@wireapp/core 17.31.1 → 17.31.2

package/src/main/cryptography/CryptographyService.test.node.ts

@@ -1,246 +0,0 @@
-/*
- * Wire
- * Copyright (C) 2018 Wire Swiss GmbH
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see http://www.gnu.org/licenses/.
- *
- */
-
-import {APIClient} from '@wireapp/api-client';
-import {Cryptobox} from '@wireapp/cryptobox';
-import * as Proteus from '@wireapp/proteus';
-import {CRUDEngine, MemoryEngine} from '@wireapp/store-engine';
-import * as bazinga64 from 'bazinga64';
-import * as crypto from 'crypto';
-import {promisify} from 'util';
-import {SessionPayloadBundle} from '.';
-
-import * as CryptographyHelper from '../test/CryptographyHelper';
-import {decryptAsset, encryptAsset} from './AssetCryptography.node';
-import {CryptographyService} from './CryptographyService';
-
-async function createEngine(storeName: string): Promise<CRUDEngine> {
-  const engine = new MemoryEngine();
-  await engine.init(storeName);
-  return engine;
-}
-
-describe('CryptographyService', () => {
-  let cryptographyService: CryptographyService;
-  let aliceLastResortPreKey: Proteus.keys.PreKey;
-  let bob: Cryptobox;
-
-  beforeAll(async () => {
-    await Proteus.init();
-  });
-
-  beforeEach(async () => {
-    cryptographyService = new CryptographyService(new APIClient(), await createEngine('wire'));
-    const preKeys = await cryptographyService.cryptobox.create();
-    aliceLastResortPreKey = preKeys.filter(preKey => preKey.key_id === Proteus.keys.PreKey.MAX_PREKEY_ID)[0];
-    bob = new Cryptobox(await createEngine('wire'));
-    await bob.create();
-  });
-
-  describe('"constructor"', () => {
-    it('creates an instance.', () => {
-      expect(cryptographyService.cryptobox['identity']!.public_key.fingerprint()).toBeDefined();
-      expect(cryptographyService).toBeDefined();
-    });
-  });
-
-  describe('"constructSessionId"', () => {
-    it('constructs a Session ID by a given User ID and Client ID.', () => {
-      const clientId = '1ceb9063fced26d3';
-      const userId = 'afbb5d60-1187-4385-9c29-7361dea79647';
-      const actual = CryptographyService.constructSessionId(userId, clientId, null);
-      expect(actual).toContain(clientId);
-      expect(actual).toContain(userId);
-    });
-
-    it('constructs a Session ID by a given User ID and Client ID and domain.', () => {
-      const clientId = '1ceb9063fced26d3';
-      const userId = 'afbb5d60-1187-4385-9c29-7361dea79647';
-      const actual = CryptographyService.constructSessionId(userId, clientId, 'test.wire.link');
-      expect(actual).toContain(clientId);
-      expect(actual).toContain(userId);
-      expect(actual).toContain('test.wire.link');
-    });
-  });
-
-  describe('"decrypt"', () => {
-    it('decrypts a Base64-encoded cipher message.', async () => {
-      const alicePublicKey = cryptographyService.cryptobox['identity']!.public_key;
-      const publicPreKeyBundle = new Proteus.keys.PreKeyBundle(alicePublicKey, aliceLastResortPreKey);
-      const text = 'Hello Alice!';
-      const encryptedPreKeyMessage = await bob.encrypt(
-        'alice-user-id@alice-client-id',
-        text,
-        publicPreKeyBundle.serialise(),
-      );
-      const encodedPreKeyMessage = bazinga64.Encoder.toBase64(encryptedPreKeyMessage).asString;
-      const decryptedMessage = await cryptographyService.decrypt('bob-user-id@bob-client-id', encodedPreKeyMessage);
-      const plaintext = Buffer.from(decryptedMessage).toString('utf8');
-      expect(plaintext).toBe(text);
-    });
-
-    it('is resistant to duplicated message errors', async () => {
-      const receiver = cryptographyService.cryptobox['identity']!;
-      const preKey = await cryptographyService.cryptobox['get_prekey']();
-      const text = 'Hi!';
-      const encodedPreKeyMessage = await CryptographyHelper.createEncodedCipherText(receiver, preKey!, text);
-      const sessionId = 'alice-to-bob';
-      const plaintext = await CryptographyHelper.getPlainText(cryptographyService, encodedPreKeyMessage, sessionId);
-      // Testing to decrypt the same message multiple times (to provoke duplicate message errors)
-      await CryptographyHelper.getPlainText(cryptographyService, encodedPreKeyMessage, sessionId);
-      await CryptographyHelper.getPlainText(cryptographyService, encodedPreKeyMessage, sessionId);
-      await CryptographyHelper.getPlainText(cryptographyService, encodedPreKeyMessage, sessionId);
-      expect(plaintext).toBe(text);
-    });
-  });
-
-  describe('"dismantleSessionId"', () => {
-    const clientId = '1ceb9063fced26d3';
-    const userId = 'afbb5d60-1187-4385-9c29-7361dea79647';
-    const domain = 'domain.wire.link';
-
-    it('gets User ID and Client ID from a Session ID without domain.', () => {
-      const sessionId = CryptographyService.constructSessionId(userId, clientId, null);
-      const res = CryptographyService['dismantleSessionId'](sessionId);
-      expect(res.clientId).toBe(clientId);
-      expect(res.userId).toBe(userId);
-      expect(res.domain).toBe(undefined);
-    });
-
-    it('gets User ID and Client ID from a Session ID with domain.', () => {
-      const sessionId = CryptographyService.constructSessionId(userId, clientId, domain);
-      const res = CryptographyService['dismantleSessionId'](sessionId);
-      expect(res.clientId).toBe(clientId);
-      expect(res.userId).toBe(userId);
-      expect(res.domain).toBe(domain);
-    });
-  });
-
-  describe('"encrypt"', () => {
-    it('generates a set of encrypted data based on PreKeys from multiple clients.', async () => {
-      const firstUserID = 'bc0c99f1-49a5-4ad2-889a-62885af37088';
-      const secondUserID = '2bde49aa-bdb5-458f-98cf-7d3552b10916';
-
-      const firstClientId = '2b83ee08d7ac550d';
-
-      const preKeyBundleMap = {
-        [firstUserID]: {
-          '5e80ea7886680975': {
-            id: 1337,
-            key: 'pQABARn//wKhAFggJ1Fbpg5l6wnzKOJE+vXpRnkqUYhIvVnR5lNXEbO2o/0DoQChAFggHxZvgvtDktY/vqBcpjjo6rQnXvcNQhfwmy8AJQJKlD0E9g==',
-          },
-          be67218b77d02d30: {
-            id: 72,
-            key: 'pQABARn//wKhAFggTWwHUoppQ8aXWhbH95YWnNp6uOYMxo2y4wbarWbF+EEDoQChAFggUiFoPtsiR0WFowIvl0myD+bVnFQJBYarqieI0Gly46QE9g==',
-          },
-          [firstClientId]: {
-            id: 42,
-            key: 'pQABARn//wKhAFggWcbwny0jdqlcnnn0j4QSENIVVq/KgyQ3mmdpunfvGZQDoQChAFggrsQBkQkrVZ8sWhr8wTeaC+dmctuJ3oRqfdHsymTtKmgE9g==',
-          },
-        },
-        [secondUserID]: {
-          '5bad8cdeddc5a90f': {
-            id: 1,
-            key: 'pQABARn//wKhAFggEYATUNJBQ7E2tfHT7HMLxa4O3Ckd7PciUdyKiGNNWbYDoQChAFggP/s0BHmHQDNwrO4pC1dqdNHsW7bnpmF9mBadrbep4PoE9g==',
-          },
-          bc78eded90386d20: {
-            id: 65535,
-            key: 'pQABARn//wKhAFgg1xOfzMpWmpN2aBGW+0RG23L0I301pncd/HXqUm+pVyoDoQChAFggnl+dmwGW45AArcPutjUkAjYmhIbXBPrqkVrNyg0ZI08E9g==',
-          },
-        },
-      };
-      const text = new Uint8Array(Buffer.from('Hello', 'utf8'));
-      const otrBundle = await cryptographyService.encrypt(text, preKeyBundleMap);
-      expect(Object.keys(otrBundle).length).toBe(2);
-      expect(Object.keys(otrBundle[firstUserID]).length).toBe(3);
-      expect(Object.keys(otrBundle[secondUserID]).length).toBe(2);
-      expect(otrBundle[firstUserID][firstClientId]).toEqual(jasmine.any(Uint8Array));
-    });
-
-    it('does not generate a message counter twice when ran asynchronously multiple times for the same cryptographic session', async () => {
-      const userId = 'bc0c99f1-49a5-4ad2-889a-62885af37088';
-      const clientId = '5e80ea7886680975';
-      const preKeyBundleMap = {
-        [userId]: {
-          [clientId]: {
-            id: 1337,
-            key: 'pQABARn//wKhAFggJ1Fbpg5l6wnzKOJE+vXpRnkqUYhIvVnR5lNXEbO2o/0DoQChAFggHxZvgvtDktY/vqBcpjjo6rQnXvcNQhfwmy8AJQJKlD0E9g==',
-          },
-        },
-      };
-      const text = new Uint8Array([72, 101, 108, 108, 111, 33]); // "Hello!"
-      const encryptionRuns = 100;
-      const otrBundles = await Promise.all(
-        Array.from(Array(encryptionRuns).keys()).map(() => cryptographyService.encrypt(text, preKeyBundleMap)),
-      );
-      const encryptedPayloads = otrBundles.map(bundle => bundle[userId][clientId]);
-      const messageCounters = encryptedPayloads.map(encodedCiphertext => {
-        const messageBytes = encodedCiphertext;
-        const messageEnvelope = Proteus.message.Envelope.deserialise(messageBytes.buffer);
-        const preKeyMessage = messageEnvelope.message as Proteus.message.PreKeyMessage;
-        const cipherMessage = preKeyMessage.message;
-        return cipherMessage.counter;
-      });
-      const uniqueValues = messageCounters.filter((value, index, self) => self.indexOf(value) === index);
-      expect(uniqueValues.length).toBe(encryptionRuns);
-    });
-  });
-
-  describe('"encryptAsset"', () => {
-    it('encrypts and decrypts ArrayBuffer', async () => {
-      const bytes = new Uint8Array(16);
-      await promisify(crypto.randomFill)(bytes);
-      const byteBuffer = Buffer.from(bytes.buffer);
-
-      const encryptedAsset = await encryptAsset({plainText: byteBuffer});
-      const decryptedBuffer = await decryptAsset(encryptedAsset);
-
-      expect(decryptedBuffer).toEqual(byteBuffer);
-    });
-  });
-
-  describe('"encryptPayloadForSession"', () => {
-    it('encodes plaintext.', async () => {
-      const sessionWithBobId = 'bob-user-id@bob-client-id';
-      const text = new Uint8Array([72, 101, 108, 108, 111, 32, 66, 111, 98, 33]); // "Hello Bob!"
-      const encodedPreKey =
-        'pQABAQACoQBYIHOFFWPnWlr4sulxUWYoP0A6rsJiBO/Ec3Y914t67CIAA6EAoQBYIPFH5CK/a0YwKEx4n/+U/IPRN+mJXVv++MCs5Z4dLmz4BPY=';
-      const {sessionId, encryptedPayload} = (await cryptographyService['encryptPayloadForSession'](
-        sessionWithBobId,
-        text,
-        encodedPreKey,
-      )) as SessionPayloadBundle;
-      expect(Buffer.from(encryptedPayload).toString('utf8')).not.toBe('💣');
-      expect(sessionId).toBe(sessionWithBobId);
-    });
-
-    it('encodes invalid text as Bomb Emoji.', async () => {
-      const sessionWithBobId = 'bob-user-id@bob-client-id';
-      const encodedPreKey =
-        'pQABAQACoQBYIHOFFWPnWlr4sulxUWYoP0A6rsJiBO/Ec3Y914t67CIAA6EAoQBYIPFH5CK/a0YwKEx4n/+U/IPRN+mJXVv++MCs5Z4dLmz4BPY=';
-      const {sessionId, encryptedPayload} = (await cryptographyService['encryptPayloadForSession'](
-        sessionWithBobId,
-        undefined as any,
-        encodedPreKey,
-      )) as SessionPayloadBundle;
-      expect(Buffer.from(encryptedPayload).toString()).toBe('💣');
-      expect(sessionId).toBe(sessionWithBobId);
-    });
-  });
-});

package/src/main/cryptography/CryptographyService.ts

@@ -1,246 +0,0 @@
-/*
- * Wire
- * Copyright (C) 2018 Wire Swiss GmbH
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see http://www.gnu.org/licenses/.
- *
- */
-
-import type {APIClient} from '@wireapp/api-client';
-import type {PreKey as SerializedPreKey} from '@wireapp/api-client/src/auth/';
-import type {RegisteredClient} from '@wireapp/api-client/src/client/';
-import type {
-  OTRClientMap,
-  OTRRecipients,
-  QualifiedOTRRecipients,
-  QualifiedUserClients,
-  UserClients,
-} from '@wireapp/api-client/src/conversation/';
-import type {ConversationOtrMessageAddEvent} from '@wireapp/api-client/src/event';
-import type {QualifiedUserPreKeyBundleMap, UserPreKeyBundleMap} from '@wireapp/api-client/src/user/';
-import {Cryptobox} from '@wireapp/cryptobox';
-import {keys as ProteusKeys} from '@wireapp/proteus';
-import {GenericMessage} from '@wireapp/protocol-messaging';
-import type {CRUDEngine} from '@wireapp/store-engine';
-import {Decoder, Encoder} from 'bazinga64';
-import logdown from 'logdown';
-
-import {GenericMessageType, PayloadBundle, PayloadBundleSource} from '../conversation';
-import type {SessionPayloadBundle} from '../cryptography/';
-import {isUserClients} from '../util';
-import {CryptographyDatabaseRepository} from './CryptographyDatabaseRepository';
-import {GenericMessageMapper} from './GenericMessageMapper';
-
-export interface MetaClient extends RegisteredClient {
-  meta: {
-    is_verified?: boolean;
-    primary_key: string;
-  };
-}
-
-type CryptographyServiceOptions = {
-  federationDomain?: string;
-};
-
-export class CryptographyService {
-  private readonly logger: logdown.Logger;
-
-  public cryptobox: Cryptobox;
-  private readonly database: CryptographyDatabaseRepository;
-
-  constructor(
-    readonly apiClient: APIClient,
-    private readonly storeEngine: CRUDEngine,
-    private readonly options?: CryptographyServiceOptions,
-  ) {
-    this.cryptobox = new Cryptobox(this.storeEngine);
-    this.database = new CryptographyDatabaseRepository(this.storeEngine);
-    this.logger = logdown('@wireapp/core/cryptography/CryptographyService', {
-      logger: console,
-      markdown: false,
-    });
-    this.options = options;
-  }
-
-  public static constructSessionId(userId: string, clientId: string, domain: string | null): string {
-    const baseId = `${userId}@${clientId}`;
-    return domain ? `${domain}@${baseId}` : baseId;
-  }
-
-  public static convertArrayRecipientsToBase64(recipients: OTRRecipients<Uint8Array>): OTRRecipients<string> {
-    return Object.fromEntries(
-      Object.entries(recipients).map(([userId, otrClientMap]) => {
-        const otrClientMapWithBase64: OTRClientMap<string> = Object.fromEntries(
-          Object.entries(otrClientMap).map(([clientId, payload]) => {
-            return [clientId, Encoder.toBase64(payload).asString];
-          }),
-        );
-        return [userId, otrClientMapWithBase64];
-      }),
-    );
-  }
-
-  public static convertBase64RecipientsToArray(recipients: OTRRecipients<string>): OTRRecipients<Uint8Array> {
-    return Object.fromEntries(
-      Object.entries(recipients).map(([userId, otrClientMap]) => {
-        const otrClientMapWithUint8Array: OTRClientMap<Uint8Array> = Object.fromEntries(
-          Object.entries(otrClientMap).map(([clientId, payload]) => {
-            return [clientId, Decoder.fromBase64(payload).asBytes];
-          }),
-        );
-        return [userId, otrClientMapWithUint8Array];
-      }),
-    );
-  }
-
-  public async createCryptobox(): Promise<SerializedPreKey[]> {
-    const initialPreKeys = await this.cryptobox.create();
-
-    return initialPreKeys
-      .map(preKey => {
-        const preKeyJson = this.cryptobox.serialize_prekey(preKey);
-        if (preKeyJson.id !== ProteusKeys.PreKey.MAX_PREKEY_ID) {
-          return preKeyJson;
-        }
-        return {id: -1, key: ''};
-      })
-      .filter(serializedPreKey => serializedPreKey.key);
-  }
-
-  public decrypt(sessionId: string, encodedCiphertext: string): Promise<Uint8Array> {
-    this.logger.log(`Decrypting message for session ID "${sessionId}"`);
-    const messageBytes = Decoder.fromBase64(encodedCiphertext).asBytes;
-    return this.cryptobox.decrypt(sessionId, messageBytes.buffer);
-  }
-
-  private static dismantleSessionId(sessionId: string): {clientId: string; domain?: string; userId: string} {
-    // see https://regex101.com/r/c8FtCw/1
-    const regex = /((?<domain>.+)@)?(?<userId>.+)@(?<clientId>.+)$/g;
-    const match = regex.exec(sessionId);
-    const {domain, userId, clientId} = match?.groups || {};
-    return {clientId, domain, userId};
-  }
-
-  public async encryptQualified(
-    plainText: Uint8Array,
-    preKeyBundles: QualifiedUserPreKeyBundleMap | QualifiedUserClients,
-  ): Promise<QualifiedOTRRecipients> {
-    const qualifiedOTRRecipients: QualifiedOTRRecipients = {};
-
-    for (const [domain, preKeyBundleMap] of Object.entries(preKeyBundles)) {
-      qualifiedOTRRecipients[domain] = await this.encrypt(plainText, preKeyBundleMap, domain);
-    }
-
-    return qualifiedOTRRecipients;
-  }
-
-  public async encrypt(
-    plainText: Uint8Array,
-    users: UserPreKeyBundleMap | UserClients,
-    domain?: string,
-  ): Promise<OTRRecipients<Uint8Array>> {
-    const bundles: Promise<SessionPayloadBundle | undefined>[] = [];
-
-    for (const userId in users) {
-      const clientIds = isUserClients(users) ? users[userId] : Object.keys(users[userId]);
-      for (const clientId of clientIds) {
-        const base64PreKey = isUserClients(users) ? undefined : users[userId][clientId].key;
-        const sessionId = CryptographyService.constructSessionId(userId, clientId, domain || null);
-        bundles.push(this.encryptPayloadForSession(sessionId, plainText, base64PreKey));
-      }
-    }
-
-    const payloads = await Promise.all(bundles);
-
-    return payloads.reduce((recipients, payload) => {
-      if (!payload) {
-        return recipients;
-      }
-      const {encryptedPayload, sessionId} = payload;
-      const {userId, clientId} = CryptographyService.dismantleSessionId(sessionId);
-      recipients[userId] ||= {};
-      recipients[userId][clientId] = encryptedPayload;
-      return recipients;
-    }, {} as OTRRecipients<Uint8Array>);
-  }
-
-  private async encryptPayloadForSession(
-    sessionId: string,
-    plainText: Uint8Array,
-    base64EncodedPreKey?: string,
-  ): Promise<SessionPayloadBundle | undefined> {
-    this.logger.log(`Encrypting payload for session ID "${sessionId}"`);
-
-    let encryptedPayload: Uint8Array;
-
-    try {
-      const decodedPreKeyBundle = base64EncodedPreKey
-        ? Decoder.fromBase64(base64EncodedPreKey).asBytes.buffer
-        : undefined;
-      const payloadAsArrayBuffer = await this.cryptobox.encrypt(sessionId, plainText, decodedPreKeyBundle);
-      encryptedPayload = new Uint8Array(payloadAsArrayBuffer);
-    } catch (error) {
-      const notFoundErrorCode = 2;
-      if ((error as any).code === notFoundErrorCode) {
-        // If the session is not in the database, we just return undefined. Later on there will be a mismatch and the session will be created
-        return undefined;
-      }
-      this.logger.error(`Could not encrypt payload: ${(error as Error).message}`);
-      encryptedPayload = new Uint8Array(Buffer.from('💣', 'utf-8'));
-    }
-
-    return {encryptedPayload, sessionId};
-  }
-
-  public async initCryptobox(): Promise<void> {
-    await this.cryptobox.load();
-  }
-
-  public deleteCryptographyStores(): Promise<boolean[]> {
-    return this.database.deleteStores();
-  }
-
-  public async resetSession(sessionId: string): Promise<void> {
-    await this.cryptobox.session_delete(sessionId);
-    this.logger.log(`Deleted session ID "${sessionId}".`);
-  }
-
-  public async decodeGenericMessage(
-    otrMessage: ConversationOtrMessageAddEvent,
-    source: PayloadBundleSource,
-  ): Promise<PayloadBundle> {
-    const {
-      from,
-      qualified_from,
-      data: {sender, text: cipherText},
-    } = otrMessage;
-
-    const domain = this.options?.federationDomain ? qualified_from?.domain || this.options.federationDomain : null;
-    const sessionId = CryptographyService.constructSessionId(from, sender, domain);
-    const decryptedMessage = await this.decrypt(sessionId, cipherText);
-    const genericMessage = GenericMessage.decode(decryptedMessage);
-
-    if (genericMessage.content === GenericMessageType.EPHEMERAL) {
-      const unwrappedMessage = GenericMessageMapper.mapGenericMessage(genericMessage.ephemeral, otrMessage, source);
-      unwrappedMessage.id = genericMessage.messageId;
-      if (genericMessage.ephemeral) {
-        const expireAfterMillis = genericMessage.ephemeral.expireAfterMillis;
-        unwrappedMessage.messageTimer =
-          typeof expireAfterMillis === 'number' ? expireAfterMillis : expireAfterMillis.toNumber();
-      }
-      return unwrappedMessage;
-    }
-    return GenericMessageMapper.mapGenericMessage(genericMessage, otrMessage, source);
-  }
-}

package/src/main/cryptography/EncryptedAsset.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"EncryptedAsset.js","sourceRoot":"","sources":["EncryptedAsset.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG"}

package/src/main/cryptography/EncryptedAsset.ts

@@ -1,30 +0,0 @@
-/*
- * Wire
- * Copyright (C) 2018 Wire Swiss GmbH
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see http://www.gnu.org/licenses/.
- *
- */
-
-export interface EncryptedAsset {
-  cipherText: Buffer;
-  keyBytes: Buffer;
-  /** The SHA-256 sum of `cipherText` */
-  sha256: Buffer;
-}
-
-export interface EncryptedAssetUploaded extends EncryptedAsset {
-  key: string;
-  token: string;
-}

package/src/main/cryptography/GenericMessageMapper.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"GenericMessageMapper.js","sourceRoot":"","sources":["GenericMessageMapper.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;;;;;;;GAiBG;;;;;;AAGH,sDAA8B;AAC9B,kDAMyB;AAczB,MAAa,oBAAoB;IAM/B,qHAAqH;IACrH,oCAAoC;IAC7B,MAAM,CAAC,iBAAiB,CAC7B,cAAmB,EACnB,KAAqC,EACrC,MAA2B;QAE3B,MAAM,WAAW,GAA4C;YAC3D,YAAY,EAAE,KAAK,CAAC,YAAY;YAChC,qBAAqB,EAAE,KAAK,CAAC,sBAAsB;YACnD,aAAa,EAAE,KAAK,CAAC,cAAc;YACnC,YAAY,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM;YAC/B,IAAI,EAAE,KAAK,CAAC,IAAI;YAChB,KAAK,EAAE,iCAAkB,CAAC,QAAQ;YAClC,SAAS,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE;YACzC,EAAE,EAAE,cAAc,CAAC,SAAS;YAC5B,YAAY,EAAE,CAAC;YACf,MAAM;SACP,CAAC;QACF,QAAQ,cAAc,CAAC,OAAO,EAAE;YAC9B,KAAK,iCAAkB,CAAC,IAAI,CAAC,CAAC;gBAC5B,MAAM,EACJ,OAAO,EAAE,IAAI,EACb,uBAAuB,EACvB,eAAe,EACf,WAAW,EAAE,YAAY,EACzB,QAAQ,EACR,KAAK,GACN,GAAG,cAAc,CAAC,iCAAkB,CAAC,IAAI,CAAC,CAAC;gBAE5C,MAAM,OAAO,GAAgB,EAAC,uBAAuB,EAAE,eAAe,EAAE,IAAI,EAAC,CAAC;gBAE9E,IAAI,YAAY,aAAZ,YAAY,uBAAZ,YAAY,CAAE,MAAM,EAAE;oBACxB,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC;iBACrC;gBAED,IAAI,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,MAAM,EAAE;oBACpB,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC;iBAC7B;gBAED,IAAI,KAAK,EAAE;oBACT,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;iBACvB;gBAED,IAAI,OAAO,eAAe,KAAK,WAAW,EAAE;oBAC1C,OAAO,CAAC,eAAe,GAAG,eAAe,CAAC;iBAC3C;gBAED,uCACK,WAAW,KACd,OAAO,EACP,IAAI,EAAE,gCAAiB,CAAC,IAAI,IAC5B;aACH;YACD,KAAK,iCAAkB,CAAC,aAAa,CAAC,CAAC;gBACrC,uCACK,WAAW,KACd,OAAO,EAAE,cAAc,CAAC,YAAa,EACrC,IAAI,EAAE,gCAAiB,CAAC,aAAa,IACrC;aACH;YACD,KAAK,iCAAkB,CAAC,OAAO,CAAC,CAAC;gBAC/B,uCACK,WAAW,KACd,OAAO,EAAE,cAAc,CAAC,OAAO,CAAC,OAAO,EACvC,IAAI,EAAE,gCAAiB,CAAC,IAAI,IAC5B;aACH;YACD,KAAK,iCAAkB,CAAC,YAAY,CAAC,CAAC;gBACpC,MAAM,EAAC,cAAc,EAAE,cAAc,EAAE,IAAI,EAAC,GAAG,cAAc,CAAC,iCAAkB,CAAC,YAAY,CAAC,CAAC;gBAE/F,MAAM,OAAO,GAAwB,EAAC,cAAc,EAAE,cAAc,EAAE,IAAI,EAAC,CAAC;gBAE5E,uCACK,WAAW,KACd,OAAO,EACP,IAAI,EAAE,gCAAiB,CAAC,YAAY,IACpC;aACH;YACD,KAAK,iCAAkB,CAAC,OAAO,CAAC,CAAC;gBAC/B,MAAM,OAAO,GAAmB,cAAc,CAAC,iCAAkB,CAAC,OAAO,CAAC,CAAC;gBAE3E,uCACK,WAAW,KACd,OAAO,EACP,IAAI,EAAE,gCAAiB,CAAC,kBAAkB,IAC1C;aACH;YACD,KAAK,iCAAkB,CAAC,OAAO,CAAC,CAAC;gBAC/B,MAAM,iBAAiB,GAAG,cAAc,CAAC,iCAAkB,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC;gBAE/E,MAAM,OAAO,GAAmB,EAAC,SAAS,EAAE,iBAAiB,EAAC,CAAC;gBAE/D,uCACK,WAAW,KACd,OAAO,EACP,IAAI,EAAE,gCAAiB,CAAC,cAAc,IACtC;aACH;YACD,KAAK,iCAAkB,CAAC,MAAM,CAAC,CAAC;gBAC9B,MAAM,EACJ,uBAAuB,EACvB,IAAI,EAAE,EACJ,OAAO,EAAE,UAAU,EACnB,eAAe,EACf,WAAW,EAAE,kBAAkB,EAC/B,QAAQ,EAAE,cAAc,EACxB,KAAK,EAAE,WAAW,GACnB,EACD,kBAAkB,GACnB,GAAG,cAAc,CAAC,iCAAkB,CAAC,MAAM,CAAC,CAAC;gBAE9C,MAAM,OAAO,GAAsB;oBACjC,uBAAuB;oBACvB,eAAe;oBACf,iBAAiB,EAAE,kBAAkB;oBACrC,IAAI,EAAE,UAAU;iBACjB,CAAC;gBAEF,IAAI,kBAAkB,aAAlB,kBAAkB,uBAAlB,kBAAkB,CAAE,MAAM,EAAE;oBAC9B,OAAO,CAAC,YAAY,GAAG,kBAAkB,CAAC;iBAC3C;gBAED,IAAI,cAAc,aAAd,cAAc,uBAAd,cAAc,CAAE,MAAM,EAAE;oBAC1B,OAAO,CAAC,QAAQ,GAAG,cAAc,CAAC;iBACnC;gBAED,IAAI,WAAW,EAAE;oBACf,OAAO,CAAC,KAAK,GAAG,WAAW,CAAC;iBAC7B;gBAED,uCACK,WAAW,KACd,OAAO,EACP,IAAI,EAAE,gCAAiB,CAAC,YAAY,IACpC;aACH;YACD,KAAK,iCAAkB,CAAC,MAAM,CAAC,CAAC;gBAC9B,MAAM,EAAC,cAAc,EAAE,SAAS,EAAC,GAAG,cAAc,CAAC,iCAAkB,CAAC,MAAM,CAAC,CAAC;gBAE9E,MAAM,OAAO,GAAkB;oBAC7B,cAAc;oBACd,SAAS;iBACV,CAAC;gBAEF,uCACK,WAAW,KACd,OAAO,EACP,IAAI,EAAE,gCAAiB,CAAC,YAAY,IACpC;aACH;YACD,KAAK,iCAAkB,CAAC,KAAK,CAAC,CAAC;gBAC7B,MAAM,EAAC,uBAAuB,EAAE,eAAe,EAAC,GAAG,cAAc,CAAC,iCAAkB,CAAC,KAAK,CAAC,CAAC;gBAC5F,MAAM,OAAO,GAAiB,EAAC,uBAAuB,EAAE,QAAQ,EAAE,KAAK,EAAE,eAAe,EAAC,CAAC;gBAE1F,uCACK,WAAW,KACd,OAAO,EACP,IAAI,EAAE,gCAAiB,CAAC,IAAI,IAC5B;aACH;YACD,KAAK,iCAAkB,CAAC,QAAQ,CAAC,CAAC;gBAChC,MAAM,EAAC,uBAAuB,EAAE,QAAQ,EAAE,eAAe,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAC,GAC/E,cAAc,CAAC,iCAAkB,CAAC,QAAQ,CAAC,CAAC;gBAE9C,MAAM,OAAO,GAAoB;oBAC/B,uBAAuB;oBACvB,QAAQ;oBACR,eAAe;oBACf,SAAS;oBACT,IAAI;oBACJ,IAAI;iBACL,CAAC;gBAEF,uCACK,WAAW,KACd,OAAO,EACP,IAAI,EAAE,gCAAiB,CAAC,QAAQ,IAChC;aACH;YACD,KAAK,iCAAkB,CAAC,KAAK,CAAC,CAAC;gBAC7B,MAAM,EAAC,uBAAuB,EAAE,eAAe,EAAE,WAAW,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAC,GAChG,cAAc,CAAC,iCAAkB,CAAC,KAAK,CAAC,CAAC;gBAC3C,MAAM,OAAO,GAAG,CAAC,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,OAAO,CAAA,IAAI,CAAC,CAAC,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,KAAK,CAAA,CAAC;gBAEzD,MAAM,OAAO,GAAiB;oBAC5B,WAAW,EAAE,WAAW;oBACxB,uBAAuB;oBACvB,eAAe;oBACf,QAAQ;oBACR,OAAO;oBACP,MAAM;oBACN,QAAQ;iBACT,CAAC;gBAEF,uCACK,WAAW,KACd,OAAO,EACP,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,gCAAiB,CAAC,WAAW,CAAC,CAAC,CAAC,gCAAiB,CAAC,KAAK,IACvE;aACH;YACD,KAAK,iCAAkB,CAAC,QAAQ,CAAC,CAAC;gBAChC,MAAM,EAAC,KAAK,EAAE,eAAe,EAAE,SAAS,EAAC,GAAG,cAAc,CAAC,iCAAkB,CAAC,QAAQ,CAAC,CAAC;gBAExF,MAAM,OAAO,GAAoB;oBAC/B,eAAe;oBACf,iBAAiB,EAAE,SAAS;oBAC5B,IAAI,EAAE,KAAK;iBACZ,CAAC;gBAEF,uCACK,WAAW,KACd,OAAO,EACP,IAAI,EAAE,gCAAiB,CAAC,QAAQ,IAChC;aACH;YACD,OAAO,CAAC,CAAC;gBACP,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,cAAc,CAAC,OAAO,MAAM,IAAI,CAAC,SAAS,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC;gBACxG,uCACK,WAAW,KACd,OAAO,EAAE,cAAc,CAAC,OAAO,EAC/B,IAAI,EAAE,gCAAiB,CAAC,OAAO,IAC/B;aACH;SACF;IACH,CAAC;;AAvOH,oDAwOC;AAvOyB,2BAAM,GAAG,IAAA,iBAAO,EAAC,iDAAiD,EAAE;IAC1F,MAAM,EAAE,OAAO;IACf,QAAQ,EAAE,KAAK;CAChB,CAAC,CAAC"}