node-opcua-server-configuration 2.113.0 → 2.115.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/clientTools/push_certificate_management_client.js +237 -289
- package/dist/clientTools/push_certificate_management_client.js.map +1 -1
- package/dist/server/install_push_certitifate_management.js +117 -136
- package/dist/server/install_push_certitifate_management.js.map +1 -1
- package/dist/server/promote_trust_list.js +117 -134
- package/dist/server/promote_trust_list.js.map +1 -1
- package/dist/server/push_certificate_manager_helpers.js +258 -283
- package/dist/server/push_certificate_manager_helpers.js.map +1 -1
- package/dist/server/push_certificate_manager_server_impl.js +329 -388
- package/dist/server/push_certificate_manager_server_impl.js.map +1 -1
- package/dist/server/tools.js +1 -2
- package/dist/server/tools.js.map +1 -1
- package/dist/server/trust_list_server.js +47 -62
- package/dist/server/trust_list_server.js.map +1 -1
- package/package.json +25 -25
|
@@ -2,15 +2,6 @@
|
|
|
2
2
|
/**
|
|
3
3
|
* @module node-opcua-server-configuration
|
|
4
4
|
*/
|
|
5
|
-
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
|
|
6
|
-
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
|
|
7
|
-
return new (P || (P = Promise))(function (resolve, reject) {
|
|
8
|
-
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
|
|
9
|
-
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
|
|
10
|
-
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
|
|
11
|
-
step((generator = generator.apply(thisArg, _arguments || [])).next());
|
|
12
|
-
});
|
|
13
|
-
};
|
|
14
5
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
6
|
exports.installAccessRestrictionOnTrustList = exports.promoteTrustList = void 0;
|
|
16
7
|
const memfs_1 = require("memfs");
|
|
@@ -30,146 +21,138 @@ const errorLog = debugLog;
|
|
|
30
21
|
function trustListIsAlreadyOpened(trustList) {
|
|
31
22
|
return false; // to do...
|
|
32
23
|
}
|
|
33
|
-
function _closeAndUpdate(inputArguments, context) {
|
|
34
|
-
return
|
|
35
|
-
return { statusCode: node_opcua_status_code_1.StatusCodes.Good };
|
|
36
|
-
});
|
|
24
|
+
async function _closeAndUpdate(inputArguments, context) {
|
|
25
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.Good };
|
|
37
26
|
}
|
|
38
27
|
// in TrustList
|
|
39
|
-
function _addCertificate(inputArguments, context) {
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
28
|
+
async function _addCertificate(inputArguments, context) {
|
|
29
|
+
// If the Certificate is issued by a CA then the Client shall provide the entire
|
|
30
|
+
// chain in the certificate argument (see OPC 10000-6). After validating the Certificate,
|
|
31
|
+
// the Server shall add the CA Certificates to the Issuers list in the Trust List.
|
|
32
|
+
// The leaf Certificate is added to the list specified by the isTrustedCertificate argument.
|
|
33
|
+
if (!(0, tools_1.hasEncryptedChannel)(context)) {
|
|
34
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
|
|
35
|
+
}
|
|
36
|
+
if (!(0, tools_1.hasExpectedUserAccess)(context)) {
|
|
37
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
|
|
38
|
+
}
|
|
39
|
+
const trustList = context.object;
|
|
40
|
+
const cm = trustList.$$certificateManager || null;
|
|
41
|
+
// The trust list must have been bound
|
|
42
|
+
if (!cm) {
|
|
43
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadInternalError };
|
|
44
|
+
}
|
|
45
|
+
// This method cannot be called if the file object is open.
|
|
46
|
+
if (trustListIsAlreadyOpened(trustList)) {
|
|
47
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidState };
|
|
48
|
+
}
|
|
49
|
+
const certificateChain = inputArguments[0].value;
|
|
50
|
+
const isTrustedCertificate = inputArguments[1].value;
|
|
51
|
+
const certificates = (0, node_opcua_crypto_1.split_der)(certificateChain);
|
|
52
|
+
// validate certificate first
|
|
53
|
+
const r = await (0, node_opcua_crypto_1.verifyCertificateChain)(certificates);
|
|
54
|
+
if (r.status !== "Good") {
|
|
55
|
+
warningLog("Invalid certificate ", r.status, r.reason);
|
|
56
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadCertificateInvalid };
|
|
57
|
+
}
|
|
58
|
+
for (let i = 0; i < certificates.length; i++) {
|
|
59
|
+
const certificate = certificates[i];
|
|
60
|
+
if (i === certificates.length - 1 && isTrustedCertificate) {
|
|
61
|
+
await cm.trustCertificate(certificate);
|
|
69
62
|
}
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
if (i === certificates.length - 1 && isTrustedCertificate) {
|
|
73
|
-
yield cm.trustCertificate(certificate);
|
|
74
|
-
}
|
|
75
|
-
else {
|
|
76
|
-
yield cm.addIssuer(certificate);
|
|
77
|
-
}
|
|
63
|
+
else {
|
|
64
|
+
await cm.addIssuer(certificate);
|
|
78
65
|
}
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
}
|
|
66
|
+
}
|
|
67
|
+
debugLog("_addCertificate - done isTrustedCertificate= ", isTrustedCertificate);
|
|
68
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.Good };
|
|
82
69
|
}
|
|
83
|
-
function _removeCertificate(inputArguments, context) {
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
return { statusCode: node_opcua_status_code_1.StatusCodes.Good };
|
|
92
|
-
});
|
|
70
|
+
async function _removeCertificate(inputArguments, context) {
|
|
71
|
+
if (!(0, tools_1.hasEncryptedChannel)(context)) {
|
|
72
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
|
|
73
|
+
}
|
|
74
|
+
if (!(0, tools_1.hasExpectedUserAccess)(context)) {
|
|
75
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
|
|
76
|
+
}
|
|
77
|
+
return { statusCode: node_opcua_status_code_1.StatusCodes.Good };
|
|
93
78
|
}
|
|
94
79
|
let counter = 0;
|
|
95
|
-
function promoteTrustList(trustList) {
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
|
|
108
|
-
|
|
109
|
-
|
|
110
|
-
return callback(null, { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidState });
|
|
111
|
-
}
|
|
112
|
-
// if (trustList.isOpened) {
|
|
113
|
-
// warningLog("TrustList is already opened")
|
|
114
|
-
// return { statusCode: StatusCodes.BadInvalidState};
|
|
115
|
-
// }
|
|
116
|
-
// The Open Method shall not support modes other than Read (0x01) and the Write + EraseExisting (0x06).
|
|
117
|
-
const openMask = inputArgs[0].value;
|
|
118
|
-
if (openMask !== node_opcua_file_transfer_1.OpenFileMode.Read && openMask !== node_opcua_file_transfer_1.OpenFileMode.WriteEraseExisting) {
|
|
119
|
-
return callback(null, { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument });
|
|
120
|
-
}
|
|
121
|
-
// possible statusCode: Bad_UserAccessDenied The current user does not have the rights required.
|
|
122
|
-
const certificateManager = trustList.$$certificateManager || undefined;
|
|
123
|
-
if (certificateManager) {
|
|
124
|
-
(0, trust_list_server_1.writeTrustList)(memfs_1.fs, filename, trustMask, certificateManager)
|
|
125
|
-
.then(() => {
|
|
126
|
-
// trustList.isOpened = true;
|
|
127
|
-
_open_asyncExecutionFunction.call(this, inputArgs, context, callback);
|
|
128
|
-
})
|
|
129
|
-
.catch((err) => {
|
|
130
|
-
errorLog(err);
|
|
131
|
-
callback(err, { statusCode: node_opcua_status_code_1.StatusCodes.BadInternalError });
|
|
132
|
-
});
|
|
133
|
-
}
|
|
134
|
-
else {
|
|
135
|
-
warningLog("certificateManager is not defined on trustlist do something to update the document before we open it");
|
|
136
|
-
return _open_asyncExecutionFunction.call(this, inputArgs, context, callback);
|
|
137
|
-
}
|
|
80
|
+
async function promoteTrustList(trustList) {
|
|
81
|
+
const filename = `/tmpFile${counter}`;
|
|
82
|
+
counter += 1;
|
|
83
|
+
(0, node_opcua_file_transfer_1.installFileType)(trustList, { filename, fileSystem: memfs_1.fs });
|
|
84
|
+
// we need to change the default open method
|
|
85
|
+
const open = trustList.getChildByName("Open");
|
|
86
|
+
const _open_asyncExecutionFunction = open._asyncExecutionFunction;
|
|
87
|
+
// ... and bind the extended methods as well.
|
|
88
|
+
const closeAndUpdate = trustList.getChildByName("CloseAndUpdate");
|
|
89
|
+
const openWithMasks = trustList.getChildByName("OpenWithMasks");
|
|
90
|
+
const addCertificate = trustList.getChildByName("AddCertificate");
|
|
91
|
+
const removeCertificate = trustList.getChildByName("RemoveCertificate");
|
|
92
|
+
function _openTrustList(trustMask, inputArgs, context, callback) {
|
|
93
|
+
if (trustListIsAlreadyOpened(trustList)) {
|
|
94
|
+
return callback(null, { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidState });
|
|
138
95
|
}
|
|
139
|
-
|
|
140
|
-
|
|
96
|
+
// if (trustList.isOpened) {
|
|
97
|
+
// warningLog("TrustList is already opened")
|
|
98
|
+
// return { statusCode: StatusCodes.BadInvalidState};
|
|
99
|
+
// }
|
|
100
|
+
// The Open Method shall not support modes other than Read (0x01) and the Write + EraseExisting (0x06).
|
|
101
|
+
const openMask = inputArgs[0].value;
|
|
102
|
+
if (openMask !== node_opcua_file_transfer_1.OpenFileMode.Read && openMask !== node_opcua_file_transfer_1.OpenFileMode.WriteEraseExisting) {
|
|
103
|
+
return callback(null, { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument });
|
|
141
104
|
}
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
|
|
105
|
+
// possible statusCode: Bad_UserAccessDenied The current user does not have the rights required.
|
|
106
|
+
const certificateManager = trustList.$$certificateManager || undefined;
|
|
107
|
+
if (certificateManager) {
|
|
108
|
+
(0, trust_list_server_1.writeTrustList)(memfs_1.fs, filename, trustMask, certificateManager)
|
|
109
|
+
.then(() => {
|
|
110
|
+
// trustList.isOpened = true;
|
|
111
|
+
_open_asyncExecutionFunction.call(this, inputArgs, context, callback);
|
|
112
|
+
})
|
|
113
|
+
.catch((err) => {
|
|
114
|
+
errorLog(err);
|
|
115
|
+
callback(err, { statusCode: node_opcua_status_code_1.StatusCodes.BadInternalError });
|
|
116
|
+
});
|
|
147
117
|
}
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
addCertificate.bindMethod(_addCertificate);
|
|
152
|
-
removeCertificate.bindMethod(_removeCertificate);
|
|
153
|
-
closeAndUpdate === null || closeAndUpdate === void 0 ? void 0 : closeAndUpdate.bindMethod(_closeAndUpdate);
|
|
154
|
-
function install_method_handle_on_TrustListType(addressSpace) {
|
|
155
|
-
const fileType = addressSpace.findObjectType("TrustListType");
|
|
156
|
-
if (!fileType || fileType.addCertificate.isBound()) {
|
|
157
|
-
return;
|
|
158
|
-
}
|
|
159
|
-
fileType.open && fileType.open.bindMethod(_openCallback);
|
|
160
|
-
fileType.addCertificate.bindMethod(_addCertificate);
|
|
161
|
-
fileType.removeCertificate.bindMethod(_removeCertificate);
|
|
162
|
-
fileType.openWithMasks && fileType.openWithMasks.bindMethod(_openWithMaskCallback);
|
|
163
|
-
fileType.closeAndUpdate && fileType.closeAndUpdate.bindMethod(_closeAndUpdate);
|
|
118
|
+
else {
|
|
119
|
+
warningLog("certificateManager is not defined on trustlist do something to update the document before we open it");
|
|
120
|
+
return _open_asyncExecutionFunction.call(this, inputArgs, context, callback);
|
|
164
121
|
}
|
|
165
|
-
|
|
166
|
-
|
|
122
|
+
}
|
|
123
|
+
function _openCallback(inputArgs, context, callback) {
|
|
124
|
+
_openTrustList.call(this, trust_list_server_1.TrustListMasks.All, inputArgs, context, callback);
|
|
125
|
+
}
|
|
126
|
+
open.bindMethod(_openCallback);
|
|
127
|
+
function _openWithMaskCallback(inputArgs, context, callback) {
|
|
128
|
+
const trustListMask = inputArgs[0].value;
|
|
129
|
+
inputArgs[0] = new node_opcua_variant_1.Variant({ dataType: node_opcua_variant_1.DataType.Byte, value: node_opcua_file_transfer_1.OpenFileMode.Read });
|
|
130
|
+
_openTrustList.call(this, trustListMask, inputArgs, context, callback);
|
|
131
|
+
}
|
|
132
|
+
// The OpenWithMasks Method allows a Client to read only the portion of the Trust List.
|
|
133
|
+
// This Method can only be used to read the Trust List.
|
|
134
|
+
openWithMasks.bindMethod(_openWithMaskCallback);
|
|
135
|
+
addCertificate.bindMethod(_addCertificate);
|
|
136
|
+
removeCertificate.bindMethod(_removeCertificate);
|
|
137
|
+
closeAndUpdate?.bindMethod(_closeAndUpdate);
|
|
138
|
+
function install_method_handle_on_TrustListType(addressSpace) {
|
|
139
|
+
const fileType = addressSpace.findObjectType("TrustListType");
|
|
140
|
+
if (!fileType || fileType.addCertificate.isBound()) {
|
|
141
|
+
return;
|
|
142
|
+
}
|
|
143
|
+
fileType.open && fileType.open.bindMethod(_openCallback);
|
|
144
|
+
fileType.addCertificate.bindMethod(_addCertificate);
|
|
145
|
+
fileType.removeCertificate.bindMethod(_removeCertificate);
|
|
146
|
+
fileType.openWithMasks && fileType.openWithMasks.bindMethod(_openWithMaskCallback);
|
|
147
|
+
fileType.closeAndUpdate && fileType.closeAndUpdate.bindMethod(_closeAndUpdate);
|
|
148
|
+
}
|
|
149
|
+
install_method_handle_on_TrustListType(trustList.addressSpace);
|
|
167
150
|
}
|
|
168
151
|
exports.promoteTrustList = promoteTrustList;
|
|
169
152
|
function installAccessRestrictionOnTrustList(trustList) {
|
|
170
153
|
for (const m of trustList.getComponents()) {
|
|
171
|
-
m
|
|
172
|
-
m
|
|
154
|
+
m?.setRolePermissions(roles_and_permissions_1.rolePermissionAdminOnly);
|
|
155
|
+
m?.setAccessRestrictions(node_opcua_data_model_1.AccessRestrictionsFlag.SigningRequired | node_opcua_data_model_1.AccessRestrictionsFlag.EncryptionRequired);
|
|
173
156
|
}
|
|
174
157
|
}
|
|
175
158
|
exports.installAccessRestrictionOnTrustList = installAccessRestrictionOnTrustList;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"promote_trust_list.js","sourceRoot":"","sources":["../../source/server/promote_trust_list.ts"],"names":[],"mappings":";AAAA;;GAEG
|
|
1
|
+
{"version":3,"file":"promote_trust_list.js","sourceRoot":"","sources":["../../source/server/promote_trust_list.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,iCAAoC;AAWpC,uDAAkF;AAClF,mEAAgE;AAEhE,2DAAuD;AACvD,iEAA+D;AAE/D,uEAAqF;AAErF,yDAAsE;AAEtE,2DAAqE;AAErE,mCAAqE;AACrE,mEAAkE;AAElE,MAAM,QAAQ,GAAG,IAAA,gCAAa,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,OAAO,GAAG,IAAA,iCAAc,EAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,UAAU,GAAG,IAAA,kCAAe,EAAC,qBAAqB,CAAC,CAAC;AAC1D,MAAM,QAAQ,GAAG,QAAQ,CAAC;AAE1B,SAAS,wBAAwB,CAAC,SAAsB;IACpD,OAAO,KAAK,CAAC,CAAC,WAAW;AAC7B,CAAC;AAED,KAAK,UAAU,eAAe,CAE1B,cAAyB,EACzB,OAAwB;IAExB,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,IAAI,EAAE,CAAC;AAC5C,CAAC;AAED,eAAe;AACf,KAAK,UAAU,eAAe,CAE1B,cAAyB,EACzB,OAAwB;IAExB,gFAAgF;IAChF,yFAAyF;IACzF,kFAAkF;IAClF,4FAA4F;IAC5F,IAAI,CAAC,IAAA,2BAAmB,EAAC,OAAO,CAAC,EAAE;QAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;KAClE;IACD,IAAI,CAAC,IAAA,6BAAqB,EAAC,OAAO,CAAC,EAAE;QACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;KAC1D;IAED,MAAM,SAAS,GAAG,OAAO,CAAC,MAAqB,CAAC;IAChD,MAAM,EAAE,GAAK,SAAiB,CAAC,oBAA2C,IAAI,IAAI,CAAC;IAEnF,sCAAsC;IACtC,IAAI,CAAC,EAAE,EAAE;QACL,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,gBAAgB,EAAE,CAAC;KACvD;IACD,2DAA2D;IAC3D,IAAI,wBAAwB,CAAC,SAAS,CAAC,EAAE;QACrC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,CAAC;KACtD;IAED,MAAM,gBAAgB,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;IACnE,MAAM,oBAAoB,GAAY,cAAc,CAAC,CAAC,CAAC,CAAC,KAAgB,CAAC;IAEzE,MAAM,YAAY,GAAG,IAAA,6BAAS,EAAC,gBAAgB,CAAC,CAAC;IAEjD,6BAA6B;IAC7B,MAAM,CAAC,GAAG,MAAM,IAAA,0CAAsB,EAAC,YAAY,CAAC,CAAC;IACrD,IAAI,CAAC,CAAC,MAAM,KAAK,MAAM,EAAE;QACrB,UAAU,CAAC,sBAAsB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC;QACvD,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,qBAAqB,EAAE,CAAC;KAC5D;IAED,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QAC1C,MAAM,WAAW,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;QACpC,IAAI,CAAC,KAAK,YAAY,CAAC,MAAM,GAAG,CAAC,IAAI,oBAAoB,EAAE;YACvD,MAAM,EAAE,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;SAC1C;aAAM;YACH,MAAM,EAAE,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;SACnC;KACJ;IACD,QAAQ,CAAC,+CAA+C,EAAE,oBAAoB,CAAC,CAAC;IAChF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,IAAI,EAAE,CAAC;AAC5C,CAAC;AACD,KAAK,UAAU,kBAAkB,CAE7B,cAAyB,EACzB,OAAwB;IAExB,IAAI,CAAC,IAAA,2BAAmB,EAAC,OAAO,CAAC,EAAE;QAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;KAClE;IAED,IAAI,CAAC,IAAA,6BAAqB,EAAC,OAAO,CAAC,EAAE;QACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;KAC1D;IAED,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,IAAI,EAAE,CAAC;AAC5C,CAAC;AAED,IAAI,OAAO,GAAG,CAAC,CAAC;AAET,KAAK,UAAU,gBAAgB,CAAC,SAAsB;IACzD,MAAM,QAAQ,GAAG,WAAW,OAAO,EAAE,CAAC;IACtC,OAAO,IAAI,CAAC,CAAC;IAEb,IAAA,0CAAe,EAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,UAAmB,EAAE,CAAC,CAAC;IAE1E,4CAA4C;IAC5C,MAAM,IAAI,GAAG,SAAS,CAAC,cAAc,CAAC,MAAM,CAAa,CAAC;IAC1D,MAAM,4BAA4B,GAAI,IAAY,CAAC,uBAAwC,CAAC;IAE5F,6CAA6C;IAC7C,MAAM,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC,gBAAgB,CAAa,CAAC;IAC9E,MAAM,aAAa,GAAG,SAAS,CAAC,cAAc,CAAC,eAAe,CAAa,CAAC;IAC5E,MAAM,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC,gBAAgB,CAAa,CAAC;IAC9E,MAAM,iBAAiB,GAAG,SAAS,CAAC,cAAc,CAAC,mBAAmB,CAAa,CAAC;IAEpF,SAAS,cAAc,CAEnB,SAAyB,EACzB,SAAoB,EACpB,OAAwB,EACxB,QAA4C;QAE5C,IAAI,wBAAwB,CAAC,SAAS,CAAC,EAAE;YACrC,OAAO,QAAQ,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,oCAAW,CAAC,eAAe,EAAE,CAAC,CAAC;SACtE;QACD,4BAA4B;QAC5B,gDAAgD;QAChD,yDAAyD;QACzD,IAAI;QAEJ,uGAAuG;QACvG,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QAC9C,IAAI,QAAQ,KAAK,uCAAY,CAAC,IAAI,IAAI,QAAQ,KAAK,uCAAY,CAAC,kBAAkB,EAAE;YAChF,OAAO,QAAQ,CAAC,IAAI,EAAE,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC,CAAC;SACzE;QACD,gGAAgG;QAChG,MAAM,kBAAkB,GAAK,SAAiB,CAAC,oBAAgD,IAAI,SAAS,CAAC;QAC7G,IAAI,kBAAkB,EAAE;YACpB,IAAA,kCAAc,EAAC,UAAmB,EAAE,QAAQ,EAAE,SAAS,EAAE,kBAAkB,CAAC;iBACvE,IAAI,CAAC,GAAG,EAAE;gBACP,8BAA8B;gBAE9B,4BAA4B,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC1E,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACX,QAAQ,CAAC,GAAG,CAAC,CAAC;gBACd,QAAQ,CAAC,GAAG,EAAE,EAAE,UAAU,EAAE,oCAAW,CAAC,gBAAgB,EAAE,CAAC,CAAC;YAChE,CAAC,CAAC,CAAC;SACV;aAAM;YACH,UAAU,CAAC,sGAAsG,CAAC,CAAC;YACnH,OAAO,4BAA4B,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;SAChF;IACL,CAAC;IAED,SAAS,aAAa,CAElB,SAAoB,EACpB,OAAwB,EACxB,QAA4C;QAE5C,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,kCAAc,CAAC,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAChF,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;IAE/B,SAAS,qBAAqB,CAE1B,SAAoB,EACpB,OAAwB,EACxB,QAA4C;QAE5C,MAAM,aAAa,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QACnD,SAAS,CAAC,CAAC,CAAC,GAAG,IAAI,4BAAO,CAAC,EAAE,QAAQ,EAAE,6BAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,uCAAY,CAAC,IAAI,EAAE,CAAC,CAAC;QAClF,cAAc,CAAC,IAAI,CAAC,IAAI,EAAE,aAAa,EAAE,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC3E,CAAC;IACD,uFAAuF;IACvF,uDAAuD;IACvD,aAAa,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;IAChD,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;IAC3C,iBAAiB,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;IACjD,cAAc,EAAE,UAAU,CAAC,eAAe,CAAC,CAAC;IAE5C,SAAS,sCAAsC,CAAC,YAA2B;QACvE,MAAM,QAAQ,GAAG,YAAY,CAAC,cAAc,CAAC,eAAe,CAAQ,CAAC;QACrE,IAAI,CAAC,QAAQ,IAAI,QAAQ,CAAC,cAAc,CAAC,OAAO,EAAE,EAAE;YAChD,OAAO;SACV;QACD,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;QACzD,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;QACpD,QAAQ,CAAC,iBAAiB,CAAC,UAAU,CAAC,kBAAkB,CAAC,CAAC;QAC1D,QAAQ,CAAC,aAAa,IAAI,QAAQ,CAAC,aAAa,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;QACnF,QAAQ,CAAC,cAAc,IAAI,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;IACnF,CAAC;IACD,sCAAsC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;AACnE,CAAC;AA/FD,4CA+FC;AAED,SAAgB,mCAAmC,CAAC,SAAgC;IAChF,KAAK,MAAM,CAAC,IAAI,SAAS,CAAC,aAAa,EAAE,EAAE;QACvC,CAAC,EAAE,kBAAkB,CAAC,+CAAuB,CAAC,CAAC;QAC/C,CAAC,EAAE,qBAAqB,CAAC,8CAAsB,CAAC,eAAe,GAAG,8CAAsB,CAAC,kBAAkB,CAAC,CAAC;KAChH;AACL,CAAC;AALD,kFAKC"}
|