@super-protocol/sdk-js 2.1.4-beta.1 → 2.1.4-beta.5

package/dist/mjs/tee/QuoteValidator.js

@@ -0,0 +1,382 @@
+import axios from 'axios';
+import { ec } from 'elliptic';
+import { util, asn1 } from 'node-forge';
+import { Certificate } from '@fidm/x509';
+import { formatter } from 'js-encoding-utils';
+import { CertificateRevocationList } from 'pkijs';
+import { fromBER } from 'asn1js';
+import _ from 'lodash';
+import { TeeSgxParser } from './QuoteParser.js';
+import rootLogger from '../logger.js';
+import { TeeQuoteValidatorError } from './errors.js';
+import { QEIdentityStatuses, TCBStatuses, QuoteValidationStatuses } from './statuses.js';
+import { Encoding, HashAlgorithm } from '@super-protocol/dto-js';
+import Crypto from '../crypto/index.js';
+const INTEL_BASE_SGX_URL = 'https://api.trustedservices.intel.com';
+const INTEL_SGX_ROOT_CA_URL = 'https://certificates.trustedservices.intel.com/IntelSGXRootCA.der';
+const SGX_OID = '1.2.840.113741.1.13.1';
+const FMSPC_OID = `${SGX_OID}.4`;
+const PCEID_OID = `${SGX_OID}.3`;
+const TCB_OID = `${SGX_OID}.2`;
+const PCESVN_OID = `${TCB_OID}.17`;
+const INTEL_ROOT_PUB_KEY = new Uint8Array([
+    4, 11, 169, 196, 192, 192, 200, 97, 147, 163, 254, 35, 214, 176, 44, 218, 16, 168, 187, 212, 232,
+    142, 72, 180, 69, 133, 97, 163, 110, 112, 85, 37, 245, 103, 145, 142, 46, 220, 136, 228, 13, 134,
+    11, 208, 204, 78, 226, 106, 172, 201, 136, 229, 5, 169, 83, 85, 140, 69, 63, 107, 9, 4, 174, 115,
+    148,
+]);
+export class QuoteValidator {
+    isDefault;
+    baseUrl;
+    teeSgxParser;
+    logger;
+    constructor(baseUrl) {
+        this.isDefault = baseUrl === INTEL_BASE_SGX_URL;
+        this.baseUrl = `${baseUrl}/sgx/certification/v4`;
+        this.teeSgxParser = new TeeSgxParser();
+        this.logger = rootLogger.child({ className: QuoteValidator.name });
+    }
+    splitChain(chain) {
+        const begin = '-----BEGIN CERTIFICATE-----';
+        const end = '-----END CERTIFICATE-----';
+        return chain
+            .split(begin)
+            .filter(Boolean)
+            .map((cert) => begin.concat(cert.slice(0, cert.indexOf(end)), end));
+    }
+    findSequenceByOID(hexValue, targetOID) {
+        const buffer = util.hexToBytes(hexValue);
+        const asn1Data = asn1.fromDer(buffer);
+        return this.searchForSequence(asn1Data, targetOID);
+    }
+    searchForSequence(asn1Data, targetOID) {
+        if (asn1Data.type === asn1.Type.SEQUENCE) {
+            for (const child of asn1Data.value) {
+                if (child.type === asn1.Type.OID) {
+                    const oid = asn1.derToOid(child.value);
+                    if (oid === targetOID) {
+                        return asn1Data;
+                    }
+                }
+            }
+        }
+        if (Array.isArray(asn1Data.value)) {
+            for (const child of asn1Data.value) {
+                const result = this.searchForSequence(child, targetOID);
+                if (result) {
+                    return result;
+                }
+            }
+        }
+        return null;
+    }
+    verifyDataBySignature(data, signature, key) {
+        const ellipticEc = new ec('p256');
+        const result = ellipticEc.verify(data, {
+            r: signature.subarray(0, 32),
+            s: signature.subarray(32),
+        }, ellipticEc.keyFromPublic(key, 'hex'));
+        return result;
+    }
+    checkValidDate(from, to) {
+        const now = Date.now();
+        return from < now && now < to;
+    }
+    checkChainForIssuers(pckCert, platformCert, rootCert) {
+        return (_.isEqual(pckCert.issuer, platformCert.subject) &&
+            _.isEqual(platformCert.issuer, rootCert.subject));
+    }
+    getCrl(crlData) {
+        const crlDer = crlData.startsWith('-----')
+            ? formatter.pemToBin(crlData)
+            : Buffer.from(crlData, 'hex');
+        const crlAsn = fromBER(crlDer);
+        return new CertificateRevocationList({ schema: crlAsn.result });
+    }
+    checkCertificatesInCrl(crl, certIds) {
+        if (!crl.thisUpdate || !crl.nextUpdate) {
+            throw new TeeQuoteValidatorError('Certificate revocation list has no update date field');
+        }
+        if (!this.checkValidDate(crl.thisUpdate.value.valueOf(), crl.nextUpdate.value.valueOf())) {
+            throw new TeeQuoteValidatorError('Certificate revocation list has invalid update date');
+        }
+        if (crl.revokedCertificates) {
+            const isAnyRevoked = crl.revokedCertificates.find((revoked) => certIds.includes(Buffer.from(revoked.userCertificate.valueBlock.valueHexView).toString('hex')));
+            if (isAnyRevoked) {
+                throw new TeeQuoteValidatorError('Certificate in revokation list');
+            }
+        }
+    }
+    async getCertificates(quote) {
+        const platformCrlResult = await axios.get(`${this.baseUrl}/pckcrl?ca=platform&encoding=pem`);
+        const platformChain = decodeURIComponent(platformCrlResult.headers['sgx-pck-crl-issuer-chain']);
+        const [platformFetchedPem, rootFetchedPem] = this.splitChain(platformChain); // [platform, root]
+        const platformFetchedCert = Certificate.fromPEM(Buffer.from(platformFetchedPem));
+        const rootFetchedCert = Certificate.fromPEM(Buffer.from(rootFetchedPem));
+        if (!this.checkValidDate(platformFetchedCert.validFrom.valueOf(), platformFetchedCert.validTo.valueOf())) {
+            throw new TeeQuoteValidatorError('Platform certificate validation date is not valid');
+        }
+        if (!this.checkValidDate(rootFetchedCert.validFrom.valueOf(), rootFetchedCert.validTo.valueOf())) {
+            throw new TeeQuoteValidatorError('Root certificate validation date is not valid');
+        }
+        if (!_.isEqual(rootFetchedCert.issuer, rootFetchedCert.subject)) {
+            throw new TeeQuoteValidatorError('Root certificate is not self-signed');
+        }
+        if (Buffer.compare(rootFetchedCert.publicKey.keyRaw, INTEL_ROOT_PUB_KEY) !== 0) {
+            throw new TeeQuoteValidatorError('Wrong Intel root certificate public key');
+        }
+        const certificatePems = this.splitChain(quote.qeCertificationData.toString()); // [pck, platform, root]
+        const pckCert = Certificate.fromPEM(Buffer.from(certificatePems[0]));
+        const certType = quote.qeCertificationDataType;
+        if (!this.checkValidDate(pckCert.validFrom.valueOf(), pckCert.validTo.valueOf())) {
+            throw new TeeQuoteValidatorError('PCK certificate validation date is not valid');
+        }
+        if (certType !== 5) {
+            throw new TeeQuoteValidatorError(`Unsupported certification data type: ${certType}`);
+        }
+        if (rootFetchedPem !== certificatePems[2]) {
+            throw new TeeQuoteValidatorError("Invalid SGX root certificate in quote's certificate chain");
+        }
+        if (!this.checkChainForIssuers(pckCert, platformFetchedCert, rootFetchedCert)) {
+            throw new TeeQuoteValidatorError('Invalid issuers in certificates chain');
+        }
+        const certIds = [
+            rootFetchedCert.serialNumber,
+            platformFetchedCert.serialNumber,
+            pckCert.serialNumber,
+        ];
+        if (this.isDefault) {
+            const intelCrlDer = await axios.get(INTEL_SGX_ROOT_CA_URL, {
+                responseType: 'arraybuffer',
+            });
+            const intelCrlAsn = fromBER(Buffer.from(intelCrlDer.data));
+            this.checkCertificatesInCrl(new CertificateRevocationList({ schema: intelCrlAsn.result }), certIds);
+        }
+        else {
+            const intelCrlDer = await axios.get(`${this.baseUrl}/rootcacrl`);
+            const intelCrl = this.getCrl(intelCrlDer.data);
+            this.checkCertificatesInCrl(intelCrl, certIds);
+        }
+        const platformCrl = this.getCrl(platformCrlResult.data);
+        this.checkCertificatesInCrl(platformCrl, certIds);
+        return { pckCert, rootCertPem: rootFetchedPem };
+    }
+    async verifyQeReportSignature(quote, pckPublicKey) {
+        const signature = Buffer.from(quote.qeReportSignature);
+        const reportHash = await this.getSha256Hash(Buffer.from(quote.qeReport));
+        return this.verifyDataBySignature(reportHash, signature, pckPublicKey);
+    }
+    async verifyQeReportData(quote, report) {
+        const qeAuthData = quote.qeAuthenticationData;
+        const attestationKey = quote.ecdsaAttestationKey;
+        const qeReportDataHash = report.dataHash;
+        const calculatedHash = await this.getSha256Hash(Buffer.concat([attestationKey, qeAuthData]));
+        const result = Buffer.compare(qeReportDataHash, calculatedHash);
+        return result === 0;
+    }
+    async verifyEnclaveReportSignature(quote) {
+        const key = Buffer.from(quote.ecdsaAttestationKey);
+        const headerBuffer = Buffer.from(quote.rawHeader);
+        const reportBuffer = Buffer.from(quote.report);
+        const expected = quote.isvEnclaveReportSignature;
+        const calculatedHash = await this.getSha256Hash(Buffer.concat([headerBuffer, reportBuffer]));
+        const ellipticEc = new ec('p256');
+        const result = ellipticEc.verify(calculatedHash, {
+            r: expected.subarray(0, 32),
+            s: expected.subarray(32),
+        }, Buffer.concat([Buffer.from([4]), key]));
+        return result;
+    }
+    async validateQuoteStructure(quote, report, pckPublicKey) {
+        if (!(await this.verifyQeReportSignature(quote, pckPublicKey))) {
+            throw new TeeQuoteValidatorError('Wrong QE report signature');
+        }
+        if (!(await this.verifyQeReportData(quote, report))) {
+            throw new TeeQuoteValidatorError('Wrong QE report data');
+        }
+        if (!(await this.verifyEnclaveReportSignature(quote))) {
+            throw new TeeQuoteValidatorError('Wrong enclave report signature');
+        }
+    }
+    getSgxExtensionData(pckCert) {
+        const sgxExtensionData = pckCert.extensions.find((item) => item.oid === SGX_OID);
+        if (!sgxExtensionData) {
+            throw new TeeQuoteValidatorError('SGX data not found in PCK certificate');
+        }
+        return sgxExtensionData;
+    }
+    getDataFromExtension(sgxExtensionData, targetOid, targetType) {
+        const rawData = this.findSequenceByOID(sgxExtensionData.value.toString('hex'), targetOid);
+        if (!rawData) {
+            throw new TeeQuoteValidatorError(`OID ${targetOid} not found in PCK certificate's SGX data`);
+        }
+        const data = rawData.value.filter((asnElement) => asnElement.type === targetType);
+        if (!data.length) {
+            throw new TeeQuoteValidatorError(`Data on OID ${targetOid} of type ${targetType} not found`);
+        }
+        const result = util.bytesToHex(data[0].value);
+        return targetType === asn1.Type.OCTETSTRING ? result : parseInt(result, 16).toString();
+    }
+    async getTcbInfo(fmspc, rootCertPem) {
+        const tcbData = await axios.get(`${this.baseUrl}/tcb?fmspc=${fmspc}`);
+        const tcbInfoHeader = 'tcb-info-issuer-chain';
+        const tcbInfoChain = this.splitChain(decodeURIComponent(tcbData.headers[tcbInfoHeader])); // [tcb, root]
+        if (tcbInfoChain[1] !== rootCertPem) {
+            throw new TeeQuoteValidatorError('Invalid SGX root certificate in TCB chain');
+        }
+        const tcbCert = Certificate.fromPEM(Buffer.from(tcbInfoChain[0]));
+        const key = tcbCert.publicKey.keyRaw;
+        const signature = Buffer.from(tcbData.data.signature, 'hex');
+        const calculatedhash = await this.getSha256Hash(Buffer.from(JSON.stringify(tcbData.data.tcbInfo)));
+        const result = this.verifyDataBySignature(calculatedhash, signature, key);
+        if (!result) {
+            throw new TeeQuoteValidatorError('TCB info signature is not valid');
+        }
+        if (tcbData.data.tcbInfo.nextUpdate.valueOf() > Date.now()) {
+            throw new TeeQuoteValidatorError('TCB next update date is out of date');
+        }
+        return tcbData.data;
+    }
+    async getQEIdentity(rootCertPem) {
+        const qeIdentityData = await axios.get(`${this.baseUrl}/qe/identity`);
+        const qeIdentityHeader = 'sgx-enclave-identity-issuer-chain';
+        const qeIdentityChain = this.splitChain(decodeURIComponent(qeIdentityData.headers[qeIdentityHeader])); // [qeIdentity, root]
+        if (qeIdentityChain[1] !== rootCertPem) {
+            throw new TeeQuoteValidatorError('Invalid SGX root certificate in enclave identity chain');
+        }
+        const qeIdentityCert = Certificate.fromPEM(Buffer.from(qeIdentityChain[0]));
+        const key = qeIdentityCert.publicKey.keyRaw;
+        const signature = Buffer.from(qeIdentityData.data.signature, 'hex');
+        const calculatedhash = await this.getSha256Hash(Buffer.from(JSON.stringify(qeIdentityData.data.enclaveIdentity)));
+        const result = this.verifyDataBySignature(calculatedhash, signature, key);
+        if (!result) {
+            throw new TeeQuoteValidatorError('Enclave identity signature is not valid');
+        }
+        if (qeIdentityData.data.enclaveIdentity.nextUpdate.valueOf() > Date.now()) {
+            throw new TeeQuoteValidatorError('Enclave identity next update date is out of date');
+        }
+        return qeIdentityData.data;
+    }
+    getQEIdentityStatus(report, qeIdentity) {
+        const mrSigner = report.mrSigner.toString('hex');
+        if (mrSigner.toUpperCase() !== qeIdentity.enclaveIdentity.mrsigner) {
+            throw new TeeQuoteValidatorError('Wrong MR signer in QE report');
+        }
+        if (report.isvProdId !== qeIdentity.enclaveIdentity.isvprodid) {
+            throw new TeeQuoteValidatorError('Wrong ISV PROD ID in QE report');
+        }
+        const tcbLevel = qeIdentity.enclaveIdentity.tcbLevels.find((tcbLevel) => tcbLevel.tcb.isvsvn <= report.isvSvn);
+        const status = tcbLevel?.tcbStatus;
+        if (status) {
+            this.logger.info(`Enclave identity status is ${tcbLevel?.tcbStatus}`);
+            return status;
+        }
+        return QEIdentityStatuses.OutOfDate;
+    }
+    getTcbStatus(fmspc, pceId, tcbData, sgxExtensionData) {
+        if (fmspc.toUpperCase() !== tcbData.tcbInfo.fmspc.toUpperCase()) {
+            throw new TeeQuoteValidatorError('Wrong FMSPC in PCK certificate');
+        }
+        if (pceId !== tcbData.tcbInfo.pceId) {
+            throw new TeeQuoteValidatorError('Wrong PCEID in PCK certificate');
+        }
+        const pceSvn = this.getDataFromExtension(sgxExtensionData, PCESVN_OID, asn1.Type.INTEGER);
+        const sgxComponents = [...Array(16).keys()].map((i) => this.getDataFromExtension(sgxExtensionData, `${TCB_OID}.${i + 1}`, asn1.Type.INTEGER));
+        const tcbLevel = tcbData.tcbInfo.tcbLevels.find((tcbLevel) => tcbLevel.tcb.pcesvn <= Number(pceSvn) &&
+            tcbLevel.tcb.sgxtcbcomponents.every((el, index) => el.svn <= Number(sgxComponents[index])));
+        const status = tcbLevel?.tcbStatus;
+        if (status) {
+            this.logger.info(`TCB status is ${tcbLevel?.tcbStatus}`);
+            return status;
+        }
+        return TCBStatuses.OutOfDate;
+    }
+    getQuoteValidationStatus(qeIdentityStatus, tcbStatus) {
+        if (qeIdentityStatus === QEIdentityStatuses.OutOfDate) {
+            if (tcbStatus === TCBStatuses.UpToDate || tcbStatus === TCBStatuses.SWHardeningNeeded) {
+                return QuoteValidationStatuses.SecurityPatchNeeded;
+            }
+            if (tcbStatus === TCBStatuses.OutOfDateConfigurationNeeded ||
+                tcbStatus === TCBStatuses.ConfigurationAndSWHardeningNeeded) {
+                return QuoteValidationStatuses.SoftwareUpdateNeeded;
+            }
+        }
+        if (qeIdentityStatus === QEIdentityStatuses.Revoked || tcbStatus === TCBStatuses.Revoked) {
+            throw new TeeQuoteValidatorError('QE identity or TCB revoked');
+        }
+        if (tcbStatus === TCBStatuses.UpToDate) {
+            return QuoteValidationStatuses.UpToDate;
+        }
+        if (tcbStatus === TCBStatuses.OutOfDate) {
+            return QuoteValidationStatuses.SecurityPatchNeeded;
+        }
+        if (tcbStatus === TCBStatuses.ConfigurationNeeded) {
+            return QuoteValidationStatuses.ConfigurationNeeded;
+        }
+        return QuoteValidationStatuses.SoftwareUpdateNeeded;
+    }
+    getQuoteValidationStatusDescription(status) {
+        switch (status) {
+            case QuoteValidationStatuses.UpToDate:
+                return 'The Quote verification passed and is at the latest TCB level.';
+            case QuoteValidationStatuses.ConfigurationNeeded:
+                return `The SGX platform firmware and SW are at the latest security patching level
+                    but there are platform hardware configurations may expose the enclave to vulnerabilities.`;
+            case QuoteValidationStatuses.SecurityPatchNeeded:
+                return `The SGX platform firmware and SW are not at the latest security patching level.
+                    The platform needs to be patched with firmware and/or software patches.`;
+            case QuoteValidationStatuses.SoftwareUpdateNeeded:
+                return `The SGX platform firmware and SW are at the latest security patching level but there are
+                    certain vulnerabilities that can only be mitigated with software mitigations implemented by the enclave.`;
+            default:
+                return 'Quote verification failed.';
+        }
+    }
+    async validate(quoteBuffer) {
+        try {
+            const quote = this.teeSgxParser.parseQuote(quoteBuffer);
+            const report = this.teeSgxParser.parseReport(quote.qeReport);
+            const { pckCert, rootCertPem } = await this.getCertificates(quote);
+            await this.validateQuoteStructure(quote, report, pckCert.publicKey.keyRaw);
+            this.logger.info('Quote structure validated successfully');
+            const sgxExtensionData = this.getSgxExtensionData(pckCert);
+            const fmspc = this.getDataFromExtension(sgxExtensionData, FMSPC_OID, asn1.Type.OCTETSTRING);
+            const pceId = this.getDataFromExtension(sgxExtensionData, PCEID_OID, asn1.Type.OCTETSTRING);
+            const tcbData = await this.getTcbInfo(fmspc, rootCertPem);
+            const qeIdentity = await this.getQEIdentity(rootCertPem);
+            const qeIdentityStatus = this.getQEIdentityStatus(report, qeIdentity);
+            const tcbStatus = this.getTcbStatus(fmspc, pceId, tcbData, sgxExtensionData);
+            const quoteValidationStatus = this.getQuoteValidationStatus(qeIdentityStatus, tcbStatus);
+            this.logger.info(`Quote validation status is ${quoteValidationStatus}`);
+            return {
+                quoteValidationStatus,
+                description: this.getQuoteValidationStatusDescription(quoteValidationStatus),
+            };
+        }
+        catch (error) {
+            this.logger.error(`Validation error: ${error}`);
+            return {
+                quoteValidationStatus: QuoteValidationStatuses.Error,
+                description: this.getQuoteValidationStatusDescription(QuoteValidationStatuses.Error),
+                error,
+            };
+        }
+    }
+    async isQuoteHasUserData(quoteBuffer, userDataBuffer) {
+        const quote = this.teeSgxParser.parseQuote(quoteBuffer);
+        const report = this.teeSgxParser.parseReport(quote.report);
+        const userDataHash = await this.getSha256Hash(userDataBuffer);
+        const slicedQuoteData = report.userData.slice(0, userDataHash.length);
+        const compareResult = Buffer.compare(slicedQuoteData, userDataHash);
+        return compareResult === 0;
+    }
+    async getSha256Hash(data) {
+        const hashInfo = {
+            algo: HashAlgorithm.SHA256,
+            encoding: Encoding.base64,
+        };
+        const hashData = await Crypto.createHash(data, hashInfo);
+        return Buffer.from(hashData.hash, hashData.encoding);
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUXVvdGVWYWxpZGF0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvdGVlL1F1b3RlVmFsaWRhdG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMxQixPQUFPLEVBQUUsRUFBRSxFQUFFLE1BQU0sVUFBVSxDQUFDO0FBQzlCLE9BQU8sRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLE1BQU0sWUFBWSxDQUFDO0FBQ3hDLE9BQU8sRUFBRSxXQUFXLEVBQWEsTUFBTSxZQUFZLENBQUM7QUFDcEQsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQzlDLE9BQU8sRUFBRSx5QkFBeUIsRUFBRSxNQUFNLE9BQU8sQ0FBQztBQUNsRCxPQUFPLEVBQUUsT0FBTyxFQUFFLE1BQU0sUUFBUSxDQUFDO0FBQ2pDLE9BQU8sQ0FBQyxNQUFNLFFBQVEsQ0FBQztBQUN2QixPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sa0JBQWtCLENBQUM7QUFFaEQsT0FBTyxVQUFVLE1BQU0sY0FBYyxDQUFDO0FBRXRDLE9BQU8sRUFBRSxzQkFBc0IsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNyRCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsV0FBVyxFQUFFLHVCQUF1QixFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQ3pGLE9BQU8sRUFBRSxRQUFRLEVBQUUsYUFBYSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDakUsT0FBTyxNQUFNLE1BQU0sb0JBQW9CLENBQUM7QUFFeEMsTUFBTSxrQkFBa0IsR0FBRyx1Q0FBdUMsQ0FBQztBQUNuRSxNQUFNLHFCQUFxQixHQUFHLG1FQUFtRSxDQUFDO0FBQ2xHLE1BQU0sT0FBTyxHQUFHLHVCQUF1QixDQUFDO0FBQ3hDLE1BQU0sU0FBUyxHQUFHLEdBQUcsT0FBTyxJQUFJLENBQUM7QUFDakMsTUFBTSxTQUFTLEdBQUcsR0FBRyxPQUFPLElBQUksQ0FBQztBQUNqQyxNQUFNLE9BQU8sR0FBRyxHQUFHLE9BQU8sSUFBSSxDQUFDO0FBQy9CLE1BQU0sVUFBVSxHQUFHLEdBQUcsT0FBTyxLQUFLLENBQUM7QUFDbkMsTUFBTSxrQkFBa0IsR0FBRyxJQUFJLFVBQVUsQ0FBQztJQUN4QyxDQUFDLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUc7SUFDaEcsR0FBRyxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxHQUFHO0lBQ2hHLEVBQUUsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxDQUFDLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLENBQUMsRUFBRSxDQUFDLEVBQUUsR0FBRyxFQUFFLEdBQUc7SUFDaEcsR0FBRztDQUNKLENBQUMsQ0FBQztBQVFILE1BQU0sT0FBTyxjQUFjO0lBQ1IsU0FBUyxDQUFVO0lBQ25CLE9BQU8sQ0FBUztJQUNoQixZQUFZLENBQWU7SUFDcEMsTUFBTSxDQUFvQjtJQUVsQyxZQUFZLE9BQWU7UUFDekIsSUFBSSxDQUFDLFNBQVMsR0FBRyxPQUFPLEtBQUssa0JBQWtCLENBQUM7UUFDaEQsSUFBSSxDQUFDLE9BQU8sR0FBRyxHQUFHLE9BQU8sdUJBQXVCLENBQUM7UUFDakQsSUFBSSxDQUFDLFlBQVksR0FBRyxJQUFJLFlBQVksRUFBRSxDQUFDO1FBQ3ZDLElBQUksQ0FBQyxNQUFNLEdBQUcsVUFBVSxDQUFDLEtBQUssQ0FBQyxFQUFFLFNBQVMsRUFBRSxjQUFjLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUNyRSxDQUFDO0lBRU8sVUFBVSxDQUFDLEtBQWE7UUFDOUIsTUFBTSxLQUFLLEdBQUcsNkJBQTZCLENBQUM7UUFDNUMsTUFBTSxHQUFHLEdBQUcsMkJBQTJCLENBQUM7UUFFeEMsT0FBTyxLQUFLO2FBQ1QsS0FBSyxDQUFDLEtBQUssQ0FBQzthQUNaLE1BQU0sQ0FBQyxPQUFPLENBQUM7YUFDZixHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEdBQUcsQ0FBQyxDQUFDLENBQUM7SUFDeEUsQ0FBQztJQUVPLGlCQUFpQixDQUFDLFFBQWdCLEVBQUUsU0FBaUI7UUFDM0QsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN6QyxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRXRDLE9BQU8sSUFBSSxDQUFDLGlCQUFpQixDQUFDLFFBQVEsRUFBRSxTQUFTLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRU8saUJBQWlCLENBQUMsUUFBbUIsRUFBRSxTQUFpQjtRQUM5RCxJQUFJLFFBQVEsQ0FBQyxJQUFJLEtBQUssSUFBSSxDQUFDLElBQUksQ0FBQyxRQUFRLEVBQUU7WUFDeEMsS0FBSyxNQUFNLEtBQUssSUFBSSxRQUFRLENBQUMsS0FBb0IsRUFBRTtnQkFDakQsSUFBSSxLQUFLLENBQUMsSUFBSSxLQUFLLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFO29CQUNoQyxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxLQUFlLENBQUMsQ0FBQztvQkFDakQsSUFBSSxHQUFHLEtBQUssU0FBUyxFQUFFO3dCQUNyQixPQUFPLFFBQVEsQ0FBQztxQkFDakI7aUJBQ0Y7YUFDRjtTQUNGO1FBRUQsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsRUFBRTtZQUNqQyxLQUFLLE1BQU0sS0FBSyxJQUFJLFFBQVEsQ0FBQyxLQUFLLEVBQUU7Z0JBQ2xDLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxLQUFLLEVBQUUsU0FBUyxDQUFDLENBQUM7Z0JBQ3hELElBQUksTUFBTSxFQUFFO29CQUNWLE9BQU8sTUFBTSxDQUFDO2lCQUNmO2FBQ0Y7U0FDRjtRQUVELE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVPLHFCQUFxQixDQUFDLElBQVksRUFBRSxTQUFpQixFQUFFLEdBQVc7UUFDeEUsTUFBTSxVQUFVLEdBQUcsSUFBSSxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbEMsTUFBTSxNQUFNLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FDOUIsSUFBSSxFQUNKO1lBQ0UsQ0FBQyxFQUFFLFNBQVMsQ0FBQyxRQUFRLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUM1QixDQUFDLEVBQUUsU0FBUyxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7U0FDMUIsRUFDRCxVQUFVLENBQUMsYUFBYSxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsQ0FDckMsQ0FBQztRQUVGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFTyxjQUFjLENBQUMsSUFBWSxFQUFFLEVBQVU7UUFDN0MsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDO1FBQ3ZCLE9BQU8sSUFBSSxHQUFHLEdBQUcsSUFBSSxHQUFHLEdBQUcsRUFBRSxDQUFDO0lBQ2hDLENBQUM7SUFFTyxvQkFBb0IsQ0FDMUIsT0FBb0IsRUFDcEIsWUFBeUIsRUFDekIsUUFBcUI7UUFFckIsT0FBTyxDQUNMLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxZQUFZLENBQUMsT0FBTyxDQUFDO1lBQy9DLENBQUMsQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLE1BQU0sRUFBRSxRQUFRLENBQUMsT0FBTyxDQUFDLENBQ2pELENBQUM7SUFDSixDQUFDO0lBRU8sTUFBTSxDQUFDLE9BQWU7UUFDNUIsTUFBTSxNQUFNLEdBQUcsT0FBTyxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUM7WUFDeEMsQ0FBQyxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDO1lBQzdCLENBQUMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxLQUFLLENBQUMsQ0FBQztRQUNoQyxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsTUFBb0IsQ0FBQyxDQUFDO1FBRTdDLE9BQU8sSUFBSSx5QkFBeUIsQ0FBQyxFQUFFLE1BQU0sRUFBRSxNQUFNLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQztJQUNsRSxDQUFDO0lBRU8sc0JBQXNCLENBQUMsR0FBOEIsRUFBRSxPQUFpQjtRQUM5RSxJQUFJLENBQUMsR0FBRyxDQUFDLFVBQVUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxVQUFVLEVBQUU7WUFDdEMsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHNEQUFzRCxDQUFDLENBQUM7U0FDMUY7UUFDRCxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxPQUFPLEVBQUUsRUFBRSxHQUFHLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQyxFQUFFO1lBQ3hGLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxxREFBcUQsQ0FBQyxDQUFDO1NBQ3pGO1FBQ0QsSUFBSSxHQUFHLENBQUMsbUJBQW1CLEVBQUU7WUFDM0IsTUFBTSxZQUFZLEdBQUcsR0FBRyxDQUFDLG1CQUFtQixDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQzVELE9BQU8sQ0FBQyxRQUFRLENBQ2QsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUMsQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQzdFLENBQ0YsQ0FBQztZQUNGLElBQUksWUFBWSxFQUFFO2dCQUNoQixNQUFNLElBQUksc0JBQXNCLENBQUMsZ0NBQWdDLENBQUMsQ0FBQzthQUNwRTtTQUNGO0lBQ0gsQ0FBQztJQUVPLEtBQUssQ0FBQyxlQUFlLENBQzNCLEtBQTBCO1FBRTFCLE1BQU0saUJBQWlCLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxDQUFDLE9BQU8sa0NBQWtDLENBQUMsQ0FBQztRQUM3RixNQUFNLGFBQWEsR0FBRyxrQkFBa0IsQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsMEJBQTBCLENBQUMsQ0FBQyxDQUFDO1FBQ2hHLE1BQU0sQ0FBQyxrQkFBa0IsRUFBRSxjQUFjLENBQUMsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsQ0FBQyxDQUFDLENBQUMsbUJBQW1CO1FBQ2hHLE1BQU0sbUJBQW1CLEdBQUcsV0FBVyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQztRQUNqRixNQUFNLGVBQWUsR0FBRyxXQUFXLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLENBQUMsQ0FBQztRQUV6RSxJQUNFLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FDbEIsbUJBQW1CLENBQUMsU0FBUyxDQUFDLE9BQU8sRUFBRSxFQUN2QyxtQkFBbUIsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQ3RDLEVBQ0Q7WUFDQSxNQUFNLElBQUksc0JBQXNCLENBQUMsbURBQW1ELENBQUMsQ0FBQztTQUN2RjtRQUNELElBQ0UsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUFFLEVBQUUsZUFBZSxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQyxFQUM1RjtZQUNBLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQywrQ0FBK0MsQ0FBQyxDQUFDO1NBQ25GO1FBQ0QsSUFBSSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLE1BQU0sRUFBRSxlQUFlLENBQUMsT0FBTyxDQUFDLEVBQUU7WUFDL0QsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHFDQUFxQyxDQUFDLENBQUM7U0FDekU7UUFDRCxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsZUFBZSxDQUFDLFNBQVMsQ0FBQyxNQUFNLEVBQUUsa0JBQWtCLENBQUMsS0FBSyxDQUFDLEVBQUU7WUFDOUUsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHlDQUF5QyxDQUFDLENBQUM7U0FDN0U7UUFFRCxNQUFNLGVBQWUsR0FBYSxJQUFJLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLENBQUMsd0JBQXdCO1FBQ2pILE1BQU0sT0FBTyxHQUFHLFdBQVcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ3JFLE1BQU0sUUFBUSxHQUFHLEtBQUssQ0FBQyx1QkFBdUIsQ0FBQztRQUUvQyxJQUFJLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLE9BQU8sRUFBRSxFQUFFLE9BQU8sQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLENBQUMsRUFBRTtZQUNoRixNQUFNLElBQUksc0JBQXNCLENBQUMsOENBQThDLENBQUMsQ0FBQztTQUNsRjtRQUNELElBQUksUUFBUSxLQUFLLENBQUMsRUFBRTtZQUNsQixNQUFNLElBQUksc0JBQXNCLENBQUMsd0NBQXdDLFFBQVEsRUFBRSxDQUFDLENBQUM7U0FDdEY7UUFDRCxJQUFJLGNBQWMsS0FBSyxlQUFlLENBQUMsQ0FBQyxDQUFDLEVBQUU7WUFDekMsTUFBTSxJQUFJLHNCQUFzQixDQUFDLDJEQUEyRCxDQUFDLENBQUM7U0FDL0Y7UUFFRCxJQUFJLENBQUMsSUFBSSxDQUFDLG9CQUFvQixDQUFDLE9BQU8sRUFBRSxtQkFBbUIsRUFBRSxlQUFlLENBQUMsRUFBRTtZQUM3RSxNQUFNLElBQUksc0JBQXNCLENBQUMsdUNBQXVDLENBQUMsQ0FBQztTQUMzRTtRQUVELE1BQU0sT0FBTyxHQUFHO1lBQ2QsZUFBZSxDQUFDLFlBQVk7WUFDNUIsbUJBQW1CLENBQUMsWUFBWTtZQUNoQyxPQUFPLENBQUMsWUFBWTtTQUNyQixDQUFDO1FBRUYsSUFBSSxJQUFJLENBQUMsU0FBUyxFQUFFO1lBQ2xCLE1BQU0sV0FBVyxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsRUFBRTtnQkFDekQsWUFBWSxFQUFFLGFBQWE7YUFDNUIsQ0FBQyxDQUFDO1lBQ0gsTUFBTSxXQUFXLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUM7WUFDM0QsSUFBSSxDQUFDLHNCQUFzQixDQUN6QixJQUFJLHlCQUF5QixDQUFDLEVBQUUsTUFBTSxFQUFFLFdBQVcsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUM3RCxPQUFPLENBQ1IsQ0FBQztTQUNIO2FBQU07WUFDTCxNQUFNLFdBQVcsR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxZQUFZLENBQUMsQ0FBQztZQUNqRSxNQUFNLFFBQVEsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUMvQyxJQUFJLENBQUMsc0JBQXNCLENBQUMsUUFBUSxFQUFFLE9BQU8sQ0FBQyxDQUFDO1NBQ2hEO1FBRUQsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUN4RCxJQUFJLENBQUMsc0JBQXNCLENBQUMsV0FBVyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBRWxELE9BQU8sRUFBRSxPQUFPLEVBQUUsV0FBVyxFQUFFLGNBQWMsRUFBRSxDQUFDO0lBQ2xELENBQUM7SUFFTyxLQUFLLENBQUMsdUJBQXVCLENBQ25DLEtBQTBCLEVBQzFCLFlBQW9CO1FBRXBCLE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLGlCQUFpQixDQUFDLENBQUM7UUFDdkQsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUM7UUFFekUsT0FBTyxJQUFJLENBQUMscUJBQXFCLENBQUMsVUFBVSxFQUFFLFNBQVMsRUFBRSxZQUFZLENBQUMsQ0FBQztJQUN6RSxDQUFDO0lBRU8sS0FBSyxDQUFDLGtCQUFrQixDQUM5QixLQUEwQixFQUMxQixNQUE0QjtRQUU1QixNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsb0JBQW9CLENBQUM7UUFDOUMsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLG1CQUFtQixDQUFDO1FBQ2pELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxDQUFDLFFBQVEsQ0FBQztRQUN6QyxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLGNBQWMsRUFBRSxVQUFVLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDN0YsTUFBTSxNQUFNLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxjQUFjLENBQUMsQ0FBQztRQUVoRSxPQUFPLE1BQU0sS0FBSyxDQUFDLENBQUM7SUFDdEIsQ0FBQztJQUVPLEtBQUssQ0FBQyw0QkFBNEIsQ0FBQyxLQUEwQjtRQUNuRSxNQUFNLEdBQUcsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO1FBQ25ELE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2xELE1BQU0sWUFBWSxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQy9DLE1BQU0sUUFBUSxHQUFHLEtBQUssQ0FBQyx5QkFBeUIsQ0FBQztRQUVqRCxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLFlBQVksRUFBRSxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFFN0YsTUFBTSxVQUFVLEdBQUcsSUFBSSxFQUFFLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbEMsTUFBTSxNQUFNLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FDOUIsY0FBYyxFQUNkO1lBQ0UsQ0FBQyxFQUFFLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUMzQixDQUFDLEVBQUUsUUFBUSxDQUFDLFFBQVEsQ0FBQyxFQUFFLENBQUM7U0FDekIsRUFDRCxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FDdkMsQ0FBQztRQUVGLE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFTyxLQUFLLENBQUMsc0JBQXNCLENBQ2xDLEtBQTBCLEVBQzFCLE1BQTRCLEVBQzVCLFlBQW9CO1FBRXBCLElBQUksQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLHVCQUF1QixDQUFDLEtBQUssRUFBRSxZQUFZLENBQUMsQ0FBQyxFQUFFO1lBQzlELE1BQU0sSUFBSSxzQkFBc0IsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO1NBQy9EO1FBQ0QsSUFBSSxDQUFDLENBQUMsTUFBTSxJQUFJLENBQUMsa0JBQWtCLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQyxDQUFDLEVBQUU7WUFDbkQsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHNCQUFzQixDQUFDLENBQUM7U0FDMUQ7UUFDRCxJQUFJLENBQUMsQ0FBQyxNQUFNLElBQUksQ0FBQyw0QkFBNEIsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFO1lBQ3JELE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO1NBQ3BFO0lBQ0gsQ0FBQztJQUVPLG1CQUFtQixDQUFDLE9BQW9CO1FBQzlDLE1BQU0sZ0JBQWdCLEdBQUcsT0FBTyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxHQUFHLEtBQUssT0FBTyxDQUFDLENBQUM7UUFDakYsSUFBSSxDQUFDLGdCQUFnQixFQUFFO1lBQ3JCLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1NBQzNFO1FBRUQsT0FBTyxnQkFBZ0IsQ0FBQztJQUMxQixDQUFDO0lBRU8sb0JBQW9CLENBQzFCLGdCQUEyQixFQUMzQixTQUFpQixFQUNqQixVQUFxQjtRQUVyQixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUMxRixJQUFJLENBQUMsT0FBTyxFQUFFO1lBQ1osTUFBTSxJQUFJLHNCQUFzQixDQUFDLE9BQU8sU0FBUywwQ0FBMEMsQ0FBQyxDQUFDO1NBQzlGO1FBQ0QsTUFBTSxJQUFJLEdBQUksT0FBTyxDQUFDLEtBQXFCLENBQUMsTUFBTSxDQUNoRCxDQUFDLFVBQVUsRUFBRSxFQUFFLENBQUMsVUFBVSxDQUFDLElBQUksS0FBSyxVQUFVLENBQy9DLENBQUM7UUFDRixJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sRUFBRTtZQUNoQixNQUFNLElBQUksc0JBQXNCLENBQUMsZUFBZSxTQUFTLFlBQVksVUFBVSxZQUFZLENBQUMsQ0FBQztTQUM5RjtRQUNELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQWUsQ0FBQyxDQUFDO1FBRXhELE9BQU8sVUFBVSxLQUFLLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUM7SUFDekYsQ0FBQztJQUVPLEtBQUssQ0FBQyxVQUFVLENBQUMsS0FBYSxFQUFFLFdBQW1CO1FBQ3pELE1BQU0sT0FBTyxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHLElBQUksQ0FBQyxPQUFPLGNBQWMsS0FBSyxFQUFFLENBQUMsQ0FBQztRQUN0RSxNQUFNLGFBQWEsR0FBRyx1QkFBdUIsQ0FBQztRQUM5QyxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLGtCQUFrQixDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsY0FBYztRQUN4RyxJQUFJLFlBQVksQ0FBQyxDQUFDLENBQUMsS0FBSyxXQUFXLEVBQUU7WUFDbkMsTUFBTSxJQUFJLHNCQUFzQixDQUFDLDJDQUEyQyxDQUFDLENBQUM7U0FDL0U7UUFFRCxNQUFNLE9BQU8sR0FBRyxXQUFXLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNsRSxNQUFNLEdBQUcsR0FBRyxPQUFPLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQztRQUNyQyxNQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzdELE1BQU0sY0FBYyxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FDN0MsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FDbEQsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxjQUFjLEVBQUUsU0FBUyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQzFFLElBQUksQ0FBQyxNQUFNLEVBQUU7WUFDWCxNQUFNLElBQUksc0JBQXNCLENBQUMsaUNBQWlDLENBQUMsQ0FBQztTQUNyRTtRQUVELElBQUksT0FBTyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRTtZQUMxRCxNQUFNLElBQUksc0JBQXNCLENBQUMscUNBQXFDLENBQUMsQ0FBQztTQUN6RTtRQUVELE9BQU8sT0FBTyxDQUFDLElBQWdCLENBQUM7SUFDbEMsQ0FBQztJQUVPLEtBQUssQ0FBQyxhQUFhLENBQUMsV0FBbUI7UUFDN0MsTUFBTSxjQUFjLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxDQUFDLE9BQU8sY0FBYyxDQUFDLENBQUM7UUFDdEUsTUFBTSxnQkFBZ0IsR0FBRyxtQ0FBbUMsQ0FBQztRQUM3RCxNQUFNLGVBQWUsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUNyQyxrQkFBa0IsQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLGdCQUFnQixDQUFDLENBQUMsQ0FDN0QsQ0FBQyxDQUFDLHFCQUFxQjtRQUN4QixJQUFJLGVBQWUsQ0FBQyxDQUFDLENBQUMsS0FBSyxXQUFXLEVBQUU7WUFDdEMsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHdEQUF3RCxDQUFDLENBQUM7U0FDNUY7UUFFRCxNQUFNLGNBQWMsR0FBRyxXQUFXLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM1RSxNQUFNLEdBQUcsR0FBRyxjQUFjLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQztRQUM1QyxNQUFNLFNBQVMsR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQ3BFLE1BQU0sY0FBYyxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FDN0MsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsQ0FDakUsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxjQUFjLEVBQUUsU0FBUyxFQUFFLEdBQUcsQ0FBQyxDQUFDO1FBQzFFLElBQUksQ0FBQyxNQUFNLEVBQUU7WUFDWCxNQUFNLElBQUksc0JBQXNCLENBQUMseUNBQXlDLENBQUMsQ0FBQztTQUM3RTtRQUVELElBQUksY0FBYyxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsVUFBVSxDQUFDLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxHQUFHLEVBQUUsRUFBRTtZQUN6RSxNQUFNLElBQUksc0JBQXNCLENBQUMsa0RBQWtELENBQUMsQ0FBQztTQUN0RjtRQUVELE9BQU8sY0FBYyxDQUFDLElBQW1CLENBQUM7SUFDNUMsQ0FBQztJQUVPLG1CQUFtQixDQUN6QixNQUE0QixFQUM1QixVQUF1QjtRQUV2QixNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUNqRCxJQUFJLFFBQVEsQ0FBQyxXQUFXLEVBQUUsS0FBSyxVQUFVLENBQUMsZUFBZSxDQUFDLFFBQVEsRUFBRTtZQUNsRSxNQUFNLElBQUksc0JBQXNCLENBQUMsOEJBQThCLENBQUMsQ0FBQztTQUNsRTtRQUNELElBQUksTUFBTSxDQUFDLFNBQVMsS0FBSyxVQUFVLENBQUMsZUFBZSxDQUFDLFNBQVMsRUFBRTtZQUM3RCxNQUFNLElBQUksc0JBQXNCLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztTQUNwRTtRQUNELE1BQU0sUUFBUSxHQUFHLFVBQVUsQ0FBQyxlQUFlLENBQUMsU0FBUyxDQUFDLElBQUksQ0FDeEQsQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsTUFBTSxJQUFJLE1BQU0sQ0FBQyxNQUFNLENBQ25ELENBQUM7UUFFRixNQUFNLE1BQU0sR0FBRyxRQUFRLEVBQUUsU0FBK0IsQ0FBQztRQUN6RCxJQUFJLE1BQU0sRUFBRTtZQUNWLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDhCQUE4QixRQUFRLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQztZQUN0RSxPQUFPLE1BQU0sQ0FBQztTQUNmO1FBQ0QsT0FBTyxrQkFBa0IsQ0FBQyxTQUFTLENBQUM7SUFDdEMsQ0FBQztJQUVPLFlBQVksQ0FDbEIsS0FBYSxFQUNiLEtBQWEsRUFDYixPQUFpQixFQUNqQixnQkFBMkI7UUFFM0IsSUFBSSxLQUFLLENBQUMsV0FBVyxFQUFFLEtBQUssT0FBTyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsV0FBVyxFQUFFLEVBQUU7WUFDL0QsTUFBTSxJQUFJLHNCQUFzQixDQUFDLGdDQUFnQyxDQUFDLENBQUM7U0FDcEU7UUFDRCxJQUFJLEtBQUssS0FBSyxPQUFPLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRTtZQUNuQyxNQUFNLElBQUksc0JBQXNCLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztTQUNwRTtRQUVELE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxnQkFBZ0IsRUFBRSxVQUFVLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMxRixNQUFNLGFBQWEsR0FBRyxDQUFDLEdBQUcsS0FBSyxDQUFDLEVBQUUsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FDcEQsSUFBSSxDQUFDLG9CQUFvQixDQUFDLGdCQUFnQixFQUFFLEdBQUcsT0FBTyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUN0RixDQUFDO1FBQ0YsTUFBTSxRQUFRLEdBQUcsT0FBTyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUM3QyxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQ1gsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLElBQUksTUFBTSxDQUFDLE1BQU0sQ0FBQztZQUNyQyxRQUFRLENBQUMsR0FBRyxDQUFDLGdCQUFnQixDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUUsRUFBRSxLQUFLLEVBQUUsRUFBRSxDQUFDLEVBQUUsQ0FBQyxHQUFHLElBQUksTUFBTSxDQUFDLGFBQWEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQzdGLENBQUM7UUFFRixNQUFNLE1BQU0sR0FBRyxRQUFRLEVBQUUsU0FBd0IsQ0FBQztRQUNsRCxJQUFJLE1BQU0sRUFBRTtZQUNWLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGlCQUFpQixRQUFRLEVBQUUsU0FBUyxFQUFFLENBQUMsQ0FBQztZQUN6RCxPQUFPLE1BQU0sQ0FBQztTQUNmO1FBQ0QsT0FBTyxXQUFXLENBQUMsU0FBUyxDQUFDO0lBQy9CLENBQUM7SUFFTyx3QkFBd0IsQ0FDOUIsZ0JBQW9DLEVBQ3BDLFNBQXNCO1FBRXRCLElBQUksZ0JBQWdCLEtBQUssa0JBQWtCLENBQUMsU0FBUyxFQUFFO1lBQ3JELElBQUksU0FBUyxLQUFLLFdBQVcsQ0FBQyxRQUFRLElBQUksU0FBUyxLQUFLLFdBQVcsQ0FBQyxpQkFBaUIsRUFBRTtnQkFDckYsT0FBTyx1QkFBdUIsQ0FBQyxtQkFBbUIsQ0FBQzthQUNwRDtZQUNELElBQ0UsU0FBUyxLQUFLLFdBQVcsQ0FBQyw0QkFBNEI7Z0JBQ3RELFNBQVMsS0FBSyxXQUFXLENBQUMsaUNBQWlDLEVBQzNEO2dCQUNBLE9BQU8sdUJBQXVCLENBQUMsb0JBQW9CLENBQUM7YUFDckQ7U0FDRjtRQUNELElBQUksZ0JBQWdCLEtBQUssa0JBQWtCLENBQUMsT0FBTyxJQUFJLFNBQVMsS0FBSyxXQUFXLENBQUMsT0FBTyxFQUFFO1lBQ3hGLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDO1NBQ2hFO1FBQ0QsSUFBSSxTQUFTLEtBQUssV0FBVyxDQUFDLFFBQVEsRUFBRTtZQUN0QyxPQUFPLHVCQUF1QixDQUFDLFFBQVEsQ0FBQztTQUN6QztRQUNELElBQUksU0FBUyxLQUFLLFdBQVcsQ0FBQyxTQUFTLEVBQUU7WUFDdkMsT0FBTyx1QkFBdUIsQ0FBQyxtQkFBbUIsQ0FBQztTQUNwRDtRQUNELElBQUksU0FBUyxLQUFLLFdBQVcsQ0FBQyxtQkFBbUIsRUFBRTtZQUNqRCxPQUFPLHVCQUF1QixDQUFDLG1CQUFtQixDQUFDO1NBQ3BEO1FBQ0QsT0FBTyx1QkFBdUIsQ0FBQyxvQkFBb0IsQ0FBQztJQUN0RCxDQUFDO0lBRU8sbUNBQW1DLENBQUMsTUFBK0I7UUFDekUsUUFBUSxNQUFNLEVBQUU7WUFDZCxLQUFLLHVCQUF1QixDQUFDLFFBQVE7Z0JBQ25DLE9BQU8sK0RBQStELENBQUM7WUFDekUsS0FBSyx1QkFBdUIsQ0FBQyxtQkFBbUI7Z0JBQzlDLE9BQU87OEdBQytGLENBQUM7WUFDekcsS0FBSyx1QkFBdUIsQ0FBQyxtQkFBbUI7Z0JBQzlDLE9BQU87NEZBQzZFLENBQUM7WUFDdkYsS0FBSyx1QkFBdUIsQ0FBQyxvQkFBb0I7Z0JBQy9DLE9BQU87NkhBQzhHLENBQUM7WUFDeEg7Z0JBQ0UsT0FBTyw0QkFBNEIsQ0FBQztTQUN2QztJQUNILENBQUM7SUFFTSxLQUFLLENBQUMsUUFBUSxDQUFDLFdBQW1CO1FBQ3ZDLElBQUk7WUFDRixNQUFNLEtBQUssR0FBd0IsSUFBSSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDN0UsTUFBTSxNQUFNLEdBQXlCLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUVuRixNQUFNLEVBQUUsT0FBTyxFQUFFLFdBQVcsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUVuRSxNQUFNLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFLE9BQU8sQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDM0UsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsd0NBQXdDLENBQUMsQ0FBQztZQUUzRCxNQUFNLGdCQUFnQixHQUFHLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxPQUFPLENBQUMsQ0FBQztZQUMzRCxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsb0JBQW9CLENBQUMsZ0JBQWdCLEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDNUYsTUFBTSxLQUFLLEdBQUcsSUFBSSxDQUFDLG9CQUFvQixDQUFDLGdCQUFnQixFQUFFLFNBQVMsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRTVGLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxLQUFLLEVBQUUsV0FBVyxDQUFDLENBQUM7WUFDMUQsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRXpELE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLE1BQU0sRUFBRSxVQUFVLENBQUMsQ0FBQztZQUN0RSxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsWUFBWSxDQUFDLEtBQUssRUFBRSxLQUFLLEVBQUUsT0FBTyxFQUFFLGdCQUFnQixDQUFDLENBQUM7WUFFN0UsTUFBTSxxQkFBcUIsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQUMsZ0JBQWdCLEVBQUUsU0FBUyxDQUFDLENBQUM7WUFDekYsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsOEJBQThCLHFCQUFxQixFQUFFLENBQUMsQ0FBQztZQUV4RSxPQUFPO2dCQUNMLHFCQUFxQjtnQkFDckIsV0FBVyxFQUFFLElBQUksQ0FBQyxtQ0FBbUMsQ0FBQyxxQkFBcUIsQ0FBQzthQUM3RSxDQUFDO1NBQ0g7UUFBQyxPQUFPLEtBQUssRUFBRTtZQUNkLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLHFCQUFxQixLQUFLLEVBQUUsQ0FBQyxDQUFDO1lBRWhELE9BQU87Z0JBQ0wscUJBQXFCLEVBQUUsdUJBQXVCLENBQUMsS0FBSztnQkFDcEQsV0FBVyxFQUFFLElBQUksQ0FBQyxtQ0FBbUMsQ0FBQyx1QkFBdUIsQ0FBQyxLQUFLLENBQUM7Z0JBQ3BGLEtBQUs7YUFDTixDQUFDO1NBQ0g7SUFDSCxDQUFDO0lBRU0sS0FBSyxDQUFDLGtCQUFrQixDQUFDLFdBQW1CLEVBQUUsY0FBc0I7UUFDekUsTUFBTSxLQUFLLEdBQXdCLElBQUksQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzdFLE1BQU0sTUFBTSxHQUF5QixJQUFJLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDakYsTUFBTSxZQUFZLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBQzlELE1BQU0sZUFBZSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxZQUFZLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDdEUsTUFBTSxhQUFhLEdBQUcsTUFBTSxDQUFDLE9BQU8sQ0FBQyxlQUFlLEVBQUUsWUFBWSxDQUFDLENBQUM7UUFFcEUsT0FBTyxhQUFhLEtBQUssQ0FBQyxDQUFDO0lBQzdCLENBQUM7SUFFTyxLQUFLLENBQUMsYUFBYSxDQUFDLElBQVk7UUFDdEMsTUFBTSxRQUFRLEdBQUc7WUFDZixJQUFJLEVBQUUsYUFBYSxDQUFDLE1BQU07WUFDMUIsUUFBUSxFQUFFLFFBQVEsQ0FBQyxNQUFNO1NBQzFCLENBQUM7UUFDRixNQUFNLFFBQVEsR0FBRyxNQUFNLE1BQU0sQ0FBQyxVQUFVLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxDQUFDO1FBQ3pELE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsSUFBSSxFQUFFLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUN2RCxDQUFDO0NBQ0YifQ==

package/dist/mjs/tee/errors.d.ts

@@ -0,0 +1,6 @@
+export declare class TLBlockSerializerError extends Error {
+}
+export declare class TeeQuoteParserError extends Error {
+}
+export declare class TeeQuoteValidatorError extends Error {
+}

package/dist/mjs/tee/errors.js

@@ -0,0 +1,7 @@
+export class TLBlockSerializerError extends Error {
+}
+export class TeeQuoteParserError extends Error {
+}
+export class TeeQuoteValidatorError extends Error {
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9lcnJvcnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsTUFBTSxPQUFPLHNCQUF1QixTQUFRLEtBQUs7Q0FBRztBQUVwRCxNQUFNLE9BQU8sbUJBQW9CLFNBQVEsS0FBSztDQUFHO0FBRWpELE1BQU0sT0FBTyxzQkFBdUIsU0FBUSxLQUFLO0NBQUcifQ==

package/dist/mjs/tee/helpers.d.ts

@@ -0,0 +1,14 @@
+export declare const splitChain: (chain: string) => string[];
+declare class Position {
+    place: number;
+    constructor();
+}
+export declare class Signature {
+    static toArray(msg: string | Array<number> | null): Uint8Array;
+    static importFromDER(signature: string): {
+        r: string;
+        s: string;
+    };
+    static getLength(buf: Uint8Array, p: Position): number | boolean;
+}
+export {};

package/dist/mjs/tee/helpers.js

@@ -0,0 +1,115 @@
+export const splitChain = (chain) => {
+    const begin = '-----BEGIN CERTIFICATE-----';
+    const end = '-----END CERTIFICATE-----';
+    return chain
+        .split(begin)
+        .filter(Boolean)
+        .map((cert) => begin.concat(cert.slice(0, cert.indexOf(end)), end));
+};
+class Position {
+    place;
+    constructor() {
+        this.place = 0;
+    }
+}
+export class Signature {
+    static toArray(msg) {
+        if (Array.isArray(msg)) {
+            return new Uint8Array(msg);
+        }
+        if (!msg) {
+            return new Uint8Array();
+        }
+        const res = [];
+        if (typeof msg !== 'string') {
+            return new Uint8Array(msg);
+        }
+        msg = msg.replace(/[^a-z0-9]+/gi, '');
+        if (msg.length % 2 !== 0) {
+            msg = '0' + msg;
+        }
+        for (let i = 0; i < msg.length; i += 2) {
+            res.push(parseInt(msg[i] + msg[i + 1], 16));
+        }
+        return new Uint8Array(res);
+    }
+    static importFromDER(signature) {
+        const data = Signature.toArray(signature);
+        const p = new Position();
+        if (data[p.place++] !== 0x30) {
+            throw new Error('Invald DER');
+        }
+        const len = Signature.getLength(data, p);
+        if (len === false) {
+            throw new Error('Invald DER');
+        }
+        if (Number(len) + p.place !== data.length) {
+            throw new Error('Invald DER');
+        }
+        if (data[p.place++] !== 0x02) {
+            throw new Error('Invald DER');
+        }
+        const rlen = Signature.getLength(data, p);
+        if (rlen === false) {
+            throw new Error('Invald DER');
+        }
+        let r = data.slice(p.place, Number(rlen) + p.place);
+        p.place += Number(rlen);
+        if (data[p.place++] !== 0x02) {
+            throw new Error('Invald DER');
+        }
+        const slen = this.getLength(data, p);
+        if (slen === false) {
+            throw new Error('Invald DER');
+        }
+        if (data.length !== Number(slen) + p.place) {
+            throw new Error('Invald DER');
+        }
+        let s = data.slice(p.place, Number(slen) + p.place);
+        if (r[0] === 0) {
+            if (r[1] & 0x80) {
+                r = r.slice(1);
+            }
+            else {
+                throw new Error('Leading zeroes');
+            }
+        }
+        if (s[0] === 0) {
+            if (s[1] & 0x80) {
+                s = s.slice(1);
+            }
+            else {
+                throw new Error('Leading zeroes');
+            }
+        }
+        return {
+            r: Buffer.from(r).toString('hex'),
+            s: Buffer.from(s).toString('hex'),
+        };
+    }
+    static getLength(buf, p) {
+        const initial = buf[p.place++];
+        if (!(initial & 0x80)) {
+            return initial;
+        }
+        const octetLen = initial & 0xf;
+        // Indefinite length or overflow
+        if (octetLen === 0 || octetLen > 4) {
+            return false;
+        }
+        let val = 0;
+        let off = p.place;
+        for (let i = 0; i < octetLen; i++, off++) {
+            val <<= 8;
+            val |= buf[off];
+            val >>>= 0;
+        }
+        // Leading zeroes
+        if (val <= 0x7f) {
+            return false;
+        }
+        p.place = off;
+        return val;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy90ZWUvaGVscGVycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxNQUFNLENBQUMsTUFBTSxVQUFVLEdBQUcsQ0FBQyxLQUFhLEVBQVksRUFBRTtJQUNwRCxNQUFNLEtBQUssR0FBRyw2QkFBNkIsQ0FBQztJQUM1QyxNQUFNLEdBQUcsR0FBRywyQkFBMkIsQ0FBQztJQUV4QyxPQUFPLEtBQUs7U0FDVCxLQUFLLENBQUMsS0FBSyxDQUFDO1NBQ1osTUFBTSxDQUFDLE9BQU8sQ0FBQztTQUNmLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQztBQUN4RSxDQUFDLENBQUM7QUFFRixNQUFNLFFBQVE7SUFDWixLQUFLLENBQVM7SUFFZDtRQUNFLElBQUksQ0FBQyxLQUFLLEdBQUcsQ0FBQyxDQUFDO0lBQ2pCLENBQUM7Q0FDRjtBQUVELE1BQU0sT0FBTyxTQUFTO0lBQ3BCLE1BQU0sQ0FBQyxPQUFPLENBQUMsR0FBa0M7UUFDL0MsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFO1lBQ3RCLE9BQU8sSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUM7U0FDNUI7UUFFRCxJQUFJLENBQUMsR0FBRyxFQUFFO1lBQ1IsT0FBTyxJQUFJLFVBQVUsRUFBRSxDQUFDO1NBQ3pCO1FBRUQsTUFBTSxHQUFHLEdBQWEsRUFBRSxDQUFDO1FBRXpCLElBQUksT0FBTyxHQUFHLEtBQUssUUFBUSxFQUFFO1lBQzNCLE9BQU8sSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUM7U0FDNUI7UUFFRCxHQUFHLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxjQUFjLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDdEMsSUFBSSxHQUFHLENBQUMsTUFBTSxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUU7WUFDeEIsR0FBRyxHQUFHLEdBQUcsR0FBRyxHQUFHLENBQUM7U0FDakI7UUFDRCxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsR0FBRyxDQUFDLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQyxFQUFFO1lBQ3RDLEdBQUcsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7U0FDN0M7UUFFRCxPQUFPLElBQUksVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzdCLENBQUM7SUFFRCxNQUFNLENBQUMsYUFBYSxDQUFDLFNBQWlCO1FBSXBDLE1BQU0sSUFBSSxHQUFHLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDMUMsTUFBTSxDQUFDLEdBQUcsSUFBSSxRQUFRLEVBQUUsQ0FBQztRQUN6QixJQUFJLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSyxFQUFFLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDNUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsQ0FBQztTQUMvQjtRQUNELE1BQU0sR0FBRyxHQUFHLFNBQVMsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ3pDLElBQUksR0FBRyxLQUFLLEtBQUssRUFBRTtZQUNqQixNQUFNLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxDQUFDO1NBQy9CO1FBQ0QsSUFBSSxNQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssS0FBSyxJQUFJLENBQUMsTUFBTSxFQUFFO1lBQ3pDLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7U0FDL0I7UUFDRCxJQUFJLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSyxFQUFFLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDNUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsQ0FBQztTQUMvQjtRQUNELE1BQU0sSUFBSSxHQUFHLFNBQVMsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQzFDLElBQUksSUFBSSxLQUFLLEtBQUssRUFBRTtZQUNsQixNQUFNLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxDQUFDO1NBQy9CO1FBQ0QsSUFBSSxDQUFDLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDcEQsQ0FBQyxDQUFDLEtBQUssSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDeEIsSUFBSSxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFDLEtBQUssSUFBSSxFQUFFO1lBQzVCLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7U0FDL0I7UUFDRCxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNyQyxJQUFJLElBQUksS0FBSyxLQUFLLEVBQUU7WUFDbEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsQ0FBQztTQUMvQjtRQUNELElBQUksSUFBSSxDQUFDLE1BQU0sS0FBSyxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssRUFBRTtZQUMxQyxNQUFNLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxDQUFDO1NBQy9CO1FBQ0QsSUFBSSxDQUFDLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDcEQsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxFQUFFO1lBQ2QsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxFQUFFO2dCQUNmLENBQUMsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO2FBQ2hCO2lCQUFNO2dCQUNMLE1BQU0sSUFBSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsQ0FBQzthQUNuQztTQUNGO1FBQ0QsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxFQUFFO1lBQ2QsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxFQUFFO2dCQUNmLENBQUMsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO2FBQ2hCO2lCQUFNO2dCQUNMLE1BQU0sSUFBSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsQ0FBQzthQUNuQztTQUNGO1FBRUQsT0FBTztZQUNMLENBQUMsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUM7WUFDakMsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQztTQUNsQyxDQUFDO0lBQ0osQ0FBQztJQUVELE1BQU0sQ0FBQyxTQUFTLENBQUMsR0FBZSxFQUFFLENBQVc7UUFDM0MsTUFBTSxPQUFPLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQy9CLElBQUksQ0FBQyxDQUFDLE9BQU8sR0FBRyxJQUFJLENBQUMsRUFBRTtZQUNyQixPQUFPLE9BQU8sQ0FBQztTQUNoQjtRQUNELE1BQU0sUUFBUSxHQUFHLE9BQU8sR0FBRyxHQUFHLENBQUM7UUFFL0IsZ0NBQWdDO1FBQ2hDLElBQUksUUFBUSxLQUFLLENBQUMsSUFBSSxRQUFRLEdBQUcsQ0FBQyxFQUFFO1lBQ2xDLE9BQU8sS0FBSyxDQUFDO1NBQ2Q7UUFFRCxJQUFJLEdBQUcsR0FBRyxDQUFDLENBQUM7UUFDWixJQUFJLEdBQUcsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDO1FBQ2xCLEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxRQUFRLEVBQUUsQ0FBQyxFQUFFLEVBQUUsR0FBRyxFQUFFLEVBQUU7WUFDeEMsR0FBRyxLQUFLLENBQUMsQ0FBQztZQUNWLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDaEIsR0FBRyxNQUFNLENBQUMsQ0FBQztTQUNaO1FBRUQsaUJBQWlCO1FBQ2pCLElBQUksR0FBRyxJQUFJLElBQUksRUFBRTtZQUNmLE9BQU8sS0FBSyxDQUFDO1NBQ2Q7UUFFRCxDQUFDLENBQUMsS0FBSyxHQUFHLEdBQUcsQ0FBQztRQUNkLE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQztDQUNGIn0=

package/dist/mjs/tee/interface.d.ts

@@ -0,0 +1,63 @@
+import { TeeDataType, BinaryType, TLBlockUnserializeResultType, TLBlockSerializeResultType, TLBlockType } from './types.js';
+/**
+ * Serializes and Unserializes TLB
+ */
+export interface TLBlockSerializer {
+    unserializeTlb(blob: BinaryType): TLBlockUnserializeResultType | Promise<TLBlockUnserializeResultType>;
+    serializeTlb(tlb: TLBlockType, tlbMetadata: TeeDataType): TLBlockSerializeResultType | Promise<TLBlockSerializeResultType>;
+    serializeMetadata(tlbMetadata: TeeDataType): BinaryType | Promise<BinaryType>;
+    serializeAnyData(anyData: any): BinaryType;
+}
+interface IISVSVNStatus {
+    tcb: {
+        isvsvn: number;
+    };
+    tcbDate: string;
+    tcbStatus: string;
+}
+export interface IQEIdentity {
+    signature: string;
+    enclaveIdentity: {
+        id: string;
+        version: number;
+        issueDate: string;
+        nextUpdate: string;
+        tcbEvaluationDataNumber: number;
+        miscselect: string;
+        miscselectMask: string;
+        attributes: string;
+        attributesMask: string;
+        mrsigner: string;
+        isvprodid: number;
+        tcbLevels: [IISVSVNStatus];
+    };
+}
+interface sgxTcbComponent {
+    svn: number;
+    category: string;
+    type: string;
+}
+interface ITCBSVNStatus {
+    tcb: {
+        sgxtcbcomponents: [sgxTcbComponent];
+        pcesvn: number;
+    };
+    tcbDate: string;
+    tcbStatus: string;
+    advisoryIDs: [string];
+}
+export interface ITcbData {
+    signature: string;
+    tcbInfo: {
+        id: string;
+        version: number;
+        issueDate: string;
+        nextUpdate: string;
+        fmspc: string;
+        pceId: string;
+        tcbType: number;
+        tcbEvaluationDataNumber: number;
+        tcbLevels: [ITCBSVNStatus];
+    };
+}
+export {};

package/dist/mjs/tee/interface.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZXJmYWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9pbnRlcmZhY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9