n4auth/node_modules/@azure/msal-node/dist/msal-node.cjs.production.min.js.map
2021-07-15 23:10:20 +03:00

1 line
148 KiB
Plaintext

{"version":3,"file":"msal-node.cjs.production.min.js","sources":["../src/utils/Constants.ts","../node_modules/regenerator-runtime/runtime.js","../src/network/HttpClient.ts","../src/config/Configuration.ts","../src/utils/NetworkUtils.ts","../src/crypto/GuidGenerator.ts","../src/utils/EncodingUtils.ts","../src/crypto/PkceGenerator.ts","../src/crypto/CryptoProvider.ts","../src/cache/serializer/Deserializer.ts","../src/cache/serializer/Serializer.ts","../src/cache/NodeStorage.ts","../src/cache/TokenCache.ts","../src/client/ClientApplication.ts","../src/packageMetadata.ts","../src/client/PublicClientApplication.ts","../src/client/ClientAssertion.ts","../src/client/ConfidentialClientApplication.ts"],"sourcesContent":["/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\n/**\r\n * http methods\r\n */\r\nexport enum HttpMethod {\r\n GET = \"get\",\r\n POST = \"post\",\r\n}\r\n\r\n/**\r\n * Constant used for PKCE\r\n */\r\nexport const RANDOM_OCTET_SIZE = 32;\r\n\r\n/**\r\n * Constants used in PKCE\r\n */\r\nexport const Hash = {\r\n SHA256: \"sha256\",\r\n};\r\n\r\n/**\r\n * Constants for encoding schemes\r\n */\r\nexport const CharSet = {\r\n CV_CHARSET:\r\n \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~\",\r\n};\r\n\r\n/**\r\n * Cache Constants\r\n */\r\nexport const CACHE = {\r\n FILE_CACHE: \"fileCache\",\r\n EXTENSION_LIB: \"extenstion_library\",\r\n};\r\n\r\n/**\r\n * Constants\r\n */\r\nexport const Constants = {\r\n MSAL_SKU: \"msal.js.node\",\r\n JWT_BEARER_ASSERTION_TYPE: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\"\r\n};\r\n\r\n/**\r\n * API Codes for Telemetry purposes.\r\n * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs\r\n * 0-99 Silent Flow\r\n * 600-699 Device Code Flow\r\n * 800-899 Auth Code Flow\r\n */\r\nexport enum ApiId {\r\n acquireTokenSilent = 62,\r\n acquireTokenByUsernamePassword = 371,\r\n acquireTokenByDeviceCode = 671,\r\n acquireTokenByClientCredential = 771,\r\n acquireTokenByCode = 871,\r\n acquireTokenByRefreshToken = 872\r\n}\r\n\r\n/**\r\n * JWT constants\r\n */\r\nexport const JwtConstants = {\r\n ALGORITHM: \"alg\",\r\n RSA_256: \"RS256\",\r\n X5T: \"x5t\", \r\n X5C: \"x5c\",\r\n AUDIENCE: \"aud\",\r\n EXPIRATION_TIME: \"exp\",\r\n ISSUER: \"iss\",\r\n SUBJECT: \"sub\",\r\n NOT_BEFORE: \"nbf\",\r\n JWT_ID: \"jti\",\r\n};\r\n","/**\n * Copyright (c) 2014-present, Facebook, Inc.\n *\n * This source code is licensed under the MIT license found in the\n * LICENSE file in the root directory of this source tree.\n */\n\nvar runtime = (function (exports) {\n \"use strict\";\n\n var Op = Object.prototype;\n var hasOwn = Op.hasOwnProperty;\n var undefined; // More compressible than void 0.\n var $Symbol = typeof Symbol === \"function\" ? Symbol : {};\n var iteratorSymbol = $Symbol.iterator || \"@@iterator\";\n var asyncIteratorSymbol = $Symbol.asyncIterator || \"@@asyncIterator\";\n var toStringTagSymbol = $Symbol.toStringTag || \"@@toStringTag\";\n\n function define(obj, key, value) {\n Object.defineProperty(obj, key, {\n value: value,\n enumerable: true,\n configurable: true,\n writable: true\n });\n return obj[key];\n }\n try {\n // IE 8 has a broken Object.defineProperty that only works on DOM objects.\n define({}, \"\");\n } catch (err) {\n define = function(obj, key, value) {\n return obj[key] = value;\n };\n }\n\n function wrap(innerFn, outerFn, self, tryLocsList) {\n // If outerFn provided and outerFn.prototype is a Generator, then outerFn.prototype instanceof Generator.\n var protoGenerator = outerFn && outerFn.prototype instanceof Generator ? outerFn : Generator;\n var generator = Object.create(protoGenerator.prototype);\n var context = new Context(tryLocsList || []);\n\n // The ._invoke method unifies the implementations of the .next,\n // .throw, and .return methods.\n generator._invoke = makeInvokeMethod(innerFn, self, context);\n\n return generator;\n }\n exports.wrap = wrap;\n\n // Try/catch helper to minimize deoptimizations. Returns a completion\n // record like context.tryEntries[i].completion. This interface could\n // have been (and was previously) designed to take a closure to be\n // invoked without arguments, but in all the cases we care about we\n // already have an existing method we want to call, so there's no need\n // to create a new function object. We can even get away with assuming\n // the method takes exactly one argument, since that happens to be true\n // in every case, so we don't have to touch the arguments object. The\n // only additional allocation required is the completion record, which\n // has a stable shape and so hopefully should be cheap to allocate.\n function tryCatch(fn, obj, arg) {\n try {\n return { type: \"normal\", arg: fn.call(obj, arg) };\n } catch (err) {\n return { type: \"throw\", arg: err };\n }\n }\n\n var GenStateSuspendedStart = \"suspendedStart\";\n var GenStateSuspendedYield = \"suspendedYield\";\n var GenStateExecuting = \"executing\";\n var GenStateCompleted = \"completed\";\n\n // Returning this object from the innerFn has the same effect as\n // breaking out of the dispatch switch statement.\n var ContinueSentinel = {};\n\n // Dummy constructor functions that we use as the .constructor and\n // .constructor.prototype properties for functions that return Generator\n // objects. For full spec compliance, you may wish to configure your\n // minifier not to mangle the names of these two functions.\n function Generator() {}\n function GeneratorFunction() {}\n function GeneratorFunctionPrototype() {}\n\n // This is a polyfill for %IteratorPrototype% for environments that\n // don't natively support it.\n var IteratorPrototype = {};\n IteratorPrototype[iteratorSymbol] = function () {\n return this;\n };\n\n var getProto = Object.getPrototypeOf;\n var NativeIteratorPrototype = getProto && getProto(getProto(values([])));\n if (NativeIteratorPrototype &&\n NativeIteratorPrototype !== Op &&\n hasOwn.call(NativeIteratorPrototype, iteratorSymbol)) {\n // This environment has a native %IteratorPrototype%; use it instead\n // of the polyfill.\n IteratorPrototype = NativeIteratorPrototype;\n }\n\n var Gp = GeneratorFunctionPrototype.prototype =\n Generator.prototype = Object.create(IteratorPrototype);\n GeneratorFunction.prototype = Gp.constructor = GeneratorFunctionPrototype;\n GeneratorFunctionPrototype.constructor = GeneratorFunction;\n GeneratorFunction.displayName = define(\n GeneratorFunctionPrototype,\n toStringTagSymbol,\n \"GeneratorFunction\"\n );\n\n // Helper for defining the .next, .throw, and .return methods of the\n // Iterator interface in terms of a single ._invoke method.\n function defineIteratorMethods(prototype) {\n [\"next\", \"throw\", \"return\"].forEach(function(method) {\n define(prototype, method, function(arg) {\n return this._invoke(method, arg);\n });\n });\n }\n\n exports.isGeneratorFunction = function(genFun) {\n var ctor = typeof genFun === \"function\" && genFun.constructor;\n return ctor\n ? ctor === GeneratorFunction ||\n // For the native GeneratorFunction constructor, the best we can\n // do is to check its .name property.\n (ctor.displayName || ctor.name) === \"GeneratorFunction\"\n : false;\n };\n\n exports.mark = function(genFun) {\n if (Object.setPrototypeOf) {\n Object.setPrototypeOf(genFun, GeneratorFunctionPrototype);\n } else {\n genFun.__proto__ = GeneratorFunctionPrototype;\n define(genFun, toStringTagSymbol, \"GeneratorFunction\");\n }\n genFun.prototype = Object.create(Gp);\n return genFun;\n };\n\n // Within the body of any async function, `await x` is transformed to\n // `yield regeneratorRuntime.awrap(x)`, so that the runtime can test\n // `hasOwn.call(value, \"__await\")` to determine if the yielded value is\n // meant to be awaited.\n exports.awrap = function(arg) {\n return { __await: arg };\n };\n\n function AsyncIterator(generator, PromiseImpl) {\n function invoke(method, arg, resolve, reject) {\n var record = tryCatch(generator[method], generator, arg);\n if (record.type === \"throw\") {\n reject(record.arg);\n } else {\n var result = record.arg;\n var value = result.value;\n if (value &&\n typeof value === \"object\" &&\n hasOwn.call(value, \"__await\")) {\n return PromiseImpl.resolve(value.__await).then(function(value) {\n invoke(\"next\", value, resolve, reject);\n }, function(err) {\n invoke(\"throw\", err, resolve, reject);\n });\n }\n\n return PromiseImpl.resolve(value).then(function(unwrapped) {\n // When a yielded Promise is resolved, its final value becomes\n // the .value of the Promise<{value,done}> result for the\n // current iteration.\n result.value = unwrapped;\n resolve(result);\n }, function(error) {\n // If a rejected Promise was yielded, throw the rejection back\n // into the async generator function so it can be handled there.\n return invoke(\"throw\", error, resolve, reject);\n });\n }\n }\n\n var previousPromise;\n\n function enqueue(method, arg) {\n function callInvokeWithMethodAndArg() {\n return new PromiseImpl(function(resolve, reject) {\n invoke(method, arg, resolve, reject);\n });\n }\n\n return previousPromise =\n // If enqueue has been called before, then we want to wait until\n // all previous Promises have been resolved before calling invoke,\n // so that results are always delivered in the correct order. If\n // enqueue has not been called before, then it is important to\n // call invoke immediately, without waiting on a callback to fire,\n // so that the async generator function has the opportunity to do\n // any necessary setup in a predictable way. This predictability\n // is why the Promise constructor synchronously invokes its\n // executor callback, and why async functions synchronously\n // execute code before the first await. Since we implement simple\n // async functions in terms of async generators, it is especially\n // important to get this right, even though it requires care.\n previousPromise ? previousPromise.then(\n callInvokeWithMethodAndArg,\n // Avoid propagating failures to Promises returned by later\n // invocations of the iterator.\n callInvokeWithMethodAndArg\n ) : callInvokeWithMethodAndArg();\n }\n\n // Define the unified helper method that is used to implement .next,\n // .throw, and .return (see defineIteratorMethods).\n this._invoke = enqueue;\n }\n\n defineIteratorMethods(AsyncIterator.prototype);\n AsyncIterator.prototype[asyncIteratorSymbol] = function () {\n return this;\n };\n exports.AsyncIterator = AsyncIterator;\n\n // Note that simple async functions are implemented on top of\n // AsyncIterator objects; they just return a Promise for the value of\n // the final result produced by the iterator.\n exports.async = function(innerFn, outerFn, self, tryLocsList, PromiseImpl) {\n if (PromiseImpl === void 0) PromiseImpl = Promise;\n\n var iter = new AsyncIterator(\n wrap(innerFn, outerFn, self, tryLocsList),\n PromiseImpl\n );\n\n return exports.isGeneratorFunction(outerFn)\n ? iter // If outerFn is a generator, return the full iterator.\n : iter.next().then(function(result) {\n return result.done ? result.value : iter.next();\n });\n };\n\n function makeInvokeMethod(innerFn, self, context) {\n var state = GenStateSuspendedStart;\n\n return function invoke(method, arg) {\n if (state === GenStateExecuting) {\n throw new Error(\"Generator is already running\");\n }\n\n if (state === GenStateCompleted) {\n if (method === \"throw\") {\n throw arg;\n }\n\n // Be forgiving, per 25.3.3.3.3 of the spec:\n // https://people.mozilla.org/~jorendorff/es6-draft.html#sec-generatorresume\n return doneResult();\n }\n\n context.method = method;\n context.arg = arg;\n\n while (true) {\n var delegate = context.delegate;\n if (delegate) {\n var delegateResult = maybeInvokeDelegate(delegate, context);\n if (delegateResult) {\n if (delegateResult === ContinueSentinel) continue;\n return delegateResult;\n }\n }\n\n if (context.method === \"next\") {\n // Setting context._sent for legacy support of Babel's\n // function.sent implementation.\n context.sent = context._sent = context.arg;\n\n } else if (context.method === \"throw\") {\n if (state === GenStateSuspendedStart) {\n state = GenStateCompleted;\n throw context.arg;\n }\n\n context.dispatchException(context.arg);\n\n } else if (context.method === \"return\") {\n context.abrupt(\"return\", context.arg);\n }\n\n state = GenStateExecuting;\n\n var record = tryCatch(innerFn, self, context);\n if (record.type === \"normal\") {\n // If an exception is thrown from innerFn, we leave state ===\n // GenStateExecuting and loop back for another invocation.\n state = context.done\n ? GenStateCompleted\n : GenStateSuspendedYield;\n\n if (record.arg === ContinueSentinel) {\n continue;\n }\n\n return {\n value: record.arg,\n done: context.done\n };\n\n } else if (record.type === \"throw\") {\n state = GenStateCompleted;\n // Dispatch the exception by looping back around to the\n // context.dispatchException(context.arg) call above.\n context.method = \"throw\";\n context.arg = record.arg;\n }\n }\n };\n }\n\n // Call delegate.iterator[context.method](context.arg) and handle the\n // result, either by returning a { value, done } result from the\n // delegate iterator, or by modifying context.method and context.arg,\n // setting context.delegate to null, and returning the ContinueSentinel.\n function maybeInvokeDelegate(delegate, context) {\n var method = delegate.iterator[context.method];\n if (method === undefined) {\n // A .throw or .return when the delegate iterator has no .throw\n // method always terminates the yield* loop.\n context.delegate = null;\n\n if (context.method === \"throw\") {\n // Note: [\"return\"] must be used for ES3 parsing compatibility.\n if (delegate.iterator[\"return\"]) {\n // If the delegate iterator has a return method, give it a\n // chance to clean up.\n context.method = \"return\";\n context.arg = undefined;\n maybeInvokeDelegate(delegate, context);\n\n if (context.method === \"throw\") {\n // If maybeInvokeDelegate(context) changed context.method from\n // \"return\" to \"throw\", let that override the TypeError below.\n return ContinueSentinel;\n }\n }\n\n context.method = \"throw\";\n context.arg = new TypeError(\n \"The iterator does not provide a 'throw' method\");\n }\n\n return ContinueSentinel;\n }\n\n var record = tryCatch(method, delegate.iterator, context.arg);\n\n if (record.type === \"throw\") {\n context.method = \"throw\";\n context.arg = record.arg;\n context.delegate = null;\n return ContinueSentinel;\n }\n\n var info = record.arg;\n\n if (! info) {\n context.method = \"throw\";\n context.arg = new TypeError(\"iterator result is not an object\");\n context.delegate = null;\n return ContinueSentinel;\n }\n\n if (info.done) {\n // Assign the result of the finished delegate to the temporary\n // variable specified by delegate.resultName (see delegateYield).\n context[delegate.resultName] = info.value;\n\n // Resume execution at the desired location (see delegateYield).\n context.next = delegate.nextLoc;\n\n // If context.method was \"throw\" but the delegate handled the\n // exception, let the outer generator proceed normally. If\n // context.method was \"next\", forget context.arg since it has been\n // \"consumed\" by the delegate iterator. If context.method was\n // \"return\", allow the original .return call to continue in the\n // outer generator.\n if (context.method !== \"return\") {\n context.method = \"next\";\n context.arg = undefined;\n }\n\n } else {\n // Re-yield the result returned by the delegate method.\n return info;\n }\n\n // The delegate iterator is finished, so forget it and continue with\n // the outer generator.\n context.delegate = null;\n return ContinueSentinel;\n }\n\n // Define Generator.prototype.{next,throw,return} in terms of the\n // unified ._invoke helper method.\n defineIteratorMethods(Gp);\n\n define(Gp, toStringTagSymbol, \"Generator\");\n\n // A Generator should always return itself as the iterator object when the\n // @@iterator function is called on it. Some browsers' implementations of the\n // iterator prototype chain incorrectly implement this, causing the Generator\n // object to not be returned from this call. This ensures that doesn't happen.\n // See https://github.com/facebook/regenerator/issues/274 for more details.\n Gp[iteratorSymbol] = function() {\n return this;\n };\n\n Gp.toString = function() {\n return \"[object Generator]\";\n };\n\n function pushTryEntry(locs) {\n var entry = { tryLoc: locs[0] };\n\n if (1 in locs) {\n entry.catchLoc = locs[1];\n }\n\n if (2 in locs) {\n entry.finallyLoc = locs[2];\n entry.afterLoc = locs[3];\n }\n\n this.tryEntries.push(entry);\n }\n\n function resetTryEntry(entry) {\n var record = entry.completion || {};\n record.type = \"normal\";\n delete record.arg;\n entry.completion = record;\n }\n\n function Context(tryLocsList) {\n // The root entry object (effectively a try statement without a catch\n // or a finally block) gives us a place to store values thrown from\n // locations where there is no enclosing try statement.\n this.tryEntries = [{ tryLoc: \"root\" }];\n tryLocsList.forEach(pushTryEntry, this);\n this.reset(true);\n }\n\n exports.keys = function(object) {\n var keys = [];\n for (var key in object) {\n keys.push(key);\n }\n keys.reverse();\n\n // Rather than returning an object with a next method, we keep\n // things simple and return the next function itself.\n return function next() {\n while (keys.length) {\n var key = keys.pop();\n if (key in object) {\n next.value = key;\n next.done = false;\n return next;\n }\n }\n\n // To avoid creating an additional object, we just hang the .value\n // and .done properties off the next function object itself. This\n // also ensures that the minifier will not anonymize the function.\n next.done = true;\n return next;\n };\n };\n\n function values(iterable) {\n if (iterable) {\n var iteratorMethod = iterable[iteratorSymbol];\n if (iteratorMethod) {\n return iteratorMethod.call(iterable);\n }\n\n if (typeof iterable.next === \"function\") {\n return iterable;\n }\n\n if (!isNaN(iterable.length)) {\n var i = -1, next = function next() {\n while (++i < iterable.length) {\n if (hasOwn.call(iterable, i)) {\n next.value = iterable[i];\n next.done = false;\n return next;\n }\n }\n\n next.value = undefined;\n next.done = true;\n\n return next;\n };\n\n return next.next = next;\n }\n }\n\n // Return an iterator with no values.\n return { next: doneResult };\n }\n exports.values = values;\n\n function doneResult() {\n return { value: undefined, done: true };\n }\n\n Context.prototype = {\n constructor: Context,\n\n reset: function(skipTempReset) {\n this.prev = 0;\n this.next = 0;\n // Resetting context._sent for legacy support of Babel's\n // function.sent implementation.\n this.sent = this._sent = undefined;\n this.done = false;\n this.delegate = null;\n\n this.method = \"next\";\n this.arg = undefined;\n\n this.tryEntries.forEach(resetTryEntry);\n\n if (!skipTempReset) {\n for (var name in this) {\n // Not sure about the optimal order of these conditions:\n if (name.charAt(0) === \"t\" &&\n hasOwn.call(this, name) &&\n !isNaN(+name.slice(1))) {\n this[name] = undefined;\n }\n }\n }\n },\n\n stop: function() {\n this.done = true;\n\n var rootEntry = this.tryEntries[0];\n var rootRecord = rootEntry.completion;\n if (rootRecord.type === \"throw\") {\n throw rootRecord.arg;\n }\n\n return this.rval;\n },\n\n dispatchException: function(exception) {\n if (this.done) {\n throw exception;\n }\n\n var context = this;\n function handle(loc, caught) {\n record.type = \"throw\";\n record.arg = exception;\n context.next = loc;\n\n if (caught) {\n // If the dispatched exception was caught by a catch block,\n // then let that catch block handle the exception normally.\n context.method = \"next\";\n context.arg = undefined;\n }\n\n return !! caught;\n }\n\n for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n var entry = this.tryEntries[i];\n var record = entry.completion;\n\n if (entry.tryLoc === \"root\") {\n // Exception thrown outside of any try block that could handle\n // it, so set the completion value of the entire function to\n // throw the exception.\n return handle(\"end\");\n }\n\n if (entry.tryLoc <= this.prev) {\n var hasCatch = hasOwn.call(entry, \"catchLoc\");\n var hasFinally = hasOwn.call(entry, \"finallyLoc\");\n\n if (hasCatch && hasFinally) {\n if (this.prev < entry.catchLoc) {\n return handle(entry.catchLoc, true);\n } else if (this.prev < entry.finallyLoc) {\n return handle(entry.finallyLoc);\n }\n\n } else if (hasCatch) {\n if (this.prev < entry.catchLoc) {\n return handle(entry.catchLoc, true);\n }\n\n } else if (hasFinally) {\n if (this.prev < entry.finallyLoc) {\n return handle(entry.finallyLoc);\n }\n\n } else {\n throw new Error(\"try statement without catch or finally\");\n }\n }\n }\n },\n\n abrupt: function(type, arg) {\n for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n var entry = this.tryEntries[i];\n if (entry.tryLoc <= this.prev &&\n hasOwn.call(entry, \"finallyLoc\") &&\n this.prev < entry.finallyLoc) {\n var finallyEntry = entry;\n break;\n }\n }\n\n if (finallyEntry &&\n (type === \"break\" ||\n type === \"continue\") &&\n finallyEntry.tryLoc <= arg &&\n arg <= finallyEntry.finallyLoc) {\n // Ignore the finally entry if control is not jumping to a\n // location outside the try/catch block.\n finallyEntry = null;\n }\n\n var record = finallyEntry ? finallyEntry.completion : {};\n record.type = type;\n record.arg = arg;\n\n if (finallyEntry) {\n this.method = \"next\";\n this.next = finallyEntry.finallyLoc;\n return ContinueSentinel;\n }\n\n return this.complete(record);\n },\n\n complete: function(record, afterLoc) {\n if (record.type === \"throw\") {\n throw record.arg;\n }\n\n if (record.type === \"break\" ||\n record.type === \"continue\") {\n this.next = record.arg;\n } else if (record.type === \"return\") {\n this.rval = this.arg = record.arg;\n this.method = \"return\";\n this.next = \"end\";\n } else if (record.type === \"normal\" && afterLoc) {\n this.next = afterLoc;\n }\n\n return ContinueSentinel;\n },\n\n finish: function(finallyLoc) {\n for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n var entry = this.tryEntries[i];\n if (entry.finallyLoc === finallyLoc) {\n this.complete(entry.completion, entry.afterLoc);\n resetTryEntry(entry);\n return ContinueSentinel;\n }\n }\n },\n\n \"catch\": function(tryLoc) {\n for (var i = this.tryEntries.length - 1; i >= 0; --i) {\n var entry = this.tryEntries[i];\n if (entry.tryLoc === tryLoc) {\n var record = entry.completion;\n if (record.type === \"throw\") {\n var thrown = record.arg;\n resetTryEntry(entry);\n }\n return thrown;\n }\n }\n\n // The context.catch method must only be called with a location\n // argument that corresponds to a known catch block.\n throw new Error(\"illegal catch attempt\");\n },\n\n delegateYield: function(iterable, resultName, nextLoc) {\n this.delegate = {\n iterator: values(iterable),\n resultName: resultName,\n nextLoc: nextLoc\n };\n\n if (this.method === \"next\") {\n // Deliberately forget the last sent value so that we don't\n // accidentally pass it on to the delegate.\n this.arg = undefined;\n }\n\n return ContinueSentinel;\n }\n };\n\n // Regardless of whether this script is executing as a CommonJS module\n // or not, return the runtime object so that we can declare the variable\n // regeneratorRuntime in the outer scope, which allows this module to be\n // injected easily by `bin/regenerator --include-runtime script.js`.\n return exports;\n\n}(\n // If this script is executing as a CommonJS module, use module.exports\n // as the regeneratorRuntime namespace. Otherwise create a new empty\n // object. Either way, the resulting object will be used to initialize\n // the regeneratorRuntime variable at the top of this file.\n typeof module === \"object\" ? module.exports : {}\n));\n\ntry {\n regeneratorRuntime = runtime;\n} catch (accidentalStrictMode) {\n // This module should not be running in strict mode, so the above\n // assignment should always work unless something is misconfigured. Just\n // in case runtime.js accidentally runs in strict mode, we can escape\n // strict mode using a global Function call. This could conceivably fail\n // if a Content Security Policy forbids using Function, but in that case\n // the proper solution is to fix the accidental strict mode problem. If\n // you've misconfigured your bundler to force strict mode and applied a\n // CSP to forbid Function, and you're not willing to fix either of those\n // problems, please detail your unique predicament in a GitHub issue.\n Function(\"r\", \"regeneratorRuntime = r\")(runtime);\n}\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport {\r\n INetworkModule,\r\n NetworkRequestOptions,\r\n NetworkResponse,\r\n} from \"@azure/msal-common\";\r\nimport { HttpMethod } from \"../utils/Constants\";\r\nimport axios, { AxiosRequestConfig } from \"axios\";\r\n\r\n/**\r\n * This class implements the API for network requests.\r\n */\r\nexport class HttpClient implements INetworkModule {\r\n\r\n /**\r\n * Http Get request\r\n * @param url\r\n * @param options\r\n */\r\n async sendGetRequestAsync<T>(\r\n url: string,\r\n options?: NetworkRequestOptions\r\n ): Promise<NetworkResponse<T>> {\r\n const request: AxiosRequestConfig = {\r\n method: HttpMethod.GET,\r\n url: url,\r\n headers: options && options.headers,\r\n validateStatus: () => true\r\n };\r\n\r\n const response = await axios(request);\r\n return {\r\n headers: response.headers,\r\n body: response.data as T,\r\n status: response.status,\r\n };\r\n }\r\n\r\n /**\r\n * Http Post request\r\n * @param url\r\n * @param options\r\n */\r\n async sendPostRequestAsync<T>(\r\n url: string,\r\n options?: NetworkRequestOptions\r\n ): Promise<NetworkResponse<T>> {\r\n const request: AxiosRequestConfig = {\r\n method: HttpMethod.POST,\r\n url: url,\r\n data: (options && options.body) || \"\",\r\n headers: options && options.headers,\r\n validateStatus: () => true\r\n };\r\n\r\n const response = await axios(request);\r\n return {\r\n headers: response.headers,\r\n body: response.data as T,\r\n status: response.status,\r\n };\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport {\r\n LoggerOptions,\r\n INetworkModule,\r\n LogLevel,\r\n ProtocolMode,\r\n ICachePlugin, Constants\r\n} from \"@azure/msal-common\";\r\nimport { NetworkUtils } from \"../utils/NetworkUtils\";\r\n\r\n/**\r\n * - clientId - Client id of the application.\r\n * - authority - Url of the authority. If no value is set, defaults to https://login.microsoftonline.com/common.\r\n * - knownAuthorities - Needed for Azure B2C and ADFS. All authorities that will be used in the client application. Only the host of the authority should be passed in.\r\n * - clientSecret - Secret string that the application uses when requesting a token. Only used in confidential client applications. Can be created in the Azure app registration portal.\r\n * - clientAssertion - Assertion string that the application uses when requesting a token. Only used in confidential client applications. Assertion should be of type urn:ietf:params:oauth:client-assertion-type:jwt-bearer.\r\n * - clientCertificate - Certificate that the application uses when requesting a token. Only used in confidential client applications. Requires hex encoded X.509 SHA-1 thumbprint of the certificiate, and the PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- )\r\n * - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.\r\n * @public\r\n */\r\nexport type NodeAuthOptions = {\r\n clientId: string;\r\n authority?: string;\r\n clientSecret?: string;\r\n clientAssertion?:string;\r\n clientCertificate?: {\r\n thumbprint: string,\r\n privateKey: string,\r\n x5c?: string\r\n };\r\n knownAuthorities?: Array<string>;\r\n cloudDiscoveryMetadata?: string;\r\n authorityMetadata?: string,\r\n clientCapabilities?: [];\r\n protocolMode?: ProtocolMode;\r\n};\r\n\r\n/**\r\n * Use this to configure the below cache configuration options:\r\n *\r\n * - cachePlugin - Plugin for reading and writing token cache to disk.\r\n * @public\r\n */\r\nexport type CacheOptions = {\r\n cachePlugin?: ICachePlugin;\r\n};\r\n\r\n/**\r\n * Type for configuring logger and http client options\r\n *\r\n * - logger - Used to initialize the Logger object; TODO: Expand on logger details or link to the documentation on logger\r\n * - networkClient - Http client used for all http get and post calls. Defaults to using MSAL's default http client.\r\n * @public\r\n */\r\nexport type NodeSystemOptions = {\r\n loggerOptions?: LoggerOptions;\r\n networkClient?: INetworkModule;\r\n};\r\n\r\n/**\r\n * Use the configuration object to configure MSAL and initialize the client application object\r\n *\r\n * - auth: this is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform\r\n * - cache: this is where you configure cache location\r\n * - system: this is where you can configure the network client, logger\r\n * @public\r\n */\r\nexport type Configuration = {\r\n auth: NodeAuthOptions;\r\n cache?: CacheOptions;\r\n system?: NodeSystemOptions;\r\n};\r\n\r\nconst DEFAULT_AUTH_OPTIONS: NodeAuthOptions = {\r\n clientId: \"\",\r\n authority: Constants.DEFAULT_AUTHORITY,\r\n clientSecret: \"\",\r\n clientAssertion: \"\",\r\n clientCertificate: {\r\n thumbprint: \"\",\r\n privateKey: \"\",\r\n x5c: \"\"\r\n },\r\n knownAuthorities: [],\r\n cloudDiscoveryMetadata: \"\",\r\n authorityMetadata: \"\",\r\n clientCapabilities: [],\r\n protocolMode: ProtocolMode.AAD\r\n};\r\n\r\nconst DEFAULT_CACHE_OPTIONS: CacheOptions = {};\r\n\r\nconst DEFAULT_LOGGER_OPTIONS: LoggerOptions = {\r\n loggerCallback: (): void => {\r\n // allow users to not set logger call back\r\n },\r\n piiLoggingEnabled: false,\r\n logLevel: LogLevel.Info,\r\n};\r\n\r\nconst DEFAULT_SYSTEM_OPTIONS: NodeSystemOptions = {\r\n loggerOptions: DEFAULT_LOGGER_OPTIONS,\r\n networkClient: NetworkUtils.getNetworkClient(),\r\n};\r\n\r\n/**\r\n * Sets the default options when not explicitly configured from app developer\r\n *\r\n * @param auth - Authentication options\r\n * @param cache - Cache options\r\n * @param system - System options\r\n *\r\n * @returns Configuration\r\n * @public\r\n */\r\nexport function buildAppConfiguration({\r\n auth,\r\n cache,\r\n system,\r\n}: Configuration): Configuration {\r\n return {\r\n auth: { ...DEFAULT_AUTH_OPTIONS, ...auth },\r\n cache: { ...DEFAULT_CACHE_OPTIONS, ...cache },\r\n system: { ...DEFAULT_SYSTEM_OPTIONS, ...system },\r\n };\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { INetworkModule } from \"@azure/msal-common\";\r\nimport { HttpClient } from \"../network/HttpClient\";\r\n\r\nexport class NetworkUtils {\r\n /**\r\n * Returns best compatible network client object.\r\n */\r\n static getNetworkClient(): INetworkModule {\r\n return new HttpClient();\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { v4 as uuidv4 } from \"uuid\";\r\n\r\nexport class GuidGenerator {\r\n /**\r\n *\r\n * RFC4122: The version 4 UUID is meant for generating UUIDs from truly-random or pseudo-random numbers.\r\n * uuidv4 generates guids from cryprtographically-string random\r\n */\r\n static generateGuid(): string {\r\n return uuidv4();\r\n }\r\n\r\n /**\r\n * verifies if a string is GUID\r\n * @param guid\r\n */\r\n static isGuid(guid: string) {\r\n const regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;\r\n return regexGuid.test(guid);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nexport class EncodingUtils {\r\n /**\r\n * 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.\r\n * 'base64': Base64 encoding.\r\n *\r\n * @param str text\r\n */\r\n static base64Encode(str: string, encoding?: BufferEncoding): string {\r\n return Buffer.from(str, encoding).toString(\"base64\");\r\n }\r\n\r\n /**\r\n * encode a URL\r\n * @param str\r\n */\r\n static base64EncodeUrl(str: string, encoding?: BufferEncoding): string {\r\n return EncodingUtils.base64Encode(str, encoding)\r\n .replace(/=/g, \"\")\r\n .replace(/\\+/g, \"-\")\r\n .replace(/\\//g, \"_\");\r\n }\r\n\r\n /**\r\n * 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.\r\n * 'base64': Base64 encoding.\r\n *\r\n * @param base64Str Base64 encoded text\r\n */\r\n static base64Decode(base64Str: string): string {\r\n return Buffer.from(base64Str, \"base64\").toString(\"utf8\");\r\n }\r\n\r\n /**\r\n * @param base64Str Base64 encoded Url\r\n */\r\n static base64DecodeUrl(base64Str: string): string {\r\n let str = base64Str.replace(/-/g, \"+\").replace(/_/g, \"/\");\r\n while (str.length % 4) {\r\n str += \"=\";\r\n }\r\n return EncodingUtils.base64Decode(str);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { PkceCodes } from \"@azure/msal-common\";\r\nimport { CharSet, Hash, RANDOM_OCTET_SIZE } from \"../utils/Constants\";\r\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\r\nimport crypto from \"crypto\";\r\n\r\n/**\r\n * https://tools.ietf.org/html/rfc7636#page-8\r\n */\r\nexport class PkceGenerator {\r\n /**\r\n * generates the codeVerfier and the challenge from the codeVerfier\r\n * reference: https://tools.ietf.org/html/rfc7636#section-4.1 and https://tools.ietf.org/html/rfc7636#section-4.2\r\n */\r\n async generatePkceCodes(): Promise<PkceCodes> {\r\n const verifier = this.generateCodeVerifier();\r\n const challenge = this.generateCodeChallengeFromVerifier(verifier);\r\n return { verifier, challenge };\r\n }\r\n\r\n /**\r\n * generates the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.1\r\n */\r\n private generateCodeVerifier(): string {\r\n const buffer: Uint8Array = crypto.randomBytes(RANDOM_OCTET_SIZE);\r\n const verifier: string = this.bufferToCVString(buffer);\r\n return EncodingUtils.base64EncodeUrl(verifier);\r\n }\r\n\r\n /**\r\n * generate the challenge from the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.2\r\n * @param codeVerifier\r\n */\r\n private generateCodeChallengeFromVerifier(codeVerifier: string): string {\r\n return EncodingUtils.base64EncodeUrl(\r\n this.sha256(codeVerifier).toString(\"base64\"), \r\n \"base64\"\r\n );\r\n }\r\n\r\n /**\r\n * generate 'SHA256' hash\r\n * @param buffer\r\n */\r\n private sha256(buffer: string): Buffer {\r\n return crypto\r\n .createHash(Hash.SHA256)\r\n .update(buffer)\r\n .digest();\r\n }\r\n\r\n /**\r\n * Accepted characters; reference: https://tools.ietf.org/html/rfc7636#section-4.1\r\n * @param buffer\r\n */\r\n private bufferToCVString(buffer: Uint8Array): string {\r\n const charArr = [];\r\n for (let i = 0; i < buffer.byteLength; i += 1) {\r\n const index = buffer[i] % CharSet.CV_CHARSET.length;\r\n charArr.push(CharSet.CV_CHARSET[index]);\r\n }\r\n return charArr.join(\"\");\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ICrypto, PkceCodes } from \"@azure/msal-common\";\r\nimport { GuidGenerator } from \"./GuidGenerator\";\r\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\r\nimport { PkceGenerator } from \"./PkceGenerator\";\r\n\r\n/**\r\n * This class implements MSAL node's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and\r\n * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).\r\n * @public\r\n */\r\nexport class CryptoProvider implements ICrypto {\r\n private pkceGenerator: PkceGenerator;\r\n\r\n constructor() {\r\n // Browser crypto needs to be validated first before any other classes can be set.\r\n this.pkceGenerator = new PkceGenerator();\r\n }\r\n\r\n /**\r\n * Creates a new random GUID - used to populate state and nonce.\r\n * @returns string (GUID)\r\n */\r\n createNewGuid(): string {\r\n return GuidGenerator.generateGuid();\r\n }\r\n\r\n /**\r\n * Encodes input string to base64.\r\n * @param input - string to be encoded\r\n */\r\n base64Encode(input: string): string {\r\n return EncodingUtils.base64Encode(input);\r\n }\r\n\r\n /**\r\n * Decodes input string from base64.\r\n * @param input - string to be decoded\r\n */\r\n base64Decode(input: string): string {\r\n return EncodingUtils.base64Decode(input);\r\n }\r\n\r\n /**\r\n * Generates PKCE codes used in Authorization Code Flow.\r\n */\r\n generatePkceCodes(): Promise<PkceCodes> {\r\n return this.pkceGenerator.generatePkceCodes();\r\n }\r\n\r\n /**\r\n * Generates a keypair, stores it and returns a thumbprint - not yet implemented for node\r\n */\r\n getPublicKeyThumbprint(): Promise<string> {\r\n throw new Error(\"Method not implemented.\");\r\n }\r\n\r\n /**\r\n * Signs the given object as a jwt payload with private key retrieved by given kid - currently not implemented for node\r\n */\r\n signJwt(): Promise<string> {\r\n throw new Error(\"Method not implemented.\");\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { StringUtils, AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache, AccountEntity, IdTokenEntity, AccessTokenEntity, RefreshTokenEntity, AppMetadataEntity, CacheManager } from \"@azure/msal-common\";\r\nimport { JsonCache, InMemoryCache, SerializedAccountEntity, SerializedIdTokenEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedAppMetadataEntity } from \"./SerializerTypes\";\r\n\r\n/**\r\n * This class deserializes cache entities read from the file into in memory object types defined internally\r\n */\r\nexport class Deserializer {\r\n /**\r\n * Parse the JSON blob in memory and deserialize the content\r\n * @param cachedJson\r\n */\r\n static deserializeJSONBlob(jsonFile: string): JsonCache {\r\n const deserializedCache = StringUtils.isEmpty(jsonFile)\r\n ? {}\r\n : JSON.parse(jsonFile);\r\n return deserializedCache;\r\n }\r\n\r\n /**\r\n * Deserializes accounts to AccountEntity objects\r\n * @param accounts\r\n */\r\n static deserializeAccounts(accounts: Record<string, SerializedAccountEntity>): AccountCache {\r\n const accountObjects: AccountCache = {};\r\n if (accounts) {\r\n Object.keys(accounts).map(function (key) {\r\n const serializedAcc = accounts[key];\r\n const mappedAcc = {\r\n homeAccountId: serializedAcc.home_account_id,\r\n environment: serializedAcc.environment,\r\n realm: serializedAcc.realm,\r\n localAccountId: serializedAcc.local_account_id,\r\n username: serializedAcc.username,\r\n authorityType: serializedAcc.authority_type,\r\n name: serializedAcc.name,\r\n clientInfo: serializedAcc.client_info,\r\n lastModificationTime: serializedAcc.last_modification_time,\r\n lastModificationApp: serializedAcc.last_modification_app,\r\n };\r\n const account: AccountEntity = new AccountEntity();\r\n CacheManager.toObject(account, mappedAcc);\r\n accountObjects[key] = account;\r\n });\r\n }\r\n\r\n return accountObjects;\r\n }\r\n\r\n /**\r\n * Deserializes id tokens to IdTokenEntity objects\r\n * @param idTokens\r\n */\r\n static deserializeIdTokens(idTokens: Record<string, SerializedIdTokenEntity>): IdTokenCache {\r\n const idObjects: IdTokenCache = {};\r\n if (idTokens) {\r\n Object.keys(idTokens).map(function (key) {\r\n const serializedIdT = idTokens[key];\r\n const mappedIdT = {\r\n homeAccountId: serializedIdT.home_account_id,\r\n environment: serializedIdT.environment,\r\n credentialType: serializedIdT.credential_type,\r\n clientId: serializedIdT.client_id,\r\n secret: serializedIdT.secret,\r\n realm: serializedIdT.realm,\r\n };\r\n const idToken: IdTokenEntity = new IdTokenEntity();\r\n CacheManager.toObject(idToken, mappedIdT);\r\n idObjects[key] = idToken;\r\n });\r\n }\r\n return idObjects;\r\n }\r\n\r\n /**\r\n * Deserializes access tokens to AccessTokenEntity objects\r\n * @param accessTokens\r\n */\r\n static deserializeAccessTokens(accessTokens: Record<string, SerializedAccessTokenEntity>): AccessTokenCache {\r\n const atObjects: AccessTokenCache = {};\r\n if (accessTokens) {\r\n Object.keys(accessTokens).map(function (key) {\r\n const serializedAT = accessTokens[key];\r\n const mappedAT = {\r\n homeAccountId: serializedAT.home_account_id,\r\n environment: serializedAT.environment,\r\n credentialType: serializedAT.credential_type,\r\n clientId: serializedAT.client_id,\r\n secret: serializedAT.secret,\r\n realm: serializedAT.realm,\r\n target: serializedAT.target,\r\n cachedAt: serializedAT.cached_at,\r\n expiresOn: serializedAT.expires_on,\r\n extendedExpiresOn: serializedAT.extended_expires_on,\r\n refreshOn: serializedAT.refresh_on,\r\n keyId: serializedAT.key_id,\r\n tokenType: serializedAT.token_type,\r\n };\r\n const accessToken: AccessTokenEntity = new AccessTokenEntity();\r\n CacheManager.toObject(accessToken, mappedAT);\r\n atObjects[key] = accessToken;\r\n });\r\n }\r\n\r\n return atObjects;\r\n }\r\n\r\n /**\r\n * Deserializes refresh tokens to RefreshTokenEntity objects\r\n * @param refreshTokens\r\n */\r\n static deserializeRefreshTokens(refreshTokens: Record<string, SerializedRefreshTokenEntity>): RefreshTokenCache {\r\n const rtObjects: RefreshTokenCache = {};\r\n if (refreshTokens) {\r\n Object.keys(refreshTokens).map(function (key) {\r\n const serializedRT = refreshTokens[key];\r\n const mappedRT = {\r\n homeAccountId: serializedRT.home_account_id,\r\n environment: serializedRT.environment,\r\n credentialType: serializedRT.credential_type,\r\n clientId: serializedRT.client_id,\r\n secret: serializedRT.secret,\r\n familyId: serializedRT.family_id,\r\n target: serializedRT.target,\r\n realm: serializedRT.realm,\r\n };\r\n const refreshToken: RefreshTokenEntity = new RefreshTokenEntity();\r\n CacheManager.toObject(refreshToken, mappedRT);\r\n rtObjects[key] = refreshToken;\r\n });\r\n }\r\n\r\n return rtObjects;\r\n }\r\n\r\n /**\r\n * Deserializes appMetadata to AppMetaData objects\r\n * @param appMetadata\r\n */\r\n static deserializeAppMetadata(appMetadata: Record<string, SerializedAppMetadataEntity>): AppMetadataCache {\r\n const appMetadataObjects: AppMetadataCache = {};\r\n if (appMetadata) {\r\n Object.keys(appMetadata).map(function (key) {\r\n const serializedAmdt = appMetadata[key];\r\n const mappedAmd = {\r\n clientId: serializedAmdt.client_id,\r\n environment: serializedAmdt.environment,\r\n familyId: serializedAmdt.family_id,\r\n };\r\n const amd: AppMetadataEntity = new AppMetadataEntity();\r\n CacheManager.toObject(amd, mappedAmd);\r\n appMetadataObjects[key] = amd;\r\n });\r\n }\r\n\r\n return appMetadataObjects;\r\n }\r\n\r\n /**\r\n * Deserialize an inMemory Cache\r\n * @param jsonCache\r\n */\r\n static deserializeAllCache(jsonCache: JsonCache): InMemoryCache {\r\n return {\r\n accounts: jsonCache.Account\r\n ? this.deserializeAccounts(jsonCache.Account)\r\n : {},\r\n idTokens: jsonCache.IdToken\r\n ? this.deserializeIdTokens(jsonCache.IdToken)\r\n : {},\r\n accessTokens: jsonCache.AccessToken\r\n ? this.deserializeAccessTokens(jsonCache.AccessToken)\r\n : {},\r\n refreshTokens: jsonCache.RefreshToken\r\n ? this.deserializeRefreshTokens(jsonCache.RefreshToken)\r\n : {},\r\n appMetadata: jsonCache.AppMetadata\r\n ? this.deserializeAppMetadata(jsonCache.AppMetadata)\r\n : {},\r\n };\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache } from \"@azure/msal-common\";\r\nimport { InMemoryCache, JsonCache, SerializedAccountEntity, SerializedIdTokenEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedAppMetadataEntity } from \"./SerializerTypes\";\r\n\r\nexport class Serializer {\r\n /**\r\n * serialize the JSON blob\r\n * @param data\r\n */\r\n static serializeJSONBlob(data: JsonCache): string {\r\n return JSON.stringify(data);\r\n }\r\n\r\n /**\r\n * Serialize Accounts\r\n * @param accCache\r\n */\r\n static serializeAccounts(accCache: AccountCache): Record<string, SerializedAccountEntity> {\r\n const accounts: Record<string, SerializedAccountEntity> = {};\r\n Object.keys(accCache).map(function (key) {\r\n const accountEntity = accCache[key];\r\n accounts[key] = {\r\n home_account_id: accountEntity.homeAccountId,\r\n environment: accountEntity.environment,\r\n realm: accountEntity.realm,\r\n local_account_id: accountEntity.localAccountId,\r\n username: accountEntity.username,\r\n authority_type: accountEntity.authorityType,\r\n name: accountEntity.name,\r\n client_info: accountEntity.clientInfo,\r\n last_modification_time: accountEntity.lastModificationTime,\r\n last_modification_app: accountEntity.lastModificationApp,\r\n };\r\n });\r\n\r\n return accounts;\r\n }\r\n\r\n /**\r\n * Serialize IdTokens\r\n * @param idTCache\r\n */\r\n static serializeIdTokens(idTCache: IdTokenCache): Record<string, SerializedIdTokenEntity> {\r\n const idTokens: Record<string, SerializedIdTokenEntity> = {};\r\n Object.keys(idTCache).map(function (key) {\r\n const idTEntity = idTCache[key];\r\n idTokens[key] = {\r\n home_account_id: idTEntity.homeAccountId,\r\n environment: idTEntity.environment,\r\n credential_type: idTEntity.credentialType,\r\n client_id: idTEntity.clientId,\r\n secret: idTEntity.secret,\r\n realm: idTEntity.realm,\r\n };\r\n });\r\n\r\n return idTokens;\r\n }\r\n\r\n /**\r\n * Serializes AccessTokens\r\n * @param atCache\r\n */\r\n static serializeAccessTokens(atCache: AccessTokenCache): Record<string, SerializedAccessTokenEntity> {\r\n const accessTokens: Record<string, SerializedAccessTokenEntity> = {};\r\n Object.keys(atCache).map(function (key) {\r\n const atEntity = atCache[key];\r\n accessTokens[key] = {\r\n home_account_id: atEntity.homeAccountId,\r\n environment: atEntity.environment,\r\n credential_type: atEntity.credentialType,\r\n client_id: atEntity.clientId,\r\n secret: atEntity.secret,\r\n realm: atEntity.realm,\r\n target: atEntity.target,\r\n cached_at: atEntity.cachedAt,\r\n expires_on: atEntity.expiresOn,\r\n extended_expires_on: atEntity.extendedExpiresOn,\r\n refresh_on: atEntity.refreshOn,\r\n key_id: atEntity.keyId,\r\n token_type: atEntity.tokenType,\r\n };\r\n });\r\n\r\n return accessTokens;\r\n }\r\n\r\n /**\r\n * Serialize refreshTokens\r\n * @param rtCache\r\n */\r\n static serializeRefreshTokens(rtCache: RefreshTokenCache): Record<string, SerializedRefreshTokenEntity> {\r\n const refreshTokens: Record<string, SerializedRefreshTokenEntity> = {};\r\n Object.keys(rtCache).map(function (key) {\r\n const rtEntity = rtCache[key];\r\n refreshTokens[key] = {\r\n home_account_id: rtEntity.homeAccountId,\r\n environment: rtEntity.environment,\r\n credential_type: rtEntity.credentialType,\r\n client_id: rtEntity.clientId,\r\n secret: rtEntity.secret,\r\n family_id: rtEntity.familyId,\r\n target: rtEntity.target,\r\n realm: rtEntity.realm\r\n };\r\n });\r\n\r\n return refreshTokens;\r\n }\r\n\r\n /**\r\n * Serialize amdtCache\r\n * @param amdtCache\r\n */\r\n static serializeAppMetadata(amdtCache: AppMetadataCache): Record<string, SerializedAppMetadataEntity> {\r\n const appMetadata: Record<string, SerializedAppMetadataEntity> = {};\r\n Object.keys(amdtCache).map(function (key) {\r\n const amdtEntity = amdtCache[key];\r\n appMetadata[key] = {\r\n client_id: amdtEntity.clientId,\r\n environment: amdtEntity.environment,\r\n family_id: amdtEntity.familyId,\r\n };\r\n });\r\n\r\n return appMetadata;\r\n }\r\n\r\n /**\r\n * Serialize the cache\r\n * @param jsonContent\r\n */\r\n static serializeAllCache(inMemCache: InMemoryCache): JsonCache {\r\n return {\r\n Account: this.serializeAccounts(inMemCache.accounts),\r\n IdToken: this.serializeIdTokens(inMemCache.idTokens),\r\n AccessToken: this.serializeAccessTokens(inMemCache.accessTokens),\r\n RefreshToken: this.serializeRefreshTokens(inMemCache.refreshTokens),\r\n AppMetadata: this.serializeAppMetadata(inMemCache.appMetadata),\r\n };\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport {\r\n AccountEntity,\r\n IdTokenEntity,\r\n AccessTokenEntity,\r\n RefreshTokenEntity,\r\n AppMetadataEntity,\r\n ServerTelemetryEntity,\r\n ThrottlingEntity,\r\n CacheManager,\r\n Logger,\r\n ValidCacheType,\r\n ICrypto,\r\n AuthorityMetadataEntity\r\n} from \"@azure/msal-common\";\r\nimport { Deserializer } from \"./serializer/Deserializer\";\r\nimport { Serializer } from \"./serializer/Serializer\";\r\nimport { InMemoryCache, JsonCache, CacheKVStore } from \"./serializer/SerializerTypes\";\r\n\r\n/**\r\n * This class implements Storage for node, reading cache from user specified storage location or an extension library\r\n * @public\r\n */\r\nexport class NodeStorage extends CacheManager {\r\n // Cache configuration, either set by user or default values.\r\n private logger: Logger;\r\n private cache: CacheKVStore = {};\r\n private changeEmitters: Array<Function> = [];\r\n\r\n constructor(logger: Logger, clientId: string, cryptoImpl: ICrypto) {\r\n super(clientId, cryptoImpl);\r\n this.logger = logger;\r\n }\r\n\r\n /**\r\n * Queue up callbacks\r\n * @param func - a callback function for cache change indication\r\n */\r\n registerChangeEmitter(func: () => void): void {\r\n this.changeEmitters.push(func);\r\n }\r\n\r\n /**\r\n * Invoke the callback when cache changes\r\n */\r\n emitChange(): void {\r\n this.changeEmitters.forEach(func => func.call(null));\r\n }\r\n\r\n /**\r\n * Converts cacheKVStore to InMemoryCache\r\n * @param cache - key value store\r\n */\r\n cacheToInMemoryCache(cache: CacheKVStore): InMemoryCache {\r\n\r\n const inMemoryCache: InMemoryCache = {\r\n accounts: {},\r\n idTokens: {},\r\n accessTokens: {},\r\n refreshTokens: {},\r\n appMetadata: {},\r\n };\r\n\r\n for (const key in cache) {\r\n if (cache[key as string] instanceof AccountEntity) {\r\n inMemoryCache.accounts[key] = cache[key] as AccountEntity;\r\n } else if (cache[key] instanceof IdTokenEntity) {\r\n inMemoryCache.idTokens[key] = cache[key] as IdTokenEntity;\r\n } else if (cache[key] instanceof AccessTokenEntity) {\r\n inMemoryCache.accessTokens[key] = cache[key] as AccessTokenEntity;\r\n } else if (cache[key] instanceof RefreshTokenEntity) {\r\n inMemoryCache.refreshTokens[key] = cache[key] as RefreshTokenEntity;\r\n } else if (cache[key] instanceof AppMetadataEntity) {\r\n inMemoryCache.appMetadata[key] = cache[key] as AppMetadataEntity;\r\n } else {\r\n continue;\r\n }\r\n }\r\n\r\n return inMemoryCache;\r\n }\r\n\r\n /**\r\n * converts inMemoryCache to CacheKVStore\r\n * @param inMemoryCache - kvstore map for inmemory\r\n */\r\n inMemoryCacheToCache(inMemoryCache: InMemoryCache): CacheKVStore {\r\n // convert in memory cache to a flat Key-Value map\r\n let cache = this.getCache();\r\n\r\n cache = {\r\n ...inMemoryCache.accounts,\r\n ...inMemoryCache.idTokens,\r\n ...inMemoryCache.accessTokens,\r\n ...inMemoryCache.refreshTokens,\r\n ...inMemoryCache.appMetadata\r\n };\r\n return cache;\r\n }\r\n\r\n /**\r\n * gets the current in memory cache for the client\r\n */\r\n getInMemoryCache(): InMemoryCache {\r\n this.logger.verbose(\"Getting in-memory cache\");\r\n\r\n // convert the cache key value store to inMemoryCache\r\n const inMemoryCache = this.cacheToInMemoryCache(this.getCache());\r\n return inMemoryCache;\r\n }\r\n\r\n /**\r\n * sets the current in memory cache for the client\r\n * @param inMemoryCache - key value map in memory\r\n */\r\n setInMemoryCache(inMemoryCache: InMemoryCache): void{\r\n this.logger.verbose(\"Setting in-memory cache\");\r\n\r\n // convert and append the inMemoryCache to cacheKVStore\r\n const cache = this.inMemoryCacheToCache(inMemoryCache);\r\n this.setCache(cache);\r\n\r\n this.emitChange();\r\n }\r\n\r\n /**\r\n * get the current cache key-value store\r\n */\r\n getCache(): CacheKVStore {\r\n this.logger.verbose(\"Getting cache key-value store\");\r\n return this.cache;\r\n }\r\n\r\n /**\r\n * sets the current cache (key value store)\r\n * @param cacheMap - key value map\r\n */\r\n setCache(cache: CacheKVStore): void {\r\n this.logger.verbose(\"Setting cache key value store\");\r\n this.cache = cache;\r\n\r\n // mark change in cache\r\n this.emitChange();\r\n }\r\n\r\n /**\r\n * Gets cache item with given key.\r\n * @param key - lookup key for the cache entry\r\n */\r\n getItem(key: string): ValidCacheType {\r\n this.logger.verbosePii(`Item key: ${key}`);\r\n\r\n // read cache\r\n const cache = this.getCache();\r\n return cache[key];\r\n }\r\n\r\n /**\r\n * Gets cache item with given key-value\r\n * @param key - lookup key for the cache entry\r\n * @param value - value of the cache entry\r\n */\r\n setItem(key: string, value: ValidCacheType): void {\r\n this.logger.verbosePii(`Item key: ${key}`);\r\n\r\n // read cache\r\n const cache = this.getCache();\r\n cache[key] = value;\r\n\r\n // write to cache\r\n this.setCache(cache);\r\n }\r\n\r\n /**\r\n * fetch the account entity\r\n * @param accountKey - lookup key to fetch cache type AccountEntity\r\n */\r\n getAccount(accountKey: string): AccountEntity | null {\r\n const account = this.getItem(accountKey) as AccountEntity;\r\n if (AccountEntity.isAccountEntity(account)) {\r\n return account;\r\n }\r\n return null;\r\n }\r\n\r\n /**\r\n * set account entity\r\n * @param account - cache value to be set of type AccountEntity\r\n */\r\n setAccount(account: AccountEntity): void {\r\n const accountKey = account.generateAccountKey();\r\n this.setItem(accountKey, account);\r\n }\r\n\r\n /**\r\n * fetch the idToken credential\r\n * @param idTokenKey - lookup key to fetch cache type IdTokenEntity\r\n */\r\n getIdTokenCredential(idTokenKey: string): IdTokenEntity | null {\r\n const idToken = this.getItem(idTokenKey) as IdTokenEntity;\r\n if (IdTokenEntity.isIdTokenEntity(idToken)) {\r\n return idToken;\r\n }\r\n return null;\r\n }\r\n\r\n /**\r\n * set idToken credential\r\n * @param idToken - cache value to be set of type IdTokenEntity\r\n */\r\n setIdTokenCredential(idToken: IdTokenEntity): void {\r\n const idTokenKey = idToken.generateCredentialKey();\r\n this.setItem(idTokenKey, idToken);\r\n }\r\n\r\n /**\r\n * fetch the accessToken credential\r\n * @param accessTokenKey - lookup key to fetch cache type AccessTokenEntity\r\n */\r\n getAccessTokenCredential(accessTokenKey: string): AccessTokenEntity | null {\r\n const accessToken = this.getItem(accessTokenKey) as AccessTokenEntity;\r\n if (AccessTokenEntity.isAccessTokenEntity(accessToken)) {\r\n return accessToken;\r\n }\r\n return null;\r\n }\r\n\r\n /**\r\n * set accessToken credential\r\n * @param accessToken - cache value to be set of type AccessTokenEntity\r\n */\r\n setAccessTokenCredential(accessToken: AccessTokenEntity): void {\r\n const accessTokenKey = accessToken.generateCredentialKey();\r\n this.setItem(accessTokenKey, accessToken);\r\n }\r\n\r\n /**\r\n * fetch the refreshToken credential\r\n * @param refreshTokenKey - lookup key to fetch cache type RefreshTokenEntity\r\n */\r\n getRefreshTokenCredential(refreshTokenKey: string): RefreshTokenEntity | null {\r\n const refreshToken = this.getItem(refreshTokenKey) as RefreshTokenEntity;\r\n if (RefreshTokenEntity.isRefreshTokenEntity(refreshToken)) {\r\n return refreshToken as RefreshTokenEntity;\r\n }\r\n return null;\r\n }\r\n\r\n /**\r\n * set refreshToken credential\r\n * @param refreshToken - cache value to be set of type RefreshTokenEntity\r\n */\r\n setRefreshTokenCredential(refreshToken: RefreshTokenEntity): void {\r\n const refreshTokenKey = refreshToken.generateCredentialKey();\r\n this.setItem(refreshTokenKey, refreshToken);\r\n }\r\n\r\n /**\r\n * fetch appMetadata entity from the platform cache\r\n * @param appMetadataKey - lookup key to fetch cache type AppMetadataEntity\r\n */\r\n getAppMetadata(appMetadataKey: string): AppMetadataEntity | null {\r\n const appMetadata: AppMetadataEntity = this.getItem(appMetadataKey) as AppMetadataEntity;\r\n if (AppMetadataEntity.isAppMetadataEntity(appMetadataKey, appMetadata)) {\r\n return appMetadata;\r\n }\r\n return null;\r\n }\r\n\r\n /**\r\n * set appMetadata entity to the platform cache\r\n * @param appMetadata - cache value to be set of type AppMetadataEntity\r\n */\r\n setAppMetadata(appMetadata: AppMetadataEntity): void {\r\n const appMetadataKey = appMetadata.generateAppMetadataKey();\r\n this.setItem(appMetadataKey, appMetadata);\r\n }\r\n\r\n /**\r\n * fetch server telemetry entity from the platform cache\r\n * @param serverTelemetrykey - lookup key to fetch cache type ServerTelemetryEntity\r\n */\r\n getServerTelemetry(serverTelemetrykey: string): ServerTelemetryEntity | null {\r\n const serverTelemetryEntity: ServerTelemetryEntity = this.getItem(serverTelemetrykey) as ServerTelemetryEntity;\r\n if (serverTelemetryEntity && ServerTelemetryEntity.isServerTelemetryEntity(serverTelemetrykey, serverTelemetryEntity)) {\r\n return serverTelemetryEntity;\r\n }\r\n return null;\r\n }\r\n\r\n /**\r\n * set server telemetry entity to the platform cache\r\n * @param serverTelemetryKey - lookup key to fetch cache type ServerTelemetryEntity\r\n * @param serverTelemetry - cache value to be set of type ServerTelemetryEntity\r\n */\r\n setServerTelemetry(serverTelemetryKey: string, serverTelemetry: ServerTelemetryEntity): void {\r\n this.setItem(serverTelemetryKey, serverTelemetry);\r\n }\r\n\r\n /**\r\n * fetch authority metadata entity from the platform cache\r\n * @param key - lookup key to fetch cache type AuthorityMetadataEntity\r\n */\r\n getAuthorityMetadata(key: string): AuthorityMetadataEntity | null {\r\n const authorityMetadataEntity: AuthorityMetadataEntity = this.getItem(key) as AuthorityMetadataEntity;\r\n if (authorityMetadataEntity && AuthorityMetadataEntity.isAuthorityMetadataEntity(key, authorityMetadataEntity)) {\r\n return authorityMetadataEntity;\r\n }\r\n return null;\r\n }\r\n\r\n /**\r\n * Get all authority metadata keys\r\n */\r\n getAuthorityMetadataKeys(): Array<string> {\r\n return this.getKeys().filter((key) => {\r\n return this.isAuthorityMetadata(key);\r\n });\r\n }\r\n\r\n /**\r\n * set authority metadata entity to the platform cache\r\n * @param key - lookup key to fetch cache type AuthorityMetadataEntity\r\n * @param metadata - cache value to be set of type AuthorityMetadataEntity\r\n */\r\n setAuthorityMetadata(key: string, metadata: AuthorityMetadataEntity): void {\r\n this.setItem(key, metadata);\r\n }\r\n\r\n /**\r\n * fetch throttling entity from the platform cache\r\n * @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity\r\n */\r\n getThrottlingCache(throttlingCacheKey: string): ThrottlingEntity | null {\r\n const throttlingCache: ThrottlingEntity = this.getItem(throttlingCacheKey) as ThrottlingEntity;\r\n if (throttlingCache && ThrottlingEntity.isThrottlingEntity(throttlingCacheKey, throttlingCache)) {\r\n return throttlingCache;\r\n }\r\n return null;\r\n }\r\n\r\n /**\r\n * set throttling entity to the platform cache\r\n * @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity\r\n * @param throttlingCache - cache value to be set of type ThrottlingEntity\r\n */\r\n setThrottlingCache(throttlingCacheKey: string, throttlingCache: ThrottlingEntity): void {\r\n this.setItem(throttlingCacheKey, throttlingCache);\r\n }\r\n\r\n /**\r\n * Removes the cache item from memory with the given key.\r\n * @param key - lookup key to remove a cache entity\r\n * @param inMemory - key value map of the cache\r\n */\r\n removeItem(key: string): boolean {\r\n this.logger.verbosePii(`Item key: ${key}`);\r\n\r\n // read inMemoryCache\r\n let result: boolean = false;\r\n const cache = this.getCache();\r\n\r\n if (!!cache[key]) {\r\n delete cache[key];\r\n result = true;\r\n }\r\n\r\n // write to the cache after removal\r\n if (result) {\r\n this.setCache(cache);\r\n this.emitChange();\r\n }\r\n return result;\r\n }\r\n\r\n /**\r\n * Checks whether key is in cache.\r\n * @param key - look up key for a cache entity\r\n */\r\n containsKey(key: string): boolean {\r\n return this.getKeys().includes(key);\r\n }\r\n\r\n /**\r\n * Gets all keys in window.\r\n */\r\n getKeys(): string[] {\r\n this.logger.verbose(\"Retrieving all cache keys\");\r\n\r\n // read cache\r\n const cache = this.getCache();\r\n return [ ...Object.keys(cache)];\r\n }\r\n\r\n /**\r\n * Clears all cache entries created by MSAL (except tokens).\r\n */\r\n clear(): void {\r\n this.logger.verbose(\"Clearing cache entries created by MSAL\");\r\n\r\n // read inMemoryCache\r\n const cacheKeys = this.getKeys();\r\n\r\n // delete each element\r\n cacheKeys.forEach(key => {\r\n this.removeItem(key);\r\n });\r\n this.emitChange();\r\n }\r\n\r\n /**\r\n * Initialize in memory cache from an exisiting cache vault\r\n * @param cache - blob formatted cache (JSON)\r\n */\r\n static generateInMemoryCache(cache: string): InMemoryCache {\r\n return Deserializer.deserializeAllCache(\r\n Deserializer.deserializeJSONBlob(cache)\r\n );\r\n }\r\n\r\n /**\r\n * retrieves the final JSON\r\n * @param inMemoryCache - itemised cache read from the JSON\r\n */\r\n static generateJsonCache(inMemoryCache: InMemoryCache): JsonCache {\r\n return Serializer.serializeAllCache(inMemoryCache);\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { NodeStorage } from \"./NodeStorage\";\r\nimport { StringUtils, AccountEntity, AccountInfo, Logger, ISerializableTokenCache, ICachePlugin, TokenCacheContext } from \"@azure/msal-common\";\r\nimport { InMemoryCache, JsonCache, SerializedAccountEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedIdTokenEntity, SerializedAppMetadataEntity, CacheKVStore } from \"./serializer/SerializerTypes\";\r\nimport { Deserializer } from \"./serializer/Deserializer\";\r\nimport { Serializer } from \"./serializer/Serializer\";\r\nimport { ITokenCache } from \"./ITokenCache\";\r\n\r\nconst defaultSerializedCache: JsonCache = {\r\n Account: {},\r\n IdToken: {},\r\n AccessToken: {},\r\n RefreshToken: {},\r\n AppMetadata: {},\r\n};\r\n\r\n/**\r\n * In-memory token cache manager\r\n * @public\r\n */\r\nexport class TokenCache implements ISerializableTokenCache, ITokenCache {\r\n\r\n private storage: NodeStorage;\r\n private cacheHasChanged: boolean;\r\n private cacheSnapshot: string;\r\n private readonly persistence: ICachePlugin;\r\n private logger: Logger;\r\n\r\n constructor(storage: NodeStorage, logger: Logger, cachePlugin?: ICachePlugin) {\r\n this.cacheHasChanged = false;\r\n this.storage = storage;\r\n this.storage.registerChangeEmitter(this.handleChangeEvent.bind(this));\r\n if (cachePlugin) {\r\n this.persistence = cachePlugin;\r\n }\r\n this.logger = logger;\r\n }\r\n\r\n /**\r\n * Set to true if cache state has changed since last time serialize or writeToPersistence was called\r\n */\r\n hasChanged(): boolean {\r\n return this.cacheHasChanged;\r\n }\r\n\r\n /**\r\n * Serializes in memory cache to JSON\r\n */\r\n serialize(): string {\r\n this.logger.verbose(\"Serializing in-memory cache\");\r\n let finalState = Serializer.serializeAllCache(\r\n this.storage.getInMemoryCache() as InMemoryCache\r\n );\r\n\r\n // if cacheSnapshot not null or empty, merge\r\n if (!StringUtils.isEmpty(this.cacheSnapshot)) {\r\n this.logger.verbose(\"Reading cache snapshot from disk\");\r\n finalState = this.mergeState(\r\n JSON.parse(this.cacheSnapshot),\r\n finalState\r\n );\r\n } else {\r\n this.logger.verbose(\"No cache snapshot to merge\");\r\n }\r\n this.cacheHasChanged = false;\r\n\r\n return JSON.stringify(finalState);\r\n }\r\n\r\n /**\r\n * Deserializes JSON to in-memory cache. JSON should be in MSAL cache schema format\r\n * @param cache - blob formatted cache\r\n */\r\n deserialize(cache: string): void {\r\n this.logger.verbose(\"Deserializing JSON to in-memory cache\");\r\n this.cacheSnapshot = cache;\r\n\r\n if (!StringUtils.isEmpty(this.cacheSnapshot)) {\r\n this.logger.verbose(\"Reading cache snapshot from disk\");\r\n const deserializedCache = Deserializer.deserializeAllCache(\r\n this.overlayDefaults(JSON.parse(this.cacheSnapshot))\r\n );\r\n this.storage.setInMemoryCache(deserializedCache);\r\n } else {\r\n this.logger.verbose(\"No cache snapshot to deserialize\");\r\n }\r\n }\r\n\r\n /**\r\n * Fetches the cache key-value map\r\n */\r\n getKVStore(): CacheKVStore {\r\n return this.storage.getCache();\r\n }\r\n\r\n /**\r\n * API that retrieves all accounts currently in cache to the user\r\n */\r\n async getAllAccounts(): Promise<AccountInfo[]> {\r\n\r\n this.logger.verbose(\"getAllAccounts called\");\r\n let cacheContext;\r\n try {\r\n if (this.persistence) {\r\n cacheContext = new TokenCacheContext(this, false);\r\n await this.persistence.beforeCacheAccess(cacheContext);\r\n }\r\n return this.storage.getAllAccounts();\r\n } finally {\r\n if (this.persistence && cacheContext) {\r\n await this.persistence.afterCacheAccess(cacheContext);\r\n }\r\n }\r\n }\r\n\r\n /**\r\n * Returns the signed in account matching homeAccountId.\r\n * (the account object is created at the time of successful login)\r\n * or null when no matching account is found\r\n * @param homeAccountId - unique identifier for an account (uid.utid)\r\n */\r\n async getAccountByHomeId(homeAccountId: string): Promise<AccountInfo | null> {\r\n const allAccounts = await this.getAllAccounts();\r\n if (!StringUtils.isEmpty(homeAccountId) && allAccounts && allAccounts.length) {\r\n return allAccounts.filter(accountObj => accountObj.homeAccountId === homeAccountId)[0] || null;\r\n } else {\r\n return null;\r\n }\r\n }\r\n\r\n /**\r\n * Returns the signed in account matching localAccountId.\r\n * (the account object is created at the time of successful login)\r\n * or null when no matching account is found\r\n * @param localAccountId - unique identifier of an account (sub/obj when homeAccountId cannot be populated)\r\n */\r\n async getAccountByLocalId(localAccountId: string): Promise<AccountInfo | null> {\r\n const allAccounts = await this.getAllAccounts();\r\n if (!StringUtils.isEmpty(localAccountId) && allAccounts && allAccounts.length) {\r\n return allAccounts.filter(accountObj => accountObj.localAccountId === localAccountId)[0] || null;\r\n } else {\r\n return null;\r\n }\r\n }\r\n\r\n /**\r\n * API to remove a specific account and the relevant data from cache\r\n * @param account - AccountInfo passed by the user\r\n */\r\n async removeAccount(account: AccountInfo): Promise<void> {\r\n this.logger.verbose(\"removeAccount called\");\r\n let cacheContext;\r\n try {\r\n if (this.persistence) {\r\n cacheContext = new TokenCacheContext(this, true);\r\n await this.persistence.beforeCacheAccess(cacheContext);\r\n }\r\n this.storage.removeAccount(AccountEntity.generateAccountCacheKey(account));\r\n } finally {\r\n if (this.persistence && cacheContext) {\r\n await this.persistence.afterCacheAccess(cacheContext);\r\n }\r\n }\r\n }\r\n\r\n /**\r\n * Called when the cache has changed state.\r\n */\r\n private handleChangeEvent() {\r\n this.cacheHasChanged = true;\r\n }\r\n\r\n /**\r\n * Merge in memory cache with the cache snapshot.\r\n * @param oldState - cache before changes\r\n * @param currentState - current cache state in the library\r\n */\r\n private mergeState(oldState: JsonCache, currentState: JsonCache): JsonCache {\r\n this.logger.verbose(\"Merging in-memory cache with cache snapshot\");\r\n const stateAfterRemoval = this.mergeRemovals(oldState, currentState);\r\n return this.mergeUpdates(stateAfterRemoval, currentState);\r\n }\r\n\r\n /**\r\n * Deep update of oldState based on newState values\r\n * @param oldState - cache before changes\r\n * @param newState - updated cache\r\n */\r\n private mergeUpdates(oldState: any, newState: any): JsonCache {\r\n Object.keys(newState).forEach((newKey: string) => {\r\n const newValue = newState[newKey];\r\n\r\n // if oldState does not contain value but newValue does, add it\r\n if (!oldState.hasOwnProperty(newKey)) {\r\n if (newValue !== null) {\r\n oldState[newKey] = newValue;\r\n }\r\n } else {\r\n // both oldState and newState contain the key, do deep update\r\n const newValueNotNull = newValue !== null;\r\n const newValueIsObject = typeof newValue === \"object\";\r\n const newValueIsNotArray = !Array.isArray(newValue);\r\n const oldStateNotUndefinedOrNull = typeof oldState[newKey] !== \"undefined\" && oldState[newKey] !== null;\r\n\r\n if (newValueNotNull && newValueIsObject && newValueIsNotArray && oldStateNotUndefinedOrNull) {\r\n this.mergeUpdates(oldState[newKey], newValue);\r\n } else {\r\n oldState[newKey] = newValue;\r\n }\r\n }\r\n });\r\n\r\n return oldState;\r\n }\r\n\r\n /**\r\n * Removes entities in oldState that the were removed from newState. If there are any unknown values in root of\r\n * oldState that are not recognized, they are left untouched.\r\n * @param oldState - cache before changes\r\n * @param newState - updated cache\r\n */\r\n private mergeRemovals(oldState: JsonCache, newState: JsonCache): JsonCache {\r\n this.logger.verbose(\"Remove updated entries in cache\");\r\n const accounts = oldState.Account ? this.mergeRemovalsDict<SerializedAccountEntity>(oldState.Account, newState.Account) : oldState.Account;\r\n const accessTokens = oldState.AccessToken ? this.mergeRemovalsDict<SerializedAccessTokenEntity>(oldState.AccessToken, newState.AccessToken) : oldState.AccessToken;\r\n const refreshTokens = oldState.RefreshToken ? this.mergeRemovalsDict<SerializedRefreshTokenEntity>(oldState.RefreshToken, newState.RefreshToken) : oldState.RefreshToken;\r\n const idTokens = oldState.IdToken ? this.mergeRemovalsDict<SerializedIdTokenEntity>(oldState.IdToken, newState.IdToken) : oldState.IdToken;\r\n const appMetadata = oldState.AppMetadata ? this.mergeRemovalsDict<SerializedAppMetadataEntity>(oldState.AppMetadata, newState.AppMetadata) : oldState.AppMetadata;\r\n\r\n return {\r\n ...oldState,\r\n Account: accounts,\r\n AccessToken: accessTokens,\r\n RefreshToken: refreshTokens,\r\n IdToken: idTokens,\r\n AppMetadata: appMetadata\r\n };\r\n }\r\n\r\n /**\r\n * Helper to merge new cache with the old one\r\n * @param oldState - cache before changes\r\n * @param newState - updated cache\r\n */\r\n private mergeRemovalsDict<T>(oldState: Record<string, T>, newState?: Record<string, T>): Record<string, T> {\r\n const finalState = { ...oldState };\r\n Object.keys(oldState).forEach((oldKey) => {\r\n if (!newState || !(newState.hasOwnProperty(oldKey))) {\r\n delete finalState[oldKey];\r\n }\r\n });\r\n return finalState;\r\n }\r\n\r\n /**\r\n * Helper to overlay as a part of cache merge\r\n * @param passedInCache - cache read from the blob\r\n */\r\n private overlayDefaults(passedInCache: JsonCache): JsonCache {\r\n this.logger.verbose(\"Overlaying input cache with the default cache\");\r\n return {\r\n Account: {\r\n ...defaultSerializedCache.Account,\r\n ...passedInCache.Account,\r\n },\r\n IdToken: {\r\n ...defaultSerializedCache.IdToken,\r\n ...passedInCache.IdToken,\r\n },\r\n AccessToken: {\r\n ...defaultSerializedCache.AccessToken,\r\n ...passedInCache.AccessToken,\r\n },\r\n RefreshToken: {\r\n ...defaultSerializedCache.RefreshToken,\r\n ...passedInCache.RefreshToken,\r\n },\r\n AppMetadata: {\r\n ...defaultSerializedCache.AppMetadata,\r\n ...passedInCache.AppMetadata,\r\n },\r\n };\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport {\r\n AuthorizationCodeClient,\r\n ClientConfiguration,\r\n RefreshTokenClient,\r\n AuthenticationResult,\r\n Authority,\r\n AuthorityFactory,\r\n BaseAuthRequest,\r\n SilentFlowClient,\r\n Logger,\r\n ServerTelemetryManager,\r\n ServerTelemetryRequest,\r\n CommonSilentFlowRequest,\r\n CommonRefreshTokenRequest,\r\n CommonAuthorizationCodeRequest,\r\n CommonAuthorizationUrlRequest,\r\n AuthenticationScheme,\r\n ResponseMode,\r\n AuthorityOptions,\r\n OIDC_DEFAULT_SCOPES\r\n} from \"@azure/msal-common\";\r\nimport { Configuration, buildAppConfiguration } from \"../config/Configuration\";\r\nimport { CryptoProvider } from \"../crypto/CryptoProvider\";\r\nimport { NodeStorage } from \"../cache/NodeStorage\";\r\nimport { Constants as NodeConstants, ApiId } from \"../utils/Constants\";\r\nimport { TokenCache } from \"../cache/TokenCache\";\r\nimport { ClientAssertion } from \"./ClientAssertion\";\r\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest\";\r\nimport { AuthorizationCodeRequest } from \"../request/AuthorizationCodeRequest\";\r\nimport { RefreshTokenRequest } from \"../request/RefreshTokenRequest\";\r\nimport { SilentFlowRequest } from \"../request/SilentFlowRequest\";\r\nimport { version, name } from \"../packageMetadata\";\r\n\r\n/**\r\n * Base abstract class for all ClientApplications - public and confidential\r\n * @public\r\n */\r\nexport abstract class ClientApplication {\r\n\r\n private readonly cryptoProvider: CryptoProvider;\r\n private tokenCache: TokenCache;\r\n\r\n /**\r\n * Platform storage object\r\n */\r\n protected storage: NodeStorage;\r\n /**\r\n * Logger object to log the application flow\r\n */\r\n protected logger: Logger;\r\n /**\r\n * Platform configuration initialized by the application\r\n */\r\n protected config: Configuration;\r\n /**\r\n * Client assertion passed by the user for confidential client flows\r\n */\r\n protected clientAssertion: ClientAssertion;\r\n /**\r\n * Client secret passed by the user for confidential client flows\r\n */\r\n protected clientSecret: string;\r\n\r\n /**\r\n * Constructor for the ClientApplication\r\n */\r\n protected constructor(configuration: Configuration) {\r\n this.config = buildAppConfiguration(configuration);\r\n this.cryptoProvider = new CryptoProvider();\r\n this.logger = new Logger(this.config.system!.loggerOptions!, name, version);\r\n this.storage = new NodeStorage(this.logger, this.config.auth.clientId, this.cryptoProvider);\r\n this.tokenCache = new TokenCache(\r\n this.storage,\r\n this.logger,\r\n this.config.cache!.cachePlugin\r\n );\r\n }\r\n\r\n /**\r\n * Creates the URL of the authorization request, letting the user input credentials and consent to the\r\n * application. The URL targets the /authorize endpoint of the authority configured in the\r\n * application object.\r\n *\r\n * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI\r\n * sent in the request and should contain an authorization code, which can then be used to acquire tokens via\r\n * `acquireTokenByCode(AuthorizationCodeRequest)`.\r\n */\r\n async getAuthCodeUrl(request: AuthorizationUrlRequest): Promise<string> {\r\n this.logger.info(\"getAuthCodeUrl called\");\r\n const validRequest: CommonAuthorizationUrlRequest = {\r\n ...request,\r\n ...this.initializeBaseRequest(request),\r\n responseMode: request.responseMode || ResponseMode.QUERY,\r\n authenticationScheme: AuthenticationScheme.BEARER\r\n };\r\n const authClientConfig = await this.buildOauthClientConfiguration(\r\n validRequest.authority\r\n );\r\n this.logger.verbose(\"Auth client config generated\");\r\n const authorizationCodeClient = new AuthorizationCodeClient(\r\n authClientConfig\r\n );\r\n return authorizationCodeClient.getAuthCodeUrl(validRequest);\r\n }\r\n\r\n /**\r\n * Acquires a token by exchanging the Authorization Code received from the first step of OAuth2.0\r\n * Authorization Code flow.\r\n *\r\n * `getAuthCodeUrl(AuthorizationCodeUrlRequest)` can be used to create the URL for the first step of OAuth2.0\r\n * Authorization Code flow. Ensure that values for redirectUri and scopes in AuthorizationCodeUrlRequest and\r\n * AuthorizationCodeRequest are the same.\r\n */\r\n async acquireTokenByCode(request: AuthorizationCodeRequest): Promise<AuthenticationResult | null> {\r\n this.logger.info(\"acquireTokenByCode called\");\r\n const validRequest: CommonAuthorizationCodeRequest = {\r\n ...request,\r\n ...this.initializeBaseRequest(request),\r\n authenticationScheme: AuthenticationScheme.BEARER\r\n };\r\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByCode, validRequest.correlationId!);\r\n try {\r\n const authClientConfig = await this.buildOauthClientConfiguration(\r\n validRequest.authority,\r\n serverTelemetryManager\r\n );\r\n this.logger.verbose(\"Auth client config generated\");\r\n const authorizationCodeClient = new AuthorizationCodeClient(\r\n authClientConfig\r\n );\r\n return authorizationCodeClient.acquireToken(validRequest);\r\n } catch (e) {\r\n serverTelemetryManager.cacheFailedRequest(e);\r\n throw e;\r\n }\r\n }\r\n\r\n /**\r\n * Acquires a token by exchanging the refresh token provided for a new set of tokens.\r\n *\r\n * This API is provided only for scenarios where you would like to migrate from ADAL to MSAL. Otherwise, it is\r\n * recommended that you use `acquireTokenSilent()` for silent scenarios. When using `acquireTokenSilent()`, MSAL will\r\n * handle the caching and refreshing of tokens automatically.\r\n */\r\n async acquireTokenByRefreshToken(request: RefreshTokenRequest): Promise<AuthenticationResult | null> {\r\n this.logger.info(\"acquireTokenByRefreshToken called\");\r\n const validRequest: CommonRefreshTokenRequest = {\r\n ...request,\r\n ...this.initializeBaseRequest(request),\r\n authenticationScheme: AuthenticationScheme.BEARER\r\n };\r\n\r\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByRefreshToken, validRequest.correlationId);\r\n try {\r\n const refreshTokenClientConfig = await this.buildOauthClientConfiguration(\r\n validRequest.authority,\r\n serverTelemetryManager\r\n );\r\n this.logger.verbose(\"Auth client config generated\");\r\n const refreshTokenClient = new RefreshTokenClient(\r\n refreshTokenClientConfig\r\n );\r\n return refreshTokenClient.acquireToken(validRequest);\r\n } catch (e) {\r\n serverTelemetryManager.cacheFailedRequest(e);\r\n throw e;\r\n }\r\n }\r\n\r\n /**\r\n * Acquires a token silently when a user specifies the account the token is requested for.\r\n *\r\n * This API expects the user to provide an account object and looks into the cache to retrieve the token if present.\r\n * There is also an optional \"forceRefresh\" boolean the user can send to bypass the cache for access_token and id_token.\r\n * In case the refresh_token is expired or not found, an error is thrown\r\n * and the guidance is for the user to call any interactive token acquisition API (eg: `acquireTokenByCode()`).\r\n */\r\n async acquireTokenSilent(request: SilentFlowRequest): Promise<AuthenticationResult | null> {\r\n const validRequest: CommonSilentFlowRequest = {\r\n ...request,\r\n ...this.initializeBaseRequest(request),\r\n forceRefresh: request.forceRefresh || false\r\n };\r\n\r\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenSilent, validRequest.correlationId, validRequest.forceRefresh);\r\n try {\r\n const silentFlowClientConfig = await this.buildOauthClientConfiguration(\r\n validRequest.authority,\r\n serverTelemetryManager\r\n );\r\n const silentFlowClient = new SilentFlowClient(\r\n silentFlowClientConfig\r\n );\r\n return silentFlowClient.acquireToken(validRequest);\r\n } catch (e) {\r\n serverTelemetryManager.cacheFailedRequest(e);\r\n throw e;\r\n }\r\n }\r\n\r\n /**\r\n * Gets the token cache for the application.\r\n */\r\n getTokenCache(): TokenCache {\r\n this.logger.info(\"getTokenCache called\");\r\n return this.tokenCache;\r\n }\r\n\r\n /**\r\n * Returns the logger instance\r\n */\r\n getLogger(): Logger {\r\n return this.logger;\r\n }\r\n\r\n /**\r\n * Replaces the default logger set in configurations with new Logger with new configurations\r\n * @param logger - Logger instance\r\n */\r\n setLogger(logger: Logger): void {\r\n this.logger = logger;\r\n }\r\n\r\n /**\r\n * Builds the common configuration to be passed to the common component based on the platform configurarion\r\n * @param authority - user passed authority in configuration\r\n * @param serverTelemetryManager - initializes servertelemetry if passed\r\n */\r\n protected async buildOauthClientConfiguration(authority: string, serverTelemetryManager?: ServerTelemetryManager): Promise<ClientConfiguration> {\r\n this.logger.verbose(\"buildOauthClientConfiguration called\");\r\n // using null assertion operator as we ensure that all config values have default values in buildConfiguration()\r\n\r\n const discoveredAuthority = await this.createAuthority(authority);\r\n\r\n return {\r\n authOptions: {\r\n clientId: this.config.auth.clientId,\r\n authority: discoveredAuthority,\r\n clientCapabilities: this.config.auth.clientCapabilities\r\n },\r\n loggerOptions: {\r\n loggerCallback: this.config.system!.loggerOptions!\r\n .loggerCallback,\r\n piiLoggingEnabled: this.config.system!.loggerOptions!\r\n .piiLoggingEnabled,\r\n },\r\n cryptoInterface: this.cryptoProvider,\r\n networkInterface: this.config.system!.networkClient,\r\n storageInterface: this.storage,\r\n serverTelemetryManager: serverTelemetryManager,\r\n clientCredentials: {\r\n clientSecret: this.clientSecret,\r\n clientAssertion: this.clientAssertion ? this.getClientAssertion(discoveredAuthority) : undefined,\r\n },\r\n libraryInfo: {\r\n sku: NodeConstants.MSAL_SKU,\r\n version: version,\r\n cpu: process.arch || \"\",\r\n os: process.platform || \"\",\r\n },\r\n persistencePlugin: this.config.cache!.cachePlugin,\r\n serializableCache: this.tokenCache,\r\n };\r\n }\r\n\r\n private getClientAssertion(authority: Authority): { assertion: string, assertionType: string } {\r\n return {\r\n assertion: this.clientAssertion.getJwt(this.cryptoProvider, this.config.auth.clientId, authority.tokenEndpoint),\r\n assertionType: NodeConstants.JWT_BEARER_ASSERTION_TYPE\r\n };\r\n }\r\n\r\n /**\r\n * Generates a request with the default scopes & generates a correlationId.\r\n * @param authRequest - BaseAuthRequest for initialization\r\n */\r\n protected initializeBaseRequest(authRequest: Partial<BaseAuthRequest>): BaseAuthRequest {\r\n this.logger.verbose(\"initializeRequestScopes called\");\r\n\r\n return {\r\n ...authRequest,\r\n scopes: [...((authRequest && authRequest.scopes) || []), ...OIDC_DEFAULT_SCOPES],\r\n correlationId: authRequest && authRequest.correlationId || this.cryptoProvider.createNewGuid(),\r\n authority: authRequest.authority || this.config.auth.authority!\r\n };\r\n }\r\n\r\n /**\r\n * Initializes the server telemetry payload\r\n * @param apiId - Id for a specific request\r\n * @param correlationId - GUID\r\n * @param forceRefresh - boolean to indicate network call\r\n */\r\n protected initializeServerTelemetryManager(apiId: number, correlationId: string, forceRefresh?: boolean): ServerTelemetryManager {\r\n const telemetryPayload: ServerTelemetryRequest = {\r\n clientId: this.config.auth.clientId,\r\n correlationId: correlationId,\r\n apiId: apiId,\r\n forceRefresh: forceRefresh || false\r\n };\r\n\r\n return new ServerTelemetryManager(telemetryPayload, this.storage);\r\n }\r\n\r\n /**\r\n * Create authority instance. If authority not passed in request, default to authority set on the application\r\n * object. If no authority set in application object, then default to common authority.\r\n * @param authorityString - authority from user configuration\r\n */\r\n private async createAuthority(authorityString: string): Promise<Authority> {\r\n this.logger.verbose(\"createAuthority called\");\r\n const authorityOptions: AuthorityOptions = {\r\n protocolMode: this.config.auth.protocolMode!,\r\n knownAuthorities: this.config.auth.knownAuthorities!,\r\n cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata!,\r\n authorityMetadata: this.config.auth.authorityMetadata!\r\n };\r\n return await AuthorityFactory.createDiscoveredInstance(authorityString, this.config.system!.networkClient!, this.storage, authorityOptions);\r\n }\r\n}\r\n","/* eslint-disable header/header */\nexport const name = \"@azure/msal-node\";\nexport const version = \"1.0.0\";\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ApiId } from \"../utils/Constants\";\r\nimport {\r\n DeviceCodeClient,\r\n AuthenticationResult,\r\n CommonDeviceCodeRequest,\r\n CommonUsernamePasswordRequest,\r\n UsernamePasswordClient\r\n} from \"@azure/msal-common\";\r\nimport { Configuration } from \"../config/Configuration\";\r\nimport { ClientApplication } from \"./ClientApplication\";\r\nimport { IPublicClientApplication } from \"./IPublicClientApplication\";\r\nimport { DeviceCodeRequest } from \"../request/DeviceCodeRequest\";\r\nimport { UsernamePasswordRequest } from \"../request/UsernamePasswordRequest\";\r\n\r\n/**\r\n * This class is to be used to acquire tokens for public client applications (desktop, mobile). Public client applications\r\n * are not trusted to safely store application secrets, and therefore can only request tokens in the name of an user.\r\n * @public\r\n */\r\nexport class PublicClientApplication extends ClientApplication implements IPublicClientApplication {\r\n /**\r\n * Important attributes in the Configuration object for auth are:\r\n * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal.\r\n * - authority: the authority URL for your application.\r\n *\r\n * AAD authorities are of the form https://login.microsoftonline.com/\\{Enter_the_Tenant_Info_Here\\}.\r\n * - If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\r\n * - If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\r\n * - If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\r\n * - To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\r\n *\r\n * Azure B2C authorities are of the form https://\\{instance\\}/\\{tenant\\}/\\{policy\\}. Each policy is considered\r\n * its own authority. You will have to set the all of the knownAuthorities at the time of the client application\r\n * construction.\r\n *\r\n * ADFS authorities are of the form https://\\{instance\\}/adfs.\r\n */\r\n constructor(configuration: Configuration) {\r\n super(configuration);\r\n }\r\n\r\n /**\r\n * Acquires a token from the authority using OAuth2.0 device code flow.\r\n * This flow is designed for devices that do not have access to a browser or have input constraints.\r\n * The authorization server issues a DeviceCode object with a verification code, an end-user code,\r\n * and the end-user verification URI. The DeviceCode object is provided through a callback, and the end-user should be\r\n * instructed to use another device to navigate to the verification URI to input credentials.\r\n * Since the client cannot receive incoming requests, it polls the authorization server repeatedly\r\n * until the end-user completes input of credentials.\r\n */\r\n public async acquireTokenByDeviceCode(request: DeviceCodeRequest): Promise<AuthenticationResult | null> {\r\n this.logger.info(\"acquireTokenByDeviceCode called\");\r\n const validRequest: CommonDeviceCodeRequest = {\r\n ...request,\r\n ...this.initializeBaseRequest(request)\r\n };\r\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByDeviceCode, validRequest.correlationId!);\r\n try {\r\n const deviceCodeConfig = await this.buildOauthClientConfiguration(\r\n validRequest.authority,\r\n serverTelemetryManager\r\n );\r\n this.logger.verbose(\"Auth client config generated\");\r\n const deviceCodeClient = new DeviceCodeClient(deviceCodeConfig);\r\n return deviceCodeClient.acquireToken(validRequest);\r\n } catch (e) {\r\n serverTelemetryManager.cacheFailedRequest(e);\r\n throw e;\r\n }\r\n }\r\n\r\n /**\r\n * Acquires tokens with password grant by exchanging client applications username and password for credentials\r\n *\r\n * The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely.\r\n * More details on this recommendation at https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.4\r\n * Microsoft's documentation and recommendations are at:\r\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#usernamepassword\r\n *\r\n * @param request - UsenamePasswordRequest\r\n */\r\n async acquireTokenByUsernamePassword(request: UsernamePasswordRequest): Promise<AuthenticationResult | null> {\r\n this.logger.info(\"acquireTokenByUsernamePassword called\");\r\n const validRequest: CommonUsernamePasswordRequest = {\r\n ...request,\r\n ...this.initializeBaseRequest(request)\r\n };\r\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByUsernamePassword, validRequest.correlationId!);\r\n try {\r\n const usernamePasswordClientConfig = await this.buildOauthClientConfiguration(\r\n validRequest.authority,\r\n serverTelemetryManager\r\n );\r\n this.logger.verbose(\"Auth client config generated\");\r\n const usernamePasswordClient = new UsernamePasswordClient(usernamePasswordClientConfig);\r\n return usernamePasswordClient.acquireToken(validRequest);\r\n } catch (e) {\r\n serverTelemetryManager.cacheFailedRequest(e);\r\n throw e;\r\n }\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { sign } from \"jsonwebtoken\";\r\nimport { TimeUtils, ClientAuthError } from \"@azure/msal-common\";\r\nimport { CryptoProvider } from \"../crypto/CryptoProvider\";\r\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\r\nimport { JwtConstants } from \"../utils/Constants\";\r\n\r\n/**\r\n * Client assertion of type jwt-bearer used in confidential client flows\r\n * @public\r\n */\r\nexport class ClientAssertion {\r\n\r\n private jwt: string;\r\n private privateKey: string;\r\n private thumbprint: string;\r\n private expirationTime: number;\r\n private issuer: string;\r\n private jwtAudience: string;\r\n private publicCertificate: Array<string>;\r\n\r\n /**\r\n * Initialize the ClientAssertion class from the clientAssertion passed by the user\r\n * @param assertion - refer https://tools.ietf.org/html/rfc7521\r\n */\r\n public static fromAssertion(assertion: string): ClientAssertion {\r\n const clientAssertion = new ClientAssertion();\r\n clientAssertion.jwt = assertion;\r\n return clientAssertion;\r\n }\r\n\r\n /**\r\n * Initialize the ClientAssertion class from the certificate passed by the user\r\n * @param thumbprint - identifier of a certificate\r\n * @param privateKey - secret key\r\n * @param publicCertificate - electronic document provided to prove the ownership of the public key\r\n */\r\n public static fromCertificate(thumbprint: string, privateKey: string, publicCertificate?: string): ClientAssertion {\r\n const clientAssertion = new ClientAssertion();\r\n clientAssertion.privateKey = privateKey;\r\n clientAssertion.thumbprint = thumbprint;\r\n if (publicCertificate) {\r\n clientAssertion.publicCertificate = this.parseCertificate(publicCertificate);\r\n }\r\n return clientAssertion;\r\n }\r\n\r\n /**\r\n * Update JWT for certificate based clientAssertion, if passed by the user, uses it as is\r\n * @param cryptoProvider - library's crypto helper\r\n * @param issuer - iss claim\r\n * @param jwtAudience - aud claim\r\n */\r\n public getJwt(cryptoProvider: CryptoProvider, issuer: string, jwtAudience: string) {\r\n // if assertion was created from certificate, check if jwt is expired and create new one.\r\n if (this.privateKey && this.thumbprint) {\r\n\r\n if (this.jwt && !this.isExpired() && issuer === this.issuer && jwtAudience === this.jwtAudience) {\r\n return this.jwt;\r\n }\r\n\r\n return this.createJwt(cryptoProvider, issuer, jwtAudience);\r\n }\r\n\r\n /*\r\n * if assertion was created by caller, then we just append it. It is up to the caller to\r\n * ensure that it contains necessary claims and that it is not expired.\r\n */\r\n if (this.jwt) {\r\n return this.jwt;\r\n }\r\n\r\n throw ClientAuthError.createInvalidAssertionError();\r\n }\r\n\r\n /**\r\n * JWT format and required claims specified: https://tools.ietf.org/html/rfc7523#section-3\r\n */\r\n private createJwt(cryptoProvider: CryptoProvider, issuer: string, jwtAudience: string): string {\r\n\r\n this.issuer = issuer;\r\n this.jwtAudience = jwtAudience;\r\n const issuedAt = TimeUtils.nowSeconds();\r\n this.expirationTime = issuedAt + 600;\r\n\r\n const header = {\r\n [JwtConstants.ALGORITHM]: JwtConstants.RSA_256,\r\n [JwtConstants.X5T]: EncodingUtils.base64EncodeUrl(this.thumbprint, \"hex\")\r\n };\r\n\r\n if (this.publicCertificate) {\r\n Object.assign(header, {\r\n [JwtConstants.X5C]: this.publicCertificate\r\n });\r\n }\r\n\r\n const payload = {\r\n [JwtConstants.AUDIENCE]: this.jwtAudience,\r\n [JwtConstants.EXPIRATION_TIME]: this.expirationTime,\r\n [JwtConstants.ISSUER]: this.issuer,\r\n [JwtConstants.SUBJECT]: this.issuer,\r\n [JwtConstants.NOT_BEFORE]: issuedAt,\r\n [JwtConstants.JWT_ID]: cryptoProvider.createNewGuid()\r\n };\r\n\r\n this.jwt = sign(payload, this.privateKey, { header: header });\r\n return this.jwt;\r\n }\r\n\r\n /**\r\n * Utility API to check expiration\r\n */\r\n private isExpired(): boolean {\r\n return this.expirationTime < TimeUtils.nowSeconds();\r\n }\r\n\r\n /**\r\n * Extracts the raw certs from a given certificate string and returns them in an array.\r\n * @param publicCertificate - electronic document provided to prove the ownership of the public key\r\n */\r\n public static parseCertificate(publicCertificate: string): Array<string> {\r\n /**\r\n * This is regex to identify the certs in a given certificate string.\r\n * We want to look for the contents between the BEGIN and END certificate strings, without the associated newlines.\r\n * The information in parens \"(.+?)\" is the capture group to represent the cert we want isolated.\r\n * \".\" means any string character, \"+\" means match 1 or more times, and \"?\" means the shortest match.\r\n * The \"g\" at the end of the regex means search the string globally, and the \"s\" enables the \".\" to match newlines.\r\n */\r\n const regexToFindCerts = /-----BEGIN CERTIFICATE-----\\n(.+?)\\n-----END CERTIFICATE-----/gs;\r\n const certs: string[] = [];\r\n\r\n let matches;\r\n while ((matches = regexToFindCerts.exec(publicCertificate)) !== null) {\r\n // matches[1] represents the first parens capture group in the regex.\r\n certs.push(matches[1].replace(/\\n/, \"\"));\r\n }\r\n\r\n return certs;\r\n }\r\n}\r\n","/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n\r\nimport { ClientApplication } from \"./ClientApplication\";\r\nimport { Configuration } from \"../config/Configuration\";\r\nimport { ClientAssertion } from \"./ClientAssertion\";\r\nimport { ApiId } from \"../utils/Constants\";\r\nimport {\r\n ClientCredentialClient,\r\n OnBehalfOfClient,\r\n CommonClientCredentialRequest,\r\n CommonOnBehalfOfRequest,\r\n AuthenticationResult,\r\n StringUtils,\r\n ClientAuthError } from \"@azure/msal-common\";\r\nimport { IConfidentialClientApplication } from \"./IConfidentialClientApplication\";\r\nimport { OnBehalfOfRequest } from \"../request/OnBehalfOfRequest\";\r\nimport { ClientCredentialRequest } from \"../request/ClientCredentialRequest\";\r\n\r\n/**\r\n * This class is to be used to acquire tokens for confidential client applications (webApp, webAPI). Confidential client applications\r\n * will configure application secrets, client certificates/assertions as applicable\r\n * @public\r\n */\r\nexport class ConfidentialClientApplication extends ClientApplication implements IConfidentialClientApplication{\r\n\r\n /**\r\n * Constructor for the ConfidentialClientApplication\r\n *\r\n * Required attributes in the Configuration object are:\r\n * - clientID: the application ID of your application. You can obtain one by registering your application with our application registration portal\r\n * - authority: the authority URL for your application.\r\n * - client credential: Must set either client secret, certificate, or assertion for confidential clients. You can obtain a client secret from the application registration portal.\r\n *\r\n * In Azure AD, authority is a URL indicating of the form https://login.microsoftonline.com/\\{Enter_the_Tenant_Info_Here\\}.\r\n * If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\r\n * If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\r\n * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\r\n * To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\r\n *\r\n * In Azure B2C, authority is of the form https://\\{instance\\}/tfp/\\{tenant\\}/\\{policyName\\}/\r\n * Full B2C functionality will be available in this library in future versions.\r\n *\r\n * @param Configuration - configuration object for the MSAL ConfidentialClientApplication instance\r\n */\r\n constructor(configuration: Configuration) {\r\n super(configuration);\r\n this.setClientCredential(this.config);\r\n }\r\n\r\n /**\r\n * Acquires tokens from the authority for the application (not for an end user).\r\n */\r\n public async acquireTokenByClientCredential(request: ClientCredentialRequest): Promise<AuthenticationResult | null> {\r\n this.logger.info(\"acquireTokenByClientCredential called\");\r\n const validRequest: CommonClientCredentialRequest = {\r\n ...request,\r\n ...this.initializeBaseRequest(request)\r\n };\r\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByClientCredential, validRequest.correlationId, validRequest.skipCache);\r\n try {\r\n const clientCredentialConfig = await this.buildOauthClientConfiguration(\r\n validRequest.authority,\r\n serverTelemetryManager\r\n );\r\n this.logger.verbose(\"Auth client config generated\");\r\n const clientCredentialClient = new ClientCredentialClient(clientCredentialConfig);\r\n return clientCredentialClient.acquireToken(validRequest);\r\n } catch(e) {\r\n serverTelemetryManager.cacheFailedRequest(e);\r\n throw e;\r\n }\r\n }\r\n\r\n /**\r\n * Acquires tokens from the authority for the application.\r\n *\r\n * Used in scenarios where the current app is a middle-tier service which was called with a token\r\n * representing an end user. The current app can use the token (oboAssertion) to request another\r\n * token to access downstream web API, on behalf of that user.\r\n *\r\n * The current middle-tier app has no user interaction to obtain consent.\r\n * See how to gain consent upfront for your middle-tier app from this article.\r\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#gaining-consent-for-the-middle-tier-application\r\n */\r\n public async acquireTokenOnBehalfOf(request: OnBehalfOfRequest): Promise<AuthenticationResult | null> {\r\n this.logger.info(\"acquireTokenOnBehalfOf called\");\r\n const validRequest: CommonOnBehalfOfRequest = {\r\n ...request,\r\n ...this.initializeBaseRequest(request)\r\n };\r\n const clientCredentialConfig = await this.buildOauthClientConfiguration(\r\n validRequest.authority\r\n );\r\n this.logger.verbose(\"Auth client config generated\");\r\n const oboClient = new OnBehalfOfClient(clientCredentialConfig);\r\n return oboClient.acquireToken(validRequest);\r\n }\r\n\r\n private setClientCredential(configuration: Configuration): void {\r\n\r\n const clientSecretNotEmpty = !StringUtils.isEmpty(configuration.auth.clientSecret!);\r\n const clientAssertionNotEmpty = !StringUtils.isEmpty(configuration.auth.clientAssertion!);\r\n const certificate = configuration.auth.clientCertificate!;\r\n const certificateNotEmpty = !StringUtils.isEmpty(certificate.thumbprint) || !StringUtils.isEmpty(certificate.privateKey);\r\n\r\n // Check that at most one credential is set on the application\r\n if (\r\n clientSecretNotEmpty && clientAssertionNotEmpty ||\r\n clientAssertionNotEmpty && certificateNotEmpty ||\r\n clientSecretNotEmpty && certificateNotEmpty) {\r\n throw ClientAuthError.createInvalidCredentialError();\r\n }\r\n\r\n if (clientSecretNotEmpty) {\r\n this.clientSecret = configuration.auth.clientSecret!;\r\n return;\r\n }\r\n\r\n if (clientAssertionNotEmpty) {\r\n this.clientAssertion = ClientAssertion.fromAssertion(configuration.auth.clientAssertion!);\r\n return;\r\n }\r\n\r\n if (!certificateNotEmpty) {\r\n throw ClientAuthError.createInvalidCredentialError();\r\n } else {\r\n this.clientAssertion = ClientAssertion.fromCertificate(certificate.thumbprint, certificate.privateKey, configuration.auth.clientCertificate?.x5c);\r\n }\r\n }\r\n}\r\n"],"names":["HttpMethod","runtime","exports","Op","Object","prototype","hasOwn","hasOwnProperty","$Symbol","Symbol","iteratorSymbol","iterator","asyncIteratorSymbol","asyncIterator","toStringTagSymbol","toStringTag","define","obj","key","value","defineProperty","enumerable","configurable","writable","err","wrap","innerFn","outerFn","self","tryLocsList","generator","create","Generator","context","Context","_invoke","state","method","arg","Error","undefined","done","delegate","delegateResult","maybeInvokeDelegate","ContinueSentinel","sent","_sent","dispatchException","abrupt","record","tryCatch","type","makeInvokeMethod","fn","call","GeneratorFunction","GeneratorFunctionPrototype","IteratorPrototype","this","getProto","getPrototypeOf","NativeIteratorPrototype","values","Gp","defineIteratorMethods","forEach","AsyncIterator","PromiseImpl","previousPromise","callInvokeWithMethodAndArg","resolve","reject","invoke","result","__await","then","unwrapped","error","TypeError","info","resultName","next","nextLoc","pushTryEntry","locs","entry","tryLoc","catchLoc","finallyLoc","afterLoc","tryEntries","push","resetTryEntry","completion","reset","iterable","iteratorMethod","isNaN","length","i","doneResult","constructor","displayName","isGeneratorFunction","genFun","ctor","name","mark","setPrototypeOf","__proto__","awrap","async","Promise","iter","toString","keys","object","reverse","pop","skipTempReset","prev","charAt","slice","stop","rootRecord","rval","exception","handle","loc","caught","hasCatch","hasFinally","finallyEntry","complete","finish","catch","thrown","delegateYield","module","regeneratorRuntime","accidentalStrictMode","Function","ApiId","CharSet","HttpClient","sendGetRequestAsync","url","options","request","GET","headers","validateStatus","axios","response","body","data","status","sendPostRequestAsync","POST","DEFAULT_AUTH_OPTIONS","clientId","authority","Constants","DEFAULT_AUTHORITY","clientSecret","clientAssertion","clientCertificate","thumbprint","privateKey","x5c","knownAuthorities","cloudDiscoveryMetadata","authorityMetadata","clientCapabilities","protocolMode","ProtocolMode","AAD","DEFAULT_CACHE_OPTIONS","DEFAULT_SYSTEM_OPTIONS","loggerOptions","loggerCallback","piiLoggingEnabled","logLevel","LogLevel","Info","networkClient","getNetworkClient","buildAppConfiguration","cache","system","auth","GuidGenerator","generateGuid","uuidv4","isGuid","guid","test","EncodingUtils","base64Encode","str","encoding","Buffer","from","base64EncodeUrl","replace","base64Decode","base64Str","base64DecodeUrl","PkceGenerator","generatePkceCodes","verifier","generateCodeVerifier","challenge","generateCodeChallengeFromVerifier","buffer","crypto","randomBytes","bufferToCVString","codeVerifier","sha256","createHash","update","digest","charArr","byteLength","join","CryptoProvider","pkceGenerator","createNewGuid","input","getPublicKeyThumbprint","signJwt","Deserializer","deserializeJSONBlob","jsonFile","StringUtils","isEmpty","JSON","parse","deserializeAccounts","accounts","accountObjects","map","serializedAcc","mappedAcc","homeAccountId","home_account_id","environment","realm","localAccountId","local_account_id","username","authorityType","authority_type","clientInfo","client_info","lastModificationTime","last_modification_time","lastModificationApp","last_modification_app","account","AccountEntity","CacheManager","toObject","deserializeIdTokens","idTokens","idObjects","serializedIdT","mappedIdT","credentialType","credential_type","client_id","secret","idToken","IdTokenEntity","deserializeAccessTokens","accessTokens","atObjects","serializedAT","mappedAT","target","cachedAt","cached_at","expiresOn","expires_on","extendedExpiresOn","extended_expires_on","refreshOn","refresh_on","keyId","key_id","tokenType","token_type","accessToken","AccessTokenEntity","deserializeRefreshTokens","refreshTokens","rtObjects","serializedRT","mappedRT","familyId","family_id","refreshToken","RefreshTokenEntity","deserializeAppMetadata","appMetadata","appMetadataObjects","serializedAmdt","mappedAmd","amd","AppMetadataEntity","deserializeAllCache","jsonCache","Account","IdToken","AccessToken","RefreshToken","AppMetadata","Serializer","serializeJSONBlob","stringify","serializeAccounts","accCache","accountEntity","serializeIdTokens","idTCache","idTEntity","serializeAccessTokens","atCache","atEntity","serializeRefreshTokens","rtCache","rtEntity","serializeAppMetadata","amdtCache","amdtEntity","serializeAllCache","inMemCache","NodeStorage","logger","cryptoImpl","registerChangeEmitter","func","changeEmitters","emitChange","cacheToInMemoryCache","inMemoryCache","inMemoryCacheToCache","getCache","getInMemoryCache","verbose","setInMemoryCache","setCache","getItem","verbosePii","setItem","getAccount","accountKey","isAccountEntity","setAccount","generateAccountKey","getIdTokenCredential","idTokenKey","isIdTokenEntity","setIdTokenCredential","generateCredentialKey","getAccessTokenCredential","accessTokenKey","isAccessTokenEntity","setAccessTokenCredential","getRefreshTokenCredential","refreshTokenKey","isRefreshTokenEntity","setRefreshTokenCredential","getAppMetadata","appMetadataKey","isAppMetadataEntity","setAppMetadata","generateAppMetadataKey","getServerTelemetry","serverTelemetrykey","serverTelemetryEntity","ServerTelemetryEntity","isServerTelemetryEntity","setServerTelemetry","serverTelemetryKey","serverTelemetry","getAuthorityMetadata","authorityMetadataEntity","AuthorityMetadataEntity","isAuthorityMetadataEntity","getAuthorityMetadataKeys","getKeys","filter","_this2","isAuthorityMetadata","setAuthorityMetadata","metadata","getThrottlingCache","throttlingCacheKey","throttlingCache","ThrottlingEntity","isThrottlingEntity","setThrottlingCache","removeItem","containsKey","includes","clear","_this3","generateInMemoryCache","generateJsonCache","defaultSerializedCache","TokenCache","storage","cachePlugin","cacheHasChanged","handleChangeEvent","bind","persistence","hasChanged","serialize","finalState","cacheSnapshot","mergeState","deserialize","deserializedCache","overlayDefaults","getKVStore","getAllAccounts","cacheContext","TokenCacheContext","beforeCacheAccess","afterCacheAccess","getAccountByHomeId","allAccounts","accountObj","getAccountByLocalId","removeAccount","generateAccountCacheKey","oldState","currentState","stateAfterRemoval","mergeRemovals","mergeUpdates","newState","newKey","newValue","newValueNotNull","newValueIsObject","newValueIsNotArray","Array","isArray","_this","mergeRemovalsDict","oldKey","passedInCache","ClientApplication","configuration","config","cryptoProvider","Logger","tokenCache","getAuthCodeUrl","validRequest","initializeBaseRequest","responseMode","ResponseMode","QUERY","authenticationScheme","AuthenticationScheme","BEARER","buildOauthClientConfiguration","authClientConfig","authorizationCodeClient","AuthorizationCodeClient","acquireTokenByCode","serverTelemetryManager","initializeServerTelemetryManager","correlationId","acquireToken","cacheFailedRequest","acquireTokenByRefreshToken","refreshTokenClientConfig","refreshTokenClient","RefreshTokenClient","acquireTokenSilent","forceRefresh","silentFlowClient","SilentFlowClient","getTokenCache","getLogger","setLogger","createAuthority","authOptions","discoveredAuthority","cryptoInterface","networkInterface","storageInterface","clientCredentials","getClientAssertion","libraryInfo","sku","version","cpu","process","arch","os","platform","persistencePlugin","serializableCache","assertion","getJwt","tokenEndpoint","assertionType","authRequest","scopes","OIDC_DEFAULT_SCOPES","apiId","ServerTelemetryManager","authorityString","authorityOptions","AuthorityFactory","createDiscoveredInstance","PublicClientApplication","_ClientApplication","acquireTokenByDeviceCode","deviceCodeConfig","deviceCodeClient","DeviceCodeClient","acquireTokenByUsernamePassword","usernamePasswordClientConfig","usernamePasswordClient","UsernamePasswordClient","ClientAssertion","fromAssertion","jwt","fromCertificate","publicCertificate","parseCertificate","issuer","jwtAudience","isExpired","createJwt","ClientAuthError","createInvalidAssertionError","issuedAt","TimeUtils","nowSeconds","expirationTime","header","assign","payload","sign","matches","regexToFindCerts","certs","exec","ConfidentialClientApplication","setClientCredential","acquireTokenByClientCredential","skipCache","clientCredentialConfig","clientCredentialClient","ClientCredentialClient","acquireTokenOnBehalfOf","oboClient","OnBehalfOfClient","clientSecretNotEmpty","clientAssertionNotEmpty","certificate","certificateNotEmpty","createInvalidCredentialError","_configuration$auth$c"],"mappings":"q3BAQYA,mBCDZ,IAAIC,EAAW,SAAUC,GAGvB,IAAIC,EAAKC,OAAOC,UACZC,EAASH,EAAGI,eAEZC,EAA4B,mBAAXC,OAAwBA,OAAS,GAClDC,EAAiBF,EAAQG,UAAY,aACrCC,EAAsBJ,EAAQK,eAAiB,kBAC/CC,EAAoBN,EAAQO,aAAe,gBAE/C,SAASC,EAAOC,EAAKC,EAAKC,GAOxB,OANAf,OAAOgB,eAAeH,EAAKC,EAAK,CAC9BC,MAAOA,EACPE,YAAY,EACZC,cAAc,EACdC,UAAU,IAELN,EAAIC,GAEb,IAEEF,EAAO,GAAI,IACX,MAAOQ,GACPR,EAAS,SAASC,EAAKC,EAAKC,GAC1B,OAAOF,EAAIC,GAAOC,GAItB,SAASM,EAAKC,EAASC,EAASC,EAAMC,GAEpC,IACIC,EAAY1B,OAAO2B,QADFJ,GAAWA,EAAQtB,qBAAqB2B,EAAYL,EAAUK,GACtC3B,WACzC4B,EAAU,IAAIC,EAAQL,GAAe,IAMzC,OAFAC,EAAUK,QAsMZ,SAA0BT,EAASE,EAAMK,GACvC,IAAIG,EA/KuB,iBAiL3B,OAAO,SAAgBC,EAAQC,GAC7B,GAhLoB,cAgLhBF,EACF,MAAM,IAAIG,MAAM,gCAGlB,GAnLoB,cAmLhBH,EAA6B,CAC/B,GAAe,UAAXC,EACF,MAAMC,EAKR,MAoQG,CAAEnB,WAzfPqB,EAyfyBC,MAAM,GA9P/B,IAHAR,EAAQI,OAASA,EACjBJ,EAAQK,IAAMA,IAED,CACX,IAAII,EAAWT,EAAQS,SACvB,GAAIA,EAAU,CACZ,IAAIC,EAAiBC,EAAoBF,EAAUT,GACnD,GAAIU,EAAgB,CAClB,GAAIA,IAAmBE,EAAkB,SACzC,OAAOF,GAIX,GAAuB,SAAnBV,EAAQI,OAGVJ,EAAQa,KAAOb,EAAQc,MAAQd,EAAQK,SAElC,GAAuB,UAAnBL,EAAQI,OAAoB,CACrC,GAnNqB,mBAmNjBD,EAEF,MADAA,EAjNc,YAkNRH,EAAQK,IAGhBL,EAAQe,kBAAkBf,EAAQK,SAEN,WAAnBL,EAAQI,QACjBJ,EAAQgB,OAAO,SAAUhB,EAAQK,KAGnCF,EA5NkB,YA8NlB,IAAIc,EAASC,EAASzB,EAASE,EAAMK,GACrC,GAAoB,WAAhBiB,EAAOE,KAAmB,CAO5B,GAJAhB,EAAQH,EAAQQ,KAjOA,YAFK,iBAuOjBS,EAAOZ,MAAQO,EACjB,SAGF,MAAO,CACL1B,MAAO+B,EAAOZ,IACdG,KAAMR,EAAQQ,MAGS,UAAhBS,EAAOE,OAChBhB,EA/OgB,YAkPhBH,EAAQI,OAAS,QACjBJ,EAAQK,IAAMY,EAAOZ,OA9QPe,CAAiB3B,EAASE,EAAMK,GAE7CH,EAcT,SAASqB,EAASG,EAAIrC,EAAKqB,GACzB,IACE,MAAO,CAAEc,KAAM,SAAUd,IAAKgB,EAAGC,KAAKtC,EAAKqB,IAC3C,MAAOd,GACP,MAAO,CAAE4B,KAAM,QAASd,IAAKd,IAhBjCtB,EAAQuB,KAAOA,EAoBf,IAOIoB,EAAmB,GAMvB,SAASb,KACT,SAASwB,KACT,SAASC,KAIT,IAAIC,EAAoB,GACxBA,EAAkBhD,GAAkB,WAClC,OAAOiD,MAGT,IAAIC,EAAWxD,OAAOyD,eAClBC,EAA0BF,GAAYA,EAASA,EAASG,EAAO,MAC/DD,GACAA,IAA4B3D,GAC5BG,EAAOiD,KAAKO,EAAyBpD,KAGvCgD,EAAoBI,GAGtB,IAAIE,EAAKP,EAA2BpD,UAClC2B,EAAU3B,UAAYD,OAAO2B,OAAO2B,GAWtC,SAASO,EAAsB5D,GAC7B,CAAC,OAAQ,QAAS,UAAU6D,SAAQ,SAAS7B,GAC3CrB,EAAOX,EAAWgC,GAAQ,SAASC,GACjC,OAAOqB,KAAKxB,QAAQE,EAAQC,SAkClC,SAAS6B,EAAcrC,EAAWsC,GAgChC,IAAIC,EAgCJV,KAAKxB,QA9BL,SAAiBE,EAAQC,GACvB,SAASgC,IACP,OAAO,IAAIF,GAAY,SAASG,EAASC,IAnC7C,SAASC,EAAOpC,EAAQC,EAAKiC,EAASC,GACpC,IAAItB,EAASC,EAASrB,EAAUO,GAASP,EAAWQ,GACpD,GAAoB,UAAhBY,EAAOE,KAEJ,CACL,IAAIsB,EAASxB,EAAOZ,IAChBnB,EAAQuD,EAAOvD,MACnB,OAAIA,GACiB,iBAAVA,GACPb,EAAOiD,KAAKpC,EAAO,WACdiD,EAAYG,QAAQpD,EAAMwD,SAASC,MAAK,SAASzD,GACtDsD,EAAO,OAAQtD,EAAOoD,EAASC,MAC9B,SAAShD,GACViD,EAAO,QAASjD,EAAK+C,EAASC,MAI3BJ,EAAYG,QAAQpD,GAAOyD,MAAK,SAASC,GAI9CH,EAAOvD,MAAQ0D,EACfN,EAAQG,MACP,SAASI,GAGV,OAAOL,EAAO,QAASK,EAAOP,EAASC,MAvBzCA,EAAOtB,EAAOZ,KAiCZmC,CAAOpC,EAAQC,EAAKiC,EAASC,MAIjC,OAAOH,EAaLA,EAAkBA,EAAgBO,KAChCN,EAGAA,GACEA,KAkHV,SAAS1B,EAAoBF,EAAUT,GACrC,IAAII,EAASK,EAAS/B,SAASsB,EAAQI,QACvC,QA1TEG,IA0TEH,EAAsB,CAKxB,GAFAJ,EAAQS,SAAW,KAEI,UAAnBT,EAAQI,OAAoB,CAE9B,GAAIK,EAAS/B,SAAiB,SAG5BsB,EAAQI,OAAS,SACjBJ,EAAQK,SArUZE,EAsUII,EAAoBF,EAAUT,GAEP,UAAnBA,EAAQI,QAGV,OAAOQ,EAIXZ,EAAQI,OAAS,QACjBJ,EAAQK,IAAM,IAAIyC,UAChB,kDAGJ,OAAOlC,EAGT,IAAIK,EAASC,EAASd,EAAQK,EAAS/B,SAAUsB,EAAQK,KAEzD,GAAoB,UAAhBY,EAAOE,KAIT,OAHAnB,EAAQI,OAAS,QACjBJ,EAAQK,IAAMY,EAAOZ,IACrBL,EAAQS,SAAW,KACZG,EAGT,IAAImC,EAAO9B,EAAOZ,IAElB,OAAM0C,EAOFA,EAAKvC,MAGPR,EAAQS,EAASuC,YAAcD,EAAK7D,MAGpCc,EAAQiD,KAAOxC,EAASyC,QAQD,WAAnBlD,EAAQI,SACVJ,EAAQI,OAAS,OACjBJ,EAAQK,SAzXVE,GAmYFP,EAAQS,SAAW,KACZG,GANEmC,GA3BP/C,EAAQI,OAAS,QACjBJ,EAAQK,IAAM,IAAIyC,UAAU,oCAC5B9C,EAAQS,SAAW,KACZG,GAoDX,SAASuC,EAAaC,GACpB,IAAIC,EAAQ,CAAEC,OAAQF,EAAK,IAEvB,KAAKA,IACPC,EAAME,SAAWH,EAAK,IAGpB,KAAKA,IACPC,EAAMG,WAAaJ,EAAK,GACxBC,EAAMI,SAAWL,EAAK,IAGxB1B,KAAKgC,WAAWC,KAAKN,GAGvB,SAASO,EAAcP,GACrB,IAAIpC,EAASoC,EAAMQ,YAAc,GACjC5C,EAAOE,KAAO,gBACPF,EAAOZ,IACdgD,EAAMQ,WAAa5C,EAGrB,SAAShB,EAAQL,GAIf8B,KAAKgC,WAAa,CAAC,CAAEJ,OAAQ,SAC7B1D,EAAYqC,QAAQkB,EAAczB,MAClCA,KAAKoC,OAAM,GA8Bb,SAAShC,EAAOiC,GACd,GAAIA,EAAU,CACZ,IAAIC,EAAiBD,EAAStF,GAC9B,GAAIuF,EACF,OAAOA,EAAe1C,KAAKyC,GAG7B,GAA6B,mBAAlBA,EAASd,KAClB,OAAOc,EAGT,IAAKE,MAAMF,EAASG,QAAS,CAC3B,IAAIC,GAAK,EAAGlB,EAAO,SAASA,IAC1B,OAASkB,EAAIJ,EAASG,QACpB,GAAI7F,EAAOiD,KAAKyC,EAAUI,GAGxB,OAFAlB,EAAK/D,MAAQ6E,EAASI,GACtBlB,EAAKzC,MAAO,EACLyC,EAOX,OAHAA,EAAK/D,WAzeTqB,EA0eI0C,EAAKzC,MAAO,EAELyC,GAGT,OAAOA,EAAKA,KAAOA,GAKvB,MAAO,CAAEA,KAAMmB,GAIjB,SAASA,IACP,MAAO,CAAElF,WAzfPqB,EAyfyBC,MAAM,GA+MnC,OA5mBAe,EAAkBnD,UAAY2D,EAAGsC,YAAc7C,EAC/CA,EAA2B6C,YAAc9C,EACzCA,EAAkB+C,YAAcvF,EAC9ByC,EACA3C,EACA,qBAaFZ,EAAQsG,oBAAsB,SAASC,GACrC,IAAIC,EAAyB,mBAAXD,GAAyBA,EAAOH,YAClD,QAAOI,IACHA,IAASlD,GAG2B,uBAAnCkD,EAAKH,aAAeG,EAAKC,QAIhCzG,EAAQ0G,KAAO,SAASH,GAQtB,OAPIrG,OAAOyG,eACTzG,OAAOyG,eAAeJ,EAAQhD,IAE9BgD,EAAOK,UAAYrD,EACnBzC,EAAOyF,EAAQ3F,EAAmB,sBAEpC2F,EAAOpG,UAAYD,OAAO2B,OAAOiC,GAC1ByC,GAOTvG,EAAQ6G,MAAQ,SAASzE,GACvB,MAAO,CAAEqC,QAASrC,IAsEpB2B,EAAsBE,EAAc9D,WACpC8D,EAAc9D,UAAUO,GAAuB,WAC7C,OAAO+C,MAETzD,EAAQiE,cAAgBA,EAKxBjE,EAAQ8G,MAAQ,SAAStF,EAASC,EAASC,EAAMC,EAAauC,QACxC,IAAhBA,IAAwBA,EAAc6C,SAE1C,IAAIC,EAAO,IAAI/C,EACb1C,EAAKC,EAASC,EAASC,EAAMC,GAC7BuC,GAGF,OAAOlE,EAAQsG,oBAAoB7E,GAC/BuF,EACAA,EAAKhC,OAAON,MAAK,SAASF,GACxB,OAAOA,EAAOjC,KAAOiC,EAAOvD,MAAQ+F,EAAKhC,WAuKjDjB,EAAsBD,GAEtBhD,EAAOgD,EAAIlD,EAAmB,aAO9BkD,EAAGtD,GAAkB,WACnB,OAAOiD,MAGTK,EAAGmD,SAAW,WACZ,MAAO,sBAkCTjH,EAAQkH,KAAO,SAASC,GACtB,IAAID,EAAO,GACX,IAAK,IAAIlG,KAAOmG,EACdD,EAAKxB,KAAK1E,GAMZ,OAJAkG,EAAKE,UAIE,SAASpC,IACd,KAAOkC,EAAKjB,QAAQ,CAClB,IAAIjF,EAAMkG,EAAKG,MACf,GAAIrG,KAAOmG,EAGT,OAFAnC,EAAK/D,MAAQD,EACbgE,EAAKzC,MAAO,EACLyC,EAQX,OADAA,EAAKzC,MAAO,EACLyC,IAsCXhF,EAAQ6D,OAASA,EAMjB7B,EAAQ7B,UAAY,CAClBiG,YAAapE,EAEb6D,MAAO,SAASyB,GAcd,GAbA7D,KAAK8D,KAAO,EACZ9D,KAAKuB,KAAO,EAGZvB,KAAKb,KAAOa,KAAKZ,WApgBjBP,EAqgBAmB,KAAKlB,MAAO,EACZkB,KAAKjB,SAAW,KAEhBiB,KAAKtB,OAAS,OACdsB,KAAKrB,SAzgBLE,EA2gBAmB,KAAKgC,WAAWzB,QAAQ2B,IAEnB2B,EACH,IAAK,IAAIb,KAAQhD,KAEQ,MAAnBgD,EAAKe,OAAO,IACZpH,EAAOiD,KAAKI,KAAMgD,KACjBT,OAAOS,EAAKgB,MAAM,MACrBhE,KAAKgD,QAnhBXnE,IAyhBFoF,KAAM,WACJjE,KAAKlB,MAAO,EAEZ,IACIoF,EADYlE,KAAKgC,WAAW,GACLG,WAC3B,GAAwB,UAApB+B,EAAWzE,KACb,MAAMyE,EAAWvF,IAGnB,OAAOqB,KAAKmE,MAGd9E,kBAAmB,SAAS+E,GAC1B,GAAIpE,KAAKlB,KACP,MAAMsF,EAGR,IAAI9F,EAAU0B,KACd,SAASqE,EAAOC,EAAKC,GAYnB,OAXAhF,EAAOE,KAAO,QACdF,EAAOZ,IAAMyF,EACb9F,EAAQiD,KAAO+C,EAEXC,IAGFjG,EAAQI,OAAS,OACjBJ,EAAQK,SApjBZE,KAujBY0F,EAGZ,IAAK,IAAI9B,EAAIzC,KAAKgC,WAAWQ,OAAS,EAAGC,GAAK,IAAKA,EAAG,CACpD,IAAId,EAAQ3B,KAAKgC,WAAWS,GACxBlD,EAASoC,EAAMQ,WAEnB,GAAqB,SAAjBR,EAAMC,OAIR,OAAOyC,EAAO,OAGhB,GAAI1C,EAAMC,QAAU5B,KAAK8D,KAAM,CAC7B,IAAIU,EAAW7H,EAAOiD,KAAK+B,EAAO,YAC9B8C,EAAa9H,EAAOiD,KAAK+B,EAAO,cAEpC,GAAI6C,GAAYC,EAAY,CAC1B,GAAIzE,KAAK8D,KAAOnC,EAAME,SACpB,OAAOwC,EAAO1C,EAAME,UAAU,GACzB,GAAI7B,KAAK8D,KAAOnC,EAAMG,WAC3B,OAAOuC,EAAO1C,EAAMG,iBAGjB,GAAI0C,GACT,GAAIxE,KAAK8D,KAAOnC,EAAME,SACpB,OAAOwC,EAAO1C,EAAME,UAAU,OAG3B,CAAA,IAAI4C,EAMT,MAAM,IAAI7F,MAAM,0CALhB,GAAIoB,KAAK8D,KAAOnC,EAAMG,WACpB,OAAOuC,EAAO1C,EAAMG,gBAU9BxC,OAAQ,SAASG,EAAMd,GACrB,IAAK,IAAI8D,EAAIzC,KAAKgC,WAAWQ,OAAS,EAAGC,GAAK,IAAKA,EAAG,CACpD,IAAId,EAAQ3B,KAAKgC,WAAWS,GAC5B,GAAId,EAAMC,QAAU5B,KAAK8D,MACrBnH,EAAOiD,KAAK+B,EAAO,eACnB3B,KAAK8D,KAAOnC,EAAMG,WAAY,CAChC,IAAI4C,EAAe/C,EACnB,OAIA+C,IACU,UAATjF,GACS,aAATA,IACDiF,EAAa9C,QAAUjD,GACvBA,GAAO+F,EAAa5C,aAGtB4C,EAAe,MAGjB,IAAInF,EAASmF,EAAeA,EAAavC,WAAa,GAItD,OAHA5C,EAAOE,KAAOA,EACdF,EAAOZ,IAAMA,EAET+F,GACF1E,KAAKtB,OAAS,OACdsB,KAAKuB,KAAOmD,EAAa5C,WAClB5C,GAGFc,KAAK2E,SAASpF,IAGvBoF,SAAU,SAASpF,EAAQwC,GACzB,GAAoB,UAAhBxC,EAAOE,KACT,MAAMF,EAAOZ,IAcf,MAXoB,UAAhBY,EAAOE,MACS,aAAhBF,EAAOE,KACTO,KAAKuB,KAAOhC,EAAOZ,IACM,WAAhBY,EAAOE,MAChBO,KAAKmE,KAAOnE,KAAKrB,IAAMY,EAAOZ,IAC9BqB,KAAKtB,OAAS,SACdsB,KAAKuB,KAAO,OACa,WAAhBhC,EAAOE,MAAqBsC,IACrC/B,KAAKuB,KAAOQ,GAGP7C,GAGT0F,OAAQ,SAAS9C,GACf,IAAK,IAAIW,EAAIzC,KAAKgC,WAAWQ,OAAS,EAAGC,GAAK,IAAKA,EAAG,CACpD,IAAId,EAAQ3B,KAAKgC,WAAWS,GAC5B,GAAId,EAAMG,aAAeA,EAGvB,OAFA9B,KAAK2E,SAAShD,EAAMQ,WAAYR,EAAMI,UACtCG,EAAcP,GACPzC,IAKb2F,MAAS,SAASjD,GAChB,IAAK,IAAIa,EAAIzC,KAAKgC,WAAWQ,OAAS,EAAGC,GAAK,IAAKA,EAAG,CACpD,IAAId,EAAQ3B,KAAKgC,WAAWS,GAC5B,GAAId,EAAMC,SAAWA,EAAQ,CAC3B,IAAIrC,EAASoC,EAAMQ,WACnB,GAAoB,UAAhB5C,EAAOE,KAAkB,CAC3B,IAAIqF,EAASvF,EAAOZ,IACpBuD,EAAcP,GAEhB,OAAOmD,GAMX,MAAM,IAAIlG,MAAM,0BAGlBmG,cAAe,SAAS1C,EAAUf,EAAYE,GAa5C,OAZAxB,KAAKjB,SAAW,CACd/B,SAAUoD,EAAOiC,GACjBf,WAAYA,EACZE,QAASA,GAGS,SAAhBxB,KAAKtB,SAGPsB,KAAKrB,SA7rBPE,GAgsBOK,IAQJ3C,GAOsByI,EAAOzI,SAGtC,IACE0I,mBAAqB3I,EACrB,MAAO4I,GAUPC,SAAS,IAAK,yBAAdA,CAAwC7I,iCDluB1C,SAAYD,GACRA,YACAA,cAFJ,CAAYA,IAAAA,OAQL,IAwCK+I,EA5BCC,EAEL,sEA0BR,SAAYD,GACRA,gDACAA,yEACAA,6DACAA,yEACAA,iDACAA,iEANJ,CAAYA,IAAAA,OAYZ,IEpDaE,sDAOHC,+CAAN,WACIC,EACAC,iFAEMC,EAA8B,CAChChH,OAAQrC,EAAWsJ,IACnBH,IAAKA,EACLI,QAASH,GAAWA,EAAQG,QAC5BC,eAAgB,kBAAM,aAGHC,EAAMJ,mCACtB,CACHE,SAFEG,UAEgBH,QAClBI,KAAMD,EAASE,KACfC,OAAQH,EAASG,8GASnBC,gDAAN,WACIX,EACAC,iFAEMC,EAA8B,CAChChH,OAAQrC,EAAW+J,KACnBZ,IAAKA,EACLS,KAAOR,GAAWA,EAAQO,MAAS,GACnCJ,QAASH,GAAWA,EAAQG,QAC5BC,eAAgB,kBAAM,aAGHC,EAAMJ,mCACtB,CACHE,SAFEG,UAEgBH,QAClBI,KAAMD,EAASE,KACfC,OAAQH,EAASG,iHCcvBG,EAAwC,CAC1CC,SAAU,GACVC,UAAWC,YAAUC,kBACrBC,aAAc,GACdC,gBAAiB,GACjBC,kBAAmB,CACfC,WAAY,GACZC,WAAY,GACZC,IAAK,IAETC,iBAAkB,GAClBC,uBAAwB,GACxBC,kBAAmB,GACnBC,mBAAoB,GACpBC,aAAcC,eAAaC,KAGzBC,EAAsC,GAUtCC,EAA4C,CAC9CC,cAT0C,CAC1CC,eAAgB,aAGhBC,mBAAmB,EACnBC,SAAUC,WAASC,MAKnBC,gDC9FOC,iBAAP,kBACW,IAAI1C,QD6Fa0C,6BAahBC,SAEZC,IAAAA,MACAC,IAAAA,aAEO,CACHC,UAAW/B,IALf+B,MAMIF,WAAYX,EAA0BW,GACtCC,YAAaX,EAA2BW,IE1HhD,IAEaE,oCAMFC,aAAP,kBACWC,UAOJC,OAAP,SAAcC,SACQ,6EACDC,KAAKD,SClBjBE,oCAOFC,aAAP,SAAoBC,EAAaC,UACtBC,OAAOC,KAAKH,EAAKC,GAAUtF,SAAS,aAOxCyF,gBAAP,SAAuBJ,EAAaC,UACzBH,EAAcC,aAAaC,EAAKC,GAClCI,QAAQ,KAAM,IACdA,QAAQ,MAAO,KACfA,QAAQ,MAAO,QASjBC,aAAP,SAAoBC,UACTL,OAAOC,KAAKI,EAAW,UAAU5F,SAAS,WAM9C6F,gBAAP,SAAuBD,WACfP,EAAMO,EAAUF,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KAC9CL,EAAIrG,OAAS,GAChBqG,GAAO,WAEJF,EAAcQ,aAAaN,SChC7BS,sDAKHC,6CAAN,2FACUC,EAAWxJ,KAAKyJ,uBAChBC,EAAY1J,KAAK2J,kCAAkCH,qBAClD,CAAEA,SAAAA,EAAUE,UAAAA,2GAMfD,qBAAA,eACEG,EAAqBC,EAAOC,YPZT,IOanBN,EAAmBxJ,KAAK+J,iBAAiBH,UACxCjB,EAAcM,gBAAgBO,MAOjCG,kCAAA,SAAkCK,UAC/BrB,EAAcM,gBACjBjJ,KAAKiK,OAAOD,GAAcxG,SAAS,UACnC,aAQAyG,OAAA,SAAOL,UACJC,EACFK,WP5BD,UO6BCC,OAAOP,GACPQ,YAODL,iBAAA,SAAiBH,WACfS,EAAU,GACP5H,EAAI,EAAGA,EAAImH,EAAOU,WAAY7H,GAAK,EAExC4H,EAAQpI,KAAKoD,EADCuE,EAAOnH,GAAK4C,EAAmB7C,gBAG1C6H,EAAQE,KAAK,UClDfC,+BAKAC,cAAgB,IAAInB,6BAO7BoB,cAAA,kBACWrC,EAAcC,kBAOzBM,aAAA,SAAa+B,UACFhC,EAAcC,aAAa+B,MAOtCxB,aAAA,SAAawB,UACFhC,EAAcQ,aAAawB,MAMtCpB,kBAAA,kBACWvJ,KAAKyK,cAAclB,uBAM9BqB,uBAAA,iBACU,IAAIhM,MAAM,8BAMpBiM,QAAA,iBACU,IAAIjM,MAAM,iCCtDXkM,oCAKFC,oBAAP,SAA2BC,UACGC,cAAYC,QAAQF,GACxC,GACAG,KAAKC,MAAMJ,MAQdK,oBAAP,SAA2BC,OACjBC,EAA+B,UACjCD,GACA7O,OAAOgH,KAAK6H,GAAUE,KAAI,SAAUjO,OAC1BkO,EAAgBH,EAAS/N,GACzBmO,EAAY,CACdC,cAAeF,EAAcG,gBAC7BC,YAAaJ,EAAcI,YAC3BC,MAAOL,EAAcK,MACrBC,eAAgBN,EAAcO,iBAC9BC,SAAUR,EAAcQ,SACxBC,cAAeT,EAAcU,eAC7BnJ,KAAMyI,EAAczI,KACpBoJ,WAAYX,EAAcY,YAC1BC,qBAAsBb,EAAcc,uBACpCC,oBAAqBf,EAAcgB,uBAEjCC,EAAyB,IAAIC,gBACnCC,eAAaC,SAASH,EAAShB,GAC/BH,EAAehO,GAAOmP,KAIvBnB,KAOJuB,oBAAP,SAA2BC,OACjBC,EAA0B,UAC5BD,GACAtQ,OAAOgH,KAAKsJ,GAAUvB,KAAI,SAAUjO,OAC1B0P,EAAgBF,EAASxP,GACzB2P,EAAY,CACdvB,cAAesB,EAAcrB,gBAC7BC,YAAaoB,EAAcpB,YAC3BsB,eAAgBF,EAAcG,gBAC9B9G,SAAU2G,EAAcI,UACxBC,OAAQL,EAAcK,OACtBxB,MAAOmB,EAAcnB,OAEnByB,EAAyB,IAAIC,gBACnCZ,eAAaC,SAASU,EAASL,GAC/BF,EAAUzP,GAAOgQ,KAGlBP,KAOJS,wBAAP,SAA+BC,OACrBC,EAA8B,UAChCD,GACAjR,OAAOgH,KAAKiK,GAAclC,KAAI,SAAUjO,OAC9BqQ,EAAeF,EAAanQ,GAC5BsQ,EAAW,CACblC,cAAeiC,EAAahC,gBAC5BC,YAAa+B,EAAa/B,YAC1BsB,eAAgBS,EAAaR,gBAC7B9G,SAAUsH,EAAaP,UACvBC,OAAQM,EAAaN,OACrBxB,MAAO8B,EAAa9B,MACpBgC,OAAQF,EAAaE,OACrBC,SAAUH,EAAaI,UACvBC,UAAWL,EAAaM,WACxBC,kBAAmBP,EAAaQ,oBAChCC,UAAWT,EAAaU,WACxBC,MAAOX,EAAaY,OACpBC,UAAWb,EAAac,YAEtBC,EAAiC,IAAIC,oBAC3ChC,eAAaC,SAAS8B,EAAad,GACnCF,EAAUpQ,GAAOoR,KAIlBhB,KAOJkB,yBAAP,SAAgCC,OACtBC,EAA+B,UACjCD,GACArS,OAAOgH,KAAKqL,GAAetD,KAAI,SAAUjO,OAC/ByR,EAAeF,EAAcvR,GAC7B0R,EAAW,CACbtD,cAAeqD,EAAapD,gBAC5BC,YAAamD,EAAanD,YAC1BsB,eAAgB6B,EAAa5B,gBAC7B9G,SAAU0I,EAAa3B,UACvBC,OAAQ0B,EAAa1B,OACrB4B,SAAUF,EAAaG,UACvBrB,OAAQkB,EAAalB,OACrBhC,MAAOkD,EAAalD,OAElBsD,EAAmC,IAAIC,qBAC7CzC,eAAaC,SAASuC,EAAcH,GACpCF,EAAUxR,GAAO6R,KAIlBL,KAOJO,uBAAP,SAA8BC,OACpBC,EAAuC,UACzCD,GACA9S,OAAOgH,KAAK8L,GAAa/D,KAAI,SAAUjO,OAC7BkS,EAAiBF,EAAYhS,GAC7BmS,EAAY,CACdpJ,SAAUmJ,EAAepC,UACzBxB,YAAa4D,EAAe5D,YAC5BqD,SAAUO,EAAeN,WAEvBQ,EAAyB,IAAIC,oBACnChD,eAAaC,SAAS8C,EAAKD,GAC3BF,EAAmBjS,GAAOoS,KAI3BH,KAOJK,oBAAP,SAA2BC,SAChB,CACHxE,SAAUwE,EAAUC,QACd/P,KAAKqL,oBAAoByE,EAAUC,SACnC,GACNhD,SAAU+C,EAAUE,QACdhQ,KAAK8M,oBAAoBgD,EAAUE,SACnC,GACNtC,aAAcoC,EAAUG,YAClBjQ,KAAKyN,wBAAwBqC,EAAUG,aACvC,GACNnB,cAAegB,EAAUI,aACnBlQ,KAAK6O,yBAAyBiB,EAAUI,cACxC,GACNX,YAAaO,EAAUK,YACjBnQ,KAAKsP,uBAAuBQ,EAAUK,aACtC,UC9KLC,oCAKFC,kBAAP,SAAyBpK,UACdkF,KAAKmF,UAAUrK,MAOnBsK,kBAAP,SAAyBC,OACflF,EAAoD,UAC1D7O,OAAOgH,KAAK+M,GAAUhF,KAAI,SAAUjO,OAC1BkT,EAAgBD,EAASjT,GAC/B+N,EAAS/N,GAAO,CACZqO,gBAAiB6E,EAAc9E,cAC/BE,YAAa4E,EAAc5E,YAC3BC,MAAO2E,EAAc3E,MACrBE,iBAAkByE,EAAc1E,eAChCE,SAAUwE,EAAcxE,SACxBE,eAAgBsE,EAAcvE,cAC9BlJ,KAAMyN,EAAczN,KACpBqJ,YAAaoE,EAAcrE,WAC3BG,uBAAwBkE,EAAcnE,qBACtCG,sBAAuBgE,EAAcjE,wBAItClB,KAOJoF,kBAAP,SAAyBC,OACf5D,EAAoD,UAC1DtQ,OAAOgH,KAAKkN,GAAUnF,KAAI,SAAUjO,OAC1BqT,EAAYD,EAASpT,GAC3BwP,EAASxP,GAAO,CACZqO,gBAAiBgF,EAAUjF,cAC3BE,YAAa+E,EAAU/E,YACvBuB,gBAAiBwD,EAAUzD,eAC3BE,UAAWuD,EAAUtK,SACrBgH,OAAQsD,EAAUtD,OAClBxB,MAAO8E,EAAU9E,UAIlBiB,KAOJ8D,sBAAP,SAA6BC,OACnBpD,EAA4D,UAClEjR,OAAOgH,KAAKqN,GAAStF,KAAI,SAAUjO,OACzBwT,EAAWD,EAAQvT,GACzBmQ,EAAanQ,GAAO,CAChBqO,gBAAiBmF,EAASpF,cAC1BE,YAAakF,EAASlF,YACtBuB,gBAAiB2D,EAAS5D,eAC1BE,UAAW0D,EAASzK,SACpBgH,OAAQyD,EAASzD,OACjBxB,MAAOiF,EAASjF,MAChBgC,OAAQiD,EAASjD,OACjBE,UAAW+C,EAAShD,SACpBG,WAAY6C,EAAS9C,UACrBG,oBAAqB2C,EAAS5C,kBAC9BG,WAAYyC,EAAS1C,UACrBG,OAAQuC,EAASxC,MACjBG,WAAYqC,EAAStC,cAItBf,KAOJsD,uBAAP,SAA8BC,OACpBnC,EAA8D,UACpErS,OAAOgH,KAAKwN,GAASzF,KAAI,SAAUjO,OACzB2T,EAAWD,EAAQ1T,GACzBuR,EAAcvR,GAAO,CACjBqO,gBAAiBsF,EAASvF,cAC1BE,YAAaqF,EAASrF,YACtBuB,gBAAiB8D,EAAS/D,eAC1BE,UAAW6D,EAAS5K,SACpBgH,OAAQ4D,EAAS5D,OACjB6B,UAAW+B,EAAShC,SACpBpB,OAAQoD,EAASpD,OACjBhC,MAAOoF,EAASpF,UAIjBgD,KAOJqC,qBAAP,SAA4BC,OAClB7B,EAA2D,UACjE9S,OAAOgH,KAAK2N,GAAW5F,KAAI,SAAUjO,OAC3B8T,EAAaD,EAAU7T,GAC7BgS,EAAYhS,GAAO,CACf8P,UAAWgE,EAAW/K,SACtBuF,YAAawF,EAAWxF,YACxBsD,UAAWkC,EAAWnC,aAIvBK,KAOJ+B,kBAAP,SAAyBC,SACd,CACHxB,QAAS/P,KAAKuQ,kBAAkBgB,EAAWjG,UAC3C0E,QAAShQ,KAAK0Q,kBAAkBa,EAAWxE,UAC3CkD,YAAajQ,KAAK6Q,sBAAsBU,EAAW7D,cACnDwC,aAAclQ,KAAKgR,uBAAuBO,EAAWzC,eACrDqB,YAAanQ,KAAKmR,qBAAqBI,EAAWhC,oBCnHjDiC,yBAMGC,EAAgBnL,EAAkBoL,8BACpCpL,EAAUoL,gBAJU,oBACY,KAIjCD,OAASA,sCAOlBE,sBAAA,SAAsBC,QACbC,eAAe5P,KAAK2P,MAM7BE,WAAA,gBACSD,eAAetR,SAAQ,SAAAqR,UAAQA,EAAKhS,KAAK,YAOlDmS,qBAAA,SAAqB7J,OAEX8J,EAA+B,CACjC1G,SAAU,GACVyB,SAAU,GACVW,aAAc,GACdoB,cAAe,GACfS,YAAa,QAGZ,IAAMhS,KAAO2K,KACVA,EAAM3K,aAA0BoP,gBAChCqF,EAAc1G,SAAS/N,GAAO2K,EAAM3K,QACjC,GAAI2K,EAAM3K,aAAgBiQ,gBAC7BwE,EAAcjF,SAASxP,GAAO2K,EAAM3K,QACjC,GAAI2K,EAAM3K,aAAgBqR,oBAC7BoD,EAActE,aAAanQ,GAAO2K,EAAM3K,QACrC,GAAI2K,EAAM3K,aAAgB8R,qBAC7B2C,EAAclD,cAAcvR,GAAO2K,EAAM3K,OACtC,CAAA,KAAI2K,EAAM3K,aAAgBqS,8BAC7BoC,EAAczC,YAAYhS,GAAO2K,EAAM3K,UAMxCyU,KAOXC,qBAAA,SAAqBD,UAELhS,KAAKkS,gBAGVF,EAAc1G,SACd0G,EAAcjF,SACdiF,EAActE,aACdsE,EAAclD,cACdkD,EAAczC,gBAQzB4C,iBAAA,uBACSV,OAAOW,QAAQ,2BAGEpS,KAAK+R,qBAAqB/R,KAAKkS,eAQzDG,iBAAA,SAAiBL,QACRP,OAAOW,QAAQ,+BAGdlK,EAAQlI,KAAKiS,qBAAqBD,QACnCM,SAASpK,QAET4J,gBAMTI,SAAA,uBACST,OAAOW,QAAQ,iCACbpS,KAAKkI,SAOhBoK,SAAA,SAASpK,QACAuJ,OAAOW,QAAQ,sCACflK,MAAQA,OAGR4J,gBAOTS,QAAA,SAAQhV,eACCkU,OAAOe,wBAAwBjV,GAGtByC,KAAKkS,WACN3U,MAQjBkV,QAAA,SAAQlV,EAAaC,QACZiU,OAAOe,wBAAwBjV,OAG9B2K,EAAQlI,KAAKkS,WACnBhK,EAAM3K,GAAOC,OAGR8U,SAASpK,MAOlBwK,WAAA,SAAWC,OACDjG,EAAU1M,KAAKuS,QAAQI,UACzBhG,gBAAciG,gBAAgBlG,GACvBA,EAEJ,QAOXmG,WAAA,SAAWnG,OACDiG,EAAajG,EAAQoG,0BACtBL,QAAQE,EAAYjG,MAO7BqG,qBAAA,SAAqBC,OACXzF,EAAUvN,KAAKuS,QAAQS,UACzBxF,gBAAcyF,gBAAgB1F,GACvBA,EAEJ,QAOX2F,qBAAA,SAAqB3F,OACXyF,EAAazF,EAAQ4F,6BACtBV,QAAQO,EAAYzF,MAO7B6F,yBAAA,SAAyBC,OACf1E,EAAc3O,KAAKuS,QAAQc,UAC7BzE,oBAAkB0E,oBAAoB3E,GAC/BA,EAEJ,QAOX4E,yBAAA,SAAyB5E,OACf0E,EAAiB1E,EAAYwE,6BAC9BV,QAAQY,EAAgB1E,MAOjC6E,0BAAA,SAA0BC,OAChBrE,EAAepP,KAAKuS,QAAQkB,UAC9BpE,qBAAmBqE,qBAAqBtE,GACjCA,EAEJ,QAOXuE,0BAAA,SAA0BvE,OAChBqE,EAAkBrE,EAAa+D,6BAChCV,QAAQgB,EAAiBrE,MAOlCwE,eAAA,SAAeC,OACLtE,EAAiCvP,KAAKuS,QAAQsB,UAChDjE,oBAAkBkE,oBAAoBD,EAAgBtE,GAC/CA,EAEJ,QAOXwE,eAAA,SAAexE,OACLsE,EAAiBtE,EAAYyE,8BAC9BvB,QAAQoB,EAAgBtE,MAOjC0E,mBAAA,SAAmBC,OACTC,EAA+CnU,KAAKuS,QAAQ2B,UAC9DC,GAAyBC,wBAAsBC,wBAAwBH,EAAoBC,GACpFA,EAEJ,QAQXG,mBAAA,SAAmBC,EAA4BC,QACtC/B,QAAQ8B,EAAoBC,MAOrCC,qBAAA,SAAqBlX,OACXmX,EAAmD1U,KAAKuS,QAAQhV,UAClEmX,GAA2BC,0BAAwBC,0BAA0BrX,EAAKmX,GAC3EA,EAEJ,QAMXG,yBAAA,6BACW7U,KAAK8U,UAAUC,QAAO,SAACxX,UACnByX,EAAKC,oBAAoB1X,SASxC2X,qBAAA,SAAqB3X,EAAa4X,QACzB1C,QAAQlV,EAAK4X,MAOtBC,mBAAA,SAAmBC,OACTC,EAAoCtV,KAAKuS,QAAQ8C,UACnDC,GAAmBC,mBAAiBC,mBAAmBH,EAAoBC,GACpEA,EAEJ,QAQXG,mBAAA,SAAmBJ,EAA4BC,QACtC7C,QAAQ4C,EAAoBC,MAQrCI,WAAA,SAAWnY,QACFkU,OAAOe,wBAAwBjV,OAGhCwD,GAAkB,EAChBmH,EAAQlI,KAAKkS,kBAEbhK,EAAM3K,YACD2K,EAAM3K,GACbwD,GAAS,GAITA,SACKuR,SAASpK,QACT4J,cAEF/Q,KAOX4U,YAAA,SAAYpY,UACDyC,KAAK8U,UAAUc,SAASrY,MAMnCuX,QAAA,gBACSrD,OAAOW,QAAQ,iCAGdlK,EAAQlI,KAAKkS,2BACPzV,OAAOgH,KAAKyE,OAM5B2N,MAAA,2BACSpE,OAAOW,QAAQ,0CAGFpS,KAAK8U,UAGbvU,SAAQ,SAAAhD,GACduY,EAAKJ,WAAWnY,WAEfuU,gBAOFiE,sBAAP,SAA6B7N,UAClB4C,EAAa+E,oBAChB/E,EAAaC,oBAAoB7C,OAQlC8N,kBAAP,SAAyBhE,UACd5B,EAAWkB,kBAAkBU,OAlZXpF,gBCf3BqJ,EACO,GADPA,EAEO,GAFPA,EAGW,GAHXA,EAIY,GAJZA,EAKW,GAOJC,wBAQGC,EAAsB1E,EAAgB2E,QACzCC,iBAAkB,OAClBF,QAAUA,OACVA,QAAQxE,sBAAsB3R,KAAKsW,kBAAkBC,KAAKvW,OAC3DoW,SACKI,YAAcJ,QAElB3E,OAASA,6BAMlBgF,WAAA,kBACWzW,KAAKqW,mBAMhBK,UAAA,gBACSjF,OAAOW,QAAQ,mCAChBuE,EAAavG,EAAWkB,kBACxBtR,KAAKmW,QAAQhE,2BAIZlH,cAAYC,QAAQlL,KAAK4W,oBAOrBnF,OAAOW,QAAQ,oCANfX,OAAOW,QAAQ,oCACpBuE,EAAa3W,KAAK6W,WACd1L,KAAKC,MAAMpL,KAAK4W,eAChBD,SAKHN,iBAAkB,EAEhBlL,KAAKmF,UAAUqG,MAO1BG,YAAA,SAAY5O,WACHuJ,OAAOW,QAAQ,8CACfwE,cAAgB1O,EAEhB+C,cAAYC,QAAQlL,KAAK4W,oBAOrBnF,OAAOW,QAAQ,wCAPsB,MACrCX,OAAOW,QAAQ,wCACd2E,EAAoBjM,EAAa+E,oBACnC7P,KAAKgX,gBAAgB7L,KAAKC,MAAMpL,KAAK4W,sBAEpCT,QAAQ9D,iBAAiB0E,OAStCE,WAAA,kBACWjX,KAAKmW,QAAQjE,cAMlBgF,0CAAN,0FAESzF,OAAOW,QAAQ,mCAGZpS,KAAKwW,mCACLW,EAAe,IAAIC,oBAAkBpX,MAAM,YACrCA,KAAKwW,YAAYa,kBAAkBF,mCAEtCnX,KAAKmW,QAAQe,sCAEhBlX,KAAKwW,cAAeW,oCACdnX,KAAKwW,YAAYc,iBAAiBH,kJAW9CI,8CAAN,WAAyB5L,wFACK3L,KAAKkX,2BAAzBM,SACDvM,cAAYC,QAAQS,KAAkB6L,IAAeA,EAAYhV,gDAC3DgV,EAAYzC,QAAO,SAAA0C,UAAcA,EAAW9L,gBAAkBA,KAAe,IAAM,sCAEnF,8GAUT+L,+CAAN,WAA0B3L,wFACI/L,KAAKkX,2BAAzBM,SACDvM,cAAYC,QAAQa,KAAmByL,IAAeA,EAAYhV,gDAC5DgV,EAAYzC,QAAO,SAAA0C,UAAcA,EAAW1L,iBAAmBA,KAAgB,IAAM,sCAErF,8GAQT4L,yCAAN,WAAoBjL,gFACX+E,OAAOW,QAAQ,kCAGZpS,KAAKwW,mCACLW,EAAe,IAAIC,oBAAkBpX,MAAM,YACrCA,KAAKwW,YAAYa,kBAAkBF,eAExChB,QAAQwB,cAAchL,gBAAciL,wBAAwBlL,wBAE7D1M,KAAKwW,cAAeW,oCACdnX,KAAKwW,YAAYc,iBAAiBH,mJAQ5Cb,kBAAA,gBACCD,iBAAkB,KAQnBQ,WAAA,SAAWgB,EAAqBC,QAC/BrG,OAAOW,QAAQ,mDACd2F,EAAoB/X,KAAKgY,cAAcH,EAAUC,UAChD9X,KAAKiY,aAAaF,EAAmBD,MAQxCG,aAAA,SAAaJ,EAAeK,qBAChCzb,OAAOgH,KAAKyU,GAAU3X,SAAQ,SAAC4X,OACrBC,EAAWF,EAASC,MAGrBN,EAASjb,eAAeub,GAItB,KAEGE,EAA+B,OAAbD,EAClBE,EAAuC,iBAAbF,EAC1BG,GAAsBC,MAAMC,QAAQL,GAGtCC,GAAmBC,GAAoBC,GAFR,MAAOV,EAASM,GAG/CO,EAAKT,aAAaJ,EAASM,GAASC,GAEpCP,EAASM,GAAUC,OAbN,OAAbA,IACAP,EAASM,GAAUC,MAiBxBP,KASHG,cAAA,SAAcH,EAAqBK,eAClCzG,OAAOW,QAAQ,wCAQbyF,GACH9H,QARa8H,EAAS9H,QAAU/P,KAAK2Y,kBAA2Cd,EAAS9H,QAASmI,EAASnI,SAAW8H,EAAS9H,QAS/HE,YARiB4H,EAAS5H,YAAcjQ,KAAK2Y,kBAA+Cd,EAAS5H,YAAaiI,EAASjI,aAAe4H,EAAS5H,YASnJC,aARkB2H,EAAS3H,aAAelQ,KAAK2Y,kBAAgDd,EAAS3H,aAAcgI,EAAShI,cAAgB2H,EAAS3H,aASxJF,QARa6H,EAAS7H,QAAUhQ,KAAK2Y,kBAA2Cd,EAAS7H,QAASkI,EAASlI,SAAW6H,EAAS7H,QAS/HG,YARgB0H,EAAS1H,YAAcnQ,KAAK2Y,kBAA+Cd,EAAS1H,YAAa+H,EAAS/H,aAAe0H,EAAS1H,iBAiBlJwI,kBAAA,SAAqBd,EAA6BK,OAChDvB,OAAkBkB,UACxBpb,OAAOgH,KAAKoU,GAAUtX,SAAQ,SAACqY,GACtBV,GAAcA,EAAStb,eAAegc,WAChCjC,EAAWiC,MAGnBjC,KAOHK,gBAAA,SAAgB6B,eACfpH,OAAOW,QAAQ,iDACb,CACHrC,aACOkG,EACA4C,EAAc9I,SAErBC,aACOiG,EACA4C,EAAc7I,SAErBC,iBACOgG,EACA4C,EAAc5I,aAErBC,kBACO+F,EACA4C,EAAc3I,cAErBC,iBACO8F,EACA4C,EAAc1I,oBCjPX2I,wBA6BIC,QACbC,OAAS/Q,EAAsB8Q,QAC/BE,eAAiB,IAAIzO,OACrBiH,OAAS,IAAIyH,SAAOlZ,KAAKgZ,OAAO7Q,OAAQV,cCzEjC,mBACG,cDyEV0O,QAAU,IAAI3E,EAAYxR,KAAKyR,OAAQzR,KAAKgZ,OAAO5Q,KAAK9B,SAAUtG,KAAKiZ,qBACvEE,WAAa,IAAIjD,EAClBlW,KAAKmW,QACLnW,KAAKyR,OACLzR,KAAKgZ,OAAO9Q,MAAOkO,wCAarBgD,0CAAN,WAAqB1T,wFACZ+L,OAAOpQ,KAAK,yBACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAC9B6T,aAAc7T,EAAQ6T,cAAgBC,eAAaC,MACnDC,qBAAsBC,uBAAqBC,kBAEhB5Z,KAAK6Z,8BAChCR,EAAa9S,yBADXuT,cAGDrI,OAAOW,QAAQ,gCACd2H,EAA0B,IAAIC,0BAChCF,qBAEGC,EAAwBX,eAAeC,4GAW5CY,8CAAN,WAAyBvU,0FAChB+L,OAAOpQ,KAAK,6BACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAC9BgU,qBAAsBC,uBAAqBC,SAEzCM,EAAyBla,KAAKma,iCAAiC/U,EAAM6U,mBAAoBZ,EAAae,iCAEzEpa,KAAK6Z,8BAChCR,EAAa9S,UACb2T,iBAFEJ,cAIDrI,OAAOW,QAAQ,gCACd2H,EAA0B,IAAIC,0BAChCF,qBAEGC,EAAwBM,aAAahB,4CAE5Ca,EAAuBI,gJAYzBC,sDAAN,WAAiC7U,0FACxB+L,OAAOpQ,KAAK,qCACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAC9BgU,qBAAsBC,uBAAqBC,SAGzCM,EAAyBla,KAAKma,iCAAiC/U,EAAMmV,2BAA4BlB,EAAae,iCAEzEpa,KAAK6Z,8BACxCR,EAAa9S,UACb2T,iBAFEM,cAID/I,OAAOW,QAAQ,gCACdqI,EAAqB,IAAIC,qBAC3BF,qBAEGC,EAAmBJ,aAAahB,4CAEvCa,EAAuBI,gJAazBK,8CAAN,WAAyBjV,mFACf2T,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAC9BkV,aAAclV,EAAQkV,eAAgB,IAGpCV,EAAyBla,KAAKma,iCAAiC/U,EAAMuV,mBAAoBtB,EAAae,cAAef,EAAauB,gCAE/F5a,KAAK6Z,8BACtCR,EAAa9S,UACb2T,iBAEEW,EAAmB,IAAIC,6CAGtBD,EAAiBR,aAAahB,4CAErCa,EAAuBI,gJAQ/BS,cAAA,uBACStJ,OAAOpQ,KAAK,wBACVrB,KAAKmZ,cAMhB6B,UAAA,kBACWhb,KAAKyR,UAOhBwJ,UAAA,SAAUxJ,QACDA,OAASA,KAQFoI,yDAAN,WAAoCtT,EAAmB2T,oFACxDzI,OAAOW,QAAQ,iDAGcpS,KAAKkb,gBAAgB3U,mCAEhD,CACH4U,YAAa,CACT7U,SAAUtG,KAAKgZ,OAAO5Q,KAAK9B,SAC3BC,UALF6U,SAMEjU,mBAAoBnH,KAAKgZ,OAAO5Q,KAAKjB,oBAEzCM,cAAe,CACXC,eAAgB1H,KAAKgZ,OAAO7Q,OAAQV,cAC/BC,eACLC,kBAAmB3H,KAAKgZ,OAAO7Q,OAAQV,cAClCE,mBAET0T,gBAAiBrb,KAAKiZ,eACtBqC,iBAAkBtb,KAAKgZ,OAAO7Q,OAAQJ,cACtCwT,iBAAkBvb,KAAKmW,QACvB+D,uBAAwBA,EACxBsB,kBAAmB,CACf9U,aAAc1G,KAAK0G,aACnBC,gBAAiB3G,KAAK2G,gBAAkB3G,KAAKyb,mBAAmBL,QAAuBvc,GAE3F6c,YAAa,CACTC,IbvNF,eawNEC,QCnQO,QDoQPC,IAAKC,QAAQC,MAAQ,GACrBC,GAAIF,QAAQG,UAAY,IAE5BC,kBAAmBlc,KAAKgZ,OAAO9Q,MAAOkO,YACtC+F,kBAAmBnc,KAAKmZ,uHAIxBsC,mBAAA,SAAmBlV,SAChB,CACH6V,UAAWpc,KAAK2G,gBAAgB0V,OAAOrc,KAAKiZ,eAAgBjZ,KAAKgZ,OAAO5Q,KAAK9B,SAAUC,EAAU+V,eACjGC,cbnOmB,6Da2OjBjD,sBAAA,SAAsBkD,eACvB/K,OAAOW,QAAQ,uCAGboK,GACHC,iBAAcD,GAAeA,EAAYC,QAAW,GAAQC,uBAC5DtC,cAAeoC,GAAeA,EAAYpC,eAAiBpa,KAAKiZ,eAAevO,gBAC/EnE,UAAWiW,EAAYjW,WAAavG,KAAKgZ,OAAO5Q,KAAK7B,eAUnD4T,iCAAA,SAAiCwC,EAAevC,EAAuBQ,UAQtE,IAAIgC,yBAPsC,CAC7CtW,SAAUtG,KAAKgZ,OAAO5Q,KAAK9B,SAC3B8T,cAAeA,EACfuC,MAAOA,EACP/B,aAAcA,IAAgB,GAGkB5a,KAAKmW,YAQ/C+E,2CAAN,WAAsB2B,oFACrBpL,OAAOW,QAAQ,0BACd0K,EAAqC,CACvC1V,aAAcpH,KAAKgZ,OAAO5Q,KAAKhB,aAC/BJ,iBAAkBhH,KAAKgZ,OAAO5Q,KAAKpB,iBACnCC,uBAAwBjH,KAAKgZ,OAAO5Q,KAAKnB,uBACzCC,kBAAmBlH,KAAKgZ,OAAO5Q,KAAKlB,4BAE3B6V,mBAAiBC,yBAAyBH,EAAiB7c,KAAKgZ,OAAO7Q,OAAQJ,cAAgB/H,KAAKmW,QAAS2G,sJE1SrHG,yBAkBGlE,UACRmE,YAAMnE,2CAYGoE,oDAAN,WAA+BzX,0FAC7B+L,OAAOpQ,KAAK,mCACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAE5BwU,EAAyBla,KAAKma,iCAAiC/U,EAAM+X,yBAA0B9D,EAAae,iCAE/Epa,KAAK6Z,8BAChCR,EAAa9S,UACb2T,iBAFEkD,cAID3L,OAAOW,QAAQ,gCACdiL,EAAmB,IAAIC,mBAAiBF,qBACvCC,EAAiBhD,aAAahB,4CAErCa,EAAuBI,gJAezBiD,0DAAN,WAAqC7X,0FAC5B+L,OAAOpQ,KAAK,yCACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAE5BwU,EAAyBla,KAAKma,iCAAiC/U,EAAMmY,+BAAgClE,EAAae,iCAEzEpa,KAAK6Z,8BAC5CR,EAAa9S,UACb2T,iBAFEsD,cAID/L,OAAOW,QAAQ,gCACdqL,EAAyB,IAAIC,yBAAuBF,qBACnDC,EAAuBpD,aAAahB,4CAE3Ca,EAAuBI,iJA9EUxB,GCThC6E,6BAcKC,cAAP,SAAqBxB,OAClBzV,EAAkB,IAAIgX,SAC5BhX,EAAgBkX,IAAMzB,EACfzV,KASGmX,gBAAP,SAAuBjX,EAAoBC,EAAoBiX,OAC5DpX,EAAkB,IAAIgX,SAC5BhX,EAAgBG,WAAaA,EAC7BH,EAAgBE,WAAaA,EACzBkX,IACApX,EAAgBoX,kBAAoB/d,KAAKge,iBAAiBD,IAEvDpX,8BASJ0V,OAAA,SAAOpD,EAAgCgF,EAAgBC,MAEtDle,KAAK8G,YAAc9G,KAAK6G,kBAEpB7G,KAAK6d,MAAQ7d,KAAKme,aAAeF,IAAWje,KAAKie,QAAUC,IAAgBle,KAAKke,YACzEle,KAAK6d,IAGT7d,KAAKoe,UAAUnF,EAAgBgF,EAAQC,MAO9Cle,KAAK6d,WACE7d,KAAK6d,UAGVQ,kBAAgBC,iCAMlBF,UAAA,SAAUnF,EAAgCgF,EAAgBC,gBAEzDD,OAASA,OACTC,YAAcA,MACbK,EAAWC,YAAUC,kBACtBC,eAAiBH,EAAW,UAE3BI,UAAM,IhBnBP,UgBmBO,IAEYhW,EAAcM,gBAAgBjJ,KAAK6G,WAAY,UAGnE7G,KAAK+d,mBACLthB,OAAOmiB,OAAOD,UAAd,IACwB3e,KAAK+d,0BAI3Bc,UAAO,IACgB7e,KAAKke,cADrB,IAEuBle,KAAK0e,iBAF5B,IAGc1e,KAAKie,SAHnB,IAIeje,KAAKie,SAJpB,IAKkBM,IALlB,IAMctF,EAAevO,+BAGrCmT,IAAMiB,OAAKD,EAAS7e,KAAK8G,WAAY,CAAE6X,OAAQA,IAC7C3e,KAAK6d,OAMRM,UAAA,kBACGne,KAAK0e,eAAiBF,YAAUC,gBAO7BT,iBAAP,SAAwBD,WAWvBgB,EAHEC,EAAmB,kIACnBC,EAAkB,GAGwC,QAAxDF,EAAUC,EAAiBE,KAAKnB,KAEpCkB,EAAMhd,KAAK8c,EAAQ,GAAG7V,QAAQ,KAAM,YAGjC+V,QCnHFE,yBAqBGpG,8BACFA,UACDqG,oBAAoB1G,EAAKM,4CAMrBqG,0DAAN,WAAqC3Z,0FACnC+L,OAAOpQ,KAAK,yCACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,IAE5BwU,EAAyBla,KAAKma,iCAAiC/U,EAAMia,+BAAgChG,EAAae,cAAef,EAAaiG,6BAE3Gtf,KAAK6Z,8BACtCR,EAAa9S,UACb2T,iBAFEqF,cAID9N,OAAOW,QAAQ,gCACdoN,EAAyB,IAAIC,yBAAuBF,qBACnDC,EAAuBnF,aAAahB,4CAE3Ca,EAAuBI,gJAgBlBoF,kDAAN,WAA6Bha,wFAC3B+L,OAAOpQ,KAAK,iCACXgY,OACC3T,EACA1F,KAAKsZ,sBAAsB5T,aAEG1F,KAAK6Z,8BACtCR,EAAa9S,yBADXgZ,cAGD9N,OAAOW,QAAQ,gCACduN,EAAY,IAAIC,mBAAiBL,qBAChCI,EAAUtF,aAAahB,4GAG1B+F,oBAAA,SAAoBrG,OAElB8G,GAAwB5U,cAAYC,QAAQ6N,EAAc3Q,KAAK1B,cAC/DoZ,GAA2B7U,cAAYC,QAAQ6N,EAAc3Q,KAAKzB,iBAClEoZ,EAAchH,EAAc3Q,KAAKxB,kBACjCoZ,GAAuB/U,cAAYC,QAAQ6U,EAAYlZ,cAAgBoE,cAAYC,QAAQ6U,EAAYjZ,eAIzG+Y,GAAwBC,GACxBA,GAA2BE,GAC3BH,GAAwBG,QAClB3B,kBAAgB4B,kCAGtBJ,OACKnZ,aAAeqS,EAAc3Q,KAAK1B,qBAIvCoZ,OACKnZ,gBAAkBgX,EAAgBC,cAAc7E,EAAc3Q,KAAKzB,0BAIvEqZ,QACK3B,kBAAgB4B,0CAEjBtZ,gBAAkBgX,EAAgBG,gBAAgBiC,EAAYlZ,WAAYkZ,EAAYjZ,oBAAYiS,EAAc3Q,KAAKxB,0BAAnBsZ,EAAsCnZ,UAvGtG+R"}