samlesa 2.12.3

package/build/src/binding-post.js

@@ -0,0 +1,369 @@
+"use strict";
+/**
+* @file binding-post.ts
+* @author tngan
+* @desc Binding-level API, declare the functions using POST binding
+*/
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const urn_js_1 = require("./urn.js");
+const libsaml_js_1 = __importDefault(require("./libsaml.js"));
+const utility_js_1 = __importStar(require("./utility.js"));
+const binding = urn_js_1.wording.binding;
+/**
+* @desc Generate a base64 encoded login request
+* @param  {string} referenceTagXPath           reference uri
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+function base64LoginRequest(referenceTagXPath, entity, customTagReplacement) {
+    const metadata = { idp: entity.idp.entityMeta, sp: entity.sp.entityMeta };
+    const spSetting = entity.sp.entitySetting;
+    let id = '';
+    if (metadata && metadata.idp && metadata.sp) {
+        const base = metadata.idp.getSingleSignOnService(binding.post);
+        let rawSamlRequest;
+        if (spSetting.loginRequestTemplate && customTagReplacement) {
+            const info = customTagReplacement(spSetting.loginRequestTemplate.context);
+            id = (0, utility_js_1.get)(info, 'id', null);
+            rawSamlRequest = (0, utility_js_1.get)(info, 'context', null);
+        }
+        else {
+            const nameIDFormat = spSetting.nameIDFormat;
+            const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
+            id = spSetting.generateID();
+            rawSamlRequest = libsaml_js_1.default.replaceTagsByValue(libsaml_js_1.default.defaultLoginRequestTemplate.context, {
+                ID: id,
+                Destination: base,
+                Issuer: metadata.sp.getEntityID(),
+                IssueInstant: new Date().toISOString(),
+                AssertionConsumerServiceURL: metadata.sp.getAssertionConsumerService(binding.post),
+                EntityID: metadata.sp.getEntityID(),
+                AllowCreate: spSetting.allowCreate,
+                NameIDFormat: selectedNameIDFormat
+            });
+        }
+        if (metadata.idp.isWantAuthnRequestsSigned()) {
+            const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm, transformationAlgorithms } = spSetting;
+            return {
+                id,
+                context: libsaml_js_1.default.constructSAMLSignature({
+                    referenceTagXPath,
+                    privateKey,
+                    privateKeyPass,
+                    signatureAlgorithm,
+                    transformationAlgorithms,
+                    rawSamlMessage: rawSamlRequest,
+                    signingCert: metadata.sp.getX509Certificate('signing'),
+                    signatureConfig: spSetting.signatureConfig || {
+                        prefix: 'ds',
+                        location: { reference: "/*[local-name(.)='AuthnRequest']/*[local-name(.)='Issuer']", action: 'after' },
+                    }
+                }),
+            };
+        }
+        // No need to embeded XML signature
+        return {
+            id,
+            context: utility_js_1.default.base64Encode(rawSamlRequest),
+        };
+    }
+    throw new Error('ERR_GENERATE_POST_LOGIN_REQUEST_MISSING_METADATA');
+}
+/**
+* @desc Generate a base64 encoded login response
+* @param  {object} requestInfo                 corresponding request, used to obtain the id
+* @param  {object} entity                      object includes both idp and sp
+* @param  {object} user                        current logged user (e.g. req.user)
+* @param  {function} customTagReplacement     used when developers have their own login response template
+* @param  {boolean}  encryptThenSign           whether or not to encrypt then sign first (if signing). Defaults to sign-then-encrypt
+*/
+async function base64LoginResponse(requestInfo = {}, entity, user = {}, customTagReplacement, encryptThenSign = false) {
+    const idpSetting = entity.idp.entitySetting;
+    const spSetting = entity.sp.entitySetting;
+    const id = idpSetting.generateID();
+    const metadata = {
+        idp: entity.idp.entityMeta,
+        sp: entity.sp.entityMeta,
+    };
+    const nameIDFormat = idpSetting.nameIDFormat;
+    const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
+    if (metadata && metadata.idp && metadata.sp) {
+        const base = metadata.sp.getAssertionConsumerService(binding.post);
+        let rawSamlResponse;
+        const nowTime = new Date();
+        const spEntityID = metadata.sp.getEntityID();
+        const fiveMinutesLaterTime = new Date(nowTime.getTime());
+        fiveMinutesLaterTime.setMinutes(fiveMinutesLaterTime.getMinutes() + 5);
+        const fiveMinutesLater = fiveMinutesLaterTime.toISOString();
+        const now = nowTime.toISOString();
+        const acl = metadata.sp.getAssertionConsumerService(binding.post);
+        const tvalue = {
+            ID: id,
+            AssertionID: idpSetting.generateID(),
+            Destination: base,
+            Audience: spEntityID,
+            EntityID: spEntityID,
+            SubjectRecipient: acl,
+            Issuer: metadata.idp.getEntityID(),
+            IssueInstant: now,
+            AssertionConsumerServiceURL: acl,
+            StatusCode: urn_js_1.StatusCode.Success,
+            // can be customized
+            ConditionsNotBefore: now,
+            ConditionsNotOnOrAfter: fiveMinutesLater,
+            SubjectConfirmationDataNotOnOrAfter: fiveMinutesLater,
+            NameIDFormat: selectedNameIDFormat,
+            NameID: user.email || '',
+            InResponseTo: (0, utility_js_1.get)(requestInfo, 'extract.request.id', ''),
+            AuthnStatement: '',
+            AttributeStatement: '',
+        };
+        if (idpSetting.loginResponseTemplate && customTagReplacement) {
+            const template = customTagReplacement(idpSetting.loginResponseTemplate.context);
+            rawSamlResponse = (0, utility_js_1.get)(template, 'context', null);
+        }
+        else {
+            if (requestInfo !== null) {
+                tvalue.InResponseTo = requestInfo.extract.request.id;
+            }
+            rawSamlResponse = libsaml_js_1.default.replaceTagsByValue(libsaml_js_1.default.defaultLoginResponseTemplate.context, tvalue);
+        }
+        const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm } = idpSetting;
+        const config = {
+            privateKey,
+            privateKeyPass,
+            signatureAlgorithm,
+            signingCert: metadata.idp.getX509Certificate('signing'),
+            isBase64Output: false,
+        };
+        // step: sign assertion ? -> encrypted ? -> sign message ?
+        if (metadata.sp.isWantAssertionsSigned()) {
+            // console.debug('sp wants assertion signed');
+            rawSamlResponse = libsaml_js_1.default.constructSAMLSignature({
+                ...config,
+                rawSamlMessage: rawSamlResponse,
+                transformationAlgorithms: spSetting.transformationAlgorithms,
+                referenceTagXPath: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']",
+                signatureConfig: {
+                    prefix: 'ds',
+                    location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Assertion']/*[local-name(.)='Issuer']", action: 'after' },
+                },
+            });
+        }
+        // console.debug('after assertion signed', rawSamlResponse);
+        // SAML response must be signed sign message first, then encrypt
+        if (!encryptThenSign && (spSetting.wantMessageSigned || !metadata.sp.isWantAssertionsSigned())) {
+            // console.debug('sign then encrypt and sign entire message');
+            rawSamlResponse = libsaml_js_1.default.constructSAMLSignature({
+                ...config,
+                rawSamlMessage: rawSamlResponse,
+                isMessageSigned: true,
+                transformationAlgorithms: spSetting.transformationAlgorithms,
+                signatureConfig: spSetting.signatureConfig || {
+                    prefix: 'ds',
+                    location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Issuer']", action: 'after' },
+                },
+            });
+            console.log(rawSamlResponse);
+            console.log("这他妈是什么------------------");
+        }
+        // console.debug('after message signed', rawSamlResponse);
+        if (idpSetting.isAssertionEncrypted) {
+            // console.debug('idp is configured to do encryption');
+            const context = await libsaml_js_1.default.encryptAssertion(entity.idp, entity.sp, rawSamlResponse);
+            if (encryptThenSign) {
+                //need to decode it
+                rawSamlResponse = utility_js_1.default.base64Decode(context);
+            }
+            else {
+                return Promise.resolve({ id, context });
+            }
+        }
+        //sign after encrypting
+        if (encryptThenSign && (spSetting.wantMessageSigned || !metadata.sp.isWantAssertionsSigned())) {
+            rawSamlResponse = libsaml_js_1.default.constructSAMLSignature({
+                ...config,
+                rawSamlMessage: rawSamlResponse,
+                isMessageSigned: true,
+                transformationAlgorithms: spSetting.transformationAlgorithms,
+                signatureConfig: spSetting.signatureConfig || {
+                    prefix: 'ds',
+                    location: { reference: "/*[local-name(.)='Response']/*[local-name(.)='Issuer']", action: 'after' },
+                },
+            });
+        }
+        return Promise.resolve({
+            id,
+            context: utility_js_1.default.base64Encode(rawSamlResponse),
+        });
+    }
+    throw new Error('ERR_GENERATE_POST_LOGIN_RESPONSE_MISSING_METADATA');
+}
+/**
+* @desc Generate a base64 encoded logout request
+* @param  {object} user                         current logged user (e.g. req.user)
+* @param  {string} referenceTagXPath            reference uri
+* @param  {object} entity                       object includes both idp and sp
+* @param  {function} customTagReplacement      used when developers have their own login response template
+* @return {string} base64 encoded request
+*/
+function base64LogoutRequest(user, referenceTagXPath, entity, customTagReplacement) {
+    const metadata = { init: entity.init.entityMeta, target: entity.target.entityMeta };
+    const initSetting = entity.init.entitySetting;
+    const nameIDFormat = initSetting.nameIDFormat;
+    const selectedNameIDFormat = Array.isArray(nameIDFormat) ? nameIDFormat[0] : nameIDFormat;
+    let id = '';
+    if (metadata && metadata.init && metadata.target) {
+        let rawSamlRequest;
+        if (initSetting.logoutRequestTemplate && customTagReplacement) {
+            const template = customTagReplacement(initSetting.logoutRequestTemplate.context);
+            id = (0, utility_js_1.get)(template, 'id', null);
+            rawSamlRequest = (0, utility_js_1.get)(template, 'context', null);
+        }
+        else {
+            id = initSetting.generateID();
+            const tvalue = {
+                ID: id,
+                Destination: metadata.target.getSingleLogoutService(binding.post),
+                Issuer: metadata.init.getEntityID(),
+                IssueInstant: new Date().toISOString(),
+                EntityID: metadata.init.getEntityID(),
+                NameIDFormat: selectedNameIDFormat,
+                NameID: user.logoutNameID,
+            };
+            rawSamlRequest = libsaml_js_1.default.replaceTagsByValue(libsaml_js_1.default.defaultLogoutRequestTemplate.context, tvalue);
+        }
+        if (entity.target.entitySetting.wantLogoutRequestSigned) {
+            // Need to embeded XML signature
+            const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm, transformationAlgorithms } = initSetting;
+            return {
+                id,
+                context: libsaml_js_1.default.constructSAMLSignature({
+                    referenceTagXPath,
+                    privateKey,
+                    privateKeyPass,
+                    signatureAlgorithm,
+                    transformationAlgorithms,
+                    rawSamlMessage: rawSamlRequest,
+                    signingCert: metadata.init.getX509Certificate('signing'),
+                    signatureConfig: initSetting.signatureConfig || {
+                        prefix: 'ds',
+                        location: { reference: "/*[local-name(.)='LogoutRequest']/*[local-name(.)='Issuer']", action: 'after' },
+                    }
+                }),
+            };
+        }
+        return {
+            id,
+            context: utility_js_1.default.base64Encode(rawSamlRequest),
+        };
+    }
+    throw new Error('ERR_GENERATE_POST_LOGOUT_REQUEST_MISSING_METADATA');
+}
+/**
+* @desc Generate a base64 encoded logout response
+* @param  {object} requestInfo                 corresponding request, used to obtain the id
+* @param  {string} referenceTagXPath           reference uri
+* @param  {object} entity                      object includes both idp and sp
+* @param  {function} customTagReplacement     used when developers have their own login response template
+*/
+function base64LogoutResponse(requestInfo, entity, customTagReplacement) {
+    const metadata = {
+        init: entity.init.entityMeta,
+        target: entity.target.entityMeta,
+    };
+    let id = '';
+    const initSetting = entity.init.entitySetting;
+    if (metadata && metadata.init && metadata.target) {
+        let rawSamlResponse;
+        if (initSetting.logoutResponseTemplate) {
+            const template = customTagReplacement(initSetting.logoutResponseTemplate.context);
+            id = template.id;
+            rawSamlResponse = template.context;
+        }
+        else {
+            id = initSetting.generateID();
+            const tvalue = {
+                ID: id,
+                Destination: metadata.target.getSingleLogoutService(binding.post),
+                EntityID: metadata.init.getEntityID(),
+                Issuer: metadata.init.getEntityID(),
+                IssueInstant: new Date().toISOString(),
+                StatusCode: urn_js_1.StatusCode.Success,
+                InResponseTo: (0, utility_js_1.get)(requestInfo, 'extract.request.id', null)
+            };
+            rawSamlResponse = libsaml_js_1.default.replaceTagsByValue(libsaml_js_1.default.defaultLogoutResponseTemplate.context, tvalue);
+        }
+        if (entity.target.entitySetting.wantLogoutResponseSigned) {
+            const { privateKey, privateKeyPass, requestSignatureAlgorithm: signatureAlgorithm, transformationAlgorithms } = initSetting;
+            return {
+                id,
+                context: libsaml_js_1.default.constructSAMLSignature({
+                    isMessageSigned: true,
+                    transformationAlgorithms: transformationAlgorithms,
+                    privateKey,
+                    privateKeyPass,
+                    signatureAlgorithm,
+                    rawSamlMessage: rawSamlResponse,
+                    signingCert: metadata.init.getX509Certificate('signing'),
+                    signatureConfig: {
+                        prefix: 'ds',
+                        location: {
+                            reference: "/*[local-name(.)='LogoutResponse']/*[local-name(.)='Issuer']",
+                            action: 'after'
+                        }
+                    }
+                }),
+            };
+        }
+        return {
+            id,
+            context: utility_js_1.default.base64Encode(rawSamlResponse),
+        };
+    }
+    throw new Error('ERR_GENERATE_POST_LOGOUT_RESPONSE_MISSING_METADATA');
+}
+const postBinding = {
+    base64LoginRequest,
+    base64LoginResponse,
+    base64LogoutRequest,
+    base64LogoutResponse,
+};
+exports.default = postBinding;
+//# sourceMappingURL=binding-post.js.map

package/build/src/binding-post.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"binding-post.js","sourceRoot":"","sources":["../../src/binding-post.ts"],"names":[],"mappings":";AAAA;;;;EAIE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEF,qCAA0D;AAE1D,8DAAmC;AACnC,2DAA4C;AAE5C,MAAM,OAAO,GAAG,gBAAO,CAAC,OAAO,CAAC;AAEhC;;;;;EAKE;AACF,SAAS,kBAAkB,CAAC,iBAAyB,EAAE,MAAW,EAAE,oBAA2D;IAC7H,MAAM,QAAQ,GAAG,EAAE,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,UAAU,EAAE,CAAC;IAC1E,MAAM,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC,aAAa,CAAC;IAC1C,IAAI,EAAE,GAAW,EAAE,CAAC;IAEpB,IAAI,QAAQ,IAAI,QAAQ,CAAC,GAAG,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,QAAQ,CAAC,GAAG,CAAC,sBAAsB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/D,IAAI,cAAsB,CAAC;QAC3B,IAAI,SAAS,CAAC,oBAAoB,IAAI,oBAAoB,EAAE,CAAC;YAC3D,MAAM,IAAI,GAAG,oBAAoB,CAAC,SAAS,CAAC,oBAAoB,CAAC,OAAO,CAAC,CAAC;YAC1E,EAAE,GAAG,IAAA,gBAAG,EAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAC3B,cAAc,GAAG,IAAA,gBAAG,EAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QAC9C,CAAC;aAAM,CAAC;YACN,MAAM,YAAY,GAAG,SAAS,CAAC,YAAY,CAAC;YAC5C,MAAM,oBAAoB,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC;YAC1F,EAAE,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC;YAC5B,cAAc,GAAG,oBAAO,CAAC,kBAAkB,CAAC,oBAAO,CAAC,2BAA2B,CAAC,OAAO,EAAE;gBACvF,EAAE,EAAE,EAAE;gBACN,WAAW,EAAE,IAAI;gBACjB,MAAM,EAAE,QAAQ,CAAC,EAAE,CAAC,WAAW,EAAE;gBACjC,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACtC,2BAA2B,EAAE,QAAQ,CAAC,EAAE,CAAC,2BAA2B,CAAC,OAAO,CAAC,IAAI,CAAC;gBAClF,QAAQ,EAAE,QAAQ,CAAC,EAAE,CAAC,WAAW,EAAE;gBACnC,WAAW,EAAE,SAAS,CAAC,WAAW;gBAClC,YAAY,EAAE,oBAAoB;aAC5B,CAAC,CAAC;QACZ,CAAC;QACD,IAAI,QAAQ,CAAC,GAAG,CAAC,yBAAyB,EAAE,EAAE,CAAC;YAC7C,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,GAAG,SAAS,CAAC;YAC1H,OAAO;gBACL,EAAE;gBACF,OAAO,EAAE,oBAAO,CAAC,sBAAsB,CAAC;oBACtC,iBAAiB;oBACjB,UAAU;oBACV,cAAc;oBACd,kBAAkB;oBAClB,wBAAwB;oBACxB,cAAc,EAAE,cAAc;oBAC9B,WAAW,EAAE,QAAQ,CAAC,EAAE,CAAC,kBAAkB,CAAC,SAAS,CAAC;oBACtD,eAAe,EAAE,SAAS,CAAC,eAAe,IAAI;wBAC5C,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE,EAAE,SAAS,EAAE,4DAA4D,EAAE,MAAM,EAAE,OAAO,EAAE;qBACvG;iBACF,CAAC;aACH,CAAC;QACJ,CAAC;QACD,mCAAmC;QACnC,OAAO;YACL,EAAE;YACF,OAAO,EAAE,oBAAO,CAAC,YAAY,CAAC,cAAc,CAAC;SAC9C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;AACtE,CAAC;AACD;;;;;;;EAOE;AACF,KAAK,UAAU,mBAAmB,CAAC,cAAmB,EAAE,EAAE,MAAW,EAAE,OAAY,EAAE,EAAE,oBAA2D,EAAE,kBAA2B,KAAK;IAClL,MAAM,UAAU,GAAG,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC;IAC5C,MAAM,SAAS,GAAG,MAAM,CAAC,EAAE,CAAC,aAAa,CAAC;IAC1C,MAAM,EAAE,GAAG,UAAU,CAAC,UAAU,EAAE,CAAC;IACnC,MAAM,QAAQ,GAAG;QACf,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,UAAU;QAC1B,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,UAAU;KACzB,CAAC;IACF,MAAM,YAAY,GAAG,UAAU,CAAC,YAAY,CAAC;IAC7C,MAAM,oBAAoB,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC;IAC1F,IAAI,QAAQ,IAAI,QAAQ,CAAC,GAAG,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;QAC5C,MAAM,IAAI,GAAG,QAAQ,CAAC,EAAE,CAAC,2BAA2B,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACnE,IAAI,eAAuB,CAAC;QAC5B,MAAM,OAAO,GAAG,IAAI,IAAI,EAAE,CAAC;QAC3B,MAAM,UAAU,GAAG,QAAQ,CAAC,EAAE,CAAC,WAAW,EAAE,CAAC;QAC7C,MAAM,oBAAoB,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC;QACzD,oBAAoB,CAAC,UAAU,CAAC,oBAAoB,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;QACvE,MAAM,gBAAgB,GAAG,oBAAoB,CAAC,WAAW,EAAE,CAAC;QAC5D,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;QAClC,MAAM,GAAG,GAAG,QAAQ,CAAC,EAAE,CAAC,2BAA2B,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAClE,MAAM,MAAM,GAAQ;YAClB,EAAE,EAAE,EAAE;YACN,WAAW,EAAE,UAAU,CAAC,UAAU,EAAE;YACpC,WAAW,EAAE,IAAI;YACjB,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,UAAU;YACpB,gBAAgB,EAAE,GAAG;YACrB,MAAM,EAAE,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE;YAClC,YAAY,EAAE,GAAG;YACjB,2BAA2B,EAAE,GAAG;YAChC,UAAU,EAAE,mBAAU,CAAC,OAAO;YAC9B,oBAAoB;YACpB,mBAAmB,EAAE,GAAG;YACxB,sBAAsB,EAAE,gBAAgB;YACxC,mCAAmC,EAAE,gBAAgB;YACrD,YAAY,EAAE,oBAAoB;YAClC,MAAM,EAAE,IAAI,CAAC,KAAK,IAAI,EAAE;YACxB,YAAY,EAAE,IAAA,gBAAG,EAAC,WAAW,EAAE,oBAAoB,EAAE,EAAE,CAAC;YACxD,cAAc,EAAE,EAAE;YAClB,kBAAkB,EAAE,EAAE;SACvB,CAAC;QACF,IAAI,UAAU,CAAC,qBAAqB,IAAI,oBAAoB,EAAE,CAAC;YAC7D,MAAM,QAAQ,GAAG,oBAAoB,CAAC,UAAU,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAChF,eAAe,GAAG,IAAA,gBAAG,EAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;gBACzB,MAAM,CAAC,YAAY,GAAG,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;YACvD,CAAC;YACD,eAAe,GAAG,oBAAO,CAAC,kBAAkB,CAAC,oBAAO,CAAC,4BAA4B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACrG,CAAC;QACD,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,GAAG,UAAU,CAAC;QACjG,MAAM,MAAM,GAAG;YACb,UAAU;YACV,cAAc;YACd,kBAAkB;YAClB,WAAW,EAAE,QAAQ,CAAC,GAAG,CAAC,kBAAkB,CAAC,SAAS,CAAC;YACvD,cAAc,EAAE,KAAK;SACtB,CAAC;QACF,0DAA0D;QAC1D,IAAI,QAAQ,CAAC,EAAE,CAAC,sBAAsB,EAAE,EAAE,CAAC;YACzC,8CAA8C;YAC9C,eAAe,GAAG,oBAAO,CAAC,sBAAsB,CAAC;gBAC/C,GAAG,MAAM;gBACT,cAAc,EAAE,eAAe;gBAC/B,wBAAwB,EAAE,SAAS,CAAC,wBAAwB;gBAC5D,iBAAiB,EAAE,2DAA2D;gBAC9E,eAAe,EAAE;oBACf,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE,EAAE,SAAS,EAAE,qFAAqF,EAAE,MAAM,EAAE,OAAO,EAAE;iBAChI;aACF,CAAC,CAAC;QACL,CAAC;QAED,4DAA4D;QAE5D,gEAAgE;QAChE,IAAI,CAAC,eAAe,IAAI,CAAC,SAAS,CAAC,iBAAiB,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,sBAAsB,EAAE,CAAC,EAAE,CAAC;YAC/F,8DAA8D;YAC9D,eAAe,GAAG,oBAAO,CAAC,sBAAsB,CAAC;gBAC/C,GAAG,MAAM;gBACT,cAAc,EAAE,eAAe;gBAC/B,eAAe,EAAE,IAAI;gBACrB,wBAAwB,EAAE,SAAS,CAAC,wBAAwB;gBAC5D,eAAe,EAAE,SAAS,CAAC,eAAe,IAAI;oBAC5C,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE,EAAE,SAAS,EAAE,wDAAwD,EAAE,MAAM,EAAE,OAAO,EAAE;iBACnG;aACF,CAAC,CAAC;YACH,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAC7B,OAAO,CAAC,GAAG,CAAC,0BAA0B,CAAC,CAAA;QACzC,CAAC;QAED,0DAA0D;QAE1D,IAAI,UAAU,CAAC,oBAAoB,EAAE,CAAC;YACpC,uDAAuD;YACvD,MAAM,OAAO,GAAG,MAAM,oBAAO,CAAC,gBAAgB,CAAC,MAAM,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE,eAAe,CAAC,CAAC;YACvF,IAAI,eAAe,EAAE,CAAC;gBACpB,mBAAmB;gBACnB,eAAe,GAAG,oBAAO,CAAC,YAAY,CAAC,OAAO,CAAW,CAAC;YAC5D,CAAC;iBAAM,CAAC;gBACN,OAAO,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,CAAC;QACH,CAAC;QAED,uBAAuB;QACvB,IAAI,eAAe,IAAI,CAAC,SAAS,CAAC,iBAAiB,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,sBAAsB,EAAE,CAAC,EAAE,CAAC;YAC9F,eAAe,GAAG,oBAAO,CAAC,sBAAsB,CAAC;gBAC/C,GAAG,MAAM;gBACT,cAAc,EAAE,eAAe;gBAC/B,eAAe,EAAE,IAAI;gBACrB,wBAAwB,EAAE,SAAS,CAAC,wBAAwB;gBAC5D,eAAe,EAAE,SAAS,CAAC,eAAe,IAAI;oBAC5C,MAAM,EAAE,IAAI;oBACZ,QAAQ,EAAE,EAAE,SAAS,EAAE,wDAAwD,EAAE,MAAM,EAAE,OAAO,EAAE;iBACnG;aACF,CAAC,CAAC;QACL,CAAC;QAED,OAAO,OAAO,CAAC,OAAO,CAAC;YACrB,EAAE;YACF,OAAO,EAAE,oBAAO,CAAC,YAAY,CAAC,eAAe,CAAC;SAC/C,CAAC,CAAC;IAEL,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;AACvE,CAAC;AACD;;;;;;;EAOE;AACF,SAAS,mBAAmB,CAAC,IAAI,EAAE,iBAAiB,EAAE,MAAM,EAAE,oBAA2D;IACvH,MAAM,QAAQ,GAAG,EAAE,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;IACpF,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC;IAC9C,MAAM,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC;IAC9C,MAAM,oBAAoB,GAAG,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC;IAAE,IAAI,EAAE,GAAW,EAAE,CAAC;IAChH,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QACjD,IAAI,cAAsB,CAAC;QAC3B,IAAI,WAAW,CAAC,qBAAqB,IAAI,oBAAoB,EAAE,CAAC;YAC9D,MAAM,QAAQ,GAAG,oBAAoB,CAAC,WAAW,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC;YACjF,EAAE,GAAG,IAAA,gBAAG,EAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAC/B,cAAc,GAAG,IAAA,gBAAG,EAAC,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC;QAClD,CAAC;aAAM,CAAC;YACN,EAAE,GAAG,WAAW,CAAC,UAAU,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAQ;gBAClB,EAAE,EAAE,EAAE;gBACN,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,sBAAsB,CAAC,OAAO,CAAC,IAAI,CAAC;gBACjE,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE;gBACnC,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACtC,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE;gBACrC,YAAY,EAAE,oBAAoB;gBAClC,MAAM,EAAE,IAAI,CAAC,YAAY;aAC1B,CAAC;YACF,cAAc,GAAG,oBAAO,CAAC,kBAAkB,CAAC,oBAAO,CAAC,4BAA4B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACpG,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,uBAAuB,EAAE,CAAC;YACxD,gCAAgC;YAChC,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,wBAAwB,EAAG,GAAG,WAAW,CAAC;YAC7H,OAAO;gBACL,EAAE;gBACF,OAAO,EAAE,oBAAO,CAAC,sBAAsB,CAAC;oBACtC,iBAAiB;oBACjB,UAAU;oBACV,cAAc;oBACd,kBAAkB;oBAClB,wBAAwB;oBACxB,cAAc,EAAE,cAAc;oBAC9B,WAAW,EAAE,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC;oBACxD,eAAe,EAAE,WAAW,CAAC,eAAe,IAAI;wBAC9C,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE,EAAE,SAAS,EAAE,6DAA6D,EAAE,MAAM,EAAE,OAAO,EAAE;qBACxG;iBACF,CAAC;aACH,CAAC;QACJ,CAAC;QACD,OAAO;YACL,EAAE;YACF,OAAO,EAAE,oBAAO,CAAC,YAAY,CAAC,cAAc,CAAC;SAC9C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;AACvE,CAAC;AACD;;;;;;EAME;AACF,SAAS,oBAAoB,CAAC,WAAgB,EAAE,MAAW,EAAE,oBAA0D;IACrH,MAAM,QAAQ,GAAG;QACf,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU;QAC5B,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC,UAAU;KACjC,CAAC;IACF,IAAI,EAAE,GAAW,EAAE,CAAC;IACpB,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC;IAC9C,IAAI,QAAQ,IAAI,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,MAAM,EAAE,CAAC;QACjD,IAAI,eAAe,CAAC;QACpB,IAAI,WAAW,CAAC,sBAAsB,EAAE,CAAC;YACvC,MAAM,QAAQ,GAAG,oBAAoB,CAAC,WAAW,CAAC,sBAAsB,CAAC,OAAO,CAAC,CAAC;YAClF,EAAE,GAAG,QAAQ,CAAC,EAAE,CAAC;YACjB,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC;QACrC,CAAC;aAAM,CAAC;YACN,EAAE,GAAG,WAAW,CAAC,UAAU,EAAE,CAAC;YAC9B,MAAM,MAAM,GAAQ;gBAClB,EAAE,EAAE,EAAE;gBACN,WAAW,EAAE,QAAQ,CAAC,MAAM,CAAC,sBAAsB,CAAC,OAAO,CAAC,IAAI,CAAC;gBACjE,QAAQ,EAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE;gBACrC,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE;gBACnC,YAAY,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;gBACtC,UAAU,EAAE,mBAAU,CAAC,OAAO;gBAC9B,YAAY,EAAE,IAAA,gBAAG,EAAC,WAAW,EAAE,oBAAoB,EAAE,IAAI,CAAC;aAC3D,CAAC;YACF,eAAe,GAAG,oBAAO,CAAC,kBAAkB,CAAC,oBAAO,CAAC,6BAA6B,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACtG,CAAC;QACD,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,wBAAwB,EAAE,CAAC;YACzD,MAAM,EAAE,UAAU,EAAE,cAAc,EAAE,yBAAyB,EAAE,kBAAkB,EAAE,wBAAwB,EAAE,GAAG,WAAW,CAAC;YAC5H,OAAO;gBACL,EAAE;gBACF,OAAO,EAAE,oBAAO,CAAC,sBAAsB,CAAC;oBACtC,eAAe,EAAE,IAAI;oBACrB,wBAAwB,EAAE,wBAAwB;oBAClD,UAAU;oBACV,cAAc;oBACd,kBAAkB;oBAClB,cAAc,EAAE,eAAe;oBAC/B,WAAW,EAAE,QAAQ,CAAC,IAAI,CAAC,kBAAkB,CAAC,SAAS,CAAC;oBACxD,eAAe,EAAE;wBACf,MAAM,EAAE,IAAI;wBACZ,QAAQ,EAAE;4BACR,SAAS,EAAE,8DAA8D;4BACzE,MAAM,EAAE,OAAO;yBAChB;qBACF;iBACF,CAAC;aACH,CAAC;QACJ,CAAC;QACD,OAAO;YACL,EAAE;YACF,OAAO,EAAE,oBAAO,CAAC,YAAY,CAAC,eAAe,CAAC;SAC/C,CAAC;IACJ,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;AACxE,CAAC;AAED,MAAM,WAAW,GAAG;IAClB,kBAAkB;IAClB,mBAAmB;IACnB,mBAAmB;IACnB,oBAAoB;CACrB,CAAC;AAEF,kBAAe,WAAW,CAAC"}