piral-oidc 1.9.0-beta.8186 → 1.9.0-beta.8196

package/piral-oidc.min.js

@@ -1,107 +1 @@
-var piralOidc=(()=>{var Ar=Object.create;var Be=Object.defineProperty;var kr=Object.getOwnPropertyDescriptor;var Pr=Object.getOwnPropertyNames;var Cr=Object.getPrototypeOf,Tr=Object.prototype.hasOwnProperty;var Rr=(rt,p)=>()=>(p||rt((p={exports:{}}).exports,p),p.exports),Ir=(rt,p)=>{for(var j in p)Be(rt,j,{get:p[j],enumerable:!0})},cr=(rt,p,j,T)=>{if(p&&typeof p=="object"||typeof p=="function")for(let l of Pr(p))!Tr.call(rt,l)&&l!==j&&Be(rt,l,{get:()=>p[l],enumerable:!(T=kr(p,l))||T.enumerable});return rt};var Dr=(rt,p,j)=>(j=rt!=null?Ar(Cr(rt)):{},cr(p||!rt||!rt.__esModule?Be(j,"default",{value:rt,enumerable:!0}):j,rt)),Lr=rt=>cr(Be({},"__esModule",{value:!0}),rt);var hr=Rr((Te,ze)=>{(function(p,j){if(typeof Te=="object"&&typeof ze=="object")ze.exports=j();else if(typeof define=="function"&&define.amd)define([],j);else{var T=j();for(var l in T)(typeof Te=="object"?Te:p)[l]=T[l]}})(Te,function(){return function(rt){var p={};function j(T){if(p[T])return p[T].exports;var l=p[T]={i:T,l:!1,exports:{}};return rt[T].call(l.exports,l,l.exports,j),l.l=!0,l.exports}return j.m=rt,j.c=p,j.d=function(T,l,k){j.o(T,l)||Object.defineProperty(T,l,{enumerable:!0,get:k})},j.r=function(T){typeof Symbol<"u"&&Symbol.toStringTag&&Object.defineProperty(T,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(T,"__esModule",{value:!0})},j.t=function(T,l){if(1&l&&(T=j(T)),8&l||4&l&&typeof T=="object"&&T&&T.__esModule)return T;var k=Object.create(null);if(j.r(k),Object.defineProperty(k,"default",{enumerable:!0,value:T}),2&l&&typeof T!="string")for(var m in T)j.d(k,m,function(a){return T[a]}.bind(null,m));return k},j.n=function(T){var l=T&&T.__esModule?function(){return T.default}:function(){return T};return j.d(l,"a",l),l},j.o=function(T,l){return Object.prototype.hasOwnProperty.call(T,l)},j.p="",j(j.s=22)}([function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0});var T=function(){function a(u,o){for(var d=0;d<o.length;d++){var P=o[d];P.enumerable=P.enumerable||!1,P.configurable=!0,"value"in P&&(P.writable=!0),Object.defineProperty(u,P.key,P)}}return function(u,o,d){return o&&a(u.prototype,o),d&&a(u,d),u}}(),l={debug:function(){},info:function(){},warn:function(){},error:function(){}},k=void 0,m=void 0;(p.Log=function(){function a(){(function(o,d){if(!(o instanceof d))throw new TypeError("Cannot call a class as a function")})(this,a)}return a.reset=function(){m=3,k=l},a.debug=function(){if(m>=4){for(var o=arguments.length,d=Array(o),P=0;P<o;P++)d[P]=arguments[P];k.debug.apply(k,Array.from(d))}},a.info=function(){if(m>=3){for(var o=arguments.length,d=Array(o),P=0;P<o;P++)d[P]=arguments[P];k.info.apply(k,Array.from(d))}},a.warn=function(){if(m>=2){for(var o=arguments.length,d=Array(o),P=0;P<o;P++)d[P]=arguments[P];k.warn.apply(k,Array.from(d))}},a.error=function(){if(m>=1){for(var o=arguments.length,d=Array(o),P=0;P<o;P++)d[P]=arguments[P];k.error.apply(k,Array.from(d))}},T(a,null,[{key:"NONE",get:function(){return 0}},{key:"ERROR",get:function(){return 1}},{key:"WARN",get:function(){return 2}},{key:"INFO",get:function(){return 3}},{key:"DEBUG",get:function(){return 4}},{key:"level",get:function(){return m},set:function(o){if(!(0<=o&&o<=4))throw new Error("Invalid log level");m=o}},{key:"logger",get:function(){return k},set:function(o){if(!o.debug&&o.info&&(o.debug=o.info),!(o.debug&&o.info&&o.warn&&o.error))throw new Error("Invalid logger");k=o}}]),a}()).reset()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0});var T=function(){function a(u,o){for(var d=0;d<o.length;d++){var P=o[d];P.enumerable=P.enumerable||!1,P.configurable=!0,"value"in P&&(P.writable=!0),Object.defineProperty(u,P.key,P)}}return function(u,o,d){return o&&a(u.prototype,o),d&&a(u,d),u}}(),l={setInterval:function(a){function u(o,d){return a.apply(this,arguments)}return u.toString=function(){return a.toString()},u}(function(a,u){return setInterval(a,u)}),clearInterval:function(a){function u(o){return a.apply(this,arguments)}return u.toString=function(){return a.toString()},u}(function(a){return clearInterval(a)})},k=!1,m=null;p.Global=function(){function a(){(function(o,d){if(!(o instanceof d))throw new TypeError("Cannot call a class as a function")})(this,a)}return a._testing=function(){k=!0},a.setXMLHttpRequest=function(o){m=o},T(a,null,[{key:"location",get:function(){if(!k)return location}},{key:"localStorage",get:function(){if(!k&&typeof window<"u")return localStorage}},{key:"sessionStorage",get:function(){if(!k&&typeof window<"u")return sessionStorage}},{key:"XMLHttpRequest",get:function(){if(!k&&typeof window<"u")return m||XMLHttpRequest}},{key:"timer",get:function(){if(!k)return l}}]),a}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.MetadataService=void 0;var T=function(){function u(o,d){for(var P=0;P<d.length;P++){var b=d[P];b.enumerable=b.enumerable||!1,b.configurable=!0,"value"in b&&(b.writable=!0),Object.defineProperty(o,b.key,b)}}return function(o,d,P){return d&&u(o.prototype,d),P&&u(o,P),o}}(),l=j(0),k=j(7);function m(u,o){if(!(u instanceof o))throw new TypeError("Cannot call a class as a function")}var a=".well-known/openid-configuration";p.MetadataService=function(){function u(o){var d=arguments.length>1&&arguments[1]!==void 0?arguments[1]:k.JsonService;if(m(this,u),!o)throw l.Log.error("MetadataService: No settings passed to MetadataService"),new Error("settings");this._settings=o,this._jsonService=new d(["application/jwk-set+json"])}return u.prototype.resetSigningKeys=function(){this._settings=this._settings||{},this._settings.signingKeys=void 0},u.prototype.getMetadata=function(){var d=this;return this._settings.metadata?(l.Log.debug("MetadataService.getMetadata: Returning metadata from settings"),Promise.resolve(this._settings.metadata)):this.metadataUrl?(l.Log.debug("MetadataService.getMetadata: getting metadata from",this.metadataUrl),this._jsonService.getJson(this.metadataUrl).then(function(P){l.Log.debug("MetadataService.getMetadata: json received");var b=d._settings.metadataSeed||{};return d._settings.metadata=Object.assign({},b,P),d._settings.metadata})):(l.Log.error("MetadataService.getMetadata: No authority or metadataUrl configured on settings"),Promise.reject(new Error("No authority or metadataUrl configured on settings")))},u.prototype.getIssuer=function(){return this._getMetadataProperty("issuer")},u.prototype.getAuthorizationEndpoint=function(){return this._getMetadataProperty("authorization_endpoint")},u.prototype.getUserInfoEndpoint=function(){return this._getMetadataProperty("userinfo_endpoint")},u.prototype.getTokenEndpoint=function(){var d=!(arguments.length>0&&arguments[0]!==void 0)||arguments[0];return this._getMetadataProperty("token_endpoint",d)},u.prototype.getCheckSessionIframe=function(){return this._getMetadataProperty("check_session_iframe",!0)},u.prototype.getEndSessionEndpoint=function(){return this._getMetadataProperty("end_session_endpoint",!0)},u.prototype.getRevocationEndpoint=function(){return this._getMetadataProperty("revocation_endpoint",!0)},u.prototype.getKeysEndpoint=function(){return this._getMetadataProperty("jwks_uri",!0)},u.prototype._getMetadataProperty=function(d){var P=arguments.length>1&&arguments[1]!==void 0&&arguments[1];return l.Log.debug("MetadataService.getMetadataProperty for: "+d),this.getMetadata().then(function(b){if(l.Log.debug("MetadataService.getMetadataProperty: metadata recieved"),b[d]===void 0){if(P===!0)return void l.Log.warn("MetadataService.getMetadataProperty: Metadata does not contain optional property "+d);throw l.Log.error("MetadataService.getMetadataProperty: Metadata does not contain property "+d),new Error("Metadata does not contain property "+d)}return b[d]})},u.prototype.getSigningKeys=function(){var d=this;return this._settings.signingKeys?(l.Log.debug("MetadataService.getSigningKeys: Returning signingKeys from settings"),Promise.resolve(this._settings.signingKeys)):this._getMetadataProperty("jwks_uri").then(function(P){return l.Log.debug("MetadataService.getSigningKeys: jwks_uri received",P),d._jsonService.getJson(P).then(function(b){if(l.Log.debug("MetadataService.getSigningKeys: key set received",b),!b.keys)throw l.Log.error("MetadataService.getSigningKeys: Missing keys on keyset"),new Error("Missing keys on keyset");return d._settings.signingKeys=b.keys,d._settings.signingKeys})})},T(u,[{key:"metadataUrl",get:function(){return this._metadataUrl||(this._settings.metadataUrl?this._metadataUrl=this._settings.metadataUrl:(this._metadataUrl=this._settings.authority,this._metadataUrl&&this._metadataUrl.indexOf(a)<0&&(this._metadataUrl[this._metadataUrl.length-1]!=="/"&&(this._metadataUrl+="/"),this._metadataUrl+=a))),this._metadataUrl}}]),u}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.UrlUtility=void 0;var T=j(0),l=j(1);p.UrlUtility=function(){function k(){(function(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")})(this,k)}return k.addQueryParam=function(a,u,o){return a.indexOf("?")<0&&(a+="?"),a[a.length-1]!=="?"&&(a+="&"),a+=encodeURIComponent(u),a+="=",a+=encodeURIComponent(o)},k.parseUrlFragment=function(a){var u=arguments.length>1&&arguments[1]!==void 0?arguments[1]:"#",o=arguments.length>2&&arguments[2]!==void 0?arguments[2]:l.Global;typeof a!="string"&&(a=o.location.href);var d=a.lastIndexOf(u);d>=0&&(a=a.substr(d+1)),u==="?"&&(d=a.indexOf("#"))>=0&&(a=a.substr(0,d));for(var P,b={},H=/([^&=]+)=([^&]*)/g,C=0;P=H.exec(a);)if(b[decodeURIComponent(P[1])]=decodeURIComponent(P[2].replace(/\+/g," ")),C++>50)return T.Log.error("UrlUtility.parseUrlFragment: response exceeded expected number of parameters",a),{error:"Response exceeded expected number of parameters"};for(var A in b)return b;return{}},k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.JoseUtil=void 0;var T=j(26),l=function(m){return m&&m.__esModule?m:{default:m}}(j(33));p.JoseUtil=(0,l.default)({jws:T.jws,KeyUtil:T.KeyUtil,X509:T.X509,crypto:T.crypto,hextob64u:T.hextob64u,b64tohex:T.b64tohex,AllowedSigningAlgs:T.AllowedSigningAlgs})},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.OidcClientSettings=void 0;var T=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(A){return typeof A}:function(A){return A&&typeof Symbol=="function"&&A.constructor===Symbol&&A!==Symbol.prototype?"symbol":typeof A},l=function(){function A(F,O){for(var Y=0;Y<O.length;Y++){var M=O[Y];M.enumerable=M.enumerable||!1,M.configurable=!0,"value"in M&&(M.writable=!0),Object.defineProperty(F,M.key,M)}}return function(F,O,Y){return O&&A(F.prototype,O),Y&&A(F,Y),F}}(),k=j(0),m=j(23),a=j(6),u=j(24),o=j(2);function d(A,F){if(!(A instanceof F))throw new TypeError("Cannot call a class as a function")}var P=".well-known/openid-configuration",b="id_token",H="openid",C="client_secret_post";p.OidcClientSettings=function(){function A(){var F=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},O=F.authority,Y=F.metadataUrl,M=F.metadata,K=F.signingKeys,I=F.metadataSeed,$=F.client_id,et=F.client_secret,ot=F.response_type,B=ot===void 0?b:ot,nt=F.scope,ft=nt===void 0?H:nt,dt=F.redirect_uri,jt=F.post_logout_redirect_uri,xt=F.client_authentication,Zt=xt===void 0?C:xt,Tt=F.prompt,pt=F.display,vt=F.max_age,At=F.ui_locales,Wt=F.acr_values,Vt=F.resource,zt=F.response_mode,$t=F.filterProtocolClaims,he=$t===void 0||$t,ee=F.loadUserInfo,Ut=ee===void 0||ee,Yt=F.staleStateAge,Kt=Yt===void 0?900:Yt,U=F.clockSkew,c=U===void 0?300:U,h=F.clockService,N=h===void 0?new m.ClockService:h,q=F.userInfoJwtIssuer,J=q===void 0?"OP":q,Z=F.mergeClaims,at=Z!==void 0&&Z,lt=F.stateStore,_t=lt===void 0?new a.WebStorageStateStore:lt,yt=F.ResponseValidatorCtor,Pt=yt===void 0?u.ResponseValidator:yt,Mt=F.MetadataServiceCtor,Gt=Mt===void 0?o.MetadataService:Mt,ie=F.extraQueryParams,ht=ie===void 0?{}:ie,kt=F.extraTokenParams,mt=kt===void 0?{}:kt;d(this,A),this._authority=O,this._metadataUrl=Y,this._metadata=M,this._metadataSeed=I,this._signingKeys=K,this._client_id=$,this._client_secret=et,this._response_type=B,this._scope=ft,this._redirect_uri=dt,this._post_logout_redirect_uri=jt,this._client_authentication=Zt,this._prompt=Tt,this._display=pt,this._max_age=vt,this._ui_locales=At,this._acr_values=Wt,this._resource=Vt,this._response_mode=zt,this._filterProtocolClaims=!!he,this._loadUserInfo=!!Ut,this._staleStateAge=Kt,this._clockSkew=c,this._clockService=N,this._userInfoJwtIssuer=J,this._mergeClaims=!!at,this._stateStore=_t,this._validator=new Pt(this),this._metadataService=new Gt(this),this._extraQueryParams=(ht===void 0?"undefined":T(ht))==="object"?ht:{},this._extraTokenParams=(mt===void 0?"undefined":T(mt))==="object"?mt:{}}return A.prototype.getEpochTime=function(){return this._clockService.getEpochTime()},l(A,[{key:"client_id",get:function(){return this._client_id},set:function(O){if(this._client_id)throw k.Log.error("OidcClientSettings.set_client_id: client_id has already been assigned."),new Error("client_id has already been assigned.");this._client_id=O}},{key:"client_secret",get:function(){return this._client_secret}},{key:"response_type",get:function(){return this._response_type}},{key:"scope",get:function(){return this._scope}},{key:"redirect_uri",get:function(){return this._redirect_uri}},{key:"post_logout_redirect_uri",get:function(){return this._post_logout_redirect_uri}},{key:"client_authentication",get:function(){return this._client_authentication}},{key:"prompt",get:function(){return this._prompt}},{key:"display",get:function(){return this._display}},{key:"max_age",get:function(){return this._max_age}},{key:"ui_locales",get:function(){return this._ui_locales}},{key:"acr_values",get:function(){return this._acr_values}},{key:"resource",get:function(){return this._resource}},{key:"response_mode",get:function(){return this._response_mode}},{key:"authority",get:function(){return this._authority},set:function(O){if(this._authority)throw k.Log.error("OidcClientSettings.set_authority: authority has already been assigned."),new Error("authority has already been assigned.");this._authority=O}},{key:"metadataUrl",get:function(){return this._metadataUrl||(this._metadataUrl=this.authority,this._metadataUrl&&this._metadataUrl.indexOf(P)<0&&(this._metadataUrl[this._metadataUrl.length-1]!=="/"&&(this._metadataUrl+="/"),this._metadataUrl+=P)),this._metadataUrl}},{key:"metadata",get:function(){return this._metadata},set:function(O){this._metadata=O}},{key:"metadataSeed",get:function(){return this._metadataSeed},set:function(O){this._metadataSeed=O}},{key:"signingKeys",get:function(){return this._signingKeys},set:function(O){this._signingKeys=O}},{key:"filterProtocolClaims",get:function(){return this._filterProtocolClaims}},{key:"loadUserInfo",get:function(){return this._loadUserInfo}},{key:"staleStateAge",get:function(){return this._staleStateAge}},{key:"clockSkew",get:function(){return this._clockSkew}},{key:"userInfoJwtIssuer",get:function(){return this._userInfoJwtIssuer}},{key:"mergeClaims",get:function(){return this._mergeClaims}},{key:"stateStore",get:function(){return this._stateStore}},{key:"validator",get:function(){return this._validator}},{key:"metadataService",get:function(){return this._metadataService}},{key:"extraQueryParams",get:function(){return this._extraQueryParams},set:function(O){(O===void 0?"undefined":T(O))==="object"?this._extraQueryParams=O:this._extraQueryParams={}}},{key:"extraTokenParams",get:function(){return this._extraTokenParams},set:function(O){(O===void 0?"undefined":T(O))==="object"?this._extraTokenParams=O:this._extraTokenParams={}}}]),A}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.WebStorageStateStore=void 0;var T=j(0),l=j(1);function k(m,a){if(!(m instanceof a))throw new TypeError("Cannot call a class as a function")}p.WebStorageStateStore=function(){function m(){var a=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},u=a.prefix,o=u===void 0?"oidc.":u,d=a.store,P=d===void 0?l.Global.localStorage:d;k(this,m),this._store=P,this._prefix=o}return m.prototype.set=function(u,o){return T.Log.debug("WebStorageStateStore.set",u),u=this._prefix+u,this._store.setItem(u,o),Promise.resolve()},m.prototype.get=function(u){T.Log.debug("WebStorageStateStore.get",u),u=this._prefix+u;var o=this._store.getItem(u);return Promise.resolve(o)},m.prototype.remove=function(u){T.Log.debug("WebStorageStateStore.remove",u),u=this._prefix+u;var o=this._store.getItem(u);return this._store.removeItem(u),Promise.resolve(o)},m.prototype.getAllKeys=function(){T.Log.debug("WebStorageStateStore.getAllKeys");for(var u=[],o=0;o<this._store.length;o++){var d=this._store.key(o);d.indexOf(this._prefix)===0&&u.push(d.substr(this._prefix.length))}return Promise.resolve(u)},m}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.JsonService=void 0;var T=j(0),l=j(1);function k(m,a){if(!(m instanceof a))throw new TypeError("Cannot call a class as a function")}p.JsonService=function(){function m(){var a=arguments.length>0&&arguments[0]!==void 0?arguments[0]:null,u=arguments.length>1&&arguments[1]!==void 0?arguments[1]:l.Global.XMLHttpRequest,o=arguments.length>2&&arguments[2]!==void 0?arguments[2]:null;k(this,m),a&&Array.isArray(a)?this._contentTypes=a.slice():this._contentTypes=[],this._contentTypes.push("application/json"),o&&this._contentTypes.push("application/jwt"),this._XMLHttpRequest=u,this._jwtHandler=o}return m.prototype.getJson=function(u,o){var d=this;if(!u)throw T.Log.error("JsonService.getJson: No url passed"),new Error("url");return T.Log.debug("JsonService.getJson, url: ",u),new Promise(function(P,b){var H=new d._XMLHttpRequest;H.open("GET",u);var C=d._contentTypes,A=d._jwtHandler;H.onload=function(){if(T.Log.debug("JsonService.getJson: HTTP response received, status",H.status),H.status===200){var F=H.getResponseHeader("Content-Type");if(F){var O=C.find(function(Y){if(F.startsWith(Y))return!0});if(O=="application/jwt")return void A(H).then(P,b);if(O)try{return void P(JSON.parse(H.responseText))}catch(Y){return T.Log.error("JsonService.getJson: Error parsing JSON response",Y.message),void b(Y)}}b(Error("Invalid response Content-Type: "+F+", from URL: "+u))}else b(Error(H.statusText+" ("+H.status+")"))},H.onerror=function(){T.Log.error("JsonService.getJson: network error"),b(Error("Network Error"))},o&&(T.Log.debug("JsonService.getJson: token passed, setting Authorization header"),H.setRequestHeader("Authorization","Bearer "+o)),H.send()})},m.prototype.postForm=function(u,o,d){var P=this;if(!u)throw T.Log.error("JsonService.postForm: No url passed"),new Error("url");return T.Log.debug("JsonService.postForm, url: ",u),new Promise(function(b,H){var C=new P._XMLHttpRequest;C.open("POST",u);var A=P._contentTypes;C.onload=function(){if(T.Log.debug("JsonService.postForm: HTTP response received, status",C.status),C.status!==200){if(C.status===400&&(K=C.getResponseHeader("Content-Type"))&&A.find(function(I){if(K.startsWith(I))return!0}))try{var M=JSON.parse(C.responseText);if(M&&M.error)return T.Log.error("JsonService.postForm: Error from server: ",M.error),void H(new Error(M.error))}catch(I){return T.Log.error("JsonService.postForm: Error parsing JSON response",I.message),void H(I)}H(Error(C.statusText+" ("+C.status+")"))}else{var K;if((K=C.getResponseHeader("Content-Type"))&&A.find(function(I){if(K.startsWith(I))return!0}))try{return void b(JSON.parse(C.responseText))}catch(I){return T.Log.error("JsonService.postForm: Error parsing JSON response",I.message),void H(I)}H(Error("Invalid response Content-Type: "+K+", from URL: "+u))}},C.onerror=function(){T.Log.error("JsonService.postForm: network error"),H(Error("Network Error"))};var F="";for(var O in o){var Y=o[O];Y&&(F.length>0&&(F+="&"),F+=encodeURIComponent(O),F+="=",F+=encodeURIComponent(Y))}C.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),d!==void 0&&C.setRequestHeader("Authorization","Basic "+btoa(d)),C.send(F)})},m}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.SigninRequest=void 0;var T=j(0),l=j(3),k=j(13);p.SigninRequest=function(){function m(a){var u=a.url,o=a.client_id,d=a.redirect_uri,P=a.response_type,b=a.scope,H=a.authority,C=a.data,A=a.prompt,F=a.display,O=a.max_age,Y=a.ui_locales,M=a.id_token_hint,K=a.login_hint,I=a.acr_values,$=a.resource,et=a.response_mode,ot=a.request,B=a.request_uri,nt=a.extraQueryParams,ft=a.request_type,dt=a.client_secret,jt=a.extraTokenParams,xt=a.skipUserInfo;if(function(Vt,zt){if(!(Vt instanceof zt))throw new TypeError("Cannot call a class as a function")}(this,m),!u)throw T.Log.error("SigninRequest.ctor: No url passed"),new Error("url");if(!o)throw T.Log.error("SigninRequest.ctor: No client_id passed"),new Error("client_id");if(!d)throw T.Log.error("SigninRequest.ctor: No redirect_uri passed"),new Error("redirect_uri");if(!P)throw T.Log.error("SigninRequest.ctor: No response_type passed"),new Error("response_type");if(!b)throw T.Log.error("SigninRequest.ctor: No scope passed"),new Error("scope");if(!H)throw T.Log.error("SigninRequest.ctor: No authority passed"),new Error("authority");var Zt=m.isOidc(P),Tt=m.isCode(P);et||(et=m.isCode(P)?"query":null),this.state=new k.SigninState({nonce:Zt,data:C,client_id:o,authority:H,redirect_uri:d,code_verifier:Tt,request_type:ft,response_mode:et,client_secret:dt,scope:b,extraTokenParams:jt,skipUserInfo:xt}),u=l.UrlUtility.addQueryParam(u,"client_id",o),u=l.UrlUtility.addQueryParam(u,"redirect_uri",d),u=l.UrlUtility.addQueryParam(u,"response_type",P),u=l.UrlUtility.addQueryParam(u,"scope",b),u=l.UrlUtility.addQueryParam(u,"state",this.state.id),Zt&&(u=l.UrlUtility.addQueryParam(u,"nonce",this.state.nonce)),Tt&&(u=l.UrlUtility.addQueryParam(u,"code_challenge",this.state.code_challenge),u=l.UrlUtility.addQueryParam(u,"code_challenge_method","S256"));var pt={prompt:A,display:F,max_age:O,ui_locales:Y,id_token_hint:M,login_hint:K,acr_values:I,resource:$,request:ot,request_uri:B,response_mode:et};for(var vt in pt)pt[vt]&&(u=l.UrlUtility.addQueryParam(u,vt,pt[vt]));for(var At in nt)u=l.UrlUtility.addQueryParam(u,At,nt[At]);this.url=u}return m.isOidc=function(u){return!!u.split(/\s+/g).filter(function(o){return o==="id_token"})[0]},m.isOAuth=function(u){return!!u.split(/\s+/g).filter(function(o){return o==="token"})[0]},m.isCode=function(u){return!!u.split(/\s+/g).filter(function(o){return o==="code"})[0]},m}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.State=void 0;var T=function(){function a(u,o){for(var d=0;d<o.length;d++){var P=o[d];P.enumerable=P.enumerable||!1,P.configurable=!0,"value"in P&&(P.writable=!0),Object.defineProperty(u,P.key,P)}}return function(u,o,d){return o&&a(u.prototype,o),d&&a(u,d),u}}(),l=j(0),k=function(u){return u&&u.__esModule?u:{default:u}}(j(14));function m(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")}p.State=function(){function a(){var u=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},o=u.id,d=u.data,P=u.created,b=u.request_type;m(this,a),this._id=o||(0,k.default)(),this._data=d,this._created=typeof P=="number"&&P>0?P:parseInt(Date.now()/1e3),this._request_type=b}return a.prototype.toStorageString=function(){return l.Log.debug("State.toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type})},a.fromStorageString=function(o){return l.Log.debug("State.fromStorageString"),new a(JSON.parse(o))},a.clearStaleState=function(o,d){var P=Date.now()/1e3-d;return o.getAllKeys().then(function(b){l.Log.debug("State.clearStaleState: got keys",b);for(var H=[],C=function(Y){var M=b[Y];F=o.get(M).then(function(K){var I=!1;if(K)try{var $=a.fromStorageString(K);l.Log.debug("State.clearStaleState: got item from key: ",M,$.created),$.created<=P&&(I=!0)}catch(et){l.Log.error("State.clearStaleState: Error parsing state for key",M,et.message),I=!0}else l.Log.debug("State.clearStaleState: no item in storage for key: ",M),I=!0;if(I)return l.Log.debug("State.clearStaleState: removed item for key: ",M),o.remove(M)}),H.push(F)},A=0;A<b.length;A++){var F;C(A)}return l.Log.debug("State.clearStaleState: waiting on promise count:",H.length),Promise.all(H)})},T(a,[{key:"id",get:function(){return this._id}},{key:"data",get:function(){return this._data}},{key:"created",get:function(){return this._created}},{key:"request_type",get:function(){return this._request_type}}]),a}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.OidcClient=void 0;var T=function(){function C(A,F){for(var O=0;O<F.length;O++){var Y=F[O];Y.enumerable=Y.enumerable||!1,Y.configurable=!0,"value"in Y&&(Y.writable=!0),Object.defineProperty(A,Y.key,Y)}}return function(A,F,O){return F&&C(A.prototype,F),O&&C(A,O),A}}(),l=j(0),k=j(5),m=j(12),a=j(8),u=j(34),o=j(35),d=j(36),P=j(13),b=j(9);function H(C,A){if(!(C instanceof A))throw new TypeError("Cannot call a class as a function")}p.OidcClient=function(){function C(){var A=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};H(this,C),A instanceof k.OidcClientSettings?this._settings=A:this._settings=new k.OidcClientSettings(A)}return C.prototype.createSigninRequest=function(){var F=this,O=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},Y=O.response_type,M=O.scope,K=O.redirect_uri,I=O.data,$=O.state,et=O.prompt,ot=O.display,B=O.max_age,nt=O.ui_locales,ft=O.id_token_hint,dt=O.login_hint,jt=O.acr_values,xt=O.resource,Zt=O.request,Tt=O.request_uri,pt=O.response_mode,vt=O.extraQueryParams,At=O.extraTokenParams,Wt=O.request_type,Vt=O.skipUserInfo,zt=arguments[1];l.Log.debug("OidcClient.createSigninRequest");var $t=this._settings.client_id;Y=Y||this._settings.response_type,M=M||this._settings.scope,K=K||this._settings.redirect_uri,et=et||this._settings.prompt,ot=ot||this._settings.display,B=B||this._settings.max_age,nt=nt||this._settings.ui_locales,jt=jt||this._settings.acr_values,xt=xt||this._settings.resource,pt=pt||this._settings.response_mode,vt=vt||this._settings.extraQueryParams,At=At||this._settings.extraTokenParams;var he=this._settings.authority;return a.SigninRequest.isCode(Y)&&Y!=="code"?Promise.reject(new Error("OpenID Connect hybrid flow is not supported")):this._metadataService.getAuthorizationEndpoint().then(function(ee){l.Log.debug("OidcClient.createSigninRequest: Received authorization endpoint",ee);var Ut=new a.SigninRequest({url:ee,client_id:$t,redirect_uri:K,response_type:Y,scope:M,data:I||$,authority:he,prompt:et,display:ot,max_age:B,ui_locales:nt,id_token_hint:ft,login_hint:dt,acr_values:jt,resource:xt,request:Zt,request_uri:Tt,extraQueryParams:vt,extraTokenParams:At,request_type:Wt,response_mode:pt,client_secret:F._settings.client_secret,skipUserInfo:Vt}),Yt=Ut.state;return(zt=zt||F._stateStore).set(Yt.id,Yt.toStorageString()).then(function(){return Ut})})},C.prototype.readSigninResponseState=function(F,O){var Y=arguments.length>2&&arguments[2]!==void 0&&arguments[2];l.Log.debug("OidcClient.readSigninResponseState");var M=this._settings.response_mode==="query"||!this._settings.response_mode&&a.SigninRequest.isCode(this._settings.response_type),K=M?"?":"#",I=new u.SigninResponse(F,K);if(!I.state)return l.Log.error("OidcClient.readSigninResponseState: No state in response"),Promise.reject(new Error("No state in response"));O=O||this._stateStore;var $=Y?O.remove.bind(O):O.get.bind(O);return $(I.state).then(function(et){if(!et)throw l.Log.error("OidcClient.readSigninResponseState: No matching state found in storage"),new Error("No matching state found in storage");return{state:P.SigninState.fromStorageString(et),response:I}})},C.prototype.processSigninResponse=function(F,O){var Y=this;return l.Log.debug("OidcClient.processSigninResponse"),this.readSigninResponseState(F,O,!0).then(function(M){var K=M.state,I=M.response;return l.Log.debug("OidcClient.processSigninResponse: Received state from storage; validating response"),Y._validator.validateSigninResponse(K,I)})},C.prototype.createSignoutRequest=function(){var F=this,O=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},Y=O.id_token_hint,M=O.data,K=O.state,I=O.post_logout_redirect_uri,$=O.extraQueryParams,et=O.request_type,ot=arguments[1];return l.Log.debug("OidcClient.createSignoutRequest"),I=I||this._settings.post_logout_redirect_uri,$=$||this._settings.extraQueryParams,this._metadataService.getEndSessionEndpoint().then(function(B){if(!B)throw l.Log.error("OidcClient.createSignoutRequest: No end session endpoint url returned"),new Error("no end session endpoint");l.Log.debug("OidcClient.createSignoutRequest: Received end session endpoint",B);var nt=new o.SignoutRequest({url:B,id_token_hint:Y,post_logout_redirect_uri:I,data:M||K,extraQueryParams:$,request_type:et}),ft=nt.state;return ft&&(l.Log.debug("OidcClient.createSignoutRequest: Signout request has state to persist"),(ot=ot||F._stateStore).set(ft.id,ft.toStorageString())),nt})},C.prototype.readSignoutResponseState=function(F,O){var Y=arguments.length>2&&arguments[2]!==void 0&&arguments[2];l.Log.debug("OidcClient.readSignoutResponseState");var M=new d.SignoutResponse(F);if(!M.state)return l.Log.debug("OidcClient.readSignoutResponseState: No state in response"),M.error?(l.Log.warn("OidcClient.readSignoutResponseState: Response was error: ",M.error),Promise.reject(new m.ErrorResponse(M))):Promise.resolve({state:void 0,response:M});var K=M.state;O=O||this._stateStore;var I=Y?O.remove.bind(O):O.get.bind(O);return I(K).then(function($){if(!$)throw l.Log.error("OidcClient.readSignoutResponseState: No matching state found in storage"),new Error("No matching state found in storage");return{state:b.State.fromStorageString($),response:M}})},C.prototype.processSignoutResponse=function(F,O){var Y=this;return l.Log.debug("OidcClient.processSignoutResponse"),this.readSignoutResponseState(F,O,!0).then(function(M){var K=M.state,I=M.response;return K?(l.Log.debug("OidcClient.processSignoutResponse: Received state from storage; validating response"),Y._validator.validateSignoutResponse(K,I)):(l.Log.debug("OidcClient.processSignoutResponse: No state from storage; skipping validating response"),I)})},C.prototype.clearStaleState=function(F){return l.Log.debug("OidcClient.clearStaleState"),F=F||this._stateStore,b.State.clearStaleState(F,this.settings.staleStateAge)},T(C,[{key:"_stateStore",get:function(){return this.settings.stateStore}},{key:"_validator",get:function(){return this.settings.validator}},{key:"_metadataService",get:function(){return this.settings.metadataService}},{key:"settings",get:function(){return this._settings}},{key:"metadataService",get:function(){return this._metadataService}}]),C}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.TokenClient=void 0;var T=j(7),l=j(2),k=j(0);function m(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")}p.TokenClient=function(){function a(u){var o=arguments.length>1&&arguments[1]!==void 0?arguments[1]:T.JsonService,d=arguments.length>2&&arguments[2]!==void 0?arguments[2]:l.MetadataService;if(m(this,a),!u)throw k.Log.error("TokenClient.ctor: No settings passed"),new Error("settings");this._settings=u,this._jsonService=new o,this._metadataService=new d(this._settings)}return a.prototype.exchangeCode=function(){var o=this,d=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(d=Object.assign({},d)).grant_type=d.grant_type||"authorization_code",d.client_id=d.client_id||this._settings.client_id,d.client_secret=d.client_secret||this._settings.client_secret,d.redirect_uri=d.redirect_uri||this._settings.redirect_uri;var P=void 0,b=d._client_authentication||this._settings._client_authentication;return delete d._client_authentication,d.code?d.redirect_uri?d.code_verifier?d.client_id?d.client_secret||b!="client_secret_basic"?(b=="client_secret_basic"&&(P=d.client_id+":"+d.client_secret,delete d.client_id,delete d.client_secret),this._metadataService.getTokenEndpoint(!1).then(function(H){return k.Log.debug("TokenClient.exchangeCode: Received token endpoint"),o._jsonService.postForm(H,d,P).then(function(C){return k.Log.debug("TokenClient.exchangeCode: response received"),C})})):(k.Log.error("TokenClient.exchangeCode: No client_secret passed"),Promise.reject(new Error("A client_secret is required"))):(k.Log.error("TokenClient.exchangeCode: No client_id passed"),Promise.reject(new Error("A client_id is required"))):(k.Log.error("TokenClient.exchangeCode: No code_verifier passed"),Promise.reject(new Error("A code_verifier is required"))):(k.Log.error("TokenClient.exchangeCode: No redirect_uri passed"),Promise.reject(new Error("A redirect_uri is required"))):(k.Log.error("TokenClient.exchangeCode: No code passed"),Promise.reject(new Error("A code is required")))},a.prototype.exchangeRefreshToken=function(){var o=this,d=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(d=Object.assign({},d)).grant_type=d.grant_type||"refresh_token",d.client_id=d.client_id||this._settings.client_id,d.client_secret=d.client_secret||this._settings.client_secret;var P=void 0,b=d._client_authentication||this._settings._client_authentication;return delete d._client_authentication,d.refresh_token?d.client_id?(b=="client_secret_basic"&&(P=d.client_id+":"+d.client_secret,delete d.client_id,delete d.client_secret),this._metadataService.getTokenEndpoint(!1).then(function(H){return k.Log.debug("TokenClient.exchangeRefreshToken: Received token endpoint"),o._jsonService.postForm(H,d,P).then(function(C){return k.Log.debug("TokenClient.exchangeRefreshToken: response received"),C})})):(k.Log.error("TokenClient.exchangeRefreshToken: No client_id passed"),Promise.reject(new Error("A client_id is required"))):(k.Log.error("TokenClient.exchangeRefreshToken: No refresh_token passed"),Promise.reject(new Error("A refresh_token is required")))},a}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.ErrorResponse=void 0;var T=j(0);function l(m,a){if(!(m instanceof a))throw new TypeError("Cannot call a class as a function")}function k(m,a){if(!m)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!a||typeof a!="object"&&typeof a!="function"?m:a}p.ErrorResponse=function(m){function a(){var u=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},o=u.error,d=u.error_description,P=u.error_uri,b=u.state,H=u.session_state;if(l(this,a),!o)throw T.Log.error("No error passed to ErrorResponse"),new Error("error");var C=k(this,m.call(this,d||o));return C.name="ErrorResponse",C.error=o,C.error_description=d,C.error_uri=P,C.state=b,C.session_state=H,C}return function(o,d){if(typeof d!="function"&&d!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof d);o.prototype=Object.create(d&&d.prototype,{constructor:{value:o,enumerable:!1,writable:!0,configurable:!0}}),d&&(Object.setPrototypeOf?Object.setPrototypeOf(o,d):o.__proto__=d)}(a,m),a}(Error)},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.SigninState=void 0;var T=function(){function d(P,b){for(var H=0;H<b.length;H++){var C=b[H];C.enumerable=C.enumerable||!1,C.configurable=!0,"value"in C&&(C.writable=!0),Object.defineProperty(P,C.key,C)}}return function(P,b,H){return b&&d(P.prototype,b),H&&d(P,H),P}}(),l=j(0),k=j(9),m=j(4),a=function(P){return P&&P.__esModule?P:{default:P}}(j(14));function u(d,P){if(!(d instanceof P))throw new TypeError("Cannot call a class as a function")}function o(d,P){if(!d)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!P||typeof P!="object"&&typeof P!="function"?d:P}p.SigninState=function(d){function P(){var b=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},H=b.nonce,C=b.authority,A=b.client_id,F=b.redirect_uri,O=b.code_verifier,Y=b.response_mode,M=b.client_secret,K=b.scope,I=b.extraTokenParams,$=b.skipUserInfo;u(this,P);var et=o(this,d.call(this,arguments[0]));if(H===!0?et._nonce=(0,a.default)():H&&(et._nonce=H),O===!0?et._code_verifier=(0,a.default)()+(0,a.default)()+(0,a.default)():O&&(et._code_verifier=O),et.code_verifier){var ot=m.JoseUtil.hashString(et.code_verifier,"SHA256");et._code_challenge=m.JoseUtil.hexToBase64Url(ot)}return et._redirect_uri=F,et._authority=C,et._client_id=A,et._response_mode=Y,et._client_secret=M,et._scope=K,et._extraTokenParams=I,et._skipUserInfo=$,et}return function(H,C){if(typeof C!="function"&&C!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof C);H.prototype=Object.create(C&&C.prototype,{constructor:{value:H,enumerable:!1,writable:!0,configurable:!0}}),C&&(Object.setPrototypeOf?Object.setPrototypeOf(H,C):H.__proto__=C)}(P,d),P.prototype.toStorageString=function(){return l.Log.debug("SigninState.toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type,nonce:this.nonce,code_verifier:this.code_verifier,redirect_uri:this.redirect_uri,authority:this.authority,client_id:this.client_id,response_mode:this.response_mode,client_secret:this.client_secret,scope:this.scope,extraTokenParams:this.extraTokenParams,skipUserInfo:this.skipUserInfo})},P.fromStorageString=function(H){return l.Log.debug("SigninState.fromStorageString"),new P(JSON.parse(H))},T(P,[{key:"nonce",get:function(){return this._nonce}},{key:"authority",get:function(){return this._authority}},{key:"client_id",get:function(){return this._client_id}},{key:"redirect_uri",get:function(){return this._redirect_uri}},{key:"code_verifier",get:function(){return this._code_verifier}},{key:"code_challenge",get:function(){return this._code_challenge}},{key:"response_mode",get:function(){return this._response_mode}},{key:"client_secret",get:function(){return this._client_secret}},{key:"scope",get:function(){return this._scope}},{key:"extraTokenParams",get:function(){return this._extraTokenParams}},{key:"skipUserInfo",get:function(){return this._skipUserInfo}}]),P}(k.State)},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.default=function(){return(T!="undefined"&&T!==null&&T.getRandomValues!==void 0?l:k)().replace(/-/g,"")};var T=typeof window<"u"?window.crypto||window.msCrypto:null;function l(){return("10000000-1000-4000-8000"+-1e11).replace(/[018]/g,function(m){return(m^T.getRandomValues(new Uint8Array(1))[0]&15>>m/4).toString(16)})}function k(){return("10000000-1000-4000-8000"+-1e11).replace(/[018]/g,function(m){return(m^16*Math.random()>>m/4).toString(16)})}rt.exports=p.default},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.User=void 0;var T=function(){function k(m,a){for(var u=0;u<a.length;u++){var o=a[u];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(m,o.key,o)}}return function(m,a,u){return a&&k(m.prototype,a),u&&k(m,u),m}}(),l=j(0);p.User=function(){function k(m){var a=m.id_token,u=m.session_state,o=m.access_token,d=m.refresh_token,P=m.token_type,b=m.scope,H=m.profile,C=m.expires_at,A=m.state;(function(O,Y){if(!(O instanceof Y))throw new TypeError("Cannot call a class as a function")})(this,k),this.id_token=a,this.session_state=u,this.access_token=o,this.refresh_token=d,this.token_type=P,this.scope=b,this.profile=H,this.expires_at=C,this.state=A}return k.prototype.toStorageString=function(){return l.Log.debug("User.toStorageString"),JSON.stringify({id_token:this.id_token,session_state:this.session_state,access_token:this.access_token,refresh_token:this.refresh_token,token_type:this.token_type,scope:this.scope,profile:this.profile,expires_at:this.expires_at})},k.fromStorageString=function(a){return l.Log.debug("User.fromStorageString"),new k(JSON.parse(a))},T(k,[{key:"expires_in",get:function(){if(this.expires_at){var a=parseInt(Date.now()/1e3);return this.expires_at-a}},set:function(a){var u=parseInt(a);if(typeof u=="number"&&u>0){var o=parseInt(Date.now()/1e3);this.expires_at=o+u}}},{key:"expired",get:function(){var a=this.expires_in;if(a!==void 0)return a<=0}},{key:"scopes",get:function(){return(this.scope||"").split(" ")}}]),k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.AccessTokenEvents=void 0;var T=j(0),l=j(46);function k(m,a){if(!(m instanceof a))throw new TypeError("Cannot call a class as a function")}p.AccessTokenEvents=function(){function m(){var a=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},u=a.accessTokenExpiringNotificationTime,o=u===void 0?60:u,d=a.accessTokenExpiringTimer,P=d===void 0?new l.Timer("Access token expiring"):d,b=a.accessTokenExpiredTimer,H=b===void 0?new l.Timer("Access token expired"):b;k(this,m),this._accessTokenExpiringNotificationTime=o,this._accessTokenExpiring=P,this._accessTokenExpired=H}return m.prototype.load=function(u){if(u.access_token&&u.expires_in!==void 0){var o=u.expires_in;if(T.Log.debug("AccessTokenEvents.load: access token present, remaining duration:",o),o>0){var d=o-this._accessTokenExpiringNotificationTime;d<=0&&(d=1),T.Log.debug("AccessTokenEvents.load: registering expiring timer in:",d),this._accessTokenExpiring.init(d)}else T.Log.debug("AccessTokenEvents.load: canceling existing expiring timer becase we're past expiration."),this._accessTokenExpiring.cancel();var P=o+1;T.Log.debug("AccessTokenEvents.load: registering expired timer in:",P),this._accessTokenExpired.init(P)}else this._accessTokenExpiring.cancel(),this._accessTokenExpired.cancel()},m.prototype.unload=function(){T.Log.debug("AccessTokenEvents.unload: canceling existing access token timers"),this._accessTokenExpiring.cancel(),this._accessTokenExpired.cancel()},m.prototype.addAccessTokenExpiring=function(u){this._accessTokenExpiring.addHandler(u)},m.prototype.removeAccessTokenExpiring=function(u){this._accessTokenExpiring.removeHandler(u)},m.prototype.addAccessTokenExpired=function(u){this._accessTokenExpired.addHandler(u)},m.prototype.removeAccessTokenExpired=function(u){this._accessTokenExpired.removeHandler(u)},m}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.Event=void 0;var T=j(0);p.Event=function(){function l(k){(function(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")})(this,l),this._name=k,this._callbacks=[]}return l.prototype.addHandler=function(m){this._callbacks.push(m)},l.prototype.removeHandler=function(m){var a=this._callbacks.findIndex(function(u){return u===m});a>=0&&this._callbacks.splice(a,1)},l.prototype.raise=function(){T.Log.debug("Event: Raising event: "+this._name);for(var m=0;m<this._callbacks.length;m++){var a;(a=this._callbacks)[m].apply(a,arguments)}},l}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.SessionMonitor=void 0;var T=function(){function u(o,d){for(var P=0;P<d.length;P++){var b=d[P];b.enumerable=b.enumerable||!1,b.configurable=!0,"value"in b&&(b.writable=!0),Object.defineProperty(o,b.key,b)}}return function(o,d,P){return d&&u(o.prototype,d),P&&u(o,P),o}}(),l=j(0),k=j(19),m=j(1);function a(u,o){if(!(u instanceof o))throw new TypeError("Cannot call a class as a function")}p.SessionMonitor=function(){function u(o){var d=this,P=arguments.length>1&&arguments[1]!==void 0?arguments[1]:k.CheckSessionIFrame,b=arguments.length>2&&arguments[2]!==void 0?arguments[2]:m.Global.timer;if(a(this,u),!o)throw l.Log.error("SessionMonitor.ctor: No user manager passed to SessionMonitor"),new Error("userManager");this._userManager=o,this._CheckSessionIFrameCtor=P,this._timer=b,this._userManager.events.addUserLoaded(this._start.bind(this)),this._userManager.events.addUserUnloaded(this._stop.bind(this)),Promise.resolve(this._userManager.getUser().then(function(H){H?d._start(H):d._settings.monitorAnonymousSession&&d._userManager.querySessionStatus().then(function(C){var A={session_state:C.session_state};C.sub&&C.sid&&(A.profile={sub:C.sub,sid:C.sid}),d._start(A)}).catch(function(C){l.Log.error("SessionMonitor ctor: error from querySessionStatus:",C.message)})}).catch(function(H){l.Log.error("SessionMonitor ctor: error from getUser:",H.message)}))}return u.prototype._start=function(d){var P=this,b=d.session_state;b&&(d.profile?(this._sub=d.profile.sub,this._sid=d.profile.sid,l.Log.debug("SessionMonitor._start: session_state:",b,", sub:",this._sub)):(this._sub=void 0,this._sid=void 0,l.Log.debug("SessionMonitor._start: session_state:",b,", anonymous user")),this._checkSessionIFrame?this._checkSessionIFrame.start(b):this._metadataService.getCheckSessionIframe().then(function(H){if(H){l.Log.debug("SessionMonitor._start: Initializing check session iframe");var C=P._client_id,A=P._checkSessionInterval,F=P._stopCheckSessionOnError;P._checkSessionIFrame=new P._CheckSessionIFrameCtor(P._callback.bind(P),C,H,A,F),P._checkSessionIFrame.load().then(function(){P._checkSessionIFrame.start(b)})}else l.Log.warn("SessionMonitor._start: No check session iframe found in the metadata")}).catch(function(H){l.Log.error("SessionMonitor._start: Error from getCheckSessionIframe:",H.message)}))},u.prototype._stop=function(){var d=this;if(this._sub=void 0,this._sid=void 0,this._checkSessionIFrame&&(l.Log.debug("SessionMonitor._stop"),this._checkSessionIFrame.stop()),this._settings.monitorAnonymousSession)var P=this._timer.setInterval(function(){d._timer.clearInterval(P),d._userManager.querySessionStatus().then(function(b){var H={session_state:b.session_state};b.sub&&b.sid&&(H.profile={sub:b.sub,sid:b.sid}),d._start(H)}).catch(function(b){l.Log.error("SessionMonitor: error from querySessionStatus:",b.message)})},1e3)},u.prototype._callback=function(){var d=this;this._userManager.querySessionStatus().then(function(P){var b=!0;P?P.sub===d._sub?(b=!1,d._checkSessionIFrame.start(P.session_state),P.sid===d._sid?l.Log.debug("SessionMonitor._callback: Same sub still logged in at OP, restarting check session iframe; session_state:",P.session_state):(l.Log.debug("SessionMonitor._callback: Same sub still logged in at OP, session state has changed, restarting check session iframe; session_state:",P.session_state),d._userManager.events._raiseUserSessionChanged())):l.Log.debug("SessionMonitor._callback: Different subject signed into OP:",P.sub):l.Log.debug("SessionMonitor._callback: Subject no longer signed into OP"),b&&(d._sub?(l.Log.debug("SessionMonitor._callback: SessionMonitor._callback; raising signed out event"),d._userManager.events._raiseUserSignedOut()):(l.Log.debug("SessionMonitor._callback: SessionMonitor._callback; raising signed in event"),d._userManager.events._raiseUserSignedIn()))}).catch(function(P){d._sub&&(l.Log.debug("SessionMonitor._callback: Error calling queryCurrentSigninSession; raising signed out event",P.message),d._userManager.events._raiseUserSignedOut())})},T(u,[{key:"_settings",get:function(){return this._userManager.settings}},{key:"_metadataService",get:function(){return this._userManager.metadataService}},{key:"_client_id",get:function(){return this._settings.client_id}},{key:"_checkSessionInterval",get:function(){return this._settings.checkSessionInterval}},{key:"_stopCheckSessionOnError",get:function(){return this._settings.stopCheckSessionOnError}}]),u}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.CheckSessionIFrame=void 0;var T=j(0);function l(k,m){if(!(k instanceof m))throw new TypeError("Cannot call a class as a function")}p.CheckSessionIFrame=function(){function k(m,a,u,o){var d=!(arguments.length>4&&arguments[4]!==void 0)||arguments[4];l(this,k),this._callback=m,this._client_id=a,this._url=u,this._interval=o||2e3,this._stopOnError=d;var P=u.indexOf("/",u.indexOf("//")+2);this._frame_origin=u.substr(0,P),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.style.display="none",this._frame.width=0,this._frame.height=0,this._frame.src=u}return k.prototype.load=function(){var a=this;return new Promise(function(u){a._frame.onload=function(){u()},window.document.body.appendChild(a._frame),a._boundMessageEvent=a._message.bind(a),window.addEventListener("message",a._boundMessageEvent,!1)})},k.prototype._message=function(a){a.origin===this._frame_origin&&a.source===this._frame.contentWindow&&(a.data==="error"?(T.Log.error("CheckSessionIFrame: error message from check session op iframe"),this._stopOnError&&this.stop()):a.data==="changed"?(T.Log.debug("CheckSessionIFrame: changed message from check session op iframe"),this.stop(),this._callback()):T.Log.debug("CheckSessionIFrame: "+a.data+" message from check session op iframe"))},k.prototype.start=function(a){var u=this;if(this._session_state!==a){T.Log.debug("CheckSessionIFrame.start"),this.stop(),this._session_state=a;var o=function(){u._frame.contentWindow.postMessage(u._client_id+" "+u._session_state,u._frame_origin)};o(),this._timer=window.setInterval(o,this._interval)}},k.prototype.stop=function(){this._session_state=null,this._timer&&(T.Log.debug("CheckSessionIFrame.stop"),window.clearInterval(this._timer),this._timer=null)},k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.TokenRevocationClient=void 0;var T=j(0),l=j(2),k=j(1);function m(o,d){if(!(o instanceof d))throw new TypeError("Cannot call a class as a function")}var a="access_token",u="refresh_token";p.TokenRevocationClient=function(){function o(d){var P=arguments.length>1&&arguments[1]!==void 0?arguments[1]:k.Global.XMLHttpRequest,b=arguments.length>2&&arguments[2]!==void 0?arguments[2]:l.MetadataService;if(m(this,o),!d)throw T.Log.error("TokenRevocationClient.ctor: No settings provided"),new Error("No settings provided.");this._settings=d,this._XMLHttpRequestCtor=P,this._metadataService=new b(this._settings)}return o.prototype.revoke=function(P,b){var H=this,C=arguments.length>2&&arguments[2]!==void 0?arguments[2]:"access_token";if(!P)throw T.Log.error("TokenRevocationClient.revoke: No token provided"),new Error("No token provided.");if(C!==a&&C!=u)throw T.Log.error("TokenRevocationClient.revoke: Invalid token type"),new Error("Invalid token type.");return this._metadataService.getRevocationEndpoint().then(function(A){if(A){T.Log.debug("TokenRevocationClient.revoke: Revoking "+C);var F=H._settings.client_id,O=H._settings.client_secret;return H._revoke(A,F,O,P,C)}if(b)throw T.Log.error("TokenRevocationClient.revoke: Revocation not supported"),new Error("Revocation not supported")})},o.prototype._revoke=function(P,b,H,C,A){var F=this;return new Promise(function(O,Y){var M=new F._XMLHttpRequestCtor;M.open("POST",P),M.onload=function(){T.Log.debug("TokenRevocationClient.revoke: HTTP response received, status",M.status),M.status===200?O():Y(Error(M.statusText+" ("+M.status+")"))},M.onerror=function(){T.Log.debug("TokenRevocationClient.revoke: Network Error."),Y("Network Error")};var K="client_id="+encodeURIComponent(b);H&&(K+="&client_secret="+encodeURIComponent(H)),K+="&token_type_hint="+encodeURIComponent(A),K+="&token="+encodeURIComponent(C),M.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),M.send(K)})},o}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.CordovaPopupWindow=void 0;var T=function(){function k(m,a){for(var u=0;u<a.length;u++){var o=a[u];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(m,o.key,o)}}return function(m,a,u){return a&&k(m.prototype,a),u&&k(m,u),m}}(),l=j(0);p.CordovaPopupWindow=function(){function k(m){var a=this;(function(o,d){if(!(o instanceof d))throw new TypeError("Cannot call a class as a function")})(this,k),this._promise=new Promise(function(u,o){a._resolve=u,a._reject=o}),this.features=m.popupWindowFeatures||"location=no,toolbar=no,zoom=no",this.target=m.popupWindowTarget||"_blank",this.redirect_uri=m.startUrl,l.Log.debug("CordovaPopupWindow.ctor: redirect_uri: "+this.redirect_uri)}return k.prototype._isInAppBrowserInstalled=function(a){return["cordova-plugin-inappbrowser","cordova-plugin-inappbrowser.inappbrowser","org.apache.cordova.inappbrowser"].some(function(u){return a.hasOwnProperty(u)})},k.prototype.navigate=function(a){if(a&&a.url){if(!window.cordova)return this._error("cordova is undefined");var u=window.cordova.require("cordova/plugin_list").metadata;if(this._isInAppBrowserInstalled(u)===!1)return this._error("InAppBrowser plugin not found");this._popup=cordova.InAppBrowser.open(a.url,this.target,this.features),this._popup?(l.Log.debug("CordovaPopupWindow.navigate: popup successfully created"),this._exitCallbackEvent=this._exitCallback.bind(this),this._loadStartCallbackEvent=this._loadStartCallback.bind(this),this._popup.addEventListener("exit",this._exitCallbackEvent,!1),this._popup.addEventListener("loadstart",this._loadStartCallbackEvent,!1)):this._error("Error opening popup window")}else this._error("No url provided");return this.promise},k.prototype._loadStartCallback=function(a){a.url.indexOf(this.redirect_uri)===0&&this._success({url:a.url})},k.prototype._exitCallback=function(a){this._error(a)},k.prototype._success=function(a){this._cleanup(),l.Log.debug("CordovaPopupWindow: Successful response from cordova popup window"),this._resolve(a)},k.prototype._error=function(a){this._cleanup(),l.Log.error(a),this._reject(new Error(a))},k.prototype.close=function(){this._cleanup()},k.prototype._cleanup=function(){this._popup&&(l.Log.debug("CordovaPopupWindow: cleaning up popup"),this._popup.removeEventListener("exit",this._exitCallbackEvent,!1),this._popup.removeEventListener("loadstart",this._loadStartCallbackEvent,!1),this._popup.close()),this._popup=null},T(k,[{key:"promise",get:function(){return this._promise}}]),k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0});var T=j(0),l=j(10),k=j(5),m=j(6),a=j(37),u=j(38),o=j(16),d=j(2),P=j(48),b=j(49),H=j(19),C=j(20),A=j(18),F=j(1),O=j(15),Y=j(50);p.default={Version:Y.Version,Log:T.Log,OidcClient:l.OidcClient,OidcClientSettings:k.OidcClientSettings,WebStorageStateStore:m.WebStorageStateStore,InMemoryWebStorage:a.InMemoryWebStorage,UserManager:u.UserManager,AccessTokenEvents:o.AccessTokenEvents,MetadataService:d.MetadataService,CordovaPopupNavigator:P.CordovaPopupNavigator,CordovaIFrameNavigator:b.CordovaIFrameNavigator,CheckSessionIFrame:H.CheckSessionIFrame,TokenRevocationClient:C.TokenRevocationClient,SessionMonitor:A.SessionMonitor,Global:F.Global,User:O.User},rt.exports=p.default},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.ClockService=function(){function T(){(function(k,m){if(!(k instanceof m))throw new TypeError("Cannot call a class as a function")})(this,T)}return T.prototype.getEpochTime=function(){return Promise.resolve(Date.now()/1e3|0)},T}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.ResponseValidator=void 0;var T=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(b){return typeof b}:function(b){return b&&typeof Symbol=="function"&&b.constructor===Symbol&&b!==Symbol.prototype?"symbol":typeof b},l=j(0),k=j(2),m=j(25),a=j(11),u=j(12),o=j(4);function d(b,H){if(!(b instanceof H))throw new TypeError("Cannot call a class as a function")}var P=["nonce","at_hash","iat","nbf","exp","aud","iss","c_hash"];p.ResponseValidator=function(){function b(H){var C=arguments.length>1&&arguments[1]!==void 0?arguments[1]:k.MetadataService,A=arguments.length>2&&arguments[2]!==void 0?arguments[2]:m.UserInfoService,F=arguments.length>3&&arguments[3]!==void 0?arguments[3]:o.JoseUtil,O=arguments.length>4&&arguments[4]!==void 0?arguments[4]:a.TokenClient;if(d(this,b),!H)throw l.Log.error("ResponseValidator.ctor: No settings passed to ResponseValidator"),new Error("settings");this._settings=H,this._metadataService=new C(this._settings),this._userInfoService=new A(this._settings),this._joseUtil=F,this._tokenClient=new O(this._settings)}return b.prototype.validateSigninResponse=function(C,A){var F=this;return l.Log.debug("ResponseValidator.validateSigninResponse"),this._processSigninParams(C,A).then(function(O){return l.Log.debug("ResponseValidator.validateSigninResponse: state processed"),F._validateTokens(C,O).then(function(Y){return l.Log.debug("ResponseValidator.validateSigninResponse: tokens validated"),F._processClaims(C,Y).then(function(M){return l.Log.debug("ResponseValidator.validateSigninResponse: claims processed"),M})})})},b.prototype.validateSignoutResponse=function(C,A){return C.id!==A.state?(l.Log.error("ResponseValidator.validateSignoutResponse: State does not match"),Promise.reject(new Error("State does not match"))):(l.Log.debug("ResponseValidator.validateSignoutResponse: state validated"),A.state=C.data,A.error?(l.Log.warn("ResponseValidator.validateSignoutResponse: Response was error",A.error),Promise.reject(new u.ErrorResponse(A))):Promise.resolve(A))},b.prototype._processSigninParams=function(C,A){if(C.id!==A.state)return l.Log.error("ResponseValidator._processSigninParams: State does not match"),Promise.reject(new Error("State does not match"));if(!C.client_id)return l.Log.error("ResponseValidator._processSigninParams: No client_id on state"),Promise.reject(new Error("No client_id on state"));if(!C.authority)return l.Log.error("ResponseValidator._processSigninParams: No authority on state"),Promise.reject(new Error("No authority on state"));if(this._settings.authority){if(this._settings.authority&&this._settings.authority!==C.authority)return l.Log.error("ResponseValidator._processSigninParams: authority mismatch on settings vs. signin state"),Promise.reject(new Error("authority mismatch on settings vs. signin state"))}else this._settings.authority=C.authority;if(this._settings.client_id){if(this._settings.client_id&&this._settings.client_id!==C.client_id)return l.Log.error("ResponseValidator._processSigninParams: client_id mismatch on settings vs. signin state"),Promise.reject(new Error("client_id mismatch on settings vs. signin state"))}else this._settings.client_id=C.client_id;return l.Log.debug("ResponseValidator._processSigninParams: state validated"),A.state=C.data,A.error?(l.Log.warn("ResponseValidator._processSigninParams: Response was error",A.error),Promise.reject(new u.ErrorResponse(A))):C.nonce&&!A.id_token?(l.Log.error("ResponseValidator._processSigninParams: Expecting id_token in response"),Promise.reject(new Error("No id_token in response"))):!C.nonce&&A.id_token?(l.Log.error("ResponseValidator._processSigninParams: Not expecting id_token in response"),Promise.reject(new Error("Unexpected id_token in response"))):C.code_verifier&&!A.code?(l.Log.error("ResponseValidator._processSigninParams: Expecting code in response"),Promise.reject(new Error("No code in response"))):!C.code_verifier&&A.code?(l.Log.error("ResponseValidator._processSigninParams: Not expecting code in response"),Promise.reject(new Error("Unexpected code in response"))):(A.scope||(A.scope=C.scope),Promise.resolve(A))},b.prototype._processClaims=function(C,A){var F=this;if(A.isOpenIdConnect){if(l.Log.debug("ResponseValidator._processClaims: response is OIDC, processing claims"),A.profile=this._filterProtocolClaims(A.profile),C.skipUserInfo!==!0&&this._settings.loadUserInfo&&A.access_token)return l.Log.debug("ResponseValidator._processClaims: loading user info"),this._userInfoService.getClaims(A.access_token).then(function(O){return l.Log.debug("ResponseValidator._processClaims: user info claims received from user info endpoint"),O.sub!==A.profile.sub?(l.Log.error("ResponseValidator._processClaims: sub from user info endpoint does not match sub in id_token"),Promise.reject(new Error("sub from user info endpoint does not match sub in id_token"))):(A.profile=F._mergeClaims(A.profile,O),l.Log.debug("ResponseValidator._processClaims: user info claims received, updated profile:",A.profile),A)});l.Log.debug("ResponseValidator._processClaims: not loading user info")}else l.Log.debug("ResponseValidator._processClaims: response is not OIDC, not processing claims");return Promise.resolve(A)},b.prototype._mergeClaims=function(C,A){var F=Object.assign({},C);for(var O in A){var Y=A[O];Array.isArray(Y)||(Y=[Y]);for(var M=0;M<Y.length;M++){var K=Y[M];F[O]?Array.isArray(F[O])?F[O].indexOf(K)<0&&F[O].push(K):F[O]!==K&&((K===void 0?"undefined":T(K))==="object"&&this._settings.mergeClaims?F[O]=this._mergeClaims(F[O],K):F[O]=[F[O],K]):F[O]=K}}return F},b.prototype._filterProtocolClaims=function(C){l.Log.debug("ResponseValidator._filterProtocolClaims, incoming claims:",C);var A=Object.assign({},C);return this._settings._filterProtocolClaims?(P.forEach(function(F){delete A[F]}),l.Log.debug("ResponseValidator._filterProtocolClaims: protocol claims filtered",A)):l.Log.debug("ResponseValidator._filterProtocolClaims: protocol claims not filtered"),A},b.prototype._validateTokens=function(C,A){return A.code?(l.Log.debug("ResponseValidator._validateTokens: Validating code"),this._processCode(C,A)):A.id_token?A.access_token?(l.Log.debug("ResponseValidator._validateTokens: Validating id_token and access_token"),this._validateIdTokenAndAccessToken(C,A)):(l.Log.debug("ResponseValidator._validateTokens: Validating id_token"),this._validateIdToken(C,A)):(l.Log.debug("ResponseValidator._validateTokens: No code to process or id_token to validate"),Promise.resolve(A))},b.prototype._processCode=function(C,A){var F=this,O={client_id:C.client_id,client_secret:C.client_secret,code:A.code,redirect_uri:C.redirect_uri,code_verifier:C.code_verifier};return C.extraTokenParams&&T(C.extraTokenParams)==="object"&&Object.assign(O,C.extraTokenParams),this._tokenClient.exchangeCode(O).then(function(Y){for(var M in Y)A[M]=Y[M];return A.id_token?(l.Log.debug("ResponseValidator._processCode: token response successful, processing id_token"),F._validateIdTokenAttributes(C,A)):(l.Log.debug("ResponseValidator._processCode: token response successful, returning response"),A)})},b.prototype._validateIdTokenAttributes=function(C,A){var F=this;return this._metadataService.getIssuer().then(function(O){var Y=C.client_id,M=F._settings.clockSkew;return l.Log.debug("ResponseValidator._validateIdTokenAttributes: Validaing JWT attributes; using clock skew (in seconds) of: ",M),F._settings.getEpochTime().then(function(K){return F._joseUtil.validateJwtAttributes(A.id_token,O,Y,M,K).then(function(I){return C.nonce&&C.nonce!==I.nonce?(l.Log.error("ResponseValidator._validateIdTokenAttributes: Invalid nonce in id_token"),Promise.reject(new Error("Invalid nonce in id_token"))):I.sub?(A.profile=I,A):(l.Log.error("ResponseValidator._validateIdTokenAttributes: No sub present in id_token"),Promise.reject(new Error("No sub present in id_token")))})})})},b.prototype._validateIdTokenAndAccessToken=function(C,A){var F=this;return this._validateIdToken(C,A).then(function(O){return F._validateAccessToken(O)})},b.prototype._getSigningKeyForJwt=function(C){var A=this;return this._metadataService.getSigningKeys().then(function(F){var O=C.header.kid;if(!F)return l.Log.error("ResponseValidator._validateIdToken: No signing keys from metadata"),Promise.reject(new Error("No signing keys from metadata"));l.Log.debug("ResponseValidator._validateIdToken: Received signing keys");var Y=void 0;if(O)Y=F.filter(function(M){return M.kid===O})[0];else{if((F=A._filterByAlg(F,C.header.alg)).length>1)return l.Log.error("ResponseValidator._validateIdToken: No kid found in id_token and more than one key found in metadata"),Promise.reject(new Error("No kid found in id_token and more than one key found in metadata"));Y=F[0]}return Promise.resolve(Y)})},b.prototype._getSigningKeyForJwtWithSingleRetry=function(C){var A=this;return this._getSigningKeyForJwt(C).then(function(F){return F?Promise.resolve(F):(A._metadataService.resetSigningKeys(),A._getSigningKeyForJwt(C))})},b.prototype._validateIdToken=function(C,A){var F=this;if(!C.nonce)return l.Log.error("ResponseValidator._validateIdToken: No nonce on state"),Promise.reject(new Error("No nonce on state"));var O=this._joseUtil.parseJwt(A.id_token);return O&&O.header&&O.payload?C.nonce!==O.payload.nonce?(l.Log.error("ResponseValidator._validateIdToken: Invalid nonce in id_token"),Promise.reject(new Error("Invalid nonce in id_token"))):this._metadataService.getIssuer().then(function(Y){return l.Log.debug("ResponseValidator._validateIdToken: Received issuer"),F._getSigningKeyForJwtWithSingleRetry(O).then(function(M){if(!M)return l.Log.error("ResponseValidator._validateIdToken: No key matching kid or alg found in signing keys"),Promise.reject(new Error("No key matching kid or alg found in signing keys"));var K=C.client_id,I=F._settings.clockSkew;return l.Log.debug("ResponseValidator._validateIdToken: Validaing JWT; using clock skew (in seconds) of: ",I),F._joseUtil.validateJwt(A.id_token,M,Y,K,I).then(function(){return l.Log.debug("ResponseValidator._validateIdToken: JWT validation successful"),O.payload.sub?(A.profile=O.payload,A):(l.Log.error("ResponseValidator._validateIdToken: No sub present in id_token"),Promise.reject(new Error("No sub present in id_token")))})})}):(l.Log.error("ResponseValidator._validateIdToken: Failed to parse id_token",O),Promise.reject(new Error("Failed to parse id_token")))},b.prototype._filterByAlg=function(C,A){var F=null;if(A.startsWith("RS"))F="RSA";else if(A.startsWith("PS"))F="PS";else{if(!A.startsWith("ES"))return l.Log.debug("ResponseValidator._filterByAlg: alg not supported: ",A),[];F="EC"}return l.Log.debug("ResponseValidator._filterByAlg: Looking for keys that match kty: ",F),C=C.filter(function(O){return O.kty===F}),l.Log.debug("ResponseValidator._filterByAlg: Number of keys that match kty: ",F,C.length),C},b.prototype._validateAccessToken=function(C){if(!C.profile)return l.Log.error("ResponseValidator._validateAccessToken: No profile loaded from id_token"),Promise.reject(new Error("No profile loaded from id_token"));if(!C.profile.at_hash)return l.Log.error("ResponseValidator._validateAccessToken: No at_hash in id_token"),Promise.reject(new Error("No at_hash in id_token"));if(!C.id_token)return l.Log.error("ResponseValidator._validateAccessToken: No id_token"),Promise.reject(new Error("No id_token"));var A=this._joseUtil.parseJwt(C.id_token);if(!A||!A.header)return l.Log.error("ResponseValidator._validateAccessToken: Failed to parse id_token",A),Promise.reject(new Error("Failed to parse id_token"));var F=A.header.alg;if(!F||F.length!==5)return l.Log.error("ResponseValidator._validateAccessToken: Unsupported alg:",F),Promise.reject(new Error("Unsupported alg: "+F));var O=F.substr(2,3);if(!O)return l.Log.error("ResponseValidator._validateAccessToken: Unsupported alg:",F,O),Promise.reject(new Error("Unsupported alg: "+F));if((O=parseInt(O))!==256&&O!==384&&O!==512)return l.Log.error("ResponseValidator._validateAccessToken: Unsupported alg:",F,O),Promise.reject(new Error("Unsupported alg: "+F));var Y="sha"+O,M=this._joseUtil.hashString(C.access_token,Y);if(!M)return l.Log.error("ResponseValidator._validateAccessToken: access_token hash failed:",Y),Promise.reject(new Error("Failed to validate at_hash"));var K=M.substr(0,M.length/2),I=this._joseUtil.hexToBase64Url(K);return I!==C.profile.at_hash?(l.Log.error("ResponseValidator._validateAccessToken: Failed to validate at_hash",I,C.profile.at_hash),Promise.reject(new Error("Failed to validate at_hash"))):(l.Log.debug("ResponseValidator._validateAccessToken: success"),Promise.resolve(C))},b}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.UserInfoService=void 0;var T=j(7),l=j(2),k=j(0),m=j(4);function a(u,o){if(!(u instanceof o))throw new TypeError("Cannot call a class as a function")}p.UserInfoService=function(){function u(o){var d=arguments.length>1&&arguments[1]!==void 0?arguments[1]:T.JsonService,P=arguments.length>2&&arguments[2]!==void 0?arguments[2]:l.MetadataService,b=arguments.length>3&&arguments[3]!==void 0?arguments[3]:m.JoseUtil;if(a(this,u),!o)throw k.Log.error("UserInfoService.ctor: No settings passed"),new Error("settings");this._settings=o,this._jsonService=new d(void 0,void 0,this._getClaimsFromJwt.bind(this)),this._metadataService=new P(this._settings),this._joseUtil=b}return u.prototype.getClaims=function(d){var P=this;return d?this._metadataService.getUserInfoEndpoint().then(function(b){return k.Log.debug("UserInfoService.getClaims: received userinfo url",b),P._jsonService.getJson(b,d).then(function(H){return k.Log.debug("UserInfoService.getClaims: claims received",H),H})}):(k.Log.error("UserInfoService.getClaims: No token passed"),Promise.reject(new Error("A token is required")))},u.prototype._getClaimsFromJwt=function(d){var P=this;try{var b=this._joseUtil.parseJwt(d.responseText);if(!b||!b.header||!b.payload)return k.Log.error("UserInfoService._getClaimsFromJwt: Failed to parse JWT",b),Promise.reject(new Error("Failed to parse id_token"));var H=b.header.kid,C=void 0;switch(this._settings.userInfoJwtIssuer){case"OP":C=this._metadataService.getIssuer();break;case"ANY":C=Promise.resolve(b.payload.iss);break;default:C=Promise.resolve(this._settings.userInfoJwtIssuer)}return C.then(function(A){return k.Log.debug("UserInfoService._getClaimsFromJwt: Received issuer:"+A),P._metadataService.getSigningKeys().then(function(F){if(!F)return k.Log.error("UserInfoService._getClaimsFromJwt: No signing keys from metadata"),Promise.reject(new Error("No signing keys from metadata"));k.Log.debug("UserInfoService._getClaimsFromJwt: Received signing keys");var O=void 0;if(H)O=F.filter(function(K){return K.kid===H})[0];else{if((F=P._filterByAlg(F,b.header.alg)).length>1)return k.Log.error("UserInfoService._getClaimsFromJwt: No kid found in id_token and more than one key found in metadata"),Promise.reject(new Error("No kid found in id_token and more than one key found in metadata"));O=F[0]}if(!O)return k.Log.error("UserInfoService._getClaimsFromJwt: No key matching kid or alg found in signing keys"),Promise.reject(new Error("No key matching kid or alg found in signing keys"));var Y=P._settings.client_id,M=P._settings.clockSkew;return k.Log.debug("UserInfoService._getClaimsFromJwt: Validaing JWT; using clock skew (in seconds) of: ",M),P._joseUtil.validateJwt(d.responseText,O,A,Y,M,void 0,!0).then(function(){return k.Log.debug("UserInfoService._getClaimsFromJwt: JWT validation successful"),b.payload})})})}catch(A){return k.Log.error("UserInfoService._getClaimsFromJwt: Error parsing JWT response",A.message),void reject(A)}},u.prototype._filterByAlg=function(d,P){var b=null;if(P.startsWith("RS"))b="RSA";else if(P.startsWith("PS"))b="PS";else{if(!P.startsWith("ES"))return k.Log.debug("UserInfoService._filterByAlg: alg not supported: ",P),[];b="EC"}return k.Log.debug("UserInfoService._filterByAlg: Looking for keys that match kty: ",b),d=d.filter(function(H){return H.kty===b}),k.Log.debug("UserInfoService._filterByAlg: Number of keys that match kty: ",b,d.length),d},u}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.AllowedSigningAlgs=p.b64tohex=p.hextob64u=p.crypto=p.X509=p.KeyUtil=p.jws=void 0;var T=j(27);p.jws=T.jws,p.KeyUtil=T.KEYUTIL,p.X509=T.X509,p.crypto=T.crypto,p.hextob64u=T.hextob64u,p.b64tohex=T.b64tohex,p.AllowedSigningAlgs=["RS256","RS384","RS512","PS256","PS384","PS512","ES256","ES384","ES512"]},function(rt,p,j){"use strict";(function(T){Object.defineProperty(p,"__esModule",{value:!0});var l=typeof Symbol=="function"&&typeof Symbol.iterator=="symbol"?function(e){return typeof e}:function(e){return e&&typeof Symbol=="function"&&e.constructor===Symbol&&e!==Symbol.prototype?"symbol":typeof e},k={userAgent:!1},m={};if(a===void 0)var a={};a.lang={extend:function(t,r,n){if(!r||!t)throw new Error("YAHOO.lang.extend failed, please check that all dependencies are included.");var i=function(){};if(i.prototype=r.prototype,t.prototype=new i,t.prototype.constructor=t,t.superclass=r.prototype,r.prototype.constructor==Object.prototype.constructor&&(r.prototype.constructor=r),n){var s;for(s in n)t.prototype[s]=n[s];var f=function(){},S=["toString","valueOf"];try{/MSIE/.test(k.userAgent)&&(f=function(_,w){for(s=0;s<S.length;s+=1){var x=S[s],D=w[x];typeof D=="function"&&D!=Object.prototype[x]&&(_[x]=D)}})}catch{}f(t.prototype,n)}}};var u,o,d,P,b,H,C,A,F,O,Y,M=M||(u=Math,d=(o={}).lib={},P=d.Base=function(){function e(){}return{extend:function(r){e.prototype=this;var n=new e;return r&&n.mixIn(r),n.hasOwnProperty("init")||(n.init=function(){n.$super.init.apply(this,arguments)}),n.init.prototype=n,n.$super=this,n},create:function(){var r=this.extend();return r.init.apply(r,arguments),r},init:function(){},mixIn:function(r){for(var n in r)r.hasOwnProperty(n)&&(this[n]=r[n]);r.hasOwnProperty("toString")&&(this.toString=r.toString)},clone:function(){return this.init.prototype.extend(this)}}}(),b=d.WordArray=P.extend({init:function(t,r){t=this.words=t||[],this.sigBytes=r??4*t.length},toString:function(t){return(t||C).stringify(this)},concat:function(t){var r=this.words,n=t.words,i=this.sigBytes,s=t.sigBytes;if(this.clamp(),i%4)for(var f=0;f<s;f++){var S=n[f>>>2]>>>24-f%4*8&255;r[i+f>>>2]|=S<<24-(i+f)%4*8}else for(f=0;f<s;f+=4)r[i+f>>>2]=n[f>>>2];return this.sigBytes+=s,this},clamp:function(){var t=this.words,r=this.sigBytes;t[r>>>2]&=4294967295<<32-r%4*8,t.length=u.ceil(r/4)},clone:function(){var t=P.clone.call(this);return t.words=this.words.slice(0),t},random:function(t){for(var r=[],n=0;n<t;n+=4)r.push(4294967296*u.random()|0);return new b.init(r,t)}}),H=o.enc={},C=H.Hex={stringify:function(t){for(var r=t.words,n=t.sigBytes,i=[],s=0;s<n;s++){var f=r[s>>>2]>>>24-s%4*8&255;i.push((f>>>4).toString(16)),i.push((15&f).toString(16))}return i.join("")},parse:function(t){for(var r=t.length,n=[],i=0;i<r;i+=2)n[i>>>3]|=parseInt(t.substr(i,2),16)<<24-i%8*4;return new b.init(n,r/2)}},A=H.Latin1={stringify:function(t){for(var r=t.words,n=t.sigBytes,i=[],s=0;s<n;s++){var f=r[s>>>2]>>>24-s%4*8&255;i.push(String.fromCharCode(f))}return i.join("")},parse:function(t){for(var r=t.length,n=[],i=0;i<r;i++)n[i>>>2]|=(255&t.charCodeAt(i))<<24-i%4*8;return new b.init(n,r)}},F=H.Utf8={stringify:function(t){try{return decodeURIComponent(escape(A.stringify(t)))}catch{throw new Error("Malformed UTF-8 data")}},parse:function(t){return A.parse(unescape(encodeURIComponent(t)))}},O=d.BufferedBlockAlgorithm=P.extend({reset:function(){this._data=new b.init,this._nDataBytes=0},_append:function(t){typeof t=="string"&&(t=F.parse(t)),this._data.concat(t),this._nDataBytes+=t.sigBytes},_process:function(t){var r=this._data,n=r.words,i=r.sigBytes,s=this.blockSize,f=i/(4*s),S=(f=t?u.ceil(f):u.max((0|f)-this._minBufferSize,0))*s,y=u.min(4*S,i);if(S){for(var _=0;_<S;_+=s)this._doProcessBlock(n,_);var w=n.splice(0,S);r.sigBytes-=y}return new b.init(w,y)},clone:function(){var t=P.clone.call(this);return t._data=this._data.clone(),t},_minBufferSize:0}),d.Hasher=O.extend({cfg:P.extend(),init:function(t){this.cfg=this.cfg.extend(t),this.reset()},reset:function(){O.reset.call(this),this._doReset()},update:function(t){return this._append(t),this._process(),this},finalize:function(t){return t&&this._append(t),this._doFinalize()},blockSize:16,_createHelper:function(t){return function(r,n){return new t.init(n).finalize(r)}},_createHmacHelper:function(t){return function(r,n){return new Y.HMAC.init(t,n).finalize(r)}}}),Y=o.algo={},o);(function(e){var t,r=(t=M).lib,n=r.Base,i=r.WordArray;(t=t.x64={}).Word=n.extend({init:function(f,S){this.high=f,this.low=S}}),t.WordArray=n.extend({init:function(f,S){f=this.words=f||[],this.sigBytes=S??8*f.length},toX32:function(){for(var f=this.words,S=f.length,y=[],_=0;_<S;_++){var w=f[_];y.push(w.high),y.push(w.low)}return i.create(y,this.sigBytes)},clone:function(){for(var f=n.clone.call(this),S=f.words=this.words.slice(0),y=S.length,_=0;_<y;_++)S[_]=S[_].clone();return f}})})(),function(){var e=M,t=e.lib.WordArray;e.enc.Base64={stringify:function(n){var i=n.words,s=n.sigBytes,f=this._map;n.clamp(),n=[];for(var S=0;S<s;S+=3)for(var y=(i[S>>>2]>>>24-S%4*8&255)<<16|(i[S+1>>>2]>>>24-(S+1)%4*8&255)<<8|i[S+2>>>2]>>>24-(S+2)%4*8&255,_=0;4>_&&S+.75*_<s;_++)n.push(f.charAt(y>>>6*(3-_)&63));if(i=f.charAt(64))for(;n.length%4;)n.push(i);return n.join("")},parse:function(n){var i=n.length,s=this._map;(f=s.charAt(64))&&(f=n.indexOf(f))!=-1&&(i=f);for(var f=[],S=0,y=0;y<i;y++)if(y%4){var _=s.indexOf(n.charAt(y-1))<<y%4*2,w=s.indexOf(n.charAt(y))>>>6-y%4*2;f[S>>>2]|=(_|w)<<24-S%4*8,S++}return t.create(f,S)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="}}(),function(e){for(var t=M,r=(i=t.lib).WordArray,n=i.Hasher,i=t.algo,s=[],f=[],S=function(G){return 4294967296*(G-(0|G))|0},y=2,_=0;64>_;){var w;t:{w=y;for(var x=e.sqrt(w),D=2;D<=x;D++)if(!(w%D)){w=!1;break t}w=!0}w&&(8>_&&(s[_]=S(e.pow(y,.5))),f[_]=S(e.pow(y,1/3)),_++),y++}var V=[];i=i.SHA256=n.extend({_doReset:function(){this._hash=new r.init(s.slice(0))},_doProcessBlock:function(G,X){for(var g=this._hash.words,E=g[0],R=g[1],L=g[2],z=g[3],Q=g[4],ut=g[5],tt=g[6],gt=g[7],st=0;64>st;st++){if(16>st)V[st]=0|G[X+st];else{var ct=V[st-15],St=V[st-2];V[st]=((ct<<25|ct>>>7)^(ct<<14|ct>>>18)^ct>>>3)+V[st-7]+((St<<15|St>>>17)^(St<<13|St>>>19)^St>>>10)+V[st-16]}ct=gt+((Q<<26|Q>>>6)^(Q<<21|Q>>>11)^(Q<<7|Q>>>25))+(Q&ut^~Q&tt)+f[st]+V[st],St=((E<<30|E>>>2)^(E<<19|E>>>13)^(E<<10|E>>>22))+(E&R^E&L^R&L),gt=tt,tt=ut,ut=Q,Q=z+ct|0,z=L,L=R,R=E,E=ct+St|0}g[0]=g[0]+E|0,g[1]=g[1]+R|0,g[2]=g[2]+L|0,g[3]=g[3]+z|0,g[4]=g[4]+Q|0,g[5]=g[5]+ut|0,g[6]=g[6]+tt|0,g[7]=g[7]+gt|0},_doFinalize:function(){var G=this._data,X=G.words,g=8*this._nDataBytes,E=8*G.sigBytes;return X[E>>>5]|=128<<24-E%32,X[14+(E+64>>>9<<4)]=e.floor(g/4294967296),X[15+(E+64>>>9<<4)]=g,G.sigBytes=4*X.length,this._process(),this._hash},clone:function(){var G=n.clone.call(this);return G._hash=this._hash.clone(),G}}),t.SHA256=n._createHelper(i),t.HmacSHA256=n._createHmacHelper(i)}(Math),function(){function e(){return n.create.apply(n,arguments)}for(var t=M,r=t.lib.Hasher,n=(s=t.x64).Word,i=s.WordArray,s=t.algo,f=[e(1116352408,3609767458),e(1899447441,602891725),e(3049323471,3964484399),e(3921009573,2173295548),e(961987163,4081628472),e(1508970993,3053834265),e(2453635748,2937671579),e(2870763221,3664609560),e(3624381080,2734883394),e(310598401,1164996542),e(607225278,1323610764),e(1426881987,3590304994),e(1925078388,4068182383),e(2162078206,991336113),e(2614888103,633803317),e(3248222580,3479774868),e(3835390401,2666613458),e(4022224774,944711139),e(264347078,2341262773),e(604807628,2007800933),e(770255983,1495990901),e(1249150122,1856431235),e(1555081692,3175218132),e(1996064986,2198950837),e(2554220882,3999719339),e(2821834349,766784016),e(2952996808,2566594879),e(3210313671,3203337956),e(3336571891,1034457026),e(3584528711,2466948901),e(113926993,3758326383),e(338241895,168717936),e(666307205,1188179964),e(773529912,1546045734),e(1294757372,1522805485),e(1396182291,2643833823),e(1695183700,2343527390),e(1986661051,1014477480),e(2177026350,1206759142),e(2456956037,344077627),e(2730485921,1290863460),e(2820302411,3158454273),e(3259730800,3505952657),e(3345764771,106217008),e(3516065817,3606008344),e(3600352804,1432725776),e(4094571909,1467031594),e(275423344,851169720),e(430227734,3100823752),e(506948616,1363258195),e(659060556,3750685593),e(883997877,3785050280),e(958139571,3318307427),e(1322822218,3812723403),e(1537002063,2003034995),e(1747873779,3602036899),e(1955562222,1575990012),e(2024104815,1125592928),e(2227730452,2716904306),e(2361852424,442776044),e(2428436474,593698344),e(2756734187,3733110249),e(3204031479,2999351573),e(3329325298,3815920427),e(3391569614,3928383900),e(3515267271,566280711),e(3940187606,3454069534),e(4118630271,4000239992),e(116418474,1914138554),e(174292421,2731055270),e(289380356,3203993006),e(460393269,320620315),e(685471733,587496836),e(852142971,1086792851),e(1017036298,365543100),e(1126000580,2618297676),e(1288033470,3409855158),e(1501505948,4234509866),e(1607167915,987167468),e(1816402316,1246189591)],S=[],y=0;80>y;y++)S[y]=e();s=s.SHA512=r.extend({_doReset:function(){this._hash=new i.init([new n.init(1779033703,4089235720),new n.init(3144134277,2227873595),new n.init(1013904242,4271175723),new n.init(2773480762,1595750129),new n.init(1359893119,2917565137),new n.init(2600822924,725511199),new n.init(528734635,4215389547),new n.init(1541459225,327033209)])},_doProcessBlock:function(w,x){for(var D=(R=this._hash.words)[0],V=R[1],W=R[2],G=R[3],X=R[4],g=R[5],E=R[6],R=R[7],L=D.high,z=D.low,Q=V.high,ut=V.low,tt=W.high,gt=W.low,st=G.high,ct=G.low,St=X.high,Ft=X.low,wt=g.high,Qt=g.low,Ht=E.high,qt=E.low,Ct=R.high,Lt=R.low,Bt=L,Jt=z,Ee=Q,me=ut,xe=tt,_e=gt,qe=st,Ae=ct,se=St,re=Ft,Ue=wt,ke=Qt,Oe=Ht,Pe=qt,Je=Ct,Ce=Lt,ae=0;80>ae;ae++){var pe=S[ae];if(16>ae)var fe=pe.high=0|w[x+2*ae],Et=pe.low=0|w[x+2*ae+1];else{fe=((Et=(fe=S[ae-15]).high)>>>1|(ge=fe.low)<<31)^(Et>>>8|ge<<24)^Et>>>7;var ge=(ge>>>1|Et<<31)^(ge>>>8|Et<<24)^(ge>>>7|Et<<25),Se=((Et=(Se=S[ae-2]).high)>>>19|(Nt=Se.low)<<13)^(Et<<3|Nt>>>29)^Et>>>6,Nt=(Nt>>>19|Et<<13)^(Nt<<3|Et>>>29)^(Nt>>>6|Et<<26),We=(Et=S[ae-7]).high,ve=(ye=S[ae-16]).high,ye=ye.low;fe=(fe=(fe=fe+We+((Et=ge+Et.low)>>>0<ge>>>0?1:0))+Se+((Et=Et+Nt)>>>0<Nt>>>0?1:0))+ve+((Et=Et+ye)>>>0<ye>>>0?1:0),pe.high=fe,pe.low=Et}We=se&Ue^~se&Oe,ye=re&ke^~re&Pe,pe=Bt&Ee^Bt&xe^Ee&xe;var Er=Jt&me^Jt&_e^me&_e,xr=(ge=(Bt>>>28|Jt<<4)^(Bt<<30|Jt>>>2)^(Bt<<25|Jt>>>7),Se=(Jt>>>28|Bt<<4)^(Jt<<30|Bt>>>2)^(Jt<<25|Bt>>>7),(Nt=f[ae]).high),ur=Nt.low;ve=Je+((se>>>14|re<<18)^(se>>>18|re<<14)^(se<<23|re>>>9))+((Nt=Ce+((re>>>14|se<<18)^(re>>>18|se<<14)^(re<<23|se>>>9)))>>>0<Ce>>>0?1:0),Je=Oe,Ce=Pe,Oe=Ue,Pe=ke,Ue=se,ke=re,se=qe+(ve=(ve=(ve=ve+We+((Nt=Nt+ye)>>>0<ye>>>0?1:0))+xr+((Nt=Nt+ur)>>>0<ur>>>0?1:0))+fe+((Nt=Nt+Et)>>>0<Et>>>0?1:0))+((re=Ae+Nt|0)>>>0<Ae>>>0?1:0)|0,qe=xe,Ae=_e,xe=Ee,_e=me,Ee=Bt,me=Jt,Bt=ve+(pe=ge+pe+((Et=Se+Er)>>>0<Se>>>0?1:0))+((Jt=Nt+Et|0)>>>0<Nt>>>0?1:0)|0}z=D.low=z+Jt,D.high=L+Bt+(z>>>0<Jt>>>0?1:0),ut=V.low=ut+me,V.high=Q+Ee+(ut>>>0<me>>>0?1:0),gt=W.low=gt+_e,W.high=tt+xe+(gt>>>0<_e>>>0?1:0),ct=G.low=ct+Ae,G.high=st+qe+(ct>>>0<Ae>>>0?1:0),Ft=X.low=Ft+re,X.high=St+se+(Ft>>>0<re>>>0?1:0),Qt=g.low=Qt+ke,g.high=wt+Ue+(Qt>>>0<ke>>>0?1:0),qt=E.low=qt+Pe,E.high=Ht+Oe+(qt>>>0<Pe>>>0?1:0),Lt=R.low=Lt+Ce,R.high=Ct+Je+(Lt>>>0<Ce>>>0?1:0)},_doFinalize:function(){var w=this._data,x=w.words,D=8*this._nDataBytes,V=8*w.sigBytes;return x[V>>>5]|=128<<24-V%32,x[30+(V+128>>>10<<5)]=Math.floor(D/4294967296),x[31+(V+128>>>10<<5)]=D,w.sigBytes=4*x.length,this._process(),this._hash.toX32()},clone:function(){var w=r.clone.call(this);return w._hash=this._hash.clone(),w},blockSize:32}),t.SHA512=r._createHelper(s),t.HmacSHA512=r._createHmacHelper(s)}(),function(){var e=M,t=(i=e.x64).Word,r=i.WordArray,n=(i=e.algo).SHA512,i=i.SHA384=n.extend({_doReset:function(){this._hash=new r.init([new t.init(3418070365,3238371032),new t.init(1654270250,914150663),new t.init(2438529370,812702999),new t.init(355462360,4144912697),new t.init(1731405415,4290775857),new t.init(2394180231,1750603025),new t.init(3675008525,1694076839),new t.init(1203062813,3204075428)])},_doFinalize:function(){var f=n._doFinalize.call(this);return f.sigBytes-=16,f}});e.SHA384=n._createHelper(i),e.HmacSHA384=n._createHmacHelper(i)}();var K,I="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";function $(e){var t,r,n="";for(t=0;t+3<=e.length;t+=3)r=parseInt(e.substring(t,t+3),16),n+=I.charAt(r>>6)+I.charAt(63&r);for(t+1==e.length?(r=parseInt(e.substring(t,t+1),16),n+=I.charAt(r<<2)):t+2==e.length&&(r=parseInt(e.substring(t,t+2),16),n+=I.charAt(r>>2)+I.charAt((3&r)<<4)),"=";(3&n.length)>0;)n+="=";return n}function et(e){var t,r,n,i="",s=0;for(t=0;t<e.length&&e.charAt(t)!="=";++t)(n=I.indexOf(e.charAt(t)))<0||(s==0?(i+=xt(n>>2),r=3&n,s=1):s==1?(i+=xt(r<<2|n>>4),r=15&n,s=2):s==2?(i+=xt(r),i+=xt(n>>2),r=3&n,s=3):(i+=xt(r<<2|n>>4),i+=xt(15&n),s=0));return s==1&&(i+=xt(r<<2)),i}function ot(e){var t,r=et(e),n=new Array;for(t=0;2*t<r.length;++t)n[t]=parseInt(r.substring(2*t,2*t+2),16);return n}function B(e,t,r){e!=null&&(typeof e=="number"?this.fromNumber(e,t,r):t==null&&typeof e!="string"?this.fromString(e,256):this.fromString(e,t))}function nt(){return new B(null)}k.appName=="Microsoft Internet Explorer"?(B.prototype.am=function(t,r,n,i,s,f){for(var S=32767&r,y=r>>15;--f>=0;){var _=32767&this[t],w=this[t++]>>15,x=y*_+w*S;s=((_=S*_+((32767&x)<<15)+n[i]+(1073741823&s))>>>30)+(x>>>15)+y*w+(s>>>30),n[i++]=1073741823&_}return s},K=30):k.appName!="Netscape"?(B.prototype.am=function(t,r,n,i,s,f){for(;--f>=0;){var S=r*this[t++]+n[i]+s;s=Math.floor(S/67108864),n[i++]=67108863&S}return s},K=26):(B.prototype.am=function(t,r,n,i,s,f){for(var S=16383&r,y=r>>14;--f>=0;){var _=16383&this[t],w=this[t++]>>14,x=y*_+w*S;s=((_=S*_+((16383&x)<<14)+n[i]+s)>>28)+(x>>14)+y*w,n[i++]=268435455&_}return s},K=28),B.prototype.DB=K,B.prototype.DM=(1<<K)-1,B.prototype.DV=1<<K,B.prototype.FV=Math.pow(2,52),B.prototype.F1=52-K,B.prototype.F2=2*K-52;var ft,dt,jt=new Array;for(ft=48,dt=0;dt<=9;++dt)jt[ft++]=dt;for(ft=97,dt=10;dt<36;++dt)jt[ft++]=dt;for(ft=65,dt=10;dt<36;++dt)jt[ft++]=dt;function xt(e){return"0123456789abcdefghijklmnopqrstuvwxyz".charAt(e)}function Zt(e,t){var r=jt[e.charCodeAt(t)];return r??-1}function Tt(e){var t=nt();return t.fromInt(e),t}function pt(e){var t,r=1;return(t=e>>>16)!=0&&(e=t,r+=16),(t=e>>8)!=0&&(e=t,r+=8),(t=e>>4)!=0&&(e=t,r+=4),(t=e>>2)!=0&&(e=t,r+=2),(t=e>>1)!=0&&(e=t,r+=1),r}function vt(e){this.m=e}function At(e){this.m=e,this.mp=e.invDigit(),this.mpl=32767&this.mp,this.mph=this.mp>>15,this.um=(1<<e.DB-15)-1,this.mt2=2*e.t}function Wt(e,t){return e&t}function Vt(e,t){return e|t}function zt(e,t){return e^t}function $t(e,t){return e&~t}function he(e){if(e==0)return-1;var t=0;return(65535&e)==0&&(e>>=16,t+=16),(255&e)==0&&(e>>=8,t+=8),(15&e)==0&&(e>>=4,t+=4),(3&e)==0&&(e>>=2,t+=2),(1&e)==0&&++t,t}function ee(e){for(var t=0;e!=0;)e&=e-1,++t;return t}function Ut(){}function Yt(e){return e}function Kt(e){this.r2=nt(),this.q3=nt(),B.ONE.dlShiftTo(2*e.t,this.r2),this.mu=this.r2.divide(e),this.m=e}vt.prototype.convert=function(t){return t.s<0||t.compareTo(this.m)>=0?t.mod(this.m):t},vt.prototype.revert=function(t){return t},vt.prototype.reduce=function(t){t.divRemTo(this.m,null,t)},vt.prototype.mulTo=function(t,r,n){t.multiplyTo(r,n),this.reduce(n)},vt.prototype.sqrTo=function(t,r){t.squareTo(r),this.reduce(r)},At.prototype.convert=function(t){var r=nt();return t.abs().dlShiftTo(this.m.t,r),r.divRemTo(this.m,null,r),t.s<0&&r.compareTo(B.ZERO)>0&&this.m.subTo(r,r),r},At.prototype.revert=function(t){var r=nt();return t.copyTo(r),this.reduce(r),r},At.prototype.reduce=function(t){for(;t.t<=this.mt2;)t[t.t++]=0;for(var r=0;r<this.m.t;++r){var n=32767&t[r],i=n*this.mpl+((n*this.mph+(t[r]>>15)*this.mpl&this.um)<<15)&t.DM;for(t[n=r+this.m.t]+=this.m.am(0,i,t,r,0,this.m.t);t[n]>=t.DV;)t[n]-=t.DV,t[++n]++}t.clamp(),t.drShiftTo(this.m.t,t),t.compareTo(this.m)>=0&&t.subTo(this.m,t)},At.prototype.mulTo=function(t,r,n){t.multiplyTo(r,n),this.reduce(n)},At.prototype.sqrTo=function(t,r){t.squareTo(r),this.reduce(r)},B.prototype.copyTo=function(t){for(var r=this.t-1;r>=0;--r)t[r]=this[r];t.t=this.t,t.s=this.s},B.prototype.fromInt=function(t){this.t=1,this.s=t<0?-1:0,t>0?this[0]=t:t<-1?this[0]=t+this.DV:this.t=0},B.prototype.fromString=function(t,r){var n;if(r==16)n=4;else if(r==8)n=3;else if(r==256)n=8;else if(r==2)n=1;else if(r==32)n=5;else{if(r!=4)return void this.fromRadix(t,r);n=2}this.t=0,this.s=0;for(var i=t.length,s=!1,f=0;--i>=0;){var S=n==8?255&t[i]:Zt(t,i);S<0?t.charAt(i)=="-"&&(s=!0):(s=!1,f==0?this[this.t++]=S:f+n>this.DB?(this[this.t-1]|=(S&(1<<this.DB-f)-1)<<f,this[this.t++]=S>>this.DB-f):this[this.t-1]|=S<<f,(f+=n)>=this.DB&&(f-=this.DB))}n==8&&(128&t[0])!=0&&(this.s=-1,f>0&&(this[this.t-1]|=(1<<this.DB-f)-1<<f)),this.clamp(),s&&B.ZERO.subTo(this,this)},B.prototype.clamp=function(){for(var t=this.s&this.DM;this.t>0&&this[this.t-1]==t;)--this.t},B.prototype.dlShiftTo=function(t,r){var n;for(n=this.t-1;n>=0;--n)r[n+t]=this[n];for(n=t-1;n>=0;--n)r[n]=0;r.t=this.t+t,r.s=this.s},B.prototype.drShiftTo=function(t,r){for(var n=t;n<this.t;++n)r[n-t]=this[n];r.t=Math.max(this.t-t,0),r.s=this.s},B.prototype.lShiftTo=function(t,r){var n,i=t%this.DB,s=this.DB-i,f=(1<<s)-1,S=Math.floor(t/this.DB),y=this.s<<i&this.DM;for(n=this.t-1;n>=0;--n)r[n+S+1]=this[n]>>s|y,y=(this[n]&f)<<i;for(n=S-1;n>=0;--n)r[n]=0;r[S]=y,r.t=this.t+S+1,r.s=this.s,r.clamp()},B.prototype.rShiftTo=function(t,r){r.s=this.s;var n=Math.floor(t/this.DB);if(n>=this.t)r.t=0;else{var i=t%this.DB,s=this.DB-i,f=(1<<i)-1;r[0]=this[n]>>i;for(var S=n+1;S<this.t;++S)r[S-n-1]|=(this[S]&f)<<s,r[S-n]=this[S]>>i;i>0&&(r[this.t-n-1]|=(this.s&f)<<s),r.t=this.t-n,r.clamp()}},B.prototype.subTo=function(t,r){for(var n=0,i=0,s=Math.min(t.t,this.t);n<s;)i+=this[n]-t[n],r[n++]=i&this.DM,i>>=this.DB;if(t.t<this.t){for(i-=t.s;n<this.t;)i+=this[n],r[n++]=i&this.DM,i>>=this.DB;i+=this.s}else{for(i+=this.s;n<t.t;)i-=t[n],r[n++]=i&this.DM,i>>=this.DB;i-=t.s}r.s=i<0?-1:0,i<-1?r[n++]=this.DV+i:i>0&&(r[n++]=i),r.t=n,r.clamp()},B.prototype.multiplyTo=function(t,r){var n=this.abs(),i=t.abs(),s=n.t;for(r.t=s+i.t;--s>=0;)r[s]=0;for(s=0;s<i.t;++s)r[s+n.t]=n.am(0,i[s],r,s,0,n.t);r.s=0,r.clamp(),this.s!=t.s&&B.ZERO.subTo(r,r)},B.prototype.squareTo=function(t){for(var r=this.abs(),n=t.t=2*r.t;--n>=0;)t[n]=0;for(n=0;n<r.t-1;++n){var i=r.am(n,r[n],t,2*n,0,1);(t[n+r.t]+=r.am(n+1,2*r[n],t,2*n+1,i,r.t-n-1))>=r.DV&&(t[n+r.t]-=r.DV,t[n+r.t+1]=1)}t.t>0&&(t[t.t-1]+=r.am(n,r[n],t,2*n,0,1)),t.s=0,t.clamp()},B.prototype.divRemTo=function(t,r,n){var i=t.abs();if(!(i.t<=0)){var s=this.abs();if(s.t<i.t)return r?.fromInt(0),void(n!=null&&this.copyTo(n));n==null&&(n=nt());var f=nt(),S=this.s,y=t.s,_=this.DB-pt(i[i.t-1]);_>0?(i.lShiftTo(_,f),s.lShiftTo(_,n)):(i.copyTo(f),s.copyTo(n));var w=f.t,x=f[w-1];if(x!=0){var D=x*(1<<this.F1)+(w>1?f[w-2]>>this.F2:0),V=this.FV/D,W=(1<<this.F1)/D,G=1<<this.F2,X=n.t,g=X-w,E=r??nt();for(f.dlShiftTo(g,E),n.compareTo(E)>=0&&(n[n.t++]=1,n.subTo(E,n)),B.ONE.dlShiftTo(w,E),E.subTo(f,f);f.t<w;)f[f.t++]=0;for(;--g>=0;){var R=n[--X]==x?this.DM:Math.floor(n[X]*V+(n[X-1]+G)*W);if((n[X]+=f.am(0,R,n,g,0,w))<R)for(f.dlShiftTo(g,E),n.subTo(E,n);n[X]<--R;)n.subTo(E,n)}r!=null&&(n.drShiftTo(w,r),S!=y&&B.ZERO.subTo(r,r)),n.t=w,n.clamp(),_>0&&n.rShiftTo(_,n),S<0&&B.ZERO.subTo(n,n)}}},B.prototype.invDigit=function(){if(this.t<1)return 0;var t=this[0];if((1&t)==0)return 0;var r=3&t;return(r=(r=(r=(r=r*(2-(15&t)*r)&15)*(2-(255&t)*r)&255)*(2-((65535&t)*r&65535))&65535)*(2-t*r%this.DV)%this.DV)>0?this.DV-r:-r},B.prototype.isEven=function(){return(this.t>0?1&this[0]:this.s)==0},B.prototype.exp=function(t,r){if(t>4294967295||t<1)return B.ONE;var n=nt(),i=nt(),s=r.convert(this),f=pt(t)-1;for(s.copyTo(n);--f>=0;)if(r.sqrTo(n,i),(t&1<<f)>0)r.mulTo(i,s,n);else{var S=n;n=i,i=S}return r.revert(n)},B.prototype.toString=function(t){if(this.s<0)return"-"+this.negate().toString(t);var r;if(t==16)r=4;else if(t==8)r=3;else if(t==2)r=1;else if(t==32)r=5;else{if(t!=4)return this.toRadix(t);r=2}var n,i=(1<<r)-1,s=!1,f="",S=this.t,y=this.DB-S*this.DB%r;if(S-- >0)for(y<this.DB&&(n=this[S]>>y)>0&&(s=!0,f=xt(n));S>=0;)y<r?(n=(this[S]&(1<<y)-1)<<r-y,n|=this[--S]>>(y+=this.DB-r)):(n=this[S]>>(y-=r)&i,y<=0&&(y+=this.DB,--S)),n>0&&(s=!0),s&&(f+=xt(n));return s?f:"0"},B.prototype.negate=function(){var t=nt();return B.ZERO.subTo(this,t),t},B.prototype.abs=function(){return this.s<0?this.negate():this},B.prototype.compareTo=function(t){var r=this.s-t.s;if(r!=0)return r;var n=this.t;if((r=n-t.t)!=0)return this.s<0?-r:r;for(;--n>=0;)if((r=this[n]-t[n])!=0)return r;return 0},B.prototype.bitLength=function(){return this.t<=0?0:this.DB*(this.t-1)+pt(this[this.t-1]^this.s&this.DM)},B.prototype.mod=function(t){var r=nt();return this.abs().divRemTo(t,null,r),this.s<0&&r.compareTo(B.ZERO)>0&&t.subTo(r,r),r},B.prototype.modPowInt=function(t,r){var n;return n=t<256||r.isEven()?new vt(r):new At(r),this.exp(t,n)},B.ZERO=Tt(0),B.ONE=Tt(1),Ut.prototype.convert=Yt,Ut.prototype.revert=Yt,Ut.prototype.mulTo=function(t,r,n){t.multiplyTo(r,n)},Ut.prototype.sqrTo=function(t,r){t.squareTo(r)},Kt.prototype.convert=function(t){if(t.s<0||t.t>2*this.m.t)return t.mod(this.m);if(t.compareTo(this.m)<0)return t;var r=nt();return t.copyTo(r),this.reduce(r),r},Kt.prototype.revert=function(t){return t},Kt.prototype.reduce=function(t){for(t.drShiftTo(this.m.t-1,this.r2),t.t>this.m.t+1&&(t.t=this.m.t+1,t.clamp()),this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3),this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);t.compareTo(this.r2)<0;)t.dAddOffset(1,this.m.t+1);for(t.subTo(this.r2,t);t.compareTo(this.m)>=0;)t.subTo(this.m,t)},Kt.prototype.mulTo=function(t,r,n){t.multiplyTo(r,n),this.reduce(n)},Kt.prototype.sqrTo=function(t,r){t.squareTo(r),this.reduce(r)};var U=[2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509,521,523,541,547,557,563,569,571,577,587,593,599,601,607,613,617,619,631,641,643,647,653,659,661,673,677,683,691,701,709,719,727,733,739,743,751,757,761,769,773,787,797,809,811,821,823,827,829,839,853,857,859,863,877,881,883,887,907,911,919,929,937,941,947,953,967,971,977,983,991,997],c=(1<<26)/U[U.length-1];function h(){this.i=0,this.j=0,this.S=new Array}B.prototype.chunkSize=function(t){return Math.floor(Math.LN2*this.DB/Math.log(t))},B.prototype.toRadix=function(t){if(t==null&&(t=10),this.signum()==0||t<2||t>36)return"0";var r=this.chunkSize(t),n=Math.pow(t,r),i=Tt(n),s=nt(),f=nt(),S="";for(this.divRemTo(i,s,f);s.signum()>0;)S=(n+f.intValue()).toString(t).substr(1)+S,s.divRemTo(i,s,f);return f.intValue().toString(t)+S},B.prototype.fromRadix=function(t,r){this.fromInt(0),r==null&&(r=10);for(var n=this.chunkSize(r),i=Math.pow(r,n),s=!1,f=0,S=0,y=0;y<t.length;++y){var _=Zt(t,y);_<0?t.charAt(y)=="-"&&this.signum()==0&&(s=!0):(S=r*S+_,++f>=n&&(this.dMultiply(i),this.dAddOffset(S,0),f=0,S=0))}f>0&&(this.dMultiply(Math.pow(r,f)),this.dAddOffset(S,0)),s&&B.ZERO.subTo(this,this)},B.prototype.fromNumber=function(t,r,n){if(typeof r=="number")if(t<2)this.fromInt(1);else for(this.fromNumber(t,n),this.testBit(t-1)||this.bitwiseTo(B.ONE.shiftLeft(t-1),Vt,this),this.isEven()&&this.dAddOffset(1,0);!this.isProbablePrime(r);)this.dAddOffset(2,0),this.bitLength()>t&&this.subTo(B.ONE.shiftLeft(t-1),this);else{var i=new Array,s=7&t;i.length=1+(t>>3),r.nextBytes(i),s>0?i[0]&=(1<<s)-1:i[0]=0,this.fromString(i,256)}},B.prototype.bitwiseTo=function(t,r,n){var i,s,f=Math.min(t.t,this.t);for(i=0;i<f;++i)n[i]=r(this[i],t[i]);if(t.t<this.t){for(s=t.s&this.DM,i=f;i<this.t;++i)n[i]=r(this[i],s);n.t=this.t}else{for(s=this.s&this.DM,i=f;i<t.t;++i)n[i]=r(s,t[i]);n.t=t.t}n.s=r(this.s,t.s),n.clamp()},B.prototype.changeBit=function(t,r){var n=B.ONE.shiftLeft(t);return this.bitwiseTo(n,r,n),n},B.prototype.addTo=function(t,r){for(var n=0,i=0,s=Math.min(t.t,this.t);n<s;)i+=this[n]+t[n],r[n++]=i&this.DM,i>>=this.DB;if(t.t<this.t){for(i+=t.s;n<this.t;)i+=this[n],r[n++]=i&this.DM,i>>=this.DB;i+=this.s}else{for(i+=this.s;n<t.t;)i+=t[n],r[n++]=i&this.DM,i>>=this.DB;i+=t.s}r.s=i<0?-1:0,i>0?r[n++]=i:i<-1&&(r[n++]=this.DV+i),r.t=n,r.clamp()},B.prototype.dMultiply=function(t){this[this.t]=this.am(0,t-1,this,0,0,this.t),++this.t,this.clamp()},B.prototype.dAddOffset=function(t,r){if(t!=0){for(;this.t<=r;)this[this.t++]=0;for(this[r]+=t;this[r]>=this.DV;)this[r]-=this.DV,++r>=this.t&&(this[this.t++]=0),++this[r]}},B.prototype.multiplyLowerTo=function(t,r,n){var i,s=Math.min(this.t+t.t,r);for(n.s=0,n.t=s;s>0;)n[--s]=0;for(i=n.t-this.t;s<i;++s)n[s+this.t]=this.am(0,t[s],n,s,0,this.t);for(i=Math.min(t.t,r);s<i;++s)this.am(0,t[s],n,s,0,r-s);n.clamp()},B.prototype.multiplyUpperTo=function(t,r,n){--r;var i=n.t=this.t+t.t-r;for(n.s=0;--i>=0;)n[i]=0;for(i=Math.max(r-this.t,0);i<t.t;++i)n[this.t+i-r]=this.am(r-i,t[i],n,0,0,this.t+i-r);n.clamp(),n.drShiftTo(1,n)},B.prototype.modInt=function(t){if(t<=0)return 0;var r=this.DV%t,n=this.s<0?t-1:0;if(this.t>0)if(r==0)n=this[0]%t;else for(var i=this.t-1;i>=0;--i)n=(r*n+this[i])%t;return n},B.prototype.millerRabin=function(t){var r=this.subtract(B.ONE),n=r.getLowestSetBit();if(n<=0)return!1;var i=r.shiftRight(n);(t=t+1>>1)>U.length&&(t=U.length);for(var s=nt(),f=0;f<t;++f){s.fromInt(U[Math.floor(Math.random()*U.length)]);var S=s.modPow(i,this);if(S.compareTo(B.ONE)!=0&&S.compareTo(r)!=0){for(var y=1;y++<n&&S.compareTo(r)!=0;)if((S=S.modPowInt(2,this)).compareTo(B.ONE)==0)return!1;if(S.compareTo(r)!=0)return!1}}return!0},B.prototype.clone=function(){var t=nt();return this.copyTo(t),t},B.prototype.intValue=function(){if(this.s<0){if(this.t==1)return this[0]-this.DV;if(this.t==0)return-1}else{if(this.t==1)return this[0];if(this.t==0)return 0}return(this[1]&(1<<32-this.DB)-1)<<this.DB|this[0]},B.prototype.byteValue=function(){return this.t==0?this.s:this[0]<<24>>24},B.prototype.shortValue=function(){return this.t==0?this.s:this[0]<<16>>16},B.prototype.signum=function(){return this.s<0?-1:this.t<=0||this.t==1&&this[0]<=0?0:1},B.prototype.toByteArray=function(){var t=this.t,r=new Array;r[0]=this.s;var n,i=this.DB-t*this.DB%8,s=0;if(t-- >0)for(i<this.DB&&(n=this[t]>>i)!=(this.s&this.DM)>>i&&(r[s++]=n|this.s<<this.DB-i);t>=0;)i<8?(n=(this[t]&(1<<i)-1)<<8-i,n|=this[--t]>>(i+=this.DB-8)):(n=this[t]>>(i-=8)&255,i<=0&&(i+=this.DB,--t)),(128&n)!=0&&(n|=-256),s==0&&(128&this.s)!=(128&n)&&++s,(s>0||n!=this.s)&&(r[s++]=n);return r},B.prototype.equals=function(t){return this.compareTo(t)==0},B.prototype.min=function(t){return this.compareTo(t)<0?this:t},B.prototype.max=function(t){return this.compareTo(t)>0?this:t},B.prototype.and=function(t){var r=nt();return this.bitwiseTo(t,Wt,r),r},B.prototype.or=function(t){var r=nt();return this.bitwiseTo(t,Vt,r),r},B.prototype.xor=function(t){var r=nt();return this.bitwiseTo(t,zt,r),r},B.prototype.andNot=function(t){var r=nt();return this.bitwiseTo(t,$t,r),r},B.prototype.not=function(){for(var t=nt(),r=0;r<this.t;++r)t[r]=this.DM&~this[r];return t.t=this.t,t.s=~this.s,t},B.prototype.shiftLeft=function(t){var r=nt();return t<0?this.rShiftTo(-t,r):this.lShiftTo(t,r),r},B.prototype.shiftRight=function(t){var r=nt();return t<0?this.lShiftTo(-t,r):this.rShiftTo(t,r),r},B.prototype.getLowestSetBit=function(){for(var t=0;t<this.t;++t)if(this[t]!=0)return t*this.DB+he(this[t]);return this.s<0?this.t*this.DB:-1},B.prototype.bitCount=function(){for(var t=0,r=this.s&this.DM,n=0;n<this.t;++n)t+=ee(this[n]^r);return t},B.prototype.testBit=function(t){var r=Math.floor(t/this.DB);return r>=this.t?this.s!=0:(this[r]&1<<t%this.DB)!=0},B.prototype.setBit=function(t){return this.changeBit(t,Vt)},B.prototype.clearBit=function(t){return this.changeBit(t,$t)},B.prototype.flipBit=function(t){return this.changeBit(t,zt)},B.prototype.add=function(t){var r=nt();return this.addTo(t,r),r},B.prototype.subtract=function(t){var r=nt();return this.subTo(t,r),r},B.prototype.multiply=function(t){var r=nt();return this.multiplyTo(t,r),r},B.prototype.divide=function(t){var r=nt();return this.divRemTo(t,r,null),r},B.prototype.remainder=function(t){var r=nt();return this.divRemTo(t,null,r),r},B.prototype.divideAndRemainder=function(t){var r=nt(),n=nt();return this.divRemTo(t,r,n),new Array(r,n)},B.prototype.modPow=function(t,r){var n,i,s=t.bitLength(),f=Tt(1);if(s<=0)return f;n=s<18?1:s<48?3:s<144?4:s<768?5:6,i=s<8?new vt(r):r.isEven()?new Kt(r):new At(r);var S=new Array,y=3,_=n-1,w=(1<<n)-1;if(S[1]=i.convert(this),n>1){var x=nt();for(i.sqrTo(S[1],x);y<=w;)S[y]=nt(),i.mulTo(x,S[y-2],S[y]),y+=2}var D,V,W=t.t-1,G=!0,X=nt();for(s=pt(t[W])-1;W>=0;){for(s>=_?D=t[W]>>s-_&w:(D=(t[W]&(1<<s+1)-1)<<_-s,W>0&&(D|=t[W-1]>>this.DB+s-_)),y=n;(1&D)==0;)D>>=1,--y;if((s-=y)<0&&(s+=this.DB,--W),G)S[D].copyTo(f),G=!1;else{for(;y>1;)i.sqrTo(f,X),i.sqrTo(X,f),y-=2;y>0?i.sqrTo(f,X):(V=f,f=X,X=V),i.mulTo(X,S[D],f)}for(;W>=0&&(t[W]&1<<s)==0;)i.sqrTo(f,X),V=f,f=X,X=V,--s<0&&(s=this.DB-1,--W)}return i.revert(f)},B.prototype.modInverse=function(t){var r=t.isEven();if(this.isEven()&&r||t.signum()==0)return B.ZERO;for(var n=t.clone(),i=this.clone(),s=Tt(1),f=Tt(0),S=Tt(0),y=Tt(1);n.signum()!=0;){for(;n.isEven();)n.rShiftTo(1,n),r?(s.isEven()&&f.isEven()||(s.addTo(this,s),f.subTo(t,f)),s.rShiftTo(1,s)):f.isEven()||f.subTo(t,f),f.rShiftTo(1,f);for(;i.isEven();)i.rShiftTo(1,i),r?(S.isEven()&&y.isEven()||(S.addTo(this,S),y.subTo(t,y)),S.rShiftTo(1,S)):y.isEven()||y.subTo(t,y),y.rShiftTo(1,y);n.compareTo(i)>=0?(n.subTo(i,n),r&&s.subTo(S,s),f.subTo(y,f)):(i.subTo(n,i),r&&S.subTo(s,S),y.subTo(f,y))}return i.compareTo(B.ONE)!=0?B.ZERO:y.compareTo(t)>=0?y.subtract(t):y.signum()<0?(y.addTo(t,y),y.signum()<0?y.add(t):y):y},B.prototype.pow=function(t){return this.exp(t,new Ut)},B.prototype.gcd=function(t){var r=this.s<0?this.negate():this.clone(),n=t.s<0?t.negate():t.clone();if(r.compareTo(n)<0){var i=r;r=n,n=i}var s=r.getLowestSetBit(),f=n.getLowestSetBit();if(f<0)return r;for(s<f&&(f=s),f>0&&(r.rShiftTo(f,r),n.rShiftTo(f,n));r.signum()>0;)(s=r.getLowestSetBit())>0&&r.rShiftTo(s,r),(s=n.getLowestSetBit())>0&&n.rShiftTo(s,n),r.compareTo(n)>=0?(r.subTo(n,r),r.rShiftTo(1,r)):(n.subTo(r,n),n.rShiftTo(1,n));return f>0&&n.lShiftTo(f,n),n},B.prototype.isProbablePrime=function(t){var r,n=this.abs();if(n.t==1&&n[0]<=U[U.length-1]){for(r=0;r<U.length;++r)if(n[0]==U[r])return!0;return!1}if(n.isEven())return!1;for(r=1;r<U.length;){for(var i=U[r],s=r+1;s<U.length&&i<c;)i*=U[s++];for(i=n.modInt(i);r<s;)if(i%U[r++]==0)return!1}return n.millerRabin(t)},B.prototype.square=function(){var t=nt();return this.squareTo(t),t},h.prototype.init=function(t){var r,n,i;for(r=0;r<256;++r)this.S[r]=r;for(n=0,r=0;r<256;++r)n=n+this.S[r]+t[r%t.length]&255,i=this.S[r],this.S[r]=this.S[n],this.S[n]=i;this.i=0,this.j=0},h.prototype.next=function(){var t;return this.i=this.i+1&255,this.j=this.j+this.S[this.i]&255,t=this.S[this.i],this.S[this.i]=this.S[this.j],this.S[this.j]=t,this.S[t+this.S[this.i]&255]};var N,q,J;function Z(){(function(t){q[J++]^=255&t,q[J++]^=t>>8&255,q[J++]^=t>>16&255,q[J++]^=t>>24&255,J>=256&&(J-=256)})(new Date().getTime())}if(q==null){var at;if(q=new Array,J=0,m!==void 0&&(m.crypto!==void 0||m.msCrypto!==void 0)){var lt=m.crypto||m.msCrypto;if(lt.getRandomValues){var _t=new Uint8Array(32);for(lt.getRandomValues(_t),at=0;at<32;++at)q[J++]=_t[at]}else if(k.appName=="Netscape"&&k.appVersion<"5"){var yt=m.crypto.random(32);for(at=0;at<yt.length;++at)q[J++]=255&yt.charCodeAt(at)}}for(;J<256;)at=Math.floor(65536*Math.random()),q[J++]=at>>>8,q[J++]=255&at;J=0,Z()}function Pt(){if(N==null){for(Z(),(N=function(){return new h}()).init(q),J=0;J<q.length;++J)q[J]=0;J=0}return N.next()}function Mt(){}function Gt(e,t){return new B(e,t)}function ie(e,t,r){for(var n="",i=0;n.length<t;)n+=r(String.fromCharCode.apply(String,e.concat([(4278190080&i)>>24,(16711680&i)>>16,(65280&i)>>8,255&i]))),i+=1;return n}function ht(){this.n=null,this.e=0,this.d=null,this.p=null,this.q=null,this.dmp1=null,this.dmq1=null,this.coeff=null}function kt(e,t){this.x=t,this.q=e}function mt(e,t,r,n){this.curve=e,this.x=t,this.y=r,this.z=n??B.ONE,this.zinv=null}function de(e,t,r){this.q=e,this.a=this.fromBigInteger(t),this.b=this.fromBigInteger(r),this.infinity=new mt(this,null,null)}Mt.prototype.nextBytes=function(t){var r;for(r=0;r<t.length;++r)t[r]=Pt()},ht.prototype.doPublic=function(t){return t.modPowInt(this.e,this.n)},ht.prototype.setPublic=function(t,r){if(this.isPublic=!0,this.isPrivate=!1,typeof t!="string")this.n=t,this.e=r;else{if(!(t!=null&&r!=null&&t.length>0&&r.length>0))throw"Invalid RSA public key";this.n=Gt(t,16),this.e=parseInt(r,16)}},ht.prototype.encrypt=function(t){var r=function(f,S){if(S<f.length+11)throw"Message too long for RSA";for(var y=new Array,_=f.length-1;_>=0&&S>0;){var w=f.charCodeAt(_--);w<128?y[--S]=w:w>127&&w<2048?(y[--S]=63&w|128,y[--S]=w>>6|192):(y[--S]=63&w|128,y[--S]=w>>6&63|128,y[--S]=w>>12|224)}y[--S]=0;for(var x=new Mt,D=new Array;S>2;){for(D[0]=0;D[0]==0;)x.nextBytes(D);y[--S]=D[0]}return y[--S]=2,y[--S]=0,new B(y)}(t,this.n.bitLength()+7>>3);if(r==null)return null;var n=this.doPublic(r);if(n==null)return null;var i=n.toString(16);return(1&i.length)==0?i:"0"+i},ht.prototype.encryptOAEP=function(t,r,n){var i=function(y,_,w,x){var D=v.crypto.MessageDigest,V=v.crypto.Util,W=null;if(w||(w="sha1"),typeof w=="string"&&(W=D.getCanonicalAlgName(w),x=D.getHashLength(W),w=function(tt){return te(V.hashHex(ue(tt),W))}),y.length+2*x+2>_)throw"Message too long for RSA";var G,X="";for(G=0;G<_-y.length-2*x-2;G+=1)X+="\0";var g=w("")+X+"
"+y,E=new Array(x);new Mt().nextBytes(E);var R=ie(E,g.length,w),L=[];for(G=0;G<g.length;G+=1)L[G]=g.charCodeAt(G)^R.charCodeAt(G);var z=ie(L,E.length,w),Q=[0];for(G=0;G<E.length;G+=1)Q[G+1]=E[G]^z.charCodeAt(G);return new B(Q.concat(L))}(t,this.n.bitLength()+7>>3,r,n);if(i==null)return null;var s=this.doPublic(i);if(s==null)return null;var f=s.toString(16);return(1&f.length)==0?f:"0"+f},ht.prototype.type="RSA",kt.prototype.equals=function(t){return t==this||this.q.equals(t.q)&&this.x.equals(t.x)},kt.prototype.toBigInteger=function(){return this.x},kt.prototype.negate=function(){return new kt(this.q,this.x.negate().mod(this.q))},kt.prototype.add=function(t){return new kt(this.q,this.x.add(t.toBigInteger()).mod(this.q))},kt.prototype.subtract=function(t){return new kt(this.q,this.x.subtract(t.toBigInteger()).mod(this.q))},kt.prototype.multiply=function(t){return new kt(this.q,this.x.multiply(t.toBigInteger()).mod(this.q))},kt.prototype.square=function(){return new kt(this.q,this.x.square().mod(this.q))},kt.prototype.divide=function(t){return new kt(this.q,this.x.multiply(t.toBigInteger().modInverse(this.q)).mod(this.q))},mt.prototype.getX=function(){return this.zinv==null&&(this.zinv=this.z.modInverse(this.curve.q)),this.curve.fromBigInteger(this.x.toBigInteger().multiply(this.zinv).mod(this.curve.q))},mt.prototype.getY=function(){return this.zinv==null&&(this.zinv=this.z.modInverse(this.curve.q)),this.curve.fromBigInteger(this.y.toBigInteger().multiply(this.zinv).mod(this.curve.q))},mt.prototype.equals=function(t){return t==this||(this.isInfinity()?t.isInfinity():t.isInfinity()?this.isInfinity():!!t.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(t.z)).mod(this.curve.q).equals(B.ZERO)&&t.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(t.z)).mod(this.curve.q).equals(B.ZERO))},mt.prototype.isInfinity=function(){return this.x==null&&this.y==null||this.z.equals(B.ZERO)&&!this.y.toBigInteger().equals(B.ZERO)},mt.prototype.negate=function(){return new mt(this.curve,this.x,this.y.negate(),this.z)},mt.prototype.add=function(t){if(this.isInfinity())return t;if(t.isInfinity())return this;var r=t.y.toBigInteger().multiply(this.z).subtract(this.y.toBigInteger().multiply(t.z)).mod(this.curve.q),n=t.x.toBigInteger().multiply(this.z).subtract(this.x.toBigInteger().multiply(t.z)).mod(this.curve.q);if(B.ZERO.equals(n))return B.ZERO.equals(r)?this.twice():this.curve.getInfinity();var i=new B("3"),s=this.x.toBigInteger(),f=this.y.toBigInteger(),S=(t.x.toBigInteger(),t.y.toBigInteger(),n.square()),y=S.multiply(n),_=s.multiply(S),w=r.square().multiply(this.z),x=w.subtract(_.shiftLeft(1)).multiply(t.z).subtract(y).multiply(n).mod(this.curve.q),D=_.multiply(i).multiply(r).subtract(f.multiply(y)).subtract(w.multiply(r)).multiply(t.z).add(r.multiply(y)).mod(this.curve.q),V=y.multiply(this.z).multiply(t.z).mod(this.curve.q);return new mt(this.curve,this.curve.fromBigInteger(x),this.curve.fromBigInteger(D),V)},mt.prototype.twice=function(){if(this.isInfinity())return this;if(this.y.toBigInteger().signum()==0)return this.curve.getInfinity();var t=new B("3"),r=this.x.toBigInteger(),n=this.y.toBigInteger(),i=n.multiply(this.z),s=i.multiply(n).mod(this.curve.q),f=this.curve.a.toBigInteger(),S=r.square().multiply(t);B.ZERO.equals(f)||(S=S.add(this.z.square().multiply(f)));var y=(S=S.mod(this.curve.q)).square().subtract(r.shiftLeft(3).multiply(s)).shiftLeft(1).multiply(i).mod(this.curve.q),_=S.multiply(t).multiply(r).subtract(s.shiftLeft(1)).shiftLeft(2).multiply(s).subtract(S.square().multiply(S)).mod(this.curve.q),w=i.square().multiply(i).shiftLeft(3).mod(this.curve.q);return new mt(this.curve,this.curve.fromBigInteger(y),this.curve.fromBigInteger(_),w)},mt.prototype.multiply=function(t){if(this.isInfinity())return this;if(t.signum()==0)return this.curve.getInfinity();var r,n=t,i=n.multiply(new B("3")),s=this.negate(),f=this,S=this.curve.q.subtract(t),y=S.multiply(new B("3")),_=new mt(this.curve,this.x,this.y),w=_.negate();for(r=i.bitLength()-2;r>0;--r){f=f.twice();var x=i.testBit(r);x!=n.testBit(r)&&(f=f.add(x?this:s))}for(r=y.bitLength()-2;r>0;--r){_=_.twice();var D=y.testBit(r);D!=S.testBit(r)&&(_=_.add(D?_:w))}return f},mt.prototype.multiplyTwo=function(t,r,n){var i;i=t.bitLength()>n.bitLength()?t.bitLength()-1:n.bitLength()-1;for(var s=this.curve.getInfinity(),f=this.add(r);i>=0;)s=s.twice(),t.testBit(i)?s=n.testBit(i)?s.add(f):s.add(this):n.testBit(i)&&(s=s.add(r)),--i;return s},de.prototype.getQ=function(){return this.q},de.prototype.getA=function(){return this.a},de.prototype.getB=function(){return this.b},de.prototype.equals=function(t){return t==this||this.q.equals(t.q)&&this.a.equals(t.a)&&this.b.equals(t.b)},de.prototype.getInfinity=function(){return this.infinity},de.prototype.fromBigInteger=function(t){return new kt(this.q,t)},de.prototype.decodePointHex=function(t){switch(parseInt(t.substr(0,2),16)){case 0:return this.infinity;case 2:case 3:return null;case 4:case 6:case 7:var r=(t.length-2)/2,n=t.substr(2,r),i=t.substr(r+2,r);return new mt(this,this.fromBigInteger(new B(n,16)),this.fromBigInteger(new B(i,16)));default:return null}},kt.prototype.getByteLength=function(){return Math.floor((this.toBigInteger().bitLength()+7)/8)},mt.prototype.getEncoded=function(e){var t=function(f,S){var y=f.toByteArrayUnsigned();if(S<y.length)y=y.slice(y.length-S);else for(;S>y.length;)y.unshift(0);return y},r=this.getX().toBigInteger(),n=this.getY().toBigInteger(),i=t(r,32);return e?n.isEven()?i.unshift(2):i.unshift(3):(i.unshift(4),i=i.concat(t(n,32))),i},mt.decodeFrom=function(e,t){t[0];var r=t.length-1,n=t.slice(1,1+r/2),i=t.slice(1+r/2,1+r);n.unshift(0),i.unshift(0);var s=new B(n),f=new B(i);return new mt(e,e.fromBigInteger(s),e.fromBigInteger(f))},mt.decodeFromHex=function(e,t){t.substr(0,2);var r=t.length-2,n=t.substr(2,r/2),i=t.substr(2+r/2,r/2),s=new B(n,16),f=new B(i,16);return new mt(e,e.fromBigInteger(s),e.fromBigInteger(f))},mt.prototype.add2D=function(e){if(this.isInfinity())return e;if(e.isInfinity())return this;if(this.x.equals(e.x))return this.y.equals(e.y)?this.twice():this.curve.getInfinity();var t=e.x.subtract(this.x),r=e.y.subtract(this.y).divide(t),n=r.square().subtract(this.x).subtract(e.x),i=r.multiply(this.x.subtract(n)).subtract(this.y);return new mt(this.curve,n,i)},mt.prototype.twice2D=function(){if(this.isInfinity())return this;if(this.y.toBigInteger().signum()==0)return this.curve.getInfinity();var e=this.curve.fromBigInteger(B.valueOf(2)),t=this.curve.fromBigInteger(B.valueOf(3)),r=this.x.square().multiply(t).add(this.curve.a).divide(this.y.multiply(e)),n=r.square().subtract(this.x.multiply(e)),i=r.multiply(this.x.subtract(n)).subtract(this.y);return new mt(this.curve,n,i)},mt.prototype.multiply2D=function(e){if(this.isInfinity())return this;if(e.signum()==0)return this.curve.getInfinity();var t,r=e,n=r.multiply(new B("3")),i=this.negate(),s=this;for(t=n.bitLength()-2;t>0;--t){s=s.twice();var f=n.testBit(t);f!=r.testBit(t)&&(s=s.add2D(f?this:i))}return s},mt.prototype.isOnCurve=function(){var e=this.getX().toBigInteger(),t=this.getY().toBigInteger(),r=this.curve.getA().toBigInteger(),n=this.curve.getB().toBigInteger(),i=this.curve.getQ(),s=t.multiply(t).mod(i),f=e.multiply(e).multiply(e).add(r.multiply(e)).add(n).mod(i);return s.equals(f)},mt.prototype.toString=function(){return"("+this.getX().toBigInteger().toString()+","+this.getY().toBigInteger().toString()+")"},mt.prototype.validate=function(){var e=this.curve.getQ();if(this.isInfinity())throw new Error("Point is at infinity.");var t=this.getX().toBigInteger(),r=this.getY().toBigInteger();if(t.compareTo(B.ONE)<0||t.compareTo(e.subtract(B.ONE))>0)throw new Error("x coordinate out of bounds");if(r.compareTo(B.ONE)<0||r.compareTo(e.subtract(B.ONE))>0)throw new Error("y coordinate out of bounds");if(!this.isOnCurve())throw new Error("Point is not on the curve.");if(this.multiply(e).isInfinity())throw new Error("Point is not a scalar multiple of G.");return!0};var Ye=function(){var e=new RegExp('(?:false|true|null|[\\{\\}\\[\\]]|(?:-?\\b(?:0|[1-9][0-9]*)(?:\\.[0-9]+)?(?:[eE][+-]?[0-9]+)?\\b)|(?:"(?:[^\\0-\\x08\\x0a-\\x1f"\\\\]|\\\\(?:["/\\\\bfnrt]|u[0-9A-Fa-f]{4}))*"))',"g"),t=new RegExp("\\\\(?:([^u])|u(.{4}))","g"),r={'"':'"',"/":"/","\\":"\\",b:"\b",f:"\f",n:`
-`,r:"\r",t:"	"};function n(f,S,y){return S?r[S]:String.fromCharCode(parseInt(y,16))}var i=new String(""),s=Object.hasOwnProperty;return function(f,S){var y,_,w=f.match(e),x=w[0],D=!1;x==="{"?y={}:x==="["?y=[]:(y=[],D=!0);for(var V=[y],W=1-D,G=w.length;W<G;++W){var X;switch((x=w[W]).charCodeAt(0)){default:(X=V[0])[_||X.length]=+x,_=void 0;break;case 34:if((x=x.substring(1,x.length-1)).indexOf("\\")!==-1&&(x=x.replace(t,n)),X=V[0],!_){if(!(X instanceof Array)){_=x||i;break}_=X.length}X[_]=x,_=void 0;break;case 91:X=V[0],V.unshift(X[_||X.length]=[]),_=void 0;break;case 93:V.shift();break;case 102:(X=V[0])[_||X.length]=!1,_=void 0;break;case 110:(X=V[0])[_||X.length]=null,_=void 0;break;case 116:(X=V[0])[_||X.length]=!0,_=void 0;break;case 123:X=V[0],V.unshift(X[_||X.length]={}),_=void 0;break;case 125:V.shift()}}if(D){if(V.length!==1)throw new Error;y=y[0]}else if(V.length)throw new Error;return S&&(y=function g(E,R){var L=E[R];if(L&&(L===void 0?"undefined":l(L))==="object"){var z=null;for(var Q in L)if(s.call(L,Q)&&L!==E){var ut=g(L,Q);ut!==void 0?L[Q]=ut:(z||(z=[]),z.push(Q))}if(z)for(var tt=z.length;--tt>=0;)delete L[z[tt]]}return S.call(E,R,L)}({"":y},"")),y}}();v!==void 0&&v||(p.KJUR=v={}),v.asn1!==void 0&&v.asn1||(v.asn1={}),v.asn1.ASN1Util=new function(){this.integerToByteHex=function(e){var t=e.toString(16);return t.length%2==1&&(t="0"+t),t},this.bigIntToMinTwosComplementsHex=function(e){var t=e.toString(16);if(t.substr(0,1)!="-")t.length%2==1?t="0"+t:t.match(/^[0-7]/)||(t="00"+t);else{var r=t.substr(1).length;r%2==1?r+=1:t.match(/^[0-7]/)||(r+=2);for(var n="",i=0;i<r;i++)n+="f";t=new B(n,16).xor(e).add(B.ONE).toString(16).replace(/^-/,"")}return t},this.getPEMStringFromHex=function(e,t){return Xt(e,t)},this.newObject=function(e){var t=v.asn1,r=t.ASN1Object,n=t.DERBoolean,i=t.DERInteger,s=t.DERBitString,f=t.DEROctetString,S=t.DERNull,y=t.DERObjectIdentifier,_=t.DEREnumerated,w=t.DERUTF8String,x=t.DERNumericString,D=t.DERPrintableString,V=t.DERTeletexString,W=t.DERIA5String,G=t.DERUTCTime,X=t.DERGeneralizedTime,g=t.DERVisibleString,E=t.DERBMPString,R=t.DERSequence,L=t.DERSet,z=t.DERTaggedObject,Q=t.ASN1Util.newObject;if(e instanceof t.ASN1Object)return e;var ut=Object.keys(e);if(ut.length!=1)throw new Error("key of param shall be only one.");var tt=ut[0];if(":asn1:bool:int:bitstr:octstr:null:oid:enum:utf8str:numstr:prnstr:telstr:ia5str:utctime:gentime:visstr:bmpstr:seq:set:tag:".indexOf(":"+tt+":")==-1)throw new Error("undefined key: "+tt);if(tt=="bool")return new n(e[tt]);if(tt=="int")return new i(e[tt]);if(tt=="bitstr")return new s(e[tt]);if(tt=="octstr")return new f(e[tt]);if(tt=="null")return new S(e[tt]);if(tt=="oid")return new y(e[tt]);if(tt=="enum")return new _(e[tt]);if(tt=="utf8str")return new w(e[tt]);if(tt=="numstr")return new x(e[tt]);if(tt=="prnstr")return new D(e[tt]);if(tt=="telstr")return new V(e[tt]);if(tt=="ia5str")return new W(e[tt]);if(tt=="utctime")return new G(e[tt]);if(tt=="gentime")return new X(e[tt]);if(tt=="visstr")return new g(e[tt]);if(tt=="bmpstr")return new E(e[tt]);if(tt=="asn1")return new r(e[tt]);if(tt=="seq"){for(var gt=e[tt],st=[],ct=0;ct<gt.length;ct++){var St=Q(gt[ct]);st.push(St)}return new R({array:st})}if(tt=="set"){for(gt=e[tt],st=[],ct=0;ct<gt.length;ct++)St=Q(gt[ct]),st.push(St);return new L({array:st})}if(tt=="tag"){var Ft=e[tt];if(Object.prototype.toString.call(Ft)==="[object Array]"&&Ft.length==3){var wt=Q(Ft[2]);return new z({tag:Ft[0],explicit:Ft[1],obj:wt})}return new z(Ft)}},this.jsonToASN1HEX=function(e){return this.newObject(e).getEncodedHex()}},v.asn1.ASN1Util.oidHexToInt=function(e){for(var t="",r=parseInt(e.substr(0,2),16),n=(t=Math.floor(r/40)+"."+r%40,""),i=2;i<e.length;i+=2){var s=("00000000"+parseInt(e.substr(i,2),16).toString(2)).slice(-8);n+=s.substr(1,7),s.substr(0,1)=="0"&&(t=t+"."+new B(n,2).toString(10),n="")}return t},v.asn1.ASN1Util.oidIntToHex=function(e){var t=function(y){var _=y.toString(16);return _.length==1&&(_="0"+_),_},r=function(y){var _="",w=new B(y,10).toString(2),x=7-w.length%7;x==7&&(x=0);for(var D="",V=0;V<x;V++)D+="0";for(w=D+w,V=0;V<w.length-1;V+=7){var W=w.substr(V,7);V!=w.length-7&&(W="1"+W),_+=t(parseInt(W,2))}return _};if(!e.match(/^[0-9.]+$/))throw"malformed oid string: "+e;var n="",i=e.split("."),s=40*parseInt(i[0])+parseInt(i[1]);n+=t(s),i.splice(0,2);for(var f=0;f<i.length;f++)n+=r(i[f]);return n},v.asn1.ASN1Object=function(e){this.params=null,this.getLengthHexFromValue=function(){if(this.hV===void 0||this.hV==null)throw new Error("this.hV is null or undefined");if(this.hV.length%2==1)throw new Error("value hex must be even length: n=0,v="+this.hV);var t=this.hV.length/2,r=t.toString(16);if(r.length%2==1&&(r="0"+r),t<128)return r;var n=r.length/2;if(n>15)throw"ASN.1 length too long to represent by 8x: n = "+t.toString(16);return(128+n).toString(16)+r},this.getEncodedHex=function(){return(this.hTLV==null||this.isModified)&&(this.hV=this.getFreshValueHex(),this.hL=this.getLengthHexFromValue(),this.hTLV=this.hT+this.hL+this.hV,this.isModified=!1),this.hTLV},this.getValueHex=function(){return this.getEncodedHex(),this.hV},this.getFreshValueHex=function(){return""},this.setByParam=function(t){this.params=t},e!=null&&e.tlv!=null&&(this.hTLV=e.tlv,this.isModified=!1)},v.asn1.DERAbstractString=function(e){v.asn1.DERAbstractString.superclass.constructor.call(this),this.getString=function(){return this.s},this.setString=function(t){this.hTLV=null,this.isModified=!0,this.s=t,this.hV=Me(this.s).toLowerCase()},this.setStringHex=function(t){this.hTLV=null,this.isModified=!0,this.s=null,this.hV=t},this.getFreshValueHex=function(){return this.hV},e!==void 0&&(typeof e=="string"?this.setString(e):e.str!==void 0?this.setString(e.str):e.hex!==void 0&&this.setStringHex(e.hex))},a.lang.extend(v.asn1.DERAbstractString,v.asn1.ASN1Object),v.asn1.DERAbstractTime=function(e){v.asn1.DERAbstractTime.superclass.constructor.call(this),this.localDateToUTC=function(t){var r=t.getTime()+6e4*t.getTimezoneOffset();return new Date(r)},this.formatDate=function(t,r,n){var i=this.zeroPadding,s=this.localDateToUTC(t),f=String(s.getFullYear());r=="utc"&&(f=f.substr(2,2));var S=f+i(String(s.getMonth()+1),2)+i(String(s.getDate()),2)+i(String(s.getHours()),2)+i(String(s.getMinutes()),2)+i(String(s.getSeconds()),2);if(n===!0){var y=s.getMilliseconds();if(y!=0){var _=i(String(y),3);S=S+"."+(_=_.replace(/[0]+$/,""))}}return S+"Z"},this.zeroPadding=function(t,r){return t.length>=r?t:new Array(r-t.length+1).join("0")+t},this.getString=function(){return this.s},this.setString=function(t){this.hTLV=null,this.isModified=!0,this.s=t,this.hV=le(t)},this.setByDateValue=function(t,r,n,i,s,f){var S=new Date(Date.UTC(t,r-1,n,i,s,f,0));this.setByDate(S)},this.getFreshValueHex=function(){return this.hV}},a.lang.extend(v.asn1.DERAbstractTime,v.asn1.ASN1Object),v.asn1.DERAbstractStructured=function(e){v.asn1.DERAbstractString.superclass.constructor.call(this),this.setByASN1ObjectArray=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array=t},this.appendASN1Object=function(t){this.hTLV=null,this.isModified=!0,this.asn1Array.push(t)},this.asn1Array=new Array,e!==void 0&&e.array!==void 0&&(this.asn1Array=e.array)},a.lang.extend(v.asn1.DERAbstractStructured,v.asn1.ASN1Object),v.asn1.DERBoolean=function(e){v.asn1.DERBoolean.superclass.constructor.call(this),this.hT="01",this.hTLV=e==0?"010100":"0101ff"},a.lang.extend(v.asn1.DERBoolean,v.asn1.ASN1Object),v.asn1.DERInteger=function(e){v.asn1.DERInteger.superclass.constructor.call(this),this.hT="02",this.setByBigInteger=function(t){this.hTLV=null,this.isModified=!0,this.hV=v.asn1.ASN1Util.bigIntToMinTwosComplementsHex(t)},this.setByInteger=function(t){var r=new B(String(t),10);this.setByBigInteger(r)},this.setValueHex=function(t){this.hV=t},this.getFreshValueHex=function(){return this.hV},e!==void 0&&(e.bigint!==void 0?this.setByBigInteger(e.bigint):e.int!==void 0?this.setByInteger(e.int):typeof e=="number"?this.setByInteger(e):e.hex!==void 0&&this.setValueHex(e.hex))},a.lang.extend(v.asn1.DERInteger,v.asn1.ASN1Object),v.asn1.DERBitString=function(e){if(e!==void 0&&e.obj!==void 0){var t=v.asn1.ASN1Util.newObject(e.obj);e.hex="00"+t.getEncodedHex()}v.asn1.DERBitString.superclass.constructor.call(this),this.hT="03",this.setHexValueIncludingUnusedBits=function(r){this.hTLV=null,this.isModified=!0,this.hV=r},this.setUnusedBitsAndHexValue=function(r,n){if(r<0||7<r)throw"unused bits shall be from 0 to 7: u = "+r;var i="0"+r;this.hTLV=null,this.isModified=!0,this.hV=i+n},this.setByBinaryString=function(r){var n=8-(r=r.replace(/0+$/,"")).length%8;n==8&&(n=0);for(var i=0;i<=n;i++)r+="0";var s="";for(i=0;i<r.length-1;i+=8){var f=r.substr(i,8),S=parseInt(f,2).toString(16);S.length==1&&(S="0"+S),s+=S}this.hTLV=null,this.isModified=!0,this.hV="0"+n+s},this.setByBooleanArray=function(r){for(var n="",i=0;i<r.length;i++)r[i]==1?n+="1":n+="0";this.setByBinaryString(n)},this.newFalseArray=function(r){for(var n=new Array(r),i=0;i<r;i++)n[i]=!1;return n},this.getFreshValueHex=function(){return this.hV},e!==void 0&&(typeof e=="string"&&e.toLowerCase().match(/^[0-9a-f]+$/)?this.setHexValueIncludingUnusedBits(e):e.hex!==void 0?this.setHexValueIncludingUnusedBits(e.hex):e.bin!==void 0?this.setByBinaryString(e.bin):e.array!==void 0&&this.setByBooleanArray(e.array))},a.lang.extend(v.asn1.DERBitString,v.asn1.ASN1Object),v.asn1.DEROctetString=function(e){if(e!==void 0&&e.obj!==void 0){var t=v.asn1.ASN1Util.newObject(e.obj);e.hex=t.getEncodedHex()}v.asn1.DEROctetString.superclass.constructor.call(this,e),this.hT="04"},a.lang.extend(v.asn1.DEROctetString,v.asn1.DERAbstractString),v.asn1.DERNull=function(){v.asn1.DERNull.superclass.constructor.call(this),this.hT="05",this.hTLV="0500"},a.lang.extend(v.asn1.DERNull,v.asn1.ASN1Object),v.asn1.DERObjectIdentifier=function(e){v.asn1.DERObjectIdentifier.superclass.constructor.call(this),this.hT="06",this.setValueHex=function(t){this.hTLV=null,this.isModified=!0,this.s=null,this.hV=t},this.setValueOidString=function(t){var r=function(i){var s=function(D){var V=D.toString(16);return V.length==1&&(V="0"+V),V},f=function(D){var V="",W=parseInt(D,10).toString(2),G=7-W.length%7;G==7&&(G=0);for(var X="",g=0;g<G;g++)X+="0";for(W=X+W,g=0;g<W.length-1;g+=7){var E=W.substr(g,7);g!=W.length-7&&(E="1"+E),V+=s(parseInt(E,2))}return V};try{if(!i.match(/^[0-9.]+$/))return null;var S="",y=i.split("."),_=40*parseInt(y[0],10)+parseInt(y[1],10);S+=s(_),y.splice(0,2);for(var w=0;w<y.length;w++)S+=f(y[w]);return S}catch{return null}}(t);if(r==null)throw new Error("malformed oid string: "+t);this.hTLV=null,this.isModified=!0,this.s=null,this.hV=r},this.setValueName=function(t){var r=v.asn1.x509.OID.name2oid(t);if(r==="")throw new Error("DERObjectIdentifier oidName undefined: "+t);this.setValueOidString(r)},this.setValueNameOrOid=function(t){t.match(/^[0-2].[0-9.]+$/)?this.setValueOidString(t):this.setValueName(t)},this.getFreshValueHex=function(){return this.hV},this.setByParam=function(t){typeof t=="string"?this.setValueNameOrOid(t):t.oid!==void 0?this.setValueNameOrOid(t.oid):t.name!==void 0?this.setValueNameOrOid(t.name):t.hex!==void 0&&this.setValueHex(t.hex)},e!==void 0&&this.setByParam(e)},a.lang.extend(v.asn1.DERObjectIdentifier,v.asn1.ASN1Object),v.asn1.DEREnumerated=function(e){v.asn1.DEREnumerated.superclass.constructor.call(this),this.hT="0a",this.setByBigInteger=function(t){this.hTLV=null,this.isModified=!0,this.hV=v.asn1.ASN1Util.bigIntToMinTwosComplementsHex(t)},this.setByInteger=function(t){var r=new B(String(t),10);this.setByBigInteger(r)},this.setValueHex=function(t){this.hV=t},this.getFreshValueHex=function(){return this.hV},e!==void 0&&(e.int!==void 0?this.setByInteger(e.int):typeof e=="number"?this.setByInteger(e):e.hex!==void 0&&this.setValueHex(e.hex))},a.lang.extend(v.asn1.DEREnumerated,v.asn1.ASN1Object),v.asn1.DERUTF8String=function(e){v.asn1.DERUTF8String.superclass.constructor.call(this,e),this.hT="0c"},a.lang.extend(v.asn1.DERUTF8String,v.asn1.DERAbstractString),v.asn1.DERNumericString=function(e){v.asn1.DERNumericString.superclass.constructor.call(this,e),this.hT="12"},a.lang.extend(v.asn1.DERNumericString,v.asn1.DERAbstractString),v.asn1.DERPrintableString=function(e){v.asn1.DERPrintableString.superclass.constructor.call(this,e),this.hT="13"},a.lang.extend(v.asn1.DERPrintableString,v.asn1.DERAbstractString),v.asn1.DERTeletexString=function(e){v.asn1.DERTeletexString.superclass.constructor.call(this,e),this.hT="14"},a.lang.extend(v.asn1.DERTeletexString,v.asn1.DERAbstractString),v.asn1.DERIA5String=function(e){v.asn1.DERIA5String.superclass.constructor.call(this,e),this.hT="16"},a.lang.extend(v.asn1.DERIA5String,v.asn1.DERAbstractString),v.asn1.DERVisibleString=function(e){v.asn1.DERIA5String.superclass.constructor.call(this,e),this.hT="1a"},a.lang.extend(v.asn1.DERVisibleString,v.asn1.DERAbstractString),v.asn1.DERBMPString=function(e){v.asn1.DERBMPString.superclass.constructor.call(this,e),this.hT="1e"},a.lang.extend(v.asn1.DERBMPString,v.asn1.DERAbstractString),v.asn1.DERUTCTime=function(e){v.asn1.DERUTCTime.superclass.constructor.call(this,e),this.hT="17",this.setByDate=function(t){this.hTLV=null,this.isModified=!0,this.date=t,this.s=this.formatDate(this.date,"utc"),this.hV=le(this.s)},this.getFreshValueHex=function(){return this.date===void 0&&this.s===void 0&&(this.date=new Date,this.s=this.formatDate(this.date,"utc"),this.hV=le(this.s)),this.hV},e!==void 0&&(e.str!==void 0?this.setString(e.str):typeof e=="string"&&e.match(/^[0-9]{12}Z$/)?this.setString(e):e.hex!==void 0?this.setStringHex(e.hex):e.date!==void 0&&this.setByDate(e.date))},a.lang.extend(v.asn1.DERUTCTime,v.asn1.DERAbstractTime),v.asn1.DERGeneralizedTime=function(e){v.asn1.DERGeneralizedTime.superclass.constructor.call(this,e),this.hT="18",this.withMillis=!1,this.setByDate=function(t){this.hTLV=null,this.isModified=!0,this.date=t,this.s=this.formatDate(this.date,"gen",this.withMillis),this.hV=le(this.s)},this.getFreshValueHex=function(){return this.date===void 0&&this.s===void 0&&(this.date=new Date,this.s=this.formatDate(this.date,"gen",this.withMillis),this.hV=le(this.s)),this.hV},e!==void 0&&(e.str!==void 0?this.setString(e.str):typeof e=="string"&&e.match(/^[0-9]{14}Z$/)?this.setString(e):e.hex!==void 0?this.setStringHex(e.hex):e.date!==void 0&&this.setByDate(e.date),e.millis===!0&&(this.withMillis=!0))},a.lang.extend(v.asn1.DERGeneralizedTime,v.asn1.DERAbstractTime),v.asn1.DERSequence=function(e){v.asn1.DERSequence.superclass.constructor.call(this,e),this.hT="30",this.getFreshValueHex=function(){for(var t="",r=0;r<this.asn1Array.length;r++)t+=this.asn1Array[r].getEncodedHex();return this.hV=t,this.hV}},a.lang.extend(v.asn1.DERSequence,v.asn1.DERAbstractStructured),v.asn1.DERSet=function(e){v.asn1.DERSet.superclass.constructor.call(this,e),this.hT="31",this.sortFlag=!0,this.getFreshValueHex=function(){for(var t=new Array,r=0;r<this.asn1Array.length;r++){var n=this.asn1Array[r];t.push(n.getEncodedHex())}return this.sortFlag==1&&t.sort(),this.hV=t.join(""),this.hV},e!==void 0&&e.sortflag!==void 0&&e.sortflag==0&&(this.sortFlag=!1)},a.lang.extend(v.asn1.DERSet,v.asn1.DERAbstractStructured),v.asn1.DERTaggedObject=function(e){v.asn1.DERTaggedObject.superclass.constructor.call(this);var t=v.asn1;this.hT="a0",this.hV="",this.isExplicit=!0,this.asn1Object=null,this.setASN1Object=function(r,n,i){this.hT=n,this.isExplicit=r,this.asn1Object=i,this.isExplicit?(this.hV=this.asn1Object.getEncodedHex(),this.hTLV=null,this.isModified=!0):(this.hV=null,this.hTLV=i.getEncodedHex(),this.hTLV=this.hTLV.replace(/^../,n),this.isModified=!1)},this.getFreshValueHex=function(){return this.hV},this.setByParam=function(r){r.tag!=null&&(this.hT=r.tag),r.explicit!=null&&(this.isExplicit=r.explicit),r.tage!=null&&(this.hT=r.tage,this.isExplicit=!0),r.tagi!=null&&(this.hT=r.tagi,this.isExplicit=!1),r.obj!=null&&(r.obj instanceof t.ASN1Object?(this.asn1Object=r.obj,this.setASN1Object(this.isExplicit,this.hT,this.asn1Object)):l(r.obj)=="object"&&(this.asn1Object=t.ASN1Util.newObject(r.obj),this.setASN1Object(this.isExplicit,this.hT,this.asn1Object)))},e!=null&&this.setByParam(e)},a.lang.extend(v.asn1.DERTaggedObject,v.asn1.ASN1Object);var v,we,oe,it=new function(){};function Ge(e){for(var t=new Array,r=0;r<e.length;r++)t[r]=e.charCodeAt(r);return t}function Xe(e){for(var t="",r=0;r<e.length;r++)t+=String.fromCharCode(e[r]);return t}function Re(e){for(var t="",r=0;r<e.length;r++){var n=e[r].toString(16);n.length==1&&(n="0"+n),t+=n}return t}function le(e){return Re(Ge(e))}function Ie(e){return e=(e=(e=e.replace(/\=/g,"")).replace(/\+/g,"-")).replace(/\//g,"_")}function Fe(e){return e.length%4==2?e+="==":e.length%4==3&&(e+="="),e=(e=e.replace(/-/g,"+")).replace(/_/g,"/")}function Dt(e){return e.length%2==1&&(e="0"+e),Ie($(e))}function bt(e){return et(Fe(e))}function Me(e){return De(Ne(e))}function Ot(e){return decodeURIComponent(Le(e))}function te(e){for(var t="",r=0;r<e.length-1;r+=2)t+=String.fromCharCode(parseInt(e.substr(r,2),16));return t}function ue(e){for(var t="",r=0;r<e.length;r++)t+=("0"+e.charCodeAt(r).toString(16)).slice(-2);return t}function Qe(e){return $(e)}function Ze(e){var t=Qe(e).replace(/(.{64})/g,`$1\r
-`);return t=t.replace(/\r\n$/,"")}function $e(e){return et(e.replace(/[^0-9A-Za-z\/+=]*/g,""))}function Xt(e,t){return"-----BEGIN "+t+`-----\r
-`+Ze(e)+`\r
------END `+t+`-----\r
-`}function ce(e,t){if(e.indexOf("-----BEGIN ")==-1)throw"can't find PEM header: "+t;return $e(e=t!==void 0?(e=e.replace(new RegExp("^[^]*-----BEGIN "+t+"-----"),"")).replace(new RegExp("-----END "+t+"-----[^]*$"),""):(e=e.replace(/^[^]*-----BEGIN [^-]+-----/,"")).replace(/-----END [^-]+-----[^]*$/,""))}function He(e){var t,r,n,i,s,f,S,y,_,w,x;if(x=e.match(/^(\d{2}|\d{4})(\d\d)(\d\d)(\d\d)(\d\d)(\d\d)(|\.\d+)Z$/))return y=x[1],t=parseInt(y),y.length===2&&(50<=t&&t<100?t=1900+t:0<=t&&t<50&&(t=2e3+t)),r=parseInt(x[2])-1,n=parseInt(x[3]),i=parseInt(x[4]),s=parseInt(x[5]),f=parseInt(x[6]),S=0,(_=x[7])!==""&&(w=(_.substr(1)+"00").substr(0,3),S=parseInt(w)),Date.UTC(t,r,n,i,s,f,S);throw"unsupported zulu format: "+e}function tr(e){return~~(He(e)/1e3)}function De(e){return e.replace(/%/g,"")}function Le(e){return e.replace(/(..)/g,"%$1")}function er(e){var t="malformed IPv6 address";if(!e.match(/^[0-9A-Fa-f:]+$/))throw t;var r=(e=e.toLowerCase()).split(":").length-1;if(r<2)throw t;var n=":".repeat(7-r+2),i=(e=e.replace("::",n)).split(":");if(i.length!=8)throw t;for(var s=0;s<8;s++)i[s]=("0000"+i[s]).slice(-4);return i.join("")}function rr(e){if(!e.match(/^[0-9A-Fa-f]{32}$/))throw"malformed IPv6 address octet";for(var t=(e=e.toLowerCase()).match(/.{1,4}/g),r=0;r<8;r++)t[r]=t[r].replace(/^0+/,""),t[r]==""&&(t[r]="0");var n=(e=":"+t.join(":")+":").match(/:(0:){2,}/g);if(n===null)return e.slice(1,-1);var i="";for(r=0;r<n.length;r++)n[r].length>i.length&&(i=n[r]);return(e=e.replace(i,"::")).slice(1,-1)}function Ve(e){var t="malformed hex value";if(!e.match(/^([0-9A-Fa-f][0-9A-Fa-f]){1,}$/))throw t;if(e.length!=8)return e.length==32?rr(e):e;try{return parseInt(e.substr(0,2),16)+"."+parseInt(e.substr(2,2),16)+"."+parseInt(e.substr(4,2),16)+"."+parseInt(e.substr(6,2),16)}catch{throw t}}function Ne(e){for(var t=encodeURIComponent(e),r="",n=0;n<t.length;n++)t[n]=="%"?(r+=t.substr(n,3),n+=2):r=r+"%"+le(t[n]);return r}function nr(e){return!(e.length%2!=0||!e.match(/^[0-9a-f]+$/)&&!e.match(/^[0-9A-F]+$/))}function Ke(e){return e.length%2==1?"0"+e:e.substr(0,1)>"7"?"00"+e:e}it.getLblen=function(e,t){if(e.substr(t+2,1)!="8")return 1;var r=parseInt(e.substr(t+3,1));return r==0?-1:0<r&&r<10?r+1:-2},it.getL=function(e,t){var r=it.getLblen(e,t);return r<1?"":e.substr(t+2,2*r)},it.getVblen=function(e,t){var r;return(r=it.getL(e,t))==""?-1:(r.substr(0,1)==="8"?new B(r.substr(2),16):new B(r,16)).intValue()},it.getVidx=function(e,t){var r=it.getLblen(e,t);return r<0?r:t+2*(r+1)},it.getV=function(e,t){var r=it.getVidx(e,t),n=it.getVblen(e,t);return e.substr(r,2*n)},it.getTLV=function(e,t){return e.substr(t,2)+it.getL(e,t)+it.getV(e,t)},it.getTLVblen=function(e,t){return 2+2*it.getLblen(e,t)+2*it.getVblen(e,t)},it.getNextSiblingIdx=function(e,t){return it.getVidx(e,t)+2*it.getVblen(e,t)},it.getChildIdx=function(e,t){var r,n,i,s=it,f=[];r=s.getVidx(e,t),n=2*s.getVblen(e,t),e.substr(t,2)=="03"&&(r+=2,n-=2),i=0;for(var S=r;i<=n;){var y=s.getTLVblen(e,S);if((i+=y)<=n&&f.push(S),S+=y,i>=n)break}return f},it.getNthChildIdx=function(e,t,r){return it.getChildIdx(e,t)[r]},it.getIdxbyList=function(e,t,r,n){var i,s,f=it;return r.length==0?n!==void 0&&e.substr(t,2)!==n?-1:t:(i=r.shift())>=(s=f.getChildIdx(e,t)).length?-1:f.getIdxbyList(e,s[i],r,n)},it.getIdxbyListEx=function(e,t,r,n){var i,s,f=it;if(r.length==0)return n!==void 0&&e.substr(t,2)!==n?-1:t;i=r.shift(),s=f.getChildIdx(e,t);for(var S=0,y=0;y<s.length;y++){var _=e.substr(s[y],2);if(typeof i=="number"&&!f.isContextTag(_)&&S==i||typeof i=="string"&&f.isContextTag(_,i))return f.getIdxbyListEx(e,s[y],r,n);f.isContextTag(_)||S++}return-1},it.getTLVbyList=function(e,t,r,n){var i=it,s=i.getIdxbyList(e,t,r,n);return s==-1||s>=e.length?null:i.getTLV(e,s)},it.getTLVbyListEx=function(e,t,r,n){var i=it,s=i.getIdxbyListEx(e,t,r,n);return s==-1?null:i.getTLV(e,s)},it.getVbyList=function(e,t,r,n,i){var s,f,S=it;return(s=S.getIdxbyList(e,t,r,n))==-1||s>=e.length?null:(f=S.getV(e,s),i===!0&&(f=f.substr(2)),f)},it.getVbyListEx=function(e,t,r,n,i){var s,f,S=it;return(s=S.getIdxbyListEx(e,t,r,n))==-1?null:(f=S.getV(e,s),e.substr(s,2)=="03"&&i!==!1&&(f=f.substr(2)),f)},it.getInt=function(e,t,r){r==null&&(r=-1);try{var n=e.substr(t,2);if(n!="02"&&n!="03")return r;var i=it.getV(e,t);return n=="02"?parseInt(i,16):function(f){try{var S=f.substr(0,2);if(S=="00")return parseInt(f.substr(2),16);var y=parseInt(S,16),_=f.substr(2),w=parseInt(_,16).toString(2);return w=="0"&&(w="00000000"),w=w.slice(0,0-y),parseInt(w,2)}catch{return-1}}(i)}catch{return r}},it.getOID=function(e,t,r){r==null&&(r=null);try{return e.substr(t,2)!="06"?r:function(i){if(!nr(i))return null;try{var s=[],f=i.substr(0,2),S=parseInt(f,16);s[0]=new String(Math.floor(S/40)),s[1]=new String(S%40);for(var y=i.substr(2),_=[],w=0;w<y.length/2;w++)_.push(parseInt(y.substr(2*w,2),16));var x=[],D="";for(w=0;w<_.length;w++)128&_[w]?D+=ir((127&_[w]).toString(2),7):(D+=ir((127&_[w]).toString(2),7),x.push(new String(parseInt(D,2))),D="");var V=s.join(".");return x.length>0&&(V=V+"."+x.join(".")),V}catch{return null}}(it.getV(e,t))}catch{return r}},it.getOIDName=function(e,t,r){r==null&&(r=null);try{var n=it.getOID(e,t,r);if(n==r)return r;var i=v.asn1.x509.OID.oid2name(n);return i==""?n:i}catch{return r}},it.getString=function(e,t,r){r==null&&(r=null);try{return te(it.getV(e,t))}catch{return r}},it.hextooidstr=function(e){var t=function(D,V){return D.length>=V?D:new Array(V-D.length+1).join("0")+D},r=[],n=e.substr(0,2),i=parseInt(n,16);r[0]=new String(Math.floor(i/40)),r[1]=new String(i%40);for(var s=e.substr(2),f=[],S=0;S<s.length/2;S++)f.push(parseInt(s.substr(2*S,2),16));var y=[],_="";for(S=0;S<f.length;S++)128&f[S]?_+=t((127&f[S]).toString(2),7):(_+=t((127&f[S]).toString(2),7),y.push(new String(parseInt(_,2))),_="");var w=r.join(".");return y.length>0&&(w=w+"."+y.join(".")),w},it.dump=function(e,t,r,n){var i=it,s=i.getV,f=i.dump,S=i.getChildIdx,y=e;e instanceof v.asn1.ASN1Object&&(y=e.getEncodedHex());var _=function(tt,gt){return tt.length<=2*gt?tt:tt.substr(0,gt)+"..(total "+tt.length/2+"bytes).."+tt.substr(tt.length-gt,gt)};t===void 0&&(t={ommit_long_octet:32}),r===void 0&&(r=0),n===void 0&&(n="");var w,x=t.ommit_long_octet;if((w=y.substr(r,2))=="01")return(D=s(y,r))=="00"?n+`BOOLEAN FALSE
-`:n+`BOOLEAN TRUE
-`;if(w=="02")return n+"INTEGER "+_(D=s(y,r),x)+`
-`;if(w=="03"){var D=s(y,r);if(i.isASN1HEX(D.substr(2))){var V=n+`BITSTRING, encapsulates
-`;return V+=f(D.substr(2),t,0,n+"  ")}return n+"BITSTRING "+_(D,x)+`
-`}if(w=="04")return D=s(y,r),i.isASN1HEX(D)?(V=n+`OCTETSTRING, encapsulates
-`,V+=f(D,t,0,n+"  ")):n+"OCTETSTRING "+_(D,x)+`
-`;if(w=="05")return n+`NULL
-`;if(w=="06"){var W=s(y,r),G=v.asn1.ASN1Util.oidHexToInt(W),X=v.asn1.x509.OID.oid2name(G),g=G.replace(/\./g," ");return X!=""?n+"ObjectIdentifier "+X+" ("+g+`)
-`:n+"ObjectIdentifier ("+g+`)
-`}if(w=="0a")return n+"ENUMERATED "+parseInt(s(y,r))+`
-`;if(w=="0c")return n+"UTF8String '"+Ot(s(y,r))+`'
-`;if(w=="13")return n+"PrintableString '"+Ot(s(y,r))+`'
-`;if(w=="14")return n+"TeletexString '"+Ot(s(y,r))+`'
-`;if(w=="16")return n+"IA5String '"+Ot(s(y,r))+`'
-`;if(w=="17")return n+"UTCTime "+Ot(s(y,r))+`
-`;if(w=="18")return n+"GeneralizedTime "+Ot(s(y,r))+`
-`;if(w=="1a")return n+"VisualString '"+Ot(s(y,r))+`'
-`;if(w=="1e")return n+"BMPString '"+Ot(s(y,r))+`'
-`;if(w=="30"){if(y.substr(r,4)=="3000")return n+`SEQUENCE {}
-`;V=n+`SEQUENCE
-`;var E=t;if(((z=S(y,r)).length==2||z.length==3)&&y.substr(z[0],2)=="06"&&y.substr(z[z.length-1],2)=="04"){X=i.oidname(s(y,z[0]));var R=JSON.parse(JSON.stringify(t));R.x509ExtName=X,E=R}for(var L=0;L<z.length;L++)V+=f(y,E,z[L],n+"  ");return V}if(w=="31"){V=n+`SET
-`;var z=S(y,r);for(L=0;L<z.length;L++)V+=f(y,t,z[L],n+"  ");return V}if((128&(w=parseInt(w,16)))!=0){var Q=31&w;if((32&w)!=0){for(V=n+"["+Q+`]
-`,z=S(y,r),L=0;L<z.length;L++)V+=f(y,t,z[L],n+"  ");return V}if(D=s(y,r),it.isASN1HEX(D)){var V=n+"["+Q+`]
-`;return V+=f(D,t,0,n+"  ")}return(D.substr(0,8)=="68747470"||t.x509ExtName==="subjectAltName"&&Q==2)&&(D=Ot(D)),V=n+"["+Q+"] "+D+`
-`}return n+"UNKNOWN("+w+") "+s(y,r)+`
-`},it.isContextTag=function(e,t){var r,n;e=e.toLowerCase();try{r=parseInt(e,16)}catch{return-1}if(t===void 0)return(192&r)==128;try{return t.match(/^\[[0-9]+\]$/)!=null&&!((n=parseInt(t.substr(1,t.length-1),10))>31)&&(192&r)==128&&(31&r)==n}catch{return!1}},it.isASN1HEX=function(e){var t=it;if(e.length%2==1)return!1;var r=t.getVblen(e,0),n=e.substr(0,2),i=t.getL(e,0);return e.length-n.length-i.length==2*r},it.checkStrictDER=function(e,t,r,n,i){var s=it;if(r===void 0){if(typeof e!="string")throw new Error("not hex string");if(e=e.toLowerCase(),!v.lang.String.isHex(e))throw new Error("not hex string");r=e.length,i=(n=e.length/2)<128?1:Math.ceil(n.toString(16))+1}if(s.getL(e,t).length>2*i)throw new Error("L of TLV too long: idx="+t);var f=s.getVblen(e,t);if(f>n)throw new Error("value of L too long than hex: idx="+t);var S=s.getTLV(e,t),y=S.length-2-s.getL(e,t).length;if(y!==2*f)throw new Error("V string length and L's value not the same:"+y+"/"+2*f);if(t===0&&e.length!=S.length)throw new Error("total length and TLV length unmatch:"+e.length+"!="+S.length);var _=e.substr(t,2);if(_==="02"){var w=s.getVidx(e,t);if(e.substr(w,2)=="00"&&e.charCodeAt(w+2)<56)throw new Error("not least zeros for DER INTEGER")}if(32&parseInt(_,16)){for(var x=s.getVblen(e,t),D=0,V=s.getChildIdx(e,t),W=0;W<V.length;W++)D+=s.getTLV(e,V[W]).length,s.checkStrictDER(e,V[W],r,n,i);if(2*x!=D)throw new Error("sum of children's TLV length and L unmatch: "+2*x+"!="+D)}},it.oidname=function(e){var t=v.asn1;v.lang.String.isHex(e)&&(e=t.ASN1Util.oidHexToInt(e));var r=t.x509.OID.oid2name(e);return r===""&&(r=e),r},v!==void 0&&v||(p.KJUR=v={}),v.lang!==void 0&&v.lang||(v.lang={}),v.lang.String=function(){},typeof T=="function"?(p.utf8tob64u=we=function(t){return Ie(T.from(t,"utf8").toString("base64"))},p.b64utoutf8=oe=function(t){return T.from(Fe(t),"base64").toString("utf8")}):(p.utf8tob64u=we=function(t){return Dt(De(Ne(t)))},p.b64utoutf8=oe=function(t){return decodeURIComponent(Le(bt(t)))}),v.lang.String.isInteger=function(e){return!!e.match(/^[0-9]+$/)||!!e.match(/^-[0-9]+$/)},v.lang.String.isHex=function(e){return nr(e)},v.lang.String.isBase64=function(e){return!(!(e=e.replace(/\s+/g,"")).match(/^[0-9A-Za-z+\/]+={0,3}$/)||e.length%4!=0)},v.lang.String.isBase64URL=function(e){return!e.match(/[+/=]/)&&(e=Fe(e),v.lang.String.isBase64(e))},v.lang.String.isIntegerArray=function(e){return!!(e=e.replace(/\s+/g,"")).match(/^\[[0-9,]+\]$/)},v.lang.String.isPrintable=function(e){return e.match(/^[0-9A-Za-z '()+,-./:=?]*$/)!==null},v.lang.String.isIA5=function(e){return e.match(/^[\x20-\x21\x23-\x7f]*$/)!==null},v.lang.String.isMail=function(e){return e.match(/^[A-Za-z0-9]{1}[A-Za-z0-9_.-]*@{1}[A-Za-z0-9_.-]{1,}\.[A-Za-z0-9]{1,}$/)!==null};var ir=function(t,r,n){return n==null&&(n="0"),t.length>=r?t:new Array(r-t.length+1).join(n)+t};v!==void 0&&v||(p.KJUR=v={}),v.crypto!==void 0&&v.crypto||(v.crypto={}),v.crypto.Util=new function(){this.DIGESTINFOHEAD={sha1:"3021300906052b0e03021a05000414",sha224:"302d300d06096086480165030402040500041c",sha256:"3031300d060960864801650304020105000420",sha384:"3041300d060960864801650304020205000430",sha512:"3051300d060960864801650304020305000440",md2:"3020300c06082a864886f70d020205000410",md5:"3020300c06082a864886f70d020505000410",ripemd160:"3021300906052b2403020105000414"},this.DEFAULTPROVIDER={md5:"cryptojs",sha1:"cryptojs",sha224:"cryptojs",sha256:"cryptojs",sha384:"cryptojs",sha512:"cryptojs",ripemd160:"cryptojs",hmacmd5:"cryptojs",hmacsha1:"cryptojs",hmacsha224:"cryptojs",hmacsha256:"cryptojs",hmacsha384:"cryptojs",hmacsha512:"cryptojs",hmacripemd160:"cryptojs",MD5withRSA:"cryptojs/jsrsa",SHA1withRSA:"cryptojs/jsrsa",SHA224withRSA:"cryptojs/jsrsa",SHA256withRSA:"cryptojs/jsrsa",SHA384withRSA:"cryptojs/jsrsa",SHA512withRSA:"cryptojs/jsrsa",RIPEMD160withRSA:"cryptojs/jsrsa",MD5withECDSA:"cryptojs/jsrsa",SHA1withECDSA:"cryptojs/jsrsa",SHA224withECDSA:"cryptojs/jsrsa",SHA256withECDSA:"cryptojs/jsrsa",SHA384withECDSA:"cryptojs/jsrsa",SHA512withECDSA:"cryptojs/jsrsa",RIPEMD160withECDSA:"cryptojs/jsrsa",SHA1withDSA:"cryptojs/jsrsa",SHA224withDSA:"cryptojs/jsrsa",SHA256withDSA:"cryptojs/jsrsa",MD5withRSAandMGF1:"cryptojs/jsrsa",SHAwithRSAandMGF1:"cryptojs/jsrsa",SHA1withRSAandMGF1:"cryptojs/jsrsa",SHA224withRSAandMGF1:"cryptojs/jsrsa",SHA256withRSAandMGF1:"cryptojs/jsrsa",SHA384withRSAandMGF1:"cryptojs/jsrsa",SHA512withRSAandMGF1:"cryptojs/jsrsa",RIPEMD160withRSAandMGF1:"cryptojs/jsrsa"},this.CRYPTOJSMESSAGEDIGESTNAME={md5:M.algo.MD5,sha1:M.algo.SHA1,sha224:M.algo.SHA224,sha256:M.algo.SHA256,sha384:M.algo.SHA384,sha512:M.algo.SHA512,ripemd160:M.algo.RIPEMD160},this.getDigestInfoHex=function(e,t){if(this.DIGESTINFOHEAD[t]===void 0)throw"alg not supported in Util.DIGESTINFOHEAD: "+t;return this.DIGESTINFOHEAD[t]+e},this.getPaddedDigestInfoHex=function(e,t,r){var n=this.getDigestInfoHex(e,t),i=r/4;if(n.length+22>i)throw"key is too short for SigAlg: keylen="+r+","+t;for(var s="0001",f="00"+n,S="",y=i-s.length-f.length,_=0;_<y;_+=2)S+="ff";return s+S+f},this.hashString=function(e,t){return new v.crypto.MessageDigest({alg:t}).digestString(e)},this.hashHex=function(e,t){return new v.crypto.MessageDigest({alg:t}).digestHex(e)},this.sha1=function(e){return this.hashString(e,"sha1")},this.sha256=function(e){return this.hashString(e,"sha256")},this.sha256Hex=function(e){return this.hashHex(e,"sha256")},this.sha512=function(e){return this.hashString(e,"sha512")},this.sha512Hex=function(e){return this.hashHex(e,"sha512")},this.isKey=function(e){return e instanceof ht||e instanceof v.crypto.DSA||e instanceof v.crypto.ECDSA}},v.crypto.Util.md5=function(e){return new v.crypto.MessageDigest({alg:"md5",prov:"cryptojs"}).digestString(e)},v.crypto.Util.ripemd160=function(e){return new v.crypto.MessageDigest({alg:"ripemd160",prov:"cryptojs"}).digestString(e)},v.crypto.Util.SECURERANDOMGEN=new Mt,v.crypto.Util.getRandomHexOfNbytes=function(e){var t=new Array(e);return v.crypto.Util.SECURERANDOMGEN.nextBytes(t),Re(t)},v.crypto.Util.getRandomBigIntegerOfNbytes=function(e){return new B(v.crypto.Util.getRandomHexOfNbytes(e),16)},v.crypto.Util.getRandomHexOfNbits=function(e){var t=e%8,r=new Array((e-t)/8+1);return v.crypto.Util.SECURERANDOMGEN.nextBytes(r),r[0]=(255<<t&255^255)&r[0],Re(r)},v.crypto.Util.getRandomBigIntegerOfNbits=function(e){return new B(v.crypto.Util.getRandomHexOfNbits(e),16)},v.crypto.Util.getRandomBigIntegerZeroToMax=function(e){for(var t=e.bitLength();;){var r=v.crypto.Util.getRandomBigIntegerOfNbits(t);if(e.compareTo(r)!=-1)return r}},v.crypto.Util.getRandomBigIntegerMinToMax=function(e,t){var r=e.compareTo(t);if(r==1)throw"biMin is greater than biMax";if(r==0)return e;var n=t.subtract(e);return v.crypto.Util.getRandomBigIntegerZeroToMax(n).add(e)},v.crypto.MessageDigest=function(e){this.setAlgAndProvider=function(t,r){if((t=v.crypto.MessageDigest.getCanonicalAlgName(t))!==null&&r===void 0&&(r=v.crypto.Util.DEFAULTPROVIDER[t]),":md5:sha1:sha224:sha256:sha384:sha512:ripemd160:".indexOf(t)!=-1&&r=="cryptojs"){try{this.md=v.crypto.Util.CRYPTOJSMESSAGEDIGESTNAME[t].create()}catch(n){throw"setAlgAndProvider hash alg set fail alg="+t+"/"+n}this.updateString=function(n){this.md.update(n)},this.updateHex=function(n){var i=M.enc.Hex.parse(n);this.md.update(i)},this.digest=function(){return this.md.finalize().toString(M.enc.Hex)},this.digestString=function(n){return this.updateString(n),this.digest()},this.digestHex=function(n){return this.updateHex(n),this.digest()}}if(":sha256:".indexOf(t)!=-1&&r=="sjcl"){try{this.md=new sjcl.hash.sha256}catch(n){throw"setAlgAndProvider hash alg set fail alg="+t+"/"+n}this.updateString=function(n){this.md.update(n)},this.updateHex=function(n){var i=sjcl.codec.hex.toBits(n);this.md.update(i)},this.digest=function(){var n=this.md.finalize();return sjcl.codec.hex.fromBits(n)},this.digestString=function(n){return this.updateString(n),this.digest()},this.digestHex=function(n){return this.updateHex(n),this.digest()}}},this.updateString=function(t){throw"updateString(str) not supported for this alg/prov: "+this.algName+"/"+this.provName},this.updateHex=function(t){throw"updateHex(hex) not supported for this alg/prov: "+this.algName+"/"+this.provName},this.digest=function(){throw"digest() not supported for this alg/prov: "+this.algName+"/"+this.provName},this.digestString=function(t){throw"digestString(str) not supported for this alg/prov: "+this.algName+"/"+this.provName},this.digestHex=function(t){throw"digestHex(hex) not supported for this alg/prov: "+this.algName+"/"+this.provName},e!==void 0&&e.alg!==void 0&&(this.algName=e.alg,e.prov===void 0&&(this.provName=v.crypto.Util.DEFAULTPROVIDER[this.algName]),this.setAlgAndProvider(this.algName,this.provName))},v.crypto.MessageDigest.getCanonicalAlgName=function(e){return typeof e=="string"&&(e=(e=e.toLowerCase()).replace(/-/,"")),e},v.crypto.MessageDigest.getHashLength=function(e){var t=v.crypto.MessageDigest,r=t.getCanonicalAlgName(e);if(t.HASHLENGTH[r]===void 0)throw"not supported algorithm: "+e;return t.HASHLENGTH[r]},v.crypto.MessageDigest.HASHLENGTH={md5:16,sha1:20,sha224:28,sha256:32,sha384:48,sha512:64,ripemd160:20},v.crypto.Mac=function(e){this.setAlgAndProvider=function(t,r){if((t=t.toLowerCase())==null&&(t="hmacsha1"),(t=t.toLowerCase()).substr(0,4)!="hmac")throw"setAlgAndProvider unsupported HMAC alg: "+t;r===void 0&&(r=v.crypto.Util.DEFAULTPROVIDER[t]),this.algProv=t+"/"+r;var n=t.substr(4);if(":md5:sha1:sha224:sha256:sha384:sha512:ripemd160:".indexOf(n)!=-1&&r=="cryptojs"){try{var i=v.crypto.Util.CRYPTOJSMESSAGEDIGESTNAME[n];this.mac=M.algo.HMAC.create(i,this.pass)}catch(s){throw"setAlgAndProvider hash alg set fail hashAlg="+n+"/"+s}this.updateString=function(s){this.mac.update(s)},this.updateHex=function(s){var f=M.enc.Hex.parse(s);this.mac.update(f)},this.doFinal=function(){return this.mac.finalize().toString(M.enc.Hex)},this.doFinalString=function(s){return this.updateString(s),this.doFinal()},this.doFinalHex=function(s){return this.updateHex(s),this.doFinal()}}},this.updateString=function(t){throw"updateString(str) not supported for this alg/prov: "+this.algProv},this.updateHex=function(t){throw"updateHex(hex) not supported for this alg/prov: "+this.algProv},this.doFinal=function(){throw"digest() not supported for this alg/prov: "+this.algProv},this.doFinalString=function(t){throw"digestString(str) not supported for this alg/prov: "+this.algProv},this.doFinalHex=function(t){throw"digestHex(hex) not supported for this alg/prov: "+this.algProv},this.setPassword=function(t){if(typeof t=="string"){var r=t;return t.length%2!=1&&t.match(/^[0-9A-Fa-f]+$/)||(r=ue(t)),void(this.pass=M.enc.Hex.parse(r))}if((t===void 0?"undefined":l(t))!="object")throw"KJUR.crypto.Mac unsupported password type: "+t;if(r=null,t.hex!==void 0){if(t.hex.length%2!=0||!t.hex.match(/^[0-9A-Fa-f]+$/))throw"Mac: wrong hex password: "+t.hex;r=t.hex}if(t.utf8!==void 0&&(r=Me(t.utf8)),t.rstr!==void 0&&(r=ue(t.rstr)),t.b64!==void 0&&(r=et(t.b64)),t.b64u!==void 0&&(r=bt(t.b64u)),r==null)throw"KJUR.crypto.Mac unsupported password type: "+t;this.pass=M.enc.Hex.parse(r)},e!==void 0&&(e.pass!==void 0&&this.setPassword(e.pass),e.alg!==void 0&&(this.algName=e.alg,e.prov===void 0&&(this.provName=v.crypto.Util.DEFAULTPROVIDER[this.algName]),this.setAlgAndProvider(this.algName,this.provName)))},v.crypto.Signature=function(e){var t=null;if(this._setAlgNames=function(){var r=this.algName.match(/^(.+)with(.+)$/);r&&(this.mdAlgName=r[1].toLowerCase(),this.pubkeyAlgName=r[2].toLowerCase(),this.pubkeyAlgName=="rsaandmgf1"&&this.mdAlgName=="sha"&&(this.mdAlgName="sha1"))},this._zeroPaddingOfSignature=function(r,n){for(var i="",s=n/4-r.length,f=0;f<s;f++)i+="0";return i+r},this.setAlgAndProvider=function(r,n){if(this._setAlgNames(),n!="cryptojs/jsrsa")throw new Error("provider not supported: "+n);if(":md5:sha1:sha224:sha256:sha384:sha512:ripemd160:".indexOf(this.mdAlgName)!=-1){try{this.md=new v.crypto.MessageDigest({alg:this.mdAlgName})}catch(i){throw new Error("setAlgAndProvider hash alg set fail alg="+this.mdAlgName+"/"+i)}this.init=function(i,s){var f=null;try{f=s===void 0?Rt.getKey(i):Rt.getKey(i,s)}catch(S){throw"init failed:"+S}if(f.isPrivate===!0)this.prvKey=f,this.state="SIGN";else{if(f.isPublic!==!0)throw"init failed.:"+f;this.pubKey=f,this.state="VERIFY"}},this.updateString=function(i){this.md.updateString(i)},this.updateHex=function(i){this.md.updateHex(i)},this.sign=function(){if(this.sHashHex=this.md.digest(),this.prvKey===void 0&&this.ecprvhex!==void 0&&this.eccurvename!==void 0&&v.crypto.ECDSA!==void 0&&(this.prvKey=new v.crypto.ECDSA({curve:this.eccurvename,prv:this.ecprvhex})),this.prvKey instanceof ht&&this.pubkeyAlgName==="rsaandmgf1")this.hSign=this.prvKey.signWithMessageHashPSS(this.sHashHex,this.mdAlgName,this.pssSaltLen);else if(this.prvKey instanceof ht&&this.pubkeyAlgName==="rsa")this.hSign=this.prvKey.signWithMessageHash(this.sHashHex,this.mdAlgName);else if(this.prvKey instanceof v.crypto.ECDSA)this.hSign=this.prvKey.signWithMessageHash(this.sHashHex);else{if(!(this.prvKey instanceof v.crypto.DSA))throw"Signature: unsupported private key alg: "+this.pubkeyAlgName;this.hSign=this.prvKey.signWithMessageHash(this.sHashHex)}return this.hSign},this.signString=function(i){return this.updateString(i),this.sign()},this.signHex=function(i){return this.updateHex(i),this.sign()},this.verify=function(i){if(this.sHashHex=this.md.digest(),this.pubKey===void 0&&this.ecpubhex!==void 0&&this.eccurvename!==void 0&&v.crypto.ECDSA!==void 0&&(this.pubKey=new v.crypto.ECDSA({curve:this.eccurvename,pub:this.ecpubhex})),this.pubKey instanceof ht&&this.pubkeyAlgName==="rsaandmgf1")return this.pubKey.verifyWithMessageHashPSS(this.sHashHex,i,this.mdAlgName,this.pssSaltLen);if(this.pubKey instanceof ht&&this.pubkeyAlgName==="rsa")return this.pubKey.verifyWithMessageHash(this.sHashHex,i);if(v.crypto.ECDSA!==void 0&&this.pubKey instanceof v.crypto.ECDSA)return this.pubKey.verifyWithMessageHash(this.sHashHex,i);if(v.crypto.DSA!==void 0&&this.pubKey instanceof v.crypto.DSA)return this.pubKey.verifyWithMessageHash(this.sHashHex,i);throw"Signature: unsupported public key alg: "+this.pubkeyAlgName}}},this.init=function(r,n){throw"init(key, pass) not supported for this alg:prov="+this.algProvName},this.updateString=function(r){throw"updateString(str) not supported for this alg:prov="+this.algProvName},this.updateHex=function(r){throw"updateHex(hex) not supported for this alg:prov="+this.algProvName},this.sign=function(){throw"sign() not supported for this alg:prov="+this.algProvName},this.signString=function(r){throw"digestString(str) not supported for this alg:prov="+this.algProvName},this.signHex=function(r){throw"digestHex(hex) not supported for this alg:prov="+this.algProvName},this.verify=function(r){throw"verify(hSigVal) not supported for this alg:prov="+this.algProvName},this.initParams=e,e!==void 0&&(e.alg!==void 0&&(this.algName=e.alg,e.prov===void 0?this.provName=v.crypto.Util.DEFAULTPROVIDER[this.algName]:this.provName=e.prov,this.algProvName=this.algName+":"+this.provName,this.setAlgAndProvider(this.algName,this.provName),this._setAlgNames()),e.psssaltlen!==void 0&&(this.pssSaltLen=e.psssaltlen),e.prvkeypem!==void 0)){if(e.prvkeypas!==void 0)throw"both prvkeypem and prvkeypas parameters not supported";try{t=Rt.getKey(e.prvkeypem),this.init(t)}catch(r){throw"fatal error to load pem private key: "+r}}},v.crypto.Cipher=function(e){},v.crypto.Cipher.encrypt=function(e,t,r){if(t instanceof ht&&t.isPublic){var n=v.crypto.Cipher.getAlgByKeyAndName(t,r);if(n==="RSA")return t.encrypt(e);if(n==="RSAOAEP")return t.encryptOAEP(e,"sha1");var i=n.match(/^RSAOAEP(\d+)$/);if(i!==null)return t.encryptOAEP(e,"sha"+i[1]);throw"Cipher.encrypt: unsupported algorithm for RSAKey: "+r}throw"Cipher.encrypt: unsupported key or algorithm"},v.crypto.Cipher.decrypt=function(e,t,r){if(t instanceof ht&&t.isPrivate){var n=v.crypto.Cipher.getAlgByKeyAndName(t,r);if(n==="RSA")return t.decrypt(e);if(n==="RSAOAEP")return t.decryptOAEP(e,"sha1");var i=n.match(/^RSAOAEP(\d+)$/);if(i!==null)return t.decryptOAEP(e,"sha"+i[1]);throw"Cipher.decrypt: unsupported algorithm for RSAKey: "+r}throw"Cipher.decrypt: unsupported key or algorithm"},v.crypto.Cipher.getAlgByKeyAndName=function(e,t){if(e instanceof ht){if(":RSA:RSAOAEP:RSAOAEP224:RSAOAEP256:RSAOAEP384:RSAOAEP512:".indexOf(t)!=-1)return t;if(t==null)return"RSA";throw"getAlgByKeyAndName: not supported algorithm name for RSAKey: "+t}throw"getAlgByKeyAndName: not supported algorithm name: "+t},v.crypto.OID=new function(){this.oidhex2name={"2a864886f70d010101":"rsaEncryption","2a8648ce3d0201":"ecPublicKey","2a8648ce380401":"dsa","2a8648ce3d030107":"secp256r1","2b8104001f":"secp192k1","2b81040021":"secp224r1","2b8104000a":"secp256k1","2b81040023":"secp521r1","2b81040022":"secp384r1","2a8648ce380403":"SHA1withDSA","608648016503040301":"SHA224withDSA","608648016503040302":"SHA256withDSA"}},v!==void 0&&v||(p.KJUR=v={}),v.crypto!==void 0&&v.crypto||(v.crypto={}),v.crypto.ECDSA=function(e){var t=Error,r=B,n=mt,i=v.crypto.ECDSA,s=v.crypto.ECParameterDB,f=i.getName,S=it,y=S.getVbyListEx,_=S.isASN1HEX,w=new Mt;this.type="EC",this.isPrivate=!1,this.isPublic=!1,this.getBigRandom=function(x){return new r(x.bitLength(),w).mod(x.subtract(r.ONE)).add(r.ONE)},this.setNamedCurve=function(x){this.ecparams=s.getByName(x),this.prvKeyHex=null,this.pubKeyHex=null,this.curveName=x},this.setPrivateKeyHex=function(x){this.isPrivate=!0,this.prvKeyHex=x},this.setPublicKeyHex=function(x){this.isPublic=!0,this.pubKeyHex=x},this.getPublicKeyXYHex=function(){var x=this.pubKeyHex;if(x.substr(0,2)!=="04")throw"this method supports uncompressed format(04) only";var D=this.ecparams.keylen/4;if(x.length!==2+2*D)throw"malformed public key hex length";var V={};return V.x=x.substr(2,D),V.y=x.substr(2+D),V},this.getShortNISTPCurveName=function(){var x=this.curveName;return x==="secp256r1"||x==="NIST P-256"||x==="P-256"||x==="prime256v1"?"P-256":x==="secp384r1"||x==="NIST P-384"||x==="P-384"?"P-384":null},this.generateKeyPairHex=function(){var x=this.ecparams.n,D=this.getBigRandom(x),V=this.ecparams.G.multiply(D),W=V.getX().toBigInteger(),G=V.getY().toBigInteger(),X=this.ecparams.keylen/4,g=("0000000000"+D.toString(16)).slice(-X),E="04"+("0000000000"+W.toString(16)).slice(-X)+("0000000000"+G.toString(16)).slice(-X);return this.setPrivateKeyHex(g),this.setPublicKeyHex(E),{ecprvhex:g,ecpubhex:E}},this.signWithMessageHash=function(x){return this.signHex(x,this.prvKeyHex)},this.signHex=function(x,D){var V=new r(D,16),W=this.ecparams.n,G=new r(x.substring(0,this.ecparams.keylen/4),16);do var X=this.getBigRandom(W),g=this.ecparams.G.multiply(X).getX().toBigInteger().mod(W);while(g.compareTo(r.ZERO)<=0);var E=X.modInverse(W).multiply(G.add(V.multiply(g))).mod(W);return i.biRSSigToASN1Sig(g,E)},this.sign=function(x,D){var V=D,W=this.ecparams.n,G=r.fromByteArrayUnsigned(x);do var X=this.getBigRandom(W),g=this.ecparams.G.multiply(X).getX().toBigInteger().mod(W);while(g.compareTo(B.ZERO)<=0);var E=X.modInverse(W).multiply(G.add(V.multiply(g))).mod(W);return this.serializeSig(g,E)},this.verifyWithMessageHash=function(x,D){return this.verifyHex(x,D,this.pubKeyHex)},this.verifyHex=function(x,D,V){try{var W,G,X=i.parseSigHex(D);W=X.r,G=X.s;var g=n.decodeFromHex(this.ecparams.curve,V),E=new r(x.substring(0,this.ecparams.keylen/4),16);return this.verifyRaw(E,W,G,g)}catch{return!1}},this.verify=function(x,D,V){var W,G,X;if(Bitcoin.Util.isArray(D)){var g=this.parseSig(D);W=g.r,G=g.s}else{if((D===void 0?"undefined":l(D))!=="object"||!D.r||!D.s)throw"Invalid value for signature";W=D.r,G=D.s}if(V instanceof mt)X=V;else{if(!Bitcoin.Util.isArray(V))throw"Invalid format for pubkey value, must be byte array or ECPointFp";X=n.decodeFrom(this.ecparams.curve,V)}var E=r.fromByteArrayUnsigned(x);return this.verifyRaw(E,W,G,X)},this.verifyRaw=function(x,D,V,W){var G=this.ecparams.n,X=this.ecparams.G;if(D.compareTo(r.ONE)<0||D.compareTo(G)>=0||V.compareTo(r.ONE)<0||V.compareTo(G)>=0)return!1;var g=V.modInverse(G),E=x.multiply(g).mod(G),R=D.multiply(g).mod(G);return X.multiply(E).add(W.multiply(R)).getX().toBigInteger().mod(G).equals(D)},this.serializeSig=function(x,D){var V=x.toByteArraySigned(),W=D.toByteArraySigned(),G=[];return G.push(2),G.push(V.length),(G=G.concat(V)).push(2),G.push(W.length),(G=G.concat(W)).unshift(G.length),G.unshift(48),G},this.parseSig=function(x){var D;if(x[0]!=48)throw new Error("Signature not a valid DERSequence");if(x[D=2]!=2)throw new Error("First element in signature must be a DERInteger");var V=x.slice(D+2,D+2+x[D+1]);if(x[D+=2+x[D+1]]!=2)throw new Error("Second element in signature must be a DERInteger");var W=x.slice(D+2,D+2+x[D+1]);return D+=2+x[D+1],{r:r.fromByteArrayUnsigned(V),s:r.fromByteArrayUnsigned(W)}},this.parseSigCompact=function(x){if(x.length!==65)throw"Signature has the wrong length";var D=x[0]-27;if(D<0||D>7)throw"Invalid signature type";var V=this.ecparams.n;return{r:r.fromByteArrayUnsigned(x.slice(1,33)).mod(V),s:r.fromByteArrayUnsigned(x.slice(33,65)).mod(V),i:D}},this.readPKCS5PrvKeyHex=function(x){if(_(x)===!1)throw new Error("not ASN.1 hex string");var D,V,W;try{D=y(x,0,["[0]",0],"06"),V=y(x,0,[1],"04");try{W=y(x,0,["[1]",0],"03")}catch{}}catch{throw new Error("malformed PKCS#1/5 plain ECC private key")}if(this.curveName=f(D),this.curveName===void 0)throw"unsupported curve name";this.setNamedCurve(this.curveName),this.setPublicKeyHex(W),this.setPrivateKeyHex(V),this.isPublic=!1},this.readPKCS8PrvKeyHex=function(x){if(_(x)===!1)throw new t("not ASN.1 hex string");var D,V,W;try{y(x,0,[1,0],"06"),D=y(x,0,[1,1],"06"),V=y(x,0,[2,0,1],"04");try{W=y(x,0,[2,0,"[1]",0],"03")}catch{}}catch{throw new t("malformed PKCS#8 plain ECC private key")}if(this.curveName=f(D),this.curveName===void 0)throw new t("unsupported curve name");this.setNamedCurve(this.curveName),this.setPublicKeyHex(W),this.setPrivateKeyHex(V),this.isPublic=!1},this.readPKCS8PubKeyHex=function(x){if(_(x)===!1)throw new t("not ASN.1 hex string");var D,V;try{y(x,0,[0,0],"06"),D=y(x,0,[0,1],"06"),V=y(x,0,[1],"03")}catch{throw new t("malformed PKCS#8 ECC public key")}if(this.curveName=f(D),this.curveName===null)throw new t("unsupported curve name");this.setNamedCurve(this.curveName),this.setPublicKeyHex(V)},this.readCertPubKeyHex=function(x,D){if(_(x)===!1)throw new t("not ASN.1 hex string");var V,W;try{V=y(x,0,[0,5,0,1],"06"),W=y(x,0,[0,5,1],"03")}catch{throw new t("malformed X.509 certificate ECC public key")}if(this.curveName=f(V),this.curveName===null)throw new t("unsupported curve name");this.setNamedCurve(this.curveName),this.setPublicKeyHex(W)},e!==void 0&&e.curve!==void 0&&(this.curveName=e.curve),this.curveName===void 0&&(this.curveName="secp256r1"),this.setNamedCurve(this.curveName),e!==void 0&&(e.prv!==void 0&&this.setPrivateKeyHex(e.prv),e.pub!==void 0&&this.setPublicKeyHex(e.pub))},v.crypto.ECDSA.parseSigHex=function(e){var t=v.crypto.ECDSA.parseSigHexInHexRS(e);return{r:new B(t.r,16),s:new B(t.s,16)}},v.crypto.ECDSA.parseSigHexInHexRS=function(e){var t=it,r=t.getChildIdx,n=t.getV;if(t.checkStrictDER(e,0),e.substr(0,2)!="30")throw new Error("signature is not a ASN.1 sequence");var i=r(e,0);if(i.length!=2)throw new Error("signature shall have two elements");var s=i[0],f=i[1];if(e.substr(s,2)!="02")throw new Error("1st item not ASN.1 integer");if(e.substr(f,2)!="02")throw new Error("2nd item not ASN.1 integer");return{r:n(e,s),s:n(e,f)}},v.crypto.ECDSA.asn1SigToConcatSig=function(e){var t=v.crypto.ECDSA.parseSigHexInHexRS(e),r=t.r,n=t.s;if(r.substr(0,2)=="00"&&r.length%32==2&&(r=r.substr(2)),n.substr(0,2)=="00"&&n.length%32==2&&(n=n.substr(2)),r.length%32==30&&(r="00"+r),n.length%32==30&&(n="00"+n),r.length%32!=0)throw"unknown ECDSA sig r length error";if(n.length%32!=0)throw"unknown ECDSA sig s length error";return r+n},v.crypto.ECDSA.concatSigToASN1Sig=function(e){if(e.length/2*8%128!=0)throw"unknown ECDSA concatinated r-s sig  length error";var t=e.substr(0,e.length/2),r=e.substr(e.length/2);return v.crypto.ECDSA.hexRSSigToASN1Sig(t,r)},v.crypto.ECDSA.hexRSSigToASN1Sig=function(e,t){var r=new B(e,16),n=new B(t,16);return v.crypto.ECDSA.biRSSigToASN1Sig(r,n)},v.crypto.ECDSA.biRSSigToASN1Sig=function(e,t){var r=v.asn1,n=new r.DERInteger({bigint:e}),i=new r.DERInteger({bigint:t});return new r.DERSequence({array:[n,i]}).getEncodedHex()},v.crypto.ECDSA.getName=function(e){return e==="2b8104001f"?"secp192k1":e==="2a8648ce3d030107"?"secp256r1":e==="2b8104000a"?"secp256k1":e==="2b81040021"?"secp224r1":e==="2b81040022"?"secp384r1":"|secp256r1|NIST P-256|P-256|prime256v1|".indexOf(e)!==-1?"secp256r1":"|secp256k1|".indexOf(e)!==-1?"secp256k1":"|secp224r1|NIST P-224|P-224|".indexOf(e)!==-1?"secp224r1":"|secp384r1|NIST P-384|P-384|".indexOf(e)!==-1?"secp384r1":null},v!==void 0&&v||(p.KJUR=v={}),v.crypto!==void 0&&v.crypto||(v.crypto={}),v.crypto.ECParameterDB=new function(){var e={},t={};function r(n){return new B(n,16)}this.getByName=function(n){var i=n;if(t[i]!==void 0&&(i=t[n]),e[i]!==void 0)return e[i];throw"unregistered EC curve name: "+i},this.regist=function(n,i,s,f,S,y,_,w,x,D,V,W){e[n]={};var G=r(s),X=r(f),g=r(S),E=r(y),R=r(_),L=new de(G,X,g),z=L.decodePointHex("04"+w+x);e[n].name=n,e[n].keylen=i,e[n].curve=L,e[n].G=z,e[n].n=E,e[n].h=R,e[n].oid=V,e[n].info=W;for(var Q=0;Q<D.length;Q++)t[D[Q]]=n}},v.crypto.ECParameterDB.regist("secp128r1",128,"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF","FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC","E87579C11079F43DD824993C2CEE5ED3","FFFFFFFE0000000075A30D1B9038A115","1","161FF7528B899B2D0C28607CA52C5B86","CF5AC8395BAFEB13C02DA292DDED7A83",[],"","secp128r1 : SECG curve over a 128 bit prime field"),v.crypto.ECParameterDB.regist("secp160k1",160,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73","0","7","0100000000000000000001B8FA16DFAB9ACA16B6B3","1","3B4C382CE37AA192A4019E763036F4F5DD4D7EBB","938CF935318FDCED6BC28286531733C3F03C4FEE",[],"","secp160k1 : SECG curve over a 160 bit prime field"),v.crypto.ECParameterDB.regist("secp160r1",160,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC","1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45","0100000000000000000001F4C8F927AED3CA752257","1","4A96B5688EF573284664698968C38BB913CBFC82","23A628553168947D59DCC912042351377AC5FB32",[],"","secp160r1 : SECG curve over a 160 bit prime field"),v.crypto.ECParameterDB.regist("secp192k1",192,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37","0","3","FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D","1","DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D","9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D",[]),v.crypto.ECParameterDB.regist("secp192r1",192,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC","64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1","FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831","1","188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012","07192B95FFC8DA78631011ED6B24CDD573F977A11E794811",[]),v.crypto.ECParameterDB.regist("secp224r1",224,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE","B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4","FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D","1","B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21","BD376388B5F723FB4C22DFE6CD4375A05A07476444D5819985007E34",[]),v.crypto.ECParameterDB.regist("secp256k1",256,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F","0","7","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141","1","79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798","483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8",[]),v.crypto.ECParameterDB.regist("secp256r1",256,"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF","FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC","5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B","FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551","1","6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296","4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5",["NIST P-256","P-256","prime256v1"]),v.crypto.ECParameterDB.regist("secp384r1",384,"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC","B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC656398D8A2ED19D2A85C8EDD3EC2AEF","FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0DB248B0A77AECEC196ACCC52973","1","AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F25DBF55296C3A545E3872760AB7","3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f",["NIST P-384","P-384"]),v.crypto.ECParameterDB.regist("secp521r1",521,"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF","1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC","051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00","1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409","1","C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66","011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",["NIST P-521","P-521"]);var Rt=function(){var e=function(_,w,x){return t(M.AES,_,w,x)},t=function(_,w,x,D){var V=M.enc.Hex.parse(w),W=M.enc.Hex.parse(x),G=M.enc.Hex.parse(D),X={};X.key=W,X.iv=G,X.ciphertext=V;var g=_.decrypt(X,W,{iv:G});return M.enc.Hex.stringify(g)},r=function(_,w,x){return n(M.AES,_,w,x)},n=function(_,w,x,D){var V=M.enc.Hex.parse(w),W=M.enc.Hex.parse(x),G=M.enc.Hex.parse(D),X=_.encrypt(V,W,{iv:G}),g=M.enc.Hex.parse(X.toString());return M.enc.Base64.stringify(g)},i={"AES-256-CBC":{proc:e,eproc:r,keylen:32,ivlen:16},"AES-192-CBC":{proc:e,eproc:r,keylen:24,ivlen:16},"AES-128-CBC":{proc:e,eproc:r,keylen:16,ivlen:16},"DES-EDE3-CBC":{proc:function(_,w,x){return t(M.TripleDES,_,w,x)},eproc:function(_,w,x){return n(M.TripleDES,_,w,x)},keylen:24,ivlen:8},"DES-CBC":{proc:function(_,w,x){return t(M.DES,_,w,x)},eproc:function(_,w,x){return n(M.DES,_,w,x)},keylen:8,ivlen:8}},s=function(_){var w={},x=_.match(new RegExp("DEK-Info: ([^,]+),([0-9A-Fa-f]+)","m"));x&&(w.cipher=x[1],w.ivsalt=x[2]);var D=_.match(new RegExp("-----BEGIN ([A-Z]+) PRIVATE KEY-----"));D&&(w.type=D[1]);var V=-1,W=0;_.indexOf(`\r
-\r
-`)!=-1&&(V=_.indexOf(`\r
-\r
-`),W=2),_.indexOf(`
-
-`)!=-1&&(V=_.indexOf(`
-
-`),W=1);var G=_.indexOf("-----END");if(V!=-1&&G!=-1){var X=_.substring(V+2*W,G-W);X=X.replace(/\s+/g,""),w.data=X}return w},f=function(_,w,x){for(var D=x.substring(0,16),V=M.enc.Hex.parse(D),W=M.enc.Utf8.parse(w),G=i[_].keylen+i[_].ivlen,X="",g=null;;){var E=M.algo.MD5.create();if(g!=null&&E.update(g),E.update(W),E.update(V),g=E.finalize(),(X+=M.enc.Hex.stringify(g)).length>=2*G)break}var R={};return R.keyhex=X.substr(0,2*i[_].keylen),R.ivhex=X.substr(2*i[_].keylen,2*i[_].ivlen),R},S=function(_,w,x,D){var V=M.enc.Base64.parse(_),W=M.enc.Hex.stringify(V);return(0,i[w].proc)(W,x,D)};return{version:"1.0.0",parsePKCS5PEM:function(_){return s(_)},getKeyAndUnusedIvByPasscodeAndIvsalt:function(_,w,x){return f(_,w,x)},decryptKeyB64:function(_,w,x,D){return S(_,w,x,D)},getDecryptedKeyHex:function(_,w){var x=s(_),D=(x.type,x.cipher),V=x.ivsalt,W=x.data,G=f(D,w,V).keyhex;return S(W,D,G,V)},getEncryptedPKCS5PEMFromPrvKeyHex:function(_,w,x,D,V){var W="";if(D!==void 0&&D!=null||(D="AES-256-CBC"),i[D]===void 0)throw"KEYUTIL unsupported algorithm: "+D;V!==void 0&&V!=null||(V=function(g){var E=M.lib.WordArray.random(g);return M.enc.Hex.stringify(E)}(i[D].ivlen).toUpperCase());var G=function(g,E,R,L){return(0,i[E].eproc)(g,R,L)}(w,D,f(D,x,V).keyhex,V);return W="-----BEGIN "+_+` PRIVATE KEY-----\r
-`,W+=`Proc-Type: 4,ENCRYPTED\r
-`,W+="DEK-Info: "+D+","+V+`\r
-`,W+=`\r
-`,W+=G.replace(/(.{64})/g,`$1\r
-`),W+=`\r
------END `+_+` PRIVATE KEY-----\r
-`},parseHexOfEncryptedPKCS8:function(_){var w=it,x=w.getChildIdx,D=w.getV,V={},W=x(_,0);if(W.length!=2)throw"malformed format: SEQUENCE(0).items != 2: "+W.length;V.ciphertext=D(_,W[1]);var G=x(_,W[0]);if(G.length!=2)throw"malformed format: SEQUENCE(0.0).items != 2: "+G.length;if(D(_,G[0])!="2a864886f70d01050d")throw"this only supports pkcs5PBES2";var X=x(_,G[1]);if(G.length!=2)throw"malformed format: SEQUENCE(0.0.1).items != 2: "+X.length;var g=x(_,X[1]);if(g.length!=2)throw"malformed format: SEQUENCE(0.0.1.1).items != 2: "+g.length;if(D(_,g[0])!="2a864886f70d0307")throw"this only supports TripleDES";V.encryptionSchemeAlg="TripleDES",V.encryptionSchemeIV=D(_,g[1]);var E=x(_,X[0]);if(E.length!=2)throw"malformed format: SEQUENCE(0.0.1.0).items != 2: "+E.length;if(D(_,E[0])!="2a864886f70d01050c")throw"this only supports pkcs5PBKDF2";var R=x(_,E[1]);if(R.length<2)throw"malformed format: SEQUENCE(0.0.1.0.1).items < 2: "+R.length;V.pbkdf2Salt=D(_,R[0]);var L=D(_,R[1]);try{V.pbkdf2Iter=parseInt(L,16)}catch{throw"malformed format pbkdf2Iter: "+L}return V},getPBKDF2KeyHexFromParam:function(_,w){var x=M.enc.Hex.parse(_.pbkdf2Salt),D=_.pbkdf2Iter,V=M.PBKDF2(w,x,{keySize:6,iterations:D});return M.enc.Hex.stringify(V)},_getPlainPKCS8HexFromEncryptedPKCS8PEM:function(_,w){var x=ce(_,"ENCRYPTED PRIVATE KEY"),D=this.parseHexOfEncryptedPKCS8(x),V=Rt.getPBKDF2KeyHexFromParam(D,w),W={};W.ciphertext=M.enc.Hex.parse(D.ciphertext);var G=M.enc.Hex.parse(V),X=M.enc.Hex.parse(D.encryptionSchemeIV),g=M.TripleDES.decrypt(W,G,{iv:X});return M.enc.Hex.stringify(g)},getKeyFromEncryptedPKCS8PEM:function(_,w){var x=this._getPlainPKCS8HexFromEncryptedPKCS8PEM(_,w);return this.getKeyFromPlainPrivatePKCS8Hex(x)},parsePlainPrivatePKCS8Hex:function(_){var w=it,x=w.getChildIdx,D=w.getV,V={algparam:null};if(_.substr(0,2)!="30")throw"malformed plain PKCS8 private key(code:001)";var W=x(_,0);if(W.length!=3)throw"malformed plain PKCS8 private key(code:002)";if(_.substr(W[1],2)!="30")throw"malformed PKCS8 private key(code:003)";var G=x(_,W[1]);if(G.length!=2)throw"malformed PKCS8 private key(code:004)";if(_.substr(G[0],2)!="06")throw"malformed PKCS8 private key(code:005)";if(V.algoid=D(_,G[0]),_.substr(G[1],2)=="06"&&(V.algparam=D(_,G[1])),_.substr(W[2],2)!="04")throw"malformed PKCS8 private key(code:006)";return V.keyidx=w.getVidx(_,W[2]),V},getKeyFromPlainPrivatePKCS8PEM:function(_){var w=ce(_,"PRIVATE KEY");return this.getKeyFromPlainPrivatePKCS8Hex(w)},getKeyFromPlainPrivatePKCS8Hex:function(_){var w,x=this.parsePlainPrivatePKCS8Hex(_);if(x.algoid=="2a864886f70d010101")w=new ht;else if(x.algoid=="2a8648ce380401")w=new v.crypto.DSA;else{if(x.algoid!="2a8648ce3d0201")throw"unsupported private key algorithm";w=new v.crypto.ECDSA}return w.readPKCS8PrvKeyHex(_),w},_getKeyFromPublicPKCS8Hex:function(_){var w,x=it.getVbyList(_,0,[0,0],"06");if(x==="2a864886f70d010101")w=new ht;else if(x==="2a8648ce380401")w=new v.crypto.DSA;else{if(x!=="2a8648ce3d0201")throw"unsupported PKCS#8 public key hex";w=new v.crypto.ECDSA}return w.readPKCS8PubKeyHex(_),w},parsePublicRawRSAKeyHex:function(_){var w=it,x=w.getChildIdx,D=w.getV,V={};if(_.substr(0,2)!="30")throw"malformed RSA key(code:001)";var W=x(_,0);if(W.length!=2)throw"malformed RSA key(code:002)";if(_.substr(W[0],2)!="02")throw"malformed RSA key(code:003)";if(V.n=D(_,W[0]),_.substr(W[1],2)!="02")throw"malformed RSA key(code:004)";return V.e=D(_,W[1]),V},parsePublicPKCS8Hex:function(_){var w=it,x=w.getChildIdx,D=w.getV,V={algparam:null},W=x(_,0);if(W.length!=2)throw"outer DERSequence shall have 2 elements: "+W.length;var G=W[0];if(_.substr(G,2)!="30")throw"malformed PKCS8 public key(code:001)";var X=x(_,G);if(X.length!=2)throw"malformed PKCS8 public key(code:002)";if(_.substr(X[0],2)!="06")throw"malformed PKCS8 public key(code:003)";if(V.algoid=D(_,X[0]),_.substr(X[1],2)=="06"?V.algparam=D(_,X[1]):_.substr(X[1],2)=="30"&&(V.algparam={},V.algparam.p=w.getVbyList(_,X[1],[0],"02"),V.algparam.q=w.getVbyList(_,X[1],[1],"02"),V.algparam.g=w.getVbyList(_,X[1],[2],"02")),_.substr(W[1],2)!="03")throw"malformed PKCS8 public key(code:004)";return V.key=D(_,W[1]).substr(2),V}}}();Rt.getKey=function(e,t,r){var n=(X=it).getChildIdx,i=(X.getV,X.getVbyList),s=v.crypto,f=s.ECDSA,S=s.DSA,y=ht,_=ce,w=Rt;if(y!==void 0&&e instanceof y||f!==void 0&&e instanceof f||S!==void 0&&e instanceof S)return e;if(e.curve!==void 0&&e.xy!==void 0&&e.d===void 0)return new f({pub:e.xy,curve:e.curve});if(e.curve!==void 0&&e.d!==void 0)return new f({prv:e.d,curve:e.curve});if(e.kty===void 0&&e.n!==void 0&&e.e!==void 0&&e.d===void 0)return(ct=new y).setPublic(e.n,e.e),ct;if(e.kty===void 0&&e.n!==void 0&&e.e!==void 0&&e.d!==void 0&&e.p!==void 0&&e.q!==void 0&&e.dp!==void 0&&e.dq!==void 0&&e.co!==void 0&&e.qi===void 0)return(ct=new y).setPrivateEx(e.n,e.e,e.d,e.p,e.q,e.dp,e.dq,e.co),ct;if(e.kty===void 0&&e.n!==void 0&&e.e!==void 0&&e.d!==void 0&&e.p===void 0)return(ct=new y).setPrivate(e.n,e.e,e.d),ct;if(e.p!==void 0&&e.q!==void 0&&e.g!==void 0&&e.y!==void 0&&e.x===void 0)return(ct=new S).setPublic(e.p,e.q,e.g,e.y),ct;if(e.p!==void 0&&e.q!==void 0&&e.g!==void 0&&e.y!==void 0&&e.x!==void 0)return(ct=new S).setPrivate(e.p,e.q,e.g,e.y,e.x),ct;if(e.kty==="RSA"&&e.n!==void 0&&e.e!==void 0&&e.d===void 0)return(ct=new y).setPublic(bt(e.n),bt(e.e)),ct;if(e.kty==="RSA"&&e.n!==void 0&&e.e!==void 0&&e.d!==void 0&&e.p!==void 0&&e.q!==void 0&&e.dp!==void 0&&e.dq!==void 0&&e.qi!==void 0)return(ct=new y).setPrivateEx(bt(e.n),bt(e.e),bt(e.d),bt(e.p),bt(e.q),bt(e.dp),bt(e.dq),bt(e.qi)),ct;if(e.kty==="RSA"&&e.n!==void 0&&e.e!==void 0&&e.d!==void 0)return(ct=new y).setPrivate(bt(e.n),bt(e.e),bt(e.d)),ct;if(e.kty==="EC"&&e.crv!==void 0&&e.x!==void 0&&e.y!==void 0&&e.d===void 0){var x=(st=new f({curve:e.crv})).ecparams.keylen/4,D="04"+("0000000000"+bt(e.x)).slice(-x)+("0000000000"+bt(e.y)).slice(-x);return st.setPublicKeyHex(D),st}if(e.kty==="EC"&&e.crv!==void 0&&e.x!==void 0&&e.y!==void 0&&e.d!==void 0){x=(st=new f({curve:e.crv})).ecparams.keylen/4,D="04"+("0000000000"+bt(e.x)).slice(-x)+("0000000000"+bt(e.y)).slice(-x);var V=("0000000000"+bt(e.d)).slice(-x);return st.setPublicKeyHex(D),st.setPrivateKeyHex(V),st}if(r==="pkcs5prv"){var W,G=e,X=it;if((W=n(G,0)).length===9)(ct=new y).readPKCS5PrvKeyHex(G);else if(W.length===6)(ct=new S).readPKCS5PrvKeyHex(G);else{if(!(W.length>2&&G.substr(W[1],2)==="04"))throw"unsupported PKCS#1/5 hexadecimal key";(ct=new f).readPKCS5PrvKeyHex(G)}return ct}if(r==="pkcs8prv")return ct=w.getKeyFromPlainPrivatePKCS8Hex(e);if(r==="pkcs8pub")return w._getKeyFromPublicPKCS8Hex(e);if(r==="x509pub")return It.getPublicKeyFromCertHex(e);if(e.indexOf("-END CERTIFICATE-",0)!=-1||e.indexOf("-END X509 CERTIFICATE-",0)!=-1||e.indexOf("-END TRUSTED CERTIFICATE-",0)!=-1)return It.getPublicKeyFromCertPEM(e);if(e.indexOf("-END PUBLIC KEY-")!=-1){var g=ce(e,"PUBLIC KEY");return w._getKeyFromPublicPKCS8Hex(g)}if(e.indexOf("-END RSA PRIVATE KEY-")!=-1&&e.indexOf("4,ENCRYPTED")==-1){var E=_(e,"RSA PRIVATE KEY");return w.getKey(E,null,"pkcs5prv")}if(e.indexOf("-END DSA PRIVATE KEY-")!=-1&&e.indexOf("4,ENCRYPTED")==-1){var R=i(wt=_(e,"DSA PRIVATE KEY"),0,[1],"02"),L=i(wt,0,[2],"02"),z=i(wt,0,[3],"02"),Q=i(wt,0,[4],"02"),ut=i(wt,0,[5],"02");return(ct=new S).setPrivate(new B(R,16),new B(L,16),new B(z,16),new B(Q,16),new B(ut,16)),ct}if(e.indexOf("-END EC PRIVATE KEY-")!=-1&&e.indexOf("4,ENCRYPTED")==-1)return E=_(e,"EC PRIVATE KEY"),w.getKey(E,null,"pkcs5prv");if(e.indexOf("-END PRIVATE KEY-")!=-1)return w.getKeyFromPlainPrivatePKCS8PEM(e);if(e.indexOf("-END RSA PRIVATE KEY-")!=-1&&e.indexOf("4,ENCRYPTED")!=-1){var tt=w.getDecryptedKeyHex(e,t),gt=new ht;return gt.readPKCS5PrvKeyHex(tt),gt}if(e.indexOf("-END EC PRIVATE KEY-")!=-1&&e.indexOf("4,ENCRYPTED")!=-1){var st,ct=i(wt=w.getDecryptedKeyHex(e,t),0,[1],"04"),St=i(wt,0,[2,0],"06"),Ft=i(wt,0,[3,0],"03").substr(2);if(v.crypto.OID.oidhex2name[St]===void 0)throw"undefined OID(hex) in KJUR.crypto.OID: "+St;return(st=new f({curve:v.crypto.OID.oidhex2name[St]})).setPublicKeyHex(Ft),st.setPrivateKeyHex(ct),st.isPublic=!1,st}if(e.indexOf("-END DSA PRIVATE KEY-")!=-1&&e.indexOf("4,ENCRYPTED")!=-1){var wt;return R=i(wt=w.getDecryptedKeyHex(e,t),0,[1],"02"),L=i(wt,0,[2],"02"),z=i(wt,0,[3],"02"),Q=i(wt,0,[4],"02"),ut=i(wt,0,[5],"02"),(ct=new S).setPrivate(new B(R,16),new B(L,16),new B(z,16),new B(Q,16),new B(ut,16)),ct}if(e.indexOf("-END ENCRYPTED PRIVATE KEY-")!=-1)return w.getKeyFromEncryptedPKCS8PEM(e,t);throw new Error("not supported argument")},Rt.generateKeypair=function(e,t){if(e=="RSA"){var r=t;(f=new ht).generate(r,"10001"),f.isPrivate=!0,f.isPublic=!0;var n=new ht,i=f.n.toString(16),s=f.e.toString(16);return n.setPublic(i,s),n.isPrivate=!1,n.isPublic=!0,(S={}).prvKeyObj=f,S.pubKeyObj=n,S}if(e=="EC"){var f,S,y=t,_=new v.crypto.ECDSA({curve:y}).generateKeyPairHex();return(f=new v.crypto.ECDSA({curve:y})).setPublicKeyHex(_.ecpubhex),f.setPrivateKeyHex(_.ecprvhex),f.isPrivate=!0,f.isPublic=!1,(n=new v.crypto.ECDSA({curve:y})).setPublicKeyHex(_.ecpubhex),n.isPrivate=!1,n.isPublic=!0,(S={}).prvKeyObj=f,S.pubKeyObj=n,S}throw"unknown algorithm: "+e},Rt.getPEM=function(e,t,r,n,i,s){var f=v,S=f.asn1,y=S.DERObjectIdentifier,_=S.DERInteger,w=S.ASN1Util.newObject,x=S.x509.SubjectPublicKeyInfo,D=f.crypto,V=D.DSA,W=D.ECDSA,G=ht;function X(st){return w({seq:[{int:0},{int:{bigint:st.n}},{int:st.e},{int:{bigint:st.d}},{int:{bigint:st.p}},{int:{bigint:st.q}},{int:{bigint:st.dmp1}},{int:{bigint:st.dmq1}},{int:{bigint:st.coeff}}]})}function g(st){return w({seq:[{int:1},{octstr:{hex:st.prvKeyHex}},{tag:["a0",!0,{oid:{name:st.curveName}}]},{tag:["a1",!0,{bitstr:{hex:"00"+st.pubKeyHex}}]}]})}function E(st){return w({seq:[{int:0},{int:{bigint:st.p}},{int:{bigint:st.q}},{int:{bigint:st.g}},{int:{bigint:st.y}},{int:{bigint:st.x}}]})}if((G!==void 0&&e instanceof G||V!==void 0&&e instanceof V||W!==void 0&&e instanceof W)&&e.isPublic==1&&(t===void 0||t=="PKCS8PUB"))return Xt(Q=new x(e).getEncodedHex(),"PUBLIC KEY");if(t=="PKCS1PRV"&&G!==void 0&&e instanceof G&&(r===void 0||r==null)&&e.isPrivate==1)return Xt(Q=X(e).getEncodedHex(),"RSA PRIVATE KEY");if(t=="PKCS1PRV"&&W!==void 0&&e instanceof W&&(r===void 0||r==null)&&e.isPrivate==1){var R=new y({name:e.curveName}).getEncodedHex(),L=g(e).getEncodedHex(),z="";return z+=Xt(R,"EC PARAMETERS"),z+=Xt(L,"EC PRIVATE KEY")}if(t=="PKCS1PRV"&&V!==void 0&&e instanceof V&&(r===void 0||r==null)&&e.isPrivate==1)return Xt(Q=E(e).getEncodedHex(),"DSA PRIVATE KEY");if(t=="PKCS5PRV"&&G!==void 0&&e instanceof G&&r!==void 0&&r!=null&&e.isPrivate==1){var Q=X(e).getEncodedHex();return n===void 0&&(n="DES-EDE3-CBC"),this.getEncryptedPKCS5PEMFromPrvKeyHex("RSA",Q,r,n,s)}if(t=="PKCS5PRV"&&W!==void 0&&e instanceof W&&r!==void 0&&r!=null&&e.isPrivate==1)return Q=g(e).getEncodedHex(),n===void 0&&(n="DES-EDE3-CBC"),this.getEncryptedPKCS5PEMFromPrvKeyHex("EC",Q,r,n,s);if(t=="PKCS5PRV"&&V!==void 0&&e instanceof V&&r!==void 0&&r!=null&&e.isPrivate==1)return Q=E(e).getEncodedHex(),n===void 0&&(n="DES-EDE3-CBC"),this.getEncryptedPKCS5PEMFromPrvKeyHex("DSA",Q,r,n,s);var ut=function(ct,St){var Ft=tt(ct,St);return new w({seq:[{seq:[{oid:{name:"pkcs5PBES2"}},{seq:[{seq:[{oid:{name:"pkcs5PBKDF2"}},{seq:[{octstr:{hex:Ft.pbkdf2Salt}},{int:Ft.pbkdf2Iter}]}]},{seq:[{oid:{name:"des-EDE3-CBC"}},{octstr:{hex:Ft.encryptionSchemeIV}}]}]}]},{octstr:{hex:Ft.ciphertext}}]}).getEncodedHex()},tt=function(ct,St){var Ft=M.lib.WordArray.random(8),wt=M.lib.WordArray.random(8),Qt=M.PBKDF2(St,Ft,{keySize:6,iterations:100}),Ht=M.enc.Hex.parse(ct),qt=M.TripleDES.encrypt(Ht,Qt,{iv:wt})+"",Ct={};return Ct.ciphertext=qt,Ct.pbkdf2Salt=M.enc.Hex.stringify(Ft),Ct.pbkdf2Iter=100,Ct.encryptionSchemeAlg="DES-EDE3-CBC",Ct.encryptionSchemeIV=M.enc.Hex.stringify(wt),Ct};if(t=="PKCS8PRV"&&G!=null&&e instanceof G&&e.isPrivate==1){var gt=X(e).getEncodedHex();return Q=w({seq:[{int:0},{seq:[{oid:{name:"rsaEncryption"}},{null:!0}]},{octstr:{hex:gt}}]}).getEncodedHex(),r===void 0||r==null?Xt(Q,"PRIVATE KEY"):Xt(L=ut(Q,r),"ENCRYPTED PRIVATE KEY")}if(t=="PKCS8PRV"&&W!==void 0&&e instanceof W&&e.isPrivate==1)return gt=new w({seq:[{int:1},{octstr:{hex:e.prvKeyHex}},{tag:["a1",!0,{bitstr:{hex:"00"+e.pubKeyHex}}]}]}).getEncodedHex(),Q=w({seq:[{int:0},{seq:[{oid:{name:"ecPublicKey"}},{oid:{name:e.curveName}}]},{octstr:{hex:gt}}]}).getEncodedHex(),r===void 0||r==null?Xt(Q,"PRIVATE KEY"):Xt(L=ut(Q,r),"ENCRYPTED PRIVATE KEY");if(t=="PKCS8PRV"&&V!==void 0&&e instanceof V&&e.isPrivate==1)return gt=new _({bigint:e.x}).getEncodedHex(),Q=w({seq:[{int:0},{seq:[{oid:{name:"dsa"}},{seq:[{int:{bigint:e.p}},{int:{bigint:e.q}},{int:{bigint:e.g}}]}]},{octstr:{hex:gt}}]}).getEncodedHex(),r===void 0||r==null?Xt(Q,"PRIVATE KEY"):Xt(L=ut(Q,r),"ENCRYPTED PRIVATE KEY");throw new Error("unsupported object nor format")},Rt.getKeyFromCSRPEM=function(e){var t=ce(e,"CERTIFICATE REQUEST");return Rt.getKeyFromCSRHex(t)},Rt.getKeyFromCSRHex=function(e){var t=Rt.parseCSRHex(e);return Rt.getKey(t.p8pubkeyhex,null,"pkcs8pub")},Rt.parseCSRHex=function(e){var t=it,r=t.getChildIdx,n=t.getTLV,i={},s=e;if(s.substr(0,2)!="30")throw"malformed CSR(code:001)";var f=r(s,0);if(f.length<1)throw"malformed CSR(code:002)";if(s.substr(f[0],2)!="30")throw"malformed CSR(code:003)";var S=r(s,f[0]);if(S.length<3)throw"malformed CSR(code:004)";return i.p8pubkeyhex=n(s,S[2]),i},Rt.getKeyID=function(e){var t=Rt,r=it;typeof e=="string"&&e.indexOf("BEGIN ")!=-1&&(e=t.getKey(e));var n=ce(t.getPEM(e)),i=r.getIdxbyList(n,0,[1]),s=r.getV(n,i).substring(2);return v.crypto.Util.hashHex(s,"sha1")},Rt.getJWKFromKey=function(e){var t={};if(e instanceof ht&&e.isPrivate)return t.kty="RSA",t.n=Dt(e.n.toString(16)),t.e=Dt(e.e.toString(16)),t.d=Dt(e.d.toString(16)),t.p=Dt(e.p.toString(16)),t.q=Dt(e.q.toString(16)),t.dp=Dt(e.dmp1.toString(16)),t.dq=Dt(e.dmq1.toString(16)),t.qi=Dt(e.coeff.toString(16)),t;if(e instanceof ht&&e.isPublic)return t.kty="RSA",t.n=Dt(e.n.toString(16)),t.e=Dt(e.e.toString(16)),t;if(e instanceof v.crypto.ECDSA&&e.isPrivate){if((n=e.getShortNISTPCurveName())!=="P-256"&&n!=="P-384")throw"unsupported curve name for JWT: "+n;var r=e.getPublicKeyXYHex();return t.kty="EC",t.crv=n,t.x=Dt(r.x),t.y=Dt(r.y),t.d=Dt(e.prvKeyHex),t}if(e instanceof v.crypto.ECDSA&&e.isPublic){var n;if((n=e.getShortNISTPCurveName())!=="P-256"&&n!=="P-384")throw"unsupported curve name for JWT: "+n;return r=e.getPublicKeyXYHex(),t.kty="EC",t.crv=n,t.x=Dt(r.x),t.y=Dt(r.y),t}throw"not supported key object"},ht.getPosArrayOfChildrenFromHex=function(e){return it.getChildIdx(e,0)},ht.getHexValueArrayOfChildrenFromHex=function(e){var t,r=it.getV,n=r(e,(t=ht.getPosArrayOfChildrenFromHex(e))[0]),i=r(e,t[1]),s=r(e,t[2]),f=r(e,t[3]),S=r(e,t[4]),y=r(e,t[5]),_=r(e,t[6]),w=r(e,t[7]),x=r(e,t[8]);return(t=new Array).push(n,i,s,f,S,y,_,w,x),t},ht.prototype.readPrivateKeyFromPEMString=function(e){var t=ce(e),r=ht.getHexValueArrayOfChildrenFromHex(t);this.setPrivateEx(r[1],r[2],r[3],r[4],r[5],r[6],r[7],r[8])},ht.prototype.readPKCS5PrvKeyHex=function(e){var t=ht.getHexValueArrayOfChildrenFromHex(e);this.setPrivateEx(t[1],t[2],t[3],t[4],t[5],t[6],t[7],t[8])},ht.prototype.readPKCS8PrvKeyHex=function(e){var t,r,n,i,s,f,S,y,_=it,w=_.getVbyListEx;if(_.isASN1HEX(e)===!1)throw new Error("not ASN.1 hex string");try{t=w(e,0,[2,0,1],"02"),r=w(e,0,[2,0,2],"02"),n=w(e,0,[2,0,3],"02"),i=w(e,0,[2,0,4],"02"),s=w(e,0,[2,0,5],"02"),f=w(e,0,[2,0,6],"02"),S=w(e,0,[2,0,7],"02"),y=w(e,0,[2,0,8],"02")}catch{throw new Error("malformed PKCS#8 plain RSA private key")}this.setPrivateEx(t,r,n,i,s,f,S,y)},ht.prototype.readPKCS5PubKeyHex=function(e){var t=it,r=t.getV;if(t.isASN1HEX(e)===!1)throw new Error("keyHex is not ASN.1 hex string");var n=t.getChildIdx(e,0);if(n.length!==2||e.substr(n[0],2)!=="02"||e.substr(n[1],2)!=="02")throw new Error("wrong hex for PKCS#5 public key");var i=r(e,n[0]),s=r(e,n[1]);this.setPublic(i,s)},ht.prototype.readPKCS8PubKeyHex=function(e){var t=it;if(t.isASN1HEX(e)===!1)throw new Error("not ASN.1 hex string");if(t.getTLVbyListEx(e,0,[0,0])!=="06092a864886f70d010101")throw new Error("not PKCS8 RSA public key");var r=t.getTLVbyListEx(e,0,[1,0]);this.readPKCS5PubKeyHex(r)},ht.prototype.readCertPubKeyHex=function(e,t){var r,n;(r=new It).readCertHex(e),n=r.getPublicKeyHex(),this.readPKCS8PubKeyHex(n)};var gr=new RegExp("[^0-9a-f]","gi");function or(e,t){for(var r="",n=t/4-e.length,i=0;i<n;i++)r+="0";return r+e}function sr(e,t,r){for(var n="",i=0;n.length<t;)n+=te(r(ue(e+String.fromCharCode.apply(String,[(4278190080&i)>>24,(16711680&i)>>16,(65280&i)>>8,255&i])))),i+=1;return n}function ar(e){for(var t in v.crypto.Util.DIGESTINFOHEAD){var r=v.crypto.Util.DIGESTINFOHEAD[t],n=r.length;if(e.substring(0,n)==r)return[t,e.substring(n)]}return[]}function It(e){var t,r=it,n=r.getChildIdx,i=r.getV,s=r.getTLV,f=r.getVbyList,S=r.getVbyListEx,y=r.getTLVbyList,_=r.getTLVbyListEx,w=r.getIdxbyList,x=r.getIdxbyListEx,D=r.getVidx,V=r.oidname,W=r.hextooidstr,G=It,X=ce;try{t=v.asn1.x509.AlgorithmIdentifier.PSSNAME2ASN1TLV}catch{}this.HEX2STAG={"0c":"utf8",13:"prn",16:"ia5","1a":"vis","1e":"bmp"},this.hex=null,this.version=0,this.foffset=0,this.aExtInfo=null,this.getVersion=function(){return this.hex===null||this.version!==0?this.version:y(this.hex,0,[0,0])!=="a003020102"?(this.version=1,this.foffset=-1,1):(this.version=3,3)},this.getSerialNumberHex=function(){return S(this.hex,0,[0,0],"02")},this.getSignatureAlgorithmField=function(){var g=_(this.hex,0,[0,1]);return this.getAlgorithmIdentifierName(g)},this.getAlgorithmIdentifierName=function(g){for(var E in t)if(g===t[E])return E;return V(S(g,0,[0],"06"))},this.getIssuer=function(){return this.getX500Name(this.getIssuerHex())},this.getIssuerHex=function(){return y(this.hex,0,[0,3+this.foffset],"30")},this.getIssuerString=function(){return G.hex2dn(this.getIssuerHex())},this.getSubject=function(){return this.getX500Name(this.getSubjectHex())},this.getSubjectHex=function(){return y(this.hex,0,[0,5+this.foffset],"30")},this.getSubjectString=function(){return G.hex2dn(this.getSubjectHex())},this.getNotBefore=function(){var g=f(this.hex,0,[0,4+this.foffset,0]);return g=g.replace(/(..)/g,"%$1"),g=decodeURIComponent(g)},this.getNotAfter=function(){var g=f(this.hex,0,[0,4+this.foffset,1]);return g=g.replace(/(..)/g,"%$1"),g=decodeURIComponent(g)},this.getPublicKeyHex=function(){return r.getTLVbyList(this.hex,0,[0,6+this.foffset],"30")},this.getPublicKeyIdx=function(){return w(this.hex,0,[0,6+this.foffset],"30")},this.getPublicKeyContentIdx=function(){var g=this.getPublicKeyIdx();return w(this.hex,g,[1,0],"30")},this.getPublicKey=function(){return Rt.getKey(this.getPublicKeyHex(),null,"pkcs8pub")},this.getSignatureAlgorithmName=function(){var g=y(this.hex,0,[1],"30");return this.getAlgorithmIdentifierName(g)},this.getSignatureValueHex=function(){return f(this.hex,0,[2],"03",!0)},this.verifySignature=function(g){var E=this.getSignatureAlgorithmField(),R=this.getSignatureValueHex(),L=y(this.hex,0,[0],"30"),z=new v.crypto.Signature({alg:E});return z.init(g),z.updateHex(L),z.verify(R)},this.parseExt=function(g){var E,R,L;if(g===void 0){if(L=this.hex,this.version!==3)return-1;E=w(L,0,[0,7,0],"30"),R=n(L,E)}else{L=ce(g);var z=w(L,0,[0,3,0,0],"06");if(i(L,z)!="2a864886f70d01090e")return void(this.aExtInfo=new Array);E=w(L,0,[0,3,0,1,0],"30"),R=n(L,E),this.hex=L}this.aExtInfo=new Array;for(var Q=0;Q<R.length;Q++){var ut={critical:!1},tt=0;n(L,R[Q]).length===3&&(ut.critical=!0,tt=1),ut.oid=r.hextooidstr(f(L,R[Q],[0],"06"));var gt=w(L,R[Q],[1+tt]);ut.vidx=D(L,gt),this.aExtInfo.push(ut)}},this.getExtInfo=function(g){var E=this.aExtInfo,R=g;if(g.match(/^[0-9.]+$/)||(R=v.asn1.x509.OID.name2oid(g)),R!==""){for(var L=0;L<E.length;L++)if(E[L].oid===R)return E[L]}},this.getExtBasicConstraints=function(g,E){if(g===void 0&&E===void 0){var R=this.getExtInfo("basicConstraints");if(R===void 0)return;g=s(this.hex,R.vidx),E=R.critical}var L={extname:"basicConstraints"};if(E&&(L.critical=!0),g==="3000")return L;if(g==="30030101ff")return L.cA=!0,L;if(g.substr(0,12)==="30060101ff02"){var z=i(g,10),Q=parseInt(z,16);return L.cA=!0,L.pathLen=Q,L}throw new Error("hExtV parse error: "+g)},this.getExtKeyUsage=function(g,E){if(g===void 0&&E===void 0){var R=this.getExtInfo("keyUsage");if(R===void 0)return;g=s(this.hex,R.vidx),E=R.critical}var L={extname:"keyUsage"};return E&&(L.critical=!0),L.names=this.getExtKeyUsageString(g).split(","),L},this.getExtKeyUsageBin=function(g){if(g===void 0){var E=this.getExtInfo("keyUsage");if(E===void 0)return"";g=s(this.hex,E.vidx)}if(g.length!=8&&g.length!=10)throw new Error("malformed key usage value: "+g);var R="000000000000000"+parseInt(g.substr(6),16).toString(2);return g.length==8&&(R=R.slice(-8)),g.length==10&&(R=R.slice(-16)),(R=R.replace(/0+$/,""))==""&&(R="0"),R},this.getExtKeyUsageString=function(g){for(var E=this.getExtKeyUsageBin(g),R=new Array,L=0;L<E.length;L++)E.substr(L,1)=="1"&&R.push(It.KEYUSAGE_NAME[L]);return R.join(",")},this.getExtSubjectKeyIdentifier=function(g,E){if(g===void 0&&E===void 0){var R=this.getExtInfo("subjectKeyIdentifier");if(R===void 0)return;g=s(this.hex,R.vidx),E=R.critical}var L={extname:"subjectKeyIdentifier"};E&&(L.critical=!0);var z=i(g,0);return L.kid={hex:z},L},this.getExtAuthorityKeyIdentifier=function(g,E){if(g===void 0&&E===void 0){var R=this.getExtInfo("authorityKeyIdentifier");if(R===void 0)return;g=s(this.hex,R.vidx),E=R.critical}var L={extname:"authorityKeyIdentifier"};E&&(L.critical=!0);for(var z=n(g,0),Q=0;Q<z.length;Q++){var ut=g.substr(z[Q],2);if(ut==="80"&&(L.kid={hex:i(g,z[Q])}),ut==="a1"){var tt=s(g,z[Q]),gt=this.getGeneralNames(tt);L.issuer=gt[0].dn}ut==="82"&&(L.sn={hex:i(g,z[Q])})}return L},this.getExtExtKeyUsage=function(g,E){if(g===void 0&&E===void 0){var R=this.getExtInfo("extKeyUsage");if(R===void 0)return;g=s(this.hex,R.vidx),E=R.critical}var L={extname:"extKeyUsage",array:[]};E&&(L.critical=!0);for(var z=n(g,0),Q=0;Q<z.length;Q++)L.array.push(V(i(g,z[Q])));return L},this.getExtExtKeyUsageName=function(){var g=this.getExtInfo("extKeyUsage");if(g===void 0)return g;var E=new Array,R=s(this.hex,g.vidx);if(R==="")return E;for(var L=n(R,0),z=0;z<L.length;z++)E.push(V(i(R,L[z])));return E},this.getExtSubjectAltName=function(g,E){if(g===void 0&&E===void 0){var R=this.getExtInfo("subjectAltName");if(R===void 0)return;g=s(this.hex,R.vidx),E=R.critical}var L={extname:"subjectAltName",array:[]};return E&&(L.critical=!0),L.array=this.getGeneralNames(g),L},this.getExtIssuerAltName=function(g,E){if(g===void 0&&E===void 0){var R=this.getExtInfo("issuerAltName");if(R===void 0)return;g=s(this.hex,R.vidx),E=R.critical}var L={extname:"issuerAltName",array:[]};return E&&(L.critical=!0),L.array=this.getGeneralNames(g),L},this.getGeneralNames=function(g){for(var E=n(g,0),R=[],L=0;L<E.length;L++){var z=this.getGeneralName(s(g,E[L]));z!==void 0&&R.push(z)}return R},this.getGeneralName=function(g){var E=g.substr(0,2),R=i(g,0),L=te(R);return E=="81"?{rfc822:L}:E=="82"?{dns:L}:E=="86"?{uri:L}:E=="87"?{ip:Ve(R)}:E=="a4"?{dn:this.getX500Name(R)}:void 0},this.getExtSubjectAltName2=function(){var g,E,R,L=this.getExtInfo("subjectAltName");if(L===void 0)return L;for(var z=new Array,Q=s(this.hex,L.vidx),ut=n(Q,0),tt=0;tt<ut.length;tt++)R=Q.substr(ut[tt],2),g=i(Q,ut[tt]),R==="81"&&(E=Ot(g),z.push(["MAIL",E])),R==="82"&&(E=Ot(g),z.push(["DNS",E])),R==="84"&&(E=It.hex2dn(g,0),z.push(["DN",E])),R==="86"&&(E=Ot(g),z.push(["URI",E])),R==="87"&&(E=Ve(g),z.push(["IP",E]));return z},this.getExtCRLDistributionPoints=function(g,E){if(g===void 0&&E===void 0){var R=this.getExtInfo("cRLDistributionPoints");if(R===void 0)return;g=s(this.hex,R.vidx),E=R.critical}var L={extname:"cRLDistributionPoints",array:[]};E&&(L.critical=!0);for(var z=n(g,0),Q=0;Q<z.length;Q++){var ut=s(g,z[Q]);L.array.push(this.getDistributionPoint(ut))}return L},this.getDistributionPoint=function(g){for(var E={},R=n(g,0),L=0;L<R.length;L++){var z=g.substr(R[L],2),Q=s(g,R[L]);z=="a0"&&(E.dpname=this.getDistributionPointName(Q))}return E},this.getDistributionPointName=function(g){for(var E={},R=n(g,0),L=0;L<R.length;L++){var z=g.substr(R[L],2),Q=s(g,R[L]);z=="a0"&&(E.full=this.getGeneralNames(Q))}return E},this.getExtCRLDistributionPointsURI=function(){var g=this.getExtInfo("cRLDistributionPoints");if(g===void 0)return g;for(var E=new Array,R=n(this.hex,g.vidx),L=0;L<R.length;L++)try{var z=Ot(f(this.hex,R[L],[0,0,0],"86"));E.push(z)}catch{}return E},this.getExtAIAInfo=function(){var g=this.getExtInfo("authorityInfoAccess");if(g===void 0)return g;for(var E={ocsp:[],caissuer:[]},R=n(this.hex,g.vidx),L=0;L<R.length;L++){var z=f(this.hex,R[L],[0],"06"),Q=f(this.hex,R[L],[1],"86");z==="2b06010505073001"&&E.ocsp.push(Ot(Q)),z==="2b06010505073002"&&E.caissuer.push(Ot(Q))}return E},this.getExtAuthorityInfoAccess=function(g,E){if(g===void 0&&E===void 0){var R=this.getExtInfo("authorityInfoAccess");if(R===void 0)return;g=s(this.hex,R.vidx),E=R.critical}var L={extname:"authorityInfoAccess",array:[]};E&&(L.critical=!0);for(var z=n(g,0),Q=0;Q<z.length;Q++){var ut=S(g,z[Q],[0],"06"),tt=Ot(f(g,z[Q],[1],"86"));if(ut=="2b06010505073001")L.array.push({ocsp:tt});else{if(ut!="2b06010505073002")throw new Error("unknown method: "+ut);L.array.push({caissuer:tt})}}return L},this.getExtCertificatePolicies=function(g,E){if(g===void 0&&E===void 0){var R=this.getExtInfo("certificatePolicies");if(R===void 0)return;g=s(this.hex,R.vidx),E=R.critical}var L={extname:"certificatePolicies",array:[]};E&&(L.critical=!0);for(var z=n(g,0),Q=0;Q<z.length;Q++){var ut=s(g,z[Q]),tt=this.getPolicyInformation(ut);L.array.push(tt)}return L},this.getPolicyInformation=function(g){var E={},R=f(g,0,[0],"06");E.policyoid=V(R);var L=x(g,0,[1],"30");if(L!=-1){E.array=[];for(var z=n(g,L),Q=0;Q<z.length;Q++){var ut=s(g,z[Q]),tt=this.getPolicyQualifierInfo(ut);E.array.push(tt)}}return E},this.getPolicyQualifierInfo=function(g){var E={},R=f(g,0,[0],"06");if(R==="2b06010505070201"){var L=S(g,0,[1],"16");E.cps=te(L)}else if(R==="2b06010505070202"){var z=y(g,0,[1],"30");E.unotice=this.getUserNotice(z)}return E},this.getUserNotice=function(g){for(var E={},R=n(g,0),L=0;L<R.length;L++){var z=s(g,R[L]);z.substr(0,2)!="30"&&(E.exptext=this.getDisplayText(z))}return E},this.getDisplayText=function(g){var E={};return E.type={"0c":"utf8",16:"ia5","1a":"vis","1e":"bmp"}[g.substr(0,2)],E.str=te(i(g,0)),E},this.getExtCRLNumber=function(g,E){var R={extname:"cRLNumber"};if(E&&(R.critical=!0),g.substr(0,2)=="02")return R.num={hex:i(g,0)},R;throw new Error("hExtV parse error: "+g)},this.getExtCRLReason=function(g,E){var R={extname:"cRLReason"};if(E&&(R.critical=!0),g.substr(0,2)=="0a")return R.code=parseInt(i(g,0),16),R;throw new Error("hExtV parse error: "+g)},this.getExtOcspNonce=function(g,E){var R={extname:"ocspNonce"};E&&(R.critical=!0);var L=i(g,0);return R.hex=L,R},this.getExtOcspNoCheck=function(g,E){var R={extname:"ocspNoCheck"};return E&&(R.critical=!0),R},this.getExtAdobeTimeStamp=function(g,E){if(g===void 0&&E===void 0){var R=this.getExtInfo("adobeTimeStamp");if(R===void 0)return;g=s(this.hex,R.vidx),E=R.critical}var L={extname:"adobeTimeStamp"};E&&(L.critical=!0);var z=n(g,0);if(z.length>1){var Q=s(g,z[1]),ut=this.getGeneralName(Q);ut.uri!=null&&(L.uri=ut.uri)}if(z.length>2){var tt=s(g,z[2]);tt=="0101ff"&&(L.reqauth=!0),tt=="010100"&&(L.reqauth=!1)}return L},this.getX500NameRule=function(g){for(var E=null,R=[],L=0;L<g.length;L++)for(var z=g[L],Q=0;Q<z.length;Q++)R.push(z[Q]);for(L=0;L<R.length;L++){var ut=R[L],tt=ut.ds,gt=ut.value,st=ut.type;if(""+tt,tt!="prn"&&tt!="utf8"&&tt!="ia5")return"mixed";if(tt=="ia5"){if(st!="CN")return"mixed";if(v.lang.String.isMail(gt))continue;return"mixed"}if(st=="C"){if(tt=="prn")continue;return"mixed"}if(""+tt,E==null)E=tt;else if(E!==tt)return"mixed"}return E??"prn"},this.getX500Name=function(g){var E=this.getX500NameArray(g);return{array:E,str:this.dnarraytostr(E)}},this.getX500NameArray=function(g){for(var E=[],R=n(g,0),L=0;L<R.length;L++)E.push(this.getRDN(s(g,R[L])));return E},this.getRDN=function(g){for(var E=[],R=n(g,0),L=0;L<R.length;L++)E.push(this.getAttrTypeAndValue(s(g,R[L])));return E},this.getAttrTypeAndValue=function(g){var E={type:null,value:null,ds:null},R=n(g,0),L=f(g,R[0],[],"06"),z=f(g,R[1],[]),Q=v.asn1.ASN1Util.oidHexToInt(L);return E.type=v.asn1.x509.OID.oid2atype(Q),E.value=te(z),E.ds=this.HEX2STAG[g.substr(R[1],2)],E},this.readCertPEM=function(g){this.readCertHex(X(g))},this.readCertHex=function(g){this.hex=g,this.getVersion();try{w(this.hex,0,[0,7],"a3"),this.parseExt()}catch{}},this.getParam=function(){var g={};return g.version=this.getVersion(),g.serial={hex:this.getSerialNumberHex()},g.sigalg=this.getSignatureAlgorithmField(),g.issuer=this.getIssuer(),g.notbefore=this.getNotBefore(),g.notafter=this.getNotAfter(),g.subject=this.getSubject(),g.sbjpubkey=Xt(this.getPublicKeyHex(),"PUBLIC KEY"),this.aExtInfo.length>0&&(g.ext=this.getExtParamArray()),g.sighex=this.getSignatureValueHex(),g},this.getExtParamArray=function(g){g==null&&x(this.hex,0,[0,"[3]"])!=-1&&(g=_(this.hex,0,[0,"[3]",0],"30"));for(var E=[],R=n(g,0),L=0;L<R.length;L++){var z=s(g,R[L]),Q=this.getExtParam(z);Q!=null&&E.push(Q)}return E},this.getExtParam=function(g){var E=n(g,0).length;if(E!=2&&E!=3)throw new Error("wrong number elements in Extension: "+E+" "+g);var R=W(f(g,0,[0],"06")),L=!1;E==3&&y(g,0,[1])=="0101ff"&&(L=!0);var z=y(g,0,[E-1,0]),Q=void 0;if(R=="2.5.29.14"?Q=this.getExtSubjectKeyIdentifier(z,L):R=="2.5.29.15"?Q=this.getExtKeyUsage(z,L):R=="2.5.29.17"?Q=this.getExtSubjectAltName(z,L):R=="2.5.29.18"?Q=this.getExtIssuerAltName(z,L):R=="2.5.29.19"?Q=this.getExtBasicConstraints(z,L):R=="2.5.29.31"?Q=this.getExtCRLDistributionPoints(z,L):R=="2.5.29.32"?Q=this.getExtCertificatePolicies(z,L):R=="2.5.29.35"?Q=this.getExtAuthorityKeyIdentifier(z,L):R=="2.5.29.37"?Q=this.getExtExtKeyUsage(z,L):R=="1.3.6.1.5.5.7.1.1"?Q=this.getExtAuthorityInfoAccess(z,L):R=="2.5.29.20"?Q=this.getExtCRLNumber(z,L):R=="2.5.29.21"?Q=this.getExtCRLReason(z,L):R=="1.3.6.1.5.5.7.48.1.2"?Q=this.getExtOcspNonce(z,L):R=="1.3.6.1.5.5.7.48.1.5"?Q=this.getExtOcspNoCheck(z,L):R=="1.2.840.113583.1.1.9.1"&&(Q=this.getExtAdobeTimeStamp(z,L)),Q!=null)return Q;var ut={extname:R,extn:z};return L&&(ut.critical=!0),ut},this.findExt=function(g,E){for(var R=0;R<g.length;R++)if(g[R].extname==E)return g[R];return null},this.updateExtCDPFullURI=function(g,E){var R=this.findExt(g,"cRLDistributionPoints");if(R!=null&&R.array!=null){for(var L=R.array,z=0;z<L.length;z++)if(L[z].dpname!=null&&L[z].dpname.full!=null)for(var Q=L[z].dpname.full,ut=0;ut<Q.length;ut++){var tt=Q[z];tt.uri!=null&&(tt.uri=E)}}},this.updateExtAIAOCSP=function(g,E){var R=this.findExt(g,"authorityInfoAccess");if(R!=null&&R.array!=null)for(var L=R.array,z=0;z<L.length;z++)L[z].ocsp!=null&&(L[z].ocsp=E)},this.updateExtAIACAIssuer=function(g,E){var R=this.findExt(g,"authorityInfoAccess");if(R!=null&&R.array!=null)for(var L=R.array,z=0;z<L.length;z++)L[z].caissuer!=null&&(L[z].caissuer=E)},this.dnarraytostr=function(g){return"/"+g.map(function(E){return function(L){return L.map(function(z){return function(ut){return ut.type+"="+ut.value}(z)}).join("+")}(E)}).join("/")},this.getInfo=function(){var g,E,R,L=function(Qt){return JSON.stringify(Qt.array).replace(/[\[\]\{\}\"]/g,"")},z=function(Qt){for(var Ht="",qt=Qt.array,Ct=0;Ct<qt.length;Ct++){var Lt=qt[Ct];if(Ht+="    policy oid: "+Lt.policyoid+`
-`,Lt.array!==void 0)for(var Bt=0;Bt<Lt.array.length;Bt++){var Jt=Lt.array[Bt];Jt.cps!==void 0&&(Ht+="    cps: "+Jt.cps+`
-`)}}return Ht},Q=function(Qt){for(var Ht="",qt=Qt.array,Ct=0;Ct<qt.length;Ct++){var Lt=qt[Ct];try{Lt.dpname.full[0].uri!==void 0&&(Ht+="    "+Lt.dpname.full[0].uri+`
-`)}catch{}try{Lt.dname.full[0].dn.hex!==void 0&&(Ht+="    "+It.hex2dn(Lt.dpname.full[0].dn.hex)+`
-`)}catch{}}return Ht},ut=function(Qt){for(var Ht="",qt=Qt.array,Ct=0;Ct<qt.length;Ct++){var Lt=qt[Ct];Lt.caissuer!==void 0&&(Ht+="    caissuer: "+Lt.caissuer+`
-`),Lt.ocsp!==void 0&&(Ht+="    ocsp: "+Lt.ocsp+`
-`)}return Ht};if(g=`Basic Fields
-`,g+="  serial number: "+this.getSerialNumberHex()+`
-`,g+="  signature algorithm: "+this.getSignatureAlgorithmField()+`
-`,g+="  issuer: "+this.getIssuerString()+`
-`,g+="  notBefore: "+this.getNotBefore()+`
-`,g+="  notAfter: "+this.getNotAfter()+`
-`,g+="  subject: "+this.getSubjectString()+`
-`,g+=`  subject public key info: 
-`,g+="    key algorithm: "+(E=this.getPublicKey()).type+`
-`,E.type==="RSA"&&(g+="    n="+Ke(E.n.toString(16)).substr(0,16)+`...
-`,g+="    e="+Ke(E.e.toString(16))+`
-`),(R=this.aExtInfo)!=null){g+=`X509v3 Extensions:
-`;for(var tt=0;tt<R.length;tt++){var gt=R[tt],st=v.asn1.x509.OID.oid2name(gt.oid);st===""&&(st=gt.oid);var ct="";if(gt.critical===!0&&(ct="CRITICAL"),g+="  "+st+" "+ct+`:
-`,st==="basicConstraints"){var St=this.getExtBasicConstraints();St.cA===void 0?g+=`    {}
-`:(g+="    cA=true",St.pathLen!==void 0&&(g+=", pathLen="+St.pathLen),g+=`
-`)}else if(st==="keyUsage")g+="    "+this.getExtKeyUsageString()+`
-`;else if(st==="subjectKeyIdentifier")g+="    "+this.getExtSubjectKeyIdentifier().kid.hex+`
-`;else if(st==="authorityKeyIdentifier"){var Ft=this.getExtAuthorityKeyIdentifier();Ft.kid!==void 0&&(g+="    kid="+Ft.kid.hex+`
-`)}else st==="extKeyUsage"?g+="    "+this.getExtExtKeyUsage().array.join(", ")+`
-`:st==="subjectAltName"?g+="    "+L(this.getExtSubjectAltName())+`
-`:st==="cRLDistributionPoints"?g+=Q(this.getExtCRLDistributionPoints()):st==="authorityInfoAccess"?g+=ut(this.getExtAuthorityInfoAccess()):st==="certificatePolicies"&&(g+=z(this.getExtCertificatePolicies()))}}return g+="signature algorithm: "+this.getSignatureAlgorithmName()+`
-`,g+="signature: "+this.getSignatureValueHex().substr(0,16)+`...
-`},typeof e=="string"&&(e.indexOf("-----BEGIN")!=-1?this.readCertPEM(e):v.lang.String.isHex(e)&&this.readCertHex(e))}ht.prototype.sign=function(e,t){var r=function(i){return v.crypto.Util.hashString(i,t)}(e);return this.signWithMessageHash(r,t)},ht.prototype.signWithMessageHash=function(e,t){var r=Gt(v.crypto.Util.getPaddedDigestInfoHex(e,t,this.n.bitLength()),16);return or(this.doPrivate(r).toString(16),this.n.bitLength())},ht.prototype.signPSS=function(e,t,r){var n=function(s){return v.crypto.Util.hashHex(s,t)}(ue(e));return r===void 0&&(r=-1),this.signWithMessageHashPSS(n,t,r)},ht.prototype.signWithMessageHashPSS=function(e,t,r){var n,i=te(e),s=i.length,f=this.n.bitLength()-1,S=Math.ceil(f/8),y=function(g){return v.crypto.Util.hashHex(g,t)};if(r===-1||r===void 0)r=s;else if(r===-2)r=S-s-2;else if(r<-2)throw new Error("invalid salt length");if(S<s+r+2)throw new Error("data too long");var _="";r>0&&(_=new Array(r),new Mt().nextBytes(_),_=String.fromCharCode.apply(String,_));var w=te(y(ue("\0\0\0\0\0\0\0\0"+i+_))),x=[];for(n=0;n<S-r-s-2;n+=1)x[n]=0;var D=String.fromCharCode.apply(String,x)+"
"+_,V=sr(w,D.length,y),W=[];for(n=0;n<D.length;n+=1)W[n]=D.charCodeAt(n)^V.charCodeAt(n);var G=65280>>8*S-f&255;for(W[0]&=~G,n=0;n<s;n++)W.push(w.charCodeAt(n));return W.push(188),or(this.doPrivate(new B(W)).toString(16),this.n.bitLength())},ht.prototype.verify=function(e,t){var r=Gt(t=(t=t.replace(gr,"")).replace(/[ \n]+/g,""),16);if(r.bitLength()>this.n.bitLength())return 0;var n=ar(this.doPublic(r).toString(16).replace(/^1f+00/,""));if(n.length==0)return!1;var i=n[0];return n[1]==function(f){return v.crypto.Util.hashString(f,i)}(e)},ht.prototype.verifyWithMessageHash=function(e,t){if(t.length!=Math.ceil(this.n.bitLength()/4))return!1;var r=Gt(t,16);if(r.bitLength()>this.n.bitLength())return 0;var n=ar(this.doPublic(r).toString(16).replace(/^1f+00/,""));return n.length==0?!1:(n[0],n[1]==e)},ht.prototype.verifyPSS=function(e,t,r,n){var i=function(f){return v.crypto.Util.hashHex(f,r)}(ue(e));return n===void 0&&(n=-1),this.verifyWithMessageHashPSS(i,t,r,n)},ht.prototype.verifyWithMessageHashPSS=function(e,t,r,n){if(t.length!=Math.ceil(this.n.bitLength()/4))return!1;var i,s=new B(t,16),f=function(R){return v.crypto.Util.hashHex(R,r)},S=te(e),y=S.length,_=this.n.bitLength()-1,w=Math.ceil(_/8);if(n===-1||n===void 0)n=y;else if(n===-2)n=w-y-2;else if(n<-2)throw new Error("invalid salt length");if(w<y+n+2)throw new Error("data too long");var x=this.doPublic(s).toByteArray();for(i=0;i<x.length;i+=1)x[i]&=255;for(;x.length<w;)x.unshift(0);if(x[w-1]!==188)throw new Error("encoded message does not end in 0xbc");var D=(x=String.fromCharCode.apply(String,x)).substr(0,w-y-1),V=x.substr(D.length,y),W=65280>>8*w-_&255;if((D.charCodeAt(0)&W)!=0)throw new Error("bits beyond keysize not zero");var G=sr(V,D.length,f),X=[];for(i=0;i<D.length;i+=1)X[i]=D.charCodeAt(i)^G.charCodeAt(i);X[0]&=~W;var g=w-y-n-2;for(i=0;i<g;i+=1)if(X[i]!==0)throw new Error("leftmost octets not zero");if(X[g]!==1)throw new Error("0x01 marker not found");return V===te(f(ue("\0\0\0\0\0\0\0\0"+S+String.fromCharCode.apply(String,X.slice(-n)))))},ht.SALT_LEN_HLEN=-1,ht.SALT_LEN_MAX=-2,ht.SALT_LEN_RECOVER=-2,It.hex2dn=function(e,t){if(t===void 0&&(t=0),e.substr(t,2)!=="30")throw new Error("malformed DN");for(var r=new Array,n=it.getChildIdx(e,t),i=0;i<n.length;i++)r.push(It.hex2rdn(e,n[i]));return"/"+(r=r.map(function(s){return s.replace("/","\\/")})).join("/")},It.hex2rdn=function(e,t){if(t===void 0&&(t=0),e.substr(t,2)!=="31")throw new Error("malformed RDN");for(var r=new Array,n=it.getChildIdx(e,t),i=0;i<n.length;i++)r.push(It.hex2attrTypeValue(e,n[i]));return(r=r.map(function(s){return s.replace("+","\\+")})).join("+")},It.hex2attrTypeValue=function(e,t){var r=it,n=r.getV;if(t===void 0&&(t=0),e.substr(t,2)!=="30")throw new Error("malformed attribute type and value");var i=r.getChildIdx(e,t);i.length!==2||e.substr(i[0],2);var s=n(e,i[0]),f=v.asn1.ASN1Util.oidHexToInt(s);return v.asn1.x509.OID.oid2atype(f)+"="+te(n(e,i[1]))},It.getPublicKeyFromCertHex=function(e){var t=new It;return t.readCertHex(e),t.getPublicKey()},It.getPublicKeyFromCertPEM=function(e){var t=new It;return t.readCertPEM(e),t.getPublicKey()},It.getPublicKeyInfoPropOfCertPEM=function(e){var t,r,n=it.getVbyList,i={};return i.algparam=null,(t=new It).readCertPEM(e),r=t.getPublicKeyHex(),i.keyhex=n(r,0,[1],"03").substr(2),i.algoid=n(r,0,[0,0],"06"),i.algoid==="2a8648ce3d0201"&&(i.algparam=n(r,0,[0,1],"06")),i},It.KEYUSAGE_NAME=["digitalSignature","nonRepudiation","keyEncipherment","dataEncipherment","keyAgreement","keyCertSign","cRLSign","encipherOnly","decipherOnly"],v!==void 0&&v||(p.KJUR=v={}),v.jws!==void 0&&v.jws||(v.jws={}),v.jws.JWS=function(){var e=v.jws.JWS.isSafeJSONString;this.parseJWS=function(t,r){if(this.parsedJWS===void 0||!r&&this.parsedJWS.sigvalH===void 0){var n=t.match(/^([^.]+)\.([^.]+)\.([^.]+)$/);if(n==null)throw"JWS signature is not a form of 'Head.Payload.SigValue'.";var i=n[1],s=n[2],f=n[3],S=i+"."+s;if(this.parsedJWS={},this.parsedJWS.headB64U=i,this.parsedJWS.payloadB64U=s,this.parsedJWS.sigvalB64U=f,this.parsedJWS.si=S,!r){var y=bt(f),_=Gt(y,16);this.parsedJWS.sigvalH=y,this.parsedJWS.sigvalBI=_}var w=oe(i),x=oe(s);if(this.parsedJWS.headS=w,this.parsedJWS.payloadS=x,!e(w,this.parsedJWS,"headP"))throw"malformed JSON string for JWS Head: "+w}}},v.jws.JWS.sign=function(e,t,r,n,i){var s,f,S,y=v,_=y.jws.JWS,w=_.readSafeJSONString,x=_.isSafeJSONString,D=y.crypto,V=(D.ECDSA,D.Mac),W=D.Signature,G=JSON;if(typeof t!="string"&&(t===void 0?"undefined":l(t))!="object")throw"spHeader must be JSON string or object: "+t;if((t===void 0?"undefined":l(t))=="object"&&(f=t,s=G.stringify(f)),typeof t=="string"){if(!x(s=t))throw"JWS Head is not safe JSON string: "+s;f=w(s)}if(S=r,(r===void 0?"undefined":l(r))=="object"&&(S=G.stringify(r)),e!=""&&e!=null||f.alg===void 0||(e=f.alg),e!=""&&e!=null&&f.alg===void 0&&(f.alg=e,s=G.stringify(f)),e!==f.alg)throw"alg and sHeader.alg doesn't match: "+e+"!="+f.alg;var X=null;if(_.jwsalg2sigalg[e]===void 0)throw"unsupported alg name: "+e;X=_.jwsalg2sigalg[e];var g=we(s)+"."+we(S),E="";if(X.substr(0,4)=="Hmac"){if(n===void 0)throw"mac key shall be specified for HS* alg";var R=new V({alg:X,prov:"cryptojs",pass:n});R.updateString(g),E=R.doFinal()}else if(X.indexOf("withECDSA")!=-1){(z=new W({alg:X})).init(n,i),z.updateString(g);var L=z.sign();E=v.crypto.ECDSA.asn1SigToConcatSig(L)}else{var z;X!="none"&&((z=new W({alg:X})).init(n,i),z.updateString(g),E=z.sign())}return g+"."+Dt(E)},v.jws.JWS.verify=function(e,t,r){var n,i=v,s=i.jws.JWS,f=s.readSafeJSONString,S=i.crypto,y=S.ECDSA,_=S.Mac,w=S.Signature;l(ht)!==void 0&&(n=ht);var x=e.split(".");if(x.length!==3)return!1;var D=x[0]+"."+x[1],V=bt(x[2]),W=f(oe(x[0])),G=null,X=null;if(W.alg===void 0)throw"algorithm not specified in header";if(X=(G=W.alg).substr(0,2),r!=null&&Object.prototype.toString.call(r)==="[object Array]"&&r.length>0&&(":"+r.join(":")+":").indexOf(":"+G+":")==-1)throw"algorithm '"+G+"' not accepted in the list";if(G!="none"&&t===null)throw"key shall be specified to verify.";if(typeof t=="string"&&t.indexOf("-----BEGIN ")!=-1&&(t=Rt.getKey(t)),!(X!="RS"&&X!="PS"||t instanceof n))throw"key shall be a RSAKey obj for RS* and PS* algs";if(X=="ES"&&!(t instanceof y))throw"key shall be a ECDSA obj for ES* algs";var g=null;if(s.jwsalg2sigalg[W.alg]===void 0)throw"unsupported alg name: "+G;if((g=s.jwsalg2sigalg[G])=="none")throw"not supported";if(g.substr(0,4)=="Hmac"){if(t===void 0)throw"hexadecimal key shall be specified for HMAC";var E=new _({alg:g,pass:t});return E.updateString(D),V==E.doFinal()}if(g.indexOf("withECDSA")!=-1){var R,L=null;try{L=y.concatSigToASN1Sig(V)}catch{return!1}return(R=new w({alg:g})).init(t),R.updateString(D),R.verify(L)}return(R=new w({alg:g})).init(t),R.updateString(D),R.verify(V)},v.jws.JWS.parse=function(e){var t,r,n,i=e.split("."),s={};if(i.length!=2&&i.length!=3)throw"malformed sJWS: wrong number of '.' splitted elements";return t=i[0],r=i[1],i.length==3&&(n=i[2]),s.headerObj=v.jws.JWS.readSafeJSONString(oe(t)),s.payloadObj=v.jws.JWS.readSafeJSONString(oe(r)),s.headerPP=JSON.stringify(s.headerObj,null,"  "),s.payloadObj==null?s.payloadPP=oe(r):s.payloadPP=JSON.stringify(s.payloadObj,null,"  "),n!==void 0&&(s.sigHex=bt(n)),s},v.jws.JWS.verifyJWT=function(e,t,r){var n=v.jws,i=n.JWS,s=i.readSafeJSONString,f=i.inArray,S=i.includedArray,y=e.split("."),_=y[0],w=y[1],x=(bt(y[2]),s(oe(_))),D=s(oe(w));if(x.alg===void 0)return!1;if(r.alg===void 0)throw"acceptField.alg shall be specified";if(!f(x.alg,r.alg)||D.iss!==void 0&&l(r.iss)==="object"&&!f(D.iss,r.iss)||D.sub!==void 0&&l(r.sub)==="object"&&!f(D.sub,r.sub))return!1;if(D.aud!==void 0&&l(r.aud)==="object"){if(typeof D.aud=="string"){if(!f(D.aud,r.aud))return!1}else if(l(D.aud)=="object"&&!S(D.aud,r.aud))return!1}var V=n.IntDate.getNow();return r.verifyAt!==void 0&&typeof r.verifyAt=="number"&&(V=r.verifyAt),r.gracePeriod!==void 0&&typeof r.gracePeriod=="number"||(r.gracePeriod=0),!(D.exp!==void 0&&typeof D.exp=="number"&&D.exp+r.gracePeriod<V)&&!(D.nbf!==void 0&&typeof D.nbf=="number"&&V<D.nbf-r.gracePeriod)&&!(D.iat!==void 0&&typeof D.iat=="number"&&V<D.iat-r.gracePeriod)&&(D.jti===void 0||r.jti===void 0||D.jti===r.jti)&&!!i.verify(e,t,r.alg)},v.jws.JWS.includedArray=function(e,t){var r=v.jws.JWS.inArray;if(e===null||(e===void 0?"undefined":l(e))!=="object"||typeof e.length!="number")return!1;for(var n=0;n<e.length;n++)if(!r(e[n],t))return!1;return!0},v.jws.JWS.inArray=function(e,t){if(t===null||(t===void 0?"undefined":l(t))!=="object"||typeof t.length!="number")return!1;for(var r=0;r<t.length;r++)if(t[r]==e)return!0;return!1},v.jws.JWS.jwsalg2sigalg={HS256:"HmacSHA256",HS384:"HmacSHA384",HS512:"HmacSHA512",RS256:"SHA256withRSA",RS384:"SHA384withRSA",RS512:"SHA512withRSA",ES256:"SHA256withECDSA",ES384:"SHA384withECDSA",PS256:"SHA256withRSAandMGF1",PS384:"SHA384withRSAandMGF1",PS512:"SHA512withRSAandMGF1",none:"none"},v.jws.JWS.isSafeJSONString=function(e,t,r){var n=null;try{return((n=Ye(e))===void 0?"undefined":l(n))!="object"||n.constructor===Array?0:(t&&(t[r]=n),1)}catch{return 0}},v.jws.JWS.readSafeJSONString=function(e){var t=null;try{return((t=Ye(e))===void 0?"undefined":l(t))!="object"||t.constructor===Array?null:t}catch{return null}},v.jws.JWS.getEncodedSignatureValueFromJWS=function(e){var t=e.match(/^[^.]+\.[^.]+\.([^.]+)$/);if(t==null)throw"JWS signature is not a form of 'Head.Payload.SigValue'.";return t[1]},v.jws.JWS.getJWKthumbprint=function(e){if(e.kty!=="RSA"&&e.kty!=="EC"&&e.kty!=="oct")throw"unsupported algorithm for JWK Thumprint";var t="{";if(e.kty==="RSA"){if(typeof e.n!="string"||typeof e.e!="string")throw"wrong n and e value for RSA key";t+='"e":"'+e.e+'",',t+='"kty":"'+e.kty+'",',t+='"n":"'+e.n+'"}'}else if(e.kty==="EC"){if(typeof e.crv!="string"||typeof e.x!="string"||typeof e.y!="string")throw"wrong crv, x and y value for EC key";t+='"crv":"'+e.crv+'",',t+='"kty":"'+e.kty+'",',t+='"x":"'+e.x+'",',t+='"y":"'+e.y+'"}'}else if(e.kty==="oct"){if(typeof e.k!="string")throw"wrong k value for oct(symmetric) key";t+='"kty":"'+e.kty+'",',t+='"k":"'+e.k+'"}'}var r=ue(t);return Dt(v.crypto.Util.hashHex(r,"sha256"))},v.jws.IntDate={},v.jws.IntDate.get=function(e){var t=v.jws.IntDate,r=t.getNow,n=t.getZulu;if(e=="now")return r();if(e=="now + 1hour")return r()+3600;if(e=="now + 1day")return r()+86400;if(e=="now + 1month")return r()+2592e3;if(e=="now + 1year")return r()+31536e3;if(e.match(/Z$/))return n(e);if(e.match(/^[0-9]+$/))return parseInt(e);throw"unsupported format: "+e},v.jws.IntDate.getZulu=function(e){return tr(e)},v.jws.IntDate.getNow=function(){return~~(new Date/1e3)},v.jws.IntDate.intDate2UTCString=function(e){return new Date(1e3*e).toUTCString()},v.jws.IntDate.intDate2Zulu=function(e){var t=new Date(1e3*e);return("0000"+t.getUTCFullYear()).slice(-4)+("00"+(t.getUTCMonth()+1)).slice(-2)+("00"+t.getUTCDate()).slice(-2)+("00"+t.getUTCHours()).slice(-2)+("00"+t.getUTCMinutes()).slice(-2)+("00"+t.getUTCSeconds()).slice(-2)+"Z"},p.SecureRandom=Mt,p.rng_seed_time=Z,p.BigInteger=B,p.RSAKey=ht;var dr=v.crypto.EDSA;p.EDSA=dr;var pr=v.crypto.DSA;p.DSA=pr;var vr=v.crypto.Signature;p.Signature=vr;var yr=v.crypto.MessageDigest;p.MessageDigest=yr;var mr=v.crypto.Mac;p.Mac=mr;var _r=v.crypto.Cipher;p.Cipher=_r,p.KEYUTIL=Rt,p.ASN1HEX=it,p.X509=It,p.CryptoJS=M,p.b64tohex=et,p.b64toBA=ot,p.stoBA=Ge,p.BAtos=Xe,p.BAtohex=Re,p.stohex=le,p.stob64=function(t){return $(le(t))},p.stob64u=function(t){return Ie($(le(t)))},p.b64utos=function(t){return Xe(ot(Fe(t)))},p.b64tob64u=Ie,p.b64utob64=Fe,p.hex2b64=$,p.hextob64u=Dt,p.b64utohex=bt,p.utf8tob64u=we,p.b64utoutf8=oe,p.utf8tob64=function(t){return $(De(Ne(t)))},p.b64toutf8=function(t){return decodeURIComponent(Le(et(t)))},p.utf8tohex=Me,p.hextoutf8=Ot,p.hextorstr=te,p.rstrtohex=ue,p.hextob64=Qe,p.hextob64nl=Ze,p.b64nltohex=$e,p.hextopem=Xt,p.pemtohex=ce,p.hextoArrayBuffer=function(t){if(t.length%2!=0)throw"input is not even length";if(t.match(/^[0-9A-Fa-f]+$/)==null)throw"input is not hexadecimal";for(var r=new ArrayBuffer(t.length/2),n=new DataView(r),i=0;i<t.length/2;i++)n.setUint8(i,parseInt(t.substr(2*i,2),16));return r},p.ArrayBuffertohex=function(t){for(var r="",n=new DataView(t),i=0;i<t.byteLength;i++)r+=("00"+n.getUint8(i).toString(16)).slice(-2);return r},p.zulutomsec=He,p.zulutosec=tr,p.zulutodate=function(t){return new Date(He(t))},p.datetozulu=function(t,r,n){var i,s=t.getUTCFullYear();if(r){if(s<1950||2049<s)throw"not proper year for UTCTime: "+s;i=(""+s).slice(-2)}else i=("000"+s).slice(-4);if(i+=("0"+(t.getUTCMonth()+1)).slice(-2),i+=("0"+t.getUTCDate()).slice(-2),i+=("0"+t.getUTCHours()).slice(-2),i+=("0"+t.getUTCMinutes()).slice(-2),i+=("0"+t.getUTCSeconds()).slice(-2),n){var f=t.getUTCMilliseconds();f!==0&&(i+="."+(f=(f=("00"+f).slice(-3)).replace(/0+$/g,"")))}return i+="Z"},p.uricmptohex=De,p.hextouricmp=Le,p.ipv6tohex=er,p.hextoipv6=rr,p.hextoip=Ve,p.iptohex=function(t){var r="malformed IP address";if(!(t=t.toLowerCase(t)).match(/^[0-9.]+$/)){if(t.match(/^[0-9a-f:]+$/)&&t.indexOf(":")!==-1)return er(t);throw r}var n=t.split(".");if(n.length!==4)throw r;var i="";try{for(var s=0;s<4;s++)i+=("0"+parseInt(n[s]).toString(16)).slice(-2);return i}catch{throw r}},p.encodeURIComponentAll=Ne,p.newline_toUnix=function(t){return t=t.replace(/\r\n/gm,`
-`)},p.newline_toDos=function(t){return t=(t=t.replace(/\r\n/gm,`
-`)).replace(/\n/gm,`\r
-`)},p.hextoposhex=Ke,p.intarystrtohex=function(t){t=(t=(t=t.replace(/^\s*\[\s*/,"")).replace(/\s*\]\s*$/,"")).replace(/\s*/g,"");try{return t.split(/,/).map(function(r,n,i){var s=parseInt(r);if(s<0||255<s)throw"integer not in range 0-255";return("00"+s.toString(16)).slice(-2)}).join("")}catch(r){throw"malformed integer array string: "+r}},p.strdiffidx=function(t,r){var n=t.length;t.length>r.length&&(n=r.length);for(var i=0;i<n;i++)if(t.charCodeAt(i)!=r.charCodeAt(i))return i;return t.length!=r.length?n:-1},p.KJUR=v;var Sr=v.crypto;p.crypto=Sr;var br=v.asn1;p.asn1=br;var wr=v.jws;p.jws=wr;var Fr=v.lang;p.lang=Fr}).call(this,j(28).Buffer)},function(rt,p,j){"use strict";(function(T){var l=j(30),k=j(31),m=j(32);function a(){return o.TYPED_ARRAY_SUPPORT?2147483647:1073741823}function u(U,c){if(a()<c)throw new RangeError("Invalid typed array length");return o.TYPED_ARRAY_SUPPORT?(U=new Uint8Array(c)).__proto__=o.prototype:(U===null&&(U=new o(c)),U.length=c),U}function o(U,c,h){if(!(o.TYPED_ARRAY_SUPPORT||this instanceof o))return new o(U,c,h);if(typeof U=="number"){if(typeof c=="string")throw new Error("If encoding is specified then the first argument must be a string");return b(this,U)}return d(this,U,c,h)}function d(U,c,h,N){if(typeof c=="number")throw new TypeError('"value" argument must not be a number');return typeof ArrayBuffer<"u"&&c instanceof ArrayBuffer?function(J,Z,at,lt){if(Z.byteLength,at<0||Z.byteLength<at)throw new RangeError("'offset' is out of bounds");if(Z.byteLength<at+(lt||0))throw new RangeError("'length' is out of bounds");return Z=at===void 0&&lt===void 0?new Uint8Array(Z):lt===void 0?new Uint8Array(Z,at):new Uint8Array(Z,at,lt),o.TYPED_ARRAY_SUPPORT?(J=Z).__proto__=o.prototype:J=H(J,Z),J}(U,c,h,N):typeof c=="string"?function(J,Z,at){if(typeof at=="string"&&at!==""||(at="utf8"),!o.isEncoding(at))throw new TypeError('"encoding" must be a valid string encoding');var lt=0|A(Z,at),_t=(J=u(J,lt)).write(Z,at);return _t!==lt&&(J=J.slice(0,_t)),J}(U,c,h):function(J,Z){if(o.isBuffer(Z)){var at=0|C(Z.length);return(J=u(J,at)).length===0||Z.copy(J,0,0,at),J}if(Z){if(typeof ArrayBuffer<"u"&&Z.buffer instanceof ArrayBuffer||"length"in Z)return typeof Z.length!="number"||function(_t){return _t!=_t}(Z.length)?u(J,0):H(J,Z);if(Z.type==="Buffer"&&m(Z.data))return H(J,Z.data)}throw new TypeError("First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.")}(U,c)}function P(U){if(typeof U!="number")throw new TypeError('"size" argument must be a number');if(U<0)throw new RangeError('"size" argument must not be negative')}function b(U,c){if(P(c),U=u(U,c<0?0:0|C(c)),!o.TYPED_ARRAY_SUPPORT)for(var h=0;h<c;++h)U[h]=0;return U}function H(U,c){var h=c.length<0?0:0|C(c.length);U=u(U,h);for(var N=0;N<h;N+=1)U[N]=255&c[N];return U}function C(U){if(U>=a())throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+a().toString(16)+" bytes");return 0|U}function A(U,c){if(o.isBuffer(U))return U.length;if(typeof ArrayBuffer<"u"&&typeof ArrayBuffer.isView=="function"&&(ArrayBuffer.isView(U)||U instanceof ArrayBuffer))return U.byteLength;typeof U!="string"&&(U=""+U);var h=U.length;if(h===0)return 0;for(var N=!1;;)switch(c){case"ascii":case"latin1":case"binary":return h;case"utf8":case"utf-8":case void 0:return Ut(U).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*h;case"hex":return h>>>1;case"base64":return Yt(U).length;default:if(N)return Ut(U).length;c=(""+c).toLowerCase(),N=!0}}function F(U,c,h){var N=!1;if((c===void 0||c<0)&&(c=0),c>this.length||((h===void 0||h>this.length)&&(h=this.length),h<=0)||(h>>>=0)<=(c>>>=0))return"";for(U||(U="utf8");;)switch(U){case"hex":return Zt(this,c,h);case"utf8":case"utf-8":return ft(this,c,h);case"ascii":return jt(this,c,h);case"latin1":case"binary":return xt(this,c,h);case"base64":return nt(this,c,h);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return Tt(this,c,h);default:if(N)throw new TypeError("Unknown encoding: "+U);U=(U+"").toLowerCase(),N=!0}}function O(U,c,h){var N=U[c];U[c]=U[h],U[h]=N}function Y(U,c,h,N,q){if(U.length===0)return-1;if(typeof h=="string"?(N=h,h=0):h>2147483647?h=2147483647:h<-2147483648&&(h=-2147483648),h=+h,isNaN(h)&&(h=q?0:U.length-1),h<0&&(h=U.length+h),h>=U.length){if(q)return-1;h=U.length-1}else if(h<0){if(!q)return-1;h=0}if(typeof c=="string"&&(c=o.from(c,N)),o.isBuffer(c))return c.length===0?-1:M(U,c,h,N,q);if(typeof c=="number")return c&=255,o.TYPED_ARRAY_SUPPORT&&typeof Uint8Array.prototype.indexOf=="function"?q?Uint8Array.prototype.indexOf.call(U,c,h):Uint8Array.prototype.lastIndexOf.call(U,c,h):M(U,[c],h,N,q);throw new TypeError("val must be string, number or Buffer")}function M(U,c,h,N,q){var J,Z=1,at=U.length,lt=c.length;if(N!==void 0&&((N=String(N).toLowerCase())==="ucs2"||N==="ucs-2"||N==="utf16le"||N==="utf-16le")){if(U.length<2||c.length<2)return-1;Z=2,at/=2,lt/=2,h/=2}function _t(Gt,ie){return Z===1?Gt[ie]:Gt.readUInt16BE(ie*Z)}if(q){var yt=-1;for(J=h;J<at;J++)if(_t(U,J)===_t(c,yt===-1?0:J-yt)){if(yt===-1&&(yt=J),J-yt+1===lt)return yt*Z}else yt!==-1&&(J-=J-yt),yt=-1}else for(h+lt>at&&(h=at-lt),J=h;J>=0;J--){for(var Pt=!0,Mt=0;Mt<lt;Mt++)if(_t(U,J+Mt)!==_t(c,Mt)){Pt=!1;break}if(Pt)return J}return-1}function K(U,c,h,N){h=Number(h)||0;var q=U.length-h;N?(N=Number(N))>q&&(N=q):N=q;var J=c.length;if(J%2!=0)throw new TypeError("Invalid hex string");N>J/2&&(N=J/2);for(var Z=0;Z<N;++Z){var at=parseInt(c.substr(2*Z,2),16);if(isNaN(at))return Z;U[h+Z]=at}return Z}function I(U,c,h,N){return Kt(Ut(c,U.length-h),U,h,N)}function $(U,c,h,N){return Kt(function(J){for(var Z=[],at=0;at<J.length;++at)Z.push(255&J.charCodeAt(at));return Z}(c),U,h,N)}function et(U,c,h,N){return $(U,c,h,N)}function ot(U,c,h,N){return Kt(Yt(c),U,h,N)}function B(U,c,h,N){return Kt(function(J,Z){for(var at,lt,_t,yt=[],Pt=0;Pt<J.length&&!((Z-=2)<0);++Pt)lt=(at=J.charCodeAt(Pt))>>8,_t=at%256,yt.push(_t),yt.push(lt);return yt}(c,U.length-h),U,h,N)}function nt(U,c,h){return c===0&&h===U.length?l.fromByteArray(U):l.fromByteArray(U.slice(c,h))}function ft(U,c,h){h=Math.min(U.length,h);for(var N=[],q=c;q<h;){var J,Z,at,lt,_t=U[q],yt=null,Pt=_t>239?4:_t>223?3:_t>191?2:1;if(q+Pt<=h)switch(Pt){case 1:_t<128&&(yt=_t);break;case 2:(192&(J=U[q+1]))==128&&(lt=(31&_t)<<6|63&J)>127&&(yt=lt);break;case 3:J=U[q+1],Z=U[q+2],(192&J)==128&&(192&Z)==128&&(lt=(15&_t)<<12|(63&J)<<6|63&Z)>2047&&(lt<55296||lt>57343)&&(yt=lt);break;case 4:J=U[q+1],Z=U[q+2],at=U[q+3],(192&J)==128&&(192&Z)==128&&(192&at)==128&&(lt=(15&_t)<<18|(63&J)<<12|(63&Z)<<6|63&at)>65535&&lt<1114112&&(yt=lt)}yt===null?(yt=65533,Pt=1):yt>65535&&(yt-=65536,N.push(yt>>>10&1023|55296),yt=56320|1023&yt),N.push(yt),q+=Pt}return function(Gt){var ie=Gt.length;if(ie<=dt)return String.fromCharCode.apply(String,Gt);for(var ht="",kt=0;kt<ie;)ht+=String.fromCharCode.apply(String,Gt.slice(kt,kt+=dt));return ht}(N)}p.Buffer=o,p.SlowBuffer=function(c){return+c!=c&&(c=0),o.alloc(+c)},p.INSPECT_MAX_BYTES=50,o.TYPED_ARRAY_SUPPORT=T.TYPED_ARRAY_SUPPORT!==void 0?T.TYPED_ARRAY_SUPPORT:function(){try{var c=new Uint8Array(1);return c.__proto__={__proto__:Uint8Array.prototype,foo:function(){return 42}},c.foo()===42&&typeof c.subarray=="function"&&c.subarray(1,1).byteLength===0}catch{return!1}}(),p.kMaxLength=a(),o.poolSize=8192,o._augment=function(U){return U.__proto__=o.prototype,U},o.from=function(U,c,h){return d(null,U,c,h)},o.TYPED_ARRAY_SUPPORT&&(o.prototype.__proto__=Uint8Array.prototype,o.__proto__=Uint8Array,typeof Symbol<"u"&&Symbol.species&&o[Symbol.species]===o&&Object.defineProperty(o,Symbol.species,{value:null,configurable:!0})),o.alloc=function(U,c,h){return function(q,J,Z,at){return P(J),J<=0?u(q,J):Z!==void 0?typeof at=="string"?u(q,J).fill(Z,at):u(q,J).fill(Z):u(q,J)}(null,U,c,h)},o.allocUnsafe=function(U){return b(null,U)},o.allocUnsafeSlow=function(U){return b(null,U)},o.isBuffer=function(c){return!(c==null||!c._isBuffer)},o.compare=function(c,h){if(!o.isBuffer(c)||!o.isBuffer(h))throw new TypeError("Arguments must be Buffers");if(c===h)return 0;for(var N=c.length,q=h.length,J=0,Z=Math.min(N,q);J<Z;++J)if(c[J]!==h[J]){N=c[J],q=h[J];break}return N<q?-1:q<N?1:0},o.isEncoding=function(c){switch(String(c).toLowerCase()){case"hex":case"utf8":case"utf-8":case"ascii":case"latin1":case"binary":case"base64":case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return!0;default:return!1}},o.concat=function(c,h){if(!m(c))throw new TypeError('"list" argument must be an Array of Buffers');if(c.length===0)return o.alloc(0);var N;if(h===void 0)for(h=0,N=0;N<c.length;++N)h+=c[N].length;var q=o.allocUnsafe(h),J=0;for(N=0;N<c.length;++N){var Z=c[N];if(!o.isBuffer(Z))throw new TypeError('"list" argument must be an Array of Buffers');Z.copy(q,J),J+=Z.length}return q},o.byteLength=A,o.prototype._isBuffer=!0,o.prototype.swap16=function(){var c=this.length;if(c%2!=0)throw new RangeError("Buffer size must be a multiple of 16-bits");for(var h=0;h<c;h+=2)O(this,h,h+1);return this},o.prototype.swap32=function(){var c=this.length;if(c%4!=0)throw new RangeError("Buffer size must be a multiple of 32-bits");for(var h=0;h<c;h+=4)O(this,h,h+3),O(this,h+1,h+2);return this},o.prototype.swap64=function(){var c=this.length;if(c%8!=0)throw new RangeError("Buffer size must be a multiple of 64-bits");for(var h=0;h<c;h+=8)O(this,h,h+7),O(this,h+1,h+6),O(this,h+2,h+5),O(this,h+3,h+4);return this},o.prototype.toString=function(){var c=0|this.length;return c===0?"":arguments.length===0?ft(this,0,c):F.apply(this,arguments)},o.prototype.equals=function(c){if(!o.isBuffer(c))throw new TypeError("Argument must be a Buffer");return this===c||o.compare(this,c)===0},o.prototype.inspect=function(){var c="",h=p.INSPECT_MAX_BYTES;return this.length>0&&(c=this.toString("hex",0,h).match(/.{2}/g).join(" "),this.length>h&&(c+=" ... ")),"<Buffer "+c+">"},o.prototype.compare=function(c,h,N,q,J){if(!o.isBuffer(c))throw new TypeError("Argument must be a Buffer");if(h===void 0&&(h=0),N===void 0&&(N=c?c.length:0),q===void 0&&(q=0),J===void 0&&(J=this.length),h<0||N>c.length||q<0||J>this.length)throw new RangeError("out of range index");if(q>=J&&h>=N)return 0;if(q>=J)return-1;if(h>=N)return 1;if(this===c)return 0;for(var Z=(J>>>=0)-(q>>>=0),at=(N>>>=0)-(h>>>=0),lt=Math.min(Z,at),_t=this.slice(q,J),yt=c.slice(h,N),Pt=0;Pt<lt;++Pt)if(_t[Pt]!==yt[Pt]){Z=_t[Pt],at=yt[Pt];break}return Z<at?-1:at<Z?1:0},o.prototype.includes=function(c,h,N){return this.indexOf(c,h,N)!==-1},o.prototype.indexOf=function(c,h,N){return Y(this,c,h,N,!0)},o.prototype.lastIndexOf=function(c,h,N){return Y(this,c,h,N,!1)},o.prototype.write=function(c,h,N,q){if(h===void 0)q="utf8",N=this.length,h=0;else if(N===void 0&&typeof h=="string")q=h,N=this.length,h=0;else{if(!isFinite(h))throw new Error("Buffer.write(string, encoding, offset[, length]) is no longer supported");h|=0,isFinite(N)?(N|=0,q===void 0&&(q="utf8")):(q=N,N=void 0)}var J=this.length-h;if((N===void 0||N>J)&&(N=J),c.length>0&&(N<0||h<0)||h>this.length)throw new RangeError("Attempt to write outside buffer bounds");q||(q="utf8");for(var Z=!1;;)switch(q){case"hex":return K(this,c,h,N);case"utf8":case"utf-8":return I(this,c,h,N);case"ascii":return $(this,c,h,N);case"latin1":case"binary":return et(this,c,h,N);case"base64":return ot(this,c,h,N);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return B(this,c,h,N);default:if(Z)throw new TypeError("Unknown encoding: "+q);q=(""+q).toLowerCase(),Z=!0}},o.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};var dt=4096;function jt(U,c,h){var N="";h=Math.min(U.length,h);for(var q=c;q<h;++q)N+=String.fromCharCode(127&U[q]);return N}function xt(U,c,h){var N="";h=Math.min(U.length,h);for(var q=c;q<h;++q)N+=String.fromCharCode(U[q]);return N}function Zt(U,c,h){var N=U.length;(!c||c<0)&&(c=0),(!h||h<0||h>N)&&(h=N);for(var q="",J=c;J<h;++J)q+=ee(U[J]);return q}function Tt(U,c,h){for(var N=U.slice(c,h),q="",J=0;J<N.length;J+=2)q+=String.fromCharCode(N[J]+256*N[J+1]);return q}function pt(U,c,h){if(U%1!=0||U<0)throw new RangeError("offset is not uint");if(U+c>h)throw new RangeError("Trying to access beyond buffer length")}function vt(U,c,h,N,q,J){if(!o.isBuffer(U))throw new TypeError('"buffer" argument must be a Buffer instance');if(c>q||c<J)throw new RangeError('"value" argument is out of bounds');if(h+N>U.length)throw new RangeError("Index out of range")}function At(U,c,h,N){c<0&&(c=65535+c+1);for(var q=0,J=Math.min(U.length-h,2);q<J;++q)U[h+q]=(c&255<<8*(N?q:1-q))>>>8*(N?q:1-q)}function Wt(U,c,h,N){c<0&&(c=4294967295+c+1);for(var q=0,J=Math.min(U.length-h,4);q<J;++q)U[h+q]=c>>>8*(N?q:3-q)&255}function Vt(U,c,h,N,q,J){if(h+N>U.length)throw new RangeError("Index out of range");if(h<0)throw new RangeError("Index out of range")}function zt(U,c,h,N,q){return q||Vt(U,0,h,4),k.write(U,c,h,N,23,4),h+4}function $t(U,c,h,N,q){return q||Vt(U,0,h,8),k.write(U,c,h,N,52,8),h+8}o.prototype.slice=function(c,h){var N,q=this.length;if((c=~~c)<0?(c+=q)<0&&(c=0):c>q&&(c=q),(h=h===void 0?q:~~h)<0?(h+=q)<0&&(h=0):h>q&&(h=q),h<c&&(h=c),o.TYPED_ARRAY_SUPPORT)(N=this.subarray(c,h)).__proto__=o.prototype;else{var J=h-c;N=new o(J,void 0);for(var Z=0;Z<J;++Z)N[Z]=this[Z+c]}return N},o.prototype.readUIntLE=function(c,h,N){c|=0,h|=0,N||pt(c,h,this.length);for(var q=this[c],J=1,Z=0;++Z<h&&(J*=256);)q+=this[c+Z]*J;return q},o.prototype.readUIntBE=function(c,h,N){c|=0,h|=0,N||pt(c,h,this.length);for(var q=this[c+--h],J=1;h>0&&(J*=256);)q+=this[c+--h]*J;return q},o.prototype.readUInt8=function(c,h){return h||pt(c,1,this.length),this[c]},o.prototype.readUInt16LE=function(c,h){return h||pt(c,2,this.length),this[c]|this[c+1]<<8},o.prototype.readUInt16BE=function(c,h){return h||pt(c,2,this.length),this[c]<<8|this[c+1]},o.prototype.readUInt32LE=function(c,h){return h||pt(c,4,this.length),(this[c]|this[c+1]<<8|this[c+2]<<16)+16777216*this[c+3]},o.prototype.readUInt32BE=function(c,h){return h||pt(c,4,this.length),16777216*this[c]+(this[c+1]<<16|this[c+2]<<8|this[c+3])},o.prototype.readIntLE=function(c,h,N){c|=0,h|=0,N||pt(c,h,this.length);for(var q=this[c],J=1,Z=0;++Z<h&&(J*=256);)q+=this[c+Z]*J;return q>=(J*=128)&&(q-=Math.pow(2,8*h)),q},o.prototype.readIntBE=function(c,h,N){c|=0,h|=0,N||pt(c,h,this.length);for(var q=h,J=1,Z=this[c+--q];q>0&&(J*=256);)Z+=this[c+--q]*J;return Z>=(J*=128)&&(Z-=Math.pow(2,8*h)),Z},o.prototype.readInt8=function(c,h){return h||pt(c,1,this.length),128&this[c]?-1*(255-this[c]+1):this[c]},o.prototype.readInt16LE=function(c,h){h||pt(c,2,this.length);var N=this[c]|this[c+1]<<8;return 32768&N?4294901760|N:N},o.prototype.readInt16BE=function(c,h){h||pt(c,2,this.length);var N=this[c+1]|this[c]<<8;return 32768&N?4294901760|N:N},o.prototype.readInt32LE=function(c,h){return h||pt(c,4,this.length),this[c]|this[c+1]<<8|this[c+2]<<16|this[c+3]<<24},o.prototype.readInt32BE=function(c,h){return h||pt(c,4,this.length),this[c]<<24|this[c+1]<<16|this[c+2]<<8|this[c+3]},o.prototype.readFloatLE=function(c,h){return h||pt(c,4,this.length),k.read(this,c,!0,23,4)},o.prototype.readFloatBE=function(c,h){return h||pt(c,4,this.length),k.read(this,c,!1,23,4)},o.prototype.readDoubleLE=function(c,h){return h||pt(c,8,this.length),k.read(this,c,!0,52,8)},o.prototype.readDoubleBE=function(c,h){return h||pt(c,8,this.length),k.read(this,c,!1,52,8)},o.prototype.writeUIntLE=function(c,h,N,q){c=+c,h|=0,N|=0,q||vt(this,c,h,N,Math.pow(2,8*N)-1,0);var J=1,Z=0;for(this[h]=255&c;++Z<N&&(J*=256);)this[h+Z]=c/J&255;return h+N},o.prototype.writeUIntBE=function(c,h,N,q){c=+c,h|=0,N|=0,q||vt(this,c,h,N,Math.pow(2,8*N)-1,0);var J=N-1,Z=1;for(this[h+J]=255&c;--J>=0&&(Z*=256);)this[h+J]=c/Z&255;return h+N},o.prototype.writeUInt8=function(c,h,N){return c=+c,h|=0,N||vt(this,c,h,1,255,0),o.TYPED_ARRAY_SUPPORT||(c=Math.floor(c)),this[h]=255&c,h+1},o.prototype.writeUInt16LE=function(c,h,N){return c=+c,h|=0,N||vt(this,c,h,2,65535,0),o.TYPED_ARRAY_SUPPORT?(this[h]=255&c,this[h+1]=c>>>8):At(this,c,h,!0),h+2},o.prototype.writeUInt16BE=function(c,h,N){return c=+c,h|=0,N||vt(this,c,h,2,65535,0),o.TYPED_ARRAY_SUPPORT?(this[h]=c>>>8,this[h+1]=255&c):At(this,c,h,!1),h+2},o.prototype.writeUInt32LE=function(c,h,N){return c=+c,h|=0,N||vt(this,c,h,4,4294967295,0),o.TYPED_ARRAY_SUPPORT?(this[h+3]=c>>>24,this[h+2]=c>>>16,this[h+1]=c>>>8,this[h]=255&c):Wt(this,c,h,!0),h+4},o.prototype.writeUInt32BE=function(c,h,N){return c=+c,h|=0,N||vt(this,c,h,4,4294967295,0),o.TYPED_ARRAY_SUPPORT?(this[h]=c>>>24,this[h+1]=c>>>16,this[h+2]=c>>>8,this[h+3]=255&c):Wt(this,c,h,!1),h+4},o.prototype.writeIntLE=function(c,h,N,q){if(c=+c,h|=0,!q){var J=Math.pow(2,8*N-1);vt(this,c,h,N,J-1,-J)}var Z=0,at=1,lt=0;for(this[h]=255&c;++Z<N&&(at*=256);)c<0&&lt===0&&this[h+Z-1]!==0&&(lt=1),this[h+Z]=(c/at>>0)-lt&255;return h+N},o.prototype.writeIntBE=function(c,h,N,q){if(c=+c,h|=0,!q){var J=Math.pow(2,8*N-1);vt(this,c,h,N,J-1,-J)}var Z=N-1,at=1,lt=0;for(this[h+Z]=255&c;--Z>=0&&(at*=256);)c<0&&lt===0&&this[h+Z+1]!==0&&(lt=1),this[h+Z]=(c/at>>0)-lt&255;return h+N},o.prototype.writeInt8=function(c,h,N){return c=+c,h|=0,N||vt(this,c,h,1,127,-128),o.TYPED_ARRAY_SUPPORT||(c=Math.floor(c)),c<0&&(c=255+c+1),this[h]=255&c,h+1},o.prototype.writeInt16LE=function(c,h,N){return c=+c,h|=0,N||vt(this,c,h,2,32767,-32768),o.TYPED_ARRAY_SUPPORT?(this[h]=255&c,this[h+1]=c>>>8):At(this,c,h,!0),h+2},o.prototype.writeInt16BE=function(c,h,N){return c=+c,h|=0,N||vt(this,c,h,2,32767,-32768),o.TYPED_ARRAY_SUPPORT?(this[h]=c>>>8,this[h+1]=255&c):At(this,c,h,!1),h+2},o.prototype.writeInt32LE=function(c,h,N){return c=+c,h|=0,N||vt(this,c,h,4,2147483647,-2147483648),o.TYPED_ARRAY_SUPPORT?(this[h]=255&c,this[h+1]=c>>>8,this[h+2]=c>>>16,this[h+3]=c>>>24):Wt(this,c,h,!0),h+4},o.prototype.writeInt32BE=function(c,h,N){return c=+c,h|=0,N||vt(this,c,h,4,2147483647,-2147483648),c<0&&(c=4294967295+c+1),o.TYPED_ARRAY_SUPPORT?(this[h]=c>>>24,this[h+1]=c>>>16,this[h+2]=c>>>8,this[h+3]=255&c):Wt(this,c,h,!1),h+4},o.prototype.writeFloatLE=function(c,h,N){return zt(this,c,h,!0,N)},o.prototype.writeFloatBE=function(c,h,N){return zt(this,c,h,!1,N)},o.prototype.writeDoubleLE=function(c,h,N){return $t(this,c,h,!0,N)},o.prototype.writeDoubleBE=function(c,h,N){return $t(this,c,h,!1,N)},o.prototype.copy=function(c,h,N,q){if(N||(N=0),q||q===0||(q=this.length),h>=c.length&&(h=c.length),h||(h=0),q>0&&q<N&&(q=N),q===N||c.length===0||this.length===0)return 0;if(h<0)throw new RangeError("targetStart out of bounds");if(N<0||N>=this.length)throw new RangeError("sourceStart out of bounds");if(q<0)throw new RangeError("sourceEnd out of bounds");q>this.length&&(q=this.length),c.length-h<q-N&&(q=c.length-h+N);var J,Z=q-N;if(this===c&&N<h&&h<q)for(J=Z-1;J>=0;--J)c[J+h]=this[J+N];else if(Z<1e3||!o.TYPED_ARRAY_SUPPORT)for(J=0;J<Z;++J)c[J+h]=this[J+N];else Uint8Array.prototype.set.call(c,this.subarray(N,N+Z),h);return Z},o.prototype.fill=function(c,h,N,q){if(typeof c=="string"){if(typeof h=="string"?(q=h,h=0,N=this.length):typeof N=="string"&&(q=N,N=this.length),c.length===1){var J=c.charCodeAt(0);J<256&&(c=J)}if(q!==void 0&&typeof q!="string")throw new TypeError("encoding must be a string");if(typeof q=="string"&&!o.isEncoding(q))throw new TypeError("Unknown encoding: "+q)}else typeof c=="number"&&(c&=255);if(h<0||this.length<h||this.length<N)throw new RangeError("Out of range index");if(N<=h)return this;var Z;if(h>>>=0,N=N===void 0?this.length:N>>>0,c||(c=0),typeof c=="number")for(Z=h;Z<N;++Z)this[Z]=c;else{var at=o.isBuffer(c)?c:Ut(new o(c,q).toString()),lt=at.length;for(Z=0;Z<N-h;++Z)this[Z+h]=at[Z%lt]}return this};var he=/[^+\/0-9A-Za-z-_]/g;function ee(U){return U<16?"0"+U.toString(16):U.toString(16)}function Ut(U,c){var h;c=c||1/0;for(var N=U.length,q=null,J=[],Z=0;Z<N;++Z){if((h=U.charCodeAt(Z))>55295&&h<57344){if(!q){if(h>56319){(c-=3)>-1&&J.push(239,191,189);continue}if(Z+1===N){(c-=3)>-1&&J.push(239,191,189);continue}q=h;continue}if(h<56320){(c-=3)>-1&&J.push(239,191,189),q=h;continue}h=65536+(q-55296<<10|h-56320)}else q&&(c-=3)>-1&&J.push(239,191,189);if(q=null,h<128){if((c-=1)<0)break;J.push(h)}else if(h<2048){if((c-=2)<0)break;J.push(h>>6|192,63&h|128)}else if(h<65536){if((c-=3)<0)break;J.push(h>>12|224,h>>6&63|128,63&h|128)}else{if(!(h<1114112))throw new Error("Invalid code point");if((c-=4)<0)break;J.push(h>>18|240,h>>12&63|128,h>>6&63|128,63&h|128)}}return J}function Yt(U){return l.toByteArray(function(h){if((h=function(q){return q.trim?q.trim():q.replace(/^\s+|\s+$/g,"")}(h).replace(he,"")).length<2)return"";for(;h.length%4!=0;)h+="=";return h}(U))}function Kt(U,c,h,N){for(var q=0;q<N&&!(q+h>=c.length||q>=U.length);++q)c[q+h]=U[q];return q}}).call(this,j(29))},function(rt,p){var j;j=function(){return this}();try{j=j||new Function("return this")()}catch{typeof window=="object"&&(j=window)}rt.exports=j},function(rt,p,j){"use strict";p.byteLength=function(b){var H=o(b),C=H[0],A=H[1];return 3*(C+A)/4-A},p.toByteArray=function(b){var H,C,A=o(b),F=A[0],O=A[1],Y=new k(function($,et,ot){return 3*(et+ot)/4-ot}(0,F,O)),M=0,K=O>0?F-4:F;for(C=0;C<K;C+=4)H=l[b.charCodeAt(C)]<<18|l[b.charCodeAt(C+1)]<<12|l[b.charCodeAt(C+2)]<<6|l[b.charCodeAt(C+3)],Y[M++]=H>>16&255,Y[M++]=H>>8&255,Y[M++]=255&H;return O===2&&(H=l[b.charCodeAt(C)]<<2|l[b.charCodeAt(C+1)]>>4,Y[M++]=255&H),O===1&&(H=l[b.charCodeAt(C)]<<10|l[b.charCodeAt(C+1)]<<4|l[b.charCodeAt(C+2)]>>2,Y[M++]=H>>8&255,Y[M++]=255&H),Y},p.fromByteArray=function(b){for(var H,C=b.length,A=C%3,F=[],O=16383,Y=0,M=C-A;Y<M;Y+=O)F.push(d(b,Y,Y+O>M?M:Y+O));return A===1?(H=b[C-1],F.push(T[H>>2]+T[H<<4&63]+"==")):A===2&&(H=(b[C-2]<<8)+b[C-1],F.push(T[H>>10]+T[H>>4&63]+T[H<<2&63]+"=")),F.join("")};for(var T=[],l=[],k=typeof Uint8Array<"u"?Uint8Array:Array,m="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",a=0,u=m.length;a<u;++a)T[a]=m[a],l[m.charCodeAt(a)]=a;function o(P){var b=P.length;if(b%4>0)throw new Error("Invalid string. Length must be a multiple of 4");var H=P.indexOf("=");return H===-1&&(H=b),[H,H===b?0:4-H%4]}function d(P,b,H){for(var C,A,F=[],O=b;O<H;O+=3)C=(P[O]<<16&16711680)+(P[O+1]<<8&65280)+(255&P[O+2]),F.push(T[(A=C)>>18&63]+T[A>>12&63]+T[A>>6&63]+T[63&A]);return F.join("")}l[45]=62,l[95]=63},function(rt,p){p.read=function(j,T,l,k,m){var a,u,o=8*m-k-1,d=(1<<o)-1,P=d>>1,b=-7,H=l?m-1:0,C=l?-1:1,A=j[T+H];for(H+=C,a=A&(1<<-b)-1,A>>=-b,b+=o;b>0;a=256*a+j[T+H],H+=C,b-=8);for(u=a&(1<<-b)-1,a>>=-b,b+=k;b>0;u=256*u+j[T+H],H+=C,b-=8);if(a===0)a=1-P;else{if(a===d)return u?NaN:1/0*(A?-1:1);u+=Math.pow(2,k),a-=P}return(A?-1:1)*u*Math.pow(2,a-k)},p.write=function(j,T,l,k,m,a){var u,o,d,P=8*a-m-1,b=(1<<P)-1,H=b>>1,C=m===23?Math.pow(2,-24)-Math.pow(2,-77):0,A=k?0:a-1,F=k?1:-1,O=T<0||T===0&&1/T<0?1:0;for(T=Math.abs(T),isNaN(T)||T===1/0?(o=isNaN(T)?1:0,u=b):(u=Math.floor(Math.log(T)/Math.LN2),T*(d=Math.pow(2,-u))<1&&(u--,d*=2),(T+=u+H>=1?C/d:C*Math.pow(2,1-H))*d>=2&&(u++,d/=2),u+H>=b?(o=0,u=b):u+H>=1?(o=(T*d-1)*Math.pow(2,m),u+=H):(o=T*Math.pow(2,H-1)*Math.pow(2,m),u=0));m>=8;j[l+A]=255&o,A+=F,o/=256,m-=8);for(u=u<<m|o,P+=m;P>0;j[l+A]=255&u,A+=F,u/=256,P-=8);j[l+A-F]|=128*O}},function(rt,p){var j={}.toString;rt.exports=Array.isArray||function(T){return j.call(T)=="[object Array]"}},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.default=function(k){var m=k.jws,a=k.KeyUtil,u=k.X509,o=k.crypto,d=k.hextob64u,P=k.b64tohex,b=k.AllowedSigningAlgs;return function(){function H(){(function(A,F){if(!(A instanceof F))throw new TypeError("Cannot call a class as a function")})(this,H)}return H.parseJwt=function(A){T.Log.debug("JoseUtil.parseJwt");try{var F=m.JWS.parse(A);return{header:F.headerObj,payload:F.payloadObj}}catch(O){T.Log.error(O)}},H.validateJwt=function(A,F,O,Y,M,K,I){T.Log.debug("JoseUtil.validateJwt");try{if(F.kty==="RSA")if(F.e&&F.n)F=a.getKey(F);else{if(!F.x5c||!F.x5c.length)return T.Log.error("JoseUtil.validateJwt: RSA key missing key material",F),Promise.reject(new Error("RSA key missing key material"));var $=P(F.x5c[0]);F=u.getPublicKeyFromCertHex($)}else{if(F.kty!=="EC")return T.Log.error("JoseUtil.validateJwt: Unsupported key type",F&&F.kty),Promise.reject(new Error(F.kty));if(!(F.crv&&F.x&&F.y))return T.Log.error("JoseUtil.validateJwt: EC key missing key material",F),Promise.reject(new Error("EC key missing key material"));F=a.getKey(F)}return H._validateJwt(A,F,O,Y,M,K,I)}catch(et){return T.Log.error(et&&et.message||et),Promise.reject("JWT validation failed")}},H.validateJwtAttributes=function(A,F,O,Y,M,K){Y||(Y=0),M||(M=parseInt(Date.now()/1e3));var I=H.parseJwt(A).payload;if(!I.iss)return T.Log.error("JoseUtil._validateJwt: issuer was not provided"),Promise.reject(new Error("issuer was not provided"));if(I.iss!==F)return T.Log.error("JoseUtil._validateJwt: Invalid issuer in token",I.iss),Promise.reject(new Error("Invalid issuer in token: "+I.iss));if(!I.aud)return T.Log.error("JoseUtil._validateJwt: aud was not provided"),Promise.reject(new Error("aud was not provided"));if(!(I.aud===O||Array.isArray(I.aud)&&I.aud.indexOf(O)>=0))return T.Log.error("JoseUtil._validateJwt: Invalid audience in token",I.aud),Promise.reject(new Error("Invalid audience in token: "+I.aud));if(I.azp&&I.azp!==O)return T.Log.error("JoseUtil._validateJwt: Invalid azp in token",I.azp),Promise.reject(new Error("Invalid azp in token: "+I.azp));if(!K){var $=M+Y,et=M-Y;if(!I.iat)return T.Log.error("JoseUtil._validateJwt: iat was not provided"),Promise.reject(new Error("iat was not provided"));if($<I.iat)return T.Log.error("JoseUtil._validateJwt: iat is in the future",I.iat),Promise.reject(new Error("iat is in the future: "+I.iat));if(I.nbf&&$<I.nbf)return T.Log.error("JoseUtil._validateJwt: nbf is in the future",I.nbf),Promise.reject(new Error("nbf is in the future: "+I.nbf));if(!I.exp)return T.Log.error("JoseUtil._validateJwt: exp was not provided"),Promise.reject(new Error("exp was not provided"));if(I.exp<et)return T.Log.error("JoseUtil._validateJwt: exp is in the past",I.exp),Promise.reject(new Error("exp is in the past:"+I.exp))}return Promise.resolve(I)},H._validateJwt=function(A,F,O,Y,M,K,I){return H.validateJwtAttributes(A,O,Y,M,K,I).then(function($){try{return m.JWS.verify(A,F,b)?$:(T.Log.error("JoseUtil._validateJwt: signature validation failed"),Promise.reject(new Error("signature validation failed")))}catch(et){return T.Log.error(et&&et.message||et),Promise.reject(new Error("signature validation failed"))}})},H.hashString=function(A,F){try{return o.Util.hashString(A,F)}catch(O){T.Log.error(O)}},H.hexToBase64Url=function(A){try{return d(A)}catch(F){T.Log.error(F)}},H}()};var T=j(0);rt.exports=p.default},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.SigninResponse=void 0;var T=function(){function m(a,u){for(var o=0;o<u.length;o++){var d=u[o];d.enumerable=d.enumerable||!1,d.configurable=!0,"value"in d&&(d.writable=!0),Object.defineProperty(a,d.key,d)}}return function(a,u,o){return u&&m(a.prototype,u),o&&m(a,o),a}}(),l=j(3);function k(m,a){if(!(m instanceof a))throw new TypeError("Cannot call a class as a function")}p.SigninResponse=function(){function m(a){var u=arguments.length>1&&arguments[1]!==void 0?arguments[1]:"#";k(this,m);var o=l.UrlUtility.parseUrlFragment(a,u);this.error=o.error,this.error_description=o.error_description,this.error_uri=o.error_uri,this.code=o.code,this.state=o.state,this.id_token=o.id_token,this.session_state=o.session_state,this.access_token=o.access_token,this.token_type=o.token_type,this.scope=o.scope,this.profile=void 0,this.expires_in=o.expires_in}return T(m,[{key:"expires_in",get:function(){if(this.expires_at){var u=parseInt(Date.now()/1e3);return this.expires_at-u}},set:function(u){var o=parseInt(u);if(typeof o=="number"&&o>0){var d=parseInt(Date.now()/1e3);this.expires_at=d+o}}},{key:"expired",get:function(){var u=this.expires_in;if(u!==void 0)return u<=0}},{key:"scopes",get:function(){return(this.scope||"").split(" ")}},{key:"isOpenIdConnect",get:function(){return this.scopes.indexOf("openid")>=0||!!this.id_token}}]),m}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.SignoutRequest=void 0;var T=j(0),l=j(3),k=j(9);p.SignoutRequest=function m(a){var u=a.url,o=a.id_token_hint,d=a.post_logout_redirect_uri,P=a.data,b=a.extraQueryParams,H=a.request_type;if(function(F,O){if(!(F instanceof O))throw new TypeError("Cannot call a class as a function")}(this,m),!u)throw T.Log.error("SignoutRequest.ctor: No url passed"),new Error("url");for(var C in o&&(u=l.UrlUtility.addQueryParam(u,"id_token_hint",o)),d&&(u=l.UrlUtility.addQueryParam(u,"post_logout_redirect_uri",d),P&&(this.state=new k.State({data:P,request_type:H}),u=l.UrlUtility.addQueryParam(u,"state",this.state.id))),b)u=l.UrlUtility.addQueryParam(u,C,b[C]);this.url=u}},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.SignoutResponse=void 0;var T=j(3);p.SignoutResponse=function l(k){(function(u,o){if(!(u instanceof o))throw new TypeError("Cannot call a class as a function")})(this,l);var m=T.UrlUtility.parseUrlFragment(k,"?");this.error=m.error,this.error_description=m.error_description,this.error_uri=m.error_uri,this.state=m.state}},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.InMemoryWebStorage=void 0;var T=function(){function k(m,a){for(var u=0;u<a.length;u++){var o=a[u];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(m,o.key,o)}}return function(m,a,u){return a&&k(m.prototype,a),u&&k(m,u),m}}(),l=j(0);p.InMemoryWebStorage=function(){function k(){(function(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")})(this,k),this._data={}}return k.prototype.getItem=function(a){return l.Log.debug("InMemoryWebStorage.getItem",a),this._data[a]},k.prototype.setItem=function(a,u){l.Log.debug("InMemoryWebStorage.setItem",a),this._data[a]=u},k.prototype.removeItem=function(a){l.Log.debug("InMemoryWebStorage.removeItem",a),delete this._data[a]},k.prototype.key=function(a){return Object.getOwnPropertyNames(this._data)[a]},T(k,[{key:"length",get:function(){return Object.getOwnPropertyNames(this._data).length}}]),k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.UserManager=void 0;var T=function(){function O(Y,M){for(var K=0;K<M.length;K++){var I=M[K];I.enumerable=I.enumerable||!1,I.configurable=!0,"value"in I&&(I.writable=!0),Object.defineProperty(Y,I.key,I)}}return function(Y,M,K){return M&&O(Y.prototype,M),K&&O(Y,K),Y}}(),l=j(0),k=j(10),m=j(39),a=j(15),u=j(45),o=j(47),d=j(18),P=j(8),b=j(20),H=j(11),C=j(4);function A(O,Y){if(!(O instanceof Y))throw new TypeError("Cannot call a class as a function")}function F(O,Y){if(!O)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!Y||typeof Y!="object"&&typeof Y!="function"?O:Y}p.UserManager=function(O){function Y(){var M=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},K=arguments.length>1&&arguments[1]!==void 0?arguments[1]:o.SilentRenewService,I=arguments.length>2&&arguments[2]!==void 0?arguments[2]:d.SessionMonitor,$=arguments.length>3&&arguments[3]!==void 0?arguments[3]:b.TokenRevocationClient,et=arguments.length>4&&arguments[4]!==void 0?arguments[4]:H.TokenClient,ot=arguments.length>5&&arguments[5]!==void 0?arguments[5]:C.JoseUtil;A(this,Y),M instanceof m.UserManagerSettings||(M=new m.UserManagerSettings(M));var B=F(this,O.call(this,M));return B._events=new u.UserManagerEvents(M),B._silentRenewService=new K(B),B.settings.automaticSilentRenew&&(l.Log.debug("UserManager.ctor: automaticSilentRenew is configured, setting up silent renew"),B.startSilentRenew()),B.settings.monitorSession&&(l.Log.debug("UserManager.ctor: monitorSession is configured, setting up session monitor"),B._sessionMonitor=new I(B)),B._tokenRevocationClient=new $(B._settings),B._tokenClient=new et(B._settings),B._joseUtil=ot,B}return function(K,I){if(typeof I!="function"&&I!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof I);K.prototype=Object.create(I&&I.prototype,{constructor:{value:K,enumerable:!1,writable:!0,configurable:!0}}),I&&(Object.setPrototypeOf?Object.setPrototypeOf(K,I):K.__proto__=I)}(Y,O),Y.prototype.getUser=function(){var K=this;return this._loadUser().then(function(I){return I?(l.Log.info("UserManager.getUser: user loaded"),K._events.load(I,!1),I):(l.Log.info("UserManager.getUser: user not found in storage"),null)})},Y.prototype.removeUser=function(){var K=this;return this.storeUser(null).then(function(){l.Log.info("UserManager.removeUser: user removed from storage"),K._events.unload()})},Y.prototype.signinRedirect=function(){var K=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(K=Object.assign({},K)).request_type="si:r";var I={useReplaceToNavigate:K.useReplaceToNavigate};return this._signinStart(K,this._redirectNavigator,I).then(function(){l.Log.info("UserManager.signinRedirect: successful")})},Y.prototype.signinRedirectCallback=function(K){return this._signinEnd(K||this._redirectNavigator.url).then(function(I){return I.profile&&I.profile.sub?l.Log.info("UserManager.signinRedirectCallback: successful, signed in sub: ",I.profile.sub):l.Log.info("UserManager.signinRedirectCallback: no sub"),I})},Y.prototype.signinPopup=function(){var K=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(K=Object.assign({},K)).request_type="si:p";var I=K.redirect_uri||this.settings.popup_redirect_uri||this.settings.redirect_uri;return I?(K.redirect_uri=I,K.display="popup",this._signin(K,this._popupNavigator,{startUrl:I,popupWindowFeatures:K.popupWindowFeatures||this.settings.popupWindowFeatures,popupWindowTarget:K.popupWindowTarget||this.settings.popupWindowTarget}).then(function($){return $&&($.profile&&$.profile.sub?l.Log.info("UserManager.signinPopup: signinPopup successful, signed in sub: ",$.profile.sub):l.Log.info("UserManager.signinPopup: no sub")),$})):(l.Log.error("UserManager.signinPopup: No popup_redirect_uri or redirect_uri configured"),Promise.reject(new Error("No popup_redirect_uri or redirect_uri configured")))},Y.prototype.signinPopupCallback=function(K){return this._signinCallback(K,this._popupNavigator).then(function(I){return I&&(I.profile&&I.profile.sub?l.Log.info("UserManager.signinPopupCallback: successful, signed in sub: ",I.profile.sub):l.Log.info("UserManager.signinPopupCallback: no sub")),I}).catch(function(I){l.Log.error(I.message)})},Y.prototype.signinSilent=function(){var K=this,I=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};return I=Object.assign({},I),this._loadUser().then(function($){return $&&$.refresh_token?(I.refresh_token=$.refresh_token,K._useRefreshToken(I)):(I.request_type="si:s",I.id_token_hint=I.id_token_hint||K.settings.includeIdTokenInSilentRenew&&$&&$.id_token,$&&K._settings.validateSubOnSilentRenew&&(l.Log.debug("UserManager.signinSilent, subject prior to silent renew: ",$.profile.sub),I.current_sub=$.profile.sub),K._signinSilentIframe(I))})},Y.prototype._useRefreshToken=function(){var K=this,I=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};return this._tokenClient.exchangeRefreshToken(I).then(function($){return $?$.access_token?K._loadUser().then(function(et){if(et){var ot=Promise.resolve();return $.id_token&&(ot=K._validateIdTokenFromTokenRefreshToken(et.profile,$.id_token)),ot.then(function(){return l.Log.debug("UserManager._useRefreshToken: refresh token response success"),et.id_token=$.id_token||et.id_token,et.access_token=$.access_token,et.refresh_token=$.refresh_token||et.refresh_token,et.expires_in=$.expires_in,K.storeUser(et).then(function(){return K._events.load(et),et})})}return null}):(l.Log.error("UserManager._useRefreshToken: No access token returned from token endpoint"),Promise.reject("No access token returned from token endpoint")):(l.Log.error("UserManager._useRefreshToken: No response returned from token endpoint"),Promise.reject("No response returned from token endpoint"))})},Y.prototype._validateIdTokenFromTokenRefreshToken=function(K,I){var $=this;return this._metadataService.getIssuer().then(function(et){return $.settings.getEpochTime().then(function(ot){return $._joseUtil.validateJwtAttributes(I,et,$._settings.client_id,$._settings.clockSkew,ot).then(function(B){return B?B.sub!==K.sub?(l.Log.error("UserManager._validateIdTokenFromTokenRefreshToken: sub in id_token does not match current sub"),Promise.reject(new Error("sub in id_token does not match current sub"))):B.auth_time&&B.auth_time!==K.auth_time?(l.Log.error("UserManager._validateIdTokenFromTokenRefreshToken: auth_time in id_token does not match original auth_time"),Promise.reject(new Error("auth_time in id_token does not match original auth_time"))):B.azp&&B.azp!==K.azp?(l.Log.error("UserManager._validateIdTokenFromTokenRefreshToken: azp in id_token does not match original azp"),Promise.reject(new Error("azp in id_token does not match original azp"))):!B.azp&&K.azp?(l.Log.error("UserManager._validateIdTokenFromTokenRefreshToken: azp not in id_token, but present in original id_token"),Promise.reject(new Error("azp not in id_token, but present in original id_token"))):void 0:(l.Log.error("UserManager._validateIdTokenFromTokenRefreshToken: Failed to validate id_token"),Promise.reject(new Error("Failed to validate id_token")))})})})},Y.prototype._signinSilentIframe=function(){var K=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},I=K.redirect_uri||this.settings.silent_redirect_uri||this.settings.redirect_uri;return I?(K.redirect_uri=I,K.prompt=K.prompt||"none",this._signin(K,this._iframeNavigator,{startUrl:I,silentRequestTimeout:K.silentRequestTimeout||this.settings.silentRequestTimeout}).then(function($){return $&&($.profile&&$.profile.sub?l.Log.info("UserManager.signinSilent: successful, signed in sub: ",$.profile.sub):l.Log.info("UserManager.signinSilent: no sub")),$})):(l.Log.error("UserManager.signinSilent: No silent_redirect_uri configured"),Promise.reject(new Error("No silent_redirect_uri configured")))},Y.prototype.signinSilentCallback=function(K){return this._signinCallback(K,this._iframeNavigator).then(function(I){return I&&(I.profile&&I.profile.sub?l.Log.info("UserManager.signinSilentCallback: successful, signed in sub: ",I.profile.sub):l.Log.info("UserManager.signinSilentCallback: no sub")),I})},Y.prototype.signinCallback=function(K){var I=this;return this.readSigninResponseState(K).then(function($){var et=$.state;return $.response,et.request_type==="si:r"?I.signinRedirectCallback(K):et.request_type==="si:p"?I.signinPopupCallback(K):et.request_type==="si:s"?I.signinSilentCallback(K):Promise.reject(new Error("invalid response_type in state"))})},Y.prototype.signoutCallback=function(K,I){var $=this;return this.readSignoutResponseState(K).then(function(et){var ot=et.state,B=et.response;return ot?ot.request_type==="so:r"?$.signoutRedirectCallback(K):ot.request_type==="so:p"?$.signoutPopupCallback(K,I):Promise.reject(new Error("invalid response_type in state")):B})},Y.prototype.querySessionStatus=function(){var K=this,I=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(I=Object.assign({},I)).request_type="si:s";var $=I.redirect_uri||this.settings.silent_redirect_uri||this.settings.redirect_uri;return $?(I.redirect_uri=$,I.prompt="none",I.response_type=I.response_type||this.settings.query_status_response_type,I.scope=I.scope||"openid",I.skipUserInfo=!0,this._signinStart(I,this._iframeNavigator,{startUrl:$,silentRequestTimeout:I.silentRequestTimeout||this.settings.silentRequestTimeout}).then(function(et){return K.processSigninResponse(et.url).then(function(ot){if(l.Log.debug("UserManager.querySessionStatus: got signin response"),ot.session_state&&ot.profile.sub)return l.Log.info("UserManager.querySessionStatus: querySessionStatus success for sub: ",ot.profile.sub),{session_state:ot.session_state,sub:ot.profile.sub,sid:ot.profile.sid};l.Log.info("querySessionStatus successful, user not authenticated")}).catch(function(ot){if(ot.session_state&&K.settings.monitorAnonymousSession&&(ot.message=="login_required"||ot.message=="consent_required"||ot.message=="interaction_required"||ot.message=="account_selection_required"))return l.Log.info("UserManager.querySessionStatus: querySessionStatus success for anonymous user"),{session_state:ot.session_state};throw ot})})):(l.Log.error("UserManager.querySessionStatus: No silent_redirect_uri configured"),Promise.reject(new Error("No silent_redirect_uri configured")))},Y.prototype._signin=function(K,I){var $=this,et=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return this._signinStart(K,I,et).then(function(ot){return $._signinEnd(ot.url,K)})},Y.prototype._signinStart=function(K,I){var $=this,et=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return I.prepare(et).then(function(ot){return l.Log.debug("UserManager._signinStart: got navigator window handle"),$.createSigninRequest(K).then(function(B){return l.Log.debug("UserManager._signinStart: got signin request"),et.url=B.url,et.id=B.state.id,ot.navigate(et)}).catch(function(B){throw ot.close&&(l.Log.debug("UserManager._signinStart: Error after preparing navigator, closing navigator window"),ot.close()),B})})},Y.prototype._signinEnd=function(K){var I=this,$=arguments.length>1&&arguments[1]!==void 0?arguments[1]:{};return this.processSigninResponse(K).then(function(et){l.Log.debug("UserManager._signinEnd: got signin response");var ot=new a.User(et);if($.current_sub){if($.current_sub!==ot.profile.sub)return l.Log.debug("UserManager._signinEnd: current user does not match user returned from signin. sub from signin: ",ot.profile.sub),Promise.reject(new Error("login_required"));l.Log.debug("UserManager._signinEnd: current user matches user returned from signin")}return I.storeUser(ot).then(function(){return l.Log.debug("UserManager._signinEnd: user stored"),I._events.load(ot),ot})})},Y.prototype._signinCallback=function(K,I){l.Log.debug("UserManager._signinCallback");var $=this._settings.response_mode==="query"||!this._settings.response_mode&&P.SigninRequest.isCode(this._settings.response_type)?"?":"#";return I.callback(K,void 0,$)},Y.prototype.signoutRedirect=function(){var K=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(K=Object.assign({},K)).request_type="so:r";var I=K.post_logout_redirect_uri||this.settings.post_logout_redirect_uri;I&&(K.post_logout_redirect_uri=I);var $={useReplaceToNavigate:K.useReplaceToNavigate};return this._signoutStart(K,this._redirectNavigator,$).then(function(){l.Log.info("UserManager.signoutRedirect: successful")})},Y.prototype.signoutRedirectCallback=function(K){return this._signoutEnd(K||this._redirectNavigator.url).then(function(I){return l.Log.info("UserManager.signoutRedirectCallback: successful"),I})},Y.prototype.signoutPopup=function(){var K=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{};(K=Object.assign({},K)).request_type="so:p";var I=K.post_logout_redirect_uri||this.settings.popup_post_logout_redirect_uri||this.settings.post_logout_redirect_uri;return K.post_logout_redirect_uri=I,K.display="popup",K.post_logout_redirect_uri&&(K.state=K.state||{}),this._signout(K,this._popupNavigator,{startUrl:I,popupWindowFeatures:K.popupWindowFeatures||this.settings.popupWindowFeatures,popupWindowTarget:K.popupWindowTarget||this.settings.popupWindowTarget}).then(function(){l.Log.info("UserManager.signoutPopup: successful")})},Y.prototype.signoutPopupCallback=function(K,I){return I===void 0&&typeof K=="boolean"&&(I=K,K=null),this._popupNavigator.callback(K,I,"?").then(function(){l.Log.info("UserManager.signoutPopupCallback: successful")})},Y.prototype._signout=function(K,I){var $=this,et=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return this._signoutStart(K,I,et).then(function(ot){return $._signoutEnd(ot.url)})},Y.prototype._signoutStart=function(){var K=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},I=this,$=arguments[1],et=arguments.length>2&&arguments[2]!==void 0?arguments[2]:{};return $.prepare(et).then(function(ot){return l.Log.debug("UserManager._signoutStart: got navigator window handle"),I._loadUser().then(function(B){return l.Log.debug("UserManager._signoutStart: loaded current user from storage"),(I._settings.revokeAccessTokenOnSignout?I._revokeInternal(B):Promise.resolve()).then(function(){var nt=K.id_token_hint||B&&B.id_token;return nt&&(l.Log.debug("UserManager._signoutStart: Setting id_token into signout request"),K.id_token_hint=nt),I.removeUser().then(function(){return l.Log.debug("UserManager._signoutStart: user removed, creating signout request"),I.createSignoutRequest(K).then(function(ft){return l.Log.debug("UserManager._signoutStart: got signout request"),et.url=ft.url,ft.state&&(et.id=ft.state.id),ot.navigate(et)})})})}).catch(function(B){throw ot.close&&(l.Log.debug("UserManager._signoutStart: Error after preparing navigator, closing navigator window"),ot.close()),B})})},Y.prototype._signoutEnd=function(K){return this.processSignoutResponse(K).then(function(I){return l.Log.debug("UserManager._signoutEnd: got signout response"),I})},Y.prototype.revokeAccessToken=function(){var K=this;return this._loadUser().then(function(I){return K._revokeInternal(I,!0).then(function($){if($)return l.Log.debug("UserManager.revokeAccessToken: removing token properties from user and re-storing"),I.access_token=null,I.refresh_token=null,I.expires_at=null,I.token_type=null,K.storeUser(I).then(function(){l.Log.debug("UserManager.revokeAccessToken: user stored"),K._events.load(I)})})}).then(function(){l.Log.info("UserManager.revokeAccessToken: access token revoked successfully")})},Y.prototype._revokeInternal=function(K,I){var $=this;if(K){var et=K.access_token,ot=K.refresh_token;return this._revokeAccessTokenInternal(et,I).then(function(B){return $._revokeRefreshTokenInternal(ot,I).then(function(nt){return B||nt||l.Log.debug("UserManager.revokeAccessToken: no need to revoke due to no token(s), or JWT format"),B||nt})})}return Promise.resolve(!1)},Y.prototype._revokeAccessTokenInternal=function(K,I){return!K||K.indexOf(".")>=0?Promise.resolve(!1):this._tokenRevocationClient.revoke(K,I).then(function(){return!0})},Y.prototype._revokeRefreshTokenInternal=function(K,I){return K?this._tokenRevocationClient.revoke(K,I,"refresh_token").then(function(){return!0}):Promise.resolve(!1)},Y.prototype.startSilentRenew=function(){this._silentRenewService.start()},Y.prototype.stopSilentRenew=function(){this._silentRenewService.stop()},Y.prototype._loadUser=function(){return this._userStore.get(this._userStoreKey).then(function(K){return K?(l.Log.debug("UserManager._loadUser: user storageString loaded"),a.User.fromStorageString(K)):(l.Log.debug("UserManager._loadUser: no user storageString"),null)})},Y.prototype.storeUser=function(K){if(K){l.Log.debug("UserManager.storeUser: storing user");var I=K.toStorageString();return this._userStore.set(this._userStoreKey,I)}return l.Log.debug("storeUser.storeUser: removing user"),this._userStore.remove(this._userStoreKey)},T(Y,[{key:"_redirectNavigator",get:function(){return this.settings.redirectNavigator}},{key:"_popupNavigator",get:function(){return this.settings.popupNavigator}},{key:"_iframeNavigator",get:function(){return this.settings.iframeNavigator}},{key:"_userStore",get:function(){return this.settings.userStore}},{key:"events",get:function(){return this._events}},{key:"_userStoreKey",get:function(){return"user:"+this.settings.authority+":"+this.settings.client_id}}]),Y}(k.OidcClient)},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.UserManagerSettings=void 0;var T=function(){function H(C,A){for(var F=0;F<A.length;F++){var O=A[F];O.enumerable=O.enumerable||!1,O.configurable=!0,"value"in O&&(O.writable=!0),Object.defineProperty(C,O.key,O)}}return function(C,A,F){return A&&H(C.prototype,A),F&&H(C,F),C}}(),l=(j(0),j(5)),k=j(40),m=j(41),a=j(43),u=j(6),o=j(1),d=j(8);function P(H,C){if(!(H instanceof C))throw new TypeError("Cannot call a class as a function")}function b(H,C){if(!H)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!C||typeof C!="object"&&typeof C!="function"?H:C}p.UserManagerSettings=function(H){function C(){var A=arguments.length>0&&arguments[0]!==void 0?arguments[0]:{},F=A.popup_redirect_uri,O=A.popup_post_logout_redirect_uri,Y=A.popupWindowFeatures,M=A.popupWindowTarget,K=A.silent_redirect_uri,I=A.silentRequestTimeout,$=A.automaticSilentRenew,et=$!==void 0&&$,ot=A.validateSubOnSilentRenew,B=ot!==void 0&&ot,nt=A.includeIdTokenInSilentRenew,ft=nt===void 0||nt,dt=A.monitorSession,jt=dt===void 0||dt,xt=A.monitorAnonymousSession,Zt=xt!==void 0&&xt,Tt=A.checkSessionInterval,pt=Tt===void 0?2e3:Tt,vt=A.stopCheckSessionOnError,At=vt===void 0||vt,Wt=A.query_status_response_type,Vt=A.revokeAccessTokenOnSignout,zt=Vt!==void 0&&Vt,$t=A.accessTokenExpiringNotificationTime,he=$t===void 0?60:$t,ee=A.redirectNavigator,Ut=ee===void 0?new k.RedirectNavigator:ee,Yt=A.popupNavigator,Kt=Yt===void 0?new m.PopupNavigator:Yt,U=A.iframeNavigator,c=U===void 0?new a.IFrameNavigator:U,h=A.userStore,N=h===void 0?new u.WebStorageStateStore({store:o.Global.sessionStorage}):h;P(this,C);var q=b(this,H.call(this,arguments[0]));return q._popup_redirect_uri=F,q._popup_post_logout_redirect_uri=O,q._popupWindowFeatures=Y,q._popupWindowTarget=M,q._silent_redirect_uri=K,q._silentRequestTimeout=I,q._automaticSilentRenew=et,q._validateSubOnSilentRenew=B,q._includeIdTokenInSilentRenew=ft,q._accessTokenExpiringNotificationTime=he,q._monitorSession=jt,q._monitorAnonymousSession=Zt,q._checkSessionInterval=pt,q._stopCheckSessionOnError=At,Wt?q._query_status_response_type=Wt:arguments[0]&&arguments[0].response_type?q._query_status_response_type=d.SigninRequest.isOidc(arguments[0].response_type)?"id_token":"code":q._query_status_response_type="id_token",q._revokeAccessTokenOnSignout=zt,q._redirectNavigator=Ut,q._popupNavigator=Kt,q._iframeNavigator=c,q._userStore=N,q}return function(F,O){if(typeof O!="function"&&O!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof O);F.prototype=Object.create(O&&O.prototype,{constructor:{value:F,enumerable:!1,writable:!0,configurable:!0}}),O&&(Object.setPrototypeOf?Object.setPrototypeOf(F,O):F.__proto__=O)}(C,H),T(C,[{key:"popup_redirect_uri",get:function(){return this._popup_redirect_uri}},{key:"popup_post_logout_redirect_uri",get:function(){return this._popup_post_logout_redirect_uri}},{key:"popupWindowFeatures",get:function(){return this._popupWindowFeatures}},{key:"popupWindowTarget",get:function(){return this._popupWindowTarget}},{key:"silent_redirect_uri",get:function(){return this._silent_redirect_uri}},{key:"silentRequestTimeout",get:function(){return this._silentRequestTimeout}},{key:"automaticSilentRenew",get:function(){return this._automaticSilentRenew}},{key:"validateSubOnSilentRenew",get:function(){return this._validateSubOnSilentRenew}},{key:"includeIdTokenInSilentRenew",get:function(){return this._includeIdTokenInSilentRenew}},{key:"accessTokenExpiringNotificationTime",get:function(){return this._accessTokenExpiringNotificationTime}},{key:"monitorSession",get:function(){return this._monitorSession}},{key:"monitorAnonymousSession",get:function(){return this._monitorAnonymousSession}},{key:"checkSessionInterval",get:function(){return this._checkSessionInterval}},{key:"stopCheckSessionOnError",get:function(){return this._stopCheckSessionOnError}},{key:"query_status_response_type",get:function(){return this._query_status_response_type}},{key:"revokeAccessTokenOnSignout",get:function(){return this._revokeAccessTokenOnSignout}},{key:"redirectNavigator",get:function(){return this._redirectNavigator}},{key:"popupNavigator",get:function(){return this._popupNavigator}},{key:"iframeNavigator",get:function(){return this._iframeNavigator}},{key:"userStore",get:function(){return this._userStore}}]),C}(l.OidcClientSettings)},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.RedirectNavigator=void 0;var T=function(){function k(m,a){for(var u=0;u<a.length;u++){var o=a[u];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(m,o.key,o)}}return function(m,a,u){return a&&k(m.prototype,a),u&&k(m,u),m}}(),l=j(0);p.RedirectNavigator=function(){function k(){(function(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")})(this,k)}return k.prototype.prepare=function(){return Promise.resolve(this)},k.prototype.navigate=function(a){return a&&a.url?(a.useReplaceToNavigate?window.location.replace(a.url):window.location=a.url,Promise.resolve()):(l.Log.error("RedirectNavigator.navigate: No url provided"),Promise.reject(new Error("No url provided")))},T(k,[{key:"url",get:function(){return window.location.href}}]),k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.PopupNavigator=void 0;var T=j(0),l=j(42);p.PopupNavigator=function(){function k(){(function(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")})(this,k)}return k.prototype.prepare=function(a){var u=new l.PopupWindow(a);return Promise.resolve(u)},k.prototype.callback=function(a,u,o){T.Log.debug("PopupNavigator.callback");try{return l.PopupWindow.notifyOpener(a,u,o),Promise.resolve()}catch(d){return Promise.reject(d)}},k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.PopupWindow=void 0;var T=function(){function m(a,u){for(var o=0;o<u.length;o++){var d=u[o];d.enumerable=d.enumerable||!1,d.configurable=!0,"value"in d&&(d.writable=!0),Object.defineProperty(a,d.key,d)}}return function(a,u,o){return u&&m(a.prototype,u),o&&m(a,o),a}}(),l=j(0),k=j(3);p.PopupWindow=function(){function m(a){var u=this;(function(b,H){if(!(b instanceof H))throw new TypeError("Cannot call a class as a function")})(this,m),this._promise=new Promise(function(P,b){u._resolve=P,u._reject=b});var o=a.popupWindowTarget||"_blank",d=a.popupWindowFeatures||"location=no,toolbar=no,width=500,height=500,left=100,top=100;";this._popup=window.open("",o,d),this._popup&&(l.Log.debug("PopupWindow.ctor: popup successfully created"),this._checkForPopupClosedTimer=window.setInterval(this._checkForPopupClosed.bind(this),500))}return m.prototype.navigate=function(u){return this._popup?u&&u.url?(l.Log.debug("PopupWindow.navigate: Setting URL in popup"),this._id=u.id,this._id&&(window["popupCallback_"+u.id]=this._callback.bind(this)),this._popup.focus(),this._popup.window.location=u.url):(this._error("PopupWindow.navigate: no url provided"),this._error("No url provided")):this._error("PopupWindow.navigate: Error opening popup window"),this.promise},m.prototype._success=function(u){l.Log.debug("PopupWindow.callback: Successful response from popup window"),this._cleanup(),this._resolve(u)},m.prototype._error=function(u){l.Log.error("PopupWindow.error: ",u),this._cleanup(),this._reject(new Error(u))},m.prototype.close=function(){this._cleanup(!1)},m.prototype._cleanup=function(u){l.Log.debug("PopupWindow.cleanup"),window.clearInterval(this._checkForPopupClosedTimer),this._checkForPopupClosedTimer=null,delete window["popupCallback_"+this._id],this._popup&&!u&&this._popup.close(),this._popup=null},m.prototype._checkForPopupClosed=function(){this._popup&&!this._popup.closed||this._error("Popup window closed")},m.prototype._callback=function(u,o){this._cleanup(o),u?(l.Log.debug("PopupWindow.callback success"),this._success({url:u})):(l.Log.debug("PopupWindow.callback: Invalid response from popup"),this._error("Invalid response from popup"))},m.notifyOpener=function(u,o,d){if(window.opener){if(u=u||window.location.href){var P=k.UrlUtility.parseUrlFragment(u,d);if(P.state){var b="popupCallback_"+P.state,H=window.opener[b];H?(l.Log.debug("PopupWindow.notifyOpener: passing url message to opener"),H(u,o)):l.Log.warn("PopupWindow.notifyOpener: no matching callback found on opener")}else l.Log.warn("PopupWindow.notifyOpener: no state found in response url")}}else l.Log.warn("PopupWindow.notifyOpener: no window.opener. Can't complete notification.")},T(m,[{key:"promise",get:function(){return this._promise}}]),m}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.IFrameNavigator=void 0;var T=j(0),l=j(44);p.IFrameNavigator=function(){function k(){(function(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")})(this,k)}return k.prototype.prepare=function(a){var u=new l.IFrameWindow(a);return Promise.resolve(u)},k.prototype.callback=function(a){T.Log.debug("IFrameNavigator.callback");try{return l.IFrameWindow.notifyParent(a),Promise.resolve()}catch(u){return Promise.reject(u)}},k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.IFrameWindow=void 0;var T=function(){function k(m,a){for(var u=0;u<a.length;u++){var o=a[u];o.enumerable=o.enumerable||!1,o.configurable=!0,"value"in o&&(o.writable=!0),Object.defineProperty(m,o.key,o)}}return function(m,a,u){return a&&k(m.prototype,a),u&&k(m,u),m}}(),l=j(0);p.IFrameWindow=function(){function k(m){var a=this;(function(o,d){if(!(o instanceof d))throw new TypeError("Cannot call a class as a function")})(this,k),this._promise=new Promise(function(u,o){a._resolve=u,a._reject=o}),this._boundMessageEvent=this._message.bind(this),window.addEventListener("message",this._boundMessageEvent,!1),this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="absolute",this._frame.width=0,this._frame.height=0,window.document.body.appendChild(this._frame)}return k.prototype.navigate=function(a){if(a&&a.url){var u=a.silentRequestTimeout||1e4;l.Log.debug("IFrameWindow.navigate: Using timeout of:",u),this._timer=window.setTimeout(this._timeout.bind(this),u),this._frame.src=a.url}else this._error("No url provided");return this.promise},k.prototype._success=function(a){this._cleanup(),l.Log.debug("IFrameWindow: Successful response from frame window"),this._resolve(a)},k.prototype._error=function(a){this._cleanup(),l.Log.error(a),this._reject(new Error(a))},k.prototype.close=function(){this._cleanup()},k.prototype._cleanup=function(){this._frame&&(l.Log.debug("IFrameWindow: cleanup"),window.removeEventListener("message",this._boundMessageEvent,!1),window.clearTimeout(this._timer),window.document.body.removeChild(this._frame),this._timer=null,this._frame=null,this._boundMessageEvent=null)},k.prototype._timeout=function(){l.Log.debug("IFrameWindow.timeout"),this._error("Frame window timed out")},k.prototype._message=function(a){if(l.Log.debug("IFrameWindow.message"),this._timer&&a.origin===this._origin&&a.source===this._frame.contentWindow&&typeof a.data=="string"&&(a.data.startsWith("http://")||a.data.startsWith("https://"))){var u=a.data;u?this._success({url:u}):this._error("Invalid response from frame")}},k.notifyParent=function(a){l.Log.debug("IFrameWindow.notifyParent"),(a=a||window.location.href)&&(l.Log.debug("IFrameWindow.notifyParent: posting url message to parent"),window.parent.postMessage(a,location.protocol+"//"+location.host))},T(k,[{key:"promise",get:function(){return this._promise}},{key:"_origin",get:function(){return location.protocol+"//"+location.host}}]),k}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.UserManagerEvents=void 0;var T=j(0),l=j(16),k=j(17);p.UserManagerEvents=function(m){function a(u){(function(P,b){if(!(P instanceof b))throw new TypeError("Cannot call a class as a function")})(this,a);var o=function(P,b){if(!P)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!b||typeof b!="object"&&typeof b!="function"?P:b}(this,m.call(this,u));return o._userLoaded=new k.Event("User loaded"),o._userUnloaded=new k.Event("User unloaded"),o._silentRenewError=new k.Event("Silent renew error"),o._userSignedIn=new k.Event("User signed in"),o._userSignedOut=new k.Event("User signed out"),o._userSessionChanged=new k.Event("User session changed"),o}return function(o,d){if(typeof d!="function"&&d!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof d);o.prototype=Object.create(d&&d.prototype,{constructor:{value:o,enumerable:!1,writable:!0,configurable:!0}}),d&&(Object.setPrototypeOf?Object.setPrototypeOf(o,d):o.__proto__=d)}(a,m),a.prototype.load=function(o){var d=!(arguments.length>1&&arguments[1]!==void 0)||arguments[1];T.Log.debug("UserManagerEvents.load"),m.prototype.load.call(this,o),d&&this._userLoaded.raise(o)},a.prototype.unload=function(){T.Log.debug("UserManagerEvents.unload"),m.prototype.unload.call(this),this._userUnloaded.raise()},a.prototype.addUserLoaded=function(o){this._userLoaded.addHandler(o)},a.prototype.removeUserLoaded=function(o){this._userLoaded.removeHandler(o)},a.prototype.addUserUnloaded=function(o){this._userUnloaded.addHandler(o)},a.prototype.removeUserUnloaded=function(o){this._userUnloaded.removeHandler(o)},a.prototype.addSilentRenewError=function(o){this._silentRenewError.addHandler(o)},a.prototype.removeSilentRenewError=function(o){this._silentRenewError.removeHandler(o)},a.prototype._raiseSilentRenewError=function(o){T.Log.debug("UserManagerEvents._raiseSilentRenewError",o.message),this._silentRenewError.raise(o)},a.prototype.addUserSignedIn=function(o){this._userSignedIn.addHandler(o)},a.prototype.removeUserSignedIn=function(o){this._userSignedIn.removeHandler(o)},a.prototype._raiseUserSignedIn=function(){T.Log.debug("UserManagerEvents._raiseUserSignedIn"),this._userSignedIn.raise()},a.prototype.addUserSignedOut=function(o){this._userSignedOut.addHandler(o)},a.prototype.removeUserSignedOut=function(o){this._userSignedOut.removeHandler(o)},a.prototype._raiseUserSignedOut=function(){T.Log.debug("UserManagerEvents._raiseUserSignedOut"),this._userSignedOut.raise()},a.prototype.addUserSessionChanged=function(o){this._userSessionChanged.addHandler(o)},a.prototype.removeUserSessionChanged=function(o){this._userSessionChanged.removeHandler(o)},a.prototype._raiseUserSessionChanged=function(){T.Log.debug("UserManagerEvents._raiseUserSessionChanged"),this._userSessionChanged.raise()},a}(l.AccessTokenEvents)},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.Timer=void 0;var T=function(){function o(d,P){for(var b=0;b<P.length;b++){var H=P[b];H.enumerable=H.enumerable||!1,H.configurable=!0,"value"in H&&(H.writable=!0),Object.defineProperty(d,H.key,H)}}return function(d,P,b){return P&&o(d.prototype,P),b&&o(d,b),d}}(),l=j(0),k=j(1),m=j(17);function a(o,d){if(!(o instanceof d))throw new TypeError("Cannot call a class as a function")}function u(o,d){if(!o)throw new ReferenceError("this hasn't been initialised - super() hasn't been called");return!d||typeof d!="object"&&typeof d!="function"?o:d}p.Timer=function(o){function d(P){var b=arguments.length>1&&arguments[1]!==void 0?arguments[1]:k.Global.timer,H=arguments.length>2&&arguments[2]!==void 0?arguments[2]:void 0;a(this,d);var C=u(this,o.call(this,P));return C._timer=b,C._nowFunc=H||function(){return Date.now()/1e3},C}return function(b,H){if(typeof H!="function"&&H!==null)throw new TypeError("Super expression must either be null or a function, not "+typeof H);b.prototype=Object.create(H&&H.prototype,{constructor:{value:b,enumerable:!1,writable:!0,configurable:!0}}),H&&(Object.setPrototypeOf?Object.setPrototypeOf(b,H):b.__proto__=H)}(d,o),d.prototype.init=function(b){b<=0&&(b=1),b=parseInt(b);var H=this.now+b;if(this.expiration===H&&this._timerHandle)l.Log.debug("Timer.init timer "+this._name+" skipping initialization since already initialized for expiration:",this.expiration);else{this.cancel(),l.Log.debug("Timer.init timer "+this._name+" for duration:",b),this._expiration=H;var C=5;b<C&&(C=b),this._timerHandle=this._timer.setInterval(this._callback.bind(this),1e3*C)}},d.prototype.cancel=function(){this._timerHandle&&(l.Log.debug("Timer.cancel: ",this._name),this._timer.clearInterval(this._timerHandle),this._timerHandle=null)},d.prototype._callback=function(){var b=this._expiration-this.now;l.Log.debug("Timer.callback; "+this._name+" timer expires in:",b),this._expiration<=this.now&&(this.cancel(),o.prototype.raise.call(this))},T(d,[{key:"now",get:function(){return parseInt(this._nowFunc())}},{key:"expiration",get:function(){return this._expiration}}]),d}(m.Event)},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.SilentRenewService=void 0;var T=j(0);p.SilentRenewService=function(){function l(k){(function(a,u){if(!(a instanceof u))throw new TypeError("Cannot call a class as a function")})(this,l),this._userManager=k}return l.prototype.start=function(){this._callback||(this._callback=this._tokenExpiring.bind(this),this._userManager.events.addAccessTokenExpiring(this._callback),this._userManager.getUser().then(function(m){}).catch(function(m){T.Log.error("SilentRenewService.start: Error from getUser:",m.message)}))},l.prototype.stop=function(){this._callback&&(this._userManager.events.removeAccessTokenExpiring(this._callback),delete this._callback)},l.prototype._tokenExpiring=function(){var m=this;this._userManager.signinSilent().then(function(a){T.Log.debug("SilentRenewService._tokenExpiring: Silent token renewal successful")},function(a){T.Log.error("SilentRenewService._tokenExpiring: Error from signinSilent:",a.message),m._userManager.events._raiseSilentRenewError(a)})},l}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.CordovaPopupNavigator=void 0;var T=j(21);p.CordovaPopupNavigator=function(){function l(){(function(m,a){if(!(m instanceof a))throw new TypeError("Cannot call a class as a function")})(this,l)}return l.prototype.prepare=function(m){var a=new T.CordovaPopupWindow(m);return Promise.resolve(a)},l}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.CordovaIFrameNavigator=void 0;var T=j(21);p.CordovaIFrameNavigator=function(){function l(){(function(m,a){if(!(m instanceof a))throw new TypeError("Cannot call a class as a function")})(this,l)}return l.prototype.prepare=function(m){m.popupWindowFeatures="hidden=yes";var a=new T.CordovaPopupWindow(m);return Promise.resolve(a)},l}()},function(rt,p,j){"use strict";Object.defineProperty(p,"__esModule",{value:!0}),p.Version="1.11.5"}])})});var Hr={};Ir(Hr,{LogLevel:()=>lr,OidcErrorType:()=>fr,createOidcApi:()=>Nr,setupOidcClient:()=>Mr});function Nr(rt){return p=>(p.on("before-fetch",rt.extendHeaders),{getAccessToken(){return rt.token()},getProfile(){return rt.account()}})}var be=Dr(hr());var lr=(k=>(k.none="none",k.error="error",k.warn="warn",k.info="info",k.debug="debug",k))(lr||{}),fr=(k=>(k.unknown="unknown",k.notAuthorized="notAuthorized",k.silentRenewFailed="silentRenewFailed",k.invalidToken="invalidToken",k.oidcCallback="oidcCallback",k))(fr||{});var Ur={notAuthorized:"Not logged in. Please call `login()` to retrieve a token.",silentRenewFailed:"Silent renew failed to retrieve access token.",invalidToken:"Invalid token during authentication"},Or=(rt,p)=>Ur[rt]||(p?p.toString():"an unexpected error has occurred without a message"),ne=class rt extends Error{constructor(p,j){let T=Or(p,j);super(T),Error.captureStackTrace&&Error.captureStackTrace(this,rt),this.name="OidcError",this.type=p,this.innerError=j}};var Br={none:0,error:1,warn:2,info:3,debug:4};function je(rt){return window.location.pathname===new URL(rt).pathname}function jr(rt){return Br[rt]}function Mr(rt){let{clientId:p,clientSecret:j,identityProviderUri:T,redirectUri:l=`${location.origin}/auth`,signInRedirectParams:k,postLogoutRedirectUri:m=location.origin,responseType:a,responseMode:u,scopes:o,restrict:d=!1,parentName:P,appUri:b,logLevel:H,userStore:C,extraQueryParams:A,uiLocales:F,metadata:O,metadataUrl:Y,monitorSession:M}=rt,K=()=>P?P===window.parent?.name:window===window.top,I=new be.UserManager({authority:T,redirect_uri:l,silent_redirect_uri:l,popup_redirect_uri:l,post_logout_redirect_uri:m,client_id:p,client_secret:j,response_type:a,scope:o?.join(" "),userStore:C,extraQueryParams:A,ui_locales:F,response_mode:u,metadata:O,metadataUrl:Y,monitorSession:M});H!==void 0&&(be.Log.logger=console,be.Log.level=jr(H)),je(I.settings.post_logout_redirect_uri)&&(K()?I.signoutRedirectCallback():I.signoutPopupCallback());let $=()=>new Promise((B,nt)=>{I.getUser().then(ft=>{if(!ft)nt(new ne("notAuthorized"));else if(ft.access_token&&ft.expires_in>60)B(ft.access_token);else return I.signinSilent().then(dt=>dt?dt.access_token?B(dt.access_token):nt(new ne("invalidToken")):nt(new ne("silentRenewFailed")))}).catch(ft=>nt(new ne("unknown",ft)))});return{_:I,login(){return I.signinRedirect(k)},logout(){return I.signoutRedirect()},revoke(){return I.revokeAccessToken()},handleAuthentication:()=>new Promise(async(B,nt)=>{let ft;if((je(I.settings.silent_redirect_uri)||je(I.settings.popup_redirect_uri))&&!K()){try{ft=await I.signinSilentCallback()}catch(dt){return nt(new ne("oidcCallback",dt))}return B({shouldRender:!1,state:ft?.state})}if(je(I.settings.redirect_uri)&&K()){try{ft=await I.signinCallback()}catch(dt){return nt(new ne("oidcCallback",dt))}return b?(be.Log.debug(`Redirecting to ${b} due to appUri being configured.`),window.location.href=b,B({shouldRender:!1,state:ft?.state})):B({shouldRender:!0,state:ft?.state})}return $().then(dt=>dt?B({shouldRender:!0}):nt(new ne("invalidToken"))).catch(async dt=>dt.type==="notAuthorized"?(await I.signinRedirect(k),B({shouldRender:!1})):nt(dt))}),extendHeaders(B){d||B.setHeaders($().then(nt=>nt&&{Authorization:`Bearer ${nt}`},()=>{}))},token:$,account:()=>new Promise((B,nt)=>{I.getUser().then(ft=>!ft||ft.expires_in<=0?nt(new ne("notAuthorized")):B(ft.profile),ft=>nt(new ne("unknown",ft)))})}}return Lr(Hr);})();
-/*! Bundled license information:
-
-oidc-client/lib/oidc-client.min.js:
-  (*!
-  Copyright (c) 2011, Yahoo! Inc. All rights reserved.
-  Code licensed under the BSD License:
-  http://developer.yahoo.com/yui/license.html
-  version: 2.9.0
-  *)
-  (*! CryptoJS v3.1.2 core-fix.js
-   * code.google.com/p/crypto-js
-   * (c) 2009-2013 by Jeff Mott. All rights reserved.
-   * code.google.com/p/crypto-js/wiki/License
-   * THIS IS FIX of 'core.js' to fix Hmac issue.
-   * https://code.google.com/p/crypto-js/issues/detail?id=84
-   * https://crypto-js.googlecode.com/svn-history/r667/branches/3.x/src/core.js
-   *)
-  (*! (c) Tom Wu | http://www-cs-students.stanford.edu/~tjw/jsbn/
-   *)
-  (*! Mike Samuel (c) 2009 | code.google.com/p/json-sans-eval
-   *)
-  (*!
-   * The buffer module from node.js, for the browser.
-   *
-   * @author   Feross Aboukhadijeh <http://feross.org>
-   * @license  MIT
-   *)
-  (*! ieee754. BSD-3-Clause License. Feross Aboukhadijeh <https://feross.org/opensource> *)
-*/
+var piralOidc=(()=>{var z=Object.defineProperty;var Oe=Object.getOwnPropertyDescriptor;var Ae=Object.getOwnPropertyNames;var qe=Object.prototype.hasOwnProperty;var Ne=(e,t)=>{for(var s in t)z(e,s,{get:t[s],enumerable:!0})},Me=(e,t,s,i)=>{if(t&&typeof t=="object"||typeof t=="function")for(let r of Ae(t))!qe.call(e,r)&&r!==s&&z(e,r,{get:()=>t[r],enumerable:!(i=Oe(t,r))||i.enumerable});return e};var He=e=>Me(z({},"__esModule",{value:!0}),e);var kt={};Ne(kt,{LogLevel:()=>Pe,OidcErrorType:()=>Ee,createOidcApi:()=>De,setupOidcClient:()=>bt});function De(e){return t=>(t.on("before-fetch",e.extendHeaders),{getAccessToken(){return e.token()},getProfile(){return e.account()}})}var D=class extends Error{};D.prototype.name="InvalidTokenError";function je(e){return decodeURIComponent(atob(e).replace(/(.)/g,(t,s)=>{let i=s.charCodeAt(0).toString(16).toUpperCase();return i.length<2&&(i="0"+i),"%"+i}))}function $e(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");switch(t.length%4){case 0:break;case 2:t+="==";break;case 3:t+="=";break;default:throw new Error("base64 string is not of the correct length")}try{return je(t)}catch{return atob(t)}}function re(e,t){if(typeof e!="string")throw new D("Invalid token specified: must be a string");t||(t={});let s=t.header===!0?0:1,i=e.split(".")[s];if(typeof i!="string")throw new D(`Invalid token specified: missing part #${s+1}`);let r;try{r=$e(i)}catch(n){throw new D(`Invalid token specified: invalid base64 for part #${s+1} (${n.message})`)}try{return JSON.parse(r)}catch(n){throw new D(`Invalid token specified: invalid json for part #${s+1} (${n.message})`)}}var Le={debug:()=>{},info:()=>{},warn:()=>{},error:()=>{}},C,U,j=(e=>(e[e.NONE=0]="NONE",e[e.ERROR=1]="ERROR",e[e.WARN=2]="WARN",e[e.INFO=3]="INFO",e[e.DEBUG=4]="DEBUG",e))(j||{});(e=>{function t(){C=3,U=Le}e.reset=t;function s(r){if(!(0<=r&&r<=4))throw new Error("Invalid log level");C=r}e.setLevel=s;function i(r){U=r}e.setLogger=i})(j||(j={}));var h=class x{constructor(t){this._name=t}debug(...t){C>=4&&U.debug(x._format(this._name,this._method),...t)}info(...t){C>=3&&U.info(x._format(this._name,this._method),...t)}warn(...t){C>=2&&U.warn(x._format(this._name,this._method),...t)}error(...t){C>=1&&U.error(x._format(this._name,this._method),...t)}throw(t){throw this.error(t),t}create(t){let s=Object.create(this);return s._method=t,s.debug("begin"),s}static createStatic(t,s){let i=new x(`${t}.${s}`);return i.debug("begin"),i}static _format(t,s){let i=`[${t}]`;return s?`${i} ${s}:`:i}static debug(t,...s){C>=4&&U.debug(x._format(t),...s)}static info(t,...s){C>=3&&U.info(x._format(t),...s)}static warn(t,...s){C>=2&&U.warn(x._format(t),...s)}static error(t,...s){C>=1&&U.error(x._format(t),...s)}};j.reset();var J=class{static decode(e){try{return re(e)}catch(t){throw h.error("JwtUtils.decode",t),t}}static async generateSignedJwt(e,t,s){let i=y.encodeBase64Url(new TextEncoder().encode(JSON.stringify(e))),r=y.encodeBase64Url(new TextEncoder().encode(JSON.stringify(t))),n=`${i}.${r}`,o=await window.crypto.subtle.sign({name:"ECDSA",hash:{name:"SHA-256"}},s,new TextEncoder().encode(n)),c=y.encodeBase64Url(new Uint8Array(o));return`${n}.${c}`}},We="10000000-1000-4000-8000-100000000000",G=e=>btoa([...new Uint8Array(e)].map(t=>String.fromCharCode(t)).join("")),de=class I{static _randomWord(){let t=new Uint32Array(1);return crypto.getRandomValues(t),t[0]}static generateUUIDv4(){return We.replace(/[018]/g,s=>(+s^I._randomWord()&15>>+s/4).toString(16)).replace(/-/g,"")}static generateCodeVerifier(){return I.generateUUIDv4()+I.generateUUIDv4()+I.generateUUIDv4()}static async generateCodeChallenge(t){if(!crypto.subtle)throw new Error("Crypto.subtle is available only in secure contexts (HTTPS).");try{let i=new TextEncoder().encode(t),r=await crypto.subtle.digest("SHA-256",i);return G(r).replace(/\+/g,"-").replace(/\//g,"_").replace(/=+$/,"")}catch(s){throw h.error("CryptoUtils.generateCodeChallenge",s),s}}static generateBasicAuth(t,s){let r=new TextEncoder().encode([t,s].join(":"));return G(r)}static async hash(t,s){let i=new TextEncoder().encode(s),r=await crypto.subtle.digest(t,i);return new Uint8Array(r)}static async customCalculateJwkThumbprint(t){let s;switch(t.kty){case"RSA":s={e:t.e,kty:t.kty,n:t.n};break;case"EC":s={crv:t.crv,kty:t.kty,x:t.x,y:t.y};break;case"OKP":s={crv:t.crv,kty:t.kty,x:t.x};break;case"oct":s={crv:t.k,kty:t.kty};break;default:throw new Error("Unknown jwk type")}let i=await I.hash("SHA-256",JSON.stringify(s));return I.encodeBase64Url(i)}static async generateDPoPProof({url:t,accessToken:s,httpMethod:i,keyPair:r,nonce:n}){let o,c,a={jti:window.crypto.randomUUID(),htm:i??"GET",htu:t,iat:Math.floor(Date.now()/1e3)};s&&(o=await I.hash("SHA-256",s),c=I.encodeBase64Url(o),a.ath=c),n&&(a.nonce=n);try{let d=await crypto.subtle.exportKey("jwk",r.publicKey),l={alg:"ES256",typ:"dpop+jwt",jwk:{crv:d.crv,kty:d.kty,x:d.x,y:d.y}};return await J.generateSignedJwt(l,a,r.privateKey)}catch(d){throw d instanceof TypeError?new Error(`Error exporting dpop public key: ${d.message}`):d}}static async generateDPoPJkt(t){try{let s=await crypto.subtle.exportKey("jwk",t.publicKey);return await I.customCalculateJwkThumbprint(s)}catch(s){throw s instanceof TypeError?new Error(`Could not retrieve dpop keys from storage: ${s.message}`):s}}static async generateDPoPKeys(){return await window.crypto.subtle.generateKey({name:"ECDSA",namedCurve:"P-256"},!1,["sign","verify"])}};de.encodeBase64Url=e=>G(e).replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_");var y=de,H=class{constructor(e){this._name=e,this._callbacks=[],this._logger=new h(`Event('${this._name}')`)}addHandler(e){return this._callbacks.push(e),()=>this.removeHandler(e)}removeHandler(e){let t=this._callbacks.lastIndexOf(e);t>=0&&this._callbacks.splice(t,1)}async raise(...e){this._logger.debug("raise:",...e);for(let t of this._callbacks)await t(...e)}},ne=class{static center({...e}){var t,s,i;return e.width==null&&(e.width=(t=[800,720,600,480].find(r=>r<=window.outerWidth/1.618))!=null?t:360),(s=e.left)!=null||(e.left=Math.max(0,Math.round(window.screenX+(window.outerWidth-e.width)/2))),e.height!=null&&((i=e.top)!=null||(e.top=Math.max(0,Math.round(window.screenY+(window.outerHeight-e.height)/2)))),e}static serialize(e){return Object.entries(e).filter(([,t])=>t!=null).map(([t,s])=>`${t}=${typeof s!="boolean"?s:s?"yes":"no"}`).join(",")}},M=class W extends H{constructor(){super(...arguments),this._logger=new h(`Timer('${this._name}')`),this._timerHandle=null,this._expiration=0,this._callback=()=>{let t=this._expiration-W.getEpochTime();this._logger.debug("timer completes in",t),this._expiration<=W.getEpochTime()&&(this.cancel(),super.raise())}}static getEpochTime(){return Math.floor(Date.now()/1e3)}init(t){let s=this._logger.create("init");t=Math.max(Math.floor(t),1);let i=W.getEpochTime()+t;if(this.expiration===i&&this._timerHandle){s.debug("skipping since already initialized for expiration at",this.expiration);return}this.cancel(),s.debug("using duration",t),this._expiration=i;let r=Math.min(t,5);this._timerHandle=setInterval(this._callback,r*1e3)}get expiration(){return this._expiration}cancel(){this._logger.create("cancel"),this._timerHandle&&(clearInterval(this._timerHandle),this._timerHandle=null)}},Q=class{static readParams(e,t="query"){if(!e)throw new TypeError("Invalid URL");let i=new URL(e,"http://127.0.0.1")[t==="fragment"?"hash":"search"];return new URLSearchParams(i.slice(1))}},L=";",$=class extends Error{constructor(e,t){var s,i,r;if(super(e.error_description||e.error||""),this.form=t,this.name="ErrorResponse",!e.error)throw h.error("ErrorResponse","No error passed"),new Error("No error passed");this.error=e.error,this.error_description=(s=e.error_description)!=null?s:null,this.error_uri=(i=e.error_uri)!=null?i:null,this.state=e.userState,this.session_state=(r=e.session_state)!=null?r:null,this.url_state=e.url_state}},te=class extends Error{constructor(e){super(e),this.name="ErrorTimeout"}},Je=class{constructor(e){this._logger=new h("AccessTokenEvents"),this._expiringTimer=new M("Access token expiring"),this._expiredTimer=new M("Access token expired"),this._expiringNotificationTimeInSeconds=e.expiringNotificationTimeInSeconds}async load(e){let t=this._logger.create("load");if(e.access_token&&e.expires_in!==void 0){let s=e.expires_in;if(t.debug("access token present, remaining duration:",s),s>0){let r=s-this._expiringNotificationTimeInSeconds;r<=0&&(r=1),t.debug("registering expiring timer, raising in",r,"seconds"),this._expiringTimer.init(r)}else t.debug("canceling existing expiring timer because we're past expiration."),this._expiringTimer.cancel();let i=s+1;t.debug("registering expired timer, raising in",i,"seconds"),this._expiredTimer.init(i)}else this._expiringTimer.cancel(),this._expiredTimer.cancel()}async unload(){this._logger.debug("unload: canceling existing access token timers"),this._expiringTimer.cancel(),this._expiredTimer.cancel()}addAccessTokenExpiring(e){return this._expiringTimer.addHandler(e)}removeAccessTokenExpiring(e){this._expiringTimer.removeHandler(e)}addAccessTokenExpired(e){return this._expiredTimer.addHandler(e)}removeAccessTokenExpired(e){this._expiredTimer.removeHandler(e)}},Ke=class{constructor(e,t,s,i,r){this._callback=e,this._client_id=t,this._intervalInSeconds=i,this._stopOnError=r,this._logger=new h("CheckSessionIFrame"),this._timer=null,this._session_state=null,this._message=o=>{o.origin===this._frame_origin&&o.source===this._frame.contentWindow&&(o.data==="error"?(this._logger.error("error message from check session op iframe"),this._stopOnError&&this.stop()):o.data==="changed"?(this._logger.debug("changed message from check session op iframe"),this.stop(),this._callback()):this._logger.debug(o.data+" message from check session op iframe"))};let n=new URL(s);this._frame_origin=n.origin,this._frame=window.document.createElement("iframe"),this._frame.style.visibility="hidden",this._frame.style.position="fixed",this._frame.style.left="-1000px",this._frame.style.top="0",this._frame.width="0",this._frame.height="0",this._frame.src=n.href}load(){return new Promise(e=>{this._frame.onload=()=>{e()},window.document.body.appendChild(this._frame),window.addEventListener("message",this._message,!1)})}start(e){if(this._session_state===e)return;this._logger.create("start"),this.stop(),this._session_state=e;let t=()=>{!this._frame.contentWindow||!this._session_state||this._frame.contentWindow.postMessage(this._client_id+" "+this._session_state,this._frame_origin)};t(),this._timer=setInterval(t,this._intervalInSeconds*1e3)}stop(){this._logger.create("stop"),this._session_state=null,this._timer&&(clearInterval(this._timer),this._timer=null)}},le=class{constructor(){this._logger=new h("InMemoryWebStorage"),this._data={}}clear(){this._logger.create("clear"),this._data={}}getItem(e){return this._logger.create(`getItem('${e}')`),this._data[e]}setItem(e,t){this._logger.create(`setItem('${e}')`),this._data[e]=t}removeItem(e){this._logger.create(`removeItem('${e}')`),delete this._data[e]}get length(){return Object.getOwnPropertyNames(this._data).length}key(e){return Object.getOwnPropertyNames(this._data)[e]}},X=class extends Error{constructor(e,t){super(t),this.name="ErrorDPoPNonce",this.nonce=e}},se=class{constructor(e=[],t=null,s={}){this._jwtHandler=t,this._extraHeaders=s,this._logger=new h("JsonService"),this._contentTypes=[],this._contentTypes.push(...e,"application/json"),t&&this._contentTypes.push("application/jwt")}async fetchWithTimeout(e,t={}){let{timeoutInSeconds:s,...i}=t;if(!s)return await fetch(e,i);let r=new AbortController,n=setTimeout(()=>r.abort(),s*1e3);try{return await fetch(e,{...t,signal:r.signal})}catch(o){throw o instanceof DOMException&&o.name==="AbortError"?new te("Network timed out"):o}finally{clearTimeout(n)}}async getJson(e,{token:t,credentials:s,timeoutInSeconds:i}={}){let r=this._logger.create("getJson"),n={Accept:this._contentTypes.join(", ")};t&&(r.debug("token passed, setting Authorization header"),n.Authorization="Bearer "+t),this._appendExtraHeaders(n);let o;try{r.debug("url:",e),o=await this.fetchWithTimeout(e,{method:"GET",headers:n,timeoutInSeconds:i,credentials:s})}catch(d){throw r.error("Network Error"),d}r.debug("HTTP response received, status",o.status);let c=o.headers.get("Content-Type");if(c&&!this._contentTypes.find(d=>c.startsWith(d))&&r.throw(new Error(`Invalid response Content-Type: ${c??"undefined"}, from URL: ${e}`)),o.ok&&this._jwtHandler&&c?.startsWith("application/jwt"))return await this._jwtHandler(await o.text());let a;try{a=await o.json()}catch(d){throw r.error("Error parsing JSON response",d),o.ok?d:new Error(`${o.statusText} (${o.status})`)}if(!o.ok)throw r.error("Error from server:",a),a.error?new $(a):new Error(`${o.statusText} (${o.status}): ${JSON.stringify(a)}`);return a}async postForm(e,{body:t,basicAuth:s,timeoutInSeconds:i,initCredentials:r,extraHeaders:n}){let o=this._logger.create("postForm"),c={Accept:this._contentTypes.join(", "),"Content-Type":"application/x-www-form-urlencoded",...n};s!==void 0&&(c.Authorization="Basic "+s),this._appendExtraHeaders(c);let a;try{o.debug("url:",e),a=await this.fetchWithTimeout(e,{method:"POST",headers:c,body:t,timeoutInSeconds:i,credentials:r})}catch(u){throw o.error("Network error"),u}o.debug("HTTP response received, status",a.status);let d=a.headers.get("Content-Type");if(d&&!this._contentTypes.find(u=>d.startsWith(u)))throw new Error(`Invalid response Content-Type: ${d??"undefined"}, from URL: ${e}`);let l=await a.text(),g={};if(l)try{g=JSON.parse(l)}catch(u){throw o.error("Error parsing JSON response",u),a.ok?u:new Error(`${a.statusText} (${a.status})`)}if(!a.ok){if(o.error("Error from server:",g),a.headers.has("dpop-nonce")){let u=a.headers.get("dpop-nonce");throw new X(u,`${JSON.stringify(g)}`)}throw g.error?new $(g,t):new Error(`${a.statusText} (${a.status}): ${JSON.stringify(g)}`)}return g}_appendExtraHeaders(e){let t=this._logger.create("appendExtraHeaders"),s=Object.keys(this._extraHeaders),i=["accept","content-type"],r=["authorization"];s.length!==0&&s.forEach(n=>{if(i.includes(n.toLocaleLowerCase())){t.warn("Protected header could not be set",n,i);return}if(r.includes(n.toLocaleLowerCase())&&Object.keys(e).includes(n)){t.warn("Header could not be overridden",n,r);return}let o=typeof this._extraHeaders[n]=="function"?this._extraHeaders[n]():this._extraHeaders[n];o&&o!==""&&(e[n]=o)})}},Fe=class{constructor(e){this._settings=e,this._logger=new h("MetadataService"),this._signingKeys=null,this._metadata=null,this._metadataUrl=this._settings.metadataUrl,this._jsonService=new se(["application/jwk-set+json"],null,this._settings.extraHeaders),this._settings.signingKeys&&(this._logger.debug("using signingKeys from settings"),this._signingKeys=this._settings.signingKeys),this._settings.metadata&&(this._logger.debug("using metadata from settings"),this._metadata=this._settings.metadata),this._settings.fetchRequestCredentials&&(this._logger.debug("using fetchRequestCredentials from settings"),this._fetchRequestCredentials=this._settings.fetchRequestCredentials)}resetSigningKeys(){this._signingKeys=null}async getMetadata(){let e=this._logger.create("getMetadata");if(this._metadata)return e.debug("using cached values"),this._metadata;if(!this._metadataUrl)throw e.throw(new Error("No authority or metadataUrl configured on settings")),null;e.debug("getting metadata from",this._metadataUrl);let t=await this._jsonService.getJson(this._metadataUrl,{credentials:this._fetchRequestCredentials,timeoutInSeconds:this._settings.requestTimeoutInSeconds});return e.debug("merging remote JSON with seed metadata"),this._metadata=Object.assign({},t,this._settings.metadataSeed),this._metadata}getIssuer(){return this._getMetadataProperty("issuer")}getAuthorizationEndpoint(){return this._getMetadataProperty("authorization_endpoint")}getUserInfoEndpoint(){return this._getMetadataProperty("userinfo_endpoint")}getTokenEndpoint(e=!0){return this._getMetadataProperty("token_endpoint",e)}getCheckSessionIframe(){return this._getMetadataProperty("check_session_iframe",!0)}getEndSessionEndpoint(){return this._getMetadataProperty("end_session_endpoint",!0)}getRevocationEndpoint(e=!0){return this._getMetadataProperty("revocation_endpoint",e)}getKeysEndpoint(e=!0){return this._getMetadataProperty("jwks_uri",e)}async _getMetadataProperty(e,t=!1){let s=this._logger.create(`_getMetadataProperty('${e}')`),i=await this.getMetadata();if(s.debug("resolved"),i[e]===void 0){if(t===!0){s.warn("Metadata does not contain optional property");return}s.throw(new Error("Metadata does not contain property "+e))}return i[e]}async getSigningKeys(){let e=this._logger.create("getSigningKeys");if(this._signingKeys)return e.debug("returning signingKeys from cache"),this._signingKeys;let t=await this.getKeysEndpoint(!1);e.debug("got jwks_uri",t);let s=await this._jsonService.getJson(t,{timeoutInSeconds:this._settings.requestTimeoutInSeconds});if(e.debug("got key set",s),!Array.isArray(s.keys))throw e.throw(new Error("Missing keys on keyset")),null;return this._signingKeys=s.keys,this._signingKeys}},ge=class{constructor({prefix:e="oidc.",store:t=localStorage}={}){this._logger=new h("WebStorageStateStore"),this._store=t,this._prefix=e}async set(e,t){this._logger.create(`set('${e}')`),e=this._prefix+e,await this._store.setItem(e,t)}async get(e){return this._logger.create(`get('${e}')`),e=this._prefix+e,await this._store.getItem(e)}async remove(e){this._logger.create(`remove('${e}')`),e=this._prefix+e;let t=await this._store.getItem(e);return await this._store.removeItem(e),t}async getAllKeys(){this._logger.create("getAllKeys");let e=await this._store.length,t=[];for(let s=0;s<e;s++){let i=await this._store.key(s);i&&i.indexOf(this._prefix)===0&&t.push(i.substr(this._prefix.length))}return t}},ze="code",Be="openid",Ve="client_secret_post",Ge=60*15,Y=class{constructor({authority:e,metadataUrl:t,metadata:s,signingKeys:i,metadataSeed:r,client_id:n,client_secret:o,response_type:c=ze,scope:a=Be,redirect_uri:d,post_logout_redirect_uri:l,client_authentication:g=Ve,prompt:u,display:S,max_age:O,ui_locales:A,acr_values:q,resource:N,response_mode:E,filterProtocolClaims:R=!0,loadUserInfo:k=!1,requestTimeoutInSeconds:_,staleStateAgeInSeconds:f=Ge,mergeClaimsStrategy:T={array:"replace"},disablePKCE:P=!1,stateStore:p,revokeTokenAdditionalContentTypes:m,fetchRequestCredentials:w,refreshTokenAllowedScope:v,extraQueryParams:Re={},extraTokenParams:Te={},extraHeaders:xe={},dpop:Ie,omitScopeWhenRequesting:Ce=!1}){var ie;if(this.authority=e,t?this.metadataUrl=t:(this.metadataUrl=e,e&&(this.metadataUrl.endsWith("/")||(this.metadataUrl+="/"),this.metadataUrl+=".well-known/openid-configuration")),this.metadata=s,this.metadataSeed=r,this.signingKeys=i,this.client_id=n,this.client_secret=o,this.response_type=c,this.scope=a,this.redirect_uri=d,this.post_logout_redirect_uri=l,this.client_authentication=g,this.prompt=u,this.display=S,this.max_age=O,this.ui_locales=A,this.acr_values=q,this.resource=N,this.response_mode=E,this.filterProtocolClaims=R??!0,this.loadUserInfo=!!k,this.staleStateAgeInSeconds=f,this.mergeClaimsStrategy=T,this.omitScopeWhenRequesting=Ce,this.disablePKCE=!!P,this.revokeTokenAdditionalContentTypes=m,this.fetchRequestCredentials=w||"same-origin",this.requestTimeoutInSeconds=_,p)this.stateStore=p;else{let Ue=typeof window<"u"?window.localStorage:new le;this.stateStore=new ge({store:Ue})}if(this.refreshTokenAllowedScope=v,this.extraQueryParams=Re,this.extraTokenParams=Te,this.extraHeaders=xe,this.dpop=Ie,this.dpop&&!((ie=this.dpop)!=null&&ie.store))throw new Error("A DPoPStore is required when dpop is enabled")}},Qe=class{constructor(e,t){this._settings=e,this._metadataService=t,this._logger=new h("UserInfoService"),this._getClaimsFromJwt=async s=>{let i=this._logger.create("_getClaimsFromJwt");try{let r=J.decode(s);return i.debug("JWT decoding successful"),r}catch(r){throw i.error("Error parsing JWT response"),r}},this._jsonService=new se(void 0,this._getClaimsFromJwt,this._settings.extraHeaders)}async getClaims(e){let t=this._logger.create("getClaims");e||this._logger.throw(new Error("No token passed"));let s=await this._metadataService.getUserInfoEndpoint();t.debug("got userinfo url",s);let i=await this._jsonService.getJson(s,{token:e,credentials:this._settings.fetchRequestCredentials,timeoutInSeconds:this._settings.requestTimeoutInSeconds});return t.debug("got claims",i),i}},he=class{constructor(e,t){this._settings=e,this._metadataService=t,this._logger=new h("TokenClient"),this._jsonService=new se(this._settings.revokeTokenAdditionalContentTypes,null,this._settings.extraHeaders)}async exchangeCode({grant_type:e="authorization_code",redirect_uri:t=this._settings.redirect_uri,client_id:s=this._settings.client_id,client_secret:i=this._settings.client_secret,extraHeaders:r,...n}){let o=this._logger.create("exchangeCode");s||o.throw(new Error("A client_id is required")),t||o.throw(new Error("A redirect_uri is required")),n.code||o.throw(new Error("A code is required"));let c=new URLSearchParams({grant_type:e,redirect_uri:t});for(let[g,u]of Object.entries(n))u!=null&&c.set(g,u);let a;switch(this._settings.client_authentication){case"client_secret_basic":if(i==null)throw o.throw(new Error("A client_secret is required")),null;a=y.generateBasicAuth(s,i);break;case"client_secret_post":c.append("client_id",s),i&&c.append("client_secret",i);break}let d=await this._metadataService.getTokenEndpoint(!1);o.debug("got token endpoint");let l=await this._jsonService.postForm(d,{body:c,basicAuth:a,timeoutInSeconds:this._settings.requestTimeoutInSeconds,initCredentials:this._settings.fetchRequestCredentials,extraHeaders:r});return o.debug("got response"),l}async exchangeCredentials({grant_type:e="password",client_id:t=this._settings.client_id,client_secret:s=this._settings.client_secret,scope:i=this._settings.scope,...r}){let n=this._logger.create("exchangeCredentials");t||n.throw(new Error("A client_id is required"));let o=new URLSearchParams({grant_type:e});this._settings.omitScopeWhenRequesting||o.set("scope",i);for(let[l,g]of Object.entries(r))g!=null&&o.set(l,g);let c;switch(this._settings.client_authentication){case"client_secret_basic":if(s==null)throw n.throw(new Error("A client_secret is required")),null;c=y.generateBasicAuth(t,s);break;case"client_secret_post":o.append("client_id",t),s&&o.append("client_secret",s);break}let a=await this._metadataService.getTokenEndpoint(!1);n.debug("got token endpoint");let d=await this._jsonService.postForm(a,{body:o,basicAuth:c,timeoutInSeconds:this._settings.requestTimeoutInSeconds,initCredentials:this._settings.fetchRequestCredentials});return n.debug("got response"),d}async exchangeRefreshToken({grant_type:e="refresh_token",client_id:t=this._settings.client_id,client_secret:s=this._settings.client_secret,timeoutInSeconds:i,extraHeaders:r,...n}){let o=this._logger.create("exchangeRefreshToken");t||o.throw(new Error("A client_id is required")),n.refresh_token||o.throw(new Error("A refresh_token is required"));let c=new URLSearchParams({grant_type:e});for(let[g,u]of Object.entries(n))Array.isArray(u)?u.forEach(S=>c.append(g,S)):u!=null&&c.set(g,u);let a;switch(this._settings.client_authentication){case"client_secret_basic":if(s==null)throw o.throw(new Error("A client_secret is required")),null;a=y.generateBasicAuth(t,s);break;case"client_secret_post":c.append("client_id",t),s&&c.append("client_secret",s);break}let d=await this._metadataService.getTokenEndpoint(!1);o.debug("got token endpoint");let l=await this._jsonService.postForm(d,{body:c,basicAuth:a,timeoutInSeconds:i,initCredentials:this._settings.fetchRequestCredentials,extraHeaders:r});return o.debug("got response"),l}async revoke(e){var t;let s=this._logger.create("revoke");e.token||s.throw(new Error("A token is required"));let i=await this._metadataService.getRevocationEndpoint(!1);s.debug(`got revocation endpoint, revoking ${(t=e.token_type_hint)!=null?t:"default token type"}`);let r=new URLSearchParams;for(let[n,o]of Object.entries(e))o!=null&&r.set(n,o);r.set("client_id",this._settings.client_id),this._settings.client_secret&&r.set("client_secret",this._settings.client_secret),await this._jsonService.postForm(i,{body:r,timeoutInSeconds:this._settings.requestTimeoutInSeconds}),s.debug("got response")}},Xe=class{constructor(e,t,s){this._settings=e,this._metadataService=t,this._claimsService=s,this._logger=new h("ResponseValidator"),this._userInfoService=new Qe(this._settings,this._metadataService),this._tokenClient=new he(this._settings,this._metadataService)}async validateSigninResponse(e,t,s){let i=this._logger.create("validateSigninResponse");this._processSigninState(e,t),i.debug("state processed"),await this._processCode(e,t,s),i.debug("code processed"),e.isOpenId&&this._validateIdTokenAttributes(e),i.debug("tokens validated"),await this._processClaims(e,t?.skipUserInfo,e.isOpenId),i.debug("claims processed")}async validateCredentialsResponse(e,t){let s=this._logger.create("validateCredentialsResponse"),i=e.isOpenId&&!!e.id_token;i&&this._validateIdTokenAttributes(e),s.debug("tokens validated"),await this._processClaims(e,t,i),s.debug("claims processed")}async validateRefreshResponse(e,t){var s,i;let r=this._logger.create("validateRefreshResponse");e.userState=t.data,(s=e.session_state)!=null||(e.session_state=t.session_state),(i=e.scope)!=null||(e.scope=t.scope),e.isOpenId&&e.id_token&&(this._validateIdTokenAttributes(e,t.id_token),r.debug("ID Token validated")),e.id_token||(e.id_token=t.id_token,e.profile=t.profile);let n=e.isOpenId&&!!e.id_token;await this._processClaims(e,!1,n),r.debug("claims processed")}validateSignoutResponse(e,t){let s=this._logger.create("validateSignoutResponse");if(t.id!==e.state&&s.throw(new Error("State does not match")),s.debug("state validated"),e.userState=t.data,e.error)throw s.warn("Response was error",e.error),new $(e)}_processSigninState(e,t){var s;let i=this._logger.create("_processSigninState");if(t.id!==e.state&&i.throw(new Error("State does not match")),t.client_id||i.throw(new Error("No client_id on state")),t.authority||i.throw(new Error("No authority on state")),this._settings.authority!==t.authority&&i.throw(new Error("authority mismatch on settings vs. signin state")),this._settings.client_id&&this._settings.client_id!==t.client_id&&i.throw(new Error("client_id mismatch on settings vs. signin state")),i.debug("state validated"),e.userState=t.data,e.url_state=t.url_state,(s=e.scope)!=null||(e.scope=t.scope),e.error)throw i.warn("Response was error",e.error),new $(e);t.code_verifier&&!e.code&&i.throw(new Error("Expected code in response"))}async _processClaims(e,t=!1,s=!0){let i=this._logger.create("_processClaims");if(e.profile=this._claimsService.filterProtocolClaims(e.profile),t||!this._settings.loadUserInfo||!e.access_token){i.debug("not loading user info");return}i.debug("loading user info");let r=await this._userInfoService.getClaims(e.access_token);i.debug("user info claims received from user info endpoint"),s&&r.sub!==e.profile.sub&&i.throw(new Error("subject from UserInfo response does not match subject in ID Token")),e.profile=this._claimsService.mergeClaims(e.profile,this._claimsService.filterProtocolClaims(r)),i.debug("user info claims received, updated profile:",e.profile)}async _processCode(e,t,s){let i=this._logger.create("_processCode");if(e.code){i.debug("Validating code");let r=await this._tokenClient.exchangeCode({client_id:t.client_id,client_secret:t.client_secret,code:e.code,redirect_uri:t.redirect_uri,code_verifier:t.code_verifier,extraHeaders:s,...t.extraTokenParams});Object.assign(e,r)}else i.debug("No code to process")}_validateIdTokenAttributes(e,t){var s;let i=this._logger.create("_validateIdTokenAttributes");i.debug("decoding ID Token JWT");let r=J.decode((s=e.id_token)!=null?s:"");if(r.sub||i.throw(new Error("ID Token is missing a subject claim")),t){let n=J.decode(t);r.sub!==n.sub&&i.throw(new Error("sub in id_token does not match current sub")),r.auth_time&&r.auth_time!==n.auth_time&&i.throw(new Error("auth_time in id_token does not match original auth_time")),r.azp&&r.azp!==n.azp&&i.throw(new Error("azp in id_token does not match original azp")),!r.azp&&n.azp&&i.throw(new Error("azp not in id_token, but present in original id_token"))}e.profile=r}},K=class Z{constructor(t){this.id=t.id||y.generateUUIDv4(),this.data=t.data,t.created&&t.created>0?this.created=t.created:this.created=M.getEpochTime(),this.request_type=t.request_type,this.url_state=t.url_state}toStorageString(){return new h("State").create("toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type,url_state:this.url_state})}static fromStorageString(t){return h.createStatic("State","fromStorageString"),Promise.resolve(new Z(JSON.parse(t)))}static async clearStaleState(t,s){let i=h.createStatic("State","clearStaleState"),r=M.getEpochTime()-s,n=await t.getAllKeys();i.debug("got keys",n);for(let o=0;o<n.length;o++){let c=n[o],a=await t.get(c),d=!1;if(a)try{let l=await Z.fromStorageString(a);i.debug("got item from key:",c,l.created),l.created<=r&&(d=!0)}catch(l){i.error("Error parsing state for key:",c,l),d=!0}else i.debug("no item in storage for key:",c),d=!0;d&&(i.debug("removed item for key:",c),t.remove(c))}}},ue=class ee extends K{constructor(t){super(t),this.code_verifier=t.code_verifier,this.code_challenge=t.code_challenge,this.authority=t.authority,this.client_id=t.client_id,this.redirect_uri=t.redirect_uri,this.scope=t.scope,this.client_secret=t.client_secret,this.extraTokenParams=t.extraTokenParams,this.response_mode=t.response_mode,this.skipUserInfo=t.skipUserInfo}static async create(t){let s=t.code_verifier===!0?y.generateCodeVerifier():t.code_verifier||void 0,i=s?await y.generateCodeChallenge(s):void 0;return new ee({...t,code_verifier:s,code_challenge:i})}toStorageString(){return new h("SigninState").create("toStorageString"),JSON.stringify({id:this.id,data:this.data,created:this.created,request_type:this.request_type,url_state:this.url_state,code_verifier:this.code_verifier,authority:this.authority,client_id:this.client_id,redirect_uri:this.redirect_uri,scope:this.scope,client_secret:this.client_secret,extraTokenParams:this.extraTokenParams,response_mode:this.response_mode,skipUserInfo:this.skipUserInfo})}static fromStorageString(t){h.createStatic("SigninState","fromStorageString");let s=JSON.parse(t);return ee.create(s)}},_e=class pe{constructor(t){this.url=t.url,this.state=t.state}static async create({url:t,authority:s,client_id:i,redirect_uri:r,response_type:n,scope:o,state_data:c,response_mode:a,request_type:d,client_secret:l,nonce:g,url_state:u,resource:S,skipUserInfo:O,extraQueryParams:A,extraTokenParams:q,disablePKCE:N,dpopJkt:E,omitScopeWhenRequesting:R,...k}){if(!t)throw this._logger.error("create: No url passed"),new Error("url");if(!i)throw this._logger.error("create: No client_id passed"),new Error("client_id");if(!r)throw this._logger.error("create: No redirect_uri passed"),new Error("redirect_uri");if(!n)throw this._logger.error("create: No response_type passed"),new Error("response_type");if(!o)throw this._logger.error("create: No scope passed"),new Error("scope");if(!s)throw this._logger.error("create: No authority passed"),new Error("authority");let _=await ue.create({data:c,request_type:d,url_state:u,code_verifier:!N,client_id:i,authority:s,redirect_uri:r,response_mode:a,client_secret:l,scope:o,extraTokenParams:q,skipUserInfo:O}),f=new URL(t);f.searchParams.append("client_id",i),f.searchParams.append("redirect_uri",r),f.searchParams.append("response_type",n),R||f.searchParams.append("scope",o),g&&f.searchParams.append("nonce",g),E&&f.searchParams.append("dpop_jkt",E);let T=_.id;u&&(T=`${T}${L}${u}`),f.searchParams.append("state",T),_.code_challenge&&(f.searchParams.append("code_challenge",_.code_challenge),f.searchParams.append("code_challenge_method","S256")),S&&(Array.isArray(S)?S:[S]).forEach(p=>f.searchParams.append("resource",p));for(let[P,p]of Object.entries({response_mode:a,...k,...A}))p!=null&&f.searchParams.append(P,p.toString());return new pe({url:f.href,state:_})}};_e._logger=new h("SigninRequest");var Ye=_e,Ze="openid",B=class{constructor(e){if(this.access_token="",this.token_type="",this.profile={},this.state=e.get("state"),this.session_state=e.get("session_state"),this.state){let t=decodeURIComponent(this.state).split(L);this.state=t[0],t.length>1&&(this.url_state=t.slice(1).join(L))}this.error=e.get("error"),this.error_description=e.get("error_description"),this.error_uri=e.get("error_uri"),this.code=e.get("code")}get expires_in(){if(this.expires_at!==void 0)return this.expires_at-M.getEpochTime()}set expires_in(e){typeof e=="string"&&(e=Number(e)),e!==void 0&&e>=0&&(this.expires_at=Math.floor(e)+M.getEpochTime())}get isOpenId(){var e;return((e=this.scope)==null?void 0:e.split(" ").includes(Ze))||!!this.id_token}},et=class{constructor({url:e,state_data:t,id_token_hint:s,post_logout_redirect_uri:i,extraQueryParams:r,request_type:n,client_id:o,url_state:c}){if(this._logger=new h("SignoutRequest"),!e)throw this._logger.error("ctor: No url passed"),new Error("url");let a=new URL(e);if(s&&a.searchParams.append("id_token_hint",s),o&&a.searchParams.append("client_id",o),i&&(a.searchParams.append("post_logout_redirect_uri",i),t||c)){this.state=new K({data:t,request_type:n,url_state:c});let d=this.state.id;c&&(d=`${d}${L}${c}`),a.searchParams.append("state",d)}for(let[d,l]of Object.entries({...r}))l!=null&&a.searchParams.append(d,l.toString());this.url=a.href}},tt=class{constructor(e){if(this.state=e.get("state"),this.state){let t=decodeURIComponent(this.state).split(L);this.state=t[0],t.length>1&&(this.url_state=t.slice(1).join(L))}this.error=e.get("error"),this.error_description=e.get("error_description"),this.error_uri=e.get("error_uri")}},st=["nbf","jti","auth_time","nonce","acr","amr","azp","at_hash"],it=["sub","iss","aud","exp","iat"],rt=class{constructor(e){this._settings=e,this._logger=new h("ClaimsService")}filterProtocolClaims(e){let t={...e};if(this._settings.filterProtocolClaims){let s;Array.isArray(this._settings.filterProtocolClaims)?s=this._settings.filterProtocolClaims:s=st;for(let i of s)it.includes(i)||delete t[i]}return t}mergeClaims(e,t){let s={...e};for(let[i,r]of Object.entries(t))if(s[i]!==r)if(Array.isArray(s[i])||Array.isArray(r))if(this._settings.mergeClaimsStrategy.array=="replace")s[i]=r;else{let n=Array.isArray(s[i])?s[i]:[s[i]];for(let o of Array.isArray(r)?r:[r])n.includes(o)||n.push(o);s[i]=n}else typeof s[i]=="object"&&typeof r=="object"?s[i]=this.mergeClaims(s[i],r):s[i]=r;return s}},fe=class{constructor(e,t){this.keys=e,this.nonce=t}},nt=class{constructor(e,t){this._logger=new h("OidcClient"),this.settings=e instanceof Y?e:new Y(e),this.metadataService=t??new Fe(this.settings),this._claimsService=new rt(this.settings),this._validator=new Xe(this.settings,this.metadataService,this._claimsService),this._tokenClient=new he(this.settings,this.metadataService)}async createSigninRequest({state:e,request:t,request_uri:s,request_type:i,id_token_hint:r,login_hint:n,skipUserInfo:o,nonce:c,url_state:a,response_type:d=this.settings.response_type,scope:l=this.settings.scope,redirect_uri:g=this.settings.redirect_uri,prompt:u=this.settings.prompt,display:S=this.settings.display,max_age:O=this.settings.max_age,ui_locales:A=this.settings.ui_locales,acr_values:q=this.settings.acr_values,resource:N=this.settings.resource,response_mode:E=this.settings.response_mode,extraQueryParams:R=this.settings.extraQueryParams,extraTokenParams:k=this.settings.extraTokenParams,dpopJkt:_,omitScopeWhenRequesting:f=this.settings.omitScopeWhenRequesting}){let T=this._logger.create("createSigninRequest");if(d!=="code")throw new Error("Only the Authorization Code flow (with PKCE) is supported");let P=await this.metadataService.getAuthorizationEndpoint();T.debug("Received authorization endpoint",P);let p=await Ye.create({url:P,authority:this.settings.authority,client_id:this.settings.client_id,redirect_uri:g,response_type:d,scope:l,state_data:e,url_state:a,prompt:u,display:S,max_age:O,ui_locales:A,id_token_hint:r,login_hint:n,acr_values:q,dpopJkt:_,resource:N,request:t,request_uri:s,extraQueryParams:R,extraTokenParams:k,request_type:i,response_mode:E,client_secret:this.settings.client_secret,skipUserInfo:o,nonce:c,disablePKCE:this.settings.disablePKCE,omitScopeWhenRequesting:f});await this.clearStaleState();let m=p.state;return await this.settings.stateStore.set(m.id,m.toStorageString()),p}async readSigninResponseState(e,t=!1){let s=this._logger.create("readSigninResponseState"),i=new B(Q.readParams(e,this.settings.response_mode));if(!i.state)throw s.throw(new Error("No state in response")),null;let r=await this.settings.stateStore[t?"remove":"get"](i.state);if(!r)throw s.throw(new Error("No matching state found in storage")),null;return{state:await ue.fromStorageString(r),response:i}}async processSigninResponse(e,t,s=!0){let i=this._logger.create("processSigninResponse"),{state:r,response:n}=await this.readSigninResponseState(e,s);if(i.debug("received state from storage; validating response"),this.settings.dpop&&this.settings.dpop.store){let o=await this.getDpopProof(this.settings.dpop.store);t={...t,DPoP:o}}try{await this._validator.validateSigninResponse(n,r,t)}catch(o){if(o instanceof X&&this.settings.dpop){let c=await this.getDpopProof(this.settings.dpop.store,o.nonce);t.DPoP=c,await this._validator.validateSigninResponse(n,r,t)}else throw o}return n}async getDpopProof(e,t){let s,i;return(await e.getAllKeys()).includes(this.settings.client_id)?(i=await e.get(this.settings.client_id),i.nonce!==t&&t&&(i.nonce=t,await e.set(this.settings.client_id,i))):(s=await y.generateDPoPKeys(),i=new fe(s,t),await e.set(this.settings.client_id,i)),await y.generateDPoPProof({url:await this.metadataService.getTokenEndpoint(!1),httpMethod:"POST",keyPair:i.keys,nonce:i.nonce})}async processResourceOwnerPasswordCredentials({username:e,password:t,skipUserInfo:s=!1,extraTokenParams:i={}}){let r=await this._tokenClient.exchangeCredentials({username:e,password:t,...i}),n=new B(new URLSearchParams);return Object.assign(n,r),await this._validator.validateCredentialsResponse(n,s),n}async useRefreshToken({state:e,redirect_uri:t,resource:s,timeoutInSeconds:i,extraHeaders:r,extraTokenParams:n}){var o;let c=this._logger.create("useRefreshToken"),a;if(this.settings.refreshTokenAllowedScope===void 0)a=e.scope;else{let g=this.settings.refreshTokenAllowedScope.split(" ");a=(((o=e.scope)==null?void 0:o.split(" "))||[]).filter(S=>g.includes(S)).join(" ")}if(this.settings.dpop&&this.settings.dpop.store){let g=await this.getDpopProof(this.settings.dpop.store);r={...r,DPoP:g}}let d;try{d=await this._tokenClient.exchangeRefreshToken({refresh_token:e.refresh_token,scope:a,redirect_uri:t,resource:s,timeoutInSeconds:i,extraHeaders:r,...n})}catch(g){if(g instanceof X&&this.settings.dpop)r.DPoP=await this.getDpopProof(this.settings.dpop.store,g.nonce),d=await this._tokenClient.exchangeRefreshToken({refresh_token:e.refresh_token,scope:a,redirect_uri:t,resource:s,timeoutInSeconds:i,extraHeaders:r,...n});else throw g}let l=new B(new URLSearchParams);return Object.assign(l,d),c.debug("validating response",l),await this._validator.validateRefreshResponse(l,{...e,scope:a}),l}async createSignoutRequest({state:e,id_token_hint:t,client_id:s,request_type:i,url_state:r,post_logout_redirect_uri:n=this.settings.post_logout_redirect_uri,extraQueryParams:o=this.settings.extraQueryParams}={}){let c=this._logger.create("createSignoutRequest"),a=await this.metadataService.getEndSessionEndpoint();if(!a)throw c.throw(new Error("No end session endpoint")),null;c.debug("Received end session endpoint",a),!s&&n&&!t&&(s=this.settings.client_id);let d=new et({url:a,id_token_hint:t,client_id:s,post_logout_redirect_uri:n,state_data:e,extraQueryParams:o,request_type:i,url_state:r});await this.clearStaleState();let l=d.state;return l&&(c.debug("Signout request has state to persist"),await this.settings.stateStore.set(l.id,l.toStorageString())),d}async readSignoutResponseState(e,t=!1){let s=this._logger.create("readSignoutResponseState"),i=new tt(Q.readParams(e,this.settings.response_mode));if(!i.state){if(s.debug("No state in response"),i.error)throw s.warn("Response was error:",i.error),new $(i);return{state:void 0,response:i}}let r=await this.settings.stateStore[t?"remove":"get"](i.state);if(!r)throw s.throw(new Error("No matching state found in storage")),null;return{state:await K.fromStorageString(r),response:i}}async processSignoutResponse(e){let t=this._logger.create("processSignoutResponse"),{state:s,response:i}=await this.readSignoutResponseState(e,!0);return s?(t.debug("Received state from storage; validating response"),this._validator.validateSignoutResponse(i,s)):t.debug("No state from storage; skipping response validation"),i}clearStaleState(){return this._logger.create("clearStaleState"),K.clearStaleState(this.settings.stateStore,this.settings.staleStateAgeInSeconds)}async revokeToken(e,t){return this._logger.create("revokeToken"),await this._tokenClient.revoke({token:e,token_type_hint:t})}},ot=class{constructor(e){this._userManager=e,this._logger=new h("SessionMonitor"),this._start=async t=>{let s=t.session_state;if(!s)return;let i=this._logger.create("_start");if(t.profile?(this._sub=t.profile.sub,i.debug("session_state",s,", sub",this._sub)):(this._sub=void 0,i.debug("session_state",s,", anonymous user")),this._checkSessionIFrame){this._checkSessionIFrame.start(s);return}try{let r=await this._userManager.metadataService.getCheckSessionIframe();if(r){i.debug("initializing check session iframe");let n=this._userManager.settings.client_id,o=this._userManager.settings.checkSessionIntervalInSeconds,c=this._userManager.settings.stopCheckSessionOnError,a=new Ke(this._callback,n,r,o,c);await a.load(),this._checkSessionIFrame=a,a.start(s)}else i.warn("no check session iframe found in the metadata")}catch(r){i.error("Error from getCheckSessionIframe:",r instanceof Error?r.message:r)}},this._stop=()=>{let t=this._logger.create("_stop");if(this._sub=void 0,this._checkSessionIFrame&&this._checkSessionIFrame.stop(),this._userManager.settings.monitorAnonymousSession){let s=setInterval(async()=>{clearInterval(s);try{let i=await this._userManager.querySessionStatus();if(i){let r={session_state:i.session_state,profile:i.sub?{sub:i.sub}:null};this._start(r)}}catch(i){t.error("error from querySessionStatus",i instanceof Error?i.message:i)}},1e3)}},this._callback=async()=>{let t=this._logger.create("_callback");try{let s=await this._userManager.querySessionStatus(),i=!0;s&&this._checkSessionIFrame?s.sub===this._sub?(i=!1,this._checkSessionIFrame.start(s.session_state),t.debug("same sub still logged in at OP, session state has changed, restarting check session iframe; session_state",s.session_state),await this._userManager.events._raiseUserSessionChanged()):t.debug("different subject signed into OP",s.sub):t.debug("subject no longer signed into OP"),i?this._sub?await this._userManager.events._raiseUserSignedOut():await this._userManager.events._raiseUserSignedIn():t.debug("no change in session detected, no event to raise")}catch(s){this._sub&&(t.debug("Error calling queryCurrentSigninSession; raising signed out event",s),await this._userManager.events._raiseUserSignedOut())}},e||this._logger.throw(new Error("No user manager passed")),this._userManager.events.addUserLoaded(this._start),this._userManager.events.addUserUnloaded(this._stop),this._init().catch(t=>{this._logger.error(t)})}async _init(){this._logger.create("_init");let e=await this._userManager.getUser();if(e)this._start(e);else if(this._userManager.settings.monitorAnonymousSession){let t=await this._userManager.querySessionStatus();if(t){let s={session_state:t.session_state,profile:t.sub?{sub:t.sub}:null};this._start(s)}}}},V=class we{constructor(t){var s;this.id_token=t.id_token,this.session_state=(s=t.session_state)!=null?s:null,this.access_token=t.access_token,this.refresh_token=t.refresh_token,this.token_type=t.token_type,this.scope=t.scope,this.profile=t.profile,this.expires_at=t.expires_at,this.state=t.userState,this.url_state=t.url_state}get expires_in(){if(this.expires_at!==void 0)return this.expires_at-M.getEpochTime()}set expires_in(t){t!==void 0&&(this.expires_at=Math.floor(t)+M.getEpochTime())}get expired(){let t=this.expires_in;if(t!==void 0)return t<=0}get scopes(){var t,s;return(s=(t=this.scope)==null?void 0:t.split(" "))!=null?s:[]}toStorageString(){return new h("User").create("toStorageString"),JSON.stringify({id_token:this.id_token,session_state:this.session_state,access_token:this.access_token,refresh_token:this.refresh_token,token_type:this.token_type,scope:this.scope,profile:this.profile,expires_at:this.expires_at})}static fromStorageString(t){return h.createStatic("User","fromStorageString"),new we(JSON.parse(t))}},oe="oidc-client",me=class{constructor(){this._abort=new H("Window navigation aborted"),this._disposeHandlers=new Set,this._window=null}async navigate(e){let t=this._logger.create("navigate");if(!this._window)throw new Error("Attempted to navigate on a disposed window");t.debug("setting URL in window"),this._window.location.replace(e.url);let{url:s,keepOpen:i}=await new Promise((r,n)=>{let o=a=>{var d;let l=a.data,g=(d=e.scriptOrigin)!=null?d:window.location.origin;if(!(a.origin!==g||l?.source!==oe)){try{let u=Q.readParams(l.url,e.response_mode).get("state");if(u||t.warn("no state found in response url"),a.source!==this._window&&u!==e.state)return}catch{this._dispose(),n(new Error("Invalid response from window"))}r(l)}};window.addEventListener("message",o,!1),this._disposeHandlers.add(()=>window.removeEventListener("message",o,!1));let c=new BroadcastChannel(`oidc-client-popup-${e.state}`);c.addEventListener("message",o,!1),this._disposeHandlers.add(()=>c.close()),this._disposeHandlers.add(this._abort.addHandler(a=>{this._dispose(),n(a)}))});return t.debug("got response from window"),this._dispose(),i||this.close(),{url:s}}_dispose(){this._logger.create("_dispose");for(let e of this._disposeHandlers)e();this._disposeHandlers.clear()}static _notifyParent(e,t,s=!1,i=window.location.origin){let r={source:oe,url:t,keepOpen:s},n=new h("_notifyParent");if(e)n.debug("With parent. Using parent.postMessage."),e.postMessage(r,i);else{n.debug("No parent. Using BroadcastChannel.");let o=new URL(t).searchParams.get("state");if(!o)throw new Error("No parent and no state in URL. Can't complete notification.");let c=new BroadcastChannel(`oidc-client-popup-${o}`);c.postMessage(r),c.close()}}},Se={location:!1,toolbar:!1,height:640,closePopupWindowAfterInSeconds:-1},ve="_blank",at=60,ct=2,ye=10,dt=class extends Y{constructor(e){let{popup_redirect_uri:t=e.redirect_uri,popup_post_logout_redirect_uri:s=e.post_logout_redirect_uri,popupWindowFeatures:i=Se,popupWindowTarget:r=ve,redirectMethod:n="assign",redirectTarget:o="self",iframeNotifyParentOrigin:c=e.iframeNotifyParentOrigin,iframeScriptOrigin:a=e.iframeScriptOrigin,requestTimeoutInSeconds:d,silent_redirect_uri:l=e.redirect_uri,silentRequestTimeoutInSeconds:g,automaticSilentRenew:u=!0,validateSubOnSilentRenew:S=!0,includeIdTokenInSilentRenew:O=!1,monitorSession:A=!1,monitorAnonymousSession:q=!1,checkSessionIntervalInSeconds:N=ct,query_status_response_type:E="code",stopCheckSessionOnError:R=!0,revokeTokenTypes:k=["access_token","refresh_token"],revokeTokensOnSignout:_=!1,includeIdTokenInSilentSignout:f=!1,accessTokenExpiringNotificationTimeInSeconds:T=at,userStore:P}=e;if(super(e),this.popup_redirect_uri=t,this.popup_post_logout_redirect_uri=s,this.popupWindowFeatures=i,this.popupWindowTarget=r,this.redirectMethod=n,this.redirectTarget=o,this.iframeNotifyParentOrigin=c,this.iframeScriptOrigin=a,this.silent_redirect_uri=l,this.silentRequestTimeoutInSeconds=g||d||ye,this.automaticSilentRenew=u,this.validateSubOnSilentRenew=S,this.includeIdTokenInSilentRenew=O,this.monitorSession=A,this.monitorAnonymousSession=q,this.checkSessionIntervalInSeconds=N,this.stopCheckSessionOnError=R,this.query_status_response_type=E,this.revokeTokenTypes=k,this.revokeTokensOnSignout=_,this.includeIdTokenInSilentSignout=f,this.accessTokenExpiringNotificationTimeInSeconds=T,P)this.userStore=P;else{let p=typeof window<"u"?window.sessionStorage:new le;this.userStore=new ge({store:p})}}},ae=class be extends me{constructor({silentRequestTimeoutInSeconds:t=ye}){super(),this._logger=new h("IFrameWindow"),this._timeoutInSeconds=t,this._frame=be.createHiddenIframe(),this._window=this._frame.contentWindow}static createHiddenIframe(){let t=window.document.createElement("iframe");return t.style.visibility="hidden",t.style.position="fixed",t.style.left="-1000px",t.style.top="0",t.width="0",t.height="0",window.document.body.appendChild(t),t}async navigate(t){this._logger.debug("navigate: Using timeout of:",this._timeoutInSeconds);let s=setTimeout(()=>void this._abort.raise(new te("IFrame timed out without a response")),this._timeoutInSeconds*1e3);return this._disposeHandlers.add(()=>clearTimeout(s)),await super.navigate(t)}close(){var t;this._frame&&(this._frame.parentNode&&(this._frame.addEventListener("load",s=>{var i;let r=s.target;(i=r.parentNode)==null||i.removeChild(r),this._abort.raise(new Error("IFrame removed from DOM"))},!0),(t=this._frame.contentWindow)==null||t.location.replace("about:blank")),this._frame=null),this._window=null}static notifyParent(t,s){return super._notifyParent(window.parent,t,!1,s)}},lt=class{constructor(e){this._settings=e,this._logger=new h("IFrameNavigator")}async prepare({silentRequestTimeoutInSeconds:e=this._settings.silentRequestTimeoutInSeconds}){return new ae({silentRequestTimeoutInSeconds:e})}async callback(e){this._logger.create("callback"),ae.notifyParent(e,this._settings.iframeNotifyParentOrigin)}},gt=500,ht=1e3,ce=class extends me{constructor({popupWindowTarget:e=ve,popupWindowFeatures:t={},popupSignal:s}){super(),this._logger=new h("PopupWindow");let i=ne.center({...Se,...t});this._window=window.open(void 0,e,ne.serialize(i)),s&&s.addEventListener("abort",()=>{var r;this._abort.raise(new Error((r=s.reason)!=null?r:"Popup aborted"))}),t.closePopupWindowAfterInSeconds&&t.closePopupWindowAfterInSeconds>0&&setTimeout(()=>{if(!this._window||typeof this._window.closed!="boolean"||this._window.closed){this._abort.raise(new Error("Popup blocked by user"));return}this.close()},t.closePopupWindowAfterInSeconds*ht)}async navigate(e){var t;(t=this._window)==null||t.focus();let s=setInterval(()=>{(!this._window||this._window.closed)&&(this._logger.debug("Popup closed by user or isolated by redirect"),i(),this._disposeHandlers.delete(i))},gt),i=()=>clearInterval(s);return this._disposeHandlers.add(i),await super.navigate(e)}close(){this._window&&(this._window.closed||(this._window.close(),this._abort.raise(new Error("Popup closed")))),this._window=null}static notifyOpener(e,t){super._notifyParent(window.opener,e,t),!t&&!window.opener&&window.close()}},ut=class{constructor(e){this._settings=e,this._logger=new h("PopupNavigator")}async prepare({popupWindowFeatures:e=this._settings.popupWindowFeatures,popupWindowTarget:t=this._settings.popupWindowTarget,popupSignal:s}){return new ce({popupWindowFeatures:e,popupWindowTarget:t,popupSignal:s})}async callback(e,{keepOpen:t=!1}){this._logger.create("callback"),ce.notifyOpener(e,t)}},_t=class{constructor(e){this._settings=e,this._logger=new h("RedirectNavigator")}async prepare({redirectMethod:e=this._settings.redirectMethod,redirectTarget:t=this._settings.redirectTarget}){var s;this._logger.create("prepare");let i=window.self;t==="top"&&(i=(s=window.top)!=null?s:window.self);let r=i.location[e].bind(i.location),n;return{navigate:async o=>{this._logger.create("navigate");let c=new Promise((a,d)=>{n=d});return r(o.url),await c},close:()=>{this._logger.create("close"),n?.(new Error("Redirect aborted")),i.stop()}}}async callback(){}},pt=class extends Je{constructor(e){super({expiringNotificationTimeInSeconds:e.accessTokenExpiringNotificationTimeInSeconds}),this._logger=new h("UserManagerEvents"),this._userLoaded=new H("User loaded"),this._userUnloaded=new H("User unloaded"),this._silentRenewError=new H("Silent renew error"),this._userSignedIn=new H("User signed in"),this._userSignedOut=new H("User signed out"),this._userSessionChanged=new H("User session changed")}async load(e,t=!0){await super.load(e),t&&await this._userLoaded.raise(e)}async unload(){await super.unload(),await this._userUnloaded.raise()}addUserLoaded(e){return this._userLoaded.addHandler(e)}removeUserLoaded(e){return this._userLoaded.removeHandler(e)}addUserUnloaded(e){return this._userUnloaded.addHandler(e)}removeUserUnloaded(e){return this._userUnloaded.removeHandler(e)}addSilentRenewError(e){return this._silentRenewError.addHandler(e)}removeSilentRenewError(e){return this._silentRenewError.removeHandler(e)}async _raiseSilentRenewError(e){await this._silentRenewError.raise(e)}addUserSignedIn(e){return this._userSignedIn.addHandler(e)}removeUserSignedIn(e){this._userSignedIn.removeHandler(e)}async _raiseUserSignedIn(){await this._userSignedIn.raise()}addUserSignedOut(e){return this._userSignedOut.addHandler(e)}removeUserSignedOut(e){this._userSignedOut.removeHandler(e)}async _raiseUserSignedOut(){await this._userSignedOut.raise()}addUserSessionChanged(e){return this._userSessionChanged.addHandler(e)}removeUserSessionChanged(e){this._userSessionChanged.removeHandler(e)}async _raiseUserSessionChanged(){await this._userSessionChanged.raise()}},ft=class{constructor(e){this._userManager=e,this._logger=new h("SilentRenewService"),this._isStarted=!1,this._retryTimer=new M("Retry Silent Renew"),this._tokenExpiring=async()=>{let t=this._logger.create("_tokenExpiring");try{await this._userManager.signinSilent(),t.debug("silent token renewal successful")}catch(s){if(s instanceof te){t.warn("ErrorTimeout from signinSilent:",s,"retry in 5s"),this._retryTimer.init(5);return}t.error("Error from signinSilent:",s),await this._userManager.events._raiseSilentRenewError(s)}}}async start(){let e=this._logger.create("start");if(!this._isStarted){this._isStarted=!0,this._userManager.events.addAccessTokenExpiring(this._tokenExpiring),this._retryTimer.addHandler(this._tokenExpiring);try{await this._userManager.getUser()}catch(t){e.error("getUser error",t)}}}stop(){this._isStarted&&(this._retryTimer.cancel(),this._retryTimer.removeHandler(this._tokenExpiring),this._userManager.events.removeAccessTokenExpiring(this._tokenExpiring),this._isStarted=!1)}},wt=class{constructor(e){this.refresh_token=e.refresh_token,this.id_token=e.id_token,this.session_state=e.session_state,this.scope=e.scope,this.profile=e.profile,this.data=e.state}},ke=class{constructor(e,t,s,i){this._logger=new h("UserManager"),this.settings=new dt(e),this._client=new nt(e),this._redirectNavigator=t??new _t(this.settings),this._popupNavigator=s??new ut(this.settings),this._iframeNavigator=i??new lt(this.settings),this._events=new pt(this.settings),this._silentRenewService=new ft(this),this.settings.automaticSilentRenew&&this.startSilentRenew(),this._sessionMonitor=null,this.settings.monitorSession&&(this._sessionMonitor=new ot(this))}get events(){return this._events}get metadataService(){return this._client.metadataService}async getUser(e=!1){let t=this._logger.create("getUser"),s=await this._loadUser();return s?(t.info("user loaded"),await this._events.load(s,e),s):(t.info("user not found in storage"),null)}async removeUser(){let e=this._logger.create("removeUser");await this.storeUser(null),e.info("user removed from storage"),await this._events.unload()}async signinRedirect(e={}){var t;this._logger.create("signinRedirect");let{redirectMethod:s,...i}=e,r;(t=this.settings.dpop)!=null&&t.bind_authorization_code&&(r=await this.generateDPoPJkt(this.settings.dpop));let n=await this._redirectNavigator.prepare({redirectMethod:s});await this._signinStart({request_type:"si:r",dpopJkt:r,...i},n)}async signinRedirectCallback(e=window.location.href){let t=this._logger.create("signinRedirectCallback"),s=await this._signinEnd(e);return s.profile&&s.profile.sub?t.info("success, signed in subject",s.profile.sub):t.info("no subject"),s}async signinResourceOwnerCredentials({username:e,password:t,skipUserInfo:s=!1}){let i=this._logger.create("signinResourceOwnerCredential"),r=await this._client.processResourceOwnerPasswordCredentials({username:e,password:t,skipUserInfo:s,extraTokenParams:this.settings.extraTokenParams});i.debug("got signin response");let n=await this._buildUser(r);return n.profile&&n.profile.sub?i.info("success, signed in subject",n.profile.sub):i.info("no subject"),n}async signinPopup(e={}){var t;let s=this._logger.create("signinPopup"),i;(t=this.settings.dpop)!=null&&t.bind_authorization_code&&(i=await this.generateDPoPJkt(this.settings.dpop));let{popupWindowFeatures:r,popupWindowTarget:n,popupSignal:o,...c}=e,a=this.settings.popup_redirect_uri;a||s.throw(new Error("No popup_redirect_uri configured"));let d=await this._popupNavigator.prepare({popupWindowFeatures:r,popupWindowTarget:n,popupSignal:o}),l=await this._signin({request_type:"si:p",redirect_uri:a,display:"popup",dpopJkt:i,...c},d);return l&&(l.profile&&l.profile.sub?s.info("success, signed in subject",l.profile.sub):s.info("no subject")),l}async signinPopupCallback(e=window.location.href,t=!1){let s=this._logger.create("signinPopupCallback");await this._popupNavigator.callback(e,{keepOpen:t}),s.info("success")}async signinSilent(e={}){var t,s;let i=this._logger.create("signinSilent"),{silentRequestTimeoutInSeconds:r,...n}=e,o=await this._loadUser();if(o?.refresh_token){i.debug("using refresh token");let g=new wt(o);return await this._useRefreshToken({state:g,redirect_uri:n.redirect_uri,resource:n.resource,extraTokenParams:n.extraTokenParams,timeoutInSeconds:r})}let c;(t=this.settings.dpop)!=null&&t.bind_authorization_code&&(c=await this.generateDPoPJkt(this.settings.dpop));let a=this.settings.silent_redirect_uri;a||i.throw(new Error("No silent_redirect_uri configured"));let d;o&&this.settings.validateSubOnSilentRenew&&(i.debug("subject prior to silent renew:",o.profile.sub),d=o.profile.sub);let l=await this._iframeNavigator.prepare({silentRequestTimeoutInSeconds:r});return o=await this._signin({request_type:"si:s",redirect_uri:a,prompt:"none",id_token_hint:this.settings.includeIdTokenInSilentRenew?o?.id_token:void 0,dpopJkt:c,...n},l,d),o&&((s=o.profile)!=null&&s.sub?i.info("success, signed in subject",o.profile.sub):i.info("no subject")),o}async _useRefreshToken(e){let t=await this._client.useRefreshToken({timeoutInSeconds:this.settings.silentRequestTimeoutInSeconds,...e}),s=new V({...e.state,...t});return await this.storeUser(s),await this._events.load(s),s}async signinSilentCallback(e=window.location.href){let t=this._logger.create("signinSilentCallback");await this._iframeNavigator.callback(e),t.info("success")}async signinCallback(e=window.location.href){let{state:t}=await this._client.readSigninResponseState(e);switch(t.request_type){case"si:r":return await this.signinRedirectCallback(e);case"si:p":await this.signinPopupCallback(e);break;case"si:s":await this.signinSilentCallback(e);break;default:throw new Error("invalid response_type in state")}}async signoutCallback(e=window.location.href,t=!1){let{state:s}=await this._client.readSignoutResponseState(e);if(s)switch(s.request_type){case"so:r":return await this.signoutRedirectCallback(e);case"so:p":await this.signoutPopupCallback(e,t);break;case"so:s":await this.signoutSilentCallback(e);break;default:throw new Error("invalid response_type in state")}}async querySessionStatus(e={}){let t=this._logger.create("querySessionStatus"),{silentRequestTimeoutInSeconds:s,...i}=e,r=this.settings.silent_redirect_uri;r||t.throw(new Error("No silent_redirect_uri configured"));let n=await this._loadUser(),o=await this._iframeNavigator.prepare({silentRequestTimeoutInSeconds:s}),c=await this._signinStart({request_type:"si:s",redirect_uri:r,prompt:"none",id_token_hint:this.settings.includeIdTokenInSilentRenew?n?.id_token:void 0,response_type:this.settings.query_status_response_type,scope:"openid",skipUserInfo:!0,...i},o);try{let a={},d=await this._client.processSigninResponse(c.url,a);return t.debug("got signin response"),d.session_state&&d.profile.sub?(t.info("success for subject",d.profile.sub),{session_state:d.session_state,sub:d.profile.sub}):(t.info("success, user not authenticated"),null)}catch(a){if(this.settings.monitorAnonymousSession&&a instanceof $)switch(a.error){case"login_required":case"consent_required":case"interaction_required":case"account_selection_required":return t.info("success for anonymous user"),{session_state:a.session_state}}throw a}}async _signin(e,t,s){let i=await this._signinStart(e,t);return await this._signinEnd(i.url,s)}async _signinStart(e,t){let s=this._logger.create("_signinStart");try{let i=await this._client.createSigninRequest(e);return s.debug("got signin request"),await t.navigate({url:i.url,state:i.state.id,response_mode:i.state.response_mode,scriptOrigin:this.settings.iframeScriptOrigin})}catch(i){throw s.debug("error after preparing navigator, closing navigator window"),t.close(),i}}async _signinEnd(e,t){let s=this._logger.create("_signinEnd"),i={},r=await this._client.processSigninResponse(e,i);return s.debug("got signin response"),await this._buildUser(r,t)}async _buildUser(e,t){let s=this._logger.create("_buildUser"),i=new V(e);if(t){if(t!==i.profile.sub)throw s.debug("current user does not match user returned from signin. sub from signin:",i.profile.sub),new $({...e,error:"login_required"});s.debug("current user matches user returned from signin")}return await this.storeUser(i),s.debug("user stored"),await this._events.load(i),i}async signoutRedirect(e={}){let t=this._logger.create("signoutRedirect"),{redirectMethod:s,...i}=e,r=await this._redirectNavigator.prepare({redirectMethod:s});await this._signoutStart({request_type:"so:r",post_logout_redirect_uri:this.settings.post_logout_redirect_uri,...i},r),t.info("success")}async signoutRedirectCallback(e=window.location.href){let t=this._logger.create("signoutRedirectCallback"),s=await this._signoutEnd(e);return t.info("success"),s}async signoutPopup(e={}){let t=this._logger.create("signoutPopup"),{popupWindowFeatures:s,popupWindowTarget:i,popupSignal:r,...n}=e,o=this.settings.popup_post_logout_redirect_uri,c=await this._popupNavigator.prepare({popupWindowFeatures:s,popupWindowTarget:i,popupSignal:r});await this._signout({request_type:"so:p",post_logout_redirect_uri:o,state:o==null?void 0:{},...n},c),t.info("success")}async signoutPopupCallback(e=window.location.href,t=!1){let s=this._logger.create("signoutPopupCallback");await this._popupNavigator.callback(e,{keepOpen:t}),s.info("success")}async _signout(e,t){let s=await this._signoutStart(e,t);return await this._signoutEnd(s.url)}async _signoutStart(e={},t){var s;let i=this._logger.create("_signoutStart");try{let r=await this._loadUser();i.debug("loaded current user from storage"),this.settings.revokeTokensOnSignout&&await this._revokeInternal(r);let n=e.id_token_hint||r&&r.id_token;n&&(i.debug("setting id_token_hint in signout request"),e.id_token_hint=n),await this.removeUser(),i.debug("user removed, creating signout request");let o=await this._client.createSignoutRequest(e);return i.debug("got signout request"),await t.navigate({url:o.url,state:(s=o.state)==null?void 0:s.id,scriptOrigin:this.settings.iframeScriptOrigin})}catch(r){throw i.debug("error after preparing navigator, closing navigator window"),t.close(),r}}async _signoutEnd(e){let t=this._logger.create("_signoutEnd"),s=await this._client.processSignoutResponse(e);return t.debug("got signout response"),s}async signoutSilent(e={}){var t;let s=this._logger.create("signoutSilent"),{silentRequestTimeoutInSeconds:i,...r}=e,n=this.settings.includeIdTokenInSilentSignout?(t=await this._loadUser())==null?void 0:t.id_token:void 0,o=this.settings.popup_post_logout_redirect_uri,c=await this._iframeNavigator.prepare({silentRequestTimeoutInSeconds:i});await this._signout({request_type:"so:s",post_logout_redirect_uri:o,id_token_hint:n,...r},c),s.info("success")}async signoutSilentCallback(e=window.location.href){let t=this._logger.create("signoutSilentCallback");await this._iframeNavigator.callback(e),t.info("success")}async revokeTokens(e){let t=await this._loadUser();await this._revokeInternal(t,e)}async _revokeInternal(e,t=this.settings.revokeTokenTypes){let s=this._logger.create("_revokeInternal");if(!e)return;let i=t.filter(r=>typeof e[r]=="string");if(!i.length){s.debug("no need to revoke due to no token(s)");return}for(let r of i)await this._client.revokeToken(e[r],r),s.info(`${r} revoked successfully`),r!=="access_token"&&(e[r]=null);await this.storeUser(e),s.debug("user stored"),await this._events.load(e)}startSilentRenew(){this._logger.create("startSilentRenew"),this._silentRenewService.start()}stopSilentRenew(){this._silentRenewService.stop()}get _userStoreKey(){return`user:${this.settings.authority}:${this.settings.client_id}`}async _loadUser(){let e=this._logger.create("_loadUser"),t=await this.settings.userStore.get(this._userStoreKey);return t?(e.debug("user storageString loaded"),V.fromStorageString(t)):(e.debug("no user storageString"),null)}async storeUser(e){let t=this._logger.create("storeUser");if(e){t.debug("storing user");let s=e.toStorageString();await this.settings.userStore.set(this._userStoreKey,s)}else this._logger.debug("removing user"),await this.settings.userStore.remove(this._userStoreKey),this.settings.dpop&&await this.settings.dpop.store.remove(this.settings.client_id)}async clearStaleState(){await this._client.clearStaleState()}async dpopProof(e,t,s,i){var r,n;let o=await((n=(r=this.settings.dpop)==null?void 0:r.store)==null?void 0:n.get(this.settings.client_id));if(o)return await y.generateDPoPProof({url:e,accessToken:t?.access_token,httpMethod:s,keyPair:o.keys,nonce:i})}async generateDPoPJkt(e){let t=await e.store.get(this.settings.client_id);if(!t){let s=await y.generateDPoPKeys();t=new fe(s),await e.store.set(this.settings.client_id,t)}return await y.generateDPoPJkt(t.keys)}};var Pe=(n=>(n.none="none",n.error="error",n.warn="warn",n.info="info",n.debug="debug",n))(Pe||{}),Ee=(n=>(n.unknown="unknown",n.notAuthorized="notAuthorized",n.silentRenewFailed="silentRenewFailed",n.invalidToken="invalidToken",n.oidcCallback="oidcCallback",n))(Ee||{});var mt={notAuthorized:"Not logged in. Please call `login()` to retrieve a token.",silentRenewFailed:"Silent renew failed to retrieve access token.",invalidToken:"Invalid token during authentication"},St=(e,t)=>mt[e]||(t?t.toString():"an unexpected error has occurred without a message"),b=class e extends Error{constructor(t,s){let i=St(t,s);super(i),Error.captureStackTrace&&Error.captureStackTrace(this,e),this.name="OidcError",this.type=t,this.innerError=s}};var vt={none:0,error:1,warn:2,info:3,debug:4};function F(e){return window.location.pathname===new URL(e).pathname}function yt(e){return vt[e]}function bt(e){let{clientId:t,clientSecret:s,identityProviderUri:i,redirectUri:r=`${location.origin}/auth`,signInRedirectParams:n,postLogoutRedirectUri:o=location.origin,responseType:c,responseMode:a,scopes:d,restrict:l=!1,parentName:g,appUri:u,logLevel:S,userStore:O,extraQueryParams:A,uiLocales:q,metadata:N,metadataUrl:E,monitorSession:R}=e,k=()=>g?g===window.parent?.name:window===window.top,_=new ke({authority:i,redirect_uri:r,silent_redirect_uri:r,popup_redirect_uri:r,post_logout_redirect_uri:o,client_id:t,client_secret:s,response_type:c,scope:d?.join(" "),userStore:O,extraQueryParams:A,ui_locales:q,response_mode:a,metadata:N,metadataUrl:E,monitorSession:R});S!==void 0&&(j.setLogger(console),j.setLevel(yt(S))),F(_.settings.post_logout_redirect_uri)&&(k()?_.signoutRedirectCallback():_.signoutPopupCallback());let f=()=>new Promise((p,m)=>{_.getUser().then(w=>{if(!w)m(new b("notAuthorized"));else if(w.access_token&&w.expires_in>60)p(w.access_token);else return _.signinSilent().then(v=>v?v.access_token?p(v.access_token):m(new b("invalidToken")):m(new b("silentRenewFailed")))}).catch(w=>m(new b("unknown",w)))});return{_,login(){return _.signinRedirect(n)},logout(){return _.signoutRedirect()},revoke(){return _.revokeTokens()},handleAuthentication:()=>new Promise(async(p,m)=>{let w;if((F(_.settings.silent_redirect_uri)||F(_.settings.popup_redirect_uri))&&!k()){try{await _.signinSilentCallback(),w=await _.getUser()}catch(v){return m(new b("oidcCallback",v))}return p({shouldRender:!1,state:w?.state})}if(F(_.settings.redirect_uri)&&k()){try{w=await _.signinCallback()}catch(v){return m(new b("oidcCallback",v))}return u?(h.debug(`Redirecting to ${u} due to appUri being configured.`),window.location.href=u,p({shouldRender:!1,state:w?.state})):p({shouldRender:!0,state:w?.state})}return f().then(v=>v?p({shouldRender:!0}):m(new b("invalidToken"))).catch(async v=>v.type==="notAuthorized"?(await _.signinRedirect(n),p({shouldRender:!1})):m(v))}),extendHeaders(p){l||p.setHeaders(f().then(m=>m&&{Authorization:`Bearer ${m}`},()=>{}))},token:f,account:()=>new Promise((p,m)=>{_.getUser().then(w=>!w||w.expires_in<=0?m(new b("notAuthorized")):p(w.profile),w=>m(new b("unknown",w)))})}}return He(kt);})();