@undefineds.co/xpod 0.3.52 → 0.3.54

package/static/app/assets/inrupt-smoke.js

@@ -0,0 +1,131 @@
+const __vite__mapDeps=(i,m=__vite__mapDeps,d=(m.f||(m.f=["assets/index-AaQ1qxhy.js","assets/_commonjsHelpers-B-UnjaXt.js"])))=>i.map(i=>d[i]);
+import{g as Oi}from"./_commonjsHelpers-B-UnjaXt.js";const Hi="modulepreload",Bi=function(o){return"/app/"+o},Fn={},Mi=function(i,c,s){let y=Promise.resolve();if(c&&c.length>0){let w=function(h){return Promise.all(h.map(l=>Promise.resolve(l).then(u=>({status:"fulfilled",value:u}),u=>({status:"rejected",reason:u}))))};document.getElementsByTagName("link");const d=document.querySelector("meta[property=csp-nonce]"),b=d?.nonce||d?.getAttribute("nonce");y=w(c.map(h=>{if(h=Bi(h),h in Fn)return;Fn[h]=!0;const l=h.endsWith(".css"),u=l?'[rel="stylesheet"]':"";if(document.querySelector(`link[href="${h}"]${u}`))return;const S=document.createElement("link");if(S.rel=l?"stylesheet":Hi,l||(S.as="script"),S.crossOrigin="",S.href=h,b&&S.setAttribute("nonce",b),document.head.appendChild(S),l)return new Promise((R,A)=>{S.addEventListener("load",R),S.addEventListener("error",()=>A(new Error(`Unable to preload CSS for ${h}`)))})}))}function v(d){const b=new Event("vite:preloadError",{cancelable:!0});if(b.payload=d,window.dispatchEvent(b),!b.defaultPrevented)throw d}return y.then(d=>{for(const b of d||[])b.status==="rejected"&&v(b.reason);return i().catch(v)})},Wt=crypto,zr=o=>o instanceof CryptoKey,bt=new TextEncoder,jt=new TextDecoder;function jn(...o){const i=o.reduce((y,{length:v})=>y+v,0),c=new Uint8Array(i);let s=0;for(const y of o)c.set(y,s),s+=y.length;return c}const ji=o=>{let i=o;typeof i=="string"&&(i=bt.encode(i));const c=32768,s=[];for(let y=0;y<i.length;y+=c)s.push(String.fromCharCode.apply(null,i.subarray(y,y+c)));return btoa(s.join(""))},yr=o=>ji(o).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_"),Ki=o=>{const i=atob(o),c=new Uint8Array(i.length);for(let s=0;s<i.length;s++)c[s]=i.charCodeAt(s);return c},Ut=o=>{let i=o;i instanceof Uint8Array&&(i=jt.decode(i)),i=i.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return Ki(i)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}};class $e extends Error{constructor(i,c){super(i,c),this.code="ERR_JOSE_GENERIC",this.name=this.constructor.name,Error.captureStackTrace?.(this,this.constructor)}}$e.code="ERR_JOSE_GENERIC";class vt extends $e{constructor(i,c,s="unspecified",y="unspecified"){super(i,{cause:{claim:s,reason:y,payload:c}}),this.code="ERR_JWT_CLAIM_VALIDATION_FAILED",this.claim=s,this.reason=y,this.payload=c}}vt.code="ERR_JWT_CLAIM_VALIDATION_FAILED";class Hr extends $e{constructor(i,c,s="unspecified",y="unspecified"){super(i,{cause:{claim:s,reason:y,payload:c}}),this.code="ERR_JWT_EXPIRED",this.claim=s,this.reason=y,this.payload=c}}Hr.code="ERR_JWT_EXPIRED";class Kn extends $e{constructor(){super(...arguments),this.code="ERR_JOSE_ALG_NOT_ALLOWED"}}Kn.code="ERR_JOSE_ALG_NOT_ALLOWED";class ut extends $e{constructor(){super(...arguments),this.code="ERR_JOSE_NOT_SUPPORTED"}}ut.code="ERR_JOSE_NOT_SUPPORTED";class Vi extends $e{constructor(i="decryption operation failed",c){super(i,c),this.code="ERR_JWE_DECRYPTION_FAILED"}}Vi.code="ERR_JWE_DECRYPTION_FAILED";class Wi extends $e{constructor(){super(...arguments),this.code="ERR_JWE_INVALID"}}Wi.code="ERR_JWE_INVALID";class Te extends $e{constructor(){super(...arguments),this.code="ERR_JWS_INVALID"}}Te.code="ERR_JWS_INVALID";class br extends $e{constructor(){super(...arguments),this.code="ERR_JWT_INVALID"}}br.code="ERR_JWT_INVALID";class Ji extends $e{constructor(){super(...arguments),this.code="ERR_JWK_INVALID"}}Ji.code="ERR_JWK_INVALID";class Gr extends $e{constructor(){super(...arguments),this.code="ERR_JWKS_INVALID"}}Gr.code="ERR_JWKS_INVALID";class Yr extends $e{constructor(i="no applicable key found in the JSON Web Key Set",c){super(i,c),this.code="ERR_JWKS_NO_MATCHING_KEY"}}Yr.code="ERR_JWKS_NO_MATCHING_KEY";class Vn extends $e{constructor(i="multiple matching keys found in the JSON Web Key Set",c){super(i,c),this.code="ERR_JWKS_MULTIPLE_MATCHING_KEYS"}}Vn.code="ERR_JWKS_MULTIPLE_MATCHING_KEYS";class Wn extends $e{constructor(i="request timed out",c){super(i,c),this.code="ERR_JWKS_TIMEOUT"}}Wn.code="ERR_JWKS_TIMEOUT";class Jn extends $e{constructor(i="signature verification failed",c){super(i,c),this.code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED"}}Jn.code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED";function St(o,i="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${i} must be ${o}`)}function tr(o,i){return o.name===i}function Rr(o){return parseInt(o.name.slice(4),10)}function qi(o){switch(o){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}function $i(o,i){if(i.length&&!i.some(c=>o.usages.includes(c))){let c="CryptoKey does not support this operation, its usages must include ";if(i.length>2){const s=i.pop();c+=`one of ${i.join(", ")}, or ${s}.`}else i.length===2?c+=`one of ${i[0]} or ${i[1]}.`:c+=`${i[0]}.`;throw new TypeError(c)}}function zi(o,i,...c){switch(i){case"HS256":case"HS384":case"HS512":{if(!tr(o.algorithm,"HMAC"))throw St("HMAC");const s=parseInt(i.slice(2),10);if(Rr(o.algorithm.hash)!==s)throw St(`SHA-${s}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!tr(o.algorithm,"RSASSA-PKCS1-v1_5"))throw St("RSASSA-PKCS1-v1_5");const s=parseInt(i.slice(2),10);if(Rr(o.algorithm.hash)!==s)throw St(`SHA-${s}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!tr(o.algorithm,"RSA-PSS"))throw St("RSA-PSS");const s=parseInt(i.slice(2),10);if(Rr(o.algorithm.hash)!==s)throw St(`SHA-${s}`,"algorithm.hash");break}case"EdDSA":{if(o.algorithm.name!=="Ed25519"&&o.algorithm.name!=="Ed448")throw St("Ed25519 or Ed448");break}case"Ed25519":{if(!tr(o.algorithm,"Ed25519"))throw St("Ed25519");break}case"ES256":case"ES384":case"ES512":{if(!tr(o.algorithm,"ECDSA"))throw St("ECDSA");const s=qi(i);if(o.algorithm.namedCurve!==s)throw St(s,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}$i(o,c)}function qn(o,i,...c){if(c=c.filter(Boolean),c.length>2){const s=c.pop();o+=`one of type ${c.join(", ")}, or ${s}.`}else c.length===2?o+=`one of type ${c[0]} or ${c[1]}.`:o+=`of type ${c[0]}.`;return i==null?o+=` Received ${i}`:typeof i=="function"&&i.name?o+=` Received function ${i.name}`:typeof i=="object"&&i!=null&&i.constructor?.name&&(o+=` Received an instance of ${i.constructor.name}`),o}const Br=(o,...i)=>qn("Key must be ",o,...i);function $n(o,i,...c){return qn(`Key for the ${o} algorithm must be `,i,...c)}const zn=o=>zr(o)?!0:o?.[Symbol.toStringTag]==="KeyObject",ir=["CryptoKey"],Gn=(...o)=>{const i=o.filter(Boolean);if(i.length===0||i.length===1)return!0;let c;for(const s of i){const y=Object.keys(s);if(!c||c.size===0){c=new Set(y);continue}for(const v of y){if(c.has(v))return!1;c.add(v)}}return!0};function Gi(o){return typeof o=="object"&&o!==null}function kt(o){if(!Gi(o)||Object.prototype.toString.call(o)!=="[object Object]")return!1;if(Object.getPrototypeOf(o)===null)return!0;let i=o;for(;Object.getPrototypeOf(i)!==null;)i=Object.getPrototypeOf(i);return Object.getPrototypeOf(o)===i}const Yn=(o,i)=>{if(o.startsWith("RS")||o.startsWith("PS")){const{modulusLength:c}=i.algorithm;if(typeof c!="number"||c<2048)throw new TypeError(`${o} requires key modulusLength to be 2048 bits or larger`)}};function Jt(o){return kt(o)&&typeof o.kty=="string"}function Yi(o){return o.kty!=="oct"&&typeof o.d=="string"}function Xi(o){return o.kty!=="oct"&&typeof o.d>"u"}function Qi(o){return Jt(o)&&o.kty==="oct"&&typeof o.k=="string"}function Zi(o){let i,c;switch(o.kty){case"RSA":{switch(o.alg){case"PS256":case"PS384":case"PS512":i={name:"RSA-PSS",hash:`SHA-${o.alg.slice(-3)}`},c=o.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":i={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${o.alg.slice(-3)}`},c=o.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":i={name:"RSA-OAEP",hash:`SHA-${parseInt(o.alg.slice(-3),10)||1}`},c=o.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new ut('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case"EC":{switch(o.alg){case"ES256":i={name:"ECDSA",namedCurve:"P-256"},c=o.d?["sign"]:["verify"];break;case"ES384":i={name:"ECDSA",namedCurve:"P-384"},c=o.d?["sign"]:["verify"];break;case"ES512":i={name:"ECDSA",namedCurve:"P-521"},c=o.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":i={name:"ECDH",namedCurve:o.crv},c=o.d?["deriveBits"]:[];break;default:throw new ut('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case"OKP":{switch(o.alg){case"Ed25519":i={name:"Ed25519"},c=o.d?["sign"]:["verify"];break;case"EdDSA":i={name:o.crv},c=o.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":i={name:o.crv},c=o.d?["deriveBits"]:[];break;default:throw new ut('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}default:throw new ut('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:i,keyUsages:c}}const Xn=async o=>{if(!o.alg)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');const{algorithm:i,keyUsages:c}=Zi(o),s=[i,o.ext??!1,o.key_ops??c],y={...o};return delete y.alg,delete y.use,Wt.subtle.importKey("jwk",y,...s)},Qn=o=>Ut(o);let Ht,Bt;const Zn=o=>o?.[Symbol.toStringTag]==="KeyObject",wr=async(o,i,c,s,y=!1)=>{let v=o.get(i);if(v?.[s])return v[s];const d=await Xn({...c,alg:s});return y&&Object.freeze(i),v?v[s]=d:o.set(i,{[s]:d}),d},eo=(o,i)=>{if(Zn(o)){let c=o.export({format:"jwk"});return delete c.d,delete c.dp,delete c.dq,delete c.p,delete c.q,delete c.qi,c.k?Qn(c.k):(Bt||(Bt=new WeakMap),wr(Bt,o,c,i))}return Jt(o)?o.k?Ut(o.k):(Bt||(Bt=new WeakMap),wr(Bt,o,o,i,!0)):o},to=(o,i)=>{if(Zn(o)){let c=o.export({format:"jwk"});return c.k?Qn(c.k):(Ht||(Ht=new WeakMap),wr(Ht,o,c,i))}return Jt(o)?o.k?Ut(o.k):(Ht||(Ht=new WeakMap),wr(Ht,o,o,i,!0)):o},xn={normalizePublicKey:eo,normalizePrivateKey:to};async function ei(o,i){if(!kt(o))throw new TypeError("JWK must be an object");switch(i||(i=o.alg),o.kty){case"oct":if(typeof o.k!="string"||!o.k)throw new TypeError('missing "k" (Key Value) Parameter value');return Ut(o.k);case"RSA":if("oth"in o&&o.oth!==void 0)throw new ut('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');case"EC":case"OKP":return Xn({...o,alg:i});default:throw new ut('Unsupported "kty" (Key Type) Parameter value')}}const Mt=o=>o?.[Symbol.toStringTag],Mr=(o,i,c)=>{if(i.use!==void 0&&i.use!=="sig")throw new TypeError("Invalid key for this operation, when present its use must be sig");if(i.key_ops!==void 0&&i.key_ops.includes?.(c)!==!0)throw new TypeError(`Invalid key for this operation, when present its key_ops must include ${c}`);if(i.alg!==void 0&&i.alg!==o)throw new TypeError(`Invalid key for this operation, when present its alg must be ${o}`);return!0},ro=(o,i,c,s)=>{if(!(i instanceof Uint8Array)){if(s&&Jt(i)){if(Qi(i)&&Mr(o,i,c))return;throw new TypeError('JSON Web Key for symmetric algorithms must have JWK "kty" (Key Type) equal to "oct" and the JWK "k" (Key Value) present')}if(!zn(i))throw new TypeError($n(o,i,...ir,"Uint8Array",s?"JSON Web Key":null));if(i.type!=="secret")throw new TypeError(`${Mt(i)} instances for symmetric algorithms must be of type "secret"`)}},no=(o,i,c,s)=>{if(s&&Jt(i))switch(c){case"sign":if(Yi(i)&&Mr(o,i,c))return;throw new TypeError("JSON Web Key for this operation be a private JWK");case"verify":if(Xi(i)&&Mr(o,i,c))return;throw new TypeError("JSON Web Key for this operation be a public JWK")}if(!zn(i))throw new TypeError($n(o,i,...ir,s?"JSON Web Key":null));if(i.type==="secret")throw new TypeError(`${Mt(i)} instances for asymmetric algorithms must not be of type "secret"`);if(c==="sign"&&i.type==="public")throw new TypeError(`${Mt(i)} instances for asymmetric algorithm signing must be of type "private"`);if(c==="decrypt"&&i.type==="public")throw new TypeError(`${Mt(i)} instances for asymmetric algorithm decryption must be of type "private"`);if(i.algorithm&&c==="verify"&&i.type==="private")throw new TypeError(`${Mt(i)} instances for asymmetric algorithm verifying must be of type "public"`);if(i.algorithm&&c==="encrypt"&&i.type==="private")throw new TypeError(`${Mt(i)} instances for asymmetric algorithm encryption must be of type "public"`)};function ti(o,i,c,s){i.startsWith("HS")||i==="dir"||i.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(i)?ro(i,c,s,o):no(i,c,s,o)}ti.bind(void 0,!1);const jr=ti.bind(void 0,!0);function ri(o,i,c,s,y){if(y.crit!==void 0&&s?.crit===void 0)throw new o('"crit" (Critical) Header Parameter MUST be integrity protected');if(!s||s.crit===void 0)return new Set;if(!Array.isArray(s.crit)||s.crit.length===0||s.crit.some(d=>typeof d!="string"||d.length===0))throw new o('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let v;c!==void 0?v=new Map([...Object.entries(c),...i.entries()]):v=i;for(const d of s.crit){if(!v.has(d))throw new ut(`Extension Header Parameter "${d}" is not recognized`);if(y[d]===void 0)throw new o(`Extension Header Parameter "${d}" is missing`);if(v.get(d)&&s[d]===void 0)throw new o(`Extension Header Parameter "${d}" MUST be integrity protected`)}return new Set(s.crit)}const io=(o,i)=>{if(i!==void 0&&(!Array.isArray(i)||i.some(c=>typeof c!="string")))throw new TypeError(`"${o}" option must be an array of strings`);if(i)return new Set(i)},oo=async o=>{if(o instanceof Uint8Array)return{kty:"oct",k:yr(o)};if(!zr(o))throw new TypeError(Br(o,...ir,"Uint8Array"));if(!o.extractable)throw new TypeError("non-extractable CryptoKey cannot be exported as a JWK");const{ext:i,key_ops:c,alg:s,use:y,...v}=await Wt.subtle.exportKey("jwk",o);return v};async function so(o){return oo(o)}function ni(o,i){const c=`SHA-${o.slice(-3)}`;switch(o){case"HS256":case"HS384":case"HS512":return{hash:c,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:c,name:"RSA-PSS",saltLength:o.slice(-3)>>3};case"RS256":case"RS384":case"RS512":return{hash:c,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:c,name:"ECDSA",namedCurve:i.namedCurve};case"Ed25519":return{name:"Ed25519"};case"EdDSA":return{name:i.name};default:throw new ut(`alg ${o} is not supported either by JOSE or your javascript runtime`)}}async function ii(o,i,c){if(c==="sign"&&(i=await xn.normalizePrivateKey(i,o)),c==="verify"&&(i=await xn.normalizePublicKey(i,o)),zr(i))return zi(i,o,c),i;if(i instanceof Uint8Array){if(!o.startsWith("HS"))throw new TypeError(Br(i,...ir));return Wt.subtle.importKey("raw",i,{hash:`SHA-${o.slice(-3)}`,name:"HMAC"},!1,[c])}throw new TypeError(Br(i,...ir,"Uint8Array","JSON Web Key"))}const ao=async(o,i,c,s)=>{const y=await ii(o,i,"verify");Yn(o,y);const v=ni(o,y.algorithm);try{return await Wt.subtle.verify(v,y,c,s)}catch{return!1}};async function uo(o,i,c){if(!kt(o))throw new Te("Flattened JWS must be an object");if(o.protected===void 0&&o.header===void 0)throw new Te('Flattened JWS must have either of the "protected" or "header" members');if(o.protected!==void 0&&typeof o.protected!="string")throw new Te("JWS Protected Header incorrect type");if(o.payload===void 0)throw new Te("JWS Payload missing");if(typeof o.signature!="string")throw new Te("JWS Signature missing or incorrect type");if(o.header!==void 0&&!kt(o.header))throw new Te("JWS Unprotected Header incorrect type");let s={};if(o.protected)try{const J=Ut(o.protected);s=JSON.parse(jt.decode(J))}catch{throw new Te("JWS Protected Header is invalid")}if(!Gn(s,o.header))throw new Te("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const y={...s,...o.header},v=ri(Te,new Map([["b64",!0]]),c?.crit,s,y);let d=!0;if(v.has("b64")&&(d=s.b64,typeof d!="boolean"))throw new Te('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const{alg:b}=y;if(typeof b!="string"||!b)throw new Te('JWS "alg" (Algorithm) Header Parameter missing or invalid');const w=c&&io("algorithms",c.algorithms);if(w&&!w.has(b))throw new Kn('"alg" (Algorithm) Header Parameter value not allowed');if(d){if(typeof o.payload!="string")throw new Te("JWS Payload must be a string")}else if(typeof o.payload!="string"&&!(o.payload instanceof Uint8Array))throw new Te("JWS Payload must be a string or an Uint8Array instance");let h=!1;typeof i=="function"?(i=await i(s,o),h=!0,jr(b,i,"verify"),Jt(i)&&(i=await ei(i,b))):jr(b,i,"verify");const l=jn(bt.encode(o.protected??""),bt.encode("."),typeof o.payload=="string"?bt.encode(o.payload):o.payload);let u;try{u=Ut(o.signature)}catch{throw new Te("Failed to base64url decode the signature")}if(!await ao(b,i,u,l))throw new Jn;let R;if(d)try{R=Ut(o.payload)}catch{throw new Te("Failed to base64url decode the payload")}else typeof o.payload=="string"?R=bt.encode(o.payload):R=o.payload;const A={payload:R};return o.protected!==void 0&&(A.protectedHeader=s),o.header!==void 0&&(A.unprotectedHeader=o.header),h?{...A,key:i}:A}async function co(o,i,c){if(o instanceof Uint8Array&&(o=jt.decode(o)),typeof o!="string")throw new Te("Compact JWS must be a string or Uint8Array");const{0:s,1:y,2:v,length:d}=o.split(".");if(d!==3)throw new Te("Invalid Compact JWS");const b=await uo({payload:y,protected:s,signature:v},i,c),w={payload:b.payload,protectedHeader:b.protectedHeader};return typeof i=="function"?{...w,key:b.key}:w}const Pt=o=>Math.floor(o.getTime()/1e3),oi=60,si=oi*60,Xr=si*24,lo=Xr*7,ho=Xr*365.25,fo=/^(\+|\-)? ?(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i,nr=o=>{const i=fo.exec(o);if(!i||i[4]&&i[1])throw new TypeError("Invalid time period format");const c=parseFloat(i[2]),s=i[3].toLowerCase();let y;switch(s){case"sec":case"secs":case"second":case"seconds":case"s":y=Math.round(c);break;case"minute":case"minutes":case"min":case"mins":case"m":y=Math.round(c*oi);break;case"hour":case"hours":case"hr":case"hrs":case"h":y=Math.round(c*si);break;case"day":case"days":case"d":y=Math.round(c*Xr);break;case"week":case"weeks":case"w":y=Math.round(c*lo);break;default:y=Math.round(c*ho);break}return i[1]==="-"||i[4]==="ago"?-y:y},An=o=>o.toLowerCase().replace(/^application\//,""),go=(o,i)=>typeof o=="string"?i.includes(o):Array.isArray(o)?i.some(Set.prototype.has.bind(new Set(o))):!1,po=(o,i,c={})=>{let s;try{s=JSON.parse(jt.decode(i))}catch{}if(!kt(s))throw new br("JWT Claims Set must be a top-level JSON object");const{typ:y}=c;if(y&&(typeof o.typ!="string"||An(o.typ)!==An(y)))throw new vt('unexpected "typ" JWT header value',s,"typ","check_failed");const{requiredClaims:v=[],issuer:d,subject:b,audience:w,maxTokenAge:h}=c,l=[...v];h!==void 0&&l.push("iat"),w!==void 0&&l.push("aud"),b!==void 0&&l.push("sub"),d!==void 0&&l.push("iss");for(const A of new Set(l.reverse()))if(!(A in s))throw new vt(`missing required "${A}" claim`,s,A,"missing");if(d&&!(Array.isArray(d)?d:[d]).includes(s.iss))throw new vt('unexpected "iss" claim value',s,"iss","check_failed");if(b&&s.sub!==b)throw new vt('unexpected "sub" claim value',s,"sub","check_failed");if(w&&!go(s.aud,typeof w=="string"?[w]:w))throw new vt('unexpected "aud" claim value',s,"aud","check_failed");let u;switch(typeof c.clockTolerance){case"string":u=nr(c.clockTolerance);break;case"number":u=c.clockTolerance;break;case"undefined":u=0;break;default:throw new TypeError("Invalid clockTolerance option type")}const{currentDate:S}=c,R=Pt(S||new Date);if((s.iat!==void 0||h)&&typeof s.iat!="number")throw new vt('"iat" claim must be a number',s,"iat","invalid");if(s.nbf!==void 0){if(typeof s.nbf!="number")throw new vt('"nbf" claim must be a number',s,"nbf","invalid");if(s.nbf>R+u)throw new vt('"nbf" claim timestamp check failed',s,"nbf","check_failed")}if(s.exp!==void 0){if(typeof s.exp!="number")throw new vt('"exp" claim must be a number',s,"exp","invalid");if(s.exp<=R-u)throw new Hr('"exp" claim timestamp check failed',s,"exp","check_failed")}if(h){const A=R-s.iat,J=typeof h=="number"?h:nr(h);if(A-u>J)throw new Hr('"iat" claim timestamp check failed (too far in the past)',s,"iat","check_failed");if(A<0-u)throw new vt('"iat" claim timestamp check failed (it should be in the past)',s,"iat","check_failed")}return s};async function yo(o,i,c){const s=await co(o,i,c);if(s.protectedHeader.crit?.includes("b64")&&s.protectedHeader.b64===!1)throw new br("JWTs MUST NOT use unencoded payload");const v={payload:po(s.protectedHeader,s.payload,c),protectedHeader:s.protectedHeader};return typeof i=="function"?{...v,key:s.key}:v}const vo=async(o,i,c)=>{const s=await ii(o,i,"sign");Yn(o,s);const y=await Wt.subtle.sign(ni(o,s.algorithm),s,c);return new Uint8Array(y)};class mo{constructor(i){if(!(i instanceof Uint8Array))throw new TypeError("payload must be an instance of Uint8Array");this._payload=i}setProtectedHeader(i){if(this._protectedHeader)throw new TypeError("setProtectedHeader can only be called once");return this._protectedHeader=i,this}setUnprotectedHeader(i){if(this._unprotectedHeader)throw new TypeError("setUnprotectedHeader can only be called once");return this._unprotectedHeader=i,this}async sign(i,c){if(!this._protectedHeader&&!this._unprotectedHeader)throw new Te("either setProtectedHeader or setUnprotectedHeader must be called before #sign()");if(!Gn(this._protectedHeader,this._unprotectedHeader))throw new Te("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");const s={...this._protectedHeader,...this._unprotectedHeader},y=ri(Te,new Map([["b64",!0]]),c?.crit,this._protectedHeader,s);let v=!0;if(y.has("b64")&&(v=this._protectedHeader.b64,typeof v!="boolean"))throw new Te('The "b64" (base64url-encode payload) Header Parameter must be a boolean');const{alg:d}=s;if(typeof d!="string"||!d)throw new Te('JWS "alg" (Algorithm) Header Parameter missing or invalid');jr(d,i,"sign");let b=this._payload;v&&(b=bt.encode(yr(b)));let w;this._protectedHeader?w=bt.encode(yr(JSON.stringify(this._protectedHeader))):w=bt.encode("");const h=jn(w,bt.encode("."),b),l=await vo(d,i,h),u={signature:yr(l),payload:""};return v&&(u.payload=jt.decode(b)),this._unprotectedHeader&&(u.header=this._unprotectedHeader),this._protectedHeader&&(u.protected=jt.decode(w)),u}}class _o{constructor(i){this._flattened=new mo(i)}setProtectedHeader(i){return this._flattened.setProtectedHeader(i),this}async sign(i,c){const s=await this._flattened.sign(i,c);if(s.payload===void 0)throw new TypeError("use the flattened module for creating JWS with b64: false");return`${s.protected}.${s.payload}.${s.signature}`}}function Ct(o,i){if(!Number.isFinite(i))throw new TypeError(`Invalid ${o} input`);return i}class wo{constructor(i={}){if(!kt(i))throw new TypeError("JWT Claims Set MUST be an object");this._payload=i}setIssuer(i){return this._payload={...this._payload,iss:i},this}setSubject(i){return this._payload={...this._payload,sub:i},this}setAudience(i){return this._payload={...this._payload,aud:i},this}setJti(i){return this._payload={...this._payload,jti:i},this}setNotBefore(i){return typeof i=="number"?this._payload={...this._payload,nbf:Ct("setNotBefore",i)}:i instanceof Date?this._payload={...this._payload,nbf:Ct("setNotBefore",Pt(i))}:this._payload={...this._payload,nbf:Pt(new Date)+nr(i)},this}setExpirationTime(i){return typeof i=="number"?this._payload={...this._payload,exp:Ct("setExpirationTime",i)}:i instanceof Date?this._payload={...this._payload,exp:Ct("setExpirationTime",Pt(i))}:this._payload={...this._payload,exp:Pt(new Date)+nr(i)},this}setIssuedAt(i){return typeof i>"u"?this._payload={...this._payload,iat:Pt(new Date)}:i instanceof Date?this._payload={...this._payload,iat:Ct("setIssuedAt",Pt(i))}:typeof i=="string"?this._payload={...this._payload,iat:Ct("setIssuedAt",Pt(new Date)+nr(i))}:this._payload={...this._payload,iat:Ct("setIssuedAt",i)},this}}class So extends wo{setProtectedHeader(i){return this._protectedHeader=i,this}async sign(i,c){const s=new _o(bt.encode(JSON.stringify(this._payload)));if(s.setProtectedHeader(this._protectedHeader),Array.isArray(this._protectedHeader?.crit)&&this._protectedHeader.crit.includes("b64")&&this._protectedHeader.b64===!1)throw new br("JWTs MUST NOT use unencoded payload");return s.sign(i,c)}}function bo(o){switch(typeof o=="string"&&o.slice(0,2)){case"RS":case"PS":return"RSA";case"ES":return"EC";case"Ed":return"OKP";default:throw new ut('Unsupported "alg" value for a JSON Web Key Set')}}function Eo(o){return o&&typeof o=="object"&&Array.isArray(o.keys)&&o.keys.every(Fo)}function Fo(o){return kt(o)}function ai(o){return typeof structuredClone=="function"?structuredClone(o):JSON.parse(JSON.stringify(o))}class xo{constructor(i){if(this._cached=new WeakMap,!Eo(i))throw new Gr("JSON Web Key Set malformed");this._jwks=ai(i)}async getKey(i,c){const{alg:s,kid:y}={...i,...c?.header},v=bo(s),d=this._jwks.keys.filter(h=>{let l=v===h.kty;if(l&&typeof y=="string"&&(l=y===h.kid),l&&typeof h.alg=="string"&&(l=s===h.alg),l&&typeof h.use=="string"&&(l=h.use==="sig"),l&&Array.isArray(h.key_ops)&&(l=h.key_ops.includes("verify")),l)switch(s){case"ES256":l=h.crv==="P-256";break;case"ES256K":l=h.crv==="secp256k1";break;case"ES384":l=h.crv==="P-384";break;case"ES512":l=h.crv==="P-521";break;case"Ed25519":l=h.crv==="Ed25519";break;case"EdDSA":l=h.crv==="Ed25519"||h.crv==="Ed448";break}return l}),{0:b,length:w}=d;if(w===0)throw new Yr;if(w!==1){const h=new Vn,{_cached:l}=this;throw h[Symbol.asyncIterator]=async function*(){for(const u of d)try{yield await kn(l,u,s)}catch{}},h}return kn(this._cached,b,s)}}async function kn(o,i,c){const s=o.get(i)||o.set(i,{}).get(i);if(s[c]===void 0){const y=await ei({...i,ext:!0},c);if(y instanceof Uint8Array||y.type!=="public")throw new Gr("JSON Web Key Set members must be public keys");s[c]=y}return s[c]}function Pn(o){const i=new xo(o),c=async(s,y)=>i.getKey(s,y);return Object.defineProperties(c,{jwks:{value:()=>ai(i._jwks),enumerable:!0,configurable:!1,writable:!1}}),c}const Ao=async(o,i,c)=>{let s,y,v=!1;typeof AbortController=="function"&&(s=new AbortController,y=setTimeout(()=>{v=!0,s.abort()},i));const d=await fetch(o.href,{signal:s?s.signal:void 0,redirect:"manual",headers:c.headers}).catch(b=>{throw v?new Wn:b});if(y!==void 0&&clearTimeout(y),d.status!==200)throw new $e("Expected 200 OK from the JSON Web Key Set HTTP response");try{return await d.json()}catch{throw new $e("Failed to parse the JSON Web Key Set HTTP response as JSON")}};function ko(){return typeof WebSocketPair<"u"||typeof navigator<"u"&&navigator.userAgent==="Cloudflare-Workers"||typeof EdgeRuntime<"u"&&EdgeRuntime==="vercel"}let Kr;(typeof navigator>"u"||!navigator.userAgent?.startsWith?.("Mozilla/5.0 "))&&(Kr="jose/v5.10.0");const Cr=Symbol();function Po(o,i){return!(typeof o!="object"||o===null||!("uat"in o)||typeof o.uat!="number"||Date.now()-o.uat>=i||!("jwks"in o)||!kt(o.jwks)||!Array.isArray(o.jwks.keys)||!Array.prototype.every.call(o.jwks.keys,kt))}class To{constructor(i,c){if(!(i instanceof URL))throw new TypeError("url must be an instance of URL");this._url=new URL(i.href),this._options={agent:c?.agent,headers:c?.headers},this._timeoutDuration=typeof c?.timeoutDuration=="number"?c?.timeoutDuration:5e3,this._cooldownDuration=typeof c?.cooldownDuration=="number"?c?.cooldownDuration:3e4,this._cacheMaxAge=typeof c?.cacheMaxAge=="number"?c?.cacheMaxAge:6e5,c?.[Cr]!==void 0&&(this._cache=c?.[Cr],Po(c?.[Cr],this._cacheMaxAge)&&(this._jwksTimestamp=this._cache.uat,this._local=Pn(this._cache.jwks)))}coolingDown(){return typeof this._jwksTimestamp=="number"?Date.now()<this._jwksTimestamp+this._cooldownDuration:!1}fresh(){return typeof this._jwksTimestamp=="number"?Date.now()<this._jwksTimestamp+this._cacheMaxAge:!1}async getKey(i,c){(!this._local||!this.fresh())&&await this.reload();try{return await this._local(i,c)}catch(s){if(s instanceof Yr&&this.coolingDown()===!1)return await this.reload(),this._local(i,c);throw s}}async reload(){this._pendingFetch&&ko()&&(this._pendingFetch=void 0);const i=new Headers(this._options.headers);Kr&&!i.has("User-Agent")&&(i.set("User-Agent",Kr),this._options.headers=Object.fromEntries(i.entries())),this._pendingFetch||(this._pendingFetch=Ao(this._url,this._timeoutDuration,this._options).then(c=>{this._local=Pn(c),this._cache&&(this._cache.uat=Date.now(),this._cache.jwks=c),this._jwksTimestamp=Date.now(),this._pendingFetch=void 0}).catch(c=>{throw this._pendingFetch=void 0,c})),await this._pendingFetch}}function Io(o,i){const c=new To(o,i),s=async(y,v)=>c.getKey(y,v);return Object.defineProperties(s,{coolingDown:{get:()=>c.coolingDown(),enumerable:!0,configurable:!1},fresh:{get:()=>c.fresh(),enumerable:!0,configurable:!1},reload:{value:()=>c.reload(),enumerable:!0,configurable:!1,writable:!1},reloading:{get:()=>!!c._pendingFetch,enumerable:!0,configurable:!1},jwks:{value:()=>c._local?.jwks(),enumerable:!0,configurable:!1,writable:!1}}),s}function Ur(o){const i=o?.modulusLength??2048;if(typeof i!="number"||i<2048)throw new ut("Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used");return i}async function Ro(o,i){let c,s;switch(o){case"PS256":case"PS384":case"PS512":c={name:"RSA-PSS",hash:`SHA-${o.slice(-3)}`,publicExponent:new Uint8Array([1,0,1]),modulusLength:Ur(i)},s=["sign","verify"];break;case"RS256":case"RS384":case"RS512":c={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${o.slice(-3)}`,publicExponent:new Uint8Array([1,0,1]),modulusLength:Ur(i)},s=["sign","verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":c={name:"RSA-OAEP",hash:`SHA-${parseInt(o.slice(-3),10)||1}`,publicExponent:new Uint8Array([1,0,1]),modulusLength:Ur(i)},s=["decrypt","unwrapKey","encrypt","wrapKey"];break;case"ES256":c={name:"ECDSA",namedCurve:"P-256"},s=["sign","verify"];break;case"ES384":c={name:"ECDSA",namedCurve:"P-384"},s=["sign","verify"];break;case"ES512":c={name:"ECDSA",namedCurve:"P-521"},s=["sign","verify"];break;case"Ed25519":c={name:"Ed25519"},s=["sign","verify"];break;case"EdDSA":{s=["sign","verify"];const y="Ed25519";switch(y){case"Ed25519":case"Ed448":c={name:y};break;default:throw new ut("Invalid or unsupported crv option provided")}break}case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{s=["deriveKey","deriveBits"];const y="P-256";switch(y){case"P-256":case"P-384":case"P-521":{c={name:"ECDH",namedCurve:y};break}case"X25519":case"X448":c={name:y};break;default:throw new ut("Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448")}break}default:throw new ut('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}return Wt.subtle.generateKey(c,!1,s)}async function Co(o,i){return Ro(o,i)}const qe=[];for(let o=0;o<256;++o)qe.push((o+256).toString(16).slice(1));function Uo(o,i=0){return(qe[o[i+0]]+qe[o[i+1]]+qe[o[i+2]]+qe[o[i+3]]+"-"+qe[o[i+4]]+qe[o[i+5]]+"-"+qe[o[i+6]]+qe[o[i+7]]+"-"+qe[o[i+8]]+qe[o[i+9]]+"-"+qe[o[i+10]]+qe[o[i+11]]+qe[o[i+12]]+qe[o[i+13]]+qe[o[i+14]]+qe[o[i+15]]).toLowerCase()}let Dr;const Do=new Uint8Array(16);function Lo(){if(!Dr){if(typeof crypto>"u"||!crypto.getRandomValues)throw new Error("crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported");Dr=crypto.getRandomValues.bind(crypto)}return Dr(Do)}const No=typeof crypto<"u"&&crypto.randomUUID&&crypto.randomUUID.bind(crypto),Tn={randomUUID:No};function Qr(o,i,c){if(Tn.randomUUID&&!o)return Tn.randomUUID();o=o||{};const s=o.random??o.rng?.()??Lo();if(s.length<16)throw new Error("Random bytes length must be >= 16");return s[6]=s[6]&15|64,s[8]=s[8]&63|128,Uo(s)}const ui="solidClientAuthn:",Sr=["ES256","RS256"],Ve={ERROR:"error",LOGIN:"login",LOGOUT:"logout",NEW_REFRESH_TOKEN:"newRefreshToken",NEW_TOKENS:"newTokens",AUTHORIZATION_REQUEST:"authorizationRequest",SESSION_EXPIRED:"sessionExpired",SESSION_EXTENDED:"sessionExtended",SESSION_RESTORED:"sessionRestore",TIMEOUT_SET:"timeoutSet"},In=5,Oo="openid",Ho="offline_access",Bo="webid",Rn=[Oo,Ho,Bo];class Mo{handleables;constructor(i){this.handleables=i,this.handleables=i}async getProperHandler(i){const c=await Promise.all(this.handleables.map(s=>s.canHandle(...i)));for(let s=0;s<c.length;s+=1)if(c[s])return this.handleables[s];return null}async canHandle(...i){return await this.getProperHandler(i)!==null}async handle(...i){const c=await this.getProperHandler(i);if(c)return c.handle(...i);throw new Error(`[${this.constructor.name}] cannot find a suitable handler for: ${i.map(s=>{try{return JSON.stringify(s)}catch{return s.toString()}}).join(", ")}`)}}async function ci(o,i,c,s){let y,v;try{const{payload:d}=await yo(o,Io(new URL(i)),{issuer:c,audience:s});y=d}catch(d){throw new Error(`Token verification failed: ${d.stack}`)}if(typeof y.azp=="string"&&(v=y.azp),typeof y.webid=="string")return{webId:y.webid,clientId:v};if(typeof y.sub!="string")throw new Error(`The token ${JSON.stringify(y)} is invalid: it has no 'webid' claim and no 'sub' claim.`);try{return new URL(y.sub),{webId:y.sub,clientId:v}}catch(d){throw new Error(`The token has no 'webid' claim, and its 'sub' claim of [${y.sub}] is invalid as a URL - error [${d}].`)}}function jo(o){return Array.isArray(o)?Array.from(new Set([...Rn,...o.filter(i=>typeof i=="string"&&!i.includes(" "))])):Rn}function li(o){try{const i=new URL(o),c=!i.searchParams.has("code")&&!i.searchParams.has("state"),s=i.hash==="";return c&&s}catch{return!1}}function hi(o){const i=new URL(o);return i.searchParams.delete("state"),i.searchParams.delete("code"),i.searchParams.delete("error"),i.searchParams.delete("error_description"),i.searchParams.delete("iss"),i}function Ko(o,i){return typeof o=="boolean"?!!o:!!i}class Vo{storageUtility;redirector;constructor(i,c){this.storageUtility=i,this.redirector=c,this.storageUtility=i,this.redirector=c}parametersGuard=i=>i.issuerConfiguration.grantTypesSupported!==void 0&&i.issuerConfiguration.grantTypesSupported.indexOf("authorization_code")>-1&&i.redirectUrl!==void 0;async canHandle(i){return this.parametersGuard(i)}async setupRedirectHandler({oidcLoginOptions:i,state:c,codeVerifier:s,targetUrl:y}){if(!this.parametersGuard(i))throw new Error("The authorization code grant requires a redirectUrl.");await Promise.all([this.storageUtility.setForUser(c,{sessionId:i.sessionId}),this.storageUtility.setForUser(i.sessionId,{codeVerifier:s,issuer:i.issuer.toString(),redirectUrl:i.redirectUrl,dpop:(!!i.dpop).toString(),keepAlive:Ko(i.keepAlive,!0).toString()})]),this.redirector.redirect(y,{handleRedirect:i.handleRedirect})}}class Wo{sessionInfoManager;constructor(i){this.sessionInfoManager=i,this.sessionInfoManager=i}async canHandle(){return!0}async handle(i){await this.sessionInfoManager.clear(i)}}class Jo{redirector;constructor(i){this.redirector=i,this.redirector=i}async canHandle(i,c){return c?.logoutType==="idp"}async handle(i,c){if(c?.logoutType!=="idp")throw new Error("Attempting to call idp logout handler to perform app logout");if(c.toLogoutUrl===void 0)throw new Error("Cannot perform IDP logout. Did you log in using the OIDC authentication flow?");this.redirector.redirect(c.toLogoutUrl(c),{handleRedirect:c.handleRedirect})}}class qo{handlers;constructor(i,c){this.handlers=[new Wo(i),new Jo(c)]}async canHandle(){return!0}async handle(i,c){for(const s of this.handlers)await s.canHandle(i,c)&&await s.handle(i,c)}}function di(){return{isLoggedIn:!1,sessionId:Qr(),fetch:(...o)=>fetch(...o)}}async function fi(o,i){await Promise.all([i.deleteAllUserData(o,{secure:!1}),i.deleteAllUserData(o,{secure:!0})])}class $o{storageUtility;constructor(i){this.storageUtility=i,this.storageUtility=i}update(i,c){throw new Error("Not Implemented")}set(i,c){throw new Error("Not Implemented")}get(i){throw new Error("Not implemented")}async getAll(){throw new Error("Not implemented")}async clear(i){return fi(i,this.storageUtility)}async register(i){throw new Error("Not implemented")}async getRegisteredSessionIdAll(){throw new Error("Not implemented")}async clearAll(){throw new Error("Not implemented")}async setOidcContext(i,c){throw new Error("Not implemented")}}function zo({endSessionEndpoint:o,idTokenHint:i,postLogoutRedirectUri:c,state:s}){const y=new URL(o);return i!==void 0&&y.searchParams.append("id_token_hint",i),c!==void 0&&(y.searchParams.append("post_logout_redirect_uri",c),s!==void 0&&y.searchParams.append("state",s)),y.toString()}function Go({endSessionEndpoint:o,idTokenHint:i}){if(o!==void 0)return function({state:s,postLogoutUrl:y}){return zo({endSessionEndpoint:o,idTokenHint:i,state:s,postLogoutRedirectUri:y})}}function Yo(o){return typeof o=="string"&&["DPoP","Bearer"].includes(o)}function gi(o){try{return new URL(o),!0}catch{return!1}}function Xo(o,i){return i.find(c=>o.includes(c))??null}function Qo(o){return o.clientId!==void 0&&!gi(o.clientId)}function Zo(o,i){return i.scopesSupported.includes("webid")&&o.clientId!==void 0&&gi(o.clientId)}function es(o){return typeof o=="string"&&["dynamic","static","solid-oidc"].includes(o)}async function ts(o,i,c,s){let y;if(Zo(o,i))y={clientId:o.clientId,clientName:o.clientName,clientType:"solid-oidc"};else if(Qo(o))y={clientId:o.clientId,clientSecret:o.clientSecret,clientName:o.clientName,clientType:"static"};else return s.getClient({sessionId:o.sessionId,clientName:o.clientName,redirectUrl:o.redirectUrl},i);const v={clientId:y.clientId,clientType:y.clientType};return y.clientType==="static"&&(v.clientSecret=y.clientSecret),y.clientName&&(v.clientName=y.clientName),await c.setForUser(o.sessionId,v),y}const Cn=(o,i)=>fetch(o,i);let rs=class{loginHandler;redirectHandler;logoutHandler;sessionInfoManager;issuerConfigFetcher;boundLogout;constructor(i,c,s,y,v){this.loginHandler=i,this.redirectHandler=c,this.logoutHandler=s,this.sessionInfoManager=y,this.issuerConfigFetcher=v,this.loginHandler=i,this.redirectHandler=c,this.logoutHandler=s,this.sessionInfoManager=y,this.issuerConfigFetcher=v}fetch=Cn;logout=async(i,c)=>{await this.logoutHandler.handle(i,c?.logoutType==="idp"?{...c,toLogoutUrl:this.boundLogout}:c),this.fetch=Cn,delete this.boundLogout};getSessionInfo=async i=>this.sessionInfoManager.get(i);getAllSessionInfo=async()=>this.sessionInfoManager.getAll()};async function pi(o,i,c){try{const[s,y,v,d,b]=await Promise.all([i.getForUser(o,"issuer",{errorIfNull:!0}),i.getForUser(o,"codeVerifier"),i.getForUser(o,"redirectUrl"),i.getForUser(o,"dpop",{errorIfNull:!0}),i.getForUser(o,"keepAlive")]);await i.deleteForUser(o,"codeVerifier");const w=await c.fetchConfig(s);return{codeVerifier:y,redirectUrl:v,issuerConfig:w,dpop:d==="true",keepAlive:typeof b=="string"?b==="true":!0}}catch(s){throw new Error(`Failed to retrieve OIDC context from storage associated with session [${o}]: ${s}`)}}async function ns(o,i,c,s,y,v,d,b){c!==void 0&&await o.setForUser(i,{webId:c},{secure:d}),s!==void 0&&await o.setForUser(i,{clientId:s},{secure:d}),await o.setForUser(i,{isLoggedIn:y},{secure:d})}class is{secureStorage;insecureStorage;constructor(i,c){this.secureStorage=i,this.insecureStorage=c,this.secureStorage=i,this.insecureStorage=c}getKey(i){return`solidClientAuthenticationUser:${i}`}async getUserData(i,c){const s=await(c?this.secureStorage:this.insecureStorage).get(this.getKey(i));if(s===void 0)return{};try{return JSON.parse(s)}catch{throw new Error(`Data for user [${i}] in [${c?"secure":"unsecure"}] storage is corrupted - expected valid JSON, but got: ${s}`)}}async setUserData(i,c,s){await(s?this.secureStorage:this.insecureStorage).set(this.getKey(i),JSON.stringify(c))}async get(i,c){const s=await(c?.secure?this.secureStorage:this.insecureStorage).get(i);if(s===void 0&&c?.errorIfNull)throw new Error(`[${i}] is not stored`);return s}async set(i,c,s){return(s?.secure?this.secureStorage:this.insecureStorage).set(i,c)}async delete(i,c){return(c?.secure?this.secureStorage:this.insecureStorage).delete(i)}async getForUser(i,c,s){const y=await this.getUserData(i,s?.secure);let v;if((!y||!y[c])&&(v=void 0),v=y[c],v===void 0&&s?.errorIfNull)throw new Error(`Field [${c}] for user [${i}] is not stored`);return v||void 0}async setForUser(i,c,s){let y;try{y=await this.getUserData(i,s?.secure)}catch{y={}}await this.setUserData(i,{...y,...c},s?.secure)}async deleteForUser(i,c,s){const y=await this.getUserData(i,s?.secure);delete y[c],await this.setUserData(i,y,s?.secure)}async deleteAllUserData(i,c){await(c?.secure?this.secureStorage:this.insecureStorage).delete(this.getKey(i))}}class os{map={};async get(i){return this.map[i]||void 0}async set(i,c){this.map[i]=c}async delete(i){delete this.map[i]}}class Vr extends Error{constructor(i){super(i)}}class rr extends Error{missingFields;constructor(i){super(`Invalid response from OIDC provider: missing fields ${i}`),this.missingFields=i}}class yi extends Error{error;errorDescription;constructor(i,c,s){super(i),this.error=c,this.errorDescription=s}}function ss(o){const i=new URL(o);return new URL(i.pathname,i.origin).toString()}async function Zr(o,i,c){return new So({htu:ss(o),htm:i.toUpperCase(),jti:Qr()}).setProtectedHeader({alg:Sr[0],jwk:c.publicKey,typ:"dpop+jwt"}).setIssuedAt().sign(c.privateKey,{})}async function as(){const{privateKey:o,publicKey:i}=await Co(Sr[0]),c={privateKey:o,publicKey:await so(i)};return[c.publicKey.alg]=Sr,c}const vi=600;function us(o){return[401,403].includes(o)}async function cs(o,i,c,s){const y=new Headers(s?.headers);return y.set("Authorization",`DPoP ${i}`),y.set("DPoP",await Zr(o,s?.method??"get",c)),{...s,headers:y}}async function ls(o,i,c,s){if(c!==void 0)return cs(o,i,c,s);const y=new Headers(s?.headers);return y.set("Authorization",`Bearer ${i}`),{...s,headers:y}}async function Un(o,i,c,s,y=fetch){return y(i,await ls(i.toString(),o,s,c))}async function hs(o,i,c){const s=await o.tokenRefresher.refresh(o.sessionId,o.refreshToken,i);return c?.emit(Ve.SESSION_EXTENDED,s.expiresIn??vi),{accessToken:s.accessToken,refreshToken:s.refreshToken,expiresIn:s.expiresIn}}const Lr=o=>o!==void 0?o-In>0?o-In:o:vi;function ds(o,i){let c=o,s;const y=i?.refreshOptions;if(y!==void 0){const v=async()=>{try{const{accessToken:d,refreshToken:b,expiresIn:w}=await hs(y,i.dpopKey,i.eventEmitter);c=d,b!==void 0&&(y.refreshToken=b),clearTimeout(s),s=setTimeout(v,Lr(w)*1e3),i.eventEmitter?.emit(Ve.TIMEOUT_SET,s)}catch(d){d instanceof yi&&(i?.eventEmitter?.emit(Ve.ERROR,d.error,d.errorDescription),i?.eventEmitter?.emit(Ve.SESSION_EXPIRED)),d instanceof rr&&d.missingFields.includes("access_token")&&i?.eventEmitter?.emit(Ve.SESSION_EXPIRED)}};s=setTimeout(v,Lr(i.expiresIn)*1e3),i.eventEmitter?.emit(Ve.TIMEOUT_SET,s)}else if(i!==void 0&&i.eventEmitter!==void 0){const v=setTimeout(()=>{i.eventEmitter.emit(Ve.SESSION_EXPIRED)},Lr(i.expiresIn)*1e3);i.eventEmitter.emit(Ve.TIMEOUT_SET,v)}return async(v,d)=>{let b=await Un(c,v,d,i?.dpopKey,i?.fetch);const w=!b.ok&&!us(b.status);return b.ok||w||b.url!==v&&i?.dpopKey!==void 0&&(b=await Un(c,b.url,d,i.dpopKey,i.fetch)),b}}var gr={exports:{}},Dn;function fs(){if(Dn)return gr.exports;Dn=1;var o=typeof Reflect=="object"?Reflect:null,i=o&&typeof o.apply=="function"?o.apply:function(B,T,I){return Function.prototype.apply.call(B,T,I)},c;o&&typeof o.ownKeys=="function"?c=o.ownKeys:Object.getOwnPropertySymbols?c=function(B){return Object.getOwnPropertyNames(B).concat(Object.getOwnPropertySymbols(B))}:c=function(B){return Object.getOwnPropertyNames(B)};function s(x){console&&console.warn&&console.warn(x)}var y=Number.isNaN||function(B){return B!==B};function v(){v.init.call(this)}gr.exports=v,gr.exports.once=C,v.EventEmitter=v,v.prototype._events=void 0,v.prototype._eventsCount=0,v.prototype._maxListeners=void 0;var d=10;function b(x){if(typeof x!="function")throw new TypeError('The "listener" argument must be of type Function. Received type '+typeof x)}Object.defineProperty(v,"defaultMaxListeners",{enumerable:!0,get:function(){return d},set:function(x){if(typeof x!="number"||x<0||y(x))throw new RangeError('The value of "defaultMaxListeners" is out of range. It must be a non-negative number. Received '+x+".");d=x}}),v.init=function(){(this._events===void 0||this._events===Object.getPrototypeOf(this)._events)&&(this._events=Object.create(null),this._eventsCount=0),this._maxListeners=this._maxListeners||void 0},v.prototype.setMaxListeners=function(B){if(typeof B!="number"||B<0||y(B))throw new RangeError('The value of "n" is out of range. It must be a non-negative number. Received '+B+".");return this._maxListeners=B,this};function w(x){return x._maxListeners===void 0?v.defaultMaxListeners:x._maxListeners}v.prototype.getMaxListeners=function(){return w(this)},v.prototype.emit=function(B){for(var T=[],I=1;I<arguments.length;I++)T.push(arguments[I]);var Q=B==="error",ne=this._events;if(ne!==void 0)Q=Q&&ne.error===void 0;else if(!Q)return!1;if(Q){var N;if(T.length>0&&(N=T[0]),N instanceof Error)throw N;var ie=new Error("Unhandled error."+(N?" ("+N.message+")":""));throw ie.context=N,ie}var ye=ne[B];if(ye===void 0)return!1;if(typeof ye=="function")i(ye,this,T);else for(var me=ye.length,je=A(ye,me),I=0;I<me;++I)i(je[I],this,T);return!0};function h(x,B,T,I){var Q,ne,N;if(b(T),ne=x._events,ne===void 0?(ne=x._events=Object.create(null),x._eventsCount=0):(ne.newListener!==void 0&&(x.emit("newListener",B,T.listener?T.listener:T),ne=x._events),N=ne[B]),N===void 0)N=ne[B]=T,++x._eventsCount;else if(typeof N=="function"?N=ne[B]=I?[T,N]:[N,T]:I?N.unshift(T):N.push(T),Q=w(x),Q>0&&N.length>Q&&!N.warned){N.warned=!0;var ie=new Error("Possible EventEmitter memory leak detected. "+N.length+" "+String(B)+" listeners added. Use emitter.setMaxListeners() to increase limit");ie.name="MaxListenersExceededWarning",ie.emitter=x,ie.type=B,ie.count=N.length,s(ie)}return x}v.prototype.addListener=function(B,T){return h(this,B,T,!1)},v.prototype.on=v.prototype.addListener,v.prototype.prependListener=function(B,T){return h(this,B,T,!0)};function l(){if(!this.fired)return this.target.removeListener(this.type,this.wrapFn),this.fired=!0,arguments.length===0?this.listener.call(this.target):this.listener.apply(this.target,arguments)}function u(x,B,T){var I={fired:!1,wrapFn:void 0,target:x,type:B,listener:T},Q=l.bind(I);return Q.listener=T,I.wrapFn=Q,Q}v.prototype.once=function(B,T){return b(T),this.on(B,u(this,B,T)),this},v.prototype.prependOnceListener=function(B,T){return b(T),this.prependListener(B,u(this,B,T)),this},v.prototype.removeListener=function(B,T){var I,Q,ne,N,ie;if(b(T),Q=this._events,Q===void 0)return this;if(I=Q[B],I===void 0)return this;if(I===T||I.listener===T)--this._eventsCount===0?this._events=Object.create(null):(delete Q[B],Q.removeListener&&this.emit("removeListener",B,I.listener||T));else if(typeof I!="function"){for(ne=-1,N=I.length-1;N>=0;N--)if(I[N]===T||I[N].listener===T){ie=I[N].listener,ne=N;break}if(ne<0)return this;ne===0?I.shift():J(I,ne),I.length===1&&(Q[B]=I[0]),Q.removeListener!==void 0&&this.emit("removeListener",B,ie||T)}return this},v.prototype.off=v.prototype.removeListener,v.prototype.removeAllListeners=function(B){var T,I,Q;if(I=this._events,I===void 0)return this;if(I.removeListener===void 0)return arguments.length===0?(this._events=Object.create(null),this._eventsCount=0):I[B]!==void 0&&(--this._eventsCount===0?this._events=Object.create(null):delete I[B]),this;if(arguments.length===0){var ne=Object.keys(I),N;for(Q=0;Q<ne.length;++Q)N=ne[Q],N!=="removeListener"&&this.removeAllListeners(N);return this.removeAllListeners("removeListener"),this._events=Object.create(null),this._eventsCount=0,this}if(T=I[B],typeof T=="function")this.removeListener(B,T);else if(T!==void 0)for(Q=T.length-1;Q>=0;Q--)this.removeListener(B,T[Q]);return this};function S(x,B,T){var I=x._events;if(I===void 0)return[];var Q=I[B];return Q===void 0?[]:typeof Q=="function"?T?[Q.listener||Q]:[Q]:T?H(Q):A(Q,Q.length)}v.prototype.listeners=function(B){return S(this,B,!0)},v.prototype.rawListeners=function(B){return S(this,B,!1)},v.listenerCount=function(x,B){return typeof x.listenerCount=="function"?x.listenerCount(B):R.call(x,B)},v.prototype.listenerCount=R;function R(x){var B=this._events;if(B!==void 0){var T=B[x];if(typeof T=="function")return 1;if(T!==void 0)return T.length}return 0}v.prototype.eventNames=function(){return this._eventsCount>0?c(this._events):[]};function A(x,B){for(var T=new Array(B),I=0;I<B;++I)T[I]=x[I];return T}function J(x,B){for(;B+1<x.length;B++)x[B]=x[B+1];x.pop()}function H(x){for(var B=new Array(x.length),T=0;T<B.length;++T)B[T]=x[T].listener||x[T];return B}function C(x,B){return new Promise(function(T,I){function Q(N){x.removeListener(B,ne),I(N)}function ne(){typeof x.removeListener=="function"&&x.removeListener("error",Q),T([].slice.call(arguments))}W(x,B,ne,{once:!0}),B!=="error"&&U(x,Q,{once:!0})})}function U(x,B,T){typeof x.on=="function"&&W(x,"error",B,T)}function W(x,B,T,I){if(typeof x.on=="function")I.once?x.once(B,T):x.on(B,T);else if(typeof x.addEventListener=="function")x.addEventListener(B,function Q(ne){I.once&&x.removeEventListener(B,Q),T(ne)});else throw new TypeError('The "emitter" argument must be of type EventEmitter. Received type '+typeof x)}return gr.exports}var gs=fs();const ps=Oi(gs);var vr={exports:{}},ys=vr.exports,Ln;function vs(){return Ln||(Ln=1,(function(o,i){(function(s,y){o.exports=y()})(ys,(function(){return(function(c){var s={};function y(v){if(s[v])return s[v].exports;var d=s[v]={i:v,l:!1,exports:{}};return c[v].call(d.exports,d,d.exports,y),d.l=!0,d.exports}return y.m=c,y.c=s,y.d=function(v,d,b){y.o(v,d)||Object.defineProperty(v,d,{enumerable:!0,get:b})},y.r=function(v){typeof Symbol<"u"&&Symbol.toStringTag&&Object.defineProperty(v,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(v,"__esModule",{value:!0})},y.t=function(v,d){if(1&d&&(v=y(v)),8&d||4&d&&typeof v=="object"&&v&&v.__esModule)return v;var b=Object.create(null);if(y.r(b),Object.defineProperty(b,"default",{enumerable:!0,value:v}),2&d&&typeof v!="string")for(var w in v)y.d(b,w,(function(h){return v[h]}).bind(null,w));return b},y.n=function(v){var d=v&&v.__esModule?function(){return v.default}:function(){return v};return y.d(d,"a",d),d},y.o=function(v,d){return Object.prototype.hasOwnProperty.call(v,d)},y.p="",y(y.s=22)})([function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0});var v=(function(){function h(l,u){for(var S=0;S<u.length;S++){var R=u[S];R.enumerable=R.enumerable||!1,R.configurable=!0,"value"in R&&(R.writable=!0),Object.defineProperty(l,R.key,R)}}return function(l,u,S){return u&&h(l.prototype,u),S&&h(l,S),l}})(),d={debug:function(){},info:function(){},warn:function(){},error:function(){}},b=void 0,w=void 0;(s.Log=(function(){function h(){(function(u,S){if(!(u instanceof S))throw new TypeError("Cannot call a class as a function")})(this,h)}return h.reset=function(){w=3,b=d},h.debug=function(){if(w>=4){for(var u=arguments.length,S=Array(u),R=0;R<u;R++)S[R]=arguments[R];b.debug.apply(b,Array.from(S))}},h.info=function(){if(w>=3){for(var u=arguments.length,S=Array(u),R=0;R<u;R++)S[R]=arguments[R];b.info.apply(b,Array.from(S))}},h.warn=function(){if(w>=2){for(var u=arguments.length,S=Array(u),R=0;R<u;R++)S[R]=arguments[R];b.warn.apply(b,Array.from(S))}},h.error=function(){if(w>=1){for(var u=arguments.length,S=Array(u),R=0;R<u;R++)S[R]=arguments[R];b.error.apply(b,Array.from(S))}},v(h,null,[{key:"NONE",get:function(){return 0}},{key:"ERROR",get:function(){return 1}},{key:"WARN",get:function(){return 2}},{key:"INFO",get:function(){return 3}},{key:"DEBUG",get:function(){return 4}},{key:"level",get:function(){return w},set:function(u){if(!(0<=u&&u<=4))throw new Error("Invalid log level");w=u}},{key:"logger",get:function(){return b},set:function(u){if(!u.debug&&u.info&&(u.debug=u.info),!(u.debug&&u.info&&u.warn&&u.error))throw new Error("Invalid logger");b=u}}]),h})()).reset()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0});var v=(function(){function h(l,u){for(var S=0;S<u.length;S++){var R=u[S];R.enumerable=R.enumerable||!1,R.configurable=!0,"value"in R&&(R.writable=!0),Object.defineProperty(l,R.key,R)}}return function(l,u,S){return u&&h(l.prototype,u),S&&h(l,S),l}})(),d={setInterval:(function(h){function l(u,S){return h.apply(this,arguments)}return l.toString=function(){return h.toString()},l})((function(h,l){return setInterval(h,l)})),clearInterval:(function(h){function l(u){return h.apply(this,arguments)}return l.toString=function(){return h.toString()},l})((function(h){return clearInterval(h)}))},b=!1,w=null;s.Global=(function(){function h(){(function(u,S){if(!(u instanceof S))throw new TypeError("Cannot call a class as a function")})(this,h)}return h._testing=function(){b=!0},h.setXMLHttpRequest=function(u){w=u},v(h,null,[{key:"location",get:function(){if(!b)return location}},{key:"localStorage",get:function(){if(!b&&typeof window<"u")return localStorage}},{key:"sessionStorage",get:function(){if(!b&&typeof window<"u")return sessionStorage}},{key:"XMLHttpRequest",get:function(){if(!b&&typeof window<"u")return w||XMLHttpRequest}},{key:"timer",get:function(){if(!b)return d}}]),h})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.MetadataService=void 0;var v=(function(){function l(u,S){for(var R=0;R<S.length;R++){var A=S[R];A.enumerable=A.enumerable||!1,A.configurable=!0,"value"in A&&(A.writable=!0),Object.defineProperty(u,A.key,A)}}return function(u,S,R){return S&&l(u.prototype,S),R&&l(u,R),u}})(),d=y(0),b=y(7);function w(l,u){if(!(l instanceof u))throw new TypeError("Cannot call a class as a function")}var h=".well-known/openid-configuration";s.MetadataService=(function(){function l(u){var S=arguments.length>1&&arguments[1]!==void 0?arguments[1]:b.JsonService;if(w(this,l),!u)throw d.Log.error("MetadataService: No settings passed to MetadataService"),new Error("settings");this._settings=u,this._jsonService=new S(["application/jwk-set+json"])}return l.prototype.resetSigningKeys=function(){this._settings=this._settings||{},this._settings.signingKeys=void 0},l.prototype.getMetadata=function(){var S=this;return this._settings.metadata?(d.Log.debug("MetadataService.getMetadata: Returning metadata from settings"),Promise.resolve(this._settings.metadata)):this.metadataUrl?(d.Log.debug("MetadataService.getMetadata: getting metadata from",this.metadataUrl),this._jsonService.getJson(this.metadataUrl).then((function(R){d.Log.debug("MetadataService.getMetadata: json received");var A=S._settings.metadataSeed||{};return S._settings.metadata=Object.assign({},A,R),S._settings.metadata}))):(d.Log.error("MetadataService.getMetadata: No authority or metadataUrl configured on settings"),Promise.reject(new Error("No authority or metadataUrl configured on settings")))},l.prototype.getIssuer=function(){return this._getMetadataProperty("issuer")},l.prototype.getAuthorizationEndpoint=function(){return this._getMetadataProperty("authorization_endpoint")},l.prototype.getUserInfoEndpoint=function(){return this._getMetadataProperty("userinfo_endpoint")},l.prototype.getTokenEndpoint=function(){var S=!(arguments.length>0&&arguments[0]!==void 0)||arguments[0];return this._getMetadataProperty("token_endpoint",S)},l.prototype.getCheckSessionIframe=function(){return this._getMetadataProperty("check_session_iframe",!0)},l.prototype.getEndSessionEndpoint=function(){return this._getMetadataProperty("end_session_endpoint",!0)},l.prototype.getRevocationEndpoint=function(){return this._getMetadataProperty("revocation_endpoint",!0)},l.prototype.getKeysEndpoint=function(){return this._getMetadataProperty("jwks_uri",!0)},l.prototype._getMetadataProperty=function(S){var R=arguments.length>1&&arguments[1]!==void 0&&arguments[1];return d.Log.debug("MetadataService.getMetadataProperty for: "+S),this.getMetadata().then((function(A){if(d.Log.debug("MetadataService.getMetadataProperty: metadata recieved"),A[S]===void 0){if(R===!0)return void d.Log.warn("MetadataService.getMetadataProperty: Metadata does not contain optional property "+S);throw d.Log.error("MetadataService.getMetadataProperty: Metadata does not contain property "+S),new Error("Metadata does not contain property "+S)}return A[S]}))},l.prototype.getSigningKeys=function(){var S=this;return this._settings.signingKeys?(d.Log.debug("MetadataService.getSigningKeys: Returning signingKeys from settings"),Promise.resolve(this._settings.signingKeys)):this._getMetadataProperty("jwks_uri").then((function(R){return d.Log.debug("MetadataService.getSigningKeys: jwks_uri received",R),S._jsonService.getJson(R).then((function(A){if(d.Log.debug("MetadataService.getSigningKeys: key set received",A),!A.keys)throw d.Log.error("MetadataService.getSigningKeys: Missing keys on keyset"),new Error("Missing keys on keyset");return S._settings.signingKeys=A.keys,S._settings.signingKeys}))}))},v(l,[{key:"metadataUrl",get:function(){return this._metadataUrl||(this._settings.metadataUrl?this._metadataUrl=this._settings.metadataUrl:(this._metadataUrl=this._settings.authority,this._metadataUrl&&this._metadataUrl.indexOf(h)<0&&(this._metadataUrl[this._metadataUrl.length-1]!=="/"&&(this._metadataUrl+="/"),this._metadataUrl+=h))),this._metadataUrl}}]),l})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.UrlUtility=void 0;var v=y(0),d=y(1);s.UrlUtility=(function(){function b(){(function(h,l){if(!(h instanceof l))throw new TypeError("Cannot call a class as a function")})(this,b)}return b.addQueryParam=function(h,l,u){return h.indexOf("?")<0&&(h+="?"),h[h.length-1]!=="?"&&(h+="&"),h+=encodeURIComponent(l),h+="=",h+=encodeURIComponent(u)},b.parseUrlFragment=function(h){var l=arguments.length>1&&arguments[1]!==void 0?arguments[1]:"#",u=arguments.length>2&&arguments[2]!==void 0?arguments[2]:d.Global;typeof h!="string"&&(h=u.location.href);var S=h.lastIndexOf(l);S>=0&&(h=h.substr(S+1)),l==="?"&&(S=h.indexOf("#"))>=0&&(h=h.substr(0,S));for(var R,A={},J=/([^&=]+)=([^&]*)/g,H=0;R=J.exec(h);)if(A[decodeURIComponent(R[1])]=decodeURIComponent(R[2].replace(/\+/g," ")),H++>50)return v.Log.error("UrlUtility.parseUrlFragment: response exceeded expected number of parameters",h),{error:"Response exceeded expected number of parameters"};for(var C in A)return A;return{}},b})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.JoseUtil=void 0;var v=y(26),d=(function(w){return w&&w.__esModule?w:{default:w}})(y(33));s.JoseUtil=(0,d.default)({jws:v.jws,KeyUtil:v.KeyUtil,X509:v.X509,crypto:v.crypto,hextob64u:v.hextob64u,b64tohex:v.b64tohex,AllowedSigningAlgs:v.AllowedSigningAlgs})},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.OidcClientSettings=void 0;var v=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(C){return typeof C}:function(C){return C&&typeof Symbol=="function"&&C.constructor===Symbol&&C!==Symbol.prototype?"symbol":typeof C},d=(function(){function C(U,W){for(var x=0;x<W.length;x++){var B=W[x];B.enumerable=B.enumerable||!1,B.configurable=!0,"value"in B&&(B.writable=!0),Object.defineProperty(U,B.key,B)}}return function(U,W,x){return W&&C(U.prototype,W),x&&C(U,x),U}})(),b=y(0),w=y(23),h=y(6),l=y(24),u=y(2);function S(C,U){if(!(C instanceof U))throw new TypeError("Cannot call a class as a function")}var R=".well-known/openid-configuration",A="id_token",J="openid",H="client_secret_post";s.OidcClientSettings=(function(){function C(){var U=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},W=U.authority,x=U.metadataUrl,B=U.metadata,T=U.signingKeys,I=U.metadataSeed,Q=U.client_id,ne=U.client_secret,N=U.response_type,ie=N===void 0?A:N,ye=U.scope,me=ye===void 0?J:ye,je=U.redirect_uri,Re=U.post_logout_redirect_uri,ze=U.client_authentication,Le=ze===void 0?H:ze,Ge=U.prompt,fe=U.display,ve=U.max_age,We=U.ui_locales,Ye=U.acr_values,rt=U.resource,nt=U.response_mode,ct=U.filterProtocolClaims,Et=ct===void 0||ct,Xe=U.loadUserInfo,it=Xe===void 0||Xe,Ke=U.staleStateAge,xe=Ke===void 0?900:Ke,q=U.clockSkew,g=q===void 0?300:q,p=U.clockService,j=p===void 0?new w.ClockService:p,$=U.userInfoJwtIssuer,X=$===void 0?"OP":$,re=U.mergeClaims,ce=re!==void 0&&re,de=U.stateStore,we=de===void 0?new h.WebStorageStateStore:de,_e=U.ResponseValidatorCtor,Se=_e===void 0?l.ResponseValidator:_e,ot=U.MetadataServiceCtor,ft=ot===void 0?u.MetadataService:ot,le=U.extraQueryParams,Pe=le===void 0?{}:le,pe=U.extraTokenParams,lt=pe===void 0?{}:pe;S(this,C),this._authority=W,this._metadataUrl=x,this._metadata=B,this._metadataSeed=I,this._signingKeys=T,this._client_id=Q,this._client_secret=ne,this._response_type=ie,this._scope=me,this._redirect_uri=je,this._post_logout_redirect_uri=Re,this._client_authentication=Le,this._prompt=Ge,this._display=fe,this._max_age=ve,this._ui_locales=We,this._acr_values=Ye,this._resource=rt,this._response_mode=nt,this._filterProtocolClaims=!!Et,this._loadUserInfo=!!it,this._staleStateAge=xe,this._clockSkew=g,this._clockService=j,this._userInfoJwtIssuer=X,this._mergeClaims=!!ce,this._stateStore=we,this._validator=new Se(this),this._metadataService=new ft(this),this._extraQueryParams=(Pe===void 0?"undefined":v(Pe))==="object"?Pe:{},this._extraTokenParams=(lt===void 0?"undefined":v(lt))==="object"?lt:{}}return C.prototype.getEpochTime=function(){return this._clockService.getEpochTime()},d(C,[{key:"client_id",get:function(){return this._client_id},set:function(W){if(this._client_id)throw b.Log.error("OidcClientSettings.set_client_id: client_id has already been assigned."),new Error("client_id has already been assigned.");this._client_id=W}},{key:"client_secret",get:function(){return this._client_secret}},{key:"response_type",get:function(){return this._response_type}},{key:"scope",get:function(){return this._scope}},{key:"redirect_uri",get:function(){return this._redirect_uri}},{key:"post_logout_redirect_uri",get:function(){return this._post_logout_redirect_uri}},{key:"client_authentication",get:function(){return this._client_authentication}},{key:"prompt",get:function(){return this._prompt}},{key:"display",get:function(){return this._display}},{key:"max_age",get:function(){return this._max_age}},{key:"ui_locales",get:function(){return this._ui_locales}},{key:"acr_values",get:function(){return this._acr_values}},{key:"resource",get:function(){return this._resource}},{key:"response_mode",get:function(){return this._response_mode}},{key:"authority",get:function(){return this._authority},set:function(W){if(this._authority)throw b.Log.error("OidcClientSettings.set_authority: authority has already been assigned."),new Error("authority has already been assigned.");this._authority=W}},{key:"metadataUrl",get:function(){return this._metadataUrl||(this._metadataUrl=this.authority,this._metadataUrl&&this._metadataUrl.indexOf(R)<0&&(this._metadataUrl[this._metadataUrl.length-1]!=="/"&&(this._metadataUrl+="/"),this._metadataUrl+=R)),this._metadataUrl}},{key:"metadata",get:function(){return this._metadata},set:function(W){this._metadata=W}},{key:"metadataSeed",get:function(){return this._metadataSeed},set:function(W){this._metadataSeed=W}},{key:"signingKeys",get:function(){return this._signingKeys},set:function(W){this._signingKeys=W}},{key:"filterProtocolClaims",get:function(){return this._filterProtocolClaims}},{key:"loadUserInfo",get:function(){return this._loadUserInfo}},{key:"staleStateAge",get:function(){return this._staleStateAge}},{key:"clockSkew",get:function(){return this._clockSkew}},{key:"userInfoJwtIssuer",get:function(){return this._userInfoJwtIssuer}},{key:"mergeClaims",get:function(){return this._mergeClaims}},{key:"stateStore",get:function(){return this._stateStore}},{key:"validator",get:function(){return this._validator}},{key:"metadataService",get:function(){return this._metadataService}},{key:"extraQueryParams",get:function(){return this._extraQueryParams},set:function(W){(W===void 0?"undefined":v(W))==="object"?this._extraQueryParams=W:this._extraQueryParams={}}},{key:"extraTokenParams",get:function(){return this._extraTokenParams},set:function(W){(W===void 0?"undefined":v(W))==="object"?this._extraTokenParams=W:this._extraTokenParams={}}}]),C})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.WebStorageStateStore=void 0;var v=y(0),d=y(1);function b(w,h){if(!(w instanceof h))throw new TypeError("Cannot call a class as a function")}s.WebStorageStateStore=(function(){function w(){var h=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},l=h.prefix,u=l===void 0?"oidc.":l,S=h.store,R=S===void 0?d.Global.localStorage:S;b(this,w),this._store=R,this._prefix=u}return w.prototype.set=function(l,u){return v.Log.debug("WebStorageStateStore.set",l),l=this._prefix+l,this._store.setItem(l,u),Promise.resolve()},w.prototype.get=function(l){v.Log.debug("WebStorageStateStore.get",l),l=this._prefix+l;var u=this._store.getItem(l);return Promise.resolve(u)},w.prototype.remove=function(l){v.Log.debug("WebStorageStateStore.remove",l),l=this._prefix+l;var u=this._store.getItem(l);return this._store.removeItem(l),Promise.resolve(u)},w.prototype.getAllKeys=function(){v.Log.debug("WebStorageStateStore.getAllKeys");for(var l=[],u=0;u<this._store.length;u++){var S=this._store.key(u);S.indexOf(this._prefix)===0&&l.push(S.substr(this._prefix.length))}return Promise.resolve(l)},w})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.JsonService=void 0;var v=y(0),d=y(1);function b(w,h){if(!(w instanceof h))throw new TypeError("Cannot call a class as a function")}s.JsonService=(function(){function w(){var h=arguments.length>0&&arguments[0]!==void 0?arguments[0]:null,l=arguments.length>1&&arguments[1]!==void 0?arguments[1]:d.Global.XMLHttpRequest,u=arguments.length>2&&arguments[2]!==void 0?arguments[2]:null;b(this,w),h&&Array.isArray(h)?this._contentTypes=h.slice():this._contentTypes=[],this._contentTypes.push("application/json"),u&&this._contentTypes.push("application/jwt"),this._XMLHttpRequest=l,this._jwtHandler=u}return w.prototype.getJson=function(l,u){var S=this;if(!l)throw v.Log.error("JsonService.getJson: No url passed"),new Error("url");return v.Log.debug("JsonService.getJson, url: ",l),new Promise((function(R,A){var J=new S._XMLHttpRequest;J.open("GET",l);var H=S._contentTypes,C=S._jwtHandler;J.onload=function(){if(v.Log.debug("JsonService.getJson: HTTP response received, status",J.status),J.status===200){var U=J.getResponseHeader("Content-Type");if(U){var W=H.find((function(x){if(U.startsWith(x))return!0}));if(W=="application/jwt")return void C(J).then(R,A);if(W)try{return void R(JSON.parse(J.responseText))}catch(x){return v.Log.error("JsonService.getJson: Error parsing JSON response",x.message),void A(x)}}A(Error("Invalid response Content-Type: "+U+", from URL: "+l))}else A(Error(J.statusText+" ("+J.status+")"))},J.onerror=function(){v.Log.error("JsonService.getJson: network error"),A(Error("Network Error"))},u&&(v.Log.debug("JsonService.getJson: token passed, setting Authorization header"),J.setRequestHeader("Authorization","Bearer "+u)),J.send()}))},w.prototype.postForm=function(l,u,S){var R=this;if(!l)throw v.Log.error("JsonService.postForm: No url passed"),new Error("url");return v.Log.debug("JsonService.postForm, url: ",l),new Promise((function(A,J){var H=new R._XMLHttpRequest;H.open("POST",l);var C=R._contentTypes;H.onload=function(){if(v.Log.debug("JsonService.postForm: HTTP response received, status",H.status),H.status!==200){if(H.status===400&&(T=H.getResponseHeader("Content-Type"))&&C.find((function(I){if(T.startsWith(I))return!0})))try{var B=JSON.parse(H.responseText);if(B&&B.error)return v.Log.error("JsonService.postForm: Error from server: ",B.error),void J(new Error(B.error))}catch(I){return v.Log.error("JsonService.postForm: Error parsing JSON response",I.message),void J(I)}J(Error(H.statusText+" ("+H.status+")"))}else{var T;if((T=H.getResponseHeader("Content-Type"))&&C.find((function(I){if(T.startsWith(I))return!0})))try{return void A(JSON.parse(H.responseText))}catch(I){return v.Log.error("JsonService.postForm: Error parsing JSON response",I.message),void J(I)}J(Error("Invalid response Content-Type: "+T+", from URL: "+l))}},H.onerror=function(){v.Log.error("JsonService.postForm: network error"),J(Error("Network Error"))};var U="";for(var W in u){var x=u[W];x&&(U.length>0&&(U+="&"),U+=encodeURIComponent(W),U+="=",U+=encodeURIComponent(x))}H.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),S!==void 0&&H.setRequestHeader("Authorization","Basic "+btoa(S)),H.send(U)}))},w})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.SigninRequest=void 0;var v=y(0),d=y(3),b=y(13);s.SigninRequest=(function(){function w(h){var l=h.url,u=h.client_id,S=h.redirect_uri,R=h.response_type,A=h.scope,J=h.authority,H=h.data,C=h.prompt,U=h.display,W=h.max_age,x=h.ui_locales,B=h.id_token_hint,T=h.login_hint,I=h.acr_values,Q=h.resource,ne=h.response_mode,N=h.request,ie=h.request_uri,ye=h.extraQueryParams,me=h.request_type,je=h.client_secret,Re=h.extraTokenParams,ze=h.skipUserInfo;if((function(rt,nt){if(!(rt instanceof nt))throw new TypeError("Cannot call a class as a function")})(this,w),!l)throw v.Log.error("SigninRequest.ctor: No url passed"),new Error("url");if(!u)throw v.Log.error("SigninRequest.ctor: No client_id passed"),new Error("client_id");if(!S)throw v.Log.error("SigninRequest.ctor: No redirect_uri passed"),new Error("redirect_uri");if(!R)throw v.Log.error("SigninRequest.ctor: No response_type passed"),new Error("response_type");if(!A)throw v.Log.error("SigninRequest.ctor: No scope passed"),new Error("scope");if(!J)throw v.Log.error("SigninRequest.ctor: No authority passed"),new Error("authority");var Le=w.isOidc(R),Ge=w.isCode(R);ne||(ne=w.isCode(R)?"query":null),this.state=new b.SigninState({nonce:Le,data:H,client_id:u,authority:J,redirect_uri:S,code_verifier:Ge,request_type:me,response_mode:ne,client_secret:je,scope:A,extraTokenParams:Re,skipUserInfo:ze}),l=d.UrlUtility.addQueryParam(l,"client_id",u),l=d.UrlUtility.addQueryParam(l,"redirect_uri",S),l=d.UrlUtility.addQueryParam(l,"response_type",R),l=d.UrlUtility.addQueryParam(l,"scope",A),l=d.UrlUtility.addQueryParam(l,"state",this.state.id),Le&&(l=d.UrlUtility.addQueryParam(l,"nonce",this.state.nonce)),Ge&&(l=d.UrlUtility.addQueryParam(l,"code_challenge",this.state.code_challenge),l=d.UrlUtility.addQueryParam(l,"code_challenge_method","S256"));var fe={prompt:C,display:U,max_age:W,ui_locales:x,id_token_hint:B,login_hint:T,acr_values:I,resource:Q,request:N,request_uri:ie,response_mode:ne};for(var ve in fe)fe[ve]&&(l=d.UrlUtility.addQueryParam(l,ve,fe[ve]));for(var We in ye)l=d.UrlUtility.addQueryParam(l,We,ye[We]);this.url=l}return w.isOidc=function(l){return!!l.split(/\s+/g).filter((function(u){return u==="id_token"}))[0]},w.isOAuth=function(l){return!!l.split(/\s+/g).filter((function(u){return u==="token"}))[0]},w.isCode=function(l){return!!l.split(/\s+/g).filter((function(u){return u==="code"}))[0]},w})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.State=void 0;var v=(function(){function h(l,u){for(var S=0;S<u.length;S++){var R=u[S];R.enumerable=R.enumerable||!1,R.configurable=!0,"value"in R&&(R.writable=!0),Object.defineProperty(l,R.key,R)}}return function(l,u,S){return u&&h(l.prototype,u),S&&h(l,S),l}})(),d=y(0),b=(function(l){return l&&l.__esModule?l:{default:l}})(y(14));function w(h,l){if(!(h instanceof l))throw new TypeError("Cannot call a class as a function")}s.State=(function(){function h(){var l=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},u=l.id,S=l.data,R=l.created,A=l.request_type;w(this,h),this._id=u||(0,b.default)(),this._data=S,this._created=typeof R=="number"&&R>0?R:parseInt(Date.now()/1e3),this._request_type=A}return h.prototype.toStorageString=function(){return d.Log.debug("State.toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type})},h.fromStorageString=function(u){return d.Log.debug("State.fromStorageString"),new h(JSON.parse(u))},h.clearStaleState=function(u,S){var R=Date.now()/1e3-S;return u.getAllKeys().then((function(A){d.Log.debug("State.clearStaleState: got keys",A);for(var J=[],H=function(x){var B=A[x];U=u.get(B).then((function(T){var I=!1;if(T)try{var Q=h.fromStorageString(T);d.Log.debug("State.clearStaleState: got item from key: ",B,Q.created),Q.created<=R&&(I=!0)}catch(ne){d.Log.error("State.clearStaleState: Error parsing state for key",B,ne.message),I=!0}else d.Log.debug("State.clearStaleState: no item in storage for key: ",B),I=!0;if(I)return d.Log.debug("State.clearStaleState: removed item for key: ",B),u.remove(B)})),J.push(U)},C=0;C<A.length;C++){var U;H(C)}return d.Log.debug("State.clearStaleState: waiting on promise count:",J.length),Promise.all(J)}))},v(h,[{key:"id",get:function(){return this._id}},{key:"data",get:function(){return this._data}},{key:"created",get:function(){return this._created}},{key:"request_type",get:function(){return this._request_type}}]),h})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.OidcClient=void 0;var v=(function(){function H(C,U){for(var W=0;W<U.length;W++){var x=U[W];x.enumerable=x.enumerable||!1,x.configurable=!0,"value"in x&&(x.writable=!0),Object.defineProperty(C,x.key,x)}}return function(C,U,W){return U&&H(C.prototype,U),W&&H(C,W),C}})(),d=y(0),b=y(5),w=y(12),h=y(8),l=y(34),u=y(35),S=y(36),R=y(13),A=y(9);function J(H,C){if(!(H instanceof C))throw new TypeError("Cannot call a class as a function")}s.OidcClient=(function(){function H(){var C=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};J(this,H),C instanceof b.OidcClientSettings?this._settings=C:this._settings=new b.OidcClientSettings(C)}return H.prototype.createSigninRequest=function(){var U=this,W=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},x=W.response_type,B=W.scope,T=W.redirect_uri,I=W.data,Q=W.state,ne=W.prompt,N=W.display,ie=W.max_age,ye=W.ui_locales,me=W.id_token_hint,je=W.login_hint,Re=W.acr_values,ze=W.resource,Le=W.request,Ge=W.request_uri,fe=W.response_mode,ve=W.extraQueryParams,We=W.extraTokenParams,Ye=W.request_type,rt=W.skipUserInfo,nt=arguments[1];d.Log.debug("OidcClient.createSigninRequest");var ct=this._settings.client_id;x=x||this._settings.response_type,B=B||this._settings.scope,T=T||this._settings.redirect_uri,ne=ne||this._settings.prompt,N=N||this._settings.display,ie=ie||this._settings.max_age,ye=ye||this._settings.ui_locales,Re=Re||this._settings.acr_values,ze=ze||this._settings.resource,fe=fe||this._settings.response_mode,ve=ve||this._settings.extraQueryParams,We=We||this._settings.extraTokenParams;var Et=this._settings.authority;return h.SigninRequest.isCode(x)&&x!=="code"?Promise.reject(new Error("OpenID Connect hybrid flow is not supported")):this._metadataService.getAuthorizationEndpoint().then((function(Xe){d.Log.debug("OidcClient.createSigninRequest: Received authorization endpoint",Xe);var it=new h.SigninRequest({url:Xe,client_id:ct,redirect_uri:T,response_type:x,scope:B,data:I||Q,authority:Et,prompt:ne,display:N,max_age:ie,ui_locales:ye,id_token_hint:me,login_hint:je,acr_values:Re,resource:ze,request:Le,request_uri:Ge,extraQueryParams:ve,extraTokenParams:We,request_type:Ye,response_mode:fe,client_secret:U._settings.client_secret,skipUserInfo:rt}),Ke=it.state;return(nt=nt||U._stateStore).set(Ke.id,Ke.toStorageString()).then((function(){return it}))}))},H.prototype.readSigninResponseState=function(U,W){var x=arguments.length>2&&arguments[2]!==void 0&&arguments[2];d.Log.debug("OidcClient.readSigninResponseState");var B=this._settings.response_mode==="query"||!this._settings.response_mode&&h.SigninRequest.isCode(this._settings.response_type),T=B?"?":"#",I=new l.SigninResponse(U,T);if(!I.state)return d.Log.error("OidcClient.readSigninResponseState: No state in response"),Promise.reject(new Error("No state in response"));W=W||this._stateStore;var Q=x?W.remove.bind(W):W.get.bind(W);return Q(I.state).then((function(ne){if(!ne)throw d.Log.error("OidcClient.readSigninResponseState: No matching state found in storage"),new Error("No matching state found in storage");return{state:R.SigninState.fromStorageString(ne),response:I}}))},H.prototype.processSigninResponse=function(U,W){var x=this;return d.Log.debug("OidcClient.processSigninResponse"),this.readSigninResponseState(U,W,!0).then((function(B){var T=B.state,I=B.response;return d.Log.debug("OidcClient.processSigninResponse: Received state from storage; validating response"),x._validator.validateSigninResponse(T,I)}))},H.prototype.createSignoutRequest=function(){var U=this,W=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},x=W.id_token_hint,B=W.data,T=W.state,I=W.post_logout_redirect_uri,Q=W.extraQueryParams,ne=W.request_type,N=arguments[1];return d.Log.debug("OidcClient.createSignoutRequest"),I=I||this._settings.post_logout_redirect_uri,Q=Q||this._settings.extraQueryParams,this._metadataService.getEndSessionEndpoint().then((function(ie){if(!ie)throw d.Log.error("OidcClient.createSignoutRequest: No end session endpoint url returned"),new Error("no end session endpoint");d.Log.debug("OidcClient.createSignoutRequest: Received end session endpoint",ie);var ye=new u.SignoutRequest({url:ie,id_token_hint:x,post_logout_redirect_uri:I,data:B||T,extraQueryParams:Q,request_type:ne}),me=ye.state;return me&&(d.Log.debug("OidcClient.createSignoutRequest: Signout request has state to persist"),(N=N||U._stateStore).set(me.id,me.toStorageString())),ye}))},H.prototype.readSignoutResponseState=function(U,W){var x=arguments.length>2&&arguments[2]!==void 0&&arguments[2];d.Log.debug("OidcClient.readSignoutResponseState");var B=new S.SignoutResponse(U);if(!B.state)return d.Log.debug("OidcClient.readSignoutResponseState: No state in response"),B.error?(d.Log.warn("OidcClient.readSignoutResponseState: Response was error: ",B.error),Promise.reject(new w.ErrorResponse(B))):Promise.resolve({state:void 0,response:B});var T=B.state;W=W||this._stateStore;var I=x?W.remove.bind(W):W.get.bind(W);return I(T).then((function(Q){if(!Q)throw d.Log.error("OidcClient.readSignoutResponseState: No matching state found in storage"),new Error("No matching state found in storage");return{state:A.State.fromStorageString(Q),response:B}}))},H.prototype.processSignoutResponse=function(U,W){var x=this;return d.Log.debug("OidcClient.processSignoutResponse"),this.readSignoutResponseState(U,W,!0).then((function(B){var T=B.state,I=B.response;return T?(d.Log.debug("OidcClient.processSignoutResponse: Received state from storage; validating response"),x._validator.validateSignoutResponse(T,I)):(d.Log.debug("OidcClient.processSignoutResponse: No state from storage; skipping validating response"),I)}))},H.prototype.clearStaleState=function(U){return d.Log.debug("OidcClient.clearStaleState"),U=U||this._stateStore,A.State.clearStaleState(U,this.settings.staleStateAge)},v(H,[{key:"_stateStore",get:function(){return this.settings.stateStore}},{key:"_validator",get:function(){return this.settings.validator}},{key:"_metadataService",get:function(){return this.settings.metadataService}},{key:"settings",get:function(){return this._settings}},{key:"metadataService",get:function(){return this._metadataService}}]),H})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.TokenClient=void 0;var v=y(7),d=y(2),b=y(0);function w(h,l){if(!(h instanceof l))throw new TypeError("Cannot call a class as a function")}s.TokenClient=(function(){function h(l){var u=arguments.length>1&&arguments[1]!==void 0?arguments[1]:v.JsonService,S=arguments.length>2&&arguments[2]!==void 0?arguments[2]:d.MetadataService;if(w(this,h),!l)throw b.Log.error("TokenClient.ctor: No settings passed"),new Error("settings");this._settings=l,this._jsonService=new u,this._metadataService=new S(this._settings)}return h.prototype.exchangeCode=function(){var u=this,S=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(S=Object.assign({},S)).grant_type=S.grant_type||"authorization_code",S.client_id=S.client_id||this._settings.client_id,S.client_secret=S.client_secret||this._settings.client_secret,S.redirect_uri=S.redirect_uri||this._settings.redirect_uri;var R=void 0,A=S._client_authentication||this._settings._client_authentication;return delete S._client_authentication,S.code?S.redirect_uri?S.code_verifier?S.client_id?S.client_secret||A!="client_secret_basic"?(A=="client_secret_basic"&&(R=S.client_id+":"+S.client_secret,delete S.client_id,delete S.client_secret),this._metadataService.getTokenEndpoint(!1).then((function(J){return b.Log.debug("TokenClient.exchangeCode: Received token endpoint"),u._jsonService.postForm(J,S,R).then((function(H){return b.Log.debug("TokenClient.exchangeCode: response received"),H}))}))):(b.Log.error("TokenClient.exchangeCode: No client_secret passed"),Promise.reject(new Error("A client_secret is required"))):(b.Log.error("TokenClient.exchangeCode: No client_id passed"),Promise.reject(new Error("A client_id is required"))):(b.Log.error("TokenClient.exchangeCode: No code_verifier passed"),Promise.reject(new Error("A code_verifier is required"))):(b.Log.error("TokenClient.exchangeCode: No redirect_uri passed"),Promise.reject(new Error("A redirect_uri is required"))):(b.Log.error("TokenClient.exchangeCode: No code passed"),Promise.reject(new Error("A code is required")))},h.prototype.exchangeRefreshToken=function(){var u=this,S=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(S=Object.assign({},S)).grant_type=S.grant_type||"refresh_token",S.client_id=S.client_id||this._settings.client_id,S.client_secret=S.client_secret||this._settings.client_secret;var R=void 0,A=S._client_authentication||this._settings._client_authentication;return delete S._client_authentication,S.refresh_token?S.client_id?(A=="client_secret_basic"&&(R=S.client_id+":"+S.client_secret,delete S.client_id,delete S.client_secret),this._metadataService.getTokenEndpoint(!1).then((function(J){return b.Log.debug("TokenClient.exchangeRefreshToken: Received token endpoint"),u._jsonService.postForm(J,S,R).then((function(H){return b.Log.debug("TokenClient.exchangeRefreshToken: response received"),H}))}))):(b.Log.error("TokenClient.exchangeRefreshToken: No client_id passed"),Promise.reject(new Error("A client_id is required"))):(b.Log.error("TokenClient.exchangeRefreshToken: No refresh_token passed"),Promise.reject(new Error("A refresh_token is required")))},h})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.ErrorResponse=void 0;var v=y(0);function d(w,h){if(!(w instanceof h))throw new TypeError("Cannot call a class as a function")}function b(w,h){if(!w)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!h||typeof h!="object"&&typeof h!="function"?w:h}s.ErrorResponse=(function(w){function h(){var l=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},u=l.error,S=l.error_description,R=l.error_uri,A=l.state,J=l.session_state;if(d(this,h),!u)throw v.Log.error("No error passed to ErrorResponse"),new Error("error");var H=b(this,w.call(this,S||u));return H.name="ErrorResponse",H.error=u,H.error_description=S,H.error_uri=R,H.state=A,H.session_state=J,H}return(function(u,S){if(typeof S!="function"&&S!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof S);u.prototype=Object.create(S&&S.prototype,{constructor:{value:u,enumerable:!1,writable:!0,configurable:!0}}),S&&(Object.setPrototypeOf?Object.setPrototypeOf(u,S):u.__proto__=S)})(h,w),h})(Error)},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.SigninState=void 0;var v=(function(){function S(R,A){for(var J=0;J<A.length;J++){var H=A[J];H.enumerable=H.enumerable||!1,H.configurable=!0,"value"in H&&(H.writable=!0),Object.defineProperty(R,H.key,H)}}return function(R,A,J){return A&&S(R.prototype,A),J&&S(R,J),R}})(),d=y(0),b=y(9),w=y(4),h=(function(R){return R&&R.__esModule?R:{default:R}})(y(14));function l(S,R){if(!(S instanceof R))throw new TypeError("Cannot call a class as a function")}function u(S,R){if(!S)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!R||typeof R!="object"&&typeof R!="function"?S:R}s.SigninState=(function(S){function R(){var A=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},J=A.nonce,H=A.authority,C=A.client_id,U=A.redirect_uri,W=A.code_verifier,x=A.response_mode,B=A.client_secret,T=A.scope,I=A.extraTokenParams,Q=A.skipUserInfo;l(this,R);var ne=u(this,S.call(this,arguments[0]));if(J===!0?ne._nonce=(0,h.default)():J&&(ne._nonce=J),W===!0?ne._code_verifier=(0,h.default)()+(0,h.default)()+(0,h.default)():W&&(ne._code_verifier=W),ne.code_verifier){var N=w.JoseUtil.hashString(ne.code_verifier,"SHA256");ne._code_challenge=w.JoseUtil.hexToBase64Url(N)}return ne._redirect_uri=U,ne._authority=H,ne._client_id=C,ne._response_mode=x,ne._client_secret=B,ne._scope=T,ne._extraTokenParams=I,ne._skipUserInfo=Q,ne}return(function(J,H){if(typeof H!="function"&&H!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof H);J.prototype=Object.create(H&&H.prototype,{constructor:{value:J,enumerable:!1,writable:!0,configurable:!0}}),H&&(Object.setPrototypeOf?Object.setPrototypeOf(J,H):J.__proto__=H)})(R,S),R.prototype.toStorageString=function(){return d.Log.debug("SigninState.toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type,nonce:this.nonce,code_verifier:this.code_verifier,redirect_uri:this.redirect_uri,authority:this.authority,client_id:this.client_id,response_mode:this.response_mode,client_secret:this.client_secret,scope:this.scope,extraTokenParams:this.extraTokenParams,skipUserInfo:this.skipUserInfo})},R.fromStorageString=function(J){return d.Log.debug("SigninState.fromStorageString"),new R(JSON.parse(J))},v(R,[{key:"nonce",get:function(){return this._nonce}},{key:"authority",get:function(){return this._authority}},{key:"client_id",get:function(){return this._client_id}},{key:"redirect_uri",get:function(){return this._redirect_uri}},{key:"code_verifier",get:function(){return this._code_verifier}},{key:"code_challenge",get:function(){return this._code_challenge}},{key:"response_mode",get:function(){return this._response_mode}},{key:"client_secret",get:function(){return this._client_secret}},{key:"scope",get:function(){return this._scope}},{key:"extraTokenParams",get:function(){return this._extraTokenParams}},{key:"skipUserInfo",get:function(){return this._skipUserInfo}}]),R})(b.State)},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.default=function(){return(v!="undefined"&&v!==null&&v.getRandomValues!==void 0?d:b)().replace(/-/g,"")};var v=typeof window<"u"?window.crypto||window.msCrypto:null;function d(){return("10000000-1000-4000-8000"+-1e11).replace(/[018]/g,(function(w){return(w^v.getRandomValues(new Uint8Array(1))[0]&15>>w/4).toString(16)}))}function b(){return("10000000-1000-4000-8000"+-1e11).replace(/[018]/g,(function(w){return(w^16*Math.random()>>w/4).toString(16)}))}c.exports=s.default},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.User=void 0;var v=(function(){function b(w,h){for(var l=0;l<h.length;l++){var u=h[l];u.enumerable=u.enumerable||!1,u.configurable=!0,"value"in u&&(u.writable=!0),Object.defineProperty(w,u.key,u)}}return function(w,h,l){return h&&b(w.prototype,h),l&&b(w,l),w}})(),d=y(0);s.User=(function(){function b(w){var h=w.id_token,l=w.session_state,u=w.access_token,S=w.refresh_token,R=w.token_type,A=w.scope,J=w.profile,H=w.expires_at,C=w.state;(function(W,x){if(!(W instanceof x))throw new TypeError("Cannot call a class as a function")})(this,b),this.id_token=h,this.session_state=l,this.access_token=u,this.refresh_token=S,this.token_type=R,this.scope=A,this.profile=J,this.expires_at=H,this.state=C}return b.prototype.toStorageString=function(){return d.Log.debug("User.toStorageString"),JSON.stringify({id_token:this.id_token,session_state:this.session_state,access_token:this.access_token,refresh_token:this.refresh_token,token_type:this.token_type,scope:this.scope,profile:this.profile,expires_at:this.expires_at})},b.fromStorageString=function(h){return d.Log.debug("User.fromStorageString"),new b(JSON.parse(h))},v(b,[{key:"expires_in",get:function(){if(this.expires_at){var h=parseInt(Date.now()/1e3);return this.expires_at-h}},set:function(h){var l=parseInt(h);if(typeof l=="number"&&l>0){var u=parseInt(Date.now()/1e3);this.expires_at=u+l}}},{key:"expired",get:function(){var h=this.expires_in;if(h!==void 0)return h<=0}},{key:"scopes",get:function(){return(this.scope||"").split(" ")}}]),b})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.AccessTokenEvents=void 0;var v=y(0),d=y(46);function b(w,h){if(!(w instanceof h))throw new TypeError("Cannot call a class as a function")}s.AccessTokenEvents=(function(){function w(){var h=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},l=h.accessTokenExpiringNotificationTime,u=l===void 0?60:l,S=h.accessTokenExpiringTimer,R=S===void 0?new d.Timer("Access token expiring"):S,A=h.accessTokenExpiredTimer,J=A===void 0?new d.Timer("Access token expired"):A;b(this,w),this._accessTokenExpiringNotificationTime=u,this._accessTokenExpiring=R,this._accessTokenExpired=J}return w.prototype.load=function(l){if(l.access_token&&l.expires_in!==void 0){var u=l.expires_in;if(v.Log.debug("AccessTokenEvents.load: access token present, remaining duration:",u),u>0){var S=u-this._accessTokenExpiringNotificationTime;S<=0&&(S=1),v.Log.debug("AccessTokenEvents.load: registering expiring timer in:",S),this._accessTokenExpiring.init(S)}else v.Log.debug("AccessTokenEvents.load: canceling existing expiring timer becase we're past expiration."),this._accessTokenExpiring.cancel();var R=u+1;v.Log.debug("AccessTokenEvents.load: registering expired timer in:",R),this._accessTokenExpired.init(R)}else this._accessTokenExpiring.cancel(),this._accessTokenExpired.cancel()},w.prototype.unload=function(){v.Log.debug("AccessTokenEvents.unload: canceling existing access token timers"),this._accessTokenExpiring.cancel(),this._accessTokenExpired.cancel()},w.prototype.addAccessTokenExpiring=function(l){this._accessTokenExpiring.addHandler(l)},w.prototype.removeAccessTokenExpiring=function(l){this._accessTokenExpiring.removeHandler(l)},w.prototype.addAccessTokenExpired=function(l){this._accessTokenExpired.addHandler(l)},w.prototype.removeAccessTokenExpired=function(l){this._accessTokenExpired.removeHandler(l)},w})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.Event=void 0;var v=y(0);s.Event=(function(){function d(b){(function(h,l){if(!(h instanceof l))throw new TypeError("Cannot call a class as a function")})(this,d),this._name=b,this._callbacks=[]}return d.prototype.addHandler=function(w){this._callbacks.push(w)},d.prototype.removeHandler=function(w){var h=this._callbacks.findIndex((function(l){return l===w}));h>=0&&this._callbacks.splice(h,1)},d.prototype.raise=function(){v.Log.debug("Event: Raising event: "+this._name);for(var w=0;w<this._callbacks.length;w++){var h;(h=this._callbacks)[w].apply(h,arguments)}},d})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.SessionMonitor=void 0;var v=(function(){function l(u,S){for(var R=0;R<S.length;R++){var A=S[R];A.enumerable=A.enumerable||!1,A.configurable=!0,"value"in A&&(A.writable=!0),Object.defineProperty(u,A.key,A)}}return function(u,S,R){return S&&l(u.prototype,S),R&&l(u,R),u}})(),d=y(0),b=y(19),w=y(1);function h(l,u){if(!(l instanceof u))throw new TypeError("Cannot call a class as a function")}s.SessionMonitor=(function(){function l(u){var S=this,R=arguments.length>1&&arguments[1]!==void 0?arguments[1]:b.CheckSessionIFrame,A=arguments.length>2&&arguments[2]!==void 0?arguments[2]:w.Global.timer;if(h(this,l),!u)throw d.Log.error("SessionMonitor.ctor: No user manager passed to SessionMonitor"),new Error("userManager");this._userManager=u,this._CheckSessionIFrameCtor=R,this._timer=A,this._userManager.events.addUserLoaded(this._start.bind(this)),this._userManager.events.addUserUnloaded(this._stop.bind(this)),Promise.resolve(this._userManager.getUser().then((function(J){J?S._start(J):S._settings.monitorAnonymousSession&&S._userManager.querySessionStatus().then((function(H){var C={session_state:H.session_state};H.sub&&H.sid&&(C.profile={sub:H.sub,sid:H.sid}),S._start(C)})).catch((function(H){d.Log.error("SessionMonitor ctor: error from querySessionStatus:",H.message)}))})).catch((function(J){d.Log.error("SessionMonitor ctor: error from getUser:",J.message)})))}return l.prototype._start=function(S){var R=this,A=S.session_state;A&&(S.profile?(this._sub=S.profile.sub,this._sid=S.profile.sid,d.Log.debug("SessionMonitor._start: session_state:",A,", sub:",this._sub)):(this._sub=void 0,this._sid=void 0,d.Log.debug("SessionMonitor._start: session_state:",A,", anonymous user")),this._checkSessionIFrame?this._checkSessionIFrame.start(A):this._metadataService.getCheckSessionIframe().then((function(J){if(J){d.Log.debug("SessionMonitor._start: Initializing check session iframe");var H=R._client_id,C=R._checkSessionInterval,U=R._stopCheckSessionOnError;R._checkSessionIFrame=new R._CheckSessionIFrameCtor(R._callback.bind(R),H,J,C,U),R._checkSessionIFrame.load().then((function(){R._checkSessionIFrame.start(A)}))}else d.Log.warn("SessionMonitor._start: No check session iframe found in the metadata")})).catch((function(J){d.Log.error("SessionMonitor._start: Error from getCheckSessionIframe:",J.message)})))},l.prototype._stop=function(){var S=this;if(this._sub=void 0,this._sid=void 0,this._checkSessionIFrame&&(d.Log.debug("SessionMonitor._stop"),this._checkSessionIFrame.stop()),this._settings.monitorAnonymousSession)var R=this._timer.setInterval((function(){S._timer.clearInterval(R),S._userManager.querySessionStatus().then((function(A){var J={session_state:A.session_state};A.sub&&A.sid&&(J.profile={sub:A.sub,sid:A.sid}),S._start(J)})).catch((function(A){d.Log.error("SessionMonitor: error from querySessionStatus:",A.message)}))}),1e3)},l.prototype._callback=function(){var S=this;this._userManager.querySessionStatus().then((function(R){var A=!0;R?R.sub===S._sub?(A=!1,S._checkSessionIFrame.start(R.session_state),R.sid===S._sid?d.Log.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",R.session_state):(d.Log.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",R.session_state),S._userManager.events._raiseUserSessionChanged())):d.Log.debug("SessionMonitor._callback: Different subject signed into OP:",R.sub):d.Log.debug("SessionMonitor._callback: Subject no longer signed into OP"),A&&(S._sub?(d.Log.debug("SessionMonitor._callback: SessionMonitor._callback; raising signed out event"),S._userManager.events._raiseUserSignedOut()):(d.Log.debug("SessionMonitor._callback: SessionMonitor._callback; raising signed in event"),S._userManager.events._raiseUserSignedIn()))})).catch((function(R){S._sub&&(d.Log.debug("SessionMonitor._callback: Error calling queryCurrentSigninSession; raising signed out event",R.message),S._userManager.events._raiseUserSignedOut())}))},v(l,[{key:"_settings",get:function(){return this._userManager.settings}},{key:"_metadataService",get:function(){return this._userManager.metadataService}},{key:"_client_id",get:function(){return this._settings.client_id}},{key:"_checkSessionInterval",get:function(){return this._settings.checkSessionInterval}},{key:"_stopCheckSessionOnError",get:function(){return this._settings.stopCheckSessionOnError}}]),l})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.CheckSessionIFrame=void 0;var v=y(0);function d(b,w){if(!(b instanceof w))throw new TypeError("Cannot call a class as a function")}s.CheckSessionIFrame=(function(){function b(w,h,l,u){var S=!(arguments.length>4&&arguments[4]!==void 0)||arguments[4];d(this,b),this._callback=w,this._client_id=h,this._url=l,this._interval=u||2e3,this._stopOnError=S;var R=l.indexOf("/",l.indexOf("//")+2);this._frame_origin=l.substr(0,R),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=l}return b.prototype.load=function(){var h=this;return new Promise((function(l){h._frame.onload=function(){l()},window.document.body.appendChild(h._frame),h._boundMessageEvent=h._message.bind(h),window.addEventListener("message",h._boundMessageEvent,!1)}))},b.prototype._message=function(h){h.origin===this._frame_origin&&h.source===this._frame.contentWindow&&(h.data==="error"?(v.Log.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):h.data==="changed"?(v.Log.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):v.Log.debug("CheckSessionIFrame: "+h.data+" message from check session op iframe"))},b.prototype.start=function(h){var l=this;if(this._session_state!==h){v.Log.debug("CheckSessionIFrame.start"),this.stop(),this._session_state=h;var u=function(){l._frame.contentWindow.postMessage(l._client_id+" "+l._session_state,l._frame_origin)};u(),this._timer=window.setInterval(u,this._interval)}},b.prototype.stop=function(){this._session_state=null,this._timer&&(v.Log.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)},b})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.TokenRevocationClient=void 0;var v=y(0),d=y(2),b=y(1);function w(u,S){if(!(u instanceof S))throw new TypeError("Cannot call a class as a function")}var h="access_token",l="refresh_token";s.TokenRevocationClient=(function(){function u(S){var R=arguments.length>1&&arguments[1]!==void 0?arguments[1]:b.Global.XMLHttpRequest,A=arguments.length>2&&arguments[2]!==void 0?arguments[2]:d.MetadataService;if(w(this,u),!S)throw v.Log.error("TokenRevocationClient.ctor: No settings provided"),new Error("No settings provided.");this._settings=S,this._XMLHttpRequestCtor=R,this._metadataService=new A(this._settings)}return u.prototype.revoke=function(R,A){var J=this,H=arguments.length>2&&arguments[2]!==void 0?arguments[2]:"access_token";if(!R)throw v.Log.error("TokenRevocationClient.revoke: No token provided"),new Error("No token provided.");if(H!==h&&H!=l)throw v.Log.error("TokenRevocationClient.revoke: Invalid token type"),new Error("Invalid token type.");return this._metadataService.getRevocationEndpoint().then((function(C){if(C){v.Log.debug("TokenRevocationClient.revoke: Revoking "+H);var U=J._settings.client_id,W=J._settings.client_secret;return J._revoke(C,U,W,R,H)}if(A)throw v.Log.error("TokenRevocationClient.revoke: Revocation not supported"),new Error("Revocation not supported")}))},u.prototype._revoke=function(R,A,J,H,C){var U=this;return new Promise((function(W,x){var B=new U._XMLHttpRequestCtor;B.open("POST",R),B.onload=function(){v.Log.debug("TokenRevocationClient.revoke: HTTP response received, status",B.status),B.status===200?W():x(Error(B.statusText+" ("+B.status+")"))},B.onerror=function(){v.Log.debug("TokenRevocationClient.revoke: Network Error."),x("Network Error")};var T="client_id="+encodeURIComponent(A);J&&(T+="&client_secret="+encodeURIComponent(J)),T+="&token_type_hint="+encodeURIComponent(C),T+="&token="+encodeURIComponent(H),B.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),B.send(T)}))},u})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.CordovaPopupWindow=void 0;var v=(function(){function b(w,h){for(var l=0;l<h.length;l++){var u=h[l];u.enumerable=u.enumerable||!1,u.configurable=!0,"value"in u&&(u.writable=!0),Object.defineProperty(w,u.key,u)}}return function(w,h,l){return h&&b(w.prototype,h),l&&b(w,l),w}})(),d=y(0);s.CordovaPopupWindow=(function(){function b(w){var h=this;(function(u,S){if(!(u instanceof S))throw new TypeError("Cannot call a class as a function")})(this,b),this._promise=new Promise((function(l,u){h._resolve=l,h._reject=u})),this.features=w.popupWindowFeatures||"location=no,toolbar=no,zoom=no",this.target=w.popupWindowTarget||"_blank",this.redirect_uri=w.startUrl,d.Log.debug("CordovaPopupWindow.ctor: redirect_uri: "+this.redirect_uri)}return b.prototype._isInAppBrowserInstalled=function(h){return["cordova-plugin-inappbrowser","cordova-plugin-inappbrowser.inappbrowser","org.apache.cordova.inappbrowser"].some((function(l){return h.hasOwnProperty(l)}))},b.prototype.navigate=function(h){if(h&&h.url){if(!window.cordova)return this._error("cordova is undefined");var l=window.cordova.require("cordova/plugin_list").metadata;if(this._isInAppBrowserInstalled(l)===!1)return this._error("InAppBrowser plugin not found");this._popup=cordova.InAppBrowser.open(h.url,this.target,this.features),this._popup?(d.Log.debug("CordovaPopupWindow.navigate: popup successfully created"),this._exitCallbackEvent=this._exitCallback.bind(this),this._loadStartCallbackEvent=this._loadStartCallback.bind(this),this._popup.addEventListener("exit",this._exitCallbackEvent,!1),this._popup.addEventListener("loadstart",this._loadStartCallbackEvent,!1)):this._error("Error opening popup window")}else this._error("No url provided");return this.promise},b.prototype._loadStartCallback=function(h){h.url.indexOf(this.redirect_uri)===0&&this._success({url:h.url})},b.prototype._exitCallback=function(h){this._error(h)},b.prototype._success=function(h){this._cleanup(),d.Log.debug("CordovaPopupWindow: Successful response from cordova popup window"),this._resolve(h)},b.prototype._error=function(h){this._cleanup(),d.Log.error(h),this._reject(new Error(h))},b.prototype.close=function(){this._cleanup()},b.prototype._cleanup=function(){this._popup&&(d.Log.debug("CordovaPopupWindow: cleaning up popup"),this._popup.removeEventListener("exit",this._exitCallbackEvent,!1),this._popup.removeEventListener("loadstart",this._loadStartCallbackEvent,!1),this._popup.close()),this._popup=null},v(b,[{key:"promise",get:function(){return this._promise}}]),b})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0});var v=y(0),d=y(10),b=y(5),w=y(6),h=y(37),l=y(38),u=y(16),S=y(2),R=y(48),A=y(49),J=y(19),H=y(20),C=y(18),U=y(1),W=y(15),x=y(50);s.default={Version:x.Version,Log:v.Log,OidcClient:d.OidcClient,OidcClientSettings:b.OidcClientSettings,WebStorageStateStore:w.WebStorageStateStore,InMemoryWebStorage:h.InMemoryWebStorage,UserManager:l.UserManager,AccessTokenEvents:u.AccessTokenEvents,MetadataService:S.MetadataService,CordovaPopupNavigator:R.CordovaPopupNavigator,CordovaIFrameNavigator:A.CordovaIFrameNavigator,CheckSessionIFrame:J.CheckSessionIFrame,TokenRevocationClient:H.TokenRevocationClient,SessionMonitor:C.SessionMonitor,Global:U.Global,User:W.User},c.exports=s.default},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.ClockService=(function(){function v(){(function(b,w){if(!(b instanceof w))throw new TypeError("Cannot call a class as a function")})(this,v)}return v.prototype.getEpochTime=function(){return Promise.resolve(Date.now()/1e3|0)},v})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.ResponseValidator=void 0;var v=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(A){return typeof A}:function(A){return A&&typeof Symbol=="function"&&A.constructor===Symbol&&A!==Symbol.prototype?"symbol":typeof A},d=y(0),b=y(2),w=y(25),h=y(11),l=y(12),u=y(4);function S(A,J){if(!(A instanceof J))throw new TypeError("Cannot call a class as a function")}var R=["nonce","at_hash","iat","nbf","exp","aud","iss","c_hash"];s.ResponseValidator=(function(){function A(J){var H=arguments.length>1&&arguments[1]!==void 0?arguments[1]:b.MetadataService,C=arguments.length>2&&arguments[2]!==void 0?arguments[2]:w.UserInfoService,U=arguments.length>3&&arguments[3]!==void 0?arguments[3]:u.JoseUtil,W=arguments.length>4&&arguments[4]!==void 0?arguments[4]:h.TokenClient;if(S(this,A),!J)throw d.Log.error("ResponseValidator.ctor: No settings passed to ResponseValidator"),new Error("settings");this._settings=J,this._metadataService=new H(this._settings),this._userInfoService=new C(this._settings),this._joseUtil=U,this._tokenClient=new W(this._settings)}return A.prototype.validateSigninResponse=function(H,C){var U=this;return d.Log.debug("ResponseValidator.validateSigninResponse"),this._processSigninParams(H,C).then((function(W){return d.Log.debug("ResponseValidator.validateSigninResponse: state processed"),U._validateTokens(H,W).then((function(x){return d.Log.debug("ResponseValidator.validateSigninResponse: tokens validated"),U._processClaims(H,x).then((function(B){return d.Log.debug("ResponseValidator.validateSigninResponse: claims processed"),B}))}))}))},A.prototype.validateSignoutResponse=function(H,C){return H.id!==C.state?(d.Log.error("ResponseValidator.validateSignoutResponse: State does not match"),Promise.reject(new Error("State does not match"))):(d.Log.debug("ResponseValidator.validateSignoutResponse: state validated"),C.state=H.data,C.error?(d.Log.warn("ResponseValidator.validateSignoutResponse: Response was error",C.error),Promise.reject(new l.ErrorResponse(C))):Promise.resolve(C))},A.prototype._processSigninParams=function(H,C){if(H.id!==C.state)return d.Log.error("ResponseValidator._processSigninParams: State does not match"),Promise.reject(new Error("State does not match"));if(!H.client_id)return d.Log.error("ResponseValidator._processSigninParams: No client_id on state"),Promise.reject(new Error("No client_id on state"));if(!H.authority)return d.Log.error("ResponseValidator._processSigninParams: No authority on state"),Promise.reject(new Error("No authority on state"));if(this._settings.authority){if(this._settings.authority&&this._settings.authority!==H.authority)return d.Log.error("ResponseValidator._processSigninParams: authority mismatch on settings vs. signin state"),Promise.reject(new Error("authority mismatch on settings vs. signin state"))}else this._settings.authority=H.authority;if(this._settings.client_id){if(this._settings.client_id&&this._settings.client_id!==H.client_id)return d.Log.error("ResponseValidator._processSigninParams: client_id mismatch on settings vs. signin state"),Promise.reject(new Error("client_id mismatch on settings vs. signin state"))}else this._settings.client_id=H.client_id;return d.Log.debug("ResponseValidator._processSigninParams: state validated"),C.state=H.data,C.error?(d.Log.warn("ResponseValidator._processSigninParams: Response was error",C.error),Promise.reject(new l.ErrorResponse(C))):H.nonce&&!C.id_token?(d.Log.error("ResponseValidator._processSigninParams: Expecting id_token in response"),Promise.reject(new Error("No id_token in response"))):!H.nonce&&C.id_token?(d.Log.error("ResponseValidator._processSigninParams: Not expecting id_token in response"),Promise.reject(new Error("Unexpected id_token in response"))):H.code_verifier&&!C.code?(d.Log.error("ResponseValidator._processSigninParams: Expecting code in response"),Promise.reject(new Error("No code in response"))):!H.code_verifier&&C.code?(d.Log.error("ResponseValidator._processSigninParams: Not expecting code in response"),Promise.reject(new Error("Unexpected code in response"))):(C.scope||(C.scope=H.scope),Promise.resolve(C))},A.prototype._processClaims=function(H,C){var U=this;if(C.isOpenIdConnect){if(d.Log.debug("ResponseValidator._processClaims: response is OIDC, processing claims"),C.profile=this._filterProtocolClaims(C.profile),H.skipUserInfo!==!0&&this._settings.loadUserInfo&&C.access_token)return d.Log.debug("ResponseValidator._processClaims: loading user info"),this._userInfoService.getClaims(C.access_token).then((function(W){return d.Log.debug("ResponseValidator._processClaims: user info claims received from user info endpoint"),W.sub!==C.profile.sub?(d.Log.error("ResponseValidator._processClaims: sub from user info endpoint does not match sub in id_token"),Promise.reject(new Error("sub from user info endpoint does not match sub in id_token"))):(C.profile=U._mergeClaims(C.profile,W),d.Log.debug("ResponseValidator._processClaims: user info claims received, updated profile:",C.profile),C)}));d.Log.debug("ResponseValidator._processClaims: not loading user info")}else d.Log.debug("ResponseValidator._processClaims: response is not OIDC, not processing claims");return Promise.resolve(C)},A.prototype._mergeClaims=function(H,C){var U=Object.assign({},H);for(var W in C){var x=C[W];Array.isArray(x)||(x=[x]);for(var B=0;B<x.length;B++){var T=x[B];U[W]?Array.isArray(U[W])?U[W].indexOf(T)<0&&U[W].push(T):U[W]!==T&&((T===void 0?"undefined":v(T))==="object"&&this._settings.mergeClaims?U[W]=this._mergeClaims(U[W],T):U[W]=[U[W],T]):U[W]=T}}return U},A.prototype._filterProtocolClaims=function(H){d.Log.debug("ResponseValidator._filterProtocolClaims, incoming claims:",H);var C=Object.assign({},H);return this._settings._filterProtocolClaims?(R.forEach((function(U){delete C[U]})),d.Log.debug("ResponseValidator._filterProtocolClaims: protocol claims filtered",C)):d.Log.debug("ResponseValidator._filterProtocolClaims: protocol claims not filtered"),C},A.prototype._validateTokens=function(H,C){return C.code?(d.Log.debug("ResponseValidator._validateTokens: Validating code"),this._processCode(H,C)):C.id_token?C.access_token?(d.Log.debug("ResponseValidator._validateTokens: Validating id_token and access_token"),this._validateIdTokenAndAccessToken(H,C)):(d.Log.debug("ResponseValidator._validateTokens: Validating id_token"),this._validateIdToken(H,C)):(d.Log.debug("ResponseValidator._validateTokens: No code to process or id_token to validate"),Promise.resolve(C))},A.prototype._processCode=function(H,C){var U=this,W={client_id:H.client_id,client_secret:H.client_secret,code:C.code,redirect_uri:H.redirect_uri,code_verifier:H.code_verifier};return H.extraTokenParams&&v(H.extraTokenParams)==="object"&&Object.assign(W,H.extraTokenParams),this._tokenClient.exchangeCode(W).then((function(x){for(var B in x)C[B]=x[B];return C.id_token?(d.Log.debug("ResponseValidator._processCode: token response successful, processing id_token"),U._validateIdTokenAttributes(H,C)):(d.Log.debug("ResponseValidator._processCode: token response successful, returning response"),C)}))},A.prototype._validateIdTokenAttributes=function(H,C){var U=this;return this._metadataService.getIssuer().then((function(W){var x=H.client_id,B=U._settings.clockSkew;return d.Log.debug("ResponseValidator._validateIdTokenAttributes: Validaing JWT attributes; using clock skew (in seconds) of: ",B),U._settings.getEpochTime().then((function(T){return U._joseUtil.validateJwtAttributes(C.id_token,W,x,B,T).then((function(I){return H.nonce&&H.nonce!==I.nonce?(d.Log.error("ResponseValidator._validateIdTokenAttributes: Invalid nonce in id_token"),Promise.reject(new Error("Invalid nonce in id_token"))):I.sub?(C.profile=I,C):(d.Log.error("ResponseValidator._validateIdTokenAttributes: No sub present in id_token"),Promise.reject(new Error("No sub present in id_token")))}))}))}))},A.prototype._validateIdTokenAndAccessToken=function(H,C){var U=this;return this._validateIdToken(H,C).then((function(W){return U._validateAccessToken(W)}))},A.prototype._getSigningKeyForJwt=function(H){var C=this;return this._metadataService.getSigningKeys().then((function(U){var W=H.header.kid;if(!U)return d.Log.error("ResponseValidator._validateIdToken: No signing keys from metadata"),Promise.reject(new Error("No signing keys from metadata"));d.Log.debug("ResponseValidator._validateIdToken: Received signing keys");var x=void 0;if(W)x=U.filter((function(B){return B.kid===W}))[0];else{if((U=C._filterByAlg(U,H.header.alg)).length>1)return d.Log.error("ResponseValidator._validateIdToken: No kid found in id_token and more than one key found in metadata"),Promise.reject(new Error("No kid found in id_token and more than one key found in metadata"));x=U[0]}return Promise.resolve(x)}))},A.prototype._getSigningKeyForJwtWithSingleRetry=function(H){var C=this;return this._getSigningKeyForJwt(H).then((function(U){return U?Promise.resolve(U):(C._metadataService.resetSigningKeys(),C._getSigningKeyForJwt(H))}))},A.prototype._validateIdToken=function(H,C){var U=this;if(!H.nonce)return d.Log.error("ResponseValidator._validateIdToken: No nonce on state"),Promise.reject(new Error("No nonce on state"));var W=this._joseUtil.parseJwt(C.id_token);return W&&W.header&&W.payload?H.nonce!==W.payload.nonce?(d.Log.error("ResponseValidator._validateIdToken: Invalid nonce in id_token"),Promise.reject(new Error("Invalid nonce in id_token"))):this._metadataService.getIssuer().then((function(x){return d.Log.debug("ResponseValidator._validateIdToken: Received issuer"),U._getSigningKeyForJwtWithSingleRetry(W).then((function(B){if(!B)return d.Log.error("ResponseValidator._validateIdToken: No key matching kid or alg found in signing keys"),Promise.reject(new Error("No key matching kid or alg found in signing keys"));var T=H.client_id,I=U._settings.clockSkew;return d.Log.debug("ResponseValidator._validateIdToken: Validaing JWT; using clock skew (in seconds) of: ",I),U._joseUtil.validateJwt(C.id_token,B,x,T,I).then((function(){return d.Log.debug("ResponseValidator._validateIdToken: JWT validation successful"),W.payload.sub?(C.profile=W.payload,C):(d.Log.error("ResponseValidator._validateIdToken: No sub present in id_token"),Promise.reject(new Error("No sub present in id_token")))}))}))})):(d.Log.error("ResponseValidator._validateIdToken: Failed to parse id_token",W),Promise.reject(new Error("Failed to parse id_token")))},A.prototype._filterByAlg=function(H,C){var U=null;if(C.startsWith("RS"))U="RSA";else if(C.startsWith("PS"))U="PS";else{if(!C.startsWith("ES"))return d.Log.debug("ResponseValidator._filterByAlg: alg not supported: ",C),[];U="EC"}return d.Log.debug("ResponseValidator._filterByAlg: Looking for keys that match kty: ",U),H=H.filter((function(W){return W.kty===U})),d.Log.debug("ResponseValidator._filterByAlg: Number of keys that match kty: ",U,H.length),H},A.prototype._validateAccessToken=function(H){if(!H.profile)return d.Log.error("ResponseValidator._validateAccessToken: No profile loaded from id_token"),Promise.reject(new Error("No profile loaded from id_token"));if(!H.profile.at_hash)return d.Log.error("ResponseValidator._validateAccessToken: No at_hash in id_token"),Promise.reject(new Error("No at_hash in id_token"));if(!H.id_token)return d.Log.error("ResponseValidator._validateAccessToken: No id_token"),Promise.reject(new Error("No id_token"));var C=this._joseUtil.parseJwt(H.id_token);if(!C||!C.header)return d.Log.error("ResponseValidator._validateAccessToken: Failed to parse id_token",C),Promise.reject(new Error("Failed to parse id_token"));var U=C.header.alg;if(!U||U.length!==5)return d.Log.error("ResponseValidator._validateAccessToken: Unsupported alg:",U),Promise.reject(new Error("Unsupported alg: "+U));var W=U.substr(2,3);if(!W)return d.Log.error("ResponseValidator._validateAccessToken: Unsupported alg:",U,W),Promise.reject(new Error("Unsupported alg: "+U));if((W=parseInt(W))!==256&&W!==384&&W!==512)return d.Log.error("ResponseValidator._validateAccessToken: Unsupported alg:",U,W),Promise.reject(new Error("Unsupported alg: "+U));var x="sha"+W,B=this._joseUtil.hashString(H.access_token,x);if(!B)return d.Log.error("ResponseValidator._validateAccessToken: access_token hash failed:",x),Promise.reject(new Error("Failed to validate at_hash"));var T=B.substr(0,B.length/2),I=this._joseUtil.hexToBase64Url(T);return I!==H.profile.at_hash?(d.Log.error("ResponseValidator._validateAccessToken: Failed to validate at_hash",I,H.profile.at_hash),Promise.reject(new Error("Failed to validate at_hash"))):(d.Log.debug("ResponseValidator._validateAccessToken: success"),Promise.resolve(H))},A})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.UserInfoService=void 0;var v=y(7),d=y(2),b=y(0),w=y(4);function h(l,u){if(!(l instanceof u))throw new TypeError("Cannot call a class as a function")}s.UserInfoService=(function(){function l(u){var S=arguments.length>1&&arguments[1]!==void 0?arguments[1]:v.JsonService,R=arguments.length>2&&arguments[2]!==void 0?arguments[2]:d.MetadataService,A=arguments.length>3&&arguments[3]!==void 0?arguments[3]:w.JoseUtil;if(h(this,l),!u)throw b.Log.error("UserInfoService.ctor: No settings passed"),new Error("settings");this._settings=u,this._jsonService=new S(void 0,void 0,this._getClaimsFromJwt.bind(this)),this._metadataService=new R(this._settings),this._joseUtil=A}return l.prototype.getClaims=function(S){var R=this;return S?this._metadataService.getUserInfoEndpoint().then((function(A){return b.Log.debug("UserInfoService.getClaims: received userinfo url",A),R._jsonService.getJson(A,S).then((function(J){return b.Log.debug("UserInfoService.getClaims: claims received",J),J}))})):(b.Log.error("UserInfoService.getClaims: No token passed"),Promise.reject(new Error("A token is required")))},l.prototype._getClaimsFromJwt=function(S){var R=this;try{var A=this._joseUtil.parseJwt(S.responseText);if(!A||!A.header||!A.payload)return b.Log.error("UserInfoService._getClaimsFromJwt: Failed to parse JWT",A),Promise.reject(new Error("Failed to parse id_token"));var J=A.header.kid,H=void 0;switch(this._settings.userInfoJwtIssuer){case"OP":H=this._metadataService.getIssuer();break;case"ANY":H=Promise.resolve(A.payload.iss);break;default:H=Promise.resolve(this._settings.userInfoJwtIssuer)}return H.then((function(C){return b.Log.debug("UserInfoService._getClaimsFromJwt: Received issuer:"+C),R._metadataService.getSigningKeys().then((function(U){if(!U)return b.Log.error("UserInfoService._getClaimsFromJwt: No signing keys from metadata"),Promise.reject(new Error("No signing keys from metadata"));b.Log.debug("UserInfoService._getClaimsFromJwt: Received signing keys");var W=void 0;if(J)W=U.filter((function(T){return T.kid===J}))[0];else{if((U=R._filterByAlg(U,A.header.alg)).length>1)return b.Log.error("UserInfoService._getClaimsFromJwt: No kid found in id_token and more than one key found in metadata"),Promise.reject(new Error("No kid found in id_token and more than one key found in metadata"));W=U[0]}if(!W)return b.Log.error("UserInfoService._getClaimsFromJwt: No key matching kid or alg found in signing keys"),Promise.reject(new Error("No key matching kid or alg found in signing keys"));var x=R._settings.client_id,B=R._settings.clockSkew;return b.Log.debug("UserInfoService._getClaimsFromJwt: Validaing JWT; using clock skew (in seconds) of: ",B),R._joseUtil.validateJwt(S.responseText,W,C,x,B,void 0,!0).then((function(){return b.Log.debug("UserInfoService._getClaimsFromJwt: JWT validation successful"),A.payload}))}))}))}catch(C){return b.Log.error("UserInfoService._getClaimsFromJwt: Error parsing JWT response",C.message),void reject(C)}},l.prototype._filterByAlg=function(S,R){var A=null;if(R.startsWith("RS"))A="RSA";else if(R.startsWith("PS"))A="PS";else{if(!R.startsWith("ES"))return b.Log.debug("UserInfoService._filterByAlg: alg not supported: ",R),[];A="EC"}return b.Log.debug("UserInfoService._filterByAlg: Looking for keys that match kty: ",A),S=S.filter((function(J){return J.kty===A})),b.Log.debug("UserInfoService._filterByAlg: Number of keys that match kty: ",A,S.length),S},l})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.AllowedSigningAlgs=s.b64tohex=s.hextob64u=s.crypto=s.X509=s.KeyUtil=s.jws=void 0;var v=y(27);s.jws=v.jws,s.KeyUtil=v.KEYUTIL,s.X509=v.X509,s.crypto=v.crypto,s.hextob64u=v.hextob64u,s.b64tohex=v.b64tohex,s.AllowedSigningAlgs=["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"]},function(c,s,y){(function(v){Object.defineProperty(s,"__esModule",{value:!0});var d,b,w,h,l,u,S,R,A,J,H,C=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(t){return typeof t}:function(t){return t&&typeof Symbol=="function"&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t},U={},W={},x=x||(d=Math,w=(b={}).lib={},h=w.Base=(function(){function t(){}return{extend:function(r){t.prototype=this;var n=new t;return r&&n.mixIn(r),n.hasOwnProperty("init")||(n.init=function(){n.$super.init.apply(this,arguments)}),n.init.prototype=n,n.$super=this,n},create:function(){var r=this.extend();return r.init.apply(r,arguments),r},init:function(){},mixIn:function(r){for(var n in r)r.hasOwnProperty(n)&&(this[n]=r[n]);r.hasOwnProperty("toString")&&(this.toString=r.toString)},clone:function(){return this.init.prototype.extend(this)}}})(),l=w.WordArray=h.extend({init:function(e,r){e=this.words=e||[],this.sigBytes=r??4*e.length},toString:function(e){return(e||S).stringify(this)},concat:function(e){var r=this.words,n=e.words,a=this.sigBytes,f=e.sigBytes;if(this.clamp(),a%4)for(var _=0;_<f;_++){var P=n[_>>>2]>>>24-_%4*8&255;r[a+_>>>2]|=P<<24-(a+_)%4*8}else for(_=0;_<f;_+=4)r[a+_>>>2]=n[_>>>2];return this.sigBytes+=f,this},clamp:function(){var e=this.words,r=this.sigBytes;e[r>>>2]&=4294967295<<32-r%4*8,e.length=d.ceil(r/4)},clone:function(){var e=h.clone.call(this);return e.words=this.words.slice(0),e},random:function(e){for(var r=[],n=0;n<e;n+=4)r.push(4294967296*d.random()|0);return new l.init(r,e)}}),u=b.enc={},S=u.Hex={stringify:function(e){for(var r=e.words,n=e.sigBytes,a=[],f=0;f<n;f++){var _=r[f>>>2]>>>24-f%4*8&255;a.push((_>>>4).toString(16)),a.push((15&_).toString(16))}return a.join("")},parse:function(e){for(var r=e.length,n=[],a=0;a<r;a+=2)n[a>>>3]|=parseInt(e.substr(a,2),16)<<24-a%8*4;return new l.init(n,r/2)}},R=u.Latin1={stringify:function(e){for(var r=e.words,n=e.sigBytes,a=[],f=0;f<n;f++){var _=r[f>>>2]>>>24-f%4*8&255;a.push(String.fromCharCode(_))}return a.join("")},parse:function(e){for(var r=e.length,n=[],a=0;a<r;a++)n[a>>>2]|=(255&e.charCodeAt(a))<<24-a%4*8;return new l.init(n,r)}},A=u.Utf8={stringify:function(e){try{return decodeURIComponent(escape(R.stringify(e)))}catch{throw new Error("Malformed UTF-8 data")}},parse:function(e){return R.parse(unescape(encodeURIComponent(e)))}},J=w.BufferedBlockAlgorithm=h.extend({reset:function(){this._data=new l.init,this._nDataBytes=0},_append:function(e){typeof e=="string"&&(e=A.parse(e)),this._data.concat(e),this._nDataBytes+=e.sigBytes},_process:function(e){var r=this._data,n=r.words,a=r.sigBytes,f=this.blockSize,_=a/(4*f),P=(_=e?d.ceil(_):d.max((0|_)-this._minBufferSize,0))*f,F=d.min(4*P,a);if(P){for(var k=0;k<P;k+=f)this._doProcessBlock(n,k);var D=n.splice(0,P);r.sigBytes-=F}return new l.init(D,F)},clone:function(){var e=h.clone.call(this);return e._data=this._data.clone(),e},_minBufferSize:0}),w.Hasher=J.extend({cfg:h.extend(),init:function(e){this.cfg=this.cfg.extend(e),this.reset()},reset:function(){J.reset.call(this),this._doReset()},update:function(e){return this._append(e),this._process(),this},finalize:function(e){return e&&this._append(e),this._doFinalize()},blockSize:16,_createHelper:function(e){return function(r,n){return new e.init(n).finalize(r)}},_createHmacHelper:function(e){return function(r,n){return new H.HMAC.init(e,n).finalize(r)}}}),H=b.algo={},b);(function(t){var e,r=(e=x).lib,n=r.Base,a=r.WordArray;(e=e.x64={}).Word=n.extend({init:function(_,P){this.high=_,this.low=P}}),e.WordArray=n.extend({init:function(_,P){_=this.words=_||[],this.sigBytes=P??8*_.length},toX32:function(){for(var _=this.words,P=_.length,F=[],k=0;k<P;k++){var D=_[k];F.push(D.high),F.push(D.low)}return a.create(F,this.sigBytes)},clone:function(){for(var _=n.clone.call(this),P=_.words=this.words.slice(0),F=P.length,k=0;k<F;k++)P[k]=P[k].clone();return _}})})(),(function(){var t=x,e=t.lib.WordArray;t.enc.Base64={stringify:function(n){var a=n.words,f=n.sigBytes,_=this._map;n.clamp(),n=[];for(var P=0;P<f;P+=3)for(var F=(a[P>>>2]>>>24-P%4*8&255)<<16|(a[P+1>>>2]>>>24-(P+1)%4*8&255)<<8|a[P+2>>>2]>>>24-(P+2)%4*8&255,k=0;4>k&&P+.75*k<f;k++)n.push(_.charAt(F>>>6*(3-k)&63));if(a=_.charAt(64))for(;n.length%4;)n.push(a);return n.join("")},parse:function(n){var a=n.length,f=this._map;(_=f.charAt(64))&&(_=n.indexOf(_))!=-1&&(a=_);for(var _=[],P=0,F=0;F<a;F++)if(F%4){var k=f.indexOf(n.charAt(F-1))<<F%4*2,D=f.indexOf(n.charAt(F))>>>6-F%4*2;_[P>>>2]|=(k|D)<<24-P%4*8,P++}return e.create(_,P)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="}})(),(function(t){for(var e=x,r=(a=e.lib).WordArray,n=a.Hasher,a=e.algo,f=[],_=[],P=function(Z){return 4294967296*(Z-(0|Z))|0},F=2,k=0;64>k;){var D;e:{D=F;for(var O=t.sqrt(D),V=2;V<=O;V++)if(!(D%V)){D=!1;break e}D=!0}D&&(8>k&&(f[k]=P(t.pow(F,.5))),_[k]=P(t.pow(F,1/3)),k++),F++}var z=[];a=a.SHA256=n.extend({_doReset:function(){this._hash=new r.init(f.slice(0))},_doProcessBlock:function(Z,ee){for(var m=this._hash.words,L=m[0],M=m[1],K=m[2],Y=m[3],te=m[4],ue=m[5],oe=m[6],ge=m[7],ae=0;64>ae;ae++){if(16>ae)z[ae]=0|Z[ee+ae];else{var he=z[ae-15],be=z[ae-2];z[ae]=((he<<25|he>>>7)^(he<<14|he>>>18)^he>>>3)+z[ae-7]+((be<<15|be>>>17)^(be<<13|be>>>19)^be>>>10)+z[ae-16]}he=ge+((te<<26|te>>>6)^(te<<21|te>>>11)^(te<<7|te>>>25))+(te&ue^~te&oe)+_[ae]+z[ae],be=((L<<30|L>>>2)^(L<<19|L>>>13)^(L<<10|L>>>22))+(L&M^L&K^M&K),ge=oe,oe=ue,ue=te,te=Y+he|0,Y=K,K=M,M=L,L=he+be|0}m[0]=m[0]+L|0,m[1]=m[1]+M|0,m[2]=m[2]+K|0,m[3]=m[3]+Y|0,m[4]=m[4]+te|0,m[5]=m[5]+ue|0,m[6]=m[6]+oe|0,m[7]=m[7]+ge|0},_doFinalize:function(){var Z=this._data,ee=Z.words,m=8*this._nDataBytes,L=8*Z.sigBytes;return ee[L>>>5]|=128<<24-L%32,ee[14+(L+64>>>9<<4)]=t.floor(m/4294967296),ee[15+(L+64>>>9<<4)]=m,Z.sigBytes=4*ee.length,this._process(),this._hash},clone:function(){var Z=n.clone.call(this);return Z._hash=this._hash.clone(),Z}}),e.SHA256=n._createHelper(a),e.HmacSHA256=n._createHmacHelper(a)})(Math),(function(){function t(){return n.create.apply(n,arguments)}for(var e=x,r=e.lib.Hasher,n=(f=e.x64).Word,a=f.WordArray,f=e.algo,_=[t(1116352408,3609767458),t(1899447441,602891725),t(3049323471,3964484399),t(3921009573,2173295548),t(961987163,4081628472),t(1508970993,3053834265),t(2453635748,2937671579),t(2870763221,3664609560),t(3624381080,2734883394),t(310598401,1164996542),t(607225278,1323610764),t(1426881987,3590304994),t(1925078388,4068182383),t(2162078206,991336113),t(2614888103,633803317),t(3248222580,3479774868),t(3835390401,2666613458),t(4022224774,944711139),t(264347078,2341262773),t(604807628,2007800933),t(770255983,1495990901),t(1249150122,1856431235),t(1555081692,3175218132),t(1996064986,2198950837),t(2554220882,3999719339),t(2821834349,766784016),t(2952996808,2566594879),t(3210313671,3203337956),t(3336571891,1034457026),t(3584528711,2466948901),t(113926993,3758326383),t(338241895,168717936),t(666307205,1188179964),t(773529912,1546045734),t(1294757372,1522805485),t(1396182291,2643833823),t(1695183700,2343527390),t(1986661051,1014477480),t(2177026350,1206759142),t(2456956037,344077627),t(2730485921,1290863460),t(2820302411,3158454273),t(3259730800,3505952657),t(3345764771,106217008),t(3516065817,3606008344),t(3600352804,1432725776),t(4094571909,1467031594),t(275423344,851169720),t(430227734,3100823752),t(506948616,1363258195),t(659060556,3750685593),t(883997877,3785050280),t(958139571,3318307427),t(1322822218,3812723403),t(1537002063,2003034995),t(1747873779,3602036899),t(1955562222,1575990012),t(2024104815,1125592928),t(2227730452,2716904306),t(2361852424,442776044),t(2428436474,593698344),t(2756734187,3733110249),t(3204031479,2999351573),t(3329325298,3815920427),t(3391569614,3928383900),t(3515267271,566280711),t(3940187606,3454069534),t(4118630271,4000239992),t(116418474,1914138554),t(174292421,2731055270),t(289380356,3203993006),t(460393269,320620315),t(685471733,587496836),t(852142971,1086792851),t(1017036298,365543100),t(1126000580,2618297676),t(1288033470,3409855158),t(1501505948,4234509866),t(1607167915,987167468),t(1816402316,1246189591)],P=[],F=0;80>F;F++)P[F]=t();f=f.SHA512=r.extend({_doReset:function(){this._hash=new a.init([new n.init(1779033703,4089235720),new n.init(3144134277,2227873595),new n.init(1013904242,4271175723),new n.init(2773480762,1595750129),new n.init(1359893119,2917565137),new n.init(2600822924,725511199),new n.init(528734635,4215389547),new n.init(1541459225,327033209)])},_doProcessBlock:function(D,O){for(var V=(M=this._hash.words)[0],z=M[1],G=M[2],Z=M[3],ee=M[4],m=M[5],L=M[6],M=M[7],K=V.high,Y=V.low,te=z.high,ue=z.low,oe=G.high,ge=G.low,ae=Z.high,he=Z.low,be=ee.high,Ae=ee.low,Fe=m.high,at=m.low,Qe=L.high,Ze=L.low,Ce=M.high,Be=M.low,Je=K,et=Y,Gt=te,Lt=ue,Yt=oe,Nt=ge,Pr=ae,Xt=he,pt=be,dt=Ae,dr=Fe,Qt=at,fr=Qe,Zt=Ze,Tr=Ce,er=Be,yt=0;80>yt;yt++){var Tt=P[yt];if(16>yt)var xt=Tt.high=0|D[O+2*yt],ke=Tt.low=0|D[O+2*yt+1];else{xt=((ke=(xt=P[yt-15]).high)>>>1|(At=xt.low)<<31)^(ke>>>8|At<<24)^ke>>>7;var At=(At>>>1|ke<<31)^(At>>>8|ke<<24)^(At>>>7|ke<<25),Ot=((ke=(Ot=P[yt-2]).high)>>>19|(Me=Ot.low)<<13)^(ke<<3|Me>>>29)^ke>>>6,Me=(Me>>>19|ke<<13)^(Me<<3|ke>>>29)^(Me>>>6|ke<<26),Ir=(ke=P[yt-7]).high,It=(Rt=P[yt-16]).high,Rt=Rt.low;xt=(xt=(xt=xt+Ir+((ke=At+ke.low)>>>0<At>>>0?1:0))+Ot+((ke=ke+Me)>>>0<Me>>>0?1:0))+It+((ke=ke+Rt)>>>0<Rt>>>0?1:0),Tt.high=xt,Tt.low=ke}Ir=pt&dr^~pt&fr,Rt=dt&Qt^~dt&Zt,Tt=Je&Gt^Je&Yt^Gt&Yt;var Li=et&Lt^et&Nt^Lt&Nt,Ni=(At=(Je>>>28|et<<4)^(Je<<30|et>>>2)^(Je<<25|et>>>7),Ot=(et>>>28|Je<<4)^(et<<30|Je>>>2)^(et<<25|Je>>>7),(Me=_[yt]).high),En=Me.low;It=Tr+((pt>>>14|dt<<18)^(pt>>>18|dt<<14)^(pt<<23|dt>>>9))+((Me=er+((dt>>>14|pt<<18)^(dt>>>18|pt<<14)^(dt<<23|pt>>>9)))>>>0<er>>>0?1:0),Tr=fr,er=Zt,fr=dr,Zt=Qt,dr=pt,Qt=dt,pt=Pr+(It=(It=(It=It+Ir+((Me=Me+Rt)>>>0<Rt>>>0?1:0))+Ni+((Me=Me+En)>>>0<En>>>0?1:0))+xt+((Me=Me+ke)>>>0<ke>>>0?1:0))+((dt=Xt+Me|0)>>>0<Xt>>>0?1:0)|0,Pr=Yt,Xt=Nt,Yt=Gt,Nt=Lt,Gt=Je,Lt=et,Je=It+(Tt=At+Tt+((ke=Ot+Li)>>>0<Ot>>>0?1:0))+((et=Me+ke|0)>>>0<Me>>>0?1:0)|0}Y=V.low=Y+et,V.high=K+Je+(Y>>>0<et>>>0?1:0),ue=z.low=ue+Lt,z.high=te+Gt+(ue>>>0<Lt>>>0?1:0),ge=G.low=ge+Nt,G.high=oe+Yt+(ge>>>0<Nt>>>0?1:0),he=Z.low=he+Xt,Z.high=ae+Pr+(he>>>0<Xt>>>0?1:0),Ae=ee.low=Ae+dt,ee.high=be+pt+(Ae>>>0<dt>>>0?1:0),at=m.low=at+Qt,m.high=Fe+dr+(at>>>0<Qt>>>0?1:0),Ze=L.low=Ze+Zt,L.high=Qe+fr+(Ze>>>0<Zt>>>0?1:0),Be=M.low=Be+er,M.high=Ce+Tr+(Be>>>0<er>>>0?1:0)},_doFinalize:function(){var D=this._data,O=D.words,V=8*this._nDataBytes,z=8*D.sigBytes;return O[z>>>5]|=128<<24-z%32,O[30+(z+128>>>10<<5)]=Math.floor(V/4294967296),O[31+(z+128>>>10<<5)]=V,D.sigBytes=4*O.length,this._process(),this._hash.toX32()},clone:function(){var D=r.clone.call(this);return D._hash=this._hash.clone(),D},blockSize:32}),e.SHA512=r._createHelper(f),e.HmacSHA512=r._createHmacHelper(f)})(),(function(){var t=x,e=(a=t.x64).Word,r=a.WordArray,n=(a=t.algo).SHA512,a=a.SHA384=n.extend({_doReset:function(){this._hash=new r.init([new e.init(3418070365,3238371032),new e.init(1654270250,914150663),new e.init(2438529370,812702999),new e.init(355462360,4144912697),new e.init(1731405415,4290775857),new e.init(2394180231,1750603025),new e.init(3675008525,1694076839),new e.init(1203062813,3204075428)])},_doFinalize:function(){var _=n._doFinalize.call(this);return _.sigBytes-=16,_}});t.SHA384=n._createHelper(a),t.HmacSHA384=n._createHmacHelper(a)})();var B,T="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";function I(t){var e,r,n="";for(e=0;e+3<=t.length;e+=3)r=parseInt(t.substring(e,e+3),16),n+=T.charAt(r>>6)+T.charAt(63&r);for(e+1==t.length?(r=parseInt(t.substring(e,e+1),16),n+=T.charAt(r<<2)):e+2==t.length&&(r=parseInt(t.substring(e,e+2),16),n+=T.charAt(r>>2)+T.charAt((3&r)<<4)),"=";(3&n.length)>0;)n+="=";return n}function Q(t){var e,r,n,a="",f=0;for(e=0;e<t.length&&t.charAt(e)!="=";++e)(n=T.indexOf(t.charAt(e)))<0||(f==0?(a+=Re(n>>2),r=3&n,f=1):f==1?(a+=Re(r<<2|n>>4),r=15&n,f=2):f==2?(a+=Re(r),a+=Re(n>>2),r=3&n,f=3):(a+=Re(r<<2|n>>4),a+=Re(15&n),f=0));return f==1&&(a+=Re(r<<2)),a}function ne(t){var e,r=Q(t),n=new Array;for(e=0;2*e<r.length;++e)n[e]=parseInt(r.substring(2*e,2*e+2),16);return n}function N(t,e,r){t!=null&&(typeof t=="number"?this.fromNumber(t,e,r):e==null&&typeof t!="string"?this.fromString(t,256):this.fromString(t,e))}function ie(){return new N(null)}U.appName=="Microsoft Internet Explorer"?(N.prototype.am=function(e,r,n,a,f,_){for(var P=32767&r,F=r>>15;--_>=0;){var k=32767&this[e],D=this[e++]>>15,O=F*k+D*P;f=((k=P*k+((32767&O)<<15)+n[a]+(1073741823&f))>>>30)+(O>>>15)+F*D+(f>>>30),n[a++]=1073741823&k}return f},B=30):U.appName!="Netscape"?(N.prototype.am=function(e,r,n,a,f,_){for(;--_>=0;){var P=r*this[e++]+n[a]+f;f=Math.floor(P/67108864),n[a++]=67108863&P}return f},B=26):(N.prototype.am=function(e,r,n,a,f,_){for(var P=16383&r,F=r>>14;--_>=0;){var k=16383&this[e],D=this[e++]>>14,O=F*k+D*P;f=((k=P*k+((16383&O)<<14)+n[a]+f)>>28)+(O>>14)+F*D,n[a++]=268435455&k}return f},B=28),N.prototype.DB=B,N.prototype.DM=(1<<B)-1,N.prototype.DV=1<<B,N.prototype.FV=Math.pow(2,52),N.prototype.F1=52-B,N.prototype.F2=2*B-52;var ye,me,je=new Array;for(ye=48,me=0;me<=9;++me)je[ye++]=me;for(ye=97,me=10;me<36;++me)je[ye++]=me;for(ye=65,me=10;me<36;++me)je[ye++]=me;function Re(t){return"0123456789abcdefghijklmnopqrstuvwxyz".charAt(t)}function ze(t,e){var r=je[t.charCodeAt(e)];return r??-1}function Le(t){var e=ie();return e.fromInt(t),e}function Ge(t){var e,r=1;return(e=t>>>16)!=0&&(t=e,r+=16),(e=t>>8)!=0&&(t=e,r+=8),(e=t>>4)!=0&&(t=e,r+=4),(e=t>>2)!=0&&(t=e,r+=2),(e=t>>1)!=0&&(t=e,r+=1),r}function fe(t){this.m=t}function ve(t){this.m=t,this.mp=t.invDigit(),this.mpl=32767&this.mp,this.mph=this.mp>>15,this.um=(1<<t.DB-15)-1,this.mt2=2*t.t}function We(t,e){return t&e}function Ye(t,e){return t|e}function rt(t,e){return t^e}function nt(t,e){return t&~e}function ct(t){if(t==0)return-1;var e=0;return(65535&t)==0&&(t>>=16,e+=16),(255&t)==0&&(t>>=8,e+=8),(15&t)==0&&(t>>=4,e+=4),(3&t)==0&&(t>>=2,e+=2),(1&t)==0&&++e,e}function Et(t){for(var e=0;t!=0;)t&=t-1,++e;return e}function Xe(){}function it(t){return t}function Ke(t){this.r2=ie(),this.q3=ie(),N.ONE.dlShiftTo(2*t.t,this.r2),this.mu=this.r2.divide(t),this.m=t}fe.prototype.convert=function(e){return e.s<0||e.compareTo(this.m)>=0?e.mod(this.m):e},fe.prototype.revert=function(e){return e},fe.prototype.reduce=function(e){e.divRemTo(this.m,null,e)},fe.prototype.mulTo=function(e,r,n){e.multiplyTo(r,n),this.reduce(n)},fe.prototype.sqrTo=function(e,r){e.squareTo(r),this.reduce(r)},ve.prototype.convert=function(e){var r=ie();return e.abs().dlShiftTo(this.m.t,r),r.divRemTo(this.m,null,r),e.s<0&&r.compareTo(N.ZERO)>0&&this.m.subTo(r,r),r},ve.prototype.revert=function(e){var r=ie();return e.copyTo(r),this.reduce(r),r},ve.prototype.reduce=function(e){for(;e.t<=this.mt2;)e[e.t++]=0;for(var r=0;r<this.m.t;++r){var n=32767&e[r],a=n*this.mpl+((n*this.mph+(e[r]>>15)*this.mpl&this.um)<<15)&e.DM;for(e[n=r+this.m.t]+=this.m.am(0,a,e,r,0,this.m.t);e[n]>=e.DV;)e[n]-=e.DV,e[++n]++}e.clamp(),e.drShiftTo(this.m.t,e),e.compareTo(this.m)>=0&&e.subTo(this.m,e)},ve.prototype.mulTo=function(e,r,n){e.multiplyTo(r,n),this.reduce(n)},ve.prototype.sqrTo=function(e,r){e.squareTo(r),this.reduce(r)},N.prototype.copyTo=function(e){for(var r=this.t-1;r>=0;--r)e[r]=this[r];e.t=this.t,e.s=this.s},N.prototype.fromInt=function(e){this.t=1,this.s=e<0?-1:0,e>0?this[0]=e:e<-1?this[0]=e+this.DV:this.t=0},N.prototype.fromString=function(e,r){var n;if(r==16)n=4;else if(r==8)n=3;else if(r==256)n=8;else if(r==2)n=1;else if(r==32)n=5;else{if(r!=4)return void this.fromRadix(e,r);n=2}this.t=0,this.s=0;for(var a=e.length,f=!1,_=0;--a>=0;){var P=n==8?255&e[a]:ze(e,a);P<0?e.charAt(a)=="-"&&(f=!0):(f=!1,_==0?this[this.t++]=P:_+n>this.DB?(this[this.t-1]|=(P&(1<<this.DB-_)-1)<<_,this[this.t++]=P>>this.DB-_):this[this.t-1]|=P<<_,(_+=n)>=this.DB&&(_-=this.DB))}n==8&&(128&e[0])!=0&&(this.s=-1,_>0&&(this[this.t-1]|=(1<<this.DB-_)-1<<_)),this.clamp(),f&&N.ZERO.subTo(this,this)},N.prototype.clamp=function(){for(var e=this.s&this.DM;this.t>0&&this[this.t-1]==e;)--this.t},N.prototype.dlShiftTo=function(e,r){var n;for(n=this.t-1;n>=0;--n)r[n+e]=this[n];for(n=e-1;n>=0;--n)r[n]=0;r.t=this.t+e,r.s=this.s},N.prototype.drShiftTo=function(e,r){for(var n=e;n<this.t;++n)r[n-e]=this[n];r.t=Math.max(this.t-e,0),r.s=this.s},N.prototype.lShiftTo=function(e,r){var n,a=e%this.DB,f=this.DB-a,_=(1<<f)-1,P=Math.floor(e/this.DB),F=this.s<<a&this.DM;for(n=this.t-1;n>=0;--n)r[n+P+1]=this[n]>>f|F,F=(this[n]&_)<<a;for(n=P-1;n>=0;--n)r[n]=0;r[P]=F,r.t=this.t+P+1,r.s=this.s,r.clamp()},N.prototype.rShiftTo=function(e,r){r.s=this.s;var n=Math.floor(e/this.DB);if(n>=this.t)r.t=0;else{var a=e%this.DB,f=this.DB-a,_=(1<<a)-1;r[0]=this[n]>>a;for(var P=n+1;P<this.t;++P)r[P-n-1]|=(this[P]&_)<<f,r[P-n]=this[P]>>a;a>0&&(r[this.t-n-1]|=(this.s&_)<<f),r.t=this.t-n,r.clamp()}},N.prototype.subTo=function(e,r){for(var n=0,a=0,f=Math.min(e.t,this.t);n<f;)a+=this[n]-e[n],r[n++]=a&this.DM,a>>=this.DB;if(e.t<this.t){for(a-=e.s;n<this.t;)a+=this[n],r[n++]=a&this.DM,a>>=this.DB;a+=this.s}else{for(a+=this.s;n<e.t;)a-=e[n],r[n++]=a&this.DM,a>>=this.DB;a-=e.s}r.s=a<0?-1:0,a<-1?r[n++]=this.DV+a:a>0&&(r[n++]=a),r.t=n,r.clamp()},N.prototype.multiplyTo=function(e,r){var n=this.abs(),a=e.abs(),f=n.t;for(r.t=f+a.t;--f>=0;)r[f]=0;for(f=0;f<a.t;++f)r[f+n.t]=n.am(0,a[f],r,f,0,n.t);r.s=0,r.clamp(),this.s!=e.s&&N.ZERO.subTo(r,r)},N.prototype.squareTo=function(e){for(var r=this.abs(),n=e.t=2*r.t;--n>=0;)e[n]=0;for(n=0;n<r.t-1;++n){var a=r.am(n,r[n],e,2*n,0,1);(e[n+r.t]+=r.am(n+1,2*r[n],e,2*n+1,a,r.t-n-1))>=r.DV&&(e[n+r.t]-=r.DV,e[n+r.t+1]=1)}e.t>0&&(e[e.t-1]+=r.am(n,r[n],e,2*n,0,1)),e.s=0,e.clamp()},N.prototype.divRemTo=function(e,r,n){var a=e.abs();if(!(a.t<=0)){var f=this.abs();if(f.t<a.t)return r?.fromInt(0),void(n!=null&&this.copyTo(n));n==null&&(n=ie());var _=ie(),P=this.s,F=e.s,k=this.DB-Ge(a[a.t-1]);k>0?(a.lShiftTo(k,_),f.lShiftTo(k,n)):(a.copyTo(_),f.copyTo(n));var D=_.t,O=_[D-1];if(O!=0){var V=O*(1<<this.F1)+(D>1?_[D-2]>>this.F2:0),z=this.FV/V,G=(1<<this.F1)/V,Z=1<<this.F2,ee=n.t,m=ee-D,L=r??ie();for(_.dlShiftTo(m,L),n.compareTo(L)>=0&&(n[n.t++]=1,n.subTo(L,n)),N.ONE.dlShiftTo(D,L),L.subTo(_,_);_.t<D;)_[_.t++]=0;for(;--m>=0;){var M=n[--ee]==O?this.DM:Math.floor(n[ee]*z+(n[ee-1]+Z)*G);if((n[ee]+=_.am(0,M,n,m,0,D))<M)for(_.dlShiftTo(m,L),n.subTo(L,n);n[ee]<--M;)n.subTo(L,n)}r!=null&&(n.drShiftTo(D,r),P!=F&&N.ZERO.subTo(r,r)),n.t=D,n.clamp(),k>0&&n.rShiftTo(k,n),P<0&&N.ZERO.subTo(n,n)}}},N.prototype.invDigit=function(){if(this.t<1)return 0;var e=this[0];if((1&e)==0)return 0;var r=3&e;return(r=(r=(r=(r=r*(2-(15&e)*r)&15)*(2-(255&e)*r)&255)*(2-((65535&e)*r&65535))&65535)*(2-e*r%this.DV)%this.DV)>0?this.DV-r:-r},N.prototype.isEven=function(){return(this.t>0?1&this[0]:this.s)==0},N.prototype.exp=function(e,r){if(e>4294967295||e<1)return N.ONE;var n=ie(),a=ie(),f=r.convert(this),_=Ge(e)-1;for(f.copyTo(n);--_>=0;)if(r.sqrTo(n,a),(e&1<<_)>0)r.mulTo(a,f,n);else{var P=n;n=a,a=P}return r.revert(n)},N.prototype.toString=function(e){if(this.s<0)return"-"+this.negate().toString(e);var r;if(e==16)r=4;else if(e==8)r=3;else if(e==2)r=1;else if(e==32)r=5;else{if(e!=4)return this.toRadix(e);r=2}var n,a=(1<<r)-1,f=!1,_="",P=this.t,F=this.DB-P*this.DB%r;if(P-- >0)for(F<this.DB&&(n=this[P]>>F)>0&&(f=!0,_=Re(n));P>=0;)F<r?(n=(this[P]&(1<<F)-1)<<r-F,n|=this[--P]>>(F+=this.DB-r)):(n=this[P]>>(F-=r)&a,F<=0&&(F+=this.DB,--P)),n>0&&(f=!0),f&&(_+=Re(n));return f?_:"0"},N.prototype.negate=function(){var e=ie();return N.ZERO.subTo(this,e),e},N.prototype.abs=function(){return this.s<0?this.negate():this},N.prototype.compareTo=function(e){var r=this.s-e.s;if(r!=0)return r;var n=this.t;if((r=n-e.t)!=0)return this.s<0?-r:r;for(;--n>=0;)if((r=this[n]-e[n])!=0)return r;return 0},N.prototype.bitLength=function(){return this.t<=0?0:this.DB*(this.t-1)+Ge(this[this.t-1]^this.s&this.DM)},N.prototype.mod=function(e){var r=ie();return this.abs().divRemTo(e,null,r),this.s<0&&r.compareTo(N.ZERO)>0&&e.subTo(r,r),r},N.prototype.modPowInt=function(e,r){var n;return n=e<256||r.isEven()?new fe(r):new ve(r),this.exp(e,n)},N.ZERO=Le(0),N.ONE=Le(1),Xe.prototype.convert=it,Xe.prototype.revert=it,Xe.prototype.mulTo=function(e,r,n){e.multiplyTo(r,n)},Xe.prototype.sqrTo=function(e,r){e.squareTo(r)},Ke.prototype.convert=function(e){if(e.s<0||e.t>2*this.m.t)return e.mod(this.m);if(e.compareTo(this.m)<0)return e;var r=ie();return e.copyTo(r),this.reduce(r),r},Ke.prototype.revert=function(e){return e},Ke.prototype.reduce=function(e){for(e.drShiftTo(this.m.t-1,this.r2),e.t>this.m.t+1&&(e.t=this.m.t+1,e.clamp()),this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3),this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);e.compareTo(this.r2)<0;)e.dAddOffset(1,this.m.t+1);for(e.subTo(this.r2,e);e.compareTo(this.m)>=0;)e.subTo(this.m,e)},Ke.prototype.mulTo=function(e,r,n){e.multiplyTo(r,n),this.reduce(n)},Ke.prototype.sqrTo=function(e,r){e.squareTo(r),this.reduce(r)};var xe=[2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997],q=(1<<26)/xe[xe.length-1];function g(){this.i=0,this.j=0,this.S=new Array}N.prototype.chunkSize=function(e){return Math.floor(Math.LN2*this.DB/Math.log(e))},N.prototype.toRadix=function(e){if(e==null&&(e=10),this.signum()==0||e<2||e>36)return"0";var r=this.chunkSize(e),n=Math.pow(e,r),a=Le(n),f=ie(),_=ie(),P="";for(this.divRemTo(a,f,_);f.signum()>0;)P=(n+_.intValue()).toString(e).substr(1)+P,f.divRemTo(a,f,_);return _.intValue().toString(e)+P},N.prototype.fromRadix=function(e,r){this.fromInt(0),r==null&&(r=10);for(var n=this.chunkSize(r),a=Math.pow(r,n),f=!1,_=0,P=0,F=0;F<e.length;++F){var k=ze(e,F);k<0?e.charAt(F)=="-"&&this.signum()==0&&(f=!0):(P=r*P+k,++_>=n&&(this.dMultiply(a),this.dAddOffset(P,0),_=0,P=0))}_>0&&(this.dMultiply(Math.pow(r,_)),this.dAddOffset(P,0)),f&&N.ZERO.subTo(this,this)},N.prototype.fromNumber=function(e,r,n){if(typeof r=="number")if(e<2)this.fromInt(1);else for(this.fromNumber(e,n),this.testBit(e-1)||this.bitwiseTo(N.ONE.shiftLeft(e-1),Ye,this),this.isEven()&&this.dAddOffset(1,0);!this.isProbablePrime(r);)this.dAddOffset(2,0),this.bitLength()>e&&this.subTo(N.ONE.shiftLeft(e-1),this);else{var a=new Array,f=7&e;a.length=1+(e>>3),r.nextBytes(a),f>0?a[0]&=(1<<f)-1:a[0]=0,this.fromString(a,256)}},N.prototype.bitwiseTo=function(e,r,n){var a,f,_=Math.min(e.t,this.t);for(a=0;a<_;++a)n[a]=r(this[a],e[a]);if(e.t<this.t){for(f=e.s&this.DM,a=_;a<this.t;++a)n[a]=r(this[a],f);n.t=this.t}else{for(f=this.s&this.DM,a=_;a<e.t;++a)n[a]=r(f,e[a]);n.t=e.t}n.s=r(this.s,e.s),n.clamp()},N.prototype.changeBit=function(e,r){var n=N.ONE.shiftLeft(e);return this.bitwiseTo(n,r,n),n},N.prototype.addTo=function(e,r){for(var n=0,a=0,f=Math.min(e.t,this.t);n<f;)a+=this[n]+e[n],r[n++]=a&this.DM,a>>=this.DB;if(e.t<this.t){for(a+=e.s;n<this.t;)a+=this[n],r[n++]=a&this.DM,a>>=this.DB;a+=this.s}else{for(a+=this.s;n<e.t;)a+=e[n],r[n++]=a&this.DM,a>>=this.DB;a+=e.s}r.s=a<0?-1:0,a>0?r[n++]=a:a<-1&&(r[n++]=this.DV+a),r.t=n,r.clamp()},N.prototype.dMultiply=function(e){this[this.t]=this.am(0,e-1,this,0,0,this.t),++this.t,this.clamp()},N.prototype.dAddOffset=function(e,r){if(e!=0){for(;this.t<=r;)this[this.t++]=0;for(this[r]+=e;this[r]>=this.DV;)this[r]-=this.DV,++r>=this.t&&(this[this.t++]=0),++this[r]}},N.prototype.multiplyLowerTo=function(e,r,n){var a,f=Math.min(this.t+e.t,r);for(n.s=0,n.t=f;f>0;)n[--f]=0;for(a=n.t-this.t;f<a;++f)n[f+this.t]=this.am(0,e[f],n,f,0,this.t);for(a=Math.min(e.t,r);f<a;++f)this.am(0,e[f],n,f,0,r-f);n.clamp()},N.prototype.multiplyUpperTo=function(e,r,n){--r;var a=n.t=this.t+e.t-r;for(n.s=0;--a>=0;)n[a]=0;for(a=Math.max(r-this.t,0);a<e.t;++a)n[this.t+a-r]=this.am(r-a,e[a],n,0,0,this.t+a-r);n.clamp(),n.drShiftTo(1,n)},N.prototype.modInt=function(e){if(e<=0)return 0;var r=this.DV%e,n=this.s<0?e-1:0;if(this.t>0)if(r==0)n=this[0]%e;else for(var a=this.t-1;a>=0;--a)n=(r*n+this[a])%e;return n},N.prototype.millerRabin=function(e){var r=this.subtract(N.ONE),n=r.getLowestSetBit();if(n<=0)return!1;var a=r.shiftRight(n);(e=e+1>>1)>xe.length&&(e=xe.length);for(var f=ie(),_=0;_<e;++_){f.fromInt(xe[Math.floor(Math.random()*xe.length)]);var P=f.modPow(a,this);if(P.compareTo(N.ONE)!=0&&P.compareTo(r)!=0){for(var F=1;F++<n&&P.compareTo(r)!=0;)if((P=P.modPowInt(2,this)).compareTo(N.ONE)==0)return!1;if(P.compareTo(r)!=0)return!1}}return!0},N.prototype.clone=function(){var e=ie();return this.copyTo(e),e},N.prototype.intValue=function(){if(this.s<0){if(this.t==1)return this[0]-this.DV;if(this.t==0)return-1}else{if(this.t==1)return this[0];if(this.t==0)return 0}return(this[1]&(1<<32-this.DB)-1)<<this.DB|this[0]},N.prototype.byteValue=function(){return this.t==0?this.s:this[0]<<24>>24},N.prototype.shortValue=function(){return this.t==0?this.s:this[0]<<16>>16},N.prototype.signum=function(){return this.s<0?-1:this.t<=0||this.t==1&&this[0]<=0?0:1},N.prototype.toByteArray=function(){var e=this.t,r=new Array;r[0]=this.s;var n,a=this.DB-e*this.DB%8,f=0;if(e-- >0)for(a<this.DB&&(n=this[e]>>a)!=(this.s&this.DM)>>a&&(r[f++]=n|this.s<<this.DB-a);e>=0;)a<8?(n=(this[e]&(1<<a)-1)<<8-a,n|=this[--e]>>(a+=this.DB-8)):(n=this[e]>>(a-=8)&255,a<=0&&(a+=this.DB,--e)),(128&n)!=0&&(n|=-256),f==0&&(128&this.s)!=(128&n)&&++f,(f>0||n!=this.s)&&(r[f++]=n);return r},N.prototype.equals=function(e){return this.compareTo(e)==0},N.prototype.min=function(e){return this.compareTo(e)<0?this:e},N.prototype.max=function(e){return this.compareTo(e)>0?this:e},N.prototype.and=function(e){var r=ie();return this.bitwiseTo(e,We,r),r},N.prototype.or=function(e){var r=ie();return this.bitwiseTo(e,Ye,r),r},N.prototype.xor=function(e){var r=ie();return this.bitwiseTo(e,rt,r),r},N.prototype.andNot=function(e){var r=ie();return this.bitwiseTo(e,nt,r),r},N.prototype.not=function(){for(var e=ie(),r=0;r<this.t;++r)e[r]=this.DM&~this[r];return e.t=this.t,e.s=~this.s,e},N.prototype.shiftLeft=function(e){var r=ie();return e<0?this.rShiftTo(-e,r):this.lShiftTo(e,r),r},N.prototype.shiftRight=function(e){var r=ie();return e<0?this.lShiftTo(-e,r):this.rShiftTo(e,r),r},N.prototype.getLowestSetBit=function(){for(var e=0;e<this.t;++e)if(this[e]!=0)return e*this.DB+ct(this[e]);return this.s<0?this.t*this.DB:-1},N.prototype.bitCount=function(){for(var e=0,r=this.s&this.DM,n=0;n<this.t;++n)e+=Et(this[n]^r);return e},N.prototype.testBit=function(e){var r=Math.floor(e/this.DB);return r>=this.t?this.s!=0:(this[r]&1<<e%this.DB)!=0},N.prototype.setBit=function(e){return this.changeBit(e,Ye)},N.prototype.clearBit=function(e){return this.changeBit(e,nt)},N.prototype.flipBit=function(e){return this.changeBit(e,rt)},N.prototype.add=function(e){var r=ie();return this.addTo(e,r),r},N.prototype.subtract=function(e){var r=ie();return this.subTo(e,r),r},N.prototype.multiply=function(e){var r=ie();return this.multiplyTo(e,r),r},N.prototype.divide=function(e){var r=ie();return this.divRemTo(e,r,null),r},N.prototype.remainder=function(e){var r=ie();return this.divRemTo(e,null,r),r},N.prototype.divideAndRemainder=function(e){var r=ie(),n=ie();return this.divRemTo(e,r,n),new Array(r,n)},N.prototype.modPow=function(e,r){var n,a,f=e.bitLength(),_=Le(1);if(f<=0)return _;n=f<18?1:f<48?3:f<144?4:f<768?5:6,a=f<8?new fe(r):r.isEven()?new Ke(r):new ve(r);var P=new Array,F=3,k=n-1,D=(1<<n)-1;if(P[1]=a.convert(this),n>1){var O=ie();for(a.sqrTo(P[1],O);F<=D;)P[F]=ie(),a.mulTo(O,P[F-2],P[F]),F+=2}var V,z,G=e.t-1,Z=!0,ee=ie();for(f=Ge(e[G])-1;G>=0;){for(f>=k?V=e[G]>>f-k&D:(V=(e[G]&(1<<f+1)-1)<<k-f,G>0&&(V|=e[G-1]>>this.DB+f-k)),F=n;(1&V)==0;)V>>=1,--F;if((f-=F)<0&&(f+=this.DB,--G),Z)P[V].copyTo(_),Z=!1;else{for(;F>1;)a.sqrTo(_,ee),a.sqrTo(ee,_),F-=2;F>0?a.sqrTo(_,ee):(z=_,_=ee,ee=z),a.mulTo(ee,P[V],_)}for(;G>=0&&(e[G]&1<<f)==0;)a.sqrTo(_,ee),z=_,_=ee,ee=z,--f<0&&(f=this.DB-1,--G)}return a.revert(_)},N.prototype.modInverse=function(e){var r=e.isEven();if(this.isEven()&&r||e.signum()==0)return N.ZERO;for(var n=e.clone(),a=this.clone(),f=Le(1),_=Le(0),P=Le(0),F=Le(1);n.signum()!=0;){for(;n.isEven();)n.rShiftTo(1,n),r?(f.isEven()&&_.isEven()||(f.addTo(this,f),_.subTo(e,_)),f.rShiftTo(1,f)):_.isEven()||_.subTo(e,_),_.rShiftTo(1,_);for(;a.isEven();)a.rShiftTo(1,a),r?(P.isEven()&&F.isEven()||(P.addTo(this,P),F.subTo(e,F)),P.rShiftTo(1,P)):F.isEven()||F.subTo(e,F),F.rShiftTo(1,F);n.compareTo(a)>=0?(n.subTo(a,n),r&&f.subTo(P,f),_.subTo(F,_)):(a.subTo(n,a),r&&P.subTo(f,P),F.subTo(_,F))}return a.compareTo(N.ONE)!=0?N.ZERO:F.compareTo(e)>=0?F.subtract(e):F.signum()<0?(F.addTo(e,F),F.signum()<0?F.add(e):F):F},N.prototype.pow=function(e){return this.exp(e,new Xe)},N.prototype.gcd=function(e){var r=this.s<0?this.negate():this.clone(),n=e.s<0?e.negate():e.clone();if(r.compareTo(n)<0){var a=r;r=n,n=a}var f=r.getLowestSetBit(),_=n.getLowestSetBit();if(_<0)return r;for(f<_&&(_=f),_>0&&(r.rShiftTo(_,r),n.rShiftTo(_,n));r.signum()>0;)(f=r.getLowestSetBit())>0&&r.rShiftTo(f,r),(f=n.getLowestSetBit())>0&&n.rShiftTo(f,n),r.compareTo(n)>=0?(r.subTo(n,r),r.rShiftTo(1,r)):(n.subTo(r,n),n.rShiftTo(1,n));return _>0&&n.lShiftTo(_,n),n},N.prototype.isProbablePrime=function(e){var r,n=this.abs();if(n.t==1&&n[0]<=xe[xe.length-1]){for(r=0;r<xe.length;++r)if(n[0]==xe[r])return!0;return!1}if(n.isEven())return!1;for(r=1;r<xe.length;){for(var a=xe[r],f=r+1;f<xe.length&&a<q;)a*=xe[f++];for(a=n.modInt(a);r<f;)if(a%xe[r++]==0)return!1}return n.millerRabin(e)},N.prototype.square=function(){var e=ie();return this.squareTo(e),e},g.prototype.init=function(e){var r,n,a;for(r=0;r<256;++r)this.S[r]=r;for(n=0,r=0;r<256;++r)n=n+this.S[r]+e[r%e.length]&255,a=this.S[r],this.S[r]=this.S[n],this.S[n]=a;this.i=0,this.j=0},g.prototype.next=function(){var e;return this.i=this.i+1&255,this.j=this.j+this.S[this.i]&255,e=this.S[this.i],this.S[this.i]=this.S[this.j],this.S[this.j]=e,this.S[e+this.S[this.i]&255]};var p,j,$;function X(){(function(e){j[$++]^=255&e,j[$++]^=e>>8&255,j[$++]^=e>>16&255,j[$++]^=e>>24&255,$>=256&&($-=256)})(new Date().getTime())}if(j==null){var re;if(j=new Array,$=0,W!==void 0&&(W.crypto!==void 0||W.msCrypto!==void 0)){var ce=W.crypto||W.msCrypto;if(ce.getRandomValues){var de=new Uint8Array(32);for(ce.getRandomValues(de),re=0;re<32;++re)j[$++]=de[re]}else if(U.appName=="Netscape"&&U.appVersion<"5"){var we=W.crypto.random(32);for(re=0;re<we.length;++re)j[$++]=255&we.charCodeAt(re)}}for(;$<256;)re=Math.floor(65536*Math.random()),j[$++]=re>>>8,j[$++]=255&re;$=0,X()}function _e(){if(p==null){for(X(),(p=(function(){return new g})()).init(j),$=0;$<j.length;++$)j[$]=0;$=0}return p.next()}function Se(){}function ot(t,e){return new N(t,e)}function ft(t,e,r){for(var n="",a=0;n.length<e;)n+=r(String.fromCharCode.apply(String,t.concat([(4278190080&a)>>24,(16711680&a)>>16,(65280&a)>>8,255&a]))),a+=1;return n}function le(){this.n=null,this.e=0,this.d=null,this.p=null,this.q=null,this.dmp1=null,this.dmq1=null,this.coeff=null}function Pe(t,e){this.x=e,this.q=t}function pe(t,e,r,n){this.curve=t,this.x=e,this.y=r,this.z=n??N.ONE,this.zinv=null}function lt(t,e,r){this.q=t,this.a=this.fromBigInteger(e),this.b=this.fromBigInteger(r),this.infinity=new pe(this,null,null)}Se.prototype.nextBytes=function(e){var r;for(r=0;r<e.length;++r)e[r]=_e()},le.prototype.doPublic=function(e){return e.modPowInt(this.e,this.n)},le.prototype.setPublic=function(e,r){if(this.isPublic=!0,this.isPrivate=!1,typeof e!="string")this.n=e,this.e=r;else{if(!(e!=null&&r!=null&&e.length>0&&r.length>0))throw"Invalid RSA public key";this.n=ot(e,16),this.e=parseInt(r,16)}},le.prototype.encrypt=function(e){var r=(function(_,P){if(P<_.length+11)throw"Message too long for RSA";for(var F=new Array,k=_.length-1;k>=0&&P>0;){var D=_.charCodeAt(k--);D<128?F[--P]=D:D>127&&D<2048?(F[--P]=63&D|128,F[--P]=D>>6|192):(F[--P]=63&D|128,F[--P]=D>>6&63|128,F[--P]=D>>12|224)}F[--P]=0;for(var O=new Se,V=new Array;P>2;){for(V[0]=0;V[0]==0;)O.nextBytes(V);F[--P]=V[0]}return F[--P]=2,F[--P]=0,new N(F)})(e,this.n.bitLength()+7>>3);if(r==null)return null;var n=this.doPublic(r);if(n==null)return null;var a=n.toString(16);return(1&a.length)==0?a:"0"+a},le.prototype.encryptOAEP=function(e,r,n){var a=(function(F,k,D,O){var V=E.crypto.MessageDigest,z=E.crypto.Util,G=null;if(D||(D="sha1"),typeof D=="string"&&(G=V.getCanonicalAlgName(D),O=V.getHashLength(G),D=function(oe){return ht(z.hashHex(_t(oe),G))}),F.length+2*O+2>k)throw"Message too long for RSA";var Z,ee="";for(Z=0;Z<k-F.length-2*O-2;Z+=1)ee+="\0";var m=D("")+ee+"
"+F,L=new Array(O);new Se().nextBytes(L);var M=ft(L,m.length,D),K=[];for(Z=0;Z<m.length;Z+=1)K[Z]=m.charCodeAt(Z)^M.charCodeAt(Z);var Y=ft(K,L.length,D),te=[0];for(Z=0;Z<L.length;Z+=1)te[Z+1]=L[Z]^Y.charCodeAt(Z);return new N(te.concat(K))})(e,this.n.bitLength()+7>>3,r,n);if(a==null)return null;var f=this.doPublic(a);if(f==null)return null;var _=f.toString(16);return(1&_.length)==0?_:"0"+_},le.prototype.type="RSA",Pe.prototype.equals=function(e){return e==this||this.q.equals(e.q)&&this.x.equals(e.x)},Pe.prototype.toBigInteger=function(){return this.x},Pe.prototype.negate=function(){return new Pe(this.q,this.x.negate().mod(this.q))},Pe.prototype.add=function(e){return new Pe(this.q,this.x.add(e.toBigInteger()).mod(this.q))},Pe.prototype.subtract=function(e){return new Pe(this.q,this.x.subtract(e.toBigInteger()).mod(this.q))},Pe.prototype.multiply=function(e){return new Pe(this.q,this.x.multiply(e.toBigInteger()).mod(this.q))},Pe.prototype.square=function(){return new Pe(this.q,this.x.square().mod(this.q))},Pe.prototype.divide=function(e){return new Pe(this.q,this.x.multiply(e.toBigInteger().modInverse(this.q)).mod(this.q))},pe.prototype.getX=function(){return this.zinv==null&&(this.zinv=this.z.modInverse(this.curve.q)),this.curve.fromBigInteger(this.x.toBigInteger().multiply(this.zinv).mod(this.curve.q))},pe.prototype.getY=function(){return this.zinv==null&&(this.zinv=this.z.modInverse(this.curve.q)),this.curve.fromBigInteger(this.y.toBigInteger().multiply(this.zinv).mod(this.curve.q))},pe.prototype.equals=function(e){return e==this||(this.isInfinity()?e.isInfinity():e.isInfinity()?this.isInfinity():!!e.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(e.z)).mod(this.curve.q).equals(N.ZERO)&&e.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(e.z)).mod(this.curve.q).equals(N.ZERO))},pe.prototype.isInfinity=function(){return this.x==null&&this.y==null||this.z.equals(N.ZERO)&&!this.y.toBigInteger().equals(N.ZERO)},pe.prototype.negate=function(){return new pe(this.curve,this.x,this.y.negate(),this.z)},pe.prototype.add=function(e){if(this.isInfinity())return e;if(e.isInfinity())return this;var r=e.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(e.z)).mod(this.curve.q),n=e.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(e.z)).mod(this.curve.q);if(N.ZERO.equals(n))return N.ZERO.equals(r)?this.twice():this.curve.getInfinity();var a=new N("3"),f=this.x.toBigInteger(),_=this.y.toBigInteger(),P=(e.x.toBigInteger(),e.y.toBigInteger(),n.square()),F=P.multiply(n),k=f.multiply(P),D=r.square().multiply(this.z),O=D.subtract(k.shiftLeft(1)).multiply(e.z).subtract(F).multiply(n).mod(this.curve.q),V=k.multiply(a).multiply(r).subtract(_.multiply(F)).subtract(D.multiply(r)).multiply(e.z).add(r.multiply(F)).mod(this.curve.q),z=F.multiply(this.z).multiply(e.z).mod(this.curve.q);return new pe(this.curve,this.curve.fromBigInteger(O),this.curve.fromBigInteger(V),z)},pe.prototype.twice=function(){if(this.isInfinity())return this;if(this.y.toBigInteger().signum()==0)return this.curve.getInfinity();var e=new N("3"),r=this.x.toBigInteger(),n=this.y.toBigInteger(),a=n.multiply(this.z),f=a.multiply(n).mod(this.curve.q),_=this.curve.a.toBigInteger(),P=r.square().multiply(e);N.ZERO.equals(_)||(P=P.add(this.z.square().multiply(_)));var F=(P=P.mod(this.curve.q)).square().subtract(r.shiftLeft(3).multiply(f)).shiftLeft(1).multiply(a).mod(this.curve.q),k=P.multiply(e).multiply(r).subtract(f.shiftLeft(1)).shiftLeft(2).multiply(f).subtract(P.square().multiply(P)).mod(this.curve.q),D=a.square().multiply(a).shiftLeft(3).mod(this.curve.q);return new pe(this.curve,this.curve.fromBigInteger(F),this.curve.fromBigInteger(k),D)},pe.prototype.multiply=function(e){if(this.isInfinity())return this;if(e.signum()==0)return this.curve.getInfinity();var r,n=e,a=n.multiply(new N("3")),f=this.negate(),_=this,P=this.curve.q.subtract(e),F=P.multiply(new N("3")),k=new pe(this.curve,this.x,this.y),D=k.negate();for(r=a.bitLength()-2;r>0;--r){_=_.twice();var O=a.testBit(r);O!=n.testBit(r)&&(_=_.add(O?this:f))}for(r=F.bitLength()-2;r>0;--r){k=k.twice();var V=F.testBit(r);V!=P.testBit(r)&&(k=k.add(V?k:D))}return _},pe.prototype.multiplyTwo=function(e,r,n){var a;a=e.bitLength()>n.bitLength()?e.bitLength()-1:n.bitLength()-1;for(var f=this.curve.getInfinity(),_=this.add(r);a>=0;)f=f.twice(),e.testBit(a)?f=n.testBit(a)?f.add(_):f.add(this):n.testBit(a)&&(f=f.add(r)),--a;return f},lt.prototype.getQ=function(){return this.q},lt.prototype.getA=function(){return this.a},lt.prototype.getB=function(){return this.b},lt.prototype.equals=function(e){return e==this||this.q.equals(e.q)&&this.a.equals(e.a)&&this.b.equals(e.b)},lt.prototype.getInfinity=function(){return this.infinity},lt.prototype.fromBigInteger=function(e){return new Pe(this.q,e)},lt.prototype.decodePointHex=function(e){switch(parseInt(e.substr(0,2),16)){case 0:return this.infinity;case 2:case 3:return null;case 4:case 6:case 7:var r=(e.length-2)/2,n=e.substr(2,r),a=e.substr(r+2,r);return new pe(this,this.fromBigInteger(new N(n,16)),this.fromBigInteger(new N(a,16)));default:return null}},Pe.prototype.getByteLength=function(){return Math.floor((this.toBigInteger().bitLength()+7)/8)},pe.prototype.getEncoded=function(t){var e=function(_,P){var F=_.toByteArrayUnsigned();if(P<F.length)F=F.slice(F.length-P);else for(;P>F.length;)F.unshift(0);return F},r=this.getX().toBigInteger(),n=this.getY().toBigInteger(),a=e(r,32);return t?n.isEven()?a.unshift(2):a.unshift(3):(a.unshift(4),a=a.concat(e(n,32))),a},pe.decodeFrom=function(t,e){e[0];var r=e.length-1,n=e.slice(1,1+r/2),a=e.slice(1+r/2,1+r);n.unshift(0),a.unshift(0);var f=new N(n),_=new N(a);return new pe(t,t.fromBigInteger(f),t.fromBigInteger(_))},pe.decodeFromHex=function(t,e){e.substr(0,2);var r=e.length-2,n=e.substr(2,r/2),a=e.substr(2+r/2,r/2),f=new N(n,16),_=new N(a,16);return new pe(t,t.fromBigInteger(f),t.fromBigInteger(_))},pe.prototype.add2D=function(t){if(this.isInfinity())return t;if(t.isInfinity())return this;if(this.x.equals(t.x))return this.y.equals(t.y)?this.twice():this.curve.getInfinity();var e=t.x.subtract(this.x),r=t.y.subtract(this.y).divide(e),n=r.square().subtract(this.x).subtract(t.x),a=r.multiply(this.x.subtract(n)).subtract(this.y);return new pe(this.curve,n,a)},pe.prototype.twice2D=function(){if(this.isInfinity())return this;if(this.y.toBigInteger().signum()==0)return this.curve.getInfinity();var t=this.curve.fromBigInteger(N.valueOf(2)),e=this.curve.fromBigInteger(N.valueOf(3)),r=this.x.square().multiply(e).add(this.curve.a).divide(this.y.multiply(t)),n=r.square().subtract(this.x.multiply(t)),a=r.multiply(this.x.subtract(n)).subtract(this.y);return new pe(this.curve,n,a)},pe.prototype.multiply2D=function(t){if(this.isInfinity())return this;if(t.signum()==0)return this.curve.getInfinity();var e,r=t,n=r.multiply(new N("3")),a=this.negate(),f=this;for(e=n.bitLength()-2;e>0;--e){f=f.twice();var _=n.testBit(e);_!=r.testBit(e)&&(f=f.add2D(_?this:a))}return f},pe.prototype.isOnCurve=function(){var t=this.getX().toBigInteger(),e=this.getY().toBigInteger(),r=this.curve.getA().toBigInteger(),n=this.curve.getB().toBigInteger(),a=this.curve.getQ(),f=e.multiply(e).mod(a),_=t.multiply(t).multiply(t).add(r.multiply(t)).add(n).mod(a);return f.equals(_)},pe.prototype.toString=function(){return"("+this.getX().toBigInteger().toString()+","+this.getY().toBigInteger().toString()+")"},pe.prototype.validate=function(){var t=this.curve.getQ();if(this.isInfinity())throw new Error("Point is at infinity.");var e=this.getX().toBigInteger(),r=this.getY().toBigInteger();if(e.compareTo(N.ONE)<0||e.compareTo(t.subtract(N.ONE))>0)throw new Error("x coordinate out of bounds");if(r.compareTo(N.ONE)<0||r.compareTo(t.subtract(N.ONE))>0)throw new Error("y coordinate out of bounds");if(!this.isOnCurve())throw new Error("Point is not on the curve.");if(this.multiply(t).isInfinity())throw new Error("Point is not a scalar multiple of G.");return!0};var un=(function(){var t=new RegExp('(?:false|true|null|[\\{\\}\\[\\]]|(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)|(?:"(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))*"))',"g"),e=new RegExp("\\\\(?:([^u])|u(.{4}))","g"),r={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:`
+`,r:"\r",t:"	"};function n(_,P,F){return P?r[P]:String.fromCharCode(parseInt(F,16))}var a=new String(""),f=Object.hasOwnProperty;return function(_,P){var F,k,D=_.match(t),O=D[0],V=!1;O==="{"?F={}:O==="["?F=[]:(F=[],V=!0);for(var z=[F],G=1-V,Z=D.length;G<Z;++G){var ee;switch((O=D[G]).charCodeAt(0)){default:(ee=z[0])[k||ee.length]=+O,k=void 0;break;case 34:if((O=O.substring(1,O.length-1)).indexOf("\\")!==-1&&(O=O.replace(e,n)),ee=z[0],!k){if(!(ee instanceof Array)){k=O||a;break}k=ee.length}ee[k]=O,k=void 0;break;case 91:ee=z[0],z.unshift(ee[k||ee.length]=[]),k=void 0;break;case 93:z.shift();break;case 102:(ee=z[0])[k||ee.length]=!1,k=void 0;break;case 110:(ee=z[0])[k||ee.length]=null,k=void 0;break;case 116:(ee=z[0])[k||ee.length]=!0,k=void 0;break;case 123:ee=z[0],z.unshift(ee[k||ee.length]={}),k=void 0;break;case 125:z.shift()}}if(V){if(z.length!==1)throw new Error;F=F[0]}else if(z.length)throw new Error;return P&&(F=(function m(L,M){var K=L[M];if(K&&(K===void 0?"undefined":C(K))==="object"){var Y=null;for(var te in K)if(f.call(K,te)&&K!==L){var ue=m(K,te);ue!==void 0?K[te]=ue:(Y||(Y=[]),Y.push(te))}if(Y)for(var oe=Y.length;--oe>=0;)delete K[Y[oe]]}return P.call(L,M,K)})({"":F},"")),F}})();E!==void 0&&E||(s.KJUR=E={}),E.asn1!==void 0&&E.asn1||(E.asn1={}),E.asn1.ASN1Util=new function(){this.integerToByteHex=function(t){var e=t.toString(16);return e.length%2==1&&(e="0"+e),e},this.bigIntToMinTwosComplementsHex=function(t){var e=t.toString(16);if(e.substr(0,1)!="-")e.length%2==1?e="0"+e:e.match(/^[0-7]/)||(e="00"+e);else{var r=e.substr(1).length;r%2==1?r+=1:e.match(/^[0-7]/)||(r+=2);for(var n="",a=0;a<r;a++)n+="f";e=new N(n,16).xor(t).add(N.ONE).toString(16).replace(/^-/,"")}return e},this.getPEMStringFromHex=function(t,e){return st(t,e)},this.newObject=function(t){var e=E.asn1,r=e.ASN1Object,n=e.DERBoolean,a=e.DERInteger,f=e.DERBitString,_=e.DEROctetString,P=e.DERNull,F=e.DERObjectIdentifier,k=e.DEREnumerated,D=e.DERUTF8String,O=e.DERNumericString,V=e.DERPrintableString,z=e.DERTeletexString,G=e.DERIA5String,Z=e.DERUTCTime,ee=e.DERGeneralizedTime,m=e.DERVisibleString,L=e.DERBMPString,M=e.DERSequence,K=e.DERSet,Y=e.DERTaggedObject,te=e.ASN1Util.newObject;if(t instanceof e.ASN1Object)return t;var ue=Object.keys(t);if(ue.length!=1)throw new Error("key of param shall be only one.");var oe=ue[0];if(":asn1:bool:int:bitstr:octstr:null:oid:enum:utf8str:numstr:prnstr:telstr:ia5str:utctime:gentime:visstr:bmpstr:seq:set:tag:".indexOf(":"+oe+":")==-1)throw new Error("undefined key: "+oe);if(oe=="bool")return new n(t[oe]);if(oe=="int")return new a(t[oe]);if(oe=="bitstr")return new f(t[oe]);if(oe=="octstr")return new _(t[oe]);if(oe=="null")return new P(t[oe]);if(oe=="oid")return new F(t[oe]);if(oe=="enum")return new k(t[oe]);if(oe=="utf8str")return new D(t[oe]);if(oe=="numstr")return new O(t[oe]);if(oe=="prnstr")return new V(t[oe]);if(oe=="telstr")return new z(t[oe]);if(oe=="ia5str")return new G(t[oe]);if(oe=="utctime")return new Z(t[oe]);if(oe=="gentime")return new ee(t[oe]);if(oe=="visstr")return new m(t[oe]);if(oe=="bmpstr")return new L(t[oe]);if(oe=="asn1")return new r(t[oe]);if(oe=="seq"){for(var ge=t[oe],ae=[],he=0;he<ge.length;he++){var be=te(ge[he]);ae.push(be)}return new M({array:ae})}if(oe=="set"){for(ge=t[oe],ae=[],he=0;he<ge.length;he++)be=te(ge[he]),ae.push(be);return new K({array:ae})}if(oe=="tag"){var Ae=t[oe];if(Object.prototype.toString.call(Ae)==="[object Array]"&&Ae.length==3){var Fe=te(Ae[2]);return new Y({tag:Ae[0],explicit:Ae[1],obj:Fe})}return new Y(Ae)}},this.jsonToASN1HEX=function(t){return this.newObject(t).getEncodedHex()}},E.asn1.ASN1Util.oidHexToInt=function(t){for(var e="",r=parseInt(t.substr(0,2),16),n=(e=Math.floor(r/40)+"."+r%40,""),a=2;a<t.length;a+=2){var f=("00000000"+parseInt(t.substr(a,2),16).toString(2)).slice(-8);n+=f.substr(1,7),f.substr(0,1)=="0"&&(e=e+"."+new N(n,2).toString(10),n="")}return e},E.asn1.ASN1Util.oidIntToHex=function(t){var e=function(F){var k=F.toString(16);return k.length==1&&(k="0"+k),k},r=function(F){var k="",D=new N(F,10).toString(2),O=7-D.length%7;O==7&&(O=0);for(var V="",z=0;z<O;z++)V+="0";for(D=V+D,z=0;z<D.length-1;z+=7){var G=D.substr(z,7);z!=D.length-7&&(G="1"+G),k+=e(parseInt(G,2))}return k};if(!t.match(/^[0-9.]+$/))throw"malformed oid string: "+t;var n="",a=t.split("."),f=40*parseInt(a[0])+parseInt(a[1]);n+=e(f),a.splice(0,2);for(var _=0;_<a.length;_++)n+=r(a[_]);return n},E.asn1.ASN1Object=function(t){this.params=null,this.getLengthHexFromValue=function(){if(this.hV===void 0||this.hV==null)throw new Error("this.hV is null or undefined");if(this.hV.length%2==1)throw new Error("value hex must be even length: n=0,v="+this.hV);var e=this.hV.length/2,r=e.toString(16);if(r.length%2==1&&(r="0"+r),e<128)return r;var n=r.length/2;if(n>15)throw"ASN.1 length too long to represent by 8x: n = "+e.toString(16);return(128+n).toString(16)+r},this.getEncodedHex=function(){return(this.hTLV==null||this.isModified)&&(this.hV=this.getFreshValueHex(),this.hL=this.getLengthHexFromValue(),this.hTLV=this.hT+this.hL+this.hV,this.isModified=!1),this.hTLV},this.getValueHex=function(){return this.getEncodedHex(),this.hV},this.getFreshValueHex=function(){return""},this.setByParam=function(e){this.params=e},t!=null&&t.tlv!=null&&(this.hTLV=t.tlv,this.isModified=!1)},E.asn1.DERAbstractString=function(t){E.asn1.DERAbstractString.superclass.constructor.call(this),this.getString=function(){return this.s},this.setString=function(e){this.hTLV=null,this.isModified=!0,this.s=e,this.hV=Fr(this.s).toLowerCase()},this.setStringHex=function(e){this.hTLV=null,this.isModified=!0,this.s=null,this.hV=e},this.getFreshValueHex=function(){return this.hV},t!==void 0&&(typeof t=="string"?this.setString(t):t.str!==void 0?this.setString(t.str):t.hex!==void 0&&this.setStringHex(t.hex))},Ie(E.asn1.DERAbstractString,E.asn1.ASN1Object),E.asn1.DERAbstractTime=function(t){E.asn1.DERAbstractTime.superclass.constructor.call(this),this.localDateToUTC=function(e){var r=e.getTime()+6e4*e.getTimezoneOffset();return new Date(r)},this.formatDate=function(e,r,n){var a=this.zeroPadding,f=this.localDateToUTC(e),_=String(f.getFullYear());r=="utc"&&(_=_.substr(2,2));var P=_+a(String(f.getMonth()+1),2)+a(String(f.getDate()),2)+a(String(f.getHours()),2)+a(String(f.getMinutes()),2)+a(String(f.getSeconds()),2);if(n===!0){var F=f.getMilliseconds();if(F!=0){var k=a(String(F),3);P=P+"."+(k=k.replace(/[0]+$/,""))}}return P+"Z"},this.zeroPadding=function(e,r){return e.length>=r?e:new Array(r-e.length+1).join("0")+e},this.getString=function(){return this.s},this.setString=function(e){this.hTLV=null,this.isModified=!0,this.s=e,this.hV=Ft(e)},this.setByDateValue=function(e,r,n,a,f,_){var P=new Date(Date.UTC(e,r-1,n,a,f,_,0));this.setByDate(P)},this.getFreshValueHex=function(){return this.hV}},Ie(E.asn1.DERAbstractTime,E.asn1.ASN1Object),E.asn1.DERAbstractStructured=function(t){E.asn1.DERAbstractString.superclass.constructor.call(this),this.setByASN1ObjectArray=function(e){this.hTLV=null,this.isModified=!0,this.asn1Array=e},this.appendASN1Object=function(e){this.hTLV=null,this.isModified=!0,this.asn1Array.push(e)},this.asn1Array=new Array,t!==void 0&&t.array!==void 0&&(this.asn1Array=t.array)},Ie(E.asn1.DERAbstractStructured,E.asn1.ASN1Object),E.asn1.DERBoolean=function(t){E.asn1.DERBoolean.superclass.constructor.call(this),this.hT="01",this.hTLV=t==0?"010100":"0101ff"},Ie(E.asn1.DERBoolean,E.asn1.ASN1Object),E.asn1.DERInteger=function(t){E.asn1.DERInteger.superclass.constructor.call(this),this.hT="02",this.setByBigInteger=function(e){this.hTLV=null,this.isModified=!0,this.hV=E.asn1.ASN1Util.bigIntToMinTwosComplementsHex(e)},this.setByInteger=function(e){var r=new N(String(e),10);this.setByBigInteger(r)},this.setValueHex=function(e){this.hV=e},this.getFreshValueHex=function(){return this.hV},t!==void 0&&(t.bigint!==void 0?this.setByBigInteger(t.bigint):t.int!==void 0?this.setByInteger(t.int):typeof t=="number"?this.setByInteger(t):t.hex!==void 0&&this.setValueHex(t.hex))},Ie(E.asn1.DERInteger,E.asn1.ASN1Object),E.asn1.DERBitString=function(t){if(t!==void 0&&t.obj!==void 0){var e=E.asn1.ASN1Util.newObject(t.obj);t.hex="00"+e.getEncodedHex()}E.asn1.DERBitString.superclass.constructor.call(this),this.hT="03",this.setHexValueIncludingUnusedBits=function(r){this.hTLV=null,this.isModified=!0,this.hV=r},this.setUnusedBitsAndHexValue=function(r,n){if(r<0||7<r)throw"unused bits shall be from 0 to 7: u = "+r;var a="0"+r;this.hTLV=null,this.isModified=!0,this.hV=a+n},this.setByBinaryString=function(r){var n=8-(r=r.replace(/0+$/,"")).length%8;n==8&&(n=0);for(var a=0;a<=n;a++)r+="0";var f="";for(a=0;a<r.length-1;a+=8){var _=r.substr(a,8),P=parseInt(_,2).toString(16);P.length==1&&(P="0"+P),f+=P}this.hTLV=null,this.isModified=!0,this.hV="0"+n+f},this.setByBooleanArray=function(r){for(var n="",a=0;a<r.length;a++)r[a]==1?n+="1":n+="0";this.setByBinaryString(n)},this.newFalseArray=function(r){for(var n=new Array(r),a=0;a<r;a++)n[a]=!1;return n},this.getFreshValueHex=function(){return this.hV},t!==void 0&&(typeof t=="string"&&t.toLowerCase().match(/^[0-9a-f]+$/)?this.setHexValueIncludingUnusedBits(t):t.hex!==void 0?this.setHexValueIncludingUnusedBits(t.hex):t.bin!==void 0?this.setByBinaryString(t.bin):t.array!==void 0&&this.setByBooleanArray(t.array))},Ie(E.asn1.DERBitString,E.asn1.ASN1Object),E.asn1.DEROctetString=function(t){if(t!==void 0&&t.obj!==void 0){var e=E.asn1.ASN1Util.newObject(t.obj);t.hex=e.getEncodedHex()}E.asn1.DEROctetString.superclass.constructor.call(this,t),this.hT="04"},Ie(E.asn1.DEROctetString,E.asn1.DERAbstractString),E.asn1.DERNull=function(){E.asn1.DERNull.superclass.constructor.call(this),this.hT="05",this.hTLV="0500"},Ie(E.asn1.DERNull,E.asn1.ASN1Object),E.asn1.DERObjectIdentifier=function(t){E.asn1.DERObjectIdentifier.superclass.constructor.call(this),this.hT="06",this.setValueHex=function(e){this.hTLV=null,this.isModified=!0,this.s=null,this.hV=e},this.setValueOidString=function(e){var r=(function(a){var f=function(V){var z=V.toString(16);return z.length==1&&(z="0"+z),z},_=function(V){var z="",G=parseInt(V,10).toString(2),Z=7-G.length%7;Z==7&&(Z=0);for(var ee="",m=0;m<Z;m++)ee+="0";for(G=ee+G,m=0;m<G.length-1;m+=7){var L=G.substr(m,7);m!=G.length-7&&(L="1"+L),z+=f(parseInt(L,2))}return z};try{if(!a.match(/^[0-9.]+$/))return null;var P="",F=a.split("."),k=40*parseInt(F[0],10)+parseInt(F[1],10);P+=f(k),F.splice(0,2);for(var D=0;D<F.length;D++)P+=_(F[D]);return P}catch{return null}})(e);if(r==null)throw new Error("malformed oid string: "+e);this.hTLV=null,this.isModified=!0,this.s=null,this.hV=r},this.setValueName=function(e){var r=E.asn1.x509.OID.name2oid(e);if(r==="")throw new Error("DERObjectIdentifier oidName undefined: "+e);this.setValueOidString(r)},this.setValueNameOrOid=function(e){e.match(/^[0-2].[0-9.]+$/)?this.setValueOidString(e):this.setValueName(e)},this.getFreshValueHex=function(){return this.hV},this.setByParam=function(e){typeof e=="string"?this.setValueNameOrOid(e):e.oid!==void 0?this.setValueNameOrOid(e.oid):e.name!==void 0?this.setValueNameOrOid(e.name):e.hex!==void 0&&this.setValueHex(e.hex)},t!==void 0&&this.setByParam(t)},Ie(E.asn1.DERObjectIdentifier,E.asn1.ASN1Object),E.asn1.DEREnumerated=function(t){E.asn1.DEREnumerated.superclass.constructor.call(this),this.hT="0a",this.setByBigInteger=function(e){this.hTLV=null,this.isModified=!0,this.hV=E.asn1.ASN1Util.bigIntToMinTwosComplementsHex(e)},this.setByInteger=function(e){var r=new N(String(e),10);this.setByBigInteger(r)},this.setValueHex=function(e){this.hV=e},this.getFreshValueHex=function(){return this.hV},t!==void 0&&(t.int!==void 0?this.setByInteger(t.int):typeof t=="number"?this.setByInteger(t):t.hex!==void 0&&this.setValueHex(t.hex))},Ie(E.asn1.DEREnumerated,E.asn1.ASN1Object),E.asn1.DERUTF8String=function(t){E.asn1.DERUTF8String.superclass.constructor.call(this,t),this.hT="0c"},Ie(E.asn1.DERUTF8String,E.asn1.DERAbstractString),E.asn1.DERNumericString=function(t){E.asn1.DERNumericString.superclass.constructor.call(this,t),this.hT="12"},Ie(E.asn1.DERNumericString,E.asn1.DERAbstractString),E.asn1.DERPrintableString=function(t){E.asn1.DERPrintableString.superclass.constructor.call(this,t),this.hT="13"},Ie(E.asn1.DERPrintableString,E.asn1.DERAbstractString),E.asn1.DERTeletexString=function(t){E.asn1.DERTeletexString.superclass.constructor.call(this,t),this.hT="14"},Ie(E.asn1.DERTeletexString,E.asn1.DERAbstractString),E.asn1.DERIA5String=function(t){E.asn1.DERIA5String.superclass.constructor.call(this,t),this.hT="16"},Ie(E.asn1.DERIA5String,E.asn1.DERAbstractString),E.asn1.DERVisibleString=function(t){E.asn1.DERIA5String.superclass.constructor.call(this,t),this.hT="1a"},Ie(E.asn1.DERVisibleString,E.asn1.DERAbstractString),E.asn1.DERBMPString=function(t){E.asn1.DERBMPString.superclass.constructor.call(this,t),this.hT="1e"},Ie(E.asn1.DERBMPString,E.asn1.DERAbstractString),E.asn1.DERUTCTime=function(t){E.asn1.DERUTCTime.superclass.constructor.call(this,t),this.hT="17",this.setByDate=function(e){this.hTLV=null,this.isModified=!0,this.date=e,this.s=this.formatDate(this.date,"utc"),this.hV=Ft(this.s)},this.getFreshValueHex=function(){return this.date===void 0&&this.s===void 0&&(this.date=new Date,this.s=this.formatDate(this.date,"utc"),this.hV=Ft(this.s)),this.hV},t!==void 0&&(t.str!==void 0?this.setString(t.str):typeof t=="string"&&t.match(/^[0-9]{12}Z$/)?this.setString(t):t.hex!==void 0?this.setStringHex(t.hex):t.date!==void 0&&this.setByDate(t.date))},Ie(E.asn1.DERUTCTime,E.asn1.DERAbstractTime),E.asn1.DERGeneralizedTime=function(t){E.asn1.DERGeneralizedTime.superclass.constructor.call(this,t),this.hT="18",this.withMillis=!1,this.setByDate=function(e){this.hTLV=null,this.isModified=!0,this.date=e,this.s=this.formatDate(this.date,"gen",this.withMillis),this.hV=Ft(this.s)},this.getFreshValueHex=function(){return this.date===void 0&&this.s===void 0&&(this.date=new Date,this.s=this.formatDate(this.date,"gen",this.withMillis),this.hV=Ft(this.s)),this.hV},t!==void 0&&(t.str!==void 0?this.setString(t.str):typeof t=="string"&&t.match(/^[0-9]{14}Z$/)?this.setString(t):t.hex!==void 0?this.setStringHex(t.hex):t.date!==void 0&&this.setByDate(t.date),t.millis===!0&&(this.withMillis=!0))},Ie(E.asn1.DERGeneralizedTime,E.asn1.DERAbstractTime),E.asn1.DERSequence=function(t){E.asn1.DERSequence.superclass.constructor.call(this,t),this.hT="30",this.getFreshValueHex=function(){for(var e="",r=0;r<this.asn1Array.length;r++)e+=this.asn1Array[r].getEncodedHex();return this.hV=e,this.hV}},Ie(E.asn1.DERSequence,E.asn1.DERAbstractStructured),E.asn1.DERSet=function(t){E.asn1.DERSet.superclass.constructor.call(this,t),this.hT="31",this.sortFlag=!0,this.getFreshValueHex=function(){for(var e=new Array,r=0;r<this.asn1Array.length;r++){var n=this.asn1Array[r];e.push(n.getEncodedHex())}return this.sortFlag==1&&e.sort(),this.hV=e.join(""),this.hV},t!==void 0&&t.sortflag!==void 0&&t.sortflag==0&&(this.sortFlag=!1)},Ie(E.asn1.DERSet,E.asn1.DERAbstractStructured),E.asn1.DERTaggedObject=function(t){E.asn1.DERTaggedObject.superclass.constructor.call(this);var e=E.asn1;this.hT="a0",this.hV="",this.isExplicit=!0,this.asn1Object=null,this.setASN1Object=function(r,n,a){this.hT=n,this.isExplicit=r,this.asn1Object=a,this.isExplicit?(this.hV=this.asn1Object.getEncodedHex(),this.hTLV=null,this.isModified=!0):(this.hV=null,this.hTLV=a.getEncodedHex(),this.hTLV=this.hTLV.replace(/^../,n),this.isModified=!1)},this.getFreshValueHex=function(){return this.hV},this.setByParam=function(r){r.tag!=null&&(this.hT=r.tag),r.explicit!=null&&(this.isExplicit=r.explicit),r.tage!=null&&(this.hT=r.tage,this.isExplicit=!0),r.tagi!=null&&(this.hT=r.tagi,this.isExplicit=!1),r.obj!=null&&(r.obj instanceof e.ASN1Object?(this.asn1Object=r.obj,this.setASN1Object(this.isExplicit,this.hT,this.asn1Object)):C(r.obj)=="object"&&(this.asn1Object=e.ASN1Util.newObject(r.obj),this.setASN1Object(this.isExplicit,this.hT,this.asn1Object)))},t!=null&&this.setByParam(t)},Ie(E.asn1.DERTaggedObject,E.asn1.ASN1Object);var E,$t,gt,se=new function(){};function cn(t){for(var e=new Array,r=0;r<t.length;r++)e[r]=t.charCodeAt(r);return e}function ln(t){for(var e="",r=0;r<t.length;r++)e+=String.fromCharCode(t[r]);return e}function ar(t){for(var e="",r=0;r<t.length;r++){var n=t[r].toString(16);n.length==1&&(n="0"+n),e+=n}return e}function Ft(t){return ar(cn(t))}function ur(t){return t=(t=(t=t.replace(/\=/g,"")).replace(/\+/g,"-")).replace(/\//g,"_")}function zt(t){return t.length%4==2?t+="==":t.length%4==3&&(t+="="),t=(t=t.replace(/-/g,"+")).replace(/_/g,"/")}function Ne(t){return t.length%2==1&&(t="0"+t),ur(I(t))}function Ee(t){return Q(zt(t))}function Fr(t){return cr(hr(t))}function Oe(t){return decodeURIComponent(lr(t))}function ht(t){for(var e="",r=0;r<t.length-1;r+=2)e+=String.fromCharCode(parseInt(t.substr(r,2),16));return e}function _t(t){for(var e="",r=0;r<t.length;r++)e+=("0"+t.charCodeAt(r).toString(16)).slice(-2);return e}function hn(t){return I(t)}function dn(t){var e=hn(t).replace(/(.{64})/g,`$1\r
+`);return e=e.replace(/\r\n$/,"")}function fn(t){return Q(t.replace(/[^0-9A-Za-z\/+=]*/g,""))}function st(t,e){return"-----BEGIN "+e+`-----\r
+`+dn(t)+`\r
+-----END `+e+`-----\r
+`}function wt(t,e){if(t.indexOf("-----BEGIN ")==-1)throw"can't find PEM header: "+e;return fn(t=e!==void 0?(t=t.replace(new RegExp("^[^]*-----BEGIN "+e+"-----"),"")).replace(new RegExp("-----END "+e+"-----[^]*$"),""):(t=t.replace(/^[^]*-----BEGIN [^-]+-----/,"")).replace(/-----END [^-]+-----[^]*$/,""))}function xr(t){var e,r,n,a,f,_,P,F,k,D,O;if(O=t.match(/^(\d{2}|\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(|\.\d+)Z$/))return F=O[1],e=parseInt(F),F.length===2&&(50<=e&&e<100?e=1900+e:0<=e&&e<50&&(e=2e3+e)),r=parseInt(O[2])-1,n=parseInt(O[3]),a=parseInt(O[4]),f=parseInt(O[5]),_=parseInt(O[6]),P=0,(k=O[7])!==""&&(D=(k.substr(1)+"00").substr(0,3),P=parseInt(D)),Date.UTC(e,r,n,a,f,_,P);throw"unsupported zulu format: "+t}function gn(t){return~~(xr(t)/1e3)}function cr(t){return t.replace(/%/g,"")}function lr(t){return t.replace(/(..)/g,"%$1")}function pn(t){var e="malformed IPv6 address";if(!t.match(/^[0-9A-Fa-f:]+$/))throw e;var r=(t=t.toLowerCase()).split(":").length-1;if(r<2)throw e;var n=":".repeat(7-r+2),a=(t=t.replace("::",n)).split(":");if(a.length!=8)throw e;for(var f=0;f<8;f++)a[f]=("0000"+a[f]).slice(-4);return a.join("")}function yn(t){if(!t.match(/^[0-9A-Fa-f]{32}$/))throw"malformed IPv6 address octet";for(var e=(t=t.toLowerCase()).match(/.{1,4}/g),r=0;r<8;r++)e[r]=e[r].replace(/^0+/,""),e[r]==""&&(e[r]="0");var n=(t=":"+e.join(":")+":").match(/:(0:){2,}/g);if(n===null)return t.slice(1,-1);var a="";for(r=0;r<n.length;r++)n[r].length>a.length&&(a=n[r]);return(t=t.replace(a,"::")).slice(1,-1)}function Ar(t){var e="malformed hex value";if(!t.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))throw e;if(t.length!=8)return t.length==32?yn(t):t;try{return parseInt(t.substr(0,2),16)+"."+parseInt(t.substr(2,2),16)+"."+parseInt(t.substr(4,2),16)+"."+parseInt(t.substr(6,2),16)}catch{throw e}}function vn(t){return t.match(/.{4}/g).map((function(r){var n=parseInt(r.substr(0,2),16),a=parseInt(r.substr(2),16);if(n==0&a<128)return String.fromCharCode(a);if(n<8){var f=128|63&a;return Oe((192|(7&n)<<3|(192&a)>>6).toString(16)+f.toString(16))}f=128|(15&n)<<2|(192&a)>>6;var _=128|63&a;return Oe((224|(240&n)>>4).toString(16)+f.toString(16)+_.toString(16))})).join("")}function hr(t){for(var e=encodeURIComponent(t),r="",n=0;n<e.length;n++)e[n]=="%"?(r+=e.substr(n,3),n+=2):r=r+"%"+Ft(e[n]);return r}function mn(t){return!(t.length%2!=0||!t.match(/^[0-9a-f]+$/)&&!t.match(/^[0-9A-F]+$/))}function kr(t){return t.length%2==1?"0"+t:t.substr(0,1)>"7"?"00"+t:t}se.getLblen=function(t,e){if(t.substr(e+2,1)!="8")return 1;var r=parseInt(t.substr(e+3,1));return r==0?-1:0<r&&r<10?r+1:-2},se.getL=function(t,e){var r=se.getLblen(t,e);return r<1?"":t.substr(e+2,2*r)},se.getVblen=function(t,e){var r;return(r=se.getL(t,e))==""?-1:(r.substr(0,1)==="8"?new N(r.substr(2),16):new N(r,16)).intValue()},se.getVidx=function(t,e){var r=se.getLblen(t,e);return r<0?r:e+2*(r+1)},se.getV=function(t,e){var r=se.getVidx(t,e),n=se.getVblen(t,e);return t.substr(r,2*n)},se.getTLV=function(t,e){return t.substr(e,2)+se.getL(t,e)+se.getV(t,e)},se.getTLVblen=function(t,e){return 2+2*se.getLblen(t,e)+2*se.getVblen(t,e)},se.getNextSiblingIdx=function(t,e){return se.getVidx(t,e)+2*se.getVblen(t,e)},se.getChildIdx=function(t,e){var r,n,a,f=se,_=[];r=f.getVidx(t,e),n=2*f.getVblen(t,e),t.substr(e,2)=="03"&&(r+=2,n-=2),a=0;for(var P=r;a<=n;){var F=f.getTLVblen(t,P);if((a+=F)<=n&&_.push(P),P+=F,a>=n)break}return _},se.getNthChildIdx=function(t,e,r){return se.getChildIdx(t,e)[r]},se.getIdxbyList=function(t,e,r,n){var a,f,_=se;return r.length==0?n!==void 0&&t.substr(e,2)!==n?-1:e:(a=r.shift())>=(f=_.getChildIdx(t,e)).length?-1:_.getIdxbyList(t,f[a],r,n)},se.getIdxbyListEx=function(t,e,r,n){var a,f,_=se;if(r.length==0)return n!==void 0&&t.substr(e,2)!==n?-1:e;a=r.shift(),f=_.getChildIdx(t,e);for(var P=0,F=0;F<f.length;F++){var k=t.substr(f[F],2);if(typeof a=="number"&&!_.isContextTag(k)&&P==a||typeof a=="string"&&_.isContextTag(k,a))return _.getIdxbyListEx(t,f[F],r,n);_.isContextTag(k)||P++}return-1},se.getTLVbyList=function(t,e,r,n){var a=se,f=a.getIdxbyList(t,e,r,n);return f==-1||f>=t.length?null:a.getTLV(t,f)},se.getTLVbyListEx=function(t,e,r,n){var a=se,f=a.getIdxbyListEx(t,e,r,n);return f==-1?null:a.getTLV(t,f)},se.getVbyList=function(t,e,r,n,a){var f,_,P=se;return(f=P.getIdxbyList(t,e,r,n))==-1||f>=t.length?null:(_=P.getV(t,f),a===!0&&(_=_.substr(2)),_)},se.getVbyListEx=function(t,e,r,n,a){var f,_,P=se;return(f=P.getIdxbyListEx(t,e,r,n))==-1?null:(_=P.getV(t,f),t.substr(f,2)=="03"&&a!==!1&&(_=_.substr(2)),_)},se.getInt=function(t,e,r){r==null&&(r=-1);try{var n=t.substr(e,2);if(n!="02"&&n!="03")return r;var a=se.getV(t,e);return n=="02"?parseInt(a,16):(function(_){try{var P=_.substr(0,2);if(P=="00")return parseInt(_.substr(2),16);var F=parseInt(P,16),k=_.substr(2),D=parseInt(k,16).toString(2);return D=="0"&&(D="00000000"),D=D.slice(0,0-F),parseInt(D,2)}catch{return-1}})(a)}catch{return r}},se.getOID=function(t,e,r){r==null&&(r=null);try{return t.substr(e,2)!="06"?r:(function(a){if(!mn(a))return null;try{var f=[],_=a.substr(0,2),P=parseInt(_,16);f[0]=new String(Math.floor(P/40)),f[1]=new String(P%40);for(var F=a.substr(2),k=[],D=0;D<F.length/2;D++)k.push(parseInt(F.substr(2*D,2),16));var O=[],V="";for(D=0;D<k.length;D++)128&k[D]?V+=_n((127&k[D]).toString(2),7):(V+=_n((127&k[D]).toString(2),7),O.push(new String(parseInt(V,2))),V="");var z=f.join(".");return O.length>0&&(z=z+"."+O.join(".")),z}catch{return null}})(se.getV(t,e))}catch{return r}},se.getOIDName=function(t,e,r){r==null&&(r=null);try{var n=se.getOID(t,e,r);if(n==r)return r;var a=E.asn1.x509.OID.oid2name(n);return a==""?n:a}catch{return r}},se.getString=function(t,e,r){r==null&&(r=null);try{return ht(se.getV(t,e))}catch{return r}},se.hextooidstr=function(t){var e=function(V,z){return V.length>=z?V:new Array(z-V.length+1).join("0")+V},r=[],n=t.substr(0,2),a=parseInt(n,16);r[0]=new String(Math.floor(a/40)),r[1]=new String(a%40);for(var f=t.substr(2),_=[],P=0;P<f.length/2;P++)_.push(parseInt(f.substr(2*P,2),16));var F=[],k="";for(P=0;P<_.length;P++)128&_[P]?k+=e((127&_[P]).toString(2),7):(k+=e((127&_[P]).toString(2),7),F.push(new String(parseInt(k,2))),k="");var D=r.join(".");return F.length>0&&(D=D+"."+F.join(".")),D},se.dump=function(t,e,r,n){var a=se,f=a.getV,_=a.dump,P=a.getChildIdx,F=t;t instanceof E.asn1.ASN1Object&&(F=t.getEncodedHex());var k=function(oe,ge){return oe.length<=2*ge?oe:oe.substr(0,ge)+"..(total "+oe.length/2+"bytes).."+oe.substr(oe.length-ge,ge)};e===void 0&&(e={ommit_long_octet:32}),r===void 0&&(r=0),n===void 0&&(n="");var D,O=e.ommit_long_octet;if((D=F.substr(r,2))=="01")return(V=f(F,r))=="00"?n+`BOOLEAN FALSE
+`:n+`BOOLEAN TRUE
+`;if(D=="02")return n+"INTEGER "+k(V=f(F,r),O)+`
+`;if(D=="03"){var V=f(F,r);if(a.isASN1HEX(V.substr(2))){var z=n+`BITSTRING, encapsulates
+`;return z+=_(V.substr(2),e,0,n+"  ")}return n+"BITSTRING "+k(V,O)+`
+`}if(D=="04")return V=f(F,r),a.isASN1HEX(V)?(z=n+`OCTETSTRING, encapsulates
+`,z+=_(V,e,0,n+"  ")):n+"OCTETSTRING "+k(V,O)+`
+`;if(D=="05")return n+`NULL
+`;if(D=="06"){var G=f(F,r),Z=E.asn1.ASN1Util.oidHexToInt(G),ee=E.asn1.x509.OID.oid2name(Z),m=Z.replace(/\./g," ");return ee!=""?n+"ObjectIdentifier "+ee+" ("+m+`)
+`:n+"ObjectIdentifier ("+m+`)
+`}if(D=="0a")return n+"ENUMERATED "+parseInt(f(F,r))+`
+`;if(D=="0c")return n+"UTF8String '"+Oe(f(F,r))+`'
+`;if(D=="13")return n+"PrintableString '"+Oe(f(F,r))+`'
+`;if(D=="14")return n+"TeletexString '"+Oe(f(F,r))+`'
+`;if(D=="16")return n+"IA5String '"+Oe(f(F,r))+`'
+`;if(D=="17")return n+"UTCTime "+Oe(f(F,r))+`
+`;if(D=="18")return n+"GeneralizedTime "+Oe(f(F,r))+`
+`;if(D=="1a")return n+"VisualString '"+Oe(f(F,r))+`'
+`;if(D=="1e")return n+"BMPString '"+vn(f(F,r))+`'
+`;if(D=="30"){if(F.substr(r,4)=="3000")return n+`SEQUENCE {}
+`;z=n+`SEQUENCE
+`;var L=e;if(((Y=P(F,r)).length==2||Y.length==3)&&F.substr(Y[0],2)=="06"&&F.substr(Y[Y.length-1],2)=="04"){ee=a.oidname(f(F,Y[0]));var M=JSON.parse(JSON.stringify(e));M.x509ExtName=ee,L=M}for(var K=0;K<Y.length;K++)z+=_(F,L,Y[K],n+"  ");return z}if(D=="31"){z=n+`SET
+`;var Y=P(F,r);for(K=0;K<Y.length;K++)z+=_(F,e,Y[K],n+"  ");return z}if((128&(D=parseInt(D,16)))!=0){var te=31&D;if((32&D)!=0){for(z=n+"["+te+`]
+`,Y=P(F,r),K=0;K<Y.length;K++)z+=_(F,e,Y[K],n+"  ");return z}if(V=f(F,r),se.isASN1HEX(V)){var z=n+"["+te+`]
+`;return z+=_(V,e,0,n+"  ")}return(V.substr(0,8)=="68747470"||e.x509ExtName==="subjectAltName"&&te==2)&&(V=Oe(V)),z=n+"["+te+"] "+V+`
+`}return n+"UNKNOWN("+D+") "+f(F,r)+`
+`},se.isContextTag=function(t,e){var r,n;t=t.toLowerCase();try{r=parseInt(t,16)}catch{return-1}if(e===void 0)return(192&r)==128;try{return e.match(/^\[[0-9]+\]$/)!=null&&!((n=parseInt(e.substr(1,e.length-1),10))>31)&&(192&r)==128&&(31&r)==n}catch{return!1}},se.isASN1HEX=function(t){var e=se;if(t.length%2==1)return!1;var r=e.getVblen(t,0),n=t.substr(0,2),a=e.getL(t,0);return t.length-n.length-a.length==2*r},se.checkStrictDER=function(t,e,r,n,a){var f=se;if(r===void 0){if(typeof t!="string")throw new Error("not hex string");if(t=t.toLowerCase(),!E.lang.String.isHex(t))throw new Error("not hex string");r=t.length,a=(n=t.length/2)<128?1:Math.ceil(n.toString(16))+1}if(f.getL(t,e).length>2*a)throw new Error("L of TLV too long: idx="+e);var _=f.getVblen(t,e);if(_>n)throw new Error("value of L too long than hex: idx="+e);var P=f.getTLV(t,e),F=P.length-2-f.getL(t,e).length;if(F!==2*_)throw new Error("V string length and L's value not the same:"+F+"/"+2*_);if(e===0&&t.length!=P.length)throw new Error("total length and TLV length unmatch:"+t.length+"!="+P.length);var k=t.substr(e,2);if(k==="02"){var D=f.getVidx(t,e);if(t.substr(D,2)=="00"&&t.charCodeAt(D+2)<56)throw new Error("not least zeros for DER INTEGER")}if(32&parseInt(k,16)){for(var O=f.getVblen(t,e),V=0,z=f.getChildIdx(t,e),G=0;G<z.length;G++)V+=f.getTLV(t,z[G]).length,f.checkStrictDER(t,z[G],r,n,a);if(2*O!=V)throw new Error("sum of children's TLV length and L unmatch: "+2*O+"!="+V)}},se.oidname=function(t){var e=E.asn1;E.lang.String.isHex(t)&&(t=e.ASN1Util.oidHexToInt(t));var r=e.x509.OID.oid2name(t);return r===""&&(r=t),r},E!==void 0&&E||(s.KJUR=E={}),E.lang!==void 0&&E.lang||(E.lang={}),E.lang.String=function(){},typeof v=="function"?(s.utf8tob64u=$t=function(e){return ur(v.from(e,"utf8").toString("base64"))},s.b64utoutf8=gt=function(e){return v.from(zt(e),"base64").toString("utf8")}):(s.utf8tob64u=$t=function(e){return Ne(cr(hr(e)))},s.b64utoutf8=gt=function(e){return decodeURIComponent(lr(Ee(e)))}),E.lang.String.isInteger=function(t){return!!t.match(/^[0-9]+$/)||!!t.match(/^-[0-9]+$/)},E.lang.String.isHex=function(t){return mn(t)},E.lang.String.isBase64=function(t){return!(!(t=t.replace(/\s+/g,"")).match(/^[0-9A-Za-z+\/]+={0,3}$/)||t.length%4!=0)},E.lang.String.isBase64URL=function(t){return!t.match(/[+/=]/)&&(t=zt(t),E.lang.String.isBase64(t))},E.lang.String.isIntegerArray=function(t){return!!(t=t.replace(/\s+/g,"")).match(/^\[[0-9,]+\]$/)},E.lang.String.isPrintable=function(t){return t.match(/^[0-9A-Za-z '()+,-./:=?]*$/)!==null},E.lang.String.isIA5=function(t){return t.match(/^[\x20-\x21\x23-\x7f]*$/)!==null},E.lang.String.isMail=function(t){return t.match(/^[A-Za-z0-9]{1}[A-Za-z0-9_.-]*@{1}[A-Za-z0-9_.-]{1,}\.[A-Za-z0-9]{1,}$/)!==null};var _n=function(e,r,n){return n==null&&(n="0"),e.length>=r?e:new Array(r-e.length+1).join(n)+e};function Ie(t,e){var r=function(){};r.prototype=e.prototype,t.prototype=new r,t.prototype.constructor=t,t.superclass=e.prototype,e.prototype.constructor==Object.prototype.constructor&&(e.prototype.constructor=e)}E!==void 0&&E||(s.KJUR=E={}),E.crypto!==void 0&&E.crypto||(E.crypto={}),E.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414"},this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa"},this.CRYPTOJSMESSAGEDIGESTNAME={md5:x.algo.MD5,sha1:x.algo.SHA1,sha224:x.algo.SHA224,sha256:x.algo.SHA256,sha384:x.algo.SHA384,sha512:x.algo.SHA512,ripemd160:x.algo.RIPEMD160},this.getDigestInfoHex=function(t,e){if(this.DIGESTINFOHEAD[e]===void 0)throw"alg not supported in Util.DIGESTINFOHEAD: "+e;return this.DIGESTINFOHEAD[e]+t},this.getPaddedDigestInfoHex=function(t,e,r){var n=this.getDigestInfoHex(t,e),a=r/4;if(n.length+22>a)throw"key is too short for SigAlg: keylen="+r+","+e;for(var f="0001",_="00"+n,P="",F=a-f.length-_.length,k=0;k<F;k+=2)P+="ff";return f+P+_},this.hashString=function(t,e){return new E.crypto.MessageDigest({alg:e}).digestString(t)},this.hashHex=function(t,e){return new E.crypto.MessageDigest({alg:e}).digestHex(t)},this.sha1=function(t){return this.hashString(t,"sha1")},this.sha256=function(t){return this.hashString(t,"sha256")},this.sha256Hex=function(t){return this.hashHex(t,"sha256")},this.sha512=function(t){return this.hashString(t,"sha512")},this.sha512Hex=function(t){return this.hashHex(t,"sha512")},this.isKey=function(t){return t instanceof le||t instanceof E.crypto.DSA||t instanceof E.crypto.ECDSA}},E.crypto.Util.md5=function(t){return new E.crypto.MessageDigest({alg:"md5",prov:"cryptojs"}).digestString(t)},E.crypto.Util.ripemd160=function(t){return new E.crypto.MessageDigest({alg:"ripemd160",prov:"cryptojs"}).digestString(t)},E.crypto.Util.SECURERANDOMGEN=new Se,E.crypto.Util.getRandomHexOfNbytes=function(t){var e=new Array(t);return E.crypto.Util.SECURERANDOMGEN.nextBytes(e),ar(e)},E.crypto.Util.getRandomBigIntegerOfNbytes=function(t){return new N(E.crypto.Util.getRandomHexOfNbytes(t),16)},E.crypto.Util.getRandomHexOfNbits=function(t){var e=t%8,r=new Array((t-e)/8+1);return E.crypto.Util.SECURERANDOMGEN.nextBytes(r),r[0]=(255<<e&255^255)&r[0],ar(r)},E.crypto.Util.getRandomBigIntegerOfNbits=function(t){return new N(E.crypto.Util.getRandomHexOfNbits(t),16)},E.crypto.Util.getRandomBigIntegerZeroToMax=function(t){for(var e=t.bitLength();;){var r=E.crypto.Util.getRandomBigIntegerOfNbits(e);if(t.compareTo(r)!=-1)return r}},E.crypto.Util.getRandomBigIntegerMinToMax=function(t,e){var r=t.compareTo(e);if(r==1)throw"biMin is greater than biMax";if(r==0)return t;var n=e.subtract(t);return E.crypto.Util.getRandomBigIntegerZeroToMax(n).add(t)},E.crypto.MessageDigest=function(t){this.setAlgAndProvider=function(e,r){if((e=E.crypto.MessageDigest.getCanonicalAlgName(e))!==null&&r===void 0&&(r=E.crypto.Util.DEFAULTPROVIDER[e]),":md5:sha1:sha224:sha256:sha384:sha512:ripemd160:".indexOf(e)!=-1&&r=="cryptojs"){try{this.md=E.crypto.Util.CRYPTOJSMESSAGEDIGESTNAME[e].create()}catch(n){throw"setAlgAndProvider hash alg set fail alg="+e+"/"+n}this.updateString=function(n){this.md.update(n)},this.updateHex=function(n){var a=x.enc.Hex.parse(n);this.md.update(a)},this.digest=function(){return this.md.finalize().toString(x.enc.Hex)},this.digestString=function(n){return this.updateString(n),this.digest()},this.digestHex=function(n){return this.updateHex(n),this.digest()}}if(":sha256:".indexOf(e)!=-1&&r=="sjcl"){try{this.md=new sjcl.hash.sha256}catch(n){throw"setAlgAndProvider hash alg set fail alg="+e+"/"+n}this.updateString=function(n){this.md.update(n)},this.updateHex=function(n){var a=sjcl.codec.hex.toBits(n);this.md.update(a)},this.digest=function(){var n=this.md.finalize();return sjcl.codec.hex.fromBits(n)},this.digestString=function(n){return this.updateString(n),this.digest()},this.digestHex=function(n){return this.updateHex(n),this.digest()}}},this.updateString=function(e){throw"updateString(str) not supported for this alg/prov: "+this.algName+"/"+this.provName},this.updateHex=function(e){throw"updateHex(hex) not supported for this alg/prov: "+this.algName+"/"+this.provName},this.digest=function(){throw"digest() not supported for this alg/prov: "+this.algName+"/"+this.provName},this.digestString=function(e){throw"digestString(str) not supported for this alg/prov: "+this.algName+"/"+this.provName},this.digestHex=function(e){throw"digestHex(hex) not supported for this alg/prov: "+this.algName+"/"+this.provName},t!==void 0&&t.alg!==void 0&&(this.algName=t.alg,t.prov===void 0&&(this.provName=E.crypto.Util.DEFAULTPROVIDER[this.algName]),this.setAlgAndProvider(this.algName,this.provName))},E.crypto.MessageDigest.getCanonicalAlgName=function(t){return typeof t=="string"&&(t=(t=t.toLowerCase()).replace(/-/,"")),t},E.crypto.MessageDigest.getHashLength=function(t){var e=E.crypto.MessageDigest,r=e.getCanonicalAlgName(t);if(e.HASHLENGTH[r]===void 0)throw"not supported algorithm: "+t;return e.HASHLENGTH[r]},E.crypto.MessageDigest.HASHLENGTH={md5:16,sha1:20,sha224:28,sha256:32,sha384:48,sha512:64,ripemd160:20},E.crypto.Mac=function(t){this.setAlgAndProvider=function(e,r){if((e=e.toLowerCase())==null&&(e="hmacsha1"),(e=e.toLowerCase()).substr(0,4)!="hmac")throw"setAlgAndProvider unsupported HMAC alg: "+e;r===void 0&&(r=E.crypto.Util.DEFAULTPROVIDER[e]),this.algProv=e+"/"+r;var n=e.substr(4);if(":md5:sha1:sha224:sha256:sha384:sha512:ripemd160:".indexOf(n)!=-1&&r=="cryptojs"){try{var a=E.crypto.Util.CRYPTOJSMESSAGEDIGESTNAME[n];this.mac=x.algo.HMAC.create(a,this.pass)}catch(f){throw"setAlgAndProvider hash alg set fail hashAlg="+n+"/"+f}this.updateString=function(f){this.mac.update(f)},this.updateHex=function(f){var _=x.enc.Hex.parse(f);this.mac.update(_)},this.doFinal=function(){return this.mac.finalize().toString(x.enc.Hex)},this.doFinalString=function(f){return this.updateString(f),this.doFinal()},this.doFinalHex=function(f){return this.updateHex(f),this.doFinal()}}},this.updateString=function(e){throw"updateString(str) not supported for this alg/prov: "+this.algProv},this.updateHex=function(e){throw"updateHex(hex) not supported for this alg/prov: "+this.algProv},this.doFinal=function(){throw"digest() not supported for this alg/prov: "+this.algProv},this.doFinalString=function(e){throw"digestString(str) not supported for this alg/prov: "+this.algProv},this.doFinalHex=function(e){throw"digestHex(hex) not supported for this alg/prov: "+this.algProv},this.setPassword=function(e){if(typeof e=="string"){var r=e;return e.length%2!=1&&e.match(/^[0-9A-Fa-f]+$/)||(r=_t(e)),void(this.pass=x.enc.Hex.parse(r))}if((e===void 0?"undefined":C(e))!="object")throw"KJUR.crypto.Mac unsupported password type: "+e;if(r=null,e.hex!==void 0){if(e.hex.length%2!=0||!e.hex.match(/^[0-9A-Fa-f]+$/))throw"Mac: wrong hex password: "+e.hex;r=e.hex}if(e.utf8!==void 0&&(r=Fr(e.utf8)),e.rstr!==void 0&&(r=_t(e.rstr)),e.b64!==void 0&&(r=Q(e.b64)),e.b64u!==void 0&&(r=Ee(e.b64u)),r==null)throw"KJUR.crypto.Mac unsupported password type: "+e;this.pass=x.enc.Hex.parse(r)},t!==void 0&&(t.pass!==void 0&&this.setPassword(t.pass),t.alg!==void 0&&(this.algName=t.alg,t.prov===void 0&&(this.provName=E.crypto.Util.DEFAULTPROVIDER[this.algName]),this.setAlgAndProvider(this.algName,this.provName)))},E.crypto.Signature=function(t){var e=null;if(this._setAlgNames=function(){var r=this.algName.match(/^(.+)with(.+)$/);r&&(this.mdAlgName=r[1].toLowerCase(),this.pubkeyAlgName=r[2].toLowerCase(),this.pubkeyAlgName=="rsaandmgf1"&&this.mdAlgName=="sha"&&(this.mdAlgName="sha1"))},this._zeroPaddingOfSignature=function(r,n){for(var a="",f=n/4-r.length,_=0;_<f;_++)a+="0";return a+r},this.setAlgAndProvider=function(r,n){if(this._setAlgNames(),n!="cryptojs/jsrsa")throw new Error("provider not supported: "+n);if(":md5:sha1:sha224:sha256:sha384:sha512:ripemd160:".indexOf(this.mdAlgName)!=-1){try{this.md=new E.crypto.MessageDigest({alg:this.mdAlgName})}catch(a){throw new Error("setAlgAndProvider hash alg set fail alg="+this.mdAlgName+"/"+a)}this.init=function(a,f){var _=null;try{_=f===void 0?Ue.getKey(a):Ue.getKey(a,f)}catch(P){throw"init failed:"+P}if(_.isPrivate===!0)this.prvKey=_,this.state="SIGN";else{if(_.isPublic!==!0)throw"init failed.:"+_;this.pubKey=_,this.state="VERIFY"}},this.updateString=function(a){this.md.updateString(a)},this.updateHex=function(a){this.md.updateHex(a)},this.sign=function(){if(this.sHashHex=this.md.digest(),this.prvKey===void 0&&this.ecprvhex!==void 0&&this.eccurvename!==void 0&&E.crypto.ECDSA!==void 0&&(this.prvKey=new E.crypto.ECDSA({curve:this.eccurvename,prv:this.ecprvhex})),this.prvKey instanceof le&&this.pubkeyAlgName==="rsaandmgf1")this.hSign=this.prvKey.signWithMessageHashPSS(this.sHashHex,this.mdAlgName,this.pssSaltLen);else if(this.prvKey instanceof le&&this.pubkeyAlgName==="rsa")this.hSign=this.prvKey.signWithMessageHash(this.sHashHex,this.mdAlgName);else if(this.prvKey instanceof E.crypto.ECDSA)this.hSign=this.prvKey.signWithMessageHash(this.sHashHex);else{if(!(this.prvKey instanceof E.crypto.DSA))throw"Signature: unsupported private key alg: "+this.pubkeyAlgName;this.hSign=this.prvKey.signWithMessageHash(this.sHashHex)}return this.hSign},this.signString=function(a){return this.updateString(a),this.sign()},this.signHex=function(a){return this.updateHex(a),this.sign()},this.verify=function(a){if(this.sHashHex=this.md.digest(),this.pubKey===void 0&&this.ecpubhex!==void 0&&this.eccurvename!==void 0&&E.crypto.ECDSA!==void 0&&(this.pubKey=new E.crypto.ECDSA({curve:this.eccurvename,pub:this.ecpubhex})),this.pubKey instanceof le&&this.pubkeyAlgName==="rsaandmgf1")return this.pubKey.verifyWithMessageHashPSS(this.sHashHex,a,this.mdAlgName,this.pssSaltLen);if(this.pubKey instanceof le&&this.pubkeyAlgName==="rsa")return this.pubKey.verifyWithMessageHash(this.sHashHex,a);if(E.crypto.ECDSA!==void 0&&this.pubKey instanceof E.crypto.ECDSA)return this.pubKey.verifyWithMessageHash(this.sHashHex,a);if(E.crypto.DSA!==void 0&&this.pubKey instanceof E.crypto.DSA)return this.pubKey.verifyWithMessageHash(this.sHashHex,a);throw"Signature: unsupported public key alg: "+this.pubkeyAlgName}}},this.init=function(r,n){throw"init(key, pass) not supported for this alg:prov="+this.algProvName},this.updateString=function(r){throw"updateString(str) not supported for this alg:prov="+this.algProvName},this.updateHex=function(r){throw"updateHex(hex) not supported for this alg:prov="+this.algProvName},this.sign=function(){throw"sign() not supported for this alg:prov="+this.algProvName},this.signString=function(r){throw"digestString(str) not supported for this alg:prov="+this.algProvName},this.signHex=function(r){throw"digestHex(hex) not supported for this alg:prov="+this.algProvName},this.verify=function(r){throw"verify(hSigVal) not supported for this alg:prov="+this.algProvName},this.initParams=t,t!==void 0&&(t.alg!==void 0&&(this.algName=t.alg,t.prov===void 0?this.provName=E.crypto.Util.DEFAULTPROVIDER[this.algName]:this.provName=t.prov,this.algProvName=this.algName+":"+this.provName,this.setAlgAndProvider(this.algName,this.provName),this._setAlgNames()),t.psssaltlen!==void 0&&(this.pssSaltLen=t.psssaltlen),t.prvkeypem!==void 0)){if(t.prvkeypas!==void 0)throw"both prvkeypem and prvkeypas parameters not supported";try{e=Ue.getKey(t.prvkeypem),this.init(e)}catch(r){throw"fatal error to load pem private key: "+r}}},E.crypto.Cipher=function(t){},E.crypto.Cipher.encrypt=function(t,e,r){if(e instanceof le&&e.isPublic){var n=E.crypto.Cipher.getAlgByKeyAndName(e,r);if(n==="RSA")return e.encrypt(t);if(n==="RSAOAEP")return e.encryptOAEP(t,"sha1");var a=n.match(/^RSAOAEP(\d+)$/);if(a!==null)return e.encryptOAEP(t,"sha"+a[1]);throw"Cipher.encrypt: unsupported algorithm for RSAKey: "+r}throw"Cipher.encrypt: unsupported key or algorithm"},E.crypto.Cipher.decrypt=function(t,e,r){if(e instanceof le&&e.isPrivate){var n=E.crypto.Cipher.getAlgByKeyAndName(e,r);if(n==="RSA")return e.decrypt(t);if(n==="RSAOAEP")return e.decryptOAEP(t,"sha1");var a=n.match(/^RSAOAEP(\d+)$/);if(a!==null)return e.decryptOAEP(t,"sha"+a[1]);throw"Cipher.decrypt: unsupported algorithm for RSAKey: "+r}throw"Cipher.decrypt: unsupported key or algorithm"},E.crypto.Cipher.getAlgByKeyAndName=function(t,e){if(t instanceof le){if(":RSA:RSAOAEP:RSAOAEP224:RSAOAEP256:RSAOAEP384:RSAOAEP512:".indexOf(e)!=-1)return e;if(e==null)return"RSA";throw"getAlgByKeyAndName: not supported algorithm name for RSAKey: "+e}throw"getAlgByKeyAndName: not supported algorithm name: "+e},E.crypto.OID=new function(){this.oidhex2name={"2a864886f70d010101":"rsaEncryption","2a8648ce3d0201":"ecPublicKey","2a8648ce380401":"dsa","2a8648ce3d030107":"secp256r1","2b8104001f":"secp192k1","2b81040021":"secp224r1","2b8104000a":"secp256k1","2b81040023":"secp521r1","2b81040022":"secp384r1","2a8648ce380403":"SHA1withDSA","608648016503040301":"SHA224withDSA","608648016503040302":"SHA256withDSA"}},E!==void 0&&E||(s.KJUR=E={}),E.crypto!==void 0&&E.crypto||(E.crypto={}),E.crypto.ECDSA=function(t){var e=Error,r=N,n=pe,a=E.crypto.ECDSA,f=E.crypto.ECParameterDB,_=a.getName,P=se,F=P.getVbyListEx,k=P.isASN1HEX,D=new Se;this.type="EC",this.isPrivate=!1,this.isPublic=!1,this.getBigRandom=function(O){return new r(O.bitLength(),D).mod(O.subtract(r.ONE)).add(r.ONE)},this.setNamedCurve=function(O){this.ecparams=f.getByName(O),this.prvKeyHex=null,this.pubKeyHex=null,this.curveName=O},this.setPrivateKeyHex=function(O){this.isPrivate=!0,this.prvKeyHex=O},this.setPublicKeyHex=function(O){this.isPublic=!0,this.pubKeyHex=O},this.getPublicKeyXYHex=function(){var O=this.pubKeyHex;if(O.substr(0,2)!=="04")throw"this method supports uncompressed format(04) only";var V=this.ecparams.keylen/4;if(O.length!==2+2*V)throw"malformed public key hex length";var z={};return z.x=O.substr(2,V),z.y=O.substr(2+V),z},this.getShortNISTPCurveName=function(){var O=this.curveName;return O==="secp256r1"||O==="NIST P-256"||O==="P-256"||O==="prime256v1"?"P-256":O==="secp384r1"||O==="NIST P-384"||O==="P-384"?"P-384":null},this.generateKeyPairHex=function(){var O=this.ecparams.n,V=this.getBigRandom(O),z=this.ecparams.G.multiply(V),G=z.getX().toBigInteger(),Z=z.getY().toBigInteger(),ee=this.ecparams.keylen/4,m=("0000000000"+V.toString(16)).slice(-ee),L="04"+("0000000000"+G.toString(16)).slice(-ee)+("0000000000"+Z.toString(16)).slice(-ee);return this.setPrivateKeyHex(m),this.setPublicKeyHex(L),{ecprvhex:m,ecpubhex:L}},this.signWithMessageHash=function(O){return this.signHex(O,this.prvKeyHex)},this.signHex=function(O,V){var z=new r(V,16),G=this.ecparams.n,Z=new r(O.substring(0,this.ecparams.keylen/4),16);do var ee=this.getBigRandom(G),m=this.ecparams.G.multiply(ee).getX().toBigInteger().mod(G);while(m.compareTo(r.ZERO)<=0);var L=ee.modInverse(G).multiply(Z.add(z.multiply(m))).mod(G);return a.biRSSigToASN1Sig(m,L)},this.sign=function(O,V){var z=V,G=this.ecparams.n,Z=r.fromByteArrayUnsigned(O);do var ee=this.getBigRandom(G),m=this.ecparams.G.multiply(ee).getX().toBigInteger().mod(G);while(m.compareTo(N.ZERO)<=0);var L=ee.modInverse(G).multiply(Z.add(z.multiply(m))).mod(G);return this.serializeSig(m,L)},this.verifyWithMessageHash=function(O,V){return this.verifyHex(O,V,this.pubKeyHex)},this.verifyHex=function(O,V,z){try{var G,Z,ee=a.parseSigHex(V);G=ee.r,Z=ee.s;var m=n.decodeFromHex(this.ecparams.curve,z),L=new r(O.substring(0,this.ecparams.keylen/4),16);return this.verifyRaw(L,G,Z,m)}catch{return!1}},this.verify=function(O,V,z){var G,Z,ee;if(Bitcoin.Util.isArray(V)){var m=this.parseSig(V);G=m.r,Z=m.s}else{if((V===void 0?"undefined":C(V))!=="object"||!V.r||!V.s)throw"Invalid value for signature";G=V.r,Z=V.s}if(z instanceof pe)ee=z;else{if(!Bitcoin.Util.isArray(z))throw"Invalid format for pubkey value, must be byte array or ECPointFp";ee=n.decodeFrom(this.ecparams.curve,z)}var L=r.fromByteArrayUnsigned(O);return this.verifyRaw(L,G,Z,ee)},this.verifyRaw=function(O,V,z,G){var Z=this.ecparams.n,ee=this.ecparams.G;if(V.compareTo(r.ONE)<0||V.compareTo(Z)>=0||z.compareTo(r.ONE)<0||z.compareTo(Z)>=0)return!1;var m=z.modInverse(Z),L=O.multiply(m).mod(Z),M=V.multiply(m).mod(Z);return ee.multiply(L).add(G.multiply(M)).getX().toBigInteger().mod(Z).equals(V)},this.serializeSig=function(O,V){var z=O.toByteArraySigned(),G=V.toByteArraySigned(),Z=[];return Z.push(2),Z.push(z.length),(Z=Z.concat(z)).push(2),Z.push(G.length),(Z=Z.concat(G)).unshift(Z.length),Z.unshift(48),Z},this.parseSig=function(O){var V;if(O[0]!=48)throw new Error("Signature not a valid DERSequence");if(O[V=2]!=2)throw new Error("First element in signature must be a DERInteger");var z=O.slice(V+2,V+2+O[V+1]);if(O[V+=2+O[V+1]]!=2)throw new Error("Second element in signature must be a DERInteger");var G=O.slice(V+2,V+2+O[V+1]);return V+=2+O[V+1],{r:r.fromByteArrayUnsigned(z),s:r.fromByteArrayUnsigned(G)}},this.parseSigCompact=function(O){if(O.length!==65)throw"Signature has the wrong length";var V=O[0]-27;if(V<0||V>7)throw"Invalid signature type";var z=this.ecparams.n;return{r:r.fromByteArrayUnsigned(O.slice(1,33)).mod(z),s:r.fromByteArrayUnsigned(O.slice(33,65)).mod(z),i:V}},this.readPKCS5PrvKeyHex=function(O){if(k(O)===!1)throw new Error("not ASN.1 hex string");var V,z,G;try{V=F(O,0,["[0]",0],"06"),z=F(O,0,[1],"04");try{G=F(O,0,["[1]",0],"03")}catch{}}catch{throw new Error("malformed PKCS#1/5 plain ECC private key")}if(this.curveName=_(V),this.curveName===void 0)throw"unsupported curve name";this.setNamedCurve(this.curveName),this.setPublicKeyHex(G),this.setPrivateKeyHex(z),this.isPublic=!1},this.readPKCS8PrvKeyHex=function(O){if(k(O)===!1)throw new e("not ASN.1 hex string");var V,z,G;try{F(O,0,[1,0],"06"),V=F(O,0,[1,1],"06"),z=F(O,0,[2,0,1],"04");try{G=F(O,0,[2,0,"[1]",0],"03")}catch{}}catch{throw new e("malformed PKCS#8 plain ECC private key")}if(this.curveName=_(V),this.curveName===void 0)throw new e("unsupported curve name");this.setNamedCurve(this.curveName),this.setPublicKeyHex(G),this.setPrivateKeyHex(z),this.isPublic=!1},this.readPKCS8PubKeyHex=function(O){if(k(O)===!1)throw new e("not ASN.1 hex string");var V,z;try{F(O,0,[0,0],"06"),V=F(O,0,[0,1],"06"),z=F(O,0,[1],"03")}catch{throw new e("malformed PKCS#8 ECC public key")}if(this.curveName=_(V),this.curveName===null)throw new e("unsupported curve name");this.setNamedCurve(this.curveName),this.setPublicKeyHex(z)},this.readCertPubKeyHex=function(O,V){if(k(O)===!1)throw new e("not ASN.1 hex string");var z,G;try{z=F(O,0,[0,5,0,1],"06"),G=F(O,0,[0,5,1],"03")}catch{throw new e("malformed X.509 certificate ECC public key")}if(this.curveName=_(z),this.curveName===null)throw new e("unsupported curve name");this.setNamedCurve(this.curveName),this.setPublicKeyHex(G)},t!==void 0&&t.curve!==void 0&&(this.curveName=t.curve),this.curveName===void 0&&(this.curveName="secp256r1"),this.setNamedCurve(this.curveName),t!==void 0&&(t.prv!==void 0&&this.setPrivateKeyHex(t.prv),t.pub!==void 0&&this.setPublicKeyHex(t.pub))},E.crypto.ECDSA.parseSigHex=function(t){var e=E.crypto.ECDSA.parseSigHexInHexRS(t);return{r:new N(e.r,16),s:new N(e.s,16)}},E.crypto.ECDSA.parseSigHexInHexRS=function(t){var e=se,r=e.getChildIdx,n=e.getV;if(e.checkStrictDER(t,0),t.substr(0,2)!="30")throw new Error("signature is not a ASN.1 sequence");var a=r(t,0);if(a.length!=2)throw new Error("signature shall have two elements");var f=a[0],_=a[1];if(t.substr(f,2)!="02")throw new Error("1st item not ASN.1 integer");if(t.substr(_,2)!="02")throw new Error("2nd item not ASN.1 integer");return{r:n(t,f),s:n(t,_)}},E.crypto.ECDSA.asn1SigToConcatSig=function(t){var e=E.crypto.ECDSA.parseSigHexInHexRS(t),r=e.r,n=e.s;if(r.substr(0,2)=="00"&&r.length%32==2&&(r=r.substr(2)),n.substr(0,2)=="00"&&n.length%32==2&&(n=n.substr(2)),r.length%32==30&&(r="00"+r),n.length%32==30&&(n="00"+n),r.length%32!=0)throw"unknown ECDSA sig r length error";if(n.length%32!=0)throw"unknown ECDSA sig s length error";return r+n},E.crypto.ECDSA.concatSigToASN1Sig=function(t){if(t.length/2*8%128!=0)throw"unknown ECDSA concatinated r-s sig  length error";var e=t.substr(0,t.length/2),r=t.substr(t.length/2);return E.crypto.ECDSA.hexRSSigToASN1Sig(e,r)},E.crypto.ECDSA.hexRSSigToASN1Sig=function(t,e){var r=new N(t,16),n=new N(e,16);return E.crypto.ECDSA.biRSSigToASN1Sig(r,n)},E.crypto.ECDSA.biRSSigToASN1Sig=function(t,e){var r=E.asn1,n=new r.DERInteger({bigint:t}),a=new r.DERInteger({bigint:e});return new r.DERSequence({array:[n,a]}).getEncodedHex()},E.crypto.ECDSA.getName=function(t){return t==="2b8104001f"?"secp192k1":t==="2a8648ce3d030107"?"secp256r1":t==="2b8104000a"?"secp256k1":t==="2b81040021"?"secp224r1":t==="2b81040022"?"secp384r1":"|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(t)!==-1?"secp256r1":"|secp256k1|".indexOf(t)!==-1?"secp256k1":"|secp224r1|NIST P-224|P-224|".indexOf(t)!==-1?"secp224r1":"|secp384r1|NIST P-384|P-384|".indexOf(t)!==-1?"secp384r1":null},E!==void 0&&E||(s.KJUR=E={}),E.crypto!==void 0&&E.crypto||(E.crypto={}),E.crypto.ECParameterDB=new function(){var t={},e={};function r(n){return new N(n,16)}this.getByName=function(n){var a=n;if(e[a]!==void 0&&(a=e[n]),t[a]!==void 0)return t[a];throw"unregistered EC curve name: "+a},this.regist=function(n,a,f,_,P,F,k,D,O,V,z,G){t[n]={};var Z=r(f),ee=r(_),m=r(P),L=r(F),M=r(k),K=new lt(Z,ee,m),Y=K.decodePointHex("04"+D+O);t[n].name=n,t[n].keylen=a,t[n].curve=K,t[n].G=Y,t[n].n=L,t[n].h=M,t[n].oid=z,t[n].info=G;for(var te=0;te<V.length;te++)e[V[te]]=n}},E.crypto.ECParameterDB.regist("secp128r1",128,"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF","FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC","E87579C11079F43DD824993C2CEE5ED3","FFFFFFFE0000000075A30D1B9038A115","1","161FF7528B899B2D0C28607CA52C5B86","CF5AC8395BAFEB13C02DA292DDED7A83",[],"","secp128r1 : SECG curve over a 128 bit prime field"),E.crypto.ECParameterDB.regist("secp160k1",160,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73","0","7","0100000000000000000001B8FA16DFAB9ACA16B6B3","1","3B4C382CE37AA192A4019E763036F4F5DD4D7EBB","938CF935318FDCED6BC28286531733C3F03C4FEE",[],"","secp160k1 : SECG curve over a 160 bit prime field"),E.crypto.ECParameterDB.regist("secp160r1",160,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC","1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45","0100000000000000000001F4C8F927AED3CA752257","1","4A96B5688EF573284664698968C38BB913CBFC82","23A628553168947D59DCC912042351377AC5FB32",[],"","secp160r1 : SECG curve over a 160 bit prime field"),E.crypto.ECParameterDB.regist("secp192k1",192,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37","0","3","FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D","1","DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D","9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",[]),E.crypto.ECParameterDB.regist("secp192r1",192,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC","64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1","FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831","1","188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012","07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",[]),E.crypto.ECParameterDB.regist("secp224r1",224,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE","B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4","FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D","1","B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21","BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",[]),E.crypto.ECParameterDB.regist("secp256k1",256,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F","0","7","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141","1","79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798","483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",[]),E.crypto.ECParameterDB.regist("secp256r1",256,"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF","FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC","5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B","FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551","1","6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296","4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",["NIST P-256","P-256","prime256v1"]),E.crypto.ECParameterDB.regist("secp384r1",384,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC","B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973","1","AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7","3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f",["NIST P-384","P-384"]),E.crypto.ECParameterDB.regist("secp521r1",521,"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF","1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC","051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00","1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409","1","C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66","011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",["NIST P-521","P-521"]);var Ue=(function(){var t=function(k,D,O){return e(x.AES,k,D,O)},e=function(k,D,O,V){var z=x.enc.Hex.parse(D),G=x.enc.Hex.parse(O),Z=x.enc.Hex.parse(V),ee={};ee.key=G,ee.iv=Z,ee.ciphertext=z;var m=k.decrypt(ee,G,{iv:Z});return x.enc.Hex.stringify(m)},r=function(k,D,O){return n(x.AES,k,D,O)},n=function(k,D,O,V){var z=x.enc.Hex.parse(D),G=x.enc.Hex.parse(O),Z=x.enc.Hex.parse(V),ee=k.encrypt(z,G,{iv:Z}),m=x.enc.Hex.parse(ee.toString());return x.enc.Base64.stringify(m)},a={"AES-256-CBC":{proc:t,eproc:r,keylen:32,ivlen:16},"AES-192-CBC":{proc:t,eproc:r,keylen:24,ivlen:16},"AES-128-CBC":{proc:t,eproc:r,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:function(k,D,O){return e(x.TripleDES,k,D,O)},eproc:function(k,D,O){return n(x.TripleDES,k,D,O)},keylen:24,ivlen:8},"DES-CBC":{proc:function(k,D,O){return e(x.DES,k,D,O)},eproc:function(k,D,O){return n(x.DES,k,D,O)},keylen:8,ivlen:8}},f=function(k){var D={},O=k.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));O&&(D.cipher=O[1],D.ivsalt=O[2]);var V=k.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));V&&(D.type=V[1]);var z=-1,G=0;k.indexOf(`\r
+\r
+`)!=-1&&(z=k.indexOf(`\r
+\r
+`),G=2),k.indexOf(`
+
+`)!=-1&&(z=k.indexOf(`
+
+`),G=1);var Z=k.indexOf("-----END");if(z!=-1&&Z!=-1){var ee=k.substring(z+2*G,Z-G);ee=ee.replace(/\s+/g,""),D.data=ee}return D},_=function(k,D,O){for(var V=O.substring(0,16),z=x.enc.Hex.parse(V),G=x.enc.Utf8.parse(D),Z=a[k].keylen+a[k].ivlen,ee="",m=null;;){var L=x.algo.MD5.create();if(m!=null&&L.update(m),L.update(G),L.update(z),m=L.finalize(),(ee+=x.enc.Hex.stringify(m)).length>=2*Z)break}var M={};return M.keyhex=ee.substr(0,2*a[k].keylen),M.ivhex=ee.substr(2*a[k].keylen,2*a[k].ivlen),M},P=function(k,D,O,V){var z=x.enc.Base64.parse(k),G=x.enc.Hex.stringify(z);return(0,a[D].proc)(G,O,V)};return{version:"1.0.0",parsePKCS5PEM:function(k){return f(k)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(k,D,O){return _(k,D,O)},decryptKeyB64:function(k,D,O,V){return P(k,D,O,V)},getDecryptedKeyHex:function(k,D){var O=f(k),V=(O.type,O.cipher),z=O.ivsalt,G=O.data,Z=_(V,D,z).keyhex;return P(G,V,Z,z)},getEncryptedPKCS5PEMFromPrvKeyHex:function(k,D,O,V,z){var G="";if(V!==void 0&&V!=null||(V="AES-256-CBC"),a[V]===void 0)throw new Error("KEYUTIL unsupported algorithm: "+V);z!==void 0&&z!=null||(z=(function(m){var L=x.lib.WordArray.random(m);return x.enc.Hex.stringify(L)})(a[V].ivlen).toUpperCase());var Z=(function(m,L,M,K){return(0,a[L].eproc)(m,M,K)})(D,V,_(V,O,z).keyhex,z);return G="-----BEGIN "+k+` PRIVATE KEY-----\r
+`,G+=`Proc-Type: 4,ENCRYPTED\r
+`,G+="DEK-Info: "+V+","+z+`\r
+`,G+=`\r
+`,G+=Z.replace(/(.{64})/g,`$1\r
+`),G+=`\r
+-----END `+k+` PRIVATE KEY-----\r
+`},parseHexOfEncryptedPKCS8:function(k){var D=se,O=D.getChildIdx,V=D.getV,z={},G=O(k,0);if(G.length!=2)throw new Error("malformed format: SEQUENCE(0).items != 2: "+G.length);z.ciphertext=V(k,G[1]);var Z=O(k,G[0]);if(Z.length!=2)throw new Error("malformed format: SEQUENCE(0.0).items != 2: "+Z.length);if(V(k,Z[0])!="2a864886f70d01050d")throw new Error("this only supports pkcs5PBES2");var ee=O(k,Z[1]);if(Z.length!=2)throw new Error("malformed format: SEQUENCE(0.0.1).items != 2: "+ee.length);var m=O(k,ee[1]);if(m.length!=2)throw new Error("malformed format: SEQUENCE(0.0.1.1).items != 2: "+m.length);if(V(k,m[0])!="2a864886f70d0307")throw"this only supports TripleDES";z.encryptionSchemeAlg="TripleDES",z.encryptionSchemeIV=V(k,m[1]);var L=O(k,ee[0]);if(L.length!=2)throw new Error("malformed format: SEQUENCE(0.0.1.0).items != 2: "+L.length);if(V(k,L[0])!="2a864886f70d01050c")throw new Error("this only supports pkcs5PBKDF2");var M=O(k,L[1]);if(M.length<2)throw new Error("malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+M.length);z.pbkdf2Salt=V(k,M[0]);var K=V(k,M[1]);try{z.pbkdf2Iter=parseInt(K,16)}catch{throw new Error("malformed format pbkdf2Iter: "+K)}return z},getPBKDF2KeyHexFromParam:function(k,D){var O=x.enc.Hex.parse(k.pbkdf2Salt),V=k.pbkdf2Iter,z=x.PBKDF2(D,O,{keySize:6,iterations:V});return x.enc.Hex.stringify(z)},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(k,D){var O=wt(k,"ENCRYPTED PRIVATE KEY"),V=this.parseHexOfEncryptedPKCS8(O),z=Ue.getPBKDF2KeyHexFromParam(V,D),G={};G.ciphertext=x.enc.Hex.parse(V.ciphertext);var Z=x.enc.Hex.parse(z),ee=x.enc.Hex.parse(V.encryptionSchemeIV),m=x.TripleDES.decrypt(G,Z,{iv:ee});return x.enc.Hex.stringify(m)},getKeyFromEncryptedPKCS8PEM:function(k,D){var O=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(k,D);return this.getKeyFromPlainPrivatePKCS8Hex(O)},parsePlainPrivatePKCS8Hex:function(k){var D=se,O=D.getChildIdx,V=D.getV,z={algparam:null};if(k.substr(0,2)!="30")throw new Error("malformed plain PKCS8 private key(code:001)");var G=O(k,0);if(G.length<3)throw new Error("malformed plain PKCS8 private key(code:002)");if(k.substr(G[1],2)!="30")throw new Error("malformed PKCS8 private key(code:003)");var Z=O(k,G[1]);if(Z.length!=2)throw new Error("malformed PKCS8 private key(code:004)");if(k.substr(Z[0],2)!="06")throw new Error("malformed PKCS8 private key(code:005)");if(z.algoid=V(k,Z[0]),k.substr(Z[1],2)=="06"&&(z.algparam=V(k,Z[1])),k.substr(G[2],2)!="04")throw new Error("malformed PKCS8 private key(code:006)");return z.keyidx=D.getVidx(k,G[2]),z},getKeyFromPlainPrivatePKCS8PEM:function(k){var D=wt(k,"PRIVATE KEY");return this.getKeyFromPlainPrivatePKCS8Hex(D)},getKeyFromPlainPrivatePKCS8Hex:function(k){var D,O=this.parsePlainPrivatePKCS8Hex(k);if(O.algoid=="2a864886f70d010101")D=new le;else if(O.algoid=="2a8648ce380401")D=new E.crypto.DSA;else{if(O.algoid!="2a8648ce3d0201")throw new Error("unsupported private key algorithm");D=new E.crypto.ECDSA}return D.readPKCS8PrvKeyHex(k),D},_getKeyFromPublicPKCS8Hex:function(k){var D,O=se.getVbyList(k,0,[0,0],"06");if(O==="2a864886f70d010101")D=new le;else if(O==="2a8648ce380401")D=new E.crypto.DSA;else{if(O!=="2a8648ce3d0201")throw new Error("unsupported PKCS#8 public key hex");D=new E.crypto.ECDSA}return D.readPKCS8PubKeyHex(k),D},parsePublicRawRSAKeyHex:function(k){var D=se,O=D.getChildIdx,V=D.getV,z={};if(k.substr(0,2)!="30")throw new Error("malformed RSA key(code:001)");var G=O(k,0);if(G.length!=2)throw new Error("malformed RSA key(code:002)");if(k.substr(G[0],2)!="02")throw new Error("malformed RSA key(code:003)");if(z.n=V(k,G[0]),k.substr(G[1],2)!="02")throw new Error("malformed RSA key(code:004)");return z.e=V(k,G[1]),z},parsePublicPKCS8Hex:function(k){var D=se,O=D.getChildIdx,V=D.getV,z={algparam:null},G=O(k,0);if(G.length!=2)throw new Error("outer DERSequence shall have 2 elements: "+G.length);var Z=G[0];if(k.substr(Z,2)!="30")throw new Error("malformed PKCS8 public key(code:001)");var ee=O(k,Z);if(ee.length!=2)throw new Error("malformed PKCS8 public key(code:002)");if(k.substr(ee[0],2)!="06")throw new Error("malformed PKCS8 public key(code:003)");if(z.algoid=V(k,ee[0]),k.substr(ee[1],2)=="06"?z.algparam=V(k,ee[1]):k.substr(ee[1],2)=="30"&&(z.algparam={},z.algparam.p=D.getVbyList(k,ee[1],[0],"02"),z.algparam.q=D.getVbyList(k,ee[1],[1],"02"),z.algparam.g=D.getVbyList(k,ee[1],[2],"02")),k.substr(G[1],2)!="03")throw new Error("malformed PKCS8 public key(code:004)");return z.key=V(k,G[1]).substr(2),z}}})();Ue.getKey=function(t,e,r){var n=(ee=se).getChildIdx,a=(ee.getV,ee.getVbyList),f=E.crypto,_=f.ECDSA,P=f.DSA,F=le,k=wt,D=Ue;if(F!==void 0&&t instanceof F||_!==void 0&&t instanceof _||P!==void 0&&t instanceof P)return t;if(t.curve!==void 0&&t.xy!==void 0&&t.d===void 0)return new _({pub:t.xy,curve:t.curve});if(t.curve!==void 0&&t.d!==void 0)return new _({prv:t.d,curve:t.curve});if(t.kty===void 0&&t.n!==void 0&&t.e!==void 0&&t.d===void 0)return(he=new F).setPublic(t.n,t.e),he;if(t.kty===void 0&&t.n!==void 0&&t.e!==void 0&&t.d!==void 0&&t.p!==void 0&&t.q!==void 0&&t.dp!==void 0&&t.dq!==void 0&&t.co!==void 0&&t.qi===void 0)return(he=new F).setPrivateEx(t.n,t.e,t.d,t.p,t.q,t.dp,t.dq,t.co),he;if(t.kty===void 0&&t.n!==void 0&&t.e!==void 0&&t.d!==void 0&&t.p===void 0)return(he=new F).setPrivate(t.n,t.e,t.d),he;if(t.p!==void 0&&t.q!==void 0&&t.g!==void 0&&t.y!==void 0&&t.x===void 0)return(he=new P).setPublic(t.p,t.q,t.g,t.y),he;if(t.p!==void 0&&t.q!==void 0&&t.g!==void 0&&t.y!==void 0&&t.x!==void 0)return(he=new P).setPrivate(t.p,t.q,t.g,t.y,t.x),he;if(t.kty==="RSA"&&t.n!==void 0&&t.e!==void 0&&t.d===void 0)return(he=new F).setPublic(Ee(t.n),Ee(t.e)),he;if(t.kty==="RSA"&&t.n!==void 0&&t.e!==void 0&&t.d!==void 0&&t.p!==void 0&&t.q!==void 0&&t.dp!==void 0&&t.dq!==void 0&&t.qi!==void 0)return(he=new F).setPrivateEx(Ee(t.n),Ee(t.e),Ee(t.d),Ee(t.p),Ee(t.q),Ee(t.dp),Ee(t.dq),Ee(t.qi)),he;if(t.kty==="RSA"&&t.n!==void 0&&t.e!==void 0&&t.d!==void 0)return(he=new F).setPrivate(Ee(t.n),Ee(t.e),Ee(t.d)),he;if(t.kty==="EC"&&t.crv!==void 0&&t.x!==void 0&&t.y!==void 0&&t.d===void 0){var O=(ae=new _({curve:t.crv})).ecparams.keylen/4,V="04"+("0000000000"+Ee(t.x)).slice(-O)+("0000000000"+Ee(t.y)).slice(-O);return ae.setPublicKeyHex(V),ae}if(t.kty==="EC"&&t.crv!==void 0&&t.x!==void 0&&t.y!==void 0&&t.d!==void 0){O=(ae=new _({curve:t.crv})).ecparams.keylen/4,V="04"+("0000000000"+Ee(t.x)).slice(-O)+("0000000000"+Ee(t.y)).slice(-O);var z=("0000000000"+Ee(t.d)).slice(-O);return ae.setPublicKeyHex(V),ae.setPrivateKeyHex(z),ae}if(r==="pkcs5prv"){var G,Z=t,ee=se;if((G=n(Z,0)).length===9)(he=new F).readPKCS5PrvKeyHex(Z);else if(G.length===6)(he=new P).readPKCS5PrvKeyHex(Z);else{if(!(G.length>2&&Z.substr(G[1],2)==="04"))throw new Error("unsupported PKCS#1/5 hexadecimal key");(he=new _).readPKCS5PrvKeyHex(Z)}return he}if(r==="pkcs8prv")return he=D.getKeyFromPlainPrivatePKCS8Hex(t);if(r==="pkcs8pub")return D._getKeyFromPublicPKCS8Hex(t);if(r==="x509pub")return He.getPublicKeyFromCertHex(t);if(t.indexOf("-END CERTIFICATE-",0)!=-1||t.indexOf("-END X509 CERTIFICATE-",0)!=-1||t.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1)return He.getPublicKeyFromCertPEM(t);if(t.indexOf("-END PUBLIC KEY-")!=-1){var m=wt(t,"PUBLIC KEY");return D._getKeyFromPublicPKCS8Hex(m)}if(t.indexOf("-END RSA PRIVATE KEY-")!=-1&&t.indexOf("4,ENCRYPTED")==-1){var L=k(t,"RSA PRIVATE KEY");return D.getKey(L,null,"pkcs5prv")}if(t.indexOf("-END DSA PRIVATE KEY-")!=-1&&t.indexOf("4,ENCRYPTED")==-1){var M=a(Fe=k(t,"DSA PRIVATE KEY"),0,[1],"02"),K=a(Fe,0,[2],"02"),Y=a(Fe,0,[3],"02"),te=a(Fe,0,[4],"02"),ue=a(Fe,0,[5],"02");return(he=new P).setPrivate(new N(M,16),new N(K,16),new N(Y,16),new N(te,16),new N(ue,16)),he}if(t.indexOf("-END EC PRIVATE KEY-")!=-1&&t.indexOf("4,ENCRYPTED")==-1)return L=k(t,"EC PRIVATE KEY"),D.getKey(L,null,"pkcs5prv");if(t.indexOf("-END PRIVATE KEY-")!=-1)return D.getKeyFromPlainPrivatePKCS8PEM(t);if(t.indexOf("-END RSA PRIVATE KEY-")!=-1&&t.indexOf("4,ENCRYPTED")!=-1){var oe=D.getDecryptedKeyHex(t,e),ge=new le;return ge.readPKCS5PrvKeyHex(oe),ge}if(t.indexOf("-END EC PRIVATE KEY-")!=-1&&t.indexOf("4,ENCRYPTED")!=-1){var ae,he=a(Fe=D.getDecryptedKeyHex(t,e),0,[1],"04"),be=a(Fe,0,[2,0],"06"),Ae=a(Fe,0,[3,0],"03").substr(2);if(E.crypto.OID.oidhex2name[be]===void 0)throw new Error("undefined OID(hex) in KJUR.crypto.OID: "+be);return(ae=new _({curve:E.crypto.OID.oidhex2name[be]})).setPublicKeyHex(Ae),ae.setPrivateKeyHex(he),ae.isPublic=!1,ae}if(t.indexOf("-END DSA PRIVATE KEY-")!=-1&&t.indexOf("4,ENCRYPTED")!=-1){var Fe;return M=a(Fe=D.getDecryptedKeyHex(t,e),0,[1],"02"),K=a(Fe,0,[2],"02"),Y=a(Fe,0,[3],"02"),te=a(Fe,0,[4],"02"),ue=a(Fe,0,[5],"02"),(he=new P).setPrivate(new N(M,16),new N(K,16),new N(Y,16),new N(te,16),new N(ue,16)),he}if(t.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1)return D.getKeyFromEncryptedPKCS8PEM(t,e);throw new Error("not supported argument")},Ue.generateKeypair=function(t,e){if(t=="RSA"){var r=e;(_=new le).generate(r,"10001"),_.isPrivate=!0,_.isPublic=!0;var n=new le,a=_.n.toString(16),f=_.e.toString(16);return n.setPublic(a,f),n.isPrivate=!1,n.isPublic=!0,(P={}).prvKeyObj=_,P.pubKeyObj=n,P}if(t=="EC"){var _,P,F=e,k=new E.crypto.ECDSA({curve:F}).generateKeyPairHex();return(_=new E.crypto.ECDSA({curve:F})).setPublicKeyHex(k.ecpubhex),_.setPrivateKeyHex(k.ecprvhex),_.isPrivate=!0,_.isPublic=!1,(n=new E.crypto.ECDSA({curve:F})).setPublicKeyHex(k.ecpubhex),n.isPrivate=!1,n.isPublic=!0,(P={}).prvKeyObj=_,P.pubKeyObj=n,P}throw new Error("unknown algorithm: "+t)},Ue.getPEM=function(t,e,r,n,a,f){var _=E,P=_.asn1,F=P.DERObjectIdentifier,k=P.DERInteger,D=P.ASN1Util.newObject,O=P.x509.SubjectPublicKeyInfo,V=_.crypto,z=V.DSA,G=V.ECDSA,Z=le;function ee(ae){return D({seq:[{int:0},{int:{bigint:ae.n}},{int:ae.e},{int:{bigint:ae.d}},{int:{bigint:ae.p}},{int:{bigint:ae.q}},{int:{bigint:ae.dmp1}},{int:{bigint:ae.dmq1}},{int:{bigint:ae.coeff}}]})}function m(ae){return D({seq:[{int:1},{octstr:{hex:ae.prvKeyHex}},{tag:["a0",!0,{oid:{name:ae.curveName}}]},{tag:["a1",!0,{bitstr:{hex:"00"+ae.pubKeyHex}}]}]})}function L(ae){return D({seq:[{int:0},{int:{bigint:ae.p}},{int:{bigint:ae.q}},{int:{bigint:ae.g}},{int:{bigint:ae.y}},{int:{bigint:ae.x}}]})}if((Z!==void 0&&t instanceof Z||z!==void 0&&t instanceof z||G!==void 0&&t instanceof G)&&t.isPublic==1&&(e===void 0||e=="PKCS8PUB"))return st(te=new O(t).getEncodedHex(),"PUBLIC KEY");if(e=="PKCS1PRV"&&Z!==void 0&&t instanceof Z&&(r===void 0||r==null)&&t.isPrivate==1)return st(te=ee(t).getEncodedHex(),"RSA PRIVATE KEY");if(e=="PKCS1PRV"&&G!==void 0&&t instanceof G&&(r===void 0||r==null)&&t.isPrivate==1){var M=new F({name:t.curveName}).getEncodedHex(),K=m(t).getEncodedHex(),Y="";return Y+=st(M,"EC PARAMETERS"),Y+=st(K,"EC PRIVATE KEY")}if(e=="PKCS1PRV"&&z!==void 0&&t instanceof z&&(r===void 0||r==null)&&t.isPrivate==1)return st(te=L(t).getEncodedHex(),"DSA PRIVATE KEY");if(e=="PKCS5PRV"&&Z!==void 0&&t instanceof Z&&r!==void 0&&r!=null&&t.isPrivate==1){var te=ee(t).getEncodedHex();return n===void 0&&(n="DES-EDE3-CBC"),this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",te,r,n,f)}if(e=="PKCS5PRV"&&G!==void 0&&t instanceof G&&r!==void 0&&r!=null&&t.isPrivate==1)return te=m(t).getEncodedHex(),n===void 0&&(n="DES-EDE3-CBC"),this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",te,r,n,f);if(e=="PKCS5PRV"&&z!==void 0&&t instanceof z&&r!==void 0&&r!=null&&t.isPrivate==1)return te=L(t).getEncodedHex(),n===void 0&&(n="DES-EDE3-CBC"),this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",te,r,n,f);var ue=function(he,be){var Ae=oe(he,be);return new D({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:Ae.pbkdf2Salt}},{int:Ae.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:Ae.encryptionSchemeIV}}]}]}]},{octstr:{hex:Ae.ciphertext}}]}).getEncodedHex()},oe=function(he,be){var Ae=x.lib.WordArray.random(8),Fe=x.lib.WordArray.random(8),at=x.PBKDF2(be,Ae,{keySize:6,iterations:100}),Qe=x.enc.Hex.parse(he),Ze=x.TripleDES.encrypt(Qe,at,{iv:Fe})+"",Ce={};return Ce.ciphertext=Ze,Ce.pbkdf2Salt=x.enc.Hex.stringify(Ae),Ce.pbkdf2Iter=100,Ce.encryptionSchemeAlg="DES-EDE3-CBC",Ce.encryptionSchemeIV=x.enc.Hex.stringify(Fe),Ce};if(e=="PKCS8PRV"&&Z!=null&&t instanceof Z&&t.isPrivate==1){var ge=ee(t).getEncodedHex();return te=D({seq:[{int:0},{seq:[{oid:{name:"rsaEncryption"}},{null:!0}]},{octstr:{hex:ge}}]}).getEncodedHex(),r===void 0||r==null?st(te,"PRIVATE KEY"):st(K=ue(te,r),"ENCRYPTED PRIVATE KEY")}if(e=="PKCS8PRV"&&G!==void 0&&t instanceof G&&t.isPrivate==1)return ge=new D({seq:[{int:1},{octstr:{hex:t.prvKeyHex}},{tag:["a1",!0,{bitstr:{hex:"00"+t.pubKeyHex}}]}]}).getEncodedHex(),te=D({seq:[{int:0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:t.curveName}}]},{octstr:{hex:ge}}]}).getEncodedHex(),r===void 0||r==null?st(te,"PRIVATE KEY"):st(K=ue(te,r),"ENCRYPTED PRIVATE KEY");if(e=="PKCS8PRV"&&z!==void 0&&t instanceof z&&t.isPrivate==1)return ge=new k({bigint:t.x}).getEncodedHex(),te=D({seq:[{int:0},{seq:[{oid:{name:"dsa"}},{seq:[{int:{bigint:t.p}},{int:{bigint:t.q}},{int:{bigint:t.g}}]}]},{octstr:{hex:ge}}]}).getEncodedHex(),r===void 0||r==null?st(te,"PRIVATE KEY"):st(K=ue(te,r),"ENCRYPTED PRIVATE KEY");throw new Error("unsupported object nor format")},Ue.getKeyFromCSRPEM=function(t){var e=wt(t,"CERTIFICATE REQUEST");return Ue.getKeyFromCSRHex(e)},Ue.getKeyFromCSRHex=function(t){var e=Ue.parseCSRHex(t);return Ue.getKey(e.p8pubkeyhex,null,"pkcs8pub")},Ue.parseCSRHex=function(t){var e=se,r=e.getChildIdx,n=e.getTLV,a={},f=t;if(f.substr(0,2)!="30")throw new Error("malformed CSR(code:001)");var _=r(f,0);if(_.length<1)throw new Error("malformed CSR(code:002)");if(f.substr(_[0],2)!="30")throw new Error("malformed CSR(code:003)");var P=r(f,_[0]);if(P.length<3)throw new Error("malformed CSR(code:004)");return a.p8pubkeyhex=n(f,P[2]),a},Ue.getKeyID=function(t){var e=Ue,r=se;typeof t=="string"&&t.indexOf("BEGIN ")!=-1&&(t=e.getKey(t));var n=wt(e.getPEM(t)),a=r.getIdxbyList(n,0,[1]),f=r.getV(n,a).substring(2);return E.crypto.Util.hashHex(f,"sha1")},Ue.getJWKFromKey=function(t){var e={};if(t instanceof le&&t.isPrivate)return e.kty="RSA",e.n=Ne(t.n.toString(16)),e.e=Ne(t.e.toString(16)),e.d=Ne(t.d.toString(16)),e.p=Ne(t.p.toString(16)),e.q=Ne(t.q.toString(16)),e.dp=Ne(t.dmp1.toString(16)),e.dq=Ne(t.dmq1.toString(16)),e.qi=Ne(t.coeff.toString(16)),e;if(t instanceof le&&t.isPublic)return e.kty="RSA",e.n=Ne(t.n.toString(16)),e.e=Ne(t.e.toString(16)),e;if(t instanceof E.crypto.ECDSA&&t.isPrivate){if((n=t.getShortNISTPCurveName())!=="P-256"&&n!=="P-384")throw new Error("unsupported curve name for JWT: "+n);var r=t.getPublicKeyXYHex();return e.kty="EC",e.crv=n,e.x=Ne(r.x),e.y=Ne(r.y),e.d=Ne(t.prvKeyHex),e}if(t instanceof E.crypto.ECDSA&&t.isPublic){var n;if((n=t.getShortNISTPCurveName())!=="P-256"&&n!=="P-384")throw new Error("unsupported curve name for JWT: "+n);return r=t.getPublicKeyXYHex(),e.kty="EC",e.crv=n,e.x=Ne(r.x),e.y=Ne(r.y),e}throw new Error("not supported key object")},le.getPosArrayOfChildrenFromHex=function(t){return se.getChildIdx(t,0)},le.getHexValueArrayOfChildrenFromHex=function(t){var e,r=se.getV,n=r(t,(e=le.getPosArrayOfChildrenFromHex(t))[0]),a=r(t,e[1]),f=r(t,e[2]),_=r(t,e[3]),P=r(t,e[4]),F=r(t,e[5]),k=r(t,e[6]),D=r(t,e[7]),O=r(t,e[8]);return(e=new Array).push(n,a,f,_,P,F,k,D,O),e},le.prototype.readPrivateKeyFromPEMString=function(t){var e=wt(t),r=le.getHexValueArrayOfChildrenFromHex(e);this.setPrivateEx(r[1],r[2],r[3],r[4],r[5],r[6],r[7],r[8])},le.prototype.readPKCS5PrvKeyHex=function(t){var e=le.getHexValueArrayOfChildrenFromHex(t);this.setPrivateEx(e[1],e[2],e[3],e[4],e[5],e[6],e[7],e[8])},le.prototype.readPKCS8PrvKeyHex=function(t){var e,r,n,a,f,_,P,F,k=se,D=k.getVbyListEx;if(k.isASN1HEX(t)===!1)throw new Error("not ASN.1 hex string");try{e=D(t,0,[2,0,1],"02"),r=D(t,0,[2,0,2],"02"),n=D(t,0,[2,0,3],"02"),a=D(t,0,[2,0,4],"02"),f=D(t,0,[2,0,5],"02"),_=D(t,0,[2,0,6],"02"),P=D(t,0,[2,0,7],"02"),F=D(t,0,[2,0,8],"02")}catch{throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(e,r,n,a,f,_,P,F)},le.prototype.readPKCS5PubKeyHex=function(t){var e=se,r=e.getV;if(e.isASN1HEX(t)===!1)throw new Error("keyHex is not ASN.1 hex string");var n=e.getChildIdx(t,0);if(n.length!==2||t.substr(n[0],2)!=="02"||t.substr(n[1],2)!=="02")throw new Error("wrong hex for PKCS#5 public key");var a=r(t,n[0]),f=r(t,n[1]);this.setPublic(a,f)},le.prototype.readPKCS8PubKeyHex=function(t){var e=se;if(e.isASN1HEX(t)===!1)throw new Error("not ASN.1 hex string");if(e.getTLVbyListEx(t,0,[0,0])!=="06092a864886f70d010101")throw new Error("not PKCS8 RSA public key");var r=e.getTLVbyListEx(t,0,[1,0]);this.readPKCS5PubKeyHex(r)},le.prototype.readCertPubKeyHex=function(t,e){var r,n;(r=new He).readCertHex(t),n=r.getPublicKeyHex(),this.readPKCS8PubKeyHex(n)};function wn(t,e){for(var r="",n=e/4-t.length,a=0;a<n;a++)r+="0";return r+t}function Sn(t,e,r){for(var n="",a=0;n.length<e;)n+=ht(r(_t(t+String.fromCharCode.apply(String,[(4278190080&a)>>24,(16711680&a)>>16,(65280&a)>>8,255&a])))),a+=1;return n}function bn(t){for(var e in E.crypto.Util.DIGESTINFOHEAD){var r=E.crypto.Util.DIGESTINFOHEAD[e],n=r.length;if(t.substring(0,n)==r)return[e,t.substring(n)]}return[]}function He(t){var e,r=se,n=r.getChildIdx,a=r.getV,f=r.getTLV,_=r.getVbyList,P=r.getVbyListEx,F=r.getTLVbyList,k=r.getTLVbyListEx,D=r.getIdxbyList,O=r.getIdxbyListEx,V=r.getVidx,z=r.getInt,G=r.oidname,Z=r.hextooidstr,ee=wt;try{e=E.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV}catch{}this.HEX2STAG={"0c":"utf8",13:"prn",16:"ia5","1a":"vis","1e":"bmp"},this.hex=null,this.version=0,this.foffset=0,this.aExtInfo=null,this.getVersion=function(){if(this.hex===null||this.version!==0)return this.version;var m=F(this.hex,0,[0,0]);if(m.substr(0,2)=="a0"){var L=F(m,0,[0]),M=z(L,0);if(M<0||2<M)throw new Error("malformed version field");return this.version=M+1,this.version}return this.version=1,this.foffset=-1,1},this.getSerialNumberHex=function(){return P(this.hex,0,[0,0],"02")},this.getSignatureAlgorithmField=function(){var m=k(this.hex,0,[0,1]);return this.getAlgorithmIdentifierName(m)},this.getAlgorithmIdentifierName=function(m){for(var L in e)if(m===e[L])return L;return G(P(m,0,[0],"06"))},this.getIssuer=function(){return this.getX500Name(this.getIssuerHex())},this.getIssuerHex=function(){return F(this.hex,0,[0,3+this.foffset],"30")},this.getIssuerString=function(){return this.getIssuer().str},this.getSubject=function(){return this.getX500Name(this.getSubjectHex())},this.getSubjectHex=function(){return F(this.hex,0,[0,5+this.foffset],"30")},this.getSubjectString=function(){return this.getSubject().str},this.getNotBefore=function(){var m=_(this.hex,0,[0,4+this.foffset,0]);return m=m.replace(/(..)/g,"%$1"),m=decodeURIComponent(m)},this.getNotAfter=function(){var m=_(this.hex,0,[0,4+this.foffset,1]);return m=m.replace(/(..)/g,"%$1"),m=decodeURIComponent(m)},this.getPublicKeyHex=function(){return r.getTLVbyList(this.hex,0,[0,6+this.foffset],"30")},this.getPublicKeyIdx=function(){return D(this.hex,0,[0,6+this.foffset],"30")},this.getPublicKeyContentIdx=function(){var m=this.getPublicKeyIdx();return D(this.hex,m,[1,0],"30")},this.getPublicKey=function(){return Ue.getKey(this.getPublicKeyHex(),null,"pkcs8pub")},this.getSignatureAlgorithmName=function(){var m=F(this.hex,0,[1],"30");return this.getAlgorithmIdentifierName(m)},this.getSignatureValueHex=function(){return _(this.hex,0,[2],"03",!0)},this.verifySignature=function(m){var L=this.getSignatureAlgorithmField(),M=this.getSignatureValueHex(),K=F(this.hex,0,[0],"30"),Y=new E.crypto.Signature({alg:L});return Y.init(m),Y.updateHex(K),Y.verify(M)},this.parseExt=function(m){var L,M,K;if(m===void 0){if(K=this.hex,this.version!==3)return-1;L=D(K,0,[0,7,0],"30"),M=n(K,L)}else{K=wt(m);var Y=D(K,0,[0,3,0,0],"06");if(a(K,Y)!="2a864886f70d01090e")return void(this.aExtInfo=new Array);L=D(K,0,[0,3,0,1,0],"30"),M=n(K,L),this.hex=K}this.aExtInfo=new Array;for(var te=0;te<M.length;te++){var ue={critical:!1},oe=0;n(K,M[te]).length===3&&(ue.critical=!0,oe=1),ue.oid=r.hextooidstr(_(K,M[te],[0],"06"));var ge=D(K,M[te],[1+oe]);ue.vidx=V(K,ge),this.aExtInfo.push(ue)}},this.getExtInfo=function(m){var L=this.aExtInfo,M=m;if(m.match(/^[0-9.]+$/)||(M=E.asn1.x509.OID.name2oid(m)),M!==""){for(var K=0;K<L.length;K++)if(L[K].oid===M)return L[K]}},this.getExtBasicConstraints=function(m,L){if(m===void 0&&L===void 0){var M=this.getExtInfo("basicConstraints");if(M===void 0)return;m=f(this.hex,M.vidx),L=M.critical}var K={extname:"basicConstraints"};if(L&&(K.critical=!0),m==="3000")return K;if(m==="30030101ff")return K.cA=!0,K;if(m.substr(0,12)==="30060101ff02"){var Y=a(m,10),te=parseInt(Y,16);return K.cA=!0,K.pathLen=te,K}throw new Error("hExtV parse error: "+m)},this.getExtKeyUsage=function(m,L){if(m===void 0&&L===void 0){var M=this.getExtInfo("keyUsage");if(M===void 0)return;m=f(this.hex,M.vidx),L=M.critical}var K={extname:"keyUsage"};return L&&(K.critical=!0),K.names=this.getExtKeyUsageString(m).split(","),K},this.getExtKeyUsageBin=function(m){if(m===void 0){var L=this.getExtInfo("keyUsage");if(L===void 0)return"";m=f(this.hex,L.vidx)}if(m.length!=8&&m.length!=10)throw new Error("malformed key usage value: "+m);var M="000000000000000"+parseInt(m.substr(6),16).toString(2);return m.length==8&&(M=M.slice(-8)),m.length==10&&(M=M.slice(-16)),(M=M.replace(/0+$/,""))==""&&(M="0"),M},this.getExtKeyUsageString=function(m){for(var L=this.getExtKeyUsageBin(m),M=new Array,K=0;K<L.length;K++)L.substr(K,1)=="1"&&M.push(He.KEYUSAGE_NAME[K]);return M.join(",")},this.getExtSubjectKeyIdentifier=function(m,L){if(m===void 0&&L===void 0){var M=this.getExtInfo("subjectKeyIdentifier");if(M===void 0)return;m=f(this.hex,M.vidx),L=M.critical}var K={extname:"subjectKeyIdentifier"};L&&(K.critical=!0);var Y=a(m,0);return K.kid={hex:Y},K},this.getExtAuthorityKeyIdentifier=function(m,L){if(m===void 0&&L===void 0){var M=this.getExtInfo("authorityKeyIdentifier");if(M===void 0)return;m=f(this.hex,M.vidx),L=M.critical}var K={extname:"authorityKeyIdentifier"};L&&(K.critical=!0);for(var Y=n(m,0),te=0;te<Y.length;te++){var ue=m.substr(Y[te],2);if(ue==="80"&&(K.kid={hex:a(m,Y[te])}),ue==="a1"){var oe=f(m,Y[te]),ge=this.getGeneralNames(oe);K.issuer=ge[0].dn}ue==="82"&&(K.sn={hex:a(m,Y[te])})}return K},this.getExtExtKeyUsage=function(m,L){if(m===void 0&&L===void 0){var M=this.getExtInfo("extKeyUsage");if(M===void 0)return;m=f(this.hex,M.vidx),L=M.critical}var K={extname:"extKeyUsage",array:[]};L&&(K.critical=!0);for(var Y=n(m,0),te=0;te<Y.length;te++)K.array.push(G(a(m,Y[te])));return K},this.getExtExtKeyUsageName=function(){var m=this.getExtInfo("extKeyUsage");if(m===void 0)return m;var L=new Array,M=f(this.hex,m.vidx);if(M==="")return L;for(var K=n(M,0),Y=0;Y<K.length;Y++)L.push(G(a(M,K[Y])));return L},this.getExtSubjectAltName=function(m,L){if(m===void 0&&L===void 0){var M=this.getExtInfo("subjectAltName");if(M===void 0)return;m=f(this.hex,M.vidx),L=M.critical}var K={extname:"subjectAltName",array:[]};return L&&(K.critical=!0),K.array=this.getGeneralNames(m),K},this.getExtIssuerAltName=function(m,L){if(m===void 0&&L===void 0){var M=this.getExtInfo("issuerAltName");if(M===void 0)return;m=f(this.hex,M.vidx),L=M.critical}var K={extname:"issuerAltName",array:[]};return L&&(K.critical=!0),K.array=this.getGeneralNames(m),K},this.getGeneralNames=function(m){for(var L=n(m,0),M=[],K=0;K<L.length;K++){var Y=this.getGeneralName(f(m,L[K]));Y!==void 0&&M.push(Y)}return M},this.getGeneralName=function(m){var L=m.substr(0,2),M=a(m,0),K=ht(M);return L=="81"?{rfc822:K}:L=="82"?{dns:K}:L=="86"?{uri:K}:L=="87"?{ip:Ar(M)}:L=="a4"?{dn:this.getX500Name(M)}:void 0},this.getExtSubjectAltName2=function(){var m,L,M,K=this.getExtInfo("subjectAltName");if(K===void 0)return K;for(var Y=new Array,te=f(this.hex,K.vidx),ue=n(te,0),oe=0;oe<ue.length;oe++)M=te.substr(ue[oe],2),m=a(te,ue[oe]),M==="81"&&(L=Oe(m),Y.push(["MAIL",L])),M==="82"&&(L=Oe(m),Y.push(["DNS",L])),M==="84"&&(L=He.hex2dn(m,0),Y.push(["DN",L])),M==="86"&&(L=Oe(m),Y.push(["URI",L])),M==="87"&&(L=Ar(m),Y.push(["IP",L]));return Y},this.getExtCRLDistributionPoints=function(m,L){if(m===void 0&&L===void 0){var M=this.getExtInfo("cRLDistributionPoints");if(M===void 0)return;m=f(this.hex,M.vidx),L=M.critical}var K={extname:"cRLDistributionPoints",array:[]};L&&(K.critical=!0);for(var Y=n(m,0),te=0;te<Y.length;te++){var ue=f(m,Y[te]);K.array.push(this.getDistributionPoint(ue))}return K},this.getDistributionPoint=function(m){for(var L={},M=n(m,0),K=0;K<M.length;K++){var Y=m.substr(M[K],2),te=f(m,M[K]);Y=="a0"&&(L.dpname=this.getDistributionPointName(te))}return L},this.getDistributionPointName=function(m){for(var L={},M=n(m,0),K=0;K<M.length;K++){var Y=m.substr(M[K],2),te=f(m,M[K]);Y=="a0"&&(L.full=this.getGeneralNames(te))}return L},this.getExtCRLDistributionPointsURI=function(){var m=this.getExtInfo("cRLDistributionPoints");if(m===void 0)return m;for(var L=new Array,M=n(this.hex,m.vidx),K=0;K<M.length;K++)try{var Y=Oe(_(this.hex,M[K],[0,0,0],"86"));L.push(Y)}catch{}return L},this.getExtAIAInfo=function(){var m=this.getExtInfo("authorityInfoAccess");if(m===void 0)return m;for(var L={ocsp:[],caissuer:[]},M=n(this.hex,m.vidx),K=0;K<M.length;K++){var Y=_(this.hex,M[K],[0],"06"),te=_(this.hex,M[K],[1],"86");Y==="2b06010505073001"&&L.ocsp.push(Oe(te)),Y==="2b06010505073002"&&L.caissuer.push(Oe(te))}return L},this.getExtAuthorityInfoAccess=function(m,L){if(m===void 0&&L===void 0){var M=this.getExtInfo("authorityInfoAccess");if(M===void 0)return;m=f(this.hex,M.vidx),L=M.critical}var K={extname:"authorityInfoAccess",array:[]};L&&(K.critical=!0);for(var Y=n(m,0),te=0;te<Y.length;te++){var ue=P(m,Y[te],[0],"06"),oe=Oe(_(m,Y[te],[1],"86"));if(ue=="2b06010505073001")K.array.push({ocsp:oe});else{if(ue!="2b06010505073002")throw new Error("unknown method: "+ue);K.array.push({caissuer:oe})}}return K},this.getExtCertificatePolicies=function(m,L){if(m===void 0&&L===void 0){var M=this.getExtInfo("certificatePolicies");if(M===void 0)return;m=f(this.hex,M.vidx),L=M.critical}var K={extname:"certificatePolicies",array:[]};L&&(K.critical=!0);for(var Y=n(m,0),te=0;te<Y.length;te++){var ue=f(m,Y[te]),oe=this.getPolicyInformation(ue);K.array.push(oe)}return K},this.getPolicyInformation=function(m){var L={},M=_(m,0,[0],"06");L.policyoid=G(M);var K=O(m,0,[1],"30");if(K!=-1){L.array=[];for(var Y=n(m,K),te=0;te<Y.length;te++){var ue=f(m,Y[te]),oe=this.getPolicyQualifierInfo(ue);L.array.push(oe)}}return L},this.getPolicyQualifierInfo=function(m){var L={},M=_(m,0,[0],"06");if(M==="2b06010505070201"){var K=P(m,0,[1],"16");L.cps=ht(K)}else if(M==="2b06010505070202"){var Y=F(m,0,[1],"30");L.unotice=this.getUserNotice(Y)}return L},this.getUserNotice=function(m){for(var L={},M=n(m,0),K=0;K<M.length;K++){var Y=f(m,M[K]);Y.substr(0,2)!="30"&&(L.exptext=this.getDisplayText(Y))}return L},this.getDisplayText=function(m){var L={};return L.type={"0c":"utf8",16:"ia5","1a":"vis","1e":"bmp"}[m.substr(0,2)],L.str=ht(a(m,0)),L},this.getExtCRLNumber=function(m,L){var M={extname:"cRLNumber"};if(L&&(M.critical=!0),m.substr(0,2)=="02")return M.num={hex:a(m,0)},M;throw new Error("hExtV parse error: "+m)},this.getExtCRLReason=function(m,L){var M={extname:"cRLReason"};if(L&&(M.critical=!0),m.substr(0,2)=="0a")return M.code=parseInt(a(m,0),16),M;throw new Error("hExtV parse error: "+m)},this.getExtOcspNonce=function(m,L){var M={extname:"ocspNonce"};L&&(M.critical=!0);var K=a(m,0);return M.hex=K,M},this.getExtOcspNoCheck=function(m,L){var M={extname:"ocspNoCheck"};return L&&(M.critical=!0),M},this.getExtAdobeTimeStamp=function(m,L){if(m===void 0&&L===void 0){var M=this.getExtInfo("adobeTimeStamp");if(M===void 0)return;m=f(this.hex,M.vidx),L=M.critical}var K={extname:"adobeTimeStamp"};L&&(K.critical=!0);var Y=n(m,0);if(Y.length>1){var te=f(m,Y[1]),ue=this.getGeneralName(te);ue.uri!=null&&(K.uri=ue.uri)}if(Y.length>2){var oe=f(m,Y[2]);oe=="0101ff"&&(K.reqauth=!0),oe=="010100"&&(K.reqauth=!1)}return K},this.getX500NameRule=function(m){for(var L=null,M=[],K=0;K<m.length;K++)for(var Y=m[K],te=0;te<Y.length;te++)M.push(Y[te]);for(K=0;K<M.length;K++){var ue=M[K],oe=ue.ds,ge=ue.value,ae=ue.type;if(oe!="prn"&&oe!="utf8"&&oe!="ia5")return"mixed";if(oe=="ia5"){if(ae!="CN")return"mixed";if(E.lang.String.isMail(ge))continue;return"mixed"}if(ae=="C"){if(oe=="prn")continue;return"mixed"}if(L==null)L=oe;else if(L!==oe)return"mixed"}return L??"prn"},this.getX500Name=function(m){var L=this.getX500NameArray(m);return{array:L,str:this.dnarraytostr(L)}},this.getX500NameArray=function(m){for(var L=[],M=n(m,0),K=0;K<M.length;K++)L.push(this.getRDN(f(m,M[K])));return L},this.getRDN=function(m){for(var L=[],M=n(m,0),K=0;K<M.length;K++)L.push(this.getAttrTypeAndValue(f(m,M[K])));return L},this.getAttrTypeAndValue=function(m){var L={type:null,value:null,ds:null},M=n(m,0),K=_(m,M[0],[],"06"),Y=_(m,M[1],[]),te=E.asn1.ASN1Util.oidHexToInt(K);return L.type=E.asn1.x509.OID.oid2atype(te),L.ds=this.HEX2STAG[m.substr(M[1],2)],L.ds!="bmp"?L.value=Oe(Y):L.value=vn(Y),L},this.readCertPEM=function(m){this.readCertHex(ee(m))},this.readCertHex=function(m){this.hex=m,this.getVersion();try{D(this.hex,0,[0,7],"a3"),this.parseExt()}catch{}},this.getParam=function(){var m={};return m.version=this.getVersion(),m.serial={hex:this.getSerialNumberHex()},m.sigalg=this.getSignatureAlgorithmField(),m.issuer=this.getIssuer(),m.notbefore=this.getNotBefore(),m.notafter=this.getNotAfter(),m.subject=this.getSubject(),m.sbjpubkey=st(this.getPublicKeyHex(),"PUBLIC KEY"),this.aExtInfo.length>0&&(m.ext=this.getExtParamArray()),m.sighex=this.getSignatureValueHex(),m},this.getExtParamArray=function(m){m==null&&O(this.hex,0,[0,"[3]"])!=-1&&(m=k(this.hex,0,[0,"[3]",0],"30"));for(var L=[],M=n(m,0),K=0;K<M.length;K++){var Y=f(m,M[K]),te=this.getExtParam(Y);te!=null&&L.push(te)}return L},this.getExtParam=function(m){var L=n(m,0).length;if(L!=2&&L!=3)throw new Error("wrong number elements in Extension: "+L+" "+m);var M=Z(_(m,0,[0],"06")),K=!1;L==3&&F(m,0,[1])=="0101ff"&&(K=!0);var Y=F(m,0,[L-1,0]),te=void 0;if(M=="2.5.29.14"?te=this.getExtSubjectKeyIdentifier(Y,K):M=="2.5.29.15"?te=this.getExtKeyUsage(Y,K):M=="2.5.29.17"?te=this.getExtSubjectAltName(Y,K):M=="2.5.29.18"?te=this.getExtIssuerAltName(Y,K):M=="2.5.29.19"?te=this.getExtBasicConstraints(Y,K):M=="2.5.29.31"?te=this.getExtCRLDistributionPoints(Y,K):M=="2.5.29.32"?te=this.getExtCertificatePolicies(Y,K):M=="2.5.29.35"?te=this.getExtAuthorityKeyIdentifier(Y,K):M=="2.5.29.37"?te=this.getExtExtKeyUsage(Y,K):M=="1.3.6.1.5.5.7.1.1"?te=this.getExtAuthorityInfoAccess(Y,K):M=="2.5.29.20"?te=this.getExtCRLNumber(Y,K):M=="2.5.29.21"?te=this.getExtCRLReason(Y,K):M=="1.3.6.1.5.5.7.48.1.2"?te=this.getExtOcspNonce(Y,K):M=="1.3.6.1.5.5.7.48.1.5"?te=this.getExtOcspNoCheck(Y,K):M=="1.2.840.113583.1.1.9.1"&&(te=this.getExtAdobeTimeStamp(Y,K)),te!=null)return te;var ue={extname:M,extn:Y};return K&&(ue.critical=!0),ue},this.findExt=function(m,L){for(var M=0;M<m.length;M++)if(m[M].extname==L)return m[M];return null},this.updateExtCDPFullURI=function(m,L){var M=this.findExt(m,"cRLDistributionPoints");if(M!=null&&M.array!=null){for(var K=M.array,Y=0;Y<K.length;Y++)if(K[Y].dpname!=null&&K[Y].dpname.full!=null)for(var te=K[Y].dpname.full,ue=0;ue<te.length;ue++){var oe=te[Y];oe.uri!=null&&(oe.uri=L)}}},this.updateExtAIAOCSP=function(m,L){var M=this.findExt(m,"authorityInfoAccess");if(M!=null&&M.array!=null)for(var K=M.array,Y=0;Y<K.length;Y++)K[Y].ocsp!=null&&(K[Y].ocsp=L)},this.updateExtAIACAIssuer=function(m,L){var M=this.findExt(m,"authorityInfoAccess");if(M!=null&&M.array!=null)for(var K=M.array,Y=0;Y<K.length;Y++)K[Y].caissuer!=null&&(K[Y].caissuer=L)},this.dnarraytostr=function(m){return"/"+m.map((function(L){return(function(K){return K.map((function(Y){return(function(ue){return ue.type+"="+ue.value})(Y).replace(/\+/,"\\+")})).join("+")})(L).replace(/\//,"\\/")})).join("/")},this.getInfo=function(){var m,L,M,K=function(at){return JSON.stringify(at.array).replace(/[\[\]\{\}\"]/g,"")},Y=function(at){for(var Qe="",Ze=at.array,Ce=0;Ce<Ze.length;Ce++){var Be=Ze[Ce];if(Qe+="    policy oid: "+Be.policyoid+`
+`,Be.array!==void 0)for(var Je=0;Je<Be.array.length;Je++){var et=Be.array[Je];et.cps!==void 0&&(Qe+="    cps: "+et.cps+`
+`)}}return Qe},te=function(at){for(var Qe="",Ze=at.array,Ce=0;Ce<Ze.length;Ce++){var Be=Ze[Ce];try{Be.dpname.full[0].uri!==void 0&&(Qe+="    "+Be.dpname.full[0].uri+`
+`)}catch{}try{Be.dname.full[0].dn.hex!==void 0&&(Qe+="    "+He.hex2dn(Be.dpname.full[0].dn.hex)+`
+`)}catch{}}return Qe},ue=function(at){for(var Qe="",Ze=at.array,Ce=0;Ce<Ze.length;Ce++){var Be=Ze[Ce];Be.caissuer!==void 0&&(Qe+="    caissuer: "+Be.caissuer+`
+`),Be.ocsp!==void 0&&(Qe+="    ocsp: "+Be.ocsp+`
+`)}return Qe};if(m=`Basic Fields
+`,m+="  serial number: "+this.getSerialNumberHex()+`
+`,m+="  signature algorithm: "+this.getSignatureAlgorithmField()+`
+`,m+="  issuer: "+this.getIssuerString()+`
+`,m+="  notBefore: "+this.getNotBefore()+`
+`,m+="  notAfter: "+this.getNotAfter()+`
+`,m+="  subject: "+this.getSubjectString()+`
+`,m+=`  subject public key info:
+`,m+="    key algorithm: "+(L=this.getPublicKey()).type+`
+`,L.type==="RSA"&&(m+="    n="+kr(L.n.toString(16)).substr(0,16)+`...
+`,m+="    e="+kr(L.e.toString(16))+`
+`),(M=this.aExtInfo)!=null){m+=`X509v3 Extensions:
+`;for(var oe=0;oe<M.length;oe++){var ge=M[oe],ae=E.asn1.x509.OID.oid2name(ge.oid);ae===""&&(ae=ge.oid);var he="";if(ge.critical===!0&&(he="CRITICAL"),m+="  "+ae+" "+he+`:
+`,ae==="basicConstraints"){var be=this.getExtBasicConstraints();be.cA===void 0?m+=`    {}
+`:(m+="    cA=true",be.pathLen!==void 0&&(m+=", pathLen="+be.pathLen),m+=`
+`)}else if(ae==="keyUsage")m+="    "+this.getExtKeyUsageString()+`
+`;else if(ae==="subjectKeyIdentifier")m+="    "+this.getExtSubjectKeyIdentifier().kid.hex+`
+`;else if(ae==="authorityKeyIdentifier"){var Ae=this.getExtAuthorityKeyIdentifier();Ae.kid!==void 0&&(m+="    kid="+Ae.kid.hex+`
+`)}else ae==="extKeyUsage"?m+="    "+this.getExtExtKeyUsage().array.join(", ")+`
+`:ae==="subjectAltName"?m+="    "+K(this.getExtSubjectAltName())+`
+`:ae==="cRLDistributionPoints"?m+=te(this.getExtCRLDistributionPoints()):ae==="authorityInfoAccess"?m+=ue(this.getExtAuthorityInfoAccess()):ae==="certificatePolicies"&&(m+=Y(this.getExtCertificatePolicies()))}}return m+="signature algorithm: "+this.getSignatureAlgorithmName()+`
+`,m+="signature: "+this.getSignatureValueHex().substr(0,16)+`...
+`},typeof t=="string"&&(t.indexOf("-----BEGIN")!=-1?this.readCertPEM(t):E.lang.String.isHex(t)&&this.readCertHex(t))}le.prototype.sign=function(t,e){var r=(function(a){return E.crypto.Util.hashString(a,e)})(t);return this.signWithMessageHash(r,e)},le.prototype.signWithMessageHash=function(t,e){var r=ot(E.crypto.Util.getPaddedDigestInfoHex(t,e,this.n.bitLength()),16);return wn(this.doPrivate(r).toString(16),this.n.bitLength())},le.prototype.signPSS=function(t,e,r){var n=(function(f){return E.crypto.Util.hashHex(f,e)})(_t(t));return r===void 0&&(r=-1),this.signWithMessageHashPSS(n,e,r)},le.prototype.signWithMessageHashPSS=function(t,e,r){var n,a=ht(t),f=a.length,_=this.n.bitLength()-1,P=Math.ceil(_/8),F=function(m){return E.crypto.Util.hashHex(m,e)};if(r===-1||r===void 0)r=f;else if(r===-2)r=P-f-2;else if(r<-2)throw new Error("invalid salt length");if(P<f+r+2)throw new Error("data too long");var k="";r>0&&(k=new Array(r),new Se().nextBytes(k),k=String.fromCharCode.apply(String,k));var D=ht(F(_t("\0\0\0\0\0\0\0\0"+a+k))),O=[];for(n=0;n<P-r-f-2;n+=1)O[n]=0;var V=String.fromCharCode.apply(String,O)+"
"+k,z=Sn(D,V.length,F),G=[];for(n=0;n<V.length;n+=1)G[n]=V.charCodeAt(n)^z.charCodeAt(n);var Z=65280>>8*P-_&255;for(G[0]&=~Z,n=0;n<f;n++)G.push(D.charCodeAt(n));return G.push(188),wn(this.doPrivate(new N(G)).toString(16),this.n.bitLength())},le.prototype.verify=function(t,e){if((e=e.toLowerCase()).match(/^[0-9a-f]+$/)==null)return!1;var r=ot(e,16),n=this.n.bitLength();if(r.bitLength()>n)return!1;var a=this.doPublic(r).toString(16);if(a.length+3!=n/4)return!1;var f=bn(a.replace(/^1f+00/,""));if(f.length==0)return!1;var _=f[0];return f[1]==(function(F){return E.crypto.Util.hashString(F,_)})(t)},le.prototype.verifyWithMessageHash=function(t,e){if(e.length!=Math.ceil(this.n.bitLength()/4))return!1;var r=ot(e,16);if(r.bitLength()>this.n.bitLength())return 0;var n=bn(this.doPublic(r).toString(16).replace(/^1f+00/,""));return n.length==0?!1:(n[0],n[1]==t)},le.prototype.verifyPSS=function(t,e,r,n){var a=(function(_){return E.crypto.Util.hashHex(_,r)})(_t(t));return n===void 0&&(n=-1),this.verifyWithMessageHashPSS(a,e,r,n)},le.prototype.verifyWithMessageHashPSS=function(t,e,r,n){if(e.length!=Math.ceil(this.n.bitLength()/4))return!1;var a,f=new N(e,16),_=function(M){return E.crypto.Util.hashHex(M,r)},P=ht(t),F=P.length,k=this.n.bitLength()-1,D=Math.ceil(k/8);if(n===-1||n===void 0)n=F;else if(n===-2)n=D-F-2;else if(n<-2)throw new Error("invalid salt length");if(D<F+n+2)throw new Error("data too long");var O=this.doPublic(f).toByteArray();for(a=0;a<O.length;a+=1)O[a]&=255;for(;O.length<D;)O.unshift(0);if(O[D-1]!==188)throw new Error("encoded message does not end in 0xbc");var V=(O=String.fromCharCode.apply(String,O)).substr(0,D-F-1),z=O.substr(V.length,F),G=65280>>8*D-k&255;if((V.charCodeAt(0)&G)!=0)throw new Error("bits beyond keysize not zero");var Z=Sn(z,V.length,_),ee=[];for(a=0;a<V.length;a+=1)ee[a]=V.charCodeAt(a)^Z.charCodeAt(a);ee[0]&=~G;var m=D-F-n-2;for(a=0;a<m;a+=1)if(ee[a]!==0)throw new Error("leftmost octets not zero");if(ee[m]!==1)throw new Error("0x01 marker not found");return z===ht(_(_t("\0\0\0\0\0\0\0\0"+P+String.fromCharCode.apply(String,ee.slice(-n)))))},le.SALT_LEN_HLEN=-1,le.SALT_LEN_MAX=-2,le.SALT_LEN_RECOVER=-2,He.hex2dn=function(t,e){e===void 0&&(e=0);var r=new He;return se.getTLV(t,e),r.getX500Name(t).str},He.hex2rdn=function(t,e){if(e===void 0&&(e=0),t.substr(e,2)!=="31")throw new Error("malformed RDN");for(var r=new Array,n=se.getChildIdx(t,e),a=0;a<n.length;a++)r.push(He.hex2attrTypeValue(t,n[a]));return(r=r.map((function(f){return f.replace("+","\\+")}))).join("+")},He.hex2attrTypeValue=function(t,e){var r=se,n=r.getV;if(e===void 0&&(e=0),t.substr(e,2)!=="30")throw new Error("malformed attribute type and value");var a=r.getChildIdx(t,e);a.length!==2||t.substr(a[0],2);var f=n(t,a[0]),_=E.asn1.ASN1Util.oidHexToInt(f);return E.asn1.x509.OID.oid2atype(_)+"="+ht(n(t,a[1]))},He.getPublicKeyFromCertHex=function(t){var e=new He;return e.readCertHex(t),e.getPublicKey()},He.getPublicKeyFromCertPEM=function(t){var e=new He;return e.readCertPEM(t),e.getPublicKey()},He.getPublicKeyInfoPropOfCertPEM=function(t){var e,r,n=se.getVbyList,a={};return a.algparam=null,(e=new He).readCertPEM(t),r=e.getPublicKeyHex(),a.keyhex=n(r,0,[1],"03").substr(2),a.algoid=n(r,0,[0,0],"06"),a.algoid==="2a8648ce3d0201"&&(a.algparam=n(r,0,[0,1],"06")),a},He.KEYUSAGE_NAME=["digitalSignature","nonRepudiation","keyEncipherment","dataEncipherment","keyAgreement","keyCertSign","cRLSign","encipherOnly","decipherOnly"],E!==void 0&&E||(s.KJUR=E={}),E.jws!==void 0&&E.jws||(E.jws={}),E.jws.JWS=function(){var t=E.jws.JWS.isSafeJSONString;this.parseJWS=function(e,r){if(this.parsedJWS===void 0||!r&&this.parsedJWS.sigvalH===void 0){var n=e.match(/^([^.]+)\.([^.]+)\.([^.]+)$/);if(n==null)throw"JWS signature is not a form of 'Head.Payload.SigValue'.";var a=n[1],f=n[2],_=n[3],P=a+"."+f;if(this.parsedJWS={},this.parsedJWS.headB64U=a,this.parsedJWS.payloadB64U=f,this.parsedJWS.sigvalB64U=_,this.parsedJWS.si=P,!r){var F=Ee(_),k=ot(F,16);this.parsedJWS.sigvalH=F,this.parsedJWS.sigvalBI=k}var D=gt(a),O=gt(f);if(this.parsedJWS.headS=D,this.parsedJWS.payloadS=O,!t(D,this.parsedJWS,"headP"))throw"malformed JSON string for JWS Head: "+D}}},E.jws.JWS.sign=function(t,e,r,n,a){var f,_,P,F=E,k=F.jws.JWS,D=k.readSafeJSONString,O=k.isSafeJSONString,V=F.crypto,z=(V.ECDSA,V.Mac),G=V.Signature,Z=JSON;if(typeof e!="string"&&(e===void 0?"undefined":C(e))!="object")throw"spHeader must be JSON string or object: "+e;if((e===void 0?"undefined":C(e))=="object"&&(_=e,f=Z.stringify(_)),typeof e=="string"){if(!O(f=e))throw"JWS Head is not safe JSON string: "+f;_=D(f)}if(P=r,(r===void 0?"undefined":C(r))=="object"&&(P=Z.stringify(r)),t!=""&&t!=null||_.alg===void 0||(t=_.alg),t!=""&&t!=null&&_.alg===void 0&&(_.alg=t,f=Z.stringify(_)),t!==_.alg)throw"alg and sHeader.alg doesn't match: "+t+"!="+_.alg;var ee=null;if(k.jwsalg2sigalg[t]===void 0)throw"unsupported alg name: "+t;ee=k.jwsalg2sigalg[t];var m=$t(f)+"."+$t(P),L="";if(ee.substr(0,4)=="Hmac"){if(n===void 0)throw"mac key shall be specified for HS* alg";var M=new z({alg:ee,prov:"cryptojs",pass:n});M.updateString(m),L=M.doFinal()}else if(ee.indexOf("withECDSA")!=-1){(Y=new G({alg:ee})).init(n,a),Y.updateString(m);var K=Y.sign();L=E.crypto.ECDSA.asn1SigToConcatSig(K)}else{var Y;ee!="none"&&((Y=new G({alg:ee})).init(n,a),Y.updateString(m),L=Y.sign())}return m+"."+Ne(L)},E.jws.JWS.verify=function(t,e,r){var n,a=E,f=a.jws.JWS,_=f.readSafeJSONString,P=a.crypto,F=P.ECDSA,k=P.Mac,D=P.Signature;C(le)!==void 0&&(n=le);var O=t.split(".");if(O.length!==3)return!1;var V=O[0]+"."+O[1],z=Ee(O[2]),G=_(gt(O[0])),Z=null,ee=null;if(G.alg===void 0)throw"algorithm not specified in header";if(ee=(Z=G.alg).substr(0,2),r!=null&&Object.prototype.toString.call(r)==="[object Array]"&&r.length>0&&(":"+r.join(":")+":").indexOf(":"+Z+":")==-1)throw"algorithm '"+Z+"' not accepted in the list";if(Z!="none"&&e===null)throw"key shall be specified to verify.";if(typeof e=="string"&&e.indexOf("-----BEGIN ")!=-1&&(e=Ue.getKey(e)),!(ee!="RS"&&ee!="PS"||e instanceof n))throw"key shall be a RSAKey obj for RS* and PS* algs";if(ee=="ES"&&!(e instanceof F))throw"key shall be a ECDSA obj for ES* algs";var m=null;if(f.jwsalg2sigalg[G.alg]===void 0)throw"unsupported alg name: "+Z;if((m=f.jwsalg2sigalg[Z])=="none")throw"not supported";if(m.substr(0,4)=="Hmac"){if(e===void 0)throw"hexadecimal key shall be specified for HMAC";var L=new k({alg:m,pass:e});return L.updateString(V),z==L.doFinal()}if(m.indexOf("withECDSA")!=-1){var M,K=null;try{K=F.concatSigToASN1Sig(z)}catch{return!1}return(M=new D({alg:m})).init(e),M.updateString(V),M.verify(K)}return(M=new D({alg:m})).init(e),M.updateString(V),M.verify(z)},E.jws.JWS.parse=function(t){var e,r,n,a=t.split("."),f={};if(a.length!=2&&a.length!=3)throw"malformed sJWS: wrong number of '.' splitted elements";return e=a[0],r=a[1],a.length==3&&(n=a[2]),f.headerObj=E.jws.JWS.readSafeJSONString(gt(e)),f.payloadObj=E.jws.JWS.readSafeJSONString(gt(r)),f.headerPP=JSON.stringify(f.headerObj,null,"  "),f.payloadObj==null?f.payloadPP=gt(r):f.payloadPP=JSON.stringify(f.payloadObj,null,"  "),n!==void 0&&(f.sigHex=Ee(n)),f},E.jws.JWS.verifyJWT=function(t,e,r){var n=E.jws,a=n.JWS,f=a.readSafeJSONString,_=a.inArray,P=a.includedArray,F=t.split("."),k=F[0],D=F[1],O=(Ee(F[2]),f(gt(k))),V=f(gt(D));if(O.alg===void 0)return!1;if(r.alg===void 0)throw"acceptField.alg shall be specified";if(!_(O.alg,r.alg)||V.iss!==void 0&&C(r.iss)==="object"&&!_(V.iss,r.iss)||V.sub!==void 0&&C(r.sub)==="object"&&!_(V.sub,r.sub))return!1;if(V.aud!==void 0&&C(r.aud)==="object"){if(typeof V.aud=="string"){if(!_(V.aud,r.aud))return!1}else if(C(V.aud)=="object"&&!P(V.aud,r.aud))return!1}var z=n.IntDate.getNow();return r.verifyAt!==void 0&&typeof r.verifyAt=="number"&&(z=r.verifyAt),r.gracePeriod!==void 0&&typeof r.gracePeriod=="number"||(r.gracePeriod=0),!(V.exp!==void 0&&typeof V.exp=="number"&&V.exp+r.gracePeriod<z)&&!(V.nbf!==void 0&&typeof V.nbf=="number"&&z<V.nbf-r.gracePeriod)&&!(V.iat!==void 0&&typeof V.iat=="number"&&z<V.iat-r.gracePeriod)&&(V.jti===void 0||r.jti===void 0||V.jti===r.jti)&&!!a.verify(t,e,r.alg)},E.jws.JWS.includedArray=function(t,e){var r=E.jws.JWS.inArray;if(t===null||(t===void 0?"undefined":C(t))!=="object"||typeof t.length!="number")return!1;for(var n=0;n<t.length;n++)if(!r(t[n],e))return!1;return!0},E.jws.JWS.inArray=function(t,e){if(e===null||(e===void 0?"undefined":C(e))!=="object"||typeof e.length!="number")return!1;for(var r=0;r<e.length;r++)if(e[r]==t)return!0;return!1},E.jws.JWS.jwsalg2sigalg={HS256:"HmacSHA256",HS384:"HmacSHA384",HS512:"HmacSHA512",RS256:"SHA256withRSA",RS384:"SHA384withRSA",RS512:"SHA512withRSA",ES256:"SHA256withECDSA",ES384:"SHA384withECDSA",PS256:"SHA256withRSAandMGF1",PS384:"SHA384withRSAandMGF1",PS512:"SHA512withRSAandMGF1",none:"none"},E.jws.JWS.isSafeJSONString=function(t,e,r){var n=null;try{return((n=un(t))===void 0?"undefined":C(n))!="object"||n.constructor===Array?0:(e&&(e[r]=n),1)}catch{return 0}},E.jws.JWS.readSafeJSONString=function(t){var e=null;try{return((e=un(t))===void 0?"undefined":C(e))!="object"||e.constructor===Array?null:e}catch{return null}},E.jws.JWS.getEncodedSignatureValueFromJWS=function(t){var e=t.match(/^[^.]+\.[^.]+\.([^.]+)$/);if(e==null)throw"JWS signature is not a form of 'Head.Payload.SigValue'.";return e[1]},E.jws.JWS.getJWKthumbprint=function(t){if(t.kty!=="RSA"&&t.kty!=="EC"&&t.kty!=="oct")throw"unsupported algorithm for JWK Thumprint";var e="{";if(t.kty==="RSA"){if(typeof t.n!="string"||typeof t.e!="string")throw"wrong n and e value for RSA key";e+='"e":"'+t.e+'",',e+='"kty":"'+t.kty+'",',e+='"n":"'+t.n+'"}'}else if(t.kty==="EC"){if(typeof t.crv!="string"||typeof t.x!="string"||typeof t.y!="string")throw"wrong crv, x and y value for EC key";e+='"crv":"'+t.crv+'",',e+='"kty":"'+t.kty+'",',e+='"x":"'+t.x+'",',e+='"y":"'+t.y+'"}'}else if(t.kty==="oct"){if(typeof t.k!="string")throw"wrong k value for oct(symmetric) key";e+='"kty":"'+t.kty+'",',e+='"k":"'+t.k+'"}'}var r=_t(e);return Ne(E.crypto.Util.hashHex(r,"sha256"))},E.jws.IntDate={},E.jws.IntDate.get=function(t){var e=E.jws.IntDate,r=e.getNow,n=e.getZulu;if(t=="now")return r();if(t=="now + 1hour")return r()+3600;if(t=="now + 1day")return r()+86400;if(t=="now + 1month")return r()+2592e3;if(t=="now + 1year")return r()+31536e3;if(t.match(/Z$/))return n(t);if(t.match(/^[0-9]+$/))return parseInt(t);throw"unsupported format: "+t},E.jws.IntDate.getZulu=function(t){return gn(t)},E.jws.IntDate.getNow=function(){return~~(new Date/1e3)},E.jws.IntDate.intDate2UTCString=function(t){return new Date(1e3*t).toUTCString()},E.jws.IntDate.intDate2Zulu=function(t){var e=new Date(1e3*t);return("0000"+e.getUTCFullYear()).slice(-4)+("00"+(e.getUTCMonth()+1)).slice(-2)+("00"+e.getUTCDate()).slice(-2)+("00"+e.getUTCHours()).slice(-2)+("00"+e.getUTCMinutes()).slice(-2)+("00"+e.getUTCSeconds()).slice(-2)+"Z"},s.SecureRandom=Se,s.rng_seed_time=X,s.BigInteger=N,s.RSAKey=le;var xi=E.crypto.EDSA;s.EDSA=xi;var Ai=E.crypto.DSA;s.DSA=Ai;var ki=E.crypto.Signature;s.Signature=ki;var Pi=E.crypto.MessageDigest;s.MessageDigest=Pi;var Ti=E.crypto.Mac;s.Mac=Ti;var Ii=E.crypto.Cipher;s.Cipher=Ii,s.KEYUTIL=Ue,s.ASN1HEX=se,s.X509=He,s.CryptoJS=x,s.b64tohex=Q,s.b64toBA=ne,s.stoBA=cn,s.BAtos=ln,s.BAtohex=ar,s.stohex=Ft,s.stob64=function(e){return I(Ft(e))},s.stob64u=function(e){return ur(I(Ft(e)))},s.b64utos=function(e){return ln(ne(zt(e)))},s.b64tob64u=ur,s.b64utob64=zt,s.hex2b64=I,s.hextob64u=Ne,s.b64utohex=Ee,s.utf8tob64u=$t,s.b64utoutf8=gt,s.utf8tob64=function(e){return I(cr(hr(e)))},s.b64toutf8=function(e){return decodeURIComponent(lr(Q(e)))},s.utf8tohex=Fr,s.hextoutf8=Oe,s.hextorstr=ht,s.rstrtohex=_t,s.hextob64=hn,s.hextob64nl=dn,s.b64nltohex=fn,s.hextopem=st,s.pemtohex=wt,s.hextoArrayBuffer=function(e){if(e.length%2!=0)throw"input is not even length";if(e.match(/^[0-9A-Fa-f]+$/)==null)throw"input is not hexadecimal";for(var r=new ArrayBuffer(e.length/2),n=new DataView(r),a=0;a<e.length/2;a++)n.setUint8(a,parseInt(e.substr(2*a,2),16));return r},s.ArrayBuffertohex=function(e){for(var r="",n=new DataView(e),a=0;a<e.byteLength;a++)r+=("00"+n.getUint8(a).toString(16)).slice(-2);return r},s.zulutomsec=xr,s.zulutosec=gn,s.zulutodate=function(e){return new Date(xr(e))},s.datetozulu=function(e,r,n){var a,f=e.getUTCFullYear();if(r){if(f<1950||2049<f)throw"not proper year for UTCTime: "+f;a=(""+f).slice(-2)}else a=("000"+f).slice(-4);if(a+=("0"+(e.getUTCMonth()+1)).slice(-2),a+=("0"+e.getUTCDate()).slice(-2),a+=("0"+e.getUTCHours()).slice(-2),a+=("0"+e.getUTCMinutes()).slice(-2),a+=("0"+e.getUTCSeconds()).slice(-2),n){var _=e.getUTCMilliseconds();_!==0&&(a+="."+(_=(_=("00"+_).slice(-3)).replace(/0+$/g,"")))}return a+="Z"},s.uricmptohex=cr,s.hextouricmp=lr,s.ipv6tohex=pn,s.hextoipv6=yn,s.hextoip=Ar,s.iptohex=function(e){var r="malformed IP address";if(!(e=e.toLowerCase(e)).match(/^[0-9.]+$/)){if(e.match(/^[0-9a-f:]+$/)&&e.indexOf(":")!==-1)return pn(e);throw r}var n=e.split(".");if(n.length!==4)throw r;var a="";try{for(var f=0;f<4;f++)a+=("0"+parseInt(n[f]).toString(16)).slice(-2);return a}catch{throw r}},s.encodeURIComponentAll=hr,s.newline_toUnix=function(e){return e=e.replace(/\r\n/gm,`
+`)},s.newline_toDos=function(e){return e=(e=e.replace(/\r\n/gm,`
+`)).replace(/\n/gm,`\r
+`)},s.hextoposhex=kr,s.intarystrtohex=function(e){e=(e=(e=e.replace(/^\s*\[\s*/,"")).replace(/\s*\]\s*$/,"")).replace(/\s*/g,"");try{return e.split(/,/).map((function(r,n,a){var f=parseInt(r);if(f<0||255<f)throw"integer not in range 0-255";return("00"+f.toString(16)).slice(-2)})).join("")}catch(r){throw"malformed integer array string: "+r}},s.strdiffidx=function(e,r){var n=e.length;e.length>r.length&&(n=r.length);for(var a=0;a<n;a++)if(e.charCodeAt(a)!=r.charCodeAt(a))return a;return e.length!=r.length?n:-1},s.KJUR=E;var Ri=E.crypto;s.crypto=Ri;var Ci=E.asn1;s.asn1=Ci;var Ui=E.jws;s.jws=Ui;var Di=E.lang;s.lang=Di}).call(this,y(28).Buffer)},function(c,s,y){(function(v){var d=y(30),b=y(31),w=y(32);function h(){return u.TYPED_ARRAY_SUPPORT?2147483647:1073741823}function l(q,g){if(h()<g)throw new RangeError("Invalid typed array length");return u.TYPED_ARRAY_SUPPORT?(q=new Uint8Array(g)).__proto__=u.prototype:(q===null&&(q=new u(g)),q.length=g),q}function u(q,g,p){if(!(u.TYPED_ARRAY_SUPPORT||this instanceof u))return new u(q,g,p);if(typeof q=="number"){if(typeof g=="string")throw new Error("If encoding is specified then the first argument must be a string");return A(this,q)}return S(this,q,g,p)}function S(q,g,p,j){if(typeof g=="number")throw new TypeError('"value" argument must not be a number');return typeof ArrayBuffer<"u"&&g instanceof ArrayBuffer?(function(X,re,ce,de){if(re.byteLength,ce<0||re.byteLength<ce)throw new RangeError("'offset' is out of bounds");if(re.byteLength<ce+(de||0))throw new RangeError("'length' is out of bounds");return re=ce===void 0&&de===void 0?new Uint8Array(re):de===void 0?new Uint8Array(re,ce):new Uint8Array(re,ce,de),u.TYPED_ARRAY_SUPPORT?(X=re).__proto__=u.prototype:X=J(X,re),X})(q,g,p,j):typeof g=="string"?(function(X,re,ce){if(typeof ce=="string"&&ce!==""||(ce="utf8"),!u.isEncoding(ce))throw new TypeError('"encoding" must be a valid string encoding');var de=0|C(re,ce),we=(X=l(X,de)).write(re,ce);return we!==de&&(X=X.slice(0,we)),X})(q,g,p):(function(X,re){if(u.isBuffer(re)){var ce=0|H(re.length);return(X=l(X,ce)).length===0||re.copy(X,0,0,ce),X}if(re){if(typeof ArrayBuffer<"u"&&re.buffer instanceof ArrayBuffer||"length"in re)return typeof re.length!="number"||(function(we){return we!=we})(re.length)?l(X,0):J(X,re);if(re.type==="Buffer"&&w(re.data))return J(X,re.data)}throw new TypeError("First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.")})(q,g)}function R(q){if(typeof q!="number")throw new TypeError('"size" argument must be a number');if(q<0)throw new RangeError('"size" argument must not be negative')}function A(q,g){if(R(g),q=l(q,g<0?0:0|H(g)),!u.TYPED_ARRAY_SUPPORT)for(var p=0;p<g;++p)q[p]=0;return q}function J(q,g){var p=g.length<0?0:0|H(g.length);q=l(q,p);for(var j=0;j<p;j+=1)q[j]=255&g[j];return q}function H(q){if(q>=h())throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+h().toString(16)+" bytes");return 0|q}function C(q,g){if(u.isBuffer(q))return q.length;if(typeof ArrayBuffer<"u"&&typeof ArrayBuffer.isView=="function"&&(ArrayBuffer.isView(q)||q instanceof ArrayBuffer))return q.byteLength;typeof q!="string"&&(q=""+q);var p=q.length;if(p===0)return 0;for(var j=!1;;)switch(g){case"ascii":case"latin1":case"binary":return p;case"utf8":case"utf-8":case void 0:return it(q).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*p;case"hex":return p>>>1;case"base64":return Ke(q).length;default:if(j)return it(q).length;g=(""+g).toLowerCase(),j=!0}}function U(q,g,p){var j=!1;if((g===void 0||g<0)&&(g=0),g>this.length||((p===void 0||p>this.length)&&(p=this.length),p<=0)||(p>>>=0)<=(g>>>=0))return"";for(q||(q="utf8");;)switch(q){case"hex":return Le(this,g,p);case"utf8":case"utf-8":return me(this,g,p);case"ascii":return Re(this,g,p);case"latin1":case"binary":return ze(this,g,p);case"base64":return ye(this,g,p);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return Ge(this,g,p);default:if(j)throw new TypeError("Unknown encoding: "+q);q=(q+"").toLowerCase(),j=!0}}function W(q,g,p){var j=q[g];q[g]=q[p],q[p]=j}function x(q,g,p,j,$){if(q.length===0)return-1;if(typeof p=="string"?(j=p,p=0):p>2147483647?p=2147483647:p<-2147483648&&(p=-2147483648),p=+p,isNaN(p)&&(p=$?0:q.length-1),p<0&&(p=q.length+p),p>=q.length){if($)return-1;p=q.length-1}else if(p<0){if(!$)return-1;p=0}if(typeof g=="string"&&(g=u.from(g,j)),u.isBuffer(g))return g.length===0?-1:B(q,g,p,j,$);if(typeof g=="number")return g&=255,u.TYPED_ARRAY_SUPPORT&&typeof Uint8Array.prototype.indexOf=="function"?$?Uint8Array.prototype.indexOf.call(q,g,p):Uint8Array.prototype.lastIndexOf.call(q,g,p):B(q,[g],p,j,$);throw new TypeError("val must be string, number or Buffer")}function B(q,g,p,j,$){var X,re=1,ce=q.length,de=g.length;if(j!==void 0&&((j=String(j).toLowerCase())==="ucs2"||j==="ucs-2"||j==="utf16le"||j==="utf-16le")){if(q.length<2||g.length<2)return-1;re=2,ce/=2,de/=2,p/=2}function we(ft,le){return re===1?ft[le]:ft.readUInt16BE(le*re)}if($){var _e=-1;for(X=p;X<ce;X++)if(we(q,X)===we(g,_e===-1?0:X-_e)){if(_e===-1&&(_e=X),X-_e+1===de)return _e*re}else _e!==-1&&(X-=X-_e),_e=-1}else for(p+de>ce&&(p=ce-de),X=p;X>=0;X--){for(var Se=!0,ot=0;ot<de;ot++)if(we(q,X+ot)!==we(g,ot)){Se=!1;break}if(Se)return X}return-1}function T(q,g,p,j){p=Number(p)||0;var $=q.length-p;j?(j=Number(j))>$&&(j=$):j=$;var X=g.length;if(X%2!=0)throw new TypeError("Invalid hex string");j>X/2&&(j=X/2);for(var re=0;re<j;++re){var ce=parseInt(g.substr(2*re,2),16);if(isNaN(ce))return re;q[p+re]=ce}return re}function I(q,g,p,j){return xe(it(g,q.length-p),q,p,j)}function Q(q,g,p,j){return xe((function(X){for(var re=[],ce=0;ce<X.length;++ce)re.push(255&X.charCodeAt(ce));return re})(g),q,p,j)}function ne(q,g,p,j){return Q(q,g,p,j)}function N(q,g,p,j){return xe(Ke(g),q,p,j)}function ie(q,g,p,j){return xe((function(X,re){for(var ce,de,we,_e=[],Se=0;Se<X.length&&!((re-=2)<0);++Se)de=(ce=X.charCodeAt(Se))>>8,we=ce%256,_e.push(we),_e.push(de);return _e})(g,q.length-p),q,p,j)}function ye(q,g,p){return g===0&&p===q.length?d.fromByteArray(q):d.fromByteArray(q.slice(g,p))}function me(q,g,p){p=Math.min(q.length,p);for(var j=[],$=g;$<p;){var X,re,ce,de,we=q[$],_e=null,Se=we>239?4:we>223?3:we>191?2:1;if($+Se<=p)switch(Se){case 1:we<128&&(_e=we);break;case 2:(192&(X=q[$+1]))==128&&(de=(31&we)<<6|63&X)>127&&(_e=de);break;case 3:X=q[$+1],re=q[$+2],(192&X)==128&&(192&re)==128&&(de=(15&we)<<12|(63&X)<<6|63&re)>2047&&(de<55296||de>57343)&&(_e=de);break;case 4:X=q[$+1],re=q[$+2],ce=q[$+3],(192&X)==128&&(192&re)==128&&(192&ce)==128&&(de=(15&we)<<18|(63&X)<<12|(63&re)<<6|63&ce)>65535&&de<1114112&&(_e=de)}_e===null?(_e=65533,Se=1):_e>65535&&(_e-=65536,j.push(_e>>>10&1023|55296),_e=56320|1023&_e),j.push(_e),$+=Se}return(function(ft){var le=ft.length;if(le<=je)return String.fromCharCode.apply(String,ft);for(var Pe="",pe=0;pe<le;)Pe+=String.fromCharCode.apply(String,ft.slice(pe,pe+=je));return Pe})(j)}s.Buffer=u,s.SlowBuffer=function(g){return+g!=g&&(g=0),u.alloc(+g)},s.INSPECT_MAX_BYTES=50,u.TYPED_ARRAY_SUPPORT=v.TYPED_ARRAY_SUPPORT!==void 0?v.TYPED_ARRAY_SUPPORT:(function(){try{var g=new Uint8Array(1);return g.__proto__={__proto__:Uint8Array.prototype,foo:function(){return 42}},g.foo()===42&&typeof g.subarray=="function"&&g.subarray(1,1).byteLength===0}catch{return!1}})(),s.kMaxLength=h(),u.poolSize=8192,u._augment=function(q){return q.__proto__=u.prototype,q},u.from=function(q,g,p){return S(null,q,g,p)},u.TYPED_ARRAY_SUPPORT&&(u.prototype.__proto__=Uint8Array.prototype,u.__proto__=Uint8Array,typeof Symbol<"u"&&Symbol.species&&u[Symbol.species]===u&&Object.defineProperty(u,Symbol.species,{value:null,configurable:!0})),u.alloc=function(q,g,p){return(function($,X,re,ce){return R(X),X<=0?l($,X):re!==void 0?typeof ce=="string"?l($,X).fill(re,ce):l($,X).fill(re):l($,X)})(null,q,g,p)},u.allocUnsafe=function(q){return A(null,q)},u.allocUnsafeSlow=function(q){return A(null,q)},u.isBuffer=function(g){return!(g==null||!g._isBuffer)},u.compare=function(g,p){if(!u.isBuffer(g)||!u.isBuffer(p))throw new TypeError("Arguments must be Buffers");if(g===p)return 0;for(var j=g.length,$=p.length,X=0,re=Math.min(j,$);X<re;++X)if(g[X]!==p[X]){j=g[X],$=p[X];break}return j<$?-1:$<j?1:0},u.isEncoding=function(g){switch(String(g).toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"latin1":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return!0;default:return!1}},u.concat=function(g,p){if(!w(g))throw new TypeError('"list" argument must be an Array of Buffers');if(g.length===0)return u.alloc(0);var j;if(p===void 0)for(p=0,j=0;j<g.length;++j)p+=g[j].length;var $=u.allocUnsafe(p),X=0;for(j=0;j<g.length;++j){var re=g[j];if(!u.isBuffer(re))throw new TypeError('"list" argument must be an Array of Buffers');re.copy($,X),X+=re.length}return $},u.byteLength=C,u.prototype._isBuffer=!0,u.prototype.swap16=function(){var g=this.length;if(g%2!=0)throw new RangeError("Buffer size must be a multiple of 16-bits");for(var p=0;p<g;p+=2)W(this,p,p+1);return this},u.prototype.swap32=function(){var g=this.length;if(g%4!=0)throw new RangeError("Buffer size must be a multiple of 32-bits");for(var p=0;p<g;p+=4)W(this,p,p+3),W(this,p+1,p+2);return this},u.prototype.swap64=function(){var g=this.length;if(g%8!=0)throw new RangeError("Buffer size must be a multiple of 64-bits");for(var p=0;p<g;p+=8)W(this,p,p+7),W(this,p+1,p+6),W(this,p+2,p+5),W(this,p+3,p+4);return this},u.prototype.toString=function(){var g=0|this.length;return g===0?"":arguments.length===0?me(this,0,g):U.apply(this,arguments)},u.prototype.equals=function(g){if(!u.isBuffer(g))throw new TypeError("Argument must be a Buffer");return this===g||u.compare(this,g)===0},u.prototype.inspect=function(){var g="",p=s.INSPECT_MAX_BYTES;return this.length>0&&(g=this.toString("hex",0,p).match(/.{2}/g).join(" "),this.length>p&&(g+=" ... ")),"<Buffer "+g+">"},u.prototype.compare=function(g,p,j,$,X){if(!u.isBuffer(g))throw new TypeError("Argument must be a Buffer");if(p===void 0&&(p=0),j===void 0&&(j=g?g.length:0),$===void 0&&($=0),X===void 0&&(X=this.length),p<0||j>g.length||$<0||X>this.length)throw new RangeError("out of range index");if($>=X&&p>=j)return 0;if($>=X)return-1;if(p>=j)return 1;if(this===g)return 0;for(var re=(X>>>=0)-($>>>=0),ce=(j>>>=0)-(p>>>=0),de=Math.min(re,ce),we=this.slice($,X),_e=g.slice(p,j),Se=0;Se<de;++Se)if(we[Se]!==_e[Se]){re=we[Se],ce=_e[Se];break}return re<ce?-1:ce<re?1:0},u.prototype.includes=function(g,p,j){return this.indexOf(g,p,j)!==-1},u.prototype.indexOf=function(g,p,j){return x(this,g,p,j,!0)},u.prototype.lastIndexOf=function(g,p,j){return x(this,g,p,j,!1)},u.prototype.write=function(g,p,j,$){if(p===void 0)$="utf8",j=this.length,p=0;else if(j===void 0&&typeof p=="string")$=p,j=this.length,p=0;else{if(!isFinite(p))throw new Error("Buffer.write(string, encoding, offset[, length]) is no longer supported");p|=0,isFinite(j)?(j|=0,$===void 0&&($="utf8")):($=j,j=void 0)}var X=this.length-p;if((j===void 0||j>X)&&(j=X),g.length>0&&(j<0||p<0)||p>this.length)throw new RangeError("Attempt to write outside buffer bounds");$||($="utf8");for(var re=!1;;)switch($){case"hex":return T(this,g,p,j);case"utf8":case"utf-8":return I(this,g,p,j);case"ascii":return Q(this,g,p,j);case"latin1":case"binary":return ne(this,g,p,j);case"base64":return N(this,g,p,j);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return ie(this,g,p,j);default:if(re)throw new TypeError("Unknown encoding: "+$);$=(""+$).toLowerCase(),re=!0}},u.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};var je=4096;function Re(q,g,p){var j="";p=Math.min(q.length,p);for(var $=g;$<p;++$)j+=String.fromCharCode(127&q[$]);return j}function ze(q,g,p){var j="";p=Math.min(q.length,p);for(var $=g;$<p;++$)j+=String.fromCharCode(q[$]);return j}function Le(q,g,p){var j=q.length;(!g||g<0)&&(g=0),(!p||p<0||p>j)&&(p=j);for(var $="",X=g;X<p;++X)$+=Xe(q[X]);return $}function Ge(q,g,p){for(var j=q.slice(g,p),$="",X=0;X<j.length;X+=2)$+=String.fromCharCode(j[X]+256*j[X+1]);return $}function fe(q,g,p){if(q%1!=0||q<0)throw new RangeError("offset is not uint");if(q+g>p)throw new RangeError("Trying to access beyond buffer length")}function ve(q,g,p,j,$,X){if(!u.isBuffer(q))throw new TypeError('"buffer" argument must be a Buffer instance');if(g>$||g<X)throw new RangeError('"value" argument is out of bounds');if(p+j>q.length)throw new RangeError("Index out of range")}function We(q,g,p,j){g<0&&(g=65535+g+1);for(var $=0,X=Math.min(q.length-p,2);$<X;++$)q[p+$]=(g&255<<8*(j?$:1-$))>>>8*(j?$:1-$)}function Ye(q,g,p,j){g<0&&(g=4294967295+g+1);for(var $=0,X=Math.min(q.length-p,4);$<X;++$)q[p+$]=g>>>8*(j?$:3-$)&255}function rt(q,g,p,j,$,X){if(p+j>q.length)throw new RangeError("Index out of range");if(p<0)throw new RangeError("Index out of range")}function nt(q,g,p,j,$){return $||rt(q,0,p,4),b.write(q,g,p,j,23,4),p+4}function ct(q,g,p,j,$){return $||rt(q,0,p,8),b.write(q,g,p,j,52,8),p+8}u.prototype.slice=function(g,p){var j,$=this.length;if((g=~~g)<0?(g+=$)<0&&(g=0):g>$&&(g=$),(p=p===void 0?$:~~p)<0?(p+=$)<0&&(p=0):p>$&&(p=$),p<g&&(p=g),u.TYPED_ARRAY_SUPPORT)(j=this.subarray(g,p)).__proto__=u.prototype;else{var X=p-g;j=new u(X,void 0);for(var re=0;re<X;++re)j[re]=this[re+g]}return j},u.prototype.readUIntLE=function(g,p,j){g|=0,p|=0,j||fe(g,p,this.length);for(var $=this[g],X=1,re=0;++re<p&&(X*=256);)$+=this[g+re]*X;return $},u.prototype.readUIntBE=function(g,p,j){g|=0,p|=0,j||fe(g,p,this.length);for(var $=this[g+--p],X=1;p>0&&(X*=256);)$+=this[g+--p]*X;return $},u.prototype.readUInt8=function(g,p){return p||fe(g,1,this.length),this[g]},u.prototype.readUInt16LE=function(g,p){return p||fe(g,2,this.length),this[g]|this[g+1]<<8},u.prototype.readUInt16BE=function(g,p){return p||fe(g,2,this.length),this[g]<<8|this[g+1]},u.prototype.readUInt32LE=function(g,p){return p||fe(g,4,this.length),(this[g]|this[g+1]<<8|this[g+2]<<16)+16777216*this[g+3]},u.prototype.readUInt32BE=function(g,p){return p||fe(g,4,this.length),16777216*this[g]+(this[g+1]<<16|this[g+2]<<8|this[g+3])},u.prototype.readIntLE=function(g,p,j){g|=0,p|=0,j||fe(g,p,this.length);for(var $=this[g],X=1,re=0;++re<p&&(X*=256);)$+=this[g+re]*X;return $>=(X*=128)&&($-=Math.pow(2,8*p)),$},u.prototype.readIntBE=function(g,p,j){g|=0,p|=0,j||fe(g,p,this.length);for(var $=p,X=1,re=this[g+--$];$>0&&(X*=256);)re+=this[g+--$]*X;return re>=(X*=128)&&(re-=Math.pow(2,8*p)),re},u.prototype.readInt8=function(g,p){return p||fe(g,1,this.length),128&this[g]?-1*(255-this[g]+1):this[g]},u.prototype.readInt16LE=function(g,p){p||fe(g,2,this.length);var j=this[g]|this[g+1]<<8;return 32768&j?4294901760|j:j},u.prototype.readInt16BE=function(g,p){p||fe(g,2,this.length);var j=this[g+1]|this[g]<<8;return 32768&j?4294901760|j:j},u.prototype.readInt32LE=function(g,p){return p||fe(g,4,this.length),this[g]|this[g+1]<<8|this[g+2]<<16|this[g+3]<<24},u.prototype.readInt32BE=function(g,p){return p||fe(g,4,this.length),this[g]<<24|this[g+1]<<16|this[g+2]<<8|this[g+3]},u.prototype.readFloatLE=function(g,p){return p||fe(g,4,this.length),b.read(this,g,!0,23,4)},u.prototype.readFloatBE=function(g,p){return p||fe(g,4,this.length),b.read(this,g,!1,23,4)},u.prototype.readDoubleLE=function(g,p){return p||fe(g,8,this.length),b.read(this,g,!0,52,8)},u.prototype.readDoubleBE=function(g,p){return p||fe(g,8,this.length),b.read(this,g,!1,52,8)},u.prototype.writeUIntLE=function(g,p,j,$){g=+g,p|=0,j|=0,$||ve(this,g,p,j,Math.pow(2,8*j)-1,0);var X=1,re=0;for(this[p]=255&g;++re<j&&(X*=256);)this[p+re]=g/X&255;return p+j},u.prototype.writeUIntBE=function(g,p,j,$){g=+g,p|=0,j|=0,$||ve(this,g,p,j,Math.pow(2,8*j)-1,0);var X=j-1,re=1;for(this[p+X]=255&g;--X>=0&&(re*=256);)this[p+X]=g/re&255;return p+j},u.prototype.writeUInt8=function(g,p,j){return g=+g,p|=0,j||ve(this,g,p,1,255,0),u.TYPED_ARRAY_SUPPORT||(g=Math.floor(g)),this[p]=255&g,p+1},u.prototype.writeUInt16LE=function(g,p,j){return g=+g,p|=0,j||ve(this,g,p,2,65535,0),u.TYPED_ARRAY_SUPPORT?(this[p]=255&g,this[p+1]=g>>>8):We(this,g,p,!0),p+2},u.prototype.writeUInt16BE=function(g,p,j){return g=+g,p|=0,j||ve(this,g,p,2,65535,0),u.TYPED_ARRAY_SUPPORT?(this[p]=g>>>8,this[p+1]=255&g):We(this,g,p,!1),p+2},u.prototype.writeUInt32LE=function(g,p,j){return g=+g,p|=0,j||ve(this,g,p,4,4294967295,0),u.TYPED_ARRAY_SUPPORT?(this[p+3]=g>>>24,this[p+2]=g>>>16,this[p+1]=g>>>8,this[p]=255&g):Ye(this,g,p,!0),p+4},u.prototype.writeUInt32BE=function(g,p,j){return g=+g,p|=0,j||ve(this,g,p,4,4294967295,0),u.TYPED_ARRAY_SUPPORT?(this[p]=g>>>24,this[p+1]=g>>>16,this[p+2]=g>>>8,this[p+3]=255&g):Ye(this,g,p,!1),p+4},u.prototype.writeIntLE=function(g,p,j,$){if(g=+g,p|=0,!$){var X=Math.pow(2,8*j-1);ve(this,g,p,j,X-1,-X)}var re=0,ce=1,de=0;for(this[p]=255&g;++re<j&&(ce*=256);)g<0&&de===0&&this[p+re-1]!==0&&(de=1),this[p+re]=(g/ce>>0)-de&255;return p+j},u.prototype.writeIntBE=function(g,p,j,$){if(g=+g,p|=0,!$){var X=Math.pow(2,8*j-1);ve(this,g,p,j,X-1,-X)}var re=j-1,ce=1,de=0;for(this[p+re]=255&g;--re>=0&&(ce*=256);)g<0&&de===0&&this[p+re+1]!==0&&(de=1),this[p+re]=(g/ce>>0)-de&255;return p+j},u.prototype.writeInt8=function(g,p,j){return g=+g,p|=0,j||ve(this,g,p,1,127,-128),u.TYPED_ARRAY_SUPPORT||(g=Math.floor(g)),g<0&&(g=255+g+1),this[p]=255&g,p+1},u.prototype.writeInt16LE=function(g,p,j){return g=+g,p|=0,j||ve(this,g,p,2,32767,-32768),u.TYPED_ARRAY_SUPPORT?(this[p]=255&g,this[p+1]=g>>>8):We(this,g,p,!0),p+2},u.prototype.writeInt16BE=function(g,p,j){return g=+g,p|=0,j||ve(this,g,p,2,32767,-32768),u.TYPED_ARRAY_SUPPORT?(this[p]=g>>>8,this[p+1]=255&g):We(this,g,p,!1),p+2},u.prototype.writeInt32LE=function(g,p,j){return g=+g,p|=0,j||ve(this,g,p,4,2147483647,-2147483648),u.TYPED_ARRAY_SUPPORT?(this[p]=255&g,this[p+1]=g>>>8,this[p+2]=g>>>16,this[p+3]=g>>>24):Ye(this,g,p,!0),p+4},u.prototype.writeInt32BE=function(g,p,j){return g=+g,p|=0,j||ve(this,g,p,4,2147483647,-2147483648),g<0&&(g=4294967295+g+1),u.TYPED_ARRAY_SUPPORT?(this[p]=g>>>24,this[p+1]=g>>>16,this[p+2]=g>>>8,this[p+3]=255&g):Ye(this,g,p,!1),p+4},u.prototype.writeFloatLE=function(g,p,j){return nt(this,g,p,!0,j)},u.prototype.writeFloatBE=function(g,p,j){return nt(this,g,p,!1,j)},u.prototype.writeDoubleLE=function(g,p,j){return ct(this,g,p,!0,j)},u.prototype.writeDoubleBE=function(g,p,j){return ct(this,g,p,!1,j)},u.prototype.copy=function(g,p,j,$){if(j||(j=0),$||$===0||($=this.length),p>=g.length&&(p=g.length),p||(p=0),$>0&&$<j&&($=j),$===j||g.length===0||this.length===0)return 0;if(p<0)throw new RangeError("targetStart out of bounds");if(j<0||j>=this.length)throw new RangeError("sourceStart out of bounds");if($<0)throw new RangeError("sourceEnd out of bounds");$>this.length&&($=this.length),g.length-p<$-j&&($=g.length-p+j);var X,re=$-j;if(this===g&&j<p&&p<$)for(X=re-1;X>=0;--X)g[X+p]=this[X+j];else if(re<1e3||!u.TYPED_ARRAY_SUPPORT)for(X=0;X<re;++X)g[X+p]=this[X+j];else Uint8Array.prototype.set.call(g,this.subarray(j,j+re),p);return re},u.prototype.fill=function(g,p,j,$){if(typeof g=="string"){if(typeof p=="string"?($=p,p=0,j=this.length):typeof j=="string"&&($=j,j=this.length),g.length===1){var X=g.charCodeAt(0);X<256&&(g=X)}if($!==void 0&&typeof $!="string")throw new TypeError("encoding must be a string");if(typeof $=="string"&&!u.isEncoding($))throw new TypeError("Unknown encoding: "+$)}else typeof g=="number"&&(g&=255);if(p<0||this.length<p||this.length<j)throw new RangeError("Out of range index");if(j<=p)return this;var re;if(p>>>=0,j=j===void 0?this.length:j>>>0,g||(g=0),typeof g=="number")for(re=p;re<j;++re)this[re]=g;else{var ce=u.isBuffer(g)?g:it(new u(g,$).toString()),de=ce.length;for(re=0;re<j-p;++re)this[re+p]=ce[re%de]}return this};var Et=/[^+\/0-9A-Za-z-_]/g;function Xe(q){return q<16?"0"+q.toString(16):q.toString(16)}function it(q,g){var p;g=g||1/0;for(var j=q.length,$=null,X=[],re=0;re<j;++re){if((p=q.charCodeAt(re))>55295&&p<57344){if(!$){if(p>56319){(g-=3)>-1&&X.push(239,191,189);continue}if(re+1===j){(g-=3)>-1&&X.push(239,191,189);continue}$=p;continue}if(p<56320){(g-=3)>-1&&X.push(239,191,189),$=p;continue}p=65536+($-55296<<10|p-56320)}else $&&(g-=3)>-1&&X.push(239,191,189);if($=null,p<128){if((g-=1)<0)break;X.push(p)}else if(p<2048){if((g-=2)<0)break;X.push(p>>6|192,63&p|128)}else if(p<65536){if((g-=3)<0)break;X.push(p>>12|224,p>>6&63|128,63&p|128)}else{if(!(p<1114112))throw new Error("Invalid code point");if((g-=4)<0)break;X.push(p>>18|240,p>>12&63|128,p>>6&63|128,63&p|128)}}return X}function Ke(q){return d.toByteArray((function(p){if((p=(function($){return $.trim?$.trim():$.replace(/^\s+|\s+$/g,"")})(p).replace(Et,"")).length<2)return"";for(;p.length%4!=0;)p+="=";return p})(q))}function xe(q,g,p,j){for(var $=0;$<j&&!($+p>=g.length||$>=q.length);++$)g[$+p]=q[$];return $}}).call(this,y(29))},function(c,s){var y;y=(function(){return this})();try{y=y||new Function("return this")()}catch{typeof window=="object"&&(y=window)}c.exports=y},function(c,s,y){s.byteLength=function(A){var J=u(A),H=J[0],C=J[1];return 3*(H+C)/4-C},s.toByteArray=function(A){var J,H,C=u(A),U=C[0],W=C[1],x=new b((function(Q,ne,N){return 3*(ne+N)/4-N})(0,U,W)),B=0,T=W>0?U-4:U;for(H=0;H<T;H+=4)J=d[A.charCodeAt(H)]<<18|d[A.charCodeAt(H+1)]<<12|d[A.charCodeAt(H+2)]<<6|d[A.charCodeAt(H+3)],x[B++]=J>>16&255,x[B++]=J>>8&255,x[B++]=255&J;return W===2&&(J=d[A.charCodeAt(H)]<<2|d[A.charCodeAt(H+1)]>>4,x[B++]=255&J),W===1&&(J=d[A.charCodeAt(H)]<<10|d[A.charCodeAt(H+1)]<<4|d[A.charCodeAt(H+2)]>>2,x[B++]=J>>8&255,x[B++]=255&J),x},s.fromByteArray=function(A){for(var J,H=A.length,C=H%3,U=[],W=16383,x=0,B=H-C;x<B;x+=W)U.push(S(A,x,x+W>B?B:x+W));return C===1?(J=A[H-1],U.push(v[J>>2]+v[J<<4&63]+"==")):C===2&&(J=(A[H-2]<<8)+A[H-1],U.push(v[J>>10]+v[J>>4&63]+v[J<<2&63]+"=")),U.join("")};for(var v=[],d=[],b=typeof Uint8Array<"u"?Uint8Array:Array,w="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",h=0,l=w.length;h<l;++h)v[h]=w[h],d[w.charCodeAt(h)]=h;function u(R){var A=R.length;if(A%4>0)throw new Error("Invalid string. Length must be a multiple of 4");var J=R.indexOf("=");return J===-1&&(J=A),[J,J===A?0:4-J%4]}function S(R,A,J){for(var H,C,U=[],W=A;W<J;W+=3)H=(R[W]<<16&16711680)+(R[W+1]<<8&65280)+(255&R[W+2]),U.push(v[(C=H)>>18&63]+v[C>>12&63]+v[C>>6&63]+v[63&C]);return U.join("")}d[45]=62,d[95]=63},function(c,s){s.read=function(y,v,d,b,w){var h,l,u=8*w-b-1,S=(1<<u)-1,R=S>>1,A=-7,J=d?w-1:0,H=d?-1:1,C=y[v+J];for(J+=H,h=C&(1<<-A)-1,C>>=-A,A+=u;A>0;h=256*h+y[v+J],J+=H,A-=8);for(l=h&(1<<-A)-1,h>>=-A,A+=b;A>0;l=256*l+y[v+J],J+=H,A-=8);if(h===0)h=1-R;else{if(h===S)return l?NaN:1/0*(C?-1:1);l+=Math.pow(2,b),h-=R}return(C?-1:1)*l*Math.pow(2,h-b)},s.write=function(y,v,d,b,w,h){var l,u,S,R=8*h-w-1,A=(1<<R)-1,J=A>>1,H=w===23?Math.pow(2,-24)-Math.pow(2,-77):0,C=b?0:h-1,U=b?1:-1,W=v<0||v===0&&1/v<0?1:0;for(v=Math.abs(v),isNaN(v)||v===1/0?(u=isNaN(v)?1:0,l=A):(l=Math.floor(Math.log(v)/Math.LN2),v*(S=Math.pow(2,-l))<1&&(l--,S*=2),(v+=l+J>=1?H/S:H*Math.pow(2,1-J))*S>=2&&(l++,S/=2),l+J>=A?(u=0,l=A):l+J>=1?(u=(v*S-1)*Math.pow(2,w),l+=J):(u=v*Math.pow(2,J-1)*Math.pow(2,w),l=0));w>=8;y[d+C]=255&u,C+=U,u/=256,w-=8);for(l=l<<w|u,R+=w;R>0;y[d+C]=255&l,C+=U,l/=256,R-=8);y[d+C-U]|=128*W}},function(c,s){var y={}.toString;c.exports=Array.isArray||function(v){return y.call(v)=="[object Array]"}},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.default=function(b){var w=b.jws,h=b.KeyUtil,l=b.X509,u=b.crypto,S=b.hextob64u,R=b.b64tohex,A=b.AllowedSigningAlgs;return(function(){function J(){(function(C,U){if(!(C instanceof U))throw new TypeError("Cannot call a class as a function")})(this,J)}return J.parseJwt=function(C){v.Log.debug("JoseUtil.parseJwt");try{var U=w.JWS.parse(C);return{header:U.headerObj,payload:U.payloadObj}}catch(W){v.Log.error(W)}},J.validateJwt=function(C,U,W,x,B,T,I){v.Log.debug("JoseUtil.validateJwt");try{if(U.kty==="RSA")if(U.e&&U.n)U=h.getKey(U);else{if(!U.x5c||!U.x5c.length)return v.Log.error("JoseUtil.validateJwt: RSA key missing key material",U),Promise.reject(new Error("RSA key missing key material"));var Q=R(U.x5c[0]);U=l.getPublicKeyFromCertHex(Q)}else{if(U.kty!=="EC")return v.Log.error("JoseUtil.validateJwt: Unsupported key type",U&&U.kty),Promise.reject(new Error(U.kty));if(!(U.crv&&U.x&&U.y))return v.Log.error("JoseUtil.validateJwt: EC key missing key material",U),Promise.reject(new Error("EC key missing key material"));U=h.getKey(U)}return J._validateJwt(C,U,W,x,B,T,I)}catch(ne){return v.Log.error(ne&&ne.message||ne),Promise.reject("JWT validation failed")}},J.validateJwtAttributes=function(C,U,W,x,B,T){x||(x=0),B||(B=parseInt(Date.now()/1e3));var I=J.parseJwt(C).payload;if(!I.iss)return v.Log.error("JoseUtil._validateJwt: issuer was not provided"),Promise.reject(new Error("issuer was not provided"));if(I.iss!==U)return v.Log.error("JoseUtil._validateJwt: Invalid issuer in token",I.iss),Promise.reject(new Error("Invalid issuer in token: "+I.iss));if(!I.aud)return v.Log.error("JoseUtil._validateJwt: aud was not provided"),Promise.reject(new Error("aud was not provided"));if(!(I.aud===W||Array.isArray(I.aud)&&I.aud.indexOf(W)>=0))return v.Log.error("JoseUtil._validateJwt: Invalid audience in token",I.aud),Promise.reject(new Error("Invalid audience in token: "+I.aud));if(I.azp&&I.azp!==W)return v.Log.error("JoseUtil._validateJwt: Invalid azp in token",I.azp),Promise.reject(new Error("Invalid azp in token: "+I.azp));if(!T){var Q=B+x,ne=B-x;if(!I.iat)return v.Log.error("JoseUtil._validateJwt: iat was not provided"),Promise.reject(new Error("iat was not provided"));if(Q<I.iat)return v.Log.error("JoseUtil._validateJwt: iat is in the future",I.iat),Promise.reject(new Error("iat is in the future: "+I.iat));if(I.nbf&&Q<I.nbf)return v.Log.error("JoseUtil._validateJwt: nbf is in the future",I.nbf),Promise.reject(new Error("nbf is in the future: "+I.nbf));if(!I.exp)return v.Log.error("JoseUtil._validateJwt: exp was not provided"),Promise.reject(new Error("exp was not provided"));if(I.exp<ne)return v.Log.error("JoseUtil._validateJwt: exp is in the past",I.exp),Promise.reject(new Error("exp is in the past:"+I.exp))}return Promise.resolve(I)},J._validateJwt=function(C,U,W,x,B,T,I){return J.validateJwtAttributes(C,W,x,B,T,I).then((function(Q){try{return w.JWS.verify(C,U,A)?Q:(v.Log.error("JoseUtil._validateJwt: signature validation failed"),Promise.reject(new Error("signature validation failed")))}catch(ne){return v.Log.error(ne&&ne.message||ne),Promise.reject(new Error("signature validation failed"))}}))},J.hashString=function(C,U){try{return u.Util.hashString(C,U)}catch(W){v.Log.error(W)}},J.hexToBase64Url=function(C){try{return S(C)}catch(U){v.Log.error(U)}},J})()};var v=y(0);c.exports=s.default},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.SigninResponse=void 0;var v=(function(){function w(h,l){for(var u=0;u<l.length;u++){var S=l[u];S.enumerable=S.enumerable||!1,S.configurable=!0,"value"in S&&(S.writable=!0),Object.defineProperty(h,S.key,S)}}return function(h,l,u){return l&&w(h.prototype,l),u&&w(h,u),h}})(),d=y(3);function b(w,h){if(!(w instanceof h))throw new TypeError("Cannot call a class as a function")}s.SigninResponse=(function(){function w(h){var l=arguments.length>1&&arguments[1]!==void 0?arguments[1]:"#";b(this,w);var u=d.UrlUtility.parseUrlFragment(h,l);this.error=u.error,this.error_description=u.error_description,this.error_uri=u.error_uri,this.code=u.code,this.state=u.state,this.id_token=u.id_token,this.session_state=u.session_state,this.access_token=u.access_token,this.token_type=u.token_type,this.scope=u.scope,this.profile=void 0,this.expires_in=u.expires_in}return v(w,[{key:"expires_in",get:function(){if(this.expires_at){var l=parseInt(Date.now()/1e3);return this.expires_at-l}},set:function(l){var u=parseInt(l);if(typeof u=="number"&&u>0){var S=parseInt(Date.now()/1e3);this.expires_at=S+u}}},{key:"expired",get:function(){var l=this.expires_in;if(l!==void 0)return l<=0}},{key:"scopes",get:function(){return(this.scope||"").split(" ")}},{key:"isOpenIdConnect",get:function(){return this.scopes.indexOf("openid")>=0||!!this.id_token}}]),w})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.SignoutRequest=void 0;var v=y(0),d=y(3),b=y(9);s.SignoutRequest=function w(h){var l=h.url,u=h.id_token_hint,S=h.post_logout_redirect_uri,R=h.data,A=h.extraQueryParams,J=h.request_type;if((function(U,W){if(!(U instanceof W))throw new TypeError("Cannot call a class as a function")})(this,w),!l)throw v.Log.error("SignoutRequest.ctor: No url passed"),new Error("url");for(var H in u&&(l=d.UrlUtility.addQueryParam(l,"id_token_hint",u)),S&&(l=d.UrlUtility.addQueryParam(l,"post_logout_redirect_uri",S),R&&(this.state=new b.State({data:R,request_type:J}),l=d.UrlUtility.addQueryParam(l,"state",this.state.id))),A)l=d.UrlUtility.addQueryParam(l,H,A[H]);this.url=l}},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.SignoutResponse=void 0;var v=y(3);s.SignoutResponse=function d(b){(function(l,u){if(!(l instanceof u))throw new TypeError("Cannot call a class as a function")})(this,d);var w=v.UrlUtility.parseUrlFragment(b,"?");this.error=w.error,this.error_description=w.error_description,this.error_uri=w.error_uri,this.state=w.state}},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.InMemoryWebStorage=void 0;var v=(function(){function b(w,h){for(var l=0;l<h.length;l++){var u=h[l];u.enumerable=u.enumerable||!1,u.configurable=!0,"value"in u&&(u.writable=!0),Object.defineProperty(w,u.key,u)}}return function(w,h,l){return h&&b(w.prototype,h),l&&b(w,l),w}})(),d=y(0);s.InMemoryWebStorage=(function(){function b(){(function(h,l){if(!(h instanceof l))throw new TypeError("Cannot call a class as a function")})(this,b),this._data={}}return b.prototype.getItem=function(h){return d.Log.debug("InMemoryWebStorage.getItem",h),this._data[h]},b.prototype.setItem=function(h,l){d.Log.debug("InMemoryWebStorage.setItem",h),this._data[h]=l},b.prototype.removeItem=function(h){d.Log.debug("InMemoryWebStorage.removeItem",h),delete this._data[h]},b.prototype.key=function(h){return Object.getOwnPropertyNames(this._data)[h]},v(b,[{key:"length",get:function(){return Object.getOwnPropertyNames(this._data).length}}]),b})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.UserManager=void 0;var v=(function(){function W(x,B){for(var T=0;T<B.length;T++){var I=B[T];I.enumerable=I.enumerable||!1,I.configurable=!0,"value"in I&&(I.writable=!0),Object.defineProperty(x,I.key,I)}}return function(x,B,T){return B&&W(x.prototype,B),T&&W(x,T),x}})(),d=y(0),b=y(10),w=y(39),h=y(15),l=y(45),u=y(47),S=y(18),R=y(8),A=y(20),J=y(11),H=y(4);function C(W,x){if(!(W instanceof x))throw new TypeError("Cannot call a class as a function")}function U(W,x){if(!W)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!x||typeof x!="object"&&typeof x!="function"?W:x}s.UserManager=(function(W){function x(){var B=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},T=arguments.length>1&&arguments[1]!==void 0?arguments[1]:u.SilentRenewService,I=arguments.length>2&&arguments[2]!==void 0?arguments[2]:S.SessionMonitor,Q=arguments.length>3&&arguments[3]!==void 0?arguments[3]:A.TokenRevocationClient,ne=arguments.length>4&&arguments[4]!==void 0?arguments[4]:J.TokenClient,N=arguments.length>5&&arguments[5]!==void 0?arguments[5]:H.JoseUtil;C(this,x),B instanceof w.UserManagerSettings||(B=new w.UserManagerSettings(B));var ie=U(this,W.call(this,B));return ie._events=new l.UserManagerEvents(B),ie._silentRenewService=new T(ie),ie.settings.automaticSilentRenew&&(d.Log.debug("UserManager.ctor: automaticSilentRenew is configured, setting up silent renew"),ie.startSilentRenew()),ie.settings.monitorSession&&(d.Log.debug("UserManager.ctor: monitorSession is configured, setting up session monitor"),ie._sessionMonitor=new I(ie)),ie._tokenRevocationClient=new Q(ie._settings),ie._tokenClient=new ne(ie._settings),ie._joseUtil=N,ie}return(function(T,I){if(typeof I!="function"&&I!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof I);T.prototype=Object.create(I&&I.prototype,{constructor:{value:T,enumerable:!1,writable:!0,configurable:!0}}),I&&(Object.setPrototypeOf?Object.setPrototypeOf(T,I):T.__proto__=I)})(x,W),x.prototype.getUser=function(){var T=this;return this._loadUser().then((function(I){return I?(d.Log.info("UserManager.getUser: user loaded"),T._events.load(I,!1),I):(d.Log.info("UserManager.getUser: user not found in storage"),null)}))},x.prototype.removeUser=function(){var T=this;return this.storeUser(null).then((function(){d.Log.info("UserManager.removeUser: user removed from storage"),T._events.unload()}))},x.prototype.signinRedirect=function(){var T=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(T=Object.assign({},T)).request_type="si:r";var I={useReplaceToNavigate:T.useReplaceToNavigate};return this._signinStart(T,this._redirectNavigator,I).then((function(){d.Log.info("UserManager.signinRedirect: successful")}))},x.prototype.signinRedirectCallback=function(T){return this._signinEnd(T||this._redirectNavigator.url).then((function(I){return I.profile&&I.profile.sub?d.Log.info("UserManager.signinRedirectCallback: successful, signed in sub: ",I.profile.sub):d.Log.info("UserManager.signinRedirectCallback: no sub"),I}))},x.prototype.signinPopup=function(){var T=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(T=Object.assign({},T)).request_type="si:p";var I=T.redirect_uri||this.settings.popup_redirect_uri||this.settings.redirect_uri;return I?(T.redirect_uri=I,T.display="popup",this._signin(T,this._popupNavigator,{startUrl:I,popupWindowFeatures:T.popupWindowFeatures||this.settings.popupWindowFeatures,popupWindowTarget:T.popupWindowTarget||this.settings.popupWindowTarget}).then((function(Q){return Q&&(Q.profile&&Q.profile.sub?d.Log.info("UserManager.signinPopup: signinPopup successful, signed in sub: ",Q.profile.sub):d.Log.info("UserManager.signinPopup: no sub")),Q}))):(d.Log.error("UserManager.signinPopup: No popup_redirect_uri or redirect_uri configured"),Promise.reject(new Error("No popup_redirect_uri or redirect_uri configured")))},x.prototype.signinPopupCallback=function(T){return this._signinCallback(T,this._popupNavigator).then((function(I){return I&&(I.profile&&I.profile.sub?d.Log.info("UserManager.signinPopupCallback: successful, signed in sub: ",I.profile.sub):d.Log.info("UserManager.signinPopupCallback: no sub")),I})).catch((function(I){d.Log.error(I.message)}))},x.prototype.signinSilent=function(){var T=this,I=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};return I=Object.assign({},I),this._loadUser().then((function(Q){return Q&&Q.refresh_token?(I.refresh_token=Q.refresh_token,T._useRefreshToken(I)):(I.request_type="si:s",I.id_token_hint=I.id_token_hint||T.settings.includeIdTokenInSilentRenew&&Q&&Q.id_token,Q&&T._settings.validateSubOnSilentRenew&&(d.Log.debug("UserManager.signinSilent, subject prior to silent renew: ",Q.profile.sub),I.current_sub=Q.profile.sub),T._signinSilentIframe(I))}))},x.prototype._useRefreshToken=function(){var T=this,I=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};return this._tokenClient.exchangeRefreshToken(I).then((function(Q){return Q?Q.access_token?T._loadUser().then((function(ne){if(ne){var N=Promise.resolve();return Q.id_token&&(N=T._validateIdTokenFromTokenRefreshToken(ne.profile,Q.id_token)),N.then((function(){return d.Log.debug("UserManager._useRefreshToken: refresh token response success"),ne.id_token=Q.id_token||ne.id_token,ne.access_token=Q.access_token,ne.refresh_token=Q.refresh_token||ne.refresh_token,ne.expires_in=Q.expires_in,T.storeUser(ne).then((function(){return T._events.load(ne),ne}))}))}return null})):(d.Log.error("UserManager._useRefreshToken: No access token returned from token endpoint"),Promise.reject("No access token returned from token endpoint")):(d.Log.error("UserManager._useRefreshToken: No response returned from token endpoint"),Promise.reject("No response returned from token endpoint"))}))},x.prototype._validateIdTokenFromTokenRefreshToken=function(T,I){var Q=this;return this._metadataService.getIssuer().then((function(ne){return Q.settings.getEpochTime().then((function(N){return Q._joseUtil.validateJwtAttributes(I,ne,Q._settings.client_id,Q._settings.clockSkew,N).then((function(ie){return ie?ie.sub!==T.sub?(d.Log.error("UserManager._validateIdTokenFromTokenRefreshToken: sub in id_token does not match current sub"),Promise.reject(new Error("sub in id_token does not match current sub"))):ie.auth_time&&ie.auth_time!==T.auth_time?(d.Log.error("UserManager._validateIdTokenFromTokenRefreshToken: auth_time in id_token does not match original auth_time"),Promise.reject(new Error("auth_time in id_token does not match original auth_time"))):ie.azp&&ie.azp!==T.azp?(d.Log.error("UserManager._validateIdTokenFromTokenRefreshToken: azp in id_token does not match original azp"),Promise.reject(new Error("azp in id_token does not match original azp"))):!ie.azp&&T.azp?(d.Log.error("UserManager._validateIdTokenFromTokenRefreshToken: azp not in id_token, but present in original id_token"),Promise.reject(new Error("azp not in id_token, but present in original id_token"))):void 0:(d.Log.error("UserManager._validateIdTokenFromTokenRefreshToken: Failed to validate id_token"),Promise.reject(new Error("Failed to validate id_token")))}))}))}))},x.prototype._signinSilentIframe=function(){var T=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},I=T.redirect_uri||this.settings.silent_redirect_uri||this.settings.redirect_uri;return I?(T.redirect_uri=I,T.prompt=T.prompt||"none",this._signin(T,this._iframeNavigator,{startUrl:I,silentRequestTimeout:T.silentRequestTimeout||this.settings.silentRequestTimeout}).then((function(Q){return Q&&(Q.profile&&Q.profile.sub?d.Log.info("UserManager.signinSilent: successful, signed in sub: ",Q.profile.sub):d.Log.info("UserManager.signinSilent: no sub")),Q}))):(d.Log.error("UserManager.signinSilent: No silent_redirect_uri configured"),Promise.reject(new Error("No silent_redirect_uri configured")))},x.prototype.signinSilentCallback=function(T){return this._signinCallback(T,this._iframeNavigator).then((function(I){return I&&(I.profile&&I.profile.sub?d.Log.info("UserManager.signinSilentCallback: successful, signed in sub: ",I.profile.sub):d.Log.info("UserManager.signinSilentCallback: no sub")),I}))},x.prototype.signinCallback=function(T){var I=this;return this.readSigninResponseState(T).then((function(Q){var ne=Q.state;return Q.response,ne.request_type==="si:r"?I.signinRedirectCallback(T):ne.request_type==="si:p"?I.signinPopupCallback(T):ne.request_type==="si:s"?I.signinSilentCallback(T):Promise.reject(new Error("invalid response_type in state"))}))},x.prototype.signoutCallback=function(T,I){var Q=this;return this.readSignoutResponseState(T).then((function(ne){var N=ne.state,ie=ne.response;return N?N.request_type==="so:r"?Q.signoutRedirectCallback(T):N.request_type==="so:p"?Q.signoutPopupCallback(T,I):Promise.reject(new Error("invalid response_type in state")):ie}))},x.prototype.querySessionStatus=function(){var T=this,I=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(I=Object.assign({},I)).request_type="si:s";var Q=I.redirect_uri||this.settings.silent_redirect_uri||this.settings.redirect_uri;return Q?(I.redirect_uri=Q,I.prompt="none",I.response_type=I.response_type||this.settings.query_status_response_type,I.scope=I.scope||"openid",I.skipUserInfo=!0,this._signinStart(I,this._iframeNavigator,{startUrl:Q,silentRequestTimeout:I.silentRequestTimeout||this.settings.silentRequestTimeout}).then((function(ne){return T.processSigninResponse(ne.url).then((function(N){if(d.Log.debug("UserManager.querySessionStatus: got signin response"),N.session_state&&N.profile.sub)return d.Log.info("UserManager.querySessionStatus: querySessionStatus success for sub: ",N.profile.sub),{session_state:N.session_state,sub:N.profile.sub,sid:N.profile.sid};d.Log.info("querySessionStatus successful, user not authenticated")})).catch((function(N){if(N.session_state&&T.settings.monitorAnonymousSession&&(N.message=="login_required"||N.message=="consent_required"||N.message=="interaction_required"||N.message=="account_selection_required"))return d.Log.info("UserManager.querySessionStatus: querySessionStatus success for anonymous user"),{session_state:N.session_state};throw N}))}))):(d.Log.error("UserManager.querySessionStatus: No silent_redirect_uri configured"),Promise.reject(new Error("No silent_redirect_uri configured")))},x.prototype._signin=function(T,I){var Q=this,ne=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return this._signinStart(T,I,ne).then((function(N){return Q._signinEnd(N.url,T)}))},x.prototype._signinStart=function(T,I){var Q=this,ne=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return I.prepare(ne).then((function(N){return d.Log.debug("UserManager._signinStart: got navigator window handle"),Q.createSigninRequest(T).then((function(ie){return d.Log.debug("UserManager._signinStart: got signin request"),ne.url=ie.url,ne.id=ie.state.id,N.navigate(ne)})).catch((function(ie){throw N.close&&(d.Log.debug("UserManager._signinStart: Error after preparing navigator, closing navigator window"),N.close()),ie}))}))},x.prototype._signinEnd=function(T){var I=this,Q=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};return this.processSigninResponse(T).then((function(ne){d.Log.debug("UserManager._signinEnd: got signin response");var N=new h.User(ne);if(Q.current_sub){if(Q.current_sub!==N.profile.sub)return d.Log.debug("UserManager._signinEnd: current user does not match user returned from signin. sub from signin: ",N.profile.sub),Promise.reject(new Error("login_required"));d.Log.debug("UserManager._signinEnd: current user matches user returned from signin")}return I.storeUser(N).then((function(){return d.Log.debug("UserManager._signinEnd: user stored"),I._events.load(N),N}))}))},x.prototype._signinCallback=function(T,I){d.Log.debug("UserManager._signinCallback");var Q=this._settings.response_mode==="query"||!this._settings.response_mode&&R.SigninRequest.isCode(this._settings.response_type)?"?":"#";return I.callback(T,void 0,Q)},x.prototype.signoutRedirect=function(){var T=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(T=Object.assign({},T)).request_type="so:r";var I=T.post_logout_redirect_uri||this.settings.post_logout_redirect_uri;I&&(T.post_logout_redirect_uri=I);var Q={useReplaceToNavigate:T.useReplaceToNavigate};return this._signoutStart(T,this._redirectNavigator,Q).then((function(){d.Log.info("UserManager.signoutRedirect: successful")}))},x.prototype.signoutRedirectCallback=function(T){return this._signoutEnd(T||this._redirectNavigator.url).then((function(I){return d.Log.info("UserManager.signoutRedirectCallback: successful"),I}))},x.prototype.signoutPopup=function(){var T=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(T=Object.assign({},T)).request_type="so:p";var I=T.post_logout_redirect_uri||this.settings.popup_post_logout_redirect_uri||this.settings.post_logout_redirect_uri;return T.post_logout_redirect_uri=I,T.display="popup",T.post_logout_redirect_uri&&(T.state=T.state||{}),this._signout(T,this._popupNavigator,{startUrl:I,popupWindowFeatures:T.popupWindowFeatures||this.settings.popupWindowFeatures,popupWindowTarget:T.popupWindowTarget||this.settings.popupWindowTarget}).then((function(){d.Log.info("UserManager.signoutPopup: successful")}))},x.prototype.signoutPopupCallback=function(T,I){return I===void 0&&typeof T=="boolean"&&(I=T,T=null),this._popupNavigator.callback(T,I,"?").then((function(){d.Log.info("UserManager.signoutPopupCallback: successful")}))},x.prototype._signout=function(T,I){var Q=this,ne=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return this._signoutStart(T,I,ne).then((function(N){return Q._signoutEnd(N.url)}))},x.prototype._signoutStart=function(){var T=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},I=this,Q=arguments[1],ne=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return Q.prepare(ne).then((function(N){return d.Log.debug("UserManager._signoutStart: got navigator window handle"),I._loadUser().then((function(ie){return d.Log.debug("UserManager._signoutStart: loaded current user from storage"),(I._settings.revokeAccessTokenOnSignout?I._revokeInternal(ie):Promise.resolve()).then((function(){var ye=T.id_token_hint||ie&&ie.id_token;return ye&&(d.Log.debug("UserManager._signoutStart: Setting id_token into signout request"),T.id_token_hint=ye),I.removeUser().then((function(){return d.Log.debug("UserManager._signoutStart: user removed, creating signout request"),I.createSignoutRequest(T).then((function(me){return d.Log.debug("UserManager._signoutStart: got signout request"),ne.url=me.url,me.state&&(ne.id=me.state.id),N.navigate(ne)}))}))}))})).catch((function(ie){throw N.close&&(d.Log.debug("UserManager._signoutStart: Error after preparing navigator, closing navigator window"),N.close()),ie}))}))},x.prototype._signoutEnd=function(T){return this.processSignoutResponse(T).then((function(I){return d.Log.debug("UserManager._signoutEnd: got signout response"),I}))},x.prototype.revokeAccessToken=function(){var T=this;return this._loadUser().then((function(I){return T._revokeInternal(I,!0).then((function(Q){if(Q)return d.Log.debug("UserManager.revokeAccessToken: removing token properties from user and re-storing"),I.access_token=null,I.refresh_token=null,I.expires_at=null,I.token_type=null,T.storeUser(I).then((function(){d.Log.debug("UserManager.revokeAccessToken: user stored"),T._events.load(I)}))}))})).then((function(){d.Log.info("UserManager.revokeAccessToken: access token revoked successfully")}))},x.prototype._revokeInternal=function(T,I){var Q=this;if(T){var ne=T.access_token,N=T.refresh_token;return this._revokeAccessTokenInternal(ne,I).then((function(ie){return Q._revokeRefreshTokenInternal(N,I).then((function(ye){return ie||ye||d.Log.debug("UserManager.revokeAccessToken: no need to revoke due to no token(s), or JWT format"),ie||ye}))}))}return Promise.resolve(!1)},x.prototype._revokeAccessTokenInternal=function(T,I){return!T||T.indexOf(".")>=0?Promise.resolve(!1):this._tokenRevocationClient.revoke(T,I).then((function(){return!0}))},x.prototype._revokeRefreshTokenInternal=function(T,I){return T?this._tokenRevocationClient.revoke(T,I,"refresh_token").then((function(){return!0})):Promise.resolve(!1)},x.prototype.startSilentRenew=function(){this._silentRenewService.start()},x.prototype.stopSilentRenew=function(){this._silentRenewService.stop()},x.prototype._loadUser=function(){return this._userStore.get(this._userStoreKey).then((function(T){return T?(d.Log.debug("UserManager._loadUser: user storageString loaded"),h.User.fromStorageString(T)):(d.Log.debug("UserManager._loadUser: no user storageString"),null)}))},x.prototype.storeUser=function(T){if(T){d.Log.debug("UserManager.storeUser: storing user");var I=T.toStorageString();return this._userStore.set(this._userStoreKey,I)}return d.Log.debug("storeUser.storeUser: removing user"),this._userStore.remove(this._userStoreKey)},v(x,[{key:"_redirectNavigator",get:function(){return this.settings.redirectNavigator}},{key:"_popupNavigator",get:function(){return this.settings.popupNavigator}},{key:"_iframeNavigator",get:function(){return this.settings.iframeNavigator}},{key:"_userStore",get:function(){return this.settings.userStore}},{key:"events",get:function(){return this._events}},{key:"_userStoreKey",get:function(){return"user:"+this.settings.authority+":"+this.settings.client_id}}]),x})(b.OidcClient)},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.UserManagerSettings=void 0;var v=(function(){function J(H,C){for(var U=0;U<C.length;U++){var W=C[U];W.enumerable=W.enumerable||!1,W.configurable=!0,"value"in W&&(W.writable=!0),Object.defineProperty(H,W.key,W)}}return function(H,C,U){return C&&J(H.prototype,C),U&&J(H,U),H}})(),d=(y(0),y(5)),b=y(40),w=y(41),h=y(43),l=y(6),u=y(1),S=y(8);function R(J,H){if(!(J instanceof H))throw new TypeError("Cannot call a class as a function")}function A(J,H){if(!J)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!H||typeof H!="object"&&typeof H!="function"?J:H}s.UserManagerSettings=(function(J){function H(){var C=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},U=C.popup_redirect_uri,W=C.popup_post_logout_redirect_uri,x=C.popupWindowFeatures,B=C.popupWindowTarget,T=C.silent_redirect_uri,I=C.silentRequestTimeout,Q=C.automaticSilentRenew,ne=Q!==void 0&&Q,N=C.validateSubOnSilentRenew,ie=N!==void 0&&N,ye=C.includeIdTokenInSilentRenew,me=ye===void 0||ye,je=C.monitorSession,Re=je===void 0||je,ze=C.monitorAnonymousSession,Le=ze!==void 0&&ze,Ge=C.checkSessionInterval,fe=Ge===void 0?2e3:Ge,ve=C.stopCheckSessionOnError,We=ve===void 0||ve,Ye=C.query_status_response_type,rt=C.revokeAccessTokenOnSignout,nt=rt!==void 0&&rt,ct=C.accessTokenExpiringNotificationTime,Et=ct===void 0?60:ct,Xe=C.redirectNavigator,it=Xe===void 0?new b.RedirectNavigator:Xe,Ke=C.popupNavigator,xe=Ke===void 0?new w.PopupNavigator:Ke,q=C.iframeNavigator,g=q===void 0?new h.IFrameNavigator:q,p=C.userStore,j=p===void 0?new l.WebStorageStateStore({store:u.Global.sessionStorage}):p;R(this,H);var $=A(this,J.call(this,arguments[0]));return $._popup_redirect_uri=U,$._popup_post_logout_redirect_uri=W,$._popupWindowFeatures=x,$._popupWindowTarget=B,$._silent_redirect_uri=T,$._silentRequestTimeout=I,$._automaticSilentRenew=ne,$._validateSubOnSilentRenew=ie,$._includeIdTokenInSilentRenew=me,$._accessTokenExpiringNotificationTime=Et,$._monitorSession=Re,$._monitorAnonymousSession=Le,$._checkSessionInterval=fe,$._stopCheckSessionOnError=We,Ye?$._query_status_response_type=Ye:arguments[0]&&arguments[0].response_type?$._query_status_response_type=S.SigninRequest.isOidc(arguments[0].response_type)?"id_token":"code":$._query_status_response_type="id_token",$._revokeAccessTokenOnSignout=nt,$._redirectNavigator=it,$._popupNavigator=xe,$._iframeNavigator=g,$._userStore=j,$}return(function(U,W){if(typeof W!="function"&&W!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof W);U.prototype=Object.create(W&&W.prototype,{constructor:{value:U,enumerable:!1,writable:!0,configurable:!0}}),W&&(Object.setPrototypeOf?Object.setPrototypeOf(U,W):U.__proto__=W)})(H,J),v(H,[{key:"popup_redirect_uri",get:function(){return this._popup_redirect_uri}},{key:"popup_post_logout_redirect_uri",get:function(){return this._popup_post_logout_redirect_uri}},{key:"popupWindowFeatures",get:function(){return this._popupWindowFeatures}},{key:"popupWindowTarget",get:function(){return this._popupWindowTarget}},{key:"silent_redirect_uri",get:function(){return this._silent_redirect_uri}},{key:"silentRequestTimeout",get:function(){return this._silentRequestTimeout}},{key:"automaticSilentRenew",get:function(){return this._automaticSilentRenew}},{key:"validateSubOnSilentRenew",get:function(){return this._validateSubOnSilentRenew}},{key:"includeIdTokenInSilentRenew",get:function(){return this._includeIdTokenInSilentRenew}},{key:"accessTokenExpiringNotificationTime",get:function(){return this._accessTokenExpiringNotificationTime}},{key:"monitorSession",get:function(){return this._monitorSession}},{key:"monitorAnonymousSession",get:function(){return this._monitorAnonymousSession}},{key:"checkSessionInterval",get:function(){return this._checkSessionInterval}},{key:"stopCheckSessionOnError",get:function(){return this._stopCheckSessionOnError}},{key:"query_status_response_type",get:function(){return this._query_status_response_type}},{key:"revokeAccessTokenOnSignout",get:function(){return this._revokeAccessTokenOnSignout}},{key:"redirectNavigator",get:function(){return this._redirectNavigator}},{key:"popupNavigator",get:function(){return this._popupNavigator}},{key:"iframeNavigator",get:function(){return this._iframeNavigator}},{key:"userStore",get:function(){return this._userStore}}]),H})(d.OidcClientSettings)},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.RedirectNavigator=void 0;var v=(function(){function b(w,h){for(var l=0;l<h.length;l++){var u=h[l];u.enumerable=u.enumerable||!1,u.configurable=!0,"value"in u&&(u.writable=!0),Object.defineProperty(w,u.key,u)}}return function(w,h,l){return h&&b(w.prototype,h),l&&b(w,l),w}})(),d=y(0);s.RedirectNavigator=(function(){function b(){(function(h,l){if(!(h instanceof l))throw new TypeError("Cannot call a class as a function")})(this,b)}return b.prototype.prepare=function(){return Promise.resolve(this)},b.prototype.navigate=function(h){return h&&h.url?(h.useReplaceToNavigate?window.location.replace(h.url):window.location=h.url,Promise.resolve()):(d.Log.error("RedirectNavigator.navigate: No url provided"),Promise.reject(new Error("No url provided")))},v(b,[{key:"url",get:function(){return window.location.href}}]),b})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.PopupNavigator=void 0;var v=y(0),d=y(42);s.PopupNavigator=(function(){function b(){(function(h,l){if(!(h instanceof l))throw new TypeError("Cannot call a class as a function")})(this,b)}return b.prototype.prepare=function(h){var l=new d.PopupWindow(h);return Promise.resolve(l)},b.prototype.callback=function(h,l,u){v.Log.debug("PopupNavigator.callback");try{return d.PopupWindow.notifyOpener(h,l,u),Promise.resolve()}catch(S){return Promise.reject(S)}},b})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.PopupWindow=void 0;var v=(function(){function w(h,l){for(var u=0;u<l.length;u++){var S=l[u];S.enumerable=S.enumerable||!1,S.configurable=!0,"value"in S&&(S.writable=!0),Object.defineProperty(h,S.key,S)}}return function(h,l,u){return l&&w(h.prototype,l),u&&w(h,u),h}})(),d=y(0),b=y(3);s.PopupWindow=(function(){function w(h){var l=this;(function(A,J){if(!(A instanceof J))throw new TypeError("Cannot call a class as a function")})(this,w),this._promise=new Promise((function(R,A){l._resolve=R,l._reject=A}));var u=h.popupWindowTarget||"_blank",S=h.popupWindowFeatures||"location=no,toolbar=no,width=500,height=500,left=100,top=100;";this._popup=window.open("",u,S),this._popup&&(d.Log.debug("PopupWindow.ctor: popup successfully created"),this._checkForPopupClosedTimer=window.setInterval(this._checkForPopupClosed.bind(this),500))}return w.prototype.navigate=function(l){return this._popup?l&&l.url?(d.Log.debug("PopupWindow.navigate: Setting URL in popup"),this._id=l.id,this._id&&(window["popupCallback_"+l.id]=this._callback.bind(this)),this._popup.focus(),this._popup.window.location=l.url):(this._error("PopupWindow.navigate: no url provided"),this._error("No url provided")):this._error("PopupWindow.navigate: Error opening popup window"),this.promise},w.prototype._success=function(l){d.Log.debug("PopupWindow.callback: Successful response from popup window"),this._cleanup(),this._resolve(l)},w.prototype._error=function(l){d.Log.error("PopupWindow.error: ",l),this._cleanup(),this._reject(new Error(l))},w.prototype.close=function(){this._cleanup(!1)},w.prototype._cleanup=function(l){d.Log.debug("PopupWindow.cleanup"),window.clearInterval(this._checkForPopupClosedTimer),this._checkForPopupClosedTimer=null,delete window["popupCallback_"+this._id],this._popup&&!l&&this._popup.close(),this._popup=null},w.prototype._checkForPopupClosed=function(){this._popup&&!this._popup.closed||this._error("Popup window closed")},w.prototype._callback=function(l,u){this._cleanup(u),l?(d.Log.debug("PopupWindow.callback success"),this._success({url:l})):(d.Log.debug("PopupWindow.callback: Invalid response from popup"),this._error("Invalid response from popup"))},w.notifyOpener=function(l,u,S){if(window.opener){if(l=l||window.location.href){var R=b.UrlUtility.parseUrlFragment(l,S);if(R.state){var A="popupCallback_"+R.state,J=window.opener[A];J?(d.Log.debug("PopupWindow.notifyOpener: passing url message to opener"),J(l,u)):d.Log.warn("PopupWindow.notifyOpener: no matching callback found on opener")}else d.Log.warn("PopupWindow.notifyOpener: no state found in response url")}}else d.Log.warn("PopupWindow.notifyOpener: no window.opener. Can't complete notification.")},v(w,[{key:"promise",get:function(){return this._promise}}]),w})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.IFrameNavigator=void 0;var v=y(0),d=y(44);s.IFrameNavigator=(function(){function b(){(function(h,l){if(!(h instanceof l))throw new TypeError("Cannot call a class as a function")})(this,b)}return b.prototype.prepare=function(h){var l=new d.IFrameWindow(h);return Promise.resolve(l)},b.prototype.callback=function(h){v.Log.debug("IFrameNavigator.callback");try{return d.IFrameWindow.notifyParent(h),Promise.resolve()}catch(l){return Promise.reject(l)}},b})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.IFrameWindow=void 0;var v=(function(){function b(w,h){for(var l=0;l<h.length;l++){var u=h[l];u.enumerable=u.enumerable||!1,u.configurable=!0,"value"in u&&(u.writable=!0),Object.defineProperty(w,u.key,u)}}return function(w,h,l){return h&&b(w.prototype,h),l&&b(w,l),w}})(),d=y(0);s.IFrameWindow=(function(){function b(w){var h=this;(function(u,S){if(!(u instanceof S))throw new TypeError("Cannot call a class as a function")})(this,b),this._promise=new Promise((function(l,u){h._resolve=l,h._reject=u})),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.width=0,this._frame.height=0,window.document.body.appendChild(this._frame)}return b.prototype.navigate=function(h){if(h&&h.url){var l=h.silentRequestTimeout||1e4;d.Log.debug("IFrameWindow.navigate: Using timeout of:",l),this._timer=window.setTimeout(this._timeout.bind(this),l),this._frame.src=h.url}else this._error("No url provided");return this.promise},b.prototype._success=function(h){this._cleanup(),d.Log.debug("IFrameWindow: Successful response from frame window"),this._resolve(h)},b.prototype._error=function(h){this._cleanup(),d.Log.error(h),this._reject(new Error(h))},b.prototype.close=function(){this._cleanup()},b.prototype._cleanup=function(){this._frame&&(d.Log.debug("IFrameWindow: cleanup"),window.removeEventListener("message",this._boundMessageEvent,!1),window.clearTimeout(this._timer),window.document.body.removeChild(this._frame),this._timer=null,this._frame=null,this._boundMessageEvent=null)},b.prototype._timeout=function(){d.Log.debug("IFrameWindow.timeout"),this._error("Frame window timed out")},b.prototype._message=function(h){if(d.Log.debug("IFrameWindow.message"),this._timer&&h.origin===this._origin&&h.source===this._frame.contentWindow&&typeof h.data=="string"&&(h.data.startsWith("http://")||h.data.startsWith("https://"))){var l=h.data;l?this._success({url:l}):this._error("Invalid response from frame")}},b.notifyParent=function(h){d.Log.debug("IFrameWindow.notifyParent"),(h=h||window.location.href)&&(d.Log.debug("IFrameWindow.notifyParent: posting url message to parent"),window.parent.postMessage(h,location.protocol+"//"+location.host))},v(b,[{key:"promise",get:function(){return this._promise}},{key:"_origin",get:function(){return location.protocol+"//"+location.host}}]),b})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.UserManagerEvents=void 0;var v=y(0),d=y(16),b=y(17);s.UserManagerEvents=(function(w){function h(l){(function(R,A){if(!(R instanceof A))throw new TypeError("Cannot call a class as a function")})(this,h);var u=(function(R,A){if(!R)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!A||typeof A!="object"&&typeof A!="function"?R:A})(this,w.call(this,l));return u._userLoaded=new b.Event("User loaded"),u._userUnloaded=new b.Event("User unloaded"),u._silentRenewError=new b.Event("Silent renew error"),u._userSignedIn=new b.Event("User signed in"),u._userSignedOut=new b.Event("User signed out"),u._userSessionChanged=new b.Event("User session changed"),u}return(function(u,S){if(typeof S!="function"&&S!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof S);u.prototype=Object.create(S&&S.prototype,{constructor:{value:u,enumerable:!1,writable:!0,configurable:!0}}),S&&(Object.setPrototypeOf?Object.setPrototypeOf(u,S):u.__proto__=S)})(h,w),h.prototype.load=function(u){var S=!(arguments.length>1&&arguments[1]!==void 0)||arguments[1];v.Log.debug("UserManagerEvents.load"),w.prototype.load.call(this,u),S&&this._userLoaded.raise(u)},h.prototype.unload=function(){v.Log.debug("UserManagerEvents.unload"),w.prototype.unload.call(this),this._userUnloaded.raise()},h.prototype.addUserLoaded=function(u){this._userLoaded.addHandler(u)},h.prototype.removeUserLoaded=function(u){this._userLoaded.removeHandler(u)},h.prototype.addUserUnloaded=function(u){this._userUnloaded.addHandler(u)},h.prototype.removeUserUnloaded=function(u){this._userUnloaded.removeHandler(u)},h.prototype.addSilentRenewError=function(u){this._silentRenewError.addHandler(u)},h.prototype.removeSilentRenewError=function(u){this._silentRenewError.removeHandler(u)},h.prototype._raiseSilentRenewError=function(u){v.Log.debug("UserManagerEvents._raiseSilentRenewError",u.message),this._silentRenewError.raise(u)},h.prototype.addUserSignedIn=function(u){this._userSignedIn.addHandler(u)},h.prototype.removeUserSignedIn=function(u){this._userSignedIn.removeHandler(u)},h.prototype._raiseUserSignedIn=function(){v.Log.debug("UserManagerEvents._raiseUserSignedIn"),this._userSignedIn.raise()},h.prototype.addUserSignedOut=function(u){this._userSignedOut.addHandler(u)},h.prototype.removeUserSignedOut=function(u){this._userSignedOut.removeHandler(u)},h.prototype._raiseUserSignedOut=function(){v.Log.debug("UserManagerEvents._raiseUserSignedOut"),this._userSignedOut.raise()},h.prototype.addUserSessionChanged=function(u){this._userSessionChanged.addHandler(u)},h.prototype.removeUserSessionChanged=function(u){this._userSessionChanged.removeHandler(u)},h.prototype._raiseUserSessionChanged=function(){v.Log.debug("UserManagerEvents._raiseUserSessionChanged"),this._userSessionChanged.raise()},h})(d.AccessTokenEvents)},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.Timer=void 0;var v=(function(){function u(S,R){for(var A=0;A<R.length;A++){var J=R[A];J.enumerable=J.enumerable||!1,J.configurable=!0,"value"in J&&(J.writable=!0),Object.defineProperty(S,J.key,J)}}return function(S,R,A){return R&&u(S.prototype,R),A&&u(S,A),S}})(),d=y(0),b=y(1),w=y(17);function h(u,S){if(!(u instanceof S))throw new TypeError("Cannot call a class as a function")}function l(u,S){if(!u)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!S||typeof S!="object"&&typeof S!="function"?u:S}s.Timer=(function(u){function S(R){var A=arguments.length>1&&arguments[1]!==void 0?arguments[1]:b.Global.timer,J=arguments.length>2&&arguments[2]!==void 0?arguments[2]:void 0;h(this,S);var H=l(this,u.call(this,R));return H._timer=A,H._nowFunc=J||function(){return Date.now()/1e3},H}return(function(A,J){if(typeof J!="function"&&J!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof J);A.prototype=Object.create(J&&J.prototype,{constructor:{value:A,enumerable:!1,writable:!0,configurable:!0}}),J&&(Object.setPrototypeOf?Object.setPrototypeOf(A,J):A.__proto__=J)})(S,u),S.prototype.init=function(A){A<=0&&(A=1),A=parseInt(A);var J=this.now+A;if(this.expiration===J&&this._timerHandle)d.Log.debug("Timer.init timer "+this._name+" skipping initialization since already initialized for expiration:",this.expiration);else{this.cancel(),d.Log.debug("Timer.init timer "+this._name+" for duration:",A),this._expiration=J;var H=5;A<H&&(H=A),this._timerHandle=this._timer.setInterval(this._callback.bind(this),1e3*H)}},S.prototype.cancel=function(){this._timerHandle&&(d.Log.debug("Timer.cancel: ",this._name),this._timer.clearInterval(this._timerHandle),this._timerHandle=null)},S.prototype._callback=function(){var A=this._expiration-this.now;d.Log.debug("Timer.callback; "+this._name+" timer expires in:",A),this._expiration<=this.now&&(this.cancel(),u.prototype.raise.call(this))},v(S,[{key:"now",get:function(){return parseInt(this._nowFunc())}},{key:"expiration",get:function(){return this._expiration}}]),S})(w.Event)},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.SilentRenewService=void 0;var v=y(0);s.SilentRenewService=(function(){function d(b){(function(h,l){if(!(h instanceof l))throw new TypeError("Cannot call a class as a function")})(this,d),this._userManager=b}return d.prototype.start=function(){this._callback||(this._callback=this._tokenExpiring.bind(this),this._userManager.events.addAccessTokenExpiring(this._callback),this._userManager.getUser().then((function(w){})).catch((function(w){v.Log.error("SilentRenewService.start: Error from getUser:",w.message)})))},d.prototype.stop=function(){this._callback&&(this._userManager.events.removeAccessTokenExpiring(this._callback),delete this._callback)},d.prototype._tokenExpiring=function(){var w=this;this._userManager.signinSilent().then((function(h){v.Log.debug("SilentRenewService._tokenExpiring: Silent token renewal successful")}),(function(h){v.Log.error("SilentRenewService._tokenExpiring: Error from signinSilent:",h.message),w._userManager.events._raiseSilentRenewError(h)}))},d})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.CordovaPopupNavigator=void 0;var v=y(21);s.CordovaPopupNavigator=(function(){function d(){(function(w,h){if(!(w instanceof h))throw new TypeError("Cannot call a class as a function")})(this,d)}return d.prototype.prepare=function(w){var h=new v.CordovaPopupWindow(w);return Promise.resolve(h)},d})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.CordovaIFrameNavigator=void 0;var v=y(21);s.CordovaIFrameNavigator=(function(){function d(){(function(w,h){if(!(w instanceof h))throw new TypeError("Cannot call a class as a function")})(this,d)}return d.prototype.prepare=function(w){w.popupWindowFeatures="hidden=yes";var h=new v.CordovaPopupWindow(w);return Promise.resolve(h)},d})()},function(c,s,y){Object.defineProperty(s,"__esModule",{value:!0}),s.Version="1.11.6"}])}))})(vr)),vr.exports}var Wr=vs();function ms(o,i){throw o.error==="invalid_redirect_uri"?new Error(`Dynamic client registration failed: the provided redirect uri [${i.redirectUrl?.toString()}] is invalid - ${o.error_description??""}`):o.error==="invalid_client_metadata"?new Error(`Dynamic client registration failed: the provided client metadata ${JSON.stringify(i)} is invalid - ${o.error_description??""}`):new Error(`Dynamic client registration failed: ${o.error} - ${o.error_description??""}`)}function _s(o){return typeof o.client_id=="string"}function ws(o){return Array.isArray(o.redirect_uris)&&o.redirect_uris.every(i=>typeof i=="string")}function Ss(o,i){if(!_s(o))throw new Error(`Dynamic client registration failed: no client_id has been found on ${JSON.stringify(o)}`);if(i.redirectUrl&&ws(o)&&o.redirect_uris[0]!==i.redirectUrl.toString())throw new Error(`Dynamic client registration failed: the returned redirect URIs ${JSON.stringify(o.redirect_uris)} don't match the provided ${JSON.stringify([i.redirectUrl.toString()])}`);return!0}async function bs(o,i){if(!i.registrationEndpoint)throw new Error("Dynamic Registration could not be completed because the issuer has no registration endpoint.");if(!Array.isArray(i.idTokenSigningAlgValuesSupported))throw new Error("The OIDC issuer discovery profile is missing the 'id_token_signing_alg_values_supported' value, which is mandatory.");const c=Xo(i.idTokenSigningAlgValuesSupported,Sr),s={client_name:o.clientName,application_type:"web",redirect_uris:[o.redirectUrl?.toString()],subject_type:"public",token_endpoint_auth_method:"client_secret_basic",id_token_signed_response_alg:c,grant_types:["authorization_code","refresh_token"]},y={"Content-Type":"application/json"},v=await fetch(i.registrationEndpoint.toString(),{method:"POST",headers:y,body:JSON.stringify(s)});if(v.ok){const d=await v.json();return Ss(d,o),{clientId:d.client_id,clientSecret:d.client_secret,expiresAt:d.client_secret_expires_at,idTokenSignedResponseAlg:d.id_token_signed_response_alg,clientType:"dynamic"}}throw v.status===400&&ms(await v.json(),o),new Error(`Dynamic client registration failed: the server returned ${v.status} ${v.statusText} - ${await v.text()}`)}function Es(o){return o.error!==void 0&&typeof o.error=="string"}function Nn(o){return o.error_description!==void 0&&typeof o.error_description=="string"}function Fs(o){return o.error_uri!==void 0&&typeof o.error_uri=="string"}function xs(o){return o.access_token!==void 0&&typeof o.access_token=="string"}function As(o){return o.id_token!==void 0&&typeof o.id_token=="string"}function ks(o){return o.refresh_token!==void 0&&typeof o.refresh_token=="string"}function Ps(o){return o.token_type!==void 0&&typeof o.token_type=="string"}function Ts(o){return o.expires_in===void 0||typeof o.expires_in=="number"}function Is(o,i){if(i.grantType&&(!o.grantTypesSupported||!o.grantTypesSupported.includes(i.grantType)))throw new Error(`The issuer [${o.issuer}] does not support the [${i.grantType}] grant`);if(!o.tokenEndpoint)throw new Error(`This issuer [${o.issuer}] does not have a token endpoint`)}function mi(o,i){if(Es(o))throw new yi(`Token endpoint returned error [${o.error}]${Nn(o)?`: ${o.error_description}`:""}${Fs(o)?` (see ${o.error_uri})`:""}`,o.error,Nn(o)?o.error_description:void 0);if(!xs(o))throw new rr(["access_token"]);if(!As(o))throw new rr(["id_token"]);if(!Ps(o))throw new rr(["token_type"]);if(!Ts(o))throw new rr(["expires_in"]);if(!i&&o.token_type.toLowerCase()!=="bearer")throw new Error(`Invalid token endpoint response: requested a [Bearer] token, but got a 'token_type' value of [${o.token_type}].`);return o}async function Rs(o,i,c,s){Is(o,c);const y={"content-type":"application/x-www-form-urlencoded"};let v;s&&(v=await as(),y.DPoP=await Zr(o.tokenEndpoint,"POST",v)),i.clientSecret&&(y.Authorization=`Basic ${btoa(`${i.clientId}:${i.clientSecret}`)}`);const d={grant_type:c.grantType,redirect_uri:c.redirectUrl,code:c.code,code_verifier:c.codeVerifier,client_id:i.clientId},b={method:"POST",headers:y,body:new URLSearchParams(d).toString()},h=await(await fetch(o.tokenEndpoint,b)).json(),l=mi(h,s),{webId:u,clientId:S}=await ci(l.id_token,o.jwksUri,o.issuer,i.clientId);return{accessToken:l.access_token,idToken:l.id_token,refreshToken:ks(l)?l.refresh_token:void 0,webId:u,clientId:S,dpopKey:v,expiresIn:l.expires_in}}const Cs=o=>{try{return new URL(o),!0}catch{return!1}};async function Us(o,i,c,s){if(c.clientId===void 0)throw new Error("No client ID available when trying to refresh the access token.");const y={grant_type:"refresh_token",refresh_token:o};let v={};s!==void 0&&(v={DPoP:await Zr(i.tokenEndpoint,"POST",s)});let d={};c.clientSecret!==void 0?d={Authorization:`Basic ${btoa(`${c.clientId}:${c.clientSecret}`)}`}:Cs(c.clientId)&&(y.client_id=c.clientId);const b=await fetch(i.tokenEndpoint,{method:"POST",body:new URLSearchParams(y).toString(),headers:{...v,...d,"Content-Type":"application/x-www-form-urlencoded"}});let w;try{w=await b.json()}catch{throw new Error(`The token endpoint of issuer ${i.issuer} returned a malformed response.`)}const h=mi(w,s!==void 0),{webId:l}=await ci(h.id_token,i.jwksUri,i.issuer,c.clientId);return{accessToken:h.access_token,idToken:h.id_token,refreshToken:typeof h.refresh_token=="string"?h.refresh_token:void 0,webId:l,dpopKey:s,expiresIn:h.expires_in}}function Ds(o){const i=hi(o);return i.hash="",o.includes(`${i.origin}/`)?i.href:`${i.origin}${i.href.substring(i.origin.length+1)}`}async function Ls(){await new Wr.OidcClient({response_mode:"query"}).clearStaleState(new Wr.WebStorageStateStore({}));const i=window.localStorage,c=[];for(let s=0;s<=i.length;s+=1){const y=i.key(s);y&&(y.match(/^oidc\..+$/)||y.match(/^solidClientAuthenticationUser:.+$/))&&c.push(y)}c.forEach(s=>i.removeItem(s))}class Ns extends is{constructor(i,c){super(i,c)}}class Os extends rs{login=async(i,c)=>{i.prompt!=="none"&&await this.sessionInfoManager.clear(i.sessionId);const s=i.redirectUrl??Ds(window.location.href);if(!li(s))throw new Error(`${s} is not a valid redirect URL, it is either a malformed IRI, includes a hash fragment, or reserved query parameters ('code' or 'state').`);await this.loginHandler.handle({...i,redirectUrl:s,clientName:i.clientName??i.clientId,eventEmitter:c})};validateCurrentSession=async i=>{const c=await this.sessionInfoManager.get(i);return c===void 0||c.clientAppId===void 0||c.issuer===void 0?null:c};handleIncomingRedirect=async(i,c)=>{try{const s=await this.redirectHandler.handle(i,c,void 0);return this.fetch=s.fetch.bind(window),this.boundLogout=s.getLogoutUrl,await this.cleanUrlAfterRedirect(i),{isLoggedIn:s.isLoggedIn,webId:s.webId,sessionId:s.sessionId,expirationDate:s.expirationDate,clientAppId:s.clientAppId}}catch(s){await this.cleanUrlAfterRedirect(i),c.emit(Ve.ERROR,"redirect",s);return}};async cleanUrlAfterRedirect(i){const c=hi(i).href;for(window.history.replaceState(null,"",c);window.location.href!==c;)await new Promise(s=>{setTimeout(()=>s(),1)})}}function On(o){return typeof o.oidcIssuer=="string"}function Hn(o){return typeof o.redirectUrl=="string"}class Hs{storageUtility;oidcHandler;issuerConfigFetcher;clientRegistrar;constructor(i,c,s,y){this.storageUtility=i,this.oidcHandler=c,this.issuerConfigFetcher=s,this.clientRegistrar=y,this.storageUtility=i,this.oidcHandler=c,this.issuerConfigFetcher=s,this.clientRegistrar=y}async canHandle(i){return On(i)&&Hn(i)}async handle(i){if(!On(i))throw new Vr(`OidcLoginHandler requires an OIDC issuer: missing property 'oidcIssuer' in ${JSON.stringify(i)}`);if(!Hn(i))throw new Vr(`OidcLoginHandler requires a redirect URL: missing property 'redirectUrl' in ${JSON.stringify(i)}`);const c=await this.issuerConfigFetcher.fetchConfig(i.oidcIssuer),s=await ts(i,c,this.storageUtility,this.clientRegistrar),y={issuer:c.issuer,dpop:i.tokenType.toLowerCase()==="dpop",...i,issuerConfiguration:c,client:s,scopes:jo(i.customScopes)};return this.oidcHandler.handle(y)}}class Bs extends Vo{async handle(i){const c={authority:i.issuer.toString(),client_id:i.client.clientId,client_secret:i.client.clientSecret,redirect_uri:i.redirectUrl,response_type:"code",scope:i.scopes.join(" "),filterProtocolClaims:!0,loadUserInfo:!1,code_verifier:!0,prompt:i.prompt??"consent"},s=new Wr.OidcClient(c);try{const y=await s.createSigninRequest();return await this.setupRedirectHandler({oidcLoginOptions:i,state:y.state._id,codeVerifier:y.state._code_verifier,targetUrl:y.url.toString()})}catch(y){console.error(y)}}}const Ms=".well-known/openid-configuration",Bn={issuer:{toKey:"issuer",convertToUrl:!0},authorization_endpoint:{toKey:"authorizationEndpoint",convertToUrl:!0},token_endpoint:{toKey:"tokenEndpoint",convertToUrl:!0},userinfo_endpoint:{toKey:"userinfoEndpoint",convertToUrl:!0},jwks_uri:{toKey:"jwksUri",convertToUrl:!0},registration_endpoint:{toKey:"registrationEndpoint",convertToUrl:!0},end_session_endpoint:{toKey:"endSessionEndpoint",convertToUrl:!0},scopes_supported:{toKey:"scopesSupported"},response_types_supported:{toKey:"responseTypesSupported"},response_modes_supported:{toKey:"responseModesSupported"},grant_types_supported:{toKey:"grantTypesSupported"},acr_values_supported:{toKey:"acrValuesSupported"},subject_types_supported:{toKey:"subjectTypesSupported"},id_token_signing_alg_values_supported:{toKey:"idTokenSigningAlgValuesSupported"},id_token_encryption_alg_values_supported:{toKey:"idTokenEncryptionAlgValuesSupported"},id_token_encryption_enc_values_supported:{toKey:"idTokenEncryptionEncValuesSupported"},userinfo_signing_alg_values_supported:{toKey:"userinfoSigningAlgValuesSupported"},userinfo_encryption_alg_values_supported:{toKey:"userinfoEncryptionAlgValuesSupported"},userinfo_encryption_enc_values_supported:{toKey:"userinfoEncryptionEncValuesSupported"},request_object_signing_alg_values_supported:{toKey:"requestObjectSigningAlgValuesSupported"},request_object_encryption_alg_values_supported:{toKey:"requestObjectEncryptionAlgValuesSupported"},request_object_encryption_enc_values_supported:{toKey:"requestObjectEncryptionEncValuesSupported"},token_endpoint_auth_methods_supported:{toKey:"tokenEndpointAuthMethodsSupported"},token_endpoint_auth_signing_alg_values_supported:{toKey:"tokenEndpointAuthSigningAlgValuesSupported"},display_values_supported:{toKey:"displayValuesSupported"},claim_types_supported:{toKey:"claimTypesSupported"},claims_supported:{toKey:"claimsSupported"},service_documentation:{toKey:"serviceDocumentation"},claims_locales_supported:{toKey:"claimsLocalesSupported"},ui_locales_supported:{toKey:"uiLocalesSupported"},claims_parameter_supported:{toKey:"claimsParameterSupported"},request_parameter_supported:{toKey:"requestParameterSupported"},request_uri_parameter_supported:{toKey:"requestUriParameterSupported"},require_request_uri_registration:{toKey:"requireRequestUriRegistration"},op_policy_uri:{toKey:"opPolicyUri",convertToUrl:!0},op_tos_uri:{toKey:"opTosUri",convertToUrl:!0}};function js(o){const i={};return Object.keys(o).forEach(c=>{Bn[c]&&(i[Bn[c].toKey]=o[c])}),Array.isArray(i.scopesSupported)||(i.scopesSupported=["openid"]),i}class en{storageUtility;constructor(i){this.storageUtility=i,this.storageUtility=i}static getLocalStorageKey(i){return`issuerConfig:${i}`}async fetchConfig(i){let c;const s=new URL(Ms,i.endsWith("/")?i:`${i}/`).href,y=await fetch(s);try{c=js(await y.json())}catch(v){throw new Vr(`[${i.toString()}] has an invalid configuration: ${v.message}`)}return await this.storageUtility.set(en.getLocalStorageKey(i),JSON.stringify(c)),c}}async function Ks(o,i){await fi(o,i),await Ls()}class Vs extends $o{async get(i){const[c,s,y,v,d,b,w,h]=await Promise.all([this.storageUtility.getForUser(i,"isLoggedIn",{secure:!0}),this.storageUtility.getForUser(i,"webId",{secure:!0}),this.storageUtility.getForUser(i,"clientId",{secure:!1}),this.storageUtility.getForUser(i,"clientSecret",{secure:!1}),this.storageUtility.getForUser(i,"redirectUrl",{secure:!1}),this.storageUtility.getForUser(i,"refreshToken",{secure:!0}),this.storageUtility.getForUser(i,"issuer",{secure:!1}),this.storageUtility.getForUser(i,"tokenType",{secure:!1})]);if(typeof d=="string"&&!li(d)){await Promise.all([this.storageUtility.deleteAllUserData(i,{secure:!1}),this.storageUtility.deleteAllUserData(i,{secure:!0})]);return}if(h!==void 0&&!Yo(h))throw new Error(`Tokens of type [${h}] are not supported.`);if(!(y===void 0&&c===void 0&&s===void 0&&b===void 0))return{sessionId:i,webId:s,isLoggedIn:c==="true",redirectUrl:d,refreshToken:b,issuer:w,clientAppId:y,clientAppSecret:v,tokenType:h??"DPoP"}}async clear(i){return Ks(i,this.storageUtility)}}class Ws{async canHandle(i){try{return new URL(i),!0}catch(c){throw new Error(`[${i}] is not a valid URL, and cannot be used as a redirect URL: ${c}`)}}async handle(i){return di()}}class Js{storageUtility;sessionInfoManager;issuerConfigFetcher;clientRegistrar;tokerRefresher;constructor(i,c,s,y,v){this.storageUtility=i,this.sessionInfoManager=c,this.issuerConfigFetcher=s,this.clientRegistrar=y,this.tokerRefresher=v,this.storageUtility=i,this.sessionInfoManager=c,this.issuerConfigFetcher=s,this.clientRegistrar=y,this.tokerRefresher=v}async canHandle(i){try{const c=new URL(i);return c.searchParams.get("code")!==null&&c.searchParams.get("state")!==null}catch(c){throw new Error(`[${i}] is not a valid URL, and cannot be used as a redirect URL: ${c}`)}}async handle(i,c){if(!await this.canHandle(i))throw new Error(`AuthCodeRedirectHandler cannot handle [${i}]: it is missing one of [code, state].`);const s=new URL(i),y=s.searchParams.get("state"),v=await this.storageUtility.getForUser(y,"sessionId",{errorIfNull:!0}),{issuerConfig:d,codeVerifier:b,redirectUrl:w,dpop:h}=await pi(v,this.storageUtility,this.issuerConfigFetcher),l=s.searchParams.get("iss");if(typeof l=="string"&&l!==d.issuer)throw new Error(`The value of the iss parameter (${l}) does not match the issuer identifier of the authorization server (${d.issuer}). See [rfc9207](https://www.rfc-editor.org/rfc/rfc9207.html#section-2.3-3.1.1)`);if(b===void 0)throw new Error(`The code verifier for session ${v} is missing from storage.`);if(w===void 0)throw new Error(`The redirect URL for session ${v} is missing from storage.`);const u=await this.clientRegistrar.getClient({sessionId:v},d),S=Date.now(),R=await Rs(d,u,{grantType:"authorization_code",code:s.searchParams.get("code"),codeVerifier:b,redirectUrl:w},h);window.localStorage.removeItem(`oidc.${y}`);let A;R.refreshToken!==void 0&&(A={sessionId:v,refreshToken:R.refreshToken,tokenRefresher:this.tokerRefresher});const J=ds(R.accessToken,{dpopKey:R.dpopKey,refreshOptions:A,eventEmitter:c,expiresIn:R.expiresIn});await ns(this.storageUtility,v,R.webId,R.clientId,"true",void 0,!0);const H=await this.sessionInfoManager.get(v);if(!H)throw new Error(`Could not retrieve session: [${v}].`);return Object.assign(H,{fetch:J,getLogoutUrl:Go({idTokenHint:R.idToken,endSessionEndpoint:d.endSessionEndpoint}),expirationDate:typeof R.expiresIn=="number"?S+R.expiresIn*1e3:void 0})}}class qs extends Mo{constructor(i){super(i)}}class $s{get storage(){return window.localStorage}async get(i){return this.storage.getItem(i)||void 0}async set(i,c){this.storage.setItem(i,c)}async delete(i){this.storage.removeItem(i)}}class zs{redirect(i,c){c&&c.handleRedirect?c.handleRedirect(i):c&&c.redirectByReplacingState?window.history.replaceState({},"",i):window.location.href=i}}class Gs{storageUtility;constructor(i){this.storageUtility=i,this.storageUtility=i}async getClient(i,c){const[s,y,v,d,b]=await Promise.all([this.storageUtility.getForUser(i.sessionId,"clientId",{secure:!1}),this.storageUtility.getForUser(i.sessionId,"clientSecret",{secure:!1}),this.storageUtility.getForUser(i.sessionId,"expiresAt",{secure:!1}),this.storageUtility.getForUser(i.sessionId,"clientName",{secure:!1}),this.storageUtility.getForUser(i.sessionId,"clientType",{secure:!1})]),w=v!==void 0?Number.parseInt(v,10):-1,h=y!==void 0&&w!==0&&Math.floor(Date.now()/1e3)>w;if(s&&es(b)&&!h)return y!==void 0?{clientId:s,clientSecret:y,clientName:d,clientType:"dynamic",expiresAt:w}:{clientId:s,clientName:d,clientType:b};try{const l=await bs(i,c),u={clientId:l.clientId,clientType:"dynamic"};return l.clientSecret!==void 0&&(u.clientSecret=l.clientSecret,u.expiresAt=String(l.expiresAt)),l.idTokenSignedResponseAlg&&(u.idTokenSignedResponseAlg=l.idTokenSignedResponseAlg),await this.storageUtility.setForUser(i.sessionId,u,{secure:!1}),l}catch(l){throw new Error("Client registration failed.",{cause:l})}}}class Ys{async canHandle(i){try{return new URL(i).searchParams.has("error")}catch(c){throw new Error(`[${i}] is not a valid URL, and cannot be used as a redirect URL: ${c}`)}}async handle(i,c){if(c!==void 0){const s=new URL(i),y=s.searchParams.get("error"),v=s.searchParams.get("error_description");c.emit(Ve.ERROR,y,v)}return di()}}class Xs{storageUtility;issuerConfigFetcher;clientRegistrar;constructor(i,c,s){this.storageUtility=i,this.issuerConfigFetcher=c,this.clientRegistrar=s,this.storageUtility=i,this.issuerConfigFetcher=c,this.clientRegistrar=s}async refresh(i,c,s,y){const v=await pi(i,this.storageUtility,this.issuerConfigFetcher),d=await this.clientRegistrar.getClient({sessionId:i},v.issuerConfig);if(c===void 0)throw new Error(`Session [${i}] has no refresh token to allow it to refresh its access token.`);if(v.dpop&&s===void 0)throw new Error(`For session [${i}], the key bound to the DPoP access token must be provided to refresh said access token.`);const b=await Us(c,v.issuerConfig,d,s);return b.refreshToken!==void 0&&y?.emit(Ve.NEW_REFRESH_TOKEN,b.refreshToken),b}}function Mn(o){const i=new os,c=o.secureStorage||i,s=o.insecureStorage||new $s,y=new Ns(c,s),v=new en(y),d=new Gs(y),b=new Vs(y),w=new Xs(y,v,d),h=new zs,l=new Hs(y,new Bs(y,h),v,d),u=new qs([new Ys,new Js(y,b,v,d,w),new Ws]);return new Os(l,u,new qo(b,h),b,v)}const Nr=`${ui}currentSession`,Jr=`${ui}currentUrl`;async function Qs(o,i,c){const s=await i.validateCurrentSession(o);return s!==null?(window.localStorage.setItem(Jr,window.location.href),await i.login({sessionId:o,prompt:"none",oidcIssuer:s.issuer,redirectUrl:s.redirectUrl,clientId:s.clientAppId,clientSecret:s.clientAppSecret,tokenType:s.tokenType??"DPoP"},c.events),!0):!1}function Zs(o){return!!o?.isLoggedIn}class ea{info;events;clientAuthentication;tokenRequestInProgress=!1;constructor(i={},c=void 0){this.events=new ps,i.clientAuthentication?this.clientAuthentication=i.clientAuthentication:i.secureStorage&&i.insecureStorage?this.clientAuthentication=Mn({secureStorage:i.secureStorage,insecureStorage:i.insecureStorage}):this.clientAuthentication=Mn({}),i.sessionInfo?this.info={sessionId:i.sessionInfo.sessionId,isLoggedIn:!1,webId:i.sessionInfo.webId,clientAppId:i.sessionInfo.clientAppId}:this.info={sessionId:c??Qr(),isLoggedIn:!1},this.events.on(Ve.LOGIN,()=>window.localStorage.setItem(Nr,this.info.sessionId)),this.events.on(Ve.SESSION_EXPIRED,()=>this.internalLogout(!1)),this.events.on(Ve.ERROR,()=>this.internalLogout(!1))}login=async i=>(await this.clientAuthentication.login({sessionId:this.info.sessionId,...i,tokenType:i.tokenType??"DPoP"},this.events),new Promise(()=>{}));fetch=(i,c)=>this.clientAuthentication.fetch(i,c);internalLogout=async(i,c)=>{window.localStorage.removeItem(Nr),await this.clientAuthentication.logout(this.info.sessionId,c),this.info.isLoggedIn=!1,i&&this.events.emit(Ve.LOGOUT)};logout=async i=>this.internalLogout(!0,i);handleIncomingRedirect=async(i={})=>{if(this.info.isLoggedIn)return this.info;if(this.tokenRequestInProgress)return;const c=typeof i=="string"?{url:i}:i,s=c.url??window.location.href;this.tokenRequestInProgress=!0;const y=await this.clientAuthentication.handleIncomingRedirect(s,this.events);if(Zs(y)){this.setSessionInfo(y);const v=window.localStorage.getItem(Jr);v===null?this.events.emit(Ve.LOGIN):(window.localStorage.removeItem(Jr),this.events.emit(Ve.SESSION_RESTORED,v))}else if(c.restorePreviousSession===!0){const v=window.localStorage.getItem(Nr);if(v!==null&&await Qs(v,this.clientAuthentication,this))return new Promise(()=>{})}return this.tokenRequestInProgress=!1,y};setSessionInfo(i){this.info.isLoggedIn=i.isLoggedIn,this.info.webId=i.webId,this.info.sessionId=i.sessionId,this.info.clientAppId=i.clientAppId,this.info.expirationDate=i.expirationDate,this.events.on(Ve.SESSION_EXTENDED,c=>{this.info.expirationDate=Date.now()+c*1e3})}}const tt=new ea,mr="http://www.w3.org/ns/solid/terms#storage",qr="http://www.w3.org/ns/pim/space#storage",_r=".data/inrupt-smoke/probe.ttl#this",ta="https://schema.org/DigitalDocument",Er=new URLSearchParams(window.location.search),ra=Er.get("issuer")||window.location.origin,na=Er.get("home")||"",ia=nn(Er.get("storagePath")||_r),oa=Er.get("sp")||"";function sa(){document.querySelector("#app").innerHTML=`
+    <style>
+      :root { color-scheme: light dark; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif; background: #020617; color: #e5e7eb; }
+      * { box-sizing: border-box; }
+      body { margin: 0; min-height: 100vh; padding: 20px; background: radial-gradient(circle at top, rgba(59,130,246,.32), transparent 36%), #020617; }
+      section, header { width: min(900px, 100%); margin: 0 auto 16px; padding: 18px; border: 1px solid rgba(148,163,184,.28); border-radius: 18px; background: rgba(15,23,42,.9); box-shadow: 0 18px 60px rgba(0,0,0,.28); }
+      h1 { margin: 0 0 8px; font-size: clamp(26px, 6vw, 42px); }
+      h2 { margin: 0 0 12px; font-size: 20px; }
+      p { color: #cbd5e1; line-height: 1.62; }
+      code { color: #93c5fd; }
+      label { display: block; margin: 12px 0 7px; font-weight: 800; }
+      input, textarea { width: 100%; min-height: 42px; padding: 10px 12px; border: 1px solid #475569; border-radius: 12px; background: #020617; color: #f8fafc; font: inherit; }
+      textarea { min-height: 260px; font: 12px ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas, monospace; resize: vertical; }
+      button { min-height: 42px; margin: 7px 7px 7px 0; padding: 10px 14px; border: 0; border-radius: 999px; background: #38bdf8; color: #082f49; font-weight: 900; cursor: pointer; }
+      button.secondary { background: #334155; color: #e2e8f0; }
+      button.danger { background: #fb7185; color: #450a0a; }
+      dl { display: grid; grid-template-columns: minmax(120px, auto) 1fr; gap: 8px 12px; padding: 12px; border-radius: 14px; background: rgba(2,6,23,.62); }
+      dt { color: #94a3b8; } dd { margin: 0; overflow-wrap: anywhere; }
+      .ok { color: #86efac; } .fail { color: #fca5a5; } .warn { color: #fde68a; } .small { font-size: 13px; color: #94a3b8; }
+    </style>
+    <header>
+      <h1>Inrupt Solid Smoke</h1>
+      <p>这个页面从 Cloud IdP origin 加载，使用 <code>@inrupt/solid-client-authn-browser</code> 登录 Cloud OIDC issuer，然后读取 WebID profile 的 <code>solid:storage</code>，把发现到的 storage 设置为 Pod home。</p>
+      <p class="small">读写验收使用 <code>@undefineds.co/drizzle-solid</code>：drizzle-solid db 的 <code>podUrl</code> 会设置成 storage home，再对 storage-relative RDF 资源执行 insert / findById / deleteById。</p>
+    </header>
+    <section>
+      <h2>配置</h2>
+      <label for="cloudIssuer">Cloud OIDC Issuer</label>
+      <input id="cloudIssuer" inputmode="url" autocomplete="url" value="${pr(ra)}">
+      <label for="podHomeUrl">Pod Home / Storage URL（自动从 WebID profile 的 solid:storage 填入，可手动覆盖）</label>
+      <input id="podHomeUrl" inputmode="url" autocomplete="url" value="${pr(na)}" placeholder="https://node-0000.undefineds.co/alice/">
+      <label for="storagePath">Storage-relative Drizzle Test Resource</label>
+      <input id="storagePath" value="${pr(ia)}">
+      <label for="spResourceUrl">SP Resource URL（可选；为空时按 Pod Home + Storage Path 推导）</label>
+      <input id="spResourceUrl" inputmode="url" autocomplete="url" value="${pr(oa)}">
+      <button id="loginButton" type="button">1. Login Cloud</button>
+      <button id="discoveryButton" type="button">2. Check Cloud Discovery</button>
+      <button id="storageButton" type="button">3. Discover Storage Home</button>
+      <button id="resourceButton" type="button">4. session.fetch SP Resource</button>
+      <button id="drizzleButton" type="button">5. Drizzle Read/Write/Delete</button>
+      <button id="logoutButton" class="secondary" type="button">Logout App</button>
+      <dl>
+        <dt>Status</dt><dd id="status">初始化中</dd>
+        <dt>Logged in</dt><dd id="loggedIn">false</dd>
+        <dt>WebID</dt><dd id="webId">-</dd>
+        <dt>Storage Home</dt><dd id="storageHome">-</dd>
+      </dl>
+    </section>
+    <section>
+      <h2>Report</h2>
+      <textarea id="report" readonly></textarea>
+    </section>
+  `}function pr(o){return o.replace(/[&<>"]/g,i=>({"&":"&amp;","<":"&lt;",">":"&gt;",'"':"&quot;"})[i]??i)}function De(o){return document.getElementById(o)}function mt(o,i=""){const c=De("status");c.textContent=o,c.className=i}function tn(){return De("cloudIssuer").value.trim()}function Kt(){return De("podHomeUrl").value.trim()}function _i(o){De("podHomeUrl").value=qt(o),De("storageHome").textContent=De("podHomeUrl").value}function or(){const o=nn(De("storagePath").value);return De("storagePath").value=o,o}function Vt(){return De("spResourceUrl").value.trim()}function rn(o){De("spResourceUrl").value=o}function qt(o){const i=new URL(o||window.location.origin,`${window.location.origin}/`);return i.hash="",i.search="",i.pathname.endsWith("/")||(i.pathname=`${i.pathname}/`),i.href}function nn(o){const i=String(o||"").trim();if(!i)return _r;if(/^https?:\/\//iu.test(i)){const c=new URL(i);return`${c.pathname.replace(/^\/+/,"")}${c.hash}`||_r}return i.replace(/^\/+/,"")||_r}function wi(o){const i=nn(o),c=i.indexOf("#"),s=c>=0?i.slice(0,c):i,y=c>=0?i.slice(c):"",v=s.lastIndexOf("/"),d=v>=0?s.slice(0,v+1):"",b=v>=0?s.slice(v+1):s;if(!b)throw new Error(`Storage path must include a file name: ${i}`);return{storagePath:i,documentPath:s,tableBase:`/${d}`,recordId:`${b}${y||"#this"}`}}function on(o,i){const c=wi(i);return new URL(c.documentPath,qt(o)).href}function sn(){De("loggedIn").textContent=String(tt.info.isLoggedIn),De("webId").textContent=tt.info.webId??"-",De("storageHome").textContent=Kt()||"-"}function Dt(o={}){De("report").value=JSON.stringify({generatedAt:new Date().toISOString(),cloudIssuer:tn(),podHomeUrl:Kt(),storagePath:or(),spResourceUrl:Vt(),session:{isLoggedIn:tt.info.isLoggedIn,webId:tt.info.webId,sessionId:tt.info.sessionId},...o},null,2)}async function aa(){const o=qt(tn()),i=new URL("/app/inrupt-smoke.html",window.location.origin);i.searchParams.set("issuer",o),i.searchParams.set("storagePath",or()),Kt()&&i.searchParams.set("home",Kt()),Vt()&&i.searchParams.set("sp",Vt()),await tt.login({oidcIssuer:o,redirectUrl:i.href,clientName:"Xpod Inrupt Smoke",tokenType:"DPoP"})}async function an(o){const i=performance.now(),c=await tt.fetch(o,{method:"GET",cache:"no-store"}),s=await c.text();return{url:o,status:c.status,ok:c.ok,elapsedMs:Math.round(performance.now()-i),headers:Array.from(c.headers.entries()),bodyPreview:s.slice(0,8192)}}async function ua(){try{mt("checking cloud discovery...","warn");const o=new URL("/.well-known/openid-configuration",qt(tn())).href,i=await an(o);mt(`discovery HTTP ${i.status}`,i.ok?"ok":"fail"),Dt({discovery:i})}catch(o){sr(o)}}async function Si(){if(!tt.info.isLoggedIn||!tt.info.webId)throw new Error("Login first; storage discovery needs session.info.webId.");const o=tt.info.webId,i=ga(o),c=await an(i);if(!c.ok)throw new Error(`Failed to read WebID profile ${i}: HTTP ${c.status}`);const s=qt(da(o,c.bodyPreview));return _i(s),Vt()||rn(on(s,or())),sn(),{webId:o,profileUrl:i,storageUrl:s,profile:c}}async function ca(){try{mt("discovering storage home from WebID profile...","warn");const o=await Si();mt(`storage home ${o.storageUrl}`,"ok"),Dt({storage:o})}catch(o){sr(o)}}async function bi(){if(Kt()){const o=qt(Kt());return _i(o),o}return(await Si()).storageUrl}async function la(){if(Vt())return new URL(Vt()).href;const o=await bi(),i=on(o,or());return rn(i),i}async function ha(){try{mt("fetching SP resource with Inrupt session...","warn");const o=await an(await la());mt(`SP resource HTTP ${o.status}`,o.ok?"ok":"fail"),Dt({spResource:o})}catch(o){sr(o)}}function da(o,i){const c=fa(i);if(c)return c;const s=[mr,qr].map(l=>l.replace(/[.*+?^${}()|[\]\\]/gu,"\\$&")).join("|"),y=new RegExp(`<(?:${s})>\\s+<([^>]+)>`,"iu"),v=i.match(y);if(v?.[1])return v[1];const d=/\b(?:solid|pim):storage\s+<([^>]+)>/iu,b=i.match(d);if(b?.[1])return b[1];const w=new RegExp(`<${Or(o)}>[^.]+(?:<${Or(mr)}>|solid:storage|<${Or(qr)}>|pim:storage)\\s+<([^>]+)>`,"isu"),h=i.match(w);if(h?.[1])return h[1];throw new Error(`WebID profile has no solid:storage / ${mr} binding.`)}function fa(o){try{return $r(JSON.parse(o))}catch{return null}}function $r(o){if(Array.isArray(o)){for(const i of o){const c=$r(i);if(c)return c}return null}if(!Fi(o))return null;for(const i of Object.keys(o))if(i===mr||i===qr||i==="solid:storage"||i==="pim:storage"){const c=Ei(o[i]);if(c)return c}for(const i of Object.values(o)){const c=$r(i);if(c)return c}return null}function Ei(o){if(typeof o=="string"&&/^https?:\/\//iu.test(o))return o;if(Array.isArray(o)){for(const i of o){const c=Ei(i);if(c)return c}return null}if(Fi(o)){const i=o["@id"];if(typeof i=="string"&&/^https?:\/\//iu.test(i))return i}return null}function Fi(o){return typeof o=="object"&&o!==null}function ga(o){const i=new URL(o);return i.hash="",i.href}function Or(o){return o.replace(/[.*+?^${}()|[\]\\]/gu,"\\$&")}function pa(){return typeof crypto.randomUUID=="function"?crypto.randomUUID():Math.random().toString(36).slice(2)}async function ya(){try{mt("writing smoke data through drizzle-solid...","warn");const o=await bi(),i=wi(or()),{drizzle:c,podTable:s,string:y}=await Mi(async()=>{const{drizzle:S,podTable:R,string:A}=await import("./index-AaQ1qxhy.js");return{drizzle:S,podTable:R,string:A}},__vite__mapDeps([0,1])),v=s("inruptSmokeData",{id:y("id").primaryKey(),value:y("value").predicate("http://schema.org/text"),createdAt:y("createdAt").predicate("http://schema.org/dateCreated")},{base:i.tableBase,type:ta}),d=c(tt,{podUrl:o,resourcePreparation:"best-effort",schema:{inruptSmokeData:v}});await d.init(v),await d.deleteById(v,i.recordId).catch(()=>{});const b=`xpod-inrupt-smoke ${new Date().toISOString()} ${pa()}`,w=new Date().toISOString();await d.insert(v).values({id:i.recordId,value:b,createdAt:w});const h=await d.findById(v,i.recordId),l=h?.value===b;if(await d.deleteById(v,i.recordId).catch(()=>{}),!l)throw new Error(`drizzle-solid readback mismatch for ${i.recordId}`);const u=on(o,i.storagePath);rn(u),mt("drizzle-solid write/read/delete OK","ok"),Dt({drizzleSolid:{ok:!0,podUrl:o,storagePath:i.storagePath,tableBase:i.tableBase,recordId:i.recordId,resourceUrl:u,wrote:{value:b,createdAt:w},readBack:h,deleted:!0}})}catch(o){sr(o)}}async function va(){await tt.logout({logoutType:"app"}),sn(),mt("logged out","warn"),Dt()}function sr(o){const i=o instanceof Error?o.message:String(o);mt(i,"fail"),Dt({error:i})}async function ma(){sa(),De("loginButton").addEventListener("click",()=>{aa()}),De("discoveryButton").addEventListener("click",()=>{ua()}),De("storageButton").addEventListener("click",()=>{ca()}),De("resourceButton").addEventListener("click",()=>{ha()}),De("drizzleButton").addEventListener("click",()=>{ya()}),De("logoutButton").addEventListener("click",()=>{va()});try{await tt.handleIncomingRedirect({restorePreviousSession:!0}),sn(),mt(tt.info.isLoggedIn?"logged in":"not logged in",tt.info.isLoggedIn?"ok":"warn"),Dt()}catch(o){sr(o)}}ma();export{Mi as _,fs as r,Qr as v};