@wireapp/core 43.7.0 → 43.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/Account.d.ts +12 -3
- package/lib/Account.d.ts.map +1 -1
- package/lib/Account.js +3 -3
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.d.ts +72 -104
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.js +14 -33
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.types.d.ts +2 -3
- package/lib/messagingProtocols/mls/E2EIdentityService/Connection/AcmeServer/AcmeService.types.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIService.types.d.ts +2 -5
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIService.types.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts +8 -7
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/E2EIServiceInternal.js +57 -119
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.d.ts +2 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.js +3 -3
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts +6 -10
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.d.ts +2 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.d.ts +13 -17
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Order.d.ts +4 -4
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Order.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Steps/Order.js +9 -10
- package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.js +2 -2
- package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.schema.d.ts +5 -0
- package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.schema.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.schema.js +1 -0
- package/lib/messagingProtocols/mls/MLSService/MLSService.d.ts +11 -2
- package/lib/messagingProtocols/mls/MLSService/MLSService.d.ts.map +1 -1
- package/lib/messagingProtocols/mls/MLSService/MLSService.js +36 -40
- package/package.json +4 -4
|
@@ -66,27 +66,15 @@ class E2EIServiceInternal {
|
|
|
66
66
|
async startCertificateProcess(hasActiveCertificate) {
|
|
67
67
|
// Step 0: Check if we have a handle in local storage
|
|
68
68
|
// If we don't have a handle, we need to start a new OAuth flow
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
await this.initIdentity(hasActiveCertificate);
|
|
72
|
-
return this.startNewOAuthFlow();
|
|
73
|
-
}
|
|
74
|
-
catch (error) {
|
|
75
|
-
return this.exitWithError('Error while trying to start OAuth flow with error:', error);
|
|
76
|
-
}
|
|
69
|
+
await this.initIdentity(hasActiveCertificate);
|
|
70
|
+
return this.startNewOAuthFlow();
|
|
77
71
|
}
|
|
78
72
|
async continueCertificateProcess(oAuthIdToken) {
|
|
79
73
|
// If we don't have a handle, we need to start a new OAuth flow
|
|
80
74
|
if (this.e2eServiceExternal.isEnrollmentInProgress()) {
|
|
81
|
-
|
|
82
|
-
return this.continueOAuthFlow(oAuthIdToken);
|
|
83
|
-
}
|
|
84
|
-
catch (error) {
|
|
85
|
-
return this.exitWithError('Error while trying to continue OAuth flow with error:', error);
|
|
86
|
-
}
|
|
75
|
+
return this.continueOAuthFlow(oAuthIdToken);
|
|
87
76
|
}
|
|
88
|
-
|
|
89
|
-
return undefined;
|
|
77
|
+
throw new Error('Error while trying to continue OAuth flow. No enrollment in progress found');
|
|
90
78
|
}
|
|
91
79
|
// ############ Internal Functions ############
|
|
92
80
|
async initIdentity(hasActiveCertificate) {
|
|
@@ -95,63 +83,35 @@ class E2EIServiceInternal {
|
|
|
95
83
|
const expiryDays = 90;
|
|
96
84
|
const ciphersuite = E2EIService_types_1.Ciphersuite.MLS_128_DHKEMX25519_AES128GCM_SHA256_Ed25519;
|
|
97
85
|
if (hasActiveCertificate) {
|
|
98
|
-
|
|
99
|
-
this.identity = await this.coreCryptoClient.e2eiNewRotateEnrollment(expiryDays, ciphersuite, user.displayName, user.handle);
|
|
100
|
-
}
|
|
101
|
-
catch (error) {
|
|
102
|
-
this.logger.error('Error while trying to initIdentity e2eiNewRotateEnrollment', error);
|
|
103
|
-
throw error;
|
|
104
|
-
}
|
|
86
|
+
this.identity = await this.coreCryptoClient.e2eiNewRotateEnrollment(expiryDays, ciphersuite, user.displayName, user.handle, user.teamId);
|
|
105
87
|
}
|
|
106
88
|
else {
|
|
107
|
-
this.identity = await this.coreCryptoClient.e2eiNewActivationEnrollment(user.displayName, user.handle, expiryDays, ciphersuite);
|
|
89
|
+
this.identity = await this.coreCryptoClient.e2eiNewActivationEnrollment(user.displayName, user.handle, expiryDays, ciphersuite, user.teamId);
|
|
108
90
|
}
|
|
109
91
|
}
|
|
110
|
-
exitWithError(message, error) {
|
|
111
|
-
this.logger.error(message, error);
|
|
112
|
-
return undefined;
|
|
113
|
-
}
|
|
114
92
|
async init(params) {
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
throw new Error();
|
|
120
|
-
}
|
|
121
|
-
this.acmeService = new AcmeServer_1.AcmeService(discoveryUrl);
|
|
122
|
-
this.isInitialized = true;
|
|
123
|
-
}
|
|
124
|
-
catch (error) {
|
|
125
|
-
this.logger.error('Error while trying to initialize E2eIdentityService', error);
|
|
126
|
-
throw error;
|
|
93
|
+
const { user, clientId, discoveryUrl } = params;
|
|
94
|
+
if (!user || !clientId) {
|
|
95
|
+
this.logger.error('user and clientId are required to initialize E2eIdentityService');
|
|
96
|
+
throw new Error();
|
|
127
97
|
}
|
|
98
|
+
this.acmeService = new AcmeServer_1.AcmeService(discoveryUrl);
|
|
99
|
+
this.isInitialized = true;
|
|
128
100
|
}
|
|
129
101
|
async getDirectory(identity, connection) {
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
return parsedDirectory;
|
|
135
|
-
}
|
|
136
|
-
}
|
|
137
|
-
catch (error) {
|
|
138
|
-
this.logger.error('Error while trying to receive a directory', error);
|
|
139
|
-
throw error;
|
|
102
|
+
const directory = await connection.getDirectory();
|
|
103
|
+
if (directory) {
|
|
104
|
+
const parsedDirectory = identity.directoryResponse(directory);
|
|
105
|
+
return parsedDirectory;
|
|
140
106
|
}
|
|
141
107
|
return undefined;
|
|
142
108
|
}
|
|
143
109
|
async getInitialNonce(directory, connection) {
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
if (nonce) {
|
|
147
|
-
return nonce;
|
|
148
|
-
}
|
|
110
|
+
const nonce = await connection.getInitialNonce(directory.newNonce);
|
|
111
|
+
if (!nonce) {
|
|
149
112
|
throw new Error('No initial-nonce received');
|
|
150
113
|
}
|
|
151
|
-
|
|
152
|
-
this.logger.error('Error while trying to receive a nonce', error);
|
|
153
|
-
throw error;
|
|
154
|
-
}
|
|
114
|
+
return nonce;
|
|
155
115
|
}
|
|
156
116
|
/**
|
|
157
117
|
* Start of the ACME enrollment flow
|
|
@@ -159,7 +119,7 @@ class E2EIServiceInternal {
|
|
|
159
119
|
*
|
|
160
120
|
* @returns authData
|
|
161
121
|
*/
|
|
162
|
-
async
|
|
122
|
+
async getEnrollmentChallenges() {
|
|
163
123
|
if (!this.isInitialized || !this.identity || !this.acmeService) {
|
|
164
124
|
throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
|
|
165
125
|
}
|
|
@@ -173,31 +133,32 @@ class E2EIServiceInternal {
|
|
|
173
133
|
if (!nonce) {
|
|
174
134
|
throw new Error('Error while trying to start OAuth flow. No nonce received');
|
|
175
135
|
}
|
|
136
|
+
const { acmeService, identity } = this;
|
|
176
137
|
// Step 2: Create a new account
|
|
177
138
|
const newAccountNonce = await (0, Account_1.createNewAccount)({
|
|
178
|
-
connection:
|
|
139
|
+
connection: acmeService,
|
|
179
140
|
directory,
|
|
180
|
-
identity
|
|
141
|
+
identity,
|
|
181
142
|
nonce,
|
|
182
143
|
});
|
|
183
144
|
// Step 3: Create a new order
|
|
184
145
|
const orderData = await (0, Order_1.createNewOrder)({
|
|
185
146
|
directory,
|
|
186
|
-
connection:
|
|
187
|
-
identity
|
|
147
|
+
connection: acmeService,
|
|
148
|
+
identity,
|
|
188
149
|
nonce: newAccountNonce,
|
|
189
150
|
});
|
|
190
151
|
// Step 4: Get authorization challenges
|
|
191
|
-
const
|
|
192
|
-
connection:
|
|
193
|
-
identity:
|
|
194
|
-
authzUrl: orderData.
|
|
152
|
+
const authChallenges = await (0, Authorization_1.getAuthorizationChallenges)({
|
|
153
|
+
connection: acmeService,
|
|
154
|
+
identity: identity,
|
|
155
|
+
authzUrl: orderData.authzUrls[0],
|
|
195
156
|
nonce: orderData.nonce,
|
|
196
157
|
});
|
|
197
158
|
// Store the values in local storage for later use (e.g. in the continue flow)
|
|
198
|
-
E2EIStorage_1.E2EIStorage.store.authData(
|
|
159
|
+
E2EIStorage_1.E2EIStorage.store.authData(authChallenges);
|
|
199
160
|
E2EIStorage_1.E2EIStorage.store.orderData({ orderUrl: orderData.orderUrl });
|
|
200
|
-
return
|
|
161
|
+
return authChallenges;
|
|
201
162
|
}
|
|
202
163
|
/**
|
|
203
164
|
* Continuation of the ACME enrollment flow
|
|
@@ -207,14 +168,10 @@ class E2EIServiceInternal {
|
|
|
207
168
|
* @param oAuthIdToken
|
|
208
169
|
* @returns RotateBundle
|
|
209
170
|
*/
|
|
210
|
-
async getRotateBundleAndStoreCertificateData(oAuthIdToken) {
|
|
171
|
+
async getRotateBundleAndStoreCertificateData(oAuthIdToken, authData) {
|
|
211
172
|
if (!this.isInitialized || !this.identity || !this.acmeService) {
|
|
212
173
|
throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
|
|
213
174
|
}
|
|
214
|
-
const authData = E2EIStorage_1.E2EIStorage.get.authData();
|
|
215
|
-
if (!authData.authorization.wireOidcChallenge) {
|
|
216
|
-
throw new Error('Error while trying to continue OAuth flow. No wireOidcChallenge received');
|
|
217
|
-
}
|
|
218
175
|
// Step 7: Do OIDC client challenge
|
|
219
176
|
const oidcData = await (0, OidcChallenge_1.doWireOidcChallenge)({
|
|
220
177
|
coreCryptoClient: this.coreCryptoClient,
|
|
@@ -266,13 +223,7 @@ class E2EIServiceInternal {
|
|
|
266
223
|
throw new Error('Error while trying to continue OAuth flow. No certificate received');
|
|
267
224
|
}
|
|
268
225
|
// Step 10: Initialize MLS with the certificate
|
|
269
|
-
|
|
270
|
-
return await this.coreCryptoClient.e2eiRotateAll(this.identity, certificate, this.keyPackagesAmount);
|
|
271
|
-
}
|
|
272
|
-
catch (error) {
|
|
273
|
-
this.logger.error('Error while e2eiRotateAll', error);
|
|
274
|
-
throw error;
|
|
275
|
-
}
|
|
226
|
+
return this.coreCryptoClient.e2eiRotateAll(this.identity, certificate, this.keyPackagesAmount);
|
|
276
227
|
}
|
|
277
228
|
/**
|
|
278
229
|
* This function starts a new ACME enrollment flow for either a new client
|
|
@@ -280,23 +231,21 @@ class E2EIServiceInternal {
|
|
|
280
231
|
*/
|
|
281
232
|
async startNewOAuthFlow() {
|
|
282
233
|
if (this.e2eServiceExternal.isEnrollmentInProgress()) {
|
|
283
|
-
|
|
234
|
+
throw new Error('Error while trying to start OAuth flow. There is already a flow in progress');
|
|
284
235
|
}
|
|
285
236
|
if (!this.isInitialized || !this.identity) {
|
|
286
|
-
|
|
237
|
+
throw new Error('Error while trying to start OAuth flow. E2eIdentityService is not fully initialized');
|
|
287
238
|
}
|
|
288
|
-
const {
|
|
289
|
-
|
|
290
|
-
|
|
291
|
-
if (wireOidcChallenge && keyauth) {
|
|
292
|
-
// stash the identity for later use
|
|
293
|
-
const handle = await this.coreCryptoClient.e2eiEnrollmentStash(this.identity);
|
|
294
|
-
// stash the handle in local storage
|
|
295
|
-
E2EIStorage_1.E2EIStorage.store.handle(bazinga64_1.Encoder.toBase64(handle).asString);
|
|
296
|
-
// we need to pass back the aquired wireOidcChallenge to the UI
|
|
297
|
-
return { challenge: wireOidcChallenge, keyAuth: keyauth };
|
|
239
|
+
const { authorization: { wireOidcChallenge, keyauth }, } = await this.getEnrollmentChallenges();
|
|
240
|
+
if (!wireOidcChallenge || !keyauth) {
|
|
241
|
+
throw new Error('missing wireOidcChallenge or keyauth');
|
|
298
242
|
}
|
|
299
|
-
|
|
243
|
+
// stash the identity for later use
|
|
244
|
+
const handle = await this.coreCryptoClient.e2eiEnrollmentStash(this.identity);
|
|
245
|
+
// stash the handle in local storage
|
|
246
|
+
E2EIStorage_1.E2EIStorage.store.handle(bazinga64_1.Encoder.toBase64(handle).asString);
|
|
247
|
+
// we need to pass back the aquired wireOidcChallenge to the UI
|
|
248
|
+
return { challenge: wireOidcChallenge, keyAuth: keyauth };
|
|
300
249
|
}
|
|
301
250
|
/**
|
|
302
251
|
* This function continues an ACME flow for either a new client
|
|
@@ -307,19 +256,14 @@ class E2EIServiceInternal {
|
|
|
307
256
|
*/
|
|
308
257
|
async continueOAuthFlow(oAuthIdToken) {
|
|
309
258
|
// If we have a handle, the user has already started the process to authenticate with the OIDC provider. We can continue the flow.
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
return this.exitWithError('Error while trying to continue OAuth flow. AcmeService is not initialized');
|
|
313
|
-
}
|
|
314
|
-
const handle = E2EIStorage_1.E2EIStorage.get.handle();
|
|
315
|
-
this.identity = await this.coreCryptoClient.e2eiEnrollmentStashPop(bazinga64_1.Decoder.fromBase64(handle).asBytes);
|
|
316
|
-
this.logger.log('retrieved identity from stash');
|
|
317
|
-
return await this.getRotateBundleAndStoreCertificateData(oAuthIdToken);
|
|
318
|
-
}
|
|
319
|
-
catch (error) {
|
|
320
|
-
this.logger.error('Error while trying to continue OAuth flow', error);
|
|
321
|
-
throw error;
|
|
259
|
+
if (!this.acmeService) {
|
|
260
|
+
throw new Error('Error while trying to continue OAuth flow. AcmeService is not initialized');
|
|
322
261
|
}
|
|
262
|
+
const handle = E2EIStorage_1.E2EIStorage.get.handle();
|
|
263
|
+
const authData = E2EIStorage_1.E2EIStorage.get.authData();
|
|
264
|
+
this.identity = await this.coreCryptoClient.e2eiEnrollmentStashPop(bazinga64_1.Decoder.fromBase64(handle).asBytes);
|
|
265
|
+
this.logger.log('retrieved identity from stash');
|
|
266
|
+
return this.getRotateBundleAndStoreCertificateData(oAuthIdToken, authData);
|
|
323
267
|
}
|
|
324
268
|
/**
|
|
325
269
|
* This function starts a ACME refresh flow for an existing client with a valid refresh token
|
|
@@ -329,19 +273,13 @@ class E2EIServiceInternal {
|
|
|
329
273
|
*/
|
|
330
274
|
async startRefreshCertficateFlow(oAuthIdToken, hasActiveCertificate) {
|
|
331
275
|
// we dont have an oauth flow since we already get the oAuthIdToken from the client
|
|
332
|
-
|
|
333
|
-
|
|
334
|
-
return this.exitWithError('Error while trying to continue OAuth flow. AcmeService is not initialized');
|
|
335
|
-
}
|
|
336
|
-
// We need to initialize the identity
|
|
337
|
-
await this.initIdentity(hasActiveCertificate);
|
|
338
|
-
await this.getAndStoreInitialEnrollmentData();
|
|
339
|
-
return await this.getRotateBundleAndStoreCertificateData(oAuthIdToken);
|
|
340
|
-
}
|
|
341
|
-
catch (error) {
|
|
342
|
-
this.logger.error('Error while trying do the certificate refresh flow', error);
|
|
343
|
-
throw error;
|
|
276
|
+
if (!this.acmeService) {
|
|
277
|
+
throw new Error('Error while trying to continue OAuth flow. AcmeService is not initialized');
|
|
344
278
|
}
|
|
279
|
+
// We need to initialize the identity
|
|
280
|
+
await this.initIdentity(hasActiveCertificate);
|
|
281
|
+
const authData = await this.getEnrollmentChallenges();
|
|
282
|
+
return this.getRotateBundleAndStoreCertificateData(oAuthIdToken, authData);
|
|
345
283
|
}
|
|
346
284
|
}
|
|
347
285
|
exports.E2EIServiceInternal = E2EIServiceInternal;
|
|
@@ -6,10 +6,10 @@ interface GetAuthorizationParams {
|
|
|
6
6
|
identity: E2eiEnrollment;
|
|
7
7
|
connection: AcmeService;
|
|
8
8
|
}
|
|
9
|
-
export type
|
|
9
|
+
export type AuthorizationChallenge = {
|
|
10
10
|
authorization: NewAcmeAuthz;
|
|
11
11
|
nonce: Nonce;
|
|
12
12
|
};
|
|
13
|
-
export declare const
|
|
13
|
+
export declare const getAuthorizationChallenges: ({ authzUrl, nonce, identity, connection, }: GetAuthorizationParams) => Promise<AuthorizationChallenge>;
|
|
14
14
|
export {};
|
|
15
15
|
//# sourceMappingURL=Authorization.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Authorization.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGzE,UAAU,sBAAsB;IAC9B,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,
|
|
1
|
+
{"version":3,"file":"Authorization.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Authorization.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGzE,UAAU,sBAAsB;IAC9B,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,sBAAsB,GAAG;IAAC,aAAa,EAAE,YAAY,CAAC;IAAC,KAAK,EAAE,KAAK,CAAA;CAAC,CAAC;AAEjF,eAAO,MAAM,0BAA0B,+CAKpC,sBAAsB,KAAG,QAAQ,sBAAsB,CA4BzD,CAAC"}
|
|
@@ -18,9 +18,9 @@
|
|
|
18
18
|
*
|
|
19
19
|
*/
|
|
20
20
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
21
|
-
exports.
|
|
21
|
+
exports.getAuthorizationChallenges = void 0;
|
|
22
22
|
const Helper_1 = require("../Helper");
|
|
23
|
-
const
|
|
23
|
+
const getAuthorizationChallenges = async ({ authzUrl, nonce, identity, connection, }) => {
|
|
24
24
|
const reqBody = await identity.newAuthzRequest(authzUrl, nonce);
|
|
25
25
|
const response = await connection.getAuthorization(authzUrl, reqBody);
|
|
26
26
|
if ((response === null || response === void 0 ? void 0 : response.data) && !!response.data.status.length && !!response.nonce.length) {
|
|
@@ -47,4 +47,4 @@ const getAuthorization = async ({ authzUrl, nonce, identity, connection, }) => {
|
|
|
47
47
|
}
|
|
48
48
|
throw new Error('No authorization-data received');
|
|
49
49
|
};
|
|
50
|
-
exports.
|
|
50
|
+
exports.getAuthorizationChallenges = getAuthorizationChallenges;
|
package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts
CHANGED
|
@@ -1,12 +1,8 @@
|
|
|
1
1
|
import { DoWireDpopChallengeParams } from './DpopChallenge.types';
|
|
2
|
-
export declare const doWireDpopChallenge: ({ apiClient, clientId, authData, identity, nonce, connection, expirySecs, userDomain, }: DoWireDpopChallengeParams) => Promise<{
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
};
|
|
9
|
-
nonce: string;
|
|
10
|
-
location?: string | undefined;
|
|
11
|
-
}>;
|
|
2
|
+
export declare const doWireDpopChallenge: ({ apiClient, clientId, authData, identity, nonce, connection, expirySecs, userDomain, }: DoWireDpopChallengeParams) => Promise<import("../../Connection/AcmeServer/AcmeService.types").PostJoseRequestReturnValue<{
|
|
3
|
+
type: string;
|
|
4
|
+
url: string;
|
|
5
|
+
status: string;
|
|
6
|
+
token: string;
|
|
7
|
+
}>>;
|
|
12
8
|
//# sourceMappingURL=DpopChallenge.d.ts.map
|
package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DpopChallenge.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,yBAAyB,EAAmD,MAAM,uBAAuB,CAAC;AA6BlH,eAAO,MAAM,mBAAmB,4FAS7B,yBAAyB
|
|
1
|
+
{"version":3,"file":"DpopChallenge.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,yBAAyB,EAAmD,MAAM,uBAAuB,CAAC;AA6BlH,eAAO,MAAM,mBAAmB,4FAS7B,yBAAyB;;;;;GA+B3B,CAAC"}
|
package/lib/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.d.ts
CHANGED
|
@@ -2,12 +2,12 @@ import { APIClient } from '@wireapp/api-client';
|
|
|
2
2
|
import { ClientId } from '../../../types';
|
|
3
3
|
import { AcmeService } from '../../Connection/AcmeServer';
|
|
4
4
|
import { E2eiEnrollment, Nonce, User } from '../../E2EIService.types';
|
|
5
|
-
import {
|
|
5
|
+
import { AuthorizationChallenge } from '../Authorization';
|
|
6
6
|
export interface DoWireDpopChallengeParams {
|
|
7
7
|
apiClient: APIClient;
|
|
8
8
|
clientId: ClientId;
|
|
9
9
|
userDomain: User['domain'];
|
|
10
|
-
authData:
|
|
10
|
+
authData: AuthorizationChallenge;
|
|
11
11
|
identity: E2eiEnrollment;
|
|
12
12
|
connection: AcmeService;
|
|
13
13
|
nonce: Nonce;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DpopChallenge.types.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAE9C,OAAO,EAAC,QAAQ,EAAC,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAC,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAC,cAAc,EAAE,KAAK,EAAE,IAAI,EAAC,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAC,
|
|
1
|
+
{"version":3,"file":"DpopChallenge.types.d.ts","sourceRoot":"","sources":["../../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/DpopChallenge/DpopChallenge.types.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAE9C,OAAO,EAAC,QAAQ,EAAC,MAAM,gBAAgB,CAAC;AACxC,OAAO,EAAC,WAAW,EAAC,MAAM,6BAA6B,CAAC;AACxD,OAAO,EAAC,cAAc,EAAE,KAAK,EAAE,IAAI,EAAC,MAAM,yBAAyB,CAAC;AACpE,OAAO,EAAC,sBAAsB,EAAC,MAAM,kBAAkB,CAAC;AAExD,MAAM,WAAW,yBAAyB;IACxC,SAAS,EAAE,SAAS,CAAC;IACrB,QAAQ,EAAE,QAAQ,CAAC;IACnB,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3B,QAAQ,EAAE,sBAAsB,CAAC;IACjC,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;IACxB,KAAK,EAAE,KAAK,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,oBAAoB,GAAG,IAAI,CAAC,yBAAyB,EAAE,UAAU,GAAG,WAAW,CAAC,CAAC;AAE7F,MAAM,MAAM,0BAA0B,GAAG,IAAI,CAC3C,yBAAyB,EACzB,UAAU,GAAG,WAAW,GAAG,UAAU,GAAG,YAAY,GAAG,YAAY,CACpE,GAAG;IACF,WAAW,EAAE,KAAK,CAAC;CACpB,CAAC"}
|
|
@@ -1,29 +1,25 @@
|
|
|
1
|
-
import {
|
|
1
|
+
import { AuthorizationChallenge } from './Authorization';
|
|
2
2
|
import { AcmeService } from '../Connection/AcmeServer';
|
|
3
3
|
import { CoreCrypto, E2eiEnrollment, Nonce } from '../E2EIService.types';
|
|
4
4
|
interface DoWireOidcChallengeParams {
|
|
5
5
|
coreCryptoClient: CoreCrypto;
|
|
6
|
-
authData:
|
|
6
|
+
authData: AuthorizationChallenge;
|
|
7
7
|
identity: E2eiEnrollment;
|
|
8
8
|
connection: AcmeService;
|
|
9
9
|
nonce: Nonce;
|
|
10
10
|
oAuthIdToken: string;
|
|
11
11
|
}
|
|
12
|
-
export declare const doWireOidcChallenge: ({ coreCryptoClient, connection, authData, identity, nonce, oAuthIdToken, }: DoWireOidcChallengeParams) => Promise<{
|
|
13
|
-
|
|
12
|
+
export declare const doWireOidcChallenge: ({ coreCryptoClient, connection, authData, identity, nonce, oAuthIdToken, }: DoWireOidcChallengeParams) => Promise<import("../Connection/AcmeServer/AcmeService.types").PostJoseRequestReturnValue<{
|
|
13
|
+
type: string;
|
|
14
|
+
url: string;
|
|
15
|
+
target: string;
|
|
16
|
+
status: string;
|
|
17
|
+
token: string;
|
|
18
|
+
validated?: string | undefined;
|
|
19
|
+
error?: {
|
|
14
20
|
type: string;
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
token: string;
|
|
19
|
-
validated?: string | undefined;
|
|
20
|
-
error?: {
|
|
21
|
-
type: string;
|
|
22
|
-
detail: string;
|
|
23
|
-
} | undefined;
|
|
24
|
-
};
|
|
25
|
-
nonce: string;
|
|
26
|
-
location?: string | undefined;
|
|
27
|
-
}>;
|
|
21
|
+
detail: string;
|
|
22
|
+
} | undefined;
|
|
23
|
+
}>>;
|
|
28
24
|
export {};
|
|
29
25
|
//# sourceMappingURL=OidcChallenge.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"OidcChallenge.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,
|
|
1
|
+
{"version":3,"file":"OidcChallenge.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/OidcChallenge.ts"],"names":[],"mappings":"AAqBA,OAAO,EAAC,sBAAsB,EAAC,MAAM,iBAAiB,CAAC;AAEvD,OAAO,EAAC,WAAW,EAAC,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAC,UAAU,EAAE,cAAc,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAEvE,UAAU,yBAAyB;IACjC,gBAAgB,EAAE,UAAU,CAAC;IAC7B,QAAQ,EAAE,sBAAsB,CAAC;IACjC,QAAQ,EAAE,cAAc,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;IACxB,KAAK,EAAE,KAAK,CAAC;IACb,YAAY,EAAE,MAAM,CAAC;CACtB;AAED,eAAO,MAAM,mBAAmB,+EAO7B,yBAAyB;;;;;;;;;;;GAmB3B,CAAC"}
|
|
@@ -7,13 +7,13 @@ export interface CreateNewOrderParams {
|
|
|
7
7
|
directory: AcmeDirectory;
|
|
8
8
|
connection: AcmeService;
|
|
9
9
|
}
|
|
10
|
-
export type CreateNewOrderReturnValue =
|
|
10
|
+
export type CreateNewOrderReturnValue = {
|
|
11
11
|
order: NewAcmeOrder;
|
|
12
12
|
nonce: string;
|
|
13
|
-
|
|
13
|
+
authzUrls: string[];
|
|
14
14
|
orderUrl: OrderUrl;
|
|
15
|
-
}
|
|
16
|
-
export declare const createNewOrder: ({ identity, nonce, directory, connection, }: CreateNewOrderParams) => CreateNewOrderReturnValue
|
|
15
|
+
};
|
|
16
|
+
export declare const createNewOrder: ({ identity, nonce, directory, connection, }: CreateNewOrderParams) => Promise<CreateNewOrderReturnValue>;
|
|
17
17
|
export interface FinalizeOrderParams {
|
|
18
18
|
connection: AcmeService;
|
|
19
19
|
identity: E2eiEnrollment;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Order.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Order.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGxF,KAAK,QAAQ,GAAG,MAAM,CAAC;AAEvB,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,SAAS,EAAE,aAAa,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,yBAAyB,GAAG
|
|
1
|
+
{"version":3,"file":"Order.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Steps/Order.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,WAAW,EAAC,MAAM,eAAe,CAAC;AAC1C,OAAO,EAAC,aAAa,EAAE,cAAc,EAAE,YAAY,EAAE,KAAK,EAAC,MAAM,sBAAsB,CAAC;AAGxF,KAAK,QAAQ,GAAG,MAAM,CAAC;AAEvB,MAAM,WAAW,oBAAoB;IACnC,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,SAAS,EAAE,aAAa,CAAC;IACzB,UAAU,EAAE,WAAW,CAAC;CACzB;AACD,MAAM,MAAM,yBAAyB,GAAG;IACtC,KAAK,EAAE,YAAY,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,QAAQ,EAAE,QAAQ,CAAC;CACpB,CAAC;AAEF,eAAO,MAAM,cAAc,gDAKxB,oBAAoB,KAAG,QAAQ,yBAAyB,CAY1D,CAAC;AAEF,MAAM,WAAW,mBAAmB;IAClC,UAAU,EAAE,WAAW,CAAC;IACxB,QAAQ,EAAE,cAAc,CAAC;IACzB,KAAK,EAAE,KAAK,CAAC;IACb,QAAQ,EAAE,QAAQ,CAAC;CACpB;AACD,eAAO,MAAM,aAAa,8CAAmD,mBAAmB;;;EAqB/F,CAAC"}
|
|
@@ -21,18 +21,17 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
21
21
|
exports.finalizeOrder = exports.createNewOrder = void 0;
|
|
22
22
|
const Helper_1 = require("../Helper");
|
|
23
23
|
const createNewOrder = async ({ identity, nonce, directory, connection, }) => {
|
|
24
|
-
var _a;
|
|
25
24
|
const reqBody = await identity.newOrderRequest(nonce);
|
|
26
|
-
const
|
|
27
|
-
if (
|
|
28
|
-
|
|
29
|
-
order: await identity.newOrderResponse((0, Helper_1.jsonToByteArray)(response.data)),
|
|
30
|
-
authzUrl: response.data.authorizations[0],
|
|
31
|
-
nonce: response.nonce,
|
|
32
|
-
orderUrl: response.location,
|
|
33
|
-
};
|
|
25
|
+
const { data, nonce: responseNonce, location } = await connection.createNewOrder(directory.newOrder, reqBody);
|
|
26
|
+
if (!location) {
|
|
27
|
+
throw new Error('No location header from API received for order creation');
|
|
34
28
|
}
|
|
35
|
-
|
|
29
|
+
return {
|
|
30
|
+
order: await identity.newOrderResponse((0, Helper_1.jsonToByteArray)(data)),
|
|
31
|
+
authzUrls: data.authorizations,
|
|
32
|
+
nonce: responseNonce,
|
|
33
|
+
orderUrl: location,
|
|
34
|
+
};
|
|
36
35
|
};
|
|
37
36
|
exports.createNewOrder = createNewOrder;
|
|
38
37
|
const finalizeOrder = async ({ identity, nonce, orderUrl, connection }) => {
|
|
@@ -45,8 +45,8 @@ const getAndVerifyAuthData = () => {
|
|
|
45
45
|
if (!data) {
|
|
46
46
|
throw new Error('ACME: AuthData not found');
|
|
47
47
|
}
|
|
48
|
-
const
|
|
49
|
-
return E2EIStorage_schema_1.AuthDataSchema.parse(JSON.parse(
|
|
48
|
+
const decodedData = window.atob(data);
|
|
49
|
+
return E2EIStorage_schema_1.AuthDataSchema.parse(JSON.parse(decodedData));
|
|
50
50
|
};
|
|
51
51
|
const getInitialData = () => {
|
|
52
52
|
const data = storage.get(InitialDataKey);
|
|
@@ -7,16 +7,19 @@ export declare const InitialDataSchema: z.ZodObject<{
|
|
|
7
7
|
displayName: z.ZodString;
|
|
8
8
|
handle: z.ZodString;
|
|
9
9
|
domain: z.ZodString;
|
|
10
|
+
teamId: z.ZodString;
|
|
10
11
|
}, "strip", z.ZodTypeAny, {
|
|
11
12
|
id: string;
|
|
12
13
|
domain: string;
|
|
13
14
|
handle: string;
|
|
14
15
|
displayName: string;
|
|
16
|
+
teamId: string;
|
|
15
17
|
}, {
|
|
16
18
|
id: string;
|
|
17
19
|
domain: string;
|
|
18
20
|
handle: string;
|
|
19
21
|
displayName: string;
|
|
22
|
+
teamId: string;
|
|
20
23
|
}>;
|
|
21
24
|
}, "strip", z.ZodTypeAny, {
|
|
22
25
|
user: {
|
|
@@ -24,6 +27,7 @@ export declare const InitialDataSchema: z.ZodObject<{
|
|
|
24
27
|
domain: string;
|
|
25
28
|
handle: string;
|
|
26
29
|
displayName: string;
|
|
30
|
+
teamId: string;
|
|
27
31
|
};
|
|
28
32
|
clientId: string;
|
|
29
33
|
discoveryUrl: string;
|
|
@@ -33,6 +37,7 @@ export declare const InitialDataSchema: z.ZodObject<{
|
|
|
33
37
|
domain: string;
|
|
34
38
|
handle: string;
|
|
35
39
|
displayName: string;
|
|
40
|
+
teamId: string;
|
|
36
41
|
};
|
|
37
42
|
clientId: string;
|
|
38
43
|
discoveryUrl: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"E2EIStorage.schema.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.schema.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,eAAO,MAAM,iBAAiB
|
|
1
|
+
{"version":3,"file":"E2EIStorage.schema.d.ts","sourceRoot":"","sources":["../../../../../src/messagingProtocols/mls/E2EIdentityService/Storage/E2EIStorage.schema.ts"],"names":[],"mappings":"AAmBA,OAAO,EAAC,CAAC,EAAC,MAAM,KAAK,CAAC;AAEtB,eAAO,MAAM,iBAAiB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAU5B,CAAC;AACH,MAAM,MAAM,WAAW,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,iBAAiB,CAAC,CAAC;AAU5D,eAAO,MAAM,cAAc;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAQzB,CAAC;AACH,MAAM,MAAM,QAAQ,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,cAAc,CAAC,CAAC;AAEtD,eAAO,MAAM,eAAe;;;;;;EAE1B,CAAC;AACH,MAAM,MAAM,SAAS,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,eAAe,CAAC,CAAC"}
|
|
@@ -28,6 +28,7 @@ exports.InitialDataSchema = zod_1.z.object({
|
|
|
28
28
|
displayName: zod_1.z.string(),
|
|
29
29
|
handle: zod_1.z.string(),
|
|
30
30
|
domain: zod_1.z.string(),
|
|
31
|
+
teamId: zod_1.z.string(),
|
|
31
32
|
}),
|
|
32
33
|
});
|
|
33
34
|
const Uint8ArraySchema = zod_1.z.custom(value => value instanceof Uint8Array ? { success: true } : { success: false, message: 'Expected Uint8Array' });
|
|
@@ -10,9 +10,18 @@ import { MLSServiceConfig } from './MLSService.types';
|
|
|
10
10
|
import { KeyPackageClaimUser } from '../../../conversation';
|
|
11
11
|
import { CoreDatabase } from '../../../storage/CoreDB';
|
|
12
12
|
import { RecurringTaskScheduler } from '../../../util/RecurringTaskScheduler';
|
|
13
|
-
import {
|
|
13
|
+
import { AcmeChallenge, E2EIServiceExternal, User } from '../E2EIdentityService';
|
|
14
14
|
import { ClientId, CommitPendingProposalsParams, HandlePendingProposalsParams } from '../types';
|
|
15
15
|
export declare const optionalToUint8Array: (array: Uint8Array | []) => Uint8Array;
|
|
16
|
+
type EnrollmentProcessState = {
|
|
17
|
+
status: 'authentication';
|
|
18
|
+
authenticationChallenge: {
|
|
19
|
+
keyAuth: string;
|
|
20
|
+
challenge: AcmeChallenge;
|
|
21
|
+
};
|
|
22
|
+
} | {
|
|
23
|
+
status: 'successful';
|
|
24
|
+
};
|
|
16
25
|
interface LocalMLSServiceConfig extends MLSServiceConfig {
|
|
17
26
|
/**
|
|
18
27
|
* minimum number of key packages client should have available (configured to half of nbKeyPackages)
|
|
@@ -208,7 +217,7 @@ export declare class MLSService extends TypedEventEmitter<Events> {
|
|
|
208
217
|
* @param oAuthIdToken The OAuth id token if the user is already authenticated
|
|
209
218
|
* @returns AcmeChallenge if the user is not authenticated, true if the user is authenticated
|
|
210
219
|
*/
|
|
211
|
-
enrollE2EI(discoveryUrl: string, e2eiServiceExternal: E2EIServiceExternal, user: User, client: RegisteredClient, nbPrekeys: number, oAuthIdToken?: string): Promise<
|
|
220
|
+
enrollE2EI(discoveryUrl: string, e2eiServiceExternal: E2EIServiceExternal, user: User, client: RegisteredClient, nbPrekeys: number, oAuthIdToken?: string): Promise<EnrollmentProcessState>;
|
|
212
221
|
}
|
|
213
222
|
export {};
|
|
214
223
|
//# sourceMappingURL=MLSService.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"MLSService.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/MLSService.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAqB,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;AACzF,OAAO,EAAC,sBAAsB,EAAE,kBAAkB,EAAC,MAAM,sCAAsC,CAAC;AAChG,OAAO,EAAC,8BAA8B,EAAE,2BAA2B,EAAC,MAAM,+BAA+B,CAAC;AAE1G,OAAO,EAAC,WAAW,EAAC,MAAM,8BAA8B,CAAC;AAEzD,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAW,iBAAiB,EAAC,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EACL,eAAe,EAIf,cAAc,EACd,UAAU,EAEV,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EACnB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAC,gBAAgB,EAAsB,MAAM,oBAAoB,CAAC;AAEzE,OAAO,EAAC,mBAAmB,EAAC,MAAM,uBAAuB,CAAC;AAE1D,OAAO,EAAC,YAAY,EAAC,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAC,sBAAsB,EAAC,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAC,
|
|
1
|
+
{"version":3,"file":"MLSService.d.ts","sourceRoot":"","sources":["../../../../src/messagingProtocols/mls/MLSService/MLSService.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAqB,gBAAgB,EAAC,MAAM,gCAAgC,CAAC;AACzF,OAAO,EAAC,sBAAsB,EAAE,kBAAkB,EAAC,MAAM,sCAAsC,CAAC;AAChG,OAAO,EAAC,8BAA8B,EAAE,2BAA2B,EAAC,MAAM,+BAA+B,CAAC;AAE1G,OAAO,EAAC,WAAW,EAAC,MAAM,8BAA8B,CAAC;AAEzD,OAAO,OAAO,MAAM,SAAS,CAAC;AAE9B,OAAO,EAAC,SAAS,EAAC,MAAM,qBAAqB,CAAC;AAC9C,OAAO,EAAW,iBAAiB,EAAC,MAAM,kBAAkB,CAAC;AAC7D,OAAO,EACL,eAAe,EAIf,cAAc,EACd,UAAU,EAEV,gBAAgB,EAChB,YAAY,EACZ,YAAY,EACZ,kBAAkB,EACnB,MAAM,sBAAsB,CAAC;AAG9B,OAAO,EAAC,gBAAgB,EAAsB,MAAM,oBAAoB,CAAC;AAEzE,OAAO,EAAC,mBAAmB,EAAC,MAAM,uBAAuB,CAAC;AAE1D,OAAO,EAAC,YAAY,EAAC,MAAM,yBAAyB,CAAC;AAGrD,OAAO,EAAC,sBAAsB,EAAC,MAAM,sCAAsC,CAAC;AAE5E,OAAO,EAAC,aAAa,EAAE,mBAAmB,EAAE,IAAI,EAAC,MAAM,uBAAuB,CAAC;AAQ/E,OAAO,EAAC,QAAQ,EAAE,4BAA4B,EAAE,4BAA4B,EAAC,MAAM,UAAU,CAAC;AAK9F,eAAO,MAAM,oBAAoB,UAAW,UAAU,GAAG,EAAE,KAAG,UAE7D,CAAC;AAEF,KAAK,sBAAsB,GACvB;IACE,MAAM,EAAE,gBAAgB,CAAC;IACzB,uBAAuB,EAAE;QAAC,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,aAAa,CAAA;KAAC,CAAC;CACtE,GACD;IAAC,MAAM,EAAE,YAAY,CAAA;CAAC,CAAC;AAE3B,UAAU,qBAAsB,SAAQ,gBAAgB;IACtD;;OAEG;IACH,uCAAuC,EAAE,MAAM,CAAC;CACjD;AAQD,KAAK,MAAM,GAAG;IACZ,QAAQ,EAAE;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAC,CAAC;CAC5C,CAAC;AACF,qBAAa,UAAW,SAAQ,iBAAiB,CAAC,MAAM,CAAC;IAOrD,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,gBAAgB;IACjC,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,sBAAsB;IATzC,MAAM,iBAAuC;IAC7C,MAAM,EAAE,qBAAqB,CAAC;IAC9B,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;IACjD,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAqB;gBAG9B,SAAS,EAAE,SAAS,EACpB,gBAAgB,EAAE,UAAU,EAC5B,YAAY,EAAE,YAAY,EAC1B,sBAAsB,EAAE,sBAAsB,EAC/D,EACE,6BAA2E,EAC3E,aAA2C,EAC3C,WAAuC,GACxC,EAAE,OAAO,CAAC,gBAAgB,CAAC;IAWjB,UAAU,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,gBAAgB,EAAE,qBAAqB,UAAQ;YAyBtF,iBAAiB;IAM/B,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CA0CjC;IAEF;;;;;;OAMG;IACI,8BAA8B,CAAC,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,UAAU,EAAE;IAWnE,qBAAqB,CAAC,cAAc,EAAE,mBAAmB,EAAE;;;;IA2CjE,QAAQ,CAAC,OAAO,EAAE,MAAM,GAAG,UAAU;IAK/B,WAAW,CAAC,YAAY,EAAE,YAAY,EAAE,IAAI,EAAE,YAAY,GAAG,eAAe,GAAG,kBAAkB;IAIjG,oBAAoB,CAAC,YAAY,EAAE,MAAM,OAAO,CAAC,UAAU,CAAC;IAyB5D,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAMpE,qBAAqB,CAAC,cAAc,EAAE,UAAU,GAAG,OAAO,CAAC,cAAc,CAAC;IAI1E,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAiB9F,cAAc,CAAC,cAAc,EAAE,cAAc,EAAE,OAAO,EAAE,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IAIrG;;;;;;;;;OASG;YACW,mBAAmB;IAQjC,OAAO,CAAC,oBAAoB;IAK5B;;;OAGG;IACU,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IActE;;;;;OAKG;IACU,oBAAoB,CAC/B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,WAAW,EAAE,EACpB,OAAO,CAAC,EAAE;QAAC,IAAI,EAAE,WAAW,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAC,GAC7C,OAAO,CAAC,sBAAsB,CAAC;IAiClC;;;;;OAKG;IACH,SAAgB,uBAAuB,YAAmB,MAAM,KAAG,QAAQ,OAAO,CAAC,CA2BjF;IAEF;;;;OAIG;IACI,6BAA6B,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE;YAW7D,eAAe;IAK7B;;;OAGG;IACU,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAKlE;;;;OAIG;IACU,yBAAyB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAK5D,2BAA2B,IAAI,OAAO,CAAC,MAAM,CAAC;IAK9C,iBAAiB,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,EAAE,CAAC;IAK9E;;;;OAIG;IACU,gBAAgB,CAAC,OAAO,EAAE,MAAM;IAc7C,OAAO,CAAC,sCAAsC;IAI9C;;;OAGG;IACU,uBAAuB,CAAC,OAAO,EAAE,MAAM;IAKpD;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAIhC;;;OAGG;IACI,0BAA0B,CAAC,OAAO,EAAE,MAAM;IAUjD;;;OAGG;IACI,mCAAmC,CAAC,QAAQ,EAAE,MAAM,EAAE;IAQ7D;;;;OAIG;IACI,sCAAsC,CAAC,QAAQ,EAAE,MAAM;IAQ9D;;;;OAIG;YACW,+BAA+B;YAQ/B,gCAAgC;YAYhC,2BAA2B;IAIzC;;;;;OAKG;YACW,mBAAmB;YAQnB,oBAAoB;IAOrB,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAe7D;;;;;;;OAOG;IACU,sBAAsB,CAAC,EAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAC,EAAE,4BAA4B;YAWnF,4BAA4B;YAU5B,0BAA0B;IAKxC,OAAO,CAAC,6BAA6B;IAIrC;;;;;OAKG;IACU,sBAAsB,CAAC,EAAC,OAAO,EAAE,UAAkB,EAAC,EAAE,4BAA4B;IAY/F;;;;OAIG;IACU,+BAA+B;IAiB5C;;;;OAIG;IACU,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC;QAAC,MAAM,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,QAAQ,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAC,EAAE,CAAC;IAY9F,wBAAwB,CACnC,KAAK,EAAE,8BAA8B,EACrC,yBAAyB,EAAE,CACzB,cAAc,EAAE,WAAW,EAC3B,iBAAiB,CAAC,EAAE,kBAAkB,KACnC,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAgBrB,4BAA4B,CAAC,KAAK,EAAE,2BAA2B,EAAE,QAAQ,EAAE,MAAM;IAcjF,oBAAoB,CAAC,QAAQ,EAAE,QAAQ,EAAE,aAAa,EAAE,UAAU,EAAE;IASjF;;;;;;;;OAQG;IACU,UAAU,CACrB,YAAY,EAAE,MAAM,EACpB,mBAAmB,EAAE,mBAAmB,EACxC,IAAI,EAAE,IAAI,EACV,MAAM,EAAE,gBAAgB,EACxB,SAAS,EAAE,MAAM,EACjB,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,sBAAsB,CAAC;CA+DnC"}
|