node-opcua-server-configuration 2.71.0 → 2.72.0

package/source/server/push_certificate_manager_helpers.ts

@@ -1,35 +1,46 @@
 /**
  * @module node-opcua-server-configuration
  */
-
-import { callbackify } from "util";
-
+import * as path from "path";
+import * as fs from "fs";
 import {
     AddressSpace,
     SessionContext,
     UAMethod,
     UATrustList,
-    UAObject,
-    UAVariable,
     UAServerConfiguration,
-    ISessionContext
+    ISessionContext,
+    UACertificateGroup,
+    UACertificateExpirationAlarmEx,
+    UACertificateExpirationAlarmImpl
 } from "node-opcua-address-space";
+import { UAObject, UAVariable, EventNotifierFlags } from "node-opcua-address-space-base";
+
 import { checkDebugFlag, make_debugLog, make_warningLog } from "node-opcua-debug";
 import { NodeId, resolveNodeId } from "node-opcua-nodeid";
 import { StatusCodes } from "node-opcua-status-code";
 import { CallMethodResultOptions } from "node-opcua-types";
 import { DataType, Variant, VariantArrayType } from "node-opcua-variant";
-import { AccessRestrictionsFlag, NodeClass } from "node-opcua-data-model";
+import {
+    AccessLevelFlag,
+    AccessRestrictionsFlag,
+    BrowseDirection,
+    coerceQualifiedName,
+    NodeClass,
+    QualifiedName
+} from "node-opcua-data-model";
 import { ByteString, UAString } from "node-opcua-basic-types";
-import { ObjectTypeIds } from "node-opcua-constants";
+import { ObjectIds, ObjectTypeIds } from "node-opcua-constants";
+import { CertificateManager } from "node-opcua-certificate-manager";
+import { Certificate, readCertificate } from "node-opcua-crypto";
 
 import { CreateSigningRequestResult, PushCertificateManager } from "../push_certificate_manager";
 
-import { installCertificateExpirationAlarm } from "./install_CertificateAlarm";
 import { PushCertificateManagerServerImpl, PushCertificateManagerServerOptions } from "./push_certificate_manager_server_impl";
 import { installAccessRestrictionOnTrustList, promoteTrustList } from "./promote_trust_list";
 import { hasEncryptedChannel, hasExpectedUserAccess } from "./tools";
 import { rolePermissionAdminOnly, rolePermissionRestricted } from "./roles_and_permissions";
+import { installCertificateFileWatcher } from "./install_certificate_file_watcher";
 
 const debugLog = make_debugLog("ServerConfiguration");
 const doDebug = checkDebugFlag("ServerConfiguration");
@@ -247,38 +258,136 @@ async function _applyChanges(
     return { statusCode };
 }
 
+function getCertificateFilename(certificateManager: CertificateManager): string {
+    return path.join(certificateManager.rootDir, "own/certs/certificate.pem"); // to do , find a better way
+}
+async function getCertificate(certificateManager: CertificateManager): Promise<Certificate | null> {
+    try {
+        const certificateFile = getCertificateFilename(certificateManager);
+        if (fs.existsSync(certificateFile)) {
+            const certificate = await readCertificate(certificateFile);
+            return certificate;
+        }
+        return null;
+    } catch (err) {
+        warningLog("getCertificate Error", (err as Error).message);
+        return null;
+    }
+}
+
+function bindCertificateGroup(certificateGroup: UACertificateGroup, certificateManager?: CertificateManager) {
+    if (certificateManager) {
+        const certificateFile = getCertificateFilename(certificateManager);
+        const changeDetector = installCertificateFileWatcher(certificateGroup, certificateFile);
+        changeDetector.on("certificateChange", () => {
+            debugLog("detecting certificate change", certificateFile);
+            updateCertificateAlarm();
+        });
+    }
+
+    async function updateCertificateAlarm() {
+        try {
+            debugLog("updateCertificateAlarm", certificateGroup.browseName.toString());
+            const certificateExpired = certificateGroup.getComponentByName("CertificateExpired");
+            if (certificateExpired && certificateManager) {
+                const certificateExpiredEx = certificateExpired as unknown as UACertificateExpirationAlarmEx;
+                const certificate = await getCertificate(certificateManager);
+                certificateExpiredEx.setCertificate(certificate);
+            }
+        } catch (err) {
+            warningLog("updateCertificateAlarm Error", (err as Error).message);
+        }
+    }
+
+    const addressSpace = certificateGroup.addressSpace;
+    if (!certificateManager) {
+        return;
+    }
+    const trustList = certificateGroup.getComponentByName("TrustList");
+    if (trustList) {
+        (trustList as any).$$certificateManager = certificateManager;
+    }
+    const certificateExpired = certificateGroup.getComponentByName("CertificateExpired");
+    if (certificateExpired) {
+        (certificateExpired as any).$$certificateManager = certificateManager;
+        // install alarm handling
+        const timerId = setInterval(updateCertificateAlarm, 60 * 1000);
+        addressSpace.registerShutdownTask(() => clearInterval(timerId));
+        updateCertificateAlarm();
+    }
+}
+
 function bindCertificateManager(addressSpace: AddressSpace, options: PushCertificateManagerServerOptions) {
     const serverConfiguration = addressSpace.rootFolder.objects.server.getChildByName(
         "ServerConfiguration"
     )! as UAServerConfiguration;
 
-    const defaultApplicationGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultApplicationGroup");
+    const defaultApplicationGroup = serverConfiguration.certificateGroups.getComponentByName(
+        "DefaultApplicationGroup"
+    ) as UACertificateGroup | null;
     if (defaultApplicationGroup) {
-        const trustList = defaultApplicationGroup.getComponentByName("TrustList");
-        if (trustList) {
-            (trustList as any).$$certificateManager = options.applicationGroup;
-        }
+        bindCertificateGroup(defaultApplicationGroup, options.applicationGroup);
     }
-    const defaultTokenGroup = serverConfiguration.certificateGroups.getComponentByName("DefaultUserTokenGroup");
+    const defaultTokenGroup = serverConfiguration.certificateGroups.getComponentByName(
+        "DefaultUserTokenGroup"
+    ) as UACertificateGroup | null;
     if (defaultTokenGroup) {
-        const trustList = defaultTokenGroup.getComponentByName("TrustList");
-        if (trustList) {
-            (trustList as any).$$certificateManager = options.userTokenGroup;
-        }
+        bindCertificateGroup(defaultTokenGroup, options.userTokenGroup);
+    }
+}
+
+function setNotifierOfChain(childObject: UAObject | null) {
+    if (!childObject) {
+        return;
+    }
+    const parentObject: UAObject | null = childObject.parent as UAObject | null;
+    if (!parentObject) {
+        return;
     }
+    const notifierOf = childObject.findReferencesEx("HasNotifier", BrowseDirection.Inverse);
+    if (notifierOf.length === 0) {
+        const notifierOfNode = childObject.addReference({
+            referenceType: "HasNotifier",
+            nodeId: parentObject.nodeId,
+            isForward: false
+        });
+    }
+    parentObject.setEventNotifier(parentObject.eventNotifier | EventNotifierFlags.SubscribeToEvents);
+    if (parentObject.nodeId.namespace === 0 && parentObject.nodeId.value === ObjectIds.Server) {
+        return;
+    }
+    setNotifierOfChain(parentObject);
 }
 
-export async function promoteCertificateGroup(certificateGroup: UAObject) {
+export async function promoteCertificateGroup(certificateGroup: UACertificateGroup): Promise<void> {
     const trustList = certificateGroup.getChildByName("TrustList") as UATrustList;
     if (trustList) {
-        promoteTrustList(trustList);
-    }
+        await promoteTrustList(trustList);
+    }
+    if (!certificateGroup.certificateExpired) {
+        const namespace = certificateGroup.addressSpace.getOwnNamespace();
+
+        // certificateGroup.
+        UACertificateExpirationAlarmImpl.instantiate(namespace, "CertificateExpirationAlarmType", {
+            browseName: coerceQualifiedName("0:CertificateExpired"),
+            componentOf: certificateGroup,
+            conditionSource: null,
+            conditionOf: certificateGroup,
+            inputNode: NodeId.nullNodeId,
+            normalState: NodeId.nullNodeId,
+            optionals: ["ExpirationLimit"]
+        });
+    }
+    certificateGroup.setEventNotifier(EventNotifierFlags.SubscribeToEvents);
+    setNotifierOfChain(certificateGroup);
 }
 
 export async function installPushCertificateManagement(
     addressSpace: AddressSpace,
     options: PushCertificateManagerServerOptions
 ): Promise<void> {
+    addressSpace.installAlarmsAndConditionsService();
+
     const serverConfiguration = addressSpace.rootFolder.objects.server.getChildByName(
         "ServerConfiguration"
     )! as UAServerConfiguration;
@@ -322,8 +431,8 @@ export async function installPushCertificateManagement(
             }
         }
         for (const group of certificateGroups.getComponents()) {
-            group?.setRolePermissions(rolePermissionAdminOnly);
-            group?.setAccessRestrictions(AccessRestrictionsFlag.SigningRequired | AccessRestrictionsFlag.EncryptionRequired);
+            group.setRolePermissions(rolePermissionAdminOnly);
+            group.setAccessRestrictions(AccessRestrictionsFlag.SigningRequired | AccessRestrictionsFlag.EncryptionRequired);
             if (group.nodeClass === NodeClass.Object) {
                 installAccessRestrictionOnGroup(group as UAObject);
             }
@@ -359,7 +468,7 @@ export async function installPushCertificateManagement(
         serverConfiguration.applyChanges!.bindMethod(_applyChanges);
     }
 
-    installCertificateExpirationAlarm(addressSpace);
+    //xx installCertificateExpirationAlarm(addressSpace);
 
     const cg = serverConfiguration.certificateGroups.getComponents();
 
@@ -370,11 +479,18 @@ export async function installPushCertificateManagement(
         arrayType: VariantArrayType.Array,
         value: [resolveNodeId(ObjectTypeIds.RsaSha256ApplicationCertificateType)]
     });
+
+    const certificateGroupType = addressSpace.findObjectType("CertificateGroupType")!;
+
     for (const certificateGroup of cg) {
         if (certificateGroup.nodeClass !== NodeClass.Object) {
             continue;
         }
-        await promoteCertificateGroup(certificateGroup as UAObject);
+        const o = certificateGroup as UAObject;
+        if (!o.typeDefinitionObj.isSupertypeOf(certificateGroupType)) {
+            continue;
+        }
+        await promoteCertificateGroup(certificateGroup as UACertificateGroup);
     }
     await bindCertificateManager(addressSpace, options);
 }

package/source/server/push_certificate_manager_server_impl.ts

@@ -6,11 +6,7 @@ import * as fs from "fs";
 import * as path from "path";
 import { promisify} from "util";
 import * as rimraf from "rimraf";
-
-
-// node 14 onward : import {  readFile, writeFile, readdir } from "fs/promises";
-const { readFile, writeFile, readdir } = fs.promises;
-
+import { SubjectOptions } from "node-opcua-pki";
 import { assert } from "node-opcua-assert";
 import { ByteString, StatusCodes } from "node-opcua-basic-types";
 import {
@@ -41,7 +37,10 @@ import {
     PushCertificateManager,
     UpdateCertificateResult
 } from "../push_certificate_manager";
-import { SubjectOptions } from "node-opcua-pki";
+
+// node 14 onward : import {  readFile, writeFile, readdir } from "fs/promises";
+const { readFile, writeFile, readdir } = fs.promises;
+
 
 const debugLog = make_debugLog("ServerConfiguration");
 const errorLog = make_errorLog("ServerConfiguration");
@@ -284,7 +283,7 @@ export class PushCertificateManagerServerImpl extends EventEmitter implements Pu
                 await fs.promises.mkdir(location);
             }
 
-            let destCertificateManager = certificateManager;
+            const destCertificateManager = certificateManager;
             const keySize = (certificateManager as any).keySize; // because keySize is private !
             certificateManager = new CertificateManager({
                 keySize,

package/source/server/tools.ts

@@ -1,4 +1,4 @@
-import { ISessionContext, SessionContext, WellKnownRoles } from "node-opcua-address-space";
+import { ISessionContext, WellKnownRoles } from "node-opcua-address-space";
 import { MessageSecurityMode } from "node-opcua-secure-channel";
 
 export function hasExpectedUserAccess(context: ISessionContext) {

package/source/server/trust_list_server.ts

@@ -1,8 +1,8 @@
-import { OPCUACertificateManager } from "node-opcua-certificate-manager";
-import { TrustListDataType } from "node-opcua-types";
-
 import *as fs from "fs";
 import * as path from "path";
+
+import { OPCUACertificateManager } from "node-opcua-certificate-manager";
+import { TrustListDataType } from "node-opcua-types";
 import { AbstractFs } from "node-opcua-file-transfer";
 import { BinaryStream } from "node-opcua-binary-stream";
 import { readCertificate, readCertificateRevocationList } from "node-opcua-crypto";

package/dist/push_certificate_manager_helpers.d.ts

@@ -1,6 +0,0 @@
-/**
- * @module node-opcua-server-configuration
- */
-import { AddressSpace } from "node-opcua-address-space";
-import { PushCertificateManagerServerOptions } from "./server/push_certificate_manager_server_impl";
-export declare function installPushCertificateManagement(addressSpace: AddressSpace, options: PushCertificateManagerServerOptions): void;

package/dist/push_certificate_manager_helpers.js

@@ -1,221 +0,0 @@
-"use strict";
-/**
- * @module node-opcua-server-configuration
- */
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.installPushCertificateManagement = void 0;
-const util_1 = require("util");
-const node_opcua_debug_1 = require("node-opcua-debug");
-const node_opcua_status_code_1 = require("node-opcua-status-code");
-const node_opcua_variant_1 = require("node-opcua-variant");
-const install_CertificateAlarm_1 = require("./server/install_CertificateAlarm");
-const push_certificate_manager_server_impl_1 = require("./server/push_certificate_manager_server_impl");
-const debugLog = node_opcua_debug_1.make_debugLog("ServerConfiguration");
-const doDebug = node_opcua_debug_1.checkDebugFlag("ServerConfiguration");
-const errorLog = debugLog;
-function hasExpectedUserAccess(context) {
-    if (!context ||
-        !context.session ||
-        !context.session.userIdentityToken) {
-        return false;
-    }
-    const currentUserRole = context.getCurrentUserRole();
-    return !!currentUserRole.match("SecurityAdmin");
-}
-function hasEncryptedChannel(context) {
-    // todo
-    return true;
-}
-function expected(variant, dataType, variantArrayType) {
-    if (!variant) {
-        return false;
-    }
-    if (variant.dataType !== dataType) {
-        return false;
-    }
-    if (variant.arrayType !== variantArrayType) {
-        return false;
-    }
-    return true;
-}
-function getPushCertificateManager(method) {
-    const serverConfiguration = method.addressSpace.rootFolder.objects.server.serverConfiguration;
-    const serverConfigurationPriv = serverConfiguration;
-    if (serverConfigurationPriv.$pushCertificateManager) {
-        return serverConfigurationPriv.$pushCertificateManager;
-    }
-    // throw new Error("Cannot find pushCertificateManager object");
-    return null;
-}
-function _createSigningRequest(inputArguments, context) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const certificateGroupIdVariant = inputArguments[0];
-        const certificateTypeIdVariant = inputArguments[1];
-        const subjectNameVariant = inputArguments[2];
-        const regeneratePrivateKeyVariant = inputArguments[3];
-        const nonceVariant = inputArguments[4];
-        if (!expected(certificateGroupIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        if (!expected(certificateTypeIdVariant, node_opcua_variant_1.DataType.NodeId, node_opcua_variant_1.VariantArrayType.Scalar)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        if (!expected(subjectNameVariant, node_opcua_variant_1.DataType.String, node_opcua_variant_1.VariantArrayType.Scalar)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        if (!expected(regeneratePrivateKeyVariant, node_opcua_variant_1.DataType.Boolean, node_opcua_variant_1.VariantArrayType.Scalar)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        if (!expected(regeneratePrivateKeyVariant, node_opcua_variant_1.DataType.Boolean, node_opcua_variant_1.VariantArrayType.Scalar)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        if (!hasEncryptedChannel(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
-        }
-        if (!hasExpectedUserAccess(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
-        }
-        const certificateGroupId = certificateGroupIdVariant.value;
-        const certificateTypeId = certificateTypeIdVariant.value;
-        const subjectName = subjectNameVariant.value;
-        const regeneratePrivateKey = regeneratePrivateKeyVariant.value;
-        const nonce = nonceVariant.value;
-        const pushCertificateManager = getPushCertificateManager(this);
-        if (!pushCertificateManager) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
-        }
-        const result = yield pushCertificateManager.createSigningRequest(certificateGroupId, certificateTypeId, subjectName, regeneratePrivateKey, nonce);
-        if (result.statusCode !== node_opcua_status_code_1.StatusCodes.Good) {
-            return { statusCode: result.statusCode };
-        }
-        const callMethodResult = {
-            outputArguments: [
-                {
-                    dataType: node_opcua_variant_1.DataType.ByteString,
-                    value: result.certificateSigningRequest
-                }
-            ],
-            statusCode: result.statusCode
-        };
-        return callMethodResult;
-    });
-}
-function _updateCertificate(inputArguments, context) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const certificateGroupId = inputArguments[0].value;
-        const certificateTypeId = inputArguments[1].value;
-        const certificate = inputArguments[2].value;
-        const issuerCertificates = inputArguments[3].value;
-        const privateKeyFormat = inputArguments[4].value;
-        const privateKey = inputArguments[5].value;
-        // This Method requires an encrypted channel and that the Client provides credentials with
-        // administrative rights on the Server
-        if (!hasEncryptedChannel(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
-        }
-        if (!hasExpectedUserAccess(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
-        }
-        if (privateKeyFormat && privateKeyFormat !== "" && privateKeyFormat.toLowerCase() !== "pem") {
-            errorLog("_updateCertificate: Invalid PEM format requested " + privateKeyFormat);
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadInvalidArgument };
-        }
-        const pushCertificateManager = getPushCertificateManager(this);
-        if (!pushCertificateManager) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
-        }
-        const result = yield pushCertificateManager.updateCertificate(certificateGroupId, certificateTypeId, certificate, issuerCertificates, privateKeyFormat, privateKey);
-        // todo   raise a CertificateUpdatedAuditEventType
-        if (result.statusCode !== node_opcua_status_code_1.StatusCodes.Good) {
-            return { statusCode: result.statusCode };
-        }
-        const callMethodResult = {
-            outputArguments: [
-                {
-                    dataType: node_opcua_variant_1.DataType.Boolean,
-                    value: !!result.applyChangesRequired
-                }
-            ],
-            statusCode: result.statusCode
-        };
-        return callMethodResult;
-    });
-}
-function _getRejectedList(inputArguments, context) {
-    return __awaiter(this, void 0, void 0, function* () {
-        if (!hasEncryptedChannel(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
-        }
-        if (!hasExpectedUserAccess(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
-        }
-        const pushCertificateManager = getPushCertificateManager(this);
-        if (!pushCertificateManager) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
-        }
-        const result = yield pushCertificateManager.getRejectedList();
-        if (result.statusCode !== node_opcua_status_code_1.StatusCodes.Good) {
-            return { statusCode: result.statusCode };
-        }
-        return {
-            outputArguments: [
-                {
-                    arrayType: node_opcua_variant_1.VariantArrayType.Array,
-                    dataType: node_opcua_variant_1.DataType.ByteString,
-                    value: result.certificates
-                }
-            ],
-            statusCode: node_opcua_status_code_1.StatusCodes.Good
-        };
-    });
-}
-function _applyChanges(inputArguments, context) {
-    return __awaiter(this, void 0, void 0, function* () {
-        // This Method requires an encrypted channel and that the Client provide credentials with
-        // administrative rights on the Server.
-        if (!hasEncryptedChannel(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadSecurityModeInsufficient };
-        }
-        if (!hasExpectedUserAccess(context)) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadUserAccessDenied };
-        }
-        const pushCertificateManager = getPushCertificateManager(this);
-        if (!pushCertificateManager) {
-            return { statusCode: node_opcua_status_code_1.StatusCodes.BadNotImplemented };
-        }
-        const statusCode = yield pushCertificateManager.applyChanges();
-        return { statusCode };
-    });
-}
-function installPushCertificateManagement(addressSpace, options) {
-    const serverConfiguration = addressSpace.rootFolder.objects.server.serverConfiguration;
-    const serverConfigurationPriv = serverConfiguration;
-    if (serverConfigurationPriv.$pushCertificateManager) {
-        return;
-        throw new Error("PushCertificateManagement has already been installed");
-    }
-    serverConfigurationPriv.$pushCertificateManager = new push_certificate_manager_server_impl_1.PushCertificateManagerServerImpl(options);
-    serverConfiguration.supportedPrivateKeyFormats.setValueFromSource({
-        arrayType: node_opcua_variant_1.VariantArrayType.Array,
-        dataType: node_opcua_variant_1.DataType.String,
-        value: ["PEM"]
-    });
-    serverConfiguration.createSigningRequest.bindMethod(util_1.callbackify(_createSigningRequest));
-    serverConfiguration.updateCertificate.bindMethod(util_1.callbackify(_updateCertificate));
-    serverConfiguration.getRejectedList.bindMethod(util_1.callbackify(_getRejectedList));
-    if (serverConfiguration.applyChanges) {
-        serverConfiguration.applyChanges.bindMethod(util_1.callbackify(_applyChanges));
-    }
-    install_CertificateAlarm_1.installCertificateExpirationAlarm(addressSpace);
-}
-exports.installPushCertificateManagement = installPushCertificateManagement;
-//# sourceMappingURL=push_certificate_manager_helpers.js.map

package/dist/push_certificate_manager_helpers.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"push_certificate_manager_helpers.js","sourceRoot":"","sources":["../source/push_certificate_manager_helpers.ts"],"names":[],"mappings":";AAAA;;GAEG;;;;;;;;;;;;AAEH,+BAAmC;AAGnC,uDAAiE;AAEjE,mEAAqD;AAErD,2DAAyE;AAIzE,gFAE2C;AAC3C,wGAGuD;AAEvD,MAAM,QAAQ,GAAG,gCAAa,CAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,OAAO,GAAG,iCAAc,CAAC,qBAAqB,CAAC,CAAC;AACtD,MAAM,QAAQ,GAAG,QAAQ,CAAC;AAE1B,SAAS,qBAAqB,CAAC,OAAuB;IAClD,IAAI,CAAC,OAAO;QACV,CAAC,OAAO,CAAC,OAAO;QAChB,CAAC,OAAO,CAAC,OAAO,CAAC,iBAAiB,EAAE;QAClC,OAAO,KAAK,CAAC;KAChB;IACD,MAAM,eAAe,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC;IACrD,OAAO,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,mBAAmB,CAAC,OAAuB;IAChD,OAAO;IACP,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,QAAQ,CACf,OAA4B,EAC5B,QAAkB,EAClB,gBAAkC;IAEhC,IAAI,CAAC,OAAO,EAAE;QACV,OAAO,KAAK,CAAC;KAChB;IACD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;QAC/B,OAAO,KAAK,CAAC;KAChB;IACD,IAAI,OAAO,CAAC,SAAS,KAAK,gBAAgB,EAAE;QACxC,OAAO,KAAK,CAAC;KAChB;IACD,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,SAAS,yBAAyB,CAAC,MAAgB;IAE/C,MAAM,mBAAmB,GAAG,MAAM,CAAC,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAC;IAC9F,MAAM,uBAAuB,GAAG,mBAA0B,CAAC;IAC3D,IAAI,uBAAuB,CAAC,uBAAuB,EAAE;QACjD,OAAO,uBAAuB,CAAC,uBAAuB,CAAC;KAC1D;IACD,gEAAgE;IAChE,OAAO,IAAI,CAAC;AAChB,CAAC;AAED,SAAe,qBAAqB,CAElC,cAAyB,EACzB,OAAuB;;QAGrB,MAAM,yBAAyB,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,wBAAwB,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QACnD,MAAM,kBAAkB,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QAC7C,MAAM,2BAA2B,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QACtD,MAAM,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,CAAC,yBAAyB,EAAE,6BAAQ,CAAC,MAAM,EAAE,qCAAgB,CAAC,MAAM,CAAC,EAAE;YAChF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QACD,IAAI,CAAC,QAAQ,CAAC,wBAAwB,EAAE,6BAAQ,CAAC,MAAM,EAAE,qCAAgB,CAAC,MAAM,CAAC,EAAE;YAC/E,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QACD,IAAI,CAAC,QAAQ,CAAC,kBAAkB,EAAE,6BAAQ,CAAC,MAAM,EAAE,qCAAgB,CAAC,MAAM,CAAC,EAAE;YACzE,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QACD,IAAI,CAAC,QAAQ,CAAC,2BAA2B,EAAE,6BAAQ,CAAC,OAAO,EAAE,qCAAgB,CAAC,MAAM,CAAC,EAAE;YACnF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QACD,IAAI,CAAC,QAAQ,CAAC,2BAA2B,EAAE,6BAAQ,CAAC,OAAO,EAAE,qCAAgB,CAAC,MAAM,CAAC,EAAE;YACnF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QAED,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;SAClE;QAED,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE;YACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;SAC1D;QAED,MAAM,kBAAkB,GAAG,yBAAyB,CAAC,KAAe,CAAC;QACrE,MAAM,iBAAiB,GAAG,wBAAwB,CAAC,KAAe,CAAC;QACnE,MAAM,WAAW,GAAG,kBAAkB,CAAC,KAAe,CAAC;QACvD,MAAM,oBAAoB,GAAG,2BAA2B,CAAC,KAAgB,CAAC;QAC1E,MAAM,KAAK,GAAG,YAAY,CAAC,KAAe,CAAC;QAE3C,MAAM,sBAAsB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,CAAC,sBAAsB,EAAE;YACzB,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,iBAAiB,EAAE,CAAC;SACxD;QACD,MAAM,MAAM,GAA+B,MAAM,sBAAsB,CAAC,oBAAoB,CAC1F,kBAAkB,EAClB,iBAAiB,EACjB,WAAW,EACX,oBAAoB,EACpB,KAAK,CACN,CAAC;QAEF,IAAI,MAAM,CAAC,UAAU,KAAK,oCAAW,CAAC,IAAI,EAAE;YACxC,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;SAC5C;QAED,MAAM,gBAAgB,GAAG;YACrB,eAAe,EAAE;gBACb;oBACI,QAAQ,EAAE,6BAAQ,CAAC,UAAU;oBAC7B,KAAK,EAAE,MAAM,CAAC,yBAAyB;iBAC1C;aACJ;YACD,UAAU,EAAE,MAAM,CAAC,UAAU;SAChC,CAAC;QACF,OAAO,gBAAgB,CAAC;IAC5B,CAAC;CAAA;AAED,SAAe,kBAAkB,CAE/B,cAAyB,EACzB,OAAuB;;QAGrB,MAAM,kBAAkB,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QACrE,MAAM,iBAAiB,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QACpE,MAAM,WAAW,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAe,CAAC;QAC9D,MAAM,kBAAkB,GAAa,cAAc,CAAC,CAAC,CAAC,CAAC,KAAiB,CAAC;QACzE,MAAM,gBAAgB,GAAa,cAAc,CAAC,CAAC,CAAC,CAAC,KAAiB,CAAC;QACvE,MAAM,UAAU,GAAW,cAAc,CAAC,CAAC,CAAC,CAAC,KAAmB,CAAC;QAEjE,0FAA0F;QAC1F,sCAAsC;QACtC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;SAClE;QACD,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE;YACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;SAC1D;QAED,IAAI,gBAAgB,IAAI,gBAAgB,KAAK,EAAE,IAAI,gBAAgB,CAAC,WAAW,EAAE,KAAK,KAAK,EAAE;YACzF,QAAQ,CAAC,mDAAmD,GAAG,gBAAgB,CAAC,CAAC;YACjF,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,kBAAkB,EAAE,CAAC;SACzD;QAED,MAAM,sBAAsB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,CAAC,sBAAsB,EAAE;YACzB,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,iBAAiB,EAAE,CAAC;SACxD;QAED,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,iBAAiB,CAC3D,kBAAkB,EAClB,iBAAiB,EACjB,WAAW,EACX,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,CACX,CAAC;QAEF,kDAAkD;QAElD,IAAI,MAAM,CAAC,UAAU,KAAK,oCAAW,CAAC,IAAI,EAAE;YACxC,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;SAC5C;QACD,MAAM,gBAAgB,GAAG;YACrB,eAAe,EAAE;gBACb;oBACI,QAAQ,EAAE,6BAAQ,CAAC,OAAO;oBAC1B,KAAK,EAAE,CAAC,CAAC,MAAM,CAAC,oBAAqB;iBAAE;aAC9C;YACD,UAAU,EAAE,MAAM,CAAC,UAAU;SAChC,CAAC;QACF,OAAO,gBAAgB,CAAC;IAC5B,CAAC;CAAA;AAED,SAAe,gBAAgB,CAE7B,cAAyB,EACzB,OAAuB;;QAGrB,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;SAClE;QACD,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE;YACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;SAC1D;QAED,MAAM,sBAAsB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,CAAC,sBAAsB,EAAE;YACzB,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,iBAAiB,EAAE,CAAC;SACxD;QAED,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,eAAe,EAAE,CAAC;QAE9D,IAAI,MAAM,CAAC,UAAU,KAAK,oCAAW,CAAC,IAAI,EAAE;YACxC,OAAO,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC;SAC5C;QAED,OAAO;YACH,eAAe,EAAE;gBACb;oBACI,SAAS,EAAE,qCAAgB,CAAC,KAAK;oBACjC,QAAQ,EAAE,6BAAQ,CAAC,UAAU;oBAC7B,KAAK,EAAE,MAAM,CAAC,YAAY;iBAC7B;aACJ;YACD,UAAU,EAAE,oCAAW,CAAC,IAAI;SAC/B,CAAC;IACN,CAAC;CAAA;AAED,SAAe,aAAa,CAE1B,cAAyB,EACzB,OAAuB;;QAGrB,yFAAyF;QACzF,uCAAuC;QACvC,IAAI,CAAC,mBAAmB,CAAC,OAAO,CAAC,EAAE;YAC/B,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,2BAA2B,EAAE,CAAC;SAClE;QACD,IAAI,CAAC,qBAAqB,CAAC,OAAO,CAAC,EAAE;YACjC,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,mBAAmB,EAAE,CAAC;SAC1D;QAED,MAAM,sBAAsB,GAAG,yBAAyB,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,CAAC,sBAAsB,EAAE;YACzB,OAAO,EAAE,UAAU,EAAE,oCAAW,CAAC,iBAAiB,EAAE,CAAC;SACxD;QACD,MAAM,UAAU,GAAG,MAAM,sBAAsB,CAAC,YAAY,EAAE,CAAC;QAC/D,OAAO,EAAE,UAAU,EAAE,CAAC;IAC1B,CAAC;CAAA;AAED,SAAgB,gCAAgC,CAC9C,YAA0B,EAC1B,OAA4C;IAG1C,MAAM,mBAAmB,GAAG,YAAY,CAAC,UAAU,CAAC,OAAO,CAAC,MAAM,CAAC,mBAAmB,CAAC;IAEvF,MAAM,uBAAuB,GAAG,mBAA0B,CAAC;IAC3D,IAAI,uBAAuB,CAAC,uBAAuB,EAAE;QAClD,OAAO;QACP,MAAM,IAAI,KAAK,CAAC,sDAAsD,CAAC,CAAC;KAC1E;IACD,uBAAuB,CAAC,uBAAuB,GAAG,IAAI,uEAAgC,CAAC,OAAO,CAAC,CAAC;IAEhG,mBAAmB,CAAC,0BAA0B,CAAC,kBAAkB,CAAC;QAC9D,SAAS,EAAE,qCAAgB,CAAC,KAAK;QACjC,QAAQ,EAAE,6BAAQ,CAAC,MAAM;QACzB,KAAK,EAAE,CAAC,KAAK,CAAC;KACjB,CAAC,CAAC;IAEH,mBAAmB,CAAC,oBAAoB,CAAC,UAAU,CAAC,kBAAW,CAAC,qBAAqB,CAAC,CAAC,CAAC;IAExF,mBAAmB,CAAC,iBAAiB,CAAC,UAAU,CAAC,kBAAW,CAAC,kBAAkB,CAAC,CAAC,CAAC;IAElF,mBAAmB,CAAC,eAAe,CAAC,UAAU,CAAC,kBAAW,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAE9E,IAAI,mBAAmB,CAAC,YAAY,EAAE;QAClC,mBAAmB,CAAC,YAAa,CAAC,UAAU,CAAC,kBAAW,CAAC,aAAa,CAAC,CAAC,CAAC;KAC5E;IAED,4DAAiC,CAAC,YAAY,CAAC,CAAC;AAEpD,CAAC;AAhCD,4EAgCC"}