@super-protocol/sdk-js 3.12.1-beta.2 → 3.13.0-beta.2

package/dist/mjs/certificates/ocsp.js

@@ -1,18 +1,36 @@
+import _ from 'lodash';
+import forge from 'node-forge';
 import * as pkijs from 'pkijs';
 import * as asn1js from 'asn1js';
 import axios from 'axios';
+import { CertID, OCSPRequest, Request, TBSRequest } from '@peculiar/asn1-ocsp';
+import { OctetString, AsnSerializer, AsnParser } from '@peculiar/asn1-schema';
+import { AlgorithmIdentifier, Extensions, Extension } from '@peculiar/asn1-x509';
 import { OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, OID_OCSP_ACCESS_METHOD, OID_OCSP_ISSUER_ACCESS_METHOD, } from '../constants.js';
 import { CertificatesHelper } from './helper.js';
-import { constants, helpers } from '../index.js';
+import { CryptoKeysTransformer, OcspCertStatus, constants, helpers, } from '../index.js';
+import { ExtendedKeyUsage } from '@peculiar/x509';
+const DEFAULT_REVOCATION_DATE = new Date('1970-01-01T00:00:00Z');
 export class OCSPHelper {
-    static async getOCSPResponseFromCerts(certs, ca) {
+    static async getOCSPResponseFromCerts(certs, ca, oidsToCheck = []) {
         const ocspRequestsData = certs
             .map(OCSPHelper.getOCSPRequestData)
             .filter(Boolean);
         if (!ocspRequestsData.length) {
             return [];
         }
-        const ocspResponseResults = await Promise.allSettled(ocspRequestsData.map((ocspReqData) => OCSPHelper.getOCSPResponse(ocspReqData, ca)));
+        const groupByOcspUrl = _.groupBy(ocspRequestsData, 'ocspUrl');
+        const getOcspResponseParams = Object.entries(groupByOcspUrl).map(([ocspUrl, certParams]) => ({
+            ocspUrl,
+            certsWithIssuer: certParams.map(({ cert, issuerCertUrl }) => ({
+                cert,
+                issuerCertUrl,
+                issuerCert: CertificatesHelper.getIssuerBySubject(cert, [...certs, ...ca]),
+            })),
+            ca,
+            oidsToCheck,
+        }));
+        const ocspResponseResults = await Promise.allSettled(getOcspResponseParams.map((params) => OCSPHelper.getOCSPResponse(params)));
         const rejectedOCSPResponses = ocspResponseResults
             .filter(helpers.isRejected)
             .map((result) => result.reason);
@@ -21,6 +39,104 @@ export class OCSPHelper {
         }
         return ocspResponseResults.filter(helpers.isFulfilled).map((result) => result.value);
     }
+    static async generateOCSPResponse(params) {
+        const ocspBasicResp = new pkijs.BasicOCSPResponse();
+        const { issuerCertPem, caCertsPem, certs, privateKey, nonce } = params;
+        const { certs: issuerCertsPem } = CertificatesHelper.extractCAFromChain(`${issuerCertPem}\n${caCertsPem}`);
+        const issuerCert = CertificatesHelper.toPkiCerts(issuerCertPem)[0];
+        ocspBasicResp.tbsResponseData.responderID = issuerCert.subject;
+        ocspBasicResp.tbsResponseData.producedAt = new Date();
+        ocspBasicResp.certs = CertificatesHelper.toPkiCerts(issuerCertsPem);
+        for (const certData of certs) {
+            const { serialNumber, status, issuerKeyHash, issuerNameHash, hashAlgorithm, revocationDate } = certData;
+            const certID = new pkijs.CertID({
+                hashAlgorithm: new pkijs.AlgorithmIdentifier({
+                    algorithmId: hashAlgorithm,
+                    algorithmParams: new asn1js.Null(),
+                }),
+                issuerNameHash: new asn1js.OctetString({ valueHex: issuerNameHash }),
+                issuerKeyHash: new asn1js.OctetString({ valueHex: issuerKeyHash }),
+                serialNumber: new asn1js.Integer({ valueHex: serialNumber }),
+            });
+            const response = new pkijs.SingleResponse({
+                certID,
+            });
+            switch (status) {
+                case OcspCertStatus.OK:
+                case OcspCertStatus.Unknown:
+                    response.certStatus = new asn1js.Primitive({
+                        idBlock: {
+                            tagClass: 3,
+                            tagNumber: status,
+                        },
+                    });
+                    break;
+                case OcspCertStatus.Revoked:
+                    response.certStatus = new asn1js.Constructed({
+                        idBlock: {
+                            tagClass: 3,
+                            tagNumber: status,
+                            isConstructed: true,
+                        },
+                        value: [
+                            new asn1js.GeneralizedTime({
+                                valueDate: revocationDate || DEFAULT_REVOCATION_DATE,
+                            }),
+                        ],
+                    });
+                    break;
+                default:
+                    throw new Error(`Unknown OCSP certificate status: ${status}`);
+            }
+            response.thisUpdate = new Date();
+            ocspBasicResp.tbsResponseData.responses.push(response);
+        }
+        if (nonce) {
+            ocspBasicResp.tbsResponseData.responseExtensions = [
+                new pkijs.Extension({
+                    extnID: constants.OID_OCSP_NONCE,
+                    extnValue: new asn1js.OctetString({ valueHex: nonce }).toBER(),
+                }),
+            ];
+        }
+        const privateCryptoKey = await CryptoKeysTransformer.pkcs8PemToCryptoKey(privateKey);
+        await ocspBasicResp.sign(privateCryptoKey, 'SHA-256');
+        const ocspBasicRespRaw = ocspBasicResp.toSchema().toBER(false);
+        const ocspResp = new pkijs.OCSPResponse({
+            responseStatus: new asn1js.Enumerated({ value: 0 }), // success
+            responseBytes: new pkijs.ResponseBytes({
+                responseType: pkijs.id_PKIX_OCSP_Basic,
+                response: new asn1js.OctetString({ valueHex: ocspBasicRespRaw }),
+            }),
+        });
+        return ocspResp.toSchema().toBER();
+    }
+    static parseOCSPRequest(ocspRequestBinary) {
+        const ocspRequest = AsnParser.parse(ocspRequestBinary, OCSPRequest);
+        const certRequests = ocspRequest.tbsRequest.requestList.map((request) => {
+            const reqCert = {
+                hashAlgorithm: request.reqCert.hashAlgorithm.algorithm,
+                issuerNameHash: Buffer.from(request.reqCert.issuerNameHash.buffer),
+                issuerKeyHash: Buffer.from(request.reqCert.issuerKeyHash.buffer),
+                serialNumber: request.reqCert.serialNumber,
+            };
+            const extensionsToCheck = request.singleRequestExtensions?.map((ext) => ({
+                oid: ext.extnID,
+                value: Buffer.from(ext.extnValue.buffer),
+            })) || [];
+            return { ...reqCert, extensionsToCheck };
+        });
+        const nonceExtension = ocspRequest.tbsRequest.requestExtensions?.find((ext) => ext.extnID === constants.OID_OCSP_NONCE);
+        const nonce = nonceExtension && nonceExtension.extnValue.buffer;
+        return { certRequests, nonce };
+    }
+    static canCertSignOCSPResponse(cert) {
+        const extKeysUsage = cert.extensions?.find((ext) => ext.extnID === forge.pki.oids['extKeyUsage']);
+        if (!extKeysUsage) {
+            return false;
+        }
+        return Boolean(extKeysUsage.parsedValue.keyPurposes.find((usage) => usage === ExtendedKeyUsage.ocspSigning));
+    }
     static getOCSPRequestData(cert) {
         const authorityExtension = CertificatesHelper.getExtensionValue(cert, OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION);
         if (!authorityExtension) {
@@ -29,28 +145,60 @@ export class OCSPHelper {
         const extensionValue = pkijs.ExtensionValueFactory.fromBER(OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, authorityExtension);
         const ocspUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === OID_OCSP_ACCESS_METHOD)?.accessLocation.value;
         const issuerCertUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === OID_OCSP_ISSUER_ACCESS_METHOD)?.accessLocation.value;
-        if (!ocspUrl || !issuerCertUrl) {
-            // TODO: throw error?
+        if (!ocspUrl) {
             return;
         }
         return { ocspUrl, issuerCertUrl, cert };
     }
-    static async getOCSPResponse(data, ca) {
-        const { ocspUrl, issuerCertUrl, cert } = data;
-        const issuerCertRaw = await CertificatesHelper.downloadCertWithCache(issuerCertUrl);
-        const issuerCertificate = pkijs.Certificate.fromBER(issuerCertRaw);
-        const ocspReq = new pkijs.OCSPRequest();
-        await ocspReq.createForCertificate(cert, {
-            hashAlgorithm: 'SHA-256',
-            issuerCertificate,
-        });
+    static async getOCSPResponse(params) {
+        const { ocspUrl, certsWithIssuer, ca, oidsToCheck } = params;
+        const requestList = [];
+        const issuerCertificates = [];
+        for (const { cert, issuerCert: issuerCertFromParams, issuerCertUrl } of certsWithIssuer) {
+            let issuerCertificate = issuerCertFromParams;
+            if (!issuerCertificate && issuerCertUrl) {
+                const issuerCertRaw = await CertificatesHelper.downloadCertWithCache(issuerCertUrl);
+                issuerCertificate = pkijs.Certificate.fromBER(issuerCertRaw);
+            }
+            if (!issuerCertificate) {
+                throw new Error(`No issuer certificate found for OCSP request for ${cert.subject}`);
+            }
+            if (!issuerCertificates.some((cert) => cert.subject.isEqual(issuerCertificate.subject))) {
+                issuerCertificates.push(issuerCertificate);
+            }
+            const certID = new pkijs.CertID();
+            await certID.createForCertificate(cert, {
+                hashAlgorithm: 'SHA-256',
+                issuerCertificate,
+            });
+            const request = new Request({
+                reqCert: new CertID({
+                    hashAlgorithm: new AlgorithmIdentifier({
+                        algorithm: certID.hashAlgorithm.algorithmId,
+                    }),
+                    issuerNameHash: new OctetString().fromASN(certID.issuerNameHash),
+                    issuerKeyHash: new OctetString().fromASN(certID.issuerKeyHash),
+                    serialNumber: certID.serialNumber.valueBlock.valueHex,
+                }),
+            });
+            const extensionsToCheck = OCSPHelper.getCertExtensionsToCheck(cert, oidsToCheck);
+            if (extensionsToCheck.length) {
+                request.singleRequestExtensions = new Extensions(extensionsToCheck.map((ext) => new Extension({ extnID: ext.oid, extnValue: new OctetString(ext.value) })));
+            }
+            requestList.push(request);
+        }
         const reqNonce = OCSPHelper.getNonceForRequest();
-        ocspReq.tbsRequest.requestExtensions = [
-            new pkijs.Extension({
-                extnID: constants.OID_OCSP_NONCE,
-                extnValue: new asn1js.OctetString({ valueHex: reqNonce.buffer }).toBER(),
+        const ocspReq = new OCSPRequest({
+            tbsRequest: new TBSRequest({
+                requestList,
+                requestExtensions: new Extensions([
+                    new Extension({
+                        extnID: constants.OID_OCSP_NONCE,
+                        extnValue: new OctetString(reqNonce),
+                    }),
+                ]),
             }),
-        ];
+        });
         const ocspBasicResp = await OCSPHelper.sendOCSPRequest(ocspUrl, ocspReq);
         const respNonce = await OCSPHelper.getNonceFromResponse(ocspBasicResp);
         if (respNonce && Buffer.compare(reqNonce, respNonce) !== 0) {
@@ -58,11 +206,11 @@ export class OCSPHelper {
         }
         const trustedCerts = [];
         if (!ocspBasicResp.certs) {
-            ocspBasicResp.certs = [issuerCertificate];
+            ocspBasicResp.certs = issuerCertificates;
             trustedCerts.push(...ca);
         }
         else {
-            trustedCerts.push(issuerCertificate);
+            trustedCerts.push(...issuerCertificates);
         }
         await ocspBasicResp.verify({ trustedCerts });
         return ocspBasicResp;
@@ -74,7 +222,7 @@ export class OCSPHelper {
                 'Content-Type': 'application/ocsp-request',
             },
             responseType: 'arraybuffer',
-            data: ocspReq.toSchema(true).toBER(),
+            data: AsnSerializer.serialize(ocspReq),
         });
         const ocspRespSimpl = pkijs.OCSPResponse.fromBER(ocspResponse.data);
         if (!ocspRespSimpl.responseBytes) {
@@ -88,7 +236,15 @@ export class OCSPHelper {
     }
     static getNonceFromResponse(ocspBasicResp) {
         const nonceExtension = ocspBasicResp.tbsResponseData?.responseExtensions?.find((extension) => extension.extnID === constants.OID_OCSP_NONCE);
-        return nonceExtension?.extnValue.valueBlock.valueHexView;
+        return nonceExtension && Buffer.from(nonceExtension.parsedValue.valueBlock.valueHex);
+    }
+    static getCertExtensionsToCheck(cert, oidsToCheck) {
+        return oidsToCheck
+            .map((oid) => {
+            const value = CertificatesHelper.getExtensionValue(cert, oid);
+            return { oid, value };
+        })
+            .filter((ext) => Boolean(ext.value));
     }
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2NzcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvb2NzcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMvQixPQUFPLEtBQUssTUFBTSxNQUFNLFFBQVEsQ0FBQztBQUNqQyxPQUFPLEtBQUssTUFBTSxPQUFPLENBQUM7QUFDMUIsT0FBTyxFQUNMLDBDQUEwQyxFQUMxQyxzQkFBc0IsRUFDdEIsNkJBQTZCLEdBQzlCLE1BQU0saUJBQWlCLENBQUM7QUFDekIsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sYUFBYSxDQUFDO0FBQ2pELE9BQU8sRUFBRSxTQUFTLEVBQUUsT0FBTyxFQUFFLE1BQU0sYUFBYSxDQUFDO0FBSWpELE1BQU0sT0FBTyxVQUFVO0lBQ3JCLE1BQU0sQ0FBQyxLQUFLLENBQUMsd0JBQXdCLENBQ25DLEtBQTBCLEVBQzFCLEVBQXVCO1FBRXZCLE1BQU0sZ0JBQWdCLEdBQUcsS0FBSzthQUMzQixHQUFHLENBQUMsVUFBVSxDQUFDLGtCQUFrQixDQUFDO2FBQ2xDLE1BQU0sQ0FBQyxPQUFPLENBQXNCLENBQUM7UUFFeEMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQzdCLE9BQU8sRUFBRSxDQUFDO1FBQ1osQ0FBQztRQUVELE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxPQUFPLENBQUMsVUFBVSxDQUNsRCxnQkFBZ0IsQ0FBQyxHQUFHLENBQUMsQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxlQUFlLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQ25GLENBQUM7UUFFRixNQUFNLHFCQUFxQixHQUFHLG1CQUFtQjthQUM5QyxNQUFNLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQzthQUMxQixHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxJQUFJLHFCQUFxQixDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQ2IsMkRBQTJELHFCQUFxQixDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUNoRyxDQUFDO1FBQ0osQ0FBQztRQUVELE9BQU8sbUJBQW1CLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQixDQUFDLElBQXVCO1FBQ3ZELE1BQU0sa0JBQWtCLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQzdELElBQUksRUFDSiwwQ0FBMEMsQ0FDM0MsQ0FBQztRQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3hCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FDeEQsMENBQTBDLEVBQzFDLGtCQUFrQixDQUNFLENBQUM7UUFFdkIsTUFBTSxPQUFPLEdBQUcsY0FBYyxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FDcEQsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxZQUFZLEtBQUssc0JBQXNCLENBQ3ZELEVBQUUsY0FBYyxDQUFDLEtBQUssQ0FBQztRQUV4QixNQUFNLGFBQWEsR0FBRyxjQUFjLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUMxRCxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFlBQVksS0FBSyw2QkFBNkIsQ0FDOUQsRUFBRSxjQUFjLENBQUMsS0FBSyxDQUFDO1FBRXhCLElBQUksQ0FBQyxPQUFPLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUMvQixxQkFBcUI7WUFDckIsT0FBTztRQUNULENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLGFBQWEsRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUMxQyxDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLElBQXFCLEVBQ3JCLEVBQXVCO1FBRXZCLE1BQU0sRUFBRSxPQUFPLEVBQUUsYUFBYSxFQUFFLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQztRQUM5QyxNQUFNLGFBQWEsR0FBRyxNQUFNLGtCQUFrQixDQUFDLHFCQUFxQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3BGLE1BQU0saUJBQWlCLEdBQUcsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDbkUsTUFBTSxPQUFPLEdBQUcsSUFBSSxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDeEMsTUFBTSxPQUFPLENBQUMsb0JBQW9CLENBQUMsSUFBSSxFQUFFO1lBQ3ZDLGFBQWEsRUFBRSxTQUFTO1lBQ3hCLGlCQUFpQjtTQUNsQixDQUFDLENBQUM7UUFDSCxNQUFNLFFBQVEsR0FBRyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUNqRCxPQUFPLENBQUMsVUFBVSxDQUFDLGlCQUFpQixHQUFHO1lBQ3JDLElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQztnQkFDbEIsTUFBTSxFQUFFLFNBQVMsQ0FBQyxjQUFjO2dCQUNoQyxTQUFTLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLFFBQVEsQ0FBQyxNQUFNLEVBQUUsQ0FBQyxDQUFDLEtBQUssRUFBRTthQUN6RSxDQUFDO1NBQ0gsQ0FBQztRQUVGLE1BQU0sYUFBYSxHQUFHLE1BQU0sVUFBVSxDQUFDLGVBQWUsQ0FBQyxPQUFPLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFFekUsTUFBTSxTQUFTLEdBQUcsTUFBTSxVQUFVLENBQUMsb0JBQW9CLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDdkUsSUFBSSxTQUFTLElBQUksTUFBTSxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUM7WUFDM0QsTUFBTSxJQUFJLEtBQUssQ0FBQyxvREFBb0QsQ0FBQyxDQUFDO1FBQ3hFLENBQUM7UUFFRCxNQUFNLFlBQVksR0FBd0IsRUFBRSxDQUFDO1FBQzdDLElBQUksQ0FBQyxhQUFhLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDekIsYUFBYSxDQUFDLEtBQUssR0FBRyxDQUFDLGlCQUFpQixDQUFDLENBQUM7WUFDMUMsWUFBWSxDQUFDLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQzNCLENBQUM7YUFBTSxDQUFDO1lBQ04sWUFBWSxDQUFDLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQ3ZDLENBQUM7UUFFRCxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQzdDLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FDbEMsT0FBZSxFQUNmLE9BQTBCO1FBRTFCLE1BQU0sWUFBWSxHQUFHLE1BQU0sS0FBSyxDQUFDLE9BQU8sRUFBRTtZQUN4QyxNQUFNLEVBQUUsTUFBTTtZQUNkLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsMEJBQTBCO2FBQzNDO1lBQ0QsWUFBWSxFQUFFLGFBQWE7WUFDM0IsSUFBSSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBSyxFQUFFO1NBQ3JDLENBQUMsQ0FBQztRQUVILE1BQU0sYUFBYSxHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwRSxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQUMsOERBQThELENBQUMsQ0FBQztRQUNsRixDQUFDO1FBRUQsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkQsYUFBYSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FDN0QsQ0FBQztRQUVGLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsa0JBQWtCO1FBQy9CLE9BQU8sS0FBSyxDQUFDLGVBQWUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFTyxNQUFNLENBQUMsb0JBQW9CLENBQ2pDLGFBQXNDO1FBRXRDLE1BQU0sY0FBYyxHQUFHLGFBQWEsQ0FBQyxlQUFlLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxDQUM1RSxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLE1BQU0sS0FBSyxTQUFTLENBQUMsY0FBYyxDQUM3RCxDQUFDO1FBQ0YsT0FBTyxjQUFjLEVBQUUsU0FBUyxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUM7SUFDM0QsQ0FBQztDQUNGIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2NzcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvb2NzcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLENBQUMsTUFBTSxRQUFRLENBQUM7QUFDdkIsT0FBTyxLQUFLLE1BQU0sWUFBWSxDQUFDO0FBQy9CLE9BQU8sS0FBSyxLQUFLLE1BQU0sT0FBTyxDQUFDO0FBQy9CLE9BQU8sS0FBSyxNQUFNLE1BQU0sUUFBUSxDQUFDO0FBQ2pDLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUMxQixPQUFPLEVBQUUsTUFBTSxFQUFFLFdBQVcsRUFBRSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0scUJBQXFCLENBQUM7QUFDL0UsT0FBTyxFQUFFLFdBQVcsRUFBRSxhQUFhLEVBQUUsU0FBUyxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDOUUsT0FBTyxFQUFFLG1CQUFtQixFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsTUFBTSxxQkFBcUIsQ0FBQztBQUNqRixPQUFPLEVBQ0wsMENBQTBDLEVBQzFDLHNCQUFzQixFQUN0Qiw2QkFBNkIsR0FDOUIsTUFBTSxpQkFBaUIsQ0FBQztBQUN6QixPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFDakQsT0FBTyxFQUNMLHFCQUFxQixFQUdyQixjQUFjLEVBRWQsU0FBUyxFQUNULE9BQU8sR0FDUixNQUFNLGFBQWEsQ0FBQztBQUNyQixPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQWVsRCxNQUFNLHVCQUF1QixHQUFHLElBQUksSUFBSSxDQUFDLHNCQUFzQixDQUFDLENBQUM7QUFFakUsTUFBTSxPQUFPLFVBQVU7SUFDckIsTUFBTSxDQUFDLEtBQUssQ0FBQyx3QkFBd0IsQ0FDbkMsS0FBMEIsRUFDMUIsRUFBdUIsRUFDdkIsY0FBd0IsRUFBRTtRQUUxQixNQUFNLGdCQUFnQixHQUFHLEtBQUs7YUFDM0IsR0FBRyxDQUFDLFVBQVUsQ0FBQyxrQkFBa0IsQ0FBQzthQUNsQyxNQUFNLENBQUMsT0FBTyxDQUFzQixDQUFDO1FBQ3hDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM3QixPQUFPLEVBQUUsQ0FBQztRQUNaLENBQUM7UUFFRCxNQUFNLGNBQWMsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLGdCQUFnQixFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQzlELE1BQU0scUJBQXFCLEdBQTRCLE1BQU0sQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLENBQUMsR0FBRyxDQUN2RixDQUFDLENBQUMsT0FBTyxFQUFFLFVBQVUsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBQzFCLE9BQU87WUFDUCxlQUFlLEVBQUUsVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLEVBQUUsSUFBSSxFQUFFLGFBQWEsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUM1RCxJQUFJO2dCQUNKLGFBQWE7Z0JBQ2IsVUFBVSxFQUFFLGtCQUFrQixDQUFDLGtCQUFrQixDQUFDLElBQUksRUFBRSxDQUFDLEdBQUcsS0FBSyxFQUFFLEdBQUcsRUFBRSxDQUFDLENBQUM7YUFDM0UsQ0FBQyxDQUFDO1lBQ0gsRUFBRTtZQUNGLFdBQVc7U0FDWixDQUFDLENBQ0gsQ0FBQztRQUVGLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxPQUFPLENBQUMsVUFBVSxDQUNsRCxxQkFBcUIsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLFVBQVUsQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLENBQUMsQ0FDMUUsQ0FBQztRQUVGLE1BQU0scUJBQXFCLEdBQUcsbUJBQW1CO2FBQzlDLE1BQU0sQ0FBQyxPQUFPLENBQUMsVUFBVSxDQUFDO2FBQzFCLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2xDLElBQUkscUJBQXFCLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDakMsTUFBTSxJQUFJLEtBQUssQ0FDYiwyREFBMkQscUJBQXFCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQ2hHLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxtQkFBbUIsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLG9CQUFvQixDQUFDLE1BQWtDO1FBQ2xFLE1BQU0sYUFBYSxHQUFHLElBQUksS0FBSyxDQUFDLGlCQUFpQixFQUFFLENBQUM7UUFDcEQsTUFBTSxFQUFFLGFBQWEsRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFLFVBQVUsRUFBRSxLQUFLLEVBQUUsR0FBRyxNQUFNLENBQUM7UUFDdkUsTUFBTSxFQUFFLEtBQUssRUFBRSxjQUFjLEVBQUUsR0FBRyxrQkFBa0IsQ0FBQyxrQkFBa0IsQ0FDckUsR0FBRyxhQUFhLEtBQUssVUFBVSxFQUFFLENBQ2xDLENBQUM7UUFDRixNQUFNLFVBQVUsR0FBRyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFFbkUsYUFBYSxDQUFDLGVBQWUsQ0FBQyxXQUFXLEdBQUcsVUFBVSxDQUFDLE9BQU8sQ0FBQztRQUMvRCxhQUFhLENBQUMsZUFBZSxDQUFDLFVBQVUsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1FBQ3RELGFBQWEsQ0FBQyxLQUFLLEdBQUcsa0JBQWtCLENBQUMsVUFBVSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1FBRXBFLEtBQUssTUFBTSxRQUFRLElBQUksS0FBSyxFQUFFLENBQUM7WUFDN0IsTUFBTSxFQUFFLFlBQVksRUFBRSxNQUFNLEVBQUUsYUFBYSxFQUFFLGNBQWMsRUFBRSxhQUFhLEVBQUUsY0FBYyxFQUFFLEdBQzFGLFFBQVEsQ0FBQztZQUNYLE1BQU0sTUFBTSxHQUFHLElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQztnQkFDOUIsYUFBYSxFQUFFLElBQUksS0FBSyxDQUFDLG1CQUFtQixDQUFDO29CQUMzQyxXQUFXLEVBQUUsYUFBYTtvQkFDMUIsZUFBZSxFQUFFLElBQUksTUFBTSxDQUFDLElBQUksRUFBRTtpQkFDbkMsQ0FBQztnQkFDRixjQUFjLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLGNBQWMsRUFBRSxDQUFDO2dCQUNwRSxhQUFhLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLGFBQWEsRUFBRSxDQUFDO2dCQUNsRSxZQUFZLEVBQUUsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLEVBQUUsUUFBUSxFQUFFLFlBQVksRUFBRSxDQUFDO2FBQzdELENBQUMsQ0FBQztZQUVILE1BQU0sUUFBUSxHQUFHLElBQUksS0FBSyxDQUFDLGNBQWMsQ0FBQztnQkFDeEMsTUFBTTthQUNQLENBQUMsQ0FBQztZQUVILFFBQVEsTUFBTSxFQUFFLENBQUM7Z0JBQ2YsS0FBSyxjQUFjLENBQUMsRUFBRSxDQUFDO2dCQUN2QixLQUFLLGNBQWMsQ0FBQyxPQUFPO29CQUN6QixRQUFRLENBQUMsVUFBVSxHQUFHLElBQUksTUFBTSxDQUFDLFNBQVMsQ0FBQzt3QkFDekMsT0FBTyxFQUFFOzRCQUNQLFFBQVEsRUFBRSxDQUFDOzRCQUNYLFNBQVMsRUFBRSxNQUFNO3lCQUNsQjtxQkFDRixDQUFDLENBQUM7b0JBQ0gsTUFBTTtnQkFDUixLQUFLLGNBQWMsQ0FBQyxPQUFPO29CQUN6QixRQUFRLENBQUMsVUFBVSxHQUFHLElBQUksTUFBTSxDQUFDLFdBQVcsQ0FBQzt3QkFDM0MsT0FBTyxFQUFFOzRCQUNQLFFBQVEsRUFBRSxDQUFDOzRCQUNYLFNBQVMsRUFBRSxNQUFNOzRCQUNqQixhQUFhLEVBQUUsSUFBSTt5QkFDcEI7d0JBQ0QsS0FBSyxFQUFFOzRCQUNMLElBQUksTUFBTSxDQUFDLGVBQWUsQ0FBQztnQ0FDekIsU0FBUyxFQUFFLGNBQWMsSUFBSSx1QkFBdUI7NkJBQ3JELENBQUM7eUJBQ0g7cUJBQ0YsQ0FBQyxDQUFDO29CQUNILE1BQU07Z0JBQ1I7b0JBQ0UsTUFBTSxJQUFJLEtBQUssQ0FBQyxvQ0FBb0MsTUFBTSxFQUFFLENBQUMsQ0FBQztZQUNsRSxDQUFDO1lBRUQsUUFBUSxDQUFDLFVBQVUsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ2pDLGFBQWEsQ0FBQyxlQUFlLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN6RCxDQUFDO1FBRUQsSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUNWLGFBQWEsQ0FBQyxlQUFlLENBQUMsa0JBQWtCLEdBQUc7Z0JBQ2pELElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQztvQkFDbEIsTUFBTSxFQUFFLFNBQVMsQ0FBQyxjQUFjO29CQUNoQyxTQUFTLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUMsS0FBSyxFQUFFO2lCQUMvRCxDQUFDO2FBQ0gsQ0FBQztRQUNKLENBQUM7UUFFRCxNQUFNLGdCQUFnQixHQUFHLE1BQU0scUJBQXFCLENBQUMsbUJBQW1CLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDckYsTUFBTSxhQUFhLENBQUMsSUFBSSxDQUFDLGdCQUFnQixFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBRXRELE1BQU0sZ0JBQWdCLEdBQUcsYUFBYSxDQUFDLFFBQVEsRUFBRSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUUvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUM7WUFDdEMsY0FBYyxFQUFFLElBQUksTUFBTSxDQUFDLFVBQVUsQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLFVBQVU7WUFDL0QsYUFBYSxFQUFFLElBQUksS0FBSyxDQUFDLGFBQWEsQ0FBQztnQkFDckMsWUFBWSxFQUFFLEtBQUssQ0FBQyxrQkFBa0I7Z0JBQ3RDLFFBQVEsRUFBRSxJQUFJLE1BQU0sQ0FBQyxXQUFXLENBQUMsRUFBRSxRQUFRLEVBQUUsZ0JBQWdCLEVBQUUsQ0FBQzthQUNqRSxDQUFDO1NBQ0gsQ0FBQyxDQUFDO1FBRUgsT0FBTyxRQUFRLENBQUMsUUFBUSxFQUFFLENBQUMsS0FBSyxFQUFFLENBQUM7SUFDckMsQ0FBQztJQUVELE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxpQkFBOEI7UUFDcEQsTUFBTSxXQUFXLEdBQUcsU0FBUyxDQUFDLEtBQUssQ0FBQyxpQkFBaUIsRUFBRSxXQUFXLENBQUMsQ0FBQztRQUNwRSxNQUFNLFlBQVksR0FBRyxXQUFXLENBQUMsVUFBVSxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRTtZQUN0RSxNQUFNLE9BQU8sR0FBRztnQkFDZCxhQUFhLEVBQUUsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUMsU0FBUztnQkFDdEQsY0FBYyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsTUFBTSxDQUFDO2dCQUNsRSxhQUFhLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUM7Z0JBQ2hFLFlBQVksRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLFlBQVk7YUFDM0MsQ0FBQztZQUVGLE1BQU0saUJBQWlCLEdBQ3JCLE9BQU8sQ0FBQyx1QkFBdUIsRUFBRSxHQUFHLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQzdDLEdBQUcsRUFBRSxHQUFHLENBQUMsTUFBTTtnQkFDZixLQUFLLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQzthQUN6QyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7WUFFWixPQUFPLEVBQUUsR0FBRyxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsQ0FBQztRQUMzQyxDQUFDLENBQUMsQ0FBQztRQUVILE1BQU0sY0FBYyxHQUFHLFdBQVcsQ0FBQyxVQUFVLENBQUMsaUJBQWlCLEVBQUUsSUFBSSxDQUNuRSxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLE1BQU0sS0FBSyxTQUFTLENBQUMsY0FBYyxDQUNqRCxDQUFDO1FBQ0YsTUFBTSxLQUFLLEdBQUcsY0FBYyxJQUFJLGNBQWMsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO1FBRWhFLE9BQU8sRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDakMsQ0FBQztJQUVELE1BQU0sQ0FBQyx1QkFBdUIsQ0FBQyxJQUF1QjtRQUNwRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FDeEMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEtBQUssS0FBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLENBQ3RELENBQUM7UUFDRixJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDbEIsT0FBTyxLQUFLLENBQUM7UUFDZixDQUFDO1FBRUQsT0FBTyxPQUFPLENBQ1osWUFBWSxDQUFDLFdBQVcsQ0FBQyxXQUFXLENBQUMsSUFBSSxDQUN2QyxDQUFDLEtBQWEsRUFBRSxFQUFFLENBQUMsS0FBSyxLQUFLLGdCQUFnQixDQUFDLFdBQVcsQ0FDMUQsQ0FDRixDQUFDO0lBQ0osQ0FBQztJQUVPLE1BQU0sQ0FBQyxrQkFBa0IsQ0FBQyxJQUF1QjtRQUN2RCxNQUFNLGtCQUFrQixHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUM3RCxJQUFJLEVBQ0osMENBQTBDLENBQzNDLENBQUM7UUFDRixJQUFJLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztZQUN4QixPQUFPO1FBQ1QsQ0FBQztRQUVELE1BQU0sY0FBYyxHQUFHLEtBQUssQ0FBQyxxQkFBcUIsQ0FBQyxPQUFPLENBQ3hELDBDQUEwQyxFQUMxQyxrQkFBa0IsQ0FDRSxDQUFDO1FBRXZCLE1BQU0sT0FBTyxHQUFHLGNBQWMsQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQ3BELENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsWUFBWSxLQUFLLHNCQUFzQixDQUN2RCxFQUFFLGNBQWMsQ0FBQyxLQUFLLENBQUM7UUFFeEIsTUFBTSxhQUFhLEdBQUcsY0FBYyxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FDMUQsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxZQUFZLEtBQUssNkJBQTZCLENBQzlELEVBQUUsY0FBYyxDQUFDLEtBQUssQ0FBQztRQUV4QixJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixPQUFPO1FBQ1QsQ0FBQztRQUVELE9BQU8sRUFBRSxPQUFPLEVBQUUsYUFBYSxFQUFFLElBQUksRUFBRSxDQUFDO0lBQzFDLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FDbEMsTUFBNkI7UUFFN0IsTUFBTSxFQUFFLE9BQU8sRUFBRSxlQUFlLEVBQUUsRUFBRSxFQUFFLFdBQVcsRUFBRSxHQUFHLE1BQU0sQ0FBQztRQUM3RCxNQUFNLFdBQVcsR0FBYyxFQUFFLENBQUM7UUFDbEMsTUFBTSxrQkFBa0IsR0FBd0IsRUFBRSxDQUFDO1FBQ25ELEtBQUssTUFBTSxFQUFFLElBQUksRUFBRSxVQUFVLEVBQUUsb0JBQW9CLEVBQUUsYUFBYSxFQUFFLElBQUksZUFBZSxFQUFFLENBQUM7WUFDeEYsSUFBSSxpQkFBaUIsR0FBRyxvQkFBb0IsQ0FBQztZQUM3QyxJQUFJLENBQUMsaUJBQWlCLElBQUksYUFBYSxFQUFFLENBQUM7Z0JBQ3hDLE1BQU0sYUFBYSxHQUFHLE1BQU0sa0JBQWtCLENBQUMscUJBQXFCLENBQUMsYUFBYSxDQUFDLENBQUM7Z0JBQ3BGLGlCQUFpQixHQUFHLEtBQUssQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1lBQy9ELENBQUM7WUFDRCxJQUFJLENBQUMsaUJBQWlCLEVBQUUsQ0FBQztnQkFDdkIsTUFBTSxJQUFJLEtBQUssQ0FBQyxvREFBb0QsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUM7WUFDdEYsQ0FBQztZQUNELElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGlCQUFrQixDQUFDLE9BQU8sQ0FBQyxDQUFDLEVBQUUsQ0FBQztnQkFDekYsa0JBQWtCLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDLENBQUM7WUFDN0MsQ0FBQztZQUVELE1BQU0sTUFBTSxHQUFHLElBQUksS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2xDLE1BQU0sTUFBTSxDQUFDLG9CQUFvQixDQUFDLElBQUksRUFBRTtnQkFDdEMsYUFBYSxFQUFFLFNBQVM7Z0JBQ3hCLGlCQUFpQjthQUNsQixDQUFDLENBQUM7WUFFSCxNQUFNLE9BQU8sR0FBRyxJQUFJLE9BQU8sQ0FBQztnQkFDMUIsT0FBTyxFQUFFLElBQUksTUFBTSxDQUFDO29CQUNsQixhQUFhLEVBQUUsSUFBSSxtQkFBbUIsQ0FBQzt3QkFDckMsU0FBUyxFQUFFLE1BQU0sQ0FBQyxhQUFhLENBQUMsV0FBVztxQkFDNUMsQ0FBQztvQkFDRixjQUFjLEVBQUUsSUFBSSxXQUFXLEVBQUUsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLGNBQWMsQ0FBQztvQkFDaEUsYUFBYSxFQUFFLElBQUksV0FBVyxFQUFFLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxhQUFhLENBQUM7b0JBQzlELFlBQVksRUFBRSxNQUFNLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxRQUFRO2lCQUN0RCxDQUFDO2FBQ0gsQ0FBQyxDQUFDO1lBRUgsTUFBTSxpQkFBaUIsR0FBRyxVQUFVLENBQUMsd0JBQXdCLENBQUMsSUFBSSxFQUFFLFdBQVcsQ0FBQyxDQUFDO1lBQ2pGLElBQUksaUJBQWlCLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQzdCLE9BQU8sQ0FBQyx1QkFBdUIsR0FBRyxJQUFJLFVBQVUsQ0FDOUMsaUJBQWlCLENBQUMsR0FBRyxDQUNuQixDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsSUFBSSxTQUFTLENBQUMsRUFBRSxNQUFNLEVBQUUsR0FBRyxDQUFDLEdBQUcsRUFBRSxTQUFTLEVBQUUsSUFBSSxXQUFXLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxFQUFFLENBQUMsQ0FDbkYsQ0FDRixDQUFDO1lBQ0osQ0FBQztZQUVELFdBQVcsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDNUIsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLFVBQVUsQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1FBQ2pELE1BQU0sT0FBTyxHQUFHLElBQUksV0FBVyxDQUFDO1lBQzlCLFVBQVUsRUFBRSxJQUFJLFVBQVUsQ0FBQztnQkFDekIsV0FBVztnQkFDWCxpQkFBaUIsRUFBRSxJQUFJLFVBQVUsQ0FBQztvQkFDaEMsSUFBSSxTQUFTLENBQUM7d0JBQ1osTUFBTSxFQUFFLFNBQVMsQ0FBQyxjQUFjO3dCQUNoQyxTQUFTLEVBQUUsSUFBSSxXQUFXLENBQUMsUUFBUSxDQUFDO3FCQUNyQyxDQUFDO2lCQUNILENBQUM7YUFDSCxDQUFDO1NBQ0gsQ0FBQyxDQUFDO1FBRUgsTUFBTSxhQUFhLEdBQUcsTUFBTSxVQUFVLENBQUMsZUFBZSxDQUFDLE9BQU8sRUFBRSxPQUFPLENBQUMsQ0FBQztRQUV6RSxNQUFNLFNBQVMsR0FBRyxNQUFNLFVBQVUsQ0FBQyxvQkFBb0IsQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUN2RSxJQUFJLFNBQVMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxTQUFTLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUMzRCxNQUFNLElBQUksS0FBSyxDQUFDLG9EQUFvRCxDQUFDLENBQUM7UUFDeEUsQ0FBQztRQUVELE1BQU0sWUFBWSxHQUF3QixFQUFFLENBQUM7UUFDN0MsSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUN6QixhQUFhLENBQUMsS0FBSyxHQUFHLGtCQUFrQixDQUFDO1lBQ3pDLFlBQVksQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUMsQ0FBQztRQUMzQixDQUFDO2FBQU0sQ0FBQztZQUNOLFlBQVksQ0FBQyxJQUFJLENBQUMsR0FBRyxrQkFBa0IsQ0FBQyxDQUFDO1FBQzNDLENBQUM7UUFFRCxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsRUFBRSxZQUFZLEVBQUUsQ0FBQyxDQUFDO1FBQzdDLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsS0FBSyxDQUFDLGVBQWUsQ0FDbEMsT0FBZSxFQUNmLE9BQW9CO1FBRXBCLE1BQU0sWUFBWSxHQUFHLE1BQU0sS0FBSyxDQUFDLE9BQU8sRUFBRTtZQUN4QyxNQUFNLEVBQUUsTUFBTTtZQUNkLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsMEJBQTBCO2FBQzNDO1lBQ0QsWUFBWSxFQUFFLGFBQWE7WUFDM0IsSUFBSSxFQUFFLGFBQWEsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDO1NBQ3ZDLENBQUMsQ0FBQztRQUVILE1BQU0sYUFBYSxHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwRSxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQUMsOERBQThELENBQUMsQ0FBQztRQUNsRixDQUFDO1FBRUQsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkQsYUFBYSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FDN0QsQ0FBQztRQUVGLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsa0JBQWtCO1FBQy9CLE9BQU8sS0FBSyxDQUFDLGVBQWUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFTyxNQUFNLENBQUMsb0JBQW9CLENBQUMsYUFBc0M7UUFDeEUsTUFBTSxjQUFjLEdBQUcsYUFBYSxDQUFDLGVBQWUsRUFBRSxrQkFBa0IsRUFBRSxJQUFJLENBQzVFLENBQUMsU0FBUyxFQUFFLEVBQUUsQ0FBQyxTQUFTLENBQUMsTUFBTSxLQUFLLFNBQVMsQ0FBQyxjQUFjLENBQzdELENBQUM7UUFDRixPQUFPLGNBQWMsSUFBSSxNQUFNLENBQUMsSUFBSSxDQUFDLGNBQWMsQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFTyxNQUFNLENBQUMsd0JBQXdCLENBQ3JDLElBQXVCLEVBQ3ZCLFdBQXFCO1FBRXJCLE9BQU8sV0FBVzthQUNmLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQ1gsTUFBTSxLQUFLLEdBQUcsa0JBQWtCLENBQUMsaUJBQWlCLENBQUMsSUFBSSxFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBRTlELE9BQU8sRUFBRSxHQUFHLEVBQUUsS0FBSyxFQUFFLENBQUM7UUFDeEIsQ0FBQyxDQUFDO2FBQ0QsTUFBTSxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQyxDQUFzQixDQUFDO0lBQzlELENBQUM7Q0FDRiJ9

package/dist/mjs/certificates/serializer.d.ts

@@ -1,5 +1,10 @@
+import { BlockchainCert } from './types.js';
+export declare const BLOCKCHAIN_CERT_TBS_PARTS: string[];
 export declare class CertificateSerializer {
     static serializeCertChain(certChainPem: string): string;
     static deserializeCertChain(input: string): string;
     static isSerializedCertChain(certChainBase64: string): boolean;
+    static serializeForBlockchain(certPem: string): BlockchainCert;
+    static deserializeFromBlockchain(data: BlockchainCert): string;
+    private static getPart;
 }

package/dist/mjs/certificates/serializer.js

@@ -1,6 +1,20 @@
+import forge from 'node-forge';
+import _ from 'lodash';
+import { CertificateBinarySplitter, CertificateNonOidParts } from './binary-splitter.js';
 import { CertificatesHelper } from './helper.js';
+import { OID_CUSTOM_EXTENSION_USER_DATA } from '../constants.js';
+import { OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID, OID_CUSTOM_EXTENSION_CHALLENGE_ID, } from '@super-protocol/pki-common';
 const CERTS_CHAIN_DELIMITER = ';';
 const CERTS_SERIALIZATION_PREFIX = 'certs:';
+export const BLOCKCHAIN_CERT_TBS_PARTS = [
+    'serialNumber',
+    'expirationDate',
+    'publicKey',
+    'ca',
+    'userData',
+    'mrEnclave',
+    'mrSigner',
+];
 export class CertificateSerializer {
     static serializeCertChain(certChainPem) {
         const certsDer = CertificatesHelper.pemChainToDer(certChainPem);
@@ -19,5 +33,84 @@ export class CertificateSerializer {
     static isSerializedCertChain(certChainBase64) {
         return certChainBase64.startsWith(CERTS_SERIALIZATION_PREFIX);
     }
+    static serializeForBlockchain(certPem) {
+        const certAlgorithm = CertificatesHelper.getCertPublicKeyAlgorithm(certPem);
+        if (certAlgorithm.name !== 'ECDSA' || certAlgorithm.namedCurve !== 'K-256') {
+            throw new Error(`Unsupported certificate algorithm: ${certAlgorithm.name}${certAlgorithm.namedCurve ? `with curve ${certAlgorithm.namedCurve}` : ''}. Only ECDSA with secp256k1 curve is supported.`);
+        }
+        const certDer = CertificatesHelper.pemToDer(certPem);
+        const parts = new CertificateBinarySplitter(certDer).split([
+            CertificateNonOidParts.SERIAL_NUMBER,
+            CertificateNonOidParts.SIGNATURE,
+            CertificateNonOidParts.NOT_AFTER,
+            CertificateNonOidParts.SUBJECT_PUBLIC_KEY_INFO,
+        ], [
+            forge.pki.oids['basicConstraints'],
+            OID_CUSTOM_EXTENSION_USER_DATA,
+            OID_CUSTOM_EXTENSION_CHALLENGE_ID,
+            OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID,
+        ]);
+        const [nonSerializedParts, serializedParts] = _.partition(parts, (part) => part instanceof Uint8Array);
+        const expirationDate = CertificateSerializer.getPart(serializedParts, 'notAfter');
+        const serial = CertificateSerializer.getPart(serializedParts, 'serialNumber');
+        const publicKey = CertificateSerializer.getPart(serializedParts, 'publicKey');
+        const ca = CertificateSerializer.getPart(serializedParts, forge.pki.oids['basicConstraints']);
+        const userData = CertificateSerializer.getPart(serializedParts, OID_CUSTOM_EXTENSION_USER_DATA, false);
+        const mrEnclave = CertificateSerializer.getPart(serializedParts, OID_CUSTOM_EXTENSION_CHALLENGE_ID, false);
+        const mrSigner = CertificateSerializer.getPart(serializedParts, OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID, false);
+        const signature = CertificateSerializer.getPart(serializedParts, 'signature');
+        if (serializedParts.length !== 0) {
+            throw new Error(`Unexpected serialized parts found in certificate: ${serializedParts.map((part) => part.name || part.oid).join(', ')}`);
+        }
+        return {
+            nonSerializedParts,
+            expirationDate: expirationDate.value,
+            ca: ca.value,
+            userData: userData?.value,
+            serialNumber: serial.value,
+            signature: signature.value,
+            publicKey: publicKey.value,
+            mrEnclave: mrEnclave?.value,
+            mrSigner: mrSigner?.value,
+        };
+    }
+    static deserializeFromBlockchain(data) {
+        const bufferParts = [];
+        bufferParts.push(Buffer.from(data.nonSerializedParts[0]));
+        bufferParts.push(Buffer.from(data.nonSerializedParts[1]));
+        let partIndex = 2;
+        for (const field of BLOCKCHAIN_CERT_TBS_PARTS) {
+            const value = data[field];
+            if (value) {
+                bufferParts.push(Buffer.from(value));
+                if (partIndex < data.nonSerializedParts.length) {
+                    bufferParts.push(Buffer.from(data.nonSerializedParts[partIndex++]));
+                }
+            }
+        }
+        // adding signature part
+        // if no custom extensions, it is needed to add additional block with keyUsage extension
+        // if custom extension present - keyUsage extension will be a part of block before this custom extension
+        // 3 - because asn1 bytes between r and s values are 2 or 3 bytes long (2 for positive value, 3 for negative value)
+        if (data.nonSerializedParts[partIndex]?.byteLength > 3) {
+            bufferParts.push(Buffer.from(data.nonSerializedParts[partIndex++]));
+        }
+        const rValue = data.signature.slice(0, 32);
+        bufferParts.push(Buffer.from(rValue));
+        if (partIndex < data.nonSerializedParts.length) {
+            bufferParts.push(Buffer.from(data.nonSerializedParts[partIndex++]));
+        }
+        const sValue = data.signature.slice(32, 64);
+        bufferParts.push(Buffer.from(sValue));
+        const certDer = Buffer.concat(bufferParts);
+        return CertificatesHelper.derToPem(certDer);
+    }
+    static getPart(parts, nameOrOid, mandatory = true) {
+        const part = _.remove(parts, (part) => part.name === nameOrOid || part.oid === nameOrOid)[0];
+        if (!part && mandatory) {
+            throw new Error(`Part with name or OID "${nameOrOid}" not found in certificate`);
+        }
+        return part;
+    }
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VyaWFsaXplci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvc2VyaWFsaXplci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFakQsTUFBTSxxQkFBcUIsR0FBRyxHQUFHLENBQUM7QUFDbEMsTUFBTSwwQkFBMEIsR0FBRyxRQUFRLENBQUM7QUFFNUMsTUFBTSxPQUFPLHFCQUFxQjtJQUNoQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsWUFBb0I7UUFDNUMsTUFBTSxRQUFRLEdBQUcsa0JBQWtCLENBQUMsYUFBYSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBRWhFLE9BQU8sR0FBRywwQkFBMEIsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxFQUFFLENBQUM7SUFDcEksQ0FBQztJQUVELE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxLQUFhO1FBQ3ZDLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLDBCQUEwQixDQUFDLEVBQUUsQ0FBQztZQUNsRCxNQUFNLElBQUksS0FBSyxDQUFDLG1CQUFtQiwwQkFBMEIsWUFBWSxDQUFDLENBQUM7UUFDN0UsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLEtBQUs7YUFDbkIsS0FBSyxDQUFDLDBCQUEwQixDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3JDLEVBQUUsS0FBSyxDQUFDLHFCQUFxQixDQUFDO1lBQzlCLEVBQUUsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQyxDQUFDO1FBQy9DLE9BQU8sa0JBQWtCLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRCxNQUFNLENBQUMscUJBQXFCLENBQUMsZUFBdUI7UUFDbEQsT0FBTyxlQUFlLENBQUMsVUFBVSxDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDaEUsQ0FBQztDQUNGIn0=
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2VyaWFsaXplci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvc2VyaWFsaXplci50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEtBQUssTUFBTSxZQUFZLENBQUM7QUFDL0IsT0FBTyxDQUFDLE1BQU0sUUFBUSxDQUFDO0FBQ3ZCLE9BQU8sRUFBRSx5QkFBeUIsRUFBRSxzQkFBc0IsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ3pGLE9BQU8sRUFBRSxrQkFBa0IsRUFBRSxNQUFNLGFBQWEsQ0FBQztBQUNqRCxPQUFPLEVBQUUsOEJBQThCLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUNqRSxPQUFPLEVBQ0wsd0NBQXdDLEVBQ3hDLGlDQUFpQyxHQUNsQyxNQUFNLDRCQUE0QixDQUFDO0FBR3BDLE1BQU0scUJBQXFCLEdBQUcsR0FBRyxDQUFDO0FBQ2xDLE1BQU0sMEJBQTBCLEdBQUcsUUFBUSxDQUFDO0FBRTVDLE1BQU0sQ0FBQyxNQUFNLHlCQUF5QixHQUFHO0lBQ3ZDLGNBQWM7SUFDZCxnQkFBZ0I7SUFDaEIsV0FBVztJQUNYLElBQUk7SUFDSixVQUFVO0lBQ1YsV0FBVztJQUNYLFVBQVU7Q0FDWCxDQUFDO0FBRUYsTUFBTSxPQUFPLHFCQUFxQjtJQUNoQyxNQUFNLENBQUMsa0JBQWtCLENBQUMsWUFBb0I7UUFDNUMsTUFBTSxRQUFRLEdBQUcsa0JBQWtCLENBQUMsYUFBYSxDQUFDLFlBQVksQ0FBQyxDQUFDO1FBRWhFLE9BQU8sR0FBRywwQkFBMEIsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxxQkFBcUIsQ0FBQyxFQUFFLENBQUM7SUFDcEksQ0FBQztJQUVELE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxLQUFhO1FBQ3ZDLElBQUksQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLDBCQUEwQixDQUFDLEVBQUUsQ0FBQztZQUNsRCxNQUFNLElBQUksS0FBSyxDQUFDLG1CQUFtQiwwQkFBMEIsWUFBWSxDQUFDLENBQUM7UUFDN0UsQ0FBQztRQUVELE1BQU0sUUFBUSxHQUFHLEtBQUs7YUFDbkIsS0FBSyxDQUFDLDBCQUEwQixDQUFDLENBQUMsQ0FBQyxDQUFDO1lBQ3JDLEVBQUUsS0FBSyxDQUFDLHFCQUFxQixDQUFDO1lBQzlCLEVBQUUsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQyxDQUFDO1FBQy9DLE9BQU8sa0JBQWtCLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3BELENBQUM7SUFFRCxNQUFNLENBQUMscUJBQXFCLENBQUMsZUFBdUI7UUFDbEQsT0FBTyxlQUFlLENBQUMsVUFBVSxDQUFDLDBCQUEwQixDQUFDLENBQUM7SUFDaEUsQ0FBQztJQUVELE1BQU0sQ0FBQyxzQkFBc0IsQ0FBQyxPQUFlO1FBQzNDLE1BQU0sYUFBYSxHQUFHLGtCQUFrQixDQUFDLHlCQUF5QixDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzVFLElBQUksYUFBYSxDQUFDLElBQUksS0FBSyxPQUFPLElBQUksYUFBYSxDQUFDLFVBQVUsS0FBSyxPQUFPLEVBQUUsQ0FBQztZQUMzRSxNQUFNLElBQUksS0FBSyxDQUNiLHNDQUFzQyxhQUFhLENBQUMsSUFBSSxHQUFHLGFBQWEsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDLGNBQWMsYUFBYSxDQUFDLFVBQVUsRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLGlEQUFpRCxDQUNyTCxDQUFDO1FBQ0osQ0FBQztRQUVELE1BQU0sT0FBTyxHQUFHLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUVyRCxNQUFNLEtBQUssR0FBRyxJQUFJLHlCQUF5QixDQUFDLE9BQU8sQ0FBQyxDQUFDLEtBQUssQ0FDeEQ7WUFDRSxzQkFBc0IsQ0FBQyxhQUFhO1lBQ3BDLHNCQUFzQixDQUFDLFNBQVM7WUFDaEMsc0JBQXNCLENBQUMsU0FBUztZQUNoQyxzQkFBc0IsQ0FBQyx1QkFBdUI7U0FDL0MsRUFDRDtZQUNFLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDO1lBQ2xDLDhCQUE4QjtZQUM5QixpQ0FBaUM7WUFDakMsd0NBQXdDO1NBQ3pDLENBQ0YsQ0FBQztRQUVGLE1BQU0sQ0FBQyxrQkFBa0IsRUFBRSxlQUFlLENBQUMsR0FBRyxDQUFDLENBQUMsU0FBUyxDQUN2RCxLQUFLLEVBQ0wsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksWUFBWSxVQUFVLENBQ0QsQ0FBQztRQUV0QyxNQUFNLGNBQWMsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsZUFBZSxFQUFFLFVBQVUsQ0FBQyxDQUFDO1FBQ2xGLE1BQU0sTUFBTSxHQUFHLHFCQUFxQixDQUFDLE9BQU8sQ0FBQyxlQUFlLEVBQUUsY0FBYyxDQUFDLENBQUM7UUFDOUUsTUFBTSxTQUFTLEdBQUcscUJBQXFCLENBQUMsT0FBTyxDQUFDLGVBQWUsRUFBRSxXQUFXLENBQUMsQ0FBQztRQUM5RSxNQUFNLEVBQUUsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsZUFBZSxFQUFFLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLENBQUMsQ0FBQztRQUM5RixNQUFNLFFBQVEsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQzVDLGVBQWUsRUFDZiw4QkFBOEIsRUFDOUIsS0FBSyxDQUNOLENBQUM7UUFDRixNQUFNLFNBQVMsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQzdDLGVBQWUsRUFDZixpQ0FBaUMsRUFDakMsS0FBSyxDQUNOLENBQUM7UUFDRixNQUFNLFFBQVEsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQzVDLGVBQWUsRUFDZix3Q0FBd0MsRUFDeEMsS0FBSyxDQUNOLENBQUM7UUFDRixNQUFNLFNBQVMsR0FBRyxxQkFBcUIsQ0FBQyxPQUFPLENBQUMsZUFBZSxFQUFFLFdBQVcsQ0FBQyxDQUFDO1FBRTlFLElBQUksZUFBZSxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUNqQyxNQUFNLElBQUksS0FBSyxDQUNiLHFEQUFxRCxlQUFlLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxJQUFJLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FDdkgsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPO1lBQ0wsa0JBQWtCO1lBQ2xCLGNBQWMsRUFBRSxjQUFjLENBQUMsS0FBSztZQUNwQyxFQUFFLEVBQUUsRUFBRSxDQUFDLEtBQUs7WUFDWixRQUFRLEVBQUUsUUFBUSxFQUFFLEtBQUs7WUFDekIsWUFBWSxFQUFFLE1BQU0sQ0FBQyxLQUFLO1lBQzFCLFNBQVMsRUFBRSxTQUFTLENBQUMsS0FBSztZQUMxQixTQUFTLEVBQUUsU0FBUyxDQUFDLEtBQUs7WUFDMUIsU0FBUyxFQUFFLFNBQVMsRUFBRSxLQUFLO1lBQzNCLFFBQVEsRUFBRSxRQUFRLEVBQUUsS0FBSztTQUMxQixDQUFDO0lBQ0osQ0FBQztJQUVELE1BQU0sQ0FBQyx5QkFBeUIsQ0FBQyxJQUFvQjtRQUNuRCxNQUFNLFdBQVcsR0FBYSxFQUFFLENBQUM7UUFFakMsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDMUQsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFFMUQsSUFBSSxTQUFTLEdBQUcsQ0FBQyxDQUFDO1FBRWxCLEtBQUssTUFBTSxLQUFLLElBQUkseUJBQXlCLEVBQUUsQ0FBQztZQUM5QyxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsS0FBNkIsQ0FBQyxDQUFDO1lBQ2xELElBQUksS0FBSyxFQUFFLENBQUM7Z0JBQ1YsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQW1CLENBQUMsQ0FBQyxDQUFDO2dCQUNuRCxJQUFJLFNBQVMsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTSxFQUFFLENBQUM7b0JBQy9DLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsU0FBUyxFQUFFLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ3RFLENBQUM7WUFDSCxDQUFDO1FBQ0gsQ0FBQztRQUVELHdCQUF3QjtRQUN4Qix3RkFBd0Y7UUFDeEYsd0dBQXdHO1FBQ3hHLG1IQUFtSDtRQUNuSCxJQUFJLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxTQUFTLENBQUMsRUFBRSxVQUFVLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDdkQsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN0RSxDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQzNDLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFvQixDQUFDLENBQUMsQ0FBQztRQUNwRCxJQUFJLFNBQVMsR0FBRyxJQUFJLENBQUMsa0JBQWtCLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDL0MsV0FBVyxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN0RSxDQUFDO1FBQ0QsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxFQUFFLEVBQUUsQ0FBQyxDQUFDO1FBQzVDLFdBQVcsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxNQUFvQixDQUFDLENBQUMsQ0FBQztRQUVwRCxNQUFNLE9BQU8sR0FBRyxNQUFNLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQzNDLE9BQU8sa0JBQWtCLENBQUMsUUFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBQzlDLENBQUM7SUFFTyxNQUFNLENBQUMsT0FBTyxDQUNwQixLQUF1QixFQUN2QixTQUFpQixFQUNqQixTQUFTLEdBQUcsSUFBSTtRQUVoQixNQUFNLElBQUksR0FBRyxDQUFDLENBQUMsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLElBQUksS0FBSyxTQUFTLElBQUksSUFBSSxDQUFDLEdBQUcsS0FBSyxTQUFTLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM3RixJQUFJLENBQUMsSUFBSSxJQUFJLFNBQVMsRUFBRSxDQUFDO1lBQ3ZCLE1BQU0sSUFBSSxLQUFLLENBQUMsMEJBQTBCLFNBQVMsNEJBQTRCLENBQUMsQ0FBQztRQUNuRixDQUFDO1FBRUQsT0FBTyxJQUFJLENBQUM7SUFDZCxDQUFDO0NBQ0YifQ==

package/dist/mjs/certificates/setup-crypto.d.ts

@@ -0,0 +1,3 @@
+import webcrypto from '@peculiar/webcrypto';
+declare const cryptoProvider: webcrypto.Crypto;
+export { cryptoProvider };

package/dist/mjs/certificates/setup-crypto.js

@@ -0,0 +1,22 @@
+import * as x509 from '@peculiar/x509';
+import webcrypto from '@peculiar/webcrypto';
+import * as pkijs from 'pkijs';
+const cryptoProvider = new webcrypto.Crypto();
+x509.cryptoProvider.set(cryptoProvider);
+pkijs.setEngine('Node', new pkijs.CryptoEngine({ name: 'Node', crypto: cryptoProvider }));
+pkijs.ECNamedCurves.register('K-256', '1.3.132.0.10', 32);
+const originGetAlgorithmByOIDFn = pkijs.CryptoEngine.prototype.getAlgorithmByOID;
+function getAlgorithmByOID(oid, safety, target) {
+    if (oid === '1.3.132.0.10') {
+        return {
+            name: 'K-256',
+        };
+    }
+    return originGetAlgorithmByOIDFn(oid, safety, target);
+}
+pkijs.CryptoEngine.prototype.getAlgorithmByOID = getAlgorithmByOID;
+x509.PemConverter.isPem = (data) => {
+    return typeof data === 'string' && data.startsWith('-----BEGIN');
+};
+export { cryptoProvider };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2V0dXAtY3J5cHRvLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9zZXR1cC1jcnlwdG8udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxLQUFLLElBQUksTUFBTSxnQkFBZ0IsQ0FBQztBQUN2QyxPQUFPLFNBQVMsTUFBTSxxQkFBcUIsQ0FBQztBQUM1QyxPQUFPLEtBQUssS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUUvQixNQUFNLGNBQWMsR0FBRyxJQUFJLFNBQVMsQ0FBQyxNQUFNLEVBQUUsQ0FBQztBQUU5QyxJQUFJLENBQUMsY0FBYyxDQUFDLEdBQUcsQ0FBQyxjQUFjLENBQUMsQ0FBQztBQUV4QyxLQUFLLENBQUMsU0FBUyxDQUFDLE1BQU0sRUFBRSxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUMsRUFBRSxJQUFJLEVBQUUsTUFBTSxFQUFFLE1BQU0sRUFBRSxjQUFjLEVBQUUsQ0FBQyxDQUFDLENBQUM7QUFFMUYsS0FBSyxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsT0FBTyxFQUFFLGNBQWMsRUFBRSxFQUFFLENBQUMsQ0FBQztBQUUxRCxNQUFNLHlCQUF5QixHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsU0FBUyxDQUFDLGlCQUFpQixDQUFDO0FBQ2pGLFNBQVMsaUJBQWlCLENBQUMsR0FBVyxFQUFFLE1BQWdCLEVBQUUsTUFBZTtJQUN2RSxJQUFJLEdBQUcsS0FBSyxjQUFjLEVBQUUsQ0FBQztRQUMzQixPQUFPO1lBQ0wsSUFBSSxFQUFFLE9BQU87U0FDZCxDQUFDO0lBQ0osQ0FBQztJQUVELE9BQU8seUJBQXlCLENBQUMsR0FBRyxFQUFFLE1BQU0sRUFBRSxNQUFNLENBQUMsQ0FBQztBQUN4RCxDQUFDO0FBQ0QsS0FBSyxDQUFDLFlBQVksQ0FBQyxTQUFTLENBQUMsaUJBQWlCLEdBQUcsaUJBQWlCLENBQUM7QUFFbkUsSUFBSSxDQUFDLFlBQVksQ0FBQyxLQUFLLEdBQUcsQ0FBQyxJQUFZLEVBQWtCLEVBQUU7SUFDekQsT0FBTyxPQUFPLElBQUksS0FBSyxRQUFRLElBQUksSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUMsQ0FBQztBQUNuRSxDQUFDLENBQUM7QUFFRixPQUFPLEVBQUUsY0FBYyxFQUFFLENBQUMifQ==

package/dist/mjs/certificates/testing-generate.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/mjs/certificates/testing-generate.js

@@ -0,0 +1,110 @@
+import { OID_CUSTOM_EXTENSION_CHALLENGE_ID } from '@super-protocol/pki-common';
+import { CertificateGenerator } from './generator.js';
+import { CertificatesHelper } from './helper.js';
+import fs from 'fs';
+import { CryptoKeysTransformer } from '../utils/CryptoKeysTransformer.js';
+import { OID_CUSTOM_EXTENSION_USER_DATA } from '../constants.js';
+// const signatureAlgorithm: SignatureAlgorithm = 'ECDSA-P-256-SHA256';
+const signatureAlgorithm = 'ECDSA-secp256k1-SHA256';
+void (async () => {
+    const orderCertPem = await fs.promises.readFile('order_cert.crt', 'utf8');
+    const mrEnclave = CertificatesHelper.getExtensionValue(orderCertPem, OID_CUSTOM_EXTENSION_CHALLENGE_ID);
+    const userDataHashFromCert = CertificatesHelper.getExtensionValue(orderCertPem, OID_CUSTOM_EXTENSION_USER_DATA);
+    const rootSubject = {
+        country: 'US',
+        stateName: 'California',
+        localityName: 'San Francisco',
+        organization: 'Super Protocol',
+        organizationalUnit: 'Development',
+        commonName: 'Root CA',
+    };
+    const subroot1 = {
+        country: 'US',
+        stateName: 'California',
+        localityName: 'San Francisco',
+        organization: 'Super Protocol',
+        organizationalUnit: 'Development',
+        commonName: 'Subroot1 CA',
+    };
+    const subroot2 = {
+        country: 'US',
+        stateName: 'California',
+        localityName: 'San Francisco',
+        organization: 'Super Protocol',
+        organizationalUnit: 'Development',
+        commonName: 'Subroot Level 2 CA',
+    };
+    const rootCertKeys = await CertificateGenerator.generateKeys(signatureAlgorithm);
+    const rootPrivatePem = await CryptoKeysTransformer.cryptoKeyToPkcs8Pem(rootCertKeys.privateKey);
+    const rootPublicPem = await CryptoKeysTransformer.cryptoKeyToSpkiPem(rootCertKeys.publicKey);
+    const rootCertParams = {
+        subject: rootSubject,
+        issuer: rootSubject,
+        notAfter: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
+        ca: true,
+        dnsNames: ['sp.superprotocol.io', 'superprotocol.io', '127.0.0.1'],
+        publicKey: rootPublicPem,
+        privateKey: rootPrivatePem,
+    };
+    const rootCert = await CertificateGenerator.generateCert(rootCertParams);
+    const alg = CertificatesHelper.getCertPublicKeyAlgorithm(rootCert);
+    alg;
+    const subroot1Keys = await CertificateGenerator.generateKeys(signatureAlgorithm);
+    const subroot1CertParams = {
+        subject: subroot1,
+        issuer: rootSubject,
+        privateKey: rootCertKeys.privateKey,
+        notAfter: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
+        ca: true,
+        dnsNames: ['sp.superprotocol.io', 'superprotocol.io'],
+        customExtensions: [
+            {
+                oid: OID_CUSTOM_EXTENSION_USER_DATA,
+                value: userDataHashFromCert,
+            },
+            {
+                oid: '1.3.6.1.3.8888.1.1',
+                value: Buffer.from('tdx', 'utf8'),
+            },
+            {
+                oid: '1.3.6.1.3.8888.1.2',
+                value: mrEnclave,
+            },
+        ],
+        publicKey: subroot1Keys.publicKey,
+    };
+    const subroot1Cert = await CertificateGenerator.generateCert(subroot1CertParams);
+    const subroot2Keys = await CertificateGenerator.generateKeys(signatureAlgorithm);
+    const subrootLevel2CertParams = {
+        subject: subroot2,
+        issuer: subroot1,
+        privateKey: subroot1Keys.privateKey,
+        notAfter: new Date(Date.now() + 365 * 24 * 60 * 60 * 1000), // 1 year
+        ca: false,
+        dnsNames: ['sp.superprotocol.io', 'superprotocol.io'],
+        customExtensions: [
+            {
+                oid: OID_CUSTOM_EXTENSION_CHALLENGE_ID,
+                value: Buffer.from('tdx', 'utf8'),
+            },
+            {
+                oid: '1.3.6.1.3.8888.1.2',
+                value: mrEnclave,
+            },
+        ],
+        publicKey: subroot2Keys.publicKey,
+    };
+    const subrootLevel2Cert = await CertificateGenerator.generateCert(subrootLevel2CertParams);
+    // const rootCertPem = CertificatesHelper.derToPem(rootCert.certificate.toSchema().toBER());
+    // const subroot1CertPem = CertificatesHelper.derToPem(subroot1Cert.certificate.toSchema().toBER());
+    // const subrootLevel2CertPem = CertificatesHelper.derToPem(
+    //   subrootLevel2Cert.certificate.toSchema().toBER(),
+    // );
+    const certsPem = [subrootLevel2Cert, subroot1Cert];
+    const validateResult = await CertificatesHelper.validateCertChain(certsPem, rootCert);
+    console.log(JSON.stringify(validateResult, null, 2));
+    await fs.promises.writeFile(`pkijsCert-root-${signatureAlgorithm}.crt`, rootCert, 'utf8');
+    await fs.promises.writeFile(`pkijsCert-subroot1-${signatureAlgorithm}.crt`, subroot1Cert, 'utf8');
+    await fs.promises.writeFile(`pkijsCert-subroot2-${signatureAlgorithm}.crt`, subrootLevel2Cert, 'utf8');
+})();
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGVzdGluZy1nZW5lcmF0ZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvdGVzdGluZy1nZW5lcmF0ZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEVBQUUsaUNBQWlDLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUMvRSxPQUFPLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSxnQkFBZ0IsQ0FBQztBQUN0RCxPQUFPLEVBQUUsa0JBQWtCLEVBQUUsTUFBTSxhQUFhLENBQUM7QUFFakQsT0FBTyxFQUFFLE1BQU0sSUFBSSxDQUFDO0FBQ3BCLE9BQU8sRUFBRSxxQkFBcUIsRUFBRSxNQUFNLG1DQUFtQyxDQUFDO0FBQzFFLE9BQU8sRUFBRSw4QkFBOEIsRUFBRSxNQUFNLGlCQUFpQixDQUFDO0FBRWpFLHVFQUF1RTtBQUN2RSxNQUFNLGtCQUFrQixHQUF1Qix3QkFBd0IsQ0FBQztBQUV4RSxLQUFLLENBQUMsS0FBSyxJQUFJLEVBQUU7SUFDZixNQUFNLFlBQVksR0FBRyxNQUFNLEVBQUUsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLGdCQUFnQixFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQzFFLE1BQU0sU0FBUyxHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUNwRCxZQUFZLEVBQ1osaUNBQWlDLENBQ2xDLENBQUM7SUFFRixNQUFNLG9CQUFvQixHQUFHLGtCQUFrQixDQUFDLGlCQUFpQixDQUMvRCxZQUFZLEVBQ1osOEJBQThCLENBQy9CLENBQUM7SUFFRixNQUFNLFdBQVcsR0FBRztRQUNsQixPQUFPLEVBQUUsSUFBSTtRQUNiLFNBQVMsRUFBRSxZQUFZO1FBQ3ZCLFlBQVksRUFBRSxlQUFlO1FBQzdCLFlBQVksRUFBRSxnQkFBZ0I7UUFDOUIsa0JBQWtCLEVBQUUsYUFBYTtRQUNqQyxVQUFVLEVBQUUsU0FBUztLQUN0QixDQUFDO0lBRUYsTUFBTSxRQUFRLEdBQUc7UUFDZixPQUFPLEVBQUUsSUFBSTtRQUNiLFNBQVMsRUFBRSxZQUFZO1FBQ3ZCLFlBQVksRUFBRSxlQUFlO1FBQzdCLFlBQVksRUFBRSxnQkFBZ0I7UUFDOUIsa0JBQWtCLEVBQUUsYUFBYTtRQUNqQyxVQUFVLEVBQUUsYUFBYTtLQUMxQixDQUFDO0lBRUYsTUFBTSxRQUFRLEdBQUc7UUFDZixPQUFPLEVBQUUsSUFBSTtRQUNiLFNBQVMsRUFBRSxZQUFZO1FBQ3ZCLFlBQVksRUFBRSxlQUFlO1FBQzdCLFlBQVksRUFBRSxnQkFBZ0I7UUFDOUIsa0JBQWtCLEVBQUUsYUFBYTtRQUNqQyxVQUFVLEVBQUUsb0JBQW9CO0tBQ2pDLENBQUM7SUFFRixNQUFNLFlBQVksR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ2pGLE1BQU0sY0FBYyxHQUFHLE1BQU0scUJBQXFCLENBQUMsbUJBQW1CLENBQUMsWUFBWSxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQ2hHLE1BQU0sYUFBYSxHQUFHLE1BQU0scUJBQXFCLENBQUMsa0JBQWtCLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO0lBQzdGLE1BQU0sY0FBYyxHQUF1QjtRQUN6QyxPQUFPLEVBQUUsV0FBVztRQUNwQixNQUFNLEVBQUUsV0FBVztRQUNuQixRQUFRLEVBQUUsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLEdBQUcsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsRUFBRSxTQUFTO1FBQ3JFLEVBQUUsRUFBRSxJQUFJO1FBQ1IsUUFBUSxFQUFFLENBQUMscUJBQXFCLEVBQUUsa0JBQWtCLEVBQUUsV0FBVyxDQUFDO1FBQ2xFLFNBQVMsRUFBRSxhQUFhO1FBQ3hCLFVBQVUsRUFBRSxjQUFjO0tBQzNCLENBQUM7SUFDRixNQUFNLFFBQVEsR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxjQUFjLENBQUMsQ0FBQztJQUV6RSxNQUFNLEdBQUcsR0FBRyxrQkFBa0IsQ0FBQyx5QkFBeUIsQ0FBQyxRQUFRLENBQUMsQ0FBQztJQUNuRSxHQUFHLENBQUM7SUFFSixNQUFNLFlBQVksR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBQ2pGLE1BQU0sa0JBQWtCLEdBQXVCO1FBQzdDLE9BQU8sRUFBRSxRQUFRO1FBQ2pCLE1BQU0sRUFBRSxXQUFXO1FBQ25CLFVBQVUsRUFBRSxZQUFZLENBQUMsVUFBVTtRQUNuQyxRQUFRLEVBQUUsSUFBSSxJQUFJLENBQUMsSUFBSSxDQUFDLEdBQUcsRUFBRSxHQUFHLEdBQUcsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLEVBQUUsR0FBRyxJQUFJLENBQUMsRUFBRSxTQUFTO1FBQ3JFLEVBQUUsRUFBRSxJQUFJO1FBQ1IsUUFBUSxFQUFFLENBQUMscUJBQXFCLEVBQUUsa0JBQWtCLENBQUM7UUFDckQsZ0JBQWdCLEVBQUU7WUFDaEI7Z0JBQ0UsR0FBRyxFQUFFLDhCQUE4QjtnQkFDbkMsS0FBSyxFQUFFLG9CQUFxQjthQUM3QjtZQUNEO2dCQUNFLEdBQUcsRUFBRSxvQkFBb0I7Z0JBQ3pCLEtBQUssRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUM7YUFDbEM7WUFDRDtnQkFDRSxHQUFHLEVBQUUsb0JBQW9CO2dCQUN6QixLQUFLLEVBQUUsU0FBVTthQUNsQjtTQUNGO1FBQ0QsU0FBUyxFQUFFLFlBQVksQ0FBQyxTQUFTO0tBQ2xDLENBQUM7SUFDRixNQUFNLFlBQVksR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO0lBRWpGLE1BQU0sWUFBWSxHQUFHLE1BQU0sb0JBQW9CLENBQUMsWUFBWSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDakYsTUFBTSx1QkFBdUIsR0FBdUI7UUFDbEQsT0FBTyxFQUFFLFFBQVE7UUFDakIsTUFBTSxFQUFFLFFBQVE7UUFDaEIsVUFBVSxFQUFFLFlBQVksQ0FBQyxVQUFVO1FBQ25DLFFBQVEsRUFBRSxJQUFJLElBQUksQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLEdBQUcsR0FBRyxHQUFHLEVBQUUsR0FBRyxFQUFFLEdBQUcsRUFBRSxHQUFHLElBQUksQ0FBQyxFQUFFLFNBQVM7UUFDckUsRUFBRSxFQUFFLEtBQUs7UUFDVCxRQUFRLEVBQUUsQ0FBQyxxQkFBcUIsRUFBRSxrQkFBa0IsQ0FBQztRQUNyRCxnQkFBZ0IsRUFBRTtZQUNoQjtnQkFDRSxHQUFHLEVBQUUsaUNBQWlDO2dCQUN0QyxLQUFLLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsTUFBTSxDQUFDO2FBQ2xDO1lBQ0Q7Z0JBQ0UsR0FBRyxFQUFFLG9CQUFvQjtnQkFDekIsS0FBSyxFQUFFLFNBQVU7YUFDbEI7U0FDRjtRQUNELFNBQVMsRUFBRSxZQUFZLENBQUMsU0FBUztLQUNsQyxDQUFDO0lBQ0YsTUFBTSxpQkFBaUIsR0FBRyxNQUFNLG9CQUFvQixDQUFDLFlBQVksQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBRTNGLDRGQUE0RjtJQUM1RixvR0FBb0c7SUFDcEcsNERBQTREO0lBQzVELHNEQUFzRDtJQUN0RCxLQUFLO0lBRUwsTUFBTSxRQUFRLEdBQUcsQ0FBQyxpQkFBaUIsRUFBRSxZQUFZLENBQUMsQ0FBQztJQUVuRCxNQUFNLGNBQWMsR0FBRyxNQUFNLGtCQUFrQixDQUFDLGlCQUFpQixDQUFDLFFBQVEsRUFBRSxRQUFRLENBQUMsQ0FBQztJQUN0RixPQUFPLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxTQUFTLENBQUMsY0FBYyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBRXJELE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsa0JBQWtCLGtCQUFrQixNQUFNLEVBQUUsUUFBUSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQzFGLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsc0JBQXNCLGtCQUFrQixNQUFNLEVBQUUsWUFBWSxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ2xHLE1BQU0sRUFBRSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQ3pCLHNCQUFzQixrQkFBa0IsTUFBTSxFQUM5QyxpQkFBaUIsRUFDakIsTUFBTSxDQUNQLENBQUM7QUFDSixDQUFDLENBQUMsRUFBRSxDQUFDIn0=