@super-protocol/sdk-js 2.1.2 → 2.1.3

package/dist/mjs/tee/QuoteValidator.js

@@ -0,0 +1,384 @@
+import axios from 'axios';
+import elliptic from 'elliptic';
+import forge from 'node-forge';
+import { Certificate } from '@fidm/x509';
+import { formatter } from 'js-encoding-utils';
+import { CertificateRevocationList } from 'pkijs';
+import { fromBER } from 'asn1js';
+import _ from 'lodash';
+import { TeeSgxParser } from './QuoteParser.js';
+import rootLogger from '../logger.js';
+import { TeeQuoteValidatorError } from './errors.js';
+import { QEIdentityStatuses, TCBStatuses, QuoteValidationStatuses } from './statuses.js';
+import { Encoding, HashAlgorithm } from '@super-protocol/dto-js';
+import Crypto from '../crypto/index.js';
+const { ec } = elliptic;
+const { util, asn1 } = forge;
+const INTEL_BASE_SGX_URL = 'https://api.trustedservices.intel.com';
+const INTEL_SGX_ROOT_CA_URL = 'https://certificates.trustedservices.intel.com/IntelSGXRootCA.der';
+const SGX_OID = '1.2.840.113741.1.13.1';
+const FMSPC_OID = `${SGX_OID}.4`;
+const PCEID_OID = `${SGX_OID}.3`;
+const TCB_OID = `${SGX_OID}.2`;
+const PCESVN_OID = `${TCB_OID}.17`;
+const INTEL_ROOT_PUB_KEY = new Uint8Array([
+    4, 11, 169, 196, 192, 192, 200, 97, 147, 163, 254, 35, 214, 176, 44, 218, 16, 168, 187, 212, 232,
+    142, 72, 180, 69, 133, 97, 163, 110, 112, 85, 37, 245, 103, 145, 142, 46, 220, 136, 228, 13, 134,
+    11, 208, 204, 78, 226, 106, 172, 201, 136, 229, 5, 169, 83, 85, 140, 69, 63, 107, 9, 4, 174, 115,
+    148,
+]);
+export class QuoteValidator {
+    isDefault;
+    baseUrl;
+    teeSgxParser;
+    logger;
+    constructor(baseUrl) {
+        this.isDefault = baseUrl === INTEL_BASE_SGX_URL;
+        this.baseUrl = `${baseUrl}/sgx/certification/v4`;
+        this.teeSgxParser = new TeeSgxParser();
+        this.logger = rootLogger.child({ className: QuoteValidator.name });
+    }
+    splitChain(chain) {
+        const begin = '-----BEGIN CERTIFICATE-----';
+        const end = '-----END CERTIFICATE-----';
+        return chain
+            .split(begin)
+            .filter(Boolean)
+            .map((cert) => begin.concat(cert.slice(0, cert.indexOf(end)), end));
+    }
+    findSequenceByOID(hexValue, targetOID) {
+        const buffer = util.hexToBytes(hexValue);
+        const asn1Data = asn1.fromDer(buffer);
+        return this.searchForSequence(asn1Data, targetOID);
+    }
+    searchForSequence(asn1Data, targetOID) {
+        if (asn1Data.type === asn1.Type.SEQUENCE) {
+            for (const child of asn1Data.value) {
+                if (child.type === asn1.Type.OID) {
+                    const oid = asn1.derToOid(child.value);
+                    if (oid === targetOID) {
+                        return asn1Data;
+                    }
+                }
+            }
+        }
+        if (Array.isArray(asn1Data.value)) {
+            for (const child of asn1Data.value) {
+                const result = this.searchForSequence(child, targetOID);
+                if (result) {
+                    return result;
+                }
+            }
+        }
+        return null;
+    }
+    verifyDataBySignature(data, signature, key) {
+        const ellipticEc = new ec('p256');
+        const result = ellipticEc.verify(data, {
+            r: signature.subarray(0, 32),
+            s: signature.subarray(32),
+        }, ellipticEc.keyFromPublic(key, 'hex'));
+        return result;
+    }
+    checkValidDate(from, to) {
+        const now = Date.now();
+        return from < now && now < to;
+    }
+    checkChainForIssuers(pckCert, platformCert, rootCert) {
+        return (_.isEqual(pckCert.issuer, platformCert.subject) &&
+            _.isEqual(platformCert.issuer, rootCert.subject));
+    }
+    getCrl(crlData) {
+        const crlDer = crlData.startsWith('-----')
+            ? formatter.pemToBin(crlData)
+            : Buffer.from(crlData, 'hex');
+        const crlAsn = fromBER(crlDer);
+        return new CertificateRevocationList({ schema: crlAsn.result });
+    }
+    checkCertificatesInCrl(crl, certIds) {
+        if (!crl.thisUpdate || !crl.nextUpdate) {
+            throw new TeeQuoteValidatorError('Certificate revocation list has no update date field');
+        }
+        if (!this.checkValidDate(crl.thisUpdate.value.valueOf(), crl.nextUpdate.value.valueOf())) {
+            throw new TeeQuoteValidatorError('Certificate revocation list has invalid update date');
+        }
+        if (crl.revokedCertificates) {
+            const isAnyRevoked = crl.revokedCertificates.find((revoked) => certIds.includes(Buffer.from(revoked.userCertificate.valueBlock.valueHexView).toString('hex')));
+            if (isAnyRevoked) {
+                throw new TeeQuoteValidatorError('Certificate in revokation list');
+            }
+        }
+    }
+    async getCertificates(quote) {
+        const platformCrlResult = await axios.get(`${this.baseUrl}/pckcrl?ca=platform&encoding=pem`);
+        const platformChain = decodeURIComponent(platformCrlResult.headers['sgx-pck-crl-issuer-chain']);
+        const [platformFetchedPem, rootFetchedPem] = this.splitChain(platformChain); // [platform, root]
+        const platformFetchedCert = Certificate.fromPEM(Buffer.from(platformFetchedPem));
+        const rootFetchedCert = Certificate.fromPEM(Buffer.from(rootFetchedPem));
+        if (!this.checkValidDate(platformFetchedCert.validFrom.valueOf(), platformFetchedCert.validTo.valueOf())) {
+            throw new TeeQuoteValidatorError('Platform certificate validation date is not valid');
+        }
+        if (!this.checkValidDate(rootFetchedCert.validFrom.valueOf(), rootFetchedCert.validTo.valueOf())) {
+            throw new TeeQuoteValidatorError('Root certificate validation date is not valid');
+        }
+        if (!_.isEqual(rootFetchedCert.issuer, rootFetchedCert.subject)) {
+            throw new TeeQuoteValidatorError('Root certificate is not self-signed');
+        }
+        if (Buffer.compare(rootFetchedCert.publicKey.keyRaw, INTEL_ROOT_PUB_KEY) !== 0) {
+            throw new TeeQuoteValidatorError('Wrong Intel root certificate public key');
+        }
+        const certificatePems = this.splitChain(quote.qeCertificationData.toString()); // [pck, platform, root]
+        const pckCert = Certificate.fromPEM(Buffer.from(certificatePems[0]));
+        const certType = quote.qeCertificationDataType;
+        if (!this.checkValidDate(pckCert.validFrom.valueOf(), pckCert.validTo.valueOf())) {
+            throw new TeeQuoteValidatorError('PCK certificate validation date is not valid');
+        }
+        if (certType !== 5) {
+            throw new TeeQuoteValidatorError(`Unsupported certification data type: ${certType}`);
+        }
+        if (rootFetchedPem !== certificatePems[2]) {
+            throw new TeeQuoteValidatorError("Invalid SGX root certificate in quote's certificate chain");
+        }
+        if (!this.checkChainForIssuers(pckCert, platformFetchedCert, rootFetchedCert)) {
+            throw new TeeQuoteValidatorError('Invalid issuers in certificates chain');
+        }
+        const certIds = [
+            rootFetchedCert.serialNumber,
+            platformFetchedCert.serialNumber,
+            pckCert.serialNumber,
+        ];
+        if (this.isDefault) {
+            const intelCrlDer = await axios.get(INTEL_SGX_ROOT_CA_URL, {
+                responseType: 'arraybuffer',
+            });
+            const intelCrlAsn = fromBER(Buffer.from(intelCrlDer.data));
+            this.checkCertificatesInCrl(new CertificateRevocationList({ schema: intelCrlAsn.result }), certIds);
+        }
+        else {
+            const intelCrlDer = await axios.get(`${this.baseUrl}/rootcacrl`);
+            const intelCrl = this.getCrl(intelCrlDer.data);
+            this.checkCertificatesInCrl(intelCrl, certIds);
+        }
+        const platformCrl = this.getCrl(platformCrlResult.data);
+        this.checkCertificatesInCrl(platformCrl, certIds);
+        return { pckCert, rootCertPem: rootFetchedPem };
+    }
+    async verifyQeReportSignature(quote, pckPublicKey) {
+        const signature = Buffer.from(quote.qeReportSignature);
+        const reportHash = await this.getSha256Hash(Buffer.from(quote.qeReport));
+        return this.verifyDataBySignature(reportHash, signature, pckPublicKey);
+    }
+    async verifyQeReportData(quote, report) {
+        const qeAuthData = quote.qeAuthenticationData;
+        const attestationKey = quote.ecdsaAttestationKey;
+        const qeReportDataHash = report.dataHash;
+        const calculatedHash = await this.getSha256Hash(Buffer.concat([attestationKey, qeAuthData]));
+        const result = Buffer.compare(qeReportDataHash, calculatedHash);
+        return result === 0;
+    }
+    async verifyEnclaveReportSignature(quote) {
+        const key = Buffer.from(quote.ecdsaAttestationKey);
+        const headerBuffer = Buffer.from(quote.rawHeader);
+        const reportBuffer = Buffer.from(quote.report);
+        const expected = quote.isvEnclaveReportSignature;
+        const calculatedHash = await this.getSha256Hash(Buffer.concat([headerBuffer, reportBuffer]));
+        const ellipticEc = new ec('p256');
+        const result = ellipticEc.verify(calculatedHash, {
+            r: expected.subarray(0, 32),
+            s: expected.subarray(32),
+        }, Buffer.concat([Buffer.from([4]), key]));
+        return result;
+    }
+    async validateQuoteStructure(quote, report, pckPublicKey) {
+        if (!(await this.verifyQeReportSignature(quote, pckPublicKey))) {
+            throw new TeeQuoteValidatorError('Wrong QE report signature');
+        }
+        if (!(await this.verifyQeReportData(quote, report))) {
+            throw new TeeQuoteValidatorError('Wrong QE report data');
+        }
+        if (!(await this.verifyEnclaveReportSignature(quote))) {
+            throw new TeeQuoteValidatorError('Wrong enclave report signature');
+        }
+    }
+    getSgxExtensionData(pckCert) {
+        const sgxExtensionData = pckCert.extensions.find((item) => item.oid === SGX_OID);
+        if (!sgxExtensionData) {
+            throw new TeeQuoteValidatorError('SGX data not found in PCK certificate');
+        }
+        return sgxExtensionData;
+    }
+    getDataFromExtension(sgxExtensionData, targetOid, targetType) {
+        const rawData = this.findSequenceByOID(sgxExtensionData.value.toString('hex'), targetOid);
+        if (!rawData) {
+            throw new TeeQuoteValidatorError(`OID ${targetOid} not found in PCK certificate's SGX data`);
+        }
+        const data = rawData.value.filter((asnElement) => asnElement.type === targetType);
+        if (!data.length) {
+            throw new TeeQuoteValidatorError(`Data on OID ${targetOid} of type ${targetType} not found`);
+        }
+        const result = util.bytesToHex(data[0].value);
+        return targetType === asn1.Type.OCTETSTRING ? result : parseInt(result, 16).toString();
+    }
+    async getTcbInfo(fmspc, rootCertPem) {
+        const tcbData = await axios.get(`${this.baseUrl}/tcb?fmspc=${fmspc}`);
+        const tcbInfoHeader = 'tcb-info-issuer-chain';
+        const tcbInfoChain = this.splitChain(decodeURIComponent(tcbData.headers[tcbInfoHeader])); // [tcb, root]
+        if (tcbInfoChain[1] !== rootCertPem) {
+            throw new TeeQuoteValidatorError('Invalid SGX root certificate in TCB chain');
+        }
+        const tcbCert = Certificate.fromPEM(Buffer.from(tcbInfoChain[0]));
+        const key = tcbCert.publicKey.keyRaw;
+        const signature = Buffer.from(tcbData.data.signature, 'hex');
+        const calculatedhash = await this.getSha256Hash(Buffer.from(JSON.stringify(tcbData.data.tcbInfo)));
+        const result = this.verifyDataBySignature(calculatedhash, signature, key);
+        if (!result) {
+            throw new TeeQuoteValidatorError('TCB info signature is not valid');
+        }
+        if (tcbData.data.tcbInfo.nextUpdate.valueOf() > Date.now()) {
+            throw new TeeQuoteValidatorError('TCB next update date is out of date');
+        }
+        return tcbData.data;
+    }
+    async getQEIdentity(rootCertPem) {
+        const qeIdentityData = await axios.get(`${this.baseUrl}/qe/identity`);
+        const qeIdentityHeader = 'sgx-enclave-identity-issuer-chain';
+        const qeIdentityChain = this.splitChain(decodeURIComponent(qeIdentityData.headers[qeIdentityHeader])); // [qeIdentity, root]
+        if (qeIdentityChain[1] !== rootCertPem) {
+            throw new TeeQuoteValidatorError('Invalid SGX root certificate in enclave identity chain');
+        }
+        const qeIdentityCert = Certificate.fromPEM(Buffer.from(qeIdentityChain[0]));
+        const key = qeIdentityCert.publicKey.keyRaw;
+        const signature = Buffer.from(qeIdentityData.data.signature, 'hex');
+        const calculatedhash = await this.getSha256Hash(Buffer.from(JSON.stringify(qeIdentityData.data.enclaveIdentity)));
+        const result = this.verifyDataBySignature(calculatedhash, signature, key);
+        if (!result) {
+            throw new TeeQuoteValidatorError('Enclave identity signature is not valid');
+        }
+        if (qeIdentityData.data.enclaveIdentity.nextUpdate.valueOf() > Date.now()) {
+            throw new TeeQuoteValidatorError('Enclave identity next update date is out of date');
+        }
+        return qeIdentityData.data;
+    }
+    getQEIdentityStatus(report, qeIdentity) {
+        const mrSigner = report.mrSigner.toString('hex');
+        if (mrSigner.toUpperCase() !== qeIdentity.enclaveIdentity.mrsigner) {
+            throw new TeeQuoteValidatorError('Wrong MR signer in QE report');
+        }
+        if (report.isvProdId !== qeIdentity.enclaveIdentity.isvprodid) {
+            throw new TeeQuoteValidatorError('Wrong ISV PROD ID in QE report');
+        }
+        const tcbLevel = qeIdentity.enclaveIdentity.tcbLevels.find((tcbLevel) => tcbLevel.tcb.isvsvn <= report.isvSvn);
+        const status = tcbLevel?.tcbStatus;
+        if (status) {
+            this.logger.info(`Enclave identity status is ${tcbLevel?.tcbStatus}`);
+            return status;
+        }
+        return QEIdentityStatuses.OutOfDate;
+    }
+    getTcbStatus(fmspc, pceId, tcbData, sgxExtensionData) {
+        if (fmspc.toUpperCase() !== tcbData.tcbInfo.fmspc.toUpperCase()) {
+            throw new TeeQuoteValidatorError('Wrong FMSPC in PCK certificate');
+        }
+        if (pceId !== tcbData.tcbInfo.pceId) {
+            throw new TeeQuoteValidatorError('Wrong PCEID in PCK certificate');
+        }
+        const pceSvn = this.getDataFromExtension(sgxExtensionData, PCESVN_OID, asn1.Type.INTEGER);
+        const sgxComponents = [...Array(16).keys()].map((i) => this.getDataFromExtension(sgxExtensionData, `${TCB_OID}.${i + 1}`, asn1.Type.INTEGER));
+        const tcbLevel = tcbData.tcbInfo.tcbLevels.find((tcbLevel) => tcbLevel.tcb.pcesvn <= Number(pceSvn) &&
+            tcbLevel.tcb.sgxtcbcomponents.every((el, index) => el.svn <= Number(sgxComponents[index])));
+        const status = tcbLevel?.tcbStatus;
+        if (status) {
+            this.logger.info(`TCB status is ${tcbLevel?.tcbStatus}`);
+            return status;
+        }
+        return TCBStatuses.OutOfDate;
+    }
+    getQuoteValidationStatus(qeIdentityStatus, tcbStatus) {
+        if (qeIdentityStatus === QEIdentityStatuses.OutOfDate) {
+            if (tcbStatus === TCBStatuses.UpToDate || tcbStatus === TCBStatuses.SWHardeningNeeded) {
+                return QuoteValidationStatuses.SecurityPatchNeeded;
+            }
+            if (tcbStatus === TCBStatuses.OutOfDateConfigurationNeeded ||
+                tcbStatus === TCBStatuses.ConfigurationAndSWHardeningNeeded) {
+                return QuoteValidationStatuses.SoftwareUpdateNeeded;
+            }
+        }
+        if (qeIdentityStatus === QEIdentityStatuses.Revoked || tcbStatus === TCBStatuses.Revoked) {
+            throw new TeeQuoteValidatorError('QE identity or TCB revoked');
+        }
+        if (tcbStatus === TCBStatuses.UpToDate) {
+            return QuoteValidationStatuses.UpToDate;
+        }
+        if (tcbStatus === TCBStatuses.OutOfDate) {
+            return QuoteValidationStatuses.SecurityPatchNeeded;
+        }
+        if (tcbStatus === TCBStatuses.ConfigurationNeeded) {
+            return QuoteValidationStatuses.ConfigurationNeeded;
+        }
+        return QuoteValidationStatuses.SoftwareUpdateNeeded;
+    }
+    getQuoteValidationStatusDescription(status) {
+        switch (status) {
+            case QuoteValidationStatuses.UpToDate:
+                return 'The Quote verification passed and is at the latest TCB level.';
+            case QuoteValidationStatuses.ConfigurationNeeded:
+                return `The SGX platform firmware and SW are at the latest security patching level
+                    but there are platform hardware configurations may expose the enclave to vulnerabilities.`;
+            case QuoteValidationStatuses.SecurityPatchNeeded:
+                return `The SGX platform firmware and SW are not at the latest security patching level.
+                    The platform needs to be patched with firmware and/or software patches.`;
+            case QuoteValidationStatuses.SoftwareUpdateNeeded:
+                return `The SGX platform firmware and SW are at the latest security patching level but there are
+                    certain vulnerabilities that can only be mitigated with software mitigations implemented by the enclave.`;
+            default:
+                return 'Quote verification failed.';
+        }
+    }
+    async validate(quoteBuffer) {
+        try {
+            const quote = this.teeSgxParser.parseQuote(quoteBuffer);
+            const report = this.teeSgxParser.parseReport(quote.qeReport);
+            const { pckCert, rootCertPem } = await this.getCertificates(quote);
+            await this.validateQuoteStructure(quote, report, pckCert.publicKey.keyRaw);
+            this.logger.info('Quote structure validated successfully');
+            const sgxExtensionData = this.getSgxExtensionData(pckCert);
+            const fmspc = this.getDataFromExtension(sgxExtensionData, FMSPC_OID, asn1.Type.OCTETSTRING);
+            const pceId = this.getDataFromExtension(sgxExtensionData, PCEID_OID, asn1.Type.OCTETSTRING);
+            const tcbData = await this.getTcbInfo(fmspc, rootCertPem);
+            const qeIdentity = await this.getQEIdentity(rootCertPem);
+            const qeIdentityStatus = this.getQEIdentityStatus(report, qeIdentity);
+            const tcbStatus = this.getTcbStatus(fmspc, pceId, tcbData, sgxExtensionData);
+            const quoteValidationStatus = this.getQuoteValidationStatus(qeIdentityStatus, tcbStatus);
+            this.logger.info(`Quote validation status is ${quoteValidationStatus}`);
+            return {
+                quoteValidationStatus,
+                description: this.getQuoteValidationStatusDescription(quoteValidationStatus),
+            };
+        }
+        catch (error) {
+            this.logger.error(`Validation error: ${error}`);
+            return {
+                quoteValidationStatus: QuoteValidationStatuses.Error,
+                description: this.getQuoteValidationStatusDescription(QuoteValidationStatuses.Error),
+                error,
+            };
+        }
+    }
+    async isQuoteHasUserData(quoteBuffer, userDataBuffer) {
+        const quote = this.teeSgxParser.parseQuote(quoteBuffer);
+        const report = this.teeSgxParser.parseReport(quote.report);
+        const userDataHash = await this.getSha256Hash(userDataBuffer);
+        const slicedQuoteData = report.userData.slice(0, userDataHash.length);
+        const compareResult = Buffer.compare(slicedQuoteData, userDataHash);
+        return compareResult === 0;
+    }
+    async getSha256Hash(data) {
+        const hashInfo = {
+            algo: HashAlgorithm.SHA256,
+            encoding: Encoding.base64,
+        };
+        const hashData = await Crypto.createHash(data, hashInfo);
+        return Buffer.from(hashData.hash, hashData.encoding);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUXVvdGVWYWxpZGF0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvdGVlL1F1b3RlVmFsaWRhdG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMxQixPQUFPLFFBQVEsTUFBTSxVQUFVLENBQUM7QUFDaEMsT0FBTyxLQUFLLE1BQU0sWUFBWSxDQUFDO0FBQy9CLE9BQU8sRUFBRSxXQUFXLEVBQWEsTUFBTSxZQUFZLENBQUM7QUFDcEQsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQzlDLE9BQU8sRUFBRSx5QkFBeUIsRUFBRSxNQUFNLE9BQU8sQ0FBQztBQUNsRCxPQUFPLEVBQUUsT0FBTyxFQUFFLE1BQU0sUUFBUSxDQUFDO0FBQ2pDLE9BQU8sQ0FBQyxNQUFNLFFBQVEsQ0FBQztBQUN2QixPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sa0JBQWtCLENBQUM7QUFFaEQsT0FBTyxVQUFVLE1BQU0sY0FBYyxDQUFDO0FBRXRDLE9BQU8sRUFBRSxzQkFBc0IsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNyRCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsV0FBVyxFQUFFLHVCQUF1QixFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQ3pGLE9BQU8sRUFBRSxRQUFRLEVBQUUsYUFBYSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDakUsT0FBTyxNQUFNLE1BQU0sb0JBQW9CLENBQUM7QUFFeEMsTUFBTSxFQUFFLEVBQUUsRUFBRSxHQUFHLFFBQVEsQ0FBQztBQUN4QixNQUFNLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxHQUFHLEtBQUssQ0FBQztBQUU3QixNQUFNLGtCQUFrQixHQUFHLHVDQUF1QyxDQUFDO0FBQ25FLE1BQU0scUJBQXFCLEdBQUcsbUVBQW1FLENBQUM7QUFDbEcsTUFBTSxPQUFPLEdBQUcsdUJBQXVCLENBQUM7QUFDeEMsTUFBTSxTQUFTLEdBQUcsR0FBRyxPQUFPLElBQUksQ0FBQztBQUNqQyxNQUFNLFNBQVMsR0FBRyxHQUFHLE9BQU8sSUFBSSxDQUFDO0FBQ2pDLE1BQU0sT0FBTyxHQUFHLEdBQUcsT0FBTyxJQUFJLENBQUM7QUFDL0IsTUFBTSxVQUFVLEdBQUcsR0FBRyxPQUFPLEtBQUssQ0FBQztBQUNuQyxNQUFNLGtCQUFrQixHQUFHLElBQUksVUFBVSxDQUFDO0lBQ3hDLENBQUMsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRztJQUNoRyxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUc7SUFDaEcsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUMsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxHQUFHLEVBQUUsR0FBRztJQUNoRyxHQUFHO0NBQ0osQ0FBQyxDQUFDO0FBUUgsTUFBTSxPQUFPLGNBQWM7SUFDUixTQUFTLENBQVU7SUFDbkIsT0FBTyxDQUFTO0lBQ2hCLFlBQVksQ0FBZTtJQUNwQyxNQUFNLENBQW9CO0lBRWxDLFlBQVksT0FBZTtRQUN6QixJQUFJLENBQUMsU0FBUyxHQUFHLE9BQU8sS0FBSyxrQkFBa0IsQ0FBQztRQUNoRCxJQUFJLENBQUMsT0FBTyxHQUFHLEdBQUcsT0FBTyx1QkFBdUIsQ0FBQztRQUNqRCxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksWUFBWSxFQUFFLENBQUM7UUFDdkMsSUFBSSxDQUFDLE1BQU0sR0FBRyxVQUFVLENBQUMsS0FBSyxDQUFDLEVBQUUsU0FBUyxFQUFFLGNBQWMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ3JFLENBQUM7SUFFTyxVQUFVLENBQUMsS0FBYTtRQUM5QixNQUFNLEtBQUssR0FBRyw2QkFBNkIsQ0FBQztRQUM1QyxNQUFNLEdBQUcsR0FBRywyQkFBMkIsQ0FBQztRQUV4QyxPQUFPLEtBQUs7YUFDVCxLQUFLLENBQUMsS0FBSyxDQUFDO2FBQ1osTUFBTSxDQUFDLE9BQU8sQ0FBQzthQUNmLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQztJQUN4RSxDQUFDO0lBRU8saUJBQWlCLENBQUMsUUFBZ0IsRUFBRSxTQUFpQjtRQUMzRCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3pDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFdEMsT0FBTyxJQUFJLENBQUMsaUJBQWlCLENBQUMsUUFBUSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFTyxpQkFBaUIsQ0FBQyxRQUF5QixFQUFFLFNBQWlCO1FBQ3BFLElBQUksUUFBUSxDQUFDLElBQUksS0FBSyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ3pDLEtBQUssTUFBTSxLQUFLLElBQUksUUFBUSxDQUFDLEtBQTBCLEVBQUUsQ0FBQztnQkFDeEQsSUFBSSxLQUFLLENBQUMsSUFBSSxLQUFLLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7b0JBQ2pDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEtBQWUsQ0FBQyxDQUFDO29CQUNqRCxJQUFJLEdBQUcsS0FBSyxTQUFTLEVBQUUsQ0FBQzt3QkFDdEIsT0FBTyxRQUFRLENBQUM7b0JBQ2xCLENBQUM7Z0JBQ0gsQ0FBQztZQUNILENBQUM7UUFDSCxDQUFDO1FBRUQsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2xDLEtBQUssTUFBTSxLQUFLLElBQUksUUFBUSxDQUFDLEtBQUssRUFBRSxDQUFDO2dCQUNuQyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsS0FBSyxFQUFFLFNBQVMsQ0FBQyxDQUFDO2dCQUN4RCxJQUFJLE1BQU0sRUFBRSxDQUFDO29CQUNYLE9BQU8sTUFBTSxDQUFDO2dCQUNoQixDQUFDO1lBQ0gsQ0FBQztRQUNILENBQUM7UUFFRCxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFTyxxQkFBcUIsQ0FBQyxJQUFZLEVBQUUsU0FBaUIsRUFBRSxHQUFXO1FBQ3hFLE1BQU0sVUFBVSxHQUFHLElBQUksRUFBRSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2xDLE1BQU0sTUFBTSxHQUFHLFVBQVUsQ0FBQyxNQUFNLENBQzlCLElBQUksRUFDSjtZQUNFLENBQUMsRUFBRSxTQUFTLENBQUMsUUFBUSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDNUIsQ0FBQyxFQUFFLFNBQVMsQ0FBQyxRQUFRLENBQUMsRUFBRSxDQUFDO1NBQzFCLEVBQ0QsVUFBVSxDQUFDLGFBQWEsQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLENBQ3JDLENBQUM7UUFFRixPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRU8sY0FBYyxDQUFDLElBQVksRUFBRSxFQUFVO1FBQzdDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQztRQUN2QixPQUFPLElBQUksR0FBRyxHQUFHLElBQUksR0FBRyxHQUFHLEVBQUUsQ0FBQztJQUNoQyxDQUFDO0lBRU8sb0JBQW9CLENBQzFCLE9BQW9CLEVBQ3BCLFlBQXlCLEVBQ3pCLFFBQXFCO1FBRXJCLE9BQU8sQ0FDTCxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsWUFBWSxDQUFDLE9BQU8sQ0FBQztZQUMvQyxDQUFDLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUNqRCxDQUFDO0lBQ0osQ0FBQztJQUVPLE1BQU0sQ0FBQyxPQUFlO1FBQzVCLE1BQU0sTUFBTSxHQUFHLE9BQU8sQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDO1lBQ3hDLENBQUMsQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQztZQUM3QixDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDaEMsTUFBTSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQW9CLENBQUMsQ0FBQztRQUU3QyxPQUFPLElBQUkseUJBQXlCLENBQUMsRUFBRSxNQUFNLEVBQUUsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDLENBQUM7SUFDbEUsQ0FBQztJQUVPLHNCQUFzQixDQUFDLEdBQThCLEVBQUUsT0FBaUI7UUFDOUUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxVQUFVLElBQUksQ0FBQyxHQUFHLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDdkMsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHNEQUFzRCxDQUFDLENBQUM7UUFDM0YsQ0FBQztRQUNELElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxFQUFFLEdBQUcsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUFDLEVBQUUsQ0FBQztZQUN6RixNQUFNLElBQUksc0JBQXNCLENBQUMscURBQXFELENBQUMsQ0FBQztRQUMxRixDQUFDO1FBQ0QsSUFBSSxHQUFHLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztZQUM1QixNQUFNLFlBQVksR0FBRyxHQUFHLENBQUMsbUJBQW1CLENBQUMsSUFBSSxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FDNUQsT0FBTyxDQUFDLFFBQVEsQ0FDZCxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FDN0UsQ0FDRixDQUFDO1lBQ0YsSUFBSSxZQUFZLEVBQUUsQ0FBQztnQkFDakIsTUFBTSxJQUFJLHNCQUFzQixDQUFDLGdDQUFnQyxDQUFDLENBQUM7WUFDckUsQ0FBQztRQUNILENBQUM7SUFDSCxDQUFDO0lBRU8sS0FBSyxDQUFDLGVBQWUsQ0FDM0IsS0FBMEI7UUFFMUIsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxrQ0FBa0MsQ0FBQyxDQUFDO1FBQzdGLE1BQU0sYUFBYSxHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQywwQkFBMEIsQ0FBQyxDQUFDLENBQUM7UUFDaEcsTUFBTSxDQUFDLGtCQUFrQixFQUFFLGNBQWMsQ0FBQyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxtQkFBbUI7UUFDaEcsTUFBTSxtQkFBbUIsR0FBRyxXQUFXLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDO1FBQ2pGLE1BQU0sZUFBZSxHQUFHLFdBQVcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDO1FBRXpFLElBQ0UsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUNsQixtQkFBbUIsQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUFFLEVBQ3ZDLG1CQUFtQixDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FDdEMsRUFDRCxDQUFDO1lBQ0QsTUFBTSxJQUFJLHNCQUFzQixDQUFDLG1EQUFtRCxDQUFDLENBQUM7UUFDeEYsQ0FBQztRQUNELElBQ0UsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUFFLEVBQUUsZUFBZSxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQyxFQUM1RixDQUFDO1lBQ0QsTUFBTSxJQUFJLHNCQUFzQixDQUFDLCtDQUErQyxDQUFDLENBQUM7UUFDcEYsQ0FBQztRQUNELElBQUksQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLGVBQWUsQ0FBQyxNQUFNLEVBQUUsZUFBZSxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUM7WUFDaEUsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHFDQUFxQyxDQUFDLENBQUM7UUFDMUUsQ0FBQztRQUNELElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxrQkFBa0IsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQy9FLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO1FBQzlFLENBQUM7UUFFRCxNQUFNLGVBQWUsR0FBYSxJQUFJLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLENBQUMsd0JBQXdCO1FBQ2pILE1BQU0sT0FBTyxHQUFHLFdBQVcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3JFLE1BQU0sUUFBUSxHQUFHLEtBQUssQ0FBQyx1QkFBdUIsQ0FBQztRQUUvQyxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLE9BQU8sRUFBRSxFQUFFLE9BQU8sQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUMsRUFBRSxDQUFDO1lBQ2pGLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyw4Q0FBOEMsQ0FBQyxDQUFDO1FBQ25GLENBQUM7UUFDRCxJQUFJLFFBQVEsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNuQixNQUFNLElBQUksc0JBQXNCLENBQUMsd0NBQXdDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFDdkYsQ0FBQztRQUNELElBQUksY0FBYyxLQUFLLGVBQWUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO1lBQzFDLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQywyREFBMkQsQ0FBQyxDQUFDO1FBQ2hHLENBQUM7UUFFRCxJQUFJLENBQUMsSUFBSSxDQUFDLG9CQUFvQixDQUFDLE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxlQUFlLENBQUMsRUFBRSxDQUFDO1lBQzlFLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1FBQzVFLENBQUM7UUFFRCxNQUFNLE9BQU8sR0FBRztZQUNkLGVBQWUsQ0FBQyxZQUFZO1lBQzVCLG1CQUFtQixDQUFDLFlBQVk7WUFDaEMsT0FBTyxDQUFDLFlBQVk7U0FDckIsQ0FBQztRQUVGLElBQUksSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ25CLE1BQU0sV0FBVyxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsRUFBRTtnQkFDekQsWUFBWSxFQUFFLGFBQWE7YUFDNUIsQ0FBQyxDQUFDO1lBQ0gsTUFBTSxXQUFXLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7WUFDM0QsSUFBSSxDQUFDLHNCQUFzQixDQUN6QixJQUFJLHlCQUF5QixDQUFDLEVBQUUsTUFBTSxFQUFFLFdBQVcsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUM3RCxPQUFPLENBQ1IsQ0FBQztRQUNKLENBQUM7YUFBTSxDQUFDO1lBQ04sTUFBTSxXQUFXLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxDQUFDLE9BQU8sWUFBWSxDQUFDLENBQUM7WUFDakUsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDL0MsSUFBSSxDQUFDLHNCQUFzQixDQUFDLFFBQVEsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNqRCxDQUFDO1FBRUQsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUN4RCxJQUFJLENBQUMsc0JBQXNCLENBQUMsV0FBVyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBRWxELE9BQU8sRUFBRSxPQUFPLEVBQUUsV0FBVyxFQUFFLGNBQWMsRUFBRSxDQUFDO0lBQ2xELENBQUM7SUFFTyxLQUFLLENBQUMsdUJBQXVCLENBQ25DLEtBQTBCLEVBQzFCLFlBQW9CO1FBRXBCLE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUFDLENBQUM7UUFDdkQsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUM7UUFFekUsT0FBTyxJQUFJLENBQUMscUJBQXFCLENBQUMsVUFBVSxFQUFFLFNBQVMsRUFBRSxZQUFZLENBQUMsQ0FBQztJQUN6RSxDQUFDO0lBRU8sS0FBSyxDQUFDLGtCQUFrQixDQUM5QixLQUEwQixFQUMxQixNQUE0QjtRQUU1QixNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsb0JBQW9CLENBQUM7UUFDOUMsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLG1CQUFtQixDQUFDO1FBQ2pELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxDQUFDLFFBQVEsQ0FBQztRQUN6QyxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLGNBQWMsRUFBRSxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDN0YsTUFBTSxNQUFNLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxjQUFjLENBQUMsQ0FBQztRQUVoRSxPQUFPLE1BQU0sS0FBSyxDQUFDLENBQUM7SUFDdEIsQ0FBQztJQUVPLEtBQUssQ0FBQyw0QkFBNEIsQ0FBQyxLQUEwQjtRQUNuRSxNQUFNLEdBQUcsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO1FBQ25ELE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xELE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQy9DLE1BQU0sUUFBUSxHQUFHLEtBQUssQ0FBQyx5QkFBeUIsQ0FBQztRQUVqRCxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLFlBQVksRUFBRSxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFFN0YsTUFBTSxVQUFVLEdBQUcsSUFBSSxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbEMsTUFBTSxNQUFNLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FDOUIsY0FBYyxFQUNkO1lBQ0UsQ0FBQyxFQUFFLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUMzQixDQUFDLEVBQUUsUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7U0FDekIsRUFDRCxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FDdkMsQ0FBQztRQUVGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFTyxLQUFLLENBQUMsc0JBQXNCLENBQ2xDLEtBQTBCLEVBQzFCLE1BQTRCLEVBQzVCLFlBQW9CO1FBRXBCLElBQUksQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLHVCQUF1QixDQUFDLEtBQUssRUFBRSxZQUFZLENBQUMsQ0FBQyxFQUFFLENBQUM7WUFDL0QsTUFBTSxJQUFJLHNCQUFzQixDQUFDLDJCQUEyQixDQUFDLENBQUM7UUFDaEUsQ0FBQztRQUNELElBQUksQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLGtCQUFrQixDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsQ0FBQyxFQUFFLENBQUM7WUFDcEQsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHNCQUFzQixDQUFDLENBQUM7UUFDM0QsQ0FBQztRQUNELElBQUksQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLDRCQUE0QixDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsQ0FBQztZQUN0RCxNQUFNLElBQUksc0JBQXNCLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztRQUNyRSxDQUFDO0lBQ0gsQ0FBQztJQUVPLG1CQUFtQixDQUFDLE9BQW9CO1FBQzlDLE1BQU0sZ0JBQWdCLEdBQUcsT0FBTyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEtBQUssT0FBTyxDQUFDLENBQUM7UUFDakYsSUFBSSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFDdEIsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHVDQUF1QyxDQUFDLENBQUM7UUFDNUUsQ0FBQztRQUVELE9BQU8sZ0JBQWdCLENBQUM7SUFDMUIsQ0FBQztJQUVPLG9CQUFvQixDQUMxQixnQkFBMkIsRUFDM0IsU0FBaUIsRUFDakIsVUFBMkI7UUFFM0IsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEVBQUUsU0FBUyxDQUFDLENBQUM7UUFDMUYsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsTUFBTSxJQUFJLHNCQUFzQixDQUFDLE9BQU8sU0FBUywwQ0FBMEMsQ0FBQyxDQUFDO1FBQy9GLENBQUM7UUFDRCxNQUFNLElBQUksR0FBSSxPQUFPLENBQUMsS0FBMkIsQ0FBQyxNQUFNLENBQ3RELENBQUMsVUFBVSxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsSUFBSSxLQUFLLFVBQVUsQ0FDL0MsQ0FBQztRQUNGLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDakIsTUFBTSxJQUFJLHNCQUFzQixDQUFDLGVBQWUsU0FBUyxZQUFZLFVBQVUsWUFBWSxDQUFDLENBQUM7UUFDL0YsQ0FBQztRQUNELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQWUsQ0FBQyxDQUFDO1FBRXhELE9BQU8sVUFBVSxLQUFLLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUM7SUFDekYsQ0FBQztJQUVPLEtBQUssQ0FBQyxVQUFVLENBQUMsS0FBYSxFQUFFLFdBQW1CO1FBQ3pELE1BQU0sT0FBTyxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHLElBQUksQ0FBQyxPQUFPLGNBQWMsS0FBSyxFQUFFLENBQUMsQ0FBQztRQUN0RSxNQUFNLGFBQWEsR0FBRyx1QkFBdUIsQ0FBQztRQUM5QyxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsY0FBYztRQUN4RyxJQUFJLFlBQVksQ0FBQyxDQUFDLENBQUMsS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUNwQyxNQUFNLElBQUksc0JBQXNCLENBQUMsMkNBQTJDLENBQUMsQ0FBQztRQUNoRixDQUFDO1FBRUQsTUFBTSxPQUFPLEdBQUcsV0FBVyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDbEUsTUFBTSxHQUFHLEdBQUcsT0FBTyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDckMsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUM3RCxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQzdDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQ2xELENBQUM7UUFFRixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMscUJBQXFCLENBQUMsY0FBYyxFQUFFLFNBQVMsRUFBRSxHQUFHLENBQUMsQ0FBQztRQUMxRSxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDWixNQUFNLElBQUksc0JBQXNCLENBQUMsaUNBQWlDLENBQUMsQ0FBQztRQUN0RSxDQUFDO1FBRUQsSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsT0FBTyxFQUFFLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUM7WUFDM0QsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHFDQUFxQyxDQUFDLENBQUM7UUFDMUUsQ0FBQztRQUVELE9BQU8sT0FBTyxDQUFDLElBQWdCLENBQUM7SUFDbEMsQ0FBQztJQUVPLEtBQUssQ0FBQyxhQUFhLENBQUMsV0FBbUI7UUFDN0MsTUFBTSxjQUFjLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxDQUFDLE9BQU8sY0FBYyxDQUFDLENBQUM7UUFDdEUsTUFBTSxnQkFBZ0IsR0FBRyxtQ0FBbUMsQ0FBQztRQUM3RCxNQUFNLGVBQWUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUNyQyxrQkFBa0IsQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLGdCQUFnQixDQUFDLENBQUMsQ0FDN0QsQ0FBQyxDQUFDLHFCQUFxQjtRQUN4QixJQUFJLGVBQWUsQ0FBQyxDQUFDLENBQUMsS0FBSyxXQUFXLEVBQUUsQ0FBQztZQUN2QyxNQUFNLElBQUksc0JBQXNCLENBQUMsd0RBQXdELENBQUMsQ0FBQztRQUM3RixDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsV0FBVyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDNUUsTUFBTSxHQUFHLEdBQUcsY0FBYyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUM7UUFDNUMsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLFNBQVMsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUNwRSxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQzdDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FBQyxjQUFjLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQ2pFLENBQUM7UUFFRixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMscUJBQXFCLENBQUMsY0FBYyxFQUFFLFNBQVMsRUFBRSxHQUFHLENBQUMsQ0FBQztRQUMxRSxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDWixNQUFNLElBQUksc0JBQXNCLENBQUMseUNBQXlDLENBQUMsQ0FBQztRQUM5RSxDQUFDO1FBRUQsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxVQUFVLENBQUMsT0FBTyxFQUFFLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUM7WUFDMUUsTUFBTSxJQUFJLHNCQUFzQixDQUFDLGtEQUFrRCxDQUFDLENBQUM7UUFDdkYsQ0FBQztRQUVELE9BQU8sY0FBYyxDQUFDLElBQW1CLENBQUM7SUFDNUMsQ0FBQztJQUVPLG1CQUFtQixDQUN6QixNQUE0QixFQUM1QixVQUF1QjtRQUV2QixNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNqRCxJQUFJLFFBQVEsQ0FBQyxXQUFXLEVBQUUsS0FBSyxVQUFVLENBQUMsZUFBZSxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ25FLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDO1FBQ25FLENBQUM7UUFDRCxJQUFJLE1BQU0sQ0FBQyxTQUFTLEtBQUssVUFBVSxDQUFDLGVBQWUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUM5RCxNQUFNLElBQUksc0JBQXNCLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztRQUNyRSxDQUFDO1FBQ0QsTUFBTSxRQUFRLEdBQUcsVUFBVSxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUN4RCxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLElBQUksTUFBTSxDQUFDLE1BQU0sQ0FDbkQsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLFFBQVEsRUFBRSxTQUErQixDQUFDO1FBQ3pELElBQUksTUFBTSxFQUFFLENBQUM7WUFDWCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyw4QkFBOEIsUUFBUSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDdEUsT0FBTyxNQUFNLENBQUM7UUFDaEIsQ0FBQztRQUNELE9BQU8sa0JBQWtCLENBQUMsU0FBUyxDQUFDO0lBQ3RDLENBQUM7SUFFTyxZQUFZLENBQ2xCLEtBQWEsRUFDYixLQUFhLEVBQ2IsT0FBaUIsRUFDakIsZ0JBQTJCO1FBRTNCLElBQUksS0FBSyxDQUFDLFdBQVcsRUFBRSxLQUFLLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxFQUFFLENBQUM7WUFDaEUsTUFBTSxJQUFJLHNCQUFzQixDQUFDLGdDQUFnQyxDQUFDLENBQUM7UUFDckUsQ0FBQztRQUNELElBQUksS0FBSyxLQUFLLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDcEMsTUFBTSxJQUFJLHNCQUFzQixDQUFDLGdDQUFnQyxDQUFDLENBQUM7UUFDckUsQ0FBQztRQUVELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxnQkFBZ0IsRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMxRixNQUFNLGFBQWEsR0FBRyxDQUFDLEdBQUcsS0FBSyxDQUFDLEVBQUUsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FDcEQsSUFBSSxDQUFDLG9CQUFvQixDQUFDLGdCQUFnQixFQUFFLEdBQUcsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUN0RixDQUFDO1FBQ0YsTUFBTSxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUM3QyxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQ1gsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLElBQUksTUFBTSxDQUFDLE1BQU0sQ0FBQztZQUNyQyxRQUFRLENBQUMsR0FBRyxDQUFDLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxLQUFLLEVBQUUsRUFBRSxDQUFDLEVBQUUsQ0FBQyxHQUFHLElBQUksTUFBTSxDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQzdGLENBQUM7UUFFRixNQUFNLE1BQU0sR0FBRyxRQUFRLEVBQUUsU0FBd0IsQ0FBQztRQUNsRCxJQUFJLE1BQU0sRUFBRSxDQUFDO1lBQ1gsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsaUJBQWlCLFFBQVEsRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDO1lBQ3pELE9BQU8sTUFBTSxDQUFDO1FBQ2hCLENBQUM7UUFDRCxPQUFPLFdBQVcsQ0FBQyxTQUFTLENBQUM7SUFDL0IsQ0FBQztJQUVPLHdCQUF3QixDQUM5QixnQkFBb0MsRUFDcEMsU0FBc0I7UUFFdEIsSUFBSSxnQkFBZ0IsS0FBSyxrQkFBa0IsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUN0RCxJQUFJLFNBQVMsS0FBSyxXQUFXLENBQUMsUUFBUSxJQUFJLFNBQVMsS0FBSyxXQUFXLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztnQkFDdEYsT0FBTyx1QkFBdUIsQ0FBQyxtQkFBbUIsQ0FBQztZQUNyRCxDQUFDO1lBQ0QsSUFDRSxTQUFTLEtBQUssV0FBVyxDQUFDLDRCQUE0QjtnQkFDdEQsU0FBUyxLQUFLLFdBQVcsQ0FBQyxpQ0FBaUMsRUFDM0QsQ0FBQztnQkFDRCxPQUFPLHVCQUF1QixDQUFDLG9CQUFvQixDQUFDO1lBQ3RELENBQUM7UUFDSCxDQUFDO1FBQ0QsSUFBSSxnQkFBZ0IsS0FBSyxrQkFBa0IsQ0FBQyxPQUFPLElBQUksU0FBUyxLQUFLLFdBQVcsQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUN6RixNQUFNLElBQUksc0JBQXNCLENBQUMsNEJBQTRCLENBQUMsQ0FBQztRQUNqRSxDQUFDO1FBQ0QsSUFBSSxTQUFTLEtBQUssV0FBVyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBQ3ZDLE9BQU8sdUJBQXVCLENBQUMsUUFBUSxDQUFDO1FBQzFDLENBQUM7UUFDRCxJQUFJLFNBQVMsS0FBSyxXQUFXLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDeEMsT0FBTyx1QkFBdUIsQ0FBQyxtQkFBbUIsQ0FBQztRQUNyRCxDQUFDO1FBQ0QsSUFBSSxTQUFTLEtBQUssV0FBVyxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDbEQsT0FBTyx1QkFBdUIsQ0FBQyxtQkFBbUIsQ0FBQztRQUNyRCxDQUFDO1FBQ0QsT0FBTyx1QkFBdUIsQ0FBQyxvQkFBb0IsQ0FBQztJQUN0RCxDQUFDO0lBRU8sbUNBQW1DLENBQUMsTUFBK0I7UUFDekUsUUFBUSxNQUFNLEVBQUUsQ0FBQztZQUNmLEtBQUssdUJBQXVCLENBQUMsUUFBUTtnQkFDbkMsT0FBTywrREFBK0QsQ0FBQztZQUN6RSxLQUFLLHVCQUF1QixDQUFDLG1CQUFtQjtnQkFDOUMsT0FBTzs4R0FDK0YsQ0FBQztZQUN6RyxLQUFLLHVCQUF1QixDQUFDLG1CQUFtQjtnQkFDOUMsT0FBTzs0RkFDNkUsQ0FBQztZQUN2RixLQUFLLHVCQUF1QixDQUFDLG9CQUFvQjtnQkFDL0MsT0FBTzs2SEFDOEcsQ0FBQztZQUN4SDtnQkFDRSxPQUFPLDRCQUE0QixDQUFDO1FBQ3hDLENBQUM7SUFDSCxDQUFDO0lBRU0sS0FBSyxDQUFDLFFBQVEsQ0FBQyxXQUFtQjtRQUN2QyxJQUFJLENBQUM7WUFDSCxNQUFNLEtBQUssR0FBd0IsSUFBSSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDN0UsTUFBTSxNQUFNLEdBQXlCLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUVuRixNQUFNLEVBQUUsT0FBTyxFQUFFLFdBQVcsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUVuRSxNQUFNLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFLE9BQU8sQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDM0UsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsd0NBQXdDLENBQUMsQ0FBQztZQUUzRCxNQUFNLGdCQUFnQixHQUFHLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUMzRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsb0JBQW9CLENBQUMsZ0JBQWdCLEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDNUYsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLG9CQUFvQixDQUFDLGdCQUFnQixFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRTVGLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsV0FBVyxDQUFDLENBQUM7WUFDMUQsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRXpELE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLE1BQU0sRUFBRSxVQUFVLENBQUMsQ0FBQztZQUN0RSxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLGdCQUFnQixDQUFDLENBQUM7WUFFN0UsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQUMsZ0JBQWdCLEVBQUUsU0FBUyxDQUFDLENBQUM7WUFDekYsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsOEJBQThCLHFCQUFxQixFQUFFLENBQUMsQ0FBQztZQUV4RSxPQUFPO2dCQUNMLHFCQUFxQjtnQkFDckIsV0FBVyxFQUFFLElBQUksQ0FBQyxtQ0FBbUMsQ0FBQyxxQkFBcUIsQ0FBQzthQUM3RSxDQUFDO1FBQ0osQ0FBQztRQUFDLE9BQU8sS0FBSyxFQUFFLENBQUM7WUFDZixJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxxQkFBcUIsS0FBSyxFQUFFLENBQUMsQ0FBQztZQUVoRCxPQUFPO2dCQUNMLHFCQUFxQixFQUFFLHVCQUF1QixDQUFDLEtBQUs7Z0JBQ3BELFdBQVcsRUFBRSxJQUFJLENBQUMsbUNBQW1DLENBQUMsdUJBQXVCLENBQUMsS0FBSyxDQUFDO2dCQUNwRixLQUFLO2FBQ04sQ0FBQztRQUNKLENBQUM7SUFDSCxDQUFDO0lBRU0sS0FBSyxDQUFDLGtCQUFrQixDQUFDLFdBQW1CLEVBQUUsY0FBc0I7UUFDekUsTUFBTSxLQUFLLEdBQXdCLElBQUksQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzdFLE1BQU0sTUFBTSxHQUF5QixJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDakYsTUFBTSxZQUFZLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBQzlELE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxZQUFZLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDdEUsTUFBTSxhQUFhLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxlQUFlLEVBQUUsWUFBWSxDQUFDLENBQUM7UUFFcEUsT0FBTyxhQUFhLEtBQUssQ0FBQyxDQUFDO0lBQzdCLENBQUM7SUFFTyxLQUFLLENBQUMsYUFBYSxDQUFDLElBQVk7UUFDdEMsTUFBTSxRQUFRLEdBQUc7WUFDZixJQUFJLEVBQUUsYUFBYSxDQUFDLE1BQU07WUFDMUIsUUFBUSxFQUFFLFFBQVEsQ0FBQyxNQUFNO1NBQzFCLENBQUM7UUFDRixNQUFNLFFBQVEsR0FBRyxNQUFNLE1BQU0sQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxDQUFDO1FBQ3pELE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUN2RCxDQUFDO0NBQ0YifQ==

package/dist/mjs/tee/errors.d.ts

@@ -0,0 +1,6 @@
+export declare class TLBlockSerializerError extends Error {
+}
+export declare class TeeQuoteParserError extends Error {
+}
+export declare class TeeQuoteValidatorError extends Error {
+}

package/dist/mjs/tee/errors.js

@@ -0,0 +1,7 @@
+export class TLBlockSerializerError extends Error {
+}
+export class TeeQuoteParserError extends Error {
+}
+export class TeeQuoteValidatorError extends Error {
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9lcnJvcnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsTUFBTSxPQUFPLHNCQUF1QixTQUFRLEtBQUs7Q0FBRztBQUVwRCxNQUFNLE9BQU8sbUJBQW9CLFNBQVEsS0FBSztDQUFHO0FBRWpELE1BQU0sT0FBTyxzQkFBdUIsU0FBUSxLQUFLO0NBQUcifQ==

package/dist/mjs/tee/helpers.d.ts

@@ -0,0 +1,14 @@
+export declare const splitChain: (chain: string) => string[];
+declare class Position {
+    place: number;
+    constructor();
+}
+export declare class Signature {
+    static toArray(msg: string | Array<number> | null): Uint8Array;
+    static importFromDER(signature: string): {
+        r: string;
+        s: string;
+    };
+    static getLength(buf: Uint8Array, p: Position): number | boolean;
+}
+export {};

package/dist/mjs/tee/helpers.js

@@ -0,0 +1,115 @@
+export const splitChain = (chain) => {
+    const begin = '-----BEGIN CERTIFICATE-----';
+    const end = '-----END CERTIFICATE-----';
+    return chain
+        .split(begin)
+        .filter(Boolean)
+        .map((cert) => begin.concat(cert.slice(0, cert.indexOf(end)), end));
+};
+class Position {
+    place;
+    constructor() {
+        this.place = 0;
+    }
+}
+export class Signature {
+    static toArray(msg) {
+        if (Array.isArray(msg)) {
+            return new Uint8Array(msg);
+        }
+        if (!msg) {
+            return new Uint8Array();
+        }
+        const res = [];
+        if (typeof msg !== 'string') {
+            return new Uint8Array(msg);
+        }
+        msg = msg.replace(/[^a-z0-9]+/gi, '');
+        if (msg.length % 2 !== 0) {
+            msg = '0' + msg;
+        }
+        for (let i = 0; i < msg.length; i += 2) {
+            res.push(parseInt(msg[i] + msg[i + 1], 16));
+        }
+        return new Uint8Array(res);
+    }
+    static importFromDER(signature) {
+        const data = Signature.toArray(signature);
+        const p = new Position();
+        if (data[p.place++] !== 0x30) {
+            throw new Error('Invald DER');
+        }
+        const len = Signature.getLength(data, p);
+        if (len === false) {
+            throw new Error('Invald DER');
+        }
+        if (Number(len) + p.place !== data.length) {
+            throw new Error('Invald DER');
+        }
+        if (data[p.place++] !== 0x02) {
+            throw new Error('Invald DER');
+        }
+        const rlen = Signature.getLength(data, p);
+        if (rlen === false) {
+            throw new Error('Invald DER');
+        }
+        let r = data.slice(p.place, Number(rlen) + p.place);
+        p.place += Number(rlen);
+        if (data[p.place++] !== 0x02) {
+            throw new Error('Invald DER');
+        }
+        const slen = this.getLength(data, p);
+        if (slen === false) {
+            throw new Error('Invald DER');
+        }
+        if (data.length !== Number(slen) + p.place) {
+            throw new Error('Invald DER');
+        }
+        let s = data.slice(p.place, Number(slen) + p.place);
+        if (r[0] === 0) {
+            if (r[1] & 0x80) {
+                r = r.slice(1);
+            }
+            else {
+                throw new Error('Leading zeroes');
+            }
+        }
+        if (s[0] === 0) {
+            if (s[1] & 0x80) {
+                s = s.slice(1);
+            }
+            else {
+                throw new Error('Leading zeroes');
+            }
+        }
+        return {
+            r: Buffer.from(r).toString('hex'),
+            s: Buffer.from(s).toString('hex'),
+        };
+    }
+    static getLength(buf, p) {
+        const initial = buf[p.place++];
+        if (!(initial & 0x80)) {
+            return initial;
+        }
+        const octetLen = initial & 0xf;
+        // Indefinite length or overflow
+        if (octetLen === 0 || octetLen > 4) {
+            return false;
+        }
+        let val = 0;
+        let off = p.place;
+        for (let i = 0; i < octetLen; i++, off++) {
+            val <<= 8;
+            val |= buf[off];
+            val >>>= 0;
+        }
+        // Leading zeroes
+        if (val <= 0x7f) {
+            return false;
+        }
+        p.place = off;
+        return val;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy90ZWUvaGVscGVycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxNQUFNLENBQUMsTUFBTSxVQUFVLEdBQUcsQ0FBQyxLQUFhLEVBQVksRUFBRTtJQUNwRCxNQUFNLEtBQUssR0FBRyw2QkFBNkIsQ0FBQztJQUM1QyxNQUFNLEdBQUcsR0FBRywyQkFBMkIsQ0FBQztJQUV4QyxPQUFPLEtBQUs7U0FDVCxLQUFLLENBQUMsS0FBSyxDQUFDO1NBQ1osTUFBTSxDQUFDLE9BQU8sQ0FBQztTQUNmLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQztBQUN4RSxDQUFDLENBQUM7QUFFRixNQUFNLFFBQVE7SUFDWixLQUFLLENBQVM7SUFFZDtRQUNFLElBQUksQ0FBQyxLQUFLLEdBQUcsQ0FBQyxDQUFDO0lBQ2pCLENBQUM7Q0FDRjtBQUVELE1BQU0sT0FBTyxTQUFTO0lBQ3BCLE1BQU0sQ0FBQyxPQUFPLENBQUMsR0FBa0M7UUFDL0MsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDdkIsT0FBTyxJQUFJLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUM3QixDQUFDO1FBRUQsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1lBQ1QsT0FBTyxJQUFJLFVBQVUsRUFBRSxDQUFDO1FBQzFCLENBQUM7UUFFRCxNQUFNLEdBQUcsR0FBYSxFQUFFLENBQUM7UUFFekIsSUFBSSxPQUFPLEdBQUcsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUM1QixPQUFPLElBQUksVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQzdCLENBQUM7UUFFRCxHQUFHLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxjQUFjLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDdEMsSUFBSSxHQUFHLENBQUMsTUFBTSxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN6QixHQUFHLEdBQUcsR0FBRyxHQUFHLEdBQUcsQ0FBQztRQUNsQixDQUFDO1FBQ0QsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLEdBQUcsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO1lBQ3ZDLEdBQUcsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDOUMsQ0FBQztRQUVELE9BQU8sSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDN0IsQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsU0FBaUI7UUFJcEMsTUFBTSxJQUFJLEdBQUcsU0FBUyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUMxQyxNQUFNLENBQUMsR0FBRyxJQUFJLFFBQVEsRUFBRSxDQUFDO1FBQ3pCLElBQUksSUFBSSxDQUFDLENBQUMsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdCLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDaEMsQ0FBQztRQUNELE1BQU0sR0FBRyxHQUFHLFNBQVMsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ3pDLElBQUksR0FBRyxLQUFLLEtBQUssRUFBRSxDQUFDO1lBQ2xCLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDaEMsQ0FBQztRQUNELElBQUksTUFBTSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxLQUFLLEtBQUssSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzFDLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDaEMsQ0FBQztRQUNELElBQUksSUFBSSxDQUFDLENBQUMsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdCLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDaEMsQ0FBQztRQUNELE1BQU0sSUFBSSxHQUFHLFNBQVMsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQzFDLElBQUksSUFBSSxLQUFLLEtBQUssRUFBRSxDQUFDO1lBQ25CLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDaEMsQ0FBQztRQUNELElBQUksQ0FBQyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ3BELENBQUMsQ0FBQyxLQUFLLElBQUksTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3hCLElBQUksSUFBSSxDQUFDLENBQUMsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDO1lBQzdCLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDaEMsQ0FBQztRQUNELE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ3JDLElBQUksSUFBSSxLQUFLLEtBQUssRUFBRSxDQUFDO1lBQ25CLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDaEMsQ0FBQztRQUNELElBQUksSUFBSSxDQUFDLE1BQU0sS0FBSyxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQzNDLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7UUFDaEMsQ0FBQztRQUNELElBQUksQ0FBQyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ3BELElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQ2YsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxFQUFFLENBQUM7Z0JBQ2hCLENBQUMsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ2pCLENBQUM7aUJBQU0sQ0FBQztnQkFDTixNQUFNLElBQUksS0FBSyxDQUFDLGdCQUFnQixDQUFDLENBQUM7WUFDcEMsQ0FBQztRQUNILENBQUM7UUFDRCxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNmLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxHQUFHLElBQUksRUFBRSxDQUFDO2dCQUNoQixDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNqQixDQUFDO2lCQUFNLENBQUM7Z0JBQ04sTUFBTSxJQUFJLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO1lBQ3BDLENBQUM7UUFDSCxDQUFDO1FBRUQsT0FBTztZQUNMLENBQUMsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUM7WUFDakMsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQztTQUNsQyxDQUFDO0lBQ0osQ0FBQztJQUVELE1BQU0sQ0FBQyxTQUFTLENBQUMsR0FBZSxFQUFFLENBQVc7UUFDM0MsTUFBTSxPQUFPLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQy9CLElBQUksQ0FBQyxDQUFDLE9BQU8sR0FBRyxJQUFJLENBQUMsRUFBRSxDQUFDO1lBQ3RCLE9BQU8sT0FBTyxDQUFDO1FBQ2pCLENBQUM7UUFDRCxNQUFNLFFBQVEsR0FBRyxPQUFPLEdBQUcsR0FBRyxDQUFDO1FBRS9CLGdDQUFnQztRQUNoQyxJQUFJLFFBQVEsS0FBSyxDQUFDLElBQUksUUFBUSxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ25DLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELElBQUksR0FBRyxHQUFHLENBQUMsQ0FBQztRQUNaLElBQUksR0FBRyxHQUFHLENBQUMsQ0FBQyxLQUFLLENBQUM7UUFDbEIsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLFFBQVEsRUFBRSxDQUFDLEVBQUUsRUFBRSxHQUFHLEVBQUUsRUFBRSxDQUFDO1lBQ3pDLEdBQUcsS0FBSyxDQUFDLENBQUM7WUFDVixHQUFHLElBQUksR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1lBQ2hCLEdBQUcsTUFBTSxDQUFDLENBQUM7UUFDYixDQUFDO1FBRUQsaUJBQWlCO1FBQ2pCLElBQUksR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ2hCLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELENBQUMsQ0FBQyxLQUFLLEdBQUcsR0FBRyxDQUFDO1FBQ2QsT0FBTyxHQUFHLENBQUM7SUFDYixDQUFDO0NBQ0YifQ==

package/dist/mjs/tee/interface.d.ts

@@ -0,0 +1,63 @@
+import { TeeDataType, BinaryType, TLBlockUnserializeResultType, TLBlockSerializeResultType, TLBlockType } from './types.js';
+/**
+ * Serializes and Unserializes TLB
+ */
+export interface TLBlockSerializer {
+    unserializeTlb(blob: BinaryType): TLBlockUnserializeResultType | Promise<TLBlockUnserializeResultType>;
+    serializeTlb(tlb: TLBlockType, tlbMetadata: TeeDataType): TLBlockSerializeResultType | Promise<TLBlockSerializeResultType>;
+    serializeMetadata(tlbMetadata: TeeDataType): BinaryType | Promise<BinaryType>;
+    serializeAnyData(anyData: any): BinaryType;
+}
+interface IISVSVNStatus {
+    tcb: {
+        isvsvn: number;
+    };
+    tcbDate: string;
+    tcbStatus: string;
+}
+export interface IQEIdentity {
+    signature: string;
+    enclaveIdentity: {
+        id: string;
+        version: number;
+        issueDate: string;
+        nextUpdate: string;
+        tcbEvaluationDataNumber: number;
+        miscselect: string;
+        miscselectMask: string;
+        attributes: string;
+        attributesMask: string;
+        mrsigner: string;
+        isvprodid: number;
+        tcbLevels: [IISVSVNStatus];
+    };
+}
+interface sgxTcbComponent {
+    svn: number;
+    category: string;
+    type: string;
+}
+interface ITCBSVNStatus {
+    tcb: {
+        sgxtcbcomponents: [sgxTcbComponent];
+        pcesvn: number;
+    };
+    tcbDate: string;
+    tcbStatus: string;
+    advisoryIDs: [string];
+}
+export interface ITcbData {
+    signature: string;
+    tcbInfo: {
+        id: string;
+        version: number;
+        issueDate: string;
+        nextUpdate: string;
+        fmspc: string;
+        pceId: string;
+        tcbType: number;
+        tcbEvaluationDataNumber: number;
+        tcbLevels: [ITCBSVNStatus];
+    };
+}
+export {};

package/dist/mjs/tee/interface.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZXJmYWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9pbnRlcmZhY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9