@super-protocol/sdk-js 3.13.0-beta.0 → 3.13.0-beta.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/certificates/generator.js +15 -4
- package/dist/cjs/certificates/helper.d.ts +4 -2
- package/dist/cjs/certificates/helper.js +30 -16
- package/dist/cjs/certificates/ocsp.d.ts +6 -1
- package/dist/cjs/certificates/ocsp.js +203 -29
- package/dist/cjs/certificates/testing-generate.d.ts +1 -0
- package/dist/cjs/certificates/testing-generate.js +115 -0
- package/dist/cjs/certificates/types.d.ts +31 -1
- package/dist/cjs/certificates/types.js +8 -1
- package/dist/cjs/constants.d.ts +1 -0
- package/dist/cjs/constants.js +3 -2
- package/dist/cjs/utils/NonceTracker.d.ts +1 -0
- package/dist/cjs/utils/NonceTracker.js +6 -2
- package/dist/cjs/utils/TxManager.d.ts +1 -0
- package/dist/cjs/utils/TxManager.js +49 -27
- package/dist/mjs/certificates/generator.js +16 -5
- package/dist/mjs/certificates/helper.d.ts +4 -2
- package/dist/mjs/certificates/helper.js +30 -16
- package/dist/mjs/certificates/ocsp.d.ts +6 -1
- package/dist/mjs/certificates/ocsp.js +204 -30
- package/dist/mjs/certificates/testing-generate.d.ts +1 -0
- package/dist/mjs/certificates/testing-generate.js +110 -0
- package/dist/mjs/certificates/types.d.ts +31 -1
- package/dist/mjs/certificates/types.js +7 -2
- package/dist/mjs/constants.d.ts +1 -0
- package/dist/mjs/constants.js +2 -1
- package/dist/mjs/utils/NonceTracker.d.ts +1 -0
- package/dist/mjs/utils/NonceTracker.js +6 -2
- package/dist/mjs/utils/TxManager.d.ts +1 -0
- package/dist/mjs/utils/TxManager.js +50 -28
- package/package.json +4 -3
|
@@ -44,6 +44,13 @@ class CertificateGenerator {
|
|
|
44
44
|
if (params.ocspSigning) {
|
|
45
45
|
extendedKeyUsageItems.push(x509_1.ExtendedKeyUsage.ocspSigning);
|
|
46
46
|
}
|
|
47
|
+
if (params.ocspExtension) {
|
|
48
|
+
const { ocspUrl, issuerCertUrl } = params.ocspExtension;
|
|
49
|
+
extensions.push(new x509_1.AuthorityInfoAccessExtension({
|
|
50
|
+
ocsp: [ocspUrl],
|
|
51
|
+
...(issuerCertUrl ? { caIssuers: [issuerCertUrl] } : {}),
|
|
52
|
+
}));
|
|
53
|
+
}
|
|
47
54
|
if (extendedKeyUsageItems.length) {
|
|
48
55
|
extensions.push(new x509_1.ExtendedKeyUsageExtension(extendedKeyUsageItems, false));
|
|
49
56
|
}
|
|
@@ -133,7 +140,7 @@ class CertificateGenerator {
|
|
|
133
140
|
}
|
|
134
141
|
const publicKey = await setup_crypto_js_1.cryptoProvider.subtle.importKey('spki', cert.publicKey.rawData, Object.assign(cert.signatureAlgorithm, cert.publicKey.algorithm), true, ['verify']);
|
|
135
142
|
return {
|
|
136
|
-
|
|
143
|
+
serialNumberHex: cert.serialNumber,
|
|
137
144
|
publicKey,
|
|
138
145
|
subject: cert.subject,
|
|
139
146
|
issuer: cert.issuer,
|
|
@@ -187,8 +194,12 @@ class CertificateGenerator {
|
|
|
187
194
|
}
|
|
188
195
|
static generateSerialNumber() {
|
|
189
196
|
const uuid = (0, crypto_1.randomUUID)().replace(/-/g, '');
|
|
190
|
-
|
|
191
|
-
|
|
197
|
+
let serial = BigInt('0x' + uuid) % MAX_X509_SERIAL;
|
|
198
|
+
// Ensure the serial number is positive in ASN1
|
|
199
|
+
if (serial.toString(2)[0] === '1') {
|
|
200
|
+
serial = serial >> 1n;
|
|
201
|
+
}
|
|
202
|
+
return serial.toString(16);
|
|
192
203
|
}
|
|
193
204
|
static getPrincipalInfo(principal) {
|
|
194
205
|
if (typeof principal === 'string') {
|
|
@@ -234,4 +245,4 @@ class CertificateGenerator {
|
|
|
234
245
|
}
|
|
235
246
|
}
|
|
236
247
|
exports.CertificateGenerator = CertificateGenerator;
|
|
237
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9nZW5lcmF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsb0RBQTRCO0FBQzVCLG1DQUFvQztBQUNwQyw0REFBK0I7QUFDL0IseUNBZ0J3QjtBQVd4Qix1REFBbUQ7QUFDbkQsZ0ZBQTBFO0FBQzFFLGtEQUFpRDtBQUVqRCxNQUFNLGVBQWUsR0FBRyxNQUFNLENBQUMsSUFBSSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztBQUV0RCxNQUFNLHFCQUFxQixHQUEyQjtJQUNwRCxVQUFVLEVBQUUsSUFBSTtJQUNoQixPQUFPLEVBQUUsR0FBRztJQUNaLFlBQVksRUFBRSxHQUFHO0lBQ2pCLFNBQVMsRUFBRSxJQUFJO0lBQ2YsWUFBWSxFQUFFLEdBQUc7SUFDakIsa0JBQWtCLEVBQUUsSUFBSTtDQUN6QixDQUFDO0FBRUYsTUFBTSxxQ0FBcUMsR0FBRyxDQUFDLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxvQkFBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0FBRWpGLE1BQWEsb0JBQW9CO0lBQy9COzs7O09BSUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxNQUEwQjtRQUNsRCxNQUFNLEVBQUUsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBRTlCLE1BQU0sRUFBRSxTQUFTLEVBQUUsVUFBVSxFQUFFLEdBQUcsTUFBTSxvQkFBb0IsQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkYsTUFBTSxnQkFBZ0IsR0FBRyxTQUFTLENBQUMsU0FBeUIsQ0FBQztRQUU3RCxNQUFNLFVBQVUsR0FBZ0IsQ0FBQyxJQUFJLGdDQUF5QixDQUFDLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUVyRixNQUFNLHFCQUFxQixHQUF1QixFQUFFLENBQUM7UUFFckQsSUFBSSxnQkFBZ0IsQ0FBQyxVQUFVLEtBQUssT0FBTyxJQUFJLE1BQU0sQ0FBQyxRQUFRLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDdkUsTUFBTSxZQUFZLEdBQXFCLE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUN2RSxJQUFJLEVBQUUsQ0FBQyxJQUFBLHVCQUFXLEVBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFvQjtnQkFDOUQsS0FBSyxFQUFFLE9BQU87YUFDZixDQUFDLENBQUMsQ0FBQztZQUNKLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxzQ0FBK0IsQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDO1lBRW5FLHFCQUFxQixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsdUJBQWdCLENBQUMsVUFBVSxFQUFFLHVCQUFnQixDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7UUFDNUYsQ0FBQztRQUVELElBQUksTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3ZCLHFCQUFxQixDQUFDLElBQUksQ0FBQyx1QkFBZ0IsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMzRCxDQUFDO1FBRUQsSUFBSSxxQkFBcUIsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNqQyxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksZ0NBQXlCLENBQUMscUJBQXFCLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQztRQUMvRSxDQUFDO1FBRUQsSUFBSSxhQUFhLEdBQUcsb0JBQWEsQ0FBQyxnQkFBZ0IsR0FBRyxvQkFBYSxDQUFDLGVBQWUsQ0FBQztRQUNuRixJQUFJLE1BQU0sQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNkLGFBQWEsSUFBSSxvQkFBYSxDQUFDLFdBQVcsQ0FBQztRQUM3QyxDQUFDO1FBQ0QsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLHlCQUFrQixDQUFDLGFBQWEsRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBRTdELElBQUksTUFBTSxDQUFDLGdCQUFnQixFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ3BDLE1BQU0sa0JBQWtCLEdBQUcsTUFBTSxDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FDdkQsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLENBQUMscUNBQXFDLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FDbEUsQ0FBQztZQUNGLEtBQUssTUFBTSxlQUFlLElBQUksa0JBQWtCLEVBQUUsQ0FBQztnQkFDakQsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxFQUFFLENBQUM7b0JBQ25ELE1BQU0sSUFBSSxLQUFLLENBQUMsNkNBQTZDLENBQUMsQ0FBQztnQkFDakUsQ0FBQztnQkFDRCxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksZ0JBQVMsQ0FBQyxlQUFlLENBQUMsR0FBRyxFQUFFLEtBQUssRUFBRSxlQUFlLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztZQUNwRixDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sdUJBQXVCLEdBQWdDO1lBQzNELFlBQVksRUFBRSxvQkFBb0IsQ0FBQyxvQkFBb0IsRUFBRTtZQUN6RCxNQUFNLEVBQUUsb0JBQW9CLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQztZQUM1RCxPQUFPLEVBQUUsb0JBQW9CLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQztZQUM5RCxTQUFTLEVBQUUsSUFBSSxJQUFJLEVBQUU7WUFDckIsUUFBUSxFQUFFLE1BQU0sQ0FBQyxRQUFRO1lBQ3pCLFNBQVM7WUFDVCxVQUFVLEVBQUUsVUFBVTtZQUN0QixnQkFBZ0I7WUFDaEIsVUFBVTtTQUNYLENBQUM7UUFFRixNQUFNLElBQUksR0FBRyxNQUFNLCtCQUF3QixDQUFDLE1BQU0sQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO1FBRTVFLE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUM5QixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxZQUFZLENBQUMsa0JBQXNDO1FBQ3hELE1BQU0sU0FBUyxHQUFHLG9CQUFvQixDQUFDLFlBQVksQ0FBQyxrQkFBa0IsQ0FBQyxDQUFDO1FBQ3hFLE9BQU8sZ0NBQWMsQ0FBQyxNQUFNLENBQUMsV0FBVyxDQUFDLFNBQVMsRUFBRSxJQUFJLEVBQUUsQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQUMsQ0FBQztJQUNoRixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLE1BQXlCO1FBQ2hELE1BQU0sSUFBSSxHQUFHLE1BQU0sb0JBQW9CLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQzlELE1BQU0sZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUF5QixDQUFDO1FBQ2xFLGdCQUFnQixDQUFDLElBQUksR0FBRyxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsQ0FBQztRQUU1QyxNQUFNLFVBQVUsR0FBZ0IsRUFBRSxDQUFDO1FBRW5DLElBQUksZ0JBQWdCLENBQUMsVUFBVSxLQUFLLE9BQU8sSUFBSSxNQUFNLENBQUMsUUFBUSxFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ3ZFLE1BQU0sWUFBWSxHQUFxQixNQUFNLENBQUMsUUFBUSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDdkUsSUFBSSxFQUFFLENBQUMsSUFBQSx1QkFBVyxFQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBb0I7Z0JBQzlELEtBQUssRUFBRSxPQUFPO2FBQ2YsQ0FBQyxDQUFDLENBQUM7WUFDSixVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksc0NBQStCLENBQUMsWUFBWSxDQUFDLENBQUMsQ0FBQztRQUNyRSxDQUFDO1FBRUQsSUFBSSxNQUFNLENBQUMsZ0JBQWdCLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDcEMsS0FBSyxNQUFNLGVBQWUsSUFBSSxNQUFNLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztnQkFDdEQsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxFQUFFLENBQUM7b0JBQ25ELE1BQU0sSUFBSSxLQUFLLENBQUMsMkNBQTJDLENBQUMsQ0FBQztnQkFDL0QsQ0FBQztnQkFDRCxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksZ0JBQVMsQ0FBQyxlQUFlLENBQUMsR0FBRyxFQUFFLEtBQUssRUFBRSxlQUFlLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztZQUNwRixDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sZUFBZSxHQUF5QztZQUM1RCxJQUFJLEVBQUUsb0JBQW9CLENBQUMsZ0JBQWdCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQztZQUMzRCxJQUFJO1lBQ0osZ0JBQWdCO1lBQ2hCLFVBQVU7U0FDWCxDQUFDO1FBRUYsTUFBTSxHQUFHLEdBQUcsTUFBTSx3Q0FBaUMsQ0FBQyxNQUFNLENBQUMsZUFBZSxDQUFDLENBQUM7UUFFNUUsT0FBTyxHQUFHLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQzdCLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxPQUFlO1FBQzVDLE1BQU0sSUFBSSxHQUFHLElBQUksc0JBQWUsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUUxQyxJQUFJLElBQUksQ0FBQyxNQUFNLEtBQUssSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2pDLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ3BDLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztnQkFDYixNQUFNLElBQUksS0FBSyxDQUFDLHVEQUF1RCxDQUFDLENBQUM7WUFDM0UsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdDQUFjLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDckQsTUFBTSxFQUNOLElBQUksQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUN0QixNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxFQUNoRSxJQUFJLEVBQ0osQ0FBQyxRQUFRLENBQUMsQ0FDWCxDQUFDO1FBRUYsT0FBTztZQUNMLFlBQVksRUFBRSxJQUFJLENBQUMsWUFBWTtZQUMvQixTQUFTO1lBQ1QsT0FBTyxFQUFFLElBQUksQ0FBQyxPQUFPO1lBQ3JCLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTTtZQUNuQixTQUFTLEVBQUUsSUFBSSxDQUFDLFNBQVM7WUFDekIsUUFBUSxFQUFFLElBQUksQ0FBQyxRQUFRO1lBQ3ZCLFFBQVEsRUFBRSxvQkFBb0IsQ0FBQyw2QkFBNkIsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDO1lBQzdFLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtpQkFDeEIsTUFBTSxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLG9CQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO2lCQUM5RCxHQUFHLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQ2IsR0FBRyxFQUFFLEdBQUcsQ0FBQyxJQUFJO2dCQUNiLEtBQUssRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQUM7YUFDOUIsQ0FBQyxDQUFDO1NBQ04sQ0FBQztJQUNKLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsTUFBTSxDQUFDLEtBQUssQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFjO1FBQzFDLE1BQU0sR0FBRyxHQUFHLElBQUksK0JBQXdCLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFakQsTUFBTSxPQUFPLEdBQUcsTUFBTSxHQUFHLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDbkMsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsTUFBTSxJQUFJLEtBQUssQ0FBQyxtQ0FBbUMsQ0FBQyxDQUFDO1FBQ3ZELENBQUM7UUFFRCxNQUFNLFNBQVMsR0FBRyxNQUFNLGdDQUFjLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FDckQsTUFBTSxFQUNOLEdBQUcsQ0FBQyxTQUFTLENBQUMsT0FBTyxFQUNyQixNQUFNLENBQUMsTUFBTSxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsRUFBRSxHQUFHLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxFQUM5RCxJQUFJLEVBQ0osQ0FBQyxRQUFRLENBQUMsQ0FDWCxDQUFDO1FBRUYsTUFBTSxTQUFTLEdBQWM7WUFDM0IsT0FBTyxFQUFFLEdBQUcsQ0FBQyxPQUFPO1lBQ3BCLFNBQVM7WUFDVCxRQUFRLEVBQUUsb0JBQW9CLENBQUMsNkJBQTZCLENBQUMsR0FBRyxDQUFDLFVBQVUsQ0FBQztZQUM1RSxVQUFVLEVBQUUsR0FBRyxDQUFDLFVBQVU7aUJBQ3ZCLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLElBQUksS0FBSyxvQkFBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztpQkFDOUQsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUNiLEdBQUcsRUFBRSxHQUFHLENBQUMsSUFBSTtnQkFDYixLQUFLLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDO2FBQzlCLENBQUMsQ0FBQztTQUNOLENBQUM7UUFFRixPQUFPLFNBQVMsQ0FBQztJQUNuQixDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxhQUFhLENBQUMsRUFBRSxVQUFVLEVBQUUsU0FBUyxFQUFtQjtRQUkzRSxNQUFNLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxHQUFHLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQztZQUMxQyxPQUFPLFNBQVMsS0FBSyxRQUFRO2dCQUMzQixDQUFDLENBQUMsZ0RBQXFCLENBQUMsa0JBQWtCLENBQUMsU0FBUyxDQUFDO2dCQUNyRCxDQUFDLENBQUMsU0FBUztZQUNiLE9BQU8sVUFBVSxLQUFLLFFBQVE7Z0JBQzVCLENBQUMsQ0FBQyxnREFBcUIsQ0FBQyxtQkFBbUIsQ0FBQyxVQUFVLENBQUM7Z0JBQ3ZELENBQUMsQ0FBQyxVQUFVO1NBQ2YsQ0FBQyxDQUFDO1FBRUgsZ0JBQU0sQ0FBQyxTQUFTLENBQ2QsTUFBTSxDQUFDLFNBQVMsRUFDaEIsT0FBTyxDQUFDLFNBQVMsRUFDakIsNENBQTRDLENBQzdDLENBQUM7UUFFRixPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsT0FBTyxFQUFFLENBQUM7SUFDcEQsQ0FBQztJQUVPLE1BQU0sQ0FBQyxvQkFBb0I7UUFDakMsTUFBTSxJQUFJLEdBQUcsSUFBQSxtQkFBVSxHQUFFLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsQ0FBQztRQUM1QyxNQUFNLE1BQU0sR0FBRyxNQUFNLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxHQUFHLGVBQWUsQ0FBQztRQUNyRCxPQUFPLE1BQU0sQ0FBQyxRQUFRLEVBQUUsQ0FBQztJQUMzQixDQUFDO0lBRU8sTUFBTSxDQUFDLGdCQUFnQixDQUFDLFNBQXdDO1FBQ3RFLElBQUksT0FBTyxTQUFTLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDbEMsT0FBTyxTQUFTLENBQUM7UUFDbkIsQ0FBQztRQUVELElBQUksQ0FBQyxTQUFTLENBQUMsVUFBVSxFQUFFLENBQUM7WUFDMUIsTUFBTSxJQUFJLEtBQUssQ0FBQyx5QkFBeUIsQ0FBQyxDQUFDO1FBQzdDLENBQUM7UUFFRCxPQUFPLE1BQU0sQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDO2FBQzdCLEdBQUcsQ0FBQyxDQUFDLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxFQUFFLEVBQUUsQ0FBQyxHQUFHLHFCQUFxQixDQUFDLEdBQUcsQ0FBQyxJQUFJLEdBQUcsSUFBSSxLQUFLLEVBQUUsQ0FBQzthQUN0RSxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7SUFDZixDQUFDO0lBRU8sTUFBTSxDQUFDLFlBQVksQ0FBQyxrQkFBMEI7UUFDcEQsUUFBUSxrQkFBa0IsRUFBRSxDQUFDO1lBQzNCLEtBQUsscUJBQXFCO2dCQUN4QixPQUFPO29CQUNMLElBQUksRUFBRSxtQkFBbUI7b0JBQ3pCLElBQUksRUFBRSxTQUFTO29CQUNmLGNBQWMsRUFBRSxJQUFJLFVBQVUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxRQUFRO29CQUNuRCxhQUFhLEVBQUUsSUFBSTtpQkFDcEIsQ0FBQztZQUNKLEtBQUssb0JBQW9CO2dCQUN2QixPQUFPO29CQUNMLElBQUksRUFBRSxPQUFPO29CQUNiLFVBQVUsRUFBRSxPQUFPO2lCQUNwQixDQUFDO1lBQ0osS0FBSyx3QkFBd0I7Z0JBQzNCLE9BQU87b0JBQ0wsSUFBSSxFQUFFLE9BQU87b0JBQ2IsVUFBVSxFQUFFLE9BQU87aUJBQ3BCLENBQUM7WUFDSjtnQkFDRSxNQUFNLElBQUksS0FBSyxDQUFDLG9DQUFvQyxrQkFBa0IsRUFBRSxDQUFDLENBQUM7UUFDOUUsQ0FBQztJQUNILENBQUM7SUFFTyxNQUFNLENBQUMsNkJBQTZCLENBQUMsVUFBdUI7UUFDbEUsTUFBTSxpQkFBaUIsR0FBRyxVQUFVLENBQUMsSUFBSSxDQUN2QyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLElBQUksS0FBSyxvQkFBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FDUixDQUFDO1FBQ2pELElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO1lBQ3ZCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsaUJBQWlCLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN6RSxPQUFPLFFBQVEsQ0FBQztJQUNsQixDQUFDO0NBQ0Y7QUFqUkQsb0RBaVJDIn0=
|
|
248
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZ2VuZXJhdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9nZW5lcmF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7O0FBQUEsb0RBQTRCO0FBQzVCLG1DQUFvQztBQUNwQyw0REFBK0I7QUFDL0IseUNBaUJ3QjtBQVd4Qix1REFBbUQ7QUFDbkQsZ0ZBQTBFO0FBQzFFLGtEQUFpRDtBQUVqRCxNQUFNLGVBQWUsR0FBRyxNQUFNLENBQUMsSUFBSSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztBQUV0RCxNQUFNLHFCQUFxQixHQUEyQjtJQUNwRCxVQUFVLEVBQUUsSUFBSTtJQUNoQixPQUFPLEVBQUUsR0FBRztJQUNaLFlBQVksRUFBRSxHQUFHO0lBQ2pCLFNBQVMsRUFBRSxJQUFJO0lBQ2YsWUFBWSxFQUFFLEdBQUc7SUFDakIsa0JBQWtCLEVBQUUsSUFBSTtDQUN6QixDQUFDO0FBRUYsTUFBTSxxQ0FBcUMsR0FBRyxDQUFDLEdBQUcsTUFBTSxDQUFDLE1BQU0sQ0FBQyxvQkFBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0FBRWpGLE1BQWEsb0JBQW9CO0lBQy9COzs7O09BSUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLFlBQVksQ0FBQyxNQUEwQjtRQUNsRCxNQUFNLEVBQUUsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBRTlCLE1BQU0sRUFBRSxTQUFTLEVBQUUsVUFBVSxFQUFFLEdBQUcsTUFBTSxvQkFBb0IsQ0FBQyxhQUFhLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbkYsTUFBTSxnQkFBZ0IsR0FBRyxTQUFTLENBQUMsU0FBeUIsQ0FBQztRQUU3RCxNQUFNLFVBQVUsR0FBZ0IsQ0FBQyxJQUFJLGdDQUF5QixDQUFDLEVBQUUsRUFBRSxTQUFTLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUVyRixNQUFNLHFCQUFxQixHQUF1QixFQUFFLENBQUM7UUFFckQsSUFBSSxnQkFBZ0IsQ0FBQyxVQUFVLEtBQUssT0FBTyxJQUFJLE1BQU0sQ0FBQyxRQUFRLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDdkUsTUFBTSxZQUFZLEdBQXFCLE1BQU0sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUN2RSxJQUFJLEVBQUUsQ0FBQyxJQUFBLHVCQUFXLEVBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFvQjtnQkFDOUQsS0FBSyxFQUFFLE9BQU87YUFDZixDQUFDLENBQUMsQ0FBQztZQUNKLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxzQ0FBK0IsQ0FBQyxZQUFZLENBQUMsQ0FBQyxDQUFDO1lBRW5FLHFCQUFxQixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsdUJBQWdCLENBQUMsVUFBVSxFQUFFLHVCQUFnQixDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUM7UUFDNUYsQ0FBQztRQUVELElBQUksTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO1lBQ3ZCLHFCQUFxQixDQUFDLElBQUksQ0FBQyx1QkFBZ0IsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUMzRCxDQUFDO1FBRUQsSUFBSSxNQUFNLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDekIsTUFBTSxFQUFFLE9BQU8sRUFBRSxhQUFhLEVBQUUsR0FBRyxNQUFNLENBQUMsYUFBYSxDQUFDO1lBQ3hELFVBQVUsQ0FBQyxJQUFJLENBQ2IsSUFBSSxtQ0FBNEIsQ0FBQztnQkFDL0IsSUFBSSxFQUFFLENBQUMsT0FBTyxDQUFDO2dCQUNmLEdBQUcsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLEVBQUUsU0FBUyxFQUFFLENBQUMsYUFBYSxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO2FBQ3pELENBQUMsQ0FDSCxDQUFDO1FBQ0osQ0FBQztRQUVELElBQUkscUJBQXFCLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDakMsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLGdDQUF5QixDQUFDLHFCQUFxQixFQUFFLEtBQUssQ0FBQyxDQUFDLENBQUM7UUFDL0UsQ0FBQztRQUVELElBQUksYUFBYSxHQUFHLG9CQUFhLENBQUMsZ0JBQWdCLEdBQUcsb0JBQWEsQ0FBQyxlQUFlLENBQUM7UUFDbkYsSUFBSSxNQUFNLENBQUMsRUFBRSxFQUFFLENBQUM7WUFDZCxhQUFhLElBQUksb0JBQWEsQ0FBQyxXQUFXLENBQUM7UUFDN0MsQ0FBQztRQUNELFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSx5QkFBa0IsQ0FBQyxhQUFhLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUU3RCxJQUFJLE1BQU0sQ0FBQyxnQkFBZ0IsRUFBRSxNQUFNLEVBQUUsQ0FBQztZQUNwQyxNQUFNLGtCQUFrQixHQUFHLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLENBQ3ZELENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDLHFDQUFxQyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLENBQ2xFLENBQUM7WUFDRixLQUFLLE1BQU0sZUFBZSxJQUFJLGtCQUFrQixFQUFFLENBQUM7Z0JBQ2pELElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssRUFBRSxDQUFDO29CQUNuRCxNQUFNLElBQUksS0FBSyxDQUFDLDZDQUE2QyxDQUFDLENBQUM7Z0JBQ2pFLENBQUM7Z0JBQ0QsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLGdCQUFTLENBQUMsZUFBZSxDQUFDLEdBQUcsRUFBRSxLQUFLLEVBQUUsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7WUFDcEYsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLHVCQUF1QixHQUFnQztZQUMzRCxZQUFZLEVBQUUsb0JBQW9CLENBQUMsb0JBQW9CLEVBQUU7WUFDekQsTUFBTSxFQUFFLG9CQUFvQixDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUM7WUFDNUQsT0FBTyxFQUFFLG9CQUFvQixDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUM7WUFDOUQsU0FBUyxFQUFFLElBQUksSUFBSSxFQUFFO1lBQ3JCLFFBQVEsRUFBRSxNQUFNLENBQUMsUUFBUTtZQUN6QixTQUFTO1lBQ1QsVUFBVSxFQUFFLFVBQVU7WUFDdEIsZ0JBQWdCO1lBQ2hCLFVBQVU7U0FDWCxDQUFDO1FBRUYsTUFBTSxJQUFJLEdBQUcsTUFBTSwrQkFBd0IsQ0FBQyxNQUFNLENBQUMsdUJBQXVCLENBQUMsQ0FBQztRQUU1RSxPQUFPLElBQUksQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFDLENBQUM7SUFDOUIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxNQUFNLENBQUMsWUFBWSxDQUFDLGtCQUFzQztRQUN4RCxNQUFNLFNBQVMsR0FBRyxvQkFBb0IsQ0FBQyxZQUFZLENBQUMsa0JBQWtCLENBQUMsQ0FBQztRQUN4RSxPQUFPLGdDQUFjLENBQUMsTUFBTSxDQUFDLFdBQVcsQ0FBQyxTQUFTLEVBQUUsSUFBSSxFQUFFLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUFDLENBQUM7SUFDaEYsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxNQUFNLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxNQUF5QjtRQUNoRCxNQUFNLElBQUksR0FBRyxNQUFNLG9CQUFvQixDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUM5RCxNQUFNLGdCQUFnQixHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsU0FBeUIsQ0FBQztRQUNsRSxnQkFBZ0IsQ0FBQyxJQUFJLEdBQUcsRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLENBQUM7UUFFNUMsTUFBTSxVQUFVLEdBQWdCLEVBQUUsQ0FBQztRQUVuQyxJQUFJLGdCQUFnQixDQUFDLFVBQVUsS0FBSyxPQUFPLElBQUksTUFBTSxDQUFDLFFBQVEsRUFBRSxNQUFNLEVBQUUsQ0FBQztZQUN2RSxNQUFNLFlBQVksR0FBcUIsTUFBTSxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUM7Z0JBQ3ZFLElBQUksRUFBRSxDQUFDLElBQUEsdUJBQVcsRUFBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQW9CO2dCQUM5RCxLQUFLLEVBQUUsT0FBTzthQUNmLENBQUMsQ0FBQyxDQUFDO1lBQ0osVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLHNDQUErQixDQUFDLFlBQVksQ0FBQyxDQUFDLENBQUM7UUFDckUsQ0FBQztRQUVELElBQUksTUFBTSxDQUFDLGdCQUFnQixFQUFFLE1BQU0sRUFBRSxDQUFDO1lBQ3BDLEtBQUssTUFBTSxlQUFlLElBQUksTUFBTSxDQUFDLGdCQUFnQixFQUFFLENBQUM7Z0JBQ3RELElBQUksQ0FBQyxlQUFlLENBQUMsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLEtBQUssRUFBRSxDQUFDO29CQUNuRCxNQUFNLElBQUksS0FBSyxDQUFDLDJDQUEyQyxDQUFDLENBQUM7Z0JBQy9ELENBQUM7Z0JBQ0QsVUFBVSxDQUFDLElBQUksQ0FBQyxJQUFJLGdCQUFTLENBQUMsZUFBZSxDQUFDLEdBQUcsRUFBRSxLQUFLLEVBQUUsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7WUFDcEYsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLGVBQWUsR0FBeUM7WUFDNUQsSUFBSSxFQUFFLG9CQUFvQixDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUM7WUFDM0QsSUFBSTtZQUNKLGdCQUFnQjtZQUNoQixVQUFVO1NBQ1gsQ0FBQztRQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sd0NBQWlDLENBQUMsTUFBTSxDQUFDLGVBQWUsQ0FBQyxDQUFDO1FBRTVFLE9BQU8sR0FBRyxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUM3QixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLENBQUMsT0FBZTtRQUM1QyxNQUFNLElBQUksR0FBRyxJQUFJLHNCQUFlLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFMUMsSUFBSSxJQUFJLENBQUMsTUFBTSxLQUFLLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNqQyxNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNwQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7Z0JBQ2IsTUFBTSxJQUFJLEtBQUssQ0FBQyx1REFBdUQsQ0FBQyxDQUFDO1lBQzNFLENBQUM7UUFDSCxDQUFDO1FBRUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxnQ0FBYyxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQ3JELE1BQU0sRUFDTixJQUFJLENBQUMsU0FBUyxDQUFDLE9BQU8sRUFDdEIsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsRUFDaEUsSUFBSSxFQUNKLENBQUMsUUFBUSxDQUFDLENBQ1gsQ0FBQztRQUVGLE9BQU87WUFDTCxlQUFlLEVBQUUsSUFBSSxDQUFDLFlBQVk7WUFDbEMsU0FBUztZQUNULE9BQU8sRUFBRSxJQUFJLENBQUMsT0FBTztZQUNyQixNQUFNLEVBQUUsSUFBSSxDQUFDLE1BQU07WUFDbkIsU0FBUyxFQUFFLElBQUksQ0FBQyxTQUFTO1lBQ3pCLFFBQVEsRUFBRSxJQUFJLENBQUMsUUFBUTtZQUN2QixRQUFRLEVBQUUsb0JBQW9CLENBQUMsNkJBQTZCLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQztZQUM3RSxVQUFVLEVBQUUsSUFBSSxDQUFDLFVBQVU7aUJBQ3hCLE1BQU0sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsR0FBRyxDQUFDLElBQUksS0FBSyxvQkFBSyxDQUFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztpQkFDOUQsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUNiLEdBQUcsRUFBRSxHQUFHLENBQUMsSUFBSTtnQkFDYixLQUFLLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDO2FBQzlCLENBQUMsQ0FBQztTQUNOLENBQUM7SUFDSixDQUFDO0lBRUQ7Ozs7T0FJRztJQUNILE1BQU0sQ0FBQyxLQUFLLENBQUMsZ0JBQWdCLENBQUMsTUFBYztRQUMxQyxNQUFNLEdBQUcsR0FBRyxJQUFJLCtCQUF3QixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRWpELE1BQU0sT0FBTyxHQUFHLE1BQU0sR0FBRyxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ25DLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNiLE1BQU0sSUFBSSxLQUFLLENBQUMsbUNBQW1DLENBQUMsQ0FBQztRQUN2RCxDQUFDO1FBRUQsTUFBTSxTQUFTLEdBQUcsTUFBTSxnQ0FBYyxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQ3JELE1BQU0sRUFDTixHQUFHLENBQUMsU0FBUyxDQUFDLE9BQU8sRUFDckIsTUFBTSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsa0JBQWtCLEVBQUUsR0FBRyxDQUFDLFNBQVMsQ0FBQyxTQUFTLENBQUMsRUFDOUQsSUFBSSxFQUNKLENBQUMsUUFBUSxDQUFDLENBQ1gsQ0FBQztRQUVGLE1BQU0sU0FBUyxHQUFjO1lBQzNCLE9BQU8sRUFBRSxHQUFHLENBQUMsT0FBTztZQUNwQixTQUFTO1lBQ1QsUUFBUSxFQUFFLG9CQUFvQixDQUFDLDZCQUE2QixDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUM7WUFDNUUsVUFBVSxFQUFFLEdBQUcsQ0FBQyxVQUFVO2lCQUN2QixNQUFNLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEtBQUssb0JBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGdCQUFnQixDQUFDLENBQUM7aUJBQzlELEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDYixHQUFHLEVBQUUsR0FBRyxDQUFDLElBQUk7Z0JBQ2IsS0FBSyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEtBQUssQ0FBQzthQUM5QixDQUFDLENBQUM7U0FDTixDQUFDO1FBRUYsT0FBTyxTQUFTLENBQUM7SUFDbkIsQ0FBQztJQUVPLE1BQU0sQ0FBQyxLQUFLLENBQUMsYUFBYSxDQUFDLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBbUI7UUFJM0UsTUFBTSxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsR0FBRyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUM7WUFDMUMsT0FBTyxTQUFTLEtBQUssUUFBUTtnQkFDM0IsQ0FBQyxDQUFDLGdEQUFxQixDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQztnQkFDckQsQ0FBQyxDQUFDLFNBQVM7WUFDYixPQUFPLFVBQVUsS0FBSyxRQUFRO2dCQUM1QixDQUFDLENBQUMsZ0RBQXFCLENBQUMsbUJBQW1CLENBQUMsVUFBVSxDQUFDO2dCQUN2RCxDQUFDLENBQUMsVUFBVTtTQUNmLENBQUMsQ0FBQztRQUVILGdCQUFNLENBQUMsU0FBUyxDQUNkLE1BQU0sQ0FBQyxTQUFTLEVBQ2hCLE9BQU8sQ0FBQyxTQUFTLEVBQ2pCLDRDQUE0QyxDQUM3QyxDQUFDO1FBRUYsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLE9BQU8sRUFBRSxDQUFDO0lBQ3BELENBQUM7SUFFTyxNQUFNLENBQUMsb0JBQW9CO1FBQ2pDLE1BQU0sSUFBSSxHQUFHLElBQUEsbUJBQVUsR0FBRSxDQUFDLE9BQU8sQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDNUMsSUFBSSxNQUFNLEdBQUcsTUFBTSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUMsR0FBRyxlQUFlLENBQUM7UUFFbkQsK0NBQStDO1FBQy9DLElBQUksTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxHQUFHLEVBQUUsQ0FBQztZQUNsQyxNQUFNLEdBQUcsTUFBTSxJQUFJLEVBQUUsQ0FBQztRQUN4QixDQUFDO1FBRUQsT0FBTyxNQUFNLENBQUMsUUFBUSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0lBQzdCLENBQUM7SUFFTyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsU0FBd0M7UUFDdEUsSUFBSSxPQUFPLFNBQVMsS0FBSyxRQUFRLEVBQUUsQ0FBQztZQUNsQyxPQUFPLFNBQVMsQ0FBQztRQUNuQixDQUFDO1FBRUQsSUFBSSxDQUFDLFNBQVMsQ0FBQyxVQUFVLEVBQUUsQ0FBQztZQUMxQixNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixDQUFDLENBQUM7UUFDN0MsQ0FBQztRQUVELE9BQU8sTUFBTSxDQUFDLE9BQU8sQ0FBQyxTQUFTLENBQUM7YUFDN0IsR0FBRyxDQUFDLENBQUMsQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLEVBQUUsRUFBRSxDQUFDLEdBQUcscUJBQXFCLENBQUMsR0FBRyxDQUFDLElBQUksR0FBRyxJQUFJLEtBQUssRUFBRSxDQUFDO2FBQ3RFLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNmLENBQUM7SUFFTyxNQUFNLENBQUMsWUFBWSxDQUFDLGtCQUEwQjtRQUNwRCxRQUFRLGtCQUFrQixFQUFFLENBQUM7WUFDM0IsS0FBSyxxQkFBcUI7Z0JBQ3hCLE9BQU87b0JBQ0wsSUFBSSxFQUFFLG1CQUFtQjtvQkFDekIsSUFBSSxFQUFFLFNBQVM7b0JBQ2YsY0FBYyxFQUFFLElBQUksVUFBVSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxFQUFFLFFBQVE7b0JBQ25ELGFBQWEsRUFBRSxJQUFJO2lCQUNwQixDQUFDO1lBQ0osS0FBSyxvQkFBb0I7Z0JBQ3ZCLE9BQU87b0JBQ0wsSUFBSSxFQUFFLE9BQU87b0JBQ2IsVUFBVSxFQUFFLE9BQU87aUJBQ3BCLENBQUM7WUFDSixLQUFLLHdCQUF3QjtnQkFDM0IsT0FBTztvQkFDTCxJQUFJLEVBQUUsT0FBTztvQkFDYixVQUFVLEVBQUUsT0FBTztpQkFDcEIsQ0FBQztZQUNKO2dCQUNFLE1BQU0sSUFBSSxLQUFLLENBQUMsb0NBQW9DLGtCQUFrQixFQUFFLENBQUMsQ0FBQztRQUM5RSxDQUFDO0lBQ0gsQ0FBQztJQUVPLE1BQU0sQ0FBQyw2QkFBNkIsQ0FBQyxVQUF1QjtRQUNsRSxNQUFNLGlCQUFpQixHQUFHLFVBQVUsQ0FBQyxJQUFJLENBQ3ZDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLG9CQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxDQUNSLENBQUM7UUFDakQsSUFBSSxDQUFDLGlCQUFpQixFQUFFLENBQUM7WUFDdkIsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLFFBQVEsR0FBRyxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQ3pFLE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUM7Q0FDRjtBQWpTRCxvREFpU0MifQ==
|
|
@@ -13,14 +13,16 @@ export declare class CertificatesHelper {
|
|
|
13
13
|
certs: string;
|
|
14
14
|
ca: string;
|
|
15
15
|
};
|
|
16
|
+
static getIssuerBySubject(cert: pkijs.Certificate, certs: pkijs.Certificate[]): pkijs.Certificate | undefined;
|
|
16
17
|
static pemChainToDer(certsPem: string): Uint8Array[];
|
|
17
18
|
static derChainToPem(certsDer: Uint8Array[]): string;
|
|
18
19
|
static downloadCertWithCache(url: string): Promise<Buffer>;
|
|
19
|
-
static
|
|
20
|
+
static buildChain(leaf: pkijs.Certificate, potentialIssuers: pkijs.Certificate[]): pkijs.Certificate[];
|
|
21
|
+
static sortCertsFromLeafToRoot(certsPem: string | string[] | pkijs.Certificate[]): pkijs.Certificate[];
|
|
20
22
|
static getCertPublicKeyAlgorithm(certPem: string): AlgorithmObj;
|
|
21
23
|
static getCsrPublicKeyAlgorithm(csrPem: string): AlgorithmObj;
|
|
22
24
|
static validateCertChain(certsPem: string | string[], caPem: string | string[], options?: {
|
|
23
25
|
offline?: boolean;
|
|
24
26
|
}): Promise<ValidateCertChainResult>;
|
|
25
|
-
|
|
27
|
+
static toPkiCerts(certs: string | string[]): pkijs.Certificate[];
|
|
26
28
|
}
|
|
@@ -36,6 +36,13 @@ const memory_js_1 = require("../utils/cache/memory.js");
|
|
|
36
36
|
const ocsp_js_1 = require("./ocsp.js");
|
|
37
37
|
const crl_js_1 = require("./crl.js");
|
|
38
38
|
require("./setup-crypto.js");
|
|
39
|
+
const pki_common_1 = require("@super-protocol/pki-common");
|
|
40
|
+
const oidsForOcspCheck = [
|
|
41
|
+
pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_ID,
|
|
42
|
+
pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_COMMON_ID,
|
|
43
|
+
pki_common_1.OID_CUSTOM_EXTENSION_NVIDIA_INFO_GPU,
|
|
44
|
+
pki_common_1.OID_CUSTOM_EXTENSION_CHALLENGE_CERTIFICATE_ID,
|
|
45
|
+
];
|
|
39
46
|
class CertificatesHelper {
|
|
40
47
|
static downloadedCertificateCache = (0, memory_js_1.createMemoryCache)();
|
|
41
48
|
static derToPem(data, type = 'CERTIFICATE') {
|
|
@@ -76,6 +83,9 @@ class CertificatesHelper {
|
|
|
76
83
|
ca: toPemChain(splitCerts[1]),
|
|
77
84
|
};
|
|
78
85
|
}
|
|
86
|
+
static getIssuerBySubject(cert, certs) {
|
|
87
|
+
return certs.find((potentialIssuer) => cert.issuer.isEqual(potentialIssuer.subject));
|
|
88
|
+
}
|
|
79
89
|
static pemChainToDer(certsPem) {
|
|
80
90
|
const certs = CertificatesHelper.splitPemCerts(certsPem);
|
|
81
91
|
return certs.map((certPem) => CertificatesHelper.pemToDer(certPem));
|
|
@@ -97,22 +107,26 @@ class CertificatesHelper {
|
|
|
97
107
|
});
|
|
98
108
|
return responseData;
|
|
99
109
|
}
|
|
110
|
+
static buildChain(leaf, potentialIssuers) {
|
|
111
|
+
const chain = [leaf];
|
|
112
|
+
let currentCert = leaf;
|
|
113
|
+
do {
|
|
114
|
+
currentCert = potentialIssuers.find((potentialIssuer) => currentCert?.issuer.isEqual(potentialIssuer.subject) &&
|
|
115
|
+
!currentCert.subject.isEqual(currentCert.issuer));
|
|
116
|
+
if (currentCert) {
|
|
117
|
+
chain.push(currentCert);
|
|
118
|
+
}
|
|
119
|
+
} while (currentCert);
|
|
120
|
+
return chain;
|
|
121
|
+
}
|
|
100
122
|
static sortCertsFromLeafToRoot(certsPem) {
|
|
101
|
-
const allCerts =
|
|
123
|
+
const allCerts = typeof certsPem === 'string' || certsPem.every((cert) => typeof cert === 'string')
|
|
124
|
+
? CertificatesHelper.toPkiCerts(certsPem)
|
|
125
|
+
: certsPem;
|
|
102
126
|
const leafs = allCerts.filter((certToCheck) => !allCerts.some((certsToCheckWith) => certToCheck.subject.isEqual(certsToCheckWith.issuer)));
|
|
103
|
-
const
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
do {
|
|
107
|
-
currentCert = allCerts.find((potentialIssuer) => currentCert?.issuer.isEqual(potentialIssuer.subject) &&
|
|
108
|
-
!currentCert.subject.isEqual(currentCert.issuer));
|
|
109
|
-
if (currentCert) {
|
|
110
|
-
chain.push(currentCert);
|
|
111
|
-
}
|
|
112
|
-
} while (currentCert);
|
|
113
|
-
return chain;
|
|
114
|
-
};
|
|
115
|
-
const chains = leafs.map(buildChain).sort((one, two) => two.length - one.length);
|
|
127
|
+
const chains = leafs
|
|
128
|
+
.map((leaf) => CertificatesHelper.buildChain(leaf, allCerts))
|
|
129
|
+
.sort((one, two) => two.length - one.length);
|
|
116
130
|
return chains.flat();
|
|
117
131
|
}
|
|
118
132
|
static getCertPublicKeyAlgorithm(certPem) {
|
|
@@ -134,7 +148,7 @@ class CertificatesHelper {
|
|
|
134
148
|
const crls = offline ? [] : await crl_js_1.CRLHelper.getCRLFromCerts(sortedCerts);
|
|
135
149
|
const ocspBaseResponses = offline
|
|
136
150
|
? []
|
|
137
|
-
: await ocsp_js_1.OCSPHelper.getOCSPResponseFromCerts(sortedCerts, ca);
|
|
151
|
+
: await ocsp_js_1.OCSPHelper.getOCSPResponseFromCerts(sortedCerts, ca, oidsForOcspCheck);
|
|
138
152
|
const chainEngine = new pkijs.CertificateChainValidationEngine({
|
|
139
153
|
certs: sortedCerts,
|
|
140
154
|
trustedCerts: ca,
|
|
@@ -178,4 +192,4 @@ class CertificatesHelper {
|
|
|
178
192
|
}
|
|
179
193
|
}
|
|
180
194
|
exports.CertificatesHelper = CertificatesHelper;
|
|
181
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
195
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaGVscGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vc3JjL2NlcnRpZmljYXRlcy9oZWxwZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7QUFBQSxvREFBdUI7QUFDdkIsa0RBQTBCO0FBQzFCLDREQUErQjtBQUMvQiw2Q0FBK0I7QUFDL0IseUNBQTJFO0FBQzNFLHdEQUE2RDtBQUU3RCx1Q0FBdUM7QUFDdkMscUNBQXFDO0FBQ3JDLDZCQUEyQjtBQUMzQiwyREFLb0M7QUFFcEMsTUFBTSxnQkFBZ0IsR0FBRztJQUN2Qiw4Q0FBaUM7SUFDakMscURBQXdDO0lBQ3hDLGlEQUFvQztJQUNwQywwREFBNkM7Q0FDOUMsQ0FBQztBQUVGLE1BQWEsa0JBQWtCO0lBQ3JCLE1BQU0sQ0FBQywwQkFBMEIsR0FBRyxJQUFBLDZCQUFpQixHQUFFLENBQUM7SUFFaEUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFpQixFQUFFLE9BQWUsYUFBYTtRQUM3RCxPQUFPLG9CQUFLLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQztZQUN0QixhQUFhLEVBQUUsSUFBSTtZQUNuQixPQUFPLEVBQUUsSUFBSTtZQUNiLE9BQU8sRUFBRSxFQUFFO1lBQ1gsUUFBUSxFQUFFLElBQUk7WUFDZCxJQUFJO1lBQ0osSUFBSSxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQztTQUMzQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsTUFBTSxDQUFDLFFBQVEsQ0FBQyxPQUFlO1FBQzdCLE9BQU8sTUFBTSxDQUFDLElBQUksQ0FBQyxvQkFBSyxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsS0FBSyxFQUFFLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDcEUsQ0FBQztJQUVELE1BQU0sQ0FBQyxhQUFhLENBQUMsS0FBYTtRQUNoQyxNQUFNLFFBQVEsR0FBRyxpRUFBaUUsQ0FBQztRQUNuRixPQUFPLEtBQUssQ0FBQyxLQUFLLENBQUMsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO0lBQ3JDLENBQUM7SUFFRCxNQUFNLENBQUMsU0FBUyxDQUFDLE9BQWU7UUFDOUIsTUFBTSxJQUFJLEdBQUcsb0JBQUssQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDbkQsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxTQUFTLEVBQUUsRUFBRSxDQUFDLFNBQVMsQ0FBQyxJQUFJLEtBQUssWUFBWSxDQUFDO1lBQ2pGLEVBQUUsS0FBZSxDQUFDO0lBQ3RCLENBQUM7SUFFRCxNQUFNLENBQUMsaUJBQWlCLENBQUMsU0FBcUMsRUFBRSxHQUFXO1FBQ3pFLE1BQU0sSUFBSSxHQUNSLE9BQU8sU0FBUyxLQUFLLFFBQVE7WUFDM0IsQ0FBQyxDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUNuRSxDQUFDLENBQUMsU0FBUyxDQUFDO1FBQ2hCLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxVQUFVLEVBQUUsSUFBSSxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsTUFBTSxLQUFLLEdBQUcsQ0FBQyxDQUFDO1FBQ3JFLE9BQU8sU0FBUyxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQztJQUMxRSxDQUFDO0lBRUQsTUFBTSxDQUFDLGtCQUFrQixDQUFDLFFBQWdCO1FBQ3hDLE1BQU0sS0FBSyxHQUFHLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUN0RCxNQUFNLFVBQVUsR0FBRyxnQkFBQyxDQUFDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7UUFFcEYsTUFBTSxVQUFVLEdBQUcsQ0FBQyxLQUEwQixFQUFVLEVBQUUsQ0FDeEQsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsa0JBQWtCLENBQUMsUUFBUSxDQUFDLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBRXZGLE9BQU87WUFDTCxLQUFLLEVBQUUsVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNoQyxFQUFFLEVBQUUsVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDLENBQUMsQ0FBQztTQUM5QixDQUFDO0lBQ0osQ0FBQztJQUVELE1BQU0sQ0FBQyxrQkFBa0IsQ0FDdkIsSUFBdUIsRUFDdkIsS0FBMEI7UUFFMUIsT0FBTyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUMsZUFBZSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRUQsTUFBTSxDQUFDLGFBQWEsQ0FBQyxRQUFnQjtRQUNuQyxNQUFNLEtBQUssR0FBRyxrQkFBa0IsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLENBQUM7UUFFekQsT0FBTyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxrQkFBa0IsQ0FBQyxRQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztJQUN0RSxDQUFDO0lBRUQsTUFBTSxDQUFDLGFBQWEsQ0FBQyxRQUFzQjtRQUN6QyxPQUFPLFFBQVE7YUFDWixHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQzthQUNoRCxJQUFJLENBQUMsRUFBRSxDQUFDO2FBQ1IsSUFBSSxFQUFFLENBQUM7SUFDWixDQUFDO0lBRUQsTUFBTSxDQUFDLEtBQUssQ0FBQyxxQkFBcUIsQ0FBQyxHQUFXO1FBQzVDLE1BQU0sWUFBWSxHQUFHLE1BQU0sa0JBQWtCLENBQUMsMEJBQTBCLENBQUMsSUFBSSxDQUMzRSxHQUFHLEVBQ0gsS0FBSyxJQUFJLEVBQUU7WUFDVCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUEsZUFBSyxFQUFDLEdBQUcsRUFBRTtnQkFDaEMsWUFBWSxFQUFFLGFBQWE7YUFDNUIsQ0FBQyxDQUFDO1lBQ0gsT0FBTyxRQUFRLEVBQUUsSUFBSSxDQUFDO1FBQ3hCLENBQUMsRUFDRDtZQUNFLEdBQUcsRUFBRSxDQUFDLEdBQUcsRUFBRSxHQUFHLElBQUksRUFBRSxPQUFPO1NBQzVCLENBQ0YsQ0FBQztRQUVGLE9BQU8sWUFBWSxDQUFDO0lBQ3RCLENBQUM7SUFFRCxNQUFNLENBQUMsVUFBVSxDQUNmLElBQXVCLEVBQ3ZCLGdCQUFxQztRQUVyQyxNQUFNLEtBQUssR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQ3JCLElBQUksV0FBVyxHQUFrQyxJQUFJLENBQUM7UUFFdEQsR0FBRyxDQUFDO1lBQ0YsV0FBVyxHQUFHLGdCQUFnQixDQUFDLElBQUksQ0FDakMsQ0FBQyxlQUFlLEVBQUUsRUFBRSxDQUNsQixXQUFXLEVBQUUsTUFBTSxDQUFDLE9BQU8sQ0FBQyxlQUFlLENBQUMsT0FBTyxDQUFDO2dCQUNwRCxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsQ0FDbkQsQ0FBQztZQUVGLElBQUksV0FBVyxFQUFFLENBQUM7Z0JBQ2hCLEtBQUssQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUM7WUFDMUIsQ0FBQztRQUNILENBQUMsUUFBUSxXQUFXLEVBQUU7UUFFdEIsT0FBTyxLQUFLLENBQUM7SUFDZixDQUFDO0lBRUQsTUFBTSxDQUFDLHVCQUF1QixDQUM1QixRQUFpRDtRQUVqRCxNQUFNLFFBQVEsR0FDWixPQUFPLFFBQVEsS0FBSyxRQUFRLElBQUksUUFBUSxDQUFDLEtBQUssQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsT0FBTyxJQUFJLEtBQUssUUFBUSxDQUFDO1lBQ2hGLENBQUMsQ0FBQyxrQkFBa0IsQ0FBQyxVQUFVLENBQUMsUUFBNkIsQ0FBQztZQUM5RCxDQUFDLENBQUUsUUFBZ0MsQ0FBQztRQUV4QyxNQUFNLEtBQUssR0FBRyxRQUFRLENBQUMsTUFBTSxDQUMzQixDQUFDLFdBQVcsRUFBRSxFQUFFLENBQ2QsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsZ0JBQWdCLEVBQUUsRUFBRSxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGdCQUFnQixDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQzdGLENBQUM7UUFFRixNQUFNLE1BQU0sR0FBRyxLQUFLO2FBQ2pCLEdBQUcsQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsa0JBQWtCLENBQUMsVUFBVSxDQUFDLElBQUksRUFBRSxRQUFRLENBQUMsQ0FBQzthQUM1RCxJQUFJLENBQUMsQ0FBQyxHQUFHLEVBQUUsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsTUFBTSxHQUFHLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUMvQyxPQUFPLE1BQU0sQ0FBQyxJQUFJLEVBQUUsQ0FBQztJQUN2QixDQUFDO0lBRUQsTUFBTSxDQUFDLHlCQUF5QixDQUFDLE9BQWU7UUFDOUMsTUFBTSxJQUFJLEdBQUcsSUFBSSxzQkFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzFDLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxTQUFTLENBQUM7UUFDakMsT0FBTyxTQUFTLENBQUMsU0FBeUIsQ0FBQztJQUM3QyxDQUFDO0lBRUQsTUFBTSxDQUFDLHdCQUF3QixDQUFDLE1BQWM7UUFDNUMsTUFBTSxHQUFHLEdBQUcsSUFBSSwrQkFBd0IsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNqRCxNQUFNLFNBQVMsR0FBRyxHQUFHLENBQUMsU0FBUyxDQUFDO1FBQ2hDLE9BQU8sU0FBUyxDQUFDLFNBQXlCLENBQUM7SUFDN0MsQ0FBQztJQUVELE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLENBQzVCLFFBQTJCLEVBQzNCLEtBQXdCLEVBQ3hCLFVBQWlDLEVBQUU7UUFFbkMsTUFBTSxFQUFFLE9BQU8sRUFBRSxHQUFHLE9BQU8sQ0FBQztRQUU1Qix5RkFBeUY7UUFDekYsTUFBTSxXQUFXLEdBQUcsa0JBQWtCLENBQUMsdUJBQXVCLENBQUMsUUFBUSxDQUFDLENBQUMsT0FBTyxFQUFFLENBQUM7UUFFbkYsTUFBTSxFQUFFLEdBQUcsa0JBQWtCLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBRWhELElBQUksQ0FBQztZQUNILE1BQU0sSUFBSSxHQUFHLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLGtCQUFTLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQ3pFLE1BQU0saUJBQWlCLEdBQUcsT0FBTztnQkFDL0IsQ0FBQyxDQUFDLEVBQUU7Z0JBQ0osQ0FBQyxDQUFDLE1BQU0sb0JBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxXQUFXLEVBQUUsRUFBRSxFQUFFLGdCQUFnQixDQUFDLENBQUM7WUFFakYsTUFBTSxXQUFXLEdBQUcsSUFBSSxLQUFLLENBQUMsZ0NBQWdDLENBQUM7Z0JBQzdELEtBQUssRUFBRSxXQUFXO2dCQUNsQixZQUFZLEVBQUUsRUFBRTtnQkFDaEIsS0FBSyxFQUFFLGlCQUFpQjtnQkFDeEIsSUFBSTthQUNMLENBQUMsQ0FBQztZQUVILE1BQU0sWUFBWSxHQUFHLE1BQU0sV0FBVyxDQUFDLE1BQU0sRUFBRSxDQUFDO1lBQ2hELElBQUksQ0FBQyxZQUFZLENBQUMsTUFBTSxFQUFFLENBQUM7Z0JBQ3pCLE9BQU87b0JBQ0wsT0FBTyxFQUFFLEtBQUs7b0JBQ2QsWUFBWSxFQUFFLFlBQVksQ0FBQyxhQUFhO2lCQUN6QyxDQUFDO1lBQ0osQ0FBQztZQUVEOzs7Ozs7OztlQVFHO1lBQ0gsTUFBTSxrQkFBa0IsR0FBRyxXQUFXLENBQUMsS0FBSyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FDcEQsWUFBWSxDQUFDLGVBQWUsRUFBRSxJQUFJLENBQUMsQ0FBQyxZQUFZLEVBQUUsRUFBRSxDQUNsRCxZQUFZLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsWUFBWSxDQUFDLENBQ3JELENBQ0YsQ0FBQztZQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO2dCQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLDZDQUE2QyxDQUFDLENBQUM7WUFDakUsQ0FBQztZQUVELE9BQU87Z0JBQ0wsT0FBTyxFQUFFLElBQUk7YUFDZCxDQUFDO1FBQ0osQ0FBQztRQUFDLE9BQU8sR0FBRyxFQUFFLENBQUM7WUFDYixPQUFPO2dCQUNMLE9BQU8sRUFBRSxLQUFLO2dCQUNkLFlBQVksRUFBRyxHQUFhLENBQUMsT0FBTzthQUNyQyxDQUFDO1FBQ0osQ0FBQztJQUNILENBQUM7SUFFRCxNQUFNLENBQUMsVUFBVSxDQUFDLEtBQXdCO1FBQ3hDLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsa0JBQWtCLENBQUMsYUFBYSxDQUFDLEtBQUssQ0FBQyxDQUFDO1FBQzFGLE9BQU8sVUFBVSxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQ2hDLEtBQUssQ0FBQyxXQUFXLENBQUMsT0FBTyxDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUNoRSxDQUFDO0lBQ0osQ0FBQzs7QUFoTkgsZ0RBaU5DIn0=
|
|
@@ -1,9 +1,14 @@
|
|
|
1
1
|
import * as pkijs from 'pkijs';
|
|
2
|
+
import { GenerateOcspResponseParams, ParsedOcspRequest } from '../index.js';
|
|
2
3
|
export declare class OCSPHelper {
|
|
3
|
-
static getOCSPResponseFromCerts(certs: pkijs.Certificate[], ca: pkijs.Certificate[]): Promise<pkijs.BasicOCSPResponse[]>;
|
|
4
|
+
static getOCSPResponseFromCerts(certs: pkijs.Certificate[], ca: pkijs.Certificate[], oidsToCheck?: string[]): Promise<pkijs.BasicOCSPResponse[]>;
|
|
5
|
+
static generateOCSPResponse(params: GenerateOcspResponseParams): Promise<ArrayBuffer>;
|
|
6
|
+
static parseOCSPRequest(ocspRequestBinary: ArrayBuffer): ParsedOcspRequest;
|
|
7
|
+
private static canCertSignOCSPResponse;
|
|
4
8
|
private static getOCSPRequestData;
|
|
5
9
|
private static getOCSPResponse;
|
|
6
10
|
private static sendOCSPRequest;
|
|
7
11
|
private static getNonceForRequest;
|
|
8
12
|
private static getNonceFromResponse;
|
|
13
|
+
private static getCertExtensionsToCheck;
|
|
9
14
|
}
|
|
@@ -27,29 +27,145 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
|
|
|
27
27
|
};
|
|
28
28
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
29
29
|
exports.OCSPHelper = void 0;
|
|
30
|
+
const lodash_1 = __importDefault(require("lodash"));
|
|
31
|
+
const node_forge_1 = __importDefault(require("node-forge"));
|
|
30
32
|
const pkijs = __importStar(require("pkijs"));
|
|
31
33
|
const asn1js = __importStar(require("asn1js"));
|
|
32
34
|
const axios_1 = __importDefault(require("axios"));
|
|
35
|
+
const asn1_ocsp_1 = require("@peculiar/asn1-ocsp");
|
|
36
|
+
const asn1_schema_1 = require("@peculiar/asn1-schema");
|
|
37
|
+
const asn1_x509_1 = require("@peculiar/asn1-x509");
|
|
33
38
|
const constants_js_1 = require("../constants.js");
|
|
34
39
|
const helper_js_1 = require("./helper.js");
|
|
35
40
|
const index_js_1 = require("../index.js");
|
|
41
|
+
const x509_1 = require("@peculiar/x509");
|
|
42
|
+
const DEFAULT_REVOCATION_DATE = new Date('1970-01-01T00:00:00Z');
|
|
36
43
|
class OCSPHelper {
|
|
37
|
-
static async getOCSPResponseFromCerts(certs, ca) {
|
|
44
|
+
static async getOCSPResponseFromCerts(certs, ca, oidsToCheck = []) {
|
|
38
45
|
const ocspRequestsData = certs
|
|
39
46
|
.map(OCSPHelper.getOCSPRequestData)
|
|
40
47
|
.filter(Boolean);
|
|
41
48
|
if (!ocspRequestsData.length) {
|
|
42
49
|
return [];
|
|
43
50
|
}
|
|
44
|
-
const
|
|
51
|
+
const groupByOcspUrl = lodash_1.default.groupBy(ocspRequestsData, 'ocspUrl');
|
|
52
|
+
const getOcspResponseParams = Object.entries(groupByOcspUrl).map(([ocspUrl, certParams]) => ({
|
|
53
|
+
ocspUrl,
|
|
54
|
+
certsWithIssuer: certParams.map(({ cert, issuerCertUrl }) => ({
|
|
55
|
+
cert,
|
|
56
|
+
issuerCertUrl,
|
|
57
|
+
issuerCert: helper_js_1.CertificatesHelper.getIssuerBySubject(cert, [...certs, ...ca]),
|
|
58
|
+
})),
|
|
59
|
+
ca,
|
|
60
|
+
oidsToCheck,
|
|
61
|
+
}));
|
|
62
|
+
const ocspResponseResults = await Promise.allSettled(getOcspResponseParams.map((params) => OCSPHelper.getOCSPResponse(params)));
|
|
45
63
|
const rejectedOCSPResponses = ocspResponseResults
|
|
46
64
|
.filter(index_js_1.helpers.isRejected)
|
|
47
65
|
.map((result) => result.reason);
|
|
48
66
|
if (rejectedOCSPResponses.length) {
|
|
49
|
-
throw new Error(`Can't get OCSP responses for some certificates (reasons=${rejectedOCSPResponses.join(';\n')})`);
|
|
67
|
+
throw new Error(`Can't get valid OCSP responses for some of certificates (reasons=${rejectedOCSPResponses.join(';\n')})`);
|
|
50
68
|
}
|
|
51
69
|
return ocspResponseResults.filter(index_js_1.helpers.isFulfilled).map((result) => result.value);
|
|
52
70
|
}
|
|
71
|
+
static async generateOCSPResponse(params) {
|
|
72
|
+
const ocspBasicResp = new pkijs.BasicOCSPResponse();
|
|
73
|
+
const { issuerPem: issuerCertPem, caCertsPem, certs, privateKey, nonce } = params;
|
|
74
|
+
const { certs: issuerCertsPem } = helper_js_1.CertificatesHelper.extractCAFromChain(`${issuerCertPem}\n${caCertsPem || ''}`);
|
|
75
|
+
const issuerCert = helper_js_1.CertificatesHelper.toPkiCerts(issuerCertPem)[0];
|
|
76
|
+
ocspBasicResp.tbsResponseData.responderID = issuerCert.subject;
|
|
77
|
+
ocspBasicResp.tbsResponseData.producedAt = new Date();
|
|
78
|
+
ocspBasicResp.certs = helper_js_1.CertificatesHelper.toPkiCerts(issuerCertsPem);
|
|
79
|
+
for (const certData of certs) {
|
|
80
|
+
const { serialNumber, status, issuerKeyHash, issuerNameHash, hashAlgorithm, revocationDate } = certData;
|
|
81
|
+
const certID = new pkijs.CertID({
|
|
82
|
+
hashAlgorithm: new pkijs.AlgorithmIdentifier({
|
|
83
|
+
algorithmId: hashAlgorithm,
|
|
84
|
+
algorithmParams: new asn1js.Null(),
|
|
85
|
+
}),
|
|
86
|
+
issuerNameHash: new asn1js.OctetString({ valueHex: issuerNameHash }),
|
|
87
|
+
issuerKeyHash: new asn1js.OctetString({ valueHex: issuerKeyHash }),
|
|
88
|
+
serialNumber: new asn1js.Integer({ valueHex: serialNumber }),
|
|
89
|
+
});
|
|
90
|
+
const response = new pkijs.SingleResponse({
|
|
91
|
+
certID,
|
|
92
|
+
});
|
|
93
|
+
switch (status) {
|
|
94
|
+
case index_js_1.OcspCertStatus.OK:
|
|
95
|
+
case index_js_1.OcspCertStatus.Unknown:
|
|
96
|
+
response.certStatus = new asn1js.Primitive({
|
|
97
|
+
idBlock: {
|
|
98
|
+
tagClass: 3,
|
|
99
|
+
tagNumber: status,
|
|
100
|
+
},
|
|
101
|
+
});
|
|
102
|
+
break;
|
|
103
|
+
case index_js_1.OcspCertStatus.Revoked:
|
|
104
|
+
response.certStatus = new asn1js.Constructed({
|
|
105
|
+
idBlock: {
|
|
106
|
+
tagClass: 3,
|
|
107
|
+
tagNumber: status,
|
|
108
|
+
isConstructed: true,
|
|
109
|
+
},
|
|
110
|
+
value: [
|
|
111
|
+
new asn1js.GeneralizedTime({
|
|
112
|
+
valueDate: revocationDate || DEFAULT_REVOCATION_DATE,
|
|
113
|
+
}),
|
|
114
|
+
],
|
|
115
|
+
});
|
|
116
|
+
break;
|
|
117
|
+
default:
|
|
118
|
+
throw new Error(`Unknown OCSP certificate status: ${status}`);
|
|
119
|
+
}
|
|
120
|
+
response.thisUpdate = new Date();
|
|
121
|
+
ocspBasicResp.tbsResponseData.responses.push(response);
|
|
122
|
+
}
|
|
123
|
+
if (nonce) {
|
|
124
|
+
ocspBasicResp.tbsResponseData.responseExtensions = [
|
|
125
|
+
new pkijs.Extension({
|
|
126
|
+
extnID: index_js_1.constants.OID_OCSP_NONCE,
|
|
127
|
+
extnValue: new asn1js.OctetString({ valueHex: nonce }).toBER(),
|
|
128
|
+
}),
|
|
129
|
+
];
|
|
130
|
+
}
|
|
131
|
+
const privateCryptoKey = await index_js_1.CryptoKeysTransformer.pkcs8PemToCryptoKey(privateKey);
|
|
132
|
+
await ocspBasicResp.sign(privateCryptoKey, 'SHA-256');
|
|
133
|
+
const ocspBasicRespRaw = ocspBasicResp.toSchema().toBER(false);
|
|
134
|
+
const ocspResp = new pkijs.OCSPResponse({
|
|
135
|
+
responseStatus: new asn1js.Enumerated({ value: 0 }), // success
|
|
136
|
+
responseBytes: new pkijs.ResponseBytes({
|
|
137
|
+
responseType: pkijs.id_PKIX_OCSP_Basic,
|
|
138
|
+
response: new asn1js.OctetString({ valueHex: ocspBasicRespRaw }),
|
|
139
|
+
}),
|
|
140
|
+
});
|
|
141
|
+
return ocspResp.toSchema().toBER();
|
|
142
|
+
}
|
|
143
|
+
static parseOCSPRequest(ocspRequestBinary) {
|
|
144
|
+
const ocspRequest = asn1_schema_1.AsnParser.parse(ocspRequestBinary, asn1_ocsp_1.OCSPRequest);
|
|
145
|
+
const certRequests = ocspRequest.tbsRequest.requestList.map((request) => {
|
|
146
|
+
const reqCert = {
|
|
147
|
+
hashAlgorithm: request.reqCert.hashAlgorithm.algorithm,
|
|
148
|
+
issuerNameHash: Buffer.from(request.reqCert.issuerNameHash.buffer),
|
|
149
|
+
issuerKeyHash: Buffer.from(request.reqCert.issuerKeyHash.buffer),
|
|
150
|
+
serialNumber: request.reqCert.serialNumber,
|
|
151
|
+
};
|
|
152
|
+
const extensionsToCheck = request.singleRequestExtensions?.map((ext) => ({
|
|
153
|
+
oid: ext.extnID,
|
|
154
|
+
value: Buffer.from(ext.extnValue.buffer),
|
|
155
|
+
})) || [];
|
|
156
|
+
return { ...reqCert, extensionsToCheck };
|
|
157
|
+
});
|
|
158
|
+
const nonceExtension = ocspRequest.tbsRequest.requestExtensions?.find((ext) => ext.extnID === index_js_1.constants.OID_OCSP_NONCE);
|
|
159
|
+
const nonce = nonceExtension && nonceExtension.extnValue.buffer;
|
|
160
|
+
return { certRequests, nonce };
|
|
161
|
+
}
|
|
162
|
+
static canCertSignOCSPResponse(cert) {
|
|
163
|
+
const extKeysUsage = cert.extensions?.find((ext) => ext.extnID === node_forge_1.default.pki.oids['extKeyUsage']);
|
|
164
|
+
if (!extKeysUsage) {
|
|
165
|
+
return false;
|
|
166
|
+
}
|
|
167
|
+
return Boolean(extKeysUsage.parsedValue.keyPurposes.find((usage) => usage === x509_1.ExtendedKeyUsage.ocspSigning));
|
|
168
|
+
}
|
|
53
169
|
static getOCSPRequestData(cert) {
|
|
54
170
|
const authorityExtension = helper_js_1.CertificatesHelper.getExtensionValue(cert, constants_js_1.OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION);
|
|
55
171
|
if (!authorityExtension) {
|
|
@@ -58,42 +174,92 @@ class OCSPHelper {
|
|
|
58
174
|
const extensionValue = pkijs.ExtensionValueFactory.fromBER(constants_js_1.OID_AUTHORITY_INFORMATION_ACCESS_EXTENSION, authorityExtension);
|
|
59
175
|
const ocspUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === constants_js_1.OID_OCSP_ACCESS_METHOD)?.accessLocation.value;
|
|
60
176
|
const issuerCertUrl = extensionValue.accessDescriptions.find((desc) => desc.accessMethod === constants_js_1.OID_OCSP_ISSUER_ACCESS_METHOD)?.accessLocation.value;
|
|
61
|
-
if (!ocspUrl
|
|
62
|
-
// TODO: throw error?
|
|
177
|
+
if (!ocspUrl) {
|
|
63
178
|
return;
|
|
64
179
|
}
|
|
65
180
|
return { ocspUrl, issuerCertUrl, cert };
|
|
66
181
|
}
|
|
67
|
-
static async getOCSPResponse(
|
|
68
|
-
const { ocspUrl,
|
|
69
|
-
const
|
|
70
|
-
const
|
|
71
|
-
const
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
}
|
|
182
|
+
static async getOCSPResponse(params) {
|
|
183
|
+
const { ocspUrl, certsWithIssuer, ca, oidsToCheck } = params;
|
|
184
|
+
const requestList = [];
|
|
185
|
+
const issuerCertificates = [];
|
|
186
|
+
const addIssuerCertIfNotExists = (cert) => {
|
|
187
|
+
if (!issuerCertificates.some((c) => c.subject.isEqual(cert.subject))) {
|
|
188
|
+
issuerCertificates.push(cert);
|
|
189
|
+
}
|
|
190
|
+
};
|
|
191
|
+
for (const { cert, issuerCert: issuerCertFromParams, issuerCertUrl } of certsWithIssuer) {
|
|
192
|
+
let issuerCertificate = issuerCertFromParams;
|
|
193
|
+
if (!issuerCertificate && issuerCertUrl) {
|
|
194
|
+
const issuerCertRaw = await helper_js_1.CertificatesHelper.downloadCertWithCache(issuerCertUrl);
|
|
195
|
+
issuerCertificate = pkijs.Certificate.fromBER(issuerCertRaw);
|
|
196
|
+
}
|
|
197
|
+
if (!issuerCertificate) {
|
|
198
|
+
throw new Error(`No issuer certificate found for OCSP request for ${cert.subject}`);
|
|
199
|
+
}
|
|
200
|
+
addIssuerCertIfNotExists(issuerCertificate);
|
|
201
|
+
addIssuerCertIfNotExists(cert);
|
|
202
|
+
const certID = new pkijs.CertID();
|
|
203
|
+
await certID.createForCertificate(cert, {
|
|
204
|
+
hashAlgorithm: 'SHA-256',
|
|
205
|
+
issuerCertificate,
|
|
206
|
+
});
|
|
207
|
+
const request = new asn1_ocsp_1.Request({
|
|
208
|
+
reqCert: new asn1_ocsp_1.CertID({
|
|
209
|
+
hashAlgorithm: new asn1_x509_1.AlgorithmIdentifier({
|
|
210
|
+
algorithm: certID.hashAlgorithm.algorithmId,
|
|
211
|
+
}),
|
|
212
|
+
issuerNameHash: new asn1_schema_1.OctetString().fromASN(certID.issuerNameHash),
|
|
213
|
+
issuerKeyHash: new asn1_schema_1.OctetString().fromASN(certID.issuerKeyHash),
|
|
214
|
+
serialNumber: certID.serialNumber.valueBlock.valueHex,
|
|
215
|
+
}),
|
|
216
|
+
});
|
|
217
|
+
const extensionsToCheck = OCSPHelper.getCertExtensionsToCheck(cert, oidsToCheck);
|
|
218
|
+
if (extensionsToCheck.length) {
|
|
219
|
+
request.singleRequestExtensions = new asn1_x509_1.Extensions(extensionsToCheck.map((ext) => new asn1_x509_1.Extension({ extnID: ext.oid, extnValue: new asn1_schema_1.OctetString(ext.value) })));
|
|
220
|
+
}
|
|
221
|
+
requestList.push(request);
|
|
222
|
+
}
|
|
76
223
|
const reqNonce = OCSPHelper.getNonceForRequest();
|
|
77
|
-
ocspReq
|
|
78
|
-
new
|
|
79
|
-
|
|
80
|
-
|
|
224
|
+
const ocspReq = new asn1_ocsp_1.OCSPRequest({
|
|
225
|
+
tbsRequest: new asn1_ocsp_1.TBSRequest({
|
|
226
|
+
requestList,
|
|
227
|
+
requestExtensions: new asn1_x509_1.Extensions([
|
|
228
|
+
new asn1_x509_1.Extension({
|
|
229
|
+
extnID: index_js_1.constants.OID_OCSP_NONCE,
|
|
230
|
+
extnValue: new asn1_schema_1.OctetString(reqNonce),
|
|
231
|
+
}),
|
|
232
|
+
]),
|
|
81
233
|
}),
|
|
82
|
-
|
|
234
|
+
});
|
|
83
235
|
const ocspBasicResp = await OCSPHelper.sendOCSPRequest(ocspUrl, ocspReq);
|
|
84
236
|
const respNonce = await OCSPHelper.getNonceFromResponse(ocspBasicResp);
|
|
85
237
|
if (respNonce && Buffer.compare(reqNonce, respNonce) !== 0) {
|
|
86
238
|
throw new Error(`OCSP nonces from request and response do not match`);
|
|
87
239
|
}
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
ocspBasicResp.certs = [issuerCertificate];
|
|
91
|
-
trustedCerts.push(...ca);
|
|
240
|
+
if (!ocspBasicResp.certs?.length) {
|
|
241
|
+
ocspBasicResp.certs = issuerCertificates;
|
|
92
242
|
}
|
|
93
|
-
|
|
94
|
-
|
|
243
|
+
const signers = ocspBasicResp.certs.filter((cert) => cert.subject.isEqual(ocspBasicResp.tbsResponseData.responderID));
|
|
244
|
+
if (!signers.length) {
|
|
245
|
+
throw new Error('No OCSP signer certificate found');
|
|
246
|
+
}
|
|
247
|
+
if (signers.length > 1) {
|
|
248
|
+
throw new Error('Prohibited attempt to replace OCSP signer');
|
|
249
|
+
}
|
|
250
|
+
const signerChain = helper_js_1.CertificatesHelper.buildChain(signers[0], [
|
|
251
|
+
...ocspBasicResp.certs,
|
|
252
|
+
...issuerCertificates,
|
|
253
|
+
]);
|
|
254
|
+
ocspBasicResp.certs = signerChain;
|
|
255
|
+
const isValid = await ocspBasicResp.verify({ trustedCerts: ca });
|
|
256
|
+
if (!isValid) {
|
|
257
|
+
throw new Error('OCSP response verification failed');
|
|
258
|
+
}
|
|
259
|
+
const isSignerValid = OCSPHelper.canCertSignOCSPResponse(signers[0]);
|
|
260
|
+
if (!isSignerValid) {
|
|
261
|
+
throw new Error('OCSP signer certificate does not have the OCSP signing extended key usage');
|
|
95
262
|
}
|
|
96
|
-
await ocspBasicResp.verify({ trustedCerts });
|
|
97
263
|
return ocspBasicResp;
|
|
98
264
|
}
|
|
99
265
|
static async sendOCSPRequest(ocspUrl, ocspReq) {
|
|
@@ -103,7 +269,7 @@ class OCSPHelper {
|
|
|
103
269
|
'Content-Type': 'application/ocsp-request',
|
|
104
270
|
},
|
|
105
271
|
responseType: 'arraybuffer',
|
|
106
|
-
data:
|
|
272
|
+
data: asn1_schema_1.AsnSerializer.serialize(ocspReq),
|
|
107
273
|
});
|
|
108
274
|
const ocspRespSimpl = pkijs.OCSPResponse.fromBER(ocspResponse.data);
|
|
109
275
|
if (!ocspRespSimpl.responseBytes) {
|
|
@@ -117,8 +283,16 @@ class OCSPHelper {
|
|
|
117
283
|
}
|
|
118
284
|
static getNonceFromResponse(ocspBasicResp) {
|
|
119
285
|
const nonceExtension = ocspBasicResp.tbsResponseData?.responseExtensions?.find((extension) => extension.extnID === index_js_1.constants.OID_OCSP_NONCE);
|
|
120
|
-
return nonceExtension
|
|
286
|
+
return nonceExtension && Buffer.from(nonceExtension.parsedValue.valueBlock.valueHex);
|
|
287
|
+
}
|
|
288
|
+
static getCertExtensionsToCheck(cert, oidsToCheck) {
|
|
289
|
+
return oidsToCheck
|
|
290
|
+
.map((oid) => {
|
|
291
|
+
const value = helper_js_1.CertificatesHelper.getExtensionValue(cert, oid);
|
|
292
|
+
return { oid, value };
|
|
293
|
+
})
|
|
294
|
+
.filter((ext) => Boolean(ext.value));
|
|
121
295
|
}
|
|
122
296
|
}
|
|
123
297
|
exports.OCSPHelper = OCSPHelper;
|
|
124
|
-
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2NzcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvb2NzcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLDZDQUErQjtBQUMvQiwrQ0FBaUM7QUFDakMsa0RBQTBCO0FBQzFCLGtEQUl5QjtBQUN6QiwyQ0FBaUQ7QUFDakQsMENBQWlEO0FBSWpELE1BQWEsVUFBVTtJQUNyQixNQUFNLENBQUMsS0FBSyxDQUFDLHdCQUF3QixDQUNuQyxLQUEwQixFQUMxQixFQUF1QjtRQUV2QixNQUFNLGdCQUFnQixHQUFHLEtBQUs7YUFDM0IsR0FBRyxDQUFDLFVBQVUsQ0FBQyxrQkFBa0IsQ0FBQzthQUNsQyxNQUFNLENBQUMsT0FBTyxDQUFzQixDQUFDO1FBRXhDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM3QixPQUFPLEVBQUUsQ0FBQztRQUNaLENBQUM7UUFFRCxNQUFNLG1CQUFtQixHQUFHLE1BQU0sT0FBTyxDQUFDLFVBQVUsQ0FDbEQsZ0JBQWdCLENBQUMsR0FBRyxDQUFDLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsZUFBZSxDQUFDLFdBQVcsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUNuRixDQUFDO1FBRUYsTUFBTSxxQkFBcUIsR0FBRyxtQkFBbUI7YUFDOUMsTUFBTSxDQUFDLGtCQUFPLENBQUMsVUFBVSxDQUFDO2FBQzFCLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ2xDLElBQUkscUJBQXFCLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDakMsTUFBTSxJQUFJLEtBQUssQ0FDYiwyREFBMkQscUJBQXFCLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQ2hHLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTyxtQkFBbUIsQ0FBQyxNQUFNLENBQUMsa0JBQU8sQ0FBQyxXQUFXLENBQUMsQ0FBQyxHQUFHLENBQUMsQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN2RixDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQixDQUFDLElBQXVCO1FBQ3ZELE1BQU0sa0JBQWtCLEdBQUcsOEJBQWtCLENBQUMsaUJBQWlCLENBQzdELElBQUksRUFDSix5REFBMEMsQ0FDM0MsQ0FBQztRQUNGLElBQUksQ0FBQyxrQkFBa0IsRUFBRSxDQUFDO1lBQ3hCLE9BQU87UUFDVCxDQUFDO1FBRUQsTUFBTSxjQUFjLEdBQUcsS0FBSyxDQUFDLHFCQUFxQixDQUFDLE9BQU8sQ0FDeEQseURBQTBDLEVBQzFDLGtCQUFrQixDQUNFLENBQUM7UUFFdkIsTUFBTSxPQUFPLEdBQUcsY0FBYyxDQUFDLGtCQUFrQixDQUFDLElBQUksQ0FDcEQsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxZQUFZLEtBQUsscUNBQXNCLENBQ3ZELEVBQUUsY0FBYyxDQUFDLEtBQUssQ0FBQztRQUV4QixNQUFNLGFBQWEsR0FBRyxjQUFjLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUMxRCxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFlBQVksS0FBSyw0Q0FBNkIsQ0FDOUQsRUFBRSxjQUFjLENBQUMsS0FBSyxDQUFDO1FBRXhCLElBQUksQ0FBQyxPQUFPLElBQUksQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUMvQixxQkFBcUI7WUFDckIsT0FBTztRQUNULENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLGFBQWEsRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUMxQyxDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLElBQXFCLEVBQ3JCLEVBQXVCO1FBRXZCLE1BQU0sRUFBRSxPQUFPLEVBQUUsYUFBYSxFQUFFLElBQUksRUFBRSxHQUFHLElBQUksQ0FBQztRQUM5QyxNQUFNLGFBQWEsR0FBRyxNQUFNLDhCQUFrQixDQUFDLHFCQUFxQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3BGLE1BQU0saUJBQWlCLEdBQUcsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLENBQUM7UUFDbkUsTUFBTSxPQUFPLEdBQUcsSUFBSSxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUM7UUFDeEMsTUFBTSxPQUFPLENBQUMsb0JBQW9CLENBQUMsSUFBSSxFQUFFO1lBQ3ZDLGFBQWEsRUFBRSxTQUFTO1lBQ3hCLGlCQUFpQjtTQUNsQixDQUFDLENBQUM7UUFDSCxNQUFNLFFBQVEsR0FBRyxVQUFVLENBQUMsa0JBQWtCLEVBQUUsQ0FBQztRQUNqRCxPQUFPLENBQUMsVUFBVSxDQUFDLGlCQUFpQixHQUFHO1lBQ3JDLElBQUksS0FBSyxDQUFDLFNBQVMsQ0FBQztnQkFDbEIsTUFBTSxFQUFFLG9CQUFTLENBQUMsY0FBYztnQkFDaEMsU0FBUyxFQUFFLElBQUksTUFBTSxDQUFDLFdBQVcsQ0FBQyxFQUFFLFFBQVEsRUFBRSxRQUFRLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxLQUFLLEVBQUU7YUFDekUsQ0FBQztTQUNILENBQUM7UUFFRixNQUFNLGFBQWEsR0FBRyxNQUFNLFVBQVUsQ0FBQyxlQUFlLENBQUMsT0FBTyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBRXpFLE1BQU0sU0FBUyxHQUFHLE1BQU0sVUFBVSxDQUFDLG9CQUFvQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3ZFLElBQUksU0FBUyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzNELE1BQU0sSUFBSSxLQUFLLENBQUMsb0RBQW9ELENBQUMsQ0FBQztRQUN4RSxDQUFDO1FBRUQsTUFBTSxZQUFZLEdBQXdCLEVBQUUsQ0FBQztRQUM3QyxJQUFJLENBQUMsYUFBYSxDQUFDLEtBQUssRUFBRSxDQUFDO1lBQ3pCLGFBQWEsQ0FBQyxLQUFLLEdBQUcsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1lBQzFDLFlBQVksQ0FBQyxJQUFJLENBQUMsR0FBRyxFQUFFLENBQUMsQ0FBQztRQUMzQixDQUFDO2FBQU0sQ0FBQztZQUNOLFlBQVksQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUMsQ0FBQztRQUN2QyxDQUFDO1FBRUQsTUFBTSxhQUFhLENBQUMsTUFBTSxDQUFDLEVBQUUsWUFBWSxFQUFFLENBQUMsQ0FBQztRQUM3QyxPQUFPLGFBQWEsQ0FBQztJQUN2QixDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLE9BQWUsRUFDZixPQUEwQjtRQUUxQixNQUFNLFlBQVksR0FBRyxNQUFNLElBQUEsZUFBSyxFQUFDLE9BQU8sRUFBRTtZQUN4QyxNQUFNLEVBQUUsTUFBTTtZQUNkLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsMEJBQTBCO2FBQzNDO1lBQ0QsWUFBWSxFQUFFLGFBQWE7WUFDM0IsSUFBSSxFQUFFLE9BQU8sQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLENBQUMsS0FBSyxFQUFFO1NBQ3JDLENBQUMsQ0FBQztRQUVILE1BQU0sYUFBYSxHQUFHLEtBQUssQ0FBQyxZQUFZLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsQ0FBQztRQUNwRSxJQUFJLENBQUMsYUFBYSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sSUFBSSxLQUFLLENBQUMsOERBQThELENBQUMsQ0FBQztRQUNsRixDQUFDO1FBRUQsTUFBTSxhQUFhLEdBQUcsS0FBSyxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkQsYUFBYSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FDN0QsQ0FBQztRQUVGLE9BQU8sYUFBYSxDQUFDO0lBQ3ZCLENBQUM7SUFFTyxNQUFNLENBQUMsa0JBQWtCO1FBQy9CLE9BQU8sS0FBSyxDQUFDLGVBQWUsQ0FBQyxJQUFJLFVBQVUsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ25ELENBQUM7SUFFTyxNQUFNLENBQUMsb0JBQW9CLENBQ2pDLGFBQXNDO1FBRXRDLE1BQU0sY0FBYyxHQUFHLGFBQWEsQ0FBQyxlQUFlLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxDQUM1RSxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLE1BQU0sS0FBSyxvQkFBUyxDQUFDLGNBQWMsQ0FDN0QsQ0FBQztRQUNGLE9BQU8sY0FBYyxFQUFFLFNBQVMsQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDO0lBQzNELENBQUM7Q0FDRjtBQXZJRCxnQ0F1SUMifQ==
|
|
298
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoib2NzcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9jZXJ0aWZpY2F0ZXMvb2NzcC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztBQUFBLG9EQUF1QjtBQUN2Qiw0REFBK0I7QUFDL0IsNkNBQStCO0FBQy9CLCtDQUFpQztBQUNqQyxrREFBMEI7QUFDMUIsbURBQStFO0FBQy9FLHVEQUE4RTtBQUM5RSxtREFBaUY7QUFDakYsa0RBSXlCO0FBQ3pCLDJDQUFpRDtBQUNqRCwwQ0FRcUI7QUFDckIseUNBQWtEO0FBZWxELE1BQU0sdUJBQXVCLEdBQUcsSUFBSSxJQUFJLENBQUMsc0JBQXNCLENBQUMsQ0FBQztBQUVqRSxNQUFhLFVBQVU7SUFDckIsTUFBTSxDQUFDLEtBQUssQ0FBQyx3QkFBd0IsQ0FDbkMsS0FBMEIsRUFDMUIsRUFBdUIsRUFDdkIsY0FBd0IsRUFBRTtRQUUxQixNQUFNLGdCQUFnQixHQUFHLEtBQUs7YUFDM0IsR0FBRyxDQUFDLFVBQVUsQ0FBQyxrQkFBa0IsQ0FBQzthQUNsQyxNQUFNLENBQUMsT0FBTyxDQUFzQixDQUFDO1FBQ3hDLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUM3QixPQUFPLEVBQUUsQ0FBQztRQUNaLENBQUM7UUFFRCxNQUFNLGNBQWMsR0FBRyxnQkFBQyxDQUFDLE9BQU8sQ0FBQyxnQkFBZ0IsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUM5RCxNQUFNLHFCQUFxQixHQUE0QixNQUFNLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxDQUFDLEdBQUcsQ0FDdkYsQ0FBQyxDQUFDLE9BQU8sRUFBRSxVQUFVLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQztZQUMxQixPQUFPO1lBQ1AsZUFBZSxFQUFFLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQyxFQUFFLElBQUksRUFBRSxhQUFhLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDNUQsSUFBSTtnQkFDSixhQUFhO2dCQUNiLFVBQVUsRUFBRSw4QkFBa0IsQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxHQUFHLEtBQUssRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDO2FBQzNFLENBQUMsQ0FBQztZQUNILEVBQUU7WUFDRixXQUFXO1NBQ1osQ0FBQyxDQUNILENBQUM7UUFFRixNQUFNLG1CQUFtQixHQUFHLE1BQU0sT0FBTyxDQUFDLFVBQVUsQ0FDbEQscUJBQXFCLENBQUMsR0FBRyxDQUFDLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxVQUFVLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQzFFLENBQUM7UUFFRixNQUFNLHFCQUFxQixHQUFHLG1CQUFtQjthQUM5QyxNQUFNLENBQUMsa0JBQU8sQ0FBQyxVQUFVLENBQUM7YUFDMUIsR0FBRyxDQUFDLENBQUMsTUFBTSxFQUFFLEVBQUUsQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDbEMsSUFBSSxxQkFBcUIsQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNqQyxNQUFNLElBQUksS0FBSyxDQUNiLG9FQUFvRSxxQkFBcUIsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FDekcsQ0FBQztRQUNKLENBQUM7UUFFRCxPQUFPLG1CQUFtQixDQUFDLE1BQU0sQ0FBQyxrQkFBTyxDQUFDLFdBQVcsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ3ZGLENBQUM7SUFFRCxNQUFNLENBQUMsS0FBSyxDQUFDLG9CQUFvQixDQUFDLE1BQWtDO1FBQ2xFLE1BQU0sYUFBYSxHQUFHLElBQUksS0FBSyxDQUFDLGlCQUFpQixFQUFFLENBQUM7UUFDcEQsTUFBTSxFQUFFLFNBQVMsRUFBRSxhQUFhLEVBQUUsVUFBVSxFQUFFLEtBQUssRUFBRSxVQUFVLEVBQUUsS0FBSyxFQUFFLEdBQUcsTUFBTSxDQUFDO1FBQ2xGLE1BQU0sRUFBRSxLQUFLLEVBQUUsY0FBYyxFQUFFLEdBQUcsOEJBQWtCLENBQUMsa0JBQWtCLENBQ3JFLEdBQUcsYUFBYSxLQUFLLFVBQVUsSUFBSSxFQUFFLEVBQUUsQ0FDeEMsQ0FBQztRQUNGLE1BQU0sVUFBVSxHQUFHLDhCQUFrQixDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUVuRSxhQUFhLENBQUMsZUFBZSxDQUFDLFdBQVcsR0FBRyxVQUFVLENBQUMsT0FBTyxDQUFDO1FBQy9ELGFBQWEsQ0FBQyxlQUFlLENBQUMsVUFBVSxHQUFHLElBQUksSUFBSSxFQUFFLENBQUM7UUFDdEQsYUFBYSxDQUFDLEtBQUssR0FBRyw4QkFBa0IsQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDLENBQUM7UUFFcEUsS0FBSyxNQUFNLFFBQVEsSUFBSSxLQUFLLEVBQUUsQ0FBQztZQUM3QixNQUFNLEVBQUUsWUFBWSxFQUFFLE1BQU0sRUFBRSxhQUFhLEVBQUUsY0FBYyxFQUFFLGFBQWEsRUFBRSxjQUFjLEVBQUUsR0FDMUYsUUFBUSxDQUFDO1lBQ1gsTUFBTSxNQUFNLEdBQUcsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDO2dCQUM5QixhQUFhLEVBQUUsSUFBSSxLQUFLLENBQUMsbUJBQW1CLENBQUM7b0JBQzNDLFdBQVcsRUFBRSxhQUFhO29CQUMxQixlQUFlLEVBQUUsSUFBSSxNQUFNLENBQUMsSUFBSSxFQUFFO2lCQUNuQyxDQUFDO2dCQUNGLGNBQWMsRUFBRSxJQUFJLE1BQU0sQ0FBQyxXQUFXLENBQUMsRUFBRSxRQUFRLEVBQUUsY0FBYyxFQUFFLENBQUM7Z0JBQ3BFLGFBQWEsRUFBRSxJQUFJLE1BQU0sQ0FBQyxXQUFXLENBQUMsRUFBRSxRQUFRLEVBQUUsYUFBYSxFQUFFLENBQUM7Z0JBQ2xFLFlBQVksRUFBRSxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsRUFBRSxRQUFRLEVBQUUsWUFBWSxFQUFFLENBQUM7YUFDN0QsQ0FBQyxDQUFDO1lBRUgsTUFBTSxRQUFRLEdBQUcsSUFBSSxLQUFLLENBQUMsY0FBYyxDQUFDO2dCQUN4QyxNQUFNO2FBQ1AsQ0FBQyxDQUFDO1lBRUgsUUFBUSxNQUFNLEVBQUUsQ0FBQztnQkFDZixLQUFLLHlCQUFjLENBQUMsRUFBRSxDQUFDO2dCQUN2QixLQUFLLHlCQUFjLENBQUMsT0FBTztvQkFDekIsUUFBUSxDQUFDLFVBQVUsR0FBRyxJQUFJLE1BQU0sQ0FBQyxTQUFTLENBQUM7d0JBQ3pDLE9BQU8sRUFBRTs0QkFDUCxRQUFRLEVBQUUsQ0FBQzs0QkFDWCxTQUFTLEVBQUUsTUFBTTt5QkFDbEI7cUJBQ0YsQ0FBQyxDQUFDO29CQUNILE1BQU07Z0JBQ1IsS0FBSyx5QkFBYyxDQUFDLE9BQU87b0JBQ3pCLFFBQVEsQ0FBQyxVQUFVLEdBQUcsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDO3dCQUMzQyxPQUFPLEVBQUU7NEJBQ1AsUUFBUSxFQUFFLENBQUM7NEJBQ1gsU0FBUyxFQUFFLE1BQU07NEJBQ2pCLGFBQWEsRUFBRSxJQUFJO3lCQUNwQjt3QkFDRCxLQUFLLEVBQUU7NEJBQ0wsSUFBSSxNQUFNLENBQUMsZUFBZSxDQUFDO2dDQUN6QixTQUFTLEVBQUUsY0FBYyxJQUFJLHVCQUF1Qjs2QkFDckQsQ0FBQzt5QkFDSDtxQkFDRixDQUFDLENBQUM7b0JBQ0gsTUFBTTtnQkFDUjtvQkFDRSxNQUFNLElBQUksS0FBSyxDQUFDLG9DQUFvQyxNQUFNLEVBQUUsQ0FBQyxDQUFDO1lBQ2xFLENBQUM7WUFFRCxRQUFRLENBQUMsVUFBVSxHQUFHLElBQUksSUFBSSxFQUFFLENBQUM7WUFDakMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3pELENBQUM7UUFFRCxJQUFJLEtBQUssRUFBRSxDQUFDO1lBQ1YsYUFBYSxDQUFDLGVBQWUsQ0FBQyxrQkFBa0IsR0FBRztnQkFDakQsSUFBSSxLQUFLLENBQUMsU0FBUyxDQUFDO29CQUNsQixNQUFNLEVBQUUsb0JBQVMsQ0FBQyxjQUFjO29CQUNoQyxTQUFTLEVBQUUsSUFBSSxNQUFNLENBQUMsV0FBVyxDQUFDLEVBQUUsUUFBUSxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUMsS0FBSyxFQUFFO2lCQUMvRCxDQUFDO2FBQ0gsQ0FBQztRQUNKLENBQUM7UUFFRCxNQUFNLGdCQUFnQixHQUFHLE1BQU0sZ0NBQXFCLENBQUMsbUJBQW1CLENBQUMsVUFBVSxDQUFDLENBQUM7UUFDckYsTUFBTSxhQUFhLENBQUMsSUFBSSxDQUFDLGdCQUFnQixFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBRXRELE1BQU0sZ0JBQWdCLEdBQUcsYUFBYSxDQUFDLFFBQVEsRUFBRSxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUUvRCxNQUFNLFFBQVEsR0FBRyxJQUFJLEtBQUssQ0FBQyxZQUFZLENBQUM7WUFDdEMsY0FBYyxFQUFFLElBQUksTUFBTSxDQUFDLFVBQVUsQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDLEVBQUUsQ0FBQyxFQUFFLFVBQVU7WUFDL0QsYUFBYSxFQUFFLElBQUksS0FBSyxDQUFDLGFBQWEsQ0FBQztnQkFDckMsWUFBWSxFQUFFLEtBQUssQ0FBQyxrQkFBa0I7Z0JBQ3RDLFFBQVEsRUFBRSxJQUFJLE1BQU0sQ0FBQyxXQUFXLENBQUMsRUFBRSxRQUFRLEVBQUUsZ0JBQWdCLEVBQUUsQ0FBQzthQUNqRSxDQUFDO1NBQ0gsQ0FBQyxDQUFDO1FBRUgsT0FBTyxRQUFRLENBQUMsUUFBUSxFQUFFLENBQUMsS0FBSyxFQUFFLENBQUM7SUFDckMsQ0FBQztJQUVELE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxpQkFBOEI7UUFDcEQsTUFBTSxXQUFXLEdBQUcsdUJBQVMsQ0FBQyxLQUFLLENBQUMsaUJBQWlCLEVBQUUsdUJBQVcsQ0FBQyxDQUFDO1FBQ3BFLE1BQU0sWUFBWSxHQUFHLFdBQVcsQ0FBQyxVQUFVLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFO1lBQ3RFLE1BQU0sT0FBTyxHQUFHO2dCQUNkLGFBQWEsRUFBRSxPQUFPLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FBQyxTQUFTO2dCQUN0RCxjQUFjLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxNQUFNLENBQUM7Z0JBQ2xFLGFBQWEsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLE1BQU0sQ0FBQztnQkFDaEUsWUFBWSxFQUFFLE9BQU8sQ0FBQyxPQUFPLENBQUMsWUFBWTthQUMzQyxDQUFDO1lBRUYsTUFBTSxpQkFBaUIsR0FDckIsT0FBTyxDQUFDLHVCQUF1QixFQUFFLEdBQUcsQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDN0MsR0FBRyxFQUFFLEdBQUcsQ0FBQyxNQUFNO2dCQUNmLEtBQUssRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO2FBQ3pDLENBQUMsQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUVaLE9BQU8sRUFBRSxHQUFHLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxDQUFDO1FBQzNDLENBQUMsQ0FBQyxDQUFDO1FBRUgsTUFBTSxjQUFjLEdBQUcsV0FBVyxDQUFDLFVBQVUsQ0FBQyxpQkFBaUIsRUFBRSxJQUFJLENBQ25FLENBQUMsR0FBRyxFQUFFLEVBQUUsQ0FBQyxHQUFHLENBQUMsTUFBTSxLQUFLLG9CQUFTLENBQUMsY0FBYyxDQUNqRCxDQUFDO1FBQ0YsTUFBTSxLQUFLLEdBQUcsY0FBYyxJQUFJLGNBQWMsQ0FBQyxTQUFTLENBQUMsTUFBTSxDQUFDO1FBRWhFLE9BQU8sRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLENBQUM7SUFDakMsQ0FBQztJQUVPLE1BQU0sQ0FBQyx1QkFBdUIsQ0FBQyxJQUF1QjtRQUM1RCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FDeEMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEtBQUssb0JBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUN0RCxDQUFDO1FBQ0YsSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ2xCLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztRQUVELE9BQU8sT0FBTyxDQUNaLFlBQVksQ0FBQyxXQUFXLENBQUMsV0FBVyxDQUFDLElBQUksQ0FDdkMsQ0FBQyxLQUFhLEVBQUUsRUFBRSxDQUFDLEtBQUssS0FBSyx1QkFBZ0IsQ0FBQyxXQUFXLENBQzFELENBQ0YsQ0FBQztJQUNKLENBQUM7SUFFTyxNQUFNLENBQUMsa0JBQWtCLENBQUMsSUFBdUI7UUFDdkQsTUFBTSxrQkFBa0IsR0FBRyw4QkFBa0IsQ0FBQyxpQkFBaUIsQ0FDN0QsSUFBSSxFQUNKLHlEQUEwQyxDQUMzQyxDQUFDO1FBQ0YsSUFBSSxDQUFDLGtCQUFrQixFQUFFLENBQUM7WUFDeEIsT0FBTztRQUNULENBQUM7UUFFRCxNQUFNLGNBQWMsR0FBRyxLQUFLLENBQUMscUJBQXFCLENBQUMsT0FBTyxDQUN4RCx5REFBMEMsRUFDMUMsa0JBQWtCLENBQ0UsQ0FBQztRQUV2QixNQUFNLE9BQU8sR0FBRyxjQUFjLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUNwRCxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFlBQVksS0FBSyxxQ0FBc0IsQ0FDdkQsRUFBRSxjQUFjLENBQUMsS0FBSyxDQUFDO1FBRXhCLE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQzFELENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsWUFBWSxLQUFLLDRDQUE2QixDQUM5RCxFQUFFLGNBQWMsQ0FBQyxLQUFLLENBQUM7UUFFeEIsSUFBSSxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ2IsT0FBTztRQUNULENBQUM7UUFFRCxPQUFPLEVBQUUsT0FBTyxFQUFFLGFBQWEsRUFBRSxJQUFJLEVBQUUsQ0FBQztJQUMxQyxDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLE1BQTZCO1FBRTdCLE1BQU0sRUFBRSxPQUFPLEVBQUUsZUFBZSxFQUFFLEVBQUUsRUFBRSxXQUFXLEVBQUUsR0FBRyxNQUFNLENBQUM7UUFDN0QsTUFBTSxXQUFXLEdBQWMsRUFBRSxDQUFDO1FBQ2xDLE1BQU0sa0JBQWtCLEdBQXdCLEVBQUUsQ0FBQztRQUVuRCxNQUFNLHdCQUF3QixHQUFHLENBQUMsSUFBdUIsRUFBUSxFQUFFO1lBQ2pFLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxFQUFFLENBQUM7Z0JBQ3JFLGtCQUFrQixDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUNoQyxDQUFDO1FBQ0gsQ0FBQyxDQUFDO1FBQ0YsS0FBSyxNQUFNLEVBQUUsSUFBSSxFQUFFLFVBQVUsRUFBRSxvQkFBb0IsRUFBRSxhQUFhLEVBQUUsSUFBSSxlQUFlLEVBQUUsQ0FBQztZQUN4RixJQUFJLGlCQUFpQixHQUFHLG9CQUFvQixDQUFDO1lBQzdDLElBQUksQ0FBQyxpQkFBaUIsSUFBSSxhQUFhLEVBQUUsQ0FBQztnQkFDeEMsTUFBTSxhQUFhLEdBQUcsTUFBTSw4QkFBa0IsQ0FBQyxxQkFBcUIsQ0FBQyxhQUFhLENBQUMsQ0FBQztnQkFDcEYsaUJBQWlCLEdBQUcsS0FBSyxDQUFDLFdBQVcsQ0FBQyxPQUFPLENBQUMsYUFBYSxDQUFDLENBQUM7WUFDL0QsQ0FBQztZQUNELElBQUksQ0FBQyxpQkFBaUIsRUFBRSxDQUFDO2dCQUN2QixNQUFNLElBQUksS0FBSyxDQUFDLG9EQUFvRCxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUMsQ0FBQztZQUN0RixDQUFDO1lBRUQsd0JBQXdCLENBQUMsaUJBQWlCLENBQUMsQ0FBQztZQUM1Qyx3QkFBd0IsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUUvQixNQUFNLE1BQU0sR0FBRyxJQUFJLEtBQUssQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNsQyxNQUFNLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxJQUFJLEVBQUU7Z0JBQ3RDLGFBQWEsRUFBRSxTQUFTO2dCQUN4QixpQkFBaUI7YUFDbEIsQ0FBQyxDQUFDO1lBRUgsTUFBTSxPQUFPLEdBQUcsSUFBSSxtQkFBTyxDQUFDO2dCQUMxQixPQUFPLEVBQUUsSUFBSSxrQkFBTSxDQUFDO29CQUNsQixhQUFhLEVBQUUsSUFBSSwrQkFBbUIsQ0FBQzt3QkFDckMsU0FBUyxFQUFFLE1BQU0sQ0FBQyxhQUFhLENBQUMsV0FBVztxQkFDNUMsQ0FBQztvQkFDRixjQUFjLEVBQUUsSUFBSSx5QkFBVyxFQUFFLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxjQUFjLENBQUM7b0JBQ2hFLGFBQWEsRUFBRSxJQUFJLHlCQUFXLEVBQUUsQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLGFBQWEsQ0FBQztvQkFDOUQsWUFBWSxFQUFFLE1BQU0sQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLFFBQVE7aUJBQ3RELENBQUM7YUFDSCxDQUFDLENBQUM7WUFFSCxNQUFNLGlCQUFpQixHQUFHLFVBQVUsQ0FBQyx3QkFBd0IsQ0FBQyxJQUFJLEVBQUUsV0FBVyxDQUFDLENBQUM7WUFDakYsSUFBSSxpQkFBaUIsQ0FBQyxNQUFNLEVBQUUsQ0FBQztnQkFDN0IsT0FBTyxDQUFDLHVCQUF1QixHQUFHLElBQUksc0JBQVUsQ0FDOUMsaUJBQWlCLENBQUMsR0FBRyxDQUNuQixDQUFDLEdBQUcsRUFBRSxFQUFFLENBQUMsSUFBSSxxQkFBUyxDQUFDLEVBQUUsTUFBTSxFQUFFLEdBQUcsQ0FBQyxHQUFHLEVBQUUsU0FBUyxFQUFFLElBQUkseUJBQVcsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxDQUNuRixDQUNGLENBQUM7WUFDSixDQUFDO1lBRUQsV0FBVyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUM1QixDQUFDO1FBRUQsTUFBTSxRQUFRLEdBQUcsVUFBVSxDQUFDLGtCQUFrQixFQUFFLENBQUM7UUFDakQsTUFBTSxPQUFPLEdBQUcsSUFBSSx1QkFBVyxDQUFDO1lBQzlCLFVBQVUsRUFBRSxJQUFJLHNCQUFVLENBQUM7Z0JBQ3pCLFdBQVc7Z0JBQ1gsaUJBQWlCLEVBQUUsSUFBSSxzQkFBVSxDQUFDO29CQUNoQyxJQUFJLHFCQUFTLENBQUM7d0JBQ1osTUFBTSxFQUFFLG9CQUFTLENBQUMsY0FBYzt3QkFDaEMsU0FBUyxFQUFFLElBQUkseUJBQVcsQ0FBQyxRQUFRLENBQUM7cUJBQ3JDLENBQUM7aUJBQ0gsQ0FBQzthQUNILENBQUM7U0FDSCxDQUFDLENBQUM7UUFFSCxNQUFNLGFBQWEsR0FBRyxNQUFNLFVBQVUsQ0FBQyxlQUFlLENBQUMsT0FBTyxFQUFFLE9BQU8sQ0FBQyxDQUFDO1FBRXpFLE1BQU0sU0FBUyxHQUFHLE1BQU0sVUFBVSxDQUFDLG9CQUFvQixDQUFDLGFBQWEsQ0FBQyxDQUFDO1FBQ3ZFLElBQUksU0FBUyxJQUFJLE1BQU0sQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLFNBQVMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDO1lBQzNELE1BQU0sSUFBSSxLQUFLLENBQUMsb0RBQW9ELENBQUMsQ0FBQztRQUN4RSxDQUFDO1FBRUQsSUFBSSxDQUFDLGFBQWEsQ0FBQyxLQUFLLEVBQUUsTUFBTSxFQUFFLENBQUM7WUFDakMsYUFBYSxDQUFDLEtBQUssR0FBRyxrQkFBa0IsQ0FBQztRQUMzQyxDQUFDO1FBRUQsTUFBTSxPQUFPLEdBQUcsYUFBYSxDQUFDLEtBQUssQ0FBQyxNQUFNLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUNsRCxJQUFJLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFhLENBQUMsZUFBZSxDQUFDLFdBQVcsQ0FBQyxDQUNoRSxDQUFDO1FBQ0YsSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNwQixNQUFNLElBQUksS0FBSyxDQUFDLGtDQUFrQyxDQUFDLENBQUM7UUFDdEQsQ0FBQztRQUNELElBQUksT0FBTyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN2QixNQUFNLElBQUksS0FBSyxDQUFDLDJDQUEyQyxDQUFDLENBQUM7UUFDL0QsQ0FBQztRQUVELE1BQU0sV0FBVyxHQUFHLDhCQUFrQixDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUU7WUFDNUQsR0FBRyxhQUFhLENBQUMsS0FBSztZQUN0QixHQUFHLGtCQUFrQjtTQUN0QixDQUFDLENBQUM7UUFDSCxhQUFhLENBQUMsS0FBSyxHQUFHLFdBQVcsQ0FBQztRQUNsQyxNQUFNLE9BQU8sR0FBRyxNQUFNLGFBQWEsQ0FBQyxNQUFNLENBQUMsRUFBRSxZQUFZLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztRQUNqRSxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDYixNQUFNLElBQUksS0FBSyxDQUFDLG1DQUFtQyxDQUFDLENBQUM7UUFDdkQsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHLFVBQVUsQ0FBQyx1QkFBdUIsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNyRSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDbkIsTUFBTSxJQUFJLEtBQUssQ0FBQywyRUFBMkUsQ0FBQyxDQUFDO1FBQy9GLENBQUM7UUFFRCxPQUFPLGFBQWEsQ0FBQztJQUN2QixDQUFDO0lBRU8sTUFBTSxDQUFDLEtBQUssQ0FBQyxlQUFlLENBQ2xDLE9BQWUsRUFDZixPQUFvQjtRQUVwQixNQUFNLFlBQVksR0FBRyxNQUFNLElBQUEsZUFBSyxFQUFDLE9BQU8sRUFBRTtZQUN4QyxNQUFNLEVBQUUsTUFBTTtZQUNkLE9BQU8sRUFBRTtnQkFDUCxjQUFjLEVBQUUsMEJBQTBCO2FBQzNDO1lBQ0QsWUFBWSxFQUFFLGFBQWE7WUFDM0IsSUFBSSxFQUFFLDJCQUFhLENBQUMsU0FBUyxDQUFDLE9BQU8sQ0FBQztTQUN2QyxDQUFDLENBQUM7UUFFSCxNQUFNLGFBQWEsR0FBRyxLQUFLLENBQUMsWUFBWSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDcEUsSUFBSSxDQUFDLGFBQWEsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUNqQyxNQUFNLElBQUksS0FBSyxDQUFDLDhEQUE4RCxDQUFDLENBQUM7UUFDbEYsQ0FBQztRQUVELE1BQU0sYUFBYSxHQUFHLEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ25ELGFBQWEsQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQzdELENBQUM7UUFFRixPQUFPLGFBQWEsQ0FBQztJQUN2QixDQUFDO0lBRU8sTUFBTSxDQUFDLGtCQUFrQjtRQUMvQixPQUFPLEtBQUssQ0FBQyxlQUFlLENBQUMsSUFBSSxVQUFVLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztJQUNuRCxDQUFDO0lBRU8sTUFBTSxDQUFDLG9CQUFvQixDQUFDLGFBQXNDO1FBQ3hFLE1BQU0sY0FBYyxHQUFHLGFBQWEsQ0FBQyxlQUFlLEVBQUUsa0JBQWtCLEVBQUUsSUFBSSxDQUM1RSxDQUFDLFNBQVMsRUFBRSxFQUFFLENBQUMsU0FBUyxDQUFDLE1BQU0sS0FBSyxvQkFBUyxDQUFDLGNBQWMsQ0FDN0QsQ0FBQztRQUNGLE9BQU8sY0FBYyxJQUFJLE1BQU0sQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLFdBQVcsQ0FBQyxVQUFVLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDdkYsQ0FBQztJQUVPLE1BQU0sQ0FBQyx3QkFBd0IsQ0FDckMsSUFBdUIsRUFDdkIsV0FBcUI7UUFFckIsT0FBTyxXQUFXO2FBQ2YsR0FBRyxDQUFDLENBQUMsR0FBRyxFQUFFLEVBQUU7WUFDWCxNQUFNLEtBQUssR0FBRyw4QkFBa0IsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDLENBQUM7WUFFOUQsT0FBTyxFQUFFLEdBQUcsRUFBRSxLQUFLLEVBQUUsQ0FBQztRQUN4QixDQUFDLENBQUM7YUFDRCxNQUFNLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRSxDQUFDLE9BQU8sQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLENBQXNCLENBQUM7SUFDOUQsQ0FBQztDQUNGO0FBbFdELGdDQWtXQyJ9
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export {};
|