@super-protocol/addons-tee 0.9.2 → 0.9.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/bindings/amd-sev-snp-napi-rs/amd-sev-snp-napi-rs.linux-x64-gnu.node +0 -0
  2. package/bindings/amd-sev-snp-napi-rs/index.d.ts +27 -0
  3. package/bindings/amd-sev-snp-napi-rs/index.js +12 -1
  4. package/bindings/sp-sev/.github/workflows/lint.yml +3 -3
  5. package/bindings/sp-sev/.github/workflows/test.yml +163 -2
  6. package/bindings/sp-sev/Cargo.lock +521 -281
  7. package/bindings/sp-sev/Cargo.toml +11 -11
  8. package/bindings/sp-sev/tests/api.rs +9 -6
  9. package/bindings/sp-sev/tests/certs.rs +4 -5
  10. package/bindings/sp-sev/tests/guest.rs +2 -1
  11. package/bindings/sp-sev/tests/id-block.rs +9 -5
  12. package/bindings/sp-sev/tests/snp_launch.rs +1 -1
  13. package/bindings/utils/virtee/libsev.so +0 -0
  14. package/bindings/utils/virtee/snpguest +0 -0
  15. package/dist/proto/AmdSevSnp.d.ts +194 -0
  16. package/dist/proto/AmdSevSnp.js +363 -0
  17. package/dist/sgx-native-module/dcap-quote-verify.service.js +22 -3
  18. package/dist/sgx-native-module/index.d.ts +1 -0
  19. package/dist/sgx-native-module/index.js +2 -1
  20. package/dist/sgx-native-module/sev-snp-mrenclave.d.ts +2 -2
  21. package/dist/sgx-native-module/sev-snp-mrenclave.js +46 -11
  22. package/dist/sgx-native-module/sev-snp-schema.d.ts +22 -0
  23. package/dist/sgx-native-module/sev-snp-schema.js +24 -0
  24. package/dist/sgx-native-module/sev-snp.d.ts +20 -32
  25. package/dist/sgx-native-module/sev-snp.js +126 -177
  26. package/dto/src/AmdSevSnp.proto +31 -0
  27. package/dto/src/Compression.proto +11 -0
  28. package/dto/src/Hash.proto +6 -0
  29. package/dto/src/OrderReport.proto +21 -0
  30. package/dto/src/TRI.proto +22 -0
  31. package/dto/src/TeeDeviceInfo.proto +46 -0
  32. package/package.json +8 -3
package/dist/sgx-native-module/sev-snp.js CHANGED
@@ -26,187 +26,49 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
26
26
  return (mod && mod.__esModule) ? mod : { "default": mod };
27
27
  };
28
28
  Object.defineProperty(exports, "__esModule", { value: true });
29
- exports.SevSNP = exports.getDefaultArkHashes = exports.ARK_GENOA = exports.ARK_MILAN = exports.EMPTY_INITRD_SHA256_HASH = exports.AMD_EPYC_MILAN_CPUINFO = exports.SevSNPCertType = exports.SupportedAmdSevSnpGenerations = void 0;
29
+ exports.SevSNP = exports.getDefaultArkHashes = exports.EMPTY_INITRD_SHA256_HASH = exports.AMD_EPYC_MILAN_CPUINFO = void 0;
30
30
  const amd_sev_snp_napi_rs_1 = require("../../bindings/amd-sev-snp-napi-rs/");
31
31
  const sdk_js_1 = require("@super-protocol/sdk-js");
32
32
  const axios_1 = __importDefault(require("axios"));
33
- const pki_service_1 = require("./pki.service");
34
33
  const forge = __importStar(require("node-forge"));
35
34
  const fs = __importStar(require("fs/promises"));
36
35
  const path = __importStar(require("path"));
37
36
  const os = __importStar(require("os"));
38
37
  const child_process_1 = require("child_process");
39
38
  const crypto_1 = require("crypto");
40
- const msgpack5_1 = __importDefault(require("msgpack5"));
41
39
  const helpers_1 = require("./helpers");
42
- var SupportedAmdSevSnpGenerations;
43
- (function (SupportedAmdSevSnpGenerations) {
44
- SupportedAmdSevSnpGenerations["Milan"] = "Milan";
45
- SupportedAmdSevSnpGenerations["Genoa"] = "Genoa";
46
- })(SupportedAmdSevSnpGenerations || (exports.SupportedAmdSevSnpGenerations = SupportedAmdSevSnpGenerations = {}));
47
- var SevSNPCertType;
48
- (function (SevSNPCertType) {
49
- SevSNPCertType["ARK"] = "ARK";
50
- SevSNPCertType["ASK"] = "ASK";
51
- SevSNPCertType["VCEK"] = "VCEK";
52
- })(SevSNPCertType || (exports.SevSNPCertType = SevSNPCertType = {}));
40
+ const AmdSevSnp_1 = require("../proto/AmdSevSnp");
41
+ const sev_snp_schema_1 = require("./sev-snp-schema");
42
+ const value_1 = require("@sinclair/typebox/value");
53
43
  exports.AMD_EPYC_MILAN_CPUINFO = {
54
44
  family: 25,
55
45
  model: 1,
56
46
  stepping: 1,
57
47
  };
58
48
  exports.EMPTY_INITRD_SHA256_HASH = Buffer.from("e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "hex");
59
- exports.ARK_MILAN = `-----BEGIN CERTIFICATE-----
60
- MIIGYzCCBBKgAwIBAgIDAQAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC
61
- BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS
62
- BgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg
63
- Q2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp
64
- Y2VzMRIwEAYDVQQDDAlBUkstTWlsYW4wHhcNMjAxMDIyMTcyMzA1WhcNNDUxMDIy
65
- MTcyMzA1WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS
66
- BgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j
67
- ZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLU1pbGFuMIICIjANBgkqhkiG
68
- 9w0BAQEFAAOCAg8AMIICCgKCAgEA0Ld52RJOdeiJlqK2JdsVmD7FktuotWwX1fNg
69
- W41XY9Xz1HEhSUmhLz9Cu9DHRlvgJSNxbeYYsnJfvyjx1MfU0V5tkKiU1EesNFta
70
- 1kTA0szNisdYc9isqk7mXT5+KfGRbfc4V/9zRIcE8jlHN61S1ju8X93+6dxDUrG2
71
- SzxqJ4BhqyYmUDruPXJSX4vUc01P7j98MpqOS95rORdGHeI52Naz5m2B+O+vjsC0
72
- 60d37jY9LFeuOP4Meri8qgfi2S5kKqg/aF6aPtuAZQVR7u3KFYXP59XmJgtcog05
73
- gmI0T/OitLhuzVvpZcLph0odh/1IPXqx3+MnjD97A7fXpqGd/y8KxX7jksTEzAOg
74
- bKAeam3lm+3yKIcTYMlsRMXPcjNbIvmsBykD//xSniusuHBkgnlENEWx1UcbQQrs
75
- +gVDkuVPhsnzIRNgYvM48Y+7LGiJYnrmE8xcrexekBxrva2V9TJQqnN3Q53kt5vi
76
- Qi3+gCfmkwC0F0tirIZbLkXPrPwzZ0M9eNxhIySb2npJfgnqz55I0u33wh4r0ZNQ
77
- eTGfw03MBUtyuzGesGkcw+loqMaq1qR4tjGbPYxCvpCq7+OgpCCoMNit2uLo9M18
78
- fHz10lOMT8nWAUvRZFzteXCm+7PHdYPlmQwUw3LvenJ/ILXoQPHfbkH0CyPfhl1j
79
- WhJFZasCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSFrBrRQ/fI
80
- rFXUxR1BSKvVeErUUzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG
81
- KWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvTWlsYW4vY3JsMEYGCSqG
82
- SIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI
83
- AWUDBAICBQCiAwIBMKMDAgEBA4ICAQC6m0kDp6zv4Ojfgy+zleehsx6ol0ocgVel
84
- ETobpx+EuCsqVFRPK1jZ1sp/lyd9+0fQ0r66n7kagRk4Ca39g66WGTJMeJdqYriw
85
- STjjDCKVPSesWXYPVAyDhmP5n2v+BYipZWhpvqpaiO+EGK5IBP+578QeW/sSokrK
86
- dHaLAxG2LhZxj9aF73fqC7OAJZ5aPonw4RE299FVarh1Tx2eT3wSgkDgutCTB1Yq
87
- zT5DuwvAe+co2CIVIzMDamYuSFjPN0BCgojl7V+bTou7dMsqIu/TW/rPCX9/EUcp
88
- KGKqPQ3P+N9r1hjEFY1plBg93t53OOo49GNI+V1zvXPLI6xIFVsh+mto2RtgEX/e
89
- pmMKTNN6psW88qg7c1hTWtN6MbRuQ0vm+O+/2tKBF2h8THb94OvvHHoFDpbCELlq
90
- HnIYhxy0YKXGyaW1NjfULxrrmxVW4wcn5E8GddmvNa6yYm8scJagEi13mhGu4Jqh
91
- 3QU3sf8iUSUr09xQDwHtOQUVIqx4maBZPBtSMf+qUDtjXSSq8lfWcd8bLr9mdsUn
92
- JZJ0+tuPMKmBnSH860llKk+VpVQsgqbzDIvOLvD6W1Umq25boxCYJ+TuBoa4s+HH
93
- CViAvgT9kf/rBq1d+ivj6skkHxuzcxbk1xv6ZGxrteJxVH7KlX7YRdZ6eARKwLe4
94
- AFZEAwoKCQ==
95
- -----END CERTIFICATE-----`;
96
- exports.ARK_GENOA = `-----BEGIN CERTIFICATE-----
97
- MIIGYzCCBBKgAwIBAgIDAgAAMEYGCSqGSIb3DQEBCjA5oA8wDQYJYIZIAWUDBAIC
98
- BQChHDAaBgkqhkiG9w0BAQgwDQYJYIZIAWUDBAICBQCiAwIBMKMDAgEBMHsxFDAS
99
- BgNVBAsMC0VuZ2luZWVyaW5nMQswCQYDVQQGEwJVUzEUMBIGA1UEBwwLU2FudGEg
100
- Q2xhcmExCzAJBgNVBAgMAkNBMR8wHQYDVQQKDBZBZHZhbmNlZCBNaWNybyBEZXZp
101
- Y2VzMRIwEAYDVQQDDAlBUkstR2Vub2EwHhcNMjIwMTI2MTUzNDM3WhcNNDcwMTI2
102
- MTUzNDM3WjB7MRQwEgYDVQQLDAtFbmdpbmVlcmluZzELMAkGA1UEBhMCVVMxFDAS
103
- BgNVBAcMC1NhbnRhIENsYXJhMQswCQYDVQQIDAJDQTEfMB0GA1UECgwWQWR2YW5j
104
- ZWQgTWljcm8gRGV2aWNlczESMBAGA1UEAwwJQVJLLUdlbm9hMIICIjANBgkqhkiG
105
- 9w0BAQEFAAOCAg8AMIICCgKCAgEA3Cd95S/uFOuRIskW9vz9VDBF69NDQF79oRhL
106
- /L2PVQGhK3YdfEBgpF/JiwWFBsT/fXDhzA01p3LkcT/7LdjcRfKXjHl+0Qq/M4dZ
107
- kh6QDoUeKzNBLDcBKDDGWo3v35NyrxbA1DnkYwUKU5AAk4P94tKXLp80oxt84ahy
108
- HoLmc/LqsGsp+oq1Bz4PPsYLwTG4iMKVaaT90/oZ4I8oibSru92vJhlqWO27d/Rx
109
- c3iUMyhNeGToOvgx/iUo4gGpG61NDpkEUvIzuKcaMx8IdTpWg2DF6SwF0IgVMffn
110
- vtJmA68BwJNWo1E4PLJdaPfBifcJpuBFwNVQIPQEVX3aP89HJSp8YbY9lySS6PlV
111
- EqTBBtaQmi4ATGmMR+n2K/e+JAhU2Gj7jIpJhOkdH9firQDnmlA2SFfJ/Cc0mGNz
112
- W9RmIhyOUnNFoclmkRhl3/AQU5Ys9Qsan1jT/EiyT+pCpmnA+y9edvhDCbOG8F2o
113
- xHGRdTBkylungrkXJGYiwGrR8kaiqv7NN8QhOBMqYjcbrkEr0f8QMKklIS5ruOfq
114
- lLMCBw8JLB3LkjpWgtD7OpxkzSsohN47Uom86RY6lp72g8eXHP1qYrnvhzaG1S70
115
- vw6OkbaaC9EjiH/uHgAJQGxon7u0Q7xgoREWA/e7JcBQwLg80Hq/sbRuqesxz7wB
116
- WSY254cCAwEAAaN+MHwwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBSfXfn+Ddjz
117
- WtAzGiXvgSlPvjGoWzAPBgNVHRMBAf8EBTADAQH/MDoGA1UdHwQzMDEwL6AtoCuG
118
- KWh0dHBzOi8va2RzaW50Zi5hbWQuY29tL3ZjZWsvdjEvR2Vub2EvY3JsMEYGCSqG
119
- SIb3DQEBCjA5oA8wDQYJYIZIAWUDBAICBQChHDAaBgkqhkiG9w0BAQgwDQYJYIZI
120
- AWUDBAICBQCiAwIBMKMDAgEBA4ICAQAdIlPBC7DQmvH7kjlOznFx3i21SzOPDs5L
121
- 7SgFjMC9rR07292GQCA7Z7Ulq97JQaWeD2ofGGse5swj4OQfKfVv/zaJUFjvosZO
122
- nfZ63epu8MjWgBSXJg5QE/Al0zRsZsp53DBTdA+Uv/s33fexdenT1mpKYzhIg/cK
123
- tz4oMxq8JKWJ8Po1CXLzKcfrTphjlbkh8AVKMXeBd2SpM33B1YP4g1BOdk013kqb
124
- 7bRHZ1iB2JHG5cMKKbwRCSAAGHLTzASgDcXr9Fp7Z3liDhGu/ci1opGmkp12QNiJ
125
- uBbkTU+xDZHm5X8Jm99BX7NEpzlOwIVR8ClgBDyuBkBC2ljtr3ZSaUIYj2xuyWN9
126
- 5KFY49nWxcz90CFa3Hzmy4zMQmBe9dVyls5eL5p9bkXcgRMDTbgmVZiAf4afe8DL
127
- dmQcYcMFQbHhgVzMiyZHGJgcCrQmA7MkTwEIds1wx/HzMcwU4qqNBAoZV7oeIIPx
128
- dqFXfPqHqiRlEbRDfX1TG5NFVaeByX0GyH6jzYVuezETzruaky6fp2bl2bczxPE8
129
- HdS38ijiJmm9vl50RGUeOAXjSuInGR4bsRufeGPB9peTa9BcBOeTWzstqTUB/F/q
130
- aZCIZKr4X6TyfUuSDz/1JDAGl+lxdM0P9+lLaP9NahQjHCVf0zf1c1salVuGFk2w
131
- /wMz1R1BHg==
132
- -----END CERTIFICATE-----`;
133
49
  function getDefaultArkHashes() {
134
50
  const ark_hashes = {};
135
51
  ark_hashes["ARK-Milan"] = SevSNP.getCertHash({
136
- type: SevSNPCertType.ARK,
137
- format: pki_service_1.CertificateFormat.PEM,
138
- cert: exports.ARK_MILAN,
52
+ format: AmdSevSnp_1.SevSnpCertificateFormat.PEM,
53
+ cert: Buffer.from(amd_sev_snp_napi_rs_1.ARK_MILAN_PEM),
139
54
  });
140
55
  ark_hashes["ARK-Genoa"] = SevSNP.getCertHash({
141
- type: SevSNPCertType.ARK,
142
- format: pki_service_1.CertificateFormat.PEM,
143
- cert: exports.ARK_GENOA,
56
+ format: AmdSevSnp_1.SevSnpCertificateFormat.PEM,
57
+ cert: Buffer.from(amd_sev_snp_napi_rs_1.ARK_GENOA_PEM),
58
+ });
59
+ ark_hashes["ARK-Turin"] = SevSNP.getCertHash({
60
+ format: AmdSevSnp_1.SevSnpCertificateFormat.PEM,
61
+ cert: Buffer.from(amd_sev_snp_napi_rs_1.ARK_TURIN_PEM),
144
62
  });
145
63
  return ark_hashes;
146
64
  }
147
65
  exports.getDefaultArkHashes = getDefaultArkHashes;
148
66
  class SevSNP {
149
67
  static serializeSNPReport(report) {
150
- const msgpack = (0, msgpack5_1.default)();
151
- return msgpack.encode(report).slice();
68
+ return Buffer.from(AmdSevSnp_1.SNPReportWithChain.encode(report).finish());
152
69
  }
153
70
  static deserializeSNPReport(serialized) {
154
- let parsedReport;
155
- try {
156
- const msgpack = (0, msgpack5_1.default)();
157
- parsedReport = msgpack.decode(serialized);
158
- }
159
- catch (e) {
160
- throw new Error("Failed to decode Buffer" + e.message);
161
- }
162
- const requiredFields = [
163
- {
164
- key: "report",
165
- type: "Buffer",
166
- },
167
- {
168
- key: "cmdLineHash",
169
- type: "Buffer",
170
- },
171
- {
172
- key: "build",
173
- type: "string",
174
- },
175
- {
176
- key: "cpuSig",
177
- type: "number",
178
- },
179
- {
180
- key: "cores",
181
- type: "number",
182
- },
183
- ];
184
- for (const { key, type } of requiredFields) {
185
- if (type === "Buffer") {
186
- if (!Buffer.isBuffer(parsedReport[key])) {
187
- throw new Error(`Invalid or missing field: ${key}`);
188
- }
189
- }
190
- else {
191
- if (typeof parsedReport[key] !== type) {
192
- throw new Error(`Invalid or missing field: ${key}`);
193
- }
194
- }
195
- }
196
- if (!parsedReport.certs || !Array.isArray(parsedReport.certs))
197
- throw new Error("Invalid or missing field: certs");
198
- for (const cert of parsedReport.certs) {
199
- if (!cert.format || typeof cert.format !== "string")
200
- throw new Error("Invalid or missing field: cert.format");
201
- if (!cert.type || typeof cert.type !== "string")
202
- throw new Error("Invalid or missing field: cert.type");
203
- if (!cert.cert || (typeof cert.cert !== "string" && !Buffer.isBuffer(cert.cert)))
204
- throw new Error("Invalid or missing field: cert.cert");
205
- }
206
- const deserializedReport = {
207
- ...parsedReport,
208
- };
209
- return deserializedReport;
71
+ return AmdSevSnp_1.SNPReportWithChain.decode(serialized);
210
72
  }
211
73
  static convertCertToPem(cert) {
212
74
  const pemHeader = "-----BEGIN CERTIFICATE-----\n";
@@ -236,20 +98,21 @@ class SevSNP {
236
98
  /**
237
99
  * Method for generation AMD SEV-SNP Report
238
100
  * @param userData - The data that will be included in the report and will be signed
101
+ * @param vmpl - Optional VMPL value to pass to the firmware when requesting a report (default: 0)
239
102
  */
240
- static async generateSNPReport(userData) {
103
+ static async generateSNPReport(userData, vmpl = 0) {
241
104
  if (userData.length > amd_sev_snp_napi_rs_1.SNP_REPORT_DATA_SIZE) {
242
105
  throw new Error(`userData cannot exceed ${amd_sev_snp_napi_rs_1.SNP_REPORT_DATA_SIZE} bytes.`);
243
106
  }
244
107
  const paddedUserData = Buffer.alloc(64);
245
108
  userData.copy(paddedUserData);
246
- const report = (0, amd_sev_snp_napi_rs_1.getSnpReport)(paddedUserData, 0);
109
+ const rawReport = (0, amd_sev_snp_napi_rs_1.getSnpReport)(paddedUserData, vmpl);
247
110
  const cpuInfo = (0, amd_sev_snp_napi_rs_1.getCpuInfo)();
248
111
  const cpuSig = (0, amd_sev_snp_napi_rs_1.getCpuSig)(cpuInfo);
249
112
  const cores = (0, amd_sev_snp_napi_rs_1.getLogicalCoresCount)();
250
113
  const cmdLine = await SevSNP.readCmdLine();
251
114
  return {
252
- report,
115
+ rawReport,
253
116
  cpuSig,
254
117
  cores,
255
118
  cmdLineHash: SevSNP.calculateCmdlineHash(cmdLine),
@@ -265,15 +128,26 @@ class SevSNP {
265
128
  static async getReportChain(report, options) {
266
129
  const retryMax = options?.retryMax ?? 2;
267
130
  const retryInterval = options?.retryInterval ?? 10000;
268
- const certFormat = options?.certFormat ?? pki_service_1.CertificateFormat.DER;
131
+ const certFormat = options?.certFormat ?? AmdSevSnp_1.SevSnpCertificateFormat.DER;
269
132
  const certs = [];
270
133
  const axiosInstance = axios_1.default.create();
271
134
  let vcek = Buffer.alloc(0);
272
- let cpuGeneration = SupportedAmdSevSnpGenerations.Milan;
273
- const generations = Object.values(SupportedAmdSevSnpGenerations);
135
+ let cpuGeneration = amd_sev_snp_napi_rs_1.WellKnownSnpCodeNames.Milan;
136
+ let generations = Object.values(amd_sev_snp_napi_rs_1.WellKnownSnpCodeNames);
137
+ // Try to detect CPU generation from the report itself. If detection
138
+ // succeeds, only attempt to fetch VCEK for the detected generation.
139
+ try {
140
+ const cpuInfo = await SevSNP.getReportCpuInfo(Buffer.from(report.rawReport));
141
+ const detected = await SevSNP.getCpuGeneration(cpuInfo);
142
+ generations = [detected];
143
+ }
144
+ catch (err) {
145
+ // Detection failed or report doesn't contain CPU info; fall back to
146
+ // trying all known generations.
147
+ }
274
148
  for (const generation of generations) {
275
149
  cpuGeneration = generation;
276
- const vcekUrl = (0, amd_sev_snp_napi_rs_1.getVcekKdsUrl)(report.report, generation);
150
+ const vcekUrl = (0, amd_sev_snp_napi_rs_1.getVcekKdsUrl)(Buffer.from(report.rawReport), generation);
277
151
  try {
278
152
  const response = await sdk_js_1.helpers.tryWithInterval({
279
153
  checkResult(response) {
@@ -306,9 +180,9 @@ class SevSNP {
306
180
  }
307
181
  const pemVcek = SevSNP.convertCertToPem(vcek);
308
182
  certs.push({
309
- type: SevSNPCertType.VCEK,
183
+ type: AmdSevSnp_1.SevSNPCertType.VCEK,
310
184
  format: certFormat,
311
- cert: certFormat === pki_service_1.CertificateFormat.PEM ? pemVcek : SevSNP.convertPemToDer(pemVcek),
185
+ cert: certFormat === AmdSevSnp_1.SevSnpCertificateFormat.PEM ? Buffer.from(pemVcek) : SevSNP.convertPemToDer(pemVcek),
312
186
  });
313
187
  const caUrl = `${amd_sev_snp_napi_rs_1.KDS_CERT_SITE}/${amd_sev_snp_napi_rs_1.KDS_VCEK}/${cpuGeneration}/cert_chain`;
314
188
  const response = await sdk_js_1.helpers.tryWithInterval({
@@ -335,14 +209,18 @@ class SevSNP {
335
209
  throw new Error("Cert chain must have 2 certificates");
336
210
  }
337
211
  certs.push({
338
- type: SevSNPCertType.ARK,
212
+ type: AmdSevSnp_1.SevSNPCertType.ARK,
339
213
  format: certFormat,
340
- cert: certFormat === pki_service_1.CertificateFormat.PEM ? CAChain[1] : SevSNP.convertPemToDer(CAChain[1]),
214
+ cert: certFormat === AmdSevSnp_1.SevSnpCertificateFormat.PEM
215
+ ? Buffer.from(CAChain[1])
216
+ : SevSNP.convertPemToDer(CAChain[1]),
341
217
  });
342
218
  certs.push({
343
- type: SevSNPCertType.ASK,
219
+ type: AmdSevSnp_1.SevSNPCertType.ASK,
344
220
  format: certFormat,
345
- cert: certFormat === pki_service_1.CertificateFormat.PEM ? CAChain[0] : SevSNP.convertPemToDer(CAChain[0]),
221
+ cert: certFormat === AmdSevSnp_1.SevSnpCertificateFormat.PEM
222
+ ? Buffer.from(CAChain[0])
223
+ : SevSNP.convertPemToDer(CAChain[0]),
346
224
  });
347
225
  return certs;
348
226
  }
@@ -352,10 +230,10 @@ class SevSNP {
352
230
  * @param options - @see getReportChain
353
231
  */
354
232
  static async generateSNPReportWithChain(userData, options) {
355
- const report = await SevSNP.generateSNPReport(userData);
356
- const certs = await SevSNP.getReportChain(report, options);
233
+ const snpReport = await SevSNP.generateSNPReport(userData);
234
+ const certs = await SevSNP.getReportChain(snpReport, options);
357
235
  return {
358
- ...report,
236
+ snpReport,
359
237
  certs: certs,
360
238
  };
361
239
  }
@@ -394,8 +272,8 @@ class SevSNP {
394
272
  }
395
273
  static getCertHash(cert) {
396
274
  const hash = (0, crypto_1.createHash)("sha256");
397
- if (cert.format === pki_service_1.CertificateFormat.PEM) {
398
- hash.update(SevSNP.convertPemToDer(cert.cert));
275
+ if (cert.format === AmdSevSnp_1.SevSnpCertificateFormat.PEM) {
276
+ hash.update(SevSNP.convertPemToDer(cert.cert.toString()));
399
277
  }
400
278
  else {
401
279
  hash.update(cert.cert);
@@ -403,7 +281,9 @@ class SevSNP {
403
281
  return hash.digest();
404
282
  }
405
283
  static isValidArk(ARK, trustedHashes) {
406
- const ArkCert = forge.pki.certificateFromPem(ARK.format === pki_service_1.CertificateFormat.PEM ? ARK.cert : SevSNP.convertCertToPem(ARK.cert));
284
+ const ArkCert = forge.pki.certificateFromPem(ARK.format === AmdSevSnp_1.SevSnpCertificateFormat.PEM
285
+ ? ARK.cert.toString()
286
+ : SevSNP.convertCertToPem(Buffer.from(ARK.cert)));
407
287
  const ArkCN = ArkCert.subject.attributes.find((attr) => attr.name === "commonName")?.value;
408
288
  if (!ArkCN) {
409
289
  throw new Error("Can't extract CN from ARK certificate");
@@ -427,7 +307,7 @@ class SevSNP {
427
307
  if (!path.isAbsolute(snpGuestBinaryPath)) {
428
308
  throw new Error("snpGuestBinaryPath must be an absolute path");
429
309
  }
430
- const ARK = report.certs.find((cert) => cert.type === SevSNPCertType.ARK);
310
+ const ARK = report.certs.find((cert) => cert.type === AmdSevSnp_1.SevSNPCertType.ARK);
431
311
  if (!ARK) {
432
312
  throw new Error("Can't find ARK certificate in certificate chain");
433
313
  }
@@ -437,12 +317,12 @@ class SevSNP {
437
317
  const tempDir = await fs.mkdtemp(tmpDirTemplate);
438
318
  try {
439
319
  for (const certEntry of report.certs) {
440
- const fileName = certEntry.type.toLowerCase();
441
- const extension = certEntry.format === pki_service_1.CertificateFormat.PEM ? "pem" : "der";
442
- await fs.writeFile(`${tempDir}/${fileName}.${extension}`, certEntry.cert, certEntry.format === pki_service_1.CertificateFormat.PEM ? "utf8" : undefined);
320
+ const fileName = (0, AmdSevSnp_1.sevSNPCertTypeToJSON)(certEntry.type).toLowerCase();
321
+ const extension = certEntry.format === AmdSevSnp_1.SevSnpCertificateFormat.PEM ? "pem" : "der";
322
+ await fs.writeFile(`${tempDir}/${fileName}.${extension}`, certEntry.cert, certEntry.format === AmdSevSnp_1.SevSnpCertificateFormat.PEM ? "utf8" : undefined);
443
323
  }
444
324
  const reportPath = `${tempDir}/report.bin`;
445
- await fs.writeFile(reportPath, report.report);
325
+ await fs.writeFile(reportPath, Buffer.from(report.snpReport.rawReport));
446
326
  const snpguestRes = await SevSNP.runSubProcess(snpGuestBinaryPath, ["verify", "attestation", tempDir, reportPath], { timeoutMs });
447
327
  if (snpguestRes.exitCode != 0) {
448
328
  throw new Error(`Error validating report. Output: ${snpguestRes.stdout}\n${snpguestRes.stderr}`);
@@ -527,6 +407,75 @@ class SevSNP {
527
407
  static getCpuSig(cpuInfo) {
528
408
  return (0, amd_sev_snp_napi_rs_1.getCpuSig)(cpuInfo);
529
409
  }
410
+ static async getReportImportantSecurityFields(report) {
411
+ return (0, amd_sev_snp_napi_rs_1.getReportImportantSecurityFields)(report);
412
+ }
413
+ static async getReportCpuInfo(report) {
414
+ return (0, amd_sev_snp_napi_rs_1.getReportCpuInfo)(report);
415
+ }
416
+ static async getCpuGeneration(cpuInfo) {
417
+ return (0, amd_sev_snp_napi_rs_1.getCpuGeneration)(cpuInfo);
418
+ }
419
+ static parsePolicySet(jsonText) {
420
+ if (typeof jsonText === "string" && jsonText.trim().length === 0) {
421
+ return {};
422
+ }
423
+ const parsed = JSON.parse(jsonText);
424
+ const { isValid } = (0, sdk_js_1.validateBySchema)(parsed, sev_snp_schema_1.PolicySetSchema);
425
+ if (!isValid) {
426
+ const validationErrors = Array.from(value_1.Value.Errors(sev_snp_schema_1.PolicySetSchema, parsed));
427
+ if (validationErrors.length > 0) {
428
+ throw new Error(`Failed to validate policy JSON: ${validationErrors.map((e) => e.message).join(", ")}`);
429
+ }
430
+ }
431
+ return parsed;
432
+ }
433
+ static checkRule(rule, fields) {
434
+ const fieldValue = fields[rule.name];
435
+ switch (rule.operator) {
436
+ case sev_snp_schema_1.RuleOperator.Le:
437
+ return fieldValue <= rule.value;
438
+ case sev_snp_schema_1.RuleOperator.Eq:
439
+ return fieldValue === rule.value;
440
+ case sev_snp_schema_1.RuleOperator.Ge:
441
+ return fieldValue >= rule.value;
442
+ default:
443
+ return false;
444
+ }
445
+ }
446
+ /**
447
+ * Verify SNP report against a PolicySet.
448
+ * Throws an error if any rule fails.
449
+ * @param report - SNPReport
450
+ * @param policySet - PolicySet containing rules
451
+ */
452
+ static async verifyPolicy(report, policySet) {
453
+ if (!policySet || Object.keys(policySet).length === 0) {
454
+ return; // No policy set provided, consider it valid
455
+ }
456
+ const fields = await this.getReportImportantSecurityFields(report);
457
+ const commonPolicy = policySet[sev_snp_schema_1.CommonPolicyKeyName];
458
+ if (commonPolicy) {
459
+ for (const rule of commonPolicy) {
460
+ if (!this.checkRule(rule, fields)) {
461
+ const fieldValue = fields[rule.name];
462
+ throw new Error(`Policy violation in "commonPolicy": field "${rule.name}" has value ${JSON.stringify(fieldValue)}, ` +
463
+ `expected ${rule.operator} ${JSON.stringify(rule.value)}`);
464
+ }
465
+ }
466
+ }
467
+ const cpuGen = await this.getCpuGeneration(await this.getReportCpuInfo(report));
468
+ const cpuPolicy = policySet[cpuGen];
469
+ if (cpuPolicy) {
470
+ for (const rule of cpuPolicy) {
471
+ if (!this.checkRule(rule, fields)) {
472
+ const fieldValue = fields[rule.name];
473
+ throw new Error(`Policy violation in "${cpuGen}": field "${rule.name}" has value ${JSON.stringify(fieldValue)}, ` +
474
+ `expected ${rule.operator} ${JSON.stringify(rule.value)}`);
475
+ }
476
+ }
477
+ }
478
+ }
530
479
  }
531
480
  exports.SevSNP = SevSNP;
532
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9zZ3gtbmF0aXZlLW1vZHVsZS9zZXYtc25wLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsNkVBZTZDO0FBQzdDLG1EQUErRDtBQUMvRCxrREFBNkM7QUFDN0MsK0NBQWtEO0FBQ2xELGtEQUFvQztBQUVwQyxnREFBa0M7QUFDbEMsMkNBQTZCO0FBQzdCLHVDQUF5QjtBQUN6QixpREFBc0M7QUFDdEMsbUNBQW9DO0FBQ3BDLHdEQUFnQztBQUNoQyx1Q0FBbUQ7QUFFbkQsSUFBWSw2QkFHWDtBQUhELFdBQVksNkJBQTZCO0lBQ3JDLGdEQUFlLENBQUE7SUFDZixnREFBZSxDQUFBO0FBQ25CLENBQUMsRUFIVyw2QkFBNkIsNkNBQTdCLDZCQUE2QixRQUd4QztBQUVELElBQVksY0FJWDtBQUpELFdBQVksY0FBYztJQUN0Qiw2QkFBVyxDQUFBO0lBQ1gsNkJBQVcsQ0FBQTtJQUNYLCtCQUFhLENBQUE7QUFDakIsQ0FBQyxFQUpXLGNBQWMsOEJBQWQsY0FBYyxRQUl6QjtBQThCWSxRQUFBLHNCQUFzQixHQUFZO0lBQzNDLE1BQU0sRUFBRSxFQUFFO0lBQ1YsS0FBSyxFQUFFLENBQUM7SUFDUixRQUFRLEVBQUUsQ0FBQztDQUNkLENBQUM7QUFFVyxRQUFBLHdCQUF3QixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQy9DLGtFQUFrRSxFQUNsRSxLQUFLLENBQ1IsQ0FBQztBQUdXLFFBQUEsU0FBUyxHQUFHOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7MEJBb0NDLENBQUM7QUFFZCxRQUFBLFNBQVMsR0FBRzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OzBCQW9DQyxDQUFDO0FBRTNCLFNBQWdCLG1CQUFtQjtJQUMvQixNQUFNLFVBQVUsR0FBOEIsRUFBRSxDQUFDO0lBRWpELFVBQVUsQ0FBQyxXQUFXLENBQUMsR0FBRyxNQUFNLENBQUMsV0FBVyxDQUFDO1FBQ3pDLElBQUksRUFBRSxjQUFjLENBQUMsR0FBRztRQUN4QixNQUFNLEVBQUUsK0JBQWlCLENBQUMsR0FBRztRQUM3QixJQUFJLEVBQUUsaUJBQVM7S0FDbEIsQ0FBQyxDQUFDO0lBRUgsVUFBVSxDQUFDLFdBQVcsQ0FBQyxHQUFHLE1BQU0sQ0FBQyxXQUFXLENBQUM7UUFDekMsSUFBSSxFQUFFLGNBQWMsQ0FBQyxHQUFHO1FBQ3hCLE1BQU0sRUFBRSwrQkFBaUIsQ0FBQyxHQUFHO1FBQzdCLElBQUksRUFBRSxpQkFBUztLQUNsQixDQUFDLENBQUM7SUFFSCxPQUFPLFVBQVUsQ0FBQztBQUN0QixDQUFDO0FBaEJELGtEQWdCQztBQUVELE1BQWEsTUFBTTtJQUNSLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxNQUEwQjtRQUN2RCxNQUFNLE9BQU8sR0FBRyxJQUFBLGtCQUFRLEdBQUUsQ0FBQztRQUUzQixPQUFPLE9BQU8sQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsS0FBSyxFQUFFLENBQUM7SUFDMUMsQ0FBQztJQUVNLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxVQUFrQjtRQUNqRCxJQUFJLFlBQVksQ0FBQztRQUNqQixJQUFJLENBQUM7WUFDRCxNQUFNLE9BQU8sR0FBRyxJQUFBLGtCQUFRLEdBQUUsQ0FBQztZQUMzQixZQUFZLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUM5QyxDQUFDO1FBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQztZQUNULE1BQU0sSUFBSSxLQUFLLENBQUMseUJBQXlCLEdBQUksQ0FBVyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3RFLENBQUM7UUFFRCxNQUFNLGNBQWMsR0FBc0Q7WUFDdEU7Z0JBQ0ksR0FBRyxFQUFFLFFBQVE7Z0JBQ2IsSUFBSSxFQUFFLFFBQVE7YUFDakI7WUFDRDtnQkFDSSxHQUFHLEVBQUUsYUFBYTtnQkFDbEIsSUFBSSxFQUFFLFFBQVE7YUFDakI7WUFDRDtnQkFDSSxHQUFHLEVBQUUsT0FBTztnQkFDWixJQUFJLEVBQUUsUUFBUTthQUNqQjtZQUNEO2dCQUNJLEdBQUcsRUFBRSxRQUFRO2dCQUNiLElBQUksRUFBRSxRQUFRO2FBQ2pCO1lBQ0Q7Z0JBQ0ksR0FBRyxFQUFFLE9BQU87Z0JBQ1osSUFBSSxFQUFFLFFBQVE7YUFDakI7U0FDSixDQUFDO1FBRUYsS0FBSyxNQUFNLEVBQUUsR0FBRyxFQUFFLElBQUksRUFBRSxJQUFJLGNBQWMsRUFBRSxDQUFDO1lBQ3pDLElBQUksSUFBSSxLQUFLLFFBQVEsRUFBRSxDQUFDO2dCQUNwQixJQUFJLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLENBQUMsRUFBRSxDQUFDO29CQUN0QyxNQUFNLElBQUksS0FBSyxDQUFDLDZCQUE2QixHQUFHLEVBQUUsQ0FBQyxDQUFDO2dCQUN4RCxDQUFDO1lBQ0wsQ0FBQztpQkFBTSxDQUFDO2dCQUNKLElBQUksT0FBTyxZQUFZLENBQUMsR0FBRyxDQUFDLEtBQUssSUFBSSxFQUFFLENBQUM7b0JBQ3BDLE1BQU0sSUFBSSxLQUFLLENBQUMsNkJBQTZCLEdBQUcsRUFBRSxDQUFDLENBQUM7Z0JBQ3hELENBQUM7WUFDTCxDQUFDO1FBQ0wsQ0FBQztRQUVELElBQUksQ0FBQyxZQUFZLENBQUMsS0FBSyxJQUFJLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsS0FBSyxDQUFDO1lBQ3pELE1BQU0sSUFBSSxLQUFLLENBQUMsaUNBQWlDLENBQUMsQ0FBQztRQUV2RCxLQUFLLE1BQU0sSUFBSSxJQUFJLFlBQVksQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNwQyxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sSUFBSSxPQUFPLElBQUksQ0FBQyxNQUFNLEtBQUssUUFBUTtnQkFDL0MsTUFBTSxJQUFJLEtBQUssQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1lBQzdELElBQUksQ0FBQyxJQUFJLENBQUMsSUFBSSxJQUFJLE9BQU8sSUFBSSxDQUFDLElBQUksS0FBSyxRQUFRO2dCQUFFLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLENBQUMsQ0FBQztZQUN4RyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksSUFBSSxDQUFDLE9BQU8sSUFBSSxDQUFDLElBQUksS0FBSyxRQUFRLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztnQkFDNUUsTUFBTSxJQUFJLEtBQUssQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO1FBQy9ELENBQUM7UUFFRCxNQUFNLGtCQUFrQixHQUF1QjtZQUMzQyxHQUFHLFlBQVk7U0FDbEIsQ0FBQztRQUVGLE9BQU8sa0JBQWtCLENBQUM7SUFDOUIsQ0FBQztJQUVTLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxJQUFZO1FBQzFDLE1BQU0sU0FBUyxHQUFHLCtCQUErQixDQUFDO1FBQ2xELE1BQU0sU0FBUyxHQUFHLDZCQUE2QixDQUFDO1FBRWhELElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsU0FBUyxDQUFDLE1BQU0sQ0FBQyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDeEUsT0FBTyxJQUFJLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDM0IsQ0FBQztRQUNELE1BQU0sZUFBZSxHQUFHLElBQUk7YUFDdkIsUUFBUSxDQUFDLFFBQVEsQ0FBQzthQUNsQixLQUFLLENBQUMsVUFBVSxDQUFDO1lBQ2xCLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBRWpCLE9BQU8sU0FBUyxHQUFHLGVBQWUsR0FBRyxTQUFTLENBQUM7SUFDbkQsQ0FBQztJQUVTLE1BQU0sQ0FBQyxlQUFlLENBQUMsSUFBWTtRQUN6QyxPQUFPLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxFQUFFLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDdEUsQ0FBQztJQUVTLE1BQU0sQ0FBQyxVQUFVLENBQUMsUUFBZ0I7UUFDeEMsTUFBTSxTQUFTLEdBQUcsaUVBQWlFLENBQUM7UUFDcEYsTUFBTSxPQUFPLEdBQUcsUUFBUSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUUxQyxPQUFPLEtBQUssQ0FBQyxJQUFJLENBQUMsT0FBTyxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ3JDLENBQUM7SUFFUyxNQUFNLENBQUMsS0FBSyxDQUFDLFdBQVc7UUFDOUIsTUFBTSxJQUFJLEdBQUcsTUFBTSxFQUFFLENBQUMsUUFBUSxDQUFDLGVBQWUsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUN6RCwrR0FBK0c7UUFDL0csT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLGtCQUFrQixFQUFFLEVBQUUsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFRDs7O09BR0c7SUFDSSxNQUFNLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUFDLFFBQWdCO1FBQ2xELElBQUksUUFBUSxDQUFDLE1BQU0sR0FBRywwQ0FBb0IsRUFBRSxDQUFDO1lBQ3pDLE1BQU0sSUFBSSxLQUFLLENBQUMsMEJBQTBCLDBDQUFvQixTQUFTLENBQUMsQ0FBQztRQUM3RSxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUN4QyxRQUFRLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBRTlCLE1BQU0sTUFBTSxHQUFHLElBQUEsa0NBQVksRUFBQyxjQUFjLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDL0MsTUFBTSxPQUFPLEdBQUcsSUFBQSxnQ0FBVSxHQUFFLENBQUM7UUFDN0IsTUFBTSxNQUFNLEdBQUcsSUFBQSwrQkFBUyxFQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sS0FBSyxHQUFHLElBQUEsMENBQW9CLEdBQUUsQ0FBQztRQUNyQyxNQUFNLE9BQU8sR0FBRyxNQUFNLE1BQU0sQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUUzQyxPQUFPO1lBQ0gsTUFBTTtZQUNOLE1BQU07WUFDTixLQUFLO1lBQ0wsV0FBVyxFQUFFLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxPQUFPLENBQUM7WUFDakQsS0FBSyxFQUFFLE1BQU0sQ0FBQyx1QkFBdUIsQ0FBQyxPQUFPLENBQUM7U0FDakQsQ0FBQztJQUNOLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNJLE1BQU0sQ0FBQyxLQUFLLENBQUMsY0FBYyxDQUM5QixNQUFpQixFQUNqQixPQUlDO1FBRUQsTUFBTSxRQUFRLEdBQUcsT0FBTyxFQUFFLFFBQVEsSUFBSSxDQUFDLENBQUM7UUFDeEMsTUFBTSxhQUFhLEdBQUcsT0FBTyxFQUFFLGFBQWEsSUFBSSxLQUFLLENBQUM7UUFDdEQsTUFBTSxVQUFVLEdBQUcsT0FBTyxFQUFFLFVBQVUsSUFBSSwrQkFBaUIsQ0FBQyxHQUFHLENBQUM7UUFDaEUsTUFBTSxLQUFLLEdBQWMsRUFBRSxDQUFDO1FBRTVCLE1BQU0sYUFBYSxHQUFHLGVBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUNyQyxJQUFJLElBQUksR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzNCLElBQUksYUFBYSxHQUFHLDZCQUE2QixDQUFDLEtBQUssQ0FBQztRQUN4RCxNQUFNLFdBQVcsR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLDZCQUE2QixDQUFDLENBQUM7UUFDakUsS0FBSyxNQUFNLFVBQVUsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNuQyxhQUFhLEdBQUcsVUFBVSxDQUFDO1lBQzNCLE1BQU0sT0FBTyxHQUFHLElBQUEsbUNBQWEsRUFBQyxNQUFNLENBQUMsTUFBTSxFQUFFLFVBQVUsQ0FBQyxDQUFDO1lBQ3pELElBQUksQ0FBQztnQkFDRCxNQUFNLFFBQVEsR0FBRyxNQUFNLGdCQUFVLENBQUMsZUFBZSxDQUFnQjtvQkFDN0QsV0FBVyxDQUFDLFFBQVE7d0JBQ2hCLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztvQkFDbkQsQ0FBQztvQkFDRCxPQUFPO3dCQUNILE9BQU8sYUFBYSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUU7NEJBQzlCLFlBQVksRUFBRSxhQUFhO3lCQUM5QixDQUFDLENBQUM7b0JBQ1AsQ0FBQztvQkFDRCxVQUFVLENBQUMsR0FBRzt3QkFDVixJQUFJLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDOzRCQUMxQyxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQzs0QkFFbkMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLElBQUksR0FBRyxFQUFFLENBQUM7d0JBQ3hDLENBQUM7d0JBRUQsT0FBTyxFQUFFLFNBQVMsRUFBRSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7b0JBQ2xELENBQUM7b0JBQ0QsYUFBYTtvQkFDYixRQUFRO2lCQUNYLENBQUMsQ0FBQztnQkFDSCxJQUFJLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FBQztnQkFDckIsTUFBTTtZQUNWLENBQUM7WUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO2dCQUNYLE1BQU0sTUFBTSxHQUFHLFVBQVUsS0FBSyxXQUFXLENBQUMsV0FBVyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQztnQkFDbEUsSUFBSSxNQUFNLEVBQUUsQ0FBQztvQkFDVCxNQUFNLEdBQUcsQ0FBQztnQkFDZCxDQUFDO1lBQ0wsQ0FBQztRQUNMLENBQUM7UUFDRCxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDOUMsS0FBSyxDQUFDLElBQUksQ0FBQztZQUNQLElBQUksRUFBRSxjQUFjLENBQUMsSUFBSTtZQUN6QixNQUFNLEVBQUUsVUFBVTtZQUNsQixJQUFJLEVBQUUsVUFBVSxLQUFLLCtCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQztTQUN6RixDQUFDLENBQUM7UUFFSCxNQUFNLEtBQUssR0FBRyxHQUFHLG1DQUFhLElBQUksOEJBQVEsSUFBSSxhQUFhLGFBQWEsQ0FBQztRQUN6RSxNQUFNLFFBQVEsR0FBRyxNQUFNLGdCQUFVLENBQUMsZUFBZSxDQUFnQjtZQUM3RCxXQUFXLENBQUMsUUFBUTtnQkFDaEIsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLENBQUMsTUFBTSxLQUFLLEdBQUcsRUFBRSxDQUFDO1lBQ25ELENBQUM7WUFDRCxPQUFPO2dCQUNILE9BQU8sYUFBYSxDQUFDLEdBQUcsQ0FBQyxLQUFLLEVBQUU7b0JBQzVCLFlBQVksRUFBRSxhQUFhO2lCQUM5QixDQUFDLENBQUM7WUFDUCxDQUFDO1lBQ0QsVUFBVSxDQUFDLEdBQUc7Z0JBQ1YsSUFBSSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztvQkFDMUMsTUFBTSxNQUFNLEdBQUcsR0FBRyxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUM7b0JBRW5DLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxJQUFJLEdBQUcsRUFBRSxDQUFDO2dCQUN4QyxDQUFDO2dCQUVELE9BQU8sRUFBRSxTQUFTLEVBQUUsZUFBSyxDQUFDLFlBQVksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2xELENBQUM7WUFDRCxhQUFhO1lBQ2IsUUFBUTtTQUNYLENBQUMsQ0FBQztRQUVILE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1FBQzVELElBQUksT0FBTyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN2QixNQUFNLElBQUksS0FBSyxDQUFDLHFDQUFxQyxDQUFDLENBQUM7UUFDM0QsQ0FBQztRQUVELEtBQUssQ0FBQyxJQUFJLENBQUM7WUFDUCxJQUFJLEVBQUUsY0FBYyxDQUFDLEdBQUc7WUFDeEIsTUFBTSxFQUFFLFVBQVU7WUFDbEIsSUFBSSxFQUFFLFVBQVUsS0FBSywrQkFBaUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUM7U0FDL0YsQ0FBQyxDQUFDO1FBQ0gsS0FBSyxDQUFDLElBQUksQ0FBQztZQUNQLElBQUksRUFBRSxjQUFjLENBQUMsR0FBRztZQUN4QixNQUFNLEVBQUUsVUFBVTtZQUNsQixJQUFJLEVBQUUsVUFBVSxLQUFLLCtCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUMvRixDQUFDLENBQUM7UUFFSCxPQUFPLEtBQUssQ0FBQztJQUNqQixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLE1BQU0sQ0FBQyxLQUFLLENBQUMsMEJBQTBCLENBQzFDLFFBQWdCLEVBQ2hCLE9BSUM7UUFFRCxNQUFNLE1BQU0sR0FBRyxNQUFNLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN4RCxNQUFNLEtBQUssR0FBRyxNQUFNLE1BQU0sQ0FBQyxjQUFjLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBRTNELE9BQU87WUFDSCxHQUFHLE1BQU07WUFDVCxLQUFLLEVBQUUsS0FBSztTQUNmLENBQUM7SUFDTixDQUFDO0lBRVMsTUFBTSxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQ2hDLFVBQWtCLEVBQ2xCLE9BQWlCLEVBQUUsRUFDbkIsVUFBZ0QsRUFBRTtRQUVsRCxPQUFPLElBQUksT0FBTyxDQUFDLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFO1lBQ25DLE1BQU0sVUFBVSxHQUFHLElBQUEscUJBQUssRUFBQyxVQUFVLEVBQUUsSUFBSSxFQUFFO2dCQUN2QyxHQUFHLEVBQUUsT0FBTyxDQUFDLEdBQUc7Z0JBQ2hCLEtBQUssRUFBRSxNQUFNO2FBQ2hCLENBQUMsQ0FBQztZQUVILElBQUksTUFBTSxHQUFHLEVBQUUsQ0FBQztZQUNoQixJQUFJLE1BQU0sR0FBRyxFQUFFLENBQUM7WUFFaEIsVUFBVSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxFQUFFLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDLE1BQU0sSUFBSSxLQUFLLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBQ3ZFLFVBQVUsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQyxNQUFNLElBQUksS0FBSyxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUMsQ0FBQztZQUV2RSxJQUFJLFNBQXFDLENBQUM7WUFDMUMsSUFBSSxPQUFPLENBQUMsU0FBUyxJQUFJLE9BQU8sQ0FBQyxTQUFTLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQzdDLFNBQVMsR0FBRyxVQUFVLENBQUMsR0FBRyxFQUFFO29CQUN4QixVQUFVLENBQUMsSUFBSSxFQUFFLENBQUM7b0JBQ2xCLE1BQU0sQ0FBQyxJQUFJLEtBQUssQ0FBQywyQkFBMkIsT0FBTyxDQUFDLFNBQVMsSUFBSSxDQUFDLENBQUMsQ0FBQztnQkFDeEUsQ0FBQyxFQUFFLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUMxQixDQUFDO1lBRUQsVUFBVSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxRQUFRLEVBQUUsRUFBRTtnQkFDaEMsSUFBSSxTQUFTO29CQUFFLFlBQVksQ0FBQyxTQUFTLENBQUMsQ0FBQztnQkFDdkMsT0FBTyxDQUFDO29CQUNKLFFBQVEsRUFBRSxRQUFRLElBQUksQ0FBQztvQkFDdkIsTUFBTTtvQkFDTixNQUFNO2lCQUNULENBQUMsQ0FBQztZQUNQLENBQUMsQ0FBQyxDQUFDO1lBRUgsVUFBVSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxLQUFLLEVBQUUsRUFBRTtnQkFDN0IsSUFBSSxTQUFTO29CQUFFLFlBQVksQ0FBQyxTQUFTLENBQUMsQ0FBQztnQkFDdkMsTUFBTSxDQUFDLElBQUksS0FBSyxDQUFDLDRCQUE0QixLQUFLLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBQ25FLENBQUMsQ0FBQyxDQUFDO1FBQ1AsQ0FBQyxDQUFDLENBQUM7SUFDUCxDQUFDO0lBRU0sTUFBTSxDQUFDLFdBQVcsQ0FBQyxJQUFhO1FBQ25DLE1BQU0sSUFBSSxHQUFHLElBQUEsbUJBQVUsRUFBQyxRQUFRLENBQUMsQ0FBQztRQUNsQyxJQUFJLElBQUksQ0FBQyxNQUFNLEtBQUssK0JBQWlCLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDeEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLElBQUksQ0FBQyxJQUFjLENBQUMsQ0FBQyxDQUFDO1FBQzdELENBQUM7YUFBTSxDQUFDO1lBQ0osSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBYyxDQUFDLENBQUM7UUFDckMsQ0FBQztRQUVELE9BQU8sSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO0lBQ3pCLENBQUM7SUFFUyxNQUFNLENBQUMsVUFBVSxDQUFDLEdBQVksRUFBRSxhQUF3QjtRQUM5RCxNQUFNLE9BQU8sR0FBRyxLQUFLLENBQUMsR0FBRyxDQUFDLGtCQUFrQixDQUN4QyxHQUFHLENBQUMsTUFBTSxLQUFLLCtCQUFpQixDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUUsR0FBRyxDQUFDLElBQWUsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDLEdBQUcsQ0FBQyxJQUFjLENBQUMsQ0FDNUcsQ0FBQztRQUNGLE1BQU0sS0FBSyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLElBQUksS0FBSyxZQUFZLENBQUMsRUFBRSxLQUV0RSxDQUFDO1FBQ2hCLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNULE1BQU0sSUFBSSxLQUFLLENBQUMsdUNBQXVDLENBQUMsQ0FBQztRQUM3RCxDQUFDO1FBRUQsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUN4QyxNQUFNLFdBQVcsR0FBRyxDQUFDLGFBQWEsSUFBSSxhQUFhLENBQUMsS0FBSyxDQUFDLENBQUMsSUFBSSxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBRS9FLE9BQU8sT0FBTyxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksTUFBTSxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQzVCLE1BQTBCLEVBQzFCLE9BS0M7UUFFRCxNQUFNLGFBQWEsR0FBRyxPQUFPLEVBQUUsYUFBYSxJQUFJLG1CQUFtQixFQUFFLENBQUM7UUFDdEUsTUFBTSxTQUFTLEdBQUcsT0FBTyxFQUFFLFNBQVMsSUFBSSxLQUFLLENBQUM7UUFDOUMsTUFBTSxrQkFBa0IsR0FDcEIsT0FBTyxFQUFFLGtCQUFrQixJQUFJLElBQUksQ0FBQyxPQUFPLENBQUMsU0FBUyxFQUFFLHNDQUFzQyxDQUFDLENBQUM7UUFDbkcsTUFBTSxjQUFjLEdBQUcsT0FBTyxFQUFFLGNBQWMsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUVsRixJQUFJLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxrQkFBa0IsQ0FBQyxFQUFFLENBQUM7WUFDdkMsTUFBTSxJQUFJLEtBQUssQ0FBQyw2Q0FBNkMsQ0FBQyxDQUFDO1FBQ25FLENBQUM7UUFDRCxNQUFNLEdBQUcsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLElBQUksS0FBSyxjQUFjLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDMUUsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ1AsTUFBTSxJQUFJLEtBQUssQ0FBQyxpREFBaUQsQ0FBQyxDQUFDO1FBQ3ZFLENBQUM7UUFFRCxJQUFJLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxHQUFHLEVBQUUsYUFBYSxDQUFDLEVBQUUsQ0FBQztZQUN6QyxNQUFNLElBQUksS0FBSyxDQUFDLHVFQUF1RSxDQUFDLENBQUM7UUFDN0YsQ0FBQztRQUVELE1BQU0sT0FBTyxHQUFHLE1BQU0sRUFBRSxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsQ0FBQztRQUVqRCxJQUFJLENBQUM7WUFDRCxLQUFLLE1BQU0sU0FBUyxJQUFJLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztnQkFDbkMsTUFBTSxRQUFRLEdBQUcsU0FBUyxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztnQkFDOUMsTUFBTSxTQUFTLEdBQUcsU0FBUyxDQUFDLE1BQU0sS0FBSywrQkFBaUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDO2dCQUM3RSxNQUFNLEVBQUUsQ0FBQyxTQUFTLENBQ2QsR0FBRyxPQUFPLElBQUksUUFBUSxJQUFJLFNBQVMsRUFBRSxFQUNyQyxTQUFTLENBQUMsSUFBSSxFQUNkLFNBQVMsQ0FBQyxNQUFNLEtBQUssK0JBQWlCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FDbEUsQ0FBQztZQUNOLENBQUM7WUFDRCxNQUFNLFVBQVUsR0FBRyxHQUFHLE9BQU8sYUFBYSxDQUFDO1lBQzNDLE1BQU0sRUFBRSxDQUFDLFNBQVMsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1lBQzlDLE1BQU0sV0FBVyxHQUFHLE1BQU0sTUFBTSxDQUFDLGFBQWEsQ0FDMUMsa0JBQWtCLEVBQ2xCLENBQUMsUUFBUSxFQUFFLGFBQWEsRUFBRSxPQUFPLEVBQUUsVUFBVSxDQUFDLEVBQzlDLEVBQUUsU0FBUyxFQUFFLENBQ2hCLENBQUM7WUFDRixJQUFJLFdBQVcsQ0FBQyxRQUFRLElBQUksQ0FBQyxFQUFFLENBQUM7Z0JBQzVCLE1BQU0sSUFBSSxLQUFLLENBQUMsb0NBQW9DLFdBQVcsQ0FBQyxNQUFNLEtBQUssV0FBVyxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7WUFDckcsQ0FBQztRQUNMLENBQUM7Z0JBQVMsQ0FBQztZQUNQLE1BQU0sSUFBQSxnQ0FBc0IsRUFBQyxPQUFPLENBQUMsQ0FBQztRQUMxQyxDQUFDO0lBQ0wsQ0FBQztJQUVTLE1BQU0sQ0FBQyxhQUFhLENBQUMsT0FBZSxFQUFFLElBQVksRUFBRSxNQUFjO1FBQ3hFLE1BQU0sSUFBSSxHQUFHLElBQUEsbUJBQVUsRUFBQyxRQUFRLENBQUMsQ0FBQztRQUNsQyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRXJCLE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDaEMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDL0IsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUVyQixNQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ2xDLFNBQVMsQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDdEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUV2QixPQUFPLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztJQUN6QixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksTUFBTSxDQUFDLFlBQVksQ0FBQyxNQUFjO1FBQ3JDLE1BQU0sT0FBTyxHQUFHLElBQUEsc0NBQWdCLEVBQUMsTUFBTSxDQUFDLENBQUM7UUFDekMsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQ0FBYSxFQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ25DLE1BQU0sTUFBTSxHQUFHLElBQUEscUNBQWUsRUFBQyxNQUFNLENBQUMsQ0FBQztRQUV2QyxPQUFPLE1BQU0sQ0FBQyxhQUFhLENBQUMsT0FBTyxFQUFFLElBQUksRUFBRSxNQUFNLENBQUMsQ0FBQztJQUN2RCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksTUFBTSxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQUMsTUFBYztRQUM1QyxPQUFPLElBQUEsbUNBQWEsRUFBQyxNQUFNLENBQUMsQ0FBQztJQUNqQyxDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksTUFBTSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFjO1FBQy9DLE9BQU8sSUFBQSxzQ0FBZ0IsRUFBQyxNQUFNLENBQUMsQ0FBQztJQUNwQyxDQUFDO0lBRVMsTUFBTSxDQUFDLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxRQUFnQjtRQUN2RCxNQUFNLFFBQVEsR0FBRyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDN0MsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVSxFQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ2xDLElBQUksQ0FBQyxNQUFNLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFdEIsT0FBTyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVTLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxPQUFlO1FBQ2pELE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsRUFBRSxPQUFPLENBQUMsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDN0YsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVSxFQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ2xDLElBQUksQ0FBQyxNQUFNLENBQUMsWUFBWSxDQUFDLENBQUM7UUFFMUIsT0FBTyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7SUFDekIsQ0FBQztJQUVEOzs7T0FHRztJQUNJLE1BQU0sQ0FBQyxLQUFLLENBQUMsZ0JBQWdCLENBQUMsTUFBOEI7UUFDL0QsTUFBTSxPQUFPLEdBQUcsSUFBQSxvQ0FBYyxFQUMxQixNQUFNLENBQUMsUUFBUSxFQUNmLE1BQU0sQ0FBQyxVQUFVLEVBQ2pCLE1BQU0sQ0FBQyxVQUFVLElBQUksZ0NBQXdCLEVBQzdDLE1BQU0sQ0FBQyxXQUFXLEVBQ2xCLE1BQU0sQ0FBQyxPQUFPLEVBQ2QsTUFBTSxDQUFDLFNBQVMsQ0FDbkIsQ0FBQztRQUVGLE9BQU8sTUFBTSxDQUFDLGFBQWEsQ0FBQyxPQUFPLEVBQUUsTUFBTSxDQUFDLElBQUksSUFBSSxDQUFDLEVBQUUsTUFBTSxDQUFDLE1BQU0sSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztJQUM3RixDQUFDO0lBRVMsTUFBTSxDQUFDLHVCQUF1QixDQUFDLE9BQWUsRUFBRSxTQUFTLEdBQUcsT0FBTztRQUN6RSxNQUFNLEtBQUssR0FBRyxJQUFJLE1BQU0sQ0FBQyxHQUFHLFNBQVMsWUFBWSxDQUFDLENBQUM7UUFDbkQsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNuQyxJQUFJLEtBQUssRUFBRSxDQUFDO1lBQ1IsT0FBTyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDcEIsQ0FBQzthQUFNLENBQUM7WUFDSixNQUFNLElBQUksS0FBSyxDQUFDLEdBQUcsU0FBUyxzQkFBc0IsQ0FBQyxDQUFDO1FBQ3hELENBQUM7SUFDTCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksTUFBTSxDQUFDLFNBQVMsQ0FBQyxPQUFnQjtRQUNwQyxPQUFPLElBQUEsK0JBQVMsRUFBQyxPQUFPLENBQUMsQ0FBQztJQUM5QixDQUFDO0NBQ0o7QUFsZUQsd0JBa2VDIn0=
481
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V2LXNucC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9zZ3gtbmF0aXZlLW1vZHVsZS9zZXYtc25wLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O0FBQUEsNkVBdUI2QztBQUU3QyxtREFBaUY7QUFDakYsa0RBQTZDO0FBQzdDLGtEQUFvQztBQUVwQyxnREFBa0M7QUFDbEMsMkNBQTZCO0FBQzdCLHVDQUF5QjtBQUN6QixpREFBc0M7QUFDdEMsbUNBQW9DO0FBQ3BDLHVDQUFtRDtBQUNuRCxrREFPNEI7QUFDNUIscURBQTZHO0FBQzdHLG1EQUFnRDtBQWFuQyxRQUFBLHNCQUFzQixHQUFZO0lBQzNDLE1BQU0sRUFBRSxFQUFFO0lBQ1YsS0FBSyxFQUFFLENBQUM7SUFDUixRQUFRLEVBQUUsQ0FBQztDQUNkLENBQUM7QUFFVyxRQUFBLHdCQUF3QixHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQy9DLGtFQUFrRSxFQUNsRSxLQUFLLENBQ1IsQ0FBQztBQUlGLFNBQWdCLG1CQUFtQjtJQUMvQixNQUFNLFVBQVUsR0FBOEIsRUFBRSxDQUFDO0lBRWpELFVBQVUsQ0FBQyxXQUFXLENBQUMsR0FBRyxNQUFNLENBQUMsV0FBVyxDQUFDO1FBQ3pDLE1BQU0sRUFBRSxtQ0FBdUIsQ0FBQyxHQUFHO1FBQ25DLElBQUksRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLG1DQUFhLENBQUM7S0FDbkMsQ0FBQyxDQUFDO0lBRUgsVUFBVSxDQUFDLFdBQVcsQ0FBQyxHQUFHLE1BQU0sQ0FBQyxXQUFXLENBQUM7UUFDekMsTUFBTSxFQUFFLG1DQUF1QixDQUFDLEdBQUc7UUFDbkMsSUFBSSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsbUNBQWEsQ0FBQztLQUNuQyxDQUFDLENBQUM7SUFFSCxVQUFVLENBQUMsV0FBVyxDQUFDLEdBQUcsTUFBTSxDQUFDLFdBQVcsQ0FBQztRQUN6QyxNQUFNLEVBQUUsbUNBQXVCLENBQUMsR0FBRztRQUNuQyxJQUFJLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxtQ0FBYSxDQUFDO0tBQ25DLENBQUMsQ0FBQztJQUVILE9BQU8sVUFBVSxDQUFDO0FBQ3RCLENBQUM7QUFuQkQsa0RBbUJDO0FBRUQsTUFBYSxNQUFNO0lBQ1IsTUFBTSxDQUFDLGtCQUFrQixDQUFDLE1BQTBCO1FBQ3ZELE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQyw4QkFBa0IsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztJQUNuRSxDQUFDO0lBRU0sTUFBTSxDQUFDLG9CQUFvQixDQUFDLFVBQWtCO1FBQ2pELE9BQU8sOEJBQWtCLENBQUMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQ2pELENBQUM7SUFFUyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsSUFBWTtRQUMxQyxNQUFNLFNBQVMsR0FBRywrQkFBK0IsQ0FBQztRQUNsRCxNQUFNLFNBQVMsR0FBRyw2QkFBNkIsQ0FBQztRQUVoRCxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ3hFLE9BQU8sSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBQzNCLENBQUM7UUFDRCxNQUFNLGVBQWUsR0FBRyxJQUFJO2FBQ3ZCLFFBQVEsQ0FBQyxRQUFRLENBQUM7YUFDbEIsS0FBSyxDQUFDLFVBQVUsQ0FBQztZQUNsQixFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUVqQixPQUFPLFNBQVMsR0FBRyxlQUFlLEdBQUcsU0FBUyxDQUFDO0lBQ25ELENBQUM7SUFFUyxNQUFNLENBQUMsZUFBZSxDQUFDLElBQVk7UUFDekMsT0FBTyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxDQUFDLFFBQVEsRUFBRSxFQUFFLFFBQVEsQ0FBQyxDQUFDO0lBQ3RFLENBQUM7SUFFUyxNQUFNLENBQUMsVUFBVSxDQUFDLFFBQWdCO1FBQ3hDLE1BQU0sU0FBUyxHQUFHLGlFQUFpRSxDQUFDO1FBQ3BGLE1BQU0sT0FBTyxHQUFHLFFBQVEsQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUM7UUFFMUMsT0FBTyxLQUFLLENBQUMsSUFBSSxDQUFDLE9BQU8sSUFBSSxFQUFFLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRVMsTUFBTSxDQUFDLEtBQUssQ0FBQyxXQUFXO1FBQzlCLE1BQU0sSUFBSSxHQUFHLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxlQUFlLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDekQsK0dBQStHO1FBQy9HLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxrQkFBa0IsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLENBQUMsUUFBZ0IsRUFBRSxPQUFlLENBQUM7UUFDcEUsSUFBSSxRQUFRLENBQUMsTUFBTSxHQUFHLDBDQUFvQixFQUFFLENBQUM7WUFDekMsTUFBTSxJQUFJLEtBQUssQ0FBQywwQkFBMEIsMENBQW9CLFNBQVMsQ0FBQyxDQUFDO1FBQzdFLENBQUM7UUFFRCxNQUFNLGNBQWMsR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQ3hDLFFBQVEsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLENBQUM7UUFFOUIsTUFBTSxTQUFTLEdBQUcsSUFBQSxrQ0FBWSxFQUFDLGNBQWMsRUFBRSxJQUFJLENBQUMsQ0FBQztRQUNyRCxNQUFNLE9BQU8sR0FBRyxJQUFBLGdDQUFVLEdBQUUsQ0FBQztRQUM3QixNQUFNLE1BQU0sR0FBRyxJQUFBLCtCQUFTLEVBQUMsT0FBTyxDQUFDLENBQUM7UUFDbEMsTUFBTSxLQUFLLEdBQUcsSUFBQSwwQ0FBb0IsR0FBRSxDQUFDO1FBQ3JDLE1BQU0sT0FBTyxHQUFHLE1BQU0sTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO1FBRTNDLE9BQU87WUFDSCxTQUFTO1lBQ1QsTUFBTTtZQUNOLEtBQUs7WUFDTCxXQUFXLEVBQUUsTUFBTSxDQUFDLG9CQUFvQixDQUFDLE9BQU8sQ0FBQztZQUNqRCxLQUFLLEVBQUUsTUFBTSxDQUFDLHVCQUF1QixDQUFDLE9BQU8sQ0FBQztTQUNqRCxDQUFDO0lBQ04sQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ksTUFBTSxDQUFDLEtBQUssQ0FBQyxjQUFjLENBQzlCLE1BQWlCLEVBQ2pCLE9BSUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxPQUFPLEVBQUUsUUFBUSxJQUFJLENBQUMsQ0FBQztRQUN4QyxNQUFNLGFBQWEsR0FBRyxPQUFPLEVBQUUsYUFBYSxJQUFJLEtBQUssQ0FBQztRQUN0RCxNQUFNLFVBQVUsR0FBRyxPQUFPLEVBQUUsVUFBVSxJQUFJLG1DQUF1QixDQUFDLEdBQUcsQ0FBQztRQUN0RSxNQUFNLEtBQUssR0FBYyxFQUFFLENBQUM7UUFFNUIsTUFBTSxhQUFhLEdBQUcsZUFBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ3JDLElBQUksSUFBSSxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDM0IsSUFBSSxhQUFhLEdBQUcsMkNBQXFCLENBQUMsS0FBSyxDQUFDO1FBQ2hELElBQUksV0FBVyxHQUFHLE1BQU0sQ0FBQyxNQUFNLENBQUMsMkNBQXFCLENBQUMsQ0FBQztRQUV2RCxvRUFBb0U7UUFDcEUsb0VBQW9FO1FBQ3BFLElBQUksQ0FBQztZQUNELE1BQU0sT0FBTyxHQUFHLE1BQU0sTUFBTSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7WUFDN0UsTUFBTSxRQUFRLEdBQUcsTUFBTSxNQUFNLENBQUMsZ0JBQWdCLENBQUMsT0FBTyxDQUFDLENBQUM7WUFDeEQsV0FBVyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUM7UUFDN0IsQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDWCxvRUFBb0U7WUFDcEUsZ0NBQWdDO1FBQ3BDLENBQUM7UUFFRCxLQUFLLE1BQU0sVUFBVSxJQUFJLFdBQVcsRUFBRSxDQUFDO1lBQ25DLGFBQWEsR0FBRyxVQUFVLENBQUM7WUFDM0IsTUFBTSxPQUFPLEdBQUcsSUFBQSxtQ0FBYSxFQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxFQUFFLFVBQVUsQ0FBQyxDQUFDO1lBQ3pFLElBQUksQ0FBQztnQkFDRCxNQUFNLFFBQVEsR0FBRyxNQUFNLGdCQUFVLENBQUMsZUFBZSxDQUFnQjtvQkFDN0QsV0FBVyxDQUFDLFFBQVE7d0JBQ2hCLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUUsQ0FBQztvQkFDbkQsQ0FBQztvQkFDRCxPQUFPO3dCQUNILE9BQU8sYUFBYSxDQUFDLEdBQUcsQ0FBQyxPQUFPLEVBQUU7NEJBQzlCLFlBQVksRUFBRSxhQUFhO3lCQUM5QixDQUFDLENBQUM7b0JBQ1AsQ0FBQztvQkFDRCxVQUFVLENBQUMsR0FBRzt3QkFDVixJQUFJLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDOzRCQUMxQyxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQzs0QkFFbkMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLElBQUksR0FBRyxFQUFFLENBQUM7d0JBQ3hDLENBQUM7d0JBRUQsT0FBTyxFQUFFLFNBQVMsRUFBRSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7b0JBQ2xELENBQUM7b0JBQ0QsYUFBYTtvQkFDYixRQUFRO2lCQUNYLENBQUMsQ0FBQztnQkFDSCxJQUFJLEdBQUcsUUFBUSxDQUFDLElBQUksQ0FBQztnQkFDckIsTUFBTTtZQUNWLENBQUM7WUFBQyxPQUFPLEdBQUcsRUFBRSxDQUFDO2dCQUNYLE1BQU0sTUFBTSxHQUFHLFVBQVUsS0FBSyxXQUFXLENBQUMsV0FBVyxDQUFDLE1BQU0sR0FBRyxDQUFDLENBQUMsQ0FBQztnQkFDbEUsSUFBSSxNQUFNLEVBQUUsQ0FBQztvQkFDVCxNQUFNLEdBQUcsQ0FBQztnQkFDZCxDQUFDO1lBQ0wsQ0FBQztRQUNMLENBQUM7UUFDRCxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDOUMsS0FBSyxDQUFDLElBQUksQ0FBQztZQUNQLElBQUksRUFBRSwwQkFBYyxDQUFDLElBQUk7WUFDekIsTUFBTSxFQUFFLFVBQVU7WUFDbEIsSUFBSSxFQUFFLFVBQVUsS0FBSyxtQ0FBdUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsT0FBTyxDQUFDO1NBQzVHLENBQUMsQ0FBQztRQUVILE1BQU0sS0FBSyxHQUFHLEdBQUcsbUNBQWEsSUFBSSw4QkFBUSxJQUFJLGFBQWEsYUFBYSxDQUFDO1FBQ3pFLE1BQU0sUUFBUSxHQUFHLE1BQU0sZ0JBQVUsQ0FBQyxlQUFlLENBQWdCO1lBQzdELFdBQVcsQ0FBQyxRQUFRO2dCQUNoQixPQUFPLEVBQUUsVUFBVSxFQUFFLFFBQVEsQ0FBQyxNQUFNLEtBQUssR0FBRyxFQUFFLENBQUM7WUFDbkQsQ0FBQztZQUNELE9BQU87Z0JBQ0gsT0FBTyxhQUFhLENBQUMsR0FBRyxDQUFDLEtBQUssRUFBRTtvQkFDNUIsWUFBWSxFQUFFLGFBQWE7aUJBQzlCLENBQUMsQ0FBQztZQUNQLENBQUM7WUFDRCxVQUFVLENBQUMsR0FBRztnQkFDVixJQUFJLGVBQUssQ0FBQyxZQUFZLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDO29CQUMxQyxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQztvQkFFbkMsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLElBQUksR0FBRyxFQUFFLENBQUM7Z0JBQ3hDLENBQUM7Z0JBRUQsT0FBTyxFQUFFLFNBQVMsRUFBRSxlQUFLLENBQUMsWUFBWSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbEQsQ0FBQztZQUNELGFBQWE7WUFDYixRQUFRO1NBQ1gsQ0FBQyxDQUFDO1FBRUgsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFDNUQsSUFBSSxPQUFPLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sSUFBSSxLQUFLLENBQUMscUNBQXFDLENBQUMsQ0FBQztRQUMzRCxDQUFDO1FBRUQsS0FBSyxDQUFDLElBQUksQ0FBQztZQUNQLElBQUksRUFBRSwwQkFBYyxDQUFDLEdBQUc7WUFDeEIsTUFBTSxFQUFFLFVBQVU7WUFDbEIsSUFBSSxFQUNBLFVBQVUsS0FBSyxtQ0FBdUIsQ0FBQyxHQUFHO2dCQUN0QyxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ3pCLENBQUMsQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUMvQyxDQUFDLENBQUM7UUFDSCxLQUFLLENBQUMsSUFBSSxDQUFDO1lBQ1AsSUFBSSxFQUFFLDBCQUFjLENBQUMsR0FBRztZQUN4QixNQUFNLEVBQUUsVUFBVTtZQUNsQixJQUFJLEVBQ0EsVUFBVSxLQUFLLG1DQUF1QixDQUFDLEdBQUc7Z0JBQ3RDLENBQUMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztnQkFDekIsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxlQUFlLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDO1NBQy9DLENBQUMsQ0FBQztRQUVILE9BQU8sS0FBSyxDQUFDO0lBQ2pCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0ksTUFBTSxDQUFDLEtBQUssQ0FBQywwQkFBMEIsQ0FDMUMsUUFBZ0IsRUFDaEIsT0FJQztRQUVELE1BQU0sU0FBUyxHQUFHLE1BQU0sTUFBTSxDQUFDLGlCQUFpQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzNELE1BQU0sS0FBSyxHQUFHLE1BQU0sTUFBTSxDQUFDLGNBQWMsQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFOUQsT0FBTztZQUNILFNBQVM7WUFDVCxLQUFLLEVBQUUsS0FBSztTQUNmLENBQUM7SUFDTixDQUFDO0lBRVMsTUFBTSxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQ2hDLFVBQWtCLEVBQ2xCLE9BQWlCLEVBQUUsRUFDbkIsVUFBZ0QsRUFBRTtRQUVsRCxPQUFPLElBQUksT0FBTyxDQUFDLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFO1lBQ25DLE1BQU0sVUFBVSxHQUFHLElBQUEscUJBQUssRUFBQyxVQUFVLEVBQUUsSUFBSSxFQUFFO2dCQUN2QyxHQUFHLEVBQUUsT0FBTyxDQUFDLEdBQUc7Z0JBQ2hCLEtBQUssRUFBRSxNQUFNO2FBQ2hCLENBQUMsQ0FBQztZQUVILElBQUksTUFBTSxHQUFHLEVBQUUsQ0FBQztZQUNoQixJQUFJLE1BQU0sR0FBRyxFQUFFLENBQUM7WUFFaEIsVUFBVSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxFQUFFLENBQUMsS0FBSyxFQUFFLEVBQUUsQ0FBQyxDQUFDLE1BQU0sSUFBSSxLQUFLLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBQ3ZFLFVBQVUsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sRUFBRSxDQUFDLEtBQUssRUFBRSxFQUFFLENBQUMsQ0FBQyxNQUFNLElBQUksS0FBSyxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUMsQ0FBQztZQUV2RSxJQUFJLFNBQXFDLENBQUM7WUFDMUMsSUFBSSxPQUFPLENBQUMsU0FBUyxJQUFJLE9BQU8sQ0FBQyxTQUFTLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQzdDLFNBQVMsR0FBRyxVQUFVLENBQUMsR0FBRyxFQUFFO29CQUN4QixVQUFVLENBQUMsSUFBSSxFQUFFLENBQUM7b0JBQ2xCLE1BQU0sQ0FBQyxJQUFJLEtBQUssQ0FBQywyQkFBMkIsT0FBTyxDQUFDLFNBQVMsSUFBSSxDQUFDLENBQUMsQ0FBQztnQkFDeEUsQ0FBQyxFQUFFLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUMxQixDQUFDO1lBRUQsVUFBVSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxRQUFRLEVBQUUsRUFBRTtnQkFDaEMsSUFBSSxTQUFTO29CQUFFLFlBQVksQ0FBQyxTQUFTLENBQUMsQ0FBQztnQkFDdkMsT0FBTyxDQUFDO29CQUNKLFFBQVEsRUFBRSxRQUFRLElBQUksQ0FBQztvQkFDdkIsTUFBTTtvQkFDTixNQUFNO2lCQUNULENBQUMsQ0FBQztZQUNQLENBQUMsQ0FBQyxDQUFDO1lBRUgsVUFBVSxDQUFDLEVBQUUsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxLQUFLLEVBQUUsRUFBRTtnQkFDN0IsSUFBSSxTQUFTO29CQUFFLFlBQVksQ0FBQyxTQUFTLENBQUMsQ0FBQztnQkFDdkMsTUFBTSxDQUFDLElBQUksS0FBSyxDQUFDLDRCQUE0QixLQUFLLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBQ25FLENBQUMsQ0FBQyxDQUFDO1FBQ1AsQ0FBQyxDQUFDLENBQUM7SUFDUCxDQUFDO0lBRU0sTUFBTSxDQUFDLFdBQVcsQ0FBQyxJQUEyQjtRQUNqRCxNQUFNLElBQUksR0FBRyxJQUFBLG1CQUFVLEVBQUMsUUFBUSxDQUFDLENBQUM7UUFDbEMsSUFBSSxJQUFJLENBQUMsTUFBTSxLQUFLLG1DQUF1QixDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQzlDLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUMsQ0FBQztRQUM5RCxDQUFDO2FBQU0sQ0FBQztZQUNKLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQWMsQ0FBQyxDQUFDO1FBQ3JDLENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztJQUN6QixDQUFDO0lBRVMsTUFBTSxDQUFDLFVBQVUsQ0FBQyxHQUFZLEVBQUUsYUFBd0I7UUFDOUQsTUFBTSxPQUFPLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FDeEMsR0FBRyxDQUFDLE1BQU0sS0FBSyxtQ0FBdUIsQ0FBQyxHQUFHO1lBQ3RDLENBQUMsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRTtZQUNyQixDQUFDLENBQUMsTUFBTSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQ3ZELENBQUM7UUFDRixNQUFNLEtBQUssR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxJQUFJLEtBQUssWUFBWSxDQUFDLEVBQUUsS0FFdEUsQ0FBQztRQUNoQixJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDVCxNQUFNLElBQUksS0FBSyxDQUFDLHVDQUF1QyxDQUFDLENBQUM7UUFDN0QsQ0FBQztRQUVELE1BQU0sT0FBTyxHQUFHLE1BQU0sQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDeEMsTUFBTSxXQUFXLEdBQUcsQ0FBQyxhQUFhLElBQUksYUFBYSxDQUFDLEtBQUssQ0FBQyxDQUFDLElBQUksTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUUvRSxPQUFPLE9BQU8sQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLENBQUM7SUFDdkMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLE1BQU0sQ0FBQyxLQUFLLENBQUMsWUFBWSxDQUM1QixNQUEwQixFQUMxQixPQUtDO1FBRUQsTUFBTSxhQUFhLEdBQUcsT0FBTyxFQUFFLGFBQWEsSUFBSSxtQkFBbUIsRUFBRSxDQUFDO1FBQ3RFLE1BQU0sU0FBUyxHQUFHLE9BQU8sRUFBRSxTQUFTLElBQUksS0FBSyxDQUFDO1FBQzlDLE1BQU0sa0JBQWtCLEdBQ3BCLE9BQU8sRUFBRSxrQkFBa0IsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLFNBQVMsRUFBRSxzQ0FBc0MsQ0FBQyxDQUFDO1FBQ25HLE1BQU0sY0FBYyxHQUFHLE9BQU8sRUFBRSxjQUFjLElBQUksSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBTSxFQUFFLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFbEYsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsa0JBQWtCLENBQUMsRUFBRSxDQUFDO1lBQ3ZDLE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztRQUNuRSxDQUFDO1FBQ0QsTUFBTSxHQUFHLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxJQUFJLEtBQUssMEJBQWMsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUMxRSxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7WUFDUCxNQUFNLElBQUksS0FBSyxDQUFDLGlEQUFpRCxDQUFDLENBQUM7UUFDdkUsQ0FBQztRQUVELElBQUksQ0FBQyxNQUFNLENBQUMsVUFBVSxDQUFDLEdBQUcsRUFBRSxhQUFhLENBQUMsRUFBRSxDQUFDO1lBQ3pDLE1BQU0sSUFBSSxLQUFLLENBQUMsdUVBQXVFLENBQUMsQ0FBQztRQUM3RixDQUFDO1FBRUQsTUFBTSxPQUFPLEdBQUcsTUFBTSxFQUFFLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBRWpELElBQUksQ0FBQztZQUNELEtBQUssTUFBTSxTQUFTLElBQUksTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNuQyxNQUFNLFFBQVEsR0FBRyxJQUFBLGdDQUFvQixFQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxXQUFXLEVBQUUsQ0FBQztnQkFDcEUsTUFBTSxTQUFTLEdBQUcsU0FBUyxDQUFDLE1BQU0sS0FBSyxtQ0FBdUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDO2dCQUNuRixNQUFNLEVBQUUsQ0FBQyxTQUFTLENBQ2QsR0FBRyxPQUFPLElBQUksUUFBUSxJQUFJLFNBQVMsRUFBRSxFQUNyQyxTQUFTLENBQUMsSUFBSSxFQUNkLFNBQVMsQ0FBQyxNQUFNLEtBQUssbUNBQXVCLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLFNBQVMsQ0FDeEUsQ0FBQztZQUNOLENBQUM7WUFDRCxNQUFNLFVBQVUsR0FBRyxHQUFHLE9BQU8sYUFBYSxDQUFDO1lBRTNDLE1BQU0sRUFBRSxDQUFDLFNBQVMsQ0FBQyxVQUFVLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsU0FBVSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUM7WUFFekUsTUFBTSxXQUFXLEdBQUcsTUFBTSxNQUFNLENBQUMsYUFBYSxDQUMxQyxrQkFBa0IsRUFDbEIsQ0FBQyxRQUFRLEVBQUUsYUFBYSxFQUFFLE9BQU8sRUFBRSxVQUFVLENBQUMsRUFDOUMsRUFBRSxTQUFTLEVBQUUsQ0FDaEIsQ0FBQztZQUNGLElBQUksV0FBVyxDQUFDLFFBQVEsSUFBSSxDQUFDLEVBQUUsQ0FBQztnQkFDNUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxvQ0FBb0MsV0FBVyxDQUFDLE1BQU0sS0FBSyxXQUFXLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztZQUNyRyxDQUFDO1FBQ0wsQ0FBQztnQkFBUyxDQUFDO1lBQ1AsTUFBTSxJQUFBLGdDQUFzQixFQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzFDLENBQUM7SUFDTCxDQUFDO0lBRVMsTUFBTSxDQUFDLGFBQWEsQ0FBQyxPQUFlLEVBQUUsSUFBWSxFQUFFLE1BQWM7UUFDeEUsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVSxFQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ2xDLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFckIsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNoQyxPQUFPLENBQUMsYUFBYSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQztRQUMvQixJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBRXJCLE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDbEMsU0FBUyxDQUFDLGdCQUFnQixDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUMsQ0FBQztRQUN0QyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBRXZCLE9BQU8sSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO0lBQ3pCLENBQUM7SUFFRDs7O09BR0c7SUFDSSxNQUFNLENBQUMsWUFBWSxDQUFDLE1BQWM7UUFDckMsTUFBTSxPQUFPLEdBQUcsSUFBQSxzQ0FBZ0IsRUFBQyxNQUFNLENBQUMsQ0FBQztRQUN6QyxNQUFNLElBQUksR0FBRyxJQUFBLG1DQUFhLEVBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkMsTUFBTSxNQUFNLEdBQUcsSUFBQSxxQ0FBZSxFQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXZDLE9BQU8sTUFBTSxDQUFDLGFBQWEsQ0FBQyxPQUFPLEVBQUUsSUFBSSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ3ZELENBQUM7SUFFRDs7O09BR0c7SUFDSSxNQUFNLENBQUMsS0FBSyxDQUFDLGFBQWEsQ0FBQyxNQUFjO1FBQzVDLE9BQU8sSUFBQSxtQ0FBYSxFQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ2pDLENBQUM7SUFFRDs7O09BR0c7SUFDSSxNQUFNLENBQUMsS0FBSyxDQUFDLGdCQUFnQixDQUFDLE1BQWM7UUFDL0MsT0FBTyxJQUFBLHNDQUFnQixFQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFUyxNQUFNLENBQUMsS0FBSyxDQUFDLG1CQUFtQixDQUFDLFFBQWdCO1FBQ3ZELE1BQU0sUUFBUSxHQUFHLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUM3QyxNQUFNLElBQUksR0FBRyxJQUFBLG1CQUFVLEVBQUMsUUFBUSxDQUFDLENBQUM7UUFDbEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUV0QixPQUFPLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztJQUN6QixDQUFDO0lBRVMsTUFBTSxDQUFDLG9CQUFvQixDQUFDLE9BQWU7UUFDakQsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxFQUFFLE9BQU8sQ0FBQyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM3RixNQUFNLElBQUksR0FBRyxJQUFBLG1CQUFVLEVBQUMsUUFBUSxDQUFDLENBQUM7UUFDbEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxZQUFZLENBQUMsQ0FBQztRQUUxQixPQUFPLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztJQUN6QixDQUFDO0lBRUQ7OztPQUdHO0lBQ0ksTUFBTSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxNQUE4QjtRQUMvRCxNQUFNLE9BQU8sR0FBRyxJQUFBLG9DQUFjLEVBQzFCLE1BQU0sQ0FBQyxRQUFRLEVBQ2YsTUFBTSxDQUFDLFVBQVUsRUFDakIsTUFBTSxDQUFDLFVBQVUsSUFBSSxnQ0FBd0IsRUFDN0MsTUFBTSxDQUFDLFdBQVcsRUFDbEIsTUFBTSxDQUFDLE9BQU8sRUFDZCxNQUFNLENBQUMsU0FBUyxDQUNuQixDQUFDO1FBRUYsT0FBTyxNQUFNLENBQUMsYUFBYSxDQUFDLE9BQU8sRUFBRSxNQUFNLENBQUMsSUFBSSxJQUFJLENBQUMsRUFBRSxNQUFNLENBQUMsTUFBTSxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO0lBQzdGLENBQUM7SUFFUyxNQUFNLENBQUMsdUJBQXVCLENBQUMsT0FBZSxFQUFFLFNBQVMsR0FBRyxPQUFPO1FBQ3pFLE1BQU0sS0FBSyxHQUFHLElBQUksTUFBTSxDQUFDLEdBQUcsU0FBUyxZQUFZLENBQUMsQ0FBQztRQUNuRCxNQUFNLEtBQUssR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ25DLElBQUksS0FBSyxFQUFFLENBQUM7WUFDUixPQUFPLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNwQixDQUFDO2FBQU0sQ0FBQztZQUNKLE1BQU0sSUFBSSxLQUFLLENBQUMsR0FBRyxTQUFTLHNCQUFzQixDQUFDLENBQUM7UUFDeEQsQ0FBQztJQUNMLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSSxNQUFNLENBQUMsU0FBUyxDQUFDLE9BQWdCO1FBQ3BDLE9BQU8sSUFBQSwrQkFBUyxFQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzlCLENBQUM7SUFFTSxNQUFNLENBQUMsS0FBSyxDQUFDLGdDQUFnQyxDQUFDLE1BQWM7UUFDL0QsT0FBTyxJQUFBLHNEQUFnQyxFQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFTSxNQUFNLENBQUMsS0FBSyxDQUFDLGdCQUFnQixDQUFDLE1BQWM7UUFDL0MsT0FBTyxJQUFBLHNDQUFnQixFQUFDLE1BQU0sQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFTSxNQUFNLENBQUMsS0FBSyxDQUFDLGdCQUFnQixDQUFDLE9BQWdCO1FBQ2pELE9BQU8sSUFBQSxzQ0FBZ0IsRUFBQyxPQUFPLENBQUMsQ0FBQztJQUNyQyxDQUFDO0lBRU0sTUFBTSxDQUFDLGNBQWMsQ0FBQyxRQUFnQjtRQUN6QyxJQUFJLE9BQU8sUUFBUSxLQUFLLFFBQVEsSUFBSSxRQUFRLENBQUMsSUFBSSxFQUFFLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQy9ELE9BQU8sRUFBZSxDQUFDO1FBQzNCLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3BDLE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxJQUFBLHlCQUFnQixFQUFDLE1BQU0sRUFBRSxnQ0FBZSxDQUFDLENBQUM7UUFDOUQsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ1gsTUFBTSxnQkFBZ0IsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLGFBQUssQ0FBQyxNQUFNLENBQUMsZ0NBQWUsRUFBRSxNQUFNLENBQUMsQ0FBQyxDQUFDO1lBQzNFLElBQUksZ0JBQWdCLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSxDQUFDO2dCQUM5QixNQUFNLElBQUksS0FBSyxDQUFDLG1DQUFtQyxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBQzVHLENBQUM7UUFDTCxDQUFDO1FBRUQsT0FBTyxNQUFtQixDQUFDO0lBQy9CLENBQUM7SUFFTyxNQUFNLENBQUMsU0FBUyxDQUFDLElBQWdCLEVBQUUsTUFBK0I7UUFDdEUsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNyQyxRQUFRLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUNwQixLQUFLLDZCQUFZLENBQUMsRUFBRTtnQkFDaEIsT0FBTyxVQUFVLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQztZQUNwQyxLQUFLLDZCQUFZLENBQUMsRUFBRTtnQkFDaEIsT0FBTyxVQUFVLEtBQUssSUFBSSxDQUFDLEtBQUssQ0FBQztZQUNyQyxLQUFLLDZCQUFZLENBQUMsRUFBRTtnQkFDaEIsT0FBTyxVQUFVLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQztZQUNwQztnQkFDSSxPQUFPLEtBQUssQ0FBQztRQUNyQixDQUFDO0lBQ0wsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ksTUFBTSxDQUFDLEtBQUssQ0FBQyxZQUFZLENBQUMsTUFBYyxFQUFFLFNBQXFCO1FBQ2xFLElBQUksQ0FBQyxTQUFTLElBQUksTUFBTSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDcEQsT0FBTyxDQUFDLDRDQUE0QztRQUN4RCxDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0NBQWdDLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkUsTUFBTSxZQUFZLEdBQUcsU0FBUyxDQUFDLG9DQUFtQixDQUFpQixDQUFDO1FBQ3BFLElBQUksWUFBWSxFQUFFLENBQUM7WUFDZixLQUFLLE1BQU0sSUFBSSxJQUFJLFlBQVksRUFBRSxDQUFDO2dCQUM5QixJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLEVBQUUsTUFBTSxDQUFDLEVBQUUsQ0FBQztvQkFDaEMsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztvQkFDckMsTUFBTSxJQUFJLEtBQUssQ0FDWCw4Q0FBOEMsSUFBSSxDQUFDLElBQUksZUFBZSxJQUFJLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQyxJQUFJO3dCQUNoRyxZQUFZLElBQUksQ0FBQyxRQUFRLElBQUksSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FDaEUsQ0FBQztnQkFDTixDQUFDO1lBQ0wsQ0FBQztRQUNMLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDO1FBQ2hGLE1BQU0sU0FBUyxHQUFHLFNBQVMsQ0FBQyxNQUFNLENBQWlCLENBQUM7UUFDcEQsSUFBSSxTQUFTLEVBQUUsQ0FBQztZQUNaLEtBQUssTUFBTSxJQUFJLElBQUksU0FBUyxFQUFFLENBQUM7Z0JBQzNCLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxNQUFNLENBQUMsRUFBRSxDQUFDO29CQUNoQyxNQUFNLFVBQVUsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO29CQUNyQyxNQUFNLElBQUksS0FBSyxDQUNYLHdCQUF3QixNQUFNLGFBQWEsSUFBSSxDQUFDLElBQUksZUFBZSxJQUFJLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQyxJQUFJO3dCQUM3RixZQUFZLElBQUksQ0FBQyxRQUFRLElBQUksSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FDaEUsQ0FBQztnQkFDTixDQUFDO1lBQ0wsQ0FBQztRQUNMLENBQUM7SUFDTCxDQUFDO0NBQ0o7QUFoaEJELHdCQWdoQkMifQ==
package/dto/src/AmdSevSnp.proto ADDED
@@ -0,0 +1,31 @@
1
+ syntax = "proto3";
2
+
3
+ enum SevSNPCertType {
4
+ ARK = 0;
5
+ ASK = 1;
6
+ VCEK = 2;
7
+ }
8
+
9
+ enum SevSnpCertificateFormat {
10
+ PEM = 0;
11
+ DER = 1;
12
+ }
13
+
14
+ message SnpCert {
15
+ SevSNPCertType type = 1;
16
+ bytes cert = 2;
17
+ SevSnpCertificateFormat format = 3;
18
+ }
19
+
20
+ message SNPReport {
21
+ bytes rawReport = 1;
22
+ uint32 cpuSig = 2;
23
+ uint32 cores = 3;
24
+ bytes cmdLineHash = 4;
25
+ string build = 5;
26
+ }
27
+
28
+ message SNPReportWithChain {
29
+ SNPReport snpReport = 1;
30
+ repeated SnpCert certs = 2;
31
+ }
package/dto/src/Compression.proto ADDED
@@ -0,0 +1,11 @@
1
+ syntax = "proto3";
2
+
3
+ message Compression {
4
+ enum TYPE {
5
+ Uncompressed = 0;
6
+ GZIP = 1;
7
+ }
8
+
9
+ TYPE type = 1;
10
+ bytes data = 2;
11
+ }
package/dto/src/Hash.proto ADDED
@@ -0,0 +1,6 @@
1
+ syntax = "proto3";
2
+
3
+ message Hash {
4
+ string algo = 1;
5
+ bytes hash = 2;
6
+ }
package/dto/src/OrderReport.proto ADDED
@@ -0,0 +1,21 @@
1
+ syntax = "proto3";
2
+
3
+ import "Hash.proto";
4
+
5
+ message OrderReportProto {
6
+ repeated bytes certificates = 1;
7
+ WorkloadInfo workloadInfo = 2;
8
+ }
9
+
10
+ message WorkloadInfo {
11
+ repeated RuntimeInfo runtimeInfo = 1;
12
+ int64 created = 2;
13
+ }
14
+
15
+ message RuntimeInfo {
16
+ string type = 1;
17
+ int64 size = 2;
18
+ Hash hash = 3;
19
+ optional Hash signatureKeyHash = 4;
20
+ optional Hash argsHash = 5;
21
+ }
package/dto/src/TRI.proto ADDED
@@ -0,0 +1,22 @@
1
+ syntax = "proto3";
2
+
3
+ import "Hash.proto";
4
+
5
+ message Encryption {
6
+ string algo = 1;
7
+ optional bytes key = 2;
8
+ optional string cipher = 3;
9
+ optional bytes ciphertext = 4;
10
+ optional bytes iv = 6;
11
+ optional bytes mac = 7;
12
+ string encoding = 8;
13
+ }
14
+
15
+ message TRI {
16
+ repeated Hash solutionHashes = 1;
17
+ bytes mrenclave = 2;
18
+ string args = 3;
19
+ Encryption encryption = 4;
20
+ bytes mrsigner = 5;
21
+ repeated Hash imageHashes = 6;
22
+ }
package/dto/src/TeeDeviceInfo.proto ADDED
@@ -0,0 +1,46 @@
1
+ syntax = "proto3";
2
+
3
+ message TeeDeviceInfo {
4
+ CpuInfo cpu = 1;
5
+ MemoryInfo memory = 2;
6
+ DiskInfo disk = 3;
7
+ GpuInfo gpu = 4;
8
+ }
9
+
10
+ message CpuInfo {
11
+ string vendor_id = 1;
12
+ int32 cpu_family = 2;
13
+ int32 model = 3;
14
+ string model_name = 4;
15
+ int32 total_physical_cores = 5;
16
+ int32 total_logical_cores = 6;
17
+ int32 base_freq = 7;
18
+ int32 max_freq = 8;
19
+ }
20
+
21
+ message MemoryInfo {
22
+ string type = 1;
23
+ int64 size = 2;
24
+ }
25
+
26
+ message DiskInfo {
27
+ string type = 1;
28
+ int64 size = 2;
29
+ }
30
+
31
+ message GpuInfo {
32
+ string type = 1;
33
+ int32 count = 2;
34
+ int64 memory_size = 3;
35
+ }
36
+
37
+ message NvtrustGPUInfo {
38
+ string model = 1;
39
+ string driverVersion = 2;
40
+ string vbios = 3;
41
+ bool dbgStat = 4;
42
+ }
43
+
44
+ message NvtrustGPUList {
45
+ repeated NvtrustGPUInfo gpus = 1;
46
+ }