@super-protocol/sdk-js 2.1.4-beta.8 → 2.1.4-beta.9

package/dist/mjs/tee/QuoteValidator.js

@@ -1,384 +0,0 @@
-import axios from 'axios';
-import elliptic from 'elliptic';
-import forge from 'node-forge';
-import { Certificate } from '@fidm/x509';
-import { formatter } from 'js-encoding-utils';
-import { CertificateRevocationList } from 'pkijs';
-import { fromBER } from 'asn1js';
-import _ from 'lodash';
-import { TeeSgxParser } from './QuoteParser.js';
-import rootLogger from '../logger.js';
-import { TeeQuoteValidatorError } from './errors.js';
-import { QEIdentityStatuses, TCBStatuses, QuoteValidationStatuses } from './statuses.js';
-import { Encoding, HashAlgorithm } from '@super-protocol/dto-js';
-import Crypto from '../crypto/index.js';
-const { ec } = elliptic;
-const { util, asn1 } = forge;
-const INTEL_BASE_SGX_URL = 'https://api.trustedservices.intel.com';
-const INTEL_SGX_ROOT_CA_URL = 'https://certificates.trustedservices.intel.com/IntelSGXRootCA.der';
-const SGX_OID = '1.2.840.113741.1.13.1';
-const FMSPC_OID = `${SGX_OID}.4`;
-const PCEID_OID = `${SGX_OID}.3`;
-const TCB_OID = `${SGX_OID}.2`;
-const PCESVN_OID = `${TCB_OID}.17`;
-const INTEL_ROOT_PUB_KEY = new Uint8Array([
-    4, 11, 169, 196, 192, 192, 200, 97, 147, 163, 254, 35, 214, 176, 44, 218, 16, 168, 187, 212, 232,
-    142, 72, 180, 69, 133, 97, 163, 110, 112, 85, 37, 245, 103, 145, 142, 46, 220, 136, 228, 13, 134,
-    11, 208, 204, 78, 226, 106, 172, 201, 136, 229, 5, 169, 83, 85, 140, 69, 63, 107, 9, 4, 174, 115,
-    148,
-]);
-export class QuoteValidator {
-    isDefault;
-    baseUrl;
-    teeSgxParser;
-    logger;
-    constructor(baseUrl) {
-        this.isDefault = baseUrl === INTEL_BASE_SGX_URL;
-        this.baseUrl = `${baseUrl}/sgx/certification/v4`;
-        this.teeSgxParser = new TeeSgxParser();
-        this.logger = rootLogger.child({ className: QuoteValidator.name });
-    }
-    splitChain(chain) {
-        const begin = '-----BEGIN CERTIFICATE-----';
-        const end = '-----END CERTIFICATE-----';
-        return chain
-            .split(begin)
-            .filter(Boolean)
-            .map((cert) => begin.concat(cert.slice(0, cert.indexOf(end)), end));
-    }
-    findSequenceByOID(hexValue, targetOID) {
-        const buffer = util.hexToBytes(hexValue);
-        const asn1Data = asn1.fromDer(buffer);
-        return this.searchForSequence(asn1Data, targetOID);
-    }
-    searchForSequence(asn1Data, targetOID) {
-        if (asn1Data.type === asn1.Type.SEQUENCE) {
-            for (const child of asn1Data.value) {
-                if (child.type === asn1.Type.OID) {
-                    const oid = asn1.derToOid(child.value);
-                    if (oid === targetOID) {
-                        return asn1Data;
-                    }
-                }
-            }
-        }
-        if (Array.isArray(asn1Data.value)) {
-            for (const child of asn1Data.value) {
-                const result = this.searchForSequence(child, targetOID);
-                if (result) {
-                    return result;
-                }
-            }
-        }
-        return null;
-    }
-    verifyDataBySignature(data, signature, key) {
-        const ellipticEc = new ec('p256');
-        const result = ellipticEc.verify(data, {
-            r: signature.subarray(0, 32),
-            s: signature.subarray(32),
-        }, ellipticEc.keyFromPublic(key, 'hex'));
-        return result;
-    }
-    checkValidDate(from, to) {
-        const now = Date.now();
-        return from < now && now < to;
-    }
-    checkChainForIssuers(pckCert, platformCert, rootCert) {
-        return (_.isEqual(pckCert.issuer, platformCert.subject) &&
-            _.isEqual(platformCert.issuer, rootCert.subject));
-    }
-    getCrl(crlData) {
-        const crlDer = crlData.startsWith('-----')
-            ? formatter.pemToBin(crlData)
-            : Buffer.from(crlData, 'hex');
-        const crlAsn = fromBER(crlDer);
-        return new CertificateRevocationList({ schema: crlAsn.result });
-    }
-    checkCertificatesInCrl(crl, certIds) {
-        if (!crl.thisUpdate || !crl.nextUpdate) {
-            throw new TeeQuoteValidatorError('Certificate revocation list has no update date field');
-        }
-        if (!this.checkValidDate(crl.thisUpdate.value.valueOf(), crl.nextUpdate.value.valueOf())) {
-            throw new TeeQuoteValidatorError('Certificate revocation list has invalid update date');
-        }
-        if (crl.revokedCertificates) {
-            const isAnyRevoked = crl.revokedCertificates.find((revoked) => certIds.includes(Buffer.from(revoked.userCertificate.valueBlock.valueHexView).toString('hex')));
-            if (isAnyRevoked) {
-                throw new TeeQuoteValidatorError('Certificate in revokation list');
-            }
-        }
-    }
-    async getCertificates(quote) {
-        const platformCrlResult = await axios.get(`${this.baseUrl}/pckcrl?ca=platform&encoding=pem`);
-        const platformChain = decodeURIComponent(platformCrlResult.headers['sgx-pck-crl-issuer-chain']);
-        const [platformFetchedPem, rootFetchedPem] = this.splitChain(platformChain); // [platform, root]
-        const platformFetchedCert = Certificate.fromPEM(Buffer.from(platformFetchedPem));
-        const rootFetchedCert = Certificate.fromPEM(Buffer.from(rootFetchedPem));
-        if (!this.checkValidDate(platformFetchedCert.validFrom.valueOf(), platformFetchedCert.validTo.valueOf())) {
-            throw new TeeQuoteValidatorError('Platform certificate validation date is not valid');
-        }
-        if (!this.checkValidDate(rootFetchedCert.validFrom.valueOf(), rootFetchedCert.validTo.valueOf())) {
-            throw new TeeQuoteValidatorError('Root certificate validation date is not valid');
-        }
-        if (!_.isEqual(rootFetchedCert.issuer, rootFetchedCert.subject)) {
-            throw new TeeQuoteValidatorError('Root certificate is not self-signed');
-        }
-        if (Buffer.compare(rootFetchedCert.publicKey.keyRaw, INTEL_ROOT_PUB_KEY) !== 0) {
-            throw new TeeQuoteValidatorError('Wrong Intel root certificate public key');
-        }
-        const certificatePems = this.splitChain(quote.qeCertificationData.toString()); // [pck, platform, root]
-        const pckCert = Certificate.fromPEM(Buffer.from(certificatePems[0]));
-        const certType = quote.qeCertificationDataType;
-        if (!this.checkValidDate(pckCert.validFrom.valueOf(), pckCert.validTo.valueOf())) {
-            throw new TeeQuoteValidatorError('PCK certificate validation date is not valid');
-        }
-        if (certType !== 5) {
-            throw new TeeQuoteValidatorError(`Unsupported certification data type: ${certType}`);
-        }
-        if (rootFetchedPem !== certificatePems[2]) {
-            throw new TeeQuoteValidatorError("Invalid SGX root certificate in quote's certificate chain");
-        }
-        if (!this.checkChainForIssuers(pckCert, platformFetchedCert, rootFetchedCert)) {
-            throw new TeeQuoteValidatorError('Invalid issuers in certificates chain');
-        }
-        const certIds = [
-            rootFetchedCert.serialNumber,
-            platformFetchedCert.serialNumber,
-            pckCert.serialNumber,
-        ];
-        if (this.isDefault) {
-            const intelCrlDer = await axios.get(INTEL_SGX_ROOT_CA_URL, {
-                responseType: 'arraybuffer',
-            });
-            const intelCrlAsn = fromBER(Buffer.from(intelCrlDer.data));
-            this.checkCertificatesInCrl(new CertificateRevocationList({ schema: intelCrlAsn.result }), certIds);
-        }
-        else {
-            const intelCrlDer = await axios.get(`${this.baseUrl}/rootcacrl`);
-            const intelCrl = this.getCrl(intelCrlDer.data);
-            this.checkCertificatesInCrl(intelCrl, certIds);
-        }
-        const platformCrl = this.getCrl(platformCrlResult.data);
-        this.checkCertificatesInCrl(platformCrl, certIds);
-        return { pckCert, rootCertPem: rootFetchedPem };
-    }
-    async verifyQeReportSignature(quote, pckPublicKey) {
-        const signature = Buffer.from(quote.qeReportSignature);
-        const reportHash = await this.getSha256Hash(Buffer.from(quote.qeReport));
-        return this.verifyDataBySignature(reportHash, signature, pckPublicKey);
-    }
-    async verifyQeReportData(quote, report) {
-        const qeAuthData = quote.qeAuthenticationData;
-        const attestationKey = quote.ecdsaAttestationKey;
-        const qeReportDataHash = report.dataHash;
-        const calculatedHash = await this.getSha256Hash(Buffer.concat([attestationKey, qeAuthData]));
-        const result = Buffer.compare(qeReportDataHash, calculatedHash);
-        return result === 0;
-    }
-    async verifyEnclaveReportSignature(quote) {
-        const key = Buffer.from(quote.ecdsaAttestationKey);
-        const headerBuffer = Buffer.from(quote.rawHeader);
-        const reportBuffer = Buffer.from(quote.report);
-        const expected = quote.isvEnclaveReportSignature;
-        const calculatedHash = await this.getSha256Hash(Buffer.concat([headerBuffer, reportBuffer]));
-        const ellipticEc = new ec('p256');
-        const result = ellipticEc.verify(calculatedHash, {
-            r: expected.subarray(0, 32),
-            s: expected.subarray(32),
-        }, Buffer.concat([Buffer.from([4]), key]));
-        return result;
-    }
-    async validateQuoteStructure(quote, report, pckPublicKey) {
-        if (!(await this.verifyQeReportSignature(quote, pckPublicKey))) {
-            throw new TeeQuoteValidatorError('Wrong QE report signature');
-        }
-        if (!(await this.verifyQeReportData(quote, report))) {
-            throw new TeeQuoteValidatorError('Wrong QE report data');
-        }
-        if (!(await this.verifyEnclaveReportSignature(quote))) {
-            throw new TeeQuoteValidatorError('Wrong enclave report signature');
-        }
-    }
-    getSgxExtensionData(pckCert) {
-        const sgxExtensionData = pckCert.extensions.find((item) => item.oid === SGX_OID);
-        if (!sgxExtensionData) {
-            throw new TeeQuoteValidatorError('SGX data not found in PCK certificate');
-        }
-        return sgxExtensionData;
-    }
-    getDataFromExtension(sgxExtensionData, targetOid, targetType) {
-        const rawData = this.findSequenceByOID(sgxExtensionData.value.toString('hex'), targetOid);
-        if (!rawData) {
-            throw new TeeQuoteValidatorError(`OID ${targetOid} not found in PCK certificate's SGX data`);
-        }
-        const data = rawData.value.filter((asnElement) => asnElement.type === targetType);
-        if (!data.length) {
-            throw new TeeQuoteValidatorError(`Data on OID ${targetOid} of type ${targetType} not found`);
-        }
-        const result = util.bytesToHex(data[0].value);
-        return targetType === asn1.Type.OCTETSTRING ? result : parseInt(result, 16).toString();
-    }
-    async getTcbInfo(fmspc, rootCertPem) {
-        const tcbData = await axios.get(`${this.baseUrl}/tcb?fmspc=${fmspc}`);
-        const tcbInfoHeader = 'tcb-info-issuer-chain';
-        const tcbInfoChain = this.splitChain(decodeURIComponent(tcbData.headers[tcbInfoHeader])); // [tcb, root]
-        if (tcbInfoChain[1] !== rootCertPem) {
-            throw new TeeQuoteValidatorError('Invalid SGX root certificate in TCB chain');
-        }
-        const tcbCert = Certificate.fromPEM(Buffer.from(tcbInfoChain[0]));
-        const key = tcbCert.publicKey.keyRaw;
-        const signature = Buffer.from(tcbData.data.signature, 'hex');
-        const calculatedhash = await this.getSha256Hash(Buffer.from(JSON.stringify(tcbData.data.tcbInfo)));
-        const result = this.verifyDataBySignature(calculatedhash, signature, key);
-        if (!result) {
-            throw new TeeQuoteValidatorError('TCB info signature is not valid');
-        }
-        if (tcbData.data.tcbInfo.nextUpdate.valueOf() > Date.now()) {
-            throw new TeeQuoteValidatorError('TCB next update date is out of date');
-        }
-        return tcbData.data;
-    }
-    async getQEIdentity(rootCertPem) {
-        const qeIdentityData = await axios.get(`${this.baseUrl}/qe/identity`);
-        const qeIdentityHeader = 'sgx-enclave-identity-issuer-chain';
-        const qeIdentityChain = this.splitChain(decodeURIComponent(qeIdentityData.headers[qeIdentityHeader])); // [qeIdentity, root]
-        if (qeIdentityChain[1] !== rootCertPem) {
-            throw new TeeQuoteValidatorError('Invalid SGX root certificate in enclave identity chain');
-        }
-        const qeIdentityCert = Certificate.fromPEM(Buffer.from(qeIdentityChain[0]));
-        const key = qeIdentityCert.publicKey.keyRaw;
-        const signature = Buffer.from(qeIdentityData.data.signature, 'hex');
-        const calculatedhash = await this.getSha256Hash(Buffer.from(JSON.stringify(qeIdentityData.data.enclaveIdentity)));
-        const result = this.verifyDataBySignature(calculatedhash, signature, key);
-        if (!result) {
-            throw new TeeQuoteValidatorError('Enclave identity signature is not valid');
-        }
-        if (qeIdentityData.data.enclaveIdentity.nextUpdate.valueOf() > Date.now()) {
-            throw new TeeQuoteValidatorError('Enclave identity next update date is out of date');
-        }
-        return qeIdentityData.data;
-    }
-    getQEIdentityStatus(report, qeIdentity) {
-        const mrSigner = report.mrSigner.toString('hex');
-        if (mrSigner.toUpperCase() !== qeIdentity.enclaveIdentity.mrsigner) {
-            throw new TeeQuoteValidatorError('Wrong MR signer in QE report');
-        }
-        if (report.isvProdId !== qeIdentity.enclaveIdentity.isvprodid) {
-            throw new TeeQuoteValidatorError('Wrong ISV PROD ID in QE report');
-        }
-        const tcbLevel = qeIdentity.enclaveIdentity.tcbLevels.find((tcbLevel) => tcbLevel.tcb.isvsvn <= report.isvSvn);
-        const status = tcbLevel?.tcbStatus;
-        if (status) {
-            this.logger.info(`Enclave identity status is ${tcbLevel?.tcbStatus}`);
-            return status;
-        }
-        return QEIdentityStatuses.OutOfDate;
-    }
-    getTcbStatus(fmspc, pceId, tcbData, sgxExtensionData) {
-        if (fmspc.toUpperCase() !== tcbData.tcbInfo.fmspc.toUpperCase()) {
-            throw new TeeQuoteValidatorError('Wrong FMSPC in PCK certificate');
-        }
-        if (pceId !== tcbData.tcbInfo.pceId) {
-            throw new TeeQuoteValidatorError('Wrong PCEID in PCK certificate');
-        }
-        const pceSvn = this.getDataFromExtension(sgxExtensionData, PCESVN_OID, asn1.Type.INTEGER);
-        const sgxComponents = [...Array(16).keys()].map((i) => this.getDataFromExtension(sgxExtensionData, `${TCB_OID}.${i + 1}`, asn1.Type.INTEGER));
-        const tcbLevel = tcbData.tcbInfo.tcbLevels.find((tcbLevel) => tcbLevel.tcb.pcesvn <= Number(pceSvn) &&
-            tcbLevel.tcb.sgxtcbcomponents.every((el, index) => el.svn <= Number(sgxComponents[index])));
-        const status = tcbLevel?.tcbStatus;
-        if (status) {
-            this.logger.info(`TCB status is ${tcbLevel?.tcbStatus}`);
-            return status;
-        }
-        return TCBStatuses.OutOfDate;
-    }
-    getQuoteValidationStatus(qeIdentityStatus, tcbStatus) {
-        if (qeIdentityStatus === QEIdentityStatuses.OutOfDate) {
-            if (tcbStatus === TCBStatuses.UpToDate || tcbStatus === TCBStatuses.SWHardeningNeeded) {
-                return QuoteValidationStatuses.SecurityPatchNeeded;
-            }
-            if (tcbStatus === TCBStatuses.OutOfDateConfigurationNeeded ||
-                tcbStatus === TCBStatuses.ConfigurationAndSWHardeningNeeded) {
-                return QuoteValidationStatuses.SoftwareUpdateNeeded;
-            }
-        }
-        if (qeIdentityStatus === QEIdentityStatuses.Revoked || tcbStatus === TCBStatuses.Revoked) {
-            throw new TeeQuoteValidatorError('QE identity or TCB revoked');
-        }
-        if (tcbStatus === TCBStatuses.UpToDate) {
-            return QuoteValidationStatuses.UpToDate;
-        }
-        if (tcbStatus === TCBStatuses.OutOfDate) {
-            return QuoteValidationStatuses.SecurityPatchNeeded;
-        }
-        if (tcbStatus === TCBStatuses.ConfigurationNeeded) {
-            return QuoteValidationStatuses.ConfigurationNeeded;
-        }
-        return QuoteValidationStatuses.SoftwareUpdateNeeded;
-    }
-    getQuoteValidationStatusDescription(status) {
-        switch (status) {
-            case QuoteValidationStatuses.UpToDate:
-                return 'The Quote verification passed and is at the latest TCB level.';
-            case QuoteValidationStatuses.ConfigurationNeeded:
-                return `The SGX platform firmware and SW are at the latest security patching level
-                    but there are platform hardware configurations may expose the enclave to vulnerabilities.`;
-            case QuoteValidationStatuses.SecurityPatchNeeded:
-                return `The SGX platform firmware and SW are not at the latest security patching level.
-                    The platform needs to be patched with firmware and/or software patches.`;
-            case QuoteValidationStatuses.SoftwareUpdateNeeded:
-                return `The SGX platform firmware and SW are at the latest security patching level but there are
-                    certain vulnerabilities that can only be mitigated with software mitigations implemented by the enclave.`;
-            default:
-                return 'Quote verification failed.';
-        }
-    }
-    async validate(quoteBuffer) {
-        try {
-            const quote = this.teeSgxParser.parseQuote(quoteBuffer);
-            const report = this.teeSgxParser.parseReport(quote.qeReport);
-            const { pckCert, rootCertPem } = await this.getCertificates(quote);
-            await this.validateQuoteStructure(quote, report, pckCert.publicKey.keyRaw);
-            this.logger.info('Quote structure validated successfully');
-            const sgxExtensionData = this.getSgxExtensionData(pckCert);
-            const fmspc = this.getDataFromExtension(sgxExtensionData, FMSPC_OID, asn1.Type.OCTETSTRING);
-            const pceId = this.getDataFromExtension(sgxExtensionData, PCEID_OID, asn1.Type.OCTETSTRING);
-            const tcbData = await this.getTcbInfo(fmspc, rootCertPem);
-            const qeIdentity = await this.getQEIdentity(rootCertPem);
-            const qeIdentityStatus = this.getQEIdentityStatus(report, qeIdentity);
-            const tcbStatus = this.getTcbStatus(fmspc, pceId, tcbData, sgxExtensionData);
-            const quoteValidationStatus = this.getQuoteValidationStatus(qeIdentityStatus, tcbStatus);
-            this.logger.info(`Quote validation status is ${quoteValidationStatus}`);
-            return {
-                quoteValidationStatus,
-                description: this.getQuoteValidationStatusDescription(quoteValidationStatus),
-            };
-        }
-        catch (error) {
-            this.logger.error(`Validation error: ${error}`);
-            return {
-                quoteValidationStatus: QuoteValidationStatuses.Error,
-                description: this.getQuoteValidationStatusDescription(QuoteValidationStatuses.Error),
-                error,
-            };
-        }
-    }
-    async isQuoteHasUserData(quoteBuffer, userDataBuffer) {
-        const quote = this.teeSgxParser.parseQuote(quoteBuffer);
-        const report = this.teeSgxParser.parseReport(quote.report);
-        const userDataHash = await this.getSha256Hash(userDataBuffer);
-        const slicedQuoteData = report.userData.slice(0, userDataHash.length);
-        const compareResult = Buffer.compare(slicedQuoteData, userDataHash);
-        return compareResult === 0;
-    }
-    async getSha256Hash(data) {
-        const hashInfo = {
-            algo: HashAlgorithm.SHA256,
-            encoding: Encoding.base64,
-        };
-        const hashData = await Crypto.createHash(data, hashInfo);
-        return Buffer.from(hashData.hash, hashData.encoding);
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUXVvdGVWYWxpZGF0b3IuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvdGVlL1F1b3RlVmFsaWRhdG9yLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMxQixPQUFPLFFBQVEsTUFBTSxVQUFVLENBQUM7QUFDaEMsT0FBTyxLQUFLLE1BQU0sWUFBWSxDQUFDO0FBQy9CLE9BQU8sRUFBRSxXQUFXLEVBQWEsTUFBTSxZQUFZLENBQUM7QUFDcEQsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQzlDLE9BQU8sRUFBRSx5QkFBeUIsRUFBRSxNQUFNLE9BQU8sQ0FBQztBQUNsRCxPQUFPLEVBQUUsT0FBTyxFQUFFLE1BQU0sUUFBUSxDQUFDO0FBQ2pDLE9BQU8sQ0FBQyxNQUFNLFFBQVEsQ0FBQztBQUN2QixPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sa0JBQWtCLENBQUM7QUFFaEQsT0FBTyxVQUFVLE1BQU0sY0FBYyxDQUFDO0FBRXRDLE9BQU8sRUFBRSxzQkFBc0IsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNyRCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsV0FBVyxFQUFFLHVCQUF1QixFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQ3pGLE9BQU8sRUFBRSxRQUFRLEVBQUUsYUFBYSxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDakUsT0FBTyxNQUFNLE1BQU0sb0JBQW9CLENBQUM7QUFFeEMsTUFBTSxFQUFFLEVBQUUsRUFBRSxHQUFHLFFBQVEsQ0FBQztBQUN4QixNQUFNLEVBQUUsSUFBSSxFQUFFLElBQUksRUFBRSxHQUFHLEtBQUssQ0FBQztBQUU3QixNQUFNLGtCQUFrQixHQUFHLHVDQUF1QyxDQUFDO0FBQ25FLE1BQU0scUJBQXFCLEdBQUcsbUVBQW1FLENBQUM7QUFDbEcsTUFBTSxPQUFPLEdBQUcsdUJBQXVCLENBQUM7QUFDeEMsTUFBTSxTQUFTLEdBQUcsR0FBRyxPQUFPLElBQUksQ0FBQztBQUNqQyxNQUFNLFNBQVMsR0FBRyxHQUFHLE9BQU8sSUFBSSxDQUFDO0FBQ2pDLE1BQU0sT0FBTyxHQUFHLEdBQUcsT0FBTyxJQUFJLENBQUM7QUFDL0IsTUFBTSxVQUFVLEdBQUcsR0FBRyxPQUFPLEtBQUssQ0FBQztBQUNuQyxNQUFNLGtCQUFrQixHQUFHLElBQUksVUFBVSxDQUFDO0lBQ3hDLENBQUMsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRztJQUNoRyxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxFQUFFLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUc7SUFDaEcsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxFQUFFLENBQUMsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsRUFBRSxFQUFFLEVBQUUsRUFBRSxHQUFHLEVBQUUsQ0FBQyxFQUFFLENBQUMsRUFBRSxHQUFHLEVBQUUsR0FBRztJQUNoRyxHQUFHO0NBQ0osQ0FBQyxDQUFDO0FBUUgsTUFBTSxPQUFPLGNBQWM7SUFDUixTQUFTLENBQVU7SUFDbkIsT0FBTyxDQUFTO0lBQ2hCLFlBQVksQ0FBZTtJQUNwQyxNQUFNLENBQW9CO0lBRWxDLFlBQVksT0FBZTtRQUN6QixJQUFJLENBQUMsU0FBUyxHQUFHLE9BQU8sS0FBSyxrQkFBa0IsQ0FBQztRQUNoRCxJQUFJLENBQUMsT0FBTyxHQUFHLEdBQUcsT0FBTyx1QkFBdUIsQ0FBQztRQUNqRCxJQUFJLENBQUMsWUFBWSxHQUFHLElBQUksWUFBWSxFQUFFLENBQUM7UUFDdkMsSUFBSSxDQUFDLE1BQU0sR0FBRyxVQUFVLENBQUMsS0FBSyxDQUFDLEVBQUUsU0FBUyxFQUFFLGNBQWMsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDO0lBQ3JFLENBQUM7SUFFTyxVQUFVLENBQUMsS0FBYTtRQUM5QixNQUFNLEtBQUssR0FBRyw2QkFBNkIsQ0FBQztRQUM1QyxNQUFNLEdBQUcsR0FBRywyQkFBMkIsQ0FBQztRQUV4QyxPQUFPLEtBQUs7YUFDVCxLQUFLLENBQUMsS0FBSyxDQUFDO2FBQ1osTUFBTSxDQUFDLE9BQU8sQ0FBQzthQUNmLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQztJQUN4RSxDQUFDO0lBRU8saUJBQWlCLENBQUMsUUFBZ0IsRUFBRSxTQUFpQjtRQUMzRCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3pDLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFdEMsT0FBTyxJQUFJLENBQUMsaUJBQWlCLENBQUMsUUFBUSxFQUFFLFNBQVMsQ0FBQyxDQUFDO0lBQ3JELENBQUM7SUFFTyxpQkFBaUIsQ0FBQyxRQUF5QixFQUFFLFNBQWlCO1FBQ3BFLElBQUksUUFBUSxDQUFDLElBQUksS0FBSyxJQUFJLENBQUMsSUFBSSxDQUFDLFFBQVEsRUFBRTtZQUN4QyxLQUFLLE1BQU0sS0FBSyxJQUFJLFFBQVEsQ0FBQyxLQUEwQixFQUFFO2dCQUN2RCxJQUFJLEtBQUssQ0FBQyxJQUFJLEtBQUssSUFBSSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUU7b0JBQ2hDLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLEtBQWUsQ0FBQyxDQUFDO29CQUNqRCxJQUFJLEdBQUcsS0FBSyxTQUFTLEVBQUU7d0JBQ3JCLE9BQU8sUUFBUSxDQUFDO3FCQUNqQjtpQkFDRjthQUNGO1NBQ0Y7UUFFRCxJQUFJLEtBQUssQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxFQUFFO1lBQ2pDLEtBQUssTUFBTSxLQUFLLElBQUksUUFBUSxDQUFDLEtBQUssRUFBRTtnQkFDbEMsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLEtBQUssRUFBRSxTQUFTLENBQUMsQ0FBQztnQkFDeEQsSUFBSSxNQUFNLEVBQUU7b0JBQ1YsT0FBTyxNQUFNLENBQUM7aUJBQ2Y7YUFDRjtTQUNGO1FBRUQsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0lBRU8scUJBQXFCLENBQUMsSUFBWSxFQUFFLFNBQWlCLEVBQUUsR0FBVztRQUN4RSxNQUFNLFVBQVUsR0FBRyxJQUFJLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxNQUFNLE1BQU0sR0FBRyxVQUFVLENBQUMsTUFBTSxDQUM5QixJQUFJLEVBQ0o7WUFDRSxDQUFDLEVBQUUsU0FBUyxDQUFDLFFBQVEsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQzVCLENBQUMsRUFBRSxTQUFTLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztTQUMxQixFQUNELFVBQVUsQ0FBQyxhQUFhLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxDQUNyQyxDQUFDO1FBRUYsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVPLGNBQWMsQ0FBQyxJQUFZLEVBQUUsRUFBVTtRQUM3QyxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUM7UUFDdkIsT0FBTyxJQUFJLEdBQUcsR0FBRyxJQUFJLEdBQUcsR0FBRyxFQUFFLENBQUM7SUFDaEMsQ0FBQztJQUVPLG9CQUFvQixDQUMxQixPQUFvQixFQUNwQixZQUF5QixFQUN6QixRQUFxQjtRQUVyQixPQUFPLENBQ0wsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsTUFBTSxFQUFFLFlBQVksQ0FBQyxPQUFPLENBQUM7WUFDL0MsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FDakQsQ0FBQztJQUNKLENBQUM7SUFFTyxNQUFNLENBQUMsT0FBZTtRQUM1QixNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQztZQUN4QyxDQUFDLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUM7WUFDN0IsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQ2hDLE1BQU0sTUFBTSxHQUFHLE9BQU8sQ0FBQyxNQUFvQixDQUFDLENBQUM7UUFFN0MsT0FBTyxJQUFJLHlCQUF5QixDQUFDLEVBQUUsTUFBTSxFQUFFLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDO0lBQ2xFLENBQUM7SUFFTyxzQkFBc0IsQ0FBQyxHQUE4QixFQUFFLE9BQWlCO1FBQzlFLElBQUksQ0FBQyxHQUFHLENBQUMsVUFBVSxJQUFJLENBQUMsR0FBRyxDQUFDLFVBQVUsRUFBRTtZQUN0QyxNQUFNLElBQUksc0JBQXNCLENBQUMsc0RBQXNELENBQUMsQ0FBQztTQUMxRjtRQUNELElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxFQUFFLEdBQUcsQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUFDLEVBQUU7WUFDeEYsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHFEQUFxRCxDQUFDLENBQUM7U0FDekY7UUFDRCxJQUFJLEdBQUcsQ0FBQyxtQkFBbUIsRUFBRTtZQUMzQixNQUFNLFlBQVksR0FBRyxHQUFHLENBQUMsbUJBQW1CLENBQUMsSUFBSSxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FDNUQsT0FBTyxDQUFDLFFBQVEsQ0FDZCxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FDN0UsQ0FDRixDQUFDO1lBQ0YsSUFBSSxZQUFZLEVBQUU7Z0JBQ2hCLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO2FBQ3BFO1NBQ0Y7SUFDSCxDQUFDO0lBRU8sS0FBSyxDQUFDLGVBQWUsQ0FDM0IsS0FBMEI7UUFFMUIsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxrQ0FBa0MsQ0FBQyxDQUFDO1FBQzdGLE1BQU0sYUFBYSxHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQywwQkFBMEIsQ0FBQyxDQUFDLENBQUM7UUFDaEcsTUFBTSxDQUFDLGtCQUFrQixFQUFFLGNBQWMsQ0FBQyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxtQkFBbUI7UUFDaEcsTUFBTSxtQkFBbUIsR0FBRyxXQUFXLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsQ0FBQyxDQUFDO1FBQ2pGLE1BQU0sZUFBZSxHQUFHLFdBQVcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxjQUFjLENBQUMsQ0FBQyxDQUFDO1FBRXpFLElBQ0UsQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUNsQixtQkFBbUIsQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUFFLEVBQ3ZDLG1CQUFtQixDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FDdEMsRUFDRDtZQUNBLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxtREFBbUQsQ0FBQyxDQUFDO1NBQ3ZGO1FBQ0QsSUFDRSxDQUFDLElBQUksQ0FBQyxjQUFjLENBQUMsZUFBZSxDQUFDLFNBQVMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxlQUFlLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxDQUFDLEVBQzVGO1lBQ0EsTUFBTSxJQUFJLHNCQUFzQixDQUFDLCtDQUErQyxDQUFDLENBQUM7U0FDbkY7UUFDRCxJQUFJLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsTUFBTSxFQUFFLGVBQWUsQ0FBQyxPQUFPLENBQUMsRUFBRTtZQUMvRCxNQUFNLElBQUksc0JBQXNCLENBQUMscUNBQXFDLENBQUMsQ0FBQztTQUN6RTtRQUNELElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxrQkFBa0IsQ0FBQyxLQUFLLENBQUMsRUFBRTtZQUM5RSxNQUFNLElBQUksc0JBQXNCLENBQUMseUNBQXlDLENBQUMsQ0FBQztTQUM3RTtRQUVELE1BQU0sZUFBZSxHQUFhLElBQUksQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDLG1CQUFtQixDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUMsQ0FBQyx3QkFBd0I7UUFDakgsTUFBTSxPQUFPLEdBQUcsV0FBVyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDckUsTUFBTSxRQUFRLEdBQUcsS0FBSyxDQUFDLHVCQUF1QixDQUFDO1FBRS9DLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUFFLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsQ0FBQyxFQUFFO1lBQ2hGLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyw4Q0FBOEMsQ0FBQyxDQUFDO1NBQ2xGO1FBQ0QsSUFBSSxRQUFRLEtBQUssQ0FBQyxFQUFFO1lBQ2xCLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyx3Q0FBd0MsUUFBUSxFQUFFLENBQUMsQ0FBQztTQUN0RjtRQUNELElBQUksY0FBYyxLQUFLLGVBQWUsQ0FBQyxDQUFDLENBQUMsRUFBRTtZQUN6QyxNQUFNLElBQUksc0JBQXNCLENBQUMsMkRBQTJELENBQUMsQ0FBQztTQUMvRjtRQUVELElBQUksQ0FBQyxJQUFJLENBQUMsb0JBQW9CLENBQUMsT0FBTyxFQUFFLG1CQUFtQixFQUFFLGVBQWUsQ0FBQyxFQUFFO1lBQzdFLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyx1Q0FBdUMsQ0FBQyxDQUFDO1NBQzNFO1FBRUQsTUFBTSxPQUFPLEdBQUc7WUFDZCxlQUFlLENBQUMsWUFBWTtZQUM1QixtQkFBbUIsQ0FBQyxZQUFZO1lBQ2hDLE9BQU8sQ0FBQyxZQUFZO1NBQ3JCLENBQUM7UUFFRixJQUFJLElBQUksQ0FBQyxTQUFTLEVBQUU7WUFDbEIsTUFBTSxXQUFXLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLHFCQUFxQixFQUFFO2dCQUN6RCxZQUFZLEVBQUUsYUFBYTthQUM1QixDQUFDLENBQUM7WUFDSCxNQUFNLFdBQVcsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztZQUMzRCxJQUFJLENBQUMsc0JBQXNCLENBQ3pCLElBQUkseUJBQXlCLENBQUMsRUFBRSxNQUFNLEVBQUUsV0FBVyxDQUFDLE1BQU0sRUFBRSxDQUFDLEVBQzdELE9BQU8sQ0FDUixDQUFDO1NBQ0g7YUFBTTtZQUNMLE1BQU0sV0FBVyxHQUFHLE1BQU0sS0FBSyxDQUFDLEdBQUcsQ0FBQyxHQUFHLElBQUksQ0FBQyxPQUFPLFlBQVksQ0FBQyxDQUFDO1lBQ2pFLE1BQU0sUUFBUSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxDQUFDO1lBQy9DLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxRQUFRLEVBQUUsT0FBTyxDQUFDLENBQUM7U0FDaEQ7UUFFRCxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3hELElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxXQUFXLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFbEQsT0FBTyxFQUFFLE9BQU8sRUFBRSxXQUFXLEVBQUUsY0FBYyxFQUFFLENBQUM7SUFDbEQsQ0FBQztJQUVPLEtBQUssQ0FBQyx1QkFBdUIsQ0FDbkMsS0FBMEIsRUFDMUIsWUFBb0I7UUFFcEIsTUFBTSxTQUFTLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsaUJBQWlCLENBQUMsQ0FBQztRQUN2RCxNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQztRQUV6RSxPQUFPLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxVQUFVLEVBQUUsU0FBUyxFQUFFLFlBQVksQ0FBQyxDQUFDO0lBQ3pFLENBQUM7SUFFTyxLQUFLLENBQUMsa0JBQWtCLENBQzlCLEtBQTBCLEVBQzFCLE1BQTRCO1FBRTVCLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQztRQUM5QyxNQUFNLGNBQWMsR0FBRyxLQUFLLENBQUMsbUJBQW1CLENBQUM7UUFDakQsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDO1FBQ3pDLE1BQU0sY0FBYyxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsY0FBYyxFQUFFLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM3RixNQUFNLE1BQU0sR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLGNBQWMsQ0FBQyxDQUFDO1FBRWhFLE9BQU8sTUFBTSxLQUFLLENBQUMsQ0FBQztJQUN0QixDQUFDO0lBRU8sS0FBSyxDQUFDLDRCQUE0QixDQUFDLEtBQTBCO1FBQ25FLE1BQU0sR0FBRyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLG1CQUFtQixDQUFDLENBQUM7UUFDbkQsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDbEQsTUFBTSxZQUFZLEdBQUcsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDL0MsTUFBTSxRQUFRLEdBQUcsS0FBSyxDQUFDLHlCQUF5QixDQUFDO1FBRWpELE1BQU0sY0FBYyxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUMsWUFBWSxFQUFFLFlBQVksQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUU3RixNQUFNLFVBQVUsR0FBRyxJQUFJLEVBQUUsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxNQUFNLE1BQU0sR0FBRyxVQUFVLENBQUMsTUFBTSxDQUM5QixjQUFjLEVBQ2Q7WUFDRSxDQUFDLEVBQUUsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDO1lBQzNCLENBQUMsRUFBRSxRQUFRLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQztTQUN6QixFQUNELE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUN2QyxDQUFDO1FBRUYsT0FBTyxNQUFNLENBQUM7SUFDaEIsQ0FBQztJQUVPLEtBQUssQ0FBQyxzQkFBc0IsQ0FDbEMsS0FBMEIsRUFDMUIsTUFBNEIsRUFDNUIsWUFBb0I7UUFFcEIsSUFBSSxDQUFDLENBQUMsTUFBTSxJQUFJLENBQUMsdUJBQXVCLENBQUMsS0FBSyxFQUFFLFlBQVksQ0FBQyxDQUFDLEVBQUU7WUFDOUQsTUFBTSxJQUFJLHNCQUFzQixDQUFDLDJCQUEyQixDQUFDLENBQUM7U0FDL0Q7UUFDRCxJQUFJLENBQUMsQ0FBQyxNQUFNLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDLENBQUMsRUFBRTtZQUNuRCxNQUFNLElBQUksc0JBQXNCLENBQUMsc0JBQXNCLENBQUMsQ0FBQztTQUMxRDtRQUNELElBQUksQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLDRCQUE0QixDQUFDLEtBQUssQ0FBQyxDQUFDLEVBQUU7WUFDckQsTUFBTSxJQUFJLHNCQUFzQixDQUFDLGdDQUFnQyxDQUFDLENBQUM7U0FDcEU7SUFDSCxDQUFDO0lBRU8sbUJBQW1CLENBQUMsT0FBb0I7UUFDOUMsTUFBTSxnQkFBZ0IsR0FBRyxPQUFPLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLEdBQUcsS0FBSyxPQUFPLENBQUMsQ0FBQztRQUNqRixJQUFJLENBQUMsZ0JBQWdCLEVBQUU7WUFDckIsTUFBTSxJQUFJLHNCQUFzQixDQUFDLHVDQUF1QyxDQUFDLENBQUM7U0FDM0U7UUFFRCxPQUFPLGdCQUFnQixDQUFDO0lBQzFCLENBQUM7SUFFTyxvQkFBb0IsQ0FDMUIsZ0JBQTJCLEVBQzNCLFNBQWlCLEVBQ2pCLFVBQTJCO1FBRTNCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQzFGLElBQUksQ0FBQyxPQUFPLEVBQUU7WUFDWixNQUFNLElBQUksc0JBQXNCLENBQUMsT0FBTyxTQUFTLDBDQUEwQyxDQUFDLENBQUM7U0FDOUY7UUFDRCxNQUFNLElBQUksR0FBSSxPQUFPLENBQUMsS0FBMkIsQ0FBQyxNQUFNLENBQ3RELENBQUMsVUFBVSxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsSUFBSSxLQUFLLFVBQVUsQ0FDL0MsQ0FBQztRQUNGLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFO1lBQ2hCLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxlQUFlLFNBQVMsWUFBWSxVQUFVLFlBQVksQ0FBQyxDQUFDO1NBQzlGO1FBQ0QsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBZSxDQUFDLENBQUM7UUFFeEQsT0FBTyxVQUFVLEtBQUssSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztJQUN6RixDQUFDO0lBRU8sS0FBSyxDQUFDLFVBQVUsQ0FBQyxLQUFhLEVBQUUsV0FBbUI7UUFDekQsTUFBTSxPQUFPLEdBQUcsTUFBTSxLQUFLLENBQUMsR0FBRyxDQUFDLEdBQUcsSUFBSSxDQUFDLE9BQU8sY0FBYyxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQ3RFLE1BQU0sYUFBYSxHQUFHLHVCQUF1QixDQUFDO1FBQzlDLE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxjQUFjO1FBQ3hHLElBQUksWUFBWSxDQUFDLENBQUMsQ0FBQyxLQUFLLFdBQVcsRUFBRTtZQUNuQyxNQUFNLElBQUksc0JBQXNCLENBQUMsMkNBQTJDLENBQUMsQ0FBQztTQUMvRTtRQUVELE1BQU0sT0FBTyxHQUFHLFdBQVcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQ2xFLE1BQU0sR0FBRyxHQUFHLE9BQU8sQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO1FBQ3JDLE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDN0QsTUFBTSxjQUFjLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUM3QyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUNsRCxDQUFDO1FBRUYsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLHFCQUFxQixDQUFDLGNBQWMsRUFBRSxTQUFTLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDMUUsSUFBSSxDQUFDLE1BQU0sRUFBRTtZQUNYLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxpQ0FBaUMsQ0FBQyxDQUFDO1NBQ3JFO1FBRUQsSUFBSSxPQUFPLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxVQUFVLENBQUMsT0FBTyxFQUFFLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQzFELE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxxQ0FBcUMsQ0FBQyxDQUFDO1NBQ3pFO1FBRUQsT0FBTyxPQUFPLENBQUMsSUFBZ0IsQ0FBQztJQUNsQyxDQUFDO0lBRU8sS0FBSyxDQUFDLGFBQWEsQ0FBQyxXQUFtQjtRQUM3QyxNQUFNLGNBQWMsR0FBRyxNQUFNLEtBQUssQ0FBQyxHQUFHLENBQUMsR0FBRyxJQUFJLENBQUMsT0FBTyxjQUFjLENBQUMsQ0FBQztRQUN0RSxNQUFNLGdCQUFnQixHQUFHLG1DQUFtQyxDQUFDO1FBQzdELE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQ3JDLGtCQUFrQixDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxDQUM3RCxDQUFDLENBQUMscUJBQXFCO1FBQ3hCLElBQUksZUFBZSxDQUFDLENBQUMsQ0FBQyxLQUFLLFdBQVcsRUFBRTtZQUN0QyxNQUFNLElBQUksc0JBQXNCLENBQUMsd0RBQXdELENBQUMsQ0FBQztTQUM1RjtRQUVELE1BQU0sY0FBYyxHQUFHLFdBQVcsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO1FBQzVFLE1BQU0sR0FBRyxHQUFHLGNBQWMsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO1FBQzVDLE1BQU0sU0FBUyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxTQUFTLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDcEUsTUFBTSxjQUFjLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUM3QyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsY0FBYyxDQUFDLElBQUksQ0FBQyxlQUFlLENBQUMsQ0FBQyxDQUNqRSxDQUFDO1FBRUYsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLHFCQUFxQixDQUFDLGNBQWMsRUFBRSxTQUFTLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDMUUsSUFBSSxDQUFDLE1BQU0sRUFBRTtZQUNYLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyx5Q0FBeUMsQ0FBQyxDQUFDO1NBQzdFO1FBRUQsSUFBSSxjQUFjLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxVQUFVLENBQUMsT0FBTyxFQUFFLEdBQUcsSUFBSSxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQ3pFLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxrREFBa0QsQ0FBQyxDQUFDO1NBQ3RGO1FBRUQsT0FBTyxjQUFjLENBQUMsSUFBbUIsQ0FBQztJQUM1QyxDQUFDO0lBRU8sbUJBQW1CLENBQ3pCLE1BQTRCLEVBQzVCLFVBQXVCO1FBRXZCLE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ2pELElBQUksUUFBUSxDQUFDLFdBQVcsRUFBRSxLQUFLLFVBQVUsQ0FBQyxlQUFlLENBQUMsUUFBUSxFQUFFO1lBQ2xFLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDO1NBQ2xFO1FBQ0QsSUFBSSxNQUFNLENBQUMsU0FBUyxLQUFLLFVBQVUsQ0FBQyxlQUFlLENBQUMsU0FBUyxFQUFFO1lBQzdELE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO1NBQ3BFO1FBQ0QsTUFBTSxRQUFRLEdBQUcsVUFBVSxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUN4RCxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxNQUFNLElBQUksTUFBTSxDQUFDLE1BQU0sQ0FDbkQsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLFFBQVEsRUFBRSxTQUErQixDQUFDO1FBQ3pELElBQUksTUFBTSxFQUFFO1lBQ1YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsOEJBQThCLFFBQVEsRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDO1lBQ3RFLE9BQU8sTUFBTSxDQUFDO1NBQ2Y7UUFDRCxPQUFPLGtCQUFrQixDQUFDLFNBQVMsQ0FBQztJQUN0QyxDQUFDO0lBRU8sWUFBWSxDQUNsQixLQUFhLEVBQ2IsS0FBYSxFQUNiLE9BQWlCLEVBQ2pCLGdCQUEyQjtRQUUzQixJQUFJLEtBQUssQ0FBQyxXQUFXLEVBQUUsS0FBSyxPQUFPLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxXQUFXLEVBQUUsRUFBRTtZQUMvRCxNQUFNLElBQUksc0JBQXNCLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztTQUNwRTtRQUNELElBQUksS0FBSyxLQUFLLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFO1lBQ25DLE1BQU0sSUFBSSxzQkFBc0IsQ0FBQyxnQ0FBZ0MsQ0FBQyxDQUFDO1NBQ3BFO1FBRUQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLG9CQUFvQixDQUFDLGdCQUFnQixFQUFFLFVBQVUsRUFBRSxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzFGLE1BQU0sYUFBYSxHQUFHLENBQUMsR0FBRyxLQUFLLENBQUMsRUFBRSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUNwRCxJQUFJLENBQUMsb0JBQW9CLENBQUMsZ0JBQWdCLEVBQUUsR0FBRyxPQUFPLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQ3RGLENBQUM7UUFDRixNQUFNLFFBQVEsR0FBRyxPQUFPLENBQUMsT0FBTyxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQzdDLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FDWCxRQUFRLENBQUMsR0FBRyxDQUFDLE1BQU0sSUFBSSxNQUFNLENBQUMsTUFBTSxDQUFDO1lBQ3JDLFFBQVEsQ0FBQyxHQUFHLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxFQUFFLEtBQUssRUFBRSxFQUFFLENBQUMsRUFBRSxDQUFDLEdBQUcsSUFBSSxNQUFNLENBQUMsYUFBYSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FDN0YsQ0FBQztRQUVGLE1BQU0sTUFBTSxHQUFHLFFBQVEsRUFBRSxTQUF3QixDQUFDO1FBQ2xELElBQUksTUFBTSxFQUFFO1lBQ1YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsaUJBQWlCLFFBQVEsRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDO1lBQ3pELE9BQU8sTUFBTSxDQUFDO1NBQ2Y7UUFDRCxPQUFPLFdBQVcsQ0FBQyxTQUFTLENBQUM7SUFDL0IsQ0FBQztJQUVPLHdCQUF3QixDQUM5QixnQkFBb0MsRUFDcEMsU0FBc0I7UUFFdEIsSUFBSSxnQkFBZ0IsS0FBSyxrQkFBa0IsQ0FBQyxTQUFTLEVBQUU7WUFDckQsSUFBSSxTQUFTLEtBQUssV0FBVyxDQUFDLFFBQVEsSUFBSSxTQUFTLEtBQUssV0FBVyxDQUFDLGlCQUFpQixFQUFFO2dCQUNyRixPQUFPLHVCQUF1QixDQUFDLG1CQUFtQixDQUFDO2FBQ3BEO1lBQ0QsSUFDRSxTQUFTLEtBQUssV0FBVyxDQUFDLDRCQUE0QjtnQkFDdEQsU0FBUyxLQUFLLFdBQVcsQ0FBQyxpQ0FBaUMsRUFDM0Q7Z0JBQ0EsT0FBTyx1QkFBdUIsQ0FBQyxvQkFBb0IsQ0FBQzthQUNyRDtTQUNGO1FBQ0QsSUFBSSxnQkFBZ0IsS0FBSyxrQkFBa0IsQ0FBQyxPQUFPLElBQUksU0FBUyxLQUFLLFdBQVcsQ0FBQyxPQUFPLEVBQUU7WUFDeEYsTUFBTSxJQUFJLHNCQUFzQixDQUFDLDRCQUE0QixDQUFDLENBQUM7U0FDaEU7UUFDRCxJQUFJLFNBQVMsS0FBSyxXQUFXLENBQUMsUUFBUSxFQUFFO1lBQ3RDLE9BQU8sdUJBQXVCLENBQUMsUUFBUSxDQUFDO1NBQ3pDO1FBQ0QsSUFBSSxTQUFTLEtBQUssV0FBVyxDQUFDLFNBQVMsRUFBRTtZQUN2QyxPQUFPLHVCQUF1QixDQUFDLG1CQUFtQixDQUFDO1NBQ3BEO1FBQ0QsSUFBSSxTQUFTLEtBQUssV0FBVyxDQUFDLG1CQUFtQixFQUFFO1lBQ2pELE9BQU8sdUJBQXVCLENBQUMsbUJBQW1CLENBQUM7U0FDcEQ7UUFDRCxPQUFPLHVCQUF1QixDQUFDLG9CQUFvQixDQUFDO0lBQ3RELENBQUM7SUFFTyxtQ0FBbUMsQ0FBQyxNQUErQjtRQUN6RSxRQUFRLE1BQU0sRUFBRTtZQUNkLEtBQUssdUJBQXVCLENBQUMsUUFBUTtnQkFDbkMsT0FBTywrREFBK0QsQ0FBQztZQUN6RSxLQUFLLHVCQUF1QixDQUFDLG1CQUFtQjtnQkFDOUMsT0FBTzs4R0FDK0YsQ0FBQztZQUN6RyxLQUFLLHVCQUF1QixDQUFDLG1CQUFtQjtnQkFDOUMsT0FBTzs0RkFDNkUsQ0FBQztZQUN2RixLQUFLLHVCQUF1QixDQUFDLG9CQUFvQjtnQkFDL0MsT0FBTzs2SEFDOEcsQ0FBQztZQUN4SDtnQkFDRSxPQUFPLDRCQUE0QixDQUFDO1NBQ3ZDO0lBQ0gsQ0FBQztJQUVNLEtBQUssQ0FBQyxRQUFRLENBQUMsV0FBbUI7UUFDdkMsSUFBSTtZQUNGLE1BQU0sS0FBSyxHQUF3QixJQUFJLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUM3RSxNQUFNLE1BQU0sR0FBeUIsSUFBSSxDQUFDLFlBQVksQ0FBQyxXQUFXLENBQUMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBRW5GLE1BQU0sRUFBRSxPQUFPLEVBQUUsV0FBVyxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO1lBRW5FLE1BQU0sSUFBSSxDQUFDLHNCQUFzQixDQUFDLEtBQUssRUFBRSxNQUFNLEVBQUUsT0FBTyxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsQ0FBQztZQUMzRSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyx3Q0FBd0MsQ0FBQyxDQUFDO1lBRTNELE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBQzNELE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxnQkFBZ0IsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUM1RixNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsb0JBQW9CLENBQUMsZ0JBQWdCLEVBQUUsU0FBUyxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7WUFFNUYsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLEtBQUssRUFBRSxXQUFXLENBQUMsQ0FBQztZQUMxRCxNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsV0FBVyxDQUFDLENBQUM7WUFFekQsTUFBTSxnQkFBZ0IsR0FBRyxJQUFJLENBQUMsbUJBQW1CLENBQUMsTUFBTSxFQUFFLFVBQVUsQ0FBQyxDQUFDO1lBQ3RFLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsS0FBSyxFQUFFLEtBQUssRUFBRSxPQUFPLEVBQUUsZ0JBQWdCLENBQUMsQ0FBQztZQUU3RSxNQUFNLHFCQUFxQixHQUFHLElBQUksQ0FBQyx3QkFBd0IsQ0FBQyxnQkFBZ0IsRUFBRSxTQUFTLENBQUMsQ0FBQztZQUN6RixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyw4QkFBOEIscUJBQXFCLEVBQUUsQ0FBQyxDQUFDO1lBRXhFLE9BQU87Z0JBQ0wscUJBQXFCO2dCQUNyQixXQUFXLEVBQUUsSUFBSSxDQUFDLG1DQUFtQyxDQUFDLHFCQUFxQixDQUFDO2FBQzdFLENBQUM7U0FDSDtRQUFDLE9BQU8sS0FBSyxFQUFFO1lBQ2QsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMscUJBQXFCLEtBQUssRUFBRSxDQUFDLENBQUM7WUFFaEQsT0FBTztnQkFDTCxxQkFBcUIsRUFBRSx1QkFBdUIsQ0FBQyxLQUFLO2dCQUNwRCxXQUFXLEVBQUUsSUFBSSxDQUFDLG1DQUFtQyxDQUFDLHVCQUF1QixDQUFDLEtBQUssQ0FBQztnQkFDcEYsS0FBSzthQUNOLENBQUM7U0FDSDtJQUNILENBQUM7SUFFTSxLQUFLLENBQUMsa0JBQWtCLENBQUMsV0FBbUIsRUFBRSxjQUFzQjtRQUN6RSxNQUFNLEtBQUssR0FBd0IsSUFBSSxDQUFDLFlBQVksQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDN0UsTUFBTSxNQUFNLEdBQXlCLElBQUksQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNqRixNQUFNLFlBQVksR0FBRyxNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsY0FBYyxDQUFDLENBQUM7UUFDOUQsTUFBTSxlQUFlLEdBQUcsTUFBTSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLFlBQVksQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN0RSxNQUFNLGFBQWEsR0FBRyxNQUFNLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRSxZQUFZLENBQUMsQ0FBQztRQUVwRSxPQUFPLGFBQWEsS0FBSyxDQUFDLENBQUM7SUFDN0IsQ0FBQztJQUVPLEtBQUssQ0FBQyxhQUFhLENBQUMsSUFBWTtRQUN0QyxNQUFNLFFBQVEsR0FBRztZQUNmLElBQUksRUFBRSxhQUFhLENBQUMsTUFBTTtZQUMxQixRQUFRLEVBQUUsUUFBUSxDQUFDLE1BQU07U0FDMUIsQ0FBQztRQUNGLE1BQU0sUUFBUSxHQUFHLE1BQU0sTUFBTSxDQUFDLFVBQVUsQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLENBQUM7UUFDekQsT0FBTyxNQUFNLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLEVBQUUsUUFBUSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3ZELENBQUM7Q0FDRiJ9

package/dist/mjs/tee/errors.d.ts

@@ -1,6 +0,0 @@
-export declare class TLBlockSerializerError extends Error {
-}
-export declare class TeeQuoteParserError extends Error {
-}
-export declare class TeeQuoteValidatorError extends Error {
-}

package/dist/mjs/tee/errors.js

@@ -1,7 +0,0 @@
-export class TLBlockSerializerError extends Error {
-}
-export class TeeQuoteParserError extends Error {
-}
-export class TeeQuoteValidatorError extends Error {
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZXJyb3JzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9lcnJvcnMudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsTUFBTSxPQUFPLHNCQUF1QixTQUFRLEtBQUs7Q0FBRztBQUVwRCxNQUFNLE9BQU8sbUJBQW9CLFNBQVEsS0FBSztDQUFHO0FBRWpELE1BQU0sT0FBTyxzQkFBdUIsU0FBUSxLQUFLO0NBQUcifQ==

package/dist/mjs/tee/helpers.d.ts

@@ -1,14 +0,0 @@
-export declare const splitChain: (chain: string) => string[];
-declare class Position {
-    place: number;
-    constructor();
-}
-export declare class Signature {
-    static toArray(msg: string | Array<number> | null): Uint8Array;
-    static importFromDER(signature: string): {
-        r: string;
-        s: string;
-    };
-    static getLength(buf: Uint8Array, p: Position): number | boolean;
-}
-export {};

package/dist/mjs/tee/helpers.js

@@ -1,115 +0,0 @@
-export const splitChain = (chain) => {
-    const begin = '-----BEGIN CERTIFICATE-----';
-    const end = '-----END CERTIFICATE-----';
-    return chain
-        .split(begin)
-        .filter(Boolean)
-        .map((cert) => begin.concat(cert.slice(0, cert.indexOf(end)), end));
-};
-class Position {
-    place;
-    constructor() {
-        this.place = 0;
-    }
-}
-export class Signature {
-    static toArray(msg) {
-        if (Array.isArray(msg)) {
-            return new Uint8Array(msg);
-        }
-        if (!msg) {
-            return new Uint8Array();
-        }
-        const res = [];
-        if (typeof msg !== 'string') {
-            return new Uint8Array(msg);
-        }
-        msg = msg.replace(/[^a-z0-9]+/gi, '');
-        if (msg.length % 2 !== 0) {
-            msg = '0' + msg;
-        }
-        for (let i = 0; i < msg.length; i += 2) {
-            res.push(parseInt(msg[i] + msg[i + 1], 16));
-        }
-        return new Uint8Array(res);
-    }
-    static importFromDER(signature) {
-        const data = Signature.toArray(signature);
-        const p = new Position();
-        if (data[p.place++] !== 0x30) {
-            throw new Error('Invald DER');
-        }
-        const len = Signature.getLength(data, p);
-        if (len === false) {
-            throw new Error('Invald DER');
-        }
-        if (Number(len) + p.place !== data.length) {
-            throw new Error('Invald DER');
-        }
-        if (data[p.place++] !== 0x02) {
-            throw new Error('Invald DER');
-        }
-        const rlen = Signature.getLength(data, p);
-        if (rlen === false) {
-            throw new Error('Invald DER');
-        }
-        let r = data.slice(p.place, Number(rlen) + p.place);
-        p.place += Number(rlen);
-        if (data[p.place++] !== 0x02) {
-            throw new Error('Invald DER');
-        }
-        const slen = this.getLength(data, p);
-        if (slen === false) {
-            throw new Error('Invald DER');
-        }
-        if (data.length !== Number(slen) + p.place) {
-            throw new Error('Invald DER');
-        }
-        let s = data.slice(p.place, Number(slen) + p.place);
-        if (r[0] === 0) {
-            if (r[1] & 0x80) {
-                r = r.slice(1);
-            }
-            else {
-                throw new Error('Leading zeroes');
-            }
-        }
-        if (s[0] === 0) {
-            if (s[1] & 0x80) {
-                s = s.slice(1);
-            }
-            else {
-                throw new Error('Leading zeroes');
-            }
-        }
-        return {
-            r: Buffer.from(r).toString('hex'),
-            s: Buffer.from(s).toString('hex'),
-        };
-    }
-    static getLength(buf, p) {
-        const initial = buf[p.place++];
-        if (!(initial & 0x80)) {
-            return initial;
-        }
-        const octetLen = initial & 0xf;
-        // Indefinite length or overflow
-        if (octetLen === 0 || octetLen > 4) {
-            return false;
-        }
-        let val = 0;
-        let off = p.place;
-        for (let i = 0; i < octetLen; i++, off++) {
-            val <<= 8;
-            val |= buf[off];
-            val >>>= 0;
-        }
-        // Leading zeroes
-        if (val <= 0x7f) {
-            return false;
-        }
-        p.place = off;
-        return val;
-    }
-}
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVycy5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy90ZWUvaGVscGVycy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxNQUFNLENBQUMsTUFBTSxVQUFVLEdBQUcsQ0FBQyxLQUFhLEVBQVksRUFBRTtJQUNwRCxNQUFNLEtBQUssR0FBRyw2QkFBNkIsQ0FBQztJQUM1QyxNQUFNLEdBQUcsR0FBRywyQkFBMkIsQ0FBQztJQUV4QyxPQUFPLEtBQUs7U0FDVCxLQUFLLENBQUMsS0FBSyxDQUFDO1NBQ1osTUFBTSxDQUFDLE9BQU8sQ0FBQztTQUNmLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQztBQUN4RSxDQUFDLENBQUM7QUFFRixNQUFNLFFBQVE7SUFDWixLQUFLLENBQVM7SUFFZDtRQUNFLElBQUksQ0FBQyxLQUFLLEdBQUcsQ0FBQyxDQUFDO0lBQ2pCLENBQUM7Q0FDRjtBQUVELE1BQU0sT0FBTyxTQUFTO0lBQ3BCLE1BQU0sQ0FBQyxPQUFPLENBQUMsR0FBa0M7UUFDL0MsSUFBSSxLQUFLLENBQUMsT0FBTyxDQUFDLEdBQUcsQ0FBQyxFQUFFO1lBQ3RCLE9BQU8sSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUM7U0FDNUI7UUFFRCxJQUFJLENBQUMsR0FBRyxFQUFFO1lBQ1IsT0FBTyxJQUFJLFVBQVUsRUFBRSxDQUFDO1NBQ3pCO1FBRUQsTUFBTSxHQUFHLEdBQWEsRUFBRSxDQUFDO1FBRXpCLElBQUksT0FBTyxHQUFHLEtBQUssUUFBUSxFQUFFO1lBQzNCLE9BQU8sSUFBSSxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUM7U0FDNUI7UUFFRCxHQUFHLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxjQUFjLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDdEMsSUFBSSxHQUFHLENBQUMsTUFBTSxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUU7WUFDeEIsR0FBRyxHQUFHLEdBQUcsR0FBRyxHQUFHLENBQUM7U0FDakI7UUFDRCxLQUFLLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsR0FBRyxDQUFDLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQyxFQUFFO1lBQ3RDLEdBQUcsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxHQUFHLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUM7U0FDN0M7UUFFRCxPQUFPLElBQUksVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDO0lBQzdCLENBQUM7SUFFRCxNQUFNLENBQUMsYUFBYSxDQUFDLFNBQWlCO1FBSXBDLE1BQU0sSUFBSSxHQUFHLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDMUMsTUFBTSxDQUFDLEdBQUcsSUFBSSxRQUFRLEVBQUUsQ0FBQztRQUN6QixJQUFJLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSyxFQUFFLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDNUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsQ0FBQztTQUMvQjtRQUNELE1BQU0sR0FBRyxHQUFHLFNBQVMsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQ3pDLElBQUksR0FBRyxLQUFLLEtBQUssRUFBRTtZQUNqQixNQUFNLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxDQUFDO1NBQy9CO1FBQ0QsSUFBSSxNQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssS0FBSyxJQUFJLENBQUMsTUFBTSxFQUFFO1lBQ3pDLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7U0FDL0I7UUFDRCxJQUFJLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSyxFQUFFLENBQUMsS0FBSyxJQUFJLEVBQUU7WUFDNUIsTUFBTSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsQ0FBQztTQUMvQjtRQUNELE1BQU0sSUFBSSxHQUFHLFNBQVMsQ0FBQyxTQUFTLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQyxDQUFDO1FBQzFDLElBQUksSUFBSSxLQUFLLEtBQUssRUFBRTtZQUNsQixNQUFNLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxDQUFDO1NBQy9CO1FBQ0QsSUFBSSxDQUFDLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDcEQsQ0FBQyxDQUFDLEtBQUssSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDeEIsSUFBSSxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFDLEtBQUssSUFBSSxFQUFFO1lBQzVCLE1BQU0sSUFBSSxLQUFLLENBQUMsWUFBWSxDQUFDLENBQUM7U0FDL0I7UUFDRCxNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQztRQUNyQyxJQUFJLElBQUksS0FBSyxLQUFLLEVBQUU7WUFDbEIsTUFBTSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsQ0FBQztTQUMvQjtRQUNELElBQUksSUFBSSxDQUFDLE1BQU0sS0FBSyxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEtBQUssRUFBRTtZQUMxQyxNQUFNLElBQUksS0FBSyxDQUFDLFlBQVksQ0FBQyxDQUFDO1NBQy9CO1FBQ0QsSUFBSSxDQUFDLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDcEQsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxFQUFFO1lBQ2QsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxFQUFFO2dCQUNmLENBQUMsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO2FBQ2hCO2lCQUFNO2dCQUNMLE1BQU0sSUFBSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsQ0FBQzthQUNuQztTQUNGO1FBQ0QsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxFQUFFO1lBQ2QsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLEdBQUcsSUFBSSxFQUFFO2dCQUNmLENBQUMsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO2FBQ2hCO2lCQUFNO2dCQUNMLE1BQU0sSUFBSSxLQUFLLENBQUMsZ0JBQWdCLENBQUMsQ0FBQzthQUNuQztTQUNGO1FBRUQsT0FBTztZQUNMLENBQUMsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUM7WUFDakMsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQztTQUNsQyxDQUFDO0lBQ0osQ0FBQztJQUVELE1BQU0sQ0FBQyxTQUFTLENBQUMsR0FBZSxFQUFFLENBQVc7UUFDM0MsTUFBTSxPQUFPLEdBQUcsR0FBRyxDQUFDLENBQUMsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQy9CLElBQUksQ0FBQyxDQUFDLE9BQU8sR0FBRyxJQUFJLENBQUMsRUFBRTtZQUNyQixPQUFPLE9BQU8sQ0FBQztTQUNoQjtRQUNELE1BQU0sUUFBUSxHQUFHLE9BQU8sR0FBRyxHQUFHLENBQUM7UUFFL0IsZ0NBQWdDO1FBQ2hDLElBQUksUUFBUSxLQUFLLENBQUMsSUFBSSxRQUFRLEdBQUcsQ0FBQyxFQUFFO1lBQ2xDLE9BQU8sS0FBSyxDQUFDO1NBQ2Q7UUFFRCxJQUFJLEdBQUcsR0FBRyxDQUFDLENBQUM7UUFDWixJQUFJLEdBQUcsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDO1FBQ2xCLEtBQUssSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsR0FBRyxRQUFRLEVBQUUsQ0FBQyxFQUFFLEVBQUUsR0FBRyxFQUFFLEVBQUU7WUFDeEMsR0FBRyxLQUFLLENBQUMsQ0FBQztZQUNWLEdBQUcsSUFBSSxHQUFHLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDaEIsR0FBRyxNQUFNLENBQUMsQ0FBQztTQUNaO1FBRUQsaUJBQWlCO1FBQ2pCLElBQUksR0FBRyxJQUFJLElBQUksRUFBRTtZQUNmLE9BQU8sS0FBSyxDQUFDO1NBQ2Q7UUFFRCxDQUFDLENBQUMsS0FBSyxHQUFHLEdBQUcsQ0FBQztRQUNkLE9BQU8sR0FBRyxDQUFDO0lBQ2IsQ0FBQztDQUNGIn0=

package/dist/mjs/tee/interface.d.ts

@@ -1,63 +0,0 @@
-import { TeeDataType, BinaryType, TLBlockUnserializeResultType, TLBlockSerializeResultType, TLBlockType } from './types.js';
-/**
- * Serializes and Unserializes TLB
- */
-export interface TLBlockSerializer {
-    unserializeTlb(blob: BinaryType): TLBlockUnserializeResultType | Promise<TLBlockUnserializeResultType>;
-    serializeTlb(tlb: TLBlockType, tlbMetadata: TeeDataType): TLBlockSerializeResultType | Promise<TLBlockSerializeResultType>;
-    serializeMetadata(tlbMetadata: TeeDataType): BinaryType | Promise<BinaryType>;
-    serializeAnyData(anyData: any): BinaryType;
-}
-interface IISVSVNStatus {
-    tcb: {
-        isvsvn: number;
-    };
-    tcbDate: string;
-    tcbStatus: string;
-}
-export interface IQEIdentity {
-    signature: string;
-    enclaveIdentity: {
-        id: string;
-        version: number;
-        issueDate: string;
-        nextUpdate: string;
-        tcbEvaluationDataNumber: number;
-        miscselect: string;
-        miscselectMask: string;
-        attributes: string;
-        attributesMask: string;
-        mrsigner: string;
-        isvprodid: number;
-        tcbLevels: [IISVSVNStatus];
-    };
-}
-interface sgxTcbComponent {
-    svn: number;
-    category: string;
-    type: string;
-}
-interface ITCBSVNStatus {
-    tcb: {
-        sgxtcbcomponents: [sgxTcbComponent];
-        pcesvn: number;
-    };
-    tcbDate: string;
-    tcbStatus: string;
-    advisoryIDs: [string];
-}
-export interface ITcbData {
-    signature: string;
-    tcbInfo: {
-        id: string;
-        version: number;
-        issueDate: string;
-        nextUpdate: string;
-        fmspc: string;
-        pceId: string;
-        tcbType: number;
-        tcbEvaluationDataNumber: number;
-        tcbLevels: [ITCBSVNStatus];
-    };
-}
-export {};

package/dist/mjs/tee/interface.js

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW50ZXJmYWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL3RlZS9pbnRlcmZhY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9