From 787ca85c8dae6c769374766e40f8c1a08ac9a23e Mon Sep 17 00:00:00 2001 From: Daniel Lorigan Date: Tue, 4 Feb 2025 11:53:06 -0500 Subject: [PATCH 01/14] Fix up viewer prompt --- src/lib/utils/retreiveIPS.js | 4 ++-- src/routes/(viewer)/ips/+page.svelte | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/lib/utils/retreiveIPS.js b/src/lib/utils/retreiveIPS.js index 75d7dceb..96f2b656 100644 --- a/src/lib/utils/retreiveIPS.js +++ b/src/lib/utils/retreiveIPS.js @@ -20,7 +20,7 @@ async function retrieve(){ let passcode; const needPasscode = shlClient.flag({ shl }).includes('P'); if (needPasscode) { - passcode = prompt("Enter passcode for SMART Health Link"); + passcode = prompt("Patient Summary Viewer\n----------------------\nEnter passcode for SMART Health Link\nIf no passcode was set, just click \"OK\""); } $('#status').text("Retrieving contents..."); let retrieveResult; @@ -46,7 +46,7 @@ async function retrieve(){ } else if (retrieveResult.status === 401) { // Failed the password requirement while (retrieveResult.status === 401) { - passcode = prompt(`Enter passcode for SMART Health Link ${retrieveResult.error.remainingAttempts !== undefined ? "\nAttempts remaining: "+retrieveResult.error.remainingAttempts : ""}`); + passcode = prompt(`Patient Summary Viewer\n----------------------\nEnter passcode for SMART Health Link\nIf no passcode was set, just click \"OK\"${retrieveResult.error.remainingAttempts !== undefined ? "\nAttempts remaining: "+retrieveResult.error.remainingAttempts : ""}`); try { retrieveResult = await shlClient.retrieve({ shl, diff --git a/src/routes/(viewer)/ips/+page.svelte b/src/routes/(viewer)/ips/+page.svelte index e02b8498..0a06f035 100644 --- a/src/routes/(viewer)/ips/+page.svelte +++ b/src/routes/(viewer)/ips/+page.svelte @@ -98,7 +98,7 @@ let passcode; const needPasscode = shlClient.flag({ shl }).includes('P'); if (needPasscode) { - passcode = prompt("Enter passcode for SMART Health Link"); + passcode = prompt("Patient Summary Viewer\n----------------------------------------\nEnter passcode for SMART Health Link\nIf no passcode was set, just click \"OK\""); } let retrieveResult; try { @@ -123,7 +123,7 @@ } else if (retrieveResult.status === 401) { // Failed the password requirement while (retrieveResult.status === 401) { - passcode = prompt(`Enter passcode for SMART Health Link ${retrieveResult.error.remainingAttempts !== undefined ? "\nAttempts remaining: "+retrieveResult.error.remainingAttempts : ""}`); + passcode = prompt(`Patient Summary Viewer\n----------------------------------------\nEnter passcode for SMART Health Link\nIf no passcode was set, just click \"OK\"${retrieveResult.error.remainingAttempts !== undefined ? "\nAttempts remaining: "+retrieveResult.error.remainingAttempts : ""}`); try { retrieveResult = await shlClient.retrieve({ shl, From 2e5a3272e7e059c45638e7efae983f37b7726be0 Mon Sep 17 00:00:00 2001 From: Daniel Lorigan Date: Tue, 4 Feb 2025 11:53:21 -0500 Subject: [PATCH 02/14] Fix username display --- src/routes/(app)/+layout.svelte | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/routes/(app)/+layout.svelte b/src/routes/(app)/+layout.svelte index 77e826d7..e741a89c 100644 --- a/src/routes/(app)/+layout.svelte +++ b/src/routes/(app)/+layout.svelte @@ -168,7 +168,7 @@ Account - Welcome, {profile.given_name} + Welcome, {profile.given_name ?? profile.preferred_username} { authService.logout(); From bea771e5ea5704a004cfd703e00df21a4a265c20 Mon Sep 17 00:00:00 2001 From: Daniel Lorigan Date: Tue, 4 Feb 2025 13:10:07 -0500 Subject: [PATCH 03/14] Use custom version of retrieve function --- package-lock.json | 3 +- package.json | 2 +- src/lib/utils/managementClient.ts | 4 ++ src/routes/(viewer)/ips/+page.svelte | 95 +++++++++++++++++++++++++++- 4 files changed, 100 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 176d2d06..717e5fb2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,6 @@ "@types/node": "^20.8.7", "@types/pako": "^2.0.0", "@types/qrcode": "^1.5.0", - "base64url": "^3.0.1", "bootstrap": "^5.2.3", "fhirclient": "^2.5.2", "jose": "^4.11.4", @@ -26,6 +25,7 @@ "@sveltejs/adapter-auto": "^2.0.0", "@sveltejs/adapter-static": "^2.0.0", "@sveltejs/kit": "^1.5.0", + "base64url": "^3.0.1", "prettier": "^2.8.0", "prettier-plugin-svelte": "^2.8.1", "svelte": "^3.55.1", @@ -6861,6 +6861,7 @@ "version": "3.0.1", "resolved": "https://registry.npmjs.org/base64url/-/base64url-3.0.1.tgz", "integrity": "sha512-ir1UPr3dkwexU7FdV8qBBbNDRUhMmIekYMFZfi+C/sLNnRESKPl23nB9b2pltqfOQNnGzsDdId90AEtG5tCx4A==", + "dev": true, "engines": { "node": ">=6.0.0" } diff --git a/package.json b/package.json index d5c38294..8de75f28 100644 --- a/package.json +++ b/package.json @@ -16,6 +16,7 @@ "@sveltejs/adapter-auto": "^2.0.0", "@sveltejs/adapter-static": "^2.0.0", "@sveltejs/kit": "^1.5.0", + "base64url": "^3.0.1", "prettier": "^2.8.0", "prettier-plugin-svelte": "^2.8.1", "svelte": "^3.55.1", @@ -30,7 +31,6 @@ "@types/node": "^20.8.7", "@types/pako": "^2.0.0", "@types/qrcode": "^1.5.0", - "base64url": "^3.0.1", "bootstrap": "^5.2.3", "fhirclient": "^2.5.2", "jose": "^4.11.4", diff --git a/src/lib/utils/managementClient.ts b/src/lib/utils/managementClient.ts index 162d1b60..7b0f069b 100644 --- a/src/lib/utils/managementClient.ts +++ b/src/lib/utils/managementClient.ts @@ -68,10 +68,14 @@ export class SHLClient { }, body: JSON.stringify(config) }); + console.log(`Request: POST ${API_BASE}/shl`); + console.log("Request body: ", JSON.stringify(config)); const shlink = await res.text(); + console.log("Response body: ", shlink); const payload = shlink.split('/'); const decodedPayload = base64url.decode(payload[payload.length - 1]); const asString = new TextDecoder('utf-8').decode(decodedPayload); + console.log("Decoded payload: ", asString); const shl: SHLAdminParams = JSON.parse(asString); return shl; } diff --git a/src/routes/(viewer)/ips/+page.svelte b/src/routes/(viewer)/ips/+page.svelte index 0a06f035..5ec0c810 100644 --- a/src/routes/(viewer)/ips/+page.svelte +++ b/src/routes/(viewer)/ips/+page.svelte @@ -15,6 +15,8 @@ import * as shlClient from '$lib/utils/shlClient.js'; import { verify } from '$lib/utils/shcDecoder.js'; import type { Bundle, Composition, Patient } from 'fhir/r4'; + import decode from 'base64url'; + import * as jose from 'jose'; import IPSContent from '$lib/components/viewer/IPSContent.svelte'; import Demo from '$lib/components/viewer/Demo.svelte'; @@ -90,6 +92,94 @@ showError = message !== ""; } // End error display and handling logic +interface SHLinkConnectRequest { + shl: string; + recipient: string; + passcode?: string; +} + +interface SHLinkConnectResponse { + state: string; + shcs: string[]; +} + +interface SHLClientStateDecoded { + url: string; + key: string; + recipient: string; + passcode?: string; +} + +interface SHLDecoded { + url: string; + key: string; + flag?: string; + label?: string; +} + +interface SHLManifestFile { + files: { + contentType: string; + location: string; + embedded?: string; + }[]; +} +function decodeBase64urlToJson(s: string): T { + return JSON.parse(new TextDecoder('utf-8').decode(jose.base64url.decode(s))) as T; +} +async function retrieveIHETesting(configIncoming: SHLinkConnectRequest | {state: string}) { + const config: SHLinkConnectRequest = configIncoming.state ? JSON.parse(new TextDecoder('utf-8').decode(jose.base64url.decode(configIncoming.state))) : configIncoming + const shlBody = config.shl.split(/^(?:.+:\/.+#)?shlink:\//)[1]; + const parsedShl: SHLDecoded = decodeBase64urlToJson(shlBody); + const manifestResponse = await fetch(parsedShl.url, { + method: 'POST', + headers: { + 'content-type': 'application/json', + }, + body: JSON.stringify({ + passcode: config.passcode, + recipient: config.recipient, + }), + }); + let isJson = false; + let manifestResponseContent; + manifestResponseContent = await manifestResponse.text(); + try { + manifestResponseContent = JSON.parse(manifestResponseContent); + isJson = true; + } catch (error) { + console.warn("Manifest did not return JSON object"); + } + + if (!manifestResponse.ok || !isJson) { + return { + status: manifestResponse.status, + error: (manifestResponseContent ?? "") + }; + } else { + const allFiles = (manifestResponseContent as SHLManifestFile).files + .filter((f) => f.contentType === 'application/smart-health-card') + .map(async (f) => { + if (f.embedded !== undefined) { + return f.embedded + } else { + return fetch(f.location).then((f) => f.text()) + } + }); + + const decryptionKey = Buffer.from(decode(parsedShl.key)); + const allFilesDecrypted = allFiles.map(async (f) => { + const decrypted = await jose.compactDecrypt(await f, decryptionKey); + const decoded = new TextDecoder().decode(decrypted.plaintext); + return decoded; + }); + + const shcs = (await Promise.all(allFilesDecrypted)).flatMap((f) => JSON.parse(f)['verifiableCredential'] as string); + const result: SHLinkConnectResponse = { shcs, state: jose.base64url.encode(JSON.stringify(config))}; + + return result; + } +} // Retrieving SHL async function retrieve(){ @@ -103,8 +193,9 @@ let retrieveResult; try { retrieveResult = await shlClient.retrieve({ - shl, - passcode, + // retrieveResult = await retrieveIHETesting({ + shl: shl ?? "", + passcode: passcode ?? "", recipient }); } catch (e) { From 76bf480090aaf337eb6258a79d02b019d2c8162c Mon Sep 17 00:00:00 2001 From: Daniel Lorigan Date: Tue, 4 Feb 2025 15:08:14 -0500 Subject: [PATCH 04/14] Revert viewer changes --- src/routes/(viewer)/ips/+page.svelte | 91 ---------------------------- 1 file changed, 91 deletions(-) diff --git a/src/routes/(viewer)/ips/+page.svelte b/src/routes/(viewer)/ips/+page.svelte index 5ec0c810..e79fb41b 100644 --- a/src/routes/(viewer)/ips/+page.svelte +++ b/src/routes/(viewer)/ips/+page.svelte @@ -15,8 +15,6 @@ import * as shlClient from '$lib/utils/shlClient.js'; import { verify } from '$lib/utils/shcDecoder.js'; import type { Bundle, Composition, Patient } from 'fhir/r4'; - import decode from 'base64url'; - import * as jose from 'jose'; import IPSContent from '$lib/components/viewer/IPSContent.svelte'; import Demo from '$lib/components/viewer/Demo.svelte'; @@ -92,94 +90,6 @@ showError = message !== ""; } // End error display and handling logic -interface SHLinkConnectRequest { - shl: string; - recipient: string; - passcode?: string; -} - -interface SHLinkConnectResponse { - state: string; - shcs: string[]; -} - -interface SHLClientStateDecoded { - url: string; - key: string; - recipient: string; - passcode?: string; -} - -interface SHLDecoded { - url: string; - key: string; - flag?: string; - label?: string; -} - -interface SHLManifestFile { - files: { - contentType: string; - location: string; - embedded?: string; - }[]; -} -function decodeBase64urlToJson(s: string): T { - return JSON.parse(new TextDecoder('utf-8').decode(jose.base64url.decode(s))) as T; -} -async function retrieveIHETesting(configIncoming: SHLinkConnectRequest | {state: string}) { - const config: SHLinkConnectRequest = configIncoming.state ? JSON.parse(new TextDecoder('utf-8').decode(jose.base64url.decode(configIncoming.state))) : configIncoming - const shlBody = config.shl.split(/^(?:.+:\/.+#)?shlink:\//)[1]; - const parsedShl: SHLDecoded = decodeBase64urlToJson(shlBody); - const manifestResponse = await fetch(parsedShl.url, { - method: 'POST', - headers: { - 'content-type': 'application/json', - }, - body: JSON.stringify({ - passcode: config.passcode, - recipient: config.recipient, - }), - }); - let isJson = false; - let manifestResponseContent; - manifestResponseContent = await manifestResponse.text(); - try { - manifestResponseContent = JSON.parse(manifestResponseContent); - isJson = true; - } catch (error) { - console.warn("Manifest did not return JSON object"); - } - - if (!manifestResponse.ok || !isJson) { - return { - status: manifestResponse.status, - error: (manifestResponseContent ?? "") - }; - } else { - const allFiles = (manifestResponseContent as SHLManifestFile).files - .filter((f) => f.contentType === 'application/smart-health-card') - .map(async (f) => { - if (f.embedded !== undefined) { - return f.embedded - } else { - return fetch(f.location).then((f) => f.text()) - } - }); - - const decryptionKey = Buffer.from(decode(parsedShl.key)); - const allFilesDecrypted = allFiles.map(async (f) => { - const decrypted = await jose.compactDecrypt(await f, decryptionKey); - const decoded = new TextDecoder().decode(decrypted.plaintext); - return decoded; - }); - - const shcs = (await Promise.all(allFilesDecrypted)).flatMap((f) => JSON.parse(f)['verifiableCredential'] as string); - const result: SHLinkConnectResponse = { shcs, state: jose.base64url.encode(JSON.stringify(config))}; - - return result; - } -} // Retrieving SHL async function retrieve(){ @@ -193,7 +103,6 @@ async function retrieveIHETesting(configIncoming: SHLinkConnectRequest | {state: let retrieveResult; try { retrieveResult = await shlClient.retrieve({ - // retrieveResult = await retrieveIHETesting({ shl: shl ?? "", passcode: passcode ?? "", recipient From 97578315f68b0eec71a3a6fc939df870557ce1bc Mon Sep 17 00:00:00 2001 From: Daniel Lorigan Date: Tue, 4 Feb 2025 15:12:19 -0500 Subject: [PATCH 05/14] Add fields for create config w/vs --- src/lib/utils/managementClient.ts | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/lib/utils/managementClient.ts b/src/lib/utils/managementClient.ts index 7b0f069b..eb1507c3 100644 --- a/src/lib/utils/managementClient.ts +++ b/src/lib/utils/managementClient.ts @@ -5,6 +5,9 @@ import type { AuthService } from './AuthService'; interface ConfigForServer extends Pick { userId?: string; + patientId?: string; + pin?: string; + patientIdentifierSystem?: string; } export interface SHLAdminParams { @@ -61,14 +64,20 @@ export class SHLClient { async createShl(config: ConfigForServer = {}): Promise { config.userId = (await this.auth.getProfile())?.sub; - const res = await fetch(`${API_BASE}/shl`, { + config.patientId = config.userId; + config.pin = config.passcode; + config.patientIdentifierSystem = "http://keycloak.ips-shl.ubu.dlorigan.dev.cirg.uw.edu"; + // const res = await fetch(`${API_BASE}/shl`, { + const res = await fetch(`https://pancanadianio.ca::10245/myhealth-gateway/v1/patient-summary`, { method: 'POST', headers: { - 'content-type': 'application/json' + 'content-type': 'application/json', + "Authorization": `Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfTENVTExfanhlb2JQYmtBM3lIaUV0OHlMdzVDVUF5ODVFYnVmTE9xeXNJIn0.eyJleHAiOjE3Mzg3MDA0NTUsImlhdCI6MTczODY5OTI1NSwianRpIjoiMDI4NjJhZTUtM2I0OC00MGVkLWI0NDAtYWZkMmVlZjA5NThkIiwiaXNzIjoiaHR0cHM6Ly9wYW5jYW5hZGlhbmlvLmNhOjEwMTAwL2F1dGgvcmVhbG1zL3BzLWNhIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImRkZWFmMjNmLThhZDktNDNlMy1hMzExLWYyM2FiY2RmNjgzZCIsInR5cCI6IkJlYXJlciIsImF6cCI6Imd1ZXN0LXJlc3QtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImU4ZmMzOGM5LTNlZTMtNGM3Zi1iZjk0LTllNzMxYTFhYTdiOSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSBDQUZFWC0yIiwiY2xpZW50SG9zdCI6IjE1LjIyMi4xMDguNDk6NTY3OCIsImNsaWVudElkIjoiZ3Vlc3QtcmVzdC1jbGllbnQiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1ndWVzdC1yZXN0LWNsaWVudCIsImNsaWVudEFkZHJlc3MiOiIxNS4yMjIuMTA4LjQ5OjU2NzgifQ.R2rwb_ToM7cYXrezvDB1vAwTdDNLqwZXTzFDEGX1MN8UWys_ln0QX2D3-AXFdP4RsiRtDRkMwboyTLTTb9_Kb5EaosCoN3T_U5qFefusWSs25j4LAsYXB3X-uKt_MHxjAfGzXoA8z5RyHcX4NpP2ruG3oKJptULT1ozptHgrxGEpwRCBrTGPHDmwIiPe2w6QMsw0Oo9gEf5iPQvbjIASIXMsVpJCFhUC2CTibpL7pCbernGAI-GTcyhN7lFmLvkZ-ItwTk7IhxeZFldu7mmi8ry8iwv1c7WvynoQ6qKgLyZTtMaNnAQfom45q-gVhHQFiYrQdcbFR2fWTNPnDISPXg` }, body: JSON.stringify(config) }); console.log(`Request: POST ${API_BASE}/shl`); + console.log(`Request: POST https://pancanadianio.ca::10245/myhealth-gateway/v1/patient-summary`); console.log("Request body: ", JSON.stringify(config)); const shlink = await res.text(); console.log("Response body: ", shlink); From 43154e471e14ef8473210af8a1c85072e53a0e9a Mon Sep 17 00:00:00 2001 From: Daniel Lorigan Date: Tue, 4 Feb 2025 15:16:05 -0500 Subject: [PATCH 06/14] Fix urls --- src/lib/utils/managementClient.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lib/utils/managementClient.ts b/src/lib/utils/managementClient.ts index eb1507c3..76c161b3 100644 --- a/src/lib/utils/managementClient.ts +++ b/src/lib/utils/managementClient.ts @@ -68,7 +68,7 @@ export class SHLClient { config.pin = config.passcode; config.patientIdentifierSystem = "http://keycloak.ips-shl.ubu.dlorigan.dev.cirg.uw.edu"; // const res = await fetch(`${API_BASE}/shl`, { - const res = await fetch(`https://pancanadianio.ca::10245/myhealth-gateway/v1/patient-summary`, { + const res = await fetch(`https://pancanadianio.ca:10245/myhealth-gateway/v1/patient-summary`, { method: 'POST', headers: { 'content-type': 'application/json', @@ -77,7 +77,7 @@ export class SHLClient { body: JSON.stringify(config) }); console.log(`Request: POST ${API_BASE}/shl`); - console.log(`Request: POST https://pancanadianio.ca::10245/myhealth-gateway/v1/patient-summary`); + console.log(`Request: POST https://pancanadianio.ca:10245/myhealth-gateway/v1/patient-summary`); console.log("Request body: ", JSON.stringify(config)); const shlink = await res.text(); console.log("Response body: ", shlink); From ff4f8e4c16baa4c7823f97d4abed6548cc07892f Mon Sep 17 00:00:00 2001 From: Daniel Lorigan Date: Tue, 4 Feb 2025 15:29:42 -0500 Subject: [PATCH 07/14] Update BT --- src/lib/utils/managementClient.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/utils/managementClient.ts b/src/lib/utils/managementClient.ts index 76c161b3..d2d7cf3f 100644 --- a/src/lib/utils/managementClient.ts +++ b/src/lib/utils/managementClient.ts @@ -72,7 +72,7 @@ export class SHLClient { method: 'POST', headers: { 'content-type': 'application/json', - "Authorization": `Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfTENVTExfanhlb2JQYmtBM3lIaUV0OHlMdzVDVUF5ODVFYnVmTE9xeXNJIn0.eyJleHAiOjE3Mzg3MDA0NTUsImlhdCI6MTczODY5OTI1NSwianRpIjoiMDI4NjJhZTUtM2I0OC00MGVkLWI0NDAtYWZkMmVlZjA5NThkIiwiaXNzIjoiaHR0cHM6Ly9wYW5jYW5hZGlhbmlvLmNhOjEwMTAwL2F1dGgvcmVhbG1zL3BzLWNhIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImRkZWFmMjNmLThhZDktNDNlMy1hMzExLWYyM2FiY2RmNjgzZCIsInR5cCI6IkJlYXJlciIsImF6cCI6Imd1ZXN0LXJlc3QtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImU4ZmMzOGM5LTNlZTMtNGM3Zi1iZjk0LTllNzMxYTFhYTdiOSIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSBDQUZFWC0yIiwiY2xpZW50SG9zdCI6IjE1LjIyMi4xMDguNDk6NTY3OCIsImNsaWVudElkIjoiZ3Vlc3QtcmVzdC1jbGllbnQiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1ndWVzdC1yZXN0LWNsaWVudCIsImNsaWVudEFkZHJlc3MiOiIxNS4yMjIuMTA4LjQ5OjU2NzgifQ.R2rwb_ToM7cYXrezvDB1vAwTdDNLqwZXTzFDEGX1MN8UWys_ln0QX2D3-AXFdP4RsiRtDRkMwboyTLTTb9_Kb5EaosCoN3T_U5qFefusWSs25j4LAsYXB3X-uKt_MHxjAfGzXoA8z5RyHcX4NpP2ruG3oKJptULT1ozptHgrxGEpwRCBrTGPHDmwIiPe2w6QMsw0Oo9gEf5iPQvbjIASIXMsVpJCFhUC2CTibpL7pCbernGAI-GTcyhN7lFmLvkZ-ItwTk7IhxeZFldu7mmi8ry8iwv1c7WvynoQ6qKgLyZTtMaNnAQfom45q-gVhHQFiYrQdcbFR2fWTNPnDISPXg` + "Authorization": `Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfTENVTExfanhlb2JQYmtBM3lIaUV0OHlMdzVDVUF5ODVFYnVmTE9xeXNJIn0.eyJleHAiOjE3Mzg3MDIxNDEsImlhdCI6MTczODcwMDk0MSwianRpIjoiODZmYzE0MzktNjM1Mi00Y2M1LWI3ZjctZjhhMTZkZWZiMzhjIiwiaXNzIjoiaHR0cHM6Ly9wYW5jYW5hZGlhbmlvLmNhOjEwMTAwL2F1dGgvcmVhbG1zL3BzLWNhIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImRkZWFmMjNmLThhZDktNDNlMy1hMzExLWYyM2FiY2RmNjgzZCIsInR5cCI6IkJlYXJlciIsImF6cCI6Imd1ZXN0LXJlc3QtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImI5MWI0NTZjLTU4YjItNGYxZC04ZWQ2LWFmY2E4ZjUyZDFjZCIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSBDQUZFWC0yIiwiY2xpZW50SG9zdCI6IjE1LjIyMi4xMDguNDk6MTIxODgiLCJjbGllbnRJZCI6Imd1ZXN0LXJlc3QtY2xpZW50IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtZ3Vlc3QtcmVzdC1jbGllbnQiLCJjbGllbnRBZGRyZXNzIjoiMTUuMjIyLjEwOC40OToxMjE4OCJ9.EAVSbH0RVMGfkX5sxdTKAI6lc_N2_s40z3fcCoWBVChwhOXMZEnkzoz_zGMQjbs8cexVtazXaAeJNmGd85YOpAh4f2HZzO1xyVJxkdBK1iMtd6undZ0_pi1LosKI7wl0qkYVr0HP4RcYgJnQMzcSCBxEVvvBBde53OyTG9eO420d6FrIUjey0OJz62SA_bJdy71HyIpDjruH_hkoKzU7C7X3k-JI9CUNb3QuzGrq947EVRz3ctlbhExcpyZ20x7s5CLXBKdM4p4ginRwhMrovDBqyGmXAOo7azExuOTVruAgeRf8xIkFat9EWWCyOGcCusCF4F9qwt0OsqXI_5MsUg` }, body: JSON.stringify(config) }); From eb9c696079e6d501ce11fc84e5494f82d2622a66 Mon Sep 17 00:00:00 2001 From: Daniel Lorigan Date: Tue, 4 Feb 2025 21:27:28 -0500 Subject: [PATCH 08/14] Add buffer lib for shl decoding --- package-lock.json | 43 ++++++++++++++++++++++++++++++++----------- package.json | 1 + 2 files changed, 33 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index 717e5fb2..c18b292f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13,6 +13,7 @@ "@types/pako": "^2.0.0", "@types/qrcode": "^1.5.0", "bootstrap": "^5.2.3", + "buffer": "^6.0.3", "fhirclient": "^2.5.2", "jose": "^4.11.4", "oidc-client-ts": "^3.1.0", @@ -6854,8 +6855,7 @@ "type": "consulting", "url": "https://feross.org/support" } - ], - "optional": true + ] }, "node_modules/base64url": { "version": "3.0.1", @@ -6910,6 +6910,31 @@ "readable-stream": "^3.4.0" } }, + "node_modules/bl/node_modules/buffer": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", + "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "optional": true, + "peer": true, + "dependencies": { + "base64-js": "^1.3.1", + "ieee754": "^1.1.13" + } + }, "node_modules/bl/node_modules/readable-stream": { "version": "3.6.2", "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz", @@ -7195,9 +7220,9 @@ } }, "node_modules/buffer": { - "version": "5.7.1", - "resolved": "https://registry.npmjs.org/buffer/-/buffer-5.7.1.tgz", - "integrity": "sha512-EHcyIPBQ4BSGlvjB16k5KgAJ27CIsHY/2JBmCRReo48y9rQ3MaUzWX3KVlBa4U7MyX02HdVj0K7C3WaB3ju7FQ==", + "version": "6.0.3", + "resolved": "https://registry.npmjs.org/buffer/-/buffer-6.0.3.tgz", + "integrity": "sha512-FTiCpNxtwiZZHEZbcbTIcZjERVICn9yq/pDFkTl95/AxzD1naBctN7YO68riM/gLSDY7sdrMby8hofADYuuqOA==", "funding": [ { "type": "github", @@ -7212,11 +7237,9 @@ "url": "https://feross.org/support" } ], - "optional": true, - "peer": true, "dependencies": { "base64-js": "^1.3.1", - "ieee754": "^1.1.13" + "ieee754": "^1.2.1" } }, "node_modules/buffer-alloc": { @@ -9704,9 +9727,7 @@ "type": "consulting", "url": "https://feross.org/support" } - ], - "optional": true, - "peer": true + ] }, "node_modules/ignore": { "version": "5.2.4", diff --git a/package.json b/package.json index 8de75f28..c7efb5ea 100644 --- a/package.json +++ b/package.json @@ -32,6 +32,7 @@ "@types/pako": "^2.0.0", "@types/qrcode": "^1.5.0", "bootstrap": "^5.2.3", + "buffer": "^6.0.3", "fhirclient": "^2.5.2", "jose": "^4.11.4", "oidc-client-ts": "^3.1.0", From fbb32393496dce5a5532dea9ec6c220b1911b63b Mon Sep 17 00:00:00 2001 From: Daniel Lorigan Date: Wed, 5 Feb 2025 00:50:11 -0500 Subject: [PATCH 09/14] Add local shlClient with json file support --- src/lib/utils/shlClient-local.ts | 151 +++++++++++++++++++++++++++ src/routes/(viewer)/ips/+page.svelte | 15 +-- 2 files changed, 160 insertions(+), 6 deletions(-) create mode 100644 src/lib/utils/shlClient-local.ts diff --git a/src/lib/utils/shlClient-local.ts b/src/lib/utils/shlClient-local.ts new file mode 100644 index 00000000..aac1b649 --- /dev/null +++ b/src/lib/utils/shlClient-local.ts @@ -0,0 +1,151 @@ +import base64url from 'base64url'; +import * as jose from 'jose'; +import { Buffer } from 'buffer'; + +export interface SHLinkConnectRequest { + shl: string; + recipient: string; + passcode?: string; +} + +export interface SHLinkConnectResponse { + state: string; + shcs: string[]; + jsons: string[]; +} + +export interface SHLClientStateDecoded { + url: string; + key: string; + recipient: string; + passcode?: string; +} + +export interface SHLDecoded { + url: string; + key: string; + flag?: string; + label?: string; +} + +export interface SHLManifestFile { + files: { + contentType: string; + location: string; + embedded?: string; + }[]; +} + +export function randomStringWithEntropy(entropy: number) { + const b = new Uint8Array(entropy); + crypto.getRandomValues(b); + return base64url.encode(b.buffer as Buffer); +} + +export function decodeBase64urlToJson(s: string): T { + return JSON.parse(Buffer.from(s, 'base64').toString()) as T; +} + +export function decodeToJson(s: Uint8Array): T { + return JSON.parse(new TextDecoder().decode(s)) as T; +} + +export interface Manifest { + file: { contentType: string; location: string }[]; +} + +export function flag(config: { shl: string }) { + const shlBody = config.shl.split(/^(?:.+:\/.+#)?shlink:\//)[1]; + const parsedShl: SHLDecoded = decodeBase64urlToJson(shlBody); + return parsedShl?.flag; +} + +function needPasscode(config: { shl: string }) { + const shlBody = config.shl.split(/^(?:.+:\/.+#)?shlink:\//)[1]; + const parsedShl: SHLDecoded = decodeBase64urlToJson(shlBody); + if (parsedShl.flag?.includes('P')) { + return true; + } + + return false; +} + +export function id(config: { shl: string }) { + const shlBody = config.shl.split(/^(?:.+:\/.+#)?shlink:\//)[1]; + const parsedShl: SHLDecoded = decodeBase64urlToJson(shlBody); + return new URL(parsedShl?.url).href.split("/").pop(); +} + +export async function retrieve(configIncoming: SHLinkConnectRequest | {state: string}) { + const config: SHLinkConnectRequest = configIncoming["state"] ? JSON.parse(base64url.decode(configIncoming["state"])) : configIncoming + const shlBody = config.shl.split(/^(?:.+:\/.+#)?shlink:\//)[1]; + const parsedShl: SHLDecoded = decodeBase64urlToJson(shlBody); + const manifestResponse = await fetch(parsedShl.url, { + method: 'POST', + headers: { + 'content-type': 'application/json', + }, + body: JSON.stringify({ + passcode: config.passcode, + recipient: config.recipient, + }), + }); + let isJson = false; + let manifestResponseContent; + manifestResponseContent = await manifestResponse.text(); + try { + manifestResponseContent = JSON.parse(manifestResponseContent); + isJson = true; + } catch (error) { + console.warn("Manifest did not return JSON object"); + } + + if (!manifestResponse.ok || !isJson) { + return { + status: manifestResponse.status, + error: (manifestResponseContent ?? "") + }; + } else { + const decryptionKey = Buffer.from(parsedShl.key, 'base64'); + const allFiles = (manifestResponseContent as SHLManifestFile).files + .filter((f) => f.contentType === 'application/smart-health-card') + .map(async (f) => { + if (f.embedded !== undefined) { + return f.embedded + } else { + return fetch(f.location).then((f) => f.text()) + } + }); + + const allFilesDecrypted = allFiles.map(async (f) => { + const decrypted = await jose.compactDecrypt(await f, decryptionKey); + const decoded = new TextDecoder().decode(decrypted.plaintext); + return decoded; + }); + + const shcs = (await Promise.all(allFilesDecrypted)).flatMap((f) => JSON.parse(f)['verifiableCredential'] as string); + + const jsonFiles = (manifestResponseContent as SHLManifestFile).files + .filter((f) => f.contentType === 'application/json+fhir') + .map(async (f) => { + if (f.embedded !== undefined) { + return f.embedded + } else { + return fetch(f.location).then((f) => f.text()) + } + }); + + const allJsonFilesDecrypted = jsonFiles.map(async (f) => { + const decrypted = await jose.compactDecrypt(await f, decryptionKey); + const decoded = new TextDecoder().decode(decrypted.plaintext); + return decoded; + }); + + const jsons = (await Promise.all(allJsonFilesDecrypted)).flatMap((f) => JSON.parse(f)); + + + const result: SHLinkConnectResponse = { shcs, jsons, state: btoa(JSON.stringify(config))}; + + return result; + } +} diff --git a/src/routes/(viewer)/ips/+page.svelte b/src/routes/(viewer)/ips/+page.svelte index e79fb41b..c431b2a8 100644 --- a/src/routes/(viewer)/ips/+page.svelte +++ b/src/routes/(viewer)/ips/+page.svelte @@ -12,7 +12,7 @@ TabPane, Row, } from 'sveltestrap'; - import * as shlClient from '$lib/utils/shlClient.js'; + import * as shlClient from '$lib/utils/shlClient-local'; import { verify } from '$lib/utils/shcDecoder.js'; import type { Bundle, Composition, Patient } from 'fhir/r4'; @@ -96,7 +96,7 @@ const recipient = "WA Verify+ IPS Viewer"; let passcode; - const needPasscode = shlClient.flag({ shl }).includes('P'); + const needPasscode = shlClient.flag({ shl: shl ?? "" })?.includes('P'); if (needPasscode) { passcode = prompt("Patient Summary Viewer\n----------------------------------------\nEnter passcode for SMART Health Link\nIf no passcode was set, just click \"OK\""); } @@ -118,7 +118,7 @@ if (retrieveResult.status) { if (retrieveResult.status === 404) { // Couldn't find the shl, or it's been deactivated - const managerLink = `Manage or reactivate it here`; + const managerLink = `Manage or reactivate it here`; errorMsg = `

The requested SHL does not exist or has been deactivated.

Are you the owner of this link? ${managerLink}

`; } else if (retrieveResult.status === 401) { // Failed the password requirement @@ -126,8 +126,8 @@ passcode = prompt(`Patient Summary Viewer\n----------------------------------------\nEnter passcode for SMART Health Link\nIf no passcode was set, just click \"OK\"${retrieveResult.error.remainingAttempts !== undefined ? "\nAttempts remaining: "+retrieveResult.error.remainingAttempts : ""}`); try { retrieveResult = await shlClient.retrieve({ - shl, - passcode, + shl: shl ?? "", + passcode: passcode ?? "", recipient }); } catch (e) { @@ -137,7 +137,7 @@ } } if (retrieveResult.error) { - const managerLink = `Manage or reactivate it here`; + const managerLink = `Manage or reactivate it here`; errorMsg = `

The requested SHL has been deactivated due to too many failed password attempts.

Are you the owner of this link? ${managerLink}

`; } } else { @@ -152,6 +152,9 @@ const data = decoded.map((e) => e.fhirBundle); shlContents = data; } + if (retrieveResult.jsons) { + shlContents = [...shlContents, ...retrieveResult.jsons]; + } } // End retrieving SHL From 46ac413989a20534abea5043769f507088f23fb8 Mon Sep 17 00:00:00 2001 From: daniellrgn Date: Tue, 18 Feb 2025 20:02:51 -0800 Subject: [PATCH 10/14] Fix url dropdown overflow --- src/lib/components/app/FetchUrl.svelte | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/components/app/FetchUrl.svelte b/src/lib/components/app/FetchUrl.svelte index 1ce05266..33e76597 100644 --- a/src/lib/components/app/FetchUrl.svelte +++ b/src/lib/components/app/FetchUrl.svelte @@ -107,7 +107,7 @@ color: rgb(50, 50, 50);"/> - + {#if Object.keys(PATIENT_IPS).length > 0} Actual Patient Data (permitted for use) {#each Object.entries(PATIENT_IPS) as [title, url]} From 8e93f26a5553d2ac1cfca77bcef252692ab292b4 Mon Sep 17 00:00:00 2001 From: daniellrgn Date: Tue, 18 Feb 2025 20:03:07 -0800 Subject: [PATCH 11/14] Fix typescript config warning --- tsconfig.json | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/tsconfig.json b/tsconfig.json index 47d7d506..b918447b 100644 --- a/tsconfig.json +++ b/tsconfig.json @@ -14,10 +14,9 @@ "moduleResolution": "node", "module": "ESNext", "noEmit": true, - "lib": ["es2022"], + "lib": ["es2022", "dom"], // "outDir": "dist", "sourceMap": true, - "suppressImplicitAnyIndexErrors": true, "ignoreDeprecations": "5.0", } // Path aliases are handled by https://kit.svelte.dev/docs/configuration#alias From 339d62f7071ad88d176df03698f5bef1ecad18d0 Mon Sep 17 00:00:00 2001 From: daniellrgn Date: Tue, 18 Feb 2025 20:05:30 -0800 Subject: [PATCH 12/14] Add shl api fields (management token and userId) to bridge new auth --- src/lib/utils/managementClient.ts | 26 ++++++++------------------ 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/src/lib/utils/managementClient.ts b/src/lib/utils/managementClient.ts index d2d7cf3f..c548b0dd 100644 --- a/src/lib/utils/managementClient.ts +++ b/src/lib/utils/managementClient.ts @@ -64,27 +64,17 @@ export class SHLClient { async createShl(config: ConfigForServer = {}): Promise { config.userId = (await this.auth.getProfile())?.sub; - config.patientId = config.userId; - config.pin = config.passcode; - config.patientIdentifierSystem = "http://keycloak.ips-shl.ubu.dlorigan.dev.cirg.uw.edu"; - // const res = await fetch(`${API_BASE}/shl`, { - const res = await fetch(`https://pancanadianio.ca:10245/myhealth-gateway/v1/patient-summary`, { + const res = await fetch(`${API_BASE}/shl`, { method: 'POST', headers: { - 'content-type': 'application/json', - "Authorization": `Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJfTENVTExfanhlb2JQYmtBM3lIaUV0OHlMdzVDVUF5ODVFYnVmTE9xeXNJIn0.eyJleHAiOjE3Mzg3MDIxNDEsImlhdCI6MTczODcwMDk0MSwianRpIjoiODZmYzE0MzktNjM1Mi00Y2M1LWI3ZjctZjhhMTZkZWZiMzhjIiwiaXNzIjoiaHR0cHM6Ly9wYW5jYW5hZGlhbmlvLmNhOjEwMTAwL2F1dGgvcmVhbG1zL3BzLWNhIiwiYXVkIjoiYWNjb3VudCIsInN1YiI6ImRkZWFmMjNmLThhZDktNDNlMy1hMzExLWYyM2FiY2RmNjgzZCIsInR5cCI6IkJlYXJlciIsImF6cCI6Imd1ZXN0LXJlc3QtY2xpZW50Iiwic2Vzc2lvbl9zdGF0ZSI6ImI5MWI0NTZjLTU4YjItNGYxZC04ZWQ2LWFmY2E4ZjUyZDFjZCIsImFjciI6IjEiLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsib2ZmbGluZV9hY2Nlc3MiLCJ1bWFfYXV0aG9yaXphdGlvbiJdfSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyIsInZpZXctcHJvZmlsZSJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSBDQUZFWC0yIiwiY2xpZW50SG9zdCI6IjE1LjIyMi4xMDguNDk6MTIxODgiLCJjbGllbnRJZCI6Imd1ZXN0LXJlc3QtY2xpZW50IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJzZXJ2aWNlLWFjY291bnQtZ3Vlc3QtcmVzdC1jbGllbnQiLCJjbGllbnRBZGRyZXNzIjoiMTUuMjIyLjEwOC40OToxMjE4OCJ9.EAVSbH0RVMGfkX5sxdTKAI6lc_N2_s40z3fcCoWBVChwhOXMZEnkzoz_zGMQjbs8cexVtazXaAeJNmGd85YOpAh4f2HZzO1xyVJxkdBK1iMtd6undZ0_pi1LosKI7wl0qkYVr0HP4RcYgJnQMzcSCBxEVvvBBde53OyTG9eO420d6FrIUjey0OJz62SA_bJdy71HyIpDjruH_hkoKzU7C7X3k-JI9CUNb3QuzGrq947EVRz3ctlbhExcpyZ20x7s5CLXBKdM4p4ginRwhMrovDBqyGmXAOo7azExuOTVruAgeRf8xIkFat9EWWCyOGcCusCF4F9qwt0OsqXI_5MsUg` + "Content-Type": 'application/json', }, body: JSON.stringify(config) }); - console.log(`Request: POST ${API_BASE}/shl`); - console.log(`Request: POST https://pancanadianio.ca:10245/myhealth-gateway/v1/patient-summary`); - console.log("Request body: ", JSON.stringify(config)); const shlink = await res.text(); - console.log("Response body: ", shlink); const payload = shlink.split('/'); const decodedPayload = base64url.decode(payload[payload.length - 1]); const asString = new TextDecoder('utf-8').decode(decodedPayload); - console.log("Decoded payload: ", asString); const shl: SHLAdminParams = JSON.parse(asString); return shl; } @@ -93,7 +83,7 @@ export class SHLClient { const res = await fetch(`${API_BASE}/shl/${shl.id}`, { method: 'DELETE', headers: { - authorization: `Bearer ${shl.managementToken}` + "Authorization": `Bearer ${shl.managementToken}` } }); const deleted = await res.json(); @@ -105,7 +95,7 @@ export class SHLClient { method: 'PUT', body: JSON.stringify({ passcode: shl.passcode, exp: shl.exp, label: shl.label }), headers: { - authorization: `Bearer ${shl.managementToken}` + "Authorization": `Bearer ${shl.managementToken}` } }); const updatedShl = await res.json(); @@ -148,7 +138,7 @@ export class SHLClient { const res = await fetch(`${API_BASE}/shl/${shl.id}/reactivate`, { method: 'PUT', headers: { - authorization: `Bearer ${shl.managementToken}` + "Authorization": `Bearer ${shl.managementToken}` } }); const reactivated = await res.json(); @@ -176,8 +166,8 @@ export class SHLClient { const res = await fetch(`${API_BASE}/shl/${shl.id}/file`, { method: 'POST', headers: { - 'content-type': contentType, - authorization: `Bearer ${shl.managementToken}` + "Content-Type": contentType, + "Authorization": `Bearer ${shl.managementToken}` }, body: contentEncrypted }); @@ -189,7 +179,7 @@ export class SHLClient { const res = await fetch(`${API_BASE}/shl/${shl.id}/file`, { method: 'DELETE', headers: { - authorization: `Bearer ${shl.managementToken}` + "Authorization": `Bearer ${shl.managementToken}` }, body: contentHash }); From db76934186465f21e1a9197feea336e354c1fe27 Mon Sep 17 00:00:00 2001 From: daniellrgn Date: Tue, 18 Feb 2025 20:06:40 -0800 Subject: [PATCH 13/14] Fix json shl content type check --- src/lib/utils/shlClient-local.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/utils/shlClient-local.ts b/src/lib/utils/shlClient-local.ts index aac1b649..7e8c46b3 100644 --- a/src/lib/utils/shlClient-local.ts +++ b/src/lib/utils/shlClient-local.ts @@ -126,7 +126,7 @@ export async function retrieve(configIncoming: SHLinkConnectRequest | {state: st const shcs = (await Promise.all(allFilesDecrypted)).flatMap((f) => JSON.parse(f)['verifiableCredential'] as string); const jsonFiles = (manifestResponseContent as SHLManifestFile).files - .filter((f) => f.contentType === 'application/json+fhir') + .filter((f) => f.contentType === 'application/fhir+json') .map(async (f) => { if (f.embedded !== undefined) { return f.embedded From 36e953572a1f4729dbe8214db184ce00ada5d38c Mon Sep 17 00:00:00 2001 From: daniellrgn Date: Tue, 18 Feb 2025 20:29:29 -0800 Subject: [PATCH 14/14] Replace minified shlClient.js with shlClient.ts --- src/lib/utils/shlClient.js | 9 --------- src/lib/utils/shlClient.js.map | 7 ------- src/lib/utils/{shlClient-local.ts => shlClient.ts} | 0 src/routes/(viewer)/ips/+page.svelte | 2 +- 4 files changed, 1 insertion(+), 17 deletions(-) delete mode 100644 src/lib/utils/shlClient.js delete mode 100644 src/lib/utils/shlClient.js.map rename src/lib/utils/{shlClient-local.ts => shlClient.ts} (100%) diff --git a/src/lib/utils/shlClient.js b/src/lib/utils/shlClient.js deleted file mode 100644 index 9b541989..00000000 --- a/src/lib/utils/shlClient.js +++ /dev/null @@ -1,9 +0,0 @@ -var $t=Object.create;var tt=Object.defineProperty;var Gt=Object.getOwnPropertyDescriptor;var Vt=Object.getOwnPropertyNames;var zt=Object.getPrototypeOf,Yt=Object.prototype.hasOwnProperty;var qt=(t,e)=>()=>(t&&(e=t(t=0)),e);var V=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports);var Xt=(t,e,r,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let i of Vt(e))!Yt.call(t,i)&&i!==r&&tt(t,i,{get:()=>e[i],enumerable:!(n=Gt(e,i))||n.enumerable});return t};var Zt=(t,e,r)=>(r=t!=null?$t(zt(t)):{},Xt(e||!t||!t.__esModule?tt(r,"default",{value:t,enumerable:!0}):r,t));var it=V(ue=>{"use strict";s();ue.byteLength=jt;ue.toByteArray=tr;ue.fromByteArray=ir;var W=[],B=[],Qt=typeof Uint8Array<"u"?Uint8Array:Array,We="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";for(O=0,rt=We.length;O0)throw new Error("Invalid string. Length must be a multiple of 4");var r=t.indexOf("=");r===-1&&(r=e);var n=r===e?0:4-r%4;return[r,n]}function jt(t){var e=nt(t),r=e[0],n=e[1];return(r+n)*3/4-n}function er(t,e,r){return(e+r)*3/4-r}function tr(t){var e,r=nt(t),n=r[0],i=r[1],o=new Qt(er(t,n,i)),a=0,d=i>0?n-4:n,u;for(u=0;u>16&255,o[a++]=e>>8&255,o[a++]=e&255;return i===2&&(e=B[t.charCodeAt(u)]<<2|B[t.charCodeAt(u+1)]>>4,o[a++]=e&255),i===1&&(e=B[t.charCodeAt(u)]<<10|B[t.charCodeAt(u+1)]<<4|B[t.charCodeAt(u+2)]>>2,o[a++]=e>>8&255,o[a++]=e&255),o}function rr(t){return W[t>>18&63]+W[t>>12&63]+W[t>>6&63]+W[t&63]}function nr(t,e,r){for(var n,i=[],o=e;od?d:a+o));return n===1?(e=t[r-1],i.push(W[e>>2]+W[e<<4&63]+"==")):n===2&&(e=(t[r-2]<<8)+t[r-1],i.push(W[e>>10]+W[e>>4&63]+W[e<<2&63]+"=")),i.join("")}});var ot=V(Te=>{s();Te.read=function(t,e,r,n,i){var o,a,d=i*8-n-1,u=(1<>1,h=-7,f=r?i-1:0,g=r?-1:1,b=t[e+f];for(f+=g,o=b&(1<<-h)-1,b>>=-h,h+=d;h>0;o=o*256+t[e+f],f+=g,h-=8);for(a=o&(1<<-h)-1,o>>=-h,h+=n;h>0;a=a*256+t[e+f],f+=g,h-=8);if(o===0)o=1-m;else{if(o===u)return a?NaN:(b?-1:1)*(1/0);a=a+Math.pow(2,n),o=o-m}return(b?-1:1)*a*Math.pow(2,o-n)};Te.write=function(t,e,r,n,i,o){var a,d,u,m=o*8-i-1,h=(1<>1,g=i===23?Math.pow(2,-24)-Math.pow(2,-77):0,b=n?0:o-1,$=n?1:-1,pe=e<0||e===0&&1/e<0?1:0;for(e=Math.abs(e),isNaN(e)||e===1/0?(d=isNaN(e)?1:0,a=h):(a=Math.floor(Math.log(e)/Math.LN2),e*(u=Math.pow(2,-a))<1&&(a--,u*=2),a+f>=1?e+=g/u:e+=g*Math.pow(2,1-f),e*u>=2&&(a++,u/=2),a+f>=h?(d=0,a=h):a+f>=1?(d=(e*u-1)*Math.pow(2,i),a=a+f):(d=e*Math.pow(2,f-1)*Math.pow(2,i),a=0));i>=8;t[r+b]=d&255,b+=$,d/=256,i-=8);for(a=a<0;t[r+b]=a&255,b+=$,a/=256,m-=8);t[r+b-$]|=pe*128}});var xt=V(X=>{"use strict";s();var Ue=it(),Y=ot(),at=typeof Symbol=="function"&&typeof Symbol.for=="function"?Symbol.for("nodejs.util.inspect.custom"):null;X.Buffer=c;X.SlowBuffer=dr;X.INSPECT_MAX_BYTES=50;var fe=2147483647;X.kMaxLength=fe;c.TYPED_ARRAY_SUPPORT=or();!c.TYPED_ARRAY_SUPPORT&&typeof console<"u"&&typeof console.error=="function"&&console.error("This browser lacks typed array (Uint8Array) support which is required by `buffer` v5.x. Use `buffer` v4.x if you require old browser support.");function or(){try{let t=new Uint8Array(1),e={foo:function(){return 42}};return Object.setPrototypeOf(e,Uint8Array.prototype),Object.setPrototypeOf(t,e),t.foo()===42}catch{return!1}}Object.defineProperty(c.prototype,"parent",{enumerable:!0,get:function(){if(!!c.isBuffer(this))return this.buffer}});Object.defineProperty(c.prototype,"offset",{enumerable:!0,get:function(){if(!!c.isBuffer(this))return this.byteOffset}});function U(t){if(t>fe)throw new RangeError('The value "'+t+'" is invalid for option "size"');let e=new Uint8Array(t);return Object.setPrototypeOf(e,c.prototype),e}function c(t,e,r){if(typeof t=="number"){if(typeof e=="string")throw new TypeError('The "string" argument must be of type string. Received type number');return Oe(t)}return dt(t,e,r)}c.poolSize=8192;function dt(t,e,r){if(typeof t=="string")return sr(t,e);if(ArrayBuffer.isView(t))return cr(t);if(t==null)throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof t);if(T(t,ArrayBuffer)||t&&T(t.buffer,ArrayBuffer)||typeof SharedArrayBuffer<"u"&&(T(t,SharedArrayBuffer)||t&&T(t.buffer,SharedArrayBuffer)))return Re(t,e,r);if(typeof t=="number")throw new TypeError('The "value" argument must not be of type number. Received type number');let n=t.valueOf&&t.valueOf();if(n!=null&&n!==t)return c.from(n,e,r);let i=pr(t);if(i)return i;if(typeof Symbol<"u"&&Symbol.toPrimitive!=null&&typeof t[Symbol.toPrimitive]=="function")return c.from(t[Symbol.toPrimitive]("string"),e,r);throw new TypeError("The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type "+typeof t)}c.from=function(t,e,r){return dt(t,e,r)};Object.setPrototypeOf(c.prototype,Uint8Array.prototype);Object.setPrototypeOf(c,Uint8Array);function ut(t){if(typeof t!="number")throw new TypeError('"size" argument must be of type number');if(t<0)throw new RangeError('The value "'+t+'" is invalid for option "size"')}function ar(t,e,r){return ut(t),t<=0?U(t):e!==void 0?typeof r=="string"?U(t).fill(e,r):U(t).fill(e):U(t)}c.alloc=function(t,e,r){return ar(t,e,r)};function Oe(t){return ut(t),U(t<0?0:Fe(t)|0)}c.allocUnsafe=function(t){return Oe(t)};c.allocUnsafeSlow=function(t){return Oe(t)};function sr(t,e){if((typeof e!="string"||e==="")&&(e="utf8"),!c.isEncoding(e))throw new TypeError("Unknown encoding: "+e);let r=ft(t,e)|0,n=U(r),i=n.write(t,e);return i!==r&&(n=n.slice(0,i)),n}function Je(t){let e=t.length<0?0:Fe(t.length)|0,r=U(e);for(let n=0;n=fe)throw new RangeError("Attempt to allocate Buffer larger than maximum size: 0x"+fe.toString(16)+" bytes");return t|0}function dr(t){return+t!=t&&(t=0),c.alloc(+t)}c.isBuffer=function(e){return e!=null&&e._isBuffer===!0&&e!==c.prototype};c.compare=function(e,r){if(T(e,Uint8Array)&&(e=c.from(e,e.offset,e.byteLength)),T(r,Uint8Array)&&(r=c.from(r,r.offset,r.byteLength)),!c.isBuffer(e)||!c.isBuffer(r))throw new TypeError('The "buf1", "buf2" arguments must be one of type Buffer or Uint8Array');if(e===r)return 0;let n=e.length,i=r.length;for(let o=0,a=Math.min(n,i);oi.length?(c.isBuffer(a)||(a=c.from(a)),a.copy(i,o)):Uint8Array.prototype.set.call(i,a,o);else if(c.isBuffer(a))a.copy(i,o);else throw new TypeError('"list" argument must be an Array of Buffers');o+=a.length}return i};function ft(t,e){if(c.isBuffer(t))return t.length;if(ArrayBuffer.isView(t)||T(t,ArrayBuffer))return t.byteLength;if(typeof t!="string")throw new TypeError('The "string" argument must be one of type string, Buffer, or ArrayBuffer. Received type '+typeof t);let r=t.length,n=arguments.length>2&&arguments[2]===!0;if(!n&&r===0)return 0;let i=!1;for(;;)switch(e){case"ascii":case"latin1":case"binary":return r;case"utf8":case"utf-8":return De(t).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return r*2;case"hex":return r>>>1;case"base64":return At(t).length;default:if(i)return n?-1:De(t).length;e=(""+e).toLowerCase(),i=!0}}c.byteLength=ft;function ur(t,e,r){let n=!1;if((e===void 0||e<0)&&(e=0),e>this.length||((r===void 0||r>this.length)&&(r=this.length),r<=0)||(r>>>=0,e>>>=0,r<=e))return"";for(t||(t="utf8");;)switch(t){case"hex":return Ar(this,e,r);case"utf8":case"utf-8":return lt(this,e,r);case"ascii":return gr(this,e,r);case"latin1":case"binary":return Sr(this,e,r);case"base64":return wr(this,e,r);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return xr(this,e,r);default:if(n)throw new TypeError("Unknown encoding: "+t);t=(t+"").toLowerCase(),n=!0}}c.prototype._isBuffer=!0;function F(t,e,r){let n=t[e];t[e]=t[r],t[r]=n}c.prototype.swap16=function(){let e=this.length;if(e%2!==0)throw new RangeError("Buffer size must be a multiple of 16-bits");for(let r=0;rr&&(e+=" ... "),""};at&&(c.prototype[at]=c.prototype.inspect);c.prototype.compare=function(e,r,n,i,o){if(T(e,Uint8Array)&&(e=c.from(e,e.offset,e.byteLength)),!c.isBuffer(e))throw new TypeError('The "target" argument must be one of type Buffer or Uint8Array. Received type '+typeof e);if(r===void 0&&(r=0),n===void 0&&(n=e?e.length:0),i===void 0&&(i=0),o===void 0&&(o=this.length),r<0||n>e.length||i<0||o>this.length)throw new RangeError("out of range index");if(i>=o&&r>=n)return 0;if(i>=o)return-1;if(r>=n)return 1;if(r>>>=0,n>>>=0,i>>>=0,o>>>=0,this===e)return 0;let a=o-i,d=n-r,u=Math.min(a,d),m=this.slice(i,o),h=e.slice(r,n);for(let f=0;f2147483647?r=2147483647:r<-2147483648&&(r=-2147483648),r=+r,Ne(r)&&(r=i?0:t.length-1),r<0&&(r=t.length+r),r>=t.length){if(i)return-1;r=t.length-1}else if(r<0)if(i)r=0;else return-1;if(typeof e=="string"&&(e=c.from(e,n)),c.isBuffer(e))return e.length===0?-1:st(t,e,r,n,i);if(typeof e=="number")return e=e&255,typeof Uint8Array.prototype.indexOf=="function"?i?Uint8Array.prototype.indexOf.call(t,e,r):Uint8Array.prototype.lastIndexOf.call(t,e,r):st(t,[e],r,n,i);throw new TypeError("val must be string, number or Buffer")}function st(t,e,r,n,i){let o=1,a=t.length,d=e.length;if(n!==void 0&&(n=String(n).toLowerCase(),n==="ucs2"||n==="ucs-2"||n==="utf16le"||n==="utf-16le")){if(t.length<2||e.length<2)return-1;o=2,a/=2,d/=2,r/=2}function u(h,f){return o===1?h[f]:h.readUInt16BE(f*o)}let m;if(i){let h=-1;for(m=r;ma&&(r=a-d),m=r;m>=0;m--){let h=!0;for(let f=0;fi&&(n=i)):n=i;let o=e.length;n>o/2&&(n=o/2);let a;for(a=0;a>>0,isFinite(n)?(n=n>>>0,i===void 0&&(i="utf8")):(i=n,n=void 0);else throw new Error("Buffer.write(string, encoding, offset[, length]) is no longer supported");let o=this.length-r;if((n===void 0||n>o)&&(n=o),e.length>0&&(n<0||r<0)||r>this.length)throw new RangeError("Attempt to write outside buffer bounds");i||(i="utf8");let a=!1;for(;;)switch(i){case"hex":return fr(this,e,r,n);case"utf8":case"utf-8":return hr(this,e,r,n);case"ascii":case"latin1":case"binary":return lr(this,e,r,n);case"base64":return mr(this,e,r,n);case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return yr(this,e,r,n);default:if(a)throw new TypeError("Unknown encoding: "+i);i=(""+i).toLowerCase(),a=!0}};c.prototype.toJSON=function(){return{type:"Buffer",data:Array.prototype.slice.call(this._arr||this,0)}};function wr(t,e,r){return e===0&&r===t.length?Ue.fromByteArray(t):Ue.fromByteArray(t.slice(e,r))}function lt(t,e,r){r=Math.min(t.length,r);let n=[],i=e;for(;i239?4:o>223?3:o>191?2:1;if(i+d<=r){let u,m,h,f;switch(d){case 1:o<128&&(a=o);break;case 2:u=t[i+1],(u&192)===128&&(f=(o&31)<<6|u&63,f>127&&(a=f));break;case 3:u=t[i+1],m=t[i+2],(u&192)===128&&(m&192)===128&&(f=(o&15)<<12|(u&63)<<6|m&63,f>2047&&(f<55296||f>57343)&&(a=f));break;case 4:u=t[i+1],m=t[i+2],h=t[i+3],(u&192)===128&&(m&192)===128&&(h&192)===128&&(f=(o&15)<<18|(u&63)<<12|(m&63)<<6|h&63,f>65535&&f<1114112&&(a=f))}}a===null?(a=65533,d=1):a>65535&&(a-=65536,n.push(a>>>10&1023|55296),a=56320|a&1023),n.push(a),i+=d}return Er(n)}var ct=4096;function Er(t){let e=t.length;if(e<=ct)return String.fromCharCode.apply(String,t);let r="",n=0;for(;nn)&&(r=n);let i="";for(let o=e;on&&(e=n),r<0?(r+=n,r<0&&(r=0)):r>n&&(r=n),rr)throw new RangeError("Trying to access beyond buffer length")}c.prototype.readUintLE=c.prototype.readUIntLE=function(e,r,n){e=e>>>0,r=r>>>0,n||_(e,r,this.length);let i=this[e],o=1,a=0;for(;++a>>0,r=r>>>0,n||_(e,r,this.length);let i=this[e+--r],o=1;for(;r>0&&(o*=256);)i+=this[e+--r]*o;return i};c.prototype.readUint8=c.prototype.readUInt8=function(e,r){return e=e>>>0,r||_(e,1,this.length),this[e]};c.prototype.readUint16LE=c.prototype.readUInt16LE=function(e,r){return e=e>>>0,r||_(e,2,this.length),this[e]|this[e+1]<<8};c.prototype.readUint16BE=c.prototype.readUInt16BE=function(e,r){return e=e>>>0,r||_(e,2,this.length),this[e]<<8|this[e+1]};c.prototype.readUint32LE=c.prototype.readUInt32LE=function(e,r){return e=e>>>0,r||_(e,4,this.length),(this[e]|this[e+1]<<8|this[e+2]<<16)+this[e+3]*16777216};c.prototype.readUint32BE=c.prototype.readUInt32BE=function(e,r){return e=e>>>0,r||_(e,4,this.length),this[e]*16777216+(this[e+1]<<16|this[e+2]<<8|this[e+3])};c.prototype.readBigUInt64LE=R(function(e){e=e>>>0,q(e,"offset");let r=this[e],n=this[e+7];(r===void 0||n===void 0)&&re(e,this.length-8);let i=r+this[++e]*2**8+this[++e]*2**16+this[++e]*2**24,o=this[++e]+this[++e]*2**8+this[++e]*2**16+n*2**24;return BigInt(i)+(BigInt(o)<>>0,q(e,"offset");let r=this[e],n=this[e+7];(r===void 0||n===void 0)&&re(e,this.length-8);let i=r*2**24+this[++e]*2**16+this[++e]*2**8+this[++e],o=this[++e]*2**24+this[++e]*2**16+this[++e]*2**8+n;return(BigInt(i)<>>0,r=r>>>0,n||_(e,r,this.length);let i=this[e],o=1,a=0;for(;++a=o&&(i-=Math.pow(2,8*r)),i};c.prototype.readIntBE=function(e,r,n){e=e>>>0,r=r>>>0,n||_(e,r,this.length);let i=r,o=1,a=this[e+--i];for(;i>0&&(o*=256);)a+=this[e+--i]*o;return o*=128,a>=o&&(a-=Math.pow(2,8*r)),a};c.prototype.readInt8=function(e,r){return e=e>>>0,r||_(e,1,this.length),this[e]&128?(255-this[e]+1)*-1:this[e]};c.prototype.readInt16LE=function(e,r){e=e>>>0,r||_(e,2,this.length);let n=this[e]|this[e+1]<<8;return n&32768?n|4294901760:n};c.prototype.readInt16BE=function(e,r){e=e>>>0,r||_(e,2,this.length);let n=this[e+1]|this[e]<<8;return n&32768?n|4294901760:n};c.prototype.readInt32LE=function(e,r){return e=e>>>0,r||_(e,4,this.length),this[e]|this[e+1]<<8|this[e+2]<<16|this[e+3]<<24};c.prototype.readInt32BE=function(e,r){return e=e>>>0,r||_(e,4,this.length),this[e]<<24|this[e+1]<<16|this[e+2]<<8|this[e+3]};c.prototype.readBigInt64LE=R(function(e){e=e>>>0,q(e,"offset");let r=this[e],n=this[e+7];(r===void 0||n===void 0)&&re(e,this.length-8);let i=this[e+4]+this[e+5]*2**8+this[e+6]*2**16+(n<<24);return(BigInt(i)<>>0,q(e,"offset");let r=this[e],n=this[e+7];(r===void 0||n===void 0)&&re(e,this.length-8);let i=(r<<24)+this[++e]*2**16+this[++e]*2**8+this[++e];return(BigInt(i)<>>0,r||_(e,4,this.length),Y.read(this,e,!0,23,4)};c.prototype.readFloatBE=function(e,r){return e=e>>>0,r||_(e,4,this.length),Y.read(this,e,!1,23,4)};c.prototype.readDoubleLE=function(e,r){return e=e>>>0,r||_(e,8,this.length),Y.read(this,e,!0,52,8)};c.prototype.readDoubleBE=function(e,r){return e=e>>>0,r||_(e,8,this.length),Y.read(this,e,!1,52,8)};function H(t,e,r,n,i,o){if(!c.isBuffer(t))throw new TypeError('"buffer" argument must be a Buffer instance');if(e>i||et.length)throw new RangeError("Index out of range")}c.prototype.writeUintLE=c.prototype.writeUIntLE=function(e,r,n,i){if(e=+e,r=r>>>0,n=n>>>0,!i){let d=Math.pow(2,8*n)-1;H(this,e,r,n,d,0)}let o=1,a=0;for(this[r]=e&255;++a>>0,n=n>>>0,!i){let d=Math.pow(2,8*n)-1;H(this,e,r,n,d,0)}let o=n-1,a=1;for(this[r+o]=e&255;--o>=0&&(a*=256);)this[r+o]=e/a&255;return r+n};c.prototype.writeUint8=c.prototype.writeUInt8=function(e,r,n){return e=+e,r=r>>>0,n||H(this,e,r,1,255,0),this[r]=e&255,r+1};c.prototype.writeUint16LE=c.prototype.writeUInt16LE=function(e,r,n){return e=+e,r=r>>>0,n||H(this,e,r,2,65535,0),this[r]=e&255,this[r+1]=e>>>8,r+2};c.prototype.writeUint16BE=c.prototype.writeUInt16BE=function(e,r,n){return e=+e,r=r>>>0,n||H(this,e,r,2,65535,0),this[r]=e>>>8,this[r+1]=e&255,r+2};c.prototype.writeUint32LE=c.prototype.writeUInt32LE=function(e,r,n){return e=+e,r=r>>>0,n||H(this,e,r,4,4294967295,0),this[r+3]=e>>>24,this[r+2]=e>>>16,this[r+1]=e>>>8,this[r]=e&255,r+4};c.prototype.writeUint32BE=c.prototype.writeUInt32BE=function(e,r,n){return e=+e,r=r>>>0,n||H(this,e,r,4,4294967295,0),this[r]=e>>>24,this[r+1]=e>>>16,this[r+2]=e>>>8,this[r+3]=e&255,r+4};function mt(t,e,r,n,i){St(e,n,i,t,r,7);let o=Number(e&BigInt(4294967295));t[r++]=o,o=o>>8,t[r++]=o,o=o>>8,t[r++]=o,o=o>>8,t[r++]=o;let a=Number(e>>BigInt(32)&BigInt(4294967295));return t[r++]=a,a=a>>8,t[r++]=a,a=a>>8,t[r++]=a,a=a>>8,t[r++]=a,r}function yt(t,e,r,n,i){St(e,n,i,t,r,7);let o=Number(e&BigInt(4294967295));t[r+7]=o,o=o>>8,t[r+6]=o,o=o>>8,t[r+5]=o,o=o>>8,t[r+4]=o;let a=Number(e>>BigInt(32)&BigInt(4294967295));return t[r+3]=a,a=a>>8,t[r+2]=a,a=a>>8,t[r+1]=a,a=a>>8,t[r]=a,r+8}c.prototype.writeBigUInt64LE=R(function(e,r=0){return mt(this,e,r,BigInt(0),BigInt("0xffffffffffffffff"))});c.prototype.writeBigUInt64BE=R(function(e,r=0){return yt(this,e,r,BigInt(0),BigInt("0xffffffffffffffff"))});c.prototype.writeIntLE=function(e,r,n,i){if(e=+e,r=r>>>0,!i){let u=Math.pow(2,8*n-1);H(this,e,r,n,u-1,-u)}let o=0,a=1,d=0;for(this[r]=e&255;++o>0)-d&255;return r+n};c.prototype.writeIntBE=function(e,r,n,i){if(e=+e,r=r>>>0,!i){let u=Math.pow(2,8*n-1);H(this,e,r,n,u-1,-u)}let o=n-1,a=1,d=0;for(this[r+o]=e&255;--o>=0&&(a*=256);)e<0&&d===0&&this[r+o+1]!==0&&(d=1),this[r+o]=(e/a>>0)-d&255;return r+n};c.prototype.writeInt8=function(e,r,n){return e=+e,r=r>>>0,n||H(this,e,r,1,127,-128),e<0&&(e=255+e+1),this[r]=e&255,r+1};c.prototype.writeInt16LE=function(e,r,n){return e=+e,r=r>>>0,n||H(this,e,r,2,32767,-32768),this[r]=e&255,this[r+1]=e>>>8,r+2};c.prototype.writeInt16BE=function(e,r,n){return e=+e,r=r>>>0,n||H(this,e,r,2,32767,-32768),this[r]=e>>>8,this[r+1]=e&255,r+2};c.prototype.writeInt32LE=function(e,r,n){return e=+e,r=r>>>0,n||H(this,e,r,4,2147483647,-2147483648),this[r]=e&255,this[r+1]=e>>>8,this[r+2]=e>>>16,this[r+3]=e>>>24,r+4};c.prototype.writeInt32BE=function(e,r,n){return e=+e,r=r>>>0,n||H(this,e,r,4,2147483647,-2147483648),e<0&&(e=4294967295+e+1),this[r]=e>>>24,this[r+1]=e>>>16,this[r+2]=e>>>8,this[r+3]=e&255,r+4};c.prototype.writeBigInt64LE=R(function(e,r=0){return mt(this,e,r,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))});c.prototype.writeBigInt64BE=R(function(e,r=0){return yt(this,e,r,-BigInt("0x8000000000000000"),BigInt("0x7fffffffffffffff"))});function wt(t,e,r,n,i,o){if(r+n>t.length)throw new RangeError("Index out of range");if(r<0)throw new RangeError("Index out of range")}function Et(t,e,r,n,i){return e=+e,r=r>>>0,i||wt(t,e,r,4,34028234663852886e22,-34028234663852886e22),Y.write(t,e,r,n,23,4),r+4}c.prototype.writeFloatLE=function(e,r,n){return Et(this,e,r,!0,n)};c.prototype.writeFloatBE=function(e,r,n){return Et(this,e,r,!1,n)};function gt(t,e,r,n,i){return e=+e,r=r>>>0,i||wt(t,e,r,8,17976931348623157e292,-17976931348623157e292),Y.write(t,e,r,n,52,8),r+8}c.prototype.writeDoubleLE=function(e,r,n){return gt(this,e,r,!0,n)};c.prototype.writeDoubleBE=function(e,r,n){return gt(this,e,r,!1,n)};c.prototype.copy=function(e,r,n,i){if(!c.isBuffer(e))throw new TypeError("argument should be a Buffer");if(n||(n=0),!i&&i!==0&&(i=this.length),r>=e.length&&(r=e.length),r||(r=0),i>0&&i=this.length)throw new RangeError("Index out of range");if(i<0)throw new RangeError("sourceEnd out of bounds");i>this.length&&(i=this.length),e.length-r>>0,n=n===void 0?this.length:n>>>0,e||(e=0);let o;if(typeof e=="number")for(o=r;o2**32?i=pt(String(r)):typeof r=="bigint"&&(i=String(r),(r>BigInt(2)**BigInt(32)||r<-(BigInt(2)**BigInt(32)))&&(i=pt(i)),i+="n"),n+=` It must be ${e}. Received ${i}`,n},RangeError);function pt(t){let e="",r=t.length,n=t[0]==="-"?1:0;for(;r>=n+4;r-=3)e=`_${t.slice(r-3,r)}${e}`;return`${t.slice(0,r)}${e}`}function br(t,e,r){q(e,"offset"),(t[e]===void 0||t[e+r]===void 0)&&re(e,t.length-(r+1))}function St(t,e,r,n,i,o){if(t>r||t3?e===0||e===BigInt(0)?d=`>= 0${a} and < 2${a} ** ${(o+1)*8}${a}`:d=`>= -(2${a} ** ${(o+1)*8-1}${a}) and < 2 ** ${(o+1)*8-1}${a}`:d=`>= ${e}${a} and <= ${r}${a}`,new z.ERR_OUT_OF_RANGE("value",d,t)}br(n,i,o)}function q(t,e){if(typeof t!="number")throw new z.ERR_INVALID_ARG_TYPE(e,"number",t)}function re(t,e,r){throw Math.floor(t)!==t?(q(t,r),new z.ERR_OUT_OF_RANGE(r||"offset","an integer",t)):e<0?new z.ERR_BUFFER_OUT_OF_BOUNDS:new z.ERR_OUT_OF_RANGE(r||"offset",`>= ${r?1:0} and <= ${e}`,t)}var _r=/[^+/0-9A-Za-z-_]/g;function Cr(t){if(t=t.split("=")[0],t=t.trim().replace(_r,""),t.length<2)return"";for(;t.length%4!==0;)t=t+"=";return t}function De(t,e){e=e||1/0;let r,n=t.length,i=null,o=[];for(let a=0;a55295&&r<57344){if(!i){if(r>56319){(e-=3)>-1&&o.push(239,191,189);continue}else if(a+1===n){(e-=3)>-1&&o.push(239,191,189);continue}i=r;continue}if(r<56320){(e-=3)>-1&&o.push(239,191,189),i=r;continue}r=(i-55296<<10|r-56320)+65536}else i&&(e-=3)>-1&&o.push(239,191,189);if(i=null,r<128){if((e-=1)<0)break;o.push(r)}else if(r<2048){if((e-=2)<0)break;o.push(r>>6|192,r&63|128)}else if(r<65536){if((e-=3)<0)break;o.push(r>>12|224,r>>6&63|128,r&63|128)}else if(r<1114112){if((e-=4)<0)break;o.push(r>>18|240,r>>12&63|128,r>>6&63|128,r&63|128)}else throw new Error("Invalid code point")}return o}function Hr(t){let e=[];for(let r=0;r>8,i=r%256,o.push(i),o.push(n);return o}function At(t){return Ue.toByteArray(Cr(t))}function he(t,e,r,n){let i;for(i=0;i=e.length||i>=t.length);++i)e[i+r]=t[i];return i}function T(t,e){return t instanceof e||t!=null&&t.constructor!=null&&t.constructor.name!=null&&t.constructor.name===e.name}function Ne(t){return t!==t}var Ir=function(){let t="0123456789abcdef",e=new Array(256);for(let r=0;r<16;++r){let n=r*16;for(let i=0;i<16;++i)e[n+i]=t[r]+t[i]}return e}();function R(t){return typeof BigInt>"u"?Pr:t}function Pr(){throw new Error("BigInt not supported")}});var p,s=qt(()=>{p=xt().Buffer});var bt=V(Le=>{"use strict";s();Object.defineProperty(Le,"__esModule",{value:!0});function Br(t){var e=4,r=t.length,n=r%e;if(!n)return t;var i=r,o=e-n,a=r+o,d=p.alloc(a);for(d.write(t);o--;)d.write("=",i++);return d.toString()}Le.default=Br});var Ct=V(Ge=>{"use strict";s();Object.defineProperty(Ge,"__esModule",{value:!0});var vr=bt();function _t(t,e){return e===void 0&&(e="utf8"),p.isBuffer(t)?ke(t.toString("base64")):ke(p.from(t,e).toString("base64"))}function Wr(t,e){return e===void 0&&(e="utf8"),p.from($e(t),"base64").toString(e)}function $e(t){return t=t.toString(),vr.default(t).replace(/\-/g,"+").replace(/_/g,"/")}function ke(t){return t.replace(/=/g,"").replace(/\+/g,"-").replace(/\//g,"_")}function Tr(t){return p.from($e(t),"base64")}var Z=_t;Z.encode=_t;Z.decode=Wr;Z.toBase64=$e;Z.fromBase64=ke;Z.toBuffer=Tr;Ge.default=Z});var Ht=V((Dn,le)=>{s();le.exports=Ct().default;le.exports.default=le.exports});s();var te=Zt(Ht(),1);s();s();s();s();s();s();s();var w=crypto;function C(t){try{return t!=null&&typeof t.extractable=="boolean"&&typeof t.algorithm.name=="string"&&typeof t.type=="string"}catch{return!1}}var Ur=async(t,e)=>{let r=`SHA-${t.slice(-3)}`;return new Uint8Array(await w.subtle.digest(r,e))},me=Ur;var K=new TextEncoder,I=new TextDecoder,ye=2**32;function P(...t){let e=t.reduce((i,{length:o})=>i+o,0),r=new Uint8Array(e),n=0;return t.forEach(i=>{r.set(i,n),n+=i.length}),r}function Kt(t,e){return P(K.encode(t),new Uint8Array([0]),e)}function Ve(t,e,r){if(e<0||e>=ye)throw new RangeError(`value must be >= 0 and <= ${ye-1}. Received ${e}`);t.set([e>>>24,e>>>16,e>>>8,e&255],r)}function ze(t){let e=Math.floor(t/ye),r=t%ye,n=new Uint8Array(8);return Ve(n,e,0),Ve(n,r,4),n}function we(t){let e=new Uint8Array(4);return Ve(e,t),e}function Ee(t){return P(we(t.length),t)}async function It(t,e,r){let n=Math.ceil((e>>3)/32),i;for(let o=1;o<=n;o++){let a=new Uint8Array(4+t.length+r.length);a.set(we(o)),a.set(t,4),a.set(r,4+t.length),i?i=P(i,await me("sha256",a)):i=await me("sha256",a)}return i=i.slice(0,e>>3),i}var Pt=t=>new Uint8Array(atob(t).split("").map(e=>e.charCodeAt(0))),S=t=>{let e=t;e instanceof Uint8Array&&(e=I.decode(e)),e=e.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return Pt(e)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}};s();s();s();var M=class extends Error{constructor(e){var r;super(e),this.code="ERR_JOSE_GENERIC",this.name=this.constructor.name,(r=Error.captureStackTrace)===null||r===void 0||r.call(Error,this,this.constructor)}static get code(){return"ERR_JOSE_GENERIC"}};var Q=class extends M{constructor(){super(...arguments),this.code="ERR_JOSE_ALG_NOT_ALLOWED"}static get code(){return"ERR_JOSE_ALG_NOT_ALLOWED"}},y=class extends M{constructor(){super(...arguments),this.code="ERR_JOSE_NOT_SUPPORTED"}static get code(){return"ERR_JOSE_NOT_SUPPORTED"}},N=class extends M{constructor(){super(...arguments),this.code="ERR_JWE_DECRYPTION_FAILED",this.message="decryption operation failed"}static get code(){return"ERR_JWE_DECRYPTION_FAILED"}},l=class extends M{constructor(){super(...arguments),this.code="ERR_JWE_INVALID"}static get code(){return"ERR_JWE_INVALID"}};s();s();var ne=w.getRandomValues.bind(w);function vt(t){switch(t){case"A128GCM":case"A128GCMKW":case"A192GCM":case"A192GCMKW":case"A256GCM":case"A256GCMKW":return 96;case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return 128;default:throw new y(`Unsupported JWE Algorithm: ${t}`)}}var Rr=(t,e)=>{if(e.length<<3!==vt(t))throw new l("Invalid Initialization Vector length")},Ye=Rr;s();var Dr=(t,e)=>{if(t.length<<3!==e)throw new l("Invalid Content Encryption Key length")},ge=Dr;s();var Or=(t,e)=>{if(!(t instanceof Uint8Array))throw new TypeError("First argument must be a buffer");if(!(e instanceof Uint8Array))throw new TypeError("Second argument must be a buffer");if(t.length!==e.length)throw new TypeError("Input buffers must have the same length");let r=t.length,n=0,i=-1;for(;++it.usages.includes(r))){let r="CryptoKey does not support this operation, its usages must include ";if(e.length>2){let n=e.pop();r+=`one of ${e.join(", ")}, or ${n}.`}else e.length===2?r+=`one of ${e[0]} or ${e[1]}.`:r+=`${e[0]}.`;throw new TypeError(r)}}function v(t,e,...r){switch(e){case"A128GCM":case"A192GCM":case"A256GCM":{if(!ie(t.algorithm,"AES-GCM"))throw D("AES-GCM");let n=parseInt(e.slice(1,4),10);if(t.algorithm.length!==n)throw D(n,"algorithm.length");break}case"A128KW":case"A192KW":case"A256KW":{if(!ie(t.algorithm,"AES-KW"))throw D("AES-KW");let n=parseInt(e.slice(1,4),10);if(t.algorithm.length!==n)throw D(n,"algorithm.length");break}case"ECDH":if(!ie(t.algorithm,"ECDH"))throw D("ECDH");break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":if(!ie(t.algorithm,"PBKDF2"))throw D("PBKDF2");break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":{if(!ie(t.algorithm,"RSA-OAEP"))throw D("RSA-OAEP");let n=parseInt(e.slice(9),10)||1;if(Fr(t.algorithm.hash)!==n)throw D(`SHA-${n}`,"algorithm.hash");break}default:throw new TypeError("CryptoKey does not support this operation")}Mr(t,r)}s();var A=(t,...e)=>{let r="Key must be ";if(e.length>2){let n=e.pop();r+=`one of type ${e.join(", ")}, or ${n}.`}else e.length===2?r+=`one of type ${e[0]} or ${e[1]}.`:r+=`of type ${e[0]}.`;return t==null?r+=` Received ${t}`:typeof t=="function"&&t.name?r+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor&&t.constructor.name&&(r+=` Received an instance of ${t.constructor.name}`),r};s();var qe=t=>C(t),E=["CryptoKey"];async function Nr(t,e,r,n,i,o){if(!(e instanceof Uint8Array))throw new TypeError(A(e,"Uint8Array"));let a=parseInt(t.slice(1,4),10),d=await w.subtle.importKey("raw",e.subarray(a>>3),"AES-CBC",!1,["decrypt"]),u=await w.subtle.importKey("raw",e.subarray(0,a>>3),{hash:`SHA-${a<<1}`,name:"HMAC"},!1,["sign"]),m=P(o,n,r,ze(o.length<<3)),h=new Uint8Array((await w.subtle.sign("HMAC",u,m)).slice(0,a>>3)),f;try{f=Wt(i,h)}catch{}if(!f)throw new N;let g;try{g=new Uint8Array(await w.subtle.decrypt({iv:n,name:"AES-CBC"},d,r))}catch{}if(!g)throw new N;return g}async function Lr(t,e,r,n,i,o){let a;e instanceof Uint8Array?a=await w.subtle.importKey("raw",e,"AES-GCM",!1,["decrypt"]):(v(e,t,"decrypt"),a=e);try{return new Uint8Array(await w.subtle.decrypt({additionalData:o,iv:n,name:"AES-GCM",tagLength:128},a,P(r,i)))}catch{throw new N}}var kr=async(t,e,r,n,i,o)=>{if(!C(e)&&!(e instanceof Uint8Array))throw new TypeError(A(e,...E,"Uint8Array"));switch(Ye(t,n),t){case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":return e instanceof Uint8Array&&ge(e,parseInt(t.slice(-3),10)),Nr(t,e,r,n,i,o);case"A128GCM":case"A192GCM":case"A256GCM":return e instanceof Uint8Array&&ge(e,parseInt(t.slice(1,4),10)),Lr(t,e,r,n,i,o);default:throw new y("Unsupported JWE Content Encryption Algorithm")}},Se=kr;s();var Tt=async()=>{throw new y('JWE "zip" (Compression Algorithm) Header Parameter is not supported by your javascript runtime. You need to use the `inflateRaw` decrypt option to provide Inflate Raw implementation.')};s();var $r=(...t)=>{let e=t.filter(Boolean);if(e.length===0||e.length===1)return!0;let r;for(let n of e){let i=Object.keys(n);if(!r||r.size===0){r=new Set(i);continue}for(let o of i){if(r.has(o))return!1;r.add(o)}}return!0},j=$r;s();function Gr(t){return typeof t=="object"&&t!==null}function x(t){if(!Gr(t)||Object.prototype.toString.call(t)!=="[object Object]")return!1;if(Object.getPrototypeOf(t)===null)return!0;let e=t;for(;Object.getPrototypeOf(e)!==null;)e=Object.getPrototypeOf(e);return Object.getPrototypeOf(t)===e}s();s();s();var Vr=[{hash:"SHA-256",name:"HMAC"},!0,["sign"]],Ae=Vr;function zr(t,e){if(t.algorithm.length!==parseInt(e.slice(1,4),10))throw new TypeError(`Invalid key size for alg: ${e}`)}function Yr(t,e,r){if(C(t))return v(t,e,r),t;if(t instanceof Uint8Array)return w.subtle.importKey("raw",t,"AES-KW",!0,[r]);throw new TypeError(A(t,...E,"Uint8Array"))}var oe=async(t,e,r)=>{let n=await Yr(e,t,"unwrapKey");zr(n,t);let i=await w.subtle.unwrapKey("raw",r,n,"AES-KW",...Ae);return new Uint8Array(await w.subtle.exportKey("raw",i))};s();async function Xe(t,e,r,n,i=new Uint8Array(0),o=new Uint8Array(0)){if(!C(t))throw new TypeError(A(t,...E));if(v(t,"ECDH"),!C(e))throw new TypeError(A(e,...E));v(e,"ECDH","deriveBits");let a=P(Ee(K.encode(r)),Ee(i),Ee(o),we(n)),d=new Uint8Array(await w.subtle.deriveBits({name:"ECDH",public:t},e,Math.ceil(parseInt(e.algorithm.namedCurve.slice(-3),10)/8)<<3));return It(d,n,a)}function Ze(t){if(!C(t))throw new TypeError(A(t,...E));return["P-256","P-384","P-521"].includes(t.algorithm.namedCurve)}s();s();function Qe(t){if(!(t instanceof Uint8Array)||t.length<8)throw new l("PBES2 Salt Input must be 8 or more octets")}function Xr(t,e){if(t instanceof Uint8Array)return w.subtle.importKey("raw",t,"PBKDF2",!1,["deriveBits"]);if(C(t))return v(t,e,"deriveBits","deriveKey"),t;throw new TypeError(A(t,...E,"Uint8Array"))}async function Zr(t,e,r,n){Qe(t);let i=Kt(e,t),o=parseInt(e.slice(13,16),10),a={hash:`SHA-${e.slice(8,11)}`,iterations:r,name:"PBKDF2",salt:i},d={length:o,name:"AES-KW"},u=await Xr(n,e);if(u.usages.includes("deriveBits"))return new Uint8Array(await w.subtle.deriveBits(a,u,o));if(u.usages.includes("deriveKey"))return w.subtle.deriveKey(a,u,d,!1,["wrapKey","unwrapKey"]);throw new TypeError('PBKDF2 key "usages" must include "deriveBits" or "deriveKey"')}var Jt=async(t,e,r,n,i)=>{let o=await Zr(i,t,n,e);return oe(t.slice(-6),o,r)};s();s();function xe(t){switch(t){case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":return"RSA-OAEP";default:throw new y(`alg ${t} is not supported either by JOSE or your javascript runtime`)}}s();var be=(t,e)=>{if(t.startsWith("RS")||t.startsWith("PS")){let{modulusLength:r}=e.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${t} requires key modulusLength to be 2048 bits or larger`)}};var Rt=async(t,e,r)=>{if(!C(e))throw new TypeError(A(e,...E));if(v(e,t,"decrypt","unwrapKey"),be(t,e),e.usages.includes("decrypt"))return new Uint8Array(await w.subtle.decrypt(xe(t),e,r));if(e.usages.includes("unwrapKey")){let n=await w.subtle.unwrapKey("raw",r,e,xe(t),...Ae);return new Uint8Array(await w.subtle.exportKey("raw",n))}throw new TypeError('RSA-OAEP key "usages" must include "decrypt" or "unwrapKey" for this operation')};s();function _e(t){switch(t){case"A128GCM":return 128;case"A192GCM":return 192;case"A256GCM":case"A128CBC-HS256":return 256;case"A192CBC-HS384":return 384;case"A256CBC-HS512":return 512;default:throw new y(`Unsupported JWE Algorithm: ${t}`)}}var Ce=t=>ne(new Uint8Array(_e(t)>>3));s();s();s();s();function en(t){let e,r;switch(t.kty){case"oct":{switch(t.alg){case"HS256":case"HS384":case"HS512":e={name:"HMAC",hash:`SHA-${t.alg.slice(-3)}`},r=["sign","verify"];break;case"A128CBC-HS256":case"A192CBC-HS384":case"A256CBC-HS512":throw new y(`${t.alg} keys cannot be imported as CryptoKey instances`);case"A128GCM":case"A192GCM":case"A256GCM":case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":e={name:"AES-GCM"},r=["encrypt","decrypt"];break;case"A128KW":case"A192KW":case"A256KW":e={name:"AES-KW"},r=["wrapKey","unwrapKey"];break;case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":e={name:"PBKDF2"},r=["deriveBits"];break;default:throw new y('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case"RSA":{switch(t.alg){case"PS256":case"PS384":case"PS512":e={name:"RSA-PSS",hash:`SHA-${t.alg.slice(-3)}`},r=t.d?["sign"]:["verify"];break;case"RS256":case"RS384":case"RS512":e={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${t.alg.slice(-3)}`},r=t.d?["sign"]:["verify"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":e={name:"RSA-OAEP",hash:`SHA-${parseInt(t.alg.slice(-3),10)||1}`},r=t.d?["decrypt","unwrapKey"]:["encrypt","wrapKey"];break;default:throw new y('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case"EC":{switch(t.alg){case"ES256":e={name:"ECDSA",namedCurve:"P-256"},r=t.d?["sign"]:["verify"];break;case"ES384":e={name:"ECDSA",namedCurve:"P-384"},r=t.d?["sign"]:["verify"];break;case"ES512":e={name:"ECDSA",namedCurve:"P-521"},r=t.d?["sign"]:["verify"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":e={name:"ECDH",namedCurve:t.crv},r=t.d?["deriveBits"]:[];break;default:throw new y('Invalid or unsupported JWK "alg" (Algorithm) Parameter value')}break}case((L()||k())&&"OKP"):if(t.alg!=="EdDSA")throw new y('Invalid or unsupported JWK "alg" (Algorithm) Parameter value');switch(t.crv){case"Ed25519":e={name:"NODE-ED25519",namedCurve:"NODE-ED25519"},r=t.d?["sign"]:["verify"];break;case(k()&&"Ed448"):e={name:"NODE-ED448",namedCurve:"NODE-ED448"},r=t.d?["sign"]:["verify"];break;default:throw new y('Invalid or unsupported JWK "crv" (Subtype of Key Pair) Parameter value')}break;default:throw new y('Invalid or unsupported JWK "kty" (Key Type) Parameter value')}return{algorithm:e,keyUsages:r}}var tn=async t=>{var e,r;let{algorithm:n,keyUsages:i}=en(t),o=[n,(e=t.ext)!==null&&e!==void 0?e:!1,(r=t.key_ops)!==null&&r!==void 0?r:i];if(n.name==="PBKDF2")return w.subtle.importKey("raw",S(t.k),...o);let a={...t};return delete a.alg,w.subtle.importKey("jwk",a,...o)},je=tn;async function ae(t,e,r){if(!x(t))throw new TypeError("JWK must be an object");if(e||(e=t.alg),typeof e!="string"||!e)throw new TypeError('"alg" argument is required when "jwk.alg" is not present');switch(t.kty){case"oct":if(typeof t.k!="string"||!t.k)throw new TypeError('missing "k" (Key Value) Parameter value');return r??(r=t.ext!==!0),r?je({...t,alg:e,ext:!1}):S(t.k);case"RSA":if(t.oth!==void 0)throw new y('RSA JWK "oth" (Other Primes Info) Parameter value is not supported');case"EC":case"OKP":return je({...t,alg:e});default:throw new y('Unsupported "kty" (Key Type) Parameter value')}}s();var rn=t=>{if(!(t instanceof Uint8Array)){if(!qe(t))throw new TypeError(A(t,...E,"Uint8Array"));if(t.type!=="secret")throw new TypeError(`${E.join(" or ")} instances for symmetric algorithms must be of type "secret"`)}},nn=(t,e)=>{if(!qe(t))throw new TypeError(A(t,...E));if(t.type==="secret")throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);if(e==="sign"&&t.type==="public")throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm signing must be of type "private"`);if(e==="decrypt"&&t.type==="public")throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm decryption must be of type "private"`);if(t.algorithm&&e==="verify"&&t.type==="private")throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);if(t.algorithm&&e==="encrypt"&&t.type==="private")throw new TypeError(`${E.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`)},on=(t,e,r)=>{t.startsWith("HS")||t==="dir"||t.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(t)?rn(e):nn(e,r)},se=on;s();s();async function Dt(t,e,r,n,i){let o=t.slice(0,7);return Se(o,e,r,n,i,new Uint8Array(0))}async function cn(t,e,r,n){switch(se(t,e,"decrypt"),t){case"dir":{if(r!==void 0)throw new l("Encountered unexpected JWE Encrypted Key");return e}case"ECDH-ES":if(r!==void 0)throw new l("Encountered unexpected JWE Encrypted Key");case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{if(!x(n.epk))throw new l('JOSE Header "epk" (Ephemeral Public Key) missing or invalid');if(!Ze(e))throw new y("ECDH with the provided key is not allowed or not supported by your javascript runtime");let i=await ae(n.epk,t),o,a;if(n.apu!==void 0){if(typeof n.apu!="string")throw new l('JOSE Header "apu" (Agreement PartyUInfo) invalid');o=S(n.apu)}if(n.apv!==void 0){if(typeof n.apv!="string")throw new l('JOSE Header "apv" (Agreement PartyVInfo) invalid');a=S(n.apv)}let d=await Xe(i,e,t==="ECDH-ES"?n.enc:t,t==="ECDH-ES"?_e(n.enc):parseInt(t.slice(-5,-2),10),o,a);if(t==="ECDH-ES")return d;if(r===void 0)throw new l("JWE Encrypted Key missing");return oe(t.slice(-6),d,r)}case"RSA1_5":case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":{if(r===void 0)throw new l("JWE Encrypted Key missing");return Rt(t,e,r)}case"PBES2-HS256+A128KW":case"PBES2-HS384+A192KW":case"PBES2-HS512+A256KW":{if(r===void 0)throw new l("JWE Encrypted Key missing");if(typeof n.p2c!="number")throw new l('JOSE Header "p2c" (PBES2 Count) missing or invalid');if(typeof n.p2s!="string")throw new l('JOSE Header "p2s" (PBES2 Salt) missing or invalid');return Jt(t,e,r,n.p2c,S(n.p2s))}case"A128KW":case"A192KW":case"A256KW":{if(r===void 0)throw new l("JWE Encrypted Key missing");return oe(t,e,r)}case"A128GCMKW":case"A192GCMKW":case"A256GCMKW":{if(r===void 0)throw new l("JWE Encrypted Key missing");if(typeof n.iv!="string")throw new l('JOSE Header "iv" (Initialization Vector) missing or invalid');if(typeof n.tag!="string")throw new l('JOSE Header "tag" (Authentication Tag) missing or invalid');let i=S(n.iv),o=S(n.tag);return Dt(t,e,r,i,o)}default:throw new y('Invalid or unsupported "alg" (JWE Algorithm) header value')}}var Ot=cn;s();function pn(t,e,r,n,i){if(i.crit!==void 0&&n.crit===void 0)throw new t('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||n.crit===void 0)return new Set;if(!Array.isArray(n.crit)||n.crit.length===0||n.crit.some(a=>typeof a!="string"||a.length===0))throw new t('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let o;r!==void 0?o=new Map([...Object.entries(r),...e.entries()]):o=e;for(let a of n.crit){if(!o.has(a))throw new y(`Extension Header Parameter "${a}" is not recognized`);if(i[a]===void 0)throw new t(`Extension Header Parameter "${a}" is missing`);if(o.get(a)&&n[a]===void 0)throw new t(`Extension Header Parameter "${a}" MUST be integrity protected`)}return new Set(n.crit)}var ee=pn;s();var dn=(t,e)=>{if(e!==void 0&&(!Array.isArray(e)||e.some(r=>typeof r!="string")))throw new TypeError(`"${t}" option must be an array of strings`);if(!!e)return new Set(e)},He=dn;async function Ke(t,e,r){var n;if(!x(t))throw new l("Flattened JWE must be an object");if(t.protected===void 0&&t.header===void 0&&t.unprotected===void 0)throw new l("JOSE Header missing");if(typeof t.iv!="string")throw new l("JWE Initialization Vector missing or incorrect type");if(typeof t.ciphertext!="string")throw new l("JWE Ciphertext missing or incorrect type");if(typeof t.tag!="string")throw new l("JWE Authentication Tag missing or incorrect type");if(t.protected!==void 0&&typeof t.protected!="string")throw new l("JWE Protected Header incorrect type");if(t.encrypted_key!==void 0&&typeof t.encrypted_key!="string")throw new l("JWE Encrypted Key incorrect type");if(t.aad!==void 0&&typeof t.aad!="string")throw new l("JWE AAD incorrect type");if(t.header!==void 0&&!x(t.header))throw new l("JWE Shared Unprotected Header incorrect type");if(t.unprotected!==void 0&&!x(t.unprotected))throw new l("JWE Per-Recipient Unprotected Header incorrect type");let i;if(t.protected){let de=S(t.protected);try{i=JSON.parse(I.decode(de))}catch{throw new l("JWE Protected Header is invalid")}}if(!j(i,t.header,t.unprotected))throw new l("JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint");let o={...i,...t.header,...t.unprotected};if(ee(l,new Map,r?.crit,i,o),o.zip!==void 0){if(!i||!i.zip)throw new l('JWE "zip" (Compression Algorithm) Header MUST be integrity protected');if(o.zip!=="DEF")throw new y('Unsupported JWE "zip" (Compression Algorithm) Header Parameter value')}let{alg:a,enc:d}=o;if(typeof a!="string"||!a)throw new l("missing JWE Algorithm (alg) in JWE Header");if(typeof d!="string"||!d)throw new l("missing JWE Encryption Algorithm (enc) in JWE Header");let u=r&&He("keyManagementAlgorithms",r.keyManagementAlgorithms),m=r&&He("contentEncryptionAlgorithms",r.contentEncryptionAlgorithms);if(u&&!u.has(a))throw new Q('"alg" (Algorithm) Header Parameter not allowed');if(m&&!m.has(d))throw new Q('"enc" (Encryption Algorithm) Header Parameter not allowed');let h;t.encrypted_key!==void 0&&(h=S(t.encrypted_key));let f=!1;typeof e=="function"&&(e=await e(i,t),f=!0);let g;try{g=await Ot(a,e,h,o)}catch(de){if(de instanceof TypeError)throw de;g=Ce(d)}let b=S(t.iv),$=S(t.tag),pe=K.encode((n=t.protected)!==null&&n!==void 0?n:""),Be;t.aad!==void 0?Be=P(pe,K.encode("."),K.encode(t.aad)):Be=pe;let ve=await Se(d,g,S(t.ciphertext),b,$,Be);o.zip==="DEF"&&(ve=await(r?.inflateRaw||Tt)(ve));let G={plaintext:ve};return t.protected!==void 0&&(G.protectedHeader=i),t.aad!==void 0&&(G.additionalAuthenticatedData=S(t.aad)),t.unprotected!==void 0&&(G.sharedUnprotectedHeader=t.unprotected),t.header!==void 0&&(G.unprotectedHeader=t.header),f?{...G,key:e}:G}async function Ie(t,e,r){if(t instanceof Uint8Array&&(t=I.decode(t)),typeof t!="string")throw new l("Compact JWE must be a string or Uint8Array");let{0:n,1:i,2:o,3:a,4:d,length:u}=t.split(".");if(u!==5)throw new l("Invalid Compact JWE");let m=await Ke({ciphertext:a,iv:o||void 0,protected:n||void 0,tag:d||void 0,encrypted_key:i||void 0},e,r),h={plaintext:m.plaintext,protectedHeader:m.protectedHeader};return typeof e=="function"?{...h,key:m.key}:h}s();s();s();s();s();s();var hn=Symbol();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();s();function Nd(t){let e=new Uint8Array(t);return crypto.getRandomValues(e),te.default.encode(e.buffer)}function et(t){return JSON.parse(te.default.decode(t))}function Ld(t){return JSON.parse(new TextDecoder().decode(t))}function kd(t){let e=t.shl.split(/^(?:.+:\/.+#)?shlink:\//)[1];return et(e)?.flag}function $d(t){let e=t.shl.split(/^(?:.+:\/.+#)?shlink:\//)[1],r=et(e);return new URL(r?.url).href.split("/").pop()}async function Gd(t){let e=t.state?JSON.parse(te.default.decode(t.state)):t,r=e.shl.split(/^(?:.+:\/.+#)?shlink:\//)[1],n=et(r),i=await fetch(n.url,{method:"POST",headers:{"content-type":"application/json"},body:JSON.stringify({passcode:e.passcode,recipient:e.recipient})}),o=!1,a;a=await i.text();try{a=JSON.parse(a),o=!0}catch{console.warn("Manifest did not return JSON object")}if(!i.ok||!o)return{status:i.status,error:a??""};{let d=a.files.filter(g=>g.contentType==="application/smart-health-card").map(async g=>g.embedded!==void 0?g.embedded:fetch(g.location).then(b=>b.text())),u=te.default.toBuffer(n.key),m=d.map(async g=>{let b=await Ie(await g,u);return new TextDecoder().decode(b.plaintext)});return{shcs:(await Promise.all(m)).flatMap(g=>JSON.parse(g).verifiableCredential),state:te.default.encode(JSON.stringify(e))}}}export{et as decodeBase64urlToJson,Ld as decodeToJson,kd as flag,$d as id,Nd as randomStringWithEntropy,Gd as retrieve}; -/*! - * The buffer module from node.js, for the browser. - * - * @author Feross Aboukhadijeh - * @license MIT - */ -/*! ieee754. BSD-3-Clause License. Feross Aboukhadijeh */ -//# sourceMappingURL=shlClient.js.map diff --git a/src/lib/utils/shlClient.js.map b/src/lib/utils/shlClient.js.map deleted file mode 100644 index 4b0c0d2c..00000000 --- a/src/lib/utils/shlClient.js.map +++ /dev/null @@ -1,7 +0,0 @@ -{ - "version": 3, - "sources": ["../node_modules/base64-js/index.js", "../node_modules/ieee754/index.js", "../node_modules/buffer/index.js", "../config/inject.js", "../node_modules/base64url/dist/pad-string.js", "../node_modules/base64url/dist/base64url.js", "../node_modules/base64url/index.js", "../src/index.ts", "../node_modules/jose/dist/browser/index.js", "../node_modules/jose/dist/browser/jwe/compact/decrypt.js", "../node_modules/jose/dist/browser/jwe/flattened/decrypt.js", "../node_modules/jose/dist/browser/runtime/base64url.js", "../node_modules/jose/dist/browser/lib/buffer_utils.js", "../node_modules/jose/dist/browser/runtime/digest.js", "../node_modules/jose/dist/browser/runtime/webcrypto.js", "../node_modules/jose/dist/browser/runtime/decrypt.js", "../node_modules/jose/dist/browser/lib/check_iv_length.js", "../node_modules/jose/dist/browser/util/errors.js", "../node_modules/jose/dist/browser/lib/iv.js", "../node_modules/jose/dist/browser/runtime/random.js", "../node_modules/jose/dist/browser/runtime/check_cek_length.js", "../node_modules/jose/dist/browser/runtime/timing_safe_equal.js", "../node_modules/jose/dist/browser/lib/crypto_key.js", "../node_modules/jose/dist/browser/runtime/env.js", "../node_modules/jose/dist/browser/lib/invalid_key_input.js", "../node_modules/jose/dist/browser/runtime/is_key_like.js", "../node_modules/jose/dist/browser/runtime/zlib.js", "../node_modules/jose/dist/browser/lib/is_disjoint.js", "../node_modules/jose/dist/browser/lib/is_object.js", "../node_modules/jose/dist/browser/lib/decrypt_key_management.js", "../node_modules/jose/dist/browser/runtime/aeskw.js", "../node_modules/jose/dist/browser/runtime/bogus.js", "../node_modules/jose/dist/browser/runtime/ecdhes.js", "../node_modules/jose/dist/browser/runtime/pbes2kw.js", "../node_modules/jose/dist/browser/lib/check_p2s.js", "../node_modules/jose/dist/browser/runtime/rsaes.js", "../node_modules/jose/dist/browser/runtime/subtle_rsaes.js", "../node_modules/jose/dist/browser/runtime/check_key_length.js", "../node_modules/jose/dist/browser/lib/cek.js", "../node_modules/jose/dist/browser/key/import.js", "../node_modules/jose/dist/browser/runtime/asn1.js", "../node_modules/jose/dist/browser/lib/format_pem.js", "../node_modules/jose/dist/browser/runtime/jwk_to_key.js", "../node_modules/jose/dist/browser/lib/check_key_type.js", "../node_modules/jose/dist/browser/lib/aesgcmkw.js", "../node_modules/jose/dist/browser/runtime/encrypt.js", "../node_modules/jose/dist/browser/lib/validate_crit.js", "../node_modules/jose/dist/browser/lib/validate_algorithms.js", "../node_modules/jose/dist/browser/jwe/general/decrypt.js", "../node_modules/jose/dist/browser/jwe/general/encrypt.js", "../node_modules/jose/dist/browser/jwe/flattened/encrypt.js", "../node_modules/jose/dist/browser/lib/encrypt_key_management.js", "../node_modules/jose/dist/browser/key/export.js", "../node_modules/jose/dist/browser/runtime/key_to_jwk.js", "../node_modules/jose/dist/browser/jws/compact/verify.js", "../node_modules/jose/dist/browser/jws/flattened/verify.js", "../node_modules/jose/dist/browser/runtime/verify.js", "../node_modules/jose/dist/browser/runtime/subtle_dsa.js", "../node_modules/jose/dist/browser/runtime/get_sign_verify_key.js", "../node_modules/jose/dist/browser/jws/general/verify.js", "../node_modules/jose/dist/browser/jwt/verify.js", "../node_modules/jose/dist/browser/lib/jwt_claims_set.js", "../node_modules/jose/dist/browser/lib/epoch.js", "../node_modules/jose/dist/browser/lib/secs.js", "../node_modules/jose/dist/browser/jwt/decrypt.js", "../node_modules/jose/dist/browser/jwe/compact/encrypt.js", "../node_modules/jose/dist/browser/jws/compact/sign.js", "../node_modules/jose/dist/browser/jws/flattened/sign.js", "../node_modules/jose/dist/browser/runtime/sign.js", "../node_modules/jose/dist/browser/jws/general/sign.js", "../node_modules/jose/dist/browser/jwt/sign.js", "../node_modules/jose/dist/browser/jwt/produce.js", "../node_modules/jose/dist/browser/jwt/encrypt.js", "../node_modules/jose/dist/browser/jwk/thumbprint.js", "../node_modules/jose/dist/browser/jwk/embedded.js", "../node_modules/jose/dist/browser/jwks/local.js", "../node_modules/jose/dist/browser/jwks/remote.js", "../node_modules/jose/dist/browser/runtime/fetch_jwks.js", "../node_modules/jose/dist/browser/jwt/unsecured.js", "../node_modules/jose/dist/browser/util/decode_protected_header.js", "../node_modules/jose/dist/browser/util/base64url.js", "../node_modules/jose/dist/browser/util/decode_jwt.js", "../node_modules/jose/dist/browser/key/generate_key_pair.js", "../node_modules/jose/dist/browser/runtime/generate.js", "../node_modules/jose/dist/browser/key/generate_secret.js"], - "sourcesContent": ["'use strict'\n\nexports.byteLength = byteLength\nexports.toByteArray = toByteArray\nexports.fromByteArray = fromByteArray\n\nvar lookup = []\nvar revLookup = []\nvar Arr = typeof Uint8Array !== 'undefined' ? Uint8Array : Array\n\nvar code = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'\nfor (var i = 0, len = code.length; i < len; ++i) {\n lookup[i] = code[i]\n revLookup[code.charCodeAt(i)] = i\n}\n\n// Support decoding URL-safe base64 strings, as Node.js does.\n// See: https://en.wikipedia.org/wiki/Base64#URL_applications\nrevLookup['-'.charCodeAt(0)] = 62\nrevLookup['_'.charCodeAt(0)] = 63\n\nfunction getLens (b64) {\n var len = b64.length\n\n if (len % 4 > 0) {\n throw new Error('Invalid string. Length must be a multiple of 4')\n }\n\n // Trim off extra bytes after placeholder bytes are found\n // See: https://github.com/beatgammit/base64-js/issues/42\n var validLen = b64.indexOf('=')\n if (validLen === -1) validLen = len\n\n var placeHoldersLen = validLen === len\n ? 0\n : 4 - (validLen % 4)\n\n return [validLen, placeHoldersLen]\n}\n\n// base64 is 4/3 + up to two characters of the original data\nfunction byteLength (b64) {\n var lens = getLens(b64)\n var validLen = lens[0]\n var placeHoldersLen = lens[1]\n return ((validLen + placeHoldersLen) * 3 / 4) - placeHoldersLen\n}\n\nfunction _byteLength (b64, validLen, placeHoldersLen) {\n return ((validLen + placeHoldersLen) * 3 / 4) - placeHoldersLen\n}\n\nfunction toByteArray (b64) {\n var tmp\n var lens = getLens(b64)\n var validLen = lens[0]\n var placeHoldersLen = lens[1]\n\n var arr = new Arr(_byteLength(b64, validLen, placeHoldersLen))\n\n var curByte = 0\n\n // if there are placeholders, only get up to the last complete 4 chars\n var len = placeHoldersLen > 0\n ? validLen - 4\n : validLen\n\n var i\n for (i = 0; i < len; i += 4) {\n tmp =\n (revLookup[b64.charCodeAt(i)] << 18) |\n (revLookup[b64.charCodeAt(i + 1)] << 12) |\n (revLookup[b64.charCodeAt(i + 2)] << 6) |\n revLookup[b64.charCodeAt(i + 3)]\n arr[curByte++] = (tmp >> 16) & 0xFF\n arr[curByte++] = (tmp >> 8) & 0xFF\n arr[curByte++] = tmp & 0xFF\n }\n\n if (placeHoldersLen === 2) {\n tmp =\n (revLookup[b64.charCodeAt(i)] << 2) |\n (revLookup[b64.charCodeAt(i + 1)] >> 4)\n arr[curByte++] = tmp & 0xFF\n }\n\n if (placeHoldersLen === 1) {\n tmp =\n (revLookup[b64.charCodeAt(i)] << 10) |\n (revLookup[b64.charCodeAt(i + 1)] << 4) |\n (revLookup[b64.charCodeAt(i + 2)] >> 2)\n arr[curByte++] = (tmp >> 8) & 0xFF\n arr[curByte++] = tmp & 0xFF\n }\n\n return arr\n}\n\nfunction tripletToBase64 (num) {\n return lookup[num >> 18 & 0x3F] +\n lookup[num >> 12 & 0x3F] +\n lookup[num >> 6 & 0x3F] +\n lookup[num & 0x3F]\n}\n\nfunction encodeChunk (uint8, start, end) {\n var tmp\n var output = []\n for (var i = start; i < end; i += 3) {\n tmp =\n ((uint8[i] << 16) & 0xFF0000) +\n ((uint8[i + 1] << 8) & 0xFF00) +\n (uint8[i + 2] & 0xFF)\n output.push(tripletToBase64(tmp))\n }\n return output.join('')\n}\n\nfunction fromByteArray (uint8) {\n var tmp\n var len = uint8.length\n var extraBytes = len % 3 // if we have 1 byte left, pad 2 bytes\n var parts = []\n var maxChunkLength = 16383 // must be multiple of 3\n\n // go through the array every three bytes, we'll deal with trailing stuff later\n for (var i = 0, len2 = len - extraBytes; i < len2; i += maxChunkLength) {\n parts.push(encodeChunk(uint8, i, (i + maxChunkLength) > len2 ? len2 : (i + maxChunkLength)))\n }\n\n // pad the end with zeros, but make sure to not forget the extra bytes\n if (extraBytes === 1) {\n tmp = uint8[len - 1]\n parts.push(\n lookup[tmp >> 2] +\n lookup[(tmp << 4) & 0x3F] +\n '=='\n )\n } else if (extraBytes === 2) {\n tmp = (uint8[len - 2] << 8) + uint8[len - 1]\n parts.push(\n lookup[tmp >> 10] +\n lookup[(tmp >> 4) & 0x3F] +\n lookup[(tmp << 2) & 0x3F] +\n '='\n )\n }\n\n return parts.join('')\n}\n", "/*! ieee754. BSD-3-Clause License. Feross Aboukhadijeh */\nexports.read = function (buffer, offset, isLE, mLen, nBytes) {\n var e, m\n var eLen = (nBytes * 8) - mLen - 1\n var eMax = (1 << eLen) - 1\n var eBias = eMax >> 1\n var nBits = -7\n var i = isLE ? (nBytes - 1) : 0\n var d = isLE ? -1 : 1\n var s = buffer[offset + i]\n\n i += d\n\n e = s & ((1 << (-nBits)) - 1)\n s >>= (-nBits)\n nBits += eLen\n for (; nBits > 0; e = (e * 256) + buffer[offset + i], i += d, nBits -= 8) {}\n\n m = e & ((1 << (-nBits)) - 1)\n e >>= (-nBits)\n nBits += mLen\n for (; nBits > 0; m = (m * 256) + buffer[offset + i], i += d, nBits -= 8) {}\n\n if (e === 0) {\n e = 1 - eBias\n } else if (e === eMax) {\n return m ? NaN : ((s ? -1 : 1) * Infinity)\n } else {\n m = m + Math.pow(2, mLen)\n e = e - eBias\n }\n return (s ? -1 : 1) * m * Math.pow(2, e - mLen)\n}\n\nexports.write = function (buffer, value, offset, isLE, mLen, nBytes) {\n var e, m, c\n var eLen = (nBytes * 8) - mLen - 1\n var eMax = (1 << eLen) - 1\n var eBias = eMax >> 1\n var rt = (mLen === 23 ? Math.pow(2, -24) - Math.pow(2, -77) : 0)\n var i = isLE ? 0 : (nBytes - 1)\n var d = isLE ? 1 : -1\n var s = value < 0 || (value === 0 && 1 / value < 0) ? 1 : 0\n\n value = Math.abs(value)\n\n if (isNaN(value) || value === Infinity) {\n m = isNaN(value) ? 1 : 0\n e = eMax\n } else {\n e = Math.floor(Math.log(value) / Math.LN2)\n if (value * (c = Math.pow(2, -e)) < 1) {\n e--\n c *= 2\n }\n if (e + eBias >= 1) {\n value += rt / c\n } else {\n value += rt * Math.pow(2, 1 - eBias)\n }\n if (value * c >= 2) {\n e++\n c /= 2\n }\n\n if (e + eBias >= eMax) {\n m = 0\n e = eMax\n } else if (e + eBias >= 1) {\n m = ((value * c) - 1) * Math.pow(2, mLen)\n e = e + eBias\n } else {\n m = value * Math.pow(2, eBias - 1) * Math.pow(2, mLen)\n e = 0\n }\n }\n\n for (; mLen >= 8; buffer[offset + i] = m & 0xff, i += d, m /= 256, mLen -= 8) {}\n\n e = (e << mLen) | m\n eLen += mLen\n for (; eLen > 0; buffer[offset + i] = e & 0xff, i += d, e /= 256, eLen -= 8) {}\n\n buffer[offset + i - d] |= s * 128\n}\n", "/*!\n * The buffer module from node.js, for the browser.\n *\n * @author Feross Aboukhadijeh \n * @license MIT\n */\n/* eslint-disable no-proto */\n\n'use strict'\n\nconst base64 = require('base64-js')\nconst ieee754 = require('ieee754')\nconst customInspectSymbol =\n (typeof Symbol === 'function' && typeof Symbol['for'] === 'function') // eslint-disable-line dot-notation\n ? Symbol['for']('nodejs.util.inspect.custom') // eslint-disable-line dot-notation\n : null\n\nexports.Buffer = Buffer\nexports.SlowBuffer = SlowBuffer\nexports.INSPECT_MAX_BYTES = 50\n\nconst K_MAX_LENGTH = 0x7fffffff\nexports.kMaxLength = K_MAX_LENGTH\n\n/**\n * If `Buffer.TYPED_ARRAY_SUPPORT`:\n * === true Use Uint8Array implementation (fastest)\n * === false Print warning and recommend using `buffer` v4.x which has an Object\n * implementation (most compatible, even IE6)\n *\n * Browsers that support typed arrays are IE 10+, Firefox 4+, Chrome 7+, Safari 5.1+,\n * Opera 11.6+, iOS 4.2+.\n *\n * We report that the browser does not support typed arrays if the are not subclassable\n * using __proto__. Firefox 4-29 lacks support for adding new properties to `Uint8Array`\n * (See: https://bugzilla.mozilla.org/show_bug.cgi?id=695438). IE 10 lacks support\n * for __proto__ and has a buggy typed array implementation.\n */\nBuffer.TYPED_ARRAY_SUPPORT = typedArraySupport()\n\nif (!Buffer.TYPED_ARRAY_SUPPORT && typeof console !== 'undefined' &&\n typeof console.error === 'function') {\n console.error(\n 'This browser lacks typed array (Uint8Array) support which is required by ' +\n '`buffer` v5.x. Use `buffer` v4.x if you require old browser support.'\n )\n}\n\nfunction typedArraySupport () {\n // Can typed array instances can be augmented?\n try {\n const arr = new Uint8Array(1)\n const proto = { foo: function () { return 42 } }\n Object.setPrototypeOf(proto, Uint8Array.prototype)\n Object.setPrototypeOf(arr, proto)\n return arr.foo() === 42\n } catch (e) {\n return false\n }\n}\n\nObject.defineProperty(Buffer.prototype, 'parent', {\n enumerable: true,\n get: function () {\n if (!Buffer.isBuffer(this)) return undefined\n return this.buffer\n }\n})\n\nObject.defineProperty(Buffer.prototype, 'offset', {\n enumerable: true,\n get: function () {\n if (!Buffer.isBuffer(this)) return undefined\n return this.byteOffset\n }\n})\n\nfunction createBuffer (length) {\n if (length > K_MAX_LENGTH) {\n throw new RangeError('The value \"' + length + '\" is invalid for option \"size\"')\n }\n // Return an augmented `Uint8Array` instance\n const buf = new Uint8Array(length)\n Object.setPrototypeOf(buf, Buffer.prototype)\n return buf\n}\n\n/**\n * The Buffer constructor returns instances of `Uint8Array` that have their\n * prototype changed to `Buffer.prototype`. Furthermore, `Buffer` is a subclass of\n * `Uint8Array`, so the returned instances will have all the node `Buffer` methods\n * and the `Uint8Array` methods. Square bracket notation works as expected -- it\n * returns a single octet.\n *\n * The `Uint8Array` prototype remains unmodified.\n */\n\nfunction Buffer (arg, encodingOrOffset, length) {\n // Common case.\n if (typeof arg === 'number') {\n if (typeof encodingOrOffset === 'string') {\n throw new TypeError(\n 'The \"string\" argument must be of type string. Received type number'\n )\n }\n return allocUnsafe(arg)\n }\n return from(arg, encodingOrOffset, length)\n}\n\nBuffer.poolSize = 8192 // not used by this implementation\n\nfunction from (value, encodingOrOffset, length) {\n if (typeof value === 'string') {\n return fromString(value, encodingOrOffset)\n }\n\n if (ArrayBuffer.isView(value)) {\n return fromArrayView(value)\n }\n\n if (value == null) {\n throw new TypeError(\n 'The first argument must be one of type string, Buffer, ArrayBuffer, Array, ' +\n 'or Array-like Object. Received type ' + (typeof value)\n )\n }\n\n if (isInstance(value, ArrayBuffer) ||\n (value && isInstance(value.buffer, ArrayBuffer))) {\n return fromArrayBuffer(value, encodingOrOffset, length)\n }\n\n if (typeof SharedArrayBuffer !== 'undefined' &&\n (isInstance(value, SharedArrayBuffer) ||\n (value && isInstance(value.buffer, SharedArrayBuffer)))) {\n return fromArrayBuffer(value, encodingOrOffset, length)\n }\n\n if (typeof value === 'number') {\n throw new TypeError(\n 'The \"value\" argument must not be of type number. Received type number'\n )\n }\n\n const valueOf = value.valueOf && value.valueOf()\n if (valueOf != null && valueOf !== value) {\n return Buffer.from(valueOf, encodingOrOffset, length)\n }\n\n const b = fromObject(value)\n if (b) return b\n\n if (typeof Symbol !== 'undefined' && Symbol.toPrimitive != null &&\n typeof value[Symbol.toPrimitive] === 'function') {\n return Buffer.from(value[Symbol.toPrimitive]('string'), encodingOrOffset, length)\n }\n\n throw new TypeError(\n 'The first argument must be one of type string, Buffer, ArrayBuffer, Array, ' +\n 'or Array-like Object. Received type ' + (typeof value)\n )\n}\n\n/**\n * Functionally equivalent to Buffer(arg, encoding) but throws a TypeError\n * if value is a number.\n * Buffer.from(str[, encoding])\n * Buffer.from(array)\n * Buffer.from(buffer)\n * Buffer.from(arrayBuffer[, byteOffset[, length]])\n **/\nBuffer.from = function (value, encodingOrOffset, length) {\n return from(value, encodingOrOffset, length)\n}\n\n// Note: Change prototype *after* Buffer.from is defined to workaround Chrome bug:\n// https://github.com/feross/buffer/pull/148\nObject.setPrototypeOf(Buffer.prototype, Uint8Array.prototype)\nObject.setPrototypeOf(Buffer, Uint8Array)\n\nfunction assertSize (size) {\n if (typeof size !== 'number') {\n throw new TypeError('\"size\" argument must be of type number')\n } else if (size < 0) {\n throw new RangeError('The value \"' + size + '\" is invalid for option \"size\"')\n }\n}\n\nfunction alloc (size, fill, encoding) {\n assertSize(size)\n if (size <= 0) {\n return createBuffer(size)\n }\n if (fill !== undefined) {\n // Only pay attention to encoding if it's a string. This\n // prevents accidentally sending in a number that would\n // be interpreted as a start offset.\n return typeof encoding === 'string'\n ? createBuffer(size).fill(fill, encoding)\n : createBuffer(size).fill(fill)\n }\n return createBuffer(size)\n}\n\n/**\n * Creates a new filled Buffer instance.\n * alloc(size[, fill[, encoding]])\n **/\nBuffer.alloc = function (size, fill, encoding) {\n return alloc(size, fill, encoding)\n}\n\nfunction allocUnsafe (size) {\n assertSize(size)\n return createBuffer(size < 0 ? 0 : checked(size) | 0)\n}\n\n/**\n * Equivalent to Buffer(num), by default creates a non-zero-filled Buffer instance.\n * */\nBuffer.allocUnsafe = function (size) {\n return allocUnsafe(size)\n}\n/**\n * Equivalent to SlowBuffer(num), by default creates a non-zero-filled Buffer instance.\n */\nBuffer.allocUnsafeSlow = function (size) {\n return allocUnsafe(size)\n}\n\nfunction fromString (string, encoding) {\n if (typeof encoding !== 'string' || encoding === '') {\n encoding = 'utf8'\n }\n\n if (!Buffer.isEncoding(encoding)) {\n throw new TypeError('Unknown encoding: ' + encoding)\n }\n\n const length = byteLength(string, encoding) | 0\n let buf = createBuffer(length)\n\n const actual = buf.write(string, encoding)\n\n if (actual !== length) {\n // Writing a hex string, for example, that contains invalid characters will\n // cause everything after the first invalid character to be ignored. (e.g.\n // 'abxxcd' will be treated as 'ab')\n buf = buf.slice(0, actual)\n }\n\n return buf\n}\n\nfunction fromArrayLike (array) {\n const length = array.length < 0 ? 0 : checked(array.length) | 0\n const buf = createBuffer(length)\n for (let i = 0; i < length; i += 1) {\n buf[i] = array[i] & 255\n }\n return buf\n}\n\nfunction fromArrayView (arrayView) {\n if (isInstance(arrayView, Uint8Array)) {\n const copy = new Uint8Array(arrayView)\n return fromArrayBuffer(copy.buffer, copy.byteOffset, copy.byteLength)\n }\n return fromArrayLike(arrayView)\n}\n\nfunction fromArrayBuffer (array, byteOffset, length) {\n if (byteOffset < 0 || array.byteLength < byteOffset) {\n throw new RangeError('\"offset\" is outside of buffer bounds')\n }\n\n if (array.byteLength < byteOffset + (length || 0)) {\n throw new RangeError('\"length\" is outside of buffer bounds')\n }\n\n let buf\n if (byteOffset === undefined && length === undefined) {\n buf = new Uint8Array(array)\n } else if (length === undefined) {\n buf = new Uint8Array(array, byteOffset)\n } else {\n buf = new Uint8Array(array, byteOffset, length)\n }\n\n // Return an augmented `Uint8Array` instance\n Object.setPrototypeOf(buf, Buffer.prototype)\n\n return buf\n}\n\nfunction fromObject (obj) {\n if (Buffer.isBuffer(obj)) {\n const len = checked(obj.length) | 0\n const buf = createBuffer(len)\n\n if (buf.length === 0) {\n return buf\n }\n\n obj.copy(buf, 0, 0, len)\n return buf\n }\n\n if (obj.length !== undefined) {\n if (typeof obj.length !== 'number' || numberIsNaN(obj.length)) {\n return createBuffer(0)\n }\n return fromArrayLike(obj)\n }\n\n if (obj.type === 'Buffer' && Array.isArray(obj.data)) {\n return fromArrayLike(obj.data)\n }\n}\n\nfunction checked (length) {\n // Note: cannot use `length < K_MAX_LENGTH` here because that fails when\n // length is NaN (which is otherwise coerced to zero.)\n if (length >= K_MAX_LENGTH) {\n throw new RangeError('Attempt to allocate Buffer larger than maximum ' +\n 'size: 0x' + K_MAX_LENGTH.toString(16) + ' bytes')\n }\n return length | 0\n}\n\nfunction SlowBuffer (length) {\n if (+length != length) { // eslint-disable-line eqeqeq\n length = 0\n }\n return Buffer.alloc(+length)\n}\n\nBuffer.isBuffer = function isBuffer (b) {\n return b != null && b._isBuffer === true &&\n b !== Buffer.prototype // so Buffer.isBuffer(Buffer.prototype) will be false\n}\n\nBuffer.compare = function compare (a, b) {\n if (isInstance(a, Uint8Array)) a = Buffer.from(a, a.offset, a.byteLength)\n if (isInstance(b, Uint8Array)) b = Buffer.from(b, b.offset, b.byteLength)\n if (!Buffer.isBuffer(a) || !Buffer.isBuffer(b)) {\n throw new TypeError(\n 'The \"buf1\", \"buf2\" arguments must be one of type Buffer or Uint8Array'\n )\n }\n\n if (a === b) return 0\n\n let x = a.length\n let y = b.length\n\n for (let i = 0, len = Math.min(x, y); i < len; ++i) {\n if (a[i] !== b[i]) {\n x = a[i]\n y = b[i]\n break\n }\n }\n\n if (x < y) return -1\n if (y < x) return 1\n return 0\n}\n\nBuffer.isEncoding = function isEncoding (encoding) {\n switch (String(encoding).toLowerCase()) {\n case 'hex':\n case 'utf8':\n case 'utf-8':\n case 'ascii':\n case 'latin1':\n case 'binary':\n case 'base64':\n case 'ucs2':\n case 'ucs-2':\n case 'utf16le':\n case 'utf-16le':\n return true\n default:\n return false\n }\n}\n\nBuffer.concat = function concat (list, length) {\n if (!Array.isArray(list)) {\n throw new TypeError('\"list\" argument must be an Array of Buffers')\n }\n\n if (list.length === 0) {\n return Buffer.alloc(0)\n }\n\n let i\n if (length === undefined) {\n length = 0\n for (i = 0; i < list.length; ++i) {\n length += list[i].length\n }\n }\n\n const buffer = Buffer.allocUnsafe(length)\n let pos = 0\n for (i = 0; i < list.length; ++i) {\n let buf = list[i]\n if (isInstance(buf, Uint8Array)) {\n if (pos + buf.length > buffer.length) {\n if (!Buffer.isBuffer(buf)) buf = Buffer.from(buf)\n buf.copy(buffer, pos)\n } else {\n Uint8Array.prototype.set.call(\n buffer,\n buf,\n pos\n )\n }\n } else if (!Buffer.isBuffer(buf)) {\n throw new TypeError('\"list\" argument must be an Array of Buffers')\n } else {\n buf.copy(buffer, pos)\n }\n pos += buf.length\n }\n return buffer\n}\n\nfunction byteLength (string, encoding) {\n if (Buffer.isBuffer(string)) {\n return string.length\n }\n if (ArrayBuffer.isView(string) || isInstance(string, ArrayBuffer)) {\n return string.byteLength\n }\n if (typeof string !== 'string') {\n throw new TypeError(\n 'The \"string\" argument must be one of type string, Buffer, or ArrayBuffer. ' +\n 'Received type ' + typeof string\n )\n }\n\n const len = string.length\n const mustMatch = (arguments.length > 2 && arguments[2] === true)\n if (!mustMatch && len === 0) return 0\n\n // Use a for loop to avoid recursion\n let loweredCase = false\n for (;;) {\n switch (encoding) {\n case 'ascii':\n case 'latin1':\n case 'binary':\n return len\n case 'utf8':\n case 'utf-8':\n return utf8ToBytes(string).length\n case 'ucs2':\n case 'ucs-2':\n case 'utf16le':\n case 'utf-16le':\n return len * 2\n case 'hex':\n return len >>> 1\n case 'base64':\n return base64ToBytes(string).length\n default:\n if (loweredCase) {\n return mustMatch ? -1 : utf8ToBytes(string).length // assume utf8\n }\n encoding = ('' + encoding).toLowerCase()\n loweredCase = true\n }\n }\n}\nBuffer.byteLength = byteLength\n\nfunction slowToString (encoding, start, end) {\n let loweredCase = false\n\n // No need to verify that \"this.length <= MAX_UINT32\" since it's a read-only\n // property of a typed array.\n\n // This behaves neither like String nor Uint8Array in that we set start/end\n // to their upper/lower bounds if the value passed is out of range.\n // undefined is handled specially as per ECMA-262 6th Edition,\n // Section 13.3.3.7 Runtime Semantics: KeyedBindingInitialization.\n if (start === undefined || start < 0) {\n start = 0\n }\n // Return early if start > this.length. Done here to prevent potential uint32\n // coercion fail below.\n if (start > this.length) {\n return ''\n }\n\n if (end === undefined || end > this.length) {\n end = this.length\n }\n\n if (end <= 0) {\n return ''\n }\n\n // Force coercion to uint32. This will also coerce falsey/NaN values to 0.\n end >>>= 0\n start >>>= 0\n\n if (end <= start) {\n return ''\n }\n\n if (!encoding) encoding = 'utf8'\n\n while (true) {\n switch (encoding) {\n case 'hex':\n return hexSlice(this, start, end)\n\n case 'utf8':\n case 'utf-8':\n return utf8Slice(this, start, end)\n\n case 'ascii':\n return asciiSlice(this, start, end)\n\n case 'latin1':\n case 'binary':\n return latin1Slice(this, start, end)\n\n case 'base64':\n return base64Slice(this, start, end)\n\n case 'ucs2':\n case 'ucs-2':\n case 'utf16le':\n case 'utf-16le':\n return utf16leSlice(this, start, end)\n\n default:\n if (loweredCase) throw new TypeError('Unknown encoding: ' + encoding)\n encoding = (encoding + '').toLowerCase()\n loweredCase = true\n }\n }\n}\n\n// This property is used by `Buffer.isBuffer` (and the `is-buffer` npm package)\n// to detect a Buffer instance. It's not possible to use `instanceof Buffer`\n// reliably in a browserify context because there could be multiple different\n// copies of the 'buffer' package in use. This method works even for Buffer\n// instances that were created from another copy of the `buffer` package.\n// See: https://github.com/feross/buffer/issues/154\nBuffer.prototype._isBuffer = true\n\nfunction swap (b, n, m) {\n const i = b[n]\n b[n] = b[m]\n b[m] = i\n}\n\nBuffer.prototype.swap16 = function swap16 () {\n const len = this.length\n if (len % 2 !== 0) {\n throw new RangeError('Buffer size must be a multiple of 16-bits')\n }\n for (let i = 0; i < len; i += 2) {\n swap(this, i, i + 1)\n }\n return this\n}\n\nBuffer.prototype.swap32 = function swap32 () {\n const len = this.length\n if (len % 4 !== 0) {\n throw new RangeError('Buffer size must be a multiple of 32-bits')\n }\n for (let i = 0; i < len; i += 4) {\n swap(this, i, i + 3)\n swap(this, i + 1, i + 2)\n }\n return this\n}\n\nBuffer.prototype.swap64 = function swap64 () {\n const len = this.length\n if (len % 8 !== 0) {\n throw new RangeError('Buffer size must be a multiple of 64-bits')\n }\n for (let i = 0; i < len; i += 8) {\n swap(this, i, i + 7)\n swap(this, i + 1, i + 6)\n swap(this, i + 2, i + 5)\n swap(this, i + 3, i + 4)\n }\n return this\n}\n\nBuffer.prototype.toString = function toString () {\n const length = this.length\n if (length === 0) return ''\n if (arguments.length === 0) return utf8Slice(this, 0, length)\n return slowToString.apply(this, arguments)\n}\n\nBuffer.prototype.toLocaleString = Buffer.prototype.toString\n\nBuffer.prototype.equals = function equals (b) {\n if (!Buffer.isBuffer(b)) throw new TypeError('Argument must be a Buffer')\n if (this === b) return true\n return Buffer.compare(this, b) === 0\n}\n\nBuffer.prototype.inspect = function inspect () {\n let str = ''\n const max = exports.INSPECT_MAX_BYTES\n str = this.toString('hex', 0, max).replace(/(.{2})/g, '$1 ').trim()\n if (this.length > max) str += ' ... '\n return ''\n}\nif (customInspectSymbol) {\n Buffer.prototype[customInspectSymbol] = Buffer.prototype.inspect\n}\n\nBuffer.prototype.compare = function compare (target, start, end, thisStart, thisEnd) {\n if (isInstance(target, Uint8Array)) {\n target = Buffer.from(target, target.offset, target.byteLength)\n }\n if (!Buffer.isBuffer(target)) {\n throw new TypeError(\n 'The \"target\" argument must be one of type Buffer or Uint8Array. ' +\n 'Received type ' + (typeof target)\n )\n }\n\n if (start === undefined) {\n start = 0\n }\n if (end === undefined) {\n end = target ? target.length : 0\n }\n if (thisStart === undefined) {\n thisStart = 0\n }\n if (thisEnd === undefined) {\n thisEnd = this.length\n }\n\n if (start < 0 || end > target.length || thisStart < 0 || thisEnd > this.length) {\n throw new RangeError('out of range index')\n }\n\n if (thisStart >= thisEnd && start >= end) {\n return 0\n }\n if (thisStart >= thisEnd) {\n return -1\n }\n if (start >= end) {\n return 1\n }\n\n start >>>= 0\n end >>>= 0\n thisStart >>>= 0\n thisEnd >>>= 0\n\n if (this === target) return 0\n\n let x = thisEnd - thisStart\n let y = end - start\n const len = Math.min(x, y)\n\n const thisCopy = this.slice(thisStart, thisEnd)\n const targetCopy = target.slice(start, end)\n\n for (let i = 0; i < len; ++i) {\n if (thisCopy[i] !== targetCopy[i]) {\n x = thisCopy[i]\n y = targetCopy[i]\n break\n }\n }\n\n if (x < y) return -1\n if (y < x) return 1\n return 0\n}\n\n// Finds either the first index of `val` in `buffer` at offset >= `byteOffset`,\n// OR the last index of `val` in `buffer` at offset <= `byteOffset`.\n//\n// Arguments:\n// - buffer - a Buffer to search\n// - val - a string, Buffer, or number\n// - byteOffset - an index into `buffer`; will be clamped to an int32\n// - encoding - an optional encoding, relevant is val is a string\n// - dir - true for indexOf, false for lastIndexOf\nfunction bidirectionalIndexOf (buffer, val, byteOffset, encoding, dir) {\n // Empty buffer means no match\n if (buffer.length === 0) return -1\n\n // Normalize byteOffset\n if (typeof byteOffset === 'string') {\n encoding = byteOffset\n byteOffset = 0\n } else if (byteOffset > 0x7fffffff) {\n byteOffset = 0x7fffffff\n } else if (byteOffset < -0x80000000) {\n byteOffset = -0x80000000\n }\n byteOffset = +byteOffset // Coerce to Number.\n if (numberIsNaN(byteOffset)) {\n // byteOffset: it it's undefined, null, NaN, \"foo\", etc, search whole buffer\n byteOffset = dir ? 0 : (buffer.length - 1)\n }\n\n // Normalize byteOffset: negative offsets start from the end of the buffer\n if (byteOffset < 0) byteOffset = buffer.length + byteOffset\n if (byteOffset >= buffer.length) {\n if (dir) return -1\n else byteOffset = buffer.length - 1\n } else if (byteOffset < 0) {\n if (dir) byteOffset = 0\n else return -1\n }\n\n // Normalize val\n if (typeof val === 'string') {\n val = Buffer.from(val, encoding)\n }\n\n // Finally, search either indexOf (if dir is true) or lastIndexOf\n if (Buffer.isBuffer(val)) {\n // Special case: looking for empty string/buffer always fails\n if (val.length === 0) {\n return -1\n }\n return arrayIndexOf(buffer, val, byteOffset, encoding, dir)\n } else if (typeof val === 'number') {\n val = val & 0xFF // Search for a byte value [0-255]\n if (typeof Uint8Array.prototype.indexOf === 'function') {\n if (dir) {\n return Uint8Array.prototype.indexOf.call(buffer, val, byteOffset)\n } else {\n return Uint8Array.prototype.lastIndexOf.call(buffer, val, byteOffset)\n }\n }\n return arrayIndexOf(buffer, [val], byteOffset, encoding, dir)\n }\n\n throw new TypeError('val must be string, number or Buffer')\n}\n\nfunction arrayIndexOf (arr, val, byteOffset, encoding, dir) {\n let indexSize = 1\n let arrLength = arr.length\n let valLength = val.length\n\n if (encoding !== undefined) {\n encoding = String(encoding).toLowerCase()\n if (encoding === 'ucs2' || encoding === 'ucs-2' ||\n encoding === 'utf16le' || encoding === 'utf-16le') {\n if (arr.length < 2 || val.length < 2) {\n return -1\n }\n indexSize = 2\n arrLength /= 2\n valLength /= 2\n byteOffset /= 2\n }\n }\n\n function read (buf, i) {\n if (indexSize === 1) {\n return buf[i]\n } else {\n return buf.readUInt16BE(i * indexSize)\n }\n }\n\n let i\n if (dir) {\n let foundIndex = -1\n for (i = byteOffset; i < arrLength; i++) {\n if (read(arr, i) === read(val, foundIndex === -1 ? 0 : i - foundIndex)) {\n if (foundIndex === -1) foundIndex = i\n if (i - foundIndex + 1 === valLength) return foundIndex * indexSize\n } else {\n if (foundIndex !== -1) i -= i - foundIndex\n foundIndex = -1\n }\n }\n } else {\n if (byteOffset + valLength > arrLength) byteOffset = arrLength - valLength\n for (i = byteOffset; i >= 0; i--) {\n let found = true\n for (let j = 0; j < valLength; j++) {\n if (read(arr, i + j) !== read(val, j)) {\n found = false\n break\n }\n }\n if (found) return i\n }\n }\n\n return -1\n}\n\nBuffer.prototype.includes = function includes (val, byteOffset, encoding) {\n return this.indexOf(val, byteOffset, encoding) !== -1\n}\n\nBuffer.prototype.indexOf = function indexOf (val, byteOffset, encoding) {\n return bidirectionalIndexOf(this, val, byteOffset, encoding, true)\n}\n\nBuffer.prototype.lastIndexOf = function lastIndexOf (val, byteOffset, encoding) {\n return bidirectionalIndexOf(this, val, byteOffset, encoding, false)\n}\n\nfunction hexWrite (buf, string, offset, length) {\n offset = Number(offset) || 0\n const remaining = buf.length - offset\n if (!length) {\n length = remaining\n } else {\n length = Number(length)\n if (length > remaining) {\n length = remaining\n }\n }\n\n const strLen = string.length\n\n if (length > strLen / 2) {\n length = strLen / 2\n }\n let i\n for (i = 0; i < length; ++i) {\n const parsed = parseInt(string.substr(i * 2, 2), 16)\n if (numberIsNaN(parsed)) return i\n buf[offset + i] = parsed\n }\n return i\n}\n\nfunction utf8Write (buf, string, offset, length) {\n return blitBuffer(utf8ToBytes(string, buf.length - offset), buf, offset, length)\n}\n\nfunction asciiWrite (buf, string, offset, length) {\n return blitBuffer(asciiToBytes(string), buf, offset, length)\n}\n\nfunction base64Write (buf, string, offset, length) {\n return blitBuffer(base64ToBytes(string), buf, offset, length)\n}\n\nfunction ucs2Write (buf, string, offset, length) {\n return blitBuffer(utf16leToBytes(string, buf.length - offset), buf, offset, length)\n}\n\nBuffer.prototype.write = function write (string, offset, length, encoding) {\n // Buffer#write(string)\n if (offset === undefined) {\n encoding = 'utf8'\n length = this.length\n offset = 0\n // Buffer#write(string, encoding)\n } else if (length === undefined && typeof offset === 'string') {\n encoding = offset\n length = this.length\n offset = 0\n // Buffer#write(string, offset[, length][, encoding])\n } else if (isFinite(offset)) {\n offset = offset >>> 0\n if (isFinite(length)) {\n length = length >>> 0\n if (encoding === undefined) encoding = 'utf8'\n } else {\n encoding = length\n length = undefined\n }\n } else {\n throw new Error(\n 'Buffer.write(string, encoding, offset[, length]) is no longer supported'\n )\n }\n\n const remaining = this.length - offset\n if (length === undefined || length > remaining) length = remaining\n\n if ((string.length > 0 && (length < 0 || offset < 0)) || offset > this.length) {\n throw new RangeError('Attempt to write outside buffer bounds')\n }\n\n if (!encoding) encoding = 'utf8'\n\n let loweredCase = false\n for (;;) {\n switch (encoding) {\n case 'hex':\n return hexWrite(this, string, offset, length)\n\n case 'utf8':\n case 'utf-8':\n return utf8Write(this, string, offset, length)\n\n case 'ascii':\n case 'latin1':\n case 'binary':\n return asciiWrite(this, string, offset, length)\n\n case 'base64':\n // Warning: maxLength not taken into account in base64Write\n return base64Write(this, string, offset, length)\n\n case 'ucs2':\n case 'ucs-2':\n case 'utf16le':\n case 'utf-16le':\n return ucs2Write(this, string, offset, length)\n\n default:\n if (loweredCase) throw new TypeError('Unknown encoding: ' + encoding)\n encoding = ('' + encoding).toLowerCase()\n loweredCase = true\n }\n }\n}\n\nBuffer.prototype.toJSON = function toJSON () {\n return {\n type: 'Buffer',\n data: Array.prototype.slice.call(this._arr || this, 0)\n }\n}\n\nfunction base64Slice (buf, start, end) {\n if (start === 0 && end === buf.length) {\n return base64.fromByteArray(buf)\n } else {\n return base64.fromByteArray(buf.slice(start, end))\n }\n}\n\nfunction utf8Slice (buf, start, end) {\n end = Math.min(buf.length, end)\n const res = []\n\n let i = start\n while (i < end) {\n const firstByte = buf[i]\n let codePoint = null\n let bytesPerSequence = (firstByte > 0xEF)\n ? 4\n : (firstByte > 0xDF)\n ? 3\n : (firstByte > 0xBF)\n ? 2\n : 1\n\n if (i + bytesPerSequence <= end) {\n let secondByte, thirdByte, fourthByte, tempCodePoint\n\n switch (bytesPerSequence) {\n case 1:\n if (firstByte < 0x80) {\n codePoint = firstByte\n }\n break\n case 2:\n secondByte = buf[i + 1]\n if ((secondByte & 0xC0) === 0x80) {\n tempCodePoint = (firstByte & 0x1F) << 0x6 | (secondByte & 0x3F)\n if (tempCodePoint > 0x7F) {\n codePoint = tempCodePoint\n }\n }\n break\n case 3:\n secondByte = buf[i + 1]\n thirdByte = buf[i + 2]\n if ((secondByte & 0xC0) === 0x80 && (thirdByte & 0xC0) === 0x80) {\n tempCodePoint = (firstByte & 0xF) << 0xC | (secondByte & 0x3F) << 0x6 | (thirdByte & 0x3F)\n if (tempCodePoint > 0x7FF && (tempCodePoint < 0xD800 || tempCodePoint > 0xDFFF)) {\n codePoint = tempCodePoint\n }\n }\n break\n case 4:\n secondByte = buf[i + 1]\n thirdByte = buf[i + 2]\n fourthByte = buf[i + 3]\n if ((secondByte & 0xC0) === 0x80 && (thirdByte & 0xC0) === 0x80 && (fourthByte & 0xC0) === 0x80) {\n tempCodePoint = (firstByte & 0xF) << 0x12 | (secondByte & 0x3F) << 0xC | (thirdByte & 0x3F) << 0x6 | (fourthByte & 0x3F)\n if (tempCodePoint > 0xFFFF && tempCodePoint < 0x110000) {\n codePoint = tempCodePoint\n }\n }\n }\n }\n\n if (codePoint === null) {\n // we did not generate a valid codePoint so insert a\n // replacement char (U+FFFD) and advance only 1 byte\n codePoint = 0xFFFD\n bytesPerSequence = 1\n } else if (codePoint > 0xFFFF) {\n // encode to utf16 (surrogate pair dance)\n codePoint -= 0x10000\n res.push(codePoint >>> 10 & 0x3FF | 0xD800)\n codePoint = 0xDC00 | codePoint & 0x3FF\n }\n\n res.push(codePoint)\n i += bytesPerSequence\n }\n\n return decodeCodePointsArray(res)\n}\n\n// Based on http://stackoverflow.com/a/22747272/680742, the browser with\n// the lowest limit is Chrome, with 0x10000 args.\n// We go 1 magnitude less, for safety\nconst MAX_ARGUMENTS_LENGTH = 0x1000\n\nfunction decodeCodePointsArray (codePoints) {\n const len = codePoints.length\n if (len <= MAX_ARGUMENTS_LENGTH) {\n return String.fromCharCode.apply(String, codePoints) // avoid extra slice()\n }\n\n // Decode in chunks to avoid \"call stack size exceeded\".\n let res = ''\n let i = 0\n while (i < len) {\n res += String.fromCharCode.apply(\n String,\n codePoints.slice(i, i += MAX_ARGUMENTS_LENGTH)\n )\n }\n return res\n}\n\nfunction asciiSlice (buf, start, end) {\n let ret = ''\n end = Math.min(buf.length, end)\n\n for (let i = start; i < end; ++i) {\n ret += String.fromCharCode(buf[i] & 0x7F)\n }\n return ret\n}\n\nfunction latin1Slice (buf, start, end) {\n let ret = ''\n end = Math.min(buf.length, end)\n\n for (let i = start; i < end; ++i) {\n ret += String.fromCharCode(buf[i])\n }\n return ret\n}\n\nfunction hexSlice (buf, start, end) {\n const len = buf.length\n\n if (!start || start < 0) start = 0\n if (!end || end < 0 || end > len) end = len\n\n let out = ''\n for (let i = start; i < end; ++i) {\n out += hexSliceLookupTable[buf[i]]\n }\n return out\n}\n\nfunction utf16leSlice (buf, start, end) {\n const bytes = buf.slice(start, end)\n let res = ''\n // If bytes.length is odd, the last 8 bits must be ignored (same as node.js)\n for (let i = 0; i < bytes.length - 1; i += 2) {\n res += String.fromCharCode(bytes[i] + (bytes[i + 1] * 256))\n }\n return res\n}\n\nBuffer.prototype.slice = function slice (start, end) {\n const len = this.length\n start = ~~start\n end = end === undefined ? len : ~~end\n\n if (start < 0) {\n start += len\n if (start < 0) start = 0\n } else if (start > len) {\n start = len\n }\n\n if (end < 0) {\n end += len\n if (end < 0) end = 0\n } else if (end > len) {\n end = len\n }\n\n if (end < start) end = start\n\n const newBuf = this.subarray(start, end)\n // Return an augmented `Uint8Array` instance\n Object.setPrototypeOf(newBuf, Buffer.prototype)\n\n return newBuf\n}\n\n/*\n * Need to make sure that buffer isn't trying to write out of bounds.\n */\nfunction checkOffset (offset, ext, length) {\n if ((offset % 1) !== 0 || offset < 0) throw new RangeError('offset is not uint')\n if (offset + ext > length) throw new RangeError('Trying to access beyond buffer length')\n}\n\nBuffer.prototype.readUintLE =\nBuffer.prototype.readUIntLE = function readUIntLE (offset, byteLength, noAssert) {\n offset = offset >>> 0\n byteLength = byteLength >>> 0\n if (!noAssert) checkOffset(offset, byteLength, this.length)\n\n let val = this[offset]\n let mul = 1\n let i = 0\n while (++i < byteLength && (mul *= 0x100)) {\n val += this[offset + i] * mul\n }\n\n return val\n}\n\nBuffer.prototype.readUintBE =\nBuffer.prototype.readUIntBE = function readUIntBE (offset, byteLength, noAssert) {\n offset = offset >>> 0\n byteLength = byteLength >>> 0\n if (!noAssert) {\n checkOffset(offset, byteLength, this.length)\n }\n\n let val = this[offset + --byteLength]\n let mul = 1\n while (byteLength > 0 && (mul *= 0x100)) {\n val += this[offset + --byteLength] * mul\n }\n\n return val\n}\n\nBuffer.prototype.readUint8 =\nBuffer.prototype.readUInt8 = function readUInt8 (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 1, this.length)\n return this[offset]\n}\n\nBuffer.prototype.readUint16LE =\nBuffer.prototype.readUInt16LE = function readUInt16LE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 2, this.length)\n return this[offset] | (this[offset + 1] << 8)\n}\n\nBuffer.prototype.readUint16BE =\nBuffer.prototype.readUInt16BE = function readUInt16BE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 2, this.length)\n return (this[offset] << 8) | this[offset + 1]\n}\n\nBuffer.prototype.readUint32LE =\nBuffer.prototype.readUInt32LE = function readUInt32LE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 4, this.length)\n\n return ((this[offset]) |\n (this[offset + 1] << 8) |\n (this[offset + 2] << 16)) +\n (this[offset + 3] * 0x1000000)\n}\n\nBuffer.prototype.readUint32BE =\nBuffer.prototype.readUInt32BE = function readUInt32BE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 4, this.length)\n\n return (this[offset] * 0x1000000) +\n ((this[offset + 1] << 16) |\n (this[offset + 2] << 8) |\n this[offset + 3])\n}\n\nBuffer.prototype.readBigUInt64LE = defineBigIntMethod(function readBigUInt64LE (offset) {\n offset = offset >>> 0\n validateNumber(offset, 'offset')\n const first = this[offset]\n const last = this[offset + 7]\n if (first === undefined || last === undefined) {\n boundsError(offset, this.length - 8)\n }\n\n const lo = first +\n this[++offset] * 2 ** 8 +\n this[++offset] * 2 ** 16 +\n this[++offset] * 2 ** 24\n\n const hi = this[++offset] +\n this[++offset] * 2 ** 8 +\n this[++offset] * 2 ** 16 +\n last * 2 ** 24\n\n return BigInt(lo) + (BigInt(hi) << BigInt(32))\n})\n\nBuffer.prototype.readBigUInt64BE = defineBigIntMethod(function readBigUInt64BE (offset) {\n offset = offset >>> 0\n validateNumber(offset, 'offset')\n const first = this[offset]\n const last = this[offset + 7]\n if (first === undefined || last === undefined) {\n boundsError(offset, this.length - 8)\n }\n\n const hi = first * 2 ** 24 +\n this[++offset] * 2 ** 16 +\n this[++offset] * 2 ** 8 +\n this[++offset]\n\n const lo = this[++offset] * 2 ** 24 +\n this[++offset] * 2 ** 16 +\n this[++offset] * 2 ** 8 +\n last\n\n return (BigInt(hi) << BigInt(32)) + BigInt(lo)\n})\n\nBuffer.prototype.readIntLE = function readIntLE (offset, byteLength, noAssert) {\n offset = offset >>> 0\n byteLength = byteLength >>> 0\n if (!noAssert) checkOffset(offset, byteLength, this.length)\n\n let val = this[offset]\n let mul = 1\n let i = 0\n while (++i < byteLength && (mul *= 0x100)) {\n val += this[offset + i] * mul\n }\n mul *= 0x80\n\n if (val >= mul) val -= Math.pow(2, 8 * byteLength)\n\n return val\n}\n\nBuffer.prototype.readIntBE = function readIntBE (offset, byteLength, noAssert) {\n offset = offset >>> 0\n byteLength = byteLength >>> 0\n if (!noAssert) checkOffset(offset, byteLength, this.length)\n\n let i = byteLength\n let mul = 1\n let val = this[offset + --i]\n while (i > 0 && (mul *= 0x100)) {\n val += this[offset + --i] * mul\n }\n mul *= 0x80\n\n if (val >= mul) val -= Math.pow(2, 8 * byteLength)\n\n return val\n}\n\nBuffer.prototype.readInt8 = function readInt8 (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 1, this.length)\n if (!(this[offset] & 0x80)) return (this[offset])\n return ((0xff - this[offset] + 1) * -1)\n}\n\nBuffer.prototype.readInt16LE = function readInt16LE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 2, this.length)\n const val = this[offset] | (this[offset + 1] << 8)\n return (val & 0x8000) ? val | 0xFFFF0000 : val\n}\n\nBuffer.prototype.readInt16BE = function readInt16BE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 2, this.length)\n const val = this[offset + 1] | (this[offset] << 8)\n return (val & 0x8000) ? val | 0xFFFF0000 : val\n}\n\nBuffer.prototype.readInt32LE = function readInt32LE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 4, this.length)\n\n return (this[offset]) |\n (this[offset + 1] << 8) |\n (this[offset + 2] << 16) |\n (this[offset + 3] << 24)\n}\n\nBuffer.prototype.readInt32BE = function readInt32BE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 4, this.length)\n\n return (this[offset] << 24) |\n (this[offset + 1] << 16) |\n (this[offset + 2] << 8) |\n (this[offset + 3])\n}\n\nBuffer.prototype.readBigInt64LE = defineBigIntMethod(function readBigInt64LE (offset) {\n offset = offset >>> 0\n validateNumber(offset, 'offset')\n const first = this[offset]\n const last = this[offset + 7]\n if (first === undefined || last === undefined) {\n boundsError(offset, this.length - 8)\n }\n\n const val = this[offset + 4] +\n this[offset + 5] * 2 ** 8 +\n this[offset + 6] * 2 ** 16 +\n (last << 24) // Overflow\n\n return (BigInt(val) << BigInt(32)) +\n BigInt(first +\n this[++offset] * 2 ** 8 +\n this[++offset] * 2 ** 16 +\n this[++offset] * 2 ** 24)\n})\n\nBuffer.prototype.readBigInt64BE = defineBigIntMethod(function readBigInt64BE (offset) {\n offset = offset >>> 0\n validateNumber(offset, 'offset')\n const first = this[offset]\n const last = this[offset + 7]\n if (first === undefined || last === undefined) {\n boundsError(offset, this.length - 8)\n }\n\n const val = (first << 24) + // Overflow\n this[++offset] * 2 ** 16 +\n this[++offset] * 2 ** 8 +\n this[++offset]\n\n return (BigInt(val) << BigInt(32)) +\n BigInt(this[++offset] * 2 ** 24 +\n this[++offset] * 2 ** 16 +\n this[++offset] * 2 ** 8 +\n last)\n})\n\nBuffer.prototype.readFloatLE = function readFloatLE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 4, this.length)\n return ieee754.read(this, offset, true, 23, 4)\n}\n\nBuffer.prototype.readFloatBE = function readFloatBE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 4, this.length)\n return ieee754.read(this, offset, false, 23, 4)\n}\n\nBuffer.prototype.readDoubleLE = function readDoubleLE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 8, this.length)\n return ieee754.read(this, offset, true, 52, 8)\n}\n\nBuffer.prototype.readDoubleBE = function readDoubleBE (offset, noAssert) {\n offset = offset >>> 0\n if (!noAssert) checkOffset(offset, 8, this.length)\n return ieee754.read(this, offset, false, 52, 8)\n}\n\nfunction checkInt (buf, value, offset, ext, max, min) {\n if (!Buffer.isBuffer(buf)) throw new TypeError('\"buffer\" argument must be a Buffer instance')\n if (value > max || value < min) throw new RangeError('\"value\" argument is out of bounds')\n if (offset + ext > buf.length) throw new RangeError('Index out of range')\n}\n\nBuffer.prototype.writeUintLE =\nBuffer.prototype.writeUIntLE = function writeUIntLE (value, offset, byteLength, noAssert) {\n value = +value\n offset = offset >>> 0\n byteLength = byteLength >>> 0\n if (!noAssert) {\n const maxBytes = Math.pow(2, 8 * byteLength) - 1\n checkInt(this, value, offset, byteLength, maxBytes, 0)\n }\n\n let mul = 1\n let i = 0\n this[offset] = value & 0xFF\n while (++i < byteLength && (mul *= 0x100)) {\n this[offset + i] = (value / mul) & 0xFF\n }\n\n return offset + byteLength\n}\n\nBuffer.prototype.writeUintBE =\nBuffer.prototype.writeUIntBE = function writeUIntBE (value, offset, byteLength, noAssert) {\n value = +value\n offset = offset >>> 0\n byteLength = byteLength >>> 0\n if (!noAssert) {\n const maxBytes = Math.pow(2, 8 * byteLength) - 1\n checkInt(this, value, offset, byteLength, maxBytes, 0)\n }\n\n let i = byteLength - 1\n let mul = 1\n this[offset + i] = value & 0xFF\n while (--i >= 0 && (mul *= 0x100)) {\n this[offset + i] = (value / mul) & 0xFF\n }\n\n return offset + byteLength\n}\n\nBuffer.prototype.writeUint8 =\nBuffer.prototype.writeUInt8 = function writeUInt8 (value, offset, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) checkInt(this, value, offset, 1, 0xff, 0)\n this[offset] = (value & 0xff)\n return offset + 1\n}\n\nBuffer.prototype.writeUint16LE =\nBuffer.prototype.writeUInt16LE = function writeUInt16LE (value, offset, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) checkInt(this, value, offset, 2, 0xffff, 0)\n this[offset] = (value & 0xff)\n this[offset + 1] = (value >>> 8)\n return offset + 2\n}\n\nBuffer.prototype.writeUint16BE =\nBuffer.prototype.writeUInt16BE = function writeUInt16BE (value, offset, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) checkInt(this, value, offset, 2, 0xffff, 0)\n this[offset] = (value >>> 8)\n this[offset + 1] = (value & 0xff)\n return offset + 2\n}\n\nBuffer.prototype.writeUint32LE =\nBuffer.prototype.writeUInt32LE = function writeUInt32LE (value, offset, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) checkInt(this, value, offset, 4, 0xffffffff, 0)\n this[offset + 3] = (value >>> 24)\n this[offset + 2] = (value >>> 16)\n this[offset + 1] = (value >>> 8)\n this[offset] = (value & 0xff)\n return offset + 4\n}\n\nBuffer.prototype.writeUint32BE =\nBuffer.prototype.writeUInt32BE = function writeUInt32BE (value, offset, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) checkInt(this, value, offset, 4, 0xffffffff, 0)\n this[offset] = (value >>> 24)\n this[offset + 1] = (value >>> 16)\n this[offset + 2] = (value >>> 8)\n this[offset + 3] = (value & 0xff)\n return offset + 4\n}\n\nfunction wrtBigUInt64LE (buf, value, offset, min, max) {\n checkIntBI(value, min, max, buf, offset, 7)\n\n let lo = Number(value & BigInt(0xffffffff))\n buf[offset++] = lo\n lo = lo >> 8\n buf[offset++] = lo\n lo = lo >> 8\n buf[offset++] = lo\n lo = lo >> 8\n buf[offset++] = lo\n let hi = Number(value >> BigInt(32) & BigInt(0xffffffff))\n buf[offset++] = hi\n hi = hi >> 8\n buf[offset++] = hi\n hi = hi >> 8\n buf[offset++] = hi\n hi = hi >> 8\n buf[offset++] = hi\n return offset\n}\n\nfunction wrtBigUInt64BE (buf, value, offset, min, max) {\n checkIntBI(value, min, max, buf, offset, 7)\n\n let lo = Number(value & BigInt(0xffffffff))\n buf[offset + 7] = lo\n lo = lo >> 8\n buf[offset + 6] = lo\n lo = lo >> 8\n buf[offset + 5] = lo\n lo = lo >> 8\n buf[offset + 4] = lo\n let hi = Number(value >> BigInt(32) & BigInt(0xffffffff))\n buf[offset + 3] = hi\n hi = hi >> 8\n buf[offset + 2] = hi\n hi = hi >> 8\n buf[offset + 1] = hi\n hi = hi >> 8\n buf[offset] = hi\n return offset + 8\n}\n\nBuffer.prototype.writeBigUInt64LE = defineBigIntMethod(function writeBigUInt64LE (value, offset = 0) {\n return wrtBigUInt64LE(this, value, offset, BigInt(0), BigInt('0xffffffffffffffff'))\n})\n\nBuffer.prototype.writeBigUInt64BE = defineBigIntMethod(function writeBigUInt64BE (value, offset = 0) {\n return wrtBigUInt64BE(this, value, offset, BigInt(0), BigInt('0xffffffffffffffff'))\n})\n\nBuffer.prototype.writeIntLE = function writeIntLE (value, offset, byteLength, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) {\n const limit = Math.pow(2, (8 * byteLength) - 1)\n\n checkInt(this, value, offset, byteLength, limit - 1, -limit)\n }\n\n let i = 0\n let mul = 1\n let sub = 0\n this[offset] = value & 0xFF\n while (++i < byteLength && (mul *= 0x100)) {\n if (value < 0 && sub === 0 && this[offset + i - 1] !== 0) {\n sub = 1\n }\n this[offset + i] = ((value / mul) >> 0) - sub & 0xFF\n }\n\n return offset + byteLength\n}\n\nBuffer.prototype.writeIntBE = function writeIntBE (value, offset, byteLength, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) {\n const limit = Math.pow(2, (8 * byteLength) - 1)\n\n checkInt(this, value, offset, byteLength, limit - 1, -limit)\n }\n\n let i = byteLength - 1\n let mul = 1\n let sub = 0\n this[offset + i] = value & 0xFF\n while (--i >= 0 && (mul *= 0x100)) {\n if (value < 0 && sub === 0 && this[offset + i + 1] !== 0) {\n sub = 1\n }\n this[offset + i] = ((value / mul) >> 0) - sub & 0xFF\n }\n\n return offset + byteLength\n}\n\nBuffer.prototype.writeInt8 = function writeInt8 (value, offset, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) checkInt(this, value, offset, 1, 0x7f, -0x80)\n if (value < 0) value = 0xff + value + 1\n this[offset] = (value & 0xff)\n return offset + 1\n}\n\nBuffer.prototype.writeInt16LE = function writeInt16LE (value, offset, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) checkInt(this, value, offset, 2, 0x7fff, -0x8000)\n this[offset] = (value & 0xff)\n this[offset + 1] = (value >>> 8)\n return offset + 2\n}\n\nBuffer.prototype.writeInt16BE = function writeInt16BE (value, offset, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) checkInt(this, value, offset, 2, 0x7fff, -0x8000)\n this[offset] = (value >>> 8)\n this[offset + 1] = (value & 0xff)\n return offset + 2\n}\n\nBuffer.prototype.writeInt32LE = function writeInt32LE (value, offset, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) checkInt(this, value, offset, 4, 0x7fffffff, -0x80000000)\n this[offset] = (value & 0xff)\n this[offset + 1] = (value >>> 8)\n this[offset + 2] = (value >>> 16)\n this[offset + 3] = (value >>> 24)\n return offset + 4\n}\n\nBuffer.prototype.writeInt32BE = function writeInt32BE (value, offset, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) checkInt(this, value, offset, 4, 0x7fffffff, -0x80000000)\n if (value < 0) value = 0xffffffff + value + 1\n this[offset] = (value >>> 24)\n this[offset + 1] = (value >>> 16)\n this[offset + 2] = (value >>> 8)\n this[offset + 3] = (value & 0xff)\n return offset + 4\n}\n\nBuffer.prototype.writeBigInt64LE = defineBigIntMethod(function writeBigInt64LE (value, offset = 0) {\n return wrtBigUInt64LE(this, value, offset, -BigInt('0x8000000000000000'), BigInt('0x7fffffffffffffff'))\n})\n\nBuffer.prototype.writeBigInt64BE = defineBigIntMethod(function writeBigInt64BE (value, offset = 0) {\n return wrtBigUInt64BE(this, value, offset, -BigInt('0x8000000000000000'), BigInt('0x7fffffffffffffff'))\n})\n\nfunction checkIEEE754 (buf, value, offset, ext, max, min) {\n if (offset + ext > buf.length) throw new RangeError('Index out of range')\n if (offset < 0) throw new RangeError('Index out of range')\n}\n\nfunction writeFloat (buf, value, offset, littleEndian, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) {\n checkIEEE754(buf, value, offset, 4, 3.4028234663852886e+38, -3.4028234663852886e+38)\n }\n ieee754.write(buf, value, offset, littleEndian, 23, 4)\n return offset + 4\n}\n\nBuffer.prototype.writeFloatLE = function writeFloatLE (value, offset, noAssert) {\n return writeFloat(this, value, offset, true, noAssert)\n}\n\nBuffer.prototype.writeFloatBE = function writeFloatBE (value, offset, noAssert) {\n return writeFloat(this, value, offset, false, noAssert)\n}\n\nfunction writeDouble (buf, value, offset, littleEndian, noAssert) {\n value = +value\n offset = offset >>> 0\n if (!noAssert) {\n checkIEEE754(buf, value, offset, 8, 1.7976931348623157E+308, -1.7976931348623157E+308)\n }\n ieee754.write(buf, value, offset, littleEndian, 52, 8)\n return offset + 8\n}\n\nBuffer.prototype.writeDoubleLE = function writeDoubleLE (value, offset, noAssert) {\n return writeDouble(this, value, offset, true, noAssert)\n}\n\nBuffer.prototype.writeDoubleBE = function writeDoubleBE (value, offset, noAssert) {\n return writeDouble(this, value, offset, false, noAssert)\n}\n\n// copy(targetBuffer, targetStart=0, sourceStart=0, sourceEnd=buffer.length)\nBuffer.prototype.copy = function copy (target, targetStart, start, end) {\n if (!Buffer.isBuffer(target)) throw new TypeError('argument should be a Buffer')\n if (!start) start = 0\n if (!end && end !== 0) end = this.length\n if (targetStart >= target.length) targetStart = target.length\n if (!targetStart) targetStart = 0\n if (end > 0 && end < start) end = start\n\n // Copy 0 bytes; we're done\n if (end === start) return 0\n if (target.length === 0 || this.length === 0) return 0\n\n // Fatal error conditions\n if (targetStart < 0) {\n throw new RangeError('targetStart out of bounds')\n }\n if (start < 0 || start >= this.length) throw new RangeError('Index out of range')\n if (end < 0) throw new RangeError('sourceEnd out of bounds')\n\n // Are we oob?\n if (end > this.length) end = this.length\n if (target.length - targetStart < end - start) {\n end = target.length - targetStart + start\n }\n\n const len = end - start\n\n if (this === target && typeof Uint8Array.prototype.copyWithin === 'function') {\n // Use built-in when available, missing from IE11\n this.copyWithin(targetStart, start, end)\n } else {\n Uint8Array.prototype.set.call(\n target,\n this.subarray(start, end),\n targetStart\n )\n }\n\n return len\n}\n\n// Usage:\n// buffer.fill(number[, offset[, end]])\n// buffer.fill(buffer[, offset[, end]])\n// buffer.fill(string[, offset[, end]][, encoding])\nBuffer.prototype.fill = function fill (val, start, end, encoding) {\n // Handle string cases:\n if (typeof val === 'string') {\n if (typeof start === 'string') {\n encoding = start\n start = 0\n end = this.length\n } else if (typeof end === 'string') {\n encoding = end\n end = this.length\n }\n if (encoding !== undefined && typeof encoding !== 'string') {\n throw new TypeError('encoding must be a string')\n }\n if (typeof encoding === 'string' && !Buffer.isEncoding(encoding)) {\n throw new TypeError('Unknown encoding: ' + encoding)\n }\n if (val.length === 1) {\n const code = val.charCodeAt(0)\n if ((encoding === 'utf8' && code < 128) ||\n encoding === 'latin1') {\n // Fast path: If `val` fits into a single byte, use that numeric value.\n val = code\n }\n }\n } else if (typeof val === 'number') {\n val = val & 255\n } else if (typeof val === 'boolean') {\n val = Number(val)\n }\n\n // Invalid ranges are not set to a default, so can range check early.\n if (start < 0 || this.length < start || this.length < end) {\n throw new RangeError('Out of range index')\n }\n\n if (end <= start) {\n return this\n }\n\n start = start >>> 0\n end = end === undefined ? this.length : end >>> 0\n\n if (!val) val = 0\n\n let i\n if (typeof val === 'number') {\n for (i = start; i < end; ++i) {\n this[i] = val\n }\n } else {\n const bytes = Buffer.isBuffer(val)\n ? val\n : Buffer.from(val, encoding)\n const len = bytes.length\n if (len === 0) {\n throw new TypeError('The value \"' + val +\n '\" is invalid for argument \"value\"')\n }\n for (i = 0; i < end - start; ++i) {\n this[i + start] = bytes[i % len]\n }\n }\n\n return this\n}\n\n// CUSTOM ERRORS\n// =============\n\n// Simplified versions from Node, changed for Buffer-only usage\nconst errors = {}\nfunction E (sym, getMessage, Base) {\n errors[sym] = class NodeError extends Base {\n constructor () {\n super()\n\n Object.defineProperty(this, 'message', {\n value: getMessage.apply(this, arguments),\n writable: true,\n configurable: true\n })\n\n // Add the error code to the name to include it in the stack trace.\n this.name = `${this.name} [${sym}]`\n // Access the stack to generate the error message including the error code\n // from the name.\n this.stack // eslint-disable-line no-unused-expressions\n // Reset the name to the actual name.\n delete this.name\n }\n\n get code () {\n return sym\n }\n\n set code (value) {\n Object.defineProperty(this, 'code', {\n configurable: true,\n enumerable: true,\n value,\n writable: true\n })\n }\n\n toString () {\n return `${this.name} [${sym}]: ${this.message}`\n }\n }\n}\n\nE('ERR_BUFFER_OUT_OF_BOUNDS',\n function (name) {\n if (name) {\n return `${name} is outside of buffer bounds`\n }\n\n return 'Attempt to access memory outside buffer bounds'\n }, RangeError)\nE('ERR_INVALID_ARG_TYPE',\n function (name, actual) {\n return `The \"${name}\" argument must be of type number. Received type ${typeof actual}`\n }, TypeError)\nE('ERR_OUT_OF_RANGE',\n function (str, range, input) {\n let msg = `The value of \"${str}\" is out of range.`\n let received = input\n if (Number.isInteger(input) && Math.abs(input) > 2 ** 32) {\n received = addNumericalSeparator(String(input))\n } else if (typeof input === 'bigint') {\n received = String(input)\n if (input > BigInt(2) ** BigInt(32) || input < -(BigInt(2) ** BigInt(32))) {\n received = addNumericalSeparator(received)\n }\n received += 'n'\n }\n msg += ` It must be ${range}. Received ${received}`\n return msg\n }, RangeError)\n\nfunction addNumericalSeparator (val) {\n let res = ''\n let i = val.length\n const start = val[0] === '-' ? 1 : 0\n for (; i >= start + 4; i -= 3) {\n res = `_${val.slice(i - 3, i)}${res}`\n }\n return `${val.slice(0, i)}${res}`\n}\n\n// CHECK FUNCTIONS\n// ===============\n\nfunction checkBounds (buf, offset, byteLength) {\n validateNumber(offset, 'offset')\n if (buf[offset] === undefined || buf[offset + byteLength] === undefined) {\n boundsError(offset, buf.length - (byteLength + 1))\n }\n}\n\nfunction checkIntBI (value, min, max, buf, offset, byteLength) {\n if (value > max || value < min) {\n const n = typeof min === 'bigint' ? 'n' : ''\n let range\n if (byteLength > 3) {\n if (min === 0 || min === BigInt(0)) {\n range = `>= 0${n} and < 2${n} ** ${(byteLength + 1) * 8}${n}`\n } else {\n range = `>= -(2${n} ** ${(byteLength + 1) * 8 - 1}${n}) and < 2 ** ` +\n `${(byteLength + 1) * 8 - 1}${n}`\n }\n } else {\n range = `>= ${min}${n} and <= ${max}${n}`\n }\n throw new errors.ERR_OUT_OF_RANGE('value', range, value)\n }\n checkBounds(buf, offset, byteLength)\n}\n\nfunction validateNumber (value, name) {\n if (typeof value !== 'number') {\n throw new errors.ERR_INVALID_ARG_TYPE(name, 'number', value)\n }\n}\n\nfunction boundsError (value, length, type) {\n if (Math.floor(value) !== value) {\n validateNumber(value, type)\n throw new errors.ERR_OUT_OF_RANGE(type || 'offset', 'an integer', value)\n }\n\n if (length < 0) {\n throw new errors.ERR_BUFFER_OUT_OF_BOUNDS()\n }\n\n throw new errors.ERR_OUT_OF_RANGE(type || 'offset',\n `>= ${type ? 1 : 0} and <= ${length}`,\n value)\n}\n\n// HELPER FUNCTIONS\n// ================\n\nconst INVALID_BASE64_RE = /[^+/0-9A-Za-z-_]/g\n\nfunction base64clean (str) {\n // Node takes equal signs as end of the Base64 encoding\n str = str.split('=')[0]\n // Node strips out invalid characters like \\n and \\t from the string, base64-js does not\n str = str.trim().replace(INVALID_BASE64_RE, '')\n // Node converts strings with length < 2 to ''\n if (str.length < 2) return ''\n // Node allows for non-padded base64 strings (missing trailing ===), base64-js does not\n while (str.length % 4 !== 0) {\n str = str + '='\n }\n return str\n}\n\nfunction utf8ToBytes (string, units) {\n units = units || Infinity\n let codePoint\n const length = string.length\n let leadSurrogate = null\n const bytes = []\n\n for (let i = 0; i < length; ++i) {\n codePoint = string.charCodeAt(i)\n\n // is surrogate component\n if (codePoint > 0xD7FF && codePoint < 0xE000) {\n // last char was a lead\n if (!leadSurrogate) {\n // no lead yet\n if (codePoint > 0xDBFF) {\n // unexpected trail\n if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)\n continue\n } else if (i + 1 === length) {\n // unpaired lead\n if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)\n continue\n }\n\n // valid lead\n leadSurrogate = codePoint\n\n continue\n }\n\n // 2 leads in a row\n if (codePoint < 0xDC00) {\n if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)\n leadSurrogate = codePoint\n continue\n }\n\n // valid surrogate pair\n codePoint = (leadSurrogate - 0xD800 << 10 | codePoint - 0xDC00) + 0x10000\n } else if (leadSurrogate) {\n // valid bmp char, but last char was a lead\n if ((units -= 3) > -1) bytes.push(0xEF, 0xBF, 0xBD)\n }\n\n leadSurrogate = null\n\n // encode utf8\n if (codePoint < 0x80) {\n if ((units -= 1) < 0) break\n bytes.push(codePoint)\n } else if (codePoint < 0x800) {\n if ((units -= 2) < 0) break\n bytes.push(\n codePoint >> 0x6 | 0xC0,\n codePoint & 0x3F | 0x80\n )\n } else if (codePoint < 0x10000) {\n if ((units -= 3) < 0) break\n bytes.push(\n codePoint >> 0xC | 0xE0,\n codePoint >> 0x6 & 0x3F | 0x80,\n codePoint & 0x3F | 0x80\n )\n } else if (codePoint < 0x110000) {\n if ((units -= 4) < 0) break\n bytes.push(\n codePoint >> 0x12 | 0xF0,\n codePoint >> 0xC & 0x3F | 0x80,\n codePoint >> 0x6 & 0x3F | 0x80,\n codePoint & 0x3F | 0x80\n )\n } else {\n throw new Error('Invalid code point')\n }\n }\n\n return bytes\n}\n\nfunction asciiToBytes (str) {\n const byteArray = []\n for (let i = 0; i < str.length; ++i) {\n // Node's code seems to be doing this and not & 0x7F..\n byteArray.push(str.charCodeAt(i) & 0xFF)\n }\n return byteArray\n}\n\nfunction utf16leToBytes (str, units) {\n let c, hi, lo\n const byteArray = []\n for (let i = 0; i < str.length; ++i) {\n if ((units -= 2) < 0) break\n\n c = str.charCodeAt(i)\n hi = c >> 8\n lo = c % 256\n byteArray.push(lo)\n byteArray.push(hi)\n }\n\n return byteArray\n}\n\nfunction base64ToBytes (str) {\n return base64.toByteArray(base64clean(str))\n}\n\nfunction blitBuffer (src, dst, offset, length) {\n let i\n for (i = 0; i < length; ++i) {\n if ((i + offset >= dst.length) || (i >= src.length)) break\n dst[i + offset] = src[i]\n }\n return i\n}\n\n// ArrayBuffer or Uint8Array objects from other contexts (i.e. iframes) do not pass\n// the `instanceof` check but they should be treated as of that type.\n// See: https://github.com/feross/buffer/issues/166\nfunction isInstance (obj, type) {\n return obj instanceof type ||\n (obj != null && obj.constructor != null && obj.constructor.name != null &&\n obj.constructor.name === type.name)\n}\nfunction numberIsNaN (obj) {\n // For IE11 support\n return obj !== obj // eslint-disable-line no-self-compare\n}\n\n// Create lookup table for `toString('hex')`\n// See: https://github.com/feross/buffer/issues/219\nconst hexSliceLookupTable = (function () {\n const alphabet = '0123456789abcdef'\n const table = new Array(256)\n for (let i = 0; i < 16; ++i) {\n const i16 = i * 16\n for (let j = 0; j < 16; ++j) {\n table[i16 + j] = alphabet[i] + alphabet[j]\n }\n }\n return table\n})()\n\n// Return not function with Error if BigInt not supported\nfunction defineBigIntMethod (fn) {\n return typeof BigInt === 'undefined' ? BufferBigIntNotDefined : fn\n}\n\nfunction BufferBigIntNotDefined () {\n throw new Error('BigInt not supported')\n}\n", "export let Buffer = require('buffer').Buffer\r\n", "\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nfunction padString(input) {\n var segmentLength = 4;\n var stringLength = input.length;\n var diff = stringLength % segmentLength;\n if (!diff) {\n return input;\n }\n var position = stringLength;\n var padLength = segmentLength - diff;\n var paddedStringLength = stringLength + padLength;\n var buffer = Buffer.alloc(paddedStringLength);\n buffer.write(input);\n while (padLength--) {\n buffer.write(\"=\", position++);\n }\n return buffer.toString();\n}\nexports.default = padString;\n", "\"use strict\";\nObject.defineProperty(exports, \"__esModule\", { value: true });\nvar pad_string_1 = require(\"./pad-string\");\nfunction encode(input, encoding) {\n if (encoding === void 0) { encoding = \"utf8\"; }\n if (Buffer.isBuffer(input)) {\n return fromBase64(input.toString(\"base64\"));\n }\n return fromBase64(Buffer.from(input, encoding).toString(\"base64\"));\n}\n;\nfunction decode(base64url, encoding) {\n if (encoding === void 0) { encoding = \"utf8\"; }\n return Buffer.from(toBase64(base64url), \"base64\").toString(encoding);\n}\nfunction toBase64(base64url) {\n base64url = base64url.toString();\n return pad_string_1.default(base64url)\n .replace(/\\-/g, \"+\")\n .replace(/_/g, \"/\");\n}\nfunction fromBase64(base64) {\n return base64\n .replace(/=/g, \"\")\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\");\n}\nfunction toBuffer(base64url) {\n return Buffer.from(toBase64(base64url), \"base64\");\n}\nvar base64url = encode;\nbase64url.encode = encode;\nbase64url.decode = decode;\nbase64url.toBase64 = toBase64;\nbase64url.fromBase64 = fromBase64;\nbase64url.toBuffer = toBuffer;\nexports.default = base64url;\n", "module.exports = require('./dist/base64url').default;\nmodule.exports.default = module.exports;\n", "import base64url from 'base64url';\r\nimport * as jose from 'jose';\r\nimport * as querystring from 'querystring';\r\nimport { inflateRaw, deflateRaw } from 'pako';\r\n\r\nexport interface SHLinkConnectRequest {\r\n shl: string;\r\n recipient: string;\r\n passcode?: string;\r\n}\r\n\r\nexport interface SHLinkConnectResponse {\r\n state: string;\r\n shcs: string[];\r\n}\r\n\r\nexport interface SHLClientStateDecoded {\r\n url: string;\r\n key: string;\r\n recipient: string;\r\n passcode?: string;\r\n}\r\n\r\nexport interface SHLDecoded {\r\n url: string;\r\n key: string;\r\n flag?: string;\r\n label?: string;\r\n}\r\n\r\nexport interface SHLManifestFile {\r\n files: {\r\n contentType: string;\r\n location: string;\r\n embedded?: string;\r\n }[];\r\n}\r\n\r\nexport function randomStringWithEntropy(entropy: number) {\r\n const b = new Uint8Array(entropy);\r\n crypto.getRandomValues(b);\r\n return base64url.encode(b.buffer as Buffer);\r\n}\r\n\r\nexport function decodeBase64urlToJson(s: string): T {\r\n return JSON.parse(base64url.decode(s)) as T;\r\n}\r\n\r\nexport function decodeToJson(s: Uint8Array): T {\r\n return JSON.parse(new TextDecoder().decode(s)) as T;\r\n}\r\n\r\nexport interface Manifest {\r\n file: { contentType: string; location: string }[];\r\n}\r\n\r\nfunction flag(config: { shl: string }) {\r\n const shlBody = config.shl.split(/^(?:.+:\\/.+#)?shlink:\\//)[1];\r\n const parsedShl: SHLDecoded = decodeBase64urlToJson(shlBody);\r\n return parsedShl?.flag;\r\n}\r\n\r\nfunction needPasscode(config: { shl: string }) {\r\n const shlBody = config.shl.split(/^(?:.+:\\/.+#)?shlink:\\//)[1];\r\n const parsedShl: SHLDecoded = decodeBase64urlToJson(shlBody);\r\n if (parsedShl.flag?.includes('P')) {\r\n return true;\r\n }\r\n\r\n return false;\r\n}\r\n\r\nfunction id(config: { shl: string }) {\r\n const shlBody = config.shl.split(/^(?:.+:\\/.+#)?shlink:\\//)[1];\r\n const parsedShl: SHLDecoded = decodeBase64urlToJson(shlBody);\r\n return new URL(parsedShl?.url).href.split(\"/\").pop();\r\n}\r\n\r\nasync function retrieve(configIncoming: SHLinkConnectRequest | {state: string}) {\r\n const config: SHLinkConnectRequest = configIncoming[\"state\"] ? JSON.parse(base64url.decode(configIncoming[\"state\"])) : configIncoming\r\n const shlBody = config.shl.split(/^(?:.+:\\/.+#)?shlink:\\//)[1];\r\n const parsedShl: SHLDecoded = decodeBase64urlToJson(shlBody);\r\n const manifestResponse = await fetch(parsedShl.url, {\r\n method: 'POST',\r\n headers: {\r\n 'content-type': 'application/json',\r\n },\r\n body: JSON.stringify({\r\n passcode: config.passcode,\r\n recipient: config.recipient,\r\n }),\r\n });\r\n let isJson = false;\r\n let manifestResponseContent;\r\n manifestResponseContent = await manifestResponse.text();\r\n try {\r\n manifestResponseContent = JSON.parse(manifestResponseContent);\r\n isJson = true;\r\n } catch (error) {\r\n console.warn(\"Manifest did not return JSON object\");\r\n }\r\n\r\n if (!manifestResponse.ok || !isJson) {\r\n return {\r\n status: manifestResponse.status,\r\n error: (manifestResponseContent ?? \"\")\r\n };\r\n } else {\r\n const allFiles = (manifestResponseContent as SHLManifestFile).files\r\n .filter((f) => f.contentType === 'application/smart-health-card')\r\n .map(async (f) => {\r\n if (f.embedded !== undefined) {\r\n return f.embedded\r\n } else {\r\n return fetch(f.location).then((f) => f.text())\r\n }\r\n });\r\n\r\n const decryptionKey = base64url.toBuffer(parsedShl.key);\r\n const allFilesDecrypted = allFiles.map(async (f) => {\r\n const decrypted = await jose.compactDecrypt(await f, decryptionKey);\r\n const decoded = new TextDecoder().decode(decrypted.plaintext);\r\n return decoded;\r\n });\r\n\r\n const shcs = (await Promise.all(allFilesDecrypted)).flatMap((f) => JSON.parse(f)['verifiableCredential'] as string);\r\n const result: SHLinkConnectResponse = { shcs, state: base64url.encode(JSON.stringify(config))};\r\n\r\n return result;\r\n }\r\n}\r\n\r\nexport { flag, id, retrieve };\r\n", "export { compactDecrypt } from './jwe/compact/decrypt.js';\nexport { flattenedDecrypt } from './jwe/flattened/decrypt.js';\nexport { generalDecrypt } from './jwe/general/decrypt.js';\nexport { GeneralEncrypt } from './jwe/general/encrypt.js';\nexport { compactVerify } from './jws/compact/verify.js';\nexport { flattenedVerify } from './jws/flattened/verify.js';\nexport { generalVerify } from './jws/general/verify.js';\nexport { jwtVerify } from './jwt/verify.js';\nexport { jwtDecrypt } from './jwt/decrypt.js';\nexport { CompactEncrypt } from './jwe/compact/encrypt.js';\nexport { FlattenedEncrypt } from './jwe/flattened/encrypt.js';\nexport { CompactSign } from './jws/compact/sign.js';\nexport { FlattenedSign } from './jws/flattened/sign.js';\nexport { GeneralSign } from './jws/general/sign.js';\nexport { SignJWT } from './jwt/sign.js';\nexport { EncryptJWT } from './jwt/encrypt.js';\nexport { calculateJwkThumbprint } from './jwk/thumbprint.js';\nexport { EmbeddedJWK } from './jwk/embedded.js';\nexport { createLocalJWKSet } from './jwks/local.js';\nexport { createRemoteJWKSet } from './jwks/remote.js';\nexport { UnsecuredJWT } from './jwt/unsecured.js';\nexport { exportPKCS8, exportSPKI, exportJWK } from './key/export.js';\nexport { importSPKI, importPKCS8, importX509, importJWK } from './key/import.js';\nexport { decodeProtectedHeader } from './util/decode_protected_header.js';\nexport { decodeJwt } from './util/decode_jwt.js';\nimport * as errors_1 from './util/errors.js';\nexport { errors_1 as errors };\nexport { generateKeyPair } from './key/generate_key_pair.js';\nexport { generateSecret } from './key/generate_secret.js';\nimport * as base64url_1 from './util/base64url.js';\nexport { base64url_1 as base64url };\n", "import { flattenedDecrypt } from '../flattened/decrypt.js';\nimport { JWEInvalid } from '../../util/errors.js';\nimport { decoder } from '../../lib/buffer_utils.js';\nexport async function compactDecrypt(jwe, key, options) {\n if (jwe instanceof Uint8Array) {\n jwe = decoder.decode(jwe);\n }\n if (typeof jwe !== 'string') {\n throw new JWEInvalid('Compact JWE must be a string or Uint8Array');\n }\n const { 0: protectedHeader, 1: encryptedKey, 2: iv, 3: ciphertext, 4: tag, length, } = jwe.split('.');\n if (length !== 5) {\n throw new JWEInvalid('Invalid Compact JWE');\n }\n const decrypted = await flattenedDecrypt({\n ciphertext,\n iv: (iv || undefined),\n protected: protectedHeader || undefined,\n tag: (tag || undefined),\n encrypted_key: encryptedKey || undefined,\n }, key, options);\n const result = { plaintext: decrypted.plaintext, protectedHeader: decrypted.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: decrypted.key };\n }\n return result;\n}\n", "import { decode as base64url } from '../../runtime/base64url.js';\nimport decrypt from '../../runtime/decrypt.js';\nimport { inflate } from '../../runtime/zlib.js';\nimport { JOSEAlgNotAllowed, JOSENotSupported, JWEInvalid } from '../../util/errors.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport isObject from '../../lib/is_object.js';\nimport decryptKeyManagement from '../../lib/decrypt_key_management.js';\nimport { encoder, decoder, concat } from '../../lib/buffer_utils.js';\nimport generateCek from '../../lib/cek.js';\nimport validateCrit from '../../lib/validate_crit.js';\nimport validateAlgorithms from '../../lib/validate_algorithms.js';\nexport async function flattenedDecrypt(jwe, key, options) {\n var _a;\n if (!isObject(jwe)) {\n throw new JWEInvalid('Flattened JWE must be an object');\n }\n if (jwe.protected === undefined && jwe.header === undefined && jwe.unprotected === undefined) {\n throw new JWEInvalid('JOSE Header missing');\n }\n if (typeof jwe.iv !== 'string') {\n throw new JWEInvalid('JWE Initialization Vector missing or incorrect type');\n }\n if (typeof jwe.ciphertext !== 'string') {\n throw new JWEInvalid('JWE Ciphertext missing or incorrect type');\n }\n if (typeof jwe.tag !== 'string') {\n throw new JWEInvalid('JWE Authentication Tag missing or incorrect type');\n }\n if (jwe.protected !== undefined && typeof jwe.protected !== 'string') {\n throw new JWEInvalid('JWE Protected Header incorrect type');\n }\n if (jwe.encrypted_key !== undefined && typeof jwe.encrypted_key !== 'string') {\n throw new JWEInvalid('JWE Encrypted Key incorrect type');\n }\n if (jwe.aad !== undefined && typeof jwe.aad !== 'string') {\n throw new JWEInvalid('JWE AAD incorrect type');\n }\n if (jwe.header !== undefined && !isObject(jwe.header)) {\n throw new JWEInvalid('JWE Shared Unprotected Header incorrect type');\n }\n if (jwe.unprotected !== undefined && !isObject(jwe.unprotected)) {\n throw new JWEInvalid('JWE Per-Recipient Unprotected Header incorrect type');\n }\n let parsedProt;\n if (jwe.protected) {\n const protectedHeader = base64url(jwe.protected);\n try {\n parsedProt = JSON.parse(decoder.decode(protectedHeader));\n }\n catch (_b) {\n throw new JWEInvalid('JWE Protected Header is invalid');\n }\n }\n if (!isDisjoint(parsedProt, jwe.header, jwe.unprotected)) {\n throw new JWEInvalid('JWE Protected, JWE Unprotected Header, and JWE Per-Recipient Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...parsedProt,\n ...jwe.header,\n ...jwe.unprotected,\n };\n validateCrit(JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader);\n if (joseHeader.zip !== undefined) {\n if (!parsedProt || !parsedProt.zip) {\n throw new JWEInvalid('JWE \"zip\" (Compression Algorithm) Header MUST be integrity protected');\n }\n if (joseHeader.zip !== 'DEF') {\n throw new JOSENotSupported('Unsupported JWE \"zip\" (Compression Algorithm) Header Parameter value');\n }\n }\n const { alg, enc } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWEInvalid('missing JWE Algorithm (alg) in JWE Header');\n }\n if (typeof enc !== 'string' || !enc) {\n throw new JWEInvalid('missing JWE Encryption Algorithm (enc) in JWE Header');\n }\n const keyManagementAlgorithms = options && validateAlgorithms('keyManagementAlgorithms', options.keyManagementAlgorithms);\n const contentEncryptionAlgorithms = options &&\n validateAlgorithms('contentEncryptionAlgorithms', options.contentEncryptionAlgorithms);\n if (keyManagementAlgorithms && !keyManagementAlgorithms.has(alg)) {\n throw new JOSEAlgNotAllowed('\"alg\" (Algorithm) Header Parameter not allowed');\n }\n if (contentEncryptionAlgorithms && !contentEncryptionAlgorithms.has(enc)) {\n throw new JOSEAlgNotAllowed('\"enc\" (Encryption Algorithm) Header Parameter not allowed');\n }\n let encryptedKey;\n if (jwe.encrypted_key !== undefined) {\n encryptedKey = base64url(jwe.encrypted_key);\n }\n let resolvedKey = false;\n if (typeof key === 'function') {\n key = await key(parsedProt, jwe);\n resolvedKey = true;\n }\n let cek;\n try {\n cek = await decryptKeyManagement(alg, key, encryptedKey, joseHeader);\n }\n catch (err) {\n if (err instanceof TypeError) {\n throw err;\n }\n cek = generateCek(enc);\n }\n const iv = base64url(jwe.iv);\n const tag = base64url(jwe.tag);\n const protectedHeader = encoder.encode((_a = jwe.protected) !== null && _a !== void 0 ? _a : '');\n let additionalData;\n if (jwe.aad !== undefined) {\n additionalData = concat(protectedHeader, encoder.encode('.'), encoder.encode(jwe.aad));\n }\n else {\n additionalData = protectedHeader;\n }\n let plaintext = await decrypt(enc, cek, base64url(jwe.ciphertext), iv, tag, additionalData);\n if (joseHeader.zip === 'DEF') {\n plaintext = await ((options === null || options === void 0 ? void 0 : options.inflateRaw) || inflate)(plaintext);\n }\n const result = { plaintext };\n if (jwe.protected !== undefined) {\n result.protectedHeader = parsedProt;\n }\n if (jwe.aad !== undefined) {\n result.additionalAuthenticatedData = base64url(jwe.aad);\n }\n if (jwe.unprotected !== undefined) {\n result.sharedUnprotectedHeader = jwe.unprotected;\n }\n if (jwe.header !== undefined) {\n result.unprotectedHeader = jwe.header;\n }\n if (resolvedKey) {\n return { ...result, key };\n }\n return result;\n}\n", "import { encoder, decoder } from '../lib/buffer_utils.js';\nexport const encodeBase64 = (input) => {\n let unencoded = input;\n if (typeof unencoded === 'string') {\n unencoded = encoder.encode(unencoded);\n }\n const CHUNK_SIZE = 0x8000;\n const arr = [];\n for (let i = 0; i < unencoded.length; i += CHUNK_SIZE) {\n arr.push(String.fromCharCode.apply(null, unencoded.subarray(i, i + CHUNK_SIZE)));\n }\n return btoa(arr.join(''));\n};\nexport const encode = (input) => {\n return encodeBase64(input).replace(/=/g, '').replace(/\\+/g, '-').replace(/\\//g, '_');\n};\nexport const decodeBase64 = (encoded) => {\n return new Uint8Array(atob(encoded)\n .split('')\n .map((c) => c.charCodeAt(0)));\n};\nexport const decode = (input) => {\n let encoded = input;\n if (encoded instanceof Uint8Array) {\n encoded = decoder.decode(encoded);\n }\n encoded = encoded.replace(/-/g, '+').replace(/_/g, '/').replace(/\\s/g, '');\n try {\n return decodeBase64(encoded);\n }\n catch (_a) {\n throw new TypeError('The input to be decoded is not correctly encoded.');\n }\n};\n", "import digest from '../runtime/digest.js';\nexport const encoder = new TextEncoder();\nexport const decoder = new TextDecoder();\nconst MAX_INT32 = 2 ** 32;\nexport function concat(...buffers) {\n const size = buffers.reduce((acc, { length }) => acc + length, 0);\n const buf = new Uint8Array(size);\n let i = 0;\n buffers.forEach((buffer) => {\n buf.set(buffer, i);\n i += buffer.length;\n });\n return buf;\n}\nexport function p2s(alg, p2sInput) {\n return concat(encoder.encode(alg), new Uint8Array([0]), p2sInput);\n}\nfunction writeUInt32BE(buf, value, offset) {\n if (value < 0 || value >= MAX_INT32) {\n throw new RangeError(`value must be >= 0 and <= ${MAX_INT32 - 1}. Received ${value}`);\n }\n buf.set([value >>> 24, value >>> 16, value >>> 8, value & 0xff], offset);\n}\nexport function uint64be(value) {\n const high = Math.floor(value / MAX_INT32);\n const low = value % MAX_INT32;\n const buf = new Uint8Array(8);\n writeUInt32BE(buf, high, 0);\n writeUInt32BE(buf, low, 4);\n return buf;\n}\nexport function uint32be(value) {\n const buf = new Uint8Array(4);\n writeUInt32BE(buf, value);\n return buf;\n}\nexport function lengthAndInput(input) {\n return concat(uint32be(input.length), input);\n}\nexport async function concatKdf(secret, bits, value) {\n const iterations = Math.ceil((bits >> 3) / 32);\n let res;\n for (let iter = 1; iter <= iterations; iter++) {\n const buf = new Uint8Array(4 + secret.length + value.length);\n buf.set(uint32be(iter));\n buf.set(secret, 4);\n buf.set(value, 4 + secret.length);\n if (!res) {\n res = await digest('sha256', buf);\n }\n else {\n res = concat(res, await digest('sha256', buf));\n }\n }\n res = res.slice(0, bits >> 3);\n return res;\n}\n", "import crypto from './webcrypto.js';\nconst digest = async (algorithm, data) => {\n const subtleDigest = `SHA-${algorithm.slice(-3)}`;\n return new Uint8Array(await crypto.subtle.digest(subtleDigest, data));\n};\nexport default digest;\n", "export default crypto;\nexport function isCryptoKey(key) {\n try {\n return (key != null &&\n typeof key.extractable === 'boolean' &&\n typeof key.algorithm.name === 'string' &&\n typeof key.type === 'string');\n }\n catch (_a) {\n return false;\n }\n}\n", "import { concat, uint64be } from '../lib/buffer_utils.js';\nimport checkIvLength from '../lib/check_iv_length.js';\nimport checkCekLength from './check_cek_length.js';\nimport timingSafeEqual from './timing_safe_equal.js';\nimport { JOSENotSupported, JWEDecryptionFailed } from '../util/errors.js';\nimport crypto, { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nasync function cbcDecrypt(enc, cek, ciphertext, iv, tag, aad) {\n if (!(cek instanceof Uint8Array)) {\n throw new TypeError(invalidKeyInput(cek, 'Uint8Array'));\n }\n const keySize = parseInt(enc.slice(1, 4), 10);\n const encKey = await crypto.subtle.importKey('raw', cek.subarray(keySize >> 3), 'AES-CBC', false, ['decrypt']);\n const macKey = await crypto.subtle.importKey('raw', cek.subarray(0, keySize >> 3), {\n hash: `SHA-${keySize << 1}`,\n name: 'HMAC',\n }, false, ['sign']);\n const macData = concat(aad, iv, ciphertext, uint64be(aad.length << 3));\n const expectedTag = new Uint8Array((await crypto.subtle.sign('HMAC', macKey, macData)).slice(0, keySize >> 3));\n let macCheckPassed;\n try {\n macCheckPassed = timingSafeEqual(tag, expectedTag);\n }\n catch (_a) {\n }\n if (!macCheckPassed) {\n throw new JWEDecryptionFailed();\n }\n let plaintext;\n try {\n plaintext = new Uint8Array(await crypto.subtle.decrypt({ iv, name: 'AES-CBC' }, encKey, ciphertext));\n }\n catch (_b) {\n }\n if (!plaintext) {\n throw new JWEDecryptionFailed();\n }\n return plaintext;\n}\nasync function gcmDecrypt(enc, cek, ciphertext, iv, tag, aad) {\n let encKey;\n if (cek instanceof Uint8Array) {\n encKey = await crypto.subtle.importKey('raw', cek, 'AES-GCM', false, ['decrypt']);\n }\n else {\n checkEncCryptoKey(cek, enc, 'decrypt');\n encKey = cek;\n }\n try {\n return new Uint8Array(await crypto.subtle.decrypt({\n additionalData: aad,\n iv,\n name: 'AES-GCM',\n tagLength: 128,\n }, encKey, concat(ciphertext, tag)));\n }\n catch (_a) {\n throw new JWEDecryptionFailed();\n }\n}\nconst decrypt = async (enc, cek, ciphertext, iv, tag, aad) => {\n if (!isCryptoKey(cek) && !(cek instanceof Uint8Array)) {\n throw new TypeError(invalidKeyInput(cek, ...types, 'Uint8Array'));\n }\n checkIvLength(enc, iv);\n switch (enc) {\n case 'A128CBC-HS256':\n case 'A192CBC-HS384':\n case 'A256CBC-HS512':\n if (cek instanceof Uint8Array)\n checkCekLength(cek, parseInt(enc.slice(-3), 10));\n return cbcDecrypt(enc, cek, ciphertext, iv, tag, aad);\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM':\n if (cek instanceof Uint8Array)\n checkCekLength(cek, parseInt(enc.slice(1, 4), 10));\n return gcmDecrypt(enc, cek, ciphertext, iv, tag, aad);\n default:\n throw new JOSENotSupported('Unsupported JWE Content Encryption Algorithm');\n }\n};\nexport default decrypt;\n", "import { JWEInvalid } from '../util/errors.js';\nimport { bitLength } from './iv.js';\nconst checkIvLength = (enc, iv) => {\n if (iv.length << 3 !== bitLength(enc)) {\n throw new JWEInvalid('Invalid Initialization Vector length');\n }\n};\nexport default checkIvLength;\n", "export class JOSEError extends Error {\n constructor(message) {\n var _a;\n super(message);\n this.code = 'ERR_JOSE_GENERIC';\n this.name = this.constructor.name;\n (_a = Error.captureStackTrace) === null || _a === void 0 ? void 0 : _a.call(Error, this, this.constructor);\n }\n static get code() {\n return 'ERR_JOSE_GENERIC';\n }\n}\nexport class JWTClaimValidationFailed extends JOSEError {\n constructor(message, claim = 'unspecified', reason = 'unspecified') {\n super(message);\n this.code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';\n this.claim = claim;\n this.reason = reason;\n }\n static get code() {\n return 'ERR_JWT_CLAIM_VALIDATION_FAILED';\n }\n}\nexport class JWTExpired extends JOSEError {\n constructor(message, claim = 'unspecified', reason = 'unspecified') {\n super(message);\n this.code = 'ERR_JWT_EXPIRED';\n this.claim = claim;\n this.reason = reason;\n }\n static get code() {\n return 'ERR_JWT_EXPIRED';\n }\n}\nexport class JOSEAlgNotAllowed extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JOSE_ALG_NOT_ALLOWED';\n }\n static get code() {\n return 'ERR_JOSE_ALG_NOT_ALLOWED';\n }\n}\nexport class JOSENotSupported extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JOSE_NOT_SUPPORTED';\n }\n static get code() {\n return 'ERR_JOSE_NOT_SUPPORTED';\n }\n}\nexport class JWEDecryptionFailed extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWE_DECRYPTION_FAILED';\n this.message = 'decryption operation failed';\n }\n static get code() {\n return 'ERR_JWE_DECRYPTION_FAILED';\n }\n}\nexport class JWEInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWE_INVALID';\n }\n static get code() {\n return 'ERR_JWE_INVALID';\n }\n}\nexport class JWSInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWS_INVALID';\n }\n static get code() {\n return 'ERR_JWS_INVALID';\n }\n}\nexport class JWTInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWT_INVALID';\n }\n static get code() {\n return 'ERR_JWT_INVALID';\n }\n}\nexport class JWKInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWK_INVALID';\n }\n static get code() {\n return 'ERR_JWK_INVALID';\n }\n}\nexport class JWKSInvalid extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWKS_INVALID';\n }\n static get code() {\n return 'ERR_JWKS_INVALID';\n }\n}\nexport class JWKSNoMatchingKey extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWKS_NO_MATCHING_KEY';\n this.message = 'no applicable key found in the JSON Web Key Set';\n }\n static get code() {\n return 'ERR_JWKS_NO_MATCHING_KEY';\n }\n}\nexport class JWKSMultipleMatchingKeys extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';\n this.message = 'multiple matching keys found in the JSON Web Key Set';\n }\n static get code() {\n return 'ERR_JWKS_MULTIPLE_MATCHING_KEYS';\n }\n}\nexport class JWKSTimeout extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWKS_TIMEOUT';\n this.message = 'request timed out';\n }\n static get code() {\n return 'ERR_JWKS_TIMEOUT';\n }\n}\nexport class JWSSignatureVerificationFailed extends JOSEError {\n constructor() {\n super(...arguments);\n this.code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';\n this.message = 'signature verification failed';\n }\n static get code() {\n return 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';\n }\n}\n", "import { JOSENotSupported } from '../util/errors.js';\nimport random from '../runtime/random.js';\nexport function bitLength(alg) {\n switch (alg) {\n case 'A128GCM':\n case 'A128GCMKW':\n case 'A192GCM':\n case 'A192GCMKW':\n case 'A256GCM':\n case 'A256GCMKW':\n return 96;\n case 'A128CBC-HS256':\n case 'A192CBC-HS384':\n case 'A256CBC-HS512':\n return 128;\n default:\n throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`);\n }\n}\nexport default (alg) => random(new Uint8Array(bitLength(alg) >> 3));\n", "import crypto from './webcrypto.js';\nexport default crypto.getRandomValues.bind(crypto);\n", "import { JWEInvalid } from '../util/errors.js';\nconst checkCekLength = (cek, expected) => {\n if (cek.length << 3 !== expected) {\n throw new JWEInvalid('Invalid Content Encryption Key length');\n }\n};\nexport default checkCekLength;\n", "const timingSafeEqual = (a, b) => {\n if (!(a instanceof Uint8Array)) {\n throw new TypeError('First argument must be a buffer');\n }\n if (!(b instanceof Uint8Array)) {\n throw new TypeError('Second argument must be a buffer');\n }\n if (a.length !== b.length) {\n throw new TypeError('Input buffers must have the same length');\n }\n const len = a.length;\n let out = 0;\n let i = -1;\n while (++i < len) {\n out |= a[i] ^ b[i];\n }\n return out === 0;\n};\nexport default timingSafeEqual;\n", "import { isCloudflareWorkers, isNodeJs } from '../runtime/env.js';\nfunction unusable(name, prop = 'algorithm.name') {\n return new TypeError(`CryptoKey does not support this operation, its ${prop} must be ${name}`);\n}\nfunction isAlgorithm(algorithm, name) {\n return algorithm.name === name;\n}\nfunction getHashLength(hash) {\n return parseInt(hash.name.slice(4), 10);\n}\nfunction getNamedCurve(alg) {\n switch (alg) {\n case 'ES256':\n return 'P-256';\n case 'ES384':\n return 'P-384';\n case 'ES512':\n return 'P-521';\n default:\n throw new Error('unreachable');\n }\n}\nfunction checkUsage(key, usages) {\n if (usages.length && !usages.some((expected) => key.usages.includes(expected))) {\n let msg = 'CryptoKey does not support this operation, its usages must include ';\n if (usages.length > 2) {\n const last = usages.pop();\n msg += `one of ${usages.join(', ')}, or ${last}.`;\n }\n else if (usages.length === 2) {\n msg += `one of ${usages[0]} or ${usages[1]}.`;\n }\n else {\n msg += `${usages[0]}.`;\n }\n throw new TypeError(msg);\n }\n}\nexport function checkSigCryptoKey(key, alg, ...usages) {\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512': {\n if (!isAlgorithm(key.algorithm, 'HMAC'))\n throw unusable('HMAC');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'RS256':\n case 'RS384':\n case 'RS512': {\n if (!isAlgorithm(key.algorithm, 'RSASSA-PKCS1-v1_5'))\n throw unusable('RSASSA-PKCS1-v1_5');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case 'PS256':\n case 'PS384':\n case 'PS512': {\n if (!isAlgorithm(key.algorithm, 'RSA-PSS'))\n throw unusable('RSA-PSS');\n const expected = parseInt(alg.slice(2), 10);\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n case isNodeJs() && 'EdDSA': {\n if (key.algorithm.name !== 'NODE-ED25519' && key.algorithm.name !== 'NODE-ED448')\n throw unusable('NODE-ED25519 or NODE-ED448');\n break;\n }\n case isCloudflareWorkers() && 'EdDSA': {\n if (!isAlgorithm(key.algorithm, 'NODE-ED25519'))\n throw unusable('NODE-ED25519');\n break;\n }\n case 'ES256':\n case 'ES384':\n case 'ES512': {\n if (!isAlgorithm(key.algorithm, 'ECDSA'))\n throw unusable('ECDSA');\n const expected = getNamedCurve(alg);\n const actual = key.algorithm.namedCurve;\n if (actual !== expected)\n throw unusable(expected, 'algorithm.namedCurve');\n break;\n }\n default:\n throw new TypeError('CryptoKey does not support this operation');\n }\n checkUsage(key, usages);\n}\nexport function checkEncCryptoKey(key, alg, ...usages) {\n switch (alg) {\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM': {\n if (!isAlgorithm(key.algorithm, 'AES-GCM'))\n throw unusable('AES-GCM');\n const expected = parseInt(alg.slice(1, 4), 10);\n const actual = key.algorithm.length;\n if (actual !== expected)\n throw unusable(expected, 'algorithm.length');\n break;\n }\n case 'A128KW':\n case 'A192KW':\n case 'A256KW': {\n if (!isAlgorithm(key.algorithm, 'AES-KW'))\n throw unusable('AES-KW');\n const expected = parseInt(alg.slice(1, 4), 10);\n const actual = key.algorithm.length;\n if (actual !== expected)\n throw unusable(expected, 'algorithm.length');\n break;\n }\n case 'ECDH':\n if (!isAlgorithm(key.algorithm, 'ECDH'))\n throw unusable('ECDH');\n break;\n case 'PBES2-HS256+A128KW':\n case 'PBES2-HS384+A192KW':\n case 'PBES2-HS512+A256KW':\n if (!isAlgorithm(key.algorithm, 'PBKDF2'))\n throw unusable('PBKDF2');\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512': {\n if (!isAlgorithm(key.algorithm, 'RSA-OAEP'))\n throw unusable('RSA-OAEP');\n const expected = parseInt(alg.slice(9), 10) || 1;\n const actual = getHashLength(key.algorithm.hash);\n if (actual !== expected)\n throw unusable(`SHA-${expected}`, 'algorithm.hash');\n break;\n }\n default:\n throw new TypeError('CryptoKey does not support this operation');\n }\n checkUsage(key, usages);\n}\n", "export function isCloudflareWorkers() {\n return typeof WebSocketPair === 'function';\n}\nexport function isNodeJs() {\n try {\n return process.versions.node !== undefined;\n }\n catch (_a) {\n return false;\n }\n}\n", "export default (actual, ...types) => {\n let msg = 'Key must be ';\n if (types.length > 2) {\n const last = types.pop();\n msg += `one of type ${types.join(', ')}, or ${last}.`;\n }\n else if (types.length === 2) {\n msg += `one of type ${types[0]} or ${types[1]}.`;\n }\n else {\n msg += `of type ${types[0]}.`;\n }\n if (actual == null) {\n msg += ` Received ${actual}`;\n }\n else if (typeof actual === 'function' && actual.name) {\n msg += ` Received function ${actual.name}`;\n }\n else if (typeof actual === 'object' && actual != null) {\n if (actual.constructor && actual.constructor.name) {\n msg += ` Received an instance of ${actual.constructor.name}`;\n }\n }\n return msg;\n};\n", "import { isCryptoKey } from './webcrypto.js';\nexport default (key) => {\n return isCryptoKey(key);\n};\nexport const types = ['CryptoKey'];\n", "import { JOSENotSupported } from '../util/errors.js';\nexport const inflate = async () => {\n throw new JOSENotSupported('JWE \"zip\" (Compression Algorithm) Header Parameter is not supported by your javascript runtime. You need to use the `inflateRaw` decrypt option to provide Inflate Raw implementation.');\n};\nexport const deflate = async () => {\n throw new JOSENotSupported('JWE \"zip\" (Compression Algorithm) Header Parameter is not supported by your javascript runtime. You need to use the `deflateRaw` encrypt option to provide Deflate Raw implementation.');\n};\n", "const isDisjoint = (...headers) => {\n const sources = headers.filter(Boolean);\n if (sources.length === 0 || sources.length === 1) {\n return true;\n }\n let acc;\n for (const header of sources) {\n const parameters = Object.keys(header);\n if (!acc || acc.size === 0) {\n acc = new Set(parameters);\n continue;\n }\n for (const parameter of parameters) {\n if (acc.has(parameter)) {\n return false;\n }\n acc.add(parameter);\n }\n }\n return true;\n};\nexport default isDisjoint;\n", "function isObjectLike(value) {\n return typeof value === 'object' && value !== null;\n}\nexport default function isObject(input) {\n if (!isObjectLike(input) || Object.prototype.toString.call(input) !== '[object Object]') {\n return false;\n }\n if (Object.getPrototypeOf(input) === null) {\n return true;\n }\n let proto = input;\n while (Object.getPrototypeOf(proto) !== null) {\n proto = Object.getPrototypeOf(proto);\n }\n return Object.getPrototypeOf(input) === proto;\n}\n", "import { unwrap as aesKw } from '../runtime/aeskw.js';\nimport * as ECDH from '../runtime/ecdhes.js';\nimport { decrypt as pbes2Kw } from '../runtime/pbes2kw.js';\nimport { decrypt as rsaEs } from '../runtime/rsaes.js';\nimport { decode as base64url } from '../runtime/base64url.js';\nimport { JOSENotSupported, JWEInvalid } from '../util/errors.js';\nimport { bitLength as cekLength } from '../lib/cek.js';\nimport { importJWK } from '../key/import.js';\nimport checkKeyType from './check_key_type.js';\nimport isObject from './is_object.js';\nimport { unwrap as aesGcmKw } from './aesgcmkw.js';\nasync function decryptKeyManagement(alg, key, encryptedKey, joseHeader) {\n checkKeyType(alg, key, 'decrypt');\n switch (alg) {\n case 'dir': {\n if (encryptedKey !== undefined)\n throw new JWEInvalid('Encountered unexpected JWE Encrypted Key');\n return key;\n }\n case 'ECDH-ES':\n if (encryptedKey !== undefined)\n throw new JWEInvalid('Encountered unexpected JWE Encrypted Key');\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW': {\n if (!isObject(joseHeader.epk))\n throw new JWEInvalid(`JOSE Header \"epk\" (Ephemeral Public Key) missing or invalid`);\n if (!ECDH.ecdhAllowed(key))\n throw new JOSENotSupported('ECDH with the provided key is not allowed or not supported by your javascript runtime');\n const epk = await importJWK(joseHeader.epk, alg);\n let partyUInfo;\n let partyVInfo;\n if (joseHeader.apu !== undefined) {\n if (typeof joseHeader.apu !== 'string')\n throw new JWEInvalid(`JOSE Header \"apu\" (Agreement PartyUInfo) invalid`);\n partyUInfo = base64url(joseHeader.apu);\n }\n if (joseHeader.apv !== undefined) {\n if (typeof joseHeader.apv !== 'string')\n throw new JWEInvalid(`JOSE Header \"apv\" (Agreement PartyVInfo) invalid`);\n partyVInfo = base64url(joseHeader.apv);\n }\n const sharedSecret = await ECDH.deriveKey(epk, key, alg === 'ECDH-ES' ? joseHeader.enc : alg, alg === 'ECDH-ES' ? cekLength(joseHeader.enc) : parseInt(alg.slice(-5, -2), 10), partyUInfo, partyVInfo);\n if (alg === 'ECDH-ES')\n return sharedSecret;\n if (encryptedKey === undefined)\n throw new JWEInvalid('JWE Encrypted Key missing');\n return aesKw(alg.slice(-6), sharedSecret, encryptedKey);\n }\n case 'RSA1_5':\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512': {\n if (encryptedKey === undefined)\n throw new JWEInvalid('JWE Encrypted Key missing');\n return rsaEs(alg, key, encryptedKey);\n }\n case 'PBES2-HS256+A128KW':\n case 'PBES2-HS384+A192KW':\n case 'PBES2-HS512+A256KW': {\n if (encryptedKey === undefined)\n throw new JWEInvalid('JWE Encrypted Key missing');\n if (typeof joseHeader.p2c !== 'number')\n throw new JWEInvalid(`JOSE Header \"p2c\" (PBES2 Count) missing or invalid`);\n if (typeof joseHeader.p2s !== 'string')\n throw new JWEInvalid(`JOSE Header \"p2s\" (PBES2 Salt) missing or invalid`);\n return pbes2Kw(alg, key, encryptedKey, joseHeader.p2c, base64url(joseHeader.p2s));\n }\n case 'A128KW':\n case 'A192KW':\n case 'A256KW': {\n if (encryptedKey === undefined)\n throw new JWEInvalid('JWE Encrypted Key missing');\n return aesKw(alg, key, encryptedKey);\n }\n case 'A128GCMKW':\n case 'A192GCMKW':\n case 'A256GCMKW': {\n if (encryptedKey === undefined)\n throw new JWEInvalid('JWE Encrypted Key missing');\n if (typeof joseHeader.iv !== 'string')\n throw new JWEInvalid(`JOSE Header \"iv\" (Initialization Vector) missing or invalid`);\n if (typeof joseHeader.tag !== 'string')\n throw new JWEInvalid(`JOSE Header \"tag\" (Authentication Tag) missing or invalid`);\n const iv = base64url(joseHeader.iv);\n const tag = base64url(joseHeader.tag);\n return aesGcmKw(alg, key, encryptedKey, iv, tag);\n }\n default: {\n throw new JOSENotSupported('Invalid or unsupported \"alg\" (JWE Algorithm) header value');\n }\n }\n}\nexport default decryptKeyManagement;\n", "import bogusWebCrypto from './bogus.js';\nimport crypto, { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nfunction checkKeySize(key, alg) {\n if (key.algorithm.length !== parseInt(alg.slice(1, 4), 10)) {\n throw new TypeError(`Invalid key size for alg: ${alg}`);\n }\n}\nfunction getCryptoKey(key, alg, usage) {\n if (isCryptoKey(key)) {\n checkEncCryptoKey(key, alg, usage);\n return key;\n }\n if (key instanceof Uint8Array) {\n return crypto.subtle.importKey('raw', key, 'AES-KW', true, [usage]);\n }\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n}\nexport const wrap = async (alg, key, cek) => {\n const cryptoKey = await getCryptoKey(key, alg, 'wrapKey');\n checkKeySize(cryptoKey, alg);\n const cryptoKeyCek = await crypto.subtle.importKey('raw', cek, ...bogusWebCrypto);\n return new Uint8Array(await crypto.subtle.wrapKey('raw', cryptoKeyCek, cryptoKey, 'AES-KW'));\n};\nexport const unwrap = async (alg, key, encryptedKey) => {\n const cryptoKey = await getCryptoKey(key, alg, 'unwrapKey');\n checkKeySize(cryptoKey, alg);\n const cryptoKeyCek = await crypto.subtle.unwrapKey('raw', encryptedKey, cryptoKey, 'AES-KW', ...bogusWebCrypto);\n return new Uint8Array(await crypto.subtle.exportKey('raw', cryptoKeyCek));\n};\n", "const bogusWebCrypto = [\n { hash: 'SHA-256', name: 'HMAC' },\n true,\n ['sign'],\n];\nexport default bogusWebCrypto;\n", "import { encoder, concat, uint32be, lengthAndInput, concatKdf } from '../lib/buffer_utils.js';\nimport crypto, { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nexport async function deriveKey(publicKey, privateKey, algorithm, keyLength, apu = new Uint8Array(0), apv = new Uint8Array(0)) {\n if (!isCryptoKey(publicKey)) {\n throw new TypeError(invalidKeyInput(publicKey, ...types));\n }\n checkEncCryptoKey(publicKey, 'ECDH');\n if (!isCryptoKey(privateKey)) {\n throw new TypeError(invalidKeyInput(privateKey, ...types));\n }\n checkEncCryptoKey(privateKey, 'ECDH', 'deriveBits');\n const value = concat(lengthAndInput(encoder.encode(algorithm)), lengthAndInput(apu), lengthAndInput(apv), uint32be(keyLength));\n const sharedSecret = new Uint8Array(await crypto.subtle.deriveBits({\n name: 'ECDH',\n public: publicKey,\n }, privateKey, Math.ceil(parseInt(privateKey.algorithm.namedCurve.slice(-3), 10) / 8) << 3));\n return concatKdf(sharedSecret, keyLength, value);\n}\nexport async function generateEpk(key) {\n if (!isCryptoKey(key)) {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n return crypto.subtle.generateKey(key.algorithm, true, ['deriveBits']);\n}\nexport function ecdhAllowed(key) {\n if (!isCryptoKey(key)) {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n return ['P-256', 'P-384', 'P-521'].includes(key.algorithm.namedCurve);\n}\n", "import random from './random.js';\nimport { p2s as concatSalt } from '../lib/buffer_utils.js';\nimport { encode as base64url } from './base64url.js';\nimport { wrap, unwrap } from './aeskw.js';\nimport checkP2s from '../lib/check_p2s.js';\nimport crypto, { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nfunction getCryptoKey(key, alg) {\n if (key instanceof Uint8Array) {\n return crypto.subtle.importKey('raw', key, 'PBKDF2', false, ['deriveBits']);\n }\n if (isCryptoKey(key)) {\n checkEncCryptoKey(key, alg, 'deriveBits', 'deriveKey');\n return key;\n }\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n}\nasync function deriveKey(p2s, alg, p2c, key) {\n checkP2s(p2s);\n const salt = concatSalt(alg, p2s);\n const keylen = parseInt(alg.slice(13, 16), 10);\n const subtleAlg = {\n hash: `SHA-${alg.slice(8, 11)}`,\n iterations: p2c,\n name: 'PBKDF2',\n salt,\n };\n const wrapAlg = {\n length: keylen,\n name: 'AES-KW',\n };\n const cryptoKey = await getCryptoKey(key, alg);\n if (cryptoKey.usages.includes('deriveBits')) {\n return new Uint8Array(await crypto.subtle.deriveBits(subtleAlg, cryptoKey, keylen));\n }\n if (cryptoKey.usages.includes('deriveKey')) {\n return crypto.subtle.deriveKey(subtleAlg, cryptoKey, wrapAlg, false, ['wrapKey', 'unwrapKey']);\n }\n throw new TypeError('PBKDF2 key \"usages\" must include \"deriveBits\" or \"deriveKey\"');\n}\nexport const encrypt = async (alg, key, cek, p2c = 2048, p2s = random(new Uint8Array(16))) => {\n const derived = await deriveKey(p2s, alg, p2c, key);\n const encryptedKey = await wrap(alg.slice(-6), derived, cek);\n return { encryptedKey, p2c, p2s: base64url(p2s) };\n};\nexport const decrypt = async (alg, key, encryptedKey, p2c, p2s) => {\n const derived = await deriveKey(p2s, alg, p2c, key);\n return unwrap(alg.slice(-6), derived, encryptedKey);\n};\n", "import { JWEInvalid } from '../util/errors.js';\nexport default function checkP2s(p2s) {\n if (!(p2s instanceof Uint8Array) || p2s.length < 8) {\n throw new JWEInvalid('PBES2 Salt Input must be 8 or more octets');\n }\n}\n", "import subtleAlgorithm from './subtle_rsaes.js';\nimport bogusWebCrypto from './bogus.js';\nimport crypto, { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport checkKeyLength from './check_key_length.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nexport const encrypt = async (alg, key, cek) => {\n if (!isCryptoKey(key)) {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n checkEncCryptoKey(key, alg, 'encrypt', 'wrapKey');\n checkKeyLength(alg, key);\n if (key.usages.includes('encrypt')) {\n return new Uint8Array(await crypto.subtle.encrypt(subtleAlgorithm(alg), key, cek));\n }\n if (key.usages.includes('wrapKey')) {\n const cryptoKeyCek = await crypto.subtle.importKey('raw', cek, ...bogusWebCrypto);\n return new Uint8Array(await crypto.subtle.wrapKey('raw', cryptoKeyCek, key, subtleAlgorithm(alg)));\n }\n throw new TypeError('RSA-OAEP key \"usages\" must include \"encrypt\" or \"wrapKey\" for this operation');\n};\nexport const decrypt = async (alg, key, encryptedKey) => {\n if (!isCryptoKey(key)) {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n checkEncCryptoKey(key, alg, 'decrypt', 'unwrapKey');\n checkKeyLength(alg, key);\n if (key.usages.includes('decrypt')) {\n return new Uint8Array(await crypto.subtle.decrypt(subtleAlgorithm(alg), key, encryptedKey));\n }\n if (key.usages.includes('unwrapKey')) {\n const cryptoKeyCek = await crypto.subtle.unwrapKey('raw', encryptedKey, key, subtleAlgorithm(alg), ...bogusWebCrypto);\n return new Uint8Array(await crypto.subtle.exportKey('raw', cryptoKeyCek));\n }\n throw new TypeError('RSA-OAEP key \"usages\" must include \"decrypt\" or \"unwrapKey\" for this operation');\n};\n", "import { JOSENotSupported } from '../util/errors.js';\nexport default function subtleRsaEs(alg) {\n switch (alg) {\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n return 'RSA-OAEP';\n default:\n throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);\n }\n}\n", "export default (alg, key) => {\n if (alg.startsWith('RS') || alg.startsWith('PS')) {\n const { modulusLength } = key.algorithm;\n if (typeof modulusLength !== 'number' || modulusLength < 2048) {\n throw new TypeError(`${alg} requires key modulusLength to be 2048 bits or larger`);\n }\n }\n};\n", "import { JOSENotSupported } from '../util/errors.js';\nimport random from '../runtime/random.js';\nexport function bitLength(alg) {\n switch (alg) {\n case 'A128GCM':\n return 128;\n case 'A192GCM':\n return 192;\n case 'A256GCM':\n case 'A128CBC-HS256':\n return 256;\n case 'A192CBC-HS384':\n return 384;\n case 'A256CBC-HS512':\n return 512;\n default:\n throw new JOSENotSupported(`Unsupported JWE Algorithm: ${alg}`);\n }\n}\nexport default (alg) => random(new Uint8Array(bitLength(alg) >> 3));\n", "import { decode as decodeBase64URL, encodeBase64, decodeBase64 } from '../runtime/base64url.js';\nimport { fromSPKI as importPublic } from '../runtime/asn1.js';\nimport { fromPKCS8 as importPrivate } from '../runtime/asn1.js';\nimport asKeyObject from '../runtime/jwk_to_key.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport formatPEM from '../lib/format_pem.js';\nimport isObject from '../lib/is_object.js';\nfunction getElement(seq) {\n let result = [];\n let next = 0;\n while (next < seq.length) {\n let nextPart = parseElement(seq.subarray(next));\n result.push(nextPart);\n next += nextPart.byteLength;\n }\n return result;\n}\nfunction parseElement(bytes) {\n let position = 0;\n let tag = bytes[0] & 0x1f;\n position++;\n if (tag === 0x1f) {\n tag = 0;\n while (bytes[position] >= 0x80) {\n tag = tag * 128 + bytes[position] - 0x80;\n position++;\n }\n tag = tag * 128 + bytes[position] - 0x80;\n position++;\n }\n let length = 0;\n if (bytes[position] < 0x80) {\n length = bytes[position];\n position++;\n }\n else {\n let numberOfDigits = bytes[position] & 0x7f;\n position++;\n length = 0;\n for (let i = 0; i < numberOfDigits; i++) {\n length = length * 256 + bytes[position];\n position++;\n }\n }\n if (length === 0x80) {\n length = 0;\n while (bytes[position + length] !== 0 || bytes[position + length + 1] !== 0) {\n length++;\n }\n const byteLength = position + length + 2;\n return {\n byteLength,\n contents: bytes.subarray(position, position + length),\n raw: bytes.subarray(0, byteLength),\n };\n }\n const byteLength = position + length;\n return {\n byteLength,\n contents: bytes.subarray(position, byteLength),\n raw: bytes.subarray(0, byteLength),\n };\n}\nfunction spkiFromX509(buf) {\n const tbsCertificate = getElement(getElement(parseElement(buf).contents)[0].contents);\n return encodeBase64(tbsCertificate[tbsCertificate[0].raw[0] === 0xa0 ? 6 : 5].raw);\n}\nfunction getSPKI(x509) {\n const pem = x509.replace(/(?:-----(?:BEGIN|END) CERTIFICATE-----|\\s)/g, '');\n const raw = decodeBase64(pem);\n return formatPEM(spkiFromX509(raw), 'PUBLIC KEY');\n}\nexport async function importSPKI(spki, alg, options) {\n if (typeof spki !== 'string' || spki.indexOf('-----BEGIN PUBLIC KEY-----') !== 0) {\n throw new TypeError('\"spki\" must be SPKI formatted string');\n }\n return importPublic(spki, alg, options);\n}\nexport async function importX509(x509, alg, options) {\n if (typeof x509 !== 'string' || x509.indexOf('-----BEGIN CERTIFICATE-----') !== 0) {\n throw new TypeError('\"x509\" must be X.509 formatted string');\n }\n const spki = getSPKI(x509);\n return importPublic(spki, alg, options);\n}\nexport async function importPKCS8(pkcs8, alg, options) {\n if (typeof pkcs8 !== 'string' || pkcs8.indexOf('-----BEGIN PRIVATE KEY-----') !== 0) {\n throw new TypeError('\"pkcs8\" must be PCKS8 formatted string');\n }\n return importPrivate(pkcs8, alg, options);\n}\nexport async function importJWK(jwk, alg, octAsKeyObject) {\n if (!isObject(jwk)) {\n throw new TypeError('JWK must be an object');\n }\n alg || (alg = jwk.alg);\n if (typeof alg !== 'string' || !alg) {\n throw new TypeError('\"alg\" argument is required when \"jwk.alg\" is not present');\n }\n switch (jwk.kty) {\n case 'oct':\n if (typeof jwk.k !== 'string' || !jwk.k) {\n throw new TypeError('missing \"k\" (Key Value) Parameter value');\n }\n octAsKeyObject !== null && octAsKeyObject !== void 0 ? octAsKeyObject : (octAsKeyObject = jwk.ext !== true);\n if (octAsKeyObject) {\n return asKeyObject({ ...jwk, alg, ext: false });\n }\n return decodeBase64URL(jwk.k);\n case 'RSA':\n if (jwk.oth !== undefined) {\n throw new JOSENotSupported('RSA JWK \"oth\" (Other Primes Info) Parameter value is not supported');\n }\n case 'EC':\n case 'OKP':\n return asKeyObject({ ...jwk, alg });\n default:\n throw new JOSENotSupported('Unsupported \"kty\" (Key Type) Parameter value');\n }\n}\n", "import { isCloudflareWorkers, isNodeJs } from './env.js';\nimport crypto, { isCryptoKey } from './webcrypto.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { encodeBase64 } from './base64url.js';\nimport formatPEM from '../lib/format_pem.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport { types } from './is_key_like.js';\nconst genericExport = async (keyType, keyFormat, key) => {\n if (!isCryptoKey(key)) {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n if (!key.extractable) {\n throw new TypeError('CryptoKey is not extractable');\n }\n if (key.type !== keyType) {\n throw new TypeError(`key is not a ${keyType} key`);\n }\n return formatPEM(encodeBase64(new Uint8Array(await crypto.subtle.exportKey(keyFormat, key))), `${keyType.toUpperCase()} KEY`);\n};\nexport const toSPKI = (key) => {\n return genericExport('public', 'spki', key);\n};\nexport const toPKCS8 = (key) => {\n return genericExport('private', 'pkcs8', key);\n};\nconst findOid = (keyData, oid, from = 0) => {\n if (from === 0) {\n oid.unshift(oid.length);\n oid.unshift(0x06);\n }\n let i = keyData.indexOf(oid[0], from);\n if (i === -1)\n return false;\n const sub = keyData.subarray(i, i + oid.length);\n if (sub.length !== oid.length)\n return false;\n return sub.every((value, index) => value === oid[index]) || findOid(keyData, oid, i + 1);\n};\nconst getNamedCurve = (keyData) => {\n switch (true) {\n case findOid(keyData, [0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07]):\n return 'P-256';\n case findOid(keyData, [0x2b, 0x81, 0x04, 0x00, 0x22]):\n return 'P-384';\n case findOid(keyData, [0x2b, 0x81, 0x04, 0x00, 0x23]):\n return 'P-521';\n case (isCloudflareWorkers() || isNodeJs()) && findOid(keyData, [0x2b, 0x65, 0x70]):\n return 'Ed25519';\n case isNodeJs() && findOid(keyData, [0x2b, 0x65, 0x71]):\n return 'Ed448';\n default:\n throw new JOSENotSupported('Invalid or unsupported EC Key Curve or OKP Key Sub Type');\n }\n};\nconst genericImport = async (replace, keyFormat, pem, alg, options) => {\n var _a;\n let algorithm;\n let keyUsages;\n const keyData = new Uint8Array(atob(pem.replace(replace, ''))\n .split('')\n .map((c) => c.charCodeAt(0)));\n const isPublic = keyFormat === 'spki';\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n algorithm = { name: 'RSA-PSS', hash: `SHA-${alg.slice(-3)}` };\n keyUsages = isPublic ? ['verify'] : ['sign'];\n break;\n case 'RS256':\n case 'RS384':\n case 'RS512':\n algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${alg.slice(-3)}` };\n keyUsages = isPublic ? ['verify'] : ['sign'];\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n algorithm = {\n name: 'RSA-OAEP',\n hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`,\n };\n keyUsages = isPublic ? ['encrypt', 'wrapKey'] : ['decrypt', 'unwrapKey'];\n break;\n case 'ES256':\n algorithm = { name: 'ECDSA', namedCurve: 'P-256' };\n keyUsages = isPublic ? ['verify'] : ['sign'];\n break;\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: 'P-384' };\n keyUsages = isPublic ? ['verify'] : ['sign'];\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n keyUsages = isPublic ? ['verify'] : ['sign'];\n break;\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW':\n algorithm = { name: 'ECDH', namedCurve: getNamedCurve(keyData) };\n keyUsages = isPublic ? [] : ['deriveBits'];\n break;\n case (isCloudflareWorkers() || isNodeJs()) && 'EdDSA':\n const namedCurve = getNamedCurve(keyData).toUpperCase();\n algorithm = { name: `NODE-${namedCurve}`, namedCurve: `NODE-${namedCurve}` };\n keyUsages = isPublic ? ['verify'] : ['sign'];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported \"alg\" (Algorithm) value');\n }\n return crypto.subtle.importKey(keyFormat, keyData, algorithm, (_a = options === null || options === void 0 ? void 0 : options.extractable) !== null && _a !== void 0 ? _a : false, keyUsages);\n};\nexport const fromPKCS8 = (pem, alg, options) => {\n return genericImport(/(?:-----(?:BEGIN|END) PRIVATE KEY-----|\\s)/g, 'pkcs8', pem, alg, options);\n};\nexport const fromSPKI = (pem, alg, options) => {\n return genericImport(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\\s)/g, 'spki', pem, alg, options);\n};\n", "export default (b64, descriptor) => {\n const newlined = (b64.match(/.{1,64}/g) || []).join('\\n');\n return `-----BEGIN ${descriptor}-----\\n${newlined}\\n-----END ${descriptor}-----`;\n};\n", "import { isCloudflareWorkers, isNodeJs } from './env.js';\nimport crypto from './webcrypto.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport { decode as base64url } from './base64url.js';\nfunction subtleMapping(jwk) {\n let algorithm;\n let keyUsages;\n switch (jwk.kty) {\n case 'oct': {\n switch (jwk.alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512':\n algorithm = { name: 'HMAC', hash: `SHA-${jwk.alg.slice(-3)}` };\n keyUsages = ['sign', 'verify'];\n break;\n case 'A128CBC-HS256':\n case 'A192CBC-HS384':\n case 'A256CBC-HS512':\n throw new JOSENotSupported(`${jwk.alg} keys cannot be imported as CryptoKey instances`);\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM':\n case 'A128GCMKW':\n case 'A192GCMKW':\n case 'A256GCMKW':\n algorithm = { name: 'AES-GCM' };\n keyUsages = ['encrypt', 'decrypt'];\n break;\n case 'A128KW':\n case 'A192KW':\n case 'A256KW':\n algorithm = { name: 'AES-KW' };\n keyUsages = ['wrapKey', 'unwrapKey'];\n break;\n case 'PBES2-HS256+A128KW':\n case 'PBES2-HS384+A192KW':\n case 'PBES2-HS512+A256KW':\n algorithm = { name: 'PBKDF2' };\n keyUsages = ['deriveBits'];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n case 'RSA': {\n switch (jwk.alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n algorithm = { name: 'RSA-PSS', hash: `SHA-${jwk.alg.slice(-3)}` };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'RS256':\n case 'RS384':\n case 'RS512':\n algorithm = { name: 'RSASSA-PKCS1-v1_5', hash: `SHA-${jwk.alg.slice(-3)}` };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n algorithm = {\n name: 'RSA-OAEP',\n hash: `SHA-${parseInt(jwk.alg.slice(-3), 10) || 1}`,\n };\n keyUsages = jwk.d ? ['decrypt', 'unwrapKey'] : ['encrypt', 'wrapKey'];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n case 'EC': {\n switch (jwk.alg) {\n case 'ES256':\n algorithm = { name: 'ECDSA', namedCurve: 'P-256' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: 'P-384' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW':\n algorithm = { name: 'ECDH', namedCurve: jwk.crv };\n keyUsages = jwk.d ? ['deriveBits'] : [];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n break;\n }\n case (isCloudflareWorkers() || isNodeJs()) && 'OKP':\n if (jwk.alg !== 'EdDSA') {\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n switch (jwk.crv) {\n case 'Ed25519':\n algorithm = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n case isNodeJs() && 'Ed448':\n algorithm = { name: 'NODE-ED448', namedCurve: 'NODE-ED448' };\n keyUsages = jwk.d ? ['sign'] : ['verify'];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"crv\" (Subtype of Key Pair) Parameter value');\n }\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"kty\" (Key Type) Parameter value');\n }\n return { algorithm, keyUsages };\n}\nconst parse = async (jwk) => {\n var _a, _b;\n const { algorithm, keyUsages } = subtleMapping(jwk);\n const rest = [\n algorithm,\n (_a = jwk.ext) !== null && _a !== void 0 ? _a : false,\n (_b = jwk.key_ops) !== null && _b !== void 0 ? _b : keyUsages,\n ];\n if (algorithm.name === 'PBKDF2') {\n return crypto.subtle.importKey('raw', base64url(jwk.k), ...rest);\n }\n const keyData = { ...jwk };\n delete keyData.alg;\n return crypto.subtle.importKey('jwk', keyData, ...rest);\n};\nexport default parse;\n", "import invalidKeyInput from './invalid_key_input.js';\nimport isKeyLike, { types } from '../runtime/is_key_like.js';\nconst symmetricTypeCheck = (key) => {\n if (key instanceof Uint8Array)\n return;\n if (!isKeyLike(key)) {\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n }\n if (key.type !== 'secret') {\n throw new TypeError(`${types.join(' or ')} instances for symmetric algorithms must be of type \"secret\"`);\n }\n};\nconst asymmetricTypeCheck = (key, usage) => {\n if (!isKeyLike(key)) {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n if (key.type === 'secret') {\n throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithms must not be of type \"secret\"`);\n }\n if (usage === 'sign' && key.type === 'public') {\n throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm signing must be of type \"private\"`);\n }\n if (usage === 'decrypt' && key.type === 'public') {\n throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm decryption must be of type \"private\"`);\n }\n if (key.algorithm && usage === 'verify' && key.type === 'private') {\n throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm verifying must be of type \"public\"`);\n }\n if (key.algorithm && usage === 'encrypt' && key.type === 'private') {\n throw new TypeError(`${types.join(' or ')} instances for asymmetric algorithm encryption must be of type \"public\"`);\n }\n};\nconst checkKeyType = (alg, key, usage) => {\n const symmetric = alg.startsWith('HS') ||\n alg === 'dir' ||\n alg.startsWith('PBES2') ||\n /^A\\d{3}(?:GCM)?KW$/.test(alg);\n if (symmetric) {\n symmetricTypeCheck(key);\n }\n else {\n asymmetricTypeCheck(key, usage);\n }\n};\nexport default checkKeyType;\n", "import encrypt from '../runtime/encrypt.js';\nimport decrypt from '../runtime/decrypt.js';\nimport generateIv from './iv.js';\nimport { encode as base64url } from '../runtime/base64url.js';\nexport async function wrap(alg, key, cek, iv) {\n const jweAlgorithm = alg.slice(0, 7);\n iv || (iv = generateIv(jweAlgorithm));\n const { ciphertext: encryptedKey, tag } = await encrypt(jweAlgorithm, cek, key, iv, new Uint8Array(0));\n return { encryptedKey, iv: base64url(iv), tag: base64url(tag) };\n}\nexport async function unwrap(alg, key, encryptedKey, iv, tag) {\n const jweAlgorithm = alg.slice(0, 7);\n return decrypt(jweAlgorithm, key, encryptedKey, iv, tag, new Uint8Array(0));\n}\n", "import { concat, uint64be } from '../lib/buffer_utils.js';\nimport checkIvLength from '../lib/check_iv_length.js';\nimport checkCekLength from './check_cek_length.js';\nimport crypto, { isCryptoKey } from './webcrypto.js';\nimport { checkEncCryptoKey } from '../lib/crypto_key.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport { types } from './is_key_like.js';\nasync function cbcEncrypt(enc, plaintext, cek, iv, aad) {\n if (!(cek instanceof Uint8Array)) {\n throw new TypeError(invalidKeyInput(cek, 'Uint8Array'));\n }\n const keySize = parseInt(enc.slice(1, 4), 10);\n const encKey = await crypto.subtle.importKey('raw', cek.subarray(keySize >> 3), 'AES-CBC', false, ['encrypt']);\n const macKey = await crypto.subtle.importKey('raw', cek.subarray(0, keySize >> 3), {\n hash: `SHA-${keySize << 1}`,\n name: 'HMAC',\n }, false, ['sign']);\n const ciphertext = new Uint8Array(await crypto.subtle.encrypt({\n iv,\n name: 'AES-CBC',\n }, encKey, plaintext));\n const macData = concat(aad, iv, ciphertext, uint64be(aad.length << 3));\n const tag = new Uint8Array((await crypto.subtle.sign('HMAC', macKey, macData)).slice(0, keySize >> 3));\n return { ciphertext, tag };\n}\nasync function gcmEncrypt(enc, plaintext, cek, iv, aad) {\n let encKey;\n if (cek instanceof Uint8Array) {\n encKey = await crypto.subtle.importKey('raw', cek, 'AES-GCM', false, ['encrypt']);\n }\n else {\n checkEncCryptoKey(cek, enc, 'encrypt');\n encKey = cek;\n }\n const encrypted = new Uint8Array(await crypto.subtle.encrypt({\n additionalData: aad,\n iv,\n name: 'AES-GCM',\n tagLength: 128,\n }, encKey, plaintext));\n const tag = encrypted.slice(-16);\n const ciphertext = encrypted.slice(0, -16);\n return { ciphertext, tag };\n}\nconst encrypt = async (enc, plaintext, cek, iv, aad) => {\n if (!isCryptoKey(cek) && !(cek instanceof Uint8Array)) {\n throw new TypeError(invalidKeyInput(cek, ...types, 'Uint8Array'));\n }\n checkIvLength(enc, iv);\n switch (enc) {\n case 'A128CBC-HS256':\n case 'A192CBC-HS384':\n case 'A256CBC-HS512':\n if (cek instanceof Uint8Array)\n checkCekLength(cek, parseInt(enc.slice(-3), 10));\n return cbcEncrypt(enc, plaintext, cek, iv, aad);\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM':\n if (cek instanceof Uint8Array)\n checkCekLength(cek, parseInt(enc.slice(1, 4), 10));\n return gcmEncrypt(enc, plaintext, cek, iv, aad);\n default:\n throw new JOSENotSupported('Unsupported JWE Content Encryption Algorithm');\n }\n};\nexport default encrypt;\n", "import { JOSENotSupported } from '../util/errors.js';\nfunction validateCrit(Err, recognizedDefault, recognizedOption, protectedHeader, joseHeader) {\n if (joseHeader.crit !== undefined && protectedHeader.crit === undefined) {\n throw new Err('\"crit\" (Critical) Header Parameter MUST be integrity protected');\n }\n if (!protectedHeader || protectedHeader.crit === undefined) {\n return new Set();\n }\n if (!Array.isArray(protectedHeader.crit) ||\n protectedHeader.crit.length === 0 ||\n protectedHeader.crit.some((input) => typeof input !== 'string' || input.length === 0)) {\n throw new Err('\"crit\" (Critical) Header Parameter MUST be an array of non-empty strings when present');\n }\n let recognized;\n if (recognizedOption !== undefined) {\n recognized = new Map([...Object.entries(recognizedOption), ...recognizedDefault.entries()]);\n }\n else {\n recognized = recognizedDefault;\n }\n for (const parameter of protectedHeader.crit) {\n if (!recognized.has(parameter)) {\n throw new JOSENotSupported(`Extension Header Parameter \"${parameter}\" is not recognized`);\n }\n if (joseHeader[parameter] === undefined) {\n throw new Err(`Extension Header Parameter \"${parameter}\" is missing`);\n }\n else if (recognized.get(parameter) && protectedHeader[parameter] === undefined) {\n throw new Err(`Extension Header Parameter \"${parameter}\" MUST be integrity protected`);\n }\n }\n return new Set(protectedHeader.crit);\n}\nexport default validateCrit;\n", "const validateAlgorithms = (option, algorithms) => {\n if (algorithms !== undefined &&\n (!Array.isArray(algorithms) || algorithms.some((s) => typeof s !== 'string'))) {\n throw new TypeError(`\"${option}\" option must be an array of strings`);\n }\n if (!algorithms) {\n return undefined;\n }\n return new Set(algorithms);\n};\nexport default validateAlgorithms;\n", "import { flattenedDecrypt } from '../flattened/decrypt.js';\nimport { JWEDecryptionFailed, JWEInvalid } from '../../util/errors.js';\nimport isObject from '../../lib/is_object.js';\nexport async function generalDecrypt(jwe, key, options) {\n if (!isObject(jwe)) {\n throw new JWEInvalid('General JWE must be an object');\n }\n if (!Array.isArray(jwe.recipients) || !jwe.recipients.every(isObject)) {\n throw new JWEInvalid('JWE Recipients missing or incorrect type');\n }\n if (!jwe.recipients.length) {\n throw new JWEInvalid('JWE Recipients has no members');\n }\n for (const recipient of jwe.recipients) {\n try {\n return await flattenedDecrypt({\n aad: jwe.aad,\n ciphertext: jwe.ciphertext,\n encrypted_key: recipient.encrypted_key,\n header: recipient.header,\n iv: jwe.iv,\n protected: jwe.protected,\n tag: jwe.tag,\n unprotected: jwe.unprotected,\n }, key, options);\n }\n catch (_a) {\n }\n }\n throw new JWEDecryptionFailed();\n}\n", "import { FlattenedEncrypt, unprotected } from '../flattened/encrypt.js';\nimport { JWEInvalid } from '../../util/errors.js';\nimport generateCek from '../../lib/cek.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport encryptKeyManagement from '../../lib/encrypt_key_management.js';\nimport { encode as base64url } from '../../runtime/base64url.js';\nimport validateCrit from '../../lib/validate_crit.js';\nclass IndividualRecipient {\n constructor(enc, key, options) {\n this.parent = enc;\n this.key = key;\n this.options = options;\n }\n setUnprotectedHeader(unprotectedHeader) {\n if (this.unprotectedHeader) {\n throw new TypeError('setUnprotectedHeader can only be called once');\n }\n this.unprotectedHeader = unprotectedHeader;\n return this;\n }\n addRecipient(...args) {\n return this.parent.addRecipient(...args);\n }\n encrypt(...args) {\n return this.parent.encrypt(...args);\n }\n done() {\n return this.parent;\n }\n}\nexport class GeneralEncrypt {\n constructor(plaintext) {\n this._recipients = [];\n this._plaintext = plaintext;\n }\n addRecipient(key, options) {\n const recipient = new IndividualRecipient(this, key, { crit: options === null || options === void 0 ? void 0 : options.crit });\n this._recipients.push(recipient);\n return recipient;\n }\n setProtectedHeader(protectedHeader) {\n if (this._protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this._protectedHeader = protectedHeader;\n return this;\n }\n setSharedUnprotectedHeader(sharedUnprotectedHeader) {\n if (this._unprotectedHeader) {\n throw new TypeError('setSharedUnprotectedHeader can only be called once');\n }\n this._unprotectedHeader = sharedUnprotectedHeader;\n return this;\n }\n setAdditionalAuthenticatedData(aad) {\n this._aad = aad;\n return this;\n }\n async encrypt(options) {\n var _a, _b, _c;\n if (!this._recipients.length) {\n throw new JWEInvalid('at least one recipient must be added');\n }\n options = { deflateRaw: options === null || options === void 0 ? void 0 : options.deflateRaw };\n if (this._recipients.length === 1) {\n const [recipient] = this._recipients;\n const flattened = await new FlattenedEncrypt(this._plaintext)\n .setAdditionalAuthenticatedData(this._aad)\n .setProtectedHeader(this._protectedHeader)\n .setSharedUnprotectedHeader(this._unprotectedHeader)\n .setUnprotectedHeader(recipient.unprotectedHeader)\n .encrypt(recipient.key, { ...recipient.options, ...options });\n let jwe = {\n ciphertext: flattened.ciphertext,\n iv: flattened.iv,\n recipients: [{}],\n tag: flattened.tag,\n };\n if (flattened.aad)\n jwe.aad = flattened.aad;\n if (flattened.protected)\n jwe.protected = flattened.protected;\n if (flattened.unprotected)\n jwe.unprotected = flattened.unprotected;\n if (flattened.encrypted_key)\n jwe.recipients[0].encrypted_key = flattened.encrypted_key;\n if (flattened.header)\n jwe.recipients[0].header = flattened.header;\n return jwe;\n }\n let enc;\n for (let i = 0; i < this._recipients.length; i++) {\n const recipient = this._recipients[i];\n if (!isDisjoint(this._protectedHeader, this._unprotectedHeader, recipient.unprotectedHeader)) {\n throw new JWEInvalid('JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...this._protectedHeader,\n ...this._unprotectedHeader,\n ...recipient.unprotectedHeader,\n };\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWEInvalid('JWE \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n if (alg === 'dir' || alg === 'ECDH-ES') {\n throw new JWEInvalid('\"dir\" and \"ECDH-ES\" alg may only be used with a single recipient');\n }\n if (typeof joseHeader.enc !== 'string' || !joseHeader.enc) {\n throw new JWEInvalid('JWE \"enc\" (Encryption Algorithm) Header Parameter missing or invalid');\n }\n if (!enc) {\n enc = joseHeader.enc;\n }\n else if (enc !== joseHeader.enc) {\n throw new JWEInvalid('JWE \"enc\" (Encryption Algorithm) Header Parameter must be the same for all recipients');\n }\n validateCrit(JWEInvalid, new Map(), recipient.options.crit, this._protectedHeader, joseHeader);\n if (joseHeader.zip !== undefined) {\n if (!this._protectedHeader || !this._protectedHeader.zip) {\n throw new JWEInvalid('JWE \"zip\" (Compression Algorithm) Header MUST be integrity protected');\n }\n }\n }\n const cek = generateCek(enc);\n let jwe = {\n ciphertext: '',\n iv: '',\n recipients: [],\n tag: '',\n };\n for (let i = 0; i < this._recipients.length; i++) {\n const recipient = this._recipients[i];\n const target = {};\n jwe.recipients.push(target);\n const joseHeader = {\n ...this._protectedHeader,\n ...this._unprotectedHeader,\n ...recipient.unprotectedHeader,\n };\n const p2c = joseHeader.alg.startsWith('PBES2') ? 2048 + i : undefined;\n if (i === 0) {\n const flattened = await new FlattenedEncrypt(this._plaintext)\n .setAdditionalAuthenticatedData(this._aad)\n .setContentEncryptionKey(cek)\n .setProtectedHeader(this._protectedHeader)\n .setSharedUnprotectedHeader(this._unprotectedHeader)\n .setUnprotectedHeader(recipient.unprotectedHeader)\n .setKeyManagementParameters({ p2c })\n .encrypt(recipient.key, {\n ...recipient.options,\n ...options,\n [unprotected]: true,\n });\n jwe.ciphertext = flattened.ciphertext;\n jwe.iv = flattened.iv;\n jwe.tag = flattened.tag;\n if (flattened.aad)\n jwe.aad = flattened.aad;\n if (flattened.protected)\n jwe.protected = flattened.protected;\n if (flattened.unprotected)\n jwe.unprotected = flattened.unprotected;\n target.encrypted_key = flattened.encrypted_key;\n if (flattened.header)\n target.header = flattened.header;\n continue;\n }\n const { encryptedKey, parameters } = await encryptKeyManagement(((_a = recipient.unprotectedHeader) === null || _a === void 0 ? void 0 : _a.alg) ||\n ((_b = this._protectedHeader) === null || _b === void 0 ? void 0 : _b.alg) ||\n ((_c = this._unprotectedHeader) === null || _c === void 0 ? void 0 : _c.alg), enc, recipient.key, cek, { p2c });\n target.encrypted_key = base64url(encryptedKey);\n if (recipient.unprotectedHeader || parameters)\n target.header = { ...recipient.unprotectedHeader, ...parameters };\n }\n return jwe;\n }\n}\n", "import { encode as base64url } from '../../runtime/base64url.js';\nimport encrypt from '../../runtime/encrypt.js';\nimport { deflate } from '../../runtime/zlib.js';\nimport generateIv from '../../lib/iv.js';\nimport encryptKeyManagement from '../../lib/encrypt_key_management.js';\nimport { JOSENotSupported, JWEInvalid } from '../../util/errors.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport { encoder, decoder, concat } from '../../lib/buffer_utils.js';\nimport validateCrit from '../../lib/validate_crit.js';\nexport const unprotected = Symbol();\nexport class FlattenedEncrypt {\n constructor(plaintext) {\n if (!(plaintext instanceof Uint8Array)) {\n throw new TypeError('plaintext must be an instance of Uint8Array');\n }\n this._plaintext = plaintext;\n }\n setKeyManagementParameters(parameters) {\n if (this._keyManagementParameters) {\n throw new TypeError('setKeyManagementParameters can only be called once');\n }\n this._keyManagementParameters = parameters;\n return this;\n }\n setProtectedHeader(protectedHeader) {\n if (this._protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this._protectedHeader = protectedHeader;\n return this;\n }\n setSharedUnprotectedHeader(sharedUnprotectedHeader) {\n if (this._sharedUnprotectedHeader) {\n throw new TypeError('setSharedUnprotectedHeader can only be called once');\n }\n this._sharedUnprotectedHeader = sharedUnprotectedHeader;\n return this;\n }\n setUnprotectedHeader(unprotectedHeader) {\n if (this._unprotectedHeader) {\n throw new TypeError('setUnprotectedHeader can only be called once');\n }\n this._unprotectedHeader = unprotectedHeader;\n return this;\n }\n setAdditionalAuthenticatedData(aad) {\n this._aad = aad;\n return this;\n }\n setContentEncryptionKey(cek) {\n if (this._cek) {\n throw new TypeError('setContentEncryptionKey can only be called once');\n }\n this._cek = cek;\n return this;\n }\n setInitializationVector(iv) {\n if (this._iv) {\n throw new TypeError('setInitializationVector can only be called once');\n }\n this._iv = iv;\n return this;\n }\n async encrypt(key, options) {\n if (!this._protectedHeader && !this._unprotectedHeader && !this._sharedUnprotectedHeader) {\n throw new JWEInvalid('either setProtectedHeader, setUnprotectedHeader, or sharedUnprotectedHeader must be called before #encrypt()');\n }\n if (!isDisjoint(this._protectedHeader, this._unprotectedHeader, this._sharedUnprotectedHeader)) {\n throw new JWEInvalid('JWE Protected, JWE Shared Unprotected and JWE Per-Recipient Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...this._protectedHeader,\n ...this._unprotectedHeader,\n ...this._sharedUnprotectedHeader,\n };\n validateCrit(JWEInvalid, new Map(), options === null || options === void 0 ? void 0 : options.crit, this._protectedHeader, joseHeader);\n if (joseHeader.zip !== undefined) {\n if (!this._protectedHeader || !this._protectedHeader.zip) {\n throw new JWEInvalid('JWE \"zip\" (Compression Algorithm) Header MUST be integrity protected');\n }\n if (joseHeader.zip !== 'DEF') {\n throw new JOSENotSupported('Unsupported JWE \"zip\" (Compression Algorithm) Header Parameter value');\n }\n }\n const { alg, enc } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWEInvalid('JWE \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n if (typeof enc !== 'string' || !enc) {\n throw new JWEInvalid('JWE \"enc\" (Encryption Algorithm) Header Parameter missing or invalid');\n }\n let encryptedKey;\n if (alg === 'dir') {\n if (this._cek) {\n throw new TypeError('setContentEncryptionKey cannot be called when using Direct Encryption');\n }\n }\n else if (alg === 'ECDH-ES') {\n if (this._cek) {\n throw new TypeError('setContentEncryptionKey cannot be called when using Direct Key Agreement');\n }\n }\n let cek;\n {\n let parameters;\n ({ cek, encryptedKey, parameters } = await encryptKeyManagement(alg, enc, key, this._cek, this._keyManagementParameters));\n if (parameters) {\n if (options && unprotected in options) {\n if (!this._unprotectedHeader) {\n this.setUnprotectedHeader(parameters);\n }\n else {\n this._unprotectedHeader = { ...this._unprotectedHeader, ...parameters };\n }\n }\n else {\n if (!this._protectedHeader) {\n this.setProtectedHeader(parameters);\n }\n else {\n this._protectedHeader = { ...this._protectedHeader, ...parameters };\n }\n }\n }\n }\n this._iv || (this._iv = generateIv(enc));\n let additionalData;\n let protectedHeader;\n let aadMember;\n if (this._protectedHeader) {\n protectedHeader = encoder.encode(base64url(JSON.stringify(this._protectedHeader)));\n }\n else {\n protectedHeader = encoder.encode('');\n }\n if (this._aad) {\n aadMember = base64url(this._aad);\n additionalData = concat(protectedHeader, encoder.encode('.'), encoder.encode(aadMember));\n }\n else {\n additionalData = protectedHeader;\n }\n let ciphertext;\n let tag;\n if (joseHeader.zip === 'DEF') {\n const deflated = await ((options === null || options === void 0 ? void 0 : options.deflateRaw) || deflate)(this._plaintext);\n ({ ciphertext, tag } = await encrypt(enc, deflated, cek, this._iv, additionalData));\n }\n else {\n ;\n ({ ciphertext, tag } = await encrypt(enc, this._plaintext, cek, this._iv, additionalData));\n }\n const jwe = {\n ciphertext: base64url(ciphertext),\n iv: base64url(this._iv),\n tag: base64url(tag),\n };\n if (encryptedKey) {\n jwe.encrypted_key = base64url(encryptedKey);\n }\n if (aadMember) {\n jwe.aad = aadMember;\n }\n if (this._protectedHeader) {\n jwe.protected = decoder.decode(protectedHeader);\n }\n if (this._sharedUnprotectedHeader) {\n jwe.unprotected = this._sharedUnprotectedHeader;\n }\n if (this._unprotectedHeader) {\n jwe.header = this._unprotectedHeader;\n }\n return jwe;\n }\n}\n", "import { wrap as aesKw } from '../runtime/aeskw.js';\nimport * as ECDH from '../runtime/ecdhes.js';\nimport { encrypt as pbes2Kw } from '../runtime/pbes2kw.js';\nimport { encrypt as rsaEs } from '../runtime/rsaes.js';\nimport { encode as base64url } from '../runtime/base64url.js';\nimport generateCek, { bitLength as cekLength } from '../lib/cek.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport { exportJWK } from '../key/export.js';\nimport checkKeyType from './check_key_type.js';\nimport { wrap as aesGcmKw } from './aesgcmkw.js';\nasync function encryptKeyManagement(alg, enc, key, providedCek, providedParameters = {}) {\n let encryptedKey;\n let parameters;\n let cek;\n checkKeyType(alg, key, 'encrypt');\n switch (alg) {\n case 'dir': {\n cek = key;\n break;\n }\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW': {\n if (!ECDH.ecdhAllowed(key)) {\n throw new JOSENotSupported('ECDH with the provided key is not allowed or not supported by your javascript runtime');\n }\n const { apu, apv } = providedParameters;\n let { epk: ephemeralKey } = providedParameters;\n ephemeralKey || (ephemeralKey = (await ECDH.generateEpk(key)).privateKey);\n const { x, y, crv, kty } = await exportJWK(ephemeralKey);\n const sharedSecret = await ECDH.deriveKey(key, ephemeralKey, alg === 'ECDH-ES' ? enc : alg, alg === 'ECDH-ES' ? cekLength(enc) : parseInt(alg.slice(-5, -2), 10), apu, apv);\n parameters = { epk: { x, crv, kty } };\n if (kty === 'EC')\n parameters.epk.y = y;\n if (apu)\n parameters.apu = base64url(apu);\n if (apv)\n parameters.apv = base64url(apv);\n if (alg === 'ECDH-ES') {\n cek = sharedSecret;\n break;\n }\n cek = providedCek || generateCek(enc);\n const kwAlg = alg.slice(-6);\n encryptedKey = await aesKw(kwAlg, sharedSecret, cek);\n break;\n }\n case 'RSA1_5':\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512': {\n cek = providedCek || generateCek(enc);\n encryptedKey = await rsaEs(alg, key, cek);\n break;\n }\n case 'PBES2-HS256+A128KW':\n case 'PBES2-HS384+A192KW':\n case 'PBES2-HS512+A256KW': {\n cek = providedCek || generateCek(enc);\n const { p2c, p2s } = providedParameters;\n ({ encryptedKey, ...parameters } = await pbes2Kw(alg, key, cek, p2c, p2s));\n break;\n }\n case 'A128KW':\n case 'A192KW':\n case 'A256KW': {\n cek = providedCek || generateCek(enc);\n encryptedKey = await aesKw(alg, key, cek);\n break;\n }\n case 'A128GCMKW':\n case 'A192GCMKW':\n case 'A256GCMKW': {\n cek = providedCek || generateCek(enc);\n const { iv } = providedParameters;\n ({ encryptedKey, ...parameters } = await aesGcmKw(alg, key, cek, iv));\n break;\n }\n default: {\n throw new JOSENotSupported('Invalid or unsupported \"alg\" (JWE Algorithm) header value');\n }\n }\n return { cek, encryptedKey, parameters };\n}\nexport default encryptKeyManagement;\n", "import { toSPKI as exportPublic } from '../runtime/asn1.js';\nimport { toPKCS8 as exportPrivate } from '../runtime/asn1.js';\nimport keyToJWK from '../runtime/key_to_jwk.js';\nexport async function exportSPKI(key) {\n return exportPublic(key);\n}\nexport async function exportPKCS8(key) {\n return exportPrivate(key);\n}\nexport async function exportJWK(key) {\n return keyToJWK(key);\n}\n", "import crypto, { isCryptoKey } from './webcrypto.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { encode as base64url } from './base64url.js';\nimport { types } from './is_key_like.js';\nconst keyToJWK = async (key) => {\n if (key instanceof Uint8Array) {\n return {\n kty: 'oct',\n k: base64url(key),\n };\n }\n if (!isCryptoKey(key)) {\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n }\n if (!key.extractable) {\n throw new TypeError('non-extractable CryptoKey cannot be exported as a JWK');\n }\n const { ext, key_ops, alg, use, ...jwk } = await crypto.subtle.exportKey('jwk', key);\n return jwk;\n};\nexport default keyToJWK;\n", "import { flattenedVerify } from '../flattened/verify.js';\nimport { JWSInvalid } from '../../util/errors.js';\nimport { decoder } from '../../lib/buffer_utils.js';\nexport async function compactVerify(jws, key, options) {\n if (jws instanceof Uint8Array) {\n jws = decoder.decode(jws);\n }\n if (typeof jws !== 'string') {\n throw new JWSInvalid('Compact JWS must be a string or Uint8Array');\n }\n const { 0: protectedHeader, 1: payload, 2: signature, length } = jws.split('.');\n if (length !== 3) {\n throw new JWSInvalid('Invalid Compact JWS');\n }\n const verified = await flattenedVerify({ payload, protected: protectedHeader, signature }, key, options);\n const result = { payload: verified.payload, protectedHeader: verified.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: verified.key };\n }\n return result;\n}\n", "import { decode as base64url } from '../../runtime/base64url.js';\nimport verify from '../../runtime/verify.js';\nimport { JOSEAlgNotAllowed, JWSInvalid, JWSSignatureVerificationFailed } from '../../util/errors.js';\nimport { concat, encoder, decoder } from '../../lib/buffer_utils.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport isObject from '../../lib/is_object.js';\nimport checkKeyType from '../../lib/check_key_type.js';\nimport validateCrit from '../../lib/validate_crit.js';\nimport validateAlgorithms from '../../lib/validate_algorithms.js';\nexport async function flattenedVerify(jws, key, options) {\n var _a;\n if (!isObject(jws)) {\n throw new JWSInvalid('Flattened JWS must be an object');\n }\n if (jws.protected === undefined && jws.header === undefined) {\n throw new JWSInvalid('Flattened JWS must have either of the \"protected\" or \"header\" members');\n }\n if (jws.protected !== undefined && typeof jws.protected !== 'string') {\n throw new JWSInvalid('JWS Protected Header incorrect type');\n }\n if (jws.payload === undefined) {\n throw new JWSInvalid('JWS Payload missing');\n }\n if (typeof jws.signature !== 'string') {\n throw new JWSInvalid('JWS Signature missing or incorrect type');\n }\n if (jws.header !== undefined && !isObject(jws.header)) {\n throw new JWSInvalid('JWS Unprotected Header incorrect type');\n }\n let parsedProt = {};\n if (jws.protected) {\n const protectedHeader = base64url(jws.protected);\n try {\n parsedProt = JSON.parse(decoder.decode(protectedHeader));\n }\n catch (_b) {\n throw new JWSInvalid('JWS Protected Header is invalid');\n }\n }\n if (!isDisjoint(parsedProt, jws.header)) {\n throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...parsedProt,\n ...jws.header,\n };\n const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options === null || options === void 0 ? void 0 : options.crit, parsedProt, joseHeader);\n let b64 = true;\n if (extensions.has('b64')) {\n b64 = parsedProt.b64;\n if (typeof b64 !== 'boolean') {\n throw new JWSInvalid('The \"b64\" (base64url-encode payload) Header Parameter must be a boolean');\n }\n }\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWSInvalid('JWS \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n const algorithms = options && validateAlgorithms('algorithms', options.algorithms);\n if (algorithms && !algorithms.has(alg)) {\n throw new JOSEAlgNotAllowed('\"alg\" (Algorithm) Header Parameter not allowed');\n }\n if (b64) {\n if (typeof jws.payload !== 'string') {\n throw new JWSInvalid('JWS Payload must be a string');\n }\n }\n else if (typeof jws.payload !== 'string' && !(jws.payload instanceof Uint8Array)) {\n throw new JWSInvalid('JWS Payload must be a string or an Uint8Array instance');\n }\n let resolvedKey = false;\n if (typeof key === 'function') {\n key = await key(parsedProt, jws);\n resolvedKey = true;\n }\n checkKeyType(alg, key, 'verify');\n const data = concat(encoder.encode((_a = jws.protected) !== null && _a !== void 0 ? _a : ''), encoder.encode('.'), typeof jws.payload === 'string' ? encoder.encode(jws.payload) : jws.payload);\n const signature = base64url(jws.signature);\n const verified = await verify(alg, key, signature, data);\n if (!verified) {\n throw new JWSSignatureVerificationFailed();\n }\n let payload;\n if (b64) {\n payload = base64url(jws.payload);\n }\n else if (typeof jws.payload === 'string') {\n payload = encoder.encode(jws.payload);\n }\n else {\n payload = jws.payload;\n }\n const result = { payload };\n if (jws.protected !== undefined) {\n result.protectedHeader = parsedProt;\n }\n if (jws.header !== undefined) {\n result.unprotectedHeader = jws.header;\n }\n if (resolvedKey) {\n return { ...result, key };\n }\n return result;\n}\n", "import subtleAlgorithm from './subtle_dsa.js';\nimport crypto from './webcrypto.js';\nimport checkKeyLength from './check_key_length.js';\nimport getVerifyKey from './get_sign_verify_key.js';\nconst verify = async (alg, key, signature, data) => {\n const cryptoKey = await getVerifyKey(alg, key, 'verify');\n checkKeyLength(alg, cryptoKey);\n const algorithm = subtleAlgorithm(alg, cryptoKey.algorithm);\n try {\n return await crypto.subtle.verify(algorithm, cryptoKey, signature, data);\n }\n catch (_a) {\n return false;\n }\n};\nexport default verify;\n", "import { isCloudflareWorkers, isNodeJs } from './env.js';\nimport { JOSENotSupported } from '../util/errors.js';\nexport default function subtleDsa(alg, algorithm) {\n const hash = `SHA-${alg.slice(-3)}`;\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512':\n return { hash, name: 'HMAC' };\n case 'PS256':\n case 'PS384':\n case 'PS512':\n return { hash, name: 'RSA-PSS', saltLength: alg.slice(-3) >> 3 };\n case 'RS256':\n case 'RS384':\n case 'RS512':\n return { hash, name: 'RSASSA-PKCS1-v1_5' };\n case 'ES256':\n case 'ES384':\n case 'ES512':\n return { hash, name: 'ECDSA', namedCurve: algorithm.namedCurve };\n case (isCloudflareWorkers() || isNodeJs()) && 'EdDSA':\n const { namedCurve } = algorithm;\n return { name: namedCurve, namedCurve };\n default:\n throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);\n }\n}\n", "import crypto, { isCryptoKey } from './webcrypto.js';\nimport { checkSigCryptoKey } from '../lib/crypto_key.js';\nimport invalidKeyInput from '../lib/invalid_key_input.js';\nimport { types } from './is_key_like.js';\nexport default function getCryptoKey(alg, key, usage) {\n if (isCryptoKey(key)) {\n checkSigCryptoKey(key, alg, usage);\n return key;\n }\n if (key instanceof Uint8Array) {\n if (!alg.startsWith('HS')) {\n throw new TypeError(invalidKeyInput(key, ...types));\n }\n return crypto.subtle.importKey('raw', key, { hash: `SHA-${alg.slice(-3)}`, name: 'HMAC' }, false, [usage]);\n }\n throw new TypeError(invalidKeyInput(key, ...types, 'Uint8Array'));\n}\n", "import { flattenedVerify } from '../flattened/verify.js';\nimport { JWSInvalid, JWSSignatureVerificationFailed } from '../../util/errors.js';\nimport isObject from '../../lib/is_object.js';\nexport async function generalVerify(jws, key, options) {\n if (!isObject(jws)) {\n throw new JWSInvalid('General JWS must be an object');\n }\n if (!Array.isArray(jws.signatures) || !jws.signatures.every(isObject)) {\n throw new JWSInvalid('JWS Signatures missing or incorrect type');\n }\n for (const signature of jws.signatures) {\n try {\n return await flattenedVerify({\n header: signature.header,\n payload: jws.payload,\n protected: signature.protected,\n signature: signature.signature,\n }, key, options);\n }\n catch (_a) {\n }\n }\n throw new JWSSignatureVerificationFailed();\n}\n", "import { compactVerify } from '../jws/compact/verify.js';\nimport jwtPayload from '../lib/jwt_claims_set.js';\nimport { JWTInvalid } from '../util/errors.js';\nexport async function jwtVerify(jwt, key, options) {\n var _a;\n const verified = await compactVerify(jwt, key, options);\n if (((_a = verified.protectedHeader.crit) === null || _a === void 0 ? void 0 : _a.includes('b64')) && verified.protectedHeader.b64 === false) {\n throw new JWTInvalid('JWTs MUST NOT use unencoded payload');\n }\n const payload = jwtPayload(verified.protectedHeader, verified.payload, options);\n const result = { payload, protectedHeader: verified.protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: verified.key };\n }\n return result;\n}\n", "import { JWTClaimValidationFailed, JWTExpired, JWTInvalid } from '../util/errors.js';\nimport { decoder } from './buffer_utils.js';\nimport epoch from './epoch.js';\nimport secs from './secs.js';\nimport isObject from './is_object.js';\nconst normalizeTyp = (value) => value.toLowerCase().replace(/^application\\//, '');\nconst checkAudiencePresence = (audPayload, audOption) => {\n if (typeof audPayload === 'string') {\n return audOption.includes(audPayload);\n }\n if (Array.isArray(audPayload)) {\n return audOption.some(Set.prototype.has.bind(new Set(audPayload)));\n }\n return false;\n};\nexport default (protectedHeader, encodedPayload, options = {}) => {\n const { typ } = options;\n if (typ &&\n (typeof protectedHeader.typ !== 'string' ||\n normalizeTyp(protectedHeader.typ) !== normalizeTyp(typ))) {\n throw new JWTClaimValidationFailed('unexpected \"typ\" JWT header value', 'typ', 'check_failed');\n }\n let payload;\n try {\n payload = JSON.parse(decoder.decode(encodedPayload));\n }\n catch (_a) {\n }\n if (!isObject(payload)) {\n throw new JWTInvalid('JWT Claims Set must be a top-level JSON object');\n }\n const { issuer } = options;\n if (issuer && !(Array.isArray(issuer) ? issuer : [issuer]).includes(payload.iss)) {\n throw new JWTClaimValidationFailed('unexpected \"iss\" claim value', 'iss', 'check_failed');\n }\n const { subject } = options;\n if (subject && payload.sub !== subject) {\n throw new JWTClaimValidationFailed('unexpected \"sub\" claim value', 'sub', 'check_failed');\n }\n const { audience } = options;\n if (audience &&\n !checkAudiencePresence(payload.aud, typeof audience === 'string' ? [audience] : audience)) {\n throw new JWTClaimValidationFailed('unexpected \"aud\" claim value', 'aud', 'check_failed');\n }\n let tolerance;\n switch (typeof options.clockTolerance) {\n case 'string':\n tolerance = secs(options.clockTolerance);\n break;\n case 'number':\n tolerance = options.clockTolerance;\n break;\n case 'undefined':\n tolerance = 0;\n break;\n default:\n throw new TypeError('Invalid clockTolerance option type');\n }\n const { currentDate } = options;\n const now = epoch(currentDate || new Date());\n if (payload.iat !== undefined || options.maxTokenAge) {\n if (typeof payload.iat !== 'number') {\n throw new JWTClaimValidationFailed('\"iat\" claim must be a number', 'iat', 'invalid');\n }\n if (payload.exp === undefined && payload.iat > now + tolerance) {\n throw new JWTClaimValidationFailed('\"iat\" claim timestamp check failed (it should be in the past)', 'iat', 'check_failed');\n }\n }\n if (payload.nbf !== undefined) {\n if (typeof payload.nbf !== 'number') {\n throw new JWTClaimValidationFailed('\"nbf\" claim must be a number', 'nbf', 'invalid');\n }\n if (payload.nbf > now + tolerance) {\n throw new JWTClaimValidationFailed('\"nbf\" claim timestamp check failed', 'nbf', 'check_failed');\n }\n }\n if (payload.exp !== undefined) {\n if (typeof payload.exp !== 'number') {\n throw new JWTClaimValidationFailed('\"exp\" claim must be a number', 'exp', 'invalid');\n }\n if (payload.exp <= now - tolerance) {\n throw new JWTExpired('\"exp\" claim timestamp check failed', 'exp', 'check_failed');\n }\n }\n if (options.maxTokenAge) {\n const age = now - payload.iat;\n const max = typeof options.maxTokenAge === 'number' ? options.maxTokenAge : secs(options.maxTokenAge);\n if (age - tolerance > max) {\n throw new JWTExpired('\"iat\" claim timestamp check failed (too far in the past)', 'iat', 'check_failed');\n }\n if (age < 0 - tolerance) {\n throw new JWTClaimValidationFailed('\"iat\" claim timestamp check failed (it should be in the past)', 'iat', 'check_failed');\n }\n }\n return payload;\n};\n", "export default (date) => Math.floor(date.getTime() / 1000);\n", "const minute = 60;\nconst hour = minute * 60;\nconst day = hour * 24;\nconst week = day * 7;\nconst year = day * 365.25;\nconst REGEX = /^(\\d+|\\d+\\.\\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)$/i;\nexport default (str) => {\n const matched = REGEX.exec(str);\n if (!matched) {\n throw new TypeError('Invalid time period format');\n }\n const value = parseFloat(matched[1]);\n const unit = matched[2].toLowerCase();\n switch (unit) {\n case 'sec':\n case 'secs':\n case 'second':\n case 'seconds':\n case 's':\n return Math.round(value);\n case 'minute':\n case 'minutes':\n case 'min':\n case 'mins':\n case 'm':\n return Math.round(value * minute);\n case 'hour':\n case 'hours':\n case 'hr':\n case 'hrs':\n case 'h':\n return Math.round(value * hour);\n case 'day':\n case 'days':\n case 'd':\n return Math.round(value * day);\n case 'week':\n case 'weeks':\n case 'w':\n return Math.round(value * week);\n default:\n return Math.round(value * year);\n }\n};\n", "import { compactDecrypt } from '../jwe/compact/decrypt.js';\nimport jwtPayload from '../lib/jwt_claims_set.js';\nimport { JWTClaimValidationFailed } from '../util/errors.js';\nexport async function jwtDecrypt(jwt, key, options) {\n const decrypted = await compactDecrypt(jwt, key, options);\n const payload = jwtPayload(decrypted.protectedHeader, decrypted.plaintext, options);\n const { protectedHeader } = decrypted;\n if (protectedHeader.iss !== undefined && protectedHeader.iss !== payload.iss) {\n throw new JWTClaimValidationFailed('replicated \"iss\" claim header parameter mismatch', 'iss', 'mismatch');\n }\n if (protectedHeader.sub !== undefined && protectedHeader.sub !== payload.sub) {\n throw new JWTClaimValidationFailed('replicated \"sub\" claim header parameter mismatch', 'sub', 'mismatch');\n }\n if (protectedHeader.aud !== undefined &&\n JSON.stringify(protectedHeader.aud) !== JSON.stringify(payload.aud)) {\n throw new JWTClaimValidationFailed('replicated \"aud\" claim header parameter mismatch', 'aud', 'mismatch');\n }\n const result = { payload, protectedHeader };\n if (typeof key === 'function') {\n return { ...result, key: decrypted.key };\n }\n return result;\n}\n", "import { FlattenedEncrypt } from '../flattened/encrypt.js';\nexport class CompactEncrypt {\n constructor(plaintext) {\n this._flattened = new FlattenedEncrypt(plaintext);\n }\n setContentEncryptionKey(cek) {\n this._flattened.setContentEncryptionKey(cek);\n return this;\n }\n setInitializationVector(iv) {\n this._flattened.setInitializationVector(iv);\n return this;\n }\n setProtectedHeader(protectedHeader) {\n this._flattened.setProtectedHeader(protectedHeader);\n return this;\n }\n setKeyManagementParameters(parameters) {\n this._flattened.setKeyManagementParameters(parameters);\n return this;\n }\n async encrypt(key, options) {\n const jwe = await this._flattened.encrypt(key, options);\n return [jwe.protected, jwe.encrypted_key, jwe.iv, jwe.ciphertext, jwe.tag].join('.');\n }\n}\n", "import { FlattenedSign } from '../flattened/sign.js';\nexport class CompactSign {\n constructor(payload) {\n this._flattened = new FlattenedSign(payload);\n }\n setProtectedHeader(protectedHeader) {\n this._flattened.setProtectedHeader(protectedHeader);\n return this;\n }\n async sign(key, options) {\n const jws = await this._flattened.sign(key, options);\n if (jws.payload === undefined) {\n throw new TypeError('use the flattened module for creating JWS with b64: false');\n }\n return `${jws.protected}.${jws.payload}.${jws.signature}`;\n }\n}\n", "import { encode as base64url } from '../../runtime/base64url.js';\nimport sign from '../../runtime/sign.js';\nimport isDisjoint from '../../lib/is_disjoint.js';\nimport { JWSInvalid } from '../../util/errors.js';\nimport { encoder, decoder, concat } from '../../lib/buffer_utils.js';\nimport checkKeyType from '../../lib/check_key_type.js';\nimport validateCrit from '../../lib/validate_crit.js';\nexport class FlattenedSign {\n constructor(payload) {\n if (!(payload instanceof Uint8Array)) {\n throw new TypeError('payload must be an instance of Uint8Array');\n }\n this._payload = payload;\n }\n setProtectedHeader(protectedHeader) {\n if (this._protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this._protectedHeader = protectedHeader;\n return this;\n }\n setUnprotectedHeader(unprotectedHeader) {\n if (this._unprotectedHeader) {\n throw new TypeError('setUnprotectedHeader can only be called once');\n }\n this._unprotectedHeader = unprotectedHeader;\n return this;\n }\n async sign(key, options) {\n if (!this._protectedHeader && !this._unprotectedHeader) {\n throw new JWSInvalid('either setProtectedHeader or setUnprotectedHeader must be called before #sign()');\n }\n if (!isDisjoint(this._protectedHeader, this._unprotectedHeader)) {\n throw new JWSInvalid('JWS Protected and JWS Unprotected Header Parameter names must be disjoint');\n }\n const joseHeader = {\n ...this._protectedHeader,\n ...this._unprotectedHeader,\n };\n const extensions = validateCrit(JWSInvalid, new Map([['b64', true]]), options === null || options === void 0 ? void 0 : options.crit, this._protectedHeader, joseHeader);\n let b64 = true;\n if (extensions.has('b64')) {\n b64 = this._protectedHeader.b64;\n if (typeof b64 !== 'boolean') {\n throw new JWSInvalid('The \"b64\" (base64url-encode payload) Header Parameter must be a boolean');\n }\n }\n const { alg } = joseHeader;\n if (typeof alg !== 'string' || !alg) {\n throw new JWSInvalid('JWS \"alg\" (Algorithm) Header Parameter missing or invalid');\n }\n checkKeyType(alg, key, 'sign');\n let payload = this._payload;\n if (b64) {\n payload = encoder.encode(base64url(payload));\n }\n let protectedHeader;\n if (this._protectedHeader) {\n protectedHeader = encoder.encode(base64url(JSON.stringify(this._protectedHeader)));\n }\n else {\n protectedHeader = encoder.encode('');\n }\n const data = concat(protectedHeader, encoder.encode('.'), payload);\n const signature = await sign(alg, key, data);\n const jws = {\n signature: base64url(signature),\n payload: '',\n };\n if (b64) {\n jws.payload = decoder.decode(payload);\n }\n if (this._unprotectedHeader) {\n jws.header = this._unprotectedHeader;\n }\n if (this._protectedHeader) {\n jws.protected = decoder.decode(protectedHeader);\n }\n return jws;\n }\n}\n", "import subtleAlgorithm from './subtle_dsa.js';\nimport crypto from './webcrypto.js';\nimport checkKeyLength from './check_key_length.js';\nimport getSignKey from './get_sign_verify_key.js';\nconst sign = async (alg, key, data) => {\n const cryptoKey = await getSignKey(alg, key, 'sign');\n checkKeyLength(alg, cryptoKey);\n const signature = await crypto.subtle.sign(subtleAlgorithm(alg, cryptoKey.algorithm), cryptoKey, data);\n return new Uint8Array(signature);\n};\nexport default sign;\n", "import { FlattenedSign } from '../flattened/sign.js';\nimport { JWSInvalid } from '../../util/errors.js';\nclass IndividualSignature {\n constructor(sig, key, options) {\n this.parent = sig;\n this.key = key;\n this.options = options;\n }\n setProtectedHeader(protectedHeader) {\n if (this.protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this.protectedHeader = protectedHeader;\n return this;\n }\n setUnprotectedHeader(unprotectedHeader) {\n if (this.unprotectedHeader) {\n throw new TypeError('setUnprotectedHeader can only be called once');\n }\n this.unprotectedHeader = unprotectedHeader;\n return this;\n }\n addSignature(...args) {\n return this.parent.addSignature(...args);\n }\n sign(...args) {\n return this.parent.sign(...args);\n }\n done() {\n return this.parent;\n }\n}\nexport class GeneralSign {\n constructor(payload) {\n this._signatures = [];\n this._payload = payload;\n }\n addSignature(key, options) {\n const signature = new IndividualSignature(this, key, options);\n this._signatures.push(signature);\n return signature;\n }\n async sign() {\n if (!this._signatures.length) {\n throw new JWSInvalid('at least one signature must be added');\n }\n const jws = {\n signatures: [],\n payload: '',\n };\n for (let i = 0; i < this._signatures.length; i++) {\n const signature = this._signatures[i];\n const flattened = new FlattenedSign(this._payload);\n flattened.setProtectedHeader(signature.protectedHeader);\n flattened.setUnprotectedHeader(signature.unprotectedHeader);\n const { payload, ...rest } = await flattened.sign(signature.key, signature.options);\n if (i === 0) {\n jws.payload = payload;\n }\n else if (jws.payload !== payload) {\n throw new JWSInvalid('inconsistent use of JWS Unencoded Payload Option (RFC7797)');\n }\n jws.signatures.push(rest);\n }\n return jws;\n }\n}\n", "import { CompactSign } from '../jws/compact/sign.js';\nimport { JWTInvalid } from '../util/errors.js';\nimport { encoder } from '../lib/buffer_utils.js';\nimport { ProduceJWT } from './produce.js';\nexport class SignJWT extends ProduceJWT {\n setProtectedHeader(protectedHeader) {\n this._protectedHeader = protectedHeader;\n return this;\n }\n async sign(key, options) {\n var _a;\n const sig = new CompactSign(encoder.encode(JSON.stringify(this._payload)));\n sig.setProtectedHeader(this._protectedHeader);\n if (Array.isArray((_a = this._protectedHeader) === null || _a === void 0 ? void 0 : _a.crit) &&\n this._protectedHeader.crit.includes('b64') &&\n this._protectedHeader.b64 === false) {\n throw new JWTInvalid('JWTs MUST NOT use unencoded payload');\n }\n return sig.sign(key, options);\n }\n}\n", "import epoch from '../lib/epoch.js';\nimport isObject from '../lib/is_object.js';\nimport secs from '../lib/secs.js';\nexport class ProduceJWT {\n constructor(payload) {\n if (!isObject(payload)) {\n throw new TypeError('JWT Claims Set MUST be an object');\n }\n this._payload = payload;\n }\n setIssuer(issuer) {\n this._payload = { ...this._payload, iss: issuer };\n return this;\n }\n setSubject(subject) {\n this._payload = { ...this._payload, sub: subject };\n return this;\n }\n setAudience(audience) {\n this._payload = { ...this._payload, aud: audience };\n return this;\n }\n setJti(jwtId) {\n this._payload = { ...this._payload, jti: jwtId };\n return this;\n }\n setNotBefore(input) {\n if (typeof input === 'number') {\n this._payload = { ...this._payload, nbf: input };\n }\n else {\n this._payload = { ...this._payload, nbf: epoch(new Date()) + secs(input) };\n }\n return this;\n }\n setExpirationTime(input) {\n if (typeof input === 'number') {\n this._payload = { ...this._payload, exp: input };\n }\n else {\n this._payload = { ...this._payload, exp: epoch(new Date()) + secs(input) };\n }\n return this;\n }\n setIssuedAt(input) {\n if (typeof input === 'undefined') {\n this._payload = { ...this._payload, iat: epoch(new Date()) };\n }\n else {\n this._payload = { ...this._payload, iat: input };\n }\n return this;\n }\n}\n", "import { CompactEncrypt } from '../jwe/compact/encrypt.js';\nimport { encoder } from '../lib/buffer_utils.js';\nimport { ProduceJWT } from './produce.js';\nexport class EncryptJWT extends ProduceJWT {\n setProtectedHeader(protectedHeader) {\n if (this._protectedHeader) {\n throw new TypeError('setProtectedHeader can only be called once');\n }\n this._protectedHeader = protectedHeader;\n return this;\n }\n setKeyManagementParameters(parameters) {\n if (this._keyManagementParameters) {\n throw new TypeError('setKeyManagementParameters can only be called once');\n }\n this._keyManagementParameters = parameters;\n return this;\n }\n setContentEncryptionKey(cek) {\n if (this._cek) {\n throw new TypeError('setContentEncryptionKey can only be called once');\n }\n this._cek = cek;\n return this;\n }\n setInitializationVector(iv) {\n if (this._iv) {\n throw new TypeError('setInitializationVector can only be called once');\n }\n this._iv = iv;\n return this;\n }\n replicateIssuerAsHeader() {\n this._replicateIssuerAsHeader = true;\n return this;\n }\n replicateSubjectAsHeader() {\n this._replicateSubjectAsHeader = true;\n return this;\n }\n replicateAudienceAsHeader() {\n this._replicateAudienceAsHeader = true;\n return this;\n }\n async encrypt(key, options) {\n const enc = new CompactEncrypt(encoder.encode(JSON.stringify(this._payload)));\n if (this._replicateIssuerAsHeader) {\n this._protectedHeader = { ...this._protectedHeader, iss: this._payload.iss };\n }\n if (this._replicateSubjectAsHeader) {\n this._protectedHeader = { ...this._protectedHeader, sub: this._payload.sub };\n }\n if (this._replicateAudienceAsHeader) {\n this._protectedHeader = { ...this._protectedHeader, aud: this._payload.aud };\n }\n enc.setProtectedHeader(this._protectedHeader);\n if (this._iv) {\n enc.setInitializationVector(this._iv);\n }\n if (this._cek) {\n enc.setContentEncryptionKey(this._cek);\n }\n if (this._keyManagementParameters) {\n enc.setKeyManagementParameters(this._keyManagementParameters);\n }\n return enc.encrypt(key, options);\n }\n}\n", "import digest from '../runtime/digest.js';\nimport { encode as base64url } from '../runtime/base64url.js';\nimport { JOSENotSupported, JWKInvalid } from '../util/errors.js';\nimport { encoder } from '../lib/buffer_utils.js';\nimport isObject from '../lib/is_object.js';\nconst check = (value, description) => {\n if (typeof value !== 'string' || !value) {\n throw new JWKInvalid(`${description} missing or invalid`);\n }\n};\nexport async function calculateJwkThumbprint(jwk, digestAlgorithm = 'sha256') {\n if (!isObject(jwk)) {\n throw new TypeError('JWK must be an object');\n }\n if (digestAlgorithm !== 'sha256' &&\n digestAlgorithm !== 'sha384' &&\n digestAlgorithm !== 'sha512') {\n throw new TypeError('digestAlgorithm must one of \"sha256\", \"sha384\", or \"sha512\"');\n }\n let components;\n switch (jwk.kty) {\n case 'EC':\n check(jwk.crv, '\"crv\" (Curve) Parameter');\n check(jwk.x, '\"x\" (X Coordinate) Parameter');\n check(jwk.y, '\"y\" (Y Coordinate) Parameter');\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x, y: jwk.y };\n break;\n case 'OKP':\n check(jwk.crv, '\"crv\" (Subtype of Key Pair) Parameter');\n check(jwk.x, '\"x\" (Public Key) Parameter');\n components = { crv: jwk.crv, kty: jwk.kty, x: jwk.x };\n break;\n case 'RSA':\n check(jwk.e, '\"e\" (Exponent) Parameter');\n check(jwk.n, '\"n\" (Modulus) Parameter');\n components = { e: jwk.e, kty: jwk.kty, n: jwk.n };\n break;\n case 'oct':\n check(jwk.k, '\"k\" (Key Value) Parameter');\n components = { k: jwk.k, kty: jwk.kty };\n break;\n default:\n throw new JOSENotSupported('\"kty\" (Key Type) Parameter missing or unsupported');\n }\n const data = encoder.encode(JSON.stringify(components));\n return base64url(await digest(digestAlgorithm, data));\n}\n", "import { importJWK } from '../key/import.js';\nimport isObject from '../lib/is_object.js';\nimport { JWSInvalid } from '../util/errors.js';\nexport async function EmbeddedJWK(protectedHeader, token) {\n const joseHeader = {\n ...protectedHeader,\n ...token.header,\n };\n if (!isObject(joseHeader.jwk)) {\n throw new JWSInvalid('\"jwk\" (JSON Web Key) Header Parameter must be a JSON object');\n }\n const key = await importJWK({ ...joseHeader.jwk, ext: true }, joseHeader.alg, true);\n if (key instanceof Uint8Array || key.type !== 'public') {\n throw new JWSInvalid('\"jwk\" (JSON Web Key) Header Parameter must be a public key');\n }\n return key;\n}\n", "import { importJWK } from '../key/import.js';\nimport { JWKSInvalid, JOSENotSupported, JWKSNoMatchingKey, JWKSMultipleMatchingKeys, } from '../util/errors.js';\nimport isObject from '../lib/is_object.js';\nfunction getKtyFromAlg(alg) {\n switch (typeof alg === 'string' && alg.slice(0, 2)) {\n case 'RS':\n case 'PS':\n return 'RSA';\n case 'ES':\n return 'EC';\n case 'Ed':\n return 'OKP';\n default:\n throw new JOSENotSupported('Unsupported \"alg\" value for a JSON Web Key Set');\n }\n}\nexport function isJWKSLike(jwks) {\n return (jwks &&\n typeof jwks === 'object' &&\n Array.isArray(jwks.keys) &&\n jwks.keys.every(isJWKLike));\n}\nfunction isJWKLike(key) {\n return isObject(key);\n}\nfunction clone(obj) {\n if (typeof structuredClone === 'function') {\n return structuredClone(obj);\n }\n return JSON.parse(JSON.stringify(obj));\n}\nexport class LocalJWKSet {\n constructor(jwks) {\n this._cached = new WeakMap();\n if (!isJWKSLike(jwks)) {\n throw new JWKSInvalid('JSON Web Key Set malformed');\n }\n this._jwks = clone(jwks);\n }\n async getKey(protectedHeader, token) {\n const { alg, kid } = { ...protectedHeader, ...token.header };\n const candidates = this._jwks.keys.filter((jwk) => {\n let candidate = jwk.kty === getKtyFromAlg(alg);\n if (candidate && typeof kid === 'string') {\n candidate = kid === jwk.kid;\n }\n if (candidate && typeof jwk.alg === 'string') {\n candidate = alg === jwk.alg;\n }\n if (candidate && typeof jwk.use === 'string') {\n candidate = jwk.use === 'sig';\n }\n if (candidate && Array.isArray(jwk.key_ops)) {\n candidate = jwk.key_ops.includes('verify');\n }\n if (candidate && alg === 'EdDSA') {\n candidate = jwk.crv === 'Ed25519' || jwk.crv === 'Ed448';\n }\n if (candidate) {\n switch (alg) {\n case 'ES256':\n candidate = jwk.crv === 'P-256';\n break;\n case 'ES256K':\n candidate = jwk.crv === 'secp256k1';\n break;\n case 'ES384':\n candidate = jwk.crv === 'P-384';\n break;\n case 'ES512':\n candidate = jwk.crv === 'P-521';\n break;\n }\n }\n return candidate;\n });\n const { 0: jwk, length } = candidates;\n if (length === 0) {\n throw new JWKSNoMatchingKey();\n }\n else if (length !== 1) {\n throw new JWKSMultipleMatchingKeys();\n }\n const cached = this._cached.get(jwk) || this._cached.set(jwk, {}).get(jwk);\n if (cached[alg] === undefined) {\n const keyObject = await importJWK({ ...jwk, ext: true }, alg);\n if (keyObject instanceof Uint8Array || keyObject.type !== 'public') {\n throw new JWKSInvalid('JSON Web Key Set members must be public keys');\n }\n cached[alg] = keyObject;\n }\n return cached[alg];\n }\n}\nexport function createLocalJWKSet(jwks) {\n return LocalJWKSet.prototype.getKey.bind(new LocalJWKSet(jwks));\n}\n", "import fetchJwks from '../runtime/fetch_jwks.js';\nimport { isCloudflareWorkers } from '../runtime/env.js';\nimport { JWKSInvalid, JWKSNoMatchingKey } from '../util/errors.js';\nimport { isJWKSLike, LocalJWKSet } from './local.js';\nclass RemoteJWKSet extends LocalJWKSet {\n constructor(url, options) {\n super({ keys: [] });\n this._jwks = undefined;\n if (!(url instanceof URL)) {\n throw new TypeError('url must be an instance of URL');\n }\n this._url = new URL(url.href);\n this._options = { agent: options === null || options === void 0 ? void 0 : options.agent };\n this._timeoutDuration =\n typeof (options === null || options === void 0 ? void 0 : options.timeoutDuration) === 'number' ? options === null || options === void 0 ? void 0 : options.timeoutDuration : 5000;\n this._cooldownDuration =\n typeof (options === null || options === void 0 ? void 0 : options.cooldownDuration) === 'number' ? options === null || options === void 0 ? void 0 : options.cooldownDuration : 30000;\n }\n coolingDown() {\n if (!this._cooldownStarted) {\n return false;\n }\n return Date.now() < this._cooldownStarted + this._cooldownDuration;\n }\n async getKey(protectedHeader, token) {\n if (!this._jwks) {\n await this.reload();\n }\n try {\n return await super.getKey(protectedHeader, token);\n }\n catch (err) {\n if (err instanceof JWKSNoMatchingKey) {\n if (this.coolingDown() === false) {\n await this.reload();\n return super.getKey(protectedHeader, token);\n }\n }\n throw err;\n }\n }\n async reload() {\n if (this._pendingFetch && isCloudflareWorkers()) {\n return new Promise((resolve) => {\n const isDone = () => {\n if (this._pendingFetch === undefined) {\n resolve();\n }\n else {\n setTimeout(isDone, 5);\n }\n };\n isDone();\n });\n }\n if (!this._pendingFetch) {\n this._pendingFetch = fetchJwks(this._url, this._timeoutDuration, this._options)\n .then((json) => {\n if (!isJWKSLike(json)) {\n throw new JWKSInvalid('JSON Web Key Set malformed');\n }\n this._jwks = { keys: json.keys };\n this._cooldownStarted = Date.now();\n this._pendingFetch = undefined;\n })\n .catch((err) => {\n this._pendingFetch = undefined;\n throw err;\n });\n }\n await this._pendingFetch;\n }\n}\nexport function createRemoteJWKSet(url, options) {\n return RemoteJWKSet.prototype.getKey.bind(new RemoteJWKSet(url, options));\n}\n", "import { JOSEError, JWKSTimeout } from '../util/errors.js';\nconst fetchJwks = async (url, timeout) => {\n let controller;\n let id;\n let timedOut = false;\n if (typeof AbortController === 'function') {\n controller = new AbortController();\n id = setTimeout(() => {\n timedOut = true;\n controller.abort();\n }, timeout);\n }\n const response = await fetch(url.href, {\n signal: controller ? controller.signal : undefined,\n redirect: 'manual',\n }).catch((err) => {\n if (timedOut)\n throw new JWKSTimeout();\n throw err;\n });\n if (id !== undefined)\n clearTimeout(id);\n if (response.status !== 200) {\n throw new JOSEError('Expected 200 OK from the JSON Web Key Set HTTP response');\n }\n try {\n return await response.json();\n }\n catch (_a) {\n throw new JOSEError('Failed to parse the JSON Web Key Set HTTP response as JSON');\n }\n};\nexport default fetchJwks;\n", "import * as base64url from '../runtime/base64url.js';\nimport { decoder } from '../lib/buffer_utils.js';\nimport { JWTInvalid } from '../util/errors.js';\nimport jwtPayload from '../lib/jwt_claims_set.js';\nimport { ProduceJWT } from './produce.js';\nexport class UnsecuredJWT extends ProduceJWT {\n encode() {\n const header = base64url.encode(JSON.stringify({ alg: 'none' }));\n const payload = base64url.encode(JSON.stringify(this._payload));\n return `${header}.${payload}.`;\n }\n static decode(jwt, options) {\n if (typeof jwt !== 'string') {\n throw new JWTInvalid('Unsecured JWT must be a string');\n }\n const { 0: encodedHeader, 1: encodedPayload, 2: signature, length } = jwt.split('.');\n if (length !== 3 || signature !== '') {\n throw new JWTInvalid('Invalid Unsecured JWT');\n }\n let header;\n try {\n header = JSON.parse(decoder.decode(base64url.decode(encodedHeader)));\n if (header.alg !== 'none')\n throw new Error();\n }\n catch (_a) {\n throw new JWTInvalid('Invalid Unsecured JWT');\n }\n const payload = jwtPayload(header, base64url.decode(encodedPayload), options);\n return { payload, header };\n }\n}\n", "import { decode as base64url } from './base64url.js';\nimport { decoder } from '../lib/buffer_utils.js';\nimport isObject from '../lib/is_object.js';\nexport function decodeProtectedHeader(token) {\n let protectedB64u;\n if (typeof token === 'string') {\n const parts = token.split('.');\n if (parts.length === 3 || parts.length === 5) {\n ;\n [protectedB64u] = parts;\n }\n }\n else if (typeof token === 'object' && token) {\n if ('protected' in token) {\n protectedB64u = token.protected;\n }\n else {\n throw new TypeError('Token does not contain a Protected Header');\n }\n }\n try {\n if (typeof protectedB64u !== 'string' || !protectedB64u) {\n throw new Error();\n }\n const result = JSON.parse(decoder.decode(base64url(protectedB64u)));\n if (!isObject(result)) {\n throw new Error();\n }\n return result;\n }\n catch (_a) {\n throw new TypeError('Invalid Token or Protected Header formatting');\n }\n}\n", "import * as base64url from '../runtime/base64url.js';\nexport const encode = base64url.encode;\nexport const decode = base64url.decode;\n", "import { decode as base64url } from './base64url.js';\nimport { decoder } from '../lib/buffer_utils.js';\nimport isObject from '../lib/is_object.js';\nimport { JWTInvalid } from './errors.js';\nexport function decodeJwt(jwt) {\n if (typeof jwt !== 'string')\n throw new JWTInvalid('JWTs must use Compact JWS serialization, JWT must be a string');\n const { 1: payload, length } = jwt.split('.');\n if (length === 5)\n throw new JWTInvalid('Only JWTs using Compact JWS serialization can be decoded');\n if (length !== 3)\n throw new JWTInvalid('Invalid JWT');\n if (!payload)\n throw new JWTInvalid('JWTs must contain a payload');\n let decoded;\n try {\n decoded = base64url(payload);\n }\n catch (_a) {\n throw new JWTInvalid('Failed to parse the base64url encoded payload');\n }\n let result;\n try {\n result = JSON.parse(decoder.decode(decoded));\n }\n catch (_b) {\n throw new JWTInvalid('Failed to parse the decoded payload as JSON');\n }\n if (!isObject(result))\n throw new JWTInvalid('Invalid JWT Claims Set');\n return result;\n}\n", "import { generateKeyPair as generate } from '../runtime/generate.js';\nexport async function generateKeyPair(alg, options) {\n return generate(alg, options);\n}\n", "import { isCloudflareWorkers, isNodeJs } from './env.js';\nimport crypto from './webcrypto.js';\nimport { JOSENotSupported } from '../util/errors.js';\nimport random from './random.js';\nexport async function generateSecret(alg, options) {\n var _a;\n let length;\n let algorithm;\n let keyUsages;\n switch (alg) {\n case 'HS256':\n case 'HS384':\n case 'HS512':\n length = parseInt(alg.slice(-3), 10);\n algorithm = { name: 'HMAC', hash: `SHA-${length}`, length };\n keyUsages = ['sign', 'verify'];\n break;\n case 'A128CBC-HS256':\n case 'A192CBC-HS384':\n case 'A256CBC-HS512':\n length = parseInt(alg.slice(-3), 10);\n return random(new Uint8Array(length >> 3));\n case 'A128KW':\n case 'A192KW':\n case 'A256KW':\n length = parseInt(alg.slice(1, 4), 10);\n algorithm = { name: 'AES-KW', length };\n keyUsages = ['wrapKey', 'unwrapKey'];\n break;\n case 'A128GCMKW':\n case 'A192GCMKW':\n case 'A256GCMKW':\n case 'A128GCM':\n case 'A192GCM':\n case 'A256GCM':\n length = parseInt(alg.slice(1, 4), 10);\n algorithm = { name: 'AES-GCM', length };\n keyUsages = ['encrypt', 'decrypt'];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n return crypto.subtle.generateKey(algorithm, (_a = options === null || options === void 0 ? void 0 : options.extractable) !== null && _a !== void 0 ? _a : false, keyUsages);\n}\nfunction getModulusLengthOption(options) {\n var _a;\n const modulusLength = (_a = options === null || options === void 0 ? void 0 : options.modulusLength) !== null && _a !== void 0 ? _a : 2048;\n if (typeof modulusLength !== 'number' || modulusLength < 2048) {\n throw new JOSENotSupported('Invalid or unsupported modulusLength option provided, 2048 bits or larger keys must be used');\n }\n return modulusLength;\n}\nexport async function generateKeyPair(alg, options) {\n var _a, _b;\n let algorithm;\n let keyUsages;\n switch (alg) {\n case 'PS256':\n case 'PS384':\n case 'PS512':\n algorithm = {\n name: 'RSA-PSS',\n hash: `SHA-${alg.slice(-3)}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['sign', 'verify'];\n break;\n case 'RS256':\n case 'RS384':\n case 'RS512':\n algorithm = {\n name: 'RSASSA-PKCS1-v1_5',\n hash: `SHA-${alg.slice(-3)}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['sign', 'verify'];\n break;\n case 'RSA-OAEP':\n case 'RSA-OAEP-256':\n case 'RSA-OAEP-384':\n case 'RSA-OAEP-512':\n algorithm = {\n name: 'RSA-OAEP',\n hash: `SHA-${parseInt(alg.slice(-3), 10) || 1}`,\n publicExponent: new Uint8Array([0x01, 0x00, 0x01]),\n modulusLength: getModulusLengthOption(options),\n };\n keyUsages = ['decrypt', 'unwrapKey', 'encrypt', 'wrapKey'];\n break;\n case 'ES256':\n algorithm = { name: 'ECDSA', namedCurve: 'P-256' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'ES384':\n algorithm = { name: 'ECDSA', namedCurve: 'P-384' };\n keyUsages = ['sign', 'verify'];\n break;\n case 'ES512':\n algorithm = { name: 'ECDSA', namedCurve: 'P-521' };\n keyUsages = ['sign', 'verify'];\n break;\n case (isCloudflareWorkers() || isNodeJs()) && 'EdDSA':\n switch (options === null || options === void 0 ? void 0 : options.crv) {\n case undefined:\n case 'Ed25519':\n algorithm = { name: 'NODE-ED25519', namedCurve: 'NODE-ED25519' };\n keyUsages = ['sign', 'verify'];\n break;\n case isNodeJs() && 'Ed448':\n algorithm = { name: 'NODE-ED448', namedCurve: 'NODE-ED448' };\n keyUsages = ['sign', 'verify'];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported crv option provided, supported values are Ed25519 and Ed448');\n }\n break;\n case 'ECDH-ES':\n case 'ECDH-ES+A128KW':\n case 'ECDH-ES+A192KW':\n case 'ECDH-ES+A256KW':\n algorithm = { name: 'ECDH', namedCurve: (_a = options === null || options === void 0 ? void 0 : options.crv) !== null && _a !== void 0 ? _a : 'P-256' };\n keyUsages = ['deriveKey', 'deriveBits'];\n break;\n default:\n throw new JOSENotSupported('Invalid or unsupported JWK \"alg\" (Algorithm) Parameter value');\n }\n return (crypto.subtle.generateKey(algorithm, (_b = options === null || options === void 0 ? void 0 : options.extractable) !== null && _b !== void 0 ? _b : false, keyUsages));\n}\n", "import { generateSecret as generate } from '../runtime/generate.js';\nexport async function generateSecret(alg, options) {\n return generate(alg, options);\n}\n"], - "mappings": "6jBAAA,+BAEA,GAAQ,WAAa,GACrB,GAAQ,YAAc,GACtB,GAAQ,cAAgB,GAExB,GAAI,GAAS,CAAC,EACV,EAAY,CAAC,EACb,GAAM,MAAO,YAAe,IAAc,WAAa,MAEvD,GAAO,mEACX,IAAS,EAAI,EAAG,GAAM,GAAK,OAAQ,EAAI,GAAK,EAAE,EAC5C,EAAO,GAAK,GAAK,GACjB,EAAU,GAAK,WAAW,CAAC,GAAK,EAFzB,MAAO,GAOhB,EAAU,IAAI,WAAW,CAAC,GAAK,GAC/B,EAAU,IAAI,WAAW,CAAC,GAAK,GAE/B,YAAkB,EAAK,CACrB,GAAI,GAAM,EAAI,OAEd,GAAI,EAAM,EAAI,EACZ,KAAM,IAAI,OAAM,gDAAgD,EAKlE,GAAI,GAAW,EAAI,QAAQ,GAAG,EAC9B,AAAI,IAAa,IAAI,GAAW,GAEhC,GAAI,GAAkB,IAAa,EAC/B,EACA,EAAK,EAAW,EAEpB,MAAO,CAAC,EAAU,CAAe,CACnC,CAGA,YAAqB,EAAK,CACxB,GAAI,GAAO,GAAQ,CAAG,EAClB,EAAW,EAAK,GAChB,EAAkB,EAAK,GAC3B,MAAS,GAAW,GAAmB,EAAI,EAAK,CAClD,CAEA,YAAsB,EAAK,EAAU,EAAiB,CACpD,MAAS,GAAW,GAAmB,EAAI,EAAK,CAClD,CAEA,YAAsB,EAAK,CACzB,GAAI,GACA,EAAO,GAAQ,CAAG,EAClB,EAAW,EAAK,GAChB,EAAkB,EAAK,GAEvB,EAAM,GAAI,IAAI,GAAY,EAAK,EAAU,CAAe,CAAC,EAEzD,EAAU,EAGV,EAAM,EAAkB,EACxB,EAAW,EACX,EAEA,EACJ,IAAK,EAAI,EAAG,EAAI,EAAK,GAAK,EACxB,EACG,EAAU,EAAI,WAAW,CAAC,IAAM,GAChC,EAAU,EAAI,WAAW,EAAI,CAAC,IAAM,GACpC,EAAU,EAAI,WAAW,EAAI,CAAC,IAAM,EACrC,EAAU,EAAI,WAAW,EAAI,CAAC,GAChC,EAAI,KAAc,GAAO,GAAM,IAC/B,EAAI,KAAc,GAAO,EAAK,IAC9B,EAAI,KAAa,EAAM,IAGzB,MAAI,KAAoB,GACtB,GACG,EAAU,EAAI,WAAW,CAAC,IAAM,EAChC,EAAU,EAAI,WAAW,EAAI,CAAC,IAAM,EACvC,EAAI,KAAa,EAAM,KAGrB,IAAoB,GACtB,GACG,EAAU,EAAI,WAAW,CAAC,IAAM,GAChC,EAAU,EAAI,WAAW,EAAI,CAAC,IAAM,EACpC,EAAU,EAAI,WAAW,EAAI,CAAC,IAAM,EACvC,EAAI,KAAc,GAAO,EAAK,IAC9B,EAAI,KAAa,EAAM,KAGlB,CACT,CAEA,YAA0B,EAAK,CAC7B,MAAO,GAAO,GAAO,GAAK,IACxB,EAAO,GAAO,GAAK,IACnB,EAAO,GAAO,EAAI,IAClB,EAAO,EAAM,GACjB,CAEA,YAAsB,EAAO,EAAO,EAAK,CAGvC,OAFI,GACA,EAAS,CAAC,EACL,EAAI,EAAO,EAAI,EAAK,GAAK,EAChC,EACI,GAAM,IAAM,GAAM,UAClB,GAAM,EAAI,IAAM,EAAK,OACtB,GAAM,EAAI,GAAK,KAClB,EAAO,KAAK,GAAgB,CAAG,CAAC,EAElC,MAAO,GAAO,KAAK,EAAE,CACvB,CAEA,YAAwB,EAAO,CAQ7B,OAPI,GACA,EAAM,EAAM,OACZ,EAAa,EAAM,EACnB,EAAQ,CAAC,EACT,EAAiB,MAGZ,EAAI,EAAG,EAAO,EAAM,EAAY,EAAI,EAAM,GAAK,EACtD,EAAM,KAAK,GAAY,EAAO,EAAI,EAAI,EAAkB,EAAO,EAAQ,EAAI,CAAe,CAAC,EAI7F,MAAI,KAAe,EACjB,GAAM,EAAM,EAAM,GAClB,EAAM,KACJ,EAAO,GAAO,GACd,EAAQ,GAAO,EAAK,IACpB,IACF,GACS,IAAe,GACxB,GAAO,GAAM,EAAM,IAAM,GAAK,EAAM,EAAM,GAC1C,EAAM,KACJ,EAAO,GAAO,IACd,EAAQ,GAAO,EAAK,IACpB,EAAQ,GAAO,EAAK,IACpB,GACF,GAGK,EAAM,KAAK,EAAE,CACtB,ICrJA,kBACA,GAAQ,KAAO,SAAU,EAAQ,EAAQ,EAAM,EAAM,EAAQ,CAC3D,GAAI,GAAG,EACH,EAAQ,EAAS,EAAK,EAAO,EAC7B,EAAQ,IAAK,GAAQ,EACrB,EAAQ,GAAQ,EAChB,EAAQ,GACR,EAAI,EAAQ,EAAS,EAAK,EAC1B,EAAI,EAAO,GAAK,EAChB,EAAI,EAAO,EAAS,GAOxB,IALA,GAAK,EAEL,EAAI,EAAM,IAAM,CAAC,GAAU,EAC3B,IAAO,CAAC,EACR,GAAS,EACF,EAAQ,EAAG,EAAK,EAAI,IAAO,EAAO,EAAS,GAAI,GAAK,EAAG,GAAS,EAAG,CAK1E,IAHA,EAAI,EAAM,IAAM,CAAC,GAAU,EAC3B,IAAO,CAAC,EACR,GAAS,EACF,EAAQ,EAAG,EAAK,EAAI,IAAO,EAAO,EAAS,GAAI,GAAK,EAAG,GAAS,EAAG,CAE1E,GAAI,IAAM,EACR,EAAI,EAAI,MACH,IAAI,IAAM,EACf,MAAO,GAAI,IAAQ,GAAI,GAAK,GAAK,MAEjC,EAAI,EAAI,KAAK,IAAI,EAAG,CAAI,EACxB,EAAI,EAAI,EAEV,MAAQ,GAAI,GAAK,GAAK,EAAI,KAAK,IAAI,EAAG,EAAI,CAAI,CAChD,EAEA,GAAQ,MAAQ,SAAU,EAAQ,EAAO,EAAQ,EAAM,EAAM,EAAQ,CACnE,GAAI,GAAG,EAAG,EACN,EAAQ,EAAS,EAAK,EAAO,EAC7B,EAAQ,IAAK,GAAQ,EACrB,EAAQ,GAAQ,EAChB,EAAM,IAAS,GAAK,KAAK,IAAI,EAAG,GAAG,EAAI,KAAK,IAAI,EAAG,GAAG,EAAI,EAC1D,EAAI,EAAO,EAAK,EAAS,EACzB,EAAI,EAAO,EAAI,GACf,GAAI,EAAQ,GAAM,IAAU,GAAK,EAAI,EAAQ,EAAK,EAAI,EAmC1D,IAjCA,EAAQ,KAAK,IAAI,CAAK,EAEtB,AAAI,MAAM,CAAK,GAAK,IAAU,IAC5B,GAAI,MAAM,CAAK,EAAI,EAAI,EACvB,EAAI,GAEJ,GAAI,KAAK,MAAM,KAAK,IAAI,CAAK,EAAI,KAAK,GAAG,EACrC,EAAS,GAAI,KAAK,IAAI,EAAG,CAAC,CAAC,GAAK,GAClC,KACA,GAAK,GAEP,AAAI,EAAI,GAAS,EACf,GAAS,EAAK,EAEd,GAAS,EAAK,KAAK,IAAI,EAAG,EAAI,CAAK,EAEjC,EAAQ,GAAK,GACf,KACA,GAAK,GAGP,AAAI,EAAI,GAAS,EACf,GAAI,EACJ,EAAI,GACC,AAAI,EAAI,GAAS,EACtB,GAAM,GAAQ,EAAK,GAAK,KAAK,IAAI,EAAG,CAAI,EACxC,EAAI,EAAI,GAER,GAAI,EAAQ,KAAK,IAAI,EAAG,EAAQ,CAAC,EAAI,KAAK,IAAI,EAAG,CAAI,EACrD,EAAI,IAID,GAAQ,EAAG,EAAO,EAAS,GAAK,EAAI,IAAM,GAAK,EAAG,GAAK,IAAK,GAAQ,EAAG,CAI9E,IAFA,EAAK,GAAK,EAAQ,EAClB,GAAQ,EACD,EAAO,EAAG,EAAO,EAAS,GAAK,EAAI,IAAM,GAAK,EAAG,GAAK,IAAK,GAAQ,EAAG,CAE7E,EAAO,EAAS,EAAI,IAAM,GAAI,GAChC,ICpFA,8BAUA,GAAM,IAAS,KACT,EAAU,KACV,GACH,MAAO,SAAW,YAAc,MAAO,QAAO,KAAW,WACtD,OAAO,IAAO,4BAA4B,EAC1C,KAEN,EAAQ,OAAS,EACjB,EAAQ,WAAa,GACrB,EAAQ,kBAAoB,GAE5B,GAAM,IAAe,WACrB,EAAQ,WAAa,GAgBrB,EAAO,oBAAsB,GAAkB,EAE/C,AAAI,CAAC,EAAO,qBAAuB,MAAO,SAAY,KAClD,MAAO,SAAQ,OAAU,YAC3B,QAAQ,MACN,+IAEF,EAGF,aAA8B,CAE5B,GAAI,CACF,GAAM,GAAM,GAAI,YAAW,CAAC,EACtB,EAAQ,CAAE,IAAK,UAAY,CAAE,MAAO,GAAG,CAAE,EAC/C,cAAO,eAAe,EAAO,WAAW,SAAS,EACjD,OAAO,eAAe,EAAK,CAAK,EACzB,EAAI,IAAI,IAAM,EACvB,MAAE,CACA,MAAO,EACT,CACF,CAEA,OAAO,eAAe,EAAO,UAAW,SAAU,CAChD,WAAY,GACZ,IAAK,UAAY,CACf,GAAI,EAAC,EAAO,SAAS,IAAI,EACzB,MAAO,MAAK,MACd,CACF,CAAC,EAED,OAAO,eAAe,EAAO,UAAW,SAAU,CAChD,WAAY,GACZ,IAAK,UAAY,CACf,GAAI,EAAC,EAAO,SAAS,IAAI,EACzB,MAAO,MAAK,UACd,CACF,CAAC,EAED,WAAuB,EAAQ,CAC7B,GAAI,EAAS,GACX,KAAM,IAAI,YAAW,cAAgB,EAAS,gCAAgC,EAGhF,GAAM,GAAM,GAAI,YAAW,CAAM,EACjC,cAAO,eAAe,EAAK,EAAO,SAAS,EACpC,CACT,CAYA,WAAiB,EAAK,EAAkB,EAAQ,CAE9C,GAAI,MAAO,IAAQ,SAAU,CAC3B,GAAI,MAAO,IAAqB,SAC9B,KAAM,IAAI,WACR,oEACF,EAEF,MAAO,IAAY,CAAG,CACxB,CACA,MAAO,IAAK,EAAK,EAAkB,CAAM,CAC3C,CAEA,EAAO,SAAW,KAElB,YAAe,EAAO,EAAkB,EAAQ,CAC9C,GAAI,MAAO,IAAU,SACnB,MAAO,IAAW,EAAO,CAAgB,EAG3C,GAAI,YAAY,OAAO,CAAK,EAC1B,MAAO,IAAc,CAAK,EAG5B,GAAI,GAAS,KACX,KAAM,IAAI,WACR,kHAC0C,MAAO,EACnD,EAQF,GALI,EAAW,EAAO,WAAW,GAC5B,GAAS,EAAW,EAAM,OAAQ,WAAW,GAI9C,MAAO,mBAAsB,KAC5B,GAAW,EAAO,iBAAiB,GACnC,GAAS,EAAW,EAAM,OAAQ,iBAAiB,GACtD,MAAO,IAAgB,EAAO,EAAkB,CAAM,EAGxD,GAAI,MAAO,IAAU,SACnB,KAAM,IAAI,WACR,uEACF,EAGF,GAAM,GAAU,EAAM,SAAW,EAAM,QAAQ,EAC/C,GAAI,GAAW,MAAQ,IAAY,EACjC,MAAO,GAAO,KAAK,EAAS,EAAkB,CAAM,EAGtD,GAAM,GAAI,GAAW,CAAK,EAC1B,GAAI,EAAG,MAAO,GAEd,GAAI,MAAO,QAAW,KAAe,OAAO,aAAe,MACvD,MAAO,GAAM,OAAO,cAAiB,WACvC,MAAO,GAAO,KAAK,EAAM,OAAO,aAAa,QAAQ,EAAG,EAAkB,CAAM,EAGlF,KAAM,IAAI,WACR,kHAC0C,MAAO,EACnD,CACF,CAUA,EAAO,KAAO,SAAU,EAAO,EAAkB,EAAQ,CACvD,MAAO,IAAK,EAAO,EAAkB,CAAM,CAC7C,EAIA,OAAO,eAAe,EAAO,UAAW,WAAW,SAAS,EAC5D,OAAO,eAAe,EAAQ,UAAU,EAExC,YAAqB,EAAM,CACzB,GAAI,MAAO,IAAS,SAClB,KAAM,IAAI,WAAU,wCAAwC,EACvD,GAAI,EAAO,EAChB,KAAM,IAAI,YAAW,cAAgB,EAAO,gCAAgC,CAEhF,CAEA,YAAgB,EAAM,EAAM,EAAU,CAEpC,MADA,IAAW,CAAI,EACX,GAAQ,EACH,EAAa,CAAI,EAEtB,IAAS,OAIJ,MAAO,IAAa,SACvB,EAAa,CAAI,EAAE,KAAK,EAAM,CAAQ,EACtC,EAAa,CAAI,EAAE,KAAK,CAAI,EAE3B,EAAa,CAAI,CAC1B,CAMA,EAAO,MAAQ,SAAU,EAAM,EAAM,EAAU,CAC7C,MAAO,IAAM,EAAM,EAAM,CAAQ,CACnC,EAEA,YAAsB,EAAM,CAC1B,UAAW,CAAI,EACR,EAAa,EAAO,EAAI,EAAI,GAAQ,CAAI,EAAI,CAAC,CACtD,CAKA,EAAO,YAAc,SAAU,EAAM,CACnC,MAAO,IAAY,CAAI,CACzB,EAIA,EAAO,gBAAkB,SAAU,EAAM,CACvC,MAAO,IAAY,CAAI,CACzB,EAEA,YAAqB,EAAQ,EAAU,CAKrC,GAJI,OAAO,IAAa,UAAY,IAAa,KAC/C,GAAW,QAGT,CAAC,EAAO,WAAW,CAAQ,EAC7B,KAAM,IAAI,WAAU,qBAAuB,CAAQ,EAGrD,GAAM,GAAS,GAAW,EAAQ,CAAQ,EAAI,EAC1C,EAAM,EAAa,CAAM,EAEvB,EAAS,EAAI,MAAM,EAAQ,CAAQ,EAEzC,MAAI,KAAW,GAIb,GAAM,EAAI,MAAM,EAAG,CAAM,GAGpB,CACT,CAEA,YAAwB,EAAO,CAC7B,GAAM,GAAS,EAAM,OAAS,EAAI,EAAI,GAAQ,EAAM,MAAM,EAAI,EACxD,EAAM,EAAa,CAAM,EAC/B,OAAS,GAAI,EAAG,EAAI,EAAQ,GAAK,EAC/B,EAAI,GAAK,EAAM,GAAK,IAEtB,MAAO,EACT,CAEA,YAAwB,EAAW,CACjC,GAAI,EAAW,EAAW,UAAU,EAAG,CACrC,GAAM,GAAO,GAAI,YAAW,CAAS,EACrC,MAAO,IAAgB,EAAK,OAAQ,EAAK,WAAY,EAAK,UAAU,CACtE,CACA,MAAO,IAAc,CAAS,CAChC,CAEA,YAA0B,EAAO,EAAY,EAAQ,CACnD,GAAI,EAAa,GAAK,EAAM,WAAa,EACvC,KAAM,IAAI,YAAW,sCAAsC,EAG7D,GAAI,EAAM,WAAa,EAAc,IAAU,GAC7C,KAAM,IAAI,YAAW,sCAAsC,EAG7D,GAAI,GACJ,MAAI,KAAe,QAAa,IAAW,OACzC,EAAM,GAAI,YAAW,CAAK,EACrB,AAAI,IAAW,OACpB,EAAM,GAAI,YAAW,EAAO,CAAU,EAEtC,EAAM,GAAI,YAAW,EAAO,EAAY,CAAM,EAIhD,OAAO,eAAe,EAAK,EAAO,SAAS,EAEpC,CACT,CAEA,YAAqB,EAAK,CACxB,GAAI,EAAO,SAAS,CAAG,EAAG,CACxB,GAAM,GAAM,GAAQ,EAAI,MAAM,EAAI,EAC5B,EAAM,EAAa,CAAG,EAE5B,MAAI,GAAI,SAAW,GAInB,EAAI,KAAK,EAAK,EAAG,EAAG,CAAG,EAChB,CACT,CAEA,GAAI,EAAI,SAAW,OACjB,MAAI,OAAO,GAAI,QAAW,UAAY,GAAY,EAAI,MAAM,EACnD,EAAa,CAAC,EAEhB,GAAc,CAAG,EAG1B,GAAI,EAAI,OAAS,UAAY,MAAM,QAAQ,EAAI,IAAI,EACjD,MAAO,IAAc,EAAI,IAAI,CAEjC,CAEA,YAAkB,EAAQ,CAGxB,GAAI,GAAU,GACZ,KAAM,IAAI,YAAW,0DACa,GAAa,SAAS,EAAE,EAAI,QAAQ,EAExE,MAAO,GAAS,CAClB,CAEA,YAAqB,EAAQ,CAC3B,MAAI,CAAC,GAAU,GACb,GAAS,GAEJ,EAAO,MAAM,CAAC,CAAM,CAC7B,CAEA,EAAO,SAAW,SAAmB,EAAG,CACtC,MAAO,IAAK,MAAQ,EAAE,YAAc,IAClC,IAAM,EAAO,SACjB,EAEA,EAAO,QAAU,SAAkB,EAAG,EAAG,CAGvC,GAFI,EAAW,EAAG,UAAU,GAAG,GAAI,EAAO,KAAK,EAAG,EAAE,OAAQ,EAAE,UAAU,GACpE,EAAW,EAAG,UAAU,GAAG,GAAI,EAAO,KAAK,EAAG,EAAE,OAAQ,EAAE,UAAU,GACpE,CAAC,EAAO,SAAS,CAAC,GAAK,CAAC,EAAO,SAAS,CAAC,EAC3C,KAAM,IAAI,WACR,uEACF,EAGF,GAAI,IAAM,EAAG,MAAO,GAEpB,GAAI,GAAI,EAAE,OACN,EAAI,EAAE,OAEV,OAAS,GAAI,EAAG,EAAM,KAAK,IAAI,EAAG,CAAC,EAAG,EAAI,EAAK,EAAE,EAC/C,GAAI,EAAE,KAAO,EAAE,GAAI,CACjB,EAAI,EAAE,GACN,EAAI,EAAE,GACN,KACF,CAGF,MAAI,GAAI,EAAU,GACd,EAAI,EAAU,EACX,CACT,EAEA,EAAO,WAAa,SAAqB,EAAU,CACjD,OAAQ,OAAO,CAAQ,EAAE,YAAY,OAC9B,UACA,WACA,YACA,YACA,aACA,aACA,aACA,WACA,YACA,cACA,WACH,MAAO,WAEP,MAAO,GAEb,EAEA,EAAO,OAAS,SAAiB,EAAM,EAAQ,CAC7C,GAAI,CAAC,MAAM,QAAQ,CAAI,EACrB,KAAM,IAAI,WAAU,6CAA6C,EAGnE,GAAI,EAAK,SAAW,EAClB,MAAO,GAAO,MAAM,CAAC,EAGvB,GAAI,GACJ,GAAI,IAAW,OAEb,IADA,EAAS,EACJ,EAAI,EAAG,EAAI,EAAK,OAAQ,EAAE,EAC7B,GAAU,EAAK,GAAG,OAItB,GAAM,GAAS,EAAO,YAAY,CAAM,EACpC,EAAM,EACV,IAAK,EAAI,EAAG,EAAI,EAAK,OAAQ,EAAE,EAAG,CAChC,GAAI,GAAM,EAAK,GACf,GAAI,EAAW,EAAK,UAAU,EAC5B,AAAI,EAAM,EAAI,OAAS,EAAO,OACvB,GAAO,SAAS,CAAG,GAAG,GAAM,EAAO,KAAK,CAAG,GAChD,EAAI,KAAK,EAAQ,CAAG,GAEpB,WAAW,UAAU,IAAI,KACvB,EACA,EACA,CACF,UAEQ,EAAO,SAAS,CAAG,EAG7B,EAAI,KAAK,EAAQ,CAAG,MAFpB,MAAM,IAAI,WAAU,6CAA6C,EAInE,GAAO,EAAI,MACb,CACA,MAAO,EACT,EAEA,YAAqB,EAAQ,EAAU,CACrC,GAAI,EAAO,SAAS,CAAM,EACxB,MAAO,GAAO,OAEhB,GAAI,YAAY,OAAO,CAAM,GAAK,EAAW,EAAQ,WAAW,EAC9D,MAAO,GAAO,WAEhB,GAAI,MAAO,IAAW,SACpB,KAAM,IAAI,WACR,2FACmB,MAAO,EAC5B,EAGF,GAAM,GAAM,EAAO,OACb,EAAa,UAAU,OAAS,GAAK,UAAU,KAAO,GAC5D,GAAI,CAAC,GAAa,IAAQ,EAAG,MAAO,GAGpC,GAAI,GAAc,GAClB,OACE,OAAQ,OACD,YACA,aACA,SACH,MAAO,OACJ,WACA,QACH,MAAO,IAAY,CAAM,EAAE,WACxB,WACA,YACA,cACA,WACH,MAAO,GAAM,MACV,MACH,MAAO,KAAQ,MACZ,SACH,MAAO,IAAc,CAAM,EAAE,eAE7B,GAAI,EACF,MAAO,GAAY,GAAK,GAAY,CAAM,EAAE,OAE9C,EAAY,IAAK,GAAU,YAAY,EACvC,EAAc,GAGtB,CACA,EAAO,WAAa,GAEpB,YAAuB,EAAU,EAAO,EAAK,CAC3C,GAAI,GAAc,GA8BlB,GArBI,KAAU,QAAa,EAAQ,IACjC,GAAQ,GAIN,EAAQ,KAAK,QAIb,MAAQ,QAAa,EAAM,KAAK,SAClC,GAAM,KAAK,QAGT,GAAO,IAKX,MAAS,EACT,KAAW,EAEP,GAAO,GACT,MAAO,GAKT,IAFK,GAAU,GAAW,UAGxB,OAAQ,OACD,MACH,MAAO,IAAS,KAAM,EAAO,CAAG,MAE7B,WACA,QACH,MAAO,IAAU,KAAM,EAAO,CAAG,MAE9B,QACH,MAAO,IAAW,KAAM,EAAO,CAAG,MAE/B,aACA,SACH,MAAO,IAAY,KAAM,EAAO,CAAG,MAEhC,SACH,MAAO,IAAY,KAAM,EAAO,CAAG,MAEhC,WACA,YACA,cACA,WACH,MAAO,IAAa,KAAM,EAAO,CAAG,UAGpC,GAAI,EAAa,KAAM,IAAI,WAAU,qBAAuB,CAAQ,EACpE,EAAY,GAAW,IAAI,YAAY,EACvC,EAAc,GAGtB,CAQA,EAAO,UAAU,UAAY,GAE7B,WAAe,EAAG,EAAG,EAAG,CACtB,GAAM,GAAI,EAAE,GACZ,EAAE,GAAK,EAAE,GACT,EAAE,GAAK,CACT,CAEA,EAAO,UAAU,OAAS,UAAmB,CAC3C,GAAM,GAAM,KAAK,OACjB,GAAI,EAAM,IAAM,EACd,KAAM,IAAI,YAAW,2CAA2C,EAElE,OAAS,GAAI,EAAG,EAAI,EAAK,GAAK,EAC5B,EAAK,KAAM,EAAG,EAAI,CAAC,EAErB,MAAO,KACT,EAEA,EAAO,UAAU,OAAS,UAAmB,CAC3C,GAAM,GAAM,KAAK,OACjB,GAAI,EAAM,IAAM,EACd,KAAM,IAAI,YAAW,2CAA2C,EAElE,OAAS,GAAI,EAAG,EAAI,EAAK,GAAK,EAC5B,EAAK,KAAM,EAAG,EAAI,CAAC,EACnB,EAAK,KAAM,EAAI,EAAG,EAAI,CAAC,EAEzB,MAAO,KACT,EAEA,EAAO,UAAU,OAAS,UAAmB,CAC3C,GAAM,GAAM,KAAK,OACjB,GAAI,EAAM,IAAM,EACd,KAAM,IAAI,YAAW,2CAA2C,EAElE,OAAS,GAAI,EAAG,EAAI,EAAK,GAAK,EAC5B,EAAK,KAAM,EAAG,EAAI,CAAC,EACnB,EAAK,KAAM,EAAI,EAAG,EAAI,CAAC,EACvB,EAAK,KAAM,EAAI,EAAG,EAAI,CAAC,EACvB,EAAK,KAAM,EAAI,EAAG,EAAI,CAAC,EAEzB,MAAO,KACT,EAEA,EAAO,UAAU,SAAW,UAAqB,CAC/C,GAAM,GAAS,KAAK,OACpB,MAAI,KAAW,EAAU,GACrB,UAAU,SAAW,EAAU,GAAU,KAAM,EAAG,CAAM,EACrD,GAAa,MAAM,KAAM,SAAS,CAC3C,EAEA,EAAO,UAAU,eAAiB,EAAO,UAAU,SAEnD,EAAO,UAAU,OAAS,SAAiB,EAAG,CAC5C,GAAI,CAAC,EAAO,SAAS,CAAC,EAAG,KAAM,IAAI,WAAU,2BAA2B,EACxE,MAAI,QAAS,EAAU,GAChB,EAAO,QAAQ,KAAM,CAAC,IAAM,CACrC,EAEA,EAAO,UAAU,QAAU,UAAoB,CAC7C,GAAI,GAAM,GACJ,EAAM,EAAQ,kBACpB,SAAM,KAAK,SAAS,MAAO,EAAG,CAAG,EAAE,QAAQ,UAAW,KAAK,EAAE,KAAK,EAC9D,KAAK,OAAS,GAAK,IAAO,SACvB,WAAa,EAAM,GAC5B,EACA,AAAI,IACF,GAAO,UAAU,IAAuB,EAAO,UAAU,SAG3D,EAAO,UAAU,QAAU,SAAkB,EAAQ,EAAO,EAAK,EAAW,EAAS,CAInF,GAHI,EAAW,EAAQ,UAAU,GAC/B,GAAS,EAAO,KAAK,EAAQ,EAAO,OAAQ,EAAO,UAAU,GAE3D,CAAC,EAAO,SAAS,CAAM,EACzB,KAAM,IAAI,WACR,iFACoB,MAAO,EAC7B,EAgBF,GAbI,IAAU,QACZ,GAAQ,GAEN,IAAQ,QACV,GAAM,EAAS,EAAO,OAAS,GAE7B,IAAc,QAChB,GAAY,GAEV,IAAY,QACd,GAAU,KAAK,QAGb,EAAQ,GAAK,EAAM,EAAO,QAAU,EAAY,GAAK,EAAU,KAAK,OACtE,KAAM,IAAI,YAAW,oBAAoB,EAG3C,GAAI,GAAa,GAAW,GAAS,EACnC,MAAO,GAET,GAAI,GAAa,EACf,MAAO,GAET,GAAI,GAAS,EACX,MAAO,GAQT,GALA,KAAW,EACX,KAAS,EACT,KAAe,EACf,KAAa,EAET,OAAS,EAAQ,MAAO,GAE5B,GAAI,GAAI,EAAU,EACd,EAAI,EAAM,EACR,EAAM,KAAK,IAAI,EAAG,CAAC,EAEnB,EAAW,KAAK,MAAM,EAAW,CAAO,EACxC,EAAa,EAAO,MAAM,EAAO,CAAG,EAE1C,OAAS,GAAI,EAAG,EAAI,EAAK,EAAE,EACzB,GAAI,EAAS,KAAO,EAAW,GAAI,CACjC,EAAI,EAAS,GACb,EAAI,EAAW,GACf,KACF,CAGF,MAAI,GAAI,EAAU,GACd,EAAI,EAAU,EACX,CACT,EAWA,YAA+B,EAAQ,EAAK,EAAY,EAAU,EAAK,CAErE,GAAI,EAAO,SAAW,EAAG,MAAO,GAmBhC,GAhBA,AAAI,MAAO,IAAe,SACxB,GAAW,EACX,EAAa,GACR,AAAI,EAAa,WACtB,EAAa,WACJ,EAAa,aACtB,GAAa,aAEf,EAAa,CAAC,EACV,GAAY,CAAU,GAExB,GAAa,EAAM,EAAK,EAAO,OAAS,GAItC,EAAa,GAAG,GAAa,EAAO,OAAS,GAC7C,GAAc,EAAO,OAAQ,CAC/B,GAAI,EAAK,MAAO,GACX,EAAa,EAAO,OAAS,CACpC,SAAW,EAAa,EACtB,GAAI,EAAK,EAAa,MACjB,OAAO,GASd,GALI,MAAO,IAAQ,UACjB,GAAM,EAAO,KAAK,EAAK,CAAQ,GAI7B,EAAO,SAAS,CAAG,EAErB,MAAI,GAAI,SAAW,EACV,GAEF,GAAa,EAAQ,EAAK,EAAY,EAAU,CAAG,EACrD,GAAI,MAAO,IAAQ,SAExB,MADA,GAAM,EAAM,IACR,MAAO,YAAW,UAAU,SAAY,WACtC,EACK,WAAW,UAAU,QAAQ,KAAK,EAAQ,EAAK,CAAU,EAEzD,WAAW,UAAU,YAAY,KAAK,EAAQ,EAAK,CAAU,EAGjE,GAAa,EAAQ,CAAC,CAAG,EAAG,EAAY,EAAU,CAAG,EAG9D,KAAM,IAAI,WAAU,sCAAsC,CAC5D,CAEA,YAAuB,EAAK,EAAK,EAAY,EAAU,EAAK,CAC1D,GAAI,GAAY,EACZ,EAAY,EAAI,OAChB,EAAY,EAAI,OAEpB,GAAI,IAAa,QACf,GAAW,OAAO,CAAQ,EAAE,YAAY,EACpC,IAAa,QAAU,IAAa,SACpC,IAAa,WAAa,IAAa,YAAY,CACrD,GAAI,EAAI,OAAS,GAAK,EAAI,OAAS,EACjC,MAAO,GAET,EAAY,EACZ,GAAa,EACb,GAAa,EACb,GAAc,CAChB,CAGF,WAAe,EAAK,EAAG,CACrB,MAAI,KAAc,EACT,EAAI,GAEJ,EAAI,aAAa,EAAI,CAAS,CAEzC,CAEA,GAAI,GACJ,GAAI,EAAK,CACP,GAAI,GAAa,GACjB,IAAK,EAAI,EAAY,EAAI,EAAW,IAClC,GAAI,EAAK,EAAK,CAAC,IAAM,EAAK,EAAK,IAAe,GAAK,EAAI,EAAI,CAAU,GAEnE,GADI,IAAe,IAAI,GAAa,GAChC,EAAI,EAAa,IAAM,EAAW,MAAO,GAAa,MAE1D,AAAI,KAAe,IAAI,IAAK,EAAI,GAChC,EAAa,EAGnB,KAEE,KADI,EAAa,EAAY,GAAW,GAAa,EAAY,GAC5D,EAAI,EAAY,GAAK,EAAG,IAAK,CAChC,GAAI,GAAQ,GACZ,OAAS,GAAI,EAAG,EAAI,EAAW,IAC7B,GAAI,EAAK,EAAK,EAAI,CAAC,IAAM,EAAK,EAAK,CAAC,EAAG,CACrC,EAAQ,GACR,KACF,CAEF,GAAI,EAAO,MAAO,EACpB,CAGF,MAAO,EACT,CAEA,EAAO,UAAU,SAAW,SAAmB,EAAK,EAAY,EAAU,CACxE,MAAO,MAAK,QAAQ,EAAK,EAAY,CAAQ,IAAM,EACrD,EAEA,EAAO,UAAU,QAAU,SAAkB,EAAK,EAAY,EAAU,CACtE,MAAO,IAAqB,KAAM,EAAK,EAAY,EAAU,EAAI,CACnE,EAEA,EAAO,UAAU,YAAc,SAAsB,EAAK,EAAY,EAAU,CAC9E,MAAO,IAAqB,KAAM,EAAK,EAAY,EAAU,EAAK,CACpE,EAEA,YAAmB,EAAK,EAAQ,EAAQ,EAAQ,CAC9C,EAAS,OAAO,CAAM,GAAK,EAC3B,GAAM,GAAY,EAAI,OAAS,EAC/B,AAAK,EAGH,GAAS,OAAO,CAAM,EAClB,EAAS,GACX,GAAS,IAJX,EAAS,EAQX,GAAM,GAAS,EAAO,OAEtB,AAAI,EAAS,EAAS,GACpB,GAAS,EAAS,GAEpB,GAAI,GACJ,IAAK,EAAI,EAAG,EAAI,EAAQ,EAAE,EAAG,CAC3B,GAAM,GAAS,SAAS,EAAO,OAAO,EAAI,EAAG,CAAC,EAAG,EAAE,EACnD,GAAI,GAAY,CAAM,EAAG,MAAO,GAChC,EAAI,EAAS,GAAK,CACpB,CACA,MAAO,EACT,CAEA,YAAoB,EAAK,EAAQ,EAAQ,EAAQ,CAC/C,MAAO,IAAW,GAAY,EAAQ,EAAI,OAAS,CAAM,EAAG,EAAK,EAAQ,CAAM,CACjF,CAEA,YAAqB,EAAK,EAAQ,EAAQ,EAAQ,CAChD,MAAO,IAAW,GAAa,CAAM,EAAG,EAAK,EAAQ,CAAM,CAC7D,CAEA,YAAsB,EAAK,EAAQ,EAAQ,EAAQ,CACjD,MAAO,IAAW,GAAc,CAAM,EAAG,EAAK,EAAQ,CAAM,CAC9D,CAEA,YAAoB,EAAK,EAAQ,EAAQ,EAAQ,CAC/C,MAAO,IAAW,GAAe,EAAQ,EAAI,OAAS,CAAM,EAAG,EAAK,EAAQ,CAAM,CACpF,CAEA,EAAO,UAAU,MAAQ,SAAgB,EAAQ,EAAQ,EAAQ,EAAU,CAEzE,GAAI,IAAW,OACb,EAAW,OACX,EAAS,KAAK,OACd,EAAS,UAEA,IAAW,QAAa,MAAO,IAAW,SACnD,EAAW,EACX,EAAS,KAAK,OACd,EAAS,UAEA,SAAS,CAAM,EACxB,EAAS,IAAW,EACpB,AAAI,SAAS,CAAM,EACjB,GAAS,IAAW,EAChB,IAAa,QAAW,GAAW,SAEvC,GAAW,EACX,EAAS,YAGX,MAAM,IAAI,OACR,yEACF,EAGF,GAAM,GAAY,KAAK,OAAS,EAGhC,GAFI,KAAW,QAAa,EAAS,IAAW,GAAS,GAEpD,EAAO,OAAS,GAAM,GAAS,GAAK,EAAS,IAAO,EAAS,KAAK,OACrE,KAAM,IAAI,YAAW,wCAAwC,EAG/D,AAAK,GAAU,GAAW,QAE1B,GAAI,GAAc,GAClB,OACE,OAAQ,OACD,MACH,MAAO,IAAS,KAAM,EAAQ,EAAQ,CAAM,MAEzC,WACA,QACH,MAAO,IAAU,KAAM,EAAQ,EAAQ,CAAM,MAE1C,YACA,aACA,SACH,MAAO,IAAW,KAAM,EAAQ,EAAQ,CAAM,MAE3C,SAEH,MAAO,IAAY,KAAM,EAAQ,EAAQ,CAAM,MAE5C,WACA,YACA,cACA,WACH,MAAO,IAAU,KAAM,EAAQ,EAAQ,CAAM,UAG7C,GAAI,EAAa,KAAM,IAAI,WAAU,qBAAuB,CAAQ,EACpE,EAAY,IAAK,GAAU,YAAY,EACvC,EAAc,GAGtB,EAEA,EAAO,UAAU,OAAS,UAAmB,CAC3C,MAAO,CACL,KAAM,SACN,KAAM,MAAM,UAAU,MAAM,KAAK,KAAK,MAAQ,KAAM,CAAC,CACvD,CACF,EAEA,YAAsB,EAAK,EAAO,EAAK,CACrC,MAAI,KAAU,GAAK,IAAQ,EAAI,OACtB,GAAO,cAAc,CAAG,EAExB,GAAO,cAAc,EAAI,MAAM,EAAO,CAAG,CAAC,CAErD,CAEA,YAAoB,EAAK,EAAO,EAAK,CACnC,EAAM,KAAK,IAAI,EAAI,OAAQ,CAAG,EAC9B,GAAM,GAAM,CAAC,EAET,EAAI,EACR,KAAO,EAAI,GAAK,CACd,GAAM,GAAY,EAAI,GAClB,EAAY,KACZ,EAAoB,EAAY,IAChC,EACC,EAAY,IACT,EACC,EAAY,IACT,EACA,EAEZ,GAAI,EAAI,GAAoB,EAAK,CAC/B,GAAI,GAAY,EAAW,EAAY,EAEvC,OAAQ,OACD,GACH,AAAI,EAAY,KACd,GAAY,GAEd,UACG,GACH,EAAa,EAAI,EAAI,GAChB,GAAa,OAAU,KAC1B,GAAiB,GAAY,KAAS,EAAO,EAAa,GACtD,EAAgB,KAClB,GAAY,IAGhB,UACG,GACH,EAAa,EAAI,EAAI,GACrB,EAAY,EAAI,EAAI,GACf,GAAa,OAAU,KAAS,GAAY,OAAU,KACzD,GAAiB,GAAY,KAAQ,GAAO,GAAa,KAAS,EAAO,EAAY,GACjF,EAAgB,MAAU,GAAgB,OAAU,EAAgB,QACtE,GAAY,IAGhB,UACG,GACH,EAAa,EAAI,EAAI,GACrB,EAAY,EAAI,EAAI,GACpB,EAAa,EAAI,EAAI,GAChB,GAAa,OAAU,KAAS,GAAY,OAAU,KAAS,GAAa,OAAU,KACzF,GAAiB,GAAY,KAAQ,GAAQ,GAAa,KAAS,GAAO,GAAY,KAAS,EAAO,EAAa,GAC/G,EAAgB,OAAU,EAAgB,SAC5C,GAAY,IAItB,CAEA,AAAI,IAAc,KAGhB,GAAY,MACZ,EAAmB,GACV,EAAY,OAErB,IAAa,MACb,EAAI,KAAK,IAAc,GAAK,KAAQ,KAAM,EAC1C,EAAY,MAAS,EAAY,MAGnC,EAAI,KAAK,CAAS,EAClB,GAAK,CACP,CAEA,MAAO,IAAsB,CAAG,CAClC,CAKA,GAAM,IAAuB,KAE7B,YAAgC,EAAY,CAC1C,GAAM,GAAM,EAAW,OACvB,GAAI,GAAO,GACT,MAAO,QAAO,aAAa,MAAM,OAAQ,CAAU,EAIrD,GAAI,GAAM,GACN,EAAI,EACR,KAAO,EAAI,GACT,GAAO,OAAO,aAAa,MACzB,OACA,EAAW,MAAM,EAAG,GAAK,EAAoB,CAC/C,EAEF,MAAO,EACT,CAEA,YAAqB,EAAK,EAAO,EAAK,CACpC,GAAI,GAAM,GACV,EAAM,KAAK,IAAI,EAAI,OAAQ,CAAG,EAE9B,OAAS,GAAI,EAAO,EAAI,EAAK,EAAE,EAC7B,GAAO,OAAO,aAAa,EAAI,GAAK,GAAI,EAE1C,MAAO,EACT,CAEA,YAAsB,EAAK,EAAO,EAAK,CACrC,GAAI,GAAM,GACV,EAAM,KAAK,IAAI,EAAI,OAAQ,CAAG,EAE9B,OAAS,GAAI,EAAO,EAAI,EAAK,EAAE,EAC7B,GAAO,OAAO,aAAa,EAAI,EAAE,EAEnC,MAAO,EACT,CAEA,YAAmB,EAAK,EAAO,EAAK,CAClC,GAAM,GAAM,EAAI,OAEhB,AAAI,EAAC,GAAS,EAAQ,IAAG,GAAQ,GAC7B,EAAC,GAAO,EAAM,GAAK,EAAM,IAAK,GAAM,GAExC,GAAI,GAAM,GACV,OAAS,GAAI,EAAO,EAAI,EAAK,EAAE,EAC7B,GAAO,GAAoB,EAAI,IAEjC,MAAO,EACT,CAEA,YAAuB,EAAK,EAAO,EAAK,CACtC,GAAM,GAAQ,EAAI,MAAM,EAAO,CAAG,EAC9B,EAAM,GAEV,OAAS,GAAI,EAAG,EAAI,EAAM,OAAS,EAAG,GAAK,EACzC,GAAO,OAAO,aAAa,EAAM,GAAM,EAAM,EAAI,GAAK,GAAI,EAE5D,MAAO,EACT,CAEA,EAAO,UAAU,MAAQ,SAAgB,EAAO,EAAK,CACnD,GAAM,GAAM,KAAK,OACjB,EAAQ,CAAC,CAAC,EACV,EAAM,IAAQ,OAAY,EAAM,CAAC,CAAC,EAElC,AAAI,EAAQ,EACV,IAAS,EACL,EAAQ,GAAG,GAAQ,IACd,EAAQ,GACjB,GAAQ,GAGV,AAAI,EAAM,EACR,IAAO,EACH,EAAM,GAAG,GAAM,IACV,EAAM,GACf,GAAM,GAGJ,EAAM,GAAO,GAAM,GAEvB,GAAM,GAAS,KAAK,SAAS,EAAO,CAAG,EAEvC,cAAO,eAAe,EAAQ,EAAO,SAAS,EAEvC,CACT,EAKA,WAAsB,EAAQ,EAAK,EAAQ,CACzC,GAAK,EAAS,IAAO,GAAK,EAAS,EAAG,KAAM,IAAI,YAAW,oBAAoB,EAC/E,GAAI,EAAS,EAAM,EAAQ,KAAM,IAAI,YAAW,uCAAuC,CACzF,CAEA,EAAO,UAAU,WACjB,EAAO,UAAU,WAAa,SAAqB,EAAQ,EAAY,EAAU,CAC/E,EAAS,IAAW,EACpB,EAAa,IAAe,EACvB,GAAU,EAAY,EAAQ,EAAY,KAAK,MAAM,EAE1D,GAAI,GAAM,KAAK,GACX,EAAM,EACN,EAAI,EACR,KAAO,EAAE,EAAI,GAAe,IAAO,MACjC,GAAO,KAAK,EAAS,GAAK,EAG5B,MAAO,EACT,EAEA,EAAO,UAAU,WACjB,EAAO,UAAU,WAAa,SAAqB,EAAQ,EAAY,EAAU,CAC/E,EAAS,IAAW,EACpB,EAAa,IAAe,EACvB,GACH,EAAY,EAAQ,EAAY,KAAK,MAAM,EAG7C,GAAI,GAAM,KAAK,EAAS,EAAE,GACtB,EAAM,EACV,KAAO,EAAa,GAAM,IAAO,MAC/B,GAAO,KAAK,EAAS,EAAE,GAAc,EAGvC,MAAO,EACT,EAEA,EAAO,UAAU,UACjB,EAAO,UAAU,UAAY,SAAoB,EAAQ,EAAU,CACjE,SAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EAC1C,KAAK,EACd,EAEA,EAAO,UAAU,aACjB,EAAO,UAAU,aAAe,SAAuB,EAAQ,EAAU,CACvE,SAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EAC1C,KAAK,GAAW,KAAK,EAAS,IAAM,CAC7C,EAEA,EAAO,UAAU,aACjB,EAAO,UAAU,aAAe,SAAuB,EAAQ,EAAU,CACvE,SAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EACzC,KAAK,IAAW,EAAK,KAAK,EAAS,EAC7C,EAEA,EAAO,UAAU,aACjB,EAAO,UAAU,aAAe,SAAuB,EAAQ,EAAU,CACvE,SAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EAExC,MAAK,GACT,KAAK,EAAS,IAAM,EACpB,KAAK,EAAS,IAAM,IACpB,KAAK,EAAS,GAAK,QAC1B,EAEA,EAAO,UAAU,aACjB,EAAO,UAAU,aAAe,SAAuB,EAAQ,EAAU,CACvE,SAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EAEzC,KAAK,GAAU,SACnB,MAAK,EAAS,IAAM,GACrB,KAAK,EAAS,IAAM,EACrB,KAAK,EAAS,GAClB,EAEA,EAAO,UAAU,gBAAkB,EAAmB,SAA0B,EAAQ,CACtF,EAAS,IAAW,EACpB,EAAe,EAAQ,QAAQ,EAC/B,GAAM,GAAQ,KAAK,GACb,EAAO,KAAK,EAAS,GAC3B,AAAI,KAAU,QAAa,IAAS,SAClC,GAAY,EAAQ,KAAK,OAAS,CAAC,EAGrC,GAAM,GAAK,EACT,KAAK,EAAE,GAAU,GAAK,EACtB,KAAK,EAAE,GAAU,GAAK,GACtB,KAAK,EAAE,GAAU,GAAK,GAElB,EAAK,KAAK,EAAE,GAChB,KAAK,EAAE,GAAU,GAAK,EACtB,KAAK,EAAE,GAAU,GAAK,GACtB,EAAO,GAAK,GAEd,MAAO,QAAO,CAAE,EAAK,QAAO,CAAE,GAAK,OAAO,EAAE,EAC9C,CAAC,EAED,EAAO,UAAU,gBAAkB,EAAmB,SAA0B,EAAQ,CACtF,EAAS,IAAW,EACpB,EAAe,EAAQ,QAAQ,EAC/B,GAAM,GAAQ,KAAK,GACb,EAAO,KAAK,EAAS,GAC3B,AAAI,KAAU,QAAa,IAAS,SAClC,GAAY,EAAQ,KAAK,OAAS,CAAC,EAGrC,GAAM,GAAK,EAAQ,GAAK,GACtB,KAAK,EAAE,GAAU,GAAK,GACtB,KAAK,EAAE,GAAU,GAAK,EACtB,KAAK,EAAE,GAEH,EAAK,KAAK,EAAE,GAAU,GAAK,GAC/B,KAAK,EAAE,GAAU,GAAK,GACtB,KAAK,EAAE,GAAU,GAAK,EACtB,EAEF,MAAQ,QAAO,CAAE,GAAK,OAAO,EAAE,GAAK,OAAO,CAAE,CAC/C,CAAC,EAED,EAAO,UAAU,UAAY,SAAoB,EAAQ,EAAY,EAAU,CAC7E,EAAS,IAAW,EACpB,EAAa,IAAe,EACvB,GAAU,EAAY,EAAQ,EAAY,KAAK,MAAM,EAE1D,GAAI,GAAM,KAAK,GACX,EAAM,EACN,EAAI,EACR,KAAO,EAAE,EAAI,GAAe,IAAO,MACjC,GAAO,KAAK,EAAS,GAAK,EAE5B,UAAO,IAEH,GAAO,GAAK,IAAO,KAAK,IAAI,EAAG,EAAI,CAAU,GAE1C,CACT,EAEA,EAAO,UAAU,UAAY,SAAoB,EAAQ,EAAY,EAAU,CAC7E,EAAS,IAAW,EACpB,EAAa,IAAe,EACvB,GAAU,EAAY,EAAQ,EAAY,KAAK,MAAM,EAE1D,GAAI,GAAI,EACJ,EAAM,EACN,EAAM,KAAK,EAAS,EAAE,GAC1B,KAAO,EAAI,GAAM,IAAO,MACtB,GAAO,KAAK,EAAS,EAAE,GAAK,EAE9B,UAAO,IAEH,GAAO,GAAK,IAAO,KAAK,IAAI,EAAG,EAAI,CAAU,GAE1C,CACT,EAEA,EAAO,UAAU,SAAW,SAAmB,EAAQ,EAAU,CAG/D,MAFA,GAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EAC7C,AAAE,KAAK,GAAU,IACZ,KAAO,KAAK,GAAU,GAAK,GADA,KAAK,EAE3C,EAEA,EAAO,UAAU,YAAc,SAAsB,EAAQ,EAAU,CACrE,EAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EACjD,GAAM,GAAM,KAAK,GAAW,KAAK,EAAS,IAAM,EAChD,MAAQ,GAAM,MAAU,EAAM,WAAa,CAC7C,EAEA,EAAO,UAAU,YAAc,SAAsB,EAAQ,EAAU,CACrE,EAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EACjD,GAAM,GAAM,KAAK,EAAS,GAAM,KAAK,IAAW,EAChD,MAAQ,GAAM,MAAU,EAAM,WAAa,CAC7C,EAEA,EAAO,UAAU,YAAc,SAAsB,EAAQ,EAAU,CACrE,SAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EAEzC,KAAK,GACV,KAAK,EAAS,IAAM,EACpB,KAAK,EAAS,IAAM,GACpB,KAAK,EAAS,IAAM,EACzB,EAEA,EAAO,UAAU,YAAc,SAAsB,EAAQ,EAAU,CACrE,SAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EAEzC,KAAK,IAAW,GACrB,KAAK,EAAS,IAAM,GACpB,KAAK,EAAS,IAAM,EACpB,KAAK,EAAS,EACnB,EAEA,EAAO,UAAU,eAAiB,EAAmB,SAAyB,EAAQ,CACpF,EAAS,IAAW,EACpB,EAAe,EAAQ,QAAQ,EAC/B,GAAM,GAAQ,KAAK,GACb,EAAO,KAAK,EAAS,GAC3B,AAAI,KAAU,QAAa,IAAS,SAClC,GAAY,EAAQ,KAAK,OAAS,CAAC,EAGrC,GAAM,GAAM,KAAK,EAAS,GACxB,KAAK,EAAS,GAAK,GAAK,EACxB,KAAK,EAAS,GAAK,GAAK,GACvB,IAAQ,IAEX,MAAQ,QAAO,CAAG,GAAK,OAAO,EAAE,GAC9B,OAAO,EACP,KAAK,EAAE,GAAU,GAAK,EACtB,KAAK,EAAE,GAAU,GAAK,GACtB,KAAK,EAAE,GAAU,GAAK,EAAE,CAC5B,CAAC,EAED,EAAO,UAAU,eAAiB,EAAmB,SAAyB,EAAQ,CACpF,EAAS,IAAW,EACpB,EAAe,EAAQ,QAAQ,EAC/B,GAAM,GAAQ,KAAK,GACb,EAAO,KAAK,EAAS,GAC3B,AAAI,KAAU,QAAa,IAAS,SAClC,GAAY,EAAQ,KAAK,OAAS,CAAC,EAGrC,GAAM,GAAO,IAAS,IACpB,KAAK,EAAE,GAAU,GAAK,GACtB,KAAK,EAAE,GAAU,GAAK,EACtB,KAAK,EAAE,GAET,MAAQ,QAAO,CAAG,GAAK,OAAO,EAAE,GAC9B,OAAO,KAAK,EAAE,GAAU,GAAK,GAC7B,KAAK,EAAE,GAAU,GAAK,GACtB,KAAK,EAAE,GAAU,GAAK,EACtB,CAAI,CACR,CAAC,EAED,EAAO,UAAU,YAAc,SAAsB,EAAQ,EAAU,CACrE,SAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EAC1C,EAAQ,KAAK,KAAM,EAAQ,GAAM,GAAI,CAAC,CAC/C,EAEA,EAAO,UAAU,YAAc,SAAsB,EAAQ,EAAU,CACrE,SAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EAC1C,EAAQ,KAAK,KAAM,EAAQ,GAAO,GAAI,CAAC,CAChD,EAEA,EAAO,UAAU,aAAe,SAAuB,EAAQ,EAAU,CACvE,SAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EAC1C,EAAQ,KAAK,KAAM,EAAQ,GAAM,GAAI,CAAC,CAC/C,EAEA,EAAO,UAAU,aAAe,SAAuB,EAAQ,EAAU,CACvE,SAAS,IAAW,EACf,GAAU,EAAY,EAAQ,EAAG,KAAK,MAAM,EAC1C,EAAQ,KAAK,KAAM,EAAQ,GAAO,GAAI,CAAC,CAChD,EAEA,WAAmB,EAAK,EAAO,EAAQ,EAAK,EAAK,EAAK,CACpD,GAAI,CAAC,EAAO,SAAS,CAAG,EAAG,KAAM,IAAI,WAAU,6CAA6C,EAC5F,GAAI,EAAQ,GAAO,EAAQ,EAAK,KAAM,IAAI,YAAW,mCAAmC,EACxF,GAAI,EAAS,EAAM,EAAI,OAAQ,KAAM,IAAI,YAAW,oBAAoB,CAC1E,CAEA,EAAO,UAAU,YACjB,EAAO,UAAU,YAAc,SAAsB,EAAO,EAAQ,EAAY,EAAU,CAIxF,GAHA,EAAQ,CAAC,EACT,EAAS,IAAW,EACpB,EAAa,IAAe,EACxB,CAAC,EAAU,CACb,GAAM,GAAW,KAAK,IAAI,EAAG,EAAI,CAAU,EAAI,EAC/C,EAAS,KAAM,EAAO,EAAQ,EAAY,EAAU,CAAC,CACvD,CAEA,GAAI,GAAM,EACN,EAAI,EAER,IADA,KAAK,GAAU,EAAQ,IAChB,EAAE,EAAI,GAAe,IAAO,MACjC,KAAK,EAAS,GAAM,EAAQ,EAAO,IAGrC,MAAO,GAAS,CAClB,EAEA,EAAO,UAAU,YACjB,EAAO,UAAU,YAAc,SAAsB,EAAO,EAAQ,EAAY,EAAU,CAIxF,GAHA,EAAQ,CAAC,EACT,EAAS,IAAW,EACpB,EAAa,IAAe,EACxB,CAAC,EAAU,CACb,GAAM,GAAW,KAAK,IAAI,EAAG,EAAI,CAAU,EAAI,EAC/C,EAAS,KAAM,EAAO,EAAQ,EAAY,EAAU,CAAC,CACvD,CAEA,GAAI,GAAI,EAAa,EACjB,EAAM,EAEV,IADA,KAAK,EAAS,GAAK,EAAQ,IACpB,EAAE,GAAK,GAAM,IAAO,MACzB,KAAK,EAAS,GAAM,EAAQ,EAAO,IAGrC,MAAO,GAAS,CAClB,EAEA,EAAO,UAAU,WACjB,EAAO,UAAU,WAAa,SAAqB,EAAO,EAAQ,EAAU,CAC1E,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GAAU,EAAS,KAAM,EAAO,EAAQ,EAAG,IAAM,CAAC,EACvD,KAAK,GAAW,EAAQ,IACjB,EAAS,CAClB,EAEA,EAAO,UAAU,cACjB,EAAO,UAAU,cAAgB,SAAwB,EAAO,EAAQ,EAAU,CAChF,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GAAU,EAAS,KAAM,EAAO,EAAQ,EAAG,MAAQ,CAAC,EACzD,KAAK,GAAW,EAAQ,IACxB,KAAK,EAAS,GAAM,IAAU,EACvB,EAAS,CAClB,EAEA,EAAO,UAAU,cACjB,EAAO,UAAU,cAAgB,SAAwB,EAAO,EAAQ,EAAU,CAChF,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GAAU,EAAS,KAAM,EAAO,EAAQ,EAAG,MAAQ,CAAC,EACzD,KAAK,GAAW,IAAU,EAC1B,KAAK,EAAS,GAAM,EAAQ,IACrB,EAAS,CAClB,EAEA,EAAO,UAAU,cACjB,EAAO,UAAU,cAAgB,SAAwB,EAAO,EAAQ,EAAU,CAChF,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GAAU,EAAS,KAAM,EAAO,EAAQ,EAAG,WAAY,CAAC,EAC7D,KAAK,EAAS,GAAM,IAAU,GAC9B,KAAK,EAAS,GAAM,IAAU,GAC9B,KAAK,EAAS,GAAM,IAAU,EAC9B,KAAK,GAAW,EAAQ,IACjB,EAAS,CAClB,EAEA,EAAO,UAAU,cACjB,EAAO,UAAU,cAAgB,SAAwB,EAAO,EAAQ,EAAU,CAChF,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GAAU,EAAS,KAAM,EAAO,EAAQ,EAAG,WAAY,CAAC,EAC7D,KAAK,GAAW,IAAU,GAC1B,KAAK,EAAS,GAAM,IAAU,GAC9B,KAAK,EAAS,GAAM,IAAU,EAC9B,KAAK,EAAS,GAAM,EAAQ,IACrB,EAAS,CAClB,EAEA,YAAyB,EAAK,EAAO,EAAQ,EAAK,EAAK,CACrD,GAAW,EAAO,EAAK,EAAK,EAAK,EAAQ,CAAC,EAE1C,GAAI,GAAK,OAAO,EAAQ,OAAO,UAAU,CAAC,EAC1C,EAAI,KAAY,EAChB,EAAK,GAAM,EACX,EAAI,KAAY,EAChB,EAAK,GAAM,EACX,EAAI,KAAY,EAChB,EAAK,GAAM,EACX,EAAI,KAAY,EAChB,GAAI,GAAK,OAAO,GAAS,OAAO,EAAE,EAAI,OAAO,UAAU,CAAC,EACxD,SAAI,KAAY,EAChB,EAAK,GAAM,EACX,EAAI,KAAY,EAChB,EAAK,GAAM,EACX,EAAI,KAAY,EAChB,EAAK,GAAM,EACX,EAAI,KAAY,EACT,CACT,CAEA,YAAyB,EAAK,EAAO,EAAQ,EAAK,EAAK,CACrD,GAAW,EAAO,EAAK,EAAK,EAAK,EAAQ,CAAC,EAE1C,GAAI,GAAK,OAAO,EAAQ,OAAO,UAAU,CAAC,EAC1C,EAAI,EAAS,GAAK,EAClB,EAAK,GAAM,EACX,EAAI,EAAS,GAAK,EAClB,EAAK,GAAM,EACX,EAAI,EAAS,GAAK,EAClB,EAAK,GAAM,EACX,EAAI,EAAS,GAAK,EAClB,GAAI,GAAK,OAAO,GAAS,OAAO,EAAE,EAAI,OAAO,UAAU,CAAC,EACxD,SAAI,EAAS,GAAK,EAClB,EAAK,GAAM,EACX,EAAI,EAAS,GAAK,EAClB,EAAK,GAAM,EACX,EAAI,EAAS,GAAK,EAClB,EAAK,GAAM,EACX,EAAI,GAAU,EACP,EAAS,CAClB,CAEA,EAAO,UAAU,iBAAmB,EAAmB,SAA2B,EAAO,EAAS,EAAG,CACnG,MAAO,IAAe,KAAM,EAAO,EAAQ,OAAO,CAAC,EAAG,OAAO,oBAAoB,CAAC,CACpF,CAAC,EAED,EAAO,UAAU,iBAAmB,EAAmB,SAA2B,EAAO,EAAS,EAAG,CACnG,MAAO,IAAe,KAAM,EAAO,EAAQ,OAAO,CAAC,EAAG,OAAO,oBAAoB,CAAC,CACpF,CAAC,EAED,EAAO,UAAU,WAAa,SAAqB,EAAO,EAAQ,EAAY,EAAU,CAGtF,GAFA,EAAQ,CAAC,EACT,EAAS,IAAW,EAChB,CAAC,EAAU,CACb,GAAM,GAAQ,KAAK,IAAI,EAAI,EAAI,EAAc,CAAC,EAE9C,EAAS,KAAM,EAAO,EAAQ,EAAY,EAAQ,EAAG,CAAC,CAAK,CAC7D,CAEA,GAAI,GAAI,EACJ,EAAM,EACN,EAAM,EAEV,IADA,KAAK,GAAU,EAAQ,IAChB,EAAE,EAAI,GAAe,IAAO,MACjC,AAAI,EAAQ,GAAK,IAAQ,GAAK,KAAK,EAAS,EAAI,KAAO,GACrD,GAAM,GAER,KAAK,EAAS,GAAO,GAAQ,GAAQ,GAAK,EAAM,IAGlD,MAAO,GAAS,CAClB,EAEA,EAAO,UAAU,WAAa,SAAqB,EAAO,EAAQ,EAAY,EAAU,CAGtF,GAFA,EAAQ,CAAC,EACT,EAAS,IAAW,EAChB,CAAC,EAAU,CACb,GAAM,GAAQ,KAAK,IAAI,EAAI,EAAI,EAAc,CAAC,EAE9C,EAAS,KAAM,EAAO,EAAQ,EAAY,EAAQ,EAAG,CAAC,CAAK,CAC7D,CAEA,GAAI,GAAI,EAAa,EACjB,EAAM,EACN,EAAM,EAEV,IADA,KAAK,EAAS,GAAK,EAAQ,IACpB,EAAE,GAAK,GAAM,IAAO,MACzB,AAAI,EAAQ,GAAK,IAAQ,GAAK,KAAK,EAAS,EAAI,KAAO,GACrD,GAAM,GAER,KAAK,EAAS,GAAO,GAAQ,GAAQ,GAAK,EAAM,IAGlD,MAAO,GAAS,CAClB,EAEA,EAAO,UAAU,UAAY,SAAoB,EAAO,EAAQ,EAAU,CACxE,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GAAU,EAAS,KAAM,EAAO,EAAQ,EAAG,IAAM,IAAK,EACvD,EAAQ,GAAG,GAAQ,IAAO,EAAQ,GACtC,KAAK,GAAW,EAAQ,IACjB,EAAS,CAClB,EAEA,EAAO,UAAU,aAAe,SAAuB,EAAO,EAAQ,EAAU,CAC9E,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GAAU,EAAS,KAAM,EAAO,EAAQ,EAAG,MAAQ,MAAO,EAC/D,KAAK,GAAW,EAAQ,IACxB,KAAK,EAAS,GAAM,IAAU,EACvB,EAAS,CAClB,EAEA,EAAO,UAAU,aAAe,SAAuB,EAAO,EAAQ,EAAU,CAC9E,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GAAU,EAAS,KAAM,EAAO,EAAQ,EAAG,MAAQ,MAAO,EAC/D,KAAK,GAAW,IAAU,EAC1B,KAAK,EAAS,GAAM,EAAQ,IACrB,EAAS,CAClB,EAEA,EAAO,UAAU,aAAe,SAAuB,EAAO,EAAQ,EAAU,CAC9E,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GAAU,EAAS,KAAM,EAAO,EAAQ,EAAG,WAAY,WAAW,EACvE,KAAK,GAAW,EAAQ,IACxB,KAAK,EAAS,GAAM,IAAU,EAC9B,KAAK,EAAS,GAAM,IAAU,GAC9B,KAAK,EAAS,GAAM,IAAU,GACvB,EAAS,CAClB,EAEA,EAAO,UAAU,aAAe,SAAuB,EAAO,EAAQ,EAAU,CAC9E,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GAAU,EAAS,KAAM,EAAO,EAAQ,EAAG,WAAY,WAAW,EACnE,EAAQ,GAAG,GAAQ,WAAa,EAAQ,GAC5C,KAAK,GAAW,IAAU,GAC1B,KAAK,EAAS,GAAM,IAAU,GAC9B,KAAK,EAAS,GAAM,IAAU,EAC9B,KAAK,EAAS,GAAM,EAAQ,IACrB,EAAS,CAClB,EAEA,EAAO,UAAU,gBAAkB,EAAmB,SAA0B,EAAO,EAAS,EAAG,CACjG,MAAO,IAAe,KAAM,EAAO,EAAQ,CAAC,OAAO,oBAAoB,EAAG,OAAO,oBAAoB,CAAC,CACxG,CAAC,EAED,EAAO,UAAU,gBAAkB,EAAmB,SAA0B,EAAO,EAAS,EAAG,CACjG,MAAO,IAAe,KAAM,EAAO,EAAQ,CAAC,OAAO,oBAAoB,EAAG,OAAO,oBAAoB,CAAC,CACxG,CAAC,EAED,YAAuB,EAAK,EAAO,EAAQ,EAAK,EAAK,EAAK,CACxD,GAAI,EAAS,EAAM,EAAI,OAAQ,KAAM,IAAI,YAAW,oBAAoB,EACxE,GAAI,EAAS,EAAG,KAAM,IAAI,YAAW,oBAAoB,CAC3D,CAEA,YAAqB,EAAK,EAAO,EAAQ,EAAc,EAAU,CAC/D,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GACH,GAAa,EAAK,EAAO,EAAQ,EAAG,qBAAwB,qBAAuB,EAErF,EAAQ,MAAM,EAAK,EAAO,EAAQ,EAAc,GAAI,CAAC,EAC9C,EAAS,CAClB,CAEA,EAAO,UAAU,aAAe,SAAuB,EAAO,EAAQ,EAAU,CAC9E,MAAO,IAAW,KAAM,EAAO,EAAQ,GAAM,CAAQ,CACvD,EAEA,EAAO,UAAU,aAAe,SAAuB,EAAO,EAAQ,EAAU,CAC9E,MAAO,IAAW,KAAM,EAAO,EAAQ,GAAO,CAAQ,CACxD,EAEA,YAAsB,EAAK,EAAO,EAAQ,EAAc,EAAU,CAChE,SAAQ,CAAC,EACT,EAAS,IAAW,EACf,GACH,GAAa,EAAK,EAAO,EAAQ,EAAG,sBAAyB,sBAAwB,EAEvF,EAAQ,MAAM,EAAK,EAAO,EAAQ,EAAc,GAAI,CAAC,EAC9C,EAAS,CAClB,CAEA,EAAO,UAAU,cAAgB,SAAwB,EAAO,EAAQ,EAAU,CAChF,MAAO,IAAY,KAAM,EAAO,EAAQ,GAAM,CAAQ,CACxD,EAEA,EAAO,UAAU,cAAgB,SAAwB,EAAO,EAAQ,EAAU,CAChF,MAAO,IAAY,KAAM,EAAO,EAAQ,GAAO,CAAQ,CACzD,EAGA,EAAO,UAAU,KAAO,SAAe,EAAQ,EAAa,EAAO,EAAK,CACtE,GAAI,CAAC,EAAO,SAAS,CAAM,EAAG,KAAM,IAAI,WAAU,6BAA6B,EAS/E,GARK,GAAO,GAAQ,GAChB,CAAC,GAAO,IAAQ,GAAG,GAAM,KAAK,QAC9B,GAAe,EAAO,QAAQ,GAAc,EAAO,QAClD,GAAa,GAAc,GAC5B,EAAM,GAAK,EAAM,GAAO,GAAM,GAG9B,IAAQ,GACR,EAAO,SAAW,GAAK,KAAK,SAAW,EAAG,MAAO,GAGrD,GAAI,EAAc,EAChB,KAAM,IAAI,YAAW,2BAA2B,EAElD,GAAI,EAAQ,GAAK,GAAS,KAAK,OAAQ,KAAM,IAAI,YAAW,oBAAoB,EAChF,GAAI,EAAM,EAAG,KAAM,IAAI,YAAW,yBAAyB,EAG3D,AAAI,EAAM,KAAK,QAAQ,GAAM,KAAK,QAC9B,EAAO,OAAS,EAAc,EAAM,GACtC,GAAM,EAAO,OAAS,EAAc,GAGtC,GAAM,GAAM,EAAM,EAElB,MAAI,QAAS,GAAU,MAAO,YAAW,UAAU,YAAe,WAEhE,KAAK,WAAW,EAAa,EAAO,CAAG,EAEvC,WAAW,UAAU,IAAI,KACvB,EACA,KAAK,SAAS,EAAO,CAAG,EACxB,CACF,EAGK,CACT,EAMA,EAAO,UAAU,KAAO,SAAe,EAAK,EAAO,EAAK,EAAU,CAEhE,GAAI,MAAO,IAAQ,SAAU,CAS3B,GARA,AAAI,MAAO,IAAU,SACnB,GAAW,EACX,EAAQ,EACR,EAAM,KAAK,QACF,MAAO,IAAQ,UACxB,GAAW,EACX,EAAM,KAAK,QAET,IAAa,QAAa,MAAO,IAAa,SAChD,KAAM,IAAI,WAAU,2BAA2B,EAEjD,GAAI,MAAO,IAAa,UAAY,CAAC,EAAO,WAAW,CAAQ,EAC7D,KAAM,IAAI,WAAU,qBAAuB,CAAQ,EAErD,GAAI,EAAI,SAAW,EAAG,CACpB,GAAM,GAAO,EAAI,WAAW,CAAC,EAC7B,AAAK,KAAa,QAAU,EAAO,KAC/B,IAAa,WAEf,GAAM,EAEV,CACF,KAAO,AAAI,OAAO,IAAQ,SACxB,EAAM,EAAM,IACH,MAAO,IAAQ,WACxB,GAAM,OAAO,CAAG,GAIlB,GAAI,EAAQ,GAAK,KAAK,OAAS,GAAS,KAAK,OAAS,EACpD,KAAM,IAAI,YAAW,oBAAoB,EAG3C,GAAI,GAAO,EACT,MAAO,MAGT,EAAQ,IAAU,EAClB,EAAM,IAAQ,OAAY,KAAK,OAAS,IAAQ,EAE3C,GAAK,GAAM,GAEhB,GAAI,GACJ,GAAI,MAAO,IAAQ,SACjB,IAAK,EAAI,EAAO,EAAI,EAAK,EAAE,EACzB,KAAK,GAAK,MAEP,CACL,GAAM,GAAQ,EAAO,SAAS,CAAG,EAC7B,EACA,EAAO,KAAK,EAAK,CAAQ,EACvB,EAAM,EAAM,OAClB,GAAI,IAAQ,EACV,KAAM,IAAI,WAAU,cAAgB,EAClC,mCAAmC,EAEvC,IAAK,EAAI,EAAG,EAAI,EAAM,EAAO,EAAE,EAC7B,KAAK,EAAI,GAAS,EAAM,EAAI,EAEhC,CAEA,MAAO,KACT,EAMA,GAAM,GAAS,CAAC,EAChB,YAAY,EAAK,EAAY,EAAM,CACjC,EAAO,GAAO,aAAwB,EAAK,CACzC,aAAe,CACb,MAAM,EAEN,OAAO,eAAe,KAAM,UAAW,CACrC,MAAO,EAAW,MAAM,KAAM,SAAS,EACvC,SAAU,GACV,aAAc,EAChB,CAAC,EAGD,KAAK,KAAO,GAAG,KAAK,SAAS,KAG7B,KAAK,MAEL,MAAO,MAAK,IACd,IAEI,OAAQ,CACV,MAAO,EACT,IAEI,MAAM,EAAO,CACf,OAAO,eAAe,KAAM,OAAQ,CAClC,aAAc,GACd,WAAY,GACZ,QACA,SAAU,EACZ,CAAC,CACH,CAEA,UAAY,CACV,MAAO,GAAG,KAAK,SAAS,OAAS,KAAK,SACxC,CACF,CACF,CAEA,GAAE,2BACA,SAAU,EAAM,CACd,MAAI,GACK,GAAG,gCAGL,gDACT,EAAG,UAAU,EACf,GAAE,uBACA,SAAU,EAAM,EAAQ,CACtB,MAAO,QAAQ,qDAAwD,MAAO,IAChF,EAAG,SAAS,EACd,GAAE,mBACA,SAAU,EAAK,EAAO,EAAO,CAC3B,GAAI,GAAM,iBAAiB,sBACvB,EAAW,EACf,MAAI,QAAO,UAAU,CAAK,GAAK,KAAK,IAAI,CAAK,EAAI,GAAK,GACpD,EAAW,GAAsB,OAAO,CAAK,CAAC,EACrC,MAAO,IAAU,UAC1B,GAAW,OAAO,CAAK,EACnB,GAAQ,OAAO,CAAC,GAAK,OAAO,EAAE,GAAK,EAAQ,CAAE,QAAO,CAAC,GAAK,OAAO,EAAE,KACrE,GAAW,GAAsB,CAAQ,GAE3C,GAAY,KAEd,GAAO,eAAe,eAAmB,IAClC,CACT,EAAG,UAAU,EAEf,YAAgC,EAAK,CACnC,GAAI,GAAM,GACN,EAAI,EAAI,OACN,EAAQ,EAAI,KAAO,IAAM,EAAI,EACnC,KAAO,GAAK,EAAQ,EAAG,GAAK,EAC1B,EAAM,IAAI,EAAI,MAAM,EAAI,EAAG,CAAC,IAAI,IAElC,MAAO,GAAG,EAAI,MAAM,EAAG,CAAC,IAAI,GAC9B,CAKA,YAAsB,EAAK,EAAQ,EAAY,CAC7C,EAAe,EAAQ,QAAQ,EAC3B,GAAI,KAAY,QAAa,EAAI,EAAS,KAAgB,SAC5D,GAAY,EAAQ,EAAI,OAAU,GAAa,EAAE,CAErD,CAEA,YAAqB,EAAO,EAAK,EAAK,EAAK,EAAQ,EAAY,CAC7D,GAAI,EAAQ,GAAO,EAAQ,EAAK,CAC9B,GAAM,GAAI,MAAO,IAAQ,SAAW,IAAM,GACtC,EACJ,KAAI,GAAa,EACf,AAAI,IAAQ,GAAK,IAAQ,OAAO,CAAC,EAC/B,EAAQ,OAAO,YAAY,QAAS,GAAa,GAAK,IAAI,IAE1D,EAAQ,SAAS,QAAS,GAAa,GAAK,EAAI,IAAI,iBACxC,GAAa,GAAK,EAAI,IAAI,IAGxC,EAAQ,MAAM,IAAM,YAAY,IAAM,IAElC,GAAI,GAAO,iBAAiB,QAAS,EAAO,CAAK,CACzD,CACA,GAAY,EAAK,EAAQ,CAAU,CACrC,CAEA,WAAyB,EAAO,EAAM,CACpC,GAAI,MAAO,IAAU,SACnB,KAAM,IAAI,GAAO,qBAAqB,EAAM,SAAU,CAAK,CAE/D,CAEA,YAAsB,EAAO,EAAQ,EAAM,CACzC,KAAI,MAAK,MAAM,CAAK,IAAM,EACxB,GAAe,EAAO,CAAI,EACpB,GAAI,GAAO,iBAAiB,GAAQ,SAAU,aAAc,CAAK,GAGrE,EAAS,EACL,GAAI,GAAO,yBAGb,GAAI,GAAO,iBAAiB,GAAQ,SACR,MAAM,EAAO,EAAI,YAAY,IAC7B,CAAK,CACzC,CAKA,GAAM,IAAoB,oBAE1B,YAAsB,EAAK,CAMzB,GAJA,EAAM,EAAI,MAAM,GAAG,EAAE,GAErB,EAAM,EAAI,KAAK,EAAE,QAAQ,GAAmB,EAAE,EAE1C,EAAI,OAAS,EAAG,MAAO,GAE3B,KAAO,EAAI,OAAS,IAAM,GACxB,EAAM,EAAM,IAEd,MAAO,EACT,CAEA,YAAsB,EAAQ,EAAO,CACnC,EAAQ,GAAS,IACjB,GAAI,GACE,EAAS,EAAO,OAClB,EAAgB,KACd,EAAQ,CAAC,EAEf,OAAS,GAAI,EAAG,EAAI,EAAQ,EAAE,EAAG,CAI/B,GAHA,EAAY,EAAO,WAAW,CAAC,EAG3B,EAAY,OAAU,EAAY,MAAQ,CAE5C,GAAI,CAAC,EAAe,CAElB,GAAI,EAAY,MAAQ,CAEtB,AAAK,IAAS,GAAK,IAAI,EAAM,KAAK,IAAM,IAAM,GAAI,EAClD,QACF,SAAW,EAAI,IAAM,EAAQ,CAE3B,AAAK,IAAS,GAAK,IAAI,EAAM,KAAK,IAAM,IAAM,GAAI,EAClD,QACF,CAGA,EAAgB,EAEhB,QACF,CAGA,GAAI,EAAY,MAAQ,CACtB,AAAK,IAAS,GAAK,IAAI,EAAM,KAAK,IAAM,IAAM,GAAI,EAClD,EAAgB,EAChB,QACF,CAGA,EAAa,GAAgB,OAAU,GAAK,EAAY,OAAU,KACpE,KAAO,AAAI,IAEJ,IAAS,GAAK,IAAI,EAAM,KAAK,IAAM,IAAM,GAAI,EAMpD,GAHA,EAAgB,KAGZ,EAAY,IAAM,CACpB,GAAK,IAAS,GAAK,EAAG,MACtB,EAAM,KAAK,CAAS,CACtB,SAAW,EAAY,KAAO,CAC5B,GAAK,IAAS,GAAK,EAAG,MACtB,EAAM,KACJ,GAAa,EAAM,IACnB,EAAY,GAAO,GACrB,CACF,SAAW,EAAY,MAAS,CAC9B,GAAK,IAAS,GAAK,EAAG,MACtB,EAAM,KACJ,GAAa,GAAM,IACnB,GAAa,EAAM,GAAO,IAC1B,EAAY,GAAO,GACrB,CACF,SAAW,EAAY,QAAU,CAC/B,GAAK,IAAS,GAAK,EAAG,MACtB,EAAM,KACJ,GAAa,GAAO,IACpB,GAAa,GAAM,GAAO,IAC1B,GAAa,EAAM,GAAO,IAC1B,EAAY,GAAO,GACrB,CACF,KACE,MAAM,IAAI,OAAM,oBAAoB,CAExC,CAEA,MAAO,EACT,CAEA,YAAuB,EAAK,CAC1B,GAAM,GAAY,CAAC,EACnB,OAAS,GAAI,EAAG,EAAI,EAAI,OAAQ,EAAE,EAEhC,EAAU,KAAK,EAAI,WAAW,CAAC,EAAI,GAAI,EAEzC,MAAO,EACT,CAEA,YAAyB,EAAK,EAAO,CACnC,GAAI,GAAG,EAAI,EACL,EAAY,CAAC,EACnB,OAAS,GAAI,EAAG,EAAI,EAAI,QACjB,MAAS,GAAK,GADW,EAAE,EAGhC,EAAI,EAAI,WAAW,CAAC,EACpB,EAAK,GAAK,EACV,EAAK,EAAI,IACT,EAAU,KAAK,CAAE,EACjB,EAAU,KAAK,CAAE,EAGnB,MAAO,EACT,CAEA,YAAwB,EAAK,CAC3B,MAAO,IAAO,YAAY,GAAY,CAAG,CAAC,CAC5C,CAEA,YAAqB,EAAK,EAAK,EAAQ,EAAQ,CAC7C,GAAI,GACJ,IAAK,EAAI,EAAG,EAAI,GACT,IAAI,GAAU,EAAI,QAAY,GAAK,EAAI,QADtB,EAAE,EAExB,EAAI,EAAI,GAAU,EAAI,GAExB,MAAO,EACT,CAKA,WAAqB,EAAK,EAAM,CAC9B,MAAO,aAAe,IACnB,GAAO,MAAQ,EAAI,aAAe,MAAQ,EAAI,YAAY,MAAQ,MACjE,EAAI,YAAY,OAAS,EAAK,IACpC,CACA,YAAsB,EAAK,CAEzB,MAAO,KAAQ,CACjB,CAIA,GAAM,IAAuB,UAAY,CACvC,GAAM,GAAW,mBACX,EAAQ,GAAI,OAAM,GAAG,EAC3B,OAAS,GAAI,EAAG,EAAI,GAAI,EAAE,EAAG,CAC3B,GAAM,GAAM,EAAI,GAChB,OAAS,GAAI,EAAG,EAAI,GAAI,EAAE,EACxB,EAAM,EAAM,GAAK,EAAS,GAAK,EAAS,EAE5C,CACA,MAAO,EACT,EAAG,EAGH,WAA6B,EAAI,CAC/B,MAAO,OAAO,QAAW,IAAc,GAAyB,CAClE,CAEA,aAAmC,CACjC,KAAM,IAAI,OAAM,sBAAsB,CACxC,ICzjEA,GAAW,GAAX,UAAO,AAAI,EAAS,KAAkB,SCAtC,+BACA,OAAO,eAAe,GAAS,aAAc,CAAE,MAAO,EAAK,CAAC,EAC5D,YAAmB,EAAO,CACtB,GAAI,GAAgB,EAChB,EAAe,EAAM,OACrB,EAAO,EAAe,EAC1B,GAAI,CAAC,EACD,MAAO,GAEX,GAAI,GAAW,EACX,EAAY,EAAgB,EAC5B,EAAqB,EAAe,EACpC,EAAS,EAAO,MAAM,CAAkB,EAE5C,IADA,EAAO,MAAM,CAAK,EACX,KACH,EAAO,MAAM,IAAK,GAAU,EAEhC,MAAO,GAAO,SAAS,CAC3B,CACA,GAAQ,QAAU,KCnBlB,+BACA,OAAO,eAAe,GAAS,aAAc,CAAE,MAAO,EAAK,CAAC,EAC5D,GAAI,IAAe,KACnB,YAAgB,EAAO,EAAU,CAE7B,MADI,KAAa,QAAU,GAAW,QAClC,EAAO,SAAS,CAAK,EACd,GAAW,EAAM,SAAS,QAAQ,CAAC,EAEvC,GAAW,EAAO,KAAK,EAAO,CAAQ,EAAE,SAAS,QAAQ,CAAC,CACrE,CAEA,YAAgB,EAAW,EAAU,CACjC,MAAI,KAAa,QAAU,GAAW,QAC/B,EAAO,KAAK,GAAS,CAAS,EAAG,QAAQ,EAAE,SAAS,CAAQ,CACvE,CACA,YAAkB,EAAW,CACzB,SAAY,EAAU,SAAS,EACxB,GAAa,QAAQ,CAAS,EAChC,QAAQ,MAAO,GAAG,EAClB,QAAQ,KAAM,GAAG,CAC1B,CACA,YAAoB,EAAQ,CACxB,MAAO,GACF,QAAQ,KAAM,EAAE,EAChB,QAAQ,MAAO,GAAG,EAClB,QAAQ,MAAO,GAAG,CAC3B,CACA,YAAkB,EAAW,CACzB,MAAO,GAAO,KAAK,GAAS,CAAS,EAAG,QAAQ,CACpD,CACA,GAAI,GAAY,GAChB,EAAU,OAAS,GACnB,EAAU,OAAS,GACnB,EAAU,SAAW,GACrB,EAAU,WAAa,GACvB,EAAU,SAAW,GACrB,GAAQ,QAAU,ICpClB,0BAAO,QAAU,KAA4B,QAC7C,GAAO,QAAQ,QAAU,GAAO,UCDhC,WAAsB,WCAtB,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,OAAO,GAAQ,OACR,WAAqB,EAAK,CAC7B,GAAI,CACA,MAAQ,IAAO,MACX,MAAO,GAAI,aAAgB,WAC3B,MAAO,GAAI,UAAU,MAAS,UAC9B,MAAO,GAAI,MAAS,QAC5B,MACA,CACI,MAAO,EACX,CACJ,CDVA,GAAM,IAAS,MAAO,EAAW,IAAS,CACtC,GAAM,GAAe,OAAO,EAAU,MAAM,EAAE,IAC9C,MAAO,IAAI,YAAW,KAAM,GAAO,OAAO,OAAO,EAAc,CAAI,CAAC,CACxE,EACO,GAAQ,GDJR,GAAM,GAAU,GAAI,aACd,EAAU,GAAI,aACrB,GAAY,GAAK,GAChB,cAAmB,EAAS,CAC/B,GAAM,GAAO,EAAQ,OAAO,CAAC,EAAK,CAAE,YAAa,EAAM,EAAQ,CAAC,EAC1D,EAAM,GAAI,YAAW,CAAI,EAC3B,EAAI,EACR,SAAQ,QAAQ,AAAC,GAAW,CACxB,EAAI,IAAI,EAAQ,CAAC,EACjB,GAAK,EAAO,MAChB,CAAC,EACM,CACX,CACO,YAAa,EAAK,EAAU,CAC/B,MAAO,GAAO,EAAQ,OAAO,CAAG,EAAG,GAAI,YAAW,CAAC,CAAC,CAAC,EAAG,CAAQ,CACpE,CACA,YAAuB,EAAK,EAAO,EAAQ,CACvC,GAAI,EAAQ,GAAK,GAAS,GACtB,KAAM,IAAI,YAAW,6BAA6B,GAAY,eAAe,GAAO,EAExF,EAAI,IAAI,CAAC,IAAU,GAAI,IAAU,GAAI,IAAU,EAAG,EAAQ,GAAI,EAAG,CAAM,CAC3E,CACO,YAAkB,EAAO,CAC5B,GAAM,GAAO,KAAK,MAAM,EAAQ,EAAS,EACnC,EAAM,EAAQ,GACd,EAAM,GAAI,YAAW,CAAC,EAC5B,UAAc,EAAK,EAAM,CAAC,EAC1B,GAAc,EAAK,EAAK,CAAC,EAClB,CACX,CACO,YAAkB,EAAO,CAC5B,GAAM,GAAM,GAAI,YAAW,CAAC,EAC5B,UAAc,EAAK,CAAK,EACjB,CACX,CACO,YAAwB,EAAO,CAClC,MAAO,GAAO,GAAS,EAAM,MAAM,EAAG,CAAK,CAC/C,CACA,kBAAgC,EAAQ,EAAM,EAAO,CACjD,GAAM,GAAa,KAAK,KAAM,IAAQ,GAAK,EAAE,EACzC,EACJ,OAAS,GAAO,EAAG,GAAQ,EAAY,IAAQ,CAC3C,GAAM,GAAM,GAAI,YAAW,EAAI,EAAO,OAAS,EAAM,MAAM,EAC3D,EAAI,IAAI,GAAS,CAAI,CAAC,EACtB,EAAI,IAAI,EAAQ,CAAC,EACjB,EAAI,IAAI,EAAO,EAAI,EAAO,MAAM,EAChC,AAAK,EAID,EAAM,EAAO,EAAK,KAAM,IAAO,SAAU,CAAG,CAAC,EAH7C,EAAM,KAAM,IAAO,SAAU,CAAG,CAKxC,CACA,SAAM,EAAI,MAAM,EAAG,GAAQ,CAAC,EACrB,CACX,CDxCO,GAAM,IAAe,AAAC,GAClB,GAAI,YAAW,KAAK,CAAO,EAC7B,MAAM,EAAE,EACR,IAAI,AAAC,GAAM,EAAE,WAAW,CAAC,CAAC,CAAC,EAEvB,EAAS,AAAC,GAAU,CAC7B,GAAI,GAAU,EACd,AAAI,YAAmB,aACnB,GAAU,EAAQ,OAAO,CAAO,GAEpC,EAAU,EAAQ,QAAQ,KAAM,GAAG,EAAE,QAAQ,KAAM,GAAG,EAAE,QAAQ,MAAO,EAAE,EACzE,GAAI,CACA,MAAO,IAAa,CAAO,CAC/B,MACA,CACI,KAAM,IAAI,WAAU,mDAAmD,CAC3E,CACJ,EIjCA,ICAA,ICAA,IAAO,mBAAwB,MAAM,CACjC,YAAY,EAAS,CACjB,GAAI,GACJ,MAAM,CAAO,EACb,KAAK,KAAO,mBACZ,KAAK,KAAO,KAAK,YAAY,KAC5B,GAAK,MAAM,qBAAuB,MAAQ,IAAO,QAAkB,EAAG,KAAK,MAAO,KAAM,KAAK,WAAW,CAC7G,WACW,OAAO,CACd,MAAO,kBACX,CACJ,EAuBO,mBAAgC,EAAU,CAC7C,aAAc,CACV,MAAM,GAAG,SAAS,EAClB,KAAK,KAAO,0BAChB,WACW,OAAO,CACd,MAAO,0BACX,CACJ,EACO,eAA+B,EAAU,CAC5C,aAAc,CACV,MAAM,GAAG,SAAS,EAClB,KAAK,KAAO,wBAChB,WACW,OAAO,CACd,MAAO,wBACX,CACJ,EACO,eAAkC,EAAU,CAC/C,aAAc,CACV,MAAM,GAAG,SAAS,EAClB,KAAK,KAAO,4BACZ,KAAK,QAAU,6BACnB,WACW,OAAO,CACd,MAAO,2BACX,CACJ,EACO,eAAyB,EAAU,CACtC,aAAc,CACV,MAAM,GAAG,SAAS,EAClB,KAAK,KAAO,iBAChB,WACW,OAAO,CACd,MAAO,iBACX,CACJ,ECtEA,ICAA,IACA,GAAO,IAAQ,EAAO,gBAAgB,KAAK,CAAM,EDC1C,YAAmB,EAAK,CAC3B,OAAQ,OACC,cACA,gBACA,cACA,gBACA,cACA,YACD,MAAO,QACN,oBACA,oBACA,gBACD,MAAO,aAEP,KAAM,IAAI,GAAiB,8BAA8B,GAAK,EAE1E,CFhBA,GAAM,IAAgB,CAAC,EAAK,IAAO,CAC/B,GAAI,EAAG,QAAU,IAAM,GAAU,CAAG,EAChC,KAAM,IAAI,GAAW,sCAAsC,CAEnE,EACO,GAAQ,GIPf,IACA,GAAM,IAAiB,CAAC,EAAK,IAAa,CACtC,GAAI,EAAI,QAAU,IAAM,EACpB,KAAM,IAAI,GAAW,uCAAuC,CAEpE,EACO,GAAQ,GCNf,OAAM,IAAkB,CAAC,EAAG,IAAM,CAC9B,GAAI,CAAE,aAAa,aACf,KAAM,IAAI,WAAU,iCAAiC,EAEzD,GAAI,CAAE,aAAa,aACf,KAAM,IAAI,WAAU,kCAAkC,EAE1D,GAAI,EAAE,SAAW,EAAE,OACf,KAAM,IAAI,WAAU,yCAAyC,EAEjE,GAAM,GAAM,EAAE,OACV,EAAM,EACN,EAAI,GACR,KAAO,EAAE,EAAI,GACT,GAAO,EAAE,GAAK,EAAE,GAEpB,MAAO,KAAQ,CACnB,EACO,GAAQ,GClBf,ICAA,IAAO,YAA+B,CAClC,MAAO,OAAO,gBAAkB,UACpC,CACO,YAAoB,CACvB,GAAI,CACA,MAAO,SAAQ,SAAS,OAAS,MACrC,MACA,CACI,MAAO,EACX,CACJ,CDTA,WAAkB,EAAM,EAAO,iBAAkB,CAC7C,MAAO,IAAI,WAAU,kDAAkD,aAAgB,GAAM,CACjG,CACA,YAAqB,EAAW,EAAM,CAClC,MAAO,GAAU,OAAS,CAC9B,CACA,YAAuB,EAAM,CACzB,MAAO,UAAS,EAAK,KAAK,MAAM,CAAC,EAAG,EAAE,CAC1C,CAaA,YAAoB,EAAK,EAAQ,CAC7B,GAAI,EAAO,QAAU,CAAC,EAAO,KAAK,AAAC,GAAa,EAAI,OAAO,SAAS,CAAQ,CAAC,EAAG,CAC5E,GAAI,GAAM,sEACV,GAAI,EAAO,OAAS,EAAG,CACnB,GAAM,GAAO,EAAO,IAAI,EACxB,GAAO,UAAU,EAAO,KAAK,IAAI,SAAS,IAC9C,KACK,AAAI,GAAO,SAAW,EACvB,GAAO,UAAU,EAAO,SAAS,EAAO,MAGxC,GAAO,GAAG,EAAO,MAErB,KAAM,IAAI,WAAU,CAAG,CAC3B,CACJ,CA8DO,WAA2B,EAAK,KAAQ,EAAQ,CACnD,OAAQ,OACC,cACA,cACA,UAAW,CACZ,GAAI,CAAC,GAAY,EAAI,UAAW,SAAS,EACrC,KAAM,GAAS,SAAS,EAC5B,GAAM,GAAW,SAAS,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,EAE7C,GAAI,AADW,EAAI,UAAU,SACd,EACX,KAAM,GAAS,EAAU,kBAAkB,EAC/C,KACJ,KACK,aACA,aACA,SAAU,CACX,GAAI,CAAC,GAAY,EAAI,UAAW,QAAQ,EACpC,KAAM,GAAS,QAAQ,EAC3B,GAAM,GAAW,SAAS,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,EAE7C,GAAI,AADW,EAAI,UAAU,SACd,EACX,KAAM,GAAS,EAAU,kBAAkB,EAC/C,KACJ,KACK,OACD,GAAI,CAAC,GAAY,EAAI,UAAW,MAAM,EAClC,KAAM,GAAS,MAAM,EACzB,UACC,yBACA,yBACA,qBACD,GAAI,CAAC,GAAY,EAAI,UAAW,QAAQ,EACpC,KAAM,GAAS,QAAQ,EAC3B,UACC,eACA,mBACA,mBACA,eAAgB,CACjB,GAAI,CAAC,GAAY,EAAI,UAAW,UAAU,EACtC,KAAM,GAAS,UAAU,EAC7B,GAAM,GAAW,SAAS,EAAI,MAAM,CAAC,EAAG,EAAE,GAAK,EAE/C,GAAI,AADW,GAAc,EAAI,UAAU,IAAI,IAChC,EACX,KAAM,GAAS,OAAO,IAAY,gBAAgB,EACtD,KACJ,SAEI,KAAM,IAAI,WAAU,2CAA2C,EAEvE,GAAW,EAAK,CAAM,CAC1B,CErJA,OAAO,GAAQ,CAAC,KAAW,IAAU,CACjC,GAAI,GAAM,eACV,GAAI,EAAM,OAAS,EAAG,CAClB,GAAM,GAAO,EAAM,IAAI,EACvB,GAAO,eAAe,EAAM,KAAK,IAAI,SAAS,IAClD,KACK,AAAI,GAAM,SAAW,EACtB,GAAO,eAAe,EAAM,SAAS,EAAM,MAG3C,GAAO,WAAW,EAAM,MAE5B,MAAI,IAAU,KACV,GAAO,aAAa,IAEnB,AAAI,MAAO,IAAW,YAAc,EAAO,KAC5C,GAAO,sBAAsB,EAAO,OAE/B,MAAO,IAAW,UAAY,GAAU,MACzC,EAAO,aAAe,EAAO,YAAY,MACzC,IAAO,4BAA4B,EAAO,YAAY,QAGvD,CACX,ECxBA,IACA,GAAO,IAAQ,AAAC,GACL,EAAY,CAAG,EAEb,EAAQ,CAAC,WAAW,EVKjC,kBAA0B,EAAK,EAAK,EAAY,EAAI,EAAK,EAAK,CAC1D,GAAI,CAAE,aAAe,aACjB,KAAM,IAAI,WAAU,EAAgB,EAAK,YAAY,CAAC,EAE1D,GAAM,GAAU,SAAS,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,EACtC,EAAS,KAAM,GAAO,OAAO,UAAU,MAAO,EAAI,SAAS,GAAW,CAAC,EAAG,UAAW,GAAO,CAAC,SAAS,CAAC,EACvG,EAAS,KAAM,GAAO,OAAO,UAAU,MAAO,EAAI,SAAS,EAAG,GAAW,CAAC,EAAG,CAC/E,KAAM,OAAO,GAAW,IACxB,KAAM,MACV,EAAG,GAAO,CAAC,MAAM,CAAC,EACZ,EAAU,EAAO,EAAK,EAAI,EAAY,GAAS,EAAI,QAAU,CAAC,CAAC,EAC/D,EAAc,GAAI,YAAY,MAAM,GAAO,OAAO,KAAK,OAAQ,EAAQ,CAAO,GAAG,MAAM,EAAG,GAAW,CAAC,CAAC,EACzG,EACJ,GAAI,CACA,EAAiB,GAAgB,EAAK,CAAW,CACrD,MACA,CACA,CACA,GAAI,CAAC,EACD,KAAM,IAAI,GAEd,GAAI,GACJ,GAAI,CACA,EAAY,GAAI,YAAW,KAAM,GAAO,OAAO,QAAQ,CAAE,KAAI,KAAM,SAAU,EAAG,EAAQ,CAAU,CAAC,CACvG,MACA,CACA,CACA,GAAI,CAAC,EACD,KAAM,IAAI,GAEd,MAAO,EACX,CACA,kBAA0B,EAAK,EAAK,EAAY,EAAI,EAAK,EAAK,CAC1D,GAAI,GACJ,AAAI,YAAe,YACf,EAAS,KAAM,GAAO,OAAO,UAAU,MAAO,EAAK,UAAW,GAAO,CAAC,SAAS,CAAC,EAGhF,GAAkB,EAAK,EAAK,SAAS,EACrC,EAAS,GAEb,GAAI,CACA,MAAO,IAAI,YAAW,KAAM,GAAO,OAAO,QAAQ,CAC9C,eAAgB,EAChB,KACA,KAAM,UACN,UAAW,GACf,EAAG,EAAQ,EAAO,EAAY,CAAG,CAAC,CAAC,CACvC,MACA,CACI,KAAM,IAAI,EACd,CACJ,CACA,GAAM,IAAU,MAAO,EAAK,EAAK,EAAY,EAAI,EAAK,IAAQ,CAC1D,GAAI,CAAC,EAAY,CAAG,GAAK,CAAE,aAAe,aACtC,KAAM,IAAI,WAAU,EAAgB,EAAK,GAAG,EAAO,YAAY,CAAC,EAGpE,OADA,GAAc,EAAK,CAAE,EACb,OACC,oBACA,oBACA,gBACD,MAAI,aAAe,aACf,GAAe,EAAK,SAAS,EAAI,MAAM,EAAE,EAAG,EAAE,CAAC,EAC5C,GAAW,EAAK,EAAK,EAAY,EAAI,EAAK,CAAG,MACnD,cACA,cACA,UACD,MAAI,aAAe,aACf,GAAe,EAAK,SAAS,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,CAAC,EAC9C,GAAW,EAAK,EAAK,EAAY,EAAI,EAAK,CAAG,UAEpD,KAAM,IAAI,GAAiB,8CAA8C,EAErF,EACO,GAAQ,GWpFf,IACO,GAAM,IAAU,SAAY,CAC/B,KAAM,IAAI,GAAiB,wLAAwL,CACvN,ECHA,OAAM,IAAa,IAAI,IAAY,CAC/B,GAAM,GAAU,EAAQ,OAAO,OAAO,EACtC,GAAI,EAAQ,SAAW,GAAK,EAAQ,SAAW,EAC3C,MAAO,GAEX,GAAI,GACJ,OAAW,KAAU,GAAS,CAC1B,GAAM,GAAa,OAAO,KAAK,CAAM,EACrC,GAAI,CAAC,GAAO,EAAI,OAAS,EAAG,CACxB,EAAM,GAAI,KAAI,CAAU,EACxB,QACJ,CACA,OAAW,KAAa,GAAY,CAChC,GAAI,EAAI,IAAI,CAAS,EACjB,MAAO,GAEX,EAAI,IAAI,CAAS,CACrB,CACJ,CACA,MAAO,EACX,EACO,EAAQ,GCrBf,gBAAsB,EAAO,CACzB,MAAO,OAAO,IAAU,UAAY,IAAU,IAClD,CACe,WAAkB,EAAO,CACpC,GAAI,CAAC,GAAa,CAAK,GAAK,OAAO,UAAU,SAAS,KAAK,CAAK,IAAM,kBAClE,MAAO,GAEX,GAAI,OAAO,eAAe,CAAK,IAAM,KACjC,MAAO,GAEX,GAAI,GAAQ,EACZ,KAAO,OAAO,eAAe,CAAK,IAAM,MACpC,EAAQ,OAAO,eAAe,CAAK,EAEvC,MAAO,QAAO,eAAe,CAAK,IAAM,CAC5C,CCfA,ICAA,ICAA,OAAM,IAAiB,CACnB,CAAE,KAAM,UAAW,KAAM,MAAO,EAChC,GACA,CAAC,MAAM,CACX,EACO,GAAQ,GDAf,YAAsB,EAAK,EAAK,CAC5B,GAAI,EAAI,UAAU,SAAW,SAAS,EAAI,MAAM,EAAG,CAAC,EAAG,EAAE,EACrD,KAAM,IAAI,WAAU,6BAA6B,GAAK,CAE9D,CACA,YAAsB,EAAK,EAAK,EAAO,CACnC,GAAI,EAAY,CAAG,EACf,SAAkB,EAAK,EAAK,CAAK,EAC1B,EAEX,GAAI,YAAe,YACf,MAAO,GAAO,OAAO,UAAU,MAAO,EAAK,SAAU,GAAM,CAAC,CAAK,CAAC,EAEtE,KAAM,IAAI,WAAU,EAAgB,EAAK,GAAG,EAAO,YAAY,CAAC,CACpE,CAOO,GAAM,IAAS,MAAO,EAAK,EAAK,IAAiB,CACpD,GAAM,GAAY,KAAM,IAAa,EAAK,EAAK,WAAW,EAC1D,GAAa,EAAW,CAAG,EAC3B,GAAM,GAAe,KAAM,GAAO,OAAO,UAAU,MAAO,EAAc,EAAW,SAAU,GAAG,EAAc,EAC9G,MAAO,IAAI,YAAW,KAAM,GAAO,OAAO,UAAU,MAAO,CAAY,CAAC,CAC5E,EE/BA,IAKA,kBAAgC,EAAW,EAAY,EAAW,EAAW,EAAM,GAAI,YAAW,CAAC,EAAG,EAAM,GAAI,YAAW,CAAC,EAAG,CAC3H,GAAI,CAAC,EAAY,CAAS,EACtB,KAAM,IAAI,WAAU,EAAgB,EAAW,GAAG,CAAK,CAAC,EAG5D,GADA,EAAkB,EAAW,MAAM,EAC/B,CAAC,EAAY,CAAU,EACvB,KAAM,IAAI,WAAU,EAAgB,EAAY,GAAG,CAAK,CAAC,EAE7D,EAAkB,EAAY,OAAQ,YAAY,EAClD,GAAM,GAAQ,EAAO,GAAe,EAAQ,OAAO,CAAS,CAAC,EAAG,GAAe,CAAG,EAAG,GAAe,CAAG,EAAG,GAAS,CAAS,CAAC,EACvH,EAAe,GAAI,YAAW,KAAM,GAAO,OAAO,WAAW,CAC/D,KAAM,OACN,OAAQ,CACZ,EAAG,EAAY,KAAK,KAAK,SAAS,EAAW,UAAU,WAAW,MAAM,EAAE,EAAG,EAAE,EAAI,CAAC,GAAK,CAAC,CAAC,EAC3F,MAAO,IAAU,EAAc,EAAW,CAAK,CACnD,CAOO,YAAqB,EAAK,CAC7B,GAAI,CAAC,EAAY,CAAG,EAChB,KAAM,IAAI,WAAU,EAAgB,EAAK,GAAG,CAAK,CAAC,EAEtD,MAAO,CAAC,QAAS,QAAS,OAAO,EAAE,SAAS,EAAI,UAAU,UAAU,CACxE,CChCA,ICAA,IACe,YAAkB,EAAK,CAClC,GAAI,CAAE,aAAe,cAAe,EAAI,OAAS,EAC7C,KAAM,IAAI,GAAW,2CAA2C,CAExE,CDIA,YAAsB,EAAK,EAAK,CAC5B,GAAI,YAAe,YACf,MAAO,GAAO,OAAO,UAAU,MAAO,EAAK,SAAU,GAAO,CAAC,YAAY,CAAC,EAE9E,GAAI,EAAY,CAAG,EACf,SAAkB,EAAK,EAAK,aAAc,WAAW,EAC9C,EAEX,KAAM,IAAI,WAAU,EAAgB,EAAK,GAAG,EAAO,YAAY,CAAC,CACpE,CACA,kBAAyB,EAAK,EAAK,EAAK,EAAK,CACzC,GAAS,CAAG,EACZ,GAAM,GAAO,GAAW,EAAK,CAAG,EAC1B,EAAS,SAAS,EAAI,MAAM,GAAI,EAAE,EAAG,EAAE,EACvC,EAAY,CACd,KAAM,OAAO,EAAI,MAAM,EAAG,EAAE,IAC5B,WAAY,EACZ,KAAM,SACN,MACJ,EACM,EAAU,CACZ,OAAQ,EACR,KAAM,QACV,EACM,EAAY,KAAM,IAAa,EAAK,CAAG,EAC7C,GAAI,EAAU,OAAO,SAAS,YAAY,EACtC,MAAO,IAAI,YAAW,KAAM,GAAO,OAAO,WAAW,EAAW,EAAW,CAAM,CAAC,EAEtF,GAAI,EAAU,OAAO,SAAS,WAAW,EACrC,MAAO,GAAO,OAAO,UAAU,EAAW,EAAW,EAAS,GAAO,CAAC,UAAW,WAAW,CAAC,EAEjG,KAAM,IAAI,WAAU,8DAA8D,CACtF,CAMO,GAAM,IAAU,MAAO,EAAK,EAAK,EAAc,EAAK,IAAQ,CAC/D,GAAM,GAAU,KAAM,IAAU,EAAK,EAAK,EAAK,CAAG,EAClD,MAAO,IAAO,EAAI,MAAM,EAAE,EAAG,EAAS,CAAY,CACtD,EElDA,ICAA,IACe,YAAqB,EAAK,CACrC,OAAQ,OACC,eACA,mBACA,mBACA,eACD,MAAO,mBAEP,KAAM,IAAI,GAAiB,OAAO,8DAAgE,EAE9G,CCXA,OAAO,IAAQ,CAAC,EAAK,IAAQ,CACzB,GAAI,EAAI,WAAW,IAAI,GAAK,EAAI,WAAW,IAAI,EAAG,CAC9C,GAAM,CAAE,iBAAkB,EAAI,UAC9B,GAAI,MAAO,IAAkB,UAAY,EAAgB,KACrD,KAAM,IAAI,WAAU,GAAG,wDAA0D,CAEzF,CACJ,EFeO,GAAM,IAAU,MAAO,EAAK,EAAK,IAAiB,CACrD,GAAI,CAAC,EAAY,CAAG,EAChB,KAAM,IAAI,WAAU,EAAgB,EAAK,GAAG,CAAK,CAAC,EAItD,GAFA,EAAkB,EAAK,EAAK,UAAW,WAAW,EAClD,GAAe,EAAK,CAAG,EACnB,EAAI,OAAO,SAAS,SAAS,EAC7B,MAAO,IAAI,YAAW,KAAM,GAAO,OAAO,QAAQ,GAAgB,CAAG,EAAG,EAAK,CAAY,CAAC,EAE9F,GAAI,EAAI,OAAO,SAAS,WAAW,EAAG,CAClC,GAAM,GAAe,KAAM,GAAO,OAAO,UAAU,MAAO,EAAc,EAAK,GAAgB,CAAG,EAAG,GAAG,EAAc,EACpH,MAAO,IAAI,YAAW,KAAM,GAAO,OAAO,UAAU,MAAO,CAAY,CAAC,CAC5E,CACA,KAAM,IAAI,WAAU,gFAAgF,CACxG,EGpCA,IAEO,YAAmB,EAAK,CAC3B,OAAQ,OACC,UACD,MAAO,SACN,UACD,MAAO,SACN,cACA,gBACD,MAAO,SACN,gBACD,MAAO,SACN,gBACD,MAAO,aAEP,KAAM,IAAI,GAAiB,8BAA8B,GAAK,EAE1E,CACA,GAAO,IAAQ,AAAC,GAAQ,GAAO,GAAI,YAAW,GAAU,CAAG,GAAK,CAAC,CAAC,ECnBlE,ICAA,ICAA,ICAA,IAIA,YAAuB,EAAK,CACxB,GAAI,GACA,EACJ,OAAQ,EAAI,SACH,MAAO,CACR,OAAQ,EAAI,SACH,YACA,YACA,QACD,EAAY,CAAE,KAAM,OAAQ,KAAM,OAAO,EAAI,IAAI,MAAM,EAAE,GAAI,EAC7D,EAAY,CAAC,OAAQ,QAAQ,EAC7B,UACC,oBACA,oBACA,gBACD,KAAM,IAAI,GAAiB,GAAG,EAAI,oDAAoD,MACrF,cACA,cACA,cACA,gBACA,gBACA,YACD,EAAY,CAAE,KAAM,SAAU,EAC9B,EAAY,CAAC,UAAW,SAAS,EACjC,UACC,aACA,aACA,SACD,EAAY,CAAE,KAAM,QAAS,EAC7B,EAAY,CAAC,UAAW,WAAW,EACnC,UACC,yBACA,yBACA,qBACD,EAAY,CAAE,KAAM,QAAS,EAC7B,EAAY,CAAC,YAAY,EACzB,cAEA,KAAM,IAAI,GAAiB,8DAA8D,EAEjG,KACJ,KACK,MAAO,CACR,OAAQ,EAAI,SACH,YACA,YACA,QACD,EAAY,CAAE,KAAM,UAAW,KAAM,OAAO,EAAI,IAAI,MAAM,EAAE,GAAI,EAChE,EAAY,EAAI,EAAI,CAAC,MAAM,EAAI,CAAC,QAAQ,EACxC,UACC,YACA,YACA,QACD,EAAY,CAAE,KAAM,oBAAqB,KAAM,OAAO,EAAI,IAAI,MAAM,EAAE,GAAI,EAC1E,EAAY,EAAI,EAAI,CAAC,MAAM,EAAI,CAAC,QAAQ,EACxC,UACC,eACA,mBACA,mBACA,eACD,EAAY,CACR,KAAM,WACN,KAAM,OAAO,SAAS,EAAI,IAAI,MAAM,EAAE,EAAG,EAAE,GAAK,GACpD,EACA,EAAY,EAAI,EAAI,CAAC,UAAW,WAAW,EAAI,CAAC,UAAW,SAAS,EACpE,cAEA,KAAM,IAAI,GAAiB,8DAA8D,EAEjG,KACJ,KACK,KAAM,CACP,OAAQ,EAAI,SACH,QACD,EAAY,CAAE,KAAM,QAAS,WAAY,OAAQ,EACjD,EAAY,EAAI,EAAI,CAAC,MAAM,EAAI,CAAC,QAAQ,EACxC,UACC,QACD,EAAY,CAAE,KAAM,QAAS,WAAY,OAAQ,EACjD,EAAY,EAAI,EAAI,CAAC,MAAM,EAAI,CAAC,QAAQ,EACxC,UACC,QACD,EAAY,CAAE,KAAM,QAAS,WAAY,OAAQ,EACjD,EAAY,EAAI,EAAI,CAAC,MAAM,EAAI,CAAC,QAAQ,EACxC,UACC,cACA,qBACA,qBACA,iBACD,EAAY,CAAE,KAAM,OAAQ,WAAY,EAAI,GAAI,EAChD,EAAY,EAAI,EAAI,CAAC,YAAY,EAAI,CAAC,EACtC,cAEA,KAAM,IAAI,GAAiB,8DAA8D,EAEjG,KACJ,KACM,IAAoB,GAAK,EAAS,IAAM,OAC1C,GAAI,EAAI,MAAQ,QACZ,KAAM,IAAI,GAAiB,8DAA8D,EAE7F,OAAQ,EAAI,SACH,UACD,EAAY,CAAE,KAAM,eAAgB,WAAY,cAAe,EAC/D,EAAY,EAAI,EAAI,CAAC,MAAM,EAAI,CAAC,QAAQ,EACxC,UACC,GAAS,GAAK,SACf,EAAY,CAAE,KAAM,aAAc,WAAY,YAAa,EAC3D,EAAY,EAAI,EAAI,CAAC,MAAM,EAAI,CAAC,QAAQ,EACxC,cAEA,KAAM,IAAI,GAAiB,wEAAwE,EAE3G,cAEA,KAAM,IAAI,GAAiB,6DAA6D,EAEhG,MAAO,CAAE,YAAW,WAAU,CAClC,CACA,GAAM,IAAQ,KAAO,IAAQ,CACzB,GAAI,GAAI,EACR,GAAM,CAAE,YAAW,aAAc,GAAc,CAAG,EAC5C,EAAO,CACT,EACC,GAAK,EAAI,OAAS,MAAQ,IAAO,OAAS,EAAK,GAC/C,GAAK,EAAI,WAAa,MAAQ,IAAO,OAAS,EAAK,CACxD,EACA,GAAI,EAAU,OAAS,SACnB,MAAO,GAAO,OAAO,UAAU,MAAO,EAAU,EAAI,CAAC,EAAG,GAAG,CAAI,EAEnE,GAAM,GAAU,IAAK,CAAI,EACzB,aAAO,GAAQ,IACR,EAAO,OAAO,UAAU,MAAO,EAAS,GAAG,CAAI,CAC1D,EACO,GAAQ,GH/Cf,kBAAgC,EAAK,EAAK,EAAgB,CACtD,GAAI,CAAC,EAAS,CAAG,EACb,KAAM,IAAI,WAAU,uBAAuB,EAG/C,GADA,GAAQ,GAAM,EAAI,KACd,MAAO,IAAQ,UAAY,CAAC,EAC5B,KAAM,IAAI,WAAU,0DAA0D,EAElF,OAAQ,EAAI,SACH,MACD,GAAI,MAAO,GAAI,GAAM,UAAY,CAAC,EAAI,EAClC,KAAM,IAAI,WAAU,yCAAyC,EAGjE,MADA,IAAyE,GAAiB,EAAI,MAAQ,IAClG,EACO,GAAY,IAAK,EAAK,MAAK,IAAK,EAAM,CAAC,EAE3C,EAAgB,EAAI,CAAC,MAC3B,MACD,GAAI,EAAI,MAAQ,OACZ,KAAM,IAAI,GAAiB,oEAAoE,MAElG,SACA,MACD,MAAO,IAAY,IAAK,EAAK,KAAI,CAAC,UAElC,KAAM,IAAI,GAAiB,8CAA8C,EAErF,CIvHA,IAEA,GAAM,IAAqB,AAAC,GAAQ,CAChC,GAAI,cAAe,aAEnB,IAAI,CAAC,GAAU,CAAG,EACd,KAAM,IAAI,WAAU,EAAgB,EAAK,GAAG,EAAO,YAAY,CAAC,EAEpE,GAAI,EAAI,OAAS,SACb,KAAM,IAAI,WAAU,GAAG,EAAM,KAAK,MAAM,+DAA+D,EAE/G,EACM,GAAsB,CAAC,EAAK,IAAU,CACxC,GAAI,CAAC,GAAU,CAAG,EACd,KAAM,IAAI,WAAU,EAAgB,EAAK,GAAG,CAAK,CAAC,EAEtD,GAAI,EAAI,OAAS,SACb,KAAM,IAAI,WAAU,GAAG,EAAM,KAAK,MAAM,oEAAoE,EAEhH,GAAI,IAAU,QAAU,EAAI,OAAS,SACjC,KAAM,IAAI,WAAU,GAAG,EAAM,KAAK,MAAM,wEAAwE,EAEpH,GAAI,IAAU,WAAa,EAAI,OAAS,SACpC,KAAM,IAAI,WAAU,GAAG,EAAM,KAAK,MAAM,2EAA2E,EAEvH,GAAI,EAAI,WAAa,IAAU,UAAY,EAAI,OAAS,UACpD,KAAM,IAAI,WAAU,GAAG,EAAM,KAAK,MAAM,yEAAyE,EAErH,GAAI,EAAI,WAAa,IAAU,WAAa,EAAI,OAAS,UACrD,KAAM,IAAI,WAAU,GAAG,EAAM,KAAK,MAAM,0EAA0E,CAE1H,EACM,GAAe,CAAC,EAAK,EAAK,IAAU,CAKtC,AAJkB,EAAI,WAAW,IAAI,GACjC,IAAQ,OACR,EAAI,WAAW,OAAO,GACtB,qBAAqB,KAAK,CAAG,EAE7B,GAAmB,CAAG,EAGtB,GAAoB,EAAK,CAAK,CAEtC,EACO,GAAQ,GC5Cf,ICAA,IDUA,kBAA6B,EAAK,EAAK,EAAc,EAAI,EAAK,CAC1D,GAAM,GAAe,EAAI,MAAM,EAAG,CAAC,EACnC,MAAO,IAAQ,EAAc,EAAK,EAAc,EAAI,EAAK,GAAI,YAAW,CAAC,CAAC,CAC9E,CfFA,kBAAoC,EAAK,EAAK,EAAc,EAAY,CAEpE,OADA,GAAa,EAAK,EAAK,SAAS,EACxB,OACC,MAAO,CACR,GAAI,IAAiB,OACjB,KAAM,IAAI,GAAW,0CAA0C,EACnE,MAAO,EACX,KACK,UACD,GAAI,IAAiB,OACjB,KAAM,IAAI,GAAW,0CAA0C,MAClE,qBACA,qBACA,iBAAkB,CACnB,GAAI,CAAC,EAAS,EAAW,GAAG,EACxB,KAAM,IAAI,GAAW,6DAA6D,EACtF,GAAI,CAAC,AAAK,GAAY,CAAG,EACrB,KAAM,IAAI,GAAiB,uFAAuF,EACtH,GAAM,GAAM,KAAM,IAAU,EAAW,IAAK,CAAG,EAC3C,EACA,EACJ,GAAI,EAAW,MAAQ,OAAW,CAC9B,GAAI,MAAO,GAAW,KAAQ,SAC1B,KAAM,IAAI,GAAW,kDAAkD,EAC3E,EAAa,EAAU,EAAW,GAAG,CACzC,CACA,GAAI,EAAW,MAAQ,OAAW,CAC9B,GAAI,MAAO,GAAW,KAAQ,SAC1B,KAAM,IAAI,GAAW,kDAAkD,EAC3E,EAAa,EAAU,EAAW,GAAG,CACzC,CACA,GAAM,GAAe,KAAM,AAAK,IAAU,EAAK,EAAK,IAAQ,UAAY,EAAW,IAAM,EAAK,IAAQ,UAAY,GAAU,EAAW,GAAG,EAAI,SAAS,EAAI,MAAM,GAAI,EAAE,EAAG,EAAE,EAAG,EAAY,CAAU,EACrM,GAAI,IAAQ,UACR,MAAO,GACX,GAAI,IAAiB,OACjB,KAAM,IAAI,GAAW,2BAA2B,EACpD,MAAO,IAAM,EAAI,MAAM,EAAE,EAAG,EAAc,CAAY,CAC1D,KACK,aACA,eACA,mBACA,mBACA,eAAgB,CACjB,GAAI,IAAiB,OACjB,KAAM,IAAI,GAAW,2BAA2B,EACpD,MAAO,IAAM,EAAK,EAAK,CAAY,CACvC,KACK,yBACA,yBACA,qBAAsB,CACvB,GAAI,IAAiB,OACjB,KAAM,IAAI,GAAW,2BAA2B,EACpD,GAAI,MAAO,GAAW,KAAQ,SAC1B,KAAM,IAAI,GAAW,oDAAoD,EAC7E,GAAI,MAAO,GAAW,KAAQ,SAC1B,KAAM,IAAI,GAAW,mDAAmD,EAC5E,MAAO,IAAQ,EAAK,EAAK,EAAc,EAAW,IAAK,EAAU,EAAW,GAAG,CAAC,CACpF,KACK,aACA,aACA,SAAU,CACX,GAAI,IAAiB,OACjB,KAAM,IAAI,GAAW,2BAA2B,EACpD,MAAO,IAAM,EAAK,EAAK,CAAY,CACvC,KACK,gBACA,gBACA,YAAa,CACd,GAAI,IAAiB,OACjB,KAAM,IAAI,GAAW,2BAA2B,EACpD,GAAI,MAAO,GAAW,IAAO,SACzB,KAAM,IAAI,GAAW,6DAA6D,EACtF,GAAI,MAAO,GAAW,KAAQ,SAC1B,KAAM,IAAI,GAAW,2DAA2D,EACpF,GAAM,GAAK,EAAU,EAAW,EAAE,EAC5B,EAAM,EAAU,EAAW,GAAG,EACpC,MAAO,IAAS,EAAK,EAAK,EAAc,EAAI,CAAG,CACnD,SAEI,KAAM,IAAI,GAAiB,2DAA2D,EAGlG,CACA,GAAO,IAAQ,GiB9Ff,IACA,YAAsB,EAAK,EAAmB,EAAkB,EAAiB,EAAY,CACzF,GAAI,EAAW,OAAS,QAAa,EAAgB,OAAS,OAC1D,KAAM,IAAI,GAAI,gEAAgE,EAElF,GAAI,CAAC,GAAmB,EAAgB,OAAS,OAC7C,MAAO,IAAI,KAEf,GAAI,CAAC,MAAM,QAAQ,EAAgB,IAAI,GACnC,EAAgB,KAAK,SAAW,GAChC,EAAgB,KAAK,KAAK,AAAC,GAAU,MAAO,IAAU,UAAY,EAAM,SAAW,CAAC,EACpF,KAAM,IAAI,GAAI,uFAAuF,EAEzG,GAAI,GACJ,AAAI,IAAqB,OACrB,EAAa,GAAI,KAAI,CAAC,GAAG,OAAO,QAAQ,CAAgB,EAAG,GAAG,EAAkB,QAAQ,CAAC,CAAC,EAG1F,EAAa,EAEjB,OAAW,KAAa,GAAgB,KAAM,CAC1C,GAAI,CAAC,EAAW,IAAI,CAAS,EACzB,KAAM,IAAI,GAAiB,+BAA+B,sBAA8B,EAE5F,GAAI,EAAW,KAAe,OAC1B,KAAM,IAAI,GAAI,+BAA+B,eAAuB,EAEnE,GAAI,EAAW,IAAI,CAAS,GAAK,EAAgB,KAAe,OACjE,KAAM,IAAI,GAAI,+BAA+B,gCAAwC,CAE7F,CACA,MAAO,IAAI,KAAI,EAAgB,IAAI,CACvC,CACA,GAAO,IAAQ,GCjCf,OAAM,IAAqB,CAAC,EAAQ,IAAe,CAC/C,GAAI,IAAe,QACd,EAAC,MAAM,QAAQ,CAAU,GAAK,EAAW,KAAK,AAAC,GAAM,MAAO,IAAM,QAAQ,GAC3E,KAAM,IAAI,WAAU,IAAI,uCAA4C,EAExE,GAAI,EAAC,EAGL,MAAO,IAAI,KAAI,CAAU,CAC7B,EACO,GAAQ,GrCCf,kBAAuC,EAAK,EAAK,EAAS,CACtD,GAAI,GACJ,GAAI,CAAC,EAAS,CAAG,EACb,KAAM,IAAI,GAAW,iCAAiC,EAE1D,GAAI,EAAI,YAAc,QAAa,EAAI,SAAW,QAAa,EAAI,cAAgB,OAC/E,KAAM,IAAI,GAAW,qBAAqB,EAE9C,GAAI,MAAO,GAAI,IAAO,SAClB,KAAM,IAAI,GAAW,qDAAqD,EAE9E,GAAI,MAAO,GAAI,YAAe,SAC1B,KAAM,IAAI,GAAW,0CAA0C,EAEnE,GAAI,MAAO,GAAI,KAAQ,SACnB,KAAM,IAAI,GAAW,kDAAkD,EAE3E,GAAI,EAAI,YAAc,QAAa,MAAO,GAAI,WAAc,SACxD,KAAM,IAAI,GAAW,qCAAqC,EAE9D,GAAI,EAAI,gBAAkB,QAAa,MAAO,GAAI,eAAkB,SAChE,KAAM,IAAI,GAAW,kCAAkC,EAE3D,GAAI,EAAI,MAAQ,QAAa,MAAO,GAAI,KAAQ,SAC5C,KAAM,IAAI,GAAW,wBAAwB,EAEjD,GAAI,EAAI,SAAW,QAAa,CAAC,EAAS,EAAI,MAAM,EAChD,KAAM,IAAI,GAAW,8CAA8C,EAEvE,GAAI,EAAI,cAAgB,QAAa,CAAC,EAAS,EAAI,WAAW,EAC1D,KAAM,IAAI,GAAW,qDAAqD,EAE9E,GAAI,GACJ,GAAI,EAAI,UAAW,CACf,GAAM,IAAkB,EAAU,EAAI,SAAS,EAC/C,GAAI,CACA,EAAa,KAAK,MAAM,EAAQ,OAAO,EAAe,CAAC,CAC3D,MACA,CACI,KAAM,IAAI,GAAW,iCAAiC,CAC1D,CACJ,CACA,GAAI,CAAC,EAAW,EAAY,EAAI,OAAQ,EAAI,WAAW,EACnD,KAAM,IAAI,GAAW,kHAAkH,EAE3I,GAAM,GAAa,IACZ,KACA,EAAI,UACJ,EAAI,WACX,EAEA,GADA,GAAa,EAAY,GAAI,KAAyD,GAAQ,KAAM,EAAY,CAAU,EACtH,EAAW,MAAQ,OAAW,CAC9B,GAAI,CAAC,GAAc,CAAC,EAAW,IAC3B,KAAM,IAAI,GAAW,sEAAsE,EAE/F,GAAI,EAAW,MAAQ,MACnB,KAAM,IAAI,GAAiB,sEAAsE,CAEzG,CACA,GAAM,CAAE,MAAK,OAAQ,EACrB,GAAI,MAAO,IAAQ,UAAY,CAAC,EAC5B,KAAM,IAAI,GAAW,2CAA2C,EAEpE,GAAI,MAAO,IAAQ,UAAY,CAAC,EAC5B,KAAM,IAAI,GAAW,sDAAsD,EAE/E,GAAM,GAA0B,GAAW,GAAmB,0BAA2B,EAAQ,uBAAuB,EAClH,EAA8B,GAChC,GAAmB,8BAA+B,EAAQ,2BAA2B,EACzF,GAAI,GAA2B,CAAC,EAAwB,IAAI,CAAG,EAC3D,KAAM,IAAI,GAAkB,gDAAgD,EAEhF,GAAI,GAA+B,CAAC,EAA4B,IAAI,CAAG,EACnE,KAAM,IAAI,GAAkB,2DAA2D,EAE3F,GAAI,GACJ,AAAI,EAAI,gBAAkB,QACtB,GAAe,EAAU,EAAI,aAAa,GAE9C,GAAI,GAAc,GAClB,AAAI,MAAO,IAAQ,YACf,GAAM,KAAM,GAAI,EAAY,CAAG,EAC/B,EAAc,IAElB,GAAI,GACJ,GAAI,CACA,EAAM,KAAM,IAAqB,EAAK,EAAK,EAAc,CAAU,CACvE,OACO,GAAP,CACI,GAAI,aAAe,WACf,KAAM,IAEV,EAAM,GAAY,CAAG,CACzB,CACA,GAAM,GAAK,EAAU,EAAI,EAAE,EACrB,EAAM,EAAU,EAAI,GAAG,EACvB,GAAkB,EAAQ,OAAQ,GAAK,EAAI,aAAe,MAAQ,IAAO,OAAS,EAAK,EAAE,EAC3F,GACJ,AAAI,EAAI,MAAQ,OACZ,GAAiB,EAAO,GAAiB,EAAQ,OAAO,GAAG,EAAG,EAAQ,OAAO,EAAI,GAAG,CAAC,EAGrF,GAAiB,GAErB,GAAI,IAAY,KAAM,IAAQ,EAAK,EAAK,EAAU,EAAI,UAAU,EAAG,EAAI,EAAK,EAAc,EAC1F,AAAI,EAAW,MAAQ,OACnB,IAAY,KAAQ,CAAkD,GAAQ,YAAe,IAAS,EAAS,GAEnH,GAAM,GAAS,CAAE,YAAU,EAa3B,MAZI,GAAI,YAAc,QAClB,GAAO,gBAAkB,GAEzB,EAAI,MAAQ,QACZ,GAAO,4BAA8B,EAAU,EAAI,GAAG,GAEtD,EAAI,cAAgB,QACpB,GAAO,wBAA0B,EAAI,aAErC,EAAI,SAAW,QACf,GAAO,kBAAoB,EAAI,QAE/B,EACO,IAAK,EAAQ,KAAI,EAErB,CACX,CDrIA,kBAAqC,EAAK,EAAK,EAAS,CAIpD,GAHI,YAAe,aACf,GAAM,EAAQ,OAAO,CAAG,GAExB,MAAO,IAAQ,SACf,KAAM,IAAI,GAAW,4CAA4C,EAErE,GAAM,CAAE,EAAG,EAAiB,EAAG,EAAc,EAAG,EAAI,EAAG,EAAY,EAAG,EAAK,UAAY,EAAI,MAAM,GAAG,EACpG,GAAI,IAAW,EACX,KAAM,IAAI,GAAW,qBAAqB,EAE9C,GAAM,GAAY,KAAM,IAAiB,CACrC,aACA,GAAK,GAAM,OACX,UAAW,GAAmB,OAC9B,IAAM,GAAO,OACb,cAAe,GAAgB,MACnC,EAAG,EAAK,CAAO,EACT,EAAS,CAAE,UAAW,EAAU,UAAW,gBAAiB,EAAU,eAAgB,EAC5F,MAAI,OAAO,IAAQ,WACR,IAAK,EAAQ,IAAK,EAAU,GAAI,EAEpC,CACX,CuC1BA,ICAA,ICAA,ICAA,ICAA,ICAA,IHSO,GAAM,IAAc,OAAO,EITlC,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,ICAA,I7EsCO,YAAiC,EAAiB,CACvD,GAAM,GAAI,GAAI,YAAW,CAAO,EAChC,cAAO,gBAAgB,CAAC,EACjB,WAAU,OAAO,EAAE,MAAgB,CAC5C,CAEO,YAAkC,EAAc,CACrD,MAAO,MAAK,MAAM,WAAU,OAAO,CAAC,CAAC,CACvC,CAEO,YAAyB,EAAkB,CAChD,MAAO,MAAK,MAAM,GAAI,aAAY,EAAE,OAAO,CAAC,CAAC,CAC/C,CAMA,YAAc,EAAyB,CACrC,GAAM,GAAU,EAAO,IAAI,MAAM,yBAAyB,EAAE,GAE5D,MAAO,AADuB,IAAsB,CAAO,GACzC,IACpB,CAYA,YAAY,EAAyB,CACnC,GAAM,GAAU,EAAO,IAAI,MAAM,yBAAyB,EAAE,GACtD,EAAwB,GAAsB,CAAO,EAC3D,MAAO,IAAI,KAAI,GAAW,GAAG,EAAE,KAAK,MAAM,GAAG,EAAE,IAAI,CACrD,CAEA,kBAAwB,EAAwD,CAC9E,GAAM,GAA+B,EAAe,MAAW,KAAK,MAAM,WAAU,OAAO,EAAe,KAAQ,CAAC,EAAI,EACjH,EAAU,EAAO,IAAI,MAAM,yBAAyB,EAAE,GACtD,EAAwB,GAAsB,CAAO,EACrD,EAAmB,KAAM,OAAM,EAAU,IAAK,CAClD,OAAQ,OACR,QAAS,CACP,eAAgB,kBAClB,EACA,KAAM,KAAK,UAAU,CACnB,SAAU,EAAO,SACjB,UAAW,EAAO,SACpB,CAAC,CACH,CAAC,EACG,EAAS,GACT,EACJ,EAA0B,KAAM,GAAiB,KAAK,EACtD,GAAI,CACF,EAA0B,KAAK,MAAM,CAAuB,EAC5D,EAAS,EACX,MAAE,CACA,QAAQ,KAAK,qCAAqC,CACpD,CAEA,GAAI,CAAC,EAAiB,IAAM,CAAC,EAC3B,MAAO,CACL,OAAQ,EAAiB,OACzB,MAAQ,GAA2B,EACrC,EACK,CACL,GAAM,GAAY,EAA4C,MAC3D,OAAO,AAAC,GAAM,EAAE,cAAgB,+BAA+B,EAC/D,IAAI,KAAO,IACN,EAAE,WAAa,OACV,EAAE,SAEF,MAAM,EAAE,QAAQ,EAAE,KAAK,AAAC,GAAM,EAAE,KAAK,CAAC,CAEhD,EAEG,EAAgB,WAAU,SAAS,EAAU,GAAG,EAChD,EAAoB,EAAS,IAAI,KAAO,IAAM,CAClD,GAAM,GAAY,KAAM,AAAK,IAAe,KAAM,GAAG,CAAa,EAElE,MADgB,IAAI,aAAY,EAAE,OAAO,EAAU,SAAS,CAE9D,CAAC,EAKD,MAFsC,CAAE,KAD1B,MAAM,SAAQ,IAAI,CAAiB,GAAG,QAAQ,AAAC,GAAM,KAAK,MAAM,CAAC,EAAE,oBAAiC,EACpE,MAAO,WAAU,OAAO,KAAK,UAAU,CAAM,CAAC,CAAC,CAG/F,CACF", - "names": [] -} diff --git a/src/lib/utils/shlClient-local.ts b/src/lib/utils/shlClient.ts similarity index 100% rename from src/lib/utils/shlClient-local.ts rename to src/lib/utils/shlClient.ts diff --git a/src/routes/(viewer)/ips/+page.svelte b/src/routes/(viewer)/ips/+page.svelte index c431b2a8..e0257f55 100644 --- a/src/routes/(viewer)/ips/+page.svelte +++ b/src/routes/(viewer)/ips/+page.svelte @@ -12,7 +12,7 @@ TabPane, Row, } from 'sveltestrap'; - import * as shlClient from '$lib/utils/shlClient-local'; + import * as shlClient from '$lib/utils/shlClient'; import { verify } from '$lib/utils/shcDecoder.js'; import type { Bundle, Composition, Patient } from 'fhir/r4';