OAAO,gDAAgD;MACvD5B;IACF,CAAC,CAAC;IACFS,IAAI,GAAGA,IAAI,GAAGA,IAAI,GAAGT,KAAK,CAACkL,mBAAmB,CAAC,CAAC;IAChDxK,KAAK,GAAGA,KAAK,GAAGA,KAAK,GAAGV,KAAK,CAACmL,oBAAoB,CAAC,CAAC;IACpD,IAAMlJ,OAAO,GAAG4H,aAAa,CAACpJ,IAAI,EAAET,KAAK,CAAC6E,OAAO,CAAC,CAAC,CAAC;IACpD,IAAMuG,GAAG,SAAS,IAAAC,6BAAoB,EAACpJ,OAAO,EAAEvB,KAAK,CAAC;IACtD,IAAMwE,YAAY,gBAAArD,MAAA,CAAgBuJ,GAAG,8FAAAvJ,MAAA,CAA2FX,oBAAoB,CAAE;IACtJ,IAAMsE,QAAQ,SAAS,IAAA8D,0BAAW,EAAC;MACjClE,SAAS,EAAEpF,KAAK,CAAC6E,OAAO,CAAC,CAAC;MAC1BpD,IAAI,EAAEyD,YAAY;MAClBJ,MAAM,EAAE,CAAC,CAAC;MACV9E;IACF,CAAC,CAAC;IACF,IAAI,cAAc,IAAIwF,QAAQ,EAAE;MAC9B,IAAA7D,qBAAY,EAAC;QACXC,OAAO,8CAA8C;QACrD5B;MACF,CAAC,CAAC;MACF,OAAOwF,QAAQ;IACjB;IACA,IAAA7D,qBAAY,EAAC;MACXC,OAAO,4EAA4E;MACnF5B;IACF,CAAC,CAAC;IACF,OAAO,IAAI;EACb,CAAC;EAAA,OAAAgL,sBAAA,CAAApL,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOqB2L,gBAAgBA,CAAAC,IAAA;EAAA,OAAAC,iBAAA,CAAA5L,KAAA,OAAAD,SAAA;AAAA;AA8CtC;AACA;AACA;AACA;AAHA,SAAA6L,kBAAA;EAAAA,iBAAA,GAAAjM,iBAAA,CA9CO,WAAAkM,KAAA,EAI0B;IAAA,IAJM;MACrCzL;IAGF,CAAC,GAAAyL,KAAA;IACC,IAAI;MACF,IAAA9J,qBAAY,EAAC;QACXC,OAAO,2CAA2C;QAClD5B;MACF,CAAC,CAAC;MACF,IAAI2H,KAA0B,GAAG,IAAI;MACrC,IAAI3H,KAAK,CAAC4H,gBAAgB,CAAC,CAAC,WAAW,IAAA8D,+BAAgB,EAAC;QAAE1L;MAAM,CAAC,CAAC,CAAC,EAAE;QACnE,IAAI;UACF2H,KAAK,SAAS,IAAAgE,gCAAiB,EAAC;YAAE3L;UAAM,CAAC,CAAC;UAC1C2H,KAAK,CAACI,UAAU,GAAG,IAAI;UACvB,IAAApG,qBAAY,EAAC;YACXC,OAAO,kDAAkD;YACzD5B;UACF,CAAC,CAAC;QACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;UACd,IAAAwC,qBAAY,EAAC;YACXC,OAAO,6DAA6D;YACpE5B;UACF,CAAC,CAAC;QACJ;MACF;MACA,IAAI,CAAC2H,KAAK,EAAE;QACVA,KAAK,SAAS/G,qBAAqB,CAAC;UAAEZ;QAAM,CAAC,CAAC;QAC9C2H,KAAK,CAACI,UAAU,GAAG,KAAK;QACxB,IAAApG,qBAAY,EAAC;UACXC,OAAO,iDAAiD;UACxD5B;QACF,CAAC,CAAC;MACJ;MACA,IAAIA,KAAK,CAAC4H,gBAAgB,CAAC,CAAC,EAAE;QAC5B,MAAM,IAAAgE,gCAAiB,EAAC;UAAEjE,KAAK;UAAE3H;QAAM,CAAC,CAAC;MAC3C;MACA,OAAO2H,KAAK;IACd,CAAC,CAAC,OAAOxI,KAAK,EAAE;MACd,MAAM,IAAI4D,sBAAU,mDAElB5D,KACF,CAAC;IACH;EACF,CAAC;EAAA,OAAAqM,iBAAA,CAAA5L,KAAA,OAAAD,SAAA;AAAA;AAAA,SAMckM,gDAAgDA,CAAAC,IAAA;EAAA,OAAAC,iDAAA,CAAAnM,KAAA,OAAAD,SAAA;AAAA;AA2B/D;AACA;AACA;AACA;AACA;AAJA,SAAAoM,kDAAA;EAAAA,iDAAA,GAAAxM,iBAAA,CA3BA,WACES,KAAY,EACG;IACf,IAAA2B,qBAAY,EAAC;MACXC,OAAO,2EAA2E;MAClF5B;IACF,CAAC,CAAC;IACFA,KAAK,CAACgM,iBAAiB,OAAOvI,uBAAuB,CAACzD,KAAK,CAAC,CAAC;IAC7DkD,qBAAqB,CAAClD,KAAK,CAAC;IAC5B,IAAA2B,qBAAY,EAAC;MACXC,OAAO,6EAAAC,MAAA,CAA6E7B,KAAK,CAACmD,QAAQ,CAAC,CAAC,aAAAtB,MAAA,CAAU7B,KAAK,CAACwD,iBAAiB,CAAC,CAAC,CAAE;MACzIxD;IACF,CAAC,CAAC;IAEF,IAAMiG,WAAW,SAAS,IAAAgG,mCAAoB,EAAC;MAAEjM;IAAM,CAAC,CAAC;;IAEzD;IACA,IAAA2B,qBAAY,EAAC;MAAEC,OAAO,mBAAAC,MAAA,CAAmBoE,WAAW,CAACiG,WAAW,CAAE;MAAElM;IAAM,CAAC,CAAC;IAE5E,IAAMmG,OAAO,SAASH,kBAAkB,CAACC,WAAW,CAAC;IACrDjG,KAAK,CAACmM,YAAY,CAAChG,OAAO,CAAC;IAC3B,IAAAxE,qBAAY,EAAC;MACXC,OAAO,yEAAyE;MAChF5B;IACF,CAAC,CAAC;EACJ,CAAC;EAAA,OAAA+L,iDAAA,CAAAnM,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOcyM,kBAAkBA,CAAAC,IAAA;EAAA,OAAAC,mBAAA,CAAA1M,KAAA,OAAAD,SAAA;AAAA;AAkBjC;AACA;AACA;AACA;AACA;AACA;AALA,SAAA2M,oBAAA;EAAAA,mBAAA,GAAA/M,iBAAA,CAlBA,WAAkCS,KAAY,EAAmB;IAC/D,IAAIuM,aAAa,WAAA1K,MAAA,CAAW7B,KAAK,CAACgD,WAAW,CAAC,CAAC,CAAE;IACjD,IAAIhD,KAAK,CAACkE,0BAA0B,CAAC,CAAC,EAAE;MACtC,IAAI;QACF,IAAMsI,IAAI,GAAG,OACL,IAAAC,oCAAiB,EAAC;UACtB3C,gBAAgB,EAAE9J,KAAK,CAACkL,mBAAmB,CAAC,CAAC;UAC7ClL;QACF,CAAC,CAAC,EACFwM,IAAI;QACND,aAAa,sBAAA1K,MAAA,CAAsB2K,IAAI,QAAA3K,MAAA,CAAK7B,KAAK,CAACkL,mBAAmB,CAAC,CAAC,MAAG;MAC5E,CAAC,CAAC,OAAO/L,KAAK,EAAE;QACdoN,aAAa,sBAAA1K,MAAA,CAAsB7B,KAAK,CAACkL,mBAAmB,CAAC,CAAC,CAAE;MAClE;IACF;IACA,OAAOqB,aAAa;EACtB,CAAC;EAAA,OAAAD,mBAAA,CAAA1M,KAAA,OAAAD,SAAA;AAAA;AAQD,SAAS+M,mBAAmBA,CAC1BvM,gBAAyB,EACzBE,WAAoB,EACpBL,KAAY,EACZ;EACA,IAAI2M,KAAK,GAAG3M,KAAK,CAAC4M,mBAAmB,CAAC,CAAC;EACvC;EACA,IAAID,KAAK,EAAE;IACT,IAAAhL,qBAAY,EAAC;MACXC,OAAO,8DAA8D;MACrE5B;IACF,CAAC,CAAC;IACF6M,YAAY,CAACF,KAAK,CAAC;EACrB;EACA;EACA,IAAItM,WAAW,EAAE;IAAA,IAAAyM,qBAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,sBAAA;IACf,IAAMC,OAAO,GACXlN,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACa,2BAA2B,IAAA6I,qBAAA,GAC/D9M,KAAK,CAACmN,uBAAuB,CAAC,CAAC,cAAAL,qBAAA,uBAA/BA,qBAAA,CAAiCI,OAAO,GACxClN,KAAK,CAACkE,0BAA0B,CAAC,CAAC,IAAA6I,qBAAA,GAChC/M,KAAK,CAACoN,kBAAkB,CAAC,CAAC,cAAAL,qBAAA,uBAA1BA,qBAAA,CAA4BG,OAAO,GACnC1C,IAAI,CAAC6C,GAAG,EAAAL,sBAAA,GACNhN,KAAK,CAACoN,kBAAkB,CAAC,CAAC,cAAAJ,sBAAA,uBAA1BA,sBAAA,CAA4BE,OAAO,GAAAD,sBAAA,GACnCjN,KAAK,CAACmN,uBAAuB,CAAC,CAAC,cAAAF,sBAAA,uBAA/BA,sBAAA,CAAiCC,OACnC,CAAC;IACT,IAAII,OAAO,GAAGJ,OAAO,GAAG/F,IAAI,CAACoG,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE;IAC9C,IAAID,OAAO,GAAG,IAAI,GAAG,EAAE,EAAE;MACvB,IAAA3L,qBAAY,EAAC;QACXC,OAAO,4CAAAC,MAAA,CAA4C2I,IAAI,CAACgD,IAAI,CAC1DF,OAAO,GAAG,IACZ,CAAC,kCAA+B;QAChCtN;MACF,CAAC,CAAC;MACF,IAAIsN,OAAO,GAAG,EAAE,EAAEA,OAAO,GAAG,EAAE;IAChC;IACA,IAAA3L,qBAAY,EAAC;MACXC,OAAO,yDAAAC,MAAA,CAAyD2I,IAAI,CAACC,KAAK,CACxE6C,OAAO,GAAG,IACZ,CAAC,SAAAzL,MAAA,CAAM,IAAIsF,IAAI,CAACmG,OAAO,CAAC,CAACG,UAAU,CAAC,CAAC,QAAA5L,MAAA,CAAK,IAAIsF,IAAI,CAChDmG,OACF,CAAC,CAACI,UAAU,CAAC,CAAC,QAAK;MACnB1N;IACF,CAAC,CAAC;IACF2M,KAAK,GAAGgB,UAAU,CAAC1N,SAAS,EAAEqN,OAAO,EAAE;MACrCnN,gBAAgB;MAChBE,WAAW;MACXL;MACA;IACF,CAAC,CAA8B;IAC/BA,KAAK,CAAC4N,mBAAmB,CAACjB,KAAK,CAAC;IAChCA,KAAK,CAACkB,KAAK,CAAC,CAAC;EACf;AACF;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AANA,SAOsB5N,SAASA,CAAA6N,IAAA;EAAA,OAAAC,UAAA,CAAAnO,KAAA,OAAAD,SAAA;AAAA;AAAA,SAAAoO,WAAA;EAAAA,UAAA,GAAAxO,iBAAA,CAAxB,WAAAyO,KAAA,EAUa;IAAA,IAVY;MAC9B7N,gBAAgB,GAAG,KAAK;MACxBE,WAAW,GAAG,IAAI;MAClBC,eAAe,GAAG,IAAI;MACtBN;IAMF,CAAC,GAAAgO,KAAA;IACC,IAAArM,qBAAY,EAAC;MAAEC,OAAO,oCAAoC;MAAE5B;IAAM,CAAC,CAAC;IACpE,IAAI,CAACA,KAAK,CAAC6E,OAAO,CAAC,CAAC,EAAE;MACpB,MAAM,IAAI9B,sBAAU,oBAAoB,CAAC;IAC3C;IACA,IAAI;MACF;MACA,IACE/C,KAAK,CAACgD,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3BhD,KAAK,CAACiD,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3B,CAACjD,KAAK,CAACkL,mBAAmB,CAAC,CAAC,IAC5B,CAAClL,KAAK,CAACmL,oBAAoB,CAAC,CAAC,EAC7B;QACA,IAAM8C,IAAI,SAAS,IAAAC,0CAAoB,EAAC;UAAElO;QAAM,CAAC,CAAC;QAClDA,KAAK,CAACmO,OAAO,CAACF,IAAI,CAACG,MAAM,CAAC;QAC1BpO,KAAK,CAACgM,iBAAiB,CAACiC,IAAI,CAACnK,cAAc,CAAC;QAC5C9D,KAAK,CAACqO,WAAW,CAACJ,IAAI,CAAC7E,QAAQ,CAAC;QAChCpJ,KAAK,CAACsO,WAAW,CAACL,IAAI,CAAC5E,QAAQ,CAAC;QAChCrJ,KAAK,CAACuO,wBAAwB,CAACN,IAAI,CAACO,qBAAqB,CAAC;QAC1DxO,KAAK,CAACyO,gCAAgC,CACpCR,IAAI,CAACS,6BACP,CAAC;QACD1O,KAAK,CAAC2O,mBAAmB,CAACV,IAAI,CAACW,SAAS,CAAC;QACzC5O,KAAK,CAAC6O,oBAAoB,CAACZ,IAAI,CAACa,UAAU,CAAC;MAC7C;;MAEA;MACA,IAAI,CAAC,IAAAC,6BAAU,EAAC/O,KAAK,CAAC6E,OAAO,CAAC,CAAC,CAAC,EAAE;QAChC,IAAMoJ,KAAI,SAAS,IAAAC,0CAAoB,EAAC;UAAElO;QAAM,CAAC,CAAC;QAClDA,KAAK,CAACmO,OAAO,CAACF,KAAI,CAACG,MAAM,CAAC;QAC1BpO,KAAK,CAACgM,iBAAiB,CAACiC,KAAI,CAACnK,cAAc,CAAC;MAC9C;;MAEA;MACA9D,KAAK,CAACgP,aAAa,OAAO1N,mBAAmB,CAACtB,KAAK,CAAC,CAAC;;MAErD;MACA,IACE,CAACG,gBAAgB,IACjBH,KAAK,CAACkL,mBAAmB,CAAC,CAAC,IAC3BlL,KAAK,CAACmL,oBAAoB,CAAC,CAAC,EAC5B;QACA,IAAAxJ,qBAAY,EAAC;UACXC,OAAO,oEAAAC,MAAA,CAAoE7B,KAAK,CAACkL,mBAAmB,CAAC,CAAC,CAAE;UACxGlL;QACF,CAAC,CAAC;QACF,IAAI;UACF,IAAM2H,KAAK,SAAS2D,gBAAgB,CAAC;YAAEtL;UAAM,CAAC,CAAC;UAC/CA,KAAK,CAACiP,kBAAkB,CAACtH,KAAK,CAAC;UAC/B3H,KAAK,CAACkP,0BAA0B,CAAC,IAAI,CAAC;UACtC,MAAMrD,gDAAgD,CAAC7L,KAAK,CAAC;QAC/D,CAAC,CAAC,OAAOmP,KAAK,EAAE;UACd,MAAM,IAAIpM,sBAAU,gCAAgCoM,KAAK,CAAC;QAC5D;MACF;MACA;MAAA,KACK,IAAInP,KAAK,CAACgD,WAAW,CAAC,CAAC,IAAIhD,KAAK,CAACiD,WAAW,CAAC,CAAC,EAAE;QACnD,IAAAtB,qBAAY,EAAC;UACXC,OAAO,iEAAAC,MAAA,CAAiE7B,KAAK,CAACgD,WAAW,CAAC,CAAC,CAAE;UAC7FhD;QACF,CAAC,CAAC;QACF,IAAM2H,MAAK,SAASL,mBAAmB,CAAChH,eAAe,EAAEN,KAAK,CAAC;QAC/D,IAAI2H,MAAK,EAAE3H,KAAK,CAACoP,uBAAuB,CAACzH,MAAK,CAAC;QAC/C,MAAMkE,gDAAgD,CAAC7L,KAAK,CAAC;QAC7D,IACEA,KAAK,CAAC6D,cAAc,CAAC,CAAC;QACtB;QACC7D,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,IAChE/D,KAAK,CAACwD,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACY,4BAA4B,CAAC,EACvE;UACA,IAAMsF,YAAW,SAASC,kBAAkB,CAACvJ,KAAK,CAAC;UACnD,IAAIsJ,YAAW,EAAEtJ,KAAK,CAACiP,kBAAkB,CAAC3F,YAAW,CAAC;QACxD;MACF;MACA;MAAA,KACK;QACH,MAAM,IAAIvG,sBAAU,+BAA+B,CAAC;MACtD;MACA,IACE/C,KAAK,CAAC6D,cAAc,CAAC,CAAC,IACrB7D,KAAK,CAACkE,0BAA0B,CAAC,CAAC,IAAIlE,KAAK,CAACqP,cAAc,CAAC,CAAE,EAC9D;QAAA,IAAAC,sBAAA,EAAAC,sBAAA;QACA,KAAAD,sBAAA,GAAItP,KAAK,CAACoN,kBAAkB,CAAC,CAAC,cAAAkC,sBAAA,eAA1BA,sBAAA,CAA4BvH,UAAU,EAAE;UAC1C,IAAAnC,uBAAc,EAAC;YAAEhE,OAAO,8BAA8B;YAAE5B;UAAM,CAAC,CAAC;QAClE;QACA,IACE,CAACA,KAAK,CAACkE,0BAA0B,CAAC,CAAC,KAAAqL,sBAAA,GACnCvP,KAAK,CAACmN,uBAAuB,CAAC,CAAC,cAAAoC,sBAAA,eAA/BA,sBAAA,CAAiCxH,UAAU,EAC3C;UACA,IAAAnC,uBAAc,EAAC;YAAEhE,OAAO,+BAA+B;YAAE5B;UAAM,CAAC,CAAC;QACnE;QACA0M,mBAAmB,CAACvM,gBAAgB,EAAEE,WAAW,EAAEL,KAAK,CAAC;QACzD,IAAMwP,MAAc,GAAG;UACrBC,WAAW,EAAEzP,KAAK,CAACoN,kBAAkB,CAAC,CAAC;UACvCsC,gBAAgB,EAAE1P,KAAK,CAACmN,uBAAuB,CAAC,CAAC;UACjDwC,OAAO,QAAQvD,kBAAkB,CAACpM,KAAK,CAAC;UACxC+J,IAAI,EAAE/J,KAAK,CAAC6E,OAAO,CAAC,CAAC;UACrB+K,KAAK,EAAE5P,KAAK,CAACmD,QAAQ,CAAC,CAAC,GAAGnD,KAAK,CAACmD,QAAQ,CAAC,CAAC,GAAG;QAC/C,CAAC;QACD,IAAAxB,qBAAY,EAAC;UACXC,OAAO,8CAA8C;UACrD5B;QACF,CAAC,CAAC;QACF;QACA,OAAOwP,MAAM;MACf;IACF,CAAC,CAAC,OAAOrQ,KAAK,EAAE;MACd,MAAM,IAAI4D,sBAAU,yBAAyB5D,KAAK,CAAC;IACrD;EACF,CAAC;EAAA,OAAA4O,UAAA,CAAAnO,KAAA,OAAAD,SAAA;AAAA"}
1
+ {"version":3,"file":"AuthenticateOps.js","names":["_crypto","require","_url","_interopRequireDefault","_uuid","_AuthenticateApi","_ServerInfoApi","_Constants","_Base64Utils","_Console","_ExportImportUtils","_ServiceAccountOps","_ConnectionProfileOps","_FrodoError","_JoseOps","_OAuth2OidcOps","_SessionOps","_TokenCacheOps","obj","__esModule","default","asyncGeneratorStep","gen","resolve","reject","_next","_throw","key","arg","info","value","error","done","Promise","then","_asyncToGenerator","fn","self","args","arguments","apply","err","undefined","_default","state","getTokens","_arguments","forceLoginAsUser","length","autoRefresh","callbackHandler","getAccessTokenForServiceAccount","_arguments2","saId","saJwk","access_token","getFreshSaBearerToken","exports","adminClientPassword","redirectUrlTemplate","cloudIdmAdminScopes","forgeopsIdmAdminScopes","serviceAccountDefaultScopes","SERVICE_ACCOUNT_DEFAULT_SCOPES","join","fidcClientId","forgeopsClientId","adminClientId","determineCookieName","_x","_determineCookieName","data","getServerInfo","debugMessage","message","concat","cookieName","checkAndHandle2FA","_ref","payload","otpCallbackHandler","callback","callbacks","type","localAuth","output","provider","input","includes","nextStep","need2fa","factor","supported","FrodoError","getUsername","getPassword","determineDefaultRealm","getRealm","Constants","DEFAULT_REALM_KEY","setRealm","DEPLOYMENT_TYPE_REALM_MAP","getDeploymentType","determineDeploymentType","_x2","_determineDeploymentType","cookieValue","getCookieValue","deploymentType","CLOUD_DEPLOYMENT_TYPE_KEY","FORGEOPS_DEPLOYMENT_TYPE_KEY","CLASSIC_DEPLOYMENT_TYPE_KEY","getUseBearerTokenForAmApis","verifier","encodeBase64Url","randomBytes","challenge","createHash","update","digest","challengeMethod","redirectURL","url","getHost","config","maxRedirects","headers","getCookieName","bodyFormData","authorize","amBaseUrl","e","_e$response","_e$response$headers","response","status","location","indexOf","verboseMessage","ex","_ex$response","_ex$response$headers","getSemanticVersion","versionInfo","versionString","version","rx","match","Error","getFreshUserSessionToken","_x3","_getFreshUserSessionToken","_ref2","step","body","skip2FA","steps","maxSteps","sessionInfo","getSessionInfo","tokenId","Date","parse","maxIdleExpirationTime","getUserSessionToken","_x4","_x5","_getUserSessionToken","otpCallback","token","getUseTokenCache","hasUserSessionToken","readUserSessionToken","from_cache","saveUserSessionToken","getAuthCode","_x6","_x7","_x8","_x9","_getAuthCode","codeChallenge","codeChallengeMethod","_response$headers","redirectLocationURL","queryObject","query","code","getFreshUserBearerToken","_x10","_getFreshUserBearerToken","_ref3","authCode","auth","username","password","accessToken","getUserBearerToken","_x11","_getUserBearerToken","hasUserBearerToken","readUserBearerToken","saveUserBearerToken","createPayload","serviceAccountId","host","u","parseUrl","aud","origin","port","protocol","pathname","exp","Math","floor","getTime","jti","v4","iss","sub","_x12","_getFreshSaBearerToken","_ref4","getServiceAccountId","getServiceAccountJwk","jwt","createSignedJwtToken","scope","getServiceAccountScope","_err$httpDescription","isHttpError","httpErrorMessage","httpDescription","startsWith","invalidScopes","substring","split","finalScopes","filter","el","getSaBearerToken","_x13","_getSaBearerToken","_ref5","hasSaBearerToken","readSaBearerToken","saveSaBearerToken","determineDeploymentTypeAndDefaultRealmAndVersion","_x14","_determineDeploymentTypeAndDefaultRealmAndVersion","setDeploymentType","getServerVersionInfo","fullVersion","setAmVersion","getLoggedInSubject","_x15","_getLoggedInSubject","subjectString","name","getServiceAccount","scheduleAutoRefresh","timer","getAutoRefreshTimer","clearTimeout","_state$getUserSession","_state$getBearerToken","_state$getBearerToken2","_state$getUserSession2","expires","getUserSessionTokenMeta","getBearerTokenMeta","min","timeout","now","ceil","getMinutes","getSeconds","setTimeout","setAutoRefreshTimer","unref","_x16","_getTokens","_ref6","usingConnectionProfile","conn","getConnectionProfile","setHost","tenant","setUsername","setPassword","setAuthenticationService","authenticationService","setAuthenticationHeaderOverrides","authenticationHeaderOverrides","setServiceAccountId","svcacctId","setServiceAccountJwk","svcacctJwk","setServiceAccountScope","svcacctScope","isValidUrl","setCookieName","setBearerTokenMeta","saveConnectionProfile","setUseBearerTokenForAmApis","saErr","setUserSessionTokenMeta","getBearerToken","_state$getBearerToken3","_state$getUserSession3","tokens","bearerToken","userSessionToken","subject","realm"],"sources":["../../src/ops/AuthenticateOps.ts"],"sourcesContent":["import { createHash, randomBytes } from 'crypto';\nimport url from 'url';\nimport { v4 } from 'uuid';\n\nimport { step } from '../api/AuthenticateApi';\nimport { getServerInfo, getServerVersionInfo } from '../api/ServerInfoApi';\nimport Constants from '../shared/Constants';\nimport { State } from '../shared/State';\nimport { encodeBase64Url } from '../utils/Base64Utils';\nimport { debugMessage, verboseMessage } from '../utils/Console';\nimport { isValidUrl, parseUrl } from '../utils/ExportImportUtils';\nimport { CallbackHandler } from './CallbackOps';\nimport {\n getServiceAccount,\n SERVICE_ACCOUNT_DEFAULT_SCOPES,\n} from './cloud/ServiceAccountOps';\nimport {\n getConnectionProfile,\n saveConnectionProfile,\n} from './ConnectionProfileOps';\nimport { FrodoError } from './FrodoError';\nimport { createSignedJwtToken, JwkRsa } from './JoseOps';\nimport {\n accessToken,\n type AccessTokenMetaType,\n authorize,\n} from './OAuth2OidcOps';\nimport { getSessionInfo } from './SessionOps';\nimport {\n hasSaBearerToken,\n hasUserBearerToken,\n hasUserSessionToken,\n readSaBearerToken,\n readUserBearerToken,\n readUserSessionToken,\n saveSaBearerToken,\n saveUserBearerToken,\n saveUserSessionToken,\n} from './TokenCacheOps';\n\nexport type Authenticate = {\n /**\n * Get tokens and store them in State\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {CallbackHandler} callbackHandler function allowing the library to collect responses from the user through callbacks\n * @returns {Promise<Tokens>} object containing the tokens\n */\n getTokens(\n forceLoginAsUser?: boolean,\n autoRefresh?: boolean,\n callbackHandler?: CallbackHandler\n ): Promise<Tokens>;\n\n // Deprecated\n /**\n * Get access token for service account\n * @param {string} saId optional service account id\n * @param {JwkRsa} saJwk optional service account JWK\n * @returns {string | null} Access token or null\n * @deprecated since v2.0.0 use {@link Authenticate.getTokens | getTokens} instead\n * ```javascript\n * getTokens(): Promise<boolean>\n * ```\n * @group Deprecated\n */\n getAccessTokenForServiceAccount(\n saId?: string,\n saJwk?: JwkRsa\n ): Promise<string | null>;\n};\n\nexport default (state: State): Authenticate => {\n return {\n async getTokens(\n forceLoginAsUser = false,\n autoRefresh = true,\n callbackHandler = null\n ) {\n return getTokens({\n forceLoginAsUser,\n autoRefresh,\n callbackHandler,\n state,\n });\n },\n\n // Deprecated\n async getAccessTokenForServiceAccount(\n saId: string = undefined,\n saJwk: JwkRsa = undefined\n ): Promise<string | null> {\n const { access_token } = await getFreshSaBearerToken({\n saId,\n saJwk,\n state,\n });\n return access_token;\n },\n };\n};\n\nconst adminClientPassword = 'doesnotmatter';\nconst redirectUrlTemplate = '/platform/appAuthHelperRedirect.html';\n\nconst cloudIdmAdminScopes = 'openid fr:idm:* fr:idc:esv:*';\nconst forgeopsIdmAdminScopes = 'openid fr:idm:*';\nconst serviceAccountDefaultScopes = SERVICE_ACCOUNT_DEFAULT_SCOPES.join(' '); //'fr:am:* fr:idm:* fr:idc:esv:*';\n\nconst fidcClientId = 'idmAdminClient';\nconst forgeopsClientId = 'idm-admin-ui';\nlet adminClientId = fidcClientId;\n\n/**\n * Helper function to get cookie name\n * @param {State} state library state\n * @returns {string} cookie name\n */\nasync function determineCookieName(state: State) {\n const data = await getServerInfo({ state });\n debugMessage({\n message: `AuthenticateOps.determineCookieName: cookieName=${data.cookieName}`,\n state,\n });\n return data.cookieName;\n}\n\n/**\n * Helper function to determine if this is a setup mfa prompt in the ID Cloud tenant admin login journey\n * @param {Object} payload response from the previous authentication journey step\n * @param {State} state library state\n * @returns {Object} an object indicating if 2fa is required and the original payload\n */\nfunction checkAndHandle2FA({\n payload,\n otpCallbackHandler,\n state,\n}: {\n payload;\n otpCallbackHandler: CallbackHandler;\n state: State;\n}) {\n debugMessage({ message: `AuthenticateOps.checkAndHandle2FA: start`, state });\n // let skippable = false;\n if ('callbacks' in payload) {\n for (let callback of payload.callbacks) {\n // select localAuthentication if Admin Federation is enabled\n if (callback.type === 'SelectIdPCallback') {\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: Admin federation enabled. Allowed providers:`,\n state,\n });\n let localAuth = false;\n for (const value of callback.output[0].value) {\n debugMessage({ message: `${value.provider}`, state });\n if (value.provider === 'localAuthentication') {\n localAuth = true;\n }\n }\n if (localAuth) {\n debugMessage({ message: `local auth allowed`, state });\n callback.input[0].value = 'localAuthentication';\n } else {\n debugMessage({ message: `local auth NOT allowed`, state });\n }\n }\n if (callback.type === 'HiddenValueCallback') {\n if (callback.input[0].value.includes('skip')) {\n // skippable = true;\n callback.input[0].value = 'Skip';\n // debugMessage(\n // `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=true]`\n // );\n // return {\n // nextStep: true,\n // need2fa: true,\n // factor: 'None',\n // supported: true,\n // payload,\n // };\n }\n if (callback.input[0].value.includes('webAuthnOutcome')) {\n // webauthn!!!\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, unsupported factor: webauthn]`,\n state,\n });\n return {\n nextStep: false,\n need2fa: true,\n factor: 'WebAuthN',\n supported: false,\n payload,\n };\n }\n }\n if (callback.type === 'NameCallback') {\n if (callback.output[0].value.includes('code')) {\n // skippable = false;\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: need2fa=true, skippable=false`,\n state,\n });\n if (!otpCallbackHandler)\n throw new FrodoError(\n `2fa required but no otpCallback function provided.`\n );\n callback = otpCallbackHandler(callback);\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=true, skippable=false, factor=Code]`,\n state,\n });\n return {\n nextStep: true,\n need2fa: true,\n factor: 'Code',\n supported: true,\n payload,\n };\n } else {\n // answer callback\n callback.input[0].value = state.getUsername();\n }\n }\n if (callback.type === 'PasswordCallback') {\n // answer callback\n callback.input[0].value = state.getPassword();\n }\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: true,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n }\n debugMessage({\n message: `AuthenticateOps.checkAndHandle2FA: end [need2fa=false]`,\n state,\n });\n // debugMessage(payload);\n return {\n nextStep: false,\n need2fa: false,\n factor: 'None',\n supported: true,\n payload,\n };\n}\n\n/**\n * Helper function to set the default realm by deployment type\n * @param {State} state library state\n */\nfunction determineDefaultRealm(state: State) {\n if (!state.getRealm() || state.getRealm() === Constants.DEFAULT_REALM_KEY) {\n state.setRealm(\n Constants.DEPLOYMENT_TYPE_REALM_MAP[state.getDeploymentType()]\n );\n }\n}\n\n/**\n * Helper function to determine the deployment type\n * @param {State} state library state\n * @returns {Promise<string>} deployment type\n */\nasync function determineDeploymentType(state: State): Promise<string> {\n const cookieValue = state.getCookieValue();\n let deploymentType = state.getDeploymentType();\n\n switch (deploymentType) {\n case Constants.CLOUD_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n case Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY:\n adminClientId = forgeopsClientId;\n return deploymentType;\n\n case Constants.CLASSIC_DEPLOYMENT_TYPE_KEY:\n return deploymentType;\n\n // detect deployment type\n default: {\n // if we are using a service account, we know it's cloud\n if (state.getUseBearerTokenForAmApis())\n return Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n\n const config = {\n maxRedirects: 0,\n headers: {\n [state.getCookieName()]: state.getCookieValue(),\n },\n };\n let bodyFormData = `redirect_uri=${redirectURL}&scope=${cloudIdmAdminScopes}&response_type=code&client_id=${fidcClientId}&csrf=${cookieValue}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n\n deploymentType = Constants.CLASSIC_DEPLOYMENT_TYPE_KEY;\n try {\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (e) {\n // debugMessage(e.response);\n if (\n e.response?.status === 302 &&\n e.response.headers?.location?.indexOf('code=') > -1\n ) {\n verboseMessage({\n message: `ForgeRock Identity Cloud`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.CLOUD_DEPLOYMENT_TYPE_KEY;\n } else {\n try {\n bodyFormData = `redirect_uri=${redirectURL}&scope=${forgeopsIdmAdminScopes}&response_type=code&client_id=${forgeopsClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${challenge}&code_challenge_method=${challengeMethod}`;\n await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (ex) {\n if (\n ex.response?.status === 302 &&\n ex.response.headers?.location?.indexOf('code=') > -1\n ) {\n adminClientId = forgeopsClientId;\n verboseMessage({\n message: `ForgeOps deployment`['brightCyan'] + ` detected.`,\n state,\n });\n deploymentType = Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY;\n } else {\n verboseMessage({\n message: `Classic deployment`['brightCyan'] + ` detected.`,\n state,\n });\n }\n }\n }\n }\n return deploymentType;\n }\n }\n}\n\n/**\n * Helper function to extract the semantic version string from a version info object\n * @param {Object} versionInfo version info object\n * @returns {String} semantic version\n */\nfunction getSemanticVersion(versionInfo) {\n if ('version' in versionInfo) {\n const versionString = versionInfo.version;\n const rx = /([\\d]\\.[\\d]\\.[\\d](\\.[\\d])*)/g;\n const version = versionString.match(rx);\n return version[0];\n }\n throw new Error('Cannot extract semantic version from version info object.');\n}\n\nexport type UserSessionMetaType = {\n tokenId: string;\n successUrl: string;\n realm: string;\n expires: number;\n from_cache?: boolean;\n};\n\n/**\n * Helper function to authenticate and obtain and store session cookie\n * @param {State} state library state\n * @returns {string} Session token or null\n */\nasync function getFreshUserSessionToken({\n otpCallbackHandler,\n state,\n}: {\n otpCallbackHandler: CallbackHandler;\n state: State;\n}): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: start`,\n state,\n });\n const config = {\n headers: {\n 'X-OpenAM-Username': state.getUsername(),\n 'X-OpenAM-Password': state.getPassword(),\n },\n };\n let response = await step({ body: {}, config, state });\n\n let skip2FA = null;\n let steps = 0;\n const maxSteps = 3;\n do {\n skip2FA = checkAndHandle2FA({\n payload: response,\n otpCallbackHandler: otpCallbackHandler,\n state,\n });\n\n // throw exception if 2fa required but factor not supported by frodo (e.g. WebAuthN)\n if (!skip2FA.supported) {\n throw new Error(`Unsupported 2FA factor: ${skip2FA.factor}`);\n }\n\n if (skip2FA.nextStep) {\n steps++;\n response = await step({ body: skip2FA.payload, state });\n }\n\n if ('tokenId' in response) {\n response['from_cache'] = false;\n // get session expiration\n const sessionInfo = await getSessionInfo({\n tokenId: response['tokenId'],\n state,\n });\n response['expires'] = Date.parse(sessionInfo.maxIdleExpirationTime);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [tokenId=${response['tokenId']}]`,\n state,\n });\n debugMessage({\n message: response,\n state,\n });\n return response as UserSessionMetaType;\n }\n } while (skip2FA.nextStep && steps < maxSteps);\n debugMessage({\n message: `AuthenticateOps.getFreshUserSessionToken: end [no session]`,\n state,\n });\n return null;\n}\n\n/**\n * Helper function to obtain user session token\n * @param {State} state library state\n * @returns {Promise<UserSessionMetaType>} session token or null\n */\nasync function getUserSessionToken(\n otpCallback: CallbackHandler,\n state: State\n): Promise<UserSessionMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: start`,\n state,\n });\n let token: UserSessionMetaType = null;\n if (state.getUseTokenCache() && (await hasUserSessionToken({ state }))) {\n try {\n token = await readUserSessionToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: cached`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: failed cache read`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserSessionToken({\n otpCallbackHandler: otpCallback,\n state,\n });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: fresh`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserSessionToken({ token, state });\n }\n debugMessage({\n message: `AuthenticateOps.getUserSessionToken: end`,\n state,\n });\n return token;\n}\n\n/**\n * Helper function to obtain an oauth2 authorization code\n * @param {string} redirectURL oauth2 redirect uri\n * @param {string} codeChallenge PKCE code challenge\n * @param {string} codeChallengeMethod PKCE code challenge method\n * @param {State} state library state\n * @returns {string} oauth2 authorization code or null\n */\nasync function getAuthCode(\n redirectURL: string,\n codeChallenge: string,\n codeChallengeMethod: string,\n state: State\n): Promise<string> {\n try {\n const bodyFormData = `redirect_uri=${redirectURL}&scope=${\n state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY\n ? cloudIdmAdminScopes\n : forgeopsIdmAdminScopes\n }&response_type=code&client_id=${adminClientId}&csrf=${state.getCookieValue()}&decision=allow&code_challenge=${codeChallenge}&code_challenge_method=${codeChallengeMethod}`;\n const config = {\n headers: {\n 'Content-Type': 'application/x-www-form-urlencoded',\n },\n maxRedirects: 0,\n };\n let response = undefined;\n try {\n response = await authorize({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } catch (error) {\n response = error.response;\n if (response.status < 200 || response.status > 399) {\n throw error;\n }\n }\n const redirectLocationURL = response.headers?.location;\n const queryObject = url.parse(redirectLocationURL, true).query;\n if ('code' in queryObject) {\n return queryObject.code as string;\n }\n throw new FrodoError(`Authz code not found`);\n } catch (error) {\n throw new FrodoError(`Error getting authz code`, error);\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getFreshUserBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: start`,\n state,\n });\n try {\n const verifier = encodeBase64Url(randomBytes(32));\n const challenge = encodeBase64Url(\n createHash('sha256').update(verifier).digest()\n );\n const challengeMethod = 'S256';\n const redirectURL = url.resolve(state.getHost(), redirectUrlTemplate);\n const authCode = await getAuthCode(\n redirectURL,\n challenge,\n challengeMethod,\n state\n );\n let response: AccessTokenMetaType = null;\n if (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY) {\n const config = {\n auth: {\n username: adminClientId,\n password: adminClientPassword,\n },\n };\n const bodyFormData = `redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config,\n state,\n });\n } else {\n const bodyFormData = `client_id=${adminClientId}&redirect_uri=${redirectURL}&grant_type=authorization_code&code=${authCode}&code_verifier=${verifier}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n }\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getAccessTokenForUser: end with token`,\n state,\n });\n return response;\n }\n throw new FrodoError(`No access token in response`);\n } catch (error) {\n throw new FrodoError(`Error getting access token for user`, error);\n }\n}\n\n/**\n * Helper function to obtain oauth2 access token\n * @param {State} state library state\n * @returns {Promise<AccessTokenMetaType>} access token or null\n */\nasync function getUserBearerToken(state: State): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasUserBearerToken({ state }))) {\n try {\n token = await readUserBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshUserBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getUserBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveUserBearerToken({ token, state });\n }\n return token;\n}\n\nfunction createPayload(serviceAccountId: string, host: string) {\n const u = parseUrl(host);\n const aud = `${u.origin}:${\n u.port ? u.port : u.protocol === 'https' ? '443' : '80'\n }${u.pathname}/oauth2/access_token`;\n\n // Cross platform way of setting JWT expiry time 3 minutes in the future, expressed as number of seconds since EPOCH\n const exp = Math.floor(new Date().getTime() / 1000 + 180);\n\n // A unique ID for the JWT which is required when requesting the openid scope\n const jti = v4();\n\n const iss = serviceAccountId;\n const sub = serviceAccountId;\n\n // Create the payload for our bearer token\n const payload = { iss, sub, aud, exp, jti };\n\n return payload;\n}\n\n/**\n * Get fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getFreshSaBearerToken({\n saId = undefined,\n saJwk = undefined,\n state,\n}: {\n saId?: string;\n saJwk?: JwkRsa;\n state: State;\n}): Promise<AccessTokenMetaType> {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: start`,\n state,\n });\n saId = saId ? saId : state.getServiceAccountId();\n saJwk = saJwk ? saJwk : state.getServiceAccountJwk();\n const payload = createPayload(saId, state.getHost());\n const jwt = await createSignedJwtToken(payload, saJwk);\n const scope = state.getServiceAccountScope() || serviceAccountDefaultScopes;\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${scope}`;\n let response: AccessTokenMetaType;\n try {\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n } catch (error) {\n const err: FrodoError = error as FrodoError;\n if (\n err.isHttpError &&\n err.httpErrorMessage === 'invalid_scope' &&\n err.httpDescription?.startsWith('Unsupported scope for service account: ')\n ) {\n const invalidScopes: string[] = err.httpDescription\n .substring(39)\n .split(',');\n const finalScopes: string[] = scope.split(' ').filter((el) => {\n return !invalidScopes.includes(el);\n });\n const bodyFormData = `assertion=${jwt}&client_id=service-account&grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&scope=${finalScopes.join(\n ' '\n )}`;\n response = await accessToken({\n amBaseUrl: state.getHost(),\n data: bodyFormData,\n config: {},\n state,\n });\n }\n }\n if ('access_token' in response) {\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end`,\n state,\n });\n return response;\n }\n debugMessage({\n message: `AuthenticateOps.getFreshSaBearerToken: end [No access token in response]`,\n state,\n });\n return null;\n}\n\n/**\n * Get cached or fresh access token for service account\n * @param {State} state library state\n * @returns {Promise<AccessTokenResponseType>} response object containg token, scope, type, and expiration in seconds\n */\nexport async function getSaBearerToken({\n state,\n}: {\n state: State;\n}): Promise<AccessTokenMetaType> {\n try {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: start`,\n state,\n });\n let token: AccessTokenMetaType = null;\n if (state.getUseTokenCache() && (await hasSaBearerToken({ state }))) {\n try {\n token = await readSaBearerToken({ state });\n token.from_cache = true;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [cached]`,\n state,\n });\n } catch (error) {\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [failed cache read]`,\n state,\n });\n }\n }\n if (!token) {\n token = await getFreshSaBearerToken({ state });\n token.from_cache = false;\n debugMessage({\n message: `AuthenticateOps.getSaBearerToken: end [fresh]`,\n state,\n });\n }\n if (state.getUseTokenCache()) {\n await saveSaBearerToken({ token, state });\n }\n return token;\n } catch (error) {\n throw new FrodoError(\n `Error getting access token for service account`,\n error\n );\n }\n}\n\n/**\n * Helper function to determine deployment type, default realm, and version and update library state\n * @param state library state\n */\nasync function determineDeploymentTypeAndDefaultRealmAndVersion(\n state: State\n): Promise<void> {\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: start`,\n state,\n });\n state.setDeploymentType(await determineDeploymentType(state));\n determineDefaultRealm(state);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: realm=${state.getRealm()}, type=${state.getDeploymentType()}`,\n state,\n });\n\n const versionInfo = await getServerVersionInfo({ state });\n\n // https://github.com/rockcarver/frodo-cli/issues/109\n debugMessage({ message: `Full version: ${versionInfo.fullVersion}`, state });\n\n const version = await getSemanticVersion(versionInfo);\n state.setAmVersion(version);\n debugMessage({\n message: `AuthenticateOps.determineDeploymentTypeAndDefaultRealmAndVersion: end`,\n state,\n });\n}\n\n/**\n * Get logged-in subject\n * @param {State} state library state\n * @returns {string} a string identifying subject type and id\n */\nasync function getLoggedInSubject(state: State): Promise<string> {\n let subjectString = `user ${state.getUsername()}`;\n if (state.getUseBearerTokenForAmApis()) {\n try {\n const name = (\n await getServiceAccount({\n serviceAccountId: state.getServiceAccountId(),\n state,\n })\n ).name;\n subjectString = `service account ${name} [${state.getServiceAccountId()}]`;\n } catch (error) {\n subjectString = `service account ${state.getServiceAccountId()}`;\n }\n }\n return subjectString;\n}\n\n/**\n * Helper method to set, reset, or cancel timer to auto refresh tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n */\nfunction scheduleAutoRefresh(\n forceLoginAsUser: boolean,\n autoRefresh: boolean,\n state: State\n) {\n let timer = state.getAutoRefreshTimer();\n // clear existing timer\n if (timer) {\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: cancel existing timer`,\n state,\n });\n clearTimeout(timer);\n }\n // new timer\n if (autoRefresh) {\n const expires =\n state.getDeploymentType() === Constants.CLASSIC_DEPLOYMENT_TYPE_KEY\n ? state.getUserSessionTokenMeta()?.expires\n : state.getUseBearerTokenForAmApis()\n ? state.getBearerTokenMeta()?.expires\n : Math.min(\n state.getBearerTokenMeta()?.expires,\n state.getUserSessionTokenMeta()?.expires\n );\n let timeout = expires - Date.now() - 1000 * 25;\n if (timeout < 1000 * 30) {\n debugMessage({\n message: `Timeout below threshold of 30 seconds (${Math.ceil(\n timeout / 1000\n )}), resetting timeout to 10ms.`,\n state,\n });\n if (timeout < 10) timeout = 10;\n }\n debugMessage({\n message: `AuthenticateOps.scheduleAutoRefresh: set new timer [${Math.floor(\n timeout / 1000\n )}s (${new Date(timeout).getMinutes()}m ${new Date(\n timeout\n ).getSeconds()}s)]`,\n state,\n });\n timer = setTimeout(getTokens, timeout, {\n forceLoginAsUser,\n autoRefresh,\n state,\n // Volker's Visual Studio Code doesn't want to have it any other way.\n }) as unknown as NodeJS.Timeout;\n state.setAutoRefreshTimer(timer);\n timer.unref();\n }\n}\n\nexport type Tokens = {\n bearerToken?: AccessTokenMetaType;\n userSessionToken?: UserSessionMetaType;\n subject?: string;\n host?: string;\n realm?: string;\n};\n\n/**\n * Get tokens\n * @param {boolean} forceLoginAsUser true to force login as user even if a service account is available (default: false)\n * @param {boolean} autoRefresh true to automatically refresh tokens before they expire (default: true)\n * @param {State} state library state\n * @returns {Promise<Tokens>} object containing the tokens\n */\nexport async function getTokens({\n forceLoginAsUser = false,\n autoRefresh = true,\n callbackHandler = null,\n state,\n}: {\n forceLoginAsUser?: boolean;\n autoRefresh?: boolean;\n callbackHandler?: CallbackHandler;\n state: State;\n}): Promise<Tokens> {\n debugMessage({ message: `AuthenticateOps.getTokens: start`, state });\n if (!state.getHost()) {\n throw new FrodoError(`No host specified`);\n }\n let usingConnectionProfile: boolean = false;\n try {\n // if username/password on cli are empty, try to read from connections.json\n if (\n state.getUsername() == null &&\n state.getPassword() == null &&\n !state.getServiceAccountId() &&\n !state.getServiceAccountJwk()\n ) {\n const conn = await getConnectionProfile({ state });\n usingConnectionProfile = true;\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n state.setUsername(conn.username);\n state.setPassword(conn.password);\n state.setAuthenticationService(conn.authenticationService);\n state.setAuthenticationHeaderOverrides(\n conn.authenticationHeaderOverrides\n );\n state.setServiceAccountId(conn.svcacctId);\n state.setServiceAccountJwk(conn.svcacctJwk);\n state.setServiceAccountScope(conn.svcacctScope);\n }\n\n // if host is not a valid URL, try to locate a valid URL and deployment type from connections.json\n if (!isValidUrl(state.getHost())) {\n const conn = await getConnectionProfile({ state });\n state.setHost(conn.tenant);\n state.setDeploymentType(conn.deploymentType);\n }\n\n // now that we have the full tenant URL we can lookup the cookie name\n state.setCookieName(await determineCookieName(state));\n\n // use service account to login?\n if (\n !forceLoginAsUser &&\n state.getServiceAccountId() &&\n state.getServiceAccountJwk()\n ) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with service account ${state.getServiceAccountId()}`,\n state,\n });\n try {\n const token = await getSaBearerToken({ state });\n state.setBearerTokenMeta(token);\n if (usingConnectionProfile && !token.from_cache) {\n saveConnectionProfile({ host: state.getHost(), state });\n }\n state.setUseBearerTokenForAmApis(true);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n } catch (saErr) {\n throw new FrodoError(`Service account login error`, saErr);\n }\n }\n // use user account to login\n else if (state.getUsername() && state.getPassword()) {\n debugMessage({\n message: `AuthenticateOps.getTokens: Authenticating with user account ${state.getUsername()}`,\n state,\n });\n const token = await getUserSessionToken(callbackHandler, state);\n if (token) state.setUserSessionTokenMeta(token);\n await determineDeploymentTypeAndDefaultRealmAndVersion(state);\n if (\n state.getCookieValue() &&\n // !state.getBearerToken() &&\n (state.getDeploymentType() === Constants.CLOUD_DEPLOYMENT_TYPE_KEY ||\n state.getDeploymentType() === Constants.FORGEOPS_DEPLOYMENT_TYPE_KEY)\n ) {\n const accessToken = await getUserBearerToken(state);\n if (accessToken) state.setBearerTokenMeta(accessToken);\n }\n }\n // incomplete or no credentials\n else {\n throw new FrodoError(`Incomplete or no credentials`);\n }\n if (\n state.getCookieValue() ||\n (state.getUseBearerTokenForAmApis() && state.getBearerToken())\n ) {\n if (state.getBearerTokenMeta()?.from_cache) {\n verboseMessage({ message: `Using cached bearer token.`, state });\n }\n if (\n !state.getUseBearerTokenForAmApis() &&\n state.getUserSessionTokenMeta()?.from_cache\n ) {\n verboseMessage({ message: `Using cached session token.`, state });\n }\n scheduleAutoRefresh(forceLoginAsUser, autoRefresh, state);\n const tokens: Tokens = {\n bearerToken: state.getBearerTokenMeta(),\n userSessionToken: state.getUserSessionTokenMeta(),\n subject: await getLoggedInSubject(state),\n host: state.getHost(),\n realm: state.getRealm() ? state.getRealm() : 'root',\n };\n debugMessage({\n message: `AuthenticateOps.getTokens: end with tokens`,\n state,\n });\n // `Connected to ${state.getHost()} [${state.getRealm() ? state.getRealm() : 'root'}] as ${await getLoggedInSubject(state)}`\n return tokens;\n }\n } catch (error) {\n throw new FrodoError(`Error getting tokens`, error);\n }\n}\n"],"mappings":";;;;;;;;;AAAA,IAAAA,OAAA,GAAAC,OAAA;AACA,IAAAC,IAAA,GAAAC,sBAAA,CAAAF,OAAA;AACA,IAAAG,KAAA,GAAAH,OAAA;AAA0B,IAAAI,gBAAA,GAAAJ,OAAA;AAAA,IAAAK,cAAA,GAAAL,OAAA;AAAA,IAAAM,UAAA,GAAAJ,sBAAA,CAAAF,OAAA;AAAA,IAAAO,YAAA,GAAAP,OAAA;AAAA,IAAAQ,QAAA,GAAAR,OAAA;AAAA,IAAAS,kBAAA,GAAAT,OAAA;AAAA,IAAAU,kBAAA,GAAAV,OAAA;AAAA,IAAAW,qBAAA,GAAAX,OAAA;AAAA,IAAAY,WAAA,GAAAZ,OAAA;AAAA,IAAAa,QAAA,GAAAb,OAAA;AAAA,IAAAc,cAAA,GAAAd,OAAA;AAAA,IAAAe,WAAA,GAAAf,OAAA;AAAA,IAAAgB,cAAA,GAAAhB,OAAA;AAAA,SAAAE,uBAAAe,GAAA,WAAAA,GAAA,IAAAA,GAAA,CAAAC,UAAA,GAAAD,GAAA,KAAAE,OAAA,EAAAF,GAAA;AAAA,SAAAG,mBAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,EAAAC,GAAA,EAAAC,GAAA,cAAAC,IAAA,GAAAP,GAAA,CAAAK,GAAA,EAAAC,GAAA,OAAAE,KAAA,GAAAD,IAAA,CAAAC,KAAA,WAAAC,KAAA,IAAAP,MAAA,CAAAO,KAAA,iBAAAF,IAAA,CAAAG,IAAA,IAAAT,OAAA,CAAAO,KAAA,YAAAG,OAAA,CAAAV,OAAA,CAAAO,KAAA,EAAAI,IAAA,CAAAT,KAAA,EAAAC,MAAA;AAAA,SAAAS,kBAAAC,EAAA,6BAAAC,IAAA,SAAAC,IAAA,GAAAC,SAAA,aAAAN,OAAA,WAAAV,OAAA,EAAAC,MAAA,QAAAF,GAAA,GAAAc,EAAA,CAAAI,KAAA,CAAAH,IAAA,EAAAC,IAAA,YAAAb,MAAAK,KAAA,IAAAT,kBAAA,CAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,UAAAI,KAAA,cAAAJ,OAAAe,GAAA,IAAApB,kBAAA,CAAAC,GAAA,EAAAC,OAAA,EAAAC,MAAA,EAAAC,KAAA,EAAAC,MAAA,WAAAe,GAAA,KAAAhB,KAAA,CAAAiB,SAAA;AAAA,IAAAC,QAAA,GAsEVC,KAAY,IAAmB;EAC7C,OAAO;IACCC,SAASA,CAAA,EAIb;MAAA,IAAAC,UAAA,GAAAP,SAAA;MAAA,OAAAJ,iBAAA;QAAA,IAHAY,gBAAgB,GAAAD,UAAA,CAAAE,MAAA,QAAAF,UAAA,QAAAJ,SAAA,GAAAI,UAAA,MAAG,KAAK;QAAA,IACxBG,WAAW,GAAAH,UAAA,CAAAE,MAAA,QAAAF,UAAA,QAAAJ,SAAA,GAAAI,UAAA,MAAG,IAAI;QAAA,IAClBI,eAAe,GAAAJ,UAAA,CAAAE,MAAA,QAAAF,UAAA,QAAAJ,SAAA,GAAAI,UAAA,MAAG,IAAI;QAEtB,OAAOD,SAAS,CAAC;UACfE,gBAAgB;UAChBE,WAAW;UACXC,eAAe;UACfN;QACF,CAAC,CAAC;MAAC;IACL,CAAC;IAED;IACMO,+BAA+BA,CAAA,EAGX;MAAA,IAAAC,WAAA,GAAAb,SAAA;MAAA,OAAAJ,iBAAA;QAAA,IAFxBkB,IAAY,GAAAD,WAAA,CAAAJ,MAAA,QAAAI,WAAA,QAAAV,SAAA,GAAAU,WAAA,MAAGV,SAAS;QAAA,IACxBY,KAAa,GAAAF,WAAA,CAAAJ,MAAA,QAAAI,WAAA,QAAAV,SAAA,GAAAU,WAAA,MAAGV,SAAS;QAEzB,IAAM;UAAEa;QAAa,CAAC,SAASC,qBAAqB,CAAC;UACnDH,IAAI;UACJC,KAAK;UACLV;QACF,CAAC,CAAC;QACF,OAAOW,YAAY;MAAC;IACtB;EACF,CAAC;AACH,CAAC;AAAAE,OAAA,CAAArC,OAAA,GAAAuB,QAAA;AAED,IAAMe,mBAAmB,GAAG,eAAe;AAC3C,IAAMC,mBAAmB,GAAG,sCAAsC;AAElE,IAAMC,mBAAmB,GAAG,8BAA8B;AAC1D,IAAMC,sBAAsB,GAAG,iBAAiB;AAChD,IAAMC,2BAA2B,GAAGC,iDAA8B,CAACC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;;AAE9E,IAAMC,YAAY,GAAG,gBAAgB;AACrC,IAAMC,gBAAgB,GAAG,cAAc;AACvC,IAAIC,aAAa,GAAGF,YAAY;;AAEhC;AACA;AACA;AACA;AACA;AAJA,SAKeG,mBAAmBA,CAAAC,EAAA;EAAA,OAAAC,oBAAA,CAAA9B,KAAA,OAAAD,SAAA;AAAA;AASlC;AACA;AACA;AACA;AACA;AACA;AALA,SAAA+B,qBAAA;EAAAA,oBAAA,GAAAnC,iBAAA,CATA,WAAmCS,KAAY,EAAE;IAC/C,IAAM2B,IAAI,SAAS,IAAAC,4BAAa,EAAC;MAAE5B;IAAM,CAAC,CAAC;IAC3C,IAAA6B,qBAAY,EAAC;MACXC,OAAO,qDAAAC,MAAA,CAAqDJ,IAAI,CAACK,UAAU,CAAE;MAC7EhC;IACF,CAAC,CAAC;IACF,OAAO2B,IAAI,CAACK,UAAU;EACxB,CAAC;EAAA,OAAAN,oBAAA,CAAA9B,KAAA,OAAAD,SAAA;AAAA;AAQD,SAASsC,iBAAiBA,CAAAC,IAAA,EAQvB;EAAA,IARwB;IACzBC,OAAO;IACPC,kBAAkB;IAClBpC;EAKF,CAAC,GAAAkC,IAAA;EACC,IAAAL,qBAAY,EAAC;IAAEC,OAAO,4CAA4C;IAAE9B;EAAM,CAAC,CAAC;EAC5E;EACA,IAAI,WAAW,IAAImC,OAAO,EAAE;IAC1B,KAAK,IAAIE,QAAQ,IAAIF,OAAO,CAACG,SAAS,EAAE;MACtC;MACA,IAAID,QAAQ,CAACE,IAAI,KAAK,mBAAmB,EAAE;QACzC,IAAAV,qBAAY,EAAC;UACXC,OAAO,mFAAmF;UAC1F9B;QACF,CAAC,CAAC;QACF,IAAIwC,SAAS,GAAG,KAAK;QACrB,KAAK,IAAMtD,KAAK,IAAImD,QAAQ,CAACI,MAAM,CAAC,CAAC,CAAC,CAACvD,KAAK,EAAE;UAC5C,IAAA2C,qBAAY,EAAC;YAAEC,OAAO,KAAAC,MAAA,CAAK7C,KAAK,CAACwD,QAAQ,CAAE;YAAE1C;UAAM,CAAC,CAAC;UACrD,IAAId,KAAK,CAACwD,QAAQ,KAAK,qBAAqB,EAAE;YAC5CF,SAAS,GAAG,IAAI;UAClB;QACF;QACA,IAAIA,SAAS,EAAE;UACb,IAAAX,qBAAY,EAAC;YAAEC,OAAO,sBAAsB;YAAE9B;UAAM,CAAC,CAAC;UACtDqC,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACzD,KAAK,GAAG,qBAAqB;QACjD,CAAC,MAAM;UACL,IAAA2C,qBAAY,EAAC;YAAEC,OAAO,0BAA0B;YAAE9B;UAAM,CAAC,CAAC;QAC5D;MACF;MACA,IAAIqC,QAAQ,CAACE,IAAI,KAAK,qBAAqB,EAAE;QAC3C,IAAIF,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACzD,KAAK,CAAC0D,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC5C;UACAP,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACzD,KAAK,GAAG,MAAM;UAChC;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;UACA;QACF;QACA,IAAImD,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACzD,KAAK,CAAC0D,QAAQ,CAAC,iBAAiB,CAAC,EAAE;UACvD;UACA,IAAAf,qBAAY,EAAC;YACXC,OAAO,uFAAuF;YAC9F9B;UACF,CAAC,CAAC;UACF,OAAO;YACL6C,QAAQ,EAAE,KAAK;YACfC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,UAAU;YAClBC,SAAS,EAAE,KAAK;YAChBb;UACF,CAAC;QACH;MACF;MACA,IAAIE,QAAQ,CAACE,IAAI,KAAK,cAAc,EAAE;QACpC,IAAIF,QAAQ,CAACI,MAAM,CAAC,CAAC,CAAC,CAACvD,KAAK,CAAC0D,QAAQ,CAAC,MAAM,CAAC,EAAE;UAC7C;UACA,IAAAf,qBAAY,EAAC;YACXC,OAAO,oEAAoE;YAC3E9B;UACF,CAAC,CAAC;UACF,IAAI,CAACoC,kBAAkB,EACrB,MAAM,IAAIa,sBAAU,qDAEpB,CAAC;UACHZ,QAAQ,GAAGD,kBAAkB,CAACC,QAAQ,CAAC;UACvC,IAAAR,qBAAY,EAAC;YACXC,OAAO,uFAAuF;YAC9F9B;UACF,CAAC,CAAC;UACF,OAAO;YACL6C,QAAQ,EAAE,IAAI;YACdC,OAAO,EAAE,IAAI;YACbC,MAAM,EAAE,MAAM;YACdC,SAAS,EAAE,IAAI;YACfb;UACF,CAAC;QACH,CAAC,MAAM;UACL;UACAE,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACzD,KAAK,GAAGc,KAAK,CAACkD,WAAW,CAAC,CAAC;QAC/C;MACF;MACA,IAAIb,QAAQ,CAACE,IAAI,KAAK,kBAAkB,EAAE;QACxC;QACAF,QAAQ,CAACM,KAAK,CAAC,CAAC,CAAC,CAACzD,KAAK,GAAGc,KAAK,CAACmD,WAAW,CAAC,CAAC;MAC/C;IACF;IACA,IAAAtB,qBAAY,EAAC;MACXC,OAAO,0DAA0D;MACjE9B;IACF,CAAC,CAAC;IACF;IACA,OAAO;MACL6C,QAAQ,EAAE,IAAI;MACdC,OAAO,EAAE,KAAK;MACdC,MAAM,EAAE,MAAM;MACdC,SAAS,EAAE,IAAI;MACfb;IACF,CAAC;EACH;EACA,IAAAN,qBAAY,EAAC;IACXC,OAAO,0DAA0D;IACjE9B;EACF,CAAC,CAAC;EACF;EACA,OAAO;IACL6C,QAAQ,EAAE,KAAK;IACfC,OAAO,EAAE,KAAK;IACdC,MAAM,EAAE,MAAM;IACdC,SAAS,EAAE,IAAI;IACfb;EACF,CAAC;AACH;;AAEA;AACA;AACA;AACA;AACA,SAASiB,qBAAqBA,CAACpD,KAAY,EAAE;EAC3C,IAAI,CAACA,KAAK,CAACqD,QAAQ,CAAC,CAAC,IAAIrD,KAAK,CAACqD,QAAQ,CAAC,CAAC,KAAKC,kBAAS,CAACC,iBAAiB,EAAE;IACzEvD,KAAK,CAACwD,QAAQ,CACZF,kBAAS,CAACG,yBAAyB,CAACzD,KAAK,CAAC0D,iBAAiB,CAAC,CAAC,CAC/D,CAAC;EACH;AACF;;AAEA;AACA;AACA;AACA;AACA;AAJA,SAKeC,uBAAuBA,CAAAC,GAAA;EAAA,OAAAC,wBAAA,CAAAjE,KAAA,OAAAD,SAAA;AAAA;AAyFtC;AACA;AACA;AACA;AACA;AAJA,SAAAkE,yBAAA;EAAAA,wBAAA,GAAAtE,iBAAA,CAzFA,WAAuCS,KAAY,EAAmB;IACpE,IAAM8D,WAAW,GAAG9D,KAAK,CAAC+D,cAAc,CAAC,CAAC;IAC1C,IAAIC,cAAc,GAAGhE,KAAK,CAAC0D,iBAAiB,CAAC,CAAC;IAE9C,QAAQM,cAAc;MACpB,KAAKV,kBAAS,CAACW,yBAAyB;QACtC,OAAOD,cAAc;MAEvB,KAAKV,kBAAS,CAACY,4BAA4B;QACzC3C,aAAa,GAAGD,gBAAgB;QAChC,OAAO0C,cAAc;MAEvB,KAAKV,kBAAS,CAACa,2BAA2B;QACxC,OAAOH,cAAc;;MAEvB;MACA;QAAS;UACP;UACA,IAAIhE,KAAK,CAACoE,0BAA0B,CAAC,CAAC,EACpC,OAAOd,kBAAS,CAACW,yBAAyB;UAE5C,IAAMI,QAAQ,GAAG,IAAAC,4BAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;UACjD,IAAMC,SAAS,GAAG,IAAAF,4BAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,CAAC,CAC/C,CAAC;UACD,IAAMC,eAAe,GAAG,MAAM;UAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACnG,OAAO,CAACqB,KAAK,CAAC+E,OAAO,CAAC,CAAC,EAAEhE,mBAAmB,CAAC;UAErE,IAAMiE,MAAM,GAAG;YACbC,YAAY,EAAE,CAAC;YACfC,OAAO,EAAE;cACP,CAAClF,KAAK,CAACmF,aAAa,CAAC,CAAC,GAAGnF,KAAK,CAAC+D,cAAc,CAAC;YAChD;UACF,CAAC;UACD,IAAIqB,YAAY,mBAAArD,MAAA,CAAmB8C,WAAW,aAAA9C,MAAA,CAAUf,mBAAmB,oCAAAe,MAAA,CAAiCV,YAAY,YAAAU,MAAA,CAAS+B,WAAW,qCAAA/B,MAAA,CAAkCyC,SAAS,6BAAAzC,MAAA,CAA0B6C,eAAe,CAAE;UAElOZ,cAAc,GAAGV,kBAAS,CAACa,2BAA2B;UACtD,IAAI;YACF,MAAM,IAAAkB,wBAAS,EAAC;cACdC,SAAS,EAAEtF,KAAK,CAAC+E,OAAO,CAAC,CAAC;cAC1BpD,IAAI,EAAEyD,YAAY;cAClBJ,MAAM;cACNhF;YACF,CAAC,CAAC;UACJ,CAAC,CAAC,OAAOuF,CAAC,EAAE;YAAA,IAAAC,WAAA,EAAAC,mBAAA;YACV;YACA,IACE,EAAAD,WAAA,GAAAD,CAAC,CAACG,QAAQ,cAAAF,WAAA,uBAAVA,WAAA,CAAYG,MAAM,MAAK,GAAG,IAC1B,EAAAF,mBAAA,GAAAF,CAAC,CAACG,QAAQ,CAACR,OAAO,cAAAO,mBAAA,gBAAAA,mBAAA,GAAlBA,mBAAA,CAAoBG,QAAQ,cAAAH,mBAAA,uBAA5BA,mBAAA,CAA8BI,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACnD;cACA,IAAAC,uBAAc,EAAC;gBACbhE,OAAO,EAAE,2BAA2B,YAAY,CAAC,eAAe;gBAChE9B;cACF,CAAC,CAAC;cACFgE,cAAc,GAAGV,kBAAS,CAACW,yBAAyB;YACtD,CAAC,MAAM;cACL,IAAI;gBACFmB,YAAY,mBAAArD,MAAA,CAAmB8C,WAAW,aAAA9C,MAAA,CAAUd,sBAAsB,oCAAAc,MAAA,CAAiCT,gBAAgB,YAAAS,MAAA,CAAS/B,KAAK,CAAC+D,cAAc,CAAC,CAAC,qCAAAhC,MAAA,CAAkCyC,SAAS,6BAAAzC,MAAA,CAA0B6C,eAAe,CAAE;gBAChP,MAAM,IAAAS,wBAAS,EAAC;kBACdC,SAAS,EAAEtF,KAAK,CAAC+E,OAAO,CAAC,CAAC;kBAC1BpD,IAAI,EAAEyD,YAAY;kBAClBJ,MAAM;kBACNhF;gBACF,CAAC,CAAC;cACJ,CAAC,CAAC,OAAO+F,EAAE,EAAE;gBAAA,IAAAC,YAAA,EAAAC,oBAAA;gBACX,IACE,EAAAD,YAAA,GAAAD,EAAE,CAACL,QAAQ,cAAAM,YAAA,uBAAXA,YAAA,CAAaL,MAAM,MAAK,GAAG,IAC3B,EAAAM,oBAAA,GAAAF,EAAE,CAACL,QAAQ,CAACR,OAAO,cAAAe,oBAAA,gBAAAA,oBAAA,GAAnBA,oBAAA,CAAqBL,QAAQ,cAAAK,oBAAA,uBAA7BA,oBAAA,CAA+BJ,OAAO,CAAC,OAAO,CAAC,IAAG,CAAC,CAAC,EACpD;kBACAtE,aAAa,GAAGD,gBAAgB;kBAChC,IAAAwE,uBAAc,EAAC;oBACbhE,OAAO,EAAE,sBAAsB,YAAY,CAAC,eAAe;oBAC3D9B;kBACF,CAAC,CAAC;kBACFgE,cAAc,GAAGV,kBAAS,CAACY,4BAA4B;gBACzD,CAAC,MAAM;kBACL,IAAA4B,uBAAc,EAAC;oBACbhE,OAAO,EAAE,qBAAqB,YAAY,CAAC,eAAe;oBAC1D9B;kBACF,CAAC,CAAC;gBACJ;cACF;YACF;UACF;UACA,OAAOgE,cAAc;QACvB;IACF;EACF,CAAC;EAAA,OAAAH,wBAAA,CAAAjE,KAAA,OAAAD,SAAA;AAAA;AAOD,SAASuG,kBAAkBA,CAACC,WAAW,EAAE;EACvC,IAAI,SAAS,IAAIA,WAAW,EAAE;IAC5B,IAAMC,aAAa,GAAGD,WAAW,CAACE,OAAO;IACzC,IAAMC,EAAE,GAAG,8BAA8B;IACzC,IAAMD,OAAO,GAAGD,aAAa,CAACG,KAAK,CAACD,EAAE,CAAC;IACvC,OAAOD,OAAO,CAAC,CAAC,CAAC;EACnB;EACA,MAAM,IAAIG,KAAK,CAAC,2DAA2D,CAAC;AAC9E;AAUA;AACA;AACA;AACA;AACA;AAJA,SAKeC,wBAAwBA,CAAAC,GAAA;EAAA,OAAAC,yBAAA,CAAA/G,KAAA,OAAAD,SAAA;AAAA;AAiEvC;AACA;AACA;AACA;AACA;AAJA,SAAAgH,0BAAA;EAAAA,yBAAA,GAAApH,iBAAA,CAjEA,WAAAqH,KAAA,EAMiC;IAAA,IANO;MACtCxE,kBAAkB;MAClBpC;IAIF,CAAC,GAAA4G,KAAA;IACC,IAAA/E,qBAAY,EAAC;MACXC,OAAO,mDAAmD;MAC1D9B;IACF,CAAC,CAAC;IACF,IAAMgF,MAAM,GAAG;MACbE,OAAO,EAAE;QACP,mBAAmB,EAAElF,KAAK,CAACkD,WAAW,CAAC,CAAC;QACxC,mBAAmB,EAAElD,KAAK,CAACmD,WAAW,CAAC;MACzC;IACF,CAAC;IACD,IAAIuC,QAAQ,SAAS,IAAAmB,qBAAI,EAAC;MAAEC,IAAI,EAAE,CAAC,CAAC;MAAE9B,MAAM;MAAEhF;IAAM,CAAC,CAAC;IAEtD,IAAI+G,OAAO,GAAG,IAAI;IAClB,IAAIC,KAAK,GAAG,CAAC;IACb,IAAMC,QAAQ,GAAG,CAAC;IAClB,GAAG;MACDF,OAAO,GAAG9E,iBAAiB,CAAC;QAC1BE,OAAO,EAAEuD,QAAQ;QACjBtD,kBAAkB,EAAEA,kBAAkB;QACtCpC;MACF,CAAC,CAAC;;MAEF;MACA,IAAI,CAAC+G,OAAO,CAAC/D,SAAS,EAAE;QACtB,MAAM,IAAIwD,KAAK,4BAAAzE,MAAA,CAA4BgF,OAAO,CAAChE,MAAM,CAAE,CAAC;MAC9D;MAEA,IAAIgE,OAAO,CAAClE,QAAQ,EAAE;QACpBmE,KAAK,EAAE;QACPtB,QAAQ,SAAS,IAAAmB,qBAAI,EAAC;UAAEC,IAAI,EAAEC,OAAO,CAAC5E,OAAO;UAAEnC;QAAM,CAAC,CAAC;MACzD;MAEA,IAAI,SAAS,IAAI0F,QAAQ,EAAE;QACzBA,QAAQ,CAAC,YAAY,CAAC,GAAG,KAAK;QAC9B;QACA,IAAMwB,WAAW,SAAS,IAAAC,0BAAc,EAAC;UACvCC,OAAO,EAAE1B,QAAQ,CAAC,SAAS,CAAC;UAC5B1F;QACF,CAAC,CAAC;QACF0F,QAAQ,CAAC,SAAS,CAAC,GAAG2B,IAAI,CAACC,KAAK,CAACJ,WAAW,CAACK,qBAAqB,CAAC;QACnE,IAAA1F,qBAAY,EAAC;UACXC,OAAO,4DAAAC,MAAA,CAA4D2D,QAAQ,CAAC,SAAS,CAAC,MAAG;UACzF1F;QACF,CAAC,CAAC;QACF,IAAA6B,qBAAY,EAAC;UACXC,OAAO,EAAE4D,QAAQ;UACjB1F;QACF,CAAC,CAAC;QACF,OAAO0F,QAAQ;MACjB;IACF,CAAC,QAAQqB,OAAO,CAAClE,QAAQ,IAAImE,KAAK,GAAGC,QAAQ;IAC7C,IAAApF,qBAAY,EAAC;MACXC,OAAO,8DAA8D;MACrE9B;IACF,CAAC,CAAC;IACF,OAAO,IAAI;EACb,CAAC;EAAA,OAAA2G,yBAAA,CAAA/G,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOc6H,mBAAmBA,CAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,oBAAA,CAAA/H,KAAA,OAAAD,SAAA;AAAA;AA6ClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AAPA,SAAAgI,qBAAA;EAAAA,oBAAA,GAAApI,iBAAA,CA7CA,WACEqI,WAA4B,EAC5B5H,KAAY,EACkB;IAC9B,IAAA6B,qBAAY,EAAC;MACXC,OAAO,8CAA8C;MACrD9B;IACF,CAAC,CAAC;IACF,IAAI6H,KAA0B,GAAG,IAAI;IACrC,IAAI7H,KAAK,CAAC8H,gBAAgB,CAAC,CAAC,WAAW,IAAAC,kCAAmB,EAAC;MAAE/H;IAAM,CAAC,CAAC,CAAC,EAAE;MACtE,IAAI;QACF6H,KAAK,SAAS,IAAAG,mCAAoB,EAAC;UAAEhI;QAAM,CAAC,CAAC;QAC7C6H,KAAK,CAACI,UAAU,GAAG,IAAI;QACvB,IAAApG,qBAAY,EAAC;UACXC,OAAO,+CAA+C;UACtD9B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACd,IAAA0C,qBAAY,EAAC;UACXC,OAAO,0DAA0D;UACjE9B;QACF,CAAC,CAAC;MACJ;IACF;IACA,IAAI,CAAC6H,KAAK,EAAE;MACVA,KAAK,SAASpB,wBAAwB,CAAC;QACrCrE,kBAAkB,EAAEwF,WAAW;QAC/B5H;MACF,CAAC,CAAC;MACF6H,KAAK,CAACI,UAAU,GAAG,KAAK;MACxB,IAAApG,qBAAY,EAAC;QACXC,OAAO,8CAA8C;QACrD9B;MACF,CAAC,CAAC;IACJ;IACA,IAAIA,KAAK,CAAC8H,gBAAgB,CAAC,CAAC,EAAE;MAC5B,MAAM,IAAAI,mCAAoB,EAAC;QAAEL,KAAK;QAAE7H;MAAM,CAAC,CAAC;IAC9C;IACA,IAAA6B,qBAAY,EAAC;MACXC,OAAO,4CAA4C;MACnD9B;IACF,CAAC,CAAC;IACF,OAAO6H,KAAK;EACd,CAAC;EAAA,OAAAF,oBAAA,CAAA/H,KAAA,OAAAD,SAAA;AAAA;AAAA,SAUcwI,WAAWA,CAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA,EAAAC,GAAA;EAAA,OAAAC,YAAA,CAAA5I,KAAA,OAAAD,SAAA;AAAA;AA2C1B;AACA;AACA;AACA;AACA;AAJA,SAAA6I,aAAA;EAAAA,YAAA,GAAAjJ,iBAAA,CA3CA,WACEsF,WAAmB,EACnB4D,aAAqB,EACrBC,mBAA2B,EAC3B1I,KAAY,EACK;IACjB,IAAI;MAAA,IAAA2I,iBAAA;MACF,IAAMvD,YAAY,mBAAArD,MAAA,CAAmB8C,WAAW,aAAA9C,MAAA,CAC9C/B,KAAK,CAAC0D,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,GAC7DjD,mBAAmB,GACnBC,sBAAsB,oCAAAc,MAAA,CACKR,aAAa,YAAAQ,MAAA,CAAS/B,KAAK,CAAC+D,cAAc,CAAC,CAAC,qCAAAhC,MAAA,CAAkC0G,aAAa,6BAAA1G,MAAA,CAA0B2G,mBAAmB,CAAE;MAC3K,IAAM1D,MAAM,GAAG;QACbE,OAAO,EAAE;UACP,cAAc,EAAE;QAClB,CAAC;QACDD,YAAY,EAAE;MAChB,CAAC;MACD,IAAIS,QAAQ,GAAG5F,SAAS;MACxB,IAAI;QACF4F,QAAQ,SAAS,IAAAL,wBAAS,EAAC;UACzBC,SAAS,EAAEtF,KAAK,CAAC+E,OAAO,CAAC,CAAC;UAC1BpD,IAAI,EAAEyD,YAAY;UAClBJ,MAAM;UACNhF;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACduG,QAAQ,GAAGvG,KAAK,CAACuG,QAAQ;QACzB,IAAIA,QAAQ,CAACC,MAAM,GAAG,GAAG,IAAID,QAAQ,CAACC,MAAM,GAAG,GAAG,EAAE;UAClD,MAAMxG,KAAK;QACb;MACF;MACA,IAAMyJ,mBAAmB,IAAAD,iBAAA,GAAGjD,QAAQ,CAACR,OAAO,cAAAyD,iBAAA,uBAAhBA,iBAAA,CAAkB/C,QAAQ;MACtD,IAAMiD,WAAW,GAAG/D,YAAG,CAACwC,KAAK,CAACsB,mBAAmB,EAAE,IAAI,CAAC,CAACE,KAAK;MAC9D,IAAI,MAAM,IAAID,WAAW,EAAE;QACzB,OAAOA,WAAW,CAACE,IAAI;MACzB;MACA,MAAM,IAAI9F,sBAAU,uBAAuB,CAAC;IAC9C,CAAC,CAAC,OAAO9D,KAAK,EAAE;MACd,MAAM,IAAI8D,sBAAU,6BAA6B9D,KAAK,CAAC;IACzD;EACF,CAAC;EAAA,OAAAqJ,YAAA,CAAA5I,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOcqJ,uBAAuBA,CAAAC,IAAA;EAAA,OAAAC,wBAAA,CAAAtJ,KAAA,OAAAD,SAAA;AAAA;AA2DtC;AACA;AACA;AACA;AACA;AAJA,SAAAuJ,yBAAA;EAAAA,wBAAA,GAAA3J,iBAAA,CA3DA,WAAA4J,KAAA,EAIiC;IAAA,IAJM;MACrCnJ;IAGF,CAAC,GAAAmJ,KAAA;IACC,IAAAtH,qBAAY,EAAC;MACXC,OAAO,gDAAgD;MACvD9B;IACF,CAAC,CAAC;IACF,IAAI;MACF,IAAMqE,QAAQ,GAAG,IAAAC,4BAAe,EAAC,IAAAC,mBAAW,EAAC,EAAE,CAAC,CAAC;MACjD,IAAMC,SAAS,GAAG,IAAAF,4BAAe,EAC/B,IAAAG,kBAAU,EAAC,QAAQ,CAAC,CAACC,MAAM,CAACL,QAAQ,CAAC,CAACM,MAAM,CAAC,CAC/C,CAAC;MACD,IAAMC,eAAe,GAAG,MAAM;MAC9B,IAAMC,WAAW,GAAGC,YAAG,CAACnG,OAAO,CAACqB,KAAK,CAAC+E,OAAO,CAAC,CAAC,EAAEhE,mBAAmB,CAAC;MACrE,IAAMqI,QAAQ,SAASjB,WAAW,CAChCtD,WAAW,EACXL,SAAS,EACTI,eAAe,EACf5E,KACF,CAAC;MACD,IAAI0F,QAA6B,GAAG,IAAI;MACxC,IAAI1F,KAAK,CAAC0D,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,EAAE;QACrE,IAAMe,MAAM,GAAG;UACbqE,IAAI,EAAE;YACJC,QAAQ,EAAE/H,aAAa;YACvBgI,QAAQ,EAAEzI;UACZ;QACF,CAAC;QACD,IAAMsE,YAAY,mBAAArD,MAAA,CAAmB8C,WAAW,0CAAA9C,MAAA,CAAuCqH,QAAQ,qBAAArH,MAAA,CAAkBsC,QAAQ,CAAE;QAC3HqB,QAAQ,SAAS,IAAA8D,0BAAW,EAAC;UAC3BlE,SAAS,EAAEtF,KAAK,CAAC+E,OAAO,CAAC,CAAC;UAC1BpD,IAAI,EAAEyD,YAAY;UAClBJ,MAAM;UACNhF;QACF,CAAC,CAAC;MACJ,CAAC,MAAM;QACL,IAAMoF,aAAY,gBAAArD,MAAA,CAAgBR,aAAa,oBAAAQ,MAAA,CAAiB8C,WAAW,0CAAA9C,MAAA,CAAuCqH,QAAQ,qBAAArH,MAAA,CAAkBsC,QAAQ,CAAE;QACtJqB,QAAQ,SAAS,IAAA8D,0BAAW,EAAC;UAC3BlE,SAAS,EAAEtF,KAAK,CAAC+E,OAAO,CAAC,CAAC;UAC1BpD,IAAI,EAAEyD,aAAY;UAClBJ,MAAM,EAAE,CAAC,CAAC;UACVhF;QACF,CAAC,CAAC;MACJ;MACA,IAAI,cAAc,IAAI0F,QAAQ,EAAE;QAC9B,IAAA7D,qBAAY,EAAC;UACXC,OAAO,yDAAyD;UAChE9B;QACF,CAAC,CAAC;QACF,OAAO0F,QAAQ;MACjB;MACA,MAAM,IAAIzC,sBAAU,8BAA8B,CAAC;IACrD,CAAC,CAAC,OAAO9D,KAAK,EAAE;MACd,MAAM,IAAI8D,sBAAU,wCAAwC9D,KAAK,CAAC;IACpE;EACF,CAAC;EAAA,OAAA+J,wBAAA,CAAAtJ,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOc8J,kBAAkBA,CAAAC,IAAA;EAAA,OAAAC,mBAAA,CAAA/J,KAAA,OAAAD,SAAA;AAAA;AAAA,SAAAgK,oBAAA;EAAAA,mBAAA,GAAApK,iBAAA,CAAjC,WAAkCS,KAAY,EAAgC;IAC5E,IAAA6B,qBAAY,EAAC;MACXC,OAAO,6CAA6C;MACpD9B;IACF,CAAC,CAAC;IACF,IAAI6H,KAA0B,GAAG,IAAI;IACrC,IAAI7H,KAAK,CAAC8H,gBAAgB,CAAC,CAAC,WAAW,IAAA8B,iCAAkB,EAAC;MAAE5J;IAAM,CAAC,CAAC,CAAC,EAAE;MACrE,IAAI;QACF6H,KAAK,SAAS,IAAAgC,kCAAmB,EAAC;UAAE7J;QAAM,CAAC,CAAC;QAC5C6H,KAAK,CAACI,UAAU,GAAG,IAAI;QACvB,IAAApG,qBAAY,EAAC;UACXC,OAAO,oDAAoD;UAC3D9B;QACF,CAAC,CAAC;MACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;QACd,IAAA0C,qBAAY,EAAC;UACXC,OAAO,+DAA+D;UACtE9B;QACF,CAAC,CAAC;MACJ;IACF;IACA,IAAI,CAAC6H,KAAK,EAAE;MACVA,KAAK,SAASmB,uBAAuB,CAAC;QAAEhJ;MAAM,CAAC,CAAC;MAChD6H,KAAK,CAACI,UAAU,GAAG,KAAK;MACxB,IAAApG,qBAAY,EAAC;QACXC,OAAO,mDAAmD;QAC1D9B;MACF,CAAC,CAAC;IACJ;IACA,IAAIA,KAAK,CAAC8H,gBAAgB,CAAC,CAAC,EAAE;MAC5B,MAAM,IAAAgC,kCAAmB,EAAC;QAAEjC,KAAK;QAAE7H;MAAM,CAAC,CAAC;IAC7C;IACA,OAAO6H,KAAK;EACd,CAAC;EAAA,OAAA8B,mBAAA,CAAA/J,KAAA,OAAAD,SAAA;AAAA;AAED,SAASoK,aAAaA,CAACC,gBAAwB,EAAEC,IAAY,EAAE;EAC7D,IAAMC,CAAC,GAAG,IAAAC,2BAAQ,EAACF,IAAI,CAAC;EACxB,IAAMG,GAAG,MAAArI,MAAA,CAAMmI,CAAC,CAACG,MAAM,OAAAtI,MAAA,CACrBmI,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACI,IAAI,GAAGJ,CAAC,CAACK,QAAQ,KAAK,OAAO,GAAG,KAAK,GAAG,IAAI,EAAAxI,MAAA,CACtDmI,CAAC,CAACM,QAAQ,yBAAsB;;EAEnC;EACA,IAAMC,GAAG,GAAGC,IAAI,CAACC,KAAK,CAAC,IAAItD,IAAI,CAAC,CAAC,CAACuD,OAAO,CAAC,CAAC,GAAG,IAAI,GAAG,GAAG,CAAC;;EAEzD;EACA,IAAMC,GAAG,GAAG,IAAAC,QAAE,EAAC,CAAC;EAEhB,IAAMC,GAAG,GAAGf,gBAAgB;EAC5B,IAAMgB,GAAG,GAAGhB,gBAAgB;;EAE5B;EACA,IAAM7H,OAAO,GAAG;IAAE4I,GAAG;IAAEC,GAAG;IAAEZ,GAAG;IAAEK,GAAG;IAAEI;EAAI,CAAC;EAE3C,OAAO1I,OAAO;AAChB;;AAEA;AACA;AACA;AACA;AACA;AAJA,SAKsBvB,qBAAqBA,CAAAqK,IAAA;EAAA,OAAAC,sBAAA,CAAAtL,KAAA,OAAAD,SAAA;AAAA;AAiE3C;AACA;AACA;AACA;AACA;AAJA,SAAAuL,uBAAA;EAAAA,sBAAA,GAAA3L,iBAAA,CAjEO,WAAA4L,KAAA,EAQ0B;IAAA,IARW;MAC1C1K,IAAI,GAAGX,SAAS;MAChBY,KAAK,GAAGZ,SAAS;MACjBE;IAKF,CAAC,GAAAmL,KAAA;IACC,IAAAtJ,qBAAY,EAAC;MACXC,OAAO,gDAAgD;MACvD9B;IACF,CAAC,CAAC;IACFS,IAAI,GAAGA,IAAI,GAAGA,IAAI,GAAGT,KAAK,CAACoL,mBAAmB,CAAC,CAAC;IAChD1K,KAAK,GAAGA,KAAK,GAAGA,KAAK,GAAGV,KAAK,CAACqL,oBAAoB,CAAC,CAAC;IACpD,IAAMlJ,OAAO,GAAG4H,aAAa,CAACtJ,IAAI,EAAET,KAAK,CAAC+E,OAAO,CAAC,CAAC,CAAC;IACpD,IAAMuG,GAAG,SAAS,IAAAC,6BAAoB,EAACpJ,OAAO,EAAEzB,KAAK,CAAC;IACtD,IAAM8K,KAAK,GAAGxL,KAAK,CAACyL,sBAAsB,CAAC,CAAC,IAAIvK,2BAA2B;IAC3E,IAAMkE,YAAY,gBAAArD,MAAA,CAAgBuJ,GAAG,8FAAAvJ,MAAA,CAA2FyJ,KAAK,CAAE;IACvI,IAAI9F,QAA6B;IACjC,IAAI;MACFA,QAAQ,SAAS,IAAA8D,0BAAW,EAAC;QAC3BlE,SAAS,EAAEtF,KAAK,CAAC+E,OAAO,CAAC,CAAC;QAC1BpD,IAAI,EAAEyD,YAAY;QAClBJ,MAAM,EAAE,CAAC,CAAC;QACVhF;MACF,CAAC,CAAC;IACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;MAAA,IAAAuM,oBAAA;MACd,IAAM7L,GAAe,GAAGV,KAAmB;MAC3C,IACEU,GAAG,CAAC8L,WAAW,IACf9L,GAAG,CAAC+L,gBAAgB,KAAK,eAAe,KAAAF,oBAAA,GACxC7L,GAAG,CAACgM,eAAe,cAAAH,oBAAA,eAAnBA,oBAAA,CAAqBI,UAAU,CAAC,yCAAyC,CAAC,EAC1E;QACA,IAAMC,aAAuB,GAAGlM,GAAG,CAACgM,eAAe,CAChDG,SAAS,CAAC,EAAE,CAAC,CACbC,KAAK,CAAC,GAAG,CAAC;QACb,IAAMC,WAAqB,GAAGV,KAAK,CAACS,KAAK,CAAC,GAAG,CAAC,CAACE,MAAM,CAAEC,EAAE,IAAK;UAC5D,OAAO,CAACL,aAAa,CAACnJ,QAAQ,CAACwJ,EAAE,CAAC;QACpC,CAAC,CAAC;QACF,IAAMhH,cAAY,gBAAArD,MAAA,CAAgBuJ,GAAG,8FAAAvJ,MAAA,CAA2FmK,WAAW,CAAC9K,IAAI,CAC9I,GACF,CAAC,CAAE;QACHsE,QAAQ,SAAS,IAAA8D,0BAAW,EAAC;UAC3BlE,SAAS,EAAEtF,KAAK,CAAC+E,OAAO,CAAC,CAAC;UAC1BpD,IAAI,EAAEyD,cAAY;UAClBJ,MAAM,EAAE,CAAC,CAAC;UACVhF;QACF,CAAC,CAAC;MACJ;IACF;IACA,IAAI,cAAc,IAAI0F,QAAQ,EAAE;MAC9B,IAAA7D,qBAAY,EAAC;QACXC,OAAO,8CAA8C;QACrD9B;MACF,CAAC,CAAC;MACF,OAAO0F,QAAQ;IACjB;IACA,IAAA7D,qBAAY,EAAC;MACXC,OAAO,4EAA4E;MACnF9B;IACF,CAAC,CAAC;IACF,OAAO,IAAI;EACb,CAAC;EAAA,OAAAkL,sBAAA,CAAAtL,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOqB0M,gBAAgBA,CAAAC,IAAA;EAAA,OAAAC,iBAAA,CAAA3M,KAAA,OAAAD,SAAA;AAAA;AA8CtC;AACA;AACA;AACA;AAHA,SAAA4M,kBAAA;EAAAA,iBAAA,GAAAhN,iBAAA,CA9CO,WAAAiN,KAAA,EAI0B;IAAA,IAJM;MACrCxM;IAGF,CAAC,GAAAwM,KAAA;IACC,IAAI;MACF,IAAA3K,qBAAY,EAAC;QACXC,OAAO,2CAA2C;QAClD9B;MACF,CAAC,CAAC;MACF,IAAI6H,KAA0B,GAAG,IAAI;MACrC,IAAI7H,KAAK,CAAC8H,gBAAgB,CAAC,CAAC,WAAW,IAAA2E,+BAAgB,EAAC;QAAEzM;MAAM,CAAC,CAAC,CAAC,EAAE;QACnE,IAAI;UACF6H,KAAK,SAAS,IAAA6E,gCAAiB,EAAC;YAAE1M;UAAM,CAAC,CAAC;UAC1C6H,KAAK,CAACI,UAAU,GAAG,IAAI;UACvB,IAAApG,qBAAY,EAAC;YACXC,OAAO,kDAAkD;YACzD9B;UACF,CAAC,CAAC;QACJ,CAAC,CAAC,OAAOb,KAAK,EAAE;UACd,IAAA0C,qBAAY,EAAC;YACXC,OAAO,6DAA6D;YACpE9B;UACF,CAAC,CAAC;QACJ;MACF;MACA,IAAI,CAAC6H,KAAK,EAAE;QACVA,KAAK,SAASjH,qBAAqB,CAAC;UAAEZ;QAAM,CAAC,CAAC;QAC9C6H,KAAK,CAACI,UAAU,GAAG,KAAK;QACxB,IAAApG,qBAAY,EAAC;UACXC,OAAO,iDAAiD;UACxD9B;QACF,CAAC,CAAC;MACJ;MACA,IAAIA,KAAK,CAAC8H,gBAAgB,CAAC,CAAC,EAAE;QAC5B,MAAM,IAAA6E,gCAAiB,EAAC;UAAE9E,KAAK;UAAE7H;QAAM,CAAC,CAAC;MAC3C;MACA,OAAO6H,KAAK;IACd,CAAC,CAAC,OAAO1I,KAAK,EAAE;MACd,MAAM,IAAI8D,sBAAU,mDAElB9D,KACF,CAAC;IACH;EACF,CAAC;EAAA,OAAAoN,iBAAA,CAAA3M,KAAA,OAAAD,SAAA;AAAA;AAAA,SAMciN,gDAAgDA,CAAAC,IAAA;EAAA,OAAAC,iDAAA,CAAAlN,KAAA,OAAAD,SAAA;AAAA;AA2B/D;AACA;AACA;AACA;AACA;AAJA,SAAAmN,kDAAA;EAAAA,iDAAA,GAAAvN,iBAAA,CA3BA,WACES,KAAY,EACG;IACf,IAAA6B,qBAAY,EAAC;MACXC,OAAO,2EAA2E;MAClF9B;IACF,CAAC,CAAC;IACFA,KAAK,CAAC+M,iBAAiB,OAAOpJ,uBAAuB,CAAC3D,KAAK,CAAC,CAAC;IAC7DoD,qBAAqB,CAACpD,KAAK,CAAC;IAC5B,IAAA6B,qBAAY,EAAC;MACXC,OAAO,6EAAAC,MAAA,CAA6E/B,KAAK,CAACqD,QAAQ,CAAC,CAAC,aAAAtB,MAAA,CAAU/B,KAAK,CAAC0D,iBAAiB,CAAC,CAAC,CAAE;MACzI1D;IACF,CAAC,CAAC;IAEF,IAAMmG,WAAW,SAAS,IAAA6G,mCAAoB,EAAC;MAAEhN;IAAM,CAAC,CAAC;;IAEzD;IACA,IAAA6B,qBAAY,EAAC;MAAEC,OAAO,mBAAAC,MAAA,CAAmBoE,WAAW,CAAC8G,WAAW,CAAE;MAAEjN;IAAM,CAAC,CAAC;IAE5E,IAAMqG,OAAO,SAASH,kBAAkB,CAACC,WAAW,CAAC;IACrDnG,KAAK,CAACkN,YAAY,CAAC7G,OAAO,CAAC;IAC3B,IAAAxE,qBAAY,EAAC;MACXC,OAAO,yEAAyE;MAChF9B;IACF,CAAC,CAAC;EACJ,CAAC;EAAA,OAAA8M,iDAAA,CAAAlN,KAAA,OAAAD,SAAA;AAAA;AAAA,SAOcwN,kBAAkBA,CAAAC,IAAA;EAAA,OAAAC,mBAAA,CAAAzN,KAAA,OAAAD,SAAA;AAAA;AAkBjC;AACA;AACA;AACA;AACA;AACA;AALA,SAAA0N,oBAAA;EAAAA,mBAAA,GAAA9N,iBAAA,CAlBA,WAAkCS,KAAY,EAAmB;IAC/D,IAAIsN,aAAa,WAAAvL,MAAA,CAAW/B,KAAK,CAACkD,WAAW,CAAC,CAAC,CAAE;IACjD,IAAIlD,KAAK,CAACoE,0BAA0B,CAAC,CAAC,EAAE;MACtC,IAAI;QACF,IAAMmJ,IAAI,GAAG,OACL,IAAAC,oCAAiB,EAAC;UACtBxD,gBAAgB,EAAEhK,KAAK,CAACoL,mBAAmB,CAAC,CAAC;UAC7CpL;QACF,CAAC,CAAC,EACFuN,IAAI;QACND,aAAa,sBAAAvL,MAAA,CAAsBwL,IAAI,QAAAxL,MAAA,CAAK/B,KAAK,CAACoL,mBAAmB,CAAC,CAAC,MAAG;MAC5E,CAAC,CAAC,OAAOjM,KAAK,EAAE;QACdmO,aAAa,sBAAAvL,MAAA,CAAsB/B,KAAK,CAACoL,mBAAmB,CAAC,CAAC,CAAE;MAClE;IACF;IACA,OAAOkC,aAAa;EACtB,CAAC;EAAA,OAAAD,mBAAA,CAAAzN,KAAA,OAAAD,SAAA;AAAA;AAQD,SAAS8N,mBAAmBA,CAC1BtN,gBAAyB,EACzBE,WAAoB,EACpBL,KAAY,EACZ;EACA,IAAI0N,KAAK,GAAG1N,KAAK,CAAC2N,mBAAmB,CAAC,CAAC;EACvC;EACA,IAAID,KAAK,EAAE;IACT,IAAA7L,qBAAY,EAAC;MACXC,OAAO,8DAA8D;MACrE9B;IACF,CAAC,CAAC;IACF4N,YAAY,CAACF,KAAK,CAAC;EACrB;EACA;EACA,IAAIrN,WAAW,EAAE;IAAA,IAAAwN,qBAAA,EAAAC,qBAAA,EAAAC,sBAAA,EAAAC,sBAAA;IACf,IAAMC,OAAO,GACXjO,KAAK,CAAC0D,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACa,2BAA2B,IAAA0J,qBAAA,GAC/D7N,KAAK,CAACkO,uBAAuB,CAAC,CAAC,cAAAL,qBAAA,uBAA/BA,qBAAA,CAAiCI,OAAO,GACxCjO,KAAK,CAACoE,0BAA0B,CAAC,CAAC,IAAA0J,qBAAA,GAChC9N,KAAK,CAACmO,kBAAkB,CAAC,CAAC,cAAAL,qBAAA,uBAA1BA,qBAAA,CAA4BG,OAAO,GACnCvD,IAAI,CAAC0D,GAAG,EAAAL,sBAAA,GACN/N,KAAK,CAACmO,kBAAkB,CAAC,CAAC,cAAAJ,sBAAA,uBAA1BA,sBAAA,CAA4BE,OAAO,GAAAD,sBAAA,GACnChO,KAAK,CAACkO,uBAAuB,CAAC,CAAC,cAAAF,sBAAA,uBAA/BA,sBAAA,CAAiCC,OACnC,CAAC;IACT,IAAII,OAAO,GAAGJ,OAAO,GAAG5G,IAAI,CAACiH,GAAG,CAAC,CAAC,GAAG,IAAI,GAAG,EAAE;IAC9C,IAAID,OAAO,GAAG,IAAI,GAAG,EAAE,EAAE;MACvB,IAAAxM,qBAAY,EAAC;QACXC,OAAO,4CAAAC,MAAA,CAA4C2I,IAAI,CAAC6D,IAAI,CAC1DF,OAAO,GAAG,IACZ,CAAC,kCAA+B;QAChCrO;MACF,CAAC,CAAC;MACF,IAAIqO,OAAO,GAAG,EAAE,EAAEA,OAAO,GAAG,EAAE;IAChC;IACA,IAAAxM,qBAAY,EAAC;MACXC,OAAO,yDAAAC,MAAA,CAAyD2I,IAAI,CAACC,KAAK,CACxE0D,OAAO,GAAG,IACZ,CAAC,SAAAtM,MAAA,CAAM,IAAIsF,IAAI,CAACgH,OAAO,CAAC,CAACG,UAAU,CAAC,CAAC,QAAAzM,MAAA,CAAK,IAAIsF,IAAI,CAChDgH,OACF,CAAC,CAACI,UAAU,CAAC,CAAC,QAAK;MACnBzO;IACF,CAAC,CAAC;IACF0N,KAAK,GAAGgB,UAAU,CAACzO,SAAS,EAAEoO,OAAO,EAAE;MACrClO,gBAAgB;MAChBE,WAAW;MACXL;MACA;IACF,CAAC,CAA8B;IAC/BA,KAAK,CAAC2O,mBAAmB,CAACjB,KAAK,CAAC;IAChCA,KAAK,CAACkB,KAAK,CAAC,CAAC;EACf;AACF;AAUA;AACA;AACA;AACA;AACA;AACA;AACA;AANA,SAOsB3O,SAASA,CAAA4O,IAAA;EAAA,OAAAC,UAAA,CAAAlP,KAAA,OAAAD,SAAA;AAAA;AAAA,SAAAmP,WAAA;EAAAA,UAAA,GAAAvP,iBAAA,CAAxB,WAAAwP,KAAA,EAUa;IAAA,IAVY;MAC9B5O,gBAAgB,GAAG,KAAK;MACxBE,WAAW,GAAG,IAAI;MAClBC,eAAe,GAAG,IAAI;MACtBN;IAMF,CAAC,GAAA+O,KAAA;IACC,IAAAlN,qBAAY,EAAC;MAAEC,OAAO,oCAAoC;MAAE9B;IAAM,CAAC,CAAC;IACpE,IAAI,CAACA,KAAK,CAAC+E,OAAO,CAAC,CAAC,EAAE;MACpB,MAAM,IAAI9B,sBAAU,oBAAoB,CAAC;IAC3C;IACA,IAAI+L,sBAA+B,GAAG,KAAK;IAC3C,IAAI;MACF;MACA,IACEhP,KAAK,CAACkD,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3BlD,KAAK,CAACmD,WAAW,CAAC,CAAC,IAAI,IAAI,IAC3B,CAACnD,KAAK,CAACoL,mBAAmB,CAAC,CAAC,IAC5B,CAACpL,KAAK,CAACqL,oBAAoB,CAAC,CAAC,EAC7B;QACA,IAAM4D,IAAI,SAAS,IAAAC,0CAAoB,EAAC;UAAElP;QAAM,CAAC,CAAC;QAClDgP,sBAAsB,GAAG,IAAI;QAC7BhP,KAAK,CAACmP,OAAO,CAACF,IAAI,CAACG,MAAM,CAAC;QAC1BpP,KAAK,CAAC+M,iBAAiB,CAACkC,IAAI,CAACjL,cAAc,CAAC;QAC5ChE,KAAK,CAACqP,WAAW,CAACJ,IAAI,CAAC3F,QAAQ,CAAC;QAChCtJ,KAAK,CAACsP,WAAW,CAACL,IAAI,CAAC1F,QAAQ,CAAC;QAChCvJ,KAAK,CAACuP,wBAAwB,CAACN,IAAI,CAACO,qBAAqB,CAAC;QAC1DxP,KAAK,CAACyP,gCAAgC,CACpCR,IAAI,CAACS,6BACP,CAAC;QACD1P,KAAK,CAAC2P,mBAAmB,CAACV,IAAI,CAACW,SAAS,CAAC;QACzC5P,KAAK,CAAC6P,oBAAoB,CAACZ,IAAI,CAACa,UAAU,CAAC;QAC3C9P,KAAK,CAAC+P,sBAAsB,CAACd,IAAI,CAACe,YAAY,CAAC;MACjD;;MAEA;MACA,IAAI,CAAC,IAAAC,6BAAU,EAACjQ,KAAK,CAAC+E,OAAO,CAAC,CAAC,CAAC,EAAE;QAChC,IAAMkK,KAAI,SAAS,IAAAC,0CAAoB,EAAC;UAAElP;QAAM,CAAC,CAAC;QAClDA,KAAK,CAACmP,OAAO,CAACF,KAAI,CAACG,MAAM,CAAC;QAC1BpP,KAAK,CAAC+M,iBAAiB,CAACkC,KAAI,CAACjL,cAAc,CAAC;MAC9C;;MAEA;MACAhE,KAAK,CAACkQ,aAAa,OAAO1O,mBAAmB,CAACxB,KAAK,CAAC,CAAC;;MAErD;MACA,IACE,CAACG,gBAAgB,IACjBH,KAAK,CAACoL,mBAAmB,CAAC,CAAC,IAC3BpL,KAAK,CAACqL,oBAAoB,CAAC,CAAC,EAC5B;QACA,IAAAxJ,qBAAY,EAAC;UACXC,OAAO,oEAAAC,MAAA,CAAoE/B,KAAK,CAACoL,mBAAmB,CAAC,CAAC,CAAE;UACxGpL;QACF,CAAC,CAAC;QACF,IAAI;UACF,IAAM6H,KAAK,SAASwE,gBAAgB,CAAC;YAAErM;UAAM,CAAC,CAAC;UAC/CA,KAAK,CAACmQ,kBAAkB,CAACtI,KAAK,CAAC;UAC/B,IAAImH,sBAAsB,IAAI,CAACnH,KAAK,CAACI,UAAU,EAAE;YAC/C,IAAAmI,2CAAqB,EAAC;cAAEnG,IAAI,EAAEjK,KAAK,CAAC+E,OAAO,CAAC,CAAC;cAAE/E;YAAM,CAAC,CAAC;UACzD;UACAA,KAAK,CAACqQ,0BAA0B,CAAC,IAAI,CAAC;UACtC,MAAMzD,gDAAgD,CAAC5M,KAAK,CAAC;QAC/D,CAAC,CAAC,OAAOsQ,KAAK,EAAE;UACd,MAAM,IAAIrN,sBAAU,gCAAgCqN,KAAK,CAAC;QAC5D;MACF;MACA;MAAA,KACK,IAAItQ,KAAK,CAACkD,WAAW,CAAC,CAAC,IAAIlD,KAAK,CAACmD,WAAW,CAAC,CAAC,EAAE;QACnD,IAAAtB,qBAAY,EAAC;UACXC,OAAO,iEAAAC,MAAA,CAAiE/B,KAAK,CAACkD,WAAW,CAAC,CAAC,CAAE;UAC7FlD;QACF,CAAC,CAAC;QACF,IAAM6H,MAAK,SAASL,mBAAmB,CAAClH,eAAe,EAAEN,KAAK,CAAC;QAC/D,IAAI6H,MAAK,EAAE7H,KAAK,CAACuQ,uBAAuB,CAAC1I,MAAK,CAAC;QAC/C,MAAM+E,gDAAgD,CAAC5M,KAAK,CAAC;QAC7D,IACEA,KAAK,CAAC+D,cAAc,CAAC,CAAC;QACtB;QACC/D,KAAK,CAAC0D,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACW,yBAAyB,IAChEjE,KAAK,CAAC0D,iBAAiB,CAAC,CAAC,KAAKJ,kBAAS,CAACY,4BAA4B,CAAC,EACvE;UACA,IAAMsF,YAAW,SAASC,kBAAkB,CAACzJ,KAAK,CAAC;UACnD,IAAIwJ,YAAW,EAAExJ,KAAK,CAACmQ,kBAAkB,CAAC3G,YAAW,CAAC;QACxD;MACF;MACA;MAAA,KACK;QACH,MAAM,IAAIvG,sBAAU,+BAA+B,CAAC;MACtD;MACA,IACEjD,KAAK,CAAC+D,cAAc,CAAC,CAAC,IACrB/D,KAAK,CAACoE,0BAA0B,CAAC,CAAC,IAAIpE,KAAK,CAACwQ,cAAc,CAAC,CAAE,EAC9D;QAAA,IAAAC,sBAAA,EAAAC,sBAAA;QACA,KAAAD,sBAAA,GAAIzQ,KAAK,CAACmO,kBAAkB,CAAC,CAAC,cAAAsC,sBAAA,eAA1BA,sBAAA,CAA4BxI,UAAU,EAAE;UAC1C,IAAAnC,uBAAc,EAAC;YAAEhE,OAAO,8BAA8B;YAAE9B;UAAM,CAAC,CAAC;QAClE;QACA,IACE,CAACA,KAAK,CAACoE,0BAA0B,CAAC,CAAC,KAAAsM,sBAAA,GACnC1Q,KAAK,CAACkO,uBAAuB,CAAC,CAAC,cAAAwC,sBAAA,eAA/BA,sBAAA,CAAiCzI,UAAU,EAC3C;UACA,IAAAnC,uBAAc,EAAC;YAAEhE,OAAO,+BAA+B;YAAE9B;UAAM,CAAC,CAAC;QACnE;QACAyN,mBAAmB,CAACtN,gBAAgB,EAAEE,WAAW,EAAEL,KAAK,CAAC;QACzD,IAAM2Q,MAAc,GAAG;UACrBC,WAAW,EAAE5Q,KAAK,CAACmO,kBAAkB,CAAC,CAAC;UACvC0C,gBAAgB,EAAE7Q,KAAK,CAACkO,uBAAuB,CAAC,CAAC;UACjD4C,OAAO,QAAQ3D,kBAAkB,CAACnN,KAAK,CAAC;UACxCiK,IAAI,EAAEjK,KAAK,CAAC+E,OAAO,CAAC,CAAC;UACrBgM,KAAK,EAAE/Q,KAAK,CAACqD,QAAQ,CAAC,CAAC,GAAGrD,KAAK,CAACqD,QAAQ,CAAC,CAAC,GAAG;QAC/C,CAAC;QACD,IAAAxB,qBAAY,EAAC;UACXC,OAAO,8CAA8C;UACrD9B;QACF,CAAC,CAAC;QACF;QACA,OAAO2Q,MAAM;MACf;IACF,CAAC,CAAC,OAAOxR,KAAK,EAAE;MACd,MAAM,IAAI8D,sBAAU,yBAAyB9D,KAAK,CAAC;IACrD;EACF,CAAC;EAAA,OAAA2P,UAAA,CAAAlP,KAAA,OAAAD,SAAA;AAAA"}
package/cjs/ops/ConnectionProfileOps.js CHANGED
@@ -310,7 +310,8 @@ function _getConnectionProfileByHost() {
310
310
  authenticationHeaderOverrides: profiles[0].authenticationHeaderOverrides ? profiles[0].authenticationHeaderOverrides : {},
311
311
  svcacctName: profiles[0].svcacctName ? profiles[0].svcacctName : null,
312
312
  svcacctId: profiles[0].svcacctId ? profiles[0].svcacctId : null,
313
- svcacctJwk: profiles[0].encodedSvcacctJwk ? yield dataProtection.decrypt(profiles[0].encodedSvcacctJwk) : null
313
+ svcacctJwk: profiles[0].encodedSvcacctJwk ? yield dataProtection.decrypt(profiles[0].encodedSvcacctJwk) : null,
314
+ svcacctScope: profiles[0].svcacctScope ? profiles[0].svcacctScope : null
314
315
  };
315
316
  });
316
317
  return _getConnectionProfileByHost.apply(this, arguments);
@@ -435,7 +436,12 @@ function _saveConnectionProfile() {
435
436
  })).name;
436
437
  }
437
438
  }
438
- if (state.getServiceAccountJwk()) profile.encodedSvcacctJwk = yield dataProtection.encrypt(state.getServiceAccountJwk());
439
+ if (state.getServiceAccountJwk()) {
440
+ profile.encodedSvcacctJwk = yield dataProtection.encrypt(state.getServiceAccountJwk());
441
+ }
442
+ if (state.getBearerTokenMeta() && state.getBearerTokenMeta().scope !== profile.svcacctScope) {
443
+ profile.svcacctScope = state.getBearerTokenMeta().scope;
444
+ }
439
445
  // update existing service account profile
440
446
  if (state.getBearerToken() && profile.svcacctId && !profile.svcacctName) {
441
447
  profile.svcacctName = (yield (0, _ServiceAccountOps.getServiceAccount)({
@@ -559,7 +565,7 @@ function _addNewServiceAccount() {
559
565
  state
560
566
  });
561
567
  var description = "".concat(state.getUsername(), "'s Frodo Service Account");
562
- var scope = ['fr:am:*', 'fr:idm:*', 'fr:idc:esv:*'];
568
+ var scope = _ServiceAccountOps.SERVICE_ACCOUNT_DEFAULT_SCOPES;
563
569
  var jwkPrivate = yield (0, _JoseOps.createJwkRsa)();
564
570
  var jwkPublic = yield (0, _JoseOps.getJwkRsaPublic)(jwkPrivate);
565
571
  var jwks = (0, _JoseOps.createJwks)(jwkPublic);