blaizejs 0.3.2 → 0.3.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (30) hide show
  1. package/dist/chunk-337RPHG5.js +11 -0
  2. package/dist/{chunk-HB6MRTGD.js.map → chunk-337RPHG5.js.map} +1 -1
  3. package/dist/{unsupported-media-type-error-VVHRDTUH.js → chunk-HX7XLEO3.js} +3 -9
  4. package/dist/{chunk-7IM52S7P.js.map → chunk-HX7XLEO3.js.map} +1 -1
  5. package/dist/chunk-KE2IOPV4.js +11 -0
  6. package/dist/{chunk-IFP53BNM.js.map → chunk-KE2IOPV4.js.map} +1 -1
  7. package/dist/chunk-LY65OJH4.js +11 -0
  8. package/dist/{chunk-3VK325MM.js.map → chunk-LY65OJH4.js.map} +1 -1
  9. package/dist/chunk-VM3QGHVO.js +11 -0
  10. package/dist/{chunk-CQKM74J4.js.map → chunk-VM3QGHVO.js.map} +1 -1
  11. package/dist/index.cjs +38 -3486
  12. package/dist/index.cjs.map +1 -1
  13. package/dist/index.d.cts +2 -2
  14. package/dist/index.d.ts +2 -2
  15. package/dist/index.js +38 -3153
  16. package/dist/index.js.map +1 -1
  17. package/dist/{validation-error-TXMSFWZL.js → internal-server-error-JHHSKW5B.js} +3 -9
  18. package/dist/{internal-server-error-PVME2DGN.js → payload-too-large-error-SOQINKUL.js} +3 -9
  19. package/dist/{payload-too-large-error-QQG7MKGT.js → unsupported-media-type-error-KJMHH5CY.js} +3 -9
  20. package/dist/validation-error-Q6IOTN4C.js +11 -0
  21. package/package.json +6 -6
  22. package/dist/chunk-3VK325MM.js +0 -31
  23. package/dist/chunk-7IM52S7P.js +0 -31
  24. package/dist/chunk-CQKM74J4.js +0 -39
  25. package/dist/chunk-HB6MRTGD.js +0 -39
  26. package/dist/chunk-IFP53BNM.js +0 -149
  27. /package/dist/{internal-server-error-PVME2DGN.js.map → internal-server-error-JHHSKW5B.js.map} +0 -0
  28. /package/dist/{payload-too-large-error-QQG7MKGT.js.map → payload-too-large-error-SOQINKUL.js.map} +0 -0
  29. /package/dist/{unsupported-media-type-error-VVHRDTUH.js.map → unsupported-media-type-error-KJMHH5CY.js.map} +0 -0
  30. /package/dist/{validation-error-TXMSFWZL.js.map → validation-error-Q6IOTN4C.js.map} +0 -0
package/dist/index.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../../blaize-types/src/errors.ts","../src/errors/correlation.ts","../src/errors/internal-server-error.ts","../src/errors/validation-error.ts","../src/errors/payload-too-large-error.ts","../src/errors/unsupported-media-type-error.ts","../src/index.ts","../src/middleware/execute.ts","../src/middleware/compose.ts","../src/middleware/create.ts","../src/plugins/create.ts","../src/router/create.ts","../src/config.ts","../src/router/discovery/parser.ts","../src/server/create.ts","../src/server/start.ts","../src/server/dev-certificate.ts","../src/context/errors.ts","../src/context/store.ts","../src/upload/multipart-parser.ts","../src/upload/utils.ts","../src/context/create.ts","../src/errors/not-found-error.ts","../src/errors/boundary.ts","../src/middleware/error-boundary.ts","../src/server/request-handler.ts","../src/server/stop.ts","../src/server/validation.ts","../src/plugins/lifecycle.ts","../src/plugins/errors.ts","../src/plugins/validation.ts","../src/router/discovery/cache.ts","../src/router/discovery/loader.ts","../src/router/discovery/parallel.ts","../src/router/discovery/finder.ts","../src/router/discovery/profiler.ts","../src/router/discovery/watchers.ts","../src/router/validation/schema.ts","../src/router/validation/body.ts","../src/router/validation/params.ts","../src/router/validation/query.ts","../src/router/validation/response.ts","../src/router/handlers/executor.ts","../src/router/matching/params.ts","../src/router/matching/matcher.ts","../src/router/registry/fast-registry.ts","../src/router/utils/matching-helpers.ts","../src/router/router.ts","../../blaize-types/src/index.ts","../src/errors/unauthorized-error.ts","../src/errors/forbidden-error.ts","../src/errors/conflict-error.ts","../src/errors/rate-limit-error.ts","../src/errors/request-timeout-error.ts","../src/errors/unprocessable-entity-error.ts"],"sourcesContent":["/**\n * Error type definitions and interfaces for the BlaizeJS framework\n *\n * This module contains all the type definitions used for error handling\n * across the BlaizeJS framework, including server-side errors, client-side\n * errors, and HTTP response formats.\n */\n\n/**\n * Structure of error responses sent over HTTP\n *\n * This interface defines the JSON format used for all error responses\n * from BlaizeJS servers. It matches the structure returned by BlaizeError.toJSON()\n *\n * @example\n * ```json\n * {\n * \"type\": \"VALIDATION_ERROR\",\n * \"title\": \"Request validation failed\",\n * \"status\": 400,\n * \"correlationId\": \"req_abc123\",\n * \"timestamp\": \"2024-01-15T10:30:00.000Z\",\n * \"details\": {\n * \"fields\": [\"email\", \"password\"]\n * }\n * }\n * ```\n */\nexport interface BlaizeErrorResponse {\n /** Error type from the ErrorType enum */\n type: ErrorType;\n\n /** Human-readable error message */\n title: string;\n\n /** HTTP status code */\n status: number;\n\n /** Correlation ID for request tracing */\n correlationId: string;\n\n /** ISO timestamp when error occurred */\n timestamp: string;\n\n /** Optional error-specific details */\n details?: unknown;\n}\n\n/**\n * Context information for network-related errors\n *\n * Used by client-side error classes to provide additional context\n * about network failures, timeouts, and connection issues.\n */\nexport interface NetworkErrorContext {\n /** The URL that failed */\n url: string;\n\n /** HTTP method being attempted */\n method: string;\n\n /** Correlation ID for tracing */\n correlationId: string;\n\n /** Timeout value if applicable */\n timeout?: number;\n\n /** The original error that caused the network failure */\n originalError: Error;\n\n /** Additional network-specific details */\n networkDetails?: {\n /** Whether this was a connection timeout */\n isTimeout?: boolean;\n\n /** Whether this was a DNS resolution failure */\n isDnsFailure?: boolean;\n\n /** Whether this was a connection refused error */\n isConnectionRefused?: boolean;\n\n /** HTTP status code if received before failure */\n statusCode?: number;\n };\n}\n\n/**\n * Context information for request timeout errors\n *\n * Specialized context for timeout-specific errors with timing information.\n */\nexport interface TimeoutErrorContext {\n /** The URL that timed out */\n url: string;\n\n /** HTTP method being attempted */\n method: string;\n\n /** Correlation ID for tracing */\n correlationId: string;\n\n /** Configured timeout value in milliseconds */\n timeoutMs: number;\n\n /** Actual duration before timeout in milliseconds */\n elapsedMs: number;\n\n /** Type of timeout (request, connection, etc.) */\n timeoutType: 'request' | 'connection' | 'response' | 'idle';\n}\n\n/**\n * Context information for response parsing errors\n *\n * Used when the client receives a response but cannot parse it properly.\n */\nexport interface ParseErrorContext {\n /** The URL that returned unparseable content */\n url: string;\n\n /** HTTP method used */\n method: string;\n\n /** Correlation ID for tracing */\n correlationId: string;\n\n /** HTTP status code received */\n statusCode: number;\n\n /** Content-Type header if available */\n contentType?: string;\n\n /** Expected response format */\n expectedFormat: 'json' | 'text' | 'binary';\n\n /** Sample of the actual response content (truncated for safety) */\n responseSample?: string;\n\n /** The original parsing error */\n originalError: Error;\n}\n\n/**\n * Validation error field details\n *\n * Structure for field-level validation errors with multiple error messages\n * per field.\n */\nexport interface ValidationFieldError {\n /** Field name or path (e.g., \"email\", \"user.profile.name\") */\n field: string;\n\n /** Array of error messages for this field */\n messages: string[];\n\n /** The invalid value that caused the error */\n rejectedValue?: unknown;\n\n /** Expected type or format */\n expectedType?: string;\n}\n\n/**\n * Validation error details structure\n *\n * Used by ValidationError to provide structured information about\n * what fields failed validation and why.\n */\nexport interface ValidationErrorDetails {\n /** Array of field-level errors */\n fields: ValidationFieldError[];\n\n /** Total number of validation errors */\n errorCount: number;\n\n /** The section that failed validation */\n section: 'params' | 'query' | 'body' | 'response';\n\n /** Schema name if available */\n schemaName?: string;\n}\n\n/**\n * All available error types in the BlaizeJS framework\n *\n * This enum provides both compile-time type safety and runtime values\n * for error type identification across server and client packages.\n *\n * @example Type-safe error handling:\n * ```typescript\n * function handleError(errorType: ErrorType) {\n * switch (errorType) {\n * case ErrorType.VALIDATION_ERROR:\n * // Handle validation error\n * break;\n * case ErrorType.NOT_FOUND:\n * // Handle not found error\n * break;\n * // TypeScript ensures all cases are covered\n * }\n * }\n * ```\n */\nexport enum ErrorType {\n // Server-side business logic errors\n /** Request validation failed (400) */\n VALIDATION_ERROR = 'VALIDATION_ERROR',\n\n /** Resource not found (404) */\n NOT_FOUND = 'NOT_FOUND',\n\n /** Authentication required (401) */\n UNAUTHORIZED = 'UNAUTHORIZED',\n\n /** Access forbidden (403) */\n FORBIDDEN = 'FORBIDDEN',\n\n /** Resource conflict (409) */\n CONFLICT = 'CONFLICT',\n\n /** Rate limit exceeded (429) */\n RATE_LIMITED = 'RATE_LIMITED',\n\n /** Internal server error (500) */\n INTERNAL_SERVER_ERROR = 'INTERNAL_SERVER_ERROR',\n\n /** File/Request Too Large (413) */\n PAYLOAD_TOO_LARGE = 'PAYLOAD_TOO_LARGE',\n\n /** Wrong Content Type (415) */\n UNSUPPORTED_MEDIA_TYPE = 'UNSUPPORTED_MEDIA_TYPE',\n\n /** Upload Timeout (408) */\n UPLOAD_TIMEOUT = 'UPLOAD_TIMEOUT',\n\n /** Valid Format Invalid Semantics (422) */\n UNPROCESSABLE_ENTITY = 'UNPROCESSABLE_ENTITY',\n\n // Client-side errors\n /** Network connectivity failure (0) */\n NETWORK_ERROR = 'NETWORK_ERROR',\n\n /** Request or response timeout (0) */\n TIMEOUT_ERROR = 'TIMEOUT_ERROR',\n\n /** Response parsing failure (0) */\n PARSE_ERROR = 'PARSE_ERROR',\n\n /** Generic HTTP error (varies) */\n HTTP_ERROR = 'HTTP_ERROR',\n}\n\n/**\n * Error severity levels for logging and monitoring\n *\n * Provides a way to categorize errors by their impact and urgency.\n */\nexport enum ErrorSeverity {\n /** Low impact, often user errors */\n LOW = 'low',\n\n /** Medium impact, application errors */\n MEDIUM = 'medium',\n\n /** High impact, system errors */\n HIGH = 'high',\n\n /** Critical impact, service disruption */\n CRITICAL = 'critical',\n}\n\n/**\n * Abstract base class for all BlaizeJS errors\n *\n * This class provides the foundation for all error types in the BlaizeJS framework.\n * It extends JavaScript's built-in Error class and adds framework-specific properties\n * for consistent error handling across server and client.\n *\n * @example\n * ```typescript\n * import { ErrorType } from './types';\n *\n * class NotFoundError extends BlaizeError<{ resourceId: string }> {\n * constructor(message = 'Resource not found', details?: { resourceId: string }) {\n * super(ErrorType.NOT_FOUND, message, 404, getCurrentCorrelationId(), details);\n * }\n * }\n * ```\n *\n * @template TDetails - Type for error-specific details object\n */\nexport abstract class BlaizeError<TDetails = unknown> extends Error {\n /**\n * Error type identifier from the ErrorType enum\n * Used for programmatic error handling and client-side error routing\n */\n readonly type: ErrorType;\n\n /**\n * Human-readable error title/message\n * Should be descriptive enough for debugging but safe for end users\n */\n readonly title: string;\n\n /**\n * HTTP status code associated with this error\n * Used by the error boundary to set appropriate response status\n */\n readonly status: number;\n\n /**\n * Correlation ID for request tracing\n * Links this error to the specific request that generated it\n */\n readonly correlationId: string;\n\n /**\n * Timestamp when the error occurred\n * Useful for debugging and log correlation\n */\n readonly timestamp: Date;\n\n /**\n * Additional error-specific details\n * Type-safe error context that varies by error type\n */\n readonly details?: TDetails | undefined;\n\n /**\n * Creates a new BlaizeError instance\n *\n * @param type - Error type from the ErrorType enum\n * @param title - Human-readable error message\n * @param status - HTTP status code\n * @param correlationId - Request correlation ID for tracing\n * @param details - Optional error-specific details\n */\n protected constructor(\n type: ErrorType,\n title: string,\n status: number,\n correlationId: string,\n details?: TDetails | undefined\n ) {\n super(title);\n\n // Set the error name to the class name for better stack traces\n this.name = this.constructor.name;\n\n // Framework-specific properties\n this.type = type;\n this.title = title;\n this.status = status;\n this.correlationId = correlationId;\n this.timestamp = new Date();\n this.details = details;\n\n // Maintain proper prototype chain for instanceof checks\n Object.setPrototypeOf(this, new.target.prototype);\n\n // Capture stack trace if available (V8 feature)\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n }\n\n /**\n * Serializes the error to a plain object suitable for HTTP responses\n *\n * @returns Object representation of the error\n */\n toJSON() {\n const base = {\n type: this.type,\n title: this.title,\n status: this.status,\n correlationId: this.correlationId,\n timestamp: this.timestamp.toISOString(),\n };\n\n // Only include details if they are not undefined\n if (this.details !== undefined) {\n return { ...base, details: this.details };\n }\n\n return base;\n }\n\n /**\n * Returns a string representation of the error\n * Includes correlation ID for easier debugging\n */\n toString(): string {\n return `${this.name}: ${this.title} [${this.correlationId}]`;\n }\n}\n\n/**\n * Interface for payload too large error details\n */\nexport interface PayloadTooLargeErrorDetails {\n fileCount?: number;\n maxFiles?: number;\n filename?: string;\n field?: string;\n contentType?: string;\n currentSize?: number;\n maxSize?: number;\n}\n\n/**\n * Interface for unsupported media type error details\n */\nexport interface UnsupportedMediaTypeErrorDetails {\n receivedMimeType?: string;\n allowedMimeTypes?: string[];\n filename?: string;\n}\n\n/**\n * Interface for authentication error details\n */\nexport interface UnauthorizedErrorDetails {\n /** Reason for authentication failure */\n reason?:\n | 'missing_token'\n | 'invalid_token'\n | 'expired_token'\n | 'malformed_token'\n | 'insufficient_scope'\n | string;\n\n /** Authentication scheme (Bearer, Basic, etc.) */\n authScheme?: string;\n\n /** Authentication realm */\n realm?: string;\n\n /** Detailed error description */\n error_description?: string;\n\n /** Required scopes or permissions */\n requiredScopes?: string[];\n\n /** Login URL for interactive authentication */\n loginUrl?: string;\n\n /** Additional context */\n [key: string]: unknown;\n}\n\n/**\n * Interface for authorization/permission error details\n */\nexport interface ForbiddenErrorDetails {\n /** Required permission or role */\n requiredPermission?: string;\n\n /** User's current permissions */\n userPermissions?: string[];\n\n /** Resource being accessed */\n resource?: string;\n\n /** Action being attempted */\n action?: string;\n\n /** Reason for access denial */\n reason?: 'insufficient_permissions' | 'account_suspended' | 'resource_locked' | string;\n\n /** Additional context */\n [key: string]: unknown;\n}\n\n/**\n * Interface for resource conflict error details\n */\nexport interface ConflictErrorDetails {\n /** Type of conflict */\n conflictType?:\n | 'duplicate_key'\n | 'version_mismatch'\n | 'concurrent_modification'\n | 'business_rule'\n | string;\n\n /** Field that caused the conflict */\n field?: string;\n\n /** Existing value that conflicts */\n existingValue?: unknown;\n\n /** Provided value that conflicts */\n providedValue?: unknown;\n\n /** Resource that has the conflicting value */\n conflictingResource?: string;\n\n /** Current version/etag of the resource */\n currentVersion?: string;\n\n /** Expected version/etag */\n expectedVersion?: string;\n\n /** Suggested resolution */\n resolution?: string;\n\n /** Additional context */\n [key: string]: unknown;\n}\n\n/**\n * Interface for rate limiting error details\n */\nexport interface RateLimitErrorDetails {\n /** Maximum requests allowed in the time window */\n limit?: number;\n\n /** Remaining requests in current window */\n remaining?: number;\n\n /** When the rate limit resets */\n resetTime?: Date;\n\n /** Seconds until the rate limit resets */\n retryAfter?: number;\n\n /** Time window for the rate limit */\n window?: string;\n\n /** Identifier used for rate limiting (IP, user ID, etc.) */\n identifier?: string;\n\n /** Type of rate limit hit */\n limitType?: 'global' | 'per_user' | 'per_ip' | 'per_endpoint' | string;\n\n /** Additional context */\n [key: string]: unknown;\n}\n\n/**\n * Interface for internal server error details\n */\nexport interface InternalServerErrorDetails {\n /** Original error message (for debugging) */\n originalError?: string;\n\n /** Stack trace (for debugging) */\n stackTrace?: string;\n\n /** Component where the error occurred */\n component?: string;\n\n /** Operation being performed */\n operation?: string;\n\n /** Internal error code */\n internalErrorCode?: string;\n\n /** When the error occurred */\n timestamp?: Date;\n\n /** Whether this error should be retryable */\n retryable?: boolean;\n\n /** Additional debugging context */\n [key: string]: unknown;\n}\n\n/**\n * Interface for NotFound error details\n * Provides context about the missing resource\n */\nexport interface NotFoundErrorDetails {\n /** Type of resource that was not found */\n resourceType?: string;\n\n /** ID or identifier of the resource */\n resourceId?: string;\n\n /** Collection or table where the resource was searched */\n collection?: string;\n\n /** Search criteria that was used */\n query?: Record<string, unknown>;\n\n /** Search criteria that was used (for backward compatibility) */\n searchCriteria?: Record<string, unknown>;\n\n /** The path that was attempted */\n path?: string;\n\n /** HTTP method used (for API endpoints) */\n method?: string;\n\n /** The path that was attempted (for backward compatibility) */\n attemptedPath?: string;\n\n /** Parent resource information for nested resources */\n parentResource?: {\n type: string;\n id: string;\n };\n\n /** Helpful suggestion for the user */\n suggestion?: string;\n\n /** Additional context */\n [key: string]: unknown;\n}\n\n// TODO: This can potentiall be removed\n/**\n * Interface for body parsing errors stored in context state\n */\nexport interface BodyParseError {\n /**\n * Type of parsing error that occurred\n */\n readonly type:\n | 'json_parse_error'\n | 'form_parse_error'\n | 'multipart_parse_error'\n | 'body_read_error';\n\n /**\n * Human-readable error message\n */\n readonly message: string;\n\n /**\n * Original error object or details\n */\n readonly error: unknown;\n}\n\n/**\n * Type guard to check if an object is a BodyParseError\n */\nexport function isBodyParseError(error: unknown): error is BodyParseError {\n return (\n typeof error === 'object' &&\n error !== null &&\n 'type' in error &&\n 'message' in error &&\n 'error' in error &&\n typeof (error as any).type === 'string' &&\n typeof (error as any).message === 'string'\n );\n}\n\n/**\n * Context information for error transformation\n */\nexport interface ErrorTransformContext {\n url: string;\n method: string;\n correlationId: string;\n timeoutMs?: number;\n elapsedMs?: number;\n statusCode?: number;\n contentType?: string;\n responseSample?: string;\n [key: string]: unknown;\n}\n","/**\n * Correlation ID system for request tracing across async operations\n *\n * This module provides utilities for generating, storing, and accessing\n * correlation IDs that follow requests through the entire application stack.\n * Uses AsyncLocalStorage for automatic context propagation.\n */\n\nimport { AsyncLocalStorage } from 'node:async_hooks';\n\n/**\n * AsyncLocalStorage instance for storing correlation IDs\n * Separate from the main context storage to allow independent lifecycle management\n */\nconst correlationStorage = new AsyncLocalStorage<string>();\n\n/**\n * Generates a new unique correlation ID\n *\n * Format: req_[timestamp_base36]_[random_base36]\n * Example: req_k3x2m1_9z8y7w6v\n *\n * @returns A unique correlation ID string\n */\nexport function generateCorrelationId(): string {\n const timestamp = Date.now().toString(36); // Base36 encoded timestamp\n const random = Math.random().toString(36).substr(2, 9); // Base36 random string\n return `req_${timestamp}_${random}`;\n}\n\n/**\n * Gets the current correlation ID from AsyncLocalStorage\n *\n * @returns The current correlation ID, or 'unknown' if none is set\n */\nexport function getCurrentCorrelationId(): string {\n const stored = correlationStorage.getStore();\n return stored && stored.trim() ? stored : 'unknown';\n}\n\n/**\n * Sets the correlation ID in the current AsyncLocalStorage context\n *\n * This will affect the current execution context and any subsequent\n * async operations that inherit from it.\n *\n * @param correlationId - The correlation ID to set\n */\nexport function setCorrelationId(correlationId: string): void {\n correlationStorage.enterWith(correlationId);\n}\n\n/**\n * Runs a function with a specific correlation ID\n *\n * Creates a new AsyncLocalStorage context with the provided correlation ID.\n * The correlation ID will be available to the function and any async operations\n * it spawns, but will not affect the parent context.\n *\n * @param correlationId - The correlation ID to use for this context\n * @param fn - The function to run with the correlation ID\n * @returns The result of the function\n *\n * @example\n * ```typescript\n * const result = await withCorrelationId('req_123', async () => {\n * console.log(getCurrentCorrelationId()); // 'req_123'\n * return await processRequest();\n * });\n * ```\n */\nexport function withCorrelationId<T>(\n correlationId: string,\n fn: () => T | Promise<T>\n): T | Promise<T> {\n return correlationStorage.run(correlationId, fn);\n}\n\n/**\n * Extracts correlation ID from headers or generates a new one\n *\n * Looks for the 'x-correlation-id' header and uses it if present.\n * If not found, empty, or undefined, generates a new correlation ID.\n *\n * @param headers - HTTP headers object\n * @returns A correlation ID (either from headers or newly generated)\n *\n * @example\n * ```typescript\n * // From incoming request headers\n * const correlationId = getOrGenerateCorrelationId(request.headers);\n *\n * // Use in request processing\n * await withCorrelationId(correlationId, async () => {\n * // Process request with correlation tracking\n * });\n * ```\n */\nexport function getOrGenerateCorrelationId(headers: Record<string, string | undefined>): string {\n const headerCorrelationId = headers['x-correlation-id'];\n\n // Use header value if it exists and is not empty\n if (headerCorrelationId && headerCorrelationId.trim()) {\n return headerCorrelationId;\n }\n\n // Generate new correlation ID if header is missing or empty\n return generateCorrelationId();\n}\n\n/**\n * Creates a middleware function for setting correlation ID from request headers\n *\n * This is a utility for integrating correlation ID handling into the middleware stack.\n * It extracts or generates a correlation ID and sets it for the request processing.\n *\n * @returns Middleware function that sets correlation ID\n *\n * @example\n * ```typescript\n * import { createServer } from 'blaizejs';\n * import { createCorrelationMiddleware } from './correlation';\n *\n * const server = createServer({\n * middleware: [\n * createCorrelationMiddleware(),\n * // ... other middleware\n * ]\n * });\n * ```\n */\nexport function createCorrelationMiddleware() {\n return {\n name: 'correlation',\n execute: async (context: any, next: () => Promise<void>) => {\n // Extract headers from context (adapting to BlaizeJS context structure)\n const headers = context.request.headers();\n const correlationId = getOrGenerateCorrelationId(headers);\n\n // Set correlation ID and process request\n await withCorrelationId(correlationId, next);\n },\n debug: () => ({ stage: 'correlation-id-setup' }),\n };\n}\n\n/**\n * Type-safe wrapper for functions that need correlation ID context\n *\n * Ensures that a function always has access to a correlation ID,\n * either from the current context or by generating a new one.\n *\n * @param fn - Function that requires correlation ID context\n * @returns Wrapped function that guarantees correlation ID availability\n */\nexport function withEnsuredCorrelation<T extends any[], R>(\n fn: (...args: T) => R | Promise<R>\n): (...args: T) => R | Promise<R> {\n return (...args: T): R | Promise<R> => {\n const currentCorrelationId = getCurrentCorrelationId();\n\n // If we already have a correlation ID, just run the function\n if (currentCorrelationId !== 'unknown') {\n return fn(...args);\n }\n\n // Generate new correlation ID and run function in that context\n const newCorrelationId = generateCorrelationId();\n return withCorrelationId(newCorrelationId, () => fn(...args));\n };\n}\n\n/**\n * Debugging utility to get correlation storage information\n *\n * @internal This is for debugging purposes only\n */\nexport function _getCorrelationStorageInfo() {\n return {\n hasActiveStore: correlationStorage.getStore() !== undefined,\n currentCorrelationId: correlationStorage.getStore() ?? null,\n };\n}\n","/**\n * InternalServerError class for server-side errors\n *\n * This error is thrown for unexpected server-side errors that are not\n * the client's fault. It provides debugging context while protecting\n * sensitive information in production.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { InternalServerErrorDetails } from '@blaize-types/errors';\n/**\n * Error thrown for internal server errors\n *\n * Automatically sets HTTP status to 500 and provides debugging context.\n * Note: In production, sensitive details should be filtered by error boundary.\n *\n * @example Basic usage:\n * ```typescript\n * throw new InternalServerError('Something went wrong');\n * ```\n *\n * @example With debugging details:\n * ```typescript\n * throw new InternalServerError('Database error', {\n * originalError: error.message,\n * component: 'user-service',\n * operation: 'createUser',\n * retryable: true\n * });\n * ```\n *\n * @example Wrapping an existing error:\n * ```typescript\n * try {\n * await database.connect();\n * } catch (error) {\n * throw new InternalServerError('Database connection failed', {\n * originalError: error.message,\n * stackTrace: error.stack,\n * component: 'database',\n * retryable: true\n * });\n * }\n * ```\n */\nexport class InternalServerError extends BlaizeError<InternalServerErrorDetails> {\n /**\n * Creates a new InternalServerError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional debugging context\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: InternalServerErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.INTERNAL_SERVER_ERROR,\n title,\n 500, // HTTP 500 Internal Server Error\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","/**\n * ValidationError class for request validation failures\n *\n * This error is thrown when request validation fails (params, query, body, or response).\n * It provides structured information about which fields failed validation and why.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { ValidationErrorDetails } from '@blaize-types/errors';\n\n/**\n * Error thrown when request validation fails\n *\n * Automatically sets HTTP status to 400 and provides structured\n * validation error information for better client debugging.\n *\n * @example Basic usage:\n * ```typescript\n * throw new ValidationError('Email is required');\n * ```\n *\n * @example With detailed field information:\n * ```typescript\n * throw new ValidationError('Validation failed', {\n * fields: [\n * {\n * field: 'email',\n * messages: ['Email is required', 'Email must be valid'],\n * rejectedValue: '',\n * expectedType: 'string'\n * }\n * ],\n * errorCount: 1,\n * section: 'body'\n * });\n * ```\n */\nexport class ValidationError extends BlaizeError<ValidationErrorDetails> {\n /**\n * Creates a new ValidationError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional structured validation details\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: ValidationErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.VALIDATION_ERROR,\n title,\n 400, // HTTP 400 Bad Request\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","import { getCurrentCorrelationId } from './correlation';\nimport { BlaizeError, ErrorType } from '../../../blaize-types/src/errors';\n\nimport type { PayloadTooLargeErrorDetails } from '@blaize-types/errors';\n\nexport class PayloadTooLargeError extends BlaizeError<PayloadTooLargeErrorDetails> {\n constructor(\n title: string,\n details?: PayloadTooLargeErrorDetails | undefined,\n correlationId?: string\n ) {\n super(\n ErrorType.PAYLOAD_TOO_LARGE,\n title,\n 413,\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","import { getCurrentCorrelationId } from './correlation';\nimport { BlaizeError, ErrorType } from '../../../blaize-types/src/errors';\n\nexport class UnsupportedMediaTypeError extends BlaizeError {\n constructor(title: string, details?: unknown, correlationId?: string) {\n super(\n ErrorType.UNSUPPORTED_MEDIA_TYPE,\n title,\n 415,\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","/**\n * BlaizeJS Core\n *\n * A blazing-fast, type-safe Node.js framework with file-based routing,\n * powerful middleware, and end-to-end type safety.\n *\n * @package blaizejs\n */\n\nimport { compose } from './middleware/compose';\nimport { create as createMiddleware } from './middleware/create';\nimport { create as createPlugin } from './plugins/create';\nimport {\n createDeleteRoute,\n createGetRoute,\n createHeadRoute,\n createOptionsRoute,\n createPatchRoute,\n createPostRoute,\n createPutRoute,\n} from './router/create';\nimport { create as createServer } from './server/create';\n\n// TODO: ideally this could be import as an npm package, but for now we use a relative path\n// Explicit imports to avoid using values without importing\nexport * from '../../blaize-types/src/index';\n\n// Re-export everything\n// Server module exports\nexport { createServer };\n\n// Router module exports\nexport {\n createDeleteRoute,\n createGetRoute,\n createHeadRoute,\n createOptionsRoute,\n createPatchRoute,\n createPostRoute,\n createPutRoute,\n};\n\n// Middleware module exports\nexport { createMiddleware, compose };\n\n// Plugins module exports\nexport { createPlugin };\n\n// Version information\nexport const VERSION = '0.1.0';\n\n// Namespaced exports with different names to avoid conflicts\nexport const ServerAPI = { createServer };\nexport const RouterAPI = {\n createDeleteRoute,\n createGetRoute,\n createHeadRoute,\n createOptionsRoute,\n createPatchRoute,\n createPostRoute,\n createPutRoute,\n};\nexport const MiddlewareAPI = { createMiddleware, compose };\nexport const PluginsAPI = { createPlugin };\n\n// Server-side error classes\nexport { ValidationError } from './errors/validation-error';\nexport { NotFoundError } from './errors/not-found-error';\nexport { UnauthorizedError } from './errors/unauthorized-error';\nexport { ForbiddenError } from './errors/forbidden-error';\nexport { ConflictError } from './errors/conflict-error';\nexport { RateLimitError } from './errors/rate-limit-error';\nexport { InternalServerError } from './errors/internal-server-error';\nexport { PayloadTooLargeError } from './errors/payload-too-large-error';\nexport { RequestTimeoutError } from './errors/request-timeout-error';\nexport { UnsupportedMediaTypeError } from './errors/unsupported-media-type-error';\nexport { UnprocessableEntityError } from './errors/unprocessable-entity-error';\n\n// Default export\nconst Blaize = {\n // Core functions\n createServer,\n createMiddleware,\n createPlugin,\n\n // Namespaces (using the non-conflicting names)\n Server: ServerAPI,\n Router: RouterAPI,\n Middleware: MiddlewareAPI,\n Plugins: PluginsAPI,\n\n // Constants\n VERSION,\n};\n\nexport default Blaize;\nexport { Blaize };\n","import type { Context } from '@blaize-types/context';\nimport type { Middleware, NextFunction } from '@blaize-types/middleware';\n\n/**\n * Execute a single middleware, handling both function and object forms\n */\nexport function execute(\n middleware: Middleware | undefined,\n ctx: Context,\n next: NextFunction\n): Promise<void> {\n // Handle undefined middleware (safety check)\n if (!middleware) {\n return Promise.resolve(next());\n }\n\n // Handle middleware with skip function\n if (middleware.skip && middleware.skip(ctx)) {\n return Promise.resolve(next());\n }\n\n try {\n // Execute middleware\n const result = middleware.execute(ctx, next);\n\n // Handle both Promise and non-Promise returns\n if (result instanceof Promise) {\n // Return the promise directly to allow errors to propagate\n return result;\n } else {\n // Only wrap non-Promise returns\n return Promise.resolve(result);\n }\n } catch (error) {\n // Handle synchronous errors\n return Promise.reject(error);\n }\n}\n","import { execute } from './execute';\n\nimport type { Context } from '@blaize-types/context';\nimport type { Middleware, NextFunction, MiddlewareFunction } from '@blaize-types/middleware';\n\n/**\n * Compose multiple middleware functions into a single middleware function\n */\nexport function compose(middlewareStack: Middleware[]): MiddlewareFunction {\n // No middleware? Return a pass-through function\n if (middlewareStack.length === 0) {\n return async (_, next) => {\n await Promise.resolve(next());\n };\n }\n\n // Return a function that executes the middleware stack\n return async function (ctx: Context, finalHandler: NextFunction): Promise<void> {\n // Keep track of which \"next\" functions have been called\n const called = new Set<number>();\n\n // Create dispatch function to process middleware stack\n const dispatch = async (i: number): Promise<void> => {\n // If we've reached the end of the stack, execute the final handler\n if (i >= middlewareStack.length) {\n // Ensure we're returning a Promise regardless of what finalHandler returns\n return Promise.resolve(finalHandler());\n }\n\n // Get current middleware\n const middleware = middlewareStack[i];\n\n // Create a next function that can only be called once\n const nextDispatch = () => {\n if (called.has(i)) {\n throw new Error('next() called multiple times');\n }\n\n // Mark this middleware's next as called\n called.add(i);\n\n // Move to the next middleware\n return dispatch(i + 1);\n };\n\n // Use the executeMiddleware function we defined\n return execute(middleware, ctx, nextDispatch);\n };\n\n // Start middleware chain execution\n return dispatch(0);\n };\n}\n","import type { Middleware, MiddlewareOptions, MiddlewareFunction } from '@blaize-types/middleware';\n\n/**\n * Create a middleware\n */\nexport function create(handlerOrOptions: MiddlewareFunction | MiddlewareOptions): Middleware {\n // If handlerOrOptions is a function, convert it to our middleware object format\n if (typeof handlerOrOptions === 'function') {\n return {\n name: 'anonymous', // Default name for function middleware\n execute: handlerOrOptions,\n debug: false,\n };\n }\n\n // Otherwise, handle it as middleware options\n const { name = 'anonymous', handler, skip, debug = false } = handlerOrOptions;\n\n // Create base middleware object with required properties\n const middleware: Middleware = {\n name,\n execute: handler,\n debug,\n };\n\n if (skip !== undefined) {\n return {\n ...middleware,\n skip,\n };\n }\n\n return middleware;\n}\n","import type { Plugin, PluginFactory, PluginHooks } from '@blaize-types/plugins';\nimport type { Server } from '@blaize-types/server';\n\n/**\n * Create a plugin with the given name, version, and setup function\n */\nexport function create<T = any>(\n name: string,\n version: string,\n setup: (\n app: Server,\n options: T\n ) => void | Partial<PluginHooks> | Promise<void> | Promise<Partial<PluginHooks>>,\n defaultOptions: Partial<T> = {}\n): PluginFactory<T> {\n // Input validation\n if (!name || typeof name !== 'string') {\n throw new Error('Plugin name must be a non-empty string');\n }\n\n if (!version || typeof version !== 'string') {\n throw new Error('Plugin version must be a non-empty string');\n }\n\n if (typeof setup !== 'function') {\n throw new Error('Plugin setup must be a function');\n }\n\n // Return the factory function\n return function pluginFactory(userOptions?: Partial<T>) {\n // Merge default options with user options\n const mergedOptions = { ...defaultOptions, ...userOptions } as T;\n\n // Create the base plugin object\n const plugin: Plugin = {\n name,\n version,\n\n // The register hook calls the user's setup function\n register: async (app: Server) => {\n const result = await setup(app, mergedOptions);\n\n // If setup returns hooks, merge them into this plugin\n if (result && typeof result === 'object') {\n // Now we explicitly assign to our plugin object\n Object.assign(plugin, result);\n }\n },\n };\n\n return plugin;\n };\n}\n","import { fileURLToPath } from 'node:url';\n\nimport { getRoutesDir } from '../config';\nimport { parseRoutePath } from './discovery/parser';\n\nimport type {\n CreateGetRoute,\n CreatePostRoute,\n CreatePutRoute,\n CreateDeleteRoute,\n CreatePatchRoute,\n CreateHeadRoute,\n CreateOptionsRoute,\n} from '@blaize-types/router';\n\n/**\n * Get the file path of the function that called createXRoute\n */\nfunction getCallerFilePath(): string {\n const originalPrepareStackTrace = Error.prepareStackTrace;\n\n try {\n Error.prepareStackTrace = (_, stack) => stack;\n const stack = new Error().stack as unknown as NodeJS.CallSite[];\n\n // Stack: getCallerFilePath -> createXRoute -> route file\n const callerFrame = stack[3];\n if (!callerFrame || typeof callerFrame.getFileName !== 'function') {\n throw new Error('Unable to determine caller file frame');\n }\n const fileName = callerFrame.getFileName();\n\n if (!fileName) {\n throw new Error('Unable to determine caller file name');\n }\n\n if (fileName.startsWith('file://')) {\n return fileURLToPath(fileName);\n }\n\n return fileName;\n } finally {\n Error.prepareStackTrace = originalPrepareStackTrace;\n }\n}\n\n/**\n * Convert caller file path to route path using existing parsing logic\n */\nfunction getRoutePath(): string {\n const callerPath = getCallerFilePath();\n const routesDir = getRoutesDir();\n\n const parsedRoute = parseRoutePath(callerPath, routesDir);\n console.log(`🔎 Parsed route path: ${parsedRoute.routePath} from file: ${callerPath}`);\n\n return parsedRoute.routePath;\n}\n\n/**\n * Create a GET route\n * SIMPLER FIX: Just pass the config through, TypeScript will handle the types\n */\nexport const createGetRoute: CreateGetRoute = config => {\n validateMethodConfig('GET', config);\n\n const path = getRoutePath();\n\n return {\n GET: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create a POST route\n */\nexport const createPostRoute: CreatePostRoute = config => {\n validateMethodConfig('POST', config);\n\n const path = getRoutePath();\n\n return {\n POST: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create a PUT route\n */\nexport const createPutRoute: CreatePutRoute = config => {\n validateMethodConfig('PUT', config);\n\n const path = getRoutePath();\n\n return {\n PUT: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create a DELETE route\n */\nexport const createDeleteRoute: CreateDeleteRoute = config => {\n validateMethodConfig('DELETE', config);\n\n const path = getRoutePath();\n\n return {\n DELETE: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create a PATCH route\n */\nexport const createPatchRoute: CreatePatchRoute = config => {\n validateMethodConfig('PATCH', config);\n\n const path = getRoutePath();\n\n return {\n PATCH: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create a HEAD route (same signature as GET - no body)\n */\nexport const createHeadRoute: CreateHeadRoute = config => {\n validateMethodConfig('HEAD', config);\n\n const path = getRoutePath();\n\n return {\n HEAD: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create an OPTIONS route (same signature as GET - no body)\n */\nexport const createOptionsRoute: CreateOptionsRoute = config => {\n validateMethodConfig('OPTIONS', config);\n\n const path = getRoutePath();\n\n return {\n OPTIONS: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Validate a method configuration\n */\nfunction validateMethodConfig(method: string, config: any): void {\n if (!config.handler || typeof config.handler !== 'function') {\n throw new Error(`Handler for method ${method} must be a function`);\n }\n\n if (config.middleware && !Array.isArray(config.middleware)) {\n throw new Error(`Middleware for method ${method} must be an array`);\n }\n\n // Validate schema if provided\n if (config.schema) {\n validateSchema(method, config.schema);\n }\n\n // Method-specific warnings\n switch (method) {\n case 'GET':\n case 'HEAD':\n case 'DELETE':\n if (config.schema?.body) {\n console.warn(`Warning: ${method} requests typically don't have request bodies`);\n }\n break;\n }\n}\n\n/**\n * Validate schema structure\n */\nfunction validateSchema(method: string, schema: any): void {\n const { params, query, body, response } = schema;\n\n // Basic validation - ensure they look like Zod schemas if provided\n if (params && (!params._def || typeof params.parse !== 'function')) {\n throw new Error(`Params schema for ${method} must be a valid Zod schema`);\n }\n\n if (query && (!query._def || typeof query.parse !== 'function')) {\n throw new Error(`Query schema for ${method} must be a valid Zod schema`);\n }\n\n if (body && (!body._def || typeof body.parse !== 'function')) {\n throw new Error(`Body schema for ${method} must be a valid Zod schema`);\n }\n\n if (response && (!response._def || typeof response.parse !== 'function')) {\n throw new Error(`Response schema for ${method} must be a valid Zod schema`);\n }\n}\n","// config/runtime-config.ts\ninterface RuntimeConfig {\n routesDir?: string;\n basePath?: string;\n // Add other runtime configuration as needed\n}\n\n// Internal state - not exported\nlet config: RuntimeConfig = {};\n\n/**\n * Set runtime configuration\n */\nexport function setRuntimeConfig(newConfig: Partial<RuntimeConfig>): void {\n config = { ...config, ...newConfig };\n}\n\n/**\n * Get full runtime configuration\n */\nexport function getRuntimeConfig(): RuntimeConfig {\n return { ...config };\n}\n\n/**\n * Get the configured routes directory\n */\nexport function getRoutesDir(): string {\n if (!config.routesDir) {\n throw new Error('Routes directory not configured. Make sure server is properly initialized.');\n }\n return config.routesDir;\n}\n\n/**\n * Get the configured base path\n */\nexport function getBasePath(): string {\n return config.basePath || '';\n}\n\n/**\n * Clear configuration (useful for testing)\n */\nexport function clearRuntimeConfig(): void {\n config = {};\n}\n","import * as path from 'node:path';\n\nimport type { ParsedRoute } from '@blaize-types/router';\n\n/**\n * Parse a file path into a route path\n * Works consistently across Windows and Unix-like file systems\n */\nexport function parseRoutePath(filePath: string, basePath: string): ParsedRoute {\n // Clean file:// URLs if present\n if (filePath.startsWith('file://')) {\n filePath = filePath.replace('file://', '');\n }\n if (basePath.startsWith('file://')) {\n basePath = basePath.replace('file://', '');\n }\n\n // Convert all backslashes to forward slashes for consistent handling\n const forwardSlashFilePath = filePath.replace(/\\\\/g, '/');\n const forwardSlashBasePath = basePath.replace(/\\\\/g, '/');\n\n // Ensure the base path ends with a slash for proper prefix removal\n const normalizedBasePath = forwardSlashBasePath.endsWith('/')\n ? forwardSlashBasePath\n : `${forwardSlashBasePath}/`;\n\n // Remove the base path to get the relative path\n let relativePath = forwardSlashFilePath;\n if (forwardSlashFilePath.startsWith(normalizedBasePath)) {\n relativePath = forwardSlashFilePath.substring(normalizedBasePath.length);\n } else if (forwardSlashFilePath.startsWith(forwardSlashBasePath)) {\n relativePath = forwardSlashFilePath.substring(forwardSlashBasePath.length);\n // If base path didn't end with a slash but we still matched, ensure relative path doesn't start with a slash\n if (relativePath.startsWith('/')) {\n relativePath = relativePath.substring(1);\n }\n } else {\n // If base path isn't a prefix of file path, use path.relative as a fallback\n // But convert to forward slashes for consistency\n relativePath = path.relative(forwardSlashBasePath, forwardSlashFilePath).replace(/\\\\/g, '/');\n }\n\n // Remove file extension (anything after the last dot)\n relativePath = relativePath.replace(/\\.[^.]+$/, '');\n\n // Split the path into segments\n const segments = relativePath.split('/').filter(Boolean);\n const params: string[] = [];\n\n // Transform file path segments to route path segments\n const routeSegments = segments.map(segment => {\n // Handle dynamic parameters ([param])\n if (segment.startsWith('[') && segment.endsWith(']')) {\n const paramName = segment.slice(1, -1);\n params.push(paramName);\n return `:${paramName}`;\n }\n return segment;\n });\n\n // Create the final route path\n let routePath = routeSegments.length > 0 ? `/${routeSegments.join('/')}` : '/';\n\n // Handle index routes\n if (routePath.endsWith('/index')) {\n routePath = routePath.slice(0, -6) || '/';\n }\n\n return {\n filePath,\n routePath,\n params,\n };\n}\n","import { AsyncLocalStorage } from 'node:async_hooks';\nimport EventEmitter from 'node:events';\n\nimport { setRuntimeConfig } from '../config';\nimport { startServer } from './start';\nimport { registerSignalHandlers, stopServer } from './stop';\nimport { validateServerOptions } from './validation';\nimport { createPluginLifecycleManager } from '../plugins/lifecycle';\nimport { validatePlugin } from '../plugins/validation';\nimport { createRouter } from '../router/router';\n\nimport type { Context } from '@blaize-types/context';\nimport type { Middleware } from '@blaize-types/middleware';\nimport type { Plugin } from '@blaize-types/plugins';\nimport type { Server, ServerOptions, ServerOptionsInput, StopOptions } from '@blaize-types/server';\n\nexport const DEFAULT_OPTIONS: ServerOptions = {\n port: 3000,\n host: 'localhost',\n routesDir: './routes',\n http2: {\n enabled: true,\n },\n middleware: [],\n plugins: [],\n};\n\n/**\n * Creates the configuration options by merging defaults with user-provided options\n */\nfunction createServerOptions(options: ServerOptionsInput = {}): ServerOptions {\n const baseOptions: ServerOptions = { ...DEFAULT_OPTIONS };\n setRuntimeConfig({ routesDir: options.routesDir || baseOptions.routesDir });\n\n return {\n port: options.port ?? baseOptions.port,\n host: options.host ?? baseOptions.host,\n routesDir: options.routesDir ?? baseOptions.routesDir,\n http2: {\n enabled: options.http2?.enabled ?? baseOptions.http2?.enabled,\n keyFile: options.http2?.keyFile ?? baseOptions.http2?.keyFile,\n certFile: options.http2?.certFile ?? baseOptions.http2?.certFile,\n },\n middleware: [...(baseOptions.middleware || []), ...(options.middleware || [])],\n plugins: [...(baseOptions.plugins || []), ...(options.plugins || [])],\n };\n}\n\n/**\n * Creates the server listen method\n */\nfunction createListenMethod(\n serverInstance: Server,\n validatedOptions: ServerOptions,\n initialMiddleware: Middleware[],\n initialPlugins: Plugin[]\n): Server['listen'] {\n return async () => {\n // Initialize middleware and plugins\n await initializeComponents(serverInstance, initialMiddleware, initialPlugins);\n\n // Use the functional manager\n await serverInstance.pluginManager.initializePlugins(serverInstance);\n\n // Start the server\n await startServer(serverInstance, validatedOptions);\n\n await serverInstance.pluginManager.onServerStart(serverInstance, serverInstance.server);\n\n // Setup signal handlers and emit events\n setupServerLifecycle(serverInstance);\n\n return serverInstance;\n };\n}\n\n/**\n * Initializes middleware and plugins\n */\nasync function initializeComponents(\n serverInstance: Server,\n initialMiddleware: Middleware[],\n initialPlugins: Plugin[]\n): Promise<void> {\n // Initialize middleware from options\n for (const mw of initialMiddleware) {\n serverInstance.use(mw);\n }\n\n // Register plugins from options\n for (const p of initialPlugins) {\n await serverInstance.register(p);\n }\n}\n\n/**\n * Sets up server lifecycle (signal handlers, events)\n */\nfunction setupServerLifecycle(serverInstance: Server): void {\n // Register signal handlers for graceful shutdown\n const signalHandlers = registerSignalHandlers(() => serverInstance.close());\n\n // Store handlers to unregister when server closes\n serverInstance._signalHandlers = signalHandlers;\n\n // Emit started event\n serverInstance.events.emit('started');\n}\n\n/**\n * Creates the server close method\n */\nfunction createCloseMethod(serverInstance: Server): Server['close'] {\n return async (stopOptions?: StopOptions) => {\n if (!serverInstance.server) {\n return;\n }\n\n // Prepare options\n const options: StopOptions = { ...stopOptions };\n\n // Unregister signal handlers if they exist\n if (serverInstance._signalHandlers) {\n serverInstance._signalHandlers.unregister();\n delete serverInstance._signalHandlers;\n }\n\n // Call stopServer with the server instance\n await stopServer(serverInstance, options);\n };\n}\n\n/**\n * Creates the server use method for adding middleware\n */\nfunction createUseMethod(serverInstance: Server): Server['use'] {\n return middleware => {\n const middlewareArray = Array.isArray(middleware) ? middleware : [middleware];\n serverInstance.middleware.push(...middlewareArray);\n return serverInstance;\n };\n}\n\n/**\n * Creates the server register method for plugins\n */\nfunction createRegisterMethod(serverInstance: Server): Server['register'] {\n return async plugin => {\n validatePlugin(plugin);\n serverInstance.plugins.push(plugin);\n await plugin.register(serverInstance);\n return serverInstance;\n };\n}\n\n/**\n * Creates a BlaizeJS server instance\n */\nexport function create(options: ServerOptionsInput = {}): Server {\n // Create and validate options\n const mergedOptions = createServerOptions(options);\n\n let validatedOptions: ServerOptions;\n try {\n validatedOptions = validateServerOptions(mergedOptions);\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(`Failed to create server: ${error.message}`);\n }\n throw new Error(`Failed to create server: ${String(error)}`);\n }\n\n // Extract options and prepare initial components\n const { port, host, middleware, plugins } = validatedOptions;\n // TODO: create registries to manage middleware and plugins\n const initialMiddleware = Array.isArray(middleware) ? [...middleware] : [];\n const initialPlugins = Array.isArray(plugins) ? [...plugins] : [];\n\n // Initialize core server components\n const contextStorage = new AsyncLocalStorage<Context>();\n const router = createRouter({\n routesDir: validatedOptions.routesDir,\n watchMode: process.env.NODE_ENV === 'development',\n });\n // Create plugin lifecycle manager\n const pluginManager = createPluginLifecycleManager({\n debug: process.env.NODE_ENV === 'development',\n continueOnError: true,\n });\n const events = new EventEmitter();\n\n // Create server instance with minimal properties\n const serverInstance: Server = {\n server: null as any,\n port,\n host,\n context: contextStorage,\n events,\n plugins: [],\n middleware: [],\n _signalHandlers: { unregister: () => {} },\n use: () => serverInstance,\n register: async () => serverInstance,\n listen: async () => serverInstance,\n close: async () => {},\n router,\n pluginManager,\n };\n\n // Add methods to the server instance\n serverInstance.listen = createListenMethod(\n serverInstance,\n validatedOptions,\n initialMiddleware,\n initialPlugins\n );\n serverInstance.close = createCloseMethod(serverInstance);\n serverInstance.use = createUseMethod(serverInstance);\n serverInstance.register = createRegisterMethod(serverInstance);\n\n return serverInstance;\n}\n","import * as fs from 'node:fs';\nimport * as http from 'node:http';\nimport * as http2 from 'node:http2';\n\nimport { generateDevCertificates } from './dev-certificate';\nimport { createRequestHandler } from './request-handler';\n\nimport type { Server, Http2Options, ServerOptions } from '@blaize-types/server';\n\n// Extract certificate handling to a separate function\nasync function prepareCertificates(\n http2Options: Http2Options\n): Promise<{ keyFile?: string; certFile?: string }> {\n // Not using HTTP/2? No certificates needed\n if (!http2Options.enabled) {\n return {};\n }\n\n const { keyFile, certFile } = http2Options;\n\n // If certificates are missing and in development, generate them\n const isDevMode = process.env.NODE_ENV === 'development';\n const certificatesMissing = !keyFile || !certFile;\n\n if (certificatesMissing && isDevMode) {\n const devCerts = await generateDevCertificates();\n return devCerts;\n }\n\n // If certificates are still missing, throw error\n if (certificatesMissing) {\n throw new Error(\n 'HTTP/2 requires SSL certificates. Provide keyFile and certFile in http2 options. ' +\n 'In development, set NODE_ENV=development to generate them automatically.'\n );\n }\n\n return { keyFile, certFile };\n}\n\n// Create server based on protocol\nfunction createServerInstance(\n isHttp2: boolean,\n certOptions: { keyFile?: string; certFile?: string }\n): http.Server | http2.Http2SecureServer {\n if (!isHttp2) {\n return http.createServer();\n }\n\n // Create HTTP/2 server options\n const http2ServerOptions: http2.SecureServerOptions = {\n allowHTTP1: true, // Allow fallback to HTTP/1.1\n };\n\n // Read certificate files\n try {\n if (certOptions.keyFile) {\n http2ServerOptions.key = fs.readFileSync(certOptions.keyFile);\n }\n if (certOptions.certFile) {\n http2ServerOptions.cert = fs.readFileSync(certOptions.certFile);\n }\n } catch (err) {\n throw new Error(\n `Failed to read certificate files: ${err instanceof Error ? err.message : String(err)}`\n );\n }\n\n return http2.createSecureServer(http2ServerOptions);\n}\n\n// Start listening on the specified port and host\nfunction listenOnPort(\n server: http.Server | http2.Http2SecureServer,\n port: number,\n host: string,\n isHttp2: boolean\n): Promise<void> {\n return new Promise((resolve, reject) => {\n server.listen(port, host, () => {\n const protocol = isHttp2 ? 'https' : 'http';\n const url = `${protocol}://${host}:${port}`;\n console.log(`\n🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥\n\n ⚡ BlaizeJS DEVELOPMENT SERVER HOT AND READY ⚡\n \n 🚀 Server: ${url}\n 🔥 Hot Reload: Enabled\n 🛠️ Mode: Development\n \n Time to build something amazing! 🚀\n\n🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥\n`);\n resolve();\n });\n\n server.on('error', err => {\n console.error('Server error:', err);\n reject(err);\n });\n });\n}\n\nasync function initializePlugins(serverInstance: Server): Promise<void> {\n for (const plugin of serverInstance.plugins) {\n if (typeof plugin.initialize === 'function') {\n await plugin.initialize(serverInstance);\n }\n }\n}\n\n// Main server start function - now with much lower complexity\nexport async function startServer(\n serverInstance: Server,\n serverOptions: ServerOptions\n): Promise<void> {\n // Server already running? Do nothing.\n if (serverInstance.server) {\n return;\n }\n\n try {\n // Get effective port and host\n const port = serverOptions.port;\n const host = serverOptions.host;\n\n // Initialize all registered plugins\n await initializePlugins(serverInstance);\n\n // Determine if using HTTP/2\n const http2Options = serverOptions.http2 || { enabled: true };\n const isHttp2 = !!http2Options.enabled;\n\n // Prepare certificates if needed\n const certOptions = await prepareCertificates(http2Options);\n\n // Update the server options if we generated certificates\n if (serverOptions.http2 && certOptions.keyFile && certOptions.certFile) {\n serverOptions.http2.keyFile = certOptions.keyFile;\n serverOptions.http2.certFile = certOptions.certFile;\n }\n\n // Create the server instance\n const server = createServerInstance(isHttp2, certOptions);\n\n // Store the server in the instance\n serverInstance.server = server;\n\n // Update server instance properties\n serverInstance.port = port;\n serverInstance.host = host;\n\n // Configure request handling\n const requestHandler = createRequestHandler(serverInstance);\n server.on('request', requestHandler);\n\n // Start listening\n await listenOnPort(server, port, host, isHttp2);\n } catch (error) {\n console.error('Failed to start server:', error);\n throw error;\n }\n}\n","import * as fs from 'node:fs';\nimport * as path from 'node:path';\n\nimport * as selfsigned from 'selfsigned';\n\nexport interface DevCertificates {\n keyFile: string;\n certFile: string;\n}\n\nexport async function generateDevCertificates(): Promise<DevCertificates> {\n const certDir = path.join(process.cwd(), '.blaizejs', 'certs');\n const keyPath = path.join(certDir, 'dev.key');\n const certPath = path.join(certDir, 'dev.cert');\n \n // Check if certificates already exist\n if (fs.existsSync(keyPath) && fs.existsSync(certPath)) {\n return {\n keyFile: keyPath,\n certFile: certPath\n };\n }\n \n // Create directory if it doesn't exist\n if (!fs.existsSync(certDir)) {\n fs.mkdirSync(certDir, { recursive: true });\n }\n \n // Generate self-signed certificate\n const attrs = [{ name: 'commonName', value: 'localhost' }];\n const options = {\n days: 365,\n algorithm: 'sha256',\n keySize: 2048,\n extensions: [\n { name: 'basicConstraints', cA: true },\n {\n name: 'keyUsage',\n keyCertSign: true,\n digitalSignature: true,\n nonRepudiation: true,\n keyEncipherment: true,\n dataEncipherment: true\n },\n {\n name: 'extKeyUsage',\n serverAuth: true,\n clientAuth: true\n },\n {\n name: 'subjectAltName',\n altNames: [\n { type: 2, value: 'localhost' },\n { type: 7, ip: '127.0.0.1' }\n ]\n }\n ]\n };\n \n // Generate the certificates\n const pems = selfsigned.generate(attrs, options);\n \n // Write the key and certificate to files\n fs.writeFileSync(keyPath, Buffer.from(pems.private, 'utf-8'));\n fs.writeFileSync(certPath, Buffer.from(pems.cert, 'utf-8'));\n \n console.log(`\\n🔒 Generated self-signed certificates for development at ${certDir}\\n`);\n \n return {\n keyFile: keyPath,\n certFile: certPath\n };\n}","export class ResponseSentError extends Error {\n constructor(message: string = '❌ Response has already been sent') {\n super(message);\n this.name = 'ResponseSentError';\n }\n}\n\nexport class ResponseSentHeaderError extends ResponseSentError {\n constructor(message: string = 'Cannot set header after response has been sent') {\n super(message);\n }\n}\n\nexport class ResponseSentContentError extends ResponseSentError {\n constructor(message: string = 'Cannot set content type after response has been sent') {\n super(message);\n }\n}\n\nexport class ParseUrlError extends ResponseSentError {\n constructor(message: string = 'Invalide URL') {\n super(message);\n }\n}\n","import { AsyncLocalStorage } from 'node:async_hooks';\n\nimport type { Context, QueryParams, State, UnknownFunction } from '@blaize-types/context';\n\n/**\n * AsyncLocalStorage instance for storing request context\n */\nexport const contextStorage = new AsyncLocalStorage<Context>();\n\n/**\n * Returns the current context from AsyncLocalStorage\n */\nexport function getContext<S extends State = State, TBody = unknown, TQuery = QueryParams>():\n | Context<S, TBody, TQuery>\n | undefined {\n return contextStorage.getStore() as Context<S, TBody, TQuery> | undefined;\n}\n\n/**\n * Wraps a callback function with a context\n */\nexport function runWithContext<T>(\n context: Context,\n callback: () => T | Promise<T>\n): T | Promise<T> {\n return contextStorage.run(context, callback);\n}\n\n/**\n * Middleware function that ensures a context is available in AsyncLocalStorage\n */\nexport async function contextMiddleware(\n context: Context,\n next: () => Promise<void>\n): Promise<void> {\n return runWithContext(context, next);\n}\n\n/**\n * Utility to check if code is running within a context\n */\nexport function hasContext(): boolean {\n return contextStorage.getStore() !== undefined;\n}\n\n/**\n * Creates a function that will run with the current context\n *\n * @param fn The function to bind to the current context\n * @returns A function that will execute with the bound context\n */\nexport function bindContext<TFunction extends UnknownFunction>(fn: TFunction): TFunction {\n const context = getContext();\n if (!context) {\n return fn;\n }\n\n // Using function instead of arrow function to preserve 'this'\n return function (this: unknown, ...args: Parameters<TFunction>): ReturnType<TFunction> {\n return runWithContext(context, () => fn.apply(this, args)) as ReturnType<TFunction>;\n } as TFunction;\n}\n","import { randomUUID } from 'node:crypto';\nimport { createWriteStream, type WriteStream } from 'node:fs';\nimport { tmpdir } from 'node:os';\nimport { join } from 'node:path';\nimport { Readable } from 'node:stream';\n\nimport { extractBoundary, parseContentDisposition, parseContentType } from './utils';\n\nimport type { UnifiedRequest } from '@blaize-types/context';\nimport type { UploadedFile, MultipartData, ParseOptions, ParserState } from '@blaize-types/upload';\n\n// Default options with sensible defaults\nconst DEFAULT_OPTIONS: Required<ParseOptions> = {\n maxFileSize: 10 * 1024 * 1024, // 10MB\n maxFiles: 10,\n maxFieldSize: 1 * 1024 * 1024, // 1MB\n allowedMimeTypes: [],\n allowedExtensions: [],\n strategy: 'stream',\n tempDir: tmpdir(),\n computeHash: false,\n};\n\n/**\n * Create initial parser state\n */\nfunction createParserState(boundary: string, options: Partial<ParseOptions> = {}): ParserState {\n return {\n boundary: Buffer.from(`--${boundary}`),\n options: { ...DEFAULT_OPTIONS, ...options },\n fields: new Map(),\n files: new Map(),\n buffer: Buffer.alloc(0),\n stage: 'boundary',\n currentHeaders: '',\n currentField: null,\n currentFilename: undefined,\n currentMimetype: 'application/octet-stream',\n currentContentLength: 0,\n fileCount: 0,\n fieldCount: 0,\n currentBufferChunks: [],\n currentStream: null,\n currentTempPath: null,\n currentWriteStream: null,\n streamController: null,\n cleanupTasks: [],\n // Track validation state\n hasFoundValidBoundary: false,\n hasProcessedAnyPart: false,\n isFinished: false,\n };\n}\n\n/**\n * Process a chunk of data through the parser state machine\n */\nasync function processChunk(state: ParserState, chunk: Buffer): Promise<ParserState> {\n const newBuffer = Buffer.concat([state.buffer, chunk]);\n let currentState = { ...state, buffer: newBuffer };\n\n // Process buffer until no more progress can be made\n while (currentState.buffer.length > 0 && !currentState.isFinished) {\n const nextState = await processCurrentStage(currentState);\n if (nextState === currentState) break; // No progress made, need more data\n currentState = nextState;\n }\n\n return currentState;\n}\n\n/**\n * Process current stage of parsing\n */\nasync function processCurrentStage(state: ParserState): Promise<ParserState> {\n switch (state.stage) {\n case 'boundary':\n return processBoundary(state);\n case 'headers':\n return processHeaders(state);\n case 'content':\n return processContent(state);\n default: {\n const { InternalServerError } = await import('../errors/internal-server-error');\n throw new InternalServerError(`Invalid parser stage`, {\n operation: state.stage,\n });\n }\n }\n}\n\n/**\n * Process boundary detection\n */\nfunction processBoundary(state: ParserState): ParserState {\n const boundaryIndex = state.buffer.indexOf(state.boundary);\n if (boundaryIndex === -1) return state;\n\n // Mark that we found at least one boundary\n const hasFoundValidBoundary = true;\n\n // Consume boundary and check for end\n let buffer = state.buffer.subarray(boundaryIndex + state.boundary.length);\n\n // Check for end boundary (-- after boundary)\n if (buffer.length >= 2 && buffer.subarray(0, 2).equals(Buffer.from('--'))) {\n return {\n ...state,\n buffer,\n hasFoundValidBoundary,\n isFinished: true,\n stage: 'boundary',\n };\n }\n\n // Skip CRLF after boundary\n if (buffer.length >= 2 && buffer.subarray(0, 2).equals(Buffer.from('\\r\\n'))) {\n buffer = buffer.subarray(2);\n }\n\n return {\n ...state,\n buffer,\n hasFoundValidBoundary,\n stage: 'headers',\n currentHeaders: '',\n };\n}\n\n/**\n * Process headers section\n */\nasync function processHeaders(state: ParserState): Promise<ParserState> {\n const headerEnd = state.buffer.indexOf('\\r\\n\\r\\n');\n if (headerEnd === -1) return state;\n\n const headers = state.buffer.subarray(0, headerEnd).toString('utf8');\n const buffer = state.buffer.subarray(headerEnd + 4);\n\n const disposition = parseContentDisposition(headers);\n if (!disposition) {\n // ✅ HTTP 400 - Bad Request for malformed headers\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError('Missing or invalid Content-Disposition header');\n }\n\n const mimetype = parseContentType(headers);\n const isFile = disposition.filename !== undefined;\n\n // Validation\n if (isFile && state.fileCount >= state.options.maxFiles) {\n const { PayloadTooLargeError } = await import('../errors/payload-too-large-error');\n throw new PayloadTooLargeError('Too many files in upload', {\n fileCount: state.fileCount + 1,\n maxFiles: state.options.maxFiles,\n filename: disposition.filename,\n });\n }\n\n if (\n isFile &&\n state.options.allowedMimeTypes.length > 0 &&\n !state.options.allowedMimeTypes.includes(mimetype)\n ) {\n const { UnsupportedMediaTypeError } = await import('../errors/unsupported-media-type-error');\n throw new UnsupportedMediaTypeError('File type not allowed', {\n receivedMimeType: mimetype,\n allowedMimeTypes: state.options.allowedMimeTypes,\n filename: disposition.filename,\n });\n }\n\n return {\n ...state,\n buffer,\n stage: 'content',\n currentHeaders: headers,\n currentField: disposition.name,\n currentFilename: disposition.filename,\n currentMimetype: mimetype,\n currentContentLength: 0,\n fileCount: isFile ? state.fileCount + 1 : state.fileCount,\n fieldCount: isFile ? state.fieldCount : state.fieldCount + 1,\n currentBufferChunks: [],\n };\n}\n\n/**\n * Process content section\n */\nasync function processContent(state: ParserState): Promise<ParserState> {\n const nextBoundaryIndex = state.buffer.indexOf(state.boundary);\n\n let contentChunk: Buffer;\n let isComplete = false;\n let buffer = state.buffer;\n\n if (nextBoundaryIndex === -1) {\n // No boundary found, process safely\n const safeLength = Math.max(0, state.buffer.length - state.boundary.length);\n if (safeLength === 0) return state; // Need more data\n\n contentChunk = state.buffer.subarray(0, safeLength);\n buffer = state.buffer.subarray(safeLength);\n } else {\n // Found boundary, process content before it (minus CRLF)\n const contentEnd = Math.max(0, nextBoundaryIndex - 2);\n contentChunk = state.buffer.subarray(0, contentEnd);\n buffer = state.buffer.subarray(nextBoundaryIndex);\n isComplete = true;\n }\n\n let updatedState = { ...state, buffer };\n\n if (contentChunk.length > 0) {\n updatedState = await processContentChunk(updatedState, contentChunk);\n }\n\n if (isComplete) {\n updatedState = await finalizeCurrentPart(updatedState);\n updatedState = {\n ...updatedState,\n stage: 'boundary' as const,\n hasProcessedAnyPart: true, // Mark that we've processed at least one part\n };\n }\n\n return updatedState;\n}\n\n/**\n * Process a chunk of content data\n */\nasync function processContentChunk(state: ParserState, chunk: Buffer): Promise<ParserState> {\n const newContentLength = state.currentContentLength + chunk.length;\n\n // Size validation\n const maxSize =\n state.currentFilename !== undefined ? state.options.maxFileSize : state.options.maxFieldSize;\n\n if (newContentLength > maxSize) {\n const isFile = state.currentFilename !== undefined;\n const { PayloadTooLargeError } = await import('../errors/payload-too-large-error');\n const payloadErrorDetals = state.currentField\n ? {\n contentType: isFile ? 'file' : 'field',\n currentSize: newContentLength,\n maxSize,\n field: state.currentField,\n filename: state.currentFilename,\n }\n : {\n contentType: isFile ? 'file' : 'field',\n currentSize: newContentLength,\n maxSize,\n filename: state.currentFilename,\n };\n throw new PayloadTooLargeError(\n `${isFile ? 'File' : 'Field'} size exceeds limit`,\n payloadErrorDetals\n );\n }\n\n if (state.currentFilename !== undefined) {\n return processFileChunk(state, chunk, newContentLength);\n } else {\n return {\n ...state,\n currentContentLength: newContentLength,\n currentBufferChunks: [...state.currentBufferChunks, chunk],\n };\n }\n}\n\n/**\n * Process file chunk based on strategy\n */\nasync function processFileChunk(\n state: ParserState,\n chunk: Buffer,\n newContentLength: number\n): Promise<ParserState> {\n switch (state.options.strategy) {\n case 'memory':\n return {\n ...state,\n currentContentLength: newContentLength,\n currentBufferChunks: [...state.currentBufferChunks, chunk],\n };\n\n case 'stream':\n if (state.streamController) {\n state.streamController.enqueue(chunk);\n }\n return { ...state, currentContentLength: newContentLength };\n\n case 'temp':\n if (state.currentWriteStream) {\n await writeToStream(state.currentWriteStream, chunk);\n }\n return { ...state, currentContentLength: newContentLength };\n\n default: {\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError(`Invalid parsing strategy`);\n // TODO: create new error type to support \"strategy\" + \"supportedStrategies\"\n // throw new ValidationError(`Invalid parsing strategy`, {\n // strategy: state.options.strategy,\n // supportedStrategies: ['memory', 'stream', 'temp'],\n // });\n }\n }\n}\n\n/**\n * Initialize file processing for current part\n */\nasync function initializeFileProcessing(state: ParserState): Promise<ParserState> {\n if (state.currentFilename === undefined) return state;\n\n switch (state.options.strategy) {\n case 'memory':\n return { ...state, currentBufferChunks: [] };\n\n case 'stream': {\n let streamController: ReadableStreamDefaultController<Uint8Array> | null = null;\n const stream = new ReadableStream<Uint8Array>({\n start: controller => {\n streamController = controller;\n },\n });\n\n return {\n ...state,\n currentStream: stream as any, // Type cast for Node.js compatibility\n streamController,\n };\n }\n\n case 'temp': {\n const tempPath = join(state.options.tempDir, `upload-${randomUUID()}`);\n const writeStream = createWriteStream(tempPath);\n const cleanupTask = async () => {\n try {\n const { unlink } = await import('node:fs/promises');\n await unlink(tempPath);\n } catch (error) {\n console.warn(`Failed to cleanup temp file: ${tempPath}`, error);\n }\n };\n\n return {\n ...state,\n currentTempPath: tempPath,\n currentWriteStream: writeStream,\n cleanupTasks: [...state.cleanupTasks, cleanupTask],\n };\n }\n\n default: {\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError(`Invalid file processing strategy`);\n // throw new ValidationError(`Invalid file processing strategy`, {\n // strategy: state.options.strategy,\n // });\n }\n }\n}\n\n/**\n * Finalize current part and add to collections\n */\nasync function finalizeCurrentPart(state: ParserState): Promise<ParserState> {\n if (!state.currentField) return resetCurrentPart(state);\n\n if (state.currentFilename !== undefined) {\n return finalizeFile(state);\n } else {\n return finalizeField(state);\n }\n}\n\n/**\n * Finalize file processing\n */\nasync function finalizeFile(state: ParserState): Promise<ParserState> {\n if (!state.currentField || state.currentFilename === undefined) {\n return resetCurrentPart(state);\n }\n\n let stream: Readable;\n let buffer: Buffer | undefined;\n let tempPath: string | undefined;\n\n switch (state.options.strategy) {\n case 'memory':\n buffer = Buffer.concat(state.currentBufferChunks);\n stream = Readable.from(buffer);\n break;\n\n case 'stream':\n if (state.streamController) {\n state.streamController.close();\n }\n stream = state.currentStream!;\n break;\n\n case 'temp':\n if (state.currentWriteStream) {\n await closeStream(state.currentWriteStream);\n }\n tempPath = state.currentTempPath!;\n stream = Readable.from(Buffer.alloc(0)); // Placeholder\n break;\n\n default: {\n // ✅ HTTP 400 - Bad Request for invalid strategy\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError(`Invalid file finalization strategy`);\n // throw new ValidationError(`Invalid file finalization strategy`, {\n // strategy: state.options.strategy,\n // });\n }\n }\n\n const file: UploadedFile = {\n filename: state.currentFilename,\n fieldname: state.currentField,\n mimetype: state.currentMimetype,\n size: state.currentContentLength,\n stream,\n buffer,\n tempPath,\n };\n\n const updatedFiles = addToCollection(state.files, state.currentField, file);\n\n return {\n ...resetCurrentPart(state),\n files: updatedFiles,\n };\n}\n\n/**\n * Finalize field processing\n */\nfunction finalizeField(state: ParserState): ParserState {\n if (!state.currentField) return resetCurrentPart(state);\n\n const value = Buffer.concat(state.currentBufferChunks).toString('utf8');\n const updatedFields = addToCollection(state.fields, state.currentField, value);\n\n return {\n ...resetCurrentPart(state),\n fields: updatedFields,\n };\n}\n\n/**\n * Reset current part state\n */\nfunction resetCurrentPart(state: ParserState): ParserState {\n return {\n ...state,\n currentField: null,\n currentFilename: undefined,\n currentContentLength: 0,\n currentBufferChunks: [],\n currentStream: null,\n streamController: null,\n currentTempPath: null,\n currentWriteStream: null,\n };\n}\n\n/**\n * Add item to collection immutably\n */\nfunction addToCollection<T>(collection: Map<string, T[]>, key: string, value: T): Map<string, T[]> {\n const newCollection = new Map(collection);\n const existing = newCollection.get(key) || [];\n newCollection.set(key, [...existing, value]);\n return newCollection;\n}\n\n/**\n * Finalize parsing and return results\n */\nasync function finalize(state: ParserState): Promise<MultipartData> {\n // Validate that we found valid multipart data\n if (!state.hasFoundValidBoundary) {\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError('No valid multipart boundary found');\n // throw new ValidationError('No valid multipart boundary found', {\n // errorType: 'invalid_multipart',\n // reason: 'Missing or malformed boundary markers',\n // });`\n }\n\n // If we found boundaries but didn't process any parts, it's empty/invalid\n if (state.hasFoundValidBoundary && !state.hasProcessedAnyPart) {\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError('Empty multipart request');\n // throw new ValidationError('Empty multipart request', {\n // errorType: 'empty_multipart',\n // reason: 'Valid boundaries found but no data parts processed',\n // });\n }\n\n const fields: Record<string, string | string[]> = {};\n for (const [key, values] of state.fields.entries()) {\n fields[key] = values.length === 1 ? values[0]! : values;\n }\n\n const files: Record<string, UploadedFile | UploadedFile[]> = {};\n for (const [key, fileList] of state.files.entries()) {\n files[key] = fileList.length === 1 ? fileList[0]! : fileList;\n }\n\n return { fields, files };\n}\n\n/**\n * Cleanup resources\n */\nasync function cleanup(state: ParserState): Promise<void> {\n // Execute all cleanup tasks\n await Promise.allSettled(state.cleanupTasks.map(task => task()));\n\n // Close any open streams\n if (state.streamController) {\n state.streamController.close();\n }\n\n if (state.currentWriteStream) {\n await closeStream(state.currentWriteStream);\n }\n}\n\n// Helper functions\nasync function writeToStream(stream: WriteStream, chunk: Buffer): Promise<void> {\n return new Promise((resolve, reject) => {\n stream.write(chunk, error => {\n if (error) reject(error);\n else resolve();\n });\n });\n}\n\nasync function closeStream(stream: WriteStream): Promise<void> {\n return new Promise(resolve => {\n stream.end(() => resolve());\n });\n}\n\n/**\n * Main parsing function (functional interface)\n */\nexport async function parseMultipartRequest(\n request: UnifiedRequest,\n options: Partial<ParseOptions> = {}\n): Promise<MultipartData> {\n const contentType = (request.headers['content-type'] as string) || '';\n const boundary = extractBoundary(contentType);\n\n if (!boundary) {\n const { UnsupportedMediaTypeError } = await import('../errors/unsupported-media-type-error');\n throw new UnsupportedMediaTypeError('Missing boundary in multipart content-type', {\n receivedContentType: contentType,\n expectedFormat: 'multipart/form-data; boundary=...',\n });\n }\n\n let state = createParserState(boundary, options);\n\n // Initialize file processing if needed\n if (state.currentFilename !== undefined) {\n state = await initializeFileProcessing(state);\n }\n\n try {\n // Process request stream\n for await (const chunk of request) {\n state = await processChunk(state, chunk as Buffer);\n }\n\n return finalize(state);\n } finally {\n await cleanup(state);\n }\n}\n","// Hoisted regex patterns\nconst BOUNDARY_REGEX = /boundary=([^;]+)/i;\nconst CONTENT_DISPOSITION_REGEX =\n /Content-Disposition:\\s*form-data;\\s*name=\"([^\"]+)\"(?:;[\\s\\r\\n]*filename=\"([^\"]*)\")?/i;\nconst CONTENT_TYPE_REGEX = /Content-Type:\\s*([^\\r\\n]+)/i;\nconst MULTIPART_REGEX = /multipart\\/form-data/i;\n\n/**\n * Extract boundary from Content-Type header\n */\nexport function extractBoundary(contentType: string): string | null {\n const match = contentType.match(BOUNDARY_REGEX);\n if (!match || !match[1]) return null;\n\n let boundary = match[1].trim();\n if (boundary.startsWith('\"') && boundary.endsWith('\"')) {\n boundary = boundary.slice(1, -1);\n }\n\n return boundary || null;\n}\n\n/**\n * Parse Content-Disposition header\n */\nexport function parseContentDisposition(\n headers: string\n): { name: string; filename?: string } | null {\n const match = headers.match(CONTENT_DISPOSITION_REGEX);\n if (!match || !match[1]) return null;\n\n return {\n name: match[1],\n filename: match[2] !== undefined ? match[2] : undefined,\n };\n}\n\n/**\n * Parse Content-Type header\n */\nexport function parseContentType(headers: string): string {\n const match = headers.match(CONTENT_TYPE_REGEX);\n return match && match[1]?.trim() ? match[1].trim() : 'application/octet-stream';\n}\n\n/**\n * Check if content type is multipart\n */\nexport function isMultipartContent(contentType: string): boolean {\n return MULTIPART_REGEX.test(contentType);\n}\n","import {\n ParseUrlError,\n ResponseSentContentError,\n ResponseSentError,\n ResponseSentHeaderError,\n} from './errors';\nimport { hasContext, getContext } from './store';\nimport { parseMultipartRequest } from '../upload/multipart-parser';\nimport { isMultipartContent } from '../upload/utils';\n\nimport type {\n Context,\n ContextOptions,\n MultipartLimits,\n QueryParams,\n RequestParams,\n State,\n StreamOptions,\n UnifiedRequest,\n UnifiedResponse,\n} from '@blaize-types/context';\nimport type { BodyParseError } from '@blaize-types/errors';\n\nconst CONTENT_TYPE_HEADER = 'Content-Type';\n\nconst DEFAULT_BODY_LIMITS = {\n json: 512 * 1024, // 512KB - Most APIs should be much smaller\n form: 1024 * 1024, // 1MB - Reasonable for form submissions\n text: 5 * 1024 * 1024, // 5MB - Documents, logs, code files\n multipart: {\n maxFileSize: 50 * 1024 * 1024, // 50MB per file\n maxTotalSize: 100 * 1024 * 1024, // 100MB total request\n maxFiles: 10,\n maxFieldSize: 1024 * 1024, // 1MB for form fields\n },\n raw: 10 * 1024 * 1024, // 10MB for unknown content types\n};\n\n/**\n * Parse URL and extract path and query parameters using modern URL API\n */\nfunction parseRequestUrl(req: UnifiedRequest): {\n path: string;\n url: URL | null;\n query: QueryParams;\n} {\n const originalUrl = (req as any).url || '/';\n\n // Construct full URL for parsing\n const host = req.headers.host || 'localhost';\n const protocol = req.socket && (req.socket as any).encrypted ? 'https' : 'http';\n const fullUrl = `${protocol}://${host}${originalUrl.startsWith('/') ? '' : '/'}${originalUrl}`;\n try {\n const url = new URL(fullUrl);\n\n // Extract path\n const path = url.pathname;\n\n // Parse query parameters using URLSearchParams\n const query: QueryParams = {};\n url.searchParams.forEach((value, key) => {\n // Handle array parameters (key=value1&key=value2)\n if (query[key] !== undefined) {\n if (Array.isArray(query[key])) {\n (query[key] as string[]).push(value);\n } else {\n query[key] = [query[key] as string, value];\n }\n } else {\n query[key] = value;\n }\n });\n\n return { path, url, query };\n } catch (error) {\n // Fallback for invalid URLs\n console.warn(`Invalid URL: ${fullUrl}`, error);\n throw new ParseUrlError(`Invalid URL: ${fullUrl}`);\n }\n}\n\n/**\n * Determine if the request is using HTTP/2\n */\nfunction isHttp2Request(req: UnifiedRequest): boolean {\n // Check for HTTP/2 specific properties\n return 'stream' in req || ('httpVersionMajor' in req && (req as any).httpVersionMajor === 2);\n}\n\n/**\n * Get the HTTP protocol (http or https)\n */\nfunction getProtocol(req: UnifiedRequest): string {\n // Check for encrypted socket\n const encrypted = req.socket && (req.socket as any).encrypted;\n // Check for X-Forwarded-Proto header (common in proxy environments)\n const forwardedProto = req.headers['x-forwarded-proto'];\n\n if (forwardedProto) {\n if (Array.isArray(forwardedProto)) {\n // Handle array of header values (uncommon but possible)\n return forwardedProto[0]?.split(',')[0]?.trim() || 'http';\n } else {\n // Handle string header value (typical case)\n return forwardedProto.split(',')[0]?.trim() || 'http';\n }\n }\n\n // Default protocol based on socket encryption\n return encrypted ? 'https' : 'http';\n}\n\n/**\n * Create a new context object for a request/response cycle\n */\nexport async function createContext<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n res: UnifiedResponse,\n options: ContextOptions = {}\n): Promise<Context<State, TBody, TQuery>> {\n // Extract basic request information\n const { path, url, query } = parseRequestUrl(req);\n const method = req.method || 'GET';\n const isHttp2 = isHttp2Request(req);\n const protocol = getProtocol(req);\n\n // Initialize state\n const params: RequestParams = {};\n const state = { ...(options.initialState || {}) };\n\n // Track response status\n const responseState = { sent: false };\n\n // Create the context object with its components\n const ctx: Context<State, TBody, TQuery> = {\n request: createRequestObject<TBody, TQuery>(req, {\n path,\n url,\n query: query as TQuery,\n params,\n method,\n isHttp2,\n protocol,\n }),\n response: {} as Context<State, TBody, TQuery>['response'],\n state,\n };\n\n ctx.response = createResponseObject(res, responseState, ctx);\n\n // Parse body if requested\n if (options.parseBody) {\n await parseBodyIfNeeded(req, ctx, options);\n }\n\n return ctx;\n}\n\n/**\n * Create the request object portion of the context\n */\nfunction createRequestObject<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n info: {\n path: string;\n url: URL | null;\n query: TQuery;\n params: RequestParams;\n method: string;\n isHttp2: boolean;\n protocol: string;\n }\n): Context<State, TBody, TQuery>['request'] {\n return {\n raw: req,\n ...info,\n header: createRequestHeaderGetter(req),\n headers: createRequestHeadersGetter(req),\n body: undefined as unknown as TBody,\n };\n}\n\n/**\n * Create a function to get a single request header\n */\nfunction createRequestHeaderGetter(req: UnifiedRequest) {\n return (name: string): string | undefined => {\n const value = req.headers[name.toLowerCase()];\n if (Array.isArray(value)) {\n return value.join(', ');\n }\n return value || undefined;\n };\n}\n\n/**\n * Create a function to get multiple request headers\n */\nfunction createRequestHeadersGetter(req: UnifiedRequest) {\n const headerGetter = createRequestHeaderGetter(req);\n\n return (names?: string[]): Record<string, string | undefined> => {\n if (names && Array.isArray(names) && names.length > 0) {\n return names.reduce<Record<string, string | undefined>>((acc, name) => {\n acc[name] = headerGetter(name);\n return acc;\n }, {});\n } else {\n return Object.entries(req.headers).reduce<Record<string, string | undefined>>(\n (acc, [key, value]) => {\n acc[key] = Array.isArray(value) ? value.join(', ') : value || undefined;\n return acc;\n },\n {}\n );\n }\n };\n}\n\n/**\n * Create the response object portion of the context\n */\nfunction createResponseObject<S extends State = State, TBody = unknown, TQuery = QueryParams>(\n res: UnifiedResponse,\n responseState: { sent: boolean },\n ctx: Context<S, TBody, TQuery>\n): Context<S, TBody, TQuery>['response'] {\n return {\n raw: res,\n\n get sent() {\n return responseState.sent;\n },\n\n status: createStatusSetter(res, responseState, ctx),\n header: createHeaderSetter(res, responseState, ctx),\n headers: createHeadersSetter(res, responseState, ctx),\n type: createContentTypeSetter(res, responseState, ctx),\n\n json: createJsonResponder(res, responseState),\n text: createTextResponder(res, responseState),\n html: createHtmlResponder(res, responseState),\n redirect: createRedirectResponder(res, responseState),\n stream: createStreamResponder(res, responseState),\n };\n}\n\n/**\n * Create a function to set response status\n */\nfunction createStatusSetter<S extends State = State, TBody = unknown, TQuery = QueryParams>(\n res: UnifiedResponse,\n responseState: { sent: boolean },\n ctx: Context<S, TBody, TQuery>\n) {\n return function statusSetter(code: number): Context['response'] {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n res.statusCode = code;\n return ctx.response;\n };\n}\n\n/**\n * Create a function to set a response header\n */\nfunction createHeaderSetter<S extends State = State, TBody = unknown, TQuery = QueryParams>(\n res: UnifiedResponse,\n responseState: { sent: boolean },\n ctx: Context<S, TBody, TQuery>\n) {\n return function headerSetter(name: string, value: string) {\n if (responseState.sent) {\n throw new ResponseSentHeaderError();\n }\n res.setHeader(name, value);\n return ctx.response;\n };\n}\n\n/**\n * Create a function to set multiple response headers\n */\nfunction createHeadersSetter<S extends State = State, TBody = unknown, TQuery = QueryParams>(\n res: UnifiedResponse,\n responseState: { sent: boolean },\n ctx: Context<S, TBody, TQuery>\n) {\n return function headersSetter(headers: Record<string, string>) {\n if (responseState.sent) {\n throw new ResponseSentHeaderError();\n }\n for (const [name, value] of Object.entries(headers)) {\n res.setHeader(name, value);\n }\n return ctx.response;\n };\n}\n\n/**\n * Create a function to set content type header\n */\nfunction createContentTypeSetter<S extends State = State, TBody = unknown, TQuery = QueryParams>(\n res: UnifiedResponse,\n responseState: { sent: boolean },\n ctx: Context<S, TBody, TQuery>\n) {\n return function typeSetter(type: string) {\n if (responseState.sent) {\n throw new ResponseSentContentError();\n }\n res.setHeader(CONTENT_TYPE_HEADER, type);\n return ctx.response;\n };\n}\n\n/**\n * Create a function to send JSON response\n */\nfunction createJsonResponder(res: UnifiedResponse, responseState: { sent: boolean }) {\n return function jsonResponder(body: unknown, status?: number) {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n\n if (status !== undefined) {\n res.statusCode = status;\n }\n\n res.setHeader(CONTENT_TYPE_HEADER, 'application/json');\n res.end(JSON.stringify(body));\n responseState.sent = true;\n };\n}\n\n/**\n * Create a function to send text response\n */\nfunction createTextResponder(res: UnifiedResponse, responseState: { sent: boolean }) {\n return function textResponder(body: string, status?: number) {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n\n if (status !== undefined) {\n res.statusCode = status;\n }\n\n res.setHeader(CONTENT_TYPE_HEADER, 'text/plain');\n res.end(body);\n responseState.sent = true;\n };\n}\n\n/**\n * Create a function to send HTML response\n */\nfunction createHtmlResponder(res: UnifiedResponse, responseState: { sent: boolean }) {\n return function htmlResponder(body: string, status?: number) {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n\n if (status !== undefined) {\n res.statusCode = status;\n }\n\n res.setHeader(CONTENT_TYPE_HEADER, 'text/html');\n res.end(body);\n responseState.sent = true;\n };\n}\n\n/**\n * Create a function to send redirect response\n */\nfunction createRedirectResponder(res: UnifiedResponse, responseState: { sent: boolean }) {\n return function redirectResponder(url: string, status = 302) {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n\n res.statusCode = status;\n res.setHeader('Location', url);\n res.end();\n responseState.sent = true;\n };\n}\n\n/**\n * Create a function to stream response\n */\nfunction createStreamResponder(res: UnifiedResponse, responseState: { sent: boolean }) {\n return function streamResponder(readable: NodeJS.ReadableStream, options: StreamOptions = {}) {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n\n if (options.status !== undefined) {\n res.statusCode = options.status;\n }\n\n if (options.contentType) {\n res.setHeader(CONTENT_TYPE_HEADER, options.contentType);\n }\n\n if (options.headers) {\n for (const [name, value] of Object.entries(options.headers)) {\n res.setHeader(name, value);\n }\n }\n\n // Handle streaming\n readable.pipe(res);\n\n // Mark as sent when the stream ends\n readable.on('end', () => {\n responseState.sent = true;\n });\n\n // Handle errors\n readable.on('error', err => {\n console.error('Stream error:', err);\n if (!responseState.sent) {\n res.statusCode = 500;\n res.end('Stream error');\n responseState.sent = true;\n }\n });\n };\n}\n\n/**\n * Parse request body if enabled in options\n */\nasync function parseBodyIfNeeded<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n ctx: Context<State, TBody, TQuery>,\n options: ContextOptions = {}\n): Promise<void> {\n // Skip parsing for methods that typically don't have bodies\n if (shouldSkipParsing(req.method)) {\n return;\n }\n\n const contentType = req.headers['content-type'] || '';\n const contentLength = parseInt(req.headers['content-length'] || '0', 10);\n\n // Skip if no content\n if (contentLength === 0) {\n return;\n }\n\n const limits = {\n json: options.bodyLimits?.json ?? DEFAULT_BODY_LIMITS.json,\n form: options.bodyLimits?.form ?? DEFAULT_BODY_LIMITS.form,\n text: options.bodyLimits?.text ?? DEFAULT_BODY_LIMITS.text,\n raw: options.bodyLimits?.raw ?? DEFAULT_BODY_LIMITS.raw,\n multipart: {\n maxFileSize:\n options.bodyLimits?.multipart?.maxFileSize ?? DEFAULT_BODY_LIMITS.multipart.maxFileSize,\n maxFiles: options.bodyLimits?.multipart?.maxFiles ?? DEFAULT_BODY_LIMITS.multipart.maxFiles,\n maxFieldSize:\n options.bodyLimits?.multipart?.maxFieldSize ?? DEFAULT_BODY_LIMITS.multipart.maxFieldSize,\n maxTotalSize:\n options.bodyLimits?.multipart?.maxTotalSize ?? DEFAULT_BODY_LIMITS.multipart.maxTotalSize,\n },\n };\n\n try {\n // Apply content-type specific size validation\n if (contentType.includes('application/json')) {\n if (contentLength > limits.json) {\n throw new Error(`JSON body too large: ${contentLength} > ${limits.json} bytes`);\n }\n await parseJsonBody(req, ctx);\n } else if (contentType.includes('application/x-www-form-urlencoded')) {\n if (contentLength > limits.form) {\n throw new Error(`Form body too large: ${contentLength} > ${limits.form} bytes`);\n }\n await parseFormUrlEncodedBody(req, ctx);\n } else if (contentType.includes('text/')) {\n if (contentLength > limits.text) {\n throw new Error(`Text body too large: ${contentLength} > ${limits.text} bytes`);\n }\n await parseTextBody(req, ctx);\n } else if (isMultipartContent(contentType)) {\n // Multipart has its own sophisticated size validation\n await parseMultipartBody(req, ctx, limits.multipart);\n } else {\n // Unknown content type - apply raw limit\n if (contentLength > limits.raw) {\n throw new Error(`Request body too large: ${contentLength} > ${limits.raw} bytes`);\n }\n // Don't parse unknown content types, but allow them through\n return;\n }\n } catch (error) {\n const errorType = contentType.includes('multipart')\n ? 'multipart_parse_error'\n : 'body_read_error';\n setBodyError(ctx, errorType, 'Error reading request body', error);\n }\n}\n\n/**\n * Determine if body parsing should be skipped based on HTTP method\n */\nfunction shouldSkipParsing(method?: string): boolean {\n const skipMethods = ['GET', 'HEAD', 'OPTIONS'];\n return skipMethods.includes(method || 'GET');\n}\n\n/**\n * Parse JSON request body\n */\nasync function parseJsonBody<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n ctx: Context<State, TBody, TQuery>\n): Promise<void> {\n const body = await readRequestBody(req);\n\n if (!body) {\n console.warn('Empty body, skipping JSON parsing');\n return;\n }\n\n // Check if the body is actually \"null\" string\n if (body.trim() === 'null') {\n console.warn('Body is the string \"null\"');\n ctx.request.body = null as TBody;\n return;\n }\n\n try {\n const json = JSON.parse(body);\n ctx.request.body = json as TBody;\n } catch (error) {\n ctx.request.body = null as TBody;\n setBodyError(ctx, 'json_parse_error', 'Invalid JSON in request body', error);\n }\n}\n\n/**\n * Parse URL-encoded form data\n */\nasync function parseFormUrlEncodedBody<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n ctx: Context<State, TBody, TQuery>\n): Promise<void> {\n const body = await readRequestBody(req);\n if (!body) return;\n\n try {\n ctx.request.body = parseUrlEncodedData(body) as TBody;\n } catch (error) {\n ctx.request.body = null as TBody;\n setBodyError(ctx, 'form_parse_error', 'Invalid form data in request body', error);\n }\n}\n\n/**\n * Parse URL-encoded data into an object\n */\nfunction parseUrlEncodedData(body: string): Record<string, string | string[]> {\n const params = new URLSearchParams(body);\n const formData: Record<string, string | string[]> = {};\n\n params.forEach((value, key) => {\n if (formData[key] !== undefined) {\n if (Array.isArray(formData[key])) {\n (formData[key] as string[]).push(value);\n } else {\n formData[key] = [formData[key] as string, value];\n }\n } else {\n formData[key] = value;\n }\n });\n\n return formData;\n}\n\n/**\n * Parse plain text body\n */\nasync function parseTextBody<TBody = null, TQuery = QueryParams>(\n req: UnifiedRequest,\n ctx: Context<State, TBody, TQuery>\n): Promise<void> {\n const body = await readRequestBody(req);\n if (body) {\n ctx.request.body = body as TBody;\n }\n}\n\n/**\n * Parse multipart/form-data request body with improved error handling\n */\nasync function parseMultipartBody<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n ctx: Context<State, TBody, TQuery>,\n multipartLimits: MultipartLimits\n): Promise<void> {\n try {\n const limits = multipartLimits || DEFAULT_BODY_LIMITS.multipart;\n const multipartData = await parseMultipartRequest(req, {\n strategy: 'stream',\n maxFileSize: limits.maxFileSize,\n maxFiles: limits.maxFiles,\n maxFieldSize: limits.maxFieldSize,\n // Could add total size validation here\n });\n\n // Extend context with multipart data (type-safe assignments)\n (ctx.request as any).multipart = multipartData;\n (ctx.request as any).files = multipartData.files;\n\n // Set body to fields for backward compatibility with existing form handling\n ctx.request.body = multipartData.fields as TBody;\n } catch (error) {\n ctx.request.body = null as TBody;\n setBodyError(ctx, 'multipart_parse_error', 'Failed to parse multipart data', error);\n }\n}\n\n/**\n * Set body parsing error in context state with proper typing\n */\nfunction setBodyError<TBody = unknown, TQuery = QueryParams>(\n ctx: Context<State, TBody, TQuery>,\n type: BodyParseError['type'],\n message: string,\n error: unknown\n): void {\n const bodyError: BodyParseError = { type, message, error };\n ctx.state._bodyError = bodyError;\n}\n\n/**\n * Read the entire request body as a string\n */\nasync function readRequestBody(req: UnifiedRequest): Promise<string> {\n return new Promise<string>((resolve, reject) => {\n const chunks: Buffer[] = [];\n\n req.on('data', (chunk: Buffer | string) => {\n chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));\n });\n\n req.on('end', () => {\n resolve(Buffer.concat(chunks).toString('utf8'));\n });\n\n req.on('error', err => {\n reject(err);\n });\n });\n}\n\n/**\n * Get the current context or throw an error if none exists\n */\nexport function getCurrentContext<\n S extends State = State,\n TBody = unknown,\n TQuery = QueryParams,\n>(): Context<S, TBody, TQuery> {\n const ctx = getContext<S, TBody, TQuery>();\n if (!ctx) {\n throw new Error(\n 'No context found. Ensure this function is called within a request handler, ' +\n 'middleware, or function wrapped with runWithContext().'\n );\n }\n return ctx;\n}\n\n/**\n * Check if we're currently in a request context\n */\nexport function isInRequestContext(): boolean {\n return hasContext();\n}\n","/**\n * NotFoundError class for resource not found errors\n *\n * This error is thrown when a requested resource cannot be found.\n * It provides context about what resource was being looked for and how.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { NotFoundErrorDetails } from '@blaize-types/errors';\n/**\n * Error thrown when a requested resource cannot be found\n *\n * Automatically sets HTTP status to 404 and provides context\n * about the missing resource for better debugging and user experience.\n *\n * @example Basic usage:\n * ```typescript\n * throw new NotFoundError('User not found');\n * ```\n *\n * @example With resource context:\n * ```typescript\n * throw new NotFoundError('User not found', {\n * resourceType: 'User',\n * resourceId: 'user-123',\n * suggestion: 'Check if the user ID is correct'\n * });\n * ```\n *\n * @example API endpoint not found:\n * ```typescript\n * throw new NotFoundError('Endpoint not found', {\n * path: '/api/v1/unknown',\n * method: 'GET',\n * suggestion: 'Check the API documentation'\n * });\n * ```\n */\nexport class NotFoundError extends BlaizeError<NotFoundErrorDetails> {\n /**\n * Creates a new NotFoundError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional context about the missing resource\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: NotFoundErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.NOT_FOUND,\n title,\n 404, // HTTP 404 Not Found\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","import { BlaizeError } from '@blaize-types/errors';\n\nimport { generateCorrelationId } from './correlation';\nimport { InternalServerError } from './internal-server-error';\n\nimport type { BlaizeErrorResponse } from '@blaize-types/errors';\n\n/**\n * Checks if an error is a handled BlaizeError instance\n */\nexport function isHandledError(error: unknown): error is BlaizeError {\n return error instanceof BlaizeError;\n}\n\n/**\n * Formats any error into a standardized BlaizeErrorResponse\n */\nexport function formatErrorResponse(error: unknown): BlaizeErrorResponse {\n // Handle BlaizeError instances - they're already properly formatted\n if (isHandledError(error)) {\n return {\n type: error.type,\n title: error.title,\n status: error.status,\n correlationId: error.correlationId,\n timestamp: error.timestamp.toISOString(),\n details: error.details,\n };\n }\n\n // Handle unexpected errors by wrapping them in InternalServerError\n const correlationId = generateCorrelationId();\n let originalMessage: string;\n\n if (error instanceof Error) {\n originalMessage = error.message;\n } else if (error === null || error === undefined) {\n originalMessage = 'Unknown error occurred';\n } else {\n originalMessage = String(error);\n }\n\n // Create InternalServerError for unexpected errors\n const wrappedError = new InternalServerError(\n 'Internal Server Error',\n { originalMessage },\n correlationId\n );\n\n return {\n type: wrappedError.type,\n title: wrappedError.title,\n status: wrappedError.status,\n correlationId: wrappedError.correlationId,\n timestamp: wrappedError.timestamp.toISOString(),\n details: wrappedError.details,\n };\n}\n\n/**\n * Extracts correlation ID from request headers or generates a new one\n */\nexport function extractOrGenerateCorrelationId(\n headerGetter: (name: string) => string | undefined\n): string {\n return headerGetter('x-correlation-id') ?? generateCorrelationId();\n}\n\n/**\n * Sets response headers for error responses\n */\nexport function setErrorResponseHeaders(\n headerSetter: (name: string, value: string) => void,\n correlationId: string\n): void {\n headerSetter('x-correlation-id', correlationId);\n // Add any other standard error headers here if needed\n}\n","import {\n formatErrorResponse,\n extractOrGenerateCorrelationId,\n setErrorResponseHeaders,\n} from '../errors/boundary';\n\nimport type { Context } from '@blaize-types/context';\nimport type { Middleware, MiddlewareFunction, NextFunction } from '@blaize-types/middleware';\n\n/**\n * Options for configuring the error boundary middleware\n */\nexport interface ErrorBoundaryOptions {\n /** Enable debug logging of caught errors */\n debug?: boolean;\n}\n\n/**\n * Creates an error boundary middleware that catches all errors and converts them to proper HTTP responses\n *\n * This middleware should be placed early in the middleware chain to catch all downstream errors.\n * It ensures that:\n * - All BlaizeError instances are properly formatted as HTTP responses\n * - Unexpected errors are wrapped in InternalServerError and logged\n * - Correlation IDs are preserved and added to response headers\n * - No unhandled errors escape the middleware chain\n */\nexport function createErrorBoundary(options: ErrorBoundaryOptions = {}): Middleware {\n const { debug = false } = options;\n\n const middlewareFn: MiddlewareFunction = async (ctx: Context, next: NextFunction) => {\n try {\n await next();\n } catch (error) {\n // Don't handle errors if response was already sent\n if (ctx.response.sent) {\n if (debug) {\n console.error('Error occurred after response was sent:', error);\n }\n return;\n }\n\n // Log error in debug mode\n if (debug) {\n console.error('Error boundary caught error:', error);\n }\n\n // Extract or generate correlation ID from request\n const correlationId = extractOrGenerateCorrelationId(ctx.request.header);\n\n // Format the error as a proper response\n const errorResponse = formatErrorResponse(error);\n\n // Ensure correlation ID is consistent\n errorResponse.correlationId = correlationId;\n\n // Set appropriate response headers\n setErrorResponseHeaders(ctx.response.header, correlationId);\n\n // Send the formatted error response\n ctx.response.status(errorResponse.status).json(errorResponse);\n }\n };\n\n return {\n name: 'ErrorBoundary',\n execute: middlewareFn,\n debug,\n };\n}\n","import { createContext } from '../context/create';\nimport { runWithContext } from '../context/store';\nimport { NotFoundError } from '../errors/not-found-error';\nimport { compose } from '../middleware/compose';\nimport { createErrorBoundary } from '../middleware/error-boundary';\n\nimport type { Server, RequestHandler } from '@blaize-types/server';\n\nexport function createRequestHandler(serverInstance: Server): RequestHandler {\n return async (req, res) => {\n try {\n // Create context for this request\n const context = await createContext(req, res, {\n parseBody: true, // Enable automatic body parsing\n });\n\n // Create error boundary middleware that catches all thrown error classes\n const errorBoundary = createErrorBoundary();\n\n // Compose all middleware with error boundary first (to catch all errors)\n const allMiddleware = [errorBoundary, ...serverInstance.middleware];\n\n // Compose all middleware into a single function\n const handler = compose(allMiddleware);\n\n // Run the request with context in AsyncLocalStorage\n await runWithContext(context, async () => {\n await handler(context, async () => {\n if (!context.response.sent) {\n // Let the router handle the request\n await serverInstance.router.handleRequest(context);\n // If router didn't handle it either, send a 404\n if (!context.response.sent) {\n throw new NotFoundError(\n `Route not found: ${context.request.method} ${context.request.path}`\n );\n }\n }\n });\n });\n } catch (error) {\n // Handle errors in context creation\n console.error('Error creating context:', error);\n res.writeHead(500, { 'Content-Type': 'application/json' });\n res.end(\n JSON.stringify({\n error: 'Internal Server Error',\n message: 'Failed to process request',\n })\n );\n }\n };\n}\n","import type { Server, StopOptions } from '@blaize-types/server';\n\n// Add a global flag to prevent multiple shutdowns\nlet isShuttingDown = false;\n\n// Replace the stopServer function in stop.ts with this version:\n\nexport async function stopServer(serverInstance: Server, options: StopOptions = {}): Promise<void> {\n const server = serverInstance.server;\n const events = serverInstance.events;\n\n if (isShuttingDown) {\n console.log('⚠️ Shutdown already in progress, ignoring duplicate shutdown request');\n return;\n }\n\n if (!server) {\n return;\n }\n\n isShuttingDown = true;\n const timeout = options.timeout || 5000; // Reduced to 5 seconds for faster restarts\n\n try {\n if (options.onStopping) {\n await options.onStopping();\n }\n\n events.emit('stopping');\n\n // Close router watchers with timeout\n if (serverInstance.router && typeof serverInstance.router.close === 'function') {\n console.log('🔌 Closing router watchers...');\n try {\n // Add timeout to router close\n await Promise.race([\n serverInstance.router.close(),\n new Promise((_, reject) =>\n setTimeout(() => reject(new Error('Router close timeout')), 2000)\n ),\n ]);\n console.log('✅ Router watchers closed');\n } catch (error) {\n console.error('❌ Error closing router watchers:', error);\n // Continue with shutdown\n }\n }\n\n // Notify plugins with timeout\n try {\n await Promise.race([\n serverInstance.pluginManager.onServerStop(serverInstance, server),\n new Promise((_, reject) =>\n setTimeout(() => reject(new Error('Plugin stop timeout')), 2000)\n ),\n ]);\n } catch (error) {\n console.error('❌ Plugin stop timeout:', error);\n // Continue with shutdown\n }\n\n // Create server close promise with shorter timeout\n const closePromise = new Promise<void>((resolve, reject) => {\n server.close((err?: Error) => {\n if (err) return reject(err);\n resolve();\n });\n });\n\n const timeoutPromise = new Promise<never>((_, reject) => {\n setTimeout(() => {\n reject(new Error('Server shutdown timeout'));\n }, timeout);\n });\n\n await Promise.race([closePromise, timeoutPromise]);\n\n // Terminate plugins with timeout\n try {\n await Promise.race([\n serverInstance.pluginManager.terminatePlugins(serverInstance),\n new Promise((_, reject) =>\n setTimeout(() => reject(new Error('Plugin terminate timeout')), 1000)\n ),\n ]);\n } catch (error) {\n console.error('❌ Plugin terminate timeout:', error);\n // Continue with shutdown\n }\n\n if (options.onStopped) {\n await options.onStopped();\n }\n\n events.emit('stopped');\n serverInstance.server = null as any;\n\n console.log('✅ Graceful shutdown completed');\n isShuttingDown = false;\n } catch (error) {\n isShuttingDown = false;\n console.error('⚠️ Shutdown error (forcing exit):', error);\n\n // Force close the server if graceful shutdown fails\n if (server && typeof server.close === 'function') {\n server.close();\n }\n\n // In development, force exit to allow tsx to restart\n if (process.env.NODE_ENV === 'development') {\n console.log('🔄 Forcing exit for development restart...');\n process.exit(0);\n }\n\n events.emit('error', error);\n throw error;\n }\n}\n\n/**\n * Register signal handlers for graceful shutdown\n */\nexport function registerSignalHandlers(stopFn: () => Promise<void>): { unregister: () => void } {\n const isDevelopment = process.env.NODE_ENV === 'development';\n\n if (isDevelopment) {\n // Development: Force exit for fast restarts\n const sigintHandler = () => {\n console.log('📤 SIGINT received, forcing exit for development restart...');\n process.exit(0);\n };\n\n const sigtermHandler = () => {\n console.log('📤 SIGTERM received, forcing exit for development restart...');\n process.exit(0);\n };\n\n process.on('SIGINT', sigintHandler);\n process.on('SIGTERM', sigtermHandler);\n\n return {\n unregister: () => {\n process.removeListener('SIGINT', sigintHandler);\n process.removeListener('SIGTERM', sigtermHandler);\n },\n };\n } else {\n // Production: Graceful shutdown\n const sigintHandler = () => {\n console.log('📤 SIGINT received, starting graceful shutdown...');\n stopFn().catch(console.error);\n };\n\n const sigtermHandler = () => {\n console.log('📤 SIGTERM received, starting graceful shutdown...');\n stopFn().catch(console.error);\n };\n\n process.on('SIGINT', sigintHandler);\n process.on('SIGTERM', sigtermHandler);\n\n return {\n unregister: () => {\n process.removeListener('SIGINT', sigintHandler);\n process.removeListener('SIGTERM', sigtermHandler);\n },\n };\n }\n}\n","import { z } from 'zod';\n\nimport type { Middleware } from '@blaize-types/middleware';\nimport type { Plugin } from '@blaize-types/plugins';\nimport type { ServerOptions, ServerOptionsInput } from '@blaize-types/server';\n\n// Create a more flexible validation for the middleware function type\nconst middlewareSchema = z.custom<Middleware>(\n data =>\n data !== null &&\n typeof data === 'object' &&\n 'execute' in data &&\n typeof data.execute === 'function',\n {\n message: 'Expected middleware to have an execute function',\n }\n);\n\n// Create a schema for plugins\nconst pluginSchema = z.custom<Plugin>(\n data =>\n data !== null &&\n typeof data === 'object' &&\n 'register' in data &&\n typeof data.register === 'function',\n {\n message: 'Expected a valid plugin object with a register method',\n }\n);\n\n// Create a schema for HTTP/2 options with conditional validation\nconst http2Schema = z\n .object({\n enabled: z.boolean().optional().default(true),\n keyFile: z.string().optional(),\n certFile: z.string().optional(),\n })\n .refine(\n data => {\n // If HTTP/2 is enabled and not in development mode,\n // both keyFile and certFile must be provided\n if (data.enabled && process.env.NODE_ENV === 'production') {\n return data.keyFile && data.certFile;\n }\n return true;\n },\n {\n message:\n 'When HTTP/2 is enabled (outside of development mode), both keyFile and certFile must be provided',\n }\n );\n\n// Validation schema for server options\nexport const serverOptionsSchema = z.object({\n port: z.number().int().positive().optional().default(3000),\n host: z.string().optional().default('localhost'),\n routesDir: z.string().optional().default('./routes'),\n http2: http2Schema.optional().default({\n enabled: true,\n }),\n middleware: z.array(middlewareSchema).optional().default([]),\n plugins: z.array(pluginSchema).optional().default([]),\n});\n\nexport function validateServerOptions(options: ServerOptionsInput): ServerOptions {\n try {\n return serverOptionsSchema.parse(options);\n } catch (error) {\n // Properly type the error as Zod validation error\n if (error instanceof z.ZodError) {\n // Format the Zod error for better readability\n const formattedError = error.format();\n throw new Error(`Invalid server options: ${JSON.stringify(formattedError, null, 2)}`);\n }\n // For other types of errors\n throw new Error(`Invalid server options: ${String(error)}`);\n }\n}\n","import type { Plugin, PluginLifecycleManager, PluginLifecycleOptions } from '@blaize-types/plugins';\nimport type { Server } from '@blaize-types/server';\n\n/**\n * Create a plugin lifecycle manager\n */\nexport function createPluginLifecycleManager(\n options: PluginLifecycleOptions = {}\n): PluginLifecycleManager {\n const { continueOnError = true, debug = false, onError } = options;\n\n /**\n * Log debug messages if enabled\n */\n function log(message: string, ...args: any[]) {\n if (debug) {\n console.log(`[PluginLifecycle] ${message}`, ...args);\n }\n }\n\n /**\n * Handle plugin errors\n */\n function handleError(plugin: Plugin, phase: string, error: Error) {\n const errorMessage = `Plugin ${plugin.name} failed during ${phase}: ${error.message}`;\n\n if (onError) {\n onError(plugin, phase, error);\n } else {\n console.error(errorMessage, error);\n }\n\n if (!continueOnError) {\n throw new Error(errorMessage);\n }\n }\n\n return {\n /**\n * Initialize all plugins\n */\n async initializePlugins(server: Server): Promise<void> {\n log('Initializing plugins...');\n\n for (const plugin of server.plugins) {\n if (plugin.initialize) {\n try {\n log(`Initializing plugin: ${plugin.name}`);\n await plugin.initialize(server);\n } catch (error) {\n handleError(plugin, 'initialize', error as Error);\n }\n }\n }\n\n log(`Initialized ${server.plugins.length} plugins`);\n },\n\n /**\n * Terminate all plugins in reverse order\n */\n async terminatePlugins(server: Server): Promise<void> {\n log('Terminating plugins...');\n\n const pluginsToTerminate = [...server.plugins].reverse();\n\n for (const plugin of pluginsToTerminate) {\n if (plugin.terminate) {\n try {\n log(`Terminating plugin: ${plugin.name}`);\n await plugin.terminate(server);\n } catch (error) {\n handleError(plugin, 'terminate', error as Error);\n }\n }\n }\n\n log(`Terminated ${pluginsToTerminate.length} plugins`);\n },\n\n /**\n * Notify plugins that the server has started\n */\n async onServerStart(server: Server, httpServer: any): Promise<void> {\n log('Notifying plugins of server start...');\n\n for (const plugin of server.plugins) {\n if (plugin.onServerStart) {\n try {\n log(`Notifying plugin of server start: ${plugin.name}`);\n await plugin.onServerStart(httpServer);\n } catch (error) {\n handleError(plugin, 'onServerStart', error as Error);\n }\n }\n }\n },\n\n /**\n * Notify plugins that the server is stopping\n */\n async onServerStop(server: Server, httpServer: any): Promise<void> {\n log('Notifying plugins of server stop...');\n\n const pluginsToNotify = [...server.plugins].reverse();\n\n for (const plugin of pluginsToNotify) {\n if (plugin.onServerStop) {\n try {\n log(`Notifying plugin of server stop: ${plugin.name}`);\n await plugin.onServerStop(httpServer);\n } catch (error) {\n handleError(plugin, 'onServerStop', error as Error);\n }\n }\n }\n },\n };\n}\n","export class PluginError extends Error {\n constructor(\n public pluginName: string,\n message: string,\n public cause?: Error\n ) {\n super(`Plugin \"${pluginName}\": ${message}`);\n this.name = 'PluginError';\n }\n}\n\nexport class PluginLifecycleError extends PluginError {\n constructor(\n pluginName: string,\n public phase: 'register' | 'initialize' | 'terminate' | 'start' | 'stop',\n cause: Error\n ) {\n super(pluginName, `Failed during ${phase} phase: ${cause.message}`, cause);\n this.name = 'PluginLifecycleError';\n }\n}\n\nexport class PluginDependencyError extends PluginError {\n constructor(\n pluginName: string,\n public missingDependency: string\n ) {\n super(pluginName, `Missing dependency: ${missingDependency}`);\n this.name = 'PluginDependencyError';\n }\n}\n\n// packages/blaizejs/src/plugins/errors.ts (or add to existing errors file)\n\nexport class PluginValidationError extends Error {\n constructor(\n public pluginName: string,\n message: string\n ) {\n super(`Plugin validation error${pluginName ? ` for \"${pluginName}\"` : ''}: ${message}`);\n this.name = 'PluginValidationError';\n }\n}\n\nexport class PluginRegistrationError extends Error {\n constructor(\n public pluginName: string,\n message: string\n ) {\n super(`Plugin registration error for \"${pluginName}\": ${message}`);\n this.name = 'PluginRegistrationError';\n }\n}\n","import { PluginValidationError } from './errors';\n\nimport type { Plugin } from '@blaize-types/plugins';\n\nexport interface PluginValidationOptions {\n /** Require specific plugin properties */\n requireVersion?: boolean;\n /** Validate plugin name format */\n validateNameFormat?: boolean;\n /** Check for reserved plugin names */\n checkReservedNames?: boolean;\n}\n\n/**\n * Reserved plugin names that cannot be used\n */\nconst RESERVED_NAMES = new Set([\n 'core',\n 'server',\n 'router',\n 'middleware',\n 'context',\n 'blaize',\n 'blaizejs',\n]);\n\n/**\n * Valid plugin name pattern (lowercase, letters, numbers, hyphens)\n */\nconst VALID_NAME_PATTERN = /^[a-z]([a-z0-9-]*[a-z0-9])?$/;\n\n/**\n * Valid semantic version pattern\n */\nconst VALID_VERSION_PATTERN = /^\\d+\\.\\d+\\.\\d+(?:-[a-zA-Z0-9-.]+)?(?:\\+[a-zA-Z0-9-.]+)?$/;\n\n/**\n * Validate a plugin object\n */\nexport function validatePlugin(\n plugin: unknown,\n options: PluginValidationOptions = {}\n): asserts plugin is Plugin {\n const { requireVersion = true, validateNameFormat = true, checkReservedNames = true } = options;\n\n // Basic type validation\n if (!plugin || typeof plugin !== 'object') {\n throw new PluginValidationError('', 'Plugin must be an object');\n }\n\n const p = plugin as any;\n\n // Validate name\n if (!p.name || typeof p.name !== 'string') {\n throw new PluginValidationError('', 'Plugin must have a name (string)');\n }\n\n // Validate name format\n if (validateNameFormat && !VALID_NAME_PATTERN.test(p.name)) {\n throw new PluginValidationError(\n p.name,\n 'Plugin name must be lowercase letters, numbers, and hyphens only'\n );\n }\n\n // Check reserved names\n if (checkReservedNames && RESERVED_NAMES.has(p.name.toLowerCase())) {\n throw new PluginValidationError(p.name, `Plugin name \"${p.name}\" is reserved`);\n }\n\n // Validate version\n if (requireVersion) {\n if (!p.version || typeof p.version !== 'string') {\n throw new PluginValidationError(p.name, 'Plugin must have a version (string)');\n }\n\n if (!VALID_VERSION_PATTERN.test(p.version)) {\n throw new PluginValidationError(\n p.name,\n 'Plugin version must follow semantic versioning (e.g., \"1.0.0\")'\n );\n }\n }\n\n // Validate register method\n if (!p.register || typeof p.register !== 'function') {\n throw new PluginValidationError(p.name, 'Plugin must have a register method (function)');\n }\n\n // Validate optional lifecycle methods\n const lifecycleMethods = ['initialize', 'terminate', 'onServerStart', 'onServerStop'];\n\n for (const method of lifecycleMethods) {\n if (p[method] && typeof p[method] !== 'function') {\n throw new PluginValidationError(p.name, `Plugin ${method} must be a function if provided`);\n }\n }\n\n // Validate dependencies if present\n // if (p.dependencies) {\n // if (!Array.isArray(p.dependencies) && typeof p.dependencies !== 'string') {\n // throw new PluginValidationError(\n // p.name,\n // 'Plugin dependencies must be a string or array of strings'\n // );\n // }\n\n // const deps = Array.isArray(p.dependencies) ? p.dependencies : [p.dependencies];\n // for (const dep of deps) {\n // if (typeof dep !== 'string') {\n // throw new PluginValidationError(p.name, 'Plugin dependencies must be strings');\n // }\n // }\n // }\n}\n\n/**\n * Validate plugin options object\n */\nexport function validatePluginOptions(pluginName: string, options: unknown, schema?: any): void {\n // Basic validation\n if (options !== undefined && typeof options !== 'object') {\n throw new PluginValidationError(pluginName, 'Plugin options must be an object');\n }\n\n // If a schema is provided, validate against it\n if (schema && options) {\n try {\n schema.parse(options);\n } catch (error) {\n throw new PluginValidationError(\n pluginName,\n `Plugin options validation failed: ${(error as Error).message}`\n );\n }\n }\n}\n\n/**\n * Validate plugin factory function\n */\nexport function validatePluginFactory(\n factory: unknown\n): asserts factory is (...args: any[]) => any {\n if (typeof factory !== 'function') {\n throw new PluginValidationError('', 'Plugin factory must be a function');\n }\n}\n\n/**\n * Check if a plugin name is valid\n */\nexport function isValidPluginName(name: string): boolean {\n return (\n typeof name === 'string' &&\n name.length > 0 &&\n VALID_NAME_PATTERN.test(name) &&\n !RESERVED_NAMES.has(name.toLowerCase())\n );\n}\n\n/**\n * Check if a version string is valid\n */\nexport function isValidVersion(version: string): boolean {\n return typeof version === 'string' && VALID_VERSION_PATTERN.test(version);\n}\n\n/**\n * Sanitize plugin name (remove invalid characters)\n */\nexport function sanitizePluginName(name: string): string {\n return name\n .toLowerCase()\n .replace(/[^a-z0-9-]/g, '-')\n .replace(/^-+|-+$/g, '')\n .replace(/-+/g, '-');\n}\n","import * as crypto from 'node:crypto';\nimport * as fs from 'node:fs/promises';\nimport { createRequire } from 'node:module';\nimport * as path from 'node:path';\n\nimport { loadRouteModule } from './loader';\n\nimport type { FileCache, Route } from '@blaize-types/router';\n\nconst fileRouteCache = new Map<string, FileCache>();\n\nexport async function processChangedFile(\n filePath: string,\n routesDir: string,\n updateCache: boolean = true\n): Promise<Route[]> {\n const stat = await fs.stat(filePath);\n const lastModified = stat.mtime.getTime();\n const cachedEntry = fileRouteCache.get(filePath);\n\n // Skip if file hasn't changed by timestamp (only when updating cache)\n if (updateCache && cachedEntry && cachedEntry.timestamp === lastModified) {\n return cachedEntry.routes;\n }\n\n // Clear module cache for this specific file\n invalidateModuleCache(filePath);\n\n // Load only this file\n const routes = await loadRouteModule(filePath, routesDir);\n\n // Only update cache if requested\n if (updateCache) {\n // Calculate content hash for change detection\n const hash = hashRoutes(routes);\n\n // Update cache\n fileRouteCache.set(filePath, {\n routes,\n timestamp: lastModified,\n hash,\n });\n }\n\n return routes;\n}\n\nexport function hasRouteContentChanged(filePath: string, newRoutes: Route[]): boolean {\n const cachedEntry = fileRouteCache.get(filePath);\n if (!cachedEntry) {\n return true;\n }\n\n const newHash = hashRoutes(newRoutes);\n\n return cachedEntry.hash !== newHash;\n}\n\nexport function clearFileCache(filePath?: string): void {\n if (filePath) {\n fileRouteCache.delete(filePath);\n } else {\n fileRouteCache.clear();\n }\n}\n\nfunction hashRoutes(routes: Route[]): string {\n const routeData = routes.map(route => ({\n path: route.path,\n methods: Object.keys(route)\n .filter(key => key !== 'path')\n .sort()\n .map(method => {\n const methodDef = route[method as keyof Route] as any;\n const handlerString = methodDef?.handler ? methodDef.handler.toString() : null;\n return {\n method,\n // Include handler function string for change detection\n handler: handlerString,\n // Include middleware if present\n middleware: methodDef?.middleware ? methodDef.middleware.length : 0,\n // Include schema structure (but not full serialization which can be unstable)\n hasSchema: !!methodDef?.schema,\n schemaKeys: methodDef?.schema ? Object.keys(methodDef.schema).sort() : [],\n };\n }),\n }));\n\n const dataString = JSON.stringify(routeData);\n const hash = crypto.createHash('md5').update(dataString).digest('hex');\n\n return hash;\n}\n\nfunction invalidateModuleCache(filePath: string): void {\n try {\n // Try to resolve the absolute path\n const absolutePath = path.resolve(filePath);\n\n // Check if we're in a CommonJS environment (require is available)\n if (typeof require !== 'undefined') {\n // Delete from require cache if it exists\n delete require.cache[absolutePath];\n\n // Also try to resolve using require.resolve if the file exists\n try {\n const resolvedPath = require.resolve(absolutePath);\n delete require.cache[resolvedPath];\n } catch (resolveError) {\n // Type guard to ensure resolveError is an Error object\n const errorMessage =\n resolveError instanceof Error ? resolveError.message : String(resolveError);\n console.log(`⚠️ Could not resolve path: ${errorMessage}`);\n }\n } else {\n // In pure ESM environment, try to use createRequire for cache invalidation\n try {\n const require = createRequire(import.meta.url);\n delete require.cache[absolutePath];\n\n try {\n const resolvedPath = require.resolve(absolutePath);\n delete require.cache[resolvedPath];\n } catch {\n console.log(`⚠️ Could not resolve ESM path`);\n }\n } catch {\n console.log(`⚠️ createRequire not available in pure ESM`);\n }\n }\n } catch (error) {\n console.log(`⚠️ Error during module cache invalidation for ${filePath}:`, error);\n }\n}\n","import { parseRoutePath } from './parser';\n\nimport type { Route, RouteDefinition } from '@blaize-types/router';\n\nexport async function dynamicImport(filePath: string) {\n // Add a cache-busting query parameter for ESM\n const cacheBuster = `?t=${Date.now()}`;\n const importPath = filePath + cacheBuster;\n\n try {\n const module = await import(importPath);\n console.log(`✅ Successfully imported module`);\n return module;\n } catch (error) {\n // Type guard to ensure resolveError is an Error object\n const errorMessage = error instanceof Error ? error.message : String(error);\n console.log(`⚠️ Error importing with cache buster, trying original path:`, errorMessage);\n // Fallback to original path\n return import(filePath);\n }\n}\n\n/**\n * Load route modules from a file - supports both default export and named exports\n */\nexport async function loadRouteModule(filePath: string, basePath: string): Promise<Route[]> {\n try {\n // Parse the route path from the file path\n const parsedRoute = parseRoutePath(filePath, basePath);\n // Dynamically import the module\n const module = await dynamicImport(filePath);\n console.log('📦 Module exports:', Object.keys(module));\n\n const routes: Route[] = [];\n\n // Method 1: Check for default export (existing pattern)\n if (module.default && typeof module.default === 'object') {\n const route: Route = {\n ...(module.default as RouteDefinition),\n path: parsedRoute.routePath,\n };\n\n routes.push(route);\n }\n\n // Method 2: Check for named exports that look like routes\n Object.entries(module).forEach(([exportName, exportValue]) => {\n // Skip default export (already handled) and non-objects\n if (exportName === 'default' || !exportValue || typeof exportValue !== 'object') {\n return;\n }\n\n // Check if this export looks like a route (has path property and HTTP methods)\n const potentialRoute = exportValue as any;\n\n if (isValidRoute(potentialRoute)) {\n // For named exports, we might want to use the export name or the route's path\n const route: Route = {\n ...potentialRoute,\n // Use the route's own path if it has one, otherwise derive from file\n path: parsedRoute.routePath,\n };\n\n routes.push(route);\n }\n });\n\n if (routes.length === 0) {\n console.warn(`Route file ${filePath} does not export any valid route definitions`);\n return [];\n }\n\n console.log(`✅ Successfully Loaded ${routes.length} route(s)`);\n return routes;\n } catch (error) {\n console.error(`Failed to load route module ${filePath}:`, error);\n return [];\n }\n}\n\n/**\n * Check if an object looks like a valid route\n */\nfunction isValidRoute(obj: any): boolean {\n if (!obj || typeof obj !== 'object') {\n return false;\n }\n\n // Check if it has at least one HTTP method\n const httpMethods = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD', 'OPTIONS'];\n const hasHttpMethod = httpMethods.some(\n method => obj[method] && typeof obj[method] === 'object' && obj[method].handler\n );\n\n return hasHttpMethod;\n}\n","import * as os from 'node:os';\n\nimport { processChangedFile } from './cache';\nimport { findRouteFiles } from './finder';\n\nimport type { Route } from '@blaize-types/router';\n\nexport async function processFilesInParallel(\n filePaths: string[],\n processor: (filePath: string) => Promise<Route[]>,\n concurrency: number = Math.max(1, Math.floor(os.cpus().length / 2))\n): Promise<Route[][]> {\n const chunks = chunkArray(filePaths, concurrency);\n const results: Route[][] = [];\n\n for (const chunk of chunks) {\n const chunkResults = await Promise.allSettled(chunk.map(filePath => processor(filePath)));\n\n const successfulResults = chunkResults\n .filter(result => result.status === 'fulfilled')\n .map(result => (result as PromiseFulfilledResult<Route[]>).value);\n\n results.push(...successfulResults);\n }\n\n return results;\n}\n\nexport async function loadInitialRoutesParallel(routesDir: string): Promise<Route[]> {\n const files = await findRouteFiles(routesDir);\n const routeArrays = await processFilesInParallel(files, filePath =>\n processChangedFile(filePath, routesDir)\n );\n\n return routeArrays.flat();\n}\n\nfunction chunkArray<T>(array: T[], chunkSize: number): T[][] {\n const chunks: T[][] = [];\n for (let i = 0; i < array.length; i += chunkSize) {\n chunks.push(array.slice(i, i + chunkSize));\n }\n return chunks;\n}\n","import * as fs from 'node:fs/promises';\nimport * as path from 'node:path';\n\nimport type { FindRouteFilesOptions } from '@blaize-types/router';\n\n/**\n * Find all route files in the specified directory\n */\nexport async function findRouteFiles(\n routesDir: string,\n options: FindRouteFilesOptions = {}\n): Promise<string[]> {\n // Convert to absolute path if it's relative\n const absoluteDir = path.isAbsolute(routesDir)\n ? routesDir\n : path.resolve(process.cwd(), routesDir);\n\n console.log('Creating router with routes directory:', absoluteDir);\n\n // Check if directory exists\n try {\n const stats = await fs.stat(absoluteDir);\n if (!stats.isDirectory()) {\n throw new Error(`Route directory is not a directory: ${absoluteDir}`);\n }\n } catch (error) {\n if ((error as NodeJS.ErrnoException).code === 'ENOENT') {\n throw new Error(`Route directory not found: ${absoluteDir}`);\n }\n throw error;\n }\n\n const routeFiles: string[] = [];\n const ignore = options.ignore || ['node_modules', '.git'];\n\n async function scanDirectory(dir: string) {\n const entries = await fs.readdir(dir, { withFileTypes: true });\n\n for (const entry of entries) {\n const fullPath = path.join(dir, entry.name);\n\n // Skip ignored directories\n if (entry.isDirectory() && ignore.includes(entry.name)) {\n continue;\n }\n\n if (entry.isDirectory()) {\n await scanDirectory(fullPath);\n } else if (isRouteFile(entry.name)) {\n routeFiles.push(fullPath);\n }\n }\n }\n\n await scanDirectory(absoluteDir);\n return routeFiles;\n}\n\n/**\n * Check if a file is a valid route file\n */\nfunction isRouteFile(filename: string): boolean {\n // Route files are TypeScript/JavaScript files that don't start with underscore\n return !filename.startsWith('_') && (filename.endsWith('.ts') || filename.endsWith('.js'));\n}\n","import type { ReloadMetrics } from '@blaize-types/router';\n\nconst profilerState: ReloadMetrics = {\n fileChanges: 0,\n totalReloadTime: 0,\n averageReloadTime: 0,\n slowReloads: [],\n};\n\nexport function trackReloadPerformance(filePath: string, startTime: number): void {\n const duration = Date.now() - startTime;\n\n profilerState.fileChanges++;\n profilerState.totalReloadTime += duration;\n profilerState.averageReloadTime = profilerState.totalReloadTime / profilerState.fileChanges;\n\n if (duration > 100) {\n profilerState.slowReloads.push({ file: filePath, time: duration });\n if (profilerState.slowReloads.length > 10) {\n profilerState.slowReloads.shift();\n }\n }\n\n if (process.env.NODE_ENV === 'development') {\n const emoji = duration < 50 ? '⚡' : duration < 100 ? '🔄' : '🐌';\n console.log(`${emoji} Route reload: ${filePath} (${duration}ms)`);\n }\n}\n\nexport function getReloadMetrics(): Readonly<ReloadMetrics> {\n return { ...profilerState };\n}\n\nexport function resetReloadMetrics(): void {\n profilerState.fileChanges = 0;\n profilerState.totalReloadTime = 0;\n profilerState.averageReloadTime = 0;\n profilerState.slowReloads = [];\n}\n\nexport function withPerformanceTracking<T extends (...args: any[]) => Promise<any>>(\n fn: T,\n filePath: string\n): T {\n console.log(`Tracking performance for: ${filePath}`);\n return (async (...args: Parameters<T>) => {\n const startTime = Date.now();\n try {\n const result = await fn(...args);\n trackReloadPerformance(filePath, startTime);\n return result;\n } catch (error) {\n trackReloadPerformance(filePath, startTime);\n throw error;\n }\n }) as T;\n}\n","import * as path from 'node:path';\n\nimport { watch } from 'chokidar';\n\nimport { hasRouteContentChanged, processChangedFile } from './cache';\nimport { findRouteFiles } from './finder';\n\nimport type { Route, WatchOptions } from '@blaize-types/router';\n\n/**\n * Watch for route file changes\n */\nexport function watchRoutes(routesDir: string, options: WatchOptions = {}) {\n // Debounce rapid file changes\n const debounceMs = options.debounceMs || 16;\n const debouncedCallbacks = new Map<string, NodeJS.Timeout>();\n\n function createDebouncedCallback<T extends (...args: any[]) => void>(\n fn: T,\n filePath: string\n ): (...args: Parameters<T>) => void {\n return (...args: Parameters<T>) => {\n // Clear existing timeout for this file\n const existingTimeout = debouncedCallbacks.get(filePath);\n if (existingTimeout) {\n clearTimeout(existingTimeout);\n }\n\n // Set new timeout\n const timeoutId = setTimeout(() => {\n fn(...args);\n debouncedCallbacks.delete(filePath);\n }, debounceMs);\n\n debouncedCallbacks.set(filePath, timeoutId);\n };\n }\n // Track loaded routes by file path - now stores arrays of routes\n const routesByPath = new Map<string, Route[]>();\n\n // Initial loading of routes\n async function loadInitialRoutes() {\n try {\n const files = await findRouteFiles(routesDir, {\n ignore: options.ignore,\n });\n\n for (const filePath of files) {\n await loadAndNotify(filePath);\n }\n } catch (error) {\n handleError(error);\n }\n }\n\n // Optimized load and notify function\n async function loadAndNotify(filePath: string) {\n try {\n const existingRoutes = routesByPath.get(filePath);\n\n // Step 1: Load new routes WITHOUT updating cache\n const newRoutes = await processChangedFile(filePath, routesDir, false);\n\n if (!newRoutes || newRoutes.length === 0) {\n return;\n }\n\n // Step 2: Check if content has actually changed (cache still has old data)\n if (existingRoutes && !hasRouteContentChanged(filePath, newRoutes)) {\n return;\n }\n\n // Step 3: Content changed! Now update the cache\n await processChangedFile(filePath, routesDir, true);\n\n const normalizedPath = path.normalize(filePath);\n\n if (existingRoutes) {\n routesByPath.set(filePath, newRoutes);\n if (options.onRouteChanged) {\n options.onRouteChanged(normalizedPath, newRoutes);\n }\n } else {\n routesByPath.set(filePath, newRoutes);\n if (options.onRouteAdded) {\n options.onRouteAdded(normalizedPath, newRoutes);\n }\n }\n } catch (error) {\n console.log(`⚠️ Error processing file ${filePath}:`, error);\n handleError(error);\n }\n }\n\n // Handle route file removal\n function handleRemoved(filePath: string) {\n const normalizedPath = path.normalize(filePath);\n const routes = routesByPath.get(normalizedPath);\n\n if (routes && routes.length > 0 && options.onRouteRemoved) {\n options.onRouteRemoved(normalizedPath, routes);\n }\n\n routesByPath.delete(normalizedPath);\n }\n\n // Handle errors\n function handleError(error: unknown) {\n if (options.onError && error instanceof Error) {\n options.onError(error);\n } else {\n console.error('⚠️ Route watcher error:', error);\n }\n }\n\n // Start file watcher\n // Create optimized watcher\n const watcher = watch(routesDir, {\n // Much faster response times\n awaitWriteFinish: {\n stabilityThreshold: 50, // Reduced from 300ms\n pollInterval: 10, // Reduced from 100ms\n },\n\n // Performance optimizations\n usePolling: false,\n atomic: true,\n followSymlinks: false,\n depth: 10,\n\n // More aggressive ignoring\n ignored: [\n /(^|[/\\\\])\\../,\n /node_modules/,\n /\\.git/,\n /\\.DS_Store/,\n /Thumbs\\.db/,\n /\\.(test|spec)\\.(ts|js)$/,\n /\\.d\\.ts$/,\n /\\.map$/,\n /~$/,\n ...(options.ignore || []),\n ],\n });\n\n // Set up event handlers\n watcher\n .on('add', filePath => {\n const debouncedLoad = createDebouncedCallback(loadAndNotify, filePath);\n debouncedLoad(filePath);\n })\n .on('change', filePath => {\n const debouncedLoad = createDebouncedCallback(loadAndNotify, filePath);\n\n // Call debounced load for changed file\n debouncedLoad(filePath);\n })\n .on('unlink', filePath => {\n const debouncedRemove = createDebouncedCallback(handleRemoved, filePath);\n debouncedRemove(filePath);\n })\n .on('error', handleError);\n\n // Load initial routes\n loadInitialRoutes().catch(handleError);\n\n // Return control methods\n return {\n close: () => {\n // Clear any pending debounced callbacks\n debouncedCallbacks.forEach(timeout => clearTimeout(timeout));\n debouncedCallbacks.clear();\n\n return watcher.close();\n },\n getRoutes: () => {\n const allRoutes: Route[] = [];\n for (const routes of routesByPath.values()) {\n allRoutes.push(...routes);\n }\n return allRoutes;\n },\n getRoutesByFile: () => new Map(routesByPath),\n };\n}\n","import { z } from 'zod';\n\nimport { validateBody } from './body';\nimport { validateParams } from './params';\nimport { validateQuery } from './query';\nimport { validateResponse } from './response';\nimport { InternalServerError } from '../../errors/internal-server-error';\nimport { ValidationError } from '../../errors/validation-error';\n\nimport type { Context } from '@blaize-types/context';\nimport type { Middleware, MiddlewareFunction, NextFunction } from '@blaize-types/middleware';\nimport type { RouteSchema } from '@blaize-types/router';\n\n/**\n * Create a validation middleware for request data\n */\nexport function createRequestValidator(schema: RouteSchema, debug: boolean = false): Middleware {\n const middlewareFn: MiddlewareFunction = async (ctx: Context, next: NextFunction) => {\n // Validate params if schema exists - throw immediately on failure\n if (schema.params && ctx.request.params) {\n try {\n ctx.request.params = validateParams(ctx.request.params, schema.params);\n } catch (error) {\n const fieldErrors = extractZodFieldErrors(error);\n const errorCount = fieldErrors.reduce((sum, fe) => sum + fe.messages.length, 0);\n\n throw new ValidationError('Request validation failed', {\n fields: fieldErrors,\n errorCount,\n section: 'params',\n });\n }\n }\n\n // Validate query if schema exists - throw immediately on failure\n if (schema.query && ctx.request.query) {\n try {\n ctx.request.query = validateQuery(ctx.request.query, schema.query);\n } catch (error) {\n const fieldErrors = extractZodFieldErrors(error);\n const errorCount = fieldErrors.reduce((sum, fe) => sum + fe.messages.length, 0);\n\n throw new ValidationError('Request validation failed', {\n fields: fieldErrors,\n errorCount,\n section: 'query',\n });\n }\n }\n\n // Validate body if schema exists - throw immediately on failure\n if (schema.body) {\n try {\n ctx.request.body = validateBody(ctx.request.body, schema.body);\n } catch (error) {\n const fieldErrors = extractZodFieldErrors(error);\n const errorCount = fieldErrors.reduce((sum, fe) => sum + fe.messages.length, 0);\n\n throw new ValidationError('Request validation failed', {\n fields: fieldErrors,\n errorCount,\n section: 'body',\n });\n }\n }\n // Continue if validation passed\n await next();\n };\n\n return {\n name: 'RequestValidator',\n execute: middlewareFn,\n debug,\n };\n}\n\n/**\n * Create a validation middleware for response data\n */\nexport function createResponseValidator<T>(\n responseSchema: z.ZodType<T, z.ZodTypeDef, unknown>,\n debug: boolean = false\n): Middleware {\n const middlewareFn: MiddlewareFunction = async (ctx, next) => {\n // Store the original json method\n const originalJson = ctx.response.json;\n\n // Override the json method to validate the response\n ctx.response.json = (body: unknown, status?: number) => {\n try {\n // Validate the response body\n const validatedBody = validateResponse(body, responseSchema);\n\n // Restore the original json method\n ctx.response.json = originalJson;\n\n // Send the validated response\n return originalJson.call(ctx.response, validatedBody, status);\n } catch (error) {\n // Restore the original json method\n ctx.response.json = originalJson;\n\n throw new InternalServerError('Response validation failed', {\n responseSchema: responseSchema.description || 'Unknown schema',\n validationError: extractZodFieldErrors(error),\n originalResponse: body,\n });\n }\n };\n\n await next();\n };\n\n return {\n name: 'ResponseValidator',\n execute: middlewareFn,\n debug,\n };\n}\n\n/**\n * Extract structured field errors from Zod validation errors\n *\n * Converts Zod errors into a clean array of error messages per field.\n *\n * @param error - The validation error (typically a ZodError)\n * @returns Array of error messages for the field\n *\n * @example\n * ```typescript\n * const zodError = new z.ZodError([\n * { path: ['email'], message: 'Invalid email' },\n * { path: ['email'], message: 'Email is required' }\n * ]);\n *\n * const fieldErrors = extractZodFieldErrors(zodError);\n * // Returns: ['Invalid email', 'Email is required']\n * ```\n */\nfunction extractZodFieldErrors(error: unknown): { field: string; messages: string[] }[] {\n if (error instanceof z.ZodError) {\n // Group errors by field path\n const fieldErrorMap = new Map<string, string[]>();\n\n for (const issue of error.issues) {\n // Get the field path (e.g., ['user', 'email'] becomes 'user.email')\n const fieldPath = issue.path.length > 0 ? issue.path.join('.') : 'root';\n\n if (!fieldErrorMap.has(fieldPath)) {\n fieldErrorMap.set(fieldPath, []);\n }\n fieldErrorMap.get(fieldPath)!.push(issue.message);\n }\n\n // Convert map to array of field errors\n return Array.from(fieldErrorMap.entries()).map(([field, messages]) => ({\n field,\n messages,\n }));\n }\n\n if (error instanceof Error) {\n return [{ field: 'unknown', messages: [error.message] }];\n }\n\n return [{ field: 'unknown', messages: [String(error)] }];\n}\n\n/**\n * 🔄 DEPRECATED: Keep for backward compatibility but mark as deprecated\n *\n * This function maintains the old API for any existing code that might depend on it.\n * New code should use extractZodFieldErrors for better structured error handling.\n *\n * @deprecated Use extractZodFieldErrors instead for better structured error details\n * @param error - The validation error to format\n * @returns Formatted error object (maintains old structure)\n */\nexport function formatValidationError(error: unknown): unknown {\n // Handle Zod errors\n if (\n error &&\n typeof error === 'object' &&\n 'format' in error &&\n typeof error.format === 'function'\n ) {\n return error.format();\n }\n\n // Handle other error types\n return error instanceof Error ? error.message : String(error);\n}\n","import { z } from 'zod';\n\n/**\n * Validate request body\n */\nexport function validateBody<T>(body: unknown, schema: z.ZodType<T>): T {\n if (schema instanceof z.ZodObject) {\n return schema.strict().parse(body) as T;\n }\n // Parse and validate with the provided schema\n return schema.parse(body);\n}\n","import { z } from 'zod';\n\n/**\n * Validate request parameters\n */\nexport function validateParams<T>(\n params: Record<string, string>,\n schema: z.ZodType<T, z.ZodTypeDef, unknown>\n): T {\n if (schema instanceof z.ZodObject) {\n // If schema is an object, ensure strict parsing\n return schema.strict().parse(params) as T;\n }\n // Parse and validate with the provided schema\n return schema.parse(params);\n}\n","import { z } from 'zod';\n\n/**\n * Validate query parameters\n */\nexport function validateQuery<T>(\n query: Record<string, string | string[] | undefined>,\n schema: z.ZodType<T, z.ZodTypeDef, unknown>\n): T {\n if (schema instanceof z.ZodObject) {\n // If schema is an object, ensure strict parsing\n return schema.strict().parse(query) as T;\n }\n // Parse and validate with the provided schema\n return schema.parse(query);\n}\n","import { z } from 'zod';\n\n/**\n * Validate response body\n */\nexport function validateResponse<T>(\n response: unknown,\n schema: z.ZodType<T, z.ZodTypeDef, unknown>\n): T {\n if (schema instanceof z.ZodObject) {\n return schema.strict().parse(response) as T;\n }\n // Parse and validate with the provided schema\n return schema.parse(response);\n}\n","import { compose } from '../../middleware/compose';\nimport { createRequestValidator, createResponseValidator } from '../validation';\n\nimport type { Context } from '@blaize-types/context';\nimport type { RouteMethodOptions } from '@blaize-types/router';\n\n/**\n * Execute a route handler with its middleware\n */\nexport async function executeHandler(\n ctx: Context,\n routeOptions: RouteMethodOptions,\n params: Record<string, string>\n): Promise<void> {\n // Set up middleware chain\n const middleware = [...(routeOptions.middleware || [])];\n\n // Add validation middleware if schemas are defined\n if (routeOptions.schema) {\n if (routeOptions.schema.params || routeOptions.schema.query || routeOptions.schema.body) {\n middleware.unshift(createRequestValidator(routeOptions.schema));\n }\n\n if (routeOptions.schema.response) {\n middleware.push(createResponseValidator(routeOptions.schema.response));\n }\n }\n\n // Compose middleware with the final handler\n const handler = compose([...middleware]);\n\n // Execute the middleware chain\n await handler(ctx, async () => {\n // Execute the handler with the new argument style\n const result = await routeOptions.handler(ctx, params);\n\n // Handle the result if it wasn't already handled by the handler\n if (!ctx.response.sent && result !== undefined) {\n ctx.response.json(result);\n }\n });\n}\n","/**\n * Extract parameter values from a URL path\n */\nexport function extractParams(\n path: string,\n pattern: RegExp,\n paramNames: string[]\n): Record<string, string> {\n const match = pattern.exec(path);\n if (!match) {\n return {};\n }\n\n const params: Record<string, string> = {};\n\n // Extract parameter values from regex match groups\n for (let i = 0; i < paramNames.length; i++) {\n // Add 1 to index since the first capture group is at index 1\n params[paramNames[i]!] = match[i + 1] || '';\n }\n\n return params;\n}\n\n/**\n * Compile a path pattern with parameters\n */\nexport function compilePathPattern(path: string): { pattern: RegExp; paramNames: string[] } {\n const paramNames: string[] = [];\n\n // Special case for root path\n if (path === '/') {\n return {\n pattern: /^\\/$/,\n paramNames: [],\n };\n }\n\n // First escape special regex characters (except for : and [ ] which we process specially)\n let patternString = path.replace(/([.+*?^$(){}|\\\\])/g, '\\\\$1');\n\n // Replace route parameters with regex capture groups\n patternString = patternString\n // Replace :param syntax with capture groups\n .replace(/\\/:([^/]+)/g, (_, paramName) => {\n paramNames.push(paramName);\n return '/([^/]+)';\n })\n // Replace [param] syntax (for file-based routing)\n .replace(/\\/\\[([^\\]]+)\\]/g, (_, paramName) => {\n paramNames.push(paramName);\n return '/([^/]+)';\n });\n\n // Make the trailing slash optional (if not already the root path)\n // This adds an optional trailing slash to the end of the pattern\n patternString = `${patternString}(?:/)?`;\n\n // Create the regex pattern\n // This is safe because we've escaped special RegExp characters and\n // we're using developer-defined routes, not user input\n const pattern = new RegExp(`^${patternString}$`);\n\n return {\n pattern,\n paramNames,\n };\n}\n\n/**\n * Convert parameters object to URL query string\n */\nexport function paramsToQuery(params: Record<string, string | number | boolean>): string {\n const parts: string[] = [];\n\n for (const [key, value] of Object.entries(params)) {\n if (value !== undefined && value !== null) {\n const encodedKey = encodeURIComponent(key);\n const encodedValue = encodeURIComponent(String(value));\n parts.push(`${encodedKey}=${encodedValue}`);\n }\n }\n\n return parts.length > 0 ? `?${parts.join('&')}` : '';\n}\n\n/**\n * Build a URL with path parameters\n */\nexport function buildUrl(\n pathPattern: string,\n params: Record<string, string | number | boolean> = {},\n query: Record<string, string | number | boolean> = {}\n): string {\n // Extract path parameters and query parameters\n const pathParams: Record<string, string | number | boolean> = {};\n const queryParams: Record<string, string | number | boolean> = { ...query };\n\n // Find all parameter names in the path\n const paramNames: string[] = [];\n pathPattern.replace(/\\/:([^/]+)/g, (_, paramName) => {\n paramNames.push(paramName);\n return '/';\n });\n\n // Separate params into path params and additional query params\n for (const [key, value] of Object.entries(params)) {\n if (paramNames.includes(key)) {\n pathParams[key] = value;\n } else {\n queryParams[key] = value;\n }\n }\n\n // Replace path parameters\n let url = pathPattern;\n for (const [key, value] of Object.entries(pathParams)) {\n url = url.replace(`:${key}`, encodeURIComponent(String(value)));\n }\n\n // Add query string if needed\n const queryString = paramsToQuery(queryParams);\n\n return url + queryString;\n}\n","import { compilePathPattern, extractParams } from './params';\n\nimport type {\n HttpMethod,\n RouteMethodOptions,\n RouteMatch,\n Matcher,\n RouteEntry,\n Route,\n} from '../../index';\n\n/**\n * Create a route matcher\n */\nexport function createMatcher(): Matcher {\n // Private state\n const routes: RouteEntry[] = [];\n\n return {\n /**\n * Add a route to the matcher\n */\n add(path: string, method: HttpMethod, routeOptions: RouteMethodOptions) {\n const { pattern, paramNames } = compilePathPattern(path);\n\n const newRoute: RouteEntry = {\n path,\n method,\n pattern,\n paramNames,\n routeOptions,\n };\n\n // Find the insertion point using findIndex\n const insertIndex = routes.findIndex(route => paramNames.length < route.paramNames.length);\n\n // If no insertion point found, append to end\n if (insertIndex === -1) {\n routes.push(newRoute);\n } else {\n routes.splice(insertIndex, 0, newRoute);\n }\n },\n\n /**\n * Remove a route from the matcher by path\n */\n remove(path: string) {\n // Remove all routes that match the given path\n for (let i = routes.length - 1; i >= 0; i--) {\n if ((routes[i] as Route).path === path) {\n routes.splice(i, 1);\n }\n }\n },\n\n /**\n * Clear all routes from the matcher\n */\n clear() {\n routes.length = 0;\n },\n\n /**\n * Match a URL path to a route\n */\n match(path: string, method: HttpMethod): RouteMatch | null {\n // First, try to find an exact match for the method\n const pathname = path.split('?')[0];\n if (!pathname) return null;\n\n for (const route of routes) {\n // Skip routes that don't match the method\n if (route.method !== method) continue;\n\n // Try to match the path\n const match = route.pattern.exec(pathname);\n if (match) {\n // Extract parameters from the match\n const params = extractParams(path, route.pattern, route.paramNames);\n\n return {\n route: route.routeOptions,\n params,\n };\n }\n }\n\n // If no exact method match, check if path exists but method is different\n // This allows returning 405 Method Not Allowed instead of 404 Not Found\n const matchingPath = routes.find(\n route => route.method !== method && route.pattern.test(path)\n );\n\n if (matchingPath) {\n // Return null but with allowedMethods to indicate method not allowed\n return {\n route: null,\n params: {},\n methodNotAllowed: true,\n allowedMethods: routes\n .filter(route => route.pattern.test(path))\n .map(route => route.method),\n } as unknown as RouteMatch; // Type assertion for the extended return type\n }\n\n return null; // No match found\n },\n\n /**\n * Get all registered routes\n */\n getRoutes(): { path: string; method: HttpMethod }[] {\n return routes.map(route => ({\n path: route.path,\n method: route.method,\n }));\n },\n\n /**\n * Find routes matching a specific path\n */\n findRoutes(\n path: string\n ): { path: string; method: HttpMethod; params: Record<string, string> }[] {\n return routes\n .filter(route => route.pattern.test(path))\n .map(route => ({\n path: route.path,\n method: route.method,\n params: extractParams(path, route.pattern, route.paramNames),\n }));\n },\n };\n}\n","import type { Route, RouteRegistry } from '@blaize-types/router';\n\nexport function createRouteRegistry(): RouteRegistry {\n return {\n routesByPath: new Map(),\n routesByFile: new Map(),\n pathToFile: new Map(),\n };\n}\n\nexport function updateRoutesFromFile(\n registry: RouteRegistry,\n filePath: string,\n newRoutes: Route[]\n): { added: Route[]; removed: string[]; changed: Route[] } {\n console.log(`Updating routes from file: ${filePath}`);\n const oldPaths = registry.routesByFile.get(filePath) || new Set();\n const newPaths = new Set(newRoutes.map(r => r.path));\n\n // Fast diff calculation\n const added = newRoutes.filter(r => !oldPaths.has(r.path));\n const removed = Array.from(oldPaths).filter(p => !newPaths.has(p));\n const potentiallyChanged = newRoutes.filter(r => oldPaths.has(r.path));\n\n // Check for actual content changes\n const changed = potentiallyChanged.filter(route => {\n const existingRoute = registry.routesByPath.get(route.path);\n return !existingRoute || !routesEqual(existingRoute, route);\n });\n\n // Apply updates\n applyRouteUpdates(registry, filePath, { added, removed, changed });\n\n return { added, removed, changed };\n}\n\nexport function getRouteFromRegistry(registry: RouteRegistry, path: string): Route | undefined {\n return registry.routesByPath.get(path);\n}\n\nexport function getAllRoutesFromRegistry(registry: RouteRegistry): Route[] {\n return Array.from(registry.routesByPath.values());\n}\n\nexport function getFileRoutes(registry: RouteRegistry, filePath: string): Route[] {\n const paths = registry.routesByFile.get(filePath) || new Set();\n return Array.from(paths)\n .map(path => registry.routesByPath.get(path)!)\n .filter(Boolean);\n}\n\nfunction applyRouteUpdates(\n registry: RouteRegistry,\n filePath: string,\n updates: { added: Route[]; removed: string[]; changed: Route[] }\n): void {\n const { added, removed, changed } = updates;\n\n // Remove old routes\n removed.forEach(path => {\n registry.routesByPath.delete(path);\n registry.pathToFile.delete(path);\n });\n\n // Add/update routes\n [...added, ...changed].forEach(route => {\n registry.routesByPath.set(route.path, route);\n registry.pathToFile.set(route.path, filePath);\n });\n\n // Update file -> paths mapping\n const allPathsForFile = new Set([\n ...added.map(r => r.path),\n ...changed.map(r => r.path),\n ...Array.from(registry.routesByFile.get(filePath) || []).filter(p => !removed.includes(p)),\n ]);\n\n if (allPathsForFile.size > 0) {\n registry.routesByFile.set(filePath, allPathsForFile);\n } else {\n registry.routesByFile.delete(filePath);\n }\n}\n\nfunction routesEqual(route1: Route, route2: Route): boolean {\n if (route1.path !== route2.path) return false;\n\n const methods1 = Object.keys(route1)\n .filter(k => k !== 'path')\n .sort();\n const methods2 = Object.keys(route2)\n .filter(k => k !== 'path')\n .sort();\n\n if (methods1.length !== methods2.length) return false;\n\n return methods1.every(method => {\n const handler1 = route1[method as keyof Route];\n const handler2 = route2[method as keyof Route];\n\n // Compare handler signatures/structure rather than function references\n return typeof handler1 === typeof handler2;\n });\n}\n","import type { Route, HttpMethod, RouteMethodOptions, Matcher } from '@blaize-types/router';\n\nexport function addRouteToMatcher(route: Route, matcher: Matcher): void {\n Object.entries(route).forEach(([method, methodOptions]) => {\n if (method === 'path' || !methodOptions) return;\n matcher.add(route.path, method as HttpMethod, methodOptions as RouteMethodOptions);\n });\n}\n\nexport function removeRouteFromMatcher(path: string, matcher: Matcher): void {\n // Use matcher's remove method if available, otherwise fallback to clear/rebuild\n if ('remove' in matcher && typeof matcher.remove === 'function') {\n matcher.remove(path);\n } else {\n // This requires rebuilding the matcher - could be optimized\n console.warn('Matcher does not support selective removal, consider adding remove() method');\n }\n}\n\nexport function updateRouteInMatcher(route: Route, matcher: Matcher): void {\n removeRouteFromMatcher(route.path, matcher);\n addRouteToMatcher(route, matcher);\n}\n\nexport function rebuildMatcherWithRoutes(routes: Route[], matcher: Matcher): void {\n if ('clear' in matcher && typeof matcher.clear === 'function') {\n matcher.clear();\n }\n\n routes.forEach(route => addRouteToMatcher(route, matcher));\n}\n","import { NotFoundError } from '../errors/not-found-error';\nimport { clearFileCache } from './discovery/cache';\nimport { loadInitialRoutesParallel } from './discovery/parallel';\nimport { withPerformanceTracking } from './discovery/profiler';\nimport { watchRoutes } from './discovery/watchers';\nimport { executeHandler } from './handlers';\nimport { createMatcher } from './matching';\nimport {\n createRouteRegistry,\n updateRoutesFromFile,\n getAllRoutesFromRegistry,\n} from './registry/fast-registry';\nimport {\n addRouteToMatcher,\n removeRouteFromMatcher,\n updateRouteInMatcher,\n} from './utils/matching-helpers';\n\nimport type { Context } from '@blaize-types/context';\nimport type { HttpMethod, Route, RouterOptions, Router } from '@blaize-types/router';\n\nconst DEFAULT_ROUTER_OPTIONS = {\n routesDir: './routes',\n basePath: '/',\n watchMode: process.env.NODE_ENV === 'development',\n};\n\n/**\n * Create an optimized router instance with fast hot reload\n */\nexport function createRouter(options: RouterOptions): Router {\n // Merge with default options\n const routerOptions = {\n ...DEFAULT_ROUTER_OPTIONS,\n ...options,\n };\n\n if (options.basePath && !options.basePath.startsWith('/')) {\n console.warn('Base path does nothing');\n }\n\n // Use optimized registry instead of simple array\n const registry = createRouteRegistry();\n const matcher = createMatcher();\n\n // Initialize routes\n let initialized = false;\n let initializationPromise: Promise<void> | null = null;\n let _watchers: Map<string, ReturnType<typeof watchRoutes>> | null = null;\n\n const routeDirectories = new Set<string>([routerOptions.routesDir]);\n\n /**\n * Apply registry changes to matcher efficiently\n */\n function applyMatcherChanges(changes: { added: Route[]; removed: string[]; changed: Route[] }) {\n console.log('\\n🔧 APPLYING MATCHER CHANGES:');\n console.log(` Adding ${changes.added.length} routes`);\n console.log(` Removing ${changes.removed.length} routes`);\n console.log(` Updating ${changes.changed.length} routes`);\n\n // Remove routes first\n changes.removed.forEach(routePath => {\n console.log(` ➖ Removing: ${routePath}`);\n removeRouteFromMatcher(routePath, matcher);\n });\n\n // Add new routes\n changes.added.forEach(route => {\n const methods = Object.keys(route).filter(key => key !== 'path');\n console.log(` ➕ Adding: ${route.path} [${methods.join(', ')}]`);\n addRouteToMatcher(route, matcher);\n });\n\n // Update changed routes\n changes.changed.forEach(route => {\n const methods = Object.keys(route).filter(key => key !== 'path');\n console.log(` 🔄 Updating: ${route.path} [${methods.join(', ')}]`);\n updateRouteInMatcher(route, matcher);\n });\n\n console.log('✅ Matcher changes applied\\n');\n }\n\n /**\n * Add multiple routes with batch processing\n */\n function addRoutesWithSource(routes: Route[], source: string) {\n try {\n // Use registry for batch conflict detection and management\n const changes = updateRoutesFromFile(registry, source, routes);\n\n // Apply all changes to matcher in one operation\n applyMatcherChanges(changes);\n\n return changes;\n } catch (error) {\n console.error(`⚠️ Route conflicts from ${source}:`, error);\n throw error;\n }\n }\n\n /**\n * Optimized route loading with parallel processing\n */\n async function loadRoutesFromDirectory(directory: string, source: string, prefix?: string) {\n try {\n // Use parallel loading for better performance\n const discoveredRoutes = await loadInitialRoutesParallel(directory);\n\n // Apply prefix if provided\n const finalRoutes = discoveredRoutes.map(route =>\n prefix ? { ...route, path: `${prefix}${route.path}` } : route\n );\n\n // Batch add all routes from this directory\n const changes = addRoutesWithSource(finalRoutes, source);\n\n console.log(\n `Loaded ${discoveredRoutes.length} routes from ${source}${prefix ? ` with prefix ${prefix}` : ''} ` +\n `(${changes.added.length} added, ${changes.changed.length} changed, ${changes.removed.length} removed)`\n );\n } catch (error) {\n console.error(`⚠️ Failed to load routes from ${source}:`, error);\n throw error;\n }\n }\n\n /**\n * Initialize the router with parallel route loading\n */\n async function initialize() {\n if (initialized || initializationPromise) {\n return initializationPromise;\n }\n\n initializationPromise = (async () => {\n try {\n // Load routes from all directories in parallel\n await Promise.all(\n Array.from(routeDirectories).map(directory =>\n loadRoutesFromDirectory(directory, directory)\n )\n );\n\n // Set up optimized watching\n if (routerOptions.watchMode) {\n setupOptimizedWatching();\n }\n\n initialized = true;\n } catch (error) {\n console.error('⚠️ Failed to initialize router:', error);\n throw error;\n }\n })();\n\n return initializationPromise;\n }\n\n /**\n * Setup optimized file watching with fast updates\n */\n function setupOptimizedWatching() {\n if (!_watchers) {\n _watchers = new Map();\n }\n\n for (const directory of routeDirectories) {\n if (!_watchers.has(directory)) {\n const watcher = watchRoutes(directory, {\n debounceMs: 16, // ~60fps debouncing\n ignore: ['node_modules', '.git'],\n\n onRouteAdded: (filepath: string, addedRoutes: Route[]) => {\n // Batch process all added routes\n try {\n const changes = updateRoutesFromFile(registry, filepath, addedRoutes);\n applyMatcherChanges(changes);\n } catch (error) {\n console.error(`Error adding routes from ${directory}:`, error);\n }\n },\n\n onRouteChanged: withPerformanceTracking(\n async (filepath: string, changedRoutes: Route[]) => {\n // console.log(`${changedRoutes.length} route(s) changed in ${directory}`);\n\n try {\n console.log(`Processing changes for ${filepath}`);\n // Process all changed routes in one batch operation\n const changes = updateRoutesFromFile(registry, filepath, changedRoutes);\n\n console.log(\n `Changes detected: ${changes.added.length} added, ` +\n `${changes.changed.length} changed, ${changes.removed.length} removed`\n );\n\n // Apply matcher updates efficiently\n applyMatcherChanges(changes);\n\n console.log(\n `Route changes applied: ${changes.added.length} added, ` +\n `${changes.changed.length} changed, ${changes.removed.length} removed`\n );\n } catch (error) {\n console.error(`⚠️ Error updating routes from ${directory}:`, error);\n }\n },\n directory\n ),\n\n onRouteRemoved: (filePath: string, removedRoutes: Route[]) => {\n console.log(`File removed: ${filePath} with ${removedRoutes.length} routes`);\n\n try {\n // Remove all routes from this file\n removedRoutes.forEach(route => {\n removeRouteFromMatcher(route.path, matcher);\n });\n\n // Clear cache for removed file\n clearFileCache(filePath);\n } catch (error) {\n console.error(`⚠️ Error removing routes from ${filePath}:`, error);\n }\n },\n\n onError: (error: Error) => {\n console.error(`⚠️ Route watcher error for ${directory}:`, error);\n },\n });\n\n _watchers.set(directory, watcher);\n }\n }\n }\n\n /**\n * Setup watcher for newly added directory\n */\n function setupWatcherForNewDirectory(directory: string, prefix?: string) {\n if (!_watchers) {\n _watchers = new Map();\n }\n\n const watcher = watchRoutes(directory, {\n debounceMs: 16,\n ignore: ['node_modules', '.git'],\n\n onRouteAdded: (filePath: string, addedRoutes: Route[]) => {\n try {\n // Apply prefix to all routes\n const finalRoutes = addedRoutes.map(route =>\n prefix ? { ...route, path: `${prefix}${route.path}` } : route\n );\n\n // Batch process all added routes\n const changes = updateRoutesFromFile(registry, filePath, finalRoutes);\n applyMatcherChanges(changes);\n } catch (error) {\n console.error(`⚠️ Error adding routes from ${directory}:`, error);\n }\n },\n\n onRouteChanged: withPerformanceTracking(async (filePath: string, changedRoutes: Route[]) => {\n try {\n // Apply prefix to all routes\n const finalRoutes = changedRoutes.map(route =>\n prefix ? { ...route, path: `${prefix}${route.path}` } : route\n );\n\n // Process all changed routes in one batch operation\n const changes = updateRoutesFromFile(registry, filePath, finalRoutes);\n applyMatcherChanges(changes);\n } catch (error) {\n console.error(`⚠️ Error updating routes from ${directory}:`, error);\n }\n }, directory),\n\n onRouteRemoved: (filePath: string, removedRoutes: Route[]) => {\n try {\n removedRoutes.forEach(route => {\n const finalPath = prefix ? `${prefix}${route.path}` : route.path;\n removeRouteFromMatcher(finalPath, matcher);\n });\n clearFileCache(filePath);\n } catch (error) {\n console.error(`Error removing routes from ${filePath}:`, error);\n }\n },\n\n onError: (error: Error) => {\n console.error(`⚠️ Route watcher error for ${directory}:`, error);\n },\n });\n\n _watchers.set(directory, watcher);\n return watcher;\n }\n\n // Initialize router on creation\n initialize().catch(error => {\n console.error('⚠️ Failed to initialize router on creation:', error);\n });\n\n // Public API\n return {\n /**\n * Handle an incoming request\n */\n async handleRequest(ctx: Context) {\n // Ensure router is initialized\n if (!initialized) {\n console.log('🔄 Router not initialized, initializing...');\n await initialize();\n }\n\n const { method, path } = ctx.request;\n console.log(`\\n📥 Handling request: ${method} ${path}`);\n\n // Find matching route\n const match = matcher.match(path, method as HttpMethod);\n\n if (!match) {\n console.log(`❌ No match found for: ${method} ${path}`);\n // Handle 404 Not Found\n throw new NotFoundError('Not found');\n }\n\n console.log(`✅ Route matched: ${method} ${path}`);\n console.log(` Params: ${JSON.stringify(match.params)}`);\n\n // Check for method not allowed\n if (match.methodNotAllowed) {\n // Handle 405 Method Not Allowed\n // TODO: Add support for Method Not Allowed Error\n ctx.response.status(405).json({\n error: '❌ Method Not Allowed',\n allowed: match.allowedMethods,\n });\n\n // Set Allow header with allowed methods\n if (match.allowedMethods && match.allowedMethods.length > 0) {\n ctx.response.header('Allow', match.allowedMethods.join(', '));\n }\n\n return;\n }\n\n // Extract route parameters\n ctx.request.params = match.params;\n\n // Execute the route handler with middleware\n await executeHandler(ctx, match.route!, match.params);\n },\n\n /**\n * Get all registered routes (using optimized registry)\n */\n getRoutes() {\n return getAllRoutesFromRegistry(registry);\n },\n\n /**\n * Add a route programmatically\n */\n addRoute(route: Route) {\n const changes = updateRoutesFromFile(registry, 'programmatic', [route]);\n applyMatcherChanges(changes);\n },\n\n /**\n * Add multiple routes programmatically with batch processing\n */\n addRoutes(routes: Route[]) {\n const changes = updateRoutesFromFile(registry, 'programmatic', routes);\n applyMatcherChanges(changes);\n return changes;\n },\n\n /**\n * Add a route directory (for plugins) with optimized loading\n */\n async addRouteDirectory(directory: string, options: { prefix?: string } = {}) {\n if (routeDirectories.has(directory)) {\n console.warn(`Route directory ${directory} already registered`);\n return;\n }\n\n routeDirectories.add(directory);\n\n // If already initialized, load routes immediately\n if (initialized) {\n await loadRoutesFromDirectory(directory, directory, options.prefix);\n\n // Set up watching for this directory if in watch mode\n if (routerOptions.watchMode) {\n setupWatcherForNewDirectory(directory, options.prefix);\n }\n }\n },\n\n /**\n * Get route conflicts (using registry)\n */\n getRouteConflicts() {\n // Registry handles conflict detection internally\n // This could be enhanced to expose more detailed conflict info\n const conflicts: Array<{ path: string; sources: string[] }> = [];\n // Implementation would depend on registry's conflict tracking\n return conflicts;\n },\n\n /**\n * Close watchers and cleanup (useful for testing)\n */\n async close() {\n if (_watchers) {\n for (const watcher of _watchers.values()) {\n await watcher.close();\n }\n _watchers.clear();\n }\n },\n };\n}\n","export * from './client';\nexport * from './context';\nexport * from './errors';\nexport * from './server';\nexport * from './middleware';\nexport * from './router';\nexport * from './plugins';\nexport * from './upload';\n","/**\n * UnauthorizedError class for authentication failures\n *\n * This error is thrown when authentication is required or has failed.\n * It provides context about authentication requirements and failure reasons.\n */\n\nimport { ErrorType, BlaizeError } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { UnauthorizedErrorDetails } from '@blaize-types/errors';\n\n/**\n * Error thrown when authentication is required or has failed\n *\n * Automatically sets HTTP status to 401 and provides authentication context.\n *\n * @example Basic usage:\n * ```typescript\n * throw new UnauthorizedError('Authentication required');\n * ```\n *\n * @example With authentication details:\n * ```typescript\n * throw new UnauthorizedError('Token expired', {\n * reason: 'expired_token',\n * authScheme: 'Bearer',\n * loginUrl: '/auth/login'\n * });\n * ```\n */\nexport class UnauthorizedError extends BlaizeError<UnauthorizedErrorDetails> {\n /**\n * Creates a new UnauthorizedError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional authentication context\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: UnauthorizedErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.UNAUTHORIZED,\n title,\n 401, // HTTP 401 Unauthorized\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","/**\n * ForbiddenError class for authorization failures\n *\n * This error is thrown when a user lacks permission to access a resource.\n * It provides context about required permissions and access control.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { ForbiddenErrorDetails } from '@blaize-types/errors';\n\n/**\n * Error thrown when user lacks permission to access a resource\n *\n * Automatically sets HTTP status to 403 and provides permission context.\n *\n * @example Basic usage:\n * ```typescript\n * throw new ForbiddenError('Access denied');\n * ```\n *\n * @example With permission details:\n * ```typescript\n * throw new ForbiddenError('Insufficient permissions', {\n * requiredPermission: 'admin:users:delete',\n * userPermissions: ['admin:users:read'],\n * resource: 'user-123',\n * action: 'delete'\n * });\n * ```\n */\nexport class ForbiddenError extends BlaizeError<ForbiddenErrorDetails> {\n /**\n * Creates a new ForbiddenError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional permission context\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: ForbiddenErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.FORBIDDEN,\n title,\n 403, // HTTP 403 Forbidden\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","/**\n * ConflictError class for resource conflicts\n *\n * This error is thrown when a resource conflict occurs, such as duplicate keys,\n * version mismatches, or concurrent modifications.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { ConflictErrorDetails } from '@blaize-types/errors';\n\n/**\n * Error thrown when a resource conflict occurs\n *\n * Automatically sets HTTP status to 409 and provides conflict context.\n *\n * @example Basic usage:\n * ```typescript\n * throw new ConflictError('Email already exists');\n * ```\n *\n * @example With conflict details:\n * ```typescript\n * throw new ConflictError('Version conflict', {\n * conflictType: 'version_mismatch',\n * currentVersion: '2',\n * expectedVersion: '1',\n * resolution: 'Fetch the latest version and retry'\n * });\n * ```\n */\nexport class ConflictError extends BlaizeError<ConflictErrorDetails> {\n /**\n * Creates a new ConflictError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional conflict context\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: ConflictErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.CONFLICT,\n title,\n 409, // HTTP 409 Conflict\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","/**\n * RateLimitError class for rate limiting violations\n *\n * This error is thrown when rate limits are exceeded.\n * It provides context about the rate limit and when requests can resume.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { RateLimitErrorDetails } from '@blaize-types/errors';\n\n/**\n * Error thrown when rate limits are exceeded\n *\n * Automatically sets HTTP status to 429 and provides rate limit context.\n *\n * @example Basic usage:\n * ```typescript\n * throw new RateLimitError('Too many requests');\n * ```\n *\n * @example With rate limit details:\n * ```typescript\n * throw new RateLimitError('Rate limit exceeded', {\n * limit: 100,\n * remaining: 0,\n * retryAfter: 3600,\n * window: 'hour',\n * identifier: 'user-123'\n * });\n * ```\n */\nexport class RateLimitError extends BlaizeError<RateLimitErrorDetails> {\n /**\n * Creates a new RateLimitError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional rate limit context\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: RateLimitErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.RATE_LIMITED,\n title,\n 429, // HTTP 429 Too Many Requests\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","import { getCurrentCorrelationId } from './correlation';\nimport { BlaizeError, ErrorType } from '../../../blaize-types/src/errors';\n\nexport class RequestTimeoutError extends BlaizeError {\n constructor(title: string, details?: unknown, correlationId?: string) {\n super(\n ErrorType.UPLOAD_TIMEOUT,\n title,\n 408,\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","import { getCurrentCorrelationId } from './correlation';\nimport { BlaizeError, ErrorType } from '../../../blaize-types/src/errors';\n\nexport class UnprocessableEntityError extends BlaizeError {\n constructor(title: string, details?: unknown, correlationId?: string) {\n super(\n ErrorType.UNPROCESSABLE_ENTITY,\n title,\n 422,\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA+nBO,SAAS,iBAAiB,OAAyC;AACxE,SACE,OAAO,UAAU,YACjB,UAAU,QACV,UAAU,SACV,aAAa,SACb,WAAW,SACX,OAAQ,MAAc,SAAS,YAC/B,OAAQ,MAAc,YAAY;AAEtC;AAzoBA,IA2MY,WAsDA,eAkCU;AAnStB;AAAA;AAAA;AA2MO,IAAK,YAAL,kBAAKA,eAAL;AAGL,MAAAA,WAAA,sBAAmB;AAGnB,MAAAA,WAAA,eAAY;AAGZ,MAAAA,WAAA,kBAAe;AAGf,MAAAA,WAAA,eAAY;AAGZ,MAAAA,WAAA,cAAW;AAGX,MAAAA,WAAA,kBAAe;AAGf,MAAAA,WAAA,2BAAwB;AAGxB,MAAAA,WAAA,uBAAoB;AAGpB,MAAAA,WAAA,4BAAyB;AAGzB,MAAAA,WAAA,oBAAiB;AAGjB,MAAAA,WAAA,0BAAuB;AAIvB,MAAAA,WAAA,mBAAgB;AAGhB,MAAAA,WAAA,mBAAgB;AAGhB,MAAAA,WAAA,iBAAc;AAGd,MAAAA,WAAA,gBAAa;AA9CH,aAAAA;AAAA,OAAA;AAsDL,IAAK,gBAAL,kBAAKC,mBAAL;AAEL,MAAAA,eAAA,SAAM;AAGN,MAAAA,eAAA,YAAS;AAGT,MAAAA,eAAA,UAAO;AAGP,MAAAA,eAAA,cAAW;AAXD,aAAAA;AAAA,OAAA;AAkCL,IAAe,cAAf,cAAuD,MAAM;AAAA;AAAA;AAAA;AAAA;AAAA,MAKzD;AAAA;AAAA;AAAA;AAAA;AAAA,MAMA;AAAA;AAAA;AAAA;AAAA;AAAA,MAMA;AAAA;AAAA;AAAA;AAAA;AAAA,MAMA;AAAA;AAAA;AAAA;AAAA;AAAA,MAMA;AAAA;AAAA;AAAA;AAAA;AAAA,MAMA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAWC,YACR,MACA,OACA,QACA,eACA,SACA;AACA,cAAM,KAAK;AAGX,aAAK,OAAO,KAAK,YAAY;AAG7B,aAAK,OAAO;AACZ,aAAK,QAAQ;AACb,aAAK,SAAS;AACd,aAAK,gBAAgB;AACrB,aAAK,YAAY,oBAAI,KAAK;AAC1B,aAAK,UAAU;AAGf,eAAO,eAAe,MAAM,WAAW,SAAS;AAGhD,YAAI,MAAM,mBAAmB;AAC3B,gBAAM,kBAAkB,MAAM,KAAK,WAAW;AAAA,QAChD;AAAA,MACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAOA,SAAS;AACP,cAAM,OAAO;AAAA,UACX,MAAM,KAAK;AAAA,UACX,OAAO,KAAK;AAAA,UACZ,QAAQ,KAAK;AAAA,UACb,eAAe,KAAK;AAAA,UACpB,WAAW,KAAK,UAAU,YAAY;AAAA,QACxC;AAGA,YAAI,KAAK,YAAY,QAAW;AAC9B,iBAAO,EAAE,GAAG,MAAM,SAAS,KAAK,QAAQ;AAAA,QAC1C;AAEA,eAAO;AAAA,MACT;AAAA;AAAA;AAAA;AAAA;AAAA,MAMA,WAAmB;AACjB,eAAO,GAAG,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,aAAa;AAAA,MAC3D;AAAA,IACF;AAAA;AAAA;;;ACnXO,SAAS,wBAAgC;AAC9C,QAAM,YAAY,KAAK,IAAI,EAAE,SAAS,EAAE;AACxC,QAAM,SAAS,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,OAAO,GAAG,CAAC;AACrD,SAAO,OAAO,SAAS,IAAI,MAAM;AACnC;AAOO,SAAS,0BAAkC;AAChD,QAAM,SAAS,mBAAmB,SAAS;AAC3C,SAAO,UAAU,OAAO,KAAK,IAAI,SAAS;AAC5C;AAtCA,IAQAC,0BAMM;AAdN;AAAA;AAAA;AAQA,IAAAA,2BAAkC;AAMlC,IAAM,qBAAqB,IAAI,2CAA0B;AAAA;AAAA;;;ACdzD;AAAA;AAAA;AAAA;AAAA,IAgDa;AAhDb;AAAA;AAAA;AAQA;AAEA;AAsCO,IAAM,sBAAN,cAAkC,YAAwC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAQ/E,YACE,OACA,UAAkD,QAClD,gBAAoC,QACpC;AACA;AAAA;AAAA,UAEE;AAAA,UACA;AAAA;AAAA,UACA,iBAAiB,wBAAwB;AAAA,UACzC;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACrEA;AAAA;AAAA;AAAA;AAAA,IAwCa;AAxCb;AAAA;AAAA;AAOA;AAEA;AA+BO,IAAM,kBAAN,cAA8B,YAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,MAQvE,YACE,OACA,UAA8C,QAC9C,gBAAoC,QACpC;AACA;AAAA;AAAA,UAEE;AAAA,UACA;AAAA;AAAA,UACA,iBAAiB,wBAAwB;AAAA,UACzC;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;AC7DA;AAAA;AAAA;AAAA;AAAA,IAKa;AALb;AAAA;AAAA;AAAA;AACA;AAIO,IAAM,uBAAN,cAAmC,YAAyC;AAAA,MACjF,YACE,OACA,SACA,eACA;AACA;AAAA;AAAA,UAEE;AAAA,UACA;AAAA,UACA,iBAAiB,wBAAwB;AAAA,UACzC;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACnBA;AAAA;AAAA;AAAA;AAAA,IAGa;AAHb;AAAA;AAAA;AAAA;AACA;AAEO,IAAM,4BAAN,cAAwC,YAAY;AAAA,MACzD,YAAY,OAAe,SAAmB,eAAwB;AACpE;AAAA;AAAA,UAEE;AAAA,UACA;AAAA,UACA,iBAAiB,wBAAwB;AAAA,UACzC;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;;;ACbA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,sBAAAC;AAAA,EAAA;AAAA;AAAA,sBAAAA;AAAA,EAAA;AAAA;AAAA;AAAA;;;ACMO,SAAS,QACd,YACA,KACA,MACe;AAEf,MAAI,CAAC,YAAY;AACf,WAAO,QAAQ,QAAQ,KAAK,CAAC;AAAA,EAC/B;AAGA,MAAI,WAAW,QAAQ,WAAW,KAAK,GAAG,GAAG;AAC3C,WAAO,QAAQ,QAAQ,KAAK,CAAC;AAAA,EAC/B;AAEA,MAAI;AAEF,UAAM,SAAS,WAAW,QAAQ,KAAK,IAAI;AAG3C,QAAI,kBAAkB,SAAS;AAE7B,aAAO;AAAA,IACT,OAAO;AAEL,aAAO,QAAQ,QAAQ,MAAM;AAAA,IAC/B;AAAA,EACF,SAAS,OAAO;AAEd,WAAO,QAAQ,OAAO,KAAK;AAAA,EAC7B;AACF;;;AC7BO,SAAS,QAAQ,iBAAmD;AAEzE,MAAI,gBAAgB,WAAW,GAAG;AAChC,WAAO,OAAO,GAAG,SAAS;AACxB,YAAM,QAAQ,QAAQ,KAAK,CAAC;AAAA,IAC9B;AAAA,EACF;AAGA,SAAO,eAAgB,KAAc,cAA2C;AAE9E,UAAM,SAAS,oBAAI,IAAY;AAG/B,UAAM,WAAW,OAAO,MAA6B;AAEnD,UAAI,KAAK,gBAAgB,QAAQ;AAE/B,eAAO,QAAQ,QAAQ,aAAa,CAAC;AAAA,MACvC;AAGA,YAAM,aAAa,gBAAgB,CAAC;AAGpC,YAAM,eAAe,MAAM;AACzB,YAAI,OAAO,IAAI,CAAC,GAAG;AACjB,gBAAM,IAAI,MAAM,8BAA8B;AAAA,QAChD;AAGA,eAAO,IAAI,CAAC;AAGZ,eAAO,SAAS,IAAI,CAAC;AAAA,MACvB;AAGA,aAAO,QAAQ,YAAY,KAAK,YAAY;AAAA,IAC9C;AAGA,WAAO,SAAS,CAAC;AAAA,EACnB;AACF;;;AC/CO,SAAS,OAAO,kBAAsE;AAE3F,MAAI,OAAO,qBAAqB,YAAY;AAC1C,WAAO;AAAA,MACL,MAAM;AAAA;AAAA,MACN,SAAS;AAAA,MACT,OAAO;AAAA,IACT;AAAA,EACF;AAGA,QAAM,EAAE,OAAO,aAAa,SAAS,MAAM,QAAQ,MAAM,IAAI;AAG7D,QAAM,aAAyB;AAAA,IAC7B;AAAA,IACA,SAAS;AAAA,IACT;AAAA,EACF;AAEA,MAAI,SAAS,QAAW;AACtB,WAAO;AAAA,MACL,GAAG;AAAA,MACH;AAAA,IACF;AAAA,EACF;AAEA,SAAO;AACT;;;AC3BO,SAASC,QACd,MACA,SACA,OAIA,iBAA6B,CAAC,GACZ;AAElB,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,UAAM,IAAI,MAAM,wCAAwC;AAAA,EAC1D;AAEA,MAAI,CAAC,WAAW,OAAO,YAAY,UAAU;AAC3C,UAAM,IAAI,MAAM,2CAA2C;AAAA,EAC7D;AAEA,MAAI,OAAO,UAAU,YAAY;AAC/B,UAAM,IAAI,MAAM,iCAAiC;AAAA,EACnD;AAGA,SAAO,SAAS,cAAc,aAA0B;AAEtD,UAAM,gBAAgB,EAAE,GAAG,gBAAgB,GAAG,YAAY;AAG1D,UAAM,SAAiB;AAAA,MACrB;AAAA,MACA;AAAA;AAAA,MAGA,UAAU,OAAO,QAAgB;AAC/B,cAAM,SAAS,MAAM,MAAM,KAAK,aAAa;AAG7C,YAAI,UAAU,OAAO,WAAW,UAAU;AAExC,iBAAO,OAAO,QAAQ,MAAM;AAAA,QAC9B;AAAA,MACF;AAAA,IACF;AAEA,WAAO;AAAA,EACT;AACF;;;ACpDA,sBAA8B;;;ACQ9B,IAAI,SAAwB,CAAC;AAKtB,SAAS,iBAAiB,WAAyC;AACxE,WAAS,EAAE,GAAG,QAAQ,GAAG,UAAU;AACrC;AAYO,SAAS,eAAuB;AACrC,MAAI,CAAC,OAAO,WAAW;AACrB,UAAM,IAAI,MAAM,4EAA4E;AAAA,EAC9F;AACA,SAAO,OAAO;AAChB;;;AChCA,WAAsB;AAQf,SAAS,eAAe,UAAkB,UAA+B;AAE9E,MAAI,SAAS,WAAW,SAAS,GAAG;AAClC,eAAW,SAAS,QAAQ,WAAW,EAAE;AAAA,EAC3C;AACA,MAAI,SAAS,WAAW,SAAS,GAAG;AAClC,eAAW,SAAS,QAAQ,WAAW,EAAE;AAAA,EAC3C;AAGA,QAAM,uBAAuB,SAAS,QAAQ,OAAO,GAAG;AACxD,QAAM,uBAAuB,SAAS,QAAQ,OAAO,GAAG;AAGxD,QAAM,qBAAqB,qBAAqB,SAAS,GAAG,IACxD,uBACA,GAAG,oBAAoB;AAG3B,MAAI,eAAe;AACnB,MAAI,qBAAqB,WAAW,kBAAkB,GAAG;AACvD,mBAAe,qBAAqB,UAAU,mBAAmB,MAAM;AAAA,EACzE,WAAW,qBAAqB,WAAW,oBAAoB,GAAG;AAChE,mBAAe,qBAAqB,UAAU,qBAAqB,MAAM;AAEzE,QAAI,aAAa,WAAW,GAAG,GAAG;AAChC,qBAAe,aAAa,UAAU,CAAC;AAAA,IACzC;AAAA,EACF,OAAO;AAGL,mBAAoB,cAAS,sBAAsB,oBAAoB,EAAE,QAAQ,OAAO,GAAG;AAAA,EAC7F;AAGA,iBAAe,aAAa,QAAQ,YAAY,EAAE;AAGlD,QAAM,WAAW,aAAa,MAAM,GAAG,EAAE,OAAO,OAAO;AACvD,QAAM,SAAmB,CAAC;AAG1B,QAAM,gBAAgB,SAAS,IAAI,aAAW;AAE5C,QAAI,QAAQ,WAAW,GAAG,KAAK,QAAQ,SAAS,GAAG,GAAG;AACpD,YAAM,YAAY,QAAQ,MAAM,GAAG,EAAE;AACrC,aAAO,KAAK,SAAS;AACrB,aAAO,IAAI,SAAS;AAAA,IACtB;AACA,WAAO;AAAA,EACT,CAAC;AAGD,MAAI,YAAY,cAAc,SAAS,IAAI,IAAI,cAAc,KAAK,GAAG,CAAC,KAAK;AAG3E,MAAI,UAAU,SAAS,QAAQ,GAAG;AAChC,gBAAY,UAAU,MAAM,GAAG,EAAE,KAAK;AAAA,EACxC;AAEA,SAAO;AAAA,IACL;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;;;AFvDA,SAAS,oBAA4B;AACnC,QAAM,4BAA4B,MAAM;AAExC,MAAI;AACF,UAAM,oBAAoB,CAAC,GAAGC,WAAUA;AACxC,UAAM,QAAQ,IAAI,MAAM,EAAE;AAG1B,UAAM,cAAc,MAAM,CAAC;AAC3B,QAAI,CAAC,eAAe,OAAO,YAAY,gBAAgB,YAAY;AACjE,YAAM,IAAI,MAAM,uCAAuC;AAAA,IACzD;AACA,UAAM,WAAW,YAAY,YAAY;AAEzC,QAAI,CAAC,UAAU;AACb,YAAM,IAAI,MAAM,sCAAsC;AAAA,IACxD;AAEA,QAAI,SAAS,WAAW,SAAS,GAAG;AAClC,iBAAO,+BAAc,QAAQ;AAAA,IAC/B;AAEA,WAAO;AAAA,EACT,UAAE;AACA,UAAM,oBAAoB;AAAA,EAC5B;AACF;AAKA,SAAS,eAAuB;AAC9B,QAAM,aAAa,kBAAkB;AACrC,QAAM,YAAY,aAAa;AAE/B,QAAM,cAAc,eAAe,YAAY,SAAS;AACxD,UAAQ,IAAI,gCAAyB,YAAY,SAAS,eAAe,UAAU,EAAE;AAErF,SAAO,YAAY;AACrB;AAMO,IAAM,iBAAiC,CAAAC,YAAU;AACtD,uBAAqB,OAAOA,OAAM;AAElC,QAAMC,QAAO,aAAa;AAE1B,SAAO;AAAA,IACL,KAAKD;AAAA;AAAA,IACL,MAAAC;AAAA,EACF;AACF;AAKO,IAAM,kBAAmC,CAAAD,YAAU;AACxD,uBAAqB,QAAQA,OAAM;AAEnC,QAAMC,QAAO,aAAa;AAE1B,SAAO;AAAA,IACL,MAAMD;AAAA;AAAA,IACN,MAAAC;AAAA,EACF;AACF;AAKO,IAAM,iBAAiC,CAAAD,YAAU;AACtD,uBAAqB,OAAOA,OAAM;AAElC,QAAMC,QAAO,aAAa;AAE1B,SAAO;AAAA,IACL,KAAKD;AAAA;AAAA,IACL,MAAAC;AAAA,EACF;AACF;AAKO,IAAM,oBAAuC,CAAAD,YAAU;AAC5D,uBAAqB,UAAUA,OAAM;AAErC,QAAMC,QAAO,aAAa;AAE1B,SAAO;AAAA,IACL,QAAQD;AAAA;AAAA,IACR,MAAAC;AAAA,EACF;AACF;AAKO,IAAM,mBAAqC,CAAAD,YAAU;AAC1D,uBAAqB,SAASA,OAAM;AAEpC,QAAMC,QAAO,aAAa;AAE1B,SAAO;AAAA,IACL,OAAOD;AAAA;AAAA,IACP,MAAAC;AAAA,EACF;AACF;AAKO,IAAM,kBAAmC,CAAAD,YAAU;AACxD,uBAAqB,QAAQA,OAAM;AAEnC,QAAMC,QAAO,aAAa;AAE1B,SAAO;AAAA,IACL,MAAMD;AAAA;AAAA,IACN,MAAAC;AAAA,EACF;AACF;AAKO,IAAM,qBAAyC,CAAAD,YAAU;AAC9D,uBAAqB,WAAWA,OAAM;AAEtC,QAAMC,QAAO,aAAa;AAE1B,SAAO;AAAA,IACL,SAASD;AAAA;AAAA,IACT,MAAAC;AAAA,EACF;AACF;AAKA,SAAS,qBAAqB,QAAgBD,SAAmB;AAC/D,MAAI,CAACA,QAAO,WAAW,OAAOA,QAAO,YAAY,YAAY;AAC3D,UAAM,IAAI,MAAM,sBAAsB,MAAM,qBAAqB;AAAA,EACnE;AAEA,MAAIA,QAAO,cAAc,CAAC,MAAM,QAAQA,QAAO,UAAU,GAAG;AAC1D,UAAM,IAAI,MAAM,yBAAyB,MAAM,mBAAmB;AAAA,EACpE;AAGA,MAAIA,QAAO,QAAQ;AACjB,mBAAe,QAAQA,QAAO,MAAM;AAAA,EACtC;AAGA,UAAQ,QAAQ;AAAA,IACd,KAAK;AAAA,IACL,KAAK;AAAA,IACL,KAAK;AACH,UAAIA,QAAO,QAAQ,MAAM;AACvB,gBAAQ,KAAK,YAAY,MAAM,+CAA+C;AAAA,MAChF;AACA;AAAA,EACJ;AACF;AAKA,SAAS,eAAe,QAAgB,QAAmB;AACzD,QAAM,EAAE,QAAQ,OAAO,MAAM,SAAS,IAAI;AAG1C,MAAI,WAAW,CAAC,OAAO,QAAQ,OAAO,OAAO,UAAU,aAAa;AAClE,UAAM,IAAI,MAAM,qBAAqB,MAAM,6BAA6B;AAAA,EAC1E;AAEA,MAAI,UAAU,CAAC,MAAM,QAAQ,OAAO,MAAM,UAAU,aAAa;AAC/D,UAAM,IAAI,MAAM,oBAAoB,MAAM,6BAA6B;AAAA,EACzE;AAEA,MAAI,SAAS,CAAC,KAAK,QAAQ,OAAO,KAAK,UAAU,aAAa;AAC5D,UAAM,IAAI,MAAM,mBAAmB,MAAM,6BAA6B;AAAA,EACxE;AAEA,MAAI,aAAa,CAAC,SAAS,QAAQ,OAAO,SAAS,UAAU,aAAa;AACxE,UAAM,IAAI,MAAM,uBAAuB,MAAM,6BAA6B;AAAA,EAC5E;AACF;;;AGjNA,IAAAE,2BAAkC;AAClC,yBAAyB;;;ACDzB,IAAAC,MAAoB;AACpB,WAAsB;AACtB,YAAuB;;;ACFvB,SAAoB;AACpB,IAAAC,QAAsB;AAEtB,iBAA4B;AAO5B,eAAsB,0BAAoD;AACxE,QAAM,UAAe,WAAK,QAAQ,IAAI,GAAG,aAAa,OAAO;AAC7D,QAAM,UAAe,WAAK,SAAS,SAAS;AAC5C,QAAM,WAAgB,WAAK,SAAS,UAAU;AAG9C,MAAO,cAAW,OAAO,KAAQ,cAAW,QAAQ,GAAG;AACrD,WAAO;AAAA,MACL,SAAS;AAAA,MACT,UAAU;AAAA,IACZ;AAAA,EACF;AAGA,MAAI,CAAI,cAAW,OAAO,GAAG;AAC3B,IAAG,aAAU,SAAS,EAAE,WAAW,KAAK,CAAC;AAAA,EAC3C;AAGA,QAAM,QAAQ,CAAC,EAAE,MAAM,cAAc,OAAO,YAAY,CAAC;AACzD,QAAM,UAAU;AAAA,IACd,MAAM;AAAA,IACN,WAAW;AAAA,IACX,SAAS;AAAA,IACT,YAAY;AAAA,MACV,EAAE,MAAM,oBAAoB,IAAI,KAAK;AAAA,MACrC;AAAA,QACE,MAAM;AAAA,QACN,aAAa;AAAA,QACb,kBAAkB;AAAA,QAClB,gBAAgB;AAAA,QAChB,iBAAiB;AAAA,QACjB,kBAAkB;AAAA,MACpB;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,YAAY;AAAA,QACZ,YAAY;AAAA,MACd;AAAA,MACA;AAAA,QACE,MAAM;AAAA,QACN,UAAU;AAAA,UACR,EAAE,MAAM,GAAG,OAAO,YAAY;AAAA,UAC9B,EAAE,MAAM,GAAG,IAAI,YAAY;AAAA,QAC7B;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,QAAM,OAAkB,oBAAS,OAAO,OAAO;AAG/C,EAAG,iBAAc,SAAS,OAAO,KAAK,KAAK,SAAS,OAAO,CAAC;AAC5D,EAAG,iBAAc,UAAU,OAAO,KAAK,KAAK,MAAM,OAAO,CAAC;AAE1D,UAAQ,IAAI;AAAA,kEAA8D,OAAO;AAAA,CAAI;AAErF,SAAO;AAAA,IACL,SAAS;AAAA,IACT,UAAU;AAAA,EACZ;AACF;;;ACxEO,IAAM,oBAAN,cAAgC,MAAM;AAAA,EAC3C,YAAY,UAAkB,yCAAoC;AAChE,UAAM,OAAO;AACb,SAAK,OAAO;AAAA,EACd;AACF;AAEO,IAAM,0BAAN,cAAsC,kBAAkB;AAAA,EAC7D,YAAY,UAAkB,kDAAkD;AAC9E,UAAM,OAAO;AAAA,EACf;AACF;AAEO,IAAM,2BAAN,cAAuC,kBAAkB;AAAA,EAC9D,YAAY,UAAkB,wDAAwD;AACpF,UAAM,OAAO;AAAA,EACf;AACF;AAEO,IAAM,gBAAN,cAA4B,kBAAkB;AAAA,EACnD,YAAY,UAAkB,gBAAgB;AAC5C,UAAM,OAAO;AAAA,EACf;AACF;;;ACvBA,8BAAkC;AAO3B,IAAM,iBAAiB,IAAI,0CAA2B;AActD,SAAS,eACd,SACA,UACgB;AAChB,SAAO,eAAe,IAAI,SAAS,QAAQ;AAC7C;;;AC1BA,yBAA2B;AAC3B,qBAAoD;AACpD,qBAAuB;AACvB,uBAAqB;AACrB,yBAAyB;;;ACHzB,IAAM,iBAAiB;AACvB,IAAM,4BACJ;AACF,IAAM,qBAAqB;AAC3B,IAAM,kBAAkB;AAKjB,SAAS,gBAAgB,aAAoC;AAClE,QAAM,QAAQ,YAAY,MAAM,cAAc;AAC9C,MAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAG,QAAO;AAEhC,MAAI,WAAW,MAAM,CAAC,EAAE,KAAK;AAC7B,MAAI,SAAS,WAAW,GAAG,KAAK,SAAS,SAAS,GAAG,GAAG;AACtD,eAAW,SAAS,MAAM,GAAG,EAAE;AAAA,EACjC;AAEA,SAAO,YAAY;AACrB;AAKO,SAAS,wBACd,SAC4C;AAC5C,QAAM,QAAQ,QAAQ,MAAM,yBAAyB;AACrD,MAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAG,QAAO;AAEhC,SAAO;AAAA,IACL,MAAM,MAAM,CAAC;AAAA,IACb,UAAU,MAAM,CAAC,MAAM,SAAY,MAAM,CAAC,IAAI;AAAA,EAChD;AACF;AAKO,SAAS,iBAAiB,SAAyB;AACxD,QAAM,QAAQ,QAAQ,MAAM,kBAAkB;AAC9C,SAAO,SAAS,MAAM,CAAC,GAAG,KAAK,IAAI,MAAM,CAAC,EAAE,KAAK,IAAI;AACvD;AAKO,SAAS,mBAAmB,aAA8B;AAC/D,SAAO,gBAAgB,KAAK,WAAW;AACzC;;;ADtCA,IAAM,kBAA0C;AAAA,EAC9C,aAAa,KAAK,OAAO;AAAA;AAAA,EACzB,UAAU;AAAA,EACV,cAAc,IAAI,OAAO;AAAA;AAAA,EACzB,kBAAkB,CAAC;AAAA,EACnB,mBAAmB,CAAC;AAAA,EACpB,UAAU;AAAA,EACV,aAAS,uBAAO;AAAA,EAChB,aAAa;AACf;AAKA,SAAS,kBAAkB,UAAkB,UAAiC,CAAC,GAAgB;AAC7F,SAAO;AAAA,IACL,UAAU,OAAO,KAAK,KAAK,QAAQ,EAAE;AAAA,IACrC,SAAS,EAAE,GAAG,iBAAiB,GAAG,QAAQ;AAAA,IAC1C,QAAQ,oBAAI,IAAI;AAAA,IAChB,OAAO,oBAAI,IAAI;AAAA,IACf,QAAQ,OAAO,MAAM,CAAC;AAAA,IACtB,OAAO;AAAA,IACP,gBAAgB;AAAA,IAChB,cAAc;AAAA,IACd,iBAAiB;AAAA,IACjB,iBAAiB;AAAA,IACjB,sBAAsB;AAAA,IACtB,WAAW;AAAA,IACX,YAAY;AAAA,IACZ,qBAAqB,CAAC;AAAA,IACtB,eAAe;AAAA,IACf,iBAAiB;AAAA,IACjB,oBAAoB;AAAA,IACpB,kBAAkB;AAAA,IAClB,cAAc,CAAC;AAAA;AAAA,IAEf,uBAAuB;AAAA,IACvB,qBAAqB;AAAA,IACrB,YAAY;AAAA,EACd;AACF;AAKA,eAAe,aAAa,OAAoB,OAAqC;AACnF,QAAM,YAAY,OAAO,OAAO,CAAC,MAAM,QAAQ,KAAK,CAAC;AACrD,MAAI,eAAe,EAAE,GAAG,OAAO,QAAQ,UAAU;AAGjD,SAAO,aAAa,OAAO,SAAS,KAAK,CAAC,aAAa,YAAY;AACjE,UAAM,YAAY,MAAM,oBAAoB,YAAY;AACxD,QAAI,cAAc,aAAc;AAChC,mBAAe;AAAA,EACjB;AAEA,SAAO;AACT;AAKA,eAAe,oBAAoB,OAA0C;AAC3E,UAAQ,MAAM,OAAO;AAAA,IACnB,KAAK;AACH,aAAO,gBAAgB,KAAK;AAAA,IAC9B,KAAK;AACH,aAAO,eAAe,KAAK;AAAA,IAC7B,KAAK;AACH,aAAO,eAAe,KAAK;AAAA,IAC7B,SAAS;AACP,YAAM,EAAE,qBAAAC,qBAAoB,IAAI,MAAM;AACtC,YAAM,IAAIA,qBAAoB,wBAAwB;AAAA,QACpD,WAAW,MAAM;AAAA,MACnB,CAAC;AAAA,IACH;AAAA,EACF;AACF;AAKA,SAAS,gBAAgB,OAAiC;AACxD,QAAM,gBAAgB,MAAM,OAAO,QAAQ,MAAM,QAAQ;AACzD,MAAI,kBAAkB,GAAI,QAAO;AAGjC,QAAM,wBAAwB;AAG9B,MAAI,SAAS,MAAM,OAAO,SAAS,gBAAgB,MAAM,SAAS,MAAM;AAGxE,MAAI,OAAO,UAAU,KAAK,OAAO,SAAS,GAAG,CAAC,EAAE,OAAO,OAAO,KAAK,IAAI,CAAC,GAAG;AACzE,WAAO;AAAA,MACL,GAAG;AAAA,MACH;AAAA,MACA;AAAA,MACA,YAAY;AAAA,MACZ,OAAO;AAAA,IACT;AAAA,EACF;AAGA,MAAI,OAAO,UAAU,KAAK,OAAO,SAAS,GAAG,CAAC,EAAE,OAAO,OAAO,KAAK,MAAM,CAAC,GAAG;AAC3E,aAAS,OAAO,SAAS,CAAC;AAAA,EAC5B;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA;AAAA,IACA,OAAO;AAAA,IACP,gBAAgB;AAAA,EAClB;AACF;AAKA,eAAe,eAAe,OAA0C;AACtE,QAAM,YAAY,MAAM,OAAO,QAAQ,UAAU;AACjD,MAAI,cAAc,GAAI,QAAO;AAE7B,QAAM,UAAU,MAAM,OAAO,SAAS,GAAG,SAAS,EAAE,SAAS,MAAM;AACnE,QAAM,SAAS,MAAM,OAAO,SAAS,YAAY,CAAC;AAElD,QAAM,cAAc,wBAAwB,OAAO;AACnD,MAAI,CAAC,aAAa;AAEhB,UAAM,EAAE,iBAAAC,iBAAgB,IAAI,MAAM;AAClC,UAAM,IAAIA,iBAAgB,+CAA+C;AAAA,EAC3E;AAEA,QAAM,WAAW,iBAAiB,OAAO;AACzC,QAAM,SAAS,YAAY,aAAa;AAGxC,MAAI,UAAU,MAAM,aAAa,MAAM,QAAQ,UAAU;AACvD,UAAM,EAAE,sBAAAC,sBAAqB,IAAI,MAAM;AACvC,UAAM,IAAIA,sBAAqB,4BAA4B;AAAA,MACzD,WAAW,MAAM,YAAY;AAAA,MAC7B,UAAU,MAAM,QAAQ;AAAA,MACxB,UAAU,YAAY;AAAA,IACxB,CAAC;AAAA,EACH;AAEA,MACE,UACA,MAAM,QAAQ,iBAAiB,SAAS,KACxC,CAAC,MAAM,QAAQ,iBAAiB,SAAS,QAAQ,GACjD;AACA,UAAM,EAAE,2BAAAC,2BAA0B,IAAI,MAAM;AAC5C,UAAM,IAAIA,2BAA0B,yBAAyB;AAAA,MAC3D,kBAAkB;AAAA,MAClB,kBAAkB,MAAM,QAAQ;AAAA,MAChC,UAAU,YAAY;AAAA,IACxB,CAAC;AAAA,EACH;AAEA,SAAO;AAAA,IACL,GAAG;AAAA,IACH;AAAA,IACA,OAAO;AAAA,IACP,gBAAgB;AAAA,IAChB,cAAc,YAAY;AAAA,IAC1B,iBAAiB,YAAY;AAAA,IAC7B,iBAAiB;AAAA,IACjB,sBAAsB;AAAA,IACtB,WAAW,SAAS,MAAM,YAAY,IAAI,MAAM;AAAA,IAChD,YAAY,SAAS,MAAM,aAAa,MAAM,aAAa;AAAA,IAC3D,qBAAqB,CAAC;AAAA,EACxB;AACF;AAKA,eAAe,eAAe,OAA0C;AACtE,QAAM,oBAAoB,MAAM,OAAO,QAAQ,MAAM,QAAQ;AAE7D,MAAI;AACJ,MAAI,aAAa;AACjB,MAAI,SAAS,MAAM;AAEnB,MAAI,sBAAsB,IAAI;AAE5B,UAAM,aAAa,KAAK,IAAI,GAAG,MAAM,OAAO,SAAS,MAAM,SAAS,MAAM;AAC1E,QAAI,eAAe,EAAG,QAAO;AAE7B,mBAAe,MAAM,OAAO,SAAS,GAAG,UAAU;AAClD,aAAS,MAAM,OAAO,SAAS,UAAU;AAAA,EAC3C,OAAO;AAEL,UAAM,aAAa,KAAK,IAAI,GAAG,oBAAoB,CAAC;AACpD,mBAAe,MAAM,OAAO,SAAS,GAAG,UAAU;AAClD,aAAS,MAAM,OAAO,SAAS,iBAAiB;AAChD,iBAAa;AAAA,EACf;AAEA,MAAI,eAAe,EAAE,GAAG,OAAO,OAAO;AAEtC,MAAI,aAAa,SAAS,GAAG;AAC3B,mBAAe,MAAM,oBAAoB,cAAc,YAAY;AAAA,EACrE;AAEA,MAAI,YAAY;AACd,mBAAe,MAAM,oBAAoB,YAAY;AACrD,mBAAe;AAAA,MACb,GAAG;AAAA,MACH,OAAO;AAAA,MACP,qBAAqB;AAAA;AAAA,IACvB;AAAA,EACF;AAEA,SAAO;AACT;AAKA,eAAe,oBAAoB,OAAoB,OAAqC;AAC1F,QAAM,mBAAmB,MAAM,uBAAuB,MAAM;AAG5D,QAAM,UACJ,MAAM,oBAAoB,SAAY,MAAM,QAAQ,cAAc,MAAM,QAAQ;AAElF,MAAI,mBAAmB,SAAS;AAC9B,UAAM,SAAS,MAAM,oBAAoB;AACzC,UAAM,EAAE,sBAAAD,sBAAqB,IAAI,MAAM;AACvC,UAAM,qBAAqB,MAAM,eAC7B;AAAA,MACE,aAAa,SAAS,SAAS;AAAA,MAC/B,aAAa;AAAA,MACb;AAAA,MACA,OAAO,MAAM;AAAA,MACb,UAAU,MAAM;AAAA,IAClB,IACA;AAAA,MACE,aAAa,SAAS,SAAS;AAAA,MAC/B,aAAa;AAAA,MACb;AAAA,MACA,UAAU,MAAM;AAAA,IAClB;AACJ,UAAM,IAAIA;AAAA,MACR,GAAG,SAAS,SAAS,OAAO;AAAA,MAC5B;AAAA,IACF;AAAA,EACF;AAEA,MAAI,MAAM,oBAAoB,QAAW;AACvC,WAAO,iBAAiB,OAAO,OAAO,gBAAgB;AAAA,EACxD,OAAO;AACL,WAAO;AAAA,MACL,GAAG;AAAA,MACH,sBAAsB;AAAA,MACtB,qBAAqB,CAAC,GAAG,MAAM,qBAAqB,KAAK;AAAA,IAC3D;AAAA,EACF;AACF;AAKA,eAAe,iBACb,OACA,OACA,kBACsB;AACtB,UAAQ,MAAM,QAAQ,UAAU;AAAA,IAC9B,KAAK;AACH,aAAO;AAAA,QACL,GAAG;AAAA,QACH,sBAAsB;AAAA,QACtB,qBAAqB,CAAC,GAAG,MAAM,qBAAqB,KAAK;AAAA,MAC3D;AAAA,IAEF,KAAK;AACH,UAAI,MAAM,kBAAkB;AAC1B,cAAM,iBAAiB,QAAQ,KAAK;AAAA,MACtC;AACA,aAAO,EAAE,GAAG,OAAO,sBAAsB,iBAAiB;AAAA,IAE5D,KAAK;AACH,UAAI,MAAM,oBAAoB;AAC5B,cAAM,cAAc,MAAM,oBAAoB,KAAK;AAAA,MACrD;AACA,aAAO,EAAE,GAAG,OAAO,sBAAsB,iBAAiB;AAAA,IAE5D,SAAS;AACP,YAAM,EAAE,iBAAAD,iBAAgB,IAAI,MAAM;AAClC,YAAM,IAAIA,iBAAgB,0BAA0B;AAAA,IAMtD;AAAA,EACF;AACF;AAKA,eAAe,yBAAyB,OAA0C;AAChF,MAAI,MAAM,oBAAoB,OAAW,QAAO;AAEhD,UAAQ,MAAM,QAAQ,UAAU;AAAA,IAC9B,KAAK;AACH,aAAO,EAAE,GAAG,OAAO,qBAAqB,CAAC,EAAE;AAAA,IAE7C,KAAK,UAAU;AACb,UAAI,mBAAuE;AAC3E,YAAM,SAAS,IAAI,eAA2B;AAAA,QAC5C,OAAO,gBAAc;AACnB,6BAAmB;AAAA,QACrB;AAAA,MACF,CAAC;AAED,aAAO;AAAA,QACL,GAAG;AAAA,QACH,eAAe;AAAA;AAAA,QACf;AAAA,MACF;AAAA,IACF;AAAA,IAEA,KAAK,QAAQ;AACX,YAAM,eAAW,uBAAK,MAAM,QAAQ,SAAS,cAAU,+BAAW,CAAC,EAAE;AACrE,YAAM,kBAAc,kCAAkB,QAAQ;AAC9C,YAAM,cAAc,YAAY;AAC9B,YAAI;AACF,gBAAM,EAAE,OAAO,IAAI,MAAM,OAAO,aAAkB;AAClD,gBAAM,OAAO,QAAQ;AAAA,QACvB,SAAS,OAAO;AACd,kBAAQ,KAAK,gCAAgC,QAAQ,IAAI,KAAK;AAAA,QAChE;AAAA,MACF;AAEA,aAAO;AAAA,QACL,GAAG;AAAA,QACH,iBAAiB;AAAA,QACjB,oBAAoB;AAAA,QACpB,cAAc,CAAC,GAAG,MAAM,cAAc,WAAW;AAAA,MACnD;AAAA,IACF;AAAA,IAEA,SAAS;AACP,YAAM,EAAE,iBAAAA,iBAAgB,IAAI,MAAM;AAClC,YAAM,IAAIA,iBAAgB,kCAAkC;AAAA,IAI9D;AAAA,EACF;AACF;AAKA,eAAe,oBAAoB,OAA0C;AAC3E,MAAI,CAAC,MAAM,aAAc,QAAO,iBAAiB,KAAK;AAEtD,MAAI,MAAM,oBAAoB,QAAW;AACvC,WAAO,aAAa,KAAK;AAAA,EAC3B,OAAO;AACL,WAAO,cAAc,KAAK;AAAA,EAC5B;AACF;AAKA,eAAe,aAAa,OAA0C;AACpE,MAAI,CAAC,MAAM,gBAAgB,MAAM,oBAAoB,QAAW;AAC9D,WAAO,iBAAiB,KAAK;AAAA,EAC/B;AAEA,MAAI;AACJ,MAAI;AACJ,MAAI;AAEJ,UAAQ,MAAM,QAAQ,UAAU;AAAA,IAC9B,KAAK;AACH,eAAS,OAAO,OAAO,MAAM,mBAAmB;AAChD,eAAS,4BAAS,KAAK,MAAM;AAC7B;AAAA,IAEF,KAAK;AACH,UAAI,MAAM,kBAAkB;AAC1B,cAAM,iBAAiB,MAAM;AAAA,MAC/B;AACA,eAAS,MAAM;AACf;AAAA,IAEF,KAAK;AACH,UAAI,MAAM,oBAAoB;AAC5B,cAAM,YAAY,MAAM,kBAAkB;AAAA,MAC5C;AACA,iBAAW,MAAM;AACjB,eAAS,4BAAS,KAAK,OAAO,MAAM,CAAC,CAAC;AACtC;AAAA,IAEF,SAAS;AAEP,YAAM,EAAE,iBAAAA,iBAAgB,IAAI,MAAM;AAClC,YAAM,IAAIA,iBAAgB,oCAAoC;AAAA,IAIhE;AAAA,EACF;AAEA,QAAM,OAAqB;AAAA,IACzB,UAAU,MAAM;AAAA,IAChB,WAAW,MAAM;AAAA,IACjB,UAAU,MAAM;AAAA,IAChB,MAAM,MAAM;AAAA,IACZ;AAAA,IACA;AAAA,IACA;AAAA,EACF;AAEA,QAAM,eAAe,gBAAgB,MAAM,OAAO,MAAM,cAAc,IAAI;AAE1E,SAAO;AAAA,IACL,GAAG,iBAAiB,KAAK;AAAA,IACzB,OAAO;AAAA,EACT;AACF;AAKA,SAAS,cAAc,OAAiC;AACtD,MAAI,CAAC,MAAM,aAAc,QAAO,iBAAiB,KAAK;AAEtD,QAAM,QAAQ,OAAO,OAAO,MAAM,mBAAmB,EAAE,SAAS,MAAM;AACtE,QAAM,gBAAgB,gBAAgB,MAAM,QAAQ,MAAM,cAAc,KAAK;AAE7E,SAAO;AAAA,IACL,GAAG,iBAAiB,KAAK;AAAA,IACzB,QAAQ;AAAA,EACV;AACF;AAKA,SAAS,iBAAiB,OAAiC;AACzD,SAAO;AAAA,IACL,GAAG;AAAA,IACH,cAAc;AAAA,IACd,iBAAiB;AAAA,IACjB,sBAAsB;AAAA,IACtB,qBAAqB,CAAC;AAAA,IACtB,eAAe;AAAA,IACf,kBAAkB;AAAA,IAClB,iBAAiB;AAAA,IACjB,oBAAoB;AAAA,EACtB;AACF;AAKA,SAAS,gBAAmB,YAA8B,KAAa,OAA4B;AACjG,QAAM,gBAAgB,IAAI,IAAI,UAAU;AACxC,QAAM,WAAW,cAAc,IAAI,GAAG,KAAK,CAAC;AAC5C,gBAAc,IAAI,KAAK,CAAC,GAAG,UAAU,KAAK,CAAC;AAC3C,SAAO;AACT;AAKA,eAAe,SAAS,OAA4C;AAElE,MAAI,CAAC,MAAM,uBAAuB;AAChC,UAAM,EAAE,iBAAAA,iBAAgB,IAAI,MAAM;AAClC,UAAM,IAAIA,iBAAgB,mCAAmC;AAAA,EAK/D;AAGA,MAAI,MAAM,yBAAyB,CAAC,MAAM,qBAAqB;AAC7D,UAAM,EAAE,iBAAAA,iBAAgB,IAAI,MAAM;AAClC,UAAM,IAAIA,iBAAgB,yBAAyB;AAAA,EAKrD;AAEA,QAAM,SAA4C,CAAC;AACnD,aAAW,CAAC,KAAK,MAAM,KAAK,MAAM,OAAO,QAAQ,GAAG;AAClD,WAAO,GAAG,IAAI,OAAO,WAAW,IAAI,OAAO,CAAC,IAAK;AAAA,EACnD;AAEA,QAAM,QAAuD,CAAC;AAC9D,aAAW,CAAC,KAAK,QAAQ,KAAK,MAAM,MAAM,QAAQ,GAAG;AACnD,UAAM,GAAG,IAAI,SAAS,WAAW,IAAI,SAAS,CAAC,IAAK;AAAA,EACtD;AAEA,SAAO,EAAE,QAAQ,MAAM;AACzB;AAKA,eAAe,QAAQ,OAAmC;AAExD,QAAM,QAAQ,WAAW,MAAM,aAAa,IAAI,UAAQ,KAAK,CAAC,CAAC;AAG/D,MAAI,MAAM,kBAAkB;AAC1B,UAAM,iBAAiB,MAAM;AAAA,EAC/B;AAEA,MAAI,MAAM,oBAAoB;AAC5B,UAAM,YAAY,MAAM,kBAAkB;AAAA,EAC5C;AACF;AAGA,eAAe,cAAc,QAAqB,OAA8B;AAC9E,SAAO,IAAI,QAAQ,CAACG,UAAS,WAAW;AACtC,WAAO,MAAM,OAAO,WAAS;AAC3B,UAAI,MAAO,QAAO,KAAK;AAAA,UAClB,CAAAA,SAAQ;AAAA,IACf,CAAC;AAAA,EACH,CAAC;AACH;AAEA,eAAe,YAAY,QAAoC;AAC7D,SAAO,IAAI,QAAQ,CAAAA,aAAW;AAC5B,WAAO,IAAI,MAAMA,SAAQ,CAAC;AAAA,EAC5B,CAAC;AACH;AAKA,eAAsB,sBACpB,SACA,UAAiC,CAAC,GACV;AACxB,QAAM,cAAe,QAAQ,QAAQ,cAAc,KAAgB;AACnE,QAAM,WAAW,gBAAgB,WAAW;AAE5C,MAAI,CAAC,UAAU;AACb,UAAM,EAAE,2BAAAD,2BAA0B,IAAI,MAAM;AAC5C,UAAM,IAAIA,2BAA0B,8CAA8C;AAAA,MAChF,qBAAqB;AAAA,MACrB,gBAAgB;AAAA,IAClB,CAAC;AAAA,EACH;AAEA,MAAI,QAAQ,kBAAkB,UAAU,OAAO;AAG/C,MAAI,MAAM,oBAAoB,QAAW;AACvC,YAAQ,MAAM,yBAAyB,KAAK;AAAA,EAC9C;AAEA,MAAI;AAEF,qBAAiB,SAAS,SAAS;AACjC,cAAQ,MAAM,aAAa,OAAO,KAAe;AAAA,IACnD;AAEA,WAAO,SAAS,KAAK;AAAA,EACvB,UAAE;AACA,UAAM,QAAQ,KAAK;AAAA,EACrB;AACF;;;AEvjBA,IAAM,sBAAsB;AAE5B,IAAM,sBAAsB;AAAA,EAC1B,MAAM,MAAM;AAAA;AAAA,EACZ,MAAM,OAAO;AAAA;AAAA,EACb,MAAM,IAAI,OAAO;AAAA;AAAA,EACjB,WAAW;AAAA,IACT,aAAa,KAAK,OAAO;AAAA;AAAA,IACzB,cAAc,MAAM,OAAO;AAAA;AAAA,IAC3B,UAAU;AAAA,IACV,cAAc,OAAO;AAAA;AAAA,EACvB;AAAA,EACA,KAAK,KAAK,OAAO;AAAA;AACnB;AAKA,SAAS,gBAAgB,KAIvB;AACA,QAAM,cAAe,IAAY,OAAO;AAGxC,QAAM,OAAO,IAAI,QAAQ,QAAQ;AACjC,QAAM,WAAW,IAAI,UAAW,IAAI,OAAe,YAAY,UAAU;AACzE,QAAM,UAAU,GAAG,QAAQ,MAAM,IAAI,GAAG,YAAY,WAAW,GAAG,IAAI,KAAK,GAAG,GAAG,WAAW;AAC5F,MAAI;AACF,UAAM,MAAM,IAAI,IAAI,OAAO;AAG3B,UAAME,QAAO,IAAI;AAGjB,UAAM,QAAqB,CAAC;AAC5B,QAAI,aAAa,QAAQ,CAAC,OAAO,QAAQ;AAEvC,UAAI,MAAM,GAAG,MAAM,QAAW;AAC5B,YAAI,MAAM,QAAQ,MAAM,GAAG,CAAC,GAAG;AAC7B,UAAC,MAAM,GAAG,EAAe,KAAK,KAAK;AAAA,QACrC,OAAO;AACL,gBAAM,GAAG,IAAI,CAAC,MAAM,GAAG,GAAa,KAAK;AAAA,QAC3C;AAAA,MACF,OAAO;AACL,cAAM,GAAG,IAAI;AAAA,MACf;AAAA,IACF,CAAC;AAED,WAAO,EAAE,MAAAA,OAAM,KAAK,MAAM;AAAA,EAC5B,SAAS,OAAO;AAEd,YAAQ,KAAK,gBAAgB,OAAO,IAAI,KAAK;AAC7C,UAAM,IAAI,cAAc,gBAAgB,OAAO,EAAE;AAAA,EACnD;AACF;AAKA,SAAS,eAAe,KAA8B;AAEpD,SAAO,YAAY,OAAQ,sBAAsB,OAAQ,IAAY,qBAAqB;AAC5F;AAKA,SAAS,YAAY,KAA6B;AAEhD,QAAM,YAAY,IAAI,UAAW,IAAI,OAAe;AAEpD,QAAM,iBAAiB,IAAI,QAAQ,mBAAmB;AAEtD,MAAI,gBAAgB;AAClB,QAAI,MAAM,QAAQ,cAAc,GAAG;AAEjC,aAAO,eAAe,CAAC,GAAG,MAAM,GAAG,EAAE,CAAC,GAAG,KAAK,KAAK;AAAA,IACrD,OAAO;AAEL,aAAO,eAAe,MAAM,GAAG,EAAE,CAAC,GAAG,KAAK,KAAK;AAAA,IACjD;AAAA,EACF;AAGA,SAAO,YAAY,UAAU;AAC/B;AAKA,eAAsB,cACpB,KACA,KACA,UAA0B,CAAC,GACa;AAExC,QAAM,EAAE,MAAAA,OAAM,KAAK,MAAM,IAAI,gBAAgB,GAAG;AAChD,QAAM,SAAS,IAAI,UAAU;AAC7B,QAAM,UAAU,eAAe,GAAG;AAClC,QAAM,WAAW,YAAY,GAAG;AAGhC,QAAM,SAAwB,CAAC;AAC/B,QAAM,QAAQ,EAAE,GAAI,QAAQ,gBAAgB,CAAC,EAAG;AAGhD,QAAM,gBAAgB,EAAE,MAAM,MAAM;AAGpC,QAAM,MAAqC;AAAA,IACzC,SAAS,oBAAmC,KAAK;AAAA,MAC/C,MAAAA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,IACF,CAAC;AAAA,IACD,UAAU,CAAC;AAAA,IACX;AAAA,EACF;AAEA,MAAI,WAAW,qBAAqB,KAAK,eAAe,GAAG;AAG3D,MAAI,QAAQ,WAAW;AACrB,UAAM,kBAAkB,KAAK,KAAK,OAAO;AAAA,EAC3C;AAEA,SAAO;AACT;AAKA,SAAS,oBACP,KACA,MAS0C;AAC1C,SAAO;AAAA,IACL,KAAK;AAAA,IACL,GAAG;AAAA,IACH,QAAQ,0BAA0B,GAAG;AAAA,IACrC,SAAS,2BAA2B,GAAG;AAAA,IACvC,MAAM;AAAA,EACR;AACF;AAKA,SAAS,0BAA0B,KAAqB;AACtD,SAAO,CAAC,SAAqC;AAC3C,UAAM,QAAQ,IAAI,QAAQ,KAAK,YAAY,CAAC;AAC5C,QAAI,MAAM,QAAQ,KAAK,GAAG;AACxB,aAAO,MAAM,KAAK,IAAI;AAAA,IACxB;AACA,WAAO,SAAS;AAAA,EAClB;AACF;AAKA,SAAS,2BAA2B,KAAqB;AACvD,QAAM,eAAe,0BAA0B,GAAG;AAElD,SAAO,CAAC,UAAyD;AAC/D,QAAI,SAAS,MAAM,QAAQ,KAAK,KAAK,MAAM,SAAS,GAAG;AACrD,aAAO,MAAM,OAA2C,CAAC,KAAK,SAAS;AACrE,YAAI,IAAI,IAAI,aAAa,IAAI;AAC7B,eAAO;AAAA,MACT,GAAG,CAAC,CAAC;AAAA,IACP,OAAO;AACL,aAAO,OAAO,QAAQ,IAAI,OAAO,EAAE;AAAA,QACjC,CAAC,KAAK,CAAC,KAAK,KAAK,MAAM;AACrB,cAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,IAAI,MAAM,KAAK,IAAI,IAAI,SAAS;AAC9D,iBAAO;AAAA,QACT;AAAA,QACA,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;AAKA,SAAS,qBACP,KACA,eACA,KACuC;AACvC,SAAO;AAAA,IACL,KAAK;AAAA,IAEL,IAAI,OAAO;AACT,aAAO,cAAc;AAAA,IACvB;AAAA,IAEA,QAAQ,mBAAmB,KAAK,eAAe,GAAG;AAAA,IAClD,QAAQ,mBAAmB,KAAK,eAAe,GAAG;AAAA,IAClD,SAAS,oBAAoB,KAAK,eAAe,GAAG;AAAA,IACpD,MAAM,wBAAwB,KAAK,eAAe,GAAG;AAAA,IAErD,MAAM,oBAAoB,KAAK,aAAa;AAAA,IAC5C,MAAM,oBAAoB,KAAK,aAAa;AAAA,IAC5C,MAAM,oBAAoB,KAAK,aAAa;AAAA,IAC5C,UAAU,wBAAwB,KAAK,aAAa;AAAA,IACpD,QAAQ,sBAAsB,KAAK,aAAa;AAAA,EAClD;AACF;AAKA,SAAS,mBACP,KACA,eACA,KACA;AACA,SAAO,SAAS,aAAa,MAAmC;AAC9D,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI,kBAAkB;AAAA,IAC9B;AACA,QAAI,aAAa;AACjB,WAAO,IAAI;AAAA,EACb;AACF;AAKA,SAAS,mBACP,KACA,eACA,KACA;AACA,SAAO,SAAS,aAAa,MAAc,OAAe;AACxD,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI,wBAAwB;AAAA,IACpC;AACA,QAAI,UAAU,MAAM,KAAK;AACzB,WAAO,IAAI;AAAA,EACb;AACF;AAKA,SAAS,oBACP,KACA,eACA,KACA;AACA,SAAO,SAAS,cAAc,SAAiC;AAC7D,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI,wBAAwB;AAAA,IACpC;AACA,eAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,OAAO,GAAG;AACnD,UAAI,UAAU,MAAM,KAAK;AAAA,IAC3B;AACA,WAAO,IAAI;AAAA,EACb;AACF;AAKA,SAAS,wBACP,KACA,eACA,KACA;AACA,SAAO,SAAS,WAAW,MAAc;AACvC,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI,yBAAyB;AAAA,IACrC;AACA,QAAI,UAAU,qBAAqB,IAAI;AACvC,WAAO,IAAI;AAAA,EACb;AACF;AAKA,SAAS,oBAAoB,KAAsB,eAAkC;AACnF,SAAO,SAAS,cAAc,MAAe,QAAiB;AAC5D,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI,kBAAkB;AAAA,IAC9B;AAEA,QAAI,WAAW,QAAW;AACxB,UAAI,aAAa;AAAA,IACnB;AAEA,QAAI,UAAU,qBAAqB,kBAAkB;AACrD,QAAI,IAAI,KAAK,UAAU,IAAI,CAAC;AAC5B,kBAAc,OAAO;AAAA,EACvB;AACF;AAKA,SAAS,oBAAoB,KAAsB,eAAkC;AACnF,SAAO,SAAS,cAAc,MAAc,QAAiB;AAC3D,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI,kBAAkB;AAAA,IAC9B;AAEA,QAAI,WAAW,QAAW;AACxB,UAAI,aAAa;AAAA,IACnB;AAEA,QAAI,UAAU,qBAAqB,YAAY;AAC/C,QAAI,IAAI,IAAI;AACZ,kBAAc,OAAO;AAAA,EACvB;AACF;AAKA,SAAS,oBAAoB,KAAsB,eAAkC;AACnF,SAAO,SAAS,cAAc,MAAc,QAAiB;AAC3D,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI,kBAAkB;AAAA,IAC9B;AAEA,QAAI,WAAW,QAAW;AACxB,UAAI,aAAa;AAAA,IACnB;AAEA,QAAI,UAAU,qBAAqB,WAAW;AAC9C,QAAI,IAAI,IAAI;AACZ,kBAAc,OAAO;AAAA,EACvB;AACF;AAKA,SAAS,wBAAwB,KAAsB,eAAkC;AACvF,SAAO,SAAS,kBAAkB,KAAa,SAAS,KAAK;AAC3D,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI,kBAAkB;AAAA,IAC9B;AAEA,QAAI,aAAa;AACjB,QAAI,UAAU,YAAY,GAAG;AAC7B,QAAI,IAAI;AACR,kBAAc,OAAO;AAAA,EACvB;AACF;AAKA,SAAS,sBAAsB,KAAsB,eAAkC;AACrF,SAAO,SAAS,gBAAgB,UAAiC,UAAyB,CAAC,GAAG;AAC5F,QAAI,cAAc,MAAM;AACtB,YAAM,IAAI,kBAAkB;AAAA,IAC9B;AAEA,QAAI,QAAQ,WAAW,QAAW;AAChC,UAAI,aAAa,QAAQ;AAAA,IAC3B;AAEA,QAAI,QAAQ,aAAa;AACvB,UAAI,UAAU,qBAAqB,QAAQ,WAAW;AAAA,IACxD;AAEA,QAAI,QAAQ,SAAS;AACnB,iBAAW,CAAC,MAAM,KAAK,KAAK,OAAO,QAAQ,QAAQ,OAAO,GAAG;AAC3D,YAAI,UAAU,MAAM,KAAK;AAAA,MAC3B;AAAA,IACF;AAGA,aAAS,KAAK,GAAG;AAGjB,aAAS,GAAG,OAAO,MAAM;AACvB,oBAAc,OAAO;AAAA,IACvB,CAAC;AAGD,aAAS,GAAG,SAAS,SAAO;AAC1B,cAAQ,MAAM,iBAAiB,GAAG;AAClC,UAAI,CAAC,cAAc,MAAM;AACvB,YAAI,aAAa;AACjB,YAAI,IAAI,cAAc;AACtB,sBAAc,OAAO;AAAA,MACvB;AAAA,IACF,CAAC;AAAA,EACH;AACF;AAKA,eAAe,kBACb,KACA,KACA,UAA0B,CAAC,GACZ;AAEf,MAAI,kBAAkB,IAAI,MAAM,GAAG;AACjC;AAAA,EACF;AAEA,QAAM,cAAc,IAAI,QAAQ,cAAc,KAAK;AACnD,QAAM,gBAAgB,SAAS,IAAI,QAAQ,gBAAgB,KAAK,KAAK,EAAE;AAGvE,MAAI,kBAAkB,GAAG;AACvB;AAAA,EACF;AAEA,QAAM,SAAS;AAAA,IACb,MAAM,QAAQ,YAAY,QAAQ,oBAAoB;AAAA,IACtD,MAAM,QAAQ,YAAY,QAAQ,oBAAoB;AAAA,IACtD,MAAM,QAAQ,YAAY,QAAQ,oBAAoB;AAAA,IACtD,KAAK,QAAQ,YAAY,OAAO,oBAAoB;AAAA,IACpD,WAAW;AAAA,MACT,aACE,QAAQ,YAAY,WAAW,eAAe,oBAAoB,UAAU;AAAA,MAC9E,UAAU,QAAQ,YAAY,WAAW,YAAY,oBAAoB,UAAU;AAAA,MACnF,cACE,QAAQ,YAAY,WAAW,gBAAgB,oBAAoB,UAAU;AAAA,MAC/E,cACE,QAAQ,YAAY,WAAW,gBAAgB,oBAAoB,UAAU;AAAA,IACjF;AAAA,EACF;AAEA,MAAI;AAEF,QAAI,YAAY,SAAS,kBAAkB,GAAG;AAC5C,UAAI,gBAAgB,OAAO,MAAM;AAC/B,cAAM,IAAI,MAAM,wBAAwB,aAAa,MAAM,OAAO,IAAI,QAAQ;AAAA,MAChF;AACA,YAAM,cAAc,KAAK,GAAG;AAAA,IAC9B,WAAW,YAAY,SAAS,mCAAmC,GAAG;AACpE,UAAI,gBAAgB,OAAO,MAAM;AAC/B,cAAM,IAAI,MAAM,wBAAwB,aAAa,MAAM,OAAO,IAAI,QAAQ;AAAA,MAChF;AACA,YAAM,wBAAwB,KAAK,GAAG;AAAA,IACxC,WAAW,YAAY,SAAS,OAAO,GAAG;AACxC,UAAI,gBAAgB,OAAO,MAAM;AAC/B,cAAM,IAAI,MAAM,wBAAwB,aAAa,MAAM,OAAO,IAAI,QAAQ;AAAA,MAChF;AACA,YAAM,cAAc,KAAK,GAAG;AAAA,IAC9B,WAAW,mBAAmB,WAAW,GAAG;AAE1C,YAAM,mBAAmB,KAAK,KAAK,OAAO,SAAS;AAAA,IACrD,OAAO;AAEL,UAAI,gBAAgB,OAAO,KAAK;AAC9B,cAAM,IAAI,MAAM,2BAA2B,aAAa,MAAM,OAAO,GAAG,QAAQ;AAAA,MAClF;AAEA;AAAA,IACF;AAAA,EACF,SAAS,OAAO;AACd,UAAM,YAAY,YAAY,SAAS,WAAW,IAC9C,0BACA;AACJ,iBAAa,KAAK,WAAW,8BAA8B,KAAK;AAAA,EAClE;AACF;AAKA,SAAS,kBAAkB,QAA0B;AACnD,QAAM,cAAc,CAAC,OAAO,QAAQ,SAAS;AAC7C,SAAO,YAAY,SAAS,UAAU,KAAK;AAC7C;AAKA,eAAe,cACb,KACA,KACe;AACf,QAAM,OAAO,MAAM,gBAAgB,GAAG;AAEtC,MAAI,CAAC,MAAM;AACT,YAAQ,KAAK,mCAAmC;AAChD;AAAA,EACF;AAGA,MAAI,KAAK,KAAK,MAAM,QAAQ;AAC1B,YAAQ,KAAK,2BAA2B;AACxC,QAAI,QAAQ,OAAO;AACnB;AAAA,EACF;AAEA,MAAI;AACF,UAAM,OAAO,KAAK,MAAM,IAAI;AAC5B,QAAI,QAAQ,OAAO;AAAA,EACrB,SAAS,OAAO;AACd,QAAI,QAAQ,OAAO;AACnB,iBAAa,KAAK,oBAAoB,gCAAgC,KAAK;AAAA,EAC7E;AACF;AAKA,eAAe,wBACb,KACA,KACe;AACf,QAAM,OAAO,MAAM,gBAAgB,GAAG;AACtC,MAAI,CAAC,KAAM;AAEX,MAAI;AACF,QAAI,QAAQ,OAAO,oBAAoB,IAAI;AAAA,EAC7C,SAAS,OAAO;AACd,QAAI,QAAQ,OAAO;AACnB,iBAAa,KAAK,oBAAoB,qCAAqC,KAAK;AAAA,EAClF;AACF;AAKA,SAAS,oBAAoB,MAAiD;AAC5E,QAAM,SAAS,IAAI,gBAAgB,IAAI;AACvC,QAAM,WAA8C,CAAC;AAErD,SAAO,QAAQ,CAAC,OAAO,QAAQ;AAC7B,QAAI,SAAS,GAAG,MAAM,QAAW;AAC/B,UAAI,MAAM,QAAQ,SAAS,GAAG,CAAC,GAAG;AAChC,QAAC,SAAS,GAAG,EAAe,KAAK,KAAK;AAAA,MACxC,OAAO;AACL,iBAAS,GAAG,IAAI,CAAC,SAAS,GAAG,GAAa,KAAK;AAAA,MACjD;AAAA,IACF,OAAO;AACL,eAAS,GAAG,IAAI;AAAA,IAClB;AAAA,EACF,CAAC;AAED,SAAO;AACT;AAKA,eAAe,cACb,KACA,KACe;AACf,QAAM,OAAO,MAAM,gBAAgB,GAAG;AACtC,MAAI,MAAM;AACR,QAAI,QAAQ,OAAO;AAAA,EACrB;AACF;AAKA,eAAe,mBACb,KACA,KACA,iBACe;AACf,MAAI;AACF,UAAM,SAAS,mBAAmB,oBAAoB;AACtD,UAAM,gBAAgB,MAAM,sBAAsB,KAAK;AAAA,MACrD,UAAU;AAAA,MACV,aAAa,OAAO;AAAA,MACpB,UAAU,OAAO;AAAA,MACjB,cAAc,OAAO;AAAA;AAAA,IAEvB,CAAC;AAGD,IAAC,IAAI,QAAgB,YAAY;AACjC,IAAC,IAAI,QAAgB,QAAQ,cAAc;AAG3C,QAAI,QAAQ,OAAO,cAAc;AAAA,EACnC,SAAS,OAAO;AACd,QAAI,QAAQ,OAAO;AACnB,iBAAa,KAAK,yBAAyB,kCAAkC,KAAK;AAAA,EACpF;AACF;AAKA,SAAS,aACP,KACA,MACA,SACA,OACM;AACN,QAAM,YAA4B,EAAE,MAAM,SAAS,MAAM;AACzD,MAAI,MAAM,aAAa;AACzB;AAKA,eAAe,gBAAgB,KAAsC;AACnE,SAAO,IAAI,QAAgB,CAACC,UAAS,WAAW;AAC9C,UAAM,SAAmB,CAAC;AAE1B,QAAI,GAAG,QAAQ,CAAC,UAA2B;AACzC,aAAO,KAAK,OAAO,SAAS,KAAK,IAAI,QAAQ,OAAO,KAAK,KAAK,CAAC;AAAA,IACjE,CAAC;AAED,QAAI,GAAG,OAAO,MAAM;AAClB,MAAAA,SAAQ,OAAO,OAAO,MAAM,EAAE,SAAS,MAAM,CAAC;AAAA,IAChD,CAAC;AAED,QAAI,GAAG,SAAS,SAAO;AACrB,aAAO,GAAG;AAAA,IACZ,CAAC;AAAA,EACH,CAAC;AACH;;;AC5oBA;AAEA;AAgCO,IAAM,gBAAN,cAA4B,YAAkC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQnE,YACE,OACA,UAA4C,QAC5C,gBAAoC,QACpC;AACA;AAAA;AAAA,MAEE;AAAA,MACA;AAAA;AAAA,MACA,iBAAiB,wBAAwB;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;;;AC9DA;AAEA;AACA;AAOO,SAAS,eAAe,OAAsC;AACnE,SAAO,iBAAiB;AAC1B;AAKO,SAAS,oBAAoB,OAAqC;AAEvE,MAAI,eAAe,KAAK,GAAG;AACzB,WAAO;AAAA,MACL,MAAM,MAAM;AAAA,MACZ,OAAO,MAAM;AAAA,MACb,QAAQ,MAAM;AAAA,MACd,eAAe,MAAM;AAAA,MACrB,WAAW,MAAM,UAAU,YAAY;AAAA,MACvC,SAAS,MAAM;AAAA,IACjB;AAAA,EACF;AAGA,QAAM,gBAAgB,sBAAsB;AAC5C,MAAI;AAEJ,MAAI,iBAAiB,OAAO;AAC1B,sBAAkB,MAAM;AAAA,EAC1B,WAAW,UAAU,QAAQ,UAAU,QAAW;AAChD,sBAAkB;AAAA,EACpB,OAAO;AACL,sBAAkB,OAAO,KAAK;AAAA,EAChC;AAGA,QAAM,eAAe,IAAI;AAAA,IACvB;AAAA,IACA,EAAE,gBAAgB;AAAA,IAClB;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM,aAAa;AAAA,IACnB,OAAO,aAAa;AAAA,IACpB,QAAQ,aAAa;AAAA,IACrB,eAAe,aAAa;AAAA,IAC5B,WAAW,aAAa,UAAU,YAAY;AAAA,IAC9C,SAAS,aAAa;AAAA,EACxB;AACF;AAKO,SAAS,+BACd,cACQ;AACR,SAAO,aAAa,kBAAkB,KAAK,sBAAsB;AACnE;AAKO,SAAS,wBACd,cACA,eACM;AACN,eAAa,oBAAoB,aAAa;AAEhD;;;AClDO,SAAS,oBAAoB,UAAgC,CAAC,GAAe;AAClF,QAAM,EAAE,QAAQ,MAAM,IAAI;AAE1B,QAAM,eAAmC,OAAO,KAAc,SAAuB;AACnF,QAAI;AACF,YAAM,KAAK;AAAA,IACb,SAAS,OAAO;AAEd,UAAI,IAAI,SAAS,MAAM;AACrB,YAAI,OAAO;AACT,kBAAQ,MAAM,2CAA2C,KAAK;AAAA,QAChE;AACA;AAAA,MACF;AAGA,UAAI,OAAO;AACT,gBAAQ,MAAM,gCAAgC,KAAK;AAAA,MACrD;AAGA,YAAM,gBAAgB,+BAA+B,IAAI,QAAQ,MAAM;AAGvE,YAAM,gBAAgB,oBAAoB,KAAK;AAG/C,oBAAc,gBAAgB;AAG9B,8BAAwB,IAAI,SAAS,QAAQ,aAAa;AAG1D,UAAI,SAAS,OAAO,cAAc,MAAM,EAAE,KAAK,aAAa;AAAA,IAC9D;AAAA,EACF;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,IACT;AAAA,EACF;AACF;;;AC7DO,SAAS,qBAAqB,gBAAwC;AAC3E,SAAO,OAAO,KAAK,QAAQ;AACzB,QAAI;AAEF,YAAM,UAAU,MAAM,cAAc,KAAK,KAAK;AAAA,QAC5C,WAAW;AAAA;AAAA,MACb,CAAC;AAGD,YAAM,gBAAgB,oBAAoB;AAG1C,YAAM,gBAAgB,CAAC,eAAe,GAAG,eAAe,UAAU;AAGlE,YAAM,UAAU,QAAQ,aAAa;AAGrC,YAAM,eAAe,SAAS,YAAY;AACxC,cAAM,QAAQ,SAAS,YAAY;AACjC,cAAI,CAAC,QAAQ,SAAS,MAAM;AAE1B,kBAAM,eAAe,OAAO,cAAc,OAAO;AAEjD,gBAAI,CAAC,QAAQ,SAAS,MAAM;AAC1B,oBAAM,IAAI;AAAA,gBACR,oBAAoB,QAAQ,QAAQ,MAAM,IAAI,QAAQ,QAAQ,IAAI;AAAA,cACpE;AAAA,YACF;AAAA,UACF;AAAA,QACF,CAAC;AAAA,MACH,CAAC;AAAA,IACH,SAAS,OAAO;AAEd,cAAQ,MAAM,2BAA2B,KAAK;AAC9C,UAAI,UAAU,KAAK,EAAE,gBAAgB,mBAAmB,CAAC;AACzD,UAAI;AAAA,QACF,KAAK,UAAU;AAAA,UACb,OAAO;AAAA,UACP,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;;;AV1CA,eAAe,oBACb,cACkD;AAElD,MAAI,CAAC,aAAa,SAAS;AACzB,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,EAAE,SAAS,SAAS,IAAI;AAG9B,QAAM,YAAY,QAAQ,IAAI,aAAa;AAC3C,QAAM,sBAAsB,CAAC,WAAW,CAAC;AAEzC,MAAI,uBAAuB,WAAW;AACpC,UAAM,WAAW,MAAM,wBAAwB;AAC/C,WAAO;AAAA,EACT;AAGA,MAAI,qBAAqB;AACvB,UAAM,IAAI;AAAA,MACR;AAAA,IAEF;AAAA,EACF;AAEA,SAAO,EAAE,SAAS,SAAS;AAC7B;AAGA,SAAS,qBACP,SACA,aACuC;AACvC,MAAI,CAAC,SAAS;AACZ,WAAY,kBAAa;AAAA,EAC3B;AAGA,QAAM,qBAAgD;AAAA,IACpD,YAAY;AAAA;AAAA,EACd;AAGA,MAAI;AACF,QAAI,YAAY,SAAS;AACvB,yBAAmB,MAAS,iBAAa,YAAY,OAAO;AAAA,IAC9D;AACA,QAAI,YAAY,UAAU;AACxB,yBAAmB,OAAU,iBAAa,YAAY,QAAQ;AAAA,IAChE;AAAA,EACF,SAAS,KAAK;AACZ,UAAM,IAAI;AAAA,MACR,qCAAqC,eAAe,QAAQ,IAAI,UAAU,OAAO,GAAG,CAAC;AAAA,IACvF;AAAA,EACF;AAEA,SAAa,yBAAmB,kBAAkB;AACpD;AAGA,SAAS,aACP,QACA,MACA,MACA,SACe;AACf,SAAO,IAAI,QAAQ,CAACC,UAAS,WAAW;AACtC,WAAO,OAAO,MAAM,MAAM,MAAM;AAC9B,YAAM,WAAW,UAAU,UAAU;AACrC,YAAM,MAAM,GAAG,QAAQ,MAAM,IAAI,IAAI,IAAI;AACzC,cAAQ,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA,wBAKD,GAAG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAOnB;AACK,MAAAA,SAAQ;AAAA,IACV,CAAC;AAED,WAAO,GAAG,SAAS,SAAO;AACxB,cAAQ,MAAM,iBAAiB,GAAG;AAClC,aAAO,GAAG;AAAA,IACZ,CAAC;AAAA,EACH,CAAC;AACH;AAEA,eAAe,kBAAkB,gBAAuC;AACtE,aAAW,UAAU,eAAe,SAAS;AAC3C,QAAI,OAAO,OAAO,eAAe,YAAY;AAC3C,YAAM,OAAO,WAAW,cAAc;AAAA,IACxC;AAAA,EACF;AACF;AAGA,eAAsB,YACpB,gBACA,eACe;AAEf,MAAI,eAAe,QAAQ;AACzB;AAAA,EACF;AAEA,MAAI;AAEF,UAAM,OAAO,cAAc;AAC3B,UAAM,OAAO,cAAc;AAG3B,UAAM,kBAAkB,cAAc;AAGtC,UAAM,eAAe,cAAc,SAAS,EAAE,SAAS,KAAK;AAC5D,UAAM,UAAU,CAAC,CAAC,aAAa;AAG/B,UAAM,cAAc,MAAM,oBAAoB,YAAY;AAG1D,QAAI,cAAc,SAAS,YAAY,WAAW,YAAY,UAAU;AACtE,oBAAc,MAAM,UAAU,YAAY;AAC1C,oBAAc,MAAM,WAAW,YAAY;AAAA,IAC7C;AAGA,UAAM,SAAS,qBAAqB,SAAS,WAAW;AAGxD,mBAAe,SAAS;AAGxB,mBAAe,OAAO;AACtB,mBAAe,OAAO;AAGtB,UAAM,iBAAiB,qBAAqB,cAAc;AAC1D,WAAO,GAAG,WAAW,cAAc;AAGnC,UAAM,aAAa,QAAQ,MAAM,MAAM,OAAO;AAAA,EAChD,SAAS,OAAO;AACd,YAAQ,MAAM,2BAA2B,KAAK;AAC9C,UAAM;AAAA,EACR;AACF;;;AWjKA,IAAI,iBAAiB;AAIrB,eAAsB,WAAW,gBAAwB,UAAuB,CAAC,GAAkB;AACjG,QAAM,SAAS,eAAe;AAC9B,QAAM,SAAS,eAAe;AAE9B,MAAI,gBAAgB;AAClB,YAAQ,IAAI,gFAAsE;AAClF;AAAA,EACF;AAEA,MAAI,CAAC,QAAQ;AACX;AAAA,EACF;AAEA,mBAAiB;AACjB,QAAM,UAAU,QAAQ,WAAW;AAEnC,MAAI;AACF,QAAI,QAAQ,YAAY;AACtB,YAAM,QAAQ,WAAW;AAAA,IAC3B;AAEA,WAAO,KAAK,UAAU;AAGtB,QAAI,eAAe,UAAU,OAAO,eAAe,OAAO,UAAU,YAAY;AAC9E,cAAQ,IAAI,sCAA+B;AAC3C,UAAI;AAEF,cAAM,QAAQ,KAAK;AAAA,UACjB,eAAe,OAAO,MAAM;AAAA,UAC5B,IAAI;AAAA,YAAQ,CAAC,GAAG,WACd,WAAW,MAAM,OAAO,IAAI,MAAM,sBAAsB,CAAC,GAAG,GAAI;AAAA,UAClE;AAAA,QACF,CAAC;AACD,gBAAQ,IAAI,+BAA0B;AAAA,MACxC,SAAS,OAAO;AACd,gBAAQ,MAAM,yCAAoC,KAAK;AAAA,MAEzD;AAAA,IACF;AAGA,QAAI;AACF,YAAM,QAAQ,KAAK;AAAA,QACjB,eAAe,cAAc,aAAa,gBAAgB,MAAM;AAAA,QAChE,IAAI;AAAA,UAAQ,CAAC,GAAG,WACd,WAAW,MAAM,OAAO,IAAI,MAAM,qBAAqB,CAAC,GAAG,GAAI;AAAA,QACjE;AAAA,MACF,CAAC;AAAA,IACH,SAAS,OAAO;AACd,cAAQ,MAAM,+BAA0B,KAAK;AAAA,IAE/C;AAGA,UAAM,eAAe,IAAI,QAAc,CAACC,UAAS,WAAW;AAC1D,aAAO,MAAM,CAAC,QAAgB;AAC5B,YAAI,IAAK,QAAO,OAAO,GAAG;AAC1B,QAAAA,SAAQ;AAAA,MACV,CAAC;AAAA,IACH,CAAC;AAED,UAAM,iBAAiB,IAAI,QAAe,CAAC,GAAG,WAAW;AACvD,iBAAW,MAAM;AACf,eAAO,IAAI,MAAM,yBAAyB,CAAC;AAAA,MAC7C,GAAG,OAAO;AAAA,IACZ,CAAC;AAED,UAAM,QAAQ,KAAK,CAAC,cAAc,cAAc,CAAC;AAGjD,QAAI;AACF,YAAM,QAAQ,KAAK;AAAA,QACjB,eAAe,cAAc,iBAAiB,cAAc;AAAA,QAC5D,IAAI;AAAA,UAAQ,CAAC,GAAG,WACd,WAAW,MAAM,OAAO,IAAI,MAAM,0BAA0B,CAAC,GAAG,GAAI;AAAA,QACtE;AAAA,MACF,CAAC;AAAA,IACH,SAAS,OAAO;AACd,cAAQ,MAAM,oCAA+B,KAAK;AAAA,IAEpD;AAEA,QAAI,QAAQ,WAAW;AACrB,YAAM,QAAQ,UAAU;AAAA,IAC1B;AAEA,WAAO,KAAK,SAAS;AACrB,mBAAe,SAAS;AAExB,YAAQ,IAAI,oCAA+B;AAC3C,qBAAiB;AAAA,EACnB,SAAS,OAAO;AACd,qBAAiB;AACjB,YAAQ,MAAM,+CAAqC,KAAK;AAGxD,QAAI,UAAU,OAAO,OAAO,UAAU,YAAY;AAChD,aAAO,MAAM;AAAA,IACf;AAGA,QAAI,QAAQ,IAAI,aAAa,eAAe;AAC1C,cAAQ,IAAI,mDAA4C;AACxD,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,WAAO,KAAK,SAAS,KAAK;AAC1B,UAAM;AAAA,EACR;AACF;AAKO,SAAS,uBAAuB,QAAyD;AAC9F,QAAM,gBAAgB,QAAQ,IAAI,aAAa;AAE/C,MAAI,eAAe;AAEjB,UAAM,gBAAgB,MAAM;AAC1B,cAAQ,IAAI,oEAA6D;AACzE,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,UAAM,iBAAiB,MAAM;AAC3B,cAAQ,IAAI,qEAA8D;AAC1E,cAAQ,KAAK,CAAC;AAAA,IAChB;AAEA,YAAQ,GAAG,UAAU,aAAa;AAClC,YAAQ,GAAG,WAAW,cAAc;AAEpC,WAAO;AAAA,MACL,YAAY,MAAM;AAChB,gBAAQ,eAAe,UAAU,aAAa;AAC9C,gBAAQ,eAAe,WAAW,cAAc;AAAA,MAClD;AAAA,IACF;AAAA,EACF,OAAO;AAEL,UAAM,gBAAgB,MAAM;AAC1B,cAAQ,IAAI,0DAAmD;AAC/D,aAAO,EAAE,MAAM,QAAQ,KAAK;AAAA,IAC9B;AAEA,UAAM,iBAAiB,MAAM;AAC3B,cAAQ,IAAI,2DAAoD;AAChE,aAAO,EAAE,MAAM,QAAQ,KAAK;AAAA,IAC9B;AAEA,YAAQ,GAAG,UAAU,aAAa;AAClC,YAAQ,GAAG,WAAW,cAAc;AAEpC,WAAO;AAAA,MACL,YAAY,MAAM;AAChB,gBAAQ,eAAe,UAAU,aAAa;AAC9C,gBAAQ,eAAe,WAAW,cAAc;AAAA,MAClD;AAAA,IACF;AAAA,EACF;AACF;;;ACxKA,iBAAkB;AAOlB,IAAM,mBAAmB,aAAE;AAAA,EACzB,UACE,SAAS,QACT,OAAO,SAAS,YAChB,aAAa,QACb,OAAO,KAAK,YAAY;AAAA,EAC1B;AAAA,IACE,SAAS;AAAA,EACX;AACF;AAGA,IAAM,eAAe,aAAE;AAAA,EACrB,UACE,SAAS,QACT,OAAO,SAAS,YAChB,cAAc,QACd,OAAO,KAAK,aAAa;AAAA,EAC3B;AAAA,IACE,SAAS;AAAA,EACX;AACF;AAGA,IAAM,cAAc,aACjB,OAAO;AAAA,EACN,SAAS,aAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,IAAI;AAAA,EAC5C,SAAS,aAAE,OAAO,EAAE,SAAS;AAAA,EAC7B,UAAU,aAAE,OAAO,EAAE,SAAS;AAChC,CAAC,EACA;AAAA,EACC,UAAQ;AAGN,QAAI,KAAK,WAAW,QAAQ,IAAI,aAAa,cAAc;AACzD,aAAO,KAAK,WAAW,KAAK;AAAA,IAC9B;AACA,WAAO;AAAA,EACT;AAAA,EACA;AAAA,IACE,SACE;AAAA,EACJ;AACF;AAGK,IAAM,sBAAsB,aAAE,OAAO;AAAA,EAC1C,MAAM,aAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,GAAI;AAAA,EACzD,MAAM,aAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,WAAW;AAAA,EAC/C,WAAW,aAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,UAAU;AAAA,EACnD,OAAO,YAAY,SAAS,EAAE,QAAQ;AAAA,IACpC,SAAS;AAAA,EACX,CAAC;AAAA,EACD,YAAY,aAAE,MAAM,gBAAgB,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AAAA,EAC3D,SAAS,aAAE,MAAM,YAAY,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;AACtD,CAAC;AAEM,SAAS,sBAAsB,SAA4C;AAChF,MAAI;AACF,WAAO,oBAAoB,MAAM,OAAO;AAAA,EAC1C,SAAS,OAAO;AAEd,QAAI,iBAAiB,aAAE,UAAU;AAE/B,YAAM,iBAAiB,MAAM,OAAO;AACpC,YAAM,IAAI,MAAM,2BAA2B,KAAK,UAAU,gBAAgB,MAAM,CAAC,CAAC,EAAE;AAAA,IACtF;AAEA,UAAM,IAAI,MAAM,2BAA2B,OAAO,KAAK,CAAC,EAAE;AAAA,EAC5D;AACF;;;ACvEO,SAAS,6BACd,UAAkC,CAAC,GACX;AACxB,QAAM,EAAE,kBAAkB,MAAM,QAAQ,OAAO,QAAQ,IAAI;AAK3D,WAAS,IAAI,YAAoB,MAAa;AAC5C,QAAI,OAAO;AACT,cAAQ,IAAI,qBAAqB,OAAO,IAAI,GAAG,IAAI;AAAA,IACrD;AAAA,EACF;AAKA,WAAS,YAAY,QAAgB,OAAe,OAAc;AAChE,UAAM,eAAe,UAAU,OAAO,IAAI,kBAAkB,KAAK,KAAK,MAAM,OAAO;AAEnF,QAAI,SAAS;AACX,cAAQ,QAAQ,OAAO,KAAK;AAAA,IAC9B,OAAO;AACL,cAAQ,MAAM,cAAc,KAAK;AAAA,IACnC;AAEA,QAAI,CAAC,iBAAiB;AACpB,YAAM,IAAI,MAAM,YAAY;AAAA,IAC9B;AAAA,EACF;AAEA,SAAO;AAAA;AAAA;AAAA;AAAA,IAIL,MAAM,kBAAkB,QAA+B;AACrD,UAAI,yBAAyB;AAE7B,iBAAW,UAAU,OAAO,SAAS;AACnC,YAAI,OAAO,YAAY;AACrB,cAAI;AACF,gBAAI,wBAAwB,OAAO,IAAI,EAAE;AACzC,kBAAM,OAAO,WAAW,MAAM;AAAA,UAChC,SAAS,OAAO;AACd,wBAAY,QAAQ,cAAc,KAAc;AAAA,UAClD;AAAA,QACF;AAAA,MACF;AAEA,UAAI,eAAe,OAAO,QAAQ,MAAM,UAAU;AAAA,IACpD;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,iBAAiB,QAA+B;AACpD,UAAI,wBAAwB;AAE5B,YAAM,qBAAqB,CAAC,GAAG,OAAO,OAAO,EAAE,QAAQ;AAEvD,iBAAW,UAAU,oBAAoB;AACvC,YAAI,OAAO,WAAW;AACpB,cAAI;AACF,gBAAI,uBAAuB,OAAO,IAAI,EAAE;AACxC,kBAAM,OAAO,UAAU,MAAM;AAAA,UAC/B,SAAS,OAAO;AACd,wBAAY,QAAQ,aAAa,KAAc;AAAA,UACjD;AAAA,QACF;AAAA,MACF;AAEA,UAAI,cAAc,mBAAmB,MAAM,UAAU;AAAA,IACvD;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,cAAc,QAAgB,YAAgC;AAClE,UAAI,sCAAsC;AAE1C,iBAAW,UAAU,OAAO,SAAS;AACnC,YAAI,OAAO,eAAe;AACxB,cAAI;AACF,gBAAI,qCAAqC,OAAO,IAAI,EAAE;AACtD,kBAAM,OAAO,cAAc,UAAU;AAAA,UACvC,SAAS,OAAO;AACd,wBAAY,QAAQ,iBAAiB,KAAc;AAAA,UACrD;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,aAAa,QAAgB,YAAgC;AACjE,UAAI,qCAAqC;AAEzC,YAAM,kBAAkB,CAAC,GAAG,OAAO,OAAO,EAAE,QAAQ;AAEpD,iBAAW,UAAU,iBAAiB;AACpC,YAAI,OAAO,cAAc;AACvB,cAAI;AACF,gBAAI,oCAAoC,OAAO,IAAI,EAAE;AACrD,kBAAM,OAAO,aAAa,UAAU;AAAA,UACtC,SAAS,OAAO;AACd,wBAAY,QAAQ,gBAAgB,KAAc;AAAA,UACpD;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AACF;;;ACpFO,IAAM,wBAAN,cAAoC,MAAM;AAAA,EAC/C,YACS,YACP,SACA;AACA,UAAM,0BAA0B,aAAa,SAAS,UAAU,MAAM,EAAE,KAAK,OAAO,EAAE;AAH/E;AAIP,SAAK,OAAO;AAAA,EACd;AACF;;;AC1BA,IAAM,iBAAiB,oBAAI,IAAI;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAKD,IAAM,qBAAqB;AAK3B,IAAM,wBAAwB;AAKvB,SAAS,eACd,QACA,UAAmC,CAAC,GACV;AAC1B,QAAM,EAAE,iBAAiB,MAAM,qBAAqB,MAAM,qBAAqB,KAAK,IAAI;AAGxF,MAAI,CAAC,UAAU,OAAO,WAAW,UAAU;AACzC,UAAM,IAAI,sBAAsB,IAAI,0BAA0B;AAAA,EAChE;AAEA,QAAM,IAAI;AAGV,MAAI,CAAC,EAAE,QAAQ,OAAO,EAAE,SAAS,UAAU;AACzC,UAAM,IAAI,sBAAsB,IAAI,kCAAkC;AAAA,EACxE;AAGA,MAAI,sBAAsB,CAAC,mBAAmB,KAAK,EAAE,IAAI,GAAG;AAC1D,UAAM,IAAI;AAAA,MACR,EAAE;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,MAAI,sBAAsB,eAAe,IAAI,EAAE,KAAK,YAAY,CAAC,GAAG;AAClE,UAAM,IAAI,sBAAsB,EAAE,MAAM,gBAAgB,EAAE,IAAI,eAAe;AAAA,EAC/E;AAGA,MAAI,gBAAgB;AAClB,QAAI,CAAC,EAAE,WAAW,OAAO,EAAE,YAAY,UAAU;AAC/C,YAAM,IAAI,sBAAsB,EAAE,MAAM,qCAAqC;AAAA,IAC/E;AAEA,QAAI,CAAC,sBAAsB,KAAK,EAAE,OAAO,GAAG;AAC1C,YAAM,IAAI;AAAA,QACR,EAAE;AAAA,QACF;AAAA,MACF;AAAA,IACF;AAAA,EACF;AAGA,MAAI,CAAC,EAAE,YAAY,OAAO,EAAE,aAAa,YAAY;AACnD,UAAM,IAAI,sBAAsB,EAAE,MAAM,+CAA+C;AAAA,EACzF;AAGA,QAAM,mBAAmB,CAAC,cAAc,aAAa,iBAAiB,cAAc;AAEpF,aAAW,UAAU,kBAAkB;AACrC,QAAI,EAAE,MAAM,KAAK,OAAO,EAAE,MAAM,MAAM,YAAY;AAChD,YAAM,IAAI,sBAAsB,EAAE,MAAM,UAAU,MAAM,iCAAiC;AAAA,IAC3F;AAAA,EACF;AAkBF;;;AClHA,aAAwB;AACxB,IAAAC,MAAoB;AACpB,yBAA8B;AAC9B,IAAAC,QAAsB;;;ACCtB,eAAsB,cAAc,UAAkB;AAEpD,QAAM,cAAc,MAAM,KAAK,IAAI,CAAC;AACpC,QAAM,aAAa,WAAW;AAE9B,MAAI;AACF,UAAMC,UAAS,MAAM,OAAO;AAC5B,YAAQ,IAAI,qCAAgC;AAC5C,WAAOA;AAAA,EACT,SAAS,OAAO;AAEd,UAAM,eAAe,iBAAiB,QAAQ,MAAM,UAAU,OAAO,KAAK;AAC1E,YAAQ,IAAI,yEAA+D,YAAY;AAEvF,WAAO,OAAO;AAAA,EAChB;AACF;AAKA,eAAsB,gBAAgB,UAAkB,UAAoC;AAC1F,MAAI;AAEF,UAAM,cAAc,eAAe,UAAU,QAAQ;AAErD,UAAMA,UAAS,MAAM,cAAc,QAAQ;AAC3C,YAAQ,IAAI,6BAAsB,OAAO,KAAKA,OAAM,CAAC;AAErD,UAAM,SAAkB,CAAC;AAGzB,QAAIA,QAAO,WAAW,OAAOA,QAAO,YAAY,UAAU;AACxD,YAAM,QAAe;AAAA,QACnB,GAAIA,QAAO;AAAA,QACX,MAAM,YAAY;AAAA,MACpB;AAEA,aAAO,KAAK,KAAK;AAAA,IACnB;AAGA,WAAO,QAAQA,OAAM,EAAE,QAAQ,CAAC,CAAC,YAAY,WAAW,MAAM;AAE5D,UAAI,eAAe,aAAa,CAAC,eAAe,OAAO,gBAAgB,UAAU;AAC/E;AAAA,MACF;AAGA,YAAM,iBAAiB;AAEvB,UAAI,aAAa,cAAc,GAAG;AAEhC,cAAM,QAAe;AAAA,UACnB,GAAG;AAAA;AAAA,UAEH,MAAM,YAAY;AAAA,QACpB;AAEA,eAAO,KAAK,KAAK;AAAA,MACnB;AAAA,IACF,CAAC;AAED,QAAI,OAAO,WAAW,GAAG;AACvB,cAAQ,KAAK,cAAc,QAAQ,8CAA8C;AACjF,aAAO,CAAC;AAAA,IACV;AAEA,YAAQ,IAAI,8BAAyB,OAAO,MAAM,WAAW;AAC7D,WAAO;AAAA,EACT,SAAS,OAAO;AACd,YAAQ,MAAM,+BAA+B,QAAQ,KAAK,KAAK;AAC/D,WAAO,CAAC;AAAA,EACV;AACF;AAKA,SAAS,aAAa,KAAmB;AACvC,MAAI,CAAC,OAAO,OAAO,QAAQ,UAAU;AACnC,WAAO;AAAA,EACT;AAGA,QAAM,cAAc,CAAC,OAAO,QAAQ,OAAO,UAAU,SAAS,QAAQ,SAAS;AAC/E,QAAM,gBAAgB,YAAY;AAAA,IAChC,YAAU,IAAI,MAAM,KAAK,OAAO,IAAI,MAAM,MAAM,YAAY,IAAI,MAAM,EAAE;AAAA,EAC1E;AAEA,SAAO;AACT;;;AD/FA;AASA,IAAM,iBAAiB,oBAAI,IAAuB;AAElD,eAAsB,mBACpB,UACA,WACA,cAAuB,MACL;AAClB,QAAMC,QAAO,MAAS,SAAK,QAAQ;AACnC,QAAM,eAAeA,MAAK,MAAM,QAAQ;AACxC,QAAM,cAAc,eAAe,IAAI,QAAQ;AAG/C,MAAI,eAAe,eAAe,YAAY,cAAc,cAAc;AACxE,WAAO,YAAY;AAAA,EACrB;AAGA,wBAAsB,QAAQ;AAG9B,QAAM,SAAS,MAAM,gBAAgB,UAAU,SAAS;AAGxD,MAAI,aAAa;AAEf,UAAM,OAAO,WAAW,MAAM;AAG9B,mBAAe,IAAI,UAAU;AAAA,MAC3B;AAAA,MACA,WAAW;AAAA,MACX;AAAA,IACF,CAAC;AAAA,EACH;AAEA,SAAO;AACT;AAEO,SAAS,uBAAuB,UAAkB,WAA6B;AACpF,QAAM,cAAc,eAAe,IAAI,QAAQ;AAC/C,MAAI,CAAC,aAAa;AAChB,WAAO;AAAA,EACT;AAEA,QAAM,UAAU,WAAW,SAAS;AAEpC,SAAO,YAAY,SAAS;AAC9B;AAEO,SAAS,eAAe,UAAyB;AACtD,MAAI,UAAU;AACZ,mBAAe,OAAO,QAAQ;AAAA,EAChC,OAAO;AACL,mBAAe,MAAM;AAAA,EACvB;AACF;AAEA,SAAS,WAAW,QAAyB;AAC3C,QAAM,YAAY,OAAO,IAAI,YAAU;AAAA,IACrC,MAAM,MAAM;AAAA,IACZ,SAAS,OAAO,KAAK,KAAK,EACvB,OAAO,SAAO,QAAQ,MAAM,EAC5B,KAAK,EACL,IAAI,YAAU;AACb,YAAM,YAAY,MAAM,MAAqB;AAC7C,YAAM,gBAAgB,WAAW,UAAU,UAAU,QAAQ,SAAS,IAAI;AAC1E,aAAO;AAAA,QACL;AAAA;AAAA,QAEA,SAAS;AAAA;AAAA,QAET,YAAY,WAAW,aAAa,UAAU,WAAW,SAAS;AAAA;AAAA,QAElE,WAAW,CAAC,CAAC,WAAW;AAAA,QACxB,YAAY,WAAW,SAAS,OAAO,KAAK,UAAU,MAAM,EAAE,KAAK,IAAI,CAAC;AAAA,MAC1E;AAAA,IACF,CAAC;AAAA,EACL,EAAE;AAEF,QAAM,aAAa,KAAK,UAAU,SAAS;AAC3C,QAAM,OAAc,kBAAW,KAAK,EAAE,OAAO,UAAU,EAAE,OAAO,KAAK;AAErE,SAAO;AACT;AAEA,SAAS,sBAAsB,UAAwB;AACrD,MAAI;AAEF,UAAM,eAAoB,cAAQ,QAAQ;AAG1C,QAAI,OAAO,YAAY,aAAa;AAElC,aAAO,QAAQ,MAAM,YAAY;AAGjC,UAAI;AACF,cAAM,eAAe,QAAQ,QAAQ,YAAY;AACjD,eAAO,QAAQ,MAAM,YAAY;AAAA,MACnC,SAAS,cAAc;AAErB,cAAM,eACJ,wBAAwB,QAAQ,aAAa,UAAU,OAAO,YAAY;AAC5E,gBAAQ,IAAI,wCAA8B,YAAY,EAAE;AAAA,MAC1D;AAAA,IACF,OAAO;AAEL,UAAI;AACF,cAAMC,eAAU,kCAAc,YAAY,GAAG;AAC7C,eAAOA,SAAQ,MAAM,YAAY;AAEjC,YAAI;AACF,gBAAM,eAAeA,SAAQ,QAAQ,YAAY;AACjD,iBAAOA,SAAQ,MAAM,YAAY;AAAA,QACnC,QAAQ;AACN,kBAAQ,IAAI,yCAA+B;AAAA,QAC7C;AAAA,MACF,QAAQ;AACN,gBAAQ,IAAI,sDAA4C;AAAA,MAC1D;AAAA,IACF;AAAA,EACF,SAAS,OAAO;AACd,YAAQ,IAAI,2DAAiD,QAAQ,KAAK,KAAK;AAAA,EACjF;AACF;;;AErIA,SAAoB;;;ACApB,IAAAC,MAAoB;AACpB,IAAAC,QAAsB;AAOtB,eAAsB,eACpB,WACA,UAAiC,CAAC,GACf;AAEnB,QAAM,cAAmB,iBAAW,SAAS,IACzC,YACK,cAAQ,QAAQ,IAAI,GAAG,SAAS;AAEzC,UAAQ,IAAI,0CAA0C,WAAW;AAGjE,MAAI;AACF,UAAM,QAAQ,MAAS,SAAK,WAAW;AACvC,QAAI,CAAC,MAAM,YAAY,GAAG;AACxB,YAAM,IAAI,MAAM,uCAAuC,WAAW,EAAE;AAAA,IACtE;AAAA,EACF,SAAS,OAAO;AACd,QAAK,MAAgC,SAAS,UAAU;AACtD,YAAM,IAAI,MAAM,8BAA8B,WAAW,EAAE;AAAA,IAC7D;AACA,UAAM;AAAA,EACR;AAEA,QAAM,aAAuB,CAAC;AAC9B,QAAM,SAAS,QAAQ,UAAU,CAAC,gBAAgB,MAAM;AAExD,iBAAe,cAAc,KAAa;AACxC,UAAM,UAAU,MAAS,YAAQ,KAAK,EAAE,eAAe,KAAK,CAAC;AAE7D,eAAW,SAAS,SAAS;AAC3B,YAAM,WAAgB,WAAK,KAAK,MAAM,IAAI;AAG1C,UAAI,MAAM,YAAY,KAAK,OAAO,SAAS,MAAM,IAAI,GAAG;AACtD;AAAA,MACF;AAEA,UAAI,MAAM,YAAY,GAAG;AACvB,cAAM,cAAc,QAAQ;AAAA,MAC9B,WAAW,YAAY,MAAM,IAAI,GAAG;AAClC,mBAAW,KAAK,QAAQ;AAAA,MAC1B;AAAA,IACF;AAAA,EACF;AAEA,QAAM,cAAc,WAAW;AAC/B,SAAO;AACT;AAKA,SAAS,YAAY,UAA2B;AAE9C,SAAO,CAAC,SAAS,WAAW,GAAG,MAAM,SAAS,SAAS,KAAK,KAAK,SAAS,SAAS,KAAK;AAC1F;;;ADzDA,eAAsB,uBACpB,WACA,WACA,cAAsB,KAAK,IAAI,GAAG,KAAK,MAAS,QAAK,EAAE,SAAS,CAAC,CAAC,GAC9C;AACpB,QAAM,SAAS,WAAW,WAAW,WAAW;AAChD,QAAM,UAAqB,CAAC;AAE5B,aAAW,SAAS,QAAQ;AAC1B,UAAM,eAAe,MAAM,QAAQ,WAAW,MAAM,IAAI,cAAY,UAAU,QAAQ,CAAC,CAAC;AAExF,UAAM,oBAAoB,aACvB,OAAO,YAAU,OAAO,WAAW,WAAW,EAC9C,IAAI,YAAW,OAA2C,KAAK;AAElE,YAAQ,KAAK,GAAG,iBAAiB;AAAA,EACnC;AAEA,SAAO;AACT;AAEA,eAAsB,0BAA0B,WAAqC;AACnF,QAAM,QAAQ,MAAM,eAAe,SAAS;AAC5C,QAAM,cAAc,MAAM;AAAA,IAAuB;AAAA,IAAO,cACtD,mBAAmB,UAAU,SAAS;AAAA,EACxC;AAEA,SAAO,YAAY,KAAK;AAC1B;AAEA,SAAS,WAAc,OAAY,WAA0B;AAC3D,QAAM,SAAgB,CAAC;AACvB,WAAS,IAAI,GAAG,IAAI,MAAM,QAAQ,KAAK,WAAW;AAChD,WAAO,KAAK,MAAM,MAAM,GAAG,IAAI,SAAS,CAAC;AAAA,EAC3C;AACA,SAAO;AACT;;;AEzCA,IAAM,gBAA+B;AAAA,EACnC,aAAa;AAAA,EACb,iBAAiB;AAAA,EACjB,mBAAmB;AAAA,EACnB,aAAa,CAAC;AAChB;AAEO,SAAS,uBAAuB,UAAkB,WAAyB;AAChF,QAAM,WAAW,KAAK,IAAI,IAAI;AAE9B,gBAAc;AACd,gBAAc,mBAAmB;AACjC,gBAAc,oBAAoB,cAAc,kBAAkB,cAAc;AAEhF,MAAI,WAAW,KAAK;AAClB,kBAAc,YAAY,KAAK,EAAE,MAAM,UAAU,MAAM,SAAS,CAAC;AACjE,QAAI,cAAc,YAAY,SAAS,IAAI;AACzC,oBAAc,YAAY,MAAM;AAAA,IAClC;AAAA,EACF;AAEA,MAAI,QAAQ,IAAI,aAAa,eAAe;AAC1C,UAAM,QAAQ,WAAW,KAAK,WAAM,WAAW,MAAM,cAAO;AAC5D,YAAQ,IAAI,GAAG,KAAK,kBAAkB,QAAQ,KAAK,QAAQ,KAAK;AAAA,EAClE;AACF;AAaO,SAAS,wBACd,IACA,UACG;AACH,UAAQ,IAAI,6BAA6B,QAAQ,EAAE;AACnD,SAAQ,UAAU,SAAwB;AACxC,UAAM,YAAY,KAAK,IAAI;AAC3B,QAAI;AACF,YAAM,SAAS,MAAM,GAAG,GAAG,IAAI;AAC/B,6BAAuB,UAAU,SAAS;AAC1C,aAAO;AAAA,IACT,SAAS,OAAO;AACd,6BAAuB,UAAU,SAAS;AAC1C,YAAM;AAAA,IACR;AAAA,EACF;AACF;;;ACxDA,IAAAC,QAAsB;AAEtB,sBAAsB;AAUf,SAAS,YAAY,WAAmB,UAAwB,CAAC,GAAG;AAEzE,QAAM,aAAa,QAAQ,cAAc;AACzC,QAAM,qBAAqB,oBAAI,IAA4B;AAE3D,WAAS,wBACP,IACA,UACkC;AAClC,WAAO,IAAI,SAAwB;AAEjC,YAAM,kBAAkB,mBAAmB,IAAI,QAAQ;AACvD,UAAI,iBAAiB;AACnB,qBAAa,eAAe;AAAA,MAC9B;AAGA,YAAM,YAAY,WAAW,MAAM;AACjC,WAAG,GAAG,IAAI;AACV,2BAAmB,OAAO,QAAQ;AAAA,MACpC,GAAG,UAAU;AAEb,yBAAmB,IAAI,UAAU,SAAS;AAAA,IAC5C;AAAA,EACF;AAEA,QAAM,eAAe,oBAAI,IAAqB;AAG9C,iBAAe,oBAAoB;AACjC,QAAI;AACF,YAAM,QAAQ,MAAM,eAAe,WAAW;AAAA,QAC5C,QAAQ,QAAQ;AAAA,MAClB,CAAC;AAED,iBAAW,YAAY,OAAO;AAC5B,cAAM,cAAc,QAAQ;AAAA,MAC9B;AAAA,IACF,SAAS,OAAO;AACd,kBAAY,KAAK;AAAA,IACnB;AAAA,EACF;AAGA,iBAAe,cAAc,UAAkB;AAC7C,QAAI;AACF,YAAM,iBAAiB,aAAa,IAAI,QAAQ;AAGhD,YAAM,YAAY,MAAM,mBAAmB,UAAU,WAAW,KAAK;AAErE,UAAI,CAAC,aAAa,UAAU,WAAW,GAAG;AACxC;AAAA,MACF;AAGA,UAAI,kBAAkB,CAAC,uBAAuB,UAAU,SAAS,GAAG;AAClE;AAAA,MACF;AAGA,YAAM,mBAAmB,UAAU,WAAW,IAAI;AAElD,YAAM,iBAAsB,gBAAU,QAAQ;AAE9C,UAAI,gBAAgB;AAClB,qBAAa,IAAI,UAAU,SAAS;AACpC,YAAI,QAAQ,gBAAgB;AAC1B,kBAAQ,eAAe,gBAAgB,SAAS;AAAA,QAClD;AAAA,MACF,OAAO;AACL,qBAAa,IAAI,UAAU,SAAS;AACpC,YAAI,QAAQ,cAAc;AACxB,kBAAQ,aAAa,gBAAgB,SAAS;AAAA,QAChD;AAAA,MACF;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,IAAI,sCAA4B,QAAQ,KAAK,KAAK;AAC1D,kBAAY,KAAK;AAAA,IACnB;AAAA,EACF;AAGA,WAAS,cAAc,UAAkB;AACvC,UAAM,iBAAsB,gBAAU,QAAQ;AAC9C,UAAM,SAAS,aAAa,IAAI,cAAc;AAE9C,QAAI,UAAU,OAAO,SAAS,KAAK,QAAQ,gBAAgB;AACzD,cAAQ,eAAe,gBAAgB,MAAM;AAAA,IAC/C;AAEA,iBAAa,OAAO,cAAc;AAAA,EACpC;AAGA,WAAS,YAAY,OAAgB;AACnC,QAAI,QAAQ,WAAW,iBAAiB,OAAO;AAC7C,cAAQ,QAAQ,KAAK;AAAA,IACvB,OAAO;AACL,cAAQ,MAAM,qCAA2B,KAAK;AAAA,IAChD;AAAA,EACF;AAIA,QAAM,cAAU,uBAAM,WAAW;AAAA;AAAA,IAE/B,kBAAkB;AAAA,MAChB,oBAAoB;AAAA;AAAA,MACpB,cAAc;AAAA;AAAA,IAChB;AAAA;AAAA,IAGA,YAAY;AAAA,IACZ,QAAQ;AAAA,IACR,gBAAgB;AAAA,IAChB,OAAO;AAAA;AAAA,IAGP,SAAS;AAAA,MACP;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA;AAAA,MACA,GAAI,QAAQ,UAAU,CAAC;AAAA,IACzB;AAAA,EACF,CAAC;AAGD,UACG,GAAG,OAAO,cAAY;AACrB,UAAM,gBAAgB,wBAAwB,eAAe,QAAQ;AACrE,kBAAc,QAAQ;AAAA,EACxB,CAAC,EACA,GAAG,UAAU,cAAY;AACxB,UAAM,gBAAgB,wBAAwB,eAAe,QAAQ;AAGrE,kBAAc,QAAQ;AAAA,EACxB,CAAC,EACA,GAAG,UAAU,cAAY;AACxB,UAAM,kBAAkB,wBAAwB,eAAe,QAAQ;AACvE,oBAAgB,QAAQ;AAAA,EAC1B,CAAC,EACA,GAAG,SAAS,WAAW;AAG1B,oBAAkB,EAAE,MAAM,WAAW;AAGrC,SAAO;AAAA,IACL,OAAO,MAAM;AAEX,yBAAmB,QAAQ,aAAW,aAAa,OAAO,CAAC;AAC3D,yBAAmB,MAAM;AAEzB,aAAO,QAAQ,MAAM;AAAA,IACvB;AAAA,IACA,WAAW,MAAM;AACf,YAAM,YAAqB,CAAC;AAC5B,iBAAW,UAAU,aAAa,OAAO,GAAG;AAC1C,kBAAU,KAAK,GAAG,MAAM;AAAA,MAC1B;AACA,aAAO;AAAA,IACT;AAAA,IACA,iBAAiB,MAAM,IAAI,IAAI,YAAY;AAAA,EAC7C;AACF;;;ACxLA,IAAAC,cAAkB;;;ACAlB,IAAAC,cAAkB;AAKX,SAAS,aAAgB,MAAe,QAAyB;AACtE,MAAI,kBAAkB,cAAE,WAAW;AACjC,WAAO,OAAO,OAAO,EAAE,MAAM,IAAI;AAAA,EACnC;AAEA,SAAO,OAAO,MAAM,IAAI;AAC1B;;;ACXA,IAAAC,cAAkB;AAKX,SAAS,eACd,QACA,QACG;AACH,MAAI,kBAAkB,cAAE,WAAW;AAEjC,WAAO,OAAO,OAAO,EAAE,MAAM,MAAM;AAAA,EACrC;AAEA,SAAO,OAAO,MAAM,MAAM;AAC5B;;;ACfA,IAAAC,cAAkB;AAKX,SAAS,cACd,OACA,QACG;AACH,MAAI,kBAAkB,cAAE,WAAW;AAEjC,WAAO,OAAO,OAAO,EAAE,MAAM,KAAK;AAAA,EACpC;AAEA,SAAO,OAAO,MAAM,KAAK;AAC3B;;;ACfA,IAAAC,cAAkB;AAKX,SAAS,iBACd,UACA,QACG;AACH,MAAI,kBAAkB,cAAE,WAAW;AACjC,WAAO,OAAO,OAAO,EAAE,MAAM,QAAQ;AAAA,EACvC;AAEA,SAAO,OAAO,MAAM,QAAQ;AAC9B;;;AJRA;AACA;AASO,SAAS,uBAAuB,QAAqB,QAAiB,OAAmB;AAC9F,QAAM,eAAmC,OAAO,KAAc,SAAuB;AAEnF,QAAI,OAAO,UAAU,IAAI,QAAQ,QAAQ;AACvC,UAAI;AACF,YAAI,QAAQ,SAAS,eAAe,IAAI,QAAQ,QAAQ,OAAO,MAAM;AAAA,MACvE,SAAS,OAAO;AACd,cAAM,cAAc,sBAAsB,KAAK;AAC/C,cAAM,aAAa,YAAY,OAAO,CAAC,KAAK,OAAO,MAAM,GAAG,SAAS,QAAQ,CAAC;AAE9E,cAAM,IAAI,gBAAgB,6BAA6B;AAAA,UACrD,QAAQ;AAAA,UACR;AAAA,UACA,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAAA,IACF;AAGA,QAAI,OAAO,SAAS,IAAI,QAAQ,OAAO;AACrC,UAAI;AACF,YAAI,QAAQ,QAAQ,cAAc,IAAI,QAAQ,OAAO,OAAO,KAAK;AAAA,MACnE,SAAS,OAAO;AACd,cAAM,cAAc,sBAAsB,KAAK;AAC/C,cAAM,aAAa,YAAY,OAAO,CAAC,KAAK,OAAO,MAAM,GAAG,SAAS,QAAQ,CAAC;AAE9E,cAAM,IAAI,gBAAgB,6BAA6B;AAAA,UACrD,QAAQ;AAAA,UACR;AAAA,UACA,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAAA,IACF;AAGA,QAAI,OAAO,MAAM;AACf,UAAI;AACF,YAAI,QAAQ,OAAO,aAAa,IAAI,QAAQ,MAAM,OAAO,IAAI;AAAA,MAC/D,SAAS,OAAO;AACd,cAAM,cAAc,sBAAsB,KAAK;AAC/C,cAAM,aAAa,YAAY,OAAO,CAAC,KAAK,OAAO,MAAM,GAAG,SAAS,QAAQ,CAAC;AAE9E,cAAM,IAAI,gBAAgB,6BAA6B;AAAA,UACrD,QAAQ;AAAA,UACR;AAAA,UACA,SAAS;AAAA,QACX,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,KAAK;AAAA,EACb;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,IACT;AAAA,EACF;AACF;AAKO,SAAS,wBACd,gBACA,QAAiB,OACL;AACZ,QAAM,eAAmC,OAAO,KAAK,SAAS;AAE5D,UAAM,eAAe,IAAI,SAAS;AAGlC,QAAI,SAAS,OAAO,CAAC,MAAe,WAAoB;AACtD,UAAI;AAEF,cAAM,gBAAgB,iBAAiB,MAAM,cAAc;AAG3D,YAAI,SAAS,OAAO;AAGpB,eAAO,aAAa,KAAK,IAAI,UAAU,eAAe,MAAM;AAAA,MAC9D,SAAS,OAAO;AAEd,YAAI,SAAS,OAAO;AAEpB,cAAM,IAAI,oBAAoB,8BAA8B;AAAA,UAC1D,gBAAgB,eAAe,eAAe;AAAA,UAC9C,iBAAiB,sBAAsB,KAAK;AAAA,UAC5C,kBAAkB;AAAA,QACpB,CAAC;AAAA,MACH;AAAA,IACF;AAEA,UAAM,KAAK;AAAA,EACb;AAEA,SAAO;AAAA,IACL,MAAM;AAAA,IACN,SAAS;AAAA,IACT;AAAA,EACF;AACF;AAqBA,SAAS,sBAAsB,OAAyD;AACtF,MAAI,iBAAiB,cAAE,UAAU;AAE/B,UAAM,gBAAgB,oBAAI,IAAsB;AAEhD,eAAW,SAAS,MAAM,QAAQ;AAEhC,YAAM,YAAY,MAAM,KAAK,SAAS,IAAI,MAAM,KAAK,KAAK,GAAG,IAAI;AAEjE,UAAI,CAAC,cAAc,IAAI,SAAS,GAAG;AACjC,sBAAc,IAAI,WAAW,CAAC,CAAC;AAAA,MACjC;AACA,oBAAc,IAAI,SAAS,EAAG,KAAK,MAAM,OAAO;AAAA,IAClD;AAGA,WAAO,MAAM,KAAK,cAAc,QAAQ,CAAC,EAAE,IAAI,CAAC,CAAC,OAAO,QAAQ,OAAO;AAAA,MACrE;AAAA,MACA;AAAA,IACF,EAAE;AAAA,EACJ;AAEA,MAAI,iBAAiB,OAAO;AAC1B,WAAO,CAAC,EAAE,OAAO,WAAW,UAAU,CAAC,MAAM,OAAO,EAAE,CAAC;AAAA,EACzD;AAEA,SAAO,CAAC,EAAE,OAAO,WAAW,UAAU,CAAC,OAAO,KAAK,CAAC,EAAE,CAAC;AACzD;;;AK7JA,eAAsB,eACpB,KACA,cACA,QACe;AAEf,QAAM,aAAa,CAAC,GAAI,aAAa,cAAc,CAAC,CAAE;AAGtD,MAAI,aAAa,QAAQ;AACvB,QAAI,aAAa,OAAO,UAAU,aAAa,OAAO,SAAS,aAAa,OAAO,MAAM;AACvF,iBAAW,QAAQ,uBAAuB,aAAa,MAAM,CAAC;AAAA,IAChE;AAEA,QAAI,aAAa,OAAO,UAAU;AAChC,iBAAW,KAAK,wBAAwB,aAAa,OAAO,QAAQ,CAAC;AAAA,IACvE;AAAA,EACF;AAGA,QAAM,UAAU,QAAQ,CAAC,GAAG,UAAU,CAAC;AAGvC,QAAM,QAAQ,KAAK,YAAY;AAE7B,UAAM,SAAS,MAAM,aAAa,QAAQ,KAAK,MAAM;AAGrD,QAAI,CAAC,IAAI,SAAS,QAAQ,WAAW,QAAW;AAC9C,UAAI,SAAS,KAAK,MAAM;AAAA,IAC1B;AAAA,EACF,CAAC;AACH;;;ACtCO,SAAS,cACdC,OACA,SACA,YACwB;AACxB,QAAM,QAAQ,QAAQ,KAAKA,KAAI;AAC/B,MAAI,CAAC,OAAO;AACV,WAAO,CAAC;AAAA,EACV;AAEA,QAAM,SAAiC,CAAC;AAGxC,WAAS,IAAI,GAAG,IAAI,WAAW,QAAQ,KAAK;AAE1C,WAAO,WAAW,CAAC,CAAE,IAAI,MAAM,IAAI,CAAC,KAAK;AAAA,EAC3C;AAEA,SAAO;AACT;AAKO,SAAS,mBAAmBA,OAAyD;AAC1F,QAAM,aAAuB,CAAC;AAG9B,MAAIA,UAAS,KAAK;AAChB,WAAO;AAAA,MACL,SAAS;AAAA,MACT,YAAY,CAAC;AAAA,IACf;AAAA,EACF;AAGA,MAAI,gBAAgBA,MAAK,QAAQ,sBAAsB,MAAM;AAG7D,kBAAgB,cAEb,QAAQ,eAAe,CAAC,GAAG,cAAc;AACxC,eAAW,KAAK,SAAS;AACzB,WAAO;AAAA,EACT,CAAC,EAEA,QAAQ,mBAAmB,CAAC,GAAG,cAAc;AAC5C,eAAW,KAAK,SAAS;AACzB,WAAO;AAAA,EACT,CAAC;AAIH,kBAAgB,GAAG,aAAa;AAKhC,QAAM,UAAU,IAAI,OAAO,IAAI,aAAa,GAAG;AAE/C,SAAO;AAAA,IACL;AAAA,IACA;AAAA,EACF;AACF;;;ACrDO,SAAS,gBAAyB;AAEvC,QAAM,SAAuB,CAAC;AAE9B,SAAO;AAAA;AAAA;AAAA;AAAA,IAIL,IAAIC,OAAc,QAAoB,cAAkC;AACtE,YAAM,EAAE,SAAS,WAAW,IAAI,mBAAmBA,KAAI;AAEvD,YAAM,WAAuB;AAAA,QAC3B,MAAAA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,QACA;AAAA,MACF;AAGA,YAAM,cAAc,OAAO,UAAU,WAAS,WAAW,SAAS,MAAM,WAAW,MAAM;AAGzF,UAAI,gBAAgB,IAAI;AACtB,eAAO,KAAK,QAAQ;AAAA,MACtB,OAAO;AACL,eAAO,OAAO,aAAa,GAAG,QAAQ;AAAA,MACxC;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,OAAOA,OAAc;AAEnB,eAAS,IAAI,OAAO,SAAS,GAAG,KAAK,GAAG,KAAK;AAC3C,YAAK,OAAO,CAAC,EAAY,SAASA,OAAM;AACtC,iBAAO,OAAO,GAAG,CAAC;AAAA,QACpB;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,QAAQ;AACN,aAAO,SAAS;AAAA,IAClB;AAAA;AAAA;AAAA;AAAA,IAKA,MAAMA,OAAc,QAAuC;AAEzD,YAAM,WAAWA,MAAK,MAAM,GAAG,EAAE,CAAC;AAClC,UAAI,CAAC,SAAU,QAAO;AAEtB,iBAAW,SAAS,QAAQ;AAE1B,YAAI,MAAM,WAAW,OAAQ;AAG7B,cAAM,QAAQ,MAAM,QAAQ,KAAK,QAAQ;AACzC,YAAI,OAAO;AAET,gBAAM,SAAS,cAAcA,OAAM,MAAM,SAAS,MAAM,UAAU;AAElE,iBAAO;AAAA,YACL,OAAO,MAAM;AAAA,YACb;AAAA,UACF;AAAA,QACF;AAAA,MACF;AAIA,YAAM,eAAe,OAAO;AAAA,QAC1B,WAAS,MAAM,WAAW,UAAU,MAAM,QAAQ,KAAKA,KAAI;AAAA,MAC7D;AAEA,UAAI,cAAc;AAEhB,eAAO;AAAA,UACL,OAAO;AAAA,UACP,QAAQ,CAAC;AAAA,UACT,kBAAkB;AAAA,UAClB,gBAAgB,OACb,OAAO,WAAS,MAAM,QAAQ,KAAKA,KAAI,CAAC,EACxC,IAAI,WAAS,MAAM,MAAM;AAAA,QAC9B;AAAA,MACF;AAEA,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA,IAKA,YAAoD;AAClD,aAAO,OAAO,IAAI,YAAU;AAAA,QAC1B,MAAM,MAAM;AAAA,QACZ,QAAQ,MAAM;AAAA,MAChB,EAAE;AAAA,IACJ;AAAA;AAAA;AAAA;AAAA,IAKA,WACEA,OACwE;AACxE,aAAO,OACJ,OAAO,WAAS,MAAM,QAAQ,KAAKA,KAAI,CAAC,EACxC,IAAI,YAAU;AAAA,QACb,MAAM,MAAM;AAAA,QACZ,QAAQ,MAAM;AAAA,QACd,QAAQ,cAAcA,OAAM,MAAM,SAAS,MAAM,UAAU;AAAA,MAC7D,EAAE;AAAA,IACN;AAAA,EACF;AACF;;;ACpIO,SAAS,sBAAqC;AACnD,SAAO;AAAA,IACL,cAAc,oBAAI,IAAI;AAAA,IACtB,cAAc,oBAAI,IAAI;AAAA,IACtB,YAAY,oBAAI,IAAI;AAAA,EACtB;AACF;AAEO,SAAS,qBACd,UACA,UACA,WACyD;AACzD,UAAQ,IAAI,8BAA8B,QAAQ,EAAE;AACpD,QAAM,WAAW,SAAS,aAAa,IAAI,QAAQ,KAAK,oBAAI,IAAI;AAChE,QAAM,WAAW,IAAI,IAAI,UAAU,IAAI,OAAK,EAAE,IAAI,CAAC;AAGnD,QAAM,QAAQ,UAAU,OAAO,OAAK,CAAC,SAAS,IAAI,EAAE,IAAI,CAAC;AACzD,QAAM,UAAU,MAAM,KAAK,QAAQ,EAAE,OAAO,OAAK,CAAC,SAAS,IAAI,CAAC,CAAC;AACjE,QAAM,qBAAqB,UAAU,OAAO,OAAK,SAAS,IAAI,EAAE,IAAI,CAAC;AAGrE,QAAM,UAAU,mBAAmB,OAAO,WAAS;AACjD,UAAM,gBAAgB,SAAS,aAAa,IAAI,MAAM,IAAI;AAC1D,WAAO,CAAC,iBAAiB,CAAC,YAAY,eAAe,KAAK;AAAA,EAC5D,CAAC;AAGD,oBAAkB,UAAU,UAAU,EAAE,OAAO,SAAS,QAAQ,CAAC;AAEjE,SAAO,EAAE,OAAO,SAAS,QAAQ;AACnC;AAMO,SAAS,yBAAyB,UAAkC;AACzE,SAAO,MAAM,KAAK,SAAS,aAAa,OAAO,CAAC;AAClD;AASA,SAAS,kBACP,UACA,UACA,SACM;AACN,QAAM,EAAE,OAAO,SAAS,QAAQ,IAAI;AAGpC,UAAQ,QAAQ,CAAAC,UAAQ;AACtB,aAAS,aAAa,OAAOA,KAAI;AACjC,aAAS,WAAW,OAAOA,KAAI;AAAA,EACjC,CAAC;AAGD,GAAC,GAAG,OAAO,GAAG,OAAO,EAAE,QAAQ,WAAS;AACtC,aAAS,aAAa,IAAI,MAAM,MAAM,KAAK;AAC3C,aAAS,WAAW,IAAI,MAAM,MAAM,QAAQ;AAAA,EAC9C,CAAC;AAGD,QAAM,kBAAkB,oBAAI,IAAI;AAAA,IAC9B,GAAG,MAAM,IAAI,OAAK,EAAE,IAAI;AAAA,IACxB,GAAG,QAAQ,IAAI,OAAK,EAAE,IAAI;AAAA,IAC1B,GAAG,MAAM,KAAK,SAAS,aAAa,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE,OAAO,OAAK,CAAC,QAAQ,SAAS,CAAC,CAAC;AAAA,EAC3F,CAAC;AAED,MAAI,gBAAgB,OAAO,GAAG;AAC5B,aAAS,aAAa,IAAI,UAAU,eAAe;AAAA,EACrD,OAAO;AACL,aAAS,aAAa,OAAO,QAAQ;AAAA,EACvC;AACF;AAEA,SAAS,YAAY,QAAe,QAAwB;AAC1D,MAAI,OAAO,SAAS,OAAO,KAAM,QAAO;AAExC,QAAM,WAAW,OAAO,KAAK,MAAM,EAChC,OAAO,OAAK,MAAM,MAAM,EACxB,KAAK;AACR,QAAM,WAAW,OAAO,KAAK,MAAM,EAChC,OAAO,OAAK,MAAM,MAAM,EACxB,KAAK;AAER,MAAI,SAAS,WAAW,SAAS,OAAQ,QAAO;AAEhD,SAAO,SAAS,MAAM,YAAU;AAC9B,UAAM,WAAW,OAAO,MAAqB;AAC7C,UAAM,WAAW,OAAO,MAAqB;AAG7C,WAAO,OAAO,aAAa,OAAO;AAAA,EACpC,CAAC;AACH;;;ACrGO,SAAS,kBAAkB,OAAc,SAAwB;AACtE,SAAO,QAAQ,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,aAAa,MAAM;AACzD,QAAI,WAAW,UAAU,CAAC,cAAe;AACzC,YAAQ,IAAI,MAAM,MAAM,QAAsB,aAAmC;AAAA,EACnF,CAAC;AACH;AAEO,SAAS,uBAAuBC,OAAc,SAAwB;AAE3E,MAAI,YAAY,WAAW,OAAO,QAAQ,WAAW,YAAY;AAC/D,YAAQ,OAAOA,KAAI;AAAA,EACrB,OAAO;AAEL,YAAQ,KAAK,6EAA6E;AAAA,EAC5F;AACF;AAEO,SAAS,qBAAqB,OAAc,SAAwB;AACzE,yBAAuB,MAAM,MAAM,OAAO;AAC1C,oBAAkB,OAAO,OAAO;AAClC;;;ACDA,IAAM,yBAAyB;AAAA,EAC7B,WAAW;AAAA,EACX,UAAU;AAAA,EACV,WAAW,QAAQ,IAAI,aAAa;AACtC;AAKO,SAAS,aAAa,SAAgC;AAE3D,QAAM,gBAAgB;AAAA,IACpB,GAAG;AAAA,IACH,GAAG;AAAA,EACL;AAEA,MAAI,QAAQ,YAAY,CAAC,QAAQ,SAAS,WAAW,GAAG,GAAG;AACzD,YAAQ,KAAK,wBAAwB;AAAA,EACvC;AAGA,QAAM,WAAW,oBAAoB;AACrC,QAAM,UAAU,cAAc;AAG9B,MAAI,cAAc;AAClB,MAAI,wBAA8C;AAClD,MAAI,YAAgE;AAEpE,QAAM,mBAAmB,oBAAI,IAAY,CAAC,cAAc,SAAS,CAAC;AAKlE,WAAS,oBAAoB,SAAkE;AAC7F,YAAQ,IAAI,uCAAgC;AAC5C,YAAQ,IAAI,YAAY,QAAQ,MAAM,MAAM,SAAS;AACrD,YAAQ,IAAI,cAAc,QAAQ,QAAQ,MAAM,SAAS;AACzD,YAAQ,IAAI,cAAc,QAAQ,QAAQ,MAAM,SAAS;AAGzD,YAAQ,QAAQ,QAAQ,eAAa;AACnC,cAAQ,IAAI,wBAAmB,SAAS,EAAE;AAC1C,6BAAuB,WAAW,OAAO;AAAA,IAC3C,CAAC;AAGD,YAAQ,MAAM,QAAQ,WAAS;AAC7B,YAAM,UAAU,OAAO,KAAK,KAAK,EAAE,OAAO,SAAO,QAAQ,MAAM;AAC/D,cAAQ,IAAI,sBAAiB,MAAM,IAAI,KAAK,QAAQ,KAAK,IAAI,CAAC,GAAG;AACjE,wBAAkB,OAAO,OAAO;AAAA,IAClC,CAAC;AAGD,YAAQ,QAAQ,QAAQ,WAAS;AAC/B,YAAM,UAAU,OAAO,KAAK,KAAK,EAAE,OAAO,SAAO,QAAQ,MAAM;AAC/D,cAAQ,IAAI,2BAAoB,MAAM,IAAI,KAAK,QAAQ,KAAK,IAAI,CAAC,GAAG;AACpE,2BAAqB,OAAO,OAAO;AAAA,IACrC,CAAC;AAED,YAAQ,IAAI,kCAA6B;AAAA,EAC3C;AAKA,WAAS,oBAAoB,QAAiB,QAAgB;AAC5D,QAAI;AAEF,YAAM,UAAU,qBAAqB,UAAU,QAAQ,MAAM;AAG7D,0BAAoB,OAAO;AAE3B,aAAO;AAAA,IACT,SAAS,OAAO;AACd,cAAQ,MAAM,qCAA2B,MAAM,KAAK,KAAK;AACzD,YAAM;AAAA,IACR;AAAA,EACF;AAKA,iBAAe,wBAAwB,WAAmB,QAAgB,QAAiB;AACzF,QAAI;AAEF,YAAM,mBAAmB,MAAM,0BAA0B,SAAS;AAGlE,YAAM,cAAc,iBAAiB;AAAA,QAAI,WACvC,SAAS,EAAE,GAAG,OAAO,MAAM,GAAG,MAAM,GAAG,MAAM,IAAI,GAAG,IAAI;AAAA,MAC1D;AAGA,YAAM,UAAU,oBAAoB,aAAa,MAAM;AAEvD,cAAQ;AAAA,QACN,UAAU,iBAAiB,MAAM,gBAAgB,MAAM,GAAG,SAAS,gBAAgB,MAAM,KAAK,EAAE,KAC1F,QAAQ,MAAM,MAAM,WAAW,QAAQ,QAAQ,MAAM,aAAa,QAAQ,QAAQ,MAAM;AAAA,MAChG;AAAA,IACF,SAAS,OAAO;AACd,cAAQ,MAAM,2CAAiC,MAAM,KAAK,KAAK;AAC/D,YAAM;AAAA,IACR;AAAA,EACF;AAKA,iBAAe,aAAa;AAC1B,QAAI,eAAe,uBAAuB;AACxC,aAAO;AAAA,IACT;AAEA,6BAAyB,YAAY;AACnC,UAAI;AAEF,cAAM,QAAQ;AAAA,UACZ,MAAM,KAAK,gBAAgB,EAAE;AAAA,YAAI,eAC/B,wBAAwB,WAAW,SAAS;AAAA,UAC9C;AAAA,QACF;AAGA,YAAI,cAAc,WAAW;AAC3B,iCAAuB;AAAA,QACzB;AAEA,sBAAc;AAAA,MAChB,SAAS,OAAO;AACd,gBAAQ,MAAM,6CAAmC,KAAK;AACtD,cAAM;AAAA,MACR;AAAA,IACF,GAAG;AAEH,WAAO;AAAA,EACT;AAKA,WAAS,yBAAyB;AAChC,QAAI,CAAC,WAAW;AACd,kBAAY,oBAAI,IAAI;AAAA,IACtB;AAEA,eAAW,aAAa,kBAAkB;AACxC,UAAI,CAAC,UAAU,IAAI,SAAS,GAAG;AAC7B,cAAM,UAAU,YAAY,WAAW;AAAA,UACrC,YAAY;AAAA;AAAA,UACZ,QAAQ,CAAC,gBAAgB,MAAM;AAAA,UAE/B,cAAc,CAAC,UAAkB,gBAAyB;AAExD,gBAAI;AACF,oBAAM,UAAU,qBAAqB,UAAU,UAAU,WAAW;AACpE,kCAAoB,OAAO;AAAA,YAC7B,SAAS,OAAO;AACd,sBAAQ,MAAM,4BAA4B,SAAS,KAAK,KAAK;AAAA,YAC/D;AAAA,UACF;AAAA,UAEA,gBAAgB;AAAA,YACd,OAAO,UAAkB,kBAA2B;AAGlD,kBAAI;AACF,wBAAQ,IAAI,0BAA0B,QAAQ,EAAE;AAEhD,sBAAM,UAAU,qBAAqB,UAAU,UAAU,aAAa;AAEtE,wBAAQ;AAAA,kBACN,qBAAqB,QAAQ,MAAM,MAAM,WACpC,QAAQ,QAAQ,MAAM,aAAa,QAAQ,QAAQ,MAAM;AAAA,gBAChE;AAGA,oCAAoB,OAAO;AAE3B,wBAAQ;AAAA,kBACN,0BAA0B,QAAQ,MAAM,MAAM,WACzC,QAAQ,QAAQ,MAAM,aAAa,QAAQ,QAAQ,MAAM;AAAA,gBAChE;AAAA,cACF,SAAS,OAAO;AACd,wBAAQ,MAAM,2CAAiC,SAAS,KAAK,KAAK;AAAA,cACpE;AAAA,YACF;AAAA,YACA;AAAA,UACF;AAAA,UAEA,gBAAgB,CAAC,UAAkB,kBAA2B;AAC5D,oBAAQ,IAAI,iBAAiB,QAAQ,SAAS,cAAc,MAAM,SAAS;AAE3E,gBAAI;AAEF,4BAAc,QAAQ,WAAS;AAC7B,uCAAuB,MAAM,MAAM,OAAO;AAAA,cAC5C,CAAC;AAGD,6BAAe,QAAQ;AAAA,YACzB,SAAS,OAAO;AACd,sBAAQ,MAAM,2CAAiC,QAAQ,KAAK,KAAK;AAAA,YACnE;AAAA,UACF;AAAA,UAEA,SAAS,CAAC,UAAiB;AACzB,oBAAQ,MAAM,wCAA8B,SAAS,KAAK,KAAK;AAAA,UACjE;AAAA,QACF,CAAC;AAED,kBAAU,IAAI,WAAW,OAAO;AAAA,MAClC;AAAA,IACF;AAAA,EACF;AAKA,WAAS,4BAA4B,WAAmB,QAAiB;AACvE,QAAI,CAAC,WAAW;AACd,kBAAY,oBAAI,IAAI;AAAA,IACtB;AAEA,UAAM,UAAU,YAAY,WAAW;AAAA,MACrC,YAAY;AAAA,MACZ,QAAQ,CAAC,gBAAgB,MAAM;AAAA,MAE/B,cAAc,CAAC,UAAkB,gBAAyB;AACxD,YAAI;AAEF,gBAAM,cAAc,YAAY;AAAA,YAAI,WAClC,SAAS,EAAE,GAAG,OAAO,MAAM,GAAG,MAAM,GAAG,MAAM,IAAI,GAAG,IAAI;AAAA,UAC1D;AAGA,gBAAM,UAAU,qBAAqB,UAAU,UAAU,WAAW;AACpE,8BAAoB,OAAO;AAAA,QAC7B,SAAS,OAAO;AACd,kBAAQ,MAAM,yCAA+B,SAAS,KAAK,KAAK;AAAA,QAClE;AAAA,MACF;AAAA,MAEA,gBAAgB,wBAAwB,OAAO,UAAkB,kBAA2B;AAC1F,YAAI;AAEF,gBAAM,cAAc,cAAc;AAAA,YAAI,WACpC,SAAS,EAAE,GAAG,OAAO,MAAM,GAAG,MAAM,GAAG,MAAM,IAAI,GAAG,IAAI;AAAA,UAC1D;AAGA,gBAAM,UAAU,qBAAqB,UAAU,UAAU,WAAW;AACpE,8BAAoB,OAAO;AAAA,QAC7B,SAAS,OAAO;AACd,kBAAQ,MAAM,2CAAiC,SAAS,KAAK,KAAK;AAAA,QACpE;AAAA,MACF,GAAG,SAAS;AAAA,MAEZ,gBAAgB,CAAC,UAAkB,kBAA2B;AAC5D,YAAI;AACF,wBAAc,QAAQ,WAAS;AAC7B,kBAAM,YAAY,SAAS,GAAG,MAAM,GAAG,MAAM,IAAI,KAAK,MAAM;AAC5D,mCAAuB,WAAW,OAAO;AAAA,UAC3C,CAAC;AACD,yBAAe,QAAQ;AAAA,QACzB,SAAS,OAAO;AACd,kBAAQ,MAAM,8BAA8B,QAAQ,KAAK,KAAK;AAAA,QAChE;AAAA,MACF;AAAA,MAEA,SAAS,CAAC,UAAiB;AACzB,gBAAQ,MAAM,wCAA8B,SAAS,KAAK,KAAK;AAAA,MACjE;AAAA,IACF,CAAC;AAED,cAAU,IAAI,WAAW,OAAO;AAChC,WAAO;AAAA,EACT;AAGA,aAAW,EAAE,MAAM,WAAS;AAC1B,YAAQ,MAAM,yDAA+C,KAAK;AAAA,EACpE,CAAC;AAGD,SAAO;AAAA;AAAA;AAAA;AAAA,IAIL,MAAM,cAAc,KAAc;AAEhC,UAAI,CAAC,aAAa;AAChB,gBAAQ,IAAI,mDAA4C;AACxD,cAAM,WAAW;AAAA,MACnB;AAEA,YAAM,EAAE,QAAQ,MAAAC,MAAK,IAAI,IAAI;AAC7B,cAAQ,IAAI;AAAA,8BAA0B,MAAM,IAAIA,KAAI,EAAE;AAGtD,YAAM,QAAQ,QAAQ,MAAMA,OAAM,MAAoB;AAEtD,UAAI,CAAC,OAAO;AACV,gBAAQ,IAAI,8BAAyB,MAAM,IAAIA,KAAI,EAAE;AAErD,cAAM,IAAI,cAAc,WAAW;AAAA,MACrC;AAEA,cAAQ,IAAI,yBAAoB,MAAM,IAAIA,KAAI,EAAE;AAChD,cAAQ,IAAI,cAAc,KAAK,UAAU,MAAM,MAAM,CAAC,EAAE;AAGxD,UAAI,MAAM,kBAAkB;AAG1B,YAAI,SAAS,OAAO,GAAG,EAAE,KAAK;AAAA,UAC5B,OAAO;AAAA,UACP,SAAS,MAAM;AAAA,QACjB,CAAC;AAGD,YAAI,MAAM,kBAAkB,MAAM,eAAe,SAAS,GAAG;AAC3D,cAAI,SAAS,OAAO,SAAS,MAAM,eAAe,KAAK,IAAI,CAAC;AAAA,QAC9D;AAEA;AAAA,MACF;AAGA,UAAI,QAAQ,SAAS,MAAM;AAG3B,YAAM,eAAe,KAAK,MAAM,OAAQ,MAAM,MAAM;AAAA,IACtD;AAAA;AAAA;AAAA;AAAA,IAKA,YAAY;AACV,aAAO,yBAAyB,QAAQ;AAAA,IAC1C;AAAA;AAAA;AAAA;AAAA,IAKA,SAAS,OAAc;AACrB,YAAM,UAAU,qBAAqB,UAAU,gBAAgB,CAAC,KAAK,CAAC;AACtE,0BAAoB,OAAO;AAAA,IAC7B;AAAA;AAAA;AAAA;AAAA,IAKA,UAAU,QAAiB;AACzB,YAAM,UAAU,qBAAqB,UAAU,gBAAgB,MAAM;AACrE,0BAAoB,OAAO;AAC3B,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,kBAAkB,WAAmBC,WAA+B,CAAC,GAAG;AAC5E,UAAI,iBAAiB,IAAI,SAAS,GAAG;AACnC,gBAAQ,KAAK,mBAAmB,SAAS,qBAAqB;AAC9D;AAAA,MACF;AAEA,uBAAiB,IAAI,SAAS;AAG9B,UAAI,aAAa;AACf,cAAM,wBAAwB,WAAW,WAAWA,SAAQ,MAAM;AAGlE,YAAI,cAAc,WAAW;AAC3B,sCAA4B,WAAWA,SAAQ,MAAM;AAAA,QACvD;AAAA,MACF;AAAA,IACF;AAAA;AAAA;AAAA;AAAA,IAKA,oBAAoB;AAGlB,YAAM,YAAwD,CAAC;AAE/D,aAAO;AAAA,IACT;AAAA;AAAA;AAAA;AAAA,IAKA,MAAM,QAAQ;AACZ,UAAI,WAAW;AACb,mBAAW,WAAW,UAAU,OAAO,GAAG;AACxC,gBAAM,QAAQ,MAAM;AAAA,QACtB;AACA,kBAAU,MAAM;AAAA,MAClB;AAAA,IACF;AAAA,EACF;AACF;;;AjC1ZO,IAAMC,mBAAiC;AAAA,EAC5C,MAAM;AAAA,EACN,MAAM;AAAA,EACN,WAAW;AAAA,EACX,OAAO;AAAA,IACL,SAAS;AAAA,EACX;AAAA,EACA,YAAY,CAAC;AAAA,EACb,SAAS,CAAC;AACZ;AAKA,SAAS,oBAAoB,UAA8B,CAAC,GAAkB;AAC5E,QAAM,cAA6B,EAAE,GAAGA,iBAAgB;AACxD,mBAAiB,EAAE,WAAW,QAAQ,aAAa,YAAY,UAAU,CAAC;AAE1E,SAAO;AAAA,IACL,MAAM,QAAQ,QAAQ,YAAY;AAAA,IAClC,MAAM,QAAQ,QAAQ,YAAY;AAAA,IAClC,WAAW,QAAQ,aAAa,YAAY;AAAA,IAC5C,OAAO;AAAA,MACL,SAAS,QAAQ,OAAO,WAAW,YAAY,OAAO;AAAA,MACtD,SAAS,QAAQ,OAAO,WAAW,YAAY,OAAO;AAAA,MACtD,UAAU,QAAQ,OAAO,YAAY,YAAY,OAAO;AAAA,IAC1D;AAAA,IACA,YAAY,CAAC,GAAI,YAAY,cAAc,CAAC,GAAI,GAAI,QAAQ,cAAc,CAAC,CAAE;AAAA,IAC7E,SAAS,CAAC,GAAI,YAAY,WAAW,CAAC,GAAI,GAAI,QAAQ,WAAW,CAAC,CAAE;AAAA,EACtE;AACF;AAKA,SAAS,mBACP,gBACA,kBACA,mBACA,gBACkB;AAClB,SAAO,YAAY;AAEjB,UAAM,qBAAqB,gBAAgB,mBAAmB,cAAc;AAG5E,UAAM,eAAe,cAAc,kBAAkB,cAAc;AAGnE,UAAM,YAAY,gBAAgB,gBAAgB;AAElD,UAAM,eAAe,cAAc,cAAc,gBAAgB,eAAe,MAAM;AAGtF,yBAAqB,cAAc;AAEnC,WAAO;AAAA,EACT;AACF;AAKA,eAAe,qBACb,gBACA,mBACA,gBACe;AAEf,aAAW,MAAM,mBAAmB;AAClC,mBAAe,IAAI,EAAE;AAAA,EACvB;AAGA,aAAW,KAAK,gBAAgB;AAC9B,UAAM,eAAe,SAAS,CAAC;AAAA,EACjC;AACF;AAKA,SAAS,qBAAqB,gBAA8B;AAE1D,QAAM,iBAAiB,uBAAuB,MAAM,eAAe,MAAM,CAAC;AAG1E,iBAAe,kBAAkB;AAGjC,iBAAe,OAAO,KAAK,SAAS;AACtC;AAKA,SAAS,kBAAkB,gBAAyC;AAClE,SAAO,OAAO,gBAA8B;AAC1C,QAAI,CAAC,eAAe,QAAQ;AAC1B;AAAA,IACF;AAGA,UAAM,UAAuB,EAAE,GAAG,YAAY;AAG9C,QAAI,eAAe,iBAAiB;AAClC,qBAAe,gBAAgB,WAAW;AAC1C,aAAO,eAAe;AAAA,IACxB;AAGA,UAAM,WAAW,gBAAgB,OAAO;AAAA,EAC1C;AACF;AAKA,SAAS,gBAAgB,gBAAuC;AAC9D,SAAO,gBAAc;AACnB,UAAM,kBAAkB,MAAM,QAAQ,UAAU,IAAI,aAAa,CAAC,UAAU;AAC5E,mBAAe,WAAW,KAAK,GAAG,eAAe;AACjD,WAAO;AAAA,EACT;AACF;AAKA,SAAS,qBAAqB,gBAA4C;AACxE,SAAO,OAAM,WAAU;AACrB,mBAAe,MAAM;AACrB,mBAAe,QAAQ,KAAK,MAAM;AAClC,UAAM,OAAO,SAAS,cAAc;AACpC,WAAO;AAAA,EACT;AACF;AAKO,SAASC,QAAO,UAA8B,CAAC,GAAW;AAE/D,QAAM,gBAAgB,oBAAoB,OAAO;AAEjD,MAAI;AACJ,MAAI;AACF,uBAAmB,sBAAsB,aAAa;AAAA,EACxD,SAAS,OAAO;AACd,QAAI,iBAAiB,OAAO;AAC1B,YAAM,IAAI,MAAM,4BAA4B,MAAM,OAAO,EAAE;AAAA,IAC7D;AACA,UAAM,IAAI,MAAM,4BAA4B,OAAO,KAAK,CAAC,EAAE;AAAA,EAC7D;AAGA,QAAM,EAAE,MAAM,MAAM,YAAY,QAAQ,IAAI;AAE5C,QAAM,oBAAoB,MAAM,QAAQ,UAAU,IAAI,CAAC,GAAG,UAAU,IAAI,CAAC;AACzE,QAAM,iBAAiB,MAAM,QAAQ,OAAO,IAAI,CAAC,GAAG,OAAO,IAAI,CAAC;AAGhE,QAAMC,kBAAiB,IAAI,2CAA2B;AACtD,QAAM,SAAS,aAAa;AAAA,IAC1B,WAAW,iBAAiB;AAAA,IAC5B,WAAW,QAAQ,IAAI,aAAa;AAAA,EACtC,CAAC;AAED,QAAM,gBAAgB,6BAA6B;AAAA,IACjD,OAAO,QAAQ,IAAI,aAAa;AAAA,IAChC,iBAAiB;AAAA,EACnB,CAAC;AACD,QAAM,SAAS,IAAI,mBAAAC,QAAa;AAGhC,QAAM,iBAAyB;AAAA,IAC7B,QAAQ;AAAA,IACR;AAAA,IACA;AAAA,IACA,SAASD;AAAA,IACT;AAAA,IACA,SAAS,CAAC;AAAA,IACV,YAAY,CAAC;AAAA,IACb,iBAAiB,EAAE,YAAY,MAAM;AAAA,IAAC,EAAE;AAAA,IACxC,KAAK,MAAM;AAAA,IACX,UAAU,YAAY;AAAA,IACtB,QAAQ,YAAY;AAAA,IACpB,OAAO,YAAY;AAAA,IAAC;AAAA,IACpB;AAAA,IACA;AAAA,EACF;AAGA,iBAAe,SAAS;AAAA,IACtB;AAAA,IACA;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACA,iBAAe,QAAQ,kBAAkB,cAAc;AACvD,iBAAe,MAAM,gBAAgB,cAAc;AACnD,iBAAe,WAAW,qBAAqB,cAAc;AAE7D,SAAO;AACT;;;AkC3NA;;;A1CgEA;;;A2C3DA;AAEA;AAuBO,IAAM,oBAAN,cAAgC,YAAsC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQ3E,YACE,OACA,UAAgD,QAChD,gBAAoC,QACpC;AACA;AAAA;AAAA,MAEE;AAAA,MACA;AAAA;AAAA,MACA,iBAAiB,wBAAwB;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;;;AC9CA;AAEA;AAwBO,IAAM,iBAAN,cAA6B,YAAmC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQrE,YACE,OACA,UAA6C,QAC7C,gBAAoC,QACpC;AACA;AAAA;AAAA,MAEE;AAAA,MACA;AAAA;AAAA,MACA,iBAAiB,wBAAwB;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;;;AC/CA;AAEA;AAwBO,IAAM,gBAAN,cAA4B,YAAkC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQnE,YACE,OACA,UAA4C,QAC5C,gBAAoC,QACpC;AACA;AAAA;AAAA,MAEE;AAAA,MACA;AAAA;AAAA,MACA,iBAAiB,wBAAwB;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;;;AC/CA;AAEA;AAyBO,IAAM,iBAAN,cAA6B,YAAmC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQrE,YACE,OACA,UAA6C,QAC7C,gBAAoC,QACpC;AACA;AAAA;AAAA,MAEE;AAAA,MACA;AAAA;AAAA,MACA,iBAAiB,wBAAwB;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;;;A9CiBA;AACA;;;A+CzEA;AACA;AAEO,IAAM,sBAAN,cAAkC,YAAY;AAAA,EACnD,YAAY,OAAe,SAAmB,eAAwB;AACpE;AAAA;AAAA,MAEE;AAAA,MACA;AAAA,MACA,iBAAiB,wBAAwB;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;;;A/C8DA;;;AgD3EA;AACA;AAEO,IAAM,2BAAN,cAAuC,YAAY;AAAA,EACxD,YAAY,OAAe,SAAmB,eAAwB;AACpE;AAAA;AAAA,MAEE;AAAA,MACA;AAAA,MACA,iBAAiB,wBAAwB;AAAA,MACzC;AAAA,IACF;AAAA,EACF;AACF;;;AhDoCO,IAAM,UAAU;AAGhB,IAAM,YAAY,EAAE,cAAAE,QAAa;AACjC,IAAM,YAAY;AAAA,EACvB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AACO,IAAM,gBAAgB,EAAE,0BAAkB,QAAQ;AAClD,IAAM,aAAa,EAAE,cAAAA,QAAa;AAgBzC,IAAM,SAAS;AAAA;AAAA,EAEb,cAAAA;AAAA,EACA;AAAA,EACA,cAAAA;AAAA;AAAA,EAGA,QAAQ;AAAA,EACR,QAAQ;AAAA,EACR,YAAY;AAAA,EACZ,SAAS;AAAA;AAAA,EAGT;AACF;AAEA,IAAO,gBAAQ;","names":["ErrorType","ErrorSeverity","import_node_async_hooks","create","create","stack","config","path","import_node_async_hooks","fs","path","InternalServerError","ValidationError","PayloadTooLargeError","UnsupportedMediaTypeError","resolve","path","resolve","resolve","resolve","fs","path","module","stat","require","fs","path","path","import_zod","import_zod","import_zod","import_zod","import_zod","path","path","path","path","path","options","DEFAULT_OPTIONS","create","contextStorage","EventEmitter","create"]}
1
+ {"version":3,"sources":["../../../node_modules/node-forge/lib/forge.js","../../../node_modules/node-forge/lib/baseN.js","../../../node_modules/node-forge/lib/util.js","../../../node_modules/node-forge/lib/cipher.js","../../../node_modules/node-forge/lib/cipherModes.js","../../../node_modules/node-forge/lib/aes.js","../../../node_modules/node-forge/lib/oids.js","../../../node_modules/node-forge/lib/asn1.js","../../../node_modules/node-forge/lib/md.js","../../../node_modules/node-forge/lib/hmac.js","../../../node_modules/node-forge/lib/md5.js","../../../node_modules/node-forge/lib/pem.js","../../../node_modules/node-forge/lib/des.js","../../../node_modules/node-forge/lib/pbkdf2.js","../../../node_modules/node-forge/lib/sha256.js","../../../node_modules/node-forge/lib/prng.js","../../../node_modules/node-forge/lib/random.js","../../../node_modules/node-forge/lib/rc2.js","../../../node_modules/node-forge/lib/jsbn.js","../../../node_modules/node-forge/lib/sha1.js","../../../node_modules/node-forge/lib/pkcs1.js","../../../node_modules/node-forge/lib/prime.js","../../../node_modules/node-forge/lib/rsa.js","../../../node_modules/node-forge/lib/pbe.js","../../../node_modules/node-forge/lib/pkcs7asn1.js","../../../node_modules/node-forge/lib/mgf1.js","../../../node_modules/node-forge/lib/mgf.js","../../../node_modules/node-forge/lib/pss.js","../../../node_modules/node-forge/lib/x509.js","../../../node_modules/node-forge/lib/pkcs12.js","../../../node_modules/node-forge/lib/pki.js","../../../node_modules/node-forge/lib/tls.js","../../../node_modules/node-forge/lib/aesCipherSuites.js","../../../node_modules/node-forge/lib/sha512.js","../../../node_modules/node-forge/lib/asn1-validator.js","../../../node_modules/node-forge/lib/ed25519.js","../../../node_modules/node-forge/lib/kem.js","../../../node_modules/node-forge/lib/log.js","../../../node_modules/node-forge/lib/md.all.js","../../../node_modules/node-forge/lib/pkcs7.js","../../../node_modules/node-forge/lib/ssh.js","../../../node_modules/node-forge/lib/index.js","../../../node_modules/selfsigned/index.js","../../blaize-types/src/errors.ts","../src/errors/correlation.ts","../src/errors/internal-server-error.ts","../src/errors/validation-error.ts","../src/errors/payload-too-large-error.ts","../src/errors/unsupported-media-type-error.ts","../src/index.ts","../src/middleware/execute.ts","../src/middleware/compose.ts","../src/middleware/create.ts","../src/plugins/create.ts","../src/router/create.ts","../src/config.ts","../src/router/discovery/parser.ts","../src/server/create.ts","../src/server/start.ts","../src/server/dev-certificate.ts","../src/context/errors.ts","../src/context/store.ts","../src/upload/multipart-parser.ts","../src/upload/utils.ts","../src/context/create.ts","../src/errors/not-found-error.ts","../src/errors/boundary.ts","../src/middleware/error-boundary.ts","../src/server/request-handler.ts","../src/server/stop.ts","../src/server/validation.ts","../src/plugins/lifecycle.ts","../src/plugins/errors.ts","../src/plugins/validation.ts","../src/router/discovery/cache.ts","../src/router/discovery/loader.ts","../src/router/discovery/parallel.ts","../src/router/discovery/finder.ts","../src/router/discovery/profiler.ts","../src/router/discovery/watchers.ts","../../../node_modules/chokidar/esm/index.js","../../../node_modules/chokidar/node_modules/readdirp/esm/index.js","../../../node_modules/chokidar/esm/handler.js","../src/router/validation/schema.ts","../src/router/validation/body.ts","../src/router/validation/params.ts","../src/router/validation/query.ts","../src/router/validation/response.ts","../src/router/handlers/executor.ts","../src/router/matching/params.ts","../src/router/matching/matcher.ts","../src/router/registry/fast-registry.ts","../src/router/utils/matching-helpers.ts","../src/router/router.ts","../../blaize-types/src/index.ts","../src/errors/unauthorized-error.ts","../src/errors/forbidden-error.ts","../src/errors/conflict-error.ts","../src/errors/rate-limit-error.ts","../src/errors/request-timeout-error.ts","../src/errors/unprocessable-entity-error.ts"],"sourcesContent":["/**\n * Node.js module for Forge.\n *\n * @author Dave Longley\n *\n * Copyright 2011-2016 Digital Bazaar, Inc.\n */\nmodule.exports = {\n // default options\n options: {\n usePureJavaScript: false\n }\n};\n","/**\n * Base-N/Base-X encoding/decoding functions.\n *\n * Original implementation from base-x:\n * https://github.com/cryptocoinjs/base-x\n *\n * Which is MIT licensed:\n *\n * The MIT License (MIT)\n *\n * Copyright base-x contributors (c) 2016\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to deal\n * in the Software without restriction, including without limitation the rights\n * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n * copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING\n * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER\n * DEALINGS IN THE SOFTWARE.\n */\nvar api = {};\nmodule.exports = api;\n\n// baseN alphabet indexes\nvar _reverseAlphabets = {};\n\n/**\n * BaseN-encodes a Uint8Array using the given alphabet.\n *\n * @param input the Uint8Array to encode.\n * @param maxline the maximum number of encoded characters per line to use,\n * defaults to none.\n *\n * @return the baseN-encoded output string.\n */\napi.encode = function(input, alphabet, maxline) {\n if(typeof alphabet !== 'string') {\n throw new TypeError('\"alphabet\" must be a string.');\n }\n if(maxline !== undefined && typeof maxline !== 'number') {\n throw new TypeError('\"maxline\" must be a number.');\n }\n\n var output = '';\n\n if(!(input instanceof Uint8Array)) {\n // assume forge byte buffer\n output = _encodeWithByteBuffer(input, alphabet);\n } else {\n var i = 0;\n var base = alphabet.length;\n var first = alphabet.charAt(0);\n var digits = [0];\n for(i = 0; i < input.length; ++i) {\n for(var j = 0, carry = input[i]; j < digits.length; ++j) {\n carry += digits[j] << 8;\n digits[j] = carry % base;\n carry = (carry / base) | 0;\n }\n\n while(carry > 0) {\n digits.push(carry % base);\n carry = (carry / base) | 0;\n }\n }\n\n // deal with leading zeros\n for(i = 0; input[i] === 0 && i < input.length - 1; ++i) {\n output += first;\n }\n // convert digits to a string\n for(i = digits.length - 1; i >= 0; --i) {\n output += alphabet[digits[i]];\n }\n }\n\n if(maxline) {\n var regex = new RegExp('.{1,' + maxline + '}', 'g');\n output = output.match(regex).join('\\r\\n');\n }\n\n return output;\n};\n\n/**\n * Decodes a baseN-encoded (using the given alphabet) string to a\n * Uint8Array.\n *\n * @param input the baseN-encoded input string.\n *\n * @return the Uint8Array.\n */\napi.decode = function(input, alphabet) {\n if(typeof input !== 'string') {\n throw new TypeError('\"input\" must be a string.');\n }\n if(typeof alphabet !== 'string') {\n throw new TypeError('\"alphabet\" must be a string.');\n }\n\n var table = _reverseAlphabets[alphabet];\n if(!table) {\n // compute reverse alphabet\n table = _reverseAlphabets[alphabet] = [];\n for(var i = 0; i < alphabet.length; ++i) {\n table[alphabet.charCodeAt(i)] = i;\n }\n }\n\n // remove whitespace characters\n input = input.replace(/\\s/g, '');\n\n var base = alphabet.length;\n var first = alphabet.charAt(0);\n var bytes = [0];\n for(var i = 0; i < input.length; i++) {\n var value = table[input.charCodeAt(i)];\n if(value === undefined) {\n return;\n }\n\n for(var j = 0, carry = value; j < bytes.length; ++j) {\n carry += bytes[j] * base;\n bytes[j] = carry & 0xff;\n carry >>= 8;\n }\n\n while(carry > 0) {\n bytes.push(carry & 0xff);\n carry >>= 8;\n }\n }\n\n // deal with leading zeros\n for(var k = 0; input[k] === first && k < input.length - 1; ++k) {\n bytes.push(0);\n }\n\n if(typeof Buffer !== 'undefined') {\n return Buffer.from(bytes.reverse());\n }\n\n return new Uint8Array(bytes.reverse());\n};\n\nfunction _encodeWithByteBuffer(input, alphabet) {\n var i = 0;\n var base = alphabet.length;\n var first = alphabet.charAt(0);\n var digits = [0];\n for(i = 0; i < input.length(); ++i) {\n for(var j = 0, carry = input.at(i); j < digits.length; ++j) {\n carry += digits[j] << 8;\n digits[j] = carry % base;\n carry = (carry / base) | 0;\n }\n\n while(carry > 0) {\n digits.push(carry % base);\n carry = (carry / base) | 0;\n }\n }\n\n var output = '';\n\n // deal with leading zeros\n for(i = 0; input.at(i) === 0 && i < input.length() - 1; ++i) {\n output += first;\n }\n // convert digits to a string\n for(i = digits.length - 1; i >= 0; --i) {\n output += alphabet[digits[i]];\n }\n\n return output;\n}\n","/**\n * Utility functions for web applications.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2018 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nvar baseN = require('./baseN');\n\n/* Utilities API */\nvar util = module.exports = forge.util = forge.util || {};\n\n// define setImmediate and nextTick\n(function() {\n // use native nextTick (unless we're in webpack)\n // webpack (or better node-libs-browser polyfill) sets process.browser.\n // this way we can detect webpack properly\n if(typeof process !== 'undefined' && process.nextTick && !process.browser) {\n util.nextTick = process.nextTick;\n if(typeof setImmediate === 'function') {\n util.setImmediate = setImmediate;\n } else {\n // polyfill setImmediate with nextTick, older versions of node\n // (those w/o setImmediate) won't totally starve IO\n util.setImmediate = util.nextTick;\n }\n return;\n }\n\n // polyfill nextTick with native setImmediate\n if(typeof setImmediate === 'function') {\n util.setImmediate = function() { return setImmediate.apply(undefined, arguments); };\n util.nextTick = function(callback) {\n return setImmediate(callback);\n };\n return;\n }\n\n /* Note: A polyfill upgrade pattern is used here to allow combining\n polyfills. For example, MutationObserver is fast, but blocks UI updates,\n so it needs to allow UI updates periodically, so it falls back on\n postMessage or setTimeout. */\n\n // polyfill with setTimeout\n util.setImmediate = function(callback) {\n setTimeout(callback, 0);\n };\n\n // upgrade polyfill to use postMessage\n if(typeof window !== 'undefined' &&\n typeof window.postMessage === 'function') {\n var msg = 'forge.setImmediate';\n var callbacks = [];\n util.setImmediate = function(callback) {\n callbacks.push(callback);\n // only send message when one hasn't been sent in\n // the current turn of the event loop\n if(callbacks.length === 1) {\n window.postMessage(msg, '*');\n }\n };\n function handler(event) {\n if(event.source === window && event.data === msg) {\n event.stopPropagation();\n var copy = callbacks.slice();\n callbacks.length = 0;\n copy.forEach(function(callback) {\n callback();\n });\n }\n }\n window.addEventListener('message', handler, true);\n }\n\n // upgrade polyfill to use MutationObserver\n if(typeof MutationObserver !== 'undefined') {\n // polyfill with MutationObserver\n var now = Date.now();\n var attr = true;\n var div = document.createElement('div');\n var callbacks = [];\n new MutationObserver(function() {\n var copy = callbacks.slice();\n callbacks.length = 0;\n copy.forEach(function(callback) {\n callback();\n });\n }).observe(div, {attributes: true});\n var oldSetImmediate = util.setImmediate;\n util.setImmediate = function(callback) {\n if(Date.now() - now > 15) {\n now = Date.now();\n oldSetImmediate(callback);\n } else {\n callbacks.push(callback);\n // only trigger observer when it hasn't been triggered in\n // the current turn of the event loop\n if(callbacks.length === 1) {\n div.setAttribute('a', attr = !attr);\n }\n }\n };\n }\n\n util.nextTick = util.setImmediate;\n})();\n\n// check if running under Node.js\nutil.isNodejs =\n typeof process !== 'undefined' && process.versions && process.versions.node;\n\n\n// 'self' will also work in Web Workers (instance of WorkerGlobalScope) while\n// it will point to `window` in the main thread.\n// To remain compatible with older browsers, we fall back to 'window' if 'self'\n// is not available.\nutil.globalScope = (function() {\n if(util.isNodejs) {\n return global;\n }\n\n return typeof self === 'undefined' ? window : self;\n})();\n\n// define isArray\nutil.isArray = Array.isArray || function(x) {\n return Object.prototype.toString.call(x) === '[object Array]';\n};\n\n// define isArrayBuffer\nutil.isArrayBuffer = function(x) {\n return typeof ArrayBuffer !== 'undefined' && x instanceof ArrayBuffer;\n};\n\n// define isArrayBufferView\nutil.isArrayBufferView = function(x) {\n return x && util.isArrayBuffer(x.buffer) && x.byteLength !== undefined;\n};\n\n/**\n * Ensure a bits param is 8, 16, 24, or 32. Used to validate input for\n * algorithms where bit manipulation, JavaScript limitations, and/or algorithm\n * design only allow for byte operations of a limited size.\n *\n * @param n number of bits.\n *\n * Throw Error if n invalid.\n */\nfunction _checkBitsParam(n) {\n if(!(n === 8 || n === 16 || n === 24 || n === 32)) {\n throw new Error('Only 8, 16, 24, or 32 bits supported: ' + n);\n }\n}\n\n// TODO: set ByteBuffer to best available backing\nutil.ByteBuffer = ByteStringBuffer;\n\n/** Buffer w/BinaryString backing */\n\n/**\n * Constructor for a binary string backed byte buffer.\n *\n * @param [b] the bytes to wrap (either encoded as string, one byte per\n * character, or as an ArrayBuffer or Typed Array).\n */\nfunction ByteStringBuffer(b) {\n // TODO: update to match DataBuffer API\n\n // the data in this buffer\n this.data = '';\n // the pointer for reading from this buffer\n this.read = 0;\n\n if(typeof b === 'string') {\n this.data = b;\n } else if(util.isArrayBuffer(b) || util.isArrayBufferView(b)) {\n if(typeof Buffer !== 'undefined' && b instanceof Buffer) {\n this.data = b.toString('binary');\n } else {\n // convert native buffer to forge buffer\n // FIXME: support native buffers internally instead\n var arr = new Uint8Array(b);\n try {\n this.data = String.fromCharCode.apply(null, arr);\n } catch(e) {\n for(var i = 0; i < arr.length; ++i) {\n this.putByte(arr[i]);\n }\n }\n }\n } else if(b instanceof ByteStringBuffer ||\n (typeof b === 'object' && typeof b.data === 'string' &&\n typeof b.read === 'number')) {\n // copy existing buffer\n this.data = b.data;\n this.read = b.read;\n }\n\n // used for v8 optimization\n this._constructedStringLength = 0;\n}\nutil.ByteStringBuffer = ByteStringBuffer;\n\n/* Note: This is an optimization for V8-based browsers. When V8 concatenates\n a string, the strings are only joined logically using a \"cons string\" or\n \"constructed/concatenated string\". These containers keep references to one\n another and can result in very large memory usage. For example, if a 2MB\n string is constructed by concatenating 4 bytes together at a time, the\n memory usage will be ~44MB; so ~22x increase. The strings are only joined\n together when an operation requiring their joining takes place, such as\n substr(). This function is called when adding data to this buffer to ensure\n these types of strings are periodically joined to reduce the memory\n footprint. */\nvar _MAX_CONSTRUCTED_STRING_LENGTH = 4096;\nutil.ByteStringBuffer.prototype._optimizeConstructedString = function(x) {\n this._constructedStringLength += x;\n if(this._constructedStringLength > _MAX_CONSTRUCTED_STRING_LENGTH) {\n // this substr() should cause the constructed string to join\n this.data.substr(0, 1);\n this._constructedStringLength = 0;\n }\n};\n\n/**\n * Gets the number of bytes in this buffer.\n *\n * @return the number of bytes in this buffer.\n */\nutil.ByteStringBuffer.prototype.length = function() {\n return this.data.length - this.read;\n};\n\n/**\n * Gets whether or not this buffer is empty.\n *\n * @return true if this buffer is empty, false if not.\n */\nutil.ByteStringBuffer.prototype.isEmpty = function() {\n return this.length() <= 0;\n};\n\n/**\n * Puts a byte in this buffer.\n *\n * @param b the byte to put.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putByte = function(b) {\n return this.putBytes(String.fromCharCode(b));\n};\n\n/**\n * Puts a byte in this buffer N times.\n *\n * @param b the byte to put.\n * @param n the number of bytes of value b to put.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.fillWithByte = function(b, n) {\n b = String.fromCharCode(b);\n var d = this.data;\n while(n > 0) {\n if(n & 1) {\n d += b;\n }\n n >>>= 1;\n if(n > 0) {\n b += b;\n }\n }\n this.data = d;\n this._optimizeConstructedString(n);\n return this;\n};\n\n/**\n * Puts bytes in this buffer.\n *\n * @param bytes the bytes (as a binary encoded string) to put.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putBytes = function(bytes) {\n this.data += bytes;\n this._optimizeConstructedString(bytes.length);\n return this;\n};\n\n/**\n * Puts a UTF-16 encoded string into this buffer.\n *\n * @param str the string to put.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putString = function(str) {\n return this.putBytes(util.encodeUtf8(str));\n};\n\n/**\n * Puts a 16-bit integer in this buffer in big-endian order.\n *\n * @param i the 16-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt16 = function(i) {\n return this.putBytes(\n String.fromCharCode(i >> 8 & 0xFF) +\n String.fromCharCode(i & 0xFF));\n};\n\n/**\n * Puts a 24-bit integer in this buffer in big-endian order.\n *\n * @param i the 24-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt24 = function(i) {\n return this.putBytes(\n String.fromCharCode(i >> 16 & 0xFF) +\n String.fromCharCode(i >> 8 & 0xFF) +\n String.fromCharCode(i & 0xFF));\n};\n\n/**\n * Puts a 32-bit integer in this buffer in big-endian order.\n *\n * @param i the 32-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt32 = function(i) {\n return this.putBytes(\n String.fromCharCode(i >> 24 & 0xFF) +\n String.fromCharCode(i >> 16 & 0xFF) +\n String.fromCharCode(i >> 8 & 0xFF) +\n String.fromCharCode(i & 0xFF));\n};\n\n/**\n * Puts a 16-bit integer in this buffer in little-endian order.\n *\n * @param i the 16-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt16Le = function(i) {\n return this.putBytes(\n String.fromCharCode(i & 0xFF) +\n String.fromCharCode(i >> 8 & 0xFF));\n};\n\n/**\n * Puts a 24-bit integer in this buffer in little-endian order.\n *\n * @param i the 24-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt24Le = function(i) {\n return this.putBytes(\n String.fromCharCode(i & 0xFF) +\n String.fromCharCode(i >> 8 & 0xFF) +\n String.fromCharCode(i >> 16 & 0xFF));\n};\n\n/**\n * Puts a 32-bit integer in this buffer in little-endian order.\n *\n * @param i the 32-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt32Le = function(i) {\n return this.putBytes(\n String.fromCharCode(i & 0xFF) +\n String.fromCharCode(i >> 8 & 0xFF) +\n String.fromCharCode(i >> 16 & 0xFF) +\n String.fromCharCode(i >> 24 & 0xFF));\n};\n\n/**\n * Puts an n-bit integer in this buffer in big-endian order.\n *\n * @param i the n-bit integer.\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt = function(i, n) {\n _checkBitsParam(n);\n var bytes = '';\n do {\n n -= 8;\n bytes += String.fromCharCode((i >> n) & 0xFF);\n } while(n > 0);\n return this.putBytes(bytes);\n};\n\n/**\n * Puts a signed n-bit integer in this buffer in big-endian order. Two's\n * complement representation is used.\n *\n * @param i the n-bit integer.\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putSignedInt = function(i, n) {\n // putInt checks n\n if(i < 0) {\n i += 2 << (n - 1);\n }\n return this.putInt(i, n);\n};\n\n/**\n * Puts the given buffer into this buffer.\n *\n * @param buffer the buffer to put into this one.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putBuffer = function(buffer) {\n return this.putBytes(buffer.getBytes());\n};\n\n/**\n * Gets a byte from this buffer and advances the read pointer by 1.\n *\n * @return the byte.\n */\nutil.ByteStringBuffer.prototype.getByte = function() {\n return this.data.charCodeAt(this.read++);\n};\n\n/**\n * Gets a uint16 from this buffer in big-endian order and advances the read\n * pointer by 2.\n *\n * @return the uint16.\n */\nutil.ByteStringBuffer.prototype.getInt16 = function() {\n var rval = (\n this.data.charCodeAt(this.read) << 8 ^\n this.data.charCodeAt(this.read + 1));\n this.read += 2;\n return rval;\n};\n\n/**\n * Gets a uint24 from this buffer in big-endian order and advances the read\n * pointer by 3.\n *\n * @return the uint24.\n */\nutil.ByteStringBuffer.prototype.getInt24 = function() {\n var rval = (\n this.data.charCodeAt(this.read) << 16 ^\n this.data.charCodeAt(this.read + 1) << 8 ^\n this.data.charCodeAt(this.read + 2));\n this.read += 3;\n return rval;\n};\n\n/**\n * Gets a uint32 from this buffer in big-endian order and advances the read\n * pointer by 4.\n *\n * @return the word.\n */\nutil.ByteStringBuffer.prototype.getInt32 = function() {\n var rval = (\n this.data.charCodeAt(this.read) << 24 ^\n this.data.charCodeAt(this.read + 1) << 16 ^\n this.data.charCodeAt(this.read + 2) << 8 ^\n this.data.charCodeAt(this.read + 3));\n this.read += 4;\n return rval;\n};\n\n/**\n * Gets a uint16 from this buffer in little-endian order and advances the read\n * pointer by 2.\n *\n * @return the uint16.\n */\nutil.ByteStringBuffer.prototype.getInt16Le = function() {\n var rval = (\n this.data.charCodeAt(this.read) ^\n this.data.charCodeAt(this.read + 1) << 8);\n this.read += 2;\n return rval;\n};\n\n/**\n * Gets a uint24 from this buffer in little-endian order and advances the read\n * pointer by 3.\n *\n * @return the uint24.\n */\nutil.ByteStringBuffer.prototype.getInt24Le = function() {\n var rval = (\n this.data.charCodeAt(this.read) ^\n this.data.charCodeAt(this.read + 1) << 8 ^\n this.data.charCodeAt(this.read + 2) << 16);\n this.read += 3;\n return rval;\n};\n\n/**\n * Gets a uint32 from this buffer in little-endian order and advances the read\n * pointer by 4.\n *\n * @return the word.\n */\nutil.ByteStringBuffer.prototype.getInt32Le = function() {\n var rval = (\n this.data.charCodeAt(this.read) ^\n this.data.charCodeAt(this.read + 1) << 8 ^\n this.data.charCodeAt(this.read + 2) << 16 ^\n this.data.charCodeAt(this.read + 3) << 24);\n this.read += 4;\n return rval;\n};\n\n/**\n * Gets an n-bit integer from this buffer in big-endian order and advances the\n * read pointer by ceil(n/8).\n *\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return the integer.\n */\nutil.ByteStringBuffer.prototype.getInt = function(n) {\n _checkBitsParam(n);\n var rval = 0;\n do {\n // TODO: Use (rval * 0x100) if adding support for 33 to 53 bits.\n rval = (rval << 8) + this.data.charCodeAt(this.read++);\n n -= 8;\n } while(n > 0);\n return rval;\n};\n\n/**\n * Gets a signed n-bit integer from this buffer in big-endian order, using\n * two's complement, and advances the read pointer by n/8.\n *\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return the integer.\n */\nutil.ByteStringBuffer.prototype.getSignedInt = function(n) {\n // getInt checks n\n var x = this.getInt(n);\n var max = 2 << (n - 2);\n if(x >= max) {\n x -= max << 1;\n }\n return x;\n};\n\n/**\n * Reads bytes out as a binary encoded string and clears them from the\n * buffer. Note that the resulting string is binary encoded (in node.js this\n * encoding is referred to as `binary`, it is *not* `utf8`).\n *\n * @param count the number of bytes to read, undefined or null for all.\n *\n * @return a binary encoded string of bytes.\n */\nutil.ByteStringBuffer.prototype.getBytes = function(count) {\n var rval;\n if(count) {\n // read count bytes\n count = Math.min(this.length(), count);\n rval = this.data.slice(this.read, this.read + count);\n this.read += count;\n } else if(count === 0) {\n rval = '';\n } else {\n // read all bytes, optimize to only copy when needed\n rval = (this.read === 0) ? this.data : this.data.slice(this.read);\n this.clear();\n }\n return rval;\n};\n\n/**\n * Gets a binary encoded string of the bytes from this buffer without\n * modifying the read pointer.\n *\n * @param count the number of bytes to get, omit to get all.\n *\n * @return a string full of binary encoded characters.\n */\nutil.ByteStringBuffer.prototype.bytes = function(count) {\n return (typeof(count) === 'undefined' ?\n this.data.slice(this.read) :\n this.data.slice(this.read, this.read + count));\n};\n\n/**\n * Gets a byte at the given index without modifying the read pointer.\n *\n * @param i the byte index.\n *\n * @return the byte.\n */\nutil.ByteStringBuffer.prototype.at = function(i) {\n return this.data.charCodeAt(this.read + i);\n};\n\n/**\n * Puts a byte at the given index without modifying the read pointer.\n *\n * @param i the byte index.\n * @param b the byte to put.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.setAt = function(i, b) {\n this.data = this.data.substr(0, this.read + i) +\n String.fromCharCode(b) +\n this.data.substr(this.read + i + 1);\n return this;\n};\n\n/**\n * Gets the last byte without modifying the read pointer.\n *\n * @return the last byte.\n */\nutil.ByteStringBuffer.prototype.last = function() {\n return this.data.charCodeAt(this.data.length - 1);\n};\n\n/**\n * Creates a copy of this buffer.\n *\n * @return the copy.\n */\nutil.ByteStringBuffer.prototype.copy = function() {\n var c = util.createBuffer(this.data);\n c.read = this.read;\n return c;\n};\n\n/**\n * Compacts this buffer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.compact = function() {\n if(this.read > 0) {\n this.data = this.data.slice(this.read);\n this.read = 0;\n }\n return this;\n};\n\n/**\n * Clears this buffer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.clear = function() {\n this.data = '';\n this.read = 0;\n return this;\n};\n\n/**\n * Shortens this buffer by triming bytes off of the end of this buffer.\n *\n * @param count the number of bytes to trim off.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.truncate = function(count) {\n var len = Math.max(0, this.length() - count);\n this.data = this.data.substr(this.read, len);\n this.read = 0;\n return this;\n};\n\n/**\n * Converts this buffer to a hexadecimal string.\n *\n * @return a hexadecimal string.\n */\nutil.ByteStringBuffer.prototype.toHex = function() {\n var rval = '';\n for(var i = this.read; i < this.data.length; ++i) {\n var b = this.data.charCodeAt(i);\n if(b < 16) {\n rval += '0';\n }\n rval += b.toString(16);\n }\n return rval;\n};\n\n/**\n * Converts this buffer to a UTF-16 string (standard JavaScript string).\n *\n * @return a UTF-16 string.\n */\nutil.ByteStringBuffer.prototype.toString = function() {\n return util.decodeUtf8(this.bytes());\n};\n\n/** End Buffer w/BinaryString backing */\n\n/** Buffer w/UInt8Array backing */\n\n/**\n * FIXME: Experimental. Do not use yet.\n *\n * Constructor for an ArrayBuffer-backed byte buffer.\n *\n * The buffer may be constructed from a string, an ArrayBuffer, DataView, or a\n * TypedArray.\n *\n * If a string is given, its encoding should be provided as an option,\n * otherwise it will default to 'binary'. A 'binary' string is encoded such\n * that each character is one byte in length and size.\n *\n * If an ArrayBuffer, DataView, or TypedArray is given, it will be used\n * *directly* without any copying. Note that, if a write to the buffer requires\n * more space, the buffer will allocate a new backing ArrayBuffer to\n * accommodate. The starting read and write offsets for the buffer may be\n * given as options.\n *\n * @param [b] the initial bytes for this buffer.\n * @param options the options to use:\n * [readOffset] the starting read offset to use (default: 0).\n * [writeOffset] the starting write offset to use (default: the\n * length of the first parameter).\n * [growSize] the minimum amount, in bytes, to grow the buffer by to\n * accommodate writes (default: 1024).\n * [encoding] the encoding ('binary', 'utf8', 'utf16', 'hex') for the\n * first parameter, if it is a string (default: 'binary').\n */\nfunction DataBuffer(b, options) {\n // default options\n options = options || {};\n\n // pointers for read from/write to buffer\n this.read = options.readOffset || 0;\n this.growSize = options.growSize || 1024;\n\n var isArrayBuffer = util.isArrayBuffer(b);\n var isArrayBufferView = util.isArrayBufferView(b);\n if(isArrayBuffer || isArrayBufferView) {\n // use ArrayBuffer directly\n if(isArrayBuffer) {\n this.data = new DataView(b);\n } else {\n // TODO: adjust read/write offset based on the type of view\n // or specify that this must be done in the options ... that the\n // offsets are byte-based\n this.data = new DataView(b.buffer, b.byteOffset, b.byteLength);\n }\n this.write = ('writeOffset' in options ?\n options.writeOffset : this.data.byteLength);\n return;\n }\n\n // initialize to empty array buffer and add any given bytes using putBytes\n this.data = new DataView(new ArrayBuffer(0));\n this.write = 0;\n\n if(b !== null && b !== undefined) {\n this.putBytes(b);\n }\n\n if('writeOffset' in options) {\n this.write = options.writeOffset;\n }\n}\nutil.DataBuffer = DataBuffer;\n\n/**\n * Gets the number of bytes in this buffer.\n *\n * @return the number of bytes in this buffer.\n */\nutil.DataBuffer.prototype.length = function() {\n return this.write - this.read;\n};\n\n/**\n * Gets whether or not this buffer is empty.\n *\n * @return true if this buffer is empty, false if not.\n */\nutil.DataBuffer.prototype.isEmpty = function() {\n return this.length() <= 0;\n};\n\n/**\n * Ensures this buffer has enough empty space to accommodate the given number\n * of bytes. An optional parameter may be given that indicates a minimum\n * amount to grow the buffer if necessary. If the parameter is not given,\n * the buffer will be grown by some previously-specified default amount\n * or heuristic.\n *\n * @param amount the number of bytes to accommodate.\n * @param [growSize] the minimum amount, in bytes, to grow the buffer by if\n * necessary.\n */\nutil.DataBuffer.prototype.accommodate = function(amount, growSize) {\n if(this.length() >= amount) {\n return this;\n }\n growSize = Math.max(growSize || this.growSize, amount);\n\n // grow buffer\n var src = new Uint8Array(\n this.data.buffer, this.data.byteOffset, this.data.byteLength);\n var dst = new Uint8Array(this.length() + growSize);\n dst.set(src);\n this.data = new DataView(dst.buffer);\n\n return this;\n};\n\n/**\n * Puts a byte in this buffer.\n *\n * @param b the byte to put.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putByte = function(b) {\n this.accommodate(1);\n this.data.setUint8(this.write++, b);\n return this;\n};\n\n/**\n * Puts a byte in this buffer N times.\n *\n * @param b the byte to put.\n * @param n the number of bytes of value b to put.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.fillWithByte = function(b, n) {\n this.accommodate(n);\n for(var i = 0; i < n; ++i) {\n this.data.setUint8(b);\n }\n return this;\n};\n\n/**\n * Puts bytes in this buffer. The bytes may be given as a string, an\n * ArrayBuffer, a DataView, or a TypedArray.\n *\n * @param bytes the bytes to put.\n * @param [encoding] the encoding for the first parameter ('binary', 'utf8',\n * 'utf16', 'hex'), if it is a string (default: 'binary').\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putBytes = function(bytes, encoding) {\n if(util.isArrayBufferView(bytes)) {\n var src = new Uint8Array(bytes.buffer, bytes.byteOffset, bytes.byteLength);\n var len = src.byteLength - src.byteOffset;\n this.accommodate(len);\n var dst = new Uint8Array(this.data.buffer, this.write);\n dst.set(src);\n this.write += len;\n return this;\n }\n\n if(util.isArrayBuffer(bytes)) {\n var src = new Uint8Array(bytes);\n this.accommodate(src.byteLength);\n var dst = new Uint8Array(this.data.buffer);\n dst.set(src, this.write);\n this.write += src.byteLength;\n return this;\n }\n\n // bytes is a util.DataBuffer or equivalent\n if(bytes instanceof util.DataBuffer ||\n (typeof bytes === 'object' &&\n typeof bytes.read === 'number' && typeof bytes.write === 'number' &&\n util.isArrayBufferView(bytes.data))) {\n var src = new Uint8Array(bytes.data.byteLength, bytes.read, bytes.length());\n this.accommodate(src.byteLength);\n var dst = new Uint8Array(bytes.data.byteLength, this.write);\n dst.set(src);\n this.write += src.byteLength;\n return this;\n }\n\n if(bytes instanceof util.ByteStringBuffer) {\n // copy binary string and process as the same as a string parameter below\n bytes = bytes.data;\n encoding = 'binary';\n }\n\n // string conversion\n encoding = encoding || 'binary';\n if(typeof bytes === 'string') {\n var view;\n\n // decode from string\n if(encoding === 'hex') {\n this.accommodate(Math.ceil(bytes.length / 2));\n view = new Uint8Array(this.data.buffer, this.write);\n this.write += util.binary.hex.decode(bytes, view, this.write);\n return this;\n }\n if(encoding === 'base64') {\n this.accommodate(Math.ceil(bytes.length / 4) * 3);\n view = new Uint8Array(this.data.buffer, this.write);\n this.write += util.binary.base64.decode(bytes, view, this.write);\n return this;\n }\n\n // encode text as UTF-8 bytes\n if(encoding === 'utf8') {\n // encode as UTF-8 then decode string as raw binary\n bytes = util.encodeUtf8(bytes);\n encoding = 'binary';\n }\n\n // decode string as raw binary\n if(encoding === 'binary' || encoding === 'raw') {\n // one byte per character\n this.accommodate(bytes.length);\n view = new Uint8Array(this.data.buffer, this.write);\n this.write += util.binary.raw.decode(view);\n return this;\n }\n\n // encode text as UTF-16 bytes\n if(encoding === 'utf16') {\n // two bytes per character\n this.accommodate(bytes.length * 2);\n view = new Uint16Array(this.data.buffer, this.write);\n this.write += util.text.utf16.encode(view);\n return this;\n }\n\n throw new Error('Invalid encoding: ' + encoding);\n }\n\n throw Error('Invalid parameter: ' + bytes);\n};\n\n/**\n * Puts the given buffer into this buffer.\n *\n * @param buffer the buffer to put into this one.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putBuffer = function(buffer) {\n this.putBytes(buffer);\n buffer.clear();\n return this;\n};\n\n/**\n * Puts a string into this buffer.\n *\n * @param str the string to put.\n * @param [encoding] the encoding for the string (default: 'utf16').\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putString = function(str) {\n return this.putBytes(str, 'utf16');\n};\n\n/**\n * Puts a 16-bit integer in this buffer in big-endian order.\n *\n * @param i the 16-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt16 = function(i) {\n this.accommodate(2);\n this.data.setInt16(this.write, i);\n this.write += 2;\n return this;\n};\n\n/**\n * Puts a 24-bit integer in this buffer in big-endian order.\n *\n * @param i the 24-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt24 = function(i) {\n this.accommodate(3);\n this.data.setInt16(this.write, i >> 8 & 0xFFFF);\n this.data.setInt8(this.write, i >> 16 & 0xFF);\n this.write += 3;\n return this;\n};\n\n/**\n * Puts a 32-bit integer in this buffer in big-endian order.\n *\n * @param i the 32-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt32 = function(i) {\n this.accommodate(4);\n this.data.setInt32(this.write, i);\n this.write += 4;\n return this;\n};\n\n/**\n * Puts a 16-bit integer in this buffer in little-endian order.\n *\n * @param i the 16-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt16Le = function(i) {\n this.accommodate(2);\n this.data.setInt16(this.write, i, true);\n this.write += 2;\n return this;\n};\n\n/**\n * Puts a 24-bit integer in this buffer in little-endian order.\n *\n * @param i the 24-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt24Le = function(i) {\n this.accommodate(3);\n this.data.setInt8(this.write, i >> 16 & 0xFF);\n this.data.setInt16(this.write, i >> 8 & 0xFFFF, true);\n this.write += 3;\n return this;\n};\n\n/**\n * Puts a 32-bit integer in this buffer in little-endian order.\n *\n * @param i the 32-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt32Le = function(i) {\n this.accommodate(4);\n this.data.setInt32(this.write, i, true);\n this.write += 4;\n return this;\n};\n\n/**\n * Puts an n-bit integer in this buffer in big-endian order.\n *\n * @param i the n-bit integer.\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt = function(i, n) {\n _checkBitsParam(n);\n this.accommodate(n / 8);\n do {\n n -= 8;\n this.data.setInt8(this.write++, (i >> n) & 0xFF);\n } while(n > 0);\n return this;\n};\n\n/**\n * Puts a signed n-bit integer in this buffer in big-endian order. Two's\n * complement representation is used.\n *\n * @param i the n-bit integer.\n * @param n the number of bits in the integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putSignedInt = function(i, n) {\n _checkBitsParam(n);\n this.accommodate(n / 8);\n if(i < 0) {\n i += 2 << (n - 1);\n }\n return this.putInt(i, n);\n};\n\n/**\n * Gets a byte from this buffer and advances the read pointer by 1.\n *\n * @return the byte.\n */\nutil.DataBuffer.prototype.getByte = function() {\n return this.data.getInt8(this.read++);\n};\n\n/**\n * Gets a uint16 from this buffer in big-endian order and advances the read\n * pointer by 2.\n *\n * @return the uint16.\n */\nutil.DataBuffer.prototype.getInt16 = function() {\n var rval = this.data.getInt16(this.read);\n this.read += 2;\n return rval;\n};\n\n/**\n * Gets a uint24 from this buffer in big-endian order and advances the read\n * pointer by 3.\n *\n * @return the uint24.\n */\nutil.DataBuffer.prototype.getInt24 = function() {\n var rval = (\n this.data.getInt16(this.read) << 8 ^\n this.data.getInt8(this.read + 2));\n this.read += 3;\n return rval;\n};\n\n/**\n * Gets a uint32 from this buffer in big-endian order and advances the read\n * pointer by 4.\n *\n * @return the word.\n */\nutil.DataBuffer.prototype.getInt32 = function() {\n var rval = this.data.getInt32(this.read);\n this.read += 4;\n return rval;\n};\n\n/**\n * Gets a uint16 from this buffer in little-endian order and advances the read\n * pointer by 2.\n *\n * @return the uint16.\n */\nutil.DataBuffer.prototype.getInt16Le = function() {\n var rval = this.data.getInt16(this.read, true);\n this.read += 2;\n return rval;\n};\n\n/**\n * Gets a uint24 from this buffer in little-endian order and advances the read\n * pointer by 3.\n *\n * @return the uint24.\n */\nutil.DataBuffer.prototype.getInt24Le = function() {\n var rval = (\n this.data.getInt8(this.read) ^\n this.data.getInt16(this.read + 1, true) << 8);\n this.read += 3;\n return rval;\n};\n\n/**\n * Gets a uint32 from this buffer in little-endian order and advances the read\n * pointer by 4.\n *\n * @return the word.\n */\nutil.DataBuffer.prototype.getInt32Le = function() {\n var rval = this.data.getInt32(this.read, true);\n this.read += 4;\n return rval;\n};\n\n/**\n * Gets an n-bit integer from this buffer in big-endian order and advances the\n * read pointer by n/8.\n *\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return the integer.\n */\nutil.DataBuffer.prototype.getInt = function(n) {\n _checkBitsParam(n);\n var rval = 0;\n do {\n // TODO: Use (rval * 0x100) if adding support for 33 to 53 bits.\n rval = (rval << 8) + this.data.getInt8(this.read++);\n n -= 8;\n } while(n > 0);\n return rval;\n};\n\n/**\n * Gets a signed n-bit integer from this buffer in big-endian order, using\n * two's complement, and advances the read pointer by n/8.\n *\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return the integer.\n */\nutil.DataBuffer.prototype.getSignedInt = function(n) {\n // getInt checks n\n var x = this.getInt(n);\n var max = 2 << (n - 2);\n if(x >= max) {\n x -= max << 1;\n }\n return x;\n};\n\n/**\n * Reads bytes out as a binary encoded string and clears them from the\n * buffer.\n *\n * @param count the number of bytes to read, undefined or null for all.\n *\n * @return a binary encoded string of bytes.\n */\nutil.DataBuffer.prototype.getBytes = function(count) {\n // TODO: deprecate this method, it is poorly named and\n // this.toString('binary') replaces it\n // add a toTypedArray()/toArrayBuffer() function\n var rval;\n if(count) {\n // read count bytes\n count = Math.min(this.length(), count);\n rval = this.data.slice(this.read, this.read + count);\n this.read += count;\n } else if(count === 0) {\n rval = '';\n } else {\n // read all bytes, optimize to only copy when needed\n rval = (this.read === 0) ? this.data : this.data.slice(this.read);\n this.clear();\n }\n return rval;\n};\n\n/**\n * Gets a binary encoded string of the bytes from this buffer without\n * modifying the read pointer.\n *\n * @param count the number of bytes to get, omit to get all.\n *\n * @return a string full of binary encoded characters.\n */\nutil.DataBuffer.prototype.bytes = function(count) {\n // TODO: deprecate this method, it is poorly named, add \"getString()\"\n return (typeof(count) === 'undefined' ?\n this.data.slice(this.read) :\n this.data.slice(this.read, this.read + count));\n};\n\n/**\n * Gets a byte at the given index without modifying the read pointer.\n *\n * @param i the byte index.\n *\n * @return the byte.\n */\nutil.DataBuffer.prototype.at = function(i) {\n return this.data.getUint8(this.read + i);\n};\n\n/**\n * Puts a byte at the given index without modifying the read pointer.\n *\n * @param i the byte index.\n * @param b the byte to put.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.setAt = function(i, b) {\n this.data.setUint8(i, b);\n return this;\n};\n\n/**\n * Gets the last byte without modifying the read pointer.\n *\n * @return the last byte.\n */\nutil.DataBuffer.prototype.last = function() {\n return this.data.getUint8(this.write - 1);\n};\n\n/**\n * Creates a copy of this buffer.\n *\n * @return the copy.\n */\nutil.DataBuffer.prototype.copy = function() {\n return new util.DataBuffer(this);\n};\n\n/**\n * Compacts this buffer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.compact = function() {\n if(this.read > 0) {\n var src = new Uint8Array(this.data.buffer, this.read);\n var dst = new Uint8Array(src.byteLength);\n dst.set(src);\n this.data = new DataView(dst);\n this.write -= this.read;\n this.read = 0;\n }\n return this;\n};\n\n/**\n * Clears this buffer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.clear = function() {\n this.data = new DataView(new ArrayBuffer(0));\n this.read = this.write = 0;\n return this;\n};\n\n/**\n * Shortens this buffer by triming bytes off of the end of this buffer.\n *\n * @param count the number of bytes to trim off.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.truncate = function(count) {\n this.write = Math.max(0, this.length() - count);\n this.read = Math.min(this.read, this.write);\n return this;\n};\n\n/**\n * Converts this buffer to a hexadecimal string.\n *\n * @return a hexadecimal string.\n */\nutil.DataBuffer.prototype.toHex = function() {\n var rval = '';\n for(var i = this.read; i < this.data.byteLength; ++i) {\n var b = this.data.getUint8(i);\n if(b < 16) {\n rval += '0';\n }\n rval += b.toString(16);\n }\n return rval;\n};\n\n/**\n * Converts this buffer to a string, using the given encoding. If no\n * encoding is given, 'utf8' (UTF-8) is used.\n *\n * @param [encoding] the encoding to use: 'binary', 'utf8', 'utf16', 'hex',\n * 'base64' (default: 'utf8').\n *\n * @return a string representation of the bytes in this buffer.\n */\nutil.DataBuffer.prototype.toString = function(encoding) {\n var view = new Uint8Array(this.data, this.read, this.length());\n encoding = encoding || 'utf8';\n\n // encode to string\n if(encoding === 'binary' || encoding === 'raw') {\n return util.binary.raw.encode(view);\n }\n if(encoding === 'hex') {\n return util.binary.hex.encode(view);\n }\n if(encoding === 'base64') {\n return util.binary.base64.encode(view);\n }\n\n // decode to text\n if(encoding === 'utf8') {\n return util.text.utf8.decode(view);\n }\n if(encoding === 'utf16') {\n return util.text.utf16.decode(view);\n }\n\n throw new Error('Invalid encoding: ' + encoding);\n};\n\n/** End Buffer w/UInt8Array backing */\n\n/**\n * Creates a buffer that stores bytes. A value may be given to populate the\n * buffer with data. This value can either be string of encoded bytes or a\n * regular string of characters. When passing a string of binary encoded\n * bytes, the encoding `raw` should be given. This is also the default. When\n * passing a string of characters, the encoding `utf8` should be given.\n *\n * @param [input] a string with encoded bytes to store in the buffer.\n * @param [encoding] (default: 'raw', other: 'utf8').\n */\nutil.createBuffer = function(input, encoding) {\n // TODO: deprecate, use new ByteBuffer() instead\n encoding = encoding || 'raw';\n if(input !== undefined && encoding === 'utf8') {\n input = util.encodeUtf8(input);\n }\n return new util.ByteBuffer(input);\n};\n\n/**\n * Fills a string with a particular value. If you want the string to be a byte\n * string, pass in String.fromCharCode(theByte).\n *\n * @param c the character to fill the string with, use String.fromCharCode\n * to fill the string with a byte value.\n * @param n the number of characters of value c to fill with.\n *\n * @return the filled string.\n */\nutil.fillString = function(c, n) {\n var s = '';\n while(n > 0) {\n if(n & 1) {\n s += c;\n }\n n >>>= 1;\n if(n > 0) {\n c += c;\n }\n }\n return s;\n};\n\n/**\n * Performs a per byte XOR between two byte strings and returns the result as a\n * string of bytes.\n *\n * @param s1 first string of bytes.\n * @param s2 second string of bytes.\n * @param n the number of bytes to XOR.\n *\n * @return the XOR'd result.\n */\nutil.xorBytes = function(s1, s2, n) {\n var s3 = '';\n var b = '';\n var t = '';\n var i = 0;\n var c = 0;\n for(; n > 0; --n, ++i) {\n b = s1.charCodeAt(i) ^ s2.charCodeAt(i);\n if(c >= 10) {\n s3 += t;\n t = '';\n c = 0;\n }\n t += String.fromCharCode(b);\n ++c;\n }\n s3 += t;\n return s3;\n};\n\n/**\n * Converts a hex string into a 'binary' encoded string of bytes.\n *\n * @param hex the hexadecimal string to convert.\n *\n * @return the binary-encoded string of bytes.\n */\nutil.hexToBytes = function(hex) {\n // TODO: deprecate: \"Deprecated. Use util.binary.hex.decode instead.\"\n var rval = '';\n var i = 0;\n if(hex.length & 1 == 1) {\n // odd number of characters, convert first character alone\n i = 1;\n rval += String.fromCharCode(parseInt(hex[0], 16));\n }\n // convert 2 characters (1 byte) at a time\n for(; i < hex.length; i += 2) {\n rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16));\n }\n return rval;\n};\n\n/**\n * Converts a 'binary' encoded string of bytes to hex.\n *\n * @param bytes the byte string to convert.\n *\n * @return the string of hexadecimal characters.\n */\nutil.bytesToHex = function(bytes) {\n // TODO: deprecate: \"Deprecated. Use util.binary.hex.encode instead.\"\n return util.createBuffer(bytes).toHex();\n};\n\n/**\n * Converts an 32-bit integer to 4-big-endian byte string.\n *\n * @param i the integer.\n *\n * @return the byte string.\n */\nutil.int32ToBytes = function(i) {\n return (\n String.fromCharCode(i >> 24 & 0xFF) +\n String.fromCharCode(i >> 16 & 0xFF) +\n String.fromCharCode(i >> 8 & 0xFF) +\n String.fromCharCode(i & 0xFF));\n};\n\n// base64 characters, reverse mapping\nvar _base64 =\n 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';\nvar _base64Idx = [\n/*43 -43 = 0*/\n/*'+', 1, 2, 3,'/' */\n 62, -1, -1, -1, 63,\n\n/*'0','1','2','3','4','5','6','7','8','9' */\n 52, 53, 54, 55, 56, 57, 58, 59, 60, 61,\n\n/*15, 16, 17,'=', 19, 20, 21 */\n -1, -1, -1, 64, -1, -1, -1,\n\n/*65 - 43 = 22*/\n/*'A','B','C','D','E','F','G','H','I','J','K','L','M', */\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12,\n\n/*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */\n 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,\n\n/*91 - 43 = 48 */\n/*48, 49, 50, 51, 52, 53 */\n -1, -1, -1, -1, -1, -1,\n\n/*97 - 43 = 54*/\n/*'a','b','c','d','e','f','g','h','i','j','k','l','m' */\n 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38,\n\n/*'n','o','p','q','r','s','t','u','v','w','x','y','z' */\n 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51\n];\n\n// base58 characters (Bitcoin alphabet)\nvar _base58 = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';\n\n/**\n * Base64 encodes a 'binary' encoded string of bytes.\n *\n * @param input the binary encoded string of bytes to base64-encode.\n * @param maxline the maximum number of encoded characters per line to use,\n * defaults to none.\n *\n * @return the base64-encoded output.\n */\nutil.encode64 = function(input, maxline) {\n // TODO: deprecate: \"Deprecated. Use util.binary.base64.encode instead.\"\n var line = '';\n var output = '';\n var chr1, chr2, chr3;\n var i = 0;\n while(i < input.length) {\n chr1 = input.charCodeAt(i++);\n chr2 = input.charCodeAt(i++);\n chr3 = input.charCodeAt(i++);\n\n // encode 4 character group\n line += _base64.charAt(chr1 >> 2);\n line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4));\n if(isNaN(chr2)) {\n line += '==';\n } else {\n line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6));\n line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63);\n }\n\n if(maxline && line.length > maxline) {\n output += line.substr(0, maxline) + '\\r\\n';\n line = line.substr(maxline);\n }\n }\n output += line;\n return output;\n};\n\n/**\n * Base64 decodes a string into a 'binary' encoded string of bytes.\n *\n * @param input the base64-encoded input.\n *\n * @return the binary encoded string.\n */\nutil.decode64 = function(input) {\n // TODO: deprecate: \"Deprecated. Use util.binary.base64.decode instead.\"\n\n // remove all non-base64 characters\n input = input.replace(/[^A-Za-z0-9\\+\\/\\=]/g, '');\n\n var output = '';\n var enc1, enc2, enc3, enc4;\n var i = 0;\n\n while(i < input.length) {\n enc1 = _base64Idx[input.charCodeAt(i++) - 43];\n enc2 = _base64Idx[input.charCodeAt(i++) - 43];\n enc3 = _base64Idx[input.charCodeAt(i++) - 43];\n enc4 = _base64Idx[input.charCodeAt(i++) - 43];\n\n output += String.fromCharCode((enc1 << 2) | (enc2 >> 4));\n if(enc3 !== 64) {\n // decoded at least 2 bytes\n output += String.fromCharCode(((enc2 & 15) << 4) | (enc3 >> 2));\n if(enc4 !== 64) {\n // decoded 3 bytes\n output += String.fromCharCode(((enc3 & 3) << 6) | enc4);\n }\n }\n }\n\n return output;\n};\n\n/**\n * Encodes the given string of characters (a standard JavaScript\n * string) as a binary encoded string where the bytes represent\n * a UTF-8 encoded string of characters. Non-ASCII characters will be\n * encoded as multiple bytes according to UTF-8.\n *\n * @param str a standard string of characters to encode.\n *\n * @return the binary encoded string.\n */\nutil.encodeUtf8 = function(str) {\n return unescape(encodeURIComponent(str));\n};\n\n/**\n * Decodes a binary encoded string that contains bytes that\n * represent a UTF-8 encoded string of characters -- into a\n * string of characters (a standard JavaScript string).\n *\n * @param str the binary encoded string to decode.\n *\n * @return the resulting standard string of characters.\n */\nutil.decodeUtf8 = function(str) {\n return decodeURIComponent(escape(str));\n};\n\n// binary encoding/decoding tools\n// FIXME: Experimental. Do not use yet.\nutil.binary = {\n raw: {},\n hex: {},\n base64: {},\n base58: {},\n baseN : {\n encode: baseN.encode,\n decode: baseN.decode\n }\n};\n\n/**\n * Encodes a Uint8Array as a binary-encoded string. This encoding uses\n * a value between 0 and 255 for each character.\n *\n * @param bytes the Uint8Array to encode.\n *\n * @return the binary-encoded string.\n */\nutil.binary.raw.encode = function(bytes) {\n return String.fromCharCode.apply(null, bytes);\n};\n\n/**\n * Decodes a binary-encoded string to a Uint8Array. This encoding uses\n * a value between 0 and 255 for each character.\n *\n * @param str the binary-encoded string to decode.\n * @param [output] an optional Uint8Array to write the output to; if it\n * is too small, an exception will be thrown.\n * @param [offset] the start offset for writing to the output (default: 0).\n *\n * @return the Uint8Array or the number of bytes written if output was given.\n */\nutil.binary.raw.decode = function(str, output, offset) {\n var out = output;\n if(!out) {\n out = new Uint8Array(str.length);\n }\n offset = offset || 0;\n var j = offset;\n for(var i = 0; i < str.length; ++i) {\n out[j++] = str.charCodeAt(i);\n }\n return output ? (j - offset) : out;\n};\n\n/**\n * Encodes a 'binary' string, ArrayBuffer, DataView, TypedArray, or\n * ByteBuffer as a string of hexadecimal characters.\n *\n * @param bytes the bytes to convert.\n *\n * @return the string of hexadecimal characters.\n */\nutil.binary.hex.encode = util.bytesToHex;\n\n/**\n * Decodes a hex-encoded string to a Uint8Array.\n *\n * @param hex the hexadecimal string to convert.\n * @param [output] an optional Uint8Array to write the output to; if it\n * is too small, an exception will be thrown.\n * @param [offset] the start offset for writing to the output (default: 0).\n *\n * @return the Uint8Array or the number of bytes written if output was given.\n */\nutil.binary.hex.decode = function(hex, output, offset) {\n var out = output;\n if(!out) {\n out = new Uint8Array(Math.ceil(hex.length / 2));\n }\n offset = offset || 0;\n var i = 0, j = offset;\n if(hex.length & 1) {\n // odd number of characters, convert first character alone\n i = 1;\n out[j++] = parseInt(hex[0], 16);\n }\n // convert 2 characters (1 byte) at a time\n for(; i < hex.length; i += 2) {\n out[j++] = parseInt(hex.substr(i, 2), 16);\n }\n return output ? (j - offset) : out;\n};\n\n/**\n * Base64-encodes a Uint8Array.\n *\n * @param input the Uint8Array to encode.\n * @param maxline the maximum number of encoded characters per line to use,\n * defaults to none.\n *\n * @return the base64-encoded output string.\n */\nutil.binary.base64.encode = function(input, maxline) {\n var line = '';\n var output = '';\n var chr1, chr2, chr3;\n var i = 0;\n while(i < input.byteLength) {\n chr1 = input[i++];\n chr2 = input[i++];\n chr3 = input[i++];\n\n // encode 4 character group\n line += _base64.charAt(chr1 >> 2);\n line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4));\n if(isNaN(chr2)) {\n line += '==';\n } else {\n line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6));\n line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63);\n }\n\n if(maxline && line.length > maxline) {\n output += line.substr(0, maxline) + '\\r\\n';\n line = line.substr(maxline);\n }\n }\n output += line;\n return output;\n};\n\n/**\n * Decodes a base64-encoded string to a Uint8Array.\n *\n * @param input the base64-encoded input string.\n * @param [output] an optional Uint8Array to write the output to; if it\n * is too small, an exception will be thrown.\n * @param [offset] the start offset for writing to the output (default: 0).\n *\n * @return the Uint8Array or the number of bytes written if output was given.\n */\nutil.binary.base64.decode = function(input, output, offset) {\n var out = output;\n if(!out) {\n out = new Uint8Array(Math.ceil(input.length / 4) * 3);\n }\n\n // remove all non-base64 characters\n input = input.replace(/[^A-Za-z0-9\\+\\/\\=]/g, '');\n\n offset = offset || 0;\n var enc1, enc2, enc3, enc4;\n var i = 0, j = offset;\n\n while(i < input.length) {\n enc1 = _base64Idx[input.charCodeAt(i++) - 43];\n enc2 = _base64Idx[input.charCodeAt(i++) - 43];\n enc3 = _base64Idx[input.charCodeAt(i++) - 43];\n enc4 = _base64Idx[input.charCodeAt(i++) - 43];\n\n out[j++] = (enc1 << 2) | (enc2 >> 4);\n if(enc3 !== 64) {\n // decoded at least 2 bytes\n out[j++] = ((enc2 & 15) << 4) | (enc3 >> 2);\n if(enc4 !== 64) {\n // decoded 3 bytes\n out[j++] = ((enc3 & 3) << 6) | enc4;\n }\n }\n }\n\n // make sure result is the exact decoded length\n return output ? (j - offset) : out.subarray(0, j);\n};\n\n// add support for base58 encoding/decoding with Bitcoin alphabet\nutil.binary.base58.encode = function(input, maxline) {\n return util.binary.baseN.encode(input, _base58, maxline);\n};\nutil.binary.base58.decode = function(input, maxline) {\n return util.binary.baseN.decode(input, _base58, maxline);\n};\n\n// text encoding/decoding tools\n// FIXME: Experimental. Do not use yet.\nutil.text = {\n utf8: {},\n utf16: {}\n};\n\n/**\n * Encodes the given string as UTF-8 in a Uint8Array.\n *\n * @param str the string to encode.\n * @param [output] an optional Uint8Array to write the output to; if it\n * is too small, an exception will be thrown.\n * @param [offset] the start offset for writing to the output (default: 0).\n *\n * @return the Uint8Array or the number of bytes written if output was given.\n */\nutil.text.utf8.encode = function(str, output, offset) {\n str = util.encodeUtf8(str);\n var out = output;\n if(!out) {\n out = new Uint8Array(str.length);\n }\n offset = offset || 0;\n var j = offset;\n for(var i = 0; i < str.length; ++i) {\n out[j++] = str.charCodeAt(i);\n }\n return output ? (j - offset) : out;\n};\n\n/**\n * Decodes the UTF-8 contents from a Uint8Array.\n *\n * @param bytes the Uint8Array to decode.\n *\n * @return the resulting string.\n */\nutil.text.utf8.decode = function(bytes) {\n return util.decodeUtf8(String.fromCharCode.apply(null, bytes));\n};\n\n/**\n * Encodes the given string as UTF-16 in a Uint8Array.\n *\n * @param str the string to encode.\n * @param [output] an optional Uint8Array to write the output to; if it\n * is too small, an exception will be thrown.\n * @param [offset] the start offset for writing to the output (default: 0).\n *\n * @return the Uint8Array or the number of bytes written if output was given.\n */\nutil.text.utf16.encode = function(str, output, offset) {\n var out = output;\n if(!out) {\n out = new Uint8Array(str.length * 2);\n }\n var view = new Uint16Array(out.buffer);\n offset = offset || 0;\n var j = offset;\n var k = offset;\n for(var i = 0; i < str.length; ++i) {\n view[k++] = str.charCodeAt(i);\n j += 2;\n }\n return output ? (j - offset) : out;\n};\n\n/**\n * Decodes the UTF-16 contents from a Uint8Array.\n *\n * @param bytes the Uint8Array to decode.\n *\n * @return the resulting string.\n */\nutil.text.utf16.decode = function(bytes) {\n return String.fromCharCode.apply(null, new Uint16Array(bytes.buffer));\n};\n\n/**\n * Deflates the given data using a flash interface.\n *\n * @param api the flash interface.\n * @param bytes the data.\n * @param raw true to return only raw deflate data, false to include zlib\n * header and trailer.\n *\n * @return the deflated data as a string.\n */\nutil.deflate = function(api, bytes, raw) {\n bytes = util.decode64(api.deflate(util.encode64(bytes)).rval);\n\n // strip zlib header and trailer if necessary\n if(raw) {\n // zlib header is 2 bytes (CMF,FLG) where FLG indicates that\n // there is a 4-byte DICT (alder-32) block before the data if\n // its 5th bit is set\n var start = 2;\n var flg = bytes.charCodeAt(1);\n if(flg & 0x20) {\n start = 6;\n }\n // zlib trailer is 4 bytes of adler-32\n bytes = bytes.substring(start, bytes.length - 4);\n }\n\n return bytes;\n};\n\n/**\n * Inflates the given data using a flash interface.\n *\n * @param api the flash interface.\n * @param bytes the data.\n * @param raw true if the incoming data has no zlib header or trailer and is\n * raw DEFLATE data.\n *\n * @return the inflated data as a string, null on error.\n */\nutil.inflate = function(api, bytes, raw) {\n // TODO: add zlib header and trailer if necessary/possible\n var rval = api.inflate(util.encode64(bytes)).rval;\n return (rval === null) ? null : util.decode64(rval);\n};\n\n/**\n * Sets a storage object.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n * @param obj the storage object, null to remove.\n */\nvar _setStorageObject = function(api, id, obj) {\n if(!api) {\n throw new Error('WebStorage not available.');\n }\n\n var rval;\n if(obj === null) {\n rval = api.removeItem(id);\n } else {\n // json-encode and base64-encode object\n obj = util.encode64(JSON.stringify(obj));\n rval = api.setItem(id, obj);\n }\n\n // handle potential flash error\n if(typeof(rval) !== 'undefined' && rval.rval !== true) {\n var error = new Error(rval.error.message);\n error.id = rval.error.id;\n error.name = rval.error.name;\n throw error;\n }\n};\n\n/**\n * Gets a storage object.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n *\n * @return the storage object entry or null if none exists.\n */\nvar _getStorageObject = function(api, id) {\n if(!api) {\n throw new Error('WebStorage not available.');\n }\n\n // get the existing entry\n var rval = api.getItem(id);\n\n /* Note: We check api.init because we can't do (api == localStorage)\n on IE because of \"Class doesn't support Automation\" exception. Only\n the flash api has an init method so this works too, but we need a\n better solution in the future. */\n\n // flash returns item wrapped in an object, handle special case\n if(api.init) {\n if(rval.rval === null) {\n if(rval.error) {\n var error = new Error(rval.error.message);\n error.id = rval.error.id;\n error.name = rval.error.name;\n throw error;\n }\n // no error, but also no item\n rval = null;\n } else {\n rval = rval.rval;\n }\n }\n\n // handle decoding\n if(rval !== null) {\n // base64-decode and json-decode data\n rval = JSON.parse(util.decode64(rval));\n }\n\n return rval;\n};\n\n/**\n * Stores an item in local storage.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n * @param key the key for the item.\n * @param data the data for the item (any javascript object/primitive).\n */\nvar _setItem = function(api, id, key, data) {\n // get storage object\n var obj = _getStorageObject(api, id);\n if(obj === null) {\n // create a new storage object\n obj = {};\n }\n // update key\n obj[key] = data;\n\n // set storage object\n _setStorageObject(api, id, obj);\n};\n\n/**\n * Gets an item from local storage.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n * @param key the key for the item.\n *\n * @return the item.\n */\nvar _getItem = function(api, id, key) {\n // get storage object\n var rval = _getStorageObject(api, id);\n if(rval !== null) {\n // return data at key\n rval = (key in rval) ? rval[key] : null;\n }\n\n return rval;\n};\n\n/**\n * Removes an item from local storage.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n * @param key the key for the item.\n */\nvar _removeItem = function(api, id, key) {\n // get storage object\n var obj = _getStorageObject(api, id);\n if(obj !== null && key in obj) {\n // remove key\n delete obj[key];\n\n // see if entry has no keys remaining\n var empty = true;\n for(var prop in obj) {\n empty = false;\n break;\n }\n if(empty) {\n // remove entry entirely if no keys are left\n obj = null;\n }\n\n // set storage object\n _setStorageObject(api, id, obj);\n }\n};\n\n/**\n * Clears the local disk storage identified by the given ID.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n */\nvar _clearItems = function(api, id) {\n _setStorageObject(api, id, null);\n};\n\n/**\n * Calls a storage function.\n *\n * @param func the function to call.\n * @param args the arguments for the function.\n * @param location the location argument.\n *\n * @return the return value from the function.\n */\nvar _callStorageFunction = function(func, args, location) {\n var rval = null;\n\n // default storage types\n if(typeof(location) === 'undefined') {\n location = ['web', 'flash'];\n }\n\n // apply storage types in order of preference\n var type;\n var done = false;\n var exception = null;\n for(var idx in location) {\n type = location[idx];\n try {\n if(type === 'flash' || type === 'both') {\n if(args[0] === null) {\n throw new Error('Flash local storage not available.');\n }\n rval = func.apply(this, args);\n done = (type === 'flash');\n }\n if(type === 'web' || type === 'both') {\n args[0] = localStorage;\n rval = func.apply(this, args);\n done = true;\n }\n } catch(ex) {\n exception = ex;\n }\n if(done) {\n break;\n }\n }\n\n if(!done) {\n throw exception;\n }\n\n return rval;\n};\n\n/**\n * Stores an item on local disk.\n *\n * The available types of local storage include 'flash', 'web', and 'both'.\n *\n * The type 'flash' refers to flash local storage (SharedObject). In order\n * to use flash local storage, the 'api' parameter must be valid. The type\n * 'web' refers to WebStorage, if supported by the browser. The type 'both'\n * refers to storing using both 'flash' and 'web', not just one or the\n * other.\n *\n * The location array should list the storage types to use in order of\n * preference:\n *\n * ['flash']: flash only storage\n * ['web']: web only storage\n * ['both']: try to store in both\n * ['flash','web']: store in flash first, but if not available, 'web'\n * ['web','flash']: store in web first, but if not available, 'flash'\n *\n * The location array defaults to: ['web', 'flash']\n *\n * @param api the flash interface, null to use only WebStorage.\n * @param id the storage ID to use.\n * @param key the key for the item.\n * @param data the data for the item (any javascript object/primitive).\n * @param location an array with the preferred types of storage to use.\n */\nutil.setItem = function(api, id, key, data, location) {\n _callStorageFunction(_setItem, arguments, location);\n};\n\n/**\n * Gets an item on local disk.\n *\n * Set setItem() for details on storage types.\n *\n * @param api the flash interface, null to use only WebStorage.\n * @param id the storage ID to use.\n * @param key the key for the item.\n * @param location an array with the preferred types of storage to use.\n *\n * @return the item.\n */\nutil.getItem = function(api, id, key, location) {\n return _callStorageFunction(_getItem, arguments, location);\n};\n\n/**\n * Removes an item on local disk.\n *\n * Set setItem() for details on storage types.\n *\n * @param api the flash interface.\n * @param id the storage ID to use.\n * @param key the key for the item.\n * @param location an array with the preferred types of storage to use.\n */\nutil.removeItem = function(api, id, key, location) {\n _callStorageFunction(_removeItem, arguments, location);\n};\n\n/**\n * Clears the local disk storage identified by the given ID.\n *\n * Set setItem() for details on storage types.\n *\n * @param api the flash interface if flash is available.\n * @param id the storage ID to use.\n * @param location an array with the preferred types of storage to use.\n */\nutil.clearItems = function(api, id, location) {\n _callStorageFunction(_clearItems, arguments, location);\n};\n\n/**\n * Check if an object is empty.\n *\n * Taken from:\n * http://stackoverflow.com/questions/679915/how-do-i-test-for-an-empty-javascript-object-from-json/679937#679937\n *\n * @param object the object to check.\n */\nutil.isEmpty = function(obj) {\n for(var prop in obj) {\n if(obj.hasOwnProperty(prop)) {\n return false;\n }\n }\n return true;\n};\n\n/**\n * Format with simple printf-style interpolation.\n *\n * %%: literal '%'\n * %s,%o: convert next argument into a string.\n *\n * @param format the string to format.\n * @param ... arguments to interpolate into the format string.\n */\nutil.format = function(format) {\n var re = /%./g;\n // current match\n var match;\n // current part\n var part;\n // current arg index\n var argi = 0;\n // collected parts to recombine later\n var parts = [];\n // last index found\n var last = 0;\n // loop while matches remain\n while((match = re.exec(format))) {\n part = format.substring(last, re.lastIndex - 2);\n // don't add empty strings (ie, parts between %s%s)\n if(part.length > 0) {\n parts.push(part);\n }\n last = re.lastIndex;\n // switch on % code\n var code = match[0][1];\n switch(code) {\n case 's':\n case 'o':\n // check if enough arguments were given\n if(argi < arguments.length) {\n parts.push(arguments[argi++ + 1]);\n } else {\n parts.push('<?>');\n }\n break;\n // FIXME: do proper formating for numbers, etc\n //case 'f':\n //case 'd':\n case '%':\n parts.push('%');\n break;\n default:\n parts.push('<%' + code + '?>');\n }\n }\n // add trailing part of format string\n parts.push(format.substring(last));\n return parts.join('');\n};\n\n/**\n * Formats a number.\n *\n * http://snipplr.com/view/5945/javascript-numberformat--ported-from-php/\n */\nutil.formatNumber = function(number, decimals, dec_point, thousands_sep) {\n // http://kevin.vanzonneveld.net\n // + original by: Jonas Raoni Soares Silva (http://www.jsfromhell.com)\n // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)\n // + bugfix by: Michael White (http://crestidg.com)\n // + bugfix by: Benjamin Lupton\n // + bugfix by: Allan Jensen (http://www.winternet.no)\n // + revised by: Jonas Raoni Soares Silva (http://www.jsfromhell.com)\n // * example 1: number_format(1234.5678, 2, '.', '');\n // * returns 1: 1234.57\n\n var n = number, c = isNaN(decimals = Math.abs(decimals)) ? 2 : decimals;\n var d = dec_point === undefined ? ',' : dec_point;\n var t = thousands_sep === undefined ?\n '.' : thousands_sep, s = n < 0 ? '-' : '';\n var i = parseInt((n = Math.abs(+n || 0).toFixed(c)), 10) + '';\n var j = (i.length > 3) ? i.length % 3 : 0;\n return s + (j ? i.substr(0, j) + t : '') +\n i.substr(j).replace(/(\\d{3})(?=\\d)/g, '$1' + t) +\n (c ? d + Math.abs(n - i).toFixed(c).slice(2) : '');\n};\n\n/**\n * Formats a byte size.\n *\n * http://snipplr.com/view/5949/format-humanize-file-byte-size-presentation-in-javascript/\n */\nutil.formatSize = function(size) {\n if(size >= 1073741824) {\n size = util.formatNumber(size / 1073741824, 2, '.', '') + ' GiB';\n } else if(size >= 1048576) {\n size = util.formatNumber(size / 1048576, 2, '.', '') + ' MiB';\n } else if(size >= 1024) {\n size = util.formatNumber(size / 1024, 0) + ' KiB';\n } else {\n size = util.formatNumber(size, 0) + ' bytes';\n }\n return size;\n};\n\n/**\n * Converts an IPv4 or IPv6 string representation into bytes (in network order).\n *\n * @param ip the IPv4 or IPv6 address to convert.\n *\n * @return the 4-byte IPv6 or 16-byte IPv6 address or null if the address can't\n * be parsed.\n */\nutil.bytesFromIP = function(ip) {\n if(ip.indexOf('.') !== -1) {\n return util.bytesFromIPv4(ip);\n }\n if(ip.indexOf(':') !== -1) {\n return util.bytesFromIPv6(ip);\n }\n return null;\n};\n\n/**\n * Converts an IPv4 string representation into bytes (in network order).\n *\n * @param ip the IPv4 address to convert.\n *\n * @return the 4-byte address or null if the address can't be parsed.\n */\nutil.bytesFromIPv4 = function(ip) {\n ip = ip.split('.');\n if(ip.length !== 4) {\n return null;\n }\n var b = util.createBuffer();\n for(var i = 0; i < ip.length; ++i) {\n var num = parseInt(ip[i], 10);\n if(isNaN(num)) {\n return null;\n }\n b.putByte(num);\n }\n return b.getBytes();\n};\n\n/**\n * Converts an IPv6 string representation into bytes (in network order).\n *\n * @param ip the IPv6 address to convert.\n *\n * @return the 16-byte address or null if the address can't be parsed.\n */\nutil.bytesFromIPv6 = function(ip) {\n var blanks = 0;\n ip = ip.split(':').filter(function(e) {\n if(e.length === 0) ++blanks;\n return true;\n });\n var zeros = (8 - ip.length + blanks) * 2;\n var b = util.createBuffer();\n for(var i = 0; i < 8; ++i) {\n if(!ip[i] || ip[i].length === 0) {\n b.fillWithByte(0, zeros);\n zeros = 0;\n continue;\n }\n var bytes = util.hexToBytes(ip[i]);\n if(bytes.length < 2) {\n b.putByte(0);\n }\n b.putBytes(bytes);\n }\n return b.getBytes();\n};\n\n/**\n * Converts 4-bytes into an IPv4 string representation or 16-bytes into\n * an IPv6 string representation. The bytes must be in network order.\n *\n * @param bytes the bytes to convert.\n *\n * @return the IPv4 or IPv6 string representation if 4 or 16 bytes,\n * respectively, are given, otherwise null.\n */\nutil.bytesToIP = function(bytes) {\n if(bytes.length === 4) {\n return util.bytesToIPv4(bytes);\n }\n if(bytes.length === 16) {\n return util.bytesToIPv6(bytes);\n }\n return null;\n};\n\n/**\n * Converts 4-bytes into an IPv4 string representation. The bytes must be\n * in network order.\n *\n * @param bytes the bytes to convert.\n *\n * @return the IPv4 string representation or null for an invalid # of bytes.\n */\nutil.bytesToIPv4 = function(bytes) {\n if(bytes.length !== 4) {\n return null;\n }\n var ip = [];\n for(var i = 0; i < bytes.length; ++i) {\n ip.push(bytes.charCodeAt(i));\n }\n return ip.join('.');\n};\n\n/**\n * Converts 16-bytes into an IPv16 string representation. The bytes must be\n * in network order.\n *\n * @param bytes the bytes to convert.\n *\n * @return the IPv16 string representation or null for an invalid # of bytes.\n */\nutil.bytesToIPv6 = function(bytes) {\n if(bytes.length !== 16) {\n return null;\n }\n var ip = [];\n var zeroGroups = [];\n var zeroMaxGroup = 0;\n for(var i = 0; i < bytes.length; i += 2) {\n var hex = util.bytesToHex(bytes[i] + bytes[i + 1]);\n // canonicalize zero representation\n while(hex[0] === '0' && hex !== '0') {\n hex = hex.substr(1);\n }\n if(hex === '0') {\n var last = zeroGroups[zeroGroups.length - 1];\n var idx = ip.length;\n if(!last || idx !== last.end + 1) {\n zeroGroups.push({start: idx, end: idx});\n } else {\n last.end = idx;\n if((last.end - last.start) >\n (zeroGroups[zeroMaxGroup].end - zeroGroups[zeroMaxGroup].start)) {\n zeroMaxGroup = zeroGroups.length - 1;\n }\n }\n }\n ip.push(hex);\n }\n if(zeroGroups.length > 0) {\n var group = zeroGroups[zeroMaxGroup];\n // only shorten group of length > 0\n if(group.end - group.start > 0) {\n ip.splice(group.start, group.end - group.start + 1, '');\n if(group.start === 0) {\n ip.unshift('');\n }\n if(group.end === 7) {\n ip.push('');\n }\n }\n }\n return ip.join(':');\n};\n\n/**\n * Estimates the number of processes that can be run concurrently. If\n * creating Web Workers, keep in mind that the main JavaScript process needs\n * its own core.\n *\n * @param options the options to use:\n * update true to force an update (not use the cached value).\n * @param callback(err, max) called once the operation completes.\n */\nutil.estimateCores = function(options, callback) {\n if(typeof options === 'function') {\n callback = options;\n options = {};\n }\n options = options || {};\n if('cores' in util && !options.update) {\n return callback(null, util.cores);\n }\n if(typeof navigator !== 'undefined' &&\n 'hardwareConcurrency' in navigator &&\n navigator.hardwareConcurrency > 0) {\n util.cores = navigator.hardwareConcurrency;\n return callback(null, util.cores);\n }\n if(typeof Worker === 'undefined') {\n // workers not available\n util.cores = 1;\n return callback(null, util.cores);\n }\n if(typeof Blob === 'undefined') {\n // can't estimate, default to 2\n util.cores = 2;\n return callback(null, util.cores);\n }\n\n // create worker concurrency estimation code as blob\n var blobUrl = URL.createObjectURL(new Blob(['(',\n function() {\n self.addEventListener('message', function(e) {\n // run worker for 4 ms\n var st = Date.now();\n var et = st + 4;\n while(Date.now() < et);\n self.postMessage({st: st, et: et});\n });\n }.toString(),\n ')()'], {type: 'application/javascript'}));\n\n // take 5 samples using 16 workers\n sample([], 5, 16);\n\n function sample(max, samples, numWorkers) {\n if(samples === 0) {\n // get overlap average\n var avg = Math.floor(max.reduce(function(avg, x) {\n return avg + x;\n }, 0) / max.length);\n util.cores = Math.max(1, avg);\n URL.revokeObjectURL(blobUrl);\n return callback(null, util.cores);\n }\n map(numWorkers, function(err, results) {\n max.push(reduce(numWorkers, results));\n sample(max, samples - 1, numWorkers);\n });\n }\n\n function map(numWorkers, callback) {\n var workers = [];\n var results = [];\n for(var i = 0; i < numWorkers; ++i) {\n var worker = new Worker(blobUrl);\n worker.addEventListener('message', function(e) {\n results.push(e.data);\n if(results.length === numWorkers) {\n for(var i = 0; i < numWorkers; ++i) {\n workers[i].terminate();\n }\n callback(null, results);\n }\n });\n workers.push(worker);\n }\n for(var i = 0; i < numWorkers; ++i) {\n workers[i].postMessage(i);\n }\n }\n\n function reduce(numWorkers, results) {\n // find overlapping time windows\n var overlaps = [];\n for(var n = 0; n < numWorkers; ++n) {\n var r1 = results[n];\n var overlap = overlaps[n] = [];\n for(var i = 0; i < numWorkers; ++i) {\n if(n === i) {\n continue;\n }\n var r2 = results[i];\n if((r1.st > r2.st && r1.st < r2.et) ||\n (r2.st > r1.st && r2.st < r1.et)) {\n overlap.push(i);\n }\n }\n }\n // get maximum overlaps ... don't include overlapping worker itself\n // as the main JS process was also being scheduled during the work and\n // would have to be subtracted from the estimate anyway\n return overlaps.reduce(function(max, overlap) {\n return Math.max(max, overlap.length);\n }, 0);\n }\n};\n","/**\n * Cipher base API.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\n\nmodule.exports = forge.cipher = forge.cipher || {};\n\n// registered algorithms\nforge.cipher.algorithms = forge.cipher.algorithms || {};\n\n/**\n * Creates a cipher object that can be used to encrypt data using the given\n * algorithm and key. The algorithm may be provided as a string value for a\n * previously registered algorithm or it may be given as a cipher algorithm\n * API object.\n *\n * @param algorithm the algorithm to use, either a string or an algorithm API\n * object.\n * @param key the key to use, as a binary-encoded string of bytes or a\n * byte buffer.\n *\n * @return the cipher.\n */\nforge.cipher.createCipher = function(algorithm, key) {\n var api = algorithm;\n if(typeof api === 'string') {\n api = forge.cipher.getAlgorithm(api);\n if(api) {\n api = api();\n }\n }\n if(!api) {\n throw new Error('Unsupported algorithm: ' + algorithm);\n }\n\n // assume block cipher\n return new forge.cipher.BlockCipher({\n algorithm: api,\n key: key,\n decrypt: false\n });\n};\n\n/**\n * Creates a decipher object that can be used to decrypt data using the given\n * algorithm and key. The algorithm may be provided as a string value for a\n * previously registered algorithm or it may be given as a cipher algorithm\n * API object.\n *\n * @param algorithm the algorithm to use, either a string or an algorithm API\n * object.\n * @param key the key to use, as a binary-encoded string of bytes or a\n * byte buffer.\n *\n * @return the cipher.\n */\nforge.cipher.createDecipher = function(algorithm, key) {\n var api = algorithm;\n if(typeof api === 'string') {\n api = forge.cipher.getAlgorithm(api);\n if(api) {\n api = api();\n }\n }\n if(!api) {\n throw new Error('Unsupported algorithm: ' + algorithm);\n }\n\n // assume block cipher\n return new forge.cipher.BlockCipher({\n algorithm: api,\n key: key,\n decrypt: true\n });\n};\n\n/**\n * Registers an algorithm by name. If the name was already registered, the\n * algorithm API object will be overwritten.\n *\n * @param name the name of the algorithm.\n * @param algorithm the algorithm API object.\n */\nforge.cipher.registerAlgorithm = function(name, algorithm) {\n name = name.toUpperCase();\n forge.cipher.algorithms[name] = algorithm;\n};\n\n/**\n * Gets a registered algorithm by name.\n *\n * @param name the name of the algorithm.\n *\n * @return the algorithm, if found, null if not.\n */\nforge.cipher.getAlgorithm = function(name) {\n name = name.toUpperCase();\n if(name in forge.cipher.algorithms) {\n return forge.cipher.algorithms[name];\n }\n return null;\n};\n\nvar BlockCipher = forge.cipher.BlockCipher = function(options) {\n this.algorithm = options.algorithm;\n this.mode = this.algorithm.mode;\n this.blockSize = this.mode.blockSize;\n this._finish = false;\n this._input = null;\n this.output = null;\n this._op = options.decrypt ? this.mode.decrypt : this.mode.encrypt;\n this._decrypt = options.decrypt;\n this.algorithm.initialize(options);\n};\n\n/**\n * Starts or restarts the encryption or decryption process, whichever\n * was previously configured.\n *\n * For non-GCM mode, the IV may be a binary-encoded string of bytes, an array\n * of bytes, a byte buffer, or an array of 32-bit integers. If the IV is in\n * bytes, then it must be Nb (16) bytes in length. If the IV is given in as\n * 32-bit integers, then it must be 4 integers long.\n *\n * Note: an IV is not required or used in ECB mode.\n *\n * For GCM-mode, the IV must be given as a binary-encoded string of bytes or\n * a byte buffer. The number of bytes should be 12 (96 bits) as recommended\n * by NIST SP-800-38D but another length may be given.\n *\n * @param options the options to use:\n * iv the initialization vector to use as a binary-encoded string of\n * bytes, null to reuse the last ciphered block from a previous\n * update() (this \"residue\" method is for legacy support only).\n * additionalData additional authentication data as a binary-encoded\n * string of bytes, for 'GCM' mode, (default: none).\n * tagLength desired length of authentication tag, in bits, for\n * 'GCM' mode (0-128, default: 128).\n * tag the authentication tag to check if decrypting, as a\n * binary-encoded string of bytes.\n * output the output the buffer to write to, null to create one.\n */\nBlockCipher.prototype.start = function(options) {\n options = options || {};\n var opts = {};\n for(var key in options) {\n opts[key] = options[key];\n }\n opts.decrypt = this._decrypt;\n this._finish = false;\n this._input = forge.util.createBuffer();\n this.output = options.output || forge.util.createBuffer();\n this.mode.start(opts);\n};\n\n/**\n * Updates the next block according to the cipher mode.\n *\n * @param input the buffer to read from.\n */\nBlockCipher.prototype.update = function(input) {\n if(input) {\n // input given, so empty it into the input buffer\n this._input.putBuffer(input);\n }\n\n // do cipher operation until it needs more input and not finished\n while(!this._op.call(this.mode, this._input, this.output, this._finish) &&\n !this._finish) {}\n\n // free consumed memory from input buffer\n this._input.compact();\n};\n\n/**\n * Finishes encrypting or decrypting.\n *\n * @param pad a padding function to use in CBC mode, null for default,\n * signature(blockSize, buffer, decrypt).\n *\n * @return true if successful, false on error.\n */\nBlockCipher.prototype.finish = function(pad) {\n // backwards-compatibility w/deprecated padding API\n // Note: will overwrite padding functions even after another start() call\n if(pad && (this.mode.name === 'ECB' || this.mode.name === 'CBC')) {\n this.mode.pad = function(input) {\n return pad(this.blockSize, input, false);\n };\n this.mode.unpad = function(output) {\n return pad(this.blockSize, output, true);\n };\n }\n\n // build options for padding and afterFinish functions\n var options = {};\n options.decrypt = this._decrypt;\n\n // get # of bytes that won't fill a block\n options.overflow = this._input.length() % this.blockSize;\n\n if(!this._decrypt && this.mode.pad) {\n if(!this.mode.pad(this._input, options)) {\n return false;\n }\n }\n\n // do final update\n this._finish = true;\n this.update();\n\n if(this._decrypt && this.mode.unpad) {\n if(!this.mode.unpad(this.output, options)) {\n return false;\n }\n }\n\n if(this.mode.afterFinish) {\n if(!this.mode.afterFinish(this.output, options)) {\n return false;\n }\n }\n\n return true;\n};\n","/**\n * Supported cipher modes.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\n\nforge.cipher = forge.cipher || {};\n\n// supported cipher modes\nvar modes = module.exports = forge.cipher.modes = forge.cipher.modes || {};\n\n/** Electronic codebook (ECB) (Don't use this; it's not secure) **/\n\nmodes.ecb = function(options) {\n options = options || {};\n this.name = 'ECB';\n this.cipher = options.cipher;\n this.blockSize = options.blockSize || 16;\n this._ints = this.blockSize / 4;\n this._inBlock = new Array(this._ints);\n this._outBlock = new Array(this._ints);\n};\n\nmodes.ecb.prototype.start = function(options) {};\n\nmodes.ecb.prototype.encrypt = function(input, output, finish) {\n // not enough input to encrypt\n if(input.length() < this.blockSize && !(finish && input.length() > 0)) {\n return true;\n }\n\n // get next block\n for(var i = 0; i < this._ints; ++i) {\n this._inBlock[i] = input.getInt32();\n }\n\n // encrypt block\n this.cipher.encrypt(this._inBlock, this._outBlock);\n\n // write output\n for(var i = 0; i < this._ints; ++i) {\n output.putInt32(this._outBlock[i]);\n }\n};\n\nmodes.ecb.prototype.decrypt = function(input, output, finish) {\n // not enough input to decrypt\n if(input.length() < this.blockSize && !(finish && input.length() > 0)) {\n return true;\n }\n\n // get next block\n for(var i = 0; i < this._ints; ++i) {\n this._inBlock[i] = input.getInt32();\n }\n\n // decrypt block\n this.cipher.decrypt(this._inBlock, this._outBlock);\n\n // write output\n for(var i = 0; i < this._ints; ++i) {\n output.putInt32(this._outBlock[i]);\n }\n};\n\nmodes.ecb.prototype.pad = function(input, options) {\n // add PKCS#7 padding to block (each pad byte is the\n // value of the number of pad bytes)\n var padding = (input.length() === this.blockSize ?\n this.blockSize : (this.blockSize - input.length()));\n input.fillWithByte(padding, padding);\n return true;\n};\n\nmodes.ecb.prototype.unpad = function(output, options) {\n // check for error: input data not a multiple of blockSize\n if(options.overflow > 0) {\n return false;\n }\n\n // ensure padding byte count is valid\n var len = output.length();\n var count = output.at(len - 1);\n if(count > (this.blockSize << 2)) {\n return false;\n }\n\n // trim off padding bytes\n output.truncate(count);\n return true;\n};\n\n/** Cipher-block Chaining (CBC) **/\n\nmodes.cbc = function(options) {\n options = options || {};\n this.name = 'CBC';\n this.cipher = options.cipher;\n this.blockSize = options.blockSize || 16;\n this._ints = this.blockSize / 4;\n this._inBlock = new Array(this._ints);\n this._outBlock = new Array(this._ints);\n};\n\nmodes.cbc.prototype.start = function(options) {\n // Note: legacy support for using IV residue (has security flaws)\n // if IV is null, reuse block from previous processing\n if(options.iv === null) {\n // must have a previous block\n if(!this._prev) {\n throw new Error('Invalid IV parameter.');\n }\n this._iv = this._prev.slice(0);\n } else if(!('iv' in options)) {\n throw new Error('Invalid IV parameter.');\n } else {\n // save IV as \"previous\" block\n this._iv = transformIV(options.iv, this.blockSize);\n this._prev = this._iv.slice(0);\n }\n};\n\nmodes.cbc.prototype.encrypt = function(input, output, finish) {\n // not enough input to encrypt\n if(input.length() < this.blockSize && !(finish && input.length() > 0)) {\n return true;\n }\n\n // get next block\n // CBC XOR's IV (or previous block) with plaintext\n for(var i = 0; i < this._ints; ++i) {\n this._inBlock[i] = this._prev[i] ^ input.getInt32();\n }\n\n // encrypt block\n this.cipher.encrypt(this._inBlock, this._outBlock);\n\n // write output, save previous block\n for(var i = 0; i < this._ints; ++i) {\n output.putInt32(this._outBlock[i]);\n }\n this._prev = this._outBlock;\n};\n\nmodes.cbc.prototype.decrypt = function(input, output, finish) {\n // not enough input to decrypt\n if(input.length() < this.blockSize && !(finish && input.length() > 0)) {\n return true;\n }\n\n // get next block\n for(var i = 0; i < this._ints; ++i) {\n this._inBlock[i] = input.getInt32();\n }\n\n // decrypt block\n this.cipher.decrypt(this._inBlock, this._outBlock);\n\n // write output, save previous ciphered block\n // CBC XOR's IV (or previous block) with ciphertext\n for(var i = 0; i < this._ints; ++i) {\n output.putInt32(this._prev[i] ^ this._outBlock[i]);\n }\n this._prev = this._inBlock.slice(0);\n};\n\nmodes.cbc.prototype.pad = function(input, options) {\n // add PKCS#7 padding to block (each pad byte is the\n // value of the number of pad bytes)\n var padding = (input.length() === this.blockSize ?\n this.blockSize : (this.blockSize - input.length()));\n input.fillWithByte(padding, padding);\n return true;\n};\n\nmodes.cbc.prototype.unpad = function(output, options) {\n // check for error: input data not a multiple of blockSize\n if(options.overflow > 0) {\n return false;\n }\n\n // ensure padding byte count is valid\n var len = output.length();\n var count = output.at(len - 1);\n if(count > (this.blockSize << 2)) {\n return false;\n }\n\n // trim off padding bytes\n output.truncate(count);\n return true;\n};\n\n/** Cipher feedback (CFB) **/\n\nmodes.cfb = function(options) {\n options = options || {};\n this.name = 'CFB';\n this.cipher = options.cipher;\n this.blockSize = options.blockSize || 16;\n this._ints = this.blockSize / 4;\n this._inBlock = null;\n this._outBlock = new Array(this._ints);\n this._partialBlock = new Array(this._ints);\n this._partialOutput = forge.util.createBuffer();\n this._partialBytes = 0;\n};\n\nmodes.cfb.prototype.start = function(options) {\n if(!('iv' in options)) {\n throw new Error('Invalid IV parameter.');\n }\n // use IV as first input\n this._iv = transformIV(options.iv, this.blockSize);\n this._inBlock = this._iv.slice(0);\n this._partialBytes = 0;\n};\n\nmodes.cfb.prototype.encrypt = function(input, output, finish) {\n // not enough input to encrypt\n var inputLength = input.length();\n if(inputLength === 0) {\n return true;\n }\n\n // encrypt block\n this.cipher.encrypt(this._inBlock, this._outBlock);\n\n // handle full block\n if(this._partialBytes === 0 && inputLength >= this.blockSize) {\n // XOR input with output, write input as output\n for(var i = 0; i < this._ints; ++i) {\n this._inBlock[i] = input.getInt32() ^ this._outBlock[i];\n output.putInt32(this._inBlock[i]);\n }\n return;\n }\n\n // handle partial block\n var partialBytes = (this.blockSize - inputLength) % this.blockSize;\n if(partialBytes > 0) {\n partialBytes = this.blockSize - partialBytes;\n }\n\n // XOR input with output, write input as partial output\n this._partialOutput.clear();\n for(var i = 0; i < this._ints; ++i) {\n this._partialBlock[i] = input.getInt32() ^ this._outBlock[i];\n this._partialOutput.putInt32(this._partialBlock[i]);\n }\n\n if(partialBytes > 0) {\n // block still incomplete, restore input buffer\n input.read -= this.blockSize;\n } else {\n // block complete, update input block\n for(var i = 0; i < this._ints; ++i) {\n this._inBlock[i] = this._partialBlock[i];\n }\n }\n\n // skip any previous partial bytes\n if(this._partialBytes > 0) {\n this._partialOutput.getBytes(this._partialBytes);\n }\n\n if(partialBytes > 0 && !finish) {\n output.putBytes(this._partialOutput.getBytes(\n partialBytes - this._partialBytes));\n this._partialBytes = partialBytes;\n return true;\n }\n\n output.putBytes(this._partialOutput.getBytes(\n inputLength - this._partialBytes));\n this._partialBytes = 0;\n};\n\nmodes.cfb.prototype.decrypt = function(input, output, finish) {\n // not enough input to decrypt\n var inputLength = input.length();\n if(inputLength === 0) {\n return true;\n }\n\n // encrypt block (CFB always uses encryption mode)\n this.cipher.encrypt(this._inBlock, this._outBlock);\n\n // handle full block\n if(this._partialBytes === 0 && inputLength >= this.blockSize) {\n // XOR input with output, write input as output\n for(var i = 0; i < this._ints; ++i) {\n this._inBlock[i] = input.getInt32();\n output.putInt32(this._inBlock[i] ^ this._outBlock[i]);\n }\n return;\n }\n\n // handle partial block\n var partialBytes = (this.blockSize - inputLength) % this.blockSize;\n if(partialBytes > 0) {\n partialBytes = this.blockSize - partialBytes;\n }\n\n // XOR input with output, write input as partial output\n this._partialOutput.clear();\n for(var i = 0; i < this._ints; ++i) {\n this._partialBlock[i] = input.getInt32();\n this._partialOutput.putInt32(this._partialBlock[i] ^ this._outBlock[i]);\n }\n\n if(partialBytes > 0) {\n // block still incomplete, restore input buffer\n input.read -= this.blockSize;\n } else {\n // block complete, update input block\n for(var i = 0; i < this._ints; ++i) {\n this._inBlock[i] = this._partialBlock[i];\n }\n }\n\n // skip any previous partial bytes\n if(this._partialBytes > 0) {\n this._partialOutput.getBytes(this._partialBytes);\n }\n\n if(partialBytes > 0 && !finish) {\n output.putBytes(this._partialOutput.getBytes(\n partialBytes - this._partialBytes));\n this._partialBytes = partialBytes;\n return true;\n }\n\n output.putBytes(this._partialOutput.getBytes(\n inputLength - this._partialBytes));\n this._partialBytes = 0;\n};\n\n/** Output feedback (OFB) **/\n\nmodes.ofb = function(options) {\n options = options || {};\n this.name = 'OFB';\n this.cipher = options.cipher;\n this.blockSize = options.blockSize || 16;\n this._ints = this.blockSize / 4;\n this._inBlock = null;\n this._outBlock = new Array(this._ints);\n this._partialOutput = forge.util.createBuffer();\n this._partialBytes = 0;\n};\n\nmodes.ofb.prototype.start = function(options) {\n if(!('iv' in options)) {\n throw new Error('Invalid IV parameter.');\n }\n // use IV as first input\n this._iv = transformIV(options.iv, this.blockSize);\n this._inBlock = this._iv.slice(0);\n this._partialBytes = 0;\n};\n\nmodes.ofb.prototype.encrypt = function(input, output, finish) {\n // not enough input to encrypt\n var inputLength = input.length();\n if(input.length() === 0) {\n return true;\n }\n\n // encrypt block (OFB always uses encryption mode)\n this.cipher.encrypt(this._inBlock, this._outBlock);\n\n // handle full block\n if(this._partialBytes === 0 && inputLength >= this.blockSize) {\n // XOR input with output and update next input\n for(var i = 0; i < this._ints; ++i) {\n output.putInt32(input.getInt32() ^ this._outBlock[i]);\n this._inBlock[i] = this._outBlock[i];\n }\n return;\n }\n\n // handle partial block\n var partialBytes = (this.blockSize - inputLength) % this.blockSize;\n if(partialBytes > 0) {\n partialBytes = this.blockSize - partialBytes;\n }\n\n // XOR input with output\n this._partialOutput.clear();\n for(var i = 0; i < this._ints; ++i) {\n this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]);\n }\n\n if(partialBytes > 0) {\n // block still incomplete, restore input buffer\n input.read -= this.blockSize;\n } else {\n // block complete, update input block\n for(var i = 0; i < this._ints; ++i) {\n this._inBlock[i] = this._outBlock[i];\n }\n }\n\n // skip any previous partial bytes\n if(this._partialBytes > 0) {\n this._partialOutput.getBytes(this._partialBytes);\n }\n\n if(partialBytes > 0 && !finish) {\n output.putBytes(this._partialOutput.getBytes(\n partialBytes - this._partialBytes));\n this._partialBytes = partialBytes;\n return true;\n }\n\n output.putBytes(this._partialOutput.getBytes(\n inputLength - this._partialBytes));\n this._partialBytes = 0;\n};\n\nmodes.ofb.prototype.decrypt = modes.ofb.prototype.encrypt;\n\n/** Counter (CTR) **/\n\nmodes.ctr = function(options) {\n options = options || {};\n this.name = 'CTR';\n this.cipher = options.cipher;\n this.blockSize = options.blockSize || 16;\n this._ints = this.blockSize / 4;\n this._inBlock = null;\n this._outBlock = new Array(this._ints);\n this._partialOutput = forge.util.createBuffer();\n this._partialBytes = 0;\n};\n\nmodes.ctr.prototype.start = function(options) {\n if(!('iv' in options)) {\n throw new Error('Invalid IV parameter.');\n }\n // use IV as first input\n this._iv = transformIV(options.iv, this.blockSize);\n this._inBlock = this._iv.slice(0);\n this._partialBytes = 0;\n};\n\nmodes.ctr.prototype.encrypt = function(input, output, finish) {\n // not enough input to encrypt\n var inputLength = input.length();\n if(inputLength === 0) {\n return true;\n }\n\n // encrypt block (CTR always uses encryption mode)\n this.cipher.encrypt(this._inBlock, this._outBlock);\n\n // handle full block\n if(this._partialBytes === 0 && inputLength >= this.blockSize) {\n // XOR input with output\n for(var i = 0; i < this._ints; ++i) {\n output.putInt32(input.getInt32() ^ this._outBlock[i]);\n }\n } else {\n // handle partial block\n var partialBytes = (this.blockSize - inputLength) % this.blockSize;\n if(partialBytes > 0) {\n partialBytes = this.blockSize - partialBytes;\n }\n\n // XOR input with output\n this._partialOutput.clear();\n for(var i = 0; i < this._ints; ++i) {\n this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]);\n }\n\n if(partialBytes > 0) {\n // block still incomplete, restore input buffer\n input.read -= this.blockSize;\n }\n\n // skip any previous partial bytes\n if(this._partialBytes > 0) {\n this._partialOutput.getBytes(this._partialBytes);\n }\n\n if(partialBytes > 0 && !finish) {\n output.putBytes(this._partialOutput.getBytes(\n partialBytes - this._partialBytes));\n this._partialBytes = partialBytes;\n return true;\n }\n\n output.putBytes(this._partialOutput.getBytes(\n inputLength - this._partialBytes));\n this._partialBytes = 0;\n }\n\n // block complete, increment counter (input block)\n inc32(this._inBlock);\n};\n\nmodes.ctr.prototype.decrypt = modes.ctr.prototype.encrypt;\n\n/** Galois/Counter Mode (GCM) **/\n\nmodes.gcm = function(options) {\n options = options || {};\n this.name = 'GCM';\n this.cipher = options.cipher;\n this.blockSize = options.blockSize || 16;\n this._ints = this.blockSize / 4;\n this._inBlock = new Array(this._ints);\n this._outBlock = new Array(this._ints);\n this._partialOutput = forge.util.createBuffer();\n this._partialBytes = 0;\n\n // R is actually this value concatenated with 120 more zero bits, but\n // we only XOR against R so the other zeros have no effect -- we just\n // apply this value to the first integer in a block\n this._R = 0xE1000000;\n};\n\nmodes.gcm.prototype.start = function(options) {\n if(!('iv' in options)) {\n throw new Error('Invalid IV parameter.');\n }\n // ensure IV is a byte buffer\n var iv = forge.util.createBuffer(options.iv);\n\n // no ciphered data processed yet\n this._cipherLength = 0;\n\n // default additional data is none\n var additionalData;\n if('additionalData' in options) {\n additionalData = forge.util.createBuffer(options.additionalData);\n } else {\n additionalData = forge.util.createBuffer();\n }\n\n // default tag length is 128 bits\n if('tagLength' in options) {\n this._tagLength = options.tagLength;\n } else {\n this._tagLength = 128;\n }\n\n // if tag is given, ensure tag matches tag length\n this._tag = null;\n if(options.decrypt) {\n // save tag to check later\n this._tag = forge.util.createBuffer(options.tag).getBytes();\n if(this._tag.length !== (this._tagLength / 8)) {\n throw new Error('Authentication tag does not match tag length.');\n }\n }\n\n // create tmp storage for hash calculation\n this._hashBlock = new Array(this._ints);\n\n // no tag generated yet\n this.tag = null;\n\n // generate hash subkey\n // (apply block cipher to \"zero\" block)\n this._hashSubkey = new Array(this._ints);\n this.cipher.encrypt([0, 0, 0, 0], this._hashSubkey);\n\n // generate table M\n // use 4-bit tables (32 component decomposition of a 16 byte value)\n // 8-bit tables take more space and are known to have security\n // vulnerabilities (in native implementations)\n this.componentBits = 4;\n this._m = this.generateHashTable(this._hashSubkey, this.componentBits);\n\n // Note: support IV length different from 96 bits? (only supporting\n // 96 bits is recommended by NIST SP-800-38D)\n // generate J_0\n var ivLength = iv.length();\n if(ivLength === 12) {\n // 96-bit IV\n this._j0 = [iv.getInt32(), iv.getInt32(), iv.getInt32(), 1];\n } else {\n // IV is NOT 96-bits\n this._j0 = [0, 0, 0, 0];\n while(iv.length() > 0) {\n this._j0 = this.ghash(\n this._hashSubkey, this._j0,\n [iv.getInt32(), iv.getInt32(), iv.getInt32(), iv.getInt32()]);\n }\n this._j0 = this.ghash(\n this._hashSubkey, this._j0, [0, 0].concat(from64To32(ivLength * 8)));\n }\n\n // generate ICB (initial counter block)\n this._inBlock = this._j0.slice(0);\n inc32(this._inBlock);\n this._partialBytes = 0;\n\n // consume authentication data\n additionalData = forge.util.createBuffer(additionalData);\n // save additional data length as a BE 64-bit number\n this._aDataLength = from64To32(additionalData.length() * 8);\n // pad additional data to 128 bit (16 byte) block size\n var overflow = additionalData.length() % this.blockSize;\n if(overflow) {\n additionalData.fillWithByte(0, this.blockSize - overflow);\n }\n this._s = [0, 0, 0, 0];\n while(additionalData.length() > 0) {\n this._s = this.ghash(this._hashSubkey, this._s, [\n additionalData.getInt32(),\n additionalData.getInt32(),\n additionalData.getInt32(),\n additionalData.getInt32()\n ]);\n }\n};\n\nmodes.gcm.prototype.encrypt = function(input, output, finish) {\n // not enough input to encrypt\n var inputLength = input.length();\n if(inputLength === 0) {\n return true;\n }\n\n // encrypt block\n this.cipher.encrypt(this._inBlock, this._outBlock);\n\n // handle full block\n if(this._partialBytes === 0 && inputLength >= this.blockSize) {\n // XOR input with output\n for(var i = 0; i < this._ints; ++i) {\n output.putInt32(this._outBlock[i] ^= input.getInt32());\n }\n this._cipherLength += this.blockSize;\n } else {\n // handle partial block\n var partialBytes = (this.blockSize - inputLength) % this.blockSize;\n if(partialBytes > 0) {\n partialBytes = this.blockSize - partialBytes;\n }\n\n // XOR input with output\n this._partialOutput.clear();\n for(var i = 0; i < this._ints; ++i) {\n this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]);\n }\n\n if(partialBytes <= 0 || finish) {\n // handle overflow prior to hashing\n if(finish) {\n // get block overflow\n var overflow = inputLength % this.blockSize;\n this._cipherLength += overflow;\n // truncate for hash function\n this._partialOutput.truncate(this.blockSize - overflow);\n } else {\n this._cipherLength += this.blockSize;\n }\n\n // get output block for hashing\n for(var i = 0; i < this._ints; ++i) {\n this._outBlock[i] = this._partialOutput.getInt32();\n }\n this._partialOutput.read -= this.blockSize;\n }\n\n // skip any previous partial bytes\n if(this._partialBytes > 0) {\n this._partialOutput.getBytes(this._partialBytes);\n }\n\n if(partialBytes > 0 && !finish) {\n // block still incomplete, restore input buffer, get partial output,\n // and return early\n input.read -= this.blockSize;\n output.putBytes(this._partialOutput.getBytes(\n partialBytes - this._partialBytes));\n this._partialBytes = partialBytes;\n return true;\n }\n\n output.putBytes(this._partialOutput.getBytes(\n inputLength - this._partialBytes));\n this._partialBytes = 0;\n }\n\n // update hash block S\n this._s = this.ghash(this._hashSubkey, this._s, this._outBlock);\n\n // increment counter (input block)\n inc32(this._inBlock);\n};\n\nmodes.gcm.prototype.decrypt = function(input, output, finish) {\n // not enough input to decrypt\n var inputLength = input.length();\n if(inputLength < this.blockSize && !(finish && inputLength > 0)) {\n return true;\n }\n\n // encrypt block (GCM always uses encryption mode)\n this.cipher.encrypt(this._inBlock, this._outBlock);\n\n // increment counter (input block)\n inc32(this._inBlock);\n\n // update hash block S\n this._hashBlock[0] = input.getInt32();\n this._hashBlock[1] = input.getInt32();\n this._hashBlock[2] = input.getInt32();\n this._hashBlock[3] = input.getInt32();\n this._s = this.ghash(this._hashSubkey, this._s, this._hashBlock);\n\n // XOR hash input with output\n for(var i = 0; i < this._ints; ++i) {\n output.putInt32(this._outBlock[i] ^ this._hashBlock[i]);\n }\n\n // increment cipher data length\n if(inputLength < this.blockSize) {\n this._cipherLength += inputLength % this.blockSize;\n } else {\n this._cipherLength += this.blockSize;\n }\n};\n\nmodes.gcm.prototype.afterFinish = function(output, options) {\n var rval = true;\n\n // handle overflow\n if(options.decrypt && options.overflow) {\n output.truncate(this.blockSize - options.overflow);\n }\n\n // handle authentication tag\n this.tag = forge.util.createBuffer();\n\n // concatenate additional data length with cipher length\n var lengths = this._aDataLength.concat(from64To32(this._cipherLength * 8));\n\n // include lengths in hash\n this._s = this.ghash(this._hashSubkey, this._s, lengths);\n\n // do GCTR(J_0, S)\n var tag = [];\n this.cipher.encrypt(this._j0, tag);\n for(var i = 0; i < this._ints; ++i) {\n this.tag.putInt32(this._s[i] ^ tag[i]);\n }\n\n // trim tag to length\n this.tag.truncate(this.tag.length() % (this._tagLength / 8));\n\n // check authentication tag\n if(options.decrypt && this.tag.bytes() !== this._tag) {\n rval = false;\n }\n\n return rval;\n};\n\n/**\n * See NIST SP-800-38D 6.3 (Algorithm 1). This function performs Galois\n * field multiplication. The field, GF(2^128), is defined by the polynomial:\n *\n * x^128 + x^7 + x^2 + x + 1\n *\n * Which is represented in little-endian binary form as: 11100001 (0xe1). When\n * the value of a coefficient is 1, a bit is set. The value R, is the\n * concatenation of this value and 120 zero bits, yielding a 128-bit value\n * which matches the block size.\n *\n * This function will multiply two elements (vectors of bytes), X and Y, in\n * the field GF(2^128). The result is initialized to zero. For each bit of\n * X (out of 128), x_i, if x_i is set, then the result is multiplied (XOR'd)\n * by the current value of Y. For each bit, the value of Y will be raised by\n * a power of x (multiplied by the polynomial x). This can be achieved by\n * shifting Y once to the right. If the current value of Y, prior to being\n * multiplied by x, has 0 as its LSB, then it is a 127th degree polynomial.\n * Otherwise, we must divide by R after shifting to find the remainder.\n *\n * @param x the first block to multiply by the second.\n * @param y the second block to multiply by the first.\n *\n * @return the block result of the multiplication.\n */\nmodes.gcm.prototype.multiply = function(x, y) {\n var z_i = [0, 0, 0, 0];\n var v_i = y.slice(0);\n\n // calculate Z_128 (block has 128 bits)\n for(var i = 0; i < 128; ++i) {\n // if x_i is 0, Z_{i+1} = Z_i (unchanged)\n // else Z_{i+1} = Z_i ^ V_i\n // get x_i by finding 32-bit int position, then left shift 1 by remainder\n var x_i = x[(i / 32) | 0] & (1 << (31 - i % 32));\n if(x_i) {\n z_i[0] ^= v_i[0];\n z_i[1] ^= v_i[1];\n z_i[2] ^= v_i[2];\n z_i[3] ^= v_i[3];\n }\n\n // if LSB(V_i) is 1, V_i = V_i >> 1\n // else V_i = (V_i >> 1) ^ R\n this.pow(v_i, v_i);\n }\n\n return z_i;\n};\n\nmodes.gcm.prototype.pow = function(x, out) {\n // if LSB(x) is 1, x = x >>> 1\n // else x = (x >>> 1) ^ R\n var lsb = x[3] & 1;\n\n // always do x >>> 1:\n // starting with the rightmost integer, shift each integer to the right\n // one bit, pulling in the bit from the integer to the left as its top\n // most bit (do this for the last 3 integers)\n for(var i = 3; i > 0; --i) {\n out[i] = (x[i] >>> 1) | ((x[i - 1] & 1) << 31);\n }\n // shift the first integer normally\n out[0] = x[0] >>> 1;\n\n // if lsb was not set, then polynomial had a degree of 127 and doesn't\n // need to divided; otherwise, XOR with R to find the remainder; we only\n // need to XOR the first integer since R technically ends w/120 zero bits\n if(lsb) {\n out[0] ^= this._R;\n }\n};\n\nmodes.gcm.prototype.tableMultiply = function(x) {\n // assumes 4-bit tables are used\n var z = [0, 0, 0, 0];\n for(var i = 0; i < 32; ++i) {\n var idx = (i / 8) | 0;\n var x_i = (x[idx] >>> ((7 - (i % 8)) * 4)) & 0xF;\n var ah = this._m[i][x_i];\n z[0] ^= ah[0];\n z[1] ^= ah[1];\n z[2] ^= ah[2];\n z[3] ^= ah[3];\n }\n return z;\n};\n\n/**\n * A continuing version of the GHASH algorithm that operates on a single\n * block. The hash block, last hash value (Ym) and the new block to hash\n * are given.\n *\n * @param h the hash block.\n * @param y the previous value for Ym, use [0, 0, 0, 0] for a new hash.\n * @param x the block to hash.\n *\n * @return the hashed value (Ym).\n */\nmodes.gcm.prototype.ghash = function(h, y, x) {\n y[0] ^= x[0];\n y[1] ^= x[1];\n y[2] ^= x[2];\n y[3] ^= x[3];\n return this.tableMultiply(y);\n //return this.multiply(y, h);\n};\n\n/**\n * Precomputes a table for multiplying against the hash subkey. This\n * mechanism provides a substantial speed increase over multiplication\n * performed without a table. The table-based multiplication this table is\n * for solves X * H by multiplying each component of X by H and then\n * composing the results together using XOR.\n *\n * This function can be used to generate tables with different bit sizes\n * for the components, however, this implementation assumes there are\n * 32 components of X (which is a 16 byte vector), therefore each component\n * takes 4-bits (so the table is constructed with bits=4).\n *\n * @param h the hash subkey.\n * @param bits the bit size for a component.\n */\nmodes.gcm.prototype.generateHashTable = function(h, bits) {\n // TODO: There are further optimizations that would use only the\n // first table M_0 (or some variant) along with a remainder table;\n // this can be explored in the future\n var multiplier = 8 / bits;\n var perInt = 4 * multiplier;\n var size = 16 * multiplier;\n var m = new Array(size);\n for(var i = 0; i < size; ++i) {\n var tmp = [0, 0, 0, 0];\n var idx = (i / perInt) | 0;\n var shft = ((perInt - 1 - (i % perInt)) * bits);\n tmp[idx] = (1 << (bits - 1)) << shft;\n m[i] = this.generateSubHashTable(this.multiply(tmp, h), bits);\n }\n return m;\n};\n\n/**\n * Generates a table for multiplying against the hash subkey for one\n * particular component (out of all possible component values).\n *\n * @param mid the pre-multiplied value for the middle key of the table.\n * @param bits the bit size for a component.\n */\nmodes.gcm.prototype.generateSubHashTable = function(mid, bits) {\n // compute the table quickly by minimizing the number of\n // POW operations -- they only need to be performed for powers of 2,\n // all other entries can be composed from those powers using XOR\n var size = 1 << bits;\n var half = size >>> 1;\n var m = new Array(size);\n m[half] = mid.slice(0);\n var i = half >>> 1;\n while(i > 0) {\n // raise m0[2 * i] and store in m0[i]\n this.pow(m[2 * i], m[i] = []);\n i >>= 1;\n }\n i = 2;\n while(i < half) {\n for(var j = 1; j < i; ++j) {\n var m_i = m[i];\n var m_j = m[j];\n m[i + j] = [\n m_i[0] ^ m_j[0],\n m_i[1] ^ m_j[1],\n m_i[2] ^ m_j[2],\n m_i[3] ^ m_j[3]\n ];\n }\n i *= 2;\n }\n m[0] = [0, 0, 0, 0];\n /* Note: We could avoid storing these by doing composition during multiply\n calculate top half using composition by speed is preferred. */\n for(i = half + 1; i < size; ++i) {\n var c = m[i ^ half];\n m[i] = [mid[0] ^ c[0], mid[1] ^ c[1], mid[2] ^ c[2], mid[3] ^ c[3]];\n }\n return m;\n};\n\n/** Utility functions */\n\nfunction transformIV(iv, blockSize) {\n if(typeof iv === 'string') {\n // convert iv string into byte buffer\n iv = forge.util.createBuffer(iv);\n }\n\n if(forge.util.isArray(iv) && iv.length > 4) {\n // convert iv byte array into byte buffer\n var tmp = iv;\n iv = forge.util.createBuffer();\n for(var i = 0; i < tmp.length; ++i) {\n iv.putByte(tmp[i]);\n }\n }\n\n if(iv.length() < blockSize) {\n throw new Error(\n 'Invalid IV length; got ' + iv.length() +\n ' bytes and expected ' + blockSize + ' bytes.');\n }\n\n if(!forge.util.isArray(iv)) {\n // convert iv byte buffer into 32-bit integer array\n var ints = [];\n var blocks = blockSize / 4;\n for(var i = 0; i < blocks; ++i) {\n ints.push(iv.getInt32());\n }\n iv = ints;\n }\n\n return iv;\n}\n\nfunction inc32(block) {\n // increment last 32 bits of block only\n block[block.length - 1] = (block[block.length - 1] + 1) & 0xFFFFFFFF;\n}\n\nfunction from64To32(num) {\n // convert 64-bit number to two BE Int32s\n return [(num / 0x100000000) | 0, num & 0xFFFFFFFF];\n}\n","/**\n * Advanced Encryption Standard (AES) implementation.\n *\n * This implementation is based on the public domain library 'jscrypto' which\n * was written by:\n *\n * Emily Stark (estark@stanford.edu)\n * Mike Hamburg (mhamburg@stanford.edu)\n * Dan Boneh (dabo@cs.stanford.edu)\n *\n * Parts of this code are based on the OpenSSL implementation of AES:\n * http://www.openssl.org\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./cipher');\nrequire('./cipherModes');\nrequire('./util');\n\n/* AES API */\nmodule.exports = forge.aes = forge.aes || {};\n\n/**\n * Deprecated. Instead, use:\n *\n * var cipher = forge.cipher.createCipher('AES-<mode>', key);\n * cipher.start({iv: iv});\n *\n * Creates an AES cipher object to encrypt data using the given symmetric key.\n * The output will be stored in the 'output' member of the returned cipher.\n *\n * The key and iv may be given as a string of bytes, an array of bytes,\n * a byte buffer, or an array of 32-bit words.\n *\n * @param key the symmetric key to use.\n * @param iv the initialization vector to use.\n * @param output the buffer to write to, null to create one.\n * @param mode the cipher mode to use (default: 'CBC').\n *\n * @return the cipher.\n */\nforge.aes.startEncrypting = function(key, iv, output, mode) {\n var cipher = _createCipher({\n key: key,\n output: output,\n decrypt: false,\n mode: mode\n });\n cipher.start(iv);\n return cipher;\n};\n\n/**\n * Deprecated. Instead, use:\n *\n * var cipher = forge.cipher.createCipher('AES-<mode>', key);\n *\n * Creates an AES cipher object to encrypt data using the given symmetric key.\n *\n * The key may be given as a string of bytes, an array of bytes, a\n * byte buffer, or an array of 32-bit words.\n *\n * @param key the symmetric key to use.\n * @param mode the cipher mode to use (default: 'CBC').\n *\n * @return the cipher.\n */\nforge.aes.createEncryptionCipher = function(key, mode) {\n return _createCipher({\n key: key,\n output: null,\n decrypt: false,\n mode: mode\n });\n};\n\n/**\n * Deprecated. Instead, use:\n *\n * var decipher = forge.cipher.createDecipher('AES-<mode>', key);\n * decipher.start({iv: iv});\n *\n * Creates an AES cipher object to decrypt data using the given symmetric key.\n * The output will be stored in the 'output' member of the returned cipher.\n *\n * The key and iv may be given as a string of bytes, an array of bytes,\n * a byte buffer, or an array of 32-bit words.\n *\n * @param key the symmetric key to use.\n * @param iv the initialization vector to use.\n * @param output the buffer to write to, null to create one.\n * @param mode the cipher mode to use (default: 'CBC').\n *\n * @return the cipher.\n */\nforge.aes.startDecrypting = function(key, iv, output, mode) {\n var cipher = _createCipher({\n key: key,\n output: output,\n decrypt: true,\n mode: mode\n });\n cipher.start(iv);\n return cipher;\n};\n\n/**\n * Deprecated. Instead, use:\n *\n * var decipher = forge.cipher.createDecipher('AES-<mode>', key);\n *\n * Creates an AES cipher object to decrypt data using the given symmetric key.\n *\n * The key may be given as a string of bytes, an array of bytes, a\n * byte buffer, or an array of 32-bit words.\n *\n * @param key the symmetric key to use.\n * @param mode the cipher mode to use (default: 'CBC').\n *\n * @return the cipher.\n */\nforge.aes.createDecryptionCipher = function(key, mode) {\n return _createCipher({\n key: key,\n output: null,\n decrypt: true,\n mode: mode\n });\n};\n\n/**\n * Creates a new AES cipher algorithm object.\n *\n * @param name the name of the algorithm.\n * @param mode the mode factory function.\n *\n * @return the AES algorithm object.\n */\nforge.aes.Algorithm = function(name, mode) {\n if(!init) {\n initialize();\n }\n var self = this;\n self.name = name;\n self.mode = new mode({\n blockSize: 16,\n cipher: {\n encrypt: function(inBlock, outBlock) {\n return _updateBlock(self._w, inBlock, outBlock, false);\n },\n decrypt: function(inBlock, outBlock) {\n return _updateBlock(self._w, inBlock, outBlock, true);\n }\n }\n });\n self._init = false;\n};\n\n/**\n * Initializes this AES algorithm by expanding its key.\n *\n * @param options the options to use.\n * key the key to use with this algorithm.\n * decrypt true if the algorithm should be initialized for decryption,\n * false for encryption.\n */\nforge.aes.Algorithm.prototype.initialize = function(options) {\n if(this._init) {\n return;\n }\n\n var key = options.key;\n var tmp;\n\n /* Note: The key may be a string of bytes, an array of bytes, a byte\n buffer, or an array of 32-bit integers. If the key is in bytes, then\n it must be 16, 24, or 32 bytes in length. If it is in 32-bit\n integers, it must be 4, 6, or 8 integers long. */\n\n if(typeof key === 'string' &&\n (key.length === 16 || key.length === 24 || key.length === 32)) {\n // convert key string into byte buffer\n key = forge.util.createBuffer(key);\n } else if(forge.util.isArray(key) &&\n (key.length === 16 || key.length === 24 || key.length === 32)) {\n // convert key integer array into byte buffer\n tmp = key;\n key = forge.util.createBuffer();\n for(var i = 0; i < tmp.length; ++i) {\n key.putByte(tmp[i]);\n }\n }\n\n // convert key byte buffer into 32-bit integer array\n if(!forge.util.isArray(key)) {\n tmp = key;\n key = [];\n\n // key lengths of 16, 24, 32 bytes allowed\n var len = tmp.length();\n if(len === 16 || len === 24 || len === 32) {\n len = len >>> 2;\n for(var i = 0; i < len; ++i) {\n key.push(tmp.getInt32());\n }\n }\n }\n\n // key must be an array of 32-bit integers by now\n if(!forge.util.isArray(key) ||\n !(key.length === 4 || key.length === 6 || key.length === 8)) {\n throw new Error('Invalid key parameter.');\n }\n\n // encryption operation is always used for these modes\n var mode = this.mode.name;\n var encryptOp = (['CFB', 'OFB', 'CTR', 'GCM'].indexOf(mode) !== -1);\n\n // do key expansion\n this._w = _expandKey(key, options.decrypt && !encryptOp);\n this._init = true;\n};\n\n/**\n * Expands a key. Typically only used for testing.\n *\n * @param key the symmetric key to expand, as an array of 32-bit words.\n * @param decrypt true to expand for decryption, false for encryption.\n *\n * @return the expanded key.\n */\nforge.aes._expandKey = function(key, decrypt) {\n if(!init) {\n initialize();\n }\n return _expandKey(key, decrypt);\n};\n\n/**\n * Updates a single block. Typically only used for testing.\n *\n * @param w the expanded key to use.\n * @param input an array of block-size 32-bit words.\n * @param output an array of block-size 32-bit words.\n * @param decrypt true to decrypt, false to encrypt.\n */\nforge.aes._updateBlock = _updateBlock;\n\n/** Register AES algorithms **/\n\nregisterAlgorithm('AES-ECB', forge.cipher.modes.ecb);\nregisterAlgorithm('AES-CBC', forge.cipher.modes.cbc);\nregisterAlgorithm('AES-CFB', forge.cipher.modes.cfb);\nregisterAlgorithm('AES-OFB', forge.cipher.modes.ofb);\nregisterAlgorithm('AES-CTR', forge.cipher.modes.ctr);\nregisterAlgorithm('AES-GCM', forge.cipher.modes.gcm);\n\nfunction registerAlgorithm(name, mode) {\n var factory = function() {\n return new forge.aes.Algorithm(name, mode);\n };\n forge.cipher.registerAlgorithm(name, factory);\n}\n\n/** AES implementation **/\n\nvar init = false; // not yet initialized\nvar Nb = 4; // number of words comprising the state (AES = 4)\nvar sbox; // non-linear substitution table used in key expansion\nvar isbox; // inversion of sbox\nvar rcon; // round constant word array\nvar mix; // mix-columns table\nvar imix; // inverse mix-columns table\n\n/**\n * Performs initialization, ie: precomputes tables to optimize for speed.\n *\n * One way to understand how AES works is to imagine that 'addition' and\n * 'multiplication' are interfaces that require certain mathematical\n * properties to hold true (ie: they are associative) but they might have\n * different implementations and produce different kinds of results ...\n * provided that their mathematical properties remain true. AES defines\n * its own methods of addition and multiplication but keeps some important\n * properties the same, ie: associativity and distributivity. The\n * explanation below tries to shed some light on how AES defines addition\n * and multiplication of bytes and 32-bit words in order to perform its\n * encryption and decryption algorithms.\n *\n * The basics:\n *\n * The AES algorithm views bytes as binary representations of polynomials\n * that have either 1 or 0 as the coefficients. It defines the addition\n * or subtraction of two bytes as the XOR operation. It also defines the\n * multiplication of two bytes as a finite field referred to as GF(2^8)\n * (Note: 'GF' means \"Galois Field\" which is a field that contains a finite\n * number of elements so GF(2^8) has 256 elements).\n *\n * This means that any two bytes can be represented as binary polynomials;\n * when they multiplied together and modularly reduced by an irreducible\n * polynomial of the 8th degree, the results are the field GF(2^8). The\n * specific irreducible polynomial that AES uses in hexadecimal is 0x11b.\n * This multiplication is associative with 0x01 as the identity:\n *\n * (b * 0x01 = GF(b, 0x01) = b).\n *\n * The operation GF(b, 0x02) can be performed at the byte level by left\n * shifting b once and then XOR'ing it (to perform the modular reduction)\n * with 0x11b if b is >= 128. Repeated application of the multiplication\n * of 0x02 can be used to implement the multiplication of any two bytes.\n *\n * For instance, multiplying 0x57 and 0x13, denoted as GF(0x57, 0x13), can\n * be performed by factoring 0x13 into 0x01, 0x02, and 0x10. Then these\n * factors can each be multiplied by 0x57 and then added together. To do\n * the multiplication, values for 0x57 multiplied by each of these 3 factors\n * can be precomputed and stored in a table. To add them, the values from\n * the table are XOR'd together.\n *\n * AES also defines addition and multiplication of words, that is 4-byte\n * numbers represented as polynomials of 3 degrees where the coefficients\n * are the values of the bytes.\n *\n * The word [a0, a1, a2, a3] is a polynomial a3x^3 + a2x^2 + a1x + a0.\n *\n * Addition is performed by XOR'ing like powers of x. Multiplication\n * is performed in two steps, the first is an algebriac expansion as\n * you would do normally (where addition is XOR). But the result is\n * a polynomial larger than 3 degrees and thus it cannot fit in a word. So\n * next the result is modularly reduced by an AES-specific polynomial of\n * degree 4 which will always produce a polynomial of less than 4 degrees\n * such that it will fit in a word. In AES, this polynomial is x^4 + 1.\n *\n * The modular product of two polynomials 'a' and 'b' is thus:\n *\n * d(x) = d3x^3 + d2x^2 + d1x + d0\n * with\n * d0 = GF(a0, b0) ^ GF(a3, b1) ^ GF(a2, b2) ^ GF(a1, b3)\n * d1 = GF(a1, b0) ^ GF(a0, b1) ^ GF(a3, b2) ^ GF(a2, b3)\n * d2 = GF(a2, b0) ^ GF(a1, b1) ^ GF(a0, b2) ^ GF(a3, b3)\n * d3 = GF(a3, b0) ^ GF(a2, b1) ^ GF(a1, b2) ^ GF(a0, b3)\n *\n * As a matrix:\n *\n * [d0] = [a0 a3 a2 a1][b0]\n * [d1] [a1 a0 a3 a2][b1]\n * [d2] [a2 a1 a0 a3][b2]\n * [d3] [a3 a2 a1 a0][b3]\n *\n * Special polynomials defined by AES (0x02 == {02}):\n * a(x) = {03}x^3 + {01}x^2 + {01}x + {02}\n * a^-1(x) = {0b}x^3 + {0d}x^2 + {09}x + {0e}.\n *\n * These polynomials are used in the MixColumns() and InverseMixColumns()\n * operations, respectively, to cause each element in the state to affect\n * the output (referred to as diffusing).\n *\n * RotWord() uses: a0 = a1 = a2 = {00} and a3 = {01}, which is the\n * polynomial x3.\n *\n * The ShiftRows() method modifies the last 3 rows in the state (where\n * the state is 4 words with 4 bytes per word) by shifting bytes cyclically.\n * The 1st byte in the second row is moved to the end of the row. The 1st\n * and 2nd bytes in the third row are moved to the end of the row. The 1st,\n * 2nd, and 3rd bytes are moved in the fourth row.\n *\n * More details on how AES arithmetic works:\n *\n * In the polynomial representation of binary numbers, XOR performs addition\n * and subtraction and multiplication in GF(2^8) denoted as GF(a, b)\n * corresponds with the multiplication of polynomials modulo an irreducible\n * polynomial of degree 8. In other words, for AES, GF(a, b) will multiply\n * polynomial 'a' with polynomial 'b' and then do a modular reduction by\n * an AES-specific irreducible polynomial of degree 8.\n *\n * A polynomial is irreducible if its only divisors are one and itself. For\n * the AES algorithm, this irreducible polynomial is:\n *\n * m(x) = x^8 + x^4 + x^3 + x + 1,\n *\n * or {01}{1b} in hexadecimal notation, where each coefficient is a bit:\n * 100011011 = 283 = 0x11b.\n *\n * For example, GF(0x57, 0x83) = 0xc1 because\n *\n * 0x57 = 87 = 01010111 = x^6 + x^4 + x^2 + x + 1\n * 0x85 = 131 = 10000101 = x^7 + x + 1\n *\n * (x^6 + x^4 + x^2 + x + 1) * (x^7 + x + 1)\n * = x^13 + x^11 + x^9 + x^8 + x^7 +\n * x^7 + x^5 + x^3 + x^2 + x +\n * x^6 + x^4 + x^2 + x + 1\n * = x^13 + x^11 + x^9 + x^8 + x^6 + x^5 + x^4 + x^3 + 1 = y\n * y modulo (x^8 + x^4 + x^3 + x + 1)\n * = x^7 + x^6 + 1.\n *\n * The modular reduction by m(x) guarantees the result will be a binary\n * polynomial of less than degree 8, so that it can fit in a byte.\n *\n * The operation to multiply a binary polynomial b with x (the polynomial\n * x in binary representation is 00000010) is:\n *\n * b_7x^8 + b_6x^7 + b_5x^6 + b_4x^5 + b_3x^4 + b_2x^3 + b_1x^2 + b_0x^1\n *\n * To get GF(b, x) we must reduce that by m(x). If b_7 is 0 (that is the\n * most significant bit is 0 in b) then the result is already reduced. If\n * it is 1, then we can reduce it by subtracting m(x) via an XOR.\n *\n * It follows that multiplication by x (00000010 or 0x02) can be implemented\n * by performing a left shift followed by a conditional bitwise XOR with\n * 0x1b. This operation on bytes is denoted by xtime(). Multiplication by\n * higher powers of x can be implemented by repeated application of xtime().\n *\n * By adding intermediate results, multiplication by any constant can be\n * implemented. For instance:\n *\n * GF(0x57, 0x13) = 0xfe because:\n *\n * xtime(b) = (b & 128) ? (b << 1 ^ 0x11b) : (b << 1)\n *\n * Note: We XOR with 0x11b instead of 0x1b because in javascript our\n * datatype for b can be larger than 1 byte, so a left shift will not\n * automatically eliminate bits that overflow a byte ... by XOR'ing the\n * overflow bit with 1 (the extra one from 0x11b) we zero it out.\n *\n * GF(0x57, 0x02) = xtime(0x57) = 0xae\n * GF(0x57, 0x04) = xtime(0xae) = 0x47\n * GF(0x57, 0x08) = xtime(0x47) = 0x8e\n * GF(0x57, 0x10) = xtime(0x8e) = 0x07\n *\n * GF(0x57, 0x13) = GF(0x57, (0x01 ^ 0x02 ^ 0x10))\n *\n * And by the distributive property (since XOR is addition and GF() is\n * multiplication):\n *\n * = GF(0x57, 0x01) ^ GF(0x57, 0x02) ^ GF(0x57, 0x10)\n * = 0x57 ^ 0xae ^ 0x07\n * = 0xfe.\n */\nfunction initialize() {\n init = true;\n\n /* Populate the Rcon table. These are the values given by\n [x^(i-1),{00},{00},{00}] where x^(i-1) are powers of x (and x = 0x02)\n in the field of GF(2^8), where i starts at 1.\n\n rcon[0] = [0x00, 0x00, 0x00, 0x00]\n rcon[1] = [0x01, 0x00, 0x00, 0x00] 2^(1-1) = 2^0 = 1\n rcon[2] = [0x02, 0x00, 0x00, 0x00] 2^(2-1) = 2^1 = 2\n ...\n rcon[9] = [0x1B, 0x00, 0x00, 0x00] 2^(9-1) = 2^8 = 0x1B\n rcon[10] = [0x36, 0x00, 0x00, 0x00] 2^(10-1) = 2^9 = 0x36\n\n We only store the first byte because it is the only one used.\n */\n rcon = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36];\n\n // compute xtime table which maps i onto GF(i, 0x02)\n var xtime = new Array(256);\n for(var i = 0; i < 128; ++i) {\n xtime[i] = i << 1;\n xtime[i + 128] = (i + 128) << 1 ^ 0x11B;\n }\n\n // compute all other tables\n sbox = new Array(256);\n isbox = new Array(256);\n mix = new Array(4);\n imix = new Array(4);\n for(var i = 0; i < 4; ++i) {\n mix[i] = new Array(256);\n imix[i] = new Array(256);\n }\n var e = 0, ei = 0, e2, e4, e8, sx, sx2, me, ime;\n for(var i = 0; i < 256; ++i) {\n /* We need to generate the SubBytes() sbox and isbox tables so that\n we can perform byte substitutions. This requires us to traverse\n all of the elements in GF, find their multiplicative inverses,\n and apply to each the following affine transformation:\n\n bi' = bi ^ b(i + 4) mod 8 ^ b(i + 5) mod 8 ^ b(i + 6) mod 8 ^\n b(i + 7) mod 8 ^ ci\n for 0 <= i < 8, where bi is the ith bit of the byte, and ci is the\n ith bit of a byte c with the value {63} or {01100011}.\n\n It is possible to traverse every possible value in a Galois field\n using what is referred to as a 'generator'. There are many\n generators (128 out of 256): 3,5,6,9,11,82 to name a few. To fully\n traverse GF we iterate 255 times, multiplying by our generator\n each time.\n\n On each iteration we can determine the multiplicative inverse for\n the current element.\n\n Suppose there is an element in GF 'e'. For a given generator 'g',\n e = g^x. The multiplicative inverse of e is g^(255 - x). It turns\n out that if use the inverse of a generator as another generator\n it will produce all of the corresponding multiplicative inverses\n at the same time. For this reason, we choose 5 as our inverse\n generator because it only requires 2 multiplies and 1 add and its\n inverse, 82, requires relatively few operations as well.\n\n In order to apply the affine transformation, the multiplicative\n inverse 'ei' of 'e' can be repeatedly XOR'd (4 times) with a\n bit-cycling of 'ei'. To do this 'ei' is first stored in 's' and\n 'x'. Then 's' is left shifted and the high bit of 's' is made the\n low bit. The resulting value is stored in 's'. Then 'x' is XOR'd\n with 's' and stored in 'x'. On each subsequent iteration the same\n operation is performed. When 4 iterations are complete, 'x' is\n XOR'd with 'c' (0x63) and the transformed value is stored in 'x'.\n For example:\n\n s = 01000001\n x = 01000001\n\n iteration 1: s = 10000010, x ^= s\n iteration 2: s = 00000101, x ^= s\n iteration 3: s = 00001010, x ^= s\n iteration 4: s = 00010100, x ^= s\n x ^= 0x63\n\n This can be done with a loop where s = (s << 1) | (s >> 7). However,\n it can also be done by using a single 16-bit (in this case 32-bit)\n number 'sx'. Since XOR is an associative operation, we can set 'sx'\n to 'ei' and then XOR it with 'sx' left-shifted 1,2,3, and 4 times.\n The most significant bits will flow into the high 8 bit positions\n and be correctly XOR'd with one another. All that remains will be\n to cycle the high 8 bits by XOR'ing them all with the lower 8 bits\n afterwards.\n\n At the same time we're populating sbox and isbox we can precompute\n the multiplication we'll need to do to do MixColumns() later.\n */\n\n // apply affine transformation\n sx = ei ^ (ei << 1) ^ (ei << 2) ^ (ei << 3) ^ (ei << 4);\n sx = (sx >> 8) ^ (sx & 255) ^ 0x63;\n\n // update tables\n sbox[e] = sx;\n isbox[sx] = e;\n\n /* Mixing columns is done using matrix multiplication. The columns\n that are to be mixed are each a single word in the current state.\n The state has Nb columns (4 columns). Therefore each column is a\n 4 byte word. So to mix the columns in a single column 'c' where\n its rows are r0, r1, r2, and r3, we use the following matrix\n multiplication:\n\n [2 3 1 1]*[r0,c]=[r'0,c]\n [1 2 3 1] [r1,c] [r'1,c]\n [1 1 2 3] [r2,c] [r'2,c]\n [3 1 1 2] [r3,c] [r'3,c]\n\n r0, r1, r2, and r3 are each 1 byte of one of the words in the\n state (a column). To do matrix multiplication for each mixed\n column c' we multiply the corresponding row from the left matrix\n with the corresponding column from the right matrix. In total, we\n get 4 equations:\n\n r0,c' = 2*r0,c + 3*r1,c + 1*r2,c + 1*r3,c\n r1,c' = 1*r0,c + 2*r1,c + 3*r2,c + 1*r3,c\n r2,c' = 1*r0,c + 1*r1,c + 2*r2,c + 3*r3,c\n r3,c' = 3*r0,c + 1*r1,c + 1*r2,c + 2*r3,c\n\n As usual, the multiplication is as previously defined and the\n addition is XOR. In order to optimize mixing columns we can store\n the multiplication results in tables. If you think of the whole\n column as a word (it might help to visualize by mentally rotating\n the equations above by counterclockwise 90 degrees) then you can\n see that it would be useful to map the multiplications performed on\n each byte (r0, r1, r2, r3) onto a word as well. For instance, we\n could map 2*r0,1*r0,1*r0,3*r0 onto a word by storing 2*r0 in the\n highest 8 bits and 3*r0 in the lowest 8 bits (with the other two\n respectively in the middle). This means that a table can be\n constructed that uses r0 as an index to the word. We can do the\n same with r1, r2, and r3, creating a total of 4 tables.\n\n To construct a full c', we can just look up each byte of c in\n their respective tables and XOR the results together.\n\n Also, to build each table we only have to calculate the word\n for 2,1,1,3 for every byte ... which we can do on each iteration\n of this loop since we will iterate over every byte. After we have\n calculated 2,1,1,3 we can get the results for the other tables\n by cycling the byte at the end to the beginning. For instance\n we can take the result of table 2,1,1,3 and produce table 3,2,1,1\n by moving the right most byte to the left most position just like\n how you can imagine the 3 moved out of 2,1,1,3 and to the front\n to produce 3,2,1,1.\n\n There is another optimization in that the same multiples of\n the current element we need in order to advance our generator\n to the next iteration can be reused in performing the 2,1,1,3\n calculation. We also calculate the inverse mix column tables,\n with e,9,d,b being the inverse of 2,1,1,3.\n\n When we're done, and we need to actually mix columns, the first\n byte of each state word should be put through mix[0] (2,1,1,3),\n the second through mix[1] (3,2,1,1) and so forth. Then they should\n be XOR'd together to produce the fully mixed column.\n */\n\n // calculate mix and imix table values\n sx2 = xtime[sx];\n e2 = xtime[e];\n e4 = xtime[e2];\n e8 = xtime[e4];\n me =\n (sx2 << 24) ^ // 2\n (sx << 16) ^ // 1\n (sx << 8) ^ // 1\n (sx ^ sx2); // 3\n ime =\n (e2 ^ e4 ^ e8) << 24 ^ // E (14)\n (e ^ e8) << 16 ^ // 9\n (e ^ e4 ^ e8) << 8 ^ // D (13)\n (e ^ e2 ^ e8); // B (11)\n // produce each of the mix tables by rotating the 2,1,1,3 value\n for(var n = 0; n < 4; ++n) {\n mix[n][e] = me;\n imix[n][sx] = ime;\n // cycle the right most byte to the left most position\n // ie: 2,1,1,3 becomes 3,2,1,1\n me = me << 24 | me >>> 8;\n ime = ime << 24 | ime >>> 8;\n }\n\n // get next element and inverse\n if(e === 0) {\n // 1 is the inverse of 1\n e = ei = 1;\n } else {\n // e = 2e + 2*2*2*(10e)) = multiply e by 82 (chosen generator)\n // ei = ei + 2*2*ei = multiply ei by 5 (inverse generator)\n e = e2 ^ xtime[xtime[xtime[e2 ^ e8]]];\n ei ^= xtime[xtime[ei]];\n }\n }\n}\n\n/**\n * Generates a key schedule using the AES key expansion algorithm.\n *\n * The AES algorithm takes the Cipher Key, K, and performs a Key Expansion\n * routine to generate a key schedule. The Key Expansion generates a total\n * of Nb*(Nr + 1) words: the algorithm requires an initial set of Nb words,\n * and each of the Nr rounds requires Nb words of key data. The resulting\n * key schedule consists of a linear array of 4-byte words, denoted [wi ],\n * with i in the range 0 <= i < Nb(Nr + 1).\n *\n * KeyExpansion(byte key[4*Nk], word w[Nb*(Nr+1)], Nk)\n * AES-128 (Nb=4, Nk=4, Nr=10)\n * AES-192 (Nb=4, Nk=6, Nr=12)\n * AES-256 (Nb=4, Nk=8, Nr=14)\n * Note: Nr=Nk+6.\n *\n * Nb is the number of columns (32-bit words) comprising the State (or\n * number of bytes in a block). For AES, Nb=4.\n *\n * @param key the key to schedule (as an array of 32-bit words).\n * @param decrypt true to modify the key schedule to decrypt, false not to.\n *\n * @return the generated key schedule.\n */\nfunction _expandKey(key, decrypt) {\n // copy the key's words to initialize the key schedule\n var w = key.slice(0);\n\n /* RotWord() will rotate a word, moving the first byte to the last\n byte's position (shifting the other bytes left).\n\n We will be getting the value of Rcon at i / Nk. 'i' will iterate\n from Nk to (Nb * Nr+1). Nk = 4 (4 byte key), Nb = 4 (4 words in\n a block), Nr = Nk + 6 (10). Therefore 'i' will iterate from\n 4 to 44 (exclusive). Each time we iterate 4 times, i / Nk will\n increase by 1. We use a counter iNk to keep track of this.\n */\n\n // go through the rounds expanding the key\n var temp, iNk = 1;\n var Nk = w.length;\n var Nr1 = Nk + 6 + 1;\n var end = Nb * Nr1;\n for(var i = Nk; i < end; ++i) {\n temp = w[i - 1];\n if(i % Nk === 0) {\n // temp = SubWord(RotWord(temp)) ^ Rcon[i / Nk]\n temp =\n sbox[temp >>> 16 & 255] << 24 ^\n sbox[temp >>> 8 & 255] << 16 ^\n sbox[temp & 255] << 8 ^\n sbox[temp >>> 24] ^ (rcon[iNk] << 24);\n iNk++;\n } else if(Nk > 6 && (i % Nk === 4)) {\n // temp = SubWord(temp)\n temp =\n sbox[temp >>> 24] << 24 ^\n sbox[temp >>> 16 & 255] << 16 ^\n sbox[temp >>> 8 & 255] << 8 ^\n sbox[temp & 255];\n }\n w[i] = w[i - Nk] ^ temp;\n }\n\n /* When we are updating a cipher block we always use the code path for\n encryption whether we are decrypting or not (to shorten code and\n simplify the generation of look up tables). However, because there\n are differences in the decryption algorithm, other than just swapping\n in different look up tables, we must transform our key schedule to\n account for these changes:\n\n 1. The decryption algorithm gets its key rounds in reverse order.\n 2. The decryption algorithm adds the round key before mixing columns\n instead of afterwards.\n\n We don't need to modify our key schedule to handle the first case,\n we can just traverse the key schedule in reverse order when decrypting.\n\n The second case requires a little work.\n\n The tables we built for performing rounds will take an input and then\n perform SubBytes() and MixColumns() or, for the decrypt version,\n InvSubBytes() and InvMixColumns(). But the decrypt algorithm requires\n us to AddRoundKey() before InvMixColumns(). This means we'll need to\n apply some transformations to the round key to inverse-mix its columns\n so they'll be correct for moving AddRoundKey() to after the state has\n had its columns inverse-mixed.\n\n To inverse-mix the columns of the state when we're decrypting we use a\n lookup table that will apply InvSubBytes() and InvMixColumns() at the\n same time. However, the round key's bytes are not inverse-substituted\n in the decryption algorithm. To get around this problem, we can first\n substitute the bytes in the round key so that when we apply the\n transformation via the InvSubBytes()+InvMixColumns() table, it will\n undo our substitution leaving us with the original value that we\n want -- and then inverse-mix that value.\n\n This change will correctly alter our key schedule so that we can XOR\n each round key with our already transformed decryption state. This\n allows us to use the same code path as the encryption algorithm.\n\n We make one more change to the decryption key. Since the decryption\n algorithm runs in reverse from the encryption algorithm, we reverse\n the order of the round keys to avoid having to iterate over the key\n schedule backwards when running the encryption algorithm later in\n decryption mode. In addition to reversing the order of the round keys,\n we also swap each round key's 2nd and 4th rows. See the comments\n section where rounds are performed for more details about why this is\n done. These changes are done inline with the other substitution\n described above.\n */\n if(decrypt) {\n var tmp;\n var m0 = imix[0];\n var m1 = imix[1];\n var m2 = imix[2];\n var m3 = imix[3];\n var wnew = w.slice(0);\n end = w.length;\n for(var i = 0, wi = end - Nb; i < end; i += Nb, wi -= Nb) {\n // do not sub the first or last round key (round keys are Nb\n // words) as no column mixing is performed before they are added,\n // but do change the key order\n if(i === 0 || i === (end - Nb)) {\n wnew[i] = w[wi];\n wnew[i + 1] = w[wi + 3];\n wnew[i + 2] = w[wi + 2];\n wnew[i + 3] = w[wi + 1];\n } else {\n // substitute each round key byte because the inverse-mix\n // table will inverse-substitute it (effectively cancel the\n // substitution because round key bytes aren't sub'd in\n // decryption mode) and swap indexes 3 and 1\n for(var n = 0; n < Nb; ++n) {\n tmp = w[wi + n];\n wnew[i + (3&-n)] =\n m0[sbox[tmp >>> 24]] ^\n m1[sbox[tmp >>> 16 & 255]] ^\n m2[sbox[tmp >>> 8 & 255]] ^\n m3[sbox[tmp & 255]];\n }\n }\n }\n w = wnew;\n }\n\n return w;\n}\n\n/**\n * Updates a single block (16 bytes) using AES. The update will either\n * encrypt or decrypt the block.\n *\n * @param w the key schedule.\n * @param input the input block (an array of 32-bit words).\n * @param output the updated output block.\n * @param decrypt true to decrypt the block, false to encrypt it.\n */\nfunction _updateBlock(w, input, output, decrypt) {\n /*\n Cipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])\n begin\n byte state[4,Nb]\n state = in\n AddRoundKey(state, w[0, Nb-1])\n for round = 1 step 1 to Nr-1\n SubBytes(state)\n ShiftRows(state)\n MixColumns(state)\n AddRoundKey(state, w[round*Nb, (round+1)*Nb-1])\n end for\n SubBytes(state)\n ShiftRows(state)\n AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])\n out = state\n end\n\n InvCipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)])\n begin\n byte state[4,Nb]\n state = in\n AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])\n for round = Nr-1 step -1 downto 1\n InvShiftRows(state)\n InvSubBytes(state)\n AddRoundKey(state, w[round*Nb, (round+1)*Nb-1])\n InvMixColumns(state)\n end for\n InvShiftRows(state)\n InvSubBytes(state)\n AddRoundKey(state, w[0, Nb-1])\n out = state\n end\n */\n\n // Encrypt: AddRoundKey(state, w[0, Nb-1])\n // Decrypt: AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])\n var Nr = w.length / 4 - 1;\n var m0, m1, m2, m3, sub;\n if(decrypt) {\n m0 = imix[0];\n m1 = imix[1];\n m2 = imix[2];\n m3 = imix[3];\n sub = isbox;\n } else {\n m0 = mix[0];\n m1 = mix[1];\n m2 = mix[2];\n m3 = mix[3];\n sub = sbox;\n }\n var a, b, c, d, a2, b2, c2;\n a = input[0] ^ w[0];\n b = input[decrypt ? 3 : 1] ^ w[1];\n c = input[2] ^ w[2];\n d = input[decrypt ? 1 : 3] ^ w[3];\n var i = 3;\n\n /* In order to share code we follow the encryption algorithm when both\n encrypting and decrypting. To account for the changes required in the\n decryption algorithm, we use different lookup tables when decrypting\n and use a modified key schedule to account for the difference in the\n order of transformations applied when performing rounds. We also get\n key rounds in reverse order (relative to encryption). */\n for(var round = 1; round < Nr; ++round) {\n /* As described above, we'll be using table lookups to perform the\n column mixing. Each column is stored as a word in the state (the\n array 'input' has one column as a word at each index). In order to\n mix a column, we perform these transformations on each row in c,\n which is 1 byte in each word. The new column for c0 is c'0:\n\n m0 m1 m2 m3\n r0,c'0 = 2*r0,c0 + 3*r1,c0 + 1*r2,c0 + 1*r3,c0\n r1,c'0 = 1*r0,c0 + 2*r1,c0 + 3*r2,c0 + 1*r3,c0\n r2,c'0 = 1*r0,c0 + 1*r1,c0 + 2*r2,c0 + 3*r3,c0\n r3,c'0 = 3*r0,c0 + 1*r1,c0 + 1*r2,c0 + 2*r3,c0\n\n So using mix tables where c0 is a word with r0 being its upper\n 8 bits and r3 being its lower 8 bits:\n\n m0[c0 >> 24] will yield this word: [2*r0,1*r0,1*r0,3*r0]\n ...\n m3[c0 & 255] will yield this word: [1*r3,1*r3,3*r3,2*r3]\n\n Therefore to mix the columns in each word in the state we\n do the following (& 255 omitted for brevity):\n c'0,r0 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]\n c'0,r1 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]\n c'0,r2 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]\n c'0,r3 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3]\n\n However, before mixing, the algorithm requires us to perform\n ShiftRows(). The ShiftRows() transformation cyclically shifts the\n last 3 rows of the state over different offsets. The first row\n (r = 0) is not shifted.\n\n s'_r,c = s_r,(c + shift(r, Nb) mod Nb\n for 0 < r < 4 and 0 <= c < Nb and\n shift(1, 4) = 1\n shift(2, 4) = 2\n shift(3, 4) = 3.\n\n This causes the first byte in r = 1 to be moved to the end of\n the row, the first 2 bytes in r = 2 to be moved to the end of\n the row, the first 3 bytes in r = 3 to be moved to the end of\n the row:\n\n r1: [c0 c1 c2 c3] => [c1 c2 c3 c0]\n r2: [c0 c1 c2 c3] [c2 c3 c0 c1]\n r3: [c0 c1 c2 c3] [c3 c0 c1 c2]\n\n We can make these substitutions inline with our column mixing to\n generate an updated set of equations to produce each word in the\n state (note the columns have changed positions):\n\n c0 c1 c2 c3 => c0 c1 c2 c3\n c0 c1 c2 c3 c1 c2 c3 c0 (cycled 1 byte)\n c0 c1 c2 c3 c2 c3 c0 c1 (cycled 2 bytes)\n c0 c1 c2 c3 c3 c0 c1 c2 (cycled 3 bytes)\n\n Therefore:\n\n c'0 = 2*r0,c0 + 3*r1,c1 + 1*r2,c2 + 1*r3,c3\n c'0 = 1*r0,c0 + 2*r1,c1 + 3*r2,c2 + 1*r3,c3\n c'0 = 1*r0,c0 + 1*r1,c1 + 2*r2,c2 + 3*r3,c3\n c'0 = 3*r0,c0 + 1*r1,c1 + 1*r2,c2 + 2*r3,c3\n\n c'1 = 2*r0,c1 + 3*r1,c2 + 1*r2,c3 + 1*r3,c0\n c'1 = 1*r0,c1 + 2*r1,c2 + 3*r2,c3 + 1*r3,c0\n c'1 = 1*r0,c1 + 1*r1,c2 + 2*r2,c3 + 3*r3,c0\n c'1 = 3*r0,c1 + 1*r1,c2 + 1*r2,c3 + 2*r3,c0\n\n ... and so forth for c'2 and c'3. The important distinction is\n that the columns are cycling, with c0 being used with the m0\n map when calculating c0, but c1 being used with the m0 map when\n calculating c1 ... and so forth.\n\n When performing the inverse we transform the mirror image and\n skip the bottom row, instead of the top one, and move upwards:\n\n c3 c2 c1 c0 => c0 c3 c2 c1 (cycled 3 bytes) *same as encryption\n c3 c2 c1 c0 c1 c0 c3 c2 (cycled 2 bytes)\n c3 c2 c1 c0 c2 c1 c0 c3 (cycled 1 byte) *same as encryption\n c3 c2 c1 c0 c3 c2 c1 c0\n\n If you compare the resulting matrices for ShiftRows()+MixColumns()\n and for InvShiftRows()+InvMixColumns() the 2nd and 4th columns are\n different (in encrypt mode vs. decrypt mode). So in order to use\n the same code to handle both encryption and decryption, we will\n need to do some mapping.\n\n If in encryption mode we let a=c0, b=c1, c=c2, d=c3, and r<N> be\n a row number in the state, then the resulting matrix in encryption\n mode for applying the above transformations would be:\n\n r1: a b c d\n r2: b c d a\n r3: c d a b\n r4: d a b c\n\n If we did the same in decryption mode we would get:\n\n r1: a d c b\n r2: b a d c\n r3: c b a d\n r4: d c b a\n\n If instead we swap d and b (set b=c3 and d=c1), then we get:\n\n r1: a b c d\n r2: d a b c\n r3: c d a b\n r4: b c d a\n\n Now the 1st and 3rd rows are the same as the encryption matrix. All\n we need to do then to make the mapping exactly the same is to swap\n the 2nd and 4th rows when in decryption mode. To do this without\n having to do it on each iteration, we swapped the 2nd and 4th rows\n in the decryption key schedule. We also have to do the swap above\n when we first pull in the input and when we set the final output. */\n a2 =\n m0[a >>> 24] ^\n m1[b >>> 16 & 255] ^\n m2[c >>> 8 & 255] ^\n m3[d & 255] ^ w[++i];\n b2 =\n m0[b >>> 24] ^\n m1[c >>> 16 & 255] ^\n m2[d >>> 8 & 255] ^\n m3[a & 255] ^ w[++i];\n c2 =\n m0[c >>> 24] ^\n m1[d >>> 16 & 255] ^\n m2[a >>> 8 & 255] ^\n m3[b & 255] ^ w[++i];\n d =\n m0[d >>> 24] ^\n m1[a >>> 16 & 255] ^\n m2[b >>> 8 & 255] ^\n m3[c & 255] ^ w[++i];\n a = a2;\n b = b2;\n c = c2;\n }\n\n /*\n Encrypt:\n SubBytes(state)\n ShiftRows(state)\n AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1])\n\n Decrypt:\n InvShiftRows(state)\n InvSubBytes(state)\n AddRoundKey(state, w[0, Nb-1])\n */\n // Note: rows are shifted inline\n output[0] =\n (sub[a >>> 24] << 24) ^\n (sub[b >>> 16 & 255] << 16) ^\n (sub[c >>> 8 & 255] << 8) ^\n (sub[d & 255]) ^ w[++i];\n output[decrypt ? 3 : 1] =\n (sub[b >>> 24] << 24) ^\n (sub[c >>> 16 & 255] << 16) ^\n (sub[d >>> 8 & 255] << 8) ^\n (sub[a & 255]) ^ w[++i];\n output[2] =\n (sub[c >>> 24] << 24) ^\n (sub[d >>> 16 & 255] << 16) ^\n (sub[a >>> 8 & 255] << 8) ^\n (sub[b & 255]) ^ w[++i];\n output[decrypt ? 1 : 3] =\n (sub[d >>> 24] << 24) ^\n (sub[a >>> 16 & 255] << 16) ^\n (sub[b >>> 8 & 255] << 8) ^\n (sub[c & 255]) ^ w[++i];\n}\n\n/**\n * Deprecated. Instead, use:\n *\n * forge.cipher.createCipher('AES-<mode>', key);\n * forge.cipher.createDecipher('AES-<mode>', key);\n *\n * Creates a deprecated AES cipher object. This object's mode will default to\n * CBC (cipher-block-chaining).\n *\n * The key and iv may be given as a string of bytes, an array of bytes, a\n * byte buffer, or an array of 32-bit words.\n *\n * @param options the options to use.\n * key the symmetric key to use.\n * output the buffer to write to.\n * decrypt true for decryption, false for encryption.\n * mode the cipher mode to use (default: 'CBC').\n *\n * @return the cipher.\n */\nfunction _createCipher(options) {\n options = options || {};\n var mode = (options.mode || 'CBC').toUpperCase();\n var algorithm = 'AES-' + mode;\n\n var cipher;\n if(options.decrypt) {\n cipher = forge.cipher.createDecipher(algorithm, options.key);\n } else {\n cipher = forge.cipher.createCipher(algorithm, options.key);\n }\n\n // backwards compatible start API\n var start = cipher.start;\n cipher.start = function(iv, options) {\n // backwards compatibility: support second arg as output buffer\n var output = null;\n if(options instanceof forge.util.ByteBuffer) {\n output = options;\n options = {};\n }\n options = options || {};\n options.output = output;\n options.iv = iv;\n start.call(cipher, options);\n };\n\n return cipher;\n}\n","/**\n * Object IDs for ASN.1.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2013 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\n\nforge.pki = forge.pki || {};\nvar oids = module.exports = forge.pki.oids = forge.oids = forge.oids || {};\n\n// set id to name mapping and name to id mapping\nfunction _IN(id, name) {\n oids[id] = name;\n oids[name] = id;\n}\n// set id to name mapping only\nfunction _I_(id, name) {\n oids[id] = name;\n}\n\n// algorithm OIDs\n_IN('1.2.840.113549.1.1.1', 'rsaEncryption');\n// Note: md2 & md4 not implemented\n//_IN('1.2.840.113549.1.1.2', 'md2WithRSAEncryption');\n//_IN('1.2.840.113549.1.1.3', 'md4WithRSAEncryption');\n_IN('1.2.840.113549.1.1.4', 'md5WithRSAEncryption');\n_IN('1.2.840.113549.1.1.5', 'sha1WithRSAEncryption');\n_IN('1.2.840.113549.1.1.7', 'RSAES-OAEP');\n_IN('1.2.840.113549.1.1.8', 'mgf1');\n_IN('1.2.840.113549.1.1.9', 'pSpecified');\n_IN('1.2.840.113549.1.1.10', 'RSASSA-PSS');\n_IN('1.2.840.113549.1.1.11', 'sha256WithRSAEncryption');\n_IN('1.2.840.113549.1.1.12', 'sha384WithRSAEncryption');\n_IN('1.2.840.113549.1.1.13', 'sha512WithRSAEncryption');\n// Edwards-curve Digital Signature Algorithm (EdDSA) Ed25519\n_IN('1.3.101.112', 'EdDSA25519');\n\n_IN('1.2.840.10040.4.3', 'dsa-with-sha1');\n\n_IN('1.3.14.3.2.7', 'desCBC');\n\n_IN('1.3.14.3.2.26', 'sha1');\n// Deprecated equivalent of sha1WithRSAEncryption\n_IN('1.3.14.3.2.29', 'sha1WithRSASignature');\n_IN('2.16.840.1.101.3.4.2.1', 'sha256');\n_IN('2.16.840.1.101.3.4.2.2', 'sha384');\n_IN('2.16.840.1.101.3.4.2.3', 'sha512');\n_IN('2.16.840.1.101.3.4.2.4', 'sha224');\n_IN('2.16.840.1.101.3.4.2.5', 'sha512-224');\n_IN('2.16.840.1.101.3.4.2.6', 'sha512-256');\n_IN('1.2.840.113549.2.2', 'md2');\n_IN('1.2.840.113549.2.5', 'md5');\n\n// pkcs#7 content types\n_IN('1.2.840.113549.1.7.1', 'data');\n_IN('1.2.840.113549.1.7.2', 'signedData');\n_IN('1.2.840.113549.1.7.3', 'envelopedData');\n_IN('1.2.840.113549.1.7.4', 'signedAndEnvelopedData');\n_IN('1.2.840.113549.1.7.5', 'digestedData');\n_IN('1.2.840.113549.1.7.6', 'encryptedData');\n\n// pkcs#9 oids\n_IN('1.2.840.113549.1.9.1', 'emailAddress');\n_IN('1.2.840.113549.1.9.2', 'unstructuredName');\n_IN('1.2.840.113549.1.9.3', 'contentType');\n_IN('1.2.840.113549.1.9.4', 'messageDigest');\n_IN('1.2.840.113549.1.9.5', 'signingTime');\n_IN('1.2.840.113549.1.9.6', 'counterSignature');\n_IN('1.2.840.113549.1.9.7', 'challengePassword');\n_IN('1.2.840.113549.1.9.8', 'unstructuredAddress');\n_IN('1.2.840.113549.1.9.14', 'extensionRequest');\n\n_IN('1.2.840.113549.1.9.20', 'friendlyName');\n_IN('1.2.840.113549.1.9.21', 'localKeyId');\n_IN('1.2.840.113549.1.9.22.1', 'x509Certificate');\n\n// pkcs#12 safe bags\n_IN('1.2.840.113549.1.12.10.1.1', 'keyBag');\n_IN('1.2.840.113549.1.12.10.1.2', 'pkcs8ShroudedKeyBag');\n_IN('1.2.840.113549.1.12.10.1.3', 'certBag');\n_IN('1.2.840.113549.1.12.10.1.4', 'crlBag');\n_IN('1.2.840.113549.1.12.10.1.5', 'secretBag');\n_IN('1.2.840.113549.1.12.10.1.6', 'safeContentsBag');\n\n// password-based-encryption for pkcs#12\n_IN('1.2.840.113549.1.5.13', 'pkcs5PBES2');\n_IN('1.2.840.113549.1.5.12', 'pkcs5PBKDF2');\n\n_IN('1.2.840.113549.1.12.1.1', 'pbeWithSHAAnd128BitRC4');\n_IN('1.2.840.113549.1.12.1.2', 'pbeWithSHAAnd40BitRC4');\n_IN('1.2.840.113549.1.12.1.3', 'pbeWithSHAAnd3-KeyTripleDES-CBC');\n_IN('1.2.840.113549.1.12.1.4', 'pbeWithSHAAnd2-KeyTripleDES-CBC');\n_IN('1.2.840.113549.1.12.1.5', 'pbeWithSHAAnd128BitRC2-CBC');\n_IN('1.2.840.113549.1.12.1.6', 'pbewithSHAAnd40BitRC2-CBC');\n\n// hmac OIDs\n_IN('1.2.840.113549.2.7', 'hmacWithSHA1');\n_IN('1.2.840.113549.2.8', 'hmacWithSHA224');\n_IN('1.2.840.113549.2.9', 'hmacWithSHA256');\n_IN('1.2.840.113549.2.10', 'hmacWithSHA384');\n_IN('1.2.840.113549.2.11', 'hmacWithSHA512');\n\n// symmetric key algorithm oids\n_IN('1.2.840.113549.3.7', 'des-EDE3-CBC');\n_IN('2.16.840.1.101.3.4.1.2', 'aes128-CBC');\n_IN('2.16.840.1.101.3.4.1.22', 'aes192-CBC');\n_IN('2.16.840.1.101.3.4.1.42', 'aes256-CBC');\n\n// certificate issuer/subject OIDs\n_IN('2.5.4.3', 'commonName');\n_IN('2.5.4.4', 'surname');\n_IN('2.5.4.5', 'serialNumber');\n_IN('2.5.4.6', 'countryName');\n_IN('2.5.4.7', 'localityName');\n_IN('2.5.4.8', 'stateOrProvinceName');\n_IN('2.5.4.9', 'streetAddress');\n_IN('2.5.4.10', 'organizationName');\n_IN('2.5.4.11', 'organizationalUnitName');\n_IN('2.5.4.12', 'title');\n_IN('2.5.4.13', 'description');\n_IN('2.5.4.15', 'businessCategory');\n_IN('2.5.4.17', 'postalCode');\n_IN('2.5.4.42', 'givenName');\n_IN('1.3.6.1.4.1.311.60.2.1.2', 'jurisdictionOfIncorporationStateOrProvinceName');\n_IN('1.3.6.1.4.1.311.60.2.1.3', 'jurisdictionOfIncorporationCountryName');\n\n// X.509 extension OIDs\n_IN('2.16.840.1.113730.1.1', 'nsCertType');\n_IN('2.16.840.1.113730.1.13', 'nsComment'); // deprecated in theory; still widely used\n_I_('2.5.29.1', 'authorityKeyIdentifier'); // deprecated, use .35\n_I_('2.5.29.2', 'keyAttributes'); // obsolete use .37 or .15\n_I_('2.5.29.3', 'certificatePolicies'); // deprecated, use .32\n_I_('2.5.29.4', 'keyUsageRestriction'); // obsolete use .37 or .15\n_I_('2.5.29.5', 'policyMapping'); // deprecated use .33\n_I_('2.5.29.6', 'subtreesConstraint'); // obsolete use .30\n_I_('2.5.29.7', 'subjectAltName'); // deprecated use .17\n_I_('2.5.29.8', 'issuerAltName'); // deprecated use .18\n_I_('2.5.29.9', 'subjectDirectoryAttributes');\n_I_('2.5.29.10', 'basicConstraints'); // deprecated use .19\n_I_('2.5.29.11', 'nameConstraints'); // deprecated use .30\n_I_('2.5.29.12', 'policyConstraints'); // deprecated use .36\n_I_('2.5.29.13', 'basicConstraints'); // deprecated use .19\n_IN('2.5.29.14', 'subjectKeyIdentifier');\n_IN('2.5.29.15', 'keyUsage');\n_I_('2.5.29.16', 'privateKeyUsagePeriod');\n_IN('2.5.29.17', 'subjectAltName');\n_IN('2.5.29.18', 'issuerAltName');\n_IN('2.5.29.19', 'basicConstraints');\n_I_('2.5.29.20', 'cRLNumber');\n_I_('2.5.29.21', 'cRLReason');\n_I_('2.5.29.22', 'expirationDate');\n_I_('2.5.29.23', 'instructionCode');\n_I_('2.5.29.24', 'invalidityDate');\n_I_('2.5.29.25', 'cRLDistributionPoints'); // deprecated use .31\n_I_('2.5.29.26', 'issuingDistributionPoint'); // deprecated use .28\n_I_('2.5.29.27', 'deltaCRLIndicator');\n_I_('2.5.29.28', 'issuingDistributionPoint');\n_I_('2.5.29.29', 'certificateIssuer');\n_I_('2.5.29.30', 'nameConstraints');\n_IN('2.5.29.31', 'cRLDistributionPoints');\n_IN('2.5.29.32', 'certificatePolicies');\n_I_('2.5.29.33', 'policyMappings');\n_I_('2.5.29.34', 'policyConstraints'); // deprecated use .36\n_IN('2.5.29.35', 'authorityKeyIdentifier');\n_I_('2.5.29.36', 'policyConstraints');\n_IN('2.5.29.37', 'extKeyUsage');\n_I_('2.5.29.46', 'freshestCRL');\n_I_('2.5.29.54', 'inhibitAnyPolicy');\n\n// extKeyUsage purposes\n_IN('1.3.6.1.4.1.11129.2.4.2', 'timestampList');\n_IN('1.3.6.1.5.5.7.1.1', 'authorityInfoAccess');\n_IN('1.3.6.1.5.5.7.3.1', 'serverAuth');\n_IN('1.3.6.1.5.5.7.3.2', 'clientAuth');\n_IN('1.3.6.1.5.5.7.3.3', 'codeSigning');\n_IN('1.3.6.1.5.5.7.3.4', 'emailProtection');\n_IN('1.3.6.1.5.5.7.3.8', 'timeStamping');\n","/**\n * Javascript implementation of Abstract Syntax Notation Number One.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2015 Digital Bazaar, Inc.\n *\n * An API for storing data using the Abstract Syntax Notation Number One\n * format using DER (Distinguished Encoding Rules) encoding. This encoding is\n * commonly used to store data for PKI, i.e. X.509 Certificates, and this\n * implementation exists for that purpose.\n *\n * Abstract Syntax Notation Number One (ASN.1) is used to define the abstract\n * syntax of information without restricting the way the information is encoded\n * for transmission. It provides a standard that allows for open systems\n * communication. ASN.1 defines the syntax of information data and a number of\n * simple data types as well as a notation for describing them and specifying\n * values for them.\n *\n * The RSA algorithm creates public and private keys that are often stored in\n * X.509 or PKCS#X formats -- which use ASN.1 (encoded in DER format). This\n * class provides the most basic functionality required to store and load DSA\n * keys that are encoded according to ASN.1.\n *\n * The most common binary encodings for ASN.1 are BER (Basic Encoding Rules)\n * and DER (Distinguished Encoding Rules). DER is just a subset of BER that\n * has stricter requirements for how data must be encoded.\n *\n * Each ASN.1 structure has a tag (a byte identifying the ASN.1 structure type)\n * and a byte array for the value of this ASN1 structure which may be data or a\n * list of ASN.1 structures.\n *\n * Each ASN.1 structure using BER is (Tag-Length-Value):\n *\n * | byte 0 | bytes X | bytes Y |\n * |--------|---------|----------\n * | tag | length | value |\n *\n * ASN.1 allows for tags to be of \"High-tag-number form\" which allows a tag to\n * be two or more octets, but that is not supported by this class. A tag is\n * only 1 byte. Bits 1-5 give the tag number (ie the data type within a\n * particular 'class'), 6 indicates whether or not the ASN.1 value is\n * constructed from other ASN.1 values, and bits 7 and 8 give the 'class'. If\n * bits 7 and 8 are both zero, the class is UNIVERSAL. If only bit 7 is set,\n * then the class is APPLICATION. If only bit 8 is set, then the class is\n * CONTEXT_SPECIFIC. If both bits 7 and 8 are set, then the class is PRIVATE.\n * The tag numbers for the data types for the class UNIVERSAL are listed below:\n *\n * UNIVERSAL 0 Reserved for use by the encoding rules\n * UNIVERSAL 1 Boolean type\n * UNIVERSAL 2 Integer type\n * UNIVERSAL 3 Bitstring type\n * UNIVERSAL 4 Octetstring type\n * UNIVERSAL 5 Null type\n * UNIVERSAL 6 Object identifier type\n * UNIVERSAL 7 Object descriptor type\n * UNIVERSAL 8 External type and Instance-of type\n * UNIVERSAL 9 Real type\n * UNIVERSAL 10 Enumerated type\n * UNIVERSAL 11 Embedded-pdv type\n * UNIVERSAL 12 UTF8String type\n * UNIVERSAL 13 Relative object identifier type\n * UNIVERSAL 14-15 Reserved for future editions\n * UNIVERSAL 16 Sequence and Sequence-of types\n * UNIVERSAL 17 Set and Set-of types\n * UNIVERSAL 18-22, 25-30 Character string types\n * UNIVERSAL 23-24 Time types\n *\n * The length of an ASN.1 structure is specified after the tag identifier.\n * There is a definite form and an indefinite form. The indefinite form may\n * be used if the encoding is constructed and not all immediately available.\n * The indefinite form is encoded using a length byte with only the 8th bit\n * set. The end of the constructed object is marked using end-of-contents\n * octets (two zero bytes).\n *\n * The definite form looks like this:\n *\n * The length may take up 1 or more bytes, it depends on the length of the\n * value of the ASN.1 structure. DER encoding requires that if the ASN.1\n * structure has a value that has a length greater than 127, more than 1 byte\n * will be used to store its length, otherwise just one byte will be used.\n * This is strict.\n *\n * In the case that the length of the ASN.1 value is less than 127, 1 octet\n * (byte) is used to store the \"short form\" length. The 8th bit has a value of\n * 0 indicating the length is \"short form\" and not \"long form\" and bits 7-1\n * give the length of the data. (The 8th bit is the left-most, most significant\n * bit: also known as big endian or network format).\n *\n * In the case that the length of the ASN.1 value is greater than 127, 2 to\n * 127 octets (bytes) are used to store the \"long form\" length. The first\n * byte's 8th bit is set to 1 to indicate the length is \"long form.\" Bits 7-1\n * give the number of additional octets. All following octets are in base 256\n * with the most significant digit first (typical big-endian binary unsigned\n * integer storage). So, for instance, if the length of a value was 257, the\n * first byte would be set to:\n *\n * 10000010 = 130 = 0x82.\n *\n * This indicates there are 2 octets (base 256) for the length. The second and\n * third bytes (the octets just mentioned) would store the length in base 256:\n *\n * octet 2: 00000001 = 1 * 256^1 = 256\n * octet 3: 00000001 = 1 * 256^0 = 1\n * total = 257\n *\n * The algorithm for converting a js integer value of 257 to base-256 is:\n *\n * var value = 257;\n * var bytes = [];\n * bytes[0] = (value >>> 8) & 0xFF; // most significant byte first\n * bytes[1] = value & 0xFF; // least significant byte last\n *\n * On the ASN.1 UNIVERSAL Object Identifier (OID) type:\n *\n * An OID can be written like: \"value1.value2.value3...valueN\"\n *\n * The DER encoding rules:\n *\n * The first byte has the value 40 * value1 + value2.\n * The following bytes, if any, encode the remaining values. Each value is\n * encoded in base 128, most significant digit first (big endian), with as\n * few digits as possible, and the most significant bit of each byte set\n * to 1 except the last in each value's encoding. For example: Given the\n * OID \"1.2.840.113549\", its DER encoding is (remember each byte except the\n * last one in each encoding is OR'd with 0x80):\n *\n * byte 1: 40 * 1 + 2 = 42 = 0x2A.\n * bytes 2-3: 128 * 6 + 72 = 840 = 6 72 = 6 72 = 0x0648 = 0x8648\n * bytes 4-6: 16384 * 6 + 128 * 119 + 13 = 6 119 13 = 0x06770D = 0x86F70D\n *\n * The final value is: 0x2A864886F70D.\n * The full OID (including ASN.1 tag and length of 6 bytes) is:\n * 0x06062A864886F70D\n */\nvar forge = require('./forge');\nrequire('./util');\nrequire('./oids');\n\n/* ASN.1 API */\nvar asn1 = module.exports = forge.asn1 = forge.asn1 || {};\n\n/**\n * ASN.1 classes.\n */\nasn1.Class = {\n UNIVERSAL: 0x00,\n APPLICATION: 0x40,\n CONTEXT_SPECIFIC: 0x80,\n PRIVATE: 0xC0\n};\n\n/**\n * ASN.1 types. Not all types are supported by this implementation, only\n * those necessary to implement a simple PKI are implemented.\n */\nasn1.Type = {\n NONE: 0,\n BOOLEAN: 1,\n INTEGER: 2,\n BITSTRING: 3,\n OCTETSTRING: 4,\n NULL: 5,\n OID: 6,\n ODESC: 7,\n EXTERNAL: 8,\n REAL: 9,\n ENUMERATED: 10,\n EMBEDDED: 11,\n UTF8: 12,\n ROID: 13,\n SEQUENCE: 16,\n SET: 17,\n PRINTABLESTRING: 19,\n IA5STRING: 22,\n UTCTIME: 23,\n GENERALIZEDTIME: 24,\n BMPSTRING: 30\n};\n\n/**\n * Creates a new asn1 object.\n *\n * @param tagClass the tag class for the object.\n * @param type the data type (tag number) for the object.\n * @param constructed true if the asn1 object is in constructed form.\n * @param value the value for the object, if it is not constructed.\n * @param [options] the options to use:\n * [bitStringContents] the plain BIT STRING content including padding\n * byte.\n *\n * @return the asn1 object.\n */\nasn1.create = function(tagClass, type, constructed, value, options) {\n /* An asn1 object has a tagClass, a type, a constructed flag, and a\n value. The value's type depends on the constructed flag. If\n constructed, it will contain a list of other asn1 objects. If not,\n it will contain the ASN.1 value as an array of bytes formatted\n according to the ASN.1 data type. */\n\n // remove undefined values\n if(forge.util.isArray(value)) {\n var tmp = [];\n for(var i = 0; i < value.length; ++i) {\n if(value[i] !== undefined) {\n tmp.push(value[i]);\n }\n }\n value = tmp;\n }\n\n var obj = {\n tagClass: tagClass,\n type: type,\n constructed: constructed,\n composed: constructed || forge.util.isArray(value),\n value: value\n };\n if(options && 'bitStringContents' in options) {\n // TODO: copy byte buffer if it's a buffer not a string\n obj.bitStringContents = options.bitStringContents;\n // TODO: add readonly flag to avoid this overhead\n // save copy to detect changes\n obj.original = asn1.copy(obj);\n }\n return obj;\n};\n\n/**\n * Copies an asn1 object.\n *\n * @param obj the asn1 object.\n * @param [options] copy options:\n * [excludeBitStringContents] true to not copy bitStringContents\n *\n * @return the a copy of the asn1 object.\n */\nasn1.copy = function(obj, options) {\n var copy;\n\n if(forge.util.isArray(obj)) {\n copy = [];\n for(var i = 0; i < obj.length; ++i) {\n copy.push(asn1.copy(obj[i], options));\n }\n return copy;\n }\n\n if(typeof obj === 'string') {\n // TODO: copy byte buffer if it's a buffer not a string\n return obj;\n }\n\n copy = {\n tagClass: obj.tagClass,\n type: obj.type,\n constructed: obj.constructed,\n composed: obj.composed,\n value: asn1.copy(obj.value, options)\n };\n if(options && !options.excludeBitStringContents) {\n // TODO: copy byte buffer if it's a buffer not a string\n copy.bitStringContents = obj.bitStringContents;\n }\n return copy;\n};\n\n/**\n * Compares asn1 objects for equality.\n *\n * Note this function does not run in constant time.\n *\n * @param obj1 the first asn1 object.\n * @param obj2 the second asn1 object.\n * @param [options] compare options:\n * [includeBitStringContents] true to compare bitStringContents\n *\n * @return true if the asn1 objects are equal.\n */\nasn1.equals = function(obj1, obj2, options) {\n if(forge.util.isArray(obj1)) {\n if(!forge.util.isArray(obj2)) {\n return false;\n }\n if(obj1.length !== obj2.length) {\n return false;\n }\n for(var i = 0; i < obj1.length; ++i) {\n if(!asn1.equals(obj1[i], obj2[i])) {\n return false;\n }\n }\n return true;\n }\n\n if(typeof obj1 !== typeof obj2) {\n return false;\n }\n\n if(typeof obj1 === 'string') {\n return obj1 === obj2;\n }\n\n var equal = obj1.tagClass === obj2.tagClass &&\n obj1.type === obj2.type &&\n obj1.constructed === obj2.constructed &&\n obj1.composed === obj2.composed &&\n asn1.equals(obj1.value, obj2.value);\n if(options && options.includeBitStringContents) {\n equal = equal && (obj1.bitStringContents === obj2.bitStringContents);\n }\n\n return equal;\n};\n\n/**\n * Gets the length of a BER-encoded ASN.1 value.\n *\n * In case the length is not specified, undefined is returned.\n *\n * @param b the BER-encoded ASN.1 byte buffer, starting with the first\n * length byte.\n *\n * @return the length of the BER-encoded ASN.1 value or undefined.\n */\nasn1.getBerValueLength = function(b) {\n // TODO: move this function and related DER/BER functions to a der.js\n // file; better abstract ASN.1 away from der/ber.\n var b2 = b.getByte();\n if(b2 === 0x80) {\n return undefined;\n }\n\n // see if the length is \"short form\" or \"long form\" (bit 8 set)\n var length;\n var longForm = b2 & 0x80;\n if(!longForm) {\n // length is just the first byte\n length = b2;\n } else {\n // the number of bytes the length is specified in bits 7 through 1\n // and each length byte is in big-endian base-256\n length = b.getInt((b2 & 0x7F) << 3);\n }\n return length;\n};\n\n/**\n * Check if the byte buffer has enough bytes. Throws an Error if not.\n *\n * @param bytes the byte buffer to parse from.\n * @param remaining the bytes remaining in the current parsing state.\n * @param n the number of bytes the buffer must have.\n */\nfunction _checkBufferLength(bytes, remaining, n) {\n if(n > remaining) {\n var error = new Error('Too few bytes to parse DER.');\n error.available = bytes.length();\n error.remaining = remaining;\n error.requested = n;\n throw error;\n }\n}\n\n/**\n * Gets the length of a BER-encoded ASN.1 value.\n *\n * In case the length is not specified, undefined is returned.\n *\n * @param bytes the byte buffer to parse from.\n * @param remaining the bytes remaining in the current parsing state.\n *\n * @return the length of the BER-encoded ASN.1 value or undefined.\n */\nvar _getValueLength = function(bytes, remaining) {\n // TODO: move this function and related DER/BER functions to a der.js\n // file; better abstract ASN.1 away from der/ber.\n // fromDer already checked that this byte exists\n var b2 = bytes.getByte();\n remaining--;\n if(b2 === 0x80) {\n return undefined;\n }\n\n // see if the length is \"short form\" or \"long form\" (bit 8 set)\n var length;\n var longForm = b2 & 0x80;\n if(!longForm) {\n // length is just the first byte\n length = b2;\n } else {\n // the number of bytes the length is specified in bits 7 through 1\n // and each length byte is in big-endian base-256\n var longFormBytes = b2 & 0x7F;\n _checkBufferLength(bytes, remaining, longFormBytes);\n length = bytes.getInt(longFormBytes << 3);\n }\n // FIXME: this will only happen for 32 bit getInt with high bit set\n if(length < 0) {\n throw new Error('Negative length: ' + length);\n }\n return length;\n};\n\n/**\n * Parses an asn1 object from a byte buffer in DER format.\n *\n * @param bytes the byte buffer to parse from.\n * @param [strict] true to be strict when checking value lengths, false to\n * allow truncated values (default: true).\n * @param [options] object with options or boolean strict flag\n * [strict] true to be strict when checking value lengths, false to\n * allow truncated values (default: true).\n * [parseAllBytes] true to ensure all bytes are parsed\n * (default: true)\n * [decodeBitStrings] true to attempt to decode the content of\n * BIT STRINGs (not OCTET STRINGs) using strict mode. Note that\n * without schema support to understand the data context this can\n * erroneously decode values that happen to be valid ASN.1. This\n * flag will be deprecated or removed as soon as schema support is\n * available. (default: true)\n *\n * @throws Will throw an error for various malformed input conditions.\n *\n * @return the parsed asn1 object.\n */\nasn1.fromDer = function(bytes, options) {\n if(options === undefined) {\n options = {\n strict: true,\n parseAllBytes: true,\n decodeBitStrings: true\n };\n }\n if(typeof options === 'boolean') {\n options = {\n strict: options,\n parseAllBytes: true,\n decodeBitStrings: true\n };\n }\n if(!('strict' in options)) {\n options.strict = true;\n }\n if(!('parseAllBytes' in options)) {\n options.parseAllBytes = true;\n }\n if(!('decodeBitStrings' in options)) {\n options.decodeBitStrings = true;\n }\n\n // wrap in buffer if needed\n if(typeof bytes === 'string') {\n bytes = forge.util.createBuffer(bytes);\n }\n\n var byteCount = bytes.length();\n var value = _fromDer(bytes, bytes.length(), 0, options);\n if(options.parseAllBytes && bytes.length() !== 0) {\n var error = new Error('Unparsed DER bytes remain after ASN.1 parsing.');\n error.byteCount = byteCount;\n error.remaining = bytes.length();\n throw error;\n }\n return value;\n};\n\n/**\n * Internal function to parse an asn1 object from a byte buffer in DER format.\n *\n * @param bytes the byte buffer to parse from.\n * @param remaining the number of bytes remaining for this chunk.\n * @param depth the current parsing depth.\n * @param options object with same options as fromDer().\n *\n * @return the parsed asn1 object.\n */\nfunction _fromDer(bytes, remaining, depth, options) {\n // temporary storage for consumption calculations\n var start;\n\n // minimum length for ASN.1 DER structure is 2\n _checkBufferLength(bytes, remaining, 2);\n\n // get the first byte\n var b1 = bytes.getByte();\n // consumed one byte\n remaining--;\n\n // get the tag class\n var tagClass = (b1 & 0xC0);\n\n // get the type (bits 1-5)\n var type = b1 & 0x1F;\n\n // get the variable value length and adjust remaining bytes\n start = bytes.length();\n var length = _getValueLength(bytes, remaining);\n remaining -= start - bytes.length();\n\n // ensure there are enough bytes to get the value\n if(length !== undefined && length > remaining) {\n if(options.strict) {\n var error = new Error('Too few bytes to read ASN.1 value.');\n error.available = bytes.length();\n error.remaining = remaining;\n error.requested = length;\n throw error;\n }\n // Note: be lenient with truncated values and use remaining state bytes\n length = remaining;\n }\n\n // value storage\n var value;\n // possible BIT STRING contents storage\n var bitStringContents;\n\n // constructed flag is bit 6 (32 = 0x20) of the first byte\n var constructed = ((b1 & 0x20) === 0x20);\n if(constructed) {\n // parse child asn1 objects from the value\n value = [];\n if(length === undefined) {\n // asn1 object of indefinite length, read until end tag\n for(;;) {\n _checkBufferLength(bytes, remaining, 2);\n if(bytes.bytes(2) === String.fromCharCode(0, 0)) {\n bytes.getBytes(2);\n remaining -= 2;\n break;\n }\n start = bytes.length();\n value.push(_fromDer(bytes, remaining, depth + 1, options));\n remaining -= start - bytes.length();\n }\n } else {\n // parsing asn1 object of definite length\n while(length > 0) {\n start = bytes.length();\n value.push(_fromDer(bytes, length, depth + 1, options));\n remaining -= start - bytes.length();\n length -= start - bytes.length();\n }\n }\n }\n\n // if a BIT STRING, save the contents including padding\n if(value === undefined && tagClass === asn1.Class.UNIVERSAL &&\n type === asn1.Type.BITSTRING) {\n bitStringContents = bytes.bytes(length);\n }\n\n // determine if a non-constructed value should be decoded as a composed\n // value that contains other ASN.1 objects. BIT STRINGs (and OCTET STRINGs)\n // can be used this way.\n if(value === undefined && options.decodeBitStrings &&\n tagClass === asn1.Class.UNIVERSAL &&\n // FIXME: OCTET STRINGs not yet supported here\n // .. other parts of forge expect to decode OCTET STRINGs manually\n (type === asn1.Type.BITSTRING /*|| type === asn1.Type.OCTETSTRING*/) &&\n length > 1) {\n // save read position\n var savedRead = bytes.read;\n var savedRemaining = remaining;\n var unused = 0;\n if(type === asn1.Type.BITSTRING) {\n /* The first octet gives the number of bits by which the length of the\n bit string is less than the next multiple of eight (this is called\n the \"number of unused bits\").\n\n The second and following octets give the value of the bit string\n converted to an octet string. */\n _checkBufferLength(bytes, remaining, 1);\n unused = bytes.getByte();\n remaining--;\n }\n // if all bits are used, maybe the BIT/OCTET STRING holds ASN.1 objs\n if(unused === 0) {\n try {\n // attempt to parse child asn1 object from the value\n // (stored in array to signal composed value)\n start = bytes.length();\n var subOptions = {\n // enforce strict mode to avoid parsing ASN.1 from plain data\n strict: true,\n decodeBitStrings: true\n };\n var composed = _fromDer(bytes, remaining, depth + 1, subOptions);\n var used = start - bytes.length();\n remaining -= used;\n if(type == asn1.Type.BITSTRING) {\n used++;\n }\n\n // if the data all decoded and the class indicates UNIVERSAL or\n // CONTEXT_SPECIFIC then assume we've got an encapsulated ASN.1 object\n var tc = composed.tagClass;\n if(used === length &&\n (tc === asn1.Class.UNIVERSAL || tc === asn1.Class.CONTEXT_SPECIFIC)) {\n value = [composed];\n }\n } catch(ex) {\n }\n }\n if(value === undefined) {\n // restore read position\n bytes.read = savedRead;\n remaining = savedRemaining;\n }\n }\n\n if(value === undefined) {\n // asn1 not constructed or composed, get raw value\n // TODO: do DER to OID conversion and vice-versa in .toDer?\n\n if(length === undefined) {\n if(options.strict) {\n throw new Error('Non-constructed ASN.1 object of indefinite length.');\n }\n // be lenient and use remaining state bytes\n length = remaining;\n }\n\n if(type === asn1.Type.BMPSTRING) {\n value = '';\n for(; length > 0; length -= 2) {\n _checkBufferLength(bytes, remaining, 2);\n value += String.fromCharCode(bytes.getInt16());\n remaining -= 2;\n }\n } else {\n value = bytes.getBytes(length);\n remaining -= length;\n }\n }\n\n // add BIT STRING contents if available\n var asn1Options = bitStringContents === undefined ? null : {\n bitStringContents: bitStringContents\n };\n\n // create and return asn1 object\n return asn1.create(tagClass, type, constructed, value, asn1Options);\n}\n\n/**\n * Converts the given asn1 object to a buffer of bytes in DER format.\n *\n * @param asn1 the asn1 object to convert to bytes.\n *\n * @return the buffer of bytes.\n */\nasn1.toDer = function(obj) {\n var bytes = forge.util.createBuffer();\n\n // build the first byte\n var b1 = obj.tagClass | obj.type;\n\n // for storing the ASN.1 value\n var value = forge.util.createBuffer();\n\n // use BIT STRING contents if available and data not changed\n var useBitStringContents = false;\n if('bitStringContents' in obj) {\n useBitStringContents = true;\n if(obj.original) {\n useBitStringContents = asn1.equals(obj, obj.original);\n }\n }\n\n if(useBitStringContents) {\n value.putBytes(obj.bitStringContents);\n } else if(obj.composed) {\n // if composed, use each child asn1 object's DER bytes as value\n // turn on 6th bit (0x20 = 32) to indicate asn1 is constructed\n // from other asn1 objects\n if(obj.constructed) {\n b1 |= 0x20;\n } else {\n // type is a bit string, add unused bits of 0x00\n value.putByte(0x00);\n }\n\n // add all of the child DER bytes together\n for(var i = 0; i < obj.value.length; ++i) {\n if(obj.value[i] !== undefined) {\n value.putBuffer(asn1.toDer(obj.value[i]));\n }\n }\n } else {\n // use asn1.value directly\n if(obj.type === asn1.Type.BMPSTRING) {\n for(var i = 0; i < obj.value.length; ++i) {\n value.putInt16(obj.value.charCodeAt(i));\n }\n } else {\n // ensure integer is minimally-encoded\n // TODO: should all leading bytes be stripped vs just one?\n // .. ex '00 00 01' => '01'?\n if(obj.type === asn1.Type.INTEGER &&\n obj.value.length > 1 &&\n // leading 0x00 for positive integer\n ((obj.value.charCodeAt(0) === 0 &&\n (obj.value.charCodeAt(1) & 0x80) === 0) ||\n // leading 0xFF for negative integer\n (obj.value.charCodeAt(0) === 0xFF &&\n (obj.value.charCodeAt(1) & 0x80) === 0x80))) {\n value.putBytes(obj.value.substr(1));\n } else {\n value.putBytes(obj.value);\n }\n }\n }\n\n // add tag byte\n bytes.putByte(b1);\n\n // use \"short form\" encoding\n if(value.length() <= 127) {\n // one byte describes the length\n // bit 8 = 0 and bits 7-1 = length\n bytes.putByte(value.length() & 0x7F);\n } else {\n // use \"long form\" encoding\n // 2 to 127 bytes describe the length\n // first byte: bit 8 = 1 and bits 7-1 = # of additional bytes\n // other bytes: length in base 256, big-endian\n var len = value.length();\n var lenBytes = '';\n do {\n lenBytes += String.fromCharCode(len & 0xFF);\n len = len >>> 8;\n } while(len > 0);\n\n // set first byte to # bytes used to store the length and turn on\n // bit 8 to indicate long-form length is used\n bytes.putByte(lenBytes.length | 0x80);\n\n // concatenate length bytes in reverse since they were generated\n // little endian and we need big endian\n for(var i = lenBytes.length - 1; i >= 0; --i) {\n bytes.putByte(lenBytes.charCodeAt(i));\n }\n }\n\n // concatenate value bytes\n bytes.putBuffer(value);\n return bytes;\n};\n\n/**\n * Converts an OID dot-separated string to a byte buffer. The byte buffer\n * contains only the DER-encoded value, not any tag or length bytes.\n *\n * @param oid the OID dot-separated string.\n *\n * @return the byte buffer.\n */\nasn1.oidToDer = function(oid) {\n // split OID into individual values\n var values = oid.split('.');\n var bytes = forge.util.createBuffer();\n\n // first byte is 40 * value1 + value2\n bytes.putByte(40 * parseInt(values[0], 10) + parseInt(values[1], 10));\n // other bytes are each value in base 128 with 8th bit set except for\n // the last byte for each value\n var last, valueBytes, value, b;\n for(var i = 2; i < values.length; ++i) {\n // produce value bytes in reverse because we don't know how many\n // bytes it will take to store the value\n last = true;\n valueBytes = [];\n value = parseInt(values[i], 10);\n do {\n b = value & 0x7F;\n value = value >>> 7;\n // if value is not last, then turn on 8th bit\n if(!last) {\n b |= 0x80;\n }\n valueBytes.push(b);\n last = false;\n } while(value > 0);\n\n // add value bytes in reverse (needs to be in big endian)\n for(var n = valueBytes.length - 1; n >= 0; --n) {\n bytes.putByte(valueBytes[n]);\n }\n }\n\n return bytes;\n};\n\n/**\n * Converts a DER-encoded byte buffer to an OID dot-separated string. The\n * byte buffer should contain only the DER-encoded value, not any tag or\n * length bytes.\n *\n * @param bytes the byte buffer.\n *\n * @return the OID dot-separated string.\n */\nasn1.derToOid = function(bytes) {\n var oid;\n\n // wrap in buffer if needed\n if(typeof bytes === 'string') {\n bytes = forge.util.createBuffer(bytes);\n }\n\n // first byte is 40 * value1 + value2\n var b = bytes.getByte();\n oid = Math.floor(b / 40) + '.' + (b % 40);\n\n // other bytes are each value in base 128 with 8th bit set except for\n // the last byte for each value\n var value = 0;\n while(bytes.length() > 0) {\n b = bytes.getByte();\n value = value << 7;\n // not the last byte for the value\n if(b & 0x80) {\n value += b & 0x7F;\n } else {\n // last byte\n oid += '.' + (value + b);\n value = 0;\n }\n }\n\n return oid;\n};\n\n/**\n * Converts a UTCTime value to a date.\n *\n * Note: GeneralizedTime has 4 digits for the year and is used for X.509\n * dates past 2049. Parsing that structure hasn't been implemented yet.\n *\n * @param utc the UTCTime value to convert.\n *\n * @return the date.\n */\nasn1.utcTimeToDate = function(utc) {\n /* The following formats can be used:\n\n YYMMDDhhmmZ\n YYMMDDhhmm+hh'mm'\n YYMMDDhhmm-hh'mm'\n YYMMDDhhmmssZ\n YYMMDDhhmmss+hh'mm'\n YYMMDDhhmmss-hh'mm'\n\n Where:\n\n YY is the least significant two digits of the year\n MM is the month (01 to 12)\n DD is the day (01 to 31)\n hh is the hour (00 to 23)\n mm are the minutes (00 to 59)\n ss are the seconds (00 to 59)\n Z indicates that local time is GMT, + indicates that local time is\n later than GMT, and - indicates that local time is earlier than GMT\n hh' is the absolute value of the offset from GMT in hours\n mm' is the absolute value of the offset from GMT in minutes */\n var date = new Date();\n\n // if YY >= 50 use 19xx, if YY < 50 use 20xx\n var year = parseInt(utc.substr(0, 2), 10);\n year = (year >= 50) ? 1900 + year : 2000 + year;\n var MM = parseInt(utc.substr(2, 2), 10) - 1; // use 0-11 for month\n var DD = parseInt(utc.substr(4, 2), 10);\n var hh = parseInt(utc.substr(6, 2), 10);\n var mm = parseInt(utc.substr(8, 2), 10);\n var ss = 0;\n\n // not just YYMMDDhhmmZ\n if(utc.length > 11) {\n // get character after minutes\n var c = utc.charAt(10);\n var end = 10;\n\n // see if seconds are present\n if(c !== '+' && c !== '-') {\n // get seconds\n ss = parseInt(utc.substr(10, 2), 10);\n end += 2;\n }\n }\n\n // update date\n date.setUTCFullYear(year, MM, DD);\n date.setUTCHours(hh, mm, ss, 0);\n\n if(end) {\n // get +/- after end of time\n c = utc.charAt(end);\n if(c === '+' || c === '-') {\n // get hours+minutes offset\n var hhoffset = parseInt(utc.substr(end + 1, 2), 10);\n var mmoffset = parseInt(utc.substr(end + 4, 2), 10);\n\n // calculate offset in milliseconds\n var offset = hhoffset * 60 + mmoffset;\n offset *= 60000;\n\n // apply offset\n if(c === '+') {\n date.setTime(+date - offset);\n } else {\n date.setTime(+date + offset);\n }\n }\n }\n\n return date;\n};\n\n/**\n * Converts a GeneralizedTime value to a date.\n *\n * @param gentime the GeneralizedTime value to convert.\n *\n * @return the date.\n */\nasn1.generalizedTimeToDate = function(gentime) {\n /* The following formats can be used:\n\n YYYYMMDDHHMMSS\n YYYYMMDDHHMMSS.fff\n YYYYMMDDHHMMSSZ\n YYYYMMDDHHMMSS.fffZ\n YYYYMMDDHHMMSS+hh'mm'\n YYYYMMDDHHMMSS.fff+hh'mm'\n YYYYMMDDHHMMSS-hh'mm'\n YYYYMMDDHHMMSS.fff-hh'mm'\n\n Where:\n\n YYYY is the year\n MM is the month (01 to 12)\n DD is the day (01 to 31)\n hh is the hour (00 to 23)\n mm are the minutes (00 to 59)\n ss are the seconds (00 to 59)\n .fff is the second fraction, accurate to three decimal places\n Z indicates that local time is GMT, + indicates that local time is\n later than GMT, and - indicates that local time is earlier than GMT\n hh' is the absolute value of the offset from GMT in hours\n mm' is the absolute value of the offset from GMT in minutes */\n var date = new Date();\n\n var YYYY = parseInt(gentime.substr(0, 4), 10);\n var MM = parseInt(gentime.substr(4, 2), 10) - 1; // use 0-11 for month\n var DD = parseInt(gentime.substr(6, 2), 10);\n var hh = parseInt(gentime.substr(8, 2), 10);\n var mm = parseInt(gentime.substr(10, 2), 10);\n var ss = parseInt(gentime.substr(12, 2), 10);\n var fff = 0;\n var offset = 0;\n var isUTC = false;\n\n if(gentime.charAt(gentime.length - 1) === 'Z') {\n isUTC = true;\n }\n\n var end = gentime.length - 5, c = gentime.charAt(end);\n if(c === '+' || c === '-') {\n // get hours+minutes offset\n var hhoffset = parseInt(gentime.substr(end + 1, 2), 10);\n var mmoffset = parseInt(gentime.substr(end + 4, 2), 10);\n\n // calculate offset in milliseconds\n offset = hhoffset * 60 + mmoffset;\n offset *= 60000;\n\n // apply offset\n if(c === '+') {\n offset *= -1;\n }\n\n isUTC = true;\n }\n\n // check for second fraction\n if(gentime.charAt(14) === '.') {\n fff = parseFloat(gentime.substr(14), 10) * 1000;\n }\n\n if(isUTC) {\n date.setUTCFullYear(YYYY, MM, DD);\n date.setUTCHours(hh, mm, ss, fff);\n\n // apply offset\n date.setTime(+date + offset);\n } else {\n date.setFullYear(YYYY, MM, DD);\n date.setHours(hh, mm, ss, fff);\n }\n\n return date;\n};\n\n/**\n * Converts a date to a UTCTime value.\n *\n * Note: GeneralizedTime has 4 digits for the year and is used for X.509\n * dates past 2049. Converting to a GeneralizedTime hasn't been\n * implemented yet.\n *\n * @param date the date to convert.\n *\n * @return the UTCTime value.\n */\nasn1.dateToUtcTime = function(date) {\n // TODO: validate; currently assumes proper format\n if(typeof date === 'string') {\n return date;\n }\n\n var rval = '';\n\n // create format YYMMDDhhmmssZ\n var format = [];\n format.push(('' + date.getUTCFullYear()).substr(2));\n format.push('' + (date.getUTCMonth() + 1));\n format.push('' + date.getUTCDate());\n format.push('' + date.getUTCHours());\n format.push('' + date.getUTCMinutes());\n format.push('' + date.getUTCSeconds());\n\n // ensure 2 digits are used for each format entry\n for(var i = 0; i < format.length; ++i) {\n if(format[i].length < 2) {\n rval += '0';\n }\n rval += format[i];\n }\n rval += 'Z';\n\n return rval;\n};\n\n/**\n * Converts a date to a GeneralizedTime value.\n *\n * @param date the date to convert.\n *\n * @return the GeneralizedTime value as a string.\n */\nasn1.dateToGeneralizedTime = function(date) {\n // TODO: validate; currently assumes proper format\n if(typeof date === 'string') {\n return date;\n }\n\n var rval = '';\n\n // create format YYYYMMDDHHMMSSZ\n var format = [];\n format.push('' + date.getUTCFullYear());\n format.push('' + (date.getUTCMonth() + 1));\n format.push('' + date.getUTCDate());\n format.push('' + date.getUTCHours());\n format.push('' + date.getUTCMinutes());\n format.push('' + date.getUTCSeconds());\n\n // ensure 2 digits are used for each format entry\n for(var i = 0; i < format.length; ++i) {\n if(format[i].length < 2) {\n rval += '0';\n }\n rval += format[i];\n }\n rval += 'Z';\n\n return rval;\n};\n\n/**\n * Converts a javascript integer to a DER-encoded byte buffer to be used\n * as the value for an INTEGER type.\n *\n * @param x the integer.\n *\n * @return the byte buffer.\n */\nasn1.integerToDer = function(x) {\n var rval = forge.util.createBuffer();\n if(x >= -0x80 && x < 0x80) {\n return rval.putSignedInt(x, 8);\n }\n if(x >= -0x8000 && x < 0x8000) {\n return rval.putSignedInt(x, 16);\n }\n if(x >= -0x800000 && x < 0x800000) {\n return rval.putSignedInt(x, 24);\n }\n if(x >= -0x80000000 && x < 0x80000000) {\n return rval.putSignedInt(x, 32);\n }\n var error = new Error('Integer too large; max is 32-bits.');\n error.integer = x;\n throw error;\n};\n\n/**\n * Converts a DER-encoded byte buffer to a javascript integer. This is\n * typically used to decode the value of an INTEGER type.\n *\n * @param bytes the byte buffer.\n *\n * @return the integer.\n */\nasn1.derToInteger = function(bytes) {\n // wrap in buffer if needed\n if(typeof bytes === 'string') {\n bytes = forge.util.createBuffer(bytes);\n }\n\n var n = bytes.length() * 8;\n if(n > 32) {\n throw new Error('Integer too large; max is 32-bits.');\n }\n return bytes.getSignedInt(n);\n};\n\n/**\n * Validates that the given ASN.1 object is at least a super set of the\n * given ASN.1 structure. Only tag classes and types are checked. An\n * optional map may also be provided to capture ASN.1 values while the\n * structure is checked.\n *\n * To capture an ASN.1 value, set an object in the validator's 'capture'\n * parameter to the key to use in the capture map. To capture the full\n * ASN.1 object, specify 'captureAsn1'. To capture BIT STRING bytes, including\n * the leading unused bits counter byte, specify 'captureBitStringContents'.\n * To capture BIT STRING bytes, without the leading unused bits counter byte,\n * specify 'captureBitStringValue'.\n *\n * Objects in the validator may set a field 'optional' to true to indicate\n * that it isn't necessary to pass validation.\n *\n * @param obj the ASN.1 object to validate.\n * @param v the ASN.1 structure validator.\n * @param capture an optional map to capture values in.\n * @param errors an optional array for storing validation errors.\n *\n * @return true on success, false on failure.\n */\nasn1.validate = function(obj, v, capture, errors) {\n var rval = false;\n\n // ensure tag class and type are the same if specified\n if((obj.tagClass === v.tagClass || typeof(v.tagClass) === 'undefined') &&\n (obj.type === v.type || typeof(v.type) === 'undefined')) {\n // ensure constructed flag is the same if specified\n if(obj.constructed === v.constructed ||\n typeof(v.constructed) === 'undefined') {\n rval = true;\n\n // handle sub values\n if(v.value && forge.util.isArray(v.value)) {\n var j = 0;\n for(var i = 0; rval && i < v.value.length; ++i) {\n rval = v.value[i].optional || false;\n if(obj.value[j]) {\n rval = asn1.validate(obj.value[j], v.value[i], capture, errors);\n if(rval) {\n ++j;\n } else if(v.value[i].optional) {\n rval = true;\n }\n }\n if(!rval && errors) {\n errors.push(\n '[' + v.name + '] ' +\n 'Tag class \"' + v.tagClass + '\", type \"' +\n v.type + '\" expected value length \"' +\n v.value.length + '\", got \"' +\n obj.value.length + '\"');\n }\n }\n }\n\n if(rval && capture) {\n if(v.capture) {\n capture[v.capture] = obj.value;\n }\n if(v.captureAsn1) {\n capture[v.captureAsn1] = obj;\n }\n if(v.captureBitStringContents && 'bitStringContents' in obj) {\n capture[v.captureBitStringContents] = obj.bitStringContents;\n }\n if(v.captureBitStringValue && 'bitStringContents' in obj) {\n var value;\n if(obj.bitStringContents.length < 2) {\n capture[v.captureBitStringValue] = '';\n } else {\n // FIXME: support unused bits with data shifting\n var unused = obj.bitStringContents.charCodeAt(0);\n if(unused !== 0) {\n throw new Error(\n 'captureBitStringValue only supported for zero unused bits');\n }\n capture[v.captureBitStringValue] = obj.bitStringContents.slice(1);\n }\n }\n }\n } else if(errors) {\n errors.push(\n '[' + v.name + '] ' +\n 'Expected constructed \"' + v.constructed + '\", got \"' +\n obj.constructed + '\"');\n }\n } else if(errors) {\n if(obj.tagClass !== v.tagClass) {\n errors.push(\n '[' + v.name + '] ' +\n 'Expected tag class \"' + v.tagClass + '\", got \"' +\n obj.tagClass + '\"');\n }\n if(obj.type !== v.type) {\n errors.push(\n '[' + v.name + '] ' +\n 'Expected type \"' + v.type + '\", got \"' + obj.type + '\"');\n }\n }\n return rval;\n};\n\n// regex for testing for non-latin characters\nvar _nonLatinRegex = /[^\\\\u0000-\\\\u00ff]/;\n\n/**\n * Pretty prints an ASN.1 object to a string.\n *\n * @param obj the object to write out.\n * @param level the level in the tree.\n * @param indentation the indentation to use.\n *\n * @return the string.\n */\nasn1.prettyPrint = function(obj, level, indentation) {\n var rval = '';\n\n // set default level and indentation\n level = level || 0;\n indentation = indentation || 2;\n\n // start new line for deep levels\n if(level > 0) {\n rval += '\\n';\n }\n\n // create indent\n var indent = '';\n for(var i = 0; i < level * indentation; ++i) {\n indent += ' ';\n }\n\n // print class:type\n rval += indent + 'Tag: ';\n switch(obj.tagClass) {\n case asn1.Class.UNIVERSAL:\n rval += 'Universal:';\n break;\n case asn1.Class.APPLICATION:\n rval += 'Application:';\n break;\n case asn1.Class.CONTEXT_SPECIFIC:\n rval += 'Context-Specific:';\n break;\n case asn1.Class.PRIVATE:\n rval += 'Private:';\n break;\n }\n\n if(obj.tagClass === asn1.Class.UNIVERSAL) {\n rval += obj.type;\n\n // known types\n switch(obj.type) {\n case asn1.Type.NONE:\n rval += ' (None)';\n break;\n case asn1.Type.BOOLEAN:\n rval += ' (Boolean)';\n break;\n case asn1.Type.INTEGER:\n rval += ' (Integer)';\n break;\n case asn1.Type.BITSTRING:\n rval += ' (Bit string)';\n break;\n case asn1.Type.OCTETSTRING:\n rval += ' (Octet string)';\n break;\n case asn1.Type.NULL:\n rval += ' (Null)';\n break;\n case asn1.Type.OID:\n rval += ' (Object Identifier)';\n break;\n case asn1.Type.ODESC:\n rval += ' (Object Descriptor)';\n break;\n case asn1.Type.EXTERNAL:\n rval += ' (External or Instance of)';\n break;\n case asn1.Type.REAL:\n rval += ' (Real)';\n break;\n case asn1.Type.ENUMERATED:\n rval += ' (Enumerated)';\n break;\n case asn1.Type.EMBEDDED:\n rval += ' (Embedded PDV)';\n break;\n case asn1.Type.UTF8:\n rval += ' (UTF8)';\n break;\n case asn1.Type.ROID:\n rval += ' (Relative Object Identifier)';\n break;\n case asn1.Type.SEQUENCE:\n rval += ' (Sequence)';\n break;\n case asn1.Type.SET:\n rval += ' (Set)';\n break;\n case asn1.Type.PRINTABLESTRING:\n rval += ' (Printable String)';\n break;\n case asn1.Type.IA5String:\n rval += ' (IA5String (ASCII))';\n break;\n case asn1.Type.UTCTIME:\n rval += ' (UTC time)';\n break;\n case asn1.Type.GENERALIZEDTIME:\n rval += ' (Generalized time)';\n break;\n case asn1.Type.BMPSTRING:\n rval += ' (BMP String)';\n break;\n }\n } else {\n rval += obj.type;\n }\n\n rval += '\\n';\n rval += indent + 'Constructed: ' + obj.constructed + '\\n';\n\n if(obj.composed) {\n var subvalues = 0;\n var sub = '';\n for(var i = 0; i < obj.value.length; ++i) {\n if(obj.value[i] !== undefined) {\n subvalues += 1;\n sub += asn1.prettyPrint(obj.value[i], level + 1, indentation);\n if((i + 1) < obj.value.length) {\n sub += ',';\n }\n }\n }\n rval += indent + 'Sub values: ' + subvalues + sub;\n } else {\n rval += indent + 'Value: ';\n if(obj.type === asn1.Type.OID) {\n var oid = asn1.derToOid(obj.value);\n rval += oid;\n if(forge.pki && forge.pki.oids) {\n if(oid in forge.pki.oids) {\n rval += ' (' + forge.pki.oids[oid] + ') ';\n }\n }\n }\n if(obj.type === asn1.Type.INTEGER) {\n try {\n rval += asn1.derToInteger(obj.value);\n } catch(ex) {\n rval += '0x' + forge.util.bytesToHex(obj.value);\n }\n } else if(obj.type === asn1.Type.BITSTRING) {\n // TODO: shift bits as needed to display without padding\n if(obj.value.length > 1) {\n // remove unused bits field\n rval += '0x' + forge.util.bytesToHex(obj.value.slice(1));\n } else {\n rval += '(none)';\n }\n // show unused bit count\n if(obj.value.length > 0) {\n var unused = obj.value.charCodeAt(0);\n if(unused == 1) {\n rval += ' (1 unused bit shown)';\n } else if(unused > 1) {\n rval += ' (' + unused + ' unused bits shown)';\n }\n }\n } else if(obj.type === asn1.Type.OCTETSTRING) {\n if(!_nonLatinRegex.test(obj.value)) {\n rval += '(' + obj.value + ') ';\n }\n rval += '0x' + forge.util.bytesToHex(obj.value);\n } else if(obj.type === asn1.Type.UTF8) {\n try {\n rval += forge.util.decodeUtf8(obj.value);\n } catch(e) {\n if(e.message === 'URI malformed') {\n rval +=\n '0x' + forge.util.bytesToHex(obj.value) + ' (malformed UTF8)';\n } else {\n throw e;\n }\n }\n } else if(obj.type === asn1.Type.PRINTABLESTRING ||\n obj.type === asn1.Type.IA5String) {\n rval += obj.value;\n } else if(_nonLatinRegex.test(obj.value)) {\n rval += '0x' + forge.util.bytesToHex(obj.value);\n } else if(obj.value.length === 0) {\n rval += '[null]';\n } else {\n rval += obj.value;\n }\n }\n\n return rval;\n};\n","/**\n * Node.js module for Forge message digests.\n *\n * @author Dave Longley\n *\n * Copyright 2011-2017 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\n\nmodule.exports = forge.md = forge.md || {};\nforge.md.algorithms = forge.md.algorithms || {};\n","/**\n * Hash-based Message Authentication Code implementation. Requires a message\n * digest object that can be obtained, for example, from forge.md.sha1 or\n * forge.md.md5.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2012 Digital Bazaar, Inc. All rights reserved.\n */\nvar forge = require('./forge');\nrequire('./md');\nrequire('./util');\n\n/* HMAC API */\nvar hmac = module.exports = forge.hmac = forge.hmac || {};\n\n/**\n * Creates an HMAC object that uses the given message digest object.\n *\n * @return an HMAC object.\n */\nhmac.create = function() {\n // the hmac key to use\n var _key = null;\n\n // the message digest to use\n var _md = null;\n\n // the inner padding\n var _ipadding = null;\n\n // the outer padding\n var _opadding = null;\n\n // hmac context\n var ctx = {};\n\n /**\n * Starts or restarts the HMAC with the given key and message digest.\n *\n * @param md the message digest to use, null to reuse the previous one,\n * a string to use builtin 'sha1', 'md5', 'sha256'.\n * @param key the key to use as a string, array of bytes, byte buffer,\n * or null to reuse the previous key.\n */\n ctx.start = function(md, key) {\n if(md !== null) {\n if(typeof md === 'string') {\n // create builtin message digest\n md = md.toLowerCase();\n if(md in forge.md.algorithms) {\n _md = forge.md.algorithms[md].create();\n } else {\n throw new Error('Unknown hash algorithm \"' + md + '\"');\n }\n } else {\n // store message digest\n _md = md;\n }\n }\n\n if(key === null) {\n // reuse previous key\n key = _key;\n } else {\n if(typeof key === 'string') {\n // convert string into byte buffer\n key = forge.util.createBuffer(key);\n } else if(forge.util.isArray(key)) {\n // convert byte array into byte buffer\n var tmp = key;\n key = forge.util.createBuffer();\n for(var i = 0; i < tmp.length; ++i) {\n key.putByte(tmp[i]);\n }\n }\n\n // if key is longer than blocksize, hash it\n var keylen = key.length();\n if(keylen > _md.blockLength) {\n _md.start();\n _md.update(key.bytes());\n key = _md.digest();\n }\n\n // mix key into inner and outer padding\n // ipadding = [0x36 * blocksize] ^ key\n // opadding = [0x5C * blocksize] ^ key\n _ipadding = forge.util.createBuffer();\n _opadding = forge.util.createBuffer();\n keylen = key.length();\n for(var i = 0; i < keylen; ++i) {\n var tmp = key.at(i);\n _ipadding.putByte(0x36 ^ tmp);\n _opadding.putByte(0x5C ^ tmp);\n }\n\n // if key is shorter than blocksize, add additional padding\n if(keylen < _md.blockLength) {\n var tmp = _md.blockLength - keylen;\n for(var i = 0; i < tmp; ++i) {\n _ipadding.putByte(0x36);\n _opadding.putByte(0x5C);\n }\n }\n _key = key;\n _ipadding = _ipadding.bytes();\n _opadding = _opadding.bytes();\n }\n\n // digest is done like so: hash(opadding | hash(ipadding | message))\n\n // prepare to do inner hash\n // hash(ipadding | message)\n _md.start();\n _md.update(_ipadding);\n };\n\n /**\n * Updates the HMAC with the given message bytes.\n *\n * @param bytes the bytes to update with.\n */\n ctx.update = function(bytes) {\n _md.update(bytes);\n };\n\n /**\n * Produces the Message Authentication Code (MAC).\n *\n * @return a byte buffer containing the digest value.\n */\n ctx.getMac = function() {\n // digest is done like so: hash(opadding | hash(ipadding | message))\n // here we do the outer hashing\n var inner = _md.digest().bytes();\n _md.start();\n _md.update(_opadding);\n _md.update(inner);\n return _md.digest();\n };\n // alias for getMac\n ctx.digest = ctx.getMac;\n\n return ctx;\n};\n","/**\n * Message Digest Algorithm 5 with 128-bit digest (MD5) implementation.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./md');\nrequire('./util');\n\nvar md5 = module.exports = forge.md5 = forge.md5 || {};\nforge.md.md5 = forge.md.algorithms.md5 = md5;\n\n/**\n * Creates an MD5 message digest object.\n *\n * @return a message digest object.\n */\nmd5.create = function() {\n // do initialization as necessary\n if(!_initialized) {\n _init();\n }\n\n // MD5 state contains four 32-bit integers\n var _state = null;\n\n // input buffer\n var _input = forge.util.createBuffer();\n\n // used for word storage\n var _w = new Array(16);\n\n // message digest object\n var md = {\n algorithm: 'md5',\n blockLength: 64,\n digestLength: 16,\n // 56-bit length of message so far (does not including padding)\n messageLength: 0,\n // true message length\n fullMessageLength: null,\n // size of message length in bytes\n messageLengthSize: 8\n };\n\n /**\n * Starts the digest.\n *\n * @return this digest object.\n */\n md.start = function() {\n // up to 56-bit message length for convenience\n md.messageLength = 0;\n\n // full message length (set md.messageLength64 for backwards-compatibility)\n md.fullMessageLength = md.messageLength64 = [];\n var int32s = md.messageLengthSize / 4;\n for(var i = 0; i < int32s; ++i) {\n md.fullMessageLength.push(0);\n }\n _input = forge.util.createBuffer();\n _state = {\n h0: 0x67452301,\n h1: 0xEFCDAB89,\n h2: 0x98BADCFE,\n h3: 0x10325476\n };\n return md;\n };\n // start digest automatically for first time\n md.start();\n\n /**\n * Updates the digest with the given message input. The given input can\n * treated as raw input (no encoding will be applied) or an encoding of\n * 'utf8' maybe given to encode the input using UTF-8.\n *\n * @param msg the message input to update with.\n * @param encoding the encoding to use (default: 'raw', other: 'utf8').\n *\n * @return this digest object.\n */\n md.update = function(msg, encoding) {\n if(encoding === 'utf8') {\n msg = forge.util.encodeUtf8(msg);\n }\n\n // update message length\n var len = msg.length;\n md.messageLength += len;\n len = [(len / 0x100000000) >>> 0, len >>> 0];\n for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {\n md.fullMessageLength[i] += len[1];\n len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0);\n md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0;\n len[0] = (len[1] / 0x100000000) >>> 0;\n }\n\n // add bytes to input buffer\n _input.putBytes(msg);\n\n // process bytes\n _update(_state, _w, _input);\n\n // compact input buffer every 2K or if empty\n if(_input.read > 2048 || _input.length() === 0) {\n _input.compact();\n }\n\n return md;\n };\n\n /**\n * Produces the digest.\n *\n * @return a byte buffer containing the digest value.\n */\n md.digest = function() {\n /* Note: Here we copy the remaining bytes in the input buffer and\n add the appropriate MD5 padding. Then we do the final update\n on a copy of the state so that if the user wants to get\n intermediate digests they can do so. */\n\n /* Determine the number of bytes that must be added to the message\n to ensure its length is congruent to 448 mod 512. In other words,\n the data to be digested must be a multiple of 512 bits (or 128 bytes).\n This data includes the message, some padding, and the length of the\n message. Since the length of the message will be encoded as 8 bytes (64\n bits), that means that the last segment of the data must have 56 bytes\n (448 bits) of message and padding. Therefore, the length of the message\n plus the padding must be congruent to 448 mod 512 because\n 512 - 128 = 448.\n\n In order to fill up the message length it must be filled with\n padding that begins with 1 bit followed by all 0 bits. Padding\n must *always* be present, so if the message length is already\n congruent to 448 mod 512, then 512 padding bits must be added. */\n\n var finalBlock = forge.util.createBuffer();\n finalBlock.putBytes(_input.bytes());\n\n // compute remaining size to be digested (include message length size)\n var remaining = (\n md.fullMessageLength[md.fullMessageLength.length - 1] +\n md.messageLengthSize);\n\n // add padding for overflow blockSize - overflow\n // _padding starts with 1 byte with first bit is set (byte value 128), then\n // there may be up to (blockSize - 1) other pad bytes\n var overflow = remaining & (md.blockLength - 1);\n finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow));\n\n // serialize message length in bits in little-endian order; since length\n // is stored in bytes we multiply by 8 and add carry\n var bits, carry = 0;\n for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {\n bits = md.fullMessageLength[i] * 8 + carry;\n carry = (bits / 0x100000000) >>> 0;\n finalBlock.putInt32Le(bits >>> 0);\n }\n\n var s2 = {\n h0: _state.h0,\n h1: _state.h1,\n h2: _state.h2,\n h3: _state.h3\n };\n _update(s2, _w, finalBlock);\n var rval = forge.util.createBuffer();\n rval.putInt32Le(s2.h0);\n rval.putInt32Le(s2.h1);\n rval.putInt32Le(s2.h2);\n rval.putInt32Le(s2.h3);\n return rval;\n };\n\n return md;\n};\n\n// padding, constant tables for calculating md5\nvar _padding = null;\nvar _g = null;\nvar _r = null;\nvar _k = null;\nvar _initialized = false;\n\n/**\n * Initializes the constant tables.\n */\nfunction _init() {\n // create padding\n _padding = String.fromCharCode(128);\n _padding += forge.util.fillString(String.fromCharCode(0x00), 64);\n\n // g values\n _g = [\n 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,\n 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12,\n 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2,\n 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9];\n\n // rounds table\n _r = [\n 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22,\n 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20,\n 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23,\n 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21];\n\n // get the result of abs(sin(i + 1)) as a 32-bit integer\n _k = new Array(64);\n for(var i = 0; i < 64; ++i) {\n _k[i] = Math.floor(Math.abs(Math.sin(i + 1)) * 0x100000000);\n }\n\n // now initialized\n _initialized = true;\n}\n\n/**\n * Updates an MD5 state with the given byte buffer.\n *\n * @param s the MD5 state to update.\n * @param w the array to use to store words.\n * @param bytes the byte buffer to update with.\n */\nfunction _update(s, w, bytes) {\n // consume 512 bit (64 byte) chunks\n var t, a, b, c, d, f, r, i;\n var len = bytes.length();\n while(len >= 64) {\n // initialize hash value for this chunk\n a = s.h0;\n b = s.h1;\n c = s.h2;\n d = s.h3;\n\n // round 1\n for(i = 0; i < 16; ++i) {\n w[i] = bytes.getInt32Le();\n f = d ^ (b & (c ^ d));\n t = (a + f + _k[i] + w[i]);\n r = _r[i];\n a = d;\n d = c;\n c = b;\n b += (t << r) | (t >>> (32 - r));\n }\n // round 2\n for(; i < 32; ++i) {\n f = c ^ (d & (b ^ c));\n t = (a + f + _k[i] + w[_g[i]]);\n r = _r[i];\n a = d;\n d = c;\n c = b;\n b += (t << r) | (t >>> (32 - r));\n }\n // round 3\n for(; i < 48; ++i) {\n f = b ^ c ^ d;\n t = (a + f + _k[i] + w[_g[i]]);\n r = _r[i];\n a = d;\n d = c;\n c = b;\n b += (t << r) | (t >>> (32 - r));\n }\n // round 4\n for(; i < 64; ++i) {\n f = c ^ (b | ~d);\n t = (a + f + _k[i] + w[_g[i]]);\n r = _r[i];\n a = d;\n d = c;\n c = b;\n b += (t << r) | (t >>> (32 - r));\n }\n\n // update hash state\n s.h0 = (s.h0 + a) | 0;\n s.h1 = (s.h1 + b) | 0;\n s.h2 = (s.h2 + c) | 0;\n s.h3 = (s.h3 + d) | 0;\n\n len -= 64;\n }\n}\n","/**\n * Javascript implementation of basic PEM (Privacy Enhanced Mail) algorithms.\n *\n * See: RFC 1421.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2013-2014 Digital Bazaar, Inc.\n *\n * A Forge PEM object has the following fields:\n *\n * type: identifies the type of message (eg: \"RSA PRIVATE KEY\").\n *\n * procType: identifies the type of processing performed on the message,\n * it has two subfields: version and type, eg: 4,ENCRYPTED.\n *\n * contentDomain: identifies the type of content in the message, typically\n * only uses the value: \"RFC822\".\n *\n * dekInfo: identifies the message encryption algorithm and mode and includes\n * any parameters for the algorithm, it has two subfields: algorithm and\n * parameters, eg: DES-CBC,F8143EDE5960C597.\n *\n * headers: contains all other PEM encapsulated headers -- where order is\n * significant (for pairing data like recipient ID + key info).\n *\n * body: the binary-encoded body.\n */\nvar forge = require('./forge');\nrequire('./util');\n\n// shortcut for pem API\nvar pem = module.exports = forge.pem = forge.pem || {};\n\n/**\n * Encodes (serializes) the given PEM object.\n *\n * @param msg the PEM message object to encode.\n * @param options the options to use:\n * maxline the maximum characters per line for the body, (default: 64).\n *\n * @return the PEM-formatted string.\n */\npem.encode = function(msg, options) {\n options = options || {};\n var rval = '-----BEGIN ' + msg.type + '-----\\r\\n';\n\n // encode special headers\n var header;\n if(msg.procType) {\n header = {\n name: 'Proc-Type',\n values: [String(msg.procType.version), msg.procType.type]\n };\n rval += foldHeader(header);\n }\n if(msg.contentDomain) {\n header = {name: 'Content-Domain', values: [msg.contentDomain]};\n rval += foldHeader(header);\n }\n if(msg.dekInfo) {\n header = {name: 'DEK-Info', values: [msg.dekInfo.algorithm]};\n if(msg.dekInfo.parameters) {\n header.values.push(msg.dekInfo.parameters);\n }\n rval += foldHeader(header);\n }\n\n if(msg.headers) {\n // encode all other headers\n for(var i = 0; i < msg.headers.length; ++i) {\n rval += foldHeader(msg.headers[i]);\n }\n }\n\n // terminate header\n if(msg.procType) {\n rval += '\\r\\n';\n }\n\n // add body\n rval += forge.util.encode64(msg.body, options.maxline || 64) + '\\r\\n';\n\n rval += '-----END ' + msg.type + '-----\\r\\n';\n return rval;\n};\n\n/**\n * Decodes (deserializes) all PEM messages found in the given string.\n *\n * @param str the PEM-formatted string to decode.\n *\n * @return the PEM message objects in an array.\n */\npem.decode = function(str) {\n var rval = [];\n\n // split string into PEM messages (be lenient w/EOF on BEGIN line)\n var rMessage = /\\s*-----BEGIN ([A-Z0-9- ]+)-----\\r?\\n?([\\x21-\\x7e\\s]+?(?:\\r?\\n\\r?\\n))?([:A-Za-z0-9+\\/=\\s]+?)-----END \\1-----/g;\n var rHeader = /([\\x21-\\x7e]+):\\s*([\\x21-\\x7e\\s^:]+)/;\n var rCRLF = /\\r?\\n/;\n var match;\n while(true) {\n match = rMessage.exec(str);\n if(!match) {\n break;\n }\n\n // accept \"NEW CERTIFICATE REQUEST\" as \"CERTIFICATE REQUEST\"\n // https://datatracker.ietf.org/doc/html/rfc7468#section-7\n var type = match[1];\n if(type === 'NEW CERTIFICATE REQUEST') {\n type = 'CERTIFICATE REQUEST';\n }\n\n var msg = {\n type: type,\n procType: null,\n contentDomain: null,\n dekInfo: null,\n headers: [],\n body: forge.util.decode64(match[3])\n };\n rval.push(msg);\n\n // no headers\n if(!match[2]) {\n continue;\n }\n\n // parse headers\n var lines = match[2].split(rCRLF);\n var li = 0;\n while(match && li < lines.length) {\n // get line, trim any rhs whitespace\n var line = lines[li].replace(/\\s+$/, '');\n\n // RFC2822 unfold any following folded lines\n for(var nl = li + 1; nl < lines.length; ++nl) {\n var next = lines[nl];\n if(!/\\s/.test(next[0])) {\n break;\n }\n line += next;\n li = nl;\n }\n\n // parse header\n match = line.match(rHeader);\n if(match) {\n var header = {name: match[1], values: []};\n var values = match[2].split(',');\n for(var vi = 0; vi < values.length; ++vi) {\n header.values.push(ltrim(values[vi]));\n }\n\n // Proc-Type must be the first header\n if(!msg.procType) {\n if(header.name !== 'Proc-Type') {\n throw new Error('Invalid PEM formatted message. The first ' +\n 'encapsulated header must be \"Proc-Type\".');\n } else if(header.values.length !== 2) {\n throw new Error('Invalid PEM formatted message. The \"Proc-Type\" ' +\n 'header must have two subfields.');\n }\n msg.procType = {version: values[0], type: values[1]};\n } else if(!msg.contentDomain && header.name === 'Content-Domain') {\n // special-case Content-Domain\n msg.contentDomain = values[0] || '';\n } else if(!msg.dekInfo && header.name === 'DEK-Info') {\n // special-case DEK-Info\n if(header.values.length === 0) {\n throw new Error('Invalid PEM formatted message. The \"DEK-Info\" ' +\n 'header must have at least one subfield.');\n }\n msg.dekInfo = {algorithm: values[0], parameters: values[1] || null};\n } else {\n msg.headers.push(header);\n }\n }\n\n ++li;\n }\n\n if(msg.procType === 'ENCRYPTED' && !msg.dekInfo) {\n throw new Error('Invalid PEM formatted message. The \"DEK-Info\" ' +\n 'header must be present if \"Proc-Type\" is \"ENCRYPTED\".');\n }\n }\n\n if(rval.length === 0) {\n throw new Error('Invalid PEM formatted message.');\n }\n\n return rval;\n};\n\nfunction foldHeader(header) {\n var rval = header.name + ': ';\n\n // ensure values with CRLF are folded\n var values = [];\n var insertSpace = function(match, $1) {\n return ' ' + $1;\n };\n for(var i = 0; i < header.values.length; ++i) {\n values.push(header.values[i].replace(/^(\\S+\\r\\n)/, insertSpace));\n }\n rval += values.join(',') + '\\r\\n';\n\n // do folding\n var length = 0;\n var candidate = -1;\n for(var i = 0; i < rval.length; ++i, ++length) {\n if(length > 65 && candidate !== -1) {\n var insert = rval[candidate];\n if(insert === ',') {\n ++candidate;\n rval = rval.substr(0, candidate) + '\\r\\n ' + rval.substr(candidate);\n } else {\n rval = rval.substr(0, candidate) +\n '\\r\\n' + insert + rval.substr(candidate + 1);\n }\n length = (i - candidate - 1);\n candidate = -1;\n ++i;\n } else if(rval[i] === ' ' || rval[i] === '\\t' || rval[i] === ',') {\n candidate = i;\n }\n }\n\n return rval;\n}\n\nfunction ltrim(str) {\n return str.replace(/^\\s+/, '');\n}\n","/**\n * DES (Data Encryption Standard) implementation.\n *\n * This implementation supports DES as well as 3DES-EDE in ECB and CBC mode.\n * It is based on the BSD-licensed implementation by Paul Tero:\n *\n * Paul Tero, July 2001\n * http://www.tero.co.uk/des/\n *\n * Optimised for performance with large blocks by\n * Michael Hayworth, November 2001\n * http://www.netdealing.com\n *\n * THIS SOFTWARE IS PROVIDED \"AS IS\" AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n * SUCH DAMAGE.\n *\n * @author Stefan Siegl\n * @author Dave Longley\n *\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n * Copyright (c) 2012-2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./cipher');\nrequire('./cipherModes');\nrequire('./util');\n\n/* DES API */\nmodule.exports = forge.des = forge.des || {};\n\n/**\n * Deprecated. Instead, use:\n *\n * var cipher = forge.cipher.createCipher('DES-<mode>', key);\n * cipher.start({iv: iv});\n *\n * Creates an DES cipher object to encrypt data using the given symmetric key.\n * The output will be stored in the 'output' member of the returned cipher.\n *\n * The key and iv may be given as binary-encoded strings of bytes or\n * byte buffers.\n *\n * @param key the symmetric key to use (64 or 192 bits).\n * @param iv the initialization vector to use.\n * @param output the buffer to write to, null to create one.\n * @param mode the cipher mode to use (default: 'CBC' if IV is\n * given, 'ECB' if null).\n *\n * @return the cipher.\n */\nforge.des.startEncrypting = function(key, iv, output, mode) {\n var cipher = _createCipher({\n key: key,\n output: output,\n decrypt: false,\n mode: mode || (iv === null ? 'ECB' : 'CBC')\n });\n cipher.start(iv);\n return cipher;\n};\n\n/**\n * Deprecated. Instead, use:\n *\n * var cipher = forge.cipher.createCipher('DES-<mode>', key);\n *\n * Creates an DES cipher object to encrypt data using the given symmetric key.\n *\n * The key may be given as a binary-encoded string of bytes or a byte buffer.\n *\n * @param key the symmetric key to use (64 or 192 bits).\n * @param mode the cipher mode to use (default: 'CBC').\n *\n * @return the cipher.\n */\nforge.des.createEncryptionCipher = function(key, mode) {\n return _createCipher({\n key: key,\n output: null,\n decrypt: false,\n mode: mode\n });\n};\n\n/**\n * Deprecated. Instead, use:\n *\n * var decipher = forge.cipher.createDecipher('DES-<mode>', key);\n * decipher.start({iv: iv});\n *\n * Creates an DES cipher object to decrypt data using the given symmetric key.\n * The output will be stored in the 'output' member of the returned cipher.\n *\n * The key and iv may be given as binary-encoded strings of bytes or\n * byte buffers.\n *\n * @param key the symmetric key to use (64 or 192 bits).\n * @param iv the initialization vector to use.\n * @param output the buffer to write to, null to create one.\n * @param mode the cipher mode to use (default: 'CBC' if IV is\n * given, 'ECB' if null).\n *\n * @return the cipher.\n */\nforge.des.startDecrypting = function(key, iv, output, mode) {\n var cipher = _createCipher({\n key: key,\n output: output,\n decrypt: true,\n mode: mode || (iv === null ? 'ECB' : 'CBC')\n });\n cipher.start(iv);\n return cipher;\n};\n\n/**\n * Deprecated. Instead, use:\n *\n * var decipher = forge.cipher.createDecipher('DES-<mode>', key);\n *\n * Creates an DES cipher object to decrypt data using the given symmetric key.\n *\n * The key may be given as a binary-encoded string of bytes or a byte buffer.\n *\n * @param key the symmetric key to use (64 or 192 bits).\n * @param mode the cipher mode to use (default: 'CBC').\n *\n * @return the cipher.\n */\nforge.des.createDecryptionCipher = function(key, mode) {\n return _createCipher({\n key: key,\n output: null,\n decrypt: true,\n mode: mode\n });\n};\n\n/**\n * Creates a new DES cipher algorithm object.\n *\n * @param name the name of the algorithm.\n * @param mode the mode factory function.\n *\n * @return the DES algorithm object.\n */\nforge.des.Algorithm = function(name, mode) {\n var self = this;\n self.name = name;\n self.mode = new mode({\n blockSize: 8,\n cipher: {\n encrypt: function(inBlock, outBlock) {\n return _updateBlock(self._keys, inBlock, outBlock, false);\n },\n decrypt: function(inBlock, outBlock) {\n return _updateBlock(self._keys, inBlock, outBlock, true);\n }\n }\n });\n self._init = false;\n};\n\n/**\n * Initializes this DES algorithm by expanding its key.\n *\n * @param options the options to use.\n * key the key to use with this algorithm.\n * decrypt true if the algorithm should be initialized for decryption,\n * false for encryption.\n */\nforge.des.Algorithm.prototype.initialize = function(options) {\n if(this._init) {\n return;\n }\n\n var key = forge.util.createBuffer(options.key);\n if(this.name.indexOf('3DES') === 0) {\n if(key.length() !== 24) {\n throw new Error('Invalid Triple-DES key size: ' + key.length() * 8);\n }\n }\n\n // do key expansion to 16 or 48 subkeys (single or triple DES)\n this._keys = _createKeys(key);\n this._init = true;\n};\n\n/** Register DES algorithms **/\n\nregisterAlgorithm('DES-ECB', forge.cipher.modes.ecb);\nregisterAlgorithm('DES-CBC', forge.cipher.modes.cbc);\nregisterAlgorithm('DES-CFB', forge.cipher.modes.cfb);\nregisterAlgorithm('DES-OFB', forge.cipher.modes.ofb);\nregisterAlgorithm('DES-CTR', forge.cipher.modes.ctr);\n\nregisterAlgorithm('3DES-ECB', forge.cipher.modes.ecb);\nregisterAlgorithm('3DES-CBC', forge.cipher.modes.cbc);\nregisterAlgorithm('3DES-CFB', forge.cipher.modes.cfb);\nregisterAlgorithm('3DES-OFB', forge.cipher.modes.ofb);\nregisterAlgorithm('3DES-CTR', forge.cipher.modes.ctr);\n\nfunction registerAlgorithm(name, mode) {\n var factory = function() {\n return new forge.des.Algorithm(name, mode);\n };\n forge.cipher.registerAlgorithm(name, factory);\n}\n\n/** DES implementation **/\n\nvar spfunction1 = [0x1010400,0,0x10000,0x1010404,0x1010004,0x10404,0x4,0x10000,0x400,0x1010400,0x1010404,0x400,0x1000404,0x1010004,0x1000000,0x4,0x404,0x1000400,0x1000400,0x10400,0x10400,0x1010000,0x1010000,0x1000404,0x10004,0x1000004,0x1000004,0x10004,0,0x404,0x10404,0x1000000,0x10000,0x1010404,0x4,0x1010000,0x1010400,0x1000000,0x1000000,0x400,0x1010004,0x10000,0x10400,0x1000004,0x400,0x4,0x1000404,0x10404,0x1010404,0x10004,0x1010000,0x1000404,0x1000004,0x404,0x10404,0x1010400,0x404,0x1000400,0x1000400,0,0x10004,0x10400,0,0x1010004];\nvar spfunction2 = [-0x7fef7fe0,-0x7fff8000,0x8000,0x108020,0x100000,0x20,-0x7fefffe0,-0x7fff7fe0,-0x7fffffe0,-0x7fef7fe0,-0x7fef8000,-0x80000000,-0x7fff8000,0x100000,0x20,-0x7fefffe0,0x108000,0x100020,-0x7fff7fe0,0,-0x80000000,0x8000,0x108020,-0x7ff00000,0x100020,-0x7fffffe0,0,0x108000,0x8020,-0x7fef8000,-0x7ff00000,0x8020,0,0x108020,-0x7fefffe0,0x100000,-0x7fff7fe0,-0x7ff00000,-0x7fef8000,0x8000,-0x7ff00000,-0x7fff8000,0x20,-0x7fef7fe0,0x108020,0x20,0x8000,-0x80000000,0x8020,-0x7fef8000,0x100000,-0x7fffffe0,0x100020,-0x7fff7fe0,-0x7fffffe0,0x100020,0x108000,0,-0x7fff8000,0x8020,-0x80000000,-0x7fefffe0,-0x7fef7fe0,0x108000];\nvar spfunction3 = [0x208,0x8020200,0,0x8020008,0x8000200,0,0x20208,0x8000200,0x20008,0x8000008,0x8000008,0x20000,0x8020208,0x20008,0x8020000,0x208,0x8000000,0x8,0x8020200,0x200,0x20200,0x8020000,0x8020008,0x20208,0x8000208,0x20200,0x20000,0x8000208,0x8,0x8020208,0x200,0x8000000,0x8020200,0x8000000,0x20008,0x208,0x20000,0x8020200,0x8000200,0,0x200,0x20008,0x8020208,0x8000200,0x8000008,0x200,0,0x8020008,0x8000208,0x20000,0x8000000,0x8020208,0x8,0x20208,0x20200,0x8000008,0x8020000,0x8000208,0x208,0x8020000,0x20208,0x8,0x8020008,0x20200];\nvar spfunction4 = [0x802001,0x2081,0x2081,0x80,0x802080,0x800081,0x800001,0x2001,0,0x802000,0x802000,0x802081,0x81,0,0x800080,0x800001,0x1,0x2000,0x800000,0x802001,0x80,0x800000,0x2001,0x2080,0x800081,0x1,0x2080,0x800080,0x2000,0x802080,0x802081,0x81,0x800080,0x800001,0x802000,0x802081,0x81,0,0,0x802000,0x2080,0x800080,0x800081,0x1,0x802001,0x2081,0x2081,0x80,0x802081,0x81,0x1,0x2000,0x800001,0x2001,0x802080,0x800081,0x2001,0x2080,0x800000,0x802001,0x80,0x800000,0x2000,0x802080];\nvar spfunction5 = [0x100,0x2080100,0x2080000,0x42000100,0x80000,0x100,0x40000000,0x2080000,0x40080100,0x80000,0x2000100,0x40080100,0x42000100,0x42080000,0x80100,0x40000000,0x2000000,0x40080000,0x40080000,0,0x40000100,0x42080100,0x42080100,0x2000100,0x42080000,0x40000100,0,0x42000000,0x2080100,0x2000000,0x42000000,0x80100,0x80000,0x42000100,0x100,0x2000000,0x40000000,0x2080000,0x42000100,0x40080100,0x2000100,0x40000000,0x42080000,0x2080100,0x40080100,0x100,0x2000000,0x42080000,0x42080100,0x80100,0x42000000,0x42080100,0x2080000,0,0x40080000,0x42000000,0x80100,0x2000100,0x40000100,0x80000,0,0x40080000,0x2080100,0x40000100];\nvar spfunction6 = [0x20000010,0x20400000,0x4000,0x20404010,0x20400000,0x10,0x20404010,0x400000,0x20004000,0x404010,0x400000,0x20000010,0x400010,0x20004000,0x20000000,0x4010,0,0x400010,0x20004010,0x4000,0x404000,0x20004010,0x10,0x20400010,0x20400010,0,0x404010,0x20404000,0x4010,0x404000,0x20404000,0x20000000,0x20004000,0x10,0x20400010,0x404000,0x20404010,0x400000,0x4010,0x20000010,0x400000,0x20004000,0x20000000,0x4010,0x20000010,0x20404010,0x404000,0x20400000,0x404010,0x20404000,0,0x20400010,0x10,0x4000,0x20400000,0x404010,0x4000,0x400010,0x20004010,0,0x20404000,0x20000000,0x400010,0x20004010];\nvar spfunction7 = [0x200000,0x4200002,0x4000802,0,0x800,0x4000802,0x200802,0x4200800,0x4200802,0x200000,0,0x4000002,0x2,0x4000000,0x4200002,0x802,0x4000800,0x200802,0x200002,0x4000800,0x4000002,0x4200000,0x4200800,0x200002,0x4200000,0x800,0x802,0x4200802,0x200800,0x2,0x4000000,0x200800,0x4000000,0x200800,0x200000,0x4000802,0x4000802,0x4200002,0x4200002,0x2,0x200002,0x4000000,0x4000800,0x200000,0x4200800,0x802,0x200802,0x4200800,0x802,0x4000002,0x4200802,0x4200000,0x200800,0,0x2,0x4200802,0,0x200802,0x4200000,0x800,0x4000002,0x4000800,0x800,0x200002];\nvar spfunction8 = [0x10001040,0x1000,0x40000,0x10041040,0x10000000,0x10001040,0x40,0x10000000,0x40040,0x10040000,0x10041040,0x41000,0x10041000,0x41040,0x1000,0x40,0x10040000,0x10000040,0x10001000,0x1040,0x41000,0x40040,0x10040040,0x10041000,0x1040,0,0,0x10040040,0x10000040,0x10001000,0x41040,0x40000,0x41040,0x40000,0x10041000,0x1000,0x40,0x10040040,0x1000,0x41040,0x10001000,0x40,0x10000040,0x10040000,0x10040040,0x10000000,0x40000,0x10001040,0,0x10041040,0x40040,0x10000040,0x10040000,0x10001000,0x10001040,0,0x10041040,0x41000,0x41000,0x1040,0x1040,0x40040,0x10000000,0x10041000];\n\n/**\n * Create necessary sub keys.\n *\n * @param key the 64-bit or 192-bit key.\n *\n * @return the expanded keys.\n */\nfunction _createKeys(key) {\n var pc2bytes0 = [0,0x4,0x20000000,0x20000004,0x10000,0x10004,0x20010000,0x20010004,0x200,0x204,0x20000200,0x20000204,0x10200,0x10204,0x20010200,0x20010204],\n pc2bytes1 = [0,0x1,0x100000,0x100001,0x4000000,0x4000001,0x4100000,0x4100001,0x100,0x101,0x100100,0x100101,0x4000100,0x4000101,0x4100100,0x4100101],\n pc2bytes2 = [0,0x8,0x800,0x808,0x1000000,0x1000008,0x1000800,0x1000808,0,0x8,0x800,0x808,0x1000000,0x1000008,0x1000800,0x1000808],\n pc2bytes3 = [0,0x200000,0x8000000,0x8200000,0x2000,0x202000,0x8002000,0x8202000,0x20000,0x220000,0x8020000,0x8220000,0x22000,0x222000,0x8022000,0x8222000],\n pc2bytes4 = [0,0x40000,0x10,0x40010,0,0x40000,0x10,0x40010,0x1000,0x41000,0x1010,0x41010,0x1000,0x41000,0x1010,0x41010],\n pc2bytes5 = [0,0x400,0x20,0x420,0,0x400,0x20,0x420,0x2000000,0x2000400,0x2000020,0x2000420,0x2000000,0x2000400,0x2000020,0x2000420],\n pc2bytes6 = [0,0x10000000,0x80000,0x10080000,0x2,0x10000002,0x80002,0x10080002,0,0x10000000,0x80000,0x10080000,0x2,0x10000002,0x80002,0x10080002],\n pc2bytes7 = [0,0x10000,0x800,0x10800,0x20000000,0x20010000,0x20000800,0x20010800,0x20000,0x30000,0x20800,0x30800,0x20020000,0x20030000,0x20020800,0x20030800],\n pc2bytes8 = [0,0x40000,0,0x40000,0x2,0x40002,0x2,0x40002,0x2000000,0x2040000,0x2000000,0x2040000,0x2000002,0x2040002,0x2000002,0x2040002],\n pc2bytes9 = [0,0x10000000,0x8,0x10000008,0,0x10000000,0x8,0x10000008,0x400,0x10000400,0x408,0x10000408,0x400,0x10000400,0x408,0x10000408],\n pc2bytes10 = [0,0x20,0,0x20,0x100000,0x100020,0x100000,0x100020,0x2000,0x2020,0x2000,0x2020,0x102000,0x102020,0x102000,0x102020],\n pc2bytes11 = [0,0x1000000,0x200,0x1000200,0x200000,0x1200000,0x200200,0x1200200,0x4000000,0x5000000,0x4000200,0x5000200,0x4200000,0x5200000,0x4200200,0x5200200],\n pc2bytes12 = [0,0x1000,0x8000000,0x8001000,0x80000,0x81000,0x8080000,0x8081000,0x10,0x1010,0x8000010,0x8001010,0x80010,0x81010,0x8080010,0x8081010],\n pc2bytes13 = [0,0x4,0x100,0x104,0,0x4,0x100,0x104,0x1,0x5,0x101,0x105,0x1,0x5,0x101,0x105];\n\n // how many iterations (1 for des, 3 for triple des)\n // changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys\n var iterations = key.length() > 8 ? 3 : 1;\n\n // stores the return keys\n var keys = [];\n\n // now define the left shifts which need to be done\n var shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0];\n\n var n = 0, tmp;\n for(var j = 0; j < iterations; j++) {\n var left = key.getInt32();\n var right = key.getInt32();\n\n tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= tmp;\n left ^= (tmp << 4);\n\n tmp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= tmp;\n right ^= (tmp << -16);\n\n tmp = ((left >>> 2) ^ right) & 0x33333333;\n right ^= tmp;\n left ^= (tmp << 2);\n\n tmp = ((right >>> -16) ^ left) & 0x0000ffff;\n left ^= tmp;\n right ^= (tmp << -16);\n\n tmp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= tmp;\n left ^= (tmp << 1);\n\n tmp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= tmp;\n right ^= (tmp << 8);\n\n tmp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= tmp;\n left ^= (tmp << 1);\n\n // right needs to be shifted and OR'd with last four bits of left\n tmp = (left << 8) | ((right >>> 20) & 0x000000f0);\n\n // left needs to be put upside down\n left = ((right << 24) | ((right << 8) & 0xff0000) |\n ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0));\n right = tmp;\n\n // now go through and perform these shifts on the left and right keys\n for(var i = 0; i < shifts.length; ++i) {\n //shift the keys either one or two bits to the left\n if(shifts[i]) {\n left = (left << 2) | (left >>> 26);\n right = (right << 2) | (right >>> 26);\n } else {\n left = (left << 1) | (left >>> 27);\n right = (right << 1) | (right >>> 27);\n }\n left &= -0xf;\n right &= -0xf;\n\n // now apply PC-2, in such a way that E is easier when encrypting or\n // decrypting this conversion will look like PC-2 except only the last 6\n // bits of each byte are used rather than 48 consecutive bits and the\n // order of lines will be according to how the S selection functions will\n // be applied: S2, S4, S6, S8, S1, S3, S5, S7\n var lefttmp = (\n pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] |\n pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(left >>> 16) & 0xf] |\n pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] |\n pc2bytes6[(left >>> 4) & 0xf]);\n var righttmp = (\n pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] |\n pc2bytes9[(right >>> 20) & 0xf] | pc2bytes10[(right >>> 16) & 0xf] |\n pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] |\n pc2bytes13[(right >>> 4) & 0xf]);\n tmp = ((righttmp >>> 16) ^ lefttmp) & 0x0000ffff;\n keys[n++] = lefttmp ^ tmp;\n keys[n++] = righttmp ^ (tmp << 16);\n }\n }\n\n return keys;\n}\n\n/**\n * Updates a single block (1 byte) using DES. The update will either\n * encrypt or decrypt the block.\n *\n * @param keys the expanded keys.\n * @param input the input block (an array of 32-bit words).\n * @param output the updated output block.\n * @param decrypt true to decrypt the block, false to encrypt it.\n */\nfunction _updateBlock(keys, input, output, decrypt) {\n // set up loops for single or triple DES\n var iterations = keys.length === 32 ? 3 : 9;\n var looping;\n if(iterations === 3) {\n looping = decrypt ? [30, -2, -2] : [0, 32, 2];\n } else {\n looping = (decrypt ?\n [94, 62, -2, 32, 64, 2, 30, -2, -2] :\n [0, 32, 2, 62, 30, -2, 64, 96, 2]);\n }\n\n var tmp;\n\n var left = input[0];\n var right = input[1];\n\n // first each 64 bit chunk of the message must be permuted according to IP\n tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= tmp;\n left ^= (tmp << 4);\n\n tmp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= tmp;\n left ^= (tmp << 16);\n\n tmp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= tmp;\n right ^= (tmp << 2);\n\n tmp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= tmp;\n right ^= (tmp << 8);\n\n tmp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= tmp;\n left ^= (tmp << 1);\n\n // rotate left 1 bit\n left = ((left << 1) | (left >>> 31));\n right = ((right << 1) | (right >>> 31));\n\n for(var j = 0; j < iterations; j += 3) {\n var endloop = looping[j + 1];\n var loopinc = looping[j + 2];\n\n // now go through and perform the encryption or decryption\n for(var i = looping[j]; i != endloop; i += loopinc) {\n var right1 = right ^ keys[i];\n var right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1];\n\n // passing these bytes through the S selection functions\n tmp = left;\n left = right;\n right = tmp ^ (\n spfunction2[(right1 >>> 24) & 0x3f] |\n spfunction4[(right1 >>> 16) & 0x3f] |\n spfunction6[(right1 >>> 8) & 0x3f] |\n spfunction8[right1 & 0x3f] |\n spfunction1[(right2 >>> 24) & 0x3f] |\n spfunction3[(right2 >>> 16) & 0x3f] |\n spfunction5[(right2 >>> 8) & 0x3f] |\n spfunction7[right2 & 0x3f]);\n }\n // unreverse left and right\n tmp = left;\n left = right;\n right = tmp;\n }\n\n // rotate right 1 bit\n left = ((left >>> 1) | (left << 31));\n right = ((right >>> 1) | (right << 31));\n\n // now perform IP-1, which is IP in the opposite direction\n tmp = ((left >>> 1) ^ right) & 0x55555555;\n right ^= tmp;\n left ^= (tmp << 1);\n\n tmp = ((right >>> 8) ^ left) & 0x00ff00ff;\n left ^= tmp;\n right ^= (tmp << 8);\n\n tmp = ((right >>> 2) ^ left) & 0x33333333;\n left ^= tmp;\n right ^= (tmp << 2);\n\n tmp = ((left >>> 16) ^ right) & 0x0000ffff;\n right ^= tmp;\n left ^= (tmp << 16);\n\n tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f;\n right ^= tmp;\n left ^= (tmp << 4);\n\n output[0] = left;\n output[1] = right;\n}\n\n/**\n * Deprecated. Instead, use:\n *\n * forge.cipher.createCipher('DES-<mode>', key);\n * forge.cipher.createDecipher('DES-<mode>', key);\n *\n * Creates a deprecated DES cipher object. This object's mode will default to\n * CBC (cipher-block-chaining).\n *\n * The key may be given as a binary-encoded string of bytes or a byte buffer.\n *\n * @param options the options to use.\n * key the symmetric key to use (64 or 192 bits).\n * output the buffer to write to.\n * decrypt true for decryption, false for encryption.\n * mode the cipher mode to use (default: 'CBC').\n *\n * @return the cipher.\n */\nfunction _createCipher(options) {\n options = options || {};\n var mode = (options.mode || 'CBC').toUpperCase();\n var algorithm = 'DES-' + mode;\n\n var cipher;\n if(options.decrypt) {\n cipher = forge.cipher.createDecipher(algorithm, options.key);\n } else {\n cipher = forge.cipher.createCipher(algorithm, options.key);\n }\n\n // backwards compatible start API\n var start = cipher.start;\n cipher.start = function(iv, options) {\n // backwards compatibility: support second arg as output buffer\n var output = null;\n if(options instanceof forge.util.ByteBuffer) {\n output = options;\n options = {};\n }\n options = options || {};\n options.output = output;\n options.iv = iv;\n start.call(cipher, options);\n };\n\n return cipher;\n}\n","/**\n * Password-Based Key-Derivation Function #2 implementation.\n *\n * See RFC 2898 for details.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2013 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./hmac');\nrequire('./md');\nrequire('./util');\n\nvar pkcs5 = forge.pkcs5 = forge.pkcs5 || {};\n\nvar crypto;\nif(forge.util.isNodejs && !forge.options.usePureJavaScript) {\n crypto = require('crypto');\n}\n\n/**\n * Derives a key from a password.\n *\n * @param p the password as a binary-encoded string of bytes.\n * @param s the salt as a binary-encoded string of bytes.\n * @param c the iteration count, a positive integer.\n * @param dkLen the intended length, in bytes, of the derived key,\n * (max: 2^32 - 1) * hash length of the PRF.\n * @param [md] the message digest (or algorithm identifier as a string) to use\n * in the PRF, defaults to SHA-1.\n * @param [callback(err, key)] presence triggers asynchronous version, called\n * once the operation completes.\n *\n * @return the derived key, as a binary-encoded string of bytes, for the\n * synchronous version (if no callback is specified).\n */\nmodule.exports = forge.pbkdf2 = pkcs5.pbkdf2 = function(\n p, s, c, dkLen, md, callback) {\n if(typeof md === 'function') {\n callback = md;\n md = null;\n }\n\n // use native implementation if possible and not disabled, note that\n // some node versions only support SHA-1, others allow digest to be changed\n if(forge.util.isNodejs && !forge.options.usePureJavaScript &&\n crypto.pbkdf2 && (md === null || typeof md !== 'object') &&\n (crypto.pbkdf2Sync.length > 4 || (!md || md === 'sha1'))) {\n if(typeof md !== 'string') {\n // default prf to SHA-1\n md = 'sha1';\n }\n p = Buffer.from(p, 'binary');\n s = Buffer.from(s, 'binary');\n if(!callback) {\n if(crypto.pbkdf2Sync.length === 4) {\n return crypto.pbkdf2Sync(p, s, c, dkLen).toString('binary');\n }\n return crypto.pbkdf2Sync(p, s, c, dkLen, md).toString('binary');\n }\n if(crypto.pbkdf2Sync.length === 4) {\n return crypto.pbkdf2(p, s, c, dkLen, function(err, key) {\n if(err) {\n return callback(err);\n }\n callback(null, key.toString('binary'));\n });\n }\n return crypto.pbkdf2(p, s, c, dkLen, md, function(err, key) {\n if(err) {\n return callback(err);\n }\n callback(null, key.toString('binary'));\n });\n }\n\n if(typeof md === 'undefined' || md === null) {\n // default prf to SHA-1\n md = 'sha1';\n }\n if(typeof md === 'string') {\n if(!(md in forge.md.algorithms)) {\n throw new Error('Unknown hash algorithm: ' + md);\n }\n md = forge.md[md].create();\n }\n\n var hLen = md.digestLength;\n\n /* 1. If dkLen > (2^32 - 1) * hLen, output \"derived key too long\" and\n stop. */\n if(dkLen > (0xFFFFFFFF * hLen)) {\n var err = new Error('Derived key is too long.');\n if(callback) {\n return callback(err);\n }\n throw err;\n }\n\n /* 2. Let len be the number of hLen-octet blocks in the derived key,\n rounding up, and let r be the number of octets in the last\n block:\n\n len = CEIL(dkLen / hLen),\n r = dkLen - (len - 1) * hLen. */\n var len = Math.ceil(dkLen / hLen);\n var r = dkLen - (len - 1) * hLen;\n\n /* 3. For each block of the derived key apply the function F defined\n below to the password P, the salt S, the iteration count c, and\n the block index to compute the block:\n\n T_1 = F(P, S, c, 1),\n T_2 = F(P, S, c, 2),\n ...\n T_len = F(P, S, c, len),\n\n where the function F is defined as the exclusive-or sum of the\n first c iterates of the underlying pseudorandom function PRF\n applied to the password P and the concatenation of the salt S\n and the block index i:\n\n F(P, S, c, i) = u_1 XOR u_2 XOR ... XOR u_c\n\n where\n\n u_1 = PRF(P, S || INT(i)),\n u_2 = PRF(P, u_1),\n ...\n u_c = PRF(P, u_{c-1}).\n\n Here, INT(i) is a four-octet encoding of the integer i, most\n significant octet first. */\n var prf = forge.hmac.create();\n prf.start(md, p);\n var dk = '';\n var xor, u_c, u_c1;\n\n // sync version\n if(!callback) {\n for(var i = 1; i <= len; ++i) {\n // PRF(P, S || INT(i)) (first iteration)\n prf.start(null, null);\n prf.update(s);\n prf.update(forge.util.int32ToBytes(i));\n xor = u_c1 = prf.digest().getBytes();\n\n // PRF(P, u_{c-1}) (other iterations)\n for(var j = 2; j <= c; ++j) {\n prf.start(null, null);\n prf.update(u_c1);\n u_c = prf.digest().getBytes();\n // F(p, s, c, i)\n xor = forge.util.xorBytes(xor, u_c, hLen);\n u_c1 = u_c;\n }\n\n /* 4. Concatenate the blocks and extract the first dkLen octets to\n produce a derived key DK:\n\n DK = T_1 || T_2 || ... || T_len<0..r-1> */\n dk += (i < len) ? xor : xor.substr(0, r);\n }\n /* 5. Output the derived key DK. */\n return dk;\n }\n\n // async version\n var i = 1, j;\n function outer() {\n if(i > len) {\n // done\n return callback(null, dk);\n }\n\n // PRF(P, S || INT(i)) (first iteration)\n prf.start(null, null);\n prf.update(s);\n prf.update(forge.util.int32ToBytes(i));\n xor = u_c1 = prf.digest().getBytes();\n\n // PRF(P, u_{c-1}) (other iterations)\n j = 2;\n inner();\n }\n\n function inner() {\n if(j <= c) {\n prf.start(null, null);\n prf.update(u_c1);\n u_c = prf.digest().getBytes();\n // F(p, s, c, i)\n xor = forge.util.xorBytes(xor, u_c, hLen);\n u_c1 = u_c;\n ++j;\n return forge.util.setImmediate(inner);\n }\n\n /* 4. Concatenate the blocks and extract the first dkLen octets to\n produce a derived key DK:\n\n DK = T_1 || T_2 || ... || T_len<0..r-1> */\n dk += (i < len) ? xor : xor.substr(0, r);\n\n ++i;\n outer();\n }\n\n outer();\n};\n","/**\n * Secure Hash Algorithm with 256-bit digest (SHA-256) implementation.\n *\n * See FIPS 180-2 for details.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2015 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./md');\nrequire('./util');\n\nvar sha256 = module.exports = forge.sha256 = forge.sha256 || {};\nforge.md.sha256 = forge.md.algorithms.sha256 = sha256;\n\n/**\n * Creates a SHA-256 message digest object.\n *\n * @return a message digest object.\n */\nsha256.create = function() {\n // do initialization as necessary\n if(!_initialized) {\n _init();\n }\n\n // SHA-256 state contains eight 32-bit integers\n var _state = null;\n\n // input buffer\n var _input = forge.util.createBuffer();\n\n // used for word storage\n var _w = new Array(64);\n\n // message digest object\n var md = {\n algorithm: 'sha256',\n blockLength: 64,\n digestLength: 32,\n // 56-bit length of message so far (does not including padding)\n messageLength: 0,\n // true message length\n fullMessageLength: null,\n // size of message length in bytes\n messageLengthSize: 8\n };\n\n /**\n * Starts the digest.\n *\n * @return this digest object.\n */\n md.start = function() {\n // up to 56-bit message length for convenience\n md.messageLength = 0;\n\n // full message length (set md.messageLength64 for backwards-compatibility)\n md.fullMessageLength = md.messageLength64 = [];\n var int32s = md.messageLengthSize / 4;\n for(var i = 0; i < int32s; ++i) {\n md.fullMessageLength.push(0);\n }\n _input = forge.util.createBuffer();\n _state = {\n h0: 0x6A09E667,\n h1: 0xBB67AE85,\n h2: 0x3C6EF372,\n h3: 0xA54FF53A,\n h4: 0x510E527F,\n h5: 0x9B05688C,\n h6: 0x1F83D9AB,\n h7: 0x5BE0CD19\n };\n return md;\n };\n // start digest automatically for first time\n md.start();\n\n /**\n * Updates the digest with the given message input. The given input can\n * treated as raw input (no encoding will be applied) or an encoding of\n * 'utf8' maybe given to encode the input using UTF-8.\n *\n * @param msg the message input to update with.\n * @param encoding the encoding to use (default: 'raw', other: 'utf8').\n *\n * @return this digest object.\n */\n md.update = function(msg, encoding) {\n if(encoding === 'utf8') {\n msg = forge.util.encodeUtf8(msg);\n }\n\n // update message length\n var len = msg.length;\n md.messageLength += len;\n len = [(len / 0x100000000) >>> 0, len >>> 0];\n for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {\n md.fullMessageLength[i] += len[1];\n len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0);\n md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0;\n len[0] = ((len[1] / 0x100000000) >>> 0);\n }\n\n // add bytes to input buffer\n _input.putBytes(msg);\n\n // process bytes\n _update(_state, _w, _input);\n\n // compact input buffer every 2K or if empty\n if(_input.read > 2048 || _input.length() === 0) {\n _input.compact();\n }\n\n return md;\n };\n\n /**\n * Produces the digest.\n *\n * @return a byte buffer containing the digest value.\n */\n md.digest = function() {\n /* Note: Here we copy the remaining bytes in the input buffer and\n add the appropriate SHA-256 padding. Then we do the final update\n on a copy of the state so that if the user wants to get\n intermediate digests they can do so. */\n\n /* Determine the number of bytes that must be added to the message\n to ensure its length is congruent to 448 mod 512. In other words,\n the data to be digested must be a multiple of 512 bits (or 128 bytes).\n This data includes the message, some padding, and the length of the\n message. Since the length of the message will be encoded as 8 bytes (64\n bits), that means that the last segment of the data must have 56 bytes\n (448 bits) of message and padding. Therefore, the length of the message\n plus the padding must be congruent to 448 mod 512 because\n 512 - 128 = 448.\n\n In order to fill up the message length it must be filled with\n padding that begins with 1 bit followed by all 0 bits. Padding\n must *always* be present, so if the message length is already\n congruent to 448 mod 512, then 512 padding bits must be added. */\n\n var finalBlock = forge.util.createBuffer();\n finalBlock.putBytes(_input.bytes());\n\n // compute remaining size to be digested (include message length size)\n var remaining = (\n md.fullMessageLength[md.fullMessageLength.length - 1] +\n md.messageLengthSize);\n\n // add padding for overflow blockSize - overflow\n // _padding starts with 1 byte with first bit is set (byte value 128), then\n // there may be up to (blockSize - 1) other pad bytes\n var overflow = remaining & (md.blockLength - 1);\n finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow));\n\n // serialize message length in bits in big-endian order; since length\n // is stored in bytes we multiply by 8 and add carry from next int\n var next, carry;\n var bits = md.fullMessageLength[0] * 8;\n for(var i = 0; i < md.fullMessageLength.length - 1; ++i) {\n next = md.fullMessageLength[i + 1] * 8;\n carry = (next / 0x100000000) >>> 0;\n bits += carry;\n finalBlock.putInt32(bits >>> 0);\n bits = next >>> 0;\n }\n finalBlock.putInt32(bits);\n\n var s2 = {\n h0: _state.h0,\n h1: _state.h1,\n h2: _state.h2,\n h3: _state.h3,\n h4: _state.h4,\n h5: _state.h5,\n h6: _state.h6,\n h7: _state.h7\n };\n _update(s2, _w, finalBlock);\n var rval = forge.util.createBuffer();\n rval.putInt32(s2.h0);\n rval.putInt32(s2.h1);\n rval.putInt32(s2.h2);\n rval.putInt32(s2.h3);\n rval.putInt32(s2.h4);\n rval.putInt32(s2.h5);\n rval.putInt32(s2.h6);\n rval.putInt32(s2.h7);\n return rval;\n };\n\n return md;\n};\n\n// sha-256 padding bytes not initialized yet\nvar _padding = null;\nvar _initialized = false;\n\n// table of constants\nvar _k = null;\n\n/**\n * Initializes the constant tables.\n */\nfunction _init() {\n // create padding\n _padding = String.fromCharCode(128);\n _padding += forge.util.fillString(String.fromCharCode(0x00), 64);\n\n // create K table for SHA-256\n _k = [\n 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,\n 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,\n 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,\n 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,\n 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,\n 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,\n 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,\n 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,\n 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2];\n\n // now initialized\n _initialized = true;\n}\n\n/**\n * Updates a SHA-256 state with the given byte buffer.\n *\n * @param s the SHA-256 state to update.\n * @param w the array to use to store words.\n * @param bytes the byte buffer to update with.\n */\nfunction _update(s, w, bytes) {\n // consume 512 bit (64 byte) chunks\n var t1, t2, s0, s1, ch, maj, i, a, b, c, d, e, f, g, h;\n var len = bytes.length();\n while(len >= 64) {\n // the w array will be populated with sixteen 32-bit big-endian words\n // and then extended into 64 32-bit words according to SHA-256\n for(i = 0; i < 16; ++i) {\n w[i] = bytes.getInt32();\n }\n for(; i < 64; ++i) {\n // XOR word 2 words ago rot right 17, rot right 19, shft right 10\n t1 = w[i - 2];\n t1 =\n ((t1 >>> 17) | (t1 << 15)) ^\n ((t1 >>> 19) | (t1 << 13)) ^\n (t1 >>> 10);\n // XOR word 15 words ago rot right 7, rot right 18, shft right 3\n t2 = w[i - 15];\n t2 =\n ((t2 >>> 7) | (t2 << 25)) ^\n ((t2 >>> 18) | (t2 << 14)) ^\n (t2 >>> 3);\n // sum(t1, word 7 ago, t2, word 16 ago) modulo 2^32\n w[i] = (t1 + w[i - 7] + t2 + w[i - 16]) | 0;\n }\n\n // initialize hash value for this chunk\n a = s.h0;\n b = s.h1;\n c = s.h2;\n d = s.h3;\n e = s.h4;\n f = s.h5;\n g = s.h6;\n h = s.h7;\n\n // round function\n for(i = 0; i < 64; ++i) {\n // Sum1(e)\n s1 =\n ((e >>> 6) | (e << 26)) ^\n ((e >>> 11) | (e << 21)) ^\n ((e >>> 25) | (e << 7));\n // Ch(e, f, g) (optimized the same way as SHA-1)\n ch = g ^ (e & (f ^ g));\n // Sum0(a)\n s0 =\n ((a >>> 2) | (a << 30)) ^\n ((a >>> 13) | (a << 19)) ^\n ((a >>> 22) | (a << 10));\n // Maj(a, b, c) (optimized the same way as SHA-1)\n maj = (a & b) | (c & (a ^ b));\n\n // main algorithm\n t1 = h + s1 + ch + _k[i] + w[i];\n t2 = s0 + maj;\n h = g;\n g = f;\n f = e;\n // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n // can't truncate with `| 0`\n e = (d + t1) >>> 0;\n d = c;\n c = b;\n b = a;\n // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n // can't truncate with `| 0`\n a = (t1 + t2) >>> 0;\n }\n\n // update hash state\n s.h0 = (s.h0 + a) | 0;\n s.h1 = (s.h1 + b) | 0;\n s.h2 = (s.h2 + c) | 0;\n s.h3 = (s.h3 + d) | 0;\n s.h4 = (s.h4 + e) | 0;\n s.h5 = (s.h5 + f) | 0;\n s.h6 = (s.h6 + g) | 0;\n s.h7 = (s.h7 + h) | 0;\n len -= 64;\n }\n}\n","/**\n * A javascript implementation of a cryptographically-secure\n * Pseudo Random Number Generator (PRNG). The Fortuna algorithm is followed\n * here though the use of SHA-256 is not enforced; when generating an\n * a PRNG context, the hashing algorithm and block cipher used for\n * the generator are specified via a plugin.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\n\nvar _crypto = null;\nif(forge.util.isNodejs && !forge.options.usePureJavaScript &&\n !process.versions['node-webkit']) {\n _crypto = require('crypto');\n}\n\n/* PRNG API */\nvar prng = module.exports = forge.prng = forge.prng || {};\n\n/**\n * Creates a new PRNG context.\n *\n * A PRNG plugin must be passed in that will provide:\n *\n * 1. A function that initializes the key and seed of a PRNG context. It\n * will be given a 16 byte key and a 16 byte seed. Any key expansion\n * or transformation of the seed from a byte string into an array of\n * integers (or similar) should be performed.\n * 2. The cryptographic function used by the generator. It takes a key and\n * a seed.\n * 3. A seed increment function. It takes the seed and returns seed + 1.\n * 4. An api to create a message digest.\n *\n * For an example, see random.js.\n *\n * @param plugin the PRNG plugin to use.\n */\nprng.create = function(plugin) {\n var ctx = {\n plugin: plugin,\n key: null,\n seed: null,\n time: null,\n // number of reseeds so far\n reseeds: 0,\n // amount of data generated so far\n generated: 0,\n // no initial key bytes\n keyBytes: ''\n };\n\n // create 32 entropy pools (each is a message digest)\n var md = plugin.md;\n var pools = new Array(32);\n for(var i = 0; i < 32; ++i) {\n pools[i] = md.create();\n }\n ctx.pools = pools;\n\n // entropy pools are written to cyclically, starting at index 0\n ctx.pool = 0;\n\n /**\n * Generates random bytes. The bytes may be generated synchronously or\n * asynchronously. Web workers must use the asynchronous interface or\n * else the behavior is undefined.\n *\n * @param count the number of random bytes to generate.\n * @param [callback(err, bytes)] called once the operation completes.\n *\n * @return count random bytes as a string.\n */\n ctx.generate = function(count, callback) {\n // do synchronously\n if(!callback) {\n return ctx.generateSync(count);\n }\n\n // simple generator using counter-based CBC\n var cipher = ctx.plugin.cipher;\n var increment = ctx.plugin.increment;\n var formatKey = ctx.plugin.formatKey;\n var formatSeed = ctx.plugin.formatSeed;\n var b = forge.util.createBuffer();\n\n // paranoid deviation from Fortuna:\n // reset key for every request to protect previously\n // generated random bytes should the key be discovered;\n // there is no 100ms based reseeding because of this\n // forced reseed for every `generate` call\n ctx.key = null;\n\n generate();\n\n function generate(err) {\n if(err) {\n return callback(err);\n }\n\n // sufficient bytes generated\n if(b.length() >= count) {\n return callback(null, b.getBytes(count));\n }\n\n // if amount of data generated is greater than 1 MiB, trigger reseed\n if(ctx.generated > 0xfffff) {\n ctx.key = null;\n }\n\n if(ctx.key === null) {\n // prevent stack overflow\n return forge.util.nextTick(function() {\n _reseed(generate);\n });\n }\n\n // generate the random bytes\n var bytes = cipher(ctx.key, ctx.seed);\n ctx.generated += bytes.length;\n b.putBytes(bytes);\n\n // generate bytes for a new key and seed\n ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed)));\n ctx.seed = formatSeed(cipher(ctx.key, ctx.seed));\n\n forge.util.setImmediate(generate);\n }\n };\n\n /**\n * Generates random bytes synchronously.\n *\n * @param count the number of random bytes to generate.\n *\n * @return count random bytes as a string.\n */\n ctx.generateSync = function(count) {\n // simple generator using counter-based CBC\n var cipher = ctx.plugin.cipher;\n var increment = ctx.plugin.increment;\n var formatKey = ctx.plugin.formatKey;\n var formatSeed = ctx.plugin.formatSeed;\n\n // paranoid deviation from Fortuna:\n // reset key for every request to protect previously\n // generated random bytes should the key be discovered;\n // there is no 100ms based reseeding because of this\n // forced reseed for every `generateSync` call\n ctx.key = null;\n\n var b = forge.util.createBuffer();\n while(b.length() < count) {\n // if amount of data generated is greater than 1 MiB, trigger reseed\n if(ctx.generated > 0xfffff) {\n ctx.key = null;\n }\n\n if(ctx.key === null) {\n _reseedSync();\n }\n\n // generate the random bytes\n var bytes = cipher(ctx.key, ctx.seed);\n ctx.generated += bytes.length;\n b.putBytes(bytes);\n\n // generate bytes for a new key and seed\n ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed)));\n ctx.seed = formatSeed(cipher(ctx.key, ctx.seed));\n }\n\n return b.getBytes(count);\n };\n\n /**\n * Private function that asynchronously reseeds a generator.\n *\n * @param callback(err) called once the operation completes.\n */\n function _reseed(callback) {\n if(ctx.pools[0].messageLength >= 32) {\n _seed();\n return callback();\n }\n // not enough seed data...\n var needed = (32 - ctx.pools[0].messageLength) << 5;\n ctx.seedFile(needed, function(err, bytes) {\n if(err) {\n return callback(err);\n }\n ctx.collect(bytes);\n _seed();\n callback();\n });\n }\n\n /**\n * Private function that synchronously reseeds a generator.\n */\n function _reseedSync() {\n if(ctx.pools[0].messageLength >= 32) {\n return _seed();\n }\n // not enough seed data...\n var needed = (32 - ctx.pools[0].messageLength) << 5;\n ctx.collect(ctx.seedFileSync(needed));\n _seed();\n }\n\n /**\n * Private function that seeds a generator once enough bytes are available.\n */\n function _seed() {\n // update reseed count\n ctx.reseeds = (ctx.reseeds === 0xffffffff) ? 0 : ctx.reseeds + 1;\n\n // goal is to update `key` via:\n // key = hash(key + s)\n // where 's' is all collected entropy from selected pools, then...\n\n // create a plugin-based message digest\n var md = ctx.plugin.md.create();\n\n // consume current key bytes\n md.update(ctx.keyBytes);\n\n // digest the entropy of pools whose index k meet the\n // condition 'n mod 2^k == 0' where n is the number of reseeds\n var _2powK = 1;\n for(var k = 0; k < 32; ++k) {\n if(ctx.reseeds % _2powK === 0) {\n md.update(ctx.pools[k].digest().getBytes());\n ctx.pools[k].start();\n }\n _2powK = _2powK << 1;\n }\n\n // get digest for key bytes\n ctx.keyBytes = md.digest().getBytes();\n\n // paranoid deviation from Fortuna:\n // update `seed` via `seed = hash(key)`\n // instead of initializing to zero once and only\n // ever incrementing it\n md.start();\n md.update(ctx.keyBytes);\n var seedBytes = md.digest().getBytes();\n\n // update state\n ctx.key = ctx.plugin.formatKey(ctx.keyBytes);\n ctx.seed = ctx.plugin.formatSeed(seedBytes);\n ctx.generated = 0;\n }\n\n /**\n * The built-in default seedFile. This seedFile is used when entropy\n * is needed immediately.\n *\n * @param needed the number of bytes that are needed.\n *\n * @return the random bytes.\n */\n function defaultSeedFile(needed) {\n // use window.crypto.getRandomValues strong source of entropy if available\n var getRandomValues = null;\n var globalScope = forge.util.globalScope;\n var _crypto = globalScope.crypto || globalScope.msCrypto;\n if(_crypto && _crypto.getRandomValues) {\n getRandomValues = function(arr) {\n return _crypto.getRandomValues(arr);\n };\n }\n\n var b = forge.util.createBuffer();\n if(getRandomValues) {\n while(b.length() < needed) {\n // max byte length is 65536 before QuotaExceededError is thrown\n // http://www.w3.org/TR/WebCryptoAPI/#RandomSource-method-getRandomValues\n var count = Math.max(1, Math.min(needed - b.length(), 65536) / 4);\n var entropy = new Uint32Array(Math.floor(count));\n try {\n getRandomValues(entropy);\n for(var i = 0; i < entropy.length; ++i) {\n b.putInt32(entropy[i]);\n }\n } catch(e) {\n /* only ignore QuotaExceededError */\n if(!(typeof QuotaExceededError !== 'undefined' &&\n e instanceof QuotaExceededError)) {\n throw e;\n }\n }\n }\n }\n\n // be sad and add some weak random data\n if(b.length() < needed) {\n /* Draws from Park-Miller \"minimal standard\" 31 bit PRNG,\n implemented with David G. Carta's optimization: with 32 bit math\n and without division (Public Domain). */\n var hi, lo, next;\n var seed = Math.floor(Math.random() * 0x010000);\n while(b.length() < needed) {\n lo = 16807 * (seed & 0xFFFF);\n hi = 16807 * (seed >> 16);\n lo += (hi & 0x7FFF) << 16;\n lo += hi >> 15;\n lo = (lo & 0x7FFFFFFF) + (lo >> 31);\n seed = lo & 0xFFFFFFFF;\n\n // consume lower 3 bytes of seed\n for(var i = 0; i < 3; ++i) {\n // throw in more pseudo random\n next = seed >>> (i << 3);\n next ^= Math.floor(Math.random() * 0x0100);\n b.putByte(next & 0xFF);\n }\n }\n }\n\n return b.getBytes(needed);\n }\n // initialize seed file APIs\n if(_crypto) {\n // use nodejs async API\n ctx.seedFile = function(needed, callback) {\n _crypto.randomBytes(needed, function(err, bytes) {\n if(err) {\n return callback(err);\n }\n callback(null, bytes.toString());\n });\n };\n // use nodejs sync API\n ctx.seedFileSync = function(needed) {\n return _crypto.randomBytes(needed).toString();\n };\n } else {\n ctx.seedFile = function(needed, callback) {\n try {\n callback(null, defaultSeedFile(needed));\n } catch(e) {\n callback(e);\n }\n };\n ctx.seedFileSync = defaultSeedFile;\n }\n\n /**\n * Adds entropy to a prng ctx's accumulator.\n *\n * @param bytes the bytes of entropy as a string.\n */\n ctx.collect = function(bytes) {\n // iterate over pools distributing entropy cyclically\n var count = bytes.length;\n for(var i = 0; i < count; ++i) {\n ctx.pools[ctx.pool].update(bytes.substr(i, 1));\n ctx.pool = (ctx.pool === 31) ? 0 : ctx.pool + 1;\n }\n };\n\n /**\n * Collects an integer of n bits.\n *\n * @param i the integer entropy.\n * @param n the number of bits in the integer.\n */\n ctx.collectInt = function(i, n) {\n var bytes = '';\n for(var x = 0; x < n; x += 8) {\n bytes += String.fromCharCode((i >> x) & 0xFF);\n }\n ctx.collect(bytes);\n };\n\n /**\n * Registers a Web Worker to receive immediate entropy from the main thread.\n * This method is required until Web Workers can access the native crypto\n * API. This method should be called twice for each created worker, once in\n * the main thread, and once in the worker itself.\n *\n * @param worker the worker to register.\n */\n ctx.registerWorker = function(worker) {\n // worker receives random bytes\n if(worker === self) {\n ctx.seedFile = function(needed, callback) {\n function listener(e) {\n var data = e.data;\n if(data.forge && data.forge.prng) {\n self.removeEventListener('message', listener);\n callback(data.forge.prng.err, data.forge.prng.bytes);\n }\n }\n self.addEventListener('message', listener);\n self.postMessage({forge: {prng: {needed: needed}}});\n };\n } else {\n // main thread sends random bytes upon request\n var listener = function(e) {\n var data = e.data;\n if(data.forge && data.forge.prng) {\n ctx.seedFile(data.forge.prng.needed, function(err, bytes) {\n worker.postMessage({forge: {prng: {err: err, bytes: bytes}}});\n });\n }\n };\n // TODO: do we need to remove the event listener when the worker dies?\n worker.addEventListener('message', listener);\n }\n };\n\n return ctx;\n};\n","/**\n * An API for getting cryptographically-secure random bytes. The bytes are\n * generated using the Fortuna algorithm devised by Bruce Schneier and\n * Niels Ferguson.\n *\n * Getting strong random bytes is not yet easy to do in javascript. The only\n * truish random entropy that can be collected is from the mouse, keyboard, or\n * from timing with respect to page loads, etc. This generator makes a poor\n * attempt at providing random bytes when those sources haven't yet provided\n * enough entropy to initially seed or to reseed the PRNG.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2009-2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./aes');\nrequire('./sha256');\nrequire('./prng');\nrequire('./util');\n\n(function() {\n\n// forge.random already defined\nif(forge.random && forge.random.getBytes) {\n module.exports = forge.random;\n return;\n}\n\n(function(jQuery) {\n\n// the default prng plugin, uses AES-128\nvar prng_aes = {};\nvar _prng_aes_output = new Array(4);\nvar _prng_aes_buffer = forge.util.createBuffer();\nprng_aes.formatKey = function(key) {\n // convert the key into 32-bit integers\n var tmp = forge.util.createBuffer(key);\n key = new Array(4);\n key[0] = tmp.getInt32();\n key[1] = tmp.getInt32();\n key[2] = tmp.getInt32();\n key[3] = tmp.getInt32();\n\n // return the expanded key\n return forge.aes._expandKey(key, false);\n};\nprng_aes.formatSeed = function(seed) {\n // convert seed into 32-bit integers\n var tmp = forge.util.createBuffer(seed);\n seed = new Array(4);\n seed[0] = tmp.getInt32();\n seed[1] = tmp.getInt32();\n seed[2] = tmp.getInt32();\n seed[3] = tmp.getInt32();\n return seed;\n};\nprng_aes.cipher = function(key, seed) {\n forge.aes._updateBlock(key, seed, _prng_aes_output, false);\n _prng_aes_buffer.putInt32(_prng_aes_output[0]);\n _prng_aes_buffer.putInt32(_prng_aes_output[1]);\n _prng_aes_buffer.putInt32(_prng_aes_output[2]);\n _prng_aes_buffer.putInt32(_prng_aes_output[3]);\n return _prng_aes_buffer.getBytes();\n};\nprng_aes.increment = function(seed) {\n // FIXME: do we care about carry or signed issues?\n ++seed[3];\n return seed;\n};\nprng_aes.md = forge.md.sha256;\n\n/**\n * Creates a new PRNG.\n */\nfunction spawnPrng() {\n var ctx = forge.prng.create(prng_aes);\n\n /**\n * Gets random bytes. If a native secure crypto API is unavailable, this\n * method tries to make the bytes more unpredictable by drawing from data that\n * can be collected from the user of the browser, eg: mouse movement.\n *\n * If a callback is given, this method will be called asynchronously.\n *\n * @param count the number of random bytes to get.\n * @param [callback(err, bytes)] called once the operation completes.\n *\n * @return the random bytes in a string.\n */\n ctx.getBytes = function(count, callback) {\n return ctx.generate(count, callback);\n };\n\n /**\n * Gets random bytes asynchronously. If a native secure crypto API is\n * unavailable, this method tries to make the bytes more unpredictable by\n * drawing from data that can be collected from the user of the browser,\n * eg: mouse movement.\n *\n * @param count the number of random bytes to get.\n *\n * @return the random bytes in a string.\n */\n ctx.getBytesSync = function(count) {\n return ctx.generate(count);\n };\n\n return ctx;\n}\n\n// create default prng context\nvar _ctx = spawnPrng();\n\n// add other sources of entropy only if window.crypto.getRandomValues is not\n// available -- otherwise this source will be automatically used by the prng\nvar getRandomValues = null;\nvar globalScope = forge.util.globalScope;\nvar _crypto = globalScope.crypto || globalScope.msCrypto;\nif(_crypto && _crypto.getRandomValues) {\n getRandomValues = function(arr) {\n return _crypto.getRandomValues(arr);\n };\n}\n\nif(forge.options.usePureJavaScript ||\n (!forge.util.isNodejs && !getRandomValues)) {\n // if this is a web worker, do not use weak entropy, instead register to\n // receive strong entropy asynchronously from the main thread\n if(typeof window === 'undefined' || window.document === undefined) {\n // FIXME:\n }\n\n // get load time entropy\n _ctx.collectInt(+new Date(), 32);\n\n // add some entropy from navigator object\n if(typeof(navigator) !== 'undefined') {\n var _navBytes = '';\n for(var key in navigator) {\n try {\n if(typeof(navigator[key]) == 'string') {\n _navBytes += navigator[key];\n }\n } catch(e) {\n /* Some navigator keys might not be accessible, e.g. the geolocation\n attribute throws an exception if touched in Mozilla chrome://\n context.\n\n Silently ignore this and just don't use this as a source of\n entropy. */\n }\n }\n _ctx.collect(_navBytes);\n _navBytes = null;\n }\n\n // add mouse and keyboard collectors if jquery is available\n if(jQuery) {\n // set up mouse entropy capture\n jQuery().mousemove(function(e) {\n // add mouse coords\n _ctx.collectInt(e.clientX, 16);\n _ctx.collectInt(e.clientY, 16);\n });\n\n // set up keyboard entropy capture\n jQuery().keypress(function(e) {\n _ctx.collectInt(e.charCode, 8);\n });\n }\n}\n\n/* Random API */\nif(!forge.random) {\n forge.random = _ctx;\n} else {\n // extend forge.random with _ctx\n for(var key in _ctx) {\n forge.random[key] = _ctx[key];\n }\n}\n\n// expose spawn PRNG\nforge.random.createInstance = spawnPrng;\n\nmodule.exports = forge.random;\n\n})(typeof(jQuery) !== 'undefined' ? jQuery : null);\n\n})();\n","/**\n * RC2 implementation.\n *\n * @author Stefan Siegl\n *\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n *\n * Information on the RC2 cipher is available from RFC #2268,\n * http://www.ietf.org/rfc/rfc2268.txt\n */\nvar forge = require('./forge');\nrequire('./util');\n\nvar piTable = [\n 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d,\n 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2,\n 0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,\n 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82,\n 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc,\n 0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,\n 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03,\n 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7,\n 0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,\n 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec,\n 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39,\n 0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,\n 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9,\n 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9,\n 0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,\n 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad\n];\n\nvar s = [1, 2, 3, 5];\n\n/**\n * Rotate a word left by given number of bits.\n *\n * Bits that are shifted out on the left are put back in on the right\n * hand side.\n *\n * @param word The word to shift left.\n * @param bits The number of bits to shift by.\n * @return The rotated word.\n */\nvar rol = function(word, bits) {\n return ((word << bits) & 0xffff) | ((word & 0xffff) >> (16 - bits));\n};\n\n/**\n * Rotate a word right by given number of bits.\n *\n * Bits that are shifted out on the right are put back in on the left\n * hand side.\n *\n * @param word The word to shift right.\n * @param bits The number of bits to shift by.\n * @return The rotated word.\n */\nvar ror = function(word, bits) {\n return ((word & 0xffff) >> bits) | ((word << (16 - bits)) & 0xffff);\n};\n\n/* RC2 API */\nmodule.exports = forge.rc2 = forge.rc2 || {};\n\n/**\n * Perform RC2 key expansion as per RFC #2268, section 2.\n *\n * @param key variable-length user key (between 1 and 128 bytes)\n * @param effKeyBits number of effective key bits (default: 128)\n * @return the expanded RC2 key (ByteBuffer of 128 bytes)\n */\nforge.rc2.expandKey = function(key, effKeyBits) {\n if(typeof key === 'string') {\n key = forge.util.createBuffer(key);\n }\n effKeyBits = effKeyBits || 128;\n\n /* introduce variables that match the names used in RFC #2268 */\n var L = key;\n var T = key.length();\n var T1 = effKeyBits;\n var T8 = Math.ceil(T1 / 8);\n var TM = 0xff >> (T1 & 0x07);\n var i;\n\n for(i = T; i < 128; i++) {\n L.putByte(piTable[(L.at(i - 1) + L.at(i - T)) & 0xff]);\n }\n\n L.setAt(128 - T8, piTable[L.at(128 - T8) & TM]);\n\n for(i = 127 - T8; i >= 0; i--) {\n L.setAt(i, piTable[L.at(i + 1) ^ L.at(i + T8)]);\n }\n\n return L;\n};\n\n/**\n * Creates a RC2 cipher object.\n *\n * @param key the symmetric key to use (as base for key generation).\n * @param bits the number of effective key bits.\n * @param encrypt false for decryption, true for encryption.\n *\n * @return the cipher.\n */\nvar createCipher = function(key, bits, encrypt) {\n var _finish = false, _input = null, _output = null, _iv = null;\n var mixRound, mashRound;\n var i, j, K = [];\n\n /* Expand key and fill into K[] Array */\n key = forge.rc2.expandKey(key, bits);\n for(i = 0; i < 64; i++) {\n K.push(key.getInt16Le());\n }\n\n if(encrypt) {\n /**\n * Perform one mixing round \"in place\".\n *\n * @param R Array of four words to perform mixing on.\n */\n mixRound = function(R) {\n for(i = 0; i < 4; i++) {\n R[i] += K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) +\n ((~R[(i + 3) % 4]) & R[(i + 1) % 4]);\n R[i] = rol(R[i], s[i]);\n j++;\n }\n };\n\n /**\n * Perform one mashing round \"in place\".\n *\n * @param R Array of four words to perform mashing on.\n */\n mashRound = function(R) {\n for(i = 0; i < 4; i++) {\n R[i] += K[R[(i + 3) % 4] & 63];\n }\n };\n } else {\n /**\n * Perform one r-mixing round \"in place\".\n *\n * @param R Array of four words to perform mixing on.\n */\n mixRound = function(R) {\n for(i = 3; i >= 0; i--) {\n R[i] = ror(R[i], s[i]);\n R[i] -= K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) +\n ((~R[(i + 3) % 4]) & R[(i + 1) % 4]);\n j--;\n }\n };\n\n /**\n * Perform one r-mashing round \"in place\".\n *\n * @param R Array of four words to perform mashing on.\n */\n mashRound = function(R) {\n for(i = 3; i >= 0; i--) {\n R[i] -= K[R[(i + 3) % 4] & 63];\n }\n };\n }\n\n /**\n * Run the specified cipher execution plan.\n *\n * This function takes four words from the input buffer, applies the IV on\n * it (if requested) and runs the provided execution plan.\n *\n * The plan must be put together in form of a array of arrays. Where the\n * outer one is simply a list of steps to perform and the inner one needs\n * to have two elements: the first one telling how many rounds to perform,\n * the second one telling what to do (i.e. the function to call).\n *\n * @param {Array} plan The plan to execute.\n */\n var runPlan = function(plan) {\n var R = [];\n\n /* Get data from input buffer and fill the four words into R */\n for(i = 0; i < 4; i++) {\n var val = _input.getInt16Le();\n\n if(_iv !== null) {\n if(encrypt) {\n /* We're encrypting, apply the IV first. */\n val ^= _iv.getInt16Le();\n } else {\n /* We're decryption, keep cipher text for next block. */\n _iv.putInt16Le(val);\n }\n }\n\n R.push(val & 0xffff);\n }\n\n /* Reset global \"j\" variable as per spec. */\n j = encrypt ? 0 : 63;\n\n /* Run execution plan. */\n for(var ptr = 0; ptr < plan.length; ptr++) {\n for(var ctr = 0; ctr < plan[ptr][0]; ctr++) {\n plan[ptr][1](R);\n }\n }\n\n /* Write back result to output buffer. */\n for(i = 0; i < 4; i++) {\n if(_iv !== null) {\n if(encrypt) {\n /* We're encrypting in CBC-mode, feed back encrypted bytes into\n IV buffer to carry it forward to next block. */\n _iv.putInt16Le(R[i]);\n } else {\n R[i] ^= _iv.getInt16Le();\n }\n }\n\n _output.putInt16Le(R[i]);\n }\n };\n\n /* Create cipher object */\n var cipher = null;\n cipher = {\n /**\n * Starts or restarts the encryption or decryption process, whichever\n * was previously configured.\n *\n * To use the cipher in CBC mode, iv may be given either as a string\n * of bytes, or as a byte buffer. For ECB mode, give null as iv.\n *\n * @param iv the initialization vector to use, null for ECB mode.\n * @param output the output the buffer to write to, null to create one.\n */\n start: function(iv, output) {\n if(iv) {\n /* CBC mode */\n if(typeof iv === 'string') {\n iv = forge.util.createBuffer(iv);\n }\n }\n\n _finish = false;\n _input = forge.util.createBuffer();\n _output = output || new forge.util.createBuffer();\n _iv = iv;\n\n cipher.output = _output;\n },\n\n /**\n * Updates the next block.\n *\n * @param input the buffer to read from.\n */\n update: function(input) {\n if(!_finish) {\n // not finishing, so fill the input buffer with more input\n _input.putBuffer(input);\n }\n\n while(_input.length() >= 8) {\n runPlan([\n [ 5, mixRound ],\n [ 1, mashRound ],\n [ 6, mixRound ],\n [ 1, mashRound ],\n [ 5, mixRound ]\n ]);\n }\n },\n\n /**\n * Finishes encrypting or decrypting.\n *\n * @param pad a padding function to use, null for PKCS#7 padding,\n * signature(blockSize, buffer, decrypt).\n *\n * @return true if successful, false on error.\n */\n finish: function(pad) {\n var rval = true;\n\n if(encrypt) {\n if(pad) {\n rval = pad(8, _input, !encrypt);\n } else {\n // add PKCS#7 padding to block (each pad byte is the\n // value of the number of pad bytes)\n var padding = (_input.length() === 8) ? 8 : (8 - _input.length());\n _input.fillWithByte(padding, padding);\n }\n }\n\n if(rval) {\n // do final update\n _finish = true;\n cipher.update();\n }\n\n if(!encrypt) {\n // check for error: input data not a multiple of block size\n rval = (_input.length() === 0);\n if(rval) {\n if(pad) {\n rval = pad(8, _output, !encrypt);\n } else {\n // ensure padding byte count is valid\n var len = _output.length();\n var count = _output.at(len - 1);\n\n if(count > len) {\n rval = false;\n } else {\n // trim off padding bytes\n _output.truncate(count);\n }\n }\n }\n }\n\n return rval;\n }\n };\n\n return cipher;\n};\n\n/**\n * Creates an RC2 cipher object to encrypt data in ECB or CBC mode using the\n * given symmetric key. The output will be stored in the 'output' member\n * of the returned cipher.\n *\n * The key and iv may be given as a string of bytes or a byte buffer.\n * The cipher is initialized to use 128 effective key bits.\n *\n * @param key the symmetric key to use.\n * @param iv the initialization vector to use.\n * @param output the buffer to write to, null to create one.\n *\n * @return the cipher.\n */\nforge.rc2.startEncrypting = function(key, iv, output) {\n var cipher = forge.rc2.createEncryptionCipher(key, 128);\n cipher.start(iv, output);\n return cipher;\n};\n\n/**\n * Creates an RC2 cipher object to encrypt data in ECB or CBC mode using the\n * given symmetric key.\n *\n * The key may be given as a string of bytes or a byte buffer.\n *\n * To start encrypting call start() on the cipher with an iv and optional\n * output buffer.\n *\n * @param key the symmetric key to use.\n *\n * @return the cipher.\n */\nforge.rc2.createEncryptionCipher = function(key, bits) {\n return createCipher(key, bits, true);\n};\n\n/**\n * Creates an RC2 cipher object to decrypt data in ECB or CBC mode using the\n * given symmetric key. The output will be stored in the 'output' member\n * of the returned cipher.\n *\n * The key and iv may be given as a string of bytes or a byte buffer.\n * The cipher is initialized to use 128 effective key bits.\n *\n * @param key the symmetric key to use.\n * @param iv the initialization vector to use.\n * @param output the buffer to write to, null to create one.\n *\n * @return the cipher.\n */\nforge.rc2.startDecrypting = function(key, iv, output) {\n var cipher = forge.rc2.createDecryptionCipher(key, 128);\n cipher.start(iv, output);\n return cipher;\n};\n\n/**\n * Creates an RC2 cipher object to decrypt data in ECB or CBC mode using the\n * given symmetric key.\n *\n * The key may be given as a string of bytes or a byte buffer.\n *\n * To start decrypting call start() on the cipher with an iv and optional\n * output buffer.\n *\n * @param key the symmetric key to use.\n *\n * @return the cipher.\n */\nforge.rc2.createDecryptionCipher = function(key, bits) {\n return createCipher(key, bits, false);\n};\n","// Copyright (c) 2005 Tom Wu\n// All Rights Reserved.\n// See \"LICENSE\" for details.\n\n// Basic JavaScript BN library - subset useful for RSA encryption.\n\n/*\nLicensing (LICENSE)\n-------------------\n\nThis software is covered under the following copyright:\n*/\n/*\n * Copyright (c) 2003-2005 Tom Wu\n * All Rights Reserved.\n *\n * Permission is hereby granted, free of charge, to any person obtaining\n * a copy of this software and associated documentation files (the\n * \"Software\"), to deal in the Software without restriction, including\n * without limitation the rights to use, copy, modify, merge, publish,\n * distribute, sublicense, and/or sell copies of the Software, and to\n * permit persons to whom the Software is furnished to do so, subject to\n * the following conditions:\n *\n * The above copyright notice and this permission notice shall be\n * included in all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS-IS\" AND WITHOUT WARRANTY OF ANY KIND,\n * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY\n * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.\n *\n * IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL,\n * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER\n * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF\n * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT\n * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.\n *\n * In addition, the following condition applies:\n *\n * All redistributions must retain an intact copy of this copyright notice\n * and disclaimer.\n */\n/*\nAddress all questions regarding this license to:\n\n Tom Wu\n tjw@cs.Stanford.EDU\n*/\nvar forge = require('./forge');\n\nmodule.exports = forge.jsbn = forge.jsbn || {};\n\n// Bits per digit\nvar dbits;\n\n// JavaScript engine analysis\nvar canary = 0xdeadbeefcafe;\nvar j_lm = ((canary&0xffffff)==0xefcafe);\n\n// (public) Constructor\nfunction BigInteger(a,b,c) {\n this.data = [];\n if(a != null)\n if(\"number\" == typeof a) this.fromNumber(a,b,c);\n else if(b == null && \"string\" != typeof a) this.fromString(a,256);\n else this.fromString(a,b);\n}\nforge.jsbn.BigInteger = BigInteger;\n\n// return new, unset BigInteger\nfunction nbi() { return new BigInteger(null); }\n\n// am: Compute w_j += (x*this_i), propagate carries,\n// c is initial carry, returns final carry.\n// c < 3*dvalue, x < 2*dvalue, this_i < dvalue\n// We need to select the fastest one that works in this environment.\n\n// am1: use a single mult and divide to get the high bits,\n// max digit bits should be 26 because\n// max internal value = 2*dvalue^2-2*dvalue (< 2^53)\nfunction am1(i,x,w,j,c,n) {\n while(--n >= 0) {\n var v = x*this.data[i++]+w.data[j]+c;\n c = Math.floor(v/0x4000000);\n w.data[j++] = v&0x3ffffff;\n }\n return c;\n}\n// am2 avoids a big mult-and-extract completely.\n// Max digit bits should be <= 30 because we do bitwise ops\n// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)\nfunction am2(i,x,w,j,c,n) {\n var xl = x&0x7fff, xh = x>>15;\n while(--n >= 0) {\n var l = this.data[i]&0x7fff;\n var h = this.data[i++]>>15;\n var m = xh*l+h*xl;\n l = xl*l+((m&0x7fff)<<15)+w.data[j]+(c&0x3fffffff);\n c = (l>>>30)+(m>>>15)+xh*h+(c>>>30);\n w.data[j++] = l&0x3fffffff;\n }\n return c;\n}\n// Alternately, set max digit bits to 28 since some\n// browsers slow down when dealing with 32-bit numbers.\nfunction am3(i,x,w,j,c,n) {\n var xl = x&0x3fff, xh = x>>14;\n while(--n >= 0) {\n var l = this.data[i]&0x3fff;\n var h = this.data[i++]>>14;\n var m = xh*l+h*xl;\n l = xl*l+((m&0x3fff)<<14)+w.data[j]+c;\n c = (l>>28)+(m>>14)+xh*h;\n w.data[j++] = l&0xfffffff;\n }\n return c;\n}\n\n// node.js (no browser)\nif(typeof(navigator) === 'undefined')\n{\n BigInteger.prototype.am = am3;\n dbits = 28;\n} else if(j_lm && (navigator.appName == \"Microsoft Internet Explorer\")) {\n BigInteger.prototype.am = am2;\n dbits = 30;\n} else if(j_lm && (navigator.appName != \"Netscape\")) {\n BigInteger.prototype.am = am1;\n dbits = 26;\n} else { // Mozilla/Netscape seems to prefer am3\n BigInteger.prototype.am = am3;\n dbits = 28;\n}\n\nBigInteger.prototype.DB = dbits;\nBigInteger.prototype.DM = ((1<<dbits)-1);\nBigInteger.prototype.DV = (1<<dbits);\n\nvar BI_FP = 52;\nBigInteger.prototype.FV = Math.pow(2,BI_FP);\nBigInteger.prototype.F1 = BI_FP-dbits;\nBigInteger.prototype.F2 = 2*dbits-BI_FP;\n\n// Digit conversions\nvar BI_RM = \"0123456789abcdefghijklmnopqrstuvwxyz\";\nvar BI_RC = new Array();\nvar rr,vv;\nrr = \"0\".charCodeAt(0);\nfor(vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv;\nrr = \"a\".charCodeAt(0);\nfor(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;\nrr = \"A\".charCodeAt(0);\nfor(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;\n\nfunction int2char(n) { return BI_RM.charAt(n); }\nfunction intAt(s,i) {\n var c = BI_RC[s.charCodeAt(i)];\n return (c==null)?-1:c;\n}\n\n// (protected) copy this to r\nfunction bnpCopyTo(r) {\n for(var i = this.t-1; i >= 0; --i) r.data[i] = this.data[i];\n r.t = this.t;\n r.s = this.s;\n}\n\n// (protected) set from integer value x, -DV <= x < DV\nfunction bnpFromInt(x) {\n this.t = 1;\n this.s = (x<0)?-1:0;\n if(x > 0) this.data[0] = x;\n else if(x < -1) this.data[0] = x+this.DV;\n else this.t = 0;\n}\n\n// return bigint initialized to value\nfunction nbv(i) { var r = nbi(); r.fromInt(i); return r; }\n\n// (protected) set from string and radix\nfunction bnpFromString(s,b) {\n var k;\n if(b == 16) k = 4;\n else if(b == 8) k = 3;\n else if(b == 256) k = 8; // byte array\n else if(b == 2) k = 1;\n else if(b == 32) k = 5;\n else if(b == 4) k = 2;\n else { this.fromRadix(s,b); return; }\n this.t = 0;\n this.s = 0;\n var i = s.length, mi = false, sh = 0;\n while(--i >= 0) {\n var x = (k==8)?s[i]&0xff:intAt(s,i);\n if(x < 0) {\n if(s.charAt(i) == \"-\") mi = true;\n continue;\n }\n mi = false;\n if(sh == 0)\n this.data[this.t++] = x;\n else if(sh+k > this.DB) {\n this.data[this.t-1] |= (x&((1<<(this.DB-sh))-1))<<sh;\n this.data[this.t++] = (x>>(this.DB-sh));\n } else\n this.data[this.t-1] |= x<<sh;\n sh += k;\n if(sh >= this.DB) sh -= this.DB;\n }\n if(k == 8 && (s[0]&0x80) != 0) {\n this.s = -1;\n if(sh > 0) this.data[this.t-1] |= ((1<<(this.DB-sh))-1)<<sh;\n }\n this.clamp();\n if(mi) BigInteger.ZERO.subTo(this,this);\n}\n\n// (protected) clamp off excess high words\nfunction bnpClamp() {\n var c = this.s&this.DM;\n while(this.t > 0 && this.data[this.t-1] == c) --this.t;\n}\n\n// (public) return string representation in given radix\nfunction bnToString(b) {\n if(this.s < 0) return \"-\"+this.negate().toString(b);\n var k;\n if(b == 16) k = 4;\n else if(b == 8) k = 3;\n else if(b == 2) k = 1;\n else if(b == 32) k = 5;\n else if(b == 4) k = 2;\n else return this.toRadix(b);\n var km = (1<<k)-1, d, m = false, r = \"\", i = this.t;\n var p = this.DB-(i*this.DB)%k;\n if(i-- > 0) {\n if(p < this.DB && (d = this.data[i]>>p) > 0) { m = true; r = int2char(d); }\n while(i >= 0) {\n if(p < k) {\n d = (this.data[i]&((1<<p)-1))<<(k-p);\n d |= this.data[--i]>>(p+=this.DB-k);\n } else {\n d = (this.data[i]>>(p-=k))&km;\n if(p <= 0) { p += this.DB; --i; }\n }\n if(d > 0) m = true;\n if(m) r += int2char(d);\n }\n }\n return m?r:\"0\";\n}\n\n// (public) -this\nfunction bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; }\n\n// (public) |this|\nfunction bnAbs() { return (this.s<0)?this.negate():this; }\n\n// (public) return + if this > a, - if this < a, 0 if equal\nfunction bnCompareTo(a) {\n var r = this.s-a.s;\n if(r != 0) return r;\n var i = this.t;\n r = i-a.t;\n if(r != 0) return (this.s<0)?-r:r;\n while(--i >= 0) if((r=this.data[i]-a.data[i]) != 0) return r;\n return 0;\n}\n\n// returns bit length of the integer x\nfunction nbits(x) {\n var r = 1, t;\n if((t=x>>>16) != 0) { x = t; r += 16; }\n if((t=x>>8) != 0) { x = t; r += 8; }\n if((t=x>>4) != 0) { x = t; r += 4; }\n if((t=x>>2) != 0) { x = t; r += 2; }\n if((t=x>>1) != 0) { x = t; r += 1; }\n return r;\n}\n\n// (public) return the number of bits in \"this\"\nfunction bnBitLength() {\n if(this.t <= 0) return 0;\n return this.DB*(this.t-1)+nbits(this.data[this.t-1]^(this.s&this.DM));\n}\n\n// (protected) r = this << n*DB\nfunction bnpDLShiftTo(n,r) {\n var i;\n for(i = this.t-1; i >= 0; --i) r.data[i+n] = this.data[i];\n for(i = n-1; i >= 0; --i) r.data[i] = 0;\n r.t = this.t+n;\n r.s = this.s;\n}\n\n// (protected) r = this >> n*DB\nfunction bnpDRShiftTo(n,r) {\n for(var i = n; i < this.t; ++i) r.data[i-n] = this.data[i];\n r.t = Math.max(this.t-n,0);\n r.s = this.s;\n}\n\n// (protected) r = this << n\nfunction bnpLShiftTo(n,r) {\n var bs = n%this.DB;\n var cbs = this.DB-bs;\n var bm = (1<<cbs)-1;\n var ds = Math.floor(n/this.DB), c = (this.s<<bs)&this.DM, i;\n for(i = this.t-1; i >= 0; --i) {\n r.data[i+ds+1] = (this.data[i]>>cbs)|c;\n c = (this.data[i]&bm)<<bs;\n }\n for(i = ds-1; i >= 0; --i) r.data[i] = 0;\n r.data[ds] = c;\n r.t = this.t+ds+1;\n r.s = this.s;\n r.clamp();\n}\n\n// (protected) r = this >> n\nfunction bnpRShiftTo(n,r) {\n r.s = this.s;\n var ds = Math.floor(n/this.DB);\n if(ds >= this.t) { r.t = 0; return; }\n var bs = n%this.DB;\n var cbs = this.DB-bs;\n var bm = (1<<bs)-1;\n r.data[0] = this.data[ds]>>bs;\n for(var i = ds+1; i < this.t; ++i) {\n r.data[i-ds-1] |= (this.data[i]&bm)<<cbs;\n r.data[i-ds] = this.data[i]>>bs;\n }\n if(bs > 0) r.data[this.t-ds-1] |= (this.s&bm)<<cbs;\n r.t = this.t-ds;\n r.clamp();\n}\n\n// (protected) r = this - a\nfunction bnpSubTo(a,r) {\n var i = 0, c = 0, m = Math.min(a.t,this.t);\n while(i < m) {\n c += this.data[i]-a.data[i];\n r.data[i++] = c&this.DM;\n c >>= this.DB;\n }\n if(a.t < this.t) {\n c -= a.s;\n while(i < this.t) {\n c += this.data[i];\n r.data[i++] = c&this.DM;\n c >>= this.DB;\n }\n c += this.s;\n } else {\n c += this.s;\n while(i < a.t) {\n c -= a.data[i];\n r.data[i++] = c&this.DM;\n c >>= this.DB;\n }\n c -= a.s;\n }\n r.s = (c<0)?-1:0;\n if(c < -1) r.data[i++] = this.DV+c;\n else if(c > 0) r.data[i++] = c;\n r.t = i;\n r.clamp();\n}\n\n// (protected) r = this * a, r != this,a (HAC 14.12)\n// \"this\" should be the larger one if appropriate.\nfunction bnpMultiplyTo(a,r) {\n var x = this.abs(), y = a.abs();\n var i = x.t;\n r.t = i+y.t;\n while(--i >= 0) r.data[i] = 0;\n for(i = 0; i < y.t; ++i) r.data[i+x.t] = x.am(0,y.data[i],r,i,0,x.t);\n r.s = 0;\n r.clamp();\n if(this.s != a.s) BigInteger.ZERO.subTo(r,r);\n}\n\n// (protected) r = this^2, r != this (HAC 14.16)\nfunction bnpSquareTo(r) {\n var x = this.abs();\n var i = r.t = 2*x.t;\n while(--i >= 0) r.data[i] = 0;\n for(i = 0; i < x.t-1; ++i) {\n var c = x.am(i,x.data[i],r,2*i,0,1);\n if((r.data[i+x.t]+=x.am(i+1,2*x.data[i],r,2*i+1,c,x.t-i-1)) >= x.DV) {\n r.data[i+x.t] -= x.DV;\n r.data[i+x.t+1] = 1;\n }\n }\n if(r.t > 0) r.data[r.t-1] += x.am(i,x.data[i],r,2*i,0,1);\n r.s = 0;\n r.clamp();\n}\n\n// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)\n// r != q, this != m. q or r may be null.\nfunction bnpDivRemTo(m,q,r) {\n var pm = m.abs();\n if(pm.t <= 0) return;\n var pt = this.abs();\n if(pt.t < pm.t) {\n if(q != null) q.fromInt(0);\n if(r != null) this.copyTo(r);\n return;\n }\n if(r == null) r = nbi();\n var y = nbi(), ts = this.s, ms = m.s;\n var nsh = this.DB-nbits(pm.data[pm.t-1]);\t// normalize modulus\n if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); } else { pm.copyTo(y); pt.copyTo(r); }\n var ys = y.t;\n var y0 = y.data[ys-1];\n if(y0 == 0) return;\n var yt = y0*(1<<this.F1)+((ys>1)?y.data[ys-2]>>this.F2:0);\n var d1 = this.FV/yt, d2 = (1<<this.F1)/yt, e = 1<<this.F2;\n var i = r.t, j = i-ys, t = (q==null)?nbi():q;\n y.dlShiftTo(j,t);\n if(r.compareTo(t) >= 0) {\n r.data[r.t++] = 1;\n r.subTo(t,r);\n }\n BigInteger.ONE.dlShiftTo(ys,t);\n t.subTo(y,y);\t// \"negative\" y so we can replace sub with am later\n while(y.t < ys) y.data[y.t++] = 0;\n while(--j >= 0) {\n // Estimate quotient digit\n var qd = (r.data[--i]==y0)?this.DM:Math.floor(r.data[i]*d1+(r.data[i-1]+e)*d2);\n if((r.data[i]+=y.am(0,qd,r,j,0,ys)) < qd) {\t// Try it out\n y.dlShiftTo(j,t);\n r.subTo(t,r);\n while(r.data[i] < --qd) r.subTo(t,r);\n }\n }\n if(q != null) {\n r.drShiftTo(ys,q);\n if(ts != ms) BigInteger.ZERO.subTo(q,q);\n }\n r.t = ys;\n r.clamp();\n if(nsh > 0) r.rShiftTo(nsh,r);\t// Denormalize remainder\n if(ts < 0) BigInteger.ZERO.subTo(r,r);\n}\n\n// (public) this mod a\nfunction bnMod(a) {\n var r = nbi();\n this.abs().divRemTo(a,null,r);\n if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r);\n return r;\n}\n\n// Modular reduction using \"classic\" algorithm\nfunction Classic(m) { this.m = m; }\nfunction cConvert(x) {\n if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);\n else return x;\n}\nfunction cRevert(x) { return x; }\nfunction cReduce(x) { x.divRemTo(this.m,null,x); }\nfunction cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }\nfunction cSqrTo(x,r) { x.squareTo(r); this.reduce(r); }\n\nClassic.prototype.convert = cConvert;\nClassic.prototype.revert = cRevert;\nClassic.prototype.reduce = cReduce;\nClassic.prototype.mulTo = cMulTo;\nClassic.prototype.sqrTo = cSqrTo;\n\n// (protected) return \"-1/this % 2^DB\"; useful for Mont. reduction\n// justification:\n// xy == 1 (mod m)\n// xy = 1+km\n// xy(2-xy) = (1+km)(1-km)\n// x[y(2-xy)] = 1-k^2m^2\n// x[y(2-xy)] == 1 (mod m^2)\n// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2\n// should reduce x and y(2-xy) by m^2 at each step to keep size bounded.\n// JS multiply \"overflows\" differently from C/C++, so care is needed here.\nfunction bnpInvDigit() {\n if(this.t < 1) return 0;\n var x = this.data[0];\n if((x&1) == 0) return 0;\n var y = x&3;\t\t// y == 1/x mod 2^2\n y = (y*(2-(x&0xf)*y))&0xf;\t// y == 1/x mod 2^4\n y = (y*(2-(x&0xff)*y))&0xff;\t// y == 1/x mod 2^8\n y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff;\t// y == 1/x mod 2^16\n // last step - calculate inverse mod DV directly;\n // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints\n y = (y*(2-x*y%this.DV))%this.DV;\t\t// y == 1/x mod 2^dbits\n // we really want the negative inverse, and -DV < y < DV\n return (y>0)?this.DV-y:-y;\n}\n\n// Montgomery reduction\nfunction Montgomery(m) {\n this.m = m;\n this.mp = m.invDigit();\n this.mpl = this.mp&0x7fff;\n this.mph = this.mp>>15;\n this.um = (1<<(m.DB-15))-1;\n this.mt2 = 2*m.t;\n}\n\n// xR mod m\nfunction montConvert(x) {\n var r = nbi();\n x.abs().dlShiftTo(this.m.t,r);\n r.divRemTo(this.m,null,r);\n if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r);\n return r;\n}\n\n// x/R mod m\nfunction montRevert(x) {\n var r = nbi();\n x.copyTo(r);\n this.reduce(r);\n return r;\n}\n\n// x = x/R mod m (HAC 14.32)\nfunction montReduce(x) {\n while(x.t <= this.mt2)\t// pad x so am has enough room later\n x.data[x.t++] = 0;\n for(var i = 0; i < this.m.t; ++i) {\n // faster way of calculating u0 = x.data[i]*mp mod DV\n var j = x.data[i]&0x7fff;\n var u0 = (j*this.mpl+(((j*this.mph+(x.data[i]>>15)*this.mpl)&this.um)<<15))&x.DM;\n // use am to combine the multiply-shift-add into one call\n j = i+this.m.t;\n x.data[j] += this.m.am(0,u0,x,i,0,this.m.t);\n // propagate carry\n while(x.data[j] >= x.DV) { x.data[j] -= x.DV; x.data[++j]++; }\n }\n x.clamp();\n x.drShiftTo(this.m.t,x);\n if(x.compareTo(this.m) >= 0) x.subTo(this.m,x);\n}\n\n// r = \"x^2/R mod m\"; x != r\nfunction montSqrTo(x,r) { x.squareTo(r); this.reduce(r); }\n\n// r = \"xy/R mod m\"; x,y != r\nfunction montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }\n\nMontgomery.prototype.convert = montConvert;\nMontgomery.prototype.revert = montRevert;\nMontgomery.prototype.reduce = montReduce;\nMontgomery.prototype.mulTo = montMulTo;\nMontgomery.prototype.sqrTo = montSqrTo;\n\n// (protected) true iff this is even\nfunction bnpIsEven() { return ((this.t>0)?(this.data[0]&1):this.s) == 0; }\n\n// (protected) this^e, e < 2^32, doing sqr and mul with \"r\" (HAC 14.79)\nfunction bnpExp(e,z) {\n if(e > 0xffffffff || e < 1) return BigInteger.ONE;\n var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1;\n g.copyTo(r);\n while(--i >= 0) {\n z.sqrTo(r,r2);\n if((e&(1<<i)) > 0) z.mulTo(r2,g,r);\n else { var t = r; r = r2; r2 = t; }\n }\n return z.revert(r);\n}\n\n// (public) this^e % m, 0 <= e < 2^32\nfunction bnModPowInt(e,m) {\n var z;\n if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m);\n return this.exp(e,z);\n}\n\n// protected\nBigInteger.prototype.copyTo = bnpCopyTo;\nBigInteger.prototype.fromInt = bnpFromInt;\nBigInteger.prototype.fromString = bnpFromString;\nBigInteger.prototype.clamp = bnpClamp;\nBigInteger.prototype.dlShiftTo = bnpDLShiftTo;\nBigInteger.prototype.drShiftTo = bnpDRShiftTo;\nBigInteger.prototype.lShiftTo = bnpLShiftTo;\nBigInteger.prototype.rShiftTo = bnpRShiftTo;\nBigInteger.prototype.subTo = bnpSubTo;\nBigInteger.prototype.multiplyTo = bnpMultiplyTo;\nBigInteger.prototype.squareTo = bnpSquareTo;\nBigInteger.prototype.divRemTo = bnpDivRemTo;\nBigInteger.prototype.invDigit = bnpInvDigit;\nBigInteger.prototype.isEven = bnpIsEven;\nBigInteger.prototype.exp = bnpExp;\n\n// public\nBigInteger.prototype.toString = bnToString;\nBigInteger.prototype.negate = bnNegate;\nBigInteger.prototype.abs = bnAbs;\nBigInteger.prototype.compareTo = bnCompareTo;\nBigInteger.prototype.bitLength = bnBitLength;\nBigInteger.prototype.mod = bnMod;\nBigInteger.prototype.modPowInt = bnModPowInt;\n\n// \"constants\"\nBigInteger.ZERO = nbv(0);\nBigInteger.ONE = nbv(1);\n\n// jsbn2 lib\n\n//Copyright (c) 2005-2009 Tom Wu\n//All Rights Reserved.\n//See \"LICENSE\" for details (See jsbn.js for LICENSE).\n\n//Extended JavaScript BN functions, required for RSA private ops.\n\n//Version 1.1: new BigInteger(\"0\", 10) returns \"proper\" zero\n\n//(public)\nfunction bnClone() { var r = nbi(); this.copyTo(r); return r; }\n\n//(public) return value as integer\nfunction bnIntValue() {\nif(this.s < 0) {\n if(this.t == 1) return this.data[0]-this.DV;\n else if(this.t == 0) return -1;\n} else if(this.t == 1) return this.data[0];\nelse if(this.t == 0) return 0;\n// assumes 16 < DB < 32\nreturn ((this.data[1]&((1<<(32-this.DB))-1))<<this.DB)|this.data[0];\n}\n\n//(public) return value as byte\nfunction bnByteValue() { return (this.t==0)?this.s:(this.data[0]<<24)>>24; }\n\n//(public) return value as short (assumes DB>=16)\nfunction bnShortValue() { return (this.t==0)?this.s:(this.data[0]<<16)>>16; }\n\n//(protected) return x s.t. r^x < DV\nfunction bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); }\n\n//(public) 0 if this == 0, 1 if this > 0\nfunction bnSigNum() {\nif(this.s < 0) return -1;\nelse if(this.t <= 0 || (this.t == 1 && this.data[0] <= 0)) return 0;\nelse return 1;\n}\n\n//(protected) convert to radix string\nfunction bnpToRadix(b) {\nif(b == null) b = 10;\nif(this.signum() == 0 || b < 2 || b > 36) return \"0\";\nvar cs = this.chunkSize(b);\nvar a = Math.pow(b,cs);\nvar d = nbv(a), y = nbi(), z = nbi(), r = \"\";\nthis.divRemTo(d,y,z);\nwhile(y.signum() > 0) {\n r = (a+z.intValue()).toString(b).substr(1) + r;\n y.divRemTo(d,y,z);\n}\nreturn z.intValue().toString(b) + r;\n}\n\n//(protected) convert from radix string\nfunction bnpFromRadix(s,b) {\nthis.fromInt(0);\nif(b == null) b = 10;\nvar cs = this.chunkSize(b);\nvar d = Math.pow(b,cs), mi = false, j = 0, w = 0;\nfor(var i = 0; i < s.length; ++i) {\n var x = intAt(s,i);\n if(x < 0) {\n if(s.charAt(i) == \"-\" && this.signum() == 0) mi = true;\n continue;\n }\n w = b*w+x;\n if(++j >= cs) {\n this.dMultiply(d);\n this.dAddOffset(w,0);\n j = 0;\n w = 0;\n }\n}\nif(j > 0) {\n this.dMultiply(Math.pow(b,j));\n this.dAddOffset(w,0);\n}\nif(mi) BigInteger.ZERO.subTo(this,this);\n}\n\n//(protected) alternate constructor\nfunction bnpFromNumber(a,b,c) {\nif(\"number\" == typeof b) {\n // new BigInteger(int,int,RNG)\n if(a < 2) this.fromInt(1);\n else {\n this.fromNumber(a,c);\n if(!this.testBit(a-1)) // force MSB set\n this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this);\n if(this.isEven()) this.dAddOffset(1,0); // force odd\n while(!this.isProbablePrime(b)) {\n this.dAddOffset(2,0);\n if(this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a-1),this);\n }\n }\n} else {\n // new BigInteger(int,RNG)\n var x = new Array(), t = a&7;\n x.length = (a>>3)+1;\n b.nextBytes(x);\n if(t > 0) x[0] &= ((1<<t)-1); else x[0] = 0;\n this.fromString(x,256);\n}\n}\n\n//(public) convert to bigendian byte array\nfunction bnToByteArray() {\nvar i = this.t, r = new Array();\nr[0] = this.s;\nvar p = this.DB-(i*this.DB)%8, d, k = 0;\nif(i-- > 0) {\n if(p < this.DB && (d = this.data[i]>>p) != (this.s&this.DM)>>p)\n r[k++] = d|(this.s<<(this.DB-p));\n while(i >= 0) {\n if(p < 8) {\n d = (this.data[i]&((1<<p)-1))<<(8-p);\n d |= this.data[--i]>>(p+=this.DB-8);\n } else {\n d = (this.data[i]>>(p-=8))&0xff;\n if(p <= 0) { p += this.DB; --i; }\n }\n if((d&0x80) != 0) d |= -256;\n if(k == 0 && (this.s&0x80) != (d&0x80)) ++k;\n if(k > 0 || d != this.s) r[k++] = d;\n }\n}\nreturn r;\n}\n\nfunction bnEquals(a) { return(this.compareTo(a)==0); }\nfunction bnMin(a) { return(this.compareTo(a)<0)?this:a; }\nfunction bnMax(a) { return(this.compareTo(a)>0)?this:a; }\n\n//(protected) r = this op a (bitwise)\nfunction bnpBitwiseTo(a,op,r) {\nvar i, f, m = Math.min(a.t,this.t);\nfor(i = 0; i < m; ++i) r.data[i] = op(this.data[i],a.data[i]);\nif(a.t < this.t) {\n f = a.s&this.DM;\n for(i = m; i < this.t; ++i) r.data[i] = op(this.data[i],f);\n r.t = this.t;\n} else {\n f = this.s&this.DM;\n for(i = m; i < a.t; ++i) r.data[i] = op(f,a.data[i]);\n r.t = a.t;\n}\nr.s = op(this.s,a.s);\nr.clamp();\n}\n\n//(public) this & a\nfunction op_and(x,y) { return x&y; }\nfunction bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; }\n\n//(public) this | a\nfunction op_or(x,y) { return x|y; }\nfunction bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; }\n\n//(public) this ^ a\nfunction op_xor(x,y) { return x^y; }\nfunction bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; }\n\n//(public) this & ~a\nfunction op_andnot(x,y) { return x&~y; }\nfunction bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; }\n\n//(public) ~this\nfunction bnNot() {\nvar r = nbi();\nfor(var i = 0; i < this.t; ++i) r.data[i] = this.DM&~this.data[i];\nr.t = this.t;\nr.s = ~this.s;\nreturn r;\n}\n\n//(public) this << n\nfunction bnShiftLeft(n) {\nvar r = nbi();\nif(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r);\nreturn r;\n}\n\n//(public) this >> n\nfunction bnShiftRight(n) {\nvar r = nbi();\nif(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r);\nreturn r;\n}\n\n//return index of lowest 1-bit in x, x < 2^31\nfunction lbit(x) {\nif(x == 0) return -1;\nvar r = 0;\nif((x&0xffff) == 0) { x >>= 16; r += 16; }\nif((x&0xff) == 0) { x >>= 8; r += 8; }\nif((x&0xf) == 0) { x >>= 4; r += 4; }\nif((x&3) == 0) { x >>= 2; r += 2; }\nif((x&1) == 0) ++r;\nreturn r;\n}\n\n//(public) returns index of lowest 1-bit (or -1 if none)\nfunction bnGetLowestSetBit() {\nfor(var i = 0; i < this.t; ++i)\n if(this.data[i] != 0) return i*this.DB+lbit(this.data[i]);\nif(this.s < 0) return this.t*this.DB;\nreturn -1;\n}\n\n//return number of 1 bits in x\nfunction cbit(x) {\nvar r = 0;\nwhile(x != 0) { x &= x-1; ++r; }\nreturn r;\n}\n\n//(public) return number of set bits\nfunction bnBitCount() {\nvar r = 0, x = this.s&this.DM;\nfor(var i = 0; i < this.t; ++i) r += cbit(this.data[i]^x);\nreturn r;\n}\n\n//(public) true iff nth bit is set\nfunction bnTestBit(n) {\nvar j = Math.floor(n/this.DB);\nif(j >= this.t) return(this.s!=0);\nreturn((this.data[j]&(1<<(n%this.DB)))!=0);\n}\n\n//(protected) this op (1<<n)\nfunction bnpChangeBit(n,op) {\nvar r = BigInteger.ONE.shiftLeft(n);\nthis.bitwiseTo(r,op,r);\nreturn r;\n}\n\n//(public) this | (1<<n)\nfunction bnSetBit(n) { return this.changeBit(n,op_or); }\n\n//(public) this & ~(1<<n)\nfunction bnClearBit(n) { return this.changeBit(n,op_andnot); }\n\n//(public) this ^ (1<<n)\nfunction bnFlipBit(n) { return this.changeBit(n,op_xor); }\n\n//(protected) r = this + a\nfunction bnpAddTo(a,r) {\nvar i = 0, c = 0, m = Math.min(a.t,this.t);\nwhile(i < m) {\n c += this.data[i]+a.data[i];\n r.data[i++] = c&this.DM;\n c >>= this.DB;\n}\nif(a.t < this.t) {\n c += a.s;\n while(i < this.t) {\n c += this.data[i];\n r.data[i++] = c&this.DM;\n c >>= this.DB;\n }\n c += this.s;\n} else {\n c += this.s;\n while(i < a.t) {\n c += a.data[i];\n r.data[i++] = c&this.DM;\n c >>= this.DB;\n }\n c += a.s;\n}\nr.s = (c<0)?-1:0;\nif(c > 0) r.data[i++] = c;\nelse if(c < -1) r.data[i++] = this.DV+c;\nr.t = i;\nr.clamp();\n}\n\n//(public) this + a\nfunction bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; }\n\n//(public) this - a\nfunction bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; }\n\n//(public) this * a\nfunction bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; }\n\n//(public) this / a\nfunction bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; }\n\n//(public) this % a\nfunction bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; }\n\n//(public) [this/a,this%a]\nfunction bnDivideAndRemainder(a) {\nvar q = nbi(), r = nbi();\nthis.divRemTo(a,q,r);\nreturn new Array(q,r);\n}\n\n//(protected) this *= n, this >= 0, 1 < n < DV\nfunction bnpDMultiply(n) {\nthis.data[this.t] = this.am(0,n-1,this,0,0,this.t);\n++this.t;\nthis.clamp();\n}\n\n//(protected) this += n << w words, this >= 0\nfunction bnpDAddOffset(n,w) {\nif(n == 0) return;\nwhile(this.t <= w) this.data[this.t++] = 0;\nthis.data[w] += n;\nwhile(this.data[w] >= this.DV) {\n this.data[w] -= this.DV;\n if(++w >= this.t) this.data[this.t++] = 0;\n ++this.data[w];\n}\n}\n\n//A \"null\" reducer\nfunction NullExp() {}\nfunction nNop(x) { return x; }\nfunction nMulTo(x,y,r) { x.multiplyTo(y,r); }\nfunction nSqrTo(x,r) { x.squareTo(r); }\n\nNullExp.prototype.convert = nNop;\nNullExp.prototype.revert = nNop;\nNullExp.prototype.mulTo = nMulTo;\nNullExp.prototype.sqrTo = nSqrTo;\n\n//(public) this^e\nfunction bnPow(e) { return this.exp(e,new NullExp()); }\n\n//(protected) r = lower n words of \"this * a\", a.t <= n\n//\"this\" should be the larger one if appropriate.\nfunction bnpMultiplyLowerTo(a,n,r) {\nvar i = Math.min(this.t+a.t,n);\nr.s = 0; // assumes a,this >= 0\nr.t = i;\nwhile(i > 0) r.data[--i] = 0;\nvar j;\nfor(j = r.t-this.t; i < j; ++i) r.data[i+this.t] = this.am(0,a.data[i],r,i,0,this.t);\nfor(j = Math.min(a.t,n); i < j; ++i) this.am(0,a.data[i],r,i,0,n-i);\nr.clamp();\n}\n\n//(protected) r = \"this * a\" without lower n words, n > 0\n//\"this\" should be the larger one if appropriate.\nfunction bnpMultiplyUpperTo(a,n,r) {\n--n;\nvar i = r.t = this.t+a.t-n;\nr.s = 0; // assumes a,this >= 0\nwhile(--i >= 0) r.data[i] = 0;\nfor(i = Math.max(n-this.t,0); i < a.t; ++i)\n r.data[this.t+i-n] = this.am(n-i,a.data[i],r,0,0,this.t+i-n);\nr.clamp();\nr.drShiftTo(1,r);\n}\n\n//Barrett modular reduction\nfunction Barrett(m) {\n// setup Barrett\nthis.r2 = nbi();\nthis.q3 = nbi();\nBigInteger.ONE.dlShiftTo(2*m.t,this.r2);\nthis.mu = this.r2.divide(m);\nthis.m = m;\n}\n\nfunction barrettConvert(x) {\nif(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m);\nelse if(x.compareTo(this.m) < 0) return x;\nelse { var r = nbi(); x.copyTo(r); this.reduce(r); return r; }\n}\n\nfunction barrettRevert(x) { return x; }\n\n//x = x mod m (HAC 14.42)\nfunction barrettReduce(x) {\nx.drShiftTo(this.m.t-1,this.r2);\nif(x.t > this.m.t+1) { x.t = this.m.t+1; x.clamp(); }\nthis.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3);\nthis.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);\nwhile(x.compareTo(this.r2) < 0) x.dAddOffset(1,this.m.t+1);\nx.subTo(this.r2,x);\nwhile(x.compareTo(this.m) >= 0) x.subTo(this.m,x);\n}\n\n//r = x^2 mod m; x != r\nfunction barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); }\n\n//r = x*y mod m; x,y != r\nfunction barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }\n\nBarrett.prototype.convert = barrettConvert;\nBarrett.prototype.revert = barrettRevert;\nBarrett.prototype.reduce = barrettReduce;\nBarrett.prototype.mulTo = barrettMulTo;\nBarrett.prototype.sqrTo = barrettSqrTo;\n\n//(public) this^e % m (HAC 14.85)\nfunction bnModPow(e,m) {\nvar i = e.bitLength(), k, r = nbv(1), z;\nif(i <= 0) return r;\nelse if(i < 18) k = 1;\nelse if(i < 48) k = 3;\nelse if(i < 144) k = 4;\nelse if(i < 768) k = 5;\nelse k = 6;\nif(i < 8)\n z = new Classic(m);\nelse if(m.isEven())\n z = new Barrett(m);\nelse\n z = new Montgomery(m);\n\n// precomputation\nvar g = new Array(), n = 3, k1 = k-1, km = (1<<k)-1;\ng[1] = z.convert(this);\nif(k > 1) {\n var g2 = nbi();\n z.sqrTo(g[1],g2);\n while(n <= km) {\n g[n] = nbi();\n z.mulTo(g2,g[n-2],g[n]);\n n += 2;\n }\n}\n\nvar j = e.t-1, w, is1 = true, r2 = nbi(), t;\ni = nbits(e.data[j])-1;\nwhile(j >= 0) {\n if(i >= k1) w = (e.data[j]>>(i-k1))&km;\n else {\n w = (e.data[j]&((1<<(i+1))-1))<<(k1-i);\n if(j > 0) w |= e.data[j-1]>>(this.DB+i-k1);\n }\n\n n = k;\n while((w&1) == 0) { w >>= 1; --n; }\n if((i -= n) < 0) { i += this.DB; --j; }\n if(is1) { // ret == 1, don't bother squaring or multiplying it\n g[w].copyTo(r);\n is1 = false;\n } else {\n while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; }\n if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; }\n z.mulTo(r2,g[w],r);\n }\n\n while(j >= 0 && (e.data[j]&(1<<i)) == 0) {\n z.sqrTo(r,r2); t = r; r = r2; r2 = t;\n if(--i < 0) { i = this.DB-1; --j; }\n }\n}\nreturn z.revert(r);\n}\n\n//(public) gcd(this,a) (HAC 14.54)\nfunction bnGCD(a) {\nvar x = (this.s<0)?this.negate():this.clone();\nvar y = (a.s<0)?a.negate():a.clone();\nif(x.compareTo(y) < 0) { var t = x; x = y; y = t; }\nvar i = x.getLowestSetBit(), g = y.getLowestSetBit();\nif(g < 0) return x;\nif(i < g) g = i;\nif(g > 0) {\n x.rShiftTo(g,x);\n y.rShiftTo(g,y);\n}\nwhile(x.signum() > 0) {\n if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x);\n if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y);\n if(x.compareTo(y) >= 0) {\n x.subTo(y,x);\n x.rShiftTo(1,x);\n } else {\n y.subTo(x,y);\n y.rShiftTo(1,y);\n }\n}\nif(g > 0) y.lShiftTo(g,y);\nreturn y;\n}\n\n//(protected) this % n, n < 2^26\nfunction bnpModInt(n) {\nif(n <= 0) return 0;\nvar d = this.DV%n, r = (this.s<0)?n-1:0;\nif(this.t > 0)\n if(d == 0) r = this.data[0]%n;\n else for(var i = this.t-1; i >= 0; --i) r = (d*r+this.data[i])%n;\nreturn r;\n}\n\n//(public) 1/this % m (HAC 14.61)\nfunction bnModInverse(m) {\nvar ac = m.isEven();\nif((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO;\nvar u = m.clone(), v = this.clone();\nvar a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1);\nwhile(u.signum() != 0) {\n while(u.isEven()) {\n u.rShiftTo(1,u);\n if(ac) {\n if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); }\n a.rShiftTo(1,a);\n } else if(!b.isEven()) b.subTo(m,b);\n b.rShiftTo(1,b);\n }\n while(v.isEven()) {\n v.rShiftTo(1,v);\n if(ac) {\n if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); }\n c.rShiftTo(1,c);\n } else if(!d.isEven()) d.subTo(m,d);\n d.rShiftTo(1,d);\n }\n if(u.compareTo(v) >= 0) {\n u.subTo(v,u);\n if(ac) a.subTo(c,a);\n b.subTo(d,b);\n } else {\n v.subTo(u,v);\n if(ac) c.subTo(a,c);\n d.subTo(b,d);\n }\n}\nif(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO;\nif(d.compareTo(m) >= 0) return d.subtract(m);\nif(d.signum() < 0) d.addTo(m,d); else return d;\nif(d.signum() < 0) return d.add(m); else return d;\n}\n\nvar lowprimes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509];\nvar lplim = (1<<26)/lowprimes[lowprimes.length-1];\n\n//(public) test primality with certainty >= 1-.5^t\nfunction bnIsProbablePrime(t) {\nvar i, x = this.abs();\nif(x.t == 1 && x.data[0] <= lowprimes[lowprimes.length-1]) {\n for(i = 0; i < lowprimes.length; ++i)\n if(x.data[0] == lowprimes[i]) return true;\n return false;\n}\nif(x.isEven()) return false;\ni = 1;\nwhile(i < lowprimes.length) {\n var m = lowprimes[i], j = i+1;\n while(j < lowprimes.length && m < lplim) m *= lowprimes[j++];\n m = x.modInt(m);\n while(i < j) if(m%lowprimes[i++] == 0) return false;\n}\nreturn x.millerRabin(t);\n}\n\n//(protected) true if probably prime (HAC 4.24, Miller-Rabin)\nfunction bnpMillerRabin(t) {\nvar n1 = this.subtract(BigInteger.ONE);\nvar k = n1.getLowestSetBit();\nif(k <= 0) return false;\nvar r = n1.shiftRight(k);\nvar prng = bnGetPrng();\nvar a;\nfor(var i = 0; i < t; ++i) {\n // select witness 'a' at random from between 1 and n1\n do {\n a = new BigInteger(this.bitLength(), prng);\n }\n while(a.compareTo(BigInteger.ONE) <= 0 || a.compareTo(n1) >= 0);\n var y = a.modPow(r,this);\n if(y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) {\n var j = 1;\n while(j++ < k && y.compareTo(n1) != 0) {\n y = y.modPowInt(2,this);\n if(y.compareTo(BigInteger.ONE) == 0) return false;\n }\n if(y.compareTo(n1) != 0) return false;\n }\n}\nreturn true;\n}\n\n// get pseudo random number generator\nfunction bnGetPrng() {\n // create prng with api that matches BigInteger secure random\n return {\n // x is an array to fill with bytes\n nextBytes: function(x) {\n for(var i = 0; i < x.length; ++i) {\n x[i] = Math.floor(Math.random() * 0x0100);\n }\n }\n };\n}\n\n//protected\nBigInteger.prototype.chunkSize = bnpChunkSize;\nBigInteger.prototype.toRadix = bnpToRadix;\nBigInteger.prototype.fromRadix = bnpFromRadix;\nBigInteger.prototype.fromNumber = bnpFromNumber;\nBigInteger.prototype.bitwiseTo = bnpBitwiseTo;\nBigInteger.prototype.changeBit = bnpChangeBit;\nBigInteger.prototype.addTo = bnpAddTo;\nBigInteger.prototype.dMultiply = bnpDMultiply;\nBigInteger.prototype.dAddOffset = bnpDAddOffset;\nBigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo;\nBigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo;\nBigInteger.prototype.modInt = bnpModInt;\nBigInteger.prototype.millerRabin = bnpMillerRabin;\n\n//public\nBigInteger.prototype.clone = bnClone;\nBigInteger.prototype.intValue = bnIntValue;\nBigInteger.prototype.byteValue = bnByteValue;\nBigInteger.prototype.shortValue = bnShortValue;\nBigInteger.prototype.signum = bnSigNum;\nBigInteger.prototype.toByteArray = bnToByteArray;\nBigInteger.prototype.equals = bnEquals;\nBigInteger.prototype.min = bnMin;\nBigInteger.prototype.max = bnMax;\nBigInteger.prototype.and = bnAnd;\nBigInteger.prototype.or = bnOr;\nBigInteger.prototype.xor = bnXor;\nBigInteger.prototype.andNot = bnAndNot;\nBigInteger.prototype.not = bnNot;\nBigInteger.prototype.shiftLeft = bnShiftLeft;\nBigInteger.prototype.shiftRight = bnShiftRight;\nBigInteger.prototype.getLowestSetBit = bnGetLowestSetBit;\nBigInteger.prototype.bitCount = bnBitCount;\nBigInteger.prototype.testBit = bnTestBit;\nBigInteger.prototype.setBit = bnSetBit;\nBigInteger.prototype.clearBit = bnClearBit;\nBigInteger.prototype.flipBit = bnFlipBit;\nBigInteger.prototype.add = bnAdd;\nBigInteger.prototype.subtract = bnSubtract;\nBigInteger.prototype.multiply = bnMultiply;\nBigInteger.prototype.divide = bnDivide;\nBigInteger.prototype.remainder = bnRemainder;\nBigInteger.prototype.divideAndRemainder = bnDivideAndRemainder;\nBigInteger.prototype.modPow = bnModPow;\nBigInteger.prototype.modInverse = bnModInverse;\nBigInteger.prototype.pow = bnPow;\nBigInteger.prototype.gcd = bnGCD;\nBigInteger.prototype.isProbablePrime = bnIsProbablePrime;\n\n//BigInteger interfaces not implemented in jsbn:\n\n//BigInteger(int signum, byte[] magnitude)\n//double doubleValue()\n//float floatValue()\n//int hashCode()\n//long longValue()\n//static BigInteger valueOf(long val)\n","/**\n * Secure Hash Algorithm with 160-bit digest (SHA-1) implementation.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2015 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./md');\nrequire('./util');\n\nvar sha1 = module.exports = forge.sha1 = forge.sha1 || {};\nforge.md.sha1 = forge.md.algorithms.sha1 = sha1;\n\n/**\n * Creates a SHA-1 message digest object.\n *\n * @return a message digest object.\n */\nsha1.create = function() {\n // do initialization as necessary\n if(!_initialized) {\n _init();\n }\n\n // SHA-1 state contains five 32-bit integers\n var _state = null;\n\n // input buffer\n var _input = forge.util.createBuffer();\n\n // used for word storage\n var _w = new Array(80);\n\n // message digest object\n var md = {\n algorithm: 'sha1',\n blockLength: 64,\n digestLength: 20,\n // 56-bit length of message so far (does not including padding)\n messageLength: 0,\n // true message length\n fullMessageLength: null,\n // size of message length in bytes\n messageLengthSize: 8\n };\n\n /**\n * Starts the digest.\n *\n * @return this digest object.\n */\n md.start = function() {\n // up to 56-bit message length for convenience\n md.messageLength = 0;\n\n // full message length (set md.messageLength64 for backwards-compatibility)\n md.fullMessageLength = md.messageLength64 = [];\n var int32s = md.messageLengthSize / 4;\n for(var i = 0; i < int32s; ++i) {\n md.fullMessageLength.push(0);\n }\n _input = forge.util.createBuffer();\n _state = {\n h0: 0x67452301,\n h1: 0xEFCDAB89,\n h2: 0x98BADCFE,\n h3: 0x10325476,\n h4: 0xC3D2E1F0\n };\n return md;\n };\n // start digest automatically for first time\n md.start();\n\n /**\n * Updates the digest with the given message input. The given input can\n * treated as raw input (no encoding will be applied) or an encoding of\n * 'utf8' maybe given to encode the input using UTF-8.\n *\n * @param msg the message input to update with.\n * @param encoding the encoding to use (default: 'raw', other: 'utf8').\n *\n * @return this digest object.\n */\n md.update = function(msg, encoding) {\n if(encoding === 'utf8') {\n msg = forge.util.encodeUtf8(msg);\n }\n\n // update message length\n var len = msg.length;\n md.messageLength += len;\n len = [(len / 0x100000000) >>> 0, len >>> 0];\n for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {\n md.fullMessageLength[i] += len[1];\n len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0);\n md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0;\n len[0] = ((len[1] / 0x100000000) >>> 0);\n }\n\n // add bytes to input buffer\n _input.putBytes(msg);\n\n // process bytes\n _update(_state, _w, _input);\n\n // compact input buffer every 2K or if empty\n if(_input.read > 2048 || _input.length() === 0) {\n _input.compact();\n }\n\n return md;\n };\n\n /**\n * Produces the digest.\n *\n * @return a byte buffer containing the digest value.\n */\n md.digest = function() {\n /* Note: Here we copy the remaining bytes in the input buffer and\n add the appropriate SHA-1 padding. Then we do the final update\n on a copy of the state so that if the user wants to get\n intermediate digests they can do so. */\n\n /* Determine the number of bytes that must be added to the message\n to ensure its length is congruent to 448 mod 512. In other words,\n the data to be digested must be a multiple of 512 bits (or 128 bytes).\n This data includes the message, some padding, and the length of the\n message. Since the length of the message will be encoded as 8 bytes (64\n bits), that means that the last segment of the data must have 56 bytes\n (448 bits) of message and padding. Therefore, the length of the message\n plus the padding must be congruent to 448 mod 512 because\n 512 - 128 = 448.\n\n In order to fill up the message length it must be filled with\n padding that begins with 1 bit followed by all 0 bits. Padding\n must *always* be present, so if the message length is already\n congruent to 448 mod 512, then 512 padding bits must be added. */\n\n var finalBlock = forge.util.createBuffer();\n finalBlock.putBytes(_input.bytes());\n\n // compute remaining size to be digested (include message length size)\n var remaining = (\n md.fullMessageLength[md.fullMessageLength.length - 1] +\n md.messageLengthSize);\n\n // add padding for overflow blockSize - overflow\n // _padding starts with 1 byte with first bit is set (byte value 128), then\n // there may be up to (blockSize - 1) other pad bytes\n var overflow = remaining & (md.blockLength - 1);\n finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow));\n\n // serialize message length in bits in big-endian order; since length\n // is stored in bytes we multiply by 8 and add carry from next int\n var next, carry;\n var bits = md.fullMessageLength[0] * 8;\n for(var i = 0; i < md.fullMessageLength.length - 1; ++i) {\n next = md.fullMessageLength[i + 1] * 8;\n carry = (next / 0x100000000) >>> 0;\n bits += carry;\n finalBlock.putInt32(bits >>> 0);\n bits = next >>> 0;\n }\n finalBlock.putInt32(bits);\n\n var s2 = {\n h0: _state.h0,\n h1: _state.h1,\n h2: _state.h2,\n h3: _state.h3,\n h4: _state.h4\n };\n _update(s2, _w, finalBlock);\n var rval = forge.util.createBuffer();\n rval.putInt32(s2.h0);\n rval.putInt32(s2.h1);\n rval.putInt32(s2.h2);\n rval.putInt32(s2.h3);\n rval.putInt32(s2.h4);\n return rval;\n };\n\n return md;\n};\n\n// sha-1 padding bytes not initialized yet\nvar _padding = null;\nvar _initialized = false;\n\n/**\n * Initializes the constant tables.\n */\nfunction _init() {\n // create padding\n _padding = String.fromCharCode(128);\n _padding += forge.util.fillString(String.fromCharCode(0x00), 64);\n\n // now initialized\n _initialized = true;\n}\n\n/**\n * Updates a SHA-1 state with the given byte buffer.\n *\n * @param s the SHA-1 state to update.\n * @param w the array to use to store words.\n * @param bytes the byte buffer to update with.\n */\nfunction _update(s, w, bytes) {\n // consume 512 bit (64 byte) chunks\n var t, a, b, c, d, e, f, i;\n var len = bytes.length();\n while(len >= 64) {\n // the w array will be populated with sixteen 32-bit big-endian words\n // and then extended into 80 32-bit words according to SHA-1 algorithm\n // and for 32-79 using Max Locktyukhin's optimization\n\n // initialize hash value for this chunk\n a = s.h0;\n b = s.h1;\n c = s.h2;\n d = s.h3;\n e = s.h4;\n\n // round 1\n for(i = 0; i < 16; ++i) {\n t = bytes.getInt32();\n w[i] = t;\n f = d ^ (b & (c ^ d));\n t = ((a << 5) | (a >>> 27)) + f + e + 0x5A827999 + t;\n e = d;\n d = c;\n // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n c = ((b << 30) | (b >>> 2)) >>> 0;\n b = a;\n a = t;\n }\n for(; i < 20; ++i) {\n t = (w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]);\n t = (t << 1) | (t >>> 31);\n w[i] = t;\n f = d ^ (b & (c ^ d));\n t = ((a << 5) | (a >>> 27)) + f + e + 0x5A827999 + t;\n e = d;\n d = c;\n // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n c = ((b << 30) | (b >>> 2)) >>> 0;\n b = a;\n a = t;\n }\n // round 2\n for(; i < 32; ++i) {\n t = (w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]);\n t = (t << 1) | (t >>> 31);\n w[i] = t;\n f = b ^ c ^ d;\n t = ((a << 5) | (a >>> 27)) + f + e + 0x6ED9EBA1 + t;\n e = d;\n d = c;\n // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n c = ((b << 30) | (b >>> 2)) >>> 0;\n b = a;\n a = t;\n }\n for(; i < 40; ++i) {\n t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]);\n t = (t << 2) | (t >>> 30);\n w[i] = t;\n f = b ^ c ^ d;\n t = ((a << 5) | (a >>> 27)) + f + e + 0x6ED9EBA1 + t;\n e = d;\n d = c;\n // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n c = ((b << 30) | (b >>> 2)) >>> 0;\n b = a;\n a = t;\n }\n // round 3\n for(; i < 60; ++i) {\n t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]);\n t = (t << 2) | (t >>> 30);\n w[i] = t;\n f = (b & c) | (d & (b ^ c));\n t = ((a << 5) | (a >>> 27)) + f + e + 0x8F1BBCDC + t;\n e = d;\n d = c;\n // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n c = ((b << 30) | (b >>> 2)) >>> 0;\n b = a;\n a = t;\n }\n // round 4\n for(; i < 80; ++i) {\n t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]);\n t = (t << 2) | (t >>> 30);\n w[i] = t;\n f = b ^ c ^ d;\n t = ((a << 5) | (a >>> 27)) + f + e + 0xCA62C1D6 + t;\n e = d;\n d = c;\n // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n c = ((b << 30) | (b >>> 2)) >>> 0;\n b = a;\n a = t;\n }\n\n // update hash state\n s.h0 = (s.h0 + a) | 0;\n s.h1 = (s.h1 + b) | 0;\n s.h2 = (s.h2 + c) | 0;\n s.h3 = (s.h3 + d) | 0;\n s.h4 = (s.h4 + e) | 0;\n\n len -= 64;\n }\n}\n","/**\n * Partial implementation of PKCS#1 v2.2: RSA-OEAP\n *\n * Modified but based on the following MIT and BSD licensed code:\n *\n * https://github.com/kjur/jsjws/blob/master/rsa.js:\n *\n * The 'jsjws'(JSON Web Signature JavaScript Library) License\n *\n * Copyright (c) 2012 Kenji Urushima\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to deal\n * in the Software without restriction, including without limitation the rights\n * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n * copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\n * THE SOFTWARE.\n *\n * http://webrsa.cvs.sourceforge.net/viewvc/webrsa/Client/RSAES-OAEP.js?content-type=text%2Fplain:\n *\n * RSAES-OAEP.js\n * $Id: RSAES-OAEP.js,v 1.1.1.1 2003/03/19 15:37:20 ellispritchard Exp $\n * JavaScript Implementation of PKCS #1 v2.1 RSA CRYPTOGRAPHY STANDARD (RSA Laboratories, June 14, 2002)\n * Copyright (C) Ellis Pritchard, Guardian Unlimited 2003.\n * Contact: ellis@nukinetics.com\n * Distributed under the BSD License.\n *\n * Official documentation: http://www.rsa.com/rsalabs/node.asp?id=2125\n *\n * @author Evan Jones (http://evanjones.ca/)\n * @author Dave Longley\n *\n * Copyright (c) 2013-2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\nrequire('./random');\nrequire('./sha1');\n\n// shortcut for PKCS#1 API\nvar pkcs1 = module.exports = forge.pkcs1 = forge.pkcs1 || {};\n\n/**\n * Encode the given RSAES-OAEP message (M) using key, with optional label (L)\n * and seed.\n *\n * This method does not perform RSA encryption, it only encodes the message\n * using RSAES-OAEP.\n *\n * @param key the RSA key to use.\n * @param message the message to encode.\n * @param options the options to use:\n * label an optional label to use.\n * seed the seed to use.\n * md the message digest object to use, undefined for SHA-1.\n * mgf1 optional mgf1 parameters:\n * md the message digest object to use for MGF1.\n *\n * @return the encoded message bytes.\n */\npkcs1.encode_rsa_oaep = function(key, message, options) {\n // parse arguments\n var label;\n var seed;\n var md;\n var mgf1Md;\n // legacy args (label, seed, md)\n if(typeof options === 'string') {\n label = options;\n seed = arguments[3] || undefined;\n md = arguments[4] || undefined;\n } else if(options) {\n label = options.label || undefined;\n seed = options.seed || undefined;\n md = options.md || undefined;\n if(options.mgf1 && options.mgf1.md) {\n mgf1Md = options.mgf1.md;\n }\n }\n\n // default OAEP to SHA-1 message digest\n if(!md) {\n md = forge.md.sha1.create();\n } else {\n md.start();\n }\n\n // default MGF-1 to same as OAEP\n if(!mgf1Md) {\n mgf1Md = md;\n }\n\n // compute length in bytes and check output\n var keyLength = Math.ceil(key.n.bitLength() / 8);\n var maxLength = keyLength - 2 * md.digestLength - 2;\n if(message.length > maxLength) {\n var error = new Error('RSAES-OAEP input message length is too long.');\n error.length = message.length;\n error.maxLength = maxLength;\n throw error;\n }\n\n if(!label) {\n label = '';\n }\n md.update(label, 'raw');\n var lHash = md.digest();\n\n var PS = '';\n var PS_length = maxLength - message.length;\n for(var i = 0; i < PS_length; i++) {\n PS += '\\x00';\n }\n\n var DB = lHash.getBytes() + PS + '\\x01' + message;\n\n if(!seed) {\n seed = forge.random.getBytes(md.digestLength);\n } else if(seed.length !== md.digestLength) {\n var error = new Error('Invalid RSAES-OAEP seed. The seed length must ' +\n 'match the digest length.');\n error.seedLength = seed.length;\n error.digestLength = md.digestLength;\n throw error;\n }\n\n var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md);\n var maskedDB = forge.util.xorBytes(DB, dbMask, DB.length);\n\n var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md);\n var maskedSeed = forge.util.xorBytes(seed, seedMask, seed.length);\n\n // return encoded message\n return '\\x00' + maskedSeed + maskedDB;\n};\n\n/**\n * Decode the given RSAES-OAEP encoded message (EM) using key, with optional\n * label (L).\n *\n * This method does not perform RSA decryption, it only decodes the message\n * using RSAES-OAEP.\n *\n * @param key the RSA key to use.\n * @param em the encoded message to decode.\n * @param options the options to use:\n * label an optional label to use.\n * md the message digest object to use for OAEP, undefined for SHA-1.\n * mgf1 optional mgf1 parameters:\n * md the message digest object to use for MGF1.\n *\n * @return the decoded message bytes.\n */\npkcs1.decode_rsa_oaep = function(key, em, options) {\n // parse args\n var label;\n var md;\n var mgf1Md;\n // legacy args\n if(typeof options === 'string') {\n label = options;\n md = arguments[3] || undefined;\n } else if(options) {\n label = options.label || undefined;\n md = options.md || undefined;\n if(options.mgf1 && options.mgf1.md) {\n mgf1Md = options.mgf1.md;\n }\n }\n\n // compute length in bytes\n var keyLength = Math.ceil(key.n.bitLength() / 8);\n\n if(em.length !== keyLength) {\n var error = new Error('RSAES-OAEP encoded message length is invalid.');\n error.length = em.length;\n error.expectedLength = keyLength;\n throw error;\n }\n\n // default OAEP to SHA-1 message digest\n if(md === undefined) {\n md = forge.md.sha1.create();\n } else {\n md.start();\n }\n\n // default MGF-1 to same as OAEP\n if(!mgf1Md) {\n mgf1Md = md;\n }\n\n if(keyLength < 2 * md.digestLength + 2) {\n throw new Error('RSAES-OAEP key is too short for the hash function.');\n }\n\n if(!label) {\n label = '';\n }\n md.update(label, 'raw');\n var lHash = md.digest().getBytes();\n\n // split the message into its parts\n var y = em.charAt(0);\n var maskedSeed = em.substring(1, md.digestLength + 1);\n var maskedDB = em.substring(1 + md.digestLength);\n\n var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md);\n var seed = forge.util.xorBytes(maskedSeed, seedMask, maskedSeed.length);\n\n var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md);\n var db = forge.util.xorBytes(maskedDB, dbMask, maskedDB.length);\n\n var lHashPrime = db.substring(0, md.digestLength);\n\n // constant time check that all values match what is expected\n var error = (y !== '\\x00');\n\n // constant time check lHash vs lHashPrime\n for(var i = 0; i < md.digestLength; ++i) {\n error |= (lHash.charAt(i) !== lHashPrime.charAt(i));\n }\n\n // \"constant time\" find the 0x1 byte separating the padding (zeros) from the\n // message\n // TODO: It must be possible to do this in a better/smarter way?\n var in_ps = 1;\n var index = md.digestLength;\n for(var j = md.digestLength; j < db.length; j++) {\n var code = db.charCodeAt(j);\n\n var is_0 = (code & 0x1) ^ 0x1;\n\n // non-zero if not 0 or 1 in the ps section\n var error_mask = in_ps ? 0xfffe : 0x0000;\n error |= (code & error_mask);\n\n // latch in_ps to zero after we find 0x1\n in_ps = in_ps & is_0;\n index += in_ps;\n }\n\n if(error || db.charCodeAt(index) !== 0x1) {\n throw new Error('Invalid RSAES-OAEP padding.');\n }\n\n return db.substring(index + 1);\n};\n\nfunction rsa_mgf1(seed, maskLength, hash) {\n // default to SHA-1 message digest\n if(!hash) {\n hash = forge.md.sha1.create();\n }\n var t = '';\n var count = Math.ceil(maskLength / hash.digestLength);\n for(var i = 0; i < count; ++i) {\n var c = String.fromCharCode(\n (i >> 24) & 0xFF, (i >> 16) & 0xFF, (i >> 8) & 0xFF, i & 0xFF);\n hash.start();\n hash.update(seed + c);\n t += hash.digest().getBytes();\n }\n return t.substring(0, maskLength);\n}\n","/**\n * Prime number generation API.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\nrequire('./jsbn');\nrequire('./random');\n\n(function() {\n\n// forge.prime already defined\nif(forge.prime) {\n module.exports = forge.prime;\n return;\n}\n\n/* PRIME API */\nvar prime = module.exports = forge.prime = forge.prime || {};\n\nvar BigInteger = forge.jsbn.BigInteger;\n\n// primes are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29\nvar GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];\nvar THIRTY = new BigInteger(null);\nTHIRTY.fromInt(30);\nvar op_or = function(x, y) {return x|y;};\n\n/**\n * Generates a random probable prime with the given number of bits.\n *\n * Alternative algorithms can be specified by name as a string or as an\n * object with custom options like so:\n *\n * {\n * name: 'PRIMEINC',\n * options: {\n * maxBlockTime: <the maximum amount of time to block the main\n * thread before allowing I/O other JS to run>,\n * millerRabinTests: <the number of miller-rabin tests to run>,\n * workerScript: <the worker script URL>,\n * workers: <the number of web workers (if supported) to use,\n * -1 to use estimated cores minus one>.\n * workLoad: the size of the work load, ie: number of possible prime\n * numbers for each web worker to check per work assignment,\n * (default: 100).\n * }\n * }\n *\n * @param bits the number of bits for the prime number.\n * @param options the options to use.\n * [algorithm] the algorithm to use (default: 'PRIMEINC').\n * [prng] a custom crypto-secure pseudo-random number generator to use,\n * that must define \"getBytesSync\".\n *\n * @return callback(err, num) called once the operation completes.\n */\nprime.generateProbablePrime = function(bits, options, callback) {\n if(typeof options === 'function') {\n callback = options;\n options = {};\n }\n options = options || {};\n\n // default to PRIMEINC algorithm\n var algorithm = options.algorithm || 'PRIMEINC';\n if(typeof algorithm === 'string') {\n algorithm = {name: algorithm};\n }\n algorithm.options = algorithm.options || {};\n\n // create prng with api that matches BigInteger secure random\n var prng = options.prng || forge.random;\n var rng = {\n // x is an array to fill with bytes\n nextBytes: function(x) {\n var b = prng.getBytesSync(x.length);\n for(var i = 0; i < x.length; ++i) {\n x[i] = b.charCodeAt(i);\n }\n }\n };\n\n if(algorithm.name === 'PRIMEINC') {\n return primeincFindPrime(bits, rng, algorithm.options, callback);\n }\n\n throw new Error('Invalid prime generation algorithm: ' + algorithm.name);\n};\n\nfunction primeincFindPrime(bits, rng, options, callback) {\n if('workers' in options) {\n return primeincFindPrimeWithWorkers(bits, rng, options, callback);\n }\n return primeincFindPrimeWithoutWorkers(bits, rng, options, callback);\n}\n\nfunction primeincFindPrimeWithoutWorkers(bits, rng, options, callback) {\n // initialize random number\n var num = generateRandom(bits, rng);\n\n /* Note: All primes are of the form 30k+i for i < 30 and gcd(30, i)=1. The\n number we are given is always aligned at 30k + 1. Each time the number is\n determined not to be prime we add to get to the next 'i', eg: if the number\n was at 30k + 1 we add 6. */\n var deltaIdx = 0;\n\n // get required number of MR tests\n var mrTests = getMillerRabinTests(num.bitLength());\n if('millerRabinTests' in options) {\n mrTests = options.millerRabinTests;\n }\n\n // find prime nearest to 'num' for maxBlockTime ms\n // 10 ms gives 5ms of leeway for other calculations before dropping\n // below 60fps (1000/60 == 16.67), but in reality, the number will\n // likely be higher due to an 'atomic' big int modPow\n var maxBlockTime = 10;\n if('maxBlockTime' in options) {\n maxBlockTime = options.maxBlockTime;\n }\n\n _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback);\n}\n\nfunction _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback) {\n var start = +new Date();\n do {\n // overflow, regenerate random number\n if(num.bitLength() > bits) {\n num = generateRandom(bits, rng);\n }\n // do primality test\n if(num.isProbablePrime(mrTests)) {\n return callback(null, num);\n }\n // get next potential prime\n num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0);\n } while(maxBlockTime < 0 || (+new Date() - start < maxBlockTime));\n\n // keep trying later\n forge.util.setImmediate(function() {\n _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback);\n });\n}\n\n// NOTE: This algorithm is indeterminate in nature because workers\n// run in parallel looking at different segments of numbers. Even if this\n// algorithm is run twice with the same input from a predictable RNG, it\n// may produce different outputs.\nfunction primeincFindPrimeWithWorkers(bits, rng, options, callback) {\n // web workers unavailable\n if(typeof Worker === 'undefined') {\n return primeincFindPrimeWithoutWorkers(bits, rng, options, callback);\n }\n\n // initialize random number\n var num = generateRandom(bits, rng);\n\n // use web workers to generate keys\n var numWorkers = options.workers;\n var workLoad = options.workLoad || 100;\n var range = workLoad * 30 / 8;\n var workerScript = options.workerScript || 'forge/prime.worker.js';\n if(numWorkers === -1) {\n return forge.util.estimateCores(function(err, cores) {\n if(err) {\n // default to 2\n cores = 2;\n }\n numWorkers = cores - 1;\n generate();\n });\n }\n generate();\n\n function generate() {\n // require at least 1 worker\n numWorkers = Math.max(1, numWorkers);\n\n // TODO: consider optimizing by starting workers outside getPrime() ...\n // note that in order to clean up they will have to be made internally\n // asynchronous which may actually be slower\n\n // start workers immediately\n var workers = [];\n for(var i = 0; i < numWorkers; ++i) {\n // FIXME: fix path or use blob URLs\n workers[i] = new Worker(workerScript);\n }\n var running = numWorkers;\n\n // listen for requests from workers and assign ranges to find prime\n for(var i = 0; i < numWorkers; ++i) {\n workers[i].addEventListener('message', workerMessage);\n }\n\n /* Note: The distribution of random numbers is unknown. Therefore, each\n web worker is continuously allocated a range of numbers to check for a\n random number until one is found.\n\n Every 30 numbers will be checked just 8 times, because prime numbers\n have the form:\n\n 30k+i, for i < 30 and gcd(30, i)=1 (there are 8 values of i for this)\n\n Therefore, if we want a web worker to run N checks before asking for\n a new range of numbers, each range must contain N*30/8 numbers.\n\n For 100 checks (workLoad), this is a range of 375. */\n\n var found = false;\n function workerMessage(e) {\n // ignore message, prime already found\n if(found) {\n return;\n }\n\n --running;\n var data = e.data;\n if(data.found) {\n // terminate all workers\n for(var i = 0; i < workers.length; ++i) {\n workers[i].terminate();\n }\n found = true;\n return callback(null, new BigInteger(data.prime, 16));\n }\n\n // overflow, regenerate random number\n if(num.bitLength() > bits) {\n num = generateRandom(bits, rng);\n }\n\n // assign new range to check\n var hex = num.toString(16);\n\n // start prime search\n e.target.postMessage({\n hex: hex,\n workLoad: workLoad\n });\n\n num.dAddOffset(range, 0);\n }\n }\n}\n\n/**\n * Generates a random number using the given number of bits and RNG.\n *\n * @param bits the number of bits for the number.\n * @param rng the random number generator to use.\n *\n * @return the random number.\n */\nfunction generateRandom(bits, rng) {\n var num = new BigInteger(bits, rng);\n // force MSB set\n var bits1 = bits - 1;\n if(!num.testBit(bits1)) {\n num.bitwiseTo(BigInteger.ONE.shiftLeft(bits1), op_or, num);\n }\n // align number on 30k+1 boundary\n num.dAddOffset(31 - num.mod(THIRTY).byteValue(), 0);\n return num;\n}\n\n/**\n * Returns the required number of Miller-Rabin tests to generate a\n * prime with an error probability of (1/2)^80.\n *\n * See Handbook of Applied Cryptography Chapter 4, Table 4.4.\n *\n * @param bits the bit size.\n *\n * @return the required number of iterations.\n */\nfunction getMillerRabinTests(bits) {\n if(bits <= 100) return 27;\n if(bits <= 150) return 18;\n if(bits <= 200) return 15;\n if(bits <= 250) return 12;\n if(bits <= 300) return 9;\n if(bits <= 350) return 8;\n if(bits <= 400) return 7;\n if(bits <= 500) return 6;\n if(bits <= 600) return 5;\n if(bits <= 800) return 4;\n if(bits <= 1250) return 3;\n return 2;\n}\n\n})();\n","/**\n * Javascript implementation of basic RSA algorithms.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n *\n * The only algorithm currently supported for PKI is RSA.\n *\n * An RSA key is often stored in ASN.1 DER format. The SubjectPublicKeyInfo\n * ASN.1 structure is composed of an algorithm of type AlgorithmIdentifier\n * and a subjectPublicKey of type bit string.\n *\n * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters\n * for the algorithm, if any. In the case of RSA, there aren't any.\n *\n * SubjectPublicKeyInfo ::= SEQUENCE {\n * algorithm AlgorithmIdentifier,\n * subjectPublicKey BIT STRING\n * }\n *\n * AlgorithmIdentifer ::= SEQUENCE {\n * algorithm OBJECT IDENTIFIER,\n * parameters ANY DEFINED BY algorithm OPTIONAL\n * }\n *\n * For an RSA public key, the subjectPublicKey is:\n *\n * RSAPublicKey ::= SEQUENCE {\n * modulus INTEGER, -- n\n * publicExponent INTEGER -- e\n * }\n *\n * PrivateKeyInfo ::= SEQUENCE {\n * version Version,\n * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,\n * privateKey PrivateKey,\n * attributes [0] IMPLICIT Attributes OPTIONAL\n * }\n *\n * Version ::= INTEGER\n * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier\n * PrivateKey ::= OCTET STRING\n * Attributes ::= SET OF Attribute\n *\n * An RSA private key as the following structure:\n *\n * RSAPrivateKey ::= SEQUENCE {\n * version Version,\n * modulus INTEGER, -- n\n * publicExponent INTEGER, -- e\n * privateExponent INTEGER, -- d\n * prime1 INTEGER, -- p\n * prime2 INTEGER, -- q\n * exponent1 INTEGER, -- d mod (p-1)\n * exponent2 INTEGER, -- d mod (q-1)\n * coefficient INTEGER -- (inverse of q) mod p\n * }\n *\n * Version ::= INTEGER\n *\n * The OID for the RSA key algorithm is: 1.2.840.113549.1.1.1\n */\nvar forge = require('./forge');\nrequire('./asn1');\nrequire('./jsbn');\nrequire('./oids');\nrequire('./pkcs1');\nrequire('./prime');\nrequire('./random');\nrequire('./util');\n\nif(typeof BigInteger === 'undefined') {\n var BigInteger = forge.jsbn.BigInteger;\n}\n\nvar _crypto = forge.util.isNodejs ? require('crypto') : null;\n\n// shortcut for asn.1 API\nvar asn1 = forge.asn1;\n\n// shortcut for util API\nvar util = forge.util;\n\n/*\n * RSA encryption and decryption, see RFC 2313.\n */\nforge.pki = forge.pki || {};\nmodule.exports = forge.pki.rsa = forge.rsa = forge.rsa || {};\nvar pki = forge.pki;\n\n// for finding primes, which are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29\nvar GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];\n\n// validator for a PrivateKeyInfo structure\nvar privateKeyValidator = {\n // PrivateKeyInfo\n name: 'PrivateKeyInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n // Version (INTEGER)\n name: 'PrivateKeyInfo.version',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'privateKeyVersion'\n }, {\n // privateKeyAlgorithm\n name: 'PrivateKeyInfo.privateKeyAlgorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'AlgorithmIdentifier.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'privateKeyOid'\n }]\n }, {\n // PrivateKey\n name: 'PrivateKeyInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OCTETSTRING,\n constructed: false,\n capture: 'privateKey'\n }]\n};\n\n// validator for an RSA private key\nvar rsaPrivateKeyValidator = {\n // RSAPrivateKey\n name: 'RSAPrivateKey',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n // Version (INTEGER)\n name: 'RSAPrivateKey.version',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'privateKeyVersion'\n }, {\n // modulus (n)\n name: 'RSAPrivateKey.modulus',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'privateKeyModulus'\n }, {\n // publicExponent (e)\n name: 'RSAPrivateKey.publicExponent',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'privateKeyPublicExponent'\n }, {\n // privateExponent (d)\n name: 'RSAPrivateKey.privateExponent',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'privateKeyPrivateExponent'\n }, {\n // prime1 (p)\n name: 'RSAPrivateKey.prime1',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'privateKeyPrime1'\n }, {\n // prime2 (q)\n name: 'RSAPrivateKey.prime2',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'privateKeyPrime2'\n }, {\n // exponent1 (d mod (p-1))\n name: 'RSAPrivateKey.exponent1',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'privateKeyExponent1'\n }, {\n // exponent2 (d mod (q-1))\n name: 'RSAPrivateKey.exponent2',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'privateKeyExponent2'\n }, {\n // coefficient ((inverse of q) mod p)\n name: 'RSAPrivateKey.coefficient',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'privateKeyCoefficient'\n }]\n};\n\n// validator for an RSA public key\nvar rsaPublicKeyValidator = {\n // RSAPublicKey\n name: 'RSAPublicKey',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n // modulus (n)\n name: 'RSAPublicKey.modulus',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'publicKeyModulus'\n }, {\n // publicExponent (e)\n name: 'RSAPublicKey.exponent',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'publicKeyExponent'\n }]\n};\n\n// validator for an SubjectPublicKeyInfo structure\n// Note: Currently only works with an RSA public key\nvar publicKeyValidator = forge.pki.rsa.publicKeyValidator = {\n name: 'SubjectPublicKeyInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n captureAsn1: 'subjectPublicKeyInfo',\n value: [{\n name: 'SubjectPublicKeyInfo.AlgorithmIdentifier',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'AlgorithmIdentifier.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'publicKeyOid'\n }]\n }, {\n // subjectPublicKey\n name: 'SubjectPublicKeyInfo.subjectPublicKey',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.BITSTRING,\n constructed: false,\n value: [{\n // RSAPublicKey\n name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n optional: true,\n captureAsn1: 'rsaPublicKey'\n }]\n }]\n};\n\n// validator for a DigestInfo structure\nvar digestInfoValidator = {\n name: 'DigestInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'DigestInfo.DigestAlgorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'DigestInfo.DigestAlgorithm.algorithmIdentifier',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'algorithmIdentifier'\n }, {\n // NULL paramters\n name: 'DigestInfo.DigestAlgorithm.parameters',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.NULL,\n // captured only to check existence for md2 and md5\n capture: 'parameters',\n optional: true,\n constructed: false\n }]\n }, {\n // digest\n name: 'DigestInfo.digest',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OCTETSTRING,\n constructed: false,\n capture: 'digest'\n }]\n};\n\n/**\n * Wrap digest in DigestInfo object.\n *\n * This function implements EMSA-PKCS1-v1_5-ENCODE as per RFC 3447.\n *\n * DigestInfo ::= SEQUENCE {\n * digestAlgorithm DigestAlgorithmIdentifier,\n * digest Digest\n * }\n *\n * DigestAlgorithmIdentifier ::= AlgorithmIdentifier\n * Digest ::= OCTET STRING\n *\n * @param md the message digest object with the hash to sign.\n *\n * @return the encoded message (ready for RSA encrytion)\n */\nvar emsaPkcs1v15encode = function(md) {\n // get the oid for the algorithm\n var oid;\n if(md.algorithm in pki.oids) {\n oid = pki.oids[md.algorithm];\n } else {\n var error = new Error('Unknown message digest algorithm.');\n error.algorithm = md.algorithm;\n throw error;\n }\n var oidBytes = asn1.oidToDer(oid).getBytes();\n\n // create the digest info\n var digestInfo = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n var digestAlgorithm = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n digestAlgorithm.value.push(asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OID, false, oidBytes));\n digestAlgorithm.value.push(asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.NULL, false, ''));\n var digest = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING,\n false, md.digest().getBytes());\n digestInfo.value.push(digestAlgorithm);\n digestInfo.value.push(digest);\n\n // encode digest info\n return asn1.toDer(digestInfo).getBytes();\n};\n\n/**\n * Performs x^c mod n (RSA encryption or decryption operation).\n *\n * @param x the number to raise and mod.\n * @param key the key to use.\n * @param pub true if the key is public, false if private.\n *\n * @return the result of x^c mod n.\n */\nvar _modPow = function(x, key, pub) {\n if(pub) {\n return x.modPow(key.e, key.n);\n }\n\n if(!key.p || !key.q) {\n // allow calculation without CRT params (slow)\n return x.modPow(key.d, key.n);\n }\n\n // pre-compute dP, dQ, and qInv if necessary\n if(!key.dP) {\n key.dP = key.d.mod(key.p.subtract(BigInteger.ONE));\n }\n if(!key.dQ) {\n key.dQ = key.d.mod(key.q.subtract(BigInteger.ONE));\n }\n if(!key.qInv) {\n key.qInv = key.q.modInverse(key.p);\n }\n\n /* Chinese remainder theorem (CRT) states:\n\n Suppose n1, n2, ..., nk are positive integers which are pairwise\n coprime (n1 and n2 have no common factors other than 1). For any\n integers x1, x2, ..., xk there exists an integer x solving the\n system of simultaneous congruences (where ~= means modularly\n congruent so a ~= b mod n means a mod n = b mod n):\n\n x ~= x1 mod n1\n x ~= x2 mod n2\n ...\n x ~= xk mod nk\n\n This system of congruences has a single simultaneous solution x\n between 0 and n - 1. Furthermore, each xk solution and x itself\n is congruent modulo the product n = n1*n2*...*nk.\n So x1 mod n = x2 mod n = xk mod n = x mod n.\n\n The single simultaneous solution x can be solved with the following\n equation:\n\n x = sum(xi*ri*si) mod n where ri = n/ni and si = ri^-1 mod ni.\n\n Where x is less than n, xi = x mod ni.\n\n For RSA we are only concerned with k = 2. The modulus n = pq, where\n p and q are coprime. The RSA decryption algorithm is:\n\n y = x^d mod n\n\n Given the above:\n\n x1 = x^d mod p\n r1 = n/p = q\n s1 = q^-1 mod p\n x2 = x^d mod q\n r2 = n/q = p\n s2 = p^-1 mod q\n\n So y = (x1r1s1 + x2r2s2) mod n\n = ((x^d mod p)q(q^-1 mod p) + (x^d mod q)p(p^-1 mod q)) mod n\n\n According to Fermat's Little Theorem, if the modulus P is prime,\n for any integer A not evenly divisible by P, A^(P-1) ~= 1 mod P.\n Since A is not divisible by P it follows that if:\n N ~= M mod (P - 1), then A^N mod P = A^M mod P. Therefore:\n\n A^N mod P = A^(M mod (P - 1)) mod P. (The latter takes less effort\n to calculate). In order to calculate x^d mod p more quickly the\n exponent d mod (p - 1) is stored in the RSA private key (the same\n is done for x^d mod q). These values are referred to as dP and dQ\n respectively. Therefore we now have:\n\n y = ((x^dP mod p)q(q^-1 mod p) + (x^dQ mod q)p(p^-1 mod q)) mod n\n\n Since we'll be reducing x^dP by modulo p (same for q) we can also\n reduce x by p (and q respectively) before hand. Therefore, let\n\n xp = ((x mod p)^dP mod p), and\n xq = ((x mod q)^dQ mod q), yielding:\n\n y = (xp*q*(q^-1 mod p) + xq*p*(p^-1 mod q)) mod n\n\n This can be further reduced to a simple algorithm that only\n requires 1 inverse (the q inverse is used) to be used and stored.\n The algorithm is called Garner's algorithm. If qInv is the\n inverse of q, we simply calculate:\n\n y = (qInv*(xp - xq) mod p) * q + xq\n\n However, there are two further complications. First, we need to\n ensure that xp > xq to prevent signed BigIntegers from being used\n so we add p until this is true (since we will be mod'ing with\n p anyway). Then, there is a known timing attack on algorithms\n using the CRT. To mitigate this risk, \"cryptographic blinding\"\n should be used. This requires simply generating a random number r\n between 0 and n-1 and its inverse and multiplying x by r^e before\n calculating y and then multiplying y by r^-1 afterwards. Note that\n r must be coprime with n (gcd(r, n) === 1) in order to have an\n inverse.\n */\n\n // cryptographic blinding\n var r;\n do {\n r = new BigInteger(\n forge.util.bytesToHex(forge.random.getBytes(key.n.bitLength() / 8)),\n 16);\n } while(r.compareTo(key.n) >= 0 || !r.gcd(key.n).equals(BigInteger.ONE));\n x = x.multiply(r.modPow(key.e, key.n)).mod(key.n);\n\n // calculate xp and xq\n var xp = x.mod(key.p).modPow(key.dP, key.p);\n var xq = x.mod(key.q).modPow(key.dQ, key.q);\n\n // xp must be larger than xq to avoid signed bit usage\n while(xp.compareTo(xq) < 0) {\n xp = xp.add(key.p);\n }\n\n // do last step\n var y = xp.subtract(xq)\n .multiply(key.qInv).mod(key.p)\n .multiply(key.q).add(xq);\n\n // remove effect of random for cryptographic blinding\n y = y.multiply(r.modInverse(key.n)).mod(key.n);\n\n return y;\n};\n\n/**\n * NOTE: THIS METHOD IS DEPRECATED, use 'sign' on a private key object or\n * 'encrypt' on a public key object instead.\n *\n * Performs RSA encryption.\n *\n * The parameter bt controls whether to put padding bytes before the\n * message passed in. Set bt to either true or false to disable padding\n * completely (in order to handle e.g. EMSA-PSS encoding seperately before),\n * signaling whether the encryption operation is a public key operation\n * (i.e. encrypting data) or not, i.e. private key operation (data signing).\n *\n * For PKCS#1 v1.5 padding pass in the block type to use, i.e. either 0x01\n * (for signing) or 0x02 (for encryption). The key operation mode (private\n * or public) is derived from this flag in that case).\n *\n * @param m the message to encrypt as a byte string.\n * @param key the RSA key to use.\n * @param bt for PKCS#1 v1.5 padding, the block type to use\n * (0x01 for private key, 0x02 for public),\n * to disable padding: true = public key, false = private key.\n *\n * @return the encrypted bytes as a string.\n */\npki.rsa.encrypt = function(m, key, bt) {\n var pub = bt;\n var eb;\n\n // get the length of the modulus in bytes\n var k = Math.ceil(key.n.bitLength() / 8);\n\n if(bt !== false && bt !== true) {\n // legacy, default to PKCS#1 v1.5 padding\n pub = (bt === 0x02);\n eb = _encodePkcs1_v1_5(m, key, bt);\n } else {\n eb = forge.util.createBuffer();\n eb.putBytes(m);\n }\n\n // load encryption block as big integer 'x'\n // FIXME: hex conversion inefficient, get BigInteger w/byte strings\n var x = new BigInteger(eb.toHex(), 16);\n\n // do RSA encryption\n var y = _modPow(x, key, pub);\n\n // convert y into the encrypted data byte string, if y is shorter in\n // bytes than k, then prepend zero bytes to fill up ed\n // FIXME: hex conversion inefficient, get BigInteger w/byte strings\n var yhex = y.toString(16);\n var ed = forge.util.createBuffer();\n var zeros = k - Math.ceil(yhex.length / 2);\n while(zeros > 0) {\n ed.putByte(0x00);\n --zeros;\n }\n ed.putBytes(forge.util.hexToBytes(yhex));\n return ed.getBytes();\n};\n\n/**\n * NOTE: THIS METHOD IS DEPRECATED, use 'decrypt' on a private key object or\n * 'verify' on a public key object instead.\n *\n * Performs RSA decryption.\n *\n * The parameter ml controls whether to apply PKCS#1 v1.5 padding\n * or not. Set ml = false to disable padding removal completely\n * (in order to handle e.g. EMSA-PSS later on) and simply pass back\n * the RSA encryption block.\n *\n * @param ed the encrypted data to decrypt in as a byte string.\n * @param key the RSA key to use.\n * @param pub true for a public key operation, false for private.\n * @param ml the message length, if known, false to disable padding.\n *\n * @return the decrypted message as a byte string.\n */\npki.rsa.decrypt = function(ed, key, pub, ml) {\n // get the length of the modulus in bytes\n var k = Math.ceil(key.n.bitLength() / 8);\n\n // error if the length of the encrypted data ED is not k\n if(ed.length !== k) {\n var error = new Error('Encrypted message length is invalid.');\n error.length = ed.length;\n error.expected = k;\n throw error;\n }\n\n // convert encrypted data into a big integer\n // FIXME: hex conversion inefficient, get BigInteger w/byte strings\n var y = new BigInteger(forge.util.createBuffer(ed).toHex(), 16);\n\n // y must be less than the modulus or it wasn't the result of\n // a previous mod operation (encryption) using that modulus\n if(y.compareTo(key.n) >= 0) {\n throw new Error('Encrypted message is invalid.');\n }\n\n // do RSA decryption\n var x = _modPow(y, key, pub);\n\n // create the encryption block, if x is shorter in bytes than k, then\n // prepend zero bytes to fill up eb\n // FIXME: hex conversion inefficient, get BigInteger w/byte strings\n var xhex = x.toString(16);\n var eb = forge.util.createBuffer();\n var zeros = k - Math.ceil(xhex.length / 2);\n while(zeros > 0) {\n eb.putByte(0x00);\n --zeros;\n }\n eb.putBytes(forge.util.hexToBytes(xhex));\n\n if(ml !== false) {\n // legacy, default to PKCS#1 v1.5 padding\n return _decodePkcs1_v1_5(eb.getBytes(), key, pub);\n }\n\n // return message\n return eb.getBytes();\n};\n\n/**\n * Creates an RSA key-pair generation state object. It is used to allow\n * key-generation to be performed in steps. It also allows for a UI to\n * display progress updates.\n *\n * @param bits the size for the private key in bits, defaults to 2048.\n * @param e the public exponent to use, defaults to 65537 (0x10001).\n * @param [options] the options to use.\n * prng a custom crypto-secure pseudo-random number generator to use,\n * that must define \"getBytesSync\".\n * algorithm the algorithm to use (default: 'PRIMEINC').\n *\n * @return the state object to use to generate the key-pair.\n */\npki.rsa.createKeyPairGenerationState = function(bits, e, options) {\n // TODO: migrate step-based prime generation code to forge.prime\n\n // set default bits\n if(typeof(bits) === 'string') {\n bits = parseInt(bits, 10);\n }\n bits = bits || 2048;\n\n // create prng with api that matches BigInteger secure random\n options = options || {};\n var prng = options.prng || forge.random;\n var rng = {\n // x is an array to fill with bytes\n nextBytes: function(x) {\n var b = prng.getBytesSync(x.length);\n for(var i = 0; i < x.length; ++i) {\n x[i] = b.charCodeAt(i);\n }\n }\n };\n\n var algorithm = options.algorithm || 'PRIMEINC';\n\n // create PRIMEINC algorithm state\n var rval;\n if(algorithm === 'PRIMEINC') {\n rval = {\n algorithm: algorithm,\n state: 0,\n bits: bits,\n rng: rng,\n eInt: e || 65537,\n e: new BigInteger(null),\n p: null,\n q: null,\n qBits: bits >> 1,\n pBits: bits - (bits >> 1),\n pqState: 0,\n num: null,\n keys: null\n };\n rval.e.fromInt(rval.eInt);\n } else {\n throw new Error('Invalid key generation algorithm: ' + algorithm);\n }\n\n return rval;\n};\n\n/**\n * Attempts to runs the key-generation algorithm for at most n seconds\n * (approximately) using the given state. When key-generation has completed,\n * the keys will be stored in state.keys.\n *\n * To use this function to update a UI while generating a key or to prevent\n * causing browser lockups/warnings, set \"n\" to a value other than 0. A\n * simple pattern for generating a key and showing a progress indicator is:\n *\n * var state = pki.rsa.createKeyPairGenerationState(2048);\n * var step = function() {\n * // step key-generation, run algorithm for 100 ms, repeat\n * if(!forge.pki.rsa.stepKeyPairGenerationState(state, 100)) {\n * setTimeout(step, 1);\n * } else {\n * // key-generation complete\n * // TODO: turn off progress indicator here\n * // TODO: use the generated key-pair in \"state.keys\"\n * }\n * };\n * // TODO: turn on progress indicator here\n * setTimeout(step, 0);\n *\n * @param state the state to use.\n * @param n the maximum number of milliseconds to run the algorithm for, 0\n * to run the algorithm to completion.\n *\n * @return true if the key-generation completed, false if not.\n */\npki.rsa.stepKeyPairGenerationState = function(state, n) {\n // set default algorithm if not set\n if(!('algorithm' in state)) {\n state.algorithm = 'PRIMEINC';\n }\n\n // TODO: migrate step-based prime generation code to forge.prime\n // TODO: abstract as PRIMEINC algorithm\n\n // do key generation (based on Tom Wu's rsa.js, see jsbn.js license)\n // with some minor optimizations and designed to run in steps\n\n // local state vars\n var THIRTY = new BigInteger(null);\n THIRTY.fromInt(30);\n var deltaIdx = 0;\n var op_or = function(x, y) {return x | y;};\n\n // keep stepping until time limit is reached or done\n var t1 = +new Date();\n var t2;\n var total = 0;\n while(state.keys === null && (n <= 0 || total < n)) {\n // generate p or q\n if(state.state === 0) {\n /* Note: All primes are of the form:\n\n 30k+i, for i < 30 and gcd(30, i)=1, where there are 8 values for i\n\n When we generate a random number, we always align it at 30k + 1. Each\n time the number is determined not to be prime we add to get to the\n next 'i', eg: if the number was at 30k + 1 we add 6. */\n var bits = (state.p === null) ? state.pBits : state.qBits;\n var bits1 = bits - 1;\n\n // get a random number\n if(state.pqState === 0) {\n state.num = new BigInteger(bits, state.rng);\n // force MSB set\n if(!state.num.testBit(bits1)) {\n state.num.bitwiseTo(\n BigInteger.ONE.shiftLeft(bits1), op_or, state.num);\n }\n // align number on 30k+1 boundary\n state.num.dAddOffset(31 - state.num.mod(THIRTY).byteValue(), 0);\n deltaIdx = 0;\n\n ++state.pqState;\n } else if(state.pqState === 1) {\n // try to make the number a prime\n if(state.num.bitLength() > bits) {\n // overflow, try again\n state.pqState = 0;\n // do primality test\n } else if(state.num.isProbablePrime(\n _getMillerRabinTests(state.num.bitLength()))) {\n ++state.pqState;\n } else {\n // get next potential prime\n state.num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0);\n }\n } else if(state.pqState === 2) {\n // ensure number is coprime with e\n state.pqState =\n (state.num.subtract(BigInteger.ONE).gcd(state.e)\n .compareTo(BigInteger.ONE) === 0) ? 3 : 0;\n } else if(state.pqState === 3) {\n // store p or q\n state.pqState = 0;\n if(state.p === null) {\n state.p = state.num;\n } else {\n state.q = state.num;\n }\n\n // advance state if both p and q are ready\n if(state.p !== null && state.q !== null) {\n ++state.state;\n }\n state.num = null;\n }\n } else if(state.state === 1) {\n // ensure p is larger than q (swap them if not)\n if(state.p.compareTo(state.q) < 0) {\n state.num = state.p;\n state.p = state.q;\n state.q = state.num;\n }\n ++state.state;\n } else if(state.state === 2) {\n // compute phi: (p - 1)(q - 1) (Euler's totient function)\n state.p1 = state.p.subtract(BigInteger.ONE);\n state.q1 = state.q.subtract(BigInteger.ONE);\n state.phi = state.p1.multiply(state.q1);\n ++state.state;\n } else if(state.state === 3) {\n // ensure e and phi are coprime\n if(state.phi.gcd(state.e).compareTo(BigInteger.ONE) === 0) {\n // phi and e are coprime, advance\n ++state.state;\n } else {\n // phi and e aren't coprime, so generate a new p and q\n state.p = null;\n state.q = null;\n state.state = 0;\n }\n } else if(state.state === 4) {\n // create n, ensure n is has the right number of bits\n state.n = state.p.multiply(state.q);\n\n // ensure n is right number of bits\n if(state.n.bitLength() === state.bits) {\n // success, advance\n ++state.state;\n } else {\n // failed, get new q\n state.q = null;\n state.state = 0;\n }\n } else if(state.state === 5) {\n // set keys\n var d = state.e.modInverse(state.phi);\n state.keys = {\n privateKey: pki.rsa.setPrivateKey(\n state.n, state.e, d, state.p, state.q,\n d.mod(state.p1), d.mod(state.q1),\n state.q.modInverse(state.p)),\n publicKey: pki.rsa.setPublicKey(state.n, state.e)\n };\n }\n\n // update timing\n t2 = +new Date();\n total += t2 - t1;\n t1 = t2;\n }\n\n return state.keys !== null;\n};\n\n/**\n * Generates an RSA public-private key pair in a single call.\n *\n * To generate a key-pair in steps (to allow for progress updates and to\n * prevent blocking or warnings in slow browsers) then use the key-pair\n * generation state functions.\n *\n * To generate a key-pair asynchronously (either through web-workers, if\n * available, or by breaking up the work on the main thread), pass a\n * callback function.\n *\n * @param [bits] the size for the private key in bits, defaults to 2048.\n * @param [e] the public exponent to use, defaults to 65537.\n * @param [options] options for key-pair generation, if given then 'bits'\n * and 'e' must *not* be given:\n * bits the size for the private key in bits, (default: 2048).\n * e the public exponent to use, (default: 65537 (0x10001)).\n * workerScript the worker script URL.\n * workers the number of web workers (if supported) to use,\n * (default: 2).\n * workLoad the size of the work load, ie: number of possible prime\n * numbers for each web worker to check per work assignment,\n * (default: 100).\n * prng a custom crypto-secure pseudo-random number generator to use,\n * that must define \"getBytesSync\". Disables use of native APIs.\n * algorithm the algorithm to use (default: 'PRIMEINC').\n * @param [callback(err, keypair)] called once the operation completes.\n *\n * @return an object with privateKey and publicKey properties.\n */\npki.rsa.generateKeyPair = function(bits, e, options, callback) {\n // (bits), (options), (callback)\n if(arguments.length === 1) {\n if(typeof bits === 'object') {\n options = bits;\n bits = undefined;\n } else if(typeof bits === 'function') {\n callback = bits;\n bits = undefined;\n }\n } else if(arguments.length === 2) {\n // (bits, e), (bits, options), (bits, callback), (options, callback)\n if(typeof bits === 'number') {\n if(typeof e === 'function') {\n callback = e;\n e = undefined;\n } else if(typeof e !== 'number') {\n options = e;\n e = undefined;\n }\n } else {\n options = bits;\n callback = e;\n bits = undefined;\n e = undefined;\n }\n } else if(arguments.length === 3) {\n // (bits, e, options), (bits, e, callback), (bits, options, callback)\n if(typeof e === 'number') {\n if(typeof options === 'function') {\n callback = options;\n options = undefined;\n }\n } else {\n callback = options;\n options = e;\n e = undefined;\n }\n }\n options = options || {};\n if(bits === undefined) {\n bits = options.bits || 2048;\n }\n if(e === undefined) {\n e = options.e || 0x10001;\n }\n\n // use native code if permitted, available, and parameters are acceptable\n if(!forge.options.usePureJavaScript && !options.prng &&\n bits >= 256 && bits <= 16384 && (e === 0x10001 || e === 3)) {\n if(callback) {\n // try native async\n if(_detectNodeCrypto('generateKeyPair')) {\n return _crypto.generateKeyPair('rsa', {\n modulusLength: bits,\n publicExponent: e,\n publicKeyEncoding: {\n type: 'spki',\n format: 'pem'\n },\n privateKeyEncoding: {\n type: 'pkcs8',\n format: 'pem'\n }\n }, function(err, pub, priv) {\n if(err) {\n return callback(err);\n }\n callback(null, {\n privateKey: pki.privateKeyFromPem(priv),\n publicKey: pki.publicKeyFromPem(pub)\n });\n });\n }\n if(_detectSubtleCrypto('generateKey') &&\n _detectSubtleCrypto('exportKey')) {\n // use standard native generateKey\n return util.globalScope.crypto.subtle.generateKey({\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits,\n publicExponent: _intToUint8Array(e),\n hash: {name: 'SHA-256'}\n }, true /* key can be exported*/, ['sign', 'verify'])\n .then(function(pair) {\n return util.globalScope.crypto.subtle.exportKey(\n 'pkcs8', pair.privateKey);\n // avoiding catch(function(err) {...}) to support IE <= 8\n }).then(undefined, function(err) {\n callback(err);\n }).then(function(pkcs8) {\n if(pkcs8) {\n var privateKey = pki.privateKeyFromAsn1(\n asn1.fromDer(forge.util.createBuffer(pkcs8)));\n callback(null, {\n privateKey: privateKey,\n publicKey: pki.setRsaPublicKey(privateKey.n, privateKey.e)\n });\n }\n });\n }\n if(_detectSubtleMsCrypto('generateKey') &&\n _detectSubtleMsCrypto('exportKey')) {\n var genOp = util.globalScope.msCrypto.subtle.generateKey({\n name: 'RSASSA-PKCS1-v1_5',\n modulusLength: bits,\n publicExponent: _intToUint8Array(e),\n hash: {name: 'SHA-256'}\n }, true /* key can be exported*/, ['sign', 'verify']);\n genOp.oncomplete = function(e) {\n var pair = e.target.result;\n var exportOp = util.globalScope.msCrypto.subtle.exportKey(\n 'pkcs8', pair.privateKey);\n exportOp.oncomplete = function(e) {\n var pkcs8 = e.target.result;\n var privateKey = pki.privateKeyFromAsn1(\n asn1.fromDer(forge.util.createBuffer(pkcs8)));\n callback(null, {\n privateKey: privateKey,\n publicKey: pki.setRsaPublicKey(privateKey.n, privateKey.e)\n });\n };\n exportOp.onerror = function(err) {\n callback(err);\n };\n };\n genOp.onerror = function(err) {\n callback(err);\n };\n return;\n }\n } else {\n // try native sync\n if(_detectNodeCrypto('generateKeyPairSync')) {\n var keypair = _crypto.generateKeyPairSync('rsa', {\n modulusLength: bits,\n publicExponent: e,\n publicKeyEncoding: {\n type: 'spki',\n format: 'pem'\n },\n privateKeyEncoding: {\n type: 'pkcs8',\n format: 'pem'\n }\n });\n return {\n privateKey: pki.privateKeyFromPem(keypair.privateKey),\n publicKey: pki.publicKeyFromPem(keypair.publicKey)\n };\n }\n }\n }\n\n // use JavaScript implementation\n var state = pki.rsa.createKeyPairGenerationState(bits, e, options);\n if(!callback) {\n pki.rsa.stepKeyPairGenerationState(state, 0);\n return state.keys;\n }\n _generateKeyPair(state, options, callback);\n};\n\n/**\n * Sets an RSA public key from BigIntegers modulus and exponent.\n *\n * @param n the modulus.\n * @param e the exponent.\n *\n * @return the public key.\n */\npki.setRsaPublicKey = pki.rsa.setPublicKey = function(n, e) {\n var key = {\n n: n,\n e: e\n };\n\n /**\n * Encrypts the given data with this public key. Newer applications\n * should use the 'RSA-OAEP' decryption scheme, 'RSAES-PKCS1-V1_5' is for\n * legacy applications.\n *\n * @param data the byte string to encrypt.\n * @param scheme the encryption scheme to use:\n * 'RSAES-PKCS1-V1_5' (default),\n * 'RSA-OAEP',\n * 'RAW', 'NONE', or null to perform raw RSA encryption,\n * an object with an 'encode' property set to a function\n * with the signature 'function(data, key)' that returns\n * a binary-encoded string representing the encoded data.\n * @param schemeOptions any scheme-specific options.\n *\n * @return the encrypted byte string.\n */\n key.encrypt = function(data, scheme, schemeOptions) {\n if(typeof scheme === 'string') {\n scheme = scheme.toUpperCase();\n } else if(scheme === undefined) {\n scheme = 'RSAES-PKCS1-V1_5';\n }\n\n if(scheme === 'RSAES-PKCS1-V1_5') {\n scheme = {\n encode: function(m, key, pub) {\n return _encodePkcs1_v1_5(m, key, 0x02).getBytes();\n }\n };\n } else if(scheme === 'RSA-OAEP' || scheme === 'RSAES-OAEP') {\n scheme = {\n encode: function(m, key) {\n return forge.pkcs1.encode_rsa_oaep(key, m, schemeOptions);\n }\n };\n } else if(['RAW', 'NONE', 'NULL', null].indexOf(scheme) !== -1) {\n scheme = {encode: function(e) {return e;}};\n } else if(typeof scheme === 'string') {\n throw new Error('Unsupported encryption scheme: \"' + scheme + '\".');\n }\n\n // do scheme-based encoding then rsa encryption\n var e = scheme.encode(data, key, true);\n return pki.rsa.encrypt(e, key, true);\n };\n\n /**\n * Verifies the given signature against the given digest.\n *\n * PKCS#1 supports multiple (currently two) signature schemes:\n * RSASSA-PKCS1-V1_5 and RSASSA-PSS.\n *\n * By default this implementation uses the \"old scheme\", i.e.\n * RSASSA-PKCS1-V1_5, in which case once RSA-decrypted, the\n * signature is an OCTET STRING that holds a DigestInfo.\n *\n * DigestInfo ::= SEQUENCE {\n * digestAlgorithm DigestAlgorithmIdentifier,\n * digest Digest\n * }\n * DigestAlgorithmIdentifier ::= AlgorithmIdentifier\n * Digest ::= OCTET STRING\n *\n * To perform PSS signature verification, provide an instance\n * of Forge PSS object as the scheme parameter.\n *\n * @param digest the message digest hash to compare against the signature,\n * as a binary-encoded string.\n * @param signature the signature to verify, as a binary-encoded string.\n * @param scheme signature verification scheme to use:\n * 'RSASSA-PKCS1-V1_5' or undefined for RSASSA PKCS#1 v1.5,\n * a Forge PSS object for RSASSA-PSS,\n * 'NONE' or null for none, DigestInfo will not be expected, but\n * PKCS#1 v1.5 padding will still be used.\n * @param options optional verify options\n * _parseAllDigestBytes testing flag to control parsing of all\n * digest bytes. Unsupported and not for general usage.\n * (default: true)\n *\n * @return true if the signature was verified, false if not.\n */\n key.verify = function(digest, signature, scheme, options) {\n if(typeof scheme === 'string') {\n scheme = scheme.toUpperCase();\n } else if(scheme === undefined) {\n scheme = 'RSASSA-PKCS1-V1_5';\n }\n if(options === undefined) {\n options = {\n _parseAllDigestBytes: true\n };\n }\n if(!('_parseAllDigestBytes' in options)) {\n options._parseAllDigestBytes = true;\n }\n\n if(scheme === 'RSASSA-PKCS1-V1_5') {\n scheme = {\n verify: function(digest, d) {\n // remove padding\n d = _decodePkcs1_v1_5(d, key, true);\n // d is ASN.1 BER-encoded DigestInfo\n var obj = asn1.fromDer(d, {\n parseAllBytes: options._parseAllDigestBytes\n });\n\n // validate DigestInfo\n var capture = {};\n var errors = [];\n if(!asn1.validate(obj, digestInfoValidator, capture, errors)) {\n var error = new Error(\n 'ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 ' +\n 'DigestInfo value.');\n error.errors = errors;\n throw error;\n }\n // check hash algorithm identifier\n // see PKCS1-v1-5DigestAlgorithms in RFC 8017\n // FIXME: add support to vaidator for strict value choices\n var oid = asn1.derToOid(capture.algorithmIdentifier);\n if(!(oid === forge.oids.md2 ||\n oid === forge.oids.md5 ||\n oid === forge.oids.sha1 ||\n oid === forge.oids.sha224 ||\n oid === forge.oids.sha256 ||\n oid === forge.oids.sha384 ||\n oid === forge.oids.sha512 ||\n oid === forge.oids['sha512-224'] ||\n oid === forge.oids['sha512-256'])) {\n var error = new Error(\n 'Unknown RSASSA-PKCS1-v1_5 DigestAlgorithm identifier.');\n error.oid = oid;\n throw error;\n }\n\n // special check for md2 and md5 that NULL parameters exist\n if(oid === forge.oids.md2 || oid === forge.oids.md5) {\n if(!('parameters' in capture)) {\n throw new Error(\n 'ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 ' +\n 'DigestInfo value. ' +\n 'Missing algorithm identifer NULL parameters.');\n }\n }\n\n // compare the given digest to the decrypted one\n return digest === capture.digest;\n }\n };\n } else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) {\n scheme = {\n verify: function(digest, d) {\n // remove padding\n d = _decodePkcs1_v1_5(d, key, true);\n return digest === d;\n }\n };\n }\n\n // do rsa decryption w/o any decoding, then verify -- which does decoding\n var d = pki.rsa.decrypt(signature, key, true, false);\n return scheme.verify(digest, d, key.n.bitLength());\n };\n\n return key;\n};\n\n/**\n * Sets an RSA private key from BigIntegers modulus, exponent, primes,\n * prime exponents, and modular multiplicative inverse.\n *\n * @param n the modulus.\n * @param e the public exponent.\n * @param d the private exponent ((inverse of e) mod n).\n * @param p the first prime.\n * @param q the second prime.\n * @param dP exponent1 (d mod (p-1)).\n * @param dQ exponent2 (d mod (q-1)).\n * @param qInv ((inverse of q) mod p)\n *\n * @return the private key.\n */\npki.setRsaPrivateKey = pki.rsa.setPrivateKey = function(\n n, e, d, p, q, dP, dQ, qInv) {\n var key = {\n n: n,\n e: e,\n d: d,\n p: p,\n q: q,\n dP: dP,\n dQ: dQ,\n qInv: qInv\n };\n\n /**\n * Decrypts the given data with this private key. The decryption scheme\n * must match the one used to encrypt the data.\n *\n * @param data the byte string to decrypt.\n * @param scheme the decryption scheme to use:\n * 'RSAES-PKCS1-V1_5' (default),\n * 'RSA-OAEP',\n * 'RAW', 'NONE', or null to perform raw RSA decryption.\n * @param schemeOptions any scheme-specific options.\n *\n * @return the decrypted byte string.\n */\n key.decrypt = function(data, scheme, schemeOptions) {\n if(typeof scheme === 'string') {\n scheme = scheme.toUpperCase();\n } else if(scheme === undefined) {\n scheme = 'RSAES-PKCS1-V1_5';\n }\n\n // do rsa decryption w/o any decoding\n var d = pki.rsa.decrypt(data, key, false, false);\n\n if(scheme === 'RSAES-PKCS1-V1_5') {\n scheme = {decode: _decodePkcs1_v1_5};\n } else if(scheme === 'RSA-OAEP' || scheme === 'RSAES-OAEP') {\n scheme = {\n decode: function(d, key) {\n return forge.pkcs1.decode_rsa_oaep(key, d, schemeOptions);\n }\n };\n } else if(['RAW', 'NONE', 'NULL', null].indexOf(scheme) !== -1) {\n scheme = {decode: function(d) {return d;}};\n } else {\n throw new Error('Unsupported encryption scheme: \"' + scheme + '\".');\n }\n\n // decode according to scheme\n return scheme.decode(d, key, false);\n };\n\n /**\n * Signs the given digest, producing a signature.\n *\n * PKCS#1 supports multiple (currently two) signature schemes:\n * RSASSA-PKCS1-V1_5 and RSASSA-PSS.\n *\n * By default this implementation uses the \"old scheme\", i.e.\n * RSASSA-PKCS1-V1_5. In order to generate a PSS signature, provide\n * an instance of Forge PSS object as the scheme parameter.\n *\n * @param md the message digest object with the hash to sign.\n * @param scheme the signature scheme to use:\n * 'RSASSA-PKCS1-V1_5' or undefined for RSASSA PKCS#1 v1.5,\n * a Forge PSS object for RSASSA-PSS,\n * 'NONE' or null for none, DigestInfo will not be used but\n * PKCS#1 v1.5 padding will still be used.\n *\n * @return the signature as a byte string.\n */\n key.sign = function(md, scheme) {\n /* Note: The internal implementation of RSA operations is being\n transitioned away from a PKCS#1 v1.5 hard-coded scheme. Some legacy\n code like the use of an encoding block identifier 'bt' will eventually\n be removed. */\n\n // private key operation\n var bt = false;\n\n if(typeof scheme === 'string') {\n scheme = scheme.toUpperCase();\n }\n\n if(scheme === undefined || scheme === 'RSASSA-PKCS1-V1_5') {\n scheme = {encode: emsaPkcs1v15encode};\n bt = 0x01;\n } else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) {\n scheme = {encode: function() {return md;}};\n bt = 0x01;\n }\n\n // encode and then encrypt\n var d = scheme.encode(md, key.n.bitLength());\n return pki.rsa.encrypt(d, key, bt);\n };\n\n return key;\n};\n\n/**\n * Wraps an RSAPrivateKey ASN.1 object in an ASN.1 PrivateKeyInfo object.\n *\n * @param rsaKey the ASN.1 RSAPrivateKey.\n *\n * @return the ASN.1 PrivateKeyInfo.\n */\npki.wrapRsaPrivateKey = function(rsaKey) {\n // PrivateKeyInfo\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // version (0)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(0).getBytes()),\n // privateKeyAlgorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n ]),\n // PrivateKey\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n asn1.toDer(rsaKey).getBytes())\n ]);\n};\n\n/**\n * Converts a private key from an ASN.1 object.\n *\n * @param obj the ASN.1 representation of a PrivateKeyInfo containing an\n * RSAPrivateKey or an RSAPrivateKey.\n *\n * @return the private key.\n */\npki.privateKeyFromAsn1 = function(obj) {\n // get PrivateKeyInfo\n var capture = {};\n var errors = [];\n if(asn1.validate(obj, privateKeyValidator, capture, errors)) {\n obj = asn1.fromDer(forge.util.createBuffer(capture.privateKey));\n }\n\n // get RSAPrivateKey\n capture = {};\n errors = [];\n if(!asn1.validate(obj, rsaPrivateKeyValidator, capture, errors)) {\n var error = new Error('Cannot read private key. ' +\n 'ASN.1 object does not contain an RSAPrivateKey.');\n error.errors = errors;\n throw error;\n }\n\n // Note: Version is currently ignored.\n // capture.privateKeyVersion\n // FIXME: inefficient, get a BigInteger that uses byte strings\n var n, e, d, p, q, dP, dQ, qInv;\n n = forge.util.createBuffer(capture.privateKeyModulus).toHex();\n e = forge.util.createBuffer(capture.privateKeyPublicExponent).toHex();\n d = forge.util.createBuffer(capture.privateKeyPrivateExponent).toHex();\n p = forge.util.createBuffer(capture.privateKeyPrime1).toHex();\n q = forge.util.createBuffer(capture.privateKeyPrime2).toHex();\n dP = forge.util.createBuffer(capture.privateKeyExponent1).toHex();\n dQ = forge.util.createBuffer(capture.privateKeyExponent2).toHex();\n qInv = forge.util.createBuffer(capture.privateKeyCoefficient).toHex();\n\n // set private key\n return pki.setRsaPrivateKey(\n new BigInteger(n, 16),\n new BigInteger(e, 16),\n new BigInteger(d, 16),\n new BigInteger(p, 16),\n new BigInteger(q, 16),\n new BigInteger(dP, 16),\n new BigInteger(dQ, 16),\n new BigInteger(qInv, 16));\n};\n\n/**\n * Converts a private key to an ASN.1 RSAPrivateKey.\n *\n * @param key the private key.\n *\n * @return the ASN.1 representation of an RSAPrivateKey.\n */\npki.privateKeyToAsn1 = pki.privateKeyToRSAPrivateKey = function(key) {\n // RSAPrivateKey\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // version (0 = only 2 primes, 1 multiple primes)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(0).getBytes()),\n // modulus (n)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n _bnToBytes(key.n)),\n // publicExponent (e)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n _bnToBytes(key.e)),\n // privateExponent (d)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n _bnToBytes(key.d)),\n // privateKeyPrime1 (p)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n _bnToBytes(key.p)),\n // privateKeyPrime2 (q)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n _bnToBytes(key.q)),\n // privateKeyExponent1 (dP)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n _bnToBytes(key.dP)),\n // privateKeyExponent2 (dQ)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n _bnToBytes(key.dQ)),\n // coefficient (qInv)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n _bnToBytes(key.qInv))\n ]);\n};\n\n/**\n * Converts a public key from an ASN.1 SubjectPublicKeyInfo or RSAPublicKey.\n *\n * @param obj the asn1 representation of a SubjectPublicKeyInfo or RSAPublicKey.\n *\n * @return the public key.\n */\npki.publicKeyFromAsn1 = function(obj) {\n // get SubjectPublicKeyInfo\n var capture = {};\n var errors = [];\n if(asn1.validate(obj, publicKeyValidator, capture, errors)) {\n // get oid\n var oid = asn1.derToOid(capture.publicKeyOid);\n if(oid !== pki.oids.rsaEncryption) {\n var error = new Error('Cannot read public key. Unknown OID.');\n error.oid = oid;\n throw error;\n }\n obj = capture.rsaPublicKey;\n }\n\n // get RSA params\n errors = [];\n if(!asn1.validate(obj, rsaPublicKeyValidator, capture, errors)) {\n var error = new Error('Cannot read public key. ' +\n 'ASN.1 object does not contain an RSAPublicKey.');\n error.errors = errors;\n throw error;\n }\n\n // FIXME: inefficient, get a BigInteger that uses byte strings\n var n = forge.util.createBuffer(capture.publicKeyModulus).toHex();\n var e = forge.util.createBuffer(capture.publicKeyExponent).toHex();\n\n // set public key\n return pki.setRsaPublicKey(\n new BigInteger(n, 16),\n new BigInteger(e, 16));\n};\n\n/**\n * Converts a public key to an ASN.1 SubjectPublicKeyInfo.\n *\n * @param key the public key.\n *\n * @return the asn1 representation of a SubjectPublicKeyInfo.\n */\npki.publicKeyToAsn1 = pki.publicKeyToSubjectPublicKeyInfo = function(key) {\n // SubjectPublicKeyInfo\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // AlgorithmIdentifier\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // algorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),\n // parameters (null)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n ]),\n // subjectPublicKey\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, [\n pki.publicKeyToRSAPublicKey(key)\n ])\n ]);\n};\n\n/**\n * Converts a public key to an ASN.1 RSAPublicKey.\n *\n * @param key the public key.\n *\n * @return the asn1 representation of a RSAPublicKey.\n */\npki.publicKeyToRSAPublicKey = function(key) {\n // RSAPublicKey\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // modulus (n)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n _bnToBytes(key.n)),\n // publicExponent (e)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n _bnToBytes(key.e))\n ]);\n};\n\n/**\n * Encodes a message using PKCS#1 v1.5 padding.\n *\n * @param m the message to encode.\n * @param key the RSA key to use.\n * @param bt the block type to use, i.e. either 0x01 (for signing) or 0x02\n * (for encryption).\n *\n * @return the padded byte buffer.\n */\nfunction _encodePkcs1_v1_5(m, key, bt) {\n var eb = forge.util.createBuffer();\n\n // get the length of the modulus in bytes\n var k = Math.ceil(key.n.bitLength() / 8);\n\n /* use PKCS#1 v1.5 padding */\n if(m.length > (k - 11)) {\n var error = new Error('Message is too long for PKCS#1 v1.5 padding.');\n error.length = m.length;\n error.max = k - 11;\n throw error;\n }\n\n /* A block type BT, a padding string PS, and the data D shall be\n formatted into an octet string EB, the encryption block:\n\n EB = 00 || BT || PS || 00 || D\n\n The block type BT shall be a single octet indicating the structure of\n the encryption block. For this version of the document it shall have\n value 00, 01, or 02. For a private-key operation, the block type\n shall be 00 or 01. For a public-key operation, it shall be 02.\n\n The padding string PS shall consist of k-3-||D|| octets. For block\n type 00, the octets shall have value 00; for block type 01, they\n shall have value FF; and for block type 02, they shall be\n pseudorandomly generated and nonzero. This makes the length of the\n encryption block EB equal to k. */\n\n // build the encryption block\n eb.putByte(0x00);\n eb.putByte(bt);\n\n // create the padding\n var padNum = k - 3 - m.length;\n var padByte;\n // private key op\n if(bt === 0x00 || bt === 0x01) {\n padByte = (bt === 0x00) ? 0x00 : 0xFF;\n for(var i = 0; i < padNum; ++i) {\n eb.putByte(padByte);\n }\n } else {\n // public key op\n // pad with random non-zero values\n while(padNum > 0) {\n var numZeros = 0;\n var padBytes = forge.random.getBytes(padNum);\n for(var i = 0; i < padNum; ++i) {\n padByte = padBytes.charCodeAt(i);\n if(padByte === 0) {\n ++numZeros;\n } else {\n eb.putByte(padByte);\n }\n }\n padNum = numZeros;\n }\n }\n\n // zero followed by message\n eb.putByte(0x00);\n eb.putBytes(m);\n\n return eb;\n}\n\n/**\n * Decodes a message using PKCS#1 v1.5 padding.\n *\n * @param em the message to decode.\n * @param key the RSA key to use.\n * @param pub true if the key is a public key, false if it is private.\n * @param ml the message length, if specified.\n *\n * @return the decoded bytes.\n */\nfunction _decodePkcs1_v1_5(em, key, pub, ml) {\n // get the length of the modulus in bytes\n var k = Math.ceil(key.n.bitLength() / 8);\n\n /* It is an error if any of the following conditions occurs:\n\n 1. The encryption block EB cannot be parsed unambiguously.\n 2. The padding string PS consists of fewer than eight octets\n or is inconsisent with the block type BT.\n 3. The decryption process is a public-key operation and the block\n type BT is not 00 or 01, or the decryption process is a\n private-key operation and the block type is not 02.\n */\n\n // parse the encryption block\n var eb = forge.util.createBuffer(em);\n var first = eb.getByte();\n var bt = eb.getByte();\n if(first !== 0x00 ||\n (pub && bt !== 0x00 && bt !== 0x01) ||\n (!pub && bt != 0x02) ||\n (pub && bt === 0x00 && typeof(ml) === 'undefined')) {\n throw new Error('Encryption block is invalid.');\n }\n\n var padNum = 0;\n if(bt === 0x00) {\n // check all padding bytes for 0x00\n padNum = k - 3 - ml;\n for(var i = 0; i < padNum; ++i) {\n if(eb.getByte() !== 0x00) {\n throw new Error('Encryption block is invalid.');\n }\n }\n } else if(bt === 0x01) {\n // find the first byte that isn't 0xFF, should be after all padding\n padNum = 0;\n while(eb.length() > 1) {\n if(eb.getByte() !== 0xFF) {\n --eb.read;\n break;\n }\n ++padNum;\n }\n } else if(bt === 0x02) {\n // look for 0x00 byte\n padNum = 0;\n while(eb.length() > 1) {\n if(eb.getByte() === 0x00) {\n --eb.read;\n break;\n }\n ++padNum;\n }\n }\n\n // zero must be 0x00 and padNum must be (k - 3 - message length)\n var zero = eb.getByte();\n if(zero !== 0x00 || padNum !== (k - 3 - eb.length())) {\n throw new Error('Encryption block is invalid.');\n }\n\n return eb.getBytes();\n}\n\n/**\n * Runs the key-generation algorithm asynchronously, either in the background\n * via Web Workers, or using the main thread and setImmediate.\n *\n * @param state the key-pair generation state.\n * @param [options] options for key-pair generation:\n * workerScript the worker script URL.\n * workers the number of web workers (if supported) to use,\n * (default: 2, -1 to use estimated cores minus one).\n * workLoad the size of the work load, ie: number of possible prime\n * numbers for each web worker to check per work assignment,\n * (default: 100).\n * @param callback(err, keypair) called once the operation completes.\n */\nfunction _generateKeyPair(state, options, callback) {\n if(typeof options === 'function') {\n callback = options;\n options = {};\n }\n options = options || {};\n\n var opts = {\n algorithm: {\n name: options.algorithm || 'PRIMEINC',\n options: {\n workers: options.workers || 2,\n workLoad: options.workLoad || 100,\n workerScript: options.workerScript\n }\n }\n };\n if('prng' in options) {\n opts.prng = options.prng;\n }\n\n generate();\n\n function generate() {\n // find p and then q (done in series to simplify)\n getPrime(state.pBits, function(err, num) {\n if(err) {\n return callback(err);\n }\n state.p = num;\n if(state.q !== null) {\n return finish(err, state.q);\n }\n getPrime(state.qBits, finish);\n });\n }\n\n function getPrime(bits, callback) {\n forge.prime.generateProbablePrime(bits, opts, callback);\n }\n\n function finish(err, num) {\n if(err) {\n return callback(err);\n }\n\n // set q\n state.q = num;\n\n // ensure p is larger than q (swap them if not)\n if(state.p.compareTo(state.q) < 0) {\n var tmp = state.p;\n state.p = state.q;\n state.q = tmp;\n }\n\n // ensure p is coprime with e\n if(state.p.subtract(BigInteger.ONE).gcd(state.e)\n .compareTo(BigInteger.ONE) !== 0) {\n state.p = null;\n generate();\n return;\n }\n\n // ensure q is coprime with e\n if(state.q.subtract(BigInteger.ONE).gcd(state.e)\n .compareTo(BigInteger.ONE) !== 0) {\n state.q = null;\n getPrime(state.qBits, finish);\n return;\n }\n\n // compute phi: (p - 1)(q - 1) (Euler's totient function)\n state.p1 = state.p.subtract(BigInteger.ONE);\n state.q1 = state.q.subtract(BigInteger.ONE);\n state.phi = state.p1.multiply(state.q1);\n\n // ensure e and phi are coprime\n if(state.phi.gcd(state.e).compareTo(BigInteger.ONE) !== 0) {\n // phi and e aren't coprime, so generate a new p and q\n state.p = state.q = null;\n generate();\n return;\n }\n\n // create n, ensure n is has the right number of bits\n state.n = state.p.multiply(state.q);\n if(state.n.bitLength() !== state.bits) {\n // failed, get new q\n state.q = null;\n getPrime(state.qBits, finish);\n return;\n }\n\n // set keys\n var d = state.e.modInverse(state.phi);\n state.keys = {\n privateKey: pki.rsa.setPrivateKey(\n state.n, state.e, d, state.p, state.q,\n d.mod(state.p1), d.mod(state.q1),\n state.q.modInverse(state.p)),\n publicKey: pki.rsa.setPublicKey(state.n, state.e)\n };\n\n callback(null, state.keys);\n }\n}\n\n/**\n * Converts a positive BigInteger into 2's-complement big-endian bytes.\n *\n * @param b the big integer to convert.\n *\n * @return the bytes.\n */\nfunction _bnToBytes(b) {\n // prepend 0x00 if first byte >= 0x80\n var hex = b.toString(16);\n if(hex[0] >= '8') {\n hex = '00' + hex;\n }\n var bytes = forge.util.hexToBytes(hex);\n\n // ensure integer is minimally-encoded\n if(bytes.length > 1 &&\n // leading 0x00 for positive integer\n ((bytes.charCodeAt(0) === 0 &&\n (bytes.charCodeAt(1) & 0x80) === 0) ||\n // leading 0xFF for negative integer\n (bytes.charCodeAt(0) === 0xFF &&\n (bytes.charCodeAt(1) & 0x80) === 0x80))) {\n return bytes.substr(1);\n }\n return bytes;\n}\n\n/**\n * Returns the required number of Miller-Rabin tests to generate a\n * prime with an error probability of (1/2)^80.\n *\n * See Handbook of Applied Cryptography Chapter 4, Table 4.4.\n *\n * @param bits the bit size.\n *\n * @return the required number of iterations.\n */\nfunction _getMillerRabinTests(bits) {\n if(bits <= 100) return 27;\n if(bits <= 150) return 18;\n if(bits <= 200) return 15;\n if(bits <= 250) return 12;\n if(bits <= 300) return 9;\n if(bits <= 350) return 8;\n if(bits <= 400) return 7;\n if(bits <= 500) return 6;\n if(bits <= 600) return 5;\n if(bits <= 800) return 4;\n if(bits <= 1250) return 3;\n return 2;\n}\n\n/**\n * Performs feature detection on the Node crypto interface.\n *\n * @param fn the feature (function) to detect.\n *\n * @return true if detected, false if not.\n */\nfunction _detectNodeCrypto(fn) {\n return forge.util.isNodejs && typeof _crypto[fn] === 'function';\n}\n\n/**\n * Performs feature detection on the SubtleCrypto interface.\n *\n * @param fn the feature (function) to detect.\n *\n * @return true if detected, false if not.\n */\nfunction _detectSubtleCrypto(fn) {\n return (typeof util.globalScope !== 'undefined' &&\n typeof util.globalScope.crypto === 'object' &&\n typeof util.globalScope.crypto.subtle === 'object' &&\n typeof util.globalScope.crypto.subtle[fn] === 'function');\n}\n\n/**\n * Performs feature detection on the deprecated Microsoft Internet Explorer\n * outdated SubtleCrypto interface. This function should only be used after\n * checking for the modern, standard SubtleCrypto interface.\n *\n * @param fn the feature (function) to detect.\n *\n * @return true if detected, false if not.\n */\nfunction _detectSubtleMsCrypto(fn) {\n return (typeof util.globalScope !== 'undefined' &&\n typeof util.globalScope.msCrypto === 'object' &&\n typeof util.globalScope.msCrypto.subtle === 'object' &&\n typeof util.globalScope.msCrypto.subtle[fn] === 'function');\n}\n\nfunction _intToUint8Array(x) {\n var bytes = forge.util.hexToBytes(x.toString(16));\n var buffer = new Uint8Array(bytes.length);\n for(var i = 0; i < bytes.length; ++i) {\n buffer[i] = bytes.charCodeAt(i);\n }\n return buffer;\n}\n\nfunction _privateKeyFromJwk(jwk) {\n if(jwk.kty !== 'RSA') {\n throw new Error(\n 'Unsupported key algorithm \"' + jwk.kty + '\"; algorithm must be \"RSA\".');\n }\n return pki.setRsaPrivateKey(\n _base64ToBigInt(jwk.n),\n _base64ToBigInt(jwk.e),\n _base64ToBigInt(jwk.d),\n _base64ToBigInt(jwk.p),\n _base64ToBigInt(jwk.q),\n _base64ToBigInt(jwk.dp),\n _base64ToBigInt(jwk.dq),\n _base64ToBigInt(jwk.qi));\n}\n\nfunction _publicKeyFromJwk(jwk) {\n if(jwk.kty !== 'RSA') {\n throw new Error('Key algorithm must be \"RSA\".');\n }\n return pki.setRsaPublicKey(\n _base64ToBigInt(jwk.n),\n _base64ToBigInt(jwk.e));\n}\n\nfunction _base64ToBigInt(b64) {\n return new BigInteger(forge.util.bytesToHex(forge.util.decode64(b64)), 16);\n}\n","/**\n * Password-based encryption functions.\n *\n * @author Dave Longley\n * @author Stefan Siegl <stesie@brokenpipe.de>\n *\n * Copyright (c) 2010-2013 Digital Bazaar, Inc.\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n *\n * An EncryptedPrivateKeyInfo:\n *\n * EncryptedPrivateKeyInfo ::= SEQUENCE {\n * encryptionAlgorithm EncryptionAlgorithmIdentifier,\n * encryptedData EncryptedData }\n *\n * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier\n *\n * EncryptedData ::= OCTET STRING\n */\nvar forge = require('./forge');\nrequire('./aes');\nrequire('./asn1');\nrequire('./des');\nrequire('./md');\nrequire('./oids');\nrequire('./pbkdf2');\nrequire('./pem');\nrequire('./random');\nrequire('./rc2');\nrequire('./rsa');\nrequire('./util');\n\nif(typeof BigInteger === 'undefined') {\n var BigInteger = forge.jsbn.BigInteger;\n}\n\n// shortcut for asn.1 API\nvar asn1 = forge.asn1;\n\n/* Password-based encryption implementation. */\nvar pki = forge.pki = forge.pki || {};\nmodule.exports = pki.pbe = forge.pbe = forge.pbe || {};\nvar oids = pki.oids;\n\n// validator for an EncryptedPrivateKeyInfo structure\n// Note: Currently only works w/algorithm params\nvar encryptedPrivateKeyValidator = {\n name: 'EncryptedPrivateKeyInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'EncryptedPrivateKeyInfo.encryptionAlgorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'AlgorithmIdentifier.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'encryptionOid'\n }, {\n name: 'AlgorithmIdentifier.parameters',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n captureAsn1: 'encryptionParams'\n }]\n }, {\n // encryptedData\n name: 'EncryptedPrivateKeyInfo.encryptedData',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OCTETSTRING,\n constructed: false,\n capture: 'encryptedData'\n }]\n};\n\n// validator for a PBES2Algorithms structure\n// Note: Currently only works w/PBKDF2 + AES encryption schemes\nvar PBES2AlgorithmsValidator = {\n name: 'PBES2Algorithms',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'PBES2Algorithms.keyDerivationFunc',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'PBES2Algorithms.keyDerivationFunc.oid',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'kdfOid'\n }, {\n name: 'PBES2Algorithms.params',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'PBES2Algorithms.params.salt',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OCTETSTRING,\n constructed: false,\n capture: 'kdfSalt'\n }, {\n name: 'PBES2Algorithms.params.iterationCount',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'kdfIterationCount'\n }, {\n name: 'PBES2Algorithms.params.keyLength',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n optional: true,\n capture: 'keyLength'\n }, {\n // prf\n name: 'PBES2Algorithms.params.prf',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n optional: true,\n value: [{\n name: 'PBES2Algorithms.params.prf.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'prfOid'\n }]\n }]\n }]\n }, {\n name: 'PBES2Algorithms.encryptionScheme',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'PBES2Algorithms.encryptionScheme.oid',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'encOid'\n }, {\n name: 'PBES2Algorithms.encryptionScheme.iv',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OCTETSTRING,\n constructed: false,\n capture: 'encIv'\n }]\n }]\n};\n\nvar pkcs12PbeParamsValidator = {\n name: 'pkcs-12PbeParams',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'pkcs-12PbeParams.salt',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OCTETSTRING,\n constructed: false,\n capture: 'salt'\n }, {\n name: 'pkcs-12PbeParams.iterations',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'iterations'\n }]\n};\n\n/**\n * Encrypts a ASN.1 PrivateKeyInfo object, producing an EncryptedPrivateKeyInfo.\n *\n * PBES2Algorithms ALGORITHM-IDENTIFIER ::=\n * { {PBES2-params IDENTIFIED BY id-PBES2}, ...}\n *\n * id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}\n *\n * PBES2-params ::= SEQUENCE {\n * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},\n * encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}\n * }\n *\n * PBES2-KDFs ALGORITHM-IDENTIFIER ::=\n * { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }\n *\n * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }\n *\n * PBKDF2-params ::= SEQUENCE {\n * salt CHOICE {\n * specified OCTET STRING,\n * otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}\n * },\n * iterationCount INTEGER (1..MAX),\n * keyLength INTEGER (1..MAX) OPTIONAL,\n * prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1\n * }\n *\n * @param obj the ASN.1 PrivateKeyInfo object.\n * @param password the password to encrypt with.\n * @param options:\n * algorithm the encryption algorithm to use\n * ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'.\n * count the iteration count to use.\n * saltSize the salt size to use.\n * prfAlgorithm the PRF message digest algorithm to use\n * ('sha1', 'sha224', 'sha256', 'sha384', 'sha512')\n *\n * @return the ASN.1 EncryptedPrivateKeyInfo.\n */\npki.encryptPrivateKeyInfo = function(obj, password, options) {\n // set default options\n options = options || {};\n options.saltSize = options.saltSize || 8;\n options.count = options.count || 2048;\n options.algorithm = options.algorithm || 'aes128';\n options.prfAlgorithm = options.prfAlgorithm || 'sha1';\n\n // generate PBE params\n var salt = forge.random.getBytesSync(options.saltSize);\n var count = options.count;\n var countBytes = asn1.integerToDer(count);\n var dkLen;\n var encryptionAlgorithm;\n var encryptedData;\n if(options.algorithm.indexOf('aes') === 0 || options.algorithm === 'des') {\n // do PBES2\n var ivLen, encOid, cipherFn;\n switch(options.algorithm) {\n case 'aes128':\n dkLen = 16;\n ivLen = 16;\n encOid = oids['aes128-CBC'];\n cipherFn = forge.aes.createEncryptionCipher;\n break;\n case 'aes192':\n dkLen = 24;\n ivLen = 16;\n encOid = oids['aes192-CBC'];\n cipherFn = forge.aes.createEncryptionCipher;\n break;\n case 'aes256':\n dkLen = 32;\n ivLen = 16;\n encOid = oids['aes256-CBC'];\n cipherFn = forge.aes.createEncryptionCipher;\n break;\n case 'des':\n dkLen = 8;\n ivLen = 8;\n encOid = oids['desCBC'];\n cipherFn = forge.des.createEncryptionCipher;\n break;\n default:\n var error = new Error('Cannot encrypt private key. Unknown encryption algorithm.');\n error.algorithm = options.algorithm;\n throw error;\n }\n\n // get PRF message digest\n var prfAlgorithm = 'hmacWith' + options.prfAlgorithm.toUpperCase();\n var md = prfAlgorithmToMessageDigest(prfAlgorithm);\n\n // encrypt private key using pbe SHA-1 and AES/DES\n var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md);\n var iv = forge.random.getBytesSync(ivLen);\n var cipher = cipherFn(dk);\n cipher.start(iv);\n cipher.update(asn1.toDer(obj));\n cipher.finish();\n encryptedData = cipher.output.getBytes();\n\n // get PBKDF2-params\n var params = createPbkdf2Params(salt, countBytes, dkLen, prfAlgorithm);\n\n encryptionAlgorithm = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(oids['pkcs5PBES2']).getBytes()),\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // keyDerivationFunc\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(oids['pkcs5PBKDF2']).getBytes()),\n // PBKDF2-params\n params\n ]),\n // encryptionScheme\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(encOid).getBytes()),\n // iv\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, iv)\n ])\n ])\n ]);\n } else if(options.algorithm === '3des') {\n // Do PKCS12 PBE\n dkLen = 24;\n\n var saltBytes = new forge.util.ByteBuffer(salt);\n var dk = pki.pbe.generatePkcs12Key(password, saltBytes, 1, count, dkLen);\n var iv = pki.pbe.generatePkcs12Key(password, saltBytes, 2, count, dkLen);\n var cipher = forge.des.createEncryptionCipher(dk);\n cipher.start(iv);\n cipher.update(asn1.toDer(obj));\n cipher.finish();\n encryptedData = cipher.output.getBytes();\n\n encryptionAlgorithm = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(oids['pbeWithSHAAnd3-KeyTripleDES-CBC']).getBytes()),\n // pkcs-12PbeParams\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // salt\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),\n // iteration count\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n countBytes.getBytes())\n ])\n ]);\n } else {\n var error = new Error('Cannot encrypt private key. Unknown encryption algorithm.');\n error.algorithm = options.algorithm;\n throw error;\n }\n\n // EncryptedPrivateKeyInfo\n var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // encryptionAlgorithm\n encryptionAlgorithm,\n // encryptedData\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, encryptedData)\n ]);\n return rval;\n};\n\n/**\n * Decrypts a ASN.1 PrivateKeyInfo object.\n *\n * @param obj the ASN.1 EncryptedPrivateKeyInfo object.\n * @param password the password to decrypt with.\n *\n * @return the ASN.1 PrivateKeyInfo on success, null on failure.\n */\npki.decryptPrivateKeyInfo = function(obj, password) {\n var rval = null;\n\n // get PBE params\n var capture = {};\n var errors = [];\n if(!asn1.validate(obj, encryptedPrivateKeyValidator, capture, errors)) {\n var error = new Error('Cannot read encrypted private key. ' +\n 'ASN.1 object is not a supported EncryptedPrivateKeyInfo.');\n error.errors = errors;\n throw error;\n }\n\n // get cipher\n var oid = asn1.derToOid(capture.encryptionOid);\n var cipher = pki.pbe.getCipher(oid, capture.encryptionParams, password);\n\n // get encrypted data\n var encrypted = forge.util.createBuffer(capture.encryptedData);\n\n cipher.update(encrypted);\n if(cipher.finish()) {\n rval = asn1.fromDer(cipher.output);\n }\n\n return rval;\n};\n\n/**\n * Converts a EncryptedPrivateKeyInfo to PEM format.\n *\n * @param epki the EncryptedPrivateKeyInfo.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted encrypted private key.\n */\npki.encryptedPrivateKeyToPem = function(epki, maxline) {\n // convert to DER, then PEM-encode\n var msg = {\n type: 'ENCRYPTED PRIVATE KEY',\n body: asn1.toDer(epki).getBytes()\n };\n return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Converts a PEM-encoded EncryptedPrivateKeyInfo to ASN.1 format. Decryption\n * is not performed.\n *\n * @param pem the EncryptedPrivateKeyInfo in PEM-format.\n *\n * @return the ASN.1 EncryptedPrivateKeyInfo.\n */\npki.encryptedPrivateKeyFromPem = function(pem) {\n var msg = forge.pem.decode(pem)[0];\n\n if(msg.type !== 'ENCRYPTED PRIVATE KEY') {\n var error = new Error('Could not convert encrypted private key from PEM; ' +\n 'PEM header type is \"ENCRYPTED PRIVATE KEY\".');\n error.headerType = msg.type;\n throw error;\n }\n if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n throw new Error('Could not convert encrypted private key from PEM; ' +\n 'PEM is encrypted.');\n }\n\n // convert DER to ASN.1 object\n return asn1.fromDer(msg.body);\n};\n\n/**\n * Encrypts an RSA private key. By default, the key will be wrapped in\n * a PrivateKeyInfo and encrypted to produce a PKCS#8 EncryptedPrivateKeyInfo.\n * This is the standard, preferred way to encrypt a private key.\n *\n * To produce a non-standard PEM-encrypted private key that uses encapsulated\n * headers to indicate the encryption algorithm (old-style non-PKCS#8 OpenSSL\n * private key encryption), set the 'legacy' option to true. Note: Using this\n * option will cause the iteration count to be forced to 1.\n *\n * Note: The 'des' algorithm is supported, but it is not considered to be\n * secure because it only uses a single 56-bit key. If possible, it is highly\n * recommended that a different algorithm be used.\n *\n * @param rsaKey the RSA key to encrypt.\n * @param password the password to use.\n * @param options:\n * algorithm: the encryption algorithm to use\n * ('aes128', 'aes192', 'aes256', '3des', 'des').\n * count: the iteration count to use.\n * saltSize: the salt size to use.\n * legacy: output an old non-PKCS#8 PEM-encrypted+encapsulated\n * headers (DEK-Info) private key.\n *\n * @return the PEM-encoded ASN.1 EncryptedPrivateKeyInfo.\n */\npki.encryptRsaPrivateKey = function(rsaKey, password, options) {\n // standard PKCS#8\n options = options || {};\n if(!options.legacy) {\n // encrypt PrivateKeyInfo\n var rval = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(rsaKey));\n rval = pki.encryptPrivateKeyInfo(rval, password, options);\n return pki.encryptedPrivateKeyToPem(rval);\n }\n\n // legacy non-PKCS#8\n var algorithm;\n var iv;\n var dkLen;\n var cipherFn;\n switch(options.algorithm) {\n case 'aes128':\n algorithm = 'AES-128-CBC';\n dkLen = 16;\n iv = forge.random.getBytesSync(16);\n cipherFn = forge.aes.createEncryptionCipher;\n break;\n case 'aes192':\n algorithm = 'AES-192-CBC';\n dkLen = 24;\n iv = forge.random.getBytesSync(16);\n cipherFn = forge.aes.createEncryptionCipher;\n break;\n case 'aes256':\n algorithm = 'AES-256-CBC';\n dkLen = 32;\n iv = forge.random.getBytesSync(16);\n cipherFn = forge.aes.createEncryptionCipher;\n break;\n case '3des':\n algorithm = 'DES-EDE3-CBC';\n dkLen = 24;\n iv = forge.random.getBytesSync(8);\n cipherFn = forge.des.createEncryptionCipher;\n break;\n case 'des':\n algorithm = 'DES-CBC';\n dkLen = 8;\n iv = forge.random.getBytesSync(8);\n cipherFn = forge.des.createEncryptionCipher;\n break;\n default:\n var error = new Error('Could not encrypt RSA private key; unsupported ' +\n 'encryption algorithm \"' + options.algorithm + '\".');\n error.algorithm = options.algorithm;\n throw error;\n }\n\n // encrypt private key using OpenSSL legacy key derivation\n var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen);\n var cipher = cipherFn(dk);\n cipher.start(iv);\n cipher.update(asn1.toDer(pki.privateKeyToAsn1(rsaKey)));\n cipher.finish();\n\n var msg = {\n type: 'RSA PRIVATE KEY',\n procType: {\n version: '4',\n type: 'ENCRYPTED'\n },\n dekInfo: {\n algorithm: algorithm,\n parameters: forge.util.bytesToHex(iv).toUpperCase()\n },\n body: cipher.output.getBytes()\n };\n return forge.pem.encode(msg);\n};\n\n/**\n * Decrypts an RSA private key.\n *\n * @param pem the PEM-formatted EncryptedPrivateKeyInfo to decrypt.\n * @param password the password to use.\n *\n * @return the RSA key on success, null on failure.\n */\npki.decryptRsaPrivateKey = function(pem, password) {\n var rval = null;\n\n var msg = forge.pem.decode(pem)[0];\n\n if(msg.type !== 'ENCRYPTED PRIVATE KEY' &&\n msg.type !== 'PRIVATE KEY' &&\n msg.type !== 'RSA PRIVATE KEY') {\n var error = new Error('Could not convert private key from PEM; PEM header type ' +\n 'is not \"ENCRYPTED PRIVATE KEY\", \"PRIVATE KEY\", or \"RSA PRIVATE KEY\".');\n error.headerType = error;\n throw error;\n }\n\n if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n var dkLen;\n var cipherFn;\n switch(msg.dekInfo.algorithm) {\n case 'DES-CBC':\n dkLen = 8;\n cipherFn = forge.des.createDecryptionCipher;\n break;\n case 'DES-EDE3-CBC':\n dkLen = 24;\n cipherFn = forge.des.createDecryptionCipher;\n break;\n case 'AES-128-CBC':\n dkLen = 16;\n cipherFn = forge.aes.createDecryptionCipher;\n break;\n case 'AES-192-CBC':\n dkLen = 24;\n cipherFn = forge.aes.createDecryptionCipher;\n break;\n case 'AES-256-CBC':\n dkLen = 32;\n cipherFn = forge.aes.createDecryptionCipher;\n break;\n case 'RC2-40-CBC':\n dkLen = 5;\n cipherFn = function(key) {\n return forge.rc2.createDecryptionCipher(key, 40);\n };\n break;\n case 'RC2-64-CBC':\n dkLen = 8;\n cipherFn = function(key) {\n return forge.rc2.createDecryptionCipher(key, 64);\n };\n break;\n case 'RC2-128-CBC':\n dkLen = 16;\n cipherFn = function(key) {\n return forge.rc2.createDecryptionCipher(key, 128);\n };\n break;\n default:\n var error = new Error('Could not decrypt private key; unsupported ' +\n 'encryption algorithm \"' + msg.dekInfo.algorithm + '\".');\n error.algorithm = msg.dekInfo.algorithm;\n throw error;\n }\n\n // use OpenSSL legacy key derivation\n var iv = forge.util.hexToBytes(msg.dekInfo.parameters);\n var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen);\n var cipher = cipherFn(dk);\n cipher.start(iv);\n cipher.update(forge.util.createBuffer(msg.body));\n if(cipher.finish()) {\n rval = cipher.output.getBytes();\n } else {\n return rval;\n }\n } else {\n rval = msg.body;\n }\n\n if(msg.type === 'ENCRYPTED PRIVATE KEY') {\n rval = pki.decryptPrivateKeyInfo(asn1.fromDer(rval), password);\n } else {\n // decryption already performed above\n rval = asn1.fromDer(rval);\n }\n\n if(rval !== null) {\n rval = pki.privateKeyFromAsn1(rval);\n }\n\n return rval;\n};\n\n/**\n * Derives a PKCS#12 key.\n *\n * @param password the password to derive the key material from, null or\n * undefined for none.\n * @param salt the salt, as a ByteBuffer, to use.\n * @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).\n * @param iter the iteration count.\n * @param n the number of bytes to derive from the password.\n * @param md the message digest to use, defaults to SHA-1.\n *\n * @return a ByteBuffer with the bytes derived from the password.\n */\npki.pbe.generatePkcs12Key = function(password, salt, id, iter, n, md) {\n var j, l;\n\n if(typeof md === 'undefined' || md === null) {\n if(!('sha1' in forge.md)) {\n throw new Error('\"sha1\" hash algorithm unavailable.');\n }\n md = forge.md.sha1.create();\n }\n\n var u = md.digestLength;\n var v = md.blockLength;\n var result = new forge.util.ByteBuffer();\n\n /* Convert password to Unicode byte buffer + trailing 0-byte. */\n var passBuf = new forge.util.ByteBuffer();\n if(password !== null && password !== undefined) {\n for(l = 0; l < password.length; l++) {\n passBuf.putInt16(password.charCodeAt(l));\n }\n passBuf.putInt16(0);\n }\n\n /* Length of salt and password in BYTES. */\n var p = passBuf.length();\n var s = salt.length();\n\n /* 1. Construct a string, D (the \"diversifier\"), by concatenating\n v copies of ID. */\n var D = new forge.util.ByteBuffer();\n D.fillWithByte(id, v);\n\n /* 2. Concatenate copies of the salt together to create a string S of length\n v * ceil(s / v) bytes (the final copy of the salt may be trunacted\n to create S).\n Note that if the salt is the empty string, then so is S. */\n var Slen = v * Math.ceil(s / v);\n var S = new forge.util.ByteBuffer();\n for(l = 0; l < Slen; l++) {\n S.putByte(salt.at(l % s));\n }\n\n /* 3. Concatenate copies of the password together to create a string P of\n length v * ceil(p / v) bytes (the final copy of the password may be\n truncated to create P).\n Note that if the password is the empty string, then so is P. */\n var Plen = v * Math.ceil(p / v);\n var P = new forge.util.ByteBuffer();\n for(l = 0; l < Plen; l++) {\n P.putByte(passBuf.at(l % p));\n }\n\n /* 4. Set I=S||P to be the concatenation of S and P. */\n var I = S;\n I.putBuffer(P);\n\n /* 5. Set c=ceil(n / u). */\n var c = Math.ceil(n / u);\n\n /* 6. For i=1, 2, ..., c, do the following: */\n for(var i = 1; i <= c; i++) {\n /* a) Set Ai=H^r(D||I). (l.e. the rth hash of D||I, H(H(H(...H(D||I)))) */\n var buf = new forge.util.ByteBuffer();\n buf.putBytes(D.bytes());\n buf.putBytes(I.bytes());\n for(var round = 0; round < iter; round++) {\n md.start();\n md.update(buf.getBytes());\n buf = md.digest();\n }\n\n /* b) Concatenate copies of Ai to create a string B of length v bytes (the\n final copy of Ai may be truncated to create B). */\n var B = new forge.util.ByteBuffer();\n for(l = 0; l < v; l++) {\n B.putByte(buf.at(l % u));\n }\n\n /* c) Treating I as a concatenation I0, I1, ..., Ik-1 of v-byte blocks,\n where k=ceil(s / v) + ceil(p / v), modify I by setting\n Ij=(Ij+B+1) mod 2v for each j. */\n var k = Math.ceil(s / v) + Math.ceil(p / v);\n var Inew = new forge.util.ByteBuffer();\n for(j = 0; j < k; j++) {\n var chunk = new forge.util.ByteBuffer(I.getBytes(v));\n var x = 0x1ff;\n for(l = B.length() - 1; l >= 0; l--) {\n x = x >> 8;\n x += B.at(l) + chunk.at(l);\n chunk.setAt(l, x & 0xff);\n }\n Inew.putBuffer(chunk);\n }\n I = Inew;\n\n /* Add Ai to A. */\n result.putBuffer(buf);\n }\n\n result.truncate(result.length() - n);\n return result;\n};\n\n/**\n * Get new Forge cipher object instance.\n *\n * @param oid the OID (in string notation).\n * @param params the ASN.1 params object.\n * @param password the password to decrypt with.\n *\n * @return new cipher object instance.\n */\npki.pbe.getCipher = function(oid, params, password) {\n switch(oid) {\n case pki.oids['pkcs5PBES2']:\n return pki.pbe.getCipherForPBES2(oid, params, password);\n\n case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:\n case pki.oids['pbewithSHAAnd40BitRC2-CBC']:\n return pki.pbe.getCipherForPKCS12PBE(oid, params, password);\n\n default:\n var error = new Error('Cannot read encrypted PBE data block. Unsupported OID.');\n error.oid = oid;\n error.supportedOids = [\n 'pkcs5PBES2',\n 'pbeWithSHAAnd3-KeyTripleDES-CBC',\n 'pbewithSHAAnd40BitRC2-CBC'\n ];\n throw error;\n }\n};\n\n/**\n * Get new Forge cipher object instance according to PBES2 params block.\n *\n * The returned cipher instance is already started using the IV\n * from PBES2 parameter block.\n *\n * @param oid the PKCS#5 PBKDF2 OID (in string notation).\n * @param params the ASN.1 PBES2-params object.\n * @param password the password to decrypt with.\n *\n * @return new cipher object instance.\n */\npki.pbe.getCipherForPBES2 = function(oid, params, password) {\n // get PBE params\n var capture = {};\n var errors = [];\n if(!asn1.validate(params, PBES2AlgorithmsValidator, capture, errors)) {\n var error = new Error('Cannot read password-based-encryption algorithm ' +\n 'parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo.');\n error.errors = errors;\n throw error;\n }\n\n // check oids\n oid = asn1.derToOid(capture.kdfOid);\n if(oid !== pki.oids['pkcs5PBKDF2']) {\n var error = new Error('Cannot read encrypted private key. ' +\n 'Unsupported key derivation function OID.');\n error.oid = oid;\n error.supportedOids = ['pkcs5PBKDF2'];\n throw error;\n }\n oid = asn1.derToOid(capture.encOid);\n if(oid !== pki.oids['aes128-CBC'] &&\n oid !== pki.oids['aes192-CBC'] &&\n oid !== pki.oids['aes256-CBC'] &&\n oid !== pki.oids['des-EDE3-CBC'] &&\n oid !== pki.oids['desCBC']) {\n var error = new Error('Cannot read encrypted private key. ' +\n 'Unsupported encryption scheme OID.');\n error.oid = oid;\n error.supportedOids = [\n 'aes128-CBC', 'aes192-CBC', 'aes256-CBC', 'des-EDE3-CBC', 'desCBC'];\n throw error;\n }\n\n // set PBE params\n var salt = capture.kdfSalt;\n var count = forge.util.createBuffer(capture.kdfIterationCount);\n count = count.getInt(count.length() << 3);\n var dkLen;\n var cipherFn;\n switch(pki.oids[oid]) {\n case 'aes128-CBC':\n dkLen = 16;\n cipherFn = forge.aes.createDecryptionCipher;\n break;\n case 'aes192-CBC':\n dkLen = 24;\n cipherFn = forge.aes.createDecryptionCipher;\n break;\n case 'aes256-CBC':\n dkLen = 32;\n cipherFn = forge.aes.createDecryptionCipher;\n break;\n case 'des-EDE3-CBC':\n dkLen = 24;\n cipherFn = forge.des.createDecryptionCipher;\n break;\n case 'desCBC':\n dkLen = 8;\n cipherFn = forge.des.createDecryptionCipher;\n break;\n }\n\n // get PRF message digest\n var md = prfOidToMessageDigest(capture.prfOid);\n\n // decrypt private key using pbe with chosen PRF and AES/DES\n var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md);\n var iv = capture.encIv;\n var cipher = cipherFn(dk);\n cipher.start(iv);\n\n return cipher;\n};\n\n/**\n * Get new Forge cipher object instance for PKCS#12 PBE.\n *\n * The returned cipher instance is already started using the key & IV\n * derived from the provided password and PKCS#12 PBE salt.\n *\n * @param oid The PKCS#12 PBE OID (in string notation).\n * @param params The ASN.1 PKCS#12 PBE-params object.\n * @param password The password to decrypt with.\n *\n * @return the new cipher object instance.\n */\npki.pbe.getCipherForPKCS12PBE = function(oid, params, password) {\n // get PBE params\n var capture = {};\n var errors = [];\n if(!asn1.validate(params, pkcs12PbeParamsValidator, capture, errors)) {\n var error = new Error('Cannot read password-based-encryption algorithm ' +\n 'parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo.');\n error.errors = errors;\n throw error;\n }\n\n var salt = forge.util.createBuffer(capture.salt);\n var count = forge.util.createBuffer(capture.iterations);\n count = count.getInt(count.length() << 3);\n\n var dkLen, dIvLen, cipherFn;\n switch(oid) {\n case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:\n dkLen = 24;\n dIvLen = 8;\n cipherFn = forge.des.startDecrypting;\n break;\n\n case pki.oids['pbewithSHAAnd40BitRC2-CBC']:\n dkLen = 5;\n dIvLen = 8;\n cipherFn = function(key, iv) {\n var cipher = forge.rc2.createDecryptionCipher(key, 40);\n cipher.start(iv, null);\n return cipher;\n };\n break;\n\n default:\n var error = new Error('Cannot read PKCS #12 PBE data block. Unsupported OID.');\n error.oid = oid;\n throw error;\n }\n\n // get PRF message digest\n var md = prfOidToMessageDigest(capture.prfOid);\n var key = pki.pbe.generatePkcs12Key(password, salt, 1, count, dkLen, md);\n md.start();\n var iv = pki.pbe.generatePkcs12Key(password, salt, 2, count, dIvLen, md);\n\n return cipherFn(key, iv);\n};\n\n/**\n * OpenSSL's legacy key derivation function.\n *\n * See: http://www.openssl.org/docs/crypto/EVP_BytesToKey.html\n *\n * @param password the password to derive the key from.\n * @param salt the salt to use, null for none.\n * @param dkLen the number of bytes needed for the derived key.\n * @param [options] the options to use:\n * [md] an optional message digest object to use.\n */\npki.pbe.opensslDeriveBytes = function(password, salt, dkLen, md) {\n if(typeof md === 'undefined' || md === null) {\n if(!('md5' in forge.md)) {\n throw new Error('\"md5\" hash algorithm unavailable.');\n }\n md = forge.md.md5.create();\n }\n if(salt === null) {\n salt = '';\n }\n var digests = [hash(md, password + salt)];\n for(var length = 16, i = 1; length < dkLen; ++i, length += 16) {\n digests.push(hash(md, digests[i - 1] + password + salt));\n }\n return digests.join('').substr(0, dkLen);\n};\n\nfunction hash(md, bytes) {\n return md.start().update(bytes).digest().getBytes();\n}\n\nfunction prfOidToMessageDigest(prfOid) {\n // get PRF algorithm, default to SHA-1\n var prfAlgorithm;\n if(!prfOid) {\n prfAlgorithm = 'hmacWithSHA1';\n } else {\n prfAlgorithm = pki.oids[asn1.derToOid(prfOid)];\n if(!prfAlgorithm) {\n var error = new Error('Unsupported PRF OID.');\n error.oid = prfOid;\n error.supported = [\n 'hmacWithSHA1', 'hmacWithSHA224', 'hmacWithSHA256', 'hmacWithSHA384',\n 'hmacWithSHA512'];\n throw error;\n }\n }\n return prfAlgorithmToMessageDigest(prfAlgorithm);\n}\n\nfunction prfAlgorithmToMessageDigest(prfAlgorithm) {\n var factory = forge.md;\n switch(prfAlgorithm) {\n case 'hmacWithSHA224':\n factory = forge.md.sha512;\n case 'hmacWithSHA1':\n case 'hmacWithSHA256':\n case 'hmacWithSHA384':\n case 'hmacWithSHA512':\n prfAlgorithm = prfAlgorithm.substr(8).toLowerCase();\n break;\n default:\n var error = new Error('Unsupported PRF algorithm.');\n error.algorithm = prfAlgorithm;\n error.supported = [\n 'hmacWithSHA1', 'hmacWithSHA224', 'hmacWithSHA256', 'hmacWithSHA384',\n 'hmacWithSHA512'];\n throw error;\n }\n if(!factory || !(prfAlgorithm in factory)) {\n throw new Error('Unknown hash algorithm: ' + prfAlgorithm);\n }\n return factory[prfAlgorithm].create();\n}\n\nfunction createPbkdf2Params(salt, countBytes, dkLen, prfAlgorithm) {\n var params = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // salt\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),\n // iteration count\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n countBytes.getBytes())\n ]);\n // when PRF algorithm is not SHA-1 default, add key length and PRF algorithm\n if(prfAlgorithm !== 'hmacWithSHA1') {\n params.value.push(\n // key length\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n forge.util.hexToBytes(dkLen.toString(16))),\n // AlgorithmIdentifier\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // algorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(pki.oids[prfAlgorithm]).getBytes()),\n // parameters (null)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n ]));\n }\n return params;\n}\n","/**\n * Javascript implementation of ASN.1 validators for PKCS#7 v1.5.\n *\n * @author Dave Longley\n * @author Stefan Siegl\n *\n * Copyright (c) 2012-2015 Digital Bazaar, Inc.\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n *\n * The ASN.1 representation of PKCS#7 is as follows\n * (see RFC #2315 for details, http://www.ietf.org/rfc/rfc2315.txt):\n *\n * A PKCS#7 message consists of a ContentInfo on root level, which may\n * contain any number of further ContentInfo nested into it.\n *\n * ContentInfo ::= SEQUENCE {\n * contentType ContentType,\n * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL\n * }\n *\n * ContentType ::= OBJECT IDENTIFIER\n *\n * EnvelopedData ::= SEQUENCE {\n * version Version,\n * recipientInfos RecipientInfos,\n * encryptedContentInfo EncryptedContentInfo\n * }\n *\n * EncryptedData ::= SEQUENCE {\n * version Version,\n * encryptedContentInfo EncryptedContentInfo\n * }\n *\n * id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)\n * us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }\n *\n * SignedData ::= SEQUENCE {\n * version INTEGER,\n * digestAlgorithms DigestAlgorithmIdentifiers,\n * contentInfo ContentInfo,\n * certificates [0] IMPLICIT Certificates OPTIONAL,\n * crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,\n * signerInfos SignerInfos\n * }\n *\n * SignerInfos ::= SET OF SignerInfo\n *\n * SignerInfo ::= SEQUENCE {\n * version Version,\n * issuerAndSerialNumber IssuerAndSerialNumber,\n * digestAlgorithm DigestAlgorithmIdentifier,\n * authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL,\n * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier,\n * encryptedDigest EncryptedDigest,\n * unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL\n * }\n *\n * EncryptedDigest ::= OCTET STRING\n *\n * Attributes ::= SET OF Attribute\n *\n * Attribute ::= SEQUENCE {\n * attrType OBJECT IDENTIFIER,\n * attrValues SET OF AttributeValue\n * }\n *\n * AttributeValue ::= ANY\n *\n * Version ::= INTEGER\n *\n * RecipientInfos ::= SET OF RecipientInfo\n *\n * EncryptedContentInfo ::= SEQUENCE {\n * contentType ContentType,\n * contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier,\n * encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL\n * }\n *\n * ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier\n *\n * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters\n * for the algorithm, if any. In the case of AES and DES3, there is only one,\n * the IV.\n *\n * AlgorithmIdentifer ::= SEQUENCE {\n * algorithm OBJECT IDENTIFIER,\n * parameters ANY DEFINED BY algorithm OPTIONAL\n * }\n *\n * EncryptedContent ::= OCTET STRING\n *\n * RecipientInfo ::= SEQUENCE {\n * version Version,\n * issuerAndSerialNumber IssuerAndSerialNumber,\n * keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier,\n * encryptedKey EncryptedKey\n * }\n *\n * IssuerAndSerialNumber ::= SEQUENCE {\n * issuer Name,\n * serialNumber CertificateSerialNumber\n * }\n *\n * CertificateSerialNumber ::= INTEGER\n *\n * KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier\n *\n * EncryptedKey ::= OCTET STRING\n */\nvar forge = require('./forge');\nrequire('./asn1');\nrequire('./util');\n\n// shortcut for ASN.1 API\nvar asn1 = forge.asn1;\n\n// shortcut for PKCS#7 API\nvar p7v = module.exports = forge.pkcs7asn1 = forge.pkcs7asn1 || {};\nforge.pkcs7 = forge.pkcs7 || {};\nforge.pkcs7.asn1 = p7v;\n\nvar contentInfoValidator = {\n name: 'ContentInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'ContentInfo.ContentType',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'contentType'\n }, {\n name: 'ContentInfo.content',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 0,\n constructed: true,\n optional: true,\n captureAsn1: 'content'\n }]\n};\np7v.contentInfoValidator = contentInfoValidator;\n\nvar encryptedContentInfoValidator = {\n name: 'EncryptedContentInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'EncryptedContentInfo.contentType',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'contentType'\n }, {\n name: 'EncryptedContentInfo.contentEncryptionAlgorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'EncryptedContentInfo.contentEncryptionAlgorithm.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'encAlgorithm'\n }, {\n name: 'EncryptedContentInfo.contentEncryptionAlgorithm.parameter',\n tagClass: asn1.Class.UNIVERSAL,\n captureAsn1: 'encParameter'\n }]\n }, {\n name: 'EncryptedContentInfo.encryptedContent',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 0,\n /* The PKCS#7 structure output by OpenSSL somewhat differs from what\n * other implementations do generate.\n *\n * OpenSSL generates a structure like this:\n * SEQUENCE {\n * ...\n * [0]\n * 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38\n * C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45\n * ...\n * }\n *\n * Whereas other implementations (and this PKCS#7 module) generate:\n * SEQUENCE {\n * ...\n * [0] {\n * OCTET STRING\n * 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38\n * C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45\n * ...\n * }\n * }\n *\n * In order to support both, we just capture the context specific\n * field here. The OCTET STRING bit is removed below.\n */\n capture: 'encryptedContent',\n captureAsn1: 'encryptedContentAsn1'\n }]\n};\n\np7v.envelopedDataValidator = {\n name: 'EnvelopedData',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'EnvelopedData.Version',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'version'\n }, {\n name: 'EnvelopedData.RecipientInfos',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SET,\n constructed: true,\n captureAsn1: 'recipientInfos'\n }].concat(encryptedContentInfoValidator)\n};\n\np7v.encryptedDataValidator = {\n name: 'EncryptedData',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'EncryptedData.Version',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'version'\n }].concat(encryptedContentInfoValidator)\n};\n\nvar signerValidator = {\n name: 'SignerInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'SignerInfo.version',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false\n }, {\n name: 'SignerInfo.issuerAndSerialNumber',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'SignerInfo.issuerAndSerialNumber.issuer',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n captureAsn1: 'issuer'\n }, {\n name: 'SignerInfo.issuerAndSerialNumber.serialNumber',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'serial'\n }]\n }, {\n name: 'SignerInfo.digestAlgorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'SignerInfo.digestAlgorithm.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'digestAlgorithm'\n }, {\n name: 'SignerInfo.digestAlgorithm.parameter',\n tagClass: asn1.Class.UNIVERSAL,\n constructed: false,\n captureAsn1: 'digestParameter',\n optional: true\n }]\n }, {\n name: 'SignerInfo.authenticatedAttributes',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 0,\n constructed: true,\n optional: true,\n capture: 'authenticatedAttributes'\n }, {\n name: 'SignerInfo.digestEncryptionAlgorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n capture: 'signatureAlgorithm'\n }, {\n name: 'SignerInfo.encryptedDigest',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OCTETSTRING,\n constructed: false,\n capture: 'signature'\n }, {\n name: 'SignerInfo.unauthenticatedAttributes',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 1,\n constructed: true,\n optional: true,\n capture: 'unauthenticatedAttributes'\n }]\n};\n\np7v.signedDataValidator = {\n name: 'SignedData',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'SignedData.Version',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'version'\n }, {\n name: 'SignedData.DigestAlgorithms',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SET,\n constructed: true,\n captureAsn1: 'digestAlgorithms'\n },\n contentInfoValidator,\n {\n name: 'SignedData.Certificates',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 0,\n optional: true,\n captureAsn1: 'certificates'\n }, {\n name: 'SignedData.CertificateRevocationLists',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 1,\n optional: true,\n captureAsn1: 'crls'\n }, {\n name: 'SignedData.SignerInfos',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SET,\n capture: 'signerInfos',\n optional: true,\n value: [signerValidator]\n }]\n};\n\np7v.recipientInfoValidator = {\n name: 'RecipientInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'RecipientInfo.version',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'version'\n }, {\n name: 'RecipientInfo.issuerAndSerial',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'RecipientInfo.issuerAndSerial.issuer',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n captureAsn1: 'issuer'\n }, {\n name: 'RecipientInfo.issuerAndSerial.serialNumber',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'serial'\n }]\n }, {\n name: 'RecipientInfo.keyEncryptionAlgorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'RecipientInfo.keyEncryptionAlgorithm.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'encAlgorithm'\n }, {\n name: 'RecipientInfo.keyEncryptionAlgorithm.parameter',\n tagClass: asn1.Class.UNIVERSAL,\n constructed: false,\n captureAsn1: 'encParameter',\n optional: true\n }]\n }, {\n name: 'RecipientInfo.encryptedKey',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OCTETSTRING,\n constructed: false,\n capture: 'encKey'\n }]\n};\n","/**\n * Javascript implementation of mask generation function MGF1.\n *\n * @author Stefan Siegl\n * @author Dave Longley\n *\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n * Copyright (c) 2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\n\nforge.mgf = forge.mgf || {};\nvar mgf1 = module.exports = forge.mgf.mgf1 = forge.mgf1 = forge.mgf1 || {};\n\n/**\n * Creates a MGF1 mask generation function object.\n *\n * @param md the message digest API to use (eg: forge.md.sha1.create()).\n *\n * @return a mask generation function object.\n */\nmgf1.create = function(md) {\n var mgf = {\n /**\n * Generate mask of specified length.\n *\n * @param {String} seed The seed for mask generation.\n * @param maskLen Number of bytes to generate.\n * @return {String} The generated mask.\n */\n generate: function(seed, maskLen) {\n /* 2. Let T be the empty octet string. */\n var t = new forge.util.ByteBuffer();\n\n /* 3. For counter from 0 to ceil(maskLen / hLen), do the following: */\n var len = Math.ceil(maskLen / md.digestLength);\n for(var i = 0; i < len; i++) {\n /* a. Convert counter to an octet string C of length 4 octets */\n var c = new forge.util.ByteBuffer();\n c.putInt32(i);\n\n /* b. Concatenate the hash of the seed mgfSeed and C to the octet\n * string T: */\n md.start();\n md.update(seed + c.getBytes());\n t.putBuffer(md.digest());\n }\n\n /* Output the leading maskLen octets of T as the octet string mask. */\n t.truncate(t.length() - maskLen);\n return t.getBytes();\n }\n };\n\n return mgf;\n};\n","/**\n * Node.js module for Forge mask generation functions.\n *\n * @author Stefan Siegl\n *\n * Copyright 2012 Stefan Siegl <stesie@brokenpipe.de>\n */\nvar forge = require('./forge');\nrequire('./mgf1');\n\nmodule.exports = forge.mgf = forge.mgf || {};\nforge.mgf.mgf1 = forge.mgf1;\n","/**\n * Javascript implementation of PKCS#1 PSS signature padding.\n *\n * @author Stefan Siegl\n *\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n */\nvar forge = require('./forge');\nrequire('./random');\nrequire('./util');\n\n// shortcut for PSS API\nvar pss = module.exports = forge.pss = forge.pss || {};\n\n/**\n * Creates a PSS signature scheme object.\n *\n * There are several ways to provide a salt for encoding:\n *\n * 1. Specify the saltLength only and the built-in PRNG will generate it.\n * 2. Specify the saltLength and a custom PRNG with 'getBytesSync' defined that\n * will be used.\n * 3. Specify the salt itself as a forge.util.ByteBuffer.\n *\n * @param options the options to use:\n * md the message digest object to use, a forge md instance.\n * mgf the mask generation function to use, a forge mgf instance.\n * [saltLength] the length of the salt in octets.\n * [prng] the pseudo-random number generator to use to produce a salt.\n * [salt] the salt to use when encoding.\n *\n * @return a signature scheme object.\n */\npss.create = function(options) {\n // backwards compatibility w/legacy args: hash, mgf, sLen\n if(arguments.length === 3) {\n options = {\n md: arguments[0],\n mgf: arguments[1],\n saltLength: arguments[2]\n };\n }\n\n var hash = options.md;\n var mgf = options.mgf;\n var hLen = hash.digestLength;\n\n var salt_ = options.salt || null;\n if(typeof salt_ === 'string') {\n // assume binary-encoded string\n salt_ = forge.util.createBuffer(salt_);\n }\n\n var sLen;\n if('saltLength' in options) {\n sLen = options.saltLength;\n } else if(salt_ !== null) {\n sLen = salt_.length();\n } else {\n throw new Error('Salt length not specified or specific salt not given.');\n }\n\n if(salt_ !== null && salt_.length() !== sLen) {\n throw new Error('Given salt length does not match length of given salt.');\n }\n\n var prng = options.prng || forge.random;\n\n var pssobj = {};\n\n /**\n * Encodes a PSS signature.\n *\n * This function implements EMSA-PSS-ENCODE as per RFC 3447, section 9.1.1.\n *\n * @param md the message digest object with the hash to sign.\n * @param modsBits the length of the RSA modulus in bits.\n *\n * @return the encoded message as a binary-encoded string of length\n * ceil((modBits - 1) / 8).\n */\n pssobj.encode = function(md, modBits) {\n var i;\n var emBits = modBits - 1;\n var emLen = Math.ceil(emBits / 8);\n\n /* 2. Let mHash = Hash(M), an octet string of length hLen. */\n var mHash = md.digest().getBytes();\n\n /* 3. If emLen < hLen + sLen + 2, output \"encoding error\" and stop. */\n if(emLen < hLen + sLen + 2) {\n throw new Error('Message is too long to encrypt.');\n }\n\n /* 4. Generate a random octet string salt of length sLen; if sLen = 0,\n * then salt is the empty string. */\n var salt;\n if(salt_ === null) {\n salt = prng.getBytesSync(sLen);\n } else {\n salt = salt_.bytes();\n }\n\n /* 5. Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt; */\n var m_ = new forge.util.ByteBuffer();\n m_.fillWithByte(0, 8);\n m_.putBytes(mHash);\n m_.putBytes(salt);\n\n /* 6. Let H = Hash(M'), an octet string of length hLen. */\n hash.start();\n hash.update(m_.getBytes());\n var h = hash.digest().getBytes();\n\n /* 7. Generate an octet string PS consisting of emLen - sLen - hLen - 2\n * zero octets. The length of PS may be 0. */\n var ps = new forge.util.ByteBuffer();\n ps.fillWithByte(0, emLen - sLen - hLen - 2);\n\n /* 8. Let DB = PS || 0x01 || salt; DB is an octet string of length\n * emLen - hLen - 1. */\n ps.putByte(0x01);\n ps.putBytes(salt);\n var db = ps.getBytes();\n\n /* 9. Let dbMask = MGF(H, emLen - hLen - 1). */\n var maskLen = emLen - hLen - 1;\n var dbMask = mgf.generate(h, maskLen);\n\n /* 10. Let maskedDB = DB \\xor dbMask. */\n var maskedDB = '';\n for(i = 0; i < maskLen; i++) {\n maskedDB += String.fromCharCode(db.charCodeAt(i) ^ dbMask.charCodeAt(i));\n }\n\n /* 11. Set the leftmost 8emLen - emBits bits of the leftmost octet in\n * maskedDB to zero. */\n var mask = (0xFF00 >> (8 * emLen - emBits)) & 0xFF;\n maskedDB = String.fromCharCode(maskedDB.charCodeAt(0) & ~mask) +\n maskedDB.substr(1);\n\n /* 12. Let EM = maskedDB || H || 0xbc.\n * 13. Output EM. */\n return maskedDB + h + String.fromCharCode(0xbc);\n };\n\n /**\n * Verifies a PSS signature.\n *\n * This function implements EMSA-PSS-VERIFY as per RFC 3447, section 9.1.2.\n *\n * @param mHash the message digest hash, as a binary-encoded string, to\n * compare against the signature.\n * @param em the encoded message, as a binary-encoded string\n * (RSA decryption result).\n * @param modsBits the length of the RSA modulus in bits.\n *\n * @return true if the signature was verified, false if not.\n */\n pssobj.verify = function(mHash, em, modBits) {\n var i;\n var emBits = modBits - 1;\n var emLen = Math.ceil(emBits / 8);\n\n /* c. Convert the message representative m to an encoded message EM\n * of length emLen = ceil((modBits - 1) / 8) octets, where modBits\n * is the length in bits of the RSA modulus n */\n em = em.substr(-emLen);\n\n /* 3. If emLen < hLen + sLen + 2, output \"inconsistent\" and stop. */\n if(emLen < hLen + sLen + 2) {\n throw new Error('Inconsistent parameters to PSS signature verification.');\n }\n\n /* 4. If the rightmost octet of EM does not have hexadecimal value\n * 0xbc, output \"inconsistent\" and stop. */\n if(em.charCodeAt(emLen - 1) !== 0xbc) {\n throw new Error('Encoded message does not end in 0xBC.');\n }\n\n /* 5. Let maskedDB be the leftmost emLen - hLen - 1 octets of EM, and\n * let H be the next hLen octets. */\n var maskLen = emLen - hLen - 1;\n var maskedDB = em.substr(0, maskLen);\n var h = em.substr(maskLen, hLen);\n\n /* 6. If the leftmost 8emLen - emBits bits of the leftmost octet in\n * maskedDB are not all equal to zero, output \"inconsistent\" and stop. */\n var mask = (0xFF00 >> (8 * emLen - emBits)) & 0xFF;\n if((maskedDB.charCodeAt(0) & mask) !== 0) {\n throw new Error('Bits beyond keysize not zero as expected.');\n }\n\n /* 7. Let dbMask = MGF(H, emLen - hLen - 1). */\n var dbMask = mgf.generate(h, maskLen);\n\n /* 8. Let DB = maskedDB \\xor dbMask. */\n var db = '';\n for(i = 0; i < maskLen; i++) {\n db += String.fromCharCode(maskedDB.charCodeAt(i) ^ dbMask.charCodeAt(i));\n }\n\n /* 9. Set the leftmost 8emLen - emBits bits of the leftmost octet\n * in DB to zero. */\n db = String.fromCharCode(db.charCodeAt(0) & ~mask) + db.substr(1);\n\n /* 10. If the emLen - hLen - sLen - 2 leftmost octets of DB are not zero\n * or if the octet at position emLen - hLen - sLen - 1 (the leftmost\n * position is \"position 1\") does not have hexadecimal value 0x01,\n * output \"inconsistent\" and stop. */\n var checkLen = emLen - hLen - sLen - 2;\n for(i = 0; i < checkLen; i++) {\n if(db.charCodeAt(i) !== 0x00) {\n throw new Error('Leftmost octets not zero as expected');\n }\n }\n\n if(db.charCodeAt(checkLen) !== 0x01) {\n throw new Error('Inconsistent PSS signature, 0x01 marker not found');\n }\n\n /* 11. Let salt be the last sLen octets of DB. */\n var salt = db.substr(-sLen);\n\n /* 12. Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt */\n var m_ = new forge.util.ByteBuffer();\n m_.fillWithByte(0, 8);\n m_.putBytes(mHash);\n m_.putBytes(salt);\n\n /* 13. Let H' = Hash(M'), an octet string of length hLen. */\n hash.start();\n hash.update(m_.getBytes());\n var h_ = hash.digest().getBytes();\n\n /* 14. If H = H', output \"consistent.\" Otherwise, output \"inconsistent.\" */\n return h === h_;\n };\n\n return pssobj;\n};\n","/**\n * Javascript implementation of X.509 and related components (such as\n * Certification Signing Requests) of a Public Key Infrastructure.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n *\n * The ASN.1 representation of an X.509v3 certificate is as follows\n * (see RFC 2459):\n *\n * Certificate ::= SEQUENCE {\n * tbsCertificate TBSCertificate,\n * signatureAlgorithm AlgorithmIdentifier,\n * signatureValue BIT STRING\n * }\n *\n * TBSCertificate ::= SEQUENCE {\n * version [0] EXPLICIT Version DEFAULT v1,\n * serialNumber CertificateSerialNumber,\n * signature AlgorithmIdentifier,\n * issuer Name,\n * validity Validity,\n * subject Name,\n * subjectPublicKeyInfo SubjectPublicKeyInfo,\n * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,\n * -- If present, version shall be v2 or v3\n * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,\n * -- If present, version shall be v2 or v3\n * extensions [3] EXPLICIT Extensions OPTIONAL\n * -- If present, version shall be v3\n * }\n *\n * Version ::= INTEGER { v1(0), v2(1), v3(2) }\n *\n * CertificateSerialNumber ::= INTEGER\n *\n * Name ::= CHOICE {\n * // only one possible choice for now\n * RDNSequence\n * }\n *\n * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName\n *\n * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue\n *\n * AttributeTypeAndValue ::= SEQUENCE {\n * type AttributeType,\n * value AttributeValue\n * }\n * AttributeType ::= OBJECT IDENTIFIER\n * AttributeValue ::= ANY DEFINED BY AttributeType\n *\n * Validity ::= SEQUENCE {\n * notBefore Time,\n * notAfter Time\n * }\n *\n * Time ::= CHOICE {\n * utcTime UTCTime,\n * generalTime GeneralizedTime\n * }\n *\n * UniqueIdentifier ::= BIT STRING\n *\n * SubjectPublicKeyInfo ::= SEQUENCE {\n * algorithm AlgorithmIdentifier,\n * subjectPublicKey BIT STRING\n * }\n *\n * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension\n *\n * Extension ::= SEQUENCE {\n * extnID OBJECT IDENTIFIER,\n * critical BOOLEAN DEFAULT FALSE,\n * extnValue OCTET STRING\n * }\n *\n * The only key algorithm currently supported for PKI is RSA.\n *\n * RSASSA-PSS signatures are described in RFC 3447 and RFC 4055.\n *\n * PKCS#10 v1.7 describes certificate signing requests:\n *\n * CertificationRequestInfo:\n *\n * CertificationRequestInfo ::= SEQUENCE {\n * version INTEGER { v1(0) } (v1,...),\n * subject Name,\n * subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},\n * attributes [0] Attributes{{ CRIAttributes }}\n * }\n *\n * Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}\n *\n * CRIAttributes ATTRIBUTE ::= {\n * ... -- add any locally defined attributes here -- }\n *\n * Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {\n * type ATTRIBUTE.&id({IOSet}),\n * values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})\n * }\n *\n * CertificationRequest ::= SEQUENCE {\n * certificationRequestInfo CertificationRequestInfo,\n * signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},\n * signature BIT STRING\n * }\n */\nvar forge = require('./forge');\nrequire('./aes');\nrequire('./asn1');\nrequire('./des');\nrequire('./md');\nrequire('./mgf');\nrequire('./oids');\nrequire('./pem');\nrequire('./pss');\nrequire('./rsa');\nrequire('./util');\n\n// shortcut for asn.1 API\nvar asn1 = forge.asn1;\n\n/* Public Key Infrastructure (PKI) implementation. */\nvar pki = module.exports = forge.pki = forge.pki || {};\nvar oids = pki.oids;\n\n// short name OID mappings\nvar _shortNames = {};\n_shortNames['CN'] = oids['commonName'];\n_shortNames['commonName'] = 'CN';\n_shortNames['C'] = oids['countryName'];\n_shortNames['countryName'] = 'C';\n_shortNames['L'] = oids['localityName'];\n_shortNames['localityName'] = 'L';\n_shortNames['ST'] = oids['stateOrProvinceName'];\n_shortNames['stateOrProvinceName'] = 'ST';\n_shortNames['O'] = oids['organizationName'];\n_shortNames['organizationName'] = 'O';\n_shortNames['OU'] = oids['organizationalUnitName'];\n_shortNames['organizationalUnitName'] = 'OU';\n_shortNames['E'] = oids['emailAddress'];\n_shortNames['emailAddress'] = 'E';\n\n// validator for an SubjectPublicKeyInfo structure\n// Note: Currently only works with an RSA public key\nvar publicKeyValidator = forge.pki.rsa.publicKeyValidator;\n\n// validator for an X.509v3 certificate\nvar x509CertificateValidator = {\n name: 'Certificate',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'Certificate.TBSCertificate',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n captureAsn1: 'tbsCertificate',\n value: [{\n name: 'Certificate.TBSCertificate.version',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 0,\n constructed: true,\n optional: true,\n value: [{\n name: 'Certificate.TBSCertificate.version.integer',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'certVersion'\n }]\n }, {\n name: 'Certificate.TBSCertificate.serialNumber',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'certSerialNumber'\n }, {\n name: 'Certificate.TBSCertificate.signature',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'Certificate.TBSCertificate.signature.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'certinfoSignatureOid'\n }, {\n name: 'Certificate.TBSCertificate.signature.parameters',\n tagClass: asn1.Class.UNIVERSAL,\n optional: true,\n captureAsn1: 'certinfoSignatureParams'\n }]\n }, {\n name: 'Certificate.TBSCertificate.issuer',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n captureAsn1: 'certIssuer'\n }, {\n name: 'Certificate.TBSCertificate.validity',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n // Note: UTC and generalized times may both appear so the capture\n // names are based on their detected order, the names used below\n // are only for the common case, which validity time really means\n // \"notBefore\" and which means \"notAfter\" will be determined by order\n value: [{\n // notBefore (Time) (UTC time case)\n name: 'Certificate.TBSCertificate.validity.notBefore (utc)',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.UTCTIME,\n constructed: false,\n optional: true,\n capture: 'certValidity1UTCTime'\n }, {\n // notBefore (Time) (generalized time case)\n name: 'Certificate.TBSCertificate.validity.notBefore (generalized)',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.GENERALIZEDTIME,\n constructed: false,\n optional: true,\n capture: 'certValidity2GeneralizedTime'\n }, {\n // notAfter (Time) (only UTC time is supported)\n name: 'Certificate.TBSCertificate.validity.notAfter (utc)',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.UTCTIME,\n constructed: false,\n optional: true,\n capture: 'certValidity3UTCTime'\n }, {\n // notAfter (Time) (only UTC time is supported)\n name: 'Certificate.TBSCertificate.validity.notAfter (generalized)',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.GENERALIZEDTIME,\n constructed: false,\n optional: true,\n capture: 'certValidity4GeneralizedTime'\n }]\n }, {\n // Name (subject) (RDNSequence)\n name: 'Certificate.TBSCertificate.subject',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n captureAsn1: 'certSubject'\n },\n // SubjectPublicKeyInfo\n publicKeyValidator,\n {\n // issuerUniqueID (optional)\n name: 'Certificate.TBSCertificate.issuerUniqueID',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 1,\n constructed: true,\n optional: true,\n value: [{\n name: 'Certificate.TBSCertificate.issuerUniqueID.id',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.BITSTRING,\n constructed: false,\n // TODO: support arbitrary bit length ids\n captureBitStringValue: 'certIssuerUniqueId'\n }]\n }, {\n // subjectUniqueID (optional)\n name: 'Certificate.TBSCertificate.subjectUniqueID',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 2,\n constructed: true,\n optional: true,\n value: [{\n name: 'Certificate.TBSCertificate.subjectUniqueID.id',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.BITSTRING,\n constructed: false,\n // TODO: support arbitrary bit length ids\n captureBitStringValue: 'certSubjectUniqueId'\n }]\n }, {\n // Extensions (optional)\n name: 'Certificate.TBSCertificate.extensions',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 3,\n constructed: true,\n captureAsn1: 'certExtensions',\n optional: true\n }]\n }, {\n // AlgorithmIdentifier (signature algorithm)\n name: 'Certificate.signatureAlgorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n // algorithm\n name: 'Certificate.signatureAlgorithm.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'certSignatureOid'\n }, {\n name: 'Certificate.TBSCertificate.signature.parameters',\n tagClass: asn1.Class.UNIVERSAL,\n optional: true,\n captureAsn1: 'certSignatureParams'\n }]\n }, {\n // SignatureValue\n name: 'Certificate.signatureValue',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.BITSTRING,\n constructed: false,\n captureBitStringValue: 'certSignature'\n }]\n};\n\nvar rsassaPssParameterValidator = {\n name: 'rsapss',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'rsapss.hashAlgorithm',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 0,\n constructed: true,\n value: [{\n name: 'rsapss.hashAlgorithm.AlgorithmIdentifier',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Class.SEQUENCE,\n constructed: true,\n optional: true,\n value: [{\n name: 'rsapss.hashAlgorithm.AlgorithmIdentifier.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'hashOid'\n /* parameter block omitted, for SHA1 NULL anyhow. */\n }]\n }]\n }, {\n name: 'rsapss.maskGenAlgorithm',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 1,\n constructed: true,\n value: [{\n name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Class.SEQUENCE,\n constructed: true,\n optional: true,\n value: [{\n name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'maskGenOid'\n }, {\n name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.params',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.params.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'maskGenHashOid'\n /* parameter block omitted, for SHA1 NULL anyhow. */\n }]\n }]\n }]\n }, {\n name: 'rsapss.saltLength',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 2,\n optional: true,\n value: [{\n name: 'rsapss.saltLength.saltLength',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Class.INTEGER,\n constructed: false,\n capture: 'saltLength'\n }]\n }, {\n name: 'rsapss.trailerField',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 3,\n optional: true,\n value: [{\n name: 'rsapss.trailer.trailer',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Class.INTEGER,\n constructed: false,\n capture: 'trailer'\n }]\n }]\n};\n\n// validator for a CertificationRequestInfo structure\nvar certificationRequestInfoValidator = {\n name: 'CertificationRequestInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n captureAsn1: 'certificationRequestInfo',\n value: [{\n name: 'CertificationRequestInfo.integer',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'certificationRequestInfoVersion'\n }, {\n // Name (subject) (RDNSequence)\n name: 'CertificationRequestInfo.subject',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n captureAsn1: 'certificationRequestInfoSubject'\n },\n // SubjectPublicKeyInfo\n publicKeyValidator,\n {\n name: 'CertificationRequestInfo.attributes',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n type: 0,\n constructed: true,\n optional: true,\n capture: 'certificationRequestInfoAttributes',\n value: [{\n name: 'CertificationRequestInfo.attributes',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'CertificationRequestInfo.attributes.type',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false\n }, {\n name: 'CertificationRequestInfo.attributes.value',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SET,\n constructed: true\n }]\n }]\n }]\n};\n\n// validator for a CertificationRequest structure\nvar certificationRequestValidator = {\n name: 'CertificationRequest',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n captureAsn1: 'csr',\n value: [\n certificationRequestInfoValidator, {\n // AlgorithmIdentifier (signature algorithm)\n name: 'CertificationRequest.signatureAlgorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n // algorithm\n name: 'CertificationRequest.signatureAlgorithm.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'csrSignatureOid'\n }, {\n name: 'CertificationRequest.signatureAlgorithm.parameters',\n tagClass: asn1.Class.UNIVERSAL,\n optional: true,\n captureAsn1: 'csrSignatureParams'\n }]\n }, {\n // signature\n name: 'CertificationRequest.signature',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.BITSTRING,\n constructed: false,\n captureBitStringValue: 'csrSignature'\n }\n ]\n};\n\n/**\n * Converts an RDNSequence of ASN.1 DER-encoded RelativeDistinguishedName\n * sets into an array with objects that have type and value properties.\n *\n * @param rdn the RDNSequence to convert.\n * @param md a message digest to append type and value to if provided.\n */\npki.RDNAttributesAsArray = function(rdn, md) {\n var rval = [];\n\n // each value in 'rdn' in is a SET of RelativeDistinguishedName\n var set, attr, obj;\n for(var si = 0; si < rdn.value.length; ++si) {\n // get the RelativeDistinguishedName set\n set = rdn.value[si];\n\n // each value in the SET is an AttributeTypeAndValue sequence\n // containing first a type (an OID) and second a value (defined by\n // the OID)\n for(var i = 0; i < set.value.length; ++i) {\n obj = {};\n attr = set.value[i];\n obj.type = asn1.derToOid(attr.value[0].value);\n obj.value = attr.value[1].value;\n obj.valueTagClass = attr.value[1].type;\n // if the OID is known, get its name and short name\n if(obj.type in oids) {\n obj.name = oids[obj.type];\n if(obj.name in _shortNames) {\n obj.shortName = _shortNames[obj.name];\n }\n }\n if(md) {\n md.update(obj.type);\n md.update(obj.value);\n }\n rval.push(obj);\n }\n }\n\n return rval;\n};\n\n/**\n * Converts ASN.1 CRIAttributes into an array with objects that have type and\n * value properties.\n *\n * @param attributes the CRIAttributes to convert.\n */\npki.CRIAttributesAsArray = function(attributes) {\n var rval = [];\n\n // each value in 'attributes' in is a SEQUENCE with an OID and a SET\n for(var si = 0; si < attributes.length; ++si) {\n // get the attribute sequence\n var seq = attributes[si];\n\n // each value in the SEQUENCE containing first a type (an OID) and\n // second a set of values (defined by the OID)\n var type = asn1.derToOid(seq.value[0].value);\n var values = seq.value[1].value;\n for(var vi = 0; vi < values.length; ++vi) {\n var obj = {};\n obj.type = type;\n obj.value = values[vi].value;\n obj.valueTagClass = values[vi].type;\n // if the OID is known, get its name and short name\n if(obj.type in oids) {\n obj.name = oids[obj.type];\n if(obj.name in _shortNames) {\n obj.shortName = _shortNames[obj.name];\n }\n }\n // parse extensions\n if(obj.type === oids.extensionRequest) {\n obj.extensions = [];\n for(var ei = 0; ei < obj.value.length; ++ei) {\n obj.extensions.push(pki.certificateExtensionFromAsn1(obj.value[ei]));\n }\n }\n rval.push(obj);\n }\n }\n\n return rval;\n};\n\n/**\n * Gets an issuer or subject attribute from its name, type, or short name.\n *\n * @param obj the issuer or subject object.\n * @param options a short name string or an object with:\n * shortName the short name for the attribute.\n * name the name for the attribute.\n * type the type for the attribute.\n *\n * @return the attribute.\n */\nfunction _getAttribute(obj, options) {\n if(typeof options === 'string') {\n options = {shortName: options};\n }\n\n var rval = null;\n var attr;\n for(var i = 0; rval === null && i < obj.attributes.length; ++i) {\n attr = obj.attributes[i];\n if(options.type && options.type === attr.type) {\n rval = attr;\n } else if(options.name && options.name === attr.name) {\n rval = attr;\n } else if(options.shortName && options.shortName === attr.shortName) {\n rval = attr;\n }\n }\n return rval;\n}\n\n/**\n * Converts signature parameters from ASN.1 structure.\n *\n * Currently only RSASSA-PSS supported. The PKCS#1 v1.5 signature scheme had\n * no parameters.\n *\n * RSASSA-PSS-params ::= SEQUENCE {\n * hashAlgorithm [0] HashAlgorithm DEFAULT\n * sha1Identifier,\n * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT\n * mgf1SHA1Identifier,\n * saltLength [2] INTEGER DEFAULT 20,\n * trailerField [3] INTEGER DEFAULT 1\n * }\n *\n * HashAlgorithm ::= AlgorithmIdentifier\n *\n * MaskGenAlgorithm ::= AlgorithmIdentifier\n *\n * AlgorithmIdentifer ::= SEQUENCE {\n * algorithm OBJECT IDENTIFIER,\n * parameters ANY DEFINED BY algorithm OPTIONAL\n * }\n *\n * @param oid The OID specifying the signature algorithm\n * @param obj The ASN.1 structure holding the parameters\n * @param fillDefaults Whether to use return default values where omitted\n * @return signature parameter object\n */\nvar _readSignatureParameters = function(oid, obj, fillDefaults) {\n var params = {};\n\n if(oid !== oids['RSASSA-PSS']) {\n return params;\n }\n\n if(fillDefaults) {\n params = {\n hash: {\n algorithmOid: oids['sha1']\n },\n mgf: {\n algorithmOid: oids['mgf1'],\n hash: {\n algorithmOid: oids['sha1']\n }\n },\n saltLength: 20\n };\n }\n\n var capture = {};\n var errors = [];\n if(!asn1.validate(obj, rsassaPssParameterValidator, capture, errors)) {\n var error = new Error('Cannot read RSASSA-PSS parameter block.');\n error.errors = errors;\n throw error;\n }\n\n if(capture.hashOid !== undefined) {\n params.hash = params.hash || {};\n params.hash.algorithmOid = asn1.derToOid(capture.hashOid);\n }\n\n if(capture.maskGenOid !== undefined) {\n params.mgf = params.mgf || {};\n params.mgf.algorithmOid = asn1.derToOid(capture.maskGenOid);\n params.mgf.hash = params.mgf.hash || {};\n params.mgf.hash.algorithmOid = asn1.derToOid(capture.maskGenHashOid);\n }\n\n if(capture.saltLength !== undefined) {\n params.saltLength = capture.saltLength.charCodeAt(0);\n }\n\n return params;\n};\n\n/**\n * Create signature digest for OID.\n *\n * @param options\n * signatureOid: the OID specifying the signature algorithm.\n * type: a human readable type for error messages\n * @return a created md instance. throws if unknown oid.\n */\nvar _createSignatureDigest = function(options) {\n switch(oids[options.signatureOid]) {\n case 'sha1WithRSAEncryption':\n // deprecated alias\n case 'sha1WithRSASignature':\n return forge.md.sha1.create();\n case 'md5WithRSAEncryption':\n return forge.md.md5.create();\n case 'sha256WithRSAEncryption':\n return forge.md.sha256.create();\n case 'sha384WithRSAEncryption':\n return forge.md.sha384.create();\n case 'sha512WithRSAEncryption':\n return forge.md.sha512.create();\n case 'RSASSA-PSS':\n return forge.md.sha256.create();\n default:\n var error = new Error(\n 'Could not compute ' + options.type + ' digest. ' +\n 'Unknown signature OID.');\n error.signatureOid = options.signatureOid;\n throw error;\n }\n};\n\n/**\n * Verify signature on certificate or CSR.\n *\n * @param options:\n * certificate the certificate or CSR to verify.\n * md the signature digest.\n * signature the signature\n * @return a created md instance. throws if unknown oid.\n */\nvar _verifySignature = function(options) {\n var cert = options.certificate;\n var scheme;\n\n switch(cert.signatureOid) {\n case oids.sha1WithRSAEncryption:\n // deprecated alias\n case oids.sha1WithRSASignature:\n /* use PKCS#1 v1.5 padding scheme */\n break;\n case oids['RSASSA-PSS']:\n var hash, mgf;\n\n /* initialize mgf */\n hash = oids[cert.signatureParameters.mgf.hash.algorithmOid];\n if(hash === undefined || forge.md[hash] === undefined) {\n var error = new Error('Unsupported MGF hash function.');\n error.oid = cert.signatureParameters.mgf.hash.algorithmOid;\n error.name = hash;\n throw error;\n }\n\n mgf = oids[cert.signatureParameters.mgf.algorithmOid];\n if(mgf === undefined || forge.mgf[mgf] === undefined) {\n var error = new Error('Unsupported MGF function.');\n error.oid = cert.signatureParameters.mgf.algorithmOid;\n error.name = mgf;\n throw error;\n }\n\n mgf = forge.mgf[mgf].create(forge.md[hash].create());\n\n /* initialize hash function */\n hash = oids[cert.signatureParameters.hash.algorithmOid];\n if(hash === undefined || forge.md[hash] === undefined) {\n var error = new Error('Unsupported RSASSA-PSS hash function.');\n error.oid = cert.signatureParameters.hash.algorithmOid;\n error.name = hash;\n throw error;\n }\n\n scheme = forge.pss.create(\n forge.md[hash].create(), mgf, cert.signatureParameters.saltLength\n );\n break;\n }\n\n // verify signature on cert using public key\n return cert.publicKey.verify(\n options.md.digest().getBytes(), options.signature, scheme\n );\n};\n\n/**\n * Converts an X.509 certificate from PEM format.\n *\n * Note: If the certificate is to be verified then compute hash should\n * be set to true. This will scan the TBSCertificate part of the ASN.1\n * object while it is converted so it doesn't need to be converted back\n * to ASN.1-DER-encoding later.\n *\n * @param pem the PEM-formatted certificate.\n * @param computeHash true to compute the hash for verification.\n * @param strict true to be strict when checking ASN.1 value lengths, false to\n * allow truncated values (default: true).\n *\n * @return the certificate.\n */\npki.certificateFromPem = function(pem, computeHash, strict) {\n var msg = forge.pem.decode(pem)[0];\n\n if(msg.type !== 'CERTIFICATE' &&\n msg.type !== 'X509 CERTIFICATE' &&\n msg.type !== 'TRUSTED CERTIFICATE') {\n var error = new Error(\n 'Could not convert certificate from PEM; PEM header type ' +\n 'is not \"CERTIFICATE\", \"X509 CERTIFICATE\", or \"TRUSTED CERTIFICATE\".');\n error.headerType = msg.type;\n throw error;\n }\n if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n throw new Error(\n 'Could not convert certificate from PEM; PEM is encrypted.');\n }\n\n // convert DER to ASN.1 object\n var obj = asn1.fromDer(msg.body, strict);\n\n return pki.certificateFromAsn1(obj, computeHash);\n};\n\n/**\n * Converts an X.509 certificate to PEM format.\n *\n * @param cert the certificate.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted certificate.\n */\npki.certificateToPem = function(cert, maxline) {\n // convert to ASN.1, then DER, then PEM-encode\n var msg = {\n type: 'CERTIFICATE',\n body: asn1.toDer(pki.certificateToAsn1(cert)).getBytes()\n };\n return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Converts an RSA public key from PEM format.\n *\n * @param pem the PEM-formatted public key.\n *\n * @return the public key.\n */\npki.publicKeyFromPem = function(pem) {\n var msg = forge.pem.decode(pem)[0];\n\n if(msg.type !== 'PUBLIC KEY' && msg.type !== 'RSA PUBLIC KEY') {\n var error = new Error('Could not convert public key from PEM; PEM header ' +\n 'type is not \"PUBLIC KEY\" or \"RSA PUBLIC KEY\".');\n error.headerType = msg.type;\n throw error;\n }\n if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n throw new Error('Could not convert public key from PEM; PEM is encrypted.');\n }\n\n // convert DER to ASN.1 object\n var obj = asn1.fromDer(msg.body);\n\n return pki.publicKeyFromAsn1(obj);\n};\n\n/**\n * Converts an RSA public key to PEM format (using a SubjectPublicKeyInfo).\n *\n * @param key the public key.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted public key.\n */\npki.publicKeyToPem = function(key, maxline) {\n // convert to ASN.1, then DER, then PEM-encode\n var msg = {\n type: 'PUBLIC KEY',\n body: asn1.toDer(pki.publicKeyToAsn1(key)).getBytes()\n };\n return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Converts an RSA public key to PEM format (using an RSAPublicKey).\n *\n * @param key the public key.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted public key.\n */\npki.publicKeyToRSAPublicKeyPem = function(key, maxline) {\n // convert to ASN.1, then DER, then PEM-encode\n var msg = {\n type: 'RSA PUBLIC KEY',\n body: asn1.toDer(pki.publicKeyToRSAPublicKey(key)).getBytes()\n };\n return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Gets a fingerprint for the given public key.\n *\n * @param options the options to use.\n * [md] the message digest object to use (defaults to forge.md.sha1).\n * [type] the type of fingerprint, such as 'RSAPublicKey',\n * 'SubjectPublicKeyInfo' (defaults to 'RSAPublicKey').\n * [encoding] an alternative output encoding, such as 'hex'\n * (defaults to none, outputs a byte buffer).\n * [delimiter] the delimiter to use between bytes for 'hex' encoded\n * output, eg: ':' (defaults to none).\n *\n * @return the fingerprint as a byte buffer or other encoding based on options.\n */\npki.getPublicKeyFingerprint = function(key, options) {\n options = options || {};\n var md = options.md || forge.md.sha1.create();\n var type = options.type || 'RSAPublicKey';\n\n var bytes;\n switch(type) {\n case 'RSAPublicKey':\n bytes = asn1.toDer(pki.publicKeyToRSAPublicKey(key)).getBytes();\n break;\n case 'SubjectPublicKeyInfo':\n bytes = asn1.toDer(pki.publicKeyToAsn1(key)).getBytes();\n break;\n default:\n throw new Error('Unknown fingerprint type \"' + options.type + '\".');\n }\n\n // hash public key bytes\n md.start();\n md.update(bytes);\n var digest = md.digest();\n if(options.encoding === 'hex') {\n var hex = digest.toHex();\n if(options.delimiter) {\n return hex.match(/.{2}/g).join(options.delimiter);\n }\n return hex;\n } else if(options.encoding === 'binary') {\n return digest.getBytes();\n } else if(options.encoding) {\n throw new Error('Unknown encoding \"' + options.encoding + '\".');\n }\n return digest;\n};\n\n/**\n * Converts a PKCS#10 certification request (CSR) from PEM format.\n *\n * Note: If the certification request is to be verified then compute hash\n * should be set to true. This will scan the CertificationRequestInfo part of\n * the ASN.1 object while it is converted so it doesn't need to be converted\n * back to ASN.1-DER-encoding later.\n *\n * @param pem the PEM-formatted certificate.\n * @param computeHash true to compute the hash for verification.\n * @param strict true to be strict when checking ASN.1 value lengths, false to\n * allow truncated values (default: true).\n *\n * @return the certification request (CSR).\n */\npki.certificationRequestFromPem = function(pem, computeHash, strict) {\n var msg = forge.pem.decode(pem)[0];\n\n if(msg.type !== 'CERTIFICATE REQUEST') {\n var error = new Error('Could not convert certification request from PEM; ' +\n 'PEM header type is not \"CERTIFICATE REQUEST\".');\n error.headerType = msg.type;\n throw error;\n }\n if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n throw new Error('Could not convert certification request from PEM; ' +\n 'PEM is encrypted.');\n }\n\n // convert DER to ASN.1 object\n var obj = asn1.fromDer(msg.body, strict);\n\n return pki.certificationRequestFromAsn1(obj, computeHash);\n};\n\n/**\n * Converts a PKCS#10 certification request (CSR) to PEM format.\n *\n * @param csr the certification request.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted certification request.\n */\npki.certificationRequestToPem = function(csr, maxline) {\n // convert to ASN.1, then DER, then PEM-encode\n var msg = {\n type: 'CERTIFICATE REQUEST',\n body: asn1.toDer(pki.certificationRequestToAsn1(csr)).getBytes()\n };\n return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Creates an empty X.509v3 RSA certificate.\n *\n * @return the certificate.\n */\npki.createCertificate = function() {\n var cert = {};\n cert.version = 0x02;\n cert.serialNumber = '00';\n cert.signatureOid = null;\n cert.signature = null;\n cert.siginfo = {};\n cert.siginfo.algorithmOid = null;\n cert.validity = {};\n cert.validity.notBefore = new Date();\n cert.validity.notAfter = new Date();\n\n cert.issuer = {};\n cert.issuer.getField = function(sn) {\n return _getAttribute(cert.issuer, sn);\n };\n cert.issuer.addField = function(attr) {\n _fillMissingFields([attr]);\n cert.issuer.attributes.push(attr);\n };\n cert.issuer.attributes = [];\n cert.issuer.hash = null;\n\n cert.subject = {};\n cert.subject.getField = function(sn) {\n return _getAttribute(cert.subject, sn);\n };\n cert.subject.addField = function(attr) {\n _fillMissingFields([attr]);\n cert.subject.attributes.push(attr);\n };\n cert.subject.attributes = [];\n cert.subject.hash = null;\n\n cert.extensions = [];\n cert.publicKey = null;\n cert.md = null;\n\n /**\n * Sets the subject of this certificate.\n *\n * @param attrs the array of subject attributes to use.\n * @param uniqueId an optional a unique ID to use.\n */\n cert.setSubject = function(attrs, uniqueId) {\n // set new attributes, clear hash\n _fillMissingFields(attrs);\n cert.subject.attributes = attrs;\n delete cert.subject.uniqueId;\n if(uniqueId) {\n // TODO: support arbitrary bit length ids\n cert.subject.uniqueId = uniqueId;\n }\n cert.subject.hash = null;\n };\n\n /**\n * Sets the issuer of this certificate.\n *\n * @param attrs the array of issuer attributes to use.\n * @param uniqueId an optional a unique ID to use.\n */\n cert.setIssuer = function(attrs, uniqueId) {\n // set new attributes, clear hash\n _fillMissingFields(attrs);\n cert.issuer.attributes = attrs;\n delete cert.issuer.uniqueId;\n if(uniqueId) {\n // TODO: support arbitrary bit length ids\n cert.issuer.uniqueId = uniqueId;\n }\n cert.issuer.hash = null;\n };\n\n /**\n * Sets the extensions of this certificate.\n *\n * @param exts the array of extensions to use.\n */\n cert.setExtensions = function(exts) {\n for(var i = 0; i < exts.length; ++i) {\n _fillMissingExtensionFields(exts[i], {cert: cert});\n }\n // set new extensions\n cert.extensions = exts;\n };\n\n /**\n * Gets an extension by its name or id.\n *\n * @param options the name to use or an object with:\n * name the name to use.\n * id the id to use.\n *\n * @return the extension or null if not found.\n */\n cert.getExtension = function(options) {\n if(typeof options === 'string') {\n options = {name: options};\n }\n\n var rval = null;\n var ext;\n for(var i = 0; rval === null && i < cert.extensions.length; ++i) {\n ext = cert.extensions[i];\n if(options.id && ext.id === options.id) {\n rval = ext;\n } else if(options.name && ext.name === options.name) {\n rval = ext;\n }\n }\n return rval;\n };\n\n /**\n * Signs this certificate using the given private key.\n *\n * @param key the private key to sign with.\n * @param md the message digest object to use (defaults to forge.md.sha1).\n */\n cert.sign = function(key, md) {\n // TODO: get signature OID from private key\n cert.md = md || forge.md.sha1.create();\n var algorithmOid = oids[cert.md.algorithm + 'WithRSAEncryption'];\n if(!algorithmOid) {\n var error = new Error('Could not compute certificate digest. ' +\n 'Unknown message digest algorithm OID.');\n error.algorithm = cert.md.algorithm;\n throw error;\n }\n cert.signatureOid = cert.siginfo.algorithmOid = algorithmOid;\n\n // get TBSCertificate, convert to DER\n cert.tbsCertificate = pki.getTBSCertificate(cert);\n var bytes = asn1.toDer(cert.tbsCertificate);\n\n // digest and sign\n cert.md.update(bytes.getBytes());\n cert.signature = key.sign(cert.md);\n };\n\n /**\n * Attempts verify the signature on the passed certificate using this\n * certificate's public key.\n *\n * @param child the certificate to verify.\n *\n * @return true if verified, false if not.\n */\n cert.verify = function(child) {\n var rval = false;\n\n if(!cert.issued(child)) {\n var issuer = child.issuer;\n var subject = cert.subject;\n var error = new Error(\n 'The parent certificate did not issue the given child ' +\n 'certificate; the child certificate\\'s issuer does not match the ' +\n 'parent\\'s subject.');\n error.expectedIssuer = subject.attributes;\n error.actualIssuer = issuer.attributes;\n throw error;\n }\n\n var md = child.md;\n if(md === null) {\n // create digest for OID signature types\n md = _createSignatureDigest({\n signatureOid: child.signatureOid,\n type: 'certificate'\n });\n\n // produce DER formatted TBSCertificate and digest it\n var tbsCertificate = child.tbsCertificate || pki.getTBSCertificate(child);\n var bytes = asn1.toDer(tbsCertificate);\n md.update(bytes.getBytes());\n }\n\n if(md !== null) {\n rval = _verifySignature({\n certificate: cert, md: md, signature: child.signature\n });\n }\n\n return rval;\n };\n\n /**\n * Returns true if this certificate's issuer matches the passed\n * certificate's subject. Note that no signature check is performed.\n *\n * @param parent the certificate to check.\n *\n * @return true if this certificate's issuer matches the passed certificate's\n * subject.\n */\n cert.isIssuer = function(parent) {\n var rval = false;\n\n var i = cert.issuer;\n var s = parent.subject;\n\n // compare hashes if present\n if(i.hash && s.hash) {\n rval = (i.hash === s.hash);\n } else if(i.attributes.length === s.attributes.length) {\n // all attributes are the same so issuer matches subject\n rval = true;\n var iattr, sattr;\n for(var n = 0; rval && n < i.attributes.length; ++n) {\n iattr = i.attributes[n];\n sattr = s.attributes[n];\n if(iattr.type !== sattr.type || iattr.value !== sattr.value) {\n // attribute mismatch\n rval = false;\n }\n }\n }\n\n return rval;\n };\n\n /**\n * Returns true if this certificate's subject matches the issuer of the\n * given certificate). Note that not signature check is performed.\n *\n * @param child the certificate to check.\n *\n * @return true if this certificate's subject matches the passed\n * certificate's issuer.\n */\n cert.issued = function(child) {\n return child.isIssuer(cert);\n };\n\n /**\n * Generates the subjectKeyIdentifier for this certificate as byte buffer.\n *\n * @return the subjectKeyIdentifier for this certificate as byte buffer.\n */\n cert.generateSubjectKeyIdentifier = function() {\n /* See: 4.2.1.2 section of the the RFC3280, keyIdentifier is either:\n\n (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the\n value of the BIT STRING subjectPublicKey (excluding the tag,\n length, and number of unused bits).\n\n (2) The keyIdentifier is composed of a four bit type field with\n the value 0100 followed by the least significant 60 bits of the\n SHA-1 hash of the value of the BIT STRING subjectPublicKey\n (excluding the tag, length, and number of unused bit string bits).\n */\n\n // skipping the tag, length, and number of unused bits is the same\n // as just using the RSAPublicKey (for RSA keys, which are the\n // only ones supported)\n return pki.getPublicKeyFingerprint(cert.publicKey, {type: 'RSAPublicKey'});\n };\n\n /**\n * Verifies the subjectKeyIdentifier extension value for this certificate\n * against its public key. If no extension is found, false will be\n * returned.\n *\n * @return true if verified, false if not.\n */\n cert.verifySubjectKeyIdentifier = function() {\n var oid = oids['subjectKeyIdentifier'];\n for(var i = 0; i < cert.extensions.length; ++i) {\n var ext = cert.extensions[i];\n if(ext.id === oid) {\n var ski = cert.generateSubjectKeyIdentifier().getBytes();\n return (forge.util.hexToBytes(ext.subjectKeyIdentifier) === ski);\n }\n }\n return false;\n };\n\n return cert;\n};\n\n/**\n * Converts an X.509v3 RSA certificate from an ASN.1 object.\n *\n * Note: If the certificate is to be verified then compute hash should\n * be set to true. There is currently no implementation for converting\n * a certificate back to ASN.1 so the TBSCertificate part of the ASN.1\n * object needs to be scanned before the cert object is created.\n *\n * @param obj the asn1 representation of an X.509v3 RSA certificate.\n * @param computeHash true to compute the hash for verification.\n *\n * @return the certificate.\n */\npki.certificateFromAsn1 = function(obj, computeHash) {\n // validate certificate and capture data\n var capture = {};\n var errors = [];\n if(!asn1.validate(obj, x509CertificateValidator, capture, errors)) {\n var error = new Error('Cannot read X.509 certificate. ' +\n 'ASN.1 object is not an X509v3 Certificate.');\n error.errors = errors;\n throw error;\n }\n\n // get oid\n var oid = asn1.derToOid(capture.publicKeyOid);\n if(oid !== pki.oids.rsaEncryption) {\n throw new Error('Cannot read public key. OID is not RSA.');\n }\n\n // create certificate\n var cert = pki.createCertificate();\n cert.version = capture.certVersion ?\n capture.certVersion.charCodeAt(0) : 0;\n var serial = forge.util.createBuffer(capture.certSerialNumber);\n cert.serialNumber = serial.toHex();\n cert.signatureOid = forge.asn1.derToOid(capture.certSignatureOid);\n cert.signatureParameters = _readSignatureParameters(\n cert.signatureOid, capture.certSignatureParams, true);\n cert.siginfo.algorithmOid = forge.asn1.derToOid(capture.certinfoSignatureOid);\n cert.siginfo.parameters = _readSignatureParameters(cert.siginfo.algorithmOid,\n capture.certinfoSignatureParams, false);\n cert.signature = capture.certSignature;\n\n var validity = [];\n if(capture.certValidity1UTCTime !== undefined) {\n validity.push(asn1.utcTimeToDate(capture.certValidity1UTCTime));\n }\n if(capture.certValidity2GeneralizedTime !== undefined) {\n validity.push(asn1.generalizedTimeToDate(\n capture.certValidity2GeneralizedTime));\n }\n if(capture.certValidity3UTCTime !== undefined) {\n validity.push(asn1.utcTimeToDate(capture.certValidity3UTCTime));\n }\n if(capture.certValidity4GeneralizedTime !== undefined) {\n validity.push(asn1.generalizedTimeToDate(\n capture.certValidity4GeneralizedTime));\n }\n if(validity.length > 2) {\n throw new Error('Cannot read notBefore/notAfter validity times; more ' +\n 'than two times were provided in the certificate.');\n }\n if(validity.length < 2) {\n throw new Error('Cannot read notBefore/notAfter validity times; they ' +\n 'were not provided as either UTCTime or GeneralizedTime.');\n }\n cert.validity.notBefore = validity[0];\n cert.validity.notAfter = validity[1];\n\n // keep TBSCertificate to preserve signature when exporting\n cert.tbsCertificate = capture.tbsCertificate;\n\n if(computeHash) {\n // create digest for OID signature type\n cert.md = _createSignatureDigest({\n signatureOid: cert.signatureOid,\n type: 'certificate'\n });\n\n // produce DER formatted TBSCertificate and digest it\n var bytes = asn1.toDer(cert.tbsCertificate);\n cert.md.update(bytes.getBytes());\n }\n\n // handle issuer, build issuer message digest\n var imd = forge.md.sha1.create();\n var ibytes = asn1.toDer(capture.certIssuer);\n imd.update(ibytes.getBytes());\n cert.issuer.getField = function(sn) {\n return _getAttribute(cert.issuer, sn);\n };\n cert.issuer.addField = function(attr) {\n _fillMissingFields([attr]);\n cert.issuer.attributes.push(attr);\n };\n cert.issuer.attributes = pki.RDNAttributesAsArray(capture.certIssuer);\n if(capture.certIssuerUniqueId) {\n cert.issuer.uniqueId = capture.certIssuerUniqueId;\n }\n cert.issuer.hash = imd.digest().toHex();\n\n // handle subject, build subject message digest\n var smd = forge.md.sha1.create();\n var sbytes = asn1.toDer(capture.certSubject);\n smd.update(sbytes.getBytes());\n cert.subject.getField = function(sn) {\n return _getAttribute(cert.subject, sn);\n };\n cert.subject.addField = function(attr) {\n _fillMissingFields([attr]);\n cert.subject.attributes.push(attr);\n };\n cert.subject.attributes = pki.RDNAttributesAsArray(capture.certSubject);\n if(capture.certSubjectUniqueId) {\n cert.subject.uniqueId = capture.certSubjectUniqueId;\n }\n cert.subject.hash = smd.digest().toHex();\n\n // handle extensions\n if(capture.certExtensions) {\n cert.extensions = pki.certificateExtensionsFromAsn1(capture.certExtensions);\n } else {\n cert.extensions = [];\n }\n\n // convert RSA public key from ASN.1\n cert.publicKey = pki.publicKeyFromAsn1(capture.subjectPublicKeyInfo);\n\n return cert;\n};\n\n/**\n * Converts an ASN.1 extensions object (with extension sequences as its\n * values) into an array of extension objects with types and values.\n *\n * Supported extensions:\n *\n * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 }\n * KeyUsage ::= BIT STRING {\n * digitalSignature (0),\n * nonRepudiation (1),\n * keyEncipherment (2),\n * dataEncipherment (3),\n * keyAgreement (4),\n * keyCertSign (5),\n * cRLSign (6),\n * encipherOnly (7),\n * decipherOnly (8)\n * }\n *\n * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 }\n * BasicConstraints ::= SEQUENCE {\n * cA BOOLEAN DEFAULT FALSE,\n * pathLenConstraint INTEGER (0..MAX) OPTIONAL\n * }\n *\n * subjectAltName EXTENSION ::= {\n * SYNTAX GeneralNames\n * IDENTIFIED BY id-ce-subjectAltName\n * }\n *\n * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName\n *\n * GeneralName ::= CHOICE {\n * otherName [0] INSTANCE OF OTHER-NAME,\n * rfc822Name [1] IA5String,\n * dNSName [2] IA5String,\n * x400Address [3] ORAddress,\n * directoryName [4] Name,\n * ediPartyName [5] EDIPartyName,\n * uniformResourceIdentifier [6] IA5String,\n * IPAddress [7] OCTET STRING,\n * registeredID [8] OBJECT IDENTIFIER\n * }\n *\n * OTHER-NAME ::= TYPE-IDENTIFIER\n *\n * EDIPartyName ::= SEQUENCE {\n * nameAssigner [0] DirectoryString {ub-name} OPTIONAL,\n * partyName [1] DirectoryString {ub-name}\n * }\n *\n * @param exts the extensions ASN.1 with extension sequences to parse.\n *\n * @return the array.\n */\npki.certificateExtensionsFromAsn1 = function(exts) {\n var rval = [];\n for(var i = 0; i < exts.value.length; ++i) {\n // get extension sequence\n var extseq = exts.value[i];\n for(var ei = 0; ei < extseq.value.length; ++ei) {\n rval.push(pki.certificateExtensionFromAsn1(extseq.value[ei]));\n }\n }\n\n return rval;\n};\n\n/**\n * Parses a single certificate extension from ASN.1.\n *\n * @param ext the extension in ASN.1 format.\n *\n * @return the parsed extension as an object.\n */\npki.certificateExtensionFromAsn1 = function(ext) {\n // an extension has:\n // [0] extnID OBJECT IDENTIFIER\n // [1] critical BOOLEAN DEFAULT FALSE\n // [2] extnValue OCTET STRING\n var e = {};\n e.id = asn1.derToOid(ext.value[0].value);\n e.critical = false;\n if(ext.value[1].type === asn1.Type.BOOLEAN) {\n e.critical = (ext.value[1].value.charCodeAt(0) !== 0x00);\n e.value = ext.value[2].value;\n } else {\n e.value = ext.value[1].value;\n }\n // if the oid is known, get its name\n if(e.id in oids) {\n e.name = oids[e.id];\n\n // handle key usage\n if(e.name === 'keyUsage') {\n // get value as BIT STRING\n var ev = asn1.fromDer(e.value);\n var b2 = 0x00;\n var b3 = 0x00;\n if(ev.value.length > 1) {\n // skip first byte, just indicates unused bits which\n // will be padded with 0s anyway\n // get bytes with flag bits\n b2 = ev.value.charCodeAt(1);\n b3 = ev.value.length > 2 ? ev.value.charCodeAt(2) : 0;\n }\n // set flags\n e.digitalSignature = (b2 & 0x80) === 0x80;\n e.nonRepudiation = (b2 & 0x40) === 0x40;\n e.keyEncipherment = (b2 & 0x20) === 0x20;\n e.dataEncipherment = (b2 & 0x10) === 0x10;\n e.keyAgreement = (b2 & 0x08) === 0x08;\n e.keyCertSign = (b2 & 0x04) === 0x04;\n e.cRLSign = (b2 & 0x02) === 0x02;\n e.encipherOnly = (b2 & 0x01) === 0x01;\n e.decipherOnly = (b3 & 0x80) === 0x80;\n } else if(e.name === 'basicConstraints') {\n // handle basic constraints\n // get value as SEQUENCE\n var ev = asn1.fromDer(e.value);\n // get cA BOOLEAN flag (defaults to false)\n if(ev.value.length > 0 && ev.value[0].type === asn1.Type.BOOLEAN) {\n e.cA = (ev.value[0].value.charCodeAt(0) !== 0x00);\n } else {\n e.cA = false;\n }\n // get path length constraint\n var value = null;\n if(ev.value.length > 0 && ev.value[0].type === asn1.Type.INTEGER) {\n value = ev.value[0].value;\n } else if(ev.value.length > 1) {\n value = ev.value[1].value;\n }\n if(value !== null) {\n e.pathLenConstraint = asn1.derToInteger(value);\n }\n } else if(e.name === 'extKeyUsage') {\n // handle extKeyUsage\n // value is a SEQUENCE of OIDs\n var ev = asn1.fromDer(e.value);\n for(var vi = 0; vi < ev.value.length; ++vi) {\n var oid = asn1.derToOid(ev.value[vi].value);\n if(oid in oids) {\n e[oids[oid]] = true;\n } else {\n e[oid] = true;\n }\n }\n } else if(e.name === 'nsCertType') {\n // handle nsCertType\n // get value as BIT STRING\n var ev = asn1.fromDer(e.value);\n var b2 = 0x00;\n if(ev.value.length > 1) {\n // skip first byte, just indicates unused bits which\n // will be padded with 0s anyway\n // get bytes with flag bits\n b2 = ev.value.charCodeAt(1);\n }\n // set flags\n e.client = (b2 & 0x80) === 0x80;\n e.server = (b2 & 0x40) === 0x40;\n e.email = (b2 & 0x20) === 0x20;\n e.objsign = (b2 & 0x10) === 0x10;\n e.reserved = (b2 & 0x08) === 0x08;\n e.sslCA = (b2 & 0x04) === 0x04;\n e.emailCA = (b2 & 0x02) === 0x02;\n e.objCA = (b2 & 0x01) === 0x01;\n } else if(\n e.name === 'subjectAltName' ||\n e.name === 'issuerAltName') {\n // handle subjectAltName/issuerAltName\n e.altNames = [];\n\n // ev is a SYNTAX SEQUENCE\n var gn;\n var ev = asn1.fromDer(e.value);\n for(var n = 0; n < ev.value.length; ++n) {\n // get GeneralName\n gn = ev.value[n];\n\n var altName = {\n type: gn.type,\n value: gn.value\n };\n e.altNames.push(altName);\n\n // Note: Support for types 1,2,6,7,8\n switch(gn.type) {\n // rfc822Name\n case 1:\n // dNSName\n case 2:\n // uniformResourceIdentifier (URI)\n case 6:\n break;\n // IPAddress\n case 7:\n // convert to IPv4/IPv6 string representation\n altName.ip = forge.util.bytesToIP(gn.value);\n break;\n // registeredID\n case 8:\n altName.oid = asn1.derToOid(gn.value);\n break;\n default:\n // unsupported\n }\n }\n } else if(e.name === 'subjectKeyIdentifier') {\n // value is an OCTETSTRING w/the hash of the key-type specific\n // public key structure (eg: RSAPublicKey)\n var ev = asn1.fromDer(e.value);\n e.subjectKeyIdentifier = forge.util.bytesToHex(ev.value);\n }\n }\n return e;\n};\n\n/**\n * Converts a PKCS#10 certification request (CSR) from an ASN.1 object.\n *\n * Note: If the certification request is to be verified then compute hash\n * should be set to true. There is currently no implementation for converting\n * a certificate back to ASN.1 so the CertificationRequestInfo part of the\n * ASN.1 object needs to be scanned before the csr object is created.\n *\n * @param obj the asn1 representation of a PKCS#10 certification request (CSR).\n * @param computeHash true to compute the hash for verification.\n *\n * @return the certification request (CSR).\n */\npki.certificationRequestFromAsn1 = function(obj, computeHash) {\n // validate certification request and capture data\n var capture = {};\n var errors = [];\n if(!asn1.validate(obj, certificationRequestValidator, capture, errors)) {\n var error = new Error('Cannot read PKCS#10 certificate request. ' +\n 'ASN.1 object is not a PKCS#10 CertificationRequest.');\n error.errors = errors;\n throw error;\n }\n\n // get oid\n var oid = asn1.derToOid(capture.publicKeyOid);\n if(oid !== pki.oids.rsaEncryption) {\n throw new Error('Cannot read public key. OID is not RSA.');\n }\n\n // create certification request\n var csr = pki.createCertificationRequest();\n csr.version = capture.csrVersion ? capture.csrVersion.charCodeAt(0) : 0;\n csr.signatureOid = forge.asn1.derToOid(capture.csrSignatureOid);\n csr.signatureParameters = _readSignatureParameters(\n csr.signatureOid, capture.csrSignatureParams, true);\n csr.siginfo.algorithmOid = forge.asn1.derToOid(capture.csrSignatureOid);\n csr.siginfo.parameters = _readSignatureParameters(\n csr.siginfo.algorithmOid, capture.csrSignatureParams, false);\n csr.signature = capture.csrSignature;\n\n // keep CertificationRequestInfo to preserve signature when exporting\n csr.certificationRequestInfo = capture.certificationRequestInfo;\n\n if(computeHash) {\n // create digest for OID signature type\n csr.md = _createSignatureDigest({\n signatureOid: csr.signatureOid,\n type: 'certification request'\n });\n\n // produce DER formatted CertificationRequestInfo and digest it\n var bytes = asn1.toDer(csr.certificationRequestInfo);\n csr.md.update(bytes.getBytes());\n }\n\n // handle subject, build subject message digest\n var smd = forge.md.sha1.create();\n csr.subject.getField = function(sn) {\n return _getAttribute(csr.subject, sn);\n };\n csr.subject.addField = function(attr) {\n _fillMissingFields([attr]);\n csr.subject.attributes.push(attr);\n };\n csr.subject.attributes = pki.RDNAttributesAsArray(\n capture.certificationRequestInfoSubject, smd);\n csr.subject.hash = smd.digest().toHex();\n\n // convert RSA public key from ASN.1\n csr.publicKey = pki.publicKeyFromAsn1(capture.subjectPublicKeyInfo);\n\n // convert attributes from ASN.1\n csr.getAttribute = function(sn) {\n return _getAttribute(csr, sn);\n };\n csr.addAttribute = function(attr) {\n _fillMissingFields([attr]);\n csr.attributes.push(attr);\n };\n csr.attributes = pki.CRIAttributesAsArray(\n capture.certificationRequestInfoAttributes || []);\n\n return csr;\n};\n\n/**\n * Creates an empty certification request (a CSR or certificate signing\n * request). Once created, its public key and attributes can be set and then\n * it can be signed.\n *\n * @return the empty certification request.\n */\npki.createCertificationRequest = function() {\n var csr = {};\n csr.version = 0x00;\n csr.signatureOid = null;\n csr.signature = null;\n csr.siginfo = {};\n csr.siginfo.algorithmOid = null;\n\n csr.subject = {};\n csr.subject.getField = function(sn) {\n return _getAttribute(csr.subject, sn);\n };\n csr.subject.addField = function(attr) {\n _fillMissingFields([attr]);\n csr.subject.attributes.push(attr);\n };\n csr.subject.attributes = [];\n csr.subject.hash = null;\n\n csr.publicKey = null;\n csr.attributes = [];\n csr.getAttribute = function(sn) {\n return _getAttribute(csr, sn);\n };\n csr.addAttribute = function(attr) {\n _fillMissingFields([attr]);\n csr.attributes.push(attr);\n };\n csr.md = null;\n\n /**\n * Sets the subject of this certification request.\n *\n * @param attrs the array of subject attributes to use.\n */\n csr.setSubject = function(attrs) {\n // set new attributes\n _fillMissingFields(attrs);\n csr.subject.attributes = attrs;\n csr.subject.hash = null;\n };\n\n /**\n * Sets the attributes of this certification request.\n *\n * @param attrs the array of attributes to use.\n */\n csr.setAttributes = function(attrs) {\n // set new attributes\n _fillMissingFields(attrs);\n csr.attributes = attrs;\n };\n\n /**\n * Signs this certification request using the given private key.\n *\n * @param key the private key to sign with.\n * @param md the message digest object to use (defaults to forge.md.sha1).\n */\n csr.sign = function(key, md) {\n // TODO: get signature OID from private key\n csr.md = md || forge.md.sha1.create();\n var algorithmOid = oids[csr.md.algorithm + 'WithRSAEncryption'];\n if(!algorithmOid) {\n var error = new Error('Could not compute certification request digest. ' +\n 'Unknown message digest algorithm OID.');\n error.algorithm = csr.md.algorithm;\n throw error;\n }\n csr.signatureOid = csr.siginfo.algorithmOid = algorithmOid;\n\n // get CertificationRequestInfo, convert to DER\n csr.certificationRequestInfo = pki.getCertificationRequestInfo(csr);\n var bytes = asn1.toDer(csr.certificationRequestInfo);\n\n // digest and sign\n csr.md.update(bytes.getBytes());\n csr.signature = key.sign(csr.md);\n };\n\n /**\n * Attempts verify the signature on the passed certification request using\n * its public key.\n *\n * A CSR that has been exported to a file in PEM format can be verified using\n * OpenSSL using this command:\n *\n * openssl req -in <the-csr-pem-file> -verify -noout -text\n *\n * @return true if verified, false if not.\n */\n csr.verify = function() {\n var rval = false;\n\n var md = csr.md;\n if(md === null) {\n md = _createSignatureDigest({\n signatureOid: csr.signatureOid,\n type: 'certification request'\n });\n\n // produce DER formatted CertificationRequestInfo and digest it\n var cri = csr.certificationRequestInfo ||\n pki.getCertificationRequestInfo(csr);\n var bytes = asn1.toDer(cri);\n md.update(bytes.getBytes());\n }\n\n if(md !== null) {\n rval = _verifySignature({\n certificate: csr, md: md, signature: csr.signature\n });\n }\n\n return rval;\n };\n\n return csr;\n};\n\n/**\n * Converts an X.509 subject or issuer to an ASN.1 RDNSequence.\n *\n * @param obj the subject or issuer (distinguished name).\n *\n * @return the ASN.1 RDNSequence.\n */\nfunction _dnToAsn1(obj) {\n // create an empty RDNSequence\n var rval = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n\n // iterate over attributes\n var attr, set;\n var attrs = obj.attributes;\n for(var i = 0; i < attrs.length; ++i) {\n attr = attrs[i];\n var value = attr.value;\n\n // reuse tag class for attribute value if available\n var valueTagClass = asn1.Type.PRINTABLESTRING;\n if('valueTagClass' in attr) {\n valueTagClass = attr.valueTagClass;\n\n if(valueTagClass === asn1.Type.UTF8) {\n value = forge.util.encodeUtf8(value);\n }\n // FIXME: handle more encodings\n }\n\n // create a RelativeDistinguishedName set\n // each value in the set is an AttributeTypeAndValue first\n // containing the type (an OID) and second the value\n set = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // AttributeType\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(attr.type).getBytes()),\n // AttributeValue\n asn1.create(asn1.Class.UNIVERSAL, valueTagClass, false, value)\n ])\n ]);\n rval.value.push(set);\n }\n\n return rval;\n}\n\n/**\n * Gets all printable attributes (typically of an issuer or subject) in a\n * simplified JSON format for display.\n *\n * @param attrs the attributes.\n *\n * @return the JSON for display.\n */\nfunction _getAttributesAsJson(attrs) {\n var rval = {};\n for(var i = 0; i < attrs.length; ++i) {\n var attr = attrs[i];\n if(attr.shortName && (\n attr.valueTagClass === asn1.Type.UTF8 ||\n attr.valueTagClass === asn1.Type.PRINTABLESTRING ||\n attr.valueTagClass === asn1.Type.IA5STRING)) {\n var value = attr.value;\n if(attr.valueTagClass === asn1.Type.UTF8) {\n value = forge.util.encodeUtf8(attr.value);\n }\n if(!(attr.shortName in rval)) {\n rval[attr.shortName] = value;\n } else if(forge.util.isArray(rval[attr.shortName])) {\n rval[attr.shortName].push(value);\n } else {\n rval[attr.shortName] = [rval[attr.shortName], value];\n }\n }\n }\n return rval;\n}\n\n/**\n * Fills in missing fields in attributes.\n *\n * @param attrs the attributes to fill missing fields in.\n */\nfunction _fillMissingFields(attrs) {\n var attr;\n for(var i = 0; i < attrs.length; ++i) {\n attr = attrs[i];\n\n // populate missing name\n if(typeof attr.name === 'undefined') {\n if(attr.type && attr.type in pki.oids) {\n attr.name = pki.oids[attr.type];\n } else if(attr.shortName && attr.shortName in _shortNames) {\n attr.name = pki.oids[_shortNames[attr.shortName]];\n }\n }\n\n // populate missing type (OID)\n if(typeof attr.type === 'undefined') {\n if(attr.name && attr.name in pki.oids) {\n attr.type = pki.oids[attr.name];\n } else {\n var error = new Error('Attribute type not specified.');\n error.attribute = attr;\n throw error;\n }\n }\n\n // populate missing shortname\n if(typeof attr.shortName === 'undefined') {\n if(attr.name && attr.name in _shortNames) {\n attr.shortName = _shortNames[attr.name];\n }\n }\n\n // convert extensions to value\n if(attr.type === oids.extensionRequest) {\n attr.valueConstructed = true;\n attr.valueTagClass = asn1.Type.SEQUENCE;\n if(!attr.value && attr.extensions) {\n attr.value = [];\n for(var ei = 0; ei < attr.extensions.length; ++ei) {\n attr.value.push(pki.certificateExtensionToAsn1(\n _fillMissingExtensionFields(attr.extensions[ei])));\n }\n }\n }\n\n if(typeof attr.value === 'undefined') {\n var error = new Error('Attribute value not specified.');\n error.attribute = attr;\n throw error;\n }\n }\n}\n\n/**\n * Fills in missing fields in certificate extensions.\n *\n * @param e the extension.\n * @param [options] the options to use.\n * [cert] the certificate the extensions are for.\n *\n * @return the extension.\n */\nfunction _fillMissingExtensionFields(e, options) {\n options = options || {};\n\n // populate missing name\n if(typeof e.name === 'undefined') {\n if(e.id && e.id in pki.oids) {\n e.name = pki.oids[e.id];\n }\n }\n\n // populate missing id\n if(typeof e.id === 'undefined') {\n if(e.name && e.name in pki.oids) {\n e.id = pki.oids[e.name];\n } else {\n var error = new Error('Extension ID not specified.');\n error.extension = e;\n throw error;\n }\n }\n\n if(typeof e.value !== 'undefined') {\n return e;\n }\n\n // handle missing value:\n\n // value is a BIT STRING\n if(e.name === 'keyUsage') {\n // build flags\n var unused = 0;\n var b2 = 0x00;\n var b3 = 0x00;\n if(e.digitalSignature) {\n b2 |= 0x80;\n unused = 7;\n }\n if(e.nonRepudiation) {\n b2 |= 0x40;\n unused = 6;\n }\n if(e.keyEncipherment) {\n b2 |= 0x20;\n unused = 5;\n }\n if(e.dataEncipherment) {\n b2 |= 0x10;\n unused = 4;\n }\n if(e.keyAgreement) {\n b2 |= 0x08;\n unused = 3;\n }\n if(e.keyCertSign) {\n b2 |= 0x04;\n unused = 2;\n }\n if(e.cRLSign) {\n b2 |= 0x02;\n unused = 1;\n }\n if(e.encipherOnly) {\n b2 |= 0x01;\n unused = 0;\n }\n if(e.decipherOnly) {\n b3 |= 0x80;\n unused = 7;\n }\n\n // create bit string\n var value = String.fromCharCode(unused);\n if(b3 !== 0) {\n value += String.fromCharCode(b2) + String.fromCharCode(b3);\n } else if(b2 !== 0) {\n value += String.fromCharCode(b2);\n }\n e.value = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, value);\n } else if(e.name === 'basicConstraints') {\n // basicConstraints is a SEQUENCE\n e.value = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n // cA BOOLEAN flag defaults to false\n if(e.cA) {\n e.value.value.push(asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.BOOLEAN, false,\n String.fromCharCode(0xFF)));\n }\n if('pathLenConstraint' in e) {\n e.value.value.push(asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(e.pathLenConstraint).getBytes()));\n }\n } else if(e.name === 'extKeyUsage') {\n // extKeyUsage is a SEQUENCE of OIDs\n e.value = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n var seq = e.value.value;\n for(var key in e) {\n if(e[key] !== true) {\n continue;\n }\n // key is name in OID map\n if(key in oids) {\n seq.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID,\n false, asn1.oidToDer(oids[key]).getBytes()));\n } else if(key.indexOf('.') !== -1) {\n // assume key is an OID\n seq.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID,\n false, asn1.oidToDer(key).getBytes()));\n }\n }\n } else if(e.name === 'nsCertType') {\n // nsCertType is a BIT STRING\n // build flags\n var unused = 0;\n var b2 = 0x00;\n\n if(e.client) {\n b2 |= 0x80;\n unused = 7;\n }\n if(e.server) {\n b2 |= 0x40;\n unused = 6;\n }\n if(e.email) {\n b2 |= 0x20;\n unused = 5;\n }\n if(e.objsign) {\n b2 |= 0x10;\n unused = 4;\n }\n if(e.reserved) {\n b2 |= 0x08;\n unused = 3;\n }\n if(e.sslCA) {\n b2 |= 0x04;\n unused = 2;\n }\n if(e.emailCA) {\n b2 |= 0x02;\n unused = 1;\n }\n if(e.objCA) {\n b2 |= 0x01;\n unused = 0;\n }\n\n // create bit string\n var value = String.fromCharCode(unused);\n if(b2 !== 0) {\n value += String.fromCharCode(b2);\n }\n e.value = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, value);\n } else if(e.name === 'subjectAltName' || e.name === 'issuerAltName') {\n // SYNTAX SEQUENCE\n e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n\n var altName;\n for(var n = 0; n < e.altNames.length; ++n) {\n altName = e.altNames[n];\n var value = altName.value;\n // handle IP\n if(altName.type === 7 && altName.ip) {\n value = forge.util.bytesFromIP(altName.ip);\n if(value === null) {\n var error = new Error(\n 'Extension \"ip\" value is not a valid IPv4 or IPv6 address.');\n error.extension = e;\n throw error;\n }\n } else if(altName.type === 8) {\n // handle OID\n if(altName.oid) {\n value = asn1.oidToDer(asn1.oidToDer(altName.oid));\n } else {\n // deprecated ... convert value to OID\n value = asn1.oidToDer(value);\n }\n }\n e.value.value.push(asn1.create(\n asn1.Class.CONTEXT_SPECIFIC, altName.type, false,\n value));\n }\n } else if(e.name === 'nsComment' && options.cert) {\n // sanity check value is ASCII (req'd) and not too big\n if(!(/^[\\x00-\\x7F]*$/.test(e.comment)) ||\n (e.comment.length < 1) || (e.comment.length > 128)) {\n throw new Error('Invalid \"nsComment\" content.');\n }\n // IA5STRING opaque comment\n e.value = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.IA5STRING, false, e.comment);\n } else if(e.name === 'subjectKeyIdentifier' && options.cert) {\n var ski = options.cert.generateSubjectKeyIdentifier();\n e.subjectKeyIdentifier = ski.toHex();\n // OCTETSTRING w/digest\n e.value = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, ski.getBytes());\n } else if(e.name === 'authorityKeyIdentifier' && options.cert) {\n // SYNTAX SEQUENCE\n e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n var seq = e.value.value;\n\n if(e.keyIdentifier) {\n var keyIdentifier = (e.keyIdentifier === true ?\n options.cert.generateSubjectKeyIdentifier().getBytes() :\n e.keyIdentifier);\n seq.push(\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, false, keyIdentifier));\n }\n\n if(e.authorityCertIssuer) {\n var authorityCertIssuer = [\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 4, true, [\n _dnToAsn1(e.authorityCertIssuer === true ?\n options.cert.issuer : e.authorityCertIssuer)\n ])\n ];\n seq.push(\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, authorityCertIssuer));\n }\n\n if(e.serialNumber) {\n var serialNumber = forge.util.hexToBytes(e.serialNumber === true ?\n options.cert.serialNumber : e.serialNumber);\n seq.push(\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, false, serialNumber));\n }\n } else if(e.name === 'cRLDistributionPoints') {\n e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n var seq = e.value.value;\n\n // Create sub SEQUENCE of DistributionPointName\n var subSeq = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n\n // Create fullName CHOICE\n var fullNameGeneralNames = asn1.create(\n asn1.Class.CONTEXT_SPECIFIC, 0, true, []);\n var altName;\n for(var n = 0; n < e.altNames.length; ++n) {\n altName = e.altNames[n];\n var value = altName.value;\n // handle IP\n if(altName.type === 7 && altName.ip) {\n value = forge.util.bytesFromIP(altName.ip);\n if(value === null) {\n var error = new Error(\n 'Extension \"ip\" value is not a valid IPv4 or IPv6 address.');\n error.extension = e;\n throw error;\n }\n } else if(altName.type === 8) {\n // handle OID\n if(altName.oid) {\n value = asn1.oidToDer(asn1.oidToDer(altName.oid));\n } else {\n // deprecated ... convert value to OID\n value = asn1.oidToDer(value);\n }\n }\n fullNameGeneralNames.value.push(asn1.create(\n asn1.Class.CONTEXT_SPECIFIC, altName.type, false,\n value));\n }\n\n // Add to the parent SEQUENCE\n subSeq.value.push(asn1.create(\n asn1.Class.CONTEXT_SPECIFIC, 0, true, [fullNameGeneralNames]));\n seq.push(subSeq);\n }\n\n // ensure value has been defined by now\n if(typeof e.value === 'undefined') {\n var error = new Error('Extension value not specified.');\n error.extension = e;\n throw error;\n }\n\n return e;\n}\n\n/**\n * Convert signature parameters object to ASN.1\n *\n * @param {String} oid Signature algorithm OID\n * @param params The signature parametrs object\n * @return ASN.1 object representing signature parameters\n */\nfunction _signatureParametersToAsn1(oid, params) {\n switch(oid) {\n case oids['RSASSA-PSS']:\n var parts = [];\n\n if(params.hash.algorithmOid !== undefined) {\n parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(params.hash.algorithmOid).getBytes()),\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n ])\n ]));\n }\n\n if(params.mgf.algorithmOid !== undefined) {\n parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(params.mgf.algorithmOid).getBytes()),\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(params.mgf.hash.algorithmOid).getBytes()),\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n ])\n ])\n ]));\n }\n\n if(params.saltLength !== undefined) {\n parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(params.saltLength).getBytes())\n ]));\n }\n\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, parts);\n\n default:\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '');\n }\n}\n\n/**\n * Converts a certification request's attributes to an ASN.1 set of\n * CRIAttributes.\n *\n * @param csr certification request.\n *\n * @return the ASN.1 set of CRIAttributes.\n */\nfunction _CRIAttributesToAsn1(csr) {\n // create an empty context-specific container\n var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, []);\n\n // no attributes, return empty container\n if(csr.attributes.length === 0) {\n return rval;\n }\n\n // each attribute has a sequence with a type and a set of values\n var attrs = csr.attributes;\n for(var i = 0; i < attrs.length; ++i) {\n var attr = attrs[i];\n var value = attr.value;\n\n // reuse tag class for attribute value if available\n var valueTagClass = asn1.Type.UTF8;\n if('valueTagClass' in attr) {\n valueTagClass = attr.valueTagClass;\n }\n if(valueTagClass === asn1.Type.UTF8) {\n value = forge.util.encodeUtf8(value);\n }\n var valueConstructed = false;\n if('valueConstructed' in attr) {\n valueConstructed = attr.valueConstructed;\n }\n // FIXME: handle more encodings\n\n // create a RelativeDistinguishedName set\n // each value in the set is an AttributeTypeAndValue first\n // containing the type (an OID) and second the value\n var seq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // AttributeType\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(attr.type).getBytes()),\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [\n // AttributeValue\n asn1.create(\n asn1.Class.UNIVERSAL, valueTagClass, valueConstructed, value)\n ])\n ]);\n rval.value.push(seq);\n }\n\n return rval;\n}\n\nvar jan_1_1950 = new Date('1950-01-01T00:00:00Z');\nvar jan_1_2050 = new Date('2050-01-01T00:00:00Z');\n\n/**\n * Converts a Date object to ASN.1\n * Handles the different format before and after 1st January 2050\n *\n * @param date date object.\n *\n * @return the ASN.1 object representing the date.\n */\nfunction _dateToAsn1(date) {\n if(date >= jan_1_1950 && date < jan_1_2050) {\n return asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false,\n asn1.dateToUtcTime(date));\n } else {\n return asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.GENERALIZEDTIME, false,\n asn1.dateToGeneralizedTime(date));\n }\n}\n\n/**\n * Gets the ASN.1 TBSCertificate part of an X.509v3 certificate.\n *\n * @param cert the certificate.\n *\n * @return the asn1 TBSCertificate.\n */\npki.getTBSCertificate = function(cert) {\n // TBSCertificate\n var notBefore = _dateToAsn1(cert.validity.notBefore);\n var notAfter = _dateToAsn1(cert.validity.notAfter);\n var tbs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // version\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n // integer\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(cert.version).getBytes())\n ]),\n // serialNumber\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n forge.util.hexToBytes(cert.serialNumber)),\n // signature\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // algorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(cert.siginfo.algorithmOid).getBytes()),\n // parameters\n _signatureParametersToAsn1(\n cert.siginfo.algorithmOid, cert.siginfo.parameters)\n ]),\n // issuer\n _dnToAsn1(cert.issuer),\n // validity\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n notBefore,\n notAfter\n ]),\n // subject\n _dnToAsn1(cert.subject),\n // SubjectPublicKeyInfo\n pki.publicKeyToAsn1(cert.publicKey)\n ]);\n\n if(cert.issuer.uniqueId) {\n // issuerUniqueID (optional)\n tbs.value.push(\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,\n // TODO: support arbitrary bit length ids\n String.fromCharCode(0x00) +\n cert.issuer.uniqueId\n )\n ])\n );\n }\n if(cert.subject.uniqueId) {\n // subjectUniqueID (optional)\n tbs.value.push(\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,\n // TODO: support arbitrary bit length ids\n String.fromCharCode(0x00) +\n cert.subject.uniqueId\n )\n ])\n );\n }\n\n if(cert.extensions.length > 0) {\n // extensions (optional)\n tbs.value.push(pki.certificateExtensionsToAsn1(cert.extensions));\n }\n\n return tbs;\n};\n\n/**\n * Gets the ASN.1 CertificationRequestInfo part of a\n * PKCS#10 CertificationRequest.\n *\n * @param csr the certification request.\n *\n * @return the asn1 CertificationRequestInfo.\n */\npki.getCertificationRequestInfo = function(csr) {\n // CertificationRequestInfo\n var cri = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // version\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(csr.version).getBytes()),\n // subject\n _dnToAsn1(csr.subject),\n // SubjectPublicKeyInfo\n pki.publicKeyToAsn1(csr.publicKey),\n // attributes\n _CRIAttributesToAsn1(csr)\n ]);\n\n return cri;\n};\n\n/**\n * Converts a DistinguishedName (subject or issuer) to an ASN.1 object.\n *\n * @param dn the DistinguishedName.\n *\n * @return the asn1 representation of a DistinguishedName.\n */\npki.distinguishedNameToAsn1 = function(dn) {\n return _dnToAsn1(dn);\n};\n\n/**\n * Converts an X.509v3 RSA certificate to an ASN.1 object.\n *\n * @param cert the certificate.\n *\n * @return the asn1 representation of an X.509v3 RSA certificate.\n */\npki.certificateToAsn1 = function(cert) {\n // prefer cached TBSCertificate over generating one\n var tbsCertificate = cert.tbsCertificate || pki.getTBSCertificate(cert);\n\n // Certificate\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // TBSCertificate\n tbsCertificate,\n // AlgorithmIdentifier (signature algorithm)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // algorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(cert.signatureOid).getBytes()),\n // parameters\n _signatureParametersToAsn1(cert.signatureOid, cert.signatureParameters)\n ]),\n // SignatureValue\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,\n String.fromCharCode(0x00) + cert.signature)\n ]);\n};\n\n/**\n * Converts X.509v3 certificate extensions to ASN.1.\n *\n * @param exts the extensions to convert.\n *\n * @return the extensions in ASN.1 format.\n */\npki.certificateExtensionsToAsn1 = function(exts) {\n // create top-level extension container\n var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 3, true, []);\n\n // create extension sequence (stores a sequence for each extension)\n var seq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n rval.value.push(seq);\n\n for(var i = 0; i < exts.length; ++i) {\n seq.value.push(pki.certificateExtensionToAsn1(exts[i]));\n }\n\n return rval;\n};\n\n/**\n * Converts a single certificate extension to ASN.1.\n *\n * @param ext the extension to convert.\n *\n * @return the extension in ASN.1 format.\n */\npki.certificateExtensionToAsn1 = function(ext) {\n // create a sequence for each extension\n var extseq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n\n // extnID (OID)\n extseq.value.push(asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(ext.id).getBytes()));\n\n // critical defaults to false\n if(ext.critical) {\n // critical BOOLEAN DEFAULT FALSE\n extseq.value.push(asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.BOOLEAN, false,\n String.fromCharCode(0xFF)));\n }\n\n var value = ext.value;\n if(typeof ext.value !== 'string') {\n // value is asn.1\n value = asn1.toDer(value).getBytes();\n }\n\n // extnValue (OCTET STRING)\n extseq.value.push(asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, value));\n\n return extseq;\n};\n\n/**\n * Converts a PKCS#10 certification request to an ASN.1 object.\n *\n * @param csr the certification request.\n *\n * @return the asn1 representation of a certification request.\n */\npki.certificationRequestToAsn1 = function(csr) {\n // prefer cached CertificationRequestInfo over generating one\n var cri = csr.certificationRequestInfo ||\n pki.getCertificationRequestInfo(csr);\n\n // Certificate\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // CertificationRequestInfo\n cri,\n // AlgorithmIdentifier (signature algorithm)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // algorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(csr.signatureOid).getBytes()),\n // parameters\n _signatureParametersToAsn1(csr.signatureOid, csr.signatureParameters)\n ]),\n // signature\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,\n String.fromCharCode(0x00) + csr.signature)\n ]);\n};\n\n/**\n * Creates a CA store.\n *\n * @param certs an optional array of certificate objects or PEM-formatted\n * certificate strings to add to the CA store.\n *\n * @return the CA store.\n */\npki.createCaStore = function(certs) {\n // create CA store\n var caStore = {\n // stored certificates\n certs: {}\n };\n\n /**\n * Gets the certificate that issued the passed certificate or its\n * 'parent'.\n *\n * @param cert the certificate to get the parent for.\n *\n * @return the parent certificate or null if none was found.\n */\n caStore.getIssuer = function(cert) {\n var rval = getBySubject(cert.issuer);\n\n // see if there are multiple matches\n /*if(forge.util.isArray(rval)) {\n // TODO: resolve multiple matches by checking\n // authorityKey/subjectKey/issuerUniqueID/other identifiers, etc.\n // FIXME: or alternatively do authority key mapping\n // if possible (X.509v1 certs can't work?)\n throw new Error('Resolving multiple issuer matches not implemented yet.');\n }*/\n\n return rval;\n };\n\n /**\n * Adds a trusted certificate to the store.\n *\n * @param cert the certificate to add as a trusted certificate (either a\n * pki.certificate object or a PEM-formatted certificate).\n */\n caStore.addCertificate = function(cert) {\n // convert from pem if necessary\n if(typeof cert === 'string') {\n cert = forge.pki.certificateFromPem(cert);\n }\n\n ensureSubjectHasHash(cert.subject);\n\n if(!caStore.hasCertificate(cert)) { // avoid duplicate certificates in store\n if(cert.subject.hash in caStore.certs) {\n // subject hash already exists, append to array\n var tmp = caStore.certs[cert.subject.hash];\n if(!forge.util.isArray(tmp)) {\n tmp = [tmp];\n }\n tmp.push(cert);\n caStore.certs[cert.subject.hash] = tmp;\n } else {\n caStore.certs[cert.subject.hash] = cert;\n }\n }\n };\n\n /**\n * Checks to see if the given certificate is in the store.\n *\n * @param cert the certificate to check (either a pki.certificate or a\n * PEM-formatted certificate).\n *\n * @return true if the certificate is in the store, false if not.\n */\n caStore.hasCertificate = function(cert) {\n // convert from pem if necessary\n if(typeof cert === 'string') {\n cert = forge.pki.certificateFromPem(cert);\n }\n\n var match = getBySubject(cert.subject);\n if(!match) {\n return false;\n }\n if(!forge.util.isArray(match)) {\n match = [match];\n }\n // compare DER-encoding of certificates\n var der1 = asn1.toDer(pki.certificateToAsn1(cert)).getBytes();\n for(var i = 0; i < match.length; ++i) {\n var der2 = asn1.toDer(pki.certificateToAsn1(match[i])).getBytes();\n if(der1 === der2) {\n return true;\n }\n }\n return false;\n };\n\n /**\n * Lists all of the certificates kept in the store.\n *\n * @return an array of all of the pki.certificate objects in the store.\n */\n caStore.listAllCertificates = function() {\n var certList = [];\n\n for(var hash in caStore.certs) {\n if(caStore.certs.hasOwnProperty(hash)) {\n var value = caStore.certs[hash];\n if(!forge.util.isArray(value)) {\n certList.push(value);\n } else {\n for(var i = 0; i < value.length; ++i) {\n certList.push(value[i]);\n }\n }\n }\n }\n\n return certList;\n };\n\n /**\n * Removes a certificate from the store.\n *\n * @param cert the certificate to remove (either a pki.certificate or a\n * PEM-formatted certificate).\n *\n * @return the certificate that was removed or null if the certificate\n * wasn't in store.\n */\n caStore.removeCertificate = function(cert) {\n var result;\n\n // convert from pem if necessary\n if(typeof cert === 'string') {\n cert = forge.pki.certificateFromPem(cert);\n }\n ensureSubjectHasHash(cert.subject);\n if(!caStore.hasCertificate(cert)) {\n return null;\n }\n\n var match = getBySubject(cert.subject);\n\n if(!forge.util.isArray(match)) {\n result = caStore.certs[cert.subject.hash];\n delete caStore.certs[cert.subject.hash];\n return result;\n }\n\n // compare DER-encoding of certificates\n var der1 = asn1.toDer(pki.certificateToAsn1(cert)).getBytes();\n for(var i = 0; i < match.length; ++i) {\n var der2 = asn1.toDer(pki.certificateToAsn1(match[i])).getBytes();\n if(der1 === der2) {\n result = match[i];\n match.splice(i, 1);\n }\n }\n if(match.length === 0) {\n delete caStore.certs[cert.subject.hash];\n }\n\n return result;\n };\n\n function getBySubject(subject) {\n ensureSubjectHasHash(subject);\n return caStore.certs[subject.hash] || null;\n }\n\n function ensureSubjectHasHash(subject) {\n // produce subject hash if it doesn't exist\n if(!subject.hash) {\n var md = forge.md.sha1.create();\n subject.attributes = pki.RDNAttributesAsArray(_dnToAsn1(subject), md);\n subject.hash = md.digest().toHex();\n }\n }\n\n // auto-add passed in certs\n if(certs) {\n // parse PEM-formatted certificates as necessary\n for(var i = 0; i < certs.length; ++i) {\n var cert = certs[i];\n caStore.addCertificate(cert);\n }\n }\n\n return caStore;\n};\n\n/**\n * Certificate verification errors, based on TLS.\n */\npki.certificateError = {\n bad_certificate: 'forge.pki.BadCertificate',\n unsupported_certificate: 'forge.pki.UnsupportedCertificate',\n certificate_revoked: 'forge.pki.CertificateRevoked',\n certificate_expired: 'forge.pki.CertificateExpired',\n certificate_unknown: 'forge.pki.CertificateUnknown',\n unknown_ca: 'forge.pki.UnknownCertificateAuthority'\n};\n\n/**\n * Verifies a certificate chain against the given Certificate Authority store\n * with an optional custom verify callback.\n *\n * @param caStore a certificate store to verify against.\n * @param chain the certificate chain to verify, with the root or highest\n * authority at the end (an array of certificates).\n * @param options a callback to be called for every certificate in the chain or\n * an object with:\n * verify a callback to be called for every certificate in the\n * chain\n * validityCheckDate the date against which the certificate\n * validity period should be checked. Pass null to not check\n * the validity period. By default, the current date is used.\n *\n * The verify callback has the following signature:\n *\n * verified - Set to true if certificate was verified, otherwise the\n * pki.certificateError for why the certificate failed.\n * depth - The current index in the chain, where 0 is the end point's cert.\n * certs - The certificate chain, *NOTE* an empty chain indicates an anonymous\n * end point.\n *\n * The function returns true on success and on failure either the appropriate\n * pki.certificateError or an object with 'error' set to the appropriate\n * pki.certificateError and 'message' set to a custom error message.\n *\n * @return true if successful, error thrown if not.\n */\npki.verifyCertificateChain = function(caStore, chain, options) {\n /* From: RFC3280 - Internet X.509 Public Key Infrastructure Certificate\n Section 6: Certification Path Validation\n See inline parentheticals related to this particular implementation.\n\n The primary goal of path validation is to verify the binding between\n a subject distinguished name or a subject alternative name and subject\n public key, as represented in the end entity certificate, based on the\n public key of the trust anchor. This requires obtaining a sequence of\n certificates that support that binding. That sequence should be provided\n in the passed 'chain'. The trust anchor should be in the given CA\n store. The 'end entity' certificate is the certificate provided by the\n end point (typically a server) and is the first in the chain.\n\n To meet this goal, the path validation process verifies, among other\n things, that a prospective certification path (a sequence of n\n certificates or a 'chain') satisfies the following conditions:\n\n (a) for all x in {1, ..., n-1}, the subject of certificate x is\n the issuer of certificate x+1;\n\n (b) certificate 1 is issued by the trust anchor;\n\n (c) certificate n is the certificate to be validated; and\n\n (d) for all x in {1, ..., n}, the certificate was valid at the\n time in question.\n\n Note that here 'n' is index 0 in the chain and 1 is the last certificate\n in the chain and it must be signed by a certificate in the connection's\n CA store.\n\n The path validation process also determines the set of certificate\n policies that are valid for this path, based on the certificate policies\n extension, policy mapping extension, policy constraints extension, and\n inhibit any-policy extension.\n\n Note: Policy mapping extension not supported (Not Required).\n\n Note: If the certificate has an unsupported critical extension, then it\n must be rejected.\n\n Note: A certificate is self-issued if the DNs that appear in the subject\n and issuer fields are identical and are not empty.\n\n The path validation algorithm assumes the following seven inputs are\n provided to the path processing logic. What this specific implementation\n will use is provided parenthetically:\n\n (a) a prospective certification path of length n (the 'chain')\n (b) the current date/time: ('now').\n (c) user-initial-policy-set: A set of certificate policy identifiers\n naming the policies that are acceptable to the certificate user.\n The user-initial-policy-set contains the special value any-policy\n if the user is not concerned about certificate policy\n (Not implemented. Any policy is accepted).\n (d) trust anchor information, describing a CA that serves as a trust\n anchor for the certification path. The trust anchor information\n includes:\n\n (1) the trusted issuer name,\n (2) the trusted public key algorithm,\n (3) the trusted public key, and\n (4) optionally, the trusted public key parameters associated\n with the public key.\n\n (Trust anchors are provided via certificates in the CA store).\n\n The trust anchor information may be provided to the path processing\n procedure in the form of a self-signed certificate. The trusted anchor\n information is trusted because it was delivered to the path processing\n procedure by some trustworthy out-of-band procedure. If the trusted\n public key algorithm requires parameters, then the parameters are\n provided along with the trusted public key (No parameters used in this\n implementation).\n\n (e) initial-policy-mapping-inhibit, which indicates if policy mapping is\n allowed in the certification path.\n (Not implemented, no policy checking)\n\n (f) initial-explicit-policy, which indicates if the path must be valid\n for at least one of the certificate policies in the user-initial-\n policy-set.\n (Not implemented, no policy checking)\n\n (g) initial-any-policy-inhibit, which indicates whether the\n anyPolicy OID should be processed if it is included in a\n certificate.\n (Not implemented, so any policy is valid provided that it is\n not marked as critical) */\n\n /* Basic Path Processing:\n\n For each certificate in the 'chain', the following is checked:\n\n 1. The certificate validity period includes the current time.\n 2. The certificate was signed by its parent (where the parent is either\n the next in the chain or from the CA store). Allow processing to\n continue to the next step if no parent is found but the certificate is\n in the CA store.\n 3. TODO: The certificate has not been revoked.\n 4. The certificate issuer name matches the parent's subject name.\n 5. TODO: If the certificate is self-issued and not the final certificate\n in the chain, skip this step, otherwise verify that the subject name\n is within one of the permitted subtrees of X.500 distinguished names\n and that each of the alternative names in the subjectAltName extension\n (critical or non-critical) is within one of the permitted subtrees for\n that name type.\n 6. TODO: If the certificate is self-issued and not the final certificate\n in the chain, skip this step, otherwise verify that the subject name\n is not within one of the excluded subtrees for X.500 distinguished\n names and none of the subjectAltName extension names are excluded for\n that name type.\n 7. The other steps in the algorithm for basic path processing involve\n handling the policy extension which is not presently supported in this\n implementation. Instead, if a critical policy extension is found, the\n certificate is rejected as not supported.\n 8. If the certificate is not the first or if its the only certificate in\n the chain (having no parent from the CA store or is self-signed) and it\n has a critical key usage extension, verify that the keyCertSign bit is\n set. If the key usage extension exists, verify that the basic\n constraints extension exists. If the basic constraints extension exists,\n verify that the cA flag is set. If pathLenConstraint is set, ensure that\n the number of certificates that precede in the chain (come earlier\n in the chain as implemented below), excluding the very first in the\n chain (typically the end-entity one), isn't greater than the\n pathLenConstraint. This constraint limits the number of intermediate\n CAs that may appear below a CA before only end-entity certificates\n may be issued. */\n\n // if a verify callback is passed as the third parameter, package it within\n // the options object. This is to support a legacy function signature that\n // expected the verify callback as the third parameter.\n if(typeof options === 'function') {\n options = {verify: options};\n }\n options = options || {};\n\n // copy cert chain references to another array to protect against changes\n // in verify callback\n chain = chain.slice(0);\n var certs = chain.slice(0);\n\n var validityCheckDate = options.validityCheckDate;\n // if no validityCheckDate is specified, default to the current date. Make\n // sure to maintain the value null because it indicates that the validity\n // period should not be checked.\n if(typeof validityCheckDate === 'undefined') {\n validityCheckDate = new Date();\n }\n\n // verify each cert in the chain using its parent, where the parent\n // is either the next in the chain or from the CA store\n var first = true;\n var error = null;\n var depth = 0;\n do {\n var cert = chain.shift();\n var parent = null;\n var selfSigned = false;\n\n if(validityCheckDate) {\n // 1. check valid time\n if(validityCheckDate < cert.validity.notBefore ||\n validityCheckDate > cert.validity.notAfter) {\n error = {\n message: 'Certificate is not valid yet or has expired.',\n error: pki.certificateError.certificate_expired,\n notBefore: cert.validity.notBefore,\n notAfter: cert.validity.notAfter,\n // TODO: we might want to reconsider renaming 'now' to\n // 'validityCheckDate' should this API be changed in the future.\n now: validityCheckDate\n };\n }\n }\n\n // 2. verify with parent from chain or CA store\n if(error === null) {\n parent = chain[0] || caStore.getIssuer(cert);\n if(parent === null) {\n // check for self-signed cert\n if(cert.isIssuer(cert)) {\n selfSigned = true;\n parent = cert;\n }\n }\n\n if(parent) {\n // FIXME: current CA store implementation might have multiple\n // certificates where the issuer can't be determined from the\n // certificate (happens rarely with, eg: old certificates) so normalize\n // by always putting parents into an array\n // TODO: there's may be an extreme degenerate case currently uncovered\n // where an old intermediate certificate seems to have a matching parent\n // but none of the parents actually verify ... but the intermediate\n // is in the CA and it should pass this check; needs investigation\n var parents = parent;\n if(!forge.util.isArray(parents)) {\n parents = [parents];\n }\n\n // try to verify with each possible parent (typically only one)\n var verified = false;\n while(!verified && parents.length > 0) {\n parent = parents.shift();\n try {\n verified = parent.verify(cert);\n } catch(ex) {\n // failure to verify, don't care why, try next one\n }\n }\n\n if(!verified) {\n error = {\n message: 'Certificate signature is invalid.',\n error: pki.certificateError.bad_certificate\n };\n }\n }\n\n if(error === null && (!parent || selfSigned) &&\n !caStore.hasCertificate(cert)) {\n // no parent issuer and certificate itself is not trusted\n error = {\n message: 'Certificate is not trusted.',\n error: pki.certificateError.unknown_ca\n };\n }\n }\n\n // TODO: 3. check revoked\n\n // 4. check for matching issuer/subject\n if(error === null && parent && !cert.isIssuer(parent)) {\n // parent is not issuer\n error = {\n message: 'Certificate issuer is invalid.',\n error: pki.certificateError.bad_certificate\n };\n }\n\n // 5. TODO: check names with permitted names tree\n\n // 6. TODO: check names against excluded names tree\n\n // 7. check for unsupported critical extensions\n if(error === null) {\n // supported extensions\n var se = {\n keyUsage: true,\n basicConstraints: true\n };\n for(var i = 0; error === null && i < cert.extensions.length; ++i) {\n var ext = cert.extensions[i];\n if(ext.critical && !(ext.name in se)) {\n error = {\n message:\n 'Certificate has an unsupported critical extension.',\n error: pki.certificateError.unsupported_certificate\n };\n }\n }\n }\n\n // 8. check for CA if cert is not first or is the only certificate\n // remaining in chain with no parent or is self-signed\n if(error === null &&\n (!first || (chain.length === 0 && (!parent || selfSigned)))) {\n // first check keyUsage extension and then basic constraints\n var bcExt = cert.getExtension('basicConstraints');\n var keyUsageExt = cert.getExtension('keyUsage');\n if(keyUsageExt !== null) {\n // keyCertSign must be true and there must be a basic\n // constraints extension\n if(!keyUsageExt.keyCertSign || bcExt === null) {\n // bad certificate\n error = {\n message:\n 'Certificate keyUsage or basicConstraints conflict ' +\n 'or indicate that the certificate is not a CA. ' +\n 'If the certificate is the only one in the chain or ' +\n 'isn\\'t the first then the certificate must be a ' +\n 'valid CA.',\n error: pki.certificateError.bad_certificate\n };\n }\n }\n // basic constraints cA flag must be set\n if(error === null && bcExt !== null && !bcExt.cA) {\n // bad certificate\n error = {\n message:\n 'Certificate basicConstraints indicates the certificate ' +\n 'is not a CA.',\n error: pki.certificateError.bad_certificate\n };\n }\n // if error is not null and keyUsage is available, then we know it\n // has keyCertSign and there is a basic constraints extension too,\n // which means we can check pathLenConstraint (if it exists)\n if(error === null && keyUsageExt !== null &&\n 'pathLenConstraint' in bcExt) {\n // pathLen is the maximum # of intermediate CA certs that can be\n // found between the current certificate and the end-entity (depth 0)\n // certificate; this number does not include the end-entity (depth 0,\n // last in the chain) even if it happens to be a CA certificate itself\n var pathLen = depth - 1;\n if(pathLen > bcExt.pathLenConstraint) {\n // pathLenConstraint violated, bad certificate\n error = {\n message:\n 'Certificate basicConstraints pathLenConstraint violated.',\n error: pki.certificateError.bad_certificate\n };\n }\n }\n }\n\n // call application callback\n var vfd = (error === null) ? true : error.error;\n var ret = options.verify ? options.verify(vfd, depth, certs) : vfd;\n if(ret === true) {\n // clear any set error\n error = null;\n } else {\n // if passed basic tests, set default message and alert\n if(vfd === true) {\n error = {\n message: 'The application rejected the certificate.',\n error: pki.certificateError.bad_certificate\n };\n }\n\n // check for custom error info\n if(ret || ret === 0) {\n // set custom message and error\n if(typeof ret === 'object' && !forge.util.isArray(ret)) {\n if(ret.message) {\n error.message = ret.message;\n }\n if(ret.error) {\n error.error = ret.error;\n }\n } else if(typeof ret === 'string') {\n // set custom error\n error.error = ret;\n }\n }\n\n // throw error\n throw error;\n }\n\n // no longer first cert in chain\n first = false;\n ++depth;\n } while(chain.length > 0);\n\n return true;\n};\n","/**\n * Javascript implementation of PKCS#12.\n *\n * @author Dave Longley\n * @author Stefan Siegl <stesie@brokenpipe.de>\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n *\n * The ASN.1 representation of PKCS#12 is as follows\n * (see ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12-tc1.pdf for details)\n *\n * PFX ::= SEQUENCE {\n * version INTEGER {v3(3)}(v3,...),\n * authSafe ContentInfo,\n * macData MacData OPTIONAL\n * }\n *\n * MacData ::= SEQUENCE {\n * mac DigestInfo,\n * macSalt OCTET STRING,\n * iterations INTEGER DEFAULT 1\n * }\n * Note: The iterations default is for historical reasons and its use is\n * deprecated. A higher value, like 1024, is recommended.\n *\n * DigestInfo is defined in PKCS#7 as follows:\n *\n * DigestInfo ::= SEQUENCE {\n * digestAlgorithm DigestAlgorithmIdentifier,\n * digest Digest\n * }\n *\n * DigestAlgorithmIdentifier ::= AlgorithmIdentifier\n *\n * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters\n * for the algorithm, if any. In the case of SHA1 there is none.\n *\n * AlgorithmIdentifer ::= SEQUENCE {\n * algorithm OBJECT IDENTIFIER,\n * parameters ANY DEFINED BY algorithm OPTIONAL\n * }\n *\n * Digest ::= OCTET STRING\n *\n *\n * ContentInfo ::= SEQUENCE {\n * contentType ContentType,\n * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL\n * }\n *\n * ContentType ::= OBJECT IDENTIFIER\n *\n * AuthenticatedSafe ::= SEQUENCE OF ContentInfo\n * -- Data if unencrypted\n * -- EncryptedData if password-encrypted\n * -- EnvelopedData if public key-encrypted\n *\n *\n * SafeContents ::= SEQUENCE OF SafeBag\n *\n * SafeBag ::= SEQUENCE {\n * bagId BAG-TYPE.&id ({PKCS12BagSet})\n * bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}),\n * bagAttributes SET OF PKCS12Attribute OPTIONAL\n * }\n *\n * PKCS12Attribute ::= SEQUENCE {\n * attrId ATTRIBUTE.&id ({PKCS12AttrSet}),\n * attrValues SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})\n * } -- This type is compatible with the X.500 type 'Attribute'\n *\n * PKCS12AttrSet ATTRIBUTE ::= {\n * friendlyName | -- from PKCS #9\n * localKeyId, -- from PKCS #9\n * ... -- Other attributes are allowed\n * }\n *\n * CertBag ::= SEQUENCE {\n * certId BAG-TYPE.&id ({CertTypes}),\n * certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId})\n * }\n *\n * x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {certTypes 1}}\n * -- DER-encoded X.509 certificate stored in OCTET STRING\n *\n * sdsiCertificate BAG-TYPE ::= {IA5String IDENTIFIED BY {certTypes 2}}\n * -- Base64-encoded SDSI certificate stored in IA5String\n *\n * CertTypes BAG-TYPE ::= {\n * x509Certificate |\n * sdsiCertificate,\n * ... -- For future extensions\n * }\n */\nvar forge = require('./forge');\nrequire('./asn1');\nrequire('./hmac');\nrequire('./oids');\nrequire('./pkcs7asn1');\nrequire('./pbe');\nrequire('./random');\nrequire('./rsa');\nrequire('./sha1');\nrequire('./util');\nrequire('./x509');\n\n// shortcut for asn.1 & PKI API\nvar asn1 = forge.asn1;\nvar pki = forge.pki;\n\n// shortcut for PKCS#12 API\nvar p12 = module.exports = forge.pkcs12 = forge.pkcs12 || {};\n\nvar contentInfoValidator = {\n name: 'ContentInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE, // a ContentInfo\n constructed: true,\n value: [{\n name: 'ContentInfo.contentType',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'contentType'\n }, {\n name: 'ContentInfo.content',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n constructed: true,\n captureAsn1: 'content'\n }]\n};\n\nvar pfxValidator = {\n name: 'PFX',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'PFX.version',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'version'\n },\n contentInfoValidator, {\n name: 'PFX.macData',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n optional: true,\n captureAsn1: 'mac',\n value: [{\n name: 'PFX.macData.mac',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE, // DigestInfo\n constructed: true,\n value: [{\n name: 'PFX.macData.mac.digestAlgorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE, // DigestAlgorithmIdentifier\n constructed: true,\n value: [{\n name: 'PFX.macData.mac.digestAlgorithm.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'macAlgorithm'\n }, {\n name: 'PFX.macData.mac.digestAlgorithm.parameters',\n tagClass: asn1.Class.UNIVERSAL,\n captureAsn1: 'macAlgorithmParameters'\n }]\n }, {\n name: 'PFX.macData.mac.digest',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OCTETSTRING,\n constructed: false,\n capture: 'macDigest'\n }]\n }, {\n name: 'PFX.macData.macSalt',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OCTETSTRING,\n constructed: false,\n capture: 'macSalt'\n }, {\n name: 'PFX.macData.iterations',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n optional: true,\n capture: 'macIterations'\n }]\n }]\n};\n\nvar safeBagValidator = {\n name: 'SafeBag',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'SafeBag.bagId',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'bagId'\n }, {\n name: 'SafeBag.bagValue',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n constructed: true,\n captureAsn1: 'bagValue'\n }, {\n name: 'SafeBag.bagAttributes',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SET,\n constructed: true,\n optional: true,\n capture: 'bagAttributes'\n }]\n};\n\nvar attributeValidator = {\n name: 'Attribute',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'Attribute.attrId',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'oid'\n }, {\n name: 'Attribute.attrValues',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SET,\n constructed: true,\n capture: 'values'\n }]\n};\n\nvar certBagValidator = {\n name: 'CertBag',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'CertBag.certId',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'certId'\n }, {\n name: 'CertBag.certValue',\n tagClass: asn1.Class.CONTEXT_SPECIFIC,\n constructed: true,\n /* So far we only support X.509 certificates (which are wrapped in\n an OCTET STRING, hence hard code that here). */\n value: [{\n name: 'CertBag.certValue[0]',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Class.OCTETSTRING,\n constructed: false,\n capture: 'cert'\n }]\n }]\n};\n\n/**\n * Search SafeContents structure for bags with matching attributes.\n *\n * The search can optionally be narrowed by a certain bag type.\n *\n * @param safeContents the SafeContents structure to search in.\n * @param attrName the name of the attribute to compare against.\n * @param attrValue the attribute value to search for.\n * @param [bagType] bag type to narrow search by.\n *\n * @return an array of matching bags.\n */\nfunction _getBagsByAttribute(safeContents, attrName, attrValue, bagType) {\n var result = [];\n\n for(var i = 0; i < safeContents.length; i++) {\n for(var j = 0; j < safeContents[i].safeBags.length; j++) {\n var bag = safeContents[i].safeBags[j];\n if(bagType !== undefined && bag.type !== bagType) {\n continue;\n }\n // only filter by bag type, no attribute specified\n if(attrName === null) {\n result.push(bag);\n continue;\n }\n if(bag.attributes[attrName] !== undefined &&\n bag.attributes[attrName].indexOf(attrValue) >= 0) {\n result.push(bag);\n }\n }\n }\n\n return result;\n}\n\n/**\n * Converts a PKCS#12 PFX in ASN.1 notation into a PFX object.\n *\n * @param obj The PKCS#12 PFX in ASN.1 notation.\n * @param strict true to use strict DER decoding, false not to (default: true).\n * @param {String} password Password to decrypt with (optional).\n *\n * @return PKCS#12 PFX object.\n */\np12.pkcs12FromAsn1 = function(obj, strict, password) {\n // handle args\n if(typeof strict === 'string') {\n password = strict;\n strict = true;\n } else if(strict === undefined) {\n strict = true;\n }\n\n // validate PFX and capture data\n var capture = {};\n var errors = [];\n if(!asn1.validate(obj, pfxValidator, capture, errors)) {\n var error = new Error('Cannot read PKCS#12 PFX. ' +\n 'ASN.1 object is not an PKCS#12 PFX.');\n error.errors = error;\n throw error;\n }\n\n var pfx = {\n version: capture.version.charCodeAt(0),\n safeContents: [],\n\n /**\n * Gets bags with matching attributes.\n *\n * @param filter the attributes to filter by:\n * [localKeyId] the localKeyId to search for.\n * [localKeyIdHex] the localKeyId in hex to search for.\n * [friendlyName] the friendly name to search for.\n * [bagType] bag type to narrow each attribute search by.\n *\n * @return a map of attribute type to an array of matching bags or, if no\n * attribute was given but a bag type, the map key will be the\n * bag type.\n */\n getBags: function(filter) {\n var rval = {};\n\n var localKeyId;\n if('localKeyId' in filter) {\n localKeyId = filter.localKeyId;\n } else if('localKeyIdHex' in filter) {\n localKeyId = forge.util.hexToBytes(filter.localKeyIdHex);\n }\n\n // filter on bagType only\n if(localKeyId === undefined && !('friendlyName' in filter) &&\n 'bagType' in filter) {\n rval[filter.bagType] = _getBagsByAttribute(\n pfx.safeContents, null, null, filter.bagType);\n }\n\n if(localKeyId !== undefined) {\n rval.localKeyId = _getBagsByAttribute(\n pfx.safeContents, 'localKeyId',\n localKeyId, filter.bagType);\n }\n if('friendlyName' in filter) {\n rval.friendlyName = _getBagsByAttribute(\n pfx.safeContents, 'friendlyName',\n filter.friendlyName, filter.bagType);\n }\n\n return rval;\n },\n\n /**\n * DEPRECATED: use getBags() instead.\n *\n * Get bags with matching friendlyName attribute.\n *\n * @param friendlyName the friendly name to search for.\n * @param [bagType] bag type to narrow search by.\n *\n * @return an array of bags with matching friendlyName attribute.\n */\n getBagsByFriendlyName: function(friendlyName, bagType) {\n return _getBagsByAttribute(\n pfx.safeContents, 'friendlyName', friendlyName, bagType);\n },\n\n /**\n * DEPRECATED: use getBags() instead.\n *\n * Get bags with matching localKeyId attribute.\n *\n * @param localKeyId the localKeyId to search for.\n * @param [bagType] bag type to narrow search by.\n *\n * @return an array of bags with matching localKeyId attribute.\n */\n getBagsByLocalKeyId: function(localKeyId, bagType) {\n return _getBagsByAttribute(\n pfx.safeContents, 'localKeyId', localKeyId, bagType);\n }\n };\n\n if(capture.version.charCodeAt(0) !== 3) {\n var error = new Error('PKCS#12 PFX of version other than 3 not supported.');\n error.version = capture.version.charCodeAt(0);\n throw error;\n }\n\n if(asn1.derToOid(capture.contentType) !== pki.oids.data) {\n var error = new Error('Only PKCS#12 PFX in password integrity mode supported.');\n error.oid = asn1.derToOid(capture.contentType);\n throw error;\n }\n\n var data = capture.content.value[0];\n if(data.tagClass !== asn1.Class.UNIVERSAL ||\n data.type !== asn1.Type.OCTETSTRING) {\n throw new Error('PKCS#12 authSafe content data is not an OCTET STRING.');\n }\n data = _decodePkcs7Data(data);\n\n // check for MAC\n if(capture.mac) {\n var md = null;\n var macKeyBytes = 0;\n var macAlgorithm = asn1.derToOid(capture.macAlgorithm);\n switch(macAlgorithm) {\n case pki.oids.sha1:\n md = forge.md.sha1.create();\n macKeyBytes = 20;\n break;\n case pki.oids.sha256:\n md = forge.md.sha256.create();\n macKeyBytes = 32;\n break;\n case pki.oids.sha384:\n md = forge.md.sha384.create();\n macKeyBytes = 48;\n break;\n case pki.oids.sha512:\n md = forge.md.sha512.create();\n macKeyBytes = 64;\n break;\n case pki.oids.md5:\n md = forge.md.md5.create();\n macKeyBytes = 16;\n break;\n }\n if(md === null) {\n throw new Error('PKCS#12 uses unsupported MAC algorithm: ' + macAlgorithm);\n }\n\n // verify MAC (iterations default to 1)\n var macSalt = new forge.util.ByteBuffer(capture.macSalt);\n var macIterations = (('macIterations' in capture) ?\n parseInt(forge.util.bytesToHex(capture.macIterations), 16) : 1);\n var macKey = p12.generateKey(\n password, macSalt, 3, macIterations, macKeyBytes, md);\n var mac = forge.hmac.create();\n mac.start(md, macKey);\n mac.update(data.value);\n var macValue = mac.getMac();\n if(macValue.getBytes() !== capture.macDigest) {\n throw new Error('PKCS#12 MAC could not be verified. Invalid password?');\n }\n }\n\n _decodeAuthenticatedSafe(pfx, data.value, strict, password);\n return pfx;\n};\n\n/**\n * Decodes PKCS#7 Data. PKCS#7 (RFC 2315) defines \"Data\" as an OCTET STRING,\n * but it is sometimes an OCTET STRING that is composed/constructed of chunks,\n * each its own OCTET STRING. This is BER-encoding vs. DER-encoding. This\n * function transforms this corner-case into the usual simple,\n * non-composed/constructed OCTET STRING.\n *\n * This function may be moved to ASN.1 at some point to better deal with\n * more BER-encoding issues, should they arise.\n *\n * @param data the ASN.1 Data object to transform.\n */\nfunction _decodePkcs7Data(data) {\n // handle special case of \"chunked\" data content: an octet string composed\n // of other octet strings\n if(data.composed || data.constructed) {\n var value = forge.util.createBuffer();\n for(var i = 0; i < data.value.length; ++i) {\n value.putBytes(data.value[i].value);\n }\n data.composed = data.constructed = false;\n data.value = value.getBytes();\n }\n return data;\n}\n\n/**\n * Decode PKCS#12 AuthenticatedSafe (BER encoded) into PFX object.\n *\n * The AuthenticatedSafe is a BER-encoded SEQUENCE OF ContentInfo.\n *\n * @param pfx The PKCS#12 PFX object to fill.\n * @param {String} authSafe BER-encoded AuthenticatedSafe.\n * @param strict true to use strict DER decoding, false not to.\n * @param {String} password Password to decrypt with (optional).\n */\nfunction _decodeAuthenticatedSafe(pfx, authSafe, strict, password) {\n authSafe = asn1.fromDer(authSafe, strict); /* actually it's BER encoded */\n\n if(authSafe.tagClass !== asn1.Class.UNIVERSAL ||\n authSafe.type !== asn1.Type.SEQUENCE ||\n authSafe.constructed !== true) {\n throw new Error('PKCS#12 AuthenticatedSafe expected to be a ' +\n 'SEQUENCE OF ContentInfo');\n }\n\n for(var i = 0; i < authSafe.value.length; i++) {\n var contentInfo = authSafe.value[i];\n\n // validate contentInfo and capture data\n var capture = {};\n var errors = [];\n if(!asn1.validate(contentInfo, contentInfoValidator, capture, errors)) {\n var error = new Error('Cannot read ContentInfo.');\n error.errors = errors;\n throw error;\n }\n\n var obj = {\n encrypted: false\n };\n var safeContents = null;\n var data = capture.content.value[0];\n switch(asn1.derToOid(capture.contentType)) {\n case pki.oids.data:\n if(data.tagClass !== asn1.Class.UNIVERSAL ||\n data.type !== asn1.Type.OCTETSTRING) {\n throw new Error('PKCS#12 SafeContents Data is not an OCTET STRING.');\n }\n safeContents = _decodePkcs7Data(data).value;\n break;\n case pki.oids.encryptedData:\n safeContents = _decryptSafeContents(data, password);\n obj.encrypted = true;\n break;\n default:\n var error = new Error('Unsupported PKCS#12 contentType.');\n error.contentType = asn1.derToOid(capture.contentType);\n throw error;\n }\n\n obj.safeBags = _decodeSafeContents(safeContents, strict, password);\n pfx.safeContents.push(obj);\n }\n}\n\n/**\n * Decrypt PKCS#7 EncryptedData structure.\n *\n * @param data ASN.1 encoded EncryptedContentInfo object.\n * @param password The user-provided password.\n *\n * @return The decrypted SafeContents (ASN.1 object).\n */\nfunction _decryptSafeContents(data, password) {\n var capture = {};\n var errors = [];\n if(!asn1.validate(\n data, forge.pkcs7.asn1.encryptedDataValidator, capture, errors)) {\n var error = new Error('Cannot read EncryptedContentInfo.');\n error.errors = errors;\n throw error;\n }\n\n var oid = asn1.derToOid(capture.contentType);\n if(oid !== pki.oids.data) {\n var error = new Error(\n 'PKCS#12 EncryptedContentInfo ContentType is not Data.');\n error.oid = oid;\n throw error;\n }\n\n // get cipher\n oid = asn1.derToOid(capture.encAlgorithm);\n var cipher = pki.pbe.getCipher(oid, capture.encParameter, password);\n\n // get encrypted data\n var encryptedContentAsn1 = _decodePkcs7Data(capture.encryptedContentAsn1);\n var encrypted = forge.util.createBuffer(encryptedContentAsn1.value);\n\n cipher.update(encrypted);\n if(!cipher.finish()) {\n throw new Error('Failed to decrypt PKCS#12 SafeContents.');\n }\n\n return cipher.output.getBytes();\n}\n\n/**\n * Decode PKCS#12 SafeContents (BER-encoded) into array of Bag objects.\n *\n * The safeContents is a BER-encoded SEQUENCE OF SafeBag.\n *\n * @param {String} safeContents BER-encoded safeContents.\n * @param strict true to use strict DER decoding, false not to.\n * @param {String} password Password to decrypt with (optional).\n *\n * @return {Array} Array of Bag objects.\n */\nfunction _decodeSafeContents(safeContents, strict, password) {\n // if strict and no safe contents, return empty safes\n if(!strict && safeContents.length === 0) {\n return [];\n }\n\n // actually it's BER-encoded\n safeContents = asn1.fromDer(safeContents, strict);\n\n if(safeContents.tagClass !== asn1.Class.UNIVERSAL ||\n safeContents.type !== asn1.Type.SEQUENCE ||\n safeContents.constructed !== true) {\n throw new Error(\n 'PKCS#12 SafeContents expected to be a SEQUENCE OF SafeBag.');\n }\n\n var res = [];\n for(var i = 0; i < safeContents.value.length; i++) {\n var safeBag = safeContents.value[i];\n\n // validate SafeBag and capture data\n var capture = {};\n var errors = [];\n if(!asn1.validate(safeBag, safeBagValidator, capture, errors)) {\n var error = new Error('Cannot read SafeBag.');\n error.errors = errors;\n throw error;\n }\n\n /* Create bag object and push to result array. */\n var bag = {\n type: asn1.derToOid(capture.bagId),\n attributes: _decodeBagAttributes(capture.bagAttributes)\n };\n res.push(bag);\n\n var validator, decoder;\n var bagAsn1 = capture.bagValue.value[0];\n switch(bag.type) {\n case pki.oids.pkcs8ShroudedKeyBag:\n /* bagAsn1 has a EncryptedPrivateKeyInfo, which we need to decrypt.\n Afterwards we can handle it like a keyBag,\n which is a PrivateKeyInfo. */\n bagAsn1 = pki.decryptPrivateKeyInfo(bagAsn1, password);\n if(bagAsn1 === null) {\n throw new Error(\n 'Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password?');\n }\n\n /* fall through */\n case pki.oids.keyBag:\n /* A PKCS#12 keyBag is a simple PrivateKeyInfo as understood by our\n PKI module, hence we don't have to do validation/capturing here,\n just pass what we already got. */\n try {\n bag.key = pki.privateKeyFromAsn1(bagAsn1);\n } catch(e) {\n // ignore unknown key type, pass asn1 value\n bag.key = null;\n bag.asn1 = bagAsn1;\n }\n continue; /* Nothing more to do. */\n\n case pki.oids.certBag:\n /* A PKCS#12 certBag can wrap both X.509 and sdsi certificates.\n Therefore put the SafeBag content through another validator to\n capture the fields. Afterwards check & store the results. */\n validator = certBagValidator;\n decoder = function() {\n if(asn1.derToOid(capture.certId) !== pki.oids.x509Certificate) {\n var error = new Error(\n 'Unsupported certificate type, only X.509 supported.');\n error.oid = asn1.derToOid(capture.certId);\n throw error;\n }\n\n // true=produce cert hash\n var certAsn1 = asn1.fromDer(capture.cert, strict);\n try {\n bag.cert = pki.certificateFromAsn1(certAsn1, true);\n } catch(e) {\n // ignore unknown cert type, pass asn1 value\n bag.cert = null;\n bag.asn1 = certAsn1;\n }\n };\n break;\n\n default:\n var error = new Error('Unsupported PKCS#12 SafeBag type.');\n error.oid = bag.type;\n throw error;\n }\n\n /* Validate SafeBag value (i.e. CertBag, etc.) and capture data if needed. */\n if(validator !== undefined &&\n !asn1.validate(bagAsn1, validator, capture, errors)) {\n var error = new Error('Cannot read PKCS#12 ' + validator.name);\n error.errors = errors;\n throw error;\n }\n\n /* Call decoder function from above to store the results. */\n decoder();\n }\n\n return res;\n}\n\n/**\n * Decode PKCS#12 SET OF PKCS12Attribute into JavaScript object.\n *\n * @param attributes SET OF PKCS12Attribute (ASN.1 object).\n *\n * @return the decoded attributes.\n */\nfunction _decodeBagAttributes(attributes) {\n var decodedAttrs = {};\n\n if(attributes !== undefined) {\n for(var i = 0; i < attributes.length; ++i) {\n var capture = {};\n var errors = [];\n if(!asn1.validate(attributes[i], attributeValidator, capture, errors)) {\n var error = new Error('Cannot read PKCS#12 BagAttribute.');\n error.errors = errors;\n throw error;\n }\n\n var oid = asn1.derToOid(capture.oid);\n if(pki.oids[oid] === undefined) {\n // unsupported attribute type, ignore.\n continue;\n }\n\n decodedAttrs[pki.oids[oid]] = [];\n for(var j = 0; j < capture.values.length; ++j) {\n decodedAttrs[pki.oids[oid]].push(capture.values[j].value);\n }\n }\n }\n\n return decodedAttrs;\n}\n\n/**\n * Wraps a private key and certificate in a PKCS#12 PFX wrapper. If a\n * password is provided then the private key will be encrypted.\n *\n * An entire certificate chain may also be included. To do this, pass\n * an array for the \"cert\" parameter where the first certificate is\n * the one that is paired with the private key and each subsequent one\n * verifies the previous one. The certificates may be in PEM format or\n * have been already parsed by Forge.\n *\n * @todo implement password-based-encryption for the whole package\n *\n * @param key the private key.\n * @param cert the certificate (may be an array of certificates in order\n * to specify a certificate chain).\n * @param password the password to use, null for none.\n * @param options:\n * algorithm the encryption algorithm to use\n * ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'.\n * count the iteration count to use.\n * saltSize the salt size to use.\n * useMac true to include a MAC, false not to, defaults to true.\n * localKeyId the local key ID to use, in hex.\n * friendlyName the friendly name to use.\n * generateLocalKeyId true to generate a random local key ID,\n * false not to, defaults to true.\n *\n * @return the PKCS#12 PFX ASN.1 object.\n */\np12.toPkcs12Asn1 = function(key, cert, password, options) {\n // set default options\n options = options || {};\n options.saltSize = options.saltSize || 8;\n options.count = options.count || 2048;\n options.algorithm = options.algorithm || options.encAlgorithm || 'aes128';\n if(!('useMac' in options)) {\n options.useMac = true;\n }\n if(!('localKeyId' in options)) {\n options.localKeyId = null;\n }\n if(!('generateLocalKeyId' in options)) {\n options.generateLocalKeyId = true;\n }\n\n var localKeyId = options.localKeyId;\n var bagAttrs;\n if(localKeyId !== null) {\n localKeyId = forge.util.hexToBytes(localKeyId);\n } else if(options.generateLocalKeyId) {\n // use SHA-1 of paired cert, if available\n if(cert) {\n var pairedCert = forge.util.isArray(cert) ? cert[0] : cert;\n if(typeof pairedCert === 'string') {\n pairedCert = pki.certificateFromPem(pairedCert);\n }\n var sha1 = forge.md.sha1.create();\n sha1.update(asn1.toDer(pki.certificateToAsn1(pairedCert)).getBytes());\n localKeyId = sha1.digest().getBytes();\n } else {\n // FIXME: consider using SHA-1 of public key (which can be generated\n // from private key components), see: cert.generateSubjectKeyIdentifier\n // generate random bytes\n localKeyId = forge.random.getBytes(20);\n }\n }\n\n var attrs = [];\n if(localKeyId !== null) {\n attrs.push(\n // localKeyID\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // attrId\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(pki.oids.localKeyId).getBytes()),\n // attrValues\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n localKeyId)\n ])\n ]));\n }\n if('friendlyName' in options) {\n attrs.push(\n // friendlyName\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // attrId\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(pki.oids.friendlyName).getBytes()),\n // attrValues\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BMPSTRING, false,\n options.friendlyName)\n ])\n ]));\n }\n\n if(attrs.length > 0) {\n bagAttrs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, attrs);\n }\n\n // collect contents for AuthenticatedSafe\n var contents = [];\n\n // create safe bag(s) for certificate chain\n var chain = [];\n if(cert !== null) {\n if(forge.util.isArray(cert)) {\n chain = cert;\n } else {\n chain = [cert];\n }\n }\n\n var certSafeBags = [];\n for(var i = 0; i < chain.length; ++i) {\n // convert cert from PEM as necessary\n cert = chain[i];\n if(typeof cert === 'string') {\n cert = pki.certificateFromPem(cert);\n }\n\n // SafeBag\n var certBagAttrs = (i === 0) ? bagAttrs : undefined;\n var certAsn1 = pki.certificateToAsn1(cert);\n var certSafeBag =\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // bagId\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(pki.oids.certBag).getBytes()),\n // bagValue\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n // CertBag\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // certId\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(pki.oids.x509Certificate).getBytes()),\n // certValue (x509Certificate)\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n asn1.toDer(certAsn1).getBytes())\n ])])]),\n // bagAttributes (OPTIONAL)\n certBagAttrs\n ]);\n certSafeBags.push(certSafeBag);\n }\n\n if(certSafeBags.length > 0) {\n // SafeContents\n var certSafeContents = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, certSafeBags);\n\n // ContentInfo\n var certCI =\n // PKCS#7 ContentInfo\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // contentType\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n // OID for the content type is 'data'\n asn1.oidToDer(pki.oids.data).getBytes()),\n // content\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n asn1.toDer(certSafeContents).getBytes())\n ])\n ]);\n contents.push(certCI);\n }\n\n // create safe contents for private key\n var keyBag = null;\n if(key !== null) {\n // SafeBag\n var pkAsn1 = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(key));\n if(password === null) {\n // no encryption\n keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // bagId\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(pki.oids.keyBag).getBytes()),\n // bagValue\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n // PrivateKeyInfo\n pkAsn1\n ]),\n // bagAttributes (OPTIONAL)\n bagAttrs\n ]);\n } else {\n // encrypted PrivateKeyInfo\n keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // bagId\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(pki.oids.pkcs8ShroudedKeyBag).getBytes()),\n // bagValue\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n // EncryptedPrivateKeyInfo\n pki.encryptPrivateKeyInfo(pkAsn1, password, options)\n ]),\n // bagAttributes (OPTIONAL)\n bagAttrs\n ]);\n }\n\n // SafeContents\n var keySafeContents =\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [keyBag]);\n\n // ContentInfo\n var keyCI =\n // PKCS#7 ContentInfo\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // contentType\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n // OID for the content type is 'data'\n asn1.oidToDer(pki.oids.data).getBytes()),\n // content\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n asn1.toDer(keySafeContents).getBytes())\n ])\n ]);\n contents.push(keyCI);\n }\n\n // create AuthenticatedSafe by stringing together the contents\n var safe = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, contents);\n\n var macData;\n if(options.useMac) {\n // MacData\n var sha1 = forge.md.sha1.create();\n var macSalt = new forge.util.ByteBuffer(\n forge.random.getBytes(options.saltSize));\n var count = options.count;\n // 160-bit key\n var key = p12.generateKey(password, macSalt, 3, count, 20);\n var mac = forge.hmac.create();\n mac.start(sha1, key);\n mac.update(asn1.toDer(safe).getBytes());\n var macValue = mac.getMac();\n macData = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // mac DigestInfo\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // digestAlgorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // algorithm = SHA-1\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(pki.oids.sha1).getBytes()),\n // parameters = Null\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n ]),\n // digest\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING,\n false, macValue.getBytes())\n ]),\n // macSalt OCTET STRING\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, macSalt.getBytes()),\n // iterations INTEGER (XXX: Only support count < 65536)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(count).getBytes()\n )\n ]);\n }\n\n // PFX\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // version (3)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(3).getBytes()),\n // PKCS#7 ContentInfo\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // contentType\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n // OID for the content type is 'data'\n asn1.oidToDer(pki.oids.data).getBytes()),\n // content\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n asn1.toDer(safe).getBytes())\n ])\n ]),\n macData\n ]);\n};\n\n/**\n * Derives a PKCS#12 key.\n *\n * @param password the password to derive the key material from, null or\n * undefined for none.\n * @param salt the salt, as a ByteBuffer, to use.\n * @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).\n * @param iter the iteration count.\n * @param n the number of bytes to derive from the password.\n * @param md the message digest to use, defaults to SHA-1.\n *\n * @return a ByteBuffer with the bytes derived from the password.\n */\np12.generateKey = forge.pbe.generatePkcs12Key;\n","/**\n * Javascript implementation of a basic Public Key Infrastructure, including\n * support for RSA public and private keys.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2013 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./asn1');\nrequire('./oids');\nrequire('./pbe');\nrequire('./pem');\nrequire('./pbkdf2');\nrequire('./pkcs12');\nrequire('./pss');\nrequire('./rsa');\nrequire('./util');\nrequire('./x509');\n\n// shortcut for asn.1 API\nvar asn1 = forge.asn1;\n\n/* Public Key Infrastructure (PKI) implementation. */\nvar pki = module.exports = forge.pki = forge.pki || {};\n\n/**\n * NOTE: THIS METHOD IS DEPRECATED. Use pem.decode() instead.\n *\n * Converts PEM-formatted data to DER.\n *\n * @param pem the PEM-formatted data.\n *\n * @return the DER-formatted data.\n */\npki.pemToDer = function(pem) {\n var msg = forge.pem.decode(pem)[0];\n if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n throw new Error('Could not convert PEM to DER; PEM is encrypted.');\n }\n return forge.util.createBuffer(msg.body);\n};\n\n/**\n * Converts an RSA private key from PEM format.\n *\n * @param pem the PEM-formatted private key.\n *\n * @return the private key.\n */\npki.privateKeyFromPem = function(pem) {\n var msg = forge.pem.decode(pem)[0];\n\n if(msg.type !== 'PRIVATE KEY' && msg.type !== 'RSA PRIVATE KEY') {\n var error = new Error('Could not convert private key from PEM; PEM ' +\n 'header type is not \"PRIVATE KEY\" or \"RSA PRIVATE KEY\".');\n error.headerType = msg.type;\n throw error;\n }\n if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n throw new Error('Could not convert private key from PEM; PEM is encrypted.');\n }\n\n // convert DER to ASN.1 object\n var obj = asn1.fromDer(msg.body);\n\n return pki.privateKeyFromAsn1(obj);\n};\n\n/**\n * Converts an RSA private key to PEM format.\n *\n * @param key the private key.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted private key.\n */\npki.privateKeyToPem = function(key, maxline) {\n // convert to ASN.1, then DER, then PEM-encode\n var msg = {\n type: 'RSA PRIVATE KEY',\n body: asn1.toDer(pki.privateKeyToAsn1(key)).getBytes()\n };\n return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Converts a PrivateKeyInfo to PEM format.\n *\n * @param pki the PrivateKeyInfo.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted private key.\n */\npki.privateKeyInfoToPem = function(pki, maxline) {\n // convert to DER, then PEM-encode\n var msg = {\n type: 'PRIVATE KEY',\n body: asn1.toDer(pki).getBytes()\n };\n return forge.pem.encode(msg, {maxline: maxline});\n};\n","/**\n * A Javascript implementation of Transport Layer Security (TLS).\n *\n * @author Dave Longley\n *\n * Copyright (c) 2009-2014 Digital Bazaar, Inc.\n *\n * The TLS Handshake Protocol involves the following steps:\n *\n * - Exchange hello messages to agree on algorithms, exchange random values,\n * and check for session resumption.\n *\n * - Exchange the necessary cryptographic parameters to allow the client and\n * server to agree on a premaster secret.\n *\n * - Exchange certificates and cryptographic information to allow the client\n * and server to authenticate themselves.\n *\n * - Generate a master secret from the premaster secret and exchanged random\n * values.\n *\n * - Provide security parameters to the record layer.\n *\n * - Allow the client and server to verify that their peer has calculated the\n * same security parameters and that the handshake occurred without tampering\n * by an attacker.\n *\n * Up to 4 different messages may be sent during a key exchange. The server\n * certificate, the server key exchange, the client certificate, and the\n * client key exchange.\n *\n * A typical handshake (from the client's perspective).\n *\n * 1. Client sends ClientHello.\n * 2. Client receives ServerHello.\n * 3. Client receives optional Certificate.\n * 4. Client receives optional ServerKeyExchange.\n * 5. Client receives ServerHelloDone.\n * 6. Client sends optional Certificate.\n * 7. Client sends ClientKeyExchange.\n * 8. Client sends optional CertificateVerify.\n * 9. Client sends ChangeCipherSpec.\n * 10. Client sends Finished.\n * 11. Client receives ChangeCipherSpec.\n * 12. Client receives Finished.\n * 13. Client sends/receives application data.\n *\n * To reuse an existing session:\n *\n * 1. Client sends ClientHello with session ID for reuse.\n * 2. Client receives ServerHello with same session ID if reusing.\n * 3. Client receives ChangeCipherSpec message if reusing.\n * 4. Client receives Finished.\n * 5. Client sends ChangeCipherSpec.\n * 6. Client sends Finished.\n *\n * Note: Client ignores HelloRequest if in the middle of a handshake.\n *\n * Record Layer:\n *\n * The record layer fragments information blocks into TLSPlaintext records\n * carrying data in chunks of 2^14 bytes or less. Client message boundaries are\n * not preserved in the record layer (i.e., multiple client messages of the\n * same ContentType MAY be coalesced into a single TLSPlaintext record, or a\n * single message MAY be fragmented across several records).\n *\n * struct {\n * uint8 major;\n * uint8 minor;\n * } ProtocolVersion;\n *\n * struct {\n * ContentType type;\n * ProtocolVersion version;\n * uint16 length;\n * opaque fragment[TLSPlaintext.length];\n * } TLSPlaintext;\n *\n * type:\n * The higher-level protocol used to process the enclosed fragment.\n *\n * version:\n * The version of the protocol being employed. TLS Version 1.2 uses version\n * {3, 3}. TLS Version 1.0 uses version {3, 1}. Note that a client that\n * supports multiple versions of TLS may not know what version will be\n * employed before it receives the ServerHello.\n *\n * length:\n * The length (in bytes) of the following TLSPlaintext.fragment. The length\n * MUST NOT exceed 2^14 = 16384 bytes.\n *\n * fragment:\n * The application data. This data is transparent and treated as an\n * independent block to be dealt with by the higher-level protocol specified\n * by the type field.\n *\n * Implementations MUST NOT send zero-length fragments of Handshake, Alert, or\n * ChangeCipherSpec content types. Zero-length fragments of Application data\n * MAY be sent as they are potentially useful as a traffic analysis\n * countermeasure.\n *\n * Note: Data of different TLS record layer content types MAY be interleaved.\n * Application data is generally of lower precedence for transmission than\n * other content types. However, records MUST be delivered to the network in\n * the same order as they are protected by the record layer. Recipients MUST\n * receive and process interleaved application layer traffic during handshakes\n * subsequent to the first one on a connection.\n *\n * struct {\n * ContentType type; // same as TLSPlaintext.type\n * ProtocolVersion version;// same as TLSPlaintext.version\n * uint16 length;\n * opaque fragment[TLSCompressed.length];\n * } TLSCompressed;\n *\n * length:\n * The length (in bytes) of the following TLSCompressed.fragment.\n * The length MUST NOT exceed 2^14 + 1024.\n *\n * fragment:\n * The compressed form of TLSPlaintext.fragment.\n *\n * Note: A CompressionMethod.null operation is an identity operation; no fields\n * are altered. In this implementation, since no compression is supported,\n * uncompressed records are always the same as compressed records.\n *\n * Encryption Information:\n *\n * The encryption and MAC functions translate a TLSCompressed structure into a\n * TLSCiphertext. The decryption functions reverse the process. The MAC of the\n * record also includes a sequence number so that missing, extra, or repeated\n * messages are detectable.\n *\n * struct {\n * ContentType type;\n * ProtocolVersion version;\n * uint16 length;\n * select (SecurityParameters.cipher_type) {\n * case stream: GenericStreamCipher;\n * case block: GenericBlockCipher;\n * case aead: GenericAEADCipher;\n * } fragment;\n * } TLSCiphertext;\n *\n * type:\n * The type field is identical to TLSCompressed.type.\n *\n * version:\n * The version field is identical to TLSCompressed.version.\n *\n * length:\n * The length (in bytes) of the following TLSCiphertext.fragment.\n * The length MUST NOT exceed 2^14 + 2048.\n *\n * fragment:\n * The encrypted form of TLSCompressed.fragment, with the MAC.\n *\n * Note: Only CBC Block Ciphers are supported by this implementation.\n *\n * The TLSCompressed.fragment structures are converted to/from block\n * TLSCiphertext.fragment structures.\n *\n * struct {\n * opaque IV[SecurityParameters.record_iv_length];\n * block-ciphered struct {\n * opaque content[TLSCompressed.length];\n * opaque MAC[SecurityParameters.mac_length];\n * uint8 padding[GenericBlockCipher.padding_length];\n * uint8 padding_length;\n * };\n * } GenericBlockCipher;\n *\n * The MAC is generated as described in Section 6.2.3.1.\n *\n * IV:\n * The Initialization Vector (IV) SHOULD be chosen at random, and MUST be\n * unpredictable. Note that in versions of TLS prior to 1.1, there was no\n * IV field, and the last ciphertext block of the previous record (the \"CBC\n * residue\") was used as the IV. This was changed to prevent the attacks\n * described in [CBCATT]. For block ciphers, the IV length is of length\n * SecurityParameters.record_iv_length, which is equal to the\n * SecurityParameters.block_size.\n *\n * padding:\n * Padding that is added to force the length of the plaintext to be an\n * integral multiple of the block cipher's block length. The padding MAY be\n * any length up to 255 bytes, as long as it results in the\n * TLSCiphertext.length being an integral multiple of the block length.\n * Lengths longer than necessary might be desirable to frustrate attacks on\n * a protocol that are based on analysis of the lengths of exchanged\n * messages. Each uint8 in the padding data vector MUST be filled with the\n * padding length value. The receiver MUST check this padding and MUST use\n * the bad_record_mac alert to indicate padding errors.\n *\n * padding_length:\n * The padding length MUST be such that the total size of the\n * GenericBlockCipher structure is a multiple of the cipher's block length.\n * Legal values range from zero to 255, inclusive. This length specifies the\n * length of the padding field exclusive of the padding_length field itself.\n *\n * The encrypted data length (TLSCiphertext.length) is one more than the sum of\n * SecurityParameters.block_length, TLSCompressed.length,\n * SecurityParameters.mac_length, and padding_length.\n *\n * Example: If the block length is 8 bytes, the content length\n * (TLSCompressed.length) is 61 bytes, and the MAC length is 20 bytes, then the\n * length before padding is 82 bytes (this does not include the IV. Thus, the\n * padding length modulo 8 must be equal to 6 in order to make the total length\n * an even multiple of 8 bytes (the block length). The padding length can be\n * 6, 14, 22, and so on, through 254. If the padding length were the minimum\n * necessary, 6, the padding would be 6 bytes, each containing the value 6.\n * Thus, the last 8 octets of the GenericBlockCipher before block encryption\n * would be xx 06 06 06 06 06 06 06, where xx is the last octet of the MAC.\n *\n * Note: With block ciphers in CBC mode (Cipher Block Chaining), it is critical\n * that the entire plaintext of the record be known before any ciphertext is\n * transmitted. Otherwise, it is possible for the attacker to mount the attack\n * described in [CBCATT].\n *\n * Implementation note: Canvel et al. [CBCTIME] have demonstrated a timing\n * attack on CBC padding based on the time required to compute the MAC. In\n * order to defend against this attack, implementations MUST ensure that\n * record processing time is essentially the same whether or not the padding\n * is correct. In general, the best way to do this is to compute the MAC even\n * if the padding is incorrect, and only then reject the packet. For instance,\n * if the pad appears to be incorrect, the implementation might assume a\n * zero-length pad and then compute the MAC. This leaves a small timing\n * channel, since MAC performance depends, to some extent, on the size of the\n * data fragment, but it is not believed to be large enough to be exploitable,\n * due to the large block size of existing MACs and the small size of the\n * timing signal.\n */\nvar forge = require('./forge');\nrequire('./asn1');\nrequire('./hmac');\nrequire('./md5');\nrequire('./pem');\nrequire('./pki');\nrequire('./random');\nrequire('./sha1');\nrequire('./util');\n\n/**\n * Generates pseudo random bytes by mixing the result of two hash functions,\n * MD5 and SHA-1.\n *\n * prf_TLS1(secret, label, seed) =\n * P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed);\n *\n * Each P_hash function functions as follows:\n *\n * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) +\n * HMAC_hash(secret, A(2) + seed) +\n * HMAC_hash(secret, A(3) + seed) + ...\n * A() is defined as:\n * A(0) = seed\n * A(i) = HMAC_hash(secret, A(i-1))\n *\n * The '+' operator denotes concatenation.\n *\n * As many iterations A(N) as are needed are performed to generate enough\n * pseudo random byte output. If an iteration creates more data than is\n * necessary, then it is truncated.\n *\n * Therefore:\n * A(1) = HMAC_hash(secret, A(0))\n * = HMAC_hash(secret, seed)\n * A(2) = HMAC_hash(secret, A(1))\n * = HMAC_hash(secret, HMAC_hash(secret, seed))\n *\n * Therefore:\n * P_hash(secret, seed) =\n * HMAC_hash(secret, HMAC_hash(secret, A(0)) + seed) +\n * HMAC_hash(secret, HMAC_hash(secret, A(1)) + seed) +\n * ...\n *\n * Therefore:\n * P_hash(secret, seed) =\n * HMAC_hash(secret, HMAC_hash(secret, seed) + seed) +\n * HMAC_hash(secret, HMAC_hash(secret, HMAC_hash(secret, seed)) + seed) +\n * ...\n *\n * @param secret the secret to use.\n * @param label the label to use.\n * @param seed the seed value to use.\n * @param length the number of bytes to generate.\n *\n * @return the pseudo random bytes in a byte buffer.\n */\nvar prf_TLS1 = function(secret, label, seed, length) {\n var rval = forge.util.createBuffer();\n\n /* For TLS 1.0, the secret is split in half, into two secrets of equal\n length. If the secret has an odd length then the last byte of the first\n half will be the same as the first byte of the second. The length of the\n two secrets is half of the secret rounded up. */\n var idx = (secret.length >> 1);\n var slen = idx + (secret.length & 1);\n var s1 = secret.substr(0, slen);\n var s2 = secret.substr(idx, slen);\n var ai = forge.util.createBuffer();\n var hmac = forge.hmac.create();\n seed = label + seed;\n\n // determine the number of iterations that must be performed to generate\n // enough output bytes, md5 creates 16 byte hashes, sha1 creates 20\n var md5itr = Math.ceil(length / 16);\n var sha1itr = Math.ceil(length / 20);\n\n // do md5 iterations\n hmac.start('MD5', s1);\n var md5bytes = forge.util.createBuffer();\n ai.putBytes(seed);\n for(var i = 0; i < md5itr; ++i) {\n // HMAC_hash(secret, A(i-1))\n hmac.start(null, null);\n hmac.update(ai.getBytes());\n ai.putBuffer(hmac.digest());\n\n // HMAC_hash(secret, A(i) + seed)\n hmac.start(null, null);\n hmac.update(ai.bytes() + seed);\n md5bytes.putBuffer(hmac.digest());\n }\n\n // do sha1 iterations\n hmac.start('SHA1', s2);\n var sha1bytes = forge.util.createBuffer();\n ai.clear();\n ai.putBytes(seed);\n for(var i = 0; i < sha1itr; ++i) {\n // HMAC_hash(secret, A(i-1))\n hmac.start(null, null);\n hmac.update(ai.getBytes());\n ai.putBuffer(hmac.digest());\n\n // HMAC_hash(secret, A(i) + seed)\n hmac.start(null, null);\n hmac.update(ai.bytes() + seed);\n sha1bytes.putBuffer(hmac.digest());\n }\n\n // XOR the md5 bytes with the sha1 bytes\n rval.putBytes(forge.util.xorBytes(\n md5bytes.getBytes(), sha1bytes.getBytes(), length));\n\n return rval;\n};\n\n/**\n * Generates pseudo random bytes using a SHA256 algorithm. For TLS 1.2.\n *\n * @param secret the secret to use.\n * @param label the label to use.\n * @param seed the seed value to use.\n * @param length the number of bytes to generate.\n *\n * @return the pseudo random bytes in a byte buffer.\n */\nvar prf_sha256 = function(secret, label, seed, length) {\n // FIXME: implement me for TLS 1.2\n};\n\n/**\n * Gets a MAC for a record using the SHA-1 hash algorithm.\n *\n * @param key the mac key.\n * @param state the sequence number (array of two 32-bit integers).\n * @param record the record.\n *\n * @return the sha-1 hash (20 bytes) for the given record.\n */\nvar hmac_sha1 = function(key, seqNum, record) {\n /* MAC is computed like so:\n HMAC_hash(\n key, seqNum +\n TLSCompressed.type +\n TLSCompressed.version +\n TLSCompressed.length +\n TLSCompressed.fragment)\n */\n var hmac = forge.hmac.create();\n hmac.start('SHA1', key);\n var b = forge.util.createBuffer();\n b.putInt32(seqNum[0]);\n b.putInt32(seqNum[1]);\n b.putByte(record.type);\n b.putByte(record.version.major);\n b.putByte(record.version.minor);\n b.putInt16(record.length);\n b.putBytes(record.fragment.bytes());\n hmac.update(b.getBytes());\n return hmac.digest().getBytes();\n};\n\n/**\n * Compresses the TLSPlaintext record into a TLSCompressed record using the\n * deflate algorithm.\n *\n * @param c the TLS connection.\n * @param record the TLSPlaintext record to compress.\n * @param s the ConnectionState to use.\n *\n * @return true on success, false on failure.\n */\nvar deflate = function(c, record, s) {\n var rval = false;\n\n try {\n var bytes = c.deflate(record.fragment.getBytes());\n record.fragment = forge.util.createBuffer(bytes);\n record.length = bytes.length;\n rval = true;\n } catch(ex) {\n // deflate error, fail out\n }\n\n return rval;\n};\n\n/**\n * Decompresses the TLSCompressed record into a TLSPlaintext record using the\n * deflate algorithm.\n *\n * @param c the TLS connection.\n * @param record the TLSCompressed record to decompress.\n * @param s the ConnectionState to use.\n *\n * @return true on success, false on failure.\n */\nvar inflate = function(c, record, s) {\n var rval = false;\n\n try {\n var bytes = c.inflate(record.fragment.getBytes());\n record.fragment = forge.util.createBuffer(bytes);\n record.length = bytes.length;\n rval = true;\n } catch(ex) {\n // inflate error, fail out\n }\n\n return rval;\n};\n\n/**\n * Reads a TLS variable-length vector from a byte buffer.\n *\n * Variable-length vectors are defined by specifying a subrange of legal\n * lengths, inclusively, using the notation <floor..ceiling>. When these are\n * encoded, the actual length precedes the vector's contents in the byte\n * stream. The length will be in the form of a number consuming as many bytes\n * as required to hold the vector's specified maximum (ceiling) length. A\n * variable-length vector with an actual length field of zero is referred to\n * as an empty vector.\n *\n * @param b the byte buffer.\n * @param lenBytes the number of bytes required to store the length.\n *\n * @return the resulting byte buffer.\n */\nvar readVector = function(b, lenBytes) {\n var len = 0;\n switch(lenBytes) {\n case 1:\n len = b.getByte();\n break;\n case 2:\n len = b.getInt16();\n break;\n case 3:\n len = b.getInt24();\n break;\n case 4:\n len = b.getInt32();\n break;\n }\n\n // read vector bytes into a new buffer\n return forge.util.createBuffer(b.getBytes(len));\n};\n\n/**\n * Writes a TLS variable-length vector to a byte buffer.\n *\n * @param b the byte buffer.\n * @param lenBytes the number of bytes required to store the length.\n * @param v the byte buffer vector.\n */\nvar writeVector = function(b, lenBytes, v) {\n // encode length at the start of the vector, where the number of bytes for\n // the length is the maximum number of bytes it would take to encode the\n // vector's ceiling\n b.putInt(v.length(), lenBytes << 3);\n b.putBuffer(v);\n};\n\n/**\n * The tls implementation.\n */\nvar tls = {};\n\n/**\n * Version: TLS 1.2 = 3.3, TLS 1.1 = 3.2, TLS 1.0 = 3.1. Both TLS 1.1 and\n * TLS 1.2 were still too new (ie: openSSL didn't implement them) at the time\n * of this implementation so TLS 1.0 was implemented instead.\n */\ntls.Versions = {\n TLS_1_0: {major: 3, minor: 1},\n TLS_1_1: {major: 3, minor: 2},\n TLS_1_2: {major: 3, minor: 3}\n};\ntls.SupportedVersions = [\n tls.Versions.TLS_1_1,\n tls.Versions.TLS_1_0\n];\ntls.Version = tls.SupportedVersions[0];\n\n/**\n * Maximum fragment size. True maximum is 16384, but we fragment before that\n * to allow for unusual small increases during compression.\n */\ntls.MaxFragment = 16384 - 1024;\n\n/**\n * Whether this entity is considered the \"client\" or \"server\".\n * enum { server, client } ConnectionEnd;\n */\ntls.ConnectionEnd = {\n server: 0,\n client: 1\n};\n\n/**\n * Pseudo-random function algorithm used to generate keys from the master\n * secret.\n * enum { tls_prf_sha256 } PRFAlgorithm;\n */\ntls.PRFAlgorithm = {\n tls_prf_sha256: 0\n};\n\n/**\n * Bulk encryption algorithms.\n * enum { null, rc4, des3, aes } BulkCipherAlgorithm;\n */\ntls.BulkCipherAlgorithm = {\n none: null,\n rc4: 0,\n des3: 1,\n aes: 2\n};\n\n/**\n * Cipher types.\n * enum { stream, block, aead } CipherType;\n */\ntls.CipherType = {\n stream: 0,\n block: 1,\n aead: 2\n};\n\n/**\n * MAC (Message Authentication Code) algorithms.\n * enum { null, hmac_md5, hmac_sha1, hmac_sha256,\n * hmac_sha384, hmac_sha512} MACAlgorithm;\n */\ntls.MACAlgorithm = {\n none: null,\n hmac_md5: 0,\n hmac_sha1: 1,\n hmac_sha256: 2,\n hmac_sha384: 3,\n hmac_sha512: 4\n};\n\n/**\n * Compression algorithms.\n * enum { null(0), deflate(1), (255) } CompressionMethod;\n */\ntls.CompressionMethod = {\n none: 0,\n deflate: 1\n};\n\n/**\n * TLS record content types.\n * enum {\n * change_cipher_spec(20), alert(21), handshake(22),\n * application_data(23), (255)\n * } ContentType;\n */\ntls.ContentType = {\n change_cipher_spec: 20,\n alert: 21,\n handshake: 22,\n application_data: 23,\n heartbeat: 24\n};\n\n/**\n * TLS handshake types.\n * enum {\n * hello_request(0), client_hello(1), server_hello(2),\n * certificate(11), server_key_exchange (12),\n * certificate_request(13), server_hello_done(14),\n * certificate_verify(15), client_key_exchange(16),\n * finished(20), (255)\n * } HandshakeType;\n */\ntls.HandshakeType = {\n hello_request: 0,\n client_hello: 1,\n server_hello: 2,\n certificate: 11,\n server_key_exchange: 12,\n certificate_request: 13,\n server_hello_done: 14,\n certificate_verify: 15,\n client_key_exchange: 16,\n finished: 20\n};\n\n/**\n * TLS Alert Protocol.\n *\n * enum { warning(1), fatal(2), (255) } AlertLevel;\n *\n * enum {\n * close_notify(0),\n * unexpected_message(10),\n * bad_record_mac(20),\n * decryption_failed(21),\n * record_overflow(22),\n * decompression_failure(30),\n * handshake_failure(40),\n * bad_certificate(42),\n * unsupported_certificate(43),\n * certificate_revoked(44),\n * certificate_expired(45),\n * certificate_unknown(46),\n * illegal_parameter(47),\n * unknown_ca(48),\n * access_denied(49),\n * decode_error(50),\n * decrypt_error(51),\n * export_restriction(60),\n * protocol_version(70),\n * insufficient_security(71),\n * internal_error(80),\n * user_canceled(90),\n * no_renegotiation(100),\n * (255)\n * } AlertDescription;\n *\n * struct {\n * AlertLevel level;\n * AlertDescription description;\n * } Alert;\n */\ntls.Alert = {};\ntls.Alert.Level = {\n warning: 1,\n fatal: 2\n};\ntls.Alert.Description = {\n close_notify: 0,\n unexpected_message: 10,\n bad_record_mac: 20,\n decryption_failed: 21,\n record_overflow: 22,\n decompression_failure: 30,\n handshake_failure: 40,\n bad_certificate: 42,\n unsupported_certificate: 43,\n certificate_revoked: 44,\n certificate_expired: 45,\n certificate_unknown: 46,\n illegal_parameter: 47,\n unknown_ca: 48,\n access_denied: 49,\n decode_error: 50,\n decrypt_error: 51,\n export_restriction: 60,\n protocol_version: 70,\n insufficient_security: 71,\n internal_error: 80,\n user_canceled: 90,\n no_renegotiation: 100\n};\n\n/**\n * TLS Heartbeat Message types.\n * enum {\n * heartbeat_request(1),\n * heartbeat_response(2),\n * (255)\n * } HeartbeatMessageType;\n */\ntls.HeartbeatMessageType = {\n heartbeat_request: 1,\n heartbeat_response: 2\n};\n\n/**\n * Supported cipher suites.\n */\ntls.CipherSuites = {};\n\n/**\n * Gets a supported cipher suite from its 2 byte ID.\n *\n * @param twoBytes two bytes in a string.\n *\n * @return the matching supported cipher suite or null.\n */\ntls.getCipherSuite = function(twoBytes) {\n var rval = null;\n for(var key in tls.CipherSuites) {\n var cs = tls.CipherSuites[key];\n if(cs.id[0] === twoBytes.charCodeAt(0) &&\n cs.id[1] === twoBytes.charCodeAt(1)) {\n rval = cs;\n break;\n }\n }\n return rval;\n};\n\n/**\n * Called when an unexpected record is encountered.\n *\n * @param c the connection.\n * @param record the record.\n */\ntls.handleUnexpected = function(c, record) {\n // if connection is client and closed, ignore unexpected messages\n var ignore = (!c.open && c.entity === tls.ConnectionEnd.client);\n if(!ignore) {\n c.error(c, {\n message: 'Unexpected message. Received TLS record out of order.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.unexpected_message\n }\n });\n }\n};\n\n/**\n * Called when a client receives a HelloRequest record.\n *\n * @param c the connection.\n * @param record the record.\n * @param length the length of the handshake message.\n */\ntls.handleHelloRequest = function(c, record, length) {\n // ignore renegotiation requests from the server during a handshake, but\n // if handshaking, send a warning alert that renegotation is denied\n if(!c.handshaking && c.handshakes > 0) {\n // send alert warning\n tls.queue(c, tls.createAlert(c, {\n level: tls.Alert.Level.warning,\n description: tls.Alert.Description.no_renegotiation\n }));\n tls.flush(c);\n }\n\n // continue\n c.process();\n};\n\n/**\n * Parses a hello message from a ClientHello or ServerHello record.\n *\n * @param record the record to parse.\n *\n * @return the parsed message.\n */\ntls.parseHelloMessage = function(c, record, length) {\n var msg = null;\n\n var client = (c.entity === tls.ConnectionEnd.client);\n\n // minimum of 38 bytes in message\n if(length < 38) {\n c.error(c, {\n message: client ?\n 'Invalid ServerHello message. Message too short.' :\n 'Invalid ClientHello message. Message too short.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.illegal_parameter\n }\n });\n } else {\n // use 'remaining' to calculate # of remaining bytes in the message\n var b = record.fragment;\n var remaining = b.length();\n msg = {\n version: {\n major: b.getByte(),\n minor: b.getByte()\n },\n random: forge.util.createBuffer(b.getBytes(32)),\n session_id: readVector(b, 1),\n extensions: []\n };\n if(client) {\n msg.cipher_suite = b.getBytes(2);\n msg.compression_method = b.getByte();\n } else {\n msg.cipher_suites = readVector(b, 2);\n msg.compression_methods = readVector(b, 1);\n }\n\n // read extensions if there are any bytes left in the message\n remaining = length - (remaining - b.length());\n if(remaining > 0) {\n // parse extensions\n var exts = readVector(b, 2);\n while(exts.length() > 0) {\n msg.extensions.push({\n type: [exts.getByte(), exts.getByte()],\n data: readVector(exts, 2)\n });\n }\n\n // TODO: make extension support modular\n if(!client) {\n for(var i = 0; i < msg.extensions.length; ++i) {\n var ext = msg.extensions[i];\n\n // support SNI extension\n if(ext.type[0] === 0x00 && ext.type[1] === 0x00) {\n // get server name list\n var snl = readVector(ext.data, 2);\n while(snl.length() > 0) {\n // read server name type\n var snType = snl.getByte();\n\n // only HostName type (0x00) is known, break out if\n // another type is detected\n if(snType !== 0x00) {\n break;\n }\n\n // add host name to server name list\n c.session.extensions.server_name.serverNameList.push(\n readVector(snl, 2).getBytes());\n }\n }\n }\n }\n }\n\n // version already set, do not allow version change\n if(c.session.version) {\n if(msg.version.major !== c.session.version.major ||\n msg.version.minor !== c.session.version.minor) {\n return c.error(c, {\n message: 'TLS version change is disallowed during renegotiation.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.protocol_version\n }\n });\n }\n }\n\n // get the chosen (ServerHello) cipher suite\n if(client) {\n // FIXME: should be checking configured acceptable cipher suites\n c.session.cipherSuite = tls.getCipherSuite(msg.cipher_suite);\n } else {\n // get a supported preferred (ClientHello) cipher suite\n // choose the first supported cipher suite\n var tmp = forge.util.createBuffer(msg.cipher_suites.bytes());\n while(tmp.length() > 0) {\n // FIXME: should be checking configured acceptable suites\n // cipher suites take up 2 bytes\n c.session.cipherSuite = tls.getCipherSuite(tmp.getBytes(2));\n if(c.session.cipherSuite !== null) {\n break;\n }\n }\n }\n\n // cipher suite not supported\n if(c.session.cipherSuite === null) {\n return c.error(c, {\n message: 'No cipher suites in common.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.handshake_failure\n },\n cipherSuite: forge.util.bytesToHex(msg.cipher_suite)\n });\n }\n\n // TODO: handle compression methods\n if(client) {\n c.session.compressionMethod = msg.compression_method;\n } else {\n // no compression\n c.session.compressionMethod = tls.CompressionMethod.none;\n }\n }\n\n return msg;\n};\n\n/**\n * Creates security parameters for the given connection based on the given\n * hello message.\n *\n * @param c the TLS connection.\n * @param msg the hello message.\n */\ntls.createSecurityParameters = function(c, msg) {\n /* Note: security params are from TLS 1.2, some values like prf_algorithm\n are ignored for TLS 1.0/1.1 and the builtin as specified in the spec is\n used. */\n\n // TODO: handle other options from server when more supported\n\n // get client and server randoms\n var client = (c.entity === tls.ConnectionEnd.client);\n var msgRandom = msg.random.bytes();\n var cRandom = client ? c.session.sp.client_random : msgRandom;\n var sRandom = client ? msgRandom : tls.createRandom().getBytes();\n\n // create new security parameters\n c.session.sp = {\n entity: c.entity,\n prf_algorithm: tls.PRFAlgorithm.tls_prf_sha256,\n bulk_cipher_algorithm: null,\n cipher_type: null,\n enc_key_length: null,\n block_length: null,\n fixed_iv_length: null,\n record_iv_length: null,\n mac_algorithm: null,\n mac_length: null,\n mac_key_length: null,\n compression_algorithm: c.session.compressionMethod,\n pre_master_secret: null,\n master_secret: null,\n client_random: cRandom,\n server_random: sRandom\n };\n};\n\n/**\n * Called when a client receives a ServerHello record.\n *\n * When a ServerHello message will be sent:\n * The server will send this message in response to a client hello message\n * when it was able to find an acceptable set of algorithms. If it cannot\n * find such a match, it will respond with a handshake failure alert.\n *\n * uint24 length;\n * struct {\n * ProtocolVersion server_version;\n * Random random;\n * SessionID session_id;\n * CipherSuite cipher_suite;\n * CompressionMethod compression_method;\n * select(extensions_present) {\n * case false:\n * struct {};\n * case true:\n * Extension extensions<0..2^16-1>;\n * };\n * } ServerHello;\n *\n * @param c the connection.\n * @param record the record.\n * @param length the length of the handshake message.\n */\ntls.handleServerHello = function(c, record, length) {\n var msg = tls.parseHelloMessage(c, record, length);\n if(c.fail) {\n return;\n }\n\n // ensure server version is compatible\n if(msg.version.minor <= c.version.minor) {\n c.version.minor = msg.version.minor;\n } else {\n return c.error(c, {\n message: 'Incompatible TLS version.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.protocol_version\n }\n });\n }\n\n // indicate session version has been set\n c.session.version = c.version;\n\n // get the session ID from the message\n var sessionId = msg.session_id.bytes();\n\n // if the session ID is not blank and matches the cached one, resume\n // the session\n if(sessionId.length > 0 && sessionId === c.session.id) {\n // resuming session, expect a ChangeCipherSpec next\n c.expect = SCC;\n c.session.resuming = true;\n\n // get new server random\n c.session.sp.server_random = msg.random.bytes();\n } else {\n // not resuming, expect a server Certificate message next\n c.expect = SCE;\n c.session.resuming = false;\n\n // create new security parameters\n tls.createSecurityParameters(c, msg);\n }\n\n // set new session ID\n c.session.id = sessionId;\n\n // continue\n c.process();\n};\n\n/**\n * Called when a server receives a ClientHello record.\n *\n * When a ClientHello message will be sent:\n * When a client first connects to a server it is required to send the\n * client hello as its first message. The client can also send a client\n * hello in response to a hello request or on its own initiative in order\n * to renegotiate the security parameters in an existing connection.\n *\n * @param c the connection.\n * @param record the record.\n * @param length the length of the handshake message.\n */\ntls.handleClientHello = function(c, record, length) {\n var msg = tls.parseHelloMessage(c, record, length);\n if(c.fail) {\n return;\n }\n\n // get the session ID from the message\n var sessionId = msg.session_id.bytes();\n\n // see if the given session ID is in the cache\n var session = null;\n if(c.sessionCache) {\n session = c.sessionCache.getSession(sessionId);\n if(session === null) {\n // session ID not found\n sessionId = '';\n } else if(session.version.major !== msg.version.major ||\n session.version.minor > msg.version.minor) {\n // if session version is incompatible with client version, do not resume\n session = null;\n sessionId = '';\n }\n }\n\n // no session found to resume, generate a new session ID\n if(sessionId.length === 0) {\n sessionId = forge.random.getBytes(32);\n }\n\n // update session\n c.session.id = sessionId;\n c.session.clientHelloVersion = msg.version;\n c.session.sp = {};\n if(session) {\n // use version and security parameters from resumed session\n c.version = c.session.version = session.version;\n c.session.sp = session.sp;\n } else {\n // use highest compatible minor version\n var version;\n for(var i = 1; i < tls.SupportedVersions.length; ++i) {\n version = tls.SupportedVersions[i];\n if(version.minor <= msg.version.minor) {\n break;\n }\n }\n c.version = {major: version.major, minor: version.minor};\n c.session.version = c.version;\n }\n\n // if a session is set, resume it\n if(session !== null) {\n // resuming session, expect a ChangeCipherSpec next\n c.expect = CCC;\n c.session.resuming = true;\n\n // get new client random\n c.session.sp.client_random = msg.random.bytes();\n } else {\n // not resuming, expect a Certificate or ClientKeyExchange\n c.expect = (c.verifyClient !== false) ? CCE : CKE;\n c.session.resuming = false;\n\n // create new security parameters\n tls.createSecurityParameters(c, msg);\n }\n\n // connection now open\n c.open = true;\n\n // queue server hello\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createServerHello(c)\n }));\n\n if(c.session.resuming) {\n // queue change cipher spec message\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.change_cipher_spec,\n data: tls.createChangeCipherSpec()\n }));\n\n // create pending state\n c.state.pending = tls.createConnectionState(c);\n\n // change current write state to pending write state\n c.state.current.write = c.state.pending.write;\n\n // queue finished\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createFinished(c)\n }));\n } else {\n // queue server certificate\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createCertificate(c)\n }));\n\n if(!c.fail) {\n // queue server key exchange\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createServerKeyExchange(c)\n }));\n\n // request client certificate if set\n if(c.verifyClient !== false) {\n // queue certificate request\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createCertificateRequest(c)\n }));\n }\n\n // queue server hello done\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createServerHelloDone(c)\n }));\n }\n }\n\n // send records\n tls.flush(c);\n\n // continue\n c.process();\n};\n\n/**\n * Called when a client receives a Certificate record.\n *\n * When this message will be sent:\n * The server must send a certificate whenever the agreed-upon key exchange\n * method is not an anonymous one. This message will always immediately\n * follow the server hello message.\n *\n * Meaning of this message:\n * The certificate type must be appropriate for the selected cipher suite's\n * key exchange algorithm, and is generally an X.509v3 certificate. It must\n * contain a key which matches the key exchange method, as follows. Unless\n * otherwise specified, the signing algorithm for the certificate must be\n * the same as the algorithm for the certificate key. Unless otherwise\n * specified, the public key may be of any length.\n *\n * opaque ASN.1Cert<1..2^24-1>;\n * struct {\n * ASN.1Cert certificate_list<1..2^24-1>;\n * } Certificate;\n *\n * @param c the connection.\n * @param record the record.\n * @param length the length of the handshake message.\n */\ntls.handleCertificate = function(c, record, length) {\n // minimum of 3 bytes in message\n if(length < 3) {\n return c.error(c, {\n message: 'Invalid Certificate message. Message too short.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.illegal_parameter\n }\n });\n }\n\n var b = record.fragment;\n var msg = {\n certificate_list: readVector(b, 3)\n };\n\n /* The sender's certificate will be first in the list (chain), each\n subsequent one that follows will certify the previous one, but root\n certificates (self-signed) that specify the certificate authority may\n be omitted under the assumption that clients must already possess it. */\n var cert, asn1;\n var certs = [];\n try {\n while(msg.certificate_list.length() > 0) {\n // each entry in msg.certificate_list is a vector with 3 len bytes\n cert = readVector(msg.certificate_list, 3);\n asn1 = forge.asn1.fromDer(cert);\n cert = forge.pki.certificateFromAsn1(asn1, true);\n certs.push(cert);\n }\n } catch(ex) {\n return c.error(c, {\n message: 'Could not parse certificate list.',\n cause: ex,\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.bad_certificate\n }\n });\n }\n\n // ensure at least 1 certificate was provided if in client-mode\n // or if verifyClient was set to true to require a certificate\n // (as opposed to 'optional')\n var client = (c.entity === tls.ConnectionEnd.client);\n if((client || c.verifyClient === true) && certs.length === 0) {\n // error, no certificate\n c.error(c, {\n message: client ?\n 'No server certificate provided.' :\n 'No client certificate provided.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.illegal_parameter\n }\n });\n } else if(certs.length === 0) {\n // no certs to verify\n // expect a ServerKeyExchange or ClientKeyExchange message next\n c.expect = client ? SKE : CKE;\n } else {\n // save certificate in session\n if(client) {\n c.session.serverCertificate = certs[0];\n } else {\n c.session.clientCertificate = certs[0];\n }\n\n if(tls.verifyCertificateChain(c, certs)) {\n // expect a ServerKeyExchange or ClientKeyExchange message next\n c.expect = client ? SKE : CKE;\n }\n }\n\n // continue\n c.process();\n};\n\n/**\n * Called when a client receives a ServerKeyExchange record.\n *\n * When this message will be sent:\n * This message will be sent immediately after the server certificate\n * message (or the server hello message, if this is an anonymous\n * negotiation).\n *\n * The server key exchange message is sent by the server only when the\n * server certificate message (if sent) does not contain enough data to\n * allow the client to exchange a premaster secret.\n *\n * Meaning of this message:\n * This message conveys cryptographic information to allow the client to\n * communicate the premaster secret: either an RSA public key to encrypt\n * the premaster secret with, or a Diffie-Hellman public key with which the\n * client can complete a key exchange (with the result being the premaster\n * secret.)\n *\n * enum {\n * dhe_dss, dhe_rsa, dh_anon, rsa, dh_dss, dh_rsa\n * } KeyExchangeAlgorithm;\n *\n * struct {\n * opaque dh_p<1..2^16-1>;\n * opaque dh_g<1..2^16-1>;\n * opaque dh_Ys<1..2^16-1>;\n * } ServerDHParams;\n *\n * struct {\n * select(KeyExchangeAlgorithm) {\n * case dh_anon:\n * ServerDHParams params;\n * case dhe_dss:\n * case dhe_rsa:\n * ServerDHParams params;\n * digitally-signed struct {\n * opaque client_random[32];\n * opaque server_random[32];\n * ServerDHParams params;\n * } signed_params;\n * case rsa:\n * case dh_dss:\n * case dh_rsa:\n * struct {};\n * };\n * } ServerKeyExchange;\n *\n * @param c the connection.\n * @param record the record.\n * @param length the length of the handshake message.\n */\ntls.handleServerKeyExchange = function(c, record, length) {\n // this implementation only supports RSA, no Diffie-Hellman support\n // so any length > 0 is invalid\n if(length > 0) {\n return c.error(c, {\n message: 'Invalid key parameters. Only RSA is supported.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.unsupported_certificate\n }\n });\n }\n\n // expect an optional CertificateRequest message next\n c.expect = SCR;\n\n // continue\n c.process();\n};\n\n/**\n * Called when a client receives a ClientKeyExchange record.\n *\n * @param c the connection.\n * @param record the record.\n * @param length the length of the handshake message.\n */\ntls.handleClientKeyExchange = function(c, record, length) {\n // this implementation only supports RSA, no Diffie-Hellman support\n // so any length < 48 is invalid\n if(length < 48) {\n return c.error(c, {\n message: 'Invalid key parameters. Only RSA is supported.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.unsupported_certificate\n }\n });\n }\n\n var b = record.fragment;\n var msg = {\n enc_pre_master_secret: readVector(b, 2).getBytes()\n };\n\n // do rsa decryption\n var privateKey = null;\n if(c.getPrivateKey) {\n try {\n privateKey = c.getPrivateKey(c, c.session.serverCertificate);\n privateKey = forge.pki.privateKeyFromPem(privateKey);\n } catch(ex) {\n c.error(c, {\n message: 'Could not get private key.',\n cause: ex,\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.internal_error\n }\n });\n }\n }\n\n if(privateKey === null) {\n return c.error(c, {\n message: 'No private key set.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.internal_error\n }\n });\n }\n\n try {\n // decrypt 48-byte pre-master secret\n var sp = c.session.sp;\n sp.pre_master_secret = privateKey.decrypt(msg.enc_pre_master_secret);\n\n // ensure client hello version matches first 2 bytes\n var version = c.session.clientHelloVersion;\n if(version.major !== sp.pre_master_secret.charCodeAt(0) ||\n version.minor !== sp.pre_master_secret.charCodeAt(1)) {\n // error, do not send alert (see BLEI attack below)\n throw new Error('TLS version rollback attack detected.');\n }\n } catch(ex) {\n /* Note: Daniel Bleichenbacher [BLEI] can be used to attack a\n TLS server which is using PKCS#1 encoded RSA, so instead of\n failing here, we generate 48 random bytes and use that as\n the pre-master secret. */\n sp.pre_master_secret = forge.random.getBytes(48);\n }\n\n // expect a CertificateVerify message if a Certificate was received that\n // does not have fixed Diffie-Hellman params, otherwise expect\n // ChangeCipherSpec\n c.expect = CCC;\n if(c.session.clientCertificate !== null) {\n // only RSA support, so expect CertificateVerify\n // TODO: support Diffie-Hellman\n c.expect = CCV;\n }\n\n // continue\n c.process();\n};\n\n/**\n * Called when a client receives a CertificateRequest record.\n *\n * When this message will be sent:\n * A non-anonymous server can optionally request a certificate from the\n * client, if appropriate for the selected cipher suite. This message, if\n * sent, will immediately follow the Server Key Exchange message (if it is\n * sent; otherwise, the Server Certificate message).\n *\n * enum {\n * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4),\n * rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6),\n * fortezza_dms_RESERVED(20), (255)\n * } ClientCertificateType;\n *\n * opaque DistinguishedName<1..2^16-1>;\n *\n * struct {\n * ClientCertificateType certificate_types<1..2^8-1>;\n * SignatureAndHashAlgorithm supported_signature_algorithms<2^16-1>;\n * DistinguishedName certificate_authorities<0..2^16-1>;\n * } CertificateRequest;\n *\n * @param c the connection.\n * @param record the record.\n * @param length the length of the handshake message.\n */\ntls.handleCertificateRequest = function(c, record, length) {\n // minimum of 3 bytes in message\n if(length < 3) {\n return c.error(c, {\n message: 'Invalid CertificateRequest. Message too short.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.illegal_parameter\n }\n });\n }\n\n // TODO: TLS 1.2+ has different format including\n // SignatureAndHashAlgorithm after cert types\n var b = record.fragment;\n var msg = {\n certificate_types: readVector(b, 1),\n certificate_authorities: readVector(b, 2)\n };\n\n // save certificate request in session\n c.session.certificateRequest = msg;\n\n // expect a ServerHelloDone message next\n c.expect = SHD;\n\n // continue\n c.process();\n};\n\n/**\n * Called when a server receives a CertificateVerify record.\n *\n * @param c the connection.\n * @param record the record.\n * @param length the length of the handshake message.\n */\ntls.handleCertificateVerify = function(c, record, length) {\n if(length < 2) {\n return c.error(c, {\n message: 'Invalid CertificateVerify. Message too short.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.illegal_parameter\n }\n });\n }\n\n // rewind to get full bytes for message so it can be manually\n // digested below (special case for CertificateVerify messages because\n // they must be digested *after* handling as opposed to all others)\n var b = record.fragment;\n b.read -= 4;\n var msgBytes = b.bytes();\n b.read += 4;\n\n var msg = {\n signature: readVector(b, 2).getBytes()\n };\n\n // TODO: add support for DSA\n\n // generate data to verify\n var verify = forge.util.createBuffer();\n verify.putBuffer(c.session.md5.digest());\n verify.putBuffer(c.session.sha1.digest());\n verify = verify.getBytes();\n\n try {\n var cert = c.session.clientCertificate;\n /*b = forge.pki.rsa.decrypt(\n msg.signature, cert.publicKey, true, verify.length);\n if(b !== verify) {*/\n if(!cert.publicKey.verify(verify, msg.signature, 'NONE')) {\n throw new Error('CertificateVerify signature does not match.');\n }\n\n // digest message now that it has been handled\n c.session.md5.update(msgBytes);\n c.session.sha1.update(msgBytes);\n } catch(ex) {\n return c.error(c, {\n message: 'Bad signature in CertificateVerify.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.handshake_failure\n }\n });\n }\n\n // expect ChangeCipherSpec\n c.expect = CCC;\n\n // continue\n c.process();\n};\n\n/**\n * Called when a client receives a ServerHelloDone record.\n *\n * When this message will be sent:\n * The server hello done message is sent by the server to indicate the end\n * of the server hello and associated messages. After sending this message\n * the server will wait for a client response.\n *\n * Meaning of this message:\n * This message means that the server is done sending messages to support\n * the key exchange, and the client can proceed with its phase of the key\n * exchange.\n *\n * Upon receipt of the server hello done message the client should verify\n * that the server provided a valid certificate if required and check that\n * the server hello parameters are acceptable.\n *\n * struct {} ServerHelloDone;\n *\n * @param c the connection.\n * @param record the record.\n * @param length the length of the handshake message.\n */\ntls.handleServerHelloDone = function(c, record, length) {\n // len must be 0 bytes\n if(length > 0) {\n return c.error(c, {\n message: 'Invalid ServerHelloDone message. Invalid length.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.record_overflow\n }\n });\n }\n\n if(c.serverCertificate === null) {\n // no server certificate was provided\n var error = {\n message: 'No server certificate provided. Not enough security.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.insufficient_security\n }\n };\n\n // call application callback\n var depth = 0;\n var ret = c.verify(c, error.alert.description, depth, []);\n if(ret !== true) {\n // check for custom alert info\n if(ret || ret === 0) {\n // set custom message and alert description\n if(typeof ret === 'object' && !forge.util.isArray(ret)) {\n if(ret.message) {\n error.message = ret.message;\n }\n if(ret.alert) {\n error.alert.description = ret.alert;\n }\n } else if(typeof ret === 'number') {\n // set custom alert description\n error.alert.description = ret;\n }\n }\n\n // send error\n return c.error(c, error);\n }\n }\n\n // create client certificate message if requested\n if(c.session.certificateRequest !== null) {\n record = tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createCertificate(c)\n });\n tls.queue(c, record);\n }\n\n // create client key exchange message\n record = tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createClientKeyExchange(c)\n });\n tls.queue(c, record);\n\n // expect no messages until the following callback has been called\n c.expect = SER;\n\n // create callback to handle client signature (for client-certs)\n var callback = function(c, signature) {\n if(c.session.certificateRequest !== null &&\n c.session.clientCertificate !== null) {\n // create certificate verify message\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createCertificateVerify(c, signature)\n }));\n }\n\n // create change cipher spec message\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.change_cipher_spec,\n data: tls.createChangeCipherSpec()\n }));\n\n // create pending state\n c.state.pending = tls.createConnectionState(c);\n\n // change current write state to pending write state\n c.state.current.write = c.state.pending.write;\n\n // create finished message\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createFinished(c)\n }));\n\n // expect a server ChangeCipherSpec message next\n c.expect = SCC;\n\n // send records\n tls.flush(c);\n\n // continue\n c.process();\n };\n\n // if there is no certificate request or no client certificate, do\n // callback immediately\n if(c.session.certificateRequest === null ||\n c.session.clientCertificate === null) {\n return callback(c, null);\n }\n\n // otherwise get the client signature\n tls.getClientSignature(c, callback);\n};\n\n/**\n * Called when a ChangeCipherSpec record is received.\n *\n * @param c the connection.\n * @param record the record.\n */\ntls.handleChangeCipherSpec = function(c, record) {\n if(record.fragment.getByte() !== 0x01) {\n return c.error(c, {\n message: 'Invalid ChangeCipherSpec message received.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.illegal_parameter\n }\n });\n }\n\n // create pending state if:\n // 1. Resuming session in client mode OR\n // 2. NOT resuming session in server mode\n var client = (c.entity === tls.ConnectionEnd.client);\n if((c.session.resuming && client) || (!c.session.resuming && !client)) {\n c.state.pending = tls.createConnectionState(c);\n }\n\n // change current read state to pending read state\n c.state.current.read = c.state.pending.read;\n\n // clear pending state if:\n // 1. NOT resuming session in client mode OR\n // 2. resuming a session in server mode\n if((!c.session.resuming && client) || (c.session.resuming && !client)) {\n c.state.pending = null;\n }\n\n // expect a Finished record next\n c.expect = client ? SFI : CFI;\n\n // continue\n c.process();\n};\n\n/**\n * Called when a Finished record is received.\n *\n * When this message will be sent:\n * A finished message is always sent immediately after a change\n * cipher spec message to verify that the key exchange and\n * authentication processes were successful. It is essential that a\n * change cipher spec message be received between the other\n * handshake messages and the Finished message.\n *\n * Meaning of this message:\n * The finished message is the first protected with the just-\n * negotiated algorithms, keys, and secrets. Recipients of finished\n * messages must verify that the contents are correct. Once a side\n * has sent its Finished message and received and validated the\n * Finished message from its peer, it may begin to send and receive\n * application data over the connection.\n *\n * struct {\n * opaque verify_data[verify_data_length];\n * } Finished;\n *\n * verify_data\n * PRF(master_secret, finished_label, Hash(handshake_messages))\n * [0..verify_data_length-1];\n *\n * finished_label\n * For Finished messages sent by the client, the string\n * \"client finished\". For Finished messages sent by the server, the\n * string \"server finished\".\n *\n * verify_data_length depends on the cipher suite. If it is not specified\n * by the cipher suite, then it is 12. Versions of TLS < 1.2 always used\n * 12 bytes.\n *\n * @param c the connection.\n * @param record the record.\n * @param length the length of the handshake message.\n */\ntls.handleFinished = function(c, record, length) {\n // rewind to get full bytes for message so it can be manually\n // digested below (special case for Finished messages because they\n // must be digested *after* handling as opposed to all others)\n var b = record.fragment;\n b.read -= 4;\n var msgBytes = b.bytes();\n b.read += 4;\n\n // message contains only verify_data\n var vd = record.fragment.getBytes();\n\n // ensure verify data is correct\n b = forge.util.createBuffer();\n b.putBuffer(c.session.md5.digest());\n b.putBuffer(c.session.sha1.digest());\n\n // set label based on entity type\n var client = (c.entity === tls.ConnectionEnd.client);\n var label = client ? 'server finished' : 'client finished';\n\n // TODO: determine prf function and verify length for TLS 1.2\n var sp = c.session.sp;\n var vdl = 12;\n var prf = prf_TLS1;\n b = prf(sp.master_secret, label, b.getBytes(), vdl);\n if(b.getBytes() !== vd) {\n return c.error(c, {\n message: 'Invalid verify_data in Finished message.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.decrypt_error\n }\n });\n }\n\n // digest finished message now that it has been handled\n c.session.md5.update(msgBytes);\n c.session.sha1.update(msgBytes);\n\n // resuming session as client or NOT resuming session as server\n if((c.session.resuming && client) || (!c.session.resuming && !client)) {\n // create change cipher spec message\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.change_cipher_spec,\n data: tls.createChangeCipherSpec()\n }));\n\n // change current write state to pending write state, clear pending\n c.state.current.write = c.state.pending.write;\n c.state.pending = null;\n\n // create finished message\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createFinished(c)\n }));\n }\n\n // expect application data next\n c.expect = client ? SAD : CAD;\n\n // handshake complete\n c.handshaking = false;\n ++c.handshakes;\n\n // save access to peer certificate\n c.peerCertificate = client ?\n c.session.serverCertificate : c.session.clientCertificate;\n\n // send records\n tls.flush(c);\n\n // now connected\n c.isConnected = true;\n c.connected(c);\n\n // continue\n c.process();\n};\n\n/**\n * Called when an Alert record is received.\n *\n * @param c the connection.\n * @param record the record.\n */\ntls.handleAlert = function(c, record) {\n // read alert\n var b = record.fragment;\n var alert = {\n level: b.getByte(),\n description: b.getByte()\n };\n\n // TODO: consider using a table?\n // get appropriate message\n var msg;\n switch(alert.description) {\n case tls.Alert.Description.close_notify:\n msg = 'Connection closed.';\n break;\n case tls.Alert.Description.unexpected_message:\n msg = 'Unexpected message.';\n break;\n case tls.Alert.Description.bad_record_mac:\n msg = 'Bad record MAC.';\n break;\n case tls.Alert.Description.decryption_failed:\n msg = 'Decryption failed.';\n break;\n case tls.Alert.Description.record_overflow:\n msg = 'Record overflow.';\n break;\n case tls.Alert.Description.decompression_failure:\n msg = 'Decompression failed.';\n break;\n case tls.Alert.Description.handshake_failure:\n msg = 'Handshake failure.';\n break;\n case tls.Alert.Description.bad_certificate:\n msg = 'Bad certificate.';\n break;\n case tls.Alert.Description.unsupported_certificate:\n msg = 'Unsupported certificate.';\n break;\n case tls.Alert.Description.certificate_revoked:\n msg = 'Certificate revoked.';\n break;\n case tls.Alert.Description.certificate_expired:\n msg = 'Certificate expired.';\n break;\n case tls.Alert.Description.certificate_unknown:\n msg = 'Certificate unknown.';\n break;\n case tls.Alert.Description.illegal_parameter:\n msg = 'Illegal parameter.';\n break;\n case tls.Alert.Description.unknown_ca:\n msg = 'Unknown certificate authority.';\n break;\n case tls.Alert.Description.access_denied:\n msg = 'Access denied.';\n break;\n case tls.Alert.Description.decode_error:\n msg = 'Decode error.';\n break;\n case tls.Alert.Description.decrypt_error:\n msg = 'Decrypt error.';\n break;\n case tls.Alert.Description.export_restriction:\n msg = 'Export restriction.';\n break;\n case tls.Alert.Description.protocol_version:\n msg = 'Unsupported protocol version.';\n break;\n case tls.Alert.Description.insufficient_security:\n msg = 'Insufficient security.';\n break;\n case tls.Alert.Description.internal_error:\n msg = 'Internal error.';\n break;\n case tls.Alert.Description.user_canceled:\n msg = 'User canceled.';\n break;\n case tls.Alert.Description.no_renegotiation:\n msg = 'Renegotiation not supported.';\n break;\n default:\n msg = 'Unknown error.';\n break;\n }\n\n // close connection on close_notify, not an error\n if(alert.description === tls.Alert.Description.close_notify) {\n return c.close();\n }\n\n // call error handler\n c.error(c, {\n message: msg,\n send: false,\n // origin is the opposite end\n origin: (c.entity === tls.ConnectionEnd.client) ? 'server' : 'client',\n alert: alert\n });\n\n // continue\n c.process();\n};\n\n/**\n * Called when a Handshake record is received.\n *\n * @param c the connection.\n * @param record the record.\n */\ntls.handleHandshake = function(c, record) {\n // get the handshake type and message length\n var b = record.fragment;\n var type = b.getByte();\n var length = b.getInt24();\n\n // see if the record fragment doesn't yet contain the full message\n if(length > b.length()) {\n // cache the record, clear its fragment, and reset the buffer read\n // pointer before the type and length were read\n c.fragmented = record;\n record.fragment = forge.util.createBuffer();\n b.read -= 4;\n\n // continue\n return c.process();\n }\n\n // full message now available, clear cache, reset read pointer to\n // before type and length\n c.fragmented = null;\n b.read -= 4;\n\n // save the handshake bytes for digestion after handler is found\n // (include type and length of handshake msg)\n var bytes = b.bytes(length + 4);\n\n // restore read pointer\n b.read += 4;\n\n // handle expected message\n if(type in hsTable[c.entity][c.expect]) {\n // initialize server session\n if(c.entity === tls.ConnectionEnd.server && !c.open && !c.fail) {\n c.handshaking = true;\n c.session = {\n version: null,\n extensions: {\n server_name: {\n serverNameList: []\n }\n },\n cipherSuite: null,\n compressionMethod: null,\n serverCertificate: null,\n clientCertificate: null,\n md5: forge.md.md5.create(),\n sha1: forge.md.sha1.create()\n };\n }\n\n /* Update handshake messages digest. Finished and CertificateVerify\n messages are not digested here. They can't be digested as part of\n the verify_data that they contain. These messages are manually\n digested in their handlers. HelloRequest messages are simply never\n included in the handshake message digest according to spec. */\n if(type !== tls.HandshakeType.hello_request &&\n type !== tls.HandshakeType.certificate_verify &&\n type !== tls.HandshakeType.finished) {\n c.session.md5.update(bytes);\n c.session.sha1.update(bytes);\n }\n\n // handle specific handshake type record\n hsTable[c.entity][c.expect][type](c, record, length);\n } else {\n // unexpected record\n tls.handleUnexpected(c, record);\n }\n};\n\n/**\n * Called when an ApplicationData record is received.\n *\n * @param c the connection.\n * @param record the record.\n */\ntls.handleApplicationData = function(c, record) {\n // buffer data, notify that its ready\n c.data.putBuffer(record.fragment);\n c.dataReady(c);\n\n // continue\n c.process();\n};\n\n/**\n * Called when a Heartbeat record is received.\n *\n * @param c the connection.\n * @param record the record.\n */\ntls.handleHeartbeat = function(c, record) {\n // get the heartbeat type and payload\n var b = record.fragment;\n var type = b.getByte();\n var length = b.getInt16();\n var payload = b.getBytes(length);\n\n if(type === tls.HeartbeatMessageType.heartbeat_request) {\n // discard request during handshake or if length is too large\n if(c.handshaking || length > payload.length) {\n // continue\n return c.process();\n }\n // retransmit payload\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.heartbeat,\n data: tls.createHeartbeat(\n tls.HeartbeatMessageType.heartbeat_response, payload)\n }));\n tls.flush(c);\n } else if(type === tls.HeartbeatMessageType.heartbeat_response) {\n // check payload against expected payload, discard heartbeat if no match\n if(payload !== c.expectedHeartbeatPayload) {\n // continue\n return c.process();\n }\n\n // notify that a valid heartbeat was received\n if(c.heartbeatReceived) {\n c.heartbeatReceived(c, forge.util.createBuffer(payload));\n }\n }\n\n // continue\n c.process();\n};\n\n/**\n * The transistional state tables for receiving TLS records. It maps the\n * current TLS engine state and a received record to a function to handle the\n * record and update the state.\n *\n * For instance, if the current state is SHE, then the TLS engine is expecting\n * a ServerHello record. Once a record is received, the handler function is\n * looked up using the state SHE and the record's content type.\n *\n * The resulting function will either be an error handler or a record handler.\n * The function will take whatever action is appropriate and update the state\n * for the next record.\n *\n * The states are all based on possible server record types. Note that the\n * client will never specifically expect to receive a HelloRequest or an alert\n * from the server so there is no state that reflects this. These messages may\n * occur at any time.\n *\n * There are two tables for mapping states because there is a second tier of\n * types for handshake messages. Once a record with a content type of handshake\n * is received, the handshake record handler will look up the handshake type in\n * the secondary map to get its appropriate handler.\n *\n * Valid message orders are as follows:\n *\n * =======================FULL HANDSHAKE======================\n * Client Server\n *\n * ClientHello -------->\n * ServerHello\n * Certificate*\n * ServerKeyExchange*\n * CertificateRequest*\n * <-------- ServerHelloDone\n * Certificate*\n * ClientKeyExchange\n * CertificateVerify*\n * [ChangeCipherSpec]\n * Finished -------->\n * [ChangeCipherSpec]\n * <-------- Finished\n * Application Data <-------> Application Data\n *\n * =====================SESSION RESUMPTION=====================\n * Client Server\n *\n * ClientHello -------->\n * ServerHello\n * [ChangeCipherSpec]\n * <-------- Finished\n * [ChangeCipherSpec]\n * Finished -------->\n * Application Data <-------> Application Data\n */\n// client expect states (indicate which records are expected to be received)\nvar SHE = 0; // rcv server hello\nvar SCE = 1; // rcv server certificate\nvar SKE = 2; // rcv server key exchange\nvar SCR = 3; // rcv certificate request\nvar SHD = 4; // rcv server hello done\nvar SCC = 5; // rcv change cipher spec\nvar SFI = 6; // rcv finished\nvar SAD = 7; // rcv application data\nvar SER = 8; // not expecting any messages at this point\n\n// server expect states\nvar CHE = 0; // rcv client hello\nvar CCE = 1; // rcv client certificate\nvar CKE = 2; // rcv client key exchange\nvar CCV = 3; // rcv certificate verify\nvar CCC = 4; // rcv change cipher spec\nvar CFI = 5; // rcv finished\nvar CAD = 6; // rcv application data\nvar CER = 7; // not expecting any messages at this point\n\n// map client current expect state and content type to function\nvar __ = tls.handleUnexpected;\nvar R0 = tls.handleChangeCipherSpec;\nvar R1 = tls.handleAlert;\nvar R2 = tls.handleHandshake;\nvar R3 = tls.handleApplicationData;\nvar R4 = tls.handleHeartbeat;\nvar ctTable = [];\nctTable[tls.ConnectionEnd.client] = [\n// CC,AL,HS,AD,HB\n/*SHE*/[__,R1,R2,__,R4],\n/*SCE*/[__,R1,R2,__,R4],\n/*SKE*/[__,R1,R2,__,R4],\n/*SCR*/[__,R1,R2,__,R4],\n/*SHD*/[__,R1,R2,__,R4],\n/*SCC*/[R0,R1,__,__,R4],\n/*SFI*/[__,R1,R2,__,R4],\n/*SAD*/[__,R1,R2,R3,R4],\n/*SER*/[__,R1,R2,__,R4]\n];\n\n// map server current expect state and content type to function\nctTable[tls.ConnectionEnd.server] = [\n// CC,AL,HS,AD\n/*CHE*/[__,R1,R2,__,R4],\n/*CCE*/[__,R1,R2,__,R4],\n/*CKE*/[__,R1,R2,__,R4],\n/*CCV*/[__,R1,R2,__,R4],\n/*CCC*/[R0,R1,__,__,R4],\n/*CFI*/[__,R1,R2,__,R4],\n/*CAD*/[__,R1,R2,R3,R4],\n/*CER*/[__,R1,R2,__,R4]\n];\n\n// map client current expect state and handshake type to function\nvar H0 = tls.handleHelloRequest;\nvar H1 = tls.handleServerHello;\nvar H2 = tls.handleCertificate;\nvar H3 = tls.handleServerKeyExchange;\nvar H4 = tls.handleCertificateRequest;\nvar H5 = tls.handleServerHelloDone;\nvar H6 = tls.handleFinished;\nvar hsTable = [];\nhsTable[tls.ConnectionEnd.client] = [\n// HR,01,SH,03,04,05,06,07,08,09,10,SC,SK,CR,HD,15,CK,17,18,19,FI\n/*SHE*/[__,__,H1,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],\n/*SCE*/[H0,__,__,__,__,__,__,__,__,__,__,H2,H3,H4,H5,__,__,__,__,__,__],\n/*SKE*/[H0,__,__,__,__,__,__,__,__,__,__,__,H3,H4,H5,__,__,__,__,__,__],\n/*SCR*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,H4,H5,__,__,__,__,__,__],\n/*SHD*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,H5,__,__,__,__,__,__],\n/*SCC*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],\n/*SFI*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H6],\n/*SAD*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],\n/*SER*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__]\n];\n\n// map server current expect state and handshake type to function\n// Note: CAD[CH] does not map to FB because renegotation is prohibited\nvar H7 = tls.handleClientHello;\nvar H8 = tls.handleClientKeyExchange;\nvar H9 = tls.handleCertificateVerify;\nhsTable[tls.ConnectionEnd.server] = [\n// 01,CH,02,03,04,05,06,07,08,09,10,CC,12,13,14,CV,CK,17,18,19,FI\n/*CHE*/[__,H7,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],\n/*CCE*/[__,__,__,__,__,__,__,__,__,__,__,H2,__,__,__,__,__,__,__,__,__],\n/*CKE*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H8,__,__,__,__],\n/*CCV*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H9,__,__,__,__,__],\n/*CCC*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],\n/*CFI*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H6],\n/*CAD*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__],\n/*CER*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__]\n];\n\n/**\n * Generates the master_secret and keys using the given security parameters.\n *\n * The security parameters for a TLS connection state are defined as such:\n *\n * struct {\n * ConnectionEnd entity;\n * PRFAlgorithm prf_algorithm;\n * BulkCipherAlgorithm bulk_cipher_algorithm;\n * CipherType cipher_type;\n * uint8 enc_key_length;\n * uint8 block_length;\n * uint8 fixed_iv_length;\n * uint8 record_iv_length;\n * MACAlgorithm mac_algorithm;\n * uint8 mac_length;\n * uint8 mac_key_length;\n * CompressionMethod compression_algorithm;\n * opaque master_secret[48];\n * opaque client_random[32];\n * opaque server_random[32];\n * } SecurityParameters;\n *\n * Note that this definition is from TLS 1.2. In TLS 1.0 some of these\n * parameters are ignored because, for instance, the PRFAlgorithm is a\n * builtin-fixed algorithm combining iterations of MD5 and SHA-1 in TLS 1.0.\n *\n * The Record Protocol requires an algorithm to generate keys required by the\n * current connection state.\n *\n * The master secret is expanded into a sequence of secure bytes, which is then\n * split to a client write MAC key, a server write MAC key, a client write\n * encryption key, and a server write encryption key. In TLS 1.0 a client write\n * IV and server write IV are also generated. Each of these is generated from\n * the byte sequence in that order. Unused values are empty. In TLS 1.2, some\n * AEAD ciphers may additionally require a client write IV and a server write\n * IV (see Section 6.2.3.3).\n *\n * When keys, MAC keys, and IVs are generated, the master secret is used as an\n * entropy source.\n *\n * To generate the key material, compute:\n *\n * master_secret = PRF(pre_master_secret, \"master secret\",\n * ClientHello.random + ServerHello.random)\n *\n * key_block = PRF(SecurityParameters.master_secret,\n * \"key expansion\",\n * SecurityParameters.server_random +\n * SecurityParameters.client_random);\n *\n * until enough output has been generated. Then, the key_block is\n * partitioned as follows:\n *\n * client_write_MAC_key[SecurityParameters.mac_key_length]\n * server_write_MAC_key[SecurityParameters.mac_key_length]\n * client_write_key[SecurityParameters.enc_key_length]\n * server_write_key[SecurityParameters.enc_key_length]\n * client_write_IV[SecurityParameters.fixed_iv_length]\n * server_write_IV[SecurityParameters.fixed_iv_length]\n *\n * In TLS 1.2, the client_write_IV and server_write_IV are only generated for\n * implicit nonce techniques as described in Section 3.2.1 of [AEAD]. This\n * implementation uses TLS 1.0 so IVs are generated.\n *\n * Implementation note: The currently defined cipher suite which requires the\n * most material is AES_256_CBC_SHA256. It requires 2 x 32 byte keys and 2 x 32\n * byte MAC keys, for a total 128 bytes of key material. In TLS 1.0 it also\n * requires 2 x 16 byte IVs, so it actually takes 160 bytes of key material.\n *\n * @param c the connection.\n * @param sp the security parameters to use.\n *\n * @return the security keys.\n */\ntls.generateKeys = function(c, sp) {\n // TLS_RSA_WITH_AES_128_CBC_SHA (required to be compliant with TLS 1.2) &\n // TLS_RSA_WITH_AES_256_CBC_SHA are the only cipher suites implemented\n // at present\n\n // TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is required to be compliant with\n // TLS 1.0 but we don't care right now because AES is better and we have\n // an implementation for it\n\n // TODO: TLS 1.2 implementation\n /*\n // determine the PRF\n var prf;\n switch(sp.prf_algorithm) {\n case tls.PRFAlgorithm.tls_prf_sha256:\n prf = prf_sha256;\n break;\n default:\n // should never happen\n throw new Error('Invalid PRF');\n }\n */\n\n // TLS 1.0/1.1 implementation\n var prf = prf_TLS1;\n\n // concatenate server and client random\n var random = sp.client_random + sp.server_random;\n\n // only create master secret if session is new\n if(!c.session.resuming) {\n // create master secret, clean up pre-master secret\n sp.master_secret = prf(\n sp.pre_master_secret, 'master secret', random, 48).bytes();\n sp.pre_master_secret = null;\n }\n\n // generate the amount of key material needed\n random = sp.server_random + sp.client_random;\n var length = 2 * sp.mac_key_length + 2 * sp.enc_key_length;\n\n // include IV for TLS/1.0\n var tls10 = (c.version.major === tls.Versions.TLS_1_0.major &&\n c.version.minor === tls.Versions.TLS_1_0.minor);\n if(tls10) {\n length += 2 * sp.fixed_iv_length;\n }\n var km = prf(sp.master_secret, 'key expansion', random, length);\n\n // split the key material into the MAC and encryption keys\n var rval = {\n client_write_MAC_key: km.getBytes(sp.mac_key_length),\n server_write_MAC_key: km.getBytes(sp.mac_key_length),\n client_write_key: km.getBytes(sp.enc_key_length),\n server_write_key: km.getBytes(sp.enc_key_length)\n };\n\n // include TLS 1.0 IVs\n if(tls10) {\n rval.client_write_IV = km.getBytes(sp.fixed_iv_length);\n rval.server_write_IV = km.getBytes(sp.fixed_iv_length);\n }\n\n return rval;\n};\n\n/**\n * Creates a new initialized TLS connection state. A connection state has\n * a read mode and a write mode.\n *\n * compression state:\n * The current state of the compression algorithm.\n *\n * cipher state:\n * The current state of the encryption algorithm. This will consist of the\n * scheduled key for that connection. For stream ciphers, this will also\n * contain whatever state information is necessary to allow the stream to\n * continue to encrypt or decrypt data.\n *\n * MAC key:\n * The MAC key for the connection.\n *\n * sequence number:\n * Each connection state contains a sequence number, which is maintained\n * separately for read and write states. The sequence number MUST be set to\n * zero whenever a connection state is made the active state. Sequence\n * numbers are of type uint64 and may not exceed 2^64-1. Sequence numbers do\n * not wrap. If a TLS implementation would need to wrap a sequence number,\n * it must renegotiate instead. A sequence number is incremented after each\n * record: specifically, the first record transmitted under a particular\n * connection state MUST use sequence number 0.\n *\n * @param c the connection.\n *\n * @return the new initialized TLS connection state.\n */\ntls.createConnectionState = function(c) {\n var client = (c.entity === tls.ConnectionEnd.client);\n\n var createMode = function() {\n var mode = {\n // two 32-bit numbers, first is most significant\n sequenceNumber: [0, 0],\n macKey: null,\n macLength: 0,\n macFunction: null,\n cipherState: null,\n cipherFunction: function(record) {return true;},\n compressionState: null,\n compressFunction: function(record) {return true;},\n updateSequenceNumber: function() {\n if(mode.sequenceNumber[1] === 0xFFFFFFFF) {\n mode.sequenceNumber[1] = 0;\n ++mode.sequenceNumber[0];\n } else {\n ++mode.sequenceNumber[1];\n }\n }\n };\n return mode;\n };\n var state = {\n read: createMode(),\n write: createMode()\n };\n\n // update function in read mode will decrypt then decompress a record\n state.read.update = function(c, record) {\n if(!state.read.cipherFunction(record, state.read)) {\n c.error(c, {\n message: 'Could not decrypt record or bad MAC.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n // doesn't matter if decryption failed or MAC was\n // invalid, return the same error so as not to reveal\n // which one occurred\n description: tls.Alert.Description.bad_record_mac\n }\n });\n } else if(!state.read.compressFunction(c, record, state.read)) {\n c.error(c, {\n message: 'Could not decompress record.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.decompression_failure\n }\n });\n }\n return !c.fail;\n };\n\n // update function in write mode will compress then encrypt a record\n state.write.update = function(c, record) {\n if(!state.write.compressFunction(c, record, state.write)) {\n // error, but do not send alert since it would require\n // compression as well\n c.error(c, {\n message: 'Could not compress record.',\n send: false,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.internal_error\n }\n });\n } else if(!state.write.cipherFunction(record, state.write)) {\n // error, but do not send alert since it would require\n // encryption as well\n c.error(c, {\n message: 'Could not encrypt record.',\n send: false,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.internal_error\n }\n });\n }\n return !c.fail;\n };\n\n // handle security parameters\n if(c.session) {\n var sp = c.session.sp;\n c.session.cipherSuite.initSecurityParameters(sp);\n\n // generate keys\n sp.keys = tls.generateKeys(c, sp);\n state.read.macKey = client ?\n sp.keys.server_write_MAC_key : sp.keys.client_write_MAC_key;\n state.write.macKey = client ?\n sp.keys.client_write_MAC_key : sp.keys.server_write_MAC_key;\n\n // cipher suite setup\n c.session.cipherSuite.initConnectionState(state, c, sp);\n\n // compression setup\n switch(sp.compression_algorithm) {\n case tls.CompressionMethod.none:\n break;\n case tls.CompressionMethod.deflate:\n state.read.compressFunction = inflate;\n state.write.compressFunction = deflate;\n break;\n default:\n throw new Error('Unsupported compression algorithm.');\n }\n }\n\n return state;\n};\n\n/**\n * Creates a Random structure.\n *\n * struct {\n * uint32 gmt_unix_time;\n * opaque random_bytes[28];\n * } Random;\n *\n * gmt_unix_time:\n * The current time and date in standard UNIX 32-bit format (seconds since\n * the midnight starting Jan 1, 1970, UTC, ignoring leap seconds) according\n * to the sender's internal clock. Clocks are not required to be set\n * correctly by the basic TLS protocol; higher-level or application\n * protocols may define additional requirements. Note that, for historical\n * reasons, the data element is named using GMT, the predecessor of the\n * current worldwide time base, UTC.\n * random_bytes:\n * 28 bytes generated by a secure random number generator.\n *\n * @return the Random structure as a byte array.\n */\ntls.createRandom = function() {\n // get UTC milliseconds\n var d = new Date();\n var utc = +d + d.getTimezoneOffset() * 60000;\n var rval = forge.util.createBuffer();\n rval.putInt32(utc);\n rval.putBytes(forge.random.getBytes(28));\n return rval;\n};\n\n/**\n * Creates a TLS record with the given type and data.\n *\n * @param c the connection.\n * @param options:\n * type: the record type.\n * data: the plain text data in a byte buffer.\n *\n * @return the created record.\n */\ntls.createRecord = function(c, options) {\n if(!options.data) {\n return null;\n }\n var record = {\n type: options.type,\n version: {\n major: c.version.major,\n minor: c.version.minor\n },\n length: options.data.length(),\n fragment: options.data\n };\n return record;\n};\n\n/**\n * Creates a TLS alert record.\n *\n * @param c the connection.\n * @param alert:\n * level: the TLS alert level.\n * description: the TLS alert description.\n *\n * @return the created alert record.\n */\ntls.createAlert = function(c, alert) {\n var b = forge.util.createBuffer();\n b.putByte(alert.level);\n b.putByte(alert.description);\n return tls.createRecord(c, {\n type: tls.ContentType.alert,\n data: b\n });\n};\n\n/* The structure of a TLS handshake message.\n *\n * struct {\n * HandshakeType msg_type; // handshake type\n * uint24 length; // bytes in message\n * select(HandshakeType) {\n * case hello_request: HelloRequest;\n * case client_hello: ClientHello;\n * case server_hello: ServerHello;\n * case certificate: Certificate;\n * case server_key_exchange: ServerKeyExchange;\n * case certificate_request: CertificateRequest;\n * case server_hello_done: ServerHelloDone;\n * case certificate_verify: CertificateVerify;\n * case client_key_exchange: ClientKeyExchange;\n * case finished: Finished;\n * } body;\n * } Handshake;\n */\n\n/**\n * Creates a ClientHello message.\n *\n * opaque SessionID<0..32>;\n * enum { null(0), deflate(1), (255) } CompressionMethod;\n * uint8 CipherSuite[2];\n *\n * struct {\n * ProtocolVersion client_version;\n * Random random;\n * SessionID session_id;\n * CipherSuite cipher_suites<2..2^16-2>;\n * CompressionMethod compression_methods<1..2^8-1>;\n * select(extensions_present) {\n * case false:\n * struct {};\n * case true:\n * Extension extensions<0..2^16-1>;\n * };\n * } ClientHello;\n *\n * The extension format for extended client hellos and server hellos is:\n *\n * struct {\n * ExtensionType extension_type;\n * opaque extension_data<0..2^16-1>;\n * } Extension;\n *\n * Here:\n *\n * - \"extension_type\" identifies the particular extension type.\n * - \"extension_data\" contains information specific to the particular\n * extension type.\n *\n * The extension types defined in this document are:\n *\n * enum {\n * server_name(0), max_fragment_length(1),\n * client_certificate_url(2), trusted_ca_keys(3),\n * truncated_hmac(4), status_request(5), (65535)\n * } ExtensionType;\n *\n * @param c the connection.\n *\n * @return the ClientHello byte buffer.\n */\ntls.createClientHello = function(c) {\n // save hello version\n c.session.clientHelloVersion = {\n major: c.version.major,\n minor: c.version.minor\n };\n\n // create supported cipher suites\n var cipherSuites = forge.util.createBuffer();\n for(var i = 0; i < c.cipherSuites.length; ++i) {\n var cs = c.cipherSuites[i];\n cipherSuites.putByte(cs.id[0]);\n cipherSuites.putByte(cs.id[1]);\n }\n var cSuites = cipherSuites.length();\n\n // create supported compression methods, null always supported, but\n // also support deflate if connection has inflate and deflate methods\n var compressionMethods = forge.util.createBuffer();\n compressionMethods.putByte(tls.CompressionMethod.none);\n // FIXME: deflate support disabled until issues with raw deflate data\n // without zlib headers are resolved\n /*\n if(c.inflate !== null && c.deflate !== null) {\n compressionMethods.putByte(tls.CompressionMethod.deflate);\n }\n */\n var cMethods = compressionMethods.length();\n\n // create TLS SNI (server name indication) extension if virtual host\n // has been specified, see RFC 3546\n var extensions = forge.util.createBuffer();\n if(c.virtualHost) {\n // create extension struct\n var ext = forge.util.createBuffer();\n ext.putByte(0x00); // type server_name (ExtensionType is 2 bytes)\n ext.putByte(0x00);\n\n /* In order to provide the server name, clients MAY include an\n * extension of type \"server_name\" in the (extended) client hello.\n * The \"extension_data\" field of this extension SHALL contain\n * \"ServerNameList\" where:\n *\n * struct {\n * NameType name_type;\n * select(name_type) {\n * case host_name: HostName;\n * } name;\n * } ServerName;\n *\n * enum {\n * host_name(0), (255)\n * } NameType;\n *\n * opaque HostName<1..2^16-1>;\n *\n * struct {\n * ServerName server_name_list<1..2^16-1>\n * } ServerNameList;\n */\n var serverName = forge.util.createBuffer();\n serverName.putByte(0x00); // type host_name\n writeVector(serverName, 2, forge.util.createBuffer(c.virtualHost));\n\n // ServerNameList is in extension_data\n var snList = forge.util.createBuffer();\n writeVector(snList, 2, serverName);\n writeVector(ext, 2, snList);\n extensions.putBuffer(ext);\n }\n var extLength = extensions.length();\n if(extLength > 0) {\n // add extension vector length\n extLength += 2;\n }\n\n // determine length of the handshake message\n // cipher suites and compression methods size will need to be\n // updated if more get added to the list\n var sessionId = c.session.id;\n var length =\n sessionId.length + 1 + // session ID vector\n 2 + // version (major + minor)\n 4 + 28 + // random time and random bytes\n 2 + cSuites + // cipher suites vector\n 1 + cMethods + // compression methods vector\n extLength; // extensions vector\n\n // build record fragment\n var rval = forge.util.createBuffer();\n rval.putByte(tls.HandshakeType.client_hello);\n rval.putInt24(length); // handshake length\n rval.putByte(c.version.major); // major version\n rval.putByte(c.version.minor); // minor version\n rval.putBytes(c.session.sp.client_random); // random time + bytes\n writeVector(rval, 1, forge.util.createBuffer(sessionId));\n writeVector(rval, 2, cipherSuites);\n writeVector(rval, 1, compressionMethods);\n if(extLength > 0) {\n writeVector(rval, 2, extensions);\n }\n return rval;\n};\n\n/**\n * Creates a ServerHello message.\n *\n * @param c the connection.\n *\n * @return the ServerHello byte buffer.\n */\ntls.createServerHello = function(c) {\n // determine length of the handshake message\n var sessionId = c.session.id;\n var length =\n sessionId.length + 1 + // session ID vector\n 2 + // version (major + minor)\n 4 + 28 + // random time and random bytes\n 2 + // chosen cipher suite\n 1; // chosen compression method\n\n // build record fragment\n var rval = forge.util.createBuffer();\n rval.putByte(tls.HandshakeType.server_hello);\n rval.putInt24(length); // handshake length\n rval.putByte(c.version.major); // major version\n rval.putByte(c.version.minor); // minor version\n rval.putBytes(c.session.sp.server_random); // random time + bytes\n writeVector(rval, 1, forge.util.createBuffer(sessionId));\n rval.putByte(c.session.cipherSuite.id[0]);\n rval.putByte(c.session.cipherSuite.id[1]);\n rval.putByte(c.session.compressionMethod);\n return rval;\n};\n\n/**\n * Creates a Certificate message.\n *\n * When this message will be sent:\n * This is the first message the client can send after receiving a server\n * hello done message and the first message the server can send after\n * sending a ServerHello. This client message is only sent if the server\n * requests a certificate. If no suitable certificate is available, the\n * client should send a certificate message containing no certificates. If\n * client authentication is required by the server for the handshake to\n * continue, it may respond with a fatal handshake failure alert.\n *\n * opaque ASN.1Cert<1..2^24-1>;\n *\n * struct {\n * ASN.1Cert certificate_list<0..2^24-1>;\n * } Certificate;\n *\n * @param c the connection.\n *\n * @return the Certificate byte buffer.\n */\ntls.createCertificate = function(c) {\n // TODO: check certificate request to ensure types are supported\n\n // get a certificate (a certificate as a PEM string)\n var client = (c.entity === tls.ConnectionEnd.client);\n var cert = null;\n if(c.getCertificate) {\n var hint;\n if(client) {\n hint = c.session.certificateRequest;\n } else {\n hint = c.session.extensions.server_name.serverNameList;\n }\n cert = c.getCertificate(c, hint);\n }\n\n // buffer to hold certificate list\n var certList = forge.util.createBuffer();\n if(cert !== null) {\n try {\n // normalize cert to a chain of certificates\n if(!forge.util.isArray(cert)) {\n cert = [cert];\n }\n var asn1 = null;\n for(var i = 0; i < cert.length; ++i) {\n var msg = forge.pem.decode(cert[i])[0];\n if(msg.type !== 'CERTIFICATE' &&\n msg.type !== 'X509 CERTIFICATE' &&\n msg.type !== 'TRUSTED CERTIFICATE') {\n var error = new Error('Could not convert certificate from PEM; PEM ' +\n 'header type is not \"CERTIFICATE\", \"X509 CERTIFICATE\", or ' +\n '\"TRUSTED CERTIFICATE\".');\n error.headerType = msg.type;\n throw error;\n }\n if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n throw new Error('Could not convert certificate from PEM; PEM is encrypted.');\n }\n\n var der = forge.util.createBuffer(msg.body);\n if(asn1 === null) {\n asn1 = forge.asn1.fromDer(der.bytes(), false);\n }\n\n // certificate entry is itself a vector with 3 length bytes\n var certBuffer = forge.util.createBuffer();\n writeVector(certBuffer, 3, der);\n\n // add cert vector to cert list vector\n certList.putBuffer(certBuffer);\n }\n\n // save certificate\n cert = forge.pki.certificateFromAsn1(asn1);\n if(client) {\n c.session.clientCertificate = cert;\n } else {\n c.session.serverCertificate = cert;\n }\n } catch(ex) {\n return c.error(c, {\n message: 'Could not send certificate list.',\n cause: ex,\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.bad_certificate\n }\n });\n }\n }\n\n // determine length of the handshake message\n var length = 3 + certList.length(); // cert list vector\n\n // build record fragment\n var rval = forge.util.createBuffer();\n rval.putByte(tls.HandshakeType.certificate);\n rval.putInt24(length);\n writeVector(rval, 3, certList);\n return rval;\n};\n\n/**\n * Creates a ClientKeyExchange message.\n *\n * When this message will be sent:\n * This message is always sent by the client. It will immediately follow the\n * client certificate message, if it is sent. Otherwise it will be the first\n * message sent by the client after it receives the server hello done\n * message.\n *\n * Meaning of this message:\n * With this message, the premaster secret is set, either though direct\n * transmission of the RSA-encrypted secret, or by the transmission of\n * Diffie-Hellman parameters which will allow each side to agree upon the\n * same premaster secret. When the key exchange method is DH_RSA or DH_DSS,\n * client certification has been requested, and the client was able to\n * respond with a certificate which contained a Diffie-Hellman public key\n * whose parameters (group and generator) matched those specified by the\n * server in its certificate, this message will not contain any data.\n *\n * Meaning of this message:\n * If RSA is being used for key agreement and authentication, the client\n * generates a 48-byte premaster secret, encrypts it using the public key\n * from the server's certificate or the temporary RSA key provided in a\n * server key exchange message, and sends the result in an encrypted\n * premaster secret message. This structure is a variant of the client\n * key exchange message, not a message in itself.\n *\n * struct {\n * select(KeyExchangeAlgorithm) {\n * case rsa: EncryptedPreMasterSecret;\n * case diffie_hellman: ClientDiffieHellmanPublic;\n * } exchange_keys;\n * } ClientKeyExchange;\n *\n * struct {\n * ProtocolVersion client_version;\n * opaque random[46];\n * } PreMasterSecret;\n *\n * struct {\n * public-key-encrypted PreMasterSecret pre_master_secret;\n * } EncryptedPreMasterSecret;\n *\n * A public-key-encrypted element is encoded as a vector <0..2^16-1>.\n *\n * @param c the connection.\n *\n * @return the ClientKeyExchange byte buffer.\n */\ntls.createClientKeyExchange = function(c) {\n // create buffer to encrypt\n var b = forge.util.createBuffer();\n\n // add highest client-supported protocol to help server avoid version\n // rollback attacks\n b.putByte(c.session.clientHelloVersion.major);\n b.putByte(c.session.clientHelloVersion.minor);\n\n // generate and add 46 random bytes\n b.putBytes(forge.random.getBytes(46));\n\n // save pre-master secret\n var sp = c.session.sp;\n sp.pre_master_secret = b.getBytes();\n\n // RSA-encrypt the pre-master secret\n var key = c.session.serverCertificate.publicKey;\n b = key.encrypt(sp.pre_master_secret);\n\n /* Note: The encrypted pre-master secret will be stored in a\n public-key-encrypted opaque vector that has the length prefixed using\n 2 bytes, so include those 2 bytes in the handshake message length. This\n is done as a minor optimization instead of calling writeVector(). */\n\n // determine length of the handshake message\n var length = b.length + 2;\n\n // build record fragment\n var rval = forge.util.createBuffer();\n rval.putByte(tls.HandshakeType.client_key_exchange);\n rval.putInt24(length);\n // add vector length bytes\n rval.putInt16(b.length);\n rval.putBytes(b);\n return rval;\n};\n\n/**\n * Creates a ServerKeyExchange message.\n *\n * @param c the connection.\n *\n * @return the ServerKeyExchange byte buffer.\n */\ntls.createServerKeyExchange = function(c) {\n // this implementation only supports RSA, no Diffie-Hellman support,\n // so this record is empty\n\n // determine length of the handshake message\n var length = 0;\n\n // build record fragment\n var rval = forge.util.createBuffer();\n if(length > 0) {\n rval.putByte(tls.HandshakeType.server_key_exchange);\n rval.putInt24(length);\n }\n return rval;\n};\n\n/**\n * Gets the signed data used to verify a client-side certificate. See\n * tls.createCertificateVerify() for details.\n *\n * @param c the connection.\n * @param callback the callback to call once the signed data is ready.\n */\ntls.getClientSignature = function(c, callback) {\n // generate data to RSA encrypt\n var b = forge.util.createBuffer();\n b.putBuffer(c.session.md5.digest());\n b.putBuffer(c.session.sha1.digest());\n b = b.getBytes();\n\n // create default signing function as necessary\n c.getSignature = c.getSignature || function(c, b, callback) {\n // do rsa encryption, call callback\n var privateKey = null;\n if(c.getPrivateKey) {\n try {\n privateKey = c.getPrivateKey(c, c.session.clientCertificate);\n privateKey = forge.pki.privateKeyFromPem(privateKey);\n } catch(ex) {\n c.error(c, {\n message: 'Could not get private key.',\n cause: ex,\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.internal_error\n }\n });\n }\n }\n if(privateKey === null) {\n c.error(c, {\n message: 'No private key set.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.internal_error\n }\n });\n } else {\n b = privateKey.sign(b, null);\n }\n callback(c, b);\n };\n\n // get client signature\n c.getSignature(c, b, callback);\n};\n\n/**\n * Creates a CertificateVerify message.\n *\n * Meaning of this message:\n * This structure conveys the client's Diffie-Hellman public value\n * (Yc) if it was not already included in the client's certificate.\n * The encoding used for Yc is determined by the enumerated\n * PublicValueEncoding. This structure is a variant of the client\n * key exchange message, not a message in itself.\n *\n * When this message will be sent:\n * This message is used to provide explicit verification of a client\n * certificate. This message is only sent following a client\n * certificate that has signing capability (i.e. all certificates\n * except those containing fixed Diffie-Hellman parameters). When\n * sent, it will immediately follow the client key exchange message.\n *\n * struct {\n * Signature signature;\n * } CertificateVerify;\n *\n * CertificateVerify.signature.md5_hash\n * MD5(handshake_messages);\n *\n * Certificate.signature.sha_hash\n * SHA(handshake_messages);\n *\n * Here handshake_messages refers to all handshake messages sent or\n * received starting at client hello up to but not including this\n * message, including the type and length fields of the handshake\n * messages.\n *\n * select(SignatureAlgorithm) {\n * case anonymous: struct { };\n * case rsa:\n * digitally-signed struct {\n * opaque md5_hash[16];\n * opaque sha_hash[20];\n * };\n * case dsa:\n * digitally-signed struct {\n * opaque sha_hash[20];\n * };\n * } Signature;\n *\n * In digital signing, one-way hash functions are used as input for a\n * signing algorithm. A digitally-signed element is encoded as an opaque\n * vector <0..2^16-1>, where the length is specified by the signing\n * algorithm and key.\n *\n * In RSA signing, a 36-byte structure of two hashes (one SHA and one\n * MD5) is signed (encrypted with the private key). It is encoded with\n * PKCS #1 block type 0 or type 1 as described in [PKCS1].\n *\n * In DSS, the 20 bytes of the SHA hash are run directly through the\n * Digital Signing Algorithm with no additional hashing.\n *\n * @param c the connection.\n * @param signature the signature to include in the message.\n *\n * @return the CertificateVerify byte buffer.\n */\ntls.createCertificateVerify = function(c, signature) {\n /* Note: The signature will be stored in a \"digitally-signed\" opaque\n vector that has the length prefixed using 2 bytes, so include those\n 2 bytes in the handshake message length. This is done as a minor\n optimization instead of calling writeVector(). */\n\n // determine length of the handshake message\n var length = signature.length + 2;\n\n // build record fragment\n var rval = forge.util.createBuffer();\n rval.putByte(tls.HandshakeType.certificate_verify);\n rval.putInt24(length);\n // add vector length bytes\n rval.putInt16(signature.length);\n rval.putBytes(signature);\n return rval;\n};\n\n/**\n * Creates a CertificateRequest message.\n *\n * @param c the connection.\n *\n * @return the CertificateRequest byte buffer.\n */\ntls.createCertificateRequest = function(c) {\n // TODO: support other certificate types\n var certTypes = forge.util.createBuffer();\n\n // common RSA certificate type\n certTypes.putByte(0x01);\n\n // add distinguished names from CA store\n var cAs = forge.util.createBuffer();\n for(var key in c.caStore.certs) {\n var cert = c.caStore.certs[key];\n var dn = forge.pki.distinguishedNameToAsn1(cert.subject);\n var byteBuffer = forge.asn1.toDer(dn);\n cAs.putInt16(byteBuffer.length());\n cAs.putBuffer(byteBuffer);\n }\n\n // TODO: TLS 1.2+ has a different format\n\n // determine length of the handshake message\n var length =\n 1 + certTypes.length() +\n 2 + cAs.length();\n\n // build record fragment\n var rval = forge.util.createBuffer();\n rval.putByte(tls.HandshakeType.certificate_request);\n rval.putInt24(length);\n writeVector(rval, 1, certTypes);\n writeVector(rval, 2, cAs);\n return rval;\n};\n\n/**\n * Creates a ServerHelloDone message.\n *\n * @param c the connection.\n *\n * @return the ServerHelloDone byte buffer.\n */\ntls.createServerHelloDone = function(c) {\n // build record fragment\n var rval = forge.util.createBuffer();\n rval.putByte(tls.HandshakeType.server_hello_done);\n rval.putInt24(0);\n return rval;\n};\n\n/**\n * Creates a ChangeCipherSpec message.\n *\n * The change cipher spec protocol exists to signal transitions in\n * ciphering strategies. The protocol consists of a single message,\n * which is encrypted and compressed under the current (not the pending)\n * connection state. The message consists of a single byte of value 1.\n *\n * struct {\n * enum { change_cipher_spec(1), (255) } type;\n * } ChangeCipherSpec;\n *\n * @return the ChangeCipherSpec byte buffer.\n */\ntls.createChangeCipherSpec = function() {\n var rval = forge.util.createBuffer();\n rval.putByte(0x01);\n return rval;\n};\n\n/**\n * Creates a Finished message.\n *\n * struct {\n * opaque verify_data[12];\n * } Finished;\n *\n * verify_data\n * PRF(master_secret, finished_label, MD5(handshake_messages) +\n * SHA-1(handshake_messages)) [0..11];\n *\n * finished_label\n * For Finished messages sent by the client, the string \"client\n * finished\". For Finished messages sent by the server, the\n * string \"server finished\".\n *\n * handshake_messages\n * All of the data from all handshake messages up to but not\n * including this message. This is only data visible at the\n * handshake layer and does not include record layer headers.\n * This is the concatenation of all the Handshake structures as\n * defined in 7.4 exchanged thus far.\n *\n * @param c the connection.\n *\n * @return the Finished byte buffer.\n */\ntls.createFinished = function(c) {\n // generate verify_data\n var b = forge.util.createBuffer();\n b.putBuffer(c.session.md5.digest());\n b.putBuffer(c.session.sha1.digest());\n\n // TODO: determine prf function and verify length for TLS 1.2\n var client = (c.entity === tls.ConnectionEnd.client);\n var sp = c.session.sp;\n var vdl = 12;\n var prf = prf_TLS1;\n var label = client ? 'client finished' : 'server finished';\n b = prf(sp.master_secret, label, b.getBytes(), vdl);\n\n // build record fragment\n var rval = forge.util.createBuffer();\n rval.putByte(tls.HandshakeType.finished);\n rval.putInt24(b.length());\n rval.putBuffer(b);\n return rval;\n};\n\n/**\n * Creates a HeartbeatMessage (See RFC 6520).\n *\n * struct {\n * HeartbeatMessageType type;\n * uint16 payload_length;\n * opaque payload[HeartbeatMessage.payload_length];\n * opaque padding[padding_length];\n * } HeartbeatMessage;\n *\n * The total length of a HeartbeatMessage MUST NOT exceed 2^14 or\n * max_fragment_length when negotiated as defined in [RFC6066].\n *\n * type: The message type, either heartbeat_request or heartbeat_response.\n *\n * payload_length: The length of the payload.\n *\n * payload: The payload consists of arbitrary content.\n *\n * padding: The padding is random content that MUST be ignored by the\n * receiver. The length of a HeartbeatMessage is TLSPlaintext.length\n * for TLS and DTLSPlaintext.length for DTLS. Furthermore, the\n * length of the type field is 1 byte, and the length of the\n * payload_length is 2. Therefore, the padding_length is\n * TLSPlaintext.length - payload_length - 3 for TLS and\n * DTLSPlaintext.length - payload_length - 3 for DTLS. The\n * padding_length MUST be at least 16.\n *\n * The sender of a HeartbeatMessage MUST use a random padding of at\n * least 16 bytes. The padding of a received HeartbeatMessage message\n * MUST be ignored.\n *\n * If the payload_length of a received HeartbeatMessage is too large,\n * the received HeartbeatMessage MUST be discarded silently.\n *\n * @param c the connection.\n * @param type the tls.HeartbeatMessageType.\n * @param payload the heartbeat data to send as the payload.\n * @param [payloadLength] the payload length to use, defaults to the\n * actual payload length.\n *\n * @return the HeartbeatRequest byte buffer.\n */\ntls.createHeartbeat = function(type, payload, payloadLength) {\n if(typeof payloadLength === 'undefined') {\n payloadLength = payload.length;\n }\n // build record fragment\n var rval = forge.util.createBuffer();\n rval.putByte(type); // heartbeat message type\n rval.putInt16(payloadLength); // payload length\n rval.putBytes(payload); // payload\n // padding\n var plaintextLength = rval.length();\n var paddingLength = Math.max(16, plaintextLength - payloadLength - 3);\n rval.putBytes(forge.random.getBytes(paddingLength));\n return rval;\n};\n\n/**\n * Fragments, compresses, encrypts, and queues a record for delivery.\n *\n * @param c the connection.\n * @param record the record to queue.\n */\ntls.queue = function(c, record) {\n // error during record creation\n if(!record) {\n return;\n }\n\n if(record.fragment.length() === 0) {\n if(record.type === tls.ContentType.handshake ||\n record.type === tls.ContentType.alert ||\n record.type === tls.ContentType.change_cipher_spec) {\n // Empty handshake, alert of change cipher spec messages are not allowed per the TLS specification and should not be sent.\n return;\n }\n }\n\n // if the record is a handshake record, update handshake hashes\n if(record.type === tls.ContentType.handshake) {\n var bytes = record.fragment.bytes();\n c.session.md5.update(bytes);\n c.session.sha1.update(bytes);\n bytes = null;\n }\n\n // handle record fragmentation\n var records;\n if(record.fragment.length() <= tls.MaxFragment) {\n records = [record];\n } else {\n // fragment data as long as it is too long\n records = [];\n var data = record.fragment.bytes();\n while(data.length > tls.MaxFragment) {\n records.push(tls.createRecord(c, {\n type: record.type,\n data: forge.util.createBuffer(data.slice(0, tls.MaxFragment))\n }));\n data = data.slice(tls.MaxFragment);\n }\n // add last record\n if(data.length > 0) {\n records.push(tls.createRecord(c, {\n type: record.type,\n data: forge.util.createBuffer(data)\n }));\n }\n }\n\n // compress and encrypt all fragmented records\n for(var i = 0; i < records.length && !c.fail; ++i) {\n // update the record using current write state\n var rec = records[i];\n var s = c.state.current.write;\n if(s.update(c, rec)) {\n // store record\n c.records.push(rec);\n }\n }\n};\n\n/**\n * Flushes all queued records to the output buffer and calls the\n * tlsDataReady() handler on the given connection.\n *\n * @param c the connection.\n *\n * @return true on success, false on failure.\n */\ntls.flush = function(c) {\n for(var i = 0; i < c.records.length; ++i) {\n var record = c.records[i];\n\n // add record header and fragment\n c.tlsData.putByte(record.type);\n c.tlsData.putByte(record.version.major);\n c.tlsData.putByte(record.version.minor);\n c.tlsData.putInt16(record.fragment.length());\n c.tlsData.putBuffer(c.records[i].fragment);\n }\n c.records = [];\n return c.tlsDataReady(c);\n};\n\n/**\n * Maps a pki.certificateError to a tls.Alert.Description.\n *\n * @param error the error to map.\n *\n * @return the alert description.\n */\nvar _certErrorToAlertDesc = function(error) {\n switch(error) {\n case true:\n return true;\n case forge.pki.certificateError.bad_certificate:\n return tls.Alert.Description.bad_certificate;\n case forge.pki.certificateError.unsupported_certificate:\n return tls.Alert.Description.unsupported_certificate;\n case forge.pki.certificateError.certificate_revoked:\n return tls.Alert.Description.certificate_revoked;\n case forge.pki.certificateError.certificate_expired:\n return tls.Alert.Description.certificate_expired;\n case forge.pki.certificateError.certificate_unknown:\n return tls.Alert.Description.certificate_unknown;\n case forge.pki.certificateError.unknown_ca:\n return tls.Alert.Description.unknown_ca;\n default:\n return tls.Alert.Description.bad_certificate;\n }\n};\n\n/**\n * Maps a tls.Alert.Description to a pki.certificateError.\n *\n * @param desc the alert description.\n *\n * @return the certificate error.\n */\nvar _alertDescToCertError = function(desc) {\n switch(desc) {\n case true:\n return true;\n case tls.Alert.Description.bad_certificate:\n return forge.pki.certificateError.bad_certificate;\n case tls.Alert.Description.unsupported_certificate:\n return forge.pki.certificateError.unsupported_certificate;\n case tls.Alert.Description.certificate_revoked:\n return forge.pki.certificateError.certificate_revoked;\n case tls.Alert.Description.certificate_expired:\n return forge.pki.certificateError.certificate_expired;\n case tls.Alert.Description.certificate_unknown:\n return forge.pki.certificateError.certificate_unknown;\n case tls.Alert.Description.unknown_ca:\n return forge.pki.certificateError.unknown_ca;\n default:\n return forge.pki.certificateError.bad_certificate;\n }\n};\n\n/**\n * Verifies a certificate chain against the given connection's\n * Certificate Authority store.\n *\n * @param c the TLS connection.\n * @param chain the certificate chain to verify, with the root or highest\n * authority at the end.\n *\n * @return true if successful, false if not.\n */\ntls.verifyCertificateChain = function(c, chain) {\n try {\n // Make a copy of c.verifyOptions so that we can modify options.verify\n // without modifying c.verifyOptions.\n var options = {};\n for (var key in c.verifyOptions) {\n options[key] = c.verifyOptions[key];\n }\n\n options.verify = function(vfd, depth, chain) {\n // convert pki.certificateError to tls alert description\n var desc = _certErrorToAlertDesc(vfd);\n\n // call application callback\n var ret = c.verify(c, vfd, depth, chain);\n if(ret !== true) {\n if(typeof ret === 'object' && !forge.util.isArray(ret)) {\n // throw custom error\n var error = new Error('The application rejected the certificate.');\n error.send = true;\n error.alert = {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.bad_certificate\n };\n if(ret.message) {\n error.message = ret.message;\n }\n if(ret.alert) {\n error.alert.description = ret.alert;\n }\n throw error;\n }\n\n // convert tls alert description to pki.certificateError\n if(ret !== vfd) {\n ret = _alertDescToCertError(ret);\n }\n }\n\n return ret;\n };\n\n // verify chain\n forge.pki.verifyCertificateChain(c.caStore, chain, options);\n } catch(ex) {\n // build tls error if not already customized\n var err = ex;\n if(typeof err !== 'object' || forge.util.isArray(err)) {\n err = {\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: _certErrorToAlertDesc(ex)\n }\n };\n }\n if(!('send' in err)) {\n err.send = true;\n }\n if(!('alert' in err)) {\n err.alert = {\n level: tls.Alert.Level.fatal,\n description: _certErrorToAlertDesc(err.error)\n };\n }\n\n // send error\n c.error(c, err);\n }\n\n return !c.fail;\n};\n\n/**\n * Creates a new TLS session cache.\n *\n * @param cache optional map of session ID to cached session.\n * @param capacity the maximum size for the cache (default: 100).\n *\n * @return the new TLS session cache.\n */\ntls.createSessionCache = function(cache, capacity) {\n var rval = null;\n\n // assume input is already a session cache object\n if(cache && cache.getSession && cache.setSession && cache.order) {\n rval = cache;\n } else {\n // create cache\n rval = {};\n rval.cache = cache || {};\n rval.capacity = Math.max(capacity || 100, 1);\n rval.order = [];\n\n // store order for sessions, delete session overflow\n for(var key in cache) {\n if(rval.order.length <= capacity) {\n rval.order.push(key);\n } else {\n delete cache[key];\n }\n }\n\n // get a session from a session ID (or get any session)\n rval.getSession = function(sessionId) {\n var session = null;\n var key = null;\n\n // if session ID provided, use it\n if(sessionId) {\n key = forge.util.bytesToHex(sessionId);\n } else if(rval.order.length > 0) {\n // get first session from cache\n key = rval.order[0];\n }\n\n if(key !== null && key in rval.cache) {\n // get cached session and remove from cache\n session = rval.cache[key];\n delete rval.cache[key];\n for(var i in rval.order) {\n if(rval.order[i] === key) {\n rval.order.splice(i, 1);\n break;\n }\n }\n }\n\n return session;\n };\n\n // set a session in the cache\n rval.setSession = function(sessionId, session) {\n // remove session from cache if at capacity\n if(rval.order.length === rval.capacity) {\n var key = rval.order.shift();\n delete rval.cache[key];\n }\n // add session to cache\n var key = forge.util.bytesToHex(sessionId);\n rval.order.push(key);\n rval.cache[key] = session;\n };\n }\n\n return rval;\n};\n\n/**\n * Creates a new TLS connection.\n *\n * See public createConnection() docs for more details.\n *\n * @param options the options for this connection.\n *\n * @return the new TLS connection.\n */\ntls.createConnection = function(options) {\n var caStore = null;\n if(options.caStore) {\n // if CA store is an array, convert it to a CA store object\n if(forge.util.isArray(options.caStore)) {\n caStore = forge.pki.createCaStore(options.caStore);\n } else {\n caStore = options.caStore;\n }\n } else {\n // create empty CA store\n caStore = forge.pki.createCaStore();\n }\n\n // setup default cipher suites\n var cipherSuites = options.cipherSuites || null;\n if(cipherSuites === null) {\n cipherSuites = [];\n for(var key in tls.CipherSuites) {\n cipherSuites.push(tls.CipherSuites[key]);\n }\n }\n\n // set default entity\n var entity = (options.server || false) ?\n tls.ConnectionEnd.server : tls.ConnectionEnd.client;\n\n // create session cache if requested\n var sessionCache = options.sessionCache ?\n tls.createSessionCache(options.sessionCache) : null;\n\n // create TLS connection\n var c = {\n version: {major: tls.Version.major, minor: tls.Version.minor},\n entity: entity,\n sessionId: options.sessionId,\n caStore: caStore,\n sessionCache: sessionCache,\n cipherSuites: cipherSuites,\n connected: options.connected,\n virtualHost: options.virtualHost || null,\n verifyClient: options.verifyClient || false,\n verify: options.verify || function(cn, vfd, dpth, cts) {return vfd;},\n verifyOptions: options.verifyOptions || {},\n getCertificate: options.getCertificate || null,\n getPrivateKey: options.getPrivateKey || null,\n getSignature: options.getSignature || null,\n input: forge.util.createBuffer(),\n tlsData: forge.util.createBuffer(),\n data: forge.util.createBuffer(),\n tlsDataReady: options.tlsDataReady,\n dataReady: options.dataReady,\n heartbeatReceived: options.heartbeatReceived,\n closed: options.closed,\n error: function(c, ex) {\n // set origin if not set\n ex.origin = ex.origin ||\n ((c.entity === tls.ConnectionEnd.client) ? 'client' : 'server');\n\n // send TLS alert\n if(ex.send) {\n tls.queue(c, tls.createAlert(c, ex.alert));\n tls.flush(c);\n }\n\n // error is fatal by default\n var fatal = (ex.fatal !== false);\n if(fatal) {\n // set fail flag\n c.fail = true;\n }\n\n // call error handler first\n options.error(c, ex);\n\n if(fatal) {\n // fatal error, close connection, do not clear fail\n c.close(false);\n }\n },\n deflate: options.deflate || null,\n inflate: options.inflate || null\n };\n\n /**\n * Resets a closed TLS connection for reuse. Called in c.close().\n *\n * @param clearFail true to clear the fail flag (default: true).\n */\n c.reset = function(clearFail) {\n c.version = {major: tls.Version.major, minor: tls.Version.minor};\n c.record = null;\n c.session = null;\n c.peerCertificate = null;\n c.state = {\n pending: null,\n current: null\n };\n c.expect = (c.entity === tls.ConnectionEnd.client) ? SHE : CHE;\n c.fragmented = null;\n c.records = [];\n c.open = false;\n c.handshakes = 0;\n c.handshaking = false;\n c.isConnected = false;\n c.fail = !(clearFail || typeof(clearFail) === 'undefined');\n c.input.clear();\n c.tlsData.clear();\n c.data.clear();\n c.state.current = tls.createConnectionState(c);\n };\n\n // do initial reset of connection\n c.reset();\n\n /**\n * Updates the current TLS engine state based on the given record.\n *\n * @param c the TLS connection.\n * @param record the TLS record to act on.\n */\n var _update = function(c, record) {\n // get record handler (align type in table by subtracting lowest)\n var aligned = record.type - tls.ContentType.change_cipher_spec;\n var handlers = ctTable[c.entity][c.expect];\n if(aligned in handlers) {\n handlers[aligned](c, record);\n } else {\n // unexpected record\n tls.handleUnexpected(c, record);\n }\n };\n\n /**\n * Reads the record header and initializes the next record on the given\n * connection.\n *\n * @param c the TLS connection with the next record.\n *\n * @return 0 if the input data could be processed, otherwise the\n * number of bytes required for data to be processed.\n */\n var _readRecordHeader = function(c) {\n var rval = 0;\n\n // get input buffer and its length\n var b = c.input;\n var len = b.length();\n\n // need at least 5 bytes to initialize a record\n if(len < 5) {\n rval = 5 - len;\n } else {\n // enough bytes for header\n // initialize record\n c.record = {\n type: b.getByte(),\n version: {\n major: b.getByte(),\n minor: b.getByte()\n },\n length: b.getInt16(),\n fragment: forge.util.createBuffer(),\n ready: false\n };\n\n // check record version\n var compatibleVersion = (c.record.version.major === c.version.major);\n if(compatibleVersion && c.session && c.session.version) {\n // session version already set, require same minor version\n compatibleVersion = (c.record.version.minor === c.version.minor);\n }\n if(!compatibleVersion) {\n c.error(c, {\n message: 'Incompatible TLS version.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description: tls.Alert.Description.protocol_version\n }\n });\n }\n }\n\n return rval;\n };\n\n /**\n * Reads the next record's contents and appends its message to any\n * previously fragmented message.\n *\n * @param c the TLS connection with the next record.\n *\n * @return 0 if the input data could be processed, otherwise the\n * number of bytes required for data to be processed.\n */\n var _readRecord = function(c) {\n var rval = 0;\n\n // ensure there is enough input data to get the entire record\n var b = c.input;\n var len = b.length();\n if(len < c.record.length) {\n // not enough data yet, return how much is required\n rval = c.record.length - len;\n } else {\n // there is enough data to parse the pending record\n // fill record fragment and compact input buffer\n c.record.fragment.putBytes(b.getBytes(c.record.length));\n b.compact();\n\n // update record using current read state\n var s = c.state.current.read;\n if(s.update(c, c.record)) {\n // see if there is a previously fragmented message that the\n // new record's message fragment should be appended to\n if(c.fragmented !== null) {\n // if the record type matches a previously fragmented\n // record, append the record fragment to it\n if(c.fragmented.type === c.record.type) {\n // concatenate record fragments\n c.fragmented.fragment.putBuffer(c.record.fragment);\n c.record = c.fragmented;\n } else {\n // error, invalid fragmented record\n c.error(c, {\n message: 'Invalid fragmented record.',\n send: true,\n alert: {\n level: tls.Alert.Level.fatal,\n description:\n tls.Alert.Description.unexpected_message\n }\n });\n }\n }\n\n // record is now ready\n c.record.ready = true;\n }\n }\n\n return rval;\n };\n\n /**\n * Performs a handshake using the TLS Handshake Protocol, as a client.\n *\n * This method should only be called if the connection is in client mode.\n *\n * @param sessionId the session ID to use, null to start a new one.\n */\n c.handshake = function(sessionId) {\n // error to call this in non-client mode\n if(c.entity !== tls.ConnectionEnd.client) {\n // not fatal error\n c.error(c, {\n message: 'Cannot initiate handshake as a server.',\n fatal: false\n });\n } else if(c.handshaking) {\n // handshake is already in progress, fail but not fatal error\n c.error(c, {\n message: 'Handshake already in progress.',\n fatal: false\n });\n } else {\n // clear fail flag on reuse\n if(c.fail && !c.open && c.handshakes === 0) {\n c.fail = false;\n }\n\n // now handshaking\n c.handshaking = true;\n\n // default to blank (new session)\n sessionId = sessionId || '';\n\n // if a session ID was specified, try to find it in the cache\n var session = null;\n if(sessionId.length > 0) {\n if(c.sessionCache) {\n session = c.sessionCache.getSession(sessionId);\n }\n\n // matching session not found in cache, clear session ID\n if(session === null) {\n sessionId = '';\n }\n }\n\n // no session given, grab a session from the cache, if available\n if(sessionId.length === 0 && c.sessionCache) {\n session = c.sessionCache.getSession();\n if(session !== null) {\n sessionId = session.id;\n }\n }\n\n // set up session\n c.session = {\n id: sessionId,\n version: null,\n cipherSuite: null,\n compressionMethod: null,\n serverCertificate: null,\n certificateRequest: null,\n clientCertificate: null,\n sp: {},\n md5: forge.md.md5.create(),\n sha1: forge.md.sha1.create()\n };\n\n // use existing session information\n if(session) {\n // only update version on connection, session version not yet set\n c.version = session.version;\n c.session.sp = session.sp;\n }\n\n // generate new client random\n c.session.sp.client_random = tls.createRandom().getBytes();\n\n // connection now open\n c.open = true;\n\n // send hello\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.handshake,\n data: tls.createClientHello(c)\n }));\n tls.flush(c);\n }\n };\n\n /**\n * Called when TLS protocol data has been received from somewhere and should\n * be processed by the TLS engine.\n *\n * @param data the TLS protocol data, as a string, to process.\n *\n * @return 0 if the data could be processed, otherwise the number of bytes\n * required for data to be processed.\n */\n c.process = function(data) {\n var rval = 0;\n\n // buffer input data\n if(data) {\n c.input.putBytes(data);\n }\n\n // process next record if no failure, process will be called after\n // each record is handled (since handling can be asynchronous)\n if(!c.fail) {\n // reset record if ready and now empty\n if(c.record !== null &&\n c.record.ready && c.record.fragment.isEmpty()) {\n c.record = null;\n }\n\n // if there is no pending record, try to read record header\n if(c.record === null) {\n rval = _readRecordHeader(c);\n }\n\n // read the next record (if record not yet ready)\n if(!c.fail && c.record !== null && !c.record.ready) {\n rval = _readRecord(c);\n }\n\n // record ready to be handled, update engine state\n if(!c.fail && c.record !== null && c.record.ready) {\n _update(c, c.record);\n }\n }\n\n return rval;\n };\n\n /**\n * Requests that application data be packaged into a TLS record. The\n * tlsDataReady handler will be called when the TLS record(s) have been\n * prepared.\n *\n * @param data the application data, as a raw 'binary' encoded string, to\n * be sent; to send utf-16/utf-8 string data, use the return value\n * of util.encodeUtf8(str).\n *\n * @return true on success, false on failure.\n */\n c.prepare = function(data) {\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.application_data,\n data: forge.util.createBuffer(data)\n }));\n return tls.flush(c);\n };\n\n /**\n * Requests that a heartbeat request be packaged into a TLS record for\n * transmission. The tlsDataReady handler will be called when TLS record(s)\n * have been prepared.\n *\n * When a heartbeat response has been received, the heartbeatReceived\n * handler will be called with the matching payload. This handler can\n * be used to clear a retransmission timer, etc.\n *\n * @param payload the heartbeat data to send as the payload in the message.\n * @param [payloadLength] the payload length to use, defaults to the\n * actual payload length.\n *\n * @return true on success, false on failure.\n */\n c.prepareHeartbeatRequest = function(payload, payloadLength) {\n if(payload instanceof forge.util.ByteBuffer) {\n payload = payload.bytes();\n }\n if(typeof payloadLength === 'undefined') {\n payloadLength = payload.length;\n }\n c.expectedHeartbeatPayload = payload;\n tls.queue(c, tls.createRecord(c, {\n type: tls.ContentType.heartbeat,\n data: tls.createHeartbeat(\n tls.HeartbeatMessageType.heartbeat_request, payload, payloadLength)\n }));\n return tls.flush(c);\n };\n\n /**\n * Closes the connection (sends a close_notify alert).\n *\n * @param clearFail true to clear the fail flag (default: true).\n */\n c.close = function(clearFail) {\n // save session if connection didn't fail\n if(!c.fail && c.sessionCache && c.session) {\n // only need to preserve session ID, version, and security params\n var session = {\n id: c.session.id,\n version: c.session.version,\n sp: c.session.sp\n };\n session.sp.keys = null;\n c.sessionCache.setSession(session.id, session);\n }\n\n if(c.open) {\n // connection no longer open, clear input\n c.open = false;\n c.input.clear();\n\n // if connected or handshaking, send an alert\n if(c.isConnected || c.handshaking) {\n c.isConnected = c.handshaking = false;\n\n // send close_notify alert\n tls.queue(c, tls.createAlert(c, {\n level: tls.Alert.Level.warning,\n description: tls.Alert.Description.close_notify\n }));\n tls.flush(c);\n }\n\n // call handler\n c.closed(c);\n }\n\n // reset TLS connection, do not clear fail flag\n c.reset(clearFail);\n };\n\n return c;\n};\n\n/* TLS API */\nmodule.exports = forge.tls = forge.tls || {};\n\n// expose non-functions\nfor(var key in tls) {\n if(typeof tls[key] !== 'function') {\n forge.tls[key] = tls[key];\n }\n}\n\n// expose prf_tls1 for testing\nforge.tls.prf_tls1 = prf_TLS1;\n\n// expose sha1 hmac method\nforge.tls.hmac_sha1 = hmac_sha1;\n\n// expose session cache creation\nforge.tls.createSessionCache = tls.createSessionCache;\n\n/**\n * Creates a new TLS connection. This does not make any assumptions about the\n * transport layer that TLS is working on top of, ie: it does not assume there\n * is a TCP/IP connection or establish one. A TLS connection is totally\n * abstracted away from the layer is runs on top of, it merely establishes a\n * secure channel between a client\" and a \"server\".\n *\n * A TLS connection contains 4 connection states: pending read and write, and\n * current read and write.\n *\n * At initialization, the current read and write states will be null. Only once\n * the security parameters have been set and the keys have been generated can\n * the pending states be converted into current states. Current states will be\n * updated for each record processed.\n *\n * A custom certificate verify callback may be provided to check information\n * like the common name on the server's certificate. It will be called for\n * every certificate in the chain. It has the following signature:\n *\n * variable func(c, certs, index, preVerify)\n * Where:\n * c The TLS connection\n * verified Set to true if certificate was verified, otherwise the alert\n * tls.Alert.Description for why the certificate failed.\n * depth The current index in the chain, where 0 is the server's cert.\n * certs The certificate chain, *NOTE* if the server was anonymous then\n * the chain will be empty.\n *\n * The function returns true on success and on failure either the appropriate\n * tls.Alert.Description or an object with 'alert' set to the appropriate\n * tls.Alert.Description and 'message' set to a custom error message. If true\n * is not returned then the connection will abort using, in order of\n * availability, first the returned alert description, second the preVerify\n * alert description, and lastly the default 'bad_certificate'.\n *\n * There are three callbacks that can be used to make use of client-side\n * certificates where each takes the TLS connection as the first parameter:\n *\n * getCertificate(conn, hint)\n * The second parameter is a hint as to which certificate should be\n * returned. If the connection entity is a client, then the hint will be\n * the CertificateRequest message from the server that is part of the\n * TLS protocol. If the connection entity is a server, then it will be\n * the servername list provided via an SNI extension the ClientHello, if\n * one was provided (empty array if not). The hint can be examined to\n * determine which certificate to use (advanced). Most implementations\n * will just return a certificate. The return value must be a\n * PEM-formatted certificate or an array of PEM-formatted certificates\n * that constitute a certificate chain, with the first in the array/chain\n * being the client's certificate.\n * getPrivateKey(conn, certificate)\n * The second parameter is an forge.pki X.509 certificate object that\n * is associated with the requested private key. The return value must\n * be a PEM-formatted private key.\n * getSignature(conn, bytes, callback)\n * This callback can be used instead of getPrivateKey if the private key\n * is not directly accessible in javascript or should not be. For\n * instance, a secure external web service could provide the signature\n * in exchange for appropriate credentials. The second parameter is a\n * string of bytes to be signed that are part of the TLS protocol. These\n * bytes are used to verify that the private key for the previously\n * provided client-side certificate is accessible to the client. The\n * callback is a function that takes 2 parameters, the TLS connection\n * and the RSA encrypted (signed) bytes as a string. This callback must\n * be called once the signature is ready.\n *\n * @param options the options for this connection:\n * server: true if the connection is server-side, false for client.\n * sessionId: a session ID to reuse, null for a new connection.\n * caStore: an array of certificates to trust.\n * sessionCache: a session cache to use.\n * cipherSuites: an optional array of cipher suites to use,\n * see tls.CipherSuites.\n * connected: function(conn) called when the first handshake completes.\n * virtualHost: the virtual server name to use in a TLS SNI extension.\n * verifyClient: true to require a client certificate in server mode,\n * 'optional' to request one, false not to (default: false).\n * verify: a handler used to custom verify certificates in the chain.\n * verifyOptions: an object with options for the certificate chain validation.\n * See documentation of pki.verifyCertificateChain for possible options.\n * verifyOptions.verify is ignored. If you wish to specify a verify handler\n * use the verify key.\n * getCertificate: an optional callback used to get a certificate or\n * a chain of certificates (as an array).\n * getPrivateKey: an optional callback used to get a private key.\n * getSignature: an optional callback used to get a signature.\n * tlsDataReady: function(conn) called when TLS protocol data has been\n * prepared and is ready to be used (typically sent over a socket\n * connection to its destination), read from conn.tlsData buffer.\n * dataReady: function(conn) called when application data has\n * been parsed from a TLS record and should be consumed by the\n * application, read from conn.data buffer.\n * closed: function(conn) called when the connection has been closed.\n * error: function(conn, error) called when there was an error.\n * deflate: function(inBytes) if provided, will deflate TLS records using\n * the deflate algorithm if the server supports it.\n * inflate: function(inBytes) if provided, will inflate TLS records using\n * the deflate algorithm if the server supports it.\n *\n * @return the new TLS connection.\n */\nforge.tls.createConnection = tls.createConnection;\n","/**\n * A Javascript implementation of AES Cipher Suites for TLS.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2009-2015 Digital Bazaar, Inc.\n *\n */\nvar forge = require('./forge');\nrequire('./aes');\nrequire('./tls');\n\nvar tls = module.exports = forge.tls;\n\n/**\n * Supported cipher suites.\n */\ntls.CipherSuites['TLS_RSA_WITH_AES_128_CBC_SHA'] = {\n id: [0x00, 0x2f],\n name: 'TLS_RSA_WITH_AES_128_CBC_SHA',\n initSecurityParameters: function(sp) {\n sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes;\n sp.cipher_type = tls.CipherType.block;\n sp.enc_key_length = 16;\n sp.block_length = 16;\n sp.fixed_iv_length = 16;\n sp.record_iv_length = 16;\n sp.mac_algorithm = tls.MACAlgorithm.hmac_sha1;\n sp.mac_length = 20;\n sp.mac_key_length = 20;\n },\n initConnectionState: initConnectionState\n};\ntls.CipherSuites['TLS_RSA_WITH_AES_256_CBC_SHA'] = {\n id: [0x00, 0x35],\n name: 'TLS_RSA_WITH_AES_256_CBC_SHA',\n initSecurityParameters: function(sp) {\n sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes;\n sp.cipher_type = tls.CipherType.block;\n sp.enc_key_length = 32;\n sp.block_length = 16;\n sp.fixed_iv_length = 16;\n sp.record_iv_length = 16;\n sp.mac_algorithm = tls.MACAlgorithm.hmac_sha1;\n sp.mac_length = 20;\n sp.mac_key_length = 20;\n },\n initConnectionState: initConnectionState\n};\n\nfunction initConnectionState(state, c, sp) {\n var client = (c.entity === forge.tls.ConnectionEnd.client);\n\n // cipher setup\n state.read.cipherState = {\n init: false,\n cipher: forge.cipher.createDecipher('AES-CBC', client ?\n sp.keys.server_write_key : sp.keys.client_write_key),\n iv: client ? sp.keys.server_write_IV : sp.keys.client_write_IV\n };\n state.write.cipherState = {\n init: false,\n cipher: forge.cipher.createCipher('AES-CBC', client ?\n sp.keys.client_write_key : sp.keys.server_write_key),\n iv: client ? sp.keys.client_write_IV : sp.keys.server_write_IV\n };\n state.read.cipherFunction = decrypt_aes_cbc_sha1;\n state.write.cipherFunction = encrypt_aes_cbc_sha1;\n\n // MAC setup\n state.read.macLength = state.write.macLength = sp.mac_length;\n state.read.macFunction = state.write.macFunction = tls.hmac_sha1;\n}\n\n/**\n * Encrypts the TLSCompressed record into a TLSCipherText record using AES\n * in CBC mode.\n *\n * @param record the TLSCompressed record to encrypt.\n * @param s the ConnectionState to use.\n *\n * @return true on success, false on failure.\n */\nfunction encrypt_aes_cbc_sha1(record, s) {\n var rval = false;\n\n // append MAC to fragment, update sequence number\n var mac = s.macFunction(s.macKey, s.sequenceNumber, record);\n record.fragment.putBytes(mac);\n s.updateSequenceNumber();\n\n // TLS 1.1+ use an explicit IV every time to protect against CBC attacks\n var iv;\n if(record.version.minor === tls.Versions.TLS_1_0.minor) {\n // use the pre-generated IV when initializing for TLS 1.0, otherwise use\n // the residue from the previous encryption\n iv = s.cipherState.init ? null : s.cipherState.iv;\n } else {\n iv = forge.random.getBytesSync(16);\n }\n\n s.cipherState.init = true;\n\n // start cipher\n var cipher = s.cipherState.cipher;\n cipher.start({iv: iv});\n\n // TLS 1.1+ write IV into output\n if(record.version.minor >= tls.Versions.TLS_1_1.minor) {\n cipher.output.putBytes(iv);\n }\n\n // do encryption (default padding is appropriate)\n cipher.update(record.fragment);\n if(cipher.finish(encrypt_aes_cbc_sha1_padding)) {\n // set record fragment to encrypted output\n record.fragment = cipher.output;\n record.length = record.fragment.length();\n rval = true;\n }\n\n return rval;\n}\n\n/**\n * Handles padding for aes_cbc_sha1 in encrypt mode.\n *\n * @param blockSize the block size.\n * @param input the input buffer.\n * @param decrypt true in decrypt mode, false in encrypt mode.\n *\n * @return true on success, false on failure.\n */\nfunction encrypt_aes_cbc_sha1_padding(blockSize, input, decrypt) {\n /* The encrypted data length (TLSCiphertext.length) is one more than the sum\n of SecurityParameters.block_length, TLSCompressed.length,\n SecurityParameters.mac_length, and padding_length.\n\n The padding may be any length up to 255 bytes long, as long as it results in\n the TLSCiphertext.length being an integral multiple of the block length.\n Lengths longer than necessary might be desirable to frustrate attacks on a\n protocol based on analysis of the lengths of exchanged messages. Each uint8\n in the padding data vector must be filled with the padding length value.\n\n The padding length should be such that the total size of the\n GenericBlockCipher structure is a multiple of the cipher's block length.\n Legal values range from zero to 255, inclusive. This length specifies the\n length of the padding field exclusive of the padding_length field itself.\n\n This is slightly different from PKCS#7 because the padding value is 1\n less than the actual number of padding bytes if you include the\n padding_length uint8 itself as a padding byte. */\n if(!decrypt) {\n // get the number of padding bytes required to reach the blockSize and\n // subtract 1 for the padding value (to make room for the padding_length\n // uint8)\n var padding = blockSize - (input.length() % blockSize);\n input.fillWithByte(padding - 1, padding);\n }\n return true;\n}\n\n/**\n * Handles padding for aes_cbc_sha1 in decrypt mode.\n *\n * @param blockSize the block size.\n * @param output the output buffer.\n * @param decrypt true in decrypt mode, false in encrypt mode.\n *\n * @return true on success, false on failure.\n */\nfunction decrypt_aes_cbc_sha1_padding(blockSize, output, decrypt) {\n var rval = true;\n if(decrypt) {\n /* The last byte in the output specifies the number of padding bytes not\n including itself. Each of the padding bytes has the same value as that\n last byte (known as the padding_length). Here we check all padding\n bytes to ensure they have the value of padding_length even if one of\n them is bad in order to ward-off timing attacks. */\n var len = output.length();\n var paddingLength = output.last();\n for(var i = len - 1 - paddingLength; i < len - 1; ++i) {\n rval = rval && (output.at(i) == paddingLength);\n }\n if(rval) {\n // trim off padding bytes and last padding length byte\n output.truncate(paddingLength + 1);\n }\n }\n return rval;\n}\n\n/**\n * Decrypts a TLSCipherText record into a TLSCompressed record using\n * AES in CBC mode.\n *\n * @param record the TLSCipherText record to decrypt.\n * @param s the ConnectionState to use.\n *\n * @return true on success, false on failure.\n */\nfunction decrypt_aes_cbc_sha1(record, s) {\n var rval = false;\n\n var iv;\n if(record.version.minor === tls.Versions.TLS_1_0.minor) {\n // use pre-generated IV when initializing for TLS 1.0, otherwise use the\n // residue from the previous decryption\n iv = s.cipherState.init ? null : s.cipherState.iv;\n } else {\n // TLS 1.1+ use an explicit IV every time to protect against CBC attacks\n // that is appended to the record fragment\n iv = record.fragment.getBytes(16);\n }\n\n s.cipherState.init = true;\n\n // start cipher\n var cipher = s.cipherState.cipher;\n cipher.start({iv: iv});\n\n // do decryption\n cipher.update(record.fragment);\n rval = cipher.finish(decrypt_aes_cbc_sha1_padding);\n\n // even if decryption fails, keep going to minimize timing attacks\n\n // decrypted data:\n // first (len - 20) bytes = application data\n // last 20 bytes = MAC\n var macLen = s.macLength;\n\n // create a random MAC to check against should the mac length check fail\n // Note: do this regardless of the failure to keep timing consistent\n var mac = forge.random.getBytesSync(macLen);\n\n // get fragment and mac\n var len = cipher.output.length();\n if(len >= macLen) {\n record.fragment = cipher.output.getBytes(len - macLen);\n mac = cipher.output.getBytes(macLen);\n } else {\n // bad data, but get bytes anyway to try to keep timing consistent\n record.fragment = cipher.output.getBytes();\n }\n record.fragment = forge.util.createBuffer(record.fragment);\n record.length = record.fragment.length();\n\n // see if data integrity checks out, update sequence number\n var mac2 = s.macFunction(s.macKey, s.sequenceNumber, record);\n s.updateSequenceNumber();\n rval = compareMacs(s.macKey, mac, mac2) && rval;\n return rval;\n}\n\n/**\n * Safely compare two MACs. This function will compare two MACs in a way\n * that protects against timing attacks.\n *\n * TODO: Expose elsewhere as a utility API.\n *\n * See: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/\n *\n * @param key the MAC key to use.\n * @param mac1 as a binary-encoded string of bytes.\n * @param mac2 as a binary-encoded string of bytes.\n *\n * @return true if the MACs are the same, false if not.\n */\nfunction compareMacs(key, mac1, mac2) {\n var hmac = forge.hmac.create();\n\n hmac.start('SHA1', key);\n hmac.update(mac1);\n mac1 = hmac.digest().getBytes();\n\n hmac.start(null, null);\n hmac.update(mac2);\n mac2 = hmac.digest().getBytes();\n\n return mac1 === mac2;\n}\n","/**\n * Secure Hash Algorithm with a 1024-bit block size implementation.\n *\n * This includes: SHA-512, SHA-384, SHA-512/224, and SHA-512/256. For\n * SHA-256 (block size 512 bits), see sha256.js.\n *\n * See FIPS 180-4 for details.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2014-2015 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./md');\nrequire('./util');\n\nvar sha512 = module.exports = forge.sha512 = forge.sha512 || {};\n\n// SHA-512\nforge.md.sha512 = forge.md.algorithms.sha512 = sha512;\n\n// SHA-384\nvar sha384 = forge.sha384 = forge.sha512.sha384 = forge.sha512.sha384 || {};\nsha384.create = function() {\n return sha512.create('SHA-384');\n};\nforge.md.sha384 = forge.md.algorithms.sha384 = sha384;\n\n// SHA-512/256\nforge.sha512.sha256 = forge.sha512.sha256 || {\n create: function() {\n return sha512.create('SHA-512/256');\n }\n};\nforge.md['sha512/256'] = forge.md.algorithms['sha512/256'] =\n forge.sha512.sha256;\n\n// SHA-512/224\nforge.sha512.sha224 = forge.sha512.sha224 || {\n create: function() {\n return sha512.create('SHA-512/224');\n }\n};\nforge.md['sha512/224'] = forge.md.algorithms['sha512/224'] =\n forge.sha512.sha224;\n\n/**\n * Creates a SHA-2 message digest object.\n *\n * @param algorithm the algorithm to use (SHA-512, SHA-384, SHA-512/224,\n * SHA-512/256).\n *\n * @return a message digest object.\n */\nsha512.create = function(algorithm) {\n // do initialization as necessary\n if(!_initialized) {\n _init();\n }\n\n if(typeof algorithm === 'undefined') {\n algorithm = 'SHA-512';\n }\n\n if(!(algorithm in _states)) {\n throw new Error('Invalid SHA-512 algorithm: ' + algorithm);\n }\n\n // SHA-512 state contains eight 64-bit integers (each as two 32-bit ints)\n var _state = _states[algorithm];\n var _h = null;\n\n // input buffer\n var _input = forge.util.createBuffer();\n\n // used for 64-bit word storage\n var _w = new Array(80);\n for(var wi = 0; wi < 80; ++wi) {\n _w[wi] = new Array(2);\n }\n\n // determine digest length by algorithm name (default)\n var digestLength = 64;\n switch(algorithm) {\n case 'SHA-384':\n digestLength = 48;\n break;\n case 'SHA-512/256':\n digestLength = 32;\n break;\n case 'SHA-512/224':\n digestLength = 28;\n break;\n }\n\n // message digest object\n var md = {\n // SHA-512 => sha512\n algorithm: algorithm.replace('-', '').toLowerCase(),\n blockLength: 128,\n digestLength: digestLength,\n // 56-bit length of message so far (does not including padding)\n messageLength: 0,\n // true message length\n fullMessageLength: null,\n // size of message length in bytes\n messageLengthSize: 16\n };\n\n /**\n * Starts the digest.\n *\n * @return this digest object.\n */\n md.start = function() {\n // up to 56-bit message length for convenience\n md.messageLength = 0;\n\n // full message length (set md.messageLength128 for backwards-compatibility)\n md.fullMessageLength = md.messageLength128 = [];\n var int32s = md.messageLengthSize / 4;\n for(var i = 0; i < int32s; ++i) {\n md.fullMessageLength.push(0);\n }\n _input = forge.util.createBuffer();\n _h = new Array(_state.length);\n for(var i = 0; i < _state.length; ++i) {\n _h[i] = _state[i].slice(0);\n }\n return md;\n };\n // start digest automatically for first time\n md.start();\n\n /**\n * Updates the digest with the given message input. The given input can\n * treated as raw input (no encoding will be applied) or an encoding of\n * 'utf8' maybe given to encode the input using UTF-8.\n *\n * @param msg the message input to update with.\n * @param encoding the encoding to use (default: 'raw', other: 'utf8').\n *\n * @return this digest object.\n */\n md.update = function(msg, encoding) {\n if(encoding === 'utf8') {\n msg = forge.util.encodeUtf8(msg);\n }\n\n // update message length\n var len = msg.length;\n md.messageLength += len;\n len = [(len / 0x100000000) >>> 0, len >>> 0];\n for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {\n md.fullMessageLength[i] += len[1];\n len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0);\n md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0;\n len[0] = ((len[1] / 0x100000000) >>> 0);\n }\n\n // add bytes to input buffer\n _input.putBytes(msg);\n\n // process bytes\n _update(_h, _w, _input);\n\n // compact input buffer every 2K or if empty\n if(_input.read > 2048 || _input.length() === 0) {\n _input.compact();\n }\n\n return md;\n };\n\n /**\n * Produces the digest.\n *\n * @return a byte buffer containing the digest value.\n */\n md.digest = function() {\n /* Note: Here we copy the remaining bytes in the input buffer and\n add the appropriate SHA-512 padding. Then we do the final update\n on a copy of the state so that if the user wants to get\n intermediate digests they can do so. */\n\n /* Determine the number of bytes that must be added to the message\n to ensure its length is congruent to 896 mod 1024. In other words,\n the data to be digested must be a multiple of 1024 bits (or 128 bytes).\n This data includes the message, some padding, and the length of the\n message. Since the length of the message will be encoded as 16 bytes (128\n bits), that means that the last segment of the data must have 112 bytes\n (896 bits) of message and padding. Therefore, the length of the message\n plus the padding must be congruent to 896 mod 1024 because\n 1024 - 128 = 896.\n\n In order to fill up the message length it must be filled with\n padding that begins with 1 bit followed by all 0 bits. Padding\n must *always* be present, so if the message length is already\n congruent to 896 mod 1024, then 1024 padding bits must be added. */\n\n var finalBlock = forge.util.createBuffer();\n finalBlock.putBytes(_input.bytes());\n\n // compute remaining size to be digested (include message length size)\n var remaining = (\n md.fullMessageLength[md.fullMessageLength.length - 1] +\n md.messageLengthSize);\n\n // add padding for overflow blockSize - overflow\n // _padding starts with 1 byte with first bit is set (byte value 128), then\n // there may be up to (blockSize - 1) other pad bytes\n var overflow = remaining & (md.blockLength - 1);\n finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow));\n\n // serialize message length in bits in big-endian order; since length\n // is stored in bytes we multiply by 8 and add carry from next int\n var next, carry;\n var bits = md.fullMessageLength[0] * 8;\n for(var i = 0; i < md.fullMessageLength.length - 1; ++i) {\n next = md.fullMessageLength[i + 1] * 8;\n carry = (next / 0x100000000) >>> 0;\n bits += carry;\n finalBlock.putInt32(bits >>> 0);\n bits = next >>> 0;\n }\n finalBlock.putInt32(bits);\n\n var h = new Array(_h.length);\n for(var i = 0; i < _h.length; ++i) {\n h[i] = _h[i].slice(0);\n }\n _update(h, _w, finalBlock);\n var rval = forge.util.createBuffer();\n var hlen;\n if(algorithm === 'SHA-512') {\n hlen = h.length;\n } else if(algorithm === 'SHA-384') {\n hlen = h.length - 2;\n } else {\n hlen = h.length - 4;\n }\n for(var i = 0; i < hlen; ++i) {\n rval.putInt32(h[i][0]);\n if(i !== hlen - 1 || algorithm !== 'SHA-512/224') {\n rval.putInt32(h[i][1]);\n }\n }\n return rval;\n };\n\n return md;\n};\n\n// sha-512 padding bytes not initialized yet\nvar _padding = null;\nvar _initialized = false;\n\n// table of constants\nvar _k = null;\n\n// initial hash states\nvar _states = null;\n\n/**\n * Initializes the constant tables.\n */\nfunction _init() {\n // create padding\n _padding = String.fromCharCode(128);\n _padding += forge.util.fillString(String.fromCharCode(0x00), 128);\n\n // create K table for SHA-512\n _k = [\n [0x428a2f98, 0xd728ae22], [0x71374491, 0x23ef65cd],\n [0xb5c0fbcf, 0xec4d3b2f], [0xe9b5dba5, 0x8189dbbc],\n [0x3956c25b, 0xf348b538], [0x59f111f1, 0xb605d019],\n [0x923f82a4, 0xaf194f9b], [0xab1c5ed5, 0xda6d8118],\n [0xd807aa98, 0xa3030242], [0x12835b01, 0x45706fbe],\n [0x243185be, 0x4ee4b28c], [0x550c7dc3, 0xd5ffb4e2],\n [0x72be5d74, 0xf27b896f], [0x80deb1fe, 0x3b1696b1],\n [0x9bdc06a7, 0x25c71235], [0xc19bf174, 0xcf692694],\n [0xe49b69c1, 0x9ef14ad2], [0xefbe4786, 0x384f25e3],\n [0x0fc19dc6, 0x8b8cd5b5], [0x240ca1cc, 0x77ac9c65],\n [0x2de92c6f, 0x592b0275], [0x4a7484aa, 0x6ea6e483],\n [0x5cb0a9dc, 0xbd41fbd4], [0x76f988da, 0x831153b5],\n [0x983e5152, 0xee66dfab], [0xa831c66d, 0x2db43210],\n [0xb00327c8, 0x98fb213f], [0xbf597fc7, 0xbeef0ee4],\n [0xc6e00bf3, 0x3da88fc2], [0xd5a79147, 0x930aa725],\n [0x06ca6351, 0xe003826f], [0x14292967, 0x0a0e6e70],\n [0x27b70a85, 0x46d22ffc], [0x2e1b2138, 0x5c26c926],\n [0x4d2c6dfc, 0x5ac42aed], [0x53380d13, 0x9d95b3df],\n [0x650a7354, 0x8baf63de], [0x766a0abb, 0x3c77b2a8],\n [0x81c2c92e, 0x47edaee6], [0x92722c85, 0x1482353b],\n [0xa2bfe8a1, 0x4cf10364], [0xa81a664b, 0xbc423001],\n [0xc24b8b70, 0xd0f89791], [0xc76c51a3, 0x0654be30],\n [0xd192e819, 0xd6ef5218], [0xd6990624, 0x5565a910],\n [0xf40e3585, 0x5771202a], [0x106aa070, 0x32bbd1b8],\n [0x19a4c116, 0xb8d2d0c8], [0x1e376c08, 0x5141ab53],\n [0x2748774c, 0xdf8eeb99], [0x34b0bcb5, 0xe19b48a8],\n [0x391c0cb3, 0xc5c95a63], [0x4ed8aa4a, 0xe3418acb],\n [0x5b9cca4f, 0x7763e373], [0x682e6ff3, 0xd6b2b8a3],\n [0x748f82ee, 0x5defb2fc], [0x78a5636f, 0x43172f60],\n [0x84c87814, 0xa1f0ab72], [0x8cc70208, 0x1a6439ec],\n [0x90befffa, 0x23631e28], [0xa4506ceb, 0xde82bde9],\n [0xbef9a3f7, 0xb2c67915], [0xc67178f2, 0xe372532b],\n [0xca273ece, 0xea26619c], [0xd186b8c7, 0x21c0c207],\n [0xeada7dd6, 0xcde0eb1e], [0xf57d4f7f, 0xee6ed178],\n [0x06f067aa, 0x72176fba], [0x0a637dc5, 0xa2c898a6],\n [0x113f9804, 0xbef90dae], [0x1b710b35, 0x131c471b],\n [0x28db77f5, 0x23047d84], [0x32caab7b, 0x40c72493],\n [0x3c9ebe0a, 0x15c9bebc], [0x431d67c4, 0x9c100d4c],\n [0x4cc5d4be, 0xcb3e42b6], [0x597f299c, 0xfc657e2a],\n [0x5fcb6fab, 0x3ad6faec], [0x6c44198c, 0x4a475817]\n ];\n\n // initial hash states\n _states = {};\n _states['SHA-512'] = [\n [0x6a09e667, 0xf3bcc908],\n [0xbb67ae85, 0x84caa73b],\n [0x3c6ef372, 0xfe94f82b],\n [0xa54ff53a, 0x5f1d36f1],\n [0x510e527f, 0xade682d1],\n [0x9b05688c, 0x2b3e6c1f],\n [0x1f83d9ab, 0xfb41bd6b],\n [0x5be0cd19, 0x137e2179]\n ];\n _states['SHA-384'] = [\n [0xcbbb9d5d, 0xc1059ed8],\n [0x629a292a, 0x367cd507],\n [0x9159015a, 0x3070dd17],\n [0x152fecd8, 0xf70e5939],\n [0x67332667, 0xffc00b31],\n [0x8eb44a87, 0x68581511],\n [0xdb0c2e0d, 0x64f98fa7],\n [0x47b5481d, 0xbefa4fa4]\n ];\n _states['SHA-512/256'] = [\n [0x22312194, 0xFC2BF72C],\n [0x9F555FA3, 0xC84C64C2],\n [0x2393B86B, 0x6F53B151],\n [0x96387719, 0x5940EABD],\n [0x96283EE2, 0xA88EFFE3],\n [0xBE5E1E25, 0x53863992],\n [0x2B0199FC, 0x2C85B8AA],\n [0x0EB72DDC, 0x81C52CA2]\n ];\n _states['SHA-512/224'] = [\n [0x8C3D37C8, 0x19544DA2],\n [0x73E19966, 0x89DCD4D6],\n [0x1DFAB7AE, 0x32FF9C82],\n [0x679DD514, 0x582F9FCF],\n [0x0F6D2B69, 0x7BD44DA8],\n [0x77E36F73, 0x04C48942],\n [0x3F9D85A8, 0x6A1D36C8],\n [0x1112E6AD, 0x91D692A1]\n ];\n\n // now initialized\n _initialized = true;\n}\n\n/**\n * Updates a SHA-512 state with the given byte buffer.\n *\n * @param s the SHA-512 state to update.\n * @param w the array to use to store words.\n * @param bytes the byte buffer to update with.\n */\nfunction _update(s, w, bytes) {\n // consume 512 bit (128 byte) chunks\n var t1_hi, t1_lo;\n var t2_hi, t2_lo;\n var s0_hi, s0_lo;\n var s1_hi, s1_lo;\n var ch_hi, ch_lo;\n var maj_hi, maj_lo;\n var a_hi, a_lo;\n var b_hi, b_lo;\n var c_hi, c_lo;\n var d_hi, d_lo;\n var e_hi, e_lo;\n var f_hi, f_lo;\n var g_hi, g_lo;\n var h_hi, h_lo;\n var i, hi, lo, w2, w7, w15, w16;\n var len = bytes.length();\n while(len >= 128) {\n // the w array will be populated with sixteen 64-bit big-endian words\n // and then extended into 64 64-bit words according to SHA-512\n for(i = 0; i < 16; ++i) {\n w[i][0] = bytes.getInt32() >>> 0;\n w[i][1] = bytes.getInt32() >>> 0;\n }\n for(; i < 80; ++i) {\n // for word 2 words ago: ROTR 19(x) ^ ROTR 61(x) ^ SHR 6(x)\n w2 = w[i - 2];\n hi = w2[0];\n lo = w2[1];\n\n // high bits\n t1_hi = (\n ((hi >>> 19) | (lo << 13)) ^ // ROTR 19\n ((lo >>> 29) | (hi << 3)) ^ // ROTR 61/(swap + ROTR 29)\n (hi >>> 6)) >>> 0; // SHR 6\n // low bits\n t1_lo = (\n ((hi << 13) | (lo >>> 19)) ^ // ROTR 19\n ((lo << 3) | (hi >>> 29)) ^ // ROTR 61/(swap + ROTR 29)\n ((hi << 26) | (lo >>> 6))) >>> 0; // SHR 6\n\n // for word 15 words ago: ROTR 1(x) ^ ROTR 8(x) ^ SHR 7(x)\n w15 = w[i - 15];\n hi = w15[0];\n lo = w15[1];\n\n // high bits\n t2_hi = (\n ((hi >>> 1) | (lo << 31)) ^ // ROTR 1\n ((hi >>> 8) | (lo << 24)) ^ // ROTR 8\n (hi >>> 7)) >>> 0; // SHR 7\n // low bits\n t2_lo = (\n ((hi << 31) | (lo >>> 1)) ^ // ROTR 1\n ((hi << 24) | (lo >>> 8)) ^ // ROTR 8\n ((hi << 25) | (lo >>> 7))) >>> 0; // SHR 7\n\n // sum(t1, word 7 ago, t2, word 16 ago) modulo 2^64 (carry lo overflow)\n w7 = w[i - 7];\n w16 = w[i - 16];\n lo = (t1_lo + w7[1] + t2_lo + w16[1]);\n w[i][0] = (t1_hi + w7[0] + t2_hi + w16[0] +\n ((lo / 0x100000000) >>> 0)) >>> 0;\n w[i][1] = lo >>> 0;\n }\n\n // initialize hash value for this chunk\n a_hi = s[0][0];\n a_lo = s[0][1];\n b_hi = s[1][0];\n b_lo = s[1][1];\n c_hi = s[2][0];\n c_lo = s[2][1];\n d_hi = s[3][0];\n d_lo = s[3][1];\n e_hi = s[4][0];\n e_lo = s[4][1];\n f_hi = s[5][0];\n f_lo = s[5][1];\n g_hi = s[6][0];\n g_lo = s[6][1];\n h_hi = s[7][0];\n h_lo = s[7][1];\n\n // round function\n for(i = 0; i < 80; ++i) {\n // Sum1(e) = ROTR 14(e) ^ ROTR 18(e) ^ ROTR 41(e)\n s1_hi = (\n ((e_hi >>> 14) | (e_lo << 18)) ^ // ROTR 14\n ((e_hi >>> 18) | (e_lo << 14)) ^ // ROTR 18\n ((e_lo >>> 9) | (e_hi << 23))) >>> 0; // ROTR 41/(swap + ROTR 9)\n s1_lo = (\n ((e_hi << 18) | (e_lo >>> 14)) ^ // ROTR 14\n ((e_hi << 14) | (e_lo >>> 18)) ^ // ROTR 18\n ((e_lo << 23) | (e_hi >>> 9))) >>> 0; // ROTR 41/(swap + ROTR 9)\n\n // Ch(e, f, g) (optimized the same way as SHA-1)\n ch_hi = (g_hi ^ (e_hi & (f_hi ^ g_hi))) >>> 0;\n ch_lo = (g_lo ^ (e_lo & (f_lo ^ g_lo))) >>> 0;\n\n // Sum0(a) = ROTR 28(a) ^ ROTR 34(a) ^ ROTR 39(a)\n s0_hi = (\n ((a_hi >>> 28) | (a_lo << 4)) ^ // ROTR 28\n ((a_lo >>> 2) | (a_hi << 30)) ^ // ROTR 34/(swap + ROTR 2)\n ((a_lo >>> 7) | (a_hi << 25))) >>> 0; // ROTR 39/(swap + ROTR 7)\n s0_lo = (\n ((a_hi << 4) | (a_lo >>> 28)) ^ // ROTR 28\n ((a_lo << 30) | (a_hi >>> 2)) ^ // ROTR 34/(swap + ROTR 2)\n ((a_lo << 25) | (a_hi >>> 7))) >>> 0; // ROTR 39/(swap + ROTR 7)\n\n // Maj(a, b, c) (optimized the same way as SHA-1)\n maj_hi = ((a_hi & b_hi) | (c_hi & (a_hi ^ b_hi))) >>> 0;\n maj_lo = ((a_lo & b_lo) | (c_lo & (a_lo ^ b_lo))) >>> 0;\n\n // main algorithm\n // t1 = (h + s1 + ch + _k[i] + _w[i]) modulo 2^64 (carry lo overflow)\n lo = (h_lo + s1_lo + ch_lo + _k[i][1] + w[i][1]);\n t1_hi = (h_hi + s1_hi + ch_hi + _k[i][0] + w[i][0] +\n ((lo / 0x100000000) >>> 0)) >>> 0;\n t1_lo = lo >>> 0;\n\n // t2 = s0 + maj modulo 2^64 (carry lo overflow)\n lo = s0_lo + maj_lo;\n t2_hi = (s0_hi + maj_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n t2_lo = lo >>> 0;\n\n h_hi = g_hi;\n h_lo = g_lo;\n\n g_hi = f_hi;\n g_lo = f_lo;\n\n f_hi = e_hi;\n f_lo = e_lo;\n\n // e = (d + t1) modulo 2^64 (carry lo overflow)\n lo = d_lo + t1_lo;\n e_hi = (d_hi + t1_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n e_lo = lo >>> 0;\n\n d_hi = c_hi;\n d_lo = c_lo;\n\n c_hi = b_hi;\n c_lo = b_lo;\n\n b_hi = a_hi;\n b_lo = a_lo;\n\n // a = (t1 + t2) modulo 2^64 (carry lo overflow)\n lo = t1_lo + t2_lo;\n a_hi = (t1_hi + t2_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n a_lo = lo >>> 0;\n }\n\n // update hash state (additional modulo 2^64)\n lo = s[0][1] + a_lo;\n s[0][0] = (s[0][0] + a_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n s[0][1] = lo >>> 0;\n\n lo = s[1][1] + b_lo;\n s[1][0] = (s[1][0] + b_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n s[1][1] = lo >>> 0;\n\n lo = s[2][1] + c_lo;\n s[2][0] = (s[2][0] + c_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n s[2][1] = lo >>> 0;\n\n lo = s[3][1] + d_lo;\n s[3][0] = (s[3][0] + d_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n s[3][1] = lo >>> 0;\n\n lo = s[4][1] + e_lo;\n s[4][0] = (s[4][0] + e_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n s[4][1] = lo >>> 0;\n\n lo = s[5][1] + f_lo;\n s[5][0] = (s[5][0] + f_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n s[5][1] = lo >>> 0;\n\n lo = s[6][1] + g_lo;\n s[6][0] = (s[6][0] + g_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n s[6][1] = lo >>> 0;\n\n lo = s[7][1] + h_lo;\n s[7][0] = (s[7][0] + h_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n s[7][1] = lo >>> 0;\n\n len -= 128;\n }\n}\n","/**\n * Copyright (c) 2019 Digital Bazaar, Inc.\n */\n\nvar forge = require('./forge');\nrequire('./asn1');\nvar asn1 = forge.asn1;\n\nexports.privateKeyValidator = {\n // PrivateKeyInfo\n name: 'PrivateKeyInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n // Version (INTEGER)\n name: 'PrivateKeyInfo.version',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.INTEGER,\n constructed: false,\n capture: 'privateKeyVersion'\n }, {\n // privateKeyAlgorithm\n name: 'PrivateKeyInfo.privateKeyAlgorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'AlgorithmIdentifier.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'privateKeyOid'\n }]\n }, {\n // PrivateKey\n name: 'PrivateKeyInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OCTETSTRING,\n constructed: false,\n capture: 'privateKey'\n }]\n};\n\nexports.publicKeyValidator = {\n name: 'SubjectPublicKeyInfo',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n captureAsn1: 'subjectPublicKeyInfo',\n value: [{\n name: 'SubjectPublicKeyInfo.AlgorithmIdentifier',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n value: [{\n name: 'AlgorithmIdentifier.algorithm',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.OID,\n constructed: false,\n capture: 'publicKeyOid'\n }]\n },\n // capture group for ed25519PublicKey\n {\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.BITSTRING,\n constructed: false,\n composed: true,\n captureBitStringValue: 'ed25519PublicKey'\n }\n // FIXME: this is capture group for rsaPublicKey, use it in this API or\n // discard?\n /* {\n // subjectPublicKey\n name: 'SubjectPublicKeyInfo.subjectPublicKey',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.BITSTRING,\n constructed: false,\n value: [{\n // RSAPublicKey\n name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey',\n tagClass: asn1.Class.UNIVERSAL,\n type: asn1.Type.SEQUENCE,\n constructed: true,\n optional: true,\n captureAsn1: 'rsaPublicKey'\n }]\n } */\n ]\n};\n","/**\n * JavaScript implementation of Ed25519.\n *\n * Copyright (c) 2017-2019 Digital Bazaar, Inc.\n *\n * This implementation is based on the most excellent TweetNaCl which is\n * in the public domain. Many thanks to its contributors:\n *\n * https://github.com/dchest/tweetnacl-js\n */\nvar forge = require('./forge');\nrequire('./jsbn');\nrequire('./random');\nrequire('./sha512');\nrequire('./util');\nvar asn1Validator = require('./asn1-validator');\nvar publicKeyValidator = asn1Validator.publicKeyValidator;\nvar privateKeyValidator = asn1Validator.privateKeyValidator;\n\nif(typeof BigInteger === 'undefined') {\n var BigInteger = forge.jsbn.BigInteger;\n}\n\nvar ByteBuffer = forge.util.ByteBuffer;\nvar NativeBuffer = typeof Buffer === 'undefined' ? Uint8Array : Buffer;\n\n/*\n * Ed25519 algorithms, see RFC 8032:\n * https://tools.ietf.org/html/rfc8032\n */\nforge.pki = forge.pki || {};\nmodule.exports = forge.pki.ed25519 = forge.ed25519 = forge.ed25519 || {};\nvar ed25519 = forge.ed25519;\n\ned25519.constants = {};\ned25519.constants.PUBLIC_KEY_BYTE_LENGTH = 32;\ned25519.constants.PRIVATE_KEY_BYTE_LENGTH = 64;\ned25519.constants.SEED_BYTE_LENGTH = 32;\ned25519.constants.SIGN_BYTE_LENGTH = 64;\ned25519.constants.HASH_BYTE_LENGTH = 64;\n\ned25519.generateKeyPair = function(options) {\n options = options || {};\n var seed = options.seed;\n if(seed === undefined) {\n // generate seed\n seed = forge.random.getBytesSync(ed25519.constants.SEED_BYTE_LENGTH);\n } else if(typeof seed === 'string') {\n if(seed.length !== ed25519.constants.SEED_BYTE_LENGTH) {\n throw new TypeError(\n '\"seed\" must be ' + ed25519.constants.SEED_BYTE_LENGTH +\n ' bytes in length.');\n }\n } else if(!(seed instanceof Uint8Array)) {\n throw new TypeError(\n '\"seed\" must be a node.js Buffer, Uint8Array, or a binary string.');\n }\n\n seed = messageToNativeBuffer({message: seed, encoding: 'binary'});\n\n var pk = new NativeBuffer(ed25519.constants.PUBLIC_KEY_BYTE_LENGTH);\n var sk = new NativeBuffer(ed25519.constants.PRIVATE_KEY_BYTE_LENGTH);\n for(var i = 0; i < 32; ++i) {\n sk[i] = seed[i];\n }\n crypto_sign_keypair(pk, sk);\n return {publicKey: pk, privateKey: sk};\n};\n\n/**\n * Converts a private key from a RFC8410 ASN.1 encoding.\n *\n * @param obj - The asn1 representation of a private key.\n *\n * @returns {Object} keyInfo - The key information.\n * @returns {Buffer|Uint8Array} keyInfo.privateKeyBytes - 32 private key bytes.\n */\ned25519.privateKeyFromAsn1 = function(obj) {\n var capture = {};\n var errors = [];\n var valid = forge.asn1.validate(obj, privateKeyValidator, capture, errors);\n if(!valid) {\n var error = new Error('Invalid Key.');\n error.errors = errors;\n throw error;\n }\n var oid = forge.asn1.derToOid(capture.privateKeyOid);\n var ed25519Oid = forge.oids.EdDSA25519;\n if(oid !== ed25519Oid) {\n throw new Error('Invalid OID \"' + oid + '\"; OID must be \"' +\n ed25519Oid + '\".');\n }\n var privateKey = capture.privateKey;\n // manually extract the private key bytes from nested octet string, see FIXME:\n // https://github.com/digitalbazaar/forge/blob/master/lib/asn1.js#L542\n var privateKeyBytes = messageToNativeBuffer({\n message: forge.asn1.fromDer(privateKey).value,\n encoding: 'binary'\n });\n // TODO: RFC8410 specifies a format for encoding the public key bytes along\n // with the private key bytes. `publicKeyBytes` can be returned in the\n // future. https://tools.ietf.org/html/rfc8410#section-10.3\n return {privateKeyBytes: privateKeyBytes};\n};\n\n/**\n * Converts a public key from a RFC8410 ASN.1 encoding.\n *\n * @param obj - The asn1 representation of a public key.\n *\n * @return {Buffer|Uint8Array} - 32 public key bytes.\n */\ned25519.publicKeyFromAsn1 = function(obj) {\n // get SubjectPublicKeyInfo\n var capture = {};\n var errors = [];\n var valid = forge.asn1.validate(obj, publicKeyValidator, capture, errors);\n if(!valid) {\n var error = new Error('Invalid Key.');\n error.errors = errors;\n throw error;\n }\n var oid = forge.asn1.derToOid(capture.publicKeyOid);\n var ed25519Oid = forge.oids.EdDSA25519;\n if(oid !== ed25519Oid) {\n throw new Error('Invalid OID \"' + oid + '\"; OID must be \"' +\n ed25519Oid + '\".');\n }\n var publicKeyBytes = capture.ed25519PublicKey;\n if(publicKeyBytes.length !== ed25519.constants.PUBLIC_KEY_BYTE_LENGTH) {\n throw new Error('Key length is invalid.');\n }\n return messageToNativeBuffer({\n message: publicKeyBytes,\n encoding: 'binary'\n });\n};\n\ned25519.publicKeyFromPrivateKey = function(options) {\n options = options || {};\n var privateKey = messageToNativeBuffer({\n message: options.privateKey, encoding: 'binary'\n });\n if(privateKey.length !== ed25519.constants.PRIVATE_KEY_BYTE_LENGTH) {\n throw new TypeError(\n '\"options.privateKey\" must have a byte length of ' +\n ed25519.constants.PRIVATE_KEY_BYTE_LENGTH);\n }\n\n var pk = new NativeBuffer(ed25519.constants.PUBLIC_KEY_BYTE_LENGTH);\n for(var i = 0; i < pk.length; ++i) {\n pk[i] = privateKey[32 + i];\n }\n return pk;\n};\n\ned25519.sign = function(options) {\n options = options || {};\n var msg = messageToNativeBuffer(options);\n var privateKey = messageToNativeBuffer({\n message: options.privateKey,\n encoding: 'binary'\n });\n if(privateKey.length === ed25519.constants.SEED_BYTE_LENGTH) {\n var keyPair = ed25519.generateKeyPair({seed: privateKey});\n privateKey = keyPair.privateKey;\n } else if(privateKey.length !== ed25519.constants.PRIVATE_KEY_BYTE_LENGTH) {\n throw new TypeError(\n '\"options.privateKey\" must have a byte length of ' +\n ed25519.constants.SEED_BYTE_LENGTH + ' or ' +\n ed25519.constants.PRIVATE_KEY_BYTE_LENGTH);\n }\n\n var signedMsg = new NativeBuffer(\n ed25519.constants.SIGN_BYTE_LENGTH + msg.length);\n crypto_sign(signedMsg, msg, msg.length, privateKey);\n\n var sig = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH);\n for(var i = 0; i < sig.length; ++i) {\n sig[i] = signedMsg[i];\n }\n return sig;\n};\n\ned25519.verify = function(options) {\n options = options || {};\n var msg = messageToNativeBuffer(options);\n if(options.signature === undefined) {\n throw new TypeError(\n '\"options.signature\" must be a node.js Buffer, a Uint8Array, a forge ' +\n 'ByteBuffer, or a binary string.');\n }\n var sig = messageToNativeBuffer({\n message: options.signature,\n encoding: 'binary'\n });\n if(sig.length !== ed25519.constants.SIGN_BYTE_LENGTH) {\n throw new TypeError(\n '\"options.signature\" must have a byte length of ' +\n ed25519.constants.SIGN_BYTE_LENGTH);\n }\n var publicKey = messageToNativeBuffer({\n message: options.publicKey,\n encoding: 'binary'\n });\n if(publicKey.length !== ed25519.constants.PUBLIC_KEY_BYTE_LENGTH) {\n throw new TypeError(\n '\"options.publicKey\" must have a byte length of ' +\n ed25519.constants.PUBLIC_KEY_BYTE_LENGTH);\n }\n\n var sm = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH + msg.length);\n var m = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH + msg.length);\n var i;\n for(i = 0; i < ed25519.constants.SIGN_BYTE_LENGTH; ++i) {\n sm[i] = sig[i];\n }\n for(i = 0; i < msg.length; ++i) {\n sm[i + ed25519.constants.SIGN_BYTE_LENGTH] = msg[i];\n }\n return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0);\n};\n\nfunction messageToNativeBuffer(options) {\n var message = options.message;\n if(message instanceof Uint8Array || message instanceof NativeBuffer) {\n return message;\n }\n\n var encoding = options.encoding;\n if(message === undefined) {\n if(options.md) {\n // TODO: more rigorous validation that `md` is a MessageDigest\n message = options.md.digest().getBytes();\n encoding = 'binary';\n } else {\n throw new TypeError('\"options.message\" or \"options.md\" not specified.');\n }\n }\n\n if(typeof message === 'string' && !encoding) {\n throw new TypeError('\"options.encoding\" must be \"binary\" or \"utf8\".');\n }\n\n if(typeof message === 'string') {\n if(typeof Buffer !== 'undefined') {\n return Buffer.from(message, encoding);\n }\n message = new ByteBuffer(message, encoding);\n } else if(!(message instanceof ByteBuffer)) {\n throw new TypeError(\n '\"options.message\" must be a node.js Buffer, a Uint8Array, a forge ' +\n 'ByteBuffer, or a string with \"options.encoding\" specifying its ' +\n 'encoding.');\n }\n\n // convert to native buffer\n var buffer = new NativeBuffer(message.length());\n for(var i = 0; i < buffer.length; ++i) {\n buffer[i] = message.at(i);\n }\n return buffer;\n}\n\nvar gf0 = gf();\nvar gf1 = gf([1]);\nvar D = gf([\n 0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070,\n 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]);\nvar D2 = gf([\n 0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0,\n 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]);\nvar X = gf([\n 0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c,\n 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]);\nvar Y = gf([\n 0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666,\n 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]);\nvar L = new Float64Array([\n 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58,\n 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,\n 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);\nvar I = gf([\n 0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43,\n 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]);\n\n// TODO: update forge buffer implementation to use `Buffer` or `Uint8Array`,\n// whichever is available, to improve performance\nfunction sha512(msg, msgLen) {\n // Note: `out` and `msg` are NativeBuffer\n var md = forge.md.sha512.create();\n var buffer = new ByteBuffer(msg);\n md.update(buffer.getBytes(msgLen), 'binary');\n var hash = md.digest().getBytes();\n if(typeof Buffer !== 'undefined') {\n return Buffer.from(hash, 'binary');\n }\n var out = new NativeBuffer(ed25519.constants.HASH_BYTE_LENGTH);\n for(var i = 0; i < 64; ++i) {\n out[i] = hash.charCodeAt(i);\n }\n return out;\n}\n\nfunction crypto_sign_keypair(pk, sk) {\n var p = [gf(), gf(), gf(), gf()];\n var i;\n\n var d = sha512(sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n scalarbase(p, d);\n pack(pk, p);\n\n for(i = 0; i < 32; ++i) {\n sk[i + 32] = pk[i];\n }\n return 0;\n}\n\n// Note: difference from C - smlen returned, not passed as argument.\nfunction crypto_sign(sm, m, n, sk) {\n var i, j, x = new Float64Array(64);\n var p = [gf(), gf(), gf(), gf()];\n\n var d = sha512(sk, 32);\n d[0] &= 248;\n d[31] &= 127;\n d[31] |= 64;\n\n var smlen = n + 64;\n for(i = 0; i < n; ++i) {\n sm[64 + i] = m[i];\n }\n for(i = 0; i < 32; ++i) {\n sm[32 + i] = d[32 + i];\n }\n\n var r = sha512(sm.subarray(32), n + 32);\n reduce(r);\n scalarbase(p, r);\n pack(sm, p);\n\n for(i = 32; i < 64; ++i) {\n sm[i] = sk[i];\n }\n var h = sha512(sm, n + 64);\n reduce(h);\n\n for(i = 32; i < 64; ++i) {\n x[i] = 0;\n }\n for(i = 0; i < 32; ++i) {\n x[i] = r[i];\n }\n for(i = 0; i < 32; ++i) {\n for(j = 0; j < 32; j++) {\n x[i + j] += h[i] * d[j];\n }\n }\n\n modL(sm.subarray(32), x);\n return smlen;\n}\n\nfunction crypto_sign_open(m, sm, n, pk) {\n var i, mlen;\n var t = new NativeBuffer(32);\n var p = [gf(), gf(), gf(), gf()],\n q = [gf(), gf(), gf(), gf()];\n\n mlen = -1;\n if(n < 64) {\n return -1;\n }\n\n if(unpackneg(q, pk)) {\n return -1;\n }\n\n for(i = 0; i < n; ++i) {\n m[i] = sm[i];\n }\n for(i = 0; i < 32; ++i) {\n m[i + 32] = pk[i];\n }\n var h = sha512(m, n);\n reduce(h);\n scalarmult(p, q, h);\n\n scalarbase(q, sm.subarray(32));\n add(p, q);\n pack(t, p);\n\n n -= 64;\n if(crypto_verify_32(sm, 0, t, 0)) {\n for(i = 0; i < n; ++i) {\n m[i] = 0;\n }\n return -1;\n }\n\n for(i = 0; i < n; ++i) {\n m[i] = sm[i + 64];\n }\n mlen = n;\n return mlen;\n}\n\nfunction modL(r, x) {\n var carry, i, j, k;\n for(i = 63; i >= 32; --i) {\n carry = 0;\n for(j = i - 32, k = i - 12; j < k; ++j) {\n x[j] += carry - 16 * x[i] * L[j - (i - 32)];\n carry = (x[j] + 128) >> 8;\n x[j] -= carry * 256;\n }\n x[j] += carry;\n x[i] = 0;\n }\n carry = 0;\n for(j = 0; j < 32; ++j) {\n x[j] += carry - (x[31] >> 4) * L[j];\n carry = x[j] >> 8;\n x[j] &= 255;\n }\n for(j = 0; j < 32; ++j) {\n x[j] -= carry * L[j];\n }\n for(i = 0; i < 32; ++i) {\n x[i + 1] += x[i] >> 8;\n r[i] = x[i] & 255;\n }\n}\n\nfunction reduce(r) {\n var x = new Float64Array(64);\n for(var i = 0; i < 64; ++i) {\n x[i] = r[i];\n r[i] = 0;\n }\n modL(r, x);\n}\n\nfunction add(p, q) {\n var a = gf(), b = gf(), c = gf(),\n d = gf(), e = gf(), f = gf(),\n g = gf(), h = gf(), t = gf();\n\n Z(a, p[1], p[0]);\n Z(t, q[1], q[0]);\n M(a, a, t);\n A(b, p[0], p[1]);\n A(t, q[0], q[1]);\n M(b, b, t);\n M(c, p[3], q[3]);\n M(c, c, D2);\n M(d, p[2], q[2]);\n A(d, d, d);\n Z(e, b, a);\n Z(f, d, c);\n A(g, d, c);\n A(h, b, a);\n\n M(p[0], e, f);\n M(p[1], h, g);\n M(p[2], g, f);\n M(p[3], e, h);\n}\n\nfunction cswap(p, q, b) {\n for(var i = 0; i < 4; ++i) {\n sel25519(p[i], q[i], b);\n }\n}\n\nfunction pack(r, p) {\n var tx = gf(), ty = gf(), zi = gf();\n inv25519(zi, p[2]);\n M(tx, p[0], zi);\n M(ty, p[1], zi);\n pack25519(r, ty);\n r[31] ^= par25519(tx) << 7;\n}\n\nfunction pack25519(o, n) {\n var i, j, b;\n var m = gf(), t = gf();\n for(i = 0; i < 16; ++i) {\n t[i] = n[i];\n }\n car25519(t);\n car25519(t);\n car25519(t);\n for(j = 0; j < 2; ++j) {\n m[0] = t[0] - 0xffed;\n for(i = 1; i < 15; ++i) {\n m[i] = t[i] - 0xffff - ((m[i - 1] >> 16) & 1);\n m[i-1] &= 0xffff;\n }\n m[15] = t[15] - 0x7fff - ((m[14] >> 16) & 1);\n b = (m[15] >> 16) & 1;\n m[14] &= 0xffff;\n sel25519(t, m, 1 - b);\n }\n for (i = 0; i < 16; i++) {\n o[2 * i] = t[i] & 0xff;\n o[2 * i + 1] = t[i] >> 8;\n }\n}\n\nfunction unpackneg(r, p) {\n var t = gf(), chk = gf(), num = gf(),\n den = gf(), den2 = gf(), den4 = gf(),\n den6 = gf();\n\n set25519(r[2], gf1);\n unpack25519(r[1], p);\n S(num, r[1]);\n M(den, num, D);\n Z(num, num, r[2]);\n A(den, r[2], den);\n\n S(den2, den);\n S(den4, den2);\n M(den6, den4, den2);\n M(t, den6, num);\n M(t, t, den);\n\n pow2523(t, t);\n M(t, t, num);\n M(t, t, den);\n M(t, t, den);\n M(r[0], t, den);\n\n S(chk, r[0]);\n M(chk, chk, den);\n if(neq25519(chk, num)) {\n M(r[0], r[0], I);\n }\n\n S(chk, r[0]);\n M(chk, chk, den);\n if(neq25519(chk, num)) {\n return -1;\n }\n\n if(par25519(r[0]) === (p[31] >> 7)) {\n Z(r[0], gf0, r[0]);\n }\n\n M(r[3], r[0], r[1]);\n return 0;\n}\n\nfunction unpack25519(o, n) {\n var i;\n for(i = 0; i < 16; ++i) {\n o[i] = n[2 * i] + (n[2 * i + 1] << 8);\n }\n o[15] &= 0x7fff;\n}\n\nfunction pow2523(o, i) {\n var c = gf();\n var a;\n for(a = 0; a < 16; ++a) {\n c[a] = i[a];\n }\n for(a = 250; a >= 0; --a) {\n S(c, c);\n if(a !== 1) {\n M(c, c, i);\n }\n }\n for(a = 0; a < 16; ++a) {\n o[a] = c[a];\n }\n}\n\nfunction neq25519(a, b) {\n var c = new NativeBuffer(32);\n var d = new NativeBuffer(32);\n pack25519(c, a);\n pack25519(d, b);\n return crypto_verify_32(c, 0, d, 0);\n}\n\nfunction crypto_verify_32(x, xi, y, yi) {\n return vn(x, xi, y, yi, 32);\n}\n\nfunction vn(x, xi, y, yi, n) {\n var i, d = 0;\n for(i = 0; i < n; ++i) {\n d |= x[xi + i] ^ y[yi + i];\n }\n return (1 & ((d - 1) >>> 8)) - 1;\n}\n\nfunction par25519(a) {\n var d = new NativeBuffer(32);\n pack25519(d, a);\n return d[0] & 1;\n}\n\nfunction scalarmult(p, q, s) {\n var b, i;\n set25519(p[0], gf0);\n set25519(p[1], gf1);\n set25519(p[2], gf1);\n set25519(p[3], gf0);\n for(i = 255; i >= 0; --i) {\n b = (s[(i / 8)|0] >> (i & 7)) & 1;\n cswap(p, q, b);\n add(q, p);\n add(p, p);\n cswap(p, q, b);\n }\n}\n\nfunction scalarbase(p, s) {\n var q = [gf(), gf(), gf(), gf()];\n set25519(q[0], X);\n set25519(q[1], Y);\n set25519(q[2], gf1);\n M(q[3], X, Y);\n scalarmult(p, q, s);\n}\n\nfunction set25519(r, a) {\n var i;\n for(i = 0; i < 16; i++) {\n r[i] = a[i] | 0;\n }\n}\n\nfunction inv25519(o, i) {\n var c = gf();\n var a;\n for(a = 0; a < 16; ++a) {\n c[a] = i[a];\n }\n for(a = 253; a >= 0; --a) {\n S(c, c);\n if(a !== 2 && a !== 4) {\n M(c, c, i);\n }\n }\n for(a = 0; a < 16; ++a) {\n o[a] = c[a];\n }\n}\n\nfunction car25519(o) {\n var i, v, c = 1;\n for(i = 0; i < 16; ++i) {\n v = o[i] + c + 65535;\n c = Math.floor(v / 65536);\n o[i] = v - c * 65536;\n }\n o[0] += c - 1 + 37 * (c - 1);\n}\n\nfunction sel25519(p, q, b) {\n var t, c = ~(b - 1);\n for(var i = 0; i < 16; ++i) {\n t = c & (p[i] ^ q[i]);\n p[i] ^= t;\n q[i] ^= t;\n }\n}\n\nfunction gf(init) {\n var i, r = new Float64Array(16);\n if(init) {\n for(i = 0; i < init.length; ++i) {\n r[i] = init[i];\n }\n }\n return r;\n}\n\nfunction A(o, a, b) {\n for(var i = 0; i < 16; ++i) {\n o[i] = a[i] + b[i];\n }\n}\n\nfunction Z(o, a, b) {\n for(var i = 0; i < 16; ++i) {\n o[i] = a[i] - b[i];\n }\n}\n\nfunction S(o, a) {\n M(o, a, a);\n}\n\nfunction M(o, a, b) {\n var v, c,\n t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0,\n t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0,\n t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0,\n t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0,\n b0 = b[0],\n b1 = b[1],\n b2 = b[2],\n b3 = b[3],\n b4 = b[4],\n b5 = b[5],\n b6 = b[6],\n b7 = b[7],\n b8 = b[8],\n b9 = b[9],\n b10 = b[10],\n b11 = b[11],\n b12 = b[12],\n b13 = b[13],\n b14 = b[14],\n b15 = b[15];\n\n v = a[0];\n t0 += v * b0;\n t1 += v * b1;\n t2 += v * b2;\n t3 += v * b3;\n t4 += v * b4;\n t5 += v * b5;\n t6 += v * b6;\n t7 += v * b7;\n t8 += v * b8;\n t9 += v * b9;\n t10 += v * b10;\n t11 += v * b11;\n t12 += v * b12;\n t13 += v * b13;\n t14 += v * b14;\n t15 += v * b15;\n v = a[1];\n t1 += v * b0;\n t2 += v * b1;\n t3 += v * b2;\n t4 += v * b3;\n t5 += v * b4;\n t6 += v * b5;\n t7 += v * b6;\n t8 += v * b7;\n t9 += v * b8;\n t10 += v * b9;\n t11 += v * b10;\n t12 += v * b11;\n t13 += v * b12;\n t14 += v * b13;\n t15 += v * b14;\n t16 += v * b15;\n v = a[2];\n t2 += v * b0;\n t3 += v * b1;\n t4 += v * b2;\n t5 += v * b3;\n t6 += v * b4;\n t7 += v * b5;\n t8 += v * b6;\n t9 += v * b7;\n t10 += v * b8;\n t11 += v * b9;\n t12 += v * b10;\n t13 += v * b11;\n t14 += v * b12;\n t15 += v * b13;\n t16 += v * b14;\n t17 += v * b15;\n v = a[3];\n t3 += v * b0;\n t4 += v * b1;\n t5 += v * b2;\n t6 += v * b3;\n t7 += v * b4;\n t8 += v * b5;\n t9 += v * b6;\n t10 += v * b7;\n t11 += v * b8;\n t12 += v * b9;\n t13 += v * b10;\n t14 += v * b11;\n t15 += v * b12;\n t16 += v * b13;\n t17 += v * b14;\n t18 += v * b15;\n v = a[4];\n t4 += v * b0;\n t5 += v * b1;\n t6 += v * b2;\n t7 += v * b3;\n t8 += v * b4;\n t9 += v * b5;\n t10 += v * b6;\n t11 += v * b7;\n t12 += v * b8;\n t13 += v * b9;\n t14 += v * b10;\n t15 += v * b11;\n t16 += v * b12;\n t17 += v * b13;\n t18 += v * b14;\n t19 += v * b15;\n v = a[5];\n t5 += v * b0;\n t6 += v * b1;\n t7 += v * b2;\n t8 += v * b3;\n t9 += v * b4;\n t10 += v * b5;\n t11 += v * b6;\n t12 += v * b7;\n t13 += v * b8;\n t14 += v * b9;\n t15 += v * b10;\n t16 += v * b11;\n t17 += v * b12;\n t18 += v * b13;\n t19 += v * b14;\n t20 += v * b15;\n v = a[6];\n t6 += v * b0;\n t7 += v * b1;\n t8 += v * b2;\n t9 += v * b3;\n t10 += v * b4;\n t11 += v * b5;\n t12 += v * b6;\n t13 += v * b7;\n t14 += v * b8;\n t15 += v * b9;\n t16 += v * b10;\n t17 += v * b11;\n t18 += v * b12;\n t19 += v * b13;\n t20 += v * b14;\n t21 += v * b15;\n v = a[7];\n t7 += v * b0;\n t8 += v * b1;\n t9 += v * b2;\n t10 += v * b3;\n t11 += v * b4;\n t12 += v * b5;\n t13 += v * b6;\n t14 += v * b7;\n t15 += v * b8;\n t16 += v * b9;\n t17 += v * b10;\n t18 += v * b11;\n t19 += v * b12;\n t20 += v * b13;\n t21 += v * b14;\n t22 += v * b15;\n v = a[8];\n t8 += v * b0;\n t9 += v * b1;\n t10 += v * b2;\n t11 += v * b3;\n t12 += v * b4;\n t13 += v * b5;\n t14 += v * b6;\n t15 += v * b7;\n t16 += v * b8;\n t17 += v * b9;\n t18 += v * b10;\n t19 += v * b11;\n t20 += v * b12;\n t21 += v * b13;\n t22 += v * b14;\n t23 += v * b15;\n v = a[9];\n t9 += v * b0;\n t10 += v * b1;\n t11 += v * b2;\n t12 += v * b3;\n t13 += v * b4;\n t14 += v * b5;\n t15 += v * b6;\n t16 += v * b7;\n t17 += v * b8;\n t18 += v * b9;\n t19 += v * b10;\n t20 += v * b11;\n t21 += v * b12;\n t22 += v * b13;\n t23 += v * b14;\n t24 += v * b15;\n v = a[10];\n t10 += v * b0;\n t11 += v * b1;\n t12 += v * b2;\n t13 += v * b3;\n t14 += v * b4;\n t15 += v * b5;\n t16 += v * b6;\n t17 += v * b7;\n t18 += v * b8;\n t19 += v * b9;\n t20 += v * b10;\n t21 += v * b11;\n t22 += v * b12;\n t23 += v * b13;\n t24 += v * b14;\n t25 += v * b15;\n v = a[11];\n t11 += v * b0;\n t12 += v * b1;\n t13 += v * b2;\n t14 += v * b3;\n t15 += v * b4;\n t16 += v * b5;\n t17 += v * b6;\n t18 += v * b7;\n t19 += v * b8;\n t20 += v * b9;\n t21 += v * b10;\n t22 += v * b11;\n t23 += v * b12;\n t24 += v * b13;\n t25 += v * b14;\n t26 += v * b15;\n v = a[12];\n t12 += v * b0;\n t13 += v * b1;\n t14 += v * b2;\n t15 += v * b3;\n t16 += v * b4;\n t17 += v * b5;\n t18 += v * b6;\n t19 += v * b7;\n t20 += v * b8;\n t21 += v * b9;\n t22 += v * b10;\n t23 += v * b11;\n t24 += v * b12;\n t25 += v * b13;\n t26 += v * b14;\n t27 += v * b15;\n v = a[13];\n t13 += v * b0;\n t14 += v * b1;\n t15 += v * b2;\n t16 += v * b3;\n t17 += v * b4;\n t18 += v * b5;\n t19 += v * b6;\n t20 += v * b7;\n t21 += v * b8;\n t22 += v * b9;\n t23 += v * b10;\n t24 += v * b11;\n t25 += v * b12;\n t26 += v * b13;\n t27 += v * b14;\n t28 += v * b15;\n v = a[14];\n t14 += v * b0;\n t15 += v * b1;\n t16 += v * b2;\n t17 += v * b3;\n t18 += v * b4;\n t19 += v * b5;\n t20 += v * b6;\n t21 += v * b7;\n t22 += v * b8;\n t23 += v * b9;\n t24 += v * b10;\n t25 += v * b11;\n t26 += v * b12;\n t27 += v * b13;\n t28 += v * b14;\n t29 += v * b15;\n v = a[15];\n t15 += v * b0;\n t16 += v * b1;\n t17 += v * b2;\n t18 += v * b3;\n t19 += v * b4;\n t20 += v * b5;\n t21 += v * b6;\n t22 += v * b7;\n t23 += v * b8;\n t24 += v * b9;\n t25 += v * b10;\n t26 += v * b11;\n t27 += v * b12;\n t28 += v * b13;\n t29 += v * b14;\n t30 += v * b15;\n\n t0 += 38 * t16;\n t1 += 38 * t17;\n t2 += 38 * t18;\n t3 += 38 * t19;\n t4 += 38 * t20;\n t5 += 38 * t21;\n t6 += 38 * t22;\n t7 += 38 * t23;\n t8 += 38 * t24;\n t9 += 38 * t25;\n t10 += 38 * t26;\n t11 += 38 * t27;\n t12 += 38 * t28;\n t13 += 38 * t29;\n t14 += 38 * t30;\n // t15 left as is\n\n // first car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n // second car\n c = 1;\n v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536;\n v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536;\n v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536;\n v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536;\n v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536;\n v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536;\n v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536;\n v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536;\n v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536;\n v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536;\n v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536;\n v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536;\n v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536;\n v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536;\n v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536;\n v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536;\n t0 += c-1 + 37 * (c-1);\n\n o[ 0] = t0;\n o[ 1] = t1;\n o[ 2] = t2;\n o[ 3] = t3;\n o[ 4] = t4;\n o[ 5] = t5;\n o[ 6] = t6;\n o[ 7] = t7;\n o[ 8] = t8;\n o[ 9] = t9;\n o[10] = t10;\n o[11] = t11;\n o[12] = t12;\n o[13] = t13;\n o[14] = t14;\n o[15] = t15;\n}\n","/**\n * Javascript implementation of RSA-KEM.\n *\n * @author Lautaro Cozzani Rodriguez\n * @author Dave Longley\n *\n * Copyright (c) 2014 Lautaro Cozzani <lautaro.cozzani@scytl.com>\n * Copyright (c) 2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\nrequire('./random');\nrequire('./jsbn');\n\nmodule.exports = forge.kem = forge.kem || {};\n\nvar BigInteger = forge.jsbn.BigInteger;\n\n/**\n * The API for the RSA Key Encapsulation Mechanism (RSA-KEM) from ISO 18033-2.\n */\nforge.kem.rsa = {};\n\n/**\n * Creates an RSA KEM API object for generating a secret asymmetric key.\n *\n * The symmetric key may be generated via a call to 'encrypt', which will\n * produce a ciphertext to be transmitted to the recipient and a key to be\n * kept secret. The ciphertext is a parameter to be passed to 'decrypt' which\n * will produce the same secret key for the recipient to use to decrypt a\n * message that was encrypted with the secret key.\n *\n * @param kdf the KDF API to use (eg: new forge.kem.kdf1()).\n * @param options the options to use.\n * [prng] a custom crypto-secure pseudo-random number generator to use,\n * that must define \"getBytesSync\".\n */\nforge.kem.rsa.create = function(kdf, options) {\n options = options || {};\n var prng = options.prng || forge.random;\n\n var kem = {};\n\n /**\n * Generates a secret key and its encapsulation.\n *\n * @param publicKey the RSA public key to encrypt with.\n * @param keyLength the length, in bytes, of the secret key to generate.\n *\n * @return an object with:\n * encapsulation: the ciphertext for generating the secret key, as a\n * binary-encoded string of bytes.\n * key: the secret key to use for encrypting a message.\n */\n kem.encrypt = function(publicKey, keyLength) {\n // generate a random r where 1 < r < n\n var byteLength = Math.ceil(publicKey.n.bitLength() / 8);\n var r;\n do {\n r = new BigInteger(\n forge.util.bytesToHex(prng.getBytesSync(byteLength)),\n 16).mod(publicKey.n);\n } while(r.compareTo(BigInteger.ONE) <= 0);\n\n // prepend r with zeros\n r = forge.util.hexToBytes(r.toString(16));\n var zeros = byteLength - r.length;\n if(zeros > 0) {\n r = forge.util.fillString(String.fromCharCode(0), zeros) + r;\n }\n\n // encrypt the random\n var encapsulation = publicKey.encrypt(r, 'NONE');\n\n // generate the secret key\n var key = kdf.generate(r, keyLength);\n\n return {encapsulation: encapsulation, key: key};\n };\n\n /**\n * Decrypts an encapsulated secret key.\n *\n * @param privateKey the RSA private key to decrypt with.\n * @param encapsulation the ciphertext for generating the secret key, as\n * a binary-encoded string of bytes.\n * @param keyLength the length, in bytes, of the secret key to generate.\n *\n * @return the secret key as a binary-encoded string of bytes.\n */\n kem.decrypt = function(privateKey, encapsulation, keyLength) {\n // decrypt the encapsulation and generate the secret key\n var r = privateKey.decrypt(encapsulation, 'NONE');\n return kdf.generate(r, keyLength);\n };\n\n return kem;\n};\n\n// TODO: add forge.kem.kdf.create('KDF1', {md: ..., ...}) API?\n\n/**\n * Creates a key derivation API object that implements KDF1 per ISO 18033-2.\n *\n * @param md the hash API to use.\n * @param [digestLength] an optional digest length that must be positive and\n * less than or equal to md.digestLength.\n *\n * @return a KDF1 API object.\n */\nforge.kem.kdf1 = function(md, digestLength) {\n _createKDF(this, md, 0, digestLength || md.digestLength);\n};\n\n/**\n * Creates a key derivation API object that implements KDF2 per ISO 18033-2.\n *\n * @param md the hash API to use.\n * @param [digestLength] an optional digest length that must be positive and\n * less than or equal to md.digestLength.\n *\n * @return a KDF2 API object.\n */\nforge.kem.kdf2 = function(md, digestLength) {\n _createKDF(this, md, 1, digestLength || md.digestLength);\n};\n\n/**\n * Creates a KDF1 or KDF2 API object.\n *\n * @param md the hash API to use.\n * @param counterStart the starting index for the counter.\n * @param digestLength the digest length to use.\n *\n * @return the KDF API object.\n */\nfunction _createKDF(kdf, md, counterStart, digestLength) {\n /**\n * Generate a key of the specified length.\n *\n * @param x the binary-encoded byte string to generate a key from.\n * @param length the number of bytes to generate (the size of the key).\n *\n * @return the key as a binary-encoded string.\n */\n kdf.generate = function(x, length) {\n var key = new forge.util.ByteBuffer();\n\n // run counter from counterStart to ceil(length / Hash.len)\n var k = Math.ceil(length / digestLength) + counterStart;\n\n var c = new forge.util.ByteBuffer();\n for(var i = counterStart; i < k; ++i) {\n // I2OSP(i, 4): convert counter to an octet string of 4 octets\n c.putInt32(i);\n\n // digest 'x' and the counter and add the result to the key\n md.start();\n md.update(x + c.getBytes());\n var hash = md.digest();\n key.putBytes(hash.getBytes(digestLength));\n }\n\n // truncate to the correct key length\n key.truncate(key.length() - length);\n return key.getBytes();\n };\n}\n","/**\n * Cross-browser support for logging in a web application.\n *\n * @author David I. Lehn <dlehn@digitalbazaar.com>\n *\n * Copyright (c) 2008-2013 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\n\n/* LOG API */\nmodule.exports = forge.log = forge.log || {};\n\n/**\n * Application logging system.\n *\n * Each logger level available as it's own function of the form:\n * forge.log.level(category, args...)\n * The category is an arbitrary string, and the args are the same as\n * Firebug's console.log API. By default the call will be output as:\n * 'LEVEL [category] <args[0]>, args[1], ...'\n * This enables proper % formatting via the first argument.\n * Each category is enabled by default but can be enabled or disabled with\n * the setCategoryEnabled() function.\n */\n// list of known levels\nforge.log.levels = [\n 'none', 'error', 'warning', 'info', 'debug', 'verbose', 'max'];\n// info on the levels indexed by name:\n// index: level index\n// name: uppercased display name\nvar sLevelInfo = {};\n// list of loggers\nvar sLoggers = [];\n/**\n * Standard console logger. If no console support is enabled this will\n * remain null. Check before using.\n */\nvar sConsoleLogger = null;\n\n// logger flags\n/**\n * Lock the level at the current value. Used in cases where user config may\n * set the level such that only critical messages are seen but more verbose\n * messages are needed for debugging or other purposes.\n */\nforge.log.LEVEL_LOCKED = (1 << 1);\n/**\n * Always call log function. By default, the logging system will check the\n * message level against logger.level before calling the log function. This\n * flag allows the function to do its own check.\n */\nforge.log.NO_LEVEL_CHECK = (1 << 2);\n/**\n * Perform message interpolation with the passed arguments. \"%\" style\n * fields in log messages will be replaced by arguments as needed. Some\n * loggers, such as Firebug, may do this automatically. The original log\n * message will be available as 'message' and the interpolated version will\n * be available as 'fullMessage'.\n */\nforge.log.INTERPOLATE = (1 << 3);\n\n// setup each log level\nfor(var i = 0; i < forge.log.levels.length; ++i) {\n var level = forge.log.levels[i];\n sLevelInfo[level] = {\n index: i,\n name: level.toUpperCase()\n };\n}\n\n/**\n * Message logger. Will dispatch a message to registered loggers as needed.\n *\n * @param message message object\n */\nforge.log.logMessage = function(message) {\n var messageLevelIndex = sLevelInfo[message.level].index;\n for(var i = 0; i < sLoggers.length; ++i) {\n var logger = sLoggers[i];\n if(logger.flags & forge.log.NO_LEVEL_CHECK) {\n logger.f(message);\n } else {\n // get logger level\n var loggerLevelIndex = sLevelInfo[logger.level].index;\n // check level\n if(messageLevelIndex <= loggerLevelIndex) {\n // message critical enough, call logger\n logger.f(logger, message);\n }\n }\n }\n};\n\n/**\n * Sets the 'standard' key on a message object to:\n * \"LEVEL [category] \" + message\n *\n * @param message a message log object\n */\nforge.log.prepareStandard = function(message) {\n if(!('standard' in message)) {\n message.standard =\n sLevelInfo[message.level].name +\n //' ' + +message.timestamp +\n ' [' + message.category + '] ' +\n message.message;\n }\n};\n\n/**\n * Sets the 'full' key on a message object to the original message\n * interpolated via % formatting with the message arguments.\n *\n * @param message a message log object.\n */\nforge.log.prepareFull = function(message) {\n if(!('full' in message)) {\n // copy args and insert message at the front\n var args = [message.message];\n args = args.concat([] || message['arguments']);\n // format the message\n message.full = forge.util.format.apply(this, args);\n }\n};\n\n/**\n * Applies both preparseStandard() and prepareFull() to a message object and\n * store result in 'standardFull'.\n *\n * @param message a message log object.\n */\nforge.log.prepareStandardFull = function(message) {\n if(!('standardFull' in message)) {\n // FIXME implement 'standardFull' logging\n forge.log.prepareStandard(message);\n message.standardFull = message.standard;\n }\n};\n\n// create log level functions\nif(true) {\n // levels for which we want functions\n var levels = ['error', 'warning', 'info', 'debug', 'verbose'];\n for(var i = 0; i < levels.length; ++i) {\n // wrap in a function to ensure proper level var is passed\n (function(level) {\n // create function for this level\n forge.log[level] = function(category, message/*, args...*/) {\n // convert arguments to real array, remove category and message\n var args = Array.prototype.slice.call(arguments).slice(2);\n // create message object\n // Note: interpolation and standard formatting is done lazily\n var msg = {\n timestamp: new Date(),\n level: level,\n category: category,\n message: message,\n 'arguments': args\n /*standard*/\n /*full*/\n /*fullMessage*/\n };\n // process this message\n forge.log.logMessage(msg);\n };\n })(levels[i]);\n }\n}\n\n/**\n * Creates a new logger with specified custom logging function.\n *\n * The logging function has a signature of:\n * function(logger, message)\n * logger: current logger\n * message: object:\n * level: level id\n * category: category\n * message: string message\n * arguments: Array of extra arguments\n * fullMessage: interpolated message and arguments if INTERPOLATE flag set\n *\n * @param logFunction a logging function which takes a log message object\n * as a parameter.\n *\n * @return a logger object.\n */\nforge.log.makeLogger = function(logFunction) {\n var logger = {\n flags: 0,\n f: logFunction\n };\n forge.log.setLevel(logger, 'none');\n return logger;\n};\n\n/**\n * Sets the current log level on a logger.\n *\n * @param logger the target logger.\n * @param level the new maximum log level as a string.\n *\n * @return true if set, false if not.\n */\nforge.log.setLevel = function(logger, level) {\n var rval = false;\n if(logger && !(logger.flags & forge.log.LEVEL_LOCKED)) {\n for(var i = 0; i < forge.log.levels.length; ++i) {\n var aValidLevel = forge.log.levels[i];\n if(level == aValidLevel) {\n // set level\n logger.level = level;\n rval = true;\n break;\n }\n }\n }\n\n return rval;\n};\n\n/**\n * Locks the log level at its current value.\n *\n * @param logger the target logger.\n * @param lock boolean lock value, default to true.\n */\nforge.log.lock = function(logger, lock) {\n if(typeof lock === 'undefined' || lock) {\n logger.flags |= forge.log.LEVEL_LOCKED;\n } else {\n logger.flags &= ~forge.log.LEVEL_LOCKED;\n }\n};\n\n/**\n * Adds a logger.\n *\n * @param logger the logger object.\n */\nforge.log.addLogger = function(logger) {\n sLoggers.push(logger);\n};\n\n// setup the console logger if possible, else create fake console.log\nif(typeof(console) !== 'undefined' && 'log' in console) {\n var logger;\n if(console.error && console.warn && console.info && console.debug) {\n // looks like Firebug-style logging is available\n // level handlers map\n var levelHandlers = {\n error: console.error,\n warning: console.warn,\n info: console.info,\n debug: console.debug,\n verbose: console.debug\n };\n var f = function(logger, message) {\n forge.log.prepareStandard(message);\n var handler = levelHandlers[message.level];\n // prepend standard message and concat args\n var args = [message.standard];\n args = args.concat(message['arguments'].slice());\n // apply to low-level console function\n handler.apply(console, args);\n };\n logger = forge.log.makeLogger(f);\n } else {\n // only appear to have basic console.log\n var f = function(logger, message) {\n forge.log.prepareStandardFull(message);\n console.log(message.standardFull);\n };\n logger = forge.log.makeLogger(f);\n }\n forge.log.setLevel(logger, 'debug');\n forge.log.addLogger(logger);\n sConsoleLogger = logger;\n} else {\n // define fake console.log to avoid potential script errors on\n // browsers that do not have console logging\n console = {\n log: function() {}\n };\n}\n\n/*\n * Check for logging control query vars in current URL.\n *\n * console.level=<level-name>\n * Set's the console log level by name. Useful to override defaults and\n * allow more verbose logging before a user config is loaded.\n *\n * console.lock=<true|false>\n * Lock the console log level at whatever level it is set at. This is run\n * after console.level is processed. Useful to force a level of verbosity\n * that could otherwise be limited by a user config.\n */\nif(sConsoleLogger !== null &&\n typeof window !== 'undefined' && window.location\n) {\n var query = new URL(window.location.href).searchParams;\n if(query.has('console.level')) {\n // set with last value\n forge.log.setLevel(\n sConsoleLogger, query.get('console.level').slice(-1)[0]);\n }\n if(query.has('console.lock')) {\n // set with last value\n var lock = query.get('console.lock').slice(-1)[0];\n if(lock == 'true') {\n forge.log.lock(sConsoleLogger);\n }\n }\n}\n\n// provide public access to console logger\nforge.log.consoleLogger = sConsoleLogger;\n","/**\n * Node.js module for all known Forge message digests.\n *\n * @author Dave Longley\n *\n * Copyright 2011-2017 Digital Bazaar, Inc.\n */\nmodule.exports = require('./md');\n\nrequire('./md5');\nrequire('./sha1');\nrequire('./sha256');\nrequire('./sha512');\n","/**\n * Javascript implementation of PKCS#7 v1.5.\n *\n * @author Stefan Siegl\n * @author Dave Longley\n *\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n * Copyright (c) 2012-2015 Digital Bazaar, Inc.\n *\n * Currently this implementation only supports ContentType of EnvelopedData,\n * EncryptedData, or SignedData at the root level. The top level elements may\n * contain only a ContentInfo of ContentType Data, i.e. plain data. Further\n * nesting is not (yet) supported.\n *\n * The Forge validators for PKCS #7's ASN.1 structures are available from\n * a separate file pkcs7asn1.js, since those are referenced from other\n * PKCS standards like PKCS #12.\n */\nvar forge = require('./forge');\nrequire('./aes');\nrequire('./asn1');\nrequire('./des');\nrequire('./oids');\nrequire('./pem');\nrequire('./pkcs7asn1');\nrequire('./random');\nrequire('./util');\nrequire('./x509');\n\n// shortcut for ASN.1 API\nvar asn1 = forge.asn1;\n\n// shortcut for PKCS#7 API\nvar p7 = module.exports = forge.pkcs7 = forge.pkcs7 || {};\n\n/**\n * Converts a PKCS#7 message from PEM format.\n *\n * @param pem the PEM-formatted PKCS#7 message.\n *\n * @return the PKCS#7 message.\n */\np7.messageFromPem = function(pem) {\n var msg = forge.pem.decode(pem)[0];\n\n if(msg.type !== 'PKCS7') {\n var error = new Error('Could not convert PKCS#7 message from PEM; PEM ' +\n 'header type is not \"PKCS#7\".');\n error.headerType = msg.type;\n throw error;\n }\n if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n throw new Error('Could not convert PKCS#7 message from PEM; PEM is encrypted.');\n }\n\n // convert DER to ASN.1 object\n var obj = asn1.fromDer(msg.body);\n\n return p7.messageFromAsn1(obj);\n};\n\n/**\n * Converts a PKCS#7 message to PEM format.\n *\n * @param msg The PKCS#7 message object\n * @param maxline The maximum characters per line, defaults to 64.\n *\n * @return The PEM-formatted PKCS#7 message.\n */\np7.messageToPem = function(msg, maxline) {\n // convert to ASN.1, then DER, then PEM-encode\n var pemObj = {\n type: 'PKCS7',\n body: asn1.toDer(msg.toAsn1()).getBytes()\n };\n return forge.pem.encode(pemObj, {maxline: maxline});\n};\n\n/**\n * Converts a PKCS#7 message from an ASN.1 object.\n *\n * @param obj the ASN.1 representation of a ContentInfo.\n *\n * @return the PKCS#7 message.\n */\np7.messageFromAsn1 = function(obj) {\n // validate root level ContentInfo and capture data\n var capture = {};\n var errors = [];\n if(!asn1.validate(obj, p7.asn1.contentInfoValidator, capture, errors)) {\n var error = new Error('Cannot read PKCS#7 message. ' +\n 'ASN.1 object is not an PKCS#7 ContentInfo.');\n error.errors = errors;\n throw error;\n }\n\n var contentType = asn1.derToOid(capture.contentType);\n var msg;\n\n switch(contentType) {\n case forge.pki.oids.envelopedData:\n msg = p7.createEnvelopedData();\n break;\n\n case forge.pki.oids.encryptedData:\n msg = p7.createEncryptedData();\n break;\n\n case forge.pki.oids.signedData:\n msg = p7.createSignedData();\n break;\n\n default:\n throw new Error('Cannot read PKCS#7 message. ContentType with OID ' +\n contentType + ' is not (yet) supported.');\n }\n\n msg.fromAsn1(capture.content.value[0]);\n return msg;\n};\n\np7.createSignedData = function() {\n var msg = null;\n msg = {\n type: forge.pki.oids.signedData,\n version: 1,\n certificates: [],\n crls: [],\n // TODO: add json-formatted signer stuff here?\n signers: [],\n // populated during sign()\n digestAlgorithmIdentifiers: [],\n contentInfo: null,\n signerInfos: [],\n\n fromAsn1: function(obj) {\n // validate SignedData content block and capture data.\n _fromAsn1(msg, obj, p7.asn1.signedDataValidator);\n msg.certificates = [];\n msg.crls = [];\n msg.digestAlgorithmIdentifiers = [];\n msg.contentInfo = null;\n msg.signerInfos = [];\n\n if(msg.rawCapture.certificates) {\n var certs = msg.rawCapture.certificates.value;\n for(var i = 0; i < certs.length; ++i) {\n msg.certificates.push(forge.pki.certificateFromAsn1(certs[i]));\n }\n }\n\n // TODO: parse crls\n },\n\n toAsn1: function() {\n // degenerate case with no content\n if(!msg.contentInfo) {\n msg.sign();\n }\n\n var certs = [];\n for(var i = 0; i < msg.certificates.length; ++i) {\n certs.push(forge.pki.certificateToAsn1(msg.certificates[i]));\n }\n\n var crls = [];\n // TODO: implement CRLs\n\n // [0] SignedData\n var signedData = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // Version\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(msg.version).getBytes()),\n // DigestAlgorithmIdentifiers\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SET, true,\n msg.digestAlgorithmIdentifiers),\n // ContentInfo\n msg.contentInfo\n ])\n ]);\n if(certs.length > 0) {\n // [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL\n signedData.value[0].value.push(\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, certs));\n }\n if(crls.length > 0) {\n // [1] IMPLICIT CertificateRevocationLists OPTIONAL\n signedData.value[0].value.push(\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, crls));\n }\n // SignerInfos\n signedData.value[0].value.push(\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true,\n msg.signerInfos));\n\n // ContentInfo\n return asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // ContentType\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(msg.type).getBytes()),\n // [0] SignedData\n signedData\n ]);\n },\n\n /**\n * Add (another) entity to list of signers.\n *\n * Note: If authenticatedAttributes are provided, then, per RFC 2315,\n * they must include at least two attributes: content type and\n * message digest. The message digest attribute value will be\n * auto-calculated during signing and will be ignored if provided.\n *\n * Here's an example of providing these two attributes:\n *\n * forge.pkcs7.createSignedData();\n * p7.addSigner({\n * issuer: cert.issuer.attributes,\n * serialNumber: cert.serialNumber,\n * key: privateKey,\n * digestAlgorithm: forge.pki.oids.sha1,\n * authenticatedAttributes: [{\n * type: forge.pki.oids.contentType,\n * value: forge.pki.oids.data\n * }, {\n * type: forge.pki.oids.messageDigest\n * }]\n * });\n *\n * TODO: Support [subjectKeyIdentifier] as signer's ID.\n *\n * @param signer the signer information:\n * key the signer's private key.\n * [certificate] a certificate containing the public key\n * associated with the signer's private key; use this option as\n * an alternative to specifying signer.issuer and\n * signer.serialNumber.\n * [issuer] the issuer attributes (eg: cert.issuer.attributes).\n * [serialNumber] the signer's certificate's serial number in\n * hexadecimal (eg: cert.serialNumber).\n * [digestAlgorithm] the message digest OID, as a string, to use\n * (eg: forge.pki.oids.sha1).\n * [authenticatedAttributes] an optional array of attributes\n * to also sign along with the content.\n */\n addSigner: function(signer) {\n var issuer = signer.issuer;\n var serialNumber = signer.serialNumber;\n if(signer.certificate) {\n var cert = signer.certificate;\n if(typeof cert === 'string') {\n cert = forge.pki.certificateFromPem(cert);\n }\n issuer = cert.issuer.attributes;\n serialNumber = cert.serialNumber;\n }\n var key = signer.key;\n if(!key) {\n throw new Error(\n 'Could not add PKCS#7 signer; no private key specified.');\n }\n if(typeof key === 'string') {\n key = forge.pki.privateKeyFromPem(key);\n }\n\n // ensure OID known for digest algorithm\n var digestAlgorithm = signer.digestAlgorithm || forge.pki.oids.sha1;\n switch(digestAlgorithm) {\n case forge.pki.oids.sha1:\n case forge.pki.oids.sha256:\n case forge.pki.oids.sha384:\n case forge.pki.oids.sha512:\n case forge.pki.oids.md5:\n break;\n default:\n throw new Error(\n 'Could not add PKCS#7 signer; unknown message digest algorithm: ' +\n digestAlgorithm);\n }\n\n // if authenticatedAttributes is present, then the attributes\n // must contain at least PKCS #9 content-type and message-digest\n var authenticatedAttributes = signer.authenticatedAttributes || [];\n if(authenticatedAttributes.length > 0) {\n var contentType = false;\n var messageDigest = false;\n for(var i = 0; i < authenticatedAttributes.length; ++i) {\n var attr = authenticatedAttributes[i];\n if(!contentType && attr.type === forge.pki.oids.contentType) {\n contentType = true;\n if(messageDigest) {\n break;\n }\n continue;\n }\n if(!messageDigest && attr.type === forge.pki.oids.messageDigest) {\n messageDigest = true;\n if(contentType) {\n break;\n }\n continue;\n }\n }\n\n if(!contentType || !messageDigest) {\n throw new Error('Invalid signer.authenticatedAttributes. If ' +\n 'signer.authenticatedAttributes is specified, then it must ' +\n 'contain at least two attributes, PKCS #9 content-type and ' +\n 'PKCS #9 message-digest.');\n }\n }\n\n msg.signers.push({\n key: key,\n version: 1,\n issuer: issuer,\n serialNumber: serialNumber,\n digestAlgorithm: digestAlgorithm,\n signatureAlgorithm: forge.pki.oids.rsaEncryption,\n signature: null,\n authenticatedAttributes: authenticatedAttributes,\n unauthenticatedAttributes: []\n });\n },\n\n /**\n * Signs the content.\n * @param options Options to apply when signing:\n * [detached] boolean. If signing should be done in detached mode. Defaults to false.\n */\n sign: function(options) {\n options = options || {};\n // auto-generate content info\n if(typeof msg.content !== 'object' || msg.contentInfo === null) {\n // use Data ContentInfo\n msg.contentInfo = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // ContentType\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(forge.pki.oids.data).getBytes())\n ]);\n\n // add actual content, if present\n if('content' in msg) {\n var content;\n if(msg.content instanceof forge.util.ByteBuffer) {\n content = msg.content.bytes();\n } else if(typeof msg.content === 'string') {\n content = forge.util.encodeUtf8(msg.content);\n }\n\n if (options.detached) {\n msg.detachedContent = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, content);\n } else {\n msg.contentInfo.value.push(\n // [0] EXPLICIT content\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n content)\n ]));\n }\n }\n }\n\n // no signers, return early (degenerate case for certificate container)\n if(msg.signers.length === 0) {\n return;\n }\n\n // generate digest algorithm identifiers\n var mds = addDigestAlgorithmIds();\n\n // generate signerInfos\n addSignerInfos(mds);\n },\n\n verify: function() {\n throw new Error('PKCS#7 signature verification not yet implemented.');\n },\n\n /**\n * Add a certificate.\n *\n * @param cert the certificate to add.\n */\n addCertificate: function(cert) {\n // convert from PEM\n if(typeof cert === 'string') {\n cert = forge.pki.certificateFromPem(cert);\n }\n msg.certificates.push(cert);\n },\n\n /**\n * Add a certificate revokation list.\n *\n * @param crl the certificate revokation list to add.\n */\n addCertificateRevokationList: function(crl) {\n throw new Error('PKCS#7 CRL support not yet implemented.');\n }\n };\n return msg;\n\n function addDigestAlgorithmIds() {\n var mds = {};\n\n for(var i = 0; i < msg.signers.length; ++i) {\n var signer = msg.signers[i];\n var oid = signer.digestAlgorithm;\n if(!(oid in mds)) {\n // content digest\n mds[oid] = forge.md[forge.pki.oids[oid]].create();\n }\n if(signer.authenticatedAttributes.length === 0) {\n // no custom attributes to digest; use content message digest\n signer.md = mds[oid];\n } else {\n // custom attributes to be digested; use own message digest\n // TODO: optimize to just copy message digest state if that\n // feature is ever supported with message digests\n signer.md = forge.md[forge.pki.oids[oid]].create();\n }\n }\n\n // add unique digest algorithm identifiers\n msg.digestAlgorithmIdentifiers = [];\n for(var oid in mds) {\n msg.digestAlgorithmIdentifiers.push(\n // AlgorithmIdentifier\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // algorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(oid).getBytes()),\n // parameters (null)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n ]));\n }\n\n return mds;\n }\n\n function addSignerInfos(mds) {\n var content;\n\n if (msg.detachedContent) {\n // Signature has been made in detached mode.\n content = msg.detachedContent;\n } else {\n // Note: ContentInfo is a SEQUENCE with 2 values, second value is\n // the content field and is optional for a ContentInfo but required here\n // since signers are present\n // get ContentInfo content\n content = msg.contentInfo.value[1];\n // skip [0] EXPLICIT content wrapper\n content = content.value[0];\n }\n\n if(!content) {\n throw new Error(\n 'Could not sign PKCS#7 message; there is no content to sign.');\n }\n\n // get ContentInfo content type\n var contentType = asn1.derToOid(msg.contentInfo.value[0].value);\n\n // serialize content\n var bytes = asn1.toDer(content);\n\n // skip identifier and length per RFC 2315 9.3\n // skip identifier (1 byte)\n bytes.getByte();\n // read and discard length bytes\n asn1.getBerValueLength(bytes);\n bytes = bytes.getBytes();\n\n // digest content DER value bytes\n for(var oid in mds) {\n mds[oid].start().update(bytes);\n }\n\n // sign content\n var signingTime = new Date();\n for(var i = 0; i < msg.signers.length; ++i) {\n var signer = msg.signers[i];\n\n if(signer.authenticatedAttributes.length === 0) {\n // if ContentInfo content type is not \"Data\", then\n // authenticatedAttributes must be present per RFC 2315\n if(contentType !== forge.pki.oids.data) {\n throw new Error(\n 'Invalid signer; authenticatedAttributes must be present ' +\n 'when the ContentInfo content type is not PKCS#7 Data.');\n }\n } else {\n // process authenticated attributes\n // [0] IMPLICIT\n signer.authenticatedAttributesAsn1 = asn1.create(\n asn1.Class.CONTEXT_SPECIFIC, 0, true, []);\n\n // per RFC 2315, attributes are to be digested using a SET container\n // not the above [0] IMPLICIT container\n var attrsAsn1 = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.SET, true, []);\n\n for(var ai = 0; ai < signer.authenticatedAttributes.length; ++ai) {\n var attr = signer.authenticatedAttributes[ai];\n if(attr.type === forge.pki.oids.messageDigest) {\n // use content message digest as value\n attr.value = mds[signer.digestAlgorithm].digest();\n } else if(attr.type === forge.pki.oids.signingTime) {\n // auto-populate signing time if not already set\n if(!attr.value) {\n attr.value = signingTime;\n }\n }\n\n // convert to ASN.1 and push onto Attributes SET (for signing) and\n // onto authenticatedAttributesAsn1 to complete SignedData ASN.1\n // TODO: optimize away duplication\n attrsAsn1.value.push(_attributeToAsn1(attr));\n signer.authenticatedAttributesAsn1.value.push(_attributeToAsn1(attr));\n }\n\n // DER-serialize and digest SET OF attributes only\n bytes = asn1.toDer(attrsAsn1).getBytes();\n signer.md.start().update(bytes);\n }\n\n // sign digest\n signer.signature = signer.key.sign(signer.md, 'RSASSA-PKCS1-V1_5');\n }\n\n // add signer info\n msg.signerInfos = _signersToAsn1(msg.signers);\n }\n};\n\n/**\n * Creates an empty PKCS#7 message of type EncryptedData.\n *\n * @return the message.\n */\np7.createEncryptedData = function() {\n var msg = null;\n msg = {\n type: forge.pki.oids.encryptedData,\n version: 0,\n encryptedContent: {\n algorithm: forge.pki.oids['aes256-CBC']\n },\n\n /**\n * Reads an EncryptedData content block (in ASN.1 format)\n *\n * @param obj The ASN.1 representation of the EncryptedData content block\n */\n fromAsn1: function(obj) {\n // Validate EncryptedData content block and capture data.\n _fromAsn1(msg, obj, p7.asn1.encryptedDataValidator);\n },\n\n /**\n * Decrypt encrypted content\n *\n * @param key The (symmetric) key as a byte buffer\n */\n decrypt: function(key) {\n if(key !== undefined) {\n msg.encryptedContent.key = key;\n }\n _decryptContent(msg);\n }\n };\n return msg;\n};\n\n/**\n * Creates an empty PKCS#7 message of type EnvelopedData.\n *\n * @return the message.\n */\np7.createEnvelopedData = function() {\n var msg = null;\n msg = {\n type: forge.pki.oids.envelopedData,\n version: 0,\n recipients: [],\n encryptedContent: {\n algorithm: forge.pki.oids['aes256-CBC']\n },\n\n /**\n * Reads an EnvelopedData content block (in ASN.1 format)\n *\n * @param obj the ASN.1 representation of the EnvelopedData content block.\n */\n fromAsn1: function(obj) {\n // validate EnvelopedData content block and capture data\n var capture = _fromAsn1(msg, obj, p7.asn1.envelopedDataValidator);\n msg.recipients = _recipientsFromAsn1(capture.recipientInfos.value);\n },\n\n toAsn1: function() {\n // ContentInfo\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // ContentType\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(msg.type).getBytes()),\n // [0] EnvelopedData\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // Version\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(msg.version).getBytes()),\n // RecipientInfos\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true,\n _recipientsToAsn1(msg.recipients)),\n // EncryptedContentInfo\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true,\n _encryptedContentToAsn1(msg.encryptedContent))\n ])\n ])\n ]);\n },\n\n /**\n * Find recipient by X.509 certificate's issuer.\n *\n * @param cert the certificate with the issuer to look for.\n *\n * @return the recipient object.\n */\n findRecipient: function(cert) {\n var sAttr = cert.issuer.attributes;\n\n for(var i = 0; i < msg.recipients.length; ++i) {\n var r = msg.recipients[i];\n var rAttr = r.issuer;\n\n if(r.serialNumber !== cert.serialNumber) {\n continue;\n }\n\n if(rAttr.length !== sAttr.length) {\n continue;\n }\n\n var match = true;\n for(var j = 0; j < sAttr.length; ++j) {\n if(rAttr[j].type !== sAttr[j].type ||\n rAttr[j].value !== sAttr[j].value) {\n match = false;\n break;\n }\n }\n\n if(match) {\n return r;\n }\n }\n\n return null;\n },\n\n /**\n * Decrypt enveloped content\n *\n * @param recipient The recipient object related to the private key\n * @param privKey The (RSA) private key object\n */\n decrypt: function(recipient, privKey) {\n if(msg.encryptedContent.key === undefined && recipient !== undefined &&\n privKey !== undefined) {\n switch(recipient.encryptedContent.algorithm) {\n case forge.pki.oids.rsaEncryption:\n case forge.pki.oids.desCBC:\n var key = privKey.decrypt(recipient.encryptedContent.content);\n msg.encryptedContent.key = forge.util.createBuffer(key);\n break;\n\n default:\n throw new Error('Unsupported asymmetric cipher, ' +\n 'OID ' + recipient.encryptedContent.algorithm);\n }\n }\n\n _decryptContent(msg);\n },\n\n /**\n * Add (another) entity to list of recipients.\n *\n * @param cert The certificate of the entity to add.\n */\n addRecipient: function(cert) {\n msg.recipients.push({\n version: 0,\n issuer: cert.issuer.attributes,\n serialNumber: cert.serialNumber,\n encryptedContent: {\n // We simply assume rsaEncryption here, since forge.pki only\n // supports RSA so far. If the PKI module supports other\n // ciphers one day, we need to modify this one as well.\n algorithm: forge.pki.oids.rsaEncryption,\n key: cert.publicKey\n }\n });\n },\n\n /**\n * Encrypt enveloped content.\n *\n * This function supports two optional arguments, cipher and key, which\n * can be used to influence symmetric encryption. Unless cipher is\n * provided, the cipher specified in encryptedContent.algorithm is used\n * (defaults to AES-256-CBC). If no key is provided, encryptedContent.key\n * is (re-)used. If that one's not set, a random key will be generated\n * automatically.\n *\n * @param [key] The key to be used for symmetric encryption.\n * @param [cipher] The OID of the symmetric cipher to use.\n */\n encrypt: function(key, cipher) {\n // Part 1: Symmetric encryption\n if(msg.encryptedContent.content === undefined) {\n cipher = cipher || msg.encryptedContent.algorithm;\n key = key || msg.encryptedContent.key;\n\n var keyLen, ivLen, ciphFn;\n switch(cipher) {\n case forge.pki.oids['aes128-CBC']:\n keyLen = 16;\n ivLen = 16;\n ciphFn = forge.aes.createEncryptionCipher;\n break;\n\n case forge.pki.oids['aes192-CBC']:\n keyLen = 24;\n ivLen = 16;\n ciphFn = forge.aes.createEncryptionCipher;\n break;\n\n case forge.pki.oids['aes256-CBC']:\n keyLen = 32;\n ivLen = 16;\n ciphFn = forge.aes.createEncryptionCipher;\n break;\n\n case forge.pki.oids['des-EDE3-CBC']:\n keyLen = 24;\n ivLen = 8;\n ciphFn = forge.des.createEncryptionCipher;\n break;\n\n default:\n throw new Error('Unsupported symmetric cipher, OID ' + cipher);\n }\n\n if(key === undefined) {\n key = forge.util.createBuffer(forge.random.getBytes(keyLen));\n } else if(key.length() != keyLen) {\n throw new Error('Symmetric key has wrong length; ' +\n 'got ' + key.length() + ' bytes, expected ' + keyLen + '.');\n }\n\n // Keep a copy of the key & IV in the object, so the caller can\n // use it for whatever reason.\n msg.encryptedContent.algorithm = cipher;\n msg.encryptedContent.key = key;\n msg.encryptedContent.parameter = forge.util.createBuffer(\n forge.random.getBytes(ivLen));\n\n var ciph = ciphFn(key);\n ciph.start(msg.encryptedContent.parameter.copy());\n ciph.update(msg.content);\n\n // The finish function does PKCS#7 padding by default, therefore\n // no action required by us.\n if(!ciph.finish()) {\n throw new Error('Symmetric encryption failed.');\n }\n\n msg.encryptedContent.content = ciph.output;\n }\n\n // Part 2: asymmetric encryption for each recipient\n for(var i = 0; i < msg.recipients.length; ++i) {\n var recipient = msg.recipients[i];\n\n // Nothing to do, encryption already done.\n if(recipient.encryptedContent.content !== undefined) {\n continue;\n }\n\n switch(recipient.encryptedContent.algorithm) {\n case forge.pki.oids.rsaEncryption:\n recipient.encryptedContent.content =\n recipient.encryptedContent.key.encrypt(\n msg.encryptedContent.key.data);\n break;\n\n default:\n throw new Error('Unsupported asymmetric cipher, OID ' +\n recipient.encryptedContent.algorithm);\n }\n }\n }\n };\n return msg;\n};\n\n/**\n * Converts a single recipient from an ASN.1 object.\n *\n * @param obj the ASN.1 RecipientInfo.\n *\n * @return the recipient object.\n */\nfunction _recipientFromAsn1(obj) {\n // validate EnvelopedData content block and capture data\n var capture = {};\n var errors = [];\n if(!asn1.validate(obj, p7.asn1.recipientInfoValidator, capture, errors)) {\n var error = new Error('Cannot read PKCS#7 RecipientInfo. ' +\n 'ASN.1 object is not an PKCS#7 RecipientInfo.');\n error.errors = errors;\n throw error;\n }\n\n return {\n version: capture.version.charCodeAt(0),\n issuer: forge.pki.RDNAttributesAsArray(capture.issuer),\n serialNumber: forge.util.createBuffer(capture.serial).toHex(),\n encryptedContent: {\n algorithm: asn1.derToOid(capture.encAlgorithm),\n parameter: capture.encParameter ? capture.encParameter.value : undefined,\n content: capture.encKey\n }\n };\n}\n\n/**\n * Converts a single recipient object to an ASN.1 object.\n *\n * @param obj the recipient object.\n *\n * @return the ASN.1 RecipientInfo.\n */\nfunction _recipientToAsn1(obj) {\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // Version\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(obj.version).getBytes()),\n // IssuerAndSerialNumber\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // Name\n forge.pki.distinguishedNameToAsn1({attributes: obj.issuer}),\n // Serial\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n forge.util.hexToBytes(obj.serialNumber))\n ]),\n // KeyEncryptionAlgorithmIdentifier\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // Algorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(obj.encryptedContent.algorithm).getBytes()),\n // Parameter, force NULL, only RSA supported for now.\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n ]),\n // EncryptedKey\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n obj.encryptedContent.content)\n ]);\n}\n\n/**\n * Map a set of RecipientInfo ASN.1 objects to recipient objects.\n *\n * @param infos an array of ASN.1 representations RecipientInfo (i.e. SET OF).\n *\n * @return an array of recipient objects.\n */\nfunction _recipientsFromAsn1(infos) {\n var ret = [];\n for(var i = 0; i < infos.length; ++i) {\n ret.push(_recipientFromAsn1(infos[i]));\n }\n return ret;\n}\n\n/**\n * Map an array of recipient objects to ASN.1 RecipientInfo objects.\n *\n * @param recipients an array of recipientInfo objects.\n *\n * @return an array of ASN.1 RecipientInfos.\n */\nfunction _recipientsToAsn1(recipients) {\n var ret = [];\n for(var i = 0; i < recipients.length; ++i) {\n ret.push(_recipientToAsn1(recipients[i]));\n }\n return ret;\n}\n\n/**\n * Converts a single signer from an ASN.1 object.\n *\n * @param obj the ASN.1 representation of a SignerInfo.\n *\n * @return the signer object.\n */\nfunction _signerFromAsn1(obj) {\n // validate EnvelopedData content block and capture data\n var capture = {};\n var errors = [];\n if(!asn1.validate(obj, p7.asn1.signerInfoValidator, capture, errors)) {\n var error = new Error('Cannot read PKCS#7 SignerInfo. ' +\n 'ASN.1 object is not an PKCS#7 SignerInfo.');\n error.errors = errors;\n throw error;\n }\n\n var rval = {\n version: capture.version.charCodeAt(0),\n issuer: forge.pki.RDNAttributesAsArray(capture.issuer),\n serialNumber: forge.util.createBuffer(capture.serial).toHex(),\n digestAlgorithm: asn1.derToOid(capture.digestAlgorithm),\n signatureAlgorithm: asn1.derToOid(capture.signatureAlgorithm),\n signature: capture.signature,\n authenticatedAttributes: [],\n unauthenticatedAttributes: []\n };\n\n // TODO: convert attributes\n var authenticatedAttributes = capture.authenticatedAttributes || [];\n var unauthenticatedAttributes = capture.unauthenticatedAttributes || [];\n\n return rval;\n}\n\n/**\n * Converts a single signerInfo object to an ASN.1 object.\n *\n * @param obj the signerInfo object.\n *\n * @return the ASN.1 representation of a SignerInfo.\n */\nfunction _signerToAsn1(obj) {\n // SignerInfo\n var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // version\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n asn1.integerToDer(obj.version).getBytes()),\n // issuerAndSerialNumber\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // name\n forge.pki.distinguishedNameToAsn1({attributes: obj.issuer}),\n // serial\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n forge.util.hexToBytes(obj.serialNumber))\n ]),\n // digestAlgorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // algorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(obj.digestAlgorithm).getBytes()),\n // parameters (null)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n ])\n ]);\n\n // authenticatedAttributes (OPTIONAL)\n if(obj.authenticatedAttributesAsn1) {\n // add ASN.1 previously generated during signing\n rval.value.push(obj.authenticatedAttributesAsn1);\n }\n\n // digestEncryptionAlgorithm\n rval.value.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // algorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(obj.signatureAlgorithm).getBytes()),\n // parameters (null)\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n ]));\n\n // encryptedDigest\n rval.value.push(asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, obj.signature));\n\n // unauthenticatedAttributes (OPTIONAL)\n if(obj.unauthenticatedAttributes.length > 0) {\n // [1] IMPLICIT\n var attrsAsn1 = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, []);\n for(var i = 0; i < obj.unauthenticatedAttributes.length; ++i) {\n var attr = obj.unauthenticatedAttributes[i];\n attrsAsn1.values.push(_attributeToAsn1(attr));\n }\n rval.value.push(attrsAsn1);\n }\n\n return rval;\n}\n\n/**\n * Map a set of SignerInfo ASN.1 objects to an array of signer objects.\n *\n * @param signerInfoAsn1s an array of ASN.1 SignerInfos (i.e. SET OF).\n *\n * @return an array of signers objects.\n */\nfunction _signersFromAsn1(signerInfoAsn1s) {\n var ret = [];\n for(var i = 0; i < signerInfoAsn1s.length; ++i) {\n ret.push(_signerFromAsn1(signerInfoAsn1s[i]));\n }\n return ret;\n}\n\n/**\n * Map an array of signer objects to ASN.1 objects.\n *\n * @param signers an array of signer objects.\n *\n * @return an array of ASN.1 SignerInfos.\n */\nfunction _signersToAsn1(signers) {\n var ret = [];\n for(var i = 0; i < signers.length; ++i) {\n ret.push(_signerToAsn1(signers[i]));\n }\n return ret;\n}\n\n/**\n * Convert an attribute object to an ASN.1 Attribute.\n *\n * @param attr the attribute object.\n *\n * @return the ASN.1 Attribute.\n */\nfunction _attributeToAsn1(attr) {\n var value;\n\n // TODO: generalize to support more attributes\n if(attr.type === forge.pki.oids.contentType) {\n value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(attr.value).getBytes());\n } else if(attr.type === forge.pki.oids.messageDigest) {\n value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n attr.value.bytes());\n } else if(attr.type === forge.pki.oids.signingTime) {\n /* Note per RFC 2985: Dates between 1 January 1950 and 31 December 2049\n (inclusive) MUST be encoded as UTCTime. Any dates with year values\n before 1950 or after 2049 MUST be encoded as GeneralizedTime. [Further,]\n UTCTime values MUST be expressed in Greenwich Mean Time (Zulu) and MUST\n include seconds (i.e., times are YYMMDDHHMMSSZ), even where the\n number of seconds is zero. Midnight (GMT) must be represented as\n \"YYMMDD000000Z\". */\n // TODO: make these module-level constants\n var jan_1_1950 = new Date('1950-01-01T00:00:00Z');\n var jan_1_2050 = new Date('2050-01-01T00:00:00Z');\n var date = attr.value;\n if(typeof date === 'string') {\n // try to parse date\n var timestamp = Date.parse(date);\n if(!isNaN(timestamp)) {\n date = new Date(timestamp);\n } else if(date.length === 13) {\n // YYMMDDHHMMSSZ (13 chars for UTCTime)\n date = asn1.utcTimeToDate(date);\n } else {\n // assume generalized time\n date = asn1.generalizedTimeToDate(date);\n }\n }\n\n if(date >= jan_1_1950 && date < jan_1_2050) {\n value = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false,\n asn1.dateToUtcTime(date));\n } else {\n value = asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.GENERALIZEDTIME, false,\n asn1.dateToGeneralizedTime(date));\n }\n }\n\n // TODO: expose as common API call\n // create a RelativeDistinguishedName set\n // each value in the set is an AttributeTypeAndValue first\n // containing the type (an OID) and second the value\n return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // AttributeType\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(attr.type).getBytes()),\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [\n // AttributeValue\n value\n ])\n ]);\n}\n\n/**\n * Map messages encrypted content to ASN.1 objects.\n *\n * @param ec The encryptedContent object of the message.\n *\n * @return ASN.1 representation of the encryptedContent object (SEQUENCE).\n */\nfunction _encryptedContentToAsn1(ec) {\n return [\n // ContentType, always Data for the moment\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(forge.pki.oids.data).getBytes()),\n // ContentEncryptionAlgorithmIdentifier\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n // Algorithm\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n asn1.oidToDer(ec.algorithm).getBytes()),\n // Parameters (IV)\n !ec.parameter ?\n undefined :\n asn1.create(\n asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n ec.parameter.getBytes())\n ]),\n // [0] EncryptedContent\n asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n ec.content.getBytes())\n ])\n ];\n}\n\n/**\n * Reads the \"common part\" of an PKCS#7 content block (in ASN.1 format)\n *\n * This function reads the \"common part\" of the PKCS#7 content blocks\n * EncryptedData and EnvelopedData, i.e. version number and symmetrically\n * encrypted content block.\n *\n * The result of the ASN.1 validate and capture process is returned\n * to allow the caller to extract further data, e.g. the list of recipients\n * in case of a EnvelopedData object.\n *\n * @param msg the PKCS#7 object to read the data to.\n * @param obj the ASN.1 representation of the content block.\n * @param validator the ASN.1 structure validator object to use.\n *\n * @return the value map captured by validator object.\n */\nfunction _fromAsn1(msg, obj, validator) {\n var capture = {};\n var errors = [];\n if(!asn1.validate(obj, validator, capture, errors)) {\n var error = new Error('Cannot read PKCS#7 message. ' +\n 'ASN.1 object is not a supported PKCS#7 message.');\n error.errors = error;\n throw error;\n }\n\n // Check contentType, so far we only support (raw) Data.\n var contentType = asn1.derToOid(capture.contentType);\n if(contentType !== forge.pki.oids.data) {\n throw new Error('Unsupported PKCS#7 message. ' +\n 'Only wrapped ContentType Data supported.');\n }\n\n if(capture.encryptedContent) {\n var content = '';\n if(forge.util.isArray(capture.encryptedContent)) {\n for(var i = 0; i < capture.encryptedContent.length; ++i) {\n if(capture.encryptedContent[i].type !== asn1.Type.OCTETSTRING) {\n throw new Error('Malformed PKCS#7 message, expecting encrypted ' +\n 'content constructed of only OCTET STRING objects.');\n }\n content += capture.encryptedContent[i].value;\n }\n } else {\n content = capture.encryptedContent;\n }\n msg.encryptedContent = {\n algorithm: asn1.derToOid(capture.encAlgorithm),\n parameter: forge.util.createBuffer(capture.encParameter.value),\n content: forge.util.createBuffer(content)\n };\n }\n\n if(capture.content) {\n var content = '';\n if(forge.util.isArray(capture.content)) {\n for(var i = 0; i < capture.content.length; ++i) {\n if(capture.content[i].type !== asn1.Type.OCTETSTRING) {\n throw new Error('Malformed PKCS#7 message, expecting ' +\n 'content constructed of only OCTET STRING objects.');\n }\n content += capture.content[i].value;\n }\n } else {\n content = capture.content;\n }\n msg.content = forge.util.createBuffer(content);\n }\n\n msg.version = capture.version.charCodeAt(0);\n msg.rawCapture = capture;\n\n return capture;\n}\n\n/**\n * Decrypt the symmetrically encrypted content block of the PKCS#7 message.\n *\n * Decryption is skipped in case the PKCS#7 message object already has a\n * (decrypted) content attribute. The algorithm, key and cipher parameters\n * (probably the iv) are taken from the encryptedContent attribute of the\n * message object.\n *\n * @param The PKCS#7 message object.\n */\nfunction _decryptContent(msg) {\n if(msg.encryptedContent.key === undefined) {\n throw new Error('Symmetric key not available.');\n }\n\n if(msg.content === undefined) {\n var ciph;\n\n switch(msg.encryptedContent.algorithm) {\n case forge.pki.oids['aes128-CBC']:\n case forge.pki.oids['aes192-CBC']:\n case forge.pki.oids['aes256-CBC']:\n ciph = forge.aes.createDecryptionCipher(msg.encryptedContent.key);\n break;\n\n case forge.pki.oids['desCBC']:\n case forge.pki.oids['des-EDE3-CBC']:\n ciph = forge.des.createDecryptionCipher(msg.encryptedContent.key);\n break;\n\n default:\n throw new Error('Unsupported symmetric cipher, OID ' +\n msg.encryptedContent.algorithm);\n }\n ciph.start(msg.encryptedContent.parameter);\n ciph.update(msg.encryptedContent.content);\n\n if(!ciph.finish()) {\n throw new Error('Symmetric decryption failed.');\n }\n\n msg.content = ciph.output;\n }\n}\n","/**\n * Functions to output keys in SSH-friendly formats.\n *\n * This is part of the Forge project which may be used under the terms of\n * either the BSD License or the GNU General Public License (GPL) Version 2.\n *\n * See: https://github.com/digitalbazaar/forge/blob/cbebca3780658703d925b61b2caffb1d263a6c1d/LICENSE\n *\n * @author https://github.com/shellac\n */\nvar forge = require('./forge');\nrequire('./aes');\nrequire('./hmac');\nrequire('./md5');\nrequire('./sha1');\nrequire('./util');\n\nvar ssh = module.exports = forge.ssh = forge.ssh || {};\n\n/**\n * Encodes (and optionally encrypts) a private RSA key as a Putty PPK file.\n *\n * @param privateKey the key.\n * @param passphrase a passphrase to protect the key (falsy for no encryption).\n * @param comment a comment to include in the key file.\n *\n * @return the PPK file as a string.\n */\nssh.privateKeyToPutty = function(privateKey, passphrase, comment) {\n comment = comment || '';\n passphrase = passphrase || '';\n var algorithm = 'ssh-rsa';\n var encryptionAlgorithm = (passphrase === '') ? 'none' : 'aes256-cbc';\n\n var ppk = 'PuTTY-User-Key-File-2: ' + algorithm + '\\r\\n';\n ppk += 'Encryption: ' + encryptionAlgorithm + '\\r\\n';\n ppk += 'Comment: ' + comment + '\\r\\n';\n\n // public key into buffer for ppk\n var pubbuffer = forge.util.createBuffer();\n _addStringToBuffer(pubbuffer, algorithm);\n _addBigIntegerToBuffer(pubbuffer, privateKey.e);\n _addBigIntegerToBuffer(pubbuffer, privateKey.n);\n\n // write public key\n var pub = forge.util.encode64(pubbuffer.bytes(), 64);\n var length = Math.floor(pub.length / 66) + 1; // 66 = 64 + \\r\\n\n ppk += 'Public-Lines: ' + length + '\\r\\n';\n ppk += pub;\n\n // private key into a buffer\n var privbuffer = forge.util.createBuffer();\n _addBigIntegerToBuffer(privbuffer, privateKey.d);\n _addBigIntegerToBuffer(privbuffer, privateKey.p);\n _addBigIntegerToBuffer(privbuffer, privateKey.q);\n _addBigIntegerToBuffer(privbuffer, privateKey.qInv);\n\n // optionally encrypt the private key\n var priv;\n if(!passphrase) {\n // use the unencrypted buffer\n priv = forge.util.encode64(privbuffer.bytes(), 64);\n } else {\n // encrypt RSA key using passphrase\n var encLen = privbuffer.length() + 16 - 1;\n encLen -= encLen % 16;\n\n // pad private key with sha1-d data -- needs to be a multiple of 16\n var padding = _sha1(privbuffer.bytes());\n\n padding.truncate(padding.length() - encLen + privbuffer.length());\n privbuffer.putBuffer(padding);\n\n var aeskey = forge.util.createBuffer();\n aeskey.putBuffer(_sha1('\\x00\\x00\\x00\\x00', passphrase));\n aeskey.putBuffer(_sha1('\\x00\\x00\\x00\\x01', passphrase));\n\n // encrypt some bytes using CBC mode\n // key is 40 bytes, so truncate *by* 8 bytes\n var cipher = forge.aes.createEncryptionCipher(aeskey.truncate(8), 'CBC');\n cipher.start(forge.util.createBuffer().fillWithByte(0, 16));\n cipher.update(privbuffer.copy());\n cipher.finish();\n var encrypted = cipher.output;\n\n // Note: this appears to differ from Putty -- is forge wrong, or putty?\n // due to padding we finish as an exact multiple of 16\n encrypted.truncate(16); // all padding\n\n priv = forge.util.encode64(encrypted.bytes(), 64);\n }\n\n // output private key\n length = Math.floor(priv.length / 66) + 1; // 64 + \\r\\n\n ppk += '\\r\\nPrivate-Lines: ' + length + '\\r\\n';\n ppk += priv;\n\n // MAC\n var mackey = _sha1('putty-private-key-file-mac-key', passphrase);\n\n var macbuffer = forge.util.createBuffer();\n _addStringToBuffer(macbuffer, algorithm);\n _addStringToBuffer(macbuffer, encryptionAlgorithm);\n _addStringToBuffer(macbuffer, comment);\n macbuffer.putInt32(pubbuffer.length());\n macbuffer.putBuffer(pubbuffer);\n macbuffer.putInt32(privbuffer.length());\n macbuffer.putBuffer(privbuffer);\n\n var hmac = forge.hmac.create();\n hmac.start('sha1', mackey);\n hmac.update(macbuffer.bytes());\n\n ppk += '\\r\\nPrivate-MAC: ' + hmac.digest().toHex() + '\\r\\n';\n\n return ppk;\n};\n\n/**\n * Encodes a public RSA key as an OpenSSH file.\n *\n * @param key the key.\n * @param comment a comment.\n *\n * @return the public key in OpenSSH format.\n */\nssh.publicKeyToOpenSSH = function(key, comment) {\n var type = 'ssh-rsa';\n comment = comment || '';\n\n var buffer = forge.util.createBuffer();\n _addStringToBuffer(buffer, type);\n _addBigIntegerToBuffer(buffer, key.e);\n _addBigIntegerToBuffer(buffer, key.n);\n\n return type + ' ' + forge.util.encode64(buffer.bytes()) + ' ' + comment;\n};\n\n/**\n * Encodes a private RSA key as an OpenSSH file.\n *\n * @param key the key.\n * @param passphrase a passphrase to protect the key (falsy for no encryption).\n *\n * @return the public key in OpenSSH format.\n */\nssh.privateKeyToOpenSSH = function(privateKey, passphrase) {\n if(!passphrase) {\n return forge.pki.privateKeyToPem(privateKey);\n }\n // OpenSSH private key is just a legacy format, it seems\n return forge.pki.encryptRsaPrivateKey(privateKey, passphrase,\n {legacy: true, algorithm: 'aes128'});\n};\n\n/**\n * Gets the SSH fingerprint for the given public key.\n *\n * @param options the options to use.\n * [md] the message digest object to use (defaults to forge.md.md5).\n * [encoding] an alternative output encoding, such as 'hex'\n * (defaults to none, outputs a byte buffer).\n * [delimiter] the delimiter to use between bytes for 'hex' encoded\n * output, eg: ':' (defaults to none).\n *\n * @return the fingerprint as a byte buffer or other encoding based on options.\n */\nssh.getPublicKeyFingerprint = function(key, options) {\n options = options || {};\n var md = options.md || forge.md.md5.create();\n\n var type = 'ssh-rsa';\n var buffer = forge.util.createBuffer();\n _addStringToBuffer(buffer, type);\n _addBigIntegerToBuffer(buffer, key.e);\n _addBigIntegerToBuffer(buffer, key.n);\n\n // hash public key bytes\n md.start();\n md.update(buffer.getBytes());\n var digest = md.digest();\n if(options.encoding === 'hex') {\n var hex = digest.toHex();\n if(options.delimiter) {\n return hex.match(/.{2}/g).join(options.delimiter);\n }\n return hex;\n } else if(options.encoding === 'binary') {\n return digest.getBytes();\n } else if(options.encoding) {\n throw new Error('Unknown encoding \"' + options.encoding + '\".');\n }\n return digest;\n};\n\n/**\n * Adds len(val) then val to a buffer.\n *\n * @param buffer the buffer to add to.\n * @param val a big integer.\n */\nfunction _addBigIntegerToBuffer(buffer, val) {\n var hexVal = val.toString(16);\n // ensure 2s complement +ve\n if(hexVal[0] >= '8') {\n hexVal = '00' + hexVal;\n }\n var bytes = forge.util.hexToBytes(hexVal);\n buffer.putInt32(bytes.length);\n buffer.putBytes(bytes);\n}\n\n/**\n * Adds len(val) then val to a buffer.\n *\n * @param buffer the buffer to add to.\n * @param val a string.\n */\nfunction _addStringToBuffer(buffer, val) {\n buffer.putInt32(val.length);\n buffer.putString(val);\n}\n\n/**\n * Hashes the arguments into one value using SHA-1.\n *\n * @return the sha1 hash of the provided arguments.\n */\nfunction _sha1() {\n var sha = forge.md.sha1.create();\n var num = arguments.length;\n for (var i = 0; i < num; ++i) {\n sha.update(arguments[i]);\n }\n return sha.digest();\n}\n","/**\n * Node.js module for Forge.\n *\n * @author Dave Longley\n *\n * Copyright 2011-2016 Digital Bazaar, Inc.\n */\nmodule.exports = require('./forge');\nrequire('./aes');\nrequire('./aesCipherSuites');\nrequire('./asn1');\nrequire('./cipher');\nrequire('./des');\nrequire('./ed25519');\nrequire('./hmac');\nrequire('./kem');\nrequire('./log');\nrequire('./md.all');\nrequire('./mgf1');\nrequire('./pbkdf2');\nrequire('./pem');\nrequire('./pkcs1');\nrequire('./pkcs12');\nrequire('./pkcs7');\nrequire('./pki');\nrequire('./prime');\nrequire('./prng');\nrequire('./pss');\nrequire('./random');\nrequire('./rc2');\nrequire('./ssh');\nrequire('./tls');\nrequire('./util');\n","var forge = require('node-forge');\n\n// a hexString is considered negative if it's most significant bit is 1\n// because serial numbers use ones' complement notation\n// this RFC in section 4.1.2.2 requires serial numbers to be positive\n// http://www.ietf.org/rfc/rfc5280.txt\nfunction toPositiveHex(hexString){\n var mostSiginficativeHexAsInt = parseInt(hexString[0], 16);\n if (mostSiginficativeHexAsInt < 8){\n return hexString;\n }\n\n mostSiginficativeHexAsInt -= 8;\n return mostSiginficativeHexAsInt.toString() + hexString.substring(1);\n}\n\nfunction getAlgorithm(key) {\n switch (key) {\n case 'sha256':\n return forge.md.sha256.create();\n default:\n return forge.md.sha1.create();\n }\n}\n\n/**\n *\n * @param {forge.pki.CertificateField[]} attrs Attributes used for subject and issuer.\n * @param {object} options\n * @param {number} [options.days=365] the number of days before expiration\n * @param {number} [options.keySize=1024] the size for the private key in bits\n * @param {object} [options.extensions] additional extensions for the certificate\n * @param {string} [options.algorithm=\"sha1\"] The signature algorithm sha256 or sha1\n * @param {boolean} [options.pkcs7=false] include PKCS#7 as part of the output\n * @param {boolean} [options.clientCertificate=false] generate client cert signed by the original key\n * @param {string} [options.clientCertificateCN=\"John Doe jdoe123\"] client certificate's common name\n * @param {function} [done] Optional callback, if not provided the generation is synchronous\n * @returns\n */\nexports.generate = function generate(attrs, options, done) {\n if (typeof attrs === 'function') {\n done = attrs;\n attrs = undefined;\n } else if (typeof options === 'function') {\n done = options;\n options = {};\n }\n\n options = options || {};\n\n var generatePem = function (keyPair) {\n var cert = forge.pki.createCertificate();\n\n cert.serialNumber = toPositiveHex(forge.util.bytesToHex(forge.random.getBytesSync(9))); // the serial number can be decimal or hex (if preceded by 0x)\n\n cert.validity.notBefore = options.notBeforeDate || new Date();\n\n var notAfter = new Date();\n cert.validity.notAfter = notAfter;\n cert.validity.notAfter.setDate(notAfter.getDate() + (options.days || 365));\n\n attrs = attrs || [{\n name: 'commonName',\n value: 'example.org'\n }, {\n name: 'countryName',\n value: 'US'\n }, {\n shortName: 'ST',\n value: 'Virginia'\n }, {\n name: 'localityName',\n value: 'Blacksburg'\n }, {\n name: 'organizationName',\n value: 'Test'\n }, {\n shortName: 'OU',\n value: 'Test'\n }];\n\n cert.setSubject(attrs);\n cert.setIssuer(attrs);\n\n cert.publicKey = keyPair.publicKey;\n\n cert.setExtensions(options.extensions || [{\n name: 'basicConstraints',\n cA: true\n }, {\n name: 'keyUsage',\n keyCertSign: true,\n digitalSignature: true,\n nonRepudiation: true,\n keyEncipherment: true,\n dataEncipherment: true\n }, {\n name: 'subjectAltName',\n altNames: [{\n type: 6, // URI\n value: 'http://example.org/webid#me'\n }]\n }]);\n\n cert.sign(keyPair.privateKey, getAlgorithm(options && options.algorithm));\n\n const fingerprint = forge.md.sha1\n .create()\n .update(forge.asn1.toDer(forge.pki.certificateToAsn1(cert)).getBytes())\n .digest()\n .toHex()\n .match(/.{2}/g)\n .join(':');\n\n var pem = {\n private: forge.pki.privateKeyToPem(keyPair.privateKey),\n public: forge.pki.publicKeyToPem(keyPair.publicKey),\n cert: forge.pki.certificateToPem(cert),\n fingerprint: fingerprint,\n };\n\n if (options && options.pkcs7) {\n var p7 = forge.pkcs7.createSignedData();\n p7.addCertificate(cert);\n pem.pkcs7 = forge.pkcs7.messageToPem(p7);\n }\n\n if (options && options.clientCertificate) {\n var clientkeys = forge.pki.rsa.generateKeyPair(options.clientCertificateKeySize || 1024);\n var clientcert = forge.pki.createCertificate();\n clientcert.serialNumber = toPositiveHex(forge.util.bytesToHex(forge.random.getBytesSync(9)));\n clientcert.validity.notBefore = new Date();\n clientcert.validity.notAfter = new Date();\n clientcert.validity.notAfter.setFullYear(clientcert.validity.notBefore.getFullYear() + 1);\n\n var clientAttrs = JSON.parse(JSON.stringify(attrs));\n\n for(var i = 0; i < clientAttrs.length; i++) {\n if(clientAttrs[i].name === 'commonName') {\n if( options.clientCertificateCN )\n clientAttrs[i] = { name: 'commonName', value: options.clientCertificateCN };\n else\n clientAttrs[i] = { name: 'commonName', value: 'John Doe jdoe123' };\n }\n }\n\n clientcert.setSubject(clientAttrs);\n\n // Set the issuer to the parent key\n clientcert.setIssuer(attrs);\n\n clientcert.publicKey = clientkeys.publicKey;\n\n // Sign client cert with root cert\n clientcert.sign(keyPair.privateKey);\n\n pem.clientprivate = forge.pki.privateKeyToPem(clientkeys.privateKey);\n pem.clientpublic = forge.pki.publicKeyToPem(clientkeys.publicKey);\n pem.clientcert = forge.pki.certificateToPem(clientcert);\n\n if (options.pkcs7) {\n var clientp7 = forge.pkcs7.createSignedData();\n clientp7.addCertificate(clientcert);\n pem.clientpkcs7 = forge.pkcs7.messageToPem(clientp7);\n }\n }\n\n var caStore = forge.pki.createCaStore();\n caStore.addCertificate(cert);\n\n try {\n forge.pki.verifyCertificateChain(caStore, [cert],\n function (vfd, depth, chain) {\n if (vfd !== true) {\n throw new Error('Certificate could not be verified.');\n }\n return true;\n });\n }\n catch(ex) {\n throw new Error(ex);\n }\n\n return pem;\n };\n\n var keySize = options.keySize || 1024;\n\n if (done) { // async scenario\n return forge.pki.rsa.generateKeyPair({ bits: keySize }, function (err, keyPair) {\n if (err) { return done(err); }\n\n try {\n return done(null, generatePem(keyPair));\n } catch (ex) {\n return done(ex);\n }\n });\n }\n\n var keyPair = options.keyPair ? {\n privateKey: forge.pki.privateKeyFromPem(options.keyPair.privateKey),\n publicKey: forge.pki.publicKeyFromPem(options.keyPair.publicKey)\n } : forge.pki.rsa.generateKeyPair(keySize);\n\n return generatePem(keyPair);\n};\n","/**\n * Error type definitions and interfaces for the BlaizeJS framework\n *\n * This module contains all the type definitions used for error handling\n * across the BlaizeJS framework, including server-side errors, client-side\n * errors, and HTTP response formats.\n */\n\n/**\n * Structure of error responses sent over HTTP\n *\n * This interface defines the JSON format used for all error responses\n * from BlaizeJS servers. It matches the structure returned by BlaizeError.toJSON()\n *\n * @example\n * ```json\n * {\n * \"type\": \"VALIDATION_ERROR\",\n * \"title\": \"Request validation failed\",\n * \"status\": 400,\n * \"correlationId\": \"req_abc123\",\n * \"timestamp\": \"2024-01-15T10:30:00.000Z\",\n * \"details\": {\n * \"fields\": [\"email\", \"password\"]\n * }\n * }\n * ```\n */\nexport interface BlaizeErrorResponse {\n /** Error type from the ErrorType enum */\n type: ErrorType;\n\n /** Human-readable error message */\n title: string;\n\n /** HTTP status code */\n status: number;\n\n /** Correlation ID for request tracing */\n correlationId: string;\n\n /** ISO timestamp when error occurred */\n timestamp: string;\n\n /** Optional error-specific details */\n details?: unknown;\n}\n\n/**\n * Context information for network-related errors\n *\n * Used by client-side error classes to provide additional context\n * about network failures, timeouts, and connection issues.\n */\nexport interface NetworkErrorContext {\n /** The URL that failed */\n url: string;\n\n /** HTTP method being attempted */\n method: string;\n\n /** Correlation ID for tracing */\n correlationId: string;\n\n /** Timeout value if applicable */\n timeout?: number;\n\n /** The original error that caused the network failure */\n originalError: Error;\n\n /** Additional network-specific details */\n networkDetails?: {\n /** Whether this was a connection timeout */\n isTimeout?: boolean;\n\n /** Whether this was a DNS resolution failure */\n isDnsFailure?: boolean;\n\n /** Whether this was a connection refused error */\n isConnectionRefused?: boolean;\n\n /** HTTP status code if received before failure */\n statusCode?: number;\n };\n}\n\n/**\n * Context information for request timeout errors\n *\n * Specialized context for timeout-specific errors with timing information.\n */\nexport interface TimeoutErrorContext {\n /** The URL that timed out */\n url: string;\n\n /** HTTP method being attempted */\n method: string;\n\n /** Correlation ID for tracing */\n correlationId: string;\n\n /** Configured timeout value in milliseconds */\n timeoutMs: number;\n\n /** Actual duration before timeout in milliseconds */\n elapsedMs: number;\n\n /** Type of timeout (request, connection, etc.) */\n timeoutType: 'request' | 'connection' | 'response' | 'idle';\n}\n\n/**\n * Context information for response parsing errors\n *\n * Used when the client receives a response but cannot parse it properly.\n */\nexport interface ParseErrorContext {\n /** The URL that returned unparseable content */\n url: string;\n\n /** HTTP method used */\n method: string;\n\n /** Correlation ID for tracing */\n correlationId: string;\n\n /** HTTP status code received */\n statusCode: number;\n\n /** Content-Type header if available */\n contentType?: string;\n\n /** Expected response format */\n expectedFormat: 'json' | 'text' | 'binary';\n\n /** Sample of the actual response content (truncated for safety) */\n responseSample?: string;\n\n /** The original parsing error */\n originalError: Error;\n}\n\n/**\n * Validation error field details\n *\n * Structure for field-level validation errors with multiple error messages\n * per field.\n */\nexport interface ValidationFieldError {\n /** Field name or path (e.g., \"email\", \"user.profile.name\") */\n field: string;\n\n /** Array of error messages for this field */\n messages: string[];\n\n /** The invalid value that caused the error */\n rejectedValue?: unknown;\n\n /** Expected type or format */\n expectedType?: string;\n}\n\n/**\n * Validation error details structure\n *\n * Used by ValidationError to provide structured information about\n * what fields failed validation and why.\n */\nexport interface ValidationErrorDetails {\n /** Array of field-level errors */\n fields: ValidationFieldError[];\n\n /** Total number of validation errors */\n errorCount: number;\n\n /** The section that failed validation */\n section: 'params' | 'query' | 'body' | 'response';\n\n /** Schema name if available */\n schemaName?: string;\n}\n\n/**\n * All available error types in the BlaizeJS framework\n *\n * This enum provides both compile-time type safety and runtime values\n * for error type identification across server and client packages.\n *\n * @example Type-safe error handling:\n * ```typescript\n * function handleError(errorType: ErrorType) {\n * switch (errorType) {\n * case ErrorType.VALIDATION_ERROR:\n * // Handle validation error\n * break;\n * case ErrorType.NOT_FOUND:\n * // Handle not found error\n * break;\n * // TypeScript ensures all cases are covered\n * }\n * }\n * ```\n */\nexport enum ErrorType {\n // Server-side business logic errors\n /** Request validation failed (400) */\n VALIDATION_ERROR = 'VALIDATION_ERROR',\n\n /** Resource not found (404) */\n NOT_FOUND = 'NOT_FOUND',\n\n /** Authentication required (401) */\n UNAUTHORIZED = 'UNAUTHORIZED',\n\n /** Access forbidden (403) */\n FORBIDDEN = 'FORBIDDEN',\n\n /** Resource conflict (409) */\n CONFLICT = 'CONFLICT',\n\n /** Rate limit exceeded (429) */\n RATE_LIMITED = 'RATE_LIMITED',\n\n /** Internal server error (500) */\n INTERNAL_SERVER_ERROR = 'INTERNAL_SERVER_ERROR',\n\n /** File/Request Too Large (413) */\n PAYLOAD_TOO_LARGE = 'PAYLOAD_TOO_LARGE',\n\n /** Wrong Content Type (415) */\n UNSUPPORTED_MEDIA_TYPE = 'UNSUPPORTED_MEDIA_TYPE',\n\n /** Upload Timeout (408) */\n UPLOAD_TIMEOUT = 'UPLOAD_TIMEOUT',\n\n /** Valid Format Invalid Semantics (422) */\n UNPROCESSABLE_ENTITY = 'UNPROCESSABLE_ENTITY',\n\n // Client-side errors\n /** Network connectivity failure (0) */\n NETWORK_ERROR = 'NETWORK_ERROR',\n\n /** Request or response timeout (0) */\n TIMEOUT_ERROR = 'TIMEOUT_ERROR',\n\n /** Response parsing failure (0) */\n PARSE_ERROR = 'PARSE_ERROR',\n\n /** Generic HTTP error (varies) */\n HTTP_ERROR = 'HTTP_ERROR',\n}\n\n/**\n * Error severity levels for logging and monitoring\n *\n * Provides a way to categorize errors by their impact and urgency.\n */\nexport enum ErrorSeverity {\n /** Low impact, often user errors */\n LOW = 'low',\n\n /** Medium impact, application errors */\n MEDIUM = 'medium',\n\n /** High impact, system errors */\n HIGH = 'high',\n\n /** Critical impact, service disruption */\n CRITICAL = 'critical',\n}\n\n/**\n * Abstract base class for all BlaizeJS errors\n *\n * This class provides the foundation for all error types in the BlaizeJS framework.\n * It extends JavaScript's built-in Error class and adds framework-specific properties\n * for consistent error handling across server and client.\n *\n * @example\n * ```typescript\n * import { ErrorType } from './types';\n *\n * class NotFoundError extends BlaizeError<{ resourceId: string }> {\n * constructor(message = 'Resource not found', details?: { resourceId: string }) {\n * super(ErrorType.NOT_FOUND, message, 404, getCurrentCorrelationId(), details);\n * }\n * }\n * ```\n *\n * @template TDetails - Type for error-specific details object\n */\nexport abstract class BlaizeError<TDetails = unknown> extends Error {\n /**\n * Error type identifier from the ErrorType enum\n * Used for programmatic error handling and client-side error routing\n */\n readonly type: ErrorType;\n\n /**\n * Human-readable error title/message\n * Should be descriptive enough for debugging but safe for end users\n */\n readonly title: string;\n\n /**\n * HTTP status code associated with this error\n * Used by the error boundary to set appropriate response status\n */\n readonly status: number;\n\n /**\n * Correlation ID for request tracing\n * Links this error to the specific request that generated it\n */\n readonly correlationId: string;\n\n /**\n * Timestamp when the error occurred\n * Useful for debugging and log correlation\n */\n readonly timestamp: Date;\n\n /**\n * Additional error-specific details\n * Type-safe error context that varies by error type\n */\n readonly details?: TDetails | undefined;\n\n /**\n * Creates a new BlaizeError instance\n *\n * @param type - Error type from the ErrorType enum\n * @param title - Human-readable error message\n * @param status - HTTP status code\n * @param correlationId - Request correlation ID for tracing\n * @param details - Optional error-specific details\n */\n protected constructor(\n type: ErrorType,\n title: string,\n status: number,\n correlationId: string,\n details?: TDetails | undefined\n ) {\n super(title);\n\n // Set the error name to the class name for better stack traces\n this.name = this.constructor.name;\n\n // Framework-specific properties\n this.type = type;\n this.title = title;\n this.status = status;\n this.correlationId = correlationId;\n this.timestamp = new Date();\n this.details = details;\n\n // Maintain proper prototype chain for instanceof checks\n Object.setPrototypeOf(this, new.target.prototype);\n\n // Capture stack trace if available (V8 feature)\n if (Error.captureStackTrace) {\n Error.captureStackTrace(this, this.constructor);\n }\n }\n\n /**\n * Serializes the error to a plain object suitable for HTTP responses\n *\n * @returns Object representation of the error\n */\n toJSON() {\n const base = {\n type: this.type,\n title: this.title,\n status: this.status,\n correlationId: this.correlationId,\n timestamp: this.timestamp.toISOString(),\n };\n\n // Only include details if they are not undefined\n if (this.details !== undefined) {\n return { ...base, details: this.details };\n }\n\n return base;\n }\n\n /**\n * Returns a string representation of the error\n * Includes correlation ID for easier debugging\n */\n toString(): string {\n return `${this.name}: ${this.title} [${this.correlationId}]`;\n }\n}\n\n/**\n * Interface for payload too large error details\n */\nexport interface PayloadTooLargeErrorDetails {\n fileCount?: number;\n maxFiles?: number;\n filename?: string;\n field?: string;\n contentType?: string;\n currentSize?: number;\n maxSize?: number;\n}\n\n/**\n * Interface for unsupported media type error details\n */\nexport interface UnsupportedMediaTypeErrorDetails {\n receivedMimeType?: string;\n allowedMimeTypes?: string[];\n filename?: string;\n}\n\n/**\n * Interface for authentication error details\n */\nexport interface UnauthorizedErrorDetails {\n /** Reason for authentication failure */\n reason?:\n | 'missing_token'\n | 'invalid_token'\n | 'expired_token'\n | 'malformed_token'\n | 'insufficient_scope'\n | string;\n\n /** Authentication scheme (Bearer, Basic, etc.) */\n authScheme?: string;\n\n /** Authentication realm */\n realm?: string;\n\n /** Detailed error description */\n error_description?: string;\n\n /** Required scopes or permissions */\n requiredScopes?: string[];\n\n /** Login URL for interactive authentication */\n loginUrl?: string;\n\n /** Additional context */\n [key: string]: unknown;\n}\n\n/**\n * Interface for authorization/permission error details\n */\nexport interface ForbiddenErrorDetails {\n /** Required permission or role */\n requiredPermission?: string;\n\n /** User's current permissions */\n userPermissions?: string[];\n\n /** Resource being accessed */\n resource?: string;\n\n /** Action being attempted */\n action?: string;\n\n /** Reason for access denial */\n reason?: 'insufficient_permissions' | 'account_suspended' | 'resource_locked' | string;\n\n /** Additional context */\n [key: string]: unknown;\n}\n\n/**\n * Interface for resource conflict error details\n */\nexport interface ConflictErrorDetails {\n /** Type of conflict */\n conflictType?:\n | 'duplicate_key'\n | 'version_mismatch'\n | 'concurrent_modification'\n | 'business_rule'\n | string;\n\n /** Field that caused the conflict */\n field?: string;\n\n /** Existing value that conflicts */\n existingValue?: unknown;\n\n /** Provided value that conflicts */\n providedValue?: unknown;\n\n /** Resource that has the conflicting value */\n conflictingResource?: string;\n\n /** Current version/etag of the resource */\n currentVersion?: string;\n\n /** Expected version/etag */\n expectedVersion?: string;\n\n /** Suggested resolution */\n resolution?: string;\n\n /** Additional context */\n [key: string]: unknown;\n}\n\n/**\n * Interface for rate limiting error details\n */\nexport interface RateLimitErrorDetails {\n /** Maximum requests allowed in the time window */\n limit?: number;\n\n /** Remaining requests in current window */\n remaining?: number;\n\n /** When the rate limit resets */\n resetTime?: Date;\n\n /** Seconds until the rate limit resets */\n retryAfter?: number;\n\n /** Time window for the rate limit */\n window?: string;\n\n /** Identifier used for rate limiting (IP, user ID, etc.) */\n identifier?: string;\n\n /** Type of rate limit hit */\n limitType?: 'global' | 'per_user' | 'per_ip' | 'per_endpoint' | string;\n\n /** Additional context */\n [key: string]: unknown;\n}\n\n/**\n * Interface for internal server error details\n */\nexport interface InternalServerErrorDetails {\n /** Original error message (for debugging) */\n originalError?: string;\n\n /** Stack trace (for debugging) */\n stackTrace?: string;\n\n /** Component where the error occurred */\n component?: string;\n\n /** Operation being performed */\n operation?: string;\n\n /** Internal error code */\n internalErrorCode?: string;\n\n /** When the error occurred */\n timestamp?: Date;\n\n /** Whether this error should be retryable */\n retryable?: boolean;\n\n /** Additional debugging context */\n [key: string]: unknown;\n}\n\n/**\n * Interface for NotFound error details\n * Provides context about the missing resource\n */\nexport interface NotFoundErrorDetails {\n /** Type of resource that was not found */\n resourceType?: string;\n\n /** ID or identifier of the resource */\n resourceId?: string;\n\n /** Collection or table where the resource was searched */\n collection?: string;\n\n /** Search criteria that was used */\n query?: Record<string, unknown>;\n\n /** Search criteria that was used (for backward compatibility) */\n searchCriteria?: Record<string, unknown>;\n\n /** The path that was attempted */\n path?: string;\n\n /** HTTP method used (for API endpoints) */\n method?: string;\n\n /** The path that was attempted (for backward compatibility) */\n attemptedPath?: string;\n\n /** Parent resource information for nested resources */\n parentResource?: {\n type: string;\n id: string;\n };\n\n /** Helpful suggestion for the user */\n suggestion?: string;\n\n /** Additional context */\n [key: string]: unknown;\n}\n\n// TODO: This can potentiall be removed\n/**\n * Interface for body parsing errors stored in context state\n */\nexport interface BodyParseError {\n /**\n * Type of parsing error that occurred\n */\n readonly type:\n | 'json_parse_error'\n | 'form_parse_error'\n | 'multipart_parse_error'\n | 'body_read_error';\n\n /**\n * Human-readable error message\n */\n readonly message: string;\n\n /**\n * Original error object or details\n */\n readonly error: unknown;\n}\n\n/**\n * Type guard to check if an object is a BodyParseError\n */\nexport function isBodyParseError(error: unknown): error is BodyParseError {\n return (\n typeof error === 'object' &&\n error !== null &&\n 'type' in error &&\n 'message' in error &&\n 'error' in error &&\n typeof (error as any).type === 'string' &&\n typeof (error as any).message === 'string'\n );\n}\n\n/**\n * Context information for error transformation\n */\nexport interface ErrorTransformContext {\n url: string;\n method: string;\n correlationId: string;\n timeoutMs?: number;\n elapsedMs?: number;\n statusCode?: number;\n contentType?: string;\n responseSample?: string;\n [key: string]: unknown;\n}\n","/**\n * Correlation ID system for request tracing across async operations\n *\n * This module provides utilities for generating, storing, and accessing\n * correlation IDs that follow requests through the entire application stack.\n * Uses AsyncLocalStorage for automatic context propagation.\n */\n\nimport { AsyncLocalStorage } from 'node:async_hooks';\n\n/**\n * AsyncLocalStorage instance for storing correlation IDs\n * Separate from the main context storage to allow independent lifecycle management\n */\nconst correlationStorage = new AsyncLocalStorage<string>();\n\n/**\n * Generates a new unique correlation ID\n *\n * Format: req_[timestamp_base36]_[random_base36]\n * Example: req_k3x2m1_9z8y7w6v\n *\n * @returns A unique correlation ID string\n */\nexport function generateCorrelationId(): string {\n const timestamp = Date.now().toString(36); // Base36 encoded timestamp\n const random = Math.random().toString(36).substr(2, 9); // Base36 random string\n return `req_${timestamp}_${random}`;\n}\n\n/**\n * Gets the current correlation ID from AsyncLocalStorage\n *\n * @returns The current correlation ID, or 'unknown' if none is set\n */\nexport function getCurrentCorrelationId(): string {\n const stored = correlationStorage.getStore();\n return stored && stored.trim() ? stored : 'unknown';\n}\n\n/**\n * Sets the correlation ID in the current AsyncLocalStorage context\n *\n * This will affect the current execution context and any subsequent\n * async operations that inherit from it.\n *\n * @param correlationId - The correlation ID to set\n */\nexport function setCorrelationId(correlationId: string): void {\n correlationStorage.enterWith(correlationId);\n}\n\n/**\n * Runs a function with a specific correlation ID\n *\n * Creates a new AsyncLocalStorage context with the provided correlation ID.\n * The correlation ID will be available to the function and any async operations\n * it spawns, but will not affect the parent context.\n *\n * @param correlationId - The correlation ID to use for this context\n * @param fn - The function to run with the correlation ID\n * @returns The result of the function\n *\n * @example\n * ```typescript\n * const result = await withCorrelationId('req_123', async () => {\n * console.log(getCurrentCorrelationId()); // 'req_123'\n * return await processRequest();\n * });\n * ```\n */\nexport function withCorrelationId<T>(\n correlationId: string,\n fn: () => T | Promise<T>\n): T | Promise<T> {\n return correlationStorage.run(correlationId, fn);\n}\n\n/**\n * Extracts correlation ID from headers or generates a new one\n *\n * Looks for the 'x-correlation-id' header and uses it if present.\n * If not found, empty, or undefined, generates a new correlation ID.\n *\n * @param headers - HTTP headers object\n * @returns A correlation ID (either from headers or newly generated)\n *\n * @example\n * ```typescript\n * // From incoming request headers\n * const correlationId = getOrGenerateCorrelationId(request.headers);\n *\n * // Use in request processing\n * await withCorrelationId(correlationId, async () => {\n * // Process request with correlation tracking\n * });\n * ```\n */\nexport function getOrGenerateCorrelationId(headers: Record<string, string | undefined>): string {\n const headerCorrelationId = headers['x-correlation-id'];\n\n // Use header value if it exists and is not empty\n if (headerCorrelationId && headerCorrelationId.trim()) {\n return headerCorrelationId;\n }\n\n // Generate new correlation ID if header is missing or empty\n return generateCorrelationId();\n}\n\n/**\n * Creates a middleware function for setting correlation ID from request headers\n *\n * This is a utility for integrating correlation ID handling into the middleware stack.\n * It extracts or generates a correlation ID and sets it for the request processing.\n *\n * @returns Middleware function that sets correlation ID\n *\n * @example\n * ```typescript\n * import { createServer } from 'blaizejs';\n * import { createCorrelationMiddleware } from './correlation';\n *\n * const server = createServer({\n * middleware: [\n * createCorrelationMiddleware(),\n * // ... other middleware\n * ]\n * });\n * ```\n */\nexport function createCorrelationMiddleware() {\n return {\n name: 'correlation',\n execute: async (context: any, next: () => Promise<void>) => {\n // Extract headers from context (adapting to BlaizeJS context structure)\n const headers = context.request.headers();\n const correlationId = getOrGenerateCorrelationId(headers);\n\n // Set correlation ID and process request\n await withCorrelationId(correlationId, next);\n },\n debug: () => ({ stage: 'correlation-id-setup' }),\n };\n}\n\n/**\n * Type-safe wrapper for functions that need correlation ID context\n *\n * Ensures that a function always has access to a correlation ID,\n * either from the current context or by generating a new one.\n *\n * @param fn - Function that requires correlation ID context\n * @returns Wrapped function that guarantees correlation ID availability\n */\nexport function withEnsuredCorrelation<T extends any[], R>(\n fn: (...args: T) => R | Promise<R>\n): (...args: T) => R | Promise<R> {\n return (...args: T): R | Promise<R> => {\n const currentCorrelationId = getCurrentCorrelationId();\n\n // If we already have a correlation ID, just run the function\n if (currentCorrelationId !== 'unknown') {\n return fn(...args);\n }\n\n // Generate new correlation ID and run function in that context\n const newCorrelationId = generateCorrelationId();\n return withCorrelationId(newCorrelationId, () => fn(...args));\n };\n}\n\n/**\n * Debugging utility to get correlation storage information\n *\n * @internal This is for debugging purposes only\n */\nexport function _getCorrelationStorageInfo() {\n return {\n hasActiveStore: correlationStorage.getStore() !== undefined,\n currentCorrelationId: correlationStorage.getStore() ?? null,\n };\n}\n","/**\n * InternalServerError class for server-side errors\n *\n * This error is thrown for unexpected server-side errors that are not\n * the client's fault. It provides debugging context while protecting\n * sensitive information in production.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { InternalServerErrorDetails } from '@blaize-types/errors';\n/**\n * Error thrown for internal server errors\n *\n * Automatically sets HTTP status to 500 and provides debugging context.\n * Note: In production, sensitive details should be filtered by error boundary.\n *\n * @example Basic usage:\n * ```typescript\n * throw new InternalServerError('Something went wrong');\n * ```\n *\n * @example With debugging details:\n * ```typescript\n * throw new InternalServerError('Database error', {\n * originalError: error.message,\n * component: 'user-service',\n * operation: 'createUser',\n * retryable: true\n * });\n * ```\n *\n * @example Wrapping an existing error:\n * ```typescript\n * try {\n * await database.connect();\n * } catch (error) {\n * throw new InternalServerError('Database connection failed', {\n * originalError: error.message,\n * stackTrace: error.stack,\n * component: 'database',\n * retryable: true\n * });\n * }\n * ```\n */\nexport class InternalServerError extends BlaizeError<InternalServerErrorDetails> {\n /**\n * Creates a new InternalServerError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional debugging context\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: InternalServerErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.INTERNAL_SERVER_ERROR,\n title,\n 500, // HTTP 500 Internal Server Error\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","/**\n * ValidationError class for request validation failures\n *\n * This error is thrown when request validation fails (params, query, body, or response).\n * It provides structured information about which fields failed validation and why.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { ValidationErrorDetails } from '@blaize-types/errors';\n\n/**\n * Error thrown when request validation fails\n *\n * Automatically sets HTTP status to 400 and provides structured\n * validation error information for better client debugging.\n *\n * @example Basic usage:\n * ```typescript\n * throw new ValidationError('Email is required');\n * ```\n *\n * @example With detailed field information:\n * ```typescript\n * throw new ValidationError('Validation failed', {\n * fields: [\n * {\n * field: 'email',\n * messages: ['Email is required', 'Email must be valid'],\n * rejectedValue: '',\n * expectedType: 'string'\n * }\n * ],\n * errorCount: 1,\n * section: 'body'\n * });\n * ```\n */\nexport class ValidationError extends BlaizeError<ValidationErrorDetails> {\n /**\n * Creates a new ValidationError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional structured validation details\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: ValidationErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.VALIDATION_ERROR,\n title,\n 400, // HTTP 400 Bad Request\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","import { getCurrentCorrelationId } from './correlation';\nimport { BlaizeError, ErrorType } from '../../../blaize-types/src/errors';\n\nimport type { PayloadTooLargeErrorDetails } from '@blaize-types/errors';\n\nexport class PayloadTooLargeError extends BlaizeError<PayloadTooLargeErrorDetails> {\n constructor(\n title: string,\n details?: PayloadTooLargeErrorDetails | undefined,\n correlationId?: string\n ) {\n super(\n ErrorType.PAYLOAD_TOO_LARGE,\n title,\n 413,\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","import { getCurrentCorrelationId } from './correlation';\nimport { BlaizeError, ErrorType } from '../../../blaize-types/src/errors';\n\nexport class UnsupportedMediaTypeError extends BlaizeError {\n constructor(title: string, details?: unknown, correlationId?: string) {\n super(\n ErrorType.UNSUPPORTED_MEDIA_TYPE,\n title,\n 415,\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","/**\n * BlaizeJS Core\n *\n * A blazing-fast, type-safe Node.js framework with file-based routing,\n * powerful middleware, and end-to-end type safety.\n *\n * @package blaizejs\n */\n\nimport { compose } from './middleware/compose';\nimport { create as createMiddleware } from './middleware/create';\nimport { create as createPlugin } from './plugins/create';\nimport {\n createDeleteRoute,\n createGetRoute,\n createHeadRoute,\n createOptionsRoute,\n createPatchRoute,\n createPostRoute,\n createPutRoute,\n} from './router/create';\nimport { create as createServer } from './server/create';\n\n// TODO: ideally this could be import as an npm package, but for now we use a relative path\n// Explicit imports to avoid using values without importing\nexport * from '../../blaize-types/src/index';\n\n// Re-export everything\n// Server module exports\nexport { createServer };\n\n// Router module exports\nexport {\n createDeleteRoute,\n createGetRoute,\n createHeadRoute,\n createOptionsRoute,\n createPatchRoute,\n createPostRoute,\n createPutRoute,\n};\n\n// Middleware module exports\nexport { createMiddleware, compose };\n\n// Plugins module exports\nexport { createPlugin };\n\n// Version information\nexport const VERSION = '0.1.0';\n\n// Namespaced exports with different names to avoid conflicts\nexport const ServerAPI = { createServer };\nexport const RouterAPI = {\n createDeleteRoute,\n createGetRoute,\n createHeadRoute,\n createOptionsRoute,\n createPatchRoute,\n createPostRoute,\n createPutRoute,\n};\nexport const MiddlewareAPI = { createMiddleware, compose };\nexport const PluginsAPI = { createPlugin };\n\n// Server-side error classes\nexport { ValidationError } from './errors/validation-error';\nexport { NotFoundError } from './errors/not-found-error';\nexport { UnauthorizedError } from './errors/unauthorized-error';\nexport { ForbiddenError } from './errors/forbidden-error';\nexport { ConflictError } from './errors/conflict-error';\nexport { RateLimitError } from './errors/rate-limit-error';\nexport { InternalServerError } from './errors/internal-server-error';\nexport { PayloadTooLargeError } from './errors/payload-too-large-error';\nexport { RequestTimeoutError } from './errors/request-timeout-error';\nexport { UnsupportedMediaTypeError } from './errors/unsupported-media-type-error';\nexport { UnprocessableEntityError } from './errors/unprocessable-entity-error';\n\n// Default export\nconst Blaize = {\n // Core functions\n createServer,\n createMiddleware,\n createPlugin,\n\n // Namespaces (using the non-conflicting names)\n Server: ServerAPI,\n Router: RouterAPI,\n Middleware: MiddlewareAPI,\n Plugins: PluginsAPI,\n\n // Constants\n VERSION,\n};\n\nexport { Blaize };\n","import type { Context } from '@blaize-types/context';\nimport type { Middleware, NextFunction } from '@blaize-types/middleware';\n\n/**\n * Execute a single middleware, handling both function and object forms\n */\nexport function execute(\n middleware: Middleware | undefined,\n ctx: Context,\n next: NextFunction\n): Promise<void> {\n // Handle undefined middleware (safety check)\n if (!middleware) {\n return Promise.resolve(next());\n }\n\n // Handle middleware with skip function\n if (middleware.skip && middleware.skip(ctx)) {\n return Promise.resolve(next());\n }\n\n try {\n // Execute middleware\n const result = middleware.execute(ctx, next);\n\n // Handle both Promise and non-Promise returns\n if (result instanceof Promise) {\n // Return the promise directly to allow errors to propagate\n return result;\n } else {\n // Only wrap non-Promise returns\n return Promise.resolve(result);\n }\n } catch (error) {\n // Handle synchronous errors\n return Promise.reject(error);\n }\n}\n","import { execute } from './execute';\n\nimport type { Context } from '@blaize-types/context';\nimport type { Middleware, NextFunction, MiddlewareFunction } from '@blaize-types/middleware';\n\n/**\n * Compose multiple middleware functions into a single middleware function\n */\nexport function compose(middlewareStack: Middleware[]): MiddlewareFunction {\n // No middleware? Return a pass-through function\n if (middlewareStack.length === 0) {\n return async (_, next) => {\n await Promise.resolve(next());\n };\n }\n\n // Return a function that executes the middleware stack\n return async function (ctx: Context, finalHandler: NextFunction): Promise<void> {\n // Keep track of which \"next\" functions have been called\n const called = new Set<number>();\n\n // Create dispatch function to process middleware stack\n const dispatch = async (i: number): Promise<void> => {\n // If we've reached the end of the stack, execute the final handler\n if (i >= middlewareStack.length) {\n // Ensure we're returning a Promise regardless of what finalHandler returns\n return Promise.resolve(finalHandler());\n }\n\n // Get current middleware\n const middleware = middlewareStack[i];\n\n // Create a next function that can only be called once\n const nextDispatch = () => {\n if (called.has(i)) {\n throw new Error('next() called multiple times');\n }\n\n // Mark this middleware's next as called\n called.add(i);\n\n // Move to the next middleware\n return dispatch(i + 1);\n };\n\n // Use the executeMiddleware function we defined\n return execute(middleware, ctx, nextDispatch);\n };\n\n // Start middleware chain execution\n return dispatch(0);\n };\n}\n","import type { Middleware, MiddlewareOptions, MiddlewareFunction } from '@blaize-types/middleware';\n\n/**\n * Create a middleware\n */\nexport function create(handlerOrOptions: MiddlewareFunction | MiddlewareOptions): Middleware {\n // If handlerOrOptions is a function, convert it to our middleware object format\n if (typeof handlerOrOptions === 'function') {\n return {\n name: 'anonymous', // Default name for function middleware\n execute: handlerOrOptions,\n debug: false,\n };\n }\n\n // Otherwise, handle it as middleware options\n const { name = 'anonymous', handler, skip, debug = false } = handlerOrOptions;\n\n // Create base middleware object with required properties\n const middleware: Middleware = {\n name,\n execute: handler,\n debug,\n };\n\n if (skip !== undefined) {\n return {\n ...middleware,\n skip,\n };\n }\n\n return middleware;\n}\n","import type { Plugin, PluginFactory, PluginHooks } from '@blaize-types/plugins';\nimport type { Server } from '@blaize-types/server';\n\n/**\n * Create a plugin with the given name, version, and setup function\n */\nexport function create<T = any>(\n name: string,\n version: string,\n setup: (\n app: Server,\n options: T\n ) => void | Partial<PluginHooks> | Promise<void> | Promise<Partial<PluginHooks>>,\n defaultOptions: Partial<T> = {}\n): PluginFactory<T> {\n // Input validation\n if (!name || typeof name !== 'string') {\n throw new Error('Plugin name must be a non-empty string');\n }\n\n if (!version || typeof version !== 'string') {\n throw new Error('Plugin version must be a non-empty string');\n }\n\n if (typeof setup !== 'function') {\n throw new Error('Plugin setup must be a function');\n }\n\n // Return the factory function\n return function pluginFactory(userOptions?: Partial<T>) {\n // Merge default options with user options\n const mergedOptions = { ...defaultOptions, ...userOptions } as T;\n\n // Create the base plugin object\n const plugin: Plugin = {\n name,\n version,\n\n // The register hook calls the user's setup function\n register: async (app: Server) => {\n const result = await setup(app, mergedOptions);\n\n // If setup returns hooks, merge them into this plugin\n if (result && typeof result === 'object') {\n // Now we explicitly assign to our plugin object\n Object.assign(plugin, result);\n }\n },\n };\n\n return plugin;\n };\n}\n","import { fileURLToPath } from 'node:url';\n\nimport { getRoutesDir } from '../config';\nimport { parseRoutePath } from './discovery/parser';\n\nimport type {\n CreateGetRoute,\n CreatePostRoute,\n CreatePutRoute,\n CreateDeleteRoute,\n CreatePatchRoute,\n CreateHeadRoute,\n CreateOptionsRoute,\n} from '@blaize-types/router';\n\n/**\n * Get the file path of the function that called createXRoute\n */\nfunction getCallerFilePath(): string {\n const originalPrepareStackTrace = Error.prepareStackTrace;\n\n try {\n Error.prepareStackTrace = (_, stack) => stack;\n const stack = new Error().stack as unknown as NodeJS.CallSite[];\n\n // Stack: getCallerFilePath -> createXRoute -> route file\n const callerFrame = stack[3];\n if (!callerFrame || typeof callerFrame.getFileName !== 'function') {\n throw new Error('Unable to determine caller file frame');\n }\n const fileName = callerFrame.getFileName();\n\n if (!fileName) {\n throw new Error('Unable to determine caller file name');\n }\n\n if (fileName.startsWith('file://')) {\n return fileURLToPath(fileName);\n }\n\n return fileName;\n } finally {\n Error.prepareStackTrace = originalPrepareStackTrace;\n }\n}\n\n/**\n * Convert caller file path to route path using existing parsing logic\n */\nfunction getRoutePath(): string {\n const callerPath = getCallerFilePath();\n const routesDir = getRoutesDir();\n\n const parsedRoute = parseRoutePath(callerPath, routesDir);\n console.log(`🔎 Parsed route path: ${parsedRoute.routePath} from file: ${callerPath}`);\n\n return parsedRoute.routePath;\n}\n\n/**\n * Create a GET route\n * SIMPLER FIX: Just pass the config through, TypeScript will handle the types\n */\nexport const createGetRoute: CreateGetRoute = config => {\n validateMethodConfig('GET', config);\n\n const path = getRoutePath();\n\n return {\n GET: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create a POST route\n */\nexport const createPostRoute: CreatePostRoute = config => {\n validateMethodConfig('POST', config);\n\n const path = getRoutePath();\n\n return {\n POST: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create a PUT route\n */\nexport const createPutRoute: CreatePutRoute = config => {\n validateMethodConfig('PUT', config);\n\n const path = getRoutePath();\n\n return {\n PUT: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create a DELETE route\n */\nexport const createDeleteRoute: CreateDeleteRoute = config => {\n validateMethodConfig('DELETE', config);\n\n const path = getRoutePath();\n\n return {\n DELETE: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create a PATCH route\n */\nexport const createPatchRoute: CreatePatchRoute = config => {\n validateMethodConfig('PATCH', config);\n\n const path = getRoutePath();\n\n return {\n PATCH: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create a HEAD route (same signature as GET - no body)\n */\nexport const createHeadRoute: CreateHeadRoute = config => {\n validateMethodConfig('HEAD', config);\n\n const path = getRoutePath();\n\n return {\n HEAD: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Create an OPTIONS route (same signature as GET - no body)\n */\nexport const createOptionsRoute: CreateOptionsRoute = config => {\n validateMethodConfig('OPTIONS', config);\n\n const path = getRoutePath();\n\n return {\n OPTIONS: config as any, // Let TypeScript infer the proper types\n path,\n };\n};\n\n/**\n * Validate a method configuration\n */\nfunction validateMethodConfig(method: string, config: any): void {\n if (!config.handler || typeof config.handler !== 'function') {\n throw new Error(`Handler for method ${method} must be a function`);\n }\n\n if (config.middleware && !Array.isArray(config.middleware)) {\n throw new Error(`Middleware for method ${method} must be an array`);\n }\n\n // Validate schema if provided\n if (config.schema) {\n validateSchema(method, config.schema);\n }\n\n // Method-specific warnings\n switch (method) {\n case 'GET':\n case 'HEAD':\n case 'DELETE':\n if (config.schema?.body) {\n console.warn(`Warning: ${method} requests typically don't have request bodies`);\n }\n break;\n }\n}\n\n/**\n * Validate schema structure\n */\nfunction validateSchema(method: string, schema: any): void {\n const { params, query, body, response } = schema;\n\n // Basic validation - ensure they look like Zod schemas if provided\n if (params && (!params._def || typeof params.parse !== 'function')) {\n throw new Error(`Params schema for ${method} must be a valid Zod schema`);\n }\n\n if (query && (!query._def || typeof query.parse !== 'function')) {\n throw new Error(`Query schema for ${method} must be a valid Zod schema`);\n }\n\n if (body && (!body._def || typeof body.parse !== 'function')) {\n throw new Error(`Body schema for ${method} must be a valid Zod schema`);\n }\n\n if (response && (!response._def || typeof response.parse !== 'function')) {\n throw new Error(`Response schema for ${method} must be a valid Zod schema`);\n }\n}\n","// config/runtime-config.ts\ninterface RuntimeConfig {\n routesDir?: string;\n basePath?: string;\n // Add other runtime configuration as needed\n}\n\n// Internal state - not exported\nlet config: RuntimeConfig = {};\n\n/**\n * Set runtime configuration\n */\nexport function setRuntimeConfig(newConfig: Partial<RuntimeConfig>): void {\n config = { ...config, ...newConfig };\n}\n\n/**\n * Get full runtime configuration\n */\nexport function getRuntimeConfig(): RuntimeConfig {\n return { ...config };\n}\n\n/**\n * Get the configured routes directory\n */\nexport function getRoutesDir(): string {\n if (!config.routesDir) {\n throw new Error('Routes directory not configured. Make sure server is properly initialized.');\n }\n return config.routesDir;\n}\n\n/**\n * Get the configured base path\n */\nexport function getBasePath(): string {\n return config.basePath || '';\n}\n\n/**\n * Clear configuration (useful for testing)\n */\nexport function clearRuntimeConfig(): void {\n config = {};\n}\n","import * as path from 'node:path';\n\nimport type { ParsedRoute } from '@blaize-types/router';\n\n/**\n * Parse a file path into a route path\n * Works consistently across Windows and Unix-like file systems\n */\nexport function parseRoutePath(filePath: string, basePath: string): ParsedRoute {\n // Clean file:// URLs if present\n if (filePath.startsWith('file://')) {\n filePath = filePath.replace('file://', '');\n }\n if (basePath.startsWith('file://')) {\n basePath = basePath.replace('file://', '');\n }\n\n // Convert all backslashes to forward slashes for consistent handling\n const forwardSlashFilePath = filePath.replace(/\\\\/g, '/');\n const forwardSlashBasePath = basePath.replace(/\\\\/g, '/');\n\n // Ensure the base path ends with a slash for proper prefix removal\n const normalizedBasePath = forwardSlashBasePath.endsWith('/')\n ? forwardSlashBasePath\n : `${forwardSlashBasePath}/`;\n\n // Remove the base path to get the relative path\n let relativePath = forwardSlashFilePath;\n if (forwardSlashFilePath.startsWith(normalizedBasePath)) {\n relativePath = forwardSlashFilePath.substring(normalizedBasePath.length);\n } else if (forwardSlashFilePath.startsWith(forwardSlashBasePath)) {\n relativePath = forwardSlashFilePath.substring(forwardSlashBasePath.length);\n // If base path didn't end with a slash but we still matched, ensure relative path doesn't start with a slash\n if (relativePath.startsWith('/')) {\n relativePath = relativePath.substring(1);\n }\n } else {\n // If base path isn't a prefix of file path, use path.relative as a fallback\n // But convert to forward slashes for consistency\n relativePath = path.relative(forwardSlashBasePath, forwardSlashFilePath).replace(/\\\\/g, '/');\n }\n\n // Remove file extension (anything after the last dot)\n relativePath = relativePath.replace(/\\.[^.]+$/, '');\n\n // Split the path into segments\n const segments = relativePath.split('/').filter(Boolean);\n const params: string[] = [];\n\n // Transform file path segments to route path segments\n const routeSegments = segments.map(segment => {\n // Handle dynamic parameters ([param])\n if (segment.startsWith('[') && segment.endsWith(']')) {\n const paramName = segment.slice(1, -1);\n params.push(paramName);\n return `:${paramName}`;\n }\n return segment;\n });\n\n // Create the final route path\n let routePath = routeSegments.length > 0 ? `/${routeSegments.join('/')}` : '/';\n\n // Handle index routes\n if (routePath.endsWith('/index')) {\n routePath = routePath.slice(0, -6) || '/';\n }\n\n return {\n filePath,\n routePath,\n params,\n };\n}\n","import { AsyncLocalStorage } from 'node:async_hooks';\nimport EventEmitter from 'node:events';\n\nimport { setRuntimeConfig } from '../config';\nimport { startServer } from './start';\nimport { registerSignalHandlers, stopServer } from './stop';\nimport { validateServerOptions } from './validation';\nimport { createPluginLifecycleManager } from '../plugins/lifecycle';\nimport { validatePlugin } from '../plugins/validation';\nimport { createRouter } from '../router/router';\n\nimport type { Context } from '@blaize-types/context';\nimport type { Middleware } from '@blaize-types/middleware';\nimport type { Plugin } from '@blaize-types/plugins';\nimport type { Server, ServerOptions, ServerOptionsInput, StopOptions } from '@blaize-types/server';\n\nexport const DEFAULT_OPTIONS: ServerOptions = {\n port: 3000,\n host: 'localhost',\n routesDir: './routes',\n http2: {\n enabled: true,\n },\n middleware: [],\n plugins: [],\n};\n\n/**\n * Creates the configuration options by merging defaults with user-provided options\n */\nfunction createServerOptions(options: ServerOptionsInput = {}): ServerOptions {\n const baseOptions: ServerOptions = { ...DEFAULT_OPTIONS };\n setRuntimeConfig({ routesDir: options.routesDir || baseOptions.routesDir });\n\n return {\n port: options.port ?? baseOptions.port,\n host: options.host ?? baseOptions.host,\n routesDir: options.routesDir ?? baseOptions.routesDir,\n http2: {\n enabled: options.http2?.enabled ?? baseOptions.http2?.enabled,\n keyFile: options.http2?.keyFile ?? baseOptions.http2?.keyFile,\n certFile: options.http2?.certFile ?? baseOptions.http2?.certFile,\n },\n middleware: [...(baseOptions.middleware || []), ...(options.middleware || [])],\n plugins: [...(baseOptions.plugins || []), ...(options.plugins || [])],\n };\n}\n\n/**\n * Creates the server listen method\n */\nfunction createListenMethod(\n serverInstance: Server,\n validatedOptions: ServerOptions,\n initialMiddleware: Middleware[],\n initialPlugins: Plugin[]\n): Server['listen'] {\n return async () => {\n // Initialize middleware and plugins\n await initializeComponents(serverInstance, initialMiddleware, initialPlugins);\n\n // Use the functional manager\n await serverInstance.pluginManager.initializePlugins(serverInstance);\n\n // Start the server\n await startServer(serverInstance, validatedOptions);\n\n await serverInstance.pluginManager.onServerStart(serverInstance, serverInstance.server);\n\n // Setup signal handlers and emit events\n setupServerLifecycle(serverInstance);\n\n return serverInstance;\n };\n}\n\n/**\n * Initializes middleware and plugins\n */\nasync function initializeComponents(\n serverInstance: Server,\n initialMiddleware: Middleware[],\n initialPlugins: Plugin[]\n): Promise<void> {\n // Initialize middleware from options\n for (const mw of initialMiddleware) {\n serverInstance.use(mw);\n }\n\n // Register plugins from options\n for (const p of initialPlugins) {\n await serverInstance.register(p);\n }\n}\n\n/**\n * Sets up server lifecycle (signal handlers, events)\n */\nfunction setupServerLifecycle(serverInstance: Server): void {\n // Register signal handlers for graceful shutdown\n const signalHandlers = registerSignalHandlers(() => serverInstance.close());\n\n // Store handlers to unregister when server closes\n serverInstance._signalHandlers = signalHandlers;\n\n // Emit started event\n serverInstance.events.emit('started');\n}\n\n/**\n * Creates the server close method\n */\nfunction createCloseMethod(serverInstance: Server): Server['close'] {\n return async (stopOptions?: StopOptions) => {\n if (!serverInstance.server) {\n return;\n }\n\n // Prepare options\n const options: StopOptions = { ...stopOptions };\n\n // Unregister signal handlers if they exist\n if (serverInstance._signalHandlers) {\n serverInstance._signalHandlers.unregister();\n delete serverInstance._signalHandlers;\n }\n\n // Call stopServer with the server instance\n await stopServer(serverInstance, options);\n };\n}\n\n/**\n * Creates the server use method for adding middleware\n */\nfunction createUseMethod(serverInstance: Server): Server['use'] {\n return middleware => {\n const middlewareArray = Array.isArray(middleware) ? middleware : [middleware];\n serverInstance.middleware.push(...middlewareArray);\n return serverInstance;\n };\n}\n\n/**\n * Creates the server register method for plugins\n */\nfunction createRegisterMethod(serverInstance: Server): Server['register'] {\n return async plugin => {\n validatePlugin(plugin);\n serverInstance.plugins.push(plugin);\n await plugin.register(serverInstance);\n return serverInstance;\n };\n}\n\n/**\n * Creates a BlaizeJS server instance\n */\nexport function create(options: ServerOptionsInput = {}): Server {\n // Create and validate options\n const mergedOptions = createServerOptions(options);\n\n let validatedOptions: ServerOptions;\n try {\n validatedOptions = validateServerOptions(mergedOptions);\n } catch (error) {\n if (error instanceof Error) {\n throw new Error(`Failed to create server: ${error.message}`);\n }\n throw new Error(`Failed to create server: ${String(error)}`);\n }\n\n // Extract options and prepare initial components\n const { port, host, middleware, plugins } = validatedOptions;\n // TODO: create registries to manage middleware and plugins\n const initialMiddleware = Array.isArray(middleware) ? [...middleware] : [];\n const initialPlugins = Array.isArray(plugins) ? [...plugins] : [];\n\n // Initialize core server components\n const contextStorage = new AsyncLocalStorage<Context>();\n const router = createRouter({\n routesDir: validatedOptions.routesDir,\n watchMode: process.env.NODE_ENV === 'development',\n });\n // Create plugin lifecycle manager\n const pluginManager = createPluginLifecycleManager({\n debug: process.env.NODE_ENV === 'development',\n continueOnError: true,\n });\n const events = new EventEmitter();\n\n // Create server instance with minimal properties\n const serverInstance: Server = {\n server: null as any,\n port,\n host,\n context: contextStorage,\n events,\n plugins: [],\n middleware: [],\n _signalHandlers: { unregister: () => {} },\n use: () => serverInstance,\n register: async () => serverInstance,\n listen: async () => serverInstance,\n close: async () => {},\n router,\n pluginManager,\n };\n\n // Add methods to the server instance\n serverInstance.listen = createListenMethod(\n serverInstance,\n validatedOptions,\n initialMiddleware,\n initialPlugins\n );\n serverInstance.close = createCloseMethod(serverInstance);\n serverInstance.use = createUseMethod(serverInstance);\n serverInstance.register = createRegisterMethod(serverInstance);\n\n return serverInstance;\n}\n","import * as fs from 'node:fs';\nimport * as http from 'node:http';\nimport * as http2 from 'node:http2';\n\nimport { generateDevCertificates } from './dev-certificate';\nimport { createRequestHandler } from './request-handler';\n\nimport type { Server, Http2Options, ServerOptions } from '@blaize-types/server';\n\n// Extract certificate handling to a separate function\nasync function prepareCertificates(\n http2Options: Http2Options\n): Promise<{ keyFile?: string; certFile?: string }> {\n // Not using HTTP/2? No certificates needed\n if (!http2Options.enabled) {\n return {};\n }\n\n const { keyFile, certFile } = http2Options;\n\n // If certificates are missing and in development, generate them\n const isDevMode = process.env.NODE_ENV === 'development';\n const certificatesMissing = !keyFile || !certFile;\n\n if (certificatesMissing && isDevMode) {\n const devCerts = await generateDevCertificates();\n return devCerts;\n }\n\n // If certificates are still missing, throw error\n if (certificatesMissing) {\n throw new Error(\n 'HTTP/2 requires SSL certificates. Provide keyFile and certFile in http2 options. ' +\n 'In development, set NODE_ENV=development to generate them automatically.'\n );\n }\n\n return { keyFile, certFile };\n}\n\n// Create server based on protocol\nfunction createServerInstance(\n isHttp2: boolean,\n certOptions: { keyFile?: string; certFile?: string }\n): http.Server | http2.Http2SecureServer {\n if (!isHttp2) {\n return http.createServer();\n }\n\n // Create HTTP/2 server options\n const http2ServerOptions: http2.SecureServerOptions = {\n allowHTTP1: true, // Allow fallback to HTTP/1.1\n };\n\n // Read certificate files\n try {\n if (certOptions.keyFile) {\n http2ServerOptions.key = fs.readFileSync(certOptions.keyFile);\n }\n if (certOptions.certFile) {\n http2ServerOptions.cert = fs.readFileSync(certOptions.certFile);\n }\n } catch (err) {\n throw new Error(\n `Failed to read certificate files: ${err instanceof Error ? err.message : String(err)}`\n );\n }\n\n return http2.createSecureServer(http2ServerOptions);\n}\n\n// Start listening on the specified port and host\nfunction listenOnPort(\n server: http.Server | http2.Http2SecureServer,\n port: number,\n host: string,\n isHttp2: boolean\n): Promise<void> {\n return new Promise((resolve, reject) => {\n server.listen(port, host, () => {\n const protocol = isHttp2 ? 'https' : 'http';\n const url = `${protocol}://${host}:${port}`;\n console.log(`\n🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥\n\n ⚡ BlaizeJS DEVELOPMENT SERVER HOT AND READY ⚡\n \n 🚀 Server: ${url}\n 🔥 Hot Reload: Enabled\n 🛠️ Mode: Development\n \n Time to build something amazing! 🚀\n\n🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥🔥\n`);\n resolve();\n });\n\n server.on('error', err => {\n console.error('Server error:', err);\n reject(err);\n });\n });\n}\n\nasync function initializePlugins(serverInstance: Server): Promise<void> {\n for (const plugin of serverInstance.plugins) {\n if (typeof plugin.initialize === 'function') {\n await plugin.initialize(serverInstance);\n }\n }\n}\n\n// Main server start function - now with much lower complexity\nexport async function startServer(\n serverInstance: Server,\n serverOptions: ServerOptions\n): Promise<void> {\n // Server already running? Do nothing.\n if (serverInstance.server) {\n return;\n }\n\n try {\n // Get effective port and host\n const port = serverOptions.port;\n const host = serverOptions.host;\n\n // Initialize all registered plugins\n await initializePlugins(serverInstance);\n\n // Determine if using HTTP/2\n const http2Options = serverOptions.http2 || { enabled: true };\n const isHttp2 = !!http2Options.enabled;\n\n // Prepare certificates if needed\n const certOptions = await prepareCertificates(http2Options);\n\n // Update the server options if we generated certificates\n if (serverOptions.http2 && certOptions.keyFile && certOptions.certFile) {\n serverOptions.http2.keyFile = certOptions.keyFile;\n serverOptions.http2.certFile = certOptions.certFile;\n }\n\n // Create the server instance\n const server = createServerInstance(isHttp2, certOptions);\n\n // Store the server in the instance\n serverInstance.server = server;\n\n // Update server instance properties\n serverInstance.port = port;\n serverInstance.host = host;\n\n // Configure request handling\n const requestHandler = createRequestHandler(serverInstance);\n server.on('request', requestHandler);\n\n // Start listening\n await listenOnPort(server, port, host, isHttp2);\n } catch (error) {\n console.error('Failed to start server:', error);\n throw error;\n }\n}\n","import * as fs from 'node:fs';\nimport * as path from 'node:path';\n\nimport * as selfsigned from 'selfsigned';\n\nexport interface DevCertificates {\n keyFile: string;\n certFile: string;\n}\n\nexport async function generateDevCertificates(): Promise<DevCertificates> {\n const certDir = path.join(process.cwd(), '.blaizejs', 'certs');\n const keyPath = path.join(certDir, 'dev.key');\n const certPath = path.join(certDir, 'dev.cert');\n \n // Check if certificates already exist\n if (fs.existsSync(keyPath) && fs.existsSync(certPath)) {\n return {\n keyFile: keyPath,\n certFile: certPath\n };\n }\n \n // Create directory if it doesn't exist\n if (!fs.existsSync(certDir)) {\n fs.mkdirSync(certDir, { recursive: true });\n }\n \n // Generate self-signed certificate\n const attrs = [{ name: 'commonName', value: 'localhost' }];\n const options = {\n days: 365,\n algorithm: 'sha256',\n keySize: 2048,\n extensions: [\n { name: 'basicConstraints', cA: true },\n {\n name: 'keyUsage',\n keyCertSign: true,\n digitalSignature: true,\n nonRepudiation: true,\n keyEncipherment: true,\n dataEncipherment: true\n },\n {\n name: 'extKeyUsage',\n serverAuth: true,\n clientAuth: true\n },\n {\n name: 'subjectAltName',\n altNames: [\n { type: 2, value: 'localhost' },\n { type: 7, ip: '127.0.0.1' }\n ]\n }\n ]\n };\n \n // Generate the certificates\n const pems = selfsigned.generate(attrs, options);\n \n // Write the key and certificate to files\n fs.writeFileSync(keyPath, Buffer.from(pems.private, 'utf-8'));\n fs.writeFileSync(certPath, Buffer.from(pems.cert, 'utf-8'));\n \n console.log(`\\n🔒 Generated self-signed certificates for development at ${certDir}\\n`);\n \n return {\n keyFile: keyPath,\n certFile: certPath\n };\n}","export class ResponseSentError extends Error {\n constructor(message: string = '❌ Response has already been sent') {\n super(message);\n this.name = 'ResponseSentError';\n }\n}\n\nexport class ResponseSentHeaderError extends ResponseSentError {\n constructor(message: string = 'Cannot set header after response has been sent') {\n super(message);\n }\n}\n\nexport class ResponseSentContentError extends ResponseSentError {\n constructor(message: string = 'Cannot set content type after response has been sent') {\n super(message);\n }\n}\n\nexport class ParseUrlError extends ResponseSentError {\n constructor(message: string = 'Invalide URL') {\n super(message);\n }\n}\n","import { AsyncLocalStorage } from 'node:async_hooks';\n\nimport type { Context, QueryParams, State, UnknownFunction } from '@blaize-types/context';\n\n/**\n * AsyncLocalStorage instance for storing request context\n */\nexport const contextStorage = new AsyncLocalStorage<Context>();\n\n/**\n * Returns the current context from AsyncLocalStorage\n */\nexport function getContext<S extends State = State, TBody = unknown, TQuery = QueryParams>():\n | Context<S, TBody, TQuery>\n | undefined {\n return contextStorage.getStore() as Context<S, TBody, TQuery> | undefined;\n}\n\n/**\n * Wraps a callback function with a context\n */\nexport function runWithContext<T>(\n context: Context,\n callback: () => T | Promise<T>\n): T | Promise<T> {\n return contextStorage.run(context, callback);\n}\n\n/**\n * Middleware function that ensures a context is available in AsyncLocalStorage\n */\nexport async function contextMiddleware(\n context: Context,\n next: () => Promise<void>\n): Promise<void> {\n return runWithContext(context, next);\n}\n\n/**\n * Utility to check if code is running within a context\n */\nexport function hasContext(): boolean {\n return contextStorage.getStore() !== undefined;\n}\n\n/**\n * Creates a function that will run with the current context\n *\n * @param fn The function to bind to the current context\n * @returns A function that will execute with the bound context\n */\nexport function bindContext<TFunction extends UnknownFunction>(fn: TFunction): TFunction {\n const context = getContext();\n if (!context) {\n return fn;\n }\n\n // Using function instead of arrow function to preserve 'this'\n return function (this: unknown, ...args: Parameters<TFunction>): ReturnType<TFunction> {\n return runWithContext(context, () => fn.apply(this, args)) as ReturnType<TFunction>;\n } as TFunction;\n}\n","import { randomUUID } from 'node:crypto';\nimport { createWriteStream, type WriteStream } from 'node:fs';\nimport { tmpdir } from 'node:os';\nimport { join } from 'node:path';\nimport { Readable } from 'node:stream';\n\nimport { extractBoundary, parseContentDisposition, parseContentType } from './utils';\n\nimport type { UnifiedRequest } from '@blaize-types/context';\nimport type { UploadedFile, MultipartData, ParseOptions, ParserState } from '@blaize-types/upload';\n\n// Default options with sensible defaults\nconst DEFAULT_OPTIONS: Required<ParseOptions> = {\n maxFileSize: 10 * 1024 * 1024, // 10MB\n maxFiles: 10,\n maxFieldSize: 1 * 1024 * 1024, // 1MB\n allowedMimeTypes: [],\n allowedExtensions: [],\n strategy: 'stream',\n tempDir: tmpdir(),\n computeHash: false,\n};\n\n/**\n * Create initial parser state\n */\nfunction createParserState(boundary: string, options: Partial<ParseOptions> = {}): ParserState {\n return {\n boundary: Buffer.from(`--${boundary}`),\n options: { ...DEFAULT_OPTIONS, ...options },\n fields: new Map(),\n files: new Map(),\n buffer: Buffer.alloc(0),\n stage: 'boundary',\n currentHeaders: '',\n currentField: null,\n currentFilename: undefined,\n currentMimetype: 'application/octet-stream',\n currentContentLength: 0,\n fileCount: 0,\n fieldCount: 0,\n currentBufferChunks: [],\n currentStream: null,\n currentTempPath: null,\n currentWriteStream: null,\n streamController: null,\n cleanupTasks: [],\n // Track validation state\n hasFoundValidBoundary: false,\n hasProcessedAnyPart: false,\n isFinished: false,\n };\n}\n\n/**\n * Process a chunk of data through the parser state machine\n */\nasync function processChunk(state: ParserState, chunk: Buffer): Promise<ParserState> {\n const newBuffer = Buffer.concat([state.buffer, chunk]);\n let currentState = { ...state, buffer: newBuffer };\n\n // Process buffer until no more progress can be made\n while (currentState.buffer.length > 0 && !currentState.isFinished) {\n const nextState = await processCurrentStage(currentState);\n if (nextState === currentState) break; // No progress made, need more data\n currentState = nextState;\n }\n\n return currentState;\n}\n\n/**\n * Process current stage of parsing\n */\nasync function processCurrentStage(state: ParserState): Promise<ParserState> {\n switch (state.stage) {\n case 'boundary':\n return processBoundary(state);\n case 'headers':\n return processHeaders(state);\n case 'content':\n return processContent(state);\n default: {\n const { InternalServerError } = await import('../errors/internal-server-error');\n throw new InternalServerError(`Invalid parser stage`, {\n operation: state.stage,\n });\n }\n }\n}\n\n/**\n * Process boundary detection\n */\nfunction processBoundary(state: ParserState): ParserState {\n const boundaryIndex = state.buffer.indexOf(state.boundary);\n if (boundaryIndex === -1) return state;\n\n // Mark that we found at least one boundary\n const hasFoundValidBoundary = true;\n\n // Consume boundary and check for end\n let buffer = state.buffer.subarray(boundaryIndex + state.boundary.length);\n\n // Check for end boundary (-- after boundary)\n if (buffer.length >= 2 && buffer.subarray(0, 2).equals(Buffer.from('--'))) {\n return {\n ...state,\n buffer,\n hasFoundValidBoundary,\n isFinished: true,\n stage: 'boundary',\n };\n }\n\n // Skip CRLF after boundary\n if (buffer.length >= 2 && buffer.subarray(0, 2).equals(Buffer.from('\\r\\n'))) {\n buffer = buffer.subarray(2);\n }\n\n return {\n ...state,\n buffer,\n hasFoundValidBoundary,\n stage: 'headers',\n currentHeaders: '',\n };\n}\n\n/**\n * Process headers section\n */\nasync function processHeaders(state: ParserState): Promise<ParserState> {\n const headerEnd = state.buffer.indexOf('\\r\\n\\r\\n');\n if (headerEnd === -1) return state;\n\n const headers = state.buffer.subarray(0, headerEnd).toString('utf8');\n const buffer = state.buffer.subarray(headerEnd + 4);\n\n const disposition = parseContentDisposition(headers);\n if (!disposition) {\n // ✅ HTTP 400 - Bad Request for malformed headers\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError('Missing or invalid Content-Disposition header');\n }\n\n const mimetype = parseContentType(headers);\n const isFile = disposition.filename !== undefined;\n\n // Validation\n if (isFile && state.fileCount >= state.options.maxFiles) {\n const { PayloadTooLargeError } = await import('../errors/payload-too-large-error');\n throw new PayloadTooLargeError('Too many files in upload', {\n fileCount: state.fileCount + 1,\n maxFiles: state.options.maxFiles,\n filename: disposition.filename,\n });\n }\n\n if (\n isFile &&\n state.options.allowedMimeTypes.length > 0 &&\n !state.options.allowedMimeTypes.includes(mimetype)\n ) {\n const { UnsupportedMediaTypeError } = await import('../errors/unsupported-media-type-error');\n throw new UnsupportedMediaTypeError('File type not allowed', {\n receivedMimeType: mimetype,\n allowedMimeTypes: state.options.allowedMimeTypes,\n filename: disposition.filename,\n });\n }\n\n return {\n ...state,\n buffer,\n stage: 'content',\n currentHeaders: headers,\n currentField: disposition.name,\n currentFilename: disposition.filename,\n currentMimetype: mimetype,\n currentContentLength: 0,\n fileCount: isFile ? state.fileCount + 1 : state.fileCount,\n fieldCount: isFile ? state.fieldCount : state.fieldCount + 1,\n currentBufferChunks: [],\n };\n}\n\n/**\n * Process content section\n */\nasync function processContent(state: ParserState): Promise<ParserState> {\n const nextBoundaryIndex = state.buffer.indexOf(state.boundary);\n\n let contentChunk: Buffer;\n let isComplete = false;\n let buffer = state.buffer;\n\n if (nextBoundaryIndex === -1) {\n // No boundary found, process safely\n const safeLength = Math.max(0, state.buffer.length - state.boundary.length);\n if (safeLength === 0) return state; // Need more data\n\n contentChunk = state.buffer.subarray(0, safeLength);\n buffer = state.buffer.subarray(safeLength);\n } else {\n // Found boundary, process content before it (minus CRLF)\n const contentEnd = Math.max(0, nextBoundaryIndex - 2);\n contentChunk = state.buffer.subarray(0, contentEnd);\n buffer = state.buffer.subarray(nextBoundaryIndex);\n isComplete = true;\n }\n\n let updatedState = { ...state, buffer };\n\n if (contentChunk.length > 0) {\n updatedState = await processContentChunk(updatedState, contentChunk);\n }\n\n if (isComplete) {\n updatedState = await finalizeCurrentPart(updatedState);\n updatedState = {\n ...updatedState,\n stage: 'boundary' as const,\n hasProcessedAnyPart: true, // Mark that we've processed at least one part\n };\n }\n\n return updatedState;\n}\n\n/**\n * Process a chunk of content data\n */\nasync function processContentChunk(state: ParserState, chunk: Buffer): Promise<ParserState> {\n const newContentLength = state.currentContentLength + chunk.length;\n\n // Size validation\n const maxSize =\n state.currentFilename !== undefined ? state.options.maxFileSize : state.options.maxFieldSize;\n\n if (newContentLength > maxSize) {\n const isFile = state.currentFilename !== undefined;\n const { PayloadTooLargeError } = await import('../errors/payload-too-large-error');\n const payloadErrorDetals = state.currentField\n ? {\n contentType: isFile ? 'file' : 'field',\n currentSize: newContentLength,\n maxSize,\n field: state.currentField,\n filename: state.currentFilename,\n }\n : {\n contentType: isFile ? 'file' : 'field',\n currentSize: newContentLength,\n maxSize,\n filename: state.currentFilename,\n };\n throw new PayloadTooLargeError(\n `${isFile ? 'File' : 'Field'} size exceeds limit`,\n payloadErrorDetals\n );\n }\n\n if (state.currentFilename !== undefined) {\n return processFileChunk(state, chunk, newContentLength);\n } else {\n return {\n ...state,\n currentContentLength: newContentLength,\n currentBufferChunks: [...state.currentBufferChunks, chunk],\n };\n }\n}\n\n/**\n * Process file chunk based on strategy\n */\nasync function processFileChunk(\n state: ParserState,\n chunk: Buffer,\n newContentLength: number\n): Promise<ParserState> {\n switch (state.options.strategy) {\n case 'memory':\n return {\n ...state,\n currentContentLength: newContentLength,\n currentBufferChunks: [...state.currentBufferChunks, chunk],\n };\n\n case 'stream':\n if (state.streamController) {\n state.streamController.enqueue(chunk);\n }\n return { ...state, currentContentLength: newContentLength };\n\n case 'temp':\n if (state.currentWriteStream) {\n await writeToStream(state.currentWriteStream, chunk);\n }\n return { ...state, currentContentLength: newContentLength };\n\n default: {\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError(`Invalid parsing strategy`);\n // TODO: create new error type to support \"strategy\" + \"supportedStrategies\"\n // throw new ValidationError(`Invalid parsing strategy`, {\n // strategy: state.options.strategy,\n // supportedStrategies: ['memory', 'stream', 'temp'],\n // });\n }\n }\n}\n\n/**\n * Initialize file processing for current part\n */\nasync function initializeFileProcessing(state: ParserState): Promise<ParserState> {\n if (state.currentFilename === undefined) return state;\n\n switch (state.options.strategy) {\n case 'memory':\n return { ...state, currentBufferChunks: [] };\n\n case 'stream': {\n let streamController: ReadableStreamDefaultController<Uint8Array> | null = null;\n const stream = new ReadableStream<Uint8Array>({\n start: controller => {\n streamController = controller;\n },\n });\n\n return {\n ...state,\n currentStream: stream as any, // Type cast for Node.js compatibility\n streamController,\n };\n }\n\n case 'temp': {\n const tempPath = join(state.options.tempDir, `upload-${randomUUID()}`);\n const writeStream = createWriteStream(tempPath);\n const cleanupTask = async () => {\n try {\n const { unlink } = await import('node:fs/promises');\n await unlink(tempPath);\n } catch (error) {\n console.warn(`Failed to cleanup temp file: ${tempPath}`, error);\n }\n };\n\n return {\n ...state,\n currentTempPath: tempPath,\n currentWriteStream: writeStream,\n cleanupTasks: [...state.cleanupTasks, cleanupTask],\n };\n }\n\n default: {\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError(`Invalid file processing strategy`);\n // throw new ValidationError(`Invalid file processing strategy`, {\n // strategy: state.options.strategy,\n // });\n }\n }\n}\n\n/**\n * Finalize current part and add to collections\n */\nasync function finalizeCurrentPart(state: ParserState): Promise<ParserState> {\n if (!state.currentField) return resetCurrentPart(state);\n\n if (state.currentFilename !== undefined) {\n return finalizeFile(state);\n } else {\n return finalizeField(state);\n }\n}\n\n/**\n * Finalize file processing\n */\nasync function finalizeFile(state: ParserState): Promise<ParserState> {\n if (!state.currentField || state.currentFilename === undefined) {\n return resetCurrentPart(state);\n }\n\n let stream: Readable;\n let buffer: Buffer | undefined;\n let tempPath: string | undefined;\n\n switch (state.options.strategy) {\n case 'memory':\n buffer = Buffer.concat(state.currentBufferChunks);\n stream = Readable.from(buffer);\n break;\n\n case 'stream':\n if (state.streamController) {\n state.streamController.close();\n }\n stream = state.currentStream!;\n break;\n\n case 'temp':\n if (state.currentWriteStream) {\n await closeStream(state.currentWriteStream);\n }\n tempPath = state.currentTempPath!;\n stream = Readable.from(Buffer.alloc(0)); // Placeholder\n break;\n\n default: {\n // ✅ HTTP 400 - Bad Request for invalid strategy\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError(`Invalid file finalization strategy`);\n // throw new ValidationError(`Invalid file finalization strategy`, {\n // strategy: state.options.strategy,\n // });\n }\n }\n\n const file: UploadedFile = {\n filename: state.currentFilename,\n fieldname: state.currentField,\n mimetype: state.currentMimetype,\n size: state.currentContentLength,\n stream,\n buffer,\n tempPath,\n };\n\n const updatedFiles = addToCollection(state.files, state.currentField, file);\n\n return {\n ...resetCurrentPart(state),\n files: updatedFiles,\n };\n}\n\n/**\n * Finalize field processing\n */\nfunction finalizeField(state: ParserState): ParserState {\n if (!state.currentField) return resetCurrentPart(state);\n\n const value = Buffer.concat(state.currentBufferChunks).toString('utf8');\n const updatedFields = addToCollection(state.fields, state.currentField, value);\n\n return {\n ...resetCurrentPart(state),\n fields: updatedFields,\n };\n}\n\n/**\n * Reset current part state\n */\nfunction resetCurrentPart(state: ParserState): ParserState {\n return {\n ...state,\n currentField: null,\n currentFilename: undefined,\n currentContentLength: 0,\n currentBufferChunks: [],\n currentStream: null,\n streamController: null,\n currentTempPath: null,\n currentWriteStream: null,\n };\n}\n\n/**\n * Add item to collection immutably\n */\nfunction addToCollection<T>(collection: Map<string, T[]>, key: string, value: T): Map<string, T[]> {\n const newCollection = new Map(collection);\n const existing = newCollection.get(key) || [];\n newCollection.set(key, [...existing, value]);\n return newCollection;\n}\n\n/**\n * Finalize parsing and return results\n */\nasync function finalize(state: ParserState): Promise<MultipartData> {\n // Validate that we found valid multipart data\n if (!state.hasFoundValidBoundary) {\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError('No valid multipart boundary found');\n // throw new ValidationError('No valid multipart boundary found', {\n // errorType: 'invalid_multipart',\n // reason: 'Missing or malformed boundary markers',\n // });`\n }\n\n // If we found boundaries but didn't process any parts, it's empty/invalid\n if (state.hasFoundValidBoundary && !state.hasProcessedAnyPart) {\n const { ValidationError } = await import('../errors/validation-error');\n throw new ValidationError('Empty multipart request');\n // throw new ValidationError('Empty multipart request', {\n // errorType: 'empty_multipart',\n // reason: 'Valid boundaries found but no data parts processed',\n // });\n }\n\n const fields: Record<string, string | string[]> = {};\n for (const [key, values] of state.fields.entries()) {\n fields[key] = values.length === 1 ? values[0]! : values;\n }\n\n const files: Record<string, UploadedFile | UploadedFile[]> = {};\n for (const [key, fileList] of state.files.entries()) {\n files[key] = fileList.length === 1 ? fileList[0]! : fileList;\n }\n\n return { fields, files };\n}\n\n/**\n * Cleanup resources\n */\nasync function cleanup(state: ParserState): Promise<void> {\n // Execute all cleanup tasks\n await Promise.allSettled(state.cleanupTasks.map(task => task()));\n\n // Close any open streams\n if (state.streamController) {\n state.streamController.close();\n }\n\n if (state.currentWriteStream) {\n await closeStream(state.currentWriteStream);\n }\n}\n\n// Helper functions\nasync function writeToStream(stream: WriteStream, chunk: Buffer): Promise<void> {\n return new Promise((resolve, reject) => {\n stream.write(chunk, error => {\n if (error) reject(error);\n else resolve();\n });\n });\n}\n\nasync function closeStream(stream: WriteStream): Promise<void> {\n return new Promise(resolve => {\n stream.end(() => resolve());\n });\n}\n\n/**\n * Main parsing function (functional interface)\n */\nexport async function parseMultipartRequest(\n request: UnifiedRequest,\n options: Partial<ParseOptions> = {}\n): Promise<MultipartData> {\n const contentType = (request.headers['content-type'] as string) || '';\n const boundary = extractBoundary(contentType);\n\n if (!boundary) {\n const { UnsupportedMediaTypeError } = await import('../errors/unsupported-media-type-error');\n throw new UnsupportedMediaTypeError('Missing boundary in multipart content-type', {\n receivedContentType: contentType,\n expectedFormat: 'multipart/form-data; boundary=...',\n });\n }\n\n let state = createParserState(boundary, options);\n\n // Initialize file processing if needed\n if (state.currentFilename !== undefined) {\n state = await initializeFileProcessing(state);\n }\n\n try {\n // Process request stream\n for await (const chunk of request) {\n state = await processChunk(state, chunk as Buffer);\n }\n\n return finalize(state);\n } finally {\n await cleanup(state);\n }\n}\n","// Hoisted regex patterns\nconst BOUNDARY_REGEX = /boundary=([^;]+)/i;\nconst CONTENT_DISPOSITION_REGEX =\n /Content-Disposition:\\s*form-data;\\s*name=\"([^\"]+)\"(?:;[\\s\\r\\n]*filename=\"([^\"]*)\")?/i;\nconst CONTENT_TYPE_REGEX = /Content-Type:\\s*([^\\r\\n]+)/i;\nconst MULTIPART_REGEX = /multipart\\/form-data/i;\n\n/**\n * Extract boundary from Content-Type header\n */\nexport function extractBoundary(contentType: string): string | null {\n const match = contentType.match(BOUNDARY_REGEX);\n if (!match || !match[1]) return null;\n\n let boundary = match[1].trim();\n if (boundary.startsWith('\"') && boundary.endsWith('\"')) {\n boundary = boundary.slice(1, -1);\n }\n\n return boundary || null;\n}\n\n/**\n * Parse Content-Disposition header\n */\nexport function parseContentDisposition(\n headers: string\n): { name: string; filename?: string } | null {\n const match = headers.match(CONTENT_DISPOSITION_REGEX);\n if (!match || !match[1]) return null;\n\n return {\n name: match[1],\n filename: match[2] !== undefined ? match[2] : undefined,\n };\n}\n\n/**\n * Parse Content-Type header\n */\nexport function parseContentType(headers: string): string {\n const match = headers.match(CONTENT_TYPE_REGEX);\n return match && match[1]?.trim() ? match[1].trim() : 'application/octet-stream';\n}\n\n/**\n * Check if content type is multipart\n */\nexport function isMultipartContent(contentType: string): boolean {\n return MULTIPART_REGEX.test(contentType);\n}\n","import {\n ParseUrlError,\n ResponseSentContentError,\n ResponseSentError,\n ResponseSentHeaderError,\n} from './errors';\nimport { hasContext, getContext } from './store';\nimport { parseMultipartRequest } from '../upload/multipart-parser';\nimport { isMultipartContent } from '../upload/utils';\n\nimport type {\n Context,\n ContextOptions,\n MultipartLimits,\n QueryParams,\n RequestParams,\n State,\n StreamOptions,\n UnifiedRequest,\n UnifiedResponse,\n} from '@blaize-types/context';\nimport type { BodyParseError } from '@blaize-types/errors';\n\nconst CONTENT_TYPE_HEADER = 'Content-Type';\n\nconst DEFAULT_BODY_LIMITS = {\n json: 512 * 1024, // 512KB - Most APIs should be much smaller\n form: 1024 * 1024, // 1MB - Reasonable for form submissions\n text: 5 * 1024 * 1024, // 5MB - Documents, logs, code files\n multipart: {\n maxFileSize: 50 * 1024 * 1024, // 50MB per file\n maxTotalSize: 100 * 1024 * 1024, // 100MB total request\n maxFiles: 10,\n maxFieldSize: 1024 * 1024, // 1MB for form fields\n },\n raw: 10 * 1024 * 1024, // 10MB for unknown content types\n};\n\n/**\n * Parse URL and extract path and query parameters using modern URL API\n */\nfunction parseRequestUrl(req: UnifiedRequest): {\n path: string;\n url: URL | null;\n query: QueryParams;\n} {\n const originalUrl = (req as any).url || '/';\n\n // Construct full URL for parsing\n const host = req.headers.host || 'localhost';\n const protocol = req.socket && (req.socket as any).encrypted ? 'https' : 'http';\n const fullUrl = `${protocol}://${host}${originalUrl.startsWith('/') ? '' : '/'}${originalUrl}`;\n try {\n const url = new URL(fullUrl);\n\n // Extract path\n const path = url.pathname;\n\n // Parse query parameters using URLSearchParams\n const query: QueryParams = {};\n url.searchParams.forEach((value, key) => {\n // Handle array parameters (key=value1&key=value2)\n if (query[key] !== undefined) {\n if (Array.isArray(query[key])) {\n (query[key] as string[]).push(value);\n } else {\n query[key] = [query[key] as string, value];\n }\n } else {\n query[key] = value;\n }\n });\n\n return { path, url, query };\n } catch (error) {\n // Fallback for invalid URLs\n console.warn(`Invalid URL: ${fullUrl}`, error);\n throw new ParseUrlError(`Invalid URL: ${fullUrl}`);\n }\n}\n\n/**\n * Determine if the request is using HTTP/2\n */\nfunction isHttp2Request(req: UnifiedRequest): boolean {\n // Check for HTTP/2 specific properties\n return 'stream' in req || ('httpVersionMajor' in req && (req as any).httpVersionMajor === 2);\n}\n\n/**\n * Get the HTTP protocol (http or https)\n */\nfunction getProtocol(req: UnifiedRequest): string {\n // Check for encrypted socket\n const encrypted = req.socket && (req.socket as any).encrypted;\n // Check for X-Forwarded-Proto header (common in proxy environments)\n const forwardedProto = req.headers['x-forwarded-proto'];\n\n if (forwardedProto) {\n if (Array.isArray(forwardedProto)) {\n // Handle array of header values (uncommon but possible)\n return forwardedProto[0]?.split(',')[0]?.trim() || 'http';\n } else {\n // Handle string header value (typical case)\n return forwardedProto.split(',')[0]?.trim() || 'http';\n }\n }\n\n // Default protocol based on socket encryption\n return encrypted ? 'https' : 'http';\n}\n\n/**\n * Create a new context object for a request/response cycle\n */\nexport async function createContext<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n res: UnifiedResponse,\n options: ContextOptions = {}\n): Promise<Context<State, TBody, TQuery>> {\n // Extract basic request information\n const { path, url, query } = parseRequestUrl(req);\n const method = req.method || 'GET';\n const isHttp2 = isHttp2Request(req);\n const protocol = getProtocol(req);\n\n // Initialize state\n const params: RequestParams = {};\n const state = { ...(options.initialState || {}) };\n\n // Track response status\n const responseState = { sent: false };\n\n // Create the context object with its components\n const ctx: Context<State, TBody, TQuery> = {\n request: createRequestObject<TBody, TQuery>(req, {\n path,\n url,\n query: query as TQuery,\n params,\n method,\n isHttp2,\n protocol,\n }),\n response: {} as Context<State, TBody, TQuery>['response'],\n state,\n };\n\n ctx.response = createResponseObject(res, responseState, ctx);\n\n // Parse body if requested\n if (options.parseBody) {\n await parseBodyIfNeeded(req, ctx, options);\n }\n\n return ctx;\n}\n\n/**\n * Create the request object portion of the context\n */\nfunction createRequestObject<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n info: {\n path: string;\n url: URL | null;\n query: TQuery;\n params: RequestParams;\n method: string;\n isHttp2: boolean;\n protocol: string;\n }\n): Context<State, TBody, TQuery>['request'] {\n return {\n raw: req,\n ...info,\n header: createRequestHeaderGetter(req),\n headers: createRequestHeadersGetter(req),\n body: undefined as unknown as TBody,\n };\n}\n\n/**\n * Create a function to get a single request header\n */\nfunction createRequestHeaderGetter(req: UnifiedRequest) {\n return (name: string): string | undefined => {\n const value = req.headers[name.toLowerCase()];\n if (Array.isArray(value)) {\n return value.join(', ');\n }\n return value || undefined;\n };\n}\n\n/**\n * Create a function to get multiple request headers\n */\nfunction createRequestHeadersGetter(req: UnifiedRequest) {\n const headerGetter = createRequestHeaderGetter(req);\n\n return (names?: string[]): Record<string, string | undefined> => {\n if (names && Array.isArray(names) && names.length > 0) {\n return names.reduce<Record<string, string | undefined>>((acc, name) => {\n acc[name] = headerGetter(name);\n return acc;\n }, {});\n } else {\n return Object.entries(req.headers).reduce<Record<string, string | undefined>>(\n (acc, [key, value]) => {\n acc[key] = Array.isArray(value) ? value.join(', ') : value || undefined;\n return acc;\n },\n {}\n );\n }\n };\n}\n\n/**\n * Create the response object portion of the context\n */\nfunction createResponseObject<S extends State = State, TBody = unknown, TQuery = QueryParams>(\n res: UnifiedResponse,\n responseState: { sent: boolean },\n ctx: Context<S, TBody, TQuery>\n): Context<S, TBody, TQuery>['response'] {\n return {\n raw: res,\n\n get sent() {\n return responseState.sent;\n },\n\n status: createStatusSetter(res, responseState, ctx),\n header: createHeaderSetter(res, responseState, ctx),\n headers: createHeadersSetter(res, responseState, ctx),\n type: createContentTypeSetter(res, responseState, ctx),\n\n json: createJsonResponder(res, responseState),\n text: createTextResponder(res, responseState),\n html: createHtmlResponder(res, responseState),\n redirect: createRedirectResponder(res, responseState),\n stream: createStreamResponder(res, responseState),\n };\n}\n\n/**\n * Create a function to set response status\n */\nfunction createStatusSetter<S extends State = State, TBody = unknown, TQuery = QueryParams>(\n res: UnifiedResponse,\n responseState: { sent: boolean },\n ctx: Context<S, TBody, TQuery>\n) {\n return function statusSetter(code: number): Context['response'] {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n res.statusCode = code;\n return ctx.response;\n };\n}\n\n/**\n * Create a function to set a response header\n */\nfunction createHeaderSetter<S extends State = State, TBody = unknown, TQuery = QueryParams>(\n res: UnifiedResponse,\n responseState: { sent: boolean },\n ctx: Context<S, TBody, TQuery>\n) {\n return function headerSetter(name: string, value: string) {\n if (responseState.sent) {\n throw new ResponseSentHeaderError();\n }\n res.setHeader(name, value);\n return ctx.response;\n };\n}\n\n/**\n * Create a function to set multiple response headers\n */\nfunction createHeadersSetter<S extends State = State, TBody = unknown, TQuery = QueryParams>(\n res: UnifiedResponse,\n responseState: { sent: boolean },\n ctx: Context<S, TBody, TQuery>\n) {\n return function headersSetter(headers: Record<string, string>) {\n if (responseState.sent) {\n throw new ResponseSentHeaderError();\n }\n for (const [name, value] of Object.entries(headers)) {\n res.setHeader(name, value);\n }\n return ctx.response;\n };\n}\n\n/**\n * Create a function to set content type header\n */\nfunction createContentTypeSetter<S extends State = State, TBody = unknown, TQuery = QueryParams>(\n res: UnifiedResponse,\n responseState: { sent: boolean },\n ctx: Context<S, TBody, TQuery>\n) {\n return function typeSetter(type: string) {\n if (responseState.sent) {\n throw new ResponseSentContentError();\n }\n res.setHeader(CONTENT_TYPE_HEADER, type);\n return ctx.response;\n };\n}\n\n/**\n * Create a function to send JSON response\n */\nfunction createJsonResponder(res: UnifiedResponse, responseState: { sent: boolean }) {\n return function jsonResponder(body: unknown, status?: number) {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n\n if (status !== undefined) {\n res.statusCode = status;\n }\n\n res.setHeader(CONTENT_TYPE_HEADER, 'application/json');\n res.end(JSON.stringify(body));\n responseState.sent = true;\n };\n}\n\n/**\n * Create a function to send text response\n */\nfunction createTextResponder(res: UnifiedResponse, responseState: { sent: boolean }) {\n return function textResponder(body: string, status?: number) {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n\n if (status !== undefined) {\n res.statusCode = status;\n }\n\n res.setHeader(CONTENT_TYPE_HEADER, 'text/plain');\n res.end(body);\n responseState.sent = true;\n };\n}\n\n/**\n * Create a function to send HTML response\n */\nfunction createHtmlResponder(res: UnifiedResponse, responseState: { sent: boolean }) {\n return function htmlResponder(body: string, status?: number) {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n\n if (status !== undefined) {\n res.statusCode = status;\n }\n\n res.setHeader(CONTENT_TYPE_HEADER, 'text/html');\n res.end(body);\n responseState.sent = true;\n };\n}\n\n/**\n * Create a function to send redirect response\n */\nfunction createRedirectResponder(res: UnifiedResponse, responseState: { sent: boolean }) {\n return function redirectResponder(url: string, status = 302) {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n\n res.statusCode = status;\n res.setHeader('Location', url);\n res.end();\n responseState.sent = true;\n };\n}\n\n/**\n * Create a function to stream response\n */\nfunction createStreamResponder(res: UnifiedResponse, responseState: { sent: boolean }) {\n return function streamResponder(readable: NodeJS.ReadableStream, options: StreamOptions = {}) {\n if (responseState.sent) {\n throw new ResponseSentError();\n }\n\n if (options.status !== undefined) {\n res.statusCode = options.status;\n }\n\n if (options.contentType) {\n res.setHeader(CONTENT_TYPE_HEADER, options.contentType);\n }\n\n if (options.headers) {\n for (const [name, value] of Object.entries(options.headers)) {\n res.setHeader(name, value);\n }\n }\n\n // Handle streaming\n readable.pipe(res);\n\n // Mark as sent when the stream ends\n readable.on('end', () => {\n responseState.sent = true;\n });\n\n // Handle errors\n readable.on('error', err => {\n console.error('Stream error:', err);\n if (!responseState.sent) {\n res.statusCode = 500;\n res.end('Stream error');\n responseState.sent = true;\n }\n });\n };\n}\n\n/**\n * Parse request body if enabled in options\n */\nasync function parseBodyIfNeeded<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n ctx: Context<State, TBody, TQuery>,\n options: ContextOptions = {}\n): Promise<void> {\n // Skip parsing for methods that typically don't have bodies\n if (shouldSkipParsing(req.method)) {\n return;\n }\n\n const contentType = req.headers['content-type'] || '';\n const contentLength = parseInt(req.headers['content-length'] || '0', 10);\n\n // Skip if no content\n if (contentLength === 0) {\n return;\n }\n\n const limits = {\n json: options.bodyLimits?.json ?? DEFAULT_BODY_LIMITS.json,\n form: options.bodyLimits?.form ?? DEFAULT_BODY_LIMITS.form,\n text: options.bodyLimits?.text ?? DEFAULT_BODY_LIMITS.text,\n raw: options.bodyLimits?.raw ?? DEFAULT_BODY_LIMITS.raw,\n multipart: {\n maxFileSize:\n options.bodyLimits?.multipart?.maxFileSize ?? DEFAULT_BODY_LIMITS.multipart.maxFileSize,\n maxFiles: options.bodyLimits?.multipart?.maxFiles ?? DEFAULT_BODY_LIMITS.multipart.maxFiles,\n maxFieldSize:\n options.bodyLimits?.multipart?.maxFieldSize ?? DEFAULT_BODY_LIMITS.multipart.maxFieldSize,\n maxTotalSize:\n options.bodyLimits?.multipart?.maxTotalSize ?? DEFAULT_BODY_LIMITS.multipart.maxTotalSize,\n },\n };\n\n try {\n // Apply content-type specific size validation\n if (contentType.includes('application/json')) {\n if (contentLength > limits.json) {\n throw new Error(`JSON body too large: ${contentLength} > ${limits.json} bytes`);\n }\n await parseJsonBody(req, ctx);\n } else if (contentType.includes('application/x-www-form-urlencoded')) {\n if (contentLength > limits.form) {\n throw new Error(`Form body too large: ${contentLength} > ${limits.form} bytes`);\n }\n await parseFormUrlEncodedBody(req, ctx);\n } else if (contentType.includes('text/')) {\n if (contentLength > limits.text) {\n throw new Error(`Text body too large: ${contentLength} > ${limits.text} bytes`);\n }\n await parseTextBody(req, ctx);\n } else if (isMultipartContent(contentType)) {\n // Multipart has its own sophisticated size validation\n await parseMultipartBody(req, ctx, limits.multipart);\n } else {\n // Unknown content type - apply raw limit\n if (contentLength > limits.raw) {\n throw new Error(`Request body too large: ${contentLength} > ${limits.raw} bytes`);\n }\n // Don't parse unknown content types, but allow them through\n return;\n }\n } catch (error) {\n const errorType = contentType.includes('multipart')\n ? 'multipart_parse_error'\n : 'body_read_error';\n setBodyError(ctx, errorType, 'Error reading request body', error);\n }\n}\n\n/**\n * Determine if body parsing should be skipped based on HTTP method\n */\nfunction shouldSkipParsing(method?: string): boolean {\n const skipMethods = ['GET', 'HEAD', 'OPTIONS'];\n return skipMethods.includes(method || 'GET');\n}\n\n/**\n * Parse JSON request body\n */\nasync function parseJsonBody<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n ctx: Context<State, TBody, TQuery>\n): Promise<void> {\n const body = await readRequestBody(req);\n\n if (!body) {\n console.warn('Empty body, skipping JSON parsing');\n return;\n }\n\n // Check if the body is actually \"null\" string\n if (body.trim() === 'null') {\n console.warn('Body is the string \"null\"');\n ctx.request.body = null as TBody;\n return;\n }\n\n try {\n const json = JSON.parse(body);\n ctx.request.body = json as TBody;\n } catch (error) {\n ctx.request.body = null as TBody;\n setBodyError(ctx, 'json_parse_error', 'Invalid JSON in request body', error);\n }\n}\n\n/**\n * Parse URL-encoded form data\n */\nasync function parseFormUrlEncodedBody<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n ctx: Context<State, TBody, TQuery>\n): Promise<void> {\n const body = await readRequestBody(req);\n if (!body) return;\n\n try {\n ctx.request.body = parseUrlEncodedData(body) as TBody;\n } catch (error) {\n ctx.request.body = null as TBody;\n setBodyError(ctx, 'form_parse_error', 'Invalid form data in request body', error);\n }\n}\n\n/**\n * Parse URL-encoded data into an object\n */\nfunction parseUrlEncodedData(body: string): Record<string, string | string[]> {\n const params = new URLSearchParams(body);\n const formData: Record<string, string | string[]> = {};\n\n params.forEach((value, key) => {\n if (formData[key] !== undefined) {\n if (Array.isArray(formData[key])) {\n (formData[key] as string[]).push(value);\n } else {\n formData[key] = [formData[key] as string, value];\n }\n } else {\n formData[key] = value;\n }\n });\n\n return formData;\n}\n\n/**\n * Parse plain text body\n */\nasync function parseTextBody<TBody = null, TQuery = QueryParams>(\n req: UnifiedRequest,\n ctx: Context<State, TBody, TQuery>\n): Promise<void> {\n const body = await readRequestBody(req);\n if (body) {\n ctx.request.body = body as TBody;\n }\n}\n\n/**\n * Parse multipart/form-data request body with improved error handling\n */\nasync function parseMultipartBody<TBody = unknown, TQuery = QueryParams>(\n req: UnifiedRequest,\n ctx: Context<State, TBody, TQuery>,\n multipartLimits: MultipartLimits\n): Promise<void> {\n try {\n const limits = multipartLimits || DEFAULT_BODY_LIMITS.multipart;\n const multipartData = await parseMultipartRequest(req, {\n strategy: 'stream',\n maxFileSize: limits.maxFileSize,\n maxFiles: limits.maxFiles,\n maxFieldSize: limits.maxFieldSize,\n // Could add total size validation here\n });\n\n // Extend context with multipart data (type-safe assignments)\n (ctx.request as any).multipart = multipartData;\n (ctx.request as any).files = multipartData.files;\n\n // Set body to fields for backward compatibility with existing form handling\n ctx.request.body = multipartData.fields as TBody;\n } catch (error) {\n ctx.request.body = null as TBody;\n setBodyError(ctx, 'multipart_parse_error', 'Failed to parse multipart data', error);\n }\n}\n\n/**\n * Set body parsing error in context state with proper typing\n */\nfunction setBodyError<TBody = unknown, TQuery = QueryParams>(\n ctx: Context<State, TBody, TQuery>,\n type: BodyParseError['type'],\n message: string,\n error: unknown\n): void {\n const bodyError: BodyParseError = { type, message, error };\n ctx.state._bodyError = bodyError;\n}\n\n/**\n * Read the entire request body as a string\n */\nasync function readRequestBody(req: UnifiedRequest): Promise<string> {\n return new Promise<string>((resolve, reject) => {\n const chunks: Buffer[] = [];\n\n req.on('data', (chunk: Buffer | string) => {\n chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk));\n });\n\n req.on('end', () => {\n resolve(Buffer.concat(chunks).toString('utf8'));\n });\n\n req.on('error', err => {\n reject(err);\n });\n });\n}\n\n/**\n * Get the current context or throw an error if none exists\n */\nexport function getCurrentContext<\n S extends State = State,\n TBody = unknown,\n TQuery = QueryParams,\n>(): Context<S, TBody, TQuery> {\n const ctx = getContext<S, TBody, TQuery>();\n if (!ctx) {\n throw new Error(\n 'No context found. Ensure this function is called within a request handler, ' +\n 'middleware, or function wrapped with runWithContext().'\n );\n }\n return ctx;\n}\n\n/**\n * Check if we're currently in a request context\n */\nexport function isInRequestContext(): boolean {\n return hasContext();\n}\n","/**\n * NotFoundError class for resource not found errors\n *\n * This error is thrown when a requested resource cannot be found.\n * It provides context about what resource was being looked for and how.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { NotFoundErrorDetails } from '@blaize-types/errors';\n/**\n * Error thrown when a requested resource cannot be found\n *\n * Automatically sets HTTP status to 404 and provides context\n * about the missing resource for better debugging and user experience.\n *\n * @example Basic usage:\n * ```typescript\n * throw new NotFoundError('User not found');\n * ```\n *\n * @example With resource context:\n * ```typescript\n * throw new NotFoundError('User not found', {\n * resourceType: 'User',\n * resourceId: 'user-123',\n * suggestion: 'Check if the user ID is correct'\n * });\n * ```\n *\n * @example API endpoint not found:\n * ```typescript\n * throw new NotFoundError('Endpoint not found', {\n * path: '/api/v1/unknown',\n * method: 'GET',\n * suggestion: 'Check the API documentation'\n * });\n * ```\n */\nexport class NotFoundError extends BlaizeError<NotFoundErrorDetails> {\n /**\n * Creates a new NotFoundError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional context about the missing resource\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: NotFoundErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.NOT_FOUND,\n title,\n 404, // HTTP 404 Not Found\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","import { BlaizeError } from '@blaize-types/errors';\n\nimport { generateCorrelationId } from './correlation';\nimport { InternalServerError } from './internal-server-error';\n\nimport type { BlaizeErrorResponse } from '@blaize-types/errors';\n\n/**\n * Checks if an error is a handled BlaizeError instance\n */\nexport function isHandledError(error: unknown): error is BlaizeError {\n return error instanceof BlaizeError;\n}\n\n/**\n * Formats any error into a standardized BlaizeErrorResponse\n */\nexport function formatErrorResponse(error: unknown): BlaizeErrorResponse {\n // Handle BlaizeError instances - they're already properly formatted\n if (isHandledError(error)) {\n return {\n type: error.type,\n title: error.title,\n status: error.status,\n correlationId: error.correlationId,\n timestamp: error.timestamp.toISOString(),\n details: error.details,\n };\n }\n\n // Handle unexpected errors by wrapping them in InternalServerError\n const correlationId = generateCorrelationId();\n let originalMessage: string;\n\n if (error instanceof Error) {\n originalMessage = error.message;\n } else if (error === null || error === undefined) {\n originalMessage = 'Unknown error occurred';\n } else {\n originalMessage = String(error);\n }\n\n // Create InternalServerError for unexpected errors\n const wrappedError = new InternalServerError(\n 'Internal Server Error',\n { originalMessage },\n correlationId\n );\n\n return {\n type: wrappedError.type,\n title: wrappedError.title,\n status: wrappedError.status,\n correlationId: wrappedError.correlationId,\n timestamp: wrappedError.timestamp.toISOString(),\n details: wrappedError.details,\n };\n}\n\n/**\n * Extracts correlation ID from request headers or generates a new one\n */\nexport function extractOrGenerateCorrelationId(\n headerGetter: (name: string) => string | undefined\n): string {\n return headerGetter('x-correlation-id') ?? generateCorrelationId();\n}\n\n/**\n * Sets response headers for error responses\n */\nexport function setErrorResponseHeaders(\n headerSetter: (name: string, value: string) => void,\n correlationId: string\n): void {\n headerSetter('x-correlation-id', correlationId);\n // Add any other standard error headers here if needed\n}\n","import {\n formatErrorResponse,\n extractOrGenerateCorrelationId,\n setErrorResponseHeaders,\n} from '../errors/boundary';\n\nimport type { Context } from '@blaize-types/context';\nimport type { Middleware, MiddlewareFunction, NextFunction } from '@blaize-types/middleware';\n\n/**\n * Options for configuring the error boundary middleware\n */\nexport interface ErrorBoundaryOptions {\n /** Enable debug logging of caught errors */\n debug?: boolean;\n}\n\n/**\n * Creates an error boundary middleware that catches all errors and converts them to proper HTTP responses\n *\n * This middleware should be placed early in the middleware chain to catch all downstream errors.\n * It ensures that:\n * - All BlaizeError instances are properly formatted as HTTP responses\n * - Unexpected errors are wrapped in InternalServerError and logged\n * - Correlation IDs are preserved and added to response headers\n * - No unhandled errors escape the middleware chain\n */\nexport function createErrorBoundary(options: ErrorBoundaryOptions = {}): Middleware {\n const { debug = false } = options;\n\n const middlewareFn: MiddlewareFunction = async (ctx: Context, next: NextFunction) => {\n try {\n await next();\n } catch (error) {\n // Don't handle errors if response was already sent\n if (ctx.response.sent) {\n if (debug) {\n console.error('Error occurred after response was sent:', error);\n }\n return;\n }\n\n // Log error in debug mode\n if (debug) {\n console.error('Error boundary caught error:', error);\n }\n\n // Extract or generate correlation ID from request\n const correlationId = extractOrGenerateCorrelationId(ctx.request.header);\n\n // Format the error as a proper response\n const errorResponse = formatErrorResponse(error);\n\n // Ensure correlation ID is consistent\n errorResponse.correlationId = correlationId;\n\n // Set appropriate response headers\n setErrorResponseHeaders(ctx.response.header, correlationId);\n\n // Send the formatted error response\n ctx.response.status(errorResponse.status).json(errorResponse);\n }\n };\n\n return {\n name: 'ErrorBoundary',\n execute: middlewareFn,\n debug,\n };\n}\n","import { createContext } from '../context/create';\nimport { runWithContext } from '../context/store';\nimport { NotFoundError } from '../errors/not-found-error';\nimport { compose } from '../middleware/compose';\nimport { createErrorBoundary } from '../middleware/error-boundary';\n\nimport type { Server, RequestHandler } from '@blaize-types/server';\n\nexport function createRequestHandler(serverInstance: Server): RequestHandler {\n return async (req, res) => {\n try {\n // Create context for this request\n const context = await createContext(req, res, {\n parseBody: true, // Enable automatic body parsing\n });\n\n // Create error boundary middleware that catches all thrown error classes\n const errorBoundary = createErrorBoundary();\n\n // Compose all middleware with error boundary first (to catch all errors)\n const allMiddleware = [errorBoundary, ...serverInstance.middleware];\n\n // Compose all middleware into a single function\n const handler = compose(allMiddleware);\n\n // Run the request with context in AsyncLocalStorage\n await runWithContext(context, async () => {\n await handler(context, async () => {\n if (!context.response.sent) {\n // Let the router handle the request\n await serverInstance.router.handleRequest(context);\n // If router didn't handle it either, send a 404\n if (!context.response.sent) {\n throw new NotFoundError(\n `Route not found: ${context.request.method} ${context.request.path}`\n );\n }\n }\n });\n });\n } catch (error) {\n // Handle errors in context creation\n console.error('Error creating context:', error);\n res.writeHead(500, { 'Content-Type': 'application/json' });\n res.end(\n JSON.stringify({\n error: 'Internal Server Error',\n message: 'Failed to process request',\n })\n );\n }\n };\n}\n","import type { Server, StopOptions } from '@blaize-types/server';\n\n// Add a global flag to prevent multiple shutdowns\nlet isShuttingDown = false;\n\n// Replace the stopServer function in stop.ts with this version:\n\nexport async function stopServer(serverInstance: Server, options: StopOptions = {}): Promise<void> {\n const server = serverInstance.server;\n const events = serverInstance.events;\n\n if (isShuttingDown) {\n console.log('⚠️ Shutdown already in progress, ignoring duplicate shutdown request');\n return;\n }\n\n if (!server) {\n return;\n }\n\n isShuttingDown = true;\n const timeout = options.timeout || 5000; // Reduced to 5 seconds for faster restarts\n\n try {\n if (options.onStopping) {\n await options.onStopping();\n }\n\n events.emit('stopping');\n\n // Close router watchers with timeout\n if (serverInstance.router && typeof serverInstance.router.close === 'function') {\n console.log('🔌 Closing router watchers...');\n try {\n // Add timeout to router close\n await Promise.race([\n serverInstance.router.close(),\n new Promise((_, reject) =>\n setTimeout(() => reject(new Error('Router close timeout')), 2000)\n ),\n ]);\n console.log('✅ Router watchers closed');\n } catch (error) {\n console.error('❌ Error closing router watchers:', error);\n // Continue with shutdown\n }\n }\n\n // Notify plugins with timeout\n try {\n await Promise.race([\n serverInstance.pluginManager.onServerStop(serverInstance, server),\n new Promise((_, reject) =>\n setTimeout(() => reject(new Error('Plugin stop timeout')), 2000)\n ),\n ]);\n } catch (error) {\n console.error('❌ Plugin stop timeout:', error);\n // Continue with shutdown\n }\n\n // Create server close promise with shorter timeout\n const closePromise = new Promise<void>((resolve, reject) => {\n server.close((err?: Error) => {\n if (err) return reject(err);\n resolve();\n });\n });\n\n const timeoutPromise = new Promise<never>((_, reject) => {\n setTimeout(() => {\n reject(new Error('Server shutdown timeout'));\n }, timeout);\n });\n\n await Promise.race([closePromise, timeoutPromise]);\n\n // Terminate plugins with timeout\n try {\n await Promise.race([\n serverInstance.pluginManager.terminatePlugins(serverInstance),\n new Promise((_, reject) =>\n setTimeout(() => reject(new Error('Plugin terminate timeout')), 1000)\n ),\n ]);\n } catch (error) {\n console.error('❌ Plugin terminate timeout:', error);\n // Continue with shutdown\n }\n\n if (options.onStopped) {\n await options.onStopped();\n }\n\n events.emit('stopped');\n serverInstance.server = null as any;\n\n console.log('✅ Graceful shutdown completed');\n isShuttingDown = false;\n } catch (error) {\n isShuttingDown = false;\n console.error('⚠️ Shutdown error (forcing exit):', error);\n\n // Force close the server if graceful shutdown fails\n if (server && typeof server.close === 'function') {\n server.close();\n }\n\n // In development, force exit to allow tsx to restart\n if (process.env.NODE_ENV === 'development') {\n console.log('🔄 Forcing exit for development restart...');\n process.exit(0);\n }\n\n events.emit('error', error);\n throw error;\n }\n}\n\n/**\n * Register signal handlers for graceful shutdown\n */\nexport function registerSignalHandlers(stopFn: () => Promise<void>): { unregister: () => void } {\n const isDevelopment = process.env.NODE_ENV === 'development';\n\n if (isDevelopment) {\n // Development: Force exit for fast restarts\n const sigintHandler = () => {\n console.log('📤 SIGINT received, forcing exit for development restart...');\n process.exit(0);\n };\n\n const sigtermHandler = () => {\n console.log('📤 SIGTERM received, forcing exit for development restart...');\n process.exit(0);\n };\n\n process.on('SIGINT', sigintHandler);\n process.on('SIGTERM', sigtermHandler);\n\n return {\n unregister: () => {\n process.removeListener('SIGINT', sigintHandler);\n process.removeListener('SIGTERM', sigtermHandler);\n },\n };\n } else {\n // Production: Graceful shutdown\n const sigintHandler = () => {\n console.log('📤 SIGINT received, starting graceful shutdown...');\n stopFn().catch(console.error);\n };\n\n const sigtermHandler = () => {\n console.log('📤 SIGTERM received, starting graceful shutdown...');\n stopFn().catch(console.error);\n };\n\n process.on('SIGINT', sigintHandler);\n process.on('SIGTERM', sigtermHandler);\n\n return {\n unregister: () => {\n process.removeListener('SIGINT', sigintHandler);\n process.removeListener('SIGTERM', sigtermHandler);\n },\n };\n }\n}\n","import { z } from 'zod';\n\nimport type { Middleware } from '@blaize-types/middleware';\nimport type { Plugin } from '@blaize-types/plugins';\nimport type { ServerOptions, ServerOptionsInput } from '@blaize-types/server';\n\n// Create a more flexible validation for the middleware function type\nconst middlewareSchema = z.custom<Middleware>(\n data =>\n data !== null &&\n typeof data === 'object' &&\n 'execute' in data &&\n typeof data.execute === 'function',\n {\n message: 'Expected middleware to have an execute function',\n }\n);\n\n// Create a schema for plugins\nconst pluginSchema = z.custom<Plugin>(\n data =>\n data !== null &&\n typeof data === 'object' &&\n 'register' in data &&\n typeof data.register === 'function',\n {\n message: 'Expected a valid plugin object with a register method',\n }\n);\n\n// Create a schema for HTTP/2 options with conditional validation\nconst http2Schema = z\n .object({\n enabled: z.boolean().optional().default(true),\n keyFile: z.string().optional(),\n certFile: z.string().optional(),\n })\n .refine(\n data => {\n // If HTTP/2 is enabled and not in development mode,\n // both keyFile and certFile must be provided\n if (data.enabled && process.env.NODE_ENV === 'production') {\n return data.keyFile && data.certFile;\n }\n return true;\n },\n {\n message:\n 'When HTTP/2 is enabled (outside of development mode), both keyFile and certFile must be provided',\n }\n );\n\n// Validation schema for server options\nexport const serverOptionsSchema = z.object({\n port: z.number().int().positive().optional().default(3000),\n host: z.string().optional().default('localhost'),\n routesDir: z.string().optional().default('./routes'),\n http2: http2Schema.optional().default({\n enabled: true,\n }),\n middleware: z.array(middlewareSchema).optional().default([]),\n plugins: z.array(pluginSchema).optional().default([]),\n});\n\nexport function validateServerOptions(options: ServerOptionsInput): ServerOptions {\n try {\n return serverOptionsSchema.parse(options);\n } catch (error) {\n // Properly type the error as Zod validation error\n if (error instanceof z.ZodError) {\n // Format the Zod error for better readability\n const formattedError = error.format();\n throw new Error(`Invalid server options: ${JSON.stringify(formattedError, null, 2)}`);\n }\n // For other types of errors\n throw new Error(`Invalid server options: ${String(error)}`);\n }\n}\n","import type { Plugin, PluginLifecycleManager, PluginLifecycleOptions } from '@blaize-types/plugins';\nimport type { Server } from '@blaize-types/server';\n\n/**\n * Create a plugin lifecycle manager\n */\nexport function createPluginLifecycleManager(\n options: PluginLifecycleOptions = {}\n): PluginLifecycleManager {\n const { continueOnError = true, debug = false, onError } = options;\n\n /**\n * Log debug messages if enabled\n */\n function log(message: string, ...args: any[]) {\n if (debug) {\n console.log(`[PluginLifecycle] ${message}`, ...args);\n }\n }\n\n /**\n * Handle plugin errors\n */\n function handleError(plugin: Plugin, phase: string, error: Error) {\n const errorMessage = `Plugin ${plugin.name} failed during ${phase}: ${error.message}`;\n\n if (onError) {\n onError(plugin, phase, error);\n } else {\n console.error(errorMessage, error);\n }\n\n if (!continueOnError) {\n throw new Error(errorMessage);\n }\n }\n\n return {\n /**\n * Initialize all plugins\n */\n async initializePlugins(server: Server): Promise<void> {\n log('Initializing plugins...');\n\n for (const plugin of server.plugins) {\n if (plugin.initialize) {\n try {\n log(`Initializing plugin: ${plugin.name}`);\n await plugin.initialize(server);\n } catch (error) {\n handleError(plugin, 'initialize', error as Error);\n }\n }\n }\n\n log(`Initialized ${server.plugins.length} plugins`);\n },\n\n /**\n * Terminate all plugins in reverse order\n */\n async terminatePlugins(server: Server): Promise<void> {\n log('Terminating plugins...');\n\n const pluginsToTerminate = [...server.plugins].reverse();\n\n for (const plugin of pluginsToTerminate) {\n if (plugin.terminate) {\n try {\n log(`Terminating plugin: ${plugin.name}`);\n await plugin.terminate(server);\n } catch (error) {\n handleError(plugin, 'terminate', error as Error);\n }\n }\n }\n\n log(`Terminated ${pluginsToTerminate.length} plugins`);\n },\n\n /**\n * Notify plugins that the server has started\n */\n async onServerStart(server: Server, httpServer: any): Promise<void> {\n log('Notifying plugins of server start...');\n\n for (const plugin of server.plugins) {\n if (plugin.onServerStart) {\n try {\n log(`Notifying plugin of server start: ${plugin.name}`);\n await plugin.onServerStart(httpServer);\n } catch (error) {\n handleError(plugin, 'onServerStart', error as Error);\n }\n }\n }\n },\n\n /**\n * Notify plugins that the server is stopping\n */\n async onServerStop(server: Server, httpServer: any): Promise<void> {\n log('Notifying plugins of server stop...');\n\n const pluginsToNotify = [...server.plugins].reverse();\n\n for (const plugin of pluginsToNotify) {\n if (plugin.onServerStop) {\n try {\n log(`Notifying plugin of server stop: ${plugin.name}`);\n await plugin.onServerStop(httpServer);\n } catch (error) {\n handleError(plugin, 'onServerStop', error as Error);\n }\n }\n }\n },\n };\n}\n","export class PluginError extends Error {\n constructor(\n public pluginName: string,\n message: string,\n public cause?: Error\n ) {\n super(`Plugin \"${pluginName}\": ${message}`);\n this.name = 'PluginError';\n }\n}\n\nexport class PluginLifecycleError extends PluginError {\n constructor(\n pluginName: string,\n public phase: 'register' | 'initialize' | 'terminate' | 'start' | 'stop',\n cause: Error\n ) {\n super(pluginName, `Failed during ${phase} phase: ${cause.message}`, cause);\n this.name = 'PluginLifecycleError';\n }\n}\n\nexport class PluginDependencyError extends PluginError {\n constructor(\n pluginName: string,\n public missingDependency: string\n ) {\n super(pluginName, `Missing dependency: ${missingDependency}`);\n this.name = 'PluginDependencyError';\n }\n}\n\n// packages/blaizejs/src/plugins/errors.ts (or add to existing errors file)\n\nexport class PluginValidationError extends Error {\n constructor(\n public pluginName: string,\n message: string\n ) {\n super(`Plugin validation error${pluginName ? ` for \"${pluginName}\"` : ''}: ${message}`);\n this.name = 'PluginValidationError';\n }\n}\n\nexport class PluginRegistrationError extends Error {\n constructor(\n public pluginName: string,\n message: string\n ) {\n super(`Plugin registration error for \"${pluginName}\": ${message}`);\n this.name = 'PluginRegistrationError';\n }\n}\n","import { PluginValidationError } from './errors';\n\nimport type { Plugin } from '@blaize-types/plugins';\n\nexport interface PluginValidationOptions {\n /** Require specific plugin properties */\n requireVersion?: boolean;\n /** Validate plugin name format */\n validateNameFormat?: boolean;\n /** Check for reserved plugin names */\n checkReservedNames?: boolean;\n}\n\n/**\n * Reserved plugin names that cannot be used\n */\nconst RESERVED_NAMES = new Set([\n 'core',\n 'server',\n 'router',\n 'middleware',\n 'context',\n 'blaize',\n 'blaizejs',\n]);\n\n/**\n * Valid plugin name pattern (lowercase, letters, numbers, hyphens)\n */\nconst VALID_NAME_PATTERN = /^[a-z]([a-z0-9-]*[a-z0-9])?$/;\n\n/**\n * Valid semantic version pattern\n */\nconst VALID_VERSION_PATTERN = /^\\d+\\.\\d+\\.\\d+(?:-[a-zA-Z0-9-.]+)?(?:\\+[a-zA-Z0-9-.]+)?$/;\n\n/**\n * Validate a plugin object\n */\nexport function validatePlugin(\n plugin: unknown,\n options: PluginValidationOptions = {}\n): asserts plugin is Plugin {\n const { requireVersion = true, validateNameFormat = true, checkReservedNames = true } = options;\n\n // Basic type validation\n if (!plugin || typeof plugin !== 'object') {\n throw new PluginValidationError('', 'Plugin must be an object');\n }\n\n const p = plugin as any;\n\n // Validate name\n if (!p.name || typeof p.name !== 'string') {\n throw new PluginValidationError('', 'Plugin must have a name (string)');\n }\n\n // Validate name format\n if (validateNameFormat && !VALID_NAME_PATTERN.test(p.name)) {\n throw new PluginValidationError(\n p.name,\n 'Plugin name must be lowercase letters, numbers, and hyphens only'\n );\n }\n\n // Check reserved names\n if (checkReservedNames && RESERVED_NAMES.has(p.name.toLowerCase())) {\n throw new PluginValidationError(p.name, `Plugin name \"${p.name}\" is reserved`);\n }\n\n // Validate version\n if (requireVersion) {\n if (!p.version || typeof p.version !== 'string') {\n throw new PluginValidationError(p.name, 'Plugin must have a version (string)');\n }\n\n if (!VALID_VERSION_PATTERN.test(p.version)) {\n throw new PluginValidationError(\n p.name,\n 'Plugin version must follow semantic versioning (e.g., \"1.0.0\")'\n );\n }\n }\n\n // Validate register method\n if (!p.register || typeof p.register !== 'function') {\n throw new PluginValidationError(p.name, 'Plugin must have a register method (function)');\n }\n\n // Validate optional lifecycle methods\n const lifecycleMethods = ['initialize', 'terminate', 'onServerStart', 'onServerStop'];\n\n for (const method of lifecycleMethods) {\n if (p[method] && typeof p[method] !== 'function') {\n throw new PluginValidationError(p.name, `Plugin ${method} must be a function if provided`);\n }\n }\n\n // Validate dependencies if present\n // if (p.dependencies) {\n // if (!Array.isArray(p.dependencies) && typeof p.dependencies !== 'string') {\n // throw new PluginValidationError(\n // p.name,\n // 'Plugin dependencies must be a string or array of strings'\n // );\n // }\n\n // const deps = Array.isArray(p.dependencies) ? p.dependencies : [p.dependencies];\n // for (const dep of deps) {\n // if (typeof dep !== 'string') {\n // throw new PluginValidationError(p.name, 'Plugin dependencies must be strings');\n // }\n // }\n // }\n}\n\n/**\n * Validate plugin options object\n */\nexport function validatePluginOptions(pluginName: string, options: unknown, schema?: any): void {\n // Basic validation\n if (options !== undefined && typeof options !== 'object') {\n throw new PluginValidationError(pluginName, 'Plugin options must be an object');\n }\n\n // If a schema is provided, validate against it\n if (schema && options) {\n try {\n schema.parse(options);\n } catch (error) {\n throw new PluginValidationError(\n pluginName,\n `Plugin options validation failed: ${(error as Error).message}`\n );\n }\n }\n}\n\n/**\n * Validate plugin factory function\n */\nexport function validatePluginFactory(\n factory: unknown\n): asserts factory is (...args: any[]) => any {\n if (typeof factory !== 'function') {\n throw new PluginValidationError('', 'Plugin factory must be a function');\n }\n}\n\n/**\n * Check if a plugin name is valid\n */\nexport function isValidPluginName(name: string): boolean {\n return (\n typeof name === 'string' &&\n name.length > 0 &&\n VALID_NAME_PATTERN.test(name) &&\n !RESERVED_NAMES.has(name.toLowerCase())\n );\n}\n\n/**\n * Check if a version string is valid\n */\nexport function isValidVersion(version: string): boolean {\n return typeof version === 'string' && VALID_VERSION_PATTERN.test(version);\n}\n\n/**\n * Sanitize plugin name (remove invalid characters)\n */\nexport function sanitizePluginName(name: string): string {\n return name\n .toLowerCase()\n .replace(/[^a-z0-9-]/g, '-')\n .replace(/^-+|-+$/g, '')\n .replace(/-+/g, '-');\n}\n","import * as crypto from 'node:crypto';\nimport * as fs from 'node:fs/promises';\nimport { createRequire } from 'node:module';\nimport * as path from 'node:path';\n\nimport { loadRouteModule } from './loader';\n\nimport type { FileCache, Route } from '@blaize-types/router';\n\nconst fileRouteCache = new Map<string, FileCache>();\n\nexport async function processChangedFile(\n filePath: string,\n routesDir: string,\n updateCache: boolean = true\n): Promise<Route[]> {\n const stat = await fs.stat(filePath);\n const lastModified = stat.mtime.getTime();\n const cachedEntry = fileRouteCache.get(filePath);\n\n // Skip if file hasn't changed by timestamp (only when updating cache)\n if (updateCache && cachedEntry && cachedEntry.timestamp === lastModified) {\n return cachedEntry.routes;\n }\n\n // Clear module cache for this specific file\n invalidateModuleCache(filePath);\n\n // Load only this file\n const routes = await loadRouteModule(filePath, routesDir);\n\n // Only update cache if requested\n if (updateCache) {\n // Calculate content hash for change detection\n const hash = hashRoutes(routes);\n\n // Update cache\n fileRouteCache.set(filePath, {\n routes,\n timestamp: lastModified,\n hash,\n });\n }\n\n return routes;\n}\n\nexport function hasRouteContentChanged(filePath: string, newRoutes: Route[]): boolean {\n const cachedEntry = fileRouteCache.get(filePath);\n if (!cachedEntry) {\n return true;\n }\n\n const newHash = hashRoutes(newRoutes);\n\n return cachedEntry.hash !== newHash;\n}\n\nexport function clearFileCache(filePath?: string): void {\n if (filePath) {\n fileRouteCache.delete(filePath);\n } else {\n fileRouteCache.clear();\n }\n}\n\nfunction hashRoutes(routes: Route[]): string {\n const routeData = routes.map(route => ({\n path: route.path,\n methods: Object.keys(route)\n .filter(key => key !== 'path')\n .sort()\n .map(method => {\n const methodDef = route[method as keyof Route] as any;\n const handlerString = methodDef?.handler ? methodDef.handler.toString() : null;\n return {\n method,\n // Include handler function string for change detection\n handler: handlerString,\n // Include middleware if present\n middleware: methodDef?.middleware ? methodDef.middleware.length : 0,\n // Include schema structure (but not full serialization which can be unstable)\n hasSchema: !!methodDef?.schema,\n schemaKeys: methodDef?.schema ? Object.keys(methodDef.schema).sort() : [],\n };\n }),\n }));\n\n const dataString = JSON.stringify(routeData);\n const hash = crypto.createHash('md5').update(dataString).digest('hex');\n\n return hash;\n}\n\nfunction invalidateModuleCache(filePath: string): void {\n try {\n // Try to resolve the absolute path\n const absolutePath = path.resolve(filePath);\n\n // Check if we're in a CommonJS environment (require is available)\n if (typeof require !== 'undefined') {\n // Delete from require cache if it exists\n delete require.cache[absolutePath];\n\n // Also try to resolve using require.resolve if the file exists\n try {\n const resolvedPath = require.resolve(absolutePath);\n delete require.cache[resolvedPath];\n } catch (resolveError) {\n // Type guard to ensure resolveError is an Error object\n const errorMessage =\n resolveError instanceof Error ? resolveError.message : String(resolveError);\n console.log(`⚠️ Could not resolve path: ${errorMessage}`);\n }\n } else {\n // In pure ESM environment, try to use createRequire for cache invalidation\n try {\n const require = createRequire(import.meta.url);\n delete require.cache[absolutePath];\n\n try {\n const resolvedPath = require.resolve(absolutePath);\n delete require.cache[resolvedPath];\n } catch {\n console.log(`⚠️ Could not resolve ESM path`);\n }\n } catch {\n console.log(`⚠️ createRequire not available in pure ESM`);\n }\n }\n } catch (error) {\n console.log(`⚠️ Error during module cache invalidation for ${filePath}:`, error);\n }\n}\n","import { parseRoutePath } from './parser';\n\nimport type { Route, RouteDefinition } from '@blaize-types/router';\n\nexport async function dynamicImport(filePath: string) {\n // Add a cache-busting query parameter for ESM\n const cacheBuster = `?t=${Date.now()}`;\n const importPath = filePath + cacheBuster;\n\n try {\n const module = await import(importPath);\n console.log(`✅ Successfully imported module`);\n return module;\n } catch (error) {\n // Type guard to ensure resolveError is an Error object\n const errorMessage = error instanceof Error ? error.message : String(error);\n console.log(`⚠️ Error importing with cache buster, trying original path:`, errorMessage);\n // Fallback to original path\n return import(filePath);\n }\n}\n\n/**\n * Load route modules from a file - supports both default export and named exports\n */\nexport async function loadRouteModule(filePath: string, basePath: string): Promise<Route[]> {\n try {\n // Parse the route path from the file path\n const parsedRoute = parseRoutePath(filePath, basePath);\n // Dynamically import the module\n const module = await dynamicImport(filePath);\n console.log('📦 Module exports:', Object.keys(module));\n\n const routes: Route[] = [];\n\n // Method 1: Check for default export (existing pattern)\n if (module.default && typeof module.default === 'object') {\n const route: Route = {\n ...(module.default as RouteDefinition),\n path: parsedRoute.routePath,\n };\n\n routes.push(route);\n }\n\n // Method 2: Check for named exports that look like routes\n Object.entries(module).forEach(([exportName, exportValue]) => {\n // Skip default export (already handled) and non-objects\n if (exportName === 'default' || !exportValue || typeof exportValue !== 'object') {\n return;\n }\n\n // Check if this export looks like a route (has path property and HTTP methods)\n const potentialRoute = exportValue as any;\n\n if (isValidRoute(potentialRoute)) {\n // For named exports, we might want to use the export name or the route's path\n const route: Route = {\n ...potentialRoute,\n // Use the route's own path if it has one, otherwise derive from file\n path: parsedRoute.routePath,\n };\n\n routes.push(route);\n }\n });\n\n if (routes.length === 0) {\n console.warn(`Route file ${filePath} does not export any valid route definitions`);\n return [];\n }\n\n console.log(`✅ Successfully Loaded ${routes.length} route(s)`);\n return routes;\n } catch (error) {\n console.error(`Failed to load route module ${filePath}:`, error);\n return [];\n }\n}\n\n/**\n * Check if an object looks like a valid route\n */\nfunction isValidRoute(obj: any): boolean {\n if (!obj || typeof obj !== 'object') {\n return false;\n }\n\n // Check if it has at least one HTTP method\n const httpMethods = ['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'HEAD', 'OPTIONS'];\n const hasHttpMethod = httpMethods.some(\n method => obj[method] && typeof obj[method] === 'object' && obj[method].handler\n );\n\n return hasHttpMethod;\n}\n","import * as os from 'node:os';\n\nimport { processChangedFile } from './cache';\nimport { findRouteFiles } from './finder';\n\nimport type { Route } from '@blaize-types/router';\n\nexport async function processFilesInParallel(\n filePaths: string[],\n processor: (filePath: string) => Promise<Route[]>,\n concurrency: number = Math.max(1, Math.floor(os.cpus().length / 2))\n): Promise<Route[][]> {\n const chunks = chunkArray(filePaths, concurrency);\n const results: Route[][] = [];\n\n for (const chunk of chunks) {\n const chunkResults = await Promise.allSettled(chunk.map(filePath => processor(filePath)));\n\n const successfulResults = chunkResults\n .filter(result => result.status === 'fulfilled')\n .map(result => (result as PromiseFulfilledResult<Route[]>).value);\n\n results.push(...successfulResults);\n }\n\n return results;\n}\n\nexport async function loadInitialRoutesParallel(routesDir: string): Promise<Route[]> {\n const files = await findRouteFiles(routesDir);\n const routeArrays = await processFilesInParallel(files, filePath =>\n processChangedFile(filePath, routesDir)\n );\n\n return routeArrays.flat();\n}\n\nfunction chunkArray<T>(array: T[], chunkSize: number): T[][] {\n const chunks: T[][] = [];\n for (let i = 0; i < array.length; i += chunkSize) {\n chunks.push(array.slice(i, i + chunkSize));\n }\n return chunks;\n}\n","import * as fs from 'node:fs/promises';\nimport * as path from 'node:path';\n\nimport type { FindRouteFilesOptions } from '@blaize-types/router';\n\n/**\n * Find all route files in the specified directory\n */\nexport async function findRouteFiles(\n routesDir: string,\n options: FindRouteFilesOptions = {}\n): Promise<string[]> {\n // Convert to absolute path if it's relative\n const absoluteDir = path.isAbsolute(routesDir)\n ? routesDir\n : path.resolve(process.cwd(), routesDir);\n\n console.log('Creating router with routes directory:', absoluteDir);\n\n // Check if directory exists\n try {\n const stats = await fs.stat(absoluteDir);\n if (!stats.isDirectory()) {\n throw new Error(`Route directory is not a directory: ${absoluteDir}`);\n }\n } catch (error) {\n if ((error as NodeJS.ErrnoException).code === 'ENOENT') {\n throw new Error(`Route directory not found: ${absoluteDir}`);\n }\n throw error;\n }\n\n const routeFiles: string[] = [];\n const ignore = options.ignore || ['node_modules', '.git'];\n\n async function scanDirectory(dir: string) {\n const entries = await fs.readdir(dir, { withFileTypes: true });\n\n for (const entry of entries) {\n const fullPath = path.join(dir, entry.name);\n\n // Skip ignored directories\n if (entry.isDirectory() && ignore.includes(entry.name)) {\n continue;\n }\n\n if (entry.isDirectory()) {\n await scanDirectory(fullPath);\n } else if (isRouteFile(entry.name)) {\n routeFiles.push(fullPath);\n }\n }\n }\n\n await scanDirectory(absoluteDir);\n return routeFiles;\n}\n\n/**\n * Check if a file is a valid route file\n */\nfunction isRouteFile(filename: string): boolean {\n // Route files are TypeScript/JavaScript files that don't start with underscore\n return !filename.startsWith('_') && (filename.endsWith('.ts') || filename.endsWith('.js'));\n}\n","import type { ReloadMetrics } from '@blaize-types/router';\n\nconst profilerState: ReloadMetrics = {\n fileChanges: 0,\n totalReloadTime: 0,\n averageReloadTime: 0,\n slowReloads: [],\n};\n\nexport function trackReloadPerformance(filePath: string, startTime: number): void {\n const duration = Date.now() - startTime;\n\n profilerState.fileChanges++;\n profilerState.totalReloadTime += duration;\n profilerState.averageReloadTime = profilerState.totalReloadTime / profilerState.fileChanges;\n\n if (duration > 100) {\n profilerState.slowReloads.push({ file: filePath, time: duration });\n if (profilerState.slowReloads.length > 10) {\n profilerState.slowReloads.shift();\n }\n }\n\n if (process.env.NODE_ENV === 'development') {\n const emoji = duration < 50 ? '⚡' : duration < 100 ? '🔄' : '🐌';\n console.log(`${emoji} Route reload: ${filePath} (${duration}ms)`);\n }\n}\n\nexport function getReloadMetrics(): Readonly<ReloadMetrics> {\n return { ...profilerState };\n}\n\nexport function resetReloadMetrics(): void {\n profilerState.fileChanges = 0;\n profilerState.totalReloadTime = 0;\n profilerState.averageReloadTime = 0;\n profilerState.slowReloads = [];\n}\n\nexport function withPerformanceTracking<T extends (...args: any[]) => Promise<any>>(\n fn: T,\n filePath: string\n): T {\n console.log(`Tracking performance for: ${filePath}`);\n return (async (...args: Parameters<T>) => {\n const startTime = Date.now();\n try {\n const result = await fn(...args);\n trackReloadPerformance(filePath, startTime);\n return result;\n } catch (error) {\n trackReloadPerformance(filePath, startTime);\n throw error;\n }\n }) as T;\n}\n","import * as path from 'node:path';\n\nimport { watch } from 'chokidar';\n\nimport { hasRouteContentChanged, processChangedFile } from './cache';\nimport { findRouteFiles } from './finder';\n\nimport type { Route, WatchOptions } from '@blaize-types/router';\n\n/**\n * Watch for route file changes\n */\nexport function watchRoutes(routesDir: string, options: WatchOptions = {}) {\n // Debounce rapid file changes\n const debounceMs = options.debounceMs || 16;\n const debouncedCallbacks = new Map<string, NodeJS.Timeout>();\n\n function createDebouncedCallback<T extends (...args: any[]) => void>(\n fn: T,\n filePath: string\n ): (...args: Parameters<T>) => void {\n return (...args: Parameters<T>) => {\n // Clear existing timeout for this file\n const existingTimeout = debouncedCallbacks.get(filePath);\n if (existingTimeout) {\n clearTimeout(existingTimeout);\n }\n\n // Set new timeout\n const timeoutId = setTimeout(() => {\n fn(...args);\n debouncedCallbacks.delete(filePath);\n }, debounceMs);\n\n debouncedCallbacks.set(filePath, timeoutId);\n };\n }\n // Track loaded routes by file path - now stores arrays of routes\n const routesByPath = new Map<string, Route[]>();\n\n // Initial loading of routes\n async function loadInitialRoutes() {\n try {\n const files = await findRouteFiles(routesDir, {\n ignore: options.ignore,\n });\n\n for (const filePath of files) {\n await loadAndNotify(filePath);\n }\n } catch (error) {\n handleError(error);\n }\n }\n\n // Optimized load and notify function\n async function loadAndNotify(filePath: string) {\n try {\n const existingRoutes = routesByPath.get(filePath);\n\n // Step 1: Load new routes WITHOUT updating cache\n const newRoutes = await processChangedFile(filePath, routesDir, false);\n\n if (!newRoutes || newRoutes.length === 0) {\n return;\n }\n\n // Step 2: Check if content has actually changed (cache still has old data)\n if (existingRoutes && !hasRouteContentChanged(filePath, newRoutes)) {\n return;\n }\n\n // Step 3: Content changed! Now update the cache\n await processChangedFile(filePath, routesDir, true);\n\n const normalizedPath = path.normalize(filePath);\n\n if (existingRoutes) {\n routesByPath.set(filePath, newRoutes);\n if (options.onRouteChanged) {\n options.onRouteChanged(normalizedPath, newRoutes);\n }\n } else {\n routesByPath.set(filePath, newRoutes);\n if (options.onRouteAdded) {\n options.onRouteAdded(normalizedPath, newRoutes);\n }\n }\n } catch (error) {\n console.log(`⚠️ Error processing file ${filePath}:`, error);\n handleError(error);\n }\n }\n\n // Handle route file removal\n function handleRemoved(filePath: string) {\n const normalizedPath = path.normalize(filePath);\n const routes = routesByPath.get(normalizedPath);\n\n if (routes && routes.length > 0 && options.onRouteRemoved) {\n options.onRouteRemoved(normalizedPath, routes);\n }\n\n routesByPath.delete(normalizedPath);\n }\n\n // Handle errors\n function handleError(error: unknown) {\n if (options.onError && error instanceof Error) {\n options.onError(error);\n } else {\n console.error('⚠️ Route watcher error:', error);\n }\n }\n\n // Start file watcher\n // Create optimized watcher\n const watcher = watch(routesDir, {\n // Much faster response times\n awaitWriteFinish: {\n stabilityThreshold: 50, // Reduced from 300ms\n pollInterval: 10, // Reduced from 100ms\n },\n\n // Performance optimizations\n usePolling: false,\n atomic: true,\n followSymlinks: false,\n depth: 10,\n\n // More aggressive ignoring\n ignored: [\n /(^|[/\\\\])\\../,\n /node_modules/,\n /\\.git/,\n /\\.DS_Store/,\n /Thumbs\\.db/,\n /\\.(test|spec)\\.(ts|js)$/,\n /\\.d\\.ts$/,\n /\\.map$/,\n /~$/,\n ...(options.ignore || []),\n ],\n });\n\n // Set up event handlers\n watcher\n .on('add', filePath => {\n const debouncedLoad = createDebouncedCallback(loadAndNotify, filePath);\n debouncedLoad(filePath);\n })\n .on('change', filePath => {\n const debouncedLoad = createDebouncedCallback(loadAndNotify, filePath);\n\n // Call debounced load for changed file\n debouncedLoad(filePath);\n })\n .on('unlink', filePath => {\n const debouncedRemove = createDebouncedCallback(handleRemoved, filePath);\n debouncedRemove(filePath);\n })\n .on('error', handleError);\n\n // Load initial routes\n loadInitialRoutes().catch(handleError);\n\n // Return control methods\n return {\n close: () => {\n // Clear any pending debounced callbacks\n debouncedCallbacks.forEach(timeout => clearTimeout(timeout));\n debouncedCallbacks.clear();\n\n return watcher.close();\n },\n getRoutes: () => {\n const allRoutes: Route[] = [];\n for (const routes of routesByPath.values()) {\n allRoutes.push(...routes);\n }\n return allRoutes;\n },\n getRoutesByFile: () => new Map(routesByPath),\n };\n}\n","/*! chokidar - MIT License (c) 2012 Paul Miller (paulmillr.com) */\nimport { stat as statcb } from 'fs';\nimport { stat, readdir } from 'fs/promises';\nimport { EventEmitter } from 'events';\nimport * as sysPath from 'path';\nimport { readdirp } from 'readdirp';\nimport { NodeFsHandler, EVENTS as EV, isWindows, isIBMi, EMPTY_FN, STR_CLOSE, STR_END, } from './handler.js';\nconst SLASH = '/';\nconst SLASH_SLASH = '//';\nconst ONE_DOT = '.';\nconst TWO_DOTS = '..';\nconst STRING_TYPE = 'string';\nconst BACK_SLASH_RE = /\\\\/g;\nconst DOUBLE_SLASH_RE = /\\/\\//;\nconst DOT_RE = /\\..*\\.(sw[px])$|~$|\\.subl.*\\.tmp/;\nconst REPLACER_RE = /^\\.[/\\\\]/;\nfunction arrify(item) {\n return Array.isArray(item) ? item : [item];\n}\nconst isMatcherObject = (matcher) => typeof matcher === 'object' && matcher !== null && !(matcher instanceof RegExp);\nfunction createPattern(matcher) {\n if (typeof matcher === 'function')\n return matcher;\n if (typeof matcher === 'string')\n return (string) => matcher === string;\n if (matcher instanceof RegExp)\n return (string) => matcher.test(string);\n if (typeof matcher === 'object' && matcher !== null) {\n return (string) => {\n if (matcher.path === string)\n return true;\n if (matcher.recursive) {\n const relative = sysPath.relative(matcher.path, string);\n if (!relative) {\n return false;\n }\n return !relative.startsWith('..') && !sysPath.isAbsolute(relative);\n }\n return false;\n };\n }\n return () => false;\n}\nfunction normalizePath(path) {\n if (typeof path !== 'string')\n throw new Error('string expected');\n path = sysPath.normalize(path);\n path = path.replace(/\\\\/g, '/');\n let prepend = false;\n if (path.startsWith('//'))\n prepend = true;\n const DOUBLE_SLASH_RE = /\\/\\//;\n while (path.match(DOUBLE_SLASH_RE))\n path = path.replace(DOUBLE_SLASH_RE, '/');\n if (prepend)\n path = '/' + path;\n return path;\n}\nfunction matchPatterns(patterns, testString, stats) {\n const path = normalizePath(testString);\n for (let index = 0; index < patterns.length; index++) {\n const pattern = patterns[index];\n if (pattern(path, stats)) {\n return true;\n }\n }\n return false;\n}\nfunction anymatch(matchers, testString) {\n if (matchers == null) {\n throw new TypeError('anymatch: specify first argument');\n }\n // Early cache for matchers.\n const matchersArray = arrify(matchers);\n const patterns = matchersArray.map((matcher) => createPattern(matcher));\n if (testString == null) {\n return (testString, stats) => {\n return matchPatterns(patterns, testString, stats);\n };\n }\n return matchPatterns(patterns, testString);\n}\nconst unifyPaths = (paths_) => {\n const paths = arrify(paths_).flat();\n if (!paths.every((p) => typeof p === STRING_TYPE)) {\n throw new TypeError(`Non-string provided as watch path: ${paths}`);\n }\n return paths.map(normalizePathToUnix);\n};\n// If SLASH_SLASH occurs at the beginning of path, it is not replaced\n// because \"//StoragePC/DrivePool/Movies\" is a valid network path\nconst toUnix = (string) => {\n let str = string.replace(BACK_SLASH_RE, SLASH);\n let prepend = false;\n if (str.startsWith(SLASH_SLASH)) {\n prepend = true;\n }\n while (str.match(DOUBLE_SLASH_RE)) {\n str = str.replace(DOUBLE_SLASH_RE, SLASH);\n }\n if (prepend) {\n str = SLASH + str;\n }\n return str;\n};\n// Our version of upath.normalize\n// TODO: this is not equal to path-normalize module - investigate why\nconst normalizePathToUnix = (path) => toUnix(sysPath.normalize(toUnix(path)));\n// TODO: refactor\nconst normalizeIgnored = (cwd = '') => (path) => {\n if (typeof path === 'string') {\n return normalizePathToUnix(sysPath.isAbsolute(path) ? path : sysPath.join(cwd, path));\n }\n else {\n return path;\n }\n};\nconst getAbsolutePath = (path, cwd) => {\n if (sysPath.isAbsolute(path)) {\n return path;\n }\n return sysPath.join(cwd, path);\n};\nconst EMPTY_SET = Object.freeze(new Set());\n/**\n * Directory entry.\n */\nclass DirEntry {\n constructor(dir, removeWatcher) {\n this.path = dir;\n this._removeWatcher = removeWatcher;\n this.items = new Set();\n }\n add(item) {\n const { items } = this;\n if (!items)\n return;\n if (item !== ONE_DOT && item !== TWO_DOTS)\n items.add(item);\n }\n async remove(item) {\n const { items } = this;\n if (!items)\n return;\n items.delete(item);\n if (items.size > 0)\n return;\n const dir = this.path;\n try {\n await readdir(dir);\n }\n catch (err) {\n if (this._removeWatcher) {\n this._removeWatcher(sysPath.dirname(dir), sysPath.basename(dir));\n }\n }\n }\n has(item) {\n const { items } = this;\n if (!items)\n return;\n return items.has(item);\n }\n getChildren() {\n const { items } = this;\n if (!items)\n return [];\n return [...items.values()];\n }\n dispose() {\n this.items.clear();\n this.path = '';\n this._removeWatcher = EMPTY_FN;\n this.items = EMPTY_SET;\n Object.freeze(this);\n }\n}\nconst STAT_METHOD_F = 'stat';\nconst STAT_METHOD_L = 'lstat';\nexport class WatchHelper {\n constructor(path, follow, fsw) {\n this.fsw = fsw;\n const watchPath = path;\n this.path = path = path.replace(REPLACER_RE, '');\n this.watchPath = watchPath;\n this.fullWatchPath = sysPath.resolve(watchPath);\n this.dirParts = [];\n this.dirParts.forEach((parts) => {\n if (parts.length > 1)\n parts.pop();\n });\n this.followSymlinks = follow;\n this.statMethod = follow ? STAT_METHOD_F : STAT_METHOD_L;\n }\n entryPath(entry) {\n return sysPath.join(this.watchPath, sysPath.relative(this.watchPath, entry.fullPath));\n }\n filterPath(entry) {\n const { stats } = entry;\n if (stats && stats.isSymbolicLink())\n return this.filterDir(entry);\n const resolvedPath = this.entryPath(entry);\n // TODO: what if stats is undefined? remove !\n return this.fsw._isntIgnored(resolvedPath, stats) && this.fsw._hasReadPermissions(stats);\n }\n filterDir(entry) {\n return this.fsw._isntIgnored(this.entryPath(entry), entry.stats);\n }\n}\n/**\n * Watches files & directories for changes. Emitted events:\n * `add`, `addDir`, `change`, `unlink`, `unlinkDir`, `all`, `error`\n *\n * new FSWatcher()\n * .add(directories)\n * .on('add', path => log('File', path, 'was added'))\n */\nexport class FSWatcher extends EventEmitter {\n // Not indenting methods for history sake; for now.\n constructor(_opts = {}) {\n super();\n this.closed = false;\n this._closers = new Map();\n this._ignoredPaths = new Set();\n this._throttled = new Map();\n this._streams = new Set();\n this._symlinkPaths = new Map();\n this._watched = new Map();\n this._pendingWrites = new Map();\n this._pendingUnlinks = new Map();\n this._readyCount = 0;\n this._readyEmitted = false;\n const awf = _opts.awaitWriteFinish;\n const DEF_AWF = { stabilityThreshold: 2000, pollInterval: 100 };\n const opts = {\n // Defaults\n persistent: true,\n ignoreInitial: false,\n ignorePermissionErrors: false,\n interval: 100,\n binaryInterval: 300,\n followSymlinks: true,\n usePolling: false,\n // useAsync: false,\n atomic: true, // NOTE: overwritten later (depends on usePolling)\n ..._opts,\n // Change format\n ignored: _opts.ignored ? arrify(_opts.ignored) : arrify([]),\n awaitWriteFinish: awf === true ? DEF_AWF : typeof awf === 'object' ? { ...DEF_AWF, ...awf } : false,\n };\n // Always default to polling on IBM i because fs.watch() is not available on IBM i.\n if (isIBMi)\n opts.usePolling = true;\n // Editor atomic write normalization enabled by default with fs.watch\n if (opts.atomic === undefined)\n opts.atomic = !opts.usePolling;\n // opts.atomic = typeof _opts.atomic === 'number' ? _opts.atomic : 100;\n // Global override. Useful for developers, who need to force polling for all\n // instances of chokidar, regardless of usage / dependency depth\n const envPoll = process.env.CHOKIDAR_USEPOLLING;\n if (envPoll !== undefined) {\n const envLower = envPoll.toLowerCase();\n if (envLower === 'false' || envLower === '0')\n opts.usePolling = false;\n else if (envLower === 'true' || envLower === '1')\n opts.usePolling = true;\n else\n opts.usePolling = !!envLower;\n }\n const envInterval = process.env.CHOKIDAR_INTERVAL;\n if (envInterval)\n opts.interval = Number.parseInt(envInterval, 10);\n // This is done to emit ready only once, but each 'add' will increase that?\n let readyCalls = 0;\n this._emitReady = () => {\n readyCalls++;\n if (readyCalls >= this._readyCount) {\n this._emitReady = EMPTY_FN;\n this._readyEmitted = true;\n // use process.nextTick to allow time for listener to be bound\n process.nextTick(() => this.emit(EV.READY));\n }\n };\n this._emitRaw = (...args) => this.emit(EV.RAW, ...args);\n this._boundRemove = this._remove.bind(this);\n this.options = opts;\n this._nodeFsHandler = new NodeFsHandler(this);\n // You’re frozen when your heart’s not open.\n Object.freeze(opts);\n }\n _addIgnoredPath(matcher) {\n if (isMatcherObject(matcher)) {\n // return early if we already have a deeply equal matcher object\n for (const ignored of this._ignoredPaths) {\n if (isMatcherObject(ignored) &&\n ignored.path === matcher.path &&\n ignored.recursive === matcher.recursive) {\n return;\n }\n }\n }\n this._ignoredPaths.add(matcher);\n }\n _removeIgnoredPath(matcher) {\n this._ignoredPaths.delete(matcher);\n // now find any matcher objects with the matcher as path\n if (typeof matcher === 'string') {\n for (const ignored of this._ignoredPaths) {\n // TODO (43081j): make this more efficient.\n // probably just make a `this._ignoredDirectories` or some\n // such thing.\n if (isMatcherObject(ignored) && ignored.path === matcher) {\n this._ignoredPaths.delete(ignored);\n }\n }\n }\n }\n // Public methods\n /**\n * Adds paths to be watched on an existing FSWatcher instance.\n * @param paths_ file or file list. Other arguments are unused\n */\n add(paths_, _origAdd, _internal) {\n const { cwd } = this.options;\n this.closed = false;\n this._closePromise = undefined;\n let paths = unifyPaths(paths_);\n if (cwd) {\n paths = paths.map((path) => {\n const absPath = getAbsolutePath(path, cwd);\n // Check `path` instead of `absPath` because the cwd portion can't be a glob\n return absPath;\n });\n }\n paths.forEach((path) => {\n this._removeIgnoredPath(path);\n });\n this._userIgnored = undefined;\n if (!this._readyCount)\n this._readyCount = 0;\n this._readyCount += paths.length;\n Promise.all(paths.map(async (path) => {\n const res = await this._nodeFsHandler._addToNodeFs(path, !_internal, undefined, 0, _origAdd);\n if (res)\n this._emitReady();\n return res;\n })).then((results) => {\n if (this.closed)\n return;\n results.forEach((item) => {\n if (item)\n this.add(sysPath.dirname(item), sysPath.basename(_origAdd || item));\n });\n });\n return this;\n }\n /**\n * Close watchers or start ignoring events from specified paths.\n */\n unwatch(paths_) {\n if (this.closed)\n return this;\n const paths = unifyPaths(paths_);\n const { cwd } = this.options;\n paths.forEach((path) => {\n // convert to absolute path unless relative path already matches\n if (!sysPath.isAbsolute(path) && !this._closers.has(path)) {\n if (cwd)\n path = sysPath.join(cwd, path);\n path = sysPath.resolve(path);\n }\n this._closePath(path);\n this._addIgnoredPath(path);\n if (this._watched.has(path)) {\n this._addIgnoredPath({\n path,\n recursive: true,\n });\n }\n // reset the cached userIgnored anymatch fn\n // to make ignoredPaths changes effective\n this._userIgnored = undefined;\n });\n return this;\n }\n /**\n * Close watchers and remove all listeners from watched paths.\n */\n close() {\n if (this._closePromise) {\n return this._closePromise;\n }\n this.closed = true;\n // Memory management.\n this.removeAllListeners();\n const closers = [];\n this._closers.forEach((closerList) => closerList.forEach((closer) => {\n const promise = closer();\n if (promise instanceof Promise)\n closers.push(promise);\n }));\n this._streams.forEach((stream) => stream.destroy());\n this._userIgnored = undefined;\n this._readyCount = 0;\n this._readyEmitted = false;\n this._watched.forEach((dirent) => dirent.dispose());\n this._closers.clear();\n this._watched.clear();\n this._streams.clear();\n this._symlinkPaths.clear();\n this._throttled.clear();\n this._closePromise = closers.length\n ? Promise.all(closers).then(() => undefined)\n : Promise.resolve();\n return this._closePromise;\n }\n /**\n * Expose list of watched paths\n * @returns for chaining\n */\n getWatched() {\n const watchList = {};\n this._watched.forEach((entry, dir) => {\n const key = this.options.cwd ? sysPath.relative(this.options.cwd, dir) : dir;\n const index = key || ONE_DOT;\n watchList[index] = entry.getChildren().sort();\n });\n return watchList;\n }\n emitWithAll(event, args) {\n this.emit(event, ...args);\n if (event !== EV.ERROR)\n this.emit(EV.ALL, event, ...args);\n }\n // Common helpers\n // --------------\n /**\n * Normalize and emit events.\n * Calling _emit DOES NOT MEAN emit() would be called!\n * @param event Type of event\n * @param path File or directory path\n * @param stats arguments to be passed with event\n * @returns the error if defined, otherwise the value of the FSWatcher instance's `closed` flag\n */\n async _emit(event, path, stats) {\n if (this.closed)\n return;\n const opts = this.options;\n if (isWindows)\n path = sysPath.normalize(path);\n if (opts.cwd)\n path = sysPath.relative(opts.cwd, path);\n const args = [path];\n if (stats != null)\n args.push(stats);\n const awf = opts.awaitWriteFinish;\n let pw;\n if (awf && (pw = this._pendingWrites.get(path))) {\n pw.lastChange = new Date();\n return this;\n }\n if (opts.atomic) {\n if (event === EV.UNLINK) {\n this._pendingUnlinks.set(path, [event, ...args]);\n setTimeout(() => {\n this._pendingUnlinks.forEach((entry, path) => {\n this.emit(...entry);\n this.emit(EV.ALL, ...entry);\n this._pendingUnlinks.delete(path);\n });\n }, typeof opts.atomic === 'number' ? opts.atomic : 100);\n return this;\n }\n if (event === EV.ADD && this._pendingUnlinks.has(path)) {\n event = EV.CHANGE;\n this._pendingUnlinks.delete(path);\n }\n }\n if (awf && (event === EV.ADD || event === EV.CHANGE) && this._readyEmitted) {\n const awfEmit = (err, stats) => {\n if (err) {\n event = EV.ERROR;\n args[0] = err;\n this.emitWithAll(event, args);\n }\n else if (stats) {\n // if stats doesn't exist the file must have been deleted\n if (args.length > 1) {\n args[1] = stats;\n }\n else {\n args.push(stats);\n }\n this.emitWithAll(event, args);\n }\n };\n this._awaitWriteFinish(path, awf.stabilityThreshold, event, awfEmit);\n return this;\n }\n if (event === EV.CHANGE) {\n const isThrottled = !this._throttle(EV.CHANGE, path, 50);\n if (isThrottled)\n return this;\n }\n if (opts.alwaysStat &&\n stats === undefined &&\n (event === EV.ADD || event === EV.ADD_DIR || event === EV.CHANGE)) {\n const fullPath = opts.cwd ? sysPath.join(opts.cwd, path) : path;\n let stats;\n try {\n stats = await stat(fullPath);\n }\n catch (err) {\n // do nothing\n }\n // Suppress event when fs_stat fails, to avoid sending undefined 'stat'\n if (!stats || this.closed)\n return;\n args.push(stats);\n }\n this.emitWithAll(event, args);\n return this;\n }\n /**\n * Common handler for errors\n * @returns The error if defined, otherwise the value of the FSWatcher instance's `closed` flag\n */\n _handleError(error) {\n const code = error && error.code;\n if (error &&\n code !== 'ENOENT' &&\n code !== 'ENOTDIR' &&\n (!this.options.ignorePermissionErrors || (code !== 'EPERM' && code !== 'EACCES'))) {\n this.emit(EV.ERROR, error);\n }\n return error || this.closed;\n }\n /**\n * Helper utility for throttling\n * @param actionType type being throttled\n * @param path being acted upon\n * @param timeout duration of time to suppress duplicate actions\n * @returns tracking object or false if action should be suppressed\n */\n _throttle(actionType, path, timeout) {\n if (!this._throttled.has(actionType)) {\n this._throttled.set(actionType, new Map());\n }\n const action = this._throttled.get(actionType);\n if (!action)\n throw new Error('invalid throttle');\n const actionPath = action.get(path);\n if (actionPath) {\n actionPath.count++;\n return false;\n }\n // eslint-disable-next-line prefer-const\n let timeoutObject;\n const clear = () => {\n const item = action.get(path);\n const count = item ? item.count : 0;\n action.delete(path);\n clearTimeout(timeoutObject);\n if (item)\n clearTimeout(item.timeoutObject);\n return count;\n };\n timeoutObject = setTimeout(clear, timeout);\n const thr = { timeoutObject, clear, count: 0 };\n action.set(path, thr);\n return thr;\n }\n _incrReadyCount() {\n return this._readyCount++;\n }\n /**\n * Awaits write operation to finish.\n * Polls a newly created file for size variations. When files size does not change for 'threshold' milliseconds calls callback.\n * @param path being acted upon\n * @param threshold Time in milliseconds a file size must be fixed before acknowledging write OP is finished\n * @param event\n * @param awfEmit Callback to be called when ready for event to be emitted.\n */\n _awaitWriteFinish(path, threshold, event, awfEmit) {\n const awf = this.options.awaitWriteFinish;\n if (typeof awf !== 'object')\n return;\n const pollInterval = awf.pollInterval;\n let timeoutHandler;\n let fullPath = path;\n if (this.options.cwd && !sysPath.isAbsolute(path)) {\n fullPath = sysPath.join(this.options.cwd, path);\n }\n const now = new Date();\n const writes = this._pendingWrites;\n function awaitWriteFinishFn(prevStat) {\n statcb(fullPath, (err, curStat) => {\n if (err || !writes.has(path)) {\n if (err && err.code !== 'ENOENT')\n awfEmit(err);\n return;\n }\n const now = Number(new Date());\n if (prevStat && curStat.size !== prevStat.size) {\n writes.get(path).lastChange = now;\n }\n const pw = writes.get(path);\n const df = now - pw.lastChange;\n if (df >= threshold) {\n writes.delete(path);\n awfEmit(undefined, curStat);\n }\n else {\n timeoutHandler = setTimeout(awaitWriteFinishFn, pollInterval, curStat);\n }\n });\n }\n if (!writes.has(path)) {\n writes.set(path, {\n lastChange: now,\n cancelWait: () => {\n writes.delete(path);\n clearTimeout(timeoutHandler);\n return event;\n },\n });\n timeoutHandler = setTimeout(awaitWriteFinishFn, pollInterval);\n }\n }\n /**\n * Determines whether user has asked to ignore this path.\n */\n _isIgnored(path, stats) {\n if (this.options.atomic && DOT_RE.test(path))\n return true;\n if (!this._userIgnored) {\n const { cwd } = this.options;\n const ign = this.options.ignored;\n const ignored = (ign || []).map(normalizeIgnored(cwd));\n const ignoredPaths = [...this._ignoredPaths];\n const list = [...ignoredPaths.map(normalizeIgnored(cwd)), ...ignored];\n this._userIgnored = anymatch(list, undefined);\n }\n return this._userIgnored(path, stats);\n }\n _isntIgnored(path, stat) {\n return !this._isIgnored(path, stat);\n }\n /**\n * Provides a set of common helpers and properties relating to symlink handling.\n * @param path file or directory pattern being watched\n */\n _getWatchHelpers(path) {\n return new WatchHelper(path, this.options.followSymlinks, this);\n }\n // Directory helpers\n // -----------------\n /**\n * Provides directory tracking objects\n * @param directory path of the directory\n */\n _getWatchedDir(directory) {\n const dir = sysPath.resolve(directory);\n if (!this._watched.has(dir))\n this._watched.set(dir, new DirEntry(dir, this._boundRemove));\n return this._watched.get(dir);\n }\n // File helpers\n // ------------\n /**\n * Check for read permissions: https://stackoverflow.com/a/11781404/1358405\n */\n _hasReadPermissions(stats) {\n if (this.options.ignorePermissionErrors)\n return true;\n return Boolean(Number(stats.mode) & 0o400);\n }\n /**\n * Handles emitting unlink events for\n * files and directories, and via recursion, for\n * files and directories within directories that are unlinked\n * @param directory within which the following item is located\n * @param item base path of item/directory\n */\n _remove(directory, item, isDirectory) {\n // if what is being deleted is a directory, get that directory's paths\n // for recursive deleting and cleaning of watched object\n // if it is not a directory, nestedDirectoryChildren will be empty array\n const path = sysPath.join(directory, item);\n const fullPath = sysPath.resolve(path);\n isDirectory =\n isDirectory != null ? isDirectory : this._watched.has(path) || this._watched.has(fullPath);\n // prevent duplicate handling in case of arriving here nearly simultaneously\n // via multiple paths (such as _handleFile and _handleDir)\n if (!this._throttle('remove', path, 100))\n return;\n // if the only watched file is removed, watch for its return\n if (!isDirectory && this._watched.size === 1) {\n this.add(directory, item, true);\n }\n // This will create a new entry in the watched object in either case\n // so we got to do the directory check beforehand\n const wp = this._getWatchedDir(path);\n const nestedDirectoryChildren = wp.getChildren();\n // Recursively remove children directories / files.\n nestedDirectoryChildren.forEach((nested) => this._remove(path, nested));\n // Check if item was on the watched list and remove it\n const parent = this._getWatchedDir(directory);\n const wasTracked = parent.has(item);\n parent.remove(item);\n // Fixes issue #1042 -> Relative paths were detected and added as symlinks\n // (https://github.com/paulmillr/chokidar/blob/e1753ddbc9571bdc33b4a4af172d52cb6e611c10/lib/nodefs-handler.js#L612),\n // but never removed from the map in case the path was deleted.\n // This leads to an incorrect state if the path was recreated:\n // https://github.com/paulmillr/chokidar/blob/e1753ddbc9571bdc33b4a4af172d52cb6e611c10/lib/nodefs-handler.js#L553\n if (this._symlinkPaths.has(fullPath)) {\n this._symlinkPaths.delete(fullPath);\n }\n // If we wait for this file to be fully written, cancel the wait.\n let relPath = path;\n if (this.options.cwd)\n relPath = sysPath.relative(this.options.cwd, path);\n if (this.options.awaitWriteFinish && this._pendingWrites.has(relPath)) {\n const event = this._pendingWrites.get(relPath).cancelWait();\n if (event === EV.ADD)\n return;\n }\n // The Entry will either be a directory that just got removed\n // or a bogus entry to a file, in either case we have to remove it\n this._watched.delete(path);\n this._watched.delete(fullPath);\n const eventName = isDirectory ? EV.UNLINK_DIR : EV.UNLINK;\n if (wasTracked && !this._isIgnored(path))\n this._emit(eventName, path);\n // Avoid conflicts if we later create another file with the same name\n this._closePath(path);\n }\n /**\n * Closes all watchers for a path\n */\n _closePath(path) {\n this._closeFile(path);\n const dir = sysPath.dirname(path);\n this._getWatchedDir(dir).remove(sysPath.basename(path));\n }\n /**\n * Closes only file-specific watchers\n */\n _closeFile(path) {\n const closers = this._closers.get(path);\n if (!closers)\n return;\n closers.forEach((closer) => closer());\n this._closers.delete(path);\n }\n _addPathCloser(path, closer) {\n if (!closer)\n return;\n let list = this._closers.get(path);\n if (!list) {\n list = [];\n this._closers.set(path, list);\n }\n list.push(closer);\n }\n _readdirp(root, opts) {\n if (this.closed)\n return;\n const options = { type: EV.ALL, alwaysStat: true, lstat: true, ...opts, depth: 0 };\n let stream = readdirp(root, options);\n this._streams.add(stream);\n stream.once(STR_CLOSE, () => {\n stream = undefined;\n });\n stream.once(STR_END, () => {\n if (stream) {\n this._streams.delete(stream);\n stream = undefined;\n }\n });\n return stream;\n }\n}\n/**\n * Instantiates watcher with paths to be tracked.\n * @param paths file / directory paths\n * @param options opts, such as `atomic`, `awaitWriteFinish`, `ignored`, and others\n * @returns an instance of FSWatcher for chaining.\n * @example\n * const watcher = watch('.').on('all', (event, path) => { console.log(event, path); });\n * watch('.', { atomic: true, awaitWriteFinish: true, ignored: (f, stats) => stats?.isFile() && !f.endsWith('.js') })\n */\nexport function watch(paths, options = {}) {\n const watcher = new FSWatcher(options);\n watcher.add(paths);\n return watcher;\n}\nexport default { watch, FSWatcher };\n","import { stat, lstat, readdir, realpath } from 'node:fs/promises';\nimport { Readable } from 'node:stream';\nimport { resolve as presolve, relative as prelative, join as pjoin, sep as psep } from 'node:path';\nexport const EntryTypes = {\n FILE_TYPE: 'files',\n DIR_TYPE: 'directories',\n FILE_DIR_TYPE: 'files_directories',\n EVERYTHING_TYPE: 'all',\n};\nconst defaultOptions = {\n root: '.',\n fileFilter: (_entryInfo) => true,\n directoryFilter: (_entryInfo) => true,\n type: EntryTypes.FILE_TYPE,\n lstat: false,\n depth: 2147483648,\n alwaysStat: false,\n highWaterMark: 4096,\n};\nObject.freeze(defaultOptions);\nconst RECURSIVE_ERROR_CODE = 'READDIRP_RECURSIVE_ERROR';\nconst NORMAL_FLOW_ERRORS = new Set(['ENOENT', 'EPERM', 'EACCES', 'ELOOP', RECURSIVE_ERROR_CODE]);\nconst ALL_TYPES = [\n EntryTypes.DIR_TYPE,\n EntryTypes.EVERYTHING_TYPE,\n EntryTypes.FILE_DIR_TYPE,\n EntryTypes.FILE_TYPE,\n];\nconst DIR_TYPES = new Set([\n EntryTypes.DIR_TYPE,\n EntryTypes.EVERYTHING_TYPE,\n EntryTypes.FILE_DIR_TYPE,\n]);\nconst FILE_TYPES = new Set([\n EntryTypes.EVERYTHING_TYPE,\n EntryTypes.FILE_DIR_TYPE,\n EntryTypes.FILE_TYPE,\n]);\nconst isNormalFlowError = (error) => NORMAL_FLOW_ERRORS.has(error.code);\nconst wantBigintFsStats = process.platform === 'win32';\nconst emptyFn = (_entryInfo) => true;\nconst normalizeFilter = (filter) => {\n if (filter === undefined)\n return emptyFn;\n if (typeof filter === 'function')\n return filter;\n if (typeof filter === 'string') {\n const fl = filter.trim();\n return (entry) => entry.basename === fl;\n }\n if (Array.isArray(filter)) {\n const trItems = filter.map((item) => item.trim());\n return (entry) => trItems.some((f) => entry.basename === f);\n }\n return emptyFn;\n};\n/** Readable readdir stream, emitting new files as they're being listed. */\nexport class ReaddirpStream extends Readable {\n constructor(options = {}) {\n super({\n objectMode: true,\n autoDestroy: true,\n highWaterMark: options.highWaterMark,\n });\n const opts = { ...defaultOptions, ...options };\n const { root, type } = opts;\n this._fileFilter = normalizeFilter(opts.fileFilter);\n this._directoryFilter = normalizeFilter(opts.directoryFilter);\n const statMethod = opts.lstat ? lstat : stat;\n // Use bigint stats if it's windows and stat() supports options (node 10+).\n if (wantBigintFsStats) {\n this._stat = (path) => statMethod(path, { bigint: true });\n }\n else {\n this._stat = statMethod;\n }\n this._maxDepth = opts.depth ?? defaultOptions.depth;\n this._wantsDir = type ? DIR_TYPES.has(type) : false;\n this._wantsFile = type ? FILE_TYPES.has(type) : false;\n this._wantsEverything = type === EntryTypes.EVERYTHING_TYPE;\n this._root = presolve(root);\n this._isDirent = !opts.alwaysStat;\n this._statsProp = this._isDirent ? 'dirent' : 'stats';\n this._rdOptions = { encoding: 'utf8', withFileTypes: this._isDirent };\n // Launch stream with one parent, the root dir.\n this.parents = [this._exploreDir(root, 1)];\n this.reading = false;\n this.parent = undefined;\n }\n async _read(batch) {\n if (this.reading)\n return;\n this.reading = true;\n try {\n while (!this.destroyed && batch > 0) {\n const par = this.parent;\n const fil = par && par.files;\n if (fil && fil.length > 0) {\n const { path, depth } = par;\n const slice = fil.splice(0, batch).map((dirent) => this._formatEntry(dirent, path));\n const awaited = await Promise.all(slice);\n for (const entry of awaited) {\n if (!entry)\n continue;\n if (this.destroyed)\n return;\n const entryType = await this._getEntryType(entry);\n if (entryType === 'directory' && this._directoryFilter(entry)) {\n if (depth <= this._maxDepth) {\n this.parents.push(this._exploreDir(entry.fullPath, depth + 1));\n }\n if (this._wantsDir) {\n this.push(entry);\n batch--;\n }\n }\n else if ((entryType === 'file' || this._includeAsFile(entry)) &&\n this._fileFilter(entry)) {\n if (this._wantsFile) {\n this.push(entry);\n batch--;\n }\n }\n }\n }\n else {\n const parent = this.parents.pop();\n if (!parent) {\n this.push(null);\n break;\n }\n this.parent = await parent;\n if (this.destroyed)\n return;\n }\n }\n }\n catch (error) {\n this.destroy(error);\n }\n finally {\n this.reading = false;\n }\n }\n async _exploreDir(path, depth) {\n let files;\n try {\n files = await readdir(path, this._rdOptions);\n }\n catch (error) {\n this._onError(error);\n }\n return { files, depth, path };\n }\n async _formatEntry(dirent, path) {\n let entry;\n const basename = this._isDirent ? dirent.name : dirent;\n try {\n const fullPath = presolve(pjoin(path, basename));\n entry = { path: prelative(this._root, fullPath), fullPath, basename };\n entry[this._statsProp] = this._isDirent ? dirent : await this._stat(fullPath);\n }\n catch (err) {\n this._onError(err);\n return;\n }\n return entry;\n }\n _onError(err) {\n if (isNormalFlowError(err) && !this.destroyed) {\n this.emit('warn', err);\n }\n else {\n this.destroy(err);\n }\n }\n async _getEntryType(entry) {\n // entry may be undefined, because a warning or an error were emitted\n // and the statsProp is undefined\n if (!entry && this._statsProp in entry) {\n return '';\n }\n const stats = entry[this._statsProp];\n if (stats.isFile())\n return 'file';\n if (stats.isDirectory())\n return 'directory';\n if (stats && stats.isSymbolicLink()) {\n const full = entry.fullPath;\n try {\n const entryRealPath = await realpath(full);\n const entryRealPathStats = await lstat(entryRealPath);\n if (entryRealPathStats.isFile()) {\n return 'file';\n }\n if (entryRealPathStats.isDirectory()) {\n const len = entryRealPath.length;\n if (full.startsWith(entryRealPath) && full.substr(len, 1) === psep) {\n const recursiveError = new Error(`Circular symlink detected: \"${full}\" points to \"${entryRealPath}\"`);\n // @ts-ignore\n recursiveError.code = RECURSIVE_ERROR_CODE;\n return this._onError(recursiveError);\n }\n return 'directory';\n }\n }\n catch (error) {\n this._onError(error);\n return '';\n }\n }\n }\n _includeAsFile(entry) {\n const stats = entry && entry[this._statsProp];\n return stats && this._wantsEverything && !stats.isDirectory();\n }\n}\n/**\n * Streaming version: Reads all files and directories in given root recursively.\n * Consumes ~constant small amount of RAM.\n * @param root Root directory\n * @param options Options to specify root (start directory), filters and recursion depth\n */\nexport function readdirp(root, options = {}) {\n // @ts-ignore\n let type = options.entryType || options.type;\n if (type === 'both')\n type = EntryTypes.FILE_DIR_TYPE; // backwards-compatibility\n if (type)\n options.type = type;\n if (!root) {\n throw new Error('readdirp: root argument is required. Usage: readdirp(root, options)');\n }\n else if (typeof root !== 'string') {\n throw new TypeError('readdirp: root argument must be a string. Usage: readdirp(root, options)');\n }\n else if (type && !ALL_TYPES.includes(type)) {\n throw new Error(`readdirp: Invalid type passed. Use one of ${ALL_TYPES.join(', ')}`);\n }\n options.root = root;\n return new ReaddirpStream(options);\n}\n/**\n * Promise version: Reads all files and directories in given root recursively.\n * Compared to streaming version, will consume a lot of RAM e.g. when 1 million files are listed.\n * @returns array of paths and their entry infos\n */\nexport function readdirpPromise(root, options = {}) {\n return new Promise((resolve, reject) => {\n const files = [];\n readdirp(root, options)\n .on('data', (entry) => files.push(entry))\n .on('end', () => resolve(files))\n .on('error', (error) => reject(error));\n });\n}\nexport default readdirp;\n","import { watchFile, unwatchFile, watch as fs_watch } from 'fs';\nimport { open, stat, lstat, realpath as fsrealpath } from 'fs/promises';\nimport * as sysPath from 'path';\nimport { type as osType } from 'os';\nexport const STR_DATA = 'data';\nexport const STR_END = 'end';\nexport const STR_CLOSE = 'close';\nexport const EMPTY_FN = () => { };\nexport const IDENTITY_FN = (val) => val;\nconst pl = process.platform;\nexport const isWindows = pl === 'win32';\nexport const isMacos = pl === 'darwin';\nexport const isLinux = pl === 'linux';\nexport const isFreeBSD = pl === 'freebsd';\nexport const isIBMi = osType() === 'OS400';\nexport const EVENTS = {\n ALL: 'all',\n READY: 'ready',\n ADD: 'add',\n CHANGE: 'change',\n ADD_DIR: 'addDir',\n UNLINK: 'unlink',\n UNLINK_DIR: 'unlinkDir',\n RAW: 'raw',\n ERROR: 'error',\n};\nconst EV = EVENTS;\nconst THROTTLE_MODE_WATCH = 'watch';\nconst statMethods = { lstat, stat };\nconst KEY_LISTENERS = 'listeners';\nconst KEY_ERR = 'errHandlers';\nconst KEY_RAW = 'rawEmitters';\nconst HANDLER_KEYS = [KEY_LISTENERS, KEY_ERR, KEY_RAW];\n// prettier-ignore\nconst binaryExtensions = new Set([\n '3dm', '3ds', '3g2', '3gp', '7z', 'a', 'aac', 'adp', 'afdesign', 'afphoto', 'afpub', 'ai',\n 'aif', 'aiff', 'alz', 'ape', 'apk', 'appimage', 'ar', 'arj', 'asf', 'au', 'avi',\n 'bak', 'baml', 'bh', 'bin', 'bk', 'bmp', 'btif', 'bz2', 'bzip2',\n 'cab', 'caf', 'cgm', 'class', 'cmx', 'cpio', 'cr2', 'cur', 'dat', 'dcm', 'deb', 'dex', 'djvu',\n 'dll', 'dmg', 'dng', 'doc', 'docm', 'docx', 'dot', 'dotm', 'dra', 'DS_Store', 'dsk', 'dts',\n 'dtshd', 'dvb', 'dwg', 'dxf',\n 'ecelp4800', 'ecelp7470', 'ecelp9600', 'egg', 'eol', 'eot', 'epub', 'exe',\n 'f4v', 'fbs', 'fh', 'fla', 'flac', 'flatpak', 'fli', 'flv', 'fpx', 'fst', 'fvt',\n 'g3', 'gh', 'gif', 'graffle', 'gz', 'gzip',\n 'h261', 'h263', 'h264', 'icns', 'ico', 'ief', 'img', 'ipa', 'iso',\n 'jar', 'jpeg', 'jpg', 'jpgv', 'jpm', 'jxr', 'key', 'ktx',\n 'lha', 'lib', 'lvp', 'lz', 'lzh', 'lzma', 'lzo',\n 'm3u', 'm4a', 'm4v', 'mar', 'mdi', 'mht', 'mid', 'midi', 'mj2', 'mka', 'mkv', 'mmr', 'mng',\n 'mobi', 'mov', 'movie', 'mp3',\n 'mp4', 'mp4a', 'mpeg', 'mpg', 'mpga', 'mxu',\n 'nef', 'npx', 'numbers', 'nupkg',\n 'o', 'odp', 'ods', 'odt', 'oga', 'ogg', 'ogv', 'otf', 'ott',\n 'pages', 'pbm', 'pcx', 'pdb', 'pdf', 'pea', 'pgm', 'pic', 'png', 'pnm', 'pot', 'potm',\n 'potx', 'ppa', 'ppam',\n 'ppm', 'pps', 'ppsm', 'ppsx', 'ppt', 'pptm', 'pptx', 'psd', 'pya', 'pyc', 'pyo', 'pyv',\n 'qt',\n 'rar', 'ras', 'raw', 'resources', 'rgb', 'rip', 'rlc', 'rmf', 'rmvb', 'rpm', 'rtf', 'rz',\n 's3m', 's7z', 'scpt', 'sgi', 'shar', 'snap', 'sil', 'sketch', 'slk', 'smv', 'snk', 'so',\n 'stl', 'suo', 'sub', 'swf',\n 'tar', 'tbz', 'tbz2', 'tga', 'tgz', 'thmx', 'tif', 'tiff', 'tlz', 'ttc', 'ttf', 'txz',\n 'udf', 'uvh', 'uvi', 'uvm', 'uvp', 'uvs', 'uvu',\n 'viv', 'vob',\n 'war', 'wav', 'wax', 'wbmp', 'wdp', 'weba', 'webm', 'webp', 'whl', 'wim', 'wm', 'wma',\n 'wmv', 'wmx', 'woff', 'woff2', 'wrm', 'wvx',\n 'xbm', 'xif', 'xla', 'xlam', 'xls', 'xlsb', 'xlsm', 'xlsx', 'xlt', 'xltm', 'xltx', 'xm',\n 'xmind', 'xpi', 'xpm', 'xwd', 'xz',\n 'z', 'zip', 'zipx',\n]);\nconst isBinaryPath = (filePath) => binaryExtensions.has(sysPath.extname(filePath).slice(1).toLowerCase());\n// TODO: emit errors properly. Example: EMFILE on Macos.\nconst foreach = (val, fn) => {\n if (val instanceof Set) {\n val.forEach(fn);\n }\n else {\n fn(val);\n }\n};\nconst addAndConvert = (main, prop, item) => {\n let container = main[prop];\n if (!(container instanceof Set)) {\n main[prop] = container = new Set([container]);\n }\n container.add(item);\n};\nconst clearItem = (cont) => (key) => {\n const set = cont[key];\n if (set instanceof Set) {\n set.clear();\n }\n else {\n delete cont[key];\n }\n};\nconst delFromSet = (main, prop, item) => {\n const container = main[prop];\n if (container instanceof Set) {\n container.delete(item);\n }\n else if (container === item) {\n delete main[prop];\n }\n};\nconst isEmptySet = (val) => (val instanceof Set ? val.size === 0 : !val);\nconst FsWatchInstances = new Map();\n/**\n * Instantiates the fs_watch interface\n * @param path to be watched\n * @param options to be passed to fs_watch\n * @param listener main event handler\n * @param errHandler emits info about errors\n * @param emitRaw emits raw event data\n * @returns {NativeFsWatcher}\n */\nfunction createFsWatchInstance(path, options, listener, errHandler, emitRaw) {\n const handleEvent = (rawEvent, evPath) => {\n listener(path);\n emitRaw(rawEvent, evPath, { watchedPath: path });\n // emit based on events occurring for files from a directory's watcher in\n // case the file's watcher misses it (and rely on throttling to de-dupe)\n if (evPath && path !== evPath) {\n fsWatchBroadcast(sysPath.resolve(path, evPath), KEY_LISTENERS, sysPath.join(path, evPath));\n }\n };\n try {\n return fs_watch(path, {\n persistent: options.persistent,\n }, handleEvent);\n }\n catch (error) {\n errHandler(error);\n return undefined;\n }\n}\n/**\n * Helper for passing fs_watch event data to a collection of listeners\n * @param fullPath absolute path bound to fs_watch instance\n */\nconst fsWatchBroadcast = (fullPath, listenerType, val1, val2, val3) => {\n const cont = FsWatchInstances.get(fullPath);\n if (!cont)\n return;\n foreach(cont[listenerType], (listener) => {\n listener(val1, val2, val3);\n });\n};\n/**\n * Instantiates the fs_watch interface or binds listeners\n * to an existing one covering the same file system entry\n * @param path\n * @param fullPath absolute path\n * @param options to be passed to fs_watch\n * @param handlers container for event listener functions\n */\nconst setFsWatchListener = (path, fullPath, options, handlers) => {\n const { listener, errHandler, rawEmitter } = handlers;\n let cont = FsWatchInstances.get(fullPath);\n let watcher;\n if (!options.persistent) {\n watcher = createFsWatchInstance(path, options, listener, errHandler, rawEmitter);\n if (!watcher)\n return;\n return watcher.close.bind(watcher);\n }\n if (cont) {\n addAndConvert(cont, KEY_LISTENERS, listener);\n addAndConvert(cont, KEY_ERR, errHandler);\n addAndConvert(cont, KEY_RAW, rawEmitter);\n }\n else {\n watcher = createFsWatchInstance(path, options, fsWatchBroadcast.bind(null, fullPath, KEY_LISTENERS), errHandler, // no need to use broadcast here\n fsWatchBroadcast.bind(null, fullPath, KEY_RAW));\n if (!watcher)\n return;\n watcher.on(EV.ERROR, async (error) => {\n const broadcastErr = fsWatchBroadcast.bind(null, fullPath, KEY_ERR);\n if (cont)\n cont.watcherUnusable = true; // documented since Node 10.4.1\n // Workaround for https://github.com/joyent/node/issues/4337\n if (isWindows && error.code === 'EPERM') {\n try {\n const fd = await open(path, 'r');\n await fd.close();\n broadcastErr(error);\n }\n catch (err) {\n // do nothing\n }\n }\n else {\n broadcastErr(error);\n }\n });\n cont = {\n listeners: listener,\n errHandlers: errHandler,\n rawEmitters: rawEmitter,\n watcher,\n };\n FsWatchInstances.set(fullPath, cont);\n }\n // const index = cont.listeners.indexOf(listener);\n // removes this instance's listeners and closes the underlying fs_watch\n // instance if there are no more listeners left\n return () => {\n delFromSet(cont, KEY_LISTENERS, listener);\n delFromSet(cont, KEY_ERR, errHandler);\n delFromSet(cont, KEY_RAW, rawEmitter);\n if (isEmptySet(cont.listeners)) {\n // Check to protect against issue gh-730.\n // if (cont.watcherUnusable) {\n cont.watcher.close();\n // }\n FsWatchInstances.delete(fullPath);\n HANDLER_KEYS.forEach(clearItem(cont));\n // @ts-ignore\n cont.watcher = undefined;\n Object.freeze(cont);\n }\n };\n};\n// fs_watchFile helpers\n// object to hold per-process fs_watchFile instances\n// (may be shared across chokidar FSWatcher instances)\nconst FsWatchFileInstances = new Map();\n/**\n * Instantiates the fs_watchFile interface or binds listeners\n * to an existing one covering the same file system entry\n * @param path to be watched\n * @param fullPath absolute path\n * @param options options to be passed to fs_watchFile\n * @param handlers container for event listener functions\n * @returns closer\n */\nconst setFsWatchFileListener = (path, fullPath, options, handlers) => {\n const { listener, rawEmitter } = handlers;\n let cont = FsWatchFileInstances.get(fullPath);\n // let listeners = new Set();\n // let rawEmitters = new Set();\n const copts = cont && cont.options;\n if (copts && (copts.persistent < options.persistent || copts.interval > options.interval)) {\n // \"Upgrade\" the watcher to persistence or a quicker interval.\n // This creates some unlikely edge case issues if the user mixes\n // settings in a very weird way, but solving for those cases\n // doesn't seem worthwhile for the added complexity.\n // listeners = cont.listeners;\n // rawEmitters = cont.rawEmitters;\n unwatchFile(fullPath);\n cont = undefined;\n }\n if (cont) {\n addAndConvert(cont, KEY_LISTENERS, listener);\n addAndConvert(cont, KEY_RAW, rawEmitter);\n }\n else {\n // TODO\n // listeners.add(listener);\n // rawEmitters.add(rawEmitter);\n cont = {\n listeners: listener,\n rawEmitters: rawEmitter,\n options,\n watcher: watchFile(fullPath, options, (curr, prev) => {\n foreach(cont.rawEmitters, (rawEmitter) => {\n rawEmitter(EV.CHANGE, fullPath, { curr, prev });\n });\n const currmtime = curr.mtimeMs;\n if (curr.size !== prev.size || currmtime > prev.mtimeMs || currmtime === 0) {\n foreach(cont.listeners, (listener) => listener(path, curr));\n }\n }),\n };\n FsWatchFileInstances.set(fullPath, cont);\n }\n // const index = cont.listeners.indexOf(listener);\n // Removes this instance's listeners and closes the underlying fs_watchFile\n // instance if there are no more listeners left.\n return () => {\n delFromSet(cont, KEY_LISTENERS, listener);\n delFromSet(cont, KEY_RAW, rawEmitter);\n if (isEmptySet(cont.listeners)) {\n FsWatchFileInstances.delete(fullPath);\n unwatchFile(fullPath);\n cont.options = cont.watcher = undefined;\n Object.freeze(cont);\n }\n };\n};\n/**\n * @mixin\n */\nexport class NodeFsHandler {\n constructor(fsW) {\n this.fsw = fsW;\n this._boundHandleError = (error) => fsW._handleError(error);\n }\n /**\n * Watch file for changes with fs_watchFile or fs_watch.\n * @param path to file or dir\n * @param listener on fs change\n * @returns closer for the watcher instance\n */\n _watchWithNodeFs(path, listener) {\n const opts = this.fsw.options;\n const directory = sysPath.dirname(path);\n const basename = sysPath.basename(path);\n const parent = this.fsw._getWatchedDir(directory);\n parent.add(basename);\n const absolutePath = sysPath.resolve(path);\n const options = {\n persistent: opts.persistent,\n };\n if (!listener)\n listener = EMPTY_FN;\n let closer;\n if (opts.usePolling) {\n const enableBin = opts.interval !== opts.binaryInterval;\n options.interval = enableBin && isBinaryPath(basename) ? opts.binaryInterval : opts.interval;\n closer = setFsWatchFileListener(path, absolutePath, options, {\n listener,\n rawEmitter: this.fsw._emitRaw,\n });\n }\n else {\n closer = setFsWatchListener(path, absolutePath, options, {\n listener,\n errHandler: this._boundHandleError,\n rawEmitter: this.fsw._emitRaw,\n });\n }\n return closer;\n }\n /**\n * Watch a file and emit add event if warranted.\n * @returns closer for the watcher instance\n */\n _handleFile(file, stats, initialAdd) {\n if (this.fsw.closed) {\n return;\n }\n const dirname = sysPath.dirname(file);\n const basename = sysPath.basename(file);\n const parent = this.fsw._getWatchedDir(dirname);\n // stats is always present\n let prevStats = stats;\n // if the file is already being watched, do nothing\n if (parent.has(basename))\n return;\n const listener = async (path, newStats) => {\n if (!this.fsw._throttle(THROTTLE_MODE_WATCH, file, 5))\n return;\n if (!newStats || newStats.mtimeMs === 0) {\n try {\n const newStats = await stat(file);\n if (this.fsw.closed)\n return;\n // Check that change event was not fired because of changed only accessTime.\n const at = newStats.atimeMs;\n const mt = newStats.mtimeMs;\n if (!at || at <= mt || mt !== prevStats.mtimeMs) {\n this.fsw._emit(EV.CHANGE, file, newStats);\n }\n if ((isMacos || isLinux || isFreeBSD) && prevStats.ino !== newStats.ino) {\n this.fsw._closeFile(path);\n prevStats = newStats;\n const closer = this._watchWithNodeFs(file, listener);\n if (closer)\n this.fsw._addPathCloser(path, closer);\n }\n else {\n prevStats = newStats;\n }\n }\n catch (error) {\n // Fix issues where mtime is null but file is still present\n this.fsw._remove(dirname, basename);\n }\n // add is about to be emitted if file not already tracked in parent\n }\n else if (parent.has(basename)) {\n // Check that change event was not fired because of changed only accessTime.\n const at = newStats.atimeMs;\n const mt = newStats.mtimeMs;\n if (!at || at <= mt || mt !== prevStats.mtimeMs) {\n this.fsw._emit(EV.CHANGE, file, newStats);\n }\n prevStats = newStats;\n }\n };\n // kick off the watcher\n const closer = this._watchWithNodeFs(file, listener);\n // emit an add event if we're supposed to\n if (!(initialAdd && this.fsw.options.ignoreInitial) && this.fsw._isntIgnored(file)) {\n if (!this.fsw._throttle(EV.ADD, file, 0))\n return;\n this.fsw._emit(EV.ADD, file, stats);\n }\n return closer;\n }\n /**\n * Handle symlinks encountered while reading a dir.\n * @param entry returned by readdirp\n * @param directory path of dir being read\n * @param path of this item\n * @param item basename of this item\n * @returns true if no more processing is needed for this entry.\n */\n async _handleSymlink(entry, directory, path, item) {\n if (this.fsw.closed) {\n return;\n }\n const full = entry.fullPath;\n const dir = this.fsw._getWatchedDir(directory);\n if (!this.fsw.options.followSymlinks) {\n // watch symlink directly (don't follow) and detect changes\n this.fsw._incrReadyCount();\n let linkPath;\n try {\n linkPath = await fsrealpath(path);\n }\n catch (e) {\n this.fsw._emitReady();\n return true;\n }\n if (this.fsw.closed)\n return;\n if (dir.has(item)) {\n if (this.fsw._symlinkPaths.get(full) !== linkPath) {\n this.fsw._symlinkPaths.set(full, linkPath);\n this.fsw._emit(EV.CHANGE, path, entry.stats);\n }\n }\n else {\n dir.add(item);\n this.fsw._symlinkPaths.set(full, linkPath);\n this.fsw._emit(EV.ADD, path, entry.stats);\n }\n this.fsw._emitReady();\n return true;\n }\n // don't follow the same symlink more than once\n if (this.fsw._symlinkPaths.has(full)) {\n return true;\n }\n this.fsw._symlinkPaths.set(full, true);\n }\n _handleRead(directory, initialAdd, wh, target, dir, depth, throttler) {\n // Normalize the directory name on Windows\n directory = sysPath.join(directory, '');\n throttler = this.fsw._throttle('readdir', directory, 1000);\n if (!throttler)\n return;\n const previous = this.fsw._getWatchedDir(wh.path);\n const current = new Set();\n let stream = this.fsw._readdirp(directory, {\n fileFilter: (entry) => wh.filterPath(entry),\n directoryFilter: (entry) => wh.filterDir(entry),\n });\n if (!stream)\n return;\n stream\n .on(STR_DATA, async (entry) => {\n if (this.fsw.closed) {\n stream = undefined;\n return;\n }\n const item = entry.path;\n let path = sysPath.join(directory, item);\n current.add(item);\n if (entry.stats.isSymbolicLink() &&\n (await this._handleSymlink(entry, directory, path, item))) {\n return;\n }\n if (this.fsw.closed) {\n stream = undefined;\n return;\n }\n // Files that present in current directory snapshot\n // but absent in previous are added to watch list and\n // emit `add` event.\n if (item === target || (!target && !previous.has(item))) {\n this.fsw._incrReadyCount();\n // ensure relativeness of path is preserved in case of watcher reuse\n path = sysPath.join(dir, sysPath.relative(dir, path));\n this._addToNodeFs(path, initialAdd, wh, depth + 1);\n }\n })\n .on(EV.ERROR, this._boundHandleError);\n return new Promise((resolve, reject) => {\n if (!stream)\n return reject();\n stream.once(STR_END, () => {\n if (this.fsw.closed) {\n stream = undefined;\n return;\n }\n const wasThrottled = throttler ? throttler.clear() : false;\n resolve(undefined);\n // Files that absent in current directory snapshot\n // but present in previous emit `remove` event\n // and are removed from @watched[directory].\n previous\n .getChildren()\n .filter((item) => {\n return item !== directory && !current.has(item);\n })\n .forEach((item) => {\n this.fsw._remove(directory, item);\n });\n stream = undefined;\n // one more time for any missed in case changes came in extremely quickly\n if (wasThrottled)\n this._handleRead(directory, false, wh, target, dir, depth, throttler);\n });\n });\n }\n /**\n * Read directory to add / remove files from `@watched` list and re-read it on change.\n * @param dir fs path\n * @param stats\n * @param initialAdd\n * @param depth relative to user-supplied path\n * @param target child path targeted for watch\n * @param wh Common watch helpers for this path\n * @param realpath\n * @returns closer for the watcher instance.\n */\n async _handleDir(dir, stats, initialAdd, depth, target, wh, realpath) {\n const parentDir = this.fsw._getWatchedDir(sysPath.dirname(dir));\n const tracked = parentDir.has(sysPath.basename(dir));\n if (!(initialAdd && this.fsw.options.ignoreInitial) && !target && !tracked) {\n this.fsw._emit(EV.ADD_DIR, dir, stats);\n }\n // ensure dir is tracked (harmless if redundant)\n parentDir.add(sysPath.basename(dir));\n this.fsw._getWatchedDir(dir);\n let throttler;\n let closer;\n const oDepth = this.fsw.options.depth;\n if ((oDepth == null || depth <= oDepth) && !this.fsw._symlinkPaths.has(realpath)) {\n if (!target) {\n await this._handleRead(dir, initialAdd, wh, target, dir, depth, throttler);\n if (this.fsw.closed)\n return;\n }\n closer = this._watchWithNodeFs(dir, (dirPath, stats) => {\n // if current directory is removed, do nothing\n if (stats && stats.mtimeMs === 0)\n return;\n this._handleRead(dirPath, false, wh, target, dir, depth, throttler);\n });\n }\n return closer;\n }\n /**\n * Handle added file, directory, or glob pattern.\n * Delegates call to _handleFile / _handleDir after checks.\n * @param path to file or ir\n * @param initialAdd was the file added at watch instantiation?\n * @param priorWh depth relative to user-supplied path\n * @param depth Child path actually targeted for watch\n * @param target Child path actually targeted for watch\n */\n async _addToNodeFs(path, initialAdd, priorWh, depth, target) {\n const ready = this.fsw._emitReady;\n if (this.fsw._isIgnored(path) || this.fsw.closed) {\n ready();\n return false;\n }\n const wh = this.fsw._getWatchHelpers(path);\n if (priorWh) {\n wh.filterPath = (entry) => priorWh.filterPath(entry);\n wh.filterDir = (entry) => priorWh.filterDir(entry);\n }\n // evaluate what is at the path we're being asked to watch\n try {\n const stats = await statMethods[wh.statMethod](wh.watchPath);\n if (this.fsw.closed)\n return;\n if (this.fsw._isIgnored(wh.watchPath, stats)) {\n ready();\n return false;\n }\n const follow = this.fsw.options.followSymlinks;\n let closer;\n if (stats.isDirectory()) {\n const absPath = sysPath.resolve(path);\n const targetPath = follow ? await fsrealpath(path) : path;\n if (this.fsw.closed)\n return;\n closer = await this._handleDir(wh.watchPath, stats, initialAdd, depth, target, wh, targetPath);\n if (this.fsw.closed)\n return;\n // preserve this symlink's target path\n if (absPath !== targetPath && targetPath !== undefined) {\n this.fsw._symlinkPaths.set(absPath, targetPath);\n }\n }\n else if (stats.isSymbolicLink()) {\n const targetPath = follow ? await fsrealpath(path) : path;\n if (this.fsw.closed)\n return;\n const parent = sysPath.dirname(wh.watchPath);\n this.fsw._getWatchedDir(parent).add(wh.watchPath);\n this.fsw._emit(EV.ADD, wh.watchPath, stats);\n closer = await this._handleDir(parent, stats, initialAdd, depth, path, wh, targetPath);\n if (this.fsw.closed)\n return;\n // preserve this symlink's target path\n if (targetPath !== undefined) {\n this.fsw._symlinkPaths.set(sysPath.resolve(path), targetPath);\n }\n }\n else {\n closer = this._handleFile(wh.watchPath, stats, initialAdd);\n }\n ready();\n if (closer)\n this.fsw._addPathCloser(path, closer);\n return false;\n }\n catch (error) {\n if (this.fsw._handleError(error)) {\n ready();\n return path;\n }\n }\n }\n}\n","import { z } from 'zod';\n\nimport { validateBody } from './body';\nimport { validateParams } from './params';\nimport { validateQuery } from './query';\nimport { validateResponse } from './response';\nimport { InternalServerError } from '../../errors/internal-server-error';\nimport { ValidationError } from '../../errors/validation-error';\n\nimport type { Context } from '@blaize-types/context';\nimport type { Middleware, MiddlewareFunction, NextFunction } from '@blaize-types/middleware';\nimport type { RouteSchema } from '@blaize-types/router';\n\n/**\n * Create a validation middleware for request data\n */\nexport function createRequestValidator(schema: RouteSchema, debug: boolean = false): Middleware {\n const middlewareFn: MiddlewareFunction = async (ctx: Context, next: NextFunction) => {\n // Validate params if schema exists - throw immediately on failure\n if (schema.params && ctx.request.params) {\n try {\n ctx.request.params = validateParams(ctx.request.params, schema.params);\n } catch (error) {\n const fieldErrors = extractZodFieldErrors(error);\n const errorCount = fieldErrors.reduce((sum, fe) => sum + fe.messages.length, 0);\n\n throw new ValidationError('Request validation failed', {\n fields: fieldErrors,\n errorCount,\n section: 'params',\n });\n }\n }\n\n // Validate query if schema exists - throw immediately on failure\n if (schema.query && ctx.request.query) {\n try {\n ctx.request.query = validateQuery(ctx.request.query, schema.query);\n } catch (error) {\n const fieldErrors = extractZodFieldErrors(error);\n const errorCount = fieldErrors.reduce((sum, fe) => sum + fe.messages.length, 0);\n\n throw new ValidationError('Request validation failed', {\n fields: fieldErrors,\n errorCount,\n section: 'query',\n });\n }\n }\n\n // Validate body if schema exists - throw immediately on failure\n if (schema.body) {\n try {\n ctx.request.body = validateBody(ctx.request.body, schema.body);\n } catch (error) {\n const fieldErrors = extractZodFieldErrors(error);\n const errorCount = fieldErrors.reduce((sum, fe) => sum + fe.messages.length, 0);\n\n throw new ValidationError('Request validation failed', {\n fields: fieldErrors,\n errorCount,\n section: 'body',\n });\n }\n }\n // Continue if validation passed\n await next();\n };\n\n return {\n name: 'RequestValidator',\n execute: middlewareFn,\n debug,\n };\n}\n\n/**\n * Create a validation middleware for response data\n */\nexport function createResponseValidator<T>(\n responseSchema: z.ZodType<T, z.ZodTypeDef, unknown>,\n debug: boolean = false\n): Middleware {\n const middlewareFn: MiddlewareFunction = async (ctx, next) => {\n // Store the original json method\n const originalJson = ctx.response.json;\n\n // Override the json method to validate the response\n ctx.response.json = (body: unknown, status?: number) => {\n try {\n // Validate the response body\n const validatedBody = validateResponse(body, responseSchema);\n\n // Restore the original json method\n ctx.response.json = originalJson;\n\n // Send the validated response\n return originalJson.call(ctx.response, validatedBody, status);\n } catch (error) {\n // Restore the original json method\n ctx.response.json = originalJson;\n\n throw new InternalServerError('Response validation failed', {\n responseSchema: responseSchema.description || 'Unknown schema',\n validationError: extractZodFieldErrors(error),\n originalResponse: body,\n });\n }\n };\n\n await next();\n };\n\n return {\n name: 'ResponseValidator',\n execute: middlewareFn,\n debug,\n };\n}\n\n/**\n * Extract structured field errors from Zod validation errors\n *\n * Converts Zod errors into a clean array of error messages per field.\n *\n * @param error - The validation error (typically a ZodError)\n * @returns Array of error messages for the field\n *\n * @example\n * ```typescript\n * const zodError = new z.ZodError([\n * { path: ['email'], message: 'Invalid email' },\n * { path: ['email'], message: 'Email is required' }\n * ]);\n *\n * const fieldErrors = extractZodFieldErrors(zodError);\n * // Returns: ['Invalid email', 'Email is required']\n * ```\n */\nfunction extractZodFieldErrors(error: unknown): { field: string; messages: string[] }[] {\n if (error instanceof z.ZodError) {\n // Group errors by field path\n const fieldErrorMap = new Map<string, string[]>();\n\n for (const issue of error.issues) {\n // Get the field path (e.g., ['user', 'email'] becomes 'user.email')\n const fieldPath = issue.path.length > 0 ? issue.path.join('.') : 'root';\n\n if (!fieldErrorMap.has(fieldPath)) {\n fieldErrorMap.set(fieldPath, []);\n }\n fieldErrorMap.get(fieldPath)!.push(issue.message);\n }\n\n // Convert map to array of field errors\n return Array.from(fieldErrorMap.entries()).map(([field, messages]) => ({\n field,\n messages,\n }));\n }\n\n if (error instanceof Error) {\n return [{ field: 'unknown', messages: [error.message] }];\n }\n\n return [{ field: 'unknown', messages: [String(error)] }];\n}\n\n/**\n * 🔄 DEPRECATED: Keep for backward compatibility but mark as deprecated\n *\n * This function maintains the old API for any existing code that might depend on it.\n * New code should use extractZodFieldErrors for better structured error handling.\n *\n * @deprecated Use extractZodFieldErrors instead for better structured error details\n * @param error - The validation error to format\n * @returns Formatted error object (maintains old structure)\n */\nexport function formatValidationError(error: unknown): unknown {\n // Handle Zod errors\n if (\n error &&\n typeof error === 'object' &&\n 'format' in error &&\n typeof error.format === 'function'\n ) {\n return error.format();\n }\n\n // Handle other error types\n return error instanceof Error ? error.message : String(error);\n}\n","import { z } from 'zod';\n\n/**\n * Validate request body\n */\nexport function validateBody<T>(body: unknown, schema: z.ZodType<T>): T {\n if (schema instanceof z.ZodObject) {\n return schema.strict().parse(body) as T;\n }\n // Parse and validate with the provided schema\n return schema.parse(body);\n}\n","import { z } from 'zod';\n\n/**\n * Validate request parameters\n */\nexport function validateParams<T>(\n params: Record<string, string>,\n schema: z.ZodType<T, z.ZodTypeDef, unknown>\n): T {\n if (schema instanceof z.ZodObject) {\n // If schema is an object, ensure strict parsing\n return schema.strict().parse(params) as T;\n }\n // Parse and validate with the provided schema\n return schema.parse(params);\n}\n","import { z } from 'zod';\n\n/**\n * Validate query parameters\n */\nexport function validateQuery<T>(\n query: Record<string, string | string[] | undefined>,\n schema: z.ZodType<T, z.ZodTypeDef, unknown>\n): T {\n if (schema instanceof z.ZodObject) {\n // If schema is an object, ensure strict parsing\n return schema.strict().parse(query) as T;\n }\n // Parse and validate with the provided schema\n return schema.parse(query);\n}\n","import { z } from 'zod';\n\n/**\n * Validate response body\n */\nexport function validateResponse<T>(\n response: unknown,\n schema: z.ZodType<T, z.ZodTypeDef, unknown>\n): T {\n if (schema instanceof z.ZodObject) {\n return schema.strict().parse(response) as T;\n }\n // Parse and validate with the provided schema\n return schema.parse(response);\n}\n","import { compose } from '../../middleware/compose';\nimport { createRequestValidator, createResponseValidator } from '../validation';\n\nimport type { Context } from '@blaize-types/context';\nimport type { RouteMethodOptions } from '@blaize-types/router';\n\n/**\n * Execute a route handler with its middleware\n */\nexport async function executeHandler(\n ctx: Context,\n routeOptions: RouteMethodOptions,\n params: Record<string, string>\n): Promise<void> {\n // Set up middleware chain\n const middleware = [...(routeOptions.middleware || [])];\n\n // Add validation middleware if schemas are defined\n if (routeOptions.schema) {\n if (routeOptions.schema.params || routeOptions.schema.query || routeOptions.schema.body) {\n middleware.unshift(createRequestValidator(routeOptions.schema));\n }\n\n if (routeOptions.schema.response) {\n middleware.push(createResponseValidator(routeOptions.schema.response));\n }\n }\n\n // Compose middleware with the final handler\n const handler = compose([...middleware]);\n\n // Execute the middleware chain\n await handler(ctx, async () => {\n // Execute the handler with the new argument style\n const result = await routeOptions.handler(ctx, params);\n\n // Handle the result if it wasn't already handled by the handler\n if (!ctx.response.sent && result !== undefined) {\n ctx.response.json(result);\n }\n });\n}\n","/**\n * Extract parameter values from a URL path\n */\nexport function extractParams(\n path: string,\n pattern: RegExp,\n paramNames: string[]\n): Record<string, string> {\n const match = pattern.exec(path);\n if (!match) {\n return {};\n }\n\n const params: Record<string, string> = {};\n\n // Extract parameter values from regex match groups\n for (let i = 0; i < paramNames.length; i++) {\n // Add 1 to index since the first capture group is at index 1\n params[paramNames[i]!] = match[i + 1] || '';\n }\n\n return params;\n}\n\n/**\n * Compile a path pattern with parameters\n */\nexport function compilePathPattern(path: string): { pattern: RegExp; paramNames: string[] } {\n const paramNames: string[] = [];\n\n // Special case for root path\n if (path === '/') {\n return {\n pattern: /^\\/$/,\n paramNames: [],\n };\n }\n\n // First escape special regex characters (except for : and [ ] which we process specially)\n let patternString = path.replace(/([.+*?^$(){}|\\\\])/g, '\\\\$1');\n\n // Replace route parameters with regex capture groups\n patternString = patternString\n // Replace :param syntax with capture groups\n .replace(/\\/:([^/]+)/g, (_, paramName) => {\n paramNames.push(paramName);\n return '/([^/]+)';\n })\n // Replace [param] syntax (for file-based routing)\n .replace(/\\/\\[([^\\]]+)\\]/g, (_, paramName) => {\n paramNames.push(paramName);\n return '/([^/]+)';\n });\n\n // Make the trailing slash optional (if not already the root path)\n // This adds an optional trailing slash to the end of the pattern\n patternString = `${patternString}(?:/)?`;\n\n // Create the regex pattern\n // This is safe because we've escaped special RegExp characters and\n // we're using developer-defined routes, not user input\n const pattern = new RegExp(`^${patternString}$`);\n\n return {\n pattern,\n paramNames,\n };\n}\n\n/**\n * Convert parameters object to URL query string\n */\nexport function paramsToQuery(params: Record<string, string | number | boolean>): string {\n const parts: string[] = [];\n\n for (const [key, value] of Object.entries(params)) {\n if (value !== undefined && value !== null) {\n const encodedKey = encodeURIComponent(key);\n const encodedValue = encodeURIComponent(String(value));\n parts.push(`${encodedKey}=${encodedValue}`);\n }\n }\n\n return parts.length > 0 ? `?${parts.join('&')}` : '';\n}\n\n/**\n * Build a URL with path parameters\n */\nexport function buildUrl(\n pathPattern: string,\n params: Record<string, string | number | boolean> = {},\n query: Record<string, string | number | boolean> = {}\n): string {\n // Extract path parameters and query parameters\n const pathParams: Record<string, string | number | boolean> = {};\n const queryParams: Record<string, string | number | boolean> = { ...query };\n\n // Find all parameter names in the path\n const paramNames: string[] = [];\n pathPattern.replace(/\\/:([^/]+)/g, (_, paramName) => {\n paramNames.push(paramName);\n return '/';\n });\n\n // Separate params into path params and additional query params\n for (const [key, value] of Object.entries(params)) {\n if (paramNames.includes(key)) {\n pathParams[key] = value;\n } else {\n queryParams[key] = value;\n }\n }\n\n // Replace path parameters\n let url = pathPattern;\n for (const [key, value] of Object.entries(pathParams)) {\n url = url.replace(`:${key}`, encodeURIComponent(String(value)));\n }\n\n // Add query string if needed\n const queryString = paramsToQuery(queryParams);\n\n return url + queryString;\n}\n","import { compilePathPattern, extractParams } from './params';\n\nimport type {\n HttpMethod,\n RouteMethodOptions,\n RouteMatch,\n Matcher,\n RouteEntry,\n Route,\n} from '../../index';\n\n/**\n * Create a route matcher\n */\nexport function createMatcher(): Matcher {\n // Private state\n const routes: RouteEntry[] = [];\n\n return {\n /**\n * Add a route to the matcher\n */\n add(path: string, method: HttpMethod, routeOptions: RouteMethodOptions) {\n const { pattern, paramNames } = compilePathPattern(path);\n\n const newRoute: RouteEntry = {\n path,\n method,\n pattern,\n paramNames,\n routeOptions,\n };\n\n // Find the insertion point using findIndex\n const insertIndex = routes.findIndex(route => paramNames.length < route.paramNames.length);\n\n // If no insertion point found, append to end\n if (insertIndex === -1) {\n routes.push(newRoute);\n } else {\n routes.splice(insertIndex, 0, newRoute);\n }\n },\n\n /**\n * Remove a route from the matcher by path\n */\n remove(path: string) {\n // Remove all routes that match the given path\n for (let i = routes.length - 1; i >= 0; i--) {\n if ((routes[i] as Route).path === path) {\n routes.splice(i, 1);\n }\n }\n },\n\n /**\n * Clear all routes from the matcher\n */\n clear() {\n routes.length = 0;\n },\n\n /**\n * Match a URL path to a route\n */\n match(path: string, method: HttpMethod): RouteMatch | null {\n // First, try to find an exact match for the method\n const pathname = path.split('?')[0];\n if (!pathname) return null;\n\n for (const route of routes) {\n // Skip routes that don't match the method\n if (route.method !== method) continue;\n\n // Try to match the path\n const match = route.pattern.exec(pathname);\n if (match) {\n // Extract parameters from the match\n const params = extractParams(path, route.pattern, route.paramNames);\n\n return {\n route: route.routeOptions,\n params,\n };\n }\n }\n\n // If no exact method match, check if path exists but method is different\n // This allows returning 405 Method Not Allowed instead of 404 Not Found\n const matchingPath = routes.find(\n route => route.method !== method && route.pattern.test(path)\n );\n\n if (matchingPath) {\n // Return null but with allowedMethods to indicate method not allowed\n return {\n route: null,\n params: {},\n methodNotAllowed: true,\n allowedMethods: routes\n .filter(route => route.pattern.test(path))\n .map(route => route.method),\n } as unknown as RouteMatch; // Type assertion for the extended return type\n }\n\n return null; // No match found\n },\n\n /**\n * Get all registered routes\n */\n getRoutes(): { path: string; method: HttpMethod }[] {\n return routes.map(route => ({\n path: route.path,\n method: route.method,\n }));\n },\n\n /**\n * Find routes matching a specific path\n */\n findRoutes(\n path: string\n ): { path: string; method: HttpMethod; params: Record<string, string> }[] {\n return routes\n .filter(route => route.pattern.test(path))\n .map(route => ({\n path: route.path,\n method: route.method,\n params: extractParams(path, route.pattern, route.paramNames),\n }));\n },\n };\n}\n","import type { Route, RouteRegistry } from '@blaize-types/router';\n\nexport function createRouteRegistry(): RouteRegistry {\n return {\n routesByPath: new Map(),\n routesByFile: new Map(),\n pathToFile: new Map(),\n };\n}\n\nexport function updateRoutesFromFile(\n registry: RouteRegistry,\n filePath: string,\n newRoutes: Route[]\n): { added: Route[]; removed: string[]; changed: Route[] } {\n console.log(`Updating routes from file: ${filePath}`);\n const oldPaths = registry.routesByFile.get(filePath) || new Set();\n const newPaths = new Set(newRoutes.map(r => r.path));\n\n // Fast diff calculation\n const added = newRoutes.filter(r => !oldPaths.has(r.path));\n const removed = Array.from(oldPaths).filter(p => !newPaths.has(p));\n const potentiallyChanged = newRoutes.filter(r => oldPaths.has(r.path));\n\n // Check for actual content changes\n const changed = potentiallyChanged.filter(route => {\n const existingRoute = registry.routesByPath.get(route.path);\n return !existingRoute || !routesEqual(existingRoute, route);\n });\n\n // Apply updates\n applyRouteUpdates(registry, filePath, { added, removed, changed });\n\n return { added, removed, changed };\n}\n\nexport function getRouteFromRegistry(registry: RouteRegistry, path: string): Route | undefined {\n return registry.routesByPath.get(path);\n}\n\nexport function getAllRoutesFromRegistry(registry: RouteRegistry): Route[] {\n return Array.from(registry.routesByPath.values());\n}\n\nexport function getFileRoutes(registry: RouteRegistry, filePath: string): Route[] {\n const paths = registry.routesByFile.get(filePath) || new Set();\n return Array.from(paths)\n .map(path => registry.routesByPath.get(path)!)\n .filter(Boolean);\n}\n\nfunction applyRouteUpdates(\n registry: RouteRegistry,\n filePath: string,\n updates: { added: Route[]; removed: string[]; changed: Route[] }\n): void {\n const { added, removed, changed } = updates;\n\n // Remove old routes\n removed.forEach(path => {\n registry.routesByPath.delete(path);\n registry.pathToFile.delete(path);\n });\n\n // Add/update routes\n [...added, ...changed].forEach(route => {\n registry.routesByPath.set(route.path, route);\n registry.pathToFile.set(route.path, filePath);\n });\n\n // Update file -> paths mapping\n const allPathsForFile = new Set([\n ...added.map(r => r.path),\n ...changed.map(r => r.path),\n ...Array.from(registry.routesByFile.get(filePath) || []).filter(p => !removed.includes(p)),\n ]);\n\n if (allPathsForFile.size > 0) {\n registry.routesByFile.set(filePath, allPathsForFile);\n } else {\n registry.routesByFile.delete(filePath);\n }\n}\n\nfunction routesEqual(route1: Route, route2: Route): boolean {\n if (route1.path !== route2.path) return false;\n\n const methods1 = Object.keys(route1)\n .filter(k => k !== 'path')\n .sort();\n const methods2 = Object.keys(route2)\n .filter(k => k !== 'path')\n .sort();\n\n if (methods1.length !== methods2.length) return false;\n\n return methods1.every(method => {\n const handler1 = route1[method as keyof Route];\n const handler2 = route2[method as keyof Route];\n\n // Compare handler signatures/structure rather than function references\n return typeof handler1 === typeof handler2;\n });\n}\n","import type { Route, HttpMethod, RouteMethodOptions, Matcher } from '@blaize-types/router';\n\nexport function addRouteToMatcher(route: Route, matcher: Matcher): void {\n Object.entries(route).forEach(([method, methodOptions]) => {\n if (method === 'path' || !methodOptions) return;\n matcher.add(route.path, method as HttpMethod, methodOptions as RouteMethodOptions);\n });\n}\n\nexport function removeRouteFromMatcher(path: string, matcher: Matcher): void {\n // Use matcher's remove method if available, otherwise fallback to clear/rebuild\n if ('remove' in matcher && typeof matcher.remove === 'function') {\n matcher.remove(path);\n } else {\n // This requires rebuilding the matcher - could be optimized\n console.warn('Matcher does not support selective removal, consider adding remove() method');\n }\n}\n\nexport function updateRouteInMatcher(route: Route, matcher: Matcher): void {\n removeRouteFromMatcher(route.path, matcher);\n addRouteToMatcher(route, matcher);\n}\n\nexport function rebuildMatcherWithRoutes(routes: Route[], matcher: Matcher): void {\n if ('clear' in matcher && typeof matcher.clear === 'function') {\n matcher.clear();\n }\n\n routes.forEach(route => addRouteToMatcher(route, matcher));\n}\n","import { NotFoundError } from '../errors/not-found-error';\nimport { clearFileCache } from './discovery/cache';\nimport { loadInitialRoutesParallel } from './discovery/parallel';\nimport { withPerformanceTracking } from './discovery/profiler';\nimport { watchRoutes } from './discovery/watchers';\nimport { executeHandler } from './handlers';\nimport { createMatcher } from './matching';\nimport {\n createRouteRegistry,\n updateRoutesFromFile,\n getAllRoutesFromRegistry,\n} from './registry/fast-registry';\nimport {\n addRouteToMatcher,\n removeRouteFromMatcher,\n updateRouteInMatcher,\n} from './utils/matching-helpers';\n\nimport type { Context } from '@blaize-types/context';\nimport type { HttpMethod, Route, RouterOptions, Router } from '@blaize-types/router';\n\nconst DEFAULT_ROUTER_OPTIONS = {\n routesDir: './routes',\n basePath: '/',\n watchMode: process.env.NODE_ENV === 'development',\n};\n\n/**\n * Create an optimized router instance with fast hot reload\n */\nexport function createRouter(options: RouterOptions): Router {\n // Merge with default options\n const routerOptions = {\n ...DEFAULT_ROUTER_OPTIONS,\n ...options,\n };\n\n if (options.basePath && !options.basePath.startsWith('/')) {\n console.warn('Base path does nothing');\n }\n\n // Use optimized registry instead of simple array\n const registry = createRouteRegistry();\n const matcher = createMatcher();\n\n // Initialize routes\n let initialized = false;\n let initializationPromise: Promise<void> | null = null;\n let _watchers: Map<string, ReturnType<typeof watchRoutes>> | null = null;\n\n const routeDirectories = new Set<string>([routerOptions.routesDir]);\n\n /**\n * Apply registry changes to matcher efficiently\n */\n function applyMatcherChanges(changes: { added: Route[]; removed: string[]; changed: Route[] }) {\n console.log('\\n🔧 APPLYING MATCHER CHANGES:');\n console.log(` Adding ${changes.added.length} routes`);\n console.log(` Removing ${changes.removed.length} routes`);\n console.log(` Updating ${changes.changed.length} routes`);\n\n // Remove routes first\n changes.removed.forEach(routePath => {\n console.log(` ➖ Removing: ${routePath}`);\n removeRouteFromMatcher(routePath, matcher);\n });\n\n // Add new routes\n changes.added.forEach(route => {\n const methods = Object.keys(route).filter(key => key !== 'path');\n console.log(` ➕ Adding: ${route.path} [${methods.join(', ')}]`);\n addRouteToMatcher(route, matcher);\n });\n\n // Update changed routes\n changes.changed.forEach(route => {\n const methods = Object.keys(route).filter(key => key !== 'path');\n console.log(` 🔄 Updating: ${route.path} [${methods.join(', ')}]`);\n updateRouteInMatcher(route, matcher);\n });\n\n console.log('✅ Matcher changes applied\\n');\n }\n\n /**\n * Add multiple routes with batch processing\n */\n function addRoutesWithSource(routes: Route[], source: string) {\n try {\n // Use registry for batch conflict detection and management\n const changes = updateRoutesFromFile(registry, source, routes);\n\n // Apply all changes to matcher in one operation\n applyMatcherChanges(changes);\n\n return changes;\n } catch (error) {\n console.error(`⚠️ Route conflicts from ${source}:`, error);\n throw error;\n }\n }\n\n /**\n * Optimized route loading with parallel processing\n */\n async function loadRoutesFromDirectory(directory: string, source: string, prefix?: string) {\n try {\n // Use parallel loading for better performance\n const discoveredRoutes = await loadInitialRoutesParallel(directory);\n\n // Apply prefix if provided\n const finalRoutes = discoveredRoutes.map(route =>\n prefix ? { ...route, path: `${prefix}${route.path}` } : route\n );\n\n // Batch add all routes from this directory\n const changes = addRoutesWithSource(finalRoutes, source);\n\n console.log(\n `Loaded ${discoveredRoutes.length} routes from ${source}${prefix ? ` with prefix ${prefix}` : ''} ` +\n `(${changes.added.length} added, ${changes.changed.length} changed, ${changes.removed.length} removed)`\n );\n } catch (error) {\n console.error(`⚠️ Failed to load routes from ${source}:`, error);\n throw error;\n }\n }\n\n /**\n * Initialize the router with parallel route loading\n */\n async function initialize() {\n if (initialized || initializationPromise) {\n return initializationPromise;\n }\n\n initializationPromise = (async () => {\n try {\n // Load routes from all directories in parallel\n await Promise.all(\n Array.from(routeDirectories).map(directory =>\n loadRoutesFromDirectory(directory, directory)\n )\n );\n\n // Set up optimized watching\n if (routerOptions.watchMode) {\n setupOptimizedWatching();\n }\n\n initialized = true;\n } catch (error) {\n console.error('⚠️ Failed to initialize router:', error);\n throw error;\n }\n })();\n\n return initializationPromise;\n }\n\n /**\n * Setup optimized file watching with fast updates\n */\n function setupOptimizedWatching() {\n if (!_watchers) {\n _watchers = new Map();\n }\n\n for (const directory of routeDirectories) {\n if (!_watchers.has(directory)) {\n const watcher = watchRoutes(directory, {\n debounceMs: 16, // ~60fps debouncing\n ignore: ['node_modules', '.git'],\n\n onRouteAdded: (filepath: string, addedRoutes: Route[]) => {\n // Batch process all added routes\n try {\n const changes = updateRoutesFromFile(registry, filepath, addedRoutes);\n applyMatcherChanges(changes);\n } catch (error) {\n console.error(`Error adding routes from ${directory}:`, error);\n }\n },\n\n onRouteChanged: withPerformanceTracking(\n async (filepath: string, changedRoutes: Route[]) => {\n // console.log(`${changedRoutes.length} route(s) changed in ${directory}`);\n\n try {\n console.log(`Processing changes for ${filepath}`);\n // Process all changed routes in one batch operation\n const changes = updateRoutesFromFile(registry, filepath, changedRoutes);\n\n console.log(\n `Changes detected: ${changes.added.length} added, ` +\n `${changes.changed.length} changed, ${changes.removed.length} removed`\n );\n\n // Apply matcher updates efficiently\n applyMatcherChanges(changes);\n\n console.log(\n `Route changes applied: ${changes.added.length} added, ` +\n `${changes.changed.length} changed, ${changes.removed.length} removed`\n );\n } catch (error) {\n console.error(`⚠️ Error updating routes from ${directory}:`, error);\n }\n },\n directory\n ),\n\n onRouteRemoved: (filePath: string, removedRoutes: Route[]) => {\n console.log(`File removed: ${filePath} with ${removedRoutes.length} routes`);\n\n try {\n // Remove all routes from this file\n removedRoutes.forEach(route => {\n removeRouteFromMatcher(route.path, matcher);\n });\n\n // Clear cache for removed file\n clearFileCache(filePath);\n } catch (error) {\n console.error(`⚠️ Error removing routes from ${filePath}:`, error);\n }\n },\n\n onError: (error: Error) => {\n console.error(`⚠️ Route watcher error for ${directory}:`, error);\n },\n });\n\n _watchers.set(directory, watcher);\n }\n }\n }\n\n /**\n * Setup watcher for newly added directory\n */\n function setupWatcherForNewDirectory(directory: string, prefix?: string) {\n if (!_watchers) {\n _watchers = new Map();\n }\n\n const watcher = watchRoutes(directory, {\n debounceMs: 16,\n ignore: ['node_modules', '.git'],\n\n onRouteAdded: (filePath: string, addedRoutes: Route[]) => {\n try {\n // Apply prefix to all routes\n const finalRoutes = addedRoutes.map(route =>\n prefix ? { ...route, path: `${prefix}${route.path}` } : route\n );\n\n // Batch process all added routes\n const changes = updateRoutesFromFile(registry, filePath, finalRoutes);\n applyMatcherChanges(changes);\n } catch (error) {\n console.error(`⚠️ Error adding routes from ${directory}:`, error);\n }\n },\n\n onRouteChanged: withPerformanceTracking(async (filePath: string, changedRoutes: Route[]) => {\n try {\n // Apply prefix to all routes\n const finalRoutes = changedRoutes.map(route =>\n prefix ? { ...route, path: `${prefix}${route.path}` } : route\n );\n\n // Process all changed routes in one batch operation\n const changes = updateRoutesFromFile(registry, filePath, finalRoutes);\n applyMatcherChanges(changes);\n } catch (error) {\n console.error(`⚠️ Error updating routes from ${directory}:`, error);\n }\n }, directory),\n\n onRouteRemoved: (filePath: string, removedRoutes: Route[]) => {\n try {\n removedRoutes.forEach(route => {\n const finalPath = prefix ? `${prefix}${route.path}` : route.path;\n removeRouteFromMatcher(finalPath, matcher);\n });\n clearFileCache(filePath);\n } catch (error) {\n console.error(`Error removing routes from ${filePath}:`, error);\n }\n },\n\n onError: (error: Error) => {\n console.error(`⚠️ Route watcher error for ${directory}:`, error);\n },\n });\n\n _watchers.set(directory, watcher);\n return watcher;\n }\n\n // Initialize router on creation\n initialize().catch(error => {\n console.error('⚠️ Failed to initialize router on creation:', error);\n });\n\n // Public API\n return {\n /**\n * Handle an incoming request\n */\n async handleRequest(ctx: Context) {\n // Ensure router is initialized\n if (!initialized) {\n console.log('🔄 Router not initialized, initializing...');\n await initialize();\n }\n\n const { method, path } = ctx.request;\n console.log(`\\n📥 Handling request: ${method} ${path}`);\n\n // Find matching route\n const match = matcher.match(path, method as HttpMethod);\n\n if (!match) {\n console.log(`❌ No match found for: ${method} ${path}`);\n // Handle 404 Not Found\n throw new NotFoundError('Not found');\n }\n\n console.log(`✅ Route matched: ${method} ${path}`);\n console.log(` Params: ${JSON.stringify(match.params)}`);\n\n // Check for method not allowed\n if (match.methodNotAllowed) {\n // Handle 405 Method Not Allowed\n // TODO: Add support for Method Not Allowed Error\n ctx.response.status(405).json({\n error: '❌ Method Not Allowed',\n allowed: match.allowedMethods,\n });\n\n // Set Allow header with allowed methods\n if (match.allowedMethods && match.allowedMethods.length > 0) {\n ctx.response.header('Allow', match.allowedMethods.join(', '));\n }\n\n return;\n }\n\n // Extract route parameters\n ctx.request.params = match.params;\n\n // Execute the route handler with middleware\n await executeHandler(ctx, match.route!, match.params);\n },\n\n /**\n * Get all registered routes (using optimized registry)\n */\n getRoutes() {\n return getAllRoutesFromRegistry(registry);\n },\n\n /**\n * Add a route programmatically\n */\n addRoute(route: Route) {\n const changes = updateRoutesFromFile(registry, 'programmatic', [route]);\n applyMatcherChanges(changes);\n },\n\n /**\n * Add multiple routes programmatically with batch processing\n */\n addRoutes(routes: Route[]) {\n const changes = updateRoutesFromFile(registry, 'programmatic', routes);\n applyMatcherChanges(changes);\n return changes;\n },\n\n /**\n * Add a route directory (for plugins) with optimized loading\n */\n async addRouteDirectory(directory: string, options: { prefix?: string } = {}) {\n if (routeDirectories.has(directory)) {\n console.warn(`Route directory ${directory} already registered`);\n return;\n }\n\n routeDirectories.add(directory);\n\n // If already initialized, load routes immediately\n if (initialized) {\n await loadRoutesFromDirectory(directory, directory, options.prefix);\n\n // Set up watching for this directory if in watch mode\n if (routerOptions.watchMode) {\n setupWatcherForNewDirectory(directory, options.prefix);\n }\n }\n },\n\n /**\n * Get route conflicts (using registry)\n */\n getRouteConflicts() {\n // Registry handles conflict detection internally\n // This could be enhanced to expose more detailed conflict info\n const conflicts: Array<{ path: string; sources: string[] }> = [];\n // Implementation would depend on registry's conflict tracking\n return conflicts;\n },\n\n /**\n * Close watchers and cleanup (useful for testing)\n */\n async close() {\n if (_watchers) {\n for (const watcher of _watchers.values()) {\n await watcher.close();\n }\n _watchers.clear();\n }\n },\n };\n}\n","export * from './client';\nexport * from './context';\nexport * from './errors';\nexport * from './server';\nexport * from './middleware';\nexport * from './router';\nexport * from './plugins';\nexport * from './upload';\n","/**\n * UnauthorizedError class for authentication failures\n *\n * This error is thrown when authentication is required or has failed.\n * It provides context about authentication requirements and failure reasons.\n */\n\nimport { ErrorType, BlaizeError } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { UnauthorizedErrorDetails } from '@blaize-types/errors';\n\n/**\n * Error thrown when authentication is required or has failed\n *\n * Automatically sets HTTP status to 401 and provides authentication context.\n *\n * @example Basic usage:\n * ```typescript\n * throw new UnauthorizedError('Authentication required');\n * ```\n *\n * @example With authentication details:\n * ```typescript\n * throw new UnauthorizedError('Token expired', {\n * reason: 'expired_token',\n * authScheme: 'Bearer',\n * loginUrl: '/auth/login'\n * });\n * ```\n */\nexport class UnauthorizedError extends BlaizeError<UnauthorizedErrorDetails> {\n /**\n * Creates a new UnauthorizedError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional authentication context\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: UnauthorizedErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.UNAUTHORIZED,\n title,\n 401, // HTTP 401 Unauthorized\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","/**\n * ForbiddenError class for authorization failures\n *\n * This error is thrown when a user lacks permission to access a resource.\n * It provides context about required permissions and access control.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { ForbiddenErrorDetails } from '@blaize-types/errors';\n\n/**\n * Error thrown when user lacks permission to access a resource\n *\n * Automatically sets HTTP status to 403 and provides permission context.\n *\n * @example Basic usage:\n * ```typescript\n * throw new ForbiddenError('Access denied');\n * ```\n *\n * @example With permission details:\n * ```typescript\n * throw new ForbiddenError('Insufficient permissions', {\n * requiredPermission: 'admin:users:delete',\n * userPermissions: ['admin:users:read'],\n * resource: 'user-123',\n * action: 'delete'\n * });\n * ```\n */\nexport class ForbiddenError extends BlaizeError<ForbiddenErrorDetails> {\n /**\n * Creates a new ForbiddenError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional permission context\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: ForbiddenErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.FORBIDDEN,\n title,\n 403, // HTTP 403 Forbidden\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","/**\n * ConflictError class for resource conflicts\n *\n * This error is thrown when a resource conflict occurs, such as duplicate keys,\n * version mismatches, or concurrent modifications.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { ConflictErrorDetails } from '@blaize-types/errors';\n\n/**\n * Error thrown when a resource conflict occurs\n *\n * Automatically sets HTTP status to 409 and provides conflict context.\n *\n * @example Basic usage:\n * ```typescript\n * throw new ConflictError('Email already exists');\n * ```\n *\n * @example With conflict details:\n * ```typescript\n * throw new ConflictError('Version conflict', {\n * conflictType: 'version_mismatch',\n * currentVersion: '2',\n * expectedVersion: '1',\n * resolution: 'Fetch the latest version and retry'\n * });\n * ```\n */\nexport class ConflictError extends BlaizeError<ConflictErrorDetails> {\n /**\n * Creates a new ConflictError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional conflict context\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: ConflictErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.CONFLICT,\n title,\n 409, // HTTP 409 Conflict\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","/**\n * RateLimitError class for rate limiting violations\n *\n * This error is thrown when rate limits are exceeded.\n * It provides context about the rate limit and when requests can resume.\n */\n\nimport { BlaizeError, ErrorType } from '@blaize-types/errors';\n\nimport { getCurrentCorrelationId } from './correlation';\n\nimport type { RateLimitErrorDetails } from '@blaize-types/errors';\n\n/**\n * Error thrown when rate limits are exceeded\n *\n * Automatically sets HTTP status to 429 and provides rate limit context.\n *\n * @example Basic usage:\n * ```typescript\n * throw new RateLimitError('Too many requests');\n * ```\n *\n * @example With rate limit details:\n * ```typescript\n * throw new RateLimitError('Rate limit exceeded', {\n * limit: 100,\n * remaining: 0,\n * retryAfter: 3600,\n * window: 'hour',\n * identifier: 'user-123'\n * });\n * ```\n */\nexport class RateLimitError extends BlaizeError<RateLimitErrorDetails> {\n /**\n * Creates a new RateLimitError instance\n *\n * @param title - Human-readable error message\n * @param details - Optional rate limit context\n * @param correlationId - Optional correlation ID (uses current context if not provided)\n */\n constructor(\n title: string,\n details: RateLimitErrorDetails | undefined = undefined,\n correlationId: string | undefined = undefined\n ) {\n super(\n ErrorType.RATE_LIMITED,\n title,\n 429, // HTTP 429 Too Many Requests\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","import { getCurrentCorrelationId } from './correlation';\nimport { BlaizeError, ErrorType } from '../../../blaize-types/src/errors';\n\nexport class RequestTimeoutError extends BlaizeError {\n constructor(title: string, details?: unknown, correlationId?: string) {\n super(\n ErrorType.UPLOAD_TIMEOUT,\n title,\n 408,\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n","import { getCurrentCorrelationId } from './correlation';\nimport { BlaizeError, ErrorType } from '../../../blaize-types/src/errors';\n\nexport class UnprocessableEntityError extends BlaizeError {\n constructor(title: string, details?: unknown, correlationId?: string) {\n super(\n ErrorType.UNPROCESSABLE_ENTITY,\n title,\n 422,\n correlationId ?? getCurrentCorrelationId(),\n details\n );\n }\n}\n"],"mappings":";;;;;;;;;6qBAAA,IAAAA,EAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOAA,GAAO,QAAU,CAEf,QAAS,CACP,kBAAmB,EACrB,CACF,ICZA,IAAAC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cA8BA,IAAIC,GAAM,CAAC,EACXD,GAAO,QAAUC,GAGjB,IAAIC,GAAoB,CAAC,EAWzBD,GAAI,OAAS,SAASE,EAAOC,EAAUC,EAAS,CAC9C,GAAG,OAAOD,GAAa,SACrB,MAAM,IAAI,UAAU,8BAA8B,EAEpD,GAAGC,IAAY,QAAa,OAAOA,GAAY,SAC7C,MAAM,IAAI,UAAU,6BAA6B,EAGnD,IAAIC,EAAS,GAEb,GAAG,EAAEH,aAAiB,YAEpBG,EAASC,GAAsBJ,EAAOC,CAAQ,MACzC,CACL,IAAII,EAAI,EACJC,EAAOL,EAAS,OAChBM,EAAQN,EAAS,OAAO,CAAC,EACzBO,EAAS,CAAC,CAAC,EACf,IAAIH,EAAI,EAAGA,EAAIL,EAAM,OAAQ,EAAEK,EAAG,CAChC,QAAQI,EAAI,EAAGC,EAAQV,EAAMK,CAAC,EAAGI,EAAID,EAAO,OAAQ,EAAEC,EACpDC,GAASF,EAAOC,CAAC,GAAK,EACtBD,EAAOC,CAAC,EAAIC,EAAQJ,EACpBI,EAASA,EAAQJ,EAAQ,EAG3B,KAAMI,EAAQ,GACZF,EAAO,KAAKE,EAAQJ,CAAI,EACxBI,EAASA,EAAQJ,EAAQ,CAE7B,CAGA,IAAID,EAAI,EAAGL,EAAMK,CAAC,IAAM,GAAKA,EAAIL,EAAM,OAAS,EAAG,EAAEK,EACnDF,GAAUI,EAGZ,IAAIF,EAAIG,EAAO,OAAS,EAAGH,GAAK,EAAG,EAAEA,EACnCF,GAAUF,EAASO,EAAOH,CAAC,CAAC,CAEhC,CAEA,GAAGH,EAAS,CACV,IAAIS,EAAQ,IAAI,OAAO,OAAST,EAAU,IAAK,GAAG,EAClDC,EAASA,EAAO,MAAMQ,CAAK,EAAE,KAAK;AAAA,CAAM,CAC1C,CAEA,OAAOR,CACT,EAUAL,GAAI,OAAS,SAASE,EAAOC,EAAU,CACrC,GAAG,OAAOD,GAAU,SAClB,MAAM,IAAI,UAAU,2BAA2B,EAEjD,GAAG,OAAOC,GAAa,SACrB,MAAM,IAAI,UAAU,8BAA8B,EAGpD,IAAIW,EAAQb,GAAkBE,CAAQ,EACtC,GAAG,CAACW,EAAO,CAETA,EAAQb,GAAkBE,CAAQ,EAAI,CAAC,EACvC,QAAQI,EAAI,EAAGA,EAAIJ,EAAS,OAAQ,EAAEI,EACpCO,EAAMX,EAAS,WAAWI,CAAC,CAAC,EAAIA,CAEpC,CAGAL,EAAQA,EAAM,QAAQ,MAAO,EAAE,EAK/B,QAHIM,EAAOL,EAAS,OAChBM,EAAQN,EAAS,OAAO,CAAC,EACzBY,EAAQ,CAAC,CAAC,EACNR,EAAI,EAAGA,EAAIL,EAAM,OAAQK,IAAK,CACpC,IAAIS,EAAQF,EAAMZ,EAAM,WAAWK,CAAC,CAAC,EACrC,GAAGS,IAAU,OACX,OAGF,QAAQL,EAAI,EAAGC,EAAQI,EAAOL,EAAII,EAAM,OAAQ,EAAEJ,EAChDC,GAASG,EAAMJ,CAAC,EAAIH,EACpBO,EAAMJ,CAAC,EAAIC,EAAQ,IACnBA,IAAU,EAGZ,KAAMA,EAAQ,GACZG,EAAM,KAAKH,EAAQ,GAAI,EACvBA,IAAU,CAEd,CAGA,QAAQK,EAAI,EAAGf,EAAMe,CAAC,IAAMR,GAASQ,EAAIf,EAAM,OAAS,EAAG,EAAEe,EAC3DF,EAAM,KAAK,CAAC,EAGd,OAAG,OAAO,OAAW,IACZ,OAAO,KAAKA,EAAM,QAAQ,CAAC,EAG7B,IAAI,WAAWA,EAAM,QAAQ,CAAC,CACvC,EAEA,SAAST,GAAsBJ,EAAOC,EAAU,CAC9C,IAAII,EAAI,EACJC,EAAOL,EAAS,OAChBM,EAAQN,EAAS,OAAO,CAAC,EACzBO,EAAS,CAAC,CAAC,EACf,IAAIH,EAAI,EAAGA,EAAIL,EAAM,OAAO,EAAG,EAAEK,EAAG,CAClC,QAAQI,EAAI,EAAGC,EAAQV,EAAM,GAAGK,CAAC,EAAGI,EAAID,EAAO,OAAQ,EAAEC,EACvDC,GAASF,EAAOC,CAAC,GAAK,EACtBD,EAAOC,CAAC,EAAIC,EAAQJ,EACpBI,EAASA,EAAQJ,EAAQ,EAG3B,KAAMI,EAAQ,GACZF,EAAO,KAAKE,EAAQJ,CAAI,EACxBI,EAASA,EAAQJ,EAAQ,CAE7B,CAEA,IAAIH,EAAS,GAGb,IAAIE,EAAI,EAAGL,EAAM,GAAGK,CAAC,IAAM,GAAKA,EAAIL,EAAM,OAAO,EAAI,EAAG,EAAEK,EACxDF,GAAUI,EAGZ,IAAIF,EAAIG,EAAO,OAAS,EAAGH,GAAK,EAAG,EAAEA,EACnCF,GAAUF,EAASO,EAAOH,CAAC,CAAC,EAG9B,OAAOF,CACT,ICzLA,IAAAa,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOA,IAAIC,GAAQ,IACRC,GAAQ,KAGRC,EAAOH,GAAO,QAAUC,GAAM,KAAOA,GAAM,MAAQ,CAAC,GAGvD,UAAW,CAIV,GAAG,OAAO,QAAY,KAAe,QAAQ,UAAY,CAAC,QAAQ,QAAS,CACzEE,EAAK,SAAW,QAAQ,SACrB,OAAO,cAAiB,WACzBA,EAAK,aAAe,aAIpBA,EAAK,aAAeA,EAAK,SAE3B,MACF,CAGA,GAAG,OAAO,cAAiB,WAAY,CACrCA,EAAK,aAAe,UAAW,CAAE,OAAO,aAAa,MAAM,OAAW,SAAS,CAAG,EAClFA,EAAK,SAAW,SAASC,EAAU,CACjC,OAAO,aAAaA,CAAQ,CAC9B,EACA,MACF,CAaA,GALAD,EAAK,aAAe,SAASC,EAAU,CACrC,WAAWA,EAAU,CAAC,CACxB,EAGG,OAAO,OAAW,KACnB,OAAO,OAAO,aAAgB,WAAY,CAW1C,IAASC,EAAT,SAAiBC,EAAO,CACtB,GAAGA,EAAM,SAAW,QAAUA,EAAM,OAASC,EAAK,CAChDD,EAAM,gBAAgB,EACtB,IAAIE,EAAOC,EAAU,MAAM,EAC3BA,EAAU,OAAS,EACnBD,EAAK,QAAQ,SAASJ,EAAU,CAC9BA,EAAS,CACX,CAAC,CACH,CACF,EATS,IAAAC,IAVLE,EAAM,qBACNE,EAAY,CAAC,EACjBN,EAAK,aAAe,SAASC,EAAU,CACrCK,EAAU,KAAKL,CAAQ,EAGpBK,EAAU,SAAW,GACtB,OAAO,YAAYF,EAAK,GAAG,CAE/B,EAWA,OAAO,iBAAiB,UAAWF,EAAS,EAAI,CAClD,CAGA,GAAG,OAAO,iBAAqB,IAAa,CAE1C,IAAIK,EAAM,KAAK,IAAI,EACfC,EAAO,GACPC,EAAM,SAAS,cAAc,KAAK,EAClCH,EAAY,CAAC,EACjB,IAAI,iBAAiB,UAAW,CAC9B,IAAID,EAAOC,EAAU,MAAM,EAC3BA,EAAU,OAAS,EACnBD,EAAK,QAAQ,SAASJ,EAAU,CAC9BA,EAAS,CACX,CAAC,CACH,CAAC,EAAE,QAAQQ,EAAK,CAAC,WAAY,EAAI,CAAC,EAClC,IAAIC,EAAkBV,EAAK,aAC3BA,EAAK,aAAe,SAASC,EAAU,CAClC,KAAK,IAAI,EAAIM,EAAM,IACpBA,EAAM,KAAK,IAAI,EACfG,EAAgBT,CAAQ,IAExBK,EAAU,KAAKL,CAAQ,EAGpBK,EAAU,SAAW,GACtBG,EAAI,aAAa,IAAKD,EAAO,CAACA,CAAI,EAGxC,CACF,CAEAR,EAAK,SAAWA,EAAK,YACvB,GAAG,EAGHA,EAAK,SACH,OAAO,QAAY,KAAe,QAAQ,UAAY,QAAQ,SAAS,KAOzEA,EAAK,YAAe,UAAW,CAC7B,OAAGA,EAAK,SACC,OAGF,OAAO,KAAS,IAAc,OAAS,IAChD,EAAG,EAGHA,EAAK,QAAU,MAAM,SAAW,SAASW,EAAG,CAC1C,OAAO,OAAO,UAAU,SAAS,KAAKA,CAAC,IAAM,gBAC/C,EAGAX,EAAK,cAAgB,SAASW,EAAG,CAC/B,OAAO,OAAO,YAAgB,KAAeA,aAAa,WAC5D,EAGAX,EAAK,kBAAoB,SAASW,EAAG,CACnC,OAAOA,GAAKX,EAAK,cAAcW,EAAE,MAAM,GAAKA,EAAE,aAAe,MAC/D,EAWA,SAASC,GAAgBC,EAAG,CAC1B,GAAG,EAAEA,IAAM,GAAKA,IAAM,IAAMA,IAAM,IAAMA,IAAM,IAC5C,MAAM,IAAI,MAAM,yCAA2CA,CAAC,CAEhE,CAGAb,EAAK,WAAac,GAUlB,SAASA,GAAiBC,EAAG,CAQ3B,GAJA,KAAK,KAAO,GAEZ,KAAK,KAAO,EAET,OAAOA,GAAM,SACd,KAAK,KAAOA,UACJf,EAAK,cAAce,CAAC,GAAKf,EAAK,kBAAkBe,CAAC,EACzD,GAAG,OAAO,OAAW,KAAeA,aAAa,OAC/C,KAAK,KAAOA,EAAE,SAAS,QAAQ,MAC1B,CAGL,IAAIC,EAAM,IAAI,WAAWD,CAAC,EAC1B,GAAI,CACF,KAAK,KAAO,OAAO,aAAa,MAAM,KAAMC,CAAG,CACjD,MAAW,CACT,QAAQC,EAAI,EAAGA,EAAID,EAAI,OAAQ,EAAEC,EAC/B,KAAK,QAAQD,EAAIC,CAAC,CAAC,CAEvB,CACF,MACQF,aAAaD,IACpB,OAAOC,GAAM,UAAY,OAAOA,EAAE,MAAS,UAC5C,OAAOA,EAAE,MAAS,YAElB,KAAK,KAAOA,EAAE,KACd,KAAK,KAAOA,EAAE,MAIhB,KAAK,yBAA2B,CAClC,CACAf,EAAK,iBAAmBc,GAYxB,IAAII,GAAiC,KACrClB,EAAK,iBAAiB,UAAU,2BAA6B,SAASW,EAAG,CACvE,KAAK,0BAA4BA,EAC9B,KAAK,yBAA2BO,KAEjC,KAAK,KAAK,OAAO,EAAG,CAAC,EACrB,KAAK,yBAA2B,EAEpC,EAOAlB,EAAK,iBAAiB,UAAU,OAAS,UAAW,CAClD,OAAO,KAAK,KAAK,OAAS,KAAK,IACjC,EAOAA,EAAK,iBAAiB,UAAU,QAAU,UAAW,CACnD,OAAO,KAAK,OAAO,GAAK,CAC1B,EASAA,EAAK,iBAAiB,UAAU,QAAU,SAASe,EAAG,CACpD,OAAO,KAAK,SAAS,OAAO,aAAaA,CAAC,CAAC,CAC7C,EAUAf,EAAK,iBAAiB,UAAU,aAAe,SAASe,EAAGF,EAAG,CAC5DE,EAAI,OAAO,aAAaA,CAAC,EAEzB,QADII,EAAI,KAAK,KACPN,EAAI,GACLA,EAAI,IACLM,GAAKJ,GAEPF,KAAO,EACJA,EAAI,IACLE,GAAKA,GAGT,YAAK,KAAOI,EACZ,KAAK,2BAA2BN,CAAC,EAC1B,IACT,EASAb,EAAK,iBAAiB,UAAU,SAAW,SAASoB,EAAO,CACzD,YAAK,MAAQA,EACb,KAAK,2BAA2BA,EAAM,MAAM,EACrC,IACT,EASApB,EAAK,iBAAiB,UAAU,UAAY,SAASqB,EAAK,CACxD,OAAO,KAAK,SAASrB,EAAK,WAAWqB,CAAG,CAAC,CAC3C,EASArB,EAAK,iBAAiB,UAAU,SAAW,SAASiB,EAAG,CACrD,OAAO,KAAK,SACV,OAAO,aAAaA,GAAK,EAAI,GAAI,EACjC,OAAO,aAAaA,EAAI,GAAI,CAAC,CACjC,EASAjB,EAAK,iBAAiB,UAAU,SAAW,SAASiB,EAAG,CACrD,OAAO,KAAK,SACV,OAAO,aAAaA,GAAK,GAAK,GAAI,EAClC,OAAO,aAAaA,GAAK,EAAI,GAAI,EACjC,OAAO,aAAaA,EAAI,GAAI,CAAC,CACjC,EASAjB,EAAK,iBAAiB,UAAU,SAAW,SAASiB,EAAG,CACrD,OAAO,KAAK,SACV,OAAO,aAAaA,GAAK,GAAK,GAAI,EAClC,OAAO,aAAaA,GAAK,GAAK,GAAI,EAClC,OAAO,aAAaA,GAAK,EAAI,GAAI,EACjC,OAAO,aAAaA,EAAI,GAAI,CAAC,CACjC,EASAjB,EAAK,iBAAiB,UAAU,WAAa,SAASiB,EAAG,CACvD,OAAO,KAAK,SACV,OAAO,aAAaA,EAAI,GAAI,EAC5B,OAAO,aAAaA,GAAK,EAAI,GAAI,CAAC,CACtC,EASAjB,EAAK,iBAAiB,UAAU,WAAa,SAASiB,EAAG,CACvD,OAAO,KAAK,SACV,OAAO,aAAaA,EAAI,GAAI,EAC5B,OAAO,aAAaA,GAAK,EAAI,GAAI,EACjC,OAAO,aAAaA,GAAK,GAAK,GAAI,CAAC,CACvC,EASAjB,EAAK,iBAAiB,UAAU,WAAa,SAASiB,EAAG,CACvD,OAAO,KAAK,SACV,OAAO,aAAaA,EAAI,GAAI,EAC5B,OAAO,aAAaA,GAAK,EAAI,GAAI,EACjC,OAAO,aAAaA,GAAK,GAAK,GAAI,EAClC,OAAO,aAAaA,GAAK,GAAK,GAAI,CAAC,CACvC,EAUAjB,EAAK,iBAAiB,UAAU,OAAS,SAASiB,EAAGJ,EAAG,CACtDD,GAAgBC,CAAC,EACjB,IAAIO,EAAQ,GACZ,GACEP,GAAK,EACLO,GAAS,OAAO,aAAcH,GAAKJ,EAAK,GAAI,QACtCA,EAAI,GACZ,OAAO,KAAK,SAASO,CAAK,CAC5B,EAWApB,EAAK,iBAAiB,UAAU,aAAe,SAASiB,EAAGJ,EAAG,CAE5D,OAAGI,EAAI,IACLA,GAAK,GAAMJ,EAAI,GAEV,KAAK,OAAOI,EAAGJ,CAAC,CACzB,EASAb,EAAK,iBAAiB,UAAU,UAAY,SAASsB,EAAQ,CAC3D,OAAO,KAAK,SAASA,EAAO,SAAS,CAAC,CACxC,EAOAtB,EAAK,iBAAiB,UAAU,QAAU,UAAW,CACnD,OAAO,KAAK,KAAK,WAAW,KAAK,MAAM,CACzC,EAQAA,EAAK,iBAAiB,UAAU,SAAW,UAAW,CACpD,IAAIuB,EACF,KAAK,KAAK,WAAW,KAAK,IAAI,GAAK,EACnC,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,EACpC,YAAK,MAAQ,EACNA,CACT,EAQAvB,EAAK,iBAAiB,UAAU,SAAW,UAAW,CACpD,IAAIuB,EACF,KAAK,KAAK,WAAW,KAAK,IAAI,GAAK,GACnC,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,GAAK,EACvC,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,EACpC,YAAK,MAAQ,EACNA,CACT,EAQAvB,EAAK,iBAAiB,UAAU,SAAW,UAAW,CACpD,IAAIuB,EACF,KAAK,KAAK,WAAW,KAAK,IAAI,GAAK,GACnC,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,GAAK,GACvC,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,GAAK,EACvC,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,EACpC,YAAK,MAAQ,EACNA,CACT,EAQAvB,EAAK,iBAAiB,UAAU,WAAa,UAAW,CACtD,IAAIuB,EACF,KAAK,KAAK,WAAW,KAAK,IAAI,EAC9B,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,GAAK,EACzC,YAAK,MAAQ,EACNA,CACT,EAQAvB,EAAK,iBAAiB,UAAU,WAAa,UAAW,CACtD,IAAIuB,EACF,KAAK,KAAK,WAAW,KAAK,IAAI,EAC9B,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,GAAK,EACvC,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,GAAK,GACzC,YAAK,MAAQ,EACNA,CACT,EAQAvB,EAAK,iBAAiB,UAAU,WAAa,UAAW,CACtD,IAAIuB,EACF,KAAK,KAAK,WAAW,KAAK,IAAI,EAC9B,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,GAAK,EACvC,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,GAAK,GACvC,KAAK,KAAK,WAAW,KAAK,KAAO,CAAC,GAAK,GACzC,YAAK,MAAQ,EACNA,CACT,EAUAvB,EAAK,iBAAiB,UAAU,OAAS,SAASa,EAAG,CACnDD,GAAgBC,CAAC,EACjB,IAAIU,EAAO,EACX,GAEEA,GAAQA,GAAQ,GAAK,KAAK,KAAK,WAAW,KAAK,MAAM,EACrDV,GAAK,QACCA,EAAI,GACZ,OAAOU,CACT,EAUAvB,EAAK,iBAAiB,UAAU,aAAe,SAASa,EAAG,CAEzD,IAAIF,EAAI,KAAK,OAAOE,CAAC,EACjBW,EAAM,GAAMX,EAAI,EACpB,OAAGF,GAAKa,IACNb,GAAKa,GAAO,GAEPb,CACT,EAWAX,EAAK,iBAAiB,UAAU,SAAW,SAASyB,EAAO,CACzD,IAAIF,EACJ,OAAGE,GAEDA,EAAQ,KAAK,IAAI,KAAK,OAAO,EAAGA,CAAK,EACrCF,EAAO,KAAK,KAAK,MAAM,KAAK,KAAM,KAAK,KAAOE,CAAK,EACnD,KAAK,MAAQA,GACLA,IAAU,EAClBF,EAAO,IAGPA,EAAQ,KAAK,OAAS,EAAK,KAAK,KAAO,KAAK,KAAK,MAAM,KAAK,IAAI,EAChE,KAAK,MAAM,GAENA,CACT,EAUAvB,EAAK,iBAAiB,UAAU,MAAQ,SAASyB,EAAO,CACtD,OAAQ,OAAOA,EAAW,IACxB,KAAK,KAAK,MAAM,KAAK,IAAI,EACzB,KAAK,KAAK,MAAM,KAAK,KAAM,KAAK,KAAOA,CAAK,CAChD,EASAzB,EAAK,iBAAiB,UAAU,GAAK,SAASiB,EAAG,CAC/C,OAAO,KAAK,KAAK,WAAW,KAAK,KAAOA,CAAC,CAC3C,EAUAjB,EAAK,iBAAiB,UAAU,MAAQ,SAASiB,EAAGF,EAAG,CACrD,YAAK,KAAO,KAAK,KAAK,OAAO,EAAG,KAAK,KAAOE,CAAC,EAC3C,OAAO,aAAaF,CAAC,EACrB,KAAK,KAAK,OAAO,KAAK,KAAOE,EAAI,CAAC,EAC7B,IACT,EAOAjB,EAAK,iBAAiB,UAAU,KAAO,UAAW,CAChD,OAAO,KAAK,KAAK,WAAW,KAAK,KAAK,OAAS,CAAC,CAClD,EAOAA,EAAK,iBAAiB,UAAU,KAAO,UAAW,CAChD,IAAI0B,EAAI1B,EAAK,aAAa,KAAK,IAAI,EACnC,OAAA0B,EAAE,KAAO,KAAK,KACPA,CACT,EAOA1B,EAAK,iBAAiB,UAAU,QAAU,UAAW,CACnD,OAAG,KAAK,KAAO,IACb,KAAK,KAAO,KAAK,KAAK,MAAM,KAAK,IAAI,EACrC,KAAK,KAAO,GAEP,IACT,EAOAA,EAAK,iBAAiB,UAAU,MAAQ,UAAW,CACjD,YAAK,KAAO,GACZ,KAAK,KAAO,EACL,IACT,EASAA,EAAK,iBAAiB,UAAU,SAAW,SAASyB,EAAO,CACzD,IAAIE,EAAM,KAAK,IAAI,EAAG,KAAK,OAAO,EAAIF,CAAK,EAC3C,YAAK,KAAO,KAAK,KAAK,OAAO,KAAK,KAAME,CAAG,EAC3C,KAAK,KAAO,EACL,IACT,EAOA3B,EAAK,iBAAiB,UAAU,MAAQ,UAAW,CAEjD,QADIuB,EAAO,GACHN,EAAI,KAAK,KAAMA,EAAI,KAAK,KAAK,OAAQ,EAAEA,EAAG,CAChD,IAAIF,EAAI,KAAK,KAAK,WAAWE,CAAC,EAC3BF,EAAI,KACLQ,GAAQ,KAEVA,GAAQR,EAAE,SAAS,EAAE,CACvB,CACA,OAAOQ,CACT,EAOAvB,EAAK,iBAAiB,UAAU,SAAW,UAAW,CACpD,OAAOA,EAAK,WAAW,KAAK,MAAM,CAAC,CACrC,EAkCA,SAAS4B,GAAWb,EAAGc,EAAS,CAE9BA,EAAUA,GAAW,CAAC,EAGtB,KAAK,KAAOA,EAAQ,YAAc,EAClC,KAAK,SAAWA,EAAQ,UAAY,KAEpC,IAAIC,EAAgB9B,EAAK,cAAce,CAAC,EACpCgB,EAAoB/B,EAAK,kBAAkBe,CAAC,EAChD,GAAGe,GAAiBC,EAAmB,CAElCD,EACD,KAAK,KAAO,IAAI,SAASf,CAAC,EAK1B,KAAK,KAAO,IAAI,SAASA,EAAE,OAAQA,EAAE,WAAYA,EAAE,UAAU,EAE/D,KAAK,MAAS,gBAAiBc,EAC7BA,EAAQ,YAAc,KAAK,KAAK,WAClC,MACF,CAGA,KAAK,KAAO,IAAI,SAAS,IAAI,YAAY,CAAC,CAAC,EAC3C,KAAK,MAAQ,EAEVd,GAAM,MACP,KAAK,SAASA,CAAC,EAGd,gBAAiBc,IAClB,KAAK,MAAQA,EAAQ,YAEzB,CACA7B,EAAK,WAAa4B,GAOlB5B,EAAK,WAAW,UAAU,OAAS,UAAW,CAC5C,OAAO,KAAK,MAAQ,KAAK,IAC3B,EAOAA,EAAK,WAAW,UAAU,QAAU,UAAW,CAC7C,OAAO,KAAK,OAAO,GAAK,CAC1B,EAaAA,EAAK,WAAW,UAAU,YAAc,SAASgC,EAAQC,EAAU,CACjE,GAAG,KAAK,OAAO,GAAKD,EAClB,OAAO,KAETC,EAAW,KAAK,IAAIA,GAAY,KAAK,SAAUD,CAAM,EAGrD,IAAIE,EAAM,IAAI,WACZ,KAAK,KAAK,OAAQ,KAAK,KAAK,WAAY,KAAK,KAAK,UAAU,EAC1DC,EAAM,IAAI,WAAW,KAAK,OAAO,EAAIF,CAAQ,EACjD,OAAAE,EAAI,IAAID,CAAG,EACX,KAAK,KAAO,IAAI,SAASC,EAAI,MAAM,EAE5B,IACT,EASAnC,EAAK,WAAW,UAAU,QAAU,SAASe,EAAG,CAC9C,YAAK,YAAY,CAAC,EAClB,KAAK,KAAK,SAAS,KAAK,QAASA,CAAC,EAC3B,IACT,EAUAf,EAAK,WAAW,UAAU,aAAe,SAASe,EAAGF,EAAG,CACtD,KAAK,YAAYA,CAAC,EAClB,QAAQI,EAAI,EAAGA,EAAIJ,EAAG,EAAEI,EACtB,KAAK,KAAK,SAASF,CAAC,EAEtB,OAAO,IACT,EAYAf,EAAK,WAAW,UAAU,SAAW,SAASoB,EAAOgB,EAAU,CAC7D,GAAGpC,EAAK,kBAAkBoB,CAAK,EAAG,CAChC,IAAIc,EAAM,IAAI,WAAWd,EAAM,OAAQA,EAAM,WAAYA,EAAM,UAAU,EACrEO,EAAMO,EAAI,WAAaA,EAAI,WAC/B,KAAK,YAAYP,CAAG,EACpB,IAAIQ,EAAM,IAAI,WAAW,KAAK,KAAK,OAAQ,KAAK,KAAK,EACrD,OAAAA,EAAI,IAAID,CAAG,EACX,KAAK,OAASP,EACP,IACT,CAEA,GAAG3B,EAAK,cAAcoB,CAAK,EAAG,CAC5B,IAAIc,EAAM,IAAI,WAAWd,CAAK,EAC9B,KAAK,YAAYc,EAAI,UAAU,EAC/B,IAAIC,EAAM,IAAI,WAAW,KAAK,KAAK,MAAM,EACzC,OAAAA,EAAI,IAAID,EAAK,KAAK,KAAK,EACvB,KAAK,OAASA,EAAI,WACX,IACT,CAGA,GAAGd,aAAiBpB,EAAK,YACtB,OAAOoB,GAAU,UAClB,OAAOA,EAAM,MAAS,UAAY,OAAOA,EAAM,OAAU,UACzDpB,EAAK,kBAAkBoB,EAAM,IAAI,EAAI,CACrC,IAAIc,EAAM,IAAI,WAAWd,EAAM,KAAK,WAAYA,EAAM,KAAMA,EAAM,OAAO,CAAC,EAC1E,KAAK,YAAYc,EAAI,UAAU,EAC/B,IAAIC,EAAM,IAAI,WAAWf,EAAM,KAAK,WAAY,KAAK,KAAK,EAC1D,OAAAe,EAAI,IAAID,CAAG,EACX,KAAK,OAASA,EAAI,WACX,IACT,CAUA,GARGd,aAAiBpB,EAAK,mBAEvBoB,EAAQA,EAAM,KACdgB,EAAW,UAIbA,EAAWA,GAAY,SACpB,OAAOhB,GAAU,SAAU,CAC5B,IAAIiB,EAGJ,GAAGD,IAAa,MACd,YAAK,YAAY,KAAK,KAAKhB,EAAM,OAAS,CAAC,CAAC,EAC5CiB,EAAO,IAAI,WAAW,KAAK,KAAK,OAAQ,KAAK,KAAK,EAClD,KAAK,OAASrC,EAAK,OAAO,IAAI,OAAOoB,EAAOiB,EAAM,KAAK,KAAK,EACrD,KAET,GAAGD,IAAa,SACd,YAAK,YAAY,KAAK,KAAKhB,EAAM,OAAS,CAAC,EAAI,CAAC,EAChDiB,EAAO,IAAI,WAAW,KAAK,KAAK,OAAQ,KAAK,KAAK,EAClD,KAAK,OAASrC,EAAK,OAAO,OAAO,OAAOoB,EAAOiB,EAAM,KAAK,KAAK,EACxD,KAWT,GAPGD,IAAa,SAEdhB,EAAQpB,EAAK,WAAWoB,CAAK,EAC7BgB,EAAW,UAIVA,IAAa,UAAYA,IAAa,MAEvC,YAAK,YAAYhB,EAAM,MAAM,EAC7BiB,EAAO,IAAI,WAAW,KAAK,KAAK,OAAQ,KAAK,KAAK,EAClD,KAAK,OAASrC,EAAK,OAAO,IAAI,OAAOqC,CAAI,EAClC,KAIT,GAAGD,IAAa,QAEd,YAAK,YAAYhB,EAAM,OAAS,CAAC,EACjCiB,EAAO,IAAI,YAAY,KAAK,KAAK,OAAQ,KAAK,KAAK,EACnD,KAAK,OAASrC,EAAK,KAAK,MAAM,OAAOqC,CAAI,EAClC,KAGT,MAAM,IAAI,MAAM,qBAAuBD,CAAQ,CACjD,CAEA,MAAM,MAAM,sBAAwBhB,CAAK,CAC3C,EASApB,EAAK,WAAW,UAAU,UAAY,SAASsB,EAAQ,CACrD,YAAK,SAASA,CAAM,EACpBA,EAAO,MAAM,EACN,IACT,EAUAtB,EAAK,WAAW,UAAU,UAAY,SAASqB,EAAK,CAClD,OAAO,KAAK,SAASA,EAAK,OAAO,CACnC,EASArB,EAAK,WAAW,UAAU,SAAW,SAASiB,EAAG,CAC/C,YAAK,YAAY,CAAC,EAClB,KAAK,KAAK,SAAS,KAAK,MAAOA,CAAC,EAChC,KAAK,OAAS,EACP,IACT,EASAjB,EAAK,WAAW,UAAU,SAAW,SAASiB,EAAG,CAC/C,YAAK,YAAY,CAAC,EAClB,KAAK,KAAK,SAAS,KAAK,MAAOA,GAAK,EAAI,KAAM,EAC9C,KAAK,KAAK,QAAQ,KAAK,MAAOA,GAAK,GAAK,GAAI,EAC5C,KAAK,OAAS,EACP,IACT,EASAjB,EAAK,WAAW,UAAU,SAAW,SAASiB,EAAG,CAC/C,YAAK,YAAY,CAAC,EAClB,KAAK,KAAK,SAAS,KAAK,MAAOA,CAAC,EAChC,KAAK,OAAS,EACP,IACT,EASAjB,EAAK,WAAW,UAAU,WAAa,SAASiB,EAAG,CACjD,YAAK,YAAY,CAAC,EAClB,KAAK,KAAK,SAAS,KAAK,MAAOA,EAAG,EAAI,EACtC,KAAK,OAAS,EACP,IACT,EASAjB,EAAK,WAAW,UAAU,WAAa,SAASiB,EAAG,CACjD,YAAK,YAAY,CAAC,EAClB,KAAK,KAAK,QAAQ,KAAK,MAAOA,GAAK,GAAK,GAAI,EAC5C,KAAK,KAAK,SAAS,KAAK,MAAOA,GAAK,EAAI,MAAQ,EAAI,EACpD,KAAK,OAAS,EACP,IACT,EASAjB,EAAK,WAAW,UAAU,WAAa,SAASiB,EAAG,CACjD,YAAK,YAAY,CAAC,EAClB,KAAK,KAAK,SAAS,KAAK,MAAOA,EAAG,EAAI,EACtC,KAAK,OAAS,EACP,IACT,EAUAjB,EAAK,WAAW,UAAU,OAAS,SAASiB,EAAGJ,EAAG,CAChDD,GAAgBC,CAAC,EACjB,KAAK,YAAYA,EAAI,CAAC,EACtB,GACEA,GAAK,EACL,KAAK,KAAK,QAAQ,KAAK,QAAUI,GAAKJ,EAAK,GAAI,QACzCA,EAAI,GACZ,OAAO,IACT,EAWAb,EAAK,WAAW,UAAU,aAAe,SAASiB,EAAGJ,EAAG,CACtD,OAAAD,GAAgBC,CAAC,EACjB,KAAK,YAAYA,EAAI,CAAC,EACnBI,EAAI,IACLA,GAAK,GAAMJ,EAAI,GAEV,KAAK,OAAOI,EAAGJ,CAAC,CACzB,EAOAb,EAAK,WAAW,UAAU,QAAU,UAAW,CAC7C,OAAO,KAAK,KAAK,QAAQ,KAAK,MAAM,CACtC,EAQAA,EAAK,WAAW,UAAU,SAAW,UAAW,CAC9C,IAAIuB,EAAO,KAAK,KAAK,SAAS,KAAK,IAAI,EACvC,YAAK,MAAQ,EACNA,CACT,EAQAvB,EAAK,WAAW,UAAU,SAAW,UAAW,CAC9C,IAAIuB,EACF,KAAK,KAAK,SAAS,KAAK,IAAI,GAAK,EACjC,KAAK,KAAK,QAAQ,KAAK,KAAO,CAAC,EACjC,YAAK,MAAQ,EACNA,CACT,EAQAvB,EAAK,WAAW,UAAU,SAAW,UAAW,CAC9C,IAAIuB,EAAO,KAAK,KAAK,SAAS,KAAK,IAAI,EACvC,YAAK,MAAQ,EACNA,CACT,EAQAvB,EAAK,WAAW,UAAU,WAAa,UAAW,CAChD,IAAIuB,EAAO,KAAK,KAAK,SAAS,KAAK,KAAM,EAAI,EAC7C,YAAK,MAAQ,EACNA,CACT,EAQAvB,EAAK,WAAW,UAAU,WAAa,UAAW,CAChD,IAAIuB,EACF,KAAK,KAAK,QAAQ,KAAK,IAAI,EAC3B,KAAK,KAAK,SAAS,KAAK,KAAO,EAAG,EAAI,GAAK,EAC7C,YAAK,MAAQ,EACNA,CACT,EAQAvB,EAAK,WAAW,UAAU,WAAa,UAAW,CAChD,IAAIuB,EAAO,KAAK,KAAK,SAAS,KAAK,KAAM,EAAI,EAC7C,YAAK,MAAQ,EACNA,CACT,EAUAvB,EAAK,WAAW,UAAU,OAAS,SAASa,EAAG,CAC7CD,GAAgBC,CAAC,EACjB,IAAIU,EAAO,EACX,GAEEA,GAAQA,GAAQ,GAAK,KAAK,KAAK,QAAQ,KAAK,MAAM,EAClDV,GAAK,QACCA,EAAI,GACZ,OAAOU,CACT,EAUAvB,EAAK,WAAW,UAAU,aAAe,SAASa,EAAG,CAEnD,IAAIF,EAAI,KAAK,OAAOE,CAAC,EACjBW,EAAM,GAAMX,EAAI,EACpB,OAAGF,GAAKa,IACNb,GAAKa,GAAO,GAEPb,CACT,EAUAX,EAAK,WAAW,UAAU,SAAW,SAASyB,EAAO,CAInD,IAAIF,EACJ,OAAGE,GAEDA,EAAQ,KAAK,IAAI,KAAK,OAAO,EAAGA,CAAK,EACrCF,EAAO,KAAK,KAAK,MAAM,KAAK,KAAM,KAAK,KAAOE,CAAK,EACnD,KAAK,MAAQA,GACLA,IAAU,EAClBF,EAAO,IAGPA,EAAQ,KAAK,OAAS,EAAK,KAAK,KAAO,KAAK,KAAK,MAAM,KAAK,IAAI,EAChE,KAAK,MAAM,GAENA,CACT,EAUAvB,EAAK,WAAW,UAAU,MAAQ,SAASyB,EAAO,CAEhD,OAAQ,OAAOA,EAAW,IACxB,KAAK,KAAK,MAAM,KAAK,IAAI,EACzB,KAAK,KAAK,MAAM,KAAK,KAAM,KAAK,KAAOA,CAAK,CAChD,EASAzB,EAAK,WAAW,UAAU,GAAK,SAASiB,EAAG,CACzC,OAAO,KAAK,KAAK,SAAS,KAAK,KAAOA,CAAC,CACzC,EAUAjB,EAAK,WAAW,UAAU,MAAQ,SAASiB,EAAGF,EAAG,CAC/C,YAAK,KAAK,SAASE,EAAGF,CAAC,EAChB,IACT,EAOAf,EAAK,WAAW,UAAU,KAAO,UAAW,CAC1C,OAAO,KAAK,KAAK,SAAS,KAAK,MAAQ,CAAC,CAC1C,EAOAA,EAAK,WAAW,UAAU,KAAO,UAAW,CAC1C,OAAO,IAAIA,EAAK,WAAW,IAAI,CACjC,EAOAA,EAAK,WAAW,UAAU,QAAU,UAAW,CAC7C,GAAG,KAAK,KAAO,EAAG,CAChB,IAAIkC,EAAM,IAAI,WAAW,KAAK,KAAK,OAAQ,KAAK,IAAI,EAChDC,EAAM,IAAI,WAAWD,EAAI,UAAU,EACvCC,EAAI,IAAID,CAAG,EACX,KAAK,KAAO,IAAI,SAASC,CAAG,EAC5B,KAAK,OAAS,KAAK,KACnB,KAAK,KAAO,CACd,CACA,OAAO,IACT,EAOAnC,EAAK,WAAW,UAAU,MAAQ,UAAW,CAC3C,YAAK,KAAO,IAAI,SAAS,IAAI,YAAY,CAAC,CAAC,EAC3C,KAAK,KAAO,KAAK,MAAQ,EAClB,IACT,EASAA,EAAK,WAAW,UAAU,SAAW,SAASyB,EAAO,CACnD,YAAK,MAAQ,KAAK,IAAI,EAAG,KAAK,OAAO,EAAIA,CAAK,EAC9C,KAAK,KAAO,KAAK,IAAI,KAAK,KAAM,KAAK,KAAK,EACnC,IACT,EAOAzB,EAAK,WAAW,UAAU,MAAQ,UAAW,CAE3C,QADIuB,EAAO,GACHN,EAAI,KAAK,KAAMA,EAAI,KAAK,KAAK,WAAY,EAAEA,EAAG,CACpD,IAAIF,EAAI,KAAK,KAAK,SAASE,CAAC,EACzBF,EAAI,KACLQ,GAAQ,KAEVA,GAAQR,EAAE,SAAS,EAAE,CACvB,CACA,OAAOQ,CACT,EAWAvB,EAAK,WAAW,UAAU,SAAW,SAASoC,EAAU,CACtD,IAAIC,EAAO,IAAI,WAAW,KAAK,KAAM,KAAK,KAAM,KAAK,OAAO,CAAC,EAI7D,GAHAD,EAAWA,GAAY,OAGpBA,IAAa,UAAYA,IAAa,MACvC,OAAOpC,EAAK,OAAO,IAAI,OAAOqC,CAAI,EAEpC,GAAGD,IAAa,MACd,OAAOpC,EAAK,OAAO,IAAI,OAAOqC,CAAI,EAEpC,GAAGD,IAAa,SACd,OAAOpC,EAAK,OAAO,OAAO,OAAOqC,CAAI,EAIvC,GAAGD,IAAa,OACd,OAAOpC,EAAK,KAAK,KAAK,OAAOqC,CAAI,EAEnC,GAAGD,IAAa,QACd,OAAOpC,EAAK,KAAK,MAAM,OAAOqC,CAAI,EAGpC,MAAM,IAAI,MAAM,qBAAuBD,CAAQ,CACjD,EAcApC,EAAK,aAAe,SAASsC,EAAOF,EAAU,CAE5C,OAAAA,EAAWA,GAAY,MACpBE,IAAU,QAAaF,IAAa,SACrCE,EAAQtC,EAAK,WAAWsC,CAAK,GAExB,IAAItC,EAAK,WAAWsC,CAAK,CAClC,EAYAtC,EAAK,WAAa,SAAS0B,EAAGb,EAAG,CAE/B,QADI0B,EAAI,GACF1B,EAAI,GACLA,EAAI,IACL0B,GAAKb,GAEPb,KAAO,EACJA,EAAI,IACLa,GAAKA,GAGT,OAAOa,CACT,EAYAvC,EAAK,SAAW,SAASwC,EAAIC,EAAI5B,EAAG,CAMlC,QALI6B,EAAK,GACL3B,EAAI,GACJ4B,EAAI,GACJ1B,EAAI,EACJS,EAAI,EACFb,EAAI,EAAG,EAAEA,EAAG,EAAEI,EAClBF,EAAIyB,EAAG,WAAWvB,CAAC,EAAIwB,EAAG,WAAWxB,CAAC,EACnCS,GAAK,KACNgB,GAAMC,EACNA,EAAI,GACJjB,EAAI,GAENiB,GAAK,OAAO,aAAa5B,CAAC,EAC1B,EAAEW,EAEJ,OAAAgB,GAAMC,EACCD,CACT,EASA1C,EAAK,WAAa,SAAS4C,EAAK,CAE9B,IAAIrB,EAAO,GACPN,EAAI,EAOR,IANG2B,EAAI,OAAS,KAEd3B,EAAI,EACJM,GAAQ,OAAO,aAAa,SAASqB,EAAI,CAAC,EAAG,EAAE,CAAC,GAG5C3B,EAAI2B,EAAI,OAAQ3B,GAAK,EACzBM,GAAQ,OAAO,aAAa,SAASqB,EAAI,OAAO3B,EAAG,CAAC,EAAG,EAAE,CAAC,EAE5D,OAAOM,CACT,EASAvB,EAAK,WAAa,SAASoB,EAAO,CAEhC,OAAOpB,EAAK,aAAaoB,CAAK,EAAE,MAAM,CACxC,EASApB,EAAK,aAAe,SAASiB,EAAG,CAC9B,OACE,OAAO,aAAaA,GAAK,GAAK,GAAI,EAClC,OAAO,aAAaA,GAAK,GAAK,GAAI,EAClC,OAAO,aAAaA,GAAK,EAAI,GAAI,EACjC,OAAO,aAAaA,EAAI,GAAI,CAChC,EAGA,IAAI4B,GACF,oEACEC,GAAa,CAGd,GAAI,GAAI,GAAI,GAAI,GAGhB,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAGrC,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAIvB,EAAI,EAAI,EAAI,EAAI,EAAI,EAAI,EAAI,EAAI,EAAI,EAAG,GAAI,GAAI,GAG/C,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAIjD,GAAI,GAAI,GAAI,GAAI,GAAI,GAInB,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAGhD,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,GAAI,EACnD,EAGIC,GAAU,6DAWd/C,EAAK,SAAW,SAASsC,EAAOU,EAAS,CAMvC,QAJIC,EAAO,GACPC,EAAS,GACTC,EAAMC,EAAMC,EACZpC,EAAI,EACFA,EAAIqB,EAAM,QACda,EAAOb,EAAM,WAAWrB,GAAG,EAC3BmC,EAAOd,EAAM,WAAWrB,GAAG,EAC3BoC,EAAOf,EAAM,WAAWrB,GAAG,EAG3BgC,GAAQJ,GAAQ,OAAOM,GAAQ,CAAC,EAChCF,GAAQJ,GAAQ,QAASM,EAAO,IAAM,EAAMC,GAAQ,CAAE,EACnD,MAAMA,CAAI,EACXH,GAAQ,MAERA,GAAQJ,GAAQ,QAASO,EAAO,KAAO,EAAMC,GAAQ,CAAE,EACvDJ,GAAQ,MAAMI,CAAI,EAAI,IAAMR,GAAQ,OAAOQ,EAAO,EAAE,GAGnDL,GAAWC,EAAK,OAASD,IAC1BE,GAAUD,EAAK,OAAO,EAAGD,CAAO,EAAI;AAAA,EACpCC,EAAOA,EAAK,OAAOD,CAAO,GAG9B,OAAAE,GAAUD,EACHC,CACT,EASAlD,EAAK,SAAW,SAASsC,EAAO,CAI9BA,EAAQA,EAAM,QAAQ,sBAAuB,EAAE,EAM/C,QAJIY,EAAS,GACTI,EAAMC,EAAMC,EAAMC,EAClBxC,EAAI,EAEFA,EAAIqB,EAAM,QACdgB,EAAOR,GAAWR,EAAM,WAAWrB,GAAG,EAAI,EAAE,EAC5CsC,EAAOT,GAAWR,EAAM,WAAWrB,GAAG,EAAI,EAAE,EAC5CuC,EAAOV,GAAWR,EAAM,WAAWrB,GAAG,EAAI,EAAE,EAC5CwC,EAAOX,GAAWR,EAAM,WAAWrB,GAAG,EAAI,EAAE,EAE5CiC,GAAU,OAAO,aAAcI,GAAQ,EAAMC,GAAQ,CAAE,EACpDC,IAAS,KAEVN,GAAU,OAAO,cAAeK,EAAO,KAAO,EAAMC,GAAQ,CAAE,EAC3DC,IAAS,KAEVP,GAAU,OAAO,cAAeM,EAAO,IAAM,EAAKC,CAAI,IAK5D,OAAOP,CACT,EAYAlD,EAAK,WAAa,SAASqB,EAAK,CAC9B,OAAO,SAAS,mBAAmBA,CAAG,CAAC,CACzC,EAWArB,EAAK,WAAa,SAASqB,EAAK,CAC9B,OAAO,mBAAmB,OAAOA,CAAG,CAAC,CACvC,EAIArB,EAAK,OAAS,CACZ,IAAK,CAAC,EACN,IAAK,CAAC,EACN,OAAQ,CAAC,EACT,OAAQ,CAAC,EACT,MAAQ,CACN,OAAQD,GAAM,OACd,OAAQA,GAAM,MAChB,CACF,EAUAC,EAAK,OAAO,IAAI,OAAS,SAASoB,EAAO,CACvC,OAAO,OAAO,aAAa,MAAM,KAAMA,CAAK,CAC9C,EAaApB,EAAK,OAAO,IAAI,OAAS,SAASqB,EAAK6B,EAAQQ,EAAQ,CACrD,IAAIC,EAAMT,EACNS,IACFA,EAAM,IAAI,WAAWtC,EAAI,MAAM,GAEjCqC,EAASA,GAAU,EAEnB,QADIE,EAAIF,EACA,EAAI,EAAG,EAAIrC,EAAI,OAAQ,EAAE,EAC/BsC,EAAIC,GAAG,EAAIvC,EAAI,WAAW,CAAC,EAE7B,OAAO6B,EAAUU,EAAIF,EAAUC,CACjC,EAUA3D,EAAK,OAAO,IAAI,OAASA,EAAK,WAY9BA,EAAK,OAAO,IAAI,OAAS,SAAS4C,EAAKM,EAAQQ,EAAQ,CACrD,IAAIC,EAAMT,EACNS,IACFA,EAAM,IAAI,WAAW,KAAK,KAAKf,EAAI,OAAS,CAAC,CAAC,GAEhDc,EAASA,GAAU,EACnB,IAAIzC,EAAI,EAAG2C,EAAIF,EAOf,IANGd,EAAI,OAAS,IAEd3B,EAAI,EACJ0C,EAAIC,GAAG,EAAI,SAAShB,EAAI,CAAC,EAAG,EAAE,GAG1B3B,EAAI2B,EAAI,OAAQ3B,GAAK,EACzB0C,EAAIC,GAAG,EAAI,SAAShB,EAAI,OAAO3B,EAAG,CAAC,EAAG,EAAE,EAE1C,OAAOiC,EAAUU,EAAIF,EAAUC,CACjC,EAWA3D,EAAK,OAAO,OAAO,OAAS,SAASsC,EAAOU,EAAS,CAKnD,QAJIC,EAAO,GACPC,EAAS,GACTC,EAAMC,EAAMC,EACZpC,EAAI,EACFA,EAAIqB,EAAM,YACda,EAAOb,EAAMrB,GAAG,EAChBmC,EAAOd,EAAMrB,GAAG,EAChBoC,EAAOf,EAAMrB,GAAG,EAGhBgC,GAAQJ,GAAQ,OAAOM,GAAQ,CAAC,EAChCF,GAAQJ,GAAQ,QAASM,EAAO,IAAM,EAAMC,GAAQ,CAAE,EACnD,MAAMA,CAAI,EACXH,GAAQ,MAERA,GAAQJ,GAAQ,QAASO,EAAO,KAAO,EAAMC,GAAQ,CAAE,EACvDJ,GAAQ,MAAMI,CAAI,EAAI,IAAMR,GAAQ,OAAOQ,EAAO,EAAE,GAGnDL,GAAWC,EAAK,OAASD,IAC1BE,GAAUD,EAAK,OAAO,EAAGD,CAAO,EAAI;AAAA,EACpCC,EAAOA,EAAK,OAAOD,CAAO,GAG9B,OAAAE,GAAUD,EACHC,CACT,EAYAlD,EAAK,OAAO,OAAO,OAAS,SAASsC,EAAOY,EAAQQ,EAAQ,CAC1D,IAAIC,EAAMT,EACNS,IACFA,EAAM,IAAI,WAAW,KAAK,KAAKrB,EAAM,OAAS,CAAC,EAAI,CAAC,GAItDA,EAAQA,EAAM,QAAQ,sBAAuB,EAAE,EAE/CoB,EAASA,GAAU,EAInB,QAHIJ,EAAMC,EAAMC,EAAMC,EAClBxC,EAAI,EAAG2C,EAAIF,EAETzC,EAAIqB,EAAM,QACdgB,EAAOR,GAAWR,EAAM,WAAWrB,GAAG,EAAI,EAAE,EAC5CsC,EAAOT,GAAWR,EAAM,WAAWrB,GAAG,EAAI,EAAE,EAC5CuC,EAAOV,GAAWR,EAAM,WAAWrB,GAAG,EAAI,EAAE,EAC5CwC,EAAOX,GAAWR,EAAM,WAAWrB,GAAG,EAAI,EAAE,EAE5C0C,EAAIC,GAAG,EAAKN,GAAQ,EAAMC,GAAQ,EAC/BC,IAAS,KAEVG,EAAIC,GAAG,GAAML,EAAO,KAAO,EAAMC,GAAQ,EACtCC,IAAS,KAEVE,EAAIC,GAAG,GAAMJ,EAAO,IAAM,EAAKC,IAMrC,OAAOP,EAAUU,EAAIF,EAAUC,EAAI,SAAS,EAAGC,CAAC,CAClD,EAGA5D,EAAK,OAAO,OAAO,OAAS,SAASsC,EAAOU,EAAS,CACnD,OAAOhD,EAAK,OAAO,MAAM,OAAOsC,EAAOS,GAASC,CAAO,CACzD,EACAhD,EAAK,OAAO,OAAO,OAAS,SAASsC,EAAOU,EAAS,CACnD,OAAOhD,EAAK,OAAO,MAAM,OAAOsC,EAAOS,GAASC,CAAO,CACzD,EAIAhD,EAAK,KAAO,CACV,KAAM,CAAC,EACP,MAAO,CAAC,CACV,EAYAA,EAAK,KAAK,KAAK,OAAS,SAASqB,EAAK6B,EAAQQ,EAAQ,CACpDrC,EAAMrB,EAAK,WAAWqB,CAAG,EACzB,IAAIsC,EAAMT,EACNS,IACFA,EAAM,IAAI,WAAWtC,EAAI,MAAM,GAEjCqC,EAASA,GAAU,EAEnB,QADIE,EAAIF,EACA,EAAI,EAAG,EAAIrC,EAAI,OAAQ,EAAE,EAC/BsC,EAAIC,GAAG,EAAIvC,EAAI,WAAW,CAAC,EAE7B,OAAO6B,EAAUU,EAAIF,EAAUC,CACjC,EASA3D,EAAK,KAAK,KAAK,OAAS,SAASoB,EAAO,CACtC,OAAOpB,EAAK,WAAW,OAAO,aAAa,MAAM,KAAMoB,CAAK,CAAC,CAC/D,EAYApB,EAAK,KAAK,MAAM,OAAS,SAASqB,EAAK6B,EAAQQ,EAAQ,CACrD,IAAIC,EAAMT,EACNS,IACFA,EAAM,IAAI,WAAWtC,EAAI,OAAS,CAAC,GAErC,IAAIgB,EAAO,IAAI,YAAYsB,EAAI,MAAM,EACrCD,EAASA,GAAU,EAGnB,QAFIE,EAAIF,EACJG,EAAIH,EACAzC,EAAI,EAAGA,EAAII,EAAI,OAAQ,EAAEJ,EAC/BoB,EAAKwB,GAAG,EAAIxC,EAAI,WAAWJ,CAAC,EAC5B2C,GAAK,EAEP,OAAOV,EAAUU,EAAIF,EAAUC,CACjC,EASA3D,EAAK,KAAK,MAAM,OAAS,SAASoB,EAAO,CACvC,OAAO,OAAO,aAAa,MAAM,KAAM,IAAI,YAAYA,EAAM,MAAM,CAAC,CACtE,EAYApB,EAAK,QAAU,SAAS8D,EAAK1C,EAAO2C,EAAK,CAIvC,GAHA3C,EAAQpB,EAAK,SAAS8D,EAAI,QAAQ9D,EAAK,SAASoB,CAAK,CAAC,EAAE,IAAI,EAGzD2C,EAAK,CAIN,IAAIC,EAAQ,EACRC,EAAM7C,EAAM,WAAW,CAAC,EACzB6C,EAAM,KACPD,EAAQ,GAGV5C,EAAQA,EAAM,UAAU4C,EAAO5C,EAAM,OAAS,CAAC,CACjD,CAEA,OAAOA,CACT,EAYApB,EAAK,QAAU,SAAS8D,EAAK1C,EAAO2C,EAAK,CAEvC,IAAIxC,EAAOuC,EAAI,QAAQ9D,EAAK,SAASoB,CAAK,CAAC,EAAE,KAC7C,OAAQG,IAAS,KAAQ,KAAOvB,EAAK,SAASuB,CAAI,CACpD,EASA,IAAI2C,GAAoB,SAASJ,EAAKK,EAAIC,EAAK,CAC7C,GAAG,CAACN,EACF,MAAM,IAAI,MAAM,2BAA2B,EAG7C,IAAIvC,EAUJ,GATG6C,IAAQ,KACT7C,EAAOuC,EAAI,WAAWK,CAAE,GAGxBC,EAAMpE,EAAK,SAAS,KAAK,UAAUoE,CAAG,CAAC,EACvC7C,EAAOuC,EAAI,QAAQK,EAAIC,CAAG,GAIzB,OAAO7C,EAAU,KAAeA,EAAK,OAAS,GAAM,CACrD,IAAI8C,EAAQ,IAAI,MAAM9C,EAAK,MAAM,OAAO,EACxC,MAAA8C,EAAM,GAAK9C,EAAK,MAAM,GACtB8C,EAAM,KAAO9C,EAAK,MAAM,KAClB8C,CACR,CACF,EAUIC,GAAoB,SAASR,EAAKK,EAAI,CACxC,GAAG,CAACL,EACF,MAAM,IAAI,MAAM,2BAA2B,EAI7C,IAAIvC,EAAOuC,EAAI,QAAQK,CAAE,EAQzB,GAAGL,EAAI,KACL,GAAGvC,EAAK,OAAS,KAAM,CACrB,GAAGA,EAAK,MAAO,CACb,IAAI8C,EAAQ,IAAI,MAAM9C,EAAK,MAAM,OAAO,EACxC,MAAA8C,EAAM,GAAK9C,EAAK,MAAM,GACtB8C,EAAM,KAAO9C,EAAK,MAAM,KAClB8C,CACR,CAEA9C,EAAO,IACT,MACEA,EAAOA,EAAK,KAKhB,OAAGA,IAAS,OAEVA,EAAO,KAAK,MAAMvB,EAAK,SAASuB,CAAI,CAAC,GAGhCA,CACT,EAUIgD,GAAW,SAAST,EAAKK,EAAIK,EAAKC,EAAM,CAE1C,IAAIL,EAAME,GAAkBR,EAAKK,CAAE,EAChCC,IAAQ,OAETA,EAAM,CAAC,GAGTA,EAAII,CAAG,EAAIC,EAGXP,GAAkBJ,EAAKK,EAAIC,CAAG,CAChC,EAWIM,GAAW,SAASZ,EAAKK,EAAIK,EAAK,CAEpC,IAAIjD,EAAO+C,GAAkBR,EAAKK,CAAE,EACpC,OAAG5C,IAAS,OAEVA,EAAQiD,KAAOjD,EAAQA,EAAKiD,CAAG,EAAI,MAG9BjD,CACT,EASIoD,GAAc,SAASb,EAAKK,EAAIK,EAAK,CAEvC,IAAIJ,EAAME,GAAkBR,EAAKK,CAAE,EACnC,GAAGC,IAAQ,MAAQI,KAAOJ,EAAK,CAE7B,OAAOA,EAAII,CAAG,EAGd,IAAII,EAAQ,GACZ,QAAQC,KAAQT,EAAK,CACnBQ,EAAQ,GACR,KACF,CACGA,IAEDR,EAAM,MAIRF,GAAkBJ,EAAKK,EAAIC,CAAG,CAChC,CACF,EAQIU,GAAc,SAAShB,EAAKK,EAAI,CAClCD,GAAkBJ,EAAKK,EAAI,IAAI,CACjC,EAWIY,GAAuB,SAASC,EAAMC,EAAMC,EAAU,CACxD,IAAI3D,EAAO,KAGR,OAAO2D,EAAc,MACtBA,EAAW,CAAC,MAAO,OAAO,GAI5B,IAAIC,EACAC,EAAO,GACPC,EAAY,KAChB,QAAQC,KAAOJ,EAAU,CACvBC,EAAOD,EAASI,CAAG,EACnB,GAAI,CACF,GAAGH,IAAS,SAAWA,IAAS,OAAQ,CACtC,GAAGF,EAAK,CAAC,IAAM,KACb,MAAM,IAAI,MAAM,oCAAoC,EAEtD1D,EAAOyD,EAAK,MAAM,KAAMC,CAAI,EAC5BG,EAAQD,IAAS,OACnB,EACGA,IAAS,OAASA,IAAS,UAC5BF,EAAK,CAAC,EAAI,aACV1D,EAAOyD,EAAK,MAAM,KAAMC,CAAI,EAC5BG,EAAO,GAEX,OAAQG,EAAI,CACVF,EAAYE,CACd,CACA,GAAGH,EACD,KAEJ,CAEA,GAAG,CAACA,EACF,MAAMC,EAGR,OAAO9D,CACT,EA8BAvB,EAAK,QAAU,SAAS8D,EAAKK,EAAIK,EAAKC,EAAMS,EAAU,CACpDH,GAAqBR,GAAU,UAAWW,CAAQ,CACpD,EAcAlF,EAAK,QAAU,SAAS8D,EAAKK,EAAIK,EAAKU,EAAU,CAC9C,OAAOH,GAAqBL,GAAU,UAAWQ,CAAQ,CAC3D,EAYAlF,EAAK,WAAa,SAAS8D,EAAKK,EAAIK,EAAKU,EAAU,CACjDH,GAAqBJ,GAAa,UAAWO,CAAQ,CACvD,EAWAlF,EAAK,WAAa,SAAS8D,EAAKK,EAAIe,EAAU,CAC5CH,GAAqBD,GAAa,UAAWI,CAAQ,CACvD,EAUAlF,EAAK,QAAU,SAASoE,EAAK,CAC3B,QAAQS,KAAQT,EACd,GAAGA,EAAI,eAAeS,CAAI,EACxB,MAAO,GAGX,MAAO,EACT,EAWA7E,EAAK,OAAS,SAASwF,EAAQ,CAa7B,QAZIC,EAAK,MAELC,EAEAC,EAEAC,EAAO,EAEPC,EAAQ,CAAC,EAETC,EAAO,EAEJJ,EAAQD,EAAG,KAAKD,CAAM,GAAI,CAC/BG,EAAOH,EAAO,UAAUM,EAAML,EAAG,UAAY,CAAC,EAE3CE,EAAK,OAAS,GACfE,EAAM,KAAKF,CAAI,EAEjBG,EAAOL,EAAG,UAEV,IAAIM,EAAOL,EAAM,CAAC,EAAE,CAAC,EACrB,OAAOK,EAAM,CACb,IAAK,IACL,IAAK,IAEAH,EAAO,UAAU,OAClBC,EAAM,KAAK,UAAUD,IAAS,CAAC,CAAC,EAEhCC,EAAM,KAAK,KAAK,EAElB,MAIF,IAAK,IACHA,EAAM,KAAK,GAAG,EACd,MACF,QACEA,EAAM,KAAK,KAAOE,EAAO,IAAI,CAC/B,CACF,CAEA,OAAAF,EAAM,KAAKL,EAAO,UAAUM,CAAI,CAAC,EAC1BD,EAAM,KAAK,EAAE,CACtB,EAOA7F,EAAK,aAAe,SAASgG,EAAQC,EAAUC,EAAWC,EAAe,CAWvE,IAAI,EAAIH,EAAQtE,EAAI,MAAMuE,EAAW,KAAK,IAAIA,CAAQ,CAAC,EAAI,EAAIA,EAC3D9E,EAAI+E,IAAc,OAAY,IAAMA,EACpCvD,EAAIwD,IAAkB,OACzB,IAAMA,EAAe5D,EAAI,EAAI,EAAI,IAAM,GACpCtB,EAAI,SAAU,EAAI,KAAK,IAAI,CAAC,GAAK,CAAC,EAAE,QAAQS,CAAC,EAAI,EAAE,EAAI,GACvDkC,EAAK3C,EAAE,OAAS,EAAKA,EAAE,OAAS,EAAI,EACxC,OAAOsB,GAAKqB,EAAI3C,EAAE,OAAO,EAAG2C,CAAC,EAAIjB,EAAI,IACnC1B,EAAE,OAAO2C,CAAC,EAAE,QAAQ,iBAAkB,KAAOjB,CAAC,GAC7CjB,EAAIP,EAAI,KAAK,IAAI,EAAIF,CAAC,EAAE,QAAQS,CAAC,EAAE,MAAM,CAAC,EAAI,GACnD,EAOA1B,EAAK,WAAa,SAASoG,EAAM,CAC/B,OAAGA,GAAQ,WACTA,EAAOpG,EAAK,aAAaoG,EAAO,WAAY,EAAG,IAAK,EAAE,EAAI,OAClDA,GAAQ,QAChBA,EAAOpG,EAAK,aAAaoG,EAAO,QAAS,EAAG,IAAK,EAAE,EAAI,OAC/CA,GAAQ,KAChBA,EAAOpG,EAAK,aAAaoG,EAAO,KAAM,CAAC,EAAI,OAE3CA,EAAOpG,EAAK,aAAaoG,EAAM,CAAC,EAAI,SAE/BA,CACT,EAUApG,EAAK,YAAc,SAASqG,EAAI,CAC9B,OAAGA,EAAG,QAAQ,GAAG,IAAM,GACdrG,EAAK,cAAcqG,CAAE,EAE3BA,EAAG,QAAQ,GAAG,IAAM,GACdrG,EAAK,cAAcqG,CAAE,EAEvB,IACT,EASArG,EAAK,cAAgB,SAASqG,EAAI,CAEhC,GADAA,EAAKA,EAAG,MAAM,GAAG,EACdA,EAAG,SAAW,EACf,OAAO,KAGT,QADItF,EAAIf,EAAK,aAAa,EAClBiB,EAAI,EAAGA,EAAIoF,EAAG,OAAQ,EAAEpF,EAAG,CACjC,IAAIqF,EAAM,SAASD,EAAGpF,CAAC,EAAG,EAAE,EAC5B,GAAG,MAAMqF,CAAG,EACV,OAAO,KAETvF,EAAE,QAAQuF,CAAG,CACf,CACA,OAAOvF,EAAE,SAAS,CACpB,EASAf,EAAK,cAAgB,SAASqG,EAAI,CAChC,IAAIE,EAAS,EACbF,EAAKA,EAAG,MAAM,GAAG,EAAE,OAAO,SAASG,EAAG,CACpC,OAAGA,EAAE,SAAW,GAAG,EAAED,EACd,EACT,CAAC,EAGD,QAFIE,GAAS,EAAIJ,EAAG,OAASE,GAAU,EACnCxF,EAAIf,EAAK,aAAa,EAClBiB,EAAI,EAAGA,EAAI,EAAG,EAAEA,EAAG,CACzB,GAAG,CAACoF,EAAGpF,CAAC,GAAKoF,EAAGpF,CAAC,EAAE,SAAW,EAAG,CAC/BF,EAAE,aAAa,EAAG0F,CAAK,EACvBA,EAAQ,EACR,QACF,CACA,IAAIrF,EAAQpB,EAAK,WAAWqG,EAAGpF,CAAC,CAAC,EAC9BG,EAAM,OAAS,GAChBL,EAAE,QAAQ,CAAC,EAEbA,EAAE,SAASK,CAAK,CAClB,CACA,OAAOL,EAAE,SAAS,CACpB,EAWAf,EAAK,UAAY,SAASoB,EAAO,CAC/B,OAAGA,EAAM,SAAW,EACXpB,EAAK,YAAYoB,CAAK,EAE5BA,EAAM,SAAW,GACXpB,EAAK,YAAYoB,CAAK,EAExB,IACT,EAUApB,EAAK,YAAc,SAASoB,EAAO,CACjC,GAAGA,EAAM,SAAW,EAClB,OAAO,KAGT,QADIiF,EAAK,CAAC,EACFpF,EAAI,EAAGA,EAAIG,EAAM,OAAQ,EAAEH,EACjCoF,EAAG,KAAKjF,EAAM,WAAWH,CAAC,CAAC,EAE7B,OAAOoF,EAAG,KAAK,GAAG,CACpB,EAUArG,EAAK,YAAc,SAASoB,EAAO,CACjC,GAAGA,EAAM,SAAW,GAClB,OAAO,KAKT,QAHIiF,EAAK,CAAC,EACNK,EAAa,CAAC,EACdC,EAAe,EACX1F,EAAI,EAAGA,EAAIG,EAAM,OAAQH,GAAK,EAAG,CAGvC,QAFI2B,EAAM5C,EAAK,WAAWoB,EAAMH,CAAC,EAAIG,EAAMH,EAAI,CAAC,CAAC,EAE3C2B,EAAI,CAAC,IAAM,KAAOA,IAAQ,KAC9BA,EAAMA,EAAI,OAAO,CAAC,EAEpB,GAAGA,IAAQ,IAAK,CACd,IAAIkD,EAAOY,EAAWA,EAAW,OAAS,CAAC,EACvCpB,EAAMe,EAAG,OACV,CAACP,GAAQR,IAAQQ,EAAK,IAAM,EAC7BY,EAAW,KAAK,CAAC,MAAOpB,EAAK,IAAKA,CAAG,CAAC,GAEtCQ,EAAK,IAAMR,EACPQ,EAAK,IAAMA,EAAK,MACjBY,EAAWC,CAAY,EAAE,IAAMD,EAAWC,CAAY,EAAE,QACzDA,EAAeD,EAAW,OAAS,GAGzC,CACAL,EAAG,KAAKzD,CAAG,CACb,CACA,GAAG8D,EAAW,OAAS,EAAG,CACxB,IAAIE,EAAQF,EAAWC,CAAY,EAEhCC,EAAM,IAAMA,EAAM,MAAQ,IAC3BP,EAAG,OAAOO,EAAM,MAAOA,EAAM,IAAMA,EAAM,MAAQ,EAAG,EAAE,EACnDA,EAAM,QAAU,GACjBP,EAAG,QAAQ,EAAE,EAEZO,EAAM,MAAQ,GACfP,EAAG,KAAK,EAAE,EAGhB,CACA,OAAOA,EAAG,KAAK,GAAG,CACpB,EAWArG,EAAK,cAAgB,SAAS6B,EAAS5B,EAAU,CAM/C,GALG,OAAO4B,GAAY,aACpB5B,EAAW4B,EACXA,EAAU,CAAC,GAEbA,EAAUA,GAAW,CAAC,EACnB,UAAW7B,GAAQ,CAAC6B,EAAQ,OAC7B,OAAO5B,EAAS,KAAMD,EAAK,KAAK,EAElC,GAAG,OAAO,UAAc,KACtB,wBAAyB,WACzB,UAAU,oBAAsB,EAChC,OAAAA,EAAK,MAAQ,UAAU,oBAChBC,EAAS,KAAMD,EAAK,KAAK,EAElC,GAAG,OAAO,OAAW,IAEnB,OAAAA,EAAK,MAAQ,EACNC,EAAS,KAAMD,EAAK,KAAK,EAElC,GAAG,OAAO,KAAS,IAEjB,OAAAA,EAAK,MAAQ,EACNC,EAAS,KAAMD,EAAK,KAAK,EAIlC,IAAI6G,EAAU,IAAI,gBAAgB,IAAI,KAAK,CAAC,IAC1C,UAAW,CACT,KAAK,iBAAiB,UAAW,SAASL,EAAG,CAI3C,QAFIM,EAAK,KAAK,IAAI,EACdC,EAAKD,EAAK,EACR,KAAK,IAAI,EAAIC,GAAG,CACtB,KAAK,YAAY,CAAC,GAAID,EAAI,GAAIC,CAAE,CAAC,CACnC,CAAC,CACH,EAAE,SAAS,EACb,KAAK,EAAG,CAAC,KAAM,wBAAwB,CAAC,CAAC,EAGzCC,EAAO,CAAC,EAAG,EAAG,EAAE,EAEhB,SAASA,EAAOxF,EAAKyF,EAASC,EAAY,CACxC,GAAGD,IAAY,EAAG,CAEhB,IAAIE,EAAM,KAAK,MAAM3F,EAAI,OAAO,SAAS2F,EAAKxG,EAAG,CAC/C,OAAOwG,EAAMxG,CACf,EAAG,CAAC,EAAIa,EAAI,MAAM,EAClB,OAAAxB,EAAK,MAAQ,KAAK,IAAI,EAAGmH,CAAG,EAC5B,IAAI,gBAAgBN,CAAO,EACpB5G,EAAS,KAAMD,EAAK,KAAK,CAClC,CACAoH,EAAIF,EAAY,SAASG,EAAKC,EAAS,CACrC9F,EAAI,KAAK+F,EAAOL,EAAYI,CAAO,CAAC,EACpCN,EAAOxF,EAAKyF,EAAU,EAAGC,CAAU,CACrC,CAAC,CACH,CAEA,SAASE,EAAIF,EAAYjH,EAAU,CAGjC,QAFIuH,EAAU,CAAC,EACXF,EAAU,CAAC,EACPrG,EAAI,EAAGA,EAAIiG,EAAY,EAAEjG,EAAG,CAClC,IAAIwG,EAAS,IAAI,OAAOZ,CAAO,EAC/BY,EAAO,iBAAiB,UAAW,SAASjB,EAAG,CAE7C,GADAc,EAAQ,KAAKd,EAAE,IAAI,EAChBc,EAAQ,SAAWJ,EAAY,CAChC,QAAQjG,EAAI,EAAGA,EAAIiG,EAAY,EAAEjG,EAC/BuG,EAAQvG,CAAC,EAAE,UAAU,EAEvBhB,EAAS,KAAMqH,CAAO,CACxB,CACF,CAAC,EACDE,EAAQ,KAAKC,CAAM,CACrB,CACA,QAAQxG,EAAI,EAAGA,EAAIiG,EAAY,EAAEjG,EAC/BuG,EAAQvG,CAAC,EAAE,YAAYA,CAAC,CAE5B,CAEA,SAASsG,EAAOL,EAAYI,EAAS,CAGnC,QADII,EAAW,CAAC,EACR7G,EAAI,EAAGA,EAAIqG,EAAY,EAAErG,EAG/B,QAFI8G,EAAKL,EAAQzG,CAAC,EACd+G,EAAUF,EAAS7G,CAAC,EAAI,CAAC,EACrBI,EAAI,EAAGA,EAAIiG,EAAY,EAAEjG,EAC/B,GAAGJ,IAAMI,EAGT,KAAI4G,EAAKP,EAAQrG,CAAC,GACd0G,EAAG,GAAKE,EAAG,IAAMF,EAAG,GAAKE,EAAG,IAC7BA,EAAG,GAAKF,EAAG,IAAME,EAAG,GAAKF,EAAG,KAC7BC,EAAQ,KAAK3G,CAAC,EAOpB,OAAOyG,EAAS,OAAO,SAASlG,EAAKoG,EAAS,CAC5C,OAAO,KAAK,IAAIpG,EAAKoG,EAAQ,MAAM,CACrC,EAAG,CAAC,CACN,CACF,IC3lFA,IAAAE,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOA,IAAIC,GAAQ,IACZ,KAEAD,GAAO,QAAUC,GAAM,OAASA,GAAM,QAAU,CAAC,EAGjDA,GAAM,OAAO,WAAaA,GAAM,OAAO,YAAc,CAAC,EAetDA,GAAM,OAAO,aAAe,SAASC,EAAWC,EAAK,CACnD,IAAIC,EAAMF,EAOV,GANG,OAAOE,GAAQ,WAChBA,EAAMH,GAAM,OAAO,aAAaG,CAAG,EAChCA,IACDA,EAAMA,EAAI,IAGX,CAACA,EACF,MAAM,IAAI,MAAM,0BAA4BF,CAAS,EAIvD,OAAO,IAAID,GAAM,OAAO,YAAY,CAClC,UAAWG,EACX,IAAKD,EACL,QAAS,EACX,CAAC,CACH,EAeAF,GAAM,OAAO,eAAiB,SAASC,EAAWC,EAAK,CACrD,IAAIC,EAAMF,EAOV,GANG,OAAOE,GAAQ,WAChBA,EAAMH,GAAM,OAAO,aAAaG,CAAG,EAChCA,IACDA,EAAMA,EAAI,IAGX,CAACA,EACF,MAAM,IAAI,MAAM,0BAA4BF,CAAS,EAIvD,OAAO,IAAID,GAAM,OAAO,YAAY,CAClC,UAAWG,EACX,IAAKD,EACL,QAAS,EACX,CAAC,CACH,EASAF,GAAM,OAAO,kBAAoB,SAASI,EAAMH,EAAW,CACzDG,EAAOA,EAAK,YAAY,EACxBJ,GAAM,OAAO,WAAWI,CAAI,EAAIH,CAClC,EASAD,GAAM,OAAO,aAAe,SAASI,EAAM,CAEzC,OADAA,EAAOA,EAAK,YAAY,EACrBA,KAAQJ,GAAM,OAAO,WACfA,GAAM,OAAO,WAAWI,CAAI,EAE9B,IACT,EAEA,IAAIC,GAAcL,GAAM,OAAO,YAAc,SAASM,EAAS,CAC7D,KAAK,UAAYA,EAAQ,UACzB,KAAK,KAAO,KAAK,UAAU,KAC3B,KAAK,UAAY,KAAK,KAAK,UAC3B,KAAK,QAAU,GACf,KAAK,OAAS,KACd,KAAK,OAAS,KACd,KAAK,IAAMA,EAAQ,QAAU,KAAK,KAAK,QAAU,KAAK,KAAK,QAC3D,KAAK,SAAWA,EAAQ,QACxB,KAAK,UAAU,WAAWA,CAAO,CACnC,EA6BAD,GAAY,UAAU,MAAQ,SAASC,EAAS,CAC9CA,EAAUA,GAAW,CAAC,EACtB,IAAIC,EAAO,CAAC,EACZ,QAAQL,KAAOI,EACbC,EAAKL,CAAG,EAAII,EAAQJ,CAAG,EAEzBK,EAAK,QAAU,KAAK,SACpB,KAAK,QAAU,GACf,KAAK,OAASP,GAAM,KAAK,aAAa,EACtC,KAAK,OAASM,EAAQ,QAAUN,GAAM,KAAK,aAAa,EACxD,KAAK,KAAK,MAAMO,CAAI,CACtB,EAOAF,GAAY,UAAU,OAAS,SAASG,EAAO,CAO7C,IANGA,GAED,KAAK,OAAO,UAAUA,CAAK,EAIvB,CAAC,KAAK,IAAI,KAAK,KAAK,KAAM,KAAK,OAAQ,KAAK,OAAQ,KAAK,OAAO,GACpE,CAAC,KAAK,SAAS,CAGjB,KAAK,OAAO,QAAQ,CACtB,EAUAH,GAAY,UAAU,OAAS,SAASI,EAAK,CAGxCA,IAAQ,KAAK,KAAK,OAAS,OAAS,KAAK,KAAK,OAAS,SACxD,KAAK,KAAK,IAAM,SAASD,EAAO,CAC9B,OAAOC,EAAI,KAAK,UAAWD,EAAO,EAAK,CACzC,EACA,KAAK,KAAK,MAAQ,SAASE,EAAQ,CACjC,OAAOD,EAAI,KAAK,UAAWC,EAAQ,EAAI,CACzC,GAIF,IAAIJ,EAAU,CAAC,EAsBf,OArBAA,EAAQ,QAAU,KAAK,SAGvBA,EAAQ,SAAW,KAAK,OAAO,OAAO,EAAI,KAAK,UAE5C,GAAC,KAAK,UAAY,KAAK,KAAK,KAC1B,CAAC,KAAK,KAAK,IAAI,KAAK,OAAQA,CAAO,IAMxC,KAAK,QAAU,GACf,KAAK,OAAO,EAET,KAAK,UAAY,KAAK,KAAK,OACzB,CAAC,KAAK,KAAK,MAAM,KAAK,OAAQA,CAAO,IAKvC,KAAK,KAAK,aACR,CAAC,KAAK,KAAK,YAAY,KAAK,OAAQA,CAAO,EAMlD,ICrOA,IAAAK,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOA,IAAIC,GAAQ,IACZ,KAEAA,GAAM,OAASA,GAAM,QAAU,CAAC,EAGhC,IAAIC,EAAQF,GAAO,QAAUC,GAAM,OAAO,MAAQA,GAAM,OAAO,OAAS,CAAC,EAIzEC,EAAM,IAAM,SAASC,EAAS,CAC5BA,EAAUA,GAAW,CAAC,EACtB,KAAK,KAAO,MACZ,KAAK,OAASA,EAAQ,OACtB,KAAK,UAAYA,EAAQ,WAAa,GACtC,KAAK,MAAQ,KAAK,UAAY,EAC9B,KAAK,SAAW,IAAI,MAAM,KAAK,KAAK,EACpC,KAAK,UAAY,IAAI,MAAM,KAAK,KAAK,CACvC,EAEAD,EAAM,IAAI,UAAU,MAAQ,SAASC,EAAS,CAAC,EAE/CD,EAAM,IAAI,UAAU,QAAU,SAASE,EAAOC,EAAQC,EAAQ,CAE5D,GAAGF,EAAM,OAAO,EAAI,KAAK,WAAa,EAAEE,GAAUF,EAAM,OAAO,EAAI,GACjE,MAAO,GAIT,QAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,SAASA,CAAC,EAAIH,EAAM,SAAS,EAIpC,KAAK,OAAO,QAAQ,KAAK,SAAU,KAAK,SAAS,EAGjD,QAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/BF,EAAO,SAAS,KAAK,UAAUE,CAAC,CAAC,CAErC,EAEAL,EAAM,IAAI,UAAU,QAAU,SAASE,EAAOC,EAAQC,EAAQ,CAE5D,GAAGF,EAAM,OAAO,EAAI,KAAK,WAAa,EAAEE,GAAUF,EAAM,OAAO,EAAI,GACjE,MAAO,GAIT,QAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,SAASA,CAAC,EAAIH,EAAM,SAAS,EAIpC,KAAK,OAAO,QAAQ,KAAK,SAAU,KAAK,SAAS,EAGjD,QAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/BF,EAAO,SAAS,KAAK,UAAUE,CAAC,CAAC,CAErC,EAEAL,EAAM,IAAI,UAAU,IAAM,SAASE,EAAOD,EAAS,CAGjD,IAAIK,EAAWJ,EAAM,OAAO,IAAM,KAAK,UACrC,KAAK,UAAa,KAAK,UAAYA,EAAM,OAAO,EAClD,OAAAA,EAAM,aAAaI,EAASA,CAAO,EAC5B,EACT,EAEAN,EAAM,IAAI,UAAU,MAAQ,SAASG,EAAQF,EAAS,CAEpD,GAAGA,EAAQ,SAAW,EACpB,MAAO,GAIT,IAAIM,EAAMJ,EAAO,OAAO,EACpBK,EAAQL,EAAO,GAAGI,EAAM,CAAC,EAC7B,OAAGC,EAAS,KAAK,WAAa,EACrB,IAITL,EAAO,SAASK,CAAK,EACd,GACT,EAIAR,EAAM,IAAM,SAASC,EAAS,CAC5BA,EAAUA,GAAW,CAAC,EACtB,KAAK,KAAO,MACZ,KAAK,OAASA,EAAQ,OACtB,KAAK,UAAYA,EAAQ,WAAa,GACtC,KAAK,MAAQ,KAAK,UAAY,EAC9B,KAAK,SAAW,IAAI,MAAM,KAAK,KAAK,EACpC,KAAK,UAAY,IAAI,MAAM,KAAK,KAAK,CACvC,EAEAD,EAAM,IAAI,UAAU,MAAQ,SAASC,EAAS,CAG5C,GAAGA,EAAQ,KAAO,KAAM,CAEtB,GAAG,CAAC,KAAK,MACP,MAAM,IAAI,MAAM,uBAAuB,EAEzC,KAAK,IAAM,KAAK,MAAM,MAAM,CAAC,CAC/B,SAAY,OAAQA,EAIlB,KAAK,IAAMQ,GAAYR,EAAQ,GAAI,KAAK,SAAS,EACjD,KAAK,MAAQ,KAAK,IAAI,MAAM,CAAC,MAJ7B,OAAM,IAAI,MAAM,uBAAuB,CAM3C,EAEAD,EAAM,IAAI,UAAU,QAAU,SAASE,EAAOC,EAAQC,EAAQ,CAE5D,GAAGF,EAAM,OAAO,EAAI,KAAK,WAAa,EAAEE,GAAUF,EAAM,OAAO,EAAI,GACjE,MAAO,GAKT,QAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,SAASA,CAAC,EAAI,KAAK,MAAMA,CAAC,EAAIH,EAAM,SAAS,EAIpD,KAAK,OAAO,QAAQ,KAAK,SAAU,KAAK,SAAS,EAGjD,QAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/BF,EAAO,SAAS,KAAK,UAAUE,CAAC,CAAC,EAEnC,KAAK,MAAQ,KAAK,SACpB,EAEAL,EAAM,IAAI,UAAU,QAAU,SAASE,EAAOC,EAAQC,EAAQ,CAE5D,GAAGF,EAAM,OAAO,EAAI,KAAK,WAAa,EAAEE,GAAUF,EAAM,OAAO,EAAI,GACjE,MAAO,GAIT,QAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,SAASA,CAAC,EAAIH,EAAM,SAAS,EAIpC,KAAK,OAAO,QAAQ,KAAK,SAAU,KAAK,SAAS,EAIjD,QAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/BF,EAAO,SAAS,KAAK,MAAME,CAAC,EAAI,KAAK,UAAUA,CAAC,CAAC,EAEnD,KAAK,MAAQ,KAAK,SAAS,MAAM,CAAC,CACpC,EAEAL,EAAM,IAAI,UAAU,IAAM,SAASE,EAAOD,EAAS,CAGjD,IAAIK,EAAWJ,EAAM,OAAO,IAAM,KAAK,UACrC,KAAK,UAAa,KAAK,UAAYA,EAAM,OAAO,EAClD,OAAAA,EAAM,aAAaI,EAASA,CAAO,EAC5B,EACT,EAEAN,EAAM,IAAI,UAAU,MAAQ,SAASG,EAAQF,EAAS,CAEpD,GAAGA,EAAQ,SAAW,EACpB,MAAO,GAIT,IAAIM,EAAMJ,EAAO,OAAO,EACpBK,EAAQL,EAAO,GAAGI,EAAM,CAAC,EAC7B,OAAGC,EAAS,KAAK,WAAa,EACrB,IAITL,EAAO,SAASK,CAAK,EACd,GACT,EAIAR,EAAM,IAAM,SAASC,EAAS,CAC5BA,EAAUA,GAAW,CAAC,EACtB,KAAK,KAAO,MACZ,KAAK,OAASA,EAAQ,OACtB,KAAK,UAAYA,EAAQ,WAAa,GACtC,KAAK,MAAQ,KAAK,UAAY,EAC9B,KAAK,SAAW,KAChB,KAAK,UAAY,IAAI,MAAM,KAAK,KAAK,EACrC,KAAK,cAAgB,IAAI,MAAM,KAAK,KAAK,EACzC,KAAK,eAAiBF,GAAM,KAAK,aAAa,EAC9C,KAAK,cAAgB,CACvB,EAEAC,EAAM,IAAI,UAAU,MAAQ,SAASC,EAAS,CAC5C,GAAG,EAAE,OAAQA,GACX,MAAM,IAAI,MAAM,uBAAuB,EAGzC,KAAK,IAAMQ,GAAYR,EAAQ,GAAI,KAAK,SAAS,EACjD,KAAK,SAAW,KAAK,IAAI,MAAM,CAAC,EAChC,KAAK,cAAgB,CACvB,EAEAD,EAAM,IAAI,UAAU,QAAU,SAASE,EAAOC,EAAQC,EAAQ,CAE5D,IAAIM,EAAcR,EAAM,OAAO,EAC/B,GAAGQ,IAAgB,EACjB,MAAO,GAOT,GAHA,KAAK,OAAO,QAAQ,KAAK,SAAU,KAAK,SAAS,EAG9C,KAAK,gBAAkB,GAAKA,GAAe,KAAK,UAAW,CAE5D,QAAQL,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,SAASA,CAAC,EAAIH,EAAM,SAAS,EAAI,KAAK,UAAUG,CAAC,EACtDF,EAAO,SAAS,KAAK,SAASE,CAAC,CAAC,EAElC,MACF,CAGA,IAAIM,GAAgB,KAAK,UAAYD,GAAe,KAAK,UACtDC,EAAe,IAChBA,EAAe,KAAK,UAAYA,GAIlC,KAAK,eAAe,MAAM,EAC1B,QAAQN,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,cAAcA,CAAC,EAAIH,EAAM,SAAS,EAAI,KAAK,UAAUG,CAAC,EAC3D,KAAK,eAAe,SAAS,KAAK,cAAcA,CAAC,CAAC,EAGpD,GAAGM,EAAe,EAEhBT,EAAM,MAAQ,KAAK,cAGnB,SAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,SAASA,CAAC,EAAI,KAAK,cAAcA,CAAC,EAS3C,GAJG,KAAK,cAAgB,GACtB,KAAK,eAAe,SAAS,KAAK,aAAa,EAG9CM,EAAe,GAAK,CAACP,EACtB,OAAAD,EAAO,SAAS,KAAK,eAAe,SAClCQ,EAAe,KAAK,aAAa,CAAC,EACpC,KAAK,cAAgBA,EACd,GAGTR,EAAO,SAAS,KAAK,eAAe,SAClCO,EAAc,KAAK,aAAa,CAAC,EACnC,KAAK,cAAgB,CACvB,EAEAV,EAAM,IAAI,UAAU,QAAU,SAASE,EAAOC,EAAQC,EAAQ,CAE5D,IAAIM,EAAcR,EAAM,OAAO,EAC/B,GAAGQ,IAAgB,EACjB,MAAO,GAOT,GAHA,KAAK,OAAO,QAAQ,KAAK,SAAU,KAAK,SAAS,EAG9C,KAAK,gBAAkB,GAAKA,GAAe,KAAK,UAAW,CAE5D,QAAQL,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,SAASA,CAAC,EAAIH,EAAM,SAAS,EAClCC,EAAO,SAAS,KAAK,SAASE,CAAC,EAAI,KAAK,UAAUA,CAAC,CAAC,EAEtD,MACF,CAGA,IAAIM,GAAgB,KAAK,UAAYD,GAAe,KAAK,UACtDC,EAAe,IAChBA,EAAe,KAAK,UAAYA,GAIlC,KAAK,eAAe,MAAM,EAC1B,QAAQN,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,cAAcA,CAAC,EAAIH,EAAM,SAAS,EACvC,KAAK,eAAe,SAAS,KAAK,cAAcG,CAAC,EAAI,KAAK,UAAUA,CAAC,CAAC,EAGxE,GAAGM,EAAe,EAEhBT,EAAM,MAAQ,KAAK,cAGnB,SAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,SAASA,CAAC,EAAI,KAAK,cAAcA,CAAC,EAS3C,GAJG,KAAK,cAAgB,GACtB,KAAK,eAAe,SAAS,KAAK,aAAa,EAG9CM,EAAe,GAAK,CAACP,EACtB,OAAAD,EAAO,SAAS,KAAK,eAAe,SAClCQ,EAAe,KAAK,aAAa,CAAC,EACpC,KAAK,cAAgBA,EACd,GAGTR,EAAO,SAAS,KAAK,eAAe,SAClCO,EAAc,KAAK,aAAa,CAAC,EACnC,KAAK,cAAgB,CACvB,EAIAV,EAAM,IAAM,SAASC,EAAS,CAC5BA,EAAUA,GAAW,CAAC,EACtB,KAAK,KAAO,MACZ,KAAK,OAASA,EAAQ,OACtB,KAAK,UAAYA,EAAQ,WAAa,GACtC,KAAK,MAAQ,KAAK,UAAY,EAC9B,KAAK,SAAW,KAChB,KAAK,UAAY,IAAI,MAAM,KAAK,KAAK,EACrC,KAAK,eAAiBF,GAAM,KAAK,aAAa,EAC9C,KAAK,cAAgB,CACvB,EAEAC,EAAM,IAAI,UAAU,MAAQ,SAASC,EAAS,CAC5C,GAAG,EAAE,OAAQA,GACX,MAAM,IAAI,MAAM,uBAAuB,EAGzC,KAAK,IAAMQ,GAAYR,EAAQ,GAAI,KAAK,SAAS,EACjD,KAAK,SAAW,KAAK,IAAI,MAAM,CAAC,EAChC,KAAK,cAAgB,CACvB,EAEAD,EAAM,IAAI,UAAU,QAAU,SAASE,EAAOC,EAAQC,EAAQ,CAE5D,IAAIM,EAAcR,EAAM,OAAO,EAC/B,GAAGA,EAAM,OAAO,IAAM,EACpB,MAAO,GAOT,GAHA,KAAK,OAAO,QAAQ,KAAK,SAAU,KAAK,SAAS,EAG9C,KAAK,gBAAkB,GAAKQ,GAAe,KAAK,UAAW,CAE5D,QAAQL,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/BF,EAAO,SAASD,EAAM,SAAS,EAAI,KAAK,UAAUG,CAAC,CAAC,EACpD,KAAK,SAASA,CAAC,EAAI,KAAK,UAAUA,CAAC,EAErC,MACF,CAGA,IAAIM,GAAgB,KAAK,UAAYD,GAAe,KAAK,UACtDC,EAAe,IAChBA,EAAe,KAAK,UAAYA,GAIlC,KAAK,eAAe,MAAM,EAC1B,QAAQN,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,eAAe,SAASH,EAAM,SAAS,EAAI,KAAK,UAAUG,CAAC,CAAC,EAGnE,GAAGM,EAAe,EAEhBT,EAAM,MAAQ,KAAK,cAGnB,SAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,SAASA,CAAC,EAAI,KAAK,UAAUA,CAAC,EASvC,GAJG,KAAK,cAAgB,GACtB,KAAK,eAAe,SAAS,KAAK,aAAa,EAG9CM,EAAe,GAAK,CAACP,EACtB,OAAAD,EAAO,SAAS,KAAK,eAAe,SAClCQ,EAAe,KAAK,aAAa,CAAC,EACpC,KAAK,cAAgBA,EACd,GAGTR,EAAO,SAAS,KAAK,eAAe,SAClCO,EAAc,KAAK,aAAa,CAAC,EACnC,KAAK,cAAgB,CACvB,EAEAV,EAAM,IAAI,UAAU,QAAUA,EAAM,IAAI,UAAU,QAIlDA,EAAM,IAAM,SAASC,EAAS,CAC5BA,EAAUA,GAAW,CAAC,EACtB,KAAK,KAAO,MACZ,KAAK,OAASA,EAAQ,OACtB,KAAK,UAAYA,EAAQ,WAAa,GACtC,KAAK,MAAQ,KAAK,UAAY,EAC9B,KAAK,SAAW,KAChB,KAAK,UAAY,IAAI,MAAM,KAAK,KAAK,EACrC,KAAK,eAAiBF,GAAM,KAAK,aAAa,EAC9C,KAAK,cAAgB,CACvB,EAEAC,EAAM,IAAI,UAAU,MAAQ,SAASC,EAAS,CAC5C,GAAG,EAAE,OAAQA,GACX,MAAM,IAAI,MAAM,uBAAuB,EAGzC,KAAK,IAAMQ,GAAYR,EAAQ,GAAI,KAAK,SAAS,EACjD,KAAK,SAAW,KAAK,IAAI,MAAM,CAAC,EAChC,KAAK,cAAgB,CACvB,EAEAD,EAAM,IAAI,UAAU,QAAU,SAASE,EAAOC,EAAQC,EAAQ,CAE5D,IAAIM,EAAcR,EAAM,OAAO,EAC/B,GAAGQ,IAAgB,EACjB,MAAO,GAOT,GAHA,KAAK,OAAO,QAAQ,KAAK,SAAU,KAAK,SAAS,EAG9C,KAAK,gBAAkB,GAAKA,GAAe,KAAK,UAEjD,QAAQL,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/BF,EAAO,SAASD,EAAM,SAAS,EAAI,KAAK,UAAUG,CAAC,CAAC,MAEjD,CAEL,IAAIM,GAAgB,KAAK,UAAYD,GAAe,KAAK,UACtDC,EAAe,IAChBA,EAAe,KAAK,UAAYA,GAIlC,KAAK,eAAe,MAAM,EAC1B,QAAQN,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,eAAe,SAASH,EAAM,SAAS,EAAI,KAAK,UAAUG,CAAC,CAAC,EAanE,GAVGM,EAAe,IAEhBT,EAAM,MAAQ,KAAK,WAIlB,KAAK,cAAgB,GACtB,KAAK,eAAe,SAAS,KAAK,aAAa,EAG9CS,EAAe,GAAK,CAACP,EACtB,OAAAD,EAAO,SAAS,KAAK,eAAe,SAClCQ,EAAe,KAAK,aAAa,CAAC,EACpC,KAAK,cAAgBA,EACd,GAGTR,EAAO,SAAS,KAAK,eAAe,SAClCO,EAAc,KAAK,aAAa,CAAC,EACnC,KAAK,cAAgB,CACvB,CAGAE,GAAM,KAAK,QAAQ,CACrB,EAEAZ,EAAM,IAAI,UAAU,QAAUA,EAAM,IAAI,UAAU,QAIlDA,EAAM,IAAM,SAASC,EAAS,CAC5BA,EAAUA,GAAW,CAAC,EACtB,KAAK,KAAO,MACZ,KAAK,OAASA,EAAQ,OACtB,KAAK,UAAYA,EAAQ,WAAa,GACtC,KAAK,MAAQ,KAAK,UAAY,EAC9B,KAAK,SAAW,IAAI,MAAM,KAAK,KAAK,EACpC,KAAK,UAAY,IAAI,MAAM,KAAK,KAAK,EACrC,KAAK,eAAiBF,GAAM,KAAK,aAAa,EAC9C,KAAK,cAAgB,EAKrB,KAAK,GAAK,UACZ,EAEAC,EAAM,IAAI,UAAU,MAAQ,SAASC,EAAS,CAC5C,GAAG,EAAE,OAAQA,GACX,MAAM,IAAI,MAAM,uBAAuB,EAGzC,IAAIY,EAAKd,GAAM,KAAK,aAAaE,EAAQ,EAAE,EAG3C,KAAK,cAAgB,EAGrB,IAAIa,EAgBJ,GAfG,mBAAoBb,EACrBa,EAAiBf,GAAM,KAAK,aAAaE,EAAQ,cAAc,EAE/Da,EAAiBf,GAAM,KAAK,aAAa,EAIxC,cAAeE,EAChB,KAAK,WAAaA,EAAQ,UAE1B,KAAK,WAAa,IAIpB,KAAK,KAAO,KACTA,EAAQ,UAET,KAAK,KAAOF,GAAM,KAAK,aAAaE,EAAQ,GAAG,EAAE,SAAS,EACvD,KAAK,KAAK,SAAY,KAAK,WAAa,GACzC,MAAM,IAAI,MAAM,+CAA+C,EAKnE,KAAK,WAAa,IAAI,MAAM,KAAK,KAAK,EAGtC,KAAK,IAAM,KAIX,KAAK,YAAc,IAAI,MAAM,KAAK,KAAK,EACvC,KAAK,OAAO,QAAQ,CAAC,EAAG,EAAG,EAAG,CAAC,EAAG,KAAK,WAAW,EAMlD,KAAK,cAAgB,EACrB,KAAK,GAAK,KAAK,kBAAkB,KAAK,YAAa,KAAK,aAAa,EAKrE,IAAIc,EAAWF,EAAG,OAAO,EACzB,GAAGE,IAAa,GAEd,KAAK,IAAM,CAACF,EAAG,SAAS,EAAGA,EAAG,SAAS,EAAGA,EAAG,SAAS,EAAG,CAAC,MACrD,CAGL,IADA,KAAK,IAAM,CAAC,EAAG,EAAG,EAAG,CAAC,EAChBA,EAAG,OAAO,EAAI,GAClB,KAAK,IAAM,KAAK,MACd,KAAK,YAAa,KAAK,IACvB,CAACA,EAAG,SAAS,EAAGA,EAAG,SAAS,EAAGA,EAAG,SAAS,EAAGA,EAAG,SAAS,CAAC,CAAC,EAEhE,KAAK,IAAM,KAAK,MACd,KAAK,YAAa,KAAK,IAAK,CAAC,EAAG,CAAC,EAAE,OAAOG,GAAWD,EAAW,CAAC,CAAC,CAAC,CACvE,CAGA,KAAK,SAAW,KAAK,IAAI,MAAM,CAAC,EAChCH,GAAM,KAAK,QAAQ,EACnB,KAAK,cAAgB,EAGrBE,EAAiBf,GAAM,KAAK,aAAae,CAAc,EAEvD,KAAK,aAAeE,GAAWF,EAAe,OAAO,EAAI,CAAC,EAE1D,IAAIG,EAAWH,EAAe,OAAO,EAAI,KAAK,UAK9C,IAJGG,GACDH,EAAe,aAAa,EAAG,KAAK,UAAYG,CAAQ,EAE1D,KAAK,GAAK,CAAC,EAAG,EAAG,EAAG,CAAC,EACfH,EAAe,OAAO,EAAI,GAC9B,KAAK,GAAK,KAAK,MAAM,KAAK,YAAa,KAAK,GAAI,CAC9CA,EAAe,SAAS,EACxBA,EAAe,SAAS,EACxBA,EAAe,SAAS,EACxBA,EAAe,SAAS,CAC1B,CAAC,CAEL,EAEAd,EAAM,IAAI,UAAU,QAAU,SAASE,EAAOC,EAAQC,EAAQ,CAE5D,IAAIM,EAAcR,EAAM,OAAO,EAC/B,GAAGQ,IAAgB,EACjB,MAAO,GAOT,GAHA,KAAK,OAAO,QAAQ,KAAK,SAAU,KAAK,SAAS,EAG9C,KAAK,gBAAkB,GAAKA,GAAe,KAAK,UAAW,CAE5D,QAAQL,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/BF,EAAO,SAAS,KAAK,UAAUE,CAAC,GAAKH,EAAM,SAAS,CAAC,EAEvD,KAAK,eAAiB,KAAK,SAC7B,KAAO,CAEL,IAAIS,GAAgB,KAAK,UAAYD,GAAe,KAAK,UACtDC,EAAe,IAChBA,EAAe,KAAK,UAAYA,GAIlC,KAAK,eAAe,MAAM,EAC1B,QAAQN,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,eAAe,SAASH,EAAM,SAAS,EAAI,KAAK,UAAUG,CAAC,CAAC,EAGnE,GAAGM,GAAgB,GAAKP,EAAQ,CAE9B,GAAGA,EAAQ,CAET,IAAIa,EAAWP,EAAc,KAAK,UAClC,KAAK,eAAiBO,EAEtB,KAAK,eAAe,SAAS,KAAK,UAAYA,CAAQ,CACxD,MACE,KAAK,eAAiB,KAAK,UAI7B,QAAQZ,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/B,KAAK,UAAUA,CAAC,EAAI,KAAK,eAAe,SAAS,EAEnD,KAAK,eAAe,MAAQ,KAAK,SACnC,CAOA,GAJG,KAAK,cAAgB,GACtB,KAAK,eAAe,SAAS,KAAK,aAAa,EAG9CM,EAAe,GAAK,CAACP,EAGtB,OAAAF,EAAM,MAAQ,KAAK,UACnBC,EAAO,SAAS,KAAK,eAAe,SAClCQ,EAAe,KAAK,aAAa,CAAC,EACpC,KAAK,cAAgBA,EACd,GAGTR,EAAO,SAAS,KAAK,eAAe,SAClCO,EAAc,KAAK,aAAa,CAAC,EACnC,KAAK,cAAgB,CACvB,CAGA,KAAK,GAAK,KAAK,MAAM,KAAK,YAAa,KAAK,GAAI,KAAK,SAAS,EAG9DE,GAAM,KAAK,QAAQ,CACrB,EAEAZ,EAAM,IAAI,UAAU,QAAU,SAASE,EAAOC,EAAQC,EAAQ,CAE5D,IAAIM,EAAcR,EAAM,OAAO,EAC/B,GAAGQ,EAAc,KAAK,WAAa,EAAEN,GAAUM,EAAc,GAC3D,MAAO,GAIT,KAAK,OAAO,QAAQ,KAAK,SAAU,KAAK,SAAS,EAGjDE,GAAM,KAAK,QAAQ,EAGnB,KAAK,WAAW,CAAC,EAAIV,EAAM,SAAS,EACpC,KAAK,WAAW,CAAC,EAAIA,EAAM,SAAS,EACpC,KAAK,WAAW,CAAC,EAAIA,EAAM,SAAS,EACpC,KAAK,WAAW,CAAC,EAAIA,EAAM,SAAS,EACpC,KAAK,GAAK,KAAK,MAAM,KAAK,YAAa,KAAK,GAAI,KAAK,UAAU,EAG/D,QAAQG,EAAI,EAAGA,EAAI,KAAK,MAAO,EAAEA,EAC/BF,EAAO,SAAS,KAAK,UAAUE,CAAC,EAAI,KAAK,WAAWA,CAAC,CAAC,EAIrDK,EAAc,KAAK,UACpB,KAAK,eAAiBA,EAAc,KAAK,UAEzC,KAAK,eAAiB,KAAK,SAE/B,EAEAV,EAAM,IAAI,UAAU,YAAc,SAASG,EAAQF,EAAS,CAC1D,IAAIiB,EAAO,GAGRjB,EAAQ,SAAWA,EAAQ,UAC5BE,EAAO,SAAS,KAAK,UAAYF,EAAQ,QAAQ,EAInD,KAAK,IAAMF,GAAM,KAAK,aAAa,EAGnC,IAAIoB,EAAU,KAAK,aAAa,OAAOH,GAAW,KAAK,cAAgB,CAAC,CAAC,EAGzE,KAAK,GAAK,KAAK,MAAM,KAAK,YAAa,KAAK,GAAIG,CAAO,EAGvD,IAAIC,EAAM,CAAC,EACX,KAAK,OAAO,QAAQ,KAAK,IAAKA,CAAG,EACjC,QAAQ,EAAI,EAAG,EAAI,KAAK,MAAO,EAAE,EAC/B,KAAK,IAAI,SAAS,KAAK,GAAG,CAAC,EAAIA,EAAI,CAAC,CAAC,EAIvC,YAAK,IAAI,SAAS,KAAK,IAAI,OAAO,GAAK,KAAK,WAAa,EAAE,EAGxDnB,EAAQ,SAAW,KAAK,IAAI,MAAM,IAAM,KAAK,OAC9CiB,EAAO,IAGFA,CACT,EA2BAlB,EAAM,IAAI,UAAU,SAAW,SAASqB,EAAGC,EAAG,CAK5C,QAJIC,EAAM,CAAC,EAAG,EAAG,EAAG,CAAC,EACjBC,EAAMF,EAAE,MAAM,CAAC,EAGXjB,EAAI,EAAGA,EAAI,IAAK,EAAEA,EAAG,CAI3B,IAAIoB,EAAMJ,EAAGhB,EAAI,GAAM,CAAC,EAAK,GAAM,GAAKA,EAAI,GACzCoB,IACDF,EAAI,CAAC,GAAKC,EAAI,CAAC,EACfD,EAAI,CAAC,GAAKC,EAAI,CAAC,EACfD,EAAI,CAAC,GAAKC,EAAI,CAAC,EACfD,EAAI,CAAC,GAAKC,EAAI,CAAC,GAKjB,KAAK,IAAIA,EAAKA,CAAG,CACnB,CAEA,OAAOD,CACT,EAEAvB,EAAM,IAAI,UAAU,IAAM,SAASqB,EAAGK,EAAK,CASzC,QANIC,EAAMN,EAAE,CAAC,EAAI,EAMThB,EAAI,EAAGA,EAAI,EAAG,EAAEA,EACtBqB,EAAIrB,CAAC,EAAKgB,EAAEhB,CAAC,IAAM,GAAOgB,EAAEhB,EAAI,CAAC,EAAI,IAAM,GAG7CqB,EAAI,CAAC,EAAIL,EAAE,CAAC,IAAM,EAKfM,IACDD,EAAI,CAAC,GAAK,KAAK,GAEnB,EAEA1B,EAAM,IAAI,UAAU,cAAgB,SAASqB,EAAG,CAG9C,QADIO,EAAI,CAAC,EAAG,EAAG,EAAG,CAAC,EACXvB,EAAI,EAAGA,EAAI,GAAI,EAAEA,EAAG,CAC1B,IAAIwB,EAAOxB,EAAI,EAAK,EAChBoB,EAAOJ,EAAEQ,CAAG,KAAQ,EAAKxB,EAAI,GAAM,EAAM,GACzCyB,EAAK,KAAK,GAAGzB,CAAC,EAAEoB,CAAG,EACvBG,EAAE,CAAC,GAAKE,EAAG,CAAC,EACZF,EAAE,CAAC,GAAKE,EAAG,CAAC,EACZF,EAAE,CAAC,GAAKE,EAAG,CAAC,EACZF,EAAE,CAAC,GAAKE,EAAG,CAAC,CACd,CACA,OAAOF,CACT,EAaA5B,EAAM,IAAI,UAAU,MAAQ,SAAS+B,EAAGT,EAAGD,EAAG,CAC5C,OAAAC,EAAE,CAAC,GAAKD,EAAE,CAAC,EACXC,EAAE,CAAC,GAAKD,EAAE,CAAC,EACXC,EAAE,CAAC,GAAKD,EAAE,CAAC,EACXC,EAAE,CAAC,GAAKD,EAAE,CAAC,EACJ,KAAK,cAAcC,CAAC,CAE7B,EAiBAtB,EAAM,IAAI,UAAU,kBAAoB,SAAS+B,EAAGC,EAAM,CAQxD,QAJIC,EAAa,EAAID,EACjBE,EAAS,EAAID,EACbE,EAAO,GAAKF,EACZG,EAAI,IAAI,MAAMD,CAAI,EACd9B,EAAI,EAAGA,EAAI8B,EAAM,EAAE9B,EAAG,CAC5B,IAAIgC,EAAM,CAAC,EAAG,EAAG,EAAG,CAAC,EACjBR,EAAOxB,EAAI6B,EAAU,EACrBI,GAASJ,EAAS,EAAK7B,EAAI6B,GAAWF,EAC1CK,EAAIR,CAAG,EAAK,GAAMG,EAAO,GAAOM,EAChCF,EAAE/B,CAAC,EAAI,KAAK,qBAAqB,KAAK,SAASgC,EAAKN,CAAC,EAAGC,CAAI,CAC9D,CACA,OAAOI,CACT,EASApC,EAAM,IAAI,UAAU,qBAAuB,SAASuC,EAAKP,EAAM,CAI7D,IAAIG,EAAO,GAAKH,EACZQ,EAAOL,IAAS,EAChBC,EAAI,IAAI,MAAMD,CAAI,EACtBC,EAAEI,CAAI,EAAID,EAAI,MAAM,CAAC,EAErB,QADI,EAAIC,IAAS,EACX,EAAI,GAER,KAAK,IAAIJ,EAAE,EAAI,CAAC,EAAGA,EAAE,CAAC,EAAI,CAAC,CAAC,EAC5B,IAAM,EAGR,IADA,EAAI,EACE,EAAII,GAAM,CACd,QAAQC,EAAI,EAAGA,EAAI,EAAG,EAAEA,EAAG,CACzB,IAAIC,EAAMN,EAAE,CAAC,EACTO,EAAMP,EAAEK,CAAC,EACbL,EAAE,EAAIK,CAAC,EAAI,CACTC,EAAI,CAAC,EAAIC,EAAI,CAAC,EACdD,EAAI,CAAC,EAAIC,EAAI,CAAC,EACdD,EAAI,CAAC,EAAIC,EAAI,CAAC,EACdD,EAAI,CAAC,EAAIC,EAAI,CAAC,CAChB,CACF,CACA,GAAK,CACP,CAIA,IAHAP,EAAE,CAAC,EAAI,CAAC,EAAG,EAAG,EAAG,CAAC,EAGd,EAAII,EAAO,EAAG,EAAIL,EAAM,EAAE,EAAG,CAC/B,IAAIS,EAAIR,EAAE,EAAII,CAAI,EAClBJ,EAAE,CAAC,EAAI,CAACG,EAAI,CAAC,EAAIK,EAAE,CAAC,EAAGL,EAAI,CAAC,EAAIK,EAAE,CAAC,EAAGL,EAAI,CAAC,EAAIK,EAAE,CAAC,EAAGL,EAAI,CAAC,EAAIK,EAAE,CAAC,CAAC,CACpE,CACA,OAAOR,CACT,EAIA,SAAS3B,GAAYI,EAAIgC,EAAW,CAMlC,GALG,OAAOhC,GAAO,WAEfA,EAAKd,GAAM,KAAK,aAAac,CAAE,GAG9Bd,GAAM,KAAK,QAAQc,CAAE,GAAKA,EAAG,OAAS,EAAG,CAE1C,IAAIwB,EAAMxB,EACVA,EAAKd,GAAM,KAAK,aAAa,EAC7B,QAAQM,EAAI,EAAGA,EAAIgC,EAAI,OAAQ,EAAEhC,EAC/BQ,EAAG,QAAQwB,EAAIhC,CAAC,CAAC,CAErB,CAEA,GAAGQ,EAAG,OAAO,EAAIgC,EACf,MAAM,IAAI,MACR,0BAA4BhC,EAAG,OAAO,EACtC,uBAAyBgC,EAAY,SAAS,EAGlD,GAAG,CAAC9C,GAAM,KAAK,QAAQc,CAAE,EAAG,CAI1B,QAFIiC,EAAO,CAAC,EACRC,EAASF,EAAY,EACjBxC,EAAI,EAAGA,EAAI0C,EAAQ,EAAE1C,EAC3ByC,EAAK,KAAKjC,EAAG,SAAS,CAAC,EAEzBA,EAAKiC,CACP,CAEA,OAAOjC,CACT,CAEA,SAASD,GAAMoC,EAAO,CAEpBA,EAAMA,EAAM,OAAS,CAAC,EAAKA,EAAMA,EAAM,OAAS,CAAC,EAAI,EAAK,UAC5D,CAEA,SAAShC,GAAWiC,EAAK,CAEvB,MAAO,CAAEA,EAAM,WAAe,EAAGA,EAAM,UAAU,CACnD,ICt+BA,IAAAC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAiBA,IAAIC,GAAQ,IACZ,KACA,KACA,KAGAD,GAAO,QAAUC,GAAM,IAAMA,GAAM,KAAO,CAAC,EAqB3CA,GAAM,IAAI,gBAAkB,SAASC,EAAKC,EAAIC,EAAQC,EAAM,CAC1D,IAAIC,EAASC,GAAc,CACzB,IAAKL,EACL,OAAQE,EACR,QAAS,GACT,KAAMC,CACR,CAAC,EACD,OAAAC,EAAO,MAAMH,CAAE,EACRG,CACT,EAiBAL,GAAM,IAAI,uBAAyB,SAASC,EAAKG,EAAM,CACrD,OAAOE,GAAc,CACnB,IAAKL,EACL,OAAQ,KACR,QAAS,GACT,KAAMG,CACR,CAAC,CACH,EAqBAJ,GAAM,IAAI,gBAAkB,SAASC,EAAKC,EAAIC,EAAQC,EAAM,CAC1D,IAAIC,EAASC,GAAc,CACzB,IAAKL,EACL,OAAQE,EACR,QAAS,GACT,KAAMC,CACR,CAAC,EACD,OAAAC,EAAO,MAAMH,CAAE,EACRG,CACT,EAiBAL,GAAM,IAAI,uBAAyB,SAASC,EAAKG,EAAM,CACrD,OAAOE,GAAc,CACnB,IAAKL,EACL,OAAQ,KACR,QAAS,GACT,KAAMG,CACR,CAAC,CACH,EAUAJ,GAAM,IAAI,UAAY,SAASO,EAAMH,EAAM,CACrCI,IACFC,GAAW,EAEb,IAAIC,EAAO,KACXA,EAAK,KAAOH,EACZG,EAAK,KAAO,IAAIN,EAAK,CACnB,UAAW,GACX,OAAQ,CACN,QAAS,SAASO,EAASC,EAAU,CACnC,OAAOC,GAAaH,EAAK,GAAIC,EAASC,EAAU,EAAK,CACvD,EACA,QAAS,SAASD,EAASC,EAAU,CACnC,OAAOC,GAAaH,EAAK,GAAIC,EAASC,EAAU,EAAI,CACtD,CACF,CACF,CAAC,EACDF,EAAK,MAAQ,EACf,EAUAV,GAAM,IAAI,UAAU,UAAU,WAAa,SAASc,EAAS,CAC3D,GAAG,MAAK,MAIR,KAAIb,EAAMa,EAAQ,IACdC,EAOJ,GAAG,OAAOd,GAAQ,WACfA,EAAI,SAAW,IAAMA,EAAI,SAAW,IAAMA,EAAI,SAAW,IAE1DA,EAAMD,GAAM,KAAK,aAAaC,CAAG,UACzBD,GAAM,KAAK,QAAQC,CAAG,IAC7BA,EAAI,SAAW,IAAMA,EAAI,SAAW,IAAMA,EAAI,SAAW,IAAK,CAE/Dc,EAAMd,EACNA,EAAMD,GAAM,KAAK,aAAa,EAC9B,QAAQgB,EAAI,EAAGA,EAAID,EAAI,OAAQ,EAAEC,EAC/Bf,EAAI,QAAQc,EAAIC,CAAC,CAAC,CAEtB,CAGA,GAAG,CAAChB,GAAM,KAAK,QAAQC,CAAG,EAAG,CAC3Bc,EAAMd,EACNA,EAAM,CAAC,EAGP,IAAIgB,EAAMF,EAAI,OAAO,EACrB,GAAGE,IAAQ,IAAMA,IAAQ,IAAMA,IAAQ,GAAI,CACzCA,EAAMA,IAAQ,EACd,QAAQD,EAAI,EAAGA,EAAIC,EAAK,EAAED,EACxBf,EAAI,KAAKc,EAAI,SAAS,CAAC,CAE3B,CACF,CAGA,GAAG,CAACf,GAAM,KAAK,QAAQC,CAAG,GACxB,EAAEA,EAAI,SAAW,GAAKA,EAAI,SAAW,GAAKA,EAAI,SAAW,GACzD,MAAM,IAAI,MAAM,wBAAwB,EAI1C,IAAIG,EAAO,KAAK,KAAK,KACjBc,EAAa,CAAC,MAAO,MAAO,MAAO,KAAK,EAAE,QAAQd,CAAI,IAAM,GAGhE,KAAK,GAAKe,GAAWlB,EAAKa,EAAQ,SAAW,CAACI,CAAS,EACvD,KAAK,MAAQ,GACf,EAUAlB,GAAM,IAAI,WAAa,SAASC,EAAKmB,EAAS,CAC5C,OAAIZ,IACFC,GAAW,EAENU,GAAWlB,EAAKmB,CAAO,CAChC,EAUApB,GAAM,IAAI,aAAea,GAIzBQ,GAAkB,UAAWrB,GAAM,OAAO,MAAM,GAAG,EACnDqB,GAAkB,UAAWrB,GAAM,OAAO,MAAM,GAAG,EACnDqB,GAAkB,UAAWrB,GAAM,OAAO,MAAM,GAAG,EACnDqB,GAAkB,UAAWrB,GAAM,OAAO,MAAM,GAAG,EACnDqB,GAAkB,UAAWrB,GAAM,OAAO,MAAM,GAAG,EACnDqB,GAAkB,UAAWrB,GAAM,OAAO,MAAM,GAAG,EAEnD,SAASqB,GAAkBd,EAAMH,EAAM,CACrC,IAAIkB,EAAU,UAAW,CACvB,OAAO,IAAItB,GAAM,IAAI,UAAUO,EAAMH,CAAI,CAC3C,EACAJ,GAAM,OAAO,kBAAkBO,EAAMe,CAAO,CAC9C,CAIA,IAAId,GAAO,GACPe,GAAK,EACLC,GACAC,GACAC,GACAC,GACAC,GAqKJ,SAASnB,IAAa,CACpBD,GAAO,GAePkB,GAAO,CAAC,EAAM,EAAM,EAAM,EAAM,EAAM,GAAM,GAAM,GAAM,IAAM,GAAM,EAAI,EAIxE,QADIG,EAAQ,IAAI,MAAM,GAAG,EACjBb,EAAI,EAAGA,EAAI,IAAK,EAAEA,EACxBa,EAAMb,CAAC,EAAIA,GAAK,EAChBa,EAAMb,EAAI,GAAG,EAAKA,EAAI,KAAQ,EAAI,IAIpCQ,GAAO,IAAI,MAAM,GAAG,EACpBC,GAAQ,IAAI,MAAM,GAAG,EACrBE,GAAM,IAAI,MAAM,CAAC,EACjBC,GAAO,IAAI,MAAM,CAAC,EAClB,QAAQZ,EAAI,EAAGA,EAAI,EAAG,EAAEA,EACtBW,GAAIX,CAAC,EAAI,IAAI,MAAM,GAAG,EACtBY,GAAKZ,CAAC,EAAI,IAAI,MAAM,GAAG,EAGzB,QADIc,EAAI,EAAGC,EAAK,EAAGC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKC,EAAIC,EACpCtB,EAAI,EAAGA,EAAI,IAAK,EAAEA,EAAG,CA6D3BmB,EAAKJ,EAAMA,GAAM,EAAMA,GAAM,EAAMA,GAAM,EAAMA,GAAM,EACrDI,EAAMA,GAAM,EAAMA,EAAK,IAAO,GAG9BX,GAAKM,CAAC,EAAIK,EACVV,GAAMU,CAAE,EAAIL,EAgEZM,EAAMP,EAAMM,CAAE,EACdH,EAAKH,EAAMC,CAAC,EACZG,EAAKJ,EAAMG,CAAE,EACbE,EAAKL,EAAMI,CAAE,EACbI,EACGD,GAAO,GACPD,GAAM,GACNA,GAAM,GACNA,EAAKC,GACRE,GACGN,EAAKC,EAAKC,IAAO,IACjBJ,EAAII,IAAO,IACXJ,EAAIG,EAAKC,IAAO,GAChBJ,EAAIE,EAAKE,GAEZ,QAAQK,EAAI,EAAGA,EAAI,EAAG,EAAEA,EACtBZ,GAAIY,CAAC,EAAET,CAAC,EAAIO,EACZT,GAAKW,CAAC,EAAEJ,CAAE,EAAIG,EAGdD,EAAKA,GAAM,GAAKA,IAAO,EACvBC,EAAMA,GAAO,GAAKA,IAAQ,EAIzBR,IAAM,EAEPA,EAAIC,EAAK,GAITD,EAAIE,EAAKH,EAAMA,EAAMA,EAAMG,EAAKE,CAAE,CAAC,CAAC,EACpCH,GAAMF,EAAMA,EAAME,CAAE,CAAC,EAEzB,CACF,CA0BA,SAASZ,GAAWlB,EAAKmB,EAAS,CAmBhC,QAjBIoB,EAAIvC,EAAI,MAAM,CAAC,EAafwC,EAAMC,EAAM,EACZC,EAAKH,EAAE,OACPI,EAAMD,EAAK,EAAI,EACfE,EAAMtB,GAAKqB,EACP5B,EAAI2B,EAAI3B,EAAI6B,EAAK,EAAE7B,EACzByB,EAAOD,EAAExB,EAAI,CAAC,EACXA,EAAI2B,IAAO,GAEZF,EACEjB,GAAKiB,IAAS,GAAK,GAAG,GAAK,GAC3BjB,GAAKiB,IAAS,EAAI,GAAG,GAAK,GAC1BjB,GAAKiB,EAAO,GAAG,GAAK,EACpBjB,GAAKiB,IAAS,EAAE,EAAKf,GAAKgB,CAAG,GAAK,GACpCA,KACQC,EAAK,GAAM3B,EAAI2B,IAAO,IAE9BF,EACEjB,GAAKiB,IAAS,EAAE,GAAK,GACrBjB,GAAKiB,IAAS,GAAK,GAAG,GAAK,GAC3BjB,GAAKiB,IAAS,EAAI,GAAG,GAAK,EAC1BjB,GAAKiB,EAAO,GAAG,GAEnBD,EAAExB,CAAC,EAAIwB,EAAExB,EAAI2B,CAAE,EAAIF,EAkDrB,GAAGrB,EAAS,CACV,IAAIL,EACA+B,EAAKlB,GAAK,CAAC,EACXmB,EAAKnB,GAAK,CAAC,EACXoB,EAAKpB,GAAK,CAAC,EACXqB,EAAKrB,GAAK,CAAC,EACXsB,EAAOV,EAAE,MAAM,CAAC,EACpBK,EAAML,EAAE,OACR,QAAQxB,EAAI,EAAGmC,EAAKN,EAAMtB,GAAIP,EAAI6B,EAAK7B,GAAKO,GAAI4B,GAAM5B,GAIpD,GAAGP,IAAM,GAAKA,IAAO6B,EAAMtB,GACzB2B,EAAKlC,CAAC,EAAIwB,EAAEW,CAAE,EACdD,EAAKlC,EAAI,CAAC,EAAIwB,EAAEW,EAAK,CAAC,EACtBD,EAAKlC,EAAI,CAAC,EAAIwB,EAAEW,EAAK,CAAC,EACtBD,EAAKlC,EAAI,CAAC,EAAIwB,EAAEW,EAAK,CAAC,MAMtB,SAAQZ,EAAI,EAAGA,EAAIhB,GAAI,EAAEgB,EACvBxB,EAAMyB,EAAEW,EAAKZ,CAAC,EACdW,EAAKlC,GAAK,EAAE,CAACuB,EAAE,EACbO,EAAGtB,GAAKT,IAAQ,EAAE,CAAC,EACnBgC,EAAGvB,GAAKT,IAAQ,GAAK,GAAG,CAAC,EACzBiC,EAAGxB,GAAKT,IAAQ,EAAI,GAAG,CAAC,EACxBkC,EAAGzB,GAAKT,EAAM,GAAG,CAAC,EAI1ByB,EAAIU,CACN,CAEA,OAAOV,CACT,CAWA,SAAS3B,GAAa2B,EAAGY,EAAOjD,EAAQiB,EAAS,CAuC/C,IAAIiC,EAAKb,EAAE,OAAS,EAAI,EACpBM,EAAIC,EAAIC,EAAIC,EAAIK,EACjBlC,GACD0B,EAAKlB,GAAK,CAAC,EACXmB,EAAKnB,GAAK,CAAC,EACXoB,EAAKpB,GAAK,CAAC,EACXqB,EAAKrB,GAAK,CAAC,EACX0B,EAAM7B,KAENqB,EAAKnB,GAAI,CAAC,EACVoB,EAAKpB,GAAI,CAAC,EACVqB,EAAKrB,GAAI,CAAC,EACVsB,EAAKtB,GAAI,CAAC,EACV2B,EAAM9B,IAER,IAAI+B,EAAGC,EAAGC,EAAGC,EAAGC,EAAIC,EAAIC,EACxBN,EAAIH,EAAM,CAAC,EAAIZ,EAAE,CAAC,EAClBgB,EAAIJ,EAAMhC,EAAU,EAAI,CAAC,EAAIoB,EAAE,CAAC,EAChCiB,EAAIL,EAAM,CAAC,EAAIZ,EAAE,CAAC,EAClBkB,EAAIN,EAAMhC,EAAU,EAAI,CAAC,EAAIoB,EAAE,CAAC,EAShC,QARIxB,EAAI,EAQA8C,EAAQ,EAAGA,EAAQT,EAAI,EAAES,EAoH/BH,EACEb,EAAGS,IAAM,EAAE,EACXR,EAAGS,IAAM,GAAK,GAAG,EACjBR,EAAGS,IAAM,EAAI,GAAG,EAChBR,EAAGS,EAAI,GAAG,EAAIlB,EAAE,EAAExB,CAAC,EACrB4C,EACEd,EAAGU,IAAM,EAAE,EACXT,EAAGU,IAAM,GAAK,GAAG,EACjBT,EAAGU,IAAM,EAAI,GAAG,EAChBT,EAAGM,EAAI,GAAG,EAAIf,EAAE,EAAExB,CAAC,EACrB6C,EACEf,EAAGW,IAAM,EAAE,EACXV,EAAGW,IAAM,GAAK,GAAG,EACjBV,EAAGO,IAAM,EAAI,GAAG,EAChBN,EAAGO,EAAI,GAAG,EAAIhB,EAAE,EAAExB,CAAC,EACrB0C,EACEZ,EAAGY,IAAM,EAAE,EACXX,EAAGQ,IAAM,GAAK,GAAG,EACjBP,EAAGQ,IAAM,EAAI,GAAG,EAChBP,EAAGQ,EAAI,GAAG,EAAIjB,EAAE,EAAExB,CAAC,EACrBuC,EAAII,EACJH,EAAII,EACJH,EAAII,EAeN1D,EAAO,CAAC,EACLmD,EAAIC,IAAM,EAAE,GAAK,GACjBD,EAAIE,IAAM,GAAK,GAAG,GAAK,GACvBF,EAAIG,IAAM,EAAI,GAAG,GAAK,EACtBH,EAAII,EAAI,GAAG,EAAKlB,EAAE,EAAExB,CAAC,EACxBb,EAAOiB,EAAU,EAAI,CAAC,EACnBkC,EAAIE,IAAM,EAAE,GAAK,GACjBF,EAAIG,IAAM,GAAK,GAAG,GAAK,GACvBH,EAAII,IAAM,EAAI,GAAG,GAAK,EACtBJ,EAAIC,EAAI,GAAG,EAAKf,EAAE,EAAExB,CAAC,EACxBb,EAAO,CAAC,EACLmD,EAAIG,IAAM,EAAE,GAAK,GACjBH,EAAII,IAAM,GAAK,GAAG,GAAK,GACvBJ,EAAIC,IAAM,EAAI,GAAG,GAAK,EACtBD,EAAIE,EAAI,GAAG,EAAKhB,EAAE,EAAExB,CAAC,EACxBb,EAAOiB,EAAU,EAAI,CAAC,EACnBkC,EAAII,IAAM,EAAE,GAAK,GACjBJ,EAAIC,IAAM,GAAK,GAAG,GAAK,GACvBD,EAAIE,IAAM,EAAI,GAAG,GAAK,EACtBF,EAAIG,EAAI,GAAG,EAAKjB,EAAE,EAAExB,CAAC,CAC1B,CAsBA,SAASV,GAAcQ,EAAS,CAC9BA,EAAUA,GAAW,CAAC,EACtB,IAAIV,GAAQU,EAAQ,MAAQ,OAAO,YAAY,EAC3CiD,EAAY,OAAS3D,EAErBC,EACDS,EAAQ,QACTT,EAASL,GAAM,OAAO,eAAe+D,EAAWjD,EAAQ,GAAG,EAE3DT,EAASL,GAAM,OAAO,aAAa+D,EAAWjD,EAAQ,GAAG,EAI3D,IAAIkD,EAAQ3D,EAAO,MACnB,OAAAA,EAAO,MAAQ,SAASH,EAAIY,EAAS,CAEnC,IAAIX,EAAS,KACVW,aAAmBd,GAAM,KAAK,aAC/BG,EAASW,EACTA,EAAU,CAAC,GAEbA,EAAUA,GAAW,CAAC,EACtBA,EAAQ,OAASX,EACjBW,EAAQ,GAAKZ,EACb8D,EAAM,KAAK3D,EAAQS,CAAO,CAC5B,EAEOT,CACT,IClkCA,IAAA4D,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOA,IAAIC,GAAQ,IAEZA,GAAM,IAAMA,GAAM,KAAO,CAAC,EAC1B,IAAIC,GAAOF,GAAO,QAAUC,GAAM,IAAI,KAAOA,GAAM,KAAOA,GAAM,MAAQ,CAAC,EAGzE,SAASE,EAAIC,EAAIC,EAAM,CACrBH,GAAKE,CAAE,EAAIC,EACXH,GAAKG,CAAI,EAAID,CACf,CAEA,SAASE,GAAIF,EAAIC,EAAM,CACrBH,GAAKE,CAAE,EAAIC,CACb,CAGAF,EAAI,uBAAwB,eAAe,EAI3CA,EAAI,uBAAwB,sBAAsB,EAClDA,EAAI,uBAAwB,uBAAuB,EACnDA,EAAI,uBAAwB,YAAY,EACxCA,EAAI,uBAAwB,MAAM,EAClCA,EAAI,uBAAwB,YAAY,EACxCA,EAAI,wBAAyB,YAAY,EACzCA,EAAI,wBAAyB,yBAAyB,EACtDA,EAAI,wBAAyB,yBAAyB,EACtDA,EAAI,wBAAyB,yBAAyB,EAEtDA,EAAI,cAAe,YAAY,EAE/BA,EAAI,oBAAqB,eAAe,EAExCA,EAAI,eAAgB,QAAQ,EAE5BA,EAAI,gBAAiB,MAAM,EAE3BA,EAAI,gBAAiB,sBAAsB,EAC3CA,EAAI,yBAA0B,QAAQ,EACtCA,EAAI,yBAA0B,QAAQ,EACtCA,EAAI,yBAA0B,QAAQ,EACtCA,EAAI,yBAA0B,QAAQ,EACtCA,EAAI,yBAA0B,YAAY,EAC1CA,EAAI,yBAA0B,YAAY,EAC1CA,EAAI,qBAAsB,KAAK,EAC/BA,EAAI,qBAAsB,KAAK,EAG/BA,EAAI,uBAAwB,MAAM,EAClCA,EAAI,uBAAwB,YAAY,EACxCA,EAAI,uBAAwB,eAAe,EAC3CA,EAAI,uBAAwB,wBAAwB,EACpDA,EAAI,uBAAwB,cAAc,EAC1CA,EAAI,uBAAwB,eAAe,EAG3CA,EAAI,uBAAwB,cAAc,EAC1CA,EAAI,uBAAwB,kBAAkB,EAC9CA,EAAI,uBAAwB,aAAa,EACzCA,EAAI,uBAAwB,eAAe,EAC3CA,EAAI,uBAAwB,aAAa,EACzCA,EAAI,uBAAwB,kBAAkB,EAC9CA,EAAI,uBAAwB,mBAAmB,EAC/CA,EAAI,uBAAwB,qBAAqB,EACjDA,EAAI,wBAAyB,kBAAkB,EAE/CA,EAAI,wBAAyB,cAAc,EAC3CA,EAAI,wBAAyB,YAAY,EACzCA,EAAI,0BAA2B,iBAAiB,EAGhDA,EAAI,6BAA8B,QAAQ,EAC1CA,EAAI,6BAA8B,qBAAqB,EACvDA,EAAI,6BAA8B,SAAS,EAC3CA,EAAI,6BAA8B,QAAQ,EAC1CA,EAAI,6BAA8B,WAAW,EAC7CA,EAAI,6BAA8B,iBAAiB,EAGnDA,EAAI,wBAAyB,YAAY,EACzCA,EAAI,wBAAyB,aAAa,EAE1CA,EAAI,0BAA2B,wBAAwB,EACvDA,EAAI,0BAA2B,uBAAuB,EACtDA,EAAI,0BAA2B,iCAAiC,EAChEA,EAAI,0BAA2B,iCAAiC,EAChEA,EAAI,0BAA2B,4BAA4B,EAC3DA,EAAI,0BAA2B,2BAA2B,EAG1DA,EAAI,qBAAsB,cAAc,EACxCA,EAAI,qBAAsB,gBAAgB,EAC1CA,EAAI,qBAAsB,gBAAgB,EAC1CA,EAAI,sBAAuB,gBAAgB,EAC3CA,EAAI,sBAAuB,gBAAgB,EAG3CA,EAAI,qBAAsB,cAAc,EACxCA,EAAI,yBAA0B,YAAY,EAC1CA,EAAI,0BAA2B,YAAY,EAC3CA,EAAI,0BAA2B,YAAY,EAG3CA,EAAI,UAAW,YAAY,EAC3BA,EAAI,UAAW,SAAS,EACxBA,EAAI,UAAW,cAAc,EAC7BA,EAAI,UAAW,aAAa,EAC5BA,EAAI,UAAW,cAAc,EAC7BA,EAAI,UAAW,qBAAqB,EACpCA,EAAI,UAAW,eAAe,EAC9BA,EAAI,WAAY,kBAAkB,EAClCA,EAAI,WAAY,wBAAwB,EACxCA,EAAI,WAAY,OAAO,EACvBA,EAAI,WAAY,aAAa,EAC7BA,EAAI,WAAY,kBAAkB,EAClCA,EAAI,WAAY,YAAY,EAC5BA,EAAI,WAAY,WAAW,EAC3BA,EAAI,2BAA4B,gDAAgD,EAChFA,EAAI,2BAA4B,wCAAwC,EAGxEA,EAAI,wBAAyB,YAAY,EACzCA,EAAI,yBAA0B,WAAW,EACzCG,GAAI,WAAY,wBAAwB,EACxCA,GAAI,WAAY,eAAe,EAC/BA,GAAI,WAAY,qBAAqB,EACrCA,GAAI,WAAY,qBAAqB,EACrCA,GAAI,WAAY,eAAe,EAC/BA,GAAI,WAAY,oBAAoB,EACpCA,GAAI,WAAY,gBAAgB,EAChCA,GAAI,WAAY,eAAe,EAC/BA,GAAI,WAAY,4BAA4B,EAC5CA,GAAI,YAAa,kBAAkB,EACnCA,GAAI,YAAa,iBAAiB,EAClCA,GAAI,YAAa,mBAAmB,EACpCA,GAAI,YAAa,kBAAkB,EACnCH,EAAI,YAAa,sBAAsB,EACvCA,EAAI,YAAa,UAAU,EAC3BG,GAAI,YAAa,uBAAuB,EACxCH,EAAI,YAAa,gBAAgB,EACjCA,EAAI,YAAa,eAAe,EAChCA,EAAI,YAAa,kBAAkB,EACnCG,GAAI,YAAa,WAAW,EAC5BA,GAAI,YAAa,WAAW,EAC5BA,GAAI,YAAa,gBAAgB,EACjCA,GAAI,YAAa,iBAAiB,EAClCA,GAAI,YAAa,gBAAgB,EACjCA,GAAI,YAAa,uBAAuB,EACxCA,GAAI,YAAa,0BAA0B,EAC3CA,GAAI,YAAa,mBAAmB,EACpCA,GAAI,YAAa,0BAA0B,EAC3CA,GAAI,YAAa,mBAAmB,EACpCA,GAAI,YAAa,iBAAiB,EAClCH,EAAI,YAAa,uBAAuB,EACxCA,EAAI,YAAa,qBAAqB,EACtCG,GAAI,YAAa,gBAAgB,EACjCA,GAAI,YAAa,mBAAmB,EACpCH,EAAI,YAAa,wBAAwB,EACzCG,GAAI,YAAa,mBAAmB,EACpCH,EAAI,YAAa,aAAa,EAC9BG,GAAI,YAAa,aAAa,EAC9BA,GAAI,YAAa,kBAAkB,EAGnCH,EAAI,0BAA2B,eAAe,EAC9CA,EAAI,oBAAqB,qBAAqB,EAC9CA,EAAI,oBAAqB,YAAY,EACrCA,EAAI,oBAAqB,YAAY,EACrCA,EAAI,oBAAqB,aAAa,EACtCA,EAAI,oBAAqB,iBAAiB,EAC1CA,EAAI,oBAAqB,cAAc,IClLvC,IAAAI,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAuIA,IAAIC,GAAQ,IACZ,KACA,KAGA,IAAIC,EAAOF,GAAO,QAAUC,GAAM,KAAOA,GAAM,MAAQ,CAAC,EAKxDC,EAAK,MAAQ,CACX,UAAkB,EAClB,YAAkB,GAClB,iBAAkB,IAClB,QAAkB,GACpB,EAMAA,EAAK,KAAO,CACV,KAAkB,EAClB,QAAkB,EAClB,QAAkB,EAClB,UAAkB,EAClB,YAAkB,EAClB,KAAkB,EAClB,IAAkB,EAClB,MAAkB,EAClB,SAAkB,EAClB,KAAkB,EAClB,WAAiB,GACjB,SAAiB,GACjB,KAAiB,GACjB,KAAiB,GACjB,SAAiB,GACjB,IAAiB,GACjB,gBAAiB,GACjB,UAAiB,GACjB,QAAiB,GACjB,gBAAiB,GACjB,UAAiB,EACnB,EAeAA,EAAK,OAAS,SAASC,EAAUC,EAAMC,EAAaC,EAAOC,EAAS,CAQlE,GAAGN,GAAM,KAAK,QAAQK,CAAK,EAAG,CAE5B,QADIE,EAAM,CAAC,EACHC,EAAI,EAAGA,EAAIH,EAAM,OAAQ,EAAEG,EAC9BH,EAAMG,CAAC,IAAM,QACdD,EAAI,KAAKF,EAAMG,CAAC,CAAC,EAGrBH,EAAQE,CACV,CAEA,IAAIE,EAAM,CACR,SAAUP,EACV,KAAMC,EACN,YAAaC,EACb,SAAUA,GAAeJ,GAAM,KAAK,QAAQK,CAAK,EACjD,MAAOA,CACT,EACA,OAAGC,GAAW,sBAAuBA,IAEnCG,EAAI,kBAAoBH,EAAQ,kBAGhCG,EAAI,SAAWR,EAAK,KAAKQ,CAAG,GAEvBA,CACT,EAWAR,EAAK,KAAO,SAASQ,EAAKH,EAAS,CACjC,IAAII,EAEJ,GAAGV,GAAM,KAAK,QAAQS,CAAG,EAAG,CAC1BC,EAAO,CAAC,EACR,QAAQF,EAAI,EAAGA,EAAIC,EAAI,OAAQ,EAAED,EAC/BE,EAAK,KAAKT,EAAK,KAAKQ,EAAID,CAAC,EAAGF,CAAO,CAAC,EAEtC,OAAOI,CACT,CAEA,OAAG,OAAOD,GAAQ,SAETA,GAGTC,EAAO,CACL,SAAUD,EAAI,SACd,KAAMA,EAAI,KACV,YAAaA,EAAI,YACjB,SAAUA,EAAI,SACd,MAAOR,EAAK,KAAKQ,EAAI,MAAOH,CAAO,CACrC,EACGA,GAAW,CAACA,EAAQ,2BAErBI,EAAK,kBAAoBD,EAAI,mBAExBC,EACT,EAcAT,EAAK,OAAS,SAASU,EAAMC,EAAMN,EAAS,CAC1C,GAAGN,GAAM,KAAK,QAAQW,CAAI,EAAG,CAI3B,GAHG,CAACX,GAAM,KAAK,QAAQY,CAAI,GAGxBD,EAAK,SAAWC,EAAK,OACtB,MAAO,GAET,QAAQJ,EAAI,EAAGA,EAAIG,EAAK,OAAQ,EAAEH,EAChC,GAAG,CAACP,EAAK,OAAOU,EAAKH,CAAC,EAAGI,EAAKJ,CAAC,CAAC,EAC9B,MAAO,GAGX,MAAO,EACT,CAEA,GAAG,OAAOG,GAAS,OAAOC,EACxB,MAAO,GAGT,GAAG,OAAOD,GAAS,SACjB,OAAOA,IAASC,EAGlB,IAAIC,EAAQF,EAAK,WAAaC,EAAK,UACjCD,EAAK,OAASC,EAAK,MACnBD,EAAK,cAAgBC,EAAK,aAC1BD,EAAK,WAAaC,EAAK,UACvBX,EAAK,OAAOU,EAAK,MAAOC,EAAK,KAAK,EACpC,OAAGN,GAAWA,EAAQ,2BACpBO,EAAQA,GAAUF,EAAK,oBAAsBC,EAAK,mBAG7CC,CACT,EAYAZ,EAAK,kBAAoB,SAASa,EAAG,CAGnC,IAAIC,EAAKD,EAAE,QAAQ,EACnB,GAAGC,IAAO,IAKV,KAAIC,EACAC,EAAWF,EAAK,IACpB,OAAIE,EAMFD,EAASF,EAAE,QAAQC,EAAK,MAAS,CAAC,EAJlCC,EAASD,EAMJC,EACT,EASA,SAASE,GAAmBC,EAAOC,EAAWC,EAAG,CAC/C,GAAGA,EAAID,EAAW,CAChB,IAAIE,EAAQ,IAAI,MAAM,6BAA6B,EACnD,MAAAA,EAAM,UAAYH,EAAM,OAAO,EAC/BG,EAAM,UAAYF,EAClBE,EAAM,UAAYD,EACZC,CACR,CACF,CAYA,IAAIC,GAAkB,SAASJ,EAAOC,EAAW,CAI/C,IAAIL,EAAKI,EAAM,QAAQ,EAEvB,GADAC,IACGL,IAAO,IAKV,KAAIC,EACAC,EAAWF,EAAK,IACpB,GAAG,CAACE,EAEFD,EAASD,MACJ,CAGL,IAAIS,EAAgBT,EAAK,IACzBG,GAAmBC,EAAOC,EAAWI,CAAa,EAClDR,EAASG,EAAM,OAAOK,GAAiB,CAAC,CAC1C,CAEA,GAAGR,EAAS,EACV,MAAM,IAAI,MAAM,oBAAsBA,CAAM,EAE9C,OAAOA,EACT,EAwBAf,EAAK,QAAU,SAASkB,EAAOb,EAAS,CACnCA,IAAY,SACbA,EAAU,CACR,OAAQ,GACR,cAAe,GACf,iBAAkB,EACpB,GAEC,OAAOA,GAAY,YACpBA,EAAU,CACR,OAAQA,EACR,cAAe,GACf,iBAAkB,EACpB,GAEG,WAAYA,IACfA,EAAQ,OAAS,IAEd,kBAAmBA,IACtBA,EAAQ,cAAgB,IAErB,qBAAsBA,IACzBA,EAAQ,iBAAmB,IAI1B,OAAOa,GAAU,WAClBA,EAAQnB,GAAM,KAAK,aAAamB,CAAK,GAGvC,IAAIM,EAAYN,EAAM,OAAO,EACzBd,EAAQqB,GAASP,EAAOA,EAAM,OAAO,EAAG,EAAGb,CAAO,EACtD,GAAGA,EAAQ,eAAiBa,EAAM,OAAO,IAAM,EAAG,CAChD,IAAIG,EAAQ,IAAI,MAAM,gDAAgD,EACtE,MAAAA,EAAM,UAAYG,EAClBH,EAAM,UAAYH,EAAM,OAAO,EACzBG,CACR,CACA,OAAOjB,CACT,EAYA,SAASqB,GAASP,EAAOC,EAAWO,EAAOrB,EAAS,CAElD,IAAIsB,EAGJV,GAAmBC,EAAOC,EAAW,CAAC,EAGtC,IAAIS,EAAKV,EAAM,QAAQ,EAEvBC,IAGA,IAAIlB,EAAY2B,EAAK,IAGjB1B,EAAO0B,EAAK,GAGhBD,EAAQT,EAAM,OAAO,EACrB,IAAIH,EAASO,GAAgBJ,EAAOC,CAAS,EAI7C,GAHAA,GAAaQ,EAAQT,EAAM,OAAO,EAG/BH,IAAW,QAAaA,EAASI,EAAW,CAC7C,GAAGd,EAAQ,OAAQ,CACjB,IAAIgB,EAAQ,IAAI,MAAM,oCAAoC,EAC1D,MAAAA,EAAM,UAAYH,EAAM,OAAO,EAC/BG,EAAM,UAAYF,EAClBE,EAAM,UAAYN,EACZM,CACR,CAEAN,EAASI,CACX,CAGA,IAAIf,EAEAyB,EAGA1B,GAAgByB,EAAK,MAAU,GACnC,GAAGzB,EAGD,GADAC,EAAQ,CAAC,EACNW,IAAW,OAEZ,OAAQ,CAEN,GADAE,GAAmBC,EAAOC,EAAW,CAAC,EACnCD,EAAM,MAAM,CAAC,IAAM,OAA2B,CAC/CA,EAAM,SAAS,CAAC,EAChBC,GAAa,EACb,KACF,CACAQ,EAAQT,EAAM,OAAO,EACrBd,EAAM,KAAKqB,GAASP,EAAOC,EAAWO,EAAQ,EAAGrB,CAAO,CAAC,EACzDc,GAAaQ,EAAQT,EAAM,OAAO,CACpC,KAGA,MAAMH,EAAS,GACbY,EAAQT,EAAM,OAAO,EACrBd,EAAM,KAAKqB,GAASP,EAAOH,EAAQW,EAAQ,EAAGrB,CAAO,CAAC,EACtDc,GAAaQ,EAAQT,EAAM,OAAO,EAClCH,GAAUY,EAAQT,EAAM,OAAO,EAcrC,GARGd,IAAU,QAAaH,IAAaD,EAAK,MAAM,WAChDE,IAASF,EAAK,KAAK,YACnB6B,EAAoBX,EAAM,MAAMH,CAAM,GAMrCX,IAAU,QAAaC,EAAQ,kBAChCJ,IAAaD,EAAK,MAAM,WAGvBE,IAASF,EAAK,KAAK,WACpBe,EAAS,EAAG,CAEZ,IAAIe,EAAYZ,EAAM,KAClBa,EAAiBZ,EACjBa,EAAS,EAab,GAZG9B,IAASF,EAAK,KAAK,YAOpBiB,GAAmBC,EAAOC,EAAW,CAAC,EACtCa,EAASd,EAAM,QAAQ,EACvBC,KAGCa,IAAW,EACZ,GAAI,CAGFL,EAAQT,EAAM,OAAO,EACrB,IAAIe,EAAa,CAEf,OAAQ,GACR,iBAAkB,EACpB,EACIC,EAAWT,GAASP,EAAOC,EAAWO,EAAQ,EAAGO,CAAU,EAC3DE,EAAOR,EAAQT,EAAM,OAAO,EAChCC,GAAagB,EACVjC,GAAQF,EAAK,KAAK,WACnBmC,IAKF,IAAIC,EAAKF,EAAS,SACfC,IAASpB,IACTqB,IAAOpC,EAAK,MAAM,WAAaoC,IAAOpC,EAAK,MAAM,oBAClDI,EAAQ,CAAC8B,CAAQ,EAErB,MAAY,CACZ,CAEC9B,IAAU,SAEXc,EAAM,KAAOY,EACbX,EAAYY,EAEhB,CAEA,GAAG3B,IAAU,OAAW,CAItB,GAAGW,IAAW,OAAW,CACvB,GAAGV,EAAQ,OACT,MAAM,IAAI,MAAM,oDAAoD,EAGtEU,EAASI,CACX,CAEA,GAAGjB,IAASF,EAAK,KAAK,UAEpB,IADAI,EAAQ,GACFW,EAAS,EAAGA,GAAU,EAC1BE,GAAmBC,EAAOC,EAAW,CAAC,EACtCf,GAAS,OAAO,aAAac,EAAM,SAAS,CAAC,EAC7CC,GAAa,OAGff,EAAQc,EAAM,SAASH,CAAM,EAC7BI,GAAaJ,CAEjB,CAGA,IAAIsB,EAAcR,IAAsB,OAAY,KAAO,CACzD,kBAAmBA,CACrB,EAGA,OAAO7B,EAAK,OAAOC,EAAUC,EAAMC,EAAaC,EAAOiC,CAAW,CACpE,CASArC,EAAK,MAAQ,SAASQ,EAAK,CACzB,IAAIU,EAAQnB,GAAM,KAAK,aAAa,EAGhC6B,EAAKpB,EAAI,SAAWA,EAAI,KAGxBJ,EAAQL,GAAM,KAAK,aAAa,EAGhCuC,EAAuB,GAQ3B,GAPG,sBAAuB9B,IACxB8B,EAAuB,GACpB9B,EAAI,WACL8B,EAAuBtC,EAAK,OAAOQ,EAAKA,EAAI,QAAQ,IAIrD8B,EACDlC,EAAM,SAASI,EAAI,iBAAiB,UAC5BA,EAAI,SAAU,CAInBA,EAAI,YACLoB,GAAM,GAGNxB,EAAM,QAAQ,CAAI,EAIpB,QAAQ,EAAI,EAAG,EAAII,EAAI,MAAM,OAAQ,EAAE,EAClCA,EAAI,MAAM,CAAC,IAAM,QAClBJ,EAAM,UAAUJ,EAAK,MAAMQ,EAAI,MAAM,CAAC,CAAC,CAAC,CAG9C,SAEKA,EAAI,OAASR,EAAK,KAAK,UACxB,QAAQ,EAAI,EAAG,EAAIQ,EAAI,MAAM,OAAQ,EAAE,EACrCJ,EAAM,SAASI,EAAI,MAAM,WAAW,CAAC,CAAC,OAMrCA,EAAI,OAASR,EAAK,KAAK,SACxBQ,EAAI,MAAM,OAAS,IAEjBA,EAAI,MAAM,WAAW,CAAC,IAAM,IAC7BA,EAAI,MAAM,WAAW,CAAC,EAAI,OAAU,GAEpCA,EAAI,MAAM,WAAW,CAAC,IAAM,MAC5BA,EAAI,MAAM,WAAW,CAAC,EAAI,OAAU,KACrCJ,EAAM,SAASI,EAAI,MAAM,OAAO,CAAC,CAAC,EAElCJ,EAAM,SAASI,EAAI,KAAK,EAS9B,GAHAU,EAAM,QAAQU,CAAE,EAGbxB,EAAM,OAAO,GAAK,IAGnBc,EAAM,QAAQd,EAAM,OAAO,EAAI,GAAI,MAC9B,CAKL,IAAImC,EAAMnC,EAAM,OAAO,EACnBoC,EAAW,GACf,GACEA,GAAY,OAAO,aAAaD,EAAM,GAAI,EAC1CA,EAAMA,IAAQ,QACRA,EAAM,GAIdrB,EAAM,QAAQsB,EAAS,OAAS,GAAI,EAIpC,QAAQ,EAAIA,EAAS,OAAS,EAAG,GAAK,EAAG,EAAE,EACzCtB,EAAM,QAAQsB,EAAS,WAAW,CAAC,CAAC,CAExC,CAGA,OAAAtB,EAAM,UAAUd,CAAK,EACdc,CACT,EAUAlB,EAAK,SAAW,SAASyC,EAAK,CAE5B,IAAIC,EAASD,EAAI,MAAM,GAAG,EACtBvB,EAAQnB,GAAM,KAAK,aAAa,EAGpCmB,EAAM,QAAQ,GAAK,SAASwB,EAAO,CAAC,EAAG,EAAE,EAAI,SAASA,EAAO,CAAC,EAAG,EAAE,CAAC,EAIpE,QADIC,EAAMC,EAAYxC,EAAOS,EACrBN,EAAI,EAAGA,EAAImC,EAAO,OAAQ,EAAEnC,EAAG,CAGrCoC,EAAO,GACPC,EAAa,CAAC,EACdxC,EAAQ,SAASsC,EAAOnC,CAAC,EAAG,EAAE,EAC9B,GACEM,EAAIT,EAAQ,IACZA,EAAQA,IAAU,EAEduC,IACF9B,GAAK,KAEP+B,EAAW,KAAK/B,CAAC,EACjB8B,EAAO,SACDvC,EAAQ,GAGhB,QAAQgB,EAAIwB,EAAW,OAAS,EAAGxB,GAAK,EAAG,EAAEA,EAC3CF,EAAM,QAAQ0B,EAAWxB,CAAC,CAAC,CAE/B,CAEA,OAAOF,CACT,EAWAlB,EAAK,SAAW,SAASkB,EAAO,CAC9B,IAAIuB,EAGD,OAAOvB,GAAU,WAClBA,EAAQnB,GAAM,KAAK,aAAamB,CAAK,GAIvC,IAAIL,EAAIK,EAAM,QAAQ,EACtBuB,EAAM,KAAK,MAAM5B,EAAI,EAAE,EAAI,IAAOA,EAAI,GAKtC,QADIT,EAAQ,EACNc,EAAM,OAAO,EAAI,GACrBL,EAAIK,EAAM,QAAQ,EAClBd,EAAQA,GAAS,EAEdS,EAAI,IACLT,GAASS,EAAI,KAGb4B,GAAO,KAAOrC,EAAQS,GACtBT,EAAQ,GAIZ,OAAOqC,CACT,EAYAzC,EAAK,cAAgB,SAAS6C,EAAK,CAsBjC,IAAIC,EAAO,IAAI,KAGXC,EAAO,SAASF,EAAI,OAAO,EAAG,CAAC,EAAG,EAAE,EACxCE,EAAQA,GAAQ,GAAM,KAAOA,EAAO,IAAOA,EAC3C,IAAIC,EAAK,SAASH,EAAI,OAAO,EAAG,CAAC,EAAG,EAAE,EAAI,EACtCI,EAAK,SAASJ,EAAI,OAAO,EAAG,CAAC,EAAG,EAAE,EAClCK,EAAK,SAASL,EAAI,OAAO,EAAG,CAAC,EAAG,EAAE,EAClCM,EAAK,SAASN,EAAI,OAAO,EAAG,CAAC,EAAG,EAAE,EAClCO,EAAK,EAGT,GAAGP,EAAI,OAAS,GAAI,CAElB,IAAIQ,EAAIR,EAAI,OAAO,EAAE,EACjBS,EAAM,GAGPD,IAAM,KAAOA,IAAM,MAEpBD,EAAK,SAASP,EAAI,OAAO,GAAI,CAAC,EAAG,EAAE,EACnCS,GAAO,EAEX,CAMA,GAHAR,EAAK,eAAeC,EAAMC,EAAIC,CAAE,EAChCH,EAAK,YAAYI,EAAIC,EAAIC,EAAI,CAAC,EAE3BE,IAEDD,EAAIR,EAAI,OAAOS,CAAG,EACfD,IAAM,KAAOA,IAAM,KAAK,CAEzB,IAAIE,EAAW,SAASV,EAAI,OAAOS,EAAM,EAAG,CAAC,EAAG,EAAE,EAC9CE,EAAW,SAASX,EAAI,OAAOS,EAAM,EAAG,CAAC,EAAG,EAAE,EAG9CG,EAASF,EAAW,GAAKC,EAC7BC,GAAU,IAGPJ,IAAM,IACPP,EAAK,QAAQ,CAACA,EAAOW,CAAM,EAE3BX,EAAK,QAAQ,CAACA,EAAOW,CAAM,CAE/B,CAGF,OAAOX,CACT,EASA9C,EAAK,sBAAwB,SAAS0D,EAAS,CAyB7C,IAAIZ,EAAO,IAAI,KAEXa,EAAO,SAASD,EAAQ,OAAO,EAAG,CAAC,EAAG,EAAE,EACxCV,EAAK,SAASU,EAAQ,OAAO,EAAG,CAAC,EAAG,EAAE,EAAI,EAC1CT,EAAK,SAASS,EAAQ,OAAO,EAAG,CAAC,EAAG,EAAE,EACtCR,EAAK,SAASQ,EAAQ,OAAO,EAAG,CAAC,EAAG,EAAE,EACtCP,EAAK,SAASO,EAAQ,OAAO,GAAI,CAAC,EAAG,EAAE,EACvCN,EAAK,SAASM,EAAQ,OAAO,GAAI,CAAC,EAAG,EAAE,EACvCE,EAAM,EACNH,EAAS,EACTI,EAAQ,GAETH,EAAQ,OAAOA,EAAQ,OAAS,CAAC,IAAM,MACxCG,EAAQ,IAGV,IAAIP,EAAMI,EAAQ,OAAS,EAAGL,EAAIK,EAAQ,OAAOJ,CAAG,EACpD,GAAGD,IAAM,KAAOA,IAAM,IAAK,CAEzB,IAAIE,EAAW,SAASG,EAAQ,OAAOJ,EAAM,EAAG,CAAC,EAAG,EAAE,EAClDE,EAAW,SAASE,EAAQ,OAAOJ,EAAM,EAAG,CAAC,EAAG,EAAE,EAGtDG,EAASF,EAAW,GAAKC,EACzBC,GAAU,IAGPJ,IAAM,MACPI,GAAU,IAGZI,EAAQ,EACV,CAGA,OAAGH,EAAQ,OAAO,EAAE,IAAM,MACxBE,EAAM,WAAWF,EAAQ,OAAO,EAAE,EAAG,EAAE,EAAI,KAG1CG,GACDf,EAAK,eAAea,EAAMX,EAAIC,CAAE,EAChCH,EAAK,YAAYI,EAAIC,EAAIC,EAAIQ,CAAG,EAGhCd,EAAK,QAAQ,CAACA,EAAOW,CAAM,IAE3BX,EAAK,YAAYa,EAAMX,EAAIC,CAAE,EAC7BH,EAAK,SAASI,EAAIC,EAAIC,EAAIQ,CAAG,GAGxBd,CACT,EAaA9C,EAAK,cAAgB,SAAS8C,EAAM,CAElC,GAAG,OAAOA,GAAS,SACjB,OAAOA,EAGT,IAAIgB,EAAO,GAGPC,EAAS,CAAC,EACdA,EAAO,MAAM,GAAKjB,EAAK,eAAe,GAAG,OAAO,CAAC,CAAC,EAClDiB,EAAO,KAAK,IAAMjB,EAAK,YAAY,EAAI,EAAE,EACzCiB,EAAO,KAAK,GAAKjB,EAAK,WAAW,CAAC,EAClCiB,EAAO,KAAK,GAAKjB,EAAK,YAAY,CAAC,EACnCiB,EAAO,KAAK,GAAKjB,EAAK,cAAc,CAAC,EACrCiB,EAAO,KAAK,GAAKjB,EAAK,cAAc,CAAC,EAGrC,QAAQvC,EAAI,EAAGA,EAAIwD,EAAO,OAAQ,EAAExD,EAC/BwD,EAAOxD,CAAC,EAAE,OAAS,IACpBuD,GAAQ,KAEVA,GAAQC,EAAOxD,CAAC,EAElB,OAAAuD,GAAQ,IAEDA,CACT,EASA9D,EAAK,sBAAwB,SAAS8C,EAAM,CAE1C,GAAG,OAAOA,GAAS,SACjB,OAAOA,EAGT,IAAIgB,EAAO,GAGPC,EAAS,CAAC,EACdA,EAAO,KAAK,GAAKjB,EAAK,eAAe,CAAC,EACtCiB,EAAO,KAAK,IAAMjB,EAAK,YAAY,EAAI,EAAE,EACzCiB,EAAO,KAAK,GAAKjB,EAAK,WAAW,CAAC,EAClCiB,EAAO,KAAK,GAAKjB,EAAK,YAAY,CAAC,EACnCiB,EAAO,KAAK,GAAKjB,EAAK,cAAc,CAAC,EACrCiB,EAAO,KAAK,GAAKjB,EAAK,cAAc,CAAC,EAGrC,QAAQvC,EAAI,EAAGA,EAAIwD,EAAO,OAAQ,EAAExD,EAC/BwD,EAAOxD,CAAC,EAAE,OAAS,IACpBuD,GAAQ,KAEVA,GAAQC,EAAOxD,CAAC,EAElB,OAAAuD,GAAQ,IAEDA,CACT,EAUA9D,EAAK,aAAe,SAASgE,EAAG,CAC9B,IAAIF,EAAO/D,GAAM,KAAK,aAAa,EACnC,GAAGiE,GAAK,MAASA,EAAI,IACnB,OAAOF,EAAK,aAAaE,EAAG,CAAC,EAE/B,GAAGA,GAAK,QAAWA,EAAI,MACrB,OAAOF,EAAK,aAAaE,EAAG,EAAE,EAEhC,GAAGA,GAAK,UAAaA,EAAI,QACvB,OAAOF,EAAK,aAAaE,EAAG,EAAE,EAEhC,GAAGA,GAAK,aAAeA,EAAI,WACzB,OAAOF,EAAK,aAAaE,EAAG,EAAE,EAEhC,IAAI3C,EAAQ,IAAI,MAAM,oCAAoC,EAC1D,MAAAA,EAAM,QAAU2C,EACV3C,CACR,EAUArB,EAAK,aAAe,SAASkB,EAAO,CAE/B,OAAOA,GAAU,WAClBA,EAAQnB,GAAM,KAAK,aAAamB,CAAK,GAGvC,IAAIE,EAAIF,EAAM,OAAO,EAAI,EACzB,GAAGE,EAAI,GACL,MAAM,IAAI,MAAM,oCAAoC,EAEtD,OAAOF,EAAM,aAAaE,CAAC,CAC7B,EAyBApB,EAAK,SAAW,SAASQ,EAAKyD,EAAGC,EAASC,EAAQ,CAChD,IAAIL,EAAO,GAGX,IAAItD,EAAI,WAAayD,EAAE,UAAY,OAAOA,EAAE,SAAc,OACvDzD,EAAI,OAASyD,EAAE,MAAQ,OAAOA,EAAE,KAAU,KAE3C,GAAGzD,EAAI,cAAgByD,EAAE,aACvB,OAAOA,EAAE,YAAiB,IAAa,CAIvC,GAHAH,EAAO,GAGJG,EAAE,OAASlE,GAAM,KAAK,QAAQkE,EAAE,KAAK,EAEtC,QADIG,EAAI,EACA7D,EAAI,EAAGuD,GAAQvD,EAAI0D,EAAE,MAAM,OAAQ,EAAE1D,EAC3CuD,EAAOG,EAAE,MAAM1D,CAAC,EAAE,UAAY,GAC3BC,EAAI,MAAM4D,CAAC,IACZN,EAAO9D,EAAK,SAASQ,EAAI,MAAM4D,CAAC,EAAGH,EAAE,MAAM1D,CAAC,EAAG2D,EAASC,CAAM,EAC3DL,EACD,EAAEM,EACMH,EAAE,MAAM1D,CAAC,EAAE,WACnBuD,EAAO,KAGR,CAACA,GAAQK,GACVA,EAAO,KACL,IAAMF,EAAE,KAAO,gBACCA,EAAE,SAAW,YAC7BA,EAAE,KAAO,4BACTA,EAAE,MAAM,OAAS,WACjBzD,EAAI,MAAM,OAAS,GAAG,EAK9B,GAAGsD,GAAQI,IACND,EAAE,UACHC,EAAQD,EAAE,OAAO,EAAIzD,EAAI,OAExByD,EAAE,cACHC,EAAQD,EAAE,WAAW,EAAIzD,GAExByD,EAAE,0BAA4B,sBAAuBzD,IACtD0D,EAAQD,EAAE,wBAAwB,EAAIzD,EAAI,mBAEzCyD,EAAE,uBAAyB,sBAAuBzD,GAAK,CACxD,IAAIJ,EACJ,GAAGI,EAAI,kBAAkB,OAAS,EAChC0D,EAAQD,EAAE,qBAAqB,EAAI,OAC9B,CAEL,IAAIjC,EAASxB,EAAI,kBAAkB,WAAW,CAAC,EAC/C,GAAGwB,IAAW,EACZ,MAAM,IAAI,MACR,2DAA2D,EAE/DkC,EAAQD,EAAE,qBAAqB,EAAIzD,EAAI,kBAAkB,MAAM,CAAC,CAClE,CACF,CAEJ,MAAU2D,GACRA,EAAO,KACL,IAAMF,EAAE,KAAO,2BACYA,EAAE,YAAc,WAC3CzD,EAAI,YAAc,GAAG,OAEjB2D,IACL3D,EAAI,WAAayD,EAAE,UACpBE,EAAO,KACL,IAAMF,EAAE,KAAO,yBACUA,EAAE,SAAW,WACtCzD,EAAI,SAAW,GAAG,EAEnBA,EAAI,OAASyD,EAAE,MAChBE,EAAO,KACL,IAAMF,EAAE,KAAO,oBACKA,EAAE,KAAO,WAAazD,EAAI,KAAO,GAAG,GAG9D,OAAOsD,CACT,EAGA,IAAIO,GAAiB,qBAWrBrE,EAAK,YAAc,SAASQ,EAAK8D,EAAOC,EAAa,CACnD,IAAIT,EAAO,GAGXQ,EAAQA,GAAS,EACjBC,EAAcA,GAAe,EAG1BD,EAAQ,IACTR,GAAQ;AAAA,GAKV,QADIU,EAAS,GACL,EAAI,EAAG,EAAIF,EAAQC,EAAa,EAAE,EACxCC,GAAU,IAKZ,OADAV,GAAQU,EAAS,QACVhE,EAAI,SAAU,CACrB,KAAKR,EAAK,MAAM,UACd8D,GAAQ,aACR,MACF,KAAK9D,EAAK,MAAM,YACd8D,GAAQ,eACR,MACF,KAAK9D,EAAK,MAAM,iBACd8D,GAAQ,oBACR,MACF,KAAK9D,EAAK,MAAM,QACd8D,GAAQ,WACR,KACF,CAEA,GAAGtD,EAAI,WAAaR,EAAK,MAAM,UAI7B,OAHA8D,GAAQtD,EAAI,KAGLA,EAAI,KAAM,CACjB,KAAKR,EAAK,KAAK,KACb8D,GAAQ,UACR,MACF,KAAK9D,EAAK,KAAK,QACb8D,GAAQ,aACR,MACF,KAAK9D,EAAK,KAAK,QACb8D,GAAQ,aACR,MACF,KAAK9D,EAAK,KAAK,UACb8D,GAAQ,gBACR,MACF,KAAK9D,EAAK,KAAK,YACb8D,GAAQ,kBACR,MACF,KAAK9D,EAAK,KAAK,KACb8D,GAAQ,UACR,MACF,KAAK9D,EAAK,KAAK,IACb8D,GAAQ,uBACR,MACF,KAAK9D,EAAK,KAAK,MACb8D,GAAQ,uBACR,MACF,KAAK9D,EAAK,KAAK,SACb8D,GAAQ,6BACR,MACF,KAAK9D,EAAK,KAAK,KACb8D,GAAQ,UACR,MACF,KAAK9D,EAAK,KAAK,WACb8D,GAAQ,gBACR,MACF,KAAK9D,EAAK,KAAK,SACb8D,GAAQ,kBACR,MACF,KAAK9D,EAAK,KAAK,KACb8D,GAAQ,UACR,MACF,KAAK9D,EAAK,KAAK,KACb8D,GAAQ,gCACR,MACF,KAAK9D,EAAK,KAAK,SACb8D,GAAQ,cACR,MACF,KAAK9D,EAAK,KAAK,IACb8D,GAAQ,SACR,MACF,KAAK9D,EAAK,KAAK,gBACb8D,GAAQ,sBACR,MACF,KAAK9D,EAAK,KAAK,UACb8D,GAAQ,uBACR,MACF,KAAK9D,EAAK,KAAK,QACb8D,GAAQ,cACR,MACF,KAAK9D,EAAK,KAAK,gBACb8D,GAAQ,sBACR,MACF,KAAK9D,EAAK,KAAK,UACb8D,GAAQ,gBACR,KACF,MAEAA,GAAQtD,EAAI,KAMd,GAHAsD,GAAQ;AAAA,EACRA,GAAQU,EAAS,gBAAkBhE,EAAI,YAAc;AAAA,EAElDA,EAAI,SAAU,CAGf,QAFIiE,EAAY,EACZC,EAAM,GACF,EAAI,EAAG,EAAIlE,EAAI,MAAM,OAAQ,EAAE,EAClCA,EAAI,MAAM,CAAC,IAAM,SAClBiE,GAAa,EACbC,GAAO1E,EAAK,YAAYQ,EAAI,MAAM,CAAC,EAAG8D,EAAQ,EAAGC,CAAW,EACxD,EAAI,EAAK/D,EAAI,MAAM,SACrBkE,GAAO,MAIbZ,GAAQU,EAAS,eAAiBC,EAAYC,CAChD,KAAO,CAEL,GADAZ,GAAQU,EAAS,UACdhE,EAAI,OAASR,EAAK,KAAK,IAAK,CAC7B,IAAIyC,EAAMzC,EAAK,SAASQ,EAAI,KAAK,EACjCsD,GAAQrB,EACL1C,GAAM,KAAOA,GAAM,IAAI,MACrB0C,KAAO1C,GAAM,IAAI,OAClB+D,GAAQ,KAAO/D,GAAM,IAAI,KAAK0C,CAAG,EAAI,KAG3C,CACA,GAAGjC,EAAI,OAASR,EAAK,KAAK,QACxB,GAAI,CACF8D,GAAQ9D,EAAK,aAAaQ,EAAI,KAAK,CACrC,MAAY,CACVsD,GAAQ,KAAO/D,GAAM,KAAK,WAAWS,EAAI,KAAK,CAChD,SACQA,EAAI,OAASR,EAAK,KAAK,WAS/B,GAPGQ,EAAI,MAAM,OAAS,EAEpBsD,GAAQ,KAAO/D,GAAM,KAAK,WAAWS,EAAI,MAAM,MAAM,CAAC,CAAC,EAEvDsD,GAAQ,SAGPtD,EAAI,MAAM,OAAS,EAAG,CACvB,IAAIwB,EAASxB,EAAI,MAAM,WAAW,CAAC,EAChCwB,GAAU,EACX8B,GAAQ,wBACA9B,EAAS,IACjB8B,GAAQ,KAAO9B,EAAS,sBAE5B,UACQxB,EAAI,OAASR,EAAK,KAAK,YAC3BqE,GAAe,KAAK7D,EAAI,KAAK,IAC/BsD,GAAQ,IAAMtD,EAAI,MAAQ,MAE5BsD,GAAQ,KAAO/D,GAAM,KAAK,WAAWS,EAAI,KAAK,UACtCA,EAAI,OAASR,EAAK,KAAK,KAC/B,GAAI,CACF8D,GAAQ/D,GAAM,KAAK,WAAWS,EAAI,KAAK,CACzC,OAAQmE,EAAG,CACT,GAAGA,EAAE,UAAY,gBACfb,GACE,KAAO/D,GAAM,KAAK,WAAWS,EAAI,KAAK,EAAI,wBAE5C,OAAMmE,CAEV,MACQnE,EAAI,OAASR,EAAK,KAAK,iBAC/BQ,EAAI,OAASR,EAAK,KAAK,UACvB8D,GAAQtD,EAAI,MACJ6D,GAAe,KAAK7D,EAAI,KAAK,EACrCsD,GAAQ,KAAO/D,GAAM,KAAK,WAAWS,EAAI,KAAK,EACtCA,EAAI,MAAM,SAAW,EAC7BsD,GAAQ,SAERA,GAAQtD,EAAI,KAEhB,CAEA,OAAOsD,CACT,ICz5CA,IAAAc,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOA,IAAIC,GAAQ,IAEZD,GAAO,QAAUC,GAAM,GAAKA,GAAM,IAAM,CAAC,EACzCA,GAAM,GAAG,WAAaA,GAAM,GAAG,YAAc,CAAC,ICV9C,IAAAC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cASA,IAAIC,GAAQ,IACZ,KACA,KAGA,IAAIC,GAAOF,GAAO,QAAUC,GAAM,KAAOA,GAAM,MAAQ,CAAC,EAOxDC,GAAK,OAAS,UAAW,CAEvB,IAAIC,EAAO,KAGPC,EAAM,KAGNC,EAAY,KAGZC,EAAY,KAGZC,EAAM,CAAC,EAUX,OAAAA,EAAI,MAAQ,SAASC,EAAIC,EAAK,CAC5B,GAAGD,IAAO,KACR,GAAG,OAAOA,GAAO,SAGf,GADAA,EAAKA,EAAG,YAAY,EACjBA,KAAMP,GAAM,GAAG,WAChBG,EAAMH,GAAM,GAAG,WAAWO,CAAE,EAAE,OAAO,MAErC,OAAM,IAAI,MAAM,2BAA6BA,EAAK,GAAG,OAIvDJ,EAAMI,EAIV,GAAGC,IAAQ,KAETA,EAAMN,MACD,CACL,GAAG,OAAOM,GAAQ,SAEhBA,EAAMR,GAAM,KAAK,aAAaQ,CAAG,UACzBR,GAAM,KAAK,QAAQQ,CAAG,EAAG,CAEjC,IAAIC,EAAMD,EACVA,EAAMR,GAAM,KAAK,aAAa,EAC9B,QAAQU,EAAI,EAAGA,EAAID,EAAI,OAAQ,EAAEC,EAC/BF,EAAI,QAAQC,EAAIC,CAAC,CAAC,CAEtB,CAGA,IAAIC,EAASH,EAAI,OAAO,EACrBG,EAASR,EAAI,cACdA,EAAI,MAAM,EACVA,EAAI,OAAOK,EAAI,MAAM,CAAC,EACtBA,EAAML,EAAI,OAAO,GAMnBC,EAAYJ,GAAM,KAAK,aAAa,EACpCK,EAAYL,GAAM,KAAK,aAAa,EACpCW,EAASH,EAAI,OAAO,EACpB,QAAQE,EAAI,EAAGA,EAAIC,EAAQ,EAAED,EAAG,CAC9B,IAAID,EAAMD,EAAI,GAAGE,CAAC,EAClBN,EAAU,QAAQ,GAAOK,CAAG,EAC5BJ,EAAU,QAAQ,GAAOI,CAAG,CAC9B,CAGA,GAAGE,EAASR,EAAI,YAEd,QADIM,EAAMN,EAAI,YAAcQ,EACpBD,EAAI,EAAGA,EAAID,EAAK,EAAEC,EACxBN,EAAU,QAAQ,EAAI,EACtBC,EAAU,QAAQ,EAAI,EAG1BH,EAAOM,EACPJ,EAAYA,EAAU,MAAM,EAC5BC,EAAYA,EAAU,MAAM,CAC9B,CAMAF,EAAI,MAAM,EACVA,EAAI,OAAOC,CAAS,CACtB,EAOAE,EAAI,OAAS,SAASM,EAAO,CAC3BT,EAAI,OAAOS,CAAK,CAClB,EAOAN,EAAI,OAAS,UAAW,CAGtB,IAAIO,EAAQV,EAAI,OAAO,EAAE,MAAM,EAC/B,OAAAA,EAAI,MAAM,EACVA,EAAI,OAAOE,CAAS,EACpBF,EAAI,OAAOU,CAAK,EACTV,EAAI,OAAO,CACpB,EAEAG,EAAI,OAASA,EAAI,OAEVA,CACT,ICjJA,IAAAQ,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOA,IAAIC,GAAQ,IACZ,KACA,KAEA,IAAIC,GAAMF,GAAO,QAAUC,GAAM,IAAMA,GAAM,KAAO,CAAC,EACrDA,GAAM,GAAG,IAAMA,GAAM,GAAG,WAAW,IAAMC,GAOzCA,GAAI,OAAS,UAAW,CAElBC,IACFC,GAAM,EAIR,IAAIC,EAAS,KAGTC,EAASL,GAAM,KAAK,aAAa,EAGjCM,EAAK,IAAI,MAAM,EAAE,EAGjBC,EAAK,CACP,UAAW,MACX,YAAa,GACb,aAAc,GAEd,cAAe,EAEf,kBAAmB,KAEnB,kBAAmB,CACrB,EAOA,OAAAA,EAAG,MAAQ,UAAW,CAEpBA,EAAG,cAAgB,EAGnBA,EAAG,kBAAoBA,EAAG,gBAAkB,CAAC,EAE7C,QADIC,EAASD,EAAG,kBAAoB,EAC5B,EAAI,EAAG,EAAIC,EAAQ,EAAE,EAC3BD,EAAG,kBAAkB,KAAK,CAAC,EAE7B,OAAAF,EAASL,GAAM,KAAK,aAAa,EACjCI,EAAS,CACP,GAAI,WACJ,GAAI,WACJ,GAAI,WACJ,GAAI,SACN,EACOG,CACT,EAEAA,EAAG,MAAM,EAYTA,EAAG,OAAS,SAASE,EAAKC,EAAU,CAC/BA,IAAa,SACdD,EAAMT,GAAM,KAAK,WAAWS,CAAG,GAIjC,IAAIE,EAAMF,EAAI,OACdF,EAAG,eAAiBI,EACpBA,EAAM,CAAEA,EAAM,aAAiB,EAAGA,IAAQ,CAAC,EAC3C,QAAQC,EAAIL,EAAG,kBAAkB,OAAS,EAAGK,GAAK,EAAG,EAAEA,EACrDL,EAAG,kBAAkBK,CAAC,GAAKD,EAAI,CAAC,EAChCA,EAAI,CAAC,EAAIA,EAAI,CAAC,GAAMJ,EAAG,kBAAkBK,CAAC,EAAI,aAAiB,GAC/DL,EAAG,kBAAkBK,CAAC,EAAIL,EAAG,kBAAkBK,CAAC,IAAM,EACtDD,EAAI,CAAC,EAAKA,EAAI,CAAC,EAAI,aAAiB,EAItC,OAAAN,EAAO,SAASI,CAAG,EAGnBI,GAAQT,EAAQE,EAAID,CAAM,GAGvBA,EAAO,KAAO,MAAQA,EAAO,OAAO,IAAM,IAC3CA,EAAO,QAAQ,EAGVE,CACT,EAOAA,EAAG,OAAS,UAAW,CAqBrB,IAAIO,EAAad,GAAM,KAAK,aAAa,EACzCc,EAAW,SAAST,EAAO,MAAM,CAAC,EAGlC,IAAIU,EACFR,EAAG,kBAAkBA,EAAG,kBAAkB,OAAS,CAAC,EACpDA,EAAG,kBAKDS,EAAWD,EAAaR,EAAG,YAAc,EAC7CO,EAAW,SAASG,GAAS,OAAO,EAAGV,EAAG,YAAcS,CAAQ,CAAC,EAKjE,QADIE,EAAMC,EAAQ,EACVP,EAAIL,EAAG,kBAAkB,OAAS,EAAGK,GAAK,EAAG,EAAEA,EACrDM,EAAOX,EAAG,kBAAkBK,CAAC,EAAI,EAAIO,EACrCA,EAASD,EAAO,aAAiB,EACjCJ,EAAW,WAAWI,IAAS,CAAC,EAGlC,IAAIE,EAAK,CACP,GAAIhB,EAAO,GACX,GAAIA,EAAO,GACX,GAAIA,EAAO,GACX,GAAIA,EAAO,EACb,EACAS,GAAQO,EAAId,EAAIQ,CAAU,EAC1B,IAAIO,EAAOrB,GAAM,KAAK,aAAa,EACnC,OAAAqB,EAAK,WAAWD,EAAG,EAAE,EACrBC,EAAK,WAAWD,EAAG,EAAE,EACrBC,EAAK,WAAWD,EAAG,EAAE,EACrBC,EAAK,WAAWD,EAAG,EAAE,EACdC,CACT,EAEOd,CACT,EAGA,IAAIU,GAAW,KACXK,GAAK,KACLC,GAAK,KACLC,GAAK,KACLtB,GAAe,GAKnB,SAASC,IAAQ,CAEfc,GAAW,OACXA,IAAYjB,GAAM,KAAK,WAAW,KAA2B,EAAE,EAG/DsB,GAAK,CACH,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,GAClD,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,EAAG,GAClD,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,GAAI,GAAI,EAAG,EAAG,EAAG,EAAG,GAAI,GAAI,EACnD,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,EAAG,GAAI,EAAG,GAAI,EAAG,GAAI,EAAG,CAAC,EAGtDC,GAAK,CACH,EAAG,GAAI,GAAI,GAAK,EAAG,GAAI,GAAI,GAAK,EAAG,GAAI,GAAI,GAAK,EAAG,GAAI,GAAI,GAC3D,EAAI,EAAG,GAAI,GAAK,EAAI,EAAG,GAAI,GAAK,EAAI,EAAG,GAAI,GAAK,EAAI,EAAG,GAAI,GAC3D,EAAG,GAAI,GAAI,GAAK,EAAG,GAAI,GAAI,GAAK,EAAG,GAAI,GAAI,GAAK,EAAG,GAAI,GAAI,GAC3D,EAAG,GAAI,GAAI,GAAK,EAAG,GAAI,GAAI,GAAK,EAAG,GAAI,GAAI,GAAK,EAAG,GAAI,GAAI,EAAE,EAG/DC,GAAK,IAAI,MAAM,EAAE,EACjB,QAAQZ,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACvBY,GAAGZ,CAAC,EAAI,KAAK,MAAM,KAAK,IAAI,KAAK,IAAIA,EAAI,CAAC,CAAC,EAAI,UAAW,EAI5DV,GAAe,EACjB,CASA,SAASW,GAAQY,EAAGC,EAAGC,EAAO,CAI5B,QAFIC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGtB,EACrBD,EAAMgB,EAAM,OAAO,EACjBhB,GAAO,IAAI,CAQf,IANAkB,EAAIJ,EAAE,GACNK,EAAIL,EAAE,GACNM,EAAIN,EAAE,GACNO,EAAIP,EAAE,GAGFb,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBc,EAAEd,CAAC,EAAIe,EAAM,WAAW,EACxBM,EAAID,EAAKF,GAAKC,EAAIC,GAClBJ,EAAKC,EAAII,EAAIT,GAAGZ,CAAC,EAAIc,EAAEd,CAAC,EACxBsB,EAAIX,GAAGX,CAAC,EACRiB,EAAIG,EACJA,EAAID,EACJA,EAAID,EACJA,GAAMF,GAAKM,EAAMN,IAAO,GAAKM,EAG/B,KAAMtB,EAAI,GAAI,EAAEA,EACdqB,EAAIF,EAAKC,GAAKF,EAAIC,GAClBH,EAAKC,EAAII,EAAIT,GAAGZ,CAAC,EAAIc,EAAEJ,GAAGV,CAAC,CAAC,EAC5BsB,EAAIX,GAAGX,CAAC,EACRiB,EAAIG,EACJA,EAAID,EACJA,EAAID,EACJA,GAAMF,GAAKM,EAAMN,IAAO,GAAKM,EAG/B,KAAMtB,EAAI,GAAI,EAAEA,EACdqB,EAAIH,EAAIC,EAAIC,EACZJ,EAAKC,EAAII,EAAIT,GAAGZ,CAAC,EAAIc,EAAEJ,GAAGV,CAAC,CAAC,EAC5BsB,EAAIX,GAAGX,CAAC,EACRiB,EAAIG,EACJA,EAAID,EACJA,EAAID,EACJA,GAAMF,GAAKM,EAAMN,IAAO,GAAKM,EAG/B,KAAMtB,EAAI,GAAI,EAAEA,EACdqB,EAAIF,GAAKD,EAAI,CAACE,GACdJ,EAAKC,EAAII,EAAIT,GAAGZ,CAAC,EAAIc,EAAEJ,GAAGV,CAAC,CAAC,EAC5BsB,EAAIX,GAAGX,CAAC,EACRiB,EAAIG,EACJA,EAAID,EACJA,EAAID,EACJA,GAAMF,GAAKM,EAAMN,IAAO,GAAKM,EAI/BT,EAAE,GAAMA,EAAE,GAAKI,EAAK,EACpBJ,EAAE,GAAMA,EAAE,GAAKK,EAAK,EACpBL,EAAE,GAAMA,EAAE,GAAKM,EAAK,EACpBN,EAAE,GAAMA,EAAE,GAAKO,EAAK,EAEpBrB,GAAO,EACT,CACF,IChSA,IAAAwB,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cA4BA,IAAIC,GAAQ,IACZ,KAGA,IAAIC,GAAMF,GAAO,QAAUC,GAAM,IAAMA,GAAM,KAAO,CAAC,EAWrDC,GAAI,OAAS,SAASC,EAAKC,EAAS,CAClCA,EAAUA,GAAW,CAAC,EACtB,IAAIC,EAAO,cAAgBF,EAAI,KAAO;AAAA,EAGlCG,EAoBJ,GAnBGH,EAAI,WACLG,EAAS,CACP,KAAM,YACN,OAAQ,CAAC,OAAOH,EAAI,SAAS,OAAO,EAAGA,EAAI,SAAS,IAAI,CAC1D,EACAE,GAAQE,GAAWD,CAAM,GAExBH,EAAI,gBACLG,EAAS,CAAC,KAAM,iBAAkB,OAAQ,CAACH,EAAI,aAAa,CAAC,EAC7DE,GAAQE,GAAWD,CAAM,GAExBH,EAAI,UACLG,EAAS,CAAC,KAAM,WAAY,OAAQ,CAACH,EAAI,QAAQ,SAAS,CAAC,EACxDA,EAAI,QAAQ,YACbG,EAAO,OAAO,KAAKH,EAAI,QAAQ,UAAU,EAE3CE,GAAQE,GAAWD,CAAM,GAGxBH,EAAI,QAEL,QAAQK,EAAI,EAAGA,EAAIL,EAAI,QAAQ,OAAQ,EAAEK,EACvCH,GAAQE,GAAWJ,EAAI,QAAQK,CAAC,CAAC,EAKrC,OAAGL,EAAI,WACLE,GAAQ;AAAA,GAIVA,GAAQJ,GAAM,KAAK,SAASE,EAAI,KAAMC,EAAQ,SAAW,EAAE,EAAI;AAAA,EAE/DC,GAAQ,YAAcF,EAAI,KAAO;AAAA,EAC1BE,CACT,EASAH,GAAI,OAAS,SAASO,EAAK,CAQzB,QAPIJ,EAAO,CAAC,EAGRK,EAAW,gHACXC,EAAU,uCACVC,EAAQ,QACRC,EAEFA,EAAQH,EAAS,KAAKD,CAAG,EACtB,EAACI,GAFM,CAQV,IAAIC,EAAOD,EAAM,CAAC,EACfC,IAAS,4BACVA,EAAO,uBAGT,IAAIX,EAAM,CACR,KAAMW,EACN,SAAU,KACV,cAAe,KACf,QAAS,KACT,QAAS,CAAC,EACV,KAAMb,GAAM,KAAK,SAASY,EAAM,CAAC,CAAC,CACpC,EAIA,GAHAR,EAAK,KAAKF,CAAG,EAGV,EAACU,EAAM,CAAC,EAOX,SAFIE,EAAQF,EAAM,CAAC,EAAE,MAAMD,CAAK,EAC5BI,EAAK,EACHH,GAASG,EAAKD,EAAM,QAAQ,CAKhC,QAHIE,EAAOF,EAAMC,CAAE,EAAE,QAAQ,OAAQ,EAAE,EAG/BE,EAAKF,EAAK,EAAGE,EAAKH,EAAM,OAAQ,EAAEG,EAAI,CAC5C,IAAIC,EAAOJ,EAAMG,CAAE,EACnB,GAAG,CAAC,KAAK,KAAKC,EAAK,CAAC,CAAC,EACnB,MAEFF,GAAQE,EACRH,EAAKE,CACP,CAIA,GADAL,EAAQI,EAAK,MAAMN,CAAO,EACvBE,EAAO,CAGR,QAFIP,EAAS,CAAC,KAAMO,EAAM,CAAC,EAAG,OAAQ,CAAC,CAAC,EACpCO,EAASP,EAAM,CAAC,EAAE,MAAM,GAAG,EACvBQ,EAAK,EAAGA,EAAKD,EAAO,OAAQ,EAAEC,EACpCf,EAAO,OAAO,KAAKgB,GAAMF,EAAOC,CAAE,CAAC,CAAC,EAItC,GAAIlB,EAAI,SASD,GAAG,CAACA,EAAI,eAAiBG,EAAO,OAAS,iBAE9CH,EAAI,cAAgBiB,EAAO,CAAC,GAAK,WACzB,CAACjB,EAAI,SAAWG,EAAO,OAAS,WAAY,CAEpD,GAAGA,EAAO,OAAO,SAAW,EAC1B,MAAM,IAAI,MAAM,uFAC2B,EAE7CH,EAAI,QAAU,CAAC,UAAWiB,EAAO,CAAC,EAAG,WAAYA,EAAO,CAAC,GAAK,IAAI,CACpE,MACEjB,EAAI,QAAQ,KAAKG,CAAM,MApBP,CAChB,GAAGA,EAAO,OAAS,YACjB,MAAM,IAAI,MAAM,mFAC4B,EACvC,GAAGA,EAAO,OAAO,SAAW,EACjC,MAAM,IAAI,MAAM,gFACmB,EAErCH,EAAI,SAAW,CAAC,QAASiB,EAAO,CAAC,EAAG,KAAMA,EAAO,CAAC,CAAC,CACrD,CAaF,CAEA,EAAEJ,CACJ,CAEA,GAAGb,EAAI,WAAa,aAAe,CAACA,EAAI,QACtC,MAAM,IAAI,MAAM,qGACyC,EAE7D,CAEA,GAAGE,EAAK,SAAW,EACjB,MAAM,IAAI,MAAM,gCAAgC,EAGlD,OAAOA,CACT,EAEA,SAASE,GAAWD,EAAQ,CAQ1B,QAPID,EAAOC,EAAO,KAAO,KAGrBc,EAAS,CAAC,EACVG,EAAc,SAASV,EAAOW,EAAI,CACpC,MAAO,IAAMA,CACf,EACQhB,EAAI,EAAGA,EAAIF,EAAO,OAAO,OAAQ,EAAEE,EACzCY,EAAO,KAAKd,EAAO,OAAOE,CAAC,EAAE,QAAQ,aAAce,CAAW,CAAC,EAEjElB,GAAQe,EAAO,KAAK,GAAG,EAAI;AAAA,EAK3B,QAFIK,EAAS,EACTC,EAAY,GACRlB,EAAI,EAAGA,EAAIH,EAAK,OAAQ,EAAEG,EAAG,EAAEiB,EACrC,GAAGA,EAAS,IAAMC,IAAc,GAAI,CAClC,IAAIC,EAAStB,EAAKqB,CAAS,EACxBC,IAAW,KACZ,EAAED,EACFrB,EAAOA,EAAK,OAAO,EAAGqB,CAAS,EAAI;AAAA,GAAUrB,EAAK,OAAOqB,CAAS,GAElErB,EAAOA,EAAK,OAAO,EAAGqB,CAAS,EAC7B;AAAA,EAASC,EAAStB,EAAK,OAAOqB,EAAY,CAAC,EAE/CD,EAAUjB,EAAIkB,EAAY,EAC1BA,EAAY,GACZ,EAAElB,CACJ,MAAUH,EAAKG,CAAC,IAAM,KAAOH,EAAKG,CAAC,IAAM,KAAQH,EAAKG,CAAC,IAAM,OAC3DkB,EAAYlB,GAIhB,OAAOH,CACT,CAEA,SAASiB,GAAMb,EAAK,CAClB,OAAOA,EAAI,QAAQ,OAAQ,EAAE,CAC/B,IC5OA,IAAAmB,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cA+BA,IAAIC,GAAQ,IACZ,KACA,KACA,KAGAD,GAAO,QAAUC,GAAM,IAAMA,GAAM,KAAO,CAAC,EAsB3CA,GAAM,IAAI,gBAAkB,SAASC,EAAKC,EAAIC,EAAQC,EAAM,CAC1D,IAAIC,EAASC,GAAc,CACzB,IAAKL,EACL,OAAQE,EACR,QAAS,GACT,KAAMC,IAASF,IAAO,KAAO,MAAQ,MACvC,CAAC,EACD,OAAAG,EAAO,MAAMH,CAAE,EACRG,CACT,EAgBAL,GAAM,IAAI,uBAAyB,SAASC,EAAKG,EAAM,CACrD,OAAOE,GAAc,CACnB,IAAKL,EACL,OAAQ,KACR,QAAS,GACT,KAAMG,CACR,CAAC,CACH,EAsBAJ,GAAM,IAAI,gBAAkB,SAASC,EAAKC,EAAIC,EAAQC,EAAM,CAC1D,IAAIC,EAASC,GAAc,CACzB,IAAKL,EACL,OAAQE,EACR,QAAS,GACT,KAAMC,IAASF,IAAO,KAAO,MAAQ,MACvC,CAAC,EACD,OAAAG,EAAO,MAAMH,CAAE,EACRG,CACT,EAgBAL,GAAM,IAAI,uBAAyB,SAASC,EAAKG,EAAM,CACrD,OAAOE,GAAc,CACnB,IAAKL,EACL,OAAQ,KACR,QAAS,GACT,KAAMG,CACR,CAAC,CACH,EAUAJ,GAAM,IAAI,UAAY,SAASO,EAAMH,EAAM,CACzC,IAAII,EAAO,KACXA,EAAK,KAAOD,EACZC,EAAK,KAAO,IAAIJ,EAAK,CACnB,UAAW,EACX,OAAQ,CACN,QAAS,SAASK,EAASC,EAAU,CACnC,OAAOC,GAAaH,EAAK,MAAOC,EAASC,EAAU,EAAK,CAC1D,EACA,QAAS,SAASD,EAASC,EAAU,CACnC,OAAOC,GAAaH,EAAK,MAAOC,EAASC,EAAU,EAAI,CACzD,CACF,CACF,CAAC,EACDF,EAAK,MAAQ,EACf,EAUAR,GAAM,IAAI,UAAU,UAAU,WAAa,SAASY,EAAS,CAC3D,GAAG,MAAK,MAIR,KAAIX,EAAMD,GAAM,KAAK,aAAaY,EAAQ,GAAG,EAC7C,GAAG,KAAK,KAAK,QAAQ,MAAM,IAAM,GAC5BX,EAAI,OAAO,IAAM,GAClB,MAAM,IAAI,MAAM,gCAAkCA,EAAI,OAAO,EAAI,CAAC,EAKtE,KAAK,MAAQY,GAAYZ,CAAG,EAC5B,KAAK,MAAQ,GACf,EAIAa,GAAkB,UAAWd,GAAM,OAAO,MAAM,GAAG,EACnDc,GAAkB,UAAWd,GAAM,OAAO,MAAM,GAAG,EACnDc,GAAkB,UAAWd,GAAM,OAAO,MAAM,GAAG,EACnDc,GAAkB,UAAWd,GAAM,OAAO,MAAM,GAAG,EACnDc,GAAkB,UAAWd,GAAM,OAAO,MAAM,GAAG,EAEnDc,GAAkB,WAAYd,GAAM,OAAO,MAAM,GAAG,EACpDc,GAAkB,WAAYd,GAAM,OAAO,MAAM,GAAG,EACpDc,GAAkB,WAAYd,GAAM,OAAO,MAAM,GAAG,EACpDc,GAAkB,WAAYd,GAAM,OAAO,MAAM,GAAG,EACpDc,GAAkB,WAAYd,GAAM,OAAO,MAAM,GAAG,EAEpD,SAASc,GAAkBP,EAAMH,EAAM,CACrC,IAAIW,EAAU,UAAW,CACvB,OAAO,IAAIf,GAAM,IAAI,UAAUO,EAAMH,CAAI,CAC3C,EACAJ,GAAM,OAAO,kBAAkBO,EAAMQ,CAAO,CAC9C,CAIA,IAAIC,GAAc,CAAC,SAAU,EAAE,MAAQ,SAAU,SAAU,MAAQ,EAAI,MAAQ,KAAM,SAAU,SAAU,KAAM,SAAU,SAAU,SAAU,EAAI,KAAM,SAAU,SAAU,MAAQ,MAAQ,SAAU,SAAU,SAAU,MAAQ,SAAU,SAAU,MAAQ,EAAE,KAAM,MAAQ,SAAU,MAAQ,SAAU,EAAI,SAAU,SAAU,SAAU,SAAU,KAAM,SAAU,MAAQ,MAAQ,SAAU,KAAM,EAAI,SAAU,MAAQ,SAAU,MAAQ,SAAU,SAAU,SAAU,KAAM,MAAQ,SAAU,KAAM,SAAU,SAAU,EAAE,MAAQ,MAAQ,EAAE,QAAS,EACthBC,GAAc,CAAC,YAAY,YAAY,MAAO,QAAS,QAAS,GAAK,YAAY,YAAY,YAAY,YAAY,YAAY,YAAY,YAAY,QAAS,GAAK,YAAY,QAAS,QAAS,YAAY,EAAE,YAAY,MAAO,QAAS,YAAY,QAAS,YAAY,EAAE,QAAS,MAAO,YAAY,YAAY,MAAO,EAAE,QAAS,YAAY,QAAS,YAAY,YAAY,YAAY,MAAO,YAAY,YAAY,GAAK,YAAY,QAAS,GAAK,MAAO,YAAY,MAAO,YAAY,QAAS,YAAY,QAAS,YAAY,YAAY,QAAS,QAAS,EAAE,YAAY,MAAO,YAAY,YAAY,YAAY,OAAQ,EAClnBC,GAAc,CAAC,IAAM,UAAU,EAAE,UAAU,UAAU,EAAE,OAAQ,UAAU,OAAQ,UAAU,UAAU,OAAQ,UAAU,OAAQ,UAAU,IAAM,UAAU,EAAI,UAAU,IAAM,OAAQ,UAAU,UAAU,OAAQ,UAAU,OAAQ,OAAQ,UAAU,EAAI,UAAU,IAAM,UAAU,UAAU,UAAU,OAAQ,IAAM,OAAQ,UAAU,UAAU,EAAE,IAAM,OAAQ,UAAU,UAAU,UAAU,IAAM,EAAE,UAAU,UAAU,OAAQ,UAAU,UAAU,EAAI,OAAQ,OAAQ,UAAU,UAAU,UAAU,IAAM,UAAU,OAAQ,EAAI,UAAU,MAAO,EACthBC,GAAc,CAAC,QAAS,KAAO,KAAO,IAAK,QAAS,QAAS,QAAS,KAAO,EAAE,QAAS,QAAS,QAAS,IAAK,EAAE,QAAS,QAAS,EAAI,KAAO,QAAS,QAAS,IAAK,QAAS,KAAO,KAAO,QAAS,EAAI,KAAO,QAAS,KAAO,QAAS,QAAS,IAAK,QAAS,QAAS,QAAS,QAAS,IAAK,EAAE,EAAE,QAAS,KAAO,QAAS,QAAS,EAAI,QAAS,KAAO,KAAO,IAAK,QAAS,IAAK,EAAI,KAAO,QAAS,KAAO,QAAS,QAAS,KAAO,KAAO,QAAS,QAAS,IAAK,QAAS,KAAO,OAAQ,EAC9dC,GAAc,CAAC,IAAM,SAAU,SAAU,WAAW,OAAQ,IAAM,WAAW,SAAU,WAAW,OAAQ,SAAU,WAAW,WAAW,WAAW,OAAQ,WAAW,SAAU,WAAW,WAAW,EAAE,WAAW,WAAW,WAAW,SAAU,WAAW,WAAW,EAAE,WAAW,SAAU,SAAU,WAAW,OAAQ,OAAQ,WAAW,IAAM,SAAU,WAAW,SAAU,WAAW,WAAW,SAAU,WAAW,WAAW,SAAU,WAAW,IAAM,SAAU,WAAW,WAAW,OAAQ,WAAW,WAAW,SAAU,EAAE,WAAW,WAAW,OAAQ,SAAU,WAAW,OAAQ,EAAE,WAAW,SAAU,UAAU,EAC9mBC,GAAc,CAAC,UAAW,UAAW,MAAO,UAAW,UAAW,GAAK,UAAW,QAAS,UAAW,QAAS,QAAS,UAAW,QAAS,UAAW,UAAW,MAAO,EAAE,QAAS,UAAW,MAAO,QAAS,UAAW,GAAK,UAAW,UAAW,EAAE,QAAS,UAAW,MAAO,QAAS,UAAW,UAAW,UAAW,GAAK,UAAW,QAAS,UAAW,QAAS,MAAO,UAAW,QAAS,UAAW,UAAW,MAAO,UAAW,UAAW,QAAS,UAAW,QAAS,UAAW,EAAE,UAAW,GAAK,MAAO,UAAW,QAAS,MAAO,QAAS,UAAW,EAAE,UAAW,UAAW,QAAS,SAAU,EACllBC,GAAc,CAAC,QAAS,SAAU,SAAU,EAAE,KAAM,SAAU,QAAS,SAAU,SAAU,QAAS,EAAE,SAAU,EAAI,SAAU,SAAU,KAAM,SAAU,QAAS,QAAS,SAAU,SAAU,SAAU,SAAU,QAAS,SAAU,KAAM,KAAM,SAAU,QAAS,EAAI,SAAU,QAAS,SAAU,QAAS,QAAS,SAAU,SAAU,SAAU,SAAU,EAAI,QAAS,SAAU,SAAU,QAAS,SAAU,KAAM,QAAS,SAAU,KAAM,SAAU,SAAU,SAAU,QAAS,EAAE,EAAI,SAAU,EAAE,QAAS,SAAU,KAAM,SAAU,SAAU,KAAM,OAAQ,EACtiBC,GAAc,CAAC,UAAW,KAAO,OAAQ,UAAW,UAAW,UAAW,GAAK,UAAW,OAAQ,UAAW,UAAW,OAAQ,UAAW,OAAQ,KAAO,GAAK,UAAW,UAAW,UAAW,KAAO,OAAQ,OAAQ,UAAW,UAAW,KAAO,EAAE,EAAE,UAAW,UAAW,UAAW,OAAQ,OAAQ,OAAQ,OAAQ,UAAW,KAAO,GAAK,UAAW,KAAO,OAAQ,UAAW,GAAK,UAAW,UAAW,UAAW,UAAW,OAAQ,UAAW,EAAE,UAAW,OAAQ,UAAW,UAAW,UAAW,UAAW,EAAE,UAAW,OAAQ,OAAQ,KAAO,KAAO,OAAQ,UAAW,SAAU,EAStkB,SAASV,GAAYZ,EAAK,CA2BxB,QA1BIuB,EAAa,CAAC,EAAE,EAAI,UAAW,UAAW,MAAQ,MAAQ,UAAW,UAAW,IAAM,IAAM,UAAW,UAAW,MAAQ,MAAQ,UAAW,SAAU,EACvJC,EAAa,CAAC,EAAE,EAAI,QAAS,QAAS,SAAU,SAAU,SAAU,SAAU,IAAM,IAAM,QAAS,QAAS,SAAU,SAAU,SAAU,QAAS,EACnJC,EAAa,CAAC,EAAE,EAAI,KAAM,KAAM,SAAU,SAAU,SAAU,SAAU,EAAE,EAAI,KAAM,KAAM,SAAU,SAAU,SAAU,QAAS,EACjIC,EAAa,CAAC,EAAE,QAAS,UAAU,UAAU,KAAO,QAAS,UAAU,UAAU,OAAQ,QAAS,UAAU,UAAU,OAAQ,QAAS,UAAU,SAAS,EAC1JC,EAAa,CAAC,EAAE,OAAQ,GAAK,OAAQ,EAAE,OAAQ,GAAK,OAAQ,KAAO,OAAQ,KAAO,OAAQ,KAAO,OAAQ,KAAO,MAAO,EACvHC,EAAa,CAAC,EAAE,KAAM,GAAK,KAAM,EAAE,KAAM,GAAK,KAAM,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,QAAS,EACnIC,EAAa,CAAC,EAAE,UAAW,OAAQ,UAAW,EAAI,UAAW,OAAQ,UAAW,EAAE,UAAW,OAAQ,UAAW,EAAI,UAAW,OAAQ,SAAU,EACjJC,EAAa,CAAC,EAAE,MAAQ,KAAM,MAAQ,UAAW,UAAW,UAAW,UAAW,OAAQ,OAAQ,OAAQ,OAAQ,UAAW,UAAW,UAAW,SAAU,EAC7JC,EAAa,CAAC,EAAE,OAAQ,EAAE,OAAQ,EAAI,OAAQ,EAAI,OAAQ,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,QAAS,EACzIC,EAAa,CAAC,EAAE,UAAW,EAAI,UAAW,EAAE,UAAW,EAAI,UAAW,KAAM,UAAW,KAAM,UAAW,KAAM,UAAW,KAAM,SAAU,EACzIC,EAAa,CAAC,EAAE,GAAK,EAAE,GAAK,QAAS,QAAS,QAAS,QAAS,KAAO,KAAO,KAAO,KAAO,QAAS,QAAS,QAAS,OAAQ,EAC/HC,EAAa,CAAC,EAAE,SAAU,IAAM,SAAU,QAAS,SAAU,QAAS,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,SAAU,QAAS,EAC/JC,EAAa,CAAC,EAAE,KAAO,UAAU,UAAU,OAAQ,OAAQ,UAAU,UAAU,GAAK,KAAO,UAAU,UAAU,OAAQ,OAAQ,UAAU,SAAS,EAClJC,EAAa,CAAC,EAAE,EAAI,IAAM,IAAM,EAAE,EAAI,IAAM,IAAM,EAAI,EAAI,IAAM,IAAM,EAAI,EAAI,IAAM,GAAK,EAIzFC,EAAarC,EAAI,OAAO,EAAI,EAAI,EAAI,EAGpCsC,EAAO,CAAC,EAGRC,EAAS,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,CAAC,EAExDC,EAAI,EAAGC,EACHC,EAAI,EAAGA,EAAIL,EAAYK,IAAK,CAClC,IAAIC,EAAO3C,EAAI,SAAS,EACpB4C,EAAQ5C,EAAI,SAAS,EAEzByC,GAAQE,IAAS,EAAKC,GAAS,UAC/BA,GAASH,EACTE,GAASF,GAAO,EAEhBA,GAAQG,IAAU,IAAOD,GAAQ,MACjCA,GAAQF,EACRG,GAAUH,GAAO,IAEjBA,GAAQE,IAAS,EAAKC,GAAS,UAC/BA,GAASH,EACTE,GAASF,GAAO,EAEhBA,GAAQG,IAAU,IAAOD,GAAQ,MACjCA,GAAQF,EACRG,GAAUH,GAAO,IAEjBA,GAAQE,IAAS,EAAKC,GAAS,WAC/BA,GAASH,EACTE,GAASF,GAAO,EAEhBA,GAAQG,IAAU,EAAKD,GAAQ,SAC/BA,GAAQF,EACRG,GAAUH,GAAO,EAEjBA,GAAQE,IAAS,EAAKC,GAAS,WAC/BA,GAASH,EACTE,GAASF,GAAO,EAGhBA,EAAOE,GAAQ,EAAOC,IAAU,GAAM,IAGtCD,EAASC,GAAS,GAAQA,GAAS,EAAK,SACpCA,IAAU,EAAK,MAAYA,IAAU,GAAM,IAC/CA,EAAQH,EAGR,QAAQI,EAAI,EAAGA,EAAIN,EAAO,OAAQ,EAAEM,EAAG,CAElCN,EAAOM,CAAC,GACTF,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,KAElCD,EAAQA,GAAQ,EAAMA,IAAS,GAC/BC,EAASA,GAAS,EAAMA,IAAU,IAEpCD,GAAQ,IACRC,GAAS,IAOT,IAAIE,EACFvB,EAAUoB,IAAS,EAAE,EAAInB,EAAWmB,IAAS,GAAM,EAAG,EACtDlB,EAAWkB,IAAS,GAAM,EAAG,EAAIjB,EAAWiB,IAAS,GAAM,EAAG,EAC9DhB,EAAWgB,IAAS,GAAM,EAAG,EAAIf,EAAWe,IAAS,EAAK,EAAG,EAC7Dd,EAAWc,IAAS,EAAK,EAAG,EAC1BI,GACFjB,EAAUc,IAAU,EAAE,EAAIb,EAAWa,IAAU,GAAM,EAAG,EACxDZ,EAAWY,IAAU,GAAM,EAAG,EAAIX,EAAYW,IAAU,GAAM,EAAG,EACjEV,EAAYU,IAAU,GAAM,EAAG,EAAIT,EAAYS,IAAU,EAAK,EAAG,EACjER,EAAYQ,IAAU,EAAK,EAAG,EAChCH,GAAQM,KAAa,GAAMD,GAAW,MACtCR,EAAKE,GAAG,EAAIM,EAAUL,EACtBH,EAAKE,GAAG,EAAIO,GAAYN,GAAO,EACjC,CACF,CAEA,OAAOH,CACT,CAWA,SAAS5B,GAAa4B,EAAMU,EAAO9C,EAAQ+C,EAAS,CAElD,IAAIZ,EAAaC,EAAK,SAAW,GAAK,EAAI,EACtCY,EACDb,IAAe,EAChBa,EAAUD,EAAU,CAAC,GAAI,GAAI,EAAE,EAAI,CAAC,EAAG,GAAI,CAAC,EAE5CC,EAAWD,EACT,CAAC,GAAI,GAAI,GAAI,GAAI,GAAI,EAAG,GAAI,GAAI,EAAE,EAClC,CAAC,EAAG,GAAI,EAAG,GAAI,GAAI,GAAI,GAAI,GAAI,CAAC,EAGpC,IAAIR,EAEAE,EAAOK,EAAM,CAAC,EACdJ,EAAQI,EAAM,CAAC,EAGnBP,GAAQE,IAAS,EAAKC,GAAS,UAC/BA,GAASH,EACTE,GAASF,GAAO,EAEhBA,GAAQE,IAAS,GAAMC,GAAS,MAChCA,GAASH,EACTE,GAASF,GAAO,GAEhBA,GAAQG,IAAU,EAAKD,GAAQ,UAC/BA,GAAQF,EACRG,GAAUH,GAAO,EAEjBA,GAAQG,IAAU,EAAKD,GAAQ,SAC/BA,GAAQF,EACRG,GAAUH,GAAO,EAEjBA,GAAQE,IAAS,EAAKC,GAAS,WAC/BA,GAASH,EACTE,GAASF,GAAO,EAGhBE,EAASA,GAAQ,EAAMA,IAAS,GAChCC,EAAUA,GAAS,EAAMA,IAAU,GAEnC,QAAQF,EAAI,EAAGA,EAAIL,EAAYK,GAAK,EAAG,CAKrC,QAJIS,EAAUD,EAAQR,EAAI,CAAC,EACvBU,EAAUF,EAAQR,EAAI,CAAC,EAGnBG,EAAIK,EAAQR,CAAC,EAAGG,GAAKM,EAASN,GAAKO,EAAS,CAClD,IAAIC,EAAST,EAAQN,EAAKO,CAAC,EACvBS,GAAWV,IAAU,EAAMA,GAAS,IAAON,EAAKO,EAAI,CAAC,EAGzDJ,EAAME,EACNA,EAAOC,EACPA,EAAQH,GACNzB,GAAaqC,IAAW,GAAM,EAAI,EAClCnC,GAAamC,IAAW,GAAM,EAAI,EAClCjC,GAAaiC,IAAY,EAAK,EAAI,EAClC/B,GAAY+B,EAAS,EAAI,EACzBtC,GAAauC,IAAW,GAAM,EAAI,EAClCrC,GAAaqC,IAAW,GAAM,EAAI,EAClCnC,GAAamC,IAAY,EAAK,EAAI,EAClCjC,GAAYiC,EAAS,EAAI,EAC7B,CAEAb,EAAME,EACNA,EAAOC,EACPA,EAAQH,CACV,CAGAE,EAASA,IAAS,EAAMA,GAAQ,GAChCC,EAAUA,IAAU,EAAMA,GAAS,GAGnCH,GAAQE,IAAS,EAAKC,GAAS,WAC/BA,GAASH,EACTE,GAASF,GAAO,EAEhBA,GAAQG,IAAU,EAAKD,GAAQ,SAC/BA,GAAQF,EACRG,GAAUH,GAAO,EAEjBA,GAAQG,IAAU,EAAKD,GAAQ,UAC/BA,GAAQF,EACRG,GAAUH,GAAO,EAEjBA,GAAQE,IAAS,GAAMC,GAAS,MAChCA,GAASH,EACTE,GAASF,GAAO,GAEhBA,GAAQE,IAAS,EAAKC,GAAS,UAC/BA,GAASH,EACTE,GAASF,GAAO,EAEhBvC,EAAO,CAAC,EAAIyC,EACZzC,EAAO,CAAC,EAAI0C,CACd,CAqBA,SAASvC,GAAcM,EAAS,CAC9BA,EAAUA,GAAW,CAAC,EACtB,IAAIR,GAAQQ,EAAQ,MAAQ,OAAO,YAAY,EAC3C4C,EAAY,OAASpD,EAErBC,EACDO,EAAQ,QACTP,EAASL,GAAM,OAAO,eAAewD,EAAW5C,EAAQ,GAAG,EAE3DP,EAASL,GAAM,OAAO,aAAawD,EAAW5C,EAAQ,GAAG,EAI3D,IAAI6C,EAAQpD,EAAO,MACnB,OAAAA,EAAO,MAAQ,SAASH,EAAIU,EAAS,CAEnC,IAAIT,EAAS,KACVS,aAAmBZ,GAAM,KAAK,aAC/BG,EAASS,EACTA,EAAU,CAAC,GAEbA,EAAUA,GAAW,CAAC,EACtBA,EAAQ,OAAST,EACjBS,EAAQ,GAAKV,EACbuD,EAAM,KAAKpD,EAAQO,CAAO,CAC5B,EAEOP,CACT,IC/eA,IAAAqD,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cASA,IAAIC,GAAQ,IACZ,KACA,KACA,KAEA,IAAIC,GAAQD,GAAM,MAAQA,GAAM,OAAS,CAAC,EAEtCE,GACDF,GAAM,KAAK,UAAY,CAACA,GAAM,QAAQ,oBACvCE,GAAS,QAAQ,QAAQ,GAmB3BH,GAAO,QAAUC,GAAM,OAASC,GAAM,OAAS,SAC7CE,EAAGC,EAAGC,EAAGC,EAAOC,EAAIC,EAAU,CAQ9B,GAPG,OAAOD,GAAO,aACfC,EAAWD,EACXA,EAAK,MAKJP,GAAM,KAAK,UAAY,CAACA,GAAM,QAAQ,mBACvCE,GAAO,SAAWK,IAAO,MAAQ,OAAOA,GAAO,YAC9CL,GAAO,WAAW,OAAS,GAAM,CAACK,GAAMA,IAAO,QAOhD,OANG,OAAOA,GAAO,WAEfA,EAAK,QAEPJ,EAAI,OAAO,KAAKA,EAAG,QAAQ,EAC3BC,EAAI,OAAO,KAAKA,EAAG,QAAQ,EACvBI,EAMDN,GAAO,WAAW,SAAW,EACvBA,GAAO,OAAOC,EAAGC,EAAGC,EAAGC,EAAO,SAASG,EAAKC,EAAK,CACtD,GAAGD,EACD,OAAOD,EAASC,CAAG,EAErBD,EAAS,KAAME,EAAI,SAAS,QAAQ,CAAC,CACvC,CAAC,EAEIR,GAAO,OAAOC,EAAGC,EAAGC,EAAGC,EAAOC,EAAI,SAASE,EAAKC,EAAK,CAC1D,GAAGD,EACD,OAAOD,EAASC,CAAG,EAErBD,EAAS,KAAME,EAAI,SAAS,QAAQ,CAAC,CACvC,CAAC,EAlBIR,GAAO,WAAW,SAAW,EACvBA,GAAO,WAAWC,EAAGC,EAAGC,EAAGC,CAAK,EAAE,SAAS,QAAQ,EAErDJ,GAAO,WAAWC,EAAGC,EAAGC,EAAGC,EAAOC,CAAE,EAAE,SAAS,QAAQ,EAsBlE,IAJG,OAAOA,EAAO,KAAeA,IAAO,QAErCA,EAAK,QAEJ,OAAOA,GAAO,SAAU,CACzB,GAAG,EAAEA,KAAMP,GAAM,GAAG,YAClB,MAAM,IAAI,MAAM,2BAA6BO,CAAE,EAEjDA,EAAKP,GAAM,GAAGO,CAAE,EAAE,OAAO,CAC3B,CAEA,IAAII,EAAOJ,EAAG,aAId,GAAGD,EAAS,WAAaK,EAAO,CAC9B,IAAIF,EAAM,IAAI,MAAM,0BAA0B,EAC9C,GAAGD,EACD,OAAOA,EAASC,CAAG,EAErB,MAAMA,CACR,CAQA,IAAIG,EAAM,KAAK,KAAKN,EAAQK,CAAI,EAC5BE,EAAIP,GAASM,EAAM,GAAKD,EA2BxBG,EAAMd,GAAM,KAAK,OAAO,EAC5Bc,EAAI,MAAMP,EAAIJ,CAAC,EACf,IAAIY,EAAK,GACLC,EAAKC,EAAKC,EAGd,GAAG,CAACV,EAAU,CACZ,QAAQW,EAAI,EAAGA,GAAKP,EAAK,EAAEO,EAAG,CAE5BL,EAAI,MAAM,KAAM,IAAI,EACpBA,EAAI,OAAOV,CAAC,EACZU,EAAI,OAAOd,GAAM,KAAK,aAAamB,CAAC,CAAC,EACrCH,EAAME,EAAOJ,EAAI,OAAO,EAAE,SAAS,EAGnC,QAAQM,EAAI,EAAGA,GAAKf,EAAG,EAAEe,EACvBN,EAAI,MAAM,KAAM,IAAI,EACpBA,EAAI,OAAOI,CAAI,EACfD,EAAMH,EAAI,OAAO,EAAE,SAAS,EAE5BE,EAAMhB,GAAM,KAAK,SAASgB,EAAKC,EAAKN,CAAI,EACxCO,EAAOD,EAOTF,GAAOI,EAAIP,EAAOI,EAAMA,EAAI,OAAO,EAAGH,CAAC,CACzC,CAEA,OAAOE,CACT,CAGA,IAAII,EAAI,EAAGC,EACX,SAASC,GAAQ,CACf,GAAGF,EAAIP,EAEL,OAAOJ,EAAS,KAAMO,CAAE,EAI1BD,EAAI,MAAM,KAAM,IAAI,EACpBA,EAAI,OAAOV,CAAC,EACZU,EAAI,OAAOd,GAAM,KAAK,aAAamB,CAAC,CAAC,EACrCH,EAAME,EAAOJ,EAAI,OAAO,EAAE,SAAS,EAGnCM,EAAI,EACJE,EAAM,CACR,CAEA,SAASA,GAAQ,CACf,GAAGF,GAAKf,EACN,OAAAS,EAAI,MAAM,KAAM,IAAI,EACpBA,EAAI,OAAOI,CAAI,EACfD,EAAMH,EAAI,OAAO,EAAE,SAAS,EAE5BE,EAAMhB,GAAM,KAAK,SAASgB,EAAKC,EAAKN,CAAI,EACxCO,EAAOD,EACP,EAAEG,EACKpB,GAAM,KAAK,aAAasB,CAAK,EAOtCP,GAAOI,EAAIP,EAAOI,EAAMA,EAAI,OAAO,EAAGH,CAAC,EAEvC,EAAEM,EACFE,EAAM,CACR,CAEAA,EAAM,CACR,IClNA,IAAAE,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cASA,IAAIC,GAAQ,IACZ,KACA,KAEA,IAAIC,GAASF,GAAO,QAAUC,GAAM,OAASA,GAAM,QAAU,CAAC,EAC9DA,GAAM,GAAG,OAASA,GAAM,GAAG,WAAW,OAASC,GAO/CA,GAAO,OAAS,UAAW,CAErBC,IACFC,GAAM,EAIR,IAAIC,EAAS,KAGTC,EAASL,GAAM,KAAK,aAAa,EAGjCM,EAAK,IAAI,MAAM,EAAE,EAGjBC,EAAK,CACP,UAAW,SACX,YAAa,GACb,aAAc,GAEd,cAAe,EAEf,kBAAmB,KAEnB,kBAAmB,CACrB,EAOA,OAAAA,EAAG,MAAQ,UAAW,CAEpBA,EAAG,cAAgB,EAGnBA,EAAG,kBAAoBA,EAAG,gBAAkB,CAAC,EAE7C,QADIC,EAASD,EAAG,kBAAoB,EAC5B,EAAI,EAAG,EAAIC,EAAQ,EAAE,EAC3BD,EAAG,kBAAkB,KAAK,CAAC,EAE7B,OAAAF,EAASL,GAAM,KAAK,aAAa,EACjCI,EAAS,CACP,GAAI,WACJ,GAAI,WACJ,GAAI,WACJ,GAAI,WACJ,GAAI,WACJ,GAAI,WACJ,GAAI,UACJ,GAAI,UACN,EACOG,CACT,EAEAA,EAAG,MAAM,EAYTA,EAAG,OAAS,SAASE,EAAKC,EAAU,CAC/BA,IAAa,SACdD,EAAMT,GAAM,KAAK,WAAWS,CAAG,GAIjC,IAAIE,EAAMF,EAAI,OACdF,EAAG,eAAiBI,EACpBA,EAAM,CAAEA,EAAM,aAAiB,EAAGA,IAAQ,CAAC,EAC3C,QAAQC,EAAIL,EAAG,kBAAkB,OAAS,EAAGK,GAAK,EAAG,EAAEA,EACrDL,EAAG,kBAAkBK,CAAC,GAAKD,EAAI,CAAC,EAChCA,EAAI,CAAC,EAAIA,EAAI,CAAC,GAAMJ,EAAG,kBAAkBK,CAAC,EAAI,aAAiB,GAC/DL,EAAG,kBAAkBK,CAAC,EAAIL,EAAG,kBAAkBK,CAAC,IAAM,EACtDD,EAAI,CAAC,EAAMA,EAAI,CAAC,EAAI,aAAiB,EAIvC,OAAAN,EAAO,SAASI,CAAG,EAGnBI,GAAQT,EAAQE,EAAID,CAAM,GAGvBA,EAAO,KAAO,MAAQA,EAAO,OAAO,IAAM,IAC3CA,EAAO,QAAQ,EAGVE,CACT,EAOAA,EAAG,OAAS,UAAW,CAqBrB,IAAIO,EAAad,GAAM,KAAK,aAAa,EACzCc,EAAW,SAAST,EAAO,MAAM,CAAC,EAGlC,IAAIU,EACFR,EAAG,kBAAkBA,EAAG,kBAAkB,OAAS,CAAC,EACpDA,EAAG,kBAKDS,EAAWD,EAAaR,EAAG,YAAc,EAC7CO,EAAW,SAASG,GAAS,OAAO,EAAGV,EAAG,YAAcS,CAAQ,CAAC,EAMjE,QAFIE,EAAMC,EACNC,EAAOb,EAAG,kBAAkB,CAAC,EAAI,EAC7BK,EAAI,EAAGA,EAAIL,EAAG,kBAAkB,OAAS,EAAG,EAAEK,EACpDM,EAAOX,EAAG,kBAAkBK,EAAI,CAAC,EAAI,EACrCO,EAASD,EAAO,aAAiB,EACjCE,GAAQD,EACRL,EAAW,SAASM,IAAS,CAAC,EAC9BA,EAAOF,IAAS,EAElBJ,EAAW,SAASM,CAAI,EAExB,IAAIC,EAAK,CACP,GAAIjB,EAAO,GACX,GAAIA,EAAO,GACX,GAAIA,EAAO,GACX,GAAIA,EAAO,GACX,GAAIA,EAAO,GACX,GAAIA,EAAO,GACX,GAAIA,EAAO,GACX,GAAIA,EAAO,EACb,EACAS,GAAQQ,EAAIf,EAAIQ,CAAU,EAC1B,IAAIQ,EAAOtB,GAAM,KAAK,aAAa,EACnC,OAAAsB,EAAK,SAASD,EAAG,EAAE,EACnBC,EAAK,SAASD,EAAG,EAAE,EACnBC,EAAK,SAASD,EAAG,EAAE,EACnBC,EAAK,SAASD,EAAG,EAAE,EACnBC,EAAK,SAASD,EAAG,EAAE,EACnBC,EAAK,SAASD,EAAG,EAAE,EACnBC,EAAK,SAASD,EAAG,EAAE,EACnBC,EAAK,SAASD,EAAG,EAAE,EACZC,CACT,EAEOf,CACT,EAGA,IAAIU,GAAW,KACXf,GAAe,GAGfqB,GAAK,KAKT,SAASpB,IAAQ,CAEfc,GAAW,OACXA,IAAYjB,GAAM,KAAK,WAAW,KAA2B,EAAE,EAG/DuB,GAAK,CACH,WAAY,WAAY,WAAY,WACpC,UAAY,WAAY,WAAY,WACpC,WAAY,UAAY,UAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,UAAY,UACpC,UAAY,UAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UACpC,UAAY,UAAY,UAAY,UACpC,UAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,WACpC,WAAY,WAAY,WAAY,UAAU,EAGhDrB,GAAe,EACjB,CASA,SAASW,GAAQW,EAAGC,EAAGC,EAAO,CAI5B,QAFIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAIC,EAAKpB,EAAGqB,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EACjD7B,EAAMe,EAAM,OAAO,EACjBf,GAAO,IAAI,CAGf,IAAIC,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBa,EAAEb,CAAC,EAAIc,EAAM,SAAS,EAExB,KAAMd,EAAI,GAAI,EAAEA,EAEde,EAAKF,EAAEb,EAAI,CAAC,EACZe,GACIA,IAAO,GAAOA,GAAM,KACpBA,IAAO,GAAOA,GAAM,IACrBA,IAAO,GAEVC,EAAKH,EAAEb,EAAI,EAAE,EACbgB,GACIA,IAAO,EAAMA,GAAM,KACnBA,IAAO,GAAOA,GAAM,IACrBA,IAAO,EAEVH,EAAEb,CAAC,EAAKe,EAAKF,EAAEb,EAAI,CAAC,EAAIgB,EAAKH,EAAEb,EAAI,EAAE,EAAK,EAc5C,IAVAqB,EAAIT,EAAE,GACNU,EAAIV,EAAE,GACNW,EAAIX,EAAE,GACNY,EAAIZ,EAAE,GACNa,EAAIb,EAAE,GACNc,EAAId,EAAE,GACNe,EAAIf,EAAE,GACNgB,EAAIhB,EAAE,GAGFZ,EAAI,EAAGA,EAAI,GAAI,EAAEA,EAEnBkB,GACIO,IAAM,EAAMA,GAAK,KACjBA,IAAM,GAAOA,GAAK,KAClBA,IAAM,GAAOA,GAAK,GAEtBN,EAAKQ,EAAKF,GAAKC,EAAIC,GAEnBV,GACII,IAAM,EAAMA,GAAK,KACjBA,IAAM,GAAOA,GAAK,KAClBA,IAAM,GAAOA,GAAK,IAEtBD,EAAOC,EAAIC,EAAMC,GAAKF,EAAIC,GAG1BP,EAAKa,EAAIV,EAAKC,EAAKR,GAAGX,CAAC,EAAIa,EAAEb,CAAC,EAC9BgB,EAAKC,EAAKG,EACVQ,EAAID,EACJA,EAAID,EACJA,EAAID,EAGJA,EAAKD,EAAIT,IAAQ,EACjBS,EAAID,EACJA,EAAID,EACJA,EAAID,EAGJA,EAAKN,EAAKC,IAAQ,EAIpBJ,EAAE,GAAMA,EAAE,GAAKS,EAAK,EACpBT,EAAE,GAAMA,EAAE,GAAKU,EAAK,EACpBV,EAAE,GAAMA,EAAE,GAAKW,EAAK,EACpBX,EAAE,GAAMA,EAAE,GAAKY,EAAK,EACpBZ,EAAE,GAAMA,EAAE,GAAKa,EAAK,EACpBb,EAAE,GAAMA,EAAE,GAAKc,EAAK,EACpBd,EAAE,GAAMA,EAAE,GAAKe,EAAK,EACpBf,EAAE,GAAMA,EAAE,GAAKgB,EAAK,EACpB7B,GAAO,EACT,CACF,ICtUA,IAAA8B,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAWA,IAAIC,GAAQ,IACZ,KAEA,IAAIC,GAAU,KACXD,GAAM,KAAK,UAAY,CAACA,GAAM,QAAQ,mBACvC,CAAC,QAAQ,SAAS,aAAa,IAC/BC,GAAU,QAAQ,QAAQ,GAI5B,IAAIC,GAAOH,GAAO,QAAUC,GAAM,KAAOA,GAAM,MAAQ,CAAC,EAoBxDE,GAAK,OAAS,SAASC,EAAQ,CAiB7B,QAhBIC,EAAM,CACR,OAAQD,EACR,IAAK,KACL,KAAM,KACN,KAAM,KAEN,QAAS,EAET,UAAW,EAEX,SAAU,EACZ,EAGIE,EAAKF,EAAO,GACZG,EAAQ,IAAI,MAAM,EAAE,EAChBC,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACvBD,EAAMC,CAAC,EAAIF,EAAG,OAAO,EAEvBD,EAAI,MAAQE,EAGZF,EAAI,KAAO,EAYXA,EAAI,SAAW,SAASI,EAAOC,EAAU,CAEvC,GAAG,CAACA,EACF,OAAOL,EAAI,aAAaI,CAAK,EAI/B,IAAIE,EAASN,EAAI,OAAO,OACpBO,EAAYP,EAAI,OAAO,UACvBQ,EAAYR,EAAI,OAAO,UACvBS,EAAaT,EAAI,OAAO,WACxBU,EAAId,GAAM,KAAK,aAAa,EAOhCI,EAAI,IAAM,KAEVW,EAAS,EAET,SAASA,EAASC,EAAK,CACrB,GAAGA,EACD,OAAOP,EAASO,CAAG,EAIrB,GAAGF,EAAE,OAAO,GAAKN,EACf,OAAOC,EAAS,KAAMK,EAAE,SAASN,CAAK,CAAC,EAQzC,GAJGJ,EAAI,UAAY,UACjBA,EAAI,IAAM,MAGTA,EAAI,MAAQ,KAEb,OAAOJ,GAAM,KAAK,SAAS,UAAW,CACpCiB,EAAQF,CAAQ,CAClB,CAAC,EAIH,IAAIG,EAAQR,EAAON,EAAI,IAAKA,EAAI,IAAI,EACpCA,EAAI,WAAac,EAAM,OACvBJ,EAAE,SAASI,CAAK,EAGhBd,EAAI,IAAMQ,EAAUF,EAAON,EAAI,IAAKO,EAAUP,EAAI,IAAI,CAAC,CAAC,EACxDA,EAAI,KAAOS,EAAWH,EAAON,EAAI,IAAKA,EAAI,IAAI,CAAC,EAE/CJ,GAAM,KAAK,aAAae,CAAQ,CAClC,CACF,EASAX,EAAI,aAAe,SAASI,EAAO,CAEjC,IAAIE,EAASN,EAAI,OAAO,OACpBO,EAAYP,EAAI,OAAO,UACvBQ,EAAYR,EAAI,OAAO,UACvBS,EAAaT,EAAI,OAAO,WAO5BA,EAAI,IAAM,KAGV,QADIU,EAAId,GAAM,KAAK,aAAa,EAC1Bc,EAAE,OAAO,EAAIN,GAAO,CAErBJ,EAAI,UAAY,UACjBA,EAAI,IAAM,MAGTA,EAAI,MAAQ,MACbe,EAAY,EAId,IAAID,EAAQR,EAAON,EAAI,IAAKA,EAAI,IAAI,EACpCA,EAAI,WAAac,EAAM,OACvBJ,EAAE,SAASI,CAAK,EAGhBd,EAAI,IAAMQ,EAAUF,EAAON,EAAI,IAAKO,EAAUP,EAAI,IAAI,CAAC,CAAC,EACxDA,EAAI,KAAOS,EAAWH,EAAON,EAAI,IAAKA,EAAI,IAAI,CAAC,CACjD,CAEA,OAAOU,EAAE,SAASN,CAAK,CACzB,EAOA,SAASS,EAAQR,EAAU,CACzB,GAAGL,EAAI,MAAM,CAAC,EAAE,eAAiB,GAC/B,OAAAgB,EAAM,EACCX,EAAS,EAGlB,IAAIY,EAAU,GAAKjB,EAAI,MAAM,CAAC,EAAE,eAAkB,EAClDA,EAAI,SAASiB,EAAQ,SAASL,EAAKE,EAAO,CACxC,GAAGF,EACD,OAAOP,EAASO,CAAG,EAErBZ,EAAI,QAAQc,CAAK,EACjBE,EAAM,EACNX,EAAS,CACX,CAAC,CACH,CAKA,SAASU,GAAc,CACrB,GAAGf,EAAI,MAAM,CAAC,EAAE,eAAiB,GAC/B,OAAOgB,EAAM,EAGf,IAAIC,EAAU,GAAKjB,EAAI,MAAM,CAAC,EAAE,eAAkB,EAClDA,EAAI,QAAQA,EAAI,aAAaiB,CAAM,CAAC,EACpCD,EAAM,CACR,CAKA,SAASA,GAAQ,CAEfhB,EAAI,QAAWA,EAAI,UAAY,WAAc,EAAIA,EAAI,QAAU,EAO/D,IAAIC,EAAKD,EAAI,OAAO,GAAG,OAAO,EAG9BC,EAAG,OAAOD,EAAI,QAAQ,EAKtB,QADIkB,EAAS,EACLC,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACpBnB,EAAI,QAAUkB,IAAW,IAC1BjB,EAAG,OAAOD,EAAI,MAAMmB,CAAC,EAAE,OAAO,EAAE,SAAS,CAAC,EAC1CnB,EAAI,MAAMmB,CAAC,EAAE,MAAM,GAErBD,EAASA,GAAU,EAIrBlB,EAAI,SAAWC,EAAG,OAAO,EAAE,SAAS,EAMpCA,EAAG,MAAM,EACTA,EAAG,OAAOD,EAAI,QAAQ,EACtB,IAAIoB,EAAYnB,EAAG,OAAO,EAAE,SAAS,EAGrCD,EAAI,IAAMA,EAAI,OAAO,UAAUA,EAAI,QAAQ,EAC3CA,EAAI,KAAOA,EAAI,OAAO,WAAWoB,CAAS,EAC1CpB,EAAI,UAAY,CAClB,CAUA,SAASqB,EAAgBJ,EAAQ,CAE/B,IAAIK,EAAkB,KAClBC,EAAc3B,GAAM,KAAK,YACzBC,EAAU0B,EAAY,QAAUA,EAAY,SAC7C1B,GAAWA,EAAQ,kBACpByB,EAAkB,SAASE,EAAK,CAC9B,OAAO3B,EAAQ,gBAAgB2B,CAAG,CACpC,GAGF,IAAId,EAAId,GAAM,KAAK,aAAa,EAChC,GAAG0B,EACD,KAAMZ,EAAE,OAAO,EAAIO,GAAQ,CAGzB,IAAIb,EAAQ,KAAK,IAAI,EAAG,KAAK,IAAIa,EAASP,EAAE,OAAO,EAAG,KAAK,EAAI,CAAC,EAC5De,EAAU,IAAI,YAAY,KAAK,MAAMrB,CAAK,CAAC,EAC/C,GAAI,CACFkB,EAAgBG,CAAO,EACvB,QAAQtB,EAAI,EAAGA,EAAIsB,EAAQ,OAAQ,EAAEtB,EACnCO,EAAE,SAASe,EAAQtB,CAAC,CAAC,CAEzB,OAAQuB,EAAG,CAET,GAAG,EAAE,OAAO,mBAAuB,KACjCA,aAAa,oBACb,MAAMA,CAEV,CACF,CAIF,GAAGhB,EAAE,OAAO,EAAIO,EAMd,QAFIU,EAAIC,EAAIC,EACRC,EAAO,KAAK,MAAM,KAAK,OAAO,EAAI,KAAQ,EACxCpB,EAAE,OAAO,EAAIO,GAAQ,CACzBW,EAAK,OAASE,EAAO,OACrBH,EAAK,OAASG,GAAQ,IACtBF,IAAOD,EAAK,QAAW,GACvBC,GAAMD,GAAM,GACZC,GAAMA,EAAK,aAAeA,GAAM,IAChCE,EAAOF,EAAK,WAGZ,QAAQzB,EAAI,EAAGA,EAAI,EAAG,EAAEA,EAEtB0B,EAAOC,KAAU3B,GAAK,GACtB0B,GAAQ,KAAK,MAAM,KAAK,OAAO,EAAI,GAAM,EACzCnB,EAAE,QAAQmB,EAAO,GAAI,CAEzB,CAGF,OAAOnB,EAAE,SAASO,CAAM,CAC1B,CAEA,OAAGpB,IAEDG,EAAI,SAAW,SAASiB,EAAQZ,EAAU,CACxCR,GAAQ,YAAYoB,EAAQ,SAASL,EAAKE,EAAO,CAC/C,GAAGF,EACD,OAAOP,EAASO,CAAG,EAErBP,EAAS,KAAMS,EAAM,SAAS,CAAC,CACjC,CAAC,CACH,EAEAd,EAAI,aAAe,SAASiB,EAAQ,CAClC,OAAOpB,GAAQ,YAAYoB,CAAM,EAAE,SAAS,CAC9C,IAEAjB,EAAI,SAAW,SAASiB,EAAQZ,EAAU,CACxC,GAAI,CACFA,EAAS,KAAMgB,EAAgBJ,CAAM,CAAC,CACxC,OAAQS,EAAG,CACTrB,EAASqB,CAAC,CACZ,CACF,EACA1B,EAAI,aAAeqB,GAQrBrB,EAAI,QAAU,SAASc,EAAO,CAG5B,QADIV,EAAQU,EAAM,OACVX,EAAI,EAAGA,EAAIC,EAAO,EAAED,EAC1BH,EAAI,MAAMA,EAAI,IAAI,EAAE,OAAOc,EAAM,OAAOX,EAAG,CAAC,CAAC,EAC7CH,EAAI,KAAQA,EAAI,OAAS,GAAM,EAAIA,EAAI,KAAO,CAElD,EAQAA,EAAI,WAAa,SAASG,EAAG4B,EAAG,CAE9B,QADIjB,EAAQ,GACJkB,EAAI,EAAGA,EAAID,EAAGC,GAAK,EACzBlB,GAAS,OAAO,aAAcX,GAAK6B,EAAK,GAAI,EAE9ChC,EAAI,QAAQc,CAAK,CACnB,EAUAd,EAAI,eAAiB,SAASiC,EAAQ,CAEpC,GAAGA,IAAW,KACZjC,EAAI,SAAW,SAASiB,EAAQZ,EAAU,CACxC,SAAS6B,EAASR,EAAG,CACnB,IAAIS,EAAOT,EAAE,KACVS,EAAK,OAASA,EAAK,MAAM,OAC1B,KAAK,oBAAoB,UAAWD,CAAQ,EAC5C7B,EAAS8B,EAAK,MAAM,KAAK,IAAKA,EAAK,MAAM,KAAK,KAAK,EAEvD,CACA,KAAK,iBAAiB,UAAWD,CAAQ,EACzC,KAAK,YAAY,CAAC,MAAO,CAAC,KAAM,CAAC,OAAQjB,CAAM,CAAC,CAAC,CAAC,CACpD,MACK,CAEL,IAAIiB,EAAW,SAASR,EAAG,CACzB,IAAIS,EAAOT,EAAE,KACVS,EAAK,OAASA,EAAK,MAAM,MAC1BnC,EAAI,SAASmC,EAAK,MAAM,KAAK,OAAQ,SAASvB,EAAKE,EAAO,CACxDmB,EAAO,YAAY,CAAC,MAAO,CAAC,KAAM,CAAC,IAAKrB,EAAK,MAAOE,CAAK,CAAC,CAAC,CAAC,CAC9D,CAAC,CAEL,EAEAmB,EAAO,iBAAiB,UAAWC,CAAQ,CAC7C,CACF,EAEOlC,CACT,IClaA,IAAAoC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAeA,IAAIC,GAAQ,IACZ,KACA,KACA,KACA,MAEC,UAAW,CAGZ,GAAGA,GAAM,QAAUA,GAAM,OAAO,SAAU,CACxCD,GAAO,QAAUC,GAAM,OACvB,MACF,EAEC,SAASC,EAAQ,CAGlB,IAAIC,EAAW,CAAC,EACZC,EAAmB,IAAI,MAAM,CAAC,EAC9BC,EAAmBJ,GAAM,KAAK,aAAa,EAC/CE,EAAS,UAAY,SAASG,EAAK,CAEjC,IAAIC,EAAMN,GAAM,KAAK,aAAaK,CAAG,EACrC,OAAAA,EAAM,IAAI,MAAM,CAAC,EACjBA,EAAI,CAAC,EAAIC,EAAI,SAAS,EACtBD,EAAI,CAAC,EAAIC,EAAI,SAAS,EACtBD,EAAI,CAAC,EAAIC,EAAI,SAAS,EACtBD,EAAI,CAAC,EAAIC,EAAI,SAAS,EAGfN,GAAM,IAAI,WAAWK,EAAK,EAAK,CACxC,EACAH,EAAS,WAAa,SAASK,EAAM,CAEnC,IAAID,EAAMN,GAAM,KAAK,aAAaO,CAAI,EACtC,OAAAA,EAAO,IAAI,MAAM,CAAC,EAClBA,EAAK,CAAC,EAAID,EAAI,SAAS,EACvBC,EAAK,CAAC,EAAID,EAAI,SAAS,EACvBC,EAAK,CAAC,EAAID,EAAI,SAAS,EACvBC,EAAK,CAAC,EAAID,EAAI,SAAS,EAChBC,CACT,EACAL,EAAS,OAAS,SAASG,EAAKE,EAAM,CACpC,OAAAP,GAAM,IAAI,aAAaK,EAAKE,EAAMJ,EAAkB,EAAK,EACzDC,EAAiB,SAASD,EAAiB,CAAC,CAAC,EAC7CC,EAAiB,SAASD,EAAiB,CAAC,CAAC,EAC7CC,EAAiB,SAASD,EAAiB,CAAC,CAAC,EAC7CC,EAAiB,SAASD,EAAiB,CAAC,CAAC,EACtCC,EAAiB,SAAS,CACnC,EACAF,EAAS,UAAY,SAASK,EAAM,CAElC,QAAEA,EAAK,CAAC,EACDA,CACT,EACAL,EAAS,GAAKF,GAAM,GAAG,OAKvB,SAASQ,GAAY,CACnB,IAAIC,EAAMT,GAAM,KAAK,OAAOE,CAAQ,EAcpC,OAAAO,EAAI,SAAW,SAASC,EAAOC,EAAU,CACvC,OAAOF,EAAI,SAASC,EAAOC,CAAQ,CACrC,EAYAF,EAAI,aAAe,SAASC,EAAO,CACjC,OAAOD,EAAI,SAASC,CAAK,CAC3B,EAEOD,CACT,CAGA,IAAIG,EAAOJ,EAAU,EAIjBK,EAAkB,KAClBC,EAAcd,GAAM,KAAK,YACzBe,EAAUD,EAAY,QAAUA,EAAY,SAOhD,GANGC,GAAWA,EAAQ,kBACpBF,EAAkB,SAASG,EAAK,CAC9B,OAAOD,EAAQ,gBAAgBC,CAAG,CACpC,GAGChB,GAAM,QAAQ,mBACd,CAACA,GAAM,KAAK,UAAY,CAACa,EAAkB,CAW5C,GARG,OAAO,OAAW,KAAe,OAAO,SAK3CD,EAAK,WAAW,CAAC,IAAI,KAAQ,EAAE,EAG5B,OAAO,UAAe,IAAa,CACpC,IAAIK,EAAY,GAChB,QAAQZ,KAAO,UACb,GAAI,CACC,OAAO,UAAUA,CAAG,GAAM,WAC3BY,GAAa,UAAUZ,CAAG,EAE9B,MAAW,CAOX,CAEFO,EAAK,QAAQK,CAAS,EACtBA,EAAY,IACd,CAGGhB,IAEDA,EAAO,EAAE,UAAU,SAASiB,EAAG,CAE7BN,EAAK,WAAWM,EAAE,QAAS,EAAE,EAC7BN,EAAK,WAAWM,EAAE,QAAS,EAAE,CAC/B,CAAC,EAGDjB,EAAO,EAAE,SAAS,SAASiB,EAAG,CAC5BN,EAAK,WAAWM,EAAE,SAAU,CAAC,CAC/B,CAAC,EAEL,CAGA,GAAG,CAAClB,GAAM,OACRA,GAAM,OAASY,MAGf,SAAQP,KAAOO,EACbZ,GAAM,OAAOK,CAAG,EAAIO,EAAKP,CAAG,EAKhCL,GAAM,OAAO,eAAiBQ,EAE9BT,GAAO,QAAUC,GAAM,MAEvB,GAAG,OAAO,OAAY,IAAc,OAAS,IAAI,CAEjD,GAAG,IC9LH,IAAAmB,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAUA,IAAIC,GAAQ,IACZ,KAEA,IAAIC,GAAU,CACZ,IAAM,IAAM,IAAM,IAAM,GAAM,IAAM,IAAM,IAAM,GAAM,IAAM,IAAM,IAAM,GAAM,IAAM,IAAM,IAC1F,IAAM,IAAM,GAAM,IAAM,GAAM,IAAM,GAAM,IAAM,GAAM,GAAM,IAAM,IAAM,GAAM,IAAM,IAAM,IAC1F,GAAM,IAAM,GAAM,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,IAAM,IAAM,EAAM,IAAM,IAAM,GAC1F,IAAM,IAAM,GAAM,IAAM,IAAM,IAAM,IAAM,GAAM,IAAM,IAAM,GAAM,GAAM,GAAM,IAAM,GAAM,IAC1F,GAAM,IAAM,IAAM,IAAM,IAAM,GAAM,IAAM,GAAM,IAAM,GAAM,IAAM,GAAM,IAAM,IAAM,IAAM,IAC1F,GAAM,IAAM,IAAM,GAAM,GAAM,IAAM,IAAM,IAAM,GAAM,GAAM,IAAM,GAAM,IAAM,GAAM,IAAM,GAC1F,IAAM,IAAM,GAAM,IAAM,GAAM,IAAM,EAAM,GAAM,GAAM,IAAM,GAAM,IAAM,IAAM,IAAM,GAAM,EAC1F,IAAM,GAAM,IAAM,IAAM,IAAM,IAAM,GAAM,IAAM,EAAM,IAAM,IAAM,GAAM,IAAM,IAAM,GAAM,IAC1F,EAAM,IAAM,IAAM,IAAM,IAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,GAAM,IAAM,GAC1F,IAAM,GAAM,IAAM,IAAM,GAAM,GAAM,GAAM,IAAM,GAAM,IAAM,IAAM,GAAM,EAAM,GAAM,IAAM,IAC1F,IAAM,IAAM,GAAM,IAAM,GAAM,GAAM,IAAM,IAAM,GAAM,IAAM,IAAM,GAAM,IAAM,IAAM,IAAM,GAC1F,IAAM,IAAM,GAAM,IAAM,GAAM,IAAM,IAAM,IAAM,IAAM,EAAM,GAAM,GAAM,GAAM,GAAM,IAAM,GAC1F,GAAM,GAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,EAAM,IAAM,GAAM,GAAM,IAAM,IAAM,IAAM,IAC1F,IAAM,EAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,EAAM,GAAM,GAAM,IAAM,IAAM,IAC1F,GAAM,GAAM,GAAM,GAAM,IAAM,GAAM,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,IAAM,IAAM,IAAM,GAC1F,IAAM,IAAM,IAAM,GAAM,IAAM,IAAM,IAAM,IAAM,GAAM,IAAM,GAAM,IAAM,IAAM,IAAM,IAAM,GAC5F,EAEIC,GAAI,CAAC,EAAG,EAAG,EAAG,CAAC,EAYfC,GAAM,SAASC,EAAMC,EAAM,CAC7B,OAASD,GAAQC,EAAQ,OAAYD,EAAO,QAAY,GAAKC,CAC/D,EAYIC,GAAM,SAASF,EAAMC,EAAM,CAC7B,OAASD,EAAO,QAAWC,EAAUD,GAAS,GAAKC,EAAS,KAC9D,EAGAN,GAAO,QAAUC,GAAM,IAAMA,GAAM,KAAO,CAAC,EAS3CA,GAAM,IAAI,UAAY,SAASO,EAAKC,EAAY,CAC3C,OAAOD,GAAQ,WAChBA,EAAMP,GAAM,KAAK,aAAaO,CAAG,GAEnCC,EAAaA,GAAc,IAG3B,IAAIC,EAAIF,EACJG,EAAIH,EAAI,OAAO,EACfI,EAAKH,EACLI,EAAK,KAAK,KAAKD,EAAK,CAAC,EACrBE,EAAK,MAASF,EAAK,GACnBG,EAEJ,IAAIA,EAAIJ,EAAGI,EAAI,IAAKA,IAClBL,EAAE,QAAQR,GAASQ,EAAE,GAAGK,EAAI,CAAC,EAAIL,EAAE,GAAGK,EAAIJ,CAAC,EAAK,GAAI,CAAC,EAKvD,IAFAD,EAAE,MAAM,IAAMG,EAAIX,GAAQQ,EAAE,GAAG,IAAMG,CAAE,EAAIC,CAAE,CAAC,EAE1CC,EAAI,IAAMF,EAAIE,GAAK,EAAGA,IACxBL,EAAE,MAAMK,EAAGb,GAAQQ,EAAE,GAAGK,EAAI,CAAC,EAAIL,EAAE,GAAGK,EAAIF,CAAE,CAAC,CAAC,EAGhD,OAAOH,CACT,EAWA,IAAIM,GAAe,SAASR,EAAKF,EAAMW,EAAS,CAC9C,IAAIC,EAAU,GAAOC,EAAS,KAAMC,EAAU,KAAMC,EAAM,KACtDC,EAAUC,EACVR,EAAGS,EAAGC,EAAI,CAAC,EAIf,IADAjB,EAAMP,GAAM,IAAI,UAAUO,EAAKF,CAAI,EAC/BS,EAAI,EAAGA,EAAI,GAAIA,IACjBU,EAAE,KAAKjB,EAAI,WAAW,CAAC,EAGtBS,GAMDK,EAAW,SAASI,EAAG,CACrB,IAAIX,EAAI,EAAGA,EAAI,EAAGA,IAChBW,EAAEX,CAAC,GAAKU,EAAED,CAAC,GAAKE,GAAGX,EAAI,GAAK,CAAC,EAAIW,GAAGX,EAAI,GAAK,CAAC,IAC1C,CAACW,GAAGX,EAAI,GAAK,CAAC,EAAKW,GAAGX,EAAI,GAAK,CAAC,GACpCW,EAAEX,CAAC,EAAIX,GAAIsB,EAAEX,CAAC,EAAGZ,GAAEY,CAAC,CAAC,EACrBS,GAEJ,EAOAD,EAAY,SAASG,EAAG,CACtB,IAAIX,EAAI,EAAGA,EAAI,EAAGA,IAChBW,EAAEX,CAAC,GAAKU,EAAEC,GAAGX,EAAI,GAAK,CAAC,EAAI,EAAE,CAEjC,IAOAO,EAAW,SAASI,EAAG,CACrB,IAAIX,EAAI,EAAGA,GAAK,EAAGA,IACjBW,EAAEX,CAAC,EAAIR,GAAImB,EAAEX,CAAC,EAAGZ,GAAEY,CAAC,CAAC,EACrBW,EAAEX,CAAC,GAAKU,EAAED,CAAC,GAAKE,GAAGX,EAAI,GAAK,CAAC,EAAIW,GAAGX,EAAI,GAAK,CAAC,IAC1C,CAACW,GAAGX,EAAI,GAAK,CAAC,EAAKW,GAAGX,EAAI,GAAK,CAAC,GACpCS,GAEJ,EAOAD,EAAY,SAASG,EAAG,CACtB,IAAIX,EAAI,EAAGA,GAAK,EAAGA,IACjBW,EAAEX,CAAC,GAAKU,EAAEC,GAAGX,EAAI,GAAK,CAAC,EAAI,EAAE,CAEjC,GAgBF,IAAIY,EAAU,SAASC,EAAM,CAC3B,IAAIF,EAAI,CAAC,EAGT,IAAIX,EAAI,EAAGA,EAAI,EAAGA,IAAK,CACrB,IAAIc,EAAMV,EAAO,WAAW,EAEzBE,IAAQ,OACNJ,EAEDY,GAAOR,EAAI,WAAW,EAGtBA,EAAI,WAAWQ,CAAG,GAItBH,EAAE,KAAKG,EAAM,KAAM,CACrB,CAGAL,EAAIP,EAAU,EAAI,GAGlB,QAAQa,EAAM,EAAGA,EAAMF,EAAK,OAAQE,IAClC,QAAQC,EAAM,EAAGA,EAAMH,EAAKE,CAAG,EAAE,CAAC,EAAGC,IACnCH,EAAKE,CAAG,EAAE,CAAC,EAAEJ,CAAC,EAKlB,IAAIX,EAAI,EAAGA,EAAI,EAAGA,IACbM,IAAQ,OACNJ,EAGDI,EAAI,WAAWK,EAAEX,CAAC,CAAC,EAEnBW,EAAEX,CAAC,GAAKM,EAAI,WAAW,GAI3BD,EAAQ,WAAWM,EAAEX,CAAC,CAAC,CAE3B,EAGIiB,EAAS,KACb,OAAAA,EAAS,CAWP,MAAO,SAASC,EAAIC,EAAQ,CACvBD,GAEE,OAAOA,GAAO,WACfA,EAAKhC,GAAM,KAAK,aAAagC,CAAE,GAInCf,EAAU,GACVC,EAASlB,GAAM,KAAK,aAAa,EACjCmB,EAAUc,GAAU,IAAIjC,GAAM,KAAK,aACnCoB,EAAMY,EAEND,EAAO,OAASZ,CAClB,EAOA,OAAQ,SAASe,EAAO,CAMtB,IALIjB,GAEFC,EAAO,UAAUgB,CAAK,EAGlBhB,EAAO,OAAO,GAAK,GACvBQ,EAAQ,CACJ,CAAE,EAAGL,CAAS,EACd,CAAE,EAAGC,CAAU,EACf,CAAE,EAAGD,CAAS,EACd,CAAE,EAAGC,CAAU,EACf,CAAE,EAAGD,CAAS,CAChB,CAAC,CAEP,EAUA,OAAQ,SAASc,EAAK,CACpB,IAAIC,EAAO,GAEX,GAAGpB,EACD,GAAGmB,EACDC,EAAOD,EAAI,EAAGjB,EAAQ,CAACF,CAAO,MACzB,CAGL,IAAIqB,EAAWnB,EAAO,OAAO,IAAM,EAAK,EAAK,EAAIA,EAAO,OAAO,EAC/DA,EAAO,aAAamB,EAASA,CAAO,CACtC,CASF,GANGD,IAEDnB,EAAU,GACVc,EAAO,OAAO,GAGb,CAACf,IAEFoB,EAAQlB,EAAO,OAAO,IAAM,EACzBkB,GACD,GAAGD,EACDC,EAAOD,EAAI,EAAGhB,EAAS,CAACH,CAAO,MAC1B,CAEL,IAAIsB,EAAMnB,EAAQ,OAAO,EACrBoB,EAAQpB,EAAQ,GAAGmB,EAAM,CAAC,EAE3BC,EAAQD,EACTF,EAAO,GAGPjB,EAAQ,SAASoB,CAAK,CAE1B,CAIJ,OAAOH,CACT,CACF,EAEOL,CACT,EAgBA/B,GAAM,IAAI,gBAAkB,SAASO,EAAKyB,EAAIC,EAAQ,CACpD,IAAIF,EAAS/B,GAAM,IAAI,uBAAuBO,EAAK,GAAG,EACtD,OAAAwB,EAAO,MAAMC,EAAIC,CAAM,EAChBF,CACT,EAeA/B,GAAM,IAAI,uBAAyB,SAASO,EAAKF,EAAM,CACrD,OAAOU,GAAaR,EAAKF,EAAM,EAAI,CACrC,EAgBAL,GAAM,IAAI,gBAAkB,SAASO,EAAKyB,EAAIC,EAAQ,CACpD,IAAIF,EAAS/B,GAAM,IAAI,uBAAuBO,EAAK,GAAG,EACtD,OAAAwB,EAAO,MAAMC,EAAIC,CAAM,EAChBF,CACT,EAeA/B,GAAM,IAAI,uBAAyB,SAASO,EAAKF,EAAM,CACrD,OAAOU,GAAaR,EAAKF,EAAM,EAAK,CACtC,ICzZA,IAAAmC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAgDA,IAAIC,GAAQ,IAEZD,GAAO,QAAUC,GAAM,KAAOA,GAAM,MAAQ,CAAC,EAG7C,IAAIC,GAGAC,GAAS,eACTC,IAASD,GAAO,WAAW,SAG/B,SAASE,EAAWC,EAAEC,EAAEC,EAAG,CACzB,KAAK,KAAO,CAAC,EACVF,GAAK,OACS,OAAOA,GAAnB,SAAsB,KAAK,WAAWA,EAAEC,EAAEC,CAAC,EACtCD,GAAK,MAAoB,OAAOD,GAAnB,SAAsB,KAAK,WAAWA,EAAE,GAAG,EAC3D,KAAK,WAAWA,EAAEC,CAAC,EAC5B,CACAN,GAAM,KAAK,WAAaI,EAGxB,SAASI,IAAM,CAAE,OAAO,IAAIJ,EAAW,IAAI,CAAG,CAU9C,SAASK,GAAIC,EAAEC,EAAEC,EAAEC,EAAEN,EAAEO,EAAG,CACxB,KAAM,EAAEA,GAAK,GAAG,CACd,IAAIC,EAAIJ,EAAE,KAAK,KAAKD,GAAG,EAAEE,EAAE,KAAKC,CAAC,EAAEN,EACnCA,EAAI,KAAK,MAAMQ,EAAE,QAAS,EAC1BH,EAAE,KAAKC,GAAG,EAAIE,EAAE,QAClB,CACA,OAAOR,CACT,CAIA,SAASS,GAAIN,EAAEC,EAAEC,EAAEC,EAAEN,EAAEO,EAAG,CAExB,QADIG,EAAKN,EAAE,MAAQO,EAAKP,GAAG,GACrB,EAAEG,GAAK,GAAG,CACd,IAAIK,EAAI,KAAK,KAAKT,CAAC,EAAE,MACjBU,EAAI,KAAK,KAAKV,GAAG,GAAG,GACpBW,EAAIH,EAAGC,EAAEC,EAAEH,EACfE,EAAIF,EAAGE,IAAIE,EAAE,QAAS,IAAIT,EAAE,KAAKC,CAAC,GAAGN,EAAE,YACvCA,GAAKY,IAAI,KAAKE,IAAI,IAAIH,EAAGE,GAAGb,IAAI,IAChCK,EAAE,KAAKC,GAAG,EAAIM,EAAE,UAClB,CACA,OAAOZ,CACT,CAGA,SAASe,GAAIZ,EAAEC,EAAEC,EAAEC,EAAEN,EAAEO,EAAG,CAExB,QADIG,EAAKN,EAAE,MAAQO,EAAKP,GAAG,GACrB,EAAEG,GAAK,GAAG,CACd,IAAIK,EAAI,KAAK,KAAKT,CAAC,EAAE,MACjBU,EAAI,KAAK,KAAKV,GAAG,GAAG,GACpBW,EAAIH,EAAGC,EAAEC,EAAEH,EACfE,EAAIF,EAAGE,IAAIE,EAAE,QAAS,IAAIT,EAAE,KAAKC,CAAC,EAAEN,EACpCA,GAAKY,GAAG,KAAKE,GAAG,IAAIH,EAAGE,EACvBR,EAAE,KAAKC,GAAG,EAAIM,EAAE,SAClB,CACA,OAAOZ,CACT,CAGG,OAAO,UAAe,KAEtBH,EAAW,UAAU,GAAKkB,GAC1BrB,GAAQ,IACDE,IAAS,UAAU,SAAW,+BACtCC,EAAW,UAAU,GAAKY,GAC1Bf,GAAQ,IACAE,IAAS,UAAU,SAAW,YACtCC,EAAW,UAAU,GAAKK,GAC1BR,GAAQ,KAERG,EAAW,UAAU,GAAKkB,GAC1BrB,GAAQ,IAGVG,EAAW,UAAU,GAAKH,GAC1BG,EAAW,UAAU,IAAO,GAAGH,IAAO,EACtCG,EAAW,UAAU,GAAM,GAAGH,GAE9B,IAAIsB,GAAQ,GACZnB,EAAW,UAAU,GAAK,KAAK,IAAI,EAAEmB,EAAK,EAC1CnB,EAAW,UAAU,GAAKmB,GAAMtB,GAChCG,EAAW,UAAU,GAAK,EAAEH,GAAMsB,GAGlC,IAAIC,GAAQ,uCACRC,GAAQ,IAAI,MACZC,GAAGC,GACPD,GAAK,GACL,IAAIC,GAAK,EAAGA,IAAM,EAAG,EAAEA,GAAIF,GAAMC,IAAI,EAAIC,GACzCD,GAAK,GACL,IAAIC,GAAK,GAAIA,GAAK,GAAI,EAAEA,GAAIF,GAAMC,IAAI,EAAIC,GAC1CD,GAAK,GACL,IAAIC,GAAK,GAAIA,GAAK,GAAI,EAAEA,GAAIF,GAAMC,IAAI,EAAIC,GAE1C,SAASC,GAASd,EAAG,CAAE,OAAOU,GAAM,OAAOV,CAAC,CAAG,CAC/C,SAASe,GAAMC,EAAEpB,EAAG,CAClB,IAAIH,EAAIkB,GAAMK,EAAE,WAAWpB,CAAC,CAAC,EAC7B,OAAQH,GAAS,EACnB,CAGA,SAASwB,GAAUC,EAAG,CACpB,QAAQtB,EAAI,KAAK,EAAE,EAAGA,GAAK,EAAG,EAAEA,EAAGsB,EAAE,KAAKtB,CAAC,EAAI,KAAK,KAAKA,CAAC,EAC1DsB,EAAE,EAAI,KAAK,EACXA,EAAE,EAAI,KAAK,CACb,CAGA,SAASC,GAAWtB,EAAG,CACrB,KAAK,EAAI,EACT,KAAK,EAAKA,EAAE,EAAG,GAAG,EACfA,EAAI,EAAG,KAAK,KAAK,CAAC,EAAIA,EACjBA,EAAI,GAAI,KAAK,KAAK,CAAC,EAAIA,EAAE,KAAK,GACjC,KAAK,EAAI,CAChB,CAGA,SAASuB,GAAIxB,EAAG,CAAE,IAAIsB,EAAIxB,GAAI,EAAG,OAAAwB,EAAE,QAAQtB,CAAC,EAAUsB,CAAG,CAGzD,SAASG,GAAcL,EAAExB,EAAG,CAC1B,IAAI8B,EACJ,GAAG9B,GAAK,GAAI8B,EAAI,UACR9B,GAAK,EAAG8B,EAAI,UACZ9B,GAAK,IAAK8B,EAAI,UACd9B,GAAK,EAAG8B,EAAI,UACZ9B,GAAK,GAAI8B,EAAI,UACb9B,GAAK,EAAG8B,EAAI,MACf,CAAE,KAAK,UAAUN,EAAExB,CAAC,EAAG,MAAQ,CACpC,KAAK,EAAI,EACT,KAAK,EAAI,EAET,QADII,EAAIoB,EAAE,OAAQO,EAAK,GAAOC,EAAK,EAC7B,EAAE5B,GAAK,GAAG,CACd,IAAIC,EAAKyB,GAAG,EAAGN,EAAEpB,CAAC,EAAE,IAAKmB,GAAMC,EAAEpB,CAAC,EAClC,GAAGC,EAAI,EAAG,CACLmB,EAAE,OAAOpB,CAAC,GAAK,MAAK2B,EAAK,IAC5B,QACF,CACAA,EAAK,GACFC,GAAM,EACP,KAAK,KAAK,KAAK,GAAG,EAAI3B,EAChB2B,EAAGF,EAAI,KAAK,IAClB,KAAK,KAAK,KAAK,EAAE,CAAC,IAAMzB,GAAI,GAAI,KAAK,GAAG2B,GAAK,IAAKA,EAClD,KAAK,KAAK,KAAK,GAAG,EAAK3B,GAAI,KAAK,GAAG2B,GAEnC,KAAK,KAAK,KAAK,EAAE,CAAC,GAAK3B,GAAG2B,EAC5BA,GAAMF,EACHE,GAAM,KAAK,KAAIA,GAAM,KAAK,GAC/B,CACGF,GAAK,IAAMN,EAAE,CAAC,EAAE,MAAS,IAC1B,KAAK,EAAI,GACNQ,EAAK,IAAG,KAAK,KAAK,KAAK,EAAE,CAAC,IAAO,GAAI,KAAK,GAAGA,GAAK,GAAIA,IAE3D,KAAK,MAAM,EACRD,GAAIjC,EAAW,KAAK,MAAM,KAAK,IAAI,CACxC,CAGA,SAASmC,IAAW,CAElB,QADIhC,EAAI,KAAK,EAAE,KAAK,GACd,KAAK,EAAI,GAAK,KAAK,KAAK,KAAK,EAAE,CAAC,GAAKA,GAAG,EAAE,KAAK,CACvD,CAGA,SAASiC,GAAWlC,EAAG,CACrB,GAAG,KAAK,EAAI,EAAG,MAAO,IAAI,KAAK,OAAO,EAAE,SAASA,CAAC,EAClD,IAAI8B,EACJ,GAAG9B,GAAK,GAAI8B,EAAI,UACR9B,GAAK,EAAG8B,EAAI,UACZ9B,GAAK,EAAG8B,EAAI,UACZ9B,GAAK,GAAI8B,EAAI,UACb9B,GAAK,EAAG8B,EAAI,MACf,QAAO,KAAK,QAAQ9B,CAAC,EAC1B,IAAImC,GAAM,GAAGL,GAAG,EAAGM,EAAGrB,EAAI,GAAOW,EAAI,GAAItB,EAAI,KAAK,EAC9CiC,EAAI,KAAK,GAAIjC,EAAE,KAAK,GAAI0B,EAC5B,GAAG1B,KAAM,EAEP,IADGiC,EAAI,KAAK,KAAOD,EAAI,KAAK,KAAKhC,CAAC,GAAGiC,GAAK,IAAKtB,EAAI,GAAMW,EAAIJ,GAASc,CAAC,GACjEhC,GAAK,GACNiC,EAAIP,GACLM,GAAK,KAAK,KAAKhC,CAAC,GAAI,GAAGiC,GAAG,IAAMP,EAAEO,EAClCD,GAAK,KAAK,KAAK,EAAEhC,CAAC,IAAIiC,GAAG,KAAK,GAAGP,KAEjCM,EAAK,KAAK,KAAKhC,CAAC,IAAIiC,GAAGP,GAAIK,EACxBE,GAAK,IAAKA,GAAK,KAAK,GAAI,EAAEjC,IAE5BgC,EAAI,IAAGrB,EAAI,IACXA,IAAGW,GAAKJ,GAASc,CAAC,GAGzB,OAAOrB,EAAEW,EAAE,GACb,CAGA,SAASY,IAAW,CAAE,IAAIZ,EAAIxB,GAAI,EAAG,OAAAJ,EAAW,KAAK,MAAM,KAAK4B,CAAC,EAAUA,CAAG,CAG9E,SAASa,IAAQ,CAAE,OAAQ,KAAK,EAAE,EAAG,KAAK,OAAO,EAAE,IAAM,CAGzD,SAASC,GAAYzC,EAAG,CACtB,IAAI2B,EAAI,KAAK,EAAE3B,EAAE,EACjB,GAAG2B,GAAK,EAAG,OAAOA,EAClB,IAAItB,EAAI,KAAK,EAEb,GADAsB,EAAItB,EAAEL,EAAE,EACL2B,GAAK,EAAG,OAAQ,KAAK,EAAE,EAAG,CAACA,EAAEA,EAChC,KAAM,EAAEtB,GAAK,GAAG,IAAIsB,EAAE,KAAK,KAAKtB,CAAC,EAAEL,EAAE,KAAKK,CAAC,IAAM,EAAG,OAAOsB,EAC3D,MAAO,EACT,CAGA,SAASe,GAAMpC,EAAG,CAChB,IAAIqB,EAAI,EAAGgB,EACX,OAAIA,EAAErC,IAAI,KAAO,IAAKA,EAAIqC,EAAGhB,GAAK,KAC9BgB,EAAErC,GAAG,IAAM,IAAKA,EAAIqC,EAAGhB,GAAK,IAC5BgB,EAAErC,GAAG,IAAM,IAAKA,EAAIqC,EAAGhB,GAAK,IAC5BgB,EAAErC,GAAG,IAAM,IAAKA,EAAIqC,EAAGhB,GAAK,IAC5BgB,EAAErC,GAAG,IAAM,IAAKA,EAAIqC,EAAGhB,GAAK,GACzBA,CACT,CAGA,SAASiB,IAAc,CACrB,OAAG,KAAK,GAAK,EAAU,EAChB,KAAK,IAAI,KAAK,EAAE,GAAGF,GAAM,KAAK,KAAK,KAAK,EAAE,CAAC,EAAG,KAAK,EAAE,KAAK,EAAG,CACtE,CAGA,SAASG,GAAapC,EAAEkB,EAAG,CACzB,IAAItB,EACJ,IAAIA,EAAI,KAAK,EAAE,EAAGA,GAAK,EAAG,EAAEA,EAAGsB,EAAE,KAAKtB,EAAEI,CAAC,EAAI,KAAK,KAAKJ,CAAC,EACxD,IAAIA,EAAII,EAAE,EAAGJ,GAAK,EAAG,EAAEA,EAAGsB,EAAE,KAAKtB,CAAC,EAAI,EACtCsB,EAAE,EAAI,KAAK,EAAElB,EACbkB,EAAE,EAAI,KAAK,CACb,CAGA,SAASmB,GAAarC,EAAEkB,EAAG,CACzB,QAAQtB,EAAII,EAAGJ,EAAI,KAAK,EAAG,EAAEA,EAAGsB,EAAE,KAAKtB,EAAEI,CAAC,EAAI,KAAK,KAAKJ,CAAC,EACzDsB,EAAE,EAAI,KAAK,IAAI,KAAK,EAAElB,EAAE,CAAC,EACzBkB,EAAE,EAAI,KAAK,CACb,CAGA,SAASoB,GAAYtC,EAAEkB,EAAG,CACxB,IAAIqB,EAAKvC,EAAE,KAAK,GACZwC,EAAM,KAAK,GAAGD,EACdE,GAAM,GAAGD,GAAK,EACdE,EAAK,KAAK,MAAM1C,EAAE,KAAK,EAAE,EAAGP,EAAK,KAAK,GAAG8C,EAAI,KAAK,GAAI3C,EAC1D,IAAIA,EAAI,KAAK,EAAE,EAAGA,GAAK,EAAG,EAAEA,EAC1BsB,EAAE,KAAKtB,EAAE8C,EAAG,CAAC,EAAK,KAAK,KAAK9C,CAAC,GAAG4C,EAAK/C,EACrCA,GAAK,KAAK,KAAKG,CAAC,EAAE6C,IAAKF,EAEzB,IAAI3C,EAAI8C,EAAG,EAAG9C,GAAK,EAAG,EAAEA,EAAGsB,EAAE,KAAKtB,CAAC,EAAI,EACvCsB,EAAE,KAAKwB,CAAE,EAAIjD,EACbyB,EAAE,EAAI,KAAK,EAAEwB,EAAG,EAChBxB,EAAE,EAAI,KAAK,EACXA,EAAE,MAAM,CACV,CAGA,SAASyB,GAAY3C,EAAEkB,EAAG,CACxBA,EAAE,EAAI,KAAK,EACX,IAAIwB,EAAK,KAAK,MAAM1C,EAAE,KAAK,EAAE,EAC7B,GAAG0C,GAAM,KAAK,EAAG,CAAExB,EAAE,EAAI,EAAG,MAAQ,CACpC,IAAIqB,EAAKvC,EAAE,KAAK,GACZwC,EAAM,KAAK,GAAGD,EACdE,GAAM,GAAGF,GAAI,EACjBrB,EAAE,KAAK,CAAC,EAAI,KAAK,KAAKwB,CAAE,GAAGH,EAC3B,QAAQ3C,EAAI8C,EAAG,EAAG9C,EAAI,KAAK,EAAG,EAAEA,EAC9BsB,EAAE,KAAKtB,EAAE8C,EAAG,CAAC,IAAM,KAAK,KAAK9C,CAAC,EAAE6C,IAAKD,EACrCtB,EAAE,KAAKtB,EAAE8C,CAAE,EAAI,KAAK,KAAK9C,CAAC,GAAG2C,EAE5BA,EAAK,IAAGrB,EAAE,KAAK,KAAK,EAAEwB,EAAG,CAAC,IAAM,KAAK,EAAED,IAAKD,GAC/CtB,EAAE,EAAI,KAAK,EAAEwB,EACbxB,EAAE,MAAM,CACV,CAGA,SAAS0B,GAASrD,EAAE2B,EAAG,CAErB,QADItB,EAAI,EAAGH,EAAI,EAAGc,EAAI,KAAK,IAAIhB,EAAE,EAAE,KAAK,CAAC,EACnCK,EAAIW,GACRd,GAAK,KAAK,KAAKG,CAAC,EAAEL,EAAE,KAAKK,CAAC,EAC1BsB,EAAE,KAAKtB,GAAG,EAAIH,EAAE,KAAK,GACrBA,IAAM,KAAK,GAEb,GAAGF,EAAE,EAAI,KAAK,EAAG,CAEf,IADAE,GAAKF,EAAE,EACDK,EAAI,KAAK,GACbH,GAAK,KAAK,KAAKG,CAAC,EAChBsB,EAAE,KAAKtB,GAAG,EAAIH,EAAE,KAAK,GACrBA,IAAM,KAAK,GAEbA,GAAK,KAAK,CACZ,KAAO,CAEL,IADAA,GAAK,KAAK,EACJG,EAAIL,EAAE,GACVE,GAAKF,EAAE,KAAKK,CAAC,EACbsB,EAAE,KAAKtB,GAAG,EAAIH,EAAE,KAAK,GACrBA,IAAM,KAAK,GAEbA,GAAKF,EAAE,CACT,CACA2B,EAAE,EAAKzB,EAAE,EAAG,GAAG,EACZA,EAAI,GAAIyB,EAAE,KAAKtB,GAAG,EAAI,KAAK,GAAGH,EACzBA,EAAI,IAAGyB,EAAE,KAAKtB,GAAG,EAAIH,GAC7ByB,EAAE,EAAItB,EACNsB,EAAE,MAAM,CACV,CAIA,SAAS2B,GAActD,EAAE2B,EAAG,CAC1B,IAAIrB,EAAI,KAAK,IAAI,EAAGiD,EAAIvD,EAAE,IAAI,EAC1BK,EAAIC,EAAE,EAEV,IADAqB,EAAE,EAAItB,EAAEkD,EAAE,EACJ,EAAElD,GAAK,GAAGsB,EAAE,KAAKtB,CAAC,EAAI,EAC5B,IAAIA,EAAI,EAAGA,EAAIkD,EAAE,EAAG,EAAElD,EAAGsB,EAAE,KAAKtB,EAAEC,EAAE,CAAC,EAAIA,EAAE,GAAG,EAAEiD,EAAE,KAAKlD,CAAC,EAAEsB,EAAEtB,EAAE,EAAEC,EAAE,CAAC,EACnEqB,EAAE,EAAI,EACNA,EAAE,MAAM,EACL,KAAK,GAAK3B,EAAE,GAAGD,EAAW,KAAK,MAAM4B,EAAEA,CAAC,CAC7C,CAGA,SAAS6B,GAAY7B,EAAG,CAGtB,QAFIrB,EAAI,KAAK,IAAI,EACbD,EAAIsB,EAAE,EAAI,EAAErB,EAAE,EACZ,EAAED,GAAK,GAAGsB,EAAE,KAAKtB,CAAC,EAAI,EAC5B,IAAIA,EAAI,EAAGA,EAAIC,EAAE,EAAE,EAAG,EAAED,EAAG,CACzB,IAAIH,EAAII,EAAE,GAAGD,EAAEC,EAAE,KAAKD,CAAC,EAAEsB,EAAE,EAAEtB,EAAE,EAAE,CAAC,GAC9BsB,EAAE,KAAKtB,EAAEC,EAAE,CAAC,GAAGA,EAAE,GAAGD,EAAE,EAAE,EAAEC,EAAE,KAAKD,CAAC,EAAEsB,EAAE,EAAEtB,EAAE,EAAEH,EAAEI,EAAE,EAAED,EAAE,CAAC,IAAMC,EAAE,KAC/DqB,EAAE,KAAKtB,EAAEC,EAAE,CAAC,GAAKA,EAAE,GACnBqB,EAAE,KAAKtB,EAAEC,EAAE,EAAE,CAAC,EAAI,EAEtB,CACGqB,EAAE,EAAI,IAAGA,EAAE,KAAKA,EAAE,EAAE,CAAC,GAAKrB,EAAE,GAAGD,EAAEC,EAAE,KAAKD,CAAC,EAAEsB,EAAE,EAAEtB,EAAE,EAAE,CAAC,GACvDsB,EAAE,EAAI,EACNA,EAAE,MAAM,CACV,CAIA,SAAS8B,GAAYzC,EAAE0C,EAAE/B,EAAG,CAC1B,IAAIgC,EAAK3C,EAAE,IAAI,EACf,GAAG,EAAA2C,EAAG,GAAK,GACX,KAAIC,EAAK,KAAK,IAAI,EAClB,GAAGA,EAAG,EAAID,EAAG,EAAG,CACAD,GAAE,QAAQ,CAAC,EACtB/B,GAAK,MAAM,KAAK,OAAOA,CAAC,EAC3B,MACF,CACGA,GAAK,OAAMA,EAAIxB,GAAI,GACtB,IAAIoD,EAAIpD,GAAI,EAAG0D,EAAK,KAAK,EAAGC,EAAK9C,EAAE,EAC/B+C,EAAM,KAAK,GAAGrB,GAAMiB,EAAG,KAAKA,EAAG,EAAE,CAAC,CAAC,EACpCI,EAAM,GAAKJ,EAAG,SAASI,EAAIR,CAAC,EAAGK,EAAG,SAASG,EAAIpC,CAAC,IAAYgC,EAAG,OAAOJ,CAAC,EAAGK,EAAG,OAAOjC,CAAC,GACxF,IAAIqC,EAAKT,EAAE,EACPU,EAAKV,EAAE,KAAKS,EAAG,CAAC,EACpB,GAAGC,GAAM,EACT,KAAIC,EAAKD,GAAI,GAAG,KAAK,KAAMD,EAAG,EAAGT,EAAE,KAAKS,EAAG,CAAC,GAAG,KAAK,GAAG,GACnDG,EAAK,KAAK,GAAGD,EAAIE,GAAM,GAAG,KAAK,IAAIF,EAAIG,EAAI,GAAG,KAAK,GACnDhE,EAAIsB,EAAE,EAAGnB,EAAIH,EAAE2D,EAAIrB,EAAKe,GAASvD,GAAI,EAQzC,IAPAoD,EAAE,UAAU/C,EAAEmC,CAAC,EACZhB,EAAE,UAAUgB,CAAC,GAAK,IACnBhB,EAAE,KAAKA,EAAE,GAAG,EAAI,EAChBA,EAAE,MAAMgB,EAAEhB,CAAC,GAEb5B,EAAW,IAAI,UAAUiE,EAAGrB,CAAC,EAC7BA,EAAE,MAAMY,EAAEA,CAAC,EACLA,EAAE,EAAIS,GAAIT,EAAE,KAAKA,EAAE,GAAG,EAAI,EAChC,KAAM,EAAE/C,GAAK,GAAG,CAEd,IAAI8D,EAAM3C,EAAE,KAAK,EAAEtB,CAAC,GAAG4D,EAAI,KAAK,GAAG,KAAK,MAAMtC,EAAE,KAAKtB,CAAC,EAAE8D,GAAIxC,EAAE,KAAKtB,EAAE,CAAC,EAAEgE,GAAGD,CAAE,EAC7E,IAAIzC,EAAE,KAAKtB,CAAC,GAAGkD,EAAE,GAAG,EAAEe,EAAG3C,EAAEnB,EAAE,EAAEwD,CAAE,GAAKM,EAGpC,IAFAf,EAAE,UAAU/C,EAAEmC,CAAC,EACfhB,EAAE,MAAMgB,EAAEhB,CAAC,EACLA,EAAE,KAAKtB,CAAC,EAAI,EAAEiE,GAAI3C,EAAE,MAAMgB,EAAEhB,CAAC,CAEvC,CACG+B,GAAK,OACN/B,EAAE,UAAUqC,EAAGN,CAAC,EACbG,GAAMC,GAAI/D,EAAW,KAAK,MAAM2D,EAAEA,CAAC,GAExC/B,EAAE,EAAIqC,EACNrC,EAAE,MAAM,EACLoC,EAAM,GAAGpC,EAAE,SAASoC,EAAIpC,CAAC,EACzBkC,EAAK,GAAG9D,EAAW,KAAK,MAAM4B,EAAEA,CAAC,GACtC,CAGA,SAAS4C,GAAMvE,EAAG,CAChB,IAAI2B,EAAIxB,GAAI,EACZ,YAAK,IAAI,EAAE,SAASH,EAAE,KAAK2B,CAAC,EACzB,KAAK,EAAI,GAAKA,EAAE,UAAU5B,EAAW,IAAI,EAAI,GAAGC,EAAE,MAAM2B,EAAEA,CAAC,EACvDA,CACT,CAGA,SAAS6C,GAAQxD,EAAG,CAAE,KAAK,EAAIA,CAAG,CAClC,SAASyD,GAASnE,EAAG,CACnB,OAAGA,EAAE,EAAI,GAAKA,EAAE,UAAU,KAAK,CAAC,GAAK,EAAUA,EAAE,IAAI,KAAK,CAAC,EAC/CA,CACd,CACA,SAASoE,GAAQpE,EAAG,CAAE,OAAOA,CAAG,CAChC,SAASqE,GAAQrE,EAAG,CAAEA,EAAE,SAAS,KAAK,EAAE,KAAKA,CAAC,CAAG,CACjD,SAASsE,GAAOtE,EAAEiD,EAAE5B,EAAG,CAAErB,EAAE,WAAWiD,EAAE5B,CAAC,EAAG,KAAK,OAAOA,CAAC,CAAG,CAC5D,SAASkD,GAAOvE,EAAEqB,EAAG,CAAErB,EAAE,SAASqB,CAAC,EAAG,KAAK,OAAOA,CAAC,CAAG,CAEtD6C,GAAQ,UAAU,QAAUC,GAC5BD,GAAQ,UAAU,OAASE,GAC3BF,GAAQ,UAAU,OAASG,GAC3BH,GAAQ,UAAU,MAAQI,GAC1BJ,GAAQ,UAAU,MAAQK,GAY1B,SAASC,IAAc,CACrB,GAAG,KAAK,EAAI,EAAG,MAAO,GACtB,IAAIxE,EAAI,KAAK,KAAK,CAAC,EACnB,IAAIA,EAAE,IAAM,EAAG,MAAO,GACtB,IAAIiD,EAAIjD,EAAE,EACV,OAAAiD,EAAKA,GAAG,GAAGjD,EAAE,IAAKiD,GAAI,GACtBA,EAAKA,GAAG,GAAGjD,EAAE,KAAMiD,GAAI,IACvBA,EAAKA,GAAG,IAAKjD,EAAE,OAAQiD,EAAG,QAAU,MAGpCA,EAAKA,GAAG,EAAEjD,EAAEiD,EAAE,KAAK,IAAK,KAAK,GAErBA,EAAE,EAAG,KAAK,GAAGA,EAAE,CAACA,CAC1B,CAGA,SAASwB,GAAW/D,EAAG,CACrB,KAAK,EAAIA,EACT,KAAK,GAAKA,EAAE,SAAS,EACrB,KAAK,IAAM,KAAK,GAAG,MACnB,KAAK,IAAM,KAAK,IAAI,GACpB,KAAK,IAAM,GAAIA,EAAE,GAAG,IAAK,EACzB,KAAK,IAAM,EAAEA,EAAE,CACjB,CAGA,SAASgE,GAAY1E,EAAG,CACtB,IAAIqB,EAAIxB,GAAI,EACZ,OAAAG,EAAE,IAAI,EAAE,UAAU,KAAK,EAAE,EAAEqB,CAAC,EAC5BA,EAAE,SAAS,KAAK,EAAE,KAAKA,CAAC,EACrBrB,EAAE,EAAI,GAAKqB,EAAE,UAAU5B,EAAW,IAAI,EAAI,GAAG,KAAK,EAAE,MAAM4B,EAAEA,CAAC,EACzDA,CACT,CAGA,SAASsD,GAAW3E,EAAG,CACrB,IAAIqB,EAAIxB,GAAI,EACZ,OAAAG,EAAE,OAAOqB,CAAC,EACV,KAAK,OAAOA,CAAC,EACNA,CACT,CAGA,SAASuD,GAAW5E,EAAG,CACrB,KAAMA,EAAE,GAAK,KAAK,KAChBA,EAAE,KAAKA,EAAE,GAAG,EAAI,EAClB,QAAQD,EAAI,EAAGA,EAAI,KAAK,EAAE,EAAG,EAAEA,EAAG,CAEhC,IAAIG,EAAIF,EAAE,KAAKD,CAAC,EAAE,MACd8E,EAAM3E,EAAE,KAAK,MAAOA,EAAE,KAAK,KAAKF,EAAE,KAAKD,CAAC,GAAG,IAAI,KAAK,IAAK,KAAK,KAAK,IAAKC,EAAE,GAK9E,IAHAE,EAAIH,EAAE,KAAK,EAAE,EACbC,EAAE,KAAKE,CAAC,GAAK,KAAK,EAAE,GAAG,EAAE2E,EAAG7E,EAAED,EAAE,EAAE,KAAK,EAAE,CAAC,EAEpCC,EAAE,KAAKE,CAAC,GAAKF,EAAE,IAAMA,EAAE,KAAKE,CAAC,GAAKF,EAAE,GAAIA,EAAE,KAAK,EAAEE,CAAC,GAC1D,CACAF,EAAE,MAAM,EACRA,EAAE,UAAU,KAAK,EAAE,EAAEA,CAAC,EACnBA,EAAE,UAAU,KAAK,CAAC,GAAK,GAAGA,EAAE,MAAM,KAAK,EAAEA,CAAC,CAC/C,CAGA,SAAS8E,GAAU9E,EAAEqB,EAAG,CAAErB,EAAE,SAASqB,CAAC,EAAG,KAAK,OAAOA,CAAC,CAAG,CAGzD,SAAS0D,GAAU/E,EAAEiD,EAAE5B,EAAG,CAAErB,EAAE,WAAWiD,EAAE5B,CAAC,EAAG,KAAK,OAAOA,CAAC,CAAG,CAE/DoD,GAAW,UAAU,QAAUC,GAC/BD,GAAW,UAAU,OAASE,GAC9BF,GAAW,UAAU,OAASG,GAC9BH,GAAW,UAAU,MAAQM,GAC7BN,GAAW,UAAU,MAAQK,GAG7B,SAASE,IAAY,CAAE,OAAS,KAAK,EAAE,EAAI,KAAK,KAAK,CAAC,EAAE,EAAG,KAAK,IAAM,CAAG,CAGzE,SAASC,GAAO,EAAEC,EAAG,CACnB,GAAG,EAAI,YAAc,EAAI,EAAG,OAAOzF,EAAW,IAC9C,IAAI4B,EAAIxB,GAAI,EAAGsF,EAAKtF,GAAI,EAAGuF,EAAIF,EAAE,QAAQ,IAAI,EAAG,EAAI9C,GAAM,CAAC,EAAE,EAE7D,IADAgD,EAAE,OAAO/D,CAAC,EACJ,EAAE,GAAK,GAEX,GADA6D,EAAE,MAAM7D,EAAE8D,CAAE,GACR,EAAG,GAAG,GAAM,EAAGD,EAAE,MAAMC,EAAGC,EAAE/D,CAAC,MAC5B,CAAE,IAAIgB,EAAIhB,EAAGA,EAAI8D,EAAIA,EAAK9C,CAAG,CAEpC,OAAO6C,EAAE,OAAO7D,CAAC,CACnB,CAGA,SAASgE,GAAY,EAAE3E,EAAG,CACxB,IAAIwE,EACJ,OAAG,EAAI,KAAOxE,EAAE,OAAO,EAAGwE,EAAI,IAAIhB,GAAQxD,CAAC,EAAQwE,EAAI,IAAIT,GAAW/D,CAAC,EAChE,KAAK,IAAI,EAAEwE,CAAC,CACrB,CAGAzF,EAAW,UAAU,OAAS2B,GAC9B3B,EAAW,UAAU,QAAU6B,GAC/B7B,EAAW,UAAU,WAAa+B,GAClC/B,EAAW,UAAU,MAAQmC,GAC7BnC,EAAW,UAAU,UAAY8C,GACjC9C,EAAW,UAAU,UAAY+C,GACjC/C,EAAW,UAAU,SAAWgD,GAChChD,EAAW,UAAU,SAAWqD,GAChCrD,EAAW,UAAU,MAAQsD,GAC7BtD,EAAW,UAAU,WAAauD,GAClCvD,EAAW,UAAU,SAAWyD,GAChCzD,EAAW,UAAU,SAAW0D,GAChC1D,EAAW,UAAU,SAAW+E,GAChC/E,EAAW,UAAU,OAASuF,GAC9BvF,EAAW,UAAU,IAAMwF,GAG3BxF,EAAW,UAAU,SAAWoC,GAChCpC,EAAW,UAAU,OAASwC,GAC9BxC,EAAW,UAAU,IAAMyC,GAC3BzC,EAAW,UAAU,UAAY0C,GACjC1C,EAAW,UAAU,UAAY6C,GACjC7C,EAAW,UAAU,IAAMwE,GAC3BxE,EAAW,UAAU,UAAY4F,GAGjC5F,EAAW,KAAO8B,GAAI,CAAC,EACvB9B,EAAW,IAAM8B,GAAI,CAAC,EAatB,SAAS+D,IAAU,CAAE,IAAIjE,EAAIxB,GAAI,EAAG,YAAK,OAAOwB,CAAC,EAAUA,CAAG,CAG9D,SAASkE,IAAa,CACtB,GAAG,KAAK,EAAI,EAAG,CACd,GAAG,KAAK,GAAK,EAAG,OAAO,KAAK,KAAK,CAAC,EAAE,KAAK,GACpC,GAAG,KAAK,GAAK,EAAG,MAAO,EAC7B,KAAO,IAAG,KAAK,GAAK,EAAG,OAAO,KAAK,KAAK,CAAC,EACpC,GAAG,KAAK,GAAK,EAAG,MAAO,GAE5B,OAAS,KAAK,KAAK,CAAC,GAAI,GAAI,GAAG,KAAK,IAAK,IAAK,KAAK,GAAI,KAAK,KAAK,CAAC,CAClE,CAGA,SAASC,IAAc,CAAE,OAAQ,KAAK,GAAG,EAAG,KAAK,EAAG,KAAK,KAAK,CAAC,GAAG,IAAK,EAAI,CAG3E,SAASC,IAAe,CAAE,OAAQ,KAAK,GAAG,EAAG,KAAK,EAAG,KAAK,KAAK,CAAC,GAAG,IAAK,EAAI,CAG5E,SAASC,GAAarE,EAAG,CAAE,OAAO,KAAK,MAAM,KAAK,IAAI,KAAK,GAAG,KAAK,IAAIA,CAAC,CAAC,CAAG,CAG5E,SAASsE,IAAW,CACpB,OAAG,KAAK,EAAI,EAAU,GACd,KAAK,GAAK,GAAM,KAAK,GAAK,GAAK,KAAK,KAAK,CAAC,GAAK,EAAW,EACtD,CACZ,CAGA,SAASC,GAAWjG,EAAG,CAEvB,GADGA,GAAK,OAAMA,EAAI,IACf,KAAK,OAAO,GAAK,GAAKA,EAAI,GAAKA,EAAI,GAAI,MAAO,IACjD,IAAIkG,EAAK,KAAK,UAAUlG,CAAC,EACrB,EAAI,KAAK,IAAIA,EAAEkG,CAAE,EACjB9D,EAAIR,GAAI,CAAC,EAAG0B,EAAIpD,GAAI,EAAGqF,EAAIrF,GAAI,EAAGwB,EAAI,GAE1C,IADA,KAAK,SAASU,EAAEkB,EAAEiC,CAAC,EACbjC,EAAE,OAAO,EAAI,GAClB5B,GAAK,EAAE6D,EAAE,SAAS,GAAG,SAASvF,CAAC,EAAE,OAAO,CAAC,EAAI0B,EAC7C4B,EAAE,SAASlB,EAAEkB,EAAEiC,CAAC,EAEjB,OAAOA,EAAE,SAAS,EAAE,SAASvF,CAAC,EAAI0B,CAClC,CAGA,SAASyE,GAAa3E,EAAExB,EAAG,CAC3B,KAAK,QAAQ,CAAC,EACXA,GAAK,OAAMA,EAAI,IAGlB,QAFIkG,EAAK,KAAK,UAAUlG,CAAC,EACrBoC,EAAI,KAAK,IAAIpC,EAAEkG,CAAE,EAAGnE,EAAK,GAAOxB,EAAI,EAAGD,EAAI,EACvCF,EAAI,EAAGA,EAAIoB,EAAE,OAAQ,EAAEpB,EAAG,CACjC,IAAIC,EAAIkB,GAAMC,EAAEpB,CAAC,EACjB,GAAGC,EAAI,EAAG,CACLmB,EAAE,OAAOpB,CAAC,GAAK,KAAO,KAAK,OAAO,GAAK,IAAG2B,EAAK,IAClD,QACF,CACAzB,EAAIN,EAAEM,EAAED,EACL,EAAEE,GAAK2F,IACR,KAAK,UAAU9D,CAAC,EAChB,KAAK,WAAW9B,EAAE,CAAC,EACnBC,EAAI,EACJD,EAAI,EAEP,CACGC,EAAI,IACN,KAAK,UAAU,KAAK,IAAIP,EAAEO,CAAC,CAAC,EAC5B,KAAK,WAAWD,EAAE,CAAC,GAEjByB,GAAIjC,EAAW,KAAK,MAAM,KAAK,IAAI,CACtC,CAGA,SAASsG,GAAcrG,EAAEC,EAAEC,EAAG,CAC9B,GAAe,OAAOD,GAAnB,SAEF,GAAGD,EAAI,EAAG,KAAK,QAAQ,CAAC,MAMtB,KAJA,KAAK,WAAWA,EAAEE,CAAC,EACf,KAAK,QAAQF,EAAE,CAAC,GAClB,KAAK,UAAUD,EAAW,IAAI,UAAUC,EAAE,CAAC,EAAEsG,GAAM,IAAI,EACtD,KAAK,OAAO,GAAG,KAAK,WAAW,EAAE,CAAC,EAC/B,CAAC,KAAK,gBAAgBrG,CAAC,GAC3B,KAAK,WAAW,EAAE,CAAC,EAChB,KAAK,UAAU,EAAID,GAAG,KAAK,MAAMD,EAAW,IAAI,UAAUC,EAAE,CAAC,EAAE,IAAI,MAGpE,CAEN,IAAIM,EAAI,IAAI,MAASqC,EAAI3C,EAAE,EAC3BM,EAAE,QAAUN,GAAG,GAAG,EAClBC,EAAE,UAAUK,CAAC,EACVqC,EAAI,EAAGrC,EAAE,CAAC,IAAO,GAAGqC,GAAG,EAASrC,EAAE,CAAC,EAAI,EAC1C,KAAK,WAAWA,EAAE,GAAG,CACtB,CACA,CAGA,SAASiG,IAAgB,CACzB,IAAIlG,EAAI,KAAK,EAAGsB,EAAI,IAAI,MACxBA,EAAE,CAAC,EAAI,KAAK,EACZ,IAAIW,EAAI,KAAK,GAAIjC,EAAE,KAAK,GAAI,EAAGgC,EAAGN,EAAI,EACtC,GAAG1B,KAAM,EAGR,IAFGiC,EAAI,KAAK,KAAOD,EAAI,KAAK,KAAKhC,CAAC,GAAGiC,KAAO,KAAK,EAAE,KAAK,KAAKA,IAC3DX,EAAEI,GAAG,EAAIM,EAAG,KAAK,GAAI,KAAK,GAAGC,GACzBjC,GAAK,GACNiC,EAAI,GACLD,GAAK,KAAK,KAAKhC,CAAC,GAAI,GAAGiC,GAAG,IAAM,EAAEA,EAClCD,GAAK,KAAK,KAAK,EAAEhC,CAAC,IAAIiC,GAAG,KAAK,GAAG,KAEjCD,EAAK,KAAK,KAAKhC,CAAC,IAAIiC,GAAG,GAAI,IACxBA,GAAK,IAAKA,GAAK,KAAK,GAAI,EAAEjC,KAE3BgC,EAAE,MAAS,IAAGA,GAAK,MACpBN,GAAK,IAAM,KAAK,EAAE,OAAUM,EAAE,MAAO,EAAEN,GACvCA,EAAI,GAAKM,GAAK,KAAK,KAAGV,EAAEI,GAAG,EAAIM,GAGrC,OAAOV,CACP,CAEA,SAAS6E,GAASxG,EAAG,CAAE,OAAO,KAAK,UAAUA,CAAC,GAAG,CAAI,CACrD,SAASyG,GAAMzG,EAAG,CAAE,OAAO,KAAK,UAAUA,CAAC,EAAE,EAAG,KAAKA,CAAG,CACxD,SAAS0G,GAAM1G,EAAG,CAAE,OAAO,KAAK,UAAUA,CAAC,EAAE,EAAG,KAAKA,CAAG,CAGxD,SAAS2G,GAAa3G,EAAE4G,EAAGjF,EAAG,CAC9B,IAAItB,EAAGwG,EAAG7F,EAAI,KAAK,IAAIhB,EAAE,EAAE,KAAK,CAAC,EACjC,IAAIK,EAAI,EAAGA,EAAIW,EAAG,EAAEX,EAAGsB,EAAE,KAAKtB,CAAC,EAAIuG,EAAG,KAAK,KAAKvG,CAAC,EAAEL,EAAE,KAAKK,CAAC,CAAC,EAC5D,GAAGL,EAAE,EAAI,KAAK,EAAG,CAEhB,IADA6G,EAAI7G,EAAE,EAAE,KAAK,GACTK,EAAIW,EAAGX,EAAI,KAAK,EAAG,EAAEA,EAAGsB,EAAE,KAAKtB,CAAC,EAAIuG,EAAG,KAAK,KAAKvG,CAAC,EAAEwG,CAAC,EACzDlF,EAAE,EAAI,KAAK,CACZ,KAAO,CAEN,IADAkF,EAAI,KAAK,EAAE,KAAK,GACZxG,EAAIW,EAAGX,EAAIL,EAAE,EAAG,EAAEK,EAAGsB,EAAE,KAAKtB,CAAC,EAAIuG,EAAGC,EAAE7G,EAAE,KAAKK,CAAC,CAAC,EACnDsB,EAAE,EAAI3B,EAAE,CACT,CACA2B,EAAE,EAAIiF,EAAG,KAAK,EAAE5G,EAAE,CAAC,EACnB2B,EAAE,MAAM,CACR,CAGA,SAASmF,GAAOxG,EAAEiD,EAAG,CAAE,OAAOjD,EAAEiD,CAAG,CACnC,SAASwD,GAAM/G,EAAG,CAAE,IAAI2B,EAAIxB,GAAI,EAAG,YAAK,UAAUH,EAAE8G,GAAOnF,CAAC,EAAUA,CAAG,CAGzE,SAAS2E,GAAMhG,EAAEiD,EAAG,CAAE,OAAOjD,EAAEiD,CAAG,CAClC,SAASyD,GAAKhH,EAAG,CAAE,IAAI2B,EAAIxB,GAAI,EAAG,YAAK,UAAUH,EAAEsG,GAAM3E,CAAC,EAAUA,CAAG,CAGvE,SAASsF,GAAO3G,EAAEiD,EAAG,CAAE,OAAOjD,EAAEiD,CAAG,CACnC,SAAS2D,GAAMlH,EAAG,CAAE,IAAI2B,EAAIxB,GAAI,EAAG,YAAK,UAAUH,EAAEiH,GAAOtF,CAAC,EAAUA,CAAG,CAGzE,SAASwF,GAAU7G,EAAEiD,EAAG,CAAE,OAAOjD,EAAE,CAACiD,CAAG,CACvC,SAAS6D,GAASpH,EAAG,CAAE,IAAI2B,EAAIxB,GAAI,EAAG,YAAK,UAAUH,EAAEmH,GAAUxF,CAAC,EAAUA,CAAG,CAG/E,SAAS0F,IAAQ,CAEjB,QADI1F,EAAIxB,GAAI,EACJE,EAAI,EAAGA,EAAI,KAAK,EAAG,EAAEA,EAAGsB,EAAE,KAAKtB,CAAC,EAAI,KAAK,GAAG,CAAC,KAAK,KAAKA,CAAC,EAChE,OAAAsB,EAAE,EAAI,KAAK,EACXA,EAAE,EAAI,CAAC,KAAK,EACLA,CACP,CAGA,SAAS2F,GAAY7G,EAAG,CACxB,IAAIkB,EAAIxB,GAAI,EACZ,OAAGM,EAAI,EAAG,KAAK,SAAS,CAACA,EAAEkB,CAAC,EAAQ,KAAK,SAASlB,EAAEkB,CAAC,EAC9CA,CACP,CAGA,SAAS4F,GAAa9G,EAAG,CACzB,IAAIkB,EAAIxB,GAAI,EACZ,OAAGM,EAAI,EAAG,KAAK,SAAS,CAACA,EAAEkB,CAAC,EAAQ,KAAK,SAASlB,EAAEkB,CAAC,EAC9CA,CACP,CAGA,SAAS6F,GAAKlH,EAAG,CACjB,GAAGA,GAAK,EAAG,MAAO,GAClB,IAAIqB,EAAI,EACR,OAAIrB,EAAE,QAAW,IAAKA,IAAM,GAAIqB,GAAK,KACjCrB,EAAE,MAAS,IAAKA,IAAM,EAAGqB,GAAK,IAC9BrB,EAAE,KAAQ,IAAKA,IAAM,EAAGqB,GAAK,IAC7BrB,EAAE,IAAM,IAAKA,IAAM,EAAGqB,GAAK,IAC3BrB,EAAE,IAAM,GAAG,EAAEqB,EACVA,CACP,CAGA,SAAS8F,IAAoB,CAC7B,QAAQpH,EAAI,EAAGA,EAAI,KAAK,EAAG,EAAEA,EAC5B,GAAG,KAAK,KAAKA,CAAC,GAAK,EAAG,OAAOA,EAAE,KAAK,GAAGmH,GAAK,KAAK,KAAKnH,CAAC,CAAC,EACzD,OAAG,KAAK,EAAI,EAAU,KAAK,EAAE,KAAK,GAC3B,EACP,CAGA,SAASqH,GAAKpH,EAAG,CAEjB,QADIqB,EAAI,EACFrB,GAAK,GAAKA,GAAKA,EAAE,EAAG,EAAEqB,EAC5B,OAAOA,CACP,CAGA,SAASgG,IAAa,CAEtB,QADIhG,EAAI,EAAGrB,EAAI,KAAK,EAAE,KAAK,GACnBD,EAAI,EAAGA,EAAI,KAAK,EAAG,EAAEA,EAAGsB,GAAK+F,GAAK,KAAK,KAAKrH,CAAC,EAAEC,CAAC,EACxD,OAAOqB,CACP,CAGA,SAASiG,GAAUnH,EAAG,CACtB,IAAID,EAAI,KAAK,MAAMC,EAAE,KAAK,EAAE,EAC5B,OAAGD,GAAK,KAAK,EAAU,KAAK,GAAG,GACvB,KAAK,KAAKA,CAAC,EAAG,GAAIC,EAAE,KAAK,KAAO,CACxC,CAGA,SAASoH,GAAapH,EAAEmG,EAAI,CAC5B,IAAIjF,EAAI5B,EAAW,IAAI,UAAUU,CAAC,EAClC,YAAK,UAAUkB,EAAEiF,EAAGjF,CAAC,EACdA,CACP,CAGA,SAASmG,GAASrH,EAAG,CAAE,OAAO,KAAK,UAAUA,EAAE6F,EAAK,CAAG,CAGvD,SAASyB,GAAWtH,EAAG,CAAE,OAAO,KAAK,UAAUA,EAAE0G,EAAS,CAAG,CAG7D,SAASa,GAAUvH,EAAG,CAAE,OAAO,KAAK,UAAUA,EAAEwG,EAAM,CAAG,CAGzD,SAASgB,GAASjI,EAAE2B,EAAG,CAEvB,QADItB,EAAI,EAAGH,EAAI,EAAGc,EAAI,KAAK,IAAIhB,EAAE,EAAE,KAAK,CAAC,EACnCK,EAAIW,GACTd,GAAK,KAAK,KAAKG,CAAC,EAAEL,EAAE,KAAKK,CAAC,EAC1BsB,EAAE,KAAKtB,GAAG,EAAIH,EAAE,KAAK,GACrBA,IAAM,KAAK,GAEZ,GAAGF,EAAE,EAAI,KAAK,EAAG,CAEhB,IADAE,GAAKF,EAAE,EACDK,EAAI,KAAK,GACbH,GAAK,KAAK,KAAKG,CAAC,EAChBsB,EAAE,KAAKtB,GAAG,EAAIH,EAAE,KAAK,GACrBA,IAAM,KAAK,GAEbA,GAAK,KAAK,CACX,KAAO,CAEN,IADAA,GAAK,KAAK,EACJG,EAAIL,EAAE,GACVE,GAAKF,EAAE,KAAKK,CAAC,EACbsB,EAAE,KAAKtB,GAAG,EAAIH,EAAE,KAAK,GACrBA,IAAM,KAAK,GAEbA,GAAKF,EAAE,CACR,CACA2B,EAAE,EAAKzB,EAAE,EAAG,GAAG,EACZA,EAAI,EAAGyB,EAAE,KAAKtB,GAAG,EAAIH,EAChBA,EAAI,KAAIyB,EAAE,KAAKtB,GAAG,EAAI,KAAK,GAAGH,GACtCyB,EAAE,EAAItB,EACNsB,EAAE,MAAM,CACR,CAGA,SAASuG,GAAMlI,EAAG,CAAE,IAAI2B,EAAIxB,GAAI,EAAG,YAAK,MAAMH,EAAE2B,CAAC,EAAUA,CAAG,CAG9D,SAASwG,GAAWnI,EAAG,CAAE,IAAI2B,EAAIxB,GAAI,EAAG,YAAK,MAAMH,EAAE2B,CAAC,EAAUA,CAAG,CAGnE,SAASyG,GAAWpI,EAAG,CAAE,IAAI2B,EAAIxB,GAAI,EAAG,YAAK,WAAWH,EAAE2B,CAAC,EAAUA,CAAG,CAGxE,SAAS0G,GAASrI,EAAG,CAAE,IAAI2B,EAAIxB,GAAI,EAAG,YAAK,SAASH,EAAE2B,EAAE,IAAI,EAAUA,CAAG,CAGzE,SAAS2G,GAAYtI,EAAG,CAAE,IAAI2B,EAAIxB,GAAI,EAAG,YAAK,SAASH,EAAE,KAAK2B,CAAC,EAAUA,CAAG,CAG5E,SAAS4G,GAAqBvI,EAAG,CACjC,IAAI0D,EAAIvD,GAAI,EAAGwB,EAAIxB,GAAI,EACvB,YAAK,SAASH,EAAE0D,EAAE/B,CAAC,EACZ,IAAI,MAAM+B,EAAE/B,CAAC,CACpB,CAGA,SAAS6G,GAAa/H,EAAG,CACzB,KAAK,KAAK,KAAK,CAAC,EAAI,KAAK,GAAG,EAAEA,EAAE,EAAE,KAAK,EAAE,EAAE,KAAK,CAAC,EACjD,EAAE,KAAK,EACP,KAAK,MAAM,CACX,CAGA,SAASgI,GAAchI,EAAEF,EAAG,CAC5B,GAAGE,GAAK,EACR,MAAM,KAAK,GAAKF,GAAG,KAAK,KAAK,KAAK,GAAG,EAAI,EAEzC,IADA,KAAK,KAAKA,CAAC,GAAKE,EACV,KAAK,KAAKF,CAAC,GAAK,KAAK,IAC1B,KAAK,KAAKA,CAAC,GAAK,KAAK,GAClB,EAAEA,GAAK,KAAK,IAAG,KAAK,KAAK,KAAK,GAAG,EAAI,GACxC,EAAE,KAAK,KAAKA,CAAC,EAEd,CAGA,SAASmI,IAAU,CAAC,CACpB,SAASC,GAAKrI,EAAG,CAAE,OAAOA,CAAG,CAC7B,SAASsI,GAAOtI,EAAEiD,EAAE5B,EAAG,CAAErB,EAAE,WAAWiD,EAAE5B,CAAC,CAAG,CAC5C,SAASkH,GAAOvI,EAAEqB,EAAG,CAAErB,EAAE,SAASqB,CAAC,CAAG,CAEtC+G,GAAQ,UAAU,QAAUC,GAC5BD,GAAQ,UAAU,OAASC,GAC3BD,GAAQ,UAAU,MAAQE,GAC1BF,GAAQ,UAAU,MAAQG,GAG1B,SAASC,GAAM,EAAG,CAAE,OAAO,KAAK,IAAI,EAAE,IAAIJ,EAAS,CAAG,CAItD,SAASK,GAAmB/I,EAAES,EAAEkB,EAAG,CACnC,IAAItB,EAAI,KAAK,IAAI,KAAK,EAAEL,EAAE,EAAES,CAAC,EAG7B,IAFAkB,EAAE,EAAI,EACNA,EAAE,EAAItB,EACAA,EAAI,GAAGsB,EAAE,KAAK,EAAEtB,CAAC,EAAI,EAC3B,IAAIG,EACJ,IAAIA,EAAImB,EAAE,EAAE,KAAK,EAAGtB,EAAIG,EAAG,EAAEH,EAAGsB,EAAE,KAAKtB,EAAE,KAAK,CAAC,EAAI,KAAK,GAAG,EAAEL,EAAE,KAAKK,CAAC,EAAEsB,EAAEtB,EAAE,EAAE,KAAK,CAAC,EACnF,IAAIG,EAAI,KAAK,IAAIR,EAAE,EAAES,CAAC,EAAGJ,EAAIG,EAAG,EAAEH,EAAG,KAAK,GAAG,EAAEL,EAAE,KAAKK,CAAC,EAAEsB,EAAEtB,EAAE,EAAEI,EAAEJ,CAAC,EAClEsB,EAAE,MAAM,CACR,CAIA,SAASqH,GAAmBhJ,EAAES,EAAEkB,EAAG,CACnC,EAAElB,EACF,IAAIJ,EAAIsB,EAAE,EAAI,KAAK,EAAE3B,EAAE,EAAES,EAEzB,IADAkB,EAAE,EAAI,EACA,EAAEtB,GAAK,GAAGsB,EAAE,KAAKtB,CAAC,EAAI,EAC5B,IAAIA,EAAI,KAAK,IAAII,EAAE,KAAK,EAAE,CAAC,EAAGJ,EAAIL,EAAE,EAAG,EAAEK,EACxCsB,EAAE,KAAK,KAAK,EAAEtB,EAAEI,CAAC,EAAI,KAAK,GAAGA,EAAEJ,EAAEL,EAAE,KAAKK,CAAC,EAAEsB,EAAE,EAAE,EAAE,KAAK,EAAEtB,EAAEI,CAAC,EAC5DkB,EAAE,MAAM,EACRA,EAAE,UAAU,EAAEA,CAAC,CACf,CAGA,SAASsH,GAAQjI,EAAG,CAEpB,KAAK,GAAKb,GAAI,EACd,KAAK,GAAKA,GAAI,EACdJ,EAAW,IAAI,UAAU,EAAEiB,EAAE,EAAE,KAAK,EAAE,EACtC,KAAK,GAAK,KAAK,GAAG,OAAOA,CAAC,EAC1B,KAAK,EAAIA,CACT,CAEA,SAASkI,GAAe5I,EAAG,CAC3B,GAAGA,EAAE,EAAI,GAAKA,EAAE,EAAI,EAAE,KAAK,EAAE,EAAG,OAAOA,EAAE,IAAI,KAAK,CAAC,EAC9C,GAAGA,EAAE,UAAU,KAAK,CAAC,EAAI,EAAG,OAAOA,EACjC,IAAIqB,EAAIxB,GAAI,EAAG,OAAAG,EAAE,OAAOqB,CAAC,EAAG,KAAK,OAAOA,CAAC,EAAUA,CAC1D,CAEA,SAASwH,GAAc7I,EAAG,CAAE,OAAOA,CAAG,CAGtC,SAAS8I,GAAc9I,EAAG,CAK1B,IAJAA,EAAE,UAAU,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAC3BA,EAAE,EAAI,KAAK,EAAE,EAAE,IAAKA,EAAE,EAAI,KAAK,EAAE,EAAE,EAAGA,EAAE,MAAM,GACjD,KAAK,GAAG,gBAAgB,KAAK,GAAG,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAClD,KAAK,EAAE,gBAAgB,KAAK,GAAG,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAC3CA,EAAE,UAAU,KAAK,EAAE,EAAI,GAAGA,EAAE,WAAW,EAAE,KAAK,EAAE,EAAE,CAAC,EAEzD,IADAA,EAAE,MAAM,KAAK,GAAGA,CAAC,EACXA,EAAE,UAAU,KAAK,CAAC,GAAK,GAAGA,EAAE,MAAM,KAAK,EAAEA,CAAC,CAChD,CAGA,SAAS+I,GAAa/I,EAAEqB,EAAG,CAAErB,EAAE,SAASqB,CAAC,EAAG,KAAK,OAAOA,CAAC,CAAG,CAG5D,SAAS2H,GAAahJ,EAAEiD,EAAE5B,EAAG,CAAErB,EAAE,WAAWiD,EAAE5B,CAAC,EAAG,KAAK,OAAOA,CAAC,CAAG,CAElEsH,GAAQ,UAAU,QAAUC,GAC5BD,GAAQ,UAAU,OAASE,GAC3BF,GAAQ,UAAU,OAASG,GAC3BH,GAAQ,UAAU,MAAQK,GAC1BL,GAAQ,UAAU,MAAQI,GAG1B,SAASE,GAAS,EAAEvI,EAAG,CACvB,IAAIX,EAAI,EAAE,UAAU,EAAG0B,EAAGJ,EAAIE,GAAI,CAAC,EAAG2D,EACtC,GAAGnF,GAAK,EAAG,OAAOsB,EACVtB,EAAI,GAAI0B,EAAI,EACZ1B,EAAI,GAAI0B,EAAI,EACZ1B,EAAI,IAAK0B,EAAI,EACb1B,EAAI,IAAK0B,EAAI,EAChBA,EAAI,EACN1B,EAAI,EACNmF,EAAI,IAAIhB,GAAQxD,CAAC,EACVA,EAAE,OAAO,EAChBwE,EAAI,IAAIyD,GAAQjI,CAAC,EAEjBwE,EAAI,IAAIT,GAAW/D,CAAC,EAGrB,IAAI0E,EAAI,IAAI,MAASjF,EAAI,EAAG+I,EAAKzH,EAAE,EAAGK,GAAM,GAAGL,GAAG,EAElD,GADA2D,EAAE,CAAC,EAAIF,EAAE,QAAQ,IAAI,EAClBzD,EAAI,EAAG,CACT,IAAI0H,EAAKtJ,GAAI,EAEb,IADAqF,EAAE,MAAME,EAAE,CAAC,EAAE+D,CAAE,EACThJ,GAAK2B,GACTsD,EAAEjF,CAAC,EAAIN,GAAI,EACXqF,EAAE,MAAMiE,EAAG/D,EAAEjF,EAAE,CAAC,EAAEiF,EAAEjF,CAAC,CAAC,EACtBA,GAAK,CAER,CAEA,IAAID,EAAI,EAAE,EAAE,EAAGD,EAAGmJ,EAAM,GAAMjE,EAAKtF,GAAI,EAAGwC,EAE1C,IADAtC,EAAIqC,GAAM,EAAE,KAAKlC,CAAC,CAAC,EAAE,EACfA,GAAK,GAAG,CAQb,IAPGH,GAAKmJ,EAAIjJ,EAAK,EAAE,KAAKC,CAAC,GAAIH,EAAEmJ,EAAKpH,GAElC7B,GAAK,EAAE,KAAKC,CAAC,GAAI,GAAIH,EAAE,GAAI,IAAMmJ,EAAGnJ,EACjCG,EAAI,IAAGD,GAAK,EAAE,KAAKC,EAAE,CAAC,GAAI,KAAK,GAAGH,EAAEmJ,IAGzC/I,EAAIsB,GACGxB,EAAE,IAAM,GAAKA,IAAM,EAAG,EAAEE,EAE/B,IADIJ,GAAKI,GAAK,IAAKJ,GAAK,KAAK,GAAI,EAAEG,GAChCkJ,EACDhE,EAAEnF,CAAC,EAAE,OAAOoB,CAAC,EACb+H,EAAM,OACD,CACL,KAAMjJ,EAAI,GAAK+E,EAAE,MAAM7D,EAAE8D,CAAE,EAAGD,EAAE,MAAMC,EAAG9D,CAAC,EAAGlB,GAAK,EAC/CA,EAAI,EAAG+E,EAAE,MAAM7D,EAAE8D,CAAE,GAAU9C,EAAIhB,EAAGA,EAAI8D,EAAIA,EAAK9C,GACpD6C,EAAE,MAAMC,EAAGC,EAAEnF,CAAC,EAAEoB,CAAC,CACnB,CAEA,KAAMnB,GAAK,IAAM,EAAE,KAAKA,CAAC,EAAG,GAAGH,IAAO,GACpCmF,EAAE,MAAM7D,EAAE8D,CAAE,EAAG9C,EAAIhB,EAAGA,EAAI8D,EAAIA,EAAK9C,EAChC,EAAEtC,EAAI,IAAKA,EAAI,KAAK,GAAG,EAAG,EAAEG,EAElC,CACA,OAAOgF,EAAE,OAAO7D,CAAC,CACjB,CAGA,SAASgI,GAAM3J,EAAG,CAClB,IAAIM,EAAK,KAAK,EAAE,EAAG,KAAK,OAAO,EAAE,KAAK,MAAM,EACxCiD,EAAKvD,EAAE,EAAE,EAAGA,EAAE,OAAO,EAAEA,EAAE,MAAM,EACnC,GAAGM,EAAE,UAAUiD,CAAC,EAAI,EAAG,CAAE,IAAIZ,EAAIrC,EAAGA,EAAIiD,EAAGA,EAAIZ,CAAG,CAClD,IAAItC,EAAIC,EAAE,gBAAgB,EAAGoF,EAAInC,EAAE,gBAAgB,EACnD,GAAGmC,EAAI,EAAG,OAAOpF,EAMjB,IALGD,EAAIqF,IAAGA,EAAIrF,GACXqF,EAAI,IACNpF,EAAE,SAASoF,EAAEpF,CAAC,EACdiD,EAAE,SAASmC,EAAEnC,CAAC,GAETjD,EAAE,OAAO,EAAI,IACdD,EAAIC,EAAE,gBAAgB,GAAK,GAAGA,EAAE,SAASD,EAAEC,CAAC,GAC5CD,EAAIkD,EAAE,gBAAgB,GAAK,GAAGA,EAAE,SAASlD,EAAEkD,CAAC,EAC7CjD,EAAE,UAAUiD,CAAC,GAAK,GACnBjD,EAAE,MAAMiD,EAAEjD,CAAC,EACXA,EAAE,SAAS,EAAEA,CAAC,IAEdiD,EAAE,MAAMjD,EAAEiD,CAAC,EACXA,EAAE,SAAS,EAAEA,CAAC,GAGjB,OAAGmC,EAAI,GAAGnC,EAAE,SAASmC,EAAEnC,CAAC,EACjBA,CACP,CAGA,SAASqG,GAAUnJ,EAAG,CACtB,GAAGA,GAAK,EAAG,MAAO,GAClB,IAAI4B,EAAI,KAAK,GAAG5B,EAAGkB,EAAK,KAAK,EAAE,EAAGlB,EAAE,EAAE,EACtC,GAAG,KAAK,EAAI,EACX,GAAG4B,GAAK,EAAGV,EAAI,KAAK,KAAK,CAAC,EAAElB,MACvB,SAAQJ,EAAI,KAAK,EAAE,EAAGA,GAAK,EAAG,EAAEA,EAAGsB,GAAKU,EAAEV,EAAE,KAAK,KAAKtB,CAAC,GAAGI,EAChE,OAAOkB,CACP,CAGA,SAASkI,GAAa7I,EAAG,CACzB,IAAI8I,EAAK9I,EAAE,OAAO,EAClB,GAAI,KAAK,OAAO,GAAK8I,GAAO9I,EAAE,OAAO,GAAK,EAAG,OAAOjB,EAAW,KAG/D,QAFIgK,EAAI/I,EAAE,MAAM,EAAGN,EAAI,KAAK,MAAM,EAC9BV,EAAI6B,GAAI,CAAC,EAAG5B,EAAI4B,GAAI,CAAC,EAAG3B,EAAI2B,GAAI,CAAC,EAAGQ,EAAIR,GAAI,CAAC,EAC3CkI,EAAE,OAAO,GAAK,GAAG,CACtB,KAAMA,EAAE,OAAO,GACbA,EAAE,SAAS,EAAEA,CAAC,EACXD,IACE,CAAC9J,EAAE,OAAO,GAAK,CAACC,EAAE,OAAO,KAAKD,EAAE,MAAM,KAAKA,CAAC,EAAGC,EAAE,MAAMe,EAAEf,CAAC,GAC7DD,EAAE,SAAS,EAAEA,CAAC,GACLC,EAAE,OAAO,GAAGA,EAAE,MAAMe,EAAEf,CAAC,EAClCA,EAAE,SAAS,EAAEA,CAAC,EAEhB,KAAMS,EAAE,OAAO,GACbA,EAAE,SAAS,EAAEA,CAAC,EACXoJ,IACE,CAAC5J,EAAE,OAAO,GAAK,CAACmC,EAAE,OAAO,KAAKnC,EAAE,MAAM,KAAKA,CAAC,EAAGmC,EAAE,MAAMrB,EAAEqB,CAAC,GAC7DnC,EAAE,SAAS,EAAEA,CAAC,GACLmC,EAAE,OAAO,GAAGA,EAAE,MAAMrB,EAAEqB,CAAC,EAClCA,EAAE,SAAS,EAAEA,CAAC,EAEb0H,EAAE,UAAUrJ,CAAC,GAAK,GACnBqJ,EAAE,MAAMrJ,EAAEqJ,CAAC,EACRD,GAAI9J,EAAE,MAAME,EAAEF,CAAC,EAClBC,EAAE,MAAMoC,EAAEpC,CAAC,IAEXS,EAAE,MAAMqJ,EAAErJ,CAAC,EACRoJ,GAAI5J,EAAE,MAAMF,EAAEE,CAAC,EAClBmC,EAAE,MAAMpC,EAAEoC,CAAC,EAEd,CACA,GAAG3B,EAAE,UAAUX,EAAW,GAAG,GAAK,EAAG,OAAOA,EAAW,KACvD,GAAGsC,EAAE,UAAUrB,CAAC,GAAK,EAAG,OAAOqB,EAAE,SAASrB,CAAC,EAC3C,GAAGqB,EAAE,OAAO,EAAI,EAAGA,EAAE,MAAMrB,EAAEqB,CAAC,MAAQ,QAAOA,EAC7C,OAAGA,EAAE,OAAO,EAAI,EAAUA,EAAE,IAAIrB,CAAC,EAAeqB,CAChD,CAEA,IAAI2H,GAAY,CAAC,EAAE,EAAE,EAAE,EAAE,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,GAAG,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,IAAI,GAAG,EACnXC,IAAS,GAAG,IAAID,GAAUA,GAAU,OAAO,CAAC,EAGhD,SAASE,GAAkBvH,EAAG,CAC9B,IAAItC,EAAGC,EAAI,KAAK,IAAI,EACpB,GAAGA,EAAE,GAAK,GAAKA,EAAE,KAAK,CAAC,GAAK0J,GAAUA,GAAU,OAAO,CAAC,EAAG,CAC1D,IAAI3J,EAAI,EAAGA,EAAI2J,GAAU,OAAQ,EAAE3J,EACjC,GAAGC,EAAE,KAAK,CAAC,GAAK0J,GAAU3J,CAAC,EAAG,MAAO,GACvC,MAAO,EACR,CACA,GAAGC,EAAE,OAAO,EAAG,MAAO,GAEtB,IADAD,EAAI,EACEA,EAAI2J,GAAU,QAAQ,CAE3B,QADIhJ,EAAIgJ,GAAU3J,CAAC,EAAGG,EAAIH,EAAE,EACtBG,EAAIwJ,GAAU,QAAUhJ,EAAIiJ,IAAOjJ,GAAKgJ,GAAUxJ,GAAG,EAE3D,IADAQ,EAAIV,EAAE,OAAOU,CAAC,EACRX,EAAIG,GAAG,GAAGQ,EAAEgJ,GAAU3J,GAAG,GAAK,EAAG,MAAO,EAC/C,CACA,OAAOC,EAAE,YAAYqC,CAAC,CACtB,CAGA,SAASwH,GAAexH,EAAG,CAC3B,IAAIyH,EAAK,KAAK,SAASrK,EAAW,GAAG,EACjCgC,EAAIqI,EAAG,gBAAgB,EAC3B,GAAGrI,GAAK,EAAG,MAAO,GAIlB,QAHI,EAAIqI,EAAG,WAAWrI,CAAC,EACnBsI,EAAOC,GAAU,EACjBtK,EACIK,EAAI,EAAGA,EAAIsC,EAAG,EAAEtC,EAAG,CAE1B,GACEL,EAAI,IAAID,EAAW,KAAK,UAAU,EAAGsK,CAAI,QAErCrK,EAAE,UAAUD,EAAW,GAAG,GAAK,GAAKC,EAAE,UAAUoK,CAAE,GAAK,GAC7D,IAAI7G,EAAIvD,EAAE,OAAO,EAAE,IAAI,EACvB,GAAGuD,EAAE,UAAUxD,EAAW,GAAG,GAAK,GAAKwD,EAAE,UAAU6G,CAAE,GAAK,EAAG,CAE3D,QADI5J,EAAI,EACFA,IAAMuB,GAAKwB,EAAE,UAAU6G,CAAE,GAAK,GAElC,GADA7G,EAAIA,EAAE,UAAU,EAAE,IAAI,EACnBA,EAAE,UAAUxD,EAAW,GAAG,GAAK,EAAG,MAAO,GAE9C,GAAGwD,EAAE,UAAU6G,CAAE,GAAK,EAAG,MAAO,EAClC,CACD,CACA,MAAO,EACP,CAGA,SAASE,IAAY,CAEnB,MAAO,CAEL,UAAW,SAAShK,EAAG,CACrB,QAAQD,EAAI,EAAGA,EAAIC,EAAE,OAAQ,EAAED,EAC7BC,EAAED,CAAC,EAAI,KAAK,MAAM,KAAK,OAAO,EAAI,GAAM,CAE5C,CACF,CACF,CAGAN,EAAW,UAAU,UAAYiG,GACjCjG,EAAW,UAAU,QAAUmG,GAC/BnG,EAAW,UAAU,UAAYqG,GACjCrG,EAAW,UAAU,WAAasG,GAClCtG,EAAW,UAAU,UAAY4G,GACjC5G,EAAW,UAAU,UAAY8H,GACjC9H,EAAW,UAAU,MAAQkI,GAC7BlI,EAAW,UAAU,UAAYyI,GACjCzI,EAAW,UAAU,WAAa0I,GAClC1I,EAAW,UAAU,gBAAkBgJ,GACvChJ,EAAW,UAAU,gBAAkBiJ,GACvCjJ,EAAW,UAAU,OAAS6J,GAC9B7J,EAAW,UAAU,YAAcoK,GAGnCpK,EAAW,UAAU,MAAQ6F,GAC7B7F,EAAW,UAAU,SAAW8F,GAChC9F,EAAW,UAAU,UAAY+F,GACjC/F,EAAW,UAAU,WAAagG,GAClChG,EAAW,UAAU,OAASkG,GAC9BlG,EAAW,UAAU,YAAcwG,GACnCxG,EAAW,UAAU,OAASyG,GAC9BzG,EAAW,UAAU,IAAM0G,GAC3B1G,EAAW,UAAU,IAAM2G,GAC3B3G,EAAW,UAAU,IAAMgH,GAC3BhH,EAAW,UAAU,GAAKiH,GAC1BjH,EAAW,UAAU,IAAMmH,GAC3BnH,EAAW,UAAU,OAASqH,GAC9BrH,EAAW,UAAU,IAAMsH,GAC3BtH,EAAW,UAAU,UAAYuH,GACjCvH,EAAW,UAAU,WAAawH,GAClCxH,EAAW,UAAU,gBAAkB0H,GACvC1H,EAAW,UAAU,SAAW4H,GAChC5H,EAAW,UAAU,QAAU6H,GAC/B7H,EAAW,UAAU,OAAS+H,GAC9B/H,EAAW,UAAU,SAAWgI,GAChChI,EAAW,UAAU,QAAUiI,GAC/BjI,EAAW,UAAU,IAAMmI,GAC3BnI,EAAW,UAAU,SAAWoI,GAChCpI,EAAW,UAAU,SAAWqI,GAChCrI,EAAW,UAAU,OAASsI,GAC9BtI,EAAW,UAAU,UAAYuI,GACjCvI,EAAW,UAAU,mBAAqBwI,GAC1CxI,EAAW,UAAU,OAASwJ,GAC9BxJ,EAAW,UAAU,WAAa8J,GAClC9J,EAAW,UAAU,IAAM+I,GAC3B/I,EAAW,UAAU,IAAM4J,GAC3B5J,EAAW,UAAU,gBAAkBmK,KCtuCvC,IAAAK,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOA,IAAIC,GAAQ,IACZ,KACA,KAEA,IAAIC,GAAOF,GAAO,QAAUC,GAAM,KAAOA,GAAM,MAAQ,CAAC,EACxDA,GAAM,GAAG,KAAOA,GAAM,GAAG,WAAW,KAAOC,GAO3CA,GAAK,OAAS,UAAW,CAEnBC,IACFC,GAAM,EAIR,IAAIC,EAAS,KAGTC,EAASL,GAAM,KAAK,aAAa,EAGjCM,EAAK,IAAI,MAAM,EAAE,EAGjBC,EAAK,CACP,UAAW,OACX,YAAa,GACb,aAAc,GAEd,cAAe,EAEf,kBAAmB,KAEnB,kBAAmB,CACrB,EAOA,OAAAA,EAAG,MAAQ,UAAW,CAEpBA,EAAG,cAAgB,EAGnBA,EAAG,kBAAoBA,EAAG,gBAAkB,CAAC,EAE7C,QADIC,EAASD,EAAG,kBAAoB,EAC5B,EAAI,EAAG,EAAIC,EAAQ,EAAE,EAC3BD,EAAG,kBAAkB,KAAK,CAAC,EAE7B,OAAAF,EAASL,GAAM,KAAK,aAAa,EACjCI,EAAS,CACP,GAAI,WACJ,GAAI,WACJ,GAAI,WACJ,GAAI,UACJ,GAAI,UACN,EACOG,CACT,EAEAA,EAAG,MAAM,EAYTA,EAAG,OAAS,SAASE,EAAKC,EAAU,CAC/BA,IAAa,SACdD,EAAMT,GAAM,KAAK,WAAWS,CAAG,GAIjC,IAAIE,EAAMF,EAAI,OACdF,EAAG,eAAiBI,EACpBA,EAAM,CAAEA,EAAM,aAAiB,EAAGA,IAAQ,CAAC,EAC3C,QAAQC,EAAIL,EAAG,kBAAkB,OAAS,EAAGK,GAAK,EAAG,EAAEA,EACrDL,EAAG,kBAAkBK,CAAC,GAAKD,EAAI,CAAC,EAChCA,EAAI,CAAC,EAAIA,EAAI,CAAC,GAAMJ,EAAG,kBAAkBK,CAAC,EAAI,aAAiB,GAC/DL,EAAG,kBAAkBK,CAAC,EAAIL,EAAG,kBAAkBK,CAAC,IAAM,EACtDD,EAAI,CAAC,EAAMA,EAAI,CAAC,EAAI,aAAiB,EAIvC,OAAAN,EAAO,SAASI,CAAG,EAGnBI,GAAQT,EAAQE,EAAID,CAAM,GAGvBA,EAAO,KAAO,MAAQA,EAAO,OAAO,IAAM,IAC3CA,EAAO,QAAQ,EAGVE,CACT,EAOAA,EAAG,OAAS,UAAW,CAqBrB,IAAIO,EAAad,GAAM,KAAK,aAAa,EACzCc,EAAW,SAAST,EAAO,MAAM,CAAC,EAGlC,IAAIU,EACFR,EAAG,kBAAkBA,EAAG,kBAAkB,OAAS,CAAC,EACpDA,EAAG,kBAKDS,EAAWD,EAAaR,EAAG,YAAc,EAC7CO,EAAW,SAASG,GAAS,OAAO,EAAGV,EAAG,YAAcS,CAAQ,CAAC,EAMjE,QAFIE,EAAMC,EACNC,EAAOb,EAAG,kBAAkB,CAAC,EAAI,EAC7BK,EAAI,EAAGA,EAAIL,EAAG,kBAAkB,OAAS,EAAG,EAAEK,EACpDM,EAAOX,EAAG,kBAAkBK,EAAI,CAAC,EAAI,EACrCO,EAASD,EAAO,aAAiB,EACjCE,GAAQD,EACRL,EAAW,SAASM,IAAS,CAAC,EAC9BA,EAAOF,IAAS,EAElBJ,EAAW,SAASM,CAAI,EAExB,IAAIC,EAAK,CACP,GAAIjB,EAAO,GACX,GAAIA,EAAO,GACX,GAAIA,EAAO,GACX,GAAIA,EAAO,GACX,GAAIA,EAAO,EACb,EACAS,GAAQQ,EAAIf,EAAIQ,CAAU,EAC1B,IAAIQ,EAAOtB,GAAM,KAAK,aAAa,EACnC,OAAAsB,EAAK,SAASD,EAAG,EAAE,EACnBC,EAAK,SAASD,EAAG,EAAE,EACnBC,EAAK,SAASD,EAAG,EAAE,EACnBC,EAAK,SAASD,EAAG,EAAE,EACnBC,EAAK,SAASD,EAAG,EAAE,EACZC,CACT,EAEOf,CACT,EAGA,IAAIU,GAAW,KACXf,GAAe,GAKnB,SAASC,IAAQ,CAEfc,GAAW,OACXA,IAAYjB,GAAM,KAAK,WAAW,KAA2B,EAAE,EAG/DE,GAAe,EACjB,CASA,SAASW,GAAQU,EAAGC,EAAGC,EAAO,CAI5B,QAFIC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGC,EAAGpB,EACrBD,EAAMc,EAAM,OAAO,EACjBd,GAAO,IAAI,CAaf,IAPAgB,EAAIJ,EAAE,GACNK,EAAIL,EAAE,GACNM,EAAIN,EAAE,GACNO,EAAIP,EAAE,GACNQ,EAAIR,EAAE,GAGFX,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBc,EAAID,EAAM,SAAS,EACnBD,EAAEZ,CAAC,EAAIc,EACPM,EAAIF,EAAKF,GAAKC,EAAIC,GAClBJ,GAAMC,GAAK,EAAMA,IAAM,IAAOK,EAAID,EAAI,WAAaL,EACnDK,EAAID,EACJA,EAAID,EAEJA,GAAMD,GAAK,GAAOA,IAAM,KAAQ,EAChCA,EAAID,EACJA,EAAID,EAEN,KAAMd,EAAI,GAAI,EAAEA,EACdc,EAAKF,EAAEZ,EAAI,CAAC,EAAIY,EAAEZ,EAAI,CAAC,EAAIY,EAAEZ,EAAI,EAAE,EAAIY,EAAEZ,EAAI,EAAE,EAC/Cc,EAAKA,GAAK,EAAMA,IAAM,GACtBF,EAAEZ,CAAC,EAAIc,EACPM,EAAIF,EAAKF,GAAKC,EAAIC,GAClBJ,GAAMC,GAAK,EAAMA,IAAM,IAAOK,EAAID,EAAI,WAAaL,EACnDK,EAAID,EACJA,EAAID,EAEJA,GAAMD,GAAK,GAAOA,IAAM,KAAQ,EAChCA,EAAID,EACJA,EAAID,EAGN,KAAMd,EAAI,GAAI,EAAEA,EACdc,EAAKF,EAAEZ,EAAI,CAAC,EAAIY,EAAEZ,EAAI,CAAC,EAAIY,EAAEZ,EAAI,EAAE,EAAIY,EAAEZ,EAAI,EAAE,EAC/Cc,EAAKA,GAAK,EAAMA,IAAM,GACtBF,EAAEZ,CAAC,EAAIc,EACPM,EAAIJ,EAAIC,EAAIC,EACZJ,GAAMC,GAAK,EAAMA,IAAM,IAAOK,EAAID,EAAI,WAAaL,EACnDK,EAAID,EACJA,EAAID,EAEJA,GAAMD,GAAK,GAAOA,IAAM,KAAQ,EAChCA,EAAID,EACJA,EAAID,EAEN,KAAMd,EAAI,GAAI,EAAEA,EACdc,EAAKF,EAAEZ,EAAI,CAAC,EAAIY,EAAEZ,EAAI,EAAE,EAAIY,EAAEZ,EAAI,EAAE,EAAIY,EAAEZ,EAAI,EAAE,EAChDc,EAAKA,GAAK,EAAMA,IAAM,GACtBF,EAAEZ,CAAC,EAAIc,EACPM,EAAIJ,EAAIC,EAAIC,EACZJ,GAAMC,GAAK,EAAMA,IAAM,IAAOK,EAAID,EAAI,WAAaL,EACnDK,EAAID,EACJA,EAAID,EAEJA,GAAMD,GAAK,GAAOA,IAAM,KAAQ,EAChCA,EAAID,EACJA,EAAID,EAGN,KAAMd,EAAI,GAAI,EAAEA,EACdc,EAAKF,EAAEZ,EAAI,CAAC,EAAIY,EAAEZ,EAAI,EAAE,EAAIY,EAAEZ,EAAI,EAAE,EAAIY,EAAEZ,EAAI,EAAE,EAChDc,EAAKA,GAAK,EAAMA,IAAM,GACtBF,EAAEZ,CAAC,EAAIc,EACPM,EAAKJ,EAAIC,EAAMC,GAAKF,EAAIC,GACxBH,GAAMC,GAAK,EAAMA,IAAM,IAAOK,EAAID,EAAI,WAAaL,EACnDK,EAAID,EACJA,EAAID,EAEJA,GAAMD,GAAK,GAAOA,IAAM,KAAQ,EAChCA,EAAID,EACJA,EAAID,EAGN,KAAMd,EAAI,GAAI,EAAEA,EACdc,EAAKF,EAAEZ,EAAI,CAAC,EAAIY,EAAEZ,EAAI,EAAE,EAAIY,EAAEZ,EAAI,EAAE,EAAIY,EAAEZ,EAAI,EAAE,EAChDc,EAAKA,GAAK,EAAMA,IAAM,GACtBF,EAAEZ,CAAC,EAAIc,EACPM,EAAIJ,EAAIC,EAAIC,EACZJ,GAAMC,GAAK,EAAMA,IAAM,IAAOK,EAAID,EAAI,WAAaL,EACnDK,EAAID,EACJA,EAAID,EAEJA,GAAMD,GAAK,GAAOA,IAAM,KAAQ,EAChCA,EAAID,EACJA,EAAID,EAINH,EAAE,GAAMA,EAAE,GAAKI,EAAK,EACpBJ,EAAE,GAAMA,EAAE,GAAKK,EAAK,EACpBL,EAAE,GAAMA,EAAE,GAAKM,EAAK,EACpBN,EAAE,GAAMA,EAAE,GAAKO,EAAK,EACpBP,EAAE,GAAMA,EAAE,GAAKQ,EAAK,EAEpBpB,GAAO,EACT,CACF,IC9TA,IAAAsB,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cA6CA,IAAIC,GAAQ,IACZ,KACA,KACA,KAGA,IAAIC,GAAQF,GAAO,QAAUC,GAAM,MAAQA,GAAM,OAAS,CAAC,EAoB3DC,GAAM,gBAAkB,SAASC,EAAKC,EAASC,EAAS,CAEtD,IAAIC,EACAC,EACAC,EACAC,EAED,OAAOJ,GAAY,UACpBC,EAAQD,EACRE,EAAO,UAAU,CAAC,GAAK,OACvBC,EAAK,UAAU,CAAC,GAAK,QACbH,IACRC,EAAQD,EAAQ,OAAS,OACzBE,EAAOF,EAAQ,MAAQ,OACvBG,EAAKH,EAAQ,IAAM,OAChBA,EAAQ,MAAQA,EAAQ,KAAK,KAC9BI,EAASJ,EAAQ,KAAK,KAKtBG,EAGFA,EAAG,MAAM,EAFTA,EAAKP,GAAM,GAAG,KAAK,OAAO,EAMxBQ,IACFA,EAASD,GAIX,IAAIE,EAAY,KAAK,KAAKP,EAAI,EAAE,UAAU,EAAI,CAAC,EAC3CQ,EAAYD,EAAY,EAAIF,EAAG,aAAe,EAClD,GAAGJ,EAAQ,OAASO,EAAW,CAC7B,IAAIC,EAAQ,IAAI,MAAM,8CAA8C,EACpE,MAAAA,EAAM,OAASR,EAAQ,OACvBQ,EAAM,UAAYD,EACZC,CACR,CAEIN,IACFA,EAAQ,IAEVE,EAAG,OAAOF,EAAO,KAAK,EAKtB,QAJIO,EAAQL,EAAG,OAAO,EAElBM,EAAK,GACLC,EAAYJ,EAAYP,EAAQ,OAC5BY,EAAI,EAAGA,EAAID,EAAWC,IAC5BF,GAAM,KAGR,IAAIG,EAAKJ,EAAM,SAAS,EAAIC,EAAK,IAASV,EAE1C,GAAG,CAACG,EACFA,EAAON,GAAM,OAAO,SAASO,EAAG,YAAY,UACpCD,EAAK,SAAWC,EAAG,aAAc,CACzC,IAAII,EAAQ,IAAI,MAAM,wEACM,EAC5B,MAAAA,EAAM,WAAaL,EAAK,OACxBK,EAAM,aAAeJ,EAAG,aAClBI,CACR,CAEA,IAAIM,EAASC,GAASZ,EAAMG,EAAYF,EAAG,aAAe,EAAGC,CAAM,EAC/DW,EAAWnB,GAAM,KAAK,SAASgB,EAAIC,EAAQD,EAAG,MAAM,EAEpDI,EAAWF,GAASC,EAAUZ,EAAG,aAAcC,CAAM,EACrDa,EAAarB,GAAM,KAAK,SAASM,EAAMc,EAAUd,EAAK,MAAM,EAGhE,MAAO,KAASe,EAAaF,CAC/B,EAmBAlB,GAAM,gBAAkB,SAASC,EAAKoB,EAAIlB,EAAS,CAEjD,IAAIC,EACAE,EACAC,EAED,OAAOJ,GAAY,UACpBC,EAAQD,EACRG,EAAK,UAAU,CAAC,GAAK,QACbH,IACRC,EAAQD,EAAQ,OAAS,OACzBG,EAAKH,EAAQ,IAAM,OAChBA,EAAQ,MAAQA,EAAQ,KAAK,KAC9BI,EAASJ,EAAQ,KAAK,KAK1B,IAAIK,EAAY,KAAK,KAAKP,EAAI,EAAE,UAAU,EAAI,CAAC,EAE/C,GAAGoB,EAAG,SAAWb,EAAW,CAC1B,IAAIE,EAAQ,IAAI,MAAM,+CAA+C,EACrE,MAAAA,EAAM,OAASW,EAAG,OAClBX,EAAM,eAAiBF,EACjBE,CACR,CAcA,GAXGJ,IAAO,OACRA,EAAKP,GAAM,GAAG,KAAK,OAAO,EAE1BO,EAAG,MAAM,EAIPC,IACFA,EAASD,GAGRE,EAAY,EAAIF,EAAG,aAAe,EACnC,MAAM,IAAI,MAAM,oDAAoD,EAGlEF,IACFA,EAAQ,IAEVE,EAAG,OAAOF,EAAO,KAAK,EAoBtB,QAnBIO,EAAQL,EAAG,OAAO,EAAE,SAAS,EAG7BgB,EAAID,EAAG,OAAO,CAAC,EACfD,EAAaC,EAAG,UAAU,EAAGf,EAAG,aAAe,CAAC,EAChDY,EAAWG,EAAG,UAAU,EAAIf,EAAG,YAAY,EAE3Ca,EAAWF,GAASC,EAAUZ,EAAG,aAAcC,CAAM,EACrDF,EAAON,GAAM,KAAK,SAASqB,EAAYD,EAAUC,EAAW,MAAM,EAElEJ,EAASC,GAASZ,EAAMG,EAAYF,EAAG,aAAe,EAAGC,CAAM,EAC/DgB,EAAKxB,GAAM,KAAK,SAASmB,EAAUF,EAAQE,EAAS,MAAM,EAE1DM,EAAaD,EAAG,UAAU,EAAGjB,EAAG,YAAY,EAG5CI,EAASY,IAAM,KAGXR,EAAI,EAAGA,EAAIR,EAAG,aAAc,EAAEQ,EACpCJ,GAAUC,EAAM,OAAOG,CAAC,IAAMU,EAAW,OAAOV,CAAC,EAQnD,QAFIW,EAAQ,EACRC,EAAQpB,EAAG,aACPqB,EAAIrB,EAAG,aAAcqB,EAAIJ,EAAG,OAAQI,IAAK,CAC/C,IAAIC,EAAOL,EAAG,WAAWI,CAAC,EAEtBE,EAAQD,EAAO,EAAO,EAGtBE,EAAaL,EAAQ,MAAS,EAClCf,GAAUkB,EAAOE,EAGjBL,EAAQA,EAAQI,EAChBH,GAASD,CACX,CAEA,GAAGf,GAASa,EAAG,WAAWG,CAAK,IAAM,EACnC,MAAM,IAAI,MAAM,6BAA6B,EAG/C,OAAOH,EAAG,UAAUG,EAAQ,CAAC,CAC/B,EAEA,SAAST,GAASZ,EAAM0B,EAAYC,EAAM,CAEpCA,IACFA,EAAOjC,GAAM,GAAG,KAAK,OAAO,GAI9B,QAFIkC,EAAI,GACJC,EAAQ,KAAK,KAAKH,EAAaC,EAAK,YAAY,EAC5C,EAAI,EAAG,EAAIE,EAAO,EAAE,EAAG,CAC7B,IAAIC,EAAI,OAAO,aACZ,GAAK,GAAM,IAAO,GAAK,GAAM,IAAO,GAAK,EAAK,IAAM,EAAI,GAAI,EAC/DH,EAAK,MAAM,EACXA,EAAK,OAAO3B,EAAO8B,CAAC,EACpBF,GAAKD,EAAK,OAAO,EAAE,SAAS,CAC9B,CACA,OAAOC,EAAE,UAAU,EAAGF,CAAU,CAClC,ICnRA,IAAAK,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOA,IAAIC,GAAQ,IACZ,KACA,KACA,MAEC,UAAW,CAGZ,GAAGA,GAAM,MAAO,CACdD,GAAO,QAAUC,GAAM,MACvB,MACF,CAGA,IAAIC,EAAQF,GAAO,QAAUC,GAAM,MAAQA,GAAM,OAAS,CAAC,EAEvDE,EAAaF,GAAM,KAAK,WAGxBG,EAAe,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,CAAC,EACtCC,EAAS,IAAIF,EAAW,IAAI,EAChCE,EAAO,QAAQ,EAAE,EACjB,IAAIC,EAAQ,SAASC,EAAG,EAAG,CAAC,OAAOA,EAAE,CAAE,EA+BvCL,EAAM,sBAAwB,SAASM,EAAMC,EAASC,EAAU,CAC3D,OAAOD,GAAY,aACpBC,EAAWD,EACXA,EAAU,CAAC,GAEbA,EAAUA,GAAW,CAAC,EAGtB,IAAIE,EAAYF,EAAQ,WAAa,WAClC,OAAOE,GAAc,WACtBA,EAAY,CAAC,KAAMA,CAAS,GAE9BA,EAAU,QAAUA,EAAU,SAAW,CAAC,EAG1C,IAAIC,EAAOH,EAAQ,MAAQR,GAAM,OAC7BY,EAAM,CAER,UAAW,SAASN,EAAG,CAErB,QADIO,EAAIF,EAAK,aAAaL,EAAE,MAAM,EAC1BQ,EAAI,EAAGA,EAAIR,EAAE,OAAQ,EAAEQ,EAC7BR,EAAEQ,CAAC,EAAID,EAAE,WAAWC,CAAC,CAEzB,CACF,EAEA,GAAGJ,EAAU,OAAS,WACpB,OAAOK,EAAkBR,EAAMK,EAAKF,EAAU,QAASD,CAAQ,EAGjE,MAAM,IAAI,MAAM,uCAAyCC,EAAU,IAAI,CACzE,EAEA,SAASK,EAAkBR,EAAMK,EAAKJ,EAASC,EAAU,CACvD,MAAG,YAAaD,EACPQ,EAA6BT,EAAMK,EAAKJ,EAASC,CAAQ,EAE3DQ,EAAgCV,EAAMK,EAAKJ,EAASC,CAAQ,CACrE,CAEA,SAASQ,EAAgCV,EAAMK,EAAKJ,EAASC,EAAU,CAErE,IAAIS,EAAMC,EAAeZ,EAAMK,CAAG,EAM9BQ,EAAW,EAGXC,EAAUC,EAAoBJ,EAAI,UAAU,CAAC,EAC9C,qBAAsBV,IACvBa,EAAUb,EAAQ,kBAOpB,IAAIe,EAAe,GAChB,iBAAkBf,IACnBe,EAAef,EAAQ,cAGzBgB,EAAUN,EAAKX,EAAMK,EAAKQ,EAAUC,EAASE,EAAcd,CAAQ,CACrE,CAEA,SAASe,EAAUN,EAAKX,EAAMK,EAAKQ,EAAUC,EAASE,EAAcd,EAAU,CAC5E,IAAIgB,EAAQ,CAAC,IAAI,KACjB,EAAG,CAMD,GAJGP,EAAI,UAAU,EAAIX,IACnBW,EAAMC,EAAeZ,EAAMK,CAAG,GAG7BM,EAAI,gBAAgBG,CAAO,EAC5B,OAAOZ,EAAS,KAAMS,CAAG,EAG3BA,EAAI,WAAWf,EAAaiB,IAAa,CAAC,EAAG,CAAC,CAChD,OAAQG,EAAe,GAAM,CAAC,IAAI,KAASE,EAAQF,GAGnDvB,GAAM,KAAK,aAAa,UAAW,CACjCwB,EAAUN,EAAKX,EAAMK,EAAKQ,EAAUC,EAASE,EAAcd,CAAQ,CACrE,CAAC,CACH,CAMA,SAASO,EAA6BT,EAAMK,EAAKJ,EAASC,EAAU,CAElE,GAAG,OAAO,OAAW,IACnB,OAAOQ,EAAgCV,EAAMK,EAAKJ,EAASC,CAAQ,EAIrE,IAAIS,EAAMC,EAAeZ,EAAMK,CAAG,EAG9Bc,EAAalB,EAAQ,QACrBmB,EAAWnB,EAAQ,UAAY,IAC/BoB,EAAQD,EAAW,GAAK,EACxBE,EAAerB,EAAQ,cAAgB,wBAC3C,GAAGkB,IAAe,GAChB,OAAO1B,GAAM,KAAK,cAAc,SAAS8B,EAAKC,EAAO,CAChDD,IAEDC,EAAQ,GAEVL,EAAaK,EAAQ,EACrBC,EAAS,CACX,CAAC,EAEHA,EAAS,EAET,SAASA,GAAW,CAElBN,EAAa,KAAK,IAAI,EAAGA,CAAU,EAQnC,QADIO,EAAU,CAAC,EACPnB,EAAI,EAAGA,EAAIY,EAAY,EAAEZ,EAE/BmB,EAAQnB,CAAC,EAAI,IAAI,OAAOe,CAAY,EAKtC,QAHIK,EAAUR,EAGNZ,EAAI,EAAGA,EAAIY,EAAY,EAAEZ,EAC/BmB,EAAQnB,CAAC,EAAE,iBAAiB,UAAWqB,EAAa,EAiBtD,IAAIC,EAAQ,GACZ,SAASD,GAAcE,GAAG,CAExB,GAAG,CAAAD,EAIH,GAAEF,EACF,IAAII,GAAOD,GAAE,KACb,GAAGC,GAAK,MAAO,CAEb,QAAQxB,GAAI,EAAGA,GAAImB,EAAQ,OAAQ,EAAEnB,GACnCmB,EAAQnB,EAAC,EAAE,UAAU,EAEvB,OAAAsB,EAAQ,GACD3B,EAAS,KAAM,IAAIP,EAAWoC,GAAK,MAAO,EAAE,CAAC,CACtD,CAGGpB,EAAI,UAAU,EAAIX,IACnBW,EAAMC,EAAeZ,EAAMK,CAAG,GAIhC,IAAI2B,GAAMrB,EAAI,SAAS,EAAE,EAGzBmB,GAAE,OAAO,YAAY,CACnB,IAAKE,GACL,SAAUZ,CACZ,CAAC,EAEDT,EAAI,WAAWU,EAAO,CAAC,EACzB,CACF,CACF,CAUA,SAAST,EAAeZ,EAAMK,EAAK,CACjC,IAAIM,EAAM,IAAIhB,EAAWK,EAAMK,CAAG,EAE9B4B,EAAQjC,EAAO,EACnB,OAAIW,EAAI,QAAQsB,CAAK,GACnBtB,EAAI,UAAUhB,EAAW,IAAI,UAAUsC,CAAK,EAAGnC,EAAOa,CAAG,EAG3DA,EAAI,WAAW,GAAKA,EAAI,IAAId,CAAM,EAAE,UAAU,EAAG,CAAC,EAC3Cc,CACT,CAYA,SAASI,EAAoBf,EAAM,CACjC,OAAGA,GAAQ,IAAY,GACpBA,GAAQ,IAAY,GACpBA,GAAQ,IAAY,GACpBA,GAAQ,IAAY,GACpBA,GAAQ,IAAY,EACpBA,GAAQ,IAAY,EACpBA,GAAQ,IAAY,EACpBA,GAAQ,IAAY,EACpBA,GAAQ,IAAY,EACpBA,GAAQ,IAAY,EACpBA,GAAQ,KAAa,EACjB,CACT,CAEA,GAAG,ICxSH,IAAAkC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cA+DA,IAAIC,EAAQ,IACZ,KACA,KACA,KACA,KACA,KACA,KACA,KAEG,OAAOC,GAAe,MACnBA,GAAaD,EAAM,KAAK,YAAxB,IAAAC,GAGFC,GAAUF,EAAM,KAAK,SAAW,QAAQ,QAAQ,EAAI,KAGpDG,EAAOH,EAAM,KAGbI,GAAOJ,EAAM,KAKjBA,EAAM,IAAMA,EAAM,KAAO,CAAC,EAC1BD,GAAO,QAAUC,EAAM,IAAI,IAAMA,EAAM,IAAMA,EAAM,KAAO,CAAC,EAC3D,IAAIK,EAAML,EAAM,IAGZM,GAAe,CAAC,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,CAAC,EAGtCC,GAAsB,CAExB,KAAM,iBACN,SAAUJ,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CAEN,KAAM,yBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,mBACX,EAAG,CAED,KAAM,qCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,gCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,eACX,CAAC,CACH,EAAG,CAED,KAAM,iBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,YAChB,YAAa,GACb,QAAS,YACX,CAAC,CACH,EAGIK,GAAyB,CAE3B,KAAM,gBACN,SAAUL,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CAEN,KAAM,wBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,mBACX,EAAG,CAED,KAAM,wBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,mBACX,EAAG,CAED,KAAM,+BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,0BACX,EAAG,CAED,KAAM,gCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,2BACX,EAAG,CAED,KAAM,uBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,kBACX,EAAG,CAED,KAAM,uBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,kBACX,EAAG,CAED,KAAM,0BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,qBACX,EAAG,CAED,KAAM,0BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,qBACX,EAAG,CAED,KAAM,4BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,uBACX,CAAC,CACH,EAGIM,GAAwB,CAE1B,KAAM,eACN,SAAUN,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CAEN,KAAM,uBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,kBACX,EAAG,CAED,KAAM,wBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,mBACX,CAAC,CACH,EAIIO,GAAqBV,EAAM,IAAI,IAAI,mBAAqB,CAC1D,KAAM,uBACN,SAAUG,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,YAAa,uBACb,MAAO,CAAC,CACN,KAAM,2CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,gCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,cACX,CAAC,CACH,EAAG,CAED,KAAM,wCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,UAChB,YAAa,GACb,MAAO,CAAC,CAEN,KAAM,qDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,SAAU,GACV,YAAa,cACf,CAAC,CACH,CAAC,CACH,EAGIQ,GAAsB,CACxB,KAAM,aACN,SAAUR,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,6BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,iDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,qBACX,EAAG,CAED,KAAM,wCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,KAEhB,QAAS,aACT,SAAU,GACV,YAAa,EACf,CAAC,CACH,EAAG,CAED,KAAM,oBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,YAChB,YAAa,GACb,QAAS,QACX,CAAC,CACH,EAmBIS,GAAqB,SAASC,EAAI,CAEpC,IAAIC,EACJ,GAAGD,EAAG,aAAaR,EAAI,KACrBS,EAAMT,EAAI,KAAKQ,EAAG,SAAS,MACtB,CACL,IAAIE,EAAQ,IAAI,MAAM,mCAAmC,EACzD,MAAAA,EAAM,UAAYF,EAAG,UACfE,CACR,CACA,IAAIC,EAAWb,EAAK,SAASW,CAAG,EAAE,SAAS,EAGvCG,EAAad,EAAK,OACpBA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAAC,CAAC,EAChDe,EAAkBf,EAAK,OACzBA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAAC,CAAC,EACpDe,EAAgB,MAAM,KAAKf,EAAK,OAC9BA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAAOa,CAAQ,CAAC,EACvDE,EAAgB,MAAM,KAAKf,EAAK,OAC9BA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CAAC,EAClD,IAAIgB,EAAShB,EAAK,OAChBA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAChC,GAAOU,EAAG,OAAO,EAAE,SAAS,CAAC,EAC/B,OAAAI,EAAW,MAAM,KAAKC,CAAe,EACrCD,EAAW,MAAM,KAAKE,CAAM,EAGrBhB,EAAK,MAAMc,CAAU,EAAE,SAAS,CACzC,EAWIG,GAAU,SAASC,EAAGC,EAAKC,EAAK,CAClC,GAAGA,EACD,OAAOF,EAAE,OAAOC,EAAI,EAAGA,EAAI,CAAC,EAG9B,GAAG,CAACA,EAAI,GAAK,CAACA,EAAI,EAEhB,OAAOD,EAAE,OAAOC,EAAI,EAAGA,EAAI,CAAC,EAI1BA,EAAI,KACNA,EAAI,GAAKA,EAAI,EAAE,IAAIA,EAAI,EAAE,SAASrB,GAAW,GAAG,CAAC,GAE/CqB,EAAI,KACNA,EAAI,GAAKA,EAAI,EAAE,IAAIA,EAAI,EAAE,SAASrB,GAAW,GAAG,CAAC,GAE/CqB,EAAI,OACNA,EAAI,KAAOA,EAAI,EAAE,WAAWA,EAAI,CAAC,GAsFnC,IAAI,EACJ,GACE,EAAI,IAAIrB,GACND,EAAM,KAAK,WAAWA,EAAM,OAAO,SAASsB,EAAI,EAAE,UAAU,EAAI,CAAC,CAAC,EAClE,EAAE,QACE,EAAE,UAAUA,EAAI,CAAC,GAAK,GAAK,CAAC,EAAE,IAAIA,EAAI,CAAC,EAAE,OAAOrB,GAAW,GAAG,GACtEoB,EAAIA,EAAE,SAAS,EAAE,OAAOC,EAAI,EAAGA,EAAI,CAAC,CAAC,EAAE,IAAIA,EAAI,CAAC,EAOhD,QAJIE,EAAKH,EAAE,IAAIC,EAAI,CAAC,EAAE,OAAOA,EAAI,GAAIA,EAAI,CAAC,EACtCG,EAAKJ,EAAE,IAAIC,EAAI,CAAC,EAAE,OAAOA,EAAI,GAAIA,EAAI,CAAC,EAGpCE,EAAG,UAAUC,CAAE,EAAI,GACvBD,EAAKA,EAAG,IAAIF,EAAI,CAAC,EAInB,IAAII,EAAIF,EAAG,SAASC,CAAE,EACnB,SAASH,EAAI,IAAI,EAAE,IAAIA,EAAI,CAAC,EAC5B,SAASA,EAAI,CAAC,EAAE,IAAIG,CAAE,EAGzB,OAAAC,EAAIA,EAAE,SAAS,EAAE,WAAWJ,EAAI,CAAC,CAAC,EAAE,IAAIA,EAAI,CAAC,EAEtCI,CACT,EA0BArB,EAAI,IAAI,QAAU,SAASsB,EAAGL,EAAKM,EAAI,CACrC,IAAIL,EAAMK,EACNC,EAGAC,EAAI,KAAK,KAAKR,EAAI,EAAE,UAAU,EAAI,CAAC,EAEpCM,IAAO,IAASA,IAAO,IAExBL,EAAOK,IAAO,EACdC,EAAKE,GAAkBJ,EAAGL,EAAKM,CAAE,IAEjCC,EAAK7B,EAAM,KAAK,aAAa,EAC7B6B,EAAG,SAASF,CAAC,GAgBf,QAXIN,EAAI,IAAIpB,GAAW4B,EAAG,MAAM,EAAG,EAAE,EAGjCH,EAAIN,GAAQC,EAAGC,EAAKC,CAAG,EAKvBS,EAAON,EAAE,SAAS,EAAE,EACpBO,EAAKjC,EAAM,KAAK,aAAa,EAC7BkC,EAAQJ,EAAI,KAAK,KAAKE,EAAK,OAAS,CAAC,EACnCE,EAAQ,GACZD,EAAG,QAAQ,CAAI,EACf,EAAEC,EAEJ,OAAAD,EAAG,SAASjC,EAAM,KAAK,WAAWgC,CAAI,CAAC,EAChCC,EAAG,SAAS,CACrB,EAoBA5B,EAAI,IAAI,QAAU,SAAS4B,EAAIX,EAAKC,EAAKY,EAAI,CAE3C,IAAIL,EAAI,KAAK,KAAKR,EAAI,EAAE,UAAU,EAAI,CAAC,EAGvC,GAAGW,EAAG,SAAWH,EAAG,CAClB,IAAIf,EAAQ,IAAI,MAAM,sCAAsC,EAC5D,MAAAA,EAAM,OAASkB,EAAG,OAClBlB,EAAM,SAAWe,EACXf,CACR,CAIA,IAAIW,EAAI,IAAIzB,GAAWD,EAAM,KAAK,aAAaiC,CAAE,EAAE,MAAM,EAAG,EAAE,EAI9D,GAAGP,EAAE,UAAUJ,EAAI,CAAC,GAAK,EACvB,MAAM,IAAI,MAAM,+BAA+B,EAYjD,QARID,EAAID,GAAQM,EAAGJ,EAAKC,CAAG,EAKvBa,EAAOf,EAAE,SAAS,EAAE,EACpBQ,EAAK7B,EAAM,KAAK,aAAa,EAC7BkC,EAAQJ,EAAI,KAAK,KAAKM,EAAK,OAAS,CAAC,EACnCF,EAAQ,GACZL,EAAG,QAAQ,CAAI,EACf,EAAEK,EAIJ,OAFAL,EAAG,SAAS7B,EAAM,KAAK,WAAWoC,CAAI,CAAC,EAEpCD,IAAO,GAEDE,GAAkBR,EAAG,SAAS,EAAGP,EAAKC,CAAG,EAI3CM,EAAG,SAAS,CACrB,EAgBAxB,EAAI,IAAI,6BAA+B,SAASiC,EAAMC,EAAGC,EAAS,CAI7D,OAAOF,GAAU,WAClBA,EAAO,SAASA,EAAM,EAAE,GAE1BA,EAAOA,GAAQ,KAGfE,EAAUA,GAAW,CAAC,EACtB,IAAIC,EAAOD,EAAQ,MAAQxC,EAAM,OAC7B0C,EAAM,CAER,UAAW,SAASrB,EAAG,CAErB,QADIsB,EAAIF,EAAK,aAAapB,EAAE,MAAM,EAC1BuB,EAAI,EAAGA,EAAIvB,EAAE,OAAQ,EAAEuB,EAC7BvB,EAAEuB,CAAC,EAAID,EAAE,WAAWC,CAAC,CAEzB,CACF,EAEIC,EAAYL,EAAQ,WAAa,WAGjCM,EACJ,GAAGD,IAAc,WACfC,EAAO,CACL,UAAWD,EACX,MAAO,EACP,KAAMP,EACN,IAAKI,EACL,KAAMH,GAAK,MACX,EAAG,IAAItC,GAAW,IAAI,EACtB,EAAG,KACH,EAAG,KACH,MAAOqC,GAAQ,EACf,MAAOA,GAAQA,GAAQ,GACvB,QAAS,EACT,IAAK,KACL,KAAM,IACR,EACAQ,EAAK,EAAE,QAAQA,EAAK,IAAI,MAExB,OAAM,IAAI,MAAM,qCAAuCD,CAAS,EAGlE,OAAOC,CACT,EA+BAzC,EAAI,IAAI,2BAA6B,SAAS0C,EAAOC,EAAG,CAEjD,cAAeD,IAClBA,EAAM,UAAY,YAUpB,IAAIE,EAAS,IAAIhD,GAAW,IAAI,EAChCgD,EAAO,QAAQ,EAAE,EAQjB,QAPIC,EAAW,EACXC,EAAQ,SAAS9B,EAAG,EAAG,CAAC,OAAOA,EAAI,CAAE,EAGrC+B,EAAK,CAAC,IAAI,KACVC,EACAC,EAAQ,EACNP,EAAM,OAAS,OAASC,GAAK,GAAKM,EAAQN,IAAI,CAElD,GAAGD,EAAM,QAAU,EAAG,CAQpB,IAAIT,EAAQS,EAAM,IAAM,KAAQA,EAAM,MAAQA,EAAM,MAChDQ,EAAQjB,EAAO,EAGhBS,EAAM,UAAY,GACnBA,EAAM,IAAM,IAAI9C,GAAWqC,EAAMS,EAAM,GAAG,EAEtCA,EAAM,IAAI,QAAQQ,CAAK,GACzBR,EAAM,IAAI,UACR9C,GAAW,IAAI,UAAUsD,CAAK,EAAGJ,EAAOJ,EAAM,GAAG,EAGrDA,EAAM,IAAI,WAAW,GAAKA,EAAM,IAAI,IAAIE,CAAM,EAAE,UAAU,EAAG,CAAC,EAC9DC,EAAW,EAEX,EAAEH,EAAM,SACAA,EAAM,UAAY,EAEvBA,EAAM,IAAI,UAAU,EAAIT,EAEzBS,EAAM,QAAU,EAERA,EAAM,IAAI,gBAClBS,GAAqBT,EAAM,IAAI,UAAU,CAAC,CAAC,EAC3C,EAAEA,EAAM,QAGRA,EAAM,IAAI,WAAWzC,GAAa4C,IAAa,CAAC,EAAG,CAAC,EAE9CH,EAAM,UAAY,EAE1BA,EAAM,QACHA,EAAM,IAAI,SAAS9C,GAAW,GAAG,EAAE,IAAI8C,EAAM,CAAC,EAC5C,UAAU9C,GAAW,GAAG,IAAM,EAAK,EAAI,EACpC8C,EAAM,UAAY,IAE1BA,EAAM,QAAU,EACbA,EAAM,IAAM,KACbA,EAAM,EAAIA,EAAM,IAEhBA,EAAM,EAAIA,EAAM,IAIfA,EAAM,IAAM,MAAQA,EAAM,IAAM,MACjC,EAAEA,EAAM,MAEVA,EAAM,IAAM,KAEhB,SAAUA,EAAM,QAAU,EAErBA,EAAM,EAAE,UAAUA,EAAM,CAAC,EAAI,IAC9BA,EAAM,IAAMA,EAAM,EAClBA,EAAM,EAAIA,EAAM,EAChBA,EAAM,EAAIA,EAAM,KAElB,EAAEA,EAAM,cACAA,EAAM,QAAU,EAExBA,EAAM,GAAKA,EAAM,EAAE,SAAS9C,GAAW,GAAG,EAC1C8C,EAAM,GAAKA,EAAM,EAAE,SAAS9C,GAAW,GAAG,EAC1C8C,EAAM,IAAMA,EAAM,GAAG,SAASA,EAAM,EAAE,EACtC,EAAEA,EAAM,cACAA,EAAM,QAAU,EAErBA,EAAM,IAAI,IAAIA,EAAM,CAAC,EAAE,UAAU9C,GAAW,GAAG,IAAM,EAEtD,EAAE8C,EAAM,OAGRA,EAAM,EAAI,KACVA,EAAM,EAAI,KACVA,EAAM,MAAQ,WAERA,EAAM,QAAU,EAExBA,EAAM,EAAIA,EAAM,EAAE,SAASA,EAAM,CAAC,EAG/BA,EAAM,EAAE,UAAU,IAAMA,EAAM,KAE/B,EAAEA,EAAM,OAGRA,EAAM,EAAI,KACVA,EAAM,MAAQ,WAERA,EAAM,QAAU,EAAG,CAE3B,IAAIU,EAAIV,EAAM,EAAE,WAAWA,EAAM,GAAG,EACpCA,EAAM,KAAO,CACX,WAAY1C,EAAI,IAAI,cAClB0C,EAAM,EAAGA,EAAM,EAAGU,EAAGV,EAAM,EAAGA,EAAM,EACpCU,EAAE,IAAIV,EAAM,EAAE,EAAGU,EAAE,IAAIV,EAAM,EAAE,EAC/BA,EAAM,EAAE,WAAWA,EAAM,CAAC,CAAC,EAC7B,UAAW1C,EAAI,IAAI,aAAa0C,EAAM,EAAGA,EAAM,CAAC,CAClD,CACF,CAGAM,EAAK,CAAC,IAAI,KACVC,GAASD,EAAKD,EACdA,EAAKC,CACP,CAEA,OAAON,EAAM,OAAS,IACxB,EAgCA1C,EAAI,IAAI,gBAAkB,SAASiC,EAAMC,EAAGC,EAASkB,EAAU,CAgD7D,GA9CG,UAAU,SAAW,EACnB,OAAOpB,GAAS,UACjBE,EAAUF,EACVA,EAAO,QACC,OAAOA,GAAS,aACxBoB,EAAWpB,EACXA,EAAO,QAED,UAAU,SAAW,EAE1B,OAAOA,GAAS,SACd,OAAOC,GAAM,YACdmB,EAAWnB,EACXA,EAAI,QACI,OAAOA,GAAM,WACrBC,EAAUD,EACVA,EAAI,SAGNC,EAAUF,EACVoB,EAAWnB,EACXD,EAAO,OACPC,EAAI,QAEE,UAAU,SAAW,IAE1B,OAAOA,GAAM,SACX,OAAOC,GAAY,aACpBkB,EAAWlB,EACXA,EAAU,SAGZkB,EAAWlB,EACXA,EAAUD,EACVA,EAAI,SAGRC,EAAUA,GAAW,CAAC,EACnBF,IAAS,SACVA,EAAOE,EAAQ,MAAQ,MAEtBD,IAAM,SACPA,EAAIC,EAAQ,GAAK,OAIhB,CAACxC,EAAM,QAAQ,mBAAqB,CAACwC,EAAQ,MAC9CF,GAAQ,KAAOA,GAAQ,QAAUC,IAAM,OAAWA,IAAM,IACxD,GAAGmB,EAAU,CAEX,GAAGC,GAAkB,iBAAiB,EACpC,OAAOzD,GAAQ,gBAAgB,MAAO,CACpC,cAAeoC,EACf,eAAgBC,EAChB,kBAAmB,CACjB,KAAM,OACN,OAAQ,KACV,EACA,mBAAoB,CAClB,KAAM,QACN,OAAQ,KACV,CACF,EAAG,SAASqB,EAAKrC,EAAKsC,EAAM,CAC1B,GAAGD,EACD,OAAOF,EAASE,CAAG,EAErBF,EAAS,KAAM,CACb,WAAYrD,EAAI,kBAAkBwD,CAAI,EACtC,UAAWxD,EAAI,iBAAiBkB,CAAG,CACrC,CAAC,CACH,CAAC,EAEH,GAAGuC,GAAoB,aAAa,GAClCA,GAAoB,WAAW,EAE/B,OAAO1D,GAAK,YAAY,OAAO,OAAO,YAAY,CAChD,KAAM,oBACN,cAAekC,EACf,eAAgByB,GAAiBxB,CAAC,EAClC,KAAM,CAAC,KAAM,SAAS,CACxB,EAAG,GAA+B,CAAC,OAAQ,QAAQ,CAAC,EACnD,KAAK,SAASyB,EAAM,CACnB,OAAO5D,GAAK,YAAY,OAAO,OAAO,UACpC,QAAS4D,EAAK,UAAU,CAE5B,CAAC,EAAE,KAAK,OAAW,SAASJ,EAAK,CAC/BF,EAASE,CAAG,CACd,CAAC,EAAE,KAAK,SAASK,EAAO,CACtB,GAAGA,EAAO,CACR,IAAIC,EAAa7D,EAAI,mBACnBF,EAAK,QAAQH,EAAM,KAAK,aAAaiE,CAAK,CAAC,CAAC,EAC9CP,EAAS,KAAM,CACb,WAAYQ,EACZ,UAAW7D,EAAI,gBAAgB6D,EAAW,EAAGA,EAAW,CAAC,CAC3D,CAAC,CACH,CACF,CAAC,EAEH,GAAGC,GAAsB,aAAa,GACpCA,GAAsB,WAAW,EAAG,CACpC,IAAIC,EAAQhE,GAAK,YAAY,SAAS,OAAO,YAAY,CACvD,KAAM,oBACN,cAAekC,EACf,eAAgByB,GAAiBxB,CAAC,EAClC,KAAM,CAAC,KAAM,SAAS,CACxB,EAAG,GAA+B,CAAC,OAAQ,QAAQ,CAAC,EACpD6B,EAAM,WAAa,SAAS7B,EAAG,CAC7B,IAAIyB,EAAOzB,EAAE,OAAO,OAChB8B,EAAWjE,GAAK,YAAY,SAAS,OAAO,UAC9C,QAAS4D,EAAK,UAAU,EAC1BK,EAAS,WAAa,SAAS9B,EAAG,CAChC,IAAI0B,EAAQ1B,EAAE,OAAO,OACjB2B,EAAa7D,EAAI,mBACnBF,EAAK,QAAQH,EAAM,KAAK,aAAaiE,CAAK,CAAC,CAAC,EAC9CP,EAAS,KAAM,CACb,WAAYQ,EACZ,UAAW7D,EAAI,gBAAgB6D,EAAW,EAAGA,EAAW,CAAC,CAC3D,CAAC,CACH,EACAG,EAAS,QAAU,SAAST,EAAK,CAC/BF,EAASE,CAAG,CACd,CACF,EACAQ,EAAM,QAAU,SAASR,EAAK,CAC5BF,EAASE,CAAG,CACd,EACA,MACF,CACF,SAEKD,GAAkB,qBAAqB,EAAG,CAC3C,IAAIW,EAAUpE,GAAQ,oBAAoB,MAAO,CAC/C,cAAeoC,EACf,eAAgBC,EAChB,kBAAmB,CACjB,KAAM,OACN,OAAQ,KACV,EACA,mBAAoB,CAClB,KAAM,QACN,OAAQ,KACV,CACF,CAAC,EACD,MAAO,CACL,WAAYlC,EAAI,kBAAkBiE,EAAQ,UAAU,EACpD,UAAWjE,EAAI,iBAAiBiE,EAAQ,SAAS,CACnD,CACF,EAKJ,IAAIvB,EAAQ1C,EAAI,IAAI,6BAA6BiC,EAAMC,EAAGC,CAAO,EACjE,GAAG,CAACkB,EACF,OAAArD,EAAI,IAAI,2BAA2B0C,EAAO,CAAC,EACpCA,EAAM,KAEfwB,GAAiBxB,EAAOP,EAASkB,CAAQ,CAC3C,EAUArD,EAAI,gBAAkBA,EAAI,IAAI,aAAe,SAAS2C,EAAGT,EAAG,CAC1D,IAAIjB,EAAM,CACR,EAAG0B,EACH,EAAGT,CACL,EAmBA,OAAAjB,EAAI,QAAU,SAASkD,EAAMC,EAAQC,EAAe,CAOlD,GANG,OAAOD,GAAW,SACnBA,EAASA,EAAO,YAAY,EACpBA,IAAW,SACnBA,EAAS,oBAGRA,IAAW,mBACZA,EAAS,CACP,OAAQ,SAAS9C,EAAGL,EAAKC,EAAK,CAC5B,OAAOQ,GAAkBJ,EAAGL,EAAK,CAAI,EAAE,SAAS,CAClD,CACF,UACQmD,IAAW,YAAcA,IAAW,aAC5CA,EAAS,CACP,OAAQ,SAAS9C,EAAGL,EAAK,CACvB,OAAOtB,EAAM,MAAM,gBAAgBsB,EAAKK,EAAG+C,CAAa,CAC1D,CACF,UACQ,CAAC,MAAO,OAAQ,OAAQ,IAAI,EAAE,QAAQD,CAAM,IAAM,GAC1DA,EAAS,CAAC,OAAQ,SAASlC,EAAG,CAAC,OAAOA,CAAE,CAAC,UACjC,OAAOkC,GAAW,SAC1B,MAAM,IAAI,MAAM,mCAAqCA,EAAS,IAAI,EAIpE,IAAIlC,EAAIkC,EAAO,OAAOD,EAAMlD,EAAK,EAAI,EACrC,OAAOjB,EAAI,IAAI,QAAQkC,EAAGjB,EAAK,EAAI,CACrC,EAqCAA,EAAI,OAAS,SAASH,EAAQwD,EAAWF,EAAQjC,EAAS,CACrD,OAAOiC,GAAW,SACnBA,EAASA,EAAO,YAAY,EACpBA,IAAW,SACnBA,EAAS,qBAERjC,IAAY,SACbA,EAAU,CACR,qBAAsB,EACxB,GAEG,yBAA0BA,IAC7BA,EAAQ,qBAAuB,IAG9BiC,IAAW,oBACZA,EAAS,CACP,OAAQ,SAAStD,EAAQsC,EAAG,CAE1BA,EAAIpB,GAAkBoB,EAAGnC,EAAK,EAAI,EAElC,IAAIsD,EAAMzE,EAAK,QAAQsD,EAAG,CACxB,cAAejB,EAAQ,oBACzB,CAAC,EAGGqC,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAAC3E,EAAK,SAASyE,EAAKjE,GAAqBkE,EAASC,CAAM,EAAG,CAC5D,IAAI/D,EAAQ,IAAI,MACd,2EACmB,EACrB,MAAAA,EAAM,OAAS+D,EACT/D,CACR,CAIA,IAAID,EAAMX,EAAK,SAAS0E,EAAQ,mBAAmB,EACnD,GAAG,EAAE/D,IAAQd,EAAM,KAAK,KACtBc,IAAQd,EAAM,KAAK,KACnBc,IAAQd,EAAM,KAAK,MACnBc,IAAQd,EAAM,KAAK,QACnBc,IAAQd,EAAM,KAAK,QACnBc,IAAQd,EAAM,KAAK,QACnBc,IAAQd,EAAM,KAAK,QACnBc,IAAQd,EAAM,KAAK,YAAY,GAC/Bc,IAAQd,EAAM,KAAK,YAAY,GAAI,CACnC,IAAIe,EAAQ,IAAI,MACd,uDAAuD,EACzD,MAAAA,EAAM,IAAMD,EACNC,CACR,CAGA,IAAGD,IAAQd,EAAM,KAAK,KAAOc,IAAQd,EAAM,KAAK,MAC3C,EAAE,eAAgB6E,GACnB,MAAM,IAAI,MACR,wHAE8C,EAKpD,OAAO1D,IAAW0D,EAAQ,MAC5B,CACF,GACQJ,IAAW,QAAUA,IAAW,QAAUA,IAAW,QAC7DA,EAAS,CACP,OAAQ,SAAStD,EAAQsC,EAAG,CAE1B,OAAAA,EAAIpB,GAAkBoB,EAAGnC,EAAK,EAAI,EAC3BH,IAAWsC,CACpB,CACF,GAIF,IAAIA,EAAIpD,EAAI,IAAI,QAAQsE,EAAWrD,EAAK,GAAM,EAAK,EACnD,OAAOmD,EAAO,OAAOtD,EAAQsC,EAAGnC,EAAI,EAAE,UAAU,CAAC,CACnD,EAEOA,CACT,EAiBAjB,EAAI,iBAAmBA,EAAI,IAAI,cAAgB,SAC7C2C,EAAGT,EAAGkB,EAAGsB,EAAGC,EAAGC,EAAIC,EAAIC,EAAM,CAC7B,IAAI7D,EAAM,CACR,EAAG0B,EACH,EAAGT,EACH,EAAGkB,EACH,EAAGsB,EACH,EAAGC,EACH,GAAIC,EACJ,GAAIC,EACJ,KAAMC,CACR,EAeA,OAAA7D,EAAI,QAAU,SAASkD,EAAMC,EAAQC,EAAe,CAC/C,OAAOD,GAAW,SACnBA,EAASA,EAAO,YAAY,EACpBA,IAAW,SACnBA,EAAS,oBAIX,IAAIhB,EAAIpD,EAAI,IAAI,QAAQmE,EAAMlD,EAAK,GAAO,EAAK,EAE/C,GAAGmD,IAAW,mBACZA,EAAS,CAAC,OAAQpC,EAAiB,UAC3BoC,IAAW,YAAcA,IAAW,aAC5CA,EAAS,CACP,OAAQ,SAAShB,EAAGnC,EAAK,CACvB,OAAOtB,EAAM,MAAM,gBAAgBsB,EAAKmC,EAAGiB,CAAa,CAC1D,CACF,UACQ,CAAC,MAAO,OAAQ,OAAQ,IAAI,EAAE,QAAQD,CAAM,IAAM,GAC1DA,EAAS,CAAC,OAAQ,SAAShB,EAAG,CAAC,OAAOA,CAAE,CAAC,MAEzC,OAAM,IAAI,MAAM,mCAAqCgB,EAAS,IAAI,EAIpE,OAAOA,EAAO,OAAOhB,EAAGnC,EAAK,EAAK,CACpC,EAqBAA,EAAI,KAAO,SAAST,EAAI4D,EAAQ,CAO9B,IAAI7C,EAAK,GAEN,OAAO6C,GAAW,WACnBA,EAASA,EAAO,YAAY,GAG3BA,IAAW,QAAaA,IAAW,qBACpCA,EAAS,CAAC,OAAQ7D,EAAkB,EACpCgB,EAAK,IACG6C,IAAW,QAAUA,IAAW,QAAUA,IAAW,QAC7DA,EAAS,CAAC,OAAQ,UAAW,CAAC,OAAO5D,CAAG,CAAC,EACzCe,EAAK,GAIP,IAAI6B,EAAIgB,EAAO,OAAO5D,EAAIS,EAAI,EAAE,UAAU,CAAC,EAC3C,OAAOjB,EAAI,IAAI,QAAQoD,EAAGnC,EAAKM,CAAE,CACnC,EAEON,CACT,EASAjB,EAAI,kBAAoB,SAAS+E,EAAQ,CAEvC,OAAOjF,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEjEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDA,EAAK,aAAa,CAAC,EAAE,SAAS,CAAC,EAEjCA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAC1DA,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GACrCA,EAAK,SAASE,EAAI,KAAK,aAAa,EAAE,SAAS,CAAC,EAClDF,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CAC7D,CAAC,EAEDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GACvDA,EAAK,MAAMiF,CAAM,EAAE,SAAS,CAAC,CACjC,CAAC,CACH,EAUA/E,EAAI,mBAAqB,SAASuE,EAAK,CAErC,IAAIC,EAAU,CAAC,EACXC,EAAS,CAAC,EAQd,GAPG3E,EAAK,SAASyE,EAAKrE,GAAqBsE,EAASC,CAAM,IACxDF,EAAMzE,EAAK,QAAQH,EAAM,KAAK,aAAa6E,EAAQ,UAAU,CAAC,GAIhEA,EAAU,CAAC,EACXC,EAAS,CAAC,EACP,CAAC3E,EAAK,SAASyE,EAAKpE,GAAwBqE,EAASC,CAAM,EAAG,CAC/D,IAAI/D,EAAQ,IAAI,MAAM,0EAC6B,EACnD,MAAAA,EAAM,OAAS+D,EACT/D,CACR,CAKA,IAAI,EAAGwB,EAAGkB,EAAGsB,EAAGC,EAAGC,EAAIC,EAAIC,EAC3B,SAAInF,EAAM,KAAK,aAAa6E,EAAQ,iBAAiB,EAAE,MAAM,EAC7DtC,EAAIvC,EAAM,KAAK,aAAa6E,EAAQ,wBAAwB,EAAE,MAAM,EACpEpB,EAAIzD,EAAM,KAAK,aAAa6E,EAAQ,yBAAyB,EAAE,MAAM,EACrEE,EAAI/E,EAAM,KAAK,aAAa6E,EAAQ,gBAAgB,EAAE,MAAM,EAC5DG,EAAIhF,EAAM,KAAK,aAAa6E,EAAQ,gBAAgB,EAAE,MAAM,EAC5DI,EAAKjF,EAAM,KAAK,aAAa6E,EAAQ,mBAAmB,EAAE,MAAM,EAChEK,EAAKlF,EAAM,KAAK,aAAa6E,EAAQ,mBAAmB,EAAE,MAAM,EAChEM,EAAOnF,EAAM,KAAK,aAAa6E,EAAQ,qBAAqB,EAAE,MAAM,EAG7DxE,EAAI,iBACT,IAAIJ,GAAW,EAAG,EAAE,EACpB,IAAIA,GAAWsC,EAAG,EAAE,EACpB,IAAItC,GAAWwD,EAAG,EAAE,EACpB,IAAIxD,GAAW8E,EAAG,EAAE,EACpB,IAAI9E,GAAW+E,EAAG,EAAE,EACpB,IAAI/E,GAAWgF,EAAI,EAAE,EACrB,IAAIhF,GAAWiF,EAAI,EAAE,EACrB,IAAIjF,GAAWkF,EAAM,EAAE,CAAC,CAC5B,EASA9E,EAAI,iBAAmBA,EAAI,0BAA4B,SAASiB,EAAK,CAEnE,OAAOnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEjEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDA,EAAK,aAAa,CAAC,EAAE,SAAS,CAAC,EAEjCA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDkF,GAAW/D,EAAI,CAAC,CAAC,EAEnBnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDkF,GAAW/D,EAAI,CAAC,CAAC,EAEnBnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDkF,GAAW/D,EAAI,CAAC,CAAC,EAEnBnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDkF,GAAW/D,EAAI,CAAC,CAAC,EAEnBnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDkF,GAAW/D,EAAI,CAAC,CAAC,EAEnBnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDkF,GAAW/D,EAAI,EAAE,CAAC,EAEpBnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDkF,GAAW/D,EAAI,EAAE,CAAC,EAEpBnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDkF,GAAW/D,EAAI,IAAI,CAAC,CACxB,CAAC,CACH,EASAjB,EAAI,kBAAoB,SAASuE,EAAK,CAEpC,IAAIC,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG3E,EAAK,SAASyE,EAAKlE,GAAoBmE,EAASC,CAAM,EAAG,CAE1D,IAAIhE,EAAMX,EAAK,SAAS0E,EAAQ,YAAY,EAC5C,GAAG/D,IAAQT,EAAI,KAAK,cAAe,CACjC,IAAIU,EAAQ,IAAI,MAAM,sCAAsC,EAC5D,MAAAA,EAAM,IAAMD,EACNC,CACR,CACA6D,EAAMC,EAAQ,YAChB,CAIA,GADAC,EAAS,CAAC,EACP,CAAC3E,EAAK,SAASyE,EAAKnE,GAAuBoE,EAASC,CAAM,EAAG,CAC9D,IAAI/D,EAAQ,IAAI,MAAM,wEAC4B,EAClD,MAAAA,EAAM,OAAS+D,EACT/D,CACR,CAGA,IAAIiC,EAAIhD,EAAM,KAAK,aAAa6E,EAAQ,gBAAgB,EAAE,MAAM,EAC5DtC,EAAIvC,EAAM,KAAK,aAAa6E,EAAQ,iBAAiB,EAAE,MAAM,EAGjE,OAAOxE,EAAI,gBACT,IAAIJ,GAAW+C,EAAG,EAAE,EACpB,IAAI/C,GAAWsC,EAAG,EAAE,CAAC,CACzB,EASAlC,EAAI,gBAAkBA,EAAI,gCAAkC,SAASiB,EAAK,CAExE,OAAOnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEjEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASE,EAAI,KAAK,aAAa,EAAE,SAAS,CAAC,EAElDF,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CAC7D,CAAC,EAEDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,UAAW,GAAO,CAC5DE,EAAI,wBAAwBiB,CAAG,CACjC,CAAC,CACH,CAAC,CACH,EASAjB,EAAI,wBAA0B,SAASiB,EAAK,CAE1C,OAAOnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEjEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDkF,GAAW/D,EAAI,CAAC,CAAC,EAEnBnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDkF,GAAW/D,EAAI,CAAC,CAAC,CACrB,CAAC,CACH,EAYA,SAASS,GAAkBJ,EAAGL,EAAKM,EAAI,CACrC,IAAIC,EAAK7B,EAAM,KAAK,aAAa,EAG7B8B,EAAI,KAAK,KAAKR,EAAI,EAAE,UAAU,EAAI,CAAC,EAGvC,GAAGK,EAAE,OAAUG,EAAI,GAAK,CACtB,IAAIf,EAAQ,IAAI,MAAM,8CAA8C,EACpE,MAAAA,EAAM,OAASY,EAAE,OACjBZ,EAAM,IAAMe,EAAI,GACVf,CACR,CAmBAc,EAAG,QAAQ,CAAI,EACfA,EAAG,QAAQD,CAAE,EAGb,IAAI0D,EAASxD,EAAI,EAAIH,EAAE,OACnB4D,EAEJ,GAAG3D,IAAO,GAAQA,IAAO,EAAM,CAC7B2D,EAAW3D,IAAO,EAAQ,EAAO,IACjC,QAAQgB,EAAI,EAAGA,EAAI0C,EAAQ,EAAE1C,EAC3Bf,EAAG,QAAQ0D,CAAO,CAEtB,KAGE,MAAMD,EAAS,GAAG,CAGhB,QAFIE,EAAW,EACXC,EAAWzF,EAAM,OAAO,SAASsF,CAAM,EACnC1C,EAAI,EAAGA,EAAI0C,EAAQ,EAAE1C,EAC3B2C,EAAUE,EAAS,WAAW7C,CAAC,EAC5B2C,IAAY,EACb,EAAEC,EAEF3D,EAAG,QAAQ0D,CAAO,EAGtBD,EAASE,CACX,CAIF,OAAA3D,EAAG,QAAQ,CAAI,EACfA,EAAG,SAASF,CAAC,EAENE,CACT,CAYA,SAASQ,GAAkBqD,EAAIpE,EAAKC,EAAKY,EAAI,CAE3C,IAAIL,EAAI,KAAK,KAAKR,EAAI,EAAE,UAAU,EAAI,CAAC,EAanCO,EAAK7B,EAAM,KAAK,aAAa0F,CAAE,EAC/BC,EAAQ9D,EAAG,QAAQ,EACnBD,EAAKC,EAAG,QAAQ,EACpB,GAAG8D,IAAU,GACVpE,GAAOK,IAAO,GAAQA,IAAO,GAC7B,CAACL,GAAOK,GAAM,GACdL,GAAOK,IAAO,GAAQ,OAAOO,EAAQ,IACtC,MAAM,IAAI,MAAM,8BAA8B,EAGhD,IAAImD,EAAS,EACb,GAAG1D,IAAO,EAAM,CAEd0D,EAASxD,EAAI,EAAIK,EACjB,QAAQS,EAAI,EAAGA,EAAI0C,EAAQ,EAAE1C,EAC3B,GAAGf,EAAG,QAAQ,IAAM,EAClB,MAAM,IAAI,MAAM,8BAA8B,CAGpD,SAAUD,IAAO,EAGf,IADA0D,EAAS,EACHzD,EAAG,OAAO,EAAI,GAAG,CACrB,GAAGA,EAAG,QAAQ,IAAM,IAAM,CACxB,EAAEA,EAAG,KACL,KACF,CACA,EAAEyD,CACJ,SACQ1D,IAAO,EAGf,IADA0D,EAAS,EACHzD,EAAG,OAAO,EAAI,GAAG,CACrB,GAAGA,EAAG,QAAQ,IAAM,EAAM,CACxB,EAAEA,EAAG,KACL,KACF,CACA,EAAEyD,CACJ,CAIF,IAAIM,EAAO/D,EAAG,QAAQ,EACtB,GAAG+D,IAAS,GAAQN,IAAYxD,EAAI,EAAID,EAAG,OAAO,EAChD,MAAM,IAAI,MAAM,8BAA8B,EAGhD,OAAOA,EAAG,SAAS,CACrB,CAgBA,SAAS0C,GAAiBxB,EAAOP,EAASkB,EAAU,CAC/C,OAAOlB,GAAY,aACpBkB,EAAWlB,EACXA,EAAU,CAAC,GAEbA,EAAUA,GAAW,CAAC,EAEtB,IAAIqD,EAAO,CACT,UAAW,CACT,KAAMrD,EAAQ,WAAa,WAC3B,QAAS,CACP,QAASA,EAAQ,SAAW,EAC5B,SAAUA,EAAQ,UAAY,IAC9B,aAAcA,EAAQ,YACxB,CACF,CACF,EACG,SAAUA,IACXqD,EAAK,KAAOrD,EAAQ,MAGtBsD,EAAS,EAET,SAASA,GAAW,CAElBC,EAAShD,EAAM,MAAO,SAASa,EAAKoC,EAAK,CACvC,GAAGpC,EACD,OAAOF,EAASE,CAAG,EAGrB,GADAb,EAAM,EAAIiD,EACPjD,EAAM,IAAM,KACb,OAAOkD,EAAOrC,EAAKb,EAAM,CAAC,EAE5BgD,EAAShD,EAAM,MAAOkD,CAAM,CAC9B,CAAC,CACH,CAEA,SAASF,EAASzD,EAAMoB,EAAU,CAChC1D,EAAM,MAAM,sBAAsBsC,EAAMuD,EAAMnC,CAAQ,CACxD,CAEA,SAASuC,EAAOrC,EAAKoC,EAAK,CACxB,GAAGpC,EACD,OAAOF,EAASE,CAAG,EAOrB,GAHAb,EAAM,EAAIiD,EAGPjD,EAAM,EAAE,UAAUA,EAAM,CAAC,EAAI,EAAG,CACjC,IAAImD,EAAMnD,EAAM,EAChBA,EAAM,EAAIA,EAAM,EAChBA,EAAM,EAAImD,CACZ,CAGA,GAAGnD,EAAM,EAAE,SAAS9C,GAAW,GAAG,EAAE,IAAI8C,EAAM,CAAC,EAC5C,UAAU9C,GAAW,GAAG,IAAM,EAAG,CAClC8C,EAAM,EAAI,KACV+C,EAAS,EACT,MACF,CAGA,GAAG/C,EAAM,EAAE,SAAS9C,GAAW,GAAG,EAAE,IAAI8C,EAAM,CAAC,EAC5C,UAAU9C,GAAW,GAAG,IAAM,EAAG,CAClC8C,EAAM,EAAI,KACVgD,EAAShD,EAAM,MAAOkD,CAAM,EAC5B,MACF,CAQA,GALAlD,EAAM,GAAKA,EAAM,EAAE,SAAS9C,GAAW,GAAG,EAC1C8C,EAAM,GAAKA,EAAM,EAAE,SAAS9C,GAAW,GAAG,EAC1C8C,EAAM,IAAMA,EAAM,GAAG,SAASA,EAAM,EAAE,EAGnCA,EAAM,IAAI,IAAIA,EAAM,CAAC,EAAE,UAAU9C,GAAW,GAAG,IAAM,EAAG,CAEzD8C,EAAM,EAAIA,EAAM,EAAI,KACpB+C,EAAS,EACT,MACF,CAIA,GADA/C,EAAM,EAAIA,EAAM,EAAE,SAASA,EAAM,CAAC,EAC/BA,EAAM,EAAE,UAAU,IAAMA,EAAM,KAAM,CAErCA,EAAM,EAAI,KACVgD,EAAShD,EAAM,MAAOkD,CAAM,EAC5B,MACF,CAGA,IAAIxC,EAAIV,EAAM,EAAE,WAAWA,EAAM,GAAG,EACpCA,EAAM,KAAO,CACX,WAAY1C,EAAI,IAAI,cAClB0C,EAAM,EAAGA,EAAM,EAAGU,EAAGV,EAAM,EAAGA,EAAM,EACpCU,EAAE,IAAIV,EAAM,EAAE,EAAGU,EAAE,IAAIV,EAAM,EAAE,EAC/BA,EAAM,EAAE,WAAWA,EAAM,CAAC,CAAC,EAC7B,UAAW1C,EAAI,IAAI,aAAa0C,EAAM,EAAGA,EAAM,CAAC,CAClD,EAEAW,EAAS,KAAMX,EAAM,IAAI,CAC3B,CACF,CASA,SAASsC,GAAW1C,EAAG,CAErB,IAAIwD,EAAMxD,EAAE,SAAS,EAAE,EACpBwD,EAAI,CAAC,GAAK,MACXA,EAAM,KAAOA,GAEf,IAAIC,EAAQpG,EAAM,KAAK,WAAWmG,CAAG,EAGrC,OAAGC,EAAM,OAAS,IAEdA,EAAM,WAAW,CAAC,IAAM,IACzBA,EAAM,WAAW,CAAC,EAAI,OAAU,GAEhCA,EAAM,WAAW,CAAC,IAAM,MACxBA,EAAM,WAAW,CAAC,EAAI,OAAU,KAC1BA,EAAM,OAAO,CAAC,EAEhBA,CACT,CAYA,SAAS5C,GAAqBlB,EAAM,CAClC,OAAGA,GAAQ,IAAY,GACpBA,GAAQ,IAAY,GACpBA,GAAQ,IAAY,GACpBA,GAAQ,IAAY,GACpBA,GAAQ,IAAY,EACpBA,GAAQ,IAAY,EACpBA,GAAQ,IAAY,EACpBA,GAAQ,IAAY,EACpBA,GAAQ,IAAY,EACpBA,GAAQ,IAAY,EACpBA,GAAQ,KAAa,EACjB,CACT,CASA,SAASqB,GAAkB0C,EAAI,CAC7B,OAAOrG,EAAM,KAAK,UAAY,OAAOE,GAAQmG,CAAE,GAAM,UACvD,CASA,SAASvC,GAAoBuC,EAAI,CAC/B,OAAQ,OAAOjG,GAAK,YAAgB,KAClC,OAAOA,GAAK,YAAY,QAAW,UACnC,OAAOA,GAAK,YAAY,OAAO,QAAW,UAC1C,OAAOA,GAAK,YAAY,OAAO,OAAOiG,CAAE,GAAM,UAClD,CAWA,SAASlC,GAAsBkC,EAAI,CACjC,OAAQ,OAAOjG,GAAK,YAAgB,KAClC,OAAOA,GAAK,YAAY,UAAa,UACrC,OAAOA,GAAK,YAAY,SAAS,QAAW,UAC5C,OAAOA,GAAK,YAAY,SAAS,OAAOiG,CAAE,GAAM,UACpD,CAEA,SAAStC,GAAiB1C,EAAG,CAG3B,QAFI+E,EAAQpG,EAAM,KAAK,WAAWqB,EAAE,SAAS,EAAE,CAAC,EAC5CiF,EAAS,IAAI,WAAWF,EAAM,MAAM,EAChCxD,EAAI,EAAGA,EAAIwD,EAAM,OAAQ,EAAExD,EACjC0D,EAAO1D,CAAC,EAAIwD,EAAM,WAAWxD,CAAC,EAEhC,OAAO0D,CACT,IC/3DA,IAAAC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAmBA,IAAIC,EAAQ,IACZ,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KAEG,OAAOC,GAAe,MACnBA,GAAaD,EAAM,KAAK,YAAxB,IAAAC,GAIFC,EAAOF,EAAM,KAGbG,EAAMH,EAAM,IAAMA,EAAM,KAAO,CAAC,EACpCD,GAAO,QAAUI,EAAI,IAAMH,EAAM,IAAMA,EAAM,KAAO,CAAC,EACrD,IAAII,GAAOD,EAAI,KAIXE,GAA+B,CACjC,KAAM,0BACN,SAAUH,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,8CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,gCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,eACX,EAAG,CACD,KAAM,iCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,YAAa,kBACf,CAAC,CACH,EAAG,CAED,KAAM,wCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,YAChB,YAAa,GACb,QAAS,eACX,CAAC,CACH,EAIII,GAA2B,CAC7B,KAAM,kBACN,SAAUJ,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,oCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,wCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,QACX,EAAG,CACD,KAAM,yBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,8BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,YAChB,YAAa,GACb,QAAS,SACX,EAAG,CACD,KAAM,wCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,mBACX,EAAG,CACD,KAAM,mCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,SAAU,GACV,QAAS,WACX,EAAG,CAED,KAAM,6BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,SAAU,GACV,MAAO,CAAC,CACN,KAAM,uCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,QACX,CAAC,CACH,CAAC,CACH,CAAC,CACH,EAAG,CACD,KAAM,mCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,uCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,QACX,EAAG,CACD,KAAM,sCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,YAChB,YAAa,GACb,QAAS,OACX,CAAC,CACH,CAAC,CACH,EAEIK,GAA2B,CAC7B,KAAM,mBACN,SAAUL,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,wBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,YAChB,YAAa,GACb,QAAS,MACX,EAAG,CACD,KAAM,8BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,YACX,CAAC,CACH,EA0CAC,EAAI,sBAAwB,SAASK,EAAKC,EAAUC,EAAS,CAE3DA,EAAUA,GAAW,CAAC,EACtBA,EAAQ,SAAWA,EAAQ,UAAY,EACvCA,EAAQ,MAAQA,EAAQ,OAAS,KACjCA,EAAQ,UAAYA,EAAQ,WAAa,SACzCA,EAAQ,aAAeA,EAAQ,cAAgB,OAG/C,IAAIC,EAAOX,EAAM,OAAO,aAAaU,EAAQ,QAAQ,EACjDE,EAAQF,EAAQ,MAChBG,EAAaX,EAAK,aAAaU,CAAK,EACpCE,EACAC,EACAC,EACJ,GAAGN,EAAQ,UAAU,QAAQ,KAAK,IAAM,GAAKA,EAAQ,YAAc,MAAO,CAExE,IAAIO,EAAOC,EAAQC,EACnB,OAAOT,EAAQ,UAAW,CAC1B,IAAK,SACHI,EAAQ,GACRG,EAAQ,GACRC,EAASd,GAAK,YAAY,EAC1Be,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,SACHc,EAAQ,GACRG,EAAQ,GACRC,EAASd,GAAK,YAAY,EAC1Be,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,SACHc,EAAQ,GACRG,EAAQ,GACRC,EAASd,GAAK,YAAY,EAC1Be,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,MACHc,EAAQ,EACRG,EAAQ,EACRC,EAASd,GAAK,OACde,EAAWnB,EAAM,IAAI,uBACrB,MACF,QACE,IAAIoB,EAAQ,IAAI,MAAM,2DAA2D,EACjF,MAAAA,EAAM,UAAYV,EAAQ,UACpBU,CACR,CAGA,IAAIC,EAAe,WAAaX,EAAQ,aAAa,YAAY,EAC7DY,EAAKC,GAA4BF,CAAY,EAG7CG,EAAKxB,EAAM,MAAM,OAAOS,EAAUE,EAAMC,EAAOE,EAAOQ,CAAE,EACxDG,EAAKzB,EAAM,OAAO,aAAaiB,CAAK,EACpCS,EAASP,EAASK,CAAE,EACxBE,EAAO,MAAMD,CAAE,EACfC,EAAO,OAAOxB,EAAK,MAAMM,CAAG,CAAC,EAC7BkB,EAAO,OAAO,EACdV,EAAgBU,EAAO,OAAO,SAAS,EAGvC,IAAIC,EAASC,GAAmBjB,EAAME,EAAYC,EAAOO,CAAY,EAErEN,EAAsBb,EAAK,OACzBA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAChDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASE,GAAK,UAAa,EAAE,SAAS,CAAC,EAC9CF,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAC1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASE,GAAK,WAAc,EAAE,SAAS,CAAC,EAE/CuB,CACF,CAAC,EAEDzB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAC1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASgB,CAAM,EAAE,SAAS,CAAC,EAElChB,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAAOuB,CAAE,CAC1D,CAAC,CACH,CAAC,CACH,CAAC,CACH,SAAUf,EAAQ,YAAc,OAAQ,CAEtCI,EAAQ,GAER,IAAIe,EAAY,IAAI7B,EAAM,KAAK,WAAWW,CAAI,EAC1Ca,EAAKrB,EAAI,IAAI,kBAAkBM,EAAUoB,EAAW,EAAGjB,EAAOE,CAAK,EACnEW,EAAKtB,EAAI,IAAI,kBAAkBM,EAAUoB,EAAW,EAAGjB,EAAOE,CAAK,EACnEY,EAAS1B,EAAM,IAAI,uBAAuBwB,CAAE,EAChDE,EAAO,MAAMD,CAAE,EACfC,EAAO,OAAOxB,EAAK,MAAMM,CAAG,CAAC,EAC7BkB,EAAO,OAAO,EACdV,EAAgBU,EAAO,OAAO,SAAS,EAEvCX,EAAsBb,EAAK,OACzBA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAChDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASE,GAAK,iCAAiC,CAAC,EAAE,SAAS,CAAC,EAEnEF,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAAOS,CAAI,EAEpET,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDW,EAAW,SAAS,CAAC,CACzB,CAAC,CACH,CAAC,CACH,KAAO,CACL,IAAIO,EAAQ,IAAI,MAAM,2DAA2D,EACjF,MAAAA,EAAM,UAAYV,EAAQ,UACpBU,CACR,CAGA,IAAIU,EAAO5B,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAErEa,EAEAb,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAAOc,CAAa,CACrE,CAAC,EACD,OAAOc,CACT,EAUA3B,EAAI,sBAAwB,SAASK,EAAKC,EAAU,CAClD,IAAIqB,EAAO,KAGPC,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAAC9B,EAAK,SAASM,EAAKH,GAA8B0B,EAASC,CAAM,EAAG,CACrE,IAAIZ,EAAQ,IAAI,MAAM,6FACsC,EAC5D,MAAAA,EAAM,OAASY,EACTZ,CACR,CAGA,IAAIa,EAAM/B,EAAK,SAAS6B,EAAQ,aAAa,EACzCL,EAASvB,EAAI,IAAI,UAAU8B,EAAKF,EAAQ,iBAAkBtB,CAAQ,EAGlEyB,EAAYlC,EAAM,KAAK,aAAa+B,EAAQ,aAAa,EAE7D,OAAAL,EAAO,OAAOQ,CAAS,EACpBR,EAAO,OAAO,IACfI,EAAO5B,EAAK,QAAQwB,EAAO,MAAM,GAG5BI,CACT,EAUA3B,EAAI,yBAA2B,SAASgC,EAAMC,EAAS,CAErD,IAAIC,EAAM,CACR,KAAM,wBACN,KAAMnC,EAAK,MAAMiC,CAAI,EAAE,SAAS,CAClC,EACA,OAAOnC,EAAM,IAAI,OAAOqC,EAAK,CAAC,QAASD,CAAO,CAAC,CACjD,EAUAjC,EAAI,2BAA6B,SAASmC,EAAK,CAC7C,IAAID,EAAMrC,EAAM,IAAI,OAAOsC,CAAG,EAAE,CAAC,EAEjC,GAAGD,EAAI,OAAS,wBAAyB,CACvC,IAAIjB,EAAQ,IAAI,MAAM,+FACyB,EAC/C,MAAAA,EAAM,WAAaiB,EAAI,KACjBjB,CACR,CACA,GAAGiB,EAAI,UAAYA,EAAI,SAAS,OAAS,YACvC,MAAM,IAAI,MAAM,qEACK,EAIvB,OAAOnC,EAAK,QAAQmC,EAAI,IAAI,CAC9B,EA4BAlC,EAAI,qBAAuB,SAASoC,EAAQ9B,EAAUC,EAAS,CAG7D,GADAA,EAAUA,GAAW,CAAC,EACnB,CAACA,EAAQ,OAAQ,CAElB,IAAIoB,EAAO3B,EAAI,kBAAkBA,EAAI,iBAAiBoC,CAAM,CAAC,EAC7D,OAAAT,EAAO3B,EAAI,sBAAsB2B,EAAMrB,EAAUC,CAAO,EACjDP,EAAI,yBAAyB2B,CAAI,CAC1C,CAGA,IAAIU,EACAf,EACAX,EACAK,EACJ,OAAOT,EAAQ,UAAW,CAC1B,IAAK,SACH8B,EAAY,cACZ1B,EAAQ,GACRW,EAAKzB,EAAM,OAAO,aAAa,EAAE,EACjCmB,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,SACHwC,EAAY,cACZ1B,EAAQ,GACRW,EAAKzB,EAAM,OAAO,aAAa,EAAE,EACjCmB,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,SACHwC,EAAY,cACZ1B,EAAQ,GACRW,EAAKzB,EAAM,OAAO,aAAa,EAAE,EACjCmB,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,OACHwC,EAAY,eACZ1B,EAAQ,GACRW,EAAKzB,EAAM,OAAO,aAAa,CAAC,EAChCmB,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,MACHwC,EAAY,UACZ1B,EAAQ,EACRW,EAAKzB,EAAM,OAAO,aAAa,CAAC,EAChCmB,EAAWnB,EAAM,IAAI,uBACrB,MACF,QACE,IAAIoB,EAAQ,IAAI,MAAM,wEACOV,EAAQ,UAAY,IAAI,EACrD,MAAAU,EAAM,UAAYV,EAAQ,UACpBU,CACR,CAGA,IAAII,EAAKxB,EAAM,IAAI,mBAAmBS,EAAUgB,EAAG,OAAO,EAAG,CAAC,EAAGX,CAAK,EAClEY,EAASP,EAASK,CAAE,EACxBE,EAAO,MAAMD,CAAE,EACfC,EAAO,OAAOxB,EAAK,MAAMC,EAAI,iBAAiBoC,CAAM,CAAC,CAAC,EACtDb,EAAO,OAAO,EAEd,IAAIW,EAAM,CACR,KAAM,kBACN,SAAU,CACR,QAAS,IACT,KAAM,WACR,EACA,QAAS,CACP,UAAWG,EACX,WAAYxC,EAAM,KAAK,WAAWyB,CAAE,EAAE,YAAY,CACpD,EACA,KAAMC,EAAO,OAAO,SAAS,CAC/B,EACA,OAAO1B,EAAM,IAAI,OAAOqC,CAAG,CAC7B,EAUAlC,EAAI,qBAAuB,SAASmC,EAAK7B,EAAU,CACjD,IAAIqB,EAAO,KAEPO,EAAMrC,EAAM,IAAI,OAAOsC,CAAG,EAAE,CAAC,EAEjC,GAAGD,EAAI,OAAS,yBACdA,EAAI,OAAS,eACbA,EAAI,OAAS,kBAAmB,CAChC,IAAIjB,EAAQ,IAAI,MAAM,8HACkD,EACxE,MAAAA,EAAM,WAAaA,EACbA,CACR,CAEA,GAAGiB,EAAI,UAAYA,EAAI,SAAS,OAAS,YAAa,CACpD,IAAIvB,EACAK,EACJ,OAAOkB,EAAI,QAAQ,UAAW,CAC9B,IAAK,UACHvB,EAAQ,EACRK,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,eACHc,EAAQ,GACRK,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,cACHc,EAAQ,GACRK,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,cACHc,EAAQ,GACRK,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,cACHc,EAAQ,GACRK,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,aACHc,EAAQ,EACRK,EAAW,SAASsB,EAAK,CACvB,OAAOzC,EAAM,IAAI,uBAAuByC,EAAK,EAAE,CACjD,EACA,MACF,IAAK,aACH3B,EAAQ,EACRK,EAAW,SAASsB,EAAK,CACvB,OAAOzC,EAAM,IAAI,uBAAuByC,EAAK,EAAE,CACjD,EACA,MACF,IAAK,cACH3B,EAAQ,GACRK,EAAW,SAASsB,EAAK,CACvB,OAAOzC,EAAM,IAAI,uBAAuByC,EAAK,GAAG,CAClD,EACA,MACF,QACE,IAAIrB,EAAQ,IAAI,MAAM,oEACOiB,EAAI,QAAQ,UAAY,IAAI,EACzD,MAAAjB,EAAM,UAAYiB,EAAI,QAAQ,UACxBjB,CACR,CAGA,IAAIK,EAAKzB,EAAM,KAAK,WAAWqC,EAAI,QAAQ,UAAU,EACjDb,EAAKxB,EAAM,IAAI,mBAAmBS,EAAUgB,EAAG,OAAO,EAAG,CAAC,EAAGX,CAAK,EAClEY,EAASP,EAASK,CAAE,EAGxB,GAFAE,EAAO,MAAMD,CAAE,EACfC,EAAO,OAAO1B,EAAM,KAAK,aAAaqC,EAAI,IAAI,CAAC,EAC5CX,EAAO,OAAO,EACfI,EAAOJ,EAAO,OAAO,SAAS,MAE9B,QAAOI,CAEX,MACEA,EAAOO,EAAI,KAGb,OAAGA,EAAI,OAAS,wBACdP,EAAO3B,EAAI,sBAAsBD,EAAK,QAAQ4B,CAAI,EAAGrB,CAAQ,EAG7DqB,EAAO5B,EAAK,QAAQ4B,CAAI,EAGvBA,IAAS,OACVA,EAAO3B,EAAI,mBAAmB2B,CAAI,GAG7BA,CACT,EAeA3B,EAAI,IAAI,kBAAoB,SAASM,EAAUE,EAAM+B,EAAIC,EAAM,EAAGrB,EAAI,CACpE,IAAIsB,EAAGC,EAEP,GAAG,OAAOvB,EAAO,KAAeA,IAAO,KAAM,CAC3C,GAAG,EAAE,SAAUtB,EAAM,IACnB,MAAM,IAAI,MAAM,oCAAoC,EAEtDsB,EAAKtB,EAAM,GAAG,KAAK,OAAO,CAC5B,CAEA,IAAI,EAAIsB,EAAG,aACPwB,EAAIxB,EAAG,YACPyB,EAAS,IAAI/C,EAAM,KAAK,WAGxBgD,EAAU,IAAIhD,EAAM,KAAK,WAC7B,GAAGS,GAAa,KAAgC,CAC9C,IAAIoC,EAAI,EAAGA,EAAIpC,EAAS,OAAQoC,IAC9BG,EAAQ,SAASvC,EAAS,WAAWoC,CAAC,CAAC,EAEzCG,EAAQ,SAAS,CAAC,CACpB,CAGA,IAAIC,EAAID,EAAQ,OAAO,EACnBE,EAAIvC,EAAK,OAAO,EAIhBwC,EAAI,IAAInD,EAAM,KAAK,WACvBmD,EAAE,aAAaT,EAAII,CAAC,EAMpB,IAAIM,EAAON,EAAI,KAAK,KAAKI,EAAIJ,CAAC,EAC1BO,EAAI,IAAIrD,EAAM,KAAK,WACvB,IAAI6C,EAAI,EAAGA,EAAIO,EAAMP,IACnBQ,EAAE,QAAQ1C,EAAK,GAAGkC,EAAIK,CAAC,CAAC,EAO1B,IAAII,EAAOR,EAAI,KAAK,KAAKG,EAAIH,CAAC,EAC1BS,EAAI,IAAIvD,EAAM,KAAK,WACvB,IAAI6C,EAAI,EAAGA,EAAIS,EAAMT,IACnBU,EAAE,QAAQP,EAAQ,GAAGH,EAAII,CAAC,CAAC,EAI7B,IAAIO,EAAIH,EACRG,EAAE,UAAUD,CAAC,EAMb,QAHIE,EAAI,KAAK,KAAK,EAAI,CAAC,EAGfC,EAAI,EAAGA,GAAKD,EAAGC,IAAK,CAE1B,IAAIC,EAAM,IAAI3D,EAAM,KAAK,WACzB2D,EAAI,SAASR,EAAE,MAAM,CAAC,EACtBQ,EAAI,SAASH,EAAE,MAAM,CAAC,EACtB,QAAQI,EAAQ,EAAGA,EAAQjB,EAAMiB,IAC/BtC,EAAG,MAAM,EACTA,EAAG,OAAOqC,EAAI,SAAS,CAAC,EACxBA,EAAMrC,EAAG,OAAO,EAKlB,IAAIuC,EAAI,IAAI7D,EAAM,KAAK,WACvB,IAAI6C,EAAI,EAAGA,EAAIC,EAAGD,IAChBgB,EAAE,QAAQF,EAAI,GAAGd,EAAI,CAAC,CAAC,EAMzB,IAAIiB,GAAI,KAAK,KAAKZ,EAAIJ,CAAC,EAAI,KAAK,KAAKG,EAAIH,CAAC,EACtCiB,GAAO,IAAI/D,EAAM,KAAK,WAC1B,IAAI4C,EAAI,EAAGA,EAAIkB,GAAGlB,IAAK,CACrB,IAAIoB,GAAQ,IAAIhE,EAAM,KAAK,WAAWwD,EAAE,SAASV,CAAC,CAAC,EAC/CmB,GAAI,IACR,IAAIpB,EAAIgB,EAAE,OAAO,EAAI,EAAGhB,GAAK,EAAGA,IAC9BoB,GAAIA,IAAK,EACTA,IAAKJ,EAAE,GAAGhB,CAAC,EAAImB,GAAM,GAAGnB,CAAC,EACzBmB,GAAM,MAAMnB,EAAGoB,GAAI,GAAI,EAEzBF,GAAK,UAAUC,EAAK,CACtB,CACAR,EAAIO,GAGJhB,EAAO,UAAUY,CAAG,CACtB,CAEA,OAAAZ,EAAO,SAASA,EAAO,OAAO,EAAI,CAAC,EAC5BA,CACT,EAWA5C,EAAI,IAAI,UAAY,SAAS8B,EAAKN,EAAQlB,EAAU,CAClD,OAAOwB,EAAK,CACZ,KAAK9B,EAAI,KAAK,WACZ,OAAOA,EAAI,IAAI,kBAAkB8B,EAAKN,EAAQlB,CAAQ,EAExD,KAAKN,EAAI,KAAK,iCAAiC,EAC/C,KAAKA,EAAI,KAAK,2BAA2B,EACvC,OAAOA,EAAI,IAAI,sBAAsB8B,EAAKN,EAAQlB,CAAQ,EAE5D,QACE,IAAIW,EAAQ,IAAI,MAAM,wDAAwD,EAC9E,MAAAA,EAAM,IAAMa,EACZb,EAAM,cAAgB,CACpB,aACA,kCACA,2BACF,EACMA,CACR,CACF,EAcAjB,EAAI,IAAI,kBAAoB,SAAS8B,EAAKN,EAAQlB,EAAU,CAE1D,IAAIsB,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAAC9B,EAAK,SAASyB,EAAQrB,GAA0ByB,EAASC,CAAM,EAAG,CACpE,IAAIZ,EAAQ,IAAI,MAAM,sHACkD,EACxE,MAAAA,EAAM,OAASY,EACTZ,CACR,CAIA,GADAa,EAAM/B,EAAK,SAAS6B,EAAQ,MAAM,EAC/BE,IAAQ9B,EAAI,KAAK,YAAgB,CAClC,IAAIiB,EAAQ,IAAI,MAAM,6EACsB,EAC5C,MAAAA,EAAM,IAAMa,EACZb,EAAM,cAAgB,CAAC,aAAa,EAC9BA,CACR,CAEA,GADAa,EAAM/B,EAAK,SAAS6B,EAAQ,MAAM,EAC/BE,IAAQ9B,EAAI,KAAK,YAAY,GAC9B8B,IAAQ9B,EAAI,KAAK,YAAY,GAC7B8B,IAAQ9B,EAAI,KAAK,YAAY,GAC7B8B,IAAQ9B,EAAI,KAAK,cAAc,GAC/B8B,IAAQ9B,EAAI,KAAK,OAAW,CAC5B,IAAIiB,EAAQ,IAAI,MAAM,uEACgB,EACtC,MAAAA,EAAM,IAAMa,EACZb,EAAM,cAAgB,CACpB,aAAc,aAAc,aAAc,eAAgB,QAAQ,EAC9DA,CACR,CAGA,IAAIT,EAAOoB,EAAQ,QACfnB,EAAQZ,EAAM,KAAK,aAAa+B,EAAQ,iBAAiB,EAC7DnB,EAAQA,EAAM,OAAOA,EAAM,OAAO,GAAK,CAAC,EACxC,IAAIE,EACAK,EACJ,OAAOhB,EAAI,KAAK8B,CAAG,EAAG,CACtB,IAAK,aACHnB,EAAQ,GACRK,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,aACHc,EAAQ,GACRK,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,aACHc,EAAQ,GACRK,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,eACHc,EAAQ,GACRK,EAAWnB,EAAM,IAAI,uBACrB,MACF,IAAK,SACHc,EAAQ,EACRK,EAAWnB,EAAM,IAAI,uBACrB,KACF,CAGA,IAAIsB,EAAK4C,GAAsBnC,EAAQ,MAAM,EAGzCP,EAAKxB,EAAM,MAAM,OAAOS,EAAUE,EAAMC,EAAOE,EAAOQ,CAAE,EACxDG,EAAKM,EAAQ,MACbL,EAASP,EAASK,CAAE,EACxB,OAAAE,EAAO,MAAMD,CAAE,EAERC,CACT,EAcAvB,EAAI,IAAI,sBAAwB,SAAS8B,EAAKN,EAAQlB,EAAU,CAE9D,IAAIsB,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAAC9B,EAAK,SAASyB,EAAQpB,GAA0BwB,EAASC,CAAM,EAAG,CACpE,IAAIZ,EAAQ,IAAI,MAAM,sHACkD,EACxE,MAAAA,EAAM,OAASY,EACTZ,CACR,CAEA,IAAIT,EAAOX,EAAM,KAAK,aAAa+B,EAAQ,IAAI,EAC3CnB,EAAQZ,EAAM,KAAK,aAAa+B,EAAQ,UAAU,EACtDnB,EAAQA,EAAM,OAAOA,EAAM,OAAO,GAAK,CAAC,EAExC,IAAIE,EAAOqD,EAAQhD,EACnB,OAAOc,EAAK,CACV,KAAK9B,EAAI,KAAK,iCAAiC,EAC7CW,EAAQ,GACRqD,EAAS,EACThD,EAAWnB,EAAM,IAAI,gBACrB,MAEF,KAAKG,EAAI,KAAK,2BAA2B,EACvCW,EAAQ,EACRqD,EAAS,EACThD,EAAW,SAASsB,EAAKhB,EAAI,CAC3B,IAAIC,EAAS1B,EAAM,IAAI,uBAAuByC,EAAK,EAAE,EACrD,OAAAf,EAAO,MAAMD,EAAI,IAAI,EACdC,CACT,EACA,MAEF,QACE,IAAIN,EAAQ,IAAI,MAAM,uDAAuD,EAC7E,MAAAA,EAAM,IAAMa,EACNb,CACV,CAGA,IAAIE,EAAK4C,GAAsBnC,EAAQ,MAAM,EACzCU,EAAMtC,EAAI,IAAI,kBAAkBM,EAAUE,EAAM,EAAGC,EAAOE,EAAOQ,CAAE,EACvEA,EAAG,MAAM,EACT,IAAIG,EAAKtB,EAAI,IAAI,kBAAkBM,EAAUE,EAAM,EAAGC,EAAOuD,EAAQ7C,CAAE,EAEvE,OAAOH,EAASsB,EAAKhB,CAAE,CACzB,EAaAtB,EAAI,IAAI,mBAAqB,SAASM,EAAUE,EAAMG,EAAOQ,EAAI,CAC/D,GAAG,OAAOA,EAAO,KAAeA,IAAO,KAAM,CAC3C,GAAG,EAAE,QAAStB,EAAM,IAClB,MAAM,IAAI,MAAM,mCAAmC,EAErDsB,EAAKtB,EAAM,GAAG,IAAI,OAAO,CAC3B,CACGW,IAAS,OACVA,EAAO,IAGT,QADIyD,EAAU,CAACC,GAAK/C,EAAIb,EAAWE,CAAI,CAAC,EAChC2D,EAAS,GAAIZ,EAAI,EAAGY,EAASxD,EAAO,EAAE4C,EAAGY,GAAU,GACzDF,EAAQ,KAAKC,GAAK/C,EAAI8C,EAAQV,EAAI,CAAC,EAAIjD,EAAWE,CAAI,CAAC,EAEzD,OAAOyD,EAAQ,KAAK,EAAE,EAAE,OAAO,EAAGtD,CAAK,CACzC,EAEA,SAASuD,GAAK/C,EAAIiD,EAAO,CACvB,OAAOjD,EAAG,MAAM,EAAE,OAAOiD,CAAK,EAAE,OAAO,EAAE,SAAS,CACpD,CAEA,SAASL,GAAsBM,EAAQ,CAErC,IAAInD,EACJ,GAAG,CAACmD,EACFnD,EAAe,uBAEfA,EAAelB,EAAI,KAAKD,EAAK,SAASsE,CAAM,CAAC,EAC1C,CAACnD,EAAc,CAChB,IAAID,EAAQ,IAAI,MAAM,sBAAsB,EAC5C,MAAAA,EAAM,IAAMoD,EACZpD,EAAM,UAAY,CAChB,eAAgB,iBAAkB,iBAAkB,iBACpD,gBAAgB,EACZA,CACR,CAEF,OAAOG,GAA4BF,CAAY,CACjD,CAEA,SAASE,GAA4BF,EAAc,CACjD,IAAIoD,EAAUzE,EAAM,GACpB,OAAOqB,EAAc,CACrB,IAAK,iBACHoD,EAAUzE,EAAM,GAAG,OACrB,IAAK,eACL,IAAK,iBACL,IAAK,iBACL,IAAK,iBACHqB,EAAeA,EAAa,OAAO,CAAC,EAAE,YAAY,EAClD,MACF,QACE,IAAID,EAAQ,IAAI,MAAM,4BAA4B,EAClD,MAAAA,EAAM,UAAYC,EAClBD,EAAM,UAAY,CAChB,eAAgB,iBAAkB,iBAAkB,iBACpD,gBAAgB,EACZA,CACR,CACA,GAAG,CAACqD,GAAW,EAAEpD,KAAgBoD,GAC/B,MAAM,IAAI,MAAM,2BAA6BpD,CAAY,EAE3D,OAAOoD,EAAQpD,CAAY,EAAE,OAAO,CACtC,CAEA,SAASO,GAAmBjB,EAAME,EAAYC,EAAOO,EAAc,CACjE,IAAIM,EAASzB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEvEA,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAAOS,CAAI,EAE1DT,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDW,EAAW,SAAS,CAAC,CACzB,CAAC,EAED,OAAGQ,IAAiB,gBAClBM,EAAO,MAAM,KAEXzB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDF,EAAM,KAAK,WAAWc,EAAM,SAAS,EAAE,CAAC,CAAC,EAE3CZ,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASC,EAAI,KAAKkB,CAAY,CAAC,EAAE,SAAS,CAAC,EAElDnB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CAC7D,CAAC,CAAC,EAECyB,CACT,IC9/BA,IAAA+C,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cA6GA,IAAIC,GAAQ,IACZ,KACA,KAGA,IAAIC,EAAOD,GAAM,KAGbE,GAAMH,GAAO,QAAUC,GAAM,UAAYA,GAAM,WAAa,CAAC,EACjEA,GAAM,MAAQA,GAAM,OAAS,CAAC,EAC9BA,GAAM,MAAM,KAAOE,GAEnB,IAAIC,GAAuB,CACzB,KAAM,cACN,SAAUF,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,0BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,aACX,EAAG,CACD,KAAM,sBACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EACN,YAAa,GACb,SAAU,GACV,YAAa,SACf,CAAC,CACH,EACAC,GAAI,qBAAuBC,GAE3B,IAAIC,GAAgC,CAClC,KAAM,uBACN,SAAUH,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,mCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,aACX,EAAG,CACD,KAAM,kDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,4DACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,cACX,EAAG,CACD,KAAM,4DACN,SAAUA,EAAK,MAAM,UACrB,YAAa,cACf,CAAC,CACH,EAAG,CACD,KAAM,wCACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EA2BN,QAAS,mBACT,YAAa,sBACf,CAAC,CACH,EAEAC,GAAI,uBAAyB,CAC3B,KAAM,gBACN,SAAUD,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,wBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,SACX,EAAG,CACD,KAAM,+BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,YAAa,gBACf,CAAC,EAAE,OAAOG,EAA6B,CACzC,EAEAF,GAAI,uBAAyB,CAC3B,KAAM,gBACN,SAAUD,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,wBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,SACX,CAAC,EAAE,OAAOG,EAA6B,CACzC,EAEA,IAAIC,GAAkB,CACpB,KAAM,aACN,SAAUJ,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,qBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,EACf,EAAG,CACD,KAAM,mCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,0CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,YAAa,QACf,EAAG,CACD,KAAM,gDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,QACX,CAAC,CACH,EAAG,CACD,KAAM,6BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,uCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,iBACX,EAAG,CACD,KAAM,uCACN,SAAUA,EAAK,MAAM,UACrB,YAAa,GACb,YAAa,kBACb,SAAU,EACZ,CAAC,CACH,EAAG,CACD,KAAM,qCACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EACN,YAAa,GACb,SAAU,GACV,QAAS,yBACX,EAAG,CACD,KAAM,uCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,QAAS,oBACX,EAAG,CACD,KAAM,6BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,YAChB,YAAa,GACb,QAAS,WACX,EAAG,CACD,KAAM,uCACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EACN,YAAa,GACb,SAAU,GACV,QAAS,2BACX,CAAC,CACH,EAEAC,GAAI,oBAAsB,CACxB,KAAM,aACN,SAAUD,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,qBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,SACX,EAAG,CACD,KAAM,8BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,YAAa,kBACf,EACAE,GACA,CACE,KAAM,0BACN,SAAUF,EAAK,MAAM,iBACrB,KAAM,EACN,SAAU,GACV,YAAa,cACf,EAAG,CACD,KAAM,wCACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EACN,SAAU,GACV,YAAa,MACf,EAAG,CACD,KAAM,yBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,QAAS,cACT,SAAU,GACV,MAAO,CAACI,EAAe,CACzB,CAAC,CACH,EAEAH,GAAI,uBAAyB,CAC3B,KAAM,gBACN,SAAUD,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,wBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,SACX,EAAG,CACD,KAAM,gCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,uCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,YAAa,QACf,EAAG,CACD,KAAM,6CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,QACX,CAAC,CACH,EAAG,CACD,KAAM,uCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,iDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,cACX,EAAG,CACD,KAAM,iDACN,SAAUA,EAAK,MAAM,UACrB,YAAa,GACb,YAAa,eACb,SAAU,EACZ,CAAC,CACH,EAAG,CACD,KAAM,6BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,YAChB,YAAa,GACb,QAAS,QACX,CAAC,CACH,ICzZA,IAAAK,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cASA,IAAIC,GAAQ,IACZ,KAEAA,GAAM,IAAMA,GAAM,KAAO,CAAC,EAC1B,IAAIC,GAAOF,GAAO,QAAUC,GAAM,IAAI,KAAOA,GAAM,KAAOA,GAAM,MAAQ,CAAC,EASzEC,GAAK,OAAS,SAASC,EAAI,CACzB,IAAIC,EAAM,CAQR,SAAU,SAASC,EAAMC,EAAS,CAMhC,QAJIC,EAAI,IAAIN,GAAM,KAAK,WAGnBO,EAAM,KAAK,KAAKF,EAAUH,EAAG,YAAY,EACrCM,EAAI,EAAGA,EAAID,EAAKC,IAAK,CAE3B,IAAIC,EAAI,IAAIT,GAAM,KAAK,WACvBS,EAAE,SAASD,CAAC,EAIZN,EAAG,MAAM,EACTA,EAAG,OAAOE,EAAOK,EAAE,SAAS,CAAC,EAC7BH,EAAE,UAAUJ,EAAG,OAAO,CAAC,CACzB,CAGA,OAAAI,EAAE,SAASA,EAAE,OAAO,EAAID,CAAO,EACxBC,EAAE,SAAS,CACpB,CACF,EAEA,OAAOH,CACT,ICxDA,IAAAO,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOA,IAAIC,GAAQ,IACZ,KAEAD,GAAO,QAAUC,GAAM,IAAMA,GAAM,KAAO,CAAC,EAC3CA,GAAM,IAAI,KAAOA,GAAM,OCXvB,IAAAC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOA,IAAIC,GAAQ,IACZ,KACA,KAGA,IAAIC,GAAMF,GAAO,QAAUC,GAAM,IAAMA,GAAM,KAAO,CAAC,EAqBrDC,GAAI,OAAS,SAASC,EAAS,CAE1B,UAAU,SAAW,IACtBA,EAAU,CACR,GAAI,UAAU,CAAC,EACf,IAAK,UAAU,CAAC,EAChB,WAAY,UAAU,CAAC,CACzB,GAGF,IAAIC,EAAOD,EAAQ,GACfE,EAAMF,EAAQ,IACdG,EAAOF,EAAK,aAEZG,EAAQJ,EAAQ,MAAQ,KACzB,OAAOI,GAAU,WAElBA,EAAQN,GAAM,KAAK,aAAaM,CAAK,GAGvC,IAAIC,EACJ,GAAG,eAAgBL,EACjBK,EAAOL,EAAQ,mBACPI,IAAU,KAClBC,EAAOD,EAAM,OAAO,MAEpB,OAAM,IAAI,MAAM,uDAAuD,EAGzE,GAAGA,IAAU,MAAQA,EAAM,OAAO,IAAMC,EACtC,MAAM,IAAI,MAAM,wDAAwD,EAG1E,IAAIC,EAAON,EAAQ,MAAQF,GAAM,OAE7BS,EAAS,CAAC,EAad,OAAAA,EAAO,OAAS,SAASC,EAAIC,EAAS,CACpC,IAAIC,EACAC,EAASF,EAAU,EACnBG,EAAQ,KAAK,KAAKD,EAAS,CAAC,EAG5BE,EAAQL,EAAG,OAAO,EAAE,SAAS,EAGjC,GAAGI,EAAQT,EAAOE,EAAO,EACvB,MAAM,IAAI,MAAM,iCAAiC,EAKnD,IAAIS,EACDV,IAAU,KACXU,EAAOR,EAAK,aAAaD,CAAI,EAE7BS,EAAOV,EAAM,MAAM,EAIrB,IAAIW,EAAK,IAAIjB,GAAM,KAAK,WACxBiB,EAAG,aAAa,EAAG,CAAC,EACpBA,EAAG,SAASF,CAAK,EACjBE,EAAG,SAASD,CAAI,EAGhBb,EAAK,MAAM,EACXA,EAAK,OAAOc,EAAG,SAAS,CAAC,EACzB,IAAIC,EAAIf,EAAK,OAAO,EAAE,SAAS,EAI3BgB,EAAK,IAAInB,GAAM,KAAK,WACxBmB,EAAG,aAAa,EAAGL,EAAQP,EAAOF,EAAO,CAAC,EAI1Cc,EAAG,QAAQ,CAAI,EACfA,EAAG,SAASH,CAAI,EAChB,IAAII,EAAKD,EAAG,SAAS,EAGjBE,EAAUP,EAAQT,EAAO,EACzBiB,EAASlB,EAAI,SAASc,EAAGG,CAAO,EAGhCE,EAAW,GACf,IAAIX,EAAI,EAAGA,EAAIS,EAAST,IACtBW,GAAY,OAAO,aAAaH,EAAG,WAAWR,CAAC,EAAIU,EAAO,WAAWV,CAAC,CAAC,EAKzE,IAAIY,EAAQ,OAAW,EAAIV,EAAQD,EAAW,IAC9C,OAAAU,EAAW,OAAO,aAAaA,EAAS,WAAW,CAAC,EAAI,CAACC,CAAI,EAC3DD,EAAS,OAAO,CAAC,EAIZA,EAAWL,EAAI,MACxB,EAeAT,EAAO,OAAS,SAASM,EAAOU,EAAId,EAAS,CAC3C,IAAIC,EACAC,EAASF,EAAU,EACnBG,EAAQ,KAAK,KAAKD,EAAS,CAAC,EAQhC,GAHAY,EAAKA,EAAG,OAAO,CAACX,CAAK,EAGlBA,EAAQT,EAAOE,EAAO,EACvB,MAAM,IAAI,MAAM,wDAAwD,EAK1E,GAAGkB,EAAG,WAAWX,EAAQ,CAAC,IAAM,IAC9B,MAAM,IAAI,MAAM,uCAAuC,EAKzD,IAAIO,EAAUP,EAAQT,EAAO,EACzBkB,EAAWE,EAAG,OAAO,EAAGJ,CAAO,EAC/BH,EAAIO,EAAG,OAAOJ,EAAShB,CAAI,EAI3BmB,EAAQ,OAAW,EAAIV,EAAQD,EAAW,IAC9C,IAAIU,EAAS,WAAW,CAAC,EAAIC,KAAU,EACrC,MAAM,IAAI,MAAM,2CAA2C,EAI7D,IAAIF,EAASlB,EAAI,SAASc,EAAGG,CAAO,EAGhCD,EAAK,GACT,IAAIR,EAAI,EAAGA,EAAIS,EAAST,IACtBQ,GAAM,OAAO,aAAaG,EAAS,WAAWX,CAAC,EAAIU,EAAO,WAAWV,CAAC,CAAC,EAKzEQ,EAAK,OAAO,aAAaA,EAAG,WAAW,CAAC,EAAI,CAACI,CAAI,EAAIJ,EAAG,OAAO,CAAC,EAMhE,IAAIM,EAAWZ,EAAQT,EAAOE,EAAO,EACrC,IAAIK,EAAI,EAAGA,EAAIc,EAAUd,IACvB,GAAGQ,EAAG,WAAWR,CAAC,IAAM,EACtB,MAAM,IAAI,MAAM,sCAAsC,EAI1D,GAAGQ,EAAG,WAAWM,CAAQ,IAAM,EAC7B,MAAM,IAAI,MAAM,mDAAmD,EAIrE,IAAIV,EAAOI,EAAG,OAAO,CAACb,CAAI,EAGtBU,EAAK,IAAIjB,GAAM,KAAK,WACxBiB,EAAG,aAAa,EAAG,CAAC,EACpBA,EAAG,SAASF,CAAK,EACjBE,EAAG,SAASD,CAAI,EAGhBb,EAAK,MAAM,EACXA,EAAK,OAAOc,EAAG,SAAS,CAAC,EACzB,IAAIU,EAAKxB,EAAK,OAAO,EAAE,SAAS,EAGhC,OAAOe,IAAMS,CACf,EAEOlB,CACT,IChPA,IAAAmB,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cA6GA,IAAIC,EAAQ,IACZ,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KAGA,IAAIC,EAAOD,EAAM,KAGbE,EAAMH,GAAO,QAAUC,EAAM,IAAMA,EAAM,KAAO,CAAC,EACjDG,GAAOD,EAAI,KAGXE,GAAc,CAAC,EACnBA,GAAY,GAAQD,GAAK,WACzBC,GAAY,WAAgB,KAC5BA,GAAY,EAAOD,GAAK,YACxBC,GAAY,YAAiB,IAC7BA,GAAY,EAAOD,GAAK,aACxBC,GAAY,aAAkB,IAC9BA,GAAY,GAAQD,GAAK,oBACzBC,GAAY,oBAAyB,KACrCA,GAAY,EAAOD,GAAK,iBACxBC,GAAY,iBAAsB,IAClCA,GAAY,GAAQD,GAAK,uBACzBC,GAAY,uBAA4B,KACxCA,GAAY,EAAOD,GAAK,aACxBC,GAAY,aAAkB,IAI9B,IAAIC,GAAqBL,EAAM,IAAI,IAAI,mBAGnCM,GAA2B,CAC7B,KAAM,cACN,SAAUL,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,6BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,YAAa,iBACb,MAAO,CAAC,CACN,KAAM,qCACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EACN,YAAa,GACb,SAAU,GACV,MAAO,CAAC,CACN,KAAM,6CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,aACX,CAAC,CACH,EAAG,CACD,KAAM,0CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,kBACX,EAAG,CACD,KAAM,uCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,iDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,sBACX,EAAG,CACD,KAAM,kDACN,SAAUA,EAAK,MAAM,UACrB,SAAU,GACV,YAAa,yBACf,CAAC,CACH,EAAG,CACD,KAAM,oCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,YAAa,YACf,EAAG,CACD,KAAM,sCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GAKb,MAAO,CAAC,CAEN,KAAM,sDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,SAAU,GACV,QAAS,sBACX,EAAG,CAED,KAAM,8DACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,gBAChB,YAAa,GACb,SAAU,GACV,QAAS,8BACX,EAAG,CAED,KAAM,qDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,SAAU,GACV,QAAS,sBACX,EAAG,CAED,KAAM,6DACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,gBAChB,YAAa,GACb,SAAU,GACV,QAAS,8BACX,CAAC,CACH,EAAG,CAED,KAAM,qCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,YAAa,aACf,EAEAI,GACA,CAEE,KAAM,4CACN,SAAUJ,EAAK,MAAM,iBACrB,KAAM,EACN,YAAa,GACb,SAAU,GACV,MAAO,CAAC,CACN,KAAM,+CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,UAChB,YAAa,GAEb,sBAAuB,oBACzB,CAAC,CACH,EAAG,CAED,KAAM,6CACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EACN,YAAa,GACb,SAAU,GACV,MAAO,CAAC,CACN,KAAM,gDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,UAChB,YAAa,GAEb,sBAAuB,qBACzB,CAAC,CACH,EAAG,CAED,KAAM,wCACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EACN,YAAa,GACb,YAAa,iBACb,SAAU,EACZ,CAAC,CACH,EAAG,CAED,KAAM,iCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CAEN,KAAM,2CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,kBACX,EAAG,CACD,KAAM,kDACN,SAAUA,EAAK,MAAM,UACrB,SAAU,GACV,YAAa,qBACf,CAAC,CACH,EAAG,CAED,KAAM,6BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,UAChB,YAAa,GACb,sBAAuB,eACzB,CAAC,CACH,EAEIM,GAA8B,CAChC,KAAM,SACN,SAAUN,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,uBACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EACN,YAAa,GACb,MAAO,CAAC,CACN,KAAM,2CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,MAAM,SACjB,YAAa,GACb,SAAU,GACV,MAAO,CAAC,CACN,KAAM,qDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,SAEX,CAAC,CACH,CAAC,CACH,EAAG,CACD,KAAM,0BACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EACN,YAAa,GACb,MAAO,CAAC,CACN,KAAM,8CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,MAAM,SACjB,YAAa,GACb,SAAU,GACV,MAAO,CAAC,CACN,KAAM,wDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,YACX,EAAG,CACD,KAAM,qDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,+DACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,gBAEX,CAAC,CACH,CAAC,CACH,CAAC,CACH,EAAG,CACD,KAAM,oBACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EACN,SAAU,GACV,MAAO,CAAC,CACN,KAAM,+BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,MAAM,QACjB,YAAa,GACb,QAAS,YACX,CAAC,CACH,EAAG,CACD,KAAM,sBACN,SAAUA,EAAK,MAAM,iBACrB,KAAM,EACN,SAAU,GACV,MAAO,CAAC,CACN,KAAM,yBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,MAAM,QACjB,YAAa,GACb,QAAS,SACX,CAAC,CACH,CAAC,CACH,EAGIO,GAAoC,CACtC,KAAM,2BACN,SAAUP,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,YAAa,2BACb,MAAO,CAAC,CACN,KAAM,mCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,iCACX,EAAG,CAED,KAAM,mCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,YAAa,iCACf,EAEAI,GACA,CACE,KAAM,sCACN,SAAUJ,EAAK,MAAM,iBACrB,KAAM,EACN,YAAa,GACb,SAAU,GACV,QAAS,qCACT,MAAO,CAAC,CACN,KAAM,sCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,2CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,EACf,EAAG,CACD,KAAM,4CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,EACf,CAAC,CACH,CAAC,CACH,CAAC,CACH,EAGIQ,GAAgC,CAClC,KAAM,uBACN,SAAUR,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,YAAa,MACb,MAAO,CACLO,GAAmC,CAEjC,KAAM,0CACN,SAAUP,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CAEN,KAAM,oDACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,iBACX,EAAG,CACD,KAAM,qDACN,SAAUA,EAAK,MAAM,UACrB,SAAU,GACV,YAAa,oBACf,CAAC,CACH,EAAG,CAED,KAAM,iCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,UAChB,YAAa,GACb,sBAAuB,cACzB,CACF,CACF,EASAC,EAAI,qBAAuB,SAASQ,EAAKC,EAAI,CAK3C,QAJIC,EAAO,CAAC,EAGRC,EAAKC,EAAMC,EACPC,EAAK,EAAGA,EAAKN,EAAI,MAAM,OAAQ,EAAEM,EAAI,CAE3CH,EAAMH,EAAI,MAAMM,CAAE,EAKlB,QAAQC,EAAI,EAAGA,EAAIJ,EAAI,MAAM,OAAQ,EAAEI,EACrCF,EAAM,CAAC,EACPD,EAAOD,EAAI,MAAMI,CAAC,EAClBF,EAAI,KAAOd,EAAK,SAASa,EAAK,MAAM,CAAC,EAAE,KAAK,EAC5CC,EAAI,MAAQD,EAAK,MAAM,CAAC,EAAE,MAC1BC,EAAI,cAAgBD,EAAK,MAAM,CAAC,EAAE,KAE/BC,EAAI,QAAQZ,KACbY,EAAI,KAAOZ,GAAKY,EAAI,IAAI,EACrBA,EAAI,QAAQX,KACbW,EAAI,UAAYX,GAAYW,EAAI,IAAI,IAGrCJ,IACDA,EAAG,OAAOI,EAAI,IAAI,EAClBJ,EAAG,OAAOI,EAAI,KAAK,GAErBH,EAAK,KAAKG,CAAG,CAEjB,CAEA,OAAOH,CACT,EAQAV,EAAI,qBAAuB,SAASgB,EAAY,CAI9C,QAHIN,EAAO,CAAC,EAGJI,EAAK,EAAGA,EAAKE,EAAW,OAAQ,EAAEF,EAQxC,QANIG,EAAMD,EAAWF,CAAE,EAInBI,EAAOnB,EAAK,SAASkB,EAAI,MAAM,CAAC,EAAE,KAAK,EACvCE,EAASF,EAAI,MAAM,CAAC,EAAE,MAClBG,EAAK,EAAGA,EAAKD,EAAO,OAAQ,EAAEC,EAAI,CACxC,IAAIP,EAAM,CAAC,EAYX,GAXAA,EAAI,KAAOK,EACXL,EAAI,MAAQM,EAAOC,CAAE,EAAE,MACvBP,EAAI,cAAgBM,EAAOC,CAAE,EAAE,KAE5BP,EAAI,QAAQZ,KACbY,EAAI,KAAOZ,GAAKY,EAAI,IAAI,EACrBA,EAAI,QAAQX,KACbW,EAAI,UAAYX,GAAYW,EAAI,IAAI,IAIrCA,EAAI,OAASZ,GAAK,iBAAkB,CACrCY,EAAI,WAAa,CAAC,EAClB,QAAQQ,EAAK,EAAGA,EAAKR,EAAI,MAAM,OAAQ,EAAEQ,EACvCR,EAAI,WAAW,KAAKb,EAAI,6BAA6Ba,EAAI,MAAMQ,CAAE,CAAC,CAAC,CAEvE,CACAX,EAAK,KAAKG,CAAG,CACf,CAGF,OAAOH,CACT,EAaA,SAASY,GAAcT,EAAKU,EAAS,CAChC,OAAOA,GAAY,WACpBA,EAAU,CAAC,UAAWA,CAAO,GAK/B,QAFIb,EAAO,KACPE,EACIG,EAAI,EAAGL,IAAS,MAAQK,EAAIF,EAAI,WAAW,OAAQ,EAAEE,EAC3DH,EAAOC,EAAI,WAAWE,CAAC,GACpBQ,EAAQ,MAAQA,EAAQ,OAASX,EAAK,MAE/BW,EAAQ,MAAQA,EAAQ,OAASX,EAAK,MAEtCW,EAAQ,WAAaA,EAAQ,YAAcX,EAAK,aACxDF,EAAOE,GAGX,OAAOF,CACT,CA+BA,IAAIc,GAA2B,SAASC,EAAKZ,EAAKa,EAAc,CAC9D,IAAIC,EAAS,CAAC,EAEd,GAAGF,IAAQxB,GAAK,YAAY,EAC1B,OAAO0B,EAGND,IACDC,EAAS,CACP,KAAM,CACJ,aAAc1B,GAAK,IACrB,EACA,IAAK,CACH,aAAcA,GAAK,KACnB,KAAM,CACJ,aAAcA,GAAK,IACrB,CACF,EACA,WAAY,EACd,GAGF,IAAI2B,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAAC9B,EAAK,SAASc,EAAKR,GAA6BuB,EAASC,CAAM,EAAG,CACpE,IAAIC,EAAQ,IAAI,MAAM,yCAAyC,EAC/D,MAAAA,EAAM,OAASD,EACTC,CACR,CAEA,OAAGF,EAAQ,UAAY,SACrBD,EAAO,KAAOA,EAAO,MAAQ,CAAC,EAC9BA,EAAO,KAAK,aAAe5B,EAAK,SAAS6B,EAAQ,OAAO,GAGvDA,EAAQ,aAAe,SACxBD,EAAO,IAAMA,EAAO,KAAO,CAAC,EAC5BA,EAAO,IAAI,aAAe5B,EAAK,SAAS6B,EAAQ,UAAU,EAC1DD,EAAO,IAAI,KAAOA,EAAO,IAAI,MAAQ,CAAC,EACtCA,EAAO,IAAI,KAAK,aAAe5B,EAAK,SAAS6B,EAAQ,cAAc,GAGlEA,EAAQ,aAAe,SACxBD,EAAO,WAAaC,EAAQ,WAAW,WAAW,CAAC,GAG9CD,CACT,EAUII,GAAyB,SAASR,EAAS,CAC7C,OAAOtB,GAAKsB,EAAQ,YAAY,EAAG,CACjC,IAAK,wBAEL,IAAK,uBACH,OAAOzB,EAAM,GAAG,KAAK,OAAO,EAC9B,IAAK,uBACH,OAAOA,EAAM,GAAG,IAAI,OAAO,EAC7B,IAAK,0BACH,OAAOA,EAAM,GAAG,OAAO,OAAO,EAChC,IAAK,0BACH,OAAOA,EAAM,GAAG,OAAO,OAAO,EAChC,IAAK,0BACH,OAAOA,EAAM,GAAG,OAAO,OAAO,EAChC,IAAK,aACH,OAAOA,EAAM,GAAG,OAAO,OAAO,EAChC,QACE,IAAIgC,EAAQ,IAAI,MACd,qBAAuBP,EAAQ,KAAO,iCACd,EAC1B,MAAAO,EAAM,aAAeP,EAAQ,aACvBO,CACV,CACF,EAWIE,GAAmB,SAAST,EAAS,CACvC,IAAIU,EAAOV,EAAQ,YACfW,EAEJ,OAAOD,EAAK,aAAc,CACxB,KAAKhC,GAAK,sBAEV,KAAKA,GAAK,qBAER,MACF,KAAKA,GAAK,YAAY,EACpB,IAAIkC,EAAMC,EAIV,GADAD,EAAOlC,GAAKgC,EAAK,oBAAoB,IAAI,KAAK,YAAY,EACvDE,IAAS,QAAarC,EAAM,GAAGqC,CAAI,IAAM,OAAW,CACrD,IAAIL,EAAQ,IAAI,MAAM,gCAAgC,EACtD,MAAAA,EAAM,IAAMG,EAAK,oBAAoB,IAAI,KAAK,aAC9CH,EAAM,KAAOK,EACPL,CACR,CAGA,GADAM,EAAMnC,GAAKgC,EAAK,oBAAoB,IAAI,YAAY,EACjDG,IAAQ,QAAatC,EAAM,IAAIsC,CAAG,IAAM,OAAW,CACpD,IAAIN,EAAQ,IAAI,MAAM,2BAA2B,EACjD,MAAAA,EAAM,IAAMG,EAAK,oBAAoB,IAAI,aACzCH,EAAM,KAAOM,EACPN,CACR,CAMA,GAJAM,EAAMtC,EAAM,IAAIsC,CAAG,EAAE,OAAOtC,EAAM,GAAGqC,CAAI,EAAE,OAAO,CAAC,EAGnDA,EAAOlC,GAAKgC,EAAK,oBAAoB,KAAK,YAAY,EACnDE,IAAS,QAAarC,EAAM,GAAGqC,CAAI,IAAM,OAAW,CACrD,IAAIL,EAAQ,IAAI,MAAM,uCAAuC,EAC7D,MAAAA,EAAM,IAAMG,EAAK,oBAAoB,KAAK,aAC1CH,EAAM,KAAOK,EACPL,CACR,CAEAI,EAASpC,EAAM,IAAI,OACjBA,EAAM,GAAGqC,CAAI,EAAE,OAAO,EAAGC,EAAKH,EAAK,oBAAoB,UACzD,EACA,KACJ,CAGA,OAAOA,EAAK,UAAU,OACpBV,EAAQ,GAAG,OAAO,EAAE,SAAS,EAAGA,EAAQ,UAAWW,CACrD,CACF,EAiBAlC,EAAI,mBAAqB,SAASqC,EAAKC,EAAaC,EAAQ,CAC1D,IAAIC,EAAM1C,EAAM,IAAI,OAAOuC,CAAG,EAAE,CAAC,EAEjC,GAAGG,EAAI,OAAS,eACdA,EAAI,OAAS,oBACbA,EAAI,OAAS,sBAAuB,CACpC,IAAIV,EAAQ,IAAI,MACd,6HACqE,EACvE,MAAAA,EAAM,WAAaU,EAAI,KACjBV,CACR,CACA,GAAGU,EAAI,UAAYA,EAAI,SAAS,OAAS,YACvC,MAAM,IAAI,MACR,2DAA2D,EAI/D,IAAI3B,EAAMd,EAAK,QAAQyC,EAAI,KAAMD,CAAM,EAEvC,OAAOvC,EAAI,oBAAoBa,EAAKyB,CAAW,CACjD,EAUAtC,EAAI,iBAAmB,SAASiC,EAAMQ,EAAS,CAE7C,IAAID,EAAM,CACR,KAAM,cACN,KAAMzC,EAAK,MAAMC,EAAI,kBAAkBiC,CAAI,CAAC,EAAE,SAAS,CACzD,EACA,OAAOnC,EAAM,IAAI,OAAO0C,EAAK,CAAC,QAASC,CAAO,CAAC,CACjD,EASAzC,EAAI,iBAAmB,SAASqC,EAAK,CACnC,IAAIG,EAAM1C,EAAM,IAAI,OAAOuC,CAAG,EAAE,CAAC,EAEjC,GAAGG,EAAI,OAAS,cAAgBA,EAAI,OAAS,iBAAkB,CAC7D,IAAIV,EAAQ,IAAI,MAAM,iGAC2B,EACjD,MAAAA,EAAM,WAAaU,EAAI,KACjBV,CACR,CACA,GAAGU,EAAI,UAAYA,EAAI,SAAS,OAAS,YACvC,MAAM,IAAI,MAAM,0DAA0D,EAI5E,IAAI3B,EAAMd,EAAK,QAAQyC,EAAI,IAAI,EAE/B,OAAOxC,EAAI,kBAAkBa,CAAG,CAClC,EAUAb,EAAI,eAAiB,SAAS0C,EAAKD,EAAS,CAE1C,IAAID,EAAM,CACR,KAAM,aACN,KAAMzC,EAAK,MAAMC,EAAI,gBAAgB0C,CAAG,CAAC,EAAE,SAAS,CACtD,EACA,OAAO5C,EAAM,IAAI,OAAO0C,EAAK,CAAC,QAASC,CAAO,CAAC,CACjD,EAUAzC,EAAI,2BAA6B,SAAS0C,EAAKD,EAAS,CAEtD,IAAID,EAAM,CACR,KAAM,iBACN,KAAMzC,EAAK,MAAMC,EAAI,wBAAwB0C,CAAG,CAAC,EAAE,SAAS,CAC9D,EACA,OAAO5C,EAAM,IAAI,OAAO0C,EAAK,CAAC,QAASC,CAAO,CAAC,CACjD,EAgBAzC,EAAI,wBAA0B,SAAS0C,EAAKnB,EAAS,CACnDA,EAAUA,GAAW,CAAC,EACtB,IAAId,EAAKc,EAAQ,IAAMzB,EAAM,GAAG,KAAK,OAAO,EACxCoB,EAAOK,EAAQ,MAAQ,eAEvBoB,EACJ,OAAOzB,EAAM,CACX,IAAK,eACHyB,EAAQ5C,EAAK,MAAMC,EAAI,wBAAwB0C,CAAG,CAAC,EAAE,SAAS,EAC9D,MACF,IAAK,uBACHC,EAAQ5C,EAAK,MAAMC,EAAI,gBAAgB0C,CAAG,CAAC,EAAE,SAAS,EACtD,MACF,QACE,MAAM,IAAI,MAAM,6BAA+BnB,EAAQ,KAAO,IAAI,CACtE,CAGAd,EAAG,MAAM,EACTA,EAAG,OAAOkC,CAAK,EACf,IAAIC,EAASnC,EAAG,OAAO,EACvB,GAAGc,EAAQ,WAAa,MAAO,CAC7B,IAAIsB,EAAMD,EAAO,MAAM,EACvB,OAAGrB,EAAQ,UACFsB,EAAI,MAAM,OAAO,EAAE,KAAKtB,EAAQ,SAAS,EAE3CsB,CACT,KAAO,IAAGtB,EAAQ,WAAa,SAC7B,OAAOqB,EAAO,SAAS,EAClB,GAAGrB,EAAQ,SAChB,MAAM,IAAI,MAAM,qBAAuBA,EAAQ,SAAW,IAAI,EAEhE,OAAOqB,CACT,EAiBA5C,EAAI,4BAA8B,SAASqC,EAAKC,EAAaC,EAAQ,CACnE,IAAIC,EAAM1C,EAAM,IAAI,OAAOuC,CAAG,EAAE,CAAC,EAEjC,GAAGG,EAAI,OAAS,sBAAuB,CACrC,IAAIV,EAAQ,IAAI,MAAM,iGAC2B,EACjD,MAAAA,EAAM,WAAaU,EAAI,KACjBV,CACR,CACA,GAAGU,EAAI,UAAYA,EAAI,SAAS,OAAS,YACvC,MAAM,IAAI,MAAM,qEACK,EAIvB,IAAI3B,EAAMd,EAAK,QAAQyC,EAAI,KAAMD,CAAM,EAEvC,OAAOvC,EAAI,6BAA6Ba,EAAKyB,CAAW,CAC1D,EAUAtC,EAAI,0BAA4B,SAAS8C,EAAKL,EAAS,CAErD,IAAID,EAAM,CACR,KAAM,sBACN,KAAMzC,EAAK,MAAMC,EAAI,2BAA2B8C,CAAG,CAAC,EAAE,SAAS,CACjE,EACA,OAAOhD,EAAM,IAAI,OAAO0C,EAAK,CAAC,QAASC,CAAO,CAAC,CACjD,EAOAzC,EAAI,kBAAoB,UAAW,CACjC,IAAIiC,EAAO,CAAC,EACZ,OAAAA,EAAK,QAAU,EACfA,EAAK,aAAe,KACpBA,EAAK,aAAe,KACpBA,EAAK,UAAY,KACjBA,EAAK,QAAU,CAAC,EAChBA,EAAK,QAAQ,aAAe,KAC5BA,EAAK,SAAW,CAAC,EACjBA,EAAK,SAAS,UAAY,IAAI,KAC9BA,EAAK,SAAS,SAAW,IAAI,KAE7BA,EAAK,OAAS,CAAC,EACfA,EAAK,OAAO,SAAW,SAASc,EAAI,CAClC,OAAOzB,GAAcW,EAAK,OAAQc,CAAE,CACtC,EACAd,EAAK,OAAO,SAAW,SAASrB,EAAM,CACpCoC,GAAmB,CAACpC,CAAI,CAAC,EACzBqB,EAAK,OAAO,WAAW,KAAKrB,CAAI,CAClC,EACAqB,EAAK,OAAO,WAAa,CAAC,EAC1BA,EAAK,OAAO,KAAO,KAEnBA,EAAK,QAAU,CAAC,EAChBA,EAAK,QAAQ,SAAW,SAASc,EAAI,CACnC,OAAOzB,GAAcW,EAAK,QAASc,CAAE,CACvC,EACAd,EAAK,QAAQ,SAAW,SAASrB,EAAM,CACrCoC,GAAmB,CAACpC,CAAI,CAAC,EACzBqB,EAAK,QAAQ,WAAW,KAAKrB,CAAI,CACnC,EACAqB,EAAK,QAAQ,WAAa,CAAC,EAC3BA,EAAK,QAAQ,KAAO,KAEpBA,EAAK,WAAa,CAAC,EACnBA,EAAK,UAAY,KACjBA,EAAK,GAAK,KAQVA,EAAK,WAAa,SAASgB,EAAOC,EAAU,CAE1CF,GAAmBC,CAAK,EACxBhB,EAAK,QAAQ,WAAagB,EAC1B,OAAOhB,EAAK,QAAQ,SACjBiB,IAEDjB,EAAK,QAAQ,SAAWiB,GAE1BjB,EAAK,QAAQ,KAAO,IACtB,EAQAA,EAAK,UAAY,SAASgB,EAAOC,EAAU,CAEzCF,GAAmBC,CAAK,EACxBhB,EAAK,OAAO,WAAagB,EACzB,OAAOhB,EAAK,OAAO,SAChBiB,IAEDjB,EAAK,OAAO,SAAWiB,GAEzBjB,EAAK,OAAO,KAAO,IACrB,EAOAA,EAAK,cAAgB,SAASkB,EAAM,CAClC,QAAQpC,EAAI,EAAGA,EAAIoC,EAAK,OAAQ,EAAEpC,EAChCqC,GAA4BD,EAAKpC,CAAC,EAAG,CAAC,KAAMkB,CAAI,CAAC,EAGnDA,EAAK,WAAakB,CACpB,EAWAlB,EAAK,aAAe,SAASV,EAAS,CACjC,OAAOA,GAAY,WACpBA,EAAU,CAAC,KAAMA,CAAO,GAK1B,QAFIb,EAAO,KACP2C,EACItC,EAAI,EAAGL,IAAS,MAAQK,EAAIkB,EAAK,WAAW,OAAQ,EAAElB,EAC5DsC,EAAMpB,EAAK,WAAWlB,CAAC,GACpBQ,EAAQ,IAAM8B,EAAI,KAAO9B,EAAQ,IAE1BA,EAAQ,MAAQ8B,EAAI,OAAS9B,EAAQ,QAC7Cb,EAAO2C,GAGX,OAAO3C,CACT,EAQAuB,EAAK,KAAO,SAASS,EAAKjC,EAAI,CAE5BwB,EAAK,GAAKxB,GAAMX,EAAM,GAAG,KAAK,OAAO,EACrC,IAAIwD,EAAerD,GAAKgC,EAAK,GAAG,UAAY,mBAAmB,EAC/D,GAAG,CAACqB,EAAc,CAChB,IAAIxB,EAAQ,IAAI,MAAM,6EACmB,EACzC,MAAAA,EAAM,UAAYG,EAAK,GAAG,UACpBH,CACR,CACAG,EAAK,aAAeA,EAAK,QAAQ,aAAeqB,EAGhDrB,EAAK,eAAiBjC,EAAI,kBAAkBiC,CAAI,EAChD,IAAIU,EAAQ5C,EAAK,MAAMkC,EAAK,cAAc,EAG1CA,EAAK,GAAG,OAAOU,EAAM,SAAS,CAAC,EAC/BV,EAAK,UAAYS,EAAI,KAAKT,EAAK,EAAE,CACnC,EAUAA,EAAK,OAAS,SAASsB,EAAO,CAC5B,IAAI7C,EAAO,GAEX,GAAG,CAACuB,EAAK,OAAOsB,CAAK,EAAG,CACtB,IAAIC,EAASD,EAAM,OACfE,EAAUxB,EAAK,QACfH,EAAQ,IAAI,MACd,uIAEoB,EACtB,MAAAA,EAAM,eAAiB2B,EAAQ,WAC/B3B,EAAM,aAAe0B,EAAO,WACtB1B,CACR,CAEA,IAAIrB,EAAK8C,EAAM,GACf,GAAG9C,IAAO,KAAM,CAEdA,EAAKsB,GAAuB,CAC1B,aAAcwB,EAAM,aACpB,KAAM,aACR,CAAC,EAGD,IAAIG,EAAiBH,EAAM,gBAAkBvD,EAAI,kBAAkBuD,CAAK,EACpEZ,EAAQ5C,EAAK,MAAM2D,CAAc,EACrCjD,EAAG,OAAOkC,EAAM,SAAS,CAAC,CAC5B,CAEA,OAAGlC,IAAO,OACRC,EAAOsB,GAAiB,CACtB,YAAaC,EAAM,GAAIxB,EAAI,UAAW8C,EAAM,SAC9C,CAAC,GAGI7C,CACT,EAWAuB,EAAK,SAAW,SAAS0B,EAAQ,CAC/B,IAAIjD,EAAO,GAEPK,EAAIkB,EAAK,OACT2B,EAAID,EAAO,QAGf,GAAG5C,EAAE,MAAQ6C,EAAE,KACblD,EAAQK,EAAE,OAAS6C,EAAE,aACb7C,EAAE,WAAW,SAAW6C,EAAE,WAAW,OAAQ,CAErDlD,EAAO,GAEP,QADImD,EAAOC,EACHC,EAAI,EAAGrD,GAAQqD,EAAIhD,EAAE,WAAW,OAAQ,EAAEgD,EAChDF,EAAQ9C,EAAE,WAAWgD,CAAC,EACtBD,EAAQF,EAAE,WAAWG,CAAC,GACnBF,EAAM,OAASC,EAAM,MAAQD,EAAM,QAAUC,EAAM,SAEpDpD,EAAO,GAGb,CAEA,OAAOA,CACT,EAWAuB,EAAK,OAAS,SAASsB,EAAO,CAC5B,OAAOA,EAAM,SAAStB,CAAI,CAC5B,EAOAA,EAAK,6BAA+B,UAAW,CAgB7C,OAAOjC,EAAI,wBAAwBiC,EAAK,UAAW,CAAC,KAAM,cAAc,CAAC,CAC3E,EASAA,EAAK,2BAA6B,UAAW,CAE3C,QADIR,EAAMxB,GAAK,qBACPc,EAAI,EAAGA,EAAIkB,EAAK,WAAW,OAAQ,EAAElB,EAAG,CAC9C,IAAIsC,EAAMpB,EAAK,WAAWlB,CAAC,EAC3B,GAAGsC,EAAI,KAAO5B,EAAK,CACjB,IAAIuC,EAAM/B,EAAK,6BAA6B,EAAE,SAAS,EACvD,OAAQnC,EAAM,KAAK,WAAWuD,EAAI,oBAAoB,IAAMW,CAC9D,CACF,CACA,MAAO,EACT,EAEO/B,CACT,EAeAjC,EAAI,oBAAsB,SAASa,EAAKyB,EAAa,CAEnD,IAAIV,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAAC9B,EAAK,SAASc,EAAKT,GAA0BwB,EAASC,CAAM,EAAG,CACjE,IAAIC,EAAQ,IAAI,MAAM,2EACwB,EAC9C,MAAAA,EAAM,OAASD,EACTC,CACR,CAGA,IAAIL,EAAM1B,EAAK,SAAS6B,EAAQ,YAAY,EAC5C,GAAGH,IAAQzB,EAAI,KAAK,cAClB,MAAM,IAAI,MAAM,yCAAyC,EAI3D,IAAIiC,EAAOjC,EAAI,kBAAkB,EACjCiC,EAAK,QAAUL,EAAQ,YACrBA,EAAQ,YAAY,WAAW,CAAC,EAAI,EACtC,IAAIqC,EAASnE,EAAM,KAAK,aAAa8B,EAAQ,gBAAgB,EAC7DK,EAAK,aAAegC,EAAO,MAAM,EACjChC,EAAK,aAAenC,EAAM,KAAK,SAAS8B,EAAQ,gBAAgB,EAChEK,EAAK,oBAAsBT,GACzBS,EAAK,aAAcL,EAAQ,oBAAqB,EAAI,EACtDK,EAAK,QAAQ,aAAenC,EAAM,KAAK,SAAS8B,EAAQ,oBAAoB,EAC5EK,EAAK,QAAQ,WAAaT,GAAyBS,EAAK,QAAQ,aAC9DL,EAAQ,wBAAyB,EAAK,EACxCK,EAAK,UAAYL,EAAQ,cAEzB,IAAIsC,EAAW,CAAC,EAehB,GAdGtC,EAAQ,uBAAyB,QAClCsC,EAAS,KAAKnE,EAAK,cAAc6B,EAAQ,oBAAoB,CAAC,EAE7DA,EAAQ,+BAAiC,QAC1CsC,EAAS,KAAKnE,EAAK,sBACjB6B,EAAQ,4BAA4B,CAAC,EAEtCA,EAAQ,uBAAyB,QAClCsC,EAAS,KAAKnE,EAAK,cAAc6B,EAAQ,oBAAoB,CAAC,EAE7DA,EAAQ,+BAAiC,QAC1CsC,EAAS,KAAKnE,EAAK,sBACjB6B,EAAQ,4BAA4B,CAAC,EAEtCsC,EAAS,OAAS,EACnB,MAAM,IAAI,MAAM,sGACoC,EAEtD,GAAGA,EAAS,OAAS,EACnB,MAAM,IAAI,MAAM,6GAC2C,EAQ7D,GANAjC,EAAK,SAAS,UAAYiC,EAAS,CAAC,EACpCjC,EAAK,SAAS,SAAWiC,EAAS,CAAC,EAGnCjC,EAAK,eAAiBL,EAAQ,eAE3BU,EAAa,CAEdL,EAAK,GAAKF,GAAuB,CAC/B,aAAcE,EAAK,aACnB,KAAM,aACR,CAAC,EAGD,IAAIU,EAAQ5C,EAAK,MAAMkC,EAAK,cAAc,EAC1CA,EAAK,GAAG,OAAOU,EAAM,SAAS,CAAC,CACjC,CAGA,IAAIwB,EAAMrE,EAAM,GAAG,KAAK,OAAO,EAC3BsE,EAASrE,EAAK,MAAM6B,EAAQ,UAAU,EAC1CuC,EAAI,OAAOC,EAAO,SAAS,CAAC,EAC5BnC,EAAK,OAAO,SAAW,SAASc,EAAI,CAClC,OAAOzB,GAAcW,EAAK,OAAQc,CAAE,CACtC,EACAd,EAAK,OAAO,SAAW,SAASrB,EAAM,CACpCoC,GAAmB,CAACpC,CAAI,CAAC,EACzBqB,EAAK,OAAO,WAAW,KAAKrB,CAAI,CAClC,EACAqB,EAAK,OAAO,WAAajC,EAAI,qBAAqB4B,EAAQ,UAAU,EACjEA,EAAQ,qBACTK,EAAK,OAAO,SAAWL,EAAQ,oBAEjCK,EAAK,OAAO,KAAOkC,EAAI,OAAO,EAAE,MAAM,EAGtC,IAAIE,EAAMvE,EAAM,GAAG,KAAK,OAAO,EAC3BwE,EAASvE,EAAK,MAAM6B,EAAQ,WAAW,EAC3C,OAAAyC,EAAI,OAAOC,EAAO,SAAS,CAAC,EAC5BrC,EAAK,QAAQ,SAAW,SAASc,EAAI,CACnC,OAAOzB,GAAcW,EAAK,QAASc,CAAE,CACvC,EACAd,EAAK,QAAQ,SAAW,SAASrB,EAAM,CACrCoC,GAAmB,CAACpC,CAAI,CAAC,EACzBqB,EAAK,QAAQ,WAAW,KAAKrB,CAAI,CACnC,EACAqB,EAAK,QAAQ,WAAajC,EAAI,qBAAqB4B,EAAQ,WAAW,EACnEA,EAAQ,sBACTK,EAAK,QAAQ,SAAWL,EAAQ,qBAElCK,EAAK,QAAQ,KAAOoC,EAAI,OAAO,EAAE,MAAM,EAGpCzC,EAAQ,eACTK,EAAK,WAAajC,EAAI,8BAA8B4B,EAAQ,cAAc,EAE1EK,EAAK,WAAa,CAAC,EAIrBA,EAAK,UAAYjC,EAAI,kBAAkB4B,EAAQ,oBAAoB,EAE5DK,CACT,EAyDAjC,EAAI,8BAAgC,SAASmD,EAAM,CAEjD,QADIzC,EAAO,CAAC,EACJK,EAAI,EAAGA,EAAIoC,EAAK,MAAM,OAAQ,EAAEpC,EAGtC,QADIwD,EAASpB,EAAK,MAAMpC,CAAC,EACjBM,EAAK,EAAGA,EAAKkD,EAAO,MAAM,OAAQ,EAAElD,EAC1CX,EAAK,KAAKV,EAAI,6BAA6BuE,EAAO,MAAMlD,CAAE,CAAC,CAAC,EAIhE,OAAOX,CACT,EASAV,EAAI,6BAA+B,SAASqD,EAAK,CAK/C,IAAImB,EAAI,CAAC,EAUT,GATAA,EAAE,GAAKzE,EAAK,SAASsD,EAAI,MAAM,CAAC,EAAE,KAAK,EACvCmB,EAAE,SAAW,GACVnB,EAAI,MAAM,CAAC,EAAE,OAAStD,EAAK,KAAK,SACjCyE,EAAE,SAAYnB,EAAI,MAAM,CAAC,EAAE,MAAM,WAAW,CAAC,IAAM,EACnDmB,EAAE,MAAQnB,EAAI,MAAM,CAAC,EAAE,OAEvBmB,EAAE,MAAQnB,EAAI,MAAM,CAAC,EAAE,MAGtBmB,EAAE,MAAMvE,IAIT,GAHAuE,EAAE,KAAOvE,GAAKuE,EAAE,EAAE,EAGfA,EAAE,OAAS,WAAY,CAExB,IAAIC,EAAK1E,EAAK,QAAQyE,EAAE,KAAK,EACzBE,EAAK,EACLC,EAAK,EACNF,EAAG,MAAM,OAAS,IAInBC,EAAKD,EAAG,MAAM,WAAW,CAAC,EAC1BE,EAAKF,EAAG,MAAM,OAAS,EAAIA,EAAG,MAAM,WAAW,CAAC,EAAI,GAGtDD,EAAE,kBAAoBE,EAAK,OAAU,IACrCF,EAAE,gBAAkBE,EAAK,MAAU,GACnCF,EAAE,iBAAmBE,EAAK,MAAU,GACpCF,EAAE,kBAAoBE,EAAK,MAAU,GACrCF,EAAE,cAAgBE,EAAK,KAAU,EACjCF,EAAE,aAAeE,EAAK,KAAU,EAChCF,EAAE,SAAWE,EAAK,KAAU,EAC5BF,EAAE,cAAgBE,EAAK,KAAU,EACjCF,EAAE,cAAgBG,EAAK,OAAU,GACnC,SAAUH,EAAE,OAAS,mBAAoB,CAGvC,IAAIC,EAAK1E,EAAK,QAAQyE,EAAE,KAAK,EAE1BC,EAAG,MAAM,OAAS,GAAKA,EAAG,MAAM,CAAC,EAAE,OAAS1E,EAAK,KAAK,QACvDyE,EAAE,GAAMC,EAAG,MAAM,CAAC,EAAE,MAAM,WAAW,CAAC,IAAM,EAE5CD,EAAE,GAAK,GAGT,IAAII,EAAQ,KACTH,EAAG,MAAM,OAAS,GAAKA,EAAG,MAAM,CAAC,EAAE,OAAS1E,EAAK,KAAK,QACvD6E,EAAQH,EAAG,MAAM,CAAC,EAAE,MACZA,EAAG,MAAM,OAAS,IAC1BG,EAAQH,EAAG,MAAM,CAAC,EAAE,OAEnBG,IAAU,OACXJ,EAAE,kBAAoBzE,EAAK,aAAa6E,CAAK,EAEjD,SAAUJ,EAAE,OAAS,cAInB,QADIC,EAAK1E,EAAK,QAAQyE,EAAE,KAAK,EACrBpD,EAAK,EAAGA,EAAKqD,EAAG,MAAM,OAAQ,EAAErD,EAAI,CAC1C,IAAIK,EAAM1B,EAAK,SAAS0E,EAAG,MAAMrD,CAAE,EAAE,KAAK,EACvCK,KAAOxB,GACRuE,EAAEvE,GAAKwB,CAAG,CAAC,EAAI,GAEf+C,EAAE/C,CAAG,EAAI,EAEb,SACQ+C,EAAE,OAAS,aAAc,CAGjC,IAAIC,EAAK1E,EAAK,QAAQyE,EAAE,KAAK,EACzBE,EAAK,EACND,EAAG,MAAM,OAAS,IAInBC,EAAKD,EAAG,MAAM,WAAW,CAAC,GAG5BD,EAAE,QAAUE,EAAK,OAAU,IAC3BF,EAAE,QAAUE,EAAK,MAAU,GAC3BF,EAAE,OAASE,EAAK,MAAU,GAC1BF,EAAE,SAAWE,EAAK,MAAU,GAC5BF,EAAE,UAAYE,EAAK,KAAU,EAC7BF,EAAE,OAASE,EAAK,KAAU,EAC1BF,EAAE,SAAWE,EAAK,KAAU,EAC5BF,EAAE,OAASE,EAAK,KAAU,CAC5B,SACEF,EAAE,OAAS,kBACXA,EAAE,OAAS,gBAAiB,CAE5BA,EAAE,SAAW,CAAC,EAKd,QAFIK,EACAJ,EAAK1E,EAAK,QAAQyE,EAAE,KAAK,EACrBT,EAAI,EAAGA,EAAIU,EAAG,MAAM,OAAQ,EAAEV,EAAG,CAEvCc,EAAKJ,EAAG,MAAMV,CAAC,EAEf,IAAIe,EAAU,CACZ,KAAMD,EAAG,KACT,MAAOA,EAAG,KACZ,EAIA,OAHAL,EAAE,SAAS,KAAKM,CAAO,EAGhBD,EAAG,KAAM,CAEd,IAAK,GAEL,IAAK,GAEL,IAAK,GACH,MAEF,IAAK,GAEHC,EAAQ,GAAKhF,EAAM,KAAK,UAAU+E,EAAG,KAAK,EAC1C,MAEF,IAAK,GACHC,EAAQ,IAAM/E,EAAK,SAAS8E,EAAG,KAAK,EACpC,MACF,QAEF,CACF,CACF,SAAUL,EAAE,OAAS,uBAAwB,CAG3C,IAAIC,EAAK1E,EAAK,QAAQyE,EAAE,KAAK,EAC7BA,EAAE,qBAAuB1E,EAAM,KAAK,WAAW2E,EAAG,KAAK,CACzD,EAEF,OAAOD,CACT,EAeAxE,EAAI,6BAA+B,SAASa,EAAKyB,EAAa,CAE5D,IAAIV,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAAC9B,EAAK,SAASc,EAAKN,GAA+BqB,EAASC,CAAM,EAAG,CACtE,IAAIC,EAAQ,IAAI,MAAM,8FACiC,EACvD,MAAAA,EAAM,OAASD,EACTC,CACR,CAGA,IAAIL,EAAM1B,EAAK,SAAS6B,EAAQ,YAAY,EAC5C,GAAGH,IAAQzB,EAAI,KAAK,cAClB,MAAM,IAAI,MAAM,yCAAyC,EAI3D,IAAI8C,EAAM9C,EAAI,2BAA2B,EAazC,GAZA8C,EAAI,QAAUlB,EAAQ,WAAaA,EAAQ,WAAW,WAAW,CAAC,EAAI,EACtEkB,EAAI,aAAehD,EAAM,KAAK,SAAS8B,EAAQ,eAAe,EAC9DkB,EAAI,oBAAsBtB,GACxBsB,EAAI,aAAclB,EAAQ,mBAAoB,EAAI,EACpDkB,EAAI,QAAQ,aAAehD,EAAM,KAAK,SAAS8B,EAAQ,eAAe,EACtEkB,EAAI,QAAQ,WAAatB,GACvBsB,EAAI,QAAQ,aAAclB,EAAQ,mBAAoB,EAAK,EAC7DkB,EAAI,UAAYlB,EAAQ,aAGxBkB,EAAI,yBAA2BlB,EAAQ,yBAEpCU,EAAa,CAEdQ,EAAI,GAAKf,GAAuB,CAC9B,aAAce,EAAI,aAClB,KAAM,uBACR,CAAC,EAGD,IAAIH,EAAQ5C,EAAK,MAAM+C,EAAI,wBAAwB,EACnDA,EAAI,GAAG,OAAOH,EAAM,SAAS,CAAC,CAChC,CAGA,IAAI0B,EAAMvE,EAAM,GAAG,KAAK,OAAO,EAC/B,OAAAgD,EAAI,QAAQ,SAAW,SAASC,EAAI,CAClC,OAAOzB,GAAcwB,EAAI,QAASC,CAAE,CACtC,EACAD,EAAI,QAAQ,SAAW,SAASlC,EAAM,CACpCoC,GAAmB,CAACpC,CAAI,CAAC,EACzBkC,EAAI,QAAQ,WAAW,KAAKlC,CAAI,CAClC,EACAkC,EAAI,QAAQ,WAAa9C,EAAI,qBAC3B4B,EAAQ,gCAAiCyC,CAAG,EAC9CvB,EAAI,QAAQ,KAAOuB,EAAI,OAAO,EAAE,MAAM,EAGtCvB,EAAI,UAAY9C,EAAI,kBAAkB4B,EAAQ,oBAAoB,EAGlEkB,EAAI,aAAe,SAASC,EAAI,CAC9B,OAAOzB,GAAcwB,EAAKC,CAAE,CAC9B,EACAD,EAAI,aAAe,SAASlC,EAAM,CAChCoC,GAAmB,CAACpC,CAAI,CAAC,EACzBkC,EAAI,WAAW,KAAKlC,CAAI,CAC1B,EACAkC,EAAI,WAAa9C,EAAI,qBACnB4B,EAAQ,oCAAsC,CAAC,CAAC,EAE3CkB,CACT,EASA9C,EAAI,2BAA6B,UAAW,CAC1C,IAAI8C,EAAM,CAAC,EACX,OAAAA,EAAI,QAAU,EACdA,EAAI,aAAe,KACnBA,EAAI,UAAY,KAChBA,EAAI,QAAU,CAAC,EACfA,EAAI,QAAQ,aAAe,KAE3BA,EAAI,QAAU,CAAC,EACfA,EAAI,QAAQ,SAAW,SAASC,EAAI,CAClC,OAAOzB,GAAcwB,EAAI,QAASC,CAAE,CACtC,EACAD,EAAI,QAAQ,SAAW,SAASlC,EAAM,CACpCoC,GAAmB,CAACpC,CAAI,CAAC,EACzBkC,EAAI,QAAQ,WAAW,KAAKlC,CAAI,CAClC,EACAkC,EAAI,QAAQ,WAAa,CAAC,EAC1BA,EAAI,QAAQ,KAAO,KAEnBA,EAAI,UAAY,KAChBA,EAAI,WAAa,CAAC,EAClBA,EAAI,aAAe,SAASC,EAAI,CAC9B,OAAOzB,GAAcwB,EAAKC,CAAE,CAC9B,EACAD,EAAI,aAAe,SAASlC,EAAM,CAChCoC,GAAmB,CAACpC,CAAI,CAAC,EACzBkC,EAAI,WAAW,KAAKlC,CAAI,CAC1B,EACAkC,EAAI,GAAK,KAOTA,EAAI,WAAa,SAASG,EAAO,CAE/BD,GAAmBC,CAAK,EACxBH,EAAI,QAAQ,WAAaG,EACzBH,EAAI,QAAQ,KAAO,IACrB,EAOAA,EAAI,cAAgB,SAASG,EAAO,CAElCD,GAAmBC,CAAK,EACxBH,EAAI,WAAaG,CACnB,EAQAH,EAAI,KAAO,SAASJ,EAAKjC,EAAI,CAE3BqC,EAAI,GAAKrC,GAAMX,EAAM,GAAG,KAAK,OAAO,EACpC,IAAIwD,EAAerD,GAAK6C,EAAI,GAAG,UAAY,mBAAmB,EAC9D,GAAG,CAACQ,EAAc,CAChB,IAAIxB,EAAQ,IAAI,MAAM,uFACmB,EACzC,MAAAA,EAAM,UAAYgB,EAAI,GAAG,UACnBhB,CACR,CACAgB,EAAI,aAAeA,EAAI,QAAQ,aAAeQ,EAG9CR,EAAI,yBAA2B9C,EAAI,4BAA4B8C,CAAG,EAClE,IAAIH,EAAQ5C,EAAK,MAAM+C,EAAI,wBAAwB,EAGnDA,EAAI,GAAG,OAAOH,EAAM,SAAS,CAAC,EAC9BG,EAAI,UAAYJ,EAAI,KAAKI,EAAI,EAAE,CACjC,EAaAA,EAAI,OAAS,UAAW,CACtB,IAAIpC,EAAO,GAEPD,EAAKqC,EAAI,GACb,GAAGrC,IAAO,KAAM,CACdA,EAAKsB,GAAuB,CAC1B,aAAce,EAAI,aAClB,KAAM,uBACR,CAAC,EAGD,IAAIiC,EAAMjC,EAAI,0BACZ9C,EAAI,4BAA4B8C,CAAG,EACjCH,EAAQ5C,EAAK,MAAMgF,CAAG,EAC1BtE,EAAG,OAAOkC,EAAM,SAAS,CAAC,CAC5B,CAEA,OAAGlC,IAAO,OACRC,EAAOsB,GAAiB,CACtB,YAAac,EAAK,GAAIrC,EAAI,UAAWqC,EAAI,SAC3C,CAAC,GAGIpC,CACT,EAEOoC,CACT,EASA,SAASkC,GAAUnE,EAAK,CAQtB,QANIH,EAAOX,EAAK,OACdA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAAC,CAAC,EAGhDa,EAAMD,EACNsC,EAAQpC,EAAI,WACR,EAAI,EAAG,EAAIoC,EAAM,OAAQ,EAAE,EAAG,CACpCrC,EAAOqC,EAAM,CAAC,EACd,IAAI2B,EAAQhE,EAAK,MAGbqE,EAAgBlF,EAAK,KAAK,gBAC3B,kBAAmBa,IACpBqE,EAAgBrE,EAAK,cAElBqE,IAAkBlF,EAAK,KAAK,OAC7B6E,EAAQ9E,EAAM,KAAK,WAAW8E,CAAK,IAQvCjE,EAAMZ,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAAM,CAC3DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASa,EAAK,IAAI,EAAE,SAAS,CAAC,EAErCb,EAAK,OAAOA,EAAK,MAAM,UAAWkF,EAAe,GAAOL,CAAK,CAC/D,CAAC,CACH,CAAC,EACDlE,EAAK,MAAM,KAAKC,CAAG,CACrB,CAEA,OAAOD,CACT,CAuCA,SAASsC,GAAmBC,EAAO,CAEjC,QADIrC,EACIG,EAAI,EAAGA,EAAIkC,EAAM,OAAQ,EAAElC,EAAG,CAapC,GAZAH,EAAOqC,EAAMlC,CAAC,EAGX,OAAOH,EAAK,KAAS,MACnBA,EAAK,MAAQA,EAAK,QAAQZ,EAAI,KAC/BY,EAAK,KAAOZ,EAAI,KAAKY,EAAK,IAAI,EACtBA,EAAK,WAAaA,EAAK,aAAaV,KAC5CU,EAAK,KAAOZ,EAAI,KAAKE,GAAYU,EAAK,SAAS,CAAC,IAKjD,OAAOA,EAAK,KAAS,IACtB,GAAGA,EAAK,MAAQA,EAAK,QAAQZ,EAAI,KAC/BY,EAAK,KAAOZ,EAAI,KAAKY,EAAK,IAAI,MACzB,CACL,IAAIkB,EAAQ,IAAI,MAAM,+BAA+B,EACrD,MAAAA,EAAM,UAAYlB,EACZkB,CACR,CAWF,GAPG,OAAOlB,EAAK,UAAc,KACxBA,EAAK,MAAQA,EAAK,QAAQV,KAC3BU,EAAK,UAAYV,GAAYU,EAAK,IAAI,GAKvCA,EAAK,OAASX,GAAK,mBACpBW,EAAK,iBAAmB,GACxBA,EAAK,cAAgBb,EAAK,KAAK,SAC5B,CAACa,EAAK,OAASA,EAAK,YAAY,CACjCA,EAAK,MAAQ,CAAC,EACd,QAAQS,EAAK,EAAGA,EAAKT,EAAK,WAAW,OAAQ,EAAES,EAC7CT,EAAK,MAAM,KAAKZ,EAAI,2BAClBoD,GAA4BxC,EAAK,WAAWS,CAAE,CAAC,CAAC,CAAC,CAEvD,CAGF,GAAG,OAAOT,EAAK,MAAU,IAAa,CACpC,IAAIkB,EAAQ,IAAI,MAAM,gCAAgC,EACtD,MAAAA,EAAM,UAAYlB,EACZkB,CACR,CACF,CACF,CAWA,SAASsB,GAA4B,EAAG7B,EAAS,CAW/C,GAVAA,EAAUA,GAAW,CAAC,EAGnB,OAAO,EAAE,KAAS,KAChB,EAAE,IAAM,EAAE,MAAMvB,EAAI,OACrB,EAAE,KAAOA,EAAI,KAAK,EAAE,EAAE,GAKvB,OAAO,EAAE,GAAO,IACjB,GAAG,EAAE,MAAQ,EAAE,QAAQA,EAAI,KACzB,EAAE,GAAKA,EAAI,KAAK,EAAE,IAAI,MACjB,CACL,IAAI8B,EAAQ,IAAI,MAAM,6BAA6B,EACnD,MAAAA,EAAM,UAAY,EACZA,CACR,CAGF,GAAG,OAAO,EAAE,MAAU,IACpB,OAAO,EAMT,GAAG,EAAE,OAAS,WAAY,CAExB,IAAIoD,EAAS,EACTR,EAAK,EACLC,EAAK,EACN,EAAE,mBACHD,GAAM,IACNQ,EAAS,GAER,EAAE,iBACHR,GAAM,GACNQ,EAAS,GAER,EAAE,kBACHR,GAAM,GACNQ,EAAS,GAER,EAAE,mBACHR,GAAM,GACNQ,EAAS,GAER,EAAE,eACHR,GAAM,EACNQ,EAAS,GAER,EAAE,cACHR,GAAM,EACNQ,EAAS,GAER,EAAE,UACHR,GAAM,EACNQ,EAAS,GAER,EAAE,eACHR,GAAM,EACNQ,EAAS,GAER,EAAE,eACHP,GAAM,IACNO,EAAS,GAIX,IAAIN,EAAQ,OAAO,aAAaM,CAAM,EACnCP,IAAO,EACRC,GAAS,OAAO,aAAaF,CAAE,EAAI,OAAO,aAAaC,CAAE,EACjDD,IAAO,IACfE,GAAS,OAAO,aAAaF,CAAE,GAEjC,EAAE,MAAQ3E,EAAK,OACbA,EAAK,MAAM,UAAWA,EAAK,KAAK,UAAW,GAAO6E,CAAK,CAC3D,SAAU,EAAE,OAAS,mBAEnB,EAAE,MAAQ7E,EAAK,OACbA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAAC,CAAC,EAEjD,EAAE,IACH,EAAE,MAAM,MAAM,KAAKA,EAAK,OACtBA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACzC,MAAyB,CAAC,EAE3B,sBAAuB,GACxB,EAAE,MAAM,MAAM,KAAKA,EAAK,OACtBA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACzCA,EAAK,aAAa,EAAE,iBAAiB,EAAE,SAAS,CAAC,CAAC,UAE9C,EAAE,OAAS,cAAe,CAElC,EAAE,MAAQA,EAAK,OACbA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAAC,CAAC,EACpD,IAAIkB,EAAM,EAAE,MAAM,MAClB,QAAQyB,KAAO,EACV,EAAEA,CAAG,IAAM,KAIXA,KAAOzC,GACRgB,EAAI,KAAKlB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IACnD,GAAOA,EAAK,SAASE,GAAKyC,CAAG,CAAC,EAAE,SAAS,CAAC,CAAC,EACrCA,EAAI,QAAQ,GAAG,IAAM,IAE7BzB,EAAI,KAAKlB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IACnD,GAAOA,EAAK,SAAS2C,CAAG,EAAE,SAAS,CAAC,CAAC,EAG7C,SAAU,EAAE,OAAS,aAAc,CAGjC,IAAIwC,EAAS,EACTR,EAAK,EAEN,EAAE,SACHA,GAAM,IACNQ,EAAS,GAER,EAAE,SACHR,GAAM,GACNQ,EAAS,GAER,EAAE,QACHR,GAAM,GACNQ,EAAS,GAER,EAAE,UACHR,GAAM,GACNQ,EAAS,GAER,EAAE,WACHR,GAAM,EACNQ,EAAS,GAER,EAAE,QACHR,GAAM,EACNQ,EAAS,GAER,EAAE,UACHR,GAAM,EACNQ,EAAS,GAER,EAAE,QACHR,GAAM,EACNQ,EAAS,GAIX,IAAIN,EAAQ,OAAO,aAAaM,CAAM,EACnCR,IAAO,IACRE,GAAS,OAAO,aAAaF,CAAE,GAEjC,EAAE,MAAQ3E,EAAK,OACbA,EAAK,MAAM,UAAWA,EAAK,KAAK,UAAW,GAAO6E,CAAK,CAC3D,SAAU,EAAE,OAAS,kBAAoB,EAAE,OAAS,gBAAiB,CAEnE,EAAE,MAAQ7E,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAAC,CAAC,EAGxE,QADI+E,EACIf,EAAI,EAAGA,EAAI,EAAE,SAAS,OAAQ,EAAEA,EAAG,CACzCe,EAAU,EAAE,SAASf,CAAC,EACtB,IAAIa,EAAQE,EAAQ,MAEpB,GAAGA,EAAQ,OAAS,GAAKA,EAAQ,IAE/B,GADAF,EAAQ9E,EAAM,KAAK,YAAYgF,EAAQ,EAAE,EACtCF,IAAU,KAAM,CACjB,IAAI9C,EAAQ,IAAI,MACd,2DAA2D,EAC7D,MAAAA,EAAM,UAAY,EACZA,CACR,OACQgD,EAAQ,OAAS,IAEtBA,EAAQ,IACTF,EAAQ7E,EAAK,SAASA,EAAK,SAAS+E,EAAQ,GAAG,CAAC,EAGhDF,EAAQ7E,EAAK,SAAS6E,CAAK,GAG/B,EAAE,MAAM,MAAM,KAAK7E,EAAK,OACtBA,EAAK,MAAM,iBAAkB+E,EAAQ,KAAM,GAC3CF,CAAK,CAAC,CACV,CACF,SAAU,EAAE,OAAS,aAAerD,EAAQ,KAAM,CAEhD,GAAG,CAAE,iBAAiB,KAAK,EAAE,OAAO,GACjC,EAAE,QAAQ,OAAS,GAAO,EAAE,QAAQ,OAAS,IAC9C,MAAM,IAAI,MAAM,8BAA8B,EAGhD,EAAE,MAAQxB,EAAK,OACbA,EAAK,MAAM,UAAWA,EAAK,KAAK,UAAW,GAAO,EAAE,OAAO,CAC/D,SAAU,EAAE,OAAS,wBAA0BwB,EAAQ,KAAM,CAC3D,IAAIyC,EAAMzC,EAAQ,KAAK,6BAA6B,EACpD,EAAE,qBAAuByC,EAAI,MAAM,EAEnC,EAAE,MAAQjE,EAAK,OACbA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAAOiE,EAAI,SAAS,CAAC,CACtE,SAAU,EAAE,OAAS,0BAA4BzC,EAAQ,KAAM,CAE7D,EAAE,MAAQxB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAAC,CAAC,EACxE,IAAIkB,EAAM,EAAE,MAAM,MAElB,GAAG,EAAE,cAAe,CAClB,IAAIkE,EAAiB,EAAE,gBAAkB,GACvC5D,EAAQ,KAAK,6BAA6B,EAAE,SAAS,EACrD,EAAE,cACJN,EAAI,KACFlB,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAOoF,CAAa,CAAC,CACrE,CAEA,GAAG,EAAE,oBAAqB,CACxB,IAAIC,EAAsB,CACxBrF,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAChDiF,GAAU,EAAE,sBAAwB,GAClCzD,EAAQ,KAAK,OAAS,EAAE,mBAAmB,CAC/C,CAAC,CACH,EACAN,EAAI,KACFlB,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAMqF,CAAmB,CAAC,CAC1E,CAEA,GAAG,EAAE,aAAc,CACjB,IAAIC,EAAevF,EAAM,KAAK,WAAW,EAAE,eAAiB,GAC1DyB,EAAQ,KAAK,aAAe,EAAE,YAAY,EAC5CN,EAAI,KACFlB,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAOsF,CAAY,CAAC,CACpE,CACF,SAAU,EAAE,OAAS,wBAAyB,CAC5C,EAAE,MAAQtF,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAAC,CAAC,EAWxE,QAVIkB,EAAM,EAAE,MAAM,MAGdqE,EAASvF,EAAK,OAChBA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAAC,CAAC,EAGhDwF,EAAuBxF,EAAK,OAC9BA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAAC,CAAC,EACtC+E,EACIf,EAAI,EAAGA,EAAI,EAAE,SAAS,OAAQ,EAAEA,EAAG,CACzCe,EAAU,EAAE,SAASf,CAAC,EACtB,IAAIa,EAAQE,EAAQ,MAEpB,GAAGA,EAAQ,OAAS,GAAKA,EAAQ,IAE/B,GADAF,EAAQ9E,EAAM,KAAK,YAAYgF,EAAQ,EAAE,EACtCF,IAAU,KAAM,CACjB,IAAI9C,EAAQ,IAAI,MACd,2DAA2D,EAC7D,MAAAA,EAAM,UAAY,EACZA,CACR,OACQgD,EAAQ,OAAS,IAEtBA,EAAQ,IACTF,EAAQ7E,EAAK,SAASA,EAAK,SAAS+E,EAAQ,GAAG,CAAC,EAGhDF,EAAQ7E,EAAK,SAAS6E,CAAK,GAG/BW,EAAqB,MAAM,KAAKxF,EAAK,OACnCA,EAAK,MAAM,iBAAkB+E,EAAQ,KAAM,GAC3CF,CAAK,CAAC,CACV,CAGAU,EAAO,MAAM,KAAKvF,EAAK,OACrBA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAACwF,CAAoB,CAAC,CAAC,EAC/DtE,EAAI,KAAKqE,CAAM,CACjB,CAGA,GAAG,OAAO,EAAE,MAAU,IAAa,CACjC,IAAIxD,EAAQ,IAAI,MAAM,gCAAgC,EACtD,MAAAA,EAAM,UAAY,EACZA,CACR,CAEA,OAAO,CACT,CASA,SAAS0D,GAA2B/D,EAAKE,EAAQ,CAC/C,OAAOF,EAAK,CACV,KAAKxB,GAAK,YAAY,EACpB,IAAIwF,EAAQ,CAAC,EAEb,OAAG9D,EAAO,KAAK,eAAiB,QAC9B8D,EAAM,KAAK1F,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAC3DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAC1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAAS4B,EAAO,KAAK,YAAY,EAAE,SAAS,CAAC,EACpD5B,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CAC7D,CAAC,CACH,CAAC,CAAC,EAGD4B,EAAO,IAAI,eAAiB,QAC7B8D,EAAM,KAAK1F,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAC3DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAC1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAAS4B,EAAO,IAAI,YAAY,EAAE,SAAS,CAAC,EACnD5B,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAC1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAAS4B,EAAO,IAAI,KAAK,YAAY,EAAE,SAAS,CAAC,EACxD5B,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CAC7D,CAAC,CACH,CAAC,CACH,CAAC,CAAC,EAGD4B,EAAO,aAAe,QACvB8D,EAAM,KAAK1F,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAC3DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDA,EAAK,aAAa4B,EAAO,UAAU,EAAE,SAAS,CAAC,CACnD,CAAC,CAAC,EAGG5B,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM0F,CAAK,EAE1E,QACE,OAAO1F,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CACtE,CACF,CAUA,SAAS2F,GAAqB5C,EAAK,CAEjC,IAAIpC,EAAOX,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAAC,CAAC,EAG/D,GAAG+C,EAAI,WAAW,SAAW,EAC3B,OAAOpC,EAKT,QADIuC,EAAQH,EAAI,WACR/B,EAAI,EAAGA,EAAIkC,EAAM,OAAQ,EAAElC,EAAG,CACpC,IAAIH,EAAOqC,EAAMlC,CAAC,EACd6D,EAAQhE,EAAK,MAGbqE,EAAgBlF,EAAK,KAAK,KAC3B,kBAAmBa,IACpBqE,EAAgBrE,EAAK,eAEpBqE,IAAkBlF,EAAK,KAAK,OAC7B6E,EAAQ9E,EAAM,KAAK,WAAW8E,CAAK,GAErC,IAAIe,EAAmB,GACpB,qBAAsB/E,IACvB+E,EAAmB/E,EAAK,kBAO1B,IAAIK,EAAMlB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEpEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASa,EAAK,IAAI,EAAE,SAAS,CAAC,EACrCb,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAAM,CAErDA,EAAK,OACHA,EAAK,MAAM,UAAWkF,EAAeU,EAAkBf,CAAK,CAChE,CAAC,CACH,CAAC,EACDlE,EAAK,MAAM,KAAKO,CAAG,CACrB,CAEA,OAAOP,CACT,CAEA,IAAIkF,GAAa,IAAI,KAAK,sBAAsB,EAC5CC,GAAa,IAAI,KAAK,sBAAsB,EAUhD,SAASC,GAAYC,EAAM,CACzB,OAAGA,GAAQH,IAAcG,EAAOF,GACvB9F,EAAK,OACVA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACzCA,EAAK,cAAcgG,CAAI,CAAC,EAEnBhG,EAAK,OACVA,EAAK,MAAM,UAAWA,EAAK,KAAK,gBAAiB,GACjDA,EAAK,sBAAsBgG,CAAI,CAAC,CAEtC,CASA/F,EAAI,kBAAoB,SAASiC,EAAM,CAErC,IAAI+D,EAAYF,GAAY7D,EAAK,SAAS,SAAS,EAC/CgE,EAAWH,GAAY7D,EAAK,SAAS,QAAQ,EAC7CiE,EAAMnG,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEpEA,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAEhDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDA,EAAK,aAAakC,EAAK,OAAO,EAAE,SAAS,CAAC,CAC9C,CAAC,EAEDlC,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDD,EAAM,KAAK,WAAWmC,EAAK,YAAY,CAAC,EAE1ClC,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASkC,EAAK,QAAQ,YAAY,EAAE,SAAS,CAAC,EAErDuD,GACEvD,EAAK,QAAQ,aAAcA,EAAK,QAAQ,UAAU,CACtD,CAAC,EAED+C,GAAU/C,EAAK,MAAM,EAErBlC,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAC1DiG,EACAC,CACF,CAAC,EAEDjB,GAAU/C,EAAK,OAAO,EAEtBjC,EAAI,gBAAgBiC,EAAK,SAAS,CACpC,CAAC,EAED,OAAGA,EAAK,OAAO,UAEbiE,EAAI,MAAM,KACRnG,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAChDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,UAAW,GAErD,KACAkC,EAAK,OAAO,QACd,CACF,CAAC,CACH,EAECA,EAAK,QAAQ,UAEdiE,EAAI,MAAM,KACRnG,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAChDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,UAAW,GAErD,KACAkC,EAAK,QAAQ,QACf,CACF,CAAC,CACH,EAGCA,EAAK,WAAW,OAAS,GAE1BiE,EAAI,MAAM,KAAKlG,EAAI,4BAA4BiC,EAAK,UAAU,CAAC,EAG1DiE,CACT,EAUAlG,EAAI,4BAA8B,SAAS8C,EAAK,CAE9C,IAAIiC,EAAMhF,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEpEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDA,EAAK,aAAa+C,EAAI,OAAO,EAAE,SAAS,CAAC,EAE3CkC,GAAUlC,EAAI,OAAO,EAErB9C,EAAI,gBAAgB8C,EAAI,SAAS,EAEjC4C,GAAqB5C,CAAG,CAC1B,CAAC,EAED,OAAOiC,CACT,EASA/E,EAAI,wBAA0B,SAASmG,EAAI,CACzC,OAAOnB,GAAUmB,CAAE,CACrB,EASAnG,EAAI,kBAAoB,SAASiC,EAAM,CAErC,IAAIyB,EAAiBzB,EAAK,gBAAkBjC,EAAI,kBAAkBiC,CAAI,EAGtE,OAAOlC,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEjE2D,EAEA3D,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASkC,EAAK,YAAY,EAAE,SAAS,CAAC,EAE7CuD,GAA2BvD,EAAK,aAAcA,EAAK,mBAAmB,CACxE,CAAC,EAEDlC,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,UAAW,GACrD,KAA4BkC,EAAK,SAAS,CAC9C,CAAC,CACH,EASAjC,EAAI,4BAA8B,SAASmD,EAAM,CAE/C,IAAIzC,EAAOX,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAAC,CAAC,EAG3DkB,EAAMlB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAAC,CAAC,EACxEW,EAAK,MAAM,KAAKO,CAAG,EAEnB,QAAQF,EAAI,EAAGA,EAAIoC,EAAK,OAAQ,EAAEpC,EAChCE,EAAI,MAAM,KAAKjB,EAAI,2BAA2BmD,EAAKpC,CAAC,CAAC,CAAC,EAGxD,OAAOL,CACT,EASAV,EAAI,2BAA6B,SAASqD,EAAK,CAE7C,IAAIkB,EAASxE,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAAC,CAAC,EAG3EwE,EAAO,MAAM,KAAKxE,EAAK,OACrBA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GACrCA,EAAK,SAASsD,EAAI,EAAE,EAAE,SAAS,CAAC,CAAC,EAGhCA,EAAI,UAELkB,EAAO,MAAM,KAAKxE,EAAK,OACrBA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACzC,MAAyB,CAAC,EAG9B,IAAI6E,EAAQvB,EAAI,MAChB,OAAG,OAAOA,EAAI,OAAU,WAEtBuB,EAAQ7E,EAAK,MAAM6E,CAAK,EAAE,SAAS,GAIrCL,EAAO,MAAM,KAAKxE,EAAK,OACrBA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAAO6E,CAAK,CAAC,EAErDL,CACT,EASAvE,EAAI,2BAA6B,SAAS8C,EAAK,CAE7C,IAAIiC,EAAMjC,EAAI,0BACZ9C,EAAI,4BAA4B8C,CAAG,EAGrC,OAAO/C,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEjEgF,EAEAhF,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAAS+C,EAAI,YAAY,EAAE,SAAS,CAAC,EAE5C0C,GAA2B1C,EAAI,aAAcA,EAAI,mBAAmB,CACtE,CAAC,EAED/C,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,UAAW,GACrD,KAA4B+C,EAAI,SAAS,CAC7C,CAAC,CACH,EAUA9C,EAAI,cAAgB,SAASoG,EAAO,CAElC,IAAIC,EAAU,CAEZ,MAAO,CAAC,CACV,EAUAA,EAAQ,UAAY,SAASpE,EAAM,CACjC,IAAIvB,EAAO4F,EAAarE,EAAK,MAAM,EAWnC,OAAOvB,CACT,EAQA2F,EAAQ,eAAiB,SAASpE,EAAM,CAQtC,GANG,OAAOA,GAAS,WACjBA,EAAOnC,EAAM,IAAI,mBAAmBmC,CAAI,GAG1CsE,EAAqBtE,EAAK,OAAO,EAE9B,CAACoE,EAAQ,eAAepE,CAAI,EAC7B,GAAGA,EAAK,QAAQ,QAAQoE,EAAQ,MAAO,CAErC,IAAIG,EAAMH,EAAQ,MAAMpE,EAAK,QAAQ,IAAI,EACrCnC,EAAM,KAAK,QAAQ0G,CAAG,IACxBA,EAAM,CAACA,CAAG,GAEZA,EAAI,KAAKvE,CAAI,EACboE,EAAQ,MAAMpE,EAAK,QAAQ,IAAI,EAAIuE,CACrC,MACEH,EAAQ,MAAMpE,EAAK,QAAQ,IAAI,EAAIA,CAGzC,EAUAoE,EAAQ,eAAiB,SAASpE,EAAM,CAEnC,OAAOA,GAAS,WACjBA,EAAOnC,EAAM,IAAI,mBAAmBmC,CAAI,GAG1C,IAAIwE,EAAQH,EAAarE,EAAK,OAAO,EACrC,GAAG,CAACwE,EACF,MAAO,GAEL3G,EAAM,KAAK,QAAQ2G,CAAK,IAC1BA,EAAQ,CAACA,CAAK,GAIhB,QADIC,EAAO3G,EAAK,MAAMC,EAAI,kBAAkBiC,CAAI,CAAC,EAAE,SAAS,EACpDlB,EAAI,EAAGA,EAAI0F,EAAM,OAAQ,EAAE1F,EAAG,CACpC,IAAI4F,EAAO5G,EAAK,MAAMC,EAAI,kBAAkByG,EAAM1F,CAAC,CAAC,CAAC,EAAE,SAAS,EAChE,GAAG2F,IAASC,EACV,MAAO,EAEX,CACA,MAAO,EACT,EAOAN,EAAQ,oBAAsB,UAAW,CACvC,IAAIO,EAAW,CAAC,EAEhB,QAAQzE,KAAQkE,EAAQ,MACtB,GAAGA,EAAQ,MAAM,eAAelE,CAAI,EAAG,CACrC,IAAIyC,EAAQyB,EAAQ,MAAMlE,CAAI,EAC9B,GAAG,CAACrC,EAAM,KAAK,QAAQ8E,CAAK,EAC1BgC,EAAS,KAAKhC,CAAK,MAEnB,SAAQ7D,EAAI,EAAGA,EAAI6D,EAAM,OAAQ,EAAE7D,EACjC6F,EAAS,KAAKhC,EAAM7D,CAAC,CAAC,CAG5B,CAGF,OAAO6F,CACT,EAWAP,EAAQ,kBAAoB,SAASpE,EAAM,CACzC,IAAI4E,EAOJ,GAJG,OAAO5E,GAAS,WACjBA,EAAOnC,EAAM,IAAI,mBAAmBmC,CAAI,GAE1CsE,EAAqBtE,EAAK,OAAO,EAC9B,CAACoE,EAAQ,eAAepE,CAAI,EAC7B,OAAO,KAGT,IAAIwE,EAAQH,EAAarE,EAAK,OAAO,EAErC,GAAG,CAACnC,EAAM,KAAK,QAAQ2G,CAAK,EAC1B,OAAAI,EAASR,EAAQ,MAAMpE,EAAK,QAAQ,IAAI,EACxC,OAAOoE,EAAQ,MAAMpE,EAAK,QAAQ,IAAI,EAC/B4E,EAKT,QADIH,EAAO3G,EAAK,MAAMC,EAAI,kBAAkBiC,CAAI,CAAC,EAAE,SAAS,EACpDlB,EAAI,EAAGA,EAAI0F,EAAM,OAAQ,EAAE1F,EAAG,CACpC,IAAI4F,EAAO5G,EAAK,MAAMC,EAAI,kBAAkByG,EAAM1F,CAAC,CAAC,CAAC,EAAE,SAAS,EAC7D2F,IAASC,IACVE,EAASJ,EAAM1F,CAAC,EAChB0F,EAAM,OAAO1F,EAAG,CAAC,EAErB,CACA,OAAG0F,EAAM,SAAW,GAClB,OAAOJ,EAAQ,MAAMpE,EAAK,QAAQ,IAAI,EAGjC4E,CACT,EAEA,SAASP,EAAa7C,EAAS,CAC7B,OAAA8C,EAAqB9C,CAAO,EACrB4C,EAAQ,MAAM5C,EAAQ,IAAI,GAAK,IACxC,CAEA,SAAS8C,EAAqB9C,EAAS,CAErC,GAAG,CAACA,EAAQ,KAAM,CAChB,IAAIhD,EAAKX,EAAM,GAAG,KAAK,OAAO,EAC9B2D,EAAQ,WAAazD,EAAI,qBAAqBgF,GAAUvB,CAAO,EAAGhD,CAAE,EACpEgD,EAAQ,KAAOhD,EAAG,OAAO,EAAE,MAAM,CACnC,CACF,CAGA,GAAG2F,EAED,QAAQrF,EAAI,EAAGA,EAAIqF,EAAM,OAAQ,EAAErF,EAAG,CACpC,IAAIkB,EAAOmE,EAAMrF,CAAC,EAClBsF,EAAQ,eAAepE,CAAI,CAC7B,CAGF,OAAOoE,CACT,EAKArG,EAAI,iBAAmB,CACrB,gBAAiB,2BACjB,wBAAyB,mCACzB,oBAAqB,+BACrB,oBAAqB,+BACrB,oBAAqB,+BACrB,WAAY,uCACd,EA+BAA,EAAI,uBAAyB,SAASqG,EAASS,EAAOvF,EAAS,CAqI1D,OAAOA,GAAY,aACpBA,EAAU,CAAC,OAAQA,CAAO,GAE5BA,EAAUA,GAAW,CAAC,EAItBuF,EAAQA,EAAM,MAAM,CAAC,EACrB,IAAIV,EAAQU,EAAM,MAAM,CAAC,EAErBC,EAAoBxF,EAAQ,kBAI7B,OAAOwF,EAAsB,MAC9BA,EAAoB,IAAI,MAK1B,IAAIC,EAAQ,GACRlF,EAAQ,KACRmF,EAAQ,EACZ,EAAG,CACD,IAAIhF,EAAO6E,EAAM,MAAM,EACnBnD,EAAS,KACTuD,EAAa,GAmBjB,GAjBGH,IAEEA,EAAoB9E,EAAK,SAAS,WAClC8E,EAAoB9E,EAAK,SAAS,YACnCH,EAAQ,CACN,QAAS,+CACT,MAAO9B,EAAI,iBAAiB,oBAC5B,UAAWiC,EAAK,SAAS,UACzB,SAAUA,EAAK,SAAS,SAGxB,IAAK8E,CACP,GAKDjF,IAAU,KAAM,CAUjB,GATA6B,EAASmD,EAAM,CAAC,GAAKT,EAAQ,UAAUpE,CAAI,EACxC0B,IAAW,MAET1B,EAAK,SAASA,CAAI,IACnBiF,EAAa,GACbvD,EAAS1B,GAIV0B,EAAQ,CAST,IAAIwD,EAAUxD,EACV7D,EAAM,KAAK,QAAQqH,CAAO,IAC5BA,EAAU,CAACA,CAAO,GAKpB,QADIC,EAAW,GACT,CAACA,GAAYD,EAAQ,OAAS,GAAG,CACrCxD,EAASwD,EAAQ,MAAM,EACvB,GAAI,CACFC,EAAWzD,EAAO,OAAO1B,CAAI,CAC/B,MAAY,CAEZ,CACF,CAEImF,IACFtF,EAAQ,CACN,QAAS,oCACT,MAAO9B,EAAI,iBAAiB,eAC9B,EAEJ,CAEG8B,IAAU,OAAS,CAAC6B,GAAUuD,IAC/B,CAACb,EAAQ,eAAepE,CAAI,IAE5BH,EAAQ,CACN,QAAS,8BACT,MAAO9B,EAAI,iBAAiB,UAC9B,EAEJ,CAkBA,GAbG8B,IAAU,MAAQ6B,GAAU,CAAC1B,EAAK,SAAS0B,CAAM,IAElD7B,EAAQ,CACN,QAAS,iCACT,MAAO9B,EAAI,iBAAiB,eAC9B,GAQC8B,IAAU,KAMX,QAJIuF,EAAK,CACP,SAAU,GACV,iBAAkB,EACpB,EACQtG,EAAI,EAAGe,IAAU,MAAQf,EAAIkB,EAAK,WAAW,OAAQ,EAAElB,EAAG,CAChE,IAAIsC,EAAMpB,EAAK,WAAWlB,CAAC,EACxBsC,EAAI,UAAY,EAAEA,EAAI,QAAQgE,KAC/BvF,EAAQ,CACN,QACE,qDACF,MAAO9B,EAAI,iBAAiB,uBAC9B,EAEJ,CAKF,GAAG8B,IAAU,OACV,CAACkF,GAAUF,EAAM,SAAW,IAAM,CAACnD,GAAUuD,IAAe,CAE7D,IAAII,EAAQrF,EAAK,aAAa,kBAAkB,EAC5CsF,EAActF,EAAK,aAAa,UAAU,EA8B9C,GA7BGsF,IAAgB,OAGd,CAACA,EAAY,aAAeD,IAAU,QAEvCxF,EAAQ,CACN,QACE,8MAKF,MAAO9B,EAAI,iBAAiB,eAC9B,GAID8B,IAAU,MAAQwF,IAAU,MAAQ,CAACA,EAAM,KAE5CxF,EAAQ,CACN,QACE,sEAEF,MAAO9B,EAAI,iBAAiB,eAC9B,GAKC8B,IAAU,MAAQyF,IAAgB,MACnC,sBAAuBD,EAAO,CAK9B,IAAIE,EAAUP,EAAQ,EACnBO,EAAUF,EAAM,oBAEjBxF,EAAQ,CACN,QACE,2DACF,MAAO9B,EAAI,iBAAiB,eAC9B,EAEJ,CACF,CAGA,IAAIyH,EAAO3F,IAAU,KAAQ,GAAOA,EAAM,MACtC4F,EAAMnG,EAAQ,OAASA,EAAQ,OAAOkG,EAAKR,EAAOb,CAAK,EAAIqB,EAC/D,GAAGC,IAAQ,GAET5F,EAAQ,SAGR,OAAG2F,IAAQ,KACT3F,EAAQ,CACN,QAAS,4CACT,MAAO9B,EAAI,iBAAiB,eAC9B,IAIC0H,GAAOA,IAAQ,KAEb,OAAOA,GAAQ,UAAY,CAAC5H,EAAM,KAAK,QAAQ4H,CAAG,GAChDA,EAAI,UACL5F,EAAM,QAAU4F,EAAI,SAEnBA,EAAI,QACL5F,EAAM,MAAQ4F,EAAI,QAEZ,OAAOA,GAAQ,WAEvB5F,EAAM,MAAQ4F,IAKZ5F,EAIRkF,EAAQ,GACR,EAAEC,CACJ,OAAQH,EAAM,OAAS,GAEvB,MAAO,EACT,ICzqGA,IAAAa,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cA+FA,IAAIC,GAAQ,IACZ,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KAGA,IAAIC,EAAOD,GAAM,KACbE,EAAMF,GAAM,IAGZG,GAAMJ,GAAO,QAAUC,GAAM,OAASA,GAAM,QAAU,CAAC,EAEvDI,GAAuB,CACzB,KAAM,cACN,SAAUH,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,0BACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,aACX,EAAG,CACD,KAAM,sBACN,SAAUA,EAAK,MAAM,iBACrB,YAAa,GACb,YAAa,SACf,CAAC,CACH,EAEII,GAAe,CACjB,KAAM,MACN,SAAUJ,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,cACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,QAAS,SACX,EACAG,GAAsB,CACpB,KAAM,cACN,SAAUH,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,SAAU,GACV,YAAa,MACb,MAAO,CAAC,CACN,KAAM,kBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,kCACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,4CACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,cACX,EAAG,CACD,KAAM,6CACN,SAAUA,EAAK,MAAM,UACrB,YAAa,wBACf,CAAC,CACH,EAAG,CACD,KAAM,yBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,YAChB,YAAa,GACb,QAAS,WACX,CAAC,CACH,EAAG,CACD,KAAM,sBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,YAChB,YAAa,GACb,QAAS,SACX,EAAG,CACD,KAAM,yBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,QAChB,YAAa,GACb,SAAU,GACV,QAAS,eACX,CAAC,CACH,CAAC,CACH,EAEIK,GAAmB,CACrB,KAAM,UACN,SAAUL,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,gBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,OACX,EAAG,CACD,KAAM,mBACN,SAAUA,EAAK,MAAM,iBACrB,YAAa,GACb,YAAa,UACf,EAAG,CACD,KAAM,wBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,SAAU,GACV,QAAS,eACX,CAAC,CACH,EAEIM,GAAqB,CACvB,KAAM,YACN,SAAUN,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,mBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,KACX,EAAG,CACD,KAAM,uBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,QACX,CAAC,CACH,EAEIO,GAAmB,CACrB,KAAM,UACN,SAAUP,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,iBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,KAAK,IAChB,YAAa,GACb,QAAS,QACX,EAAG,CACD,KAAM,oBACN,SAAUA,EAAK,MAAM,iBACrB,YAAa,GAGb,MAAO,CAAC,CACN,KAAM,uBACN,SAAUA,EAAK,MAAM,UACrB,KAAMA,EAAK,MAAM,YACjB,YAAa,GACb,QAAS,MACX,CAAC,CACH,CAAC,CACH,EAcA,SAASQ,GAAoBC,EAAcC,EAAUC,EAAWC,EAAS,CAGvE,QAFIC,EAAS,CAAC,EAEN,EAAI,EAAG,EAAIJ,EAAa,OAAQ,IACtC,QAAQK,EAAI,EAAGA,EAAIL,EAAa,CAAC,EAAE,SAAS,OAAQK,IAAK,CACvD,IAAIC,EAAMN,EAAa,CAAC,EAAE,SAASK,CAAC,EACpC,GAAG,EAAAF,IAAY,QAAaG,EAAI,OAASH,GAIzC,IAAGF,IAAa,KAAM,CACpBG,EAAO,KAAKE,CAAG,EACf,QACF,CACGA,EAAI,WAAWL,CAAQ,IAAM,QAC9BK,EAAI,WAAWL,CAAQ,EAAE,QAAQC,CAAS,GAAK,GAC/CE,EAAO,KAAKE,CAAG,EAEnB,CAGF,OAAOF,CACT,CAWAX,GAAI,eAAiB,SAASc,EAAKC,EAAQC,EAAU,CAEhD,OAAOD,GAAW,UACnBC,EAAWD,EACXA,EAAS,IACDA,IAAW,SACnBA,EAAS,IAIX,IAAIE,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAACpB,EAAK,SAASgB,EAAKZ,GAAce,EAASC,CAAM,EAAG,CACrD,IAAIC,EAAQ,IAAI,MAAM,8DACiB,EACvC,MAAAA,EAAM,OAASA,EACTA,CACR,CAEA,IAAIC,EAAM,CACR,QAASH,EAAQ,QAAQ,WAAW,CAAC,EACrC,aAAc,CAAC,EAef,QAAS,SAASI,EAAQ,CACxB,IAAIC,EAAO,CAAC,EAERC,EACJ,MAAG,eAAgBF,EACjBE,EAAaF,EAAO,WACZ,kBAAmBA,IAC3BE,EAAa1B,GAAM,KAAK,WAAWwB,EAAO,aAAa,GAItDE,IAAe,QAAa,EAAE,iBAAkBF,IACjD,YAAaA,IACbC,EAAKD,EAAO,OAAO,EAAIf,GACrBc,EAAI,aAAc,KAAM,KAAMC,EAAO,OAAO,GAG7CE,IAAe,SAChBD,EAAK,WAAahB,GAChBc,EAAI,aAAc,aAClBG,EAAYF,EAAO,OAAO,GAE3B,iBAAkBA,IACnBC,EAAK,aAAehB,GAClBc,EAAI,aAAc,eAClBC,EAAO,aAAcA,EAAO,OAAO,GAGhCC,CACT,EAYA,sBAAuB,SAASE,EAAcd,EAAS,CACrD,OAAOJ,GACLc,EAAI,aAAc,eAAgBI,EAAcd,CAAO,CAC3D,EAYA,oBAAqB,SAASa,EAAYb,EAAS,CACjD,OAAOJ,GACLc,EAAI,aAAc,aAAcG,EAAYb,CAAO,CACvD,CACF,EAEA,GAAGO,EAAQ,QAAQ,WAAW,CAAC,IAAM,EAAG,CACtC,IAAIE,EAAQ,IAAI,MAAM,oDAAoD,EAC1E,MAAAA,EAAM,QAAUF,EAAQ,QAAQ,WAAW,CAAC,EACtCE,CACR,CAEA,GAAGrB,EAAK,SAASmB,EAAQ,WAAW,IAAMlB,EAAI,KAAK,KAAM,CACvD,IAAIoB,EAAQ,IAAI,MAAM,wDAAwD,EAC9E,MAAAA,EAAM,IAAMrB,EAAK,SAASmB,EAAQ,WAAW,EACvCE,CACR,CAEA,IAAIM,EAAOR,EAAQ,QAAQ,MAAM,CAAC,EAClC,GAAGQ,EAAK,WAAa3B,EAAK,MAAM,WAC7B2B,EAAK,OAAS3B,EAAK,KAAK,YACzB,MAAM,IAAI,MAAM,uDAAuD,EAKzE,GAHA2B,EAAOC,GAAiBD,CAAI,EAGzBR,EAAQ,IAAK,CACd,IAAIU,EAAK,KACLC,EAAc,EACdC,EAAe/B,EAAK,SAASmB,EAAQ,YAAY,EACrD,OAAOY,EAAc,CACrB,KAAK9B,EAAI,KAAK,KACZ4B,EAAK9B,GAAM,GAAG,KAAK,OAAO,EAC1B+B,EAAc,GACd,MACF,KAAK7B,EAAI,KAAK,OACZ4B,EAAK9B,GAAM,GAAG,OAAO,OAAO,EAC5B+B,EAAc,GACd,MACF,KAAK7B,EAAI,KAAK,OACZ4B,EAAK9B,GAAM,GAAG,OAAO,OAAO,EAC5B+B,EAAc,GACd,MACF,KAAK7B,EAAI,KAAK,OACZ4B,EAAK9B,GAAM,GAAG,OAAO,OAAO,EAC5B+B,EAAc,GACd,MACF,KAAK7B,EAAI,KAAK,IACZ4B,EAAK9B,GAAM,GAAG,IAAI,OAAO,EACzB+B,EAAc,GACd,KACF,CACA,GAAGD,IAAO,KACR,MAAM,IAAI,MAAM,2CAA6CE,CAAY,EAI3E,IAAIC,EAAU,IAAIjC,GAAM,KAAK,WAAWoB,EAAQ,OAAO,EACnDc,EAAkB,kBAAmBd,EACvC,SAASpB,GAAM,KAAK,WAAWoB,EAAQ,aAAa,EAAG,EAAE,EAAI,EAC3De,EAAShC,GAAI,YACfgB,EAAUc,EAAS,EAAGC,EAAeH,EAAaD,CAAE,EAClDM,EAAMpC,GAAM,KAAK,OAAO,EAC5BoC,EAAI,MAAMN,EAAIK,CAAM,EACpBC,EAAI,OAAOR,EAAK,KAAK,EACrB,IAAIS,EAAWD,EAAI,OAAO,EAC1B,GAAGC,EAAS,SAAS,IAAMjB,EAAQ,UACjC,MAAM,IAAI,MAAM,sDAAsD,CAE1E,CAEA,OAAAkB,GAAyBf,EAAKK,EAAK,MAAOV,EAAQC,CAAQ,EACnDI,CACT,EAcA,SAASM,GAAiBD,EAAM,CAG9B,GAAGA,EAAK,UAAYA,EAAK,YAAa,CAEpC,QADIW,EAAQvC,GAAM,KAAK,aAAa,EAC5BwC,EAAI,EAAGA,EAAIZ,EAAK,MAAM,OAAQ,EAAEY,EACtCD,EAAM,SAASX,EAAK,MAAMY,CAAC,EAAE,KAAK,EAEpCZ,EAAK,SAAWA,EAAK,YAAc,GACnCA,EAAK,MAAQW,EAAM,SAAS,CAC9B,CACA,OAAOX,CACT,CAYA,SAASU,GAAyBf,EAAKkB,EAAUvB,EAAQC,EAAU,CAGjE,GAFAsB,EAAWxC,EAAK,QAAQwC,EAAUvB,CAAM,EAErCuB,EAAS,WAAaxC,EAAK,MAAM,WACjCwC,EAAS,OAASxC,EAAK,KAAK,UAC5BwC,EAAS,cAAgB,GAC1B,MAAM,IAAI,MAAM,oEACW,EAG7B,QAAQD,EAAI,EAAGA,EAAIC,EAAS,MAAM,OAAQD,IAAK,CAC7C,IAAIE,EAAcD,EAAS,MAAMD,CAAC,EAG9BpB,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAACpB,EAAK,SAASyC,EAAatC,GAAsBgB,EAASC,CAAM,EAAG,CACrE,IAAIC,EAAQ,IAAI,MAAM,0BAA0B,EAChD,MAAAA,EAAM,OAASD,EACTC,CACR,CAEA,IAAIL,EAAM,CACR,UAAW,EACb,EACIP,EAAe,KACfkB,EAAOR,EAAQ,QAAQ,MAAM,CAAC,EAClC,OAAOnB,EAAK,SAASmB,EAAQ,WAAW,EAAG,CAC3C,KAAKlB,EAAI,KAAK,KACZ,GAAG0B,EAAK,WAAa3B,EAAK,MAAM,WAC7B2B,EAAK,OAAS3B,EAAK,KAAK,YACzB,MAAM,IAAI,MAAM,mDAAmD,EAErES,EAAemB,GAAiBD,CAAI,EAAE,MACtC,MACF,KAAK1B,EAAI,KAAK,cACZQ,EAAeiC,GAAqBf,EAAMT,CAAQ,EAClDF,EAAI,UAAY,GAChB,MACF,QACE,IAAIK,EAAQ,IAAI,MAAM,kCAAkC,EACxD,MAAAA,EAAM,YAAcrB,EAAK,SAASmB,EAAQ,WAAW,EAC/CE,CACR,CAEAL,EAAI,SAAW2B,GAAoBlC,EAAcQ,EAAQC,CAAQ,EACjEI,EAAI,aAAa,KAAKN,CAAG,CAC3B,CACF,CAUA,SAAS0B,GAAqBf,EAAMT,EAAU,CAC5C,IAAIC,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAACpB,EAAK,SACP2B,EAAM5B,GAAM,MAAM,KAAK,uBAAwBoB,EAASC,CAAM,EAAG,CACjE,IAAIC,EAAQ,IAAI,MAAM,mCAAmC,EACzD,MAAAA,EAAM,OAASD,EACTC,CACR,CAEA,IAAIuB,EAAM5C,EAAK,SAASmB,EAAQ,WAAW,EAC3C,GAAGyB,IAAQ3C,EAAI,KAAK,KAAM,CACxB,IAAIoB,EAAQ,IAAI,MACd,uDAAuD,EACzD,MAAAA,EAAM,IAAMuB,EACNvB,CACR,CAGAuB,EAAM5C,EAAK,SAASmB,EAAQ,YAAY,EACxC,IAAI0B,EAAS5C,EAAI,IAAI,UAAU2C,EAAKzB,EAAQ,aAAcD,CAAQ,EAG9D4B,EAAuBlB,GAAiBT,EAAQ,oBAAoB,EACpE4B,EAAYhD,GAAM,KAAK,aAAa+C,EAAqB,KAAK,EAGlE,GADAD,EAAO,OAAOE,CAAS,EACpB,CAACF,EAAO,OAAO,EAChB,MAAM,IAAI,MAAM,yCAAyC,EAG3D,OAAOA,EAAO,OAAO,SAAS,CAChC,CAaA,SAASF,GAAoBlC,EAAcQ,EAAQC,EAAU,CAE3D,GAAG,CAACD,GAAUR,EAAa,SAAW,EACpC,MAAO,CAAC,EAMV,GAFAA,EAAeT,EAAK,QAAQS,EAAcQ,CAAM,EAE7CR,EAAa,WAAaT,EAAK,MAAM,WACtCS,EAAa,OAAST,EAAK,KAAK,UAChCS,EAAa,cAAgB,GAC7B,MAAM,IAAI,MACR,4DAA4D,EAIhE,QADIuC,EAAM,CAAC,EACHT,EAAI,EAAGA,EAAI9B,EAAa,MAAM,OAAQ8B,IAAK,CACjD,IAAIU,EAAUxC,EAAa,MAAM8B,CAAC,EAG9BpB,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAACpB,EAAK,SAASiD,EAAS5C,GAAkBc,EAASC,CAAM,EAAG,CAC7D,IAAIC,EAAQ,IAAI,MAAM,sBAAsB,EAC5C,MAAAA,EAAM,OAASD,EACTC,CACR,CAGA,IAAIN,EAAM,CACR,KAAMf,EAAK,SAASmB,EAAQ,KAAK,EACjC,WAAY+B,GAAqB/B,EAAQ,aAAa,CACxD,EACA6B,EAAI,KAAKjC,CAAG,EAEZ,IAAIoC,EAAWC,EACXC,EAAUlC,EAAQ,SAAS,MAAM,CAAC,EACtC,OAAOJ,EAAI,KAAM,CACf,KAAKd,EAAI,KAAK,oBAKZ,GADAoD,EAAUpD,EAAI,sBAAsBoD,EAASnC,CAAQ,EAClDmC,IAAY,KACb,MAAM,IAAI,MACR,0DAA0D,EAIhE,KAAKpD,EAAI,KAAK,OAIZ,GAAI,CACFc,EAAI,IAAMd,EAAI,mBAAmBoD,CAAO,CAC1C,MAAW,CAETtC,EAAI,IAAM,KACVA,EAAI,KAAOsC,CACb,CACA,SAEF,KAAKpD,EAAI,KAAK,QAIZkD,EAAY5C,GACZ6C,EAAU,UAAW,CACnB,GAAGpD,EAAK,SAASmB,EAAQ,MAAM,IAAMlB,EAAI,KAAK,gBAAiB,CAC7D,IAAIoB,EAAQ,IAAI,MACd,qDAAqD,EACvD,MAAAA,EAAM,IAAMrB,EAAK,SAASmB,EAAQ,MAAM,EAClCE,CACR,CAGA,IAAIiC,EAAWtD,EAAK,QAAQmB,EAAQ,KAAMF,CAAM,EAChD,GAAI,CACFF,EAAI,KAAOd,EAAI,oBAAoBqD,EAAU,EAAI,CACnD,MAAW,CAETvC,EAAI,KAAO,KACXA,EAAI,KAAOuC,CACb,CACF,EACA,MAEF,QACE,IAAIjC,EAAQ,IAAI,MAAM,mCAAmC,EACzD,MAAAA,EAAM,IAAMN,EAAI,KACVM,CACV,CAGA,GAAG8B,IAAc,QACd,CAACnD,EAAK,SAASqD,EAASF,EAAWhC,EAASC,CAAM,EAAG,CACtD,IAAIC,EAAQ,IAAI,MAAM,uBAAyB8B,EAAU,IAAI,EAC7D,MAAA9B,EAAM,OAASD,EACTC,CACR,CAGA+B,EAAQ,CACV,CAEA,OAAOJ,CACT,CASA,SAASE,GAAqBK,EAAY,CACxC,IAAIC,EAAe,CAAC,EAEpB,GAAGD,IAAe,OAChB,QAAQhB,EAAI,EAAGA,EAAIgB,EAAW,OAAQ,EAAEhB,EAAG,CACzC,IAAIpB,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAACpB,EAAK,SAASuD,EAAWhB,CAAC,EAAGjC,GAAoBa,EAASC,CAAM,EAAG,CACrE,IAAIC,EAAQ,IAAI,MAAM,mCAAmC,EACzD,MAAAA,EAAM,OAASD,EACTC,CACR,CAEA,IAAIuB,EAAM5C,EAAK,SAASmB,EAAQ,GAAG,EACnC,GAAGlB,EAAI,KAAK2C,CAAG,IAAM,OAKrB,CAAAY,EAAavD,EAAI,KAAK2C,CAAG,CAAC,EAAI,CAAC,EAC/B,QAAQ9B,EAAI,EAAGA,EAAIK,EAAQ,OAAO,OAAQ,EAAEL,EAC1C0C,EAAavD,EAAI,KAAK2C,CAAG,CAAC,EAAE,KAAKzB,EAAQ,OAAOL,CAAC,EAAE,KAAK,EAE5D,CAGF,OAAO0C,CACT,CA+BAtD,GAAI,aAAe,SAASuD,EAAKC,EAAMxC,EAAUyC,EAAS,CAExDA,EAAUA,GAAW,CAAC,EACtBA,EAAQ,SAAWA,EAAQ,UAAY,EACvCA,EAAQ,MAAQA,EAAQ,OAAS,KACjCA,EAAQ,UAAYA,EAAQ,WAAaA,EAAQ,cAAgB,SAC5D,WAAYA,IACfA,EAAQ,OAAS,IAEd,eAAgBA,IACnBA,EAAQ,WAAa,MAElB,uBAAwBA,IAC3BA,EAAQ,mBAAqB,IAG/B,IAAIlC,EAAakC,EAAQ,WACrBC,EACJ,GAAGnC,IAAe,KAChBA,EAAa1B,GAAM,KAAK,WAAW0B,CAAU,UACrCkC,EAAQ,mBAEhB,GAAGD,EAAM,CACP,IAAIG,EAAa9D,GAAM,KAAK,QAAQ2D,CAAI,EAAIA,EAAK,CAAC,EAAIA,EACnD,OAAOG,GAAe,WACvBA,EAAa5D,EAAI,mBAAmB4D,CAAU,GAEhD,IAAIC,EAAO/D,GAAM,GAAG,KAAK,OAAO,EAChC+D,EAAK,OAAO9D,EAAK,MAAMC,EAAI,kBAAkB4D,CAAU,CAAC,EAAE,SAAS,CAAC,EACpEpC,EAAaqC,EAAK,OAAO,EAAE,SAAS,CACtC,MAIErC,EAAa1B,GAAM,OAAO,SAAS,EAAE,EAIzC,IAAIgE,EAAQ,CAAC,EACVtC,IAAe,MAChBsC,EAAM,KAEJ/D,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASC,EAAI,KAAK,UAAU,EAAE,SAAS,CAAC,EAE/CD,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAAM,CACrDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GACvDyB,CAAU,CACd,CAAC,CACH,CAAC,CAAC,EAEH,iBAAkBkC,GACnBI,EAAM,KAEJ/D,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASC,EAAI,KAAK,YAAY,EAAE,SAAS,CAAC,EAEjDD,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAAM,CACrDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,UAAW,GACrD2D,EAAQ,YAAY,CACxB,CAAC,CACH,CAAC,CAAC,EAGHI,EAAM,OAAS,IAChBH,EAAW5D,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAAM+D,CAAK,GAIzE,IAAIC,EAAW,CAAC,EAGZC,EAAQ,CAAC,EACVP,IAAS,OACP3D,GAAM,KAAK,QAAQ2D,CAAI,EACxBO,EAAQP,EAERO,EAAQ,CAACP,CAAI,GAKjB,QADIQ,EAAe,CAAC,EACZ3B,EAAI,EAAGA,EAAI0B,EAAM,OAAQ,EAAE1B,EAAG,CAEpCmB,EAAOO,EAAM1B,CAAC,EACX,OAAOmB,GAAS,WACjBA,EAAOzD,EAAI,mBAAmByD,CAAI,GAIpC,IAAIS,EAAgB5B,IAAM,EAAKqB,EAAW,OACtCN,EAAWrD,EAAI,kBAAkByD,CAAI,EACrCU,EACFpE,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASC,EAAI,KAAK,OAAO,EAAE,SAAS,CAAC,EAE5CD,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAEhDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASC,EAAI,KAAK,eAAe,EAAE,SAAS,CAAC,EAEpDD,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAChDA,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAC7CA,EAAK,MAAMsD,CAAQ,EAAE,SAAS,CAAC,CACnC,CAAC,CAAC,CAAC,CAAC,CAAC,EAETa,CACF,CAAC,EACHD,EAAa,KAAKE,CAAW,CAC/B,CAEA,GAAGF,EAAa,OAAS,EAAG,CAE1B,IAAIG,EAAmBrE,EAAK,OAC1BA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAMkE,CAAY,EAG1DI,EAEFtE,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAE/CA,EAAK,SAASC,EAAI,KAAK,IAAI,EAAE,SAAS,CAAC,EAEzCD,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAChDA,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAC7CA,EAAK,MAAMqE,CAAgB,EAAE,SAAS,CAAC,CAC3C,CAAC,CACH,CAAC,EACHL,EAAS,KAAKM,CAAM,CACtB,CAGA,IAAIC,EAAS,KACb,GAAGd,IAAQ,KAAM,CAEf,IAAIe,EAASvE,EAAI,kBAAkBA,EAAI,iBAAiBwD,CAAG,CAAC,EACzDvC,IAAa,KAEdqD,EAASvE,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEnEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASC,EAAI,KAAK,MAAM,EAAE,SAAS,CAAC,EAE3CD,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAEhDwE,CACF,CAAC,EAEDZ,CACF,CAAC,EAGDW,EAASvE,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEnEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASC,EAAI,KAAK,mBAAmB,EAAE,SAAS,CAAC,EAExDD,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAEhDC,EAAI,sBAAsBuE,EAAQtD,EAAUyC,CAAO,CACrD,CAAC,EAEDC,CACF,CAAC,EAIH,IAAIa,EACFzE,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAACuE,CAAM,CAAC,EAGlEG,EAEF1E,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAE/CA,EAAK,SAASC,EAAI,KAAK,IAAI,EAAE,SAAS,CAAC,EAEzCD,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAChDA,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAC7CA,EAAK,MAAMyE,CAAe,EAAE,SAAS,CAAC,CAC1C,CAAC,CACH,CAAC,EACHT,EAAS,KAAKU,CAAK,CACrB,CAGA,IAAIC,EAAO3E,EAAK,OACdA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAMgE,CAAQ,EAEtDY,EACJ,GAAGjB,EAAQ,OAAQ,CAEjB,IAAIG,EAAO/D,GAAM,GAAG,KAAK,OAAO,EAC5BiC,EAAU,IAAIjC,GAAM,KAAK,WAC3BA,GAAM,OAAO,SAAS4D,EAAQ,QAAQ,CAAC,EACrCkB,GAAQlB,EAAQ,MAEhBF,EAAMvD,GAAI,YAAYgB,EAAUc,EAAS,EAAG6C,GAAO,EAAE,EACrD1C,GAAMpC,GAAM,KAAK,OAAO,EAC5BoC,GAAI,MAAM2B,EAAML,CAAG,EACnBtB,GAAI,OAAOnC,EAAK,MAAM2E,CAAI,EAAE,SAAS,CAAC,EACtC,IAAIvC,GAAWD,GAAI,OAAO,EAC1ByC,EAAU5E,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEpEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASC,EAAI,KAAK,IAAI,EAAE,SAAS,CAAC,EAEzCD,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CAC7D,CAAC,EAEDA,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAChC,GAAOoC,GAAS,SAAS,CAAC,CAC9B,CAAC,EAEDpC,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAAOgC,EAAQ,SAAS,CAAC,EAExEhC,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDA,EAAK,aAAa6E,EAAK,EAAE,SAAS,CACpC,CACF,CAAC,CACH,CAGA,OAAO7E,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEjEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDA,EAAK,aAAa,CAAC,EAAE,SAAS,CAAC,EAEjCA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAE/CA,EAAK,SAASC,EAAI,KAAK,IAAI,EAAE,SAAS,CAAC,EAEzCD,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAChDA,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAC7CA,EAAK,MAAM2E,CAAI,EAAE,SAAS,CAAC,CAC/B,CAAC,CACH,CAAC,EACDC,CACF,CAAC,CACH,EAeA1E,GAAI,YAAcH,GAAM,IAAI,oBCjjC5B,IAAA+E,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAQA,IAAIC,GAAQ,IACZ,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KAGA,IAAIC,GAAOD,GAAM,KAGbE,GAAMH,GAAO,QAAUC,GAAM,IAAMA,GAAM,KAAO,CAAC,EAWrDE,GAAI,SAAW,SAASC,EAAK,CAC3B,IAAIC,EAAMJ,GAAM,IAAI,OAAOG,CAAG,EAAE,CAAC,EACjC,GAAGC,EAAI,UAAYA,EAAI,SAAS,OAAS,YACvC,MAAM,IAAI,MAAM,iDAAiD,EAEnE,OAAOJ,GAAM,KAAK,aAAaI,EAAI,IAAI,CACzC,EASAF,GAAI,kBAAoB,SAASC,EAAK,CACpC,IAAIC,EAAMJ,GAAM,IAAI,OAAOG,CAAG,EAAE,CAAC,EAEjC,GAAGC,EAAI,OAAS,eAAiBA,EAAI,OAAS,kBAAmB,CAC/D,IAAIC,EAAQ,IAAI,MAAM,oGACoC,EAC1D,MAAAA,EAAM,WAAaD,EAAI,KACjBC,CACR,CACA,GAAGD,EAAI,UAAYA,EAAI,SAAS,OAAS,YACvC,MAAM,IAAI,MAAM,2DAA2D,EAI7E,IAAIE,EAAML,GAAK,QAAQG,EAAI,IAAI,EAE/B,OAAOF,GAAI,mBAAmBI,CAAG,CACnC,EAUAJ,GAAI,gBAAkB,SAASK,EAAKC,EAAS,CAE3C,IAAIJ,EAAM,CACR,KAAM,kBACN,KAAMH,GAAK,MAAMC,GAAI,iBAAiBK,CAAG,CAAC,EAAE,SAAS,CACvD,EACA,OAAOP,GAAM,IAAI,OAAOI,EAAK,CAAC,QAASI,CAAO,CAAC,CACjD,EAUAN,GAAI,oBAAsB,SAASA,EAAKM,EAAS,CAE/C,IAAIJ,EAAM,CACR,KAAM,cACN,KAAMH,GAAK,MAAMC,CAAG,EAAE,SAAS,CACjC,EACA,OAAOF,GAAM,IAAI,OAAOI,EAAK,CAAC,QAASI,CAAO,CAAC,CACjD,ICrGA,IAAAC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAwOA,IAAIC,EAAQ,IACZ,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KAiDA,IAAIC,GAAW,SAASC,EAAQC,EAAOC,EAAMC,EAAQ,CACnD,IAAIC,EAAON,EAAM,KAAK,aAAa,EAM/BO,EAAOL,EAAO,QAAU,EACxBM,EAAOD,GAAOL,EAAO,OAAS,GAC9BO,EAAKP,EAAO,OAAO,EAAGM,CAAI,EAC1BE,EAAKR,EAAO,OAAOK,EAAKC,CAAI,EAC5BG,EAAKX,EAAM,KAAK,aAAa,EAC7BY,EAAOZ,EAAM,KAAK,OAAO,EAC7BI,EAAOD,EAAQC,EAIf,IAAIS,EAAS,KAAK,KAAKR,EAAS,EAAE,EAC9BS,EAAU,KAAK,KAAKT,EAAS,EAAE,EAGnCO,EAAK,MAAM,MAAOH,CAAE,EACpB,IAAIM,EAAWf,EAAM,KAAK,aAAa,EACvCW,EAAG,SAASP,CAAI,EAChB,QAAQY,EAAI,EAAGA,EAAIH,EAAQ,EAAEG,EAE3BJ,EAAK,MAAM,KAAM,IAAI,EACrBA,EAAK,OAAOD,EAAG,SAAS,CAAC,EACzBA,EAAG,UAAUC,EAAK,OAAO,CAAC,EAG1BA,EAAK,MAAM,KAAM,IAAI,EACrBA,EAAK,OAAOD,EAAG,MAAM,EAAIP,CAAI,EAC7BW,EAAS,UAAUH,EAAK,OAAO,CAAC,EAIlCA,EAAK,MAAM,OAAQF,CAAE,EACrB,IAAIO,EAAYjB,EAAM,KAAK,aAAa,EACxCW,EAAG,MAAM,EACTA,EAAG,SAASP,CAAI,EAChB,QAAQY,EAAI,EAAGA,EAAIF,EAAS,EAAEE,EAE5BJ,EAAK,MAAM,KAAM,IAAI,EACrBA,EAAK,OAAOD,EAAG,SAAS,CAAC,EACzBA,EAAG,UAAUC,EAAK,OAAO,CAAC,EAG1BA,EAAK,MAAM,KAAM,IAAI,EACrBA,EAAK,OAAOD,EAAG,MAAM,EAAIP,CAAI,EAC7Ba,EAAU,UAAUL,EAAK,OAAO,CAAC,EAInC,OAAAN,EAAK,SAASN,EAAM,KAAK,SACvBe,EAAS,SAAS,EAAGE,EAAU,SAAS,EAAGZ,CAAM,CAAC,EAE7CC,CACT,EAyBIY,GAAY,SAASC,EAAKC,EAAQC,EAAQ,CAS5C,IAAIT,EAAOZ,EAAM,KAAK,OAAO,EAC7BY,EAAK,MAAM,OAAQO,CAAG,EACtB,IAAIG,EAAItB,EAAM,KAAK,aAAa,EAChC,OAAAsB,EAAE,SAASF,EAAO,CAAC,CAAC,EACpBE,EAAE,SAASF,EAAO,CAAC,CAAC,EACpBE,EAAE,QAAQD,EAAO,IAAI,EACrBC,EAAE,QAAQD,EAAO,QAAQ,KAAK,EAC9BC,EAAE,QAAQD,EAAO,QAAQ,KAAK,EAC9BC,EAAE,SAASD,EAAO,MAAM,EACxBC,EAAE,SAASD,EAAO,SAAS,MAAM,CAAC,EAClCT,EAAK,OAAOU,EAAE,SAAS,CAAC,EACjBV,EAAK,OAAO,EAAE,SAAS,CAChC,EAYIW,GAAU,SAASC,EAAGH,EAAQI,EAAG,CACnC,IAAInB,EAAO,GAEX,GAAI,CACF,IAAIoB,EAAQF,EAAE,QAAQH,EAAO,SAAS,SAAS,CAAC,EAChDA,EAAO,SAAWrB,EAAM,KAAK,aAAa0B,CAAK,EAC/CL,EAAO,OAASK,EAAM,OACtBpB,EAAO,EACT,MAAY,CAEZ,CAEA,OAAOA,CACT,EAYIqB,GAAU,SAASH,EAAGH,EAAQI,EAAG,CACnC,IAAInB,EAAO,GAEX,GAAI,CACF,IAAIoB,EAAQF,EAAE,QAAQH,EAAO,SAAS,SAAS,CAAC,EAChDA,EAAO,SAAWrB,EAAM,KAAK,aAAa0B,CAAK,EAC/CL,EAAO,OAASK,EAAM,OACtBpB,EAAO,EACT,MAAY,CAEZ,CAEA,OAAOA,CACT,EAkBIsB,GAAa,SAASN,EAAGO,EAAU,CACrC,IAAIC,EAAM,EACV,OAAOD,EAAU,CACjB,IAAK,GACHC,EAAMR,EAAE,QAAQ,EAChB,MACF,IAAK,GACHQ,EAAMR,EAAE,SAAS,EACjB,MACF,IAAK,GACHQ,EAAMR,EAAE,SAAS,EACjB,MACF,IAAK,GACHQ,EAAMR,EAAE,SAAS,EACjB,KACF,CAGA,OAAOtB,EAAM,KAAK,aAAasB,EAAE,SAASQ,CAAG,CAAC,CAChD,EASIC,GAAc,SAAST,EAAGO,EAAUG,EAAG,CAIzCV,EAAE,OAAOU,EAAE,OAAO,EAAGH,GAAY,CAAC,EAClCP,EAAE,UAAUU,CAAC,CACf,EAKIC,EAAM,CAAC,EAOXA,EAAI,SAAW,CACb,QAAS,CAAC,MAAO,EAAG,MAAO,CAAC,EAC5B,QAAS,CAAC,MAAO,EAAG,MAAO,CAAC,EAC5B,QAAS,CAAC,MAAO,EAAG,MAAO,CAAC,CAC9B,EACAA,EAAI,kBAAoB,CACtBA,EAAI,SAAS,QACbA,EAAI,SAAS,OACf,EACAA,EAAI,QAAUA,EAAI,kBAAkB,CAAC,EAMrCA,EAAI,YAAc,MAMlBA,EAAI,cAAgB,CAClB,OAAQ,EACR,OAAQ,CACV,EAOAA,EAAI,aAAe,CACjB,eAAgB,CAClB,EAMAA,EAAI,oBAAsB,CACxB,KAAM,KACN,IAAK,EACL,KAAM,EACN,IAAK,CACP,EAMAA,EAAI,WAAa,CACf,OAAQ,EACR,MAAO,EACP,KAAM,CACR,EAOAA,EAAI,aAAe,CACjB,KAAM,KACN,SAAU,EACV,UAAW,EACX,YAAa,EACb,YAAa,EACb,YAAa,CACf,EAMAA,EAAI,kBAAoB,CACtB,KAAM,EACN,QAAS,CACX,EASAA,EAAI,YAAc,CAChB,mBAAoB,GACpB,MAAO,GACP,UAAW,GACX,iBAAkB,GAClB,UAAW,EACb,EAYAA,EAAI,cAAgB,CAClB,cAAe,EACf,aAAc,EACd,aAAc,EACd,YAAa,GACb,oBAAqB,GACrB,oBAAqB,GACrB,kBAAmB,GACnB,mBAAoB,GACpB,oBAAqB,GACrB,SAAU,EACZ,EAuCAA,EAAI,MAAQ,CAAC,EACbA,EAAI,MAAM,MAAQ,CAChB,QAAS,EACT,MAAO,CACT,EACAA,EAAI,MAAM,YAAc,CACtB,aAAc,EACd,mBAAoB,GACpB,eAAgB,GAChB,kBAAmB,GACnB,gBAAiB,GACjB,sBAAuB,GACvB,kBAAmB,GACnB,gBAAiB,GACjB,wBAAyB,GACzB,oBAAqB,GACrB,oBAAqB,GACrB,oBAAqB,GACrB,kBAAmB,GACnB,WAAY,GACZ,cAAe,GACf,aAAc,GACd,cAAe,GACf,mBAAoB,GACpB,iBAAkB,GAClB,sBAAuB,GACvB,eAAgB,GAChB,cAAe,GACf,iBAAkB,GACpB,EAUAA,EAAI,qBAAuB,CACzB,kBAAmB,EACnB,mBAAoB,CACtB,EAKAA,EAAI,aAAe,CAAC,EASpBA,EAAI,eAAiB,SAASC,EAAU,CACtC,IAAI5B,EAAO,KACX,QAAQa,KAAOc,EAAI,aAAc,CAC/B,IAAIE,EAAKF,EAAI,aAAad,CAAG,EAC7B,GAAGgB,EAAG,GAAG,CAAC,IAAMD,EAAS,WAAW,CAAC,GACnCC,EAAG,GAAG,CAAC,IAAMD,EAAS,WAAW,CAAC,EAAG,CACrC5B,EAAO6B,EACP,KACF,CACF,CACA,OAAO7B,CACT,EAQA2B,EAAI,iBAAmB,SAAST,EAAGH,EAAQ,CAEzC,IAAIe,EAAU,CAACZ,EAAE,MAAQA,EAAE,SAAWS,EAAI,cAAc,OACpDG,GACFZ,EAAE,MAAMA,EAAG,CACT,QAAS,wDACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,kBACrC,CACF,CAAC,CAEL,EASAA,EAAI,mBAAqB,SAAST,EAAGH,EAAQhB,EAAQ,CAGhD,CAACmB,EAAE,aAAeA,EAAE,WAAa,IAElCS,EAAI,MAAMT,EAAGS,EAAI,YAAYT,EAAG,CAC7B,MAAOS,EAAI,MAAM,MAAM,QACvB,YAAaA,EAAI,MAAM,YAAY,gBACtC,CAAC,CAAC,EACFA,EAAI,MAAMT,CAAC,GAIbA,EAAE,QAAQ,CACZ,EASAS,EAAI,kBAAoB,SAAST,EAAGH,EAAQhB,EAAQ,CAClD,IAAIgC,EAAM,KAENC,EAAUd,EAAE,SAAWS,EAAI,cAAc,OAG7C,GAAG5B,EAAS,GACVmB,EAAE,MAAMA,EAAG,CACT,QAASc,EACP,kDACA,kDACF,KAAM,GACN,MAAO,CACL,MAAOL,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,iBACrC,CACF,CAAC,MACI,CAEL,IAAIX,EAAID,EAAO,SACXkB,EAAYjB,EAAE,OAAO,EAoBzB,GAnBAe,EAAM,CACJ,QAAS,CACP,MAAOf,EAAE,QAAQ,EACjB,MAAOA,EAAE,QAAQ,CACnB,EACA,OAAQtB,EAAM,KAAK,aAAasB,EAAE,SAAS,EAAE,CAAC,EAC9C,WAAYM,GAAWN,EAAG,CAAC,EAC3B,WAAY,CAAC,CACf,EACGgB,GACDD,EAAI,aAAef,EAAE,SAAS,CAAC,EAC/Be,EAAI,mBAAqBf,EAAE,QAAQ,IAEnCe,EAAI,cAAgBT,GAAWN,EAAG,CAAC,EACnCe,EAAI,oBAAsBT,GAAWN,EAAG,CAAC,GAI3CiB,EAAYlC,GAAUkC,EAAYjB,EAAE,OAAO,GACxCiB,EAAY,EAAG,CAGhB,QADIC,EAAOZ,GAAWN,EAAG,CAAC,EACpBkB,EAAK,OAAO,EAAI,GACpBH,EAAI,WAAW,KAAK,CAClB,KAAM,CAACG,EAAK,QAAQ,EAAGA,EAAK,QAAQ,CAAC,EACrC,KAAMZ,GAAWY,EAAM,CAAC,CAC1B,CAAC,EAIH,GAAG,CAACF,EACF,QAAQtB,EAAI,EAAGA,EAAIqB,EAAI,WAAW,OAAQ,EAAErB,EAAG,CAC7C,IAAIyB,EAAMJ,EAAI,WAAWrB,CAAC,EAG1B,GAAGyB,EAAI,KAAK,CAAC,IAAM,GAAQA,EAAI,KAAK,CAAC,IAAM,EAGzC,QADIC,EAAMd,GAAWa,EAAI,KAAM,CAAC,EAC1BC,EAAI,OAAO,EAAI,GAAG,CAEtB,IAAIC,EAASD,EAAI,QAAQ,EAIzB,GAAGC,IAAW,EACZ,MAIFnB,EAAE,QAAQ,WAAW,YAAY,eAAe,KAC9CI,GAAWc,EAAK,CAAC,EAAE,SAAS,CAAC,CACjC,CAEJ,CAEJ,CAGA,GAAGlB,EAAE,QAAQ,UACRa,EAAI,QAAQ,QAAUb,EAAE,QAAQ,QAAQ,OACzCa,EAAI,QAAQ,QAAUb,EAAE,QAAQ,QAAQ,OACxC,OAAOA,EAAE,MAAMA,EAAG,CAChB,QAAS,yDACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,gBACrC,CACF,CAAC,EAKL,GAAGK,EAEDd,EAAE,QAAQ,YAAcS,EAAI,eAAeI,EAAI,YAAY,MAK3D,SADIO,EAAM5C,EAAM,KAAK,aAAaqC,EAAI,cAAc,MAAM,CAAC,EACrDO,EAAI,OAAO,EAAI,IAGnBpB,EAAE,QAAQ,YAAcS,EAAI,eAAeW,EAAI,SAAS,CAAC,CAAC,EACvDpB,EAAE,QAAQ,cAAgB,OAA7B,CAOJ,GAAGA,EAAE,QAAQ,cAAgB,KAC3B,OAAOA,EAAE,MAAMA,EAAG,CAChB,QAAS,8BACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,iBACrC,EACA,YAAajC,EAAM,KAAK,WAAWqC,EAAI,YAAY,CACrD,CAAC,EAIAC,EACDd,EAAE,QAAQ,kBAAoBa,EAAI,mBAGlCb,EAAE,QAAQ,kBAAoBS,EAAI,kBAAkB,IAExD,CAEA,OAAOI,CACT,EASAJ,EAAI,yBAA2B,SAAST,EAAGa,EAAK,CAQ9C,IAAIC,EAAUd,EAAE,SAAWS,EAAI,cAAc,OACzCY,EAAYR,EAAI,OAAO,MAAM,EAC7BS,EAAUR,EAASd,EAAE,QAAQ,GAAG,cAAgBqB,EAChDE,EAAUT,EAASO,EAAYZ,EAAI,aAAa,EAAE,SAAS,EAG/DT,EAAE,QAAQ,GAAK,CACb,OAAQA,EAAE,OACV,cAAeS,EAAI,aAAa,eAChC,sBAAuB,KACvB,YAAa,KACb,eAAgB,KAChB,aAAc,KACd,gBAAiB,KACjB,iBAAkB,KAClB,cAAe,KACf,WAAY,KACZ,eAAgB,KAChB,sBAAuBT,EAAE,QAAQ,kBACjC,kBAAmB,KACnB,cAAe,KACf,cAAesB,EACf,cAAeC,CACjB,CACF,EA6BAd,EAAI,kBAAoB,SAAST,EAAGH,EAAQhB,EAAQ,CAClD,IAAIgC,EAAMJ,EAAI,kBAAkBT,EAAGH,EAAQhB,CAAM,EACjD,GAAG,CAAAmB,EAAE,KAKL,IAAGa,EAAI,QAAQ,OAASb,EAAE,QAAQ,MAChCA,EAAE,QAAQ,MAAQa,EAAI,QAAQ,UAE9B,QAAOb,EAAE,MAAMA,EAAG,CAChB,QAAS,4BACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,gBACrC,CACF,CAAC,EAIHT,EAAE,QAAQ,QAAUA,EAAE,QAGtB,IAAIwB,EAAYX,EAAI,WAAW,MAAM,EAIlCW,EAAU,OAAS,GAAKA,IAAcxB,EAAE,QAAQ,IAEjDA,EAAE,OAASyB,GACXzB,EAAE,QAAQ,SAAW,GAGrBA,EAAE,QAAQ,GAAG,cAAgBa,EAAI,OAAO,MAAM,IAG9Cb,EAAE,OAAS0B,GACX1B,EAAE,QAAQ,SAAW,GAGrBS,EAAI,yBAAyBT,EAAGa,CAAG,GAIrCb,EAAE,QAAQ,GAAKwB,EAGfxB,EAAE,QAAQ,EACZ,EAeAS,EAAI,kBAAoB,SAAST,EAAGH,EAAQhB,EAAQ,CAClD,IAAIgC,EAAMJ,EAAI,kBAAkBT,EAAGH,EAAQhB,CAAM,EACjD,GAAG,CAAAmB,EAAE,KAKL,KAAIwB,EAAYX,EAAI,WAAW,MAAM,EAGjCc,EAAU,KAuBd,GAtBG3B,EAAE,eACH2B,EAAU3B,EAAE,aAAa,WAAWwB,CAAS,EAC1CG,IAAY,KAEbH,EAAY,IACJG,EAAQ,QAAQ,QAAUd,EAAI,QAAQ,OAC9Cc,EAAQ,QAAQ,MAAQd,EAAI,QAAQ,SAEpCc,EAAU,KACVH,EAAY,KAKbA,EAAU,SAAW,IACtBA,EAAYhD,EAAM,OAAO,SAAS,EAAE,GAItCwB,EAAE,QAAQ,GAAKwB,EACfxB,EAAE,QAAQ,mBAAqBa,EAAI,QACnCb,EAAE,QAAQ,GAAK,CAAC,EACb2B,EAED3B,EAAE,QAAUA,EAAE,QAAQ,QAAU2B,EAAQ,QACxC3B,EAAE,QAAQ,GAAK2B,EAAQ,OAClB,CAGL,QADIC,EACIpC,EAAI,EAAGA,EAAIiB,EAAI,kBAAkB,SACvCmB,EAAUnB,EAAI,kBAAkBjB,CAAC,EAC9B,EAAAoC,EAAQ,OAASf,EAAI,QAAQ,QAFe,EAAErB,EAEjD,CAIFQ,EAAE,QAAU,CAAC,MAAO4B,EAAQ,MAAO,MAAOA,EAAQ,KAAK,EACvD5B,EAAE,QAAQ,QAAUA,EAAE,OACxB,CAGG2B,IAAY,MAEb3B,EAAE,OAAS6B,GACX7B,EAAE,QAAQ,SAAW,GAGrBA,EAAE,QAAQ,GAAG,cAAgBa,EAAI,OAAO,MAAM,IAG9Cb,EAAE,OAAUA,EAAE,eAAiB,GAAS8B,GAAMC,GAC9C/B,EAAE,QAAQ,SAAW,GAGrBS,EAAI,yBAAyBT,EAAGa,CAAG,GAIrCb,EAAE,KAAO,GAGTS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,kBAAkBT,CAAC,CAC/B,CAAC,CAAC,EAECA,EAAE,QAAQ,UAEXS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,mBACtB,KAAMA,EAAI,uBAAuB,CACnC,CAAC,CAAC,EAGFT,EAAE,MAAM,QAAUS,EAAI,sBAAsBT,CAAC,EAG7CA,EAAE,MAAM,QAAQ,MAAQA,EAAE,MAAM,QAAQ,MAGxCS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,eAAeT,CAAC,CAC5B,CAAC,CAAC,IAGFS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,kBAAkBT,CAAC,CAC/B,CAAC,CAAC,EAEEA,EAAE,OAEJS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,wBAAwBT,CAAC,CACrC,CAAC,CAAC,EAGCA,EAAE,eAAiB,IAEpBS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,yBAAyBT,CAAC,CACtC,CAAC,CAAC,EAIJS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,sBAAsBT,CAAC,CACnC,CAAC,CAAC,IAKNS,EAAI,MAAMT,CAAC,EAGXA,EAAE,QAAQ,EACZ,EA2BAS,EAAI,kBAAoB,SAAST,EAAGH,EAAQhB,EAAQ,CAElD,GAAGA,EAAS,EACV,OAAOmB,EAAE,MAAMA,EAAG,CAChB,QAAS,kDACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,iBACrC,CACF,CAAC,EAGH,IAAIX,EAAID,EAAO,SACXgB,EAAM,CACR,iBAAkBT,GAAWN,EAAG,CAAC,CACnC,EAMIkC,EAAMC,EACNC,EAAQ,CAAC,EACb,GAAI,CACF,KAAMrB,EAAI,iBAAiB,OAAO,EAAI,GAEpCmB,EAAO5B,GAAWS,EAAI,iBAAkB,CAAC,EACzCoB,EAAOzD,EAAM,KAAK,QAAQwD,CAAI,EAC9BA,EAAOxD,EAAM,IAAI,oBAAoByD,EAAM,EAAI,EAC/CC,EAAM,KAAKF,CAAI,CAEnB,OAAQG,EAAI,CACV,OAAOnC,EAAE,MAAMA,EAAG,CAChB,QAAS,oCACT,MAAOmC,EACP,KAAM,GACN,MAAO,CACL,MAAO1B,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,eACrC,CACF,CAAC,CACH,CAKA,IAAIK,EAAUd,EAAE,SAAWS,EAAI,cAAc,QACzCK,GAAUd,EAAE,eAAiB,KAASkC,EAAM,SAAW,EAEzDlC,EAAE,MAAMA,EAAG,CACT,QAASc,EACP,kCACA,kCACF,KAAM,GACN,MAAO,CACL,MAAOL,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,iBACrC,CACF,CAAC,EACOyB,EAAM,SAAW,EAGzBlC,EAAE,OAASc,EAASsB,GAAML,IAGvBjB,EACDd,EAAE,QAAQ,kBAAoBkC,EAAM,CAAC,EAErClC,EAAE,QAAQ,kBAAoBkC,EAAM,CAAC,EAGpCzB,EAAI,uBAAuBT,EAAGkC,CAAK,IAEpClC,EAAE,OAASc,EAASsB,GAAML,KAK9B/B,EAAE,QAAQ,CACZ,EAsDAS,EAAI,wBAA0B,SAAST,EAAGH,EAAQhB,EAAQ,CAGxD,GAAGA,EAAS,EACV,OAAOmB,EAAE,MAAMA,EAAG,CAChB,QAAS,iDACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,uBACrC,CACF,CAAC,EAIHT,EAAE,OAASqC,GAGXrC,EAAE,QAAQ,CACZ,EASAS,EAAI,wBAA0B,SAAST,EAAGH,EAAQhB,EAAQ,CAGxD,GAAGA,EAAS,GACV,OAAOmB,EAAE,MAAMA,EAAG,CAChB,QAAS,iDACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,uBACrC,CACF,CAAC,EAGH,IAAIX,EAAID,EAAO,SACXgB,EAAM,CACR,sBAAuBT,GAAWN,EAAG,CAAC,EAAE,SAAS,CACnD,EAGIwC,EAAa,KACjB,GAAGtC,EAAE,cACH,GAAI,CACFsC,EAAatC,EAAE,cAAcA,EAAGA,EAAE,QAAQ,iBAAiB,EAC3DsC,EAAa9D,EAAM,IAAI,kBAAkB8D,CAAU,CACrD,OAAQH,EAAI,CACVnC,EAAE,MAAMA,EAAG,CACT,QAAS,6BACT,MAAOmC,EACP,KAAM,GACN,MAAO,CACL,MAAO1B,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,cACrC,CACF,CAAC,CACH,CAGF,GAAG6B,IAAe,KAChB,OAAOtC,EAAE,MAAMA,EAAG,CAChB,QAAS,sBACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,cACrC,CACF,CAAC,EAGH,GAAI,CAEF,IAAI8B,EAAKvC,EAAE,QAAQ,GACnBuC,EAAG,kBAAoBD,EAAW,QAAQzB,EAAI,qBAAqB,EAGnE,IAAIe,EAAU5B,EAAE,QAAQ,mBACxB,GAAG4B,EAAQ,QAAUW,EAAG,kBAAkB,WAAW,CAAC,GACpDX,EAAQ,QAAUW,EAAG,kBAAkB,WAAW,CAAC,EAEnD,MAAM,IAAI,MAAM,uCAAuC,CAE3D,MAAY,CAKVA,EAAG,kBAAoB/D,EAAM,OAAO,SAAS,EAAE,CACjD,CAKAwB,EAAE,OAAS6B,GACR7B,EAAE,QAAQ,oBAAsB,OAGjCA,EAAE,OAASwC,IAIbxC,EAAE,QAAQ,CACZ,EA6BAS,EAAI,yBAA2B,SAAST,EAAGH,EAAQhB,EAAQ,CAEzD,GAAGA,EAAS,EACV,OAAOmB,EAAE,MAAMA,EAAG,CAChB,QAAS,iDACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,iBACrC,CACF,CAAC,EAKH,IAAIX,EAAID,EAAO,SACXgB,EAAM,CACR,kBAAmBT,GAAWN,EAAG,CAAC,EAClC,wBAAyBM,GAAWN,EAAG,CAAC,CAC1C,EAGAE,EAAE,QAAQ,mBAAqBa,EAG/Bb,EAAE,OAASyC,GAGXzC,EAAE,QAAQ,CACZ,EASAS,EAAI,wBAA0B,SAAST,EAAGH,EAAQhB,EAAQ,CACxD,GAAGA,EAAS,EACV,OAAOmB,EAAE,MAAMA,EAAG,CAChB,QAAS,gDACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,iBACrC,CACF,CAAC,EAMH,IAAIX,EAAID,EAAO,SACfC,EAAE,MAAQ,EACV,IAAI4C,EAAW5C,EAAE,MAAM,EACvBA,EAAE,MAAQ,EAEV,IAAIe,EAAM,CACR,UAAWT,GAAWN,EAAG,CAAC,EAAE,SAAS,CACvC,EAKI6C,EAASnE,EAAM,KAAK,aAAa,EACrCmE,EAAO,UAAU3C,EAAE,QAAQ,IAAI,OAAO,CAAC,EACvC2C,EAAO,UAAU3C,EAAE,QAAQ,KAAK,OAAO,CAAC,EACxC2C,EAASA,EAAO,SAAS,EAEzB,GAAI,CACF,IAAIX,EAAOhC,EAAE,QAAQ,kBAIrB,GAAG,CAACgC,EAAK,UAAU,OAAOW,EAAQ9B,EAAI,UAAW,MAAM,EACrD,MAAM,IAAI,MAAM,6CAA6C,EAI/Db,EAAE,QAAQ,IAAI,OAAO0C,CAAQ,EAC7B1C,EAAE,QAAQ,KAAK,OAAO0C,CAAQ,CAChC,MAAY,CACV,OAAO1C,EAAE,MAAMA,EAAG,CAChB,QAAS,sCACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,iBACrC,CACF,CAAC,CACH,CAGAT,EAAE,OAAS6B,GAGX7B,EAAE,QAAQ,CACZ,EAyBAS,EAAI,sBAAwB,SAAST,EAAGH,EAAQhB,EAAQ,CAEtD,GAAGA,EAAS,EACV,OAAOmB,EAAE,MAAMA,EAAG,CAChB,QAAS,mDACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,eACrC,CACF,CAAC,EAGH,GAAGT,EAAE,oBAAsB,KAAM,CAE/B,IAAI4C,EAAQ,CACV,QAAS,uDACT,KAAM,GACN,MAAO,CACL,MAAOnC,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,qBACrC,CACF,EAGIoC,EAAQ,EACRC,EAAM9C,EAAE,OAAOA,EAAG4C,EAAM,MAAM,YAAaC,EAAO,CAAC,CAAC,EACxD,GAAGC,IAAQ,GAET,OAAGA,GAAOA,IAAQ,KAEb,OAAOA,GAAQ,UAAY,CAACtE,EAAM,KAAK,QAAQsE,CAAG,GAChDA,EAAI,UACLF,EAAM,QAAUE,EAAI,SAEnBA,EAAI,QACLF,EAAM,MAAM,YAAcE,EAAI,QAExB,OAAOA,GAAQ,WAEvBF,EAAM,MAAM,YAAcE,IAKvB9C,EAAE,MAAMA,EAAG4C,CAAK,CAE3B,CAGG5C,EAAE,QAAQ,qBAAuB,OAClCH,EAASY,EAAI,aAAaT,EAAG,CAC3B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,kBAAkBT,CAAC,CAC/B,CAAC,EACDS,EAAI,MAAMT,EAAGH,CAAM,GAIrBA,EAASY,EAAI,aAAaT,EAAG,CAC1B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,wBAAwBT,CAAC,CACtC,CAAC,EACDS,EAAI,MAAMT,EAAGH,CAAM,EAGnBG,EAAE,OAAS+C,GAGX,IAAIC,EAAW,SAAShD,EAAGiD,EAAW,CACjCjD,EAAE,QAAQ,qBAAuB,MAClCA,EAAE,QAAQ,oBAAsB,MAEhCS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,wBAAwBT,EAAGiD,CAAS,CAChD,CAAC,CAAC,EAIJxC,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,mBACtB,KAAMA,EAAI,uBAAuB,CACnC,CAAC,CAAC,EAGFT,EAAE,MAAM,QAAUS,EAAI,sBAAsBT,CAAC,EAG7CA,EAAE,MAAM,QAAQ,MAAQA,EAAE,MAAM,QAAQ,MAGxCS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,eAAeT,CAAC,CAC5B,CAAC,CAAC,EAGFA,EAAE,OAASyB,GAGXhB,EAAI,MAAMT,CAAC,EAGXA,EAAE,QAAQ,CACZ,EAIA,GAAGA,EAAE,QAAQ,qBAAuB,MAClCA,EAAE,QAAQ,oBAAsB,KAChC,OAAOgD,EAAShD,EAAG,IAAI,EAIzBS,EAAI,mBAAmBT,EAAGgD,CAAQ,CACpC,EAQAvC,EAAI,uBAAyB,SAAST,EAAGH,EAAQ,CAC/C,GAAGA,EAAO,SAAS,QAAQ,IAAM,EAC/B,OAAOG,EAAE,MAAMA,EAAG,CAChB,QAAS,6CACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,iBACrC,CACF,CAAC,EAMH,IAAIK,EAAUd,EAAE,SAAWS,EAAI,cAAc,QACzCT,EAAE,QAAQ,UAAYc,GAAY,CAACd,EAAE,QAAQ,UAAY,CAACc,KAC5Dd,EAAE,MAAM,QAAUS,EAAI,sBAAsBT,CAAC,GAI/CA,EAAE,MAAM,QAAQ,KAAOA,EAAE,MAAM,QAAQ,MAKnC,CAACA,EAAE,QAAQ,UAAYc,GAAYd,EAAE,QAAQ,UAAY,CAACc,KAC5Dd,EAAE,MAAM,QAAU,MAIpBA,EAAE,OAASc,EAASoC,GAAMC,GAG1BnD,EAAE,QAAQ,CACZ,EAyCAS,EAAI,eAAiB,SAAST,EAAGH,EAAQhB,EAAQ,CAI/C,IAAIiB,EAAID,EAAO,SACfC,EAAE,MAAQ,EACV,IAAI4C,EAAW5C,EAAE,MAAM,EACvBA,EAAE,MAAQ,EAGV,IAAIsD,EAAKvD,EAAO,SAAS,SAAS,EAGlCC,EAAItB,EAAM,KAAK,aAAa,EAC5BsB,EAAE,UAAUE,EAAE,QAAQ,IAAI,OAAO,CAAC,EAClCF,EAAE,UAAUE,EAAE,QAAQ,KAAK,OAAO,CAAC,EAGnC,IAAIc,EAAUd,EAAE,SAAWS,EAAI,cAAc,OACzC9B,EAAQmC,EAAS,kBAAoB,kBAGrCyB,EAAKvC,EAAE,QAAQ,GACfqD,EAAM,GACNC,EAAM7E,GAEV,GADAqB,EAAIwD,EAAIf,EAAG,cAAe5D,EAAOmB,EAAE,SAAS,EAAGuD,CAAG,EAC/CvD,EAAE,SAAS,IAAMsD,EAClB,OAAOpD,EAAE,MAAMA,EAAG,CAChB,QAAS,2CACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,aACrC,CACF,CAAC,EAIHT,EAAE,QAAQ,IAAI,OAAO0C,CAAQ,EAC7B1C,EAAE,QAAQ,KAAK,OAAO0C,CAAQ,GAG1B1C,EAAE,QAAQ,UAAYc,GAAY,CAACd,EAAE,QAAQ,UAAY,CAACc,KAE5DL,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,mBACtB,KAAMA,EAAI,uBAAuB,CACnC,CAAC,CAAC,EAGFT,EAAE,MAAM,QAAQ,MAAQA,EAAE,MAAM,QAAQ,MACxCA,EAAE,MAAM,QAAU,KAGlBS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,eAAeT,CAAC,CAC5B,CAAC,CAAC,GAIJA,EAAE,OAASc,EAASyC,GAAMC,GAG1BxD,EAAE,YAAc,GAChB,EAAEA,EAAE,WAGJA,EAAE,gBAAkBc,EAClBd,EAAE,QAAQ,kBAAoBA,EAAE,QAAQ,kBAG1CS,EAAI,MAAMT,CAAC,EAGXA,EAAE,YAAc,GAChBA,EAAE,UAAUA,CAAC,EAGbA,EAAE,QAAQ,CACZ,EAQAS,EAAI,YAAc,SAAST,EAAGH,EAAQ,CAEpC,IAAIC,EAAID,EAAO,SACX4D,EAAQ,CACV,MAAO3D,EAAE,QAAQ,EACjB,YAAaA,EAAE,QAAQ,CACzB,EAIIe,EACJ,OAAO4C,EAAM,YAAa,CAC1B,KAAKhD,EAAI,MAAM,YAAY,aACzBI,EAAM,qBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,mBACzBI,EAAM,sBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,eACzBI,EAAM,kBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,kBACzBI,EAAM,qBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,gBACzBI,EAAM,mBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,sBACzBI,EAAM,wBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,kBACzBI,EAAM,qBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,gBACzBI,EAAM,mBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,wBACzBI,EAAM,2BACN,MACF,KAAKJ,EAAI,MAAM,YAAY,oBACzBI,EAAM,uBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,oBACzBI,EAAM,uBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,oBACzBI,EAAM,uBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,kBACzBI,EAAM,qBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,WACzBI,EAAM,iCACN,MACF,KAAKJ,EAAI,MAAM,YAAY,cACzBI,EAAM,iBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,aACzBI,EAAM,gBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,cACzBI,EAAM,iBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,mBACzBI,EAAM,sBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,iBACzBI,EAAM,gCACN,MACF,KAAKJ,EAAI,MAAM,YAAY,sBACzBI,EAAM,yBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,eACzBI,EAAM,kBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,cACzBI,EAAM,iBACN,MACF,KAAKJ,EAAI,MAAM,YAAY,iBACzBI,EAAM,+BACN,MACF,QACEA,EAAM,iBACN,KACF,CAGA,GAAG4C,EAAM,cAAgBhD,EAAI,MAAM,YAAY,aAC7C,OAAOT,EAAE,MAAM,EAIjBA,EAAE,MAAMA,EAAG,CACT,QAASa,EACT,KAAM,GAEN,OAASb,EAAE,SAAWS,EAAI,cAAc,OAAU,SAAW,SAC7D,MAAOgD,CACT,CAAC,EAGDzD,EAAE,QAAQ,CACZ,EAQAS,EAAI,gBAAkB,SAAST,EAAGH,EAAQ,CAExC,IAAIC,EAAID,EAAO,SACX6D,EAAO5D,EAAE,QAAQ,EACjBjB,EAASiB,EAAE,SAAS,EAGxB,GAAGjB,EAASiB,EAAE,OAAO,EAGnB,OAAAE,EAAE,WAAaH,EACfA,EAAO,SAAWrB,EAAM,KAAK,aAAa,EAC1CsB,EAAE,MAAQ,EAGHE,EAAE,QAAQ,EAKnBA,EAAE,WAAa,KACfF,EAAE,MAAQ,EAIV,IAAII,EAAQJ,EAAE,MAAMjB,EAAS,CAAC,EAG9BiB,EAAE,MAAQ,EAGP4D,KAAQC,GAAQ3D,EAAE,MAAM,EAAEA,EAAE,MAAM,GAEhCA,EAAE,SAAWS,EAAI,cAAc,QAAU,CAACT,EAAE,MAAQ,CAACA,EAAE,OACxDA,EAAE,YAAc,GAChBA,EAAE,QAAU,CACV,QAAS,KACT,WAAY,CACV,YAAa,CACX,eAAgB,CAAC,CACnB,CACF,EACA,YAAa,KACb,kBAAmB,KACnB,kBAAmB,KACnB,kBAAmB,KACnB,IAAKxB,EAAM,GAAG,IAAI,OAAO,EACzB,KAAMA,EAAM,GAAG,KAAK,OAAO,CAC7B,GAQCkF,IAASjD,EAAI,cAAc,eAC5BiD,IAASjD,EAAI,cAAc,oBAC3BiD,IAASjD,EAAI,cAAc,WAC3BT,EAAE,QAAQ,IAAI,OAAOE,CAAK,EAC1BF,EAAE,QAAQ,KAAK,OAAOE,CAAK,GAI7ByD,GAAQ3D,EAAE,MAAM,EAAEA,EAAE,MAAM,EAAE0D,CAAI,EAAE1D,EAAGH,EAAQhB,CAAM,GAGnD4B,EAAI,iBAAiBT,EAAGH,CAAM,CAElC,EAQAY,EAAI,sBAAwB,SAAST,EAAGH,EAAQ,CAE9CG,EAAE,KAAK,UAAUH,EAAO,QAAQ,EAChCG,EAAE,UAAUA,CAAC,EAGbA,EAAE,QAAQ,CACZ,EAQAS,EAAI,gBAAkB,SAAST,EAAGH,EAAQ,CAExC,IAAIC,EAAID,EAAO,SACX6D,EAAO5D,EAAE,QAAQ,EACjBjB,EAASiB,EAAE,SAAS,EACpB8D,EAAU9D,EAAE,SAASjB,CAAM,EAE/B,GAAG6E,IAASjD,EAAI,qBAAqB,kBAAmB,CAEtD,GAAGT,EAAE,aAAenB,EAAS+E,EAAQ,OAEnC,OAAO5D,EAAE,QAAQ,EAGnBS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,gBACRA,EAAI,qBAAqB,mBAAoBmD,CAAO,CACxD,CAAC,CAAC,EACFnD,EAAI,MAAMT,CAAC,CACb,SAAU0D,IAASjD,EAAI,qBAAqB,mBAAoB,CAE9D,GAAGmD,IAAY5D,EAAE,yBAEf,OAAOA,EAAE,QAAQ,EAIhBA,EAAE,mBACHA,EAAE,kBAAkBA,EAAGxB,EAAM,KAAK,aAAaoF,CAAO,CAAC,CAE3D,CAGA5D,EAAE,QAAQ,CACZ,EAyDA,IAAI6D,GAAM,EACNnC,GAAM,EACNU,GAAM,EACNC,GAAM,EACNI,GAAM,EACNhB,GAAM,EACNyB,GAAM,EACNK,GAAM,EACNR,GAAM,EAGNe,GAAM,EACNhC,GAAM,EACNC,GAAM,EACNS,GAAM,EACNX,GAAM,EACNsB,GAAM,EACNK,GAAM,EAINO,EAAKtD,EAAI,iBACTuD,GAAKvD,EAAI,uBACTwD,GAAKxD,EAAI,YACTyD,GAAKzD,EAAI,gBACT0D,GAAK1D,EAAI,sBACT2D,GAAK3D,EAAI,gBACT4D,GAAU,CAAC,EACfA,GAAQ5D,EAAI,cAAc,MAAM,EAAI,CAE7B,CAACsD,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,EACf,CAACJ,GAAGC,GAAGF,EAAGA,EAAGK,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGC,GAAGC,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,CACtB,EAGAC,GAAQ5D,EAAI,cAAc,MAAM,EAAI,CAE7B,CAACsD,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,EACf,CAACJ,GAAGC,GAAGF,EAAGA,EAAGK,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGC,GAAGC,EAAE,EACf,CAACL,EAAGE,GAAGC,GAAGH,EAAGK,EAAE,CACtB,EAGA,IAAIE,GAAK7D,EAAI,mBACT8D,GAAK9D,EAAI,kBACT+D,GAAK/D,EAAI,kBACTgE,GAAKhE,EAAI,wBACTiE,GAAKjE,EAAI,yBACTkE,GAAKlE,EAAI,sBACTmE,GAAKnE,EAAI,eACTkD,GAAU,CAAC,EACfA,GAAQlD,EAAI,cAAc,MAAM,EAAI,CAE7B,CAACsD,EAAGA,EAAGQ,GAAGR,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACO,GAAGP,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGS,GAAGC,GAAGC,GAAGC,GAAGZ,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACO,GAAGP,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGU,GAAGC,GAAGC,GAAGZ,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACO,GAAGP,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGW,GAAGC,GAAGZ,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACO,GAAGP,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGY,GAAGZ,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACO,GAAGP,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACO,GAAGP,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGa,EAAE,EAC/D,CAACN,GAAGP,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACO,GAAGP,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,CACtE,EAIA,IAAIc,GAAKpE,EAAI,kBACTqE,GAAKrE,EAAI,wBACTsE,GAAKtE,EAAI,wBACbkD,GAAQlD,EAAI,cAAc,MAAM,EAAI,CAE7B,CAACsD,EAAGc,GAAGd,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGS,GAAGT,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGe,GAAGf,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGgB,GAAGhB,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGa,EAAE,EAC/D,CAACb,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,EAC/D,CAACA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,EAAGA,CAAE,CACtE,EA6EAtD,EAAI,aAAe,SAAST,EAAGuC,EAAI,CAwBjC,IAAIe,EAAM7E,GAGNuG,EAASzC,EAAG,cAAgBA,EAAG,cAG/BvC,EAAE,QAAQ,WAEZuC,EAAG,cAAgBe,EACjBf,EAAG,kBAAmB,gBAAiByC,EAAQ,EAAE,EAAE,MAAM,EAC3DzC,EAAG,kBAAoB,MAIzByC,EAASzC,EAAG,cAAgBA,EAAG,cAC/B,IAAI1D,EAAS,EAAI0D,EAAG,eAAiB,EAAIA,EAAG,eAGxC0C,EAASjF,EAAE,QAAQ,QAAUS,EAAI,SAAS,QAAQ,OACpDT,EAAE,QAAQ,QAAUS,EAAI,SAAS,QAAQ,MACxCwE,IACDpG,GAAU,EAAI0D,EAAG,iBAEnB,IAAI2C,EAAK5B,EAAIf,EAAG,cAAe,gBAAiByC,EAAQnG,CAAM,EAG1DC,EAAO,CACT,qBAAsBoG,EAAG,SAAS3C,EAAG,cAAc,EACnD,qBAAsB2C,EAAG,SAAS3C,EAAG,cAAc,EACnD,iBAAkB2C,EAAG,SAAS3C,EAAG,cAAc,EAC/C,iBAAkB2C,EAAG,SAAS3C,EAAG,cAAc,CACjD,EAGA,OAAG0C,IACDnG,EAAK,gBAAkBoG,EAAG,SAAS3C,EAAG,eAAe,EACrDzD,EAAK,gBAAkBoG,EAAG,SAAS3C,EAAG,eAAe,GAGhDzD,CACT,EAgCA2B,EAAI,sBAAwB,SAAST,EAAG,CACtC,IAAIc,EAAUd,EAAE,SAAWS,EAAI,cAAc,OAEzC0E,EAAa,UAAW,CAC1B,IAAIC,EAAO,CAET,eAAgB,CAAC,EAAG,CAAC,EACrB,OAAQ,KACR,UAAW,EACX,YAAa,KACb,YAAa,KACb,eAAgB,SAASvF,EAAQ,CAAC,MAAO,EAAK,EAC9C,iBAAkB,KAClB,iBAAkB,SAASA,EAAQ,CAAC,MAAO,EAAK,EAChD,qBAAsB,UAAW,CAC5BuF,EAAK,eAAe,CAAC,IAAM,YAC5BA,EAAK,eAAe,CAAC,EAAI,EACzB,EAAEA,EAAK,eAAe,CAAC,GAEvB,EAAEA,EAAK,eAAe,CAAC,CAE3B,CACF,EACA,OAAOA,CACT,EACIC,EAAQ,CACV,KAAMF,EAAW,EACjB,MAAOA,EAAW,CACpB,EA0DA,GAvDAE,EAAM,KAAK,OAAS,SAASrF,EAAGH,EAAQ,CACtC,OAAIwF,EAAM,KAAK,eAAexF,EAAQwF,EAAM,IAAI,EAYrCA,EAAM,KAAK,iBAAiBrF,EAAGH,EAAQwF,EAAM,IAAI,GAC1DrF,EAAE,MAAMA,EAAG,CACT,QAAS,+BACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,qBACrC,CACF,CAAC,EAnBDT,EAAE,MAAMA,EAAG,CACT,QAAS,uCACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MAIvB,YAAaA,EAAI,MAAM,YAAY,cACrC,CACF,CAAC,EAWI,CAACT,EAAE,IACZ,EAGAqF,EAAM,MAAM,OAAS,SAASrF,EAAGH,EAAQ,CACvC,OAAIwF,EAAM,MAAM,iBAAiBrF,EAAGH,EAAQwF,EAAM,KAAK,EAW5CA,EAAM,MAAM,eAAexF,EAAQwF,EAAM,KAAK,GAGvDrF,EAAE,MAAMA,EAAG,CACT,QAAS,4BACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,cACrC,CACF,CAAC,EAlBDT,EAAE,MAAMA,EAAG,CACT,QAAS,6BACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,cACrC,CACF,CAAC,EAaI,CAACT,EAAE,IACZ,EAGGA,EAAE,QAAS,CACZ,IAAIuC,EAAKvC,EAAE,QAAQ,GAcnB,OAbAA,EAAE,QAAQ,YAAY,uBAAuBuC,CAAE,EAG/CA,EAAG,KAAO9B,EAAI,aAAaT,EAAGuC,CAAE,EAChC8C,EAAM,KAAK,OAASvE,EAClByB,EAAG,KAAK,qBAAuBA,EAAG,KAAK,qBACzC8C,EAAM,MAAM,OAASvE,EACnByB,EAAG,KAAK,qBAAuBA,EAAG,KAAK,qBAGzCvC,EAAE,QAAQ,YAAY,oBAAoBqF,EAAOrF,EAAGuC,CAAE,EAG/CA,EAAG,sBAAuB,CACjC,KAAK9B,EAAI,kBAAkB,KACzB,MACF,KAAKA,EAAI,kBAAkB,QACzB4E,EAAM,KAAK,iBAAmBlF,GAC9BkF,EAAM,MAAM,iBAAmBtF,GAC/B,MACF,QACE,MAAM,IAAI,MAAM,oCAAoC,CACtD,CACF,CAEA,OAAOsF,CACT,EAuBA5E,EAAI,aAAe,UAAW,CAE5B,IAAI6E,EAAI,IAAI,KACRC,EAAM,CAACD,EAAIA,EAAE,kBAAkB,EAAI,IACnCxG,EAAON,EAAM,KAAK,aAAa,EACnC,OAAAM,EAAK,SAASyG,CAAG,EACjBzG,EAAK,SAASN,EAAM,OAAO,SAAS,EAAE,CAAC,EAChCM,CACT,EAYA2B,EAAI,aAAe,SAAST,EAAGwF,EAAS,CACtC,GAAG,CAACA,EAAQ,KACV,OAAO,KAET,IAAI3F,EAAS,CACX,KAAM2F,EAAQ,KACd,QAAS,CACP,MAAOxF,EAAE,QAAQ,MACjB,MAAOA,EAAE,QAAQ,KACnB,EACA,OAAQwF,EAAQ,KAAK,OAAO,EAC5B,SAAUA,EAAQ,IACpB,EACA,OAAO3F,CACT,EAYAY,EAAI,YAAc,SAAST,EAAGyD,EAAO,CACnC,IAAI3D,EAAItB,EAAM,KAAK,aAAa,EAChC,OAAAsB,EAAE,QAAQ2D,EAAM,KAAK,EACrB3D,EAAE,QAAQ2D,EAAM,WAAW,EACpBhD,EAAI,aAAaT,EAAG,CACzB,KAAMS,EAAI,YAAY,MACtB,KAAMX,CACR,CAAC,CACH,EAoEAW,EAAI,kBAAoB,SAAST,EAAG,CAElCA,EAAE,QAAQ,mBAAqB,CAC7B,MAAOA,EAAE,QAAQ,MACjB,MAAOA,EAAE,QAAQ,KACnB,EAIA,QADIyF,EAAejH,EAAM,KAAK,aAAa,EACnCgB,EAAI,EAAGA,EAAIQ,EAAE,aAAa,OAAQ,EAAER,EAAG,CAC7C,IAAImB,EAAKX,EAAE,aAAaR,CAAC,EACzBiG,EAAa,QAAQ9E,EAAG,GAAG,CAAC,CAAC,EAC7B8E,EAAa,QAAQ9E,EAAG,GAAG,CAAC,CAAC,CAC/B,CACA,IAAI+E,EAAUD,EAAa,OAAO,EAI9BE,EAAqBnH,EAAM,KAAK,aAAa,EACjDmH,EAAmB,QAAQlF,EAAI,kBAAkB,IAAI,EAQrD,IAAImF,EAAWD,EAAmB,OAAO,EAIrCE,EAAarH,EAAM,KAAK,aAAa,EACzC,GAAGwB,EAAE,YAAa,CAEhB,IAAIiB,EAAMzC,EAAM,KAAK,aAAa,EAClCyC,EAAI,QAAQ,CAAI,EAChBA,EAAI,QAAQ,CAAI,EAwBhB,IAAI6E,EAAatH,EAAM,KAAK,aAAa,EACzCsH,EAAW,QAAQ,CAAI,EACvBvF,GAAYuF,EAAY,EAAGtH,EAAM,KAAK,aAAawB,EAAE,WAAW,CAAC,EAGjE,IAAI+F,EAASvH,EAAM,KAAK,aAAa,EACrC+B,GAAYwF,EAAQ,EAAGD,CAAU,EACjCvF,GAAYU,EAAK,EAAG8E,CAAM,EAC1BF,EAAW,UAAU5E,CAAG,CAC1B,CACA,IAAI+E,EAAYH,EAAW,OAAO,EAC/BG,EAAY,IAEbA,GAAa,GAMf,IAAIxE,EAAYxB,EAAE,QAAQ,GACtBnB,EACF2C,EAAU,OAAS,EACnB,EACA,EAAI,GACJ,EAAIkE,EACJ,EAAIE,EACJI,EAGElH,EAAON,EAAM,KAAK,aAAa,EACnC,OAAAM,EAAK,QAAQ2B,EAAI,cAAc,YAAY,EAC3C3B,EAAK,SAASD,CAAM,EACpBC,EAAK,QAAQkB,EAAE,QAAQ,KAAK,EAC5BlB,EAAK,QAAQkB,EAAE,QAAQ,KAAK,EAC5BlB,EAAK,SAASkB,EAAE,QAAQ,GAAG,aAAa,EACxCO,GAAYzB,EAAM,EAAGN,EAAM,KAAK,aAAagD,CAAS,CAAC,EACvDjB,GAAYzB,EAAM,EAAG2G,CAAY,EACjClF,GAAYzB,EAAM,EAAG6G,CAAkB,EACpCK,EAAY,GACbzF,GAAYzB,EAAM,EAAG+G,CAAU,EAE1B/G,CACT,EASA2B,EAAI,kBAAoB,SAAST,EAAG,CAElC,IAAIwB,EAAYxB,EAAE,QAAQ,GACtBnB,EACF2C,EAAU,OAAS,EACnB,EACA,EAAI,GACJ,EACA,EAGE1C,EAAON,EAAM,KAAK,aAAa,EACnC,OAAAM,EAAK,QAAQ2B,EAAI,cAAc,YAAY,EAC3C3B,EAAK,SAASD,CAAM,EACpBC,EAAK,QAAQkB,EAAE,QAAQ,KAAK,EAC5BlB,EAAK,QAAQkB,EAAE,QAAQ,KAAK,EAC5BlB,EAAK,SAASkB,EAAE,QAAQ,GAAG,aAAa,EACxCO,GAAYzB,EAAM,EAAGN,EAAM,KAAK,aAAagD,CAAS,CAAC,EACvD1C,EAAK,QAAQkB,EAAE,QAAQ,YAAY,GAAG,CAAC,CAAC,EACxClB,EAAK,QAAQkB,EAAE,QAAQ,YAAY,GAAG,CAAC,CAAC,EACxClB,EAAK,QAAQkB,EAAE,QAAQ,iBAAiB,EACjClB,CACT,EAwBA2B,EAAI,kBAAoB,SAAST,EAAG,CAIlC,IAAIc,EAAUd,EAAE,SAAWS,EAAI,cAAc,OACzCuB,EAAO,KACX,GAAGhC,EAAE,eAAgB,CACnB,IAAIiG,EACDnF,EACDmF,EAAOjG,EAAE,QAAQ,mBAEjBiG,EAAOjG,EAAE,QAAQ,WAAW,YAAY,eAE1CgC,EAAOhC,EAAE,eAAeA,EAAGiG,CAAI,CACjC,CAGA,IAAIC,EAAW1H,EAAM,KAAK,aAAa,EACvC,GAAGwD,IAAS,KACV,GAAI,CAEExD,EAAM,KAAK,QAAQwD,CAAI,IACzBA,EAAO,CAACA,CAAI,GAGd,QADIC,EAAO,KACHzC,EAAI,EAAGA,EAAIwC,EAAK,OAAQ,EAAExC,EAAG,CACnC,IAAIqB,EAAMrC,EAAM,IAAI,OAAOwD,EAAKxC,CAAC,CAAC,EAAE,CAAC,EACrC,GAAGqB,EAAI,OAAS,eACdA,EAAI,OAAS,oBACbA,EAAI,OAAS,sBAAuB,CACpC,IAAI+B,EAAQ,IAAI,MAAM,6HAEI,EAC1B,MAAAA,EAAM,WAAa/B,EAAI,KACjB+B,CACR,CACA,GAAG/B,EAAI,UAAYA,EAAI,SAAS,OAAS,YACvC,MAAM,IAAI,MAAM,2DAA2D,EAG7E,IAAIsF,EAAM3H,EAAM,KAAK,aAAaqC,EAAI,IAAI,EACvCoB,IAAS,OACVA,EAAOzD,EAAM,KAAK,QAAQ2H,EAAI,MAAM,EAAG,EAAK,GAI9C,IAAIC,EAAa5H,EAAM,KAAK,aAAa,EACzC+B,GAAY6F,EAAY,EAAGD,CAAG,EAG9BD,EAAS,UAAUE,CAAU,CAC/B,CAGApE,EAAOxD,EAAM,IAAI,oBAAoByD,CAAI,EACtCnB,EACDd,EAAE,QAAQ,kBAAoBgC,EAE9BhC,EAAE,QAAQ,kBAAoBgC,CAElC,OAAQG,EAAI,CACV,OAAOnC,EAAE,MAAMA,EAAG,CAChB,QAAS,mCACT,MAAOmC,EACP,KAAM,GACN,MAAO,CACL,MAAO1B,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,eACrC,CACF,CAAC,CACH,CAIF,IAAI5B,EAAS,EAAIqH,EAAS,OAAO,EAG7BpH,EAAON,EAAM,KAAK,aAAa,EACnC,OAAAM,EAAK,QAAQ2B,EAAI,cAAc,WAAW,EAC1C3B,EAAK,SAASD,CAAM,EACpB0B,GAAYzB,EAAM,EAAGoH,CAAQ,EACtBpH,CACT,EAmDA2B,EAAI,wBAA0B,SAAST,EAAG,CAExC,IAAIF,EAAItB,EAAM,KAAK,aAAa,EAIhCsB,EAAE,QAAQE,EAAE,QAAQ,mBAAmB,KAAK,EAC5CF,EAAE,QAAQE,EAAE,QAAQ,mBAAmB,KAAK,EAG5CF,EAAE,SAAStB,EAAM,OAAO,SAAS,EAAE,CAAC,EAGpC,IAAI+D,EAAKvC,EAAE,QAAQ,GACnBuC,EAAG,kBAAoBzC,EAAE,SAAS,EAGlC,IAAIH,EAAMK,EAAE,QAAQ,kBAAkB,UACtCF,EAAIH,EAAI,QAAQ4C,EAAG,iBAAiB,EAQpC,IAAI1D,EAASiB,EAAE,OAAS,EAGpBhB,EAAON,EAAM,KAAK,aAAa,EACnC,OAAAM,EAAK,QAAQ2B,EAAI,cAAc,mBAAmB,EAClD3B,EAAK,SAASD,CAAM,EAEpBC,EAAK,SAASgB,EAAE,MAAM,EACtBhB,EAAK,SAASgB,CAAC,EACRhB,CACT,EASA2B,EAAI,wBAA0B,SAAST,EAAG,CAKxC,IAAInB,EAAS,EAGTC,EAAON,EAAM,KAAK,aAAa,EACnC,OAAGK,EAAS,IACVC,EAAK,QAAQ2B,EAAI,cAAc,mBAAmB,EAClD3B,EAAK,SAASD,CAAM,GAEfC,CACT,EASA2B,EAAI,mBAAqB,SAAST,EAAGgD,EAAU,CAE7C,IAAIlD,EAAItB,EAAM,KAAK,aAAa,EAChCsB,EAAE,UAAUE,EAAE,QAAQ,IAAI,OAAO,CAAC,EAClCF,EAAE,UAAUE,EAAE,QAAQ,KAAK,OAAO,CAAC,EACnCF,EAAIA,EAAE,SAAS,EAGfE,EAAE,aAAeA,EAAE,cAAgB,SAASA,EAAGF,EAAGkD,EAAU,CAE1D,IAAIV,EAAa,KACjB,GAAGtC,EAAE,cACH,GAAI,CACFsC,EAAatC,EAAE,cAAcA,EAAGA,EAAE,QAAQ,iBAAiB,EAC3DsC,EAAa9D,EAAM,IAAI,kBAAkB8D,CAAU,CACrD,OAAQH,EAAI,CACVnC,EAAE,MAAMA,EAAG,CACT,QAAS,6BACT,MAAOmC,EACP,KAAM,GACN,MAAO,CACL,MAAO1B,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,cACrC,CACF,CAAC,CACH,CAEC6B,IAAe,KAChBtC,EAAE,MAAMA,EAAG,CACT,QAAS,sBACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,cACrC,CACF,CAAC,EAEDX,EAAIwC,EAAW,KAAKxC,EAAG,IAAI,EAE7BkD,EAAShD,EAAGF,CAAC,CACf,EAGAE,EAAE,aAAaA,EAAGF,EAAGkD,CAAQ,CAC/B,EAgEAvC,EAAI,wBAA0B,SAAST,EAAGiD,EAAW,CAOnD,IAAIpE,EAASoE,EAAU,OAAS,EAG5BnE,EAAON,EAAM,KAAK,aAAa,EACnC,OAAAM,EAAK,QAAQ2B,EAAI,cAAc,kBAAkB,EACjD3B,EAAK,SAASD,CAAM,EAEpBC,EAAK,SAASmE,EAAU,MAAM,EAC9BnE,EAAK,SAASmE,CAAS,EAChBnE,CACT,EASA2B,EAAI,yBAA2B,SAAST,EAAG,CAEzC,IAAIqG,EAAY7H,EAAM,KAAK,aAAa,EAGxC6H,EAAU,QAAQ,CAAI,EAGtB,IAAIC,EAAM9H,EAAM,KAAK,aAAa,EAClC,QAAQmB,KAAOK,EAAE,QAAQ,MAAO,CAC9B,IAAIgC,EAAOhC,EAAE,QAAQ,MAAML,CAAG,EAC1B4G,EAAK/H,EAAM,IAAI,wBAAwBwD,EAAK,OAAO,EACnDwE,EAAahI,EAAM,KAAK,MAAM+H,CAAE,EACpCD,EAAI,SAASE,EAAW,OAAO,CAAC,EAChCF,EAAI,UAAUE,CAAU,CAC1B,CAKA,IAAI3H,EACF,EAAIwH,EAAU,OAAO,EACrB,EAAIC,EAAI,OAAO,EAGbxH,EAAON,EAAM,KAAK,aAAa,EACnC,OAAAM,EAAK,QAAQ2B,EAAI,cAAc,mBAAmB,EAClD3B,EAAK,SAASD,CAAM,EACpB0B,GAAYzB,EAAM,EAAGuH,CAAS,EAC9B9F,GAAYzB,EAAM,EAAGwH,CAAG,EACjBxH,CACT,EASA2B,EAAI,sBAAwB,SAAST,EAAG,CAEtC,IAAIlB,EAAON,EAAM,KAAK,aAAa,EACnC,OAAAM,EAAK,QAAQ2B,EAAI,cAAc,iBAAiB,EAChD3B,EAAK,SAAS,CAAC,EACRA,CACT,EAgBA2B,EAAI,uBAAyB,UAAW,CACtC,IAAI3B,EAAON,EAAM,KAAK,aAAa,EACnC,OAAAM,EAAK,QAAQ,CAAI,EACVA,CACT,EA6BA2B,EAAI,eAAiB,SAAST,EAAG,CAE/B,IAAIF,EAAItB,EAAM,KAAK,aAAa,EAChCsB,EAAE,UAAUE,EAAE,QAAQ,IAAI,OAAO,CAAC,EAClCF,EAAE,UAAUE,EAAE,QAAQ,KAAK,OAAO,CAAC,EAGnC,IAAIc,EAAUd,EAAE,SAAWS,EAAI,cAAc,OACzC8B,EAAKvC,EAAE,QAAQ,GACfqD,EAAM,GACNC,EAAM7E,GACNE,EAAQmC,EAAS,kBAAoB,kBACzChB,EAAIwD,EAAIf,EAAG,cAAe5D,EAAOmB,EAAE,SAAS,EAAGuD,CAAG,EAGlD,IAAIvE,EAAON,EAAM,KAAK,aAAa,EACnC,OAAAM,EAAK,QAAQ2B,EAAI,cAAc,QAAQ,EACvC3B,EAAK,SAASgB,EAAE,OAAO,CAAC,EACxBhB,EAAK,UAAUgB,CAAC,EACThB,CACT,EA6CA2B,EAAI,gBAAkB,SAASiD,EAAME,EAAS6C,EAAe,CACxD,OAAOA,EAAkB,MAC1BA,EAAgB7C,EAAQ,QAG1B,IAAI9E,EAAON,EAAM,KAAK,aAAa,EACnCM,EAAK,QAAQ4E,CAAI,EACjB5E,EAAK,SAAS2H,CAAa,EAC3B3H,EAAK,SAAS8E,CAAO,EAErB,IAAI8C,EAAkB5H,EAAK,OAAO,EAC9B6H,EAAgB,KAAK,IAAI,GAAID,EAAkBD,EAAgB,CAAC,EACpE,OAAA3H,EAAK,SAASN,EAAM,OAAO,SAASmI,CAAa,CAAC,EAC3C7H,CACT,EAQA2B,EAAI,MAAQ,SAAST,EAAGH,EAAQ,CAE9B,GAAIA,GAID,EAAAA,EAAO,SAAS,OAAO,IAAM,IAC3BA,EAAO,OAASY,EAAI,YAAY,WACjCZ,EAAO,OAASY,EAAI,YAAY,OAChCZ,EAAO,OAASY,EAAI,YAAY,qBAOpC,IAAGZ,EAAO,OAASY,EAAI,YAAY,UAAW,CAC5C,IAAIP,EAAQL,EAAO,SAAS,MAAM,EAClCG,EAAE,QAAQ,IAAI,OAAOE,CAAK,EAC1BF,EAAE,QAAQ,KAAK,OAAOE,CAAK,EAC3BA,EAAQ,IACV,CAGA,IAAI0G,EACJ,GAAG/G,EAAO,SAAS,OAAO,GAAKY,EAAI,YACjCmG,EAAU,CAAC/G,CAAM,MACZ,CAEL+G,EAAU,CAAC,EAEX,QADIC,EAAOhH,EAAO,SAAS,MAAM,EAC3BgH,EAAK,OAASpG,EAAI,aACtBmG,EAAQ,KAAKnG,EAAI,aAAaT,EAAG,CAC/B,KAAMH,EAAO,KACb,KAAMrB,EAAM,KAAK,aAAaqI,EAAK,MAAM,EAAGpG,EAAI,WAAW,CAAC,CAC9D,CAAC,CAAC,EACFoG,EAAOA,EAAK,MAAMpG,EAAI,WAAW,EAGhCoG,EAAK,OAAS,GACfD,EAAQ,KAAKnG,EAAI,aAAaT,EAAG,CAC/B,KAAMH,EAAO,KACb,KAAMrB,EAAM,KAAK,aAAaqI,CAAI,CACpC,CAAC,CAAC,CAEN,CAGA,QAAQ,EAAI,EAAG,EAAID,EAAQ,QAAU,CAAC5G,EAAE,KAAM,EAAE,EAAG,CAEjD,IAAI8G,EAAMF,EAAQ,CAAC,EACf3G,EAAID,EAAE,MAAM,QAAQ,MACrBC,EAAE,OAAOD,EAAG8G,CAAG,GAEhB9G,EAAE,QAAQ,KAAK8G,CAAG,CAEtB,EACF,EAUArG,EAAI,MAAQ,SAAST,EAAG,CACtB,QAAQR,EAAI,EAAGA,EAAIQ,EAAE,QAAQ,OAAQ,EAAER,EAAG,CACxC,IAAIK,EAASG,EAAE,QAAQR,CAAC,EAGxBQ,EAAE,QAAQ,QAAQH,EAAO,IAAI,EAC7BG,EAAE,QAAQ,QAAQH,EAAO,QAAQ,KAAK,EACtCG,EAAE,QAAQ,QAAQH,EAAO,QAAQ,KAAK,EACtCG,EAAE,QAAQ,SAASH,EAAO,SAAS,OAAO,CAAC,EAC3CG,EAAE,QAAQ,UAAUA,EAAE,QAAQR,CAAC,EAAE,QAAQ,CAC3C,CACA,OAAAQ,EAAE,QAAU,CAAC,EACNA,EAAE,aAAaA,CAAC,CACzB,EASA,IAAI+G,GAAwB,SAASnE,EAAO,CAC1C,OAAOA,EAAO,CACd,IAAK,GACH,MAAO,GACT,KAAKpE,EAAM,IAAI,iBAAiB,gBAC9B,OAAOiC,EAAI,MAAM,YAAY,gBAC/B,KAAKjC,EAAM,IAAI,iBAAiB,wBAC9B,OAAOiC,EAAI,MAAM,YAAY,wBAC/B,KAAKjC,EAAM,IAAI,iBAAiB,oBAC9B,OAAOiC,EAAI,MAAM,YAAY,oBAC/B,KAAKjC,EAAM,IAAI,iBAAiB,oBAC9B,OAAOiC,EAAI,MAAM,YAAY,oBAC/B,KAAKjC,EAAM,IAAI,iBAAiB,oBAC9B,OAAOiC,EAAI,MAAM,YAAY,oBAC/B,KAAKjC,EAAM,IAAI,iBAAiB,WAC9B,OAAOiC,EAAI,MAAM,YAAY,WAC/B,QACE,OAAOA,EAAI,MAAM,YAAY,eAC/B,CACF,EASIuG,GAAwB,SAASC,EAAM,CACzC,OAAOA,EAAM,CACb,IAAK,GACH,MAAO,GACT,KAAKxG,EAAI,MAAM,YAAY,gBACzB,OAAOjC,EAAM,IAAI,iBAAiB,gBACpC,KAAKiC,EAAI,MAAM,YAAY,wBACzB,OAAOjC,EAAM,IAAI,iBAAiB,wBACpC,KAAKiC,EAAI,MAAM,YAAY,oBACzB,OAAOjC,EAAM,IAAI,iBAAiB,oBACpC,KAAKiC,EAAI,MAAM,YAAY,oBACzB,OAAOjC,EAAM,IAAI,iBAAiB,oBACpC,KAAKiC,EAAI,MAAM,YAAY,oBACzB,OAAOjC,EAAM,IAAI,iBAAiB,oBACpC,KAAKiC,EAAI,MAAM,YAAY,WACzB,OAAOjC,EAAM,IAAI,iBAAiB,WACpC,QACE,OAAOA,EAAM,IAAI,iBAAiB,eACpC,CACF,EAYAiC,EAAI,uBAAyB,SAAST,EAAGkH,EAAO,CAC9C,GAAI,CAGF,IAAI1B,EAAU,CAAC,EACf,QAAS7F,KAAOK,EAAE,cAChBwF,EAAQ7F,CAAG,EAAIK,EAAE,cAAcL,CAAG,EAGpC6F,EAAQ,OAAS,SAAS2B,EAAKtE,EAAOqE,EAAO,CAE3C,IAAID,EAAOF,GAAsBI,CAAG,EAGhCrE,EAAM9C,EAAE,OAAOA,EAAGmH,EAAKtE,EAAOqE,CAAK,EACvC,GAAGpE,IAAQ,GAAM,CACf,GAAG,OAAOA,GAAQ,UAAY,CAACtE,EAAM,KAAK,QAAQsE,CAAG,EAAG,CAEtD,IAAIF,EAAQ,IAAI,MAAM,2CAA2C,EACjE,MAAAA,EAAM,KAAO,GACbA,EAAM,MAAQ,CACZ,MAAOnC,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,eACrC,EACGqC,EAAI,UACLF,EAAM,QAAUE,EAAI,SAEnBA,EAAI,QACLF,EAAM,MAAM,YAAcE,EAAI,OAE1BF,CACR,CAGGE,IAAQqE,IACTrE,EAAMkE,GAAsBlE,CAAG,EAEnC,CAEA,OAAOA,CACT,EAGAtE,EAAM,IAAI,uBAAuBwB,EAAE,QAASkH,EAAO1B,CAAO,CAC5D,OAAQrD,EAAI,CAEV,IAAIiF,EAAMjF,GACP,OAAOiF,GAAQ,UAAY5I,EAAM,KAAK,QAAQ4I,CAAG,KAClDA,EAAM,CACJ,KAAM,GACN,MAAO,CACL,MAAO3G,EAAI,MAAM,MAAM,MACvB,YAAasG,GAAsB5E,CAAE,CACvC,CACF,GAEG,SAAUiF,IACbA,EAAI,KAAO,IAER,UAAWA,IACdA,EAAI,MAAQ,CACV,MAAO3G,EAAI,MAAM,MAAM,MACvB,YAAasG,GAAsBK,EAAI,KAAK,CAC9C,GAIFpH,EAAE,MAAMA,EAAGoH,CAAG,CAChB,CAEA,MAAO,CAACpH,EAAE,IACZ,EAUAS,EAAI,mBAAqB,SAAS4G,EAAOC,EAAU,CACjD,IAAIxI,EAAO,KAGX,GAAGuI,GAASA,EAAM,YAAcA,EAAM,YAAcA,EAAM,MACxDvI,EAAOuI,MACF,CAELvI,EAAO,CAAC,EACRA,EAAK,MAAQuI,GAAS,CAAC,EACvBvI,EAAK,SAAW,KAAK,IAAIwI,GAAY,IAAK,CAAC,EAC3CxI,EAAK,MAAQ,CAAC,EAGd,QAAQa,KAAO0H,EACVvI,EAAK,MAAM,QAAUwI,EACtBxI,EAAK,MAAM,KAAKa,CAAG,EAEnB,OAAO0H,EAAM1H,CAAG,EAKpBb,EAAK,WAAa,SAAS0C,EAAW,CACpC,IAAIG,EAAU,KACVhC,EAAM,KAUV,GAPG6B,EACD7B,EAAMnB,EAAM,KAAK,WAAWgD,CAAS,EAC7B1C,EAAK,MAAM,OAAS,IAE5Ba,EAAMb,EAAK,MAAM,CAAC,GAGjBa,IAAQ,MAAQA,KAAOb,EAAK,MAAO,CAEpC6C,EAAU7C,EAAK,MAAMa,CAAG,EACxB,OAAOb,EAAK,MAAMa,CAAG,EACrB,QAAQH,KAAKV,EAAK,MAChB,GAAGA,EAAK,MAAMU,CAAC,IAAMG,EAAK,CACxBb,EAAK,MAAM,OAAOU,EAAG,CAAC,EACtB,KACF,CAEJ,CAEA,OAAOmC,CACT,EAGA7C,EAAK,WAAa,SAAS0C,EAAWG,EAAS,CAE7C,GAAG7C,EAAK,MAAM,SAAWA,EAAK,SAAU,CACtC,IAAIa,EAAMb,EAAK,MAAM,MAAM,EAC3B,OAAOA,EAAK,MAAMa,CAAG,CACvB,CAEA,IAAIA,EAAMnB,EAAM,KAAK,WAAWgD,CAAS,EACzC1C,EAAK,MAAM,KAAKa,CAAG,EACnBb,EAAK,MAAMa,CAAG,EAAIgC,CACpB,CACF,CAEA,OAAO7C,CACT,EAWA2B,EAAI,iBAAmB,SAAS+E,EAAS,CACvC,IAAI+B,EAAU,KACX/B,EAAQ,QAENhH,EAAM,KAAK,QAAQgH,EAAQ,OAAO,EACnC+B,EAAU/I,EAAM,IAAI,cAAcgH,EAAQ,OAAO,EAEjD+B,EAAU/B,EAAQ,QAIpB+B,EAAU/I,EAAM,IAAI,cAAc,EAIpC,IAAIiH,EAAeD,EAAQ,cAAgB,KAC3C,GAAGC,IAAiB,KAAM,CACxBA,EAAe,CAAC,EAChB,QAAQ9F,KAAOc,EAAI,aACjBgF,EAAa,KAAKhF,EAAI,aAAad,CAAG,CAAC,CAE3C,CAGA,IAAI6H,EAAUhC,EAAQ,OACpB/E,EAAI,cAAc,OAASA,EAAI,cAAc,OAG3CgH,EAAejC,EAAQ,aACzB/E,EAAI,mBAAmB+E,EAAQ,YAAY,EAAI,KAG7CxF,EAAI,CACN,QAAS,CAAC,MAAOS,EAAI,QAAQ,MAAO,MAAOA,EAAI,QAAQ,KAAK,EAC5D,OAAQ+G,EACR,UAAWhC,EAAQ,UACnB,QAAS+B,EACT,aAAcE,EACd,aAAchC,EACd,UAAWD,EAAQ,UACnB,YAAaA,EAAQ,aAAe,KACpC,aAAcA,EAAQ,cAAgB,GACtC,OAAQA,EAAQ,QAAU,SAASkC,EAAIP,EAAKQ,EAAMC,EAAK,CAAC,OAAOT,CAAI,EACnE,cAAe3B,EAAQ,eAAiB,CAAC,EACzC,eAAgBA,EAAQ,gBAAkB,KAC1C,cAAeA,EAAQ,eAAiB,KACxC,aAAcA,EAAQ,cAAgB,KACtC,MAAOhH,EAAM,KAAK,aAAa,EAC/B,QAASA,EAAM,KAAK,aAAa,EACjC,KAAMA,EAAM,KAAK,aAAa,EAC9B,aAAcgH,EAAQ,aACtB,UAAWA,EAAQ,UACnB,kBAAmBA,EAAQ,kBAC3B,OAAQA,EAAQ,OAChB,MAAO,SAASxF,EAAGmC,EAAI,CAErBA,EAAG,OAASA,EAAG,SACXnC,EAAE,SAAWS,EAAI,cAAc,OAAU,SAAW,UAGrD0B,EAAG,OACJ1B,EAAI,MAAMT,EAAGS,EAAI,YAAYT,EAAGmC,EAAG,KAAK,CAAC,EACzC1B,EAAI,MAAMT,CAAC,GAIb,IAAI6H,EAAS1F,EAAG,QAAU,GACvB0F,IAED7H,EAAE,KAAO,IAIXwF,EAAQ,MAAMxF,EAAGmC,CAAE,EAEhB0F,GAED7H,EAAE,MAAM,EAAK,CAEjB,EACA,QAASwF,EAAQ,SAAW,KAC5B,QAASA,EAAQ,SAAW,IAC9B,EAOAxF,EAAE,MAAQ,SAAS8H,EAAW,CAC5B9H,EAAE,QAAU,CAAC,MAAOS,EAAI,QAAQ,MAAO,MAAOA,EAAI,QAAQ,KAAK,EAC/DT,EAAE,OAAS,KACXA,EAAE,QAAU,KACZA,EAAE,gBAAkB,KACpBA,EAAE,MAAQ,CACR,QAAS,KACT,QAAS,IACX,EACAA,EAAE,OAAUA,EAAE,SAAWS,EAAI,cAAc,OAAUoD,GAAMC,GAC3D9D,EAAE,WAAa,KACfA,EAAE,QAAU,CAAC,EACbA,EAAE,KAAO,GACTA,EAAE,WAAa,EACfA,EAAE,YAAc,GAChBA,EAAE,YAAc,GAChBA,EAAE,KAAO,EAAE8H,GAAa,OAAOA,EAAe,KAC9C9H,EAAE,MAAM,MAAM,EACdA,EAAE,QAAQ,MAAM,EAChBA,EAAE,KAAK,MAAM,EACbA,EAAE,MAAM,QAAUS,EAAI,sBAAsBT,CAAC,CAC/C,EAGAA,EAAE,MAAM,EAQR,IAAI+H,EAAU,SAAS/H,EAAGH,EAAQ,CAEhC,IAAImI,EAAUnI,EAAO,KAAOY,EAAI,YAAY,mBACxCwH,EAAW5D,GAAQrE,EAAE,MAAM,EAAEA,EAAE,MAAM,EACtCgI,KAAWC,EACZA,EAASD,CAAO,EAAEhI,EAAGH,CAAM,EAG3BY,EAAI,iBAAiBT,EAAGH,CAAM,CAElC,EAWIqI,EAAoB,SAASlI,EAAG,CAClC,IAAIlB,EAAO,EAGPgB,EAAIE,EAAE,MACNM,EAAMR,EAAE,OAAO,EAGnB,GAAGQ,EAAM,EACPxB,EAAO,EAAIwB,MACN,CAGLN,EAAE,OAAS,CACT,KAAMF,EAAE,QAAQ,EAChB,QAAS,CACP,MAAOA,EAAE,QAAQ,EACjB,MAAOA,EAAE,QAAQ,CACnB,EACA,OAAQA,EAAE,SAAS,EACnB,SAAUtB,EAAM,KAAK,aAAa,EAClC,MAAO,EACT,EAGA,IAAI2J,EAAqBnI,EAAE,OAAO,QAAQ,QAAUA,EAAE,QAAQ,MAC3DmI,GAAqBnI,EAAE,SAAWA,EAAE,QAAQ,UAE7CmI,EAAqBnI,EAAE,OAAO,QAAQ,QAAUA,EAAE,QAAQ,OAExDmI,GACFnI,EAAE,MAAMA,EAAG,CACT,QAAS,4BACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YAAaA,EAAI,MAAM,YAAY,gBACrC,CACF,CAAC,CAEL,CAEA,OAAO3B,CACT,EAWIsJ,EAAc,SAASpI,EAAG,CAC5B,IAAIlB,EAAO,EAGPgB,EAAIE,EAAE,MACNM,EAAMR,EAAE,OAAO,EACnB,GAAGQ,EAAMN,EAAE,OAAO,OAEhBlB,EAAOkB,EAAE,OAAO,OAASM,MACpB,CAGLN,EAAE,OAAO,SAAS,SAASF,EAAE,SAASE,EAAE,OAAO,MAAM,CAAC,EACtDF,EAAE,QAAQ,EAGV,IAAIG,EAAID,EAAE,MAAM,QAAQ,KACrBC,EAAE,OAAOD,EAAGA,EAAE,MAAM,IAGlBA,EAAE,aAAe,OAGfA,EAAE,WAAW,OAASA,EAAE,OAAO,MAEhCA,EAAE,WAAW,SAAS,UAAUA,EAAE,OAAO,QAAQ,EACjDA,EAAE,OAASA,EAAE,YAGbA,EAAE,MAAMA,EAAG,CACT,QAAS,6BACT,KAAM,GACN,MAAO,CACL,MAAOS,EAAI,MAAM,MAAM,MACvB,YACEA,EAAI,MAAM,YAAY,kBAC1B,CACF,CAAC,GAKLT,EAAE,OAAO,MAAQ,GAErB,CAEA,OAAOlB,CACT,EASA,OAAAkB,EAAE,UAAY,SAASwB,EAAW,CAEhC,GAAGxB,EAAE,SAAWS,EAAI,cAAc,OAEhCT,EAAE,MAAMA,EAAG,CACT,QAAS,yCACT,MAAO,EACT,CAAC,UACOA,EAAE,YAEVA,EAAE,MAAMA,EAAG,CACT,QAAS,iCACT,MAAO,EACT,CAAC,MACI,CAEFA,EAAE,MAAQ,CAACA,EAAE,MAAQA,EAAE,aAAe,IACvCA,EAAE,KAAO,IAIXA,EAAE,YAAc,GAGhBwB,EAAYA,GAAa,GAGzB,IAAIG,EAAU,KACXH,EAAU,OAAS,IACjBxB,EAAE,eACH2B,EAAU3B,EAAE,aAAa,WAAWwB,CAAS,GAI5CG,IAAY,OACbH,EAAY,KAKbA,EAAU,SAAW,GAAKxB,EAAE,eAC7B2B,EAAU3B,EAAE,aAAa,WAAW,EACjC2B,IAAY,OACbH,EAAYG,EAAQ,KAKxB3B,EAAE,QAAU,CACV,GAAIwB,EACJ,QAAS,KACT,YAAa,KACb,kBAAmB,KACnB,kBAAmB,KACnB,mBAAoB,KACpB,kBAAmB,KACnB,GAAI,CAAC,EACL,IAAKhD,EAAM,GAAG,IAAI,OAAO,EACzB,KAAMA,EAAM,GAAG,KAAK,OAAO,CAC7B,EAGGmD,IAED3B,EAAE,QAAU2B,EAAQ,QACpB3B,EAAE,QAAQ,GAAK2B,EAAQ,IAIzB3B,EAAE,QAAQ,GAAG,cAAgBS,EAAI,aAAa,EAAE,SAAS,EAGzDT,EAAE,KAAO,GAGTS,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,kBAAkBT,CAAC,CAC/B,CAAC,CAAC,EACFS,EAAI,MAAMT,CAAC,CACb,CACF,EAWAA,EAAE,QAAU,SAAS6G,EAAM,CACzB,IAAI/H,EAAO,EAGX,OAAG+H,GACD7G,EAAE,MAAM,SAAS6G,CAAI,EAKnB7G,EAAE,OAEDA,EAAE,SAAW,MACdA,EAAE,OAAO,OAASA,EAAE,OAAO,SAAS,QAAQ,IAC5CA,EAAE,OAAS,MAIVA,EAAE,SAAW,OACdlB,EAAOoJ,EAAkBlI,CAAC,GAIzB,CAACA,EAAE,MAAQA,EAAE,SAAW,MAAQ,CAACA,EAAE,OAAO,QAC3ClB,EAAOsJ,EAAYpI,CAAC,GAInB,CAACA,EAAE,MAAQA,EAAE,SAAW,MAAQA,EAAE,OAAO,OAC1C+H,EAAQ/H,EAAGA,EAAE,MAAM,GAIhBlB,CACT,EAaAkB,EAAE,QAAU,SAAS6G,EAAM,CACzB,OAAApG,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,iBACtB,KAAMjC,EAAM,KAAK,aAAaqI,CAAI,CACpC,CAAC,CAAC,EACKpG,EAAI,MAAMT,CAAC,CACpB,EAiBAA,EAAE,wBAA0B,SAAS4D,EAAS6C,EAAe,CAC3D,OAAG7C,aAAmBpF,EAAM,KAAK,aAC/BoF,EAAUA,EAAQ,MAAM,GAEvB,OAAO6C,EAAkB,MAC1BA,EAAgB7C,EAAQ,QAE1B5D,EAAE,yBAA2B4D,EAC7BnD,EAAI,MAAMT,EAAGS,EAAI,aAAaT,EAAG,CAC/B,KAAMS,EAAI,YAAY,UACtB,KAAMA,EAAI,gBACRA,EAAI,qBAAqB,kBAAmBmD,EAAS6C,CAAa,CACtE,CAAC,CAAC,EACKhG,EAAI,MAAMT,CAAC,CACpB,EAOAA,EAAE,MAAQ,SAAS8H,EAAW,CAE5B,GAAG,CAAC9H,EAAE,MAAQA,EAAE,cAAgBA,EAAE,QAAS,CAEzC,IAAI2B,EAAU,CACZ,GAAI3B,EAAE,QAAQ,GACd,QAASA,EAAE,QAAQ,QACnB,GAAIA,EAAE,QAAQ,EAChB,EACA2B,EAAQ,GAAG,KAAO,KAClB3B,EAAE,aAAa,WAAW2B,EAAQ,GAAIA,CAAO,CAC/C,CAEG3B,EAAE,OAEHA,EAAE,KAAO,GACTA,EAAE,MAAM,MAAM,GAGXA,EAAE,aAAeA,EAAE,eACpBA,EAAE,YAAcA,EAAE,YAAc,GAGhCS,EAAI,MAAMT,EAAGS,EAAI,YAAYT,EAAG,CAC9B,MAAOS,EAAI,MAAM,MAAM,QACvB,YAAaA,EAAI,MAAM,YAAY,YACrC,CAAC,CAAC,EACFA,EAAI,MAAMT,CAAC,GAIbA,EAAE,OAAOA,CAAC,GAIZA,EAAE,MAAM8H,CAAS,CACnB,EAEO9H,CACT,EAGAzB,GAAO,QAAUC,EAAM,IAAMA,EAAM,KAAO,CAAC,EAG3C,IAAQmB,MAAOc,EACV,OAAOA,EAAId,EAAG,GAAM,aACrBnB,EAAM,IAAImB,EAAG,EAAIc,EAAId,EAAG,GAFpB,IAAAA,GAORnB,EAAM,IAAI,SAAWC,GAGrBD,EAAM,IAAI,UAAYkB,GAGtBlB,EAAM,IAAI,mBAAqBiC,EAAI,mBAuGnCjC,EAAM,IAAI,iBAAmBiC,EAAI,mBCzrIjC,IAAA4H,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAQA,IAAIC,GAAQ,IACZ,KACA,KAEA,IAAIC,GAAMF,GAAO,QAAUC,GAAM,IAKjCC,GAAI,aAAa,6BAAkC,CACjD,GAAI,CAAC,EAAM,EAAI,EACf,KAAM,+BACN,uBAAwB,SAASC,EAAI,CACnCA,EAAG,sBAAwBD,GAAI,oBAAoB,IACnDC,EAAG,YAAcD,GAAI,WAAW,MAChCC,EAAG,eAAiB,GACpBA,EAAG,aAAe,GAClBA,EAAG,gBAAkB,GACrBA,EAAG,iBAAmB,GACtBA,EAAG,cAAgBD,GAAI,aAAa,UACpCC,EAAG,WAAa,GAChBA,EAAG,eAAiB,EACtB,EACA,oBAAqBC,EACvB,EACAF,GAAI,aAAa,6BAAkC,CACjD,GAAI,CAAC,EAAM,EAAI,EACf,KAAM,+BACN,uBAAwB,SAASC,EAAI,CACnCA,EAAG,sBAAwBD,GAAI,oBAAoB,IACnDC,EAAG,YAAcD,GAAI,WAAW,MAChCC,EAAG,eAAiB,GACpBA,EAAG,aAAe,GAClBA,EAAG,gBAAkB,GACrBA,EAAG,iBAAmB,GACtBA,EAAG,cAAgBD,GAAI,aAAa,UACpCC,EAAG,WAAa,GAChBA,EAAG,eAAiB,EACtB,EACA,oBAAqBC,EACvB,EAEA,SAASA,GAAoBC,EAAOC,EAAGH,EAAI,CACzC,IAAII,EAAUD,EAAE,SAAWL,GAAM,IAAI,cAAc,OAGnDI,EAAM,KAAK,YAAc,CACvB,KAAM,GACN,OAAQJ,GAAM,OAAO,eAAe,UAAWM,EAC7CJ,EAAG,KAAK,iBAAmBA,EAAG,KAAK,gBAAgB,EACrD,GAAII,EAASJ,EAAG,KAAK,gBAAkBA,EAAG,KAAK,eACjD,EACAE,EAAM,MAAM,YAAc,CACxB,KAAM,GACN,OAAQJ,GAAM,OAAO,aAAa,UAAWM,EAC3CJ,EAAG,KAAK,iBAAmBA,EAAG,KAAK,gBAAgB,EACrD,GAAII,EAASJ,EAAG,KAAK,gBAAkBA,EAAG,KAAK,eACjD,EACAE,EAAM,KAAK,eAAiBG,GAC5BH,EAAM,MAAM,eAAiBI,GAG7BJ,EAAM,KAAK,UAAYA,EAAM,MAAM,UAAYF,EAAG,WAClDE,EAAM,KAAK,YAAcA,EAAM,MAAM,YAAcH,GAAI,SACzD,CAWA,SAASO,GAAqBC,EAAQC,EAAG,CACvC,IAAIC,EAAO,GAGPC,EAAMF,EAAE,YAAYA,EAAE,OAAQA,EAAE,eAAgBD,CAAM,EAC1DA,EAAO,SAAS,SAASG,CAAG,EAC5BF,EAAE,qBAAqB,EAGvB,IAAIG,EACDJ,EAAO,QAAQ,QAAUR,GAAI,SAAS,QAAQ,MAG/CY,EAAKH,EAAE,YAAY,KAAO,KAAOA,EAAE,YAAY,GAE/CG,EAAKb,GAAM,OAAO,aAAa,EAAE,EAGnCU,EAAE,YAAY,KAAO,GAGrB,IAAII,EAASJ,EAAE,YAAY,OAC3B,OAAAI,EAAO,MAAM,CAAC,GAAID,CAAE,CAAC,EAGlBJ,EAAO,QAAQ,OAASR,GAAI,SAAS,QAAQ,OAC9Ca,EAAO,OAAO,SAASD,CAAE,EAI3BC,EAAO,OAAOL,EAAO,QAAQ,EAC1BK,EAAO,OAAOC,EAA4B,IAE3CN,EAAO,SAAWK,EAAO,OACzBL,EAAO,OAASA,EAAO,SAAS,OAAO,EACvCE,EAAO,IAGFA,CACT,CAWA,SAASI,GAA6BC,EAAWC,EAAOC,EAAS,CAmB/D,GAAG,CAACA,EAAS,CAIX,IAAIC,EAAUH,EAAaC,EAAM,OAAO,EAAID,EAC5CC,EAAM,aAAaE,EAAU,EAAGA,CAAO,CACzC,CACA,MAAO,EACT,CAWA,SAASC,GAA6BJ,EAAWK,EAAQH,EAAS,CAChE,IAAIP,EAAO,GACX,GAAGO,EAAS,CAQV,QAFII,EAAMD,EAAO,OAAO,EACpBE,EAAgBF,EAAO,KAAK,EACxBG,EAAIF,EAAM,EAAIC,EAAeC,EAAIF,EAAM,EAAG,EAAEE,EAClDb,EAAOA,GAASU,EAAO,GAAGG,CAAC,GAAKD,EAE/BZ,GAEDU,EAAO,SAASE,EAAgB,CAAC,CAErC,CACA,OAAOZ,CACT,CAWA,SAASJ,GAAqBE,EAAQC,EAAG,CACvC,IAAIC,EAAO,GAEPE,EACDJ,EAAO,QAAQ,QAAUR,GAAI,SAAS,QAAQ,MAG/CY,EAAKH,EAAE,YAAY,KAAO,KAAOA,EAAE,YAAY,GAI/CG,EAAKJ,EAAO,SAAS,SAAS,EAAE,EAGlCC,EAAE,YAAY,KAAO,GAGrB,IAAII,EAASJ,EAAE,YAAY,OAC3BI,EAAO,MAAM,CAAC,GAAID,CAAE,CAAC,EAGrBC,EAAO,OAAOL,EAAO,QAAQ,EAC7BE,EAAOG,EAAO,OAAOM,EAA4B,EAOjD,IAAIK,EAASf,EAAE,UAIXE,EAAMZ,GAAM,OAAO,aAAayB,CAAM,EAGtCH,EAAMR,EAAO,OAAO,OAAO,EAC5BQ,GAAOG,GACRhB,EAAO,SAAWK,EAAO,OAAO,SAASQ,EAAMG,CAAM,EACrDb,EAAME,EAAO,OAAO,SAASW,CAAM,GAGnChB,EAAO,SAAWK,EAAO,OAAO,SAAS,EAE3CL,EAAO,SAAWT,GAAM,KAAK,aAAaS,EAAO,QAAQ,EACzDA,EAAO,OAASA,EAAO,SAAS,OAAO,EAGvC,IAAIiB,EAAOhB,EAAE,YAAYA,EAAE,OAAQA,EAAE,eAAgBD,CAAM,EAC3D,OAAAC,EAAE,qBAAqB,EACvBC,EAAOgB,GAAYjB,EAAE,OAAQE,EAAKc,CAAI,GAAKf,EACpCA,CACT,CAgBA,SAASgB,GAAYC,EAAKC,EAAMH,EAAM,CACpC,IAAII,EAAO9B,GAAM,KAAK,OAAO,EAE7B,OAAA8B,EAAK,MAAM,OAAQF,CAAG,EACtBE,EAAK,OAAOD,CAAI,EAChBA,EAAOC,EAAK,OAAO,EAAE,SAAS,EAE9BA,EAAK,MAAM,KAAM,IAAI,EACrBA,EAAK,OAAOJ,CAAI,EAChBA,EAAOI,EAAK,OAAO,EAAE,SAAS,EAEvBD,IAASH,CAClB,ICzRA,IAAAK,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAYA,IAAIC,GAAQ,IACZ,KACA,KAEA,IAAIC,GAASF,GAAO,QAAUC,GAAM,OAASA,GAAM,QAAU,CAAC,EAG9DA,GAAM,GAAG,OAASA,GAAM,GAAG,WAAW,OAASC,GAG/C,IAAIC,GAASF,GAAM,OAASA,GAAM,OAAO,OAASA,GAAM,OAAO,QAAU,CAAC,EAC1EE,GAAO,OAAS,UAAW,CACzB,OAAOD,GAAO,OAAO,SAAS,CAChC,EACAD,GAAM,GAAG,OAASA,GAAM,GAAG,WAAW,OAASE,GAG/CF,GAAM,OAAO,OAASA,GAAM,OAAO,QAAU,CAC3C,OAAQ,UAAW,CACjB,OAAOC,GAAO,OAAO,aAAa,CACpC,CACF,EACAD,GAAM,GAAG,YAAY,EAAIA,GAAM,GAAG,WAAW,YAAY,EACvDA,GAAM,OAAO,OAGfA,GAAM,OAAO,OAASA,GAAM,OAAO,QAAU,CAC3C,OAAQ,UAAW,CACjB,OAAOC,GAAO,OAAO,aAAa,CACpC,CACF,EACAD,GAAM,GAAG,YAAY,EAAIA,GAAM,GAAG,WAAW,YAAY,EACvDA,GAAM,OAAO,OAUfC,GAAO,OAAS,SAASE,EAAW,CAUlC,GARIC,IACFC,GAAM,EAGL,OAAOF,EAAc,MACtBA,EAAY,WAGX,EAAEA,KAAaG,IAChB,MAAM,IAAI,MAAM,8BAAgCH,CAAS,EAY3D,QARII,EAASD,GAAQH,CAAS,EAC1BK,EAAK,KAGLC,EAAST,GAAM,KAAK,aAAa,EAGjCU,EAAK,IAAI,MAAM,EAAE,EACbC,EAAK,EAAGA,EAAK,GAAI,EAAEA,EACzBD,EAAGC,CAAE,EAAI,IAAI,MAAM,CAAC,EAItB,IAAIC,EAAe,GACnB,OAAOT,EAAW,CAChB,IAAK,UACHS,EAAe,GACf,MACF,IAAK,cACHA,EAAe,GACf,MACF,IAAK,cACHA,EAAe,GACf,KACJ,CAGA,IAAIC,EAAK,CAEP,UAAWV,EAAU,QAAQ,IAAK,EAAE,EAAE,YAAY,EAClD,YAAa,IACb,aAAcS,EAEd,cAAe,EAEf,kBAAmB,KAEnB,kBAAmB,EACrB,EAOA,OAAAC,EAAG,MAAQ,UAAW,CAEpBA,EAAG,cAAgB,EAGnBA,EAAG,kBAAoBA,EAAG,iBAAmB,CAAC,EAE9C,QADIC,EAASD,EAAG,kBAAoB,EAC5BE,EAAI,EAAGA,EAAID,EAAQ,EAAEC,EAC3BF,EAAG,kBAAkB,KAAK,CAAC,EAE7BJ,EAAST,GAAM,KAAK,aAAa,EACjCQ,EAAK,IAAI,MAAMD,EAAO,MAAM,EAC5B,QAAQQ,EAAI,EAAGA,EAAIR,EAAO,OAAQ,EAAEQ,EAClCP,EAAGO,CAAC,EAAIR,EAAOQ,CAAC,EAAE,MAAM,CAAC,EAE3B,OAAOF,CACT,EAEAA,EAAG,MAAM,EAYTA,EAAG,OAAS,SAASG,EAAKC,EAAU,CAC/BA,IAAa,SACdD,EAAMhB,GAAM,KAAK,WAAWgB,CAAG,GAIjC,IAAIE,EAAMF,EAAI,OACdH,EAAG,eAAiBK,EACpBA,EAAM,CAAEA,EAAM,aAAiB,EAAGA,IAAQ,CAAC,EAC3C,QAAQH,EAAIF,EAAG,kBAAkB,OAAS,EAAGE,GAAK,EAAG,EAAEA,EACrDF,EAAG,kBAAkBE,CAAC,GAAKG,EAAI,CAAC,EAChCA,EAAI,CAAC,EAAIA,EAAI,CAAC,GAAML,EAAG,kBAAkBE,CAAC,EAAI,aAAiB,GAC/DF,EAAG,kBAAkBE,CAAC,EAAIF,EAAG,kBAAkBE,CAAC,IAAM,EACtDG,EAAI,CAAC,EAAMA,EAAI,CAAC,EAAI,aAAiB,EAIvC,OAAAT,EAAO,SAASO,CAAG,EAGnBG,GAAQX,EAAIE,EAAID,CAAM,GAGnBA,EAAO,KAAO,MAAQA,EAAO,OAAO,IAAM,IAC3CA,EAAO,QAAQ,EAGVI,CACT,EAOAA,EAAG,OAAS,UAAW,CAqBrB,IAAIO,EAAapB,GAAM,KAAK,aAAa,EACzCoB,EAAW,SAASX,EAAO,MAAM,CAAC,EAGlC,IAAIY,EACFR,EAAG,kBAAkBA,EAAG,kBAAkB,OAAS,CAAC,EACpDA,EAAG,kBAKDS,EAAWD,EAAaR,EAAG,YAAc,EAC7CO,EAAW,SAASG,GAAS,OAAO,EAAGV,EAAG,YAAcS,CAAQ,CAAC,EAMjE,QAFIE,EAAMC,EACNC,EAAOb,EAAG,kBAAkB,CAAC,EAAI,EAC7BE,EAAI,EAAGA,EAAIF,EAAG,kBAAkB,OAAS,EAAG,EAAEE,EACpDS,EAAOX,EAAG,kBAAkBE,EAAI,CAAC,EAAI,EACrCU,EAASD,EAAO,aAAiB,EACjCE,GAAQD,EACRL,EAAW,SAASM,IAAS,CAAC,EAC9BA,EAAOF,IAAS,EAElBJ,EAAW,SAASM,CAAI,EAGxB,QADIC,EAAI,IAAI,MAAMnB,EAAG,MAAM,EACnBO,EAAI,EAAGA,EAAIP,EAAG,OAAQ,EAAEO,EAC9BY,EAAEZ,CAAC,EAAIP,EAAGO,CAAC,EAAE,MAAM,CAAC,EAEtBI,GAAQQ,EAAGjB,EAAIU,CAAU,EACzB,IAAIQ,EAAO5B,GAAM,KAAK,aAAa,EAC/B6B,EACD1B,IAAc,UACf0B,EAAOF,EAAE,OACDxB,IAAc,UACtB0B,EAAOF,EAAE,OAAS,EAElBE,EAAOF,EAAE,OAAS,EAEpB,QAAQZ,EAAI,EAAGA,EAAIc,EAAM,EAAEd,EACzBa,EAAK,SAASD,EAAEZ,CAAC,EAAE,CAAC,CAAC,GAClBA,IAAMc,EAAO,GAAK1B,IAAc,gBACjCyB,EAAK,SAASD,EAAEZ,CAAC,EAAE,CAAC,CAAC,EAGzB,OAAOa,CACT,EAEOf,CACT,EAGA,IAAIU,GAAW,KACXnB,GAAe,GAGf0B,GAAK,KAGLxB,GAAU,KAKd,SAASD,IAAQ,CAEfkB,GAAW,OACXA,IAAYvB,GAAM,KAAK,WAAW,KAA2B,GAAG,EAGhE8B,GAAK,CACH,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,SAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,UAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,UAAY,UAAU,EACjD,CAAC,UAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,SAAU,EACjD,CAAC,WAAY,SAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,SAAU,EACjD,CAAC,UAAY,UAAU,EAAG,CAAC,UAAY,UAAU,EACjD,CAAC,UAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,SAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,UAAY,UAAU,EAAG,CAAC,UAAY,SAAU,EACjD,CAAC,UAAY,UAAU,EAAG,CAAC,UAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,SAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,SAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,UAAY,SAAU,EACjD,CAAC,UAAY,UAAU,EAAG,CAAC,UAAY,UAAU,EACjD,CAAC,UAAY,UAAU,EAAG,CAAC,UAAY,UAAU,EACjD,CAAC,UAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,SAAU,EACjD,CAAC,WAAY,SAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,SAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,UAAY,UAAU,EAAG,CAAC,UAAY,UAAU,EACjD,CAAC,UAAY,UAAU,EAAG,CAAC,UAAY,SAAU,EACjD,CAAC,UAAY,SAAU,EAAG,CAAC,UAAY,UAAU,EACjD,CAAC,WAAY,SAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,UAAU,EAAG,CAAC,WAAY,UAAU,EACjD,CAAC,WAAY,SAAU,EAAG,CAAC,WAAY,UAAU,CACnD,EAGAxB,GAAU,CAAC,EACXA,GAAQ,SAAS,EAAI,CACnB,CAAC,WAAY,UAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,WAAY,SAAU,EACvB,CAAC,UAAY,UAAU,EACvB,CAAC,WAAY,SAAU,CACzB,EACAA,GAAQ,SAAS,EAAI,CACnB,CAAC,WAAY,UAAU,EACvB,CAAC,WAAY,SAAU,EACvB,CAAC,WAAY,SAAU,EACvB,CAAC,UAAY,UAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,WAAY,UAAU,CACzB,EACAA,GAAQ,aAAa,EAAI,CACvB,CAAC,UAAY,UAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,UAAY,UAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,UAAY,SAAU,EACvB,CAAC,UAAY,UAAU,CACzB,EACAA,GAAQ,aAAa,EAAI,CACvB,CAAC,WAAY,SAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,UAAY,SAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,UAAY,UAAU,EACvB,CAAC,WAAY,QAAU,EACvB,CAAC,WAAY,UAAU,EACvB,CAAC,UAAY,UAAU,CACzB,EAGAF,GAAe,EACjB,CASA,SAASe,GAAQY,EAAGC,EAAGC,EAAO,CAkB5B,QAhBIC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAOC,EACPC,EAAQC,EACRC,EAAMC,EACNC,EAAMC,EACNC,EAAMC,EACNC,EAAMC,EACNC,EAAMC,EACNC,GAAMC,GACNC,GAAMC,GACNC,GAAMC,GACN9C,GAAG+C,GAAIC,EAAIC,GAAIC,GAAIC,GAAKC,GACxBjD,GAAMe,EAAM,OAAO,EACjBf,IAAO,KAAK,CAGhB,IAAIH,GAAI,EAAGA,GAAI,GAAI,EAAEA,GACnBiB,EAAEjB,EAAC,EAAE,CAAC,EAAIkB,EAAM,SAAS,IAAM,EAC/BD,EAAEjB,EAAC,EAAE,CAAC,EAAIkB,EAAM,SAAS,IAAM,EAEjC,KAAMlB,GAAI,GAAI,EAAEA,GAEdiD,GAAKhC,EAAEjB,GAAI,CAAC,EACZ+C,GAAKE,GAAG,CAAC,EACTD,EAAKC,GAAG,CAAC,EAGT9B,IACI4B,KAAO,GAAOC,GAAM,KACpBA,IAAO,GAAOD,IAAM,GACrBA,KAAO,KAAQ,EAElB3B,IACI2B,IAAM,GAAOC,IAAO,KACpBA,GAAM,EAAMD,KAAO,KACnBA,IAAM,GAAOC,IAAO,MAAS,EAGjCG,GAAMlC,EAAEjB,GAAI,EAAE,EACd+C,GAAKI,GAAI,CAAC,EACVH,EAAKG,GAAI,CAAC,EAGV9B,IACI0B,KAAO,EAAMC,GAAM,KACnBD,KAAO,EAAMC,GAAM,IACpBD,KAAO,KAAQ,EAElBzB,IACIyB,IAAM,GAAOC,IAAO,IACpBD,IAAM,GAAOC,IAAO,IACpBD,IAAM,GAAOC,IAAO,MAAS,EAGjCE,GAAKjC,EAAEjB,GAAI,CAAC,EACZoD,GAAMnC,EAAEjB,GAAI,EAAE,EACdgD,EAAM5B,EAAQ8B,GAAG,CAAC,EAAI5B,EAAQ8B,GAAI,CAAC,EACnCnC,EAAEjB,EAAC,EAAE,CAAC,EAAKmB,EAAQ+B,GAAG,CAAC,EAAI7B,EAAQ+B,GAAI,CAAC,GACpCJ,EAAK,aAAiB,KAAQ,EAClC/B,EAAEjB,EAAC,EAAE,CAAC,EAAIgD,IAAO,EAsBnB,IAlBAjB,EAAOf,EAAE,CAAC,EAAE,CAAC,EACbgB,EAAOhB,EAAE,CAAC,EAAE,CAAC,EACbiB,EAAOjB,EAAE,CAAC,EAAE,CAAC,EACbkB,EAAOlB,EAAE,CAAC,EAAE,CAAC,EACbmB,EAAOnB,EAAE,CAAC,EAAE,CAAC,EACboB,EAAOpB,EAAE,CAAC,EAAE,CAAC,EACbqB,EAAOrB,EAAE,CAAC,EAAE,CAAC,EACbsB,EAAOtB,EAAE,CAAC,EAAE,CAAC,EACbuB,EAAOvB,EAAE,CAAC,EAAE,CAAC,EACbwB,EAAOxB,EAAE,CAAC,EAAE,CAAC,EACbyB,GAAOzB,EAAE,CAAC,EAAE,CAAC,EACb0B,GAAO1B,EAAE,CAAC,EAAE,CAAC,EACb2B,GAAO3B,EAAE,CAAC,EAAE,CAAC,EACb4B,GAAO5B,EAAE,CAAC,EAAE,CAAC,EACb6B,GAAO7B,EAAE,CAAC,EAAE,CAAC,EACb8B,GAAO9B,EAAE,CAAC,EAAE,CAAC,EAGThB,GAAI,EAAGA,GAAI,GAAI,EAAEA,GAEnByB,IACIc,IAAS,GAAOC,GAAQ,KACxBD,IAAS,GAAOC,GAAQ,KACxBA,IAAS,EAAMD,GAAQ,OAAU,EACrCb,IACIa,GAAQ,GAAOC,IAAS,KACxBD,GAAQ,GAAOC,IAAS,KACxBA,GAAQ,GAAOD,IAAS,MAAS,EAGrCZ,GAASgB,GAAQJ,GAAQE,GAAOE,OAAY,EAC5Cf,GAASgB,GAAQJ,GAAQE,GAAOE,OAAY,EAG5CrB,IACIQ,IAAS,GAAOC,GAAQ,IACxBA,IAAS,EAAMD,GAAQ,KACvBC,IAAS,EAAMD,GAAQ,OAAU,EACrCP,IACIO,GAAQ,EAAMC,IAAS,KACvBA,GAAQ,GAAOD,IAAS,IACxBC,GAAQ,GAAOD,IAAS,MAAS,EAGrCF,GAAWE,EAAOE,EAASE,GAAQJ,EAAOE,MAAY,EACtDH,GAAWE,EAAOE,EAASE,GAAQJ,EAAOE,MAAY,EAItDc,EAAMF,GAAOpB,EAAQE,EAAQb,GAAGf,EAAC,EAAE,CAAC,EAAIiB,EAAEjB,EAAC,EAAE,CAAC,EAC9CmB,EAAS0B,GAAOpB,EAAQE,EAAQZ,GAAGf,EAAC,EAAE,CAAC,EAAIiB,EAAEjB,EAAC,EAAE,CAAC,GAC7CgD,EAAK,aAAiB,KAAQ,EAClC5B,EAAQ4B,IAAO,EAGfA,EAAKxB,EAAQM,EACbT,EAASE,EAAQM,GAAWmB,EAAK,aAAiB,KAAQ,EAC1D1B,EAAQ0B,IAAO,EAEfH,GAAOF,GACPG,GAAOF,GAEPD,GAAOF,GACPG,GAAOF,GAEPD,GAAOF,EACPG,GAAOF,EAGPQ,EAAKV,EAAOlB,EACZmB,EAAQF,EAAOlB,GAAU6B,EAAK,aAAiB,KAAQ,EACvDR,EAAOQ,IAAO,EAEdX,EAAOF,EACPG,EAAOF,EAEPD,EAAOF,EACPG,EAAOF,EAEPD,EAAOF,EACPG,EAAOF,EAGPgB,EAAK5B,EAAQE,EACbS,EAAQZ,EAAQE,GAAU2B,EAAK,aAAiB,KAAQ,EACxDhB,EAAOgB,IAAO,EAIhBA,EAAKhC,EAAE,CAAC,EAAE,CAAC,EAAIgB,EACfhB,EAAE,CAAC,EAAE,CAAC,EAAKA,EAAE,CAAC,EAAE,CAAC,EAAIe,GAASiB,EAAK,aAAiB,KAAQ,EAC5DhC,EAAE,CAAC,EAAE,CAAC,EAAIgC,IAAO,EAEjBA,EAAKhC,EAAE,CAAC,EAAE,CAAC,EAAIkB,EACflB,EAAE,CAAC,EAAE,CAAC,EAAKA,EAAE,CAAC,EAAE,CAAC,EAAIiB,GAASe,EAAK,aAAiB,KAAQ,EAC5DhC,EAAE,CAAC,EAAE,CAAC,EAAIgC,IAAO,EAEjBA,EAAKhC,EAAE,CAAC,EAAE,CAAC,EAAIoB,EACfpB,EAAE,CAAC,EAAE,CAAC,EAAKA,EAAE,CAAC,EAAE,CAAC,EAAImB,GAASa,EAAK,aAAiB,KAAQ,EAC5DhC,EAAE,CAAC,EAAE,CAAC,EAAIgC,IAAO,EAEjBA,EAAKhC,EAAE,CAAC,EAAE,CAAC,EAAIsB,EACftB,EAAE,CAAC,EAAE,CAAC,EAAKA,EAAE,CAAC,EAAE,CAAC,EAAIqB,GAASW,EAAK,aAAiB,KAAQ,EAC5DhC,EAAE,CAAC,EAAE,CAAC,EAAIgC,IAAO,EAEjBA,EAAKhC,EAAE,CAAC,EAAE,CAAC,EAAIwB,EACfxB,EAAE,CAAC,EAAE,CAAC,EAAKA,EAAE,CAAC,EAAE,CAAC,EAAIuB,GAASS,EAAK,aAAiB,KAAQ,EAC5DhC,EAAE,CAAC,EAAE,CAAC,EAAIgC,IAAO,EAEjBA,EAAKhC,EAAE,CAAC,EAAE,CAAC,EAAI0B,GACf1B,EAAE,CAAC,EAAE,CAAC,EAAKA,EAAE,CAAC,EAAE,CAAC,EAAIyB,IAASO,EAAK,aAAiB,KAAQ,EAC5DhC,EAAE,CAAC,EAAE,CAAC,EAAIgC,IAAO,EAEjBA,EAAKhC,EAAE,CAAC,EAAE,CAAC,EAAI4B,GACf5B,EAAE,CAAC,EAAE,CAAC,EAAKA,EAAE,CAAC,EAAE,CAAC,EAAI2B,IAASK,EAAK,aAAiB,KAAQ,EAC5DhC,EAAE,CAAC,EAAE,CAAC,EAAIgC,IAAO,EAEjBA,EAAKhC,EAAE,CAAC,EAAE,CAAC,EAAI8B,GACf9B,EAAE,CAAC,EAAE,CAAC,EAAKA,EAAE,CAAC,EAAE,CAAC,EAAI6B,IAASG,EAAK,aAAiB,KAAQ,EAC5DhC,EAAE,CAAC,EAAE,CAAC,EAAIgC,IAAO,EAEjB7C,IAAO,GACT,CACF,IChjBA,IAAAkD,GAAAC,EAAAC,IAAA,cAIA,IAAIC,GAAQ,IACZ,KACA,IAAIC,GAAOD,GAAM,KAEjBD,GAAQ,oBAAsB,CAE5B,KAAM,iBACN,SAAUE,GAAK,MAAM,UACrB,KAAMA,GAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CAEN,KAAM,yBACN,SAAUA,GAAK,MAAM,UACrB,KAAMA,GAAK,KAAK,QAChB,YAAa,GACb,QAAS,mBACX,EAAG,CAED,KAAM,qCACN,SAAUA,GAAK,MAAM,UACrB,KAAMA,GAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,gCACN,SAAUA,GAAK,MAAM,UACrB,KAAMA,GAAK,KAAK,IAChB,YAAa,GACb,QAAS,eACX,CAAC,CACH,EAAG,CAED,KAAM,iBACN,SAAUA,GAAK,MAAM,UACrB,KAAMA,GAAK,KAAK,YAChB,YAAa,GACb,QAAS,YACX,CAAC,CACH,EAEAF,GAAQ,mBAAqB,CAC3B,KAAM,uBACN,SAAUE,GAAK,MAAM,UACrB,KAAMA,GAAK,KAAK,SAChB,YAAa,GACb,YAAa,uBACb,MAAO,CAAC,CACN,KAAM,2CACN,SAAUA,GAAK,MAAM,UACrB,KAAMA,GAAK,KAAK,SAChB,YAAa,GACb,MAAO,CAAC,CACN,KAAM,gCACN,SAAUA,GAAK,MAAM,UACrB,KAAMA,GAAK,KAAK,IAChB,YAAa,GACb,QAAS,cACX,CAAC,CACH,EAEA,CACE,SAAUA,GAAK,MAAM,UACrB,KAAMA,GAAK,KAAK,UAChB,YAAa,GACb,SAAU,GACV,sBAAuB,kBACzB,CAmBA,CACF,IC1FA,IAAAC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAUA,IAAIC,GAAQ,IACZ,KACA,KACA,KACA,KACA,IAAIC,GAAgB,KAChBC,GAAqBD,GAAc,mBACnCE,GAAsBF,GAAc,oBAErC,OAAOG,GAAe,MACnBA,GAAaJ,GAAM,KAAK,YAAxB,IAAAI,GAGFC,GAAaL,GAAM,KAAK,WACxBM,GAAe,OAAO,OAAW,IAAc,WAAa,OAMhEN,GAAM,IAAMA,GAAM,KAAO,CAAC,EAC1BD,GAAO,QAAUC,GAAM,IAAI,QAAUA,GAAM,QAAUA,GAAM,SAAW,CAAC,EACvE,IAAIO,EAAUP,GAAM,QAEpBO,EAAQ,UAAY,CAAC,EACrBA,EAAQ,UAAU,uBAAyB,GAC3CA,EAAQ,UAAU,wBAA0B,GAC5CA,EAAQ,UAAU,iBAAmB,GACrCA,EAAQ,UAAU,iBAAmB,GACrCA,EAAQ,UAAU,iBAAmB,GAErCA,EAAQ,gBAAkB,SAASC,EAAS,CAC1CA,EAAUA,GAAW,CAAC,EACtB,IAAIC,EAAOD,EAAQ,KACnB,GAAGC,IAAS,OAEVA,EAAOT,GAAM,OAAO,aAAaO,EAAQ,UAAU,gBAAgB,UAC3D,OAAOE,GAAS,UACxB,GAAGA,EAAK,SAAWF,EAAQ,UAAU,iBACnC,MAAM,IAAI,UACR,kBAAoBA,EAAQ,UAAU,iBACtC,mBAAmB,UAEf,EAAEE,aAAgB,YAC1B,MAAM,IAAI,UACR,kEAAkE,EAGtEA,EAAOC,GAAsB,CAAC,QAASD,EAAM,SAAU,QAAQ,CAAC,EAIhE,QAFIE,EAAK,IAAIL,GAAaC,EAAQ,UAAU,sBAAsB,EAC9DK,EAAK,IAAIN,GAAaC,EAAQ,UAAU,uBAAuB,EAC3DM,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACvBD,EAAGC,CAAC,EAAIJ,EAAKI,CAAC,EAEhB,OAAAC,GAAoBH,EAAIC,CAAE,EACnB,CAAC,UAAWD,EAAI,WAAYC,CAAE,CACvC,EAUAL,EAAQ,mBAAqB,SAASQ,EAAK,CACzC,IAAIC,EAAU,CAAC,EACXC,EAAS,CAAC,EACVC,EAAQlB,GAAM,KAAK,SAASe,EAAKZ,GAAqBa,EAASC,CAAM,EACzE,GAAG,CAACC,EAAO,CACT,IAAIC,EAAQ,IAAI,MAAM,cAAc,EACpC,MAAAA,EAAM,OAASF,EACTE,CACR,CACA,IAAIC,EAAMpB,GAAM,KAAK,SAASgB,EAAQ,aAAa,EAC/CK,EAAarB,GAAM,KAAK,WAC5B,GAAGoB,IAAQC,EACT,MAAM,IAAI,MAAM,gBAAkBD,EAAM,mBACtCC,EAAa,IAAI,EAErB,IAAIC,EAAaN,EAAQ,WAGrBO,EAAkBb,GAAsB,CAC1C,QAASV,GAAM,KAAK,QAAQsB,CAAU,EAAE,MACxC,SAAU,QACZ,CAAC,EAID,MAAO,CAAC,gBAAiBC,CAAe,CAC1C,EASAhB,EAAQ,kBAAoB,SAASQ,EAAK,CAExC,IAAIC,EAAU,CAAC,EACXC,EAAS,CAAC,EACVC,EAAQlB,GAAM,KAAK,SAASe,EAAKb,GAAoBc,EAASC,CAAM,EACxE,GAAG,CAACC,EAAO,CACT,IAAIC,EAAQ,IAAI,MAAM,cAAc,EACpC,MAAAA,EAAM,OAASF,EACTE,CACR,CACA,IAAIC,EAAMpB,GAAM,KAAK,SAASgB,EAAQ,YAAY,EAC9CK,EAAarB,GAAM,KAAK,WAC5B,GAAGoB,IAAQC,EACT,MAAM,IAAI,MAAM,gBAAkBD,EAAM,mBACtCC,EAAa,IAAI,EAErB,IAAIG,EAAiBR,EAAQ,iBAC7B,GAAGQ,EAAe,SAAWjB,EAAQ,UAAU,uBAC7C,MAAM,IAAI,MAAM,wBAAwB,EAE1C,OAAOG,GAAsB,CAC3B,QAASc,EACT,SAAU,QACZ,CAAC,CACH,EAEAjB,EAAQ,wBAA0B,SAASC,EAAS,CAClDA,EAAUA,GAAW,CAAC,EACtB,IAAIc,EAAaZ,GAAsB,CACrC,QAASF,EAAQ,WAAY,SAAU,QACzC,CAAC,EACD,GAAGc,EAAW,SAAWf,EAAQ,UAAU,wBACzC,MAAM,IAAI,UACR,mDACAA,EAAQ,UAAU,uBAAuB,EAI7C,QADII,EAAK,IAAIL,GAAaC,EAAQ,UAAU,sBAAsB,EAC1DM,EAAI,EAAGA,EAAIF,EAAG,OAAQ,EAAEE,EAC9BF,EAAGE,CAAC,EAAIS,EAAW,GAAKT,CAAC,EAE3B,OAAOF,CACT,EAEAJ,EAAQ,KAAO,SAASC,EAAS,CAC/BA,EAAUA,GAAW,CAAC,EACtB,IAAIiB,EAAMf,GAAsBF,CAAO,EACnCc,EAAaZ,GAAsB,CACrC,QAASF,EAAQ,WACjB,SAAU,QACZ,CAAC,EACD,GAAGc,EAAW,SAAWf,EAAQ,UAAU,iBAAkB,CAC3D,IAAImB,EAAUnB,EAAQ,gBAAgB,CAAC,KAAMe,CAAU,CAAC,EACxDA,EAAaI,EAAQ,UACvB,SAAUJ,EAAW,SAAWf,EAAQ,UAAU,wBAChD,MAAM,IAAI,UACR,mDACAA,EAAQ,UAAU,iBAAmB,OACrCA,EAAQ,UAAU,uBAAuB,EAG7C,IAAIoB,EAAY,IAAIrB,GAClBC,EAAQ,UAAU,iBAAmBkB,EAAI,MAAM,EACjDG,GAAYD,EAAWF,EAAKA,EAAI,OAAQH,CAAU,EAGlD,QADIO,EAAM,IAAIvB,GAAaC,EAAQ,UAAU,gBAAgB,EACrDM,EAAI,EAAGA,EAAIgB,EAAI,OAAQ,EAAEhB,EAC/BgB,EAAIhB,CAAC,EAAIc,EAAUd,CAAC,EAEtB,OAAOgB,CACT,EAEAtB,EAAQ,OAAS,SAASC,EAAS,CACjCA,EAAUA,GAAW,CAAC,EACtB,IAAIiB,EAAMf,GAAsBF,CAAO,EACvC,GAAGA,EAAQ,YAAc,OACvB,MAAM,IAAI,UACR,qGACiC,EAErC,IAAIqB,EAAMnB,GAAsB,CAC9B,QAASF,EAAQ,UACjB,SAAU,QACZ,CAAC,EACD,GAAGqB,EAAI,SAAWtB,EAAQ,UAAU,iBAClC,MAAM,IAAI,UACR,kDACAA,EAAQ,UAAU,gBAAgB,EAEtC,IAAIuB,EAAYpB,GAAsB,CACpC,QAASF,EAAQ,UACjB,SAAU,QACZ,CAAC,EACD,GAAGsB,EAAU,SAAWvB,EAAQ,UAAU,uBACxC,MAAM,IAAI,UACR,kDACAA,EAAQ,UAAU,sBAAsB,EAG5C,IAAIwB,EAAK,IAAIzB,GAAaC,EAAQ,UAAU,iBAAmBkB,EAAI,MAAM,EACrEO,EAAI,IAAI1B,GAAaC,EAAQ,UAAU,iBAAmBkB,EAAI,MAAM,EACpEZ,EACJ,IAAIA,EAAI,EAAGA,EAAIN,EAAQ,UAAU,iBAAkB,EAAEM,EACnDkB,EAAGlB,CAAC,EAAIgB,EAAIhB,CAAC,EAEf,IAAIA,EAAI,EAAGA,EAAIY,EAAI,OAAQ,EAAEZ,EAC3BkB,EAAGlB,EAAIN,EAAQ,UAAU,gBAAgB,EAAIkB,EAAIZ,CAAC,EAEpD,OAAQoB,GAAiBD,EAAGD,EAAIA,EAAG,OAAQD,CAAS,GAAK,CAC3D,EAEA,SAASpB,GAAsBF,EAAS,CACtC,IAAI0B,EAAU1B,EAAQ,QACtB,GAAG0B,aAAmB,YAAcA,aAAmB5B,GACrD,OAAO4B,EAGT,IAAIC,EAAW3B,EAAQ,SACvB,GAAG0B,IAAY,OACb,GAAG1B,EAAQ,GAET0B,EAAU1B,EAAQ,GAAG,OAAO,EAAE,SAAS,EACvC2B,EAAW,aAEX,OAAM,IAAI,UAAU,kDAAkD,EAI1E,GAAG,OAAOD,GAAY,UAAY,CAACC,EACjC,MAAM,IAAI,UAAU,gDAAgD,EAGtE,GAAG,OAAOD,GAAY,SAAU,CAC9B,GAAG,OAAO,OAAW,IACnB,OAAO,OAAO,KAAKA,EAASC,CAAQ,EAEtCD,EAAU,IAAI7B,GAAW6B,EAASC,CAAQ,CAC5C,SAAU,EAAED,aAAmB7B,IAC7B,MAAM,IAAI,UACR,4IAEW,EAKf,QADI+B,EAAS,IAAI9B,GAAa4B,EAAQ,OAAO,CAAC,EACtCrB,EAAI,EAAGA,EAAIuB,EAAO,OAAQ,EAAEvB,EAClCuB,EAAOvB,CAAC,EAAIqB,EAAQ,GAAGrB,CAAC,EAE1B,OAAOuB,CACT,CAEA,IAAIC,GAAMC,EAAG,EACTC,GAAMD,EAAG,CAAC,CAAC,CAAC,EACZE,GAAIF,EAAG,CACT,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IACxD,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAM,CAAC,EAC7DG,GAAKH,EAAG,CACV,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAQ,IACxD,MAAQ,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,IAAM,CAAC,EAC7DI,GAAIJ,EAAG,CACT,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MACxD,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,IAAM,CAAC,EAC7DK,GAAIL,EAAG,CACT,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MACxD,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,MAAQ,KAAM,CAAC,EAC7DM,GAAI,IAAI,aAAa,CACvB,IAAM,IAAM,IAAM,GAAM,GAAM,GAAM,GAAM,GAC1C,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,IAAM,GAC1C,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAG,EAAI,CAAC,EAChDC,GAAIP,EAAG,CACT,MAAQ,MAAQ,KAAQ,MAAQ,MAAQ,MAAQ,KAAQ,MACxD,MAAQ,MAAQ,IAAQ,MAAQ,MAAQ,MAAQ,KAAQ,KAAM,CAAC,EAIjE,SAASQ,GAAOrB,EAAKsB,EAAQ,CAE3B,IAAIC,EAAKhD,GAAM,GAAG,OAAO,OAAO,EAC5BoC,EAAS,IAAI/B,GAAWoB,CAAG,EAC/BuB,EAAG,OAAOZ,EAAO,SAASW,CAAM,EAAG,QAAQ,EAC3C,IAAIE,EAAOD,EAAG,OAAO,EAAE,SAAS,EAChC,GAAG,OAAO,OAAW,IACnB,OAAO,OAAO,KAAKC,EAAM,QAAQ,EAGnC,QADIC,EAAM,IAAI5C,GAAaC,EAAQ,UAAU,gBAAgB,EACrDM,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACvBqC,EAAIrC,CAAC,EAAIoC,EAAK,WAAWpC,CAAC,EAE5B,OAAOqC,CACT,CAEA,SAASpC,GAAoBH,EAAIC,EAAI,CACnC,IAAIuC,EAAI,CAACb,EAAG,EAAGA,EAAG,EAAGA,EAAG,EAAGA,EAAG,CAAC,EAC3BzB,EAEAuC,EAAIN,GAAOlC,EAAI,EAAE,EAQrB,IAPAwC,EAAE,CAAC,GAAK,IACRA,EAAE,EAAE,GAAK,IACTA,EAAE,EAAE,GAAK,GAETC,GAAWF,EAAGC,CAAC,EACfE,GAAK3C,EAAIwC,CAAC,EAENtC,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBD,EAAGC,EAAI,EAAE,EAAIF,EAAGE,CAAC,EAEnB,MAAO,EACT,CAGA,SAASe,GAAYG,EAAIC,EAAGuB,EAAG3C,EAAI,CACjC,IAAIC,EAAG2C,EAAGC,EAAI,IAAI,aAAa,EAAE,EAC7BN,EAAI,CAACb,EAAG,EAAGA,EAAG,EAAGA,EAAG,EAAGA,EAAG,CAAC,EAE3Bc,EAAIN,GAAOlC,EAAI,EAAE,EACrBwC,EAAE,CAAC,GAAK,IACRA,EAAE,EAAE,GAAK,IACTA,EAAE,EAAE,GAAK,GAET,IAAIM,EAAQH,EAAI,GAChB,IAAI1C,EAAI,EAAGA,EAAI0C,EAAG,EAAE1C,EAClBkB,EAAG,GAAKlB,CAAC,EAAImB,EAAEnB,CAAC,EAElB,IAAIA,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBkB,EAAG,GAAKlB,CAAC,EAAIuC,EAAE,GAAKvC,CAAC,EAGvB,IAAI8C,EAAIb,GAAOf,EAAG,SAAS,EAAE,EAAGwB,EAAI,EAAE,EAKtC,IAJAK,GAAOD,CAAC,EACRN,GAAWF,EAAGQ,CAAC,EACfL,GAAKvB,EAAIoB,CAAC,EAENtC,EAAI,GAAIA,EAAI,GAAI,EAAEA,EACpBkB,EAAGlB,CAAC,EAAID,EAAGC,CAAC,EAEd,IAAIgD,EAAIf,GAAOf,EAAIwB,EAAI,EAAE,EAGzB,IAFAK,GAAOC,CAAC,EAEJhD,EAAI,GAAIA,EAAI,GAAI,EAAEA,EACpB4C,EAAE5C,CAAC,EAAI,EAET,IAAIA,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnB4C,EAAE5C,CAAC,EAAI8C,EAAE9C,CAAC,EAEZ,IAAIA,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnB,IAAI2C,EAAI,EAAGA,EAAI,GAAIA,IACjBC,EAAE5C,EAAI2C,CAAC,GAAKK,EAAEhD,CAAC,EAAIuC,EAAEI,CAAC,EAI1B,OAAAM,GAAK/B,EAAG,SAAS,EAAE,EAAG0B,CAAC,EAChBC,CACT,CAEA,SAASzB,GAAiBD,EAAGD,EAAIwB,EAAG5C,EAAI,CACtC,IAAIE,EAAGkD,EACHC,EAAI,IAAI1D,GAAa,EAAE,EACvB6C,EAAI,CAACb,EAAG,EAAGA,EAAG,EAAGA,EAAG,EAAGA,EAAG,CAAC,EAC3B2B,EAAI,CAAC3B,EAAG,EAAGA,EAAG,EAAGA,EAAG,EAAGA,EAAG,CAAC,EAO/B,GALAyB,EAAO,GACJR,EAAI,IAIJW,GAAUD,EAAGtD,CAAE,EAChB,MAAO,GAGT,IAAIE,EAAI,EAAGA,EAAI0C,EAAG,EAAE1C,EAClBmB,EAAEnB,CAAC,EAAIkB,EAAGlB,CAAC,EAEb,IAAIA,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBmB,EAAEnB,EAAI,EAAE,EAAIF,EAAGE,CAAC,EAElB,IAAIgD,EAAIf,GAAOd,EAAGuB,CAAC,EASnB,GARAK,GAAOC,CAAC,EACRM,GAAWhB,EAAGc,EAAGJ,CAAC,EAElBR,GAAWY,EAAGlC,EAAG,SAAS,EAAE,CAAC,EAC7BqC,GAAIjB,EAAGc,CAAC,EACRX,GAAKU,EAAGb,CAAC,EAETI,GAAK,GACFc,GAAiBtC,EAAI,EAAGiC,EAAG,CAAC,EAAG,CAChC,IAAInD,EAAI,EAAGA,EAAI0C,EAAG,EAAE1C,EAClBmB,EAAEnB,CAAC,EAAI,EAET,MAAO,EACT,CAEA,IAAIA,EAAI,EAAGA,EAAI0C,EAAG,EAAE1C,EAClBmB,EAAEnB,CAAC,EAAIkB,EAAGlB,EAAI,EAAE,EAElB,OAAAkD,EAAOR,EACAQ,CACT,CAEA,SAASD,GAAKH,EAAGF,EAAG,CAClB,IAAIa,EAAOzD,EAAG2C,EAAGe,EACjB,IAAI1D,EAAI,GAAIA,GAAK,GAAI,EAAEA,EAAG,CAExB,IADAyD,EAAQ,EACJd,EAAI3C,EAAI,GAAI0D,EAAI1D,EAAI,GAAI2C,EAAIe,EAAG,EAAEf,EACnCC,EAAED,CAAC,GAAKc,EAAQ,GAAKb,EAAE5C,CAAC,EAAI+B,GAAEY,GAAK3C,EAAI,GAAG,EAC1CyD,EAASb,EAAED,CAAC,EAAI,KAAQ,EACxBC,EAAED,CAAC,GAAKc,EAAQ,IAElBb,EAAED,CAAC,GAAKc,EACRb,EAAE5C,CAAC,EAAI,CACT,CAEA,IADAyD,EAAQ,EACJd,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBC,EAAED,CAAC,GAAKc,GAASb,EAAE,EAAE,GAAK,GAAKb,GAAEY,CAAC,EAClCc,EAAQb,EAAED,CAAC,GAAK,EAChBC,EAAED,CAAC,GAAK,IAEV,IAAIA,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBC,EAAED,CAAC,GAAKc,EAAQ1B,GAAEY,CAAC,EAErB,IAAI3C,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnB4C,EAAE5C,EAAI,CAAC,GAAK4C,EAAE5C,CAAC,GAAK,EACpB8C,EAAE9C,CAAC,EAAI4C,EAAE5C,CAAC,EAAI,GAElB,CAEA,SAAS+C,GAAOD,EAAG,CAEjB,QADIF,EAAI,IAAI,aAAa,EAAE,EACnB5C,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACvB4C,EAAE5C,CAAC,EAAI8C,EAAE9C,CAAC,EACV8C,EAAE9C,CAAC,EAAI,EAETiD,GAAKH,EAAGF,CAAC,CACX,CAEA,SAASW,GAAIjB,EAAGc,EAAG,CACjB,IAAI,EAAI3B,EAAG,EAAGkC,EAAIlC,EAAG,EAAGmC,EAAInC,EAAG,EAC3Bc,EAAId,EAAG,EAAGoC,EAAIpC,EAAG,EAAGqC,EAAIrC,EAAG,EAC3BsC,EAAItC,EAAG,EAAGuB,EAAIvB,EAAG,EAAG0B,EAAI1B,EAAG,EAE/BuC,GAAE,EAAG1B,EAAE,CAAC,EAAGA,EAAE,CAAC,CAAC,EACf0B,GAAEb,EAAGC,EAAE,CAAC,EAAGA,EAAE,CAAC,CAAC,EACfa,GAAE,EAAG,EAAGd,CAAC,EACTe,GAAEP,EAAGrB,EAAE,CAAC,EAAGA,EAAE,CAAC,CAAC,EACf4B,GAAEf,EAAGC,EAAE,CAAC,EAAGA,EAAE,CAAC,CAAC,EACfa,GAAEN,EAAGA,EAAGR,CAAC,EACTc,GAAEL,EAAGtB,EAAE,CAAC,EAAGc,EAAE,CAAC,CAAC,EACfa,GAAEL,EAAGA,EAAGhC,EAAE,EACVqC,GAAE1B,EAAGD,EAAE,CAAC,EAAGc,EAAE,CAAC,CAAC,EACfc,GAAE3B,EAAGA,EAAGA,CAAC,EACTyB,GAAEH,EAAGF,EAAG,CAAC,EACTK,GAAEF,EAAGvB,EAAGqB,CAAC,EACTM,GAAEH,EAAGxB,EAAGqB,CAAC,EACTM,GAAElB,EAAGW,EAAG,CAAC,EAETM,GAAE3B,EAAE,CAAC,EAAGuB,EAAGC,CAAC,EACZG,GAAE3B,EAAE,CAAC,EAAGU,EAAGe,CAAC,EACZE,GAAE3B,EAAE,CAAC,EAAGyB,EAAGD,CAAC,EACZG,GAAE3B,EAAE,CAAC,EAAGuB,EAAGb,CAAC,CACd,CAEA,SAASmB,GAAM7B,EAAGc,EAAGO,EAAG,CACtB,QAAQ3D,EAAI,EAAGA,EAAI,EAAG,EAAEA,EACtBoE,GAAS9B,EAAEtC,CAAC,EAAGoD,EAAEpD,CAAC,EAAG2D,CAAC,CAE1B,CAEA,SAASlB,GAAKK,EAAGR,EAAG,CAClB,IAAI+B,EAAK5C,EAAG,EAAG6C,EAAK7C,EAAG,EAAG8C,EAAK9C,EAAG,EAClC+C,GAASD,EAAIjC,EAAE,CAAC,CAAC,EACjB2B,GAAEI,EAAI/B,EAAE,CAAC,EAAGiC,CAAE,EACdN,GAAEK,EAAIhC,EAAE,CAAC,EAAGiC,CAAE,EACdE,GAAU3B,EAAGwB,CAAE,EACfxB,EAAE,EAAE,GAAK4B,GAASL,CAAE,GAAK,CAC3B,CAEA,SAASI,GAAUE,EAAGjC,EAAG,CACvB,IAAI1C,EAAG2C,EAAGgB,EACNxC,EAAIM,EAAG,EAAG0B,EAAI1B,EAAG,EACrB,IAAIzB,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBmD,EAAEnD,CAAC,EAAI0C,EAAE1C,CAAC,EAKZ,IAHA4E,GAASzB,CAAC,EACVyB,GAASzB,CAAC,EACVyB,GAASzB,CAAC,EACNR,EAAI,EAAGA,EAAI,EAAG,EAAEA,EAAG,CAErB,IADAxB,EAAE,CAAC,EAAIgC,EAAE,CAAC,EAAI,MACVnD,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBmB,EAAEnB,CAAC,EAAImD,EAAEnD,CAAC,EAAI,OAAWmB,EAAEnB,EAAI,CAAC,GAAK,GAAM,GAC3CmB,EAAEnB,EAAE,CAAC,GAAK,MAEZmB,EAAE,EAAE,EAAIgC,EAAE,EAAE,EAAI,OAAWhC,EAAE,EAAE,GAAK,GAAM,GAC1CwC,EAAKxC,EAAE,EAAE,GAAK,GAAM,EACpBA,EAAE,EAAE,GAAK,MACTiD,GAASjB,EAAGhC,EAAG,EAAIwC,CAAC,CACtB,CACA,IAAK3D,EAAI,EAAGA,EAAI,GAAIA,IAClB2E,EAAE,EAAI3E,CAAC,EAAImD,EAAEnD,CAAC,EAAI,IAClB2E,EAAE,EAAI3E,EAAI,CAAC,EAAImD,EAAEnD,CAAC,GAAK,CAE3B,CAEA,SAASqD,GAAUP,EAAGR,EAAG,CACvB,IAAIa,EAAI1B,EAAG,EAAGoD,EAAMpD,EAAG,EAAGqD,EAAMrD,EAAG,EAC/BsD,EAAMtD,EAAG,EAAGuD,EAAOvD,EAAG,EAAGwD,EAAOxD,EAAG,EACnCyD,EAAOzD,EAAG,EA6Bd,OA3BA0D,GAASrC,EAAE,CAAC,EAAGpB,EAAG,EAClB0D,GAAYtC,EAAE,CAAC,EAAGR,CAAC,EACnB+C,GAAEP,EAAKhC,EAAE,CAAC,CAAC,EACXmB,GAAEc,EAAKD,EAAKnD,EAAC,EACbqC,GAAEc,EAAKA,EAAKhC,EAAE,CAAC,CAAC,EAChBoB,GAAEa,EAAKjC,EAAE,CAAC,EAAGiC,CAAG,EAEhBM,GAAEL,EAAMD,CAAG,EACXM,GAAEJ,EAAMD,CAAI,EACZf,GAAEiB,EAAMD,EAAMD,CAAI,EAClBf,GAAEd,EAAG+B,EAAMJ,CAAG,EACdb,GAAEd,EAAGA,EAAG4B,CAAG,EAEXO,GAAQnC,EAAGA,CAAC,EACZc,GAAEd,EAAGA,EAAG2B,CAAG,EACXb,GAAEd,EAAGA,EAAG4B,CAAG,EACXd,GAAEd,EAAGA,EAAG4B,CAAG,EACXd,GAAEnB,EAAE,CAAC,EAAGK,EAAG4B,CAAG,EAEdM,GAAER,EAAK/B,EAAE,CAAC,CAAC,EACXmB,GAAEY,EAAKA,EAAKE,CAAG,EACZQ,GAASV,EAAKC,CAAG,GAClBb,GAAEnB,EAAE,CAAC,EAAGA,EAAE,CAAC,EAAGd,EAAC,EAGjBqD,GAAER,EAAK/B,EAAE,CAAC,CAAC,EACXmB,GAAEY,EAAKA,EAAKE,CAAG,EACZQ,GAASV,EAAKC,CAAG,EACX,IAGNJ,GAAS5B,EAAE,CAAC,CAAC,IAAOR,EAAE,EAAE,GAAK,GAC9B0B,GAAElB,EAAE,CAAC,EAAGtB,GAAKsB,EAAE,CAAC,CAAC,EAGnBmB,GAAEnB,EAAE,CAAC,EAAGA,EAAE,CAAC,EAAGA,EAAE,CAAC,CAAC,EACX,EACT,CAEA,SAASsC,GAAYT,EAAGjC,EAAG,CACzB,IAAI1C,EACJ,IAAIA,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnB2E,EAAE3E,CAAC,EAAI0C,EAAE,EAAI1C,CAAC,GAAK0C,EAAE,EAAI1C,EAAI,CAAC,GAAK,GAErC2E,EAAE,EAAE,GAAK,KACX,CAEA,SAASW,GAAQX,EAAG3E,EAAG,CACrB,IAAI4D,EAAInC,EAAG,EACP+D,EACJ,IAAIA,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnB5B,EAAE4B,CAAC,EAAIxF,EAAEwF,CAAC,EAEZ,IAAIA,EAAI,IAAKA,GAAK,EAAG,EAAEA,EACrBH,GAAEzB,EAAGA,CAAC,EACH4B,IAAM,GACPvB,GAAEL,EAAGA,EAAG5D,CAAC,EAGb,IAAIwF,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBb,EAAEa,CAAC,EAAI5B,EAAE4B,CAAC,CAEd,CAEA,SAASD,GAASC,EAAG7B,EAAG,CACtB,IAAIC,EAAI,IAAInE,GAAa,EAAE,EACvB8C,EAAI,IAAI9C,GAAa,EAAE,EAC3B,OAAAgF,GAAUb,EAAG4B,CAAC,EACdf,GAAUlC,EAAGoB,CAAC,EACPH,GAAiBI,EAAG,EAAGrB,EAAG,CAAC,CACpC,CAEA,SAASiB,GAAiBZ,EAAG6C,EAAIC,EAAGC,EAAI,CACtC,OAAOC,GAAGhD,EAAG6C,EAAIC,EAAGC,EAAI,EAAE,CAC5B,CAEA,SAASC,GAAGhD,EAAG6C,EAAIC,EAAGC,EAAI,EAAG,CAC3B,IAAI,EAAGpD,EAAI,EACX,IAAI,EAAI,EAAG,EAAI,EAAG,EAAE,EAClBA,GAAKK,EAAE6C,EAAK,CAAC,EAAIC,EAAEC,EAAK,CAAC,EAE3B,OAAQ,EAAMpD,EAAI,IAAO,GAAM,CACjC,CAEA,SAASmC,GAASc,EAAG,CACnB,IAAIjD,EAAI,IAAI9C,GAAa,EAAE,EAC3B,OAAAgF,GAAUlC,EAAGiD,CAAC,EACPjD,EAAE,CAAC,EAAI,CAChB,CAEA,SAASe,GAAWhB,EAAGc,EAAGyC,EAAG,CAC3B,IAAIlC,EAAG3D,EAKP,IAJAmF,GAAS7C,EAAE,CAAC,EAAGd,EAAG,EAClB2D,GAAS7C,EAAE,CAAC,EAAGZ,EAAG,EAClByD,GAAS7C,EAAE,CAAC,EAAGZ,EAAG,EAClByD,GAAS7C,EAAE,CAAC,EAAGd,EAAG,EACdxB,EAAI,IAAKA,GAAK,EAAG,EAAEA,EACrB2D,EAAKkC,EAAG7F,EAAI,EAAG,CAAC,IAAMA,EAAI,GAAM,EAChCmE,GAAM7B,EAAGc,EAAGO,CAAC,EACbJ,GAAIH,EAAGd,CAAC,EACRiB,GAAIjB,EAAGA,CAAC,EACR6B,GAAM7B,EAAGc,EAAGO,CAAC,CAEjB,CAEA,SAASnB,GAAWF,EAAGuD,EAAG,CACxB,IAAIzC,EAAI,CAAC3B,EAAG,EAAGA,EAAG,EAAGA,EAAG,EAAGA,EAAG,CAAC,EAC/B0D,GAAS/B,EAAE,CAAC,EAAGvB,EAAC,EAChBsD,GAAS/B,EAAE,CAAC,EAAGtB,EAAC,EAChBqD,GAAS/B,EAAE,CAAC,EAAG1B,EAAG,EAClBuC,GAAEb,EAAE,CAAC,EAAGvB,GAAGC,EAAC,EACZwB,GAAWhB,EAAGc,EAAGyC,CAAC,CACpB,CAEA,SAASV,GAASrC,EAAG0C,EAAG,CACtB,IAAIxF,EACJ,IAAIA,EAAI,EAAGA,EAAI,GAAIA,IACjB8C,EAAE9C,CAAC,EAAIwF,EAAExF,CAAC,EAAI,CAElB,CAEA,SAASwE,GAASG,EAAG3E,EAAG,CACtB,IAAI4D,EAAInC,EAAG,EACP+D,EACJ,IAAIA,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnB5B,EAAE4B,CAAC,EAAIxF,EAAEwF,CAAC,EAEZ,IAAIA,EAAI,IAAKA,GAAK,EAAG,EAAEA,EACrBH,GAAEzB,EAAGA,CAAC,EACH4B,IAAM,GAAKA,IAAM,GAClBvB,GAAEL,EAAGA,EAAG5D,CAAC,EAGb,IAAIwF,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnBb,EAAEa,CAAC,EAAI5B,EAAE4B,CAAC,CAEd,CAEA,SAASZ,GAASD,EAAG,CACnB,IAAI3E,EAAG8F,EAAGlC,EAAI,EACd,IAAI5D,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACnB8F,EAAInB,EAAE3E,CAAC,EAAI4D,EAAI,MACfA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EACxBnB,EAAE3E,CAAC,EAAI8F,EAAIlC,EAAI,MAEjBe,EAAE,CAAC,GAAKf,EAAI,EAAI,IAAMA,EAAI,EAC5B,CAEA,SAASQ,GAAS9B,EAAGc,EAAGO,EAAG,CAEzB,QADIR,EAAGS,EAAI,EAAED,EAAI,GACT,EAAI,EAAG,EAAI,GAAI,EAAE,EACvBR,EAAIS,GAAKtB,EAAE,CAAC,EAAIc,EAAE,CAAC,GACnBd,EAAE,CAAC,GAAKa,EACRC,EAAE,CAAC,GAAKD,CAEZ,CAEA,SAAS1B,EAAGsE,EAAM,CAChB,IAAI/F,EAAG8C,EAAI,IAAI,aAAa,EAAE,EAC9B,GAAGiD,EACD,IAAI/F,EAAI,EAAGA,EAAI+F,EAAK,OAAQ,EAAE/F,EAC5B8C,EAAE9C,CAAC,EAAI+F,EAAK/F,CAAC,EAGjB,OAAO8C,CACT,CAEA,SAASoB,GAAES,EAAGa,EAAG7B,EAAG,CAClB,QAAQ3D,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACvB2E,EAAE3E,CAAC,EAAIwF,EAAExF,CAAC,EAAI2D,EAAE3D,CAAC,CAErB,CAEA,SAASgE,GAAEW,EAAGa,EAAG7B,EAAG,CAClB,QAAQ3D,EAAI,EAAGA,EAAI,GAAI,EAAEA,EACvB2E,EAAE3E,CAAC,EAAIwF,EAAExF,CAAC,EAAI2D,EAAE3D,CAAC,CAErB,CAEA,SAASqF,GAAEV,EAAGa,EAAG,CACfvB,GAAEU,EAAGa,EAAGA,CAAC,CACX,CAEA,SAASvB,GAAEU,EAAGa,EAAG7B,EAAG,CAClB,IAAImC,EAAGlC,EACJoC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EAAIC,EAAK,EACpEC,EAAK,EAAIC,EAAK,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EACrEC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,EAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EACrEC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,GAAM,EAAGC,EAAM,EAAGC,GAAM,EAAGC,GAAM,EAC5DC,GAAKpE,EAAE,CAAC,EACRqE,GAAKrE,EAAE,CAAC,EACRsE,GAAKtE,EAAE,CAAC,EACRuE,GAAKvE,EAAE,CAAC,EACRwE,GAAKxE,EAAE,CAAC,EACRyE,GAAKzE,EAAE,CAAC,EACR0E,GAAK1E,EAAE,CAAC,EACR2E,GAAK3E,EAAE,CAAC,EACR4E,GAAK5E,EAAE,CAAC,EACR6E,GAAK7E,EAAE,CAAC,EACR8E,GAAM9E,EAAE,EAAE,EACV+E,GAAM/E,EAAE,EAAE,EACVgF,GAAMhF,EAAE,EAAE,EACViF,GAAMjF,EAAE,EAAE,EACVkF,GAAMlF,EAAE,EAAE,EACVmF,GAAMnF,EAAE,EAAE,EAEZmC,EAAIN,EAAE,CAAC,EACPQ,GAAMF,EAAIiC,GACV9B,GAAMH,EAAIkC,GACV9B,GAAMJ,EAAImC,GACV9B,GAAML,EAAIoC,GACV9B,GAAMN,EAAIqC,GACV9B,GAAMP,EAAIsC,GACV9B,GAAMR,EAAIuC,GACV9B,GAAMT,EAAIwC,GACV9B,GAAMV,EAAIyC,GACV9B,GAAMX,EAAI0C,GACV9B,GAAOZ,EAAI2C,GACX9B,GAAOb,EAAI4C,GACX9B,GAAOd,EAAI6C,GACX9B,GAAOf,EAAI8C,GACX9B,GAAOhB,EAAI+C,GACX9B,GAAOjB,EAAIgD,GACXhD,EAAIN,EAAE,CAAC,EACPS,GAAMH,EAAIiC,GACV7B,GAAMJ,EAAIkC,GACV7B,GAAML,EAAImC,GACV7B,GAAMN,EAAIoC,GACV7B,GAAMP,EAAIqC,GACV7B,GAAMR,EAAIsC,GACV7B,GAAMT,EAAIuC,GACV7B,GAAMV,EAAIwC,GACV7B,GAAMX,EAAIyC,GACV7B,GAAOZ,EAAI0C,GACX7B,GAAOb,EAAI2C,GACX7B,GAAOd,EAAI4C,GACX7B,GAAOf,EAAI6C,GACX7B,GAAOhB,EAAI8C,GACX7B,GAAOjB,EAAI+C,GACX7B,GAAOlB,EAAIgD,GACXhD,EAAIN,EAAE,CAAC,EACPU,GAAMJ,EAAIiC,GACV5B,GAAML,EAAIkC,GACV5B,GAAMN,EAAImC,GACV5B,GAAMP,EAAIoC,GACV5B,GAAMR,EAAIqC,GACV5B,GAAMT,EAAIsC,GACV5B,GAAMV,EAAIuC,GACV5B,GAAMX,EAAIwC,GACV5B,GAAOZ,EAAIyC,GACX5B,GAAOb,EAAI0C,GACX5B,GAAOd,EAAI2C,GACX5B,GAAOf,EAAI4C,GACX5B,GAAOhB,EAAI6C,GACX5B,GAAOjB,EAAI8C,GACX5B,GAAOlB,EAAI+C,GACX5B,GAAOnB,EAAIgD,GACXhD,EAAIN,EAAE,CAAC,EACPW,GAAML,EAAIiC,GACV3B,GAAMN,EAAIkC,GACV3B,GAAMP,EAAImC,GACV3B,GAAMR,EAAIoC,GACV3B,GAAMT,EAAIqC,GACV3B,GAAMV,EAAIsC,GACV3B,GAAMX,EAAIuC,GACV3B,GAAOZ,EAAIwC,GACX3B,GAAOb,EAAIyC,GACX3B,GAAOd,EAAI0C,GACX3B,GAAOf,EAAI2C,GACX3B,GAAOhB,EAAI4C,GACX3B,GAAOjB,EAAI6C,GACX3B,GAAOlB,EAAI8C,GACX3B,GAAOnB,EAAI+C,GACX3B,GAAOpB,EAAIgD,GACXhD,EAAIN,EAAE,CAAC,EACPY,GAAMN,EAAIiC,GACV1B,GAAMP,EAAIkC,GACV1B,GAAMR,EAAImC,GACV1B,GAAMT,EAAIoC,GACV1B,GAAMV,EAAIqC,GACV1B,GAAMX,EAAIsC,GACV1B,GAAOZ,EAAIuC,GACX1B,GAAOb,EAAIwC,GACX1B,GAAOd,EAAIyC,GACX1B,GAAOf,EAAI0C,GACX1B,GAAOhB,EAAI2C,GACX1B,GAAOjB,EAAI4C,GACX1B,GAAOlB,EAAI6C,GACX1B,GAAOnB,EAAI8C,GACX1B,GAAOpB,EAAI+C,GACX1B,GAAOrB,EAAIgD,GACXhD,EAAIN,EAAE,CAAC,EACPa,GAAMP,EAAIiC,GACVzB,GAAMR,EAAIkC,GACVzB,GAAMT,EAAImC,GACVzB,GAAMV,EAAIoC,GACVzB,GAAMX,EAAIqC,GACVzB,GAAOZ,EAAIsC,GACXzB,GAAOb,EAAIuC,GACXzB,GAAOd,EAAIwC,GACXzB,GAAOf,EAAIyC,GACXzB,GAAOhB,EAAI0C,GACXzB,GAAOjB,EAAI2C,GACXzB,GAAOlB,EAAI4C,GACXzB,GAAOnB,EAAI6C,GACXzB,GAAOpB,EAAI8C,GACXzB,GAAOrB,EAAI+C,GACXzB,IAAOtB,EAAIgD,GACXhD,EAAIN,EAAE,CAAC,EACPc,GAAMR,EAAIiC,GACVxB,GAAMT,EAAIkC,GACVxB,GAAMV,EAAImC,GACVxB,GAAMX,EAAIoC,GACVxB,GAAOZ,EAAIqC,GACXxB,GAAOb,EAAIsC,GACXxB,GAAOd,EAAIuC,GACXxB,GAAOf,EAAIwC,GACXxB,GAAOhB,EAAIyC,GACXxB,GAAOjB,EAAI0C,GACXxB,GAAOlB,EAAI2C,GACXxB,GAAOnB,EAAI4C,GACXxB,GAAOpB,EAAI6C,GACXxB,GAAOrB,EAAI8C,GACXxB,IAAOtB,EAAI+C,GACXxB,IAAOvB,EAAIgD,GACXhD,EAAIN,EAAE,CAAC,EACPe,GAAMT,EAAIiC,GACVvB,GAAMV,EAAIkC,GACVvB,GAAMX,EAAImC,GACVvB,GAAOZ,EAAIoC,GACXvB,GAAOb,EAAIqC,GACXvB,GAAOd,EAAIsC,GACXvB,GAAOf,EAAIuC,GACXvB,GAAOhB,EAAIwC,GACXvB,GAAOjB,EAAIyC,GACXvB,GAAOlB,EAAI0C,GACXvB,GAAOnB,EAAI2C,GACXvB,GAAOpB,EAAI4C,GACXvB,GAAOrB,EAAI6C,GACXvB,IAAOtB,EAAI8C,GACXvB,IAAOvB,EAAI+C,GACXvB,IAAOxB,EAAIgD,GACXhD,EAAIN,EAAE,CAAC,EACPgB,GAAMV,EAAIiC,GACVtB,GAAMX,EAAIkC,GACVtB,GAAOZ,EAAImC,GACXtB,GAAOb,EAAIoC,GACXtB,GAAOd,EAAIqC,GACXtB,GAAOf,EAAIsC,GACXtB,GAAOhB,EAAIuC,GACXtB,GAAOjB,EAAIwC,GACXtB,GAAOlB,EAAIyC,GACXtB,GAAOnB,EAAI0C,GACXtB,GAAOpB,EAAI2C,GACXtB,GAAOrB,EAAI4C,GACXtB,IAAOtB,EAAI6C,GACXtB,IAAOvB,EAAI8C,GACXtB,IAAOxB,EAAI+C,GACXtB,IAAOzB,EAAIgD,GACXhD,EAAIN,EAAE,CAAC,EACPiB,GAAMX,EAAIiC,GACVrB,GAAOZ,EAAIkC,GACXrB,GAAOb,EAAImC,GACXrB,GAAOd,EAAIoC,GACXrB,GAAOf,EAAIqC,GACXrB,GAAOhB,EAAIsC,GACXrB,GAAOjB,EAAIuC,GACXrB,GAAOlB,EAAIwC,GACXrB,GAAOnB,EAAIyC,GACXrB,GAAOpB,EAAI0C,GACXrB,GAAOrB,EAAI2C,GACXrB,IAAOtB,EAAI4C,GACXrB,IAAOvB,EAAI6C,GACXrB,IAAOxB,EAAI8C,GACXrB,IAAOzB,EAAI+C,GACXrB,IAAO1B,EAAIgD,GACXhD,EAAIN,EAAE,EAAE,EACRkB,GAAOZ,EAAIiC,GACXpB,GAAOb,EAAIkC,GACXpB,GAAOd,EAAImC,GACXpB,GAAOf,EAAIoC,GACXpB,GAAOhB,EAAIqC,GACXpB,GAAOjB,EAAIsC,GACXpB,GAAOlB,EAAIuC,GACXpB,GAAOnB,EAAIwC,GACXpB,GAAOpB,EAAIyC,GACXpB,GAAOrB,EAAI0C,GACXpB,IAAOtB,EAAI2C,GACXpB,IAAOvB,EAAI4C,GACXpB,IAAOxB,EAAI6C,GACXpB,IAAOzB,EAAI8C,GACXpB,IAAO1B,EAAI+C,GACXpB,IAAO3B,EAAIgD,GACXhD,EAAIN,EAAE,EAAE,EACRmB,GAAOb,EAAIiC,GACXnB,GAAOd,EAAIkC,GACXnB,GAAOf,EAAImC,GACXnB,GAAOhB,EAAIoC,GACXnB,GAAOjB,EAAIqC,GACXnB,GAAOlB,EAAIsC,GACXnB,GAAOnB,EAAIuC,GACXnB,GAAOpB,EAAIwC,GACXnB,GAAOrB,EAAIyC,GACXnB,IAAOtB,EAAI0C,GACXnB,IAAOvB,EAAI2C,GACXnB,IAAOxB,EAAI4C,GACXnB,IAAOzB,EAAI6C,GACXnB,IAAO1B,EAAI8C,GACXnB,IAAO3B,EAAI+C,GACXnB,IAAO5B,EAAIgD,GACXhD,EAAIN,EAAE,EAAE,EACRoB,GAAOd,EAAIiC,GACXlB,GAAOf,EAAIkC,GACXlB,GAAOhB,EAAImC,GACXlB,GAAOjB,EAAIoC,GACXlB,GAAOlB,EAAIqC,GACXlB,GAAOnB,EAAIsC,GACXlB,GAAOpB,EAAIuC,GACXlB,GAAOrB,EAAIwC,GACXlB,IAAOtB,EAAIyC,GACXlB,IAAOvB,EAAI0C,GACXlB,IAAOxB,EAAI2C,GACXlB,IAAOzB,EAAI4C,GACXlB,IAAO1B,EAAI6C,GACXlB,IAAO3B,EAAI8C,GACXlB,IAAO5B,EAAI+C,GACXlB,IAAO7B,EAAIgD,GACXhD,EAAIN,EAAE,EAAE,EACRqB,GAAOf,EAAIiC,GACXjB,GAAOhB,EAAIkC,GACXjB,GAAOjB,EAAImC,GACXjB,GAAOlB,EAAIoC,GACXjB,GAAOnB,EAAIqC,GACXjB,GAAOpB,EAAIsC,GACXjB,GAAOrB,EAAIuC,GACXjB,IAAOtB,EAAIwC,GACXjB,IAAOvB,EAAIyC,GACXjB,IAAOxB,EAAI0C,GACXjB,IAAOzB,EAAI2C,GACXjB,IAAO1B,EAAI4C,GACXjB,IAAO3B,EAAI6C,GACXjB,IAAO5B,EAAI8C,GACXjB,IAAO7B,EAAI+C,GACXjB,GAAO9B,EAAIgD,GACXhD,EAAIN,EAAE,EAAE,EACRsB,GAAOhB,EAAIiC,GACXhB,GAAOjB,EAAIkC,GACXhB,GAAOlB,EAAImC,GACXhB,GAAOnB,EAAIoC,GACXhB,GAAOpB,EAAIqC,GACXhB,GAAOrB,EAAIsC,GACXhB,IAAOtB,EAAIuC,GACXhB,IAAOvB,EAAIwC,GACXhB,IAAOxB,EAAIyC,GACXhB,IAAOzB,EAAI0C,GACXhB,IAAO1B,EAAI2C,GACXhB,IAAO3B,EAAI4C,GACXhB,IAAO5B,EAAI6C,GACXhB,IAAO7B,EAAI8C,GACXhB,GAAO9B,EAAI+C,GACXhB,IAAO/B,EAAIgD,GACXhD,EAAIN,EAAE,EAAE,EACRuB,GAAOjB,EAAIiC,GACXf,GAAOlB,EAAIkC,GACXf,GAAOnB,EAAImC,GACXf,GAAOpB,EAAIoC,GACXf,GAAOrB,EAAIqC,GACXf,IAAOtB,EAAIsC,GACXf,IAAOvB,EAAIuC,GACXf,IAAOxB,EAAIwC,GACXf,IAAOzB,EAAIyC,GACXf,IAAO1B,EAAI0C,GACXf,IAAO3B,EAAI2C,GACXf,IAAO5B,EAAI4C,GACXf,IAAO7B,EAAI6C,GACXf,GAAO9B,EAAI8C,GACXf,IAAO/B,EAAI+C,GACXf,IAAOhC,EAAIgD,GAEX9C,GAAO,GAAKgB,EACZf,GAAO,GAAKgB,EACZf,GAAO,GAAKgB,EACZf,GAAO,GAAKgB,EACZf,GAAO,GAAKgB,GACZf,GAAO,GAAKgB,GACZf,GAAO,GAAKgB,GACZf,GAAO,GAAKgB,GACZf,GAAO,GAAKgB,GACZf,GAAO,GAAKgB,GACZf,GAAO,GAAKgB,GACZf,GAAO,GAAKgB,GACZf,GAAO,GAAKgB,EACZf,GAAO,GAAKgB,GACZf,GAAO,GAAKgB,GAIZlE,EAAI,EACJkC,EAAKE,EAAKpC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIE,EAAKF,EAAIlC,EAAI,MAC9DkC,EAAKG,EAAKrC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIG,EAAKH,EAAIlC,EAAI,MAC9DkC,EAAKI,EAAKtC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAII,EAAKJ,EAAIlC,EAAI,MAC9DkC,EAAKK,EAAKvC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIK,EAAKL,EAAIlC,EAAI,MAC9DkC,EAAKM,EAAKxC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIM,EAAKN,EAAIlC,EAAI,MAC9DkC,EAAKO,EAAKzC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIO,EAAKP,EAAIlC,EAAI,MAC9DkC,EAAKQ,EAAK1C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIQ,EAAKR,EAAIlC,EAAI,MAC9DkC,EAAKS,EAAK3C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIS,EAAKT,EAAIlC,EAAI,MAC9DkC,EAAKU,EAAK5C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIU,EAAKV,EAAIlC,EAAI,MAC9DkC,EAAKW,EAAK7C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIW,EAAKX,EAAIlC,EAAI,MAC9DkC,EAAIY,EAAM9C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGY,EAAMZ,EAAIlC,EAAI,MAC9DkC,EAAIa,EAAM/C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGa,EAAMb,EAAIlC,EAAI,MAC9DkC,EAAIc,EAAMhD,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGc,EAAMd,EAAIlC,EAAI,MAC9DkC,EAAIe,EAAMjD,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGe,EAAMf,EAAIlC,EAAI,MAC9DkC,EAAIgB,EAAMlD,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGgB,EAAMhB,EAAIlC,EAAI,MAC9DkC,EAAIiB,EAAMnD,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGiB,EAAMjB,EAAIlC,EAAI,MAC9DoC,GAAMpC,EAAE,EAAI,IAAMA,EAAE,GAGpBA,EAAI,EACJkC,EAAKE,EAAKpC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIE,EAAKF,EAAIlC,EAAI,MAC9DkC,EAAKG,EAAKrC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIG,EAAKH,EAAIlC,EAAI,MAC9DkC,EAAKI,EAAKtC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAII,EAAKJ,EAAIlC,EAAI,MAC9DkC,EAAKK,EAAKvC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIK,EAAKL,EAAIlC,EAAI,MAC9DkC,EAAKM,EAAKxC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIM,EAAKN,EAAIlC,EAAI,MAC9DkC,EAAKO,EAAKzC,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIO,EAAKP,EAAIlC,EAAI,MAC9DkC,EAAKQ,EAAK1C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIQ,EAAKR,EAAIlC,EAAI,MAC9DkC,EAAKS,EAAK3C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIS,EAAKT,EAAIlC,EAAI,MAC9DkC,EAAKU,EAAK5C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIU,EAAKV,EAAIlC,EAAI,MAC9DkC,EAAKW,EAAK7C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAIW,EAAKX,EAAIlC,EAAI,MAC9DkC,EAAIY,EAAM9C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGY,EAAMZ,EAAIlC,EAAI,MAC9DkC,EAAIa,EAAM/C,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGa,EAAMb,EAAIlC,EAAI,MAC9DkC,EAAIc,EAAMhD,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGc,EAAMd,EAAIlC,EAAI,MAC9DkC,EAAIe,EAAMjD,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGe,EAAMf,EAAIlC,EAAI,MAC9DkC,EAAIgB,EAAMlD,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGgB,EAAMhB,EAAIlC,EAAI,MAC9DkC,EAAIiB,EAAMnD,EAAI,MAAOA,EAAI,KAAK,MAAMkC,EAAI,KAAK,EAAGiB,EAAMjB,EAAIlC,EAAI,MAC9DoC,GAAMpC,EAAE,EAAI,IAAMA,EAAE,GAEpBe,EAAG,CAAC,EAAIqB,EACRrB,EAAG,CAAC,EAAIsB,EACRtB,EAAG,CAAC,EAAIuB,EACRvB,EAAG,CAAC,EAAIwB,EACRxB,EAAG,CAAC,EAAIyB,EACRzB,EAAG,CAAC,EAAI0B,EACR1B,EAAG,CAAC,EAAI2B,EACR3B,EAAG,CAAC,EAAI4B,EACR5B,EAAG,CAAC,EAAI6B,EACR7B,EAAG,CAAC,EAAI8B,EACR9B,EAAE,EAAE,EAAI+B,EACR/B,EAAE,EAAE,EAAIgC,EACRhC,EAAE,EAAE,EAAIiC,EACRjC,EAAE,EAAE,EAAIkC,EACRlC,EAAE,EAAE,EAAImC,EACRnC,EAAE,EAAE,EAAIoC,CACV,IC/iCA,IAAAgC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cASA,IAAIC,GAAQ,IACZ,KACA,KACA,KAEAD,GAAO,QAAUC,GAAM,IAAMA,GAAM,KAAO,CAAC,EAE3C,IAAIC,GAAaD,GAAM,KAAK,WAK5BA,GAAM,IAAI,IAAM,CAAC,EAgBjBA,GAAM,IAAI,IAAI,OAAS,SAASE,EAAKC,EAAS,CAC5CA,EAAUA,GAAW,CAAC,EACtB,IAAIC,EAAOD,EAAQ,MAAQH,GAAM,OAE7BK,EAAM,CAAC,EAaX,OAAAA,EAAI,QAAU,SAASC,EAAWC,EAAW,CAE3C,IAAIC,EAAa,KAAK,KAAKF,EAAU,EAAE,UAAU,EAAI,CAAC,EAClDG,EACJ,GACEA,EAAI,IAAIR,GACND,GAAM,KAAK,WAAWI,EAAK,aAAaI,CAAU,CAAC,EACnD,EAAE,EAAE,IAAIF,EAAU,CAAC,QACfG,EAAE,UAAUR,GAAW,GAAG,GAAK,GAGvCQ,EAAIT,GAAM,KAAK,WAAWS,EAAE,SAAS,EAAE,CAAC,EACxC,IAAIC,EAAQF,EAAaC,EAAE,OACxBC,EAAQ,IACTD,EAAIT,GAAM,KAAK,WAAW,KAAwBU,CAAK,EAAID,GAI7D,IAAIE,EAAgBL,EAAU,QAAQG,EAAG,MAAM,EAG3CG,EAAMV,EAAI,SAASO,EAAGF,CAAS,EAEnC,MAAO,CAAC,cAAeI,EAAe,IAAKC,CAAG,CAChD,EAYAP,EAAI,QAAU,SAASQ,EAAYF,EAAeJ,EAAW,CAE3D,IAAIE,EAAII,EAAW,QAAQF,EAAe,MAAM,EAChD,OAAOT,EAAI,SAASO,EAAGF,CAAS,CAClC,EAEOF,CACT,EAaAL,GAAM,IAAI,KAAO,SAASc,EAAIC,EAAc,CAC1CC,GAAW,KAAMF,EAAI,EAAGC,GAAgBD,EAAG,YAAY,CACzD,EAWAd,GAAM,IAAI,KAAO,SAASc,EAAIC,EAAc,CAC1CC,GAAW,KAAMF,EAAI,EAAGC,GAAgBD,EAAG,YAAY,CACzD,EAWA,SAASE,GAAWd,EAAKY,EAAIG,EAAcF,EAAc,CASvDb,EAAI,SAAW,SAASgB,EAAGC,EAAQ,CAOjC,QANIP,EAAM,IAAIZ,GAAM,KAAK,WAGrBoB,EAAI,KAAK,KAAKD,EAASJ,CAAY,EAAIE,EAEvCI,EAAI,IAAIrB,GAAM,KAAK,WACfsB,EAAIL,EAAcK,EAAIF,EAAG,EAAEE,EAAG,CAEpCD,EAAE,SAASC,CAAC,EAGZR,EAAG,MAAM,EACTA,EAAG,OAAOI,EAAIG,EAAE,SAAS,CAAC,EAC1B,IAAIE,EAAOT,EAAG,OAAO,EACrBF,EAAI,SAASW,EAAK,SAASR,CAAY,CAAC,CAC1C,CAGA,OAAAH,EAAI,SAASA,EAAI,OAAO,EAAIO,CAAM,EAC3BP,EAAI,SAAS,CACtB,CACF,ICvKA,IAAAY,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOA,IAAIC,EAAQ,IACZ,KAGAD,GAAO,QAAUC,EAAM,IAAMA,EAAM,KAAO,CAAC,EAe3CA,EAAM,IAAI,OAAS,CACjB,OAAQ,QAAS,UAAW,OAAQ,QAAS,UAAW,KAAK,EAI/D,IAAIC,GAAa,CAAC,EAEdC,GAAW,CAAC,EAKZC,GAAiB,KAQrBH,EAAM,IAAI,aAAgB,EAM1BA,EAAM,IAAI,eAAkB,EAQ5BA,EAAM,IAAI,YAAe,EAGzB,IAAQI,GAAI,EAAGA,GAAIJ,EAAM,IAAI,OAAO,OAAQ,EAAEI,GACxCC,GAAQL,EAAM,IAAI,OAAOI,EAAC,EAC9BH,GAAWI,EAAK,EAAI,CAClB,MAAOD,GACP,KAAMC,GAAM,YAAY,CAC1B,EAJI,IAAAA,GADED,GAaRJ,EAAM,IAAI,WAAa,SAASM,EAAS,CAEvC,QADIC,EAAoBN,GAAWK,EAAQ,KAAK,EAAE,MAC1CF,EAAI,EAAGA,EAAIF,GAAS,OAAQ,EAAEE,EAAG,CACvC,IAAII,EAASN,GAASE,CAAC,EACvB,GAAGI,EAAO,MAAQR,EAAM,IAAI,eAC1BQ,EAAO,EAAEF,CAAO,MACX,CAEL,IAAIG,EAAmBR,GAAWO,EAAO,KAAK,EAAE,MAE7CD,GAAqBE,GAEtBD,EAAO,EAAEA,EAAQF,CAAO,CAE5B,CACF,CACF,EAQAN,EAAM,IAAI,gBAAkB,SAASM,EAAS,CACvC,aAAcA,IACjBA,EAAQ,SACNL,GAAWK,EAAQ,KAAK,EAAE,KAE1B,KAAOA,EAAQ,SAAW,KAC1BA,EAAQ,QAEd,EAQAN,EAAM,IAAI,YAAc,SAASM,EAAS,CACxC,GAAG,EAAE,SAAUA,GAAU,CAEvB,IAAII,EAAO,CAACJ,EAAQ,OAAO,EAC3BI,EAAOA,EAAK,OAAO,CAAC,CAAyB,EAE7CJ,EAAQ,KAAON,EAAM,KAAK,OAAO,MAAM,KAAMU,CAAI,CACnD,CACF,EAQAV,EAAM,IAAI,oBAAsB,SAASM,EAAS,CAC3C,iBAAkBA,IAErBN,EAAM,IAAI,gBAAgBM,CAAO,EACjCA,EAAQ,aAAeA,EAAQ,SAEnC,EAME,IADIK,GAAS,CAAC,QAAS,UAAW,OAAQ,QAAS,SAAS,EACpDP,GAAI,EAAGA,GAAIO,GAAO,OAAQ,EAAEP,IAEjC,SAASC,EAAO,CAEfL,EAAM,IAAIK,CAAK,EAAI,SAASO,EAAUN,EAAsB,CAE1D,IAAII,EAAO,MAAM,UAAU,MAAM,KAAK,SAAS,EAAE,MAAM,CAAC,EAGpDG,EAAM,CACR,UAAW,IAAI,KACf,MAAOR,EACP,SAAUO,EACV,QAASN,EACT,UAAaI,CAIf,EAEAV,EAAM,IAAI,WAAWa,CAAG,CAC1B,CACF,GAAGF,GAAOP,EAAC,CAAC,EAvBV,IAAAO,GACIP,GA4CVJ,EAAM,IAAI,WAAa,SAASc,EAAa,CAC3C,IAAIN,EAAS,CACX,MAAO,EACP,EAAGM,CACL,EACA,OAAAd,EAAM,IAAI,SAASQ,EAAQ,MAAM,EAC1BA,CACT,EAUAR,EAAM,IAAI,SAAW,SAASQ,EAAQH,EAAO,CAC3C,IAAIU,EAAO,GACX,GAAGP,GAAU,EAAEA,EAAO,MAAQR,EAAM,IAAI,cACtC,QAAQI,EAAI,EAAGA,EAAIJ,EAAM,IAAI,OAAO,OAAQ,EAAEI,EAAG,CAC/C,IAAIY,EAAchB,EAAM,IAAI,OAAOI,CAAC,EACpC,GAAGC,GAASW,EAAa,CAEvBR,EAAO,MAAQH,EACfU,EAAO,GACP,KACF,CACF,CAGF,OAAOA,CACT,EAQAf,EAAM,IAAI,KAAO,SAASQ,EAAQS,EAAM,CACnC,OAAOA,EAAS,KAAeA,EAChCT,EAAO,OAASR,EAAM,IAAI,aAE1BQ,EAAO,OAAS,CAACR,EAAM,IAAI,YAE/B,EAOAA,EAAM,IAAI,UAAY,SAASQ,EAAQ,CACrCN,GAAS,KAAKM,CAAM,CACtB,EAGG,OAAO,QAAa,KAAe,QAAS,SAE1C,QAAQ,OAAS,QAAQ,MAAQ,QAAQ,MAAQ,QAAQ,OAGtDU,GAAgB,CAClB,MAAO,QAAQ,MACf,QAAS,QAAQ,KACjB,KAAM,QAAQ,KACd,MAAO,QAAQ,MACf,QAAS,QAAQ,KACnB,EACIC,GAAI,SAASX,EAAQF,EAAS,CAChCN,EAAM,IAAI,gBAAgBM,CAAO,EACjC,IAAIc,EAAUF,GAAcZ,EAAQ,KAAK,EAErCI,EAAO,CAACJ,EAAQ,QAAQ,EAC5BI,EAAOA,EAAK,OAAOJ,EAAQ,UAAa,MAAM,CAAC,EAE/Cc,EAAQ,MAAM,QAASV,CAAI,CAC7B,EACAF,GAASR,EAAM,IAAI,WAAWmB,EAAC,IAG3BA,GAAI,SAASX,EAAQF,EAAS,CAChCN,EAAM,IAAI,oBAAoBM,CAAO,EACrC,QAAQ,IAAIA,EAAQ,YAAY,CAClC,EACAE,GAASR,EAAM,IAAI,WAAWmB,EAAC,GAEjCnB,EAAM,IAAI,SAASQ,GAAQ,OAAO,EAClCR,EAAM,IAAI,UAAUQ,EAAM,EAC1BL,GAAiBK,IAIjB,QAAU,CACR,IAAK,UAAW,CAAC,CACnB,EArCI,IAAAA,GAIEU,GAOAC,GAyCLhB,KAAmB,MACpB,OAAO,OAAW,KAAe,OAAO,WAEpCkB,GAAQ,IAAI,IAAI,OAAO,SAAS,IAAI,EAAE,aACvCA,GAAM,IAAI,eAAe,GAE1BrB,EAAM,IAAI,SACRG,GAAgBkB,GAAM,IAAI,eAAe,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,EAExDA,GAAM,IAAI,cAAc,IAErBJ,GAAOI,GAAM,IAAI,cAAc,EAAE,MAAM,EAAE,EAAE,CAAC,EAC7CJ,IAAQ,QACTjB,EAAM,IAAI,KAAKG,EAAc,IAV7B,IAAAkB,GAQEJ,GAQRjB,EAAM,IAAI,cAAgBG,KC9T1B,IAAAmB,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOAA,GAAO,QAAU,KAEjB,KACA,KACA,KACA,OCZA,IAAAC,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAkBA,IAAIC,EAAQ,IACZ,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KAGA,IAAIC,EAAOD,EAAM,KAGbE,GAAKH,GAAO,QAAUC,EAAM,MAAQA,EAAM,OAAS,CAAC,EASxDE,GAAG,eAAiB,SAASC,EAAK,CAChC,IAAIC,EAAMJ,EAAM,IAAI,OAAOG,CAAG,EAAE,CAAC,EAEjC,GAAGC,EAAI,OAAS,QAAS,CACvB,IAAIC,EAAQ,IAAI,MAAM,6EACU,EAChC,MAAAA,EAAM,WAAaD,EAAI,KACjBC,CACR,CACA,GAAGD,EAAI,UAAYA,EAAI,SAAS,OAAS,YACvC,MAAM,IAAI,MAAM,8DAA8D,EAIhF,IAAIE,EAAML,EAAK,QAAQG,EAAI,IAAI,EAE/B,OAAOF,GAAG,gBAAgBI,CAAG,CAC/B,EAUAJ,GAAG,aAAe,SAASE,EAAKG,EAAS,CAEvC,IAAIC,EAAS,CACX,KAAM,QACN,KAAMP,EAAK,MAAMG,EAAI,OAAO,CAAC,EAAE,SAAS,CAC1C,EACA,OAAOJ,EAAM,IAAI,OAAOQ,EAAQ,CAAC,QAASD,CAAO,CAAC,CACpD,EASAL,GAAG,gBAAkB,SAASI,EAAK,CAEjC,IAAIG,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAACT,EAAK,SAASK,EAAKJ,GAAG,KAAK,qBAAsBO,EAASC,CAAM,EAAG,CACrE,IAAIL,EAAQ,IAAI,MAAM,wEACwB,EAC9C,MAAAA,EAAM,OAASK,EACTL,CACR,CAEA,IAAIM,EAAcV,EAAK,SAASQ,EAAQ,WAAW,EAC/CL,EAEJ,OAAOO,EAAa,CAClB,KAAKX,EAAM,IAAI,KAAK,cAClBI,EAAMF,GAAG,oBAAoB,EAC7B,MAEF,KAAKF,EAAM,IAAI,KAAK,cAClBI,EAAMF,GAAG,oBAAoB,EAC7B,MAEF,KAAKF,EAAM,IAAI,KAAK,WAClBI,EAAMF,GAAG,iBAAiB,EAC1B,MAEF,QACE,MAAM,IAAI,MAAM,oDACdS,EAAc,0BAA0B,CAC9C,CAEA,OAAAP,EAAI,SAASK,EAAQ,QAAQ,MAAM,CAAC,CAAC,EAC9BL,CACT,EAEAF,GAAG,iBAAmB,UAAW,CAC/B,IAAIE,EAAM,KACV,OAAAA,EAAM,CACJ,KAAMJ,EAAM,IAAI,KAAK,WACrB,QAAS,EACT,aAAc,CAAC,EACf,KAAM,CAAC,EAEP,QAAS,CAAC,EAEV,2BAA4B,CAAC,EAC7B,YAAa,KACb,YAAa,CAAC,EAEd,SAAU,SAASM,EAAK,CAStB,GAPAM,GAAUR,EAAKE,EAAKJ,GAAG,KAAK,mBAAmB,EAC/CE,EAAI,aAAe,CAAC,EACpBA,EAAI,KAAO,CAAC,EACZA,EAAI,2BAA6B,CAAC,EAClCA,EAAI,YAAc,KAClBA,EAAI,YAAc,CAAC,EAEhBA,EAAI,WAAW,aAEhB,QADIS,EAAQT,EAAI,WAAW,aAAa,MAChC,EAAI,EAAG,EAAIS,EAAM,OAAQ,EAAE,EACjCT,EAAI,aAAa,KAAKJ,EAAM,IAAI,oBAAoBa,EAAM,CAAC,CAAC,CAAC,CAKnE,EAEA,OAAQ,UAAW,CAEbT,EAAI,aACNA,EAAI,KAAK,EAIX,QADIS,EAAQ,CAAC,EACLC,EAAI,EAAGA,EAAIV,EAAI,aAAa,OAAQ,EAAEU,EAC5CD,EAAM,KAAKb,EAAM,IAAI,kBAAkBI,EAAI,aAAaU,CAAC,CAAC,CAAC,EAG7D,IAAIC,EAAO,CAAC,EAIRC,EAAaf,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CACjEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDA,EAAK,aAAaG,EAAI,OAAO,EAAE,SAAS,CAAC,EAE3CH,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GACrCG,EAAI,0BAA0B,EAEhCA,EAAI,WACN,CAAC,CACH,CAAC,EACD,OAAGS,EAAM,OAAS,GAEhBG,EAAW,MAAM,CAAC,EAAE,MAAM,KACxBf,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAMY,CAAK,CAAC,EAEzDE,EAAK,OAAS,GAEfC,EAAW,MAAM,CAAC,EAAE,MAAM,KACxBf,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAMc,CAAI,CAAC,EAG3DC,EAAW,MAAM,CAAC,EAAE,MAAM,KACxBf,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CG,EAAI,WAAW,CAAC,EAGbH,EAAK,OACVA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE9CA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASG,EAAI,IAAI,EAAE,SAAS,CAAC,EAEpCY,CACF,CAAC,CACL,EA0CA,UAAW,SAASC,EAAQ,CAC1B,IAAIC,EAASD,EAAO,OAChBE,EAAeF,EAAO,aAC1B,GAAGA,EAAO,YAAa,CACrB,IAAIG,EAAOH,EAAO,YACf,OAAOG,GAAS,WACjBA,EAAOpB,EAAM,IAAI,mBAAmBoB,CAAI,GAE1CF,EAASE,EAAK,OAAO,WACrBD,EAAeC,EAAK,YACtB,CACA,IAAIC,EAAMJ,EAAO,IACjB,GAAG,CAACI,EACF,MAAM,IAAI,MACR,wDAAwD,EAEzD,OAAOA,GAAQ,WAChBA,EAAMrB,EAAM,IAAI,kBAAkBqB,CAAG,GAIvC,IAAIC,EAAkBL,EAAO,iBAAmBjB,EAAM,IAAI,KAAK,KAC/D,OAAOsB,EAAiB,CACxB,KAAKtB,EAAM,IAAI,KAAK,KACpB,KAAKA,EAAM,IAAI,KAAK,OACpB,KAAKA,EAAM,IAAI,KAAK,OACpB,KAAKA,EAAM,IAAI,KAAK,OACpB,KAAKA,EAAM,IAAI,KAAK,IAClB,MACF,QACE,MAAM,IAAI,MACR,kEACAsB,CAAe,CACnB,CAIA,IAAIC,EAA0BN,EAAO,yBAA2B,CAAC,EACjE,GAAGM,EAAwB,OAAS,EAAG,CAGrC,QAFIZ,EAAc,GACda,EAAgB,GACZV,EAAI,EAAGA,EAAIS,EAAwB,OAAQ,EAAET,EAAG,CACtD,IAAIW,EAAOF,EAAwBT,CAAC,EACpC,GAAG,CAACH,GAAec,EAAK,OAASzB,EAAM,IAAI,KAAK,YAAa,CAE3D,GADAW,EAAc,GACXa,EACD,MAEF,QACF,CACA,GAAG,CAACA,GAAiBC,EAAK,OAASzB,EAAM,IAAI,KAAK,cAAe,CAE/D,GADAwB,EAAgB,GACbb,EACD,MAEF,QACF,CACF,CAEA,GAAG,CAACA,GAAe,CAACa,EAClB,MAAM,IAAI,MAAM,wLAGW,CAE/B,CAEApB,EAAI,QAAQ,KAAK,CACf,IAAKiB,EACL,QAAS,EACT,OAAQH,EACR,aAAcC,EACd,gBAAiBG,EACjB,mBAAoBtB,EAAM,IAAI,KAAK,cACnC,UAAW,KACX,wBAAyBuB,EACzB,0BAA2B,CAAC,CAC9B,CAAC,CACH,EAOA,KAAM,SAASG,EAAS,CAGtB,GAFAA,EAAUA,GAAW,CAAC,GAEnB,OAAOtB,EAAI,SAAY,UAAYA,EAAI,cAAgB,QAExDA,EAAI,YAAcH,EAAK,OACrBA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE9CA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASD,EAAM,IAAI,KAAK,IAAI,EAAE,SAAS,CAAC,CACjD,CAAC,EAGA,YAAaI,GAAK,CACnB,IAAIuB,EACDvB,EAAI,mBAAmBJ,EAAM,KAAK,WACnC2B,EAAUvB,EAAI,QAAQ,MAAM,EACpB,OAAOA,EAAI,SAAY,WAC/BuB,EAAU3B,EAAM,KAAK,WAAWI,EAAI,OAAO,GAGzCsB,EAAQ,SACVtB,EAAI,gBAAkBH,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAAO0B,CAAO,EAE7FvB,EAAI,YAAY,MAAM,KAEpBH,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAChDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GACvD0B,CAAO,CACX,CAAC,CAAC,CAER,CAIF,GAAGvB,EAAI,QAAQ,SAAW,EAK1B,KAAIwB,EAAMC,EAAsB,EAGhCC,EAAeF,CAAG,EACpB,EAEA,OAAQ,UAAW,CACjB,MAAM,IAAI,MAAM,oDAAoD,CACtE,EAOA,eAAgB,SAASR,EAAM,CAE1B,OAAOA,GAAS,WACjBA,EAAOpB,EAAM,IAAI,mBAAmBoB,CAAI,GAE1ChB,EAAI,aAAa,KAAKgB,CAAI,CAC5B,EAOA,6BAA8B,SAASW,EAAK,CAC1C,MAAM,IAAI,MAAM,yCAAyC,CAC3D,CACF,EACO3B,EAEP,SAASyB,GAAwB,CAG/B,QAFID,EAAM,CAAC,EAEHd,EAAI,EAAGA,EAAIV,EAAI,QAAQ,OAAQ,EAAEU,EAAG,CAC1C,IAAIG,EAASb,EAAI,QAAQU,CAAC,EACtBkB,EAAMf,EAAO,gBACZe,KAAOJ,IAEVA,EAAII,CAAG,EAAIhC,EAAM,GAAGA,EAAM,IAAI,KAAKgC,CAAG,CAAC,EAAE,OAAO,GAE/Cf,EAAO,wBAAwB,SAAW,EAE3CA,EAAO,GAAKW,EAAII,CAAG,EAKnBf,EAAO,GAAKjB,EAAM,GAAGA,EAAM,IAAI,KAAKgC,CAAG,CAAC,EAAE,OAAO,CAErD,CAGA5B,EAAI,2BAA6B,CAAC,EAClC,QAAQ4B,KAAOJ,EACbxB,EAAI,2BAA2B,KAE7BH,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAAS+B,CAAG,EAAE,SAAS,CAAC,EAE/B/B,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CAC7D,CAAC,CAAC,EAGN,OAAO2B,CACT,CAEA,SAASE,EAAeF,EAAK,CAC3B,IAAID,EAeJ,GAbIvB,EAAI,gBAENuB,EAAUvB,EAAI,iBAMduB,EAAUvB,EAAI,YAAY,MAAM,CAAC,EAEjCuB,EAAUA,EAAQ,MAAM,CAAC,GAGxB,CAACA,EACF,MAAM,IAAI,MACR,6DAA6D,EAIjE,IAAIhB,EAAcV,EAAK,SAASG,EAAI,YAAY,MAAM,CAAC,EAAE,KAAK,EAG1D6B,EAAQhC,EAAK,MAAM0B,CAAO,EAI9BM,EAAM,QAAQ,EAEdhC,EAAK,kBAAkBgC,CAAK,EAC5BA,EAAQA,EAAM,SAAS,EAGvB,QAAQD,KAAOJ,EACbA,EAAII,CAAG,EAAE,MAAM,EAAE,OAAOC,CAAK,EAK/B,QADIC,EAAc,IAAI,KACdpB,EAAI,EAAGA,EAAIV,EAAI,QAAQ,OAAQ,EAAEU,EAAG,CAC1C,IAAIG,EAASb,EAAI,QAAQU,CAAC,EAE1B,GAAGG,EAAO,wBAAwB,SAAW,GAG3C,GAAGN,IAAgBX,EAAM,IAAI,KAAK,KAChC,MAAM,IAAI,MACR,+GACuD,MAEtD,CAGLiB,EAAO,4BAA8BhB,EAAK,OACxCA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAAC,CAAC,EAO1C,QAHIkC,EAAYlC,EAAK,OACnBA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAAM,CAAC,CAAC,EAEvCmC,EAAK,EAAGA,EAAKnB,EAAO,wBAAwB,OAAQ,EAAEmB,EAAI,CAChE,IAAIX,EAAOR,EAAO,wBAAwBmB,CAAE,EACzCX,EAAK,OAASzB,EAAM,IAAI,KAAK,cAE9ByB,EAAK,MAAQG,EAAIX,EAAO,eAAe,EAAE,OAAO,EACxCQ,EAAK,OAASzB,EAAM,IAAI,KAAK,cAEjCyB,EAAK,QACPA,EAAK,MAAQS,IAOjBC,EAAU,MAAM,KAAKE,GAAiBZ,CAAI,CAAC,EAC3CR,EAAO,4BAA4B,MAAM,KAAKoB,GAAiBZ,CAAI,CAAC,CACtE,CAGAQ,EAAQhC,EAAK,MAAMkC,CAAS,EAAE,SAAS,EACvClB,EAAO,GAAG,MAAM,EAAE,OAAOgB,CAAK,CAChC,CAGAhB,EAAO,UAAYA,EAAO,IAAI,KAAKA,EAAO,GAAI,mBAAmB,CACnE,CAGAb,EAAI,YAAckC,GAAelC,EAAI,OAAO,CAC9C,CACF,EAOAF,GAAG,oBAAsB,UAAW,CAClC,IAAIE,EAAM,KACV,OAAAA,EAAM,CACJ,KAAMJ,EAAM,IAAI,KAAK,cACrB,QAAS,EACT,iBAAkB,CAChB,UAAWA,EAAM,IAAI,KAAK,YAAY,CACxC,EAOA,SAAU,SAASM,EAAK,CAEtBM,GAAUR,EAAKE,EAAKJ,GAAG,KAAK,sBAAsB,CACpD,EAOA,QAAS,SAASmB,EAAK,CAClBA,IAAQ,SACTjB,EAAI,iBAAiB,IAAMiB,GAE7BkB,GAAgBnC,CAAG,CACrB,CACF,EACOA,CACT,EAOAF,GAAG,oBAAsB,UAAW,CAClC,IAAIE,EAAM,KACV,OAAAA,EAAM,CACJ,KAAMJ,EAAM,IAAI,KAAK,cACrB,QAAS,EACT,WAAY,CAAC,EACb,iBAAkB,CAChB,UAAWA,EAAM,IAAI,KAAK,YAAY,CACxC,EAOA,SAAU,SAASM,EAAK,CAEtB,IAAIG,EAAUG,GAAUR,EAAKE,EAAKJ,GAAG,KAAK,sBAAsB,EAChEE,EAAI,WAAaoC,GAAoB/B,EAAQ,eAAe,KAAK,CACnE,EAEA,OAAQ,UAAW,CAEjB,OAAOR,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEjEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASG,EAAI,IAAI,EAAE,SAAS,CAAC,EAEpCH,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAChDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDA,EAAK,aAAaG,EAAI,OAAO,EAAE,SAAS,CAAC,EAE3CH,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CwC,GAAkBrC,EAAI,UAAU,CAAC,EAEnCH,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GACpDyC,GAAwBtC,EAAI,gBAAgB,CAAC,CACjD,CAAC,CACH,CAAC,CACH,CAAC,CACH,EASA,cAAe,SAASgB,EAAM,CAG5B,QAFIuB,EAAQvB,EAAK,OAAO,WAEhBN,EAAI,EAAGA,EAAIV,EAAI,WAAW,OAAQ,EAAEU,EAAG,CAC7C,IAAI8B,EAAIxC,EAAI,WAAWU,CAAC,EACpB+B,EAAQD,EAAE,OAEd,GAAGA,EAAE,eAAiBxB,EAAK,cAIxByB,EAAM,SAAWF,EAAM,OAK1B,SADIG,EAAQ,GACJC,EAAI,EAAGA,EAAIJ,EAAM,OAAQ,EAAEI,EACjC,GAAGF,EAAME,CAAC,EAAE,OAASJ,EAAMI,CAAC,EAAE,MAC5BF,EAAME,CAAC,EAAE,QAAUJ,EAAMI,CAAC,EAAE,MAAO,CACnCD,EAAQ,GACR,KACF,CAGF,GAAGA,EACD,OAAOF,EAEX,CAEA,OAAO,IACT,EAQA,QAAS,SAASI,EAAWC,EAAS,CACpC,GAAG7C,EAAI,iBAAiB,MAAQ,QAAa4C,IAAc,QACzDC,IAAY,OACZ,OAAOD,EAAU,iBAAiB,UAAW,CAC3C,KAAKhD,EAAM,IAAI,KAAK,cACpB,KAAKA,EAAM,IAAI,KAAK,OAClB,IAAIqB,EAAM4B,EAAQ,QAAQD,EAAU,iBAAiB,OAAO,EAC5D5C,EAAI,iBAAiB,IAAMJ,EAAM,KAAK,aAAaqB,CAAG,EACtD,MAEF,QACE,MAAM,IAAI,MAAM,sCACL2B,EAAU,iBAAiB,SAAS,CACnD,CAGFT,GAAgBnC,CAAG,CACrB,EAOA,aAAc,SAASgB,EAAM,CAC3BhB,EAAI,WAAW,KAAK,CAClB,QAAS,EACT,OAAQgB,EAAK,OAAO,WACpB,aAAcA,EAAK,aACnB,iBAAkB,CAIhB,UAAWpB,EAAM,IAAI,KAAK,cAC1B,IAAKoB,EAAK,SACZ,CACF,CAAC,CACH,EAeA,QAAS,SAASC,EAAK6B,EAAQ,CAE7B,GAAG9C,EAAI,iBAAiB,UAAY,OAAW,CAC7C8C,EAASA,GAAU9C,EAAI,iBAAiB,UACxCiB,EAAMA,GAAOjB,EAAI,iBAAiB,IAElC,IAAI+C,EAAQC,EAAOC,EACnB,OAAOH,EAAQ,CACb,KAAKlD,EAAM,IAAI,KAAK,YAAY,EAC9BmD,EAAS,GACTC,EAAQ,GACRC,EAASrD,EAAM,IAAI,uBACnB,MAEF,KAAKA,EAAM,IAAI,KAAK,YAAY,EAC9BmD,EAAS,GACTC,EAAQ,GACRC,EAASrD,EAAM,IAAI,uBACnB,MAEF,KAAKA,EAAM,IAAI,KAAK,YAAY,EAC9BmD,EAAS,GACTC,EAAQ,GACRC,EAASrD,EAAM,IAAI,uBACnB,MAEF,KAAKA,EAAM,IAAI,KAAK,cAAc,EAChCmD,EAAS,GACTC,EAAQ,EACRC,EAASrD,EAAM,IAAI,uBACnB,MAEF,QACE,MAAM,IAAI,MAAM,qCAAuCkD,CAAM,CACjE,CAEA,GAAG7B,IAAQ,OACTA,EAAMrB,EAAM,KAAK,aAAaA,EAAM,OAAO,SAASmD,CAAM,CAAC,UACnD9B,EAAI,OAAO,GAAK8B,EACxB,MAAM,IAAI,MAAM,uCACL9B,EAAI,OAAO,EAAI,oBAAsB8B,EAAS,GAAG,EAK9D/C,EAAI,iBAAiB,UAAY8C,EACjC9C,EAAI,iBAAiB,IAAMiB,EAC3BjB,EAAI,iBAAiB,UAAYJ,EAAM,KAAK,aAC1CA,EAAM,OAAO,SAASoD,CAAK,CAAC,EAE9B,IAAIE,EAAOD,EAAOhC,CAAG,EAMrB,GALAiC,EAAK,MAAMlD,EAAI,iBAAiB,UAAU,KAAK,CAAC,EAChDkD,EAAK,OAAOlD,EAAI,OAAO,EAIpB,CAACkD,EAAK,OAAO,EACd,MAAM,IAAI,MAAM,8BAA8B,EAGhDlD,EAAI,iBAAiB,QAAUkD,EAAK,MACtC,CAGA,QAAQxC,EAAI,EAAGA,EAAIV,EAAI,WAAW,OAAQ,EAAEU,EAAG,CAC7C,IAAIkC,EAAY5C,EAAI,WAAWU,CAAC,EAGhC,GAAGkC,EAAU,iBAAiB,UAAY,OAI1C,OAAOA,EAAU,iBAAiB,UAAW,CAC3C,KAAKhD,EAAM,IAAI,KAAK,cAClBgD,EAAU,iBAAiB,QACzBA,EAAU,iBAAiB,IAAI,QAC7B5C,EAAI,iBAAiB,IAAI,IAAI,EACjC,MAEF,QACE,MAAM,IAAI,MAAM,sCACd4C,EAAU,iBAAiB,SAAS,CAC1C,CACF,CACF,CACF,EACO5C,CACT,EASA,SAASmD,GAAmBjD,EAAK,CAE/B,IAAIG,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAACT,EAAK,SAASK,EAAKJ,GAAG,KAAK,uBAAwBO,EAASC,CAAM,EAAG,CACvE,IAAIL,EAAQ,IAAI,MAAM,gFAC0B,EAChD,MAAAA,EAAM,OAASK,EACTL,CACR,CAEA,MAAO,CACL,QAASI,EAAQ,QAAQ,WAAW,CAAC,EACrC,OAAQT,EAAM,IAAI,qBAAqBS,EAAQ,MAAM,EACrD,aAAcT,EAAM,KAAK,aAAaS,EAAQ,MAAM,EAAE,MAAM,EAC5D,iBAAkB,CAChB,UAAWR,EAAK,SAASQ,EAAQ,YAAY,EAC7C,UAAWA,EAAQ,aAAeA,EAAQ,aAAa,MAAQ,OAC/D,QAASA,EAAQ,MACnB,CACF,CACF,CASA,SAAS+C,GAAiBlD,EAAK,CAC7B,OAAOL,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEjEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDA,EAAK,aAAaK,EAAI,OAAO,EAAE,SAAS,CAAC,EAE3CL,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DD,EAAM,IAAI,wBAAwB,CAAC,WAAYM,EAAI,MAAM,CAAC,EAE1DL,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDD,EAAM,KAAK,WAAWM,EAAI,YAAY,CAAC,CAC3C,CAAC,EAEDL,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASK,EAAI,iBAAiB,SAAS,EAAE,SAAS,CAAC,EAE1DL,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CAC7D,CAAC,EAEDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GACvDK,EAAI,iBAAiB,OAAO,CAChC,CAAC,CACH,CASA,SAASkC,GAAoBiB,EAAO,CAElC,QADIC,EAAM,CAAC,EACH5C,EAAI,EAAGA,EAAI2C,EAAM,OAAQ,EAAE3C,EACjC4C,EAAI,KAAKH,GAAmBE,EAAM3C,CAAC,CAAC,CAAC,EAEvC,OAAO4C,CACT,CASA,SAASjB,GAAkBkB,EAAY,CAErC,QADID,EAAM,CAAC,EACH5C,EAAI,EAAGA,EAAI6C,EAAW,OAAQ,EAAE7C,EACtC4C,EAAI,KAAKF,GAAiBG,EAAW7C,CAAC,CAAC,CAAC,EAE1C,OAAO4C,CACT,CA6CA,SAASE,GAActD,EAAK,CAE1B,IAAIuD,EAAO5D,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAErEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDA,EAAK,aAAaK,EAAI,OAAO,EAAE,SAAS,CAAC,EAE3CL,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DD,EAAM,IAAI,wBAAwB,CAAC,WAAYM,EAAI,MAAM,CAAC,EAE1DL,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACnDD,EAAM,KAAK,WAAWM,EAAI,YAAY,CAAC,CAC3C,CAAC,EAEDL,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASK,EAAI,eAAe,EAAE,SAAS,CAAC,EAE/CL,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CAC7D,CAAC,CACH,CAAC,EAsBD,GAnBGK,EAAI,6BAELuD,EAAK,MAAM,KAAKvD,EAAI,2BAA2B,EAIjDuD,EAAK,MAAM,KAAK5D,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1EA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASK,EAAI,kBAAkB,EAAE,SAAS,CAAC,EAElDL,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,KAAM,GAAO,EAAE,CAC7D,CAAC,CAAC,EAGF4D,EAAK,MAAM,KAAK5D,EAAK,OACnBA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAAOK,EAAI,SAAS,CAAC,EAGjEA,EAAI,0BAA0B,OAAS,EAAG,CAG3C,QADI6B,EAAYlC,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAAC,CAAC,EAC5Da,EAAI,EAAGA,EAAIR,EAAI,0BAA0B,OAAQ,EAAEQ,EAAG,CAC5D,IAAIW,EAAOnB,EAAI,0BAA0BQ,CAAC,EAC1CqB,EAAU,OAAO,KAAKE,GAAiBZ,CAAI,CAAC,CAC9C,CACAoC,EAAK,MAAM,KAAK1B,CAAS,CAC3B,CAEA,OAAO0B,CACT,CAwBA,SAASvB,GAAewB,EAAS,CAE/B,QADIJ,EAAM,CAAC,EACH5C,EAAI,EAAGA,EAAIgD,EAAQ,OAAQ,EAAEhD,EACnC4C,EAAI,KAAKE,GAAcE,EAAQhD,CAAC,CAAC,CAAC,EAEpC,OAAO4C,CACT,CASA,SAASrB,GAAiBZ,EAAM,CAC9B,IAAIsC,EAGJ,GAAGtC,EAAK,OAASzB,EAAM,IAAI,KAAK,YAC9B+D,EAAQ9D,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GACvDA,EAAK,SAASwB,EAAK,KAAK,EAAE,SAAS,CAAC,UAC9BA,EAAK,OAASzB,EAAM,IAAI,KAAK,cACrC+D,EAAQ9D,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAC/DwB,EAAK,MAAM,MAAM,CAAC,UACZA,EAAK,OAASzB,EAAM,IAAI,KAAK,YAAa,CASlD,IAAIgE,EAAa,IAAI,KAAK,sBAAsB,EAC5CC,EAAa,IAAI,KAAK,sBAAsB,EAC5CC,EAAOzC,EAAK,MAChB,GAAG,OAAOyC,GAAS,SAAU,CAE3B,IAAIC,EAAY,KAAK,MAAMD,CAAI,EAC3B,MAAMC,CAAS,EAETD,EAAK,SAAW,GAExBA,EAAOjE,EAAK,cAAciE,CAAI,EAG9BA,EAAOjE,EAAK,sBAAsBiE,CAAI,EANtCA,EAAO,IAAI,KAAKC,CAAS,CAQ7B,CAEGD,GAAQF,GAAcE,EAAOD,EAC9BF,EAAQ9D,EAAK,OACXA,EAAK,MAAM,UAAWA,EAAK,KAAK,QAAS,GACzCA,EAAK,cAAciE,CAAI,CAAC,EAE1BH,EAAQ9D,EAAK,OACXA,EAAK,MAAM,UAAWA,EAAK,KAAK,gBAAiB,GACjDA,EAAK,sBAAsBiE,CAAI,CAAC,CAEtC,CAMA,OAAOjE,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAEjEA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASwB,EAAK,IAAI,EAAE,SAAS,CAAC,EACrCxB,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAAM,CAErD8D,CACF,CAAC,CACH,CAAC,CACH,CASA,SAASrB,GAAwB0B,EAAI,CACnC,MAAO,CAELnE,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASD,EAAM,IAAI,KAAK,IAAI,EAAE,SAAS,CAAC,EAE/CC,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,SAAU,GAAM,CAE1DA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,IAAK,GAC/CA,EAAK,SAASmE,EAAG,SAAS,EAAE,SAAS,CAAC,EAEvCA,EAAG,UAEFnE,EAAK,OACHA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GAC7CmE,EAAG,UAAU,SAAS,CAAC,EAHzB,MAIJ,CAAC,EAEDnE,EAAK,OAAOA,EAAK,MAAM,iBAAkB,EAAG,GAAM,CAChDA,EAAK,OAAOA,EAAK,MAAM,UAAWA,EAAK,KAAK,YAAa,GACvDmE,EAAG,QAAQ,SAAS,CAAC,CACzB,CAAC,CACH,CACF,CAmBA,SAASxD,GAAUR,EAAKE,EAAK+D,EAAW,CACtC,IAAI5D,EAAU,CAAC,EACXC,EAAS,CAAC,EACd,GAAG,CAACT,EAAK,SAASK,EAAK+D,EAAW5D,EAASC,CAAM,EAAG,CAClD,IAAIL,EAAQ,IAAI,MAAM,6EAC6B,EACnD,MAAAA,EAAM,OAASA,EACTA,CACR,CAGA,IAAIM,EAAcV,EAAK,SAASQ,EAAQ,WAAW,EACnD,GAAGE,IAAgBX,EAAM,IAAI,KAAK,KAChC,MAAM,IAAI,MAAM,sEAC4B,EAG9C,GAAGS,EAAQ,iBAAkB,CAC3B,IAAIkB,EAAU,GACd,GAAG3B,EAAM,KAAK,QAAQS,EAAQ,gBAAgB,EAC5C,QAAQK,EAAI,EAAGA,EAAIL,EAAQ,iBAAiB,OAAQ,EAAEK,EAAG,CACvD,GAAGL,EAAQ,iBAAiBK,CAAC,EAAE,OAASb,EAAK,KAAK,YAChD,MAAM,IAAI,MAAM,iGACqC,EAEvD0B,GAAWlB,EAAQ,iBAAiBK,CAAC,EAAE,KACzC,MAEAa,EAAUlB,EAAQ,iBAEpBL,EAAI,iBAAmB,CACrB,UAAWH,EAAK,SAASQ,EAAQ,YAAY,EAC7C,UAAWT,EAAM,KAAK,aAAaS,EAAQ,aAAa,KAAK,EAC7D,QAAST,EAAM,KAAK,aAAa2B,CAAO,CAC1C,CACF,CAEA,GAAGlB,EAAQ,QAAS,CAClB,IAAIkB,EAAU,GACd,GAAG3B,EAAM,KAAK,QAAQS,EAAQ,OAAO,EACnC,QAAQK,EAAI,EAAGA,EAAIL,EAAQ,QAAQ,OAAQ,EAAEK,EAAG,CAC9C,GAAGL,EAAQ,QAAQK,CAAC,EAAE,OAASb,EAAK,KAAK,YACvC,MAAM,IAAI,MAAM,uFACqC,EAEvD0B,GAAWlB,EAAQ,QAAQK,CAAC,EAAE,KAChC,MAEAa,EAAUlB,EAAQ,QAEpBL,EAAI,QAAUJ,EAAM,KAAK,aAAa2B,CAAO,CAC/C,CAEA,OAAAvB,EAAI,QAAUK,EAAQ,QAAQ,WAAW,CAAC,EAC1CL,EAAI,WAAaK,EAEVA,CACT,CAYA,SAAS8B,GAAgBnC,EAAK,CAC5B,GAAGA,EAAI,iBAAiB,MAAQ,OAC9B,MAAM,IAAI,MAAM,8BAA8B,EAGhD,GAAGA,EAAI,UAAY,OAAW,CAC5B,IAAIkD,EAEJ,OAAOlD,EAAI,iBAAiB,UAAW,CACrC,KAAKJ,EAAM,IAAI,KAAK,YAAY,EAChC,KAAKA,EAAM,IAAI,KAAK,YAAY,EAChC,KAAKA,EAAM,IAAI,KAAK,YAAY,EAC9BsD,EAAOtD,EAAM,IAAI,uBAAuBI,EAAI,iBAAiB,GAAG,EAChE,MAEF,KAAKJ,EAAM,IAAI,KAAK,OACpB,KAAKA,EAAM,IAAI,KAAK,cAAc,EAChCsD,EAAOtD,EAAM,IAAI,uBAAuBI,EAAI,iBAAiB,GAAG,EAChE,MAEF,QACE,MAAM,IAAI,MAAM,qCACdA,EAAI,iBAAiB,SAAS,CACpC,CAIA,GAHAkD,EAAK,MAAMlD,EAAI,iBAAiB,SAAS,EACzCkD,EAAK,OAAOlD,EAAI,iBAAiB,OAAO,EAErC,CAACkD,EAAK,OAAO,EACd,MAAM,IAAI,MAAM,8BAA8B,EAGhDlD,EAAI,QAAUkD,EAAK,MACrB,CACF,IC3uCA,IAAAgB,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAUA,IAAIC,GAAQ,IACZ,KACA,KACA,KACA,KACA,KAEA,IAAIC,GAAMF,GAAO,QAAUC,GAAM,IAAMA,GAAM,KAAO,CAAC,EAWrDC,GAAI,kBAAoB,SAASC,EAAYC,EAAYC,EAAS,CAChEA,EAAUA,GAAW,GACrBD,EAAaA,GAAc,GAC3B,IAAIE,EAAY,UACZC,EAAuBH,IAAe,GAAM,OAAS,aAErDI,EAAM,0BAA4BF,EAAY;AAAA,EAClDE,GAAO,eAAiBD,EAAsB;AAAA,EAC9CC,GAAO,YAAcH,EAAU;AAAA,EAG/B,IAAII,EAAYR,GAAM,KAAK,aAAa,EACxCS,GAAmBD,EAAWH,CAAS,EACvCK,GAAuBF,EAAWN,EAAW,CAAC,EAC9CQ,GAAuBF,EAAWN,EAAW,CAAC,EAG9C,IAAIS,EAAMX,GAAM,KAAK,SAASQ,EAAU,MAAM,EAAG,EAAE,EAC/CI,EAAS,KAAK,MAAMD,EAAI,OAAS,EAAE,EAAI,EAC3CJ,GAAO,iBAAmBK,EAAS;AAAA,EACnCL,GAAOI,EAGP,IAAIE,EAAab,GAAM,KAAK,aAAa,EACzCU,GAAuBG,EAAYX,EAAW,CAAC,EAC/CQ,GAAuBG,EAAYX,EAAW,CAAC,EAC/CQ,GAAuBG,EAAYX,EAAW,CAAC,EAC/CQ,GAAuBG,EAAYX,EAAW,IAAI,EAGlD,IAAIY,EACJ,GAAG,CAACX,EAEFW,EAAOd,GAAM,KAAK,SAASa,EAAW,MAAM,EAAG,EAAE,MAC5C,CAEL,IAAIE,EAASF,EAAW,OAAO,EAAI,GAAK,EACxCE,GAAUA,EAAS,GAGnB,IAAIC,EAAUC,GAAMJ,EAAW,MAAM,CAAC,EAEtCG,EAAQ,SAASA,EAAQ,OAAO,EAAID,EAASF,EAAW,OAAO,CAAC,EAChEA,EAAW,UAAUG,CAAO,EAE5B,IAAIE,EAASlB,GAAM,KAAK,aAAa,EACrCkB,EAAO,UAAUD,GAAM,WAAoBd,CAAU,CAAC,EACtDe,EAAO,UAAUD,GAAM,UAAoBd,CAAU,CAAC,EAItD,IAAIgB,EAASnB,GAAM,IAAI,uBAAuBkB,EAAO,SAAS,CAAC,EAAG,KAAK,EACvEC,EAAO,MAAMnB,GAAM,KAAK,aAAa,EAAE,aAAa,EAAG,EAAE,CAAC,EAC1DmB,EAAO,OAAON,EAAW,KAAK,CAAC,EAC/BM,EAAO,OAAO,EACd,IAAIC,EAAYD,EAAO,OAIvBC,EAAU,SAAS,EAAE,EAErBN,EAAOd,GAAM,KAAK,SAASoB,EAAU,MAAM,EAAG,EAAE,CAClD,CAGAR,EAAS,KAAK,MAAME,EAAK,OAAS,EAAE,EAAI,EACxCP,GAAO;AAAA,iBAAwBK,EAAS;AAAA,EACxCL,GAAOO,EAGP,IAAIO,EAASJ,GAAM,iCAAkCd,CAAU,EAE3DmB,EAAYtB,GAAM,KAAK,aAAa,EACxCS,GAAmBa,EAAWjB,CAAS,EACvCI,GAAmBa,EAAWhB,CAAmB,EACjDG,GAAmBa,EAAWlB,CAAO,EACrCkB,EAAU,SAASd,EAAU,OAAO,CAAC,EACrCc,EAAU,UAAUd,CAAS,EAC7Bc,EAAU,SAAST,EAAW,OAAO,CAAC,EACtCS,EAAU,UAAUT,CAAU,EAE9B,IAAIU,EAAOvB,GAAM,KAAK,OAAO,EAC7B,OAAAuB,EAAK,MAAM,OAAQF,CAAM,EACzBE,EAAK,OAAOD,EAAU,MAAM,CAAC,EAE7Bf,GAAO;AAAA,eAAsBgB,EAAK,OAAO,EAAE,MAAM,EAAI;AAAA,EAE9ChB,CACT,EAUAN,GAAI,mBAAqB,SAASuB,EAAKpB,EAAS,CAC9C,IAAIqB,EAAO,UACXrB,EAAUA,GAAW,GAErB,IAAIsB,EAAS1B,GAAM,KAAK,aAAa,EACrC,OAAAS,GAAmBiB,EAAQD,CAAI,EAC/Bf,GAAuBgB,EAAQF,EAAI,CAAC,EACpCd,GAAuBgB,EAAQF,EAAI,CAAC,EAE7BC,EAAO,IAAMzB,GAAM,KAAK,SAAS0B,EAAO,MAAM,CAAC,EAAI,IAAMtB,CAClE,EAUAH,GAAI,oBAAsB,SAASC,EAAYC,EAAY,CACzD,OAAIA,EAIGH,GAAM,IAAI,qBAAqBE,EAAYC,EAChD,CAAC,OAAQ,GAAM,UAAW,QAAQ,CAAC,EAJ5BH,GAAM,IAAI,gBAAgBE,CAAU,CAK/C,EAcAD,GAAI,wBAA0B,SAASuB,EAAKG,EAAS,CACnDA,EAAUA,GAAW,CAAC,EACtB,IAAIC,EAAKD,EAAQ,IAAM3B,GAAM,GAAG,IAAI,OAAO,EAEvCyB,EAAO,UACPC,EAAS1B,GAAM,KAAK,aAAa,EACrCS,GAAmBiB,EAAQD,CAAI,EAC/Bf,GAAuBgB,EAAQF,EAAI,CAAC,EACpCd,GAAuBgB,EAAQF,EAAI,CAAC,EAGpCI,EAAG,MAAM,EACTA,EAAG,OAAOF,EAAO,SAAS,CAAC,EAC3B,IAAIG,EAASD,EAAG,OAAO,EACvB,GAAGD,EAAQ,WAAa,MAAO,CAC7B,IAAIG,EAAMD,EAAO,MAAM,EACvB,OAAGF,EAAQ,UACFG,EAAI,MAAM,OAAO,EAAE,KAAKH,EAAQ,SAAS,EAE3CG,CACT,KAAO,IAAGH,EAAQ,WAAa,SAC7B,OAAOE,EAAO,SAAS,EAClB,GAAGF,EAAQ,SAChB,MAAM,IAAI,MAAM,qBAAuBA,EAAQ,SAAW,IAAI,EAEhE,OAAOE,CACT,EAQA,SAASnB,GAAuBgB,EAAQK,EAAK,CAC3C,IAAIC,EAASD,EAAI,SAAS,EAAE,EAEzBC,EAAO,CAAC,GAAK,MACdA,EAAS,KAAOA,GAElB,IAAIC,EAAQjC,GAAM,KAAK,WAAWgC,CAAM,EACxCN,EAAO,SAASO,EAAM,MAAM,EAC5BP,EAAO,SAASO,CAAK,CACvB,CAQA,SAASxB,GAAmBiB,EAAQK,EAAK,CACvCL,EAAO,SAASK,EAAI,MAAM,EAC1BL,EAAO,UAAUK,CAAG,CACtB,CAOA,SAASd,IAAQ,CAGf,QAFIiB,EAAMlC,GAAM,GAAG,KAAK,OAAO,EAC3BmC,EAAM,UAAU,OACXC,EAAI,EAAGA,EAAID,EAAK,EAAEC,EACzBF,EAAI,OAAO,UAAUE,CAAC,CAAC,EAEzB,OAAOF,EAAI,OAAO,CACpB,IC3OA,IAAAG,GAAAC,EAAA,CAAAC,GAAAC,KAAA,cAOAA,GAAO,QAAU,IACjB,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,KACA,OChCA,IAAAC,GAAAC,EAAAC,IAAA,kBAAIC,GAAQ,KAMZ,SAASC,GAAcC,EAAU,CAC/B,IAAIC,EAA4B,SAASD,EAAU,CAAC,EAAG,EAAE,EACzD,OAAIC,EAA4B,EACvBD,GAGTC,GAA6B,EACtBA,EAA0B,SAAS,EAAID,EAAU,UAAU,CAAC,EACrE,CAEA,SAASE,GAAaC,EAAK,CACzB,OAAQA,EAAK,CACX,IAAK,SACH,OAAOL,GAAM,GAAG,OAAO,OAAO,EAChC,QACE,OAAOA,GAAM,GAAG,KAAK,OAAO,CAChC,CACF,CAgBAD,GAAQ,SAAW,SAAkBO,EAAOC,EAASC,EAAM,CACrD,OAAOF,GAAU,YACnBE,EAAOF,EACPA,EAAQ,QACC,OAAOC,GAAY,aAC5BC,EAAOD,EACPA,EAAU,CAAC,GAGbA,EAAUA,GAAW,CAAC,EAEtB,IAAIE,EAAc,SAAUC,EAAS,CACnC,IAAIC,EAAOX,GAAM,IAAI,kBAAkB,EAEvCW,EAAK,aAAeV,GAAcD,GAAM,KAAK,WAAWA,GAAM,OAAO,aAAa,CAAC,CAAC,CAAC,EAErFW,EAAK,SAAS,UAAYJ,EAAQ,eAAiB,IAAI,KAEvD,IAAIK,EAAW,IAAI,KACnBD,EAAK,SAAS,SAAWC,EACzBD,EAAK,SAAS,SAAS,QAAQC,EAAS,QAAQ,GAAKL,EAAQ,MAAQ,IAAI,EAEzED,EAAQA,GAAS,CAAC,CAChB,KAAM,aACN,MAAO,aACT,EAAG,CACD,KAAM,cACN,MAAO,IACT,EAAG,CACD,UAAW,KACX,MAAO,UACT,EAAG,CACD,KAAM,eACN,MAAO,YACT,EAAG,CACD,KAAM,mBACN,MAAO,MACT,EAAG,CACD,UAAW,KACX,MAAO,MACT,CAAC,EAEDK,EAAK,WAAWL,CAAK,EACrBK,EAAK,UAAUL,CAAK,EAEpBK,EAAK,UAAYD,EAAQ,UAEzBC,EAAK,cAAcJ,EAAQ,YAAc,CAAC,CACxC,KAAM,mBACN,GAAI,EACN,EAAG,CACD,KAAM,WACN,YAAa,GACb,iBAAkB,GAClB,eAAgB,GAChB,gBAAiB,GACjB,iBAAkB,EACpB,EAAG,CACD,KAAM,iBACN,SAAU,CAAC,CACT,KAAM,EACN,MAAO,6BACT,CAAC,CACH,CAAC,CAAC,EAEFI,EAAK,KAAKD,EAAQ,WAAYN,GAAaG,GAAWA,EAAQ,SAAS,CAAC,EAExE,IAAMM,EAAcb,GAAM,GAAG,KACN,OAAO,EACP,OAAOA,GAAM,KAAK,MAAMA,GAAM,IAAI,kBAAkBW,CAAI,CAAC,EAAE,SAAS,CAAC,EACrE,OAAO,EACP,MAAM,EACN,MAAM,OAAO,EACb,KAAK,GAAG,EAE/B,IAAIG,EAAM,CACR,QAAad,GAAM,IAAI,gBAAgBU,EAAQ,UAAU,EACzD,OAAaV,GAAM,IAAI,eAAeU,EAAQ,SAAS,EACvD,KAAaV,GAAM,IAAI,iBAAiBW,CAAI,EAC5C,YAAaE,CACf,EAEA,GAAIN,GAAWA,EAAQ,MAAO,CAC5B,IAAIQ,EAAKf,GAAM,MAAM,iBAAiB,EACtCe,EAAG,eAAeJ,CAAI,EACtBG,EAAI,MAAQd,GAAM,MAAM,aAAae,CAAE,CACzC,CAEA,GAAIR,GAAWA,EAAQ,kBAAmB,CACxC,IAAIS,EAAahB,GAAM,IAAI,IAAI,gBAAgBO,EAAQ,0BAA4B,IAAI,EACnFU,EAAajB,GAAM,IAAI,kBAAkB,EAC7CiB,EAAW,aAAehB,GAAcD,GAAM,KAAK,WAAWA,GAAM,OAAO,aAAa,CAAC,CAAC,CAAC,EAC3FiB,EAAW,SAAS,UAAY,IAAI,KACpCA,EAAW,SAAS,SAAW,IAAI,KACnCA,EAAW,SAAS,SAAS,YAAYA,EAAW,SAAS,UAAU,YAAY,EAAI,CAAC,EAIxF,QAFIC,EAAc,KAAK,MAAM,KAAK,UAAUZ,CAAK,CAAC,EAE1Ca,EAAI,EAAGA,EAAID,EAAY,OAAQC,IAClCD,EAAYC,CAAC,EAAE,OAAS,eACrBZ,EAAQ,oBACVW,EAAYC,CAAC,EAAI,CAAE,KAAM,aAAc,MAAOZ,EAAQ,mBAAoB,EAE1EW,EAAYC,CAAC,EAAI,CAAE,KAAM,aAAc,MAAO,kBAAmB,GAkBvE,GAdAF,EAAW,WAAWC,CAAW,EAGjCD,EAAW,UAAUX,CAAK,EAE1BW,EAAW,UAAYD,EAAW,UAGlCC,EAAW,KAAKP,EAAQ,UAAU,EAElCI,EAAI,cAAgBd,GAAM,IAAI,gBAAgBgB,EAAW,UAAU,EACnEF,EAAI,aAAed,GAAM,IAAI,eAAegB,EAAW,SAAS,EAChEF,EAAI,WAAad,GAAM,IAAI,iBAAiBiB,CAAU,EAElDV,EAAQ,MAAO,CACjB,IAAIa,EAAWpB,GAAM,MAAM,iBAAiB,EAC5CoB,EAAS,eAAeH,CAAU,EAClCH,EAAI,YAAcd,GAAM,MAAM,aAAaoB,CAAQ,CACrD,CACF,CAEA,IAAIC,EAAUrB,GAAM,IAAI,cAAc,EACtCqB,EAAQ,eAAeV,CAAI,EAE3B,GAAI,CACFX,GAAM,IAAI,uBAAuBqB,EAAS,CAACV,CAAI,EAC7C,SAAUW,EAAKC,EAAOC,EAAO,CAC3B,GAAIF,IAAQ,GACV,MAAM,IAAI,MAAM,oCAAoC,EAEtD,MAAO,EACT,CAAC,CACL,OACMG,EAAI,CACR,MAAM,IAAI,MAAMA,CAAE,CACpB,CAEA,OAAOX,CACT,EAEIY,EAAUnB,EAAQ,SAAW,KAEjC,GAAIC,EACF,OAAOR,GAAM,IAAI,IAAI,gBAAgB,CAAE,KAAM0B,CAAQ,EAAG,SAAUC,EAAKjB,EAAS,CAC9E,GAAIiB,EAAO,OAAOnB,EAAKmB,CAAG,EAE1B,GAAI,CACF,OAAOnB,EAAK,KAAMC,EAAYC,CAAO,CAAC,CACxC,OAASe,EAAI,CACX,OAAOjB,EAAKiB,CAAE,CAChB,CACF,CAAC,EAGH,IAAIf,EAAUH,EAAQ,QAAU,CAC9B,WAAYP,GAAM,IAAI,kBAAkBO,EAAQ,QAAQ,UAAU,EAClE,UAAWP,GAAM,IAAI,iBAAiBO,EAAQ,QAAQ,SAAS,CACjE,EAAIP,GAAM,IAAI,IAAI,gBAAgB0B,CAAO,EAEzC,OAAOjB,EAAYC,CAAO,CAC5B,ICibO,SAASkB,GAAiBC,EAAyC,CACxE,OACE,OAAOA,GAAU,UACjBA,IAAU,MACV,SAAUA,GACV,YAAaA,GACb,UAAWA,GACX,OAAQA,EAAc,MAAS,UAC/B,OAAQA,EAAc,SAAY,QAEtC,CAzoBA,IA2MYC,GAsDAC,GAkCUC,GAnStBC,GAAAC,GAAA,kBA2MYJ,QAGVA,EAAA,iBAAmB,mBAGnBA,EAAA,UAAY,YAGZA,EAAA,aAAe,eAGfA,EAAA,UAAY,YAGZA,EAAA,SAAW,WAGXA,EAAA,aAAe,eAGfA,EAAA,sBAAwB,wBAGxBA,EAAA,kBAAoB,oBAGpBA,EAAA,uBAAyB,yBAGzBA,EAAA,eAAiB,iBAGjBA,EAAA,qBAAuB,uBAIvBA,EAAA,cAAgB,gBAGhBA,EAAA,cAAgB,gBAGhBA,EAAA,YAAc,cAGdA,EAAA,WAAa,aA9CHA,QAAA,IAsDAC,QAEVA,EAAA,IAAM,MAGNA,EAAA,OAAS,SAGTA,EAAA,KAAO,OAGPA,EAAA,SAAW,WAXDA,QAAA,IAkCUC,GAAf,cAAuD,KAAM,CAKzD,KAMA,MAMA,OAMA,cAMA,UAMA,QAWC,YACRG,EACAC,EACAC,EACAC,EACAC,EACA,CACA,MAAMH,CAAK,EAGX,KAAK,KAAO,KAAK,YAAY,KAG7B,KAAK,KAAOD,EACZ,KAAK,MAAQC,EACb,KAAK,OAASC,EACd,KAAK,cAAgBC,EACrB,KAAK,UAAY,IAAI,KACrB,KAAK,QAAUC,EAGf,OAAO,eAAe,KAAM,WAAW,SAAS,EAG5C,MAAM,mBACR,MAAM,kBAAkB,KAAM,KAAK,WAAW,CAElD,CAOA,QAAS,CACP,IAAMC,EAAO,CACX,KAAM,KAAK,KACX,MAAO,KAAK,MACZ,OAAQ,KAAK,OACb,cAAe,KAAK,cACpB,UAAW,KAAK,UAAU,YAAY,CACxC,EAGA,OAAI,KAAK,UAAY,OACZ,CAAE,GAAGA,EAAM,QAAS,KAAK,OAAQ,EAGnCA,CACT,CAMA,UAAmB,CACjB,MAAO,GAAG,KAAK,IAAI,KAAK,KAAK,KAAK,KAAK,KAAK,aAAa,GAC3D,CACF,ICnXO,SAASC,IAAgC,CAC9C,IAAMC,EAAY,KAAK,IAAI,EAAE,SAAS,EAAE,EAClCC,EAAS,KAAK,OAAO,EAAE,SAAS,EAAE,EAAE,OAAO,EAAG,CAAC,EACrD,MAAO,OAAOD,CAAS,IAAIC,CAAM,EACnC,CAOO,SAASC,IAAkC,CAChD,IAAMC,EAASC,GAAmB,SAAS,EAC3C,OAAOD,GAAUA,EAAO,KAAK,EAAIA,EAAS,SAC5C,CAtCA,IAQAE,GAMMD,GAdNE,GAAAC,GAAA,kBAQAF,GAAkC,uBAM5BD,GAAqB,IAAI,uBCd/B,IAAAI,GAAA,GAAAC,GAAAD,GAAA,yBAAAE,KAAA,IAgDaA,GAhDbC,GAAAC,GAAA,kBAQAC,KAEAC,KAsCaJ,GAAN,cAAkCK,EAAwC,CAQ/E,YACEC,EACAC,EAAkD,OAClDC,EAAoC,OACpC,CACA,8BAEEF,EACA,IACAE,GAAiBC,GAAwB,EACzCF,CACF,CACF,CACF,ICrEA,IAAAG,GAAA,GAAAC,GAAAD,GAAA,qBAAAE,KAAA,IAwCaA,GAxCbC,GAAAC,GAAA,kBAOAC,KAEAC,KA+BaJ,GAAN,cAA8BK,EAAoC,CAQvE,YACEC,EACAC,EAA8C,OAC9CC,EAAoC,OACpC,CACA,yBAEEF,EACA,IACAE,GAAiBC,GAAwB,EACzCF,CACF,CACF,CACF,IC7DA,IAAAG,GAAA,GAAAC,GAAAD,GAAA,0BAAAE,KAAA,IAKaA,GALbC,GAAAC,GAAA,kBAAAC,KACAC,KAIaJ,GAAN,cAAmCK,EAAyC,CACjF,YACEC,EACAC,EACAC,EACA,CACA,0BAEEF,EACA,IACAE,GAAiBC,GAAwB,EACzCF,CACF,CACF,CACF,ICnBA,IAAAG,GAAA,GAAAC,GAAAD,GAAA,+BAAAE,KAAA,IAGaA,GAHbC,GAAAC,GAAA,kBAAAC,KACAC,KAEaJ,GAAN,cAAwCK,EAAY,CACzD,YAAYC,EAAeC,EAAmBC,EAAwB,CACpE,+BAEEF,EACA,IACAE,GAAiBC,GAAwB,EACzCF,CACF,CACF,CACF,ICbA,IAAAG,GAAA,GAAAC,GAAAD,GAAA,YAAAE,GAAA,gBAAAC,GAAA,kBAAAC,GAAA,kBAAAC,GAAA,cAAAC,GAAA,mBAAAC,GAAA,wBAAAC,GAAA,kBAAAC,GAAA,kBAAAC,GAAA,yBAAAC,GAAA,eAAAC,GAAA,mBAAAC,GAAA,wBAAAC,GAAA,cAAAC,GAAA,cAAAC,GAAA,sBAAAC,GAAA,6BAAAC,GAAA,8BAAAC,GAAA,YAAAC,GAAA,oBAAAC,GAAA,YAAAC,GAAA,sBAAAC,GAAA,mBAAAC,GAAA,oBAAAC,GAAA,qBAAAC,GAAA,uBAAAC,GAAA,qBAAAC,GAAA,iBAAAF,GAAA,oBAAAG,GAAA,mBAAAC,GAAA,iBAAAJ,GAAA,qBAAAK,KAAA,eAAAC,GAAAhC,ICMO,SAASiC,GACdC,EACAC,EACAC,EACe,CAOf,GALI,CAACF,GAKDA,EAAW,MAAQA,EAAW,KAAKC,CAAG,EACxC,OAAO,QAAQ,QAAQC,EAAK,CAAC,EAG/B,GAAI,CAEF,IAAMC,EAASH,EAAW,QAAQC,EAAKC,CAAI,EAG3C,OAAIC,aAAkB,QAEbA,EAGA,QAAQ,QAAQA,CAAM,CAEjC,OAASC,EAAO,CAEd,OAAO,QAAQ,OAAOA,CAAK,CAC7B,CACF,CC7BO,SAASC,GAAQC,EAAmD,CAEzE,OAAIA,EAAgB,SAAW,EACtB,MAAOC,EAAGC,IAAS,CACxB,MAAM,QAAQ,QAAQA,EAAK,CAAC,CAC9B,EAIK,eAAgBC,EAAcC,EAA2C,CAE9E,IAAMC,EAAS,IAAI,IAGbC,EAAW,MAAO,GAA6B,CAEnD,GAAI,GAAKN,EAAgB,OAEvB,OAAO,QAAQ,QAAQI,EAAa,CAAC,EAIvC,IAAMG,EAAaP,EAAgB,CAAC,EAgBpC,OAAOQ,GAAQD,EAAYJ,EAbN,IAAM,CACzB,GAAIE,EAAO,IAAI,CAAC,EACd,MAAM,IAAI,MAAM,8BAA8B,EAIhD,OAAAA,EAAO,IAAI,CAAC,EAGLC,EAAS,EAAI,CAAC,CACvB,CAG4C,CAC9C,EAGA,OAAOA,EAAS,CAAC,CACnB,CACF,CC/CO,SAASG,GAAOC,EAAsE,CAE3F,GAAI,OAAOA,GAAqB,WAC9B,MAAO,CACL,KAAM,YACN,QAASA,EACT,MAAO,EACT,EAIF,GAAM,CAAE,KAAAC,EAAO,YAAa,QAAAC,EAAS,KAAAC,EAAM,MAAAC,EAAQ,EAAM,EAAIJ,EAGvDK,EAAyB,CAC7B,KAAAJ,EACA,QAASC,EACT,MAAAE,CACF,EAEA,OAAID,IAAS,OACJ,CACL,GAAGE,EACH,KAAAF,CACF,EAGKE,CACT,CC3BO,SAASC,GACdC,EACAC,EACAC,EAIAC,EAA6B,CAAC,EACZ,CAElB,GAAI,CAACH,GAAQ,OAAOA,GAAS,SAC3B,MAAM,IAAI,MAAM,wCAAwC,EAG1D,GAAI,CAACC,GAAW,OAAOA,GAAY,SACjC,MAAM,IAAI,MAAM,2CAA2C,EAG7D,GAAI,OAAOC,GAAU,WACnB,MAAM,IAAI,MAAM,iCAAiC,EAInD,OAAO,SAAuBE,EAA0B,CAEtD,IAAMC,EAAgB,CAAE,GAAGF,EAAgB,GAAGC,CAAY,EAGpDE,EAAiB,CACrB,KAAAN,EACA,QAAAC,EAGA,SAAU,MAAOM,GAAgB,CAC/B,IAAMC,EAAS,MAAMN,EAAMK,EAAKF,CAAa,EAGzCG,GAAU,OAAOA,GAAW,UAE9B,OAAO,OAAOF,EAAQE,CAAM,CAEhC,CACF,EAEA,OAAOF,CACT,CACF,CCpDA,IAAAG,GAA8B,eCQ9B,IAAIC,GAAwB,CAAC,EAKtB,SAASC,GAAiBC,EAAyC,CACxEF,GAAS,CAAE,GAAGA,GAAQ,GAAGE,CAAU,CACrC,CAYO,SAASC,IAAuB,CACrC,GAAI,CAACC,GAAO,UACV,MAAM,IAAI,MAAM,4EAA4E,EAE9F,OAAOA,GAAO,SAChB,CChCA,IAAAC,GAAsB,sBAQf,SAASC,GAAeC,EAAkBC,EAA+B,CAE1ED,EAAS,WAAW,SAAS,IAC/BA,EAAWA,EAAS,QAAQ,UAAW,EAAE,GAEvCC,EAAS,WAAW,SAAS,IAC/BA,EAAWA,EAAS,QAAQ,UAAW,EAAE,GAI3C,IAAMC,EAAuBF,EAAS,QAAQ,MAAO,GAAG,EAClDG,EAAuBF,EAAS,QAAQ,MAAO,GAAG,EAGlDG,EAAqBD,EAAqB,SAAS,GAAG,EACxDA,EACA,GAAGA,CAAoB,IAGvBE,EAAeH,EACfA,EAAqB,WAAWE,CAAkB,EACpDC,EAAeH,EAAqB,UAAUE,EAAmB,MAAM,EAC9DF,EAAqB,WAAWC,CAAoB,GAC7DE,EAAeH,EAAqB,UAAUC,EAAqB,MAAM,EAErEE,EAAa,WAAW,GAAG,IAC7BA,EAAeA,EAAa,UAAU,CAAC,IAKzCA,EAAoB,YAASF,EAAsBD,CAAoB,EAAE,QAAQ,MAAO,GAAG,EAI7FG,EAAeA,EAAa,QAAQ,WAAY,EAAE,EAGlD,IAAMC,EAAWD,EAAa,MAAM,GAAG,EAAE,OAAO,OAAO,EACjDE,EAAmB,CAAC,EAGpBC,EAAgBF,EAAS,IAAIG,GAAW,CAE5C,GAAIA,EAAQ,WAAW,GAAG,GAAKA,EAAQ,SAAS,GAAG,EAAG,CACpD,IAAMC,EAAYD,EAAQ,MAAM,EAAG,EAAE,EACrC,OAAAF,EAAO,KAAKG,CAAS,EACd,IAAIA,CAAS,EACtB,CACA,OAAOD,CACT,CAAC,EAGGE,EAAYH,EAAc,OAAS,EAAI,IAAIA,EAAc,KAAK,GAAG,CAAC,GAAK,IAG3E,OAAIG,EAAU,SAAS,QAAQ,IAC7BA,EAAYA,EAAU,MAAM,EAAG,EAAE,GAAK,KAGjC,CACL,SAAAX,EACA,UAAAW,EACA,OAAAJ,CACF,CACF,CFvDA,SAASK,IAA4B,CACnC,IAAMC,EAA4B,MAAM,kBAExC,GAAI,CACF,MAAM,kBAAoB,CAACC,EAAGC,IAAUA,EAIxC,IAAMC,EAHQ,IAAI,MAAM,EAAE,MAGA,CAAC,EAC3B,GAAI,CAACA,GAAe,OAAOA,EAAY,aAAgB,WACrD,MAAM,IAAI,MAAM,uCAAuC,EAEzD,IAAMC,EAAWD,EAAY,YAAY,EAEzC,GAAI,CAACC,EACH,MAAM,IAAI,MAAM,sCAAsC,EAGxD,OAAIA,EAAS,WAAW,SAAS,KACxB,kBAAcA,CAAQ,EAGxBA,CACT,QAAE,CACA,MAAM,kBAAoBJ,CAC5B,CACF,CAKA,SAASK,IAAuB,CAC9B,IAAMC,EAAaP,GAAkB,EAC/BQ,EAAYC,GAAa,EAEzBC,EAAcC,GAAeJ,EAAYC,CAAS,EACxD,eAAQ,IAAI,gCAAyBE,EAAY,SAAS,eAAeH,CAAU,EAAE,EAE9EG,EAAY,SACrB,CAMO,IAAME,GAAiCC,GAAU,CACtDC,GAAqB,MAAOD,CAAM,EAElC,IAAME,EAAOT,GAAa,EAE1B,MAAO,CACL,IAAKO,EACL,KAAAE,CACF,CACF,EAKaC,GAAmCH,GAAU,CACxDC,GAAqB,OAAQD,CAAM,EAEnC,IAAME,EAAOT,GAAa,EAE1B,MAAO,CACL,KAAMO,EACN,KAAAE,CACF,CACF,EAKaE,GAAiCJ,GAAU,CACtDC,GAAqB,MAAOD,CAAM,EAElC,IAAME,EAAOT,GAAa,EAE1B,MAAO,CACL,IAAKO,EACL,KAAAE,CACF,CACF,EAKaG,GAAuCL,GAAU,CAC5DC,GAAqB,SAAUD,CAAM,EAErC,IAAME,EAAOT,GAAa,EAE1B,MAAO,CACL,OAAQO,EACR,KAAAE,CACF,CACF,EAKaI,GAAqCN,GAAU,CAC1DC,GAAqB,QAASD,CAAM,EAEpC,IAAME,EAAOT,GAAa,EAE1B,MAAO,CACL,MAAOO,EACP,KAAAE,CACF,CACF,EAKaK,GAAmCP,GAAU,CACxDC,GAAqB,OAAQD,CAAM,EAEnC,IAAME,EAAOT,GAAa,EAE1B,MAAO,CACL,KAAMO,EACN,KAAAE,CACF,CACF,EAKaM,GAAyCR,GAAU,CAC9DC,GAAqB,UAAWD,CAAM,EAEtC,IAAME,EAAOT,GAAa,EAE1B,MAAO,CACL,QAASO,EACT,KAAAE,CACF,CACF,EAKA,SAASD,GAAqBQ,EAAgBT,EAAmB,CAC/D,GAAI,CAACA,EAAO,SAAW,OAAOA,EAAO,SAAY,WAC/C,MAAM,IAAI,MAAM,sBAAsBS,CAAM,qBAAqB,EAGnE,GAAIT,EAAO,YAAc,CAAC,MAAM,QAAQA,EAAO,UAAU,EACvD,MAAM,IAAI,MAAM,yBAAyBS,CAAM,mBAAmB,EASpE,OALIT,EAAO,QACTU,GAAeD,EAAQT,EAAO,MAAM,EAI9BS,EAAQ,CACd,IAAK,MACL,IAAK,OACL,IAAK,SACCT,EAAO,QAAQ,MACjB,QAAQ,KAAK,YAAYS,CAAM,+CAA+C,EAEhF,KACJ,CACF,CAKA,SAASC,GAAeD,EAAgBE,EAAmB,CACzD,GAAM,CAAE,OAAAC,EAAQ,MAAAC,EAAO,KAAAC,EAAM,SAAAC,CAAS,EAAIJ,EAG1C,GAAIC,IAAW,CAACA,EAAO,MAAQ,OAAOA,EAAO,OAAU,YACrD,MAAM,IAAI,MAAM,qBAAqBH,CAAM,6BAA6B,EAG1E,GAAII,IAAU,CAACA,EAAM,MAAQ,OAAOA,EAAM,OAAU,YAClD,MAAM,IAAI,MAAM,oBAAoBJ,CAAM,6BAA6B,EAGzE,GAAIK,IAAS,CAACA,EAAK,MAAQ,OAAOA,EAAK,OAAU,YAC/C,MAAM,IAAI,MAAM,mBAAmBL,CAAM,6BAA6B,EAGxE,GAAIM,IAAa,CAACA,EAAS,MAAQ,OAAOA,EAAS,OAAU,YAC3D,MAAM,IAAI,MAAM,uBAAuBN,CAAM,6BAA6B,CAE9E,CGjNA,IAAAO,GAAkC,uBAClCC,GAAyB,wBCDzB,IAAAC,GAAoB,oBACpBC,GAAsB,sBACtBC,GAAuB,uBCFvB,IAAAC,GAAoB,oBACpBC,GAAsB,sBAEtBC,GAA4B,WAO5B,eAAsBC,IAAoD,CACxE,IAAMC,EAAe,QAAK,QAAQ,IAAI,EAAG,YAAa,OAAO,EACvDC,EAAe,QAAKD,EAAS,SAAS,EACtCE,EAAgB,QAAKF,EAAS,UAAU,EAG9C,GAAO,cAAWC,CAAO,GAAQ,cAAWC,CAAQ,EAClD,MAAO,CACL,QAASD,EACT,SAAUC,CACZ,EAIM,cAAWF,CAAO,GACrB,aAAUA,EAAS,CAAE,UAAW,EAAK,CAAC,EAmC3C,IAAMG,EAAkB,YA/BV,CAAC,CAAE,KAAM,aAAc,MAAO,WAAY,CAAC,EACzC,CACd,KAAM,IACN,UAAW,SACX,QAAS,KACT,WAAY,CACV,CAAE,KAAM,mBAAoB,GAAI,EAAK,EACrC,CACE,KAAM,WACN,YAAa,GACb,iBAAkB,GAClB,eAAgB,GAChB,gBAAiB,GACjB,iBAAkB,EACpB,EACA,CACE,KAAM,cACN,WAAY,GACZ,WAAY,EACd,EACA,CACE,KAAM,iBACN,SAAU,CACR,CAAE,KAAM,EAAG,MAAO,WAAY,EAC9B,CAAE,KAAM,EAAG,GAAI,WAAY,CAC7B,CACF,CACF,CACF,CAG+C,EAG/C,OAAG,iBAAcF,EAAS,OAAO,KAAKE,EAAK,QAAS,OAAO,CAAC,EACzD,iBAAcD,EAAU,OAAO,KAAKC,EAAK,KAAM,OAAO,CAAC,EAE1D,QAAQ,IAAI;AAAA,kEAA8DH,CAAO;AAAA,CAAI,EAE9E,CACL,QAASC,EACT,SAAUC,CACZ,CACF,CCxEO,IAAME,GAAN,cAAgC,KAAM,CAC3C,YAAYC,EAAkB,wCAAoC,CAChE,MAAMA,CAAO,EACb,KAAK,KAAO,mBACd,CACF,EAEaC,GAAN,cAAsCF,EAAkB,CAC7D,YAAYC,EAAkB,iDAAkD,CAC9E,MAAMA,CAAO,CACf,CACF,EAEaE,GAAN,cAAuCH,EAAkB,CAC9D,YAAYC,EAAkB,uDAAwD,CACpF,MAAMA,CAAO,CACf,CACF,EAEaG,GAAN,cAA4BJ,EAAkB,CACnD,YAAYC,EAAkB,eAAgB,CAC5C,MAAMA,CAAO,CACf,CACF,ECvBA,IAAAI,GAAkC,uBAOrBC,GAAiB,IAAI,qBAc3B,SAASC,GACdC,EACAC,EACgB,CAChB,OAAOC,GAAe,IAAIF,EAASC,CAAQ,CAC7C,CC1BA,IAAAE,GAA2B,kBAC3BC,GAAoD,cACpDC,GAAuB,cACvBC,GAAqB,gBACrBC,GAAyB,kBCHzB,IAAMC,GAAiB,oBACjBC,GACJ,uFACIC,GAAqB,8BACrBC,GAAkB,wBAKjB,SAASC,GAAgBC,EAAoC,CAClE,IAAMC,EAAQD,EAAY,MAAML,EAAc,EAC9C,GAAI,CAACM,GAAS,CAACA,EAAM,CAAC,EAAG,OAAO,KAEhC,IAAIC,EAAWD,EAAM,CAAC,EAAE,KAAK,EAC7B,OAAIC,EAAS,WAAW,GAAG,GAAKA,EAAS,SAAS,GAAG,IACnDA,EAAWA,EAAS,MAAM,EAAG,EAAE,GAG1BA,GAAY,IACrB,CAKO,SAASC,GACdC,EAC4C,CAC5C,IAAMH,EAAQG,EAAQ,MAAMR,EAAyB,EACrD,MAAI,CAACK,GAAS,CAACA,EAAM,CAAC,EAAU,KAEzB,CACL,KAAMA,EAAM,CAAC,EACb,SAAUA,EAAM,CAAC,IAAM,OAAYA,EAAM,CAAC,EAAI,MAChD,CACF,CAKO,SAASI,GAAiBD,EAAyB,CACxD,IAAMH,EAAQG,EAAQ,MAAMP,EAAkB,EAC9C,OAAOI,GAASA,EAAM,CAAC,GAAG,KAAK,EAAIA,EAAM,CAAC,EAAE,KAAK,EAAI,0BACvD,CAKO,SAASK,GAAmBN,EAA8B,CAC/D,OAAOF,GAAgB,KAAKE,CAAW,CACzC,CDtCA,IAAMO,GAA0C,CAC9C,YAAa,GAAK,KAAO,KACzB,SAAU,GACV,aAAc,EAAI,KAAO,KACzB,iBAAkB,CAAC,EACnB,kBAAmB,CAAC,EACpB,SAAU,SACV,WAAS,WAAO,EAChB,YAAa,EACf,EAKA,SAASC,GAAkBC,EAAkBC,EAAiC,CAAC,EAAgB,CAC7F,MAAO,CACL,SAAU,OAAO,KAAK,KAAKD,CAAQ,EAAE,EACrC,QAAS,CAAE,GAAGF,GAAiB,GAAGG,CAAQ,EAC1C,OAAQ,IAAI,IACZ,MAAO,IAAI,IACX,OAAQ,OAAO,MAAM,CAAC,EACtB,MAAO,WACP,eAAgB,GAChB,aAAc,KACd,gBAAiB,OACjB,gBAAiB,2BACjB,qBAAsB,EACtB,UAAW,EACX,WAAY,EACZ,oBAAqB,CAAC,EACtB,cAAe,KACf,gBAAiB,KACjB,mBAAoB,KACpB,iBAAkB,KAClB,aAAc,CAAC,EAEf,sBAAuB,GACvB,oBAAqB,GACrB,WAAY,EACd,CACF,CAKA,eAAeC,GAAaC,EAAoBC,EAAqC,CACnF,IAAMC,EAAY,OAAO,OAAO,CAACF,EAAM,OAAQC,CAAK,CAAC,EACjDE,EAAe,CAAE,GAAGH,EAAO,OAAQE,CAAU,EAGjD,KAAOC,EAAa,OAAO,OAAS,GAAK,CAACA,EAAa,YAAY,CACjE,IAAMC,EAAY,MAAMC,GAAoBF,CAAY,EACxD,GAAIC,IAAcD,EAAc,MAChCA,EAAeC,CACjB,CAEA,OAAOD,CACT,CAKA,eAAeE,GAAoBL,EAA0C,CAC3E,OAAQA,EAAM,MAAO,CACnB,IAAK,WACH,OAAOM,GAAgBN,CAAK,EAC9B,IAAK,UACH,OAAOO,GAAeP,CAAK,EAC7B,IAAK,UACH,OAAOQ,GAAeR,CAAK,EAC7B,QAAS,CACP,GAAM,CAAE,oBAAAS,CAAoB,EAAI,KAAM,uCACtC,MAAM,IAAIA,EAAoB,uBAAwB,CACpD,UAAWT,EAAM,KACnB,CAAC,CACH,CACF,CACF,CAKA,SAASM,GAAgBN,EAAiC,CACxD,IAAMU,EAAgBV,EAAM,OAAO,QAAQA,EAAM,QAAQ,EACzD,GAAIU,IAAkB,GAAI,OAAOV,EAGjC,IAAMW,EAAwB,GAG1BC,EAASZ,EAAM,OAAO,SAASU,EAAgBV,EAAM,SAAS,MAAM,EAGxE,OAAIY,EAAO,QAAU,GAAKA,EAAO,SAAS,EAAG,CAAC,EAAE,OAAO,OAAO,KAAK,IAAI,CAAC,EAC/D,CACL,GAAGZ,EACH,OAAAY,EACA,sBAAAD,EACA,WAAY,GACZ,MAAO,UACT,GAIEC,EAAO,QAAU,GAAKA,EAAO,SAAS,EAAG,CAAC,EAAE,OAAO,OAAO,KAAK;AAAA,CAAM,CAAC,IACxEA,EAASA,EAAO,SAAS,CAAC,GAGrB,CACL,GAAGZ,EACH,OAAAY,EACA,sBAAAD,EACA,MAAO,UACP,eAAgB,EAClB,EACF,CAKA,eAAeJ,GAAeP,EAA0C,CACtE,IAAMa,EAAYb,EAAM,OAAO,QAAQ;AAAA;AAAA,CAAU,EACjD,GAAIa,IAAc,GAAI,OAAOb,EAE7B,IAAMc,EAAUd,EAAM,OAAO,SAAS,EAAGa,CAAS,EAAE,SAAS,MAAM,EAC7DD,EAASZ,EAAM,OAAO,SAASa,EAAY,CAAC,EAE5CE,EAAcC,GAAwBF,CAAO,EACnD,GAAI,CAACC,EAAa,CAEhB,GAAM,CAAE,gBAAAE,CAAgB,EAAI,KAAM,uCAClC,MAAM,IAAIA,EAAgB,+CAA+C,CAC3E,CAEA,IAAMC,EAAWC,GAAiBL,CAAO,EACnCM,EAASL,EAAY,WAAa,OAGxC,GAAIK,GAAUpB,EAAM,WAAaA,EAAM,QAAQ,SAAU,CACvD,GAAM,CAAE,qBAAAqB,CAAqB,EAAI,KAAM,uCACvC,MAAM,IAAIA,EAAqB,2BAA4B,CACzD,UAAWrB,EAAM,UAAY,EAC7B,SAAUA,EAAM,QAAQ,SACxB,SAAUe,EAAY,QACxB,CAAC,CACH,CAEA,GACEK,GACApB,EAAM,QAAQ,iBAAiB,OAAS,GACxC,CAACA,EAAM,QAAQ,iBAAiB,SAASkB,CAAQ,EACjD,CACA,GAAM,CAAE,0BAAAI,CAA0B,EAAI,KAAM,uCAC5C,MAAM,IAAIA,EAA0B,wBAAyB,CAC3D,iBAAkBJ,EAClB,iBAAkBlB,EAAM,QAAQ,iBAChC,SAAUe,EAAY,QACxB,CAAC,CACH,CAEA,MAAO,CACL,GAAGf,EACH,OAAAY,EACA,MAAO,UACP,eAAgBE,EAChB,aAAcC,EAAY,KAC1B,gBAAiBA,EAAY,SAC7B,gBAAiBG,EACjB,qBAAsB,EACtB,UAAWE,EAASpB,EAAM,UAAY,EAAIA,EAAM,UAChD,WAAYoB,EAASpB,EAAM,WAAaA,EAAM,WAAa,EAC3D,oBAAqB,CAAC,CACxB,CACF,CAKA,eAAeQ,GAAeR,EAA0C,CACtE,IAAMuB,EAAoBvB,EAAM,OAAO,QAAQA,EAAM,QAAQ,EAEzDwB,EACAC,EAAa,GACbb,EAASZ,EAAM,OAEnB,GAAIuB,IAAsB,GAAI,CAE5B,IAAMG,EAAa,KAAK,IAAI,EAAG1B,EAAM,OAAO,OAASA,EAAM,SAAS,MAAM,EAC1E,GAAI0B,IAAe,EAAG,OAAO1B,EAE7BwB,EAAexB,EAAM,OAAO,SAAS,EAAG0B,CAAU,EAClDd,EAASZ,EAAM,OAAO,SAAS0B,CAAU,CAC3C,KAAO,CAEL,IAAMC,EAAa,KAAK,IAAI,EAAGJ,EAAoB,CAAC,EACpDC,EAAexB,EAAM,OAAO,SAAS,EAAG2B,CAAU,EAClDf,EAASZ,EAAM,OAAO,SAASuB,CAAiB,EAChDE,EAAa,EACf,CAEA,IAAIG,EAAe,CAAE,GAAG5B,EAAO,OAAAY,CAAO,EAEtC,OAAIY,EAAa,OAAS,IACxBI,EAAe,MAAMC,GAAoBD,EAAcJ,CAAY,GAGjEC,IACFG,EAAe,MAAME,GAAoBF,CAAY,EACrDA,EAAe,CACb,GAAGA,EACH,MAAO,WACP,oBAAqB,EACvB,GAGKA,CACT,CAKA,eAAeC,GAAoB7B,EAAoBC,EAAqC,CAC1F,IAAM8B,EAAmB/B,EAAM,qBAAuBC,EAAM,OAGtD+B,EACJhC,EAAM,kBAAoB,OAAYA,EAAM,QAAQ,YAAcA,EAAM,QAAQ,aAElF,GAAI+B,EAAmBC,EAAS,CAC9B,IAAMZ,EAASpB,EAAM,kBAAoB,OACnC,CAAE,qBAAAqB,CAAqB,EAAI,KAAM,uCACjCY,EAAqBjC,EAAM,aAC7B,CACE,YAAaoB,EAAS,OAAS,QAC/B,YAAaW,EACb,QAAAC,EACA,MAAOhC,EAAM,aACb,SAAUA,EAAM,eAClB,EACA,CACE,YAAaoB,EAAS,OAAS,QAC/B,YAAaW,EACb,QAAAC,EACA,SAAUhC,EAAM,eAClB,EACJ,MAAM,IAAIqB,EACR,GAAGD,EAAS,OAAS,OAAO,sBAC5Ba,CACF,CACF,CAEA,OAAIjC,EAAM,kBAAoB,OACrBkC,GAAiBlC,EAAOC,EAAO8B,CAAgB,EAE/C,CACL,GAAG/B,EACH,qBAAsB+B,EACtB,oBAAqB,CAAC,GAAG/B,EAAM,oBAAqBC,CAAK,CAC3D,CAEJ,CAKA,eAAeiC,GACblC,EACAC,EACA8B,EACsB,CACtB,OAAQ/B,EAAM,QAAQ,SAAU,CAC9B,IAAK,SACH,MAAO,CACL,GAAGA,EACH,qBAAsB+B,EACtB,oBAAqB,CAAC,GAAG/B,EAAM,oBAAqBC,CAAK,CAC3D,EAEF,IAAK,SACH,OAAID,EAAM,kBACRA,EAAM,iBAAiB,QAAQC,CAAK,EAE/B,CAAE,GAAGD,EAAO,qBAAsB+B,CAAiB,EAE5D,IAAK,OACH,OAAI/B,EAAM,oBACR,MAAMmC,GAAcnC,EAAM,mBAAoBC,CAAK,EAE9C,CAAE,GAAGD,EAAO,qBAAsB+B,CAAiB,EAE5D,QAAS,CACP,GAAM,CAAE,gBAAAd,CAAgB,EAAI,KAAM,uCAClC,MAAM,IAAIA,EAAgB,0BAA0B,CAMtD,CACF,CACF,CAKA,eAAemB,GAAyBpC,EAA0C,CAChF,GAAIA,EAAM,kBAAoB,OAAW,OAAOA,EAEhD,OAAQA,EAAM,QAAQ,SAAU,CAC9B,IAAK,SACH,MAAO,CAAE,GAAGA,EAAO,oBAAqB,CAAC,CAAE,EAE7C,IAAK,SAAU,CACb,IAAIqC,EAAuE,KACrEC,EAAS,IAAI,eAA2B,CAC5C,MAAOC,GAAc,CACnBF,EAAmBE,CACrB,CACF,CAAC,EAED,MAAO,CACL,GAAGvC,EACH,cAAesC,EACf,iBAAAD,CACF,CACF,CAEA,IAAK,OAAQ,CACX,IAAMG,KAAW,SAAKxC,EAAM,QAAQ,QAAS,aAAU,eAAW,CAAC,EAAE,EAC/DyC,KAAc,sBAAkBD,CAAQ,EACxCE,EAAc,SAAY,CAC9B,GAAI,CACF,GAAM,CAAE,OAAAC,CAAO,EAAI,KAAM,QAAO,aAAkB,EAClD,MAAMA,EAAOH,CAAQ,CACvB,OAASI,EAAO,CACd,QAAQ,KAAK,gCAAgCJ,CAAQ,GAAII,CAAK,CAChE,CACF,EAEA,MAAO,CACL,GAAG5C,EACH,gBAAiBwC,EACjB,mBAAoBC,EACpB,aAAc,CAAC,GAAGzC,EAAM,aAAc0C,CAAW,CACnD,CACF,CAEA,QAAS,CACP,GAAM,CAAE,gBAAAzB,CAAgB,EAAI,KAAM,uCAClC,MAAM,IAAIA,EAAgB,kCAAkC,CAI9D,CACF,CACF,CAKA,eAAea,GAAoB9B,EAA0C,CAC3E,OAAKA,EAAM,aAEPA,EAAM,kBAAoB,OACrB6C,GAAa7C,CAAK,EAElB8C,GAAc9C,CAAK,EALI+C,GAAiB/C,CAAK,CAOxD,CAKA,eAAe6C,GAAa7C,EAA0C,CACpE,GAAI,CAACA,EAAM,cAAgBA,EAAM,kBAAoB,OACnD,OAAO+C,GAAiB/C,CAAK,EAG/B,IAAIsC,EACA1B,EACA4B,EAEJ,OAAQxC,EAAM,QAAQ,SAAU,CAC9B,IAAK,SACHY,EAAS,OAAO,OAAOZ,EAAM,mBAAmB,EAChDsC,EAAS,YAAS,KAAK1B,CAAM,EAC7B,MAEF,IAAK,SACCZ,EAAM,kBACRA,EAAM,iBAAiB,MAAM,EAE/BsC,EAAStC,EAAM,cACf,MAEF,IAAK,OACCA,EAAM,oBACR,MAAMgD,GAAYhD,EAAM,kBAAkB,EAE5CwC,EAAWxC,EAAM,gBACjBsC,EAAS,YAAS,KAAK,OAAO,MAAM,CAAC,CAAC,EACtC,MAEF,QAAS,CAEP,GAAM,CAAE,gBAAArB,CAAgB,EAAI,KAAM,uCAClC,MAAM,IAAIA,EAAgB,oCAAoC,CAIhE,CACF,CAEA,IAAMgC,EAAqB,CACzB,SAAUjD,EAAM,gBAChB,UAAWA,EAAM,aACjB,SAAUA,EAAM,gBAChB,KAAMA,EAAM,qBACZ,OAAAsC,EACA,OAAA1B,EACA,SAAA4B,CACF,EAEMU,EAAeC,GAAgBnD,EAAM,MAAOA,EAAM,aAAciD,CAAI,EAE1E,MAAO,CACL,GAAGF,GAAiB/C,CAAK,EACzB,MAAOkD,CACT,CACF,CAKA,SAASJ,GAAc9C,EAAiC,CACtD,GAAI,CAACA,EAAM,aAAc,OAAO+C,GAAiB/C,CAAK,EAEtD,IAAMoD,EAAQ,OAAO,OAAOpD,EAAM,mBAAmB,EAAE,SAAS,MAAM,EAChEqD,EAAgBF,GAAgBnD,EAAM,OAAQA,EAAM,aAAcoD,CAAK,EAE7E,MAAO,CACL,GAAGL,GAAiB/C,CAAK,EACzB,OAAQqD,CACV,CACF,CAKA,SAASN,GAAiB/C,EAAiC,CACzD,MAAO,CACL,GAAGA,EACH,aAAc,KACd,gBAAiB,OACjB,qBAAsB,EACtB,oBAAqB,CAAC,EACtB,cAAe,KACf,iBAAkB,KAClB,gBAAiB,KACjB,mBAAoB,IACtB,CACF,CAKA,SAASmD,GAAmBG,EAA8BC,EAAaH,EAA4B,CACjG,IAAMI,EAAgB,IAAI,IAAIF,CAAU,EAClCG,EAAWD,EAAc,IAAID,CAAG,GAAK,CAAC,EAC5C,OAAAC,EAAc,IAAID,EAAK,CAAC,GAAGE,EAAUL,CAAK,CAAC,EACpCI,CACT,CAKA,eAAeE,GAAS1D,EAA4C,CAElE,GAAI,CAACA,EAAM,sBAAuB,CAChC,GAAM,CAAE,gBAAAiB,CAAgB,EAAI,KAAM,uCAClC,MAAM,IAAIA,EAAgB,mCAAmC,CAK/D,CAGA,GAAIjB,EAAM,uBAAyB,CAACA,EAAM,oBAAqB,CAC7D,GAAM,CAAE,gBAAAiB,CAAgB,EAAI,KAAM,uCAClC,MAAM,IAAIA,EAAgB,yBAAyB,CAKrD,CAEA,IAAM0C,EAA4C,CAAC,EACnD,OAAW,CAACJ,EAAKK,CAAM,IAAK5D,EAAM,OAAO,QAAQ,EAC/C2D,EAAOJ,CAAG,EAAIK,EAAO,SAAW,EAAIA,EAAO,CAAC,EAAKA,EAGnD,IAAMC,EAAuD,CAAC,EAC9D,OAAW,CAACN,EAAKO,CAAQ,IAAK9D,EAAM,MAAM,QAAQ,EAChD6D,EAAMN,CAAG,EAAIO,EAAS,SAAW,EAAIA,EAAS,CAAC,EAAKA,EAGtD,MAAO,CAAE,OAAAH,EAAQ,MAAAE,CAAM,CACzB,CAKA,eAAeE,GAAQ/D,EAAmC,CAExD,MAAM,QAAQ,WAAWA,EAAM,aAAa,IAAIgE,GAAQA,EAAK,CAAC,CAAC,EAG3DhE,EAAM,kBACRA,EAAM,iBAAiB,MAAM,EAG3BA,EAAM,oBACR,MAAMgD,GAAYhD,EAAM,kBAAkB,CAE9C,CAGA,eAAemC,GAAcG,EAAqBrC,EAA8B,CAC9E,OAAO,IAAI,QAAQ,CAACgE,EAASC,IAAW,CACtC5B,EAAO,MAAMrC,EAAO2C,GAAS,CACvBA,EAAOsB,EAAOtB,CAAK,EAClBqB,EAAQ,CACf,CAAC,CACH,CAAC,CACH,CAEA,eAAejB,GAAYV,EAAoC,CAC7D,OAAO,IAAI,QAAQ2B,GAAW,CAC5B3B,EAAO,IAAI,IAAM2B,EAAQ,CAAC,CAC5B,CAAC,CACH,CAKA,eAAsBE,GACpBC,EACAtE,EAAiC,CAAC,EACV,CACxB,IAAMuE,EAAeD,EAAQ,QAAQ,cAAc,GAAgB,GAC7DvE,EAAWyE,GAAgBD,CAAW,EAE5C,GAAI,CAACxE,EAAU,CACb,GAAM,CAAE,0BAAAyB,CAA0B,EAAI,KAAM,uCAC5C,MAAM,IAAIA,EAA0B,6CAA8C,CAChF,oBAAqB+C,EACrB,eAAgB,mCAClB,CAAC,CACH,CAEA,IAAIrE,EAAQJ,GAAkBC,EAAUC,CAAO,EAG3CE,EAAM,kBAAoB,SAC5BA,EAAQ,MAAMoC,GAAyBpC,CAAK,GAG9C,GAAI,CAEF,cAAiBC,KAASmE,EACxBpE,EAAQ,MAAMD,GAAaC,EAAOC,CAAe,EAGnD,OAAOyD,GAAS1D,CAAK,CACvB,QAAE,CACA,MAAM+D,GAAQ/D,CAAK,CACrB,CACF,CEvjBA,IAAMuE,GAAsB,eAEtBC,GAAsB,CAC1B,KAAM,IAAM,KACZ,KAAM,KAAO,KACb,KAAM,EAAI,KAAO,KACjB,UAAW,CACT,YAAa,GAAK,KAAO,KACzB,aAAc,IAAM,KAAO,KAC3B,SAAU,GACV,aAAc,KAAO,IACvB,EACA,IAAK,GAAK,KAAO,IACnB,EAKA,SAASC,GAAgBC,EAIvB,CACA,IAAMC,EAAeD,EAAY,KAAO,IAGlCE,EAAOF,EAAI,QAAQ,MAAQ,YAE3BG,EAAU,GADCH,EAAI,QAAWA,EAAI,OAAe,UAAY,QAAU,MAC9C,MAAME,CAAI,GAAGD,EAAY,WAAW,GAAG,EAAI,GAAK,GAAG,GAAGA,CAAW,GAC5F,GAAI,CACF,IAAMG,EAAM,IAAI,IAAID,CAAO,EAGrBE,EAAOD,EAAI,SAGXE,EAAqB,CAAC,EAC5B,OAAAF,EAAI,aAAa,QAAQ,CAACG,EAAOC,IAAQ,CAEnCF,EAAME,CAAG,IAAM,OACb,MAAM,QAAQF,EAAME,CAAG,CAAC,EACzBF,EAAME,CAAG,EAAe,KAAKD,CAAK,EAEnCD,EAAME,CAAG,EAAI,CAACF,EAAME,CAAG,EAAaD,CAAK,EAG3CD,EAAME,CAAG,EAAID,CAEjB,CAAC,EAEM,CAAE,KAAAF,EAAM,IAAAD,EAAK,MAAAE,CAAM,CAC5B,OAASG,EAAO,CAEd,cAAQ,KAAK,gBAAgBN,CAAO,GAAIM,CAAK,EACvC,IAAIC,GAAc,gBAAgBP,CAAO,EAAE,CACnD,CACF,CAKA,SAASQ,GAAeX,EAA8B,CAEpD,MAAO,WAAYA,GAAQ,qBAAsBA,GAAQA,EAAY,mBAAqB,CAC5F,CAKA,SAASY,GAAYZ,EAA6B,CAEhD,IAAMa,EAAYb,EAAI,QAAWA,EAAI,OAAe,UAE9Cc,EAAiBd,EAAI,QAAQ,mBAAmB,EAEtD,OAAIc,EACE,MAAM,QAAQA,CAAc,EAEvBA,EAAe,CAAC,GAAG,MAAM,GAAG,EAAE,CAAC,GAAG,KAAK,GAAK,OAG5CA,EAAe,MAAM,GAAG,EAAE,CAAC,GAAG,KAAK,GAAK,OAK5CD,EAAY,QAAU,MAC/B,CAKA,eAAsBE,GACpBf,EACAgB,EACAC,EAA0B,CAAC,EACa,CAExC,GAAM,CAAE,KAAAZ,EAAM,IAAAD,EAAK,MAAAE,CAAM,EAAIP,GAAgBC,CAAG,EAC1CkB,EAASlB,EAAI,QAAU,MACvBmB,EAAUR,GAAeX,CAAG,EAC5BoB,EAAWR,GAAYZ,CAAG,EAG1BqB,EAAwB,CAAC,EACzBC,EAAQ,CAAE,GAAIL,EAAQ,cAAgB,CAAC,CAAG,EAG1CM,EAAgB,CAAE,KAAM,EAAM,EAG9BC,EAAqC,CACzC,QAASC,GAAmCzB,EAAK,CAC/C,KAAAK,EACA,IAAAD,EACA,MAAOE,EACP,OAAAe,EACA,OAAAH,EACA,QAAAC,EACA,SAAAC,CACF,CAAC,EACD,SAAU,CAAC,EACX,MAAAE,CACF,EAEA,OAAAE,EAAI,SAAWE,GAAqBV,EAAKO,EAAeC,CAAG,EAGvDP,EAAQ,WACV,MAAMU,GAAkB3B,EAAKwB,EAAKP,CAAO,EAGpCO,CACT,CAKA,SAASC,GACPzB,EACA4B,EAS0C,CAC1C,MAAO,CACL,IAAK5B,EACL,GAAG4B,EACH,OAAQC,GAA0B7B,CAAG,EACrC,QAAS8B,GAA2B9B,CAAG,EACvC,KAAM,MACR,CACF,CAKA,SAAS6B,GAA0B7B,EAAqB,CACtD,OAAQ+B,GAAqC,CAC3C,IAAMxB,EAAQP,EAAI,QAAQ+B,EAAK,YAAY,CAAC,EAC5C,OAAI,MAAM,QAAQxB,CAAK,EACdA,EAAM,KAAK,IAAI,EAEjBA,GAAS,MAClB,CACF,CAKA,SAASuB,GAA2B9B,EAAqB,CACvD,IAAMgC,EAAeH,GAA0B7B,CAAG,EAElD,OAAQiC,GACFA,GAAS,MAAM,QAAQA,CAAK,GAAKA,EAAM,OAAS,EAC3CA,EAAM,OAA2C,CAACC,EAAKH,KAC5DG,EAAIH,CAAI,EAAIC,EAAaD,CAAI,EACtBG,GACN,CAAC,CAAC,EAEE,OAAO,QAAQlC,EAAI,OAAO,EAAE,OACjC,CAACkC,EAAK,CAAC1B,EAAKD,CAAK,KACf2B,EAAI1B,CAAG,EAAI,MAAM,QAAQD,CAAK,EAAIA,EAAM,KAAK,IAAI,EAAIA,GAAS,OACvD2B,GAET,CAAC,CACH,CAGN,CAKA,SAASR,GACPV,EACAO,EACAC,EACuC,CACvC,MAAO,CACL,IAAKR,EAEL,IAAI,MAAO,CACT,OAAOO,EAAc,IACvB,EAEA,OAAQY,GAAmBnB,EAAKO,EAAeC,CAAG,EAClD,OAAQY,GAAmBpB,EAAKO,EAAeC,CAAG,EAClD,QAASa,GAAoBrB,EAAKO,EAAeC,CAAG,EACpD,KAAMc,GAAwBtB,EAAKO,EAAeC,CAAG,EAErD,KAAMe,GAAoBvB,EAAKO,CAAa,EAC5C,KAAMiB,GAAoBxB,EAAKO,CAAa,EAC5C,KAAMkB,GAAoBzB,EAAKO,CAAa,EAC5C,SAAUmB,GAAwB1B,EAAKO,CAAa,EACpD,OAAQoB,GAAsB3B,EAAKO,CAAa,CAClD,CACF,CAKA,SAASY,GACPnB,EACAO,EACAC,EACA,CACA,OAAO,SAAsBoB,EAAmC,CAC9D,GAAIrB,EAAc,KAChB,MAAM,IAAIsB,GAEZ,OAAA7B,EAAI,WAAa4B,EACVpB,EAAI,QACb,CACF,CAKA,SAASY,GACPpB,EACAO,EACAC,EACA,CACA,OAAO,SAAsBO,EAAcxB,EAAe,CACxD,GAAIgB,EAAc,KAChB,MAAM,IAAIuB,GAEZ,OAAA9B,EAAI,UAAUe,EAAMxB,CAAK,EAClBiB,EAAI,QACb,CACF,CAKA,SAASa,GACPrB,EACAO,EACAC,EACA,CACA,OAAO,SAAuBuB,EAAiC,CAC7D,GAAIxB,EAAc,KAChB,MAAM,IAAIuB,GAEZ,OAAW,CAACf,EAAMxB,CAAK,IAAK,OAAO,QAAQwC,CAAO,EAChD/B,EAAI,UAAUe,EAAMxB,CAAK,EAE3B,OAAOiB,EAAI,QACb,CACF,CAKA,SAASc,GACPtB,EACAO,EACAC,EACA,CACA,OAAO,SAAoBwB,EAAc,CACvC,GAAIzB,EAAc,KAChB,MAAM,IAAI0B,GAEZ,OAAAjC,EAAI,UAAUnB,GAAqBmD,CAAI,EAChCxB,EAAI,QACb,CACF,CAKA,SAASe,GAAoBvB,EAAsBO,EAAkC,CACnF,OAAO,SAAuB2B,EAAeC,EAAiB,CAC5D,GAAI5B,EAAc,KAChB,MAAM,IAAIsB,GAGRM,IAAW,SACbnC,EAAI,WAAamC,GAGnBnC,EAAI,UAAUnB,GAAqB,kBAAkB,EACrDmB,EAAI,IAAI,KAAK,UAAUkC,CAAI,CAAC,EAC5B3B,EAAc,KAAO,EACvB,CACF,CAKA,SAASiB,GAAoBxB,EAAsBO,EAAkC,CACnF,OAAO,SAAuB2B,EAAcC,EAAiB,CAC3D,GAAI5B,EAAc,KAChB,MAAM,IAAIsB,GAGRM,IAAW,SACbnC,EAAI,WAAamC,GAGnBnC,EAAI,UAAUnB,GAAqB,YAAY,EAC/CmB,EAAI,IAAIkC,CAAI,EACZ3B,EAAc,KAAO,EACvB,CACF,CAKA,SAASkB,GAAoBzB,EAAsBO,EAAkC,CACnF,OAAO,SAAuB2B,EAAcC,EAAiB,CAC3D,GAAI5B,EAAc,KAChB,MAAM,IAAIsB,GAGRM,IAAW,SACbnC,EAAI,WAAamC,GAGnBnC,EAAI,UAAUnB,GAAqB,WAAW,EAC9CmB,EAAI,IAAIkC,CAAI,EACZ3B,EAAc,KAAO,EACvB,CACF,CAKA,SAASmB,GAAwB1B,EAAsBO,EAAkC,CACvF,OAAO,SAA2BnB,EAAa+C,EAAS,IAAK,CAC3D,GAAI5B,EAAc,KAChB,MAAM,IAAIsB,GAGZ7B,EAAI,WAAamC,EACjBnC,EAAI,UAAU,WAAYZ,CAAG,EAC7BY,EAAI,IAAI,EACRO,EAAc,KAAO,EACvB,CACF,CAKA,SAASoB,GAAsB3B,EAAsBO,EAAkC,CACrF,OAAO,SAAyB6B,EAAiCnC,EAAyB,CAAC,EAAG,CAC5F,GAAIM,EAAc,KAChB,MAAM,IAAIsB,GAWZ,GARI5B,EAAQ,SAAW,SACrBD,EAAI,WAAaC,EAAQ,QAGvBA,EAAQ,aACVD,EAAI,UAAUnB,GAAqBoB,EAAQ,WAAW,EAGpDA,EAAQ,QACV,OAAW,CAACc,EAAMxB,CAAK,IAAK,OAAO,QAAQU,EAAQ,OAAO,EACxDD,EAAI,UAAUe,EAAMxB,CAAK,EAK7B6C,EAAS,KAAKpC,CAAG,EAGjBoC,EAAS,GAAG,MAAO,IAAM,CACvB7B,EAAc,KAAO,EACvB,CAAC,EAGD6B,EAAS,GAAG,QAASC,GAAO,CAC1B,QAAQ,MAAM,gBAAiBA,CAAG,EAC7B9B,EAAc,OACjBP,EAAI,WAAa,IACjBA,EAAI,IAAI,cAAc,EACtBO,EAAc,KAAO,GAEzB,CAAC,CACH,CACF,CAKA,eAAeI,GACb3B,EACAwB,EACAP,EAA0B,CAAC,EACZ,CAEf,GAAIqC,GAAkBtD,EAAI,MAAM,EAC9B,OAGF,IAAMuD,EAAcvD,EAAI,QAAQ,cAAc,GAAK,GAC7CwD,EAAgB,SAASxD,EAAI,QAAQ,gBAAgB,GAAK,IAAK,EAAE,EAGvE,GAAIwD,IAAkB,EACpB,OAGF,IAAMC,EAAS,CACb,KAAMxC,EAAQ,YAAY,MAAQnB,GAAoB,KACtD,KAAMmB,EAAQ,YAAY,MAAQnB,GAAoB,KACtD,KAAMmB,EAAQ,YAAY,MAAQnB,GAAoB,KACtD,IAAKmB,EAAQ,YAAY,KAAOnB,GAAoB,IACpD,UAAW,CACT,YACEmB,EAAQ,YAAY,WAAW,aAAenB,GAAoB,UAAU,YAC9E,SAAUmB,EAAQ,YAAY,WAAW,UAAYnB,GAAoB,UAAU,SACnF,aACEmB,EAAQ,YAAY,WAAW,cAAgBnB,GAAoB,UAAU,aAC/E,aACEmB,EAAQ,YAAY,WAAW,cAAgBnB,GAAoB,UAAU,YACjF,CACF,EAEA,GAAI,CAEF,GAAIyD,EAAY,SAAS,kBAAkB,EAAG,CAC5C,GAAIC,EAAgBC,EAAO,KACzB,MAAM,IAAI,MAAM,wBAAwBD,CAAa,MAAMC,EAAO,IAAI,QAAQ,EAEhF,MAAMC,GAAc1D,EAAKwB,CAAG,CAC9B,SAAW+B,EAAY,SAAS,mCAAmC,EAAG,CACpE,GAAIC,EAAgBC,EAAO,KACzB,MAAM,IAAI,MAAM,wBAAwBD,CAAa,MAAMC,EAAO,IAAI,QAAQ,EAEhF,MAAME,GAAwB3D,EAAKwB,CAAG,CACxC,SAAW+B,EAAY,SAAS,OAAO,EAAG,CACxC,GAAIC,EAAgBC,EAAO,KACzB,MAAM,IAAI,MAAM,wBAAwBD,CAAa,MAAMC,EAAO,IAAI,QAAQ,EAEhF,MAAMG,GAAc5D,EAAKwB,CAAG,CAC9B,SAAWqC,GAAmBN,CAAW,EAEvC,MAAMO,GAAmB9D,EAAKwB,EAAKiC,EAAO,SAAS,MAC9C,CAEL,GAAID,EAAgBC,EAAO,IACzB,MAAM,IAAI,MAAM,2BAA2BD,CAAa,MAAMC,EAAO,GAAG,QAAQ,EAGlF,MACF,CACF,OAAShD,EAAO,CACd,IAAMsD,EAAYR,EAAY,SAAS,WAAW,EAC9C,wBACA,kBACJS,GAAaxC,EAAKuC,EAAW,6BAA8BtD,CAAK,CAClE,CACF,CAKA,SAAS6C,GAAkBpC,EAA0B,CAEnD,MADoB,CAAC,MAAO,OAAQ,SAAS,EAC1B,SAASA,GAAU,KAAK,CAC7C,CAKA,eAAewC,GACb1D,EACAwB,EACe,CACf,IAAM0B,EAAO,MAAMe,GAAgBjE,CAAG,EAEtC,GAAI,CAACkD,EAAM,CACT,QAAQ,KAAK,mCAAmC,EAChD,MACF,CAGA,GAAIA,EAAK,KAAK,IAAM,OAAQ,CAC1B,QAAQ,KAAK,2BAA2B,EACxC1B,EAAI,QAAQ,KAAO,KACnB,MACF,CAEA,GAAI,CACF,IAAM0C,EAAO,KAAK,MAAMhB,CAAI,EAC5B1B,EAAI,QAAQ,KAAO0C,CACrB,OAASzD,EAAO,CACde,EAAI,QAAQ,KAAO,KACnBwC,GAAaxC,EAAK,mBAAoB,+BAAgCf,CAAK,CAC7E,CACF,CAKA,eAAekD,GACb3D,EACAwB,EACe,CACf,IAAM0B,EAAO,MAAMe,GAAgBjE,CAAG,EACtC,GAAKkD,EAEL,GAAI,CACF1B,EAAI,QAAQ,KAAO2C,GAAoBjB,CAAI,CAC7C,OAASzC,EAAO,CACde,EAAI,QAAQ,KAAO,KACnBwC,GAAaxC,EAAK,mBAAoB,oCAAqCf,CAAK,CAClF,CACF,CAKA,SAAS0D,GAAoBjB,EAAiD,CAC5E,IAAM7B,EAAS,IAAI,gBAAgB6B,CAAI,EACjCkB,EAA8C,CAAC,EAErD,OAAA/C,EAAO,QAAQ,CAACd,EAAOC,IAAQ,CACzB4D,EAAS5D,CAAG,IAAM,OAChB,MAAM,QAAQ4D,EAAS5D,CAAG,CAAC,EAC5B4D,EAAS5D,CAAG,EAAe,KAAKD,CAAK,EAEtC6D,EAAS5D,CAAG,EAAI,CAAC4D,EAAS5D,CAAG,EAAaD,CAAK,EAGjD6D,EAAS5D,CAAG,EAAID,CAEpB,CAAC,EAEM6D,CACT,CAKA,eAAeR,GACb5D,EACAwB,EACe,CACf,IAAM0B,EAAO,MAAMe,GAAgBjE,CAAG,EAClCkD,IACF1B,EAAI,QAAQ,KAAO0B,EAEvB,CAKA,eAAeY,GACb9D,EACAwB,EACA6C,EACe,CACf,GAAI,CACF,IAAMZ,EAASY,GAAmBvE,GAAoB,UAChDwE,EAAgB,MAAMC,GAAsBvE,EAAK,CACrD,SAAU,SACV,YAAayD,EAAO,YACpB,SAAUA,EAAO,SACjB,aAAcA,EAAO,YAEvB,CAAC,EAGAjC,EAAI,QAAgB,UAAY8C,EAChC9C,EAAI,QAAgB,MAAQ8C,EAAc,MAG3C9C,EAAI,QAAQ,KAAO8C,EAAc,MACnC,OAAS7D,EAAO,CACde,EAAI,QAAQ,KAAO,KACnBwC,GAAaxC,EAAK,wBAAyB,iCAAkCf,CAAK,CACpF,CACF,CAKA,SAASuD,GACPxC,EACAwB,EACAwB,EACA/D,EACM,CACN,IAAMgE,EAA4B,CAAE,KAAAzB,EAAM,QAAAwB,EAAS,MAAA/D,CAAM,EACzDe,EAAI,MAAM,WAAaiD,CACzB,CAKA,eAAeR,GAAgBjE,EAAsC,CACnE,OAAO,IAAI,QAAgB,CAAC0E,EAASC,IAAW,CAC9C,IAAMC,EAAmB,CAAC,EAE1B5E,EAAI,GAAG,OAAS6E,GAA2B,CACzCD,EAAO,KAAK,OAAO,SAASC,CAAK,EAAIA,EAAQ,OAAO,KAAKA,CAAK,CAAC,CACjE,CAAC,EAED7E,EAAI,GAAG,MAAO,IAAM,CAClB0E,EAAQ,OAAO,OAAOE,CAAM,EAAE,SAAS,MAAM,CAAC,CAChD,CAAC,EAED5E,EAAI,GAAG,QAASqD,GAAO,CACrBsB,EAAOtB,CAAG,CACZ,CAAC,CACH,CAAC,CACH,CC5oBAyB,KAEAC,KAgCO,IAAMC,GAAN,cAA4BC,EAAkC,CAQnE,YACEC,EACAC,EAA4C,OAC5CC,EAAoC,OACpC,CACA,kBAEEF,EACA,IACAE,GAAiBC,GAAwB,EACzCF,CACF,CACF,CACF,EC9DAG,KAEAC,KACAC,KAOO,SAASC,GAAeC,EAAsC,CACnE,OAAOA,aAAiBC,EAC1B,CAKO,SAASC,GAAoBF,EAAqC,CAEvE,GAAID,GAAeC,CAAK,EACtB,MAAO,CACL,KAAMA,EAAM,KACZ,MAAOA,EAAM,MACb,OAAQA,EAAM,OACd,cAAeA,EAAM,cACrB,UAAWA,EAAM,UAAU,YAAY,EACvC,QAASA,EAAM,OACjB,EAIF,IAAMG,EAAgBC,GAAsB,EACxCC,EAEAL,aAAiB,MACnBK,EAAkBL,EAAM,QACfA,GAAU,KACnBK,EAAkB,yBAElBA,EAAkB,OAAOL,CAAK,EAIhC,IAAMM,EAAe,IAAIC,GACvB,wBACA,CAAE,gBAAAF,CAAgB,EAClBF,CACF,EAEA,MAAO,CACL,KAAMG,EAAa,KACnB,MAAOA,EAAa,MACpB,OAAQA,EAAa,OACrB,cAAeA,EAAa,cAC5B,UAAWA,EAAa,UAAU,YAAY,EAC9C,QAASA,EAAa,OACxB,CACF,CAKO,SAASE,GACdC,EACQ,CACR,OAAOA,EAAa,kBAAkB,GAAKL,GAAsB,CACnE,CAKO,SAASM,GACdC,EACAR,EACM,CACNQ,EAAa,mBAAoBR,CAAa,CAEhD,CClDO,SAASS,GAAoBC,EAAgC,CAAC,EAAe,CAClF,GAAM,CAAE,MAAAC,EAAQ,EAAM,EAAID,EAoC1B,MAAO,CACL,KAAM,gBACN,QApCuC,MAAOE,EAAcC,IAAuB,CACnF,GAAI,CACF,MAAMA,EAAK,CACb,OAASC,EAAO,CAEd,GAAIF,EAAI,SAAS,KAAM,CACjBD,GACF,QAAQ,MAAM,0CAA2CG,CAAK,EAEhE,MACF,CAGIH,GACF,QAAQ,MAAM,+BAAgCG,CAAK,EAIrD,IAAMC,EAAgBC,GAA+BJ,EAAI,QAAQ,MAAM,EAGjEK,EAAgBC,GAAoBJ,CAAK,EAG/CG,EAAc,cAAgBF,EAG9BI,GAAwBP,EAAI,SAAS,OAAQG,CAAa,EAG1DH,EAAI,SAAS,OAAOK,EAAc,MAAM,EAAE,KAAKA,CAAa,CAC9D,CACF,EAKE,MAAAN,CACF,CACF,CC7DO,SAASS,GAAqBC,EAAwC,CAC3E,MAAO,OAAOC,EAAKC,IAAQ,CACzB,GAAI,CAEF,IAAMC,EAAU,MAAMC,GAAcH,EAAKC,EAAK,CAC5C,UAAW,EACb,CAAC,EAMKG,EAAgB,CAHAC,GAAoB,EAGJ,GAAGN,EAAe,UAAU,EAG5DO,EAAUC,GAAQH,CAAa,EAGrC,MAAMI,GAAeN,EAAS,SAAY,CACxC,MAAMI,EAAQJ,EAAS,SAAY,CACjC,GAAI,CAACA,EAAQ,SAAS,OAEpB,MAAMH,EAAe,OAAO,cAAcG,CAAO,EAE7C,CAACA,EAAQ,SAAS,MACpB,MAAM,IAAIO,GACR,oBAAoBP,EAAQ,QAAQ,MAAM,IAAIA,EAAQ,QAAQ,IAAI,EACpE,CAGN,CAAC,CACH,CAAC,CACH,OAASQ,EAAO,CAEd,QAAQ,MAAM,0BAA2BA,CAAK,EAC9CT,EAAI,UAAU,IAAK,CAAE,eAAgB,kBAAmB,CAAC,EACzDA,EAAI,IACF,KAAK,UAAU,CACb,MAAO,wBACP,QAAS,2BACX,CAAC,CACH,CACF,CACF,CACF,CV1CA,eAAeU,GACbC,EACkD,CAElD,GAAI,CAACA,EAAa,QAChB,MAAO,CAAC,EAGV,GAAM,CAAE,QAAAC,EAAS,SAAAC,CAAS,EAAIF,EAGxBG,EAAY,QAAQ,IAAI,WAAa,cACrCC,EAAsB,CAACH,GAAW,CAACC,EAEzC,GAAIE,GAAuBD,EAEzB,OADiB,MAAME,GAAwB,EAKjD,GAAID,EACF,MAAM,IAAI,MACR,2JAEF,EAGF,MAAO,CAAE,QAAAH,EAAS,SAAAC,CAAS,CAC7B,CAGA,SAASI,GACPC,EACAC,EACuC,CACvC,GAAI,CAACD,EACH,OAAY,gBAAa,EAI3B,IAAME,EAAgD,CACpD,WAAY,EACd,EAGA,GAAI,CACED,EAAY,UACdC,EAAmB,IAAS,gBAAaD,EAAY,OAAO,GAE1DA,EAAY,WACdC,EAAmB,KAAU,gBAAaD,EAAY,QAAQ,EAElE,OAASE,EAAK,CACZ,MAAM,IAAI,MACR,qCAAqCA,aAAe,MAAQA,EAAI,QAAU,OAAOA,CAAG,CAAC,EACvF,CACF,CAEA,OAAa,sBAAmBD,CAAkB,CACpD,CAGA,SAASE,GACPC,EACAC,EACAC,EACAP,EACe,CACf,OAAO,IAAI,QAAQ,CAACQ,EAASC,IAAW,CACtCJ,EAAO,OAAOC,EAAMC,EAAM,IAAM,CAE9B,IAAMG,EAAM,GADKV,EAAU,QAAU,MACd,MAAMO,CAAI,IAAID,CAAI,GACzC,QAAQ,IAAI;AAAA;AAAA;AAAA;AAAA;AAAA,wBAKDI,CAAG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,CAOnB,EACKF,EAAQ,CACV,CAAC,EAEDH,EAAO,GAAG,QAASF,GAAO,CACxB,QAAQ,MAAM,gBAAiBA,CAAG,EAClCM,EAAON,CAAG,CACZ,CAAC,CACH,CAAC,CACH,CAEA,eAAeQ,GAAkBC,EAAuC,CACtE,QAAWC,KAAUD,EAAe,QAC9B,OAAOC,EAAO,YAAe,YAC/B,MAAMA,EAAO,WAAWD,CAAc,CAG5C,CAGA,eAAsBE,GACpBF,EACAG,EACe,CAEf,GAAI,CAAAH,EAAe,OAInB,GAAI,CAEF,IAAMN,EAAOS,EAAc,KACrBR,EAAOQ,EAAc,KAG3B,MAAMJ,GAAkBC,CAAc,EAGtC,IAAMnB,EAAesB,EAAc,OAAS,CAAE,QAAS,EAAK,EACtDf,EAAU,CAAC,CAACP,EAAa,QAGzBQ,EAAc,MAAMT,GAAoBC,CAAY,EAGtDsB,EAAc,OAASd,EAAY,SAAWA,EAAY,WAC5Dc,EAAc,MAAM,QAAUd,EAAY,QAC1Cc,EAAc,MAAM,SAAWd,EAAY,UAI7C,IAAMI,EAASN,GAAqBC,EAASC,CAAW,EAGxDW,EAAe,OAASP,EAGxBO,EAAe,KAAON,EACtBM,EAAe,KAAOL,EAGtB,IAAMS,EAAiBC,GAAqBL,CAAc,EAC1DP,EAAO,GAAG,UAAWW,CAAc,EAGnC,MAAMZ,GAAaC,EAAQC,EAAMC,EAAMP,CAAO,CAChD,OAASkB,EAAO,CACd,cAAQ,MAAM,0BAA2BA,CAAK,EACxCA,CACR,CACF,CWjKA,IAAIC,GAAiB,GAIrB,eAAsBC,GAAWC,EAAwBC,EAAuB,CAAC,EAAkB,CACjG,IAAMC,EAASF,EAAe,OACxBG,EAASH,EAAe,OAE9B,GAAIF,GAAgB,CAClB,QAAQ,IAAI,gFAAsE,EAClF,MACF,CAEA,GAAI,CAACI,EACH,OAGFJ,GAAiB,GACjB,IAAMM,EAAUH,EAAQ,SAAW,IAEnC,GAAI,CAQF,GAPIA,EAAQ,YACV,MAAMA,EAAQ,WAAW,EAG3BE,EAAO,KAAK,UAAU,EAGlBH,EAAe,QAAU,OAAOA,EAAe,OAAO,OAAU,WAAY,CAC9E,QAAQ,IAAI,sCAA+B,EAC3C,GAAI,CAEF,MAAM,QAAQ,KAAK,CACjBA,EAAe,OAAO,MAAM,EAC5B,IAAI,QAAQ,CAACK,EAAGC,IACd,WAAW,IAAMA,EAAO,IAAI,MAAM,sBAAsB,CAAC,EAAG,GAAI,CAClE,CACF,CAAC,EACD,QAAQ,IAAI,+BAA0B,CACxC,OAASC,EAAO,CACd,QAAQ,MAAM,wCAAoCA,CAAK,CAEzD,CACF,CAGA,GAAI,CACF,MAAM,QAAQ,KAAK,CACjBP,EAAe,cAAc,aAAaA,EAAgBE,CAAM,EAChE,IAAI,QAAQ,CAACG,EAAGC,IACd,WAAW,IAAMA,EAAO,IAAI,MAAM,qBAAqB,CAAC,EAAG,GAAI,CACjE,CACF,CAAC,CACH,OAASC,EAAO,CACd,QAAQ,MAAM,8BAA0BA,CAAK,CAE/C,CAGA,IAAMC,EAAe,IAAI,QAAc,CAACC,EAASH,IAAW,CAC1DJ,EAAO,MAAOQ,GAAgB,CAC5B,GAAIA,EAAK,OAAOJ,EAAOI,CAAG,EAC1BD,EAAQ,CACV,CAAC,CACH,CAAC,EAEKE,EAAiB,IAAI,QAAe,CAACN,EAAGC,IAAW,CACvD,WAAW,IAAM,CACfA,EAAO,IAAI,MAAM,yBAAyB,CAAC,CAC7C,EAAGF,CAAO,CACZ,CAAC,EAED,MAAM,QAAQ,KAAK,CAACI,EAAcG,CAAc,CAAC,EAGjD,GAAI,CACF,MAAM,QAAQ,KAAK,CACjBX,EAAe,cAAc,iBAAiBA,CAAc,EAC5D,IAAI,QAAQ,CAACK,EAAGC,IACd,WAAW,IAAMA,EAAO,IAAI,MAAM,0BAA0B,CAAC,EAAG,GAAI,CACtE,CACF,CAAC,CACH,OAASC,EAAO,CACd,QAAQ,MAAM,mCAA+BA,CAAK,CAEpD,CAEIN,EAAQ,WACV,MAAMA,EAAQ,UAAU,EAG1BE,EAAO,KAAK,SAAS,EACrBH,EAAe,OAAS,KAExB,QAAQ,IAAI,oCAA+B,EAC3CF,GAAiB,EACnB,OAASS,EAAO,CACd,MAAAT,GAAiB,GACjB,QAAQ,MAAM,8CAAqCS,CAAK,EAGpDL,GAAU,OAAOA,EAAO,OAAU,YACpCA,EAAO,MAAM,EAIX,QAAQ,IAAI,WAAa,gBAC3B,QAAQ,IAAI,mDAA4C,EACxD,QAAQ,KAAK,CAAC,GAGhBC,EAAO,KAAK,QAASI,CAAK,EACpBA,CACR,CACF,CAKO,SAASK,GAAuBC,EAAyD,CAG9F,GAFsB,QAAQ,IAAI,WAAa,cAE5B,CAEjB,IAAMC,EAAgB,IAAM,CAC1B,QAAQ,IAAI,oEAA6D,EACzE,QAAQ,KAAK,CAAC,CAChB,EAEMC,EAAiB,IAAM,CAC3B,QAAQ,IAAI,qEAA8D,EAC1E,QAAQ,KAAK,CAAC,CAChB,EAEA,eAAQ,GAAG,SAAUD,CAAa,EAClC,QAAQ,GAAG,UAAWC,CAAc,EAE7B,CACL,WAAY,IAAM,CAChB,QAAQ,eAAe,SAAUD,CAAa,EAC9C,QAAQ,eAAe,UAAWC,CAAc,CAClD,CACF,CACF,KAAO,CAEL,IAAMD,EAAgB,IAAM,CAC1B,QAAQ,IAAI,0DAAmD,EAC/DD,EAAO,EAAE,MAAM,QAAQ,KAAK,CAC9B,EAEME,EAAiB,IAAM,CAC3B,QAAQ,IAAI,2DAAoD,EAChEF,EAAO,EAAE,MAAM,QAAQ,KAAK,CAC9B,EAEA,eAAQ,GAAG,SAAUC,CAAa,EAClC,QAAQ,GAAG,UAAWC,CAAc,EAE7B,CACL,WAAY,IAAM,CAChB,QAAQ,eAAe,SAAUD,CAAa,EAC9C,QAAQ,eAAe,UAAWC,CAAc,CAClD,CACF,CACF,CACF,CCxKA,IAAAC,GAAkB,eAOZC,GAAmB,KAAE,OACzBC,GACEA,IAAS,MACT,OAAOA,GAAS,UAChB,YAAaA,GACb,OAAOA,EAAK,SAAY,WAC1B,CACE,QAAS,iDACX,CACF,EAGMC,GAAe,KAAE,OACrBD,GACEA,IAAS,MACT,OAAOA,GAAS,UAChB,aAAcA,GACd,OAAOA,EAAK,UAAa,WAC3B,CACE,QAAS,uDACX,CACF,EAGME,GAAc,KACjB,OAAO,CACN,QAAS,KAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAI,EAC5C,QAAS,KAAE,OAAO,EAAE,SAAS,EAC7B,SAAU,KAAE,OAAO,EAAE,SAAS,CAChC,CAAC,EACA,OACCF,GAGMA,EAAK,SAAW,QAAQ,IAAI,WAAa,aACpCA,EAAK,SAAWA,EAAK,SAEvB,GAET,CACE,QACE,kGACJ,CACF,EAGWG,GAAsB,KAAE,OAAO,CAC1C,KAAM,KAAE,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,QAAQ,GAAI,EACzD,KAAM,KAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,WAAW,EAC/C,UAAW,KAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,UAAU,EACnD,MAAOD,GAAY,SAAS,EAAE,QAAQ,CACpC,QAAS,EACX,CAAC,EACD,WAAY,KAAE,MAAMH,EAAgB,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,EAC3D,QAAS,KAAE,MAAME,EAAY,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC,CACtD,CAAC,EAEM,SAASG,GAAsBC,EAA4C,CAChF,GAAI,CACF,OAAOF,GAAoB,MAAME,CAAO,CAC1C,OAASC,EAAO,CAEd,GAAIA,aAAiB,KAAE,SAAU,CAE/B,IAAMC,EAAiBD,EAAM,OAAO,EACpC,MAAM,IAAI,MAAM,2BAA2B,KAAK,UAAUC,EAAgB,KAAM,CAAC,CAAC,EAAE,CACtF,CAEA,MAAM,IAAI,MAAM,2BAA2B,OAAOD,CAAK,CAAC,EAAE,CAC5D,CACF,CCvEO,SAASE,GACdC,EAAkC,CAAC,EACX,CACxB,GAAM,CAAE,gBAAAC,EAAkB,GAAM,MAAAC,EAAQ,GAAO,QAAAC,CAAQ,EAAIH,EAK3D,SAASI,EAAIC,KAAoBC,EAAa,CACxCJ,GACF,QAAQ,IAAI,qBAAqBG,CAAO,GAAI,GAAGC,CAAI,CAEvD,CAKA,SAASC,EAAYC,EAAgBC,EAAeC,EAAc,CAChE,IAAMC,EAAe,UAAUH,EAAO,IAAI,kBAAkBC,CAAK,KAAKC,EAAM,OAAO,GAQnF,GANIP,EACFA,EAAQK,EAAQC,EAAOC,CAAK,EAE5B,QAAQ,MAAMC,EAAcD,CAAK,EAG/B,CAACT,EACH,MAAM,IAAI,MAAMU,CAAY,CAEhC,CAEA,MAAO,CAIL,MAAM,kBAAkBC,EAA+B,CACrDR,EAAI,yBAAyB,EAE7B,QAAWI,KAAUI,EAAO,QAC1B,GAAIJ,EAAO,WACT,GAAI,CACFJ,EAAI,wBAAwBI,EAAO,IAAI,EAAE,EACzC,MAAMA,EAAO,WAAWI,CAAM,CAChC,OAASF,EAAO,CACdH,EAAYC,EAAQ,aAAcE,CAAc,CAClD,CAIJN,EAAI,eAAeQ,EAAO,QAAQ,MAAM,UAAU,CACpD,EAKA,MAAM,iBAAiBA,EAA+B,CACpDR,EAAI,wBAAwB,EAE5B,IAAMS,EAAqB,CAAC,GAAGD,EAAO,OAAO,EAAE,QAAQ,EAEvD,QAAWJ,KAAUK,EACnB,GAAIL,EAAO,UACT,GAAI,CACFJ,EAAI,uBAAuBI,EAAO,IAAI,EAAE,EACxC,MAAMA,EAAO,UAAUI,CAAM,CAC/B,OAASF,EAAO,CACdH,EAAYC,EAAQ,YAAaE,CAAc,CACjD,CAIJN,EAAI,cAAcS,EAAmB,MAAM,UAAU,CACvD,EAKA,MAAM,cAAcD,EAAgBE,EAAgC,CAClEV,EAAI,sCAAsC,EAE1C,QAAWI,KAAUI,EAAO,QAC1B,GAAIJ,EAAO,cACT,GAAI,CACFJ,EAAI,qCAAqCI,EAAO,IAAI,EAAE,EACtD,MAAMA,EAAO,cAAcM,CAAU,CACvC,OAASJ,EAAO,CACdH,EAAYC,EAAQ,gBAAiBE,CAAc,CACrD,CAGN,EAKA,MAAM,aAAaE,EAAgBE,EAAgC,CACjEV,EAAI,qCAAqC,EAEzC,IAAMW,EAAkB,CAAC,GAAGH,EAAO,OAAO,EAAE,QAAQ,EAEpD,QAAWJ,KAAUO,EACnB,GAAIP,EAAO,aACT,GAAI,CACFJ,EAAI,oCAAoCI,EAAO,IAAI,EAAE,EACrD,MAAMA,EAAO,aAAaM,CAAU,CACtC,OAASJ,EAAO,CACdH,EAAYC,EAAQ,eAAgBE,CAAc,CACpD,CAGN,CACF,CACF,CCpFO,IAAMM,GAAN,cAAoC,KAAM,CAC/C,YACSC,EACPC,EACA,CACA,MAAM,0BAA0BD,EAAa,SAASA,CAAU,IAAM,EAAE,KAAKC,CAAO,EAAE,EAH/E,gBAAAD,EAIP,KAAK,KAAO,uBACd,CACF,EC1BA,IAAME,GAAiB,IAAI,IAAI,CAC7B,OACA,SACA,SACA,aACA,UACA,SACA,UACF,CAAC,EAKKC,GAAqB,+BAKrBC,GAAwB,2DAKvB,SAASC,GACdC,EACAC,EAAmC,CAAC,EACV,CAC1B,GAAM,CAAE,eAAAC,EAAiB,GAAM,mBAAAC,EAAqB,GAAM,mBAAAC,EAAqB,EAAK,EAAIH,EAGxF,GAAI,CAACD,GAAU,OAAOA,GAAW,SAC/B,MAAM,IAAIK,GAAsB,GAAI,0BAA0B,EAGhE,IAAMC,EAAIN,EAGV,GAAI,CAACM,EAAE,MAAQ,OAAOA,EAAE,MAAS,SAC/B,MAAM,IAAID,GAAsB,GAAI,kCAAkC,EAIxE,GAAIF,GAAsB,CAACN,GAAmB,KAAKS,EAAE,IAAI,EACvD,MAAM,IAAID,GACRC,EAAE,KACF,kEACF,EAIF,GAAIF,GAAsBR,GAAe,IAAIU,EAAE,KAAK,YAAY,CAAC,EAC/D,MAAM,IAAID,GAAsBC,EAAE,KAAM,gBAAgBA,EAAE,IAAI,eAAe,EAI/E,GAAIJ,EAAgB,CAClB,GAAI,CAACI,EAAE,SAAW,OAAOA,EAAE,SAAY,SACrC,MAAM,IAAID,GAAsBC,EAAE,KAAM,qCAAqC,EAG/E,GAAI,CAACR,GAAsB,KAAKQ,EAAE,OAAO,EACvC,MAAM,IAAID,GACRC,EAAE,KACF,gEACF,CAEJ,CAGA,GAAI,CAACA,EAAE,UAAY,OAAOA,EAAE,UAAa,WACvC,MAAM,IAAID,GAAsBC,EAAE,KAAM,+CAA+C,EAIzF,IAAMC,EAAmB,CAAC,aAAc,YAAa,gBAAiB,cAAc,EAEpF,QAAWC,KAAUD,EACnB,GAAID,EAAEE,CAAM,GAAK,OAAOF,EAAEE,CAAM,GAAM,WACpC,MAAM,IAAIH,GAAsBC,EAAE,KAAM,UAAUE,CAAM,iCAAiC,CAoB/F,CClHA,IAAAC,GAAwB,wBACxBC,GAAoB,6BACpBC,GAA8B,kBAC9BC,GAAsB,sBCCtB,eAAsBC,GAAcC,EAAkB,CAEpD,IAAMC,EAAc,MAAM,KAAK,IAAI,CAAC,GAC9BC,EAAaF,EAAWC,EAE9B,GAAI,CACF,IAAME,EAAS,MAAM,OAAOD,GAC5B,eAAQ,IAAI,qCAAgC,EACrCC,CACT,OAASC,EAAO,CAEd,IAAMC,EAAeD,aAAiB,MAAQA,EAAM,QAAU,OAAOA,CAAK,EAC1E,eAAQ,IAAI,wEAA+DC,CAAY,EAEhF,OAAOL,EAChB,CACF,CAKA,eAAsBM,GAAgBN,EAAkBO,EAAoC,CAC1F,GAAI,CAEF,IAAMC,EAAcC,GAAeT,EAAUO,CAAQ,EAE/CJ,EAAS,MAAMJ,GAAcC,CAAQ,EAC3C,QAAQ,IAAI,4BAAsB,OAAO,KAAKG,CAAM,CAAC,EAErD,IAAMO,EAAkB,CAAC,EAGzB,GAAIP,EAAO,SAAW,OAAOA,EAAO,SAAY,SAAU,CACxD,IAAMQ,EAAe,CACnB,GAAIR,EAAO,QACX,KAAMK,EAAY,SACpB,EAEAE,EAAO,KAAKC,CAAK,CACnB,CAwBA,OArBA,OAAO,QAAQR,CAAM,EAAE,QAAQ,CAAC,CAACS,EAAYC,CAAW,IAAM,CAE5D,GAAID,IAAe,WAAa,CAACC,GAAe,OAAOA,GAAgB,SACrE,OAIF,IAAMC,EAAiBD,EAEvB,GAAIE,GAAaD,CAAc,EAAG,CAEhC,IAAMH,EAAe,CACnB,GAAGG,EAEH,KAAMN,EAAY,SACpB,EAEAE,EAAO,KAAKC,CAAK,CACnB,CACF,CAAC,EAEGD,EAAO,SAAW,GACpB,QAAQ,KAAK,cAAcV,CAAQ,8CAA8C,EAC1E,CAAC,IAGV,QAAQ,IAAI,8BAAyBU,EAAO,MAAM,WAAW,EACtDA,EACT,OAASN,EAAO,CACd,eAAQ,MAAM,+BAA+BJ,CAAQ,IAAKI,CAAK,EACxD,CAAC,CACV,CACF,CAKA,SAASW,GAAaC,EAAmB,CACvC,MAAI,CAACA,GAAO,OAAOA,GAAQ,SAClB,GAIW,CAAC,MAAO,OAAQ,MAAO,SAAU,QAAS,OAAQ,SAAS,EAC7C,KAChCC,GAAUD,EAAIC,CAAM,GAAK,OAAOD,EAAIC,CAAM,GAAM,UAAYD,EAAIC,CAAM,EAAE,OAC1E,CAGF,CD/FA,IAAAC,GAAA,GASMC,GAAiB,IAAI,IAE3B,eAAsBC,GACpBC,EACAC,EACAC,EAAuB,GACL,CAElB,IAAMC,GADO,MAAS,QAAKH,CAAQ,GACT,MAAM,QAAQ,EAClCI,EAAcN,GAAe,IAAIE,CAAQ,EAG/C,GAAIE,GAAeE,GAAeA,EAAY,YAAcD,EAC1D,OAAOC,EAAY,OAIrBC,GAAsBL,CAAQ,EAG9B,IAAMM,EAAS,MAAMC,GAAgBP,EAAUC,CAAS,EAGxD,GAAIC,EAAa,CAEf,IAAMM,EAAOC,GAAWH,CAAM,EAG9BR,GAAe,IAAIE,EAAU,CAC3B,OAAAM,EACA,UAAWH,EACX,KAAAK,CACF,CAAC,CACH,CAEA,OAAOF,CACT,CAEO,SAASI,GAAuBV,EAAkBW,EAA6B,CACpF,IAAMP,EAAcN,GAAe,IAAIE,CAAQ,EAC/C,GAAI,CAACI,EACH,MAAO,GAGT,IAAMQ,EAAUH,GAAWE,CAAS,EAEpC,OAAOP,EAAY,OAASQ,CAC9B,CAEO,SAASC,GAAeb,EAAyB,CAClDA,EACFF,GAAe,OAAOE,CAAQ,EAE9BF,GAAe,MAAM,CAEzB,CAEA,SAASW,GAAWH,EAAyB,CAC3C,IAAMQ,EAAYR,EAAO,IAAIS,IAAU,CACrC,KAAMA,EAAM,KACZ,QAAS,OAAO,KAAKA,CAAK,EACvB,OAAOC,GAAOA,IAAQ,MAAM,EAC5B,KAAK,EACL,IAAIC,GAAU,CACb,IAAMC,EAAYH,EAAME,CAAqB,EACvCE,EAAgBD,GAAW,QAAUA,EAAU,QAAQ,SAAS,EAAI,KAC1E,MAAO,CACL,OAAAD,EAEA,QAASE,EAET,WAAYD,GAAW,WAAaA,EAAU,WAAW,OAAS,EAElE,UAAW,CAAC,CAACA,GAAW,OACxB,WAAYA,GAAW,OAAS,OAAO,KAAKA,EAAU,MAAM,EAAE,KAAK,EAAI,CAAC,CAC1E,CACF,CAAC,CACL,EAAE,EAEIE,EAAa,KAAK,UAAUN,CAAS,EAG3C,OAFoB,cAAW,KAAK,EAAE,OAAOM,CAAU,EAAE,OAAO,KAAK,CAGvE,CAEA,SAASf,GAAsBL,EAAwB,CACrD,GAAI,CAEF,IAAMqB,EAAoB,WAAQrB,CAAQ,EAG1C,GAAI,OAAO,QAAY,IAAa,CAElC,OAAO,QAAQ,MAAMqB,CAAY,EAGjC,GAAI,CACF,IAAMC,EAAe,QAAQ,QAAQD,CAAY,EACjD,OAAO,QAAQ,MAAMC,CAAY,CACnC,OAASC,EAAc,CAErB,IAAMC,EACJD,aAAwB,MAAQA,EAAa,QAAU,OAAOA,CAAY,EAC5E,QAAQ,IAAI,wCAA8BC,CAAY,EAAE,CAC1D,CACF,KAEE,IAAI,CACF,IAAMC,KAAU,kBAAc5B,GAAY,GAAG,EAC7C,OAAO4B,EAAQ,MAAMJ,CAAY,EAEjC,GAAI,CACF,IAAMC,EAAeG,EAAQ,QAAQJ,CAAY,EACjD,OAAOI,EAAQ,MAAMH,CAAY,CACnC,MAAQ,CACN,QAAQ,IAAI,yCAA+B,CAC7C,CACF,MAAQ,CACN,QAAQ,IAAI,sDAA4C,CAC1D,CAEJ,OAASI,EAAO,CACd,QAAQ,IAAI,2DAAiD1B,CAAQ,IAAK0B,CAAK,CACjF,CACF,CErIA,IAAAC,GAAoB,oBCApB,IAAAC,GAAoB,6BACpBC,GAAsB,sBAOtB,eAAsBC,GACpBC,EACAC,EAAiC,CAAC,EACf,CAEnB,IAAMC,EAAmB,cAAWF,CAAS,EACzCA,EACK,WAAQ,QAAQ,IAAI,EAAGA,CAAS,EAEzC,QAAQ,IAAI,yCAA0CE,CAAW,EAGjE,GAAI,CAEF,GAAI,EADU,MAAS,QAAKA,CAAW,GAC5B,YAAY,EACrB,MAAM,IAAI,MAAM,uCAAuCA,CAAW,EAAE,CAExE,OAASC,EAAO,CACd,MAAKA,EAAgC,OAAS,SACtC,IAAI,MAAM,8BAA8BD,CAAW,EAAE,EAEvDC,CACR,CAEA,IAAMC,EAAuB,CAAC,EACxBC,EAASJ,EAAQ,QAAU,CAAC,eAAgB,MAAM,EAExD,eAAeK,EAAcC,EAAa,CACxC,IAAMC,EAAU,MAAS,WAAQD,EAAK,CAAE,cAAe,EAAK,CAAC,EAE7D,QAAWE,KAASD,EAAS,CAC3B,IAAME,EAAgB,QAAKH,EAAKE,EAAM,IAAI,EAGtCA,EAAM,YAAY,GAAKJ,EAAO,SAASI,EAAM,IAAI,IAIjDA,EAAM,YAAY,EACpB,MAAMH,EAAcI,CAAQ,EACnBC,GAAYF,EAAM,IAAI,GAC/BL,EAAW,KAAKM,CAAQ,EAE5B,CACF,CAEA,aAAMJ,EAAcJ,CAAW,EACxBE,CACT,CAKA,SAASO,GAAYC,EAA2B,CAE9C,MAAO,CAACA,EAAS,WAAW,GAAG,IAAMA,EAAS,SAAS,KAAK,GAAKA,EAAS,SAAS,KAAK,EAC1F,CDzDA,eAAsBC,GACpBC,EACAC,EACAC,EAAsB,KAAK,IAAI,EAAG,KAAK,MAAS,QAAK,EAAE,OAAS,CAAC,CAAC,EAC9C,CACpB,IAAMC,EAASC,GAAWJ,EAAWE,CAAW,EAC1CG,EAAqB,CAAC,EAE5B,QAAWC,KAASH,EAAQ,CAG1B,IAAMI,GAFe,MAAM,QAAQ,WAAWD,EAAM,IAAIE,GAAYP,EAAUO,CAAQ,CAAC,CAAC,GAGrF,OAAOC,GAAUA,EAAO,SAAW,WAAW,EAC9C,IAAIA,GAAWA,EAA2C,KAAK,EAElEJ,EAAQ,KAAK,GAAGE,CAAiB,CACnC,CAEA,OAAOF,CACT,CAEA,eAAsBK,GAA0BC,EAAqC,CACnF,IAAMC,EAAQ,MAAMC,GAAeF,CAAS,EAK5C,OAJoB,MAAMZ,GAAuBa,EAAOJ,GACtDM,GAAmBN,EAAUG,CAAS,CACxC,GAEmB,KAAK,CAC1B,CAEA,SAASP,GAAcW,EAAYC,EAA0B,CAC3D,IAAMb,EAAgB,CAAC,EACvB,QAASc,EAAI,EAAGA,EAAIF,EAAM,OAAQE,GAAKD,EACrCb,EAAO,KAAKY,EAAM,MAAME,EAAGA,EAAID,CAAS,CAAC,EAE3C,OAAOb,CACT,CEzCA,IAAMe,GAA+B,CACnC,YAAa,EACb,gBAAiB,EACjB,kBAAmB,EACnB,YAAa,CAAC,CAChB,EAEO,SAASC,GAAuBC,EAAkBC,EAAyB,CAChF,IAAMC,EAAW,KAAK,IAAI,EAAID,EAa9B,GAXAH,GAAc,cACdA,GAAc,iBAAmBI,EACjCJ,GAAc,kBAAoBA,GAAc,gBAAkBA,GAAc,YAE5EI,EAAW,MACbJ,GAAc,YAAY,KAAK,CAAE,KAAME,EAAU,KAAME,CAAS,CAAC,EAC7DJ,GAAc,YAAY,OAAS,IACrCA,GAAc,YAAY,MAAM,GAIhC,QAAQ,IAAI,WAAa,cAAe,CAC1C,IAAMK,EAAQD,EAAW,GAAK,SAAMA,EAAW,IAAM,YAAO,YAC5D,QAAQ,IAAI,GAAGC,CAAK,kBAAkBH,CAAQ,KAAKE,CAAQ,KAAK,CAClE,CACF,CAaO,SAASE,GACdC,EACAC,EACG,CACH,eAAQ,IAAI,6BAA6BA,CAAQ,EAAE,EAC3C,SAAUC,IAAwB,CACxC,IAAMC,EAAY,KAAK,IAAI,EAC3B,GAAI,CACF,IAAMC,EAAS,MAAMJ,EAAG,GAAGE,CAAI,EAC/B,OAAAG,GAAuBJ,EAAUE,CAAS,EACnCC,CACT,OAASE,EAAO,CACd,MAAAD,GAAuBJ,EAAUE,CAAS,EACpCG,CACR,CACF,CACF,CCxDA,IAAAC,GAAsB,sBCCtB,IAAAC,GAA+B,cAC/BC,GAA8B,uBAC9BC,GAA6B,kBAC7BC,EAAyB,sBCJzB,IAAAC,GAA+C,uBAC/CC,GAAyB,kBACzBC,GAAuF,gBAC1EC,GAAa,CACtB,UAAW,QACX,SAAU,cACV,cAAe,oBACf,gBAAiB,KACrB,EACMC,GAAiB,CACnB,KAAM,IACN,WAAaC,GAAe,GAC5B,gBAAkBA,GAAe,GACjC,KAAMF,GAAW,UACjB,MAAO,GACP,MAAO,WACP,WAAY,GACZ,cAAe,IACnB,EACA,OAAO,OAAOC,EAAc,EAC5B,IAAME,GAAuB,2BACvBC,GAAqB,IAAI,IAAI,CAAC,SAAU,QAAS,SAAU,QAASD,EAAoB,CAAC,EACzFE,GAAY,CACdL,GAAW,SACXA,GAAW,gBACXA,GAAW,cACXA,GAAW,SACf,EACMM,GAAY,IAAI,IAAI,CACtBN,GAAW,SACXA,GAAW,gBACXA,GAAW,aACf,CAAC,EACKO,GAAa,IAAI,IAAI,CACvBP,GAAW,gBACXA,GAAW,cACXA,GAAW,SACf,CAAC,EACKQ,GAAqBC,GAAUL,GAAmB,IAAIK,EAAM,IAAI,EAChEC,GAAoB,QAAQ,WAAa,QACzCC,GAAWT,GAAe,GAC1BU,GAAmBC,GAAW,CAChC,GAAIA,IAAW,OACX,OAAOF,GACX,GAAI,OAAOE,GAAW,WAClB,OAAOA,EACX,GAAI,OAAOA,GAAW,SAAU,CAC5B,IAAMC,EAAKD,EAAO,KAAK,EACvB,OAAQE,GAAUA,EAAM,WAAaD,CACzC,CACA,GAAI,MAAM,QAAQD,CAAM,EAAG,CACvB,IAAMG,EAAUH,EAAO,IAAKI,GAASA,EAAK,KAAK,CAAC,EAChD,OAAQF,GAAUC,EAAQ,KAAME,GAAMH,EAAM,WAAaG,CAAC,CAC9D,CACA,OAAOP,EACX,EAEaQ,GAAN,cAA6B,WAAS,CACzC,YAAYC,EAAU,CAAC,EAAG,CACtB,MAAM,CACF,WAAY,GACZ,YAAa,GACb,cAAeA,EAAQ,aAC3B,CAAC,EACD,IAAMC,EAAO,CAAE,GAAGpB,GAAgB,GAAGmB,CAAQ,EACvC,CAAE,KAAAE,EAAM,KAAAC,CAAK,EAAIF,EACvB,KAAK,YAAcT,GAAgBS,EAAK,UAAU,EAClD,KAAK,iBAAmBT,GAAgBS,EAAK,eAAe,EAC5D,IAAMG,EAAaH,EAAK,MAAQ,SAAQ,QAEpCX,GACA,KAAK,MAASe,GAASD,EAAWC,EAAM,CAAE,OAAQ,EAAK,CAAC,EAGxD,KAAK,MAAQD,EAEjB,KAAK,UAAYH,EAAK,OAASpB,GAAe,MAC9C,KAAK,UAAYsB,EAAOjB,GAAU,IAAIiB,CAAI,EAAI,GAC9C,KAAK,WAAaA,EAAOhB,GAAW,IAAIgB,CAAI,EAAI,GAChD,KAAK,iBAAmBA,IAASvB,GAAW,gBAC5C,KAAK,SAAQ,GAAA0B,SAASJ,CAAI,EAC1B,KAAK,UAAY,CAACD,EAAK,WACvB,KAAK,WAAa,KAAK,UAAY,SAAW,QAC9C,KAAK,WAAa,CAAE,SAAU,OAAQ,cAAe,KAAK,SAAU,EAEpE,KAAK,QAAU,CAAC,KAAK,YAAYC,EAAM,CAAC,CAAC,EACzC,KAAK,QAAU,GACf,KAAK,OAAS,MAClB,CACA,MAAM,MAAMK,EAAO,CACf,GAAI,MAAK,QAET,MAAK,QAAU,GACf,GAAI,CACA,KAAO,CAAC,KAAK,WAAaA,EAAQ,GAAG,CACjC,IAAMC,EAAM,KAAK,OACXC,EAAMD,GAAOA,EAAI,MACvB,GAAIC,GAAOA,EAAI,OAAS,EAAG,CACvB,GAAM,CAAE,KAAAJ,EAAM,MAAAK,CAAM,EAAIF,EAClBG,EAAQF,EAAI,OAAO,EAAGF,CAAK,EAAE,IAAKK,GAAW,KAAK,aAAaA,EAAQP,CAAI,CAAC,EAC5EQ,EAAU,MAAM,QAAQ,IAAIF,CAAK,EACvC,QAAWhB,KAASkB,EAAS,CACzB,GAAI,CAAClB,EACD,SACJ,GAAI,KAAK,UACL,OACJ,IAAMmB,EAAY,MAAM,KAAK,cAAcnB,CAAK,EAC5CmB,IAAc,aAAe,KAAK,iBAAiBnB,CAAK,GACpDe,GAAS,KAAK,WACd,KAAK,QAAQ,KAAK,KAAK,YAAYf,EAAM,SAAUe,EAAQ,CAAC,CAAC,EAE7D,KAAK,YACL,KAAK,KAAKf,CAAK,EACfY,OAGEO,IAAc,QAAU,KAAK,eAAenB,CAAK,IACvD,KAAK,YAAYA,CAAK,GAClB,KAAK,aACL,KAAK,KAAKA,CAAK,EACfY,IAGZ,CACJ,KACK,CACD,IAAMQ,EAAS,KAAK,QAAQ,IAAI,EAChC,GAAI,CAACA,EAAQ,CACT,KAAK,KAAK,IAAI,EACd,KACJ,CAEA,GADA,KAAK,OAAS,MAAMA,EAChB,KAAK,UACL,MACR,CACJ,CACJ,OACO1B,EAAO,CACV,KAAK,QAAQA,CAAK,CACtB,QACA,CACI,KAAK,QAAU,EACnB,EACJ,CACA,MAAM,YAAYgB,EAAMK,EAAO,CAC3B,IAAIM,EACJ,GAAI,CACAA,EAAQ,QAAM,YAAQX,EAAM,KAAK,UAAU,CAC/C,OACOhB,EAAO,CACV,KAAK,SAASA,CAAK,CACvB,CACA,MAAO,CAAE,MAAA2B,EAAO,MAAAN,EAAO,KAAAL,CAAK,CAChC,CACA,MAAM,aAAaO,EAAQP,EAAM,CAC7B,IAAIV,EACEsB,EAAW,KAAK,UAAYL,EAAO,KAAOA,EAChD,GAAI,CACA,IAAMM,KAAW,GAAAZ,YAAS,GAAAa,MAAMd,EAAMY,CAAQ,CAAC,EAC/CtB,EAAQ,CAAE,QAAM,GAAAyB,UAAU,KAAK,MAAOF,CAAQ,EAAG,SAAAA,EAAU,SAAAD,CAAS,EACpEtB,EAAM,KAAK,UAAU,EAAI,KAAK,UAAYiB,EAAS,MAAM,KAAK,MAAMM,CAAQ,CAChF,OACOG,EAAK,CACR,KAAK,SAASA,CAAG,EACjB,MACJ,CACA,OAAO1B,CACX,CACA,SAAS0B,EAAK,CACNjC,GAAkBiC,CAAG,GAAK,CAAC,KAAK,UAChC,KAAK,KAAK,OAAQA,CAAG,EAGrB,KAAK,QAAQA,CAAG,CAExB,CACA,MAAM,cAAc1B,EAAO,CAGvB,GAAI,CAACA,GAAS,KAAK,cAAcA,EAC7B,MAAO,GAEX,IAAM2B,EAAQ3B,EAAM,KAAK,UAAU,EACnC,GAAI2B,EAAM,OAAO,EACb,MAAO,OACX,GAAIA,EAAM,YAAY,EAClB,MAAO,YACX,GAAIA,GAASA,EAAM,eAAe,EAAG,CACjC,IAAMC,EAAO5B,EAAM,SACnB,GAAI,CACA,IAAM6B,EAAgB,QAAM,aAASD,CAAI,EACnCE,EAAqB,QAAM,UAAMD,CAAa,EACpD,GAAIC,EAAmB,OAAO,EAC1B,MAAO,OAEX,GAAIA,EAAmB,YAAY,EAAG,CAClC,IAAMC,EAAMF,EAAc,OAC1B,GAAID,EAAK,WAAWC,CAAa,GAAKD,EAAK,OAAOG,EAAK,CAAC,IAAM,GAAAC,IAAM,CAChE,IAAMC,EAAiB,IAAI,MAAM,+BAA+BL,CAAI,gBAAgBC,CAAa,GAAG,EAEpG,OAAAI,EAAe,KAAO7C,GACf,KAAK,SAAS6C,CAAc,CACvC,CACA,MAAO,WACX,CACJ,OACOvC,EAAO,CACV,YAAK,SAASA,CAAK,EACZ,EACX,CACJ,CACJ,CACA,eAAeM,EAAO,CAClB,IAAM2B,EAAQ3B,GAASA,EAAM,KAAK,UAAU,EAC5C,OAAO2B,GAAS,KAAK,kBAAoB,CAACA,EAAM,YAAY,CAChE,CACJ,EAOO,SAASO,GAAS3B,EAAMF,EAAU,CAAC,EAAG,CAEzC,IAAIG,EAAOH,EAAQ,WAAaA,EAAQ,KAKxC,GAJIG,IAAS,SACTA,EAAOvB,GAAW,eAClBuB,IACAH,EAAQ,KAAOG,GACdD,EAGA,IAAI,OAAOA,GAAS,SACrB,MAAM,IAAI,UAAU,0EAA0E,EAE7F,GAAIC,GAAQ,CAAClB,GAAU,SAASkB,CAAI,EACrC,MAAM,IAAI,MAAM,6CAA6ClB,GAAU,KAAK,IAAI,CAAC,EAAE,MANnF,OAAM,IAAI,MAAM,qEAAqE,EAQzF,OAAAe,EAAQ,KAAOE,EACR,IAAIH,GAAeC,CAAO,CACrC,CCjPA,IAAA8B,GAA0D,cAC1DC,GAA0D,uBAC1DC,GAAyB,sBACzBC,GAA+B,cAClBC,GAAW,OACXC,GAAU,MACVC,GAAY,QACZC,GAAW,IAAM,CAAE,EAEhC,IAAMC,GAAK,QAAQ,SACNC,GAAYD,KAAO,QACnBE,GAAUF,KAAO,SACjBG,GAAUH,KAAO,QACjBI,GAAYJ,KAAO,UACnBK,MAAS,GAAAC,MAAO,IAAM,QACtBC,GAAS,CAClB,IAAK,MACL,MAAO,QACP,IAAK,MACL,OAAQ,SACR,QAAS,SACT,OAAQ,SACR,WAAY,YACZ,IAAK,MACL,MAAO,OACX,EACMC,GAAKD,GACLE,GAAsB,QACtBC,GAAc,CAAE,eAAO,YAAK,EAC5BC,GAAgB,YAChBC,GAAU,cACVC,GAAU,cACVC,GAAe,CAACH,GAAeC,GAASC,EAAO,EAE/CE,GAAmB,IAAI,IAAI,CAC7B,MAAO,MAAO,MAAO,MAAO,KAAM,IAAK,MAAO,MAAO,WAAY,UAAW,QAAS,KACrF,MAAO,OAAQ,MAAO,MAAO,MAAO,WAAY,KAAM,MAAO,MAAO,KAAM,MAC1E,MAAO,OAAQ,KAAM,MAAO,KAAM,MAAO,OAAQ,MAAO,QACxD,MAAO,MAAO,MAAO,QAAS,MAAO,OAAQ,MAAO,MAAO,MAAO,MAAO,MAAO,MAAO,OACvF,MAAO,MAAO,MAAO,MAAO,OAAQ,OAAQ,MAAO,OAAQ,MAAO,WAAY,MAAO,MACrF,QAAS,MAAO,MAAO,MACvB,YAAa,YAAa,YAAa,MAAO,MAAO,MAAO,OAAQ,MACpE,MAAO,MAAO,KAAM,MAAO,OAAQ,UAAW,MAAO,MAAO,MAAO,MAAO,MAC1E,KAAM,KAAM,MAAO,UAAW,KAAM,OACpC,OAAQ,OAAQ,OAAQ,OAAQ,MAAO,MAAO,MAAO,MAAO,MAC5D,MAAO,OAAQ,MAAO,OAAQ,MAAO,MAAO,MAAO,MACnD,MAAO,MAAO,MAAO,KAAM,MAAO,OAAQ,MAC1C,MAAO,MAAO,MAAO,MAAO,MAAO,MAAO,MAAO,OAAQ,MAAO,MAAO,MAAO,MAAO,MACrF,OAAQ,MAAO,QAAS,MACxB,MAAO,OAAQ,OAAQ,MAAO,OAAQ,MACtC,MAAO,MAAO,UAAW,QACzB,IAAK,MAAO,MAAO,MAAO,MAAO,MAAO,MAAO,MAAO,MACtD,QAAS,MAAO,MAAO,MAAO,MAAO,MAAO,MAAO,MAAO,MAAO,MAAO,MAAO,OAC/E,OAAQ,MAAO,OACf,MAAO,MAAO,OAAQ,OAAQ,MAAO,OAAQ,OAAQ,MAAO,MAAO,MAAO,MAAO,MACjF,KACA,MAAO,MAAO,MAAO,YAAa,MAAO,MAAO,MAAO,MAAO,OAAQ,MAAO,MAAO,KACpF,MAAO,MAAO,OAAQ,MAAO,OAAQ,OAAQ,MAAO,SAAU,MAAO,MAAO,MAAO,KACnF,MAAO,MAAO,MAAO,MACrB,MAAO,MAAO,OAAQ,MAAO,MAAO,OAAQ,MAAO,OAAQ,MAAO,MAAO,MAAO,MAChF,MAAO,MAAO,MAAO,MAAO,MAAO,MAAO,MAC1C,MAAO,MACP,MAAO,MAAO,MAAO,OAAQ,MAAO,OAAQ,OAAQ,OAAQ,MAAO,MAAO,KAAM,MAChF,MAAO,MAAO,OAAQ,QAAS,MAAO,MACtC,MAAO,MAAO,MAAO,OAAQ,MAAO,OAAQ,OAAQ,OAAQ,MAAO,OAAQ,OAAQ,KACnF,QAAS,MAAO,MAAO,MAAO,KAC9B,IAAK,MAAO,MAChB,CAAC,EACKC,GAAgBC,GAAaF,GAAiB,IAAY,WAAQE,CAAQ,EAAE,MAAM,CAAC,EAAE,YAAY,CAAC,EAElGC,GAAU,CAACC,EAAKC,IAAO,CACrBD,aAAe,IACfA,EAAI,QAAQC,CAAE,EAGdA,EAAGD,CAAG,CAEd,EACME,GAAgB,CAACC,EAAMC,EAAMC,IAAS,CACxC,IAAIC,EAAYH,EAAKC,CAAI,EACnBE,aAAqB,MACvBH,EAAKC,CAAI,EAAIE,EAAY,IAAI,IAAI,CAACA,CAAS,CAAC,GAEhDA,EAAU,IAAID,CAAI,CACtB,EACME,GAAaC,GAAUC,GAAQ,CACjC,IAAMC,EAAMF,EAAKC,CAAG,EAChBC,aAAe,IACfA,EAAI,MAAM,EAGV,OAAOF,EAAKC,CAAG,CAEvB,EACME,GAAa,CAACR,EAAMC,EAAMC,IAAS,CACrC,IAAMC,EAAYH,EAAKC,CAAI,EACvBE,aAAqB,IACrBA,EAAU,OAAOD,CAAI,EAEhBC,IAAcD,GACnB,OAAOF,EAAKC,CAAI,CAExB,EACMQ,GAAcZ,GAASA,aAAe,IAAMA,EAAI,OAAS,EAAI,CAACA,EAC9Da,GAAmB,IAAI,IAU7B,SAASC,GAAsBC,EAAMC,EAASC,EAAUC,EAAYC,EAAS,CACzE,IAAMC,EAAc,CAACC,EAAUC,IAAW,CACtCL,EAASF,CAAI,EACbI,EAAQE,EAAUC,EAAQ,CAAE,YAAaP,CAAK,CAAC,EAG3CO,GAAUP,IAASO,GACnBC,GAAyB,WAAQR,EAAMO,CAAM,EAAG9B,GAAuB,QAAKuB,EAAMO,CAAM,CAAC,CAEjG,EACA,GAAI,CACA,SAAO,GAAAE,OAAST,EAAM,CAClB,WAAYC,EAAQ,UACxB,EAAGI,CAAW,CAClB,OACOK,EAAO,CACVP,EAAWO,CAAK,EAChB,MACJ,CACJ,CAKA,IAAMF,GAAmB,CAACG,EAAUC,EAAcC,EAAMC,EAAMC,IAAS,CACnE,IAAMtB,EAAOK,GAAiB,IAAIa,CAAQ,EACrClB,GAELT,GAAQS,EAAKmB,CAAY,EAAIV,GAAa,CACtCA,EAASW,EAAMC,EAAMC,CAAI,CAC7B,CAAC,CACL,EASMC,GAAqB,CAAChB,EAAMW,EAAUV,EAASgB,IAAa,CAC9D,GAAM,CAAE,SAAAf,EAAU,WAAAC,EAAY,WAAAe,CAAW,EAAID,EACzCxB,EAAOK,GAAiB,IAAIa,CAAQ,EACpCQ,EACJ,GAAI,CAAClB,EAAQ,WAET,OADAkB,EAAUpB,GAAsBC,EAAMC,EAASC,EAAUC,EAAYe,CAAU,EAC1EC,EAEEA,EAAQ,MAAM,KAAKA,CAAO,EAD7B,OAGR,GAAI1B,EACAN,GAAcM,EAAMhB,GAAeyB,CAAQ,EAC3Cf,GAAcM,EAAMf,GAASyB,CAAU,EACvChB,GAAcM,EAAMd,GAASuC,CAAU,MAEtC,CAGD,GAFAC,EAAUpB,GAAsBC,EAAMC,EAASO,GAAiB,KAAK,KAAMG,EAAUlC,EAAa,EAAG0B,EACrGK,GAAiB,KAAK,KAAMG,EAAUhC,EAAO,CAAC,EAC1C,CAACwC,EACD,OACJA,EAAQ,GAAG7C,GAAG,MAAO,MAAOoC,GAAU,CAClC,IAAMU,EAAeZ,GAAiB,KAAK,KAAMG,EAAUjC,EAAO,EAIlE,GAHIe,IACAA,EAAK,gBAAkB,IAEvB1B,IAAa2C,EAAM,OAAS,QAC5B,GAAI,CAEA,MADW,QAAM,SAAKV,EAAM,GAAG,GACtB,MAAM,EACfoB,EAAaV,CAAK,CACtB,MACY,CAEZ,MAGAU,EAAaV,CAAK,CAE1B,CAAC,EACDjB,EAAO,CACH,UAAWS,EACX,YAAaC,EACb,YAAae,EACb,QAAAC,CACJ,EACArB,GAAiB,IAAIa,EAAUlB,CAAI,CACvC,CAIA,MAAO,IAAM,CACTG,GAAWH,EAAMhB,GAAeyB,CAAQ,EACxCN,GAAWH,EAAMf,GAASyB,CAAU,EACpCP,GAAWH,EAAMd,GAASuC,CAAU,EAChCrB,GAAWJ,EAAK,SAAS,IAGzBA,EAAK,QAAQ,MAAM,EAEnBK,GAAiB,OAAOa,CAAQ,EAChC/B,GAAa,QAAQY,GAAUC,CAAI,CAAC,EAEpCA,EAAK,QAAU,OACf,OAAO,OAAOA,CAAI,EAE1B,CACJ,EAIM4B,GAAuB,IAAI,IAU3BC,GAAyB,CAACtB,EAAMW,EAAUV,EAASgB,IAAa,CAClE,GAAM,CAAE,SAAAf,EAAU,WAAAgB,CAAW,EAAID,EAC7BxB,EAAO4B,GAAqB,IAAIV,CAAQ,EAGtCY,EAAQ9B,GAAQA,EAAK,QAC3B,OAAI8B,IAAUA,EAAM,WAAatB,EAAQ,YAAcsB,EAAM,SAAWtB,EAAQ,eAO5E,gBAAYU,CAAQ,EACpBlB,EAAO,QAEPA,GACAN,GAAcM,EAAMhB,GAAeyB,CAAQ,EAC3Cf,GAAcM,EAAMd,GAASuC,CAAU,IAMvCzB,EAAO,CACH,UAAWS,EACX,YAAagB,EACb,QAAAjB,EACA,WAAS,cAAUU,EAAUV,EAAS,CAACuB,EAAMC,IAAS,CAClDzC,GAAQS,EAAK,YAAcyB,GAAe,CACtCA,EAAW5C,GAAG,OAAQqC,EAAU,CAAE,KAAAa,EAAM,KAAAC,CAAK,CAAC,CAClD,CAAC,EACD,IAAMC,EAAYF,EAAK,SACnBA,EAAK,OAASC,EAAK,MAAQC,EAAYD,EAAK,SAAWC,IAAc,IACrE1C,GAAQS,EAAK,UAAYS,GAAaA,EAASF,EAAMwB,CAAI,CAAC,CAElE,CAAC,CACL,EACAH,GAAqB,IAAIV,EAAUlB,CAAI,GAKpC,IAAM,CACTG,GAAWH,EAAMhB,GAAeyB,CAAQ,EACxCN,GAAWH,EAAMd,GAASuC,CAAU,EAChCrB,GAAWJ,EAAK,SAAS,IACzB4B,GAAqB,OAAOV,CAAQ,KACpC,gBAAYA,CAAQ,EACpBlB,EAAK,QAAUA,EAAK,QAAU,OAC9B,OAAO,OAAOA,CAAI,EAE1B,CACJ,EAIakC,GAAN,KAAoB,CACvB,YAAYC,EAAK,CACb,KAAK,IAAMA,EACX,KAAK,kBAAqBlB,GAAUkB,EAAI,aAAalB,CAAK,CAC9D,CAOA,iBAAiBV,EAAME,EAAU,CAC7B,IAAM2B,EAAO,KAAK,IAAI,QAChBC,EAAoB,WAAQ9B,CAAI,EAChC+B,EAAmB,YAAS/B,CAAI,EACvB,KAAK,IAAI,eAAe8B,CAAS,EACzC,IAAIC,CAAQ,EACnB,IAAMC,EAAuB,WAAQhC,CAAI,EACnCC,EAAU,CACZ,WAAY4B,EAAK,UACrB,EACK3B,IACDA,EAAW+B,IACf,IAAIC,EACJ,GAAIL,EAAK,WAAY,CACjB,IAAMM,EAAYN,EAAK,WAAaA,EAAK,eACzC5B,EAAQ,SAAWkC,GAAarD,GAAaiD,CAAQ,EAAIF,EAAK,eAAiBA,EAAK,SACpFK,EAASZ,GAAuBtB,EAAMgC,EAAc/B,EAAS,CACzD,SAAAC,EACA,WAAY,KAAK,IAAI,QACzB,CAAC,CACL,MAEIgC,EAASlB,GAAmBhB,EAAMgC,EAAc/B,EAAS,CACrD,SAAAC,EACA,WAAY,KAAK,kBACjB,WAAY,KAAK,IAAI,QACzB,CAAC,EAEL,OAAOgC,CACX,CAKA,YAAYE,EAAMC,EAAOC,EAAY,CACjC,GAAI,KAAK,IAAI,OACT,OAEJ,IAAMC,EAAkB,WAAQH,CAAI,EAC9BL,EAAmB,YAASK,CAAI,EAChCI,EAAS,KAAK,IAAI,eAAeD,CAAO,EAE1CE,EAAYJ,EAEhB,GAAIG,EAAO,IAAIT,CAAQ,EACnB,OACJ,IAAM7B,EAAW,MAAOF,EAAM0C,IAAa,CACvC,GAAK,KAAK,IAAI,UAAUnE,GAAqB6D,EAAM,CAAC,GAEpD,GAAI,CAACM,GAAYA,EAAS,UAAY,EAClC,GAAI,CACA,IAAMA,EAAW,QAAM,SAAKN,CAAI,EAChC,GAAI,KAAK,IAAI,OACT,OAEJ,IAAMO,EAAKD,EAAS,QACdE,EAAKF,EAAS,QAIpB,IAHI,CAACC,GAAMA,GAAMC,GAAMA,IAAOH,EAAU,UACpC,KAAK,IAAI,MAAMnE,GAAG,OAAQ8D,EAAMM,CAAQ,GAEvC1E,IAAWC,IAAWC,KAAcuE,EAAU,MAAQC,EAAS,IAAK,CACrE,KAAK,IAAI,WAAW1C,CAAI,EACxByC,EAAYC,EACZ,IAAMR,EAAS,KAAK,iBAAiBE,EAAMlC,CAAQ,EAC/CgC,GACA,KAAK,IAAI,eAAelC,EAAMkC,CAAM,CAC5C,MAEIO,EAAYC,CAEpB,MACc,CAEV,KAAK,IAAI,QAAQH,EAASR,CAAQ,CACtC,SAGKS,EAAO,IAAIT,CAAQ,EAAG,CAE3B,IAAMY,EAAKD,EAAS,QACdE,EAAKF,EAAS,SAChB,CAACC,GAAMA,GAAMC,GAAMA,IAAOH,EAAU,UACpC,KAAK,IAAI,MAAMnE,GAAG,OAAQ8D,EAAMM,CAAQ,EAE5CD,EAAYC,CAChB,EACJ,EAEMR,EAAS,KAAK,iBAAiBE,EAAMlC,CAAQ,EAEnD,GAAI,EAAEoC,GAAc,KAAK,IAAI,QAAQ,gBAAkB,KAAK,IAAI,aAAaF,CAAI,EAAG,CAChF,GAAI,CAAC,KAAK,IAAI,UAAU9D,GAAG,IAAK8D,EAAM,CAAC,EACnC,OACJ,KAAK,IAAI,MAAM9D,GAAG,IAAK8D,EAAMC,CAAK,CACtC,CACA,OAAOH,CACX,CASA,MAAM,eAAeW,EAAOf,EAAW9B,EAAMV,EAAM,CAC/C,GAAI,KAAK,IAAI,OACT,OAEJ,IAAMwD,EAAOD,EAAM,SACbE,EAAM,KAAK,IAAI,eAAejB,CAAS,EAC7C,GAAI,CAAC,KAAK,IAAI,QAAQ,eAAgB,CAElC,KAAK,IAAI,gBAAgB,EACzB,IAAIkB,EACJ,GAAI,CACAA,EAAW,QAAM,GAAAC,UAAWjD,CAAI,CACpC,MACU,CACN,YAAK,IAAI,WAAW,EACb,EACX,CACA,OAAI,KAAK,IAAI,OACT,QACA+C,EAAI,IAAIzD,CAAI,EACR,KAAK,IAAI,cAAc,IAAIwD,CAAI,IAAME,IACrC,KAAK,IAAI,cAAc,IAAIF,EAAME,CAAQ,EACzC,KAAK,IAAI,MAAM1E,GAAG,OAAQ0B,EAAM6C,EAAM,KAAK,IAI/CE,EAAI,IAAIzD,CAAI,EACZ,KAAK,IAAI,cAAc,IAAIwD,EAAME,CAAQ,EACzC,KAAK,IAAI,MAAM1E,GAAG,IAAK0B,EAAM6C,EAAM,KAAK,GAE5C,KAAK,IAAI,WAAW,EACb,GACX,CAEA,GAAI,KAAK,IAAI,cAAc,IAAIC,CAAI,EAC/B,MAAO,GAEX,KAAK,IAAI,cAAc,IAAIA,EAAM,EAAI,CACzC,CACA,YAAYhB,EAAWQ,EAAYY,EAAIC,EAAQJ,EAAKK,EAAOC,EAAW,CAIlE,GAFAvB,EAAoB,QAAKA,EAAW,EAAE,EACtCuB,EAAY,KAAK,IAAI,UAAU,UAAWvB,EAAW,GAAI,EACrD,CAACuB,EACD,OACJ,IAAMC,EAAW,KAAK,IAAI,eAAeJ,EAAG,IAAI,EAC1CK,EAAU,IAAI,IAChBC,EAAS,KAAK,IAAI,UAAU1B,EAAW,CACvC,WAAae,GAAUK,EAAG,WAAWL,CAAK,EAC1C,gBAAkBA,GAAUK,EAAG,UAAUL,CAAK,CAClD,CAAC,EACD,GAAKW,EAEL,OAAAA,EACK,GAAGC,GAAU,MAAOZ,GAAU,CAC/B,GAAI,KAAK,IAAI,OAAQ,CACjBW,EAAS,OACT,MACJ,CACA,IAAMlE,EAAOuD,EAAM,KACf7C,EAAe,QAAK8B,EAAWxC,CAAI,EAEvC,GADAiE,EAAQ,IAAIjE,CAAI,EACZ,EAAAuD,EAAM,MAAM,eAAe,GAC1B,MAAM,KAAK,eAAeA,EAAOf,EAAW9B,EAAMV,CAAI,GAG3D,IAAI,KAAK,IAAI,OAAQ,CACjBkE,EAAS,OACT,MACJ,EAIIlE,IAAS6D,GAAW,CAACA,GAAU,CAACG,EAAS,IAAIhE,CAAI,KACjD,KAAK,IAAI,gBAAgB,EAEzBU,EAAe,QAAK+C,EAAa,YAASA,EAAK/C,CAAI,CAAC,EACpD,KAAK,aAAaA,EAAMsC,EAAYY,EAAIE,EAAQ,CAAC,GAEzD,CAAC,EACI,GAAG9E,GAAG,MAAO,KAAK,iBAAiB,EACjC,IAAI,QAAQ,CAACoF,EAASC,IAAW,CACpC,GAAI,CAACH,EACD,OAAOG,EAAO,EAClBH,EAAO,KAAKI,GAAS,IAAM,CACvB,GAAI,KAAK,IAAI,OAAQ,CACjBJ,EAAS,OACT,MACJ,CACA,IAAMK,EAAeR,EAAYA,EAAU,MAAM,EAAI,GACrDK,EAAQ,MAAS,EAIjBJ,EACK,YAAY,EACZ,OAAQhE,GACFA,IAASwC,GAAa,CAACyB,EAAQ,IAAIjE,CAAI,CACjD,EACI,QAASA,GAAS,CACnB,KAAK,IAAI,QAAQwC,EAAWxC,CAAI,CACpC,CAAC,EACDkE,EAAS,OAELK,GACA,KAAK,YAAY/B,EAAW,GAAOoB,EAAIC,EAAQJ,EAAKK,EAAOC,CAAS,CAC5E,CAAC,CACL,CAAC,CACL,CAYA,MAAM,WAAWN,EAAKV,EAAOC,EAAYc,EAAOD,EAAQD,EAAIY,EAAU,CAClE,IAAMC,EAAY,KAAK,IAAI,eAAuB,WAAQhB,CAAG,CAAC,EACxDiB,EAAUD,EAAU,IAAY,YAAShB,CAAG,CAAC,EAC/C,EAAET,GAAc,KAAK,IAAI,QAAQ,gBAAkB,CAACa,GAAU,CAACa,GAC/D,KAAK,IAAI,MAAM1F,GAAG,QAASyE,EAAKV,CAAK,EAGzC0B,EAAU,IAAY,YAAShB,CAAG,CAAC,EACnC,KAAK,IAAI,eAAeA,CAAG,EAC3B,IAAIM,EACAnB,EACE+B,EAAS,KAAK,IAAI,QAAQ,MAChC,IAAKA,GAAU,MAAQb,GAASa,IAAW,CAAC,KAAK,IAAI,cAAc,IAAIH,CAAQ,EAAG,CAC9E,GAAI,CAACX,IACD,MAAM,KAAK,YAAYJ,EAAKT,EAAYY,EAAIC,EAAQJ,EAAKK,EAAOC,CAAS,EACrE,KAAK,IAAI,QACT,OAERnB,EAAS,KAAK,iBAAiBa,EAAK,CAACmB,EAAS7B,IAAU,CAEhDA,GAASA,EAAM,UAAY,GAE/B,KAAK,YAAY6B,EAAS,GAAOhB,EAAIC,EAAQJ,EAAKK,EAAOC,CAAS,CACtE,CAAC,CACL,CACA,OAAOnB,CACX,CAUA,MAAM,aAAalC,EAAMsC,EAAY6B,EAASf,EAAOD,EAAQ,CACzD,IAAMiB,EAAQ,KAAK,IAAI,WACvB,GAAI,KAAK,IAAI,WAAWpE,CAAI,GAAK,KAAK,IAAI,OACtC,OAAAoE,EAAM,EACC,GAEX,IAAMlB,EAAK,KAAK,IAAI,iBAAiBlD,CAAI,EACrCmE,IACAjB,EAAG,WAAcL,GAAUsB,EAAQ,WAAWtB,CAAK,EACnDK,EAAG,UAAaL,GAAUsB,EAAQ,UAAUtB,CAAK,GAGrD,GAAI,CACA,IAAMR,EAAQ,MAAM7D,GAAY0E,EAAG,UAAU,EAAEA,EAAG,SAAS,EAC3D,GAAI,KAAK,IAAI,OACT,OACJ,GAAI,KAAK,IAAI,WAAWA,EAAG,UAAWb,CAAK,EACvC,OAAA+B,EAAM,EACC,GAEX,IAAMC,EAAS,KAAK,IAAI,QAAQ,eAC5BnC,EACJ,GAAIG,EAAM,YAAY,EAAG,CACrB,IAAMiC,EAAkB,WAAQtE,CAAI,EAC9BuE,EAAaF,EAAS,QAAM,GAAApB,UAAWjD,CAAI,EAAIA,EAIrD,GAHI,KAAK,IAAI,SAEbkC,EAAS,MAAM,KAAK,WAAWgB,EAAG,UAAWb,EAAOC,EAAYc,EAAOD,EAAQD,EAAIqB,CAAU,EACzF,KAAK,IAAI,QACT,OAEAD,IAAYC,GAAcA,IAAe,QACzC,KAAK,IAAI,cAAc,IAAID,EAASC,CAAU,CAEtD,SACSlC,EAAM,eAAe,EAAG,CAC7B,IAAMkC,EAAaF,EAAS,QAAM,GAAApB,UAAWjD,CAAI,EAAIA,EACrD,GAAI,KAAK,IAAI,OACT,OACJ,IAAMwC,EAAiB,WAAQU,EAAG,SAAS,EAI3C,GAHA,KAAK,IAAI,eAAeV,CAAM,EAAE,IAAIU,EAAG,SAAS,EAChD,KAAK,IAAI,MAAM5E,GAAG,IAAK4E,EAAG,UAAWb,CAAK,EAC1CH,EAAS,MAAM,KAAK,WAAWM,EAAQH,EAAOC,EAAYc,EAAOpD,EAAMkD,EAAIqB,CAAU,EACjF,KAAK,IAAI,OACT,OAEAA,IAAe,QACf,KAAK,IAAI,cAAc,IAAY,WAAQvE,CAAI,EAAGuE,CAAU,CAEpE,MAEIrC,EAAS,KAAK,YAAYgB,EAAG,UAAWb,EAAOC,CAAU,EAE7D,OAAA8B,EAAM,EACFlC,GACA,KAAK,IAAI,eAAelC,EAAMkC,CAAM,EACjC,EACX,OACOxB,EAAO,CACV,GAAI,KAAK,IAAI,aAAaA,CAAK,EAC3B,OAAA0D,EAAM,EACCpE,CAEf,CACJ,CACJ,EF7mBA,IAAMwE,GAAQ,IACRC,GAAc,KACdC,GAAU,IACVC,GAAW,KACXC,GAAc,SACdC,GAAgB,MAChBC,GAAkB,OAClBC,GAAS,mCACTC,GAAc,WACpB,SAASC,GAAOC,EAAM,CAClB,OAAO,MAAM,QAAQA,CAAI,EAAIA,EAAO,CAACA,CAAI,CAC7C,CACA,IAAMC,GAAmBC,GAAY,OAAOA,GAAY,UAAYA,IAAY,MAAQ,EAAEA,aAAmB,QAC7G,SAASC,GAAcD,EAAS,CAC5B,OAAI,OAAOA,GAAY,WACZA,EACP,OAAOA,GAAY,SACXE,GAAWF,IAAYE,EAC/BF,aAAmB,OACXE,GAAWF,EAAQ,KAAKE,CAAM,EACtC,OAAOF,GAAY,UAAYA,IAAY,KACnCE,GAAW,CACf,GAAIF,EAAQ,OAASE,EACjB,MAAO,GACX,GAAIF,EAAQ,UAAW,CACnB,IAAMG,EAAmB,WAASH,EAAQ,KAAME,CAAM,EACtD,OAAKC,EAGE,CAACA,EAAS,WAAW,IAAI,GAAK,CAAS,aAAWA,CAAQ,EAFtD,EAGf,CACA,MAAO,EACX,EAEG,IAAM,EACjB,CACA,SAASC,GAAcC,EAAM,CACzB,GAAI,OAAOA,GAAS,SAChB,MAAM,IAAI,MAAM,iBAAiB,EACrCA,EAAe,YAAUA,CAAI,EAC7BA,EAAOA,EAAK,QAAQ,MAAO,GAAG,EAC9B,IAAIC,EAAU,GACVD,EAAK,WAAW,IAAI,IACpBC,EAAU,IACd,IAAMZ,EAAkB,OACxB,KAAOW,EAAK,MAAMX,CAAe,GAC7BW,EAAOA,EAAK,QAAQX,EAAiB,GAAG,EAC5C,OAAIY,IACAD,EAAO,IAAMA,GACVA,CACX,CACA,SAASE,GAAcC,EAAUC,EAAYC,EAAO,CAChD,IAAML,EAAOD,GAAcK,CAAU,EACrC,QAASE,EAAQ,EAAGA,EAAQH,EAAS,OAAQG,IAAS,CAClD,IAAMC,EAAUJ,EAASG,CAAK,EAC9B,GAAIC,EAAQP,EAAMK,CAAK,EACnB,MAAO,EAEf,CACA,MAAO,EACX,CACA,SAASG,GAASC,EAAUL,EAAY,CACpC,GAAIK,GAAY,KACZ,MAAM,IAAI,UAAU,kCAAkC,EAI1D,IAAMN,EADgBX,GAAOiB,CAAQ,EACN,IAAKd,GAAYC,GAAcD,CAAO,CAAC,EACtE,OAAIS,GAAc,KACP,CAACA,EAAYC,IACTH,GAAcC,EAAUC,EAAYC,CAAK,EAGjDH,GAAcC,EAAUC,CAAU,CAC7C,CACA,IAAMM,GAAcC,GAAW,CAC3B,IAAMC,EAAQpB,GAAOmB,CAAM,EAAE,KAAK,EAClC,GAAI,CAACC,EAAM,MAAOC,GAAM,OAAOA,IAAM1B,EAAW,EAC5C,MAAM,IAAI,UAAU,sCAAsCyB,CAAK,EAAE,EAErE,OAAOA,EAAM,IAAIE,EAAmB,CACxC,EAGMC,GAAUlB,GAAW,CACvB,IAAImB,EAAMnB,EAAO,QAAQT,GAAeL,EAAK,EACzCkB,EAAU,GAId,IAHIe,EAAI,WAAWhC,EAAW,IAC1BiB,EAAU,IAEPe,EAAI,MAAM3B,EAAe,GAC5B2B,EAAMA,EAAI,QAAQ3B,GAAiBN,EAAK,EAE5C,OAAIkB,IACAe,EAAMjC,GAAQiC,GAEXA,CACX,EAGMF,GAAuBd,GAASe,GAAe,YAAUA,GAAOf,CAAI,CAAC,CAAC,EAEtEiB,GAAmB,CAACC,EAAM,KAAQlB,GAChC,OAAOA,GAAS,SACTc,GAA4B,aAAWd,CAAI,EAAIA,EAAe,OAAKkB,EAAKlB,CAAI,CAAC,EAG7EA,EAGTmB,GAAkB,CAACnB,EAAMkB,IACf,aAAWlB,CAAI,EAChBA,EAEI,OAAKkB,EAAKlB,CAAI,EAE3BoB,GAAY,OAAO,OAAO,IAAI,GAAK,EAInCC,GAAN,KAAe,CACX,YAAYC,EAAKC,EAAe,CAC5B,KAAK,KAAOD,EACZ,KAAK,eAAiBC,EACtB,KAAK,MAAQ,IAAI,GACrB,CACA,IAAI9B,EAAM,CACN,GAAM,CAAE,MAAA+B,CAAM,EAAI,KACbA,GAED/B,IAASR,IAAWQ,IAASP,IAC7BsC,EAAM,IAAI/B,CAAI,CACtB,CACA,MAAM,OAAOA,EAAM,CACf,GAAM,CAAE,MAAA+B,CAAM,EAAI,KAIlB,GAHI,CAACA,IAELA,EAAM,OAAO/B,CAAI,EACb+B,EAAM,KAAO,GACb,OACJ,IAAMF,EAAM,KAAK,KACjB,GAAI,CACA,QAAM,YAAQA,CAAG,CACrB,MACY,CACJ,KAAK,gBACL,KAAK,eAAuB,UAAQA,CAAG,EAAW,WAASA,CAAG,CAAC,CAEvE,CACJ,CACA,IAAI7B,EAAM,CACN,GAAM,CAAE,MAAA+B,CAAM,EAAI,KAClB,GAAKA,EAEL,OAAOA,EAAM,IAAI/B,CAAI,CACzB,CACA,aAAc,CACV,GAAM,CAAE,MAAA+B,CAAM,EAAI,KAClB,OAAKA,EAEE,CAAC,GAAGA,EAAM,OAAO,CAAC,EADd,CAAC,CAEhB,CACA,SAAU,CACN,KAAK,MAAM,MAAM,EACjB,KAAK,KAAO,GACZ,KAAK,eAAiBC,GACtB,KAAK,MAAQL,GACb,OAAO,OAAO,IAAI,CACtB,CACJ,EACMM,GAAgB,OAChBC,GAAgB,QACTC,GAAN,KAAkB,CACrB,YAAY5B,EAAM6B,EAAQC,EAAK,CAC3B,KAAK,IAAMA,EACX,IAAMC,EAAY/B,EAClB,KAAK,KAAOA,EAAOA,EAAK,QAAQT,GAAa,EAAE,EAC/C,KAAK,UAAYwC,EACjB,KAAK,cAAwB,UAAQA,CAAS,EAC9C,KAAK,SAAW,CAAC,EACjB,KAAK,SAAS,QAASC,GAAU,CACzBA,EAAM,OAAS,GACfA,EAAM,IAAI,CAClB,CAAC,EACD,KAAK,eAAiBH,EACtB,KAAK,WAAaA,EAASH,GAAgBC,EAC/C,CACA,UAAUM,EAAO,CACb,OAAe,OAAK,KAAK,UAAmB,WAAS,KAAK,UAAWA,EAAM,QAAQ,CAAC,CACxF,CACA,WAAWA,EAAO,CACd,GAAM,CAAE,MAAA5B,CAAM,EAAI4B,EAClB,GAAI5B,GAASA,EAAM,eAAe,EAC9B,OAAO,KAAK,UAAU4B,CAAK,EAC/B,IAAMC,EAAe,KAAK,UAAUD,CAAK,EAEzC,OAAO,KAAK,IAAI,aAAaC,EAAc7B,CAAK,GAAK,KAAK,IAAI,oBAAoBA,CAAK,CAC3F,CACA,UAAU4B,EAAO,CACb,OAAO,KAAK,IAAI,aAAa,KAAK,UAAUA,CAAK,EAAGA,EAAM,KAAK,CACnE,CACJ,EASaE,GAAN,cAAwB,eAAa,CAExC,YAAYC,EAAQ,CAAC,EAAG,CACpB,MAAM,EACN,KAAK,OAAS,GACd,KAAK,SAAW,IAAI,IACpB,KAAK,cAAgB,IAAI,IACzB,KAAK,WAAa,IAAI,IACtB,KAAK,SAAW,IAAI,IACpB,KAAK,cAAgB,IAAI,IACzB,KAAK,SAAW,IAAI,IACpB,KAAK,eAAiB,IAAI,IAC1B,KAAK,gBAAkB,IAAI,IAC3B,KAAK,YAAc,EACnB,KAAK,cAAgB,GACrB,IAAMC,EAAMD,EAAM,iBACZE,EAAU,CAAE,mBAAoB,IAAM,aAAc,GAAI,EACxDC,EAAO,CAET,WAAY,GACZ,cAAe,GACf,uBAAwB,GACxB,SAAU,IACV,eAAgB,IAChB,eAAgB,GAChB,WAAY,GAEZ,OAAQ,GACR,GAAGH,EAEH,QAASA,EAAM,QAAU5C,GAAO4C,EAAM,OAAO,EAAI5C,GAAO,CAAC,CAAC,EAC1D,iBAAkB6C,IAAQ,GAAOC,EAAU,OAAOD,GAAQ,SAAW,CAAE,GAAGC,EAAS,GAAGD,CAAI,EAAI,EAClG,EAEIG,KACAD,EAAK,WAAa,IAElBA,EAAK,SAAW,SAChBA,EAAK,OAAS,CAACA,EAAK,YAIxB,IAAME,EAAU,QAAQ,IAAI,oBAC5B,GAAIA,IAAY,OAAW,CACvB,IAAMC,EAAWD,EAAQ,YAAY,EACjCC,IAAa,SAAWA,IAAa,IACrCH,EAAK,WAAa,GACbG,IAAa,QAAUA,IAAa,IACzCH,EAAK,WAAa,GAElBA,EAAK,WAAa,CAAC,CAACG,CAC5B,CACA,IAAMC,EAAc,QAAQ,IAAI,kBAC5BA,IACAJ,EAAK,SAAW,OAAO,SAASI,EAAa,EAAE,GAEnD,IAAIC,EAAa,EACjB,KAAK,WAAa,IAAM,CACpBA,IACIA,GAAc,KAAK,cACnB,KAAK,WAAanB,GAClB,KAAK,cAAgB,GAErB,QAAQ,SAAS,IAAM,KAAK,KAAKoB,GAAG,KAAK,CAAC,EAElD,EACA,KAAK,SAAW,IAAIC,IAAS,KAAK,KAAKD,GAAG,IAAK,GAAGC,CAAI,EACtD,KAAK,aAAe,KAAK,QAAQ,KAAK,IAAI,EAC1C,KAAK,QAAUP,EACf,KAAK,eAAiB,IAAIQ,GAAc,IAAI,EAE5C,OAAO,OAAOR,CAAI,CACtB,CACA,gBAAgB5C,EAAS,CACrB,GAAID,GAAgBC,CAAO,GAEvB,QAAWqD,KAAW,KAAK,cACvB,GAAItD,GAAgBsD,CAAO,GACvBA,EAAQ,OAASrD,EAAQ,MACzBqD,EAAQ,YAAcrD,EAAQ,UAC9B,OAIZ,KAAK,cAAc,IAAIA,CAAO,CAClC,CACA,mBAAmBA,EAAS,CAGxB,GAFA,KAAK,cAAc,OAAOA,CAAO,EAE7B,OAAOA,GAAY,SACnB,QAAWqD,KAAW,KAAK,cAInBtD,GAAgBsD,CAAO,GAAKA,EAAQ,OAASrD,GAC7C,KAAK,cAAc,OAAOqD,CAAO,CAIjD,CAMA,IAAIrC,EAAQsC,EAAUC,EAAW,CAC7B,GAAM,CAAE,IAAAhC,CAAI,EAAI,KAAK,QACrB,KAAK,OAAS,GACd,KAAK,cAAgB,OACrB,IAAIN,EAAQF,GAAWC,CAAM,EAC7B,OAAIO,IACAN,EAAQA,EAAM,IAAKZ,GACCmB,GAAgBnB,EAAMkB,CAAG,CAG5C,GAELN,EAAM,QAASZ,GAAS,CACpB,KAAK,mBAAmBA,CAAI,CAChC,CAAC,EACD,KAAK,aAAe,OACf,KAAK,cACN,KAAK,YAAc,GACvB,KAAK,aAAeY,EAAM,OAC1B,QAAQ,IAAIA,EAAM,IAAI,MAAOZ,GAAS,CAClC,IAAMmD,EAAM,MAAM,KAAK,eAAe,aAAanD,EAAM,CAACkD,EAAW,OAAW,EAAGD,CAAQ,EAC3F,OAAIE,GACA,KAAK,WAAW,EACbA,CACX,CAAC,CAAC,EAAE,KAAMC,GAAY,CACd,KAAK,QAETA,EAAQ,QAAS3D,GAAS,CAClBA,GACA,KAAK,IAAY,UAAQA,CAAI,EAAW,WAASwD,GAAYxD,CAAI,CAAC,CAC1E,CAAC,CACL,CAAC,EACM,IACX,CAIA,QAAQkB,EAAQ,CACZ,GAAI,KAAK,OACL,OAAO,KACX,IAAMC,EAAQF,GAAWC,CAAM,EACzB,CAAE,IAAAO,CAAI,EAAI,KAAK,QACrB,OAAAN,EAAM,QAASZ,GAAS,CAEhB,CAAS,aAAWA,CAAI,GAAK,CAAC,KAAK,SAAS,IAAIA,CAAI,IAChDkB,IACAlB,EAAe,OAAKkB,EAAKlB,CAAI,GACjCA,EAAe,UAAQA,CAAI,GAE/B,KAAK,WAAWA,CAAI,EACpB,KAAK,gBAAgBA,CAAI,EACrB,KAAK,SAAS,IAAIA,CAAI,GACtB,KAAK,gBAAgB,CACjB,KAAAA,EACA,UAAW,EACf,CAAC,EAIL,KAAK,aAAe,MACxB,CAAC,EACM,IACX,CAIA,OAAQ,CACJ,GAAI,KAAK,cACL,OAAO,KAAK,cAEhB,KAAK,OAAS,GAEd,KAAK,mBAAmB,EACxB,IAAMqD,EAAU,CAAC,EACjB,YAAK,SAAS,QAASC,GAAeA,EAAW,QAASC,GAAW,CACjE,IAAMC,EAAUD,EAAO,EACnBC,aAAmB,SACnBH,EAAQ,KAAKG,CAAO,CAC5B,CAAC,CAAC,EACF,KAAK,SAAS,QAASC,GAAWA,EAAO,QAAQ,CAAC,EAClD,KAAK,aAAe,OACpB,KAAK,YAAc,EACnB,KAAK,cAAgB,GACrB,KAAK,SAAS,QAASC,GAAWA,EAAO,QAAQ,CAAC,EAClD,KAAK,SAAS,MAAM,EACpB,KAAK,SAAS,MAAM,EACpB,KAAK,SAAS,MAAM,EACpB,KAAK,cAAc,MAAM,EACzB,KAAK,WAAW,MAAM,EACtB,KAAK,cAAgBL,EAAQ,OACvB,QAAQ,IAAIA,CAAO,EAAE,KAAK,IAAG,EAAY,EACzC,QAAQ,QAAQ,EACf,KAAK,aAChB,CAKA,YAAa,CACT,IAAMM,EAAY,CAAC,EACnB,YAAK,SAAS,QAAQ,CAAC1B,EAAOX,IAAQ,CAElC,IAAMhB,GADM,KAAK,QAAQ,IAAc,WAAS,KAAK,QAAQ,IAAKgB,CAAG,EAAIA,IACpDrC,GACrB0E,EAAUrD,CAAK,EAAI2B,EAAM,YAAY,EAAE,KAAK,CAChD,CAAC,EACM0B,CACX,CACA,YAAYC,EAAOd,EAAM,CACrB,KAAK,KAAKc,EAAO,GAAGd,CAAI,EACpBc,IAAUf,GAAG,OACb,KAAK,KAAKA,GAAG,IAAKe,EAAO,GAAGd,CAAI,CACxC,CAWA,MAAM,MAAMc,EAAO5D,EAAMK,EAAO,CAC5B,GAAI,KAAK,OACL,OACJ,IAAMkC,EAAO,KAAK,QACdsB,KACA7D,EAAe,YAAUA,CAAI,GAC7BuC,EAAK,MACLvC,EAAe,WAASuC,EAAK,IAAKvC,CAAI,GAC1C,IAAM8C,EAAO,CAAC9C,CAAI,EACdK,GAAS,MACTyC,EAAK,KAAKzC,CAAK,EACnB,IAAMgC,EAAME,EAAK,iBACbuB,EACJ,GAAIzB,IAAQyB,EAAK,KAAK,eAAe,IAAI9D,CAAI,GACzC,OAAA8D,EAAG,WAAa,IAAI,KACb,KAEX,GAAIvB,EAAK,OAAQ,CACb,GAAIqB,IAAUf,GAAG,OACb,YAAK,gBAAgB,IAAI7C,EAAM,CAAC4D,EAAO,GAAGd,CAAI,CAAC,EAC/C,WAAW,IAAM,CACb,KAAK,gBAAgB,QAAQ,CAACb,EAAOjC,IAAS,CAC1C,KAAK,KAAK,GAAGiC,CAAK,EAClB,KAAK,KAAKY,GAAG,IAAK,GAAGZ,CAAK,EAC1B,KAAK,gBAAgB,OAAOjC,CAAI,CACpC,CAAC,CACL,EAAG,OAAOuC,EAAK,QAAW,SAAWA,EAAK,OAAS,GAAG,EAC/C,KAEPqB,IAAUf,GAAG,KAAO,KAAK,gBAAgB,IAAI7C,CAAI,IACjD4D,EAAQf,GAAG,OACX,KAAK,gBAAgB,OAAO7C,CAAI,EAExC,CACA,GAAIqC,IAAQuB,IAAUf,GAAG,KAAOe,IAAUf,GAAG,SAAW,KAAK,cAAe,CACxE,IAAMkB,EAAU,CAACC,EAAK3D,IAAU,CACxB2D,GACAJ,EAAQf,GAAG,MACXC,EAAK,CAAC,EAAIkB,EACV,KAAK,YAAYJ,EAAOd,CAAI,GAEvBzC,IAEDyC,EAAK,OAAS,EACdA,EAAK,CAAC,EAAIzC,EAGVyC,EAAK,KAAKzC,CAAK,EAEnB,KAAK,YAAYuD,EAAOd,CAAI,EAEpC,EACA,YAAK,kBAAkB9C,EAAMqC,EAAI,mBAAoBuB,EAAOG,CAAO,EAC5D,IACX,CACA,GAAIH,IAAUf,GAAG,QACO,CAAC,KAAK,UAAUA,GAAG,OAAQ7C,EAAM,EAAE,EAEnD,OAAO,KAEf,GAAIuC,EAAK,YACLlC,IAAU,SACTuD,IAAUf,GAAG,KAAOe,IAAUf,GAAG,SAAWe,IAAUf,GAAG,QAAS,CACnE,IAAMoB,EAAW1B,EAAK,IAAc,OAAKA,EAAK,IAAKvC,CAAI,EAAIA,EACvDK,EACJ,GAAI,CACAA,EAAQ,QAAM,SAAK4D,CAAQ,CAC/B,MACY,CAEZ,CAEA,GAAI,CAAC5D,GAAS,KAAK,OACf,OACJyC,EAAK,KAAKzC,CAAK,CACnB,CACA,YAAK,YAAYuD,EAAOd,CAAI,EACrB,IACX,CAKA,aAAaoB,EAAO,CAChB,IAAMC,EAAOD,GAASA,EAAM,KAC5B,OAAIA,GACAC,IAAS,UACTA,IAAS,YACR,CAAC,KAAK,QAAQ,wBAA2BA,IAAS,SAAWA,IAAS,WACvE,KAAK,KAAKtB,GAAG,MAAOqB,CAAK,EAEtBA,GAAS,KAAK,MACzB,CAQA,UAAUE,EAAYpE,EAAMqE,EAAS,CAC5B,KAAK,WAAW,IAAID,CAAU,GAC/B,KAAK,WAAW,IAAIA,EAAY,IAAI,GAAK,EAE7C,IAAME,EAAS,KAAK,WAAW,IAAIF,CAAU,EAC7C,GAAI,CAACE,EACD,MAAM,IAAI,MAAM,kBAAkB,EACtC,IAAMC,EAAaD,EAAO,IAAItE,CAAI,EAClC,GAAIuE,EACA,OAAAA,EAAW,QACJ,GAGX,IAAIC,EACEC,EAAQ,IAAM,CAChB,IAAMhF,EAAO6E,EAAO,IAAItE,CAAI,EACtB0E,EAAQjF,EAAOA,EAAK,MAAQ,EAClC,OAAA6E,EAAO,OAAOtE,CAAI,EAClB,aAAawE,CAAa,EACtB/E,GACA,aAAaA,EAAK,aAAa,EAC5BiF,CACX,EACAF,EAAgB,WAAWC,EAAOJ,CAAO,EACzC,IAAMM,EAAM,CAAE,cAAAH,EAAe,MAAAC,EAAO,MAAO,CAAE,EAC7C,OAAAH,EAAO,IAAItE,EAAM2E,CAAG,EACbA,CACX,CACA,iBAAkB,CACd,OAAO,KAAK,aAChB,CASA,kBAAkB3E,EAAM4E,EAAWhB,EAAOG,EAAS,CAC/C,IAAM1B,EAAM,KAAK,QAAQ,iBACzB,GAAI,OAAOA,GAAQ,SACf,OACJ,IAAMwC,EAAexC,EAAI,aACrByC,EACAb,EAAWjE,EACX,KAAK,QAAQ,KAAO,CAAS,aAAWA,CAAI,IAC5CiE,EAAmB,OAAK,KAAK,QAAQ,IAAKjE,CAAI,GAElD,IAAM+E,EAAM,IAAI,KACVC,EAAS,KAAK,eACpB,SAASC,EAAmBC,EAAU,IAClC,GAAAC,MAAOlB,EAAU,CAACD,EAAKoB,IAAY,CAC/B,GAAIpB,GAAO,CAACgB,EAAO,IAAIhF,CAAI,EAAG,CACtBgE,GAAOA,EAAI,OAAS,UACpBD,EAAQC,CAAG,EACf,MACJ,CACA,IAAMe,EAAM,OAAO,IAAI,IAAM,EACzBG,GAAYE,EAAQ,OAASF,EAAS,OACtCF,EAAO,IAAIhF,CAAI,EAAE,WAAa+E,GAElC,IAAMjB,EAAKkB,EAAO,IAAIhF,CAAI,EACf+E,EAAMjB,EAAG,YACVc,GACNI,EAAO,OAAOhF,CAAI,EAClB+D,EAAQ,OAAWqB,CAAO,GAG1BN,EAAiB,WAAWG,EAAoBJ,EAAcO,CAAO,CAE7E,CAAC,CACL,CACKJ,EAAO,IAAIhF,CAAI,IAChBgF,EAAO,IAAIhF,EAAM,CACb,WAAY+E,EACZ,WAAY,KACRC,EAAO,OAAOhF,CAAI,EAClB,aAAa8E,CAAc,EACpBlB,EAEf,CAAC,EACDkB,EAAiB,WAAWG,EAAoBJ,CAAY,EAEpE,CAIA,WAAW7E,EAAMK,EAAO,CACpB,GAAI,KAAK,QAAQ,QAAUf,GAAO,KAAKU,CAAI,EACvC,MAAO,GACX,GAAI,CAAC,KAAK,aAAc,CACpB,GAAM,CAAE,IAAAkB,CAAI,EAAI,KAAK,QAEf8B,GADM,KAAK,QAAQ,SACD,CAAC,GAAG,IAAI/B,GAAiBC,CAAG,CAAC,EAE/CmE,EAAO,CAAC,GADO,CAAC,GAAG,KAAK,aAAa,EACb,IAAIpE,GAAiBC,CAAG,CAAC,EAAG,GAAG8B,CAAO,EACpE,KAAK,aAAexC,GAAS6E,EAAM,MAAS,CAChD,CACA,OAAO,KAAK,aAAarF,EAAMK,CAAK,CACxC,CACA,aAAaL,EAAMsF,EAAM,CACrB,MAAO,CAAC,KAAK,WAAWtF,EAAMsF,CAAI,CACtC,CAKA,iBAAiBtF,EAAM,CACnB,OAAO,IAAI4B,GAAY5B,EAAM,KAAK,QAAQ,eAAgB,IAAI,CAClE,CAOA,eAAeuF,EAAW,CACtB,IAAMjE,EAAc,UAAQiE,CAAS,EACrC,OAAK,KAAK,SAAS,IAAIjE,CAAG,GACtB,KAAK,SAAS,IAAIA,EAAK,IAAID,GAASC,EAAK,KAAK,YAAY,CAAC,EACxD,KAAK,SAAS,IAAIA,CAAG,CAChC,CAMA,oBAAoBjB,EAAO,CACvB,OAAI,KAAK,QAAQ,uBACN,GACJ,GAAQ,OAAOA,EAAM,IAAI,EAAI,IACxC,CAQA,QAAQkF,EAAW9F,EAAM+F,EAAa,CAIlC,IAAMxF,EAAe,OAAKuF,EAAW9F,CAAI,EACnCwE,EAAmB,UAAQjE,CAAI,EAKrC,GAJAwF,EACIA,IAAoC,KAAK,SAAS,IAAIxF,CAAI,GAAK,KAAK,SAAS,IAAIiE,CAAQ,GAGzF,CAAC,KAAK,UAAU,SAAUjE,EAAM,GAAG,EACnC,OAEA,CAACwF,GAAe,KAAK,SAAS,OAAS,GACvC,KAAK,IAAID,EAAW9F,EAAM,EAAI,EAIvB,KAAK,eAAeO,CAAI,EACA,YAAY,EAEvB,QAASyF,GAAW,KAAK,QAAQzF,EAAMyF,CAAM,CAAC,EAEtE,IAAMC,EAAS,KAAK,eAAeH,CAAS,EACtCI,EAAaD,EAAO,IAAIjG,CAAI,EAClCiG,EAAO,OAAOjG,CAAI,EAMd,KAAK,cAAc,IAAIwE,CAAQ,GAC/B,KAAK,cAAc,OAAOA,CAAQ,EAGtC,IAAI2B,EAAU5F,EAGd,GAFI,KAAK,QAAQ,MACb4F,EAAkB,WAAS,KAAK,QAAQ,IAAK5F,CAAI,GACjD,KAAK,QAAQ,kBAAoB,KAAK,eAAe,IAAI4F,CAAO,GAClD,KAAK,eAAe,IAAIA,CAAO,EAAE,WAAW,IAC5C/C,GAAG,IACb,OAIR,KAAK,SAAS,OAAO7C,CAAI,EACzB,KAAK,SAAS,OAAOiE,CAAQ,EAC7B,IAAM4B,EAAYL,EAAc3C,GAAG,WAAaA,GAAG,OAC/C8C,GAAc,CAAC,KAAK,WAAW3F,CAAI,GACnC,KAAK,MAAM6F,EAAW7F,CAAI,EAE9B,KAAK,WAAWA,CAAI,CACxB,CAIA,WAAWA,EAAM,CACb,KAAK,WAAWA,CAAI,EACpB,IAAMsB,EAAc,UAAQtB,CAAI,EAChC,KAAK,eAAesB,CAAG,EAAE,OAAe,WAAStB,CAAI,CAAC,CAC1D,CAIA,WAAWA,EAAM,CACb,IAAMqD,EAAU,KAAK,SAAS,IAAIrD,CAAI,EACjCqD,IAELA,EAAQ,QAASE,GAAWA,EAAO,CAAC,EACpC,KAAK,SAAS,OAAOvD,CAAI,EAC7B,CACA,eAAeA,EAAMuD,EAAQ,CACzB,GAAI,CAACA,EACD,OACJ,IAAI8B,EAAO,KAAK,SAAS,IAAIrF,CAAI,EAC5BqF,IACDA,EAAO,CAAC,EACR,KAAK,SAAS,IAAIrF,EAAMqF,CAAI,GAEhCA,EAAK,KAAK9B,CAAM,CACpB,CACA,UAAUuC,EAAMvD,EAAM,CAClB,GAAI,KAAK,OACL,OACJ,IAAMwD,EAAU,CAAE,KAAMlD,GAAG,IAAK,WAAY,GAAM,MAAO,GAAM,GAAGN,EAAM,MAAO,CAAE,EAC7EkB,EAASuC,GAASF,EAAMC,CAAO,EACnC,YAAK,SAAS,IAAItC,CAAM,EACxBA,EAAO,KAAKwC,GAAW,IAAM,CACzBxC,EAAS,MACb,CAAC,EACDA,EAAO,KAAKyC,GAAS,IAAM,CACnBzC,IACA,KAAK,SAAS,OAAOA,CAAM,EAC3BA,EAAS,OAEjB,CAAC,EACMA,CACX,CACJ,EAUO,SAAS0C,GAAMvF,EAAOmF,EAAU,CAAC,EAAG,CACvC,IAAMK,EAAU,IAAIjE,GAAU4D,CAAO,EACrC,OAAAK,EAAQ,IAAIxF,CAAK,EACVwF,CACX,CDhxBO,SAASC,GAAYC,EAAmBC,EAAwB,CAAC,EAAG,CAEzE,IAAMC,EAAaD,EAAQ,YAAc,GACnCE,EAAqB,IAAI,IAE/B,SAASC,EACPC,EACAC,EACkC,CAClC,MAAO,IAAIC,IAAwB,CAEjC,IAAMC,EAAkBL,EAAmB,IAAIG,CAAQ,EACnDE,GACF,aAAaA,CAAe,EAI9B,IAAMC,EAAY,WAAW,IAAM,CACjCJ,EAAG,GAAGE,CAAI,EACVJ,EAAmB,OAAOG,CAAQ,CACpC,EAAGJ,CAAU,EAEbC,EAAmB,IAAIG,EAAUG,CAAS,CAC5C,CACF,CAEA,IAAMC,EAAe,IAAI,IAGzB,eAAeC,GAAoB,CACjC,GAAI,CACF,IAAMC,EAAQ,MAAMC,GAAeb,EAAW,CAC5C,OAAQC,EAAQ,MAClB,CAAC,EAED,QAAWK,KAAYM,EACrB,MAAME,EAAcR,CAAQ,CAEhC,OAASS,EAAO,CACdC,EAAYD,CAAK,CACnB,CACF,CAGA,eAAeD,EAAcR,EAAkB,CAC7C,GAAI,CACF,IAAMW,EAAiBP,EAAa,IAAIJ,CAAQ,EAG1CY,EAAY,MAAMC,GAAmBb,EAAUN,EAAW,EAAK,EAOrE,GALI,CAACkB,GAAaA,EAAU,SAAW,GAKnCD,GAAkB,CAACG,GAAuBd,EAAUY,CAAS,EAC/D,OAIF,MAAMC,GAAmBb,EAAUN,EAAW,EAAI,EAElD,IAAMqB,EAAsB,aAAUf,CAAQ,EAE1CW,GACFP,EAAa,IAAIJ,EAAUY,CAAS,EAChCjB,EAAQ,gBACVA,EAAQ,eAAeoB,EAAgBH,CAAS,IAGlDR,EAAa,IAAIJ,EAAUY,CAAS,EAChCjB,EAAQ,cACVA,EAAQ,aAAaoB,EAAgBH,CAAS,EAGpD,OAASH,EAAO,CACd,QAAQ,IAAI,sCAA4BT,CAAQ,IAAKS,CAAK,EAC1DC,EAAYD,CAAK,CACnB,CACF,CAGA,SAASO,EAAchB,EAAkB,CACvC,IAAMe,EAAsB,aAAUf,CAAQ,EACxCiB,EAASb,EAAa,IAAIW,CAAc,EAE1CE,GAAUA,EAAO,OAAS,GAAKtB,EAAQ,gBACzCA,EAAQ,eAAeoB,EAAgBE,CAAM,EAG/Cb,EAAa,OAAOW,CAAc,CACpC,CAGA,SAASL,EAAYD,EAAgB,CAC/Bd,EAAQ,SAAWc,aAAiB,MACtCd,EAAQ,QAAQc,CAAK,EAErB,QAAQ,MAAM,oCAA2BA,CAAK,CAElD,CAIA,IAAMS,EAAUC,GAAMzB,EAAW,CAE/B,iBAAkB,CAChB,mBAAoB,GACpB,aAAc,EAChB,EAGA,WAAY,GACZ,OAAQ,GACR,eAAgB,GAChB,MAAO,GAGP,QAAS,CACP,eACA,eACA,QACA,aACA,aACA,0BACA,WACA,SACA,KACA,GAAIC,EAAQ,QAAU,CAAC,CACzB,CACF,CAAC,EAGD,OAAAuB,EACG,GAAG,MAAOlB,GAAY,CACCF,EAAwBU,EAAeR,CAAQ,EACvDA,CAAQ,CACxB,CAAC,EACA,GAAG,SAAUA,GAAY,CACFF,EAAwBU,EAAeR,CAAQ,EAGvDA,CAAQ,CACxB,CAAC,EACA,GAAG,SAAUA,GAAY,CACAF,EAAwBkB,EAAehB,CAAQ,EACvDA,CAAQ,CAC1B,CAAC,EACA,GAAG,QAASU,CAAW,EAG1BL,EAAkB,EAAE,MAAMK,CAAW,EAG9B,CACL,MAAO,KAELb,EAAmB,QAAQuB,GAAW,aAAaA,CAAO,CAAC,EAC3DvB,EAAmB,MAAM,EAElBqB,EAAQ,MAAM,GAEvB,UAAW,IAAM,CACf,IAAMG,EAAqB,CAAC,EAC5B,QAAWJ,KAAUb,EAAa,OAAO,EACvCiB,EAAU,KAAK,GAAGJ,CAAM,EAE1B,OAAOI,CACT,EACA,gBAAiB,IAAM,IAAI,IAAIjB,CAAY,CAC7C,CACF,CIxLA,IAAAkB,GAAkB,eCAlB,IAAAC,GAAkB,eAKX,SAASC,GAAgBC,EAAeC,EAAyB,CACtE,OAAIA,aAAkB,KAAE,UACfA,EAAO,OAAO,EAAE,MAAMD,CAAI,EAG5BC,EAAO,MAAMD,CAAI,CAC1B,CCXA,IAAAE,GAAkB,eAKX,SAASC,GACdC,EACAC,EACG,CACH,OAAIA,aAAkB,KAAE,UAEfA,EAAO,OAAO,EAAE,MAAMD,CAAM,EAG9BC,EAAO,MAAMD,CAAM,CAC5B,CCfA,IAAAE,GAAkB,eAKX,SAASC,GACdC,EACAC,EACG,CACH,OAAIA,aAAkB,KAAE,UAEfA,EAAO,OAAO,EAAE,MAAMD,CAAK,EAG7BC,EAAO,MAAMD,CAAK,CAC3B,CCfA,IAAAE,GAAkB,eAKX,SAASC,GACdC,EACAC,EACG,CACH,OAAIA,aAAkB,KAAE,UACfA,EAAO,OAAO,EAAE,MAAMD,CAAQ,EAGhCC,EAAO,MAAMD,CAAQ,CAC9B,CJRAE,KACAC,KASO,SAASC,GAAuBC,EAAqBC,EAAiB,GAAmB,CAqD9F,MAAO,CACL,KAAM,mBACN,QAtDuC,MAAOC,EAAcC,IAAuB,CAEnF,GAAIH,EAAO,QAAUE,EAAI,QAAQ,OAC/B,GAAI,CACFA,EAAI,QAAQ,OAASE,GAAeF,EAAI,QAAQ,OAAQF,EAAO,MAAM,CACvE,OAASK,EAAO,CACd,IAAMC,EAAcC,GAAsBF,CAAK,EACzCG,EAAaF,EAAY,OAAO,CAACG,EAAKC,IAAOD,EAAMC,EAAG,SAAS,OAAQ,CAAC,EAE9E,MAAM,IAAIC,GAAgB,4BAA6B,CACrD,OAAQL,EACR,WAAAE,EACA,QAAS,QACX,CAAC,CACH,CAIF,GAAIR,EAAO,OAASE,EAAI,QAAQ,MAC9B,GAAI,CACFA,EAAI,QAAQ,MAAQU,GAAcV,EAAI,QAAQ,MAAOF,EAAO,KAAK,CACnE,OAASK,EAAO,CACd,IAAMC,EAAcC,GAAsBF,CAAK,EACzCG,EAAaF,EAAY,OAAO,CAACG,EAAKC,IAAOD,EAAMC,EAAG,SAAS,OAAQ,CAAC,EAE9E,MAAM,IAAIC,GAAgB,4BAA6B,CACrD,OAAQL,EACR,WAAAE,EACA,QAAS,OACX,CAAC,CACH,CAIF,GAAIR,EAAO,KACT,GAAI,CACFE,EAAI,QAAQ,KAAOW,GAAaX,EAAI,QAAQ,KAAMF,EAAO,IAAI,CAC/D,OAASK,EAAO,CACd,IAAMC,EAAcC,GAAsBF,CAAK,EACzCG,EAAaF,EAAY,OAAO,CAACG,EAAKC,IAAOD,EAAMC,EAAG,SAAS,OAAQ,CAAC,EAE9E,MAAM,IAAIC,GAAgB,4BAA6B,CACrD,OAAQL,EACR,WAAAE,EACA,QAAS,MACX,CAAC,CACH,CAGF,MAAML,EAAK,CACb,EAKE,MAAAF,CACF,CACF,CAKO,SAASa,GACdC,EACAd,EAAiB,GACL,CA+BZ,MAAO,CACL,KAAM,oBACN,QAhCuC,MAAOC,EAAKC,IAAS,CAE5D,IAAMa,EAAed,EAAI,SAAS,KAGlCA,EAAI,SAAS,KAAO,CAACe,EAAeC,IAAoB,CACtD,GAAI,CAEF,IAAMC,EAAgBC,GAAiBH,EAAMF,CAAc,EAG3D,OAAAb,EAAI,SAAS,KAAOc,EAGbA,EAAa,KAAKd,EAAI,SAAUiB,EAAeD,CAAM,CAC9D,OAASb,EAAO,CAEd,MAAAH,EAAI,SAAS,KAAOc,EAEd,IAAIK,GAAoB,6BAA8B,CAC1D,eAAgBN,EAAe,aAAe,iBAC9C,gBAAiBR,GAAsBF,CAAK,EAC5C,iBAAkBY,CACpB,CAAC,CACH,CACF,EAEA,MAAMd,EAAK,CACb,EAKE,MAAAF,CACF,CACF,CAqBA,SAASM,GAAsBF,EAAyD,CACtF,GAAIA,aAAiB,KAAE,SAAU,CAE/B,IAAMiB,EAAgB,IAAI,IAE1B,QAAWC,KAASlB,EAAM,OAAQ,CAEhC,IAAMmB,EAAYD,EAAM,KAAK,OAAS,EAAIA,EAAM,KAAK,KAAK,GAAG,EAAI,OAE5DD,EAAc,IAAIE,CAAS,GAC9BF,EAAc,IAAIE,EAAW,CAAC,CAAC,EAEjCF,EAAc,IAAIE,CAAS,EAAG,KAAKD,EAAM,OAAO,CAClD,CAGA,OAAO,MAAM,KAAKD,EAAc,QAAQ,CAAC,EAAE,IAAI,CAAC,CAACG,EAAOC,CAAQ,KAAO,CACrE,MAAAD,EACA,SAAAC,CACF,EAAE,CACJ,CAEA,OAAIrB,aAAiB,MACZ,CAAC,CAAE,MAAO,UAAW,SAAU,CAACA,EAAM,OAAO,CAAE,CAAC,EAGlD,CAAC,CAAE,MAAO,UAAW,SAAU,CAAC,OAAOA,CAAK,CAAC,CAAE,CAAC,CACzD,CK7JA,eAAsBsB,GACpBC,EACAC,EACAC,EACe,CAEf,IAAMC,EAAa,CAAC,GAAIF,EAAa,YAAc,CAAC,CAAE,EAGlDA,EAAa,UACXA,EAAa,OAAO,QAAUA,EAAa,OAAO,OAASA,EAAa,OAAO,OACjFE,EAAW,QAAQC,GAAuBH,EAAa,MAAM,CAAC,EAG5DA,EAAa,OAAO,UACtBE,EAAW,KAAKE,GAAwBJ,EAAa,OAAO,QAAQ,CAAC,GAQzE,MAHgBK,GAAQ,CAAC,GAAGH,CAAU,CAAC,EAGzBH,EAAK,SAAY,CAE7B,IAAMO,EAAS,MAAMN,EAAa,QAAQD,EAAKE,CAAM,EAGjD,CAACF,EAAI,SAAS,MAAQO,IAAW,QACnCP,EAAI,SAAS,KAAKO,CAAM,CAE5B,CAAC,CACH,CCtCO,SAASC,GACdC,EACAC,EACAC,EACwB,CACxB,IAAMC,EAAQF,EAAQ,KAAKD,CAAI,EAC/B,GAAI,CAACG,EACH,MAAO,CAAC,EAGV,IAAMC,EAAiC,CAAC,EAGxC,QAAS,EAAI,EAAG,EAAIF,EAAW,OAAQ,IAErCE,EAAOF,EAAW,CAAC,CAAE,EAAIC,EAAM,EAAI,CAAC,GAAK,GAG3C,OAAOC,CACT,CAKO,SAASC,GAAmBL,EAAyD,CAC1F,IAAME,EAAuB,CAAC,EAG9B,GAAIF,IAAS,IACX,MAAO,CACL,QAAS,OACT,WAAY,CAAC,CACf,EAIF,IAAIM,EAAgBN,EAAK,QAAQ,qBAAsB,MAAM,EAG7D,OAAAM,EAAgBA,EAEb,QAAQ,cAAe,CAACC,EAAGC,KAC1BN,EAAW,KAAKM,CAAS,EAClB,WACR,EAEA,QAAQ,kBAAmB,CAACD,EAAGC,KAC9BN,EAAW,KAAKM,CAAS,EAClB,WACR,EAIHF,EAAgB,GAAGA,CAAa,SAOzB,CACL,QAHc,IAAI,OAAO,IAAIA,CAAa,GAAG,EAI7C,WAAAJ,CACF,CACF,CCrDO,SAASO,IAAyB,CAEvC,IAAMC,EAAuB,CAAC,EAE9B,MAAO,CAIL,IAAIC,EAAcC,EAAoBC,EAAkC,CACtE,GAAM,CAAE,QAAAC,EAAS,WAAAC,CAAW,EAAIC,GAAmBL,CAAI,EAEjDM,EAAuB,CAC3B,KAAAN,EACA,OAAAC,EACA,QAAAE,EACA,WAAAC,EACA,aAAAF,CACF,EAGMK,EAAcR,EAAO,UAAUS,GAASJ,EAAW,OAASI,EAAM,WAAW,MAAM,EAGrFD,IAAgB,GAClBR,EAAO,KAAKO,CAAQ,EAEpBP,EAAO,OAAOQ,EAAa,EAAGD,CAAQ,CAE1C,EAKA,OAAON,EAAc,CAEnB,QAASS,EAAIV,EAAO,OAAS,EAAGU,GAAK,EAAGA,IACjCV,EAAOU,CAAC,EAAY,OAAST,GAChCD,EAAO,OAAOU,EAAG,CAAC,CAGxB,EAKA,OAAQ,CACNV,EAAO,OAAS,CAClB,EAKA,MAAMC,EAAcC,EAAuC,CAEzD,IAAMS,EAAWV,EAAK,MAAM,GAAG,EAAE,CAAC,EAClC,GAAI,CAACU,EAAU,OAAO,KAEtB,QAAWF,KAAST,EAAQ,CAE1B,GAAIS,EAAM,SAAWP,EAAQ,SAI7B,GADcO,EAAM,QAAQ,KAAKE,CAAQ,EAC9B,CAET,IAAMC,EAASC,GAAcZ,EAAMQ,EAAM,QAASA,EAAM,UAAU,EAElE,MAAO,CACL,MAAOA,EAAM,aACb,OAAAG,CACF,CACF,CACF,CAQA,OAJqBZ,EAAO,KAC1BS,GAASA,EAAM,SAAWP,GAAUO,EAAM,QAAQ,KAAKR,CAAI,CAC7D,EAIS,CACL,MAAO,KACP,OAAQ,CAAC,EACT,iBAAkB,GAClB,eAAgBD,EACb,OAAOS,GAASA,EAAM,QAAQ,KAAKR,CAAI,CAAC,EACxC,IAAIQ,GAASA,EAAM,MAAM,CAC9B,EAGK,IACT,EAKA,WAAoD,CAClD,OAAOT,EAAO,IAAIS,IAAU,CAC1B,KAAMA,EAAM,KACZ,OAAQA,EAAM,MAChB,EAAE,CACJ,EAKA,WACER,EACwE,CACxE,OAAOD,EACJ,OAAOS,GAASA,EAAM,QAAQ,KAAKR,CAAI,CAAC,EACxC,IAAIQ,IAAU,CACb,KAAMA,EAAM,KACZ,OAAQA,EAAM,OACd,OAAQI,GAAcZ,EAAMQ,EAAM,QAASA,EAAM,UAAU,CAC7D,EAAE,CACN,CACF,CACF,CCpIO,SAASK,IAAqC,CACnD,MAAO,CACL,aAAc,IAAI,IAClB,aAAc,IAAI,IAClB,WAAY,IAAI,GAClB,CACF,CAEO,SAASC,GACdC,EACAC,EACAC,EACyD,CACzD,QAAQ,IAAI,8BAA8BD,CAAQ,EAAE,EACpD,IAAME,EAAWH,EAAS,aAAa,IAAIC,CAAQ,GAAK,IAAI,IACtDG,EAAW,IAAI,IAAIF,EAAU,IAAIG,GAAKA,EAAE,IAAI,CAAC,EAG7CC,EAAQJ,EAAU,OAAOG,GAAK,CAACF,EAAS,IAAIE,EAAE,IAAI,CAAC,EACnDE,EAAU,MAAM,KAAKJ,CAAQ,EAAE,OAAOK,GAAK,CAACJ,EAAS,IAAII,CAAC,CAAC,EAI3DC,EAHqBP,EAAU,OAAOG,GAAKF,EAAS,IAAIE,EAAE,IAAI,CAAC,EAGlC,OAAOK,GAAS,CACjD,IAAMC,EAAgBX,EAAS,aAAa,IAAIU,EAAM,IAAI,EAC1D,MAAO,CAACC,GAAiB,CAACC,GAAYD,EAAeD,CAAK,CAC5D,CAAC,EAGD,OAAAG,GAAkBb,EAAUC,EAAU,CAAE,MAAAK,EAAO,QAAAC,EAAS,QAAAE,CAAQ,CAAC,EAE1D,CAAE,MAAAH,EAAO,QAAAC,EAAS,QAAAE,CAAQ,CACnC,CAMO,SAASK,GAAyBC,EAAkC,CACzE,OAAO,MAAM,KAAKA,EAAS,aAAa,OAAO,CAAC,CAClD,CASA,SAASC,GACPC,EACAC,EACAC,EACM,CACN,GAAM,CAAE,MAAAC,EAAO,QAAAC,EAAS,QAAAC,CAAQ,EAAIH,EAGpCE,EAAQ,QAAQE,GAAQ,CACtBN,EAAS,aAAa,OAAOM,CAAI,EACjCN,EAAS,WAAW,OAAOM,CAAI,CACjC,CAAC,EAGD,CAAC,GAAGH,EAAO,GAAGE,CAAO,EAAE,QAAQE,GAAS,CACtCP,EAAS,aAAa,IAAIO,EAAM,KAAMA,CAAK,EAC3CP,EAAS,WAAW,IAAIO,EAAM,KAAMN,CAAQ,CAC9C,CAAC,EAGD,IAAMO,EAAkB,IAAI,IAAI,CAC9B,GAAGL,EAAM,IAAIM,GAAKA,EAAE,IAAI,EACxB,GAAGJ,EAAQ,IAAII,GAAKA,EAAE,IAAI,EAC1B,GAAG,MAAM,KAAKT,EAAS,aAAa,IAAIC,CAAQ,GAAK,CAAC,CAAC,EAAE,OAAOS,GAAK,CAACN,EAAQ,SAASM,CAAC,CAAC,CAC3F,CAAC,EAEGF,EAAgB,KAAO,EACzBR,EAAS,aAAa,IAAIC,EAAUO,CAAe,EAEnDR,EAAS,aAAa,OAAOC,CAAQ,CAEzC,CAEA,SAASU,GAAYC,EAAeC,EAAwB,CAC1D,GAAID,EAAO,OAASC,EAAO,KAAM,MAAO,GAExC,IAAMC,EAAW,OAAO,KAAKF,CAAM,EAChC,OAAOG,GAAKA,IAAM,MAAM,EACxB,KAAK,EACFC,EAAW,OAAO,KAAKH,CAAM,EAChC,OAAOE,GAAKA,IAAM,MAAM,EACxB,KAAK,EAER,OAAID,EAAS,SAAWE,EAAS,OAAe,GAEzCF,EAAS,MAAMG,GAAU,CAC9B,IAAMC,EAAWN,EAAOK,CAAqB,EACvCE,EAAWN,EAAOI,CAAqB,EAG7C,OAAO,OAAOC,GAAa,OAAOC,CACpC,CAAC,CACH,CCrGO,SAASC,GAAkBC,EAAcC,EAAwB,CACtE,OAAO,QAAQD,CAAK,EAAE,QAAQ,CAAC,CAACE,EAAQC,CAAa,IAAM,CACrDD,IAAW,QAAU,CAACC,GAC1BF,EAAQ,IAAID,EAAM,KAAME,EAAsBC,CAAmC,CACnF,CAAC,CACH,CAEO,SAASC,GAAuBC,EAAcJ,EAAwB,CAEvE,WAAYA,GAAW,OAAOA,EAAQ,QAAW,WACnDA,EAAQ,OAAOI,CAAI,EAGnB,QAAQ,KAAK,6EAA6E,CAE9F,CAEO,SAASC,GAAqBN,EAAcC,EAAwB,CACzEG,GAAuBJ,EAAM,KAAMC,CAAO,EAC1CF,GAAkBC,EAAOC,CAAO,CAClC,CCDA,IAAMM,GAAyB,CAC7B,UAAW,WACX,SAAU,IACV,UAAW,QAAQ,IAAI,WAAa,aACtC,EAKO,SAASC,GAAaC,EAAgC,CAE3D,IAAMC,EAAgB,CACpB,GAAGH,GACH,GAAGE,CACL,EAEIA,EAAQ,UAAY,CAACA,EAAQ,SAAS,WAAW,GAAG,GACtD,QAAQ,KAAK,wBAAwB,EAIvC,IAAME,EAAWC,GAAoB,EAC/BC,EAAUC,GAAc,EAG1BC,EAAc,GACdC,EAA8C,KAC9CC,EAAgE,KAE9DC,EAAmB,IAAI,IAAY,CAACR,EAAc,SAAS,CAAC,EAKlE,SAASS,EAAoBC,EAAkE,CAC7F,QAAQ,IAAI;AAAA,oCAAgC,EAC5C,QAAQ,IAAI,YAAYA,EAAQ,MAAM,MAAM,SAAS,EACrD,QAAQ,IAAI,cAAcA,EAAQ,QAAQ,MAAM,SAAS,EACzD,QAAQ,IAAI,cAAcA,EAAQ,QAAQ,MAAM,SAAS,EAGzDA,EAAQ,QAAQ,QAAQC,GAAa,CACnC,QAAQ,IAAI,wBAAmBA,CAAS,EAAE,EAC1CC,GAAuBD,EAAWR,CAAO,CAC3C,CAAC,EAGDO,EAAQ,MAAM,QAAQG,GAAS,CAC7B,IAAMC,EAAU,OAAO,KAAKD,CAAK,EAAE,OAAOE,GAAOA,IAAQ,MAAM,EAC/D,QAAQ,IAAI,sBAAiBF,EAAM,IAAI,KAAKC,EAAQ,KAAK,IAAI,CAAC,GAAG,EACjEE,GAAkBH,EAAOV,CAAO,CAClC,CAAC,EAGDO,EAAQ,QAAQ,QAAQG,GAAS,CAC/B,IAAMC,EAAU,OAAO,KAAKD,CAAK,EAAE,OAAOE,GAAOA,IAAQ,MAAM,EAC/D,QAAQ,IAAI,2BAAoBF,EAAM,IAAI,KAAKC,EAAQ,KAAK,IAAI,CAAC,GAAG,EACpEG,GAAqBJ,EAAOV,CAAO,CACrC,CAAC,EAED,QAAQ,IAAI;AAAA,CAA6B,CAC3C,CAKA,SAASe,EAAoBC,EAAiBC,EAAgB,CAC5D,GAAI,CAEF,IAAMV,EAAUW,GAAqBpB,EAAUmB,EAAQD,CAAM,EAG7D,OAAAV,EAAoBC,CAAO,EAEpBA,CACT,OAASY,EAAO,CACd,cAAQ,MAAM,qCAA2BF,CAAM,IAAKE,CAAK,EACnDA,CACR,CACF,CAKA,eAAeC,EAAwBC,EAAmBJ,EAAgBK,EAAiB,CACzF,GAAI,CAEF,IAAMC,EAAmB,MAAMC,GAA0BH,CAAS,EAG5DI,EAAcF,EAAiB,IAAIb,GACvCY,EAAS,CAAE,GAAGZ,EAAO,KAAM,GAAGY,CAAM,GAAGZ,EAAM,IAAI,EAAG,EAAIA,CAC1D,EAGMH,EAAUQ,EAAoBU,EAAaR,CAAM,EAEvD,QAAQ,IACN,UAAUM,EAAiB,MAAM,gBAAgBN,CAAM,GAAGK,EAAS,gBAAgBA,CAAM,GAAK,EAAE,KAC1Ff,EAAQ,MAAM,MAAM,WAAWA,EAAQ,QAAQ,MAAM,aAAaA,EAAQ,QAAQ,MAAM,WAChG,CACF,OAASY,EAAO,CACd,cAAQ,MAAM,2CAAiCF,CAAM,IAAKE,CAAK,EACzDA,CACR,CACF,CAKA,eAAeO,GAAa,CAC1B,OAAIxB,GAAeC,IAInBA,GAAyB,SAAY,CACnC,GAAI,CAEF,MAAM,QAAQ,IACZ,MAAM,KAAKE,CAAgB,EAAE,IAAIgB,GAC/BD,EAAwBC,EAAWA,CAAS,CAC9C,CACF,EAGIxB,EAAc,WAChB8B,EAAuB,EAGzBzB,EAAc,EAChB,OAASiB,EAAO,CACd,cAAQ,MAAM,4CAAmCA,CAAK,EAChDA,CACR,CACF,GAAG,GAEIhB,CACT,CAKA,SAASwB,GAAyB,CAC3BvB,IACHA,EAAY,IAAI,KAGlB,QAAWiB,KAAahB,EACtB,GAAI,CAACD,EAAU,IAAIiB,CAAS,EAAG,CAC7B,IAAMO,EAAUC,GAAYR,EAAW,CACrC,WAAY,GACZ,OAAQ,CAAC,eAAgB,MAAM,EAE/B,aAAc,CAACS,EAAkBC,IAAyB,CAExD,GAAI,CACF,IAAMxB,EAAUW,GAAqBpB,EAAUgC,EAAUC,CAAW,EACpEzB,EAAoBC,CAAO,CAC7B,OAASY,EAAO,CACd,QAAQ,MAAM,4BAA4BE,CAAS,IAAKF,CAAK,CAC/D,CACF,EAEA,eAAgBa,GACd,MAAOF,EAAkBG,IAA2B,CAGlD,GAAI,CACF,QAAQ,IAAI,0BAA0BH,CAAQ,EAAE,EAEhD,IAAMvB,EAAUW,GAAqBpB,EAAUgC,EAAUG,CAAa,EAEtE,QAAQ,IACN,qBAAqB1B,EAAQ,MAAM,MAAM,WACpCA,EAAQ,QAAQ,MAAM,aAAaA,EAAQ,QAAQ,MAAM,UAChE,EAGAD,EAAoBC,CAAO,EAE3B,QAAQ,IACN,0BAA0BA,EAAQ,MAAM,MAAM,WACzCA,EAAQ,QAAQ,MAAM,aAAaA,EAAQ,QAAQ,MAAM,UAChE,CACF,OAASY,EAAO,CACd,QAAQ,MAAM,2CAAiCE,CAAS,IAAKF,CAAK,CACpE,CACF,EACAE,CACF,EAEA,eAAgB,CAACa,EAAkBC,IAA2B,CAC5D,QAAQ,IAAI,iBAAiBD,CAAQ,SAASC,EAAc,MAAM,SAAS,EAE3E,GAAI,CAEFA,EAAc,QAAQzB,GAAS,CAC7BD,GAAuBC,EAAM,KAAMV,CAAO,CAC5C,CAAC,EAGDoC,GAAeF,CAAQ,CACzB,OAASf,EAAO,CACd,QAAQ,MAAM,2CAAiCe,CAAQ,IAAKf,CAAK,CACnE,CACF,EAEA,QAAUA,GAAiB,CACzB,QAAQ,MAAM,wCAA8BE,CAAS,IAAKF,CAAK,CACjE,CACF,CAAC,EAEDf,EAAU,IAAIiB,EAAWO,CAAO,CAClC,CAEJ,CAKA,SAASS,EAA4BhB,EAAmBC,EAAiB,CAClElB,IACHA,EAAY,IAAI,KAGlB,IAAMwB,EAAUC,GAAYR,EAAW,CACrC,WAAY,GACZ,OAAQ,CAAC,eAAgB,MAAM,EAE/B,aAAc,CAACa,EAAkBH,IAAyB,CACxD,GAAI,CAEF,IAAMN,EAAcM,EAAY,IAAIrB,GAClCY,EAAS,CAAE,GAAGZ,EAAO,KAAM,GAAGY,CAAM,GAAGZ,EAAM,IAAI,EAAG,EAAIA,CAC1D,EAGMH,EAAUW,GAAqBpB,EAAUoC,EAAUT,CAAW,EACpEnB,EAAoBC,CAAO,CAC7B,OAASY,EAAO,CACd,QAAQ,MAAM,yCAA+BE,CAAS,IAAKF,CAAK,CAClE,CACF,EAEA,eAAgBa,GAAwB,MAAOE,EAAkBD,IAA2B,CAC1F,GAAI,CAEF,IAAMR,EAAcQ,EAAc,IAAIvB,GACpCY,EAAS,CAAE,GAAGZ,EAAO,KAAM,GAAGY,CAAM,GAAGZ,EAAM,IAAI,EAAG,EAAIA,CAC1D,EAGMH,EAAUW,GAAqBpB,EAAUoC,EAAUT,CAAW,EACpEnB,EAAoBC,CAAO,CAC7B,OAASY,EAAO,CACd,QAAQ,MAAM,2CAAiCE,CAAS,IAAKF,CAAK,CACpE,CACF,EAAGE,CAAS,EAEZ,eAAgB,CAACa,EAAkBC,IAA2B,CAC5D,GAAI,CACFA,EAAc,QAAQzB,GAAS,CAC7B,IAAM4B,EAAYhB,EAAS,GAAGA,CAAM,GAAGZ,EAAM,IAAI,GAAKA,EAAM,KAC5DD,GAAuB6B,EAAWtC,CAAO,CAC3C,CAAC,EACDoC,GAAeF,CAAQ,CACzB,OAASf,EAAO,CACd,QAAQ,MAAM,8BAA8Be,CAAQ,IAAKf,CAAK,CAChE,CACF,EAEA,QAAUA,GAAiB,CACzB,QAAQ,MAAM,wCAA8BE,CAAS,IAAKF,CAAK,CACjE,CACF,CAAC,EAED,OAAAf,EAAU,IAAIiB,EAAWO,CAAO,EACzBA,CACT,CAGA,OAAAF,EAAW,EAAE,MAAMP,GAAS,CAC1B,QAAQ,MAAM,wDAA+CA,CAAK,CACpE,CAAC,EAGM,CAIL,MAAM,cAAcoB,EAAc,CAE3BrC,IACH,QAAQ,IAAI,mDAA4C,EACxD,MAAMwB,EAAW,GAGnB,GAAM,CAAE,OAAAc,EAAQ,KAAAC,CAAK,EAAIF,EAAI,QAC7B,QAAQ,IAAI;AAAA,8BAA0BC,CAAM,IAAIC,CAAI,EAAE,EAGtD,IAAMC,EAAQ1C,EAAQ,MAAMyC,EAAMD,CAAoB,EAEtD,GAAI,CAACE,EACH,cAAQ,IAAI,8BAAyBF,CAAM,IAAIC,CAAI,EAAE,EAE/C,IAAIE,GAAc,WAAW,EAOrC,GAJA,QAAQ,IAAI,yBAAoBH,CAAM,IAAIC,CAAI,EAAE,EAChD,QAAQ,IAAI,cAAc,KAAK,UAAUC,EAAM,MAAM,CAAC,EAAE,EAGpDA,EAAM,iBAAkB,CAG1BH,EAAI,SAAS,OAAO,GAAG,EAAE,KAAK,CAC5B,MAAO,4BACP,QAASG,EAAM,cACjB,CAAC,EAGGA,EAAM,gBAAkBA,EAAM,eAAe,OAAS,GACxDH,EAAI,SAAS,OAAO,QAASG,EAAM,eAAe,KAAK,IAAI,CAAC,EAG9D,MACF,CAGAH,EAAI,QAAQ,OAASG,EAAM,OAG3B,MAAME,GAAeL,EAAKG,EAAM,MAAQA,EAAM,MAAM,CACtD,EAKA,WAAY,CACV,OAAOG,GAAyB/C,CAAQ,CAC1C,EAKA,SAASY,EAAc,CACrB,IAAMH,EAAUW,GAAqBpB,EAAU,eAAgB,CAACY,CAAK,CAAC,EACtEJ,EAAoBC,CAAO,CAC7B,EAKA,UAAUS,EAAiB,CACzB,IAAMT,EAAUW,GAAqBpB,EAAU,eAAgBkB,CAAM,EACrE,OAAAV,EAAoBC,CAAO,EACpBA,CACT,EAKA,MAAM,kBAAkBc,EAAmBzB,EAA+B,CAAC,EAAG,CAC5E,GAAIS,EAAiB,IAAIgB,CAAS,EAAG,CACnC,QAAQ,KAAK,mBAAmBA,CAAS,qBAAqB,EAC9D,MACF,CAEAhB,EAAiB,IAAIgB,CAAS,EAG1BnB,IACF,MAAMkB,EAAwBC,EAAWA,EAAWzB,EAAQ,MAAM,EAG9DC,EAAc,WAChBwC,EAA4BhB,EAAWzB,EAAQ,MAAM,EAG3D,EAKA,mBAAoB,CAKlB,MAF8D,CAAC,CAGjE,EAKA,MAAM,OAAQ,CACZ,GAAIQ,EAAW,CACb,QAAWwB,KAAWxB,EAAU,OAAO,EACrC,MAAMwB,EAAQ,MAAM,EAEtBxB,EAAU,MAAM,CAClB,CACF,CACF,CACF,CpC1ZO,IAAM0C,GAAiC,CAC5C,KAAM,IACN,KAAM,YACN,UAAW,WACX,MAAO,CACL,QAAS,EACX,EACA,WAAY,CAAC,EACb,QAAS,CAAC,CACZ,EAKA,SAASC,GAAoBC,EAA8B,CAAC,EAAkB,CAC5E,IAAMC,EAA6B,CAAE,GAAGH,EAAgB,EACxD,OAAAI,GAAiB,CAAE,UAAWF,EAAQ,WAAaC,EAAY,SAAU,CAAC,EAEnE,CACL,KAAMD,EAAQ,MAAQC,EAAY,KAClC,KAAMD,EAAQ,MAAQC,EAAY,KAClC,UAAWD,EAAQ,WAAaC,EAAY,UAC5C,MAAO,CACL,QAASD,EAAQ,OAAO,SAAWC,EAAY,OAAO,QACtD,QAASD,EAAQ,OAAO,SAAWC,EAAY,OAAO,QACtD,SAAUD,EAAQ,OAAO,UAAYC,EAAY,OAAO,QAC1D,EACA,WAAY,CAAC,GAAIA,EAAY,YAAc,CAAC,EAAI,GAAID,EAAQ,YAAc,CAAC,CAAE,EAC7E,QAAS,CAAC,GAAIC,EAAY,SAAW,CAAC,EAAI,GAAID,EAAQ,SAAW,CAAC,CAAE,CACtE,CACF,CAKA,SAASG,GACPC,EACAC,EACAC,EACAC,EACkB,CAClB,MAAO,WAEL,MAAMC,GAAqBJ,EAAgBE,EAAmBC,CAAc,EAG5E,MAAMH,EAAe,cAAc,kBAAkBA,CAAc,EAGnE,MAAMK,GAAYL,EAAgBC,CAAgB,EAElD,MAAMD,EAAe,cAAc,cAAcA,EAAgBA,EAAe,MAAM,EAGtFM,GAAqBN,CAAc,EAE5BA,EAEX,CAKA,eAAeI,GACbJ,EACAE,EACAC,EACe,CAEf,QAAWI,KAAML,EACfF,EAAe,IAAIO,CAAE,EAIvB,QAAWC,KAAKL,EACd,MAAMH,EAAe,SAASQ,CAAC,CAEnC,CAKA,SAASF,GAAqBN,EAA8B,CAE1D,IAAMS,EAAiBC,GAAuB,IAAMV,EAAe,MAAM,CAAC,EAG1EA,EAAe,gBAAkBS,EAGjCT,EAAe,OAAO,KAAK,SAAS,CACtC,CAKA,SAASW,GAAkBX,EAAyC,CAClE,MAAO,OAAOY,GAA8B,CAC1C,GAAI,CAACZ,EAAe,OAClB,OAIF,IAAMJ,EAAuB,CAAE,GAAGgB,CAAY,EAG1CZ,EAAe,kBACjBA,EAAe,gBAAgB,WAAW,EAC1C,OAAOA,EAAe,iBAIxB,MAAMa,GAAWb,EAAgBJ,CAAO,CAC1C,CACF,CAKA,SAASkB,GAAgBd,EAAuC,CAC9D,OAAOe,GAAc,CACnB,IAAMC,EAAkB,MAAM,QAAQD,CAAU,EAAIA,EAAa,CAACA,CAAU,EAC5E,OAAAf,EAAe,WAAW,KAAK,GAAGgB,CAAe,EAC1ChB,CACT,CACF,CAKA,SAASiB,GAAqBjB,EAA4C,CACxE,MAAO,OAAMkB,IACXC,GAAeD,CAAM,EACrBlB,EAAe,QAAQ,KAAKkB,CAAM,EAClC,MAAMA,EAAO,SAASlB,CAAc,EAC7BA,EAEX,CAKO,SAASoB,GAAOxB,EAA8B,CAAC,EAAW,CAE/D,IAAMyB,EAAgB1B,GAAoBC,CAAO,EAE7CK,EACJ,GAAI,CACFA,EAAmBqB,GAAsBD,CAAa,CACxD,OAASE,EAAO,CACd,MAAIA,aAAiB,MACb,IAAI,MAAM,4BAA4BA,EAAM,OAAO,EAAE,EAEvD,IAAI,MAAM,4BAA4B,OAAOA,CAAK,CAAC,EAAE,CAC7D,CAGA,GAAM,CAAE,KAAAC,EAAM,KAAAC,EAAM,WAAAV,EAAY,QAAAW,CAAQ,EAAIzB,EAEtCC,EAAoB,MAAM,QAAQa,CAAU,EAAI,CAAC,GAAGA,CAAU,EAAI,CAAC,EACnEZ,EAAiB,MAAM,QAAQuB,CAAO,EAAI,CAAC,GAAGA,CAAO,EAAI,CAAC,EAG1DC,EAAiB,IAAI,qBACrBC,EAASC,GAAa,CAC1B,UAAW5B,EAAiB,UAC5B,UAAW,QAAQ,IAAI,WAAa,aACtC,CAAC,EAEK6B,EAAgBC,GAA6B,CACjD,MAAO,QAAQ,IAAI,WAAa,cAChC,gBAAiB,EACnB,CAAC,EACKC,EAAS,IAAI,GAAAC,QAGbjC,EAAyB,CAC7B,OAAQ,KACR,KAAAwB,EACA,KAAAC,EACA,QAASE,EACT,OAAAK,EACA,QAAS,CAAC,EACV,WAAY,CAAC,EACb,gBAAiB,CAAE,WAAY,IAAM,CAAC,CAAE,EACxC,IAAK,IAAMhC,EACX,SAAU,SAAYA,EACtB,OAAQ,SAAYA,EACpB,MAAO,SAAY,CAAC,EACpB,OAAA4B,EACA,cAAAE,CACF,EAGA,OAAA9B,EAAe,OAASD,GACtBC,EACAC,EACAC,EACAC,CACF,EACAH,EAAe,MAAQW,GAAkBX,CAAc,EACvDA,EAAe,IAAMc,GAAgBd,CAAc,EACnDA,EAAe,SAAWiB,GAAqBjB,CAAc,EAEtDA,CACT,CqC3NAkC,K7CgEAC,K8C3DAC,KAEAC,KAuBO,IAAMC,GAAN,cAAgCC,EAAsC,CAQ3E,YACEC,EACAC,EAAgD,OAChDC,EAAoC,OACpC,CACA,qBAEEF,EACA,IACAE,GAAiBC,GAAwB,EACzCF,CACF,CACF,CACF,EC9CAG,KAEAC,KAwBO,IAAMC,GAAN,cAA6BC,EAAmC,CAQrE,YACEC,EACAC,EAA6C,OAC7CC,EAAoC,OACpC,CACA,kBAEEF,EACA,IACAE,GAAiBC,GAAwB,EACzCF,CACF,CACF,CACF,EC/CAG,KAEAC,KAwBO,IAAMC,GAAN,cAA4BC,EAAkC,CAQnE,YACEC,EACAC,EAA4C,OAC5CC,EAAoC,OACpC,CACA,iBAEEF,EACA,IACAE,GAAiBC,GAAwB,EACzCF,CACF,CACF,CACF,EC/CAG,KAEAC,KAyBO,IAAMC,GAAN,cAA6BC,EAAmC,CAQrE,YACEC,EACAC,EAA6C,OAC7CC,EAAoC,OACpC,CACA,qBAEEF,EACA,IACAE,GAAiBC,GAAwB,EACzCF,CACF,CACF,CACF,EjDiBAG,KACAC,KkDzEAC,KACAC,KAEO,IAAMC,GAAN,cAAkCC,EAAY,CACnD,YAAYC,EAAeC,EAAmBC,EAAwB,CACpE,uBAEEF,EACA,IACAE,GAAiBC,GAAwB,EACzCF,CACF,CACF,CACF,ElD8DAG,KmD3EAC,KACAC,KAEO,IAAMC,GAAN,cAAuCC,EAAY,CACxD,YAAYC,EAAeC,EAAmBC,EAAwB,CACpE,6BAEEF,EACA,IACAE,GAAiBC,GAAwB,EACzCF,CACF,CACF,CACF,EnDoCO,IAAMG,GAAU,QAGVC,GAAY,CAAE,aAAAC,EAAa,EAC3BC,GAAY,CACvB,kBAAAC,GACA,eAAAC,GACA,gBAAAC,GACA,mBAAAC,GACA,iBAAAC,GACA,gBAAAC,GACA,eAAAC,EACF,EACaC,GAAgB,CAAE,iBAAAT,GAAkB,QAAAU,EAAQ,EAC5CC,GAAa,CAAE,aAAAX,EAAa,EAgBnCY,GAAS,CAEb,aAAAZ,GACA,iBAAAA,GACA,aAAAA,GAGA,OAAQD,GACR,OAAQE,GACR,WAAYQ,GACZ,QAASE,GAGT,QAAAb,EACF","names":["require_forge","__commonJSMin","exports","module","require_baseN","__commonJSMin","exports","module","api","_reverseAlphabets","input","alphabet","maxline","output","_encodeWithByteBuffer","i","base","first","digits","j","carry","regex","table","bytes","value","k","require_util","__commonJSMin","exports","module","forge","baseN","util","callback","handler","event","msg","copy","callbacks","now","attr","div","oldSetImmediate","x","_checkBitsParam","n","ByteStringBuffer","b","arr","i","_MAX_CONSTRUCTED_STRING_LENGTH","d","bytes","str","buffer","rval","max","count","c","len","DataBuffer","options","isArrayBuffer","isArrayBufferView","amount","growSize","src","dst","encoding","view","input","s","s1","s2","s3","t","hex","_base64","_base64Idx","_base58","maxline","line","output","chr1","chr2","chr3","enc1","enc2","enc3","enc4","offset","out","j","k","api","raw","start","flg","_setStorageObject","id","obj","error","_getStorageObject","_setItem","key","data","_getItem","_removeItem","empty","prop","_clearItems","_callStorageFunction","func","args","location","type","done","exception","idx","ex","format","re","match","part","argi","parts","last","code","number","decimals","dec_point","thousands_sep","size","ip","num","blanks","e","zeros","zeroGroups","zeroMaxGroup","group","blobUrl","st","et","sample","samples","numWorkers","avg","map","err","results","reduce","workers","worker","overlaps","r1","overlap","r2","require_cipher","__commonJSMin","exports","module","forge","algorithm","key","api","name","BlockCipher","options","opts","input","pad","output","require_cipherModes","__commonJSMin","exports","module","forge","modes","options","input","output","finish","i","padding","len","count","transformIV","inputLength","partialBytes","inc32","iv","additionalData","ivLength","from64To32","overflow","rval","lengths","tag","x","y","z_i","v_i","x_i","out","lsb","z","idx","ah","h","bits","multiplier","perInt","size","m","tmp","shft","mid","half","j","m_i","m_j","c","blockSize","ints","blocks","block","num","require_aes","__commonJSMin","exports","module","forge","key","iv","output","mode","cipher","_createCipher","name","init","initialize","self","inBlock","outBlock","_updateBlock","options","tmp","i","len","encryptOp","_expandKey","decrypt","registerAlgorithm","factory","Nb","sbox","isbox","rcon","mix","imix","xtime","e","ei","e2","e4","e8","sx","sx2","me","ime","n","w","temp","iNk","Nk","Nr1","end","m0","m1","m2","m3","wnew","wi","input","Nr","sub","a","b","c","d","a2","b2","c2","round","algorithm","start","require_oids","__commonJSMin","exports","module","forge","oids","_IN","id","name","_I_","require_asn1","__commonJSMin","exports","module","forge","asn1","tagClass","type","constructed","value","options","tmp","i","obj","copy","obj1","obj2","equal","b","b2","length","longForm","_checkBufferLength","bytes","remaining","n","error","_getValueLength","longFormBytes","byteCount","_fromDer","depth","start","b1","bitStringContents","savedRead","savedRemaining","unused","subOptions","composed","used","tc","asn1Options","useBitStringContents","len","lenBytes","oid","values","last","valueBytes","utc","date","year","MM","DD","hh","mm","ss","c","end","hhoffset","mmoffset","offset","gentime","YYYY","fff","isUTC","rval","format","x","v","capture","errors","j","_nonLatinRegex","level","indentation","indent","subvalues","sub","e","require_md","__commonJSMin","exports","module","forge","require_hmac","__commonJSMin","exports","module","forge","hmac","_key","_md","_ipadding","_opadding","ctx","md","key","tmp","i","keylen","bytes","inner","require_md5","__commonJSMin","exports","module","forge","md5","_initialized","_init","_state","_input","_w","md","int32s","msg","encoding","len","i","_update","finalBlock","remaining","overflow","_padding","bits","carry","s2","rval","_g","_r","_k","s","w","bytes","t","a","b","c","d","f","r","require_pem","__commonJSMin","exports","module","forge","pem","msg","options","rval","header","foldHeader","i","str","rMessage","rHeader","rCRLF","match","type","lines","li","line","nl","next","values","vi","ltrim","insertSpace","$1","length","candidate","insert","require_des","__commonJSMin","exports","module","forge","key","iv","output","mode","cipher","_createCipher","name","self","inBlock","outBlock","_updateBlock","options","_createKeys","registerAlgorithm","factory","spfunction1","spfunction2","spfunction3","spfunction4","spfunction5","spfunction6","spfunction7","spfunction8","pc2bytes0","pc2bytes1","pc2bytes2","pc2bytes3","pc2bytes4","pc2bytes5","pc2bytes6","pc2bytes7","pc2bytes8","pc2bytes9","pc2bytes10","pc2bytes11","pc2bytes12","pc2bytes13","iterations","keys","shifts","n","tmp","j","left","right","i","lefttmp","righttmp","input","decrypt","looping","endloop","loopinc","right1","right2","algorithm","start","require_pbkdf2","__commonJSMin","exports","module","forge","pkcs5","crypto","p","s","c","dkLen","md","callback","err","key","hLen","len","r","prf","dk","xor","u_c","u_c1","i","j","outer","inner","require_sha256","__commonJSMin","exports","module","forge","sha256","_initialized","_init","_state","_input","_w","md","int32s","msg","encoding","len","i","_update","finalBlock","remaining","overflow","_padding","next","carry","bits","s2","rval","_k","s","w","bytes","t1","t2","s0","s1","ch","maj","a","b","c","d","e","f","g","h","require_prng","__commonJSMin","exports","module","forge","_crypto","prng","plugin","ctx","md","pools","i","count","callback","cipher","increment","formatKey","formatSeed","b","generate","err","_reseed","bytes","_reseedSync","_seed","needed","_2powK","k","seedBytes","defaultSeedFile","getRandomValues","globalScope","arr","entropy","e","hi","lo","next","seed","n","x","worker","listener","data","require_random","__commonJSMin","exports","module","forge","jQuery","prng_aes","_prng_aes_output","_prng_aes_buffer","key","tmp","seed","spawnPrng","ctx","count","callback","_ctx","getRandomValues","globalScope","_crypto","arr","_navBytes","e","require_rc2","__commonJSMin","exports","module","forge","piTable","s","rol","word","bits","ror","key","effKeyBits","L","T","T1","T8","TM","i","createCipher","encrypt","_finish","_input","_output","_iv","mixRound","mashRound","j","K","R","runPlan","plan","val","ptr","ctr","cipher","iv","output","input","pad","rval","padding","len","count","require_jsbn","__commonJSMin","exports","module","forge","dbits","canary","j_lm","BigInteger","a","b","c","nbi","am1","i","x","w","j","n","v","am2","xl","xh","l","h","m","am3","BI_FP","BI_RM","BI_RC","rr","vv","int2char","intAt","s","bnpCopyTo","r","bnpFromInt","nbv","bnpFromString","k","mi","sh","bnpClamp","bnToString","km","d","p","bnNegate","bnAbs","bnCompareTo","nbits","t","bnBitLength","bnpDLShiftTo","bnpDRShiftTo","bnpLShiftTo","bs","cbs","bm","ds","bnpRShiftTo","bnpSubTo","bnpMultiplyTo","y","bnpSquareTo","bnpDivRemTo","q","pm","pt","ts","ms","nsh","ys","y0","yt","d1","d2","e","qd","bnMod","Classic","cConvert","cRevert","cReduce","cMulTo","cSqrTo","bnpInvDigit","Montgomery","montConvert","montRevert","montReduce","u0","montSqrTo","montMulTo","bnpIsEven","bnpExp","z","r2","g","bnModPowInt","bnClone","bnIntValue","bnByteValue","bnShortValue","bnpChunkSize","bnSigNum","bnpToRadix","cs","bnpFromRadix","bnpFromNumber","op_or","bnToByteArray","bnEquals","bnMin","bnMax","bnpBitwiseTo","op","f","op_and","bnAnd","bnOr","op_xor","bnXor","op_andnot","bnAndNot","bnNot","bnShiftLeft","bnShiftRight","lbit","bnGetLowestSetBit","cbit","bnBitCount","bnTestBit","bnpChangeBit","bnSetBit","bnClearBit","bnFlipBit","bnpAddTo","bnAdd","bnSubtract","bnMultiply","bnDivide","bnRemainder","bnDivideAndRemainder","bnpDMultiply","bnpDAddOffset","NullExp","nNop","nMulTo","nSqrTo","bnPow","bnpMultiplyLowerTo","bnpMultiplyUpperTo","Barrett","barrettConvert","barrettRevert","barrettReduce","barrettSqrTo","barrettMulTo","bnModPow","k1","g2","is1","bnGCD","bnpModInt","bnModInverse","ac","u","lowprimes","lplim","bnIsProbablePrime","bnpMillerRabin","n1","prng","bnGetPrng","require_sha1","__commonJSMin","exports","module","forge","sha1","_initialized","_init","_state","_input","_w","md","int32s","msg","encoding","len","i","_update","finalBlock","remaining","overflow","_padding","next","carry","bits","s2","rval","s","w","bytes","t","a","b","c","d","e","f","require_pkcs1","__commonJSMin","exports","module","forge","pkcs1","key","message","options","label","seed","md","mgf1Md","keyLength","maxLength","error","lHash","PS","PS_length","i","DB","dbMask","rsa_mgf1","maskedDB","seedMask","maskedSeed","em","y","db","lHashPrime","in_ps","index","j","code","is_0","error_mask","maskLength","hash","t","count","c","require_prime","__commonJSMin","exports","module","forge","prime","BigInteger","GCD_30_DELTA","THIRTY","op_or","x","bits","options","callback","algorithm","prng","rng","b","i","primeincFindPrime","primeincFindPrimeWithWorkers","primeincFindPrimeWithoutWorkers","num","generateRandom","deltaIdx","mrTests","getMillerRabinTests","maxBlockTime","_primeinc","start","numWorkers","workLoad","range","workerScript","err","cores","generate","workers","running","workerMessage","found","e","data","hex","bits1","require_rsa","__commonJSMin","exports","module","forge","BigInteger","_crypto","asn1","util","pki","GCD_30_DELTA","privateKeyValidator","rsaPrivateKeyValidator","rsaPublicKeyValidator","publicKeyValidator","digestInfoValidator","emsaPkcs1v15encode","md","oid","error","oidBytes","digestInfo","digestAlgorithm","digest","_modPow","x","key","pub","xp","xq","y","m","bt","eb","k","_encodePkcs1_v1_5","yhex","ed","zeros","ml","xhex","_decodePkcs1_v1_5","bits","e","options","prng","rng","b","i","algorithm","rval","state","n","THIRTY","deltaIdx","op_or","t1","t2","total","bits1","_getMillerRabinTests","d","callback","_detectNodeCrypto","err","priv","_detectSubtleCrypto","_intToUint8Array","pair","pkcs8","privateKey","_detectSubtleMsCrypto","genOp","exportOp","keypair","_generateKeyPair","data","scheme","schemeOptions","signature","obj","capture","errors","p","q","dP","dQ","qInv","rsaKey","_bnToBytes","padNum","padByte","numZeros","padBytes","em","first","zero","opts","generate","getPrime","num","finish","tmp","hex","bytes","fn","buffer","require_pbe","__commonJSMin","exports","module","forge","BigInteger","asn1","pki","oids","encryptedPrivateKeyValidator","PBES2AlgorithmsValidator","pkcs12PbeParamsValidator","obj","password","options","salt","count","countBytes","dkLen","encryptionAlgorithm","encryptedData","ivLen","encOid","cipherFn","error","prfAlgorithm","md","prfAlgorithmToMessageDigest","dk","iv","cipher","params","createPbkdf2Params","saltBytes","rval","capture","errors","oid","encrypted","epki","maxline","msg","pem","rsaKey","algorithm","key","id","iter","j","l","v","result","passBuf","p","s","D","Slen","S","Plen","P","I","c","i","buf","round","B","k","Inew","chunk","x","prfOidToMessageDigest","dIvLen","digests","hash","length","bytes","prfOid","factory","require_pkcs7asn1","__commonJSMin","exports","module","forge","asn1","p7v","contentInfoValidator","encryptedContentInfoValidator","signerValidator","require_mgf1","__commonJSMin","exports","module","forge","mgf1","md","mgf","seed","maskLen","t","len","i","c","require_mgf","__commonJSMin","exports","module","forge","require_pss","__commonJSMin","exports","module","forge","pss","options","hash","mgf","hLen","salt_","sLen","prng","pssobj","md","modBits","i","emBits","emLen","mHash","salt","m_","h","ps","db","maskLen","dbMask","maskedDB","mask","em","checkLen","h_","require_x509","__commonJSMin","exports","module","forge","asn1","pki","oids","_shortNames","publicKeyValidator","x509CertificateValidator","rsassaPssParameterValidator","certificationRequestInfoValidator","certificationRequestValidator","rdn","md","rval","set","attr","obj","si","i","attributes","seq","type","values","vi","ei","_getAttribute","options","_readSignatureParameters","oid","fillDefaults","params","capture","errors","error","_createSignatureDigest","_verifySignature","cert","scheme","hash","mgf","pem","computeHash","strict","msg","maxline","key","bytes","digest","hex","csr","sn","_fillMissingFields","attrs","uniqueId","exts","_fillMissingExtensionFields","ext","algorithmOid","child","issuer","subject","tbsCertificate","parent","s","iattr","sattr","n","ski","serial","validity","imd","ibytes","smd","sbytes","extseq","e","ev","b2","b3","value","gn","altName","cri","_dnToAsn1","valueTagClass","unused","keyIdentifier","authorityCertIssuer","serialNumber","subSeq","fullNameGeneralNames","_signatureParametersToAsn1","parts","_CRIAttributesToAsn1","valueConstructed","jan_1_1950","jan_1_2050","_dateToAsn1","date","notBefore","notAfter","tbs","dn","certs","caStore","getBySubject","ensureSubjectHasHash","tmp","match","der1","der2","certList","result","chain","validityCheckDate","first","depth","selfSigned","parents","verified","se","bcExt","keyUsageExt","pathLen","vfd","ret","require_pkcs12","__commonJSMin","exports","module","forge","asn1","pki","p12","contentInfoValidator","pfxValidator","safeBagValidator","attributeValidator","certBagValidator","_getBagsByAttribute","safeContents","attrName","attrValue","bagType","result","j","bag","obj","strict","password","capture","errors","error","pfx","filter","rval","localKeyId","friendlyName","data","_decodePkcs7Data","md","macKeyBytes","macAlgorithm","macSalt","macIterations","macKey","mac","macValue","_decodeAuthenticatedSafe","value","i","authSafe","contentInfo","_decryptSafeContents","_decodeSafeContents","oid","cipher","encryptedContentAsn1","encrypted","res","safeBag","_decodeBagAttributes","validator","decoder","bagAsn1","certAsn1","attributes","decodedAttrs","key","cert","options","bagAttrs","pairedCert","sha1","attrs","contents","chain","certSafeBags","certBagAttrs","certSafeBag","certSafeContents","certCI","keyBag","pkAsn1","keySafeContents","keyCI","safe","macData","count","require_pki","__commonJSMin","exports","module","forge","asn1","pki","pem","msg","error","obj","key","maxline","require_tls","__commonJSMin","exports","module","forge","prf_TLS1","secret","label","seed","length","rval","idx","slen","s1","s2","ai","hmac","md5itr","sha1itr","md5bytes","i","sha1bytes","hmac_sha1","key","seqNum","record","b","deflate","c","s","bytes","inflate","readVector","lenBytes","len","writeVector","v","tls","twoBytes","cs","ignore","msg","client","remaining","exts","ext","snl","snType","tmp","msgRandom","cRandom","sRandom","sessionId","SCC","SCE","session","version","CCC","CCE","CKE","cert","asn1","certs","ex","SKE","SCR","privateKey","sp","CCV","SHD","msgBytes","verify","error","depth","ret","SER","callback","signature","SFI","CFI","vd","vdl","prf","SAD","CAD","alert","type","hsTable","payload","SHE","CHE","__","R0","R1","R2","R3","R4","ctTable","H0","H1","H2","H3","H4","H5","H6","H7","H8","H9","random","tls10","km","createMode","mode","state","d","utc","options","cipherSuites","cSuites","compressionMethods","cMethods","extensions","serverName","snList","extLength","hint","certList","der","certBuffer","certTypes","cAs","dn","byteBuffer","payloadLength","plaintextLength","paddingLength","records","data","rec","_certErrorToAlertDesc","_alertDescToCertError","desc","chain","vfd","err","cache","capacity","caStore","entity","sessionCache","cn","dpth","cts","fatal","clearFail","_update","aligned","handlers","_readRecordHeader","compatibleVersion","_readRecord","require_aesCipherSuites","__commonJSMin","exports","module","forge","tls","sp","initConnectionState","state","c","client","decrypt_aes_cbc_sha1","encrypt_aes_cbc_sha1","record","s","rval","mac","iv","cipher","encrypt_aes_cbc_sha1_padding","blockSize","input","decrypt","padding","decrypt_aes_cbc_sha1_padding","output","len","paddingLength","i","macLen","mac2","compareMacs","key","mac1","hmac","require_sha512","__commonJSMin","exports","module","forge","sha512","sha384","algorithm","_initialized","_init","_states","_state","_h","_input","_w","wi","digestLength","md","int32s","i","msg","encoding","len","_update","finalBlock","remaining","overflow","_padding","next","carry","bits","h","rval","hlen","_k","s","w","bytes","t1_hi","t1_lo","t2_hi","t2_lo","s0_hi","s0_lo","s1_hi","s1_lo","ch_hi","ch_lo","maj_hi","maj_lo","a_hi","a_lo","b_hi","b_lo","c_hi","c_lo","d_hi","d_lo","e_hi","e_lo","f_hi","f_lo","g_hi","g_lo","h_hi","h_lo","hi","lo","w2","w7","w15","w16","require_asn1_validator","__commonJSMin","exports","forge","asn1","require_ed25519","__commonJSMin","exports","module","forge","asn1Validator","publicKeyValidator","privateKeyValidator","BigInteger","ByteBuffer","NativeBuffer","ed25519","options","seed","messageToNativeBuffer","pk","sk","i","crypto_sign_keypair","obj","capture","errors","valid","error","oid","ed25519Oid","privateKey","privateKeyBytes","publicKeyBytes","msg","keyPair","signedMsg","crypto_sign","sig","publicKey","sm","m","crypto_sign_open","message","encoding","buffer","gf0","gf","gf1","D","D2","X","Y","L","I","sha512","msgLen","md","hash","out","p","d","scalarbase","pack","n","j","x","smlen","r","reduce","h","modL","mlen","t","q","unpackneg","scalarmult","add","crypto_verify_32","carry","k","b","c","e","f","g","Z","M","A","cswap","sel25519","tx","ty","zi","inv25519","pack25519","par25519","o","car25519","chk","num","den","den2","den4","den6","set25519","unpack25519","S","pow2523","neq25519","a","xi","y","yi","vn","s","v","init","t0","t1","t2","t3","t4","t5","t6","t7","t8","t9","t10","t11","t12","t13","t14","t15","t16","t17","t18","t19","t20","t21","t22","t23","t24","t25","t26","t27","t28","t29","t30","b0","b1","b2","b3","b4","b5","b6","b7","b8","b9","b10","b11","b12","b13","b14","b15","require_kem","__commonJSMin","exports","module","forge","BigInteger","kdf","options","prng","kem","publicKey","keyLength","byteLength","r","zeros","encapsulation","key","privateKey","md","digestLength","_createKDF","counterStart","x","length","k","c","i","hash","require_log","__commonJSMin","exports","module","forge","sLevelInfo","sLoggers","sConsoleLogger","i","level","message","messageLevelIndex","logger","loggerLevelIndex","args","levels","category","msg","logFunction","rval","aValidLevel","lock","levelHandlers","f","handler","query","require_md_all","__commonJSMin","exports","module","require_pkcs7","__commonJSMin","exports","module","forge","asn1","p7","pem","msg","error","obj","maxline","pemObj","capture","errors","contentType","_fromAsn1","certs","i","crls","signedData","signer","issuer","serialNumber","cert","key","digestAlgorithm","authenticatedAttributes","messageDigest","attr","options","content","mds","addDigestAlgorithmIds","addSignerInfos","crl","oid","bytes","signingTime","attrsAsn1","ai","_attributeToAsn1","_signersToAsn1","_decryptContent","_recipientsFromAsn1","_recipientsToAsn1","_encryptedContentToAsn1","sAttr","r","rAttr","match","j","recipient","privKey","cipher","keyLen","ivLen","ciphFn","ciph","_recipientFromAsn1","_recipientToAsn1","infos","ret","recipients","_signerToAsn1","rval","signers","value","jan_1_1950","jan_1_2050","date","timestamp","ec","validator","require_ssh","__commonJSMin","exports","module","forge","ssh","privateKey","passphrase","comment","algorithm","encryptionAlgorithm","ppk","pubbuffer","_addStringToBuffer","_addBigIntegerToBuffer","pub","length","privbuffer","priv","encLen","padding","_sha1","aeskey","cipher","encrypted","mackey","macbuffer","hmac","key","type","buffer","options","md","digest","hex","val","hexVal","bytes","sha","num","i","require_lib","__commonJSMin","exports","module","require_selfsigned","__commonJSMin","exports","forge","toPositiveHex","hexString","mostSiginficativeHexAsInt","getAlgorithm","key","attrs","options","done","generatePem","keyPair","cert","notAfter","fingerprint","pem","p7","clientkeys","clientcert","clientAttrs","i","clientp7","caStore","vfd","depth","chain","ex","keySize","err","isBodyParseError","error","ErrorType","ErrorSeverity","BlaizeError","init_errors","__esmMin","type","title","status","correlationId","details","base","generateCorrelationId","timestamp","random","getCurrentCorrelationId","stored","correlationStorage","import_node_async_hooks","init_correlation","__esmMin","internal_server_error_exports","__export","InternalServerError","init_internal_server_error","__esmMin","init_errors","init_correlation","BlaizeError","title","details","correlationId","getCurrentCorrelationId","validation_error_exports","__export","ValidationError","init_validation_error","__esmMin","init_errors","init_correlation","BlaizeError","title","details","correlationId","getCurrentCorrelationId","payload_too_large_error_exports","__export","PayloadTooLargeError","init_payload_too_large_error","__esmMin","init_correlation","init_errors","BlaizeError","title","details","correlationId","getCurrentCorrelationId","unsupported_media_type_error_exports","__export","UnsupportedMediaTypeError","init_unsupported_media_type_error","__esmMin","init_correlation","init_errors","BlaizeError","title","details","correlationId","getCurrentCorrelationId","index_exports","__export","Blaize","BlaizeError","ConflictError","ErrorSeverity","ErrorType","ForbiddenError","InternalServerError","MiddlewareAPI","NotFoundError","PayloadTooLargeError","PluginsAPI","RateLimitError","RequestTimeoutError","RouterAPI","ServerAPI","UnauthorizedError","UnprocessableEntityError","UnsupportedMediaTypeError","VERSION","ValidationError","compose","createDeleteRoute","createGetRoute","createHeadRoute","create","createOptionsRoute","createPatchRoute","createPostRoute","createPutRoute","isBodyParseError","__toCommonJS","execute","middleware","ctx","next","result","error","compose","middlewareStack","_","next","ctx","finalHandler","called","dispatch","middleware","execute","create","handlerOrOptions","name","handler","skip","debug","middleware","create","name","version","setup","defaultOptions","userOptions","mergedOptions","plugin","app","result","import_node_url","config","setRuntimeConfig","newConfig","getRoutesDir","config","path","parseRoutePath","filePath","basePath","forwardSlashFilePath","forwardSlashBasePath","normalizedBasePath","relativePath","segments","params","routeSegments","segment","paramName","routePath","getCallerFilePath","originalPrepareStackTrace","_","stack","callerFrame","fileName","getRoutePath","callerPath","routesDir","getRoutesDir","parsedRoute","parseRoutePath","createGetRoute","config","validateMethodConfig","path","createPostRoute","createPutRoute","createDeleteRoute","createPatchRoute","createHeadRoute","createOptionsRoute","method","validateSchema","schema","params","query","body","response","import_node_async_hooks","import_node_events","fs","http","http2","fs","path","selfsigned","generateDevCertificates","certDir","keyPath","certPath","pems","ResponseSentError","message","ResponseSentHeaderError","ResponseSentContentError","ParseUrlError","import_node_async_hooks","contextStorage","runWithContext","context","callback","contextStorage","import_node_crypto","import_node_fs","import_node_os","import_node_path","import_node_stream","BOUNDARY_REGEX","CONTENT_DISPOSITION_REGEX","CONTENT_TYPE_REGEX","MULTIPART_REGEX","extractBoundary","contentType","match","boundary","parseContentDisposition","headers","parseContentType","isMultipartContent","DEFAULT_OPTIONS","createParserState","boundary","options","processChunk","state","chunk","newBuffer","currentState","nextState","processCurrentStage","processBoundary","processHeaders","processContent","InternalServerError","boundaryIndex","hasFoundValidBoundary","buffer","headerEnd","headers","disposition","parseContentDisposition","ValidationError","mimetype","parseContentType","isFile","PayloadTooLargeError","UnsupportedMediaTypeError","nextBoundaryIndex","contentChunk","isComplete","safeLength","contentEnd","updatedState","processContentChunk","finalizeCurrentPart","newContentLength","maxSize","payloadErrorDetals","processFileChunk","writeToStream","initializeFileProcessing","streamController","stream","controller","tempPath","writeStream","cleanupTask","unlink","error","finalizeFile","finalizeField","resetCurrentPart","closeStream","file","updatedFiles","addToCollection","value","updatedFields","collection","key","newCollection","existing","finalize","fields","values","files","fileList","cleanup","task","resolve","reject","parseMultipartRequest","request","contentType","extractBoundary","CONTENT_TYPE_HEADER","DEFAULT_BODY_LIMITS","parseRequestUrl","req","originalUrl","host","fullUrl","url","path","query","value","key","error","ParseUrlError","isHttp2Request","getProtocol","encrypted","forwardedProto","createContext","res","options","method","isHttp2","protocol","params","state","responseState","ctx","createRequestObject","createResponseObject","parseBodyIfNeeded","info","createRequestHeaderGetter","createRequestHeadersGetter","name","headerGetter","names","acc","createStatusSetter","createHeaderSetter","createHeadersSetter","createContentTypeSetter","createJsonResponder","createTextResponder","createHtmlResponder","createRedirectResponder","createStreamResponder","code","ResponseSentError","ResponseSentHeaderError","headers","type","ResponseSentContentError","body","status","readable","err","shouldSkipParsing","contentType","contentLength","limits","parseJsonBody","parseFormUrlEncodedBody","parseTextBody","isMultipartContent","parseMultipartBody","errorType","setBodyError","readRequestBody","json","parseUrlEncodedData","formData","multipartLimits","multipartData","parseMultipartRequest","message","bodyError","resolve","reject","chunks","chunk","init_errors","init_correlation","NotFoundError","BlaizeError","title","details","correlationId","getCurrentCorrelationId","init_errors","init_correlation","init_internal_server_error","isHandledError","error","BlaizeError","formatErrorResponse","correlationId","generateCorrelationId","originalMessage","wrappedError","InternalServerError","extractOrGenerateCorrelationId","headerGetter","setErrorResponseHeaders","headerSetter","createErrorBoundary","options","debug","ctx","next","error","correlationId","extractOrGenerateCorrelationId","errorResponse","formatErrorResponse","setErrorResponseHeaders","createRequestHandler","serverInstance","req","res","context","createContext","allMiddleware","createErrorBoundary","handler","compose","runWithContext","NotFoundError","error","prepareCertificates","http2Options","keyFile","certFile","isDevMode","certificatesMissing","generateDevCertificates","createServerInstance","isHttp2","certOptions","http2ServerOptions","err","listenOnPort","server","port","host","resolve","reject","url","initializePlugins","serverInstance","plugin","startServer","serverOptions","requestHandler","createRequestHandler","error","isShuttingDown","stopServer","serverInstance","options","server","events","timeout","_","reject","error","closePromise","resolve","err","timeoutPromise","registerSignalHandlers","stopFn","sigintHandler","sigtermHandler","import_zod","middlewareSchema","data","pluginSchema","http2Schema","serverOptionsSchema","validateServerOptions","options","error","formattedError","createPluginLifecycleManager","options","continueOnError","debug","onError","log","message","args","handleError","plugin","phase","error","errorMessage","server","pluginsToTerminate","httpServer","pluginsToNotify","PluginValidationError","pluginName","message","RESERVED_NAMES","VALID_NAME_PATTERN","VALID_VERSION_PATTERN","validatePlugin","plugin","options","requireVersion","validateNameFormat","checkReservedNames","PluginValidationError","p","lifecycleMethods","method","crypto","fs","import_node_module","path","dynamicImport","filePath","cacheBuster","importPath","module","error","errorMessage","loadRouteModule","basePath","parsedRoute","parseRoutePath","routes","route","exportName","exportValue","potentialRoute","isValidRoute","obj","method","import_meta","fileRouteCache","processChangedFile","filePath","routesDir","updateCache","lastModified","cachedEntry","invalidateModuleCache","routes","loadRouteModule","hash","hashRoutes","hasRouteContentChanged","newRoutes","newHash","clearFileCache","routeData","route","key","method","methodDef","handlerString","dataString","absolutePath","resolvedPath","resolveError","errorMessage","require","error","os","fs","path","findRouteFiles","routesDir","options","absoluteDir","error","routeFiles","ignore","scanDirectory","dir","entries","entry","fullPath","isRouteFile","filename","processFilesInParallel","filePaths","processor","concurrency","chunks","chunkArray","results","chunk","successfulResults","filePath","result","loadInitialRoutesParallel","routesDir","files","findRouteFiles","processChangedFile","array","chunkSize","i","profilerState","trackReloadPerformance","filePath","startTime","duration","emoji","withPerformanceTracking","fn","filePath","args","startTime","result","trackReloadPerformance","error","path","import_fs","import_promises","import_events","sysPath","import_promises","import_node_stream","import_node_path","EntryTypes","defaultOptions","_entryInfo","RECURSIVE_ERROR_CODE","NORMAL_FLOW_ERRORS","ALL_TYPES","DIR_TYPES","FILE_TYPES","isNormalFlowError","error","wantBigintFsStats","emptyFn","normalizeFilter","filter","fl","entry","trItems","item","f","ReaddirpStream","options","opts","root","type","statMethod","path","presolve","batch","par","fil","depth","slice","dirent","awaited","entryType","parent","files","basename","fullPath","pjoin","prelative","err","stats","full","entryRealPath","entryRealPathStats","len","psep","recursiveError","readdirp","import_fs","import_promises","sysPath","import_os","STR_DATA","STR_END","STR_CLOSE","EMPTY_FN","pl","isWindows","isMacos","isLinux","isFreeBSD","isIBMi","osType","EVENTS","EV","THROTTLE_MODE_WATCH","statMethods","KEY_LISTENERS","KEY_ERR","KEY_RAW","HANDLER_KEYS","binaryExtensions","isBinaryPath","filePath","foreach","val","fn","addAndConvert","main","prop","item","container","clearItem","cont","key","set","delFromSet","isEmptySet","FsWatchInstances","createFsWatchInstance","path","options","listener","errHandler","emitRaw","handleEvent","rawEvent","evPath","fsWatchBroadcast","fs_watch","error","fullPath","listenerType","val1","val2","val3","setFsWatchListener","handlers","rawEmitter","watcher","broadcastErr","FsWatchFileInstances","setFsWatchFileListener","copts","curr","prev","currmtime","NodeFsHandler","fsW","opts","directory","basename","absolutePath","EMPTY_FN","closer","enableBin","file","stats","initialAdd","dirname","parent","prevStats","newStats","at","mt","entry","full","dir","linkPath","fsrealpath","wh","target","depth","throttler","previous","current","stream","STR_DATA","resolve","reject","STR_END","wasThrottled","realpath","parentDir","tracked","oDepth","dirPath","priorWh","ready","follow","absPath","targetPath","SLASH","SLASH_SLASH","ONE_DOT","TWO_DOTS","STRING_TYPE","BACK_SLASH_RE","DOUBLE_SLASH_RE","DOT_RE","REPLACER_RE","arrify","item","isMatcherObject","matcher","createPattern","string","relative","normalizePath","path","prepend","matchPatterns","patterns","testString","stats","index","pattern","anymatch","matchers","unifyPaths","paths_","paths","p","normalizePathToUnix","toUnix","str","normalizeIgnored","cwd","getAbsolutePath","EMPTY_SET","DirEntry","dir","removeWatcher","items","EMPTY_FN","STAT_METHOD_F","STAT_METHOD_L","WatchHelper","follow","fsw","watchPath","parts","entry","resolvedPath","FSWatcher","_opts","awf","DEF_AWF","opts","isIBMi","envPoll","envLower","envInterval","readyCalls","EVENTS","args","NodeFsHandler","ignored","_origAdd","_internal","res","results","closers","closerList","closer","promise","stream","dirent","watchList","event","isWindows","pw","awfEmit","err","fullPath","error","code","actionType","timeout","action","actionPath","timeoutObject","clear","count","thr","threshold","pollInterval","timeoutHandler","now","writes","awaitWriteFinishFn","prevStat","statcb","curStat","list","stat","directory","isDirectory","nested","parent","wasTracked","relPath","eventName","root","options","readdirp","STR_CLOSE","STR_END","watch","watcher","watchRoutes","routesDir","options","debounceMs","debouncedCallbacks","createDebouncedCallback","fn","filePath","args","existingTimeout","timeoutId","routesByPath","loadInitialRoutes","files","findRouteFiles","loadAndNotify","error","handleError","existingRoutes","newRoutes","processChangedFile","hasRouteContentChanged","normalizedPath","handleRemoved","routes","watcher","watch","timeout","allRoutes","import_zod","import_zod","validateBody","body","schema","import_zod","validateParams","params","schema","import_zod","validateQuery","query","schema","import_zod","validateResponse","response","schema","init_internal_server_error","init_validation_error","createRequestValidator","schema","debug","ctx","next","validateParams","error","fieldErrors","extractZodFieldErrors","errorCount","sum","fe","ValidationError","validateQuery","validateBody","createResponseValidator","responseSchema","originalJson","body","status","validatedBody","validateResponse","InternalServerError","fieldErrorMap","issue","fieldPath","field","messages","executeHandler","ctx","routeOptions","params","middleware","createRequestValidator","createResponseValidator","compose","result","extractParams","path","pattern","paramNames","match","params","compilePathPattern","patternString","_","paramName","createMatcher","routes","path","method","routeOptions","pattern","paramNames","compilePathPattern","newRoute","insertIndex","route","i","pathname","params","extractParams","createRouteRegistry","updateRoutesFromFile","registry","filePath","newRoutes","oldPaths","newPaths","r","added","removed","p","changed","route","existingRoute","routesEqual","applyRouteUpdates","getAllRoutesFromRegistry","registry","applyRouteUpdates","registry","filePath","updates","added","removed","changed","path","route","allPathsForFile","r","p","routesEqual","route1","route2","methods1","k","methods2","method","handler1","handler2","addRouteToMatcher","route","matcher","method","methodOptions","removeRouteFromMatcher","path","updateRouteInMatcher","DEFAULT_ROUTER_OPTIONS","createRouter","options","routerOptions","registry","createRouteRegistry","matcher","createMatcher","initialized","initializationPromise","_watchers","routeDirectories","applyMatcherChanges","changes","routePath","removeRouteFromMatcher","route","methods","key","addRouteToMatcher","updateRouteInMatcher","addRoutesWithSource","routes","source","updateRoutesFromFile","error","loadRoutesFromDirectory","directory","prefix","discoveredRoutes","loadInitialRoutesParallel","finalRoutes","initialize","setupOptimizedWatching","watcher","watchRoutes","filepath","addedRoutes","withPerformanceTracking","changedRoutes","filePath","removedRoutes","clearFileCache","setupWatcherForNewDirectory","finalPath","ctx","method","path","match","NotFoundError","executeHandler","getAllRoutesFromRegistry","DEFAULT_OPTIONS","createServerOptions","options","baseOptions","setRuntimeConfig","createListenMethod","serverInstance","validatedOptions","initialMiddleware","initialPlugins","initializeComponents","startServer","setupServerLifecycle","mw","p","signalHandlers","registerSignalHandlers","createCloseMethod","stopOptions","stopServer","createUseMethod","middleware","middlewareArray","createRegisterMethod","plugin","validatePlugin","create","mergedOptions","validateServerOptions","error","port","host","plugins","contextStorage","router","createRouter","pluginManager","createPluginLifecycleManager","events","EventEmitter","init_errors","init_validation_error","init_errors","init_correlation","UnauthorizedError","BlaizeError","title","details","correlationId","getCurrentCorrelationId","init_errors","init_correlation","ForbiddenError","BlaizeError","title","details","correlationId","getCurrentCorrelationId","init_errors","init_correlation","ConflictError","BlaizeError","title","details","correlationId","getCurrentCorrelationId","init_errors","init_correlation","RateLimitError","BlaizeError","title","details","correlationId","getCurrentCorrelationId","init_internal_server_error","init_payload_too_large_error","init_correlation","init_errors","RequestTimeoutError","BlaizeError","title","details","correlationId","getCurrentCorrelationId","init_unsupported_media_type_error","init_correlation","init_errors","UnprocessableEntityError","BlaizeError","title","details","correlationId","getCurrentCorrelationId","VERSION","ServerAPI","create","RouterAPI","createDeleteRoute","createGetRoute","createHeadRoute","createOptionsRoute","createPatchRoute","createPostRoute","createPutRoute","MiddlewareAPI","compose","PluginsAPI","Blaize"]}