@substrate-system/crypto-stream 0.0.33

package/dist/keychain.cjs

@@ -0,0 +1,344 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var keychain_exports = {};
+__export(keychain_exports, {
+  Keychain: () => Keychain,
+  encryptedSize: () => import_ece2.encryptedSize,
+  plaintextSize: () => import_ece2.plaintextSize
+});
+module.exports = __toCommonJS(keychain_exports);
+var import_one_webcrypto = require("@substrate-system/one-webcrypto");
+var u = __toESM(require("uint8arrays"), 1);
+var import_ece = require("./ece.js");
+var import_util = require("./util.js");
+var import_ece2 = require("./ece.js");
+const IV_LENGTH = 12;
+const encoder = new TextEncoder();
+class Keychain {
+  static {
+    __name(this, "Keychain");
+  }
+  key;
+  salt;
+  mainKeyPromise;
+  metaKeyPromise;
+  authTokenPromise;
+  constructor(key, salt) {
+    this.key = decodeBits(key);
+    this.salt = decodeBits(salt);
+    this.mainKeyPromise = import_one_webcrypto.webcrypto.subtle.importKey(
+      "raw",
+      this.key,
+      "HKDF",
+      false,
+      ["deriveBits", "deriveKey"]
+    );
+    this.metaKeyPromise = this.mainKeyPromise.then(
+      (mainKey) => import_one_webcrypto.webcrypto.subtle.deriveKey(
+        {
+          name: "HKDF",
+          hash: "SHA-256",
+          salt: this.salt,
+          info: encoder.encode("metadata")
+        },
+        mainKey,
+        {
+          name: "AES-GCM",
+          length: 128
+        },
+        false,
+        ["encrypt", "decrypt"]
+      )
+    );
+    this.authTokenPromise = this.mainKeyPromise.then(
+      (mainKey) => import_one_webcrypto.webcrypto.subtle.deriveBits(
+        {
+          name: "HKDF",
+          hash: "SHA-256",
+          salt: this.salt,
+          info: encoder.encode("authentication")
+        },
+        mainKey,
+        128
+      )
+    ).then((authTokenBuf) => new Uint8Array(authTokenBuf));
+  }
+  /**
+   * Get an authentication header as a static method.
+   */
+  static async AuthHeader(secretKey, salt) {
+    const key = decodeBits(secretKey);
+    const mainKey = await import_one_webcrypto.webcrypto.subtle.importKey(
+      "raw",
+      key,
+      "HKDF",
+      false,
+      ["deriveBits", "deriveKey"]
+    );
+    const token = await import_one_webcrypto.webcrypto.subtle.deriveBits(
+      {
+        name: "HKDF",
+        hash: "SHA-256",
+        salt: decodeBits(salt),
+        info: encoder.encode("authentication")
+      },
+      mainKey,
+      128
+    );
+    return Keychain.Header(arrayToB64(new Uint8Array(token)));
+  }
+  static Header(writeToken) {
+    return `Bearer sync-v1 ${writeToken}`;
+  }
+  /**
+   * Get the main key as a `base64url` encoded string
+   */
+  get keyB64() {
+    return arrayToB64Url(this.key);
+  }
+  /**
+   * Get the salt as base64 string
+   */
+  get saltB64() {
+    return arrayToB64(this.salt);
+  }
+  /**
+   * get a promise for the auth token.
+   * @returns {Promise<Uint8Array>}
+   */
+  async authToken() {
+    return await this.authTokenPromise;
+  }
+  /**
+   * Get the auth token as a base64 string
+   */
+  async authTokenB64() {
+    const authToken = await this.authToken();
+    return arrayToB64(authToken);
+  }
+  /**
+   * Get a header string: `Bearer sync-v1 ${authTokenB64}`.
+   * Pass in a token, or else this will use the `authToken` derived from
+   * the main key.
+   */
+  async authHeader(tokenString) {
+    if (tokenString) {
+      return `Bearer sync-v1 ${tokenString}`;
+    }
+    const authTokenB64 = await this.authTokenB64();
+    return `Bearer sync-v1 ${authTokenB64}`;
+  }
+  /**
+   * Set the auth token
+   * @param authToken The new token
+   */
+  setAuthToken(authToken) {
+    this.authTokenPromise = Promise.resolve(decodeBits(authToken));
+  }
+  /**
+   * Take a stream, return an encrypted stream.
+   * @param stream Input stream
+   * @returns {Promise<ReadableStream>}
+   */
+  async encryptStream(stream) {
+    if (!(stream instanceof ReadableStream)) {
+      throw new TypeError("This is not a readable stream");
+    }
+    const mainKey = await this.mainKeyPromise;
+    return (0, import_ece.encryptStream)(stream, mainKey);
+  }
+  /**
+   * Encrypt and return some data; don't stream.
+   *
+   * NOTE: This generates a new key each time it is called, via
+   * `this.generateKey`.
+   *
+   * @param bytes 
+   * @param {{ iv?:Uint8Array, size?:number }} [opts] Optional params,
+   * `iv` and `size`. If `size` is omitted, default is 16 bytes. `iv` is
+   * a random 12 bits, will be generated if not passed in.
+   * @returns {Promise<Uint8Array>}
+   */
+  async encryptBytes(bytes, opts) {
+    const iv = opts?.iv || (0, import_util.randomBuf)(12);
+    const encryptedRecordBuf = await import_one_webcrypto.webcrypto.subtle.encrypt(
+      {
+        name: "AES-GCM",
+        iv: (0, import_util.asBufferSource)(iv)
+      },
+      await this.generateKey(opts?.size),
+      (0, import_util.asBufferSource)(bytes)
+    );
+    return (0, import_util.joinBufs)(iv, encryptedRecordBuf);
+  }
+  /**
+   * Decrypt in memory, not streaming.
+   */
+  async decryptBytes(bytes) {
+    const key = await this.generateKey();
+    const iv = bytes.slice(0, 12);
+    const cipherBytes = bytes.slice(12);
+    const msgBuf = await import_one_webcrypto.webcrypto.subtle.decrypt({
+      name: "AES-GCM",
+      iv
+    }, key, cipherBytes);
+    return msgBuf;
+  }
+  /**
+   * Derive a new AES-GCM key from the main key.
+   *
+   * @param {number} [keyLength] Optional size for the key, in bytes, eg,
+   * `16` or `32`.
+   * @returns {Promise<CryptoKey>}
+   */
+  async generateKey(keyLength) {
+    const keySize = (keyLength || import_ece.KEY_LENGTH) * 8;
+    return import_one_webcrypto.webcrypto.subtle.deriveKey(
+      {
+        name: "HKDF",
+        hash: "SHA-256",
+        salt: this.salt,
+        info: encoder.encode("Content-Encoding: aes128gcm\0")
+      },
+      await this.mainKeyPromise,
+      {
+        name: "AES-GCM",
+        length: keySize
+      },
+      false,
+      ["encrypt", "decrypt"]
+    );
+  }
+  /**
+   * Take an encrypted stream, return a decrypted stream.
+   * @param encryptedStream The input (encrypted) stream
+   * @returns The decrypted stream
+   */
+  async decryptStream(encryptedStream) {
+    if (!(encryptedStream instanceof ReadableStream)) {
+      throw new TypeError("encryptedStream is not a ReadableStream");
+    }
+    const mainKey = await this.mainKeyPromise;
+    return (0, import_ece.decryptStream)(encryptedStream, mainKey);
+  }
+  /**
+   * Returns an object containing `ranges`, an array of objects
+   * containing `offset` and `length` integers specifying the encrypted byte
+   * ranges that are needed to decrypt the client's specified range, and a
+   * `decrypt` function.
+   *
+   * @param {number} offset Integer
+   * @param {number} length Integer
+   * @param {number} totalEncryptedLength Integer
+   * @returns {Promise<{ ranges, decrypt }>}
+   */
+  async decryptStreamRange(offset, length, totalEncryptedLength) {
+    if (!Number.isInteger(offset)) {
+      throw new TypeError("offset");
+    }
+    if (!Number.isInteger(length)) {
+      throw new TypeError("length");
+    }
+    if (!Number.isInteger(totalEncryptedLength)) {
+      throw new TypeError("totalEncryptedLength");
+    }
+    const mainKey = await this.mainKeyPromise;
+    return (0, import_ece.decryptStreamRange)(mainKey, offset, length, totalEncryptedLength);
+  }
+  async encryptMeta(meta) {
+    if (!(meta instanceof Uint8Array)) {
+      throw new TypeError("`meta` should be Uint8Array");
+    }
+    const iv = import_one_webcrypto.webcrypto.getRandomValues(new Uint8Array(IV_LENGTH));
+    const metaKey = await this.metaKeyPromise;
+    const encryptedMetaBuf = await import_one_webcrypto.webcrypto.subtle.encrypt(
+      {
+        name: "AES-GCM",
+        iv,
+        tagLength: 128
+      },
+      metaKey,
+      (0, import_util.asBufferSource)(meta)
+    );
+    const encryptedMeta = new Uint8Array(encryptedMetaBuf);
+    const ivEncryptedMeta = new Uint8Array(IV_LENGTH + encryptedMeta.byteLength);
+    ivEncryptedMeta.set(iv, 0);
+    ivEncryptedMeta.set(encryptedMeta, IV_LENGTH);
+    return ivEncryptedMeta;
+  }
+  async decryptMeta(ivEncryptedMeta) {
+    if (!(ivEncryptedMeta instanceof Uint8Array)) {
+      throw new Error("ivEncryptedMeta");
+    }
+    const iv = ivEncryptedMeta.slice(0, IV_LENGTH);
+    const encryptedMeta = ivEncryptedMeta.slice(IV_LENGTH);
+    const metaKey = await this.metaKeyPromise;
+    const metaBuf = await import_one_webcrypto.webcrypto.subtle.decrypt(
+      {
+        name: "AES-GCM",
+        iv,
+        tagLength: 128
+      },
+      metaKey,
+      encryptedMeta
+    );
+    const meta = new Uint8Array(metaBuf);
+    return meta;
+  }
+}
+function arrayToB64(array) {
+  return u.toString(array, "base64pad");
+}
+__name(arrayToB64, "arrayToB64");
+function arrayToB64Url(array) {
+  return u.toString(array, "base64url");
+}
+__name(arrayToB64Url, "arrayToB64Url");
+function b64ToArray(str) {
+  return u.fromString(str.replace(/-/g, "+").replace(/_/g, "/"), "base64");
+}
+__name(b64ToArray, "b64ToArray");
+function decodeBits(bitsB64) {
+  let result;
+  if (bitsB64 instanceof Uint8Array) {
+    result = (0, import_util.asBufferSource)(bitsB64);
+  } else if (typeof bitsB64 === "string") {
+    result = b64ToArray(bitsB64);
+  } else if (bitsB64 == null) {
+    result = import_one_webcrypto.webcrypto.getRandomValues(new Uint8Array(16));
+  } else {
+    throw new Error("Must be Uint8Array, string, or nullish");
+  }
+  if (result.byteLength !== 16) {
+    throw new Error("Invalid byteLength: must be 16 bytes");
+  }
+  return result;
+}
+__name(decodeBits, "decodeBits");

package/dist/slice-transformer.cjs

@@ -0,0 +1,75 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __name = (target, value) => __defProp(target, "name", { value, configurable: true });
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var slice_transformer_exports = {};
+__export(slice_transformer_exports, {
+  SliceTransformer: () => SliceTransformer
+});
+module.exports = __toCommonJS(slice_transformer_exports);
+class SliceTransformer {
+  static {
+    __name(this, "SliceTransformer");
+  }
+  chunkSize;
+  restChunkSize;
+  partialChunk;
+  offset;
+  constructor(firstChunkSize, restChunkSize) {
+    this.chunkSize = firstChunkSize;
+    this.restChunkSize = restChunkSize || firstChunkSize;
+    this.partialChunk = new Uint8Array(this.chunkSize);
+    this.offset = 0;
+  }
+  send(record, controller) {
+    controller.enqueue(record);
+    this.chunkSize = this.restChunkSize;
+    this.partialChunk = new Uint8Array(this.chunkSize);
+    this.offset = 0;
+  }
+  transform(chunk, controller) {
+    let i = 0;
+    if (this.offset > 0) {
+      const len = Math.min(chunk.byteLength, this.chunkSize - this.offset);
+      this.partialChunk.set(chunk.subarray(0, len), this.offset);
+      this.offset += len;
+      i += len;
+      if (this.offset === this.chunkSize) {
+        this.send(this.partialChunk, controller);
+      }
+    }
+    while (i < chunk.byteLength) {
+      const remainingBytes = chunk.byteLength - i;
+      if (remainingBytes >= this.chunkSize) {
+        const record = chunk.slice(i, i + this.chunkSize);
+        i += this.chunkSize;
+        this.send(record, controller);
+      } else {
+        const end = chunk.slice(i, i + remainingBytes);
+        i += end.byteLength;
+        this.partialChunk.set(end);
+        this.offset = end.byteLength;
+      }
+    }
+  }
+  flush(controller) {
+    if (this.offset > 0) {
+      controller.enqueue(this.partialChunk.subarray(0, this.offset));
+    }
+  }
+}

package/dist/src/concat-streams.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Concatenates the array of ReadableStreams passed in `inputStreams`
+ * into a single ReadableStream.
+ *
+ * @param {ReadableStream[]} inputStreams
+ * @returns {ReadableStream}
+ */
+export declare function concatStreams(inputStreams: ReadableStream[]): ReadableStream;
+//# sourceMappingURL=concat-streams.d.ts.map

package/dist/src/concat-streams.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"concat-streams.d.ts","sourceRoot":"","sources":["../../src/concat-streams.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,wBAAgB,aAAa,CAAE,YAAY,EAAC,cAAc,EAAE,GAAE,cAAc,CAwC3E"}

package/dist/src/concat-streams.js

@@ -0,0 +1,46 @@
+/**
+ * Concatenates the array of ReadableStreams passed in `inputStreams`
+ * into a single ReadableStream.
+ *
+ * @param {ReadableStream[]} inputStreams
+ * @returns {ReadableStream}
+ */
+export function concatStreams(inputStreams) {
+    let currentReader = null;
+    // Move to the next stream
+    const nextStream = (controller) => {
+        const stream = inputStreams.shift();
+        if (stream !== undefined) {
+            currentReader = stream.getReader();
+        }
+        else {
+            currentReader = null;
+            controller.close();
+        }
+    };
+    return new ReadableStream({
+        start(controller) {
+            nextStream(controller);
+        },
+        async pull(controller) {
+            // eslint-disable-next-line no-unmodified-loop-condition
+            while (currentReader !== null) {
+                const { value, done } = await currentReader.read();
+                if (done) {
+                    nextStream(controller);
+                }
+                else {
+                    controller.enqueue(value);
+                    break;
+                }
+            }
+        },
+        async cancel(reason) {
+            await Promise.all([
+                currentReader && currentReader.cancel(reason),
+                ...inputStreams.map(stream => stream.cancel(reason))
+            ]);
+        }
+    });
+}
+//# sourceMappingURL=concat-streams.js.map

package/dist/src/concat-streams.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"concat-streams.js","sourceRoot":"","sources":["../../src/concat-streams.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAE,YAA6B;IACxD,IAAI,aAAa,GAAoC,IAAI,CAAA;IAEzD,0BAA0B;IAC1B,MAAM,UAAU,GAAG,CAAC,UAAU,EAAE,EAAE;QAC9B,MAAM,MAAM,GAAG,YAAY,CAAC,KAAK,EAAE,CAAA;QACnC,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACvB,aAAa,GAAG,MAAM,CAAC,SAAS,EAAE,CAAA;QACtC,CAAC;aAAM,CAAC;YACJ,aAAa,GAAG,IAAI,CAAA;YACpB,UAAU,CAAC,KAAK,EAAE,CAAA;QACtB,CAAC;IACL,CAAC,CAAA;IAED,OAAO,IAAI,cAAc,CAAC;QACtB,KAAK,CAAE,UAAU;YACb,UAAU,CAAC,UAAU,CAAC,CAAA;QAC1B,CAAC;QAED,KAAK,CAAC,IAAI,CAAE,UAAU;YAClB,wDAAwD;YACxD,OAAO,aAAa,KAAK,IAAI,EAAE,CAAC;gBAC5B,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,aAAa,CAAC,IAAI,EAAE,CAAA;gBAElD,IAAI,IAAI,EAAE,CAAC;oBACP,UAAU,CAAC,UAAU,CAAC,CAAA;gBAC1B,CAAC;qBAAM,CAAC;oBACJ,UAAU,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;oBACzB,MAAK;gBACT,CAAC;YACL,CAAC;QACL,CAAC;QAED,KAAK,CAAC,MAAM,CAAE,MAAM;YAChB,MAAM,OAAO,CAAC,GAAG,CAAC;gBACd,aAAa,IAAI,aAAa,CAAC,MAAM,CAAC,MAAM,CAAC;gBAC7C,GAAG,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;aACvD,CAAC,CAAA;QACN,CAAC;KACJ,CAAC,CAAA;AACN,CAAC"}

package/dist/src/ece.d.ts

@@ -0,0 +1,66 @@
+/**
+ * Encryption and decryption streams for "Encrypted Content-Encoding for HTTP"
+ * specification. See: https://tools.ietf.org/html/rfc8188
+ */
+export declare const KEY_LENGTH = 16;
+export declare const TAG_LENGTH = 16;
+/**
+ * Given a plaintext size, return the corresponding encrypted size.
+ *
+ * plaintextSize: int containing plaintext size
+ * rs:            int containing record size, optional
+ */
+export declare function encryptedSize(plaintextSize: number, rs?: number): number;
+/**
+ * Given an encrypted size, return the corresponding plaintext size.
+ *
+ * encryptedSize: int containing encrypted size
+ * rs:            int containing record size, optional
+ */
+export declare function plaintextSize(encryptedSize: number, rs?: number): number;
+/**
+ * Given a plaintext stream `input`, return an encrypted stream.
+ *
+ * input:     a ReadableStream containing data to be transformed
+ * secretKey: CryptoKey containing secret key of size KEY_LENGTH
+ * rs:        int containing record size, optional
+ * salt:      Uint8Array containing salt of KEY_LENGTH length, optional
+ */
+export declare function encryptStream(input: ReadableStream, secretKey: CryptoKey, rs?: number, salt?: Uint8Array<ArrayBuffer>): ReadableStream;
+/**
+ * Given an encrypted stream `input`, return a plaintext stream.
+ *
+ * input:     a ReadableStream containing data to be transformed
+ * secretKey: CryptoKey containing secret key of size KEY_LENGTH
+ * rs:        int containing record size, optional
+ */
+export declare function decryptStream(input: ReadableStream, secretKey: CryptoKey, rs?: number): ReadableStream;
+/**
+ * Given a desired plaintext byte range specified by `offset` and `length`,
+ * and the total size of the encrypted stream in `totalEncryptedLength`,
+ * provides a mechanism to decrypt that range.
+ *
+ * To decrypt an arbitrary plaintext range, the client will need to supply
+ * multiple (currently always two) ranges of encrypted data.
+ * `decryptStreamRange` returns a promise that resolves to an object containing
+ * `ranges`, which is an array of { offset, length } entries specifying the
+ * needed encrypted byte ranges, and `encrypt`, a callback function.
+ *
+ * Once the client has gathered an array `streams` of encrypted ReadableStreams,
+ * one for each of these ranges, it should call `decrypt(streams)`. This will
+ * then return the final plaintext ReadableStream.
+ *
+ * secretKey:             CryptoKey containing secret key of size KEY_LENGTH
+ * offset:                int containing plaintext byte offset at which to start decryption
+ * length:                int containing the number of plaintext bytes to decrypt
+ * totalEncryptedLength:  The total number of bytes in the encrypted stream
+ * rs:                    int containing record size, optional
+ */
+export declare function decryptStreamRange(secretKey: CryptoKey, offset: number, length: number, totalEncryptedLength: number, rs?: number): {
+    ranges: {
+        offset: number;
+        length: number;
+    }[];
+    decrypt: (streams: ReadableStream[]) => ReadableStream;
+};
+//# sourceMappingURL=ece.d.ts.map

package/dist/src/ece.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ece.d.ts","sourceRoot":"","sources":["../../src/ece.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAWH,eAAO,MAAM,UAAU,KAAK,CAAA;AAC5B,eAAO,MAAM,UAAU,KAAK,CAAA;AAmS5B;;;;;GAKG;AACH,wBAAgB,aAAa,CACzB,aAAa,EAAC,MAAM,EACpB,EAAE,GAAC,MAAoB,GACzB,MAAM,CAcP;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CACzB,aAAa,EAAC,MAAM,EACpB,EAAE,GAAC,MAAoB,GACzB,MAAM,CAeP;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CACzB,KAAK,EAAC,cAAc,EACpB,SAAS,EAAC,SAAS,EACnB,EAAE,GAAC,MAAoB,EACvB,IAAI,GAAC,UAAU,CAAC,WAAW,CAA4B,GACzD,cAAc,CAUf;AAED;;;;;;GAMG;AACH,wBAAgB,aAAa,CACzB,KAAK,EAAC,cAAc,EACpB,SAAS,EAAC,SAAS,EACnB,EAAE,SAAc,GAClB,cAAc,CAUf;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,kBAAkB,CAC9B,SAAS,EAAC,SAAS,EACnB,MAAM,EAAC,MAAM,EACb,MAAM,EAAC,MAAM,EACb,oBAAoB,EAAC,MAAM,EAC3B,EAAE,GAAC,MAAoB,GACzB;IACE,MAAM,EAAC;QAAE,MAAM,EAAC,MAAM,CAAC;QAAC,MAAM,EAAC,MAAM,CAAA;KAAE,EAAE,CAAC;IAC1C,OAAO,EAAC,CAAC,OAAO,EAAC,cAAc,EAAE,KAAG,cAAc,CAAA;CACrD,CAiEA"}