@wix/cli-app 1.1.34 → 1.1.35

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (108) hide show
  1. package/build/CreateVersionCommand-FGFXCQ6O.js +4 -0
  2. package/build/{CreateVersionCommand-3ECZI65A.js.map → CreateVersionCommand-FGFXCQ6O.js.map} +1 -1
  3. package/build/DevCommand-5DVDWGBY.js +4 -0
  4. package/build/DevCommand-5DVDWGBY.js.map +1 -0
  5. package/build/{GenerateCommand-CIO77YCS.js → GenerateCommand-5MXGDU5D.js} +3 -3
  6. package/build/GenerateCommand-5MXGDU5D.js.map +1 -0
  7. package/build/LogsCommand-GT4C6W63.js +4 -0
  8. package/build/LogsCommand-GT4C6W63.js.map +1 -0
  9. package/build/PreviewCommand-TYTUHLCK.js +4 -0
  10. package/build/{ServeCommand-AEELDVFH.js → ServeCommand-3XS2PRLZ.js} +2 -2
  11. package/build/ServeCommand-3XS2PRLZ.js.map +1 -0
  12. package/build/build-D3GVJS75.js +5 -0
  13. package/build/build-D3GVJS75.js.map +1 -0
  14. package/build/{build-JVHXDZDD.js → build-R2V6VPAY.js} +2 -2
  15. package/build/{build-JVHXDZDD.js.map → build-R2V6VPAY.js.map} +1 -1
  16. package/build/{chunk-MB65UVFQ.js → chunk-2JOP4YNL.js} +5 -5
  17. package/build/chunk-2JOP4YNL.js.map +1 -0
  18. package/build/chunk-3T3H3UJF.js +11 -0
  19. package/build/chunk-3T3H3UJF.js.map +1 -0
  20. package/build/chunk-5JYQ2Z7Y.js +116 -0
  21. package/build/chunk-5JYQ2Z7Y.js.map +1 -0
  22. package/build/chunk-5YLHD2SK.js +4 -0
  23. package/build/{chunk-F4LXYTO3.js → chunk-A3KHJIN7.js} +2 -2
  24. package/build/chunk-A7TURNR5.js +4 -0
  25. package/build/chunk-A7TURNR5.js.map +1 -0
  26. package/build/chunk-CBDNKNAV.js +4 -0
  27. package/build/chunk-CBDNKNAV.js.map +1 -0
  28. package/build/chunk-F6WBFD2I.js +11 -0
  29. package/build/chunk-F6WBFD2I.js.map +1 -0
  30. package/build/{chunk-QTYWYBN3.js → chunk-J2KSZ5LE.js} +2 -2
  31. package/build/{chunk-QTYWYBN3.js.map → chunk-J2KSZ5LE.js.map} +1 -1
  32. package/build/{chunk-MKVAJTCF.js → chunk-KRQ3H7GR.js} +2 -2
  33. package/build/{chunk-MKVAJTCF.js.map → chunk-KRQ3H7GR.js.map} +1 -1
  34. package/build/chunk-MI2F3EIB.js +4 -0
  35. package/build/chunk-MI2F3EIB.js.map +1 -0
  36. package/build/{chunk-MON4UIEH.js → chunk-NNF6JCN7.js} +2 -2
  37. package/build/chunk-NNF6JCN7.js.map +1 -0
  38. package/build/{chunk-HTY6QIPX.js → chunk-OWEB37KH.js} +2 -2
  39. package/build/{chunk-FBYP5GID.js → chunk-PWHZSGUV.js} +2 -2
  40. package/build/chunk-PWHZSGUV.js.map +1 -0
  41. package/build/{chunk-JKG4PFVP.js → chunk-QEH4HZND.js} +2 -2
  42. package/build/chunk-R4ZQYYZR.js +4 -0
  43. package/build/chunk-R4ZQYYZR.js.map +1 -0
  44. package/build/{chunk-ROZV4SHP.js → chunk-RXT5UM7Q.js} +54 -46
  45. package/build/chunk-RXT5UM7Q.js.map +1 -0
  46. package/build/{chunk-COIDN4V4.js → chunk-VRNTLFVH.js} +2 -2
  47. package/build/chunk-VRNTLFVH.js.map +1 -0
  48. package/build/{chunk-XUF2HJAT.js → chunk-YT6VEJPK.js} +2 -2
  49. package/build/chunk-YT6VEJPK.js.map +1 -0
  50. package/build/{chunk-2KPKOJPE.js → chunk-ZORLYW6M.js} +2 -2
  51. package/build/esm-HBMYQBEO.js +466 -0
  52. package/build/esm-HBMYQBEO.js.map +1 -0
  53. package/build/index.js +2 -2
  54. package/build/platform-sdk/chunk-RFBBAUMM.js +2 -0
  55. package/build/platform-sdk/chunk-RFBBAUMM.js.map +1 -0
  56. package/build/platform-sdk/dashboard.js +2 -0
  57. package/build/platform-sdk/dashboard.js.map +1 -0
  58. package/build/platform-sdk/esm-IUMNLA6B.js +2 -0
  59. package/build/platform-sdk/esm-IUMNLA6B.js.map +1 -0
  60. package/build/preview-5HAC2VHN.js +4 -0
  61. package/build/{preview-L5LDZK2L.js.map → preview-5HAC2VHN.js.map} +1 -1
  62. package/build/render-command-OPJNFJRC.js +4 -0
  63. package/build/{render-command-IA3LLA3F.js.map → render-command-OPJNFJRC.js.map} +1 -1
  64. package/internal/component-hmr-wrapper.tsx +4 -8
  65. package/package.json +10 -9
  66. package/schemas/custom-element.json +1 -1
  67. package/schemas/dashboard-menu-plugin.json +1 -1
  68. package/schemas/dashboard-modal.json +1 -1
  69. package/schemas/embedded-script.json +1 -1
  70. package/build/CreateVersionCommand-3ECZI65A.js +0 -4
  71. package/build/DevCommand-B7WYY2UQ.js +0 -4
  72. package/build/DevCommand-B7WYY2UQ.js.map +0 -1
  73. package/build/GenerateCommand-CIO77YCS.js.map +0 -1
  74. package/build/LogsCommand-VJ64MYDN.js +0 -4
  75. package/build/LogsCommand-VJ64MYDN.js.map +0 -1
  76. package/build/PreviewCommand-BZY2XOZN.js +0 -4
  77. package/build/ServeCommand-AEELDVFH.js.map +0 -1
  78. package/build/chunk-35SQ77PW.js +0 -4
  79. package/build/chunk-35SQ77PW.js.map +0 -1
  80. package/build/chunk-COIDN4V4.js.map +0 -1
  81. package/build/chunk-E6MYDYCH.js +0 -4
  82. package/build/chunk-E6MYDYCH.js.map +0 -1
  83. package/build/chunk-F4YTZ6XA.js +0 -116
  84. package/build/chunk-F4YTZ6XA.js.map +0 -1
  85. package/build/chunk-F55KYUXJ.js +0 -4
  86. package/build/chunk-F55KYUXJ.js.map +0 -1
  87. package/build/chunk-FBYP5GID.js.map +0 -1
  88. package/build/chunk-HTO6ALNX.js +0 -4
  89. package/build/chunk-HTO6ALNX.js.map +0 -1
  90. package/build/chunk-JAY5356K.js +0 -11
  91. package/build/chunk-JAY5356K.js.map +0 -1
  92. package/build/chunk-KQOYEWON.js +0 -11
  93. package/build/chunk-KQOYEWON.js.map +0 -1
  94. package/build/chunk-MB65UVFQ.js.map +0 -1
  95. package/build/chunk-MON4UIEH.js.map +0 -1
  96. package/build/chunk-ROZV4SHP.js.map +0 -1
  97. package/build/chunk-X62VPDUS.js +0 -4
  98. package/build/chunk-XUF2HJAT.js.map +0 -1
  99. package/build/esm-Z5T56VLV.js +0 -365
  100. package/build/esm-Z5T56VLV.js.map +0 -1
  101. package/build/preview-L5LDZK2L.js +0 -4
  102. package/build/render-command-IA3LLA3F.js +0 -4
  103. /package/build/{PreviewCommand-BZY2XOZN.js.map → PreviewCommand-TYTUHLCK.js.map} +0 -0
  104. /package/build/{chunk-X62VPDUS.js.map → chunk-5YLHD2SK.js.map} +0 -0
  105. /package/build/{chunk-F4LXYTO3.js.map → chunk-A3KHJIN7.js.map} +0 -0
  106. /package/build/{chunk-HTY6QIPX.js.map → chunk-OWEB37KH.js.map} +0 -0
  107. /package/build/{chunk-JKG4PFVP.js.map → chunk-QEH4HZND.js.map} +0 -0
  108. /package/build/{chunk-2KPKOJPE.js.map → chunk-ZORLYW6M.js.map} +0 -0
package/build/platform-sdk/esm-IUMNLA6B.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"sources":["../../../../node_modules/jose/dist/node/esm/runtime/base64url.js","../../../../node_modules/jose/dist/node/esm/runtime/digest.js","../../../../node_modules/jose/dist/node/esm/lib/buffer_utils.js","../../../../node_modules/jose/dist/node/esm/runtime/decrypt.js","../../../../node_modules/jose/dist/node/esm/util/errors.js","../../../../node_modules/jose/dist/node/esm/runtime/random.js","../../../../node_modules/jose/dist/node/esm/lib/iv.js","../../../../node_modules/jose/dist/node/esm/lib/check_iv_length.js","../../../../node_modules/jose/dist/node/esm/runtime/is_key_object.js","../../../../node_modules/jose/dist/node/esm/runtime/check_cek_length.js","../../../../node_modules/jose/dist/node/esm/runtime/timing_safe_equal.js","../../../../node_modules/jose/dist/node/esm/runtime/cbc_tag.js","../../../../node_modules/jose/dist/node/esm/runtime/webcrypto.js","../../../../node_modules/jose/dist/node/esm/lib/crypto_key.js","../../../../node_modules/jose/dist/node/esm/lib/invalid_key_input.js","../../../../node_modules/jose/dist/node/esm/runtime/ciphers.js","../../../../node_modules/jose/dist/node/esm/runtime/is_key_like.js","../../../../node_modules/jose/dist/node/esm/lib/is_disjoint.js","../../../../node_modules/jose/dist/node/esm/lib/is_object.js","../../../../node_modules/jose/dist/node/esm/runtime/aeskw.js","../../../../node_modules/jose/dist/node/esm/runtime/ecdhes.js","../../../../node_modules/jose/dist/node/esm/runtime/get_named_curve.js","../../../../node_modules/jose/dist/node/esm/runtime/pbes2kw.js","../../../../node_modules/jose/dist/node/esm/lib/check_p2s.js","../../../../node_modules/jose/dist/node/esm/runtime/rsaes.js","../../../../node_modules/jose/dist/node/esm/runtime/check_key_length.js","../../../../node_modules/jose/dist/node/esm/lib/cek.js","../../../../node_modules/jose/dist/node/esm/runtime/asn1.js","../../../../node_modules/jose/dist/node/esm/runtime/jwk_to_key.js","../../../../node_modules/jose/dist/node/esm/key/import.js","../../../../node_modules/jose/dist/node/esm/lib/check_key_type.js","../../../../node_modules/jose/dist/node/esm/runtime/encrypt.js","../../../../node_modules/jose/dist/node/esm/lib/aesgcmkw.js","../../../../node_modules/jose/dist/node/esm/lib/decrypt_key_management.js","../../../../node_modules/jose/dist/node/esm/lib/validate_crit.js","../../../../node_modules/jose/dist/node/esm/lib/validate_algorithms.js","../../../../node_modules/jose/dist/node/esm/jwe/flattened/decrypt.js","../../../../node_modules/jose/dist/node/esm/jwe/compact/decrypt.js","../../../../node_modules/jose/dist/node/esm/jwe/general/decrypt.js","../../../../node_modules/jose/dist/node/esm/runtime/key_to_jwk.js","../../../../node_modules/jose/dist/node/esm/key/export.js","../../../../node_modules/jose/dist/node/esm/lib/encrypt_key_management.js","../../../../node_modules/jose/dist/node/esm/jwe/flattened/encrypt.js","../../../../node_modules/jose/dist/node/esm/jwe/general/encrypt.js","../../../../node_modules/jose/dist/node/esm/runtime/verify.js","../../../../node_modules/jose/dist/node/esm/runtime/dsa_digest.js","../../../../node_modules/jose/dist/node/esm/runtime/node_key.js","../../../../node_modules/jose/dist/node/esm/runtime/sign.js","../../../../node_modules/jose/dist/node/esm/runtime/hmac_digest.js","../../../../node_modules/jose/dist/node/esm/runtime/get_sign_verify_key.js","../../../../node_modules/jose/dist/node/esm/jws/flattened/verify.js","../../../../node_modules/jose/dist/node/esm/jws/compact/verify.js","../../../../node_modules/jose/dist/node/esm/jws/general/verify.js","../../../../node_modules/jose/dist/node/esm/lib/epoch.js","../../../../node_modules/jose/dist/node/esm/lib/secs.js","../../../../node_modules/jose/dist/node/esm/lib/jwt_claims_set.js","../../../../node_modules/jose/dist/node/esm/jwt/verify.js","../../../../node_modules/jose/dist/node/esm/jwt/decrypt.js","../../../../node_modules/jose/dist/node/esm/jwe/compact/encrypt.js","../../../../node_modules/jose/dist/node/esm/jws/flattened/sign.js","../../../../node_modules/jose/dist/node/esm/jws/compact/sign.js","../../../../node_modules/jose/dist/node/esm/jws/general/sign.js","../../../../node_modules/jose/dist/node/esm/jwt/produce.js","../../../../node_modules/jose/dist/node/esm/jwt/sign.js","../../../../node_modules/jose/dist/node/esm/jwt/encrypt.js","../../../../node_modules/jose/dist/node/esm/jwk/thumbprint.js","../../../../node_modules/jose/dist/node/esm/jwk/embedded.js","../../../../node_modules/jose/dist/node/esm/jwks/local.js","../../../../node_modules/jose/dist/node/esm/runtime/fetch_jwks.js","../../../../node_modules/jose/dist/node/esm/jwks/remote.js","../../../../node_modules/jose/dist/node/esm/jwt/unsecured.js","../../../../node_modules/jose/dist/node/esm/util/base64url.js","../../../../node_modules/jose/dist/node/esm/util/decode_protected_header.js","../../../../node_modules/jose/dist/node/esm/util/decode_jwt.js","../../../../node_modules/jose/dist/node/esm/runtime/generate.js","../../../../node_modules/jose/dist/node/esm/key/generate_key_pair.js","../../../../node_modules/jose/dist/node/esm/key/generate_secret.js","../../../../node_modules/jose/dist/node/esm/runtime/runtime.js","../../../../node_modules/jose/dist/node/esm/util/runtime.js"],"sourcesContent":["import { Buffer } from 'node:buffer';\nimport { decoder } from '../lib/buffer_utils.js';\nfunction normalize(input) {\n let encoded = input;\n if (encoded instanceof Uint8Array) {\n encoded = decoder.decode(encoded);\n }\n return encoded;\n}\nconst encode = (input) => Buffer.from(input).toString('base64url');\nexport const decodeBase64 = (input) => new Uint8Array(Buffer.from(input, 'base64'));\nexport const encodeBase64 = (input) => Buffer.from(input).toString('base64');\nexport { encode };\nexport const decode = (input) => new Uint8Array(Buffer.from(normalize(input), 'base64'));\n","import { createHash } from 'node:crypto';\nconst digest = (algorithm, data) => createHash(algorithm).update(data).digest();\nexport default digest;\n","import digest from '../runtime/digest.js';\nexport const encoder = new TextEncoder();\nexport const decoder = new TextDecoder();\nconst MAX_INT32 = 2 ** 32;\nexport function concat(...buffers) {\n const size = buffers.reduce((acc, { length }) => acc + length, 0);\n const buf = new Uint8Array(size);\n let i = 0;\n for (const buffer of buffers) {\n buf.set(buffer, i);\n i += buffer.length;\n }\n return buf;\n}\nexport function p2s(alg, p2sInput) {\n return concat(encoder.encode(alg), new Uint8Array([0]), p2sInput);\n}\nfunction writeUInt32BE(buf, value, offset) {\n if (value < 0 || value >= MAX_INT32) {\n throw new RangeError(`value must be >= 0 and <= ${MAX_INT32 - 1}. Received ${value}`);\n }\n buf.set([value >>> 24, value >>> 16, value >>> 8, value & 0xff], offset);\n}\nexport function uint64be(value) {\n const high = Math.floor(value / MAX_INT32);\n const low = value % MAX_INT32;\n const buf = new Uint8Array(8);\n writeUInt32BE(buf, high, 0);\n writeUInt32BE(buf, low, 4);\n return buf;\n}\nexport function uint32be(value) {\n const buf = new Uint8Array(4);\n writeUInt32BE(buf, value);\n return buf;\n}\nexport function lengthAndInput(input) {\n return concat(uint32be(input.length), input);\n}\nexport async function concatKdf(secret, bits, value) {\n const iterations = Math.ceil((bits >> 3) / 32);\n const res = new Uint8Array(iterations * 32);\n for (let iter = 0; iter < iterations; iter++) {\n const buf = new Uint8Array(4 + secret.length + value.length);\n buf.set(uint32be(iter + 1));\n buf.set(secret, 4);\n buf.set(value, 4 + secret.length);\n res.set(await digest('sha256', buf), iter * 32);\n }\n return res.slice(0, bits >> 3);\n}\n","import { createDecipheriv, KeyObject } from 'node:crypto';\nimport checkIvLength from '../lib/check_iv_length.js';\nimport checkCekLength from './check_cek_length.js';\nimport { concat } from '../lib/buffer_utils.js';\nimport { JOSENotSupported, JWEDecryptionFailed, JWEInvalid } from '../util/errors.js';\nimport timingSafeEqual from './timing_safe_equal.js';\nimport cbcTag from './cbc_tag.js';\nimport { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport isKeyObject from './is_key_object.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport supported from './ciphers.js';\nimport { types } from './is_key_like.js';\nfunction cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) {\n const keySize = parseInt(enc.slice(1, 4), 10);\n if (isKeyObject(cek)) {\n cek = cek.export();\n }\n const encKey = cek.subarray(keySize >> 3);\n const macKey = cek.subarray(0, keySize >> 3);\n const macSize = parseInt(enc.slice(-3), 10);\n const algorithm = `aes-${keySize}-cbc`;\n if (!supported(algorithm)) {\n throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);\n }\n const expectedTag = cbcTag(aad, iv, ciphertext, macSize, macKey, keySize);\n let macCheckPassed;\n try {\n macCheckPassed = timingSafeEqual(tag, expectedTag);\n }\n catch {\n }\n if (!macCheckPassed) {\n throw new JWEDecryptionFailed();\n }\n let plaintext;\n try {\n const decipher = createDecipheriv(algorithm, encKey, iv);\n plaintext = concat(decipher.update(ciphertext), decipher.final());\n }\n catch {\n }\n if (!plaintext) {\n throw new JWEDecryptionFailed();\n }\n return plaintext;\n}\nfunction gcmDecrypt(enc, cek, ciphertext, iv, tag, aad) {\n const keySize = parseInt(enc.slice(1, 4), 10);\n const algorithm = `aes-${keySize}-gcm`;\n if (!supported(algorithm)) {\n throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);\n }\n try {\n const decipher = createDecipheriv(algorithm, cek, iv, { authTagLength: 16 });\n decipher.setAuthTag(tag);\n if (aad.byteLength) {\n decipher.setAAD(aad, { plaintextLength: ciphertext.length });\n }\n const plaintext = decipher.update(ciphertext);\n decipher.final();\n return plaintext;\n }\n catch {\n throw new JWEDecryptionFailed();\n }\n}\nconst decrypt = (enc, cek, ciphertext, iv, tag, aad) => {\n let key;\n if (isCryptoKey(cek)) {\n checkEncCryptoKey(cek, enc, 'decrypt');\n key = KeyObject.from(cek);\n }\n else if (cek instanceof Uint8Array || isKeyObject(cek)) {\n key = cek;\n }\n else {\n throw new TypeError(invalidKeyInput(cek, ...types, 'Uint8Array'));\n }\n if (!iv) {\n throw new JWEInvalid('JWE Initialization Vector missing');\n }\n if (!tag) {\n throw new JWEInvalid('JWE Authentication Tag missing');\n }\n checkCekLength(enc, key);\n checkIvLength(enc, iv);\n switch (enc) {\n case 'A128CBC-HS256':\n case 'A192CBC-HS384':\n case 'A256CBC-HS512':\n return cbcDecrypt(enc, key, ciphertext, iv, tag, aad);\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM':\n return gcmDecrypt(enc, key, ciphertext, iv, tag, aad);\n default:\n throw new JOSENotSupported('Unsupported JWE Content Encryption Algorithm');\n }\n};\nexport default decrypt;\n","export class JOSEError extends Error {\n static get code() {\n return 'ERR_JOSE_GENERIC';\n }\n code = 'ERR_JOSE_GENERIC';\n constructor(message) {\n super(message);\n this.name = this.constructor.name;\n Error.captureStackTrace?.(this, this.constructor);\n }\n}\nexport class JWTClaimValidationFailed extends JOSEError {\n static get code() {\n return 'ERR_JWT_CLAIM_VALIDATION_FAILED';\n }\n code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';\n claim;\n reason;\n constructor(message, claim = 'unspecified', reason = 'unspecified') {\n super(message);\n this.claim = claim;\n this.reason = reason;\n }\n}\nexport class JWTExpired extends JOSEError {\n static get code() {\n return 'ERR_JWT_EXPIRED';\n }\n code = 'ERR_JWT_EXPIRED';\n claim;\n reason;\n constructor(message, claim = 'unspecified', reason = 'unspecified') {\n super(message);\n this.claim = claim;\n this.reason = reason;\n }\n}\nexport class JOSEAlgNotAllowed extends JOSEError {\n static get code() {\n return 'ERR_JOSE_ALG_NOT_ALLOWED';\n }\n code = 'ERR_JOSE_ALG_NOT_ALLOWED';\n}\nexport class JOSENotSupported extends JOSEError {\n static get code() {\n return 'ERR_JOSE_NOT_SUPPORTED';\n }\n code = 'ERR_JOSE_NOT_SUPPORTED';\n}\nexport class JWEDecryptionFailed extends JOSEError {\n static get code() {\n return 'ERR_JWE_DECRYPTION_FAILED';\n }\n code = 'ERR_JWE_DECRYPTION_FAILED';\n message = 'decryption operation failed';\n}\nexport class JWEInvalid extends JOSEError {\n static get code() {\n return 'ERR_JWE_INVALID';\n }\n code = 'ERR_JWE_INVALID';\n}\nexport class JWSInvalid extends JOSEError {\n static get code() {\n return 'ERR_JWS_INVALID';\n }\n code = 'ERR_JWS_INVALID';\n}\nexport class JWTInvalid extends JOSEError {\n static get code() {\n return 'ERR_JWT_INVALID';\n }\n code = 'ERR_JWT_INVALID';\n}\nexport class JWKInvalid extends JOSEError {\n static get code() {\n return 'ERR_JWK_INVALID';\n }\n code = 'ERR_JWK_INVALID';\n}\nexport class JWKSInvalid extends JOSEError {\n static get code() {\n return 'ERR_JWKS_INVALID';\n }\n code = 'ERR_JWKS_INVALID';\n}\nexport class JWKSNoMatchingKey extends JOSEError {\n static get code() {\n return 'ERR_JWKS_NO_MATCHING_KEY';\n }\n code = 'ERR_JWKS_NO_MATCHING_KEY';\n message = 'no applicable key found in the JSON Web Key Set';\n}\nexport class JWKSMultipleMatchingKeys extends JOSEError {\n [Symbol.asyncIterator];\n static get code() {\n return 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';\n }\n code = 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';\n message = 'multiple matching keys found in the JSON Web Key Set';\n}\nexport class JWKSTimeout extends JOSEError {\n static get code() {\n return 'ERR_JWKS_TIMEOUT';\n }\n code = 'ERR_JWKS_TIMEOUT';\n message = 'request timed out';\n}\nexport class JWSSignatureVerificationFailed extends JOSEError {\n static get code() {\n return 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';\n }\n code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';\n message = 'signature verification failed';\n}\n","export { randomFillSync as default } from 'node:crypto';\n","import { JOSENotSupported } from '../util/errors.js';\nimport random from '../runtime/random.js';\nexport function bitLength(alg) {\n switch (alg) {\n case 'A128GCM':\n case 'A128GCMKW':\n case 'A192GCM':\n case 'A192GCMKW':\n case 'A256GCM':\n case 'A256GCMKW':\n return 96;\n case 'A128CBC-HS256':\n case 'A192CBC-HS384':\n case 'A256CBC-HS512':\n return 128;\n default:\n throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`);\n }\n}\nexport default (alg) => random(new Uint8Array(bitLength(alg) >> 3));\n","import { JWEInvalid } from '../util/errors.js';\nimport { bitLength } from './iv.js';\nconst checkIvLength = (enc, iv) => {\n if (iv.length << 3 !== bitLength(enc)) {\n throw new JWEInvalid('Invalid Initialization Vector length');\n }\n};\nexport default checkIvLength;\n","import * as util from 'node:util';\nexport default (obj) => util.types.isKeyObject(obj);\n","import { JWEInvalid, JOSENotSupported } from '../util/errors.js';\nimport isKeyObject from './is_key_object.js';\nconst checkCekLength = (enc, cek) => {\n let expected;\n switch (enc) {\n case 'A128CBC-HS256':\n case 'A192CBC-HS384':\n case 'A256CBC-HS512':\n expected = parseInt(enc.slice(-3), 10);\n break;\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM':\n expected = parseInt(enc.slice(1, 4), 10);\n break;\n default:\n throw new JOSENotSupported(`Content Encryption Algorithm ${enc} is not supported either by JOSE or your javascript runtime`);\n }\n if (cek instanceof Uint8Array) {\n const actual = cek.byteLength << 3;\n if (actual !== expected) {\n throw new JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);\n }\n return;\n }\n if (isKeyObject(cek) && cek.type === 'secret') {\n const actual = cek.symmetricKeySize << 3;\n if (actual !== expected) {\n throw new JWEInvalid(`Invalid Content Encryption Key length. Expected ${expected} bits, got ${actual} bits`);\n }\n return;\n }\n throw new TypeError('Invalid Content Encryption Key type');\n};\nexport default checkCekLength;\n","import { timingSafeEqual as impl } from 'node:crypto';\nconst timingSafeEqual = impl;\nexport default timingSafeEqual;\n","import { createHmac } from 'node:crypto';\nimport { concat, uint64be } from '../lib/buffer_utils.js';\nexport default function cbcTag(aad, iv, ciphertext, macSize, macKey, keySize) {\n const macData = concat(aad, iv, ciphertext, uint64be(aad.length << 3));\n const hmac = createHmac(`sha${macSize}`, macKey);\n hmac.update(macData);\n return hmac.digest().slice(0, keySize >> 3);\n}\n","import * as crypto from 'node:crypto';\nimport * as util from 'node:util';\nconst webcrypto = crypto.webcrypto;\nexport default webcrypto;\nexport const isCryptoKey = (key) => util.types.isCryptoKey(key);\n","function unusable(name, prop = 'algorithm.name') {\n return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`);\n}\nfunction isAlgorithm(algorithm, name) {\n return algorithm.name === name;\n}\nfunction getHashLength(hash) {\n return parseInt(hash.name.slice(4), 10);\n}\nfunction getNamedCurve(alg) {\n switch (alg) {\n case 'ES256':\n return 'P-256';\n case 'ES384':\n return 'P-384';\n case 'ES512':\n return 'P-521';\n default:\n throw new Error('unreachable');\n }\n}\nfunction checkUsage(key, usages) {\n if (usages.length && !usages.some((expected) => key.usages.includes(expected))) {\n let msg = 'CryptoKey does not support this operation, its usages must include ';\n if (usages.length > 2) {\n const last = usages.pop();\n msg += `one of ${usages.join(', ')}, or ${last}.`;\n }\n else if (usages.length === 2) {\n msg += `one of ${usages[0]} or ${usages[1]}.`;\n }\n else {\n msg += `${usages[0]}.`;\n }\n throw new TypeError(msg);\n }\n}\nexport function checkSigCryptoKey(key, alg, ...usages) {\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512': {\n if (!isAlgorithm(key.algorithm, 'HMAC'))\n throw unusable('HMAC');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'RS256':\n case 'RS384':\n case 'RS512': {\n if (!isAlgorithm(key.algorithm, 'RSASSA-PKCS1-v1_5'))\n throw unusable('RSASSA-PKCS1-v1_5');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'PS256':\n case 'PS384':\n case 'PS512': {\n if (!isAlgorithm(key.algorithm, 'RSA-PSS'))\n throw unusable('RSA-PSS');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'EdDSA': {\n if (key.algorithm.name !== 'Ed25519' && key.algorithm.name !== 'Ed448') {\n throw unusable('Ed25519 or Ed448');\n }\n break;\n }\n case 'ES256':\n case 'ES384':\n case 'ES512': {\n if (!isAlgorithm(key.algorithm, 'ECDSA'))\n throw unusable('ECDSA');\n const expected = getNamedCurve(alg);\n const actual = key.algorithm.namedCurve;\n if (actual !== expected)\n throw unusable(expected, 'algorithm.namedCurve');\n break;\n }\n default:\n throw new TypeError('CryptoKey does not support this operation');\n }\n checkUsage(key, usages);\n}\nexport function checkEncCryptoKey(key, alg, ...usages) {\n switch (alg) {\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM': {\n if (!isAlgorithm(key.algorithm, 'AES-GCM'))\n throw unusable('AES-GCM');\n const expected = parseInt(alg.slice(1, 4), 10);\n const actual = key.algorithm.length;\n if (actual !== expected)\n throw unusable(expected, 'algorithm.length');\n break;\n }\n case 'A128KW':\n case 'A192KW':\n case 'A256KW': {\n if (!isAlgorithm(key.algorithm, 'AES-KW'))\n throw unusable('AES-KW');\n const expected = parseInt(alg.slice(1, 4), 10);\n const actual = key.algorithm.length;\n if (actual !== expected)\n throw unusable(expected, 'algorithm.length');\n break;\n }\n case 'ECDH': {\n switch (key.algorithm.name) {\n case 'ECDH':\n case 'X25519':\n case 'X448':\n break;\n default:\n throw unusable('ECDH, X25519, or X448');\n }\n break;\n }\n case 'PBES2-HS256+A128KW':\n case 'PBES2-HS384+A192KW':\n case 'PBES2-HS512+A256KW':\n if (!isAlgorithm(key.algorithm, 'PBKDF2'))\n throw unusable('PBKDF2');\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512': {\n if (!isAlgorithm(key.algorithm, 'RSA-OAEP'))\n throw unusable('RSA-OAEP');\n const expected = parseInt(alg.slice(9), 10) || 1;\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n default:\n throw new TypeError('CryptoKey does not support this operation');\n }\n checkUsage(key, usages);\n}\n","function message(msg, actual, ...types) {\n if (types.length > 2) {\n const last = types.pop();\n msg += `one of type ${types.join(', ')}, or ${last}.`;\n }\n else if (types.length === 2) {\n msg += `one of type ${types[0]} or ${types[1]}.`;\n }\n else {\n msg += `of type ${types[0]}.`;\n }\n if (actual == null) {\n msg += ` Received ${actual}`;\n }\n else if (typeof actual === 'function' && actual.name) {\n msg += ` Received function ${actual.name}`;\n }\n else if (typeof actual === 'object' && actual != null) {\n if (actual.constructor?.name) {\n msg += ` Received an instance of ${actual.constructor.name}`;\n }\n }\n return msg;\n}\nexport default (actual, ...types) => {\n return message('Key must be ', actual, ...types);\n};\nexport function withAlg(alg, actual, ...types) {\n return message(`Key for the ${alg} algorithm must be `, actual, ...types);\n}\n","import { getCiphers } from 'node:crypto';\nlet ciphers;\nexport default (algorithm) => {\n ciphers ||= new Set(getCiphers());\n return ciphers.has(algorithm);\n};\n","import webcrypto, { isCryptoKey } from './webcrypto.js';\nimport isKeyObject from './is_key_object.js';\nexport default (key) => isKeyObject(key) || isCryptoKey(key);\nconst types = ['KeyObject'];\nif (globalThis.CryptoKey || webcrypto?.CryptoKey) {\n types.push('CryptoKey');\n}\nexport { types };\n","const isDisjoint = (...headers) => {\n const sources = headers.filter(Boolean);\n if (sources.length === 0 || sources.length === 1) {\n return true;\n }\n let acc;\n for (const header of sources) {\n const parameters = Object.keys(header);\n if (!acc || acc.size === 0) {\n acc = new Set(parameters);\n continue;\n }\n for (const parameter of parameters) {\n if (acc.has(parameter)) {\n return false;\n }\n acc.add(parameter);\n }\n }\n return true;\n};\nexport default isDisjoint;\n","function isObjectLike(value) {\n return typeof value === 'object' && value !== null;\n}\nexport default function isObject(input) {\n if (!isObjectLike(input) || Object.prototype.toString.call(input) !== '[object Object]') {\n return false;\n }\n if (Object.getPrototypeOf(input) === null) {\n return true;\n }\n let proto = input;\n while (Object.getPrototypeOf(proto) !== null) {\n proto = Object.getPrototypeOf(proto);\n }\n return Object.getPrototypeOf(input) === proto;\n}\n","import { Buffer } from 'node:buffer';\nimport { KeyObject, createDecipheriv, createCipheriv, createSecretKey } from 'node:crypto';\nimport { JOSENotSupported } from '../util/errors.js';\nimport { concat } from '../lib/buffer_utils.js';\nimport { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport isKeyObject from './is_key_object.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport supported from './ciphers.js';\nimport { types } from './is_key_like.js';\nfunction checkKeySize(key, alg) {\n if (key.symmetricKeySize << 3 !== parseInt(alg.slice(1, 4), 10)) {\n throw new TypeError(`Invalid key size for alg: ${alg}`);\n }\n}\nfunction ensureKeyObject(key, alg, usage) {\n if (isKeyObject(key)) {\n return key;\n }\n if (key instanceof Uint8Array) {\n return createSecretKey(key);\n }\n if (isCryptoKey(key)) {\n checkEncCryptoKey(key, alg, usage);\n return KeyObject.from(key);\n }\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n}\nexport const wrap = (alg, key, cek) => {\n const size = parseInt(alg.slice(1, 4), 10);\n const algorithm = `aes${size}-wrap`;\n if (!supported(algorithm)) {\n throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);\n }\n const keyObject = ensureKeyObject(key, alg, 'wrapKey');\n checkKeySize(keyObject, alg);\n const cipher = createCipheriv(algorithm, keyObject, Buffer.alloc(8, 0xa6));\n return concat(cipher.update(cek), cipher.final());\n};\nexport const unwrap = (alg, key, encryptedKey) => {\n const size = parseInt(alg.slice(1, 4), 10);\n const algorithm = `aes${size}-wrap`;\n if (!supported(algorithm)) {\n throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);\n }\n const keyObject = ensureKeyObject(key, alg, 'unwrapKey');\n checkKeySize(keyObject, alg);\n const cipher = createDecipheriv(algorithm, keyObject, Buffer.alloc(8, 0xa6));\n return concat(cipher.update(encryptedKey), cipher.final());\n};\n","import { diffieHellman, generateKeyPair as generateKeyPairCb, KeyObject } from 'node:crypto';\nimport { promisify } from 'node:util';\nimport getNamedCurve from './get_named_curve.js';\nimport { encoder, concat, uint32be, lengthAndInput, concatKdf } from '../lib/buffer_utils.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport isKeyObject from './is_key_object.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nconst generateKeyPair = promisify(generateKeyPairCb);\nexport async function deriveKey(publicKee, privateKee, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) {\n let publicKey;\n if (isCryptoKey(publicKee)) {\n checkEncCryptoKey(publicKee, 'ECDH');\n publicKey = KeyObject.from(publicKee);\n }\n else if (isKeyObject(publicKee)) {\n publicKey = publicKee;\n }\n else {\n throw new TypeError(invalidKeyInput(publicKee, ...types));\n }\n let privateKey;\n if (isCryptoKey(privateKee)) {\n checkEncCryptoKey(privateKee, 'ECDH', 'deriveBits');\n privateKey = KeyObject.from(privateKee);\n }\n else if (isKeyObject(privateKee)) {\n privateKey = privateKee;\n }\n else {\n throw new TypeError(invalidKeyInput(privateKee, ...types));\n }\n const value = concat(lengthAndInput(encoder.encode(algorithm)), lengthAndInput(apu), lengthAndInput(apv), uint32be(keyLength));\n const sharedSecret = diffieHellman({ privateKey, publicKey });\n return concatKdf(sharedSecret, keyLength, value);\n}\nexport async function generateEpk(kee) {\n let key;\n if (isCryptoKey(kee)) {\n key = KeyObject.from(kee);\n }\n else if (isKeyObject(kee)) {\n key = kee;\n }\n else {\n throw new TypeError(invalidKeyInput(kee, ...types));\n }\n switch (key.asymmetricKeyType) {\n case 'x25519':\n return generateKeyPair('x25519');\n case 'x448': {\n return generateKeyPair('x448');\n }\n case 'ec': {\n const namedCurve = getNamedCurve(key);\n return generateKeyPair('ec', { namedCurve });\n }\n default:\n throw new JOSENotSupported('Invalid or unsupported EPK');\n }\n}\nexport const ecdhAllowed = (key) => ['P-256', 'P-384', 'P-521', 'X25519', 'X448'].includes(getNamedCurve(key));\n","import { KeyObject } from 'node:crypto';\nimport { JOSENotSupported } from '../util/errors.js';\nimport { isCryptoKey } from './webcrypto.js';\nimport isKeyObject from './is_key_object.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nexport const weakMap = new WeakMap();\nconst namedCurveToJOSE = (namedCurve) => {\n switch (namedCurve) {\n case 'prime256v1':\n return 'P-256';\n case 'secp384r1':\n return 'P-384';\n case 'secp521r1':\n return 'P-521';\n case 'secp256k1':\n return 'secp256k1';\n default:\n throw new JOSENotSupported('Unsupported key curve for this operation');\n }\n};\nconst getNamedCurve = (kee, raw) => {\n let key;\n if (isCryptoKey(kee)) {\n key = KeyObject.from(kee);\n }\n else if (isKeyObject(kee)) {\n key = kee;\n }\n else {\n throw new TypeError(invalidKeyInput(kee, ...types));\n }\n if (key.type === 'secret') {\n throw new TypeError('only \"private\" or \"public\" type keys can be used for this operation');\n }\n switch (key.asymmetricKeyType) {\n case 'ed25519':\n case 'ed448':\n return `Ed${key.asymmetricKeyType.slice(2)}`;\n case 'x25519':\n case 'x448':\n return `X${key.asymmetricKeyType.slice(1)}`;\n case 'ec': {\n const namedCurve = key.asymmetricKeyDetails.namedCurve;\n if (raw) {\n return namedCurve;\n }\n return namedCurveToJOSE(namedCurve);\n }\n default:\n throw new TypeError('Invalid asymmetric key type for this operation');\n }\n};\nexport default getNamedCurve;\n","import { promisify } from 'node:util';\nimport { KeyObject, pbkdf2 as pbkdf2cb } from 'node:crypto';\nimport random from './random.js';\nimport { p2s as concatSalt } from '../lib/buffer_utils.js';\nimport { encode as base64url } from './base64url.js';\nimport { wrap, unwrap } from './aeskw.js';\nimport checkP2s from '../lib/check_p2s.js';\nimport { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport isKeyObject from './is_key_object.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nconst pbkdf2 = promisify(pbkdf2cb);\nfunction getPassword(key, alg) {\n if (isKeyObject(key)) {\n return key.export();\n }\n if (key instanceof Uint8Array) {\n return key;\n }\n if (isCryptoKey(key)) {\n checkEncCryptoKey(key, alg, 'deriveBits', 'deriveKey');\n return KeyObject.from(key).export();\n }\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n}\nexport const encrypt = async (alg, key, cek, p2c = 2048, p2s = random(new Uint8Array(16))) => {\n checkP2s(p2s);\n const salt = concatSalt(alg, p2s);\n const keylen = parseInt(alg.slice(13, 16), 10) >> 3;\n const password = getPassword(key, alg);\n const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.slice(8, 11)}`);\n const encryptedKey = await wrap(alg.slice(-6), derivedKey, cek);\n return { encryptedKey, p2c, p2s: base64url(p2s) };\n};\nexport const decrypt = async (alg, key, encryptedKey, p2c, p2s) => {\n checkP2s(p2s);\n const salt = concatSalt(alg, p2s);\n const keylen = parseInt(alg.slice(13, 16), 10) >> 3;\n const password = getPassword(key, alg);\n const derivedKey = await pbkdf2(password, salt, p2c, keylen, `sha${alg.slice(8, 11)}`);\n return unwrap(alg.slice(-6), derivedKey, encryptedKey);\n};\n","import { JWEInvalid } from '../util/errors.js';\nexport default function checkP2s(p2s) {\n if (!(p2s instanceof Uint8Array) || p2s.length < 8) {\n throw new JWEInvalid('PBES2 Salt Input must be 8 or more octets');\n }\n}\n","import { KeyObject, publicEncrypt, constants, privateDecrypt } from 'node:crypto';\nimport { deprecate } from 'node:util';\nimport checkKeyLength from './check_key_length.js';\nimport { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport isKeyObject from './is_key_object.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nconst checkKey = (key, alg) => {\n if (key.asymmetricKeyType !== 'rsa') {\n throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa');\n }\n checkKeyLength(key, alg);\n};\nconst RSA1_5 = deprecate(() => constants.RSA_PKCS1_PADDING, 'The RSA1_5 \"alg\" (JWE Algorithm) is deprecated and will be removed in the next major revision.');\nconst resolvePadding = (alg) => {\n switch (alg) {\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n return constants.RSA_PKCS1_OAEP_PADDING;\n case 'RSA1_5':\n return RSA1_5();\n default:\n return undefined;\n }\n};\nconst resolveOaepHash = (alg) => {\n switch (alg) {\n case 'RSA-OAEP':\n return 'sha1';\n case 'RSA-OAEP-256':\n return 'sha256';\n case 'RSA-OAEP-384':\n return 'sha384';\n case 'RSA-OAEP-512':\n return 'sha512';\n default:\n return undefined;\n }\n};\nfunction ensureKeyObject(key, alg, ...usages) {\n if (isKeyObject(key)) {\n return key;\n }\n if (isCryptoKey(key)) {\n checkEncCryptoKey(key, alg, ...usages);\n return KeyObject.from(key);\n }\n throw new TypeError(invalidKeyInput(key, ...types));\n}\nexport const encrypt = (alg, key, cek) => {\n const padding = resolvePadding(alg);\n const oaepHash = resolveOaepHash(alg);\n const keyObject = ensureKeyObject(key, alg, 'wrapKey', 'encrypt');\n checkKey(keyObject, alg);\n return publicEncrypt({ key: keyObject, oaepHash, padding }, cek);\n};\nexport const decrypt = (alg, key, encryptedKey) => {\n const padding = resolvePadding(alg);\n const oaepHash = resolveOaepHash(alg);\n const keyObject = ensureKeyObject(key, alg, 'unwrapKey', 'decrypt');\n checkKey(keyObject, alg);\n return privateDecrypt({ key: keyObject, oaepHash, padding }, encryptedKey);\n};\n","export default (key, alg) => {\n const { modulusLength } = key.asymmetricKeyDetails;\n if (typeof modulusLength !== 'number' || modulusLength < 2048) {\n throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);\n }\n};\n","import { JOSENotSupported } from '../util/errors.js';\nimport random from '../runtime/random.js';\nexport function bitLength(alg) {\n switch (alg) {\n case 'A128GCM':\n return 128;\n case 'A192GCM':\n return 192;\n case 'A256GCM':\n case 'A128CBC-HS256':\n return 256;\n case 'A192CBC-HS384':\n return 384;\n case 'A256CBC-HS512':\n return 512;\n default:\n throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`);\n }\n}\nexport default (alg) => random(new Uint8Array(bitLength(alg) >> 3));\n","import { createPrivateKey, createPublicKey, KeyObject } from 'node:crypto';\nimport { Buffer } from 'node:buffer';\nimport { isCryptoKey } from './webcrypto.js';\nimport isKeyObject from './is_key_object.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nconst genericExport = (keyType, keyFormat, key) => {\n let keyObject;\n if (isCryptoKey(key)) {\n if (!key.extractable) {\n throw new TypeError('CryptoKey is not extractable');\n }\n keyObject = KeyObject.from(key);\n }\n else if (isKeyObject(key)) {\n keyObject = key;\n }\n else {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n if (keyObject.type !== keyType) {\n throw new TypeError(`key is not a ${keyType} key`);\n }\n return keyObject.export({ format: 'pem', type: keyFormat });\n};\nexport const toSPKI = (key) => {\n return genericExport('public', 'spki', key);\n};\nexport const toPKCS8 = (key) => {\n return genericExport('private', 'pkcs8', key);\n};\nexport const fromPKCS8 = (pem) => createPrivateKey({\n key: Buffer.from(pem.replace(/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\\s)/g, ''), 'base64'),\n type: 'pkcs8',\n format: 'der',\n});\nexport const fromSPKI = (pem) => createPublicKey({\n key: Buffer.from(pem.replace(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\\s)/g, ''), 'base64'),\n type: 'spki',\n format: 'der',\n});\nexport const fromX509 = (pem) => createPublicKey({\n key: pem,\n type: 'spki',\n format: 'pem',\n});\n","import { createPrivateKey, createPublicKey } from 'node:crypto';\nconst parse = (jwk) => {\n return (jwk.d ? createPrivateKey : createPublicKey)({ format: 'jwk', key: jwk });\n};\nexport default parse;\n","import { decode as decodeBase64URL } from '../runtime/base64url.js';\nimport { fromSPKI, fromPKCS8, fromX509 } from '../runtime/asn1.js';\nimport asKeyObject from '../runtime/jwk_to_key.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport isObject from '../lib/is_object.js';\nexport async function importSPKI(spki, alg, options) {\n if (typeof spki !== 'string' || spki.indexOf('-----BEGIN PUBLIC KEY-----') !== 0) {\n throw new TypeError('\"spki\" must be SPKI formatted string');\n }\n return fromSPKI(spki, alg, options);\n}\nexport async function importX509(x509, alg, options) {\n if (typeof x509 !== 'string' || x509.indexOf('-----BEGIN CERTIFICATE-----') !== 0) {\n throw new TypeError('\"x509\" must be X.509 formatted string');\n }\n return fromX509(x509, alg, options);\n}\nexport async function importPKCS8(pkcs8, alg, options) {\n if (typeof pkcs8 !== 'string' || pkcs8.indexOf('-----BEGIN PRIVATE KEY-----') !== 0) {\n throw new TypeError('\"pkcs8\" must be PKCS#8 formatted string');\n }\n return fromPKCS8(pkcs8, alg, options);\n}\nexport async function importJWK(jwk, alg) {\n if (!isObject(jwk)) {\n throw new TypeError('JWK must be an object');\n }\n alg ||= jwk.alg;\n switch (jwk.kty) {\n case 'oct':\n if (typeof jwk.k !== 'string' || !jwk.k) {\n throw new TypeError('missing \"k\" (Key Value) Parameter value');\n }\n return decodeBase64URL(jwk.k);\n case 'RSA':\n if (jwk.oth !== undefined) {\n throw new JOSENotSupported('RSA JWK \"oth\" (Other Primes Info) Parameter value is not supported');\n }\n case 'EC':\n case 'OKP':\n return asKeyObject({ ...jwk, alg });\n default:\n throw new JOSENotSupported('Unsupported \"kty\" (Key Type) Parameter value');\n }\n}\n","import { withAlg as invalidKeyInput } from './invalid_key_input.js';\nimport isKeyLike, { types } from '../runtime/is_key_like.js';\nconst symmetricTypeCheck = (alg, key) => {\n if (key instanceof Uint8Array)\n return;\n if (!isKeyLike(key)) {\n throw new TypeError(invalidKeyInput(alg, key, ...types, 'Uint8Array'));\n }\n if (key.type !== 'secret') {\n throw new TypeError(`${types.join(' or ')} instances for symmetric algorithms must be of type \"secret\"`);\n }\n};\nconst asymmetricTypeCheck = (alg, key, usage) => {\n if (!isKeyLike(key)) {\n throw new TypeError(invalidKeyInput(alg, key, ...types));\n }\n if (key.type === 'secret') {\n throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithms must not be of type \"secret\"`);\n }\n if (usage === 'sign' && key.type === 'public') {\n throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm signing must be of type \"private\"`);\n }\n if (usage === 'decrypt' && key.type === 'public') {\n throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm decryption must be of type \"private\"`);\n }\n if (key.algorithm && usage === 'verify' && key.type === 'private') {\n throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm verifying must be of type \"public\"`);\n }\n if (key.algorithm && usage === 'encrypt' && key.type === 'private') {\n throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm encryption must be of type \"public\"`);\n }\n};\nconst checkKeyType = (alg, key, usage) => {\n const symmetric = alg.startsWith('HS') ||\n alg === 'dir' ||\n alg.startsWith('PBES2') ||\n /^A\\d{3}(?:GCM)?KW$/.test(alg);\n if (symmetric) {\n symmetricTypeCheck(alg, key);\n }\n else {\n asymmetricTypeCheck(alg, key, usage);\n }\n};\nexport default checkKeyType;\n","import { createCipheriv, KeyObject } from 'node:crypto';\nimport checkIvLength from '../lib/check_iv_length.js';\nimport checkCekLength from './check_cek_length.js';\nimport { concat } from '../lib/buffer_utils.js';\nimport cbcTag from './cbc_tag.js';\nimport { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport isKeyObject from './is_key_object.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport generateIv from '../lib/iv.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport supported from './ciphers.js';\nimport { types } from './is_key_like.js';\nfunction cbcEncrypt(enc, plaintext, cek, iv, aad) {\n const keySize = parseInt(enc.slice(1, 4), 10);\n if (isKeyObject(cek)) {\n cek = cek.export();\n }\n const encKey = cek.subarray(keySize >> 3);\n const macKey = cek.subarray(0, keySize >> 3);\n const algorithm = `aes-${keySize}-cbc`;\n if (!supported(algorithm)) {\n throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);\n }\n const cipher = createCipheriv(algorithm, encKey, iv);\n const ciphertext = concat(cipher.update(plaintext), cipher.final());\n const macSize = parseInt(enc.slice(-3), 10);\n const tag = cbcTag(aad, iv, ciphertext, macSize, macKey, keySize);\n return { ciphertext, tag, iv };\n}\nfunction gcmEncrypt(enc, plaintext, cek, iv, aad) {\n const keySize = parseInt(enc.slice(1, 4), 10);\n const algorithm = `aes-${keySize}-gcm`;\n if (!supported(algorithm)) {\n throw new JOSENotSupported(`alg ${enc} is not supported by your javascript runtime`);\n }\n const cipher = createCipheriv(algorithm, cek, iv, { authTagLength: 16 });\n if (aad.byteLength) {\n cipher.setAAD(aad, { plaintextLength: plaintext.length });\n }\n const ciphertext = cipher.update(plaintext);\n cipher.final();\n const tag = cipher.getAuthTag();\n return { ciphertext, tag, iv };\n}\nconst encrypt = (enc, plaintext, cek, iv, aad) => {\n let key;\n if (isCryptoKey(cek)) {\n checkEncCryptoKey(cek, enc, 'encrypt');\n key = KeyObject.from(cek);\n }\n else if (cek instanceof Uint8Array || isKeyObject(cek)) {\n key = cek;\n }\n else {\n throw new TypeError(invalidKeyInput(cek, ...types, 'Uint8Array'));\n }\n checkCekLength(enc, key);\n if (iv) {\n checkIvLength(enc, iv);\n }\n else {\n iv = generateIv(enc);\n }\n switch (enc) {\n case 'A128CBC-HS256':\n case 'A192CBC-HS384':\n case 'A256CBC-HS512':\n return cbcEncrypt(enc, plaintext, key, iv, aad);\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM':\n return gcmEncrypt(enc, plaintext, key, iv, aad);\n default:\n throw new JOSENotSupported('Unsupported JWE Content Encryption Algorithm');\n }\n};\nexport default encrypt;\n","import encrypt from '../runtime/encrypt.js';\nimport decrypt from '../runtime/decrypt.js';\nimport { encode as base64url } from '../runtime/base64url.js';\nexport async function wrap(alg, key, cek, iv) {\n const jweAlgorithm = alg.slice(0, 7);\n const wrapped = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0));\n return {\n encryptedKey: wrapped.ciphertext,\n iv: base64url(wrapped.iv),\n tag: base64url(wrapped.tag),\n };\n}\nexport async function unwrap(alg, key, encryptedKey, iv, tag) {\n const jweAlgorithm = alg.slice(0, 7);\n return decrypt(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array(0));\n}\n","import { unwrap as aesKw } from '../runtime/aeskw.js';\nimport * as ECDH from '../runtime/ecdhes.js';\nimport { decrypt as pbes2Kw } from '../runtime/pbes2kw.js';\nimport { decrypt as rsaEs } from '../runtime/rsaes.js';\nimport { decode as base64url } from '../runtime/base64url.js';\nimport { JOSENotSupported, JWEInvalid } from '../util/errors.js';\nimport { bitLength as cekLength } from '../lib/cek.js';\nimport { importJWK } from '../key/import.js';\nimport checkKeyType from './check_key_type.js';\nimport isObject from './is_object.js';\nimport { unwrap as aesGcmKw } from './aesgcmkw.js';\nasync function decryptKeyManagement(alg, key, encryptedKey, joseHeader, options) {\n checkKeyType(alg, key, 'decrypt');\n switch (alg) {\n case 'dir': {\n if (encryptedKey !== undefined)\n throw new JWEInvalid('Encountered unexpected JWE Encrypted Key');\n return key;\n }\n case 'ECDH-ES':\n if (encryptedKey !== undefined)\n throw new JWEInvalid('Encountered unexpected JWE Encrypted Key');\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW': {\n if (!isObject(joseHeader.epk))\n throw new JWEInvalid(`JOSE Header \"epk\" (Ephemeral Public Key) missing or invalid`);\n if (!ECDH.ecdhAllowed(key))\n throw new JOSENotSupported('ECDH with the provided key is not allowed or not supported by your javascript runtime');\n const epk = await importJWK(joseHeader.epk, alg);\n let partyUInfo;\n let partyVInfo;\n if (joseHeader.apu !== undefined) {\n if (typeof joseHeader.apu !== 'string')\n throw new JWEInvalid(`JOSE Header \"apu\" (Agreement PartyUInfo) invalid`);\n try {\n partyUInfo = base64url(joseHeader.apu);\n }\n catch {\n throw new JWEInvalid('Failed to base64url decode the apu');\n }\n }\n if (joseHeader.apv !== undefined) {\n if (typeof joseHeader.apv !== 'string')\n throw new JWEInvalid(`JOSE Header \"apv\" (Agreement PartyVInfo) invalid`);\n try {\n partyVInfo = base64url(joseHeader.apv);\n }\n catch {\n throw new JWEInvalid('Failed to base64url decode the apv');\n }\n }\n const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? cekLength(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo);\n if (alg === 'ECDH-ES')\n return sharedSecret;\n if (encryptedKey === undefined)\n throw new JWEInvalid('JWE Encrypted Key missing');\n return aesKw(alg.slice(-6), sharedSecret, encryptedKey);\n }\n case 'RSA1_5':\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512': {\n if (encryptedKey === undefined)\n throw new JWEInvalid('JWE Encrypted Key missing');\n return rsaEs(alg, key, encryptedKey);\n }\n case 'PBES2-HS256+A128KW':\n case 'PBES2-HS384+A192KW':\n case 'PBES2-HS512+A256KW': {\n if (encryptedKey === undefined)\n throw new JWEInvalid('JWE Encrypted Key missing');\n if (typeof joseHeader.p2c !== 'number')\n throw new JWEInvalid(`JOSE Header \"p2c\" (PBES2 Count) missing or invalid`);\n const p2cLimit = options?.maxPBES2Count || 10000;\n if (joseHeader.p2c > p2cLimit)\n throw new JWEInvalid(`JOSE Header \"p2c\" (PBES2 Count) out is of acceptable bounds`);\n if (typeof joseHeader.p2s !== 'string')\n throw new JWEInvalid(`JOSE Header \"p2s\" (PBES2 Salt) missing or invalid`);\n let p2s;\n try {\n p2s = base64url(joseHeader.p2s);\n }\n catch {\n throw new JWEInvalid('Failed to base64url decode the p2s');\n }\n return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, p2s);\n }\n case 'A128KW':\n case 'A192KW':\n case 'A256KW': {\n if (encryptedKey === undefined)\n throw new JWEInvalid('JWE Encrypted Key missing');\n return aesKw(alg, key, encryptedKey);\n }\n case 'A128GCMKW':\n case 'A192GCMKW':\n case 'A256GCMKW': {\n if (encryptedKey === undefined)\n throw new JWEInvalid('JWE Encrypted Key missing');\n if (typeof joseHeader.iv !== 'string')\n throw new JWEInvalid(`JOSE Header \"iv\" (Initialization Vector) missing or invalid`);\n if (typeof joseHeader.tag !== 'string')\n throw new JWEInvalid(`JOSE Header \"tag\" (Authentication Tag) missing or invalid`);\n let iv;\n try {\n iv = base64url(joseHeader.iv);\n }\n catch {\n throw new JWEInvalid('Failed to base64url decode the iv');\n }\n let tag;\n try {\n tag = base64url(joseHeader.tag);\n }\n catch {\n throw new JWEInvalid('Failed to base64url decode the tag');\n }\n return aesGcmKw(alg, key, encryptedKey, iv, tag);\n }\n default: {\n throw new JOSENotSupported('Invalid or unsupported \"alg\" (JWE Algorithm) header value');\n }\n }\n}\nexport default decryptKeyManagement;\n","import { JOSENotSupported } from '../util/errors.js';\nfunction validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {\n if (joseHeader.crit !== undefined && protectedHeader?.crit === undefined) {\n throw new Err('\"crit\" (Critical) Header Parameter MUST be integrity protected');\n }\n if (!protectedHeader || protectedHeader.crit === undefined) {\n return new Set();\n }\n if (!Array.isArray(protectedHeader.crit) ||\n protectedHeader.crit.length === 0 ||\n protectedHeader.crit.some((input) => typeof input !== 'string' || input.length === 0)) {\n throw new Err('\"crit\" (Critical) Header Parameter MUST be an array of non-empty strings when present');\n }\n let recognized;\n if (recognizedOption !== undefined) {\n recognized = new Map([...Object.entries(recognizedOption), ...recognizedDefault.entries()]);\n }\n else {\n recognized = recognizedDefault;\n }\n for (const parameter of protectedHeader.crit) {\n if (!recognized.has(parameter)) {\n throw new JOSENotSupported(`Extension Header Parameter \"${parameter}\" is not recognized`);\n }\n if (joseHeader[parameter] === undefined) {\n throw new Err(`Extension Header Parameter \"${parameter}\" is missing`);\n }\n if (recognized.get(parameter) && protectedHeader[parameter] === undefined) {\n throw new Err(`Extension Header Parameter \"${parameter}\" MUST be integrity protected`);\n }\n }\n return new Set(protectedHeader.crit);\n}\nexport default validateCrit;\n","const validateAlgorithms = (option, algorithms) => {\n if (algorithms !== undefined &&\n (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== 'string'))) {\n throw new TypeError(`\"${option}\" option must be an array of strings`);\n }\n if (!algorithms) {\n return undefined;\n }\n return new Set(algorithms);\n};\nexport default validateAlgorithms;\n","import { decode as base64url } from '../../runtime/base64url.js';\nimport decrypt from '../../runtime/decrypt.js';\nimport { JOSEAlgNotAllowed, JOSENotSupported, JWEInvalid } from '../../util/errors.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport isObject from '../../lib/is_object.js';\nimport decryptKeyManagement from '../../lib/decrypt_key_management.js';\nimport { encoder, decoder, concat } from '../../lib/buffer_utils.js';\nimport generateCek from '../../lib/cek.js';\nimport validateCrit from '../../lib/validate_crit.js';\nimport validateAlgorithms from '../../lib/validate_algorithms.js';\nexport async function flattenedDecrypt(jwe, key, options) {\n if (!isObject(jwe)) {\n throw new JWEInvalid('Flattened JWE must be an object');\n }\n if (jwe.protected === undefined && jwe.header === undefined && jwe.unprotected === undefined) {\n throw new JWEInvalid('JOSE Header missing');\n }\n if (jwe.iv !== undefined && typeof jwe.iv !== 'string') {\n throw new JWEInvalid('JWE Initialization Vector incorrect type');\n }\n if (typeof jwe.ciphertext !== 'string') {\n throw new JWEInvalid('JWE Ciphertext missing or incorrect type');\n }\n if (jwe.tag !== undefined && typeof jwe.tag !== 'string') {\n throw new JWEInvalid('JWE Authentication Tag incorrect type');\n }\n if (jwe.protected !== undefined && typeof jwe.protected !== 'string') {\n throw new JWEInvalid('JWE Protected Header incorrect type');\n }\n if (jwe.encrypted_key !== undefined && typeof jwe.encrypted_key !== 'string') {\n throw new JWEInvalid('JWE Encrypted Key incorrect type');\n }\n if (jwe.aad !== undefined && typeof jwe.aad !== 'string') {\n throw new JWEInvalid('JWE AAD incorrect type');\n }\n if (jwe.header !== undefined && !isObject(jwe.header)) {\n throw new JWEInvalid('JWE Shared Unprotected Header incorrect type');\n }\n if (jwe.unprotected !== undefined && !isObject(jwe.unprotected)) {\n throw new JWEInvalid('JWE Per-Recipient Unprotected Header incorrect type');\n }\n let parsedProt;\n if (jwe.protected) {\n try {\n const protectedHeader = base64url(jwe.protected);\n parsedProt = JSON.parse(decoder.decode(protectedHeader));\n }\n catch {\n throw new JWEInvalid('JWE Protected Header is invalid');\n }\n }\n if (!isDisjoint(parsedProt, jwe.header, jwe.unprotected)) {\n throw new JWEInvalid('JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...parsedProt,\n ...jwe.header,\n ...jwe.unprotected,\n };\n validateCrit(JWEInvalid, new Map(), options?.crit, parsedProt, joseHeader);\n if (joseHeader.zip !== undefined) {\n throw new JOSENotSupported('JWE \"zip\" (Compression Algorithm) Header Parameter is not supported.');\n }\n const { alg, enc } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWEInvalid('missing JWE Algorithm (alg) in JWE Header');\n }\n if (typeof enc !== 'string' || !enc) {\n throw new JWEInvalid('missing JWE Encryption Algorithm (enc) in JWE Header');\n }\n const keyManagementAlgorithms = options && validateAlgorithms('keyManagementAlgorithms', options.keyManagementAlgorithms);\n const contentEncryptionAlgorithms = options &&\n validateAlgorithms('contentEncryptionAlgorithms', options.contentEncryptionAlgorithms);\n if ((keyManagementAlgorithms && !keyManagementAlgorithms.has(alg)) ||\n (!keyManagementAlgorithms && alg.startsWith('PBES2'))) {\n throw new JOSEAlgNotAllowed('\"alg\" (Algorithm) Header Parameter value not allowed');\n }\n if (contentEncryptionAlgorithms && !contentEncryptionAlgorithms.has(enc)) {\n throw new JOSEAlgNotAllowed('\"enc\" (Encryption Algorithm) Header Parameter value not allowed');\n }\n let encryptedKey;\n if (jwe.encrypted_key !== undefined) {\n try {\n encryptedKey = base64url(jwe.encrypted_key);\n }\n catch {\n throw new JWEInvalid('Failed to base64url decode the encrypted_key');\n }\n }\n let resolvedKey = false;\n if (typeof key === 'function') {\n key = await key(parsedProt, jwe);\n resolvedKey = true;\n }\n let cek;\n try {\n cek = await decryptKeyManagement(alg, key, encryptedKey, joseHeader, options);\n }\n catch (err) {\n if (err instanceof TypeError || err instanceof JWEInvalid || err instanceof JOSENotSupported) {\n throw err;\n }\n cek = generateCek(enc);\n }\n let iv;\n let tag;\n if (jwe.iv !== undefined) {\n try {\n iv = base64url(jwe.iv);\n }\n catch {\n throw new JWEInvalid('Failed to base64url decode the iv');\n }\n }\n if (jwe.tag !== undefined) {\n try {\n tag = base64url(jwe.tag);\n }\n catch {\n throw new JWEInvalid('Failed to base64url decode the tag');\n }\n }\n const protectedHeader = encoder.encode(jwe.protected ?? '');\n let additionalData;\n if (jwe.aad !== undefined) {\n additionalData = concat(protectedHeader, encoder.encode('.'), encoder.encode(jwe.aad));\n }\n else {\n additionalData = protectedHeader;\n }\n let ciphertext;\n try {\n ciphertext = base64url(jwe.ciphertext);\n }\n catch {\n throw new JWEInvalid('Failed to base64url decode the ciphertext');\n }\n const plaintext = await decrypt(enc, cek, ciphertext, iv, tag, additionalData);\n const result = { plaintext };\n if (jwe.protected !== undefined) {\n result.protectedHeader = parsedProt;\n }\n if (jwe.aad !== undefined) {\n try {\n result.additionalAuthenticatedData = base64url(jwe.aad);\n }\n catch {\n throw new JWEInvalid('Failed to base64url decode the aad');\n }\n }\n if (jwe.unprotected !== undefined) {\n result.sharedUnprotectedHeader = jwe.unprotected;\n }\n if (jwe.header !== undefined) {\n result.unprotectedHeader = jwe.header;\n }\n if (resolvedKey) {\n return { ...result, key };\n }\n return result;\n}\n","import { flattenedDecrypt } from '../flattened/decrypt.js';\nimport { JWEInvalid } from '../../util/errors.js';\nimport { decoder } from '../../lib/buffer_utils.js';\nexport async function compactDecrypt(jwe, key, options) {\n if (jwe instanceof Uint8Array) {\n jwe = decoder.decode(jwe);\n }\n if (typeof jwe !== 'string') {\n throw new JWEInvalid('Compact JWE must be a string or Uint8Array');\n }\n const { 0: protectedHeader, 1: encryptedKey, 2: iv, 3: ciphertext, 4: tag, length, } = jwe.split('.');\n if (length !== 5) {\n throw new JWEInvalid('Invalid Compact JWE');\n }\n const decrypted = await flattenedDecrypt({\n ciphertext,\n iv: iv || undefined,\n protected: protectedHeader,\n tag: tag || undefined,\n encrypted_key: encryptedKey || undefined,\n }, key, options);\n const result = { plaintext: decrypted.plaintext, protectedHeader: decrypted.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: decrypted.key };\n }\n return result;\n}\n","import { flattenedDecrypt } from '../flattened/decrypt.js';\nimport { JWEDecryptionFailed, JWEInvalid } from '../../util/errors.js';\nimport isObject from '../../lib/is_object.js';\nexport async function generalDecrypt(jwe, key, options) {\n if (!isObject(jwe)) {\n throw new JWEInvalid('General JWE must be an object');\n }\n if (!Array.isArray(jwe.recipients) || !jwe.recipients.every(isObject)) {\n throw new JWEInvalid('JWE Recipients missing or incorrect type');\n }\n if (!jwe.recipients.length) {\n throw new JWEInvalid('JWE Recipients has no members');\n }\n for (const recipient of jwe.recipients) {\n try {\n return await flattenedDecrypt({\n aad: jwe.aad,\n ciphertext: jwe.ciphertext,\n encrypted_key: recipient.encrypted_key,\n header: recipient.header,\n iv: jwe.iv,\n protected: jwe.protected,\n tag: jwe.tag,\n unprotected: jwe.unprotected,\n }, key, options);\n }\n catch {\n }\n }\n throw new JWEDecryptionFailed();\n}\n","import { KeyObject } from 'node:crypto';\nimport { encode as base64url } from './base64url.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport { isCryptoKey } from './webcrypto.js';\nimport isKeyObject from './is_key_object.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nconst keyToJWK = (key) => {\n let keyObject;\n if (isCryptoKey(key)) {\n if (!key.extractable) {\n throw new TypeError('CryptoKey is not extractable');\n }\n keyObject = KeyObject.from(key);\n }\n else if (isKeyObject(key)) {\n keyObject = key;\n }\n else if (key instanceof Uint8Array) {\n return {\n kty: 'oct',\n k: base64url(key),\n };\n }\n else {\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n }\n if (keyObject.type !== 'secret' &&\n !['rsa', 'ec', 'ed25519', 'x25519', 'ed448', 'x448'].includes(keyObject.asymmetricKeyType)) {\n throw new JOSENotSupported('Unsupported key asymmetricKeyType');\n }\n return keyObject.export({ format: 'jwk' });\n};\nexport default keyToJWK;\n","import { toSPKI as exportPublic } from '../runtime/asn1.js';\nimport { toPKCS8 as exportPrivate } from '../runtime/asn1.js';\nimport keyToJWK from '../runtime/key_to_jwk.js';\nexport async function exportSPKI(key) {\n return exportPublic(key);\n}\nexport async function exportPKCS8(key) {\n return exportPrivate(key);\n}\nexport async function exportJWK(key) {\n return keyToJWK(key);\n}\n","import { wrap as aesKw } from '../runtime/aeskw.js';\nimport * as ECDH from '../runtime/ecdhes.js';\nimport { encrypt as pbes2Kw } from '../runtime/pbes2kw.js';\nimport { encrypt as rsaEs } from '../runtime/rsaes.js';\nimport { encode as base64url } from '../runtime/base64url.js';\nimport generateCek, { bitLength as cekLength } from '../lib/cek.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport { exportJWK } from '../key/export.js';\nimport checkKeyType from './check_key_type.js';\nimport { wrap as aesGcmKw } from './aesgcmkw.js';\nasync function encryptKeyManagement(alg, enc, key, providedCek, providedParameters = {}) {\n let encryptedKey;\n let parameters;\n let cek;\n checkKeyType(alg, key, 'encrypt');\n switch (alg) {\n case 'dir': {\n cek = key;\n break;\n }\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW': {\n if (!ECDH.ecdhAllowed(key)) {\n throw new JOSENotSupported('ECDH with the provided key is not allowed or not supported by your javascript runtime');\n }\n const { apu, apv } = providedParameters;\n let { epk: ephemeralKey } = providedParameters;\n ephemeralKey ||= (await ECDH.generateEpk(key)).privateKey;\n const { x, y, crv, kty } = await exportJWK(ephemeralKey);\n const sharedSecret = await ECDH.deriveKey(key, ephemeralKey, alg === 'ECDH-ES' ? enc : alg, alg === 'ECDH-ES' ? cekLength(enc) : parseInt(alg.slice(-5, -2), 10), apu, apv);\n parameters = { epk: { x, crv, kty } };\n if (kty === 'EC')\n parameters.epk.y = y;\n if (apu)\n parameters.apu = base64url(apu);\n if (apv)\n parameters.apv = base64url(apv);\n if (alg === 'ECDH-ES') {\n cek = sharedSecret;\n break;\n }\n cek = providedCek || generateCek(enc);\n const kwAlg = alg.slice(-6);\n encryptedKey = await aesKw(kwAlg, sharedSecret, cek);\n break;\n }\n case 'RSA1_5':\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512': {\n cek = providedCek || generateCek(enc);\n encryptedKey = await rsaEs(alg, key, cek);\n break;\n }\n case 'PBES2-HS256+A128KW':\n case 'PBES2-HS384+A192KW':\n case 'PBES2-HS512+A256KW': {\n cek = providedCek || generateCek(enc);\n const { p2c, p2s } = providedParameters;\n ({ encryptedKey, ...parameters } = await pbes2Kw(alg, key, cek, p2c, p2s));\n break;\n }\n case 'A128KW':\n case 'A192KW':\n case 'A256KW': {\n cek = providedCek || generateCek(enc);\n encryptedKey = await aesKw(alg, key, cek);\n break;\n }\n case 'A128GCMKW':\n case 'A192GCMKW':\n case 'A256GCMKW': {\n cek = providedCek || generateCek(enc);\n const { iv } = providedParameters;\n ({ encryptedKey, ...parameters } = await aesGcmKw(alg, key, cek, iv));\n break;\n }\n default: {\n throw new JOSENotSupported('Invalid or unsupported \"alg\" (JWE Algorithm) header value');\n }\n }\n return { cek, encryptedKey, parameters };\n}\nexport default encryptKeyManagement;\n","import { encode as base64url } from '../../runtime/base64url.js';\nimport encrypt from '../../runtime/encrypt.js';\nimport encryptKeyManagement from '../../lib/encrypt_key_management.js';\nimport { JOSENotSupported, JWEInvalid } from '../../util/errors.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport { encoder, decoder, concat } from '../../lib/buffer_utils.js';\nimport validateCrit from '../../lib/validate_crit.js';\nexport const unprotected = Symbol();\nexport class FlattenedEncrypt {\n _plaintext;\n _protectedHeader;\n _sharedUnprotectedHeader;\n _unprotectedHeader;\n _aad;\n _cek;\n _iv;\n _keyManagementParameters;\n constructor(plaintext) {\n if (!(plaintext instanceof Uint8Array)) {\n throw new TypeError('plaintext must be an instance of Uint8Array');\n }\n this._plaintext = plaintext;\n }\n setKeyManagementParameters(parameters) {\n if (this._keyManagementParameters) {\n throw new TypeError('setKeyManagementParameters can only be called once');\n }\n this._keyManagementParameters = parameters;\n return this;\n }\n setProtectedHeader(protectedHeader) {\n if (this._protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this._protectedHeader = protectedHeader;\n return this;\n }\n setSharedUnprotectedHeader(sharedUnprotectedHeader) {\n if (this._sharedUnprotectedHeader) {\n throw new TypeError('setSharedUnprotectedHeader can only be called once');\n }\n this._sharedUnprotectedHeader = sharedUnprotectedHeader;\n return this;\n }\n setUnprotectedHeader(unprotectedHeader) {\n if (this._unprotectedHeader) {\n throw new TypeError('setUnprotectedHeader can only be called once');\n }\n this._unprotectedHeader = unprotectedHeader;\n return this;\n }\n setAdditionalAuthenticatedData(aad) {\n this._aad = aad;\n return this;\n }\n setContentEncryptionKey(cek) {\n if (this._cek) {\n throw new TypeError('setContentEncryptionKey can only be called once');\n }\n this._cek = cek;\n return this;\n }\n setInitializationVector(iv) {\n if (this._iv) {\n throw new TypeError('setInitializationVector can only be called once');\n }\n this._iv = iv;\n return this;\n }\n async encrypt(key, options) {\n if (!this._protectedHeader && !this._unprotectedHeader && !this._sharedUnprotectedHeader) {\n throw new JWEInvalid('either setProtectedHeader, setUnprotectedHeader, or sharedUnprotectedHeader must be called before #encrypt()');\n }\n if (!isDisjoint(this._protectedHeader, this._unprotectedHeader, this._sharedUnprotectedHeader)) {\n throw new JWEInvalid('JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...this._protectedHeader,\n ...this._unprotectedHeader,\n ...this._sharedUnprotectedHeader,\n };\n validateCrit(JWEInvalid, new Map(), options?.crit, this._protectedHeader, joseHeader);\n if (joseHeader.zip !== undefined) {\n throw new JOSENotSupported('JWE \"zip\" (Compression Algorithm) Header Parameter is not supported.');\n }\n const { alg, enc } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWEInvalid('JWE \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n if (typeof enc !== 'string' || !enc) {\n throw new JWEInvalid('JWE \"enc\" (Encryption Algorithm) Header Parameter missing or invalid');\n }\n let encryptedKey;\n if (this._cek && (alg === 'dir' || alg === 'ECDH-ES')) {\n throw new TypeError(`setContentEncryptionKey cannot be called with JWE \"alg\" (Algorithm) Header ${alg}`);\n }\n let cek;\n {\n let parameters;\n ({ cek, encryptedKey, parameters } = await encryptKeyManagement(alg, enc, key, this._cek, this._keyManagementParameters));\n if (parameters) {\n if (options && unprotected in options) {\n if (!this._unprotectedHeader) {\n this.setUnprotectedHeader(parameters);\n }\n else {\n this._unprotectedHeader = { ...this._unprotectedHeader, ...parameters };\n }\n }\n else {\n if (!this._protectedHeader) {\n this.setProtectedHeader(parameters);\n }\n else {\n this._protectedHeader = { ...this._protectedHeader, ...parameters };\n }\n }\n }\n }\n let additionalData;\n let protectedHeader;\n let aadMember;\n if (this._protectedHeader) {\n protectedHeader = encoder.encode(base64url(JSON.stringify(this._protectedHeader)));\n }\n else {\n protectedHeader = encoder.encode('');\n }\n if (this._aad) {\n aadMember = base64url(this._aad);\n additionalData = concat(protectedHeader, encoder.encode('.'), encoder.encode(aadMember));\n }\n else {\n additionalData = protectedHeader;\n }\n const { ciphertext, tag, iv } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData);\n const jwe = {\n ciphertext: base64url(ciphertext),\n };\n if (iv) {\n jwe.iv = base64url(iv);\n }\n if (tag) {\n jwe.tag = base64url(tag);\n }\n if (encryptedKey) {\n jwe.encrypted_key = base64url(encryptedKey);\n }\n if (aadMember) {\n jwe.aad = aadMember;\n }\n if (this._protectedHeader) {\n jwe.protected = decoder.decode(protectedHeader);\n }\n if (this._sharedUnprotectedHeader) {\n jwe.unprotected = this._sharedUnprotectedHeader;\n }\n if (this._unprotectedHeader) {\n jwe.header = this._unprotectedHeader;\n }\n return jwe;\n }\n}\n","import { FlattenedEncrypt, unprotected } from '../flattened/encrypt.js';\nimport { JOSENotSupported, JWEInvalid } from '../../util/errors.js';\nimport generateCek from '../../lib/cek.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport encryptKeyManagement from '../../lib/encrypt_key_management.js';\nimport { encode as base64url } from '../../runtime/base64url.js';\nimport validateCrit from '../../lib/validate_crit.js';\nclass IndividualRecipient {\n parent;\n unprotectedHeader;\n key;\n options;\n constructor(enc, key, options) {\n this.parent = enc;\n this.key = key;\n this.options = options;\n }\n setUnprotectedHeader(unprotectedHeader) {\n if (this.unprotectedHeader) {\n throw new TypeError('setUnprotectedHeader can only be called once');\n }\n this.unprotectedHeader = unprotectedHeader;\n return this;\n }\n addRecipient(...args) {\n return this.parent.addRecipient(...args);\n }\n encrypt(...args) {\n return this.parent.encrypt(...args);\n }\n done() {\n return this.parent;\n }\n}\nexport class GeneralEncrypt {\n _plaintext;\n _recipients = [];\n _protectedHeader;\n _unprotectedHeader;\n _aad;\n constructor(plaintext) {\n this._plaintext = plaintext;\n }\n addRecipient(key, options) {\n const recipient = new IndividualRecipient(this, key, { crit: options?.crit });\n this._recipients.push(recipient);\n return recipient;\n }\n setProtectedHeader(protectedHeader) {\n if (this._protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this._protectedHeader = protectedHeader;\n return this;\n }\n setSharedUnprotectedHeader(sharedUnprotectedHeader) {\n if (this._unprotectedHeader) {\n throw new TypeError('setSharedUnprotectedHeader can only be called once');\n }\n this._unprotectedHeader = sharedUnprotectedHeader;\n return this;\n }\n setAdditionalAuthenticatedData(aad) {\n this._aad = aad;\n return this;\n }\n async encrypt() {\n if (!this._recipients.length) {\n throw new JWEInvalid('at least one recipient must be added');\n }\n if (this._recipients.length === 1) {\n const [recipient] = this._recipients;\n const flattened = await new FlattenedEncrypt(this._plaintext)\n .setAdditionalAuthenticatedData(this._aad)\n .setProtectedHeader(this._protectedHeader)\n .setSharedUnprotectedHeader(this._unprotectedHeader)\n .setUnprotectedHeader(recipient.unprotectedHeader)\n .encrypt(recipient.key, { ...recipient.options });\n const jwe = {\n ciphertext: flattened.ciphertext,\n iv: flattened.iv,\n recipients: [{}],\n tag: flattened.tag,\n };\n if (flattened.aad)\n jwe.aad = flattened.aad;\n if (flattened.protected)\n jwe.protected = flattened.protected;\n if (flattened.unprotected)\n jwe.unprotected = flattened.unprotected;\n if (flattened.encrypted_key)\n jwe.recipients[0].encrypted_key = flattened.encrypted_key;\n if (flattened.header)\n jwe.recipients[0].header = flattened.header;\n return jwe;\n }\n let enc;\n for (let i = 0; i < this._recipients.length; i++) {\n const recipient = this._recipients[i];\n if (!isDisjoint(this._protectedHeader, this._unprotectedHeader, recipient.unprotectedHeader)) {\n throw new JWEInvalid('JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...this._protectedHeader,\n ...this._unprotectedHeader,\n ...recipient.unprotectedHeader,\n };\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWEInvalid('JWE \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n if (alg === 'dir' || alg === 'ECDH-ES') {\n throw new JWEInvalid('\"dir\" and \"ECDH-ES\" alg may only be used with a single recipient');\n }\n if (typeof joseHeader.enc !== 'string' || !joseHeader.enc) {\n throw new JWEInvalid('JWE \"enc\" (Encryption Algorithm) Header Parameter missing or invalid');\n }\n if (!enc) {\n enc = joseHeader.enc;\n }\n else if (enc !== joseHeader.enc) {\n throw new JWEInvalid('JWE \"enc\" (Encryption Algorithm) Header Parameter must be the same for all recipients');\n }\n validateCrit(JWEInvalid, new Map(), recipient.options.crit, this._protectedHeader, joseHeader);\n if (joseHeader.zip !== undefined) {\n throw new JOSENotSupported('JWE \"zip\" (Compression Algorithm) Header Parameter is not supported.');\n }\n }\n const cek = generateCek(enc);\n const jwe = {\n ciphertext: '',\n iv: '',\n recipients: [],\n tag: '',\n };\n for (let i = 0; i < this._recipients.length; i++) {\n const recipient = this._recipients[i];\n const target = {};\n jwe.recipients.push(target);\n const joseHeader = {\n ...this._protectedHeader,\n ...this._unprotectedHeader,\n ...recipient.unprotectedHeader,\n };\n const p2c = joseHeader.alg.startsWith('PBES2') ? 2048 + i : undefined;\n if (i === 0) {\n const flattened = await new FlattenedEncrypt(this._plaintext)\n .setAdditionalAuthenticatedData(this._aad)\n .setContentEncryptionKey(cek)\n .setProtectedHeader(this._protectedHeader)\n .setSharedUnprotectedHeader(this._unprotectedHeader)\n .setUnprotectedHeader(recipient.unprotectedHeader)\n .setKeyManagementParameters({ p2c })\n .encrypt(recipient.key, {\n ...recipient.options,\n [unprotected]: true,\n });\n jwe.ciphertext = flattened.ciphertext;\n jwe.iv = flattened.iv;\n jwe.tag = flattened.tag;\n if (flattened.aad)\n jwe.aad = flattened.aad;\n if (flattened.protected)\n jwe.protected = flattened.protected;\n if (flattened.unprotected)\n jwe.unprotected = flattened.unprotected;\n target.encrypted_key = flattened.encrypted_key;\n if (flattened.header)\n target.header = flattened.header;\n continue;\n }\n const { encryptedKey, parameters } = await encryptKeyManagement(recipient.unprotectedHeader?.alg ||\n this._protectedHeader?.alg ||\n this._unprotectedHeader?.alg, enc, recipient.key, cek, { p2c });\n target.encrypted_key = base64url(encryptedKey);\n if (recipient.unprotectedHeader || parameters)\n target.header = { ...recipient.unprotectedHeader, ...parameters };\n }\n return jwe;\n }\n}\n","import * as crypto from 'node:crypto';\nimport { promisify } from 'node:util';\nimport nodeDigest from './dsa_digest.js';\nimport nodeKey from './node_key.js';\nimport sign from './sign.js';\nimport getVerifyKey from './get_sign_verify_key.js';\nconst oneShotVerify = promisify(crypto.verify);\nconst verify = async (alg, key, signature, data) => {\n const keyObject = getVerifyKey(alg, key, 'verify');\n if (alg.startsWith('HS')) {\n const expected = await sign(alg, keyObject, data);\n const actual = signature;\n try {\n return crypto.timingSafeEqual(actual, expected);\n }\n catch {\n return false;\n }\n }\n const algorithm = nodeDigest(alg);\n const keyInput = nodeKey(alg, keyObject);\n try {\n return await oneShotVerify(algorithm, data, keyInput, signature);\n }\n catch {\n return false;\n }\n};\nexport default verify;\n","import { JOSENotSupported } from '../util/errors.js';\nexport default function dsaDigest(alg) {\n switch (alg) {\n case 'PS256':\n case 'RS256':\n case 'ES256':\n case 'ES256K':\n return 'sha256';\n case 'PS384':\n case 'RS384':\n case 'ES384':\n return 'sha384';\n case 'PS512':\n case 'RS512':\n case 'ES512':\n return 'sha512';\n case 'EdDSA':\n return undefined;\n default:\n throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);\n }\n}\n","import { constants } from 'node:crypto';\nimport getNamedCurve from './get_named_curve.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport checkKeyLength from './check_key_length.js';\nconst PSS = {\n padding: constants.RSA_PKCS1_PSS_PADDING,\n saltLength: constants.RSA_PSS_SALTLEN_DIGEST,\n};\nconst ecCurveAlgMap = new Map([\n ['ES256', 'P-256'],\n ['ES256K', 'secp256k1'],\n ['ES384', 'P-384'],\n ['ES512', 'P-521'],\n]);\nexport default function keyForCrypto(alg, key) {\n switch (alg) {\n case 'EdDSA':\n if (!['ed25519', 'ed448'].includes(key.asymmetricKeyType)) {\n throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ed25519 or ed448');\n }\n return key;\n case 'RS256':\n case 'RS384':\n case 'RS512':\n if (key.asymmetricKeyType !== 'rsa') {\n throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa');\n }\n checkKeyLength(key, alg);\n return key;\n case 'PS256':\n case 'PS384':\n case 'PS512':\n if (key.asymmetricKeyType === 'rsa-pss') {\n const { hashAlgorithm, mgf1HashAlgorithm, saltLength } = key.asymmetricKeyDetails;\n const length = parseInt(alg.slice(-3), 10);\n if (hashAlgorithm !== undefined &&\n (hashAlgorithm !== `sha${length}` || mgf1HashAlgorithm !== hashAlgorithm)) {\n throw new TypeError(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of \"alg\" ${alg}`);\n }\n if (saltLength !== undefined && saltLength > length >> 3) {\n throw new TypeError(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of \"alg\" ${alg}`);\n }\n }\n else if (key.asymmetricKeyType !== 'rsa') {\n throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa or rsa-pss');\n }\n checkKeyLength(key, alg);\n return { key, ...PSS };\n case 'ES256':\n case 'ES256K':\n case 'ES384':\n case 'ES512': {\n if (key.asymmetricKeyType !== 'ec') {\n throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ec');\n }\n const actual = getNamedCurve(key);\n const expected = ecCurveAlgMap.get(alg);\n if (actual !== expected) {\n throw new TypeError(`Invalid key curve for the algorithm, its curve must be ${expected}, got ${actual}`);\n }\n return { dsaEncoding: 'ieee-p1363', key };\n }\n default:\n throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);\n }\n}\n","import * as crypto from 'node:crypto';\nimport { promisify } from 'node:util';\nimport nodeDigest from './dsa_digest.js';\nimport hmacDigest from './hmac_digest.js';\nimport nodeKey from './node_key.js';\nimport getSignKey from './get_sign_verify_key.js';\nconst oneShotSign = promisify(crypto.sign);\nconst sign = async (alg, key, data) => {\n const keyObject = getSignKey(alg, key, 'sign');\n if (alg.startsWith('HS')) {\n const hmac = crypto.createHmac(hmacDigest(alg), keyObject);\n hmac.update(data);\n return hmac.digest();\n }\n return oneShotSign(nodeDigest(alg), data, nodeKey(alg, keyObject));\n};\nexport default sign;\n","import { JOSENotSupported } from '../util/errors.js';\nexport default function hmacDigest(alg) {\n switch (alg) {\n case 'HS256':\n return 'sha256';\n case 'HS384':\n return 'sha384';\n case 'HS512':\n return 'sha512';\n default:\n throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);\n }\n}\n","import { KeyObject, createSecretKey } from 'node:crypto';\nimport { isCryptoKey } from './webcrypto.js';\nimport { checkSigCryptoKey } from '../lib/crypto_key.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nexport default function getSignVerifyKey(alg, key, usage) {\n if (key instanceof Uint8Array) {\n if (!alg.startsWith('HS')) {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n return createSecretKey(key);\n }\n if (key instanceof KeyObject) {\n return key;\n }\n if (isCryptoKey(key)) {\n checkSigCryptoKey(key, alg, usage);\n return KeyObject.from(key);\n }\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n}\n","import { decode as base64url } from '../../runtime/base64url.js';\nimport verify from '../../runtime/verify.js';\nimport { JOSEAlgNotAllowed, JWSInvalid, JWSSignatureVerificationFailed } from '../../util/errors.js';\nimport { concat, encoder, decoder } from '../../lib/buffer_utils.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport isObject from '../../lib/is_object.js';\nimport checkKeyType from '../../lib/check_key_type.js';\nimport validateCrit from '../../lib/validate_crit.js';\nimport validateAlgorithms from '../../lib/validate_algorithms.js';\nexport async function flattenedVerify(jws, key, options) {\n if (!isObject(jws)) {\n throw new JWSInvalid('Flattened JWS must be an object');\n }\n if (jws.protected === undefined && jws.header === undefined) {\n throw new JWSInvalid('Flattened JWS must have either of the \"protected\" or \"header\" members');\n }\n if (jws.protected !== undefined && typeof jws.protected !== 'string') {\n throw new JWSInvalid('JWS Protected Header incorrect type');\n }\n if (jws.payload === undefined) {\n throw new JWSInvalid('JWS Payload missing');\n }\n if (typeof jws.signature !== 'string') {\n throw new JWSInvalid('JWS Signature missing or incorrect type');\n }\n if (jws.header !== undefined && !isObject(jws.header)) {\n throw new JWSInvalid('JWS Unprotected Header incorrect type');\n }\n let parsedProt = {};\n if (jws.protected) {\n try {\n const protectedHeader = base64url(jws.protected);\n parsedProt = JSON.parse(decoder.decode(protectedHeader));\n }\n catch {\n throw new JWSInvalid('JWS Protected Header is invalid');\n }\n }\n if (!isDisjoint(parsedProt, jws.header)) {\n throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...parsedProt,\n ...jws.header,\n };\n const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options?.crit, parsedProt, joseHeader);\n let b64 = true;\n if (extensions.has('b64')) {\n b64 = parsedProt.b64;\n if (typeof b64 !== 'boolean') {\n throw new JWSInvalid('The \"b64\" (base64url-encode payload) Header Parameter must be a boolean');\n }\n }\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWSInvalid('JWS \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n const algorithms = options && validateAlgorithms('algorithms', options.algorithms);\n if (algorithms && !algorithms.has(alg)) {\n throw new JOSEAlgNotAllowed('\"alg\" (Algorithm) Header Parameter value not allowed');\n }\n if (b64) {\n if (typeof jws.payload !== 'string') {\n throw new JWSInvalid('JWS Payload must be a string');\n }\n }\n else if (typeof jws.payload !== 'string' && !(jws.payload instanceof Uint8Array)) {\n throw new JWSInvalid('JWS Payload must be a string or an Uint8Array instance');\n }\n let resolvedKey = false;\n if (typeof key === 'function') {\n key = await key(parsedProt, jws);\n resolvedKey = true;\n }\n checkKeyType(alg, key, 'verify');\n const data = concat(encoder.encode(jws.protected ?? ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload);\n let signature;\n try {\n signature = base64url(jws.signature);\n }\n catch {\n throw new JWSInvalid('Failed to base64url decode the signature');\n }\n const verified = await verify(alg, key, signature, data);\n if (!verified) {\n throw new JWSSignatureVerificationFailed();\n }\n let payload;\n if (b64) {\n try {\n payload = base64url(jws.payload);\n }\n catch {\n throw new JWSInvalid('Failed to base64url decode the payload');\n }\n }\n else if (typeof jws.payload === 'string') {\n payload = encoder.encode(jws.payload);\n }\n else {\n payload = jws.payload;\n }\n const result = { payload };\n if (jws.protected !== undefined) {\n result.protectedHeader = parsedProt;\n }\n if (jws.header !== undefined) {\n result.unprotectedHeader = jws.header;\n }\n if (resolvedKey) {\n return { ...result, key };\n }\n return result;\n}\n","import { flattenedVerify } from '../flattened/verify.js';\nimport { JWSInvalid } from '../../util/errors.js';\nimport { decoder } from '../../lib/buffer_utils.js';\nexport async function compactVerify(jws, key, options) {\n if (jws instanceof Uint8Array) {\n jws = decoder.decode(jws);\n }\n if (typeof jws !== 'string') {\n throw new JWSInvalid('Compact JWS must be a string or Uint8Array');\n }\n const { 0: protectedHeader, 1: payload, 2: signature, length } = jws.split('.');\n if (length !== 3) {\n throw new JWSInvalid('Invalid Compact JWS');\n }\n const verified = await flattenedVerify({ payload, protected: protectedHeader, signature }, key, options);\n const result = { payload: verified.payload, protectedHeader: verified.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: verified.key };\n }\n return result;\n}\n","import { flattenedVerify } from '../flattened/verify.js';\nimport { JWSInvalid, JWSSignatureVerificationFailed } from '../../util/errors.js';\nimport isObject from '../../lib/is_object.js';\nexport async function generalVerify(jws, key, options) {\n if (!isObject(jws)) {\n throw new JWSInvalid('General JWS must be an object');\n }\n if (!Array.isArray(jws.signatures) || !jws.signatures.every(isObject)) {\n throw new JWSInvalid('JWS Signatures missing or incorrect type');\n }\n for (const signature of jws.signatures) {\n try {\n return await flattenedVerify({\n header: signature.header,\n payload: jws.payload,\n protected: signature.protected,\n signature: signature.signature,\n }, key, options);\n }\n catch {\n }\n }\n throw new JWSSignatureVerificationFailed();\n}\n","export default (date) => Math.floor(date.getTime() / 1000);\n","const minute = 60;\nconst hour = minute * 60;\nconst day = hour * 24;\nconst week = day * 7;\nconst year = day * 365.25;\nconst REGEX = /^(\\+|\\-)? ?(\\d+|\\d+\\.\\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)(?: (ago|from now))?$/i;\nexport default (str) => {\n const matched = REGEX.exec(str);\n if (!matched || (matched[4] && matched[1])) {\n throw new TypeError('Invalid time period format');\n }\n const value = parseFloat(matched[2]);\n const unit = matched[3].toLowerCase();\n let numericDate;\n switch (unit) {\n case 'sec':\n case 'secs':\n case 'second':\n case 'seconds':\n case 's':\n numericDate = Math.round(value);\n break;\n case 'minute':\n case 'minutes':\n case 'min':\n case 'mins':\n case 'm':\n numericDate = Math.round(value * minute);\n break;\n case 'hour':\n case 'hours':\n case 'hr':\n case 'hrs':\n case 'h':\n numericDate = Math.round(value * hour);\n break;\n case 'day':\n case 'days':\n case 'd':\n numericDate = Math.round(value * day);\n break;\n case 'week':\n case 'weeks':\n case 'w':\n numericDate = Math.round(value * week);\n break;\n default:\n numericDate = Math.round(value * year);\n break;\n }\n if (matched[1] === '-' || matched[4] === 'ago') {\n return -numericDate;\n }\n return numericDate;\n};\n","import { JWTClaimValidationFailed, JWTExpired, JWTInvalid } from '../util/errors.js';\nimport { decoder } from './buffer_utils.js';\nimport epoch from './epoch.js';\nimport secs from './secs.js';\nimport isObject from './is_object.js';\nconst normalizeTyp = (value) => value.toLowerCase().replace(/^application\\//, '');\nconst checkAudiencePresence = (audPayload, audOption) => {\n if (typeof audPayload === 'string') {\n return audOption.includes(audPayload);\n }\n if (Array.isArray(audPayload)) {\n return audOption.some(Set.prototype.has.bind(new Set(audPayload)));\n }\n return false;\n};\nexport default (protectedHeader, encodedPayload, options = {}) => {\n const { typ } = options;\n if (typ &&\n (typeof protectedHeader.typ !== 'string' ||\n normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {\n throw new JWTClaimValidationFailed('unexpected \"typ\" JWT header value', 'typ', 'check_failed');\n }\n let payload;\n try {\n payload = JSON.parse(decoder.decode(encodedPayload));\n }\n catch {\n }\n if (!isObject(payload)) {\n throw new JWTInvalid('JWT Claims Set must be a top-level JSON object');\n }\n const { requiredClaims = [], issuer, subject, audience, maxTokenAge } = options;\n const presenceCheck = [...requiredClaims];\n if (maxTokenAge !== undefined)\n presenceCheck.push('iat');\n if (audience !== undefined)\n presenceCheck.push('aud');\n if (subject !== undefined)\n presenceCheck.push('sub');\n if (issuer !== undefined)\n presenceCheck.push('iss');\n for (const claim of new Set(presenceCheck.reverse())) {\n if (!(claim in payload)) {\n throw new JWTClaimValidationFailed(`missing required \"${claim}\" claim`, claim, 'missing');\n }\n }\n if (issuer && !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) {\n throw new JWTClaimValidationFailed('unexpected \"iss\" claim value', 'iss', 'check_failed');\n }\n if (subject && payload.sub !== subject) {\n throw new JWTClaimValidationFailed('unexpected \"sub\" claim value', 'sub', 'check_failed');\n }\n if (audience &&\n !checkAudiencePresence(payload.aud, typeof audience === 'string' ? [audience] : audience)) {\n throw new JWTClaimValidationFailed('unexpected \"aud\" claim value', 'aud', 'check_failed');\n }\n let tolerance;\n switch (typeof options.clockTolerance) {\n case 'string':\n tolerance = secs(options.clockTolerance);\n break;\n case 'number':\n tolerance = options.clockTolerance;\n break;\n case 'undefined':\n tolerance = 0;\n break;\n default:\n throw new TypeError('Invalid clockTolerance option type');\n }\n const { currentDate } = options;\n const now = epoch(currentDate || new Date());\n if ((payload.iat !== undefined || maxTokenAge) && typeof payload.iat !== 'number') {\n throw new JWTClaimValidationFailed('\"iat\" claim must be a number', 'iat', 'invalid');\n }\n if (payload.nbf !== undefined) {\n if (typeof payload.nbf !== 'number') {\n throw new JWTClaimValidationFailed('\"nbf\" claim must be a number', 'nbf', 'invalid');\n }\n if (payload.nbf > now + tolerance) {\n throw new JWTClaimValidationFailed('\"nbf\" claim timestamp check failed', 'nbf', 'check_failed');\n }\n }\n if (payload.exp !== undefined) {\n if (typeof payload.exp !== 'number') {\n throw new JWTClaimValidationFailed('\"exp\" claim must be a number', 'exp', 'invalid');\n }\n if (payload.exp <= now - tolerance) {\n throw new JWTExpired('\"exp\" claim timestamp check failed', 'exp', 'check_failed');\n }\n }\n if (maxTokenAge) {\n const age = now - payload.iat;\n const max = typeof maxTokenAge === 'number' ? maxTokenAge : secs(maxTokenAge);\n if (age - tolerance > max) {\n throw new JWTExpired('\"iat\" claim timestamp check failed (too far in the past)', 'iat', 'check_failed');\n }\n if (age < 0 - tolerance) {\n throw new JWTClaimValidationFailed('\"iat\" claim timestamp check failed (it should be in the past)', 'iat', 'check_failed');\n }\n }\n return payload;\n};\n","import { compactVerify } from '../jws/compact/verify.js';\nimport jwtPayload from '../lib/jwt_claims_set.js';\nimport { JWTInvalid } from '../util/errors.js';\nexport async function jwtVerify(jwt, key, options) {\n const verified = await compactVerify(jwt, key, options);\n if (verified.protectedHeader.crit?.includes('b64') && verified.protectedHeader.b64 === false) {\n throw new JWTInvalid('JWTs MUST NOT use unencoded payload');\n }\n const payload = jwtPayload(verified.protectedHeader, verified.payload, options);\n const result = { payload, protectedHeader: verified.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: verified.key };\n }\n return result;\n}\n","import { compactDecrypt } from '../jwe/compact/decrypt.js';\nimport jwtPayload from '../lib/jwt_claims_set.js';\nimport { JWTClaimValidationFailed } from '../util/errors.js';\nexport async function jwtDecrypt(jwt, key, options) {\n const decrypted = await compactDecrypt(jwt, key, options);\n const payload = jwtPayload(decrypted.protectedHeader, decrypted.plaintext, options);\n const { protectedHeader } = decrypted;\n if (protectedHeader.iss !== undefined && protectedHeader.iss !== payload.iss) {\n throw new JWTClaimValidationFailed('replicated \"iss\" claim header parameter mismatch', 'iss', 'mismatch');\n }\n if (protectedHeader.sub !== undefined && protectedHeader.sub !== payload.sub) {\n throw new JWTClaimValidationFailed('replicated \"sub\" claim header parameter mismatch', 'sub', 'mismatch');\n }\n if (protectedHeader.aud !== undefined &&\n JSON.stringify(protectedHeader.aud) !== JSON.stringify(payload.aud)) {\n throw new JWTClaimValidationFailed('replicated \"aud\" claim header parameter mismatch', 'aud', 'mismatch');\n }\n const result = { payload, protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: decrypted.key };\n }\n return result;\n}\n","import { FlattenedEncrypt } from '../flattened/encrypt.js';\nexport class CompactEncrypt {\n _flattened;\n constructor(plaintext) {\n this._flattened = new FlattenedEncrypt(plaintext);\n }\n setContentEncryptionKey(cek) {\n this._flattened.setContentEncryptionKey(cek);\n return this;\n }\n setInitializationVector(iv) {\n this._flattened.setInitializationVector(iv);\n return this;\n }\n setProtectedHeader(protectedHeader) {\n this._flattened.setProtectedHeader(protectedHeader);\n return this;\n }\n setKeyManagementParameters(parameters) {\n this._flattened.setKeyManagementParameters(parameters);\n return this;\n }\n async encrypt(key, options) {\n const jwe = await this._flattened.encrypt(key, options);\n return [jwe.protected, jwe.encrypted_key, jwe.iv, jwe.ciphertext, jwe.tag].join('.');\n }\n}\n","import { encode as base64url } from '../../runtime/base64url.js';\nimport sign from '../../runtime/sign.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport { JWSInvalid } from '../../util/errors.js';\nimport { encoder, decoder, concat } from '../../lib/buffer_utils.js';\nimport checkKeyType from '../../lib/check_key_type.js';\nimport validateCrit from '../../lib/validate_crit.js';\nexport class FlattenedSign {\n _payload;\n _protectedHeader;\n _unprotectedHeader;\n constructor(payload) {\n if (!(payload instanceof Uint8Array)) {\n throw new TypeError('payload must be an instance of Uint8Array');\n }\n this._payload = payload;\n }\n setProtectedHeader(protectedHeader) {\n if (this._protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this._protectedHeader = protectedHeader;\n return this;\n }\n setUnprotectedHeader(unprotectedHeader) {\n if (this._unprotectedHeader) {\n throw new TypeError('setUnprotectedHeader can only be called once');\n }\n this._unprotectedHeader = unprotectedHeader;\n return this;\n }\n async sign(key, options) {\n if (!this._protectedHeader && !this._unprotectedHeader) {\n throw new JWSInvalid('either setProtectedHeader or setUnprotectedHeader must be called before #sign()');\n }\n if (!isDisjoint(this._protectedHeader, this._unprotectedHeader)) {\n throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...this._protectedHeader,\n ...this._unprotectedHeader,\n };\n const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options?.crit, this._protectedHeader, joseHeader);\n let b64 = true;\n if (extensions.has('b64')) {\n b64 = this._protectedHeader.b64;\n if (typeof b64 !== 'boolean') {\n throw new JWSInvalid('The \"b64\" (base64url-encode payload) Header Parameter must be a boolean');\n }\n }\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWSInvalid('JWS \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n checkKeyType(alg, key, 'sign');\n let payload = this._payload;\n if (b64) {\n payload = encoder.encode(base64url(payload));\n }\n let protectedHeader;\n if (this._protectedHeader) {\n protectedHeader = encoder.encode(base64url(JSON.stringify(this._protectedHeader)));\n }\n else {\n protectedHeader = encoder.encode('');\n }\n const data = concat(protectedHeader, encoder.encode('.'), payload);\n const signature = await sign(alg, key, data);\n const jws = {\n signature: base64url(signature),\n payload: '',\n };\n if (b64) {\n jws.payload = decoder.decode(payload);\n }\n if (this._unprotectedHeader) {\n jws.header = this._unprotectedHeader;\n }\n if (this._protectedHeader) {\n jws.protected = decoder.decode(protectedHeader);\n }\n return jws;\n }\n}\n","import { FlattenedSign } from '../flattened/sign.js';\nexport class CompactSign {\n _flattened;\n constructor(payload) {\n this._flattened = new FlattenedSign(payload);\n }\n setProtectedHeader(protectedHeader) {\n this._flattened.setProtectedHeader(protectedHeader);\n return this;\n }\n async sign(key, options) {\n const jws = await this._flattened.sign(key, options);\n if (jws.payload === undefined) {\n throw new TypeError('use the flattened module for creating JWS with b64: false');\n }\n return `${jws.protected}.${jws.payload}.${jws.signature}`;\n }\n}\n","import { FlattenedSign } from '../flattened/sign.js';\nimport { JWSInvalid } from '../../util/errors.js';\nclass IndividualSignature {\n parent;\n protectedHeader;\n unprotectedHeader;\n options;\n key;\n constructor(sig, key, options) {\n this.parent = sig;\n this.key = key;\n this.options = options;\n }\n setProtectedHeader(protectedHeader) {\n if (this.protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this.protectedHeader = protectedHeader;\n return this;\n }\n setUnprotectedHeader(unprotectedHeader) {\n if (this.unprotectedHeader) {\n throw new TypeError('setUnprotectedHeader can only be called once');\n }\n this.unprotectedHeader = unprotectedHeader;\n return this;\n }\n addSignature(...args) {\n return this.parent.addSignature(...args);\n }\n sign(...args) {\n return this.parent.sign(...args);\n }\n done() {\n return this.parent;\n }\n}\nexport class GeneralSign {\n _payload;\n _signatures = [];\n constructor(payload) {\n this._payload = payload;\n }\n addSignature(key, options) {\n const signature = new IndividualSignature(this, key, options);\n this._signatures.push(signature);\n return signature;\n }\n async sign() {\n if (!this._signatures.length) {\n throw new JWSInvalid('at least one signature must be added');\n }\n const jws = {\n signatures: [],\n payload: '',\n };\n for (let i = 0; i < this._signatures.length; i++) {\n const signature = this._signatures[i];\n const flattened = new FlattenedSign(this._payload);\n flattened.setProtectedHeader(signature.protectedHeader);\n flattened.setUnprotectedHeader(signature.unprotectedHeader);\n const { payload, ...rest } = await flattened.sign(signature.key, signature.options);\n if (i === 0) {\n jws.payload = payload;\n }\n else if (jws.payload !== payload) {\n throw new JWSInvalid('inconsistent use of JWS Unencoded Payload (RFC7797)');\n }\n jws.signatures.push(rest);\n }\n return jws;\n }\n}\n","import epoch from '../lib/epoch.js';\nimport isObject from '../lib/is_object.js';\nimport secs from '../lib/secs.js';\nfunction validateInput(label, input) {\n if (!Number.isFinite(input)) {\n throw new TypeError(`Invalid ${label} input`);\n }\n return input;\n}\nexport class ProduceJWT {\n _payload;\n constructor(payload = {}) {\n if (!isObject(payload)) {\n throw new TypeError('JWT Claims Set MUST be an object');\n }\n this._payload = payload;\n }\n setIssuer(issuer) {\n this._payload = { ...this._payload, iss: issuer };\n return this;\n }\n setSubject(subject) {\n this._payload = { ...this._payload, sub: subject };\n return this;\n }\n setAudience(audience) {\n this._payload = { ...this._payload, aud: audience };\n return this;\n }\n setJti(jwtId) {\n this._payload = { ...this._payload, jti: jwtId };\n return this;\n }\n setNotBefore(input) {\n if (typeof input === 'number') {\n this._payload = { ...this._payload, nbf: validateInput('setNotBefore', input) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, nbf: validateInput('setNotBefore', epoch(input)) };\n }\n else {\n this._payload = { ...this._payload, nbf: epoch(new Date()) + secs(input) };\n }\n return this;\n }\n setExpirationTime(input) {\n if (typeof input === 'number') {\n this._payload = { ...this._payload, exp: validateInput('setExpirationTime', input) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, exp: validateInput('setExpirationTime', epoch(input)) };\n }\n else {\n this._payload = { ...this._payload, exp: epoch(new Date()) + secs(input) };\n }\n return this;\n }\n setIssuedAt(input) {\n if (typeof input === 'undefined') {\n this._payload = { ...this._payload, iat: epoch(new Date()) };\n }\n else if (input instanceof Date) {\n this._payload = { ...this._payload, iat: validateInput('setIssuedAt', epoch(input)) };\n }\n else if (typeof input === 'string') {\n this._payload = {\n ...this._payload,\n iat: validateInput('setIssuedAt', epoch(new Date()) + secs(input)),\n };\n }\n else {\n this._payload = { ...this._payload, iat: validateInput('setIssuedAt', input) };\n }\n return this;\n }\n}\n","import { CompactSign } from '../jws/compact/sign.js';\nimport { JWTInvalid } from '../util/errors.js';\nimport { encoder } from '../lib/buffer_utils.js';\nimport { ProduceJWT } from './produce.js';\nexport class SignJWT extends ProduceJWT {\n _protectedHeader;\n setProtectedHeader(protectedHeader) {\n this._protectedHeader = protectedHeader;\n return this;\n }\n async sign(key, options) {\n const sig = new CompactSign(encoder.encode(JSON.stringify(this._payload)));\n sig.setProtectedHeader(this._protectedHeader);\n if (Array.isArray(this._protectedHeader?.crit) &&\n this._protectedHeader.crit.includes('b64') &&\n this._protectedHeader.b64 === false) {\n throw new JWTInvalid('JWTs MUST NOT use unencoded payload');\n }\n return sig.sign(key, options);\n }\n}\n","import { CompactEncrypt } from '../jwe/compact/encrypt.js';\nimport { encoder } from '../lib/buffer_utils.js';\nimport { ProduceJWT } from './produce.js';\nexport class EncryptJWT extends ProduceJWT {\n _cek;\n _iv;\n _keyManagementParameters;\n _protectedHeader;\n _replicateIssuerAsHeader;\n _replicateSubjectAsHeader;\n _replicateAudienceAsHeader;\n setProtectedHeader(protectedHeader) {\n if (this._protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this._protectedHeader = protectedHeader;\n return this;\n }\n setKeyManagementParameters(parameters) {\n if (this._keyManagementParameters) {\n throw new TypeError('setKeyManagementParameters can only be called once');\n }\n this._keyManagementParameters = parameters;\n return this;\n }\n setContentEncryptionKey(cek) {\n if (this._cek) {\n throw new TypeError('setContentEncryptionKey can only be called once');\n }\n this._cek = cek;\n return this;\n }\n setInitializationVector(iv) {\n if (this._iv) {\n throw new TypeError('setInitializationVector can only be called once');\n }\n this._iv = iv;\n return this;\n }\n replicateIssuerAsHeader() {\n this._replicateIssuerAsHeader = true;\n return this;\n }\n replicateSubjectAsHeader() {\n this._replicateSubjectAsHeader = true;\n return this;\n }\n replicateAudienceAsHeader() {\n this._replicateAudienceAsHeader = true;\n return this;\n }\n async encrypt(key, options) {\n const enc = new CompactEncrypt(encoder.encode(JSON.stringify(this._payload)));\n if (this._replicateIssuerAsHeader) {\n this._protectedHeader = { ...this._protectedHeader, iss: this._payload.iss };\n }\n if (this._replicateSubjectAsHeader) {\n this._protectedHeader = { ...this._protectedHeader, sub: this._payload.sub };\n }\n if (this._replicateAudienceAsHeader) {\n this._protectedHeader = { ...this._protectedHeader, aud: this._payload.aud };\n }\n enc.setProtectedHeader(this._protectedHeader);\n if (this._iv) {\n enc.setInitializationVector(this._iv);\n }\n if (this._cek) {\n enc.setContentEncryptionKey(this._cek);\n }\n if (this._keyManagementParameters) {\n enc.setKeyManagementParameters(this._keyManagementParameters);\n }\n return enc.encrypt(key, options);\n }\n}\n","import digest from '../runtime/digest.js';\nimport { encode as base64url } from '../runtime/base64url.js';\nimport { JOSENotSupported, JWKInvalid } from '../util/errors.js';\nimport { encoder } from '../lib/buffer_utils.js';\nimport isObject from '../lib/is_object.js';\nconst check = (value, description) => {\n if (typeof value !== 'string' || !value) {\n throw new JWKInvalid(`${description} missing or invalid`);\n }\n};\nexport async function calculateJwkThumbprint(jwk, digestAlgorithm) {\n if (!isObject(jwk)) {\n throw new TypeError('JWK must be an object');\n }\n digestAlgorithm ??= 'sha256';\n if (digestAlgorithm !== 'sha256' &&\n digestAlgorithm !== 'sha384' &&\n digestAlgorithm !== 'sha512') {\n throw new TypeError('digestAlgorithm must one of \"sha256\", \"sha384\", or \"sha512\"');\n }\n let components;\n switch (jwk.kty) {\n case 'EC':\n check(jwk.crv, '\"crv\" (Curve) Parameter');\n check(jwk.x, '\"x\" (X Coordinate) Parameter');\n check(jwk.y, '\"y\" (Y Coordinate) Parameter');\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y };\n break;\n case 'OKP':\n check(jwk.crv, '\"crv\" (Subtype of Key Pair) Parameter');\n check(jwk.x, '\"x\" (Public Key) Parameter');\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x };\n break;\n case 'RSA':\n check(jwk.e, '\"e\" (Exponent) Parameter');\n check(jwk.n, '\"n\" (Modulus) Parameter');\n components = { e: jwk.e, kty: jwk.kty, n: jwk.n };\n break;\n case 'oct':\n check(jwk.k, '\"k\" (Key Value) Parameter');\n components = { k: jwk.k, kty: jwk.kty };\n break;\n default:\n throw new JOSENotSupported('\"kty\" (Key Type) Parameter missing or unsupported');\n }\n const data = encoder.encode(JSON.stringify(components));\n return base64url(await digest(digestAlgorithm, data));\n}\nexport async function calculateJwkThumbprintUri(jwk, digestAlgorithm) {\n digestAlgorithm ??= 'sha256';\n const thumbprint = await calculateJwkThumbprint(jwk, digestAlgorithm);\n return `urn:ietf:params:oauth:jwk-thumbprint:sha-${digestAlgorithm.slice(-3)}:${thumbprint}`;\n}\n","import { importJWK } from '../key/import.js';\nimport isObject from '../lib/is_object.js';\nimport { JWSInvalid } from '../util/errors.js';\nexport async function EmbeddedJWK(protectedHeader, token) {\n const joseHeader = {\n ...protectedHeader,\n ...token?.header,\n };\n if (!isObject(joseHeader.jwk)) {\n throw new JWSInvalid('\"jwk\" (JSON Web Key) Header Parameter must be a JSON object');\n }\n const key = await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg);\n if (key instanceof Uint8Array || key.type !== 'public') {\n throw new JWSInvalid('\"jwk\" (JSON Web Key) Header Parameter must be a public key');\n }\n return key;\n}\n","import { importJWK } from '../key/import.js';\nimport { JWKSInvalid, JOSENotSupported, JWKSNoMatchingKey, JWKSMultipleMatchingKeys, } from '../util/errors.js';\nimport isObject from '../lib/is_object.js';\nfunction getKtyFromAlg(alg) {\n switch (typeof alg === 'string' && alg.slice(0, 2)) {\n case 'RS':\n case 'PS':\n return 'RSA';\n case 'ES':\n return 'EC';\n case 'Ed':\n return 'OKP';\n default:\n throw new JOSENotSupported('Unsupported \"alg\" value for a JSON Web Key Set');\n }\n}\nexport function isJWKSLike(jwks) {\n return (jwks &&\n typeof jwks === 'object' &&\n Array.isArray(jwks.keys) &&\n jwks.keys.every(isJWKLike));\n}\nfunction isJWKLike(key) {\n return isObject(key);\n}\nfunction clone(obj) {\n if (typeof structuredClone === 'function') {\n return structuredClone(obj);\n }\n return JSON.parse(JSON.stringify(obj));\n}\nexport class LocalJWKSet {\n _jwks;\n _cached = new WeakMap();\n constructor(jwks) {\n if (!isJWKSLike(jwks)) {\n throw new JWKSInvalid('JSON Web Key Set malformed');\n }\n this._jwks = clone(jwks);\n }\n async getKey(protectedHeader, token) {\n const { alg, kid } = { ...protectedHeader, ...token?.header };\n const kty = getKtyFromAlg(alg);\n const candidates = this._jwks.keys.filter((jwk) => {\n let candidate = kty === jwk.kty;\n if (candidate && typeof kid === 'string') {\n candidate = kid === jwk.kid;\n }\n if (candidate && typeof jwk.alg === 'string') {\n candidate = alg === jwk.alg;\n }\n if (candidate && typeof jwk.use === 'string') {\n candidate = jwk.use === 'sig';\n }\n if (candidate && Array.isArray(jwk.key_ops)) {\n candidate = jwk.key_ops.includes('verify');\n }\n if (candidate && alg === 'EdDSA') {\n candidate = jwk.crv === 'Ed25519' || jwk.crv === 'Ed448';\n }\n if (candidate) {\n switch (alg) {\n case 'ES256':\n candidate = jwk.crv === 'P-256';\n break;\n case 'ES256K':\n candidate = jwk.crv === 'secp256k1';\n break;\n case 'ES384':\n candidate = jwk.crv === 'P-384';\n break;\n case 'ES512':\n candidate = jwk.crv === 'P-521';\n break;\n }\n }\n return candidate;\n });\n const { 0: jwk, length } = candidates;\n if (length === 0) {\n throw new JWKSNoMatchingKey();\n }\n if (length !== 1) {\n const error = new JWKSMultipleMatchingKeys();\n const { _cached } = this;\n error[Symbol.asyncIterator] = async function* () {\n for (const jwk of candidates) {\n try {\n yield await importWithAlgCache(_cached, jwk, alg);\n }\n catch { }\n }\n };\n throw error;\n }\n return importWithAlgCache(this._cached, jwk, alg);\n }\n}\nasync function importWithAlgCache(cache, jwk, alg) {\n const cached = cache.get(jwk) || cache.set(jwk, {}).get(jwk);\n if (cached[alg] === undefined) {\n const key = await importJWK({ ...jwk, ext: true }, alg);\n if (key instanceof Uint8Array || key.type !== 'public') {\n throw new JWKSInvalid('JSON Web Key Set members must be public keys');\n }\n cached[alg] = key;\n }\n return cached[alg];\n}\nexport function createLocalJWKSet(jwks) {\n const set = new LocalJWKSet(jwks);\n return async (protectedHeader, token) => set.getKey(protectedHeader, token);\n}\n","import * as http from 'node:http';\nimport * as https from 'node:https';\nimport { once } from 'node:events';\nimport { JOSEError, JWKSTimeout } from '../util/errors.js';\nimport { concat, decoder } from '../lib/buffer_utils.js';\nconst fetchJwks = async (url, timeout, options) => {\n let get;\n switch (url.protocol) {\n case 'https:':\n get = https.get;\n break;\n case 'http:':\n get = http.get;\n break;\n default:\n throw new TypeError('Unsupported URL protocol.');\n }\n const { agent, headers } = options;\n const req = get(url.href, {\n agent,\n timeout,\n headers,\n });\n const [response] = (await Promise.race([once(req, 'response'), once(req, 'timeout')]));\n if (!response) {\n req.destroy();\n throw new JWKSTimeout();\n }\n if (response.statusCode !== 200) {\n throw new JOSEError('Expected 200 OK from the JSON Web Key Set HTTP response');\n }\n const parts = [];\n for await (const part of response) {\n parts.push(part);\n }\n try {\n return JSON.parse(decoder.decode(concat(...parts)));\n }\n catch {\n throw new JOSEError('Failed to parse the JSON Web Key Set HTTP response as JSON');\n }\n};\nexport default fetchJwks;\n","import fetchJwks from '../runtime/fetch_jwks.js';\nimport { JWKSInvalid, JWKSNoMatchingKey } from '../util/errors.js';\nimport { isJWKSLike, LocalJWKSet } from './local.js';\nfunction isCloudflareWorkers() {\n return (typeof WebSocketPair !== 'undefined' ||\n (typeof navigator !== 'undefined' && navigator.userAgent === 'Cloudflare-Workers') ||\n (typeof EdgeRuntime !== 'undefined' && EdgeRuntime === 'vercel'));\n}\nlet USER_AGENT;\nif (typeof navigator === 'undefined' || !navigator.userAgent?.startsWith?.('Mozilla/5.0 ')) {\n const NAME = 'jose';\n const VERSION = 'v5.2.3';\n USER_AGENT = `${NAME}/${VERSION}`;\n}\nclass RemoteJWKSet extends LocalJWKSet {\n _url;\n _timeoutDuration;\n _cooldownDuration;\n _cacheMaxAge;\n _jwksTimestamp;\n _pendingFetch;\n _options;\n constructor(url, options) {\n super({ keys: [] });\n this._jwks = undefined;\n if (!(url instanceof URL)) {\n throw new TypeError('url must be an instance of URL');\n }\n this._url = new URL(url.href);\n this._options = { agent: options?.agent, headers: options?.headers };\n this._timeoutDuration =\n typeof options?.timeoutDuration === 'number' ? options?.timeoutDuration : 5000;\n this._cooldownDuration =\n typeof options?.cooldownDuration === 'number' ? options?.cooldownDuration : 30000;\n this._cacheMaxAge = typeof options?.cacheMaxAge === 'number' ? options?.cacheMaxAge : 600000;\n }\n coolingDown() {\n return typeof this._jwksTimestamp === 'number'\n ? Date.now() < this._jwksTimestamp + this._cooldownDuration\n : false;\n }\n fresh() {\n return typeof this._jwksTimestamp === 'number'\n ? Date.now() < this._jwksTimestamp + this._cacheMaxAge\n : false;\n }\n async getKey(protectedHeader, token) {\n if (!this._jwks || !this.fresh()) {\n await this.reload();\n }\n try {\n return await super.getKey(protectedHeader, token);\n }\n catch (err) {\n if (err instanceof JWKSNoMatchingKey) {\n if (this.coolingDown() === false) {\n await this.reload();\n return super.getKey(protectedHeader, token);\n }\n }\n throw err;\n }\n }\n async reload() {\n if (this._pendingFetch && isCloudflareWorkers()) {\n this._pendingFetch = undefined;\n }\n const headers = new Headers(this._options.headers);\n if (USER_AGENT && !headers.has('User-Agent')) {\n headers.set('User-Agent', USER_AGENT);\n this._options.headers = Object.fromEntries(headers.entries());\n }\n this._pendingFetch ||= fetchJwks(this._url, this._timeoutDuration, this._options)\n .then((json) => {\n if (!isJWKSLike(json)) {\n throw new JWKSInvalid('JSON Web Key Set malformed');\n }\n this._jwks = { keys: json.keys };\n this._jwksTimestamp = Date.now();\n this._pendingFetch = undefined;\n })\n .catch((err) => {\n this._pendingFetch = undefined;\n throw err;\n });\n await this._pendingFetch;\n }\n}\nexport function createRemoteJWKSet(url, options) {\n const set = new RemoteJWKSet(url, options);\n return async (protectedHeader, token) => set.getKey(protectedHeader, token);\n}\n","import * as base64url from '../runtime/base64url.js';\nimport { decoder } from '../lib/buffer_utils.js';\nimport { JWTInvalid } from '../util/errors.js';\nimport jwtPayload from '../lib/jwt_claims_set.js';\nimport { ProduceJWT } from './produce.js';\nexport class UnsecuredJWT extends ProduceJWT {\n encode() {\n const header = base64url.encode(JSON.stringify({ alg: 'none' }));\n const payload = base64url.encode(JSON.stringify(this._payload));\n return `${header}.${payload}.`;\n }\n static decode(jwt, options) {\n if (typeof jwt !== 'string') {\n throw new JWTInvalid('Unsecured JWT must be a string');\n }\n const { 0: encodedHeader, 1: encodedPayload, 2: signature, length } = jwt.split('.');\n if (length !== 3 || signature !== '') {\n throw new JWTInvalid('Invalid Unsecured JWT');\n }\n let header;\n try {\n header = JSON.parse(decoder.decode(base64url.decode(encodedHeader)));\n if (header.alg !== 'none')\n throw new Error();\n }\n catch {\n throw new JWTInvalid('Invalid Unsecured JWT');\n }\n const payload = jwtPayload(header, base64url.decode(encodedPayload), options);\n return { payload, header };\n }\n}\n","import * as base64url from '../runtime/base64url.js';\nexport const encode = base64url.encode;\nexport const decode = base64url.decode;\n","import { decode as base64url } from './base64url.js';\nimport { decoder } from '../lib/buffer_utils.js';\nimport isObject from '../lib/is_object.js';\nexport function decodeProtectedHeader(token) {\n let protectedB64u;\n if (typeof token === 'string') {\n const parts = token.split('.');\n if (parts.length === 3 || parts.length === 5) {\n ;\n [protectedB64u] = parts;\n }\n }\n else if (typeof token === 'object' && token) {\n if ('protected' in token) {\n protectedB64u = token.protected;\n }\n else {\n throw new TypeError('Token does not contain a Protected Header');\n }\n }\n try {\n if (typeof protectedB64u !== 'string' || !protectedB64u) {\n throw new Error();\n }\n const result = JSON.parse(decoder.decode(base64url(protectedB64u)));\n if (!isObject(result)) {\n throw new Error();\n }\n return result;\n }\n catch {\n throw new TypeError('Invalid Token or Protected Header formatting');\n }\n}\n","import { decode as base64url } from './base64url.js';\nimport { decoder } from '../lib/buffer_utils.js';\nimport isObject from '../lib/is_object.js';\nimport { JWTInvalid } from './errors.js';\nexport function decodeJwt(jwt) {\n if (typeof jwt !== 'string')\n throw new JWTInvalid('JWTs must use Compact JWS serialization, JWT must be a string');\n const { 1: payload, length } = jwt.split('.');\n if (length === 5)\n throw new JWTInvalid('Only JWTs using Compact JWS serialization can be decoded');\n if (length !== 3)\n throw new JWTInvalid('Invalid JWT');\n if (!payload)\n throw new JWTInvalid('JWTs must contain a payload');\n let decoded;\n try {\n decoded = base64url(payload);\n }\n catch {\n throw new JWTInvalid('Failed to base64url decode the payload');\n }\n let result;\n try {\n result = JSON.parse(decoder.decode(decoded));\n }\n catch {\n throw new JWTInvalid('Failed to parse the decoded payload as JSON');\n }\n if (!isObject(result))\n throw new JWTInvalid('Invalid JWT Claims Set');\n return result;\n}\n","import { createSecretKey, generateKeyPair as generateKeyPairCb } from 'node:crypto';\nimport { promisify } from 'node:util';\nimport random from './random.js';\nimport { JOSENotSupported } from '../util/errors.js';\nconst generate = promisify(generateKeyPairCb);\nexport async function generateSecret(alg, options) {\n let length;\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512':\n case 'A128CBC-HS256':\n case 'A192CBC-HS384':\n case 'A256CBC-HS512':\n length = parseInt(alg.slice(-3), 10);\n break;\n case 'A128KW':\n case 'A192KW':\n case 'A256KW':\n case 'A128GCMKW':\n case 'A192GCMKW':\n case 'A256GCMKW':\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM':\n length = parseInt(alg.slice(1, 4), 10);\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n return createSecretKey(random(new Uint8Array(length >> 3)));\n}\nexport async function generateKeyPair(alg, options) {\n switch (alg) {\n case 'RS256':\n case 'RS384':\n case 'RS512':\n case 'PS256':\n case 'PS384':\n case 'PS512':\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n case 'RSA1_5': {\n const modulusLength = options?.modulusLength ?? 2048;\n if (typeof modulusLength !== 'number' || modulusLength < 2048) {\n throw new JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');\n }\n const keypair = await generate('rsa', {\n modulusLength,\n publicExponent: 0x10001,\n });\n return keypair;\n }\n case 'ES256':\n return generate('ec', { namedCurve: 'P-256' });\n case 'ES256K':\n return generate('ec', { namedCurve: 'secp256k1' });\n case 'ES384':\n return generate('ec', { namedCurve: 'P-384' });\n case 'ES512':\n return generate('ec', { namedCurve: 'P-521' });\n case 'EdDSA': {\n switch (options?.crv) {\n case undefined:\n case 'Ed25519':\n return generate('ed25519');\n case 'Ed448':\n return generate('ed448');\n default:\n throw new JOSENotSupported('Invalid or unsupported crv option provided, supported values are Ed25519 and Ed448');\n }\n }\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW': {\n const crv = options?.crv ?? 'P-256';\n switch (crv) {\n case undefined:\n case 'P-256':\n case 'P-384':\n case 'P-521':\n return generate('ec', { namedCurve: crv });\n case 'X25519':\n return generate('x25519');\n case 'X448':\n return generate('x448');\n default:\n throw new JOSENotSupported('Invalid or unsupported crv option provided, supported values are P-256, P-384, P-521, X25519, and X448');\n }\n }\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n}\n","import { generateKeyPair as generate } from '../runtime/generate.js';\nexport async function generateKeyPair(alg, options) {\n return generate(alg, options);\n}\n","import { generateSecret as generate } from '../runtime/generate.js';\nexport async function generateSecret(alg, options) {\n return generate(alg, options);\n}\n","export default 'node:crypto';\n","import value from '../runtime/runtime.js';\nexport default value;\n"],"mappings":"yCAAA,OAAS,UAAAA,OAAc,cCAvB,OAAS,cAAAC,OAAkB,cAC3B,IAAMC,GAAS,CAACC,EAAWC,IAASH,GAAWE,CAAS,EAAE,OAAOC,CAAI,EAAE,OAAO,EACvEC,GAAQH,GCDR,IAAMI,EAAU,IAAI,YACdC,EAAU,IAAI,YACrBC,GAAY,GAAK,GAChB,SAASC,KAAUC,EAAS,CAC/B,IAAMC,EAAOD,EAAQ,OAAO,CAACE,EAAK,CAAE,OAAAC,CAAO,IAAMD,EAAMC,EAAQ,CAAC,EAC1DC,EAAM,IAAI,WAAWH,CAAI,EAC3BI,EAAI,EACR,QAAWC,KAAUN,EACjBI,EAAI,IAAIE,EAAQD,CAAC,EACjBA,GAAKC,EAAO,OAEhB,OAAOF,CACX,CACO,SAASG,GAAIC,EAAKC,EAAU,CAC/B,OAAOV,EAAOH,EAAQ,OAAOY,CAAG,EAAG,IAAI,WAAW,CAAC,CAAC,CAAC,EAAGC,CAAQ,CACpE,CACA,SAASC,GAAcN,EAAKO,EAAOC,EAAQ,CACvC,GAAID,EAAQ,GAAKA,GAASb,GACtB,MAAM,IAAI,WAAW,6BAA6BA,GAAY,CAAC,cAAca,CAAK,EAAE,EAExFP,EAAI,IAAI,CAACO,IAAU,GAAIA,IAAU,GAAIA,IAAU,EAAGA,EAAQ,GAAI,EAAGC,CAAM,CAC3E,CACO,SAASC,GAASF,EAAO,CAC5B,IAAMG,EAAO,KAAK,MAAMH,EAAQb,EAAS,EACnCiB,EAAMJ,EAAQb,GACdM,EAAM,IAAI,WAAW,CAAC,EAC5B,OAAAM,GAAcN,EAAKU,EAAM,CAAC,EAC1BJ,GAAcN,EAAKW,EAAK,CAAC,EAClBX,CACX,CACO,SAASY,GAASL,EAAO,CAC5B,IAAMP,EAAM,IAAI,WAAW,CAAC,EAC5B,OAAAM,GAAcN,EAAKO,CAAK,EACjBP,CACX,CACO,SAASa,GAAeC,EAAO,CAClC,OAAOnB,EAAOiB,GAASE,EAAM,MAAM,EAAGA,CAAK,CAC/C,CACA,eAAsBC,GAAUC,EAAQC,EAAMV,EAAO,CACjD,IAAMW,EAAa,KAAK,MAAMD,GAAQ,GAAK,EAAE,EACvCE,EAAM,IAAI,WAAWD,EAAa,EAAE,EAC1C,QAASE,EAAO,EAAGA,EAAOF,EAAYE,IAAQ,CAC1C,IAAMpB,EAAM,IAAI,WAAW,EAAIgB,EAAO,OAAST,EAAM,MAAM,EAC3DP,EAAI,IAAIY,GAASQ,EAAO,CAAC,CAAC,EAC1BpB,EAAI,IAAIgB,EAAQ,CAAC,EACjBhB,EAAI,IAAIO,EAAO,EAAIS,EAAO,MAAM,EAChCG,EAAI,IAAI,MAAME,GAAO,SAAUrB,CAAG,EAAGoB,EAAO,EAAE,CAClD,CACA,OAAOD,EAAI,MAAM,EAAGF,GAAQ,CAAC,CACjC,CFhDA,SAASK,GAAUC,EAAO,CACtB,IAAIC,EAAUD,EACd,OAAIC,aAAmB,aACnBA,EAAUC,EAAQ,OAAOD,CAAO,GAE7BA,CACX,CACA,IAAME,EAAUH,GAAUI,GAAO,KAAKJ,CAAK,EAAE,SAAS,WAAW,EAI1D,IAAMK,EAAUC,GAAU,IAAI,WAAWC,GAAO,KAAKC,GAAUF,CAAK,EAAG,QAAQ,CAAC,EGbvF,OAAS,oBAAAG,GAAkB,aAAAC,OAAiB,cCA5C,IAAAC,GAAA,GAAAC,GAAAD,GAAA,uBAAAE,EAAA,cAAAC,EAAA,qBAAAC,EAAA,wBAAAC,EAAA,eAAAC,EAAA,eAAAC,GAAA,gBAAAC,EAAA,6BAAAC,GAAA,sBAAAC,EAAA,gBAAAC,GAAA,eAAAC,EAAA,mCAAAC,EAAA,6BAAAC,EAAA,eAAAC,GAAA,eAAAC,IAAO,IAAMb,EAAN,cAAwB,KAAM,CACjC,WAAW,MAAO,CACd,MAAO,kBACX,CACA,KAAO,mBACP,YAAYc,EAAS,CACjB,MAAMA,CAAO,EACb,KAAK,KAAO,KAAK,YAAY,KAC7B,MAAM,oBAAoB,KAAM,KAAK,WAAW,CACpD,CACJ,EACaH,EAAN,cAAuCX,CAAU,CACpD,WAAW,MAAO,CACd,MAAO,iCACX,CACA,KAAO,kCACP,MACA,OACA,YAAYc,EAASC,EAAQ,cAAeC,EAAS,cAAe,CAChE,MAAMF,CAAO,EACb,KAAK,MAAQC,EACb,KAAK,OAASC,CAClB,CACJ,EACaJ,GAAN,cAAyBZ,CAAU,CACtC,WAAW,MAAO,CACd,MAAO,iBACX,CACA,KAAO,kBACP,MACA,OACA,YAAYc,EAASC,EAAQ,cAAeC,EAAS,cAAe,CAChE,MAAMF,CAAO,EACb,KAAK,MAAQC,EACb,KAAK,OAASC,CAClB,CACJ,EACajB,EAAN,cAAgCC,CAAU,CAC7C,WAAW,MAAO,CACd,MAAO,0BACX,CACA,KAAO,0BACX,EACaC,EAAN,cAA+BD,CAAU,CAC5C,WAAW,MAAO,CACd,MAAO,wBACX,CACA,KAAO,wBACX,EACaE,EAAN,cAAkCF,CAAU,CAC/C,WAAW,MAAO,CACd,MAAO,2BACX,CACA,KAAO,4BACP,QAAU,6BACd,EACaG,EAAN,cAAyBH,CAAU,CACtC,WAAW,MAAO,CACd,MAAO,iBACX,CACA,KAAO,iBACX,EACaS,EAAN,cAAyBT,CAAU,CACtC,WAAW,MAAO,CACd,MAAO,iBACX,CACA,KAAO,iBACX,EACaa,EAAN,cAAyBb,CAAU,CACtC,WAAW,MAAO,CACd,MAAO,iBACX,CACA,KAAO,iBACX,EACaI,GAAN,cAAyBJ,CAAU,CACtC,WAAW,MAAO,CACd,MAAO,iBACX,CACA,KAAO,iBACX,EACaK,EAAN,cAA0BL,CAAU,CACvC,WAAW,MAAO,CACd,MAAO,kBACX,CACA,KAAO,kBACX,EACaO,EAAN,cAAgCP,CAAU,CAC7C,WAAW,MAAO,CACd,MAAO,0BACX,CACA,KAAO,2BACP,QAAU,iDACd,EACaM,GAAN,cAAuCN,CAAU,CACpD,CAAC,OAAO,aAAa,EACrB,WAAW,MAAO,CACd,MAAO,iCACX,CACA,KAAO,kCACP,QAAU,sDACd,EACaQ,GAAN,cAA0BR,CAAU,CACvC,WAAW,MAAO,CACd,MAAO,kBACX,CACA,KAAO,mBACP,QAAU,mBACd,EACaU,EAAN,cAA6CV,CAAU,CAC1D,WAAW,MAAO,CACd,MAAO,uCACX,CACA,KAAO,wCACP,QAAU,+BACd,EClHA,OAA2B,kBAAlBiB,MAAiC,cCEnC,SAASC,GAAUC,EAAK,CAC3B,OAAQA,EAAK,CACT,IAAK,UACL,IAAK,YACL,IAAK,UACL,IAAK,YACL,IAAK,UACL,IAAK,YACD,MAAO,IACX,IAAK,gBACL,IAAK,gBACL,IAAK,gBACD,MAAO,KACX,QACI,MAAM,IAAIC,EAAiB,8BAA8BD,CAAG,EAAE,CACtE,CACJ,CACA,IAAOE,GAASF,GAAQG,EAAO,IAAI,WAAWJ,GAAUC,CAAG,GAAK,CAAC,CAAC,ECjBlE,IAAMI,GAAgB,CAACC,EAAKC,IAAO,CAC/B,GAAIA,EAAG,QAAU,IAAMC,GAAUF,CAAG,EAChC,MAAM,IAAIG,EAAW,sCAAsC,CAEnE,EACOC,GAAQL,GCPf,UAAYM,OAAU,YACtB,IAAOC,EAASC,GAAa,SAAM,YAAYA,CAAG,ECClD,IAAMC,GAAiB,CAACC,EAAKC,IAAQ,CACjC,IAAIC,EACJ,OAAQF,EAAK,CACT,IAAK,gBACL,IAAK,gBACL,IAAK,gBACDE,EAAW,SAASF,EAAI,MAAM,EAAE,EAAG,EAAE,EACrC,MACJ,IAAK,UACL,IAAK,UACL,IAAK,UACDE,EAAW,SAASF,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,EACvC,MACJ,QACI,MAAM,IAAIG,EAAiB,gCAAgCH,CAAG,6DAA6D,CACnI,CACA,GAAIC,aAAe,WAAY,CAC3B,IAAMG,EAASH,EAAI,YAAc,EACjC,GAAIG,IAAWF,EACX,MAAM,IAAIG,EAAW,mDAAmDH,CAAQ,cAAcE,CAAM,OAAO,EAE/G,MACJ,CACA,GAAIE,EAAYL,CAAG,GAAKA,EAAI,OAAS,SAAU,CAC3C,IAAMG,EAASH,EAAI,kBAAoB,EACvC,GAAIG,IAAWF,EACX,MAAM,IAAIG,EAAW,mDAAmDH,CAAQ,cAAcE,CAAM,OAAO,EAE/G,MACJ,CACA,MAAM,IAAI,UAAU,qCAAqC,CAC7D,EACOG,GAAQR,GClCf,OAAS,mBAAmBS,OAAY,cACxC,IAAMC,GAAkBD,GACjBE,GAAQD,GCFf,OAAS,cAAAE,OAAkB,cAEZ,SAARC,GAAwBC,EAAKC,EAAIC,EAAYC,EAASC,EAAQC,EAAS,CAC1E,IAAMC,EAAUC,EAAOP,EAAKC,EAAIC,EAAYM,GAASR,EAAI,QAAU,CAAC,CAAC,EAC/DS,EAAOC,GAAW,MAAMP,CAAO,GAAIC,CAAM,EAC/C,OAAAK,EAAK,OAAOH,CAAO,EACZG,EAAK,OAAO,EAAE,MAAM,EAAGJ,GAAW,CAAC,CAC9C,CCPA,UAAYM,OAAY,cACxB,UAAYC,OAAU,YACtB,IAAMC,GAAmB,aAClBC,GAAQD,GACFE,EAAeC,GAAa,SAAM,YAAYA,CAAG,ECJ9D,SAASC,EAASC,EAAMC,EAAO,iBAAkB,CAC7C,OAAO,IAAI,UAAU,kDAAkDA,CAAI,YAAYD,CAAI,EAAE,CACjG,CACA,SAASE,EAAYC,EAAWH,EAAM,CAClC,OAAOG,EAAU,OAASH,CAC9B,CACA,SAASI,GAAcC,EAAM,CACzB,OAAO,SAASA,EAAK,KAAK,MAAM,CAAC,EAAG,EAAE,CAC1C,CACA,SAASC,GAAcC,EAAK,CACxB,OAAQA,EAAK,CACT,IAAK,QACD,MAAO,QACX,IAAK,QACD,MAAO,QACX,IAAK,QACD,MAAO,QACX,QACI,MAAM,IAAI,MAAM,aAAa,CACrC,CACJ,CACA,SAASC,GAAWC,EAAKC,EAAQ,CAC7B,GAAIA,EAAO,QAAU,CAACA,EAAO,KAAMC,GAAaF,EAAI,OAAO,SAASE,CAAQ,CAAC,EAAG,CAC5E,IAAIC,EAAM,sEACV,GAAIF,EAAO,OAAS,EAAG,CACnB,IAAMG,EAAOH,EAAO,IAAI,EACxBE,GAAO,UAAUF,EAAO,KAAK,IAAI,CAAC,QAAQG,CAAI,GAClD,MACSH,EAAO,SAAW,EACvBE,GAAO,UAAUF,EAAO,CAAC,CAAC,OAAOA,EAAO,CAAC,CAAC,IAG1CE,GAAO,GAAGF,EAAO,CAAC,CAAC,IAEvB,MAAM,IAAI,UAAUE,CAAG,CAC3B,CACJ,CACO,SAASE,GAAkBL,EAAKF,KAAQG,EAAQ,CACnD,OAAQH,EAAK,CACT,IAAK,QACL,IAAK,QACL,IAAK,QAAS,CACV,GAAI,CAACL,EAAYO,EAAI,UAAW,MAAM,EAClC,MAAMV,EAAS,MAAM,EACzB,IAAMY,EAAW,SAASJ,EAAI,MAAM,CAAC,EAAG,EAAE,EAE1C,GADeH,GAAcK,EAAI,UAAU,IAAI,IAChCE,EACX,MAAMZ,EAAS,OAAOY,CAAQ,GAAI,gBAAgB,EACtD,KACJ,CACA,IAAK,QACL,IAAK,QACL,IAAK,QAAS,CACV,GAAI,CAACT,EAAYO,EAAI,UAAW,mBAAmB,EAC/C,MAAMV,EAAS,mBAAmB,EACtC,IAAMY,EAAW,SAASJ,EAAI,MAAM,CAAC,EAAG,EAAE,EAE1C,GADeH,GAAcK,EAAI,UAAU,IAAI,IAChCE,EACX,MAAMZ,EAAS,OAAOY,CAAQ,GAAI,gBAAgB,EACtD,KACJ,CACA,IAAK,QACL,IAAK,QACL,IAAK,QAAS,CACV,GAAI,CAACT,EAAYO,EAAI,UAAW,SAAS,EACrC,MAAMV,EAAS,SAAS,EAC5B,IAAMY,EAAW,SAASJ,EAAI,MAAM,CAAC,EAAG,EAAE,EAE1C,GADeH,GAAcK,EAAI,UAAU,IAAI,IAChCE,EACX,MAAMZ,EAAS,OAAOY,CAAQ,GAAI,gBAAgB,EACtD,KACJ,CACA,IAAK,QAAS,CACV,GAAIF,EAAI,UAAU,OAAS,WAAaA,EAAI,UAAU,OAAS,QAC3D,MAAMV,EAAS,kBAAkB,EAErC,KACJ,CACA,IAAK,QACL,IAAK,QACL,IAAK,QAAS,CACV,GAAI,CAACG,EAAYO,EAAI,UAAW,OAAO,EACnC,MAAMV,EAAS,OAAO,EAC1B,IAAMY,EAAWL,GAAcC,CAAG,EAElC,GADeE,EAAI,UAAU,aACdE,EACX,MAAMZ,EAASY,EAAU,sBAAsB,EACnD,KACJ,CACA,QACI,MAAM,IAAI,UAAU,2CAA2C,CACvE,CACAH,GAAWC,EAAKC,CAAM,CAC1B,CACO,SAASK,EAAkBN,EAAKF,KAAQG,EAAQ,CACnD,OAAQH,EAAK,CACT,IAAK,UACL,IAAK,UACL,IAAK,UAAW,CACZ,GAAI,CAACL,EAAYO,EAAI,UAAW,SAAS,EACrC,MAAMV,EAAS,SAAS,EAC5B,IAAMY,EAAW,SAASJ,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,EAE7C,GADeE,EAAI,UAAU,SACdE,EACX,MAAMZ,EAASY,EAAU,kBAAkB,EAC/C,KACJ,CACA,IAAK,SACL,IAAK,SACL,IAAK,SAAU,CACX,GAAI,CAACT,EAAYO,EAAI,UAAW,QAAQ,EACpC,MAAMV,EAAS,QAAQ,EAC3B,IAAMY,EAAW,SAASJ,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,EAE7C,GADeE,EAAI,UAAU,SACdE,EACX,MAAMZ,EAASY,EAAU,kBAAkB,EAC/C,KACJ,CACA,IAAK,OAAQ,CACT,OAAQF,EAAI,UAAU,KAAM,CACxB,IAAK,OACL,IAAK,SACL,IAAK,OACD,MACJ,QACI,MAAMV,EAAS,uBAAuB,CAC9C,CACA,KACJ,CACA,IAAK,qBACL,IAAK,qBACL,IAAK,qBACD,GAAI,CAACG,EAAYO,EAAI,UAAW,QAAQ,EACpC,MAAMV,EAAS,QAAQ,EAC3B,MACJ,IAAK,WACL,IAAK,eACL,IAAK,eACL,IAAK,eAAgB,CACjB,GAAI,CAACG,EAAYO,EAAI,UAAW,UAAU,EACtC,MAAMV,EAAS,UAAU,EAC7B,IAAMY,EAAW,SAASJ,EAAI,MAAM,CAAC,EAAG,EAAE,GAAK,EAE/C,GADeH,GAAcK,EAAI,UAAU,IAAI,IAChCE,EACX,MAAMZ,EAAS,OAAOY,CAAQ,GAAI,gBAAgB,EACtD,KACJ,CACA,QACI,MAAM,IAAI,UAAU,2CAA2C,CACvE,CACAH,GAAWC,EAAKC,CAAM,CAC1B,CCvJA,SAASM,GAAQC,EAAKC,KAAWC,EAAO,CACpC,GAAIA,EAAM,OAAS,EAAG,CAClB,IAAMC,EAAOD,EAAM,IAAI,EACvBF,GAAO,eAAeE,EAAM,KAAK,IAAI,CAAC,QAAQC,CAAI,GACtD,MACSD,EAAM,SAAW,EACtBF,GAAO,eAAeE,EAAM,CAAC,CAAC,OAAOA,EAAM,CAAC,CAAC,IAG7CF,GAAO,WAAWE,EAAM,CAAC,CAAC,IAE9B,OAAID,GAAU,KACVD,GAAO,aAAaC,CAAM,GAErB,OAAOA,GAAW,YAAcA,EAAO,KAC5CD,GAAO,sBAAsBC,EAAO,IAAI,GAEnC,OAAOA,GAAW,UAAYA,GAAU,MACzCA,EAAO,aAAa,OACpBD,GAAO,4BAA4BC,EAAO,YAAY,IAAI,IAG3DD,CACX,CACA,IAAOI,EAAQ,CAACH,KAAWC,IAChBH,GAAQ,eAAgBE,EAAQ,GAAGC,CAAK,EAE5C,SAASG,GAAQC,EAAKL,KAAWC,EAAO,CAC3C,OAAOH,GAAQ,eAAeO,CAAG,sBAAuBL,EAAQ,GAAGC,CAAK,CAC5E,CC7BA,OAAS,cAAAK,OAAkB,cAC3B,IAAIC,GACGC,EAASC,IACZF,KAAY,IAAI,IAAID,GAAW,CAAC,EACzBC,GAAQ,IAAIE,CAAS,GCFhC,IAAOC,GAASC,GAAQC,EAAYD,CAAG,GAAKE,EAAYF,CAAG,EACrDG,EAAQ,CAAC,WAAW,GACtB,WAAW,WAAaC,IAAW,YACnCD,EAAM,KAAK,WAAW,EbQ1B,SAASE,GAAWC,EAAKC,EAAKC,EAAYC,EAAIC,EAAKC,EAAK,CACpD,IAAMC,EAAU,SAASN,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,EACxCO,EAAYN,CAAG,IACfA,EAAMA,EAAI,OAAO,GAErB,IAAMO,EAASP,EAAI,SAASK,GAAW,CAAC,EAClCG,EAASR,EAAI,SAAS,EAAGK,GAAW,CAAC,EACrCI,EAAU,SAASV,EAAI,MAAM,EAAE,EAAG,EAAE,EACpCW,EAAY,OAAOL,CAAO,OAChC,GAAI,CAACM,EAAUD,CAAS,EACpB,MAAM,IAAIE,EAAiB,OAAOb,CAAG,8CAA8C,EAEvF,IAAMc,EAAcC,GAAOV,EAAKF,EAAID,EAAYQ,EAASD,EAAQH,CAAO,EACpEU,EACJ,GAAI,CACAA,EAAiBC,GAAgBb,EAAKU,CAAW,CACrD,MACM,CACN,CACA,GAAI,CAACE,EACD,MAAM,IAAIE,EAEd,IAAIC,EACJ,GAAI,CACA,IAAMC,EAAWC,GAAiBV,EAAWH,EAAQL,CAAE,EACvDgB,EAAYG,EAAOF,EAAS,OAAOlB,CAAU,EAAGkB,EAAS,MAAM,CAAC,CACpE,MACM,CACN,CACA,GAAI,CAACD,EACD,MAAM,IAAID,EAEd,OAAOC,CACX,CACA,SAASI,GAAWvB,EAAKC,EAAKC,EAAYC,EAAIC,EAAKC,EAAK,CAEpD,IAAMM,EAAY,OADF,SAASX,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,CACZ,OAChC,GAAI,CAACY,EAAUD,CAAS,EACpB,MAAM,IAAIE,EAAiB,OAAOb,CAAG,8CAA8C,EAEvF,GAAI,CACA,IAAMoB,EAAWC,GAAiBV,EAAWV,EAAKE,EAAI,CAAE,cAAe,EAAG,CAAC,EAC3EiB,EAAS,WAAWhB,CAAG,EACnBC,EAAI,YACJe,EAAS,OAAOf,EAAK,CAAE,gBAAiBH,EAAW,MAAO,CAAC,EAE/D,IAAMiB,EAAYC,EAAS,OAAOlB,CAAU,EAC5C,OAAAkB,EAAS,MAAM,EACRD,CACX,MACM,CACF,MAAM,IAAID,CACd,CACJ,CACA,IAAMM,GAAU,CAACxB,EAAKC,EAAKC,EAAYC,EAAIC,EAAKC,IAAQ,CACpD,IAAIoB,EACJ,GAAIC,EAAYzB,CAAG,EACf0B,EAAkB1B,EAAKD,EAAK,SAAS,EACrCyB,EAAMG,GAAU,KAAK3B,CAAG,UAEnBA,aAAe,YAAcM,EAAYN,CAAG,EACjDwB,EAAMxB,MAGN,OAAM,IAAI,UAAU4B,EAAgB5B,EAAK,GAAG6B,EAAO,YAAY,CAAC,EAEpE,GAAI,CAAC3B,EACD,MAAM,IAAI4B,EAAW,mCAAmC,EAE5D,GAAI,CAAC3B,EACD,MAAM,IAAI2B,EAAW,gCAAgC,EAIzD,OAFAC,GAAehC,EAAKyB,CAAG,EACvBQ,GAAcjC,EAAKG,CAAE,EACbH,EAAK,CACT,IAAK,gBACL,IAAK,gBACL,IAAK,gBACD,OAAOD,GAAWC,EAAKyB,EAAKvB,EAAYC,EAAIC,EAAKC,CAAG,EACxD,IAAK,UACL,IAAK,UACL,IAAK,UACD,OAAOkB,GAAWvB,EAAKyB,EAAKvB,EAAYC,EAAIC,EAAKC,CAAG,EACxD,QACI,MAAM,IAAIQ,EAAiB,8CAA8C,CACjF,CACJ,EACOqB,GAAQV,GcpGf,IAAMW,GAAa,IAAIC,IAAY,CAC/B,IAAMC,EAAUD,EAAQ,OAAO,OAAO,EACtC,GAAIC,EAAQ,SAAW,GAAKA,EAAQ,SAAW,EAC3C,MAAO,GAEX,IAAIC,EACJ,QAAWC,KAAUF,EAAS,CAC1B,IAAMG,EAAa,OAAO,KAAKD,CAAM,EACrC,GAAI,CAACD,GAAOA,EAAI,OAAS,EAAG,CACxBA,EAAM,IAAI,IAAIE,CAAU,EACxB,QACJ,CACA,QAAWC,KAAaD,EAAY,CAChC,GAAIF,EAAI,IAAIG,CAAS,EACjB,MAAO,GAEXH,EAAI,IAAIG,CAAS,CACrB,CACJ,CACA,MAAO,EACX,EACOC,EAAQP,GCrBf,SAASQ,GAAaC,EAAO,CACzB,OAAO,OAAOA,GAAU,UAAYA,IAAU,IAClD,CACe,SAARC,EAA0BC,EAAO,CACpC,GAAI,CAACH,GAAaG,CAAK,GAAK,OAAO,UAAU,SAAS,KAAKA,CAAK,IAAM,kBAClE,MAAO,GAEX,GAAI,OAAO,eAAeA,CAAK,IAAM,KACjC,MAAO,GAEX,IAAIC,EAAQD,EACZ,KAAO,OAAO,eAAeC,CAAK,IAAM,MACpCA,EAAQ,OAAO,eAAeA,CAAK,EAEvC,OAAO,OAAO,eAAeD,CAAK,IAAMC,CAC5C,CCfA,OAAS,UAAAC,OAAc,cACvB,OAAS,aAAAC,GAAW,oBAAAC,GAAkB,kBAAAC,GAAgB,mBAAAC,OAAuB,cAS7E,SAASC,GAAaC,EAAKC,EAAK,CAC5B,GAAID,EAAI,kBAAoB,IAAM,SAASC,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,EAC1D,MAAM,IAAI,UAAU,6BAA6BA,CAAG,EAAE,CAE9D,CACA,SAASC,GAAgBF,EAAKC,EAAKE,EAAO,CACtC,GAAIC,EAAYJ,CAAG,EACf,OAAOA,EAEX,GAAIA,aAAe,WACf,OAAOK,GAAgBL,CAAG,EAE9B,GAAIM,EAAYN,CAAG,EACf,OAAAO,EAAkBP,EAAKC,EAAKE,CAAK,EAC1BK,GAAU,KAAKR,CAAG,EAE7B,MAAM,IAAI,UAAUS,EAAgBT,EAAK,GAAGU,EAAO,YAAY,CAAC,CACpE,CACO,IAAMC,GAAO,CAACV,EAAKD,EAAKY,IAAQ,CAEnC,IAAMC,EAAY,MADL,SAASZ,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,CACb,QAC5B,GAAI,CAACa,EAAUD,CAAS,EACpB,MAAM,IAAIE,EAAiB,OAAOd,CAAG,6DAA6D,EAEtG,IAAMe,EAAYd,GAAgBF,EAAKC,EAAK,SAAS,EACrDF,GAAaiB,EAAWf,CAAG,EAC3B,IAAMgB,EAASC,GAAeL,EAAWG,EAAWG,GAAO,MAAM,EAAG,GAAI,CAAC,EACzE,OAAOC,EAAOH,EAAO,OAAOL,CAAG,EAAGK,EAAO,MAAM,CAAC,CACpD,EACaI,GAAS,CAACpB,EAAKD,EAAKsB,IAAiB,CAE9C,IAAMT,EAAY,MADL,SAASZ,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,CACb,QAC5B,GAAI,CAACa,EAAUD,CAAS,EACpB,MAAM,IAAIE,EAAiB,OAAOd,CAAG,6DAA6D,EAEtG,IAAMe,EAAYd,GAAgBF,EAAKC,EAAK,WAAW,EACvDF,GAAaiB,EAAWf,CAAG,EAC3B,IAAMgB,EAASM,GAAiBV,EAAWG,EAAWG,GAAO,MAAM,EAAG,GAAI,CAAC,EAC3E,OAAOC,EAAOH,EAAO,OAAOK,CAAY,EAAGL,EAAO,MAAM,CAAC,CAC7D,ECjDA,OAAS,iBAAAO,GAAe,mBAAmBC,GAAmB,aAAAC,OAAiB,cAC/E,OAAS,aAAAC,OAAiB,YCD1B,OAAS,aAAAC,OAAiB,cAO1B,IAAMC,GAAoBC,GAAe,CACrC,OAAQA,EAAY,CAChB,IAAK,aACD,MAAO,QACX,IAAK,YACD,MAAO,QACX,IAAK,YACD,MAAO,QACX,IAAK,YACD,MAAO,YACX,QACI,MAAM,IAAIC,EAAiB,0CAA0C,CAC7E,CACJ,EACMC,GAAgB,CAACC,EAAKC,IAAQ,CAChC,IAAIC,EACJ,GAAIC,EAAYH,CAAG,EACfE,EAAME,GAAU,KAAKJ,CAAG,UAEnBK,EAAYL,CAAG,EACpBE,EAAMF,MAGN,OAAM,IAAI,UAAUM,EAAgBN,EAAK,GAAGO,CAAK,CAAC,EAEtD,GAAIL,EAAI,OAAS,SACb,MAAM,IAAI,UAAU,qEAAqE,EAE7F,OAAQA,EAAI,kBAAmB,CAC3B,IAAK,UACL,IAAK,QACD,MAAO,KAAKA,EAAI,kBAAkB,MAAM,CAAC,CAAC,GAC9C,IAAK,SACL,IAAK,OACD,MAAO,IAAIA,EAAI,kBAAkB,MAAM,CAAC,CAAC,GAC7C,IAAK,KAAM,CACP,IAAML,EAAaK,EAAI,qBAAqB,WAC5C,OAAID,EACOJ,EAEJD,GAAiBC,CAAU,CACtC,CACA,QACI,MAAM,IAAI,UAAU,gDAAgD,CAC5E,CACJ,EACOW,GAAQT,GD3Cf,IAAMU,GAAkBC,GAAUC,EAAiB,EACnD,eAAsBC,GAAUC,EAAWC,EAAYC,EAAWC,EAAWC,EAAM,IAAI,WAAW,CAAC,EAAGC,EAAM,IAAI,WAAW,CAAC,EAAG,CAC3H,IAAIC,EACJ,GAAIC,EAAYP,CAAS,EACrBQ,EAAkBR,EAAW,MAAM,EACnCM,EAAYG,GAAU,KAAKT,CAAS,UAE/BU,EAAYV,CAAS,EAC1BM,EAAYN,MAGZ,OAAM,IAAI,UAAUW,EAAgBX,EAAW,GAAGY,CAAK,CAAC,EAE5D,IAAIC,EACJ,GAAIN,EAAYN,CAAU,EACtBO,EAAkBP,EAAY,OAAQ,YAAY,EAClDY,EAAaJ,GAAU,KAAKR,CAAU,UAEjCS,EAAYT,CAAU,EAC3BY,EAAaZ,MAGb,OAAM,IAAI,UAAUU,EAAgBV,EAAY,GAAGW,CAAK,CAAC,EAE7D,IAAME,EAAQC,EAAOC,GAAeC,EAAQ,OAAOf,CAAS,CAAC,EAAGc,GAAeZ,CAAG,EAAGY,GAAeX,CAAG,EAAGa,GAASf,CAAS,CAAC,EACvHgB,EAAeC,GAAc,CAAE,WAAAP,EAAY,UAAAP,CAAU,CAAC,EAC5D,OAAOe,GAAUF,EAAchB,EAAWW,CAAK,CACnD,CACA,eAAsBQ,GAAYC,EAAK,CACnC,IAAIC,EACJ,GAAIjB,EAAYgB,CAAG,EACfC,EAAMf,GAAU,KAAKc,CAAG,UAEnBb,EAAYa,CAAG,EACpBC,EAAMD,MAGN,OAAM,IAAI,UAAUZ,EAAgBY,EAAK,GAAGX,CAAK,CAAC,EAEtD,OAAQY,EAAI,kBAAmB,CAC3B,IAAK,SACD,OAAO5B,GAAgB,QAAQ,EACnC,IAAK,OACD,OAAOA,GAAgB,MAAM,EAEjC,IAAK,KAAM,CACP,IAAM6B,EAAaC,GAAcF,CAAG,EACpC,OAAO5B,GAAgB,KAAM,CAAE,WAAA6B,CAAW,CAAC,CAC/C,CACA,QACI,MAAM,IAAIE,EAAiB,4BAA4B,CAC/D,CACJ,CACO,IAAMC,GAAeJ,GAAQ,CAAC,QAAS,QAAS,QAAS,SAAU,MAAM,EAAE,SAASE,GAAcF,CAAG,CAAC,EE/D7G,OAAS,aAAAK,OAAiB,YAC1B,OAAS,aAAAC,GAAW,UAAUC,OAAgB,cCA/B,SAARC,GAA0BC,EAAK,CAClC,GAAI,EAAEA,aAAe,aAAeA,EAAI,OAAS,EAC7C,MAAM,IAAIC,EAAW,2CAA2C,CAExE,CDOA,IAAMC,GAASC,GAAUC,EAAQ,EACjC,SAASC,GAAYC,EAAKC,EAAK,CAC3B,GAAIC,EAAYF,CAAG,EACf,OAAOA,EAAI,OAAO,EAEtB,GAAIA,aAAe,WACf,OAAOA,EAEX,GAAIG,EAAYH,CAAG,EACf,OAAAI,EAAkBJ,EAAKC,EAAK,aAAc,WAAW,EAC9CI,GAAU,KAAKL,CAAG,EAAE,OAAO,EAEtC,MAAM,IAAI,UAAUM,EAAgBN,EAAK,GAAGO,EAAO,YAAY,CAAC,CACpE,CACO,IAAMC,GAAU,MAAOP,EAAKD,EAAKS,EAAKC,EAAM,KAAMC,EAAMC,EAAO,IAAI,WAAW,EAAE,CAAC,IAAM,CAC1FC,GAASF,CAAG,EACZ,IAAMG,EAAOH,GAAWV,EAAKU,CAAG,EAC1BI,EAAS,SAASd,EAAI,MAAM,GAAI,EAAE,EAAG,EAAE,GAAK,EAC5Ce,EAAWjB,GAAYC,EAAKC,CAAG,EAC/BgB,EAAa,MAAMrB,GAAOoB,EAAUF,EAAMJ,EAAKK,EAAQ,MAAMd,EAAI,MAAM,EAAG,EAAE,CAAC,EAAE,EAErF,MAAO,CAAE,aADY,MAAMiB,GAAKjB,EAAI,MAAM,EAAE,EAAGgB,EAAYR,CAAG,EACvC,IAAAC,EAAK,IAAKS,EAAUR,CAAG,CAAE,CACpD,EACaS,GAAU,MAAOnB,EAAKD,EAAKqB,EAAcX,EAAKC,IAAQ,CAC/DE,GAASF,CAAG,EACZ,IAAMG,EAAOH,GAAWV,EAAKU,CAAG,EAC1BI,EAAS,SAASd,EAAI,MAAM,GAAI,EAAE,EAAG,EAAE,GAAK,EAC5Ce,EAAWjB,GAAYC,EAAKC,CAAG,EAC/BgB,EAAa,MAAMrB,GAAOoB,EAAUF,EAAMJ,EAAKK,EAAQ,MAAMd,EAAI,MAAM,EAAG,EAAE,CAAC,EAAE,EACrF,OAAOqB,GAAOrB,EAAI,MAAM,EAAE,EAAGgB,EAAYI,CAAY,CACzD,EE1CA,OAAS,aAAAE,GAAW,iBAAAC,GAAe,aAAAC,GAAW,kBAAAC,OAAsB,cACpE,OAAS,aAAAC,OAAiB,YCD1B,IAAOC,GAAQ,CAACC,EAAKC,IAAQ,CACzB,GAAM,CAAE,cAAAC,CAAc,EAAIF,EAAI,qBAC9B,GAAI,OAAOE,GAAkB,UAAYA,EAAgB,KACrD,MAAM,IAAI,UAAU,GAAGD,CAAG,uDAAuD,CAEzF,EDGA,IAAME,GAAW,CAACC,EAAKC,IAAQ,CAC3B,GAAID,EAAI,oBAAsB,MAC1B,MAAM,IAAI,UAAU,mEAAmE,EAE3FE,GAAeF,EAAKC,CAAG,CAC3B,EACME,GAASC,GAAU,IAAMC,GAAU,kBAAmB,gGAAgG,EACtJC,GAAkBL,GAAQ,CAC5B,OAAQA,EAAK,CACT,IAAK,WACL,IAAK,eACL,IAAK,eACL,IAAK,eACD,OAAOI,GAAU,uBACrB,IAAK,SACD,OAAOF,GAAO,EAClB,QACI,MACR,CACJ,EACMI,GAAmBN,GAAQ,CAC7B,OAAQA,EAAK,CACT,IAAK,WACD,MAAO,OACX,IAAK,eACD,MAAO,SACX,IAAK,eACD,MAAO,SACX,IAAK,eACD,MAAO,SACX,QACI,MACR,CACJ,EACA,SAASO,GAAgBR,EAAKC,KAAQQ,EAAQ,CAC1C,GAAIC,EAAYV,CAAG,EACf,OAAOA,EAEX,GAAIW,EAAYX,CAAG,EACf,OAAAY,EAAkBZ,EAAKC,EAAK,GAAGQ,CAAM,EAC9BI,GAAU,KAAKb,CAAG,EAE7B,MAAM,IAAI,UAAUc,EAAgBd,EAAK,GAAGe,CAAK,CAAC,CACtD,CACO,IAAMC,GAAU,CAACf,EAAKD,EAAKiB,IAAQ,CACtC,IAAMC,EAAUZ,GAAeL,CAAG,EAC5BkB,EAAWZ,GAAgBN,CAAG,EAC9BmB,EAAYZ,GAAgBR,EAAKC,EAAK,UAAW,SAAS,EAChE,OAAAF,GAASqB,EAAWnB,CAAG,EAChBoB,GAAc,CAAE,IAAKD,EAAW,SAAAD,EAAU,QAAAD,CAAQ,EAAGD,CAAG,CACnE,EACaK,GAAU,CAACrB,EAAKD,EAAKuB,IAAiB,CAC/C,IAAML,EAAUZ,GAAeL,CAAG,EAC5BkB,EAAWZ,GAAgBN,CAAG,EAC9BmB,EAAYZ,GAAgBR,EAAKC,EAAK,YAAa,SAAS,EAClE,OAAAF,GAASqB,EAAWnB,CAAG,EAChBuB,GAAe,CAAE,IAAKJ,EAAW,SAAAD,EAAU,QAAAD,CAAQ,EAAGK,CAAY,CAC7E,EE/DO,SAASE,GAAUC,EAAK,CAC3B,OAAQA,EAAK,CACT,IAAK,UACD,MAAO,KACX,IAAK,UACD,MAAO,KACX,IAAK,UACL,IAAK,gBACD,MAAO,KACX,IAAK,gBACD,MAAO,KACX,IAAK,gBACD,MAAO,KACX,QACI,MAAM,IAAIC,EAAiB,8BAA8BD,CAAG,EAAE,CACtE,CACJ,CACA,IAAOE,EAASF,GAAQG,EAAO,IAAI,WAAWJ,GAAUC,CAAG,GAAK,CAAC,CAAC,ECnBlE,OAAS,oBAAAI,GAAkB,mBAAAC,GAAiB,aAAAC,OAAiB,cAC7D,OAAS,UAAAC,OAAc,cAKvB,IAAMC,GAAgB,CAACC,EAASC,EAAWC,IAAQ,CAC/C,IAAIC,EACJ,GAAIC,EAAYF,CAAG,EAAG,CAClB,GAAI,CAACA,EAAI,YACL,MAAM,IAAI,UAAU,8BAA8B,EAEtDC,EAAYE,GAAU,KAAKH,CAAG,CAClC,SACSI,EAAYJ,CAAG,EACpBC,EAAYD,MAGZ,OAAM,IAAI,UAAUK,EAAgBL,EAAK,GAAGM,CAAK,CAAC,EAEtD,GAAIL,EAAU,OAASH,EACnB,MAAM,IAAI,UAAU,gBAAgBA,CAAO,MAAM,EAErD,OAAOG,EAAU,OAAO,CAAE,OAAQ,MAAO,KAAMF,CAAU,CAAC,CAC9D,EACaQ,GAAUP,GACZH,GAAc,SAAU,OAAQG,CAAG,EAEjCQ,GAAWR,GACbH,GAAc,UAAW,QAASG,CAAG,EAEnCS,GAAaC,GAAQC,GAAiB,CAC/C,IAAKC,GAAO,KAAKF,EAAI,QAAQ,8CAA+C,EAAE,EAAG,QAAQ,EACzF,KAAM,QACN,OAAQ,KACZ,CAAC,EACYG,GAAYH,GAAQI,GAAgB,CAC7C,IAAKF,GAAO,KAAKF,EAAI,QAAQ,6CAA8C,EAAE,EAAG,QAAQ,EACxF,KAAM,OACN,OAAQ,KACZ,CAAC,EACYK,GAAYL,GAAQI,GAAgB,CAC7C,IAAKJ,EACL,KAAM,OACN,OAAQ,KACZ,CAAC,EC7CD,OAAS,oBAAAM,GAAkB,mBAAAC,OAAuB,cAClD,IAAMC,GAASC,IACHA,EAAI,EAAIH,GAAmBC,IAAiB,CAAE,OAAQ,MAAO,IAAKE,CAAI,CAAC,EAE5EC,GAAQF,GCCf,eAAsBG,GAAWC,EAAMC,EAAKC,EAAS,CACjD,GAAI,OAAOF,GAAS,UAAYA,EAAK,QAAQ,4BAA4B,IAAM,EAC3E,MAAM,IAAI,UAAU,sCAAsC,EAE9D,OAAOG,GAASH,EAAMC,EAAKC,CAAO,CACtC,CACA,eAAsBE,GAAWC,EAAMJ,EAAKC,EAAS,CACjD,GAAI,OAAOG,GAAS,UAAYA,EAAK,QAAQ,6BAA6B,IAAM,EAC5E,MAAM,IAAI,UAAU,uCAAuC,EAE/D,OAAOC,GAASD,EAAMJ,EAAKC,CAAO,CACtC,CACA,eAAsBK,GAAYC,EAAOP,EAAKC,EAAS,CACnD,GAAI,OAAOM,GAAU,UAAYA,EAAM,QAAQ,6BAA6B,IAAM,EAC9E,MAAM,IAAI,UAAU,yCAAyC,EAEjE,OAAOC,GAAUD,EAAOP,EAAKC,CAAO,CACxC,CACA,eAAsBQ,EAAUC,EAAKV,EAAK,CACtC,GAAI,CAACW,EAASD,CAAG,EACb,MAAM,IAAI,UAAU,uBAAuB,EAG/C,OADAV,IAAQU,EAAI,IACJA,EAAI,IAAK,CACb,IAAK,MACD,GAAI,OAAOA,EAAI,GAAM,UAAY,CAACA,EAAI,EAClC,MAAM,IAAI,UAAU,yCAAyC,EAEjE,OAAOE,EAAgBF,EAAI,CAAC,EAChC,IAAK,MACD,GAAIA,EAAI,MAAQ,OACZ,MAAM,IAAIG,EAAiB,oEAAoE,EAEvG,IAAK,KACL,IAAK,MACD,OAAOC,GAAY,CAAE,GAAGJ,EAAK,IAAAV,CAAI,CAAC,EACtC,QACI,MAAM,IAAIa,EAAiB,8CAA8C,CACjF,CACJ,CC1CA,IAAME,GAAqB,CAACC,EAAKC,IAAQ,CACrC,GAAI,EAAAA,aAAe,YAEnB,IAAI,CAACC,GAAUD,CAAG,EACd,MAAM,IAAI,UAAUE,GAAgBH,EAAKC,EAAK,GAAGG,EAAO,YAAY,CAAC,EAEzE,GAAIH,EAAI,OAAS,SACb,MAAM,IAAI,UAAU,GAAGG,EAAM,KAAK,MAAM,CAAC,8DAA8D,EAE/G,EACMC,GAAsB,CAACL,EAAKC,EAAKK,IAAU,CAC7C,GAAI,CAACJ,GAAUD,CAAG,EACd,MAAM,IAAI,UAAUE,GAAgBH,EAAKC,EAAK,GAAGG,CAAK,CAAC,EAE3D,GAAIH,EAAI,OAAS,SACb,MAAM,IAAI,UAAU,GAAGG,EAAM,KAAK,MAAM,CAAC,mEAAmE,EAEhH,GAAIE,IAAU,QAAUL,EAAI,OAAS,SACjC,MAAM,IAAI,UAAU,GAAGG,EAAM,KAAK,MAAM,CAAC,uEAAuE,EAEpH,GAAIE,IAAU,WAAaL,EAAI,OAAS,SACpC,MAAM,IAAI,UAAU,GAAGG,EAAM,KAAK,MAAM,CAAC,0EAA0E,EAEvH,GAAIH,EAAI,WAAaK,IAAU,UAAYL,EAAI,OAAS,UACpD,MAAM,IAAI,UAAU,GAAGG,EAAM,KAAK,MAAM,CAAC,wEAAwE,EAErH,GAAIH,EAAI,WAAaK,IAAU,WAAaL,EAAI,OAAS,UACrD,MAAM,IAAI,UAAU,GAAGG,EAAM,KAAK,MAAM,CAAC,yEAAyE,CAE1H,EACMG,GAAe,CAACP,EAAKC,EAAKK,IAAU,CACpBN,EAAI,WAAW,IAAI,GACjCA,IAAQ,OACRA,EAAI,WAAW,OAAO,GACtB,qBAAqB,KAAKA,CAAG,EAE7BD,GAAmBC,EAAKC,CAAG,EAG3BI,GAAoBL,EAAKC,EAAKK,CAAK,CAE3C,EACOE,EAAQD,GC5Cf,OAAS,kBAAAE,GAAgB,aAAAC,OAAiB,cAa1C,SAASC,GAAWC,EAAKC,EAAWC,EAAKC,EAAIC,EAAK,CAC9C,IAAMC,EAAU,SAASL,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,EACxCM,EAAYJ,CAAG,IACfA,EAAMA,EAAI,OAAO,GAErB,IAAMK,EAASL,EAAI,SAASG,GAAW,CAAC,EAClCG,EAASN,EAAI,SAAS,EAAGG,GAAW,CAAC,EACrCI,EAAY,OAAOJ,CAAO,OAChC,GAAI,CAACK,EAAUD,CAAS,EACpB,MAAM,IAAIE,EAAiB,OAAOX,CAAG,8CAA8C,EAEvF,IAAMY,EAASC,GAAeJ,EAAWF,EAAQJ,CAAE,EAC7CW,EAAaC,EAAOH,EAAO,OAAOX,CAAS,EAAGW,EAAO,MAAM,CAAC,EAC5DI,EAAU,SAAShB,EAAI,MAAM,EAAE,EAAG,EAAE,EACpCiB,EAAMC,GAAOd,EAAKD,EAAIW,EAAYE,EAASR,EAAQH,CAAO,EAChE,MAAO,CAAE,WAAAS,EAAY,IAAAG,EAAK,GAAAd,CAAG,CACjC,CACA,SAASgB,GAAWnB,EAAKC,EAAWC,EAAKC,EAAIC,EAAK,CAE9C,IAAMK,EAAY,OADF,SAAST,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,CACZ,OAChC,GAAI,CAACU,EAAUD,CAAS,EACpB,MAAM,IAAIE,EAAiB,OAAOX,CAAG,8CAA8C,EAEvF,IAAMY,EAASC,GAAeJ,EAAWP,EAAKC,EAAI,CAAE,cAAe,EAAG,CAAC,EACnEC,EAAI,YACJQ,EAAO,OAAOR,EAAK,CAAE,gBAAiBH,EAAU,MAAO,CAAC,EAE5D,IAAMa,EAAaF,EAAO,OAAOX,CAAS,EAC1CW,EAAO,MAAM,EACb,IAAMK,EAAML,EAAO,WAAW,EAC9B,MAAO,CAAE,WAAAE,EAAY,IAAAG,EAAK,GAAAd,CAAG,CACjC,CACA,IAAMiB,GAAU,CAACpB,EAAKC,EAAWC,EAAKC,EAAIC,IAAQ,CAC9C,IAAIiB,EACJ,GAAIC,EAAYpB,CAAG,EACfqB,EAAkBrB,EAAKF,EAAK,SAAS,EACrCqB,EAAMG,GAAU,KAAKtB,CAAG,UAEnBA,aAAe,YAAcI,EAAYJ,CAAG,EACjDmB,EAAMnB,MAGN,OAAM,IAAI,UAAUuB,EAAgBvB,EAAK,GAAGwB,EAAO,YAAY,CAAC,EASpE,OAPAC,GAAe3B,EAAKqB,CAAG,EACnBlB,EACAyB,GAAc5B,EAAKG,CAAE,EAGrBA,EAAK0B,GAAW7B,CAAG,EAEfA,EAAK,CACT,IAAK,gBACL,IAAK,gBACL,IAAK,gBACD,OAAOD,GAAWC,EAAKC,EAAWoB,EAAKlB,EAAIC,CAAG,EAClD,IAAK,UACL,IAAK,UACL,IAAK,UACD,OAAOe,GAAWnB,EAAKC,EAAWoB,EAAKlB,EAAIC,CAAG,EAClD,QACI,MAAM,IAAIO,EAAiB,8CAA8C,CACjF,CACJ,EACOmB,GAAQV,GC1Ef,eAAsBW,GAAKC,EAAKC,EAAKC,EAAKC,EAAI,CAC1C,IAAMC,EAAeJ,EAAI,MAAM,EAAG,CAAC,EAC7BK,EAAU,MAAMC,GAAQF,EAAcF,EAAKD,EAAKE,EAAI,IAAI,WAAW,CAAC,CAAC,EAC3E,MAAO,CACH,aAAcE,EAAQ,WACtB,GAAIE,EAAUF,EAAQ,EAAE,EACxB,IAAKE,EAAUF,EAAQ,GAAG,CAC9B,CACJ,CACA,eAAsBG,GAAOR,EAAKC,EAAKQ,EAAcN,EAAIO,EAAK,CAC1D,IAAMN,EAAeJ,EAAI,MAAM,EAAG,CAAC,EACnC,OAAOW,GAAQP,EAAcH,EAAKQ,EAAcN,EAAIO,EAAK,IAAI,WAAW,CAAC,CAAC,CAC9E,CCJA,eAAeE,GAAqBC,EAAKC,EAAKC,EAAcC,EAAYC,EAAS,CAE7E,OADAC,EAAaL,EAAKC,EAAK,SAAS,EACxBD,EAAK,CACT,IAAK,MAAO,CACR,GAAIE,IAAiB,OACjB,MAAM,IAAII,EAAW,0CAA0C,EACnE,OAAOL,CACX,CACA,IAAK,UACD,GAAIC,IAAiB,OACjB,MAAM,IAAII,EAAW,0CAA0C,EACvE,IAAK,iBACL,IAAK,iBACL,IAAK,iBAAkB,CACnB,GAAI,CAACC,EAASJ,EAAW,GAAG,EACxB,MAAM,IAAIG,EAAW,6DAA6D,EACtF,GAAI,CAAME,GAAYP,CAAG,EACrB,MAAM,IAAIQ,EAAiB,uFAAuF,EACtH,IAAMC,EAAM,MAAMC,EAAUR,EAAW,IAAKH,CAAG,EAC3CY,EACAC,EACJ,GAAIV,EAAW,MAAQ,OAAW,CAC9B,GAAI,OAAOA,EAAW,KAAQ,SAC1B,MAAM,IAAIG,EAAW,kDAAkD,EAC3E,GAAI,CACAM,EAAaE,EAAUX,EAAW,GAAG,CACzC,MACM,CACF,MAAM,IAAIG,EAAW,oCAAoC,CAC7D,CACJ,CACA,GAAIH,EAAW,MAAQ,OAAW,CAC9B,GAAI,OAAOA,EAAW,KAAQ,SAC1B,MAAM,IAAIG,EAAW,kDAAkD,EAC3E,GAAI,CACAO,EAAaC,EAAUX,EAAW,GAAG,CACzC,MACM,CACF,MAAM,IAAIG,EAAW,oCAAoC,CAC7D,CACJ,CACA,IAAMS,EAAe,MAAWC,GAAUN,EAAKT,EAAKD,IAAQ,UAAYG,EAAW,IAAMH,EAAKA,IAAQ,UAAYiB,GAAUd,EAAW,GAAG,EAAI,SAASH,EAAI,MAAM,GAAI,EAAE,EAAG,EAAE,EAAGY,EAAYC,CAAU,EACrM,GAAIb,IAAQ,UACR,OAAOe,EACX,GAAIb,IAAiB,OACjB,MAAM,IAAII,EAAW,2BAA2B,EACpD,OAAOY,GAAMlB,EAAI,MAAM,EAAE,EAAGe,EAAcb,CAAY,CAC1D,CACA,IAAK,SACL,IAAK,WACL,IAAK,eACL,IAAK,eACL,IAAK,eAAgB,CACjB,GAAIA,IAAiB,OACjB,MAAM,IAAII,EAAW,2BAA2B,EACpD,OAAOa,GAAMnB,EAAKC,EAAKC,CAAY,CACvC,CACA,IAAK,qBACL,IAAK,qBACL,IAAK,qBAAsB,CACvB,GAAIA,IAAiB,OACjB,MAAM,IAAII,EAAW,2BAA2B,EACpD,GAAI,OAAOH,EAAW,KAAQ,SAC1B,MAAM,IAAIG,EAAW,oDAAoD,EAC7E,IAAMc,EAAWhB,GAAS,eAAiB,IAC3C,GAAID,EAAW,IAAMiB,EACjB,MAAM,IAAId,EAAW,6DAA6D,EACtF,GAAI,OAAOH,EAAW,KAAQ,SAC1B,MAAM,IAAIG,EAAW,mDAAmD,EAC5E,IAAIe,EACJ,GAAI,CACAA,EAAMP,EAAUX,EAAW,GAAG,CAClC,MACM,CACF,MAAM,IAAIG,EAAW,oCAAoC,CAC7D,CACA,OAAOa,GAAQnB,EAAKC,EAAKC,EAAcC,EAAW,IAAKkB,CAAG,CAC9D,CACA,IAAK,SACL,IAAK,SACL,IAAK,SAAU,CACX,GAAInB,IAAiB,OACjB,MAAM,IAAII,EAAW,2BAA2B,EACpD,OAAOY,GAAMlB,EAAKC,EAAKC,CAAY,CACvC,CACA,IAAK,YACL,IAAK,YACL,IAAK,YAAa,CACd,GAAIA,IAAiB,OACjB,MAAM,IAAII,EAAW,2BAA2B,EACpD,GAAI,OAAOH,EAAW,IAAO,SACzB,MAAM,IAAIG,EAAW,6DAA6D,EACtF,GAAI,OAAOH,EAAW,KAAQ,SAC1B,MAAM,IAAIG,EAAW,2DAA2D,EACpF,IAAIgB,EACJ,GAAI,CACAA,EAAKR,EAAUX,EAAW,EAAE,CAChC,MACM,CACF,MAAM,IAAIG,EAAW,mCAAmC,CAC5D,CACA,IAAIiB,EACJ,GAAI,CACAA,EAAMT,EAAUX,EAAW,GAAG,CAClC,MACM,CACF,MAAM,IAAIG,EAAW,oCAAoC,CAC7D,CACA,OAAOY,GAASlB,EAAKC,EAAKC,EAAcoB,EAAIC,CAAG,CACnD,CACA,QACI,MAAM,IAAId,EAAiB,2DAA2D,CAE9F,CACJ,CACA,IAAOe,GAAQzB,GC7Hf,SAAS0B,GAAaC,EAAKC,EAAmBC,EAAkBC,EAAiBC,EAAY,CACzF,GAAIA,EAAW,OAAS,QAAaD,GAAiB,OAAS,OAC3D,MAAM,IAAIH,EAAI,gEAAgE,EAElF,GAAI,CAACG,GAAmBA,EAAgB,OAAS,OAC7C,OAAO,IAAI,IAEf,GAAI,CAAC,MAAM,QAAQA,EAAgB,IAAI,GACnCA,EAAgB,KAAK,SAAW,GAChCA,EAAgB,KAAK,KAAME,GAAU,OAAOA,GAAU,UAAYA,EAAM,SAAW,CAAC,EACpF,MAAM,IAAIL,EAAI,uFAAuF,EAEzG,IAAIM,EACAJ,IAAqB,OACrBI,EAAa,IAAI,IAAI,CAAC,GAAG,OAAO,QAAQJ,CAAgB,EAAG,GAAGD,EAAkB,QAAQ,CAAC,CAAC,EAG1FK,EAAaL,EAEjB,QAAWM,KAAaJ,EAAgB,KAAM,CAC1C,GAAI,CAACG,EAAW,IAAIC,CAAS,EACzB,MAAM,IAAIC,EAAiB,+BAA+BD,CAAS,qBAAqB,EAE5F,GAAIH,EAAWG,CAAS,IAAM,OAC1B,MAAM,IAAIP,EAAI,+BAA+BO,CAAS,cAAc,EAExE,GAAID,EAAW,IAAIC,CAAS,GAAKJ,EAAgBI,CAAS,IAAM,OAC5D,MAAM,IAAIP,EAAI,+BAA+BO,CAAS,+BAA+B,CAE7F,CACA,OAAO,IAAI,IAAIJ,EAAgB,IAAI,CACvC,CACA,IAAOM,EAAQV,GCjCf,IAAMW,GAAqB,CAACC,EAAQC,IAAe,CAC/C,GAAIA,IAAe,SACd,CAAC,MAAM,QAAQA,CAAU,GAAKA,EAAW,KAAMC,GAAM,OAAOA,GAAM,QAAQ,GAC3E,MAAM,IAAI,UAAU,IAAIF,CAAM,sCAAsC,EAExE,GAAKC,EAGL,OAAO,IAAI,IAAIA,CAAU,CAC7B,EACOE,GAAQJ,GCAf,eAAsBK,GAAiBC,EAAKC,EAAKC,EAAS,CACtD,GAAI,CAACC,EAASH,CAAG,EACb,MAAM,IAAII,EAAW,iCAAiC,EAE1D,GAAIJ,EAAI,YAAc,QAAaA,EAAI,SAAW,QAAaA,EAAI,cAAgB,OAC/E,MAAM,IAAII,EAAW,qBAAqB,EAE9C,GAAIJ,EAAI,KAAO,QAAa,OAAOA,EAAI,IAAO,SAC1C,MAAM,IAAII,EAAW,0CAA0C,EAEnE,GAAI,OAAOJ,EAAI,YAAe,SAC1B,MAAM,IAAII,EAAW,0CAA0C,EAEnE,GAAIJ,EAAI,MAAQ,QAAa,OAAOA,EAAI,KAAQ,SAC5C,MAAM,IAAII,EAAW,uCAAuC,EAEhE,GAAIJ,EAAI,YAAc,QAAa,OAAOA,EAAI,WAAc,SACxD,MAAM,IAAII,EAAW,qCAAqC,EAE9D,GAAIJ,EAAI,gBAAkB,QAAa,OAAOA,EAAI,eAAkB,SAChE,MAAM,IAAII,EAAW,kCAAkC,EAE3D,GAAIJ,EAAI,MAAQ,QAAa,OAAOA,EAAI,KAAQ,SAC5C,MAAM,IAAII,EAAW,wBAAwB,EAEjD,GAAIJ,EAAI,SAAW,QAAa,CAACG,EAASH,EAAI,MAAM,EAChD,MAAM,IAAII,EAAW,8CAA8C,EAEvE,GAAIJ,EAAI,cAAgB,QAAa,CAACG,EAASH,EAAI,WAAW,EAC1D,MAAM,IAAII,EAAW,qDAAqD,EAE9E,IAAIC,EACJ,GAAIL,EAAI,UACJ,GAAI,CACA,IAAMM,GAAkBC,EAAUP,EAAI,SAAS,EAC/CK,EAAa,KAAK,MAAMG,EAAQ,OAAOF,EAAe,CAAC,CAC3D,MACM,CACF,MAAM,IAAIF,EAAW,iCAAiC,CAC1D,CAEJ,GAAI,CAACK,EAAWJ,EAAYL,EAAI,OAAQA,EAAI,WAAW,EACnD,MAAM,IAAII,EAAW,kHAAkH,EAE3I,IAAMM,EAAa,CACf,GAAGL,EACH,GAAGL,EAAI,OACP,GAAGA,EAAI,WACX,EAEA,GADAW,EAAaP,EAAY,IAAI,IAAOF,GAAS,KAAMG,EAAYK,CAAU,EACrEA,EAAW,MAAQ,OACnB,MAAM,IAAIE,EAAiB,sEAAsE,EAErG,GAAM,CAAE,IAAAC,EAAK,IAAAC,CAAI,EAAIJ,EACrB,GAAI,OAAOG,GAAQ,UAAY,CAACA,EAC5B,MAAM,IAAIT,EAAW,2CAA2C,EAEpE,GAAI,OAAOU,GAAQ,UAAY,CAACA,EAC5B,MAAM,IAAIV,EAAW,sDAAsD,EAE/E,IAAMW,EAA0Bb,GAAWc,GAAmB,0BAA2Bd,EAAQ,uBAAuB,EAClHe,EAA8Bf,GAChCc,GAAmB,8BAA+Bd,EAAQ,2BAA2B,EACzF,GAAKa,GAA2B,CAACA,EAAwB,IAAIF,CAAG,GAC3D,CAACE,GAA2BF,EAAI,WAAW,OAAO,EACnD,MAAM,IAAIK,EAAkB,sDAAsD,EAEtF,GAAID,GAA+B,CAACA,EAA4B,IAAIH,CAAG,EACnE,MAAM,IAAII,EAAkB,iEAAiE,EAEjG,IAAIC,EACJ,GAAInB,EAAI,gBAAkB,OACtB,GAAI,CACAmB,EAAeZ,EAAUP,EAAI,aAAa,CAC9C,MACM,CACF,MAAM,IAAII,EAAW,8CAA8C,CACvE,CAEJ,IAAIgB,EAAc,GACd,OAAOnB,GAAQ,aACfA,EAAM,MAAMA,EAAII,EAAYL,CAAG,EAC/BoB,EAAc,IAElB,IAAIC,EACJ,GAAI,CACAA,EAAM,MAAMC,GAAqBT,EAAKZ,EAAKkB,EAAcT,EAAYR,CAAO,CAChF,OACOqB,GAAK,CACR,GAAIA,cAAe,WAAaA,cAAenB,GAAcmB,cAAeX,EACxE,MAAMW,GAEVF,EAAMG,EAAYV,CAAG,CACzB,CACA,IAAIW,EACAC,EACJ,GAAI1B,EAAI,KAAO,OACX,GAAI,CACAyB,EAAKlB,EAAUP,EAAI,EAAE,CACzB,MACM,CACF,MAAM,IAAII,EAAW,mCAAmC,CAC5D,CAEJ,GAAIJ,EAAI,MAAQ,OACZ,GAAI,CACA0B,EAAMnB,EAAUP,EAAI,GAAG,CAC3B,MACM,CACF,MAAM,IAAII,EAAW,oCAAoC,CAC7D,CAEJ,IAAME,EAAkBqB,EAAQ,OAAO3B,EAAI,WAAa,EAAE,EACtD4B,EACA5B,EAAI,MAAQ,OACZ4B,EAAiBC,EAAOvB,EAAiBqB,EAAQ,OAAO,GAAG,EAAGA,EAAQ,OAAO3B,EAAI,GAAG,CAAC,EAGrF4B,EAAiBtB,EAErB,IAAIwB,GACJ,GAAI,CACAA,GAAavB,EAAUP,EAAI,UAAU,CACzC,MACM,CACF,MAAM,IAAII,EAAW,2CAA2C,CACpE,CAEA,IAAM2B,GAAS,CAAE,UADC,MAAMC,GAAQlB,EAAKO,EAAKS,GAAYL,EAAIC,EAAKE,CAAc,CAClD,EAI3B,GAHI5B,EAAI,YAAc,SAClB+B,GAAO,gBAAkB1B,GAEzBL,EAAI,MAAQ,OACZ,GAAI,CACA+B,GAAO,4BAA8BxB,EAAUP,EAAI,GAAG,CAC1D,MACM,CACF,MAAM,IAAII,EAAW,oCAAoC,CAC7D,CAQJ,OANIJ,EAAI,cAAgB,SACpB+B,GAAO,wBAA0B/B,EAAI,aAErCA,EAAI,SAAW,SACf+B,GAAO,kBAAoB/B,EAAI,QAE/BoB,EACO,CAAE,GAAGW,GAAQ,IAAA9B,CAAI,EAErB8B,EACX,CC7JA,eAAsBE,GAAeC,EAAKC,EAAKC,EAAS,CAIpD,GAHIF,aAAe,aACfA,EAAMG,EAAQ,OAAOH,CAAG,GAExB,OAAOA,GAAQ,SACf,MAAM,IAAII,EAAW,4CAA4C,EAErE,GAAM,CAAE,EAAGC,EAAiB,EAAGC,EAAc,EAAGC,EAAI,EAAGC,EAAY,EAAGC,EAAK,OAAAC,CAAQ,EAAIV,EAAI,MAAM,GAAG,EACpG,GAAIU,IAAW,EACX,MAAM,IAAIN,EAAW,qBAAqB,EAE9C,IAAMO,EAAY,MAAMC,GAAiB,CACrC,WAAAJ,EACA,GAAID,GAAM,OACV,UAAWF,EACX,IAAKI,GAAO,OACZ,cAAeH,GAAgB,MACnC,EAAGL,EAAKC,CAAO,EACTW,EAAS,CAAE,UAAWF,EAAU,UAAW,gBAAiBA,EAAU,eAAgB,EAC5F,OAAI,OAAOV,GAAQ,WACR,CAAE,GAAGY,EAAQ,IAAKF,EAAU,GAAI,EAEpCE,CACX,CCvBA,eAAsBC,GAAeC,EAAKC,EAAKC,EAAS,CACpD,GAAI,CAACC,EAASH,CAAG,EACb,MAAM,IAAII,EAAW,+BAA+B,EAExD,GAAI,CAAC,MAAM,QAAQJ,EAAI,UAAU,GAAK,CAACA,EAAI,WAAW,MAAMG,CAAQ,EAChE,MAAM,IAAIC,EAAW,0CAA0C,EAEnE,GAAI,CAACJ,EAAI,WAAW,OAChB,MAAM,IAAII,EAAW,+BAA+B,EAExD,QAAWC,KAAaL,EAAI,WACxB,GAAI,CACA,OAAO,MAAMM,GAAiB,CAC1B,IAAKN,EAAI,IACT,WAAYA,EAAI,WAChB,cAAeK,EAAU,cACzB,OAAQA,EAAU,OAClB,GAAIL,EAAI,GACR,UAAWA,EAAI,UACf,IAAKA,EAAI,IACT,YAAaA,EAAI,WACrB,EAAGC,EAAKC,CAAO,CACnB,MACM,CACN,CAEJ,MAAM,IAAIK,CACd,CC9BA,OAAS,aAAAC,OAAiB,cAO1B,IAAMC,GAAYC,GAAQ,CACtB,IAAIC,EACJ,GAAIC,EAAYF,CAAG,EAAG,CAClB,GAAI,CAACA,EAAI,YACL,MAAM,IAAI,UAAU,8BAA8B,EAEtDC,EAAYE,GAAU,KAAKH,CAAG,CAClC,SACSI,EAAYJ,CAAG,EACpBC,EAAYD,MAEX,IAAIA,aAAe,WACpB,MAAO,CACH,IAAK,MACL,EAAGK,EAAUL,CAAG,CACpB,EAGA,MAAM,IAAI,UAAUM,EAAgBN,EAAK,GAAGO,EAAO,YAAY,CAAC,EAEpE,GAAIN,EAAU,OAAS,UACnB,CAAC,CAAC,MAAO,KAAM,UAAW,SAAU,QAAS,MAAM,EAAE,SAASA,EAAU,iBAAiB,EACzF,MAAM,IAAIO,EAAiB,mCAAmC,EAElE,OAAOP,EAAU,OAAO,CAAE,OAAQ,KAAM,CAAC,CAC7C,EACOQ,GAAQV,GC9Bf,eAAsBW,GAAWC,EAAK,CAClC,OAAOC,GAAaD,CAAG,CAC3B,CACA,eAAsBE,GAAYF,EAAK,CACnC,OAAOG,GAAcH,CAAG,CAC5B,CACA,eAAsBI,GAAUJ,EAAK,CACjC,OAAOK,GAASL,CAAG,CACvB,CCDA,eAAeM,GAAqBC,EAAKC,EAAKC,EAAKC,EAAaC,EAAqB,CAAC,EAAG,CACrF,IAAIC,EACAC,EACAC,EAEJ,OADAC,EAAaR,EAAKE,EAAK,SAAS,EACxBF,EAAK,CACT,IAAK,MAAO,CACRO,EAAML,EACN,KACJ,CACA,IAAK,UACL,IAAK,iBACL,IAAK,iBACL,IAAK,iBAAkB,CACnB,GAAI,CAAMO,GAAYP,CAAG,EACrB,MAAM,IAAIQ,EAAiB,uFAAuF,EAEtH,GAAM,CAAE,IAAAC,EAAK,IAAAC,CAAI,EAAIR,EACjB,CAAE,IAAKS,CAAa,EAAIT,EAC5BS,KAAkB,MAAWC,GAAYZ,CAAG,GAAG,WAC/C,GAAM,CAAE,EAAAa,EAAG,EAAAC,EAAG,IAAAC,EAAK,IAAAC,CAAI,EAAI,MAAMC,GAAUN,CAAY,EACjDO,EAAe,MAAWC,GAAUnB,EAAKW,EAAcb,IAAQ,UAAYC,EAAMD,EAAKA,IAAQ,UAAYsB,GAAUrB,CAAG,EAAI,SAASD,EAAI,MAAM,GAAI,EAAE,EAAG,EAAE,EAAGW,EAAKC,CAAG,EAQ1K,GAPAN,EAAa,CAAE,IAAK,CAAE,EAAAS,EAAG,IAAAE,EAAK,IAAAC,CAAI,CAAE,EAChCA,IAAQ,OACRZ,EAAW,IAAI,EAAIU,GACnBL,IACAL,EAAW,IAAMiB,EAAUZ,CAAG,GAC9BC,IACAN,EAAW,IAAMiB,EAAUX,CAAG,GAC9BZ,IAAQ,UAAW,CACnBO,EAAMa,EACN,KACJ,CACAb,EAAMJ,GAAeqB,EAAYvB,CAAG,EACpC,IAAMwB,GAAQzB,EAAI,MAAM,EAAE,EAC1BK,EAAe,MAAMqB,GAAMD,GAAOL,EAAcb,CAAG,EACnD,KACJ,CACA,IAAK,SACL,IAAK,WACL,IAAK,eACL,IAAK,eACL,IAAK,eAAgB,CACjBA,EAAMJ,GAAeqB,EAAYvB,CAAG,EACpCI,EAAe,MAAMsB,GAAM3B,EAAKE,EAAKK,CAAG,EACxC,KACJ,CACA,IAAK,qBACL,IAAK,qBACL,IAAK,qBAAsB,CACvBA,EAAMJ,GAAeqB,EAAYvB,CAAG,EACpC,GAAM,CAAE,IAAA2B,EAAK,IAAAC,CAAI,EAAIzB,GACpB,CAAE,aAAAC,EAAc,GAAGC,CAAW,EAAI,MAAMqB,GAAQ3B,EAAKE,EAAKK,EAAKqB,EAAKC,CAAG,GACxE,KACJ,CACA,IAAK,SACL,IAAK,SACL,IAAK,SAAU,CACXtB,EAAMJ,GAAeqB,EAAYvB,CAAG,EACpCI,EAAe,MAAMqB,GAAM1B,EAAKE,EAAKK,CAAG,EACxC,KACJ,CACA,IAAK,YACL,IAAK,YACL,IAAK,YAAa,CACdA,EAAMJ,GAAeqB,EAAYvB,CAAG,EACpC,GAAM,CAAE,GAAA6B,CAAG,EAAI1B,GACd,CAAE,aAAAC,EAAc,GAAGC,CAAW,EAAI,MAAMoB,GAAS1B,EAAKE,EAAKK,EAAKuB,CAAE,GACnE,KACJ,CACA,QACI,MAAM,IAAIpB,EAAiB,2DAA2D,CAE9F,CACA,MAAO,CAAE,IAAAH,EAAK,aAAAF,EAAc,WAAAC,CAAW,CAC3C,CACA,IAAOyB,GAAQhC,GC/ER,IAAMiC,GAAc,OAAO,EACrBC,EAAN,KAAuB,CAC1B,WACA,iBACA,yBACA,mBACA,KACA,KACA,IACA,yBACA,YAAYC,EAAW,CACnB,GAAI,EAAEA,aAAqB,YACvB,MAAM,IAAI,UAAU,6CAA6C,EAErE,KAAK,WAAaA,CACtB,CACA,2BAA2BC,EAAY,CACnC,GAAI,KAAK,yBACL,MAAM,IAAI,UAAU,oDAAoD,EAE5E,YAAK,yBAA2BA,EACzB,IACX,CACA,mBAAmBC,EAAiB,CAChC,GAAI,KAAK,iBACL,MAAM,IAAI,UAAU,4CAA4C,EAEpE,YAAK,iBAAmBA,EACjB,IACX,CACA,2BAA2BC,EAAyB,CAChD,GAAI,KAAK,yBACL,MAAM,IAAI,UAAU,oDAAoD,EAE5E,YAAK,yBAA2BA,EACzB,IACX,CACA,qBAAqBC,EAAmB,CACpC,GAAI,KAAK,mBACL,MAAM,IAAI,UAAU,8CAA8C,EAEtE,YAAK,mBAAqBA,EACnB,IACX,CACA,+BAA+BC,EAAK,CAChC,YAAK,KAAOA,EACL,IACX,CACA,wBAAwBC,EAAK,CACzB,GAAI,KAAK,KACL,MAAM,IAAI,UAAU,iDAAiD,EAEzE,YAAK,KAAOA,EACL,IACX,CACA,wBAAwBC,EAAI,CACxB,GAAI,KAAK,IACL,MAAM,IAAI,UAAU,iDAAiD,EAEzE,YAAK,IAAMA,EACJ,IACX,CACA,MAAM,QAAQC,EAAKC,EAAS,CACxB,GAAI,CAAC,KAAK,kBAAoB,CAAC,KAAK,oBAAsB,CAAC,KAAK,yBAC5D,MAAM,IAAIC,EAAW,8GAA8G,EAEvI,GAAI,CAACC,EAAW,KAAK,iBAAkB,KAAK,mBAAoB,KAAK,wBAAwB,EACzF,MAAM,IAAID,EAAW,qGAAqG,EAE9H,IAAME,EAAa,CACf,GAAG,KAAK,iBACR,GAAG,KAAK,mBACR,GAAG,KAAK,wBACZ,EAEA,GADAC,EAAaH,EAAY,IAAI,IAAOD,GAAS,KAAM,KAAK,iBAAkBG,CAAU,EAChFA,EAAW,MAAQ,OACnB,MAAM,IAAIE,EAAiB,sEAAsE,EAErG,GAAM,CAAE,IAAAC,EAAK,IAAAC,CAAI,EAAIJ,EACrB,GAAI,OAAOG,GAAQ,UAAY,CAACA,EAC5B,MAAM,IAAIL,EAAW,2DAA2D,EAEpF,GAAI,OAAOM,GAAQ,UAAY,CAACA,EAC5B,MAAM,IAAIN,EAAW,sEAAsE,EAE/F,IAAIO,EACJ,GAAI,KAAK,OAASF,IAAQ,OAASA,IAAQ,WACvC,MAAM,IAAI,UAAU,8EAA8EA,CAAG,EAAE,EAE3G,IAAIT,EACJ,CACI,IAAIL,GACH,CAAE,IAAAK,EAAK,aAAAW,EAAc,WAAAhB,CAAW,EAAI,MAAMiB,GAAqBH,EAAKC,EAAKR,EAAK,KAAK,KAAM,KAAK,wBAAwB,GACnHP,IACIQ,GAAWX,MAAeW,EACrB,KAAK,mBAIN,KAAK,mBAAqB,CAAE,GAAG,KAAK,mBAAoB,GAAGR,CAAW,EAHtE,KAAK,qBAAqBA,CAAU,EAOnC,KAAK,iBAIN,KAAK,iBAAmB,CAAE,GAAG,KAAK,iBAAkB,GAAGA,CAAW,EAHlE,KAAK,mBAAmBA,CAAU,EAOlD,CACA,IAAIkB,EACAjB,EACAkB,EACA,KAAK,iBACLlB,EAAkBmB,EAAQ,OAAOC,EAAU,KAAK,UAAU,KAAK,gBAAgB,CAAC,CAAC,EAGjFpB,EAAkBmB,EAAQ,OAAO,EAAE,EAEnC,KAAK,MACLD,EAAYE,EAAU,KAAK,IAAI,EAC/BH,EAAiBI,EAAOrB,EAAiBmB,EAAQ,OAAO,GAAG,EAAGA,EAAQ,OAAOD,CAAS,CAAC,GAGvFD,EAAiBjB,EAErB,GAAM,CAAE,WAAAsB,EAAY,IAAAC,EAAK,GAAAlB,CAAG,EAAI,MAAMmB,GAAQV,EAAK,KAAK,WAAYV,EAAK,KAAK,IAAKa,CAAc,EAC3FQ,EAAM,CACR,WAAYL,EAAUE,CAAU,CACpC,EACA,OAAIjB,IACAoB,EAAI,GAAKL,EAAUf,CAAE,GAErBkB,IACAE,EAAI,IAAML,EAAUG,CAAG,GAEvBR,IACAU,EAAI,cAAgBL,EAAUL,CAAY,GAE1CG,IACAO,EAAI,IAAMP,GAEV,KAAK,mBACLO,EAAI,UAAYC,EAAQ,OAAO1B,CAAe,GAE9C,KAAK,2BACLyB,EAAI,YAAc,KAAK,0BAEvB,KAAK,qBACLA,EAAI,OAAS,KAAK,oBAEfA,CACX,CACJ,EC3JA,IAAME,GAAN,KAA0B,CACtB,OACA,kBACA,IACA,QACA,YAAYC,EAAKC,EAAKC,EAAS,CAC3B,KAAK,OAASF,EACd,KAAK,IAAMC,EACX,KAAK,QAAUC,CACnB,CACA,qBAAqBC,EAAmB,CACpC,GAAI,KAAK,kBACL,MAAM,IAAI,UAAU,8CAA8C,EAEtE,YAAK,kBAAoBA,EAClB,IACX,CACA,gBAAgBC,EAAM,CAClB,OAAO,KAAK,OAAO,aAAa,GAAGA,CAAI,CAC3C,CACA,WAAWA,EAAM,CACb,OAAO,KAAK,OAAO,QAAQ,GAAGA,CAAI,CACtC,CACA,MAAO,CACH,OAAO,KAAK,MAChB,CACJ,EACaC,GAAN,KAAqB,CACxB,WACA,YAAc,CAAC,EACf,iBACA,mBACA,KACA,YAAYC,EAAW,CACnB,KAAK,WAAaA,CACtB,CACA,aAAaL,EAAKC,EAAS,CACvB,IAAMK,EAAY,IAAIR,GAAoB,KAAME,EAAK,CAAE,KAAMC,GAAS,IAAK,CAAC,EAC5E,YAAK,YAAY,KAAKK,CAAS,EACxBA,CACX,CACA,mBAAmBC,EAAiB,CAChC,GAAI,KAAK,iBACL,MAAM,IAAI,UAAU,4CAA4C,EAEpE,YAAK,iBAAmBA,EACjB,IACX,CACA,2BAA2BC,EAAyB,CAChD,GAAI,KAAK,mBACL,MAAM,IAAI,UAAU,oDAAoD,EAE5E,YAAK,mBAAqBA,EACnB,IACX,CACA,+BAA+BC,EAAK,CAChC,YAAK,KAAOA,EACL,IACX,CACA,MAAM,SAAU,CACZ,GAAI,CAAC,KAAK,YAAY,OAClB,MAAM,IAAIC,EAAW,sCAAsC,EAE/D,GAAI,KAAK,YAAY,SAAW,EAAG,CAC/B,GAAM,CAACJ,CAAS,EAAI,KAAK,YACnBK,EAAY,MAAM,IAAIC,EAAiB,KAAK,UAAU,EACvD,+BAA+B,KAAK,IAAI,EACxC,mBAAmB,KAAK,gBAAgB,EACxC,2BAA2B,KAAK,kBAAkB,EAClD,qBAAqBN,EAAU,iBAAiB,EAChD,QAAQA,EAAU,IAAK,CAAE,GAAGA,EAAU,OAAQ,CAAC,EAC9CO,EAAM,CACR,WAAYF,EAAU,WACtB,GAAIA,EAAU,GACd,WAAY,CAAC,CAAC,CAAC,EACf,IAAKA,EAAU,GACnB,EACA,OAAIA,EAAU,MACVE,EAAI,IAAMF,EAAU,KACpBA,EAAU,YACVE,EAAI,UAAYF,EAAU,WAC1BA,EAAU,cACVE,EAAI,YAAcF,EAAU,aAC5BA,EAAU,gBACVE,EAAI,WAAW,CAAC,EAAE,cAAgBF,EAAU,eAC5CA,EAAU,SACVE,EAAI,WAAW,CAAC,EAAE,OAASF,EAAU,QAClCE,CACX,CACA,IAAId,EACJ,QAASe,EAAI,EAAGA,EAAI,KAAK,YAAY,OAAQA,IAAK,CAC9C,IAAMR,EAAY,KAAK,YAAYQ,CAAC,EACpC,GAAI,CAACC,EAAW,KAAK,iBAAkB,KAAK,mBAAoBT,EAAU,iBAAiB,EACvF,MAAM,IAAII,EAAW,qGAAqG,EAE9H,IAAMM,EAAa,CACf,GAAG,KAAK,iBACR,GAAG,KAAK,mBACR,GAAGV,EAAU,iBACjB,EACM,CAAE,IAAAW,CAAI,EAAID,EAChB,GAAI,OAAOC,GAAQ,UAAY,CAACA,EAC5B,MAAM,IAAIP,EAAW,2DAA2D,EAEpF,GAAIO,IAAQ,OAASA,IAAQ,UACzB,MAAM,IAAIP,EAAW,kEAAkE,EAE3F,GAAI,OAAOM,EAAW,KAAQ,UAAY,CAACA,EAAW,IAClD,MAAM,IAAIN,EAAW,sEAAsE,EAE/F,GAAI,CAACX,EACDA,EAAMiB,EAAW,YAEZjB,IAAQiB,EAAW,IACxB,MAAM,IAAIN,EAAW,uFAAuF,EAGhH,GADAQ,EAAaR,EAAY,IAAI,IAAOJ,EAAU,QAAQ,KAAM,KAAK,iBAAkBU,CAAU,EACzFA,EAAW,MAAQ,OACnB,MAAM,IAAIG,EAAiB,sEAAsE,CAEzG,CACA,IAAMC,EAAMC,EAAYtB,CAAG,EACrBc,EAAM,CACR,WAAY,GACZ,GAAI,GACJ,WAAY,CAAC,EACb,IAAK,EACT,EACA,QAASC,EAAI,EAAGA,EAAI,KAAK,YAAY,OAAQA,IAAK,CAC9C,IAAMR,EAAY,KAAK,YAAYQ,CAAC,EAC9BQ,EAAS,CAAC,EAChBT,EAAI,WAAW,KAAKS,CAAM,EAM1B,IAAMC,EALa,CACf,GAAG,KAAK,iBACR,GAAG,KAAK,mBACR,GAAGjB,EAAU,iBACjB,EACuB,IAAI,WAAW,OAAO,EAAI,KAAOQ,EAAI,OAC5D,GAAIA,IAAM,EAAG,CACT,IAAMH,EAAY,MAAM,IAAIC,EAAiB,KAAK,UAAU,EACvD,+BAA+B,KAAK,IAAI,EACxC,wBAAwBQ,CAAG,EAC3B,mBAAmB,KAAK,gBAAgB,EACxC,2BAA2B,KAAK,kBAAkB,EAClD,qBAAqBd,EAAU,iBAAiB,EAChD,2BAA2B,CAAE,IAAAiB,CAAI,CAAC,EAClC,QAAQjB,EAAU,IAAK,CACxB,GAAGA,EAAU,QACb,CAACkB,EAAW,EAAG,EACnB,CAAC,EACDX,EAAI,WAAaF,EAAU,WAC3BE,EAAI,GAAKF,EAAU,GACnBE,EAAI,IAAMF,EAAU,IAChBA,EAAU,MACVE,EAAI,IAAMF,EAAU,KACpBA,EAAU,YACVE,EAAI,UAAYF,EAAU,WAC1BA,EAAU,cACVE,EAAI,YAAcF,EAAU,aAChCW,EAAO,cAAgBX,EAAU,cAC7BA,EAAU,SACVW,EAAO,OAASX,EAAU,QAC9B,QACJ,CACA,GAAM,CAAE,aAAAc,EAAc,WAAAC,CAAW,EAAI,MAAMC,GAAqBrB,EAAU,mBAAmB,KACzF,KAAK,kBAAkB,KACvB,KAAK,oBAAoB,IAAKP,EAAKO,EAAU,IAAKc,EAAK,CAAE,IAAAG,CAAI,CAAC,EAClED,EAAO,cAAgBM,EAAUH,CAAY,GACzCnB,EAAU,mBAAqBoB,KAC/BJ,EAAO,OAAS,CAAE,GAAGhB,EAAU,kBAAmB,GAAGoB,CAAW,EACxE,CACA,OAAOb,CACX,CACJ,ECpLA,UAAYgB,OAAY,cACxB,OAAS,aAAAC,OAAiB,YCAX,SAARC,GAA2BC,EAAK,CACnC,OAAQA,EAAK,CACT,IAAK,QACL,IAAK,QACL,IAAK,QACL,IAAK,SACD,MAAO,SACX,IAAK,QACL,IAAK,QACL,IAAK,QACD,MAAO,SACX,IAAK,QACL,IAAK,QACL,IAAK,QACD,MAAO,SACX,IAAK,QACD,OACJ,QACI,MAAM,IAAIC,EAAiB,OAAOD,CAAG,6DAA6D,CAC1G,CACJ,CCrBA,OAAS,aAAAE,OAAiB,cAI1B,IAAMC,GAAM,CACR,QAASC,GAAU,sBACnB,WAAYA,GAAU,sBAC1B,EACMC,GAAgB,IAAI,IAAI,CAC1B,CAAC,QAAS,OAAO,EACjB,CAAC,SAAU,WAAW,EACtB,CAAC,QAAS,OAAO,EACjB,CAAC,QAAS,OAAO,CACrB,CAAC,EACc,SAARC,GAA8BC,EAAKC,EAAK,CAC3C,OAAQD,EAAK,CACT,IAAK,QACD,GAAI,CAAC,CAAC,UAAW,OAAO,EAAE,SAASC,EAAI,iBAAiB,EACpD,MAAM,IAAI,UAAU,gFAAgF,EAExG,OAAOA,EACX,IAAK,QACL,IAAK,QACL,IAAK,QACD,GAAIA,EAAI,oBAAsB,MAC1B,MAAM,IAAI,UAAU,mEAAmE,EAE3F,OAAAC,GAAeD,EAAKD,CAAG,EAChBC,EACX,IAAK,QACL,IAAK,QACL,IAAK,QACD,GAAIA,EAAI,oBAAsB,UAAW,CACrC,GAAM,CAAE,cAAAE,EAAe,kBAAAC,EAAmB,WAAAC,CAAW,EAAIJ,EAAI,qBACvDK,EAAS,SAASN,EAAI,MAAM,EAAE,EAAG,EAAE,EACzC,GAAIG,IAAkB,SACjBA,IAAkB,MAAMG,CAAM,IAAMF,IAAsBD,GAC3D,MAAM,IAAI,UAAU,gGAAgGH,CAAG,EAAE,EAE7H,GAAIK,IAAe,QAAaA,EAAaC,GAAU,EACnD,MAAM,IAAI,UAAU,4GAA4GN,CAAG,EAAE,CAE7I,SACSC,EAAI,oBAAsB,MAC/B,MAAM,IAAI,UAAU,8EAA8E,EAEtG,OAAAC,GAAeD,EAAKD,CAAG,EAChB,CAAE,IAAAC,EAAK,GAAGL,EAAI,EACzB,IAAK,QACL,IAAK,SACL,IAAK,QACL,IAAK,QAAS,CACV,GAAIK,EAAI,oBAAsB,KAC1B,MAAM,IAAI,UAAU,kEAAkE,EAE1F,IAAMM,EAASC,GAAcP,CAAG,EAC1BQ,EAAWX,GAAc,IAAIE,CAAG,EACtC,GAAIO,IAAWE,EACX,MAAM,IAAI,UAAU,0DAA0DA,CAAQ,SAASF,CAAM,EAAE,EAE3G,MAAO,CAAE,YAAa,aAAc,IAAAN,CAAI,CAC5C,CACA,QACI,MAAM,IAAIS,EAAiB,OAAOV,CAAG,6DAA6D,CAC1G,CACJ,CCjEA,UAAYW,OAAY,cACxB,OAAS,aAAAC,OAAiB,YCAX,SAARC,GAA4BC,EAAK,CACpC,OAAQA,EAAK,CACT,IAAK,QACD,MAAO,SACX,IAAK,QACD,MAAO,SACX,IAAK,QACD,MAAO,SACX,QACI,MAAM,IAAIC,EAAiB,OAAOD,CAAG,6DAA6D,CAC1G,CACJ,CCZA,OAAS,aAAAE,GAAW,mBAAAC,OAAuB,cAK5B,SAARC,GAAkCC,EAAKC,EAAKC,EAAO,CACtD,GAAID,aAAe,WAAY,CAC3B,GAAI,CAACD,EAAI,WAAW,IAAI,EACpB,MAAM,IAAI,UAAUG,EAAgBF,EAAK,GAAGG,CAAK,CAAC,EAEtD,OAAOC,GAAgBJ,CAAG,CAC9B,CACA,GAAIA,aAAeK,GACf,OAAOL,EAEX,GAAIM,EAAYN,CAAG,EACf,OAAAO,GAAkBP,EAAKD,EAAKE,CAAK,EAC1BI,GAAU,KAAKL,CAAG,EAE7B,MAAM,IAAI,UAAUE,EAAgBF,EAAK,GAAGG,EAAO,YAAY,CAAC,CACpE,CFdA,IAAMK,GAAcC,GAAiB,OAAI,EACnCC,GAAO,MAAOC,EAAKC,EAAKC,IAAS,CACnC,IAAMC,EAAYC,GAAWJ,EAAKC,EAAK,MAAM,EAC7C,GAAID,EAAI,WAAW,IAAI,EAAG,CACtB,IAAMK,EAAc,cAAWC,GAAWN,CAAG,EAAGG,CAAS,EACzD,OAAAE,EAAK,OAAOH,CAAI,EACTG,EAAK,OAAO,CACvB,CACA,OAAOR,GAAYU,GAAWP,CAAG,EAAGE,EAAMM,GAAQR,EAAKG,CAAS,CAAC,CACrE,EACOM,GAAQV,GHVf,IAAMW,GAAgBC,GAAiB,SAAM,EACvCC,GAAS,MAAOC,EAAKC,EAAKC,EAAWC,IAAS,CAChD,IAAMC,EAAYC,GAAaL,EAAKC,EAAK,QAAQ,EACjD,GAAID,EAAI,WAAW,IAAI,EAAG,CACtB,IAAMM,EAAW,MAAMC,GAAKP,EAAKI,EAAWD,CAAI,EAC1CK,EAASN,EACf,GAAI,CACA,OAAc,mBAAgBM,EAAQF,CAAQ,CAClD,MACM,CACF,MAAO,EACX,CACJ,CACA,IAAMG,EAAYC,GAAWV,CAAG,EAC1BW,EAAWC,GAAQZ,EAAKI,CAAS,EACvC,GAAI,CACA,OAAO,MAAMP,GAAcY,EAAWN,EAAMQ,EAAUT,CAAS,CACnE,MACM,CACF,MAAO,EACX,CACJ,EACOW,GAAQd,GMnBf,eAAsBe,GAAgBC,EAAKC,EAAKC,EAAS,CACrD,GAAI,CAACC,EAASH,CAAG,EACb,MAAM,IAAII,EAAW,iCAAiC,EAE1D,GAAIJ,EAAI,YAAc,QAAaA,EAAI,SAAW,OAC9C,MAAM,IAAII,EAAW,uEAAuE,EAEhG,GAAIJ,EAAI,YAAc,QAAa,OAAOA,EAAI,WAAc,SACxD,MAAM,IAAII,EAAW,qCAAqC,EAE9D,GAAIJ,EAAI,UAAY,OAChB,MAAM,IAAII,EAAW,qBAAqB,EAE9C,GAAI,OAAOJ,EAAI,WAAc,SACzB,MAAM,IAAII,EAAW,yCAAyC,EAElE,GAAIJ,EAAI,SAAW,QAAa,CAACG,EAASH,EAAI,MAAM,EAChD,MAAM,IAAII,EAAW,uCAAuC,EAEhE,IAAIC,EAAa,CAAC,EAClB,GAAIL,EAAI,UACJ,GAAI,CACA,IAAMM,EAAkBC,EAAUP,EAAI,SAAS,EAC/CK,EAAa,KAAK,MAAMG,EAAQ,OAAOF,CAAe,CAAC,CAC3D,MACM,CACF,MAAM,IAAIF,EAAW,iCAAiC,CAC1D,CAEJ,GAAI,CAACK,EAAWJ,EAAYL,EAAI,MAAM,EAClC,MAAM,IAAII,EAAW,2EAA2E,EAEpG,IAAMM,EAAa,CACf,GAAGL,EACH,GAAGL,EAAI,MACX,EACMW,EAAaC,EAAaR,EAAY,IAAI,IAAI,CAAC,CAAC,MAAO,EAAI,CAAC,CAAC,EAAGF,GAAS,KAAMG,EAAYK,CAAU,EACvGG,EAAM,GACV,GAAIF,EAAW,IAAI,KAAK,IACpBE,EAAMR,EAAW,IACb,OAAOQ,GAAQ,WACf,MAAM,IAAIT,EAAW,yEAAyE,EAGtG,GAAM,CAAE,IAAAU,CAAI,EAAIJ,EAChB,GAAI,OAAOI,GAAQ,UAAY,CAACA,EAC5B,MAAM,IAAIV,EAAW,2DAA2D,EAEpF,IAAMW,EAAab,GAAWc,GAAmB,aAAcd,EAAQ,UAAU,EACjF,GAAIa,GAAc,CAACA,EAAW,IAAID,CAAG,EACjC,MAAM,IAAIG,EAAkB,sDAAsD,EAEtF,GAAIJ,GACA,GAAI,OAAOb,EAAI,SAAY,SACvB,MAAM,IAAII,EAAW,8BAA8B,UAGlD,OAAOJ,EAAI,SAAY,UAAY,EAAEA,EAAI,mBAAmB,YACjE,MAAM,IAAII,EAAW,wDAAwD,EAEjF,IAAIc,EAAc,GACd,OAAOjB,GAAQ,aACfA,EAAM,MAAMA,EAAII,EAAYL,CAAG,EAC/BkB,EAAc,IAElBC,EAAaL,EAAKb,EAAK,QAAQ,EAC/B,IAAMmB,EAAOC,EAAOC,EAAQ,OAAOtB,EAAI,WAAa,EAAE,EAAGsB,EAAQ,OAAO,GAAG,EAAG,OAAOtB,EAAI,SAAY,SAAWsB,EAAQ,OAAOtB,EAAI,OAAO,EAAIA,EAAI,OAAO,EACrJuB,EACJ,GAAI,CACAA,EAAYhB,EAAUP,EAAI,SAAS,CACvC,MACM,CACF,MAAM,IAAII,EAAW,0CAA0C,CACnE,CAEA,GAAI,CADa,MAAMoB,GAAOV,EAAKb,EAAKsB,EAAWH,CAAI,EAEnD,MAAM,IAAIK,EAEd,IAAIC,EACJ,GAAIb,EACA,GAAI,CACAa,EAAUnB,EAAUP,EAAI,OAAO,CACnC,MACM,CACF,MAAM,IAAII,EAAW,wCAAwC,CACjE,MAEK,OAAOJ,EAAI,SAAY,SAC5B0B,EAAUJ,EAAQ,OAAOtB,EAAI,OAAO,EAGpC0B,EAAU1B,EAAI,QAElB,IAAM2B,EAAS,CAAE,QAAAD,CAAQ,EAOzB,OANI1B,EAAI,YAAc,SAClB2B,EAAO,gBAAkBtB,GAEzBL,EAAI,SAAW,SACf2B,EAAO,kBAAoB3B,EAAI,QAE/BkB,EACO,CAAE,GAAGS,EAAQ,IAAA1B,CAAI,EAErB0B,CACX,CC9GA,eAAsBC,GAAcC,EAAKC,EAAKC,EAAS,CAInD,GAHIF,aAAe,aACfA,EAAMG,EAAQ,OAAOH,CAAG,GAExB,OAAOA,GAAQ,SACf,MAAM,IAAII,EAAW,4CAA4C,EAErE,GAAM,CAAE,EAAGC,EAAiB,EAAGC,EAAS,EAAGC,EAAW,OAAAC,CAAO,EAAIR,EAAI,MAAM,GAAG,EAC9E,GAAIQ,IAAW,EACX,MAAM,IAAIJ,EAAW,qBAAqB,EAE9C,IAAMK,EAAW,MAAMC,GAAgB,CAAE,QAAAJ,EAAS,UAAWD,EAAiB,UAAAE,CAAU,EAAGN,EAAKC,CAAO,EACjGS,EAAS,CAAE,QAASF,EAAS,QAAS,gBAAiBA,EAAS,eAAgB,EACtF,OAAI,OAAOR,GAAQ,WACR,CAAE,GAAGU,EAAQ,IAAKF,EAAS,GAAI,EAEnCE,CACX,CCjBA,eAAsBC,GAAcC,EAAKC,EAAKC,EAAS,CACnD,GAAI,CAACC,EAASH,CAAG,EACb,MAAM,IAAII,EAAW,+BAA+B,EAExD,GAAI,CAAC,MAAM,QAAQJ,EAAI,UAAU,GAAK,CAACA,EAAI,WAAW,MAAMG,CAAQ,EAChE,MAAM,IAAIC,EAAW,0CAA0C,EAEnE,QAAWC,KAAaL,EAAI,WACxB,GAAI,CACA,OAAO,MAAMM,GAAgB,CACzB,OAAQD,EAAU,OAClB,QAASL,EAAI,QACb,UAAWK,EAAU,UACrB,UAAWA,EAAU,SACzB,EAAGJ,EAAKC,CAAO,CACnB,MACM,CACN,CAEJ,MAAM,IAAIK,CACd,CCvBA,IAAOC,EAASC,GAAS,KAAK,MAAMA,EAAK,QAAQ,EAAI,GAAI,ECKzD,IAAMC,GAAQ,oIACPC,EAASC,GAAQ,CACpB,IAAMC,EAAUH,GAAM,KAAKE,CAAG,EAC9B,GAAI,CAACC,GAAYA,EAAQ,CAAC,GAAKA,EAAQ,CAAC,EACpC,MAAM,IAAI,UAAU,4BAA4B,EAEpD,IAAMC,EAAQ,WAAWD,EAAQ,CAAC,CAAC,EAC7BE,EAAOF,EAAQ,CAAC,EAAE,YAAY,EAChCG,EACJ,OAAQD,EAAM,CACV,IAAK,MACL,IAAK,OACL,IAAK,SACL,IAAK,UACL,IAAK,IACDC,EAAc,KAAK,MAAMF,CAAK,EAC9B,MACJ,IAAK,SACL,IAAK,UACL,IAAK,MACL,IAAK,OACL,IAAK,IACDE,EAAc,KAAK,MAAMF,EAAQ,EAAM,EACvC,MACJ,IAAK,OACL,IAAK,QACL,IAAK,KACL,IAAK,MACL,IAAK,IACDE,EAAc,KAAK,MAAMF,EAAQ,IAAI,EACrC,MACJ,IAAK,MACL,IAAK,OACL,IAAK,IACDE,EAAc,KAAK,MAAMF,EAAQ,KAAG,EACpC,MACJ,IAAK,OACL,IAAK,QACL,IAAK,IACDE,EAAc,KAAK,MAAMF,EAAQ,MAAI,EACrC,MACJ,QACIE,EAAc,KAAK,MAAMF,EAAQ,QAAI,EACrC,KACR,CACA,OAAID,EAAQ,CAAC,IAAM,KAAOA,EAAQ,CAAC,IAAM,MAC9B,CAACG,EAELA,CACX,ECjDA,IAAMC,GAAgBC,GAAUA,EAAM,YAAY,EAAE,QAAQ,iBAAkB,EAAE,EAC1EC,GAAwB,CAACC,EAAYC,IACnC,OAAOD,GAAe,SACfC,EAAU,SAASD,CAAU,EAEpC,MAAM,QAAQA,CAAU,EACjBC,EAAU,KAAK,IAAI,UAAU,IAAI,KAAK,IAAI,IAAID,CAAU,CAAC,CAAC,EAE9D,GAEJE,GAAQ,CAACC,EAAiBC,EAAgBC,EAAU,CAAC,IAAM,CAC9D,GAAM,CAAE,IAAAC,CAAI,EAAID,EAChB,GAAIC,IACC,OAAOH,EAAgB,KAAQ,UAC5BN,GAAaM,EAAgB,GAAG,IAAMN,GAAaS,CAAG,GAC1D,MAAM,IAAIC,EAAyB,oCAAqC,MAAO,cAAc,EAEjG,IAAIC,EACJ,GAAI,CACAA,EAAU,KAAK,MAAMC,EAAQ,OAAOL,CAAc,CAAC,CACvD,MACM,CACN,CACA,GAAI,CAACM,EAASF,CAAO,EACjB,MAAM,IAAIG,EAAW,gDAAgD,EAEzE,GAAM,CAAE,eAAAC,EAAiB,CAAC,EAAG,OAAAC,EAAQ,QAAAC,EAAS,SAAAC,EAAU,YAAAC,CAAY,EAAIX,EAClEY,EAAgB,CAAC,GAAGL,CAAc,EACpCI,IAAgB,QAChBC,EAAc,KAAK,KAAK,EACxBF,IAAa,QACbE,EAAc,KAAK,KAAK,EACxBH,IAAY,QACZG,EAAc,KAAK,KAAK,EACxBJ,IAAW,QACXI,EAAc,KAAK,KAAK,EAC5B,QAAWC,KAAS,IAAI,IAAID,EAAc,QAAQ,CAAC,EAC/C,GAAI,EAAEC,KAASV,GACX,MAAM,IAAID,EAAyB,qBAAqBW,CAAK,UAAWA,EAAO,SAAS,EAGhG,GAAIL,GAAU,EAAE,MAAM,QAAQA,CAAM,EAAIA,EAAS,CAACA,CAAM,GAAG,SAASL,EAAQ,GAAG,EAC3E,MAAM,IAAID,EAAyB,+BAAgC,MAAO,cAAc,EAE5F,GAAIO,GAAWN,EAAQ,MAAQM,EAC3B,MAAM,IAAIP,EAAyB,+BAAgC,MAAO,cAAc,EAE5F,GAAIQ,GACA,CAAChB,GAAsBS,EAAQ,IAAK,OAAOO,GAAa,SAAW,CAACA,CAAQ,EAAIA,CAAQ,EACxF,MAAM,IAAIR,EAAyB,+BAAgC,MAAO,cAAc,EAE5F,IAAIY,EACJ,OAAQ,OAAOd,EAAQ,eAAgB,CACnC,IAAK,SACDc,EAAYC,EAAKf,EAAQ,cAAc,EACvC,MACJ,IAAK,SACDc,EAAYd,EAAQ,eACpB,MACJ,IAAK,YACDc,EAAY,EACZ,MACJ,QACI,MAAM,IAAI,UAAU,oCAAoC,CAChE,CACA,GAAM,CAAE,YAAAE,CAAY,EAAIhB,EAClBiB,EAAMC,EAAMF,GAAe,IAAI,IAAM,EAC3C,IAAKb,EAAQ,MAAQ,QAAaQ,IAAgB,OAAOR,EAAQ,KAAQ,SACrE,MAAM,IAAID,EAAyB,+BAAgC,MAAO,SAAS,EAEvF,GAAIC,EAAQ,MAAQ,OAAW,CAC3B,GAAI,OAAOA,EAAQ,KAAQ,SACvB,MAAM,IAAID,EAAyB,+BAAgC,MAAO,SAAS,EAEvF,GAAIC,EAAQ,IAAMc,EAAMH,EACpB,MAAM,IAAIZ,EAAyB,qCAAsC,MAAO,cAAc,CAEtG,CACA,GAAIC,EAAQ,MAAQ,OAAW,CAC3B,GAAI,OAAOA,EAAQ,KAAQ,SACvB,MAAM,IAAID,EAAyB,+BAAgC,MAAO,SAAS,EAEvF,GAAIC,EAAQ,KAAOc,EAAMH,EACrB,MAAM,IAAIK,GAAW,qCAAsC,MAAO,cAAc,CAExF,CACA,GAAIR,EAAa,CACb,IAAMS,EAAMH,EAAMd,EAAQ,IACpBkB,EAAM,OAAOV,GAAgB,SAAWA,EAAcI,EAAKJ,CAAW,EAC5E,GAAIS,EAAMN,EAAYO,EAClB,MAAM,IAAIF,GAAW,2DAA4D,MAAO,cAAc,EAE1G,GAAIC,EAAM,EAAIN,EACV,MAAM,IAAIZ,EAAyB,gEAAiE,MAAO,cAAc,CAEjI,CACA,OAAOC,CACX,ECnGA,eAAsBmB,GAAUC,EAAKC,EAAKC,EAAS,CAC/C,IAAMC,EAAW,MAAMC,GAAcJ,EAAKC,EAAKC,CAAO,EACtD,GAAIC,EAAS,gBAAgB,MAAM,SAAS,KAAK,GAAKA,EAAS,gBAAgB,MAAQ,GACnF,MAAM,IAAIE,EAAW,qCAAqC,EAG9D,IAAMC,EAAS,CAAE,QADDC,GAAWJ,EAAS,gBAAiBA,EAAS,QAASD,CAAO,EACpD,gBAAiBC,EAAS,eAAgB,EACpE,OAAI,OAAOF,GAAQ,WACR,CAAE,GAAGK,EAAQ,IAAKH,EAAS,GAAI,EAEnCG,CACX,CCXA,eAAsBE,GAAWC,EAAKC,EAAKC,EAAS,CAChD,IAAMC,EAAY,MAAMC,GAAeJ,EAAKC,EAAKC,CAAO,EAClDG,EAAUC,GAAWH,EAAU,gBAAiBA,EAAU,UAAWD,CAAO,EAC5E,CAAE,gBAAAK,CAAgB,EAAIJ,EAC5B,GAAII,EAAgB,MAAQ,QAAaA,EAAgB,MAAQF,EAAQ,IACrE,MAAM,IAAIG,EAAyB,mDAAoD,MAAO,UAAU,EAE5G,GAAID,EAAgB,MAAQ,QAAaA,EAAgB,MAAQF,EAAQ,IACrE,MAAM,IAAIG,EAAyB,mDAAoD,MAAO,UAAU,EAE5G,GAAID,EAAgB,MAAQ,QACxB,KAAK,UAAUA,EAAgB,GAAG,IAAM,KAAK,UAAUF,EAAQ,GAAG,EAClE,MAAM,IAAIG,EAAyB,mDAAoD,MAAO,UAAU,EAE5G,IAAMC,EAAS,CAAE,QAAAJ,EAAS,gBAAAE,CAAgB,EAC1C,OAAI,OAAON,GAAQ,WACR,CAAE,GAAGQ,EAAQ,IAAKN,EAAU,GAAI,EAEpCM,CACX,CCrBO,IAAMC,GAAN,KAAqB,CACxB,WACA,YAAYC,EAAW,CACnB,KAAK,WAAa,IAAIC,EAAiBD,CAAS,CACpD,CACA,wBAAwBE,EAAK,CACzB,YAAK,WAAW,wBAAwBA,CAAG,EACpC,IACX,CACA,wBAAwBC,EAAI,CACxB,YAAK,WAAW,wBAAwBA,CAAE,EACnC,IACX,CACA,mBAAmBC,EAAiB,CAChC,YAAK,WAAW,mBAAmBA,CAAe,EAC3C,IACX,CACA,2BAA2BC,EAAY,CACnC,YAAK,WAAW,2BAA2BA,CAAU,EAC9C,IACX,CACA,MAAM,QAAQC,EAAKC,EAAS,CACxB,IAAMC,EAAM,MAAM,KAAK,WAAW,QAAQF,EAAKC,CAAO,EACtD,MAAO,CAACC,EAAI,UAAWA,EAAI,cAAeA,EAAI,GAAIA,EAAI,WAAYA,EAAI,GAAG,EAAE,KAAK,GAAG,CACvF,CACJ,ECnBO,IAAMC,EAAN,KAAoB,CACvB,SACA,iBACA,mBACA,YAAYC,EAAS,CACjB,GAAI,EAAEA,aAAmB,YACrB,MAAM,IAAI,UAAU,2CAA2C,EAEnE,KAAK,SAAWA,CACpB,CACA,mBAAmBC,EAAiB,CAChC,GAAI,KAAK,iBACL,MAAM,IAAI,UAAU,4CAA4C,EAEpE,YAAK,iBAAmBA,EACjB,IACX,CACA,qBAAqBC,EAAmB,CACpC,GAAI,KAAK,mBACL,MAAM,IAAI,UAAU,8CAA8C,EAEtE,YAAK,mBAAqBA,EACnB,IACX,CACA,MAAM,KAAKC,EAAKC,EAAS,CACrB,GAAI,CAAC,KAAK,kBAAoB,CAAC,KAAK,mBAChC,MAAM,IAAIC,EAAW,iFAAiF,EAE1G,GAAI,CAACC,EAAW,KAAK,iBAAkB,KAAK,kBAAkB,EAC1D,MAAM,IAAID,EAAW,2EAA2E,EAEpG,IAAME,EAAa,CACf,GAAG,KAAK,iBACR,GAAG,KAAK,kBACZ,EACMC,EAAaC,EAAaJ,EAAY,IAAI,IAAI,CAAC,CAAC,MAAO,EAAI,CAAC,CAAC,EAAGD,GAAS,KAAM,KAAK,iBAAkBG,CAAU,EAClHG,EAAM,GACV,GAAIF,EAAW,IAAI,KAAK,IACpBE,EAAM,KAAK,iBAAiB,IACxB,OAAOA,GAAQ,WACf,MAAM,IAAIL,EAAW,yEAAyE,EAGtG,GAAM,CAAE,IAAAM,CAAI,EAAIJ,EAChB,GAAI,OAAOI,GAAQ,UAAY,CAACA,EAC5B,MAAM,IAAIN,EAAW,2DAA2D,EAEpFO,EAAaD,EAAKR,EAAK,MAAM,EAC7B,IAAIH,EAAU,KAAK,SACfU,IACAV,EAAUa,EAAQ,OAAOC,EAAUd,CAAO,CAAC,GAE/C,IAAIC,EACA,KAAK,iBACLA,EAAkBY,EAAQ,OAAOC,EAAU,KAAK,UAAU,KAAK,gBAAgB,CAAC,CAAC,EAGjFb,EAAkBY,EAAQ,OAAO,EAAE,EAEvC,IAAME,EAAOC,EAAOf,EAAiBY,EAAQ,OAAO,GAAG,EAAGb,CAAO,EAC3DiB,EAAY,MAAMC,GAAKP,EAAKR,EAAKY,CAAI,EACrCI,EAAM,CACR,UAAWL,EAAUG,CAAS,EAC9B,QAAS,EACb,EACA,OAAIP,IACAS,EAAI,QAAUC,EAAQ,OAAOpB,CAAO,GAEpC,KAAK,qBACLmB,EAAI,OAAS,KAAK,oBAElB,KAAK,mBACLA,EAAI,UAAYC,EAAQ,OAAOnB,CAAe,GAE3CkB,CACX,CACJ,EClFO,IAAME,GAAN,KAAkB,CACrB,WACA,YAAYC,EAAS,CACjB,KAAK,WAAa,IAAIC,EAAcD,CAAO,CAC/C,CACA,mBAAmBE,EAAiB,CAChC,YAAK,WAAW,mBAAmBA,CAAe,EAC3C,IACX,CACA,MAAM,KAAKC,EAAKC,EAAS,CACrB,IAAMC,EAAM,MAAM,KAAK,WAAW,KAAKF,EAAKC,CAAO,EACnD,GAAIC,EAAI,UAAY,OAChB,MAAM,IAAI,UAAU,2DAA2D,EAEnF,MAAO,GAAGA,EAAI,SAAS,IAAIA,EAAI,OAAO,IAAIA,EAAI,SAAS,EAC3D,CACJ,ECfA,IAAMC,GAAN,KAA0B,CACtB,OACA,gBACA,kBACA,QACA,IACA,YAAYC,EAAKC,EAAKC,EAAS,CAC3B,KAAK,OAASF,EACd,KAAK,IAAMC,EACX,KAAK,QAAUC,CACnB,CACA,mBAAmBC,EAAiB,CAChC,GAAI,KAAK,gBACL,MAAM,IAAI,UAAU,4CAA4C,EAEpE,YAAK,gBAAkBA,EAChB,IACX,CACA,qBAAqBC,EAAmB,CACpC,GAAI,KAAK,kBACL,MAAM,IAAI,UAAU,8CAA8C,EAEtE,YAAK,kBAAoBA,EAClB,IACX,CACA,gBAAgBC,EAAM,CAClB,OAAO,KAAK,OAAO,aAAa,GAAGA,CAAI,CAC3C,CACA,QAAQA,EAAM,CACV,OAAO,KAAK,OAAO,KAAK,GAAGA,CAAI,CACnC,CACA,MAAO,CACH,OAAO,KAAK,MAChB,CACJ,EACaC,GAAN,KAAkB,CACrB,SACA,YAAc,CAAC,EACf,YAAYC,EAAS,CACjB,KAAK,SAAWA,CACpB,CACA,aAAaN,EAAKC,EAAS,CACvB,IAAMM,EAAY,IAAIT,GAAoB,KAAME,EAAKC,CAAO,EAC5D,YAAK,YAAY,KAAKM,CAAS,EACxBA,CACX,CACA,MAAM,MAAO,CACT,GAAI,CAAC,KAAK,YAAY,OAClB,MAAM,IAAIC,EAAW,sCAAsC,EAE/D,IAAMC,EAAM,CACR,WAAY,CAAC,EACb,QAAS,EACb,EACA,QAASC,EAAI,EAAGA,EAAI,KAAK,YAAY,OAAQA,IAAK,CAC9C,IAAMH,EAAY,KAAK,YAAYG,CAAC,EAC9BC,EAAY,IAAIC,EAAc,KAAK,QAAQ,EACjDD,EAAU,mBAAmBJ,EAAU,eAAe,EACtDI,EAAU,qBAAqBJ,EAAU,iBAAiB,EAC1D,GAAM,CAAE,QAAAD,EAAS,GAAGO,CAAK,EAAI,MAAMF,EAAU,KAAKJ,EAAU,IAAKA,EAAU,OAAO,EAClF,GAAIG,IAAM,EACND,EAAI,QAAUH,UAETG,EAAI,UAAYH,EACrB,MAAM,IAAIE,EAAW,qDAAqD,EAE9EC,EAAI,WAAW,KAAKI,CAAI,CAC5B,CACA,OAAOJ,CACX,CACJ,ECrEA,SAASK,GAAcC,EAAOC,EAAO,CACjC,GAAI,CAAC,OAAO,SAASA,CAAK,EACtB,MAAM,IAAI,UAAU,WAAWD,CAAK,QAAQ,EAEhD,OAAOC,CACX,CACO,IAAMC,EAAN,KAAiB,CACpB,SACA,YAAYC,EAAU,CAAC,EAAG,CACtB,GAAI,CAACC,EAASD,CAAO,EACjB,MAAM,IAAI,UAAU,kCAAkC,EAE1D,KAAK,SAAWA,CACpB,CACA,UAAUE,EAAQ,CACd,YAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKA,CAAO,EACzC,IACX,CACA,WAAWC,EAAS,CAChB,YAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKA,CAAQ,EAC1C,IACX,CACA,YAAYC,EAAU,CAClB,YAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKA,CAAS,EAC3C,IACX,CACA,OAAOC,EAAO,CACV,YAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKA,CAAM,EACxC,IACX,CACA,aAAaP,EAAO,CAChB,OAAI,OAAOA,GAAU,SACjB,KAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKF,GAAc,eAAgBE,CAAK,CAAE,EAEzEA,aAAiB,KACtB,KAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKF,GAAc,eAAgBU,EAAMR,CAAK,CAAC,CAAE,EAGrF,KAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKQ,EAAM,IAAI,IAAM,EAAIC,EAAKT,CAAK,CAAE,EAEtE,IACX,CACA,kBAAkBA,EAAO,CACrB,OAAI,OAAOA,GAAU,SACjB,KAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKF,GAAc,oBAAqBE,CAAK,CAAE,EAE9EA,aAAiB,KACtB,KAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKF,GAAc,oBAAqBU,EAAMR,CAAK,CAAC,CAAE,EAG1F,KAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKQ,EAAM,IAAI,IAAM,EAAIC,EAAKT,CAAK,CAAE,EAEtE,IACX,CACA,YAAYA,EAAO,CACf,OAAI,OAAOA,EAAU,IACjB,KAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKQ,EAAM,IAAI,IAAM,CAAE,EAEtDR,aAAiB,KACtB,KAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKF,GAAc,cAAeU,EAAMR,CAAK,CAAC,CAAE,EAE/E,OAAOA,GAAU,SACtB,KAAK,SAAW,CACZ,GAAG,KAAK,SACR,IAAKF,GAAc,cAAeU,EAAM,IAAI,IAAM,EAAIC,EAAKT,CAAK,CAAC,CACrE,EAGA,KAAK,SAAW,CAAE,GAAG,KAAK,SAAU,IAAKF,GAAc,cAAeE,CAAK,CAAE,EAE1E,IACX,CACJ,ECvEO,IAAMU,GAAN,cAAsBC,CAAW,CACpC,iBACA,mBAAmBC,EAAiB,CAChC,YAAK,iBAAmBA,EACjB,IACX,CACA,MAAM,KAAKC,EAAKC,EAAS,CACrB,IAAMC,EAAM,IAAIC,GAAYC,EAAQ,OAAO,KAAK,UAAU,KAAK,QAAQ,CAAC,CAAC,EAEzE,GADAF,EAAI,mBAAmB,KAAK,gBAAgB,EACxC,MAAM,QAAQ,KAAK,kBAAkB,IAAI,GACzC,KAAK,iBAAiB,KAAK,SAAS,KAAK,GACzC,KAAK,iBAAiB,MAAQ,GAC9B,MAAM,IAAIG,EAAW,qCAAqC,EAE9D,OAAOH,EAAI,KAAKF,EAAKC,CAAO,CAChC,CACJ,ECjBO,IAAMK,GAAN,cAAyBC,CAAW,CACvC,KACA,IACA,yBACA,iBACA,yBACA,0BACA,2BACA,mBAAmBC,EAAiB,CAChC,GAAI,KAAK,iBACL,MAAM,IAAI,UAAU,4CAA4C,EAEpE,YAAK,iBAAmBA,EACjB,IACX,CACA,2BAA2BC,EAAY,CACnC,GAAI,KAAK,yBACL,MAAM,IAAI,UAAU,oDAAoD,EAE5E,YAAK,yBAA2BA,EACzB,IACX,CACA,wBAAwBC,EAAK,CACzB,GAAI,KAAK,KACL,MAAM,IAAI,UAAU,iDAAiD,EAEzE,YAAK,KAAOA,EACL,IACX,CACA,wBAAwBC,EAAI,CACxB,GAAI,KAAK,IACL,MAAM,IAAI,UAAU,iDAAiD,EAEzE,YAAK,IAAMA,EACJ,IACX,CACA,yBAA0B,CACtB,YAAK,yBAA2B,GACzB,IACX,CACA,0BAA2B,CACvB,YAAK,0BAA4B,GAC1B,IACX,CACA,2BAA4B,CACxB,YAAK,2BAA6B,GAC3B,IACX,CACA,MAAM,QAAQC,EAAKC,EAAS,CACxB,IAAMC,EAAM,IAAIC,GAAeC,EAAQ,OAAO,KAAK,UAAU,KAAK,QAAQ,CAAC,CAAC,EAC5E,OAAI,KAAK,2BACL,KAAK,iBAAmB,CAAE,GAAG,KAAK,iBAAkB,IAAK,KAAK,SAAS,GAAI,GAE3E,KAAK,4BACL,KAAK,iBAAmB,CAAE,GAAG,KAAK,iBAAkB,IAAK,KAAK,SAAS,GAAI,GAE3E,KAAK,6BACL,KAAK,iBAAmB,CAAE,GAAG,KAAK,iBAAkB,IAAK,KAAK,SAAS,GAAI,GAE/EF,EAAI,mBAAmB,KAAK,gBAAgB,EACxC,KAAK,KACLA,EAAI,wBAAwB,KAAK,GAAG,EAEpC,KAAK,MACLA,EAAI,wBAAwB,KAAK,IAAI,EAErC,KAAK,0BACLA,EAAI,2BAA2B,KAAK,wBAAwB,EAEzDA,EAAI,QAAQF,EAAKC,CAAO,CACnC,CACJ,ECrEA,IAAMI,EAAQ,CAACC,EAAOC,IAAgB,CAClC,GAAI,OAAOD,GAAU,UAAY,CAACA,EAC9B,MAAM,IAAIE,GAAW,GAAGD,CAAW,qBAAqB,CAEhE,EACA,eAAsBE,GAAuBC,EAAKC,EAAiB,CAC/D,GAAI,CAACC,EAASF,CAAG,EACb,MAAM,IAAI,UAAU,uBAAuB,EAG/C,GADAC,IAAoB,SAChBA,IAAoB,UACpBA,IAAoB,UACpBA,IAAoB,SACpB,MAAM,IAAI,UAAU,6DAA6D,EAErF,IAAIE,EACJ,OAAQH,EAAI,IAAK,CACb,IAAK,KACDL,EAAMK,EAAI,IAAK,yBAAyB,EACxCL,EAAMK,EAAI,EAAG,8BAA8B,EAC3CL,EAAMK,EAAI,EAAG,8BAA8B,EAC3CG,EAAa,CAAE,IAAKH,EAAI,IAAK,IAAKA,EAAI,IAAK,EAAGA,EAAI,EAAG,EAAGA,EAAI,CAAE,EAC9D,MACJ,IAAK,MACDL,EAAMK,EAAI,IAAK,uCAAuC,EACtDL,EAAMK,EAAI,EAAG,4BAA4B,EACzCG,EAAa,CAAE,IAAKH,EAAI,IAAK,IAAKA,EAAI,IAAK,EAAGA,EAAI,CAAE,EACpD,MACJ,IAAK,MACDL,EAAMK,EAAI,EAAG,0BAA0B,EACvCL,EAAMK,EAAI,EAAG,yBAAyB,EACtCG,EAAa,CAAE,EAAGH,EAAI,EAAG,IAAKA,EAAI,IAAK,EAAGA,EAAI,CAAE,EAChD,MACJ,IAAK,MACDL,EAAMK,EAAI,EAAG,2BAA2B,EACxCG,EAAa,CAAE,EAAGH,EAAI,EAAG,IAAKA,EAAI,GAAI,EACtC,MACJ,QACI,MAAM,IAAII,EAAiB,mDAAmD,CACtF,CACA,IAAMC,EAAOC,EAAQ,OAAO,KAAK,UAAUH,CAAU,CAAC,EACtD,OAAOI,EAAU,MAAMC,GAAOP,EAAiBI,CAAI,CAAC,CACxD,CACA,eAAsBI,GAA0BT,EAAKC,EAAiB,CAClEA,IAAoB,SACpB,IAAMS,EAAa,MAAMX,GAAuBC,EAAKC,CAAe,EACpE,MAAO,4CAA4CA,EAAgB,MAAM,EAAE,CAAC,IAAIS,CAAU,EAC9F,CCjDA,eAAsBC,GAAYC,EAAiBC,EAAO,CACtD,IAAMC,EAAa,CACf,GAAGF,EACH,GAAGC,GAAO,MACd,EACA,GAAI,CAACE,EAASD,EAAW,GAAG,EACxB,MAAM,IAAIE,EAAW,6DAA6D,EAEtF,IAAMC,EAAM,MAAMC,EAAU,CAAE,GAAGJ,EAAW,IAAK,IAAK,EAAK,EAAGA,EAAW,GAAG,EAC5E,GAAIG,aAAe,YAAcA,EAAI,OAAS,SAC1C,MAAM,IAAID,EAAW,4DAA4D,EAErF,OAAOC,CACX,CCbA,SAASE,GAAcC,EAAK,CACxB,OAAQ,OAAOA,GAAQ,UAAYA,EAAI,MAAM,EAAG,CAAC,EAAG,CAChD,IAAK,KACL,IAAK,KACD,MAAO,MACX,IAAK,KACD,MAAO,KACX,IAAK,KACD,MAAO,MACX,QACI,MAAM,IAAIC,EAAiB,gDAAgD,CACnF,CACJ,CACO,SAASC,GAAWC,EAAM,CAC7B,OAAQA,GACJ,OAAOA,GAAS,UAChB,MAAM,QAAQA,EAAK,IAAI,GACvBA,EAAK,KAAK,MAAMC,EAAS,CACjC,CACA,SAASA,GAAUC,EAAK,CACpB,OAAOC,EAASD,CAAG,CACvB,CACA,SAASE,GAAMC,EAAK,CAChB,OAAI,OAAO,iBAAoB,WACpB,gBAAgBA,CAAG,EAEvB,KAAK,MAAM,KAAK,UAAUA,CAAG,CAAC,CACzC,CACO,IAAMC,GAAN,KAAkB,CACrB,MACA,QAAU,IAAI,QACd,YAAYN,EAAM,CACd,GAAI,CAACD,GAAWC,CAAI,EAChB,MAAM,IAAIO,EAAY,4BAA4B,EAEtD,KAAK,MAAQH,GAAMJ,CAAI,CAC3B,CACA,MAAM,OAAOQ,EAAiBC,EAAO,CACjC,GAAM,CAAE,IAAAZ,EAAK,IAAAa,CAAI,EAAI,CAAE,GAAGF,EAAiB,GAAGC,GAAO,MAAO,EACtDE,EAAMf,GAAcC,CAAG,EACvBe,EAAa,KAAK,MAAM,KAAK,OAAQC,GAAQ,CAC/C,IAAIC,EAAYH,IAAQE,EAAI,IAgB5B,GAfIC,GAAa,OAAOJ,GAAQ,WAC5BI,EAAYJ,IAAQG,EAAI,KAExBC,GAAa,OAAOD,EAAI,KAAQ,WAChCC,EAAYjB,IAAQgB,EAAI,KAExBC,GAAa,OAAOD,EAAI,KAAQ,WAChCC,EAAYD,EAAI,MAAQ,OAExBC,GAAa,MAAM,QAAQD,EAAI,OAAO,IACtCC,EAAYD,EAAI,QAAQ,SAAS,QAAQ,GAEzCC,GAAajB,IAAQ,UACrBiB,EAAYD,EAAI,MAAQ,WAAaA,EAAI,MAAQ,SAEjDC,EACA,OAAQjB,EAAK,CACT,IAAK,QACDiB,EAAYD,EAAI,MAAQ,QACxB,MACJ,IAAK,SACDC,EAAYD,EAAI,MAAQ,YACxB,MACJ,IAAK,QACDC,EAAYD,EAAI,MAAQ,QACxB,MACJ,IAAK,QACDC,EAAYD,EAAI,MAAQ,QACxB,KACR,CAEJ,OAAOC,CACX,CAAC,EACK,CAAE,EAAGD,EAAK,OAAAE,CAAO,EAAIH,EAC3B,GAAIG,IAAW,EACX,MAAM,IAAIC,EAEd,GAAID,IAAW,EAAG,CACd,IAAME,EAAQ,IAAIC,GACZ,CAAE,QAAAC,CAAQ,EAAI,KACpB,MAAAF,EAAM,OAAO,aAAa,EAAI,iBAAmB,CAC7C,QAAWJ,KAAOD,EACd,GAAI,CACA,MAAM,MAAMQ,GAAmBD,EAASN,EAAKhB,CAAG,CACpD,MACM,CAAE,CAEhB,EACMoB,CACV,CACA,OAAOG,GAAmB,KAAK,QAASP,EAAKhB,CAAG,CACpD,CACJ,EACA,eAAeuB,GAAmBC,EAAOR,EAAKhB,EAAK,CAC/C,IAAMyB,EAASD,EAAM,IAAIR,CAAG,GAAKQ,EAAM,IAAIR,EAAK,CAAC,CAAC,EAAE,IAAIA,CAAG,EAC3D,GAAIS,EAAOzB,CAAG,IAAM,OAAW,CAC3B,IAAMK,EAAM,MAAMqB,EAAU,CAAE,GAAGV,EAAK,IAAK,EAAK,EAAGhB,CAAG,EACtD,GAAIK,aAAe,YAAcA,EAAI,OAAS,SAC1C,MAAM,IAAIK,EAAY,8CAA8C,EAExEe,EAAOzB,CAAG,EAAIK,CAClB,CACA,OAAOoB,EAAOzB,CAAG,CACrB,CACO,SAAS2B,GAAkBxB,EAAM,CACpC,IAAMyB,EAAM,IAAInB,GAAYN,CAAI,EAChC,MAAO,OAAOQ,EAAiBC,IAAUgB,EAAI,OAAOjB,EAAiBC,CAAK,CAC9E,CChHA,UAAYiB,OAAU,YACtB,UAAYC,OAAW,aACvB,OAAS,QAAAC,OAAY,cAGrB,IAAMC,GAAY,MAAOC,EAAKC,EAASC,IAAY,CAC/C,IAAIC,EACJ,OAAQH,EAAI,SAAU,CAClB,IAAK,SACDG,EAAY,OACZ,MACJ,IAAK,QACDA,EAAW,OACX,MACJ,QACI,MAAM,IAAI,UAAU,2BAA2B,CACvD,CACA,GAAM,CAAE,MAAAC,EAAO,QAAAC,CAAQ,EAAIH,EACrBI,EAAMH,EAAIH,EAAI,KAAM,CACtB,MAAAI,EACA,QAAAH,EACA,QAAAI,CACJ,CAAC,EACK,CAACE,CAAQ,EAAK,MAAM,QAAQ,KAAK,CAACC,GAAKF,EAAK,UAAU,EAAGE,GAAKF,EAAK,SAAS,CAAC,CAAC,EACpF,GAAI,CAACC,EACD,MAAAD,EAAI,QAAQ,EACN,IAAIG,GAEd,GAAIF,EAAS,aAAe,IACxB,MAAM,IAAIG,EAAU,yDAAyD,EAEjF,IAAMC,EAAQ,CAAC,EACf,cAAiBC,KAAQL,EACrBI,EAAM,KAAKC,CAAI,EAEnB,GAAI,CACA,OAAO,KAAK,MAAMC,EAAQ,OAAOC,EAAO,GAAGH,CAAK,CAAC,CAAC,CACtD,MACM,CACF,MAAM,IAAID,EAAU,4DAA4D,CACpF,CACJ,EACOK,GAAQhB,GCvCf,SAASiB,IAAsB,CAC3B,OAAQ,OAAO,cAAkB,KAC5B,OAAO,UAAc,KAAe,UAAU,YAAc,sBAC5D,OAAO,YAAgB,KAAe,cAAgB,QAC/D,CACA,IAAIC,IACA,OAAO,UAAc,KAAe,CAAC,UAAU,WAAW,aAAa,cAAc,KAGrFA,GAAa,eAEjB,IAAMC,GAAN,cAA2BC,EAAY,CACnC,KACA,iBACA,kBACA,aACA,eACA,cACA,SACA,YAAYC,EAAKC,EAAS,CAGtB,GAFA,MAAM,CAAE,KAAM,CAAC,CAAE,CAAC,EAClB,KAAK,MAAQ,OACT,EAAED,aAAe,KACjB,MAAM,IAAI,UAAU,gCAAgC,EAExD,KAAK,KAAO,IAAI,IAAIA,EAAI,IAAI,EAC5B,KAAK,SAAW,CAAE,MAAOC,GAAS,MAAO,QAASA,GAAS,OAAQ,EACnE,KAAK,iBACD,OAAOA,GAAS,iBAAoB,SAAWA,GAAS,gBAAkB,IAC9E,KAAK,kBACD,OAAOA,GAAS,kBAAqB,SAAWA,GAAS,iBAAmB,IAChF,KAAK,aAAe,OAAOA,GAAS,aAAgB,SAAWA,GAAS,YAAc,GAC1F,CACA,aAAc,CACV,OAAO,OAAO,KAAK,gBAAmB,SAChC,KAAK,IAAI,EAAI,KAAK,eAAiB,KAAK,kBACxC,EACV,CACA,OAAQ,CACJ,OAAO,OAAO,KAAK,gBAAmB,SAChC,KAAK,IAAI,EAAI,KAAK,eAAiB,KAAK,aACxC,EACV,CACA,MAAM,OAAOC,EAAiBC,EAAO,EAC7B,CAAC,KAAK,OAAS,CAAC,KAAK,MAAM,IAC3B,MAAM,KAAK,OAAO,EAEtB,GAAI,CACA,OAAO,MAAM,MAAM,OAAOD,EAAiBC,CAAK,CACpD,OACOC,EAAK,CACR,GAAIA,aAAeC,GACX,KAAK,YAAY,IAAM,GACvB,aAAM,KAAK,OAAO,EACX,MAAM,OAAOH,EAAiBC,CAAK,EAGlD,MAAMC,CACV,CACJ,CACA,MAAM,QAAS,CACP,KAAK,eAAiBR,GAAoB,IAC1C,KAAK,cAAgB,QAEzB,IAAMU,EAAU,IAAI,QAAQ,KAAK,SAAS,OAAO,EAC7CT,IAAc,CAACS,EAAQ,IAAI,YAAY,IACvCA,EAAQ,IAAI,aAAcT,EAAU,EACpC,KAAK,SAAS,QAAU,OAAO,YAAYS,EAAQ,QAAQ,CAAC,GAEhE,KAAK,gBAAkBC,GAAU,KAAK,KAAM,KAAK,iBAAkB,KAAK,QAAQ,EAC3E,KAAMC,GAAS,CAChB,GAAI,CAACC,GAAWD,CAAI,EAChB,MAAM,IAAIE,EAAY,4BAA4B,EAEtD,KAAK,MAAQ,CAAE,KAAMF,EAAK,IAAK,EAC/B,KAAK,eAAiB,KAAK,IAAI,EAC/B,KAAK,cAAgB,MACzB,CAAC,EACI,MAAOJ,GAAQ,CAChB,WAAK,cAAgB,OACfA,CACV,CAAC,EACD,MAAM,KAAK,aACf,CACJ,EACO,SAASO,GAAmBX,EAAKC,EAAS,CAC7C,IAAMW,EAAM,IAAId,GAAaE,EAAKC,CAAO,EACzC,MAAO,OAAOC,EAAiBC,IAAUS,EAAI,OAAOV,EAAiBC,CAAK,CAC9E,CCtFO,IAAMU,GAAN,cAA2BC,CAAW,CACzC,QAAS,CACL,IAAMC,EAAmBC,EAAO,KAAK,UAAU,CAAE,IAAK,MAAO,CAAC,CAAC,EACzDC,EAAoBD,EAAO,KAAK,UAAU,KAAK,QAAQ,CAAC,EAC9D,MAAO,GAAGD,CAAM,IAAIE,CAAO,GAC/B,CACA,OAAO,OAAOC,EAAKC,EAAS,CACxB,GAAI,OAAOD,GAAQ,SACf,MAAM,IAAIE,EAAW,gCAAgC,EAEzD,GAAM,CAAE,EAAGC,EAAe,EAAGC,EAAgB,EAAGC,EAAW,OAAAC,CAAO,EAAIN,EAAI,MAAM,GAAG,EACnF,GAAIM,IAAW,GAAKD,IAAc,GAC9B,MAAM,IAAIH,EAAW,uBAAuB,EAEhD,IAAIL,EACJ,GAAI,CAEA,GADAA,EAAS,KAAK,MAAMU,EAAQ,OAAiBC,EAAOL,CAAa,CAAC,CAAC,EAC/DN,EAAO,MAAQ,OACf,MAAM,IAAI,KAClB,MACM,CACF,MAAM,IAAIK,EAAW,uBAAuB,CAChD,CAEA,MAAO,CAAE,QADOO,GAAWZ,EAAkBW,EAAOJ,CAAc,EAAGH,CAAO,EAC1D,OAAAJ,CAAO,CAC7B,CACJ,EC/BA,IAAAa,GAAA,GAAAC,GAAAD,GAAA,YAAAE,GAAA,WAAAC,KACO,IAAMC,GAAmBA,EACnBC,GAAmBA,ECCzB,SAASC,GAAsBC,EAAO,CACzC,IAAIC,EACJ,GAAI,OAAOD,GAAU,SAAU,CAC3B,IAAME,EAAQF,EAAM,MAAM,GAAG,GACzBE,EAAM,SAAW,GAAKA,EAAM,SAAW,KAEvC,CAACD,CAAa,EAAIC,EAE1B,SACS,OAAOF,GAAU,UAAYA,EAClC,GAAI,cAAeA,EACfC,EAAgBD,EAAM,cAGtB,OAAM,IAAI,UAAU,2CAA2C,EAGvE,GAAI,CACA,GAAI,OAAOC,GAAkB,UAAY,CAACA,EACtC,MAAM,IAAI,MAEd,IAAME,EAAS,KAAK,MAAMC,EAAQ,OAAOC,GAAUJ,CAAa,CAAC,CAAC,EAClE,GAAI,CAACK,EAASH,CAAM,EAChB,MAAM,IAAI,MAEd,OAAOA,CACX,MACM,CACF,MAAM,IAAI,UAAU,8CAA8C,CACtE,CACJ,CC7BO,SAASI,GAAUC,EAAK,CAC3B,GAAI,OAAOA,GAAQ,SACf,MAAM,IAAIC,EAAW,+DAA+D,EACxF,GAAM,CAAE,EAAGC,EAAS,OAAAC,CAAO,EAAIH,EAAI,MAAM,GAAG,EAC5C,GAAIG,IAAW,EACX,MAAM,IAAIF,EAAW,0DAA0D,EACnF,GAAIE,IAAW,EACX,MAAM,IAAIF,EAAW,aAAa,EACtC,GAAI,CAACC,EACD,MAAM,IAAID,EAAW,6BAA6B,EACtD,IAAIG,EACJ,GAAI,CACAA,EAAUC,GAAUH,CAAO,CAC/B,MACM,CACF,MAAM,IAAID,EAAW,wCAAwC,CACjE,CACA,IAAIK,EACJ,GAAI,CACAA,EAAS,KAAK,MAAMC,EAAQ,OAAOH,CAAO,CAAC,CAC/C,MACM,CACF,MAAM,IAAIH,EAAW,6CAA6C,CACtE,CACA,GAAI,CAACO,EAASF,CAAM,EAChB,MAAM,IAAIL,EAAW,wBAAwB,EACjD,OAAOK,CACX,CC/BA,OAAS,mBAAAG,GAAiB,mBAAmBC,OAAyB,cACtE,OAAS,aAAAC,OAAiB,YAG1B,IAAMC,EAAWC,GAAUC,EAAiB,EAC5C,eAAsBC,GAAeC,EAAKC,EAAS,CAC/C,IAAIC,EACJ,OAAQF,EAAK,CACT,IAAK,QACL,IAAK,QACL,IAAK,QACL,IAAK,gBACL,IAAK,gBACL,IAAK,gBACDE,EAAS,SAASF,EAAI,MAAM,EAAE,EAAG,EAAE,EACnC,MACJ,IAAK,SACL,IAAK,SACL,IAAK,SACL,IAAK,YACL,IAAK,YACL,IAAK,YACL,IAAK,UACL,IAAK,UACL,IAAK,UACDE,EAAS,SAASF,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,EACrC,MACJ,QACI,MAAM,IAAIG,EAAiB,8DAA8D,CACjG,CACA,OAAOC,GAAgBC,EAAO,IAAI,WAAWH,GAAU,CAAC,CAAC,CAAC,CAC9D,CACA,eAAsBI,GAAgBN,EAAKC,EAAS,CAChD,OAAQD,EAAK,CACT,IAAK,QACL,IAAK,QACL,IAAK,QACL,IAAK,QACL,IAAK,QACL,IAAK,QACL,IAAK,WACL,IAAK,eACL,IAAK,eACL,IAAK,eACL,IAAK,SAAU,CACX,IAAMO,EAAgBN,GAAS,eAAiB,KAChD,GAAI,OAAOM,GAAkB,UAAYA,EAAgB,KACrD,MAAM,IAAIJ,EAAiB,6FAA6F,EAM5H,OAJgB,MAAMP,EAAS,MAAO,CAClC,cAAAW,EACA,eAAgB,KACpB,CAAC,CAEL,CACA,IAAK,QACD,OAAOX,EAAS,KAAM,CAAE,WAAY,OAAQ,CAAC,EACjD,IAAK,SACD,OAAOA,EAAS,KAAM,CAAE,WAAY,WAAY,CAAC,EACrD,IAAK,QACD,OAAOA,EAAS,KAAM,CAAE,WAAY,OAAQ,CAAC,EACjD,IAAK,QACD,OAAOA,EAAS,KAAM,CAAE,WAAY,OAAQ,CAAC,EACjD,IAAK,QACD,OAAQK,GAAS,IAAK,CAClB,KAAK,OACL,IAAK,UACD,OAAOL,EAAS,SAAS,EAC7B,IAAK,QACD,OAAOA,EAAS,OAAO,EAC3B,QACI,MAAM,IAAIO,EAAiB,oFAAoF,CACvH,CAEJ,IAAK,UACL,IAAK,iBACL,IAAK,iBACL,IAAK,iBAAkB,CACnB,IAAMK,EAAMP,GAAS,KAAO,QAC5B,OAAQO,EAAK,CACT,KAAK,OACL,IAAK,QACL,IAAK,QACL,IAAK,QACD,OAAOZ,EAAS,KAAM,CAAE,WAAYY,CAAI,CAAC,EAC7C,IAAK,SACD,OAAOZ,EAAS,QAAQ,EAC5B,IAAK,OACD,OAAOA,EAAS,MAAM,EAC1B,QACI,MAAM,IAAIO,EAAiB,wGAAwG,CAC3I,CACJ,CACA,QACI,MAAM,IAAIA,EAAiB,8DAA8D,CACjG,CACJ,CC/FA,eAAsBM,GAAgBC,EAAKC,EAAS,CAChD,OAAOF,GAASC,EAAKC,CAAO,CAChC,CCFA,eAAsBC,GAAeC,EAAKC,EAAS,CAC/C,OAAOF,GAASC,EAAKC,CAAO,CAChC,CCHA,IAAOC,GAAQ,cCCf,IAAOC,GAAQA","names":["Buffer","createHash","digest","algorithm","data","digest_default","encoder","decoder","MAX_INT32","concat","buffers","size","acc","length","buf","i","buffer","p2s","alg","p2sInput","writeUInt32BE","value","offset","uint64be","high","low","uint32be","lengthAndInput","input","concatKdf","secret","bits","iterations","res","iter","digest_default","normalize","input","encoded","decoder","encode","Buffer","decode","input","Buffer","normalize","createDecipheriv","KeyObject","errors_exports","__export","JOSEAlgNotAllowed","JOSEError","JOSENotSupported","JWEDecryptionFailed","JWEInvalid","JWKInvalid","JWKSInvalid","JWKSMultipleMatchingKeys","JWKSNoMatchingKey","JWKSTimeout","JWSInvalid","JWSSignatureVerificationFailed","JWTClaimValidationFailed","JWTExpired","JWTInvalid","message","claim","reason","randomFillSync","bitLength","alg","JOSENotSupported","iv_default","randomFillSync","checkIvLength","enc","iv","bitLength","JWEInvalid","check_iv_length_default","util","is_key_object_default","obj","checkCekLength","enc","cek","expected","JOSENotSupported","actual","JWEInvalid","is_key_object_default","check_cek_length_default","impl","timingSafeEqual","timing_safe_equal_default","createHmac","cbcTag","aad","iv","ciphertext","macSize","macKey","keySize","macData","concat","uint64be","hmac","createHmac","crypto","util","webcrypto","webcrypto_default","isCryptoKey","key","unusable","name","prop","isAlgorithm","algorithm","getHashLength","hash","getNamedCurve","alg","checkUsage","key","usages","expected","msg","last","checkSigCryptoKey","checkEncCryptoKey","message","msg","actual","types","last","invalid_key_input_default","withAlg","alg","getCiphers","ciphers","ciphers_default","algorithm","is_key_like_default","key","is_key_object_default","isCryptoKey","types","webcrypto_default","cbcDecrypt","enc","cek","ciphertext","iv","tag","aad","keySize","is_key_object_default","encKey","macKey","macSize","algorithm","ciphers_default","JOSENotSupported","expectedTag","cbcTag","macCheckPassed","timing_safe_equal_default","JWEDecryptionFailed","plaintext","decipher","createDecipheriv","concat","gcmDecrypt","decrypt","key","isCryptoKey","checkEncCryptoKey","KeyObject","invalid_key_input_default","types","JWEInvalid","check_cek_length_default","check_iv_length_default","decrypt_default","isDisjoint","headers","sources","acc","header","parameters","parameter","is_disjoint_default","isObjectLike","value","isObject","input","proto","Buffer","KeyObject","createDecipheriv","createCipheriv","createSecretKey","checkKeySize","key","alg","ensureKeyObject","usage","is_key_object_default","createSecretKey","isCryptoKey","checkEncCryptoKey","KeyObject","invalid_key_input_default","types","wrap","cek","algorithm","ciphers_default","JOSENotSupported","keyObject","cipher","createCipheriv","Buffer","concat","unwrap","encryptedKey","createDecipheriv","diffieHellman","generateKeyPairCb","KeyObject","promisify","KeyObject","namedCurveToJOSE","namedCurve","JOSENotSupported","getNamedCurve","kee","raw","key","isCryptoKey","KeyObject","is_key_object_default","invalid_key_input_default","types","get_named_curve_default","generateKeyPair","promisify","generateKeyPairCb","deriveKey","publicKee","privateKee","algorithm","keyLength","apu","apv","publicKey","isCryptoKey","checkEncCryptoKey","KeyObject","is_key_object_default","invalid_key_input_default","types","privateKey","value","concat","lengthAndInput","encoder","uint32be","sharedSecret","diffieHellman","concatKdf","generateEpk","kee","key","namedCurve","get_named_curve_default","JOSENotSupported","ecdhAllowed","promisify","KeyObject","pbkdf2cb","checkP2s","p2s","JWEInvalid","pbkdf2","promisify","pbkdf2cb","getPassword","key","alg","is_key_object_default","isCryptoKey","checkEncCryptoKey","KeyObject","invalid_key_input_default","types","encrypt","cek","p2c","p2s","randomFillSync","checkP2s","salt","keylen","password","derivedKey","wrap","encode","decrypt","encryptedKey","unwrap","KeyObject","publicEncrypt","constants","privateDecrypt","deprecate","check_key_length_default","key","alg","modulusLength","checkKey","key","alg","check_key_length_default","RSA1_5","deprecate","constants","resolvePadding","resolveOaepHash","ensureKeyObject","usages","is_key_object_default","isCryptoKey","checkEncCryptoKey","KeyObject","invalid_key_input_default","types","encrypt","cek","padding","oaepHash","keyObject","publicEncrypt","decrypt","encryptedKey","privateDecrypt","bitLength","alg","JOSENotSupported","cek_default","randomFillSync","createPrivateKey","createPublicKey","KeyObject","Buffer","genericExport","keyType","keyFormat","key","keyObject","isCryptoKey","KeyObject","is_key_object_default","invalid_key_input_default","types","toSPKI","toPKCS8","fromPKCS8","pem","createPrivateKey","Buffer","fromSPKI","createPublicKey","fromX509","createPrivateKey","createPublicKey","parse","jwk","jwk_to_key_default","importSPKI","spki","alg","options","fromSPKI","importX509","x509","fromX509","importPKCS8","pkcs8","fromPKCS8","importJWK","jwk","isObject","decode","JOSENotSupported","jwk_to_key_default","symmetricTypeCheck","alg","key","is_key_like_default","withAlg","types","asymmetricTypeCheck","usage","checkKeyType","check_key_type_default","createCipheriv","KeyObject","cbcEncrypt","enc","plaintext","cek","iv","aad","keySize","is_key_object_default","encKey","macKey","algorithm","ciphers_default","JOSENotSupported","cipher","createCipheriv","ciphertext","concat","macSize","tag","cbcTag","gcmEncrypt","encrypt","key","isCryptoKey","checkEncCryptoKey","KeyObject","invalid_key_input_default","types","check_cek_length_default","check_iv_length_default","iv_default","encrypt_default","wrap","alg","key","cek","iv","jweAlgorithm","wrapped","encrypt_default","encode","unwrap","encryptedKey","tag","decrypt_default","decryptKeyManagement","alg","key","encryptedKey","joseHeader","options","check_key_type_default","JWEInvalid","isObject","ecdhAllowed","JOSENotSupported","epk","importJWK","partyUInfo","partyVInfo","decode","sharedSecret","deriveKey","bitLength","unwrap","decrypt","p2cLimit","p2s","iv","tag","decrypt_key_management_default","validateCrit","Err","recognizedDefault","recognizedOption","protectedHeader","joseHeader","input","recognized","parameter","JOSENotSupported","validate_crit_default","validateAlgorithms","option","algorithms","s","validate_algorithms_default","flattenedDecrypt","jwe","key","options","isObject","JWEInvalid","parsedProt","protectedHeader","decode","decoder","is_disjoint_default","joseHeader","validate_crit_default","JOSENotSupported","alg","enc","keyManagementAlgorithms","validate_algorithms_default","contentEncryptionAlgorithms","JOSEAlgNotAllowed","encryptedKey","resolvedKey","cek","decrypt_key_management_default","err","cek_default","iv","tag","encoder","additionalData","concat","ciphertext","result","decrypt_default","compactDecrypt","jwe","key","options","decoder","JWEInvalid","protectedHeader","encryptedKey","iv","ciphertext","tag","length","decrypted","flattenedDecrypt","result","generalDecrypt","jwe","key","options","isObject","JWEInvalid","recipient","flattenedDecrypt","JWEDecryptionFailed","KeyObject","keyToJWK","key","keyObject","isCryptoKey","KeyObject","is_key_object_default","encode","invalid_key_input_default","types","JOSENotSupported","key_to_jwk_default","exportSPKI","key","toSPKI","exportPKCS8","toPKCS8","exportJWK","key_to_jwk_default","encryptKeyManagement","alg","enc","key","providedCek","providedParameters","encryptedKey","parameters","cek","check_key_type_default","ecdhAllowed","JOSENotSupported","apu","apv","ephemeralKey","generateEpk","x","y","crv","kty","exportJWK","sharedSecret","deriveKey","bitLength","encode","cek_default","kwAlg","wrap","encrypt","p2c","p2s","iv","encrypt_key_management_default","unprotected","FlattenedEncrypt","plaintext","parameters","protectedHeader","sharedUnprotectedHeader","unprotectedHeader","aad","cek","iv","key","options","JWEInvalid","is_disjoint_default","joseHeader","validate_crit_default","JOSENotSupported","alg","enc","encryptedKey","encrypt_key_management_default","additionalData","aadMember","encoder","encode","concat","ciphertext","tag","encrypt_default","jwe","decoder","IndividualRecipient","enc","key","options","unprotectedHeader","args","GeneralEncrypt","plaintext","recipient","protectedHeader","sharedUnprotectedHeader","aad","JWEInvalid","flattened","FlattenedEncrypt","jwe","i","is_disjoint_default","joseHeader","alg","validate_crit_default","JOSENotSupported","cek","cek_default","target","p2c","unprotected","encryptedKey","parameters","encrypt_key_management_default","encode","crypto","promisify","dsaDigest","alg","JOSENotSupported","constants","PSS","constants","ecCurveAlgMap","keyForCrypto","alg","key","check_key_length_default","hashAlgorithm","mgf1HashAlgorithm","saltLength","length","actual","get_named_curve_default","expected","JOSENotSupported","crypto","promisify","hmacDigest","alg","JOSENotSupported","KeyObject","createSecretKey","getSignVerifyKey","alg","key","usage","invalid_key_input_default","types","createSecretKey","KeyObject","isCryptoKey","checkSigCryptoKey","oneShotSign","promisify","sign","alg","key","data","keyObject","getSignVerifyKey","hmac","hmacDigest","dsaDigest","keyForCrypto","sign_default","oneShotVerify","promisify","verify","alg","key","signature","data","keyObject","getSignVerifyKey","expected","sign_default","actual","algorithm","dsaDigest","keyInput","keyForCrypto","verify_default","flattenedVerify","jws","key","options","isObject","JWSInvalid","parsedProt","protectedHeader","decode","decoder","is_disjoint_default","joseHeader","extensions","validate_crit_default","b64","alg","algorithms","validate_algorithms_default","JOSEAlgNotAllowed","resolvedKey","check_key_type_default","data","concat","encoder","signature","verify_default","JWSSignatureVerificationFailed","payload","result","compactVerify","jws","key","options","decoder","JWSInvalid","protectedHeader","payload","signature","length","verified","flattenedVerify","result","generalVerify","jws","key","options","isObject","JWSInvalid","signature","flattenedVerify","JWSSignatureVerificationFailed","epoch_default","date","REGEX","secs_default","str","matched","value","unit","numericDate","normalizeTyp","value","checkAudiencePresence","audPayload","audOption","jwt_claims_set_default","protectedHeader","encodedPayload","options","typ","JWTClaimValidationFailed","payload","decoder","isObject","JWTInvalid","requiredClaims","issuer","subject","audience","maxTokenAge","presenceCheck","claim","tolerance","secs_default","currentDate","now","epoch_default","JWTExpired","age","max","jwtVerify","jwt","key","options","verified","compactVerify","JWTInvalid","result","jwt_claims_set_default","jwtDecrypt","jwt","key","options","decrypted","compactDecrypt","payload","jwt_claims_set_default","protectedHeader","JWTClaimValidationFailed","result","CompactEncrypt","plaintext","FlattenedEncrypt","cek","iv","protectedHeader","parameters","key","options","jwe","FlattenedSign","payload","protectedHeader","unprotectedHeader","key","options","JWSInvalid","is_disjoint_default","joseHeader","extensions","validate_crit_default","b64","alg","check_key_type_default","encoder","encode","data","concat","signature","sign_default","jws","decoder","CompactSign","payload","FlattenedSign","protectedHeader","key","options","jws","IndividualSignature","sig","key","options","protectedHeader","unprotectedHeader","args","GeneralSign","payload","signature","JWSInvalid","jws","i","flattened","FlattenedSign","rest","validateInput","label","input","ProduceJWT","payload","isObject","issuer","subject","audience","jwtId","epoch_default","secs_default","SignJWT","ProduceJWT","protectedHeader","key","options","sig","CompactSign","encoder","JWTInvalid","EncryptJWT","ProduceJWT","protectedHeader","parameters","cek","iv","key","options","enc","CompactEncrypt","encoder","check","value","description","JWKInvalid","calculateJwkThumbprint","jwk","digestAlgorithm","isObject","components","JOSENotSupported","data","encoder","encode","digest_default","calculateJwkThumbprintUri","thumbprint","EmbeddedJWK","protectedHeader","token","joseHeader","isObject","JWSInvalid","key","importJWK","getKtyFromAlg","alg","JOSENotSupported","isJWKSLike","jwks","isJWKLike","key","isObject","clone","obj","LocalJWKSet","JWKSInvalid","protectedHeader","token","kid","kty","candidates","jwk","candidate","length","JWKSNoMatchingKey","error","JWKSMultipleMatchingKeys","_cached","importWithAlgCache","cache","cached","importJWK","createLocalJWKSet","set","http","https","once","fetchJwks","url","timeout","options","get","agent","headers","req","response","once","JWKSTimeout","JOSEError","parts","part","decoder","concat","fetch_jwks_default","isCloudflareWorkers","USER_AGENT","RemoteJWKSet","LocalJWKSet","url","options","protectedHeader","token","err","JWKSNoMatchingKey","headers","fetch_jwks_default","json","isJWKSLike","JWKSInvalid","createRemoteJWKSet","set","UnsecuredJWT","ProduceJWT","header","encode","payload","jwt","options","JWTInvalid","encodedHeader","encodedPayload","signature","length","decoder","decode","jwt_claims_set_default","base64url_exports","__export","decode","encode","encode","decode","decodeProtectedHeader","token","protectedB64u","parts","result","decoder","decode","isObject","decodeJwt","jwt","JWTInvalid","payload","length","decoded","decode","result","decoder","isObject","createSecretKey","generateKeyPairCb","promisify","generate","promisify","generateKeyPairCb","generateSecret","alg","options","length","JOSENotSupported","createSecretKey","randomFillSync","generateKeyPair","modulusLength","crv","generateKeyPair","alg","options","generateSecret","alg","options","runtime_default","runtime_default"]}
package/build/preview-5HAC2VHN.js ADDED
@@ -0,0 +1,4 @@
1
+ import { createRequire as _createRequire } from 'node:module';
2
+ const require = _createRequire(import.meta.url);
3
+ import{a as D}from"./chunk-ZORLYW6M.js";import{a as b}from"./chunk-OWEB37KH.js";import"./chunk-A3KHJIN7.js";import{a as S,e as y,f as I,m as x,n as j}from"./chunk-J2KSZ5LE.js";import"./chunk-A7TURNR5.js";import{D as v,Ua as P,fb as U,g as w,ha as h,ra as n}from"./chunk-5JYQ2Z7Y.js";import{b as C,d as a,e as s}from"./chunk-2JOP4YNL.js";import{e as u,h as r}from"./chunk-V4TR6DCM.js";r();r();import{cwd as N}from"node:process";var c=u(C(),1);r();var T=u(C(),1);async function A(e,m,o){let t=new S(m),i=await y({siteId:o,projectFolder:e.projectFolder,siteListClient:t});return(0,T.match)(i,{NotConfigured:()=>{throw new a({code:s.SiteConfiguredRequired()})},NotFound:()=>{throw new a({code:s.SiteConfiguredRequired()})},Resolved:({site:f})=>f})}r();var d=u(C(),1);var E=({model:e,site:m,tag:o})=>{let t=e.components.filter((0,d.isType)(n.DashboardPage)||(0,d.isType)(n.DashboardPlugin)||(0,d.isType)(n.DashboardMenuPlugin)),i={appId:e.config.appId,site:m,tag:o};return t[0]?j({envConfig:i,extension:t[0]}):x({envConfig:i,platformType:h.Dashboard()})};r();function M(e){console.log(e)}async function z(e,m){let o=await U(N()),t=await v();if(!t)throw new a({code:s.AuthenticationRequired()});m.errorReporter.setUser({id:t.userInfo.userId}),b(m.biLogger,t.userInfo.userId);let i=w({type:"backoffice",getAppToken:()=>t.getAccessToken()}),f=await A(o,i,e.siteId),k=o.components.filter(g=>(0,c.isType)(g,n.Api)||(0,c.isType)(g,n.Event)||(0,c.isType)(g,n.ServicePlugin)),{serveUrl:R,backendServerUrl:F}=e.baseUrl?{serveUrl:e.baseUrl,backendServerUrl:void 0}:await P(o.config.appId,o.projectFolder,m.biLogger,i,k.length>0),L=new I(i),q=await D({model:o,arm:L,serveUrl:R,backendServerUrl:F}),H=E({site:f,model:o,tag:q});M(H)}export{z as nonInteractivePreview};
4
+ //# sourceMappingURL=preview-5HAC2VHN.js.map