{"version":3,"file":"saml.js","sourceRoot":"","sources":["../../../src/passport-saml/saml.ts"],"names":[],"mappings":";;;AAAA,iCAA0B;AAC1B,MAAM,KAAK,GAAG,eAAK,CAAC,eAAe,CAAC,CAAC;AACrC,6BAA6B;AAC7B,iCAAiC;AACjC,wCAAwC;AACxC,iCAAiC;AACjC,iCAAiC;AACjC,2BAA2B;AAC3B,2CAA2C;AAC3C,yCAAyC;AACzC,yCAAyC;AACzC,6BAA6B;AAC7B,uEAAiF;AACjF,2CAA2C;AAC3C,2DAA2D;AAqB3D,MAAM,EAAE,KAAK,EAAE,GAAG,SAAS,CAAC;AAO5B,SAAS,+BAA+B,CAAC,IAAU,EAAE,GAAc,EAAE,GAAa,EAAE,QAA6E;IAC/J,MAAM,OAAO,GAAG,GAAG,CAAC,aAAa,CAAC;IAClC,IAAI,OAAO,EAAE;QACX,MAAM,OAAO,GAAG,EAAa,CAAC;QAC9B,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;YACd,OAAO,CAAC,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;SAC7B;aAAM;YACL,OAAO,QAAQ,CAAC,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAC;SAC7D;QACD,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;QAC9B,IAAI,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;YACzB,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;SAC9B;aAAM;YACL,OAAO,QAAQ,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;SACnD;QACD,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,GAAG,EAAE,UAAU,GAAG,EAAE,MAAM;YAC7C,IAAG,GAAG,EAAE;gBACN,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;aACtB;YAED,IAAI,MAAM,EAAE;gBACV,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC;gBAC9B,IAAI,MAAM,CAAC,MAAM,EAAE;oBACjB,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,MAAM,CAAC;iBACtC;aACF;iBAAM;gBACL,OAAO,QAAQ,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;aACnD;YACD,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;YAC1C,IAAI,YAAY,EAAE;gBAChB,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aAC1C;YACD,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;KACJ;SAAM;QACL,OAAO,QAAQ,CAAC,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC,CAAC;KAC5D;AACH,CAAC;AAGD,SAAS,8BAA8B,CAAC,IAAU,EAAE,GAAc,EAAE,GAAa,EAAE,QAA4G;IAC7L,MAAM,QAAQ,GAAG,GAAG,CAAC,cAAc,CAAC;IACpC,MAAM,OAAO,GAAG,GAAG,CAAC,aAAa,CAAC;IAElC,IAAI,QAAQ,EAAC;QACX,OAAO,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;KACnC;SAAM,IAAI,OAAO,EAAE;QAClB,+BAA+B,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;KAC3D;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,MAAY,EAAE,QAAoD;IAC5F,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,SAAS,CAAW,CAAC;IAC5D,OAAO,QAAQ,CAAC,IAAI,EAAE;QACpB,KAAK,EAAE,MAAM,CAAC,WAAW;QACzB,MAAM,EAAE,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS;KACnD,CAAC,CAAC;AACL,CAAC;AAED,MAAM,IAAI;IAIR,YAAY,OAA6B;QACvC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACxC,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC;IAClD,CAAC;IACD,UAAU,CAAC,OAA6B;QACtC,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO,GAAG,EAAE,CAAC;SACd;QAED,IAAI,OAAO,CAAC,WAAW,EAAE;YACvB,OAAO,CAAC,IAAI,CAAC,0EAA0E,CAAC,CAAC;YAEzF,IAAI,OAAO,CAAC,UAAU,IAAI,IAAI,EAAE;gBAC9B,OAAO,CAAC,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC;aAC1C;SACF;QAED,IAAI,OAAO,CAAC,aAAa,EAAE;YACzB,OAAO,CAAC,IAAI,CAAC,+EAA+E,CAAC,CAAA;YAE7F,IAAI,OAAO,CAAC,aAAa,IAAI,IAAI,EAAE;gBACjC,OAAO,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;aAC/C;SACF;QAED,IAAI,OAAO,CAAC,oBAAoB,EAAE;YAChC,OAAO,CAAC,IAAI,CAAC,6FAA6F,CAAC,CAAA;YAE3G,IAAI,OAAO,CAAC,oBAAoB,IAAI,IAAI,EAAE;gBACxC,OAAO,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;aAC7D;SACF;QAED,IAAI,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;YAC1E,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;SAC7D;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;YACjB,OAAO,CAAC,IAAI,GAAG,eAAe,CAAC;SAChC;QAED,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;YACjB,OAAO,CAAC,IAAI,GAAG,WAAW,CAAC;SAC5B;QAED,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;YACnB,OAAO,CAAC,MAAM,GAAG,eAAe,CAAC;SAClC;QAED,IAAI,OAAO,CAAC,gBAAgB,KAAK,SAAS,EAAE;YAC1C,OAAO,CAAC,gBAAgB,GAAG,wDAAwD,CAAC;SACrF;QAED,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,EAAE;YACtC,OAAO,CAAC,YAAY,GAAG,mEAAmE,CAAC;SAC5F;QAED,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE;YACxC,OAAO,CAAC,YAAY,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;SAC/C;QAED,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE;YAChC,qBAAqB;YACrB,OAAO,CAAC,mBAAmB,GAAG,CAAC,CAAC;SACjC;QAED,IAAG,CAAC,OAAO,CAAC,oBAAoB,EAAC;YAC/B,OAAO,CAAC,oBAAoB,GAAG,KAAK,CAAC;SACtC;QAED,IAAG,CAAC,OAAO,CAAC,2BAA2B,EAAC;YACtC,OAAO,CAAC,2BAA2B,GAAG,QAAQ,CAAC,CAAE,UAAU;SAC5D;QAED,IAAG,CAAC,OAAO,CAAC,aAAa,EAAC;YACxB,OAAO,CAAC,aAAa,GAAG,IAAI,uCAAqB,CAC7C,EAAC,qBAAqB,EAAE,OAAO,CAAC,2BAA2B,EAAE,CAAC,CAAC;SACpE;QAED,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;YACtB,yBAAyB;YACzB,OAAO,CAAC,SAAS,GAAG,OAAO,CAAC,UAAU,IAAI,EAAE,CAAC;SAC9C;QAED,0BAA0B;QAC1B,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE;YAC/B,OAAO,CAAC,kBAAkB,GAAG,MAAM,CAAC;SACrC;QAED;;;;;;WAMG;QACH,IAAI,CAAC,OAAO,CAAC,aAAa,IAAI,CAAC,OAAO,EAAC,SAAS,EAAC,SAAS,EAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,EAAC;YACzG,OAAO,CAAC,aAAa,GAAG,OAAO,CAAC;SACjC;QAED,OAAO,OAAsB,CAAC;IAChC,CAAC;IAED,WAAW,CAAC,GAA0D;QACpE,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,IAAI,CAAC,GAAG,CAAC,QAAQ,IAAI,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACzE,CAAC;IAED,cAAc,CAAC,GAA0D;QACvE,wBAAwB;QACxB,IAAI,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE;YAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,CAAC;SACjC;aAAM;YACL,IAAI,IAAI,CAAC;YACT,IAAI,GAAG,CAAC,OAAO,EAAE;gBACf,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC;aACzB;iBAAM;gBACL,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;aAC1B;YACD,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;SACzD;IACH,CAAC;IAED,gBAAgB;QACd,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAChD,CAAC;IAED,eAAe;QACb,OAAO,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAClC,CAAC;IAED,WAAW,CAAC,WAA4C;QACtD,MAAM,iBAAiB,GAAoC,EAAE,CAAC;QAC9D,WAAW,CAAC,MAAM,GAAG,UAAU,CAAC,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACrF,MAAM,MAAM,GAAG,UAAU,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC;QACrE,IAAI,WAAW,CAAC,WAAW,EAAE;YAC3B,iBAAiB,CAAC,WAAW,GAAG,WAAW,CAAC,WAAW,CAAC;SACzD;QACD,IAAI,WAAW,CAAC,YAAY,EAAE;YAC5B,iBAAiB,CAAC,YAAY,GAAG,WAAW,CAAC,YAAY,CAAC;SAC3D;QACD,IAAI,WAAW,CAAC,UAAU,EAAE;YAC1B,iBAAiB,CAAC,UAAU,GAAG,WAAW,CAAC,UAAU,CAAC;SACvD;QACD,IAAI,WAAW,CAAC,MAAM,EAAE;YACtB,iBAAiB,CAAC,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC;SAC/C;QACD,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACxD,WAAW,CAAC,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,CAAC;IACxF,CAAC;IAED,wBAAwB,CAAC,GAAY,EAAE,SAAkB,EAAE,iBAA0B,EAAE,QAAuD;QAC5I,MAAM,EAAE,GAAG,GAAG,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QACvC,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;QAEpD,CAAC,KAAK,IAAI,EAAE;YACV,IAAG,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE;gBACpC,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;aACtF;iBAAM;gBACL,OAAO;aACR;QACH,CAAC,CAAC,EAAE;aACH,IAAI,CAAC,GAAG,EAAE;YACT,MAAM,OAAO,GAAwB;gBACnC,oBAAoB,EAAE;oBACpB,cAAc,EAAE,sCAAsC;oBACtD,KAAK,EAAE,EAAE;oBACT,UAAU,EAAE,KAAK;oBACjB,eAAe,EAAE,OAAO;oBACxB,kBAAkB,EAAE,gDAAgD;oBACpE,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU;oBACvC,aAAa,EAAG;wBACd,aAAa,EAAG,uCAAuC;wBACvD,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;qBAC7B;iBACF;aACF,CAAC;YAEF,IAAI,SAAS;gBACX,OAAO,CAAC,oBAAoB,CAAC,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC;YAErD,IAAI,UAAU,EAAE;gBACd,OAAO,CAAC,oBAAoB,CAAC,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC;aACrD;YAED,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE;gBACtC,OAAO,CAAC,oBAAoB,CAAC,CAAC,8BAA8B,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;aAC1F;YAED,IAAI,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE;gBACjC,OAAO,CAAC,oBAAoB,CAAC,CAAC,oBAAoB,CAAC,GAAG;oBACpD,cAAc,EAAE,sCAAsC;oBACtD,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,gBAAgB;oBACxC,cAAc,EAAE,MAAM;iBACvB,CAAC;aACH;YAED,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,4BAA4B,EAAE;gBAC9C,MAAM,qBAAqB,GAAe,EAAE,CAAC;gBAC5C,IAAI,CAAC,OAAO,CAAC,YAAyB,CAAC,OAAO,CAAC,UAAS,KAAK;oBAC5D,qBAAqB,CAAC,IAAI,CAAC;wBACvB,aAAa,EAAE,uCAAuC;wBACtD,OAAO,EAAE,KAAK;qBACjB,CAAC,CAAC;gBACL,CAAC,CAAC,CAAC;gBAEH,OAAO,CAAC,oBAAoB,CAAC,CAAC,6BAA6B,CAAC,GAAG;oBAC7D,cAAc,EAAE,sCAAsC;oBACtD,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa;oBACzC,2BAA2B,EAAE,qBAAqB;iBACnD,CAAC;aACH;YAED,IAAI,IAAI,CAAC,OAAO,CAAC,8BAA8B,IAAI,IAAI,EAAE;gBACvD,OAAO,CAAC,oBAAoB,CAAC,CAAC,iCAAiC,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,8BAA8B,CAAC;aAChH;YAED,IAAI,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE;gBAC7B,OAAO,CAAC,oBAAoB,CAAC,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC;aAC5E;YAED,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;gBACxB,MAAM,OAAO,GAAa;oBACxB,cAAc,EAAE,sCAAsC;iBACvD,CAAC;gBAEF,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,KAAK,QAAQ,EAAE;oBACvD,OAAO,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,UAAU,CAAC;iBAC1D;gBAED,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE;oBAChC,OAAO,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,WAA8B,EAAE,EAAE;wBAC7F,MAAM,oBAAoB,GAAa;4BACrC,cAAc,EAAE,sCAAsC;yBACvD,CAAC;wBAEF,IAAI,WAAW,CAAC,OAAO,EAAE;4BACvB,oBAAoB,CAAC,gBAAgB,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,KAAyB,EAAE,EAAE;gCAC7F,MAAM,cAAc,GAAa;oCAC/B,cAAc,EAAE,sCAAsC;iCACvD,CAAC;gCAEF,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,UAAU,CAAC;gCAEjD,IAAI,KAAK,CAAC,IAAI,EAAE;oCACd,cAAc,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC;iCACtC;gCAED,IAAI,KAAK,CAAC,GAAG,EAAE;oCACb,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC;iCACpC;gCAED,OAAO,cAAc,CAAC;4BACxB,CAAC,CAAC,CAAC;yBACJ;wBAED,IAAI,WAAW,CAAC,WAAW,EAAE;4BAC3B,oBAAoB,CAAC,mBAAmB,CAAC,GAAG,WAAW,CAAC,WAAW,CAAC;yBACrE;wBAED,OAAO,oBAAoB,CAAC;oBAC9B,CAAC,CAAC,CAAC;iBACJ;gBAED,IAAI,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE;oBACpC,OAAO,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,WAAW,CAAC;iBACjE;gBAED,OAAO,CAAC,oBAAoB,CAAC,CAAC,eAAe,CAAC,GAAG,OAAO,CAAC;aAC1D;YAED,IAAI,aAAa,GAAG,UAAU,CAAC,MAAM,CAAC,OAAyC,CAAC,CAAC,GAAG,EAAE,CAAC;YACvF,IAAI,iBAAiB,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;gBAChD,aAAa,GAAG,wCAAoB,CAAC,aAAa,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;aACnE;YACD,QAAQ,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QAChC,CAAC,CAAC;aACD,KAAK,CAAC,UAAS,GAAG;YACjB,QAAQ,CAAC,GAAG,CAAC,CAAC;QAChB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,qBAAqB,CAAC,GAAoB;QACxC,MAAM,EAAE,GAAG,GAAG,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAEvC,MAAM,OAAO,GAAG;YACd,qBAAqB,EAAG;gBACtB,cAAc,EAAE,sCAAsC;gBACtD,aAAa,EAAE,uCAAuC;gBACtD,KAAK,EAAE,EAAE;gBACT,UAAU,EAAE,KAAK;gBACjB,eAAe,EAAE,OAAO;gBACxB,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;gBACtC,aAAa,EAAG;oBACd,aAAa,EAAE,uCAAuC;oBACtD,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;iBAC7B;gBACD,aAAa,EAAG;oBACd,SAAS,EAAE,GAAG,CAAC,IAAK,CAAC,YAAY;oBACjC,OAAO,EAAE,GAAG,CAAC,IAAK,CAAC,MAAM;iBAC1B;aACF;SACkB,CAAC;QAEtB,IAAI,GAAG,CAAC,IAAK,CAAC,aAAa,IAAI,IAAI,EAAE;YACnC,OAAO,CAAC,qBAAqB,CAAC,CAAC,aAAa,CAAC,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC,IAAK,CAAC,aAAa,CAAC;SAC3F;QAED,IAAI,GAAG,CAAC,IAAK,CAAC,eAAe,IAAI,IAAI,EAAE;YACrC,OAAO,CAAC,qBAAqB,CAAC,CAAC,aAAa,CAAC,CAAC,kBAAkB,CAAC,GAAG,GAAG,CAAC,IAAK,CAAC,eAAe,CAAC;SAC/F;QAED,IAAI,GAAG,CAAC,IAAK,CAAC,YAAY,EAAE;YAC1B,OAAO,CAAC,qBAAqB,CAAC,CAAC,qBAAqB,CAAC,GAAG;gBACtD,eAAe,EAAE,sCAAsC;gBACvD,OAAO,EAAE,GAAG,CAAC,IAAK,CAAC,YAAY;aAChC,CAAC;SACH;QAED,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,EAAE,OAAO,CAAC;aACjF,IAAI,CAAC;YACJ,OAAO,UAAU,CAAC,MAAM,CAAC,OAAyC,CAAC,CAAC,GAAG,EAAE,CAAC;QAC5E,CAAC,CAAC,CAAC;IACP,CAAC;IAED,sBAAsB,CAAC,GAAY,EAAE,aAAsB;QACzD,MAAM,EAAE,GAAG,GAAG,GAAG,IAAI,CAAC,gBAAgB,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,IAAI,CAAC,eAAe,EAAE,CAAC;QAEvC,MAAM,OAAO,GAAG;YACd,sBAAsB,EAAG;gBACvB,cAAc,EAAE,sCAAsC;gBACtD,aAAa,EAAE,uCAAuC;gBACtD,KAAK,EAAE,EAAE;gBACT,UAAU,EAAE,KAAK;gBACjB,eAAe,EAAE,OAAO;gBACxB,cAAc,EAAE,IAAI,CAAC,OAAO,CAAC,SAAS;gBACtC,eAAe,EAAE,aAAa,CAAC,EAAE;gBACjC,aAAa,EAAG;oBACd,OAAO,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;iBAC7B;gBACD,cAAc,EAAE;oBACd,kBAAkB,EAAE;wBAClB,QAAQ,EAAE,4CAA4C;qBACvD;iBACF;aACF;SACF,CAAC;QAEF,OAAO,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC;IAC1C,CAAC;IAED,YAAY,CAAC,OAAkC,EAAE,QAAuB,EAAE,SAAiB,EAAE,oBAAgD,EAAE,QAAsE;QAEnN,MAAM,kBAAkB,GAAG,CAAC,GAAiB,EAAE,MAAc,EAAE,EAAE;YAC/D,IAAI,GAAG,EAAE;gBACP,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;aACtB;YAED,MAAM,MAAM,GAAG,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;YACzC,IAAI,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC;YAEtD,IAAI,SAAS,KAAK,QAAQ,EAAE;gBAC1B,IAAI,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;oBAC1B,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;iBAClD;aACF;iBAAM,IAAI,SAAS,KAAK,WAAW,EAAE;gBAClC,OAAO,QAAQ,CAAC,IAAI,KAAK,CAAC,qBAAqB,GAAC,SAAS,CAAC,CAAC,CAAC;aAC/D;YAED,MAAM,WAAW,GAA+B,OAAO,CAAC,CAAC,CAAC;gBACxD,WAAW,EAAE,MAAM;aACpB,CAAC,CAAC,CAAC;gBACF,YAAY,EAAE,MAAM;aACrB,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBAC5C,WAAW,CAAC,CAAC,CAAC,GAAG,oBAAoB,CAAC,CAAC,CAAC,CAAC;YAC3C,CAAC,CAAC,CAAC;YACH,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;gBAC3B,IAAI;oBACF,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;wBAC5B,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;qBAClF;oBAED,8BAA8B;oBAC9B,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,CAAC;iBAE/B;gBAAC,OAAO,EAAE,EAAE;oBACX,OAAO,QAAQ,CAAC,EAAE,CAAC,CAAC;iBACrB;aACF;YACD,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBACnC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC;YAEH,2DAA2D;YAC3D,wDAAwD;YACxD,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC;YAErB,QAAQ,CAAC,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC;QACrC,CAAC,CAAC;QAEF,IAAI,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE;YACvC,kBAAkB,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,IAAI,QAAQ,CAAE,EAAE,MAAM,CAAC,CAAC,CAAC;SACvE;aACI;YACH,IAAI,CAAC,UAAU,CAAC,CAAC,OAAO,IAAI,QAAQ,CAAE,EAAE,kBAAkB,CAAC,CAAC;SAC7D;IACH,CAAC;IAED,mBAAmB,CAAC,GAAY,EAAE,SAAiB,EAAE,cAA2C;QAC9F,MAAM,gBAAgB,GAA+B,EAAE,CAAC;QAExD,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,UAAU,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC;QACxF,IAAI,UAAU,EAAE;YACd,gBAAgB,CAAC,UAAU,GAAG,UAAU,CAAC;SAC1C;QAED,MAAM,uBAAuB,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,IAAI,EAAE,CAAC;QACpE,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,OAAO,CAAC,UAAS,CAAC;YACrD,gBAAgB,CAAC,CAAC,CAAC,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,IAAI,uCAAuC,GAA2B,EAAE,CAAC;QACzE,IAAI,SAAS,IAAI,WAAW,EAAE;YAC5B,uCAAuC,GAAG,IAAI,CAAC,OAAO,CAAC,yBAAyB,IAAI,EAAE,CAAC;SACxF;QACD,IAAI,SAAS,IAAI,QAAQ,EAAE;YACzB,uCAAuC,GAAG,IAAI,CAAC,OAAO,CAAC,sBAAsB,IAAI,EAAE,CAAC;SACrF;QAED,MAAM,CAAC,IAAI,CAAC,uCAAuC,CAAC,CAAC,OAAO,CAAC,UAAS,CAAC;YACrE,gBAAgB,CAAC,CAAC,CAAC,GAAG,uCAAuC,CAAC,CAAC,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,cAAc,GAAG,cAAc,IAAI,EAAE,CAAC;QACtC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,UAAS,CAAC;YAC5C,gBAAgB,CAAC,CAAC,CAAC,GAAG,cAAe,CAAC,CAAC,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,OAAO,gBAAgB,CAAC;IAC1B,CAAC;IAED,eAAe,CAAC,GAAY,EAAE,OAA+C,EAAE,QAA0D;QACvI,IAAI,CAAC,wBAAwB,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,KAAK,EAAE,CAAC,GAAiB,EAAE,OAAO,EAAE,EAAE;YAC7F,IAAI,GAAG;gBACL,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;YACvB,MAAM,SAAS,GAAG,WAAW,CAAC;YAC9B,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,SAAS,EAAE,cAAc,CAAC,EAAE,QAAQ,CAAC,CAAC;QAClH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,gBAAgB,CAAC,GAAY,EAAE,QAAqD;QAClF,sGAAsG;QACtG,qGAAqG;QACrG,2BAA2B;QAC3B,MAAM,SAAS,GAAG,UAAS,CAA4G,EAAE,UAAoB;YAC3J,MAAM,cAAc,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC;YACnD,OAAO,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,mCAAmC;iBAChD,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,oCAAoC;iBAC3D,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC,6CAA6C;iBACrE,OAAO,CAAC,IAAI,EAAE,QAAQ,CAAC;iBACvB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;iBACrB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;gBACtB,4CAA4C;gBAC5C,iEAAiE;iBAChE,OAAO,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC,uCAAuC;iBACxE,OAAO,CAAC,SAAS,EAAE,cAAc,CAAC,CAAC;QACxC,CAAC,CAAC;QAEF,MAAM,sBAAsB,GAAG,CAAC,GAAiB,EAAE,MAAe,EAAE,EAAE;YACpE,IAAI,GAAG,EAAE;gBACP,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;aACtB;YAED,MAAM,SAAS,GAAG,WAAW,CAAC;YAC9B,MAAM,oBAAoB,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,SAAS,CAAC,CAAC;YACtE,MAAM,WAAW,GAAoC;gBACnD,WAAW,EAAE,MAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;aACxC,CAAC;YAEF,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;gBAC5C,WAAW,CAAC,CAAC,CAAC,GAAG,oBAAoB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YACjD,CAAC,CAAC,CAAC;YAEH,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE;gBAClD,OAAO,6BAA6B,GAAG,CAAC,GAAG,WAAW,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC;YAC9F,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YAEhB,QAAQ,CAAC,IAAI,EAAE;gBACb,iBAAiB;gBACjB,QAAQ;gBACR,QAAQ;gBACR,wBAAwB;gBACxB,uDAAuD;gBACvD,SAAS;gBACT,4CAA4C;gBAC5C,YAAY;gBACZ,gIAAgI;gBAChI,aAAa;gBACb,8BAA8B,GAAG,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,IAAI;gBAC1E,UAAU;gBACV,wCAAwC;gBACxC,SAAS;gBACT,0DAA0D;gBAC1D,SAAS;gBACT,SAAS;aACV,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC;QAEF,IAAI,CAAC,wBAAwB,CAAC,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,GAAiB,EAAE,OAAgB,EAAE,EAAE;YACrG,IAAI,GAAG,EAAE;gBACP,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;aACtB;YAED,IAAI,IAAI,CAAC,OAAO,CAAC,sBAAsB,EAAE;gBACvC,sBAAsB,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,OAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;aAC7D;iBAAM;gBACL,IAAI,CAAC,UAAU,CAAC,OAAQ,EAAE,sBAAsB,CAAC,CAAC;aACnD;QACH,CAAC,CAAC,CAAC;IAEL,CAAC;IAED,YAAY,CAAC,GAAoB,EAAE,OAA+C,EAAE,QAA0D;QAC5I,OAAO,IAAI,CAAC,qBAAqB,CAAC,GAAG,CAAC;aACnC,IAAI,CAAC,OAAO,CAAC,EAAE;YACd,MAAM,SAAS,GAAG,QAAQ,CAAC;YAC3B,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;YACrE,OAAO,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,SAAS,EAAE,cAAc,CAAC,EAAE,QAAQ,CAAC,CAAC;QACzH,CAAC,CAAC,CAAC;IACP,CAAC;IAED,oBAAoB,CAAC,GAAoB,EAAE,OAA+C,EAAE,QAA0D;QACpJ,MAAM,QAAQ,GAAG,IAAI,CAAC,sBAAsB,CAAC,GAAG,EAAE,GAAG,CAAC,iBAAiB,CAAC,CAAC;QACzE,MAAM,SAAS,GAAG,QAAQ,CAAC;QAC3B,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACrE,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,SAAS,EAAE,cAAc,CAAC,EAAE,QAAQ,CAAC,CAAC;IACnH,CAAC;IAED,SAAS,CAAC,IAAY;QACpB,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAE,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE1C,IAAI,IAAI,CAAC,OAAO,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC;YAC5C,IAAI,GAAG,+BAA+B,GAAG,IAAI,CAAC;QAChD,IAAI,IAAI,CAAC,OAAO,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAC1C,IAAI,GAAG,IAAI,GAAG,+BAA+B,CAAC;QAEhD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;YACtB,OAAO,OAAO,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;SACnC;QACD,IAAI,OAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,UAAU,EAAE;YAC5C,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,IAAoB,CAAC,EAAE;iBACzD,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;gBACd,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;oBACzB,KAAK,GAAG,CAAC,KAAe,CAAC,CAAC;iBAC3B;gBACD,OAAO,OAAO,CAAC,OAAO,CAAC,KAAiB,CAAC,CAAC;YAC5C,CAAC,CAAC,CAAC;SACJ;QACD,IAAI,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;QAC9B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;YACzB,KAAK,GAAG,CAAC,KAAK,CAAC,CAAC;SACjB;QACD,OAAO,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAChC,CAAC;IAED,iGAAiG;IACjG,oCAAoC;IACpC,EAAE;IACF,6FAA6F;IAC7F,iDAAiD;IACjD,iBAAiB,CAAC,OAAe,EAAE,WAAwB,EAAE,KAAe;QAC1E,MAAM,aAAa,GAAG,OAAO;YACT,gCAAgC;YAChC,4DAA4D;YAC5D,qDAAqD,GAAC,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,GAAC,IAAI;YACzF,GAAG,CAAC;QACxB,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;QAC/D,4FAA4F;QAC5F,uBAAuB;QACvB,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;YAC1B,OAAO,KAAK,CAAC;SACd;QAED,MAAM,SAAS,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC;QAChC,OAAO,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE;YAC9B,OAAO,IAAI,CAAC,wBAAwB,CAAC,SAAmB,EAAE,WAAW,EAAE,OAAO,EAAE,WAAW,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;IACL,CAAC;IAEH,2EAA2E;IACzE,wBAAwB,CAAC,SAAwB,EAAE,IAAY,EAAE,OAAe,EAAE,WAAwB;QACxG,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,SAAS,EAAE,CAAC;QACtC,GAAG,CAAC,eAAe,GAAG;YACpB,IAAI,EAAE,EAAE;YACR,UAAU,EAAE,GAAG,CAAC,EAAE,CAAC,uBAAuB;YAC1C,MAAM,EAAE,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;SACrD,CAAC;QACF,SAAS,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;QACzD,GAAG,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAC7B,2FAA2F;QAC3F,wDAAwD;QACxD,IAAI,GAAG,CAAC,UAAU,CAAC,MAAM,IAAI,CAAC;YAC5B,OAAO,KAAK,CAAC;QACf,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,GAAI,CAAC;QACtC,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACjE,0DAA0D;QAC1D,MAAM,WAAW,GAAG,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;QACjE,IAAI,WAAW,CAAC,YAAY,CAAC,WAAW,CAAC,IAAI,KAAK;YAChD,OAAO,KAAK,CAAC;QACf,2FAA2F;QAC3F,+CAA+C;QAC/C,MAAM,oBAAoB,GAAG,SAAS,CAAC,KAAK,CAAC,WAAW,CAAC,aAAa,EACtC,OAAO,GAAG,WAAW,GAAG,IAAI,GAAG,KAAK,GAAG,IAAI,CAAC,CAAC;QAE7E,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE;YACnC,OAAO,KAAK,CAAC;SACd;QACD,qFAAqF;QACrF,OAAO,GAAG,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC;QACrC,OAAO,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAC1C,OAAO,GAAG,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,oBAAoB,CAAC,SAAiC,EAAE,QAAoF;QAC1I,IAAI,GAAW,EAAE,GAAa,EAAE,YAA2B,CAAC;QAE5D,CAAC,KAAK,IAAG,EAAE;YACT,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;YACrE,GAAG,GAAG,IAAI,MAAM,CAAC,SAAS,CAAC,EAC1B,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;YAExB,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,EAAE,iBAAiB,CAAC;gBAC/D,MAAM,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC;YAElE,MAAM,iBAAiB,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,2CAA2C,CAAW,CAAC;YAEtG,IAAI,iBAAiB,EAAE;gBACrB,YAAY,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;gBAEhF,OAAO,IAAI,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC;aAChD;QACH,CAAC,CAAC,EAAE;aACH,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;aAC/B,IAAI,CAAC,KAAK,CAAC,EAAE;YACZ,yDAAyD;YACzD,IAAI,cAAc,GAAG,KAAK,CAAC;YAC3B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,eAAe,EAAE,KAAM,CAAC,EAAE;gBACjF,cAAc,GAAG,IAAI,CAAC;aACvB;YAED,MAAM,UAAU,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,yDAAyD,CAAkB,CAAC;YACpH,MAAM,mBAAmB,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,EACf,kEAAkE,CAAC,CAAC;YAEpG,IAAI,UAAU,CAAC,MAAM,GAAG,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE;gBACtD,8FAA8F;gBAC9F,4FAA4F;gBAC5F,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;aAC3D;YAED,IAAI,UAAU,CAAC,MAAM,IAAI,CAAC,EAAE;gBAC1B,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI;oBACjB,CAAC,cAAc;oBACb,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,KAAM,CAAC,EAAE;oBACzD,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;iBACtC;gBACD,OAAO,IAAI,CAAC,6BAA6B,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,YAAa,EAAE,QAAQ,CAAC,CAAC;aACnG;YAED,IAAI,mBAAmB,CAAC,MAAM,IAAI,CAAC,EAAE;gBACnC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa;oBAC7B,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;gBAEnE,MAAM,qBAAqB,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAEhE,MAAM,aAAa,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;gBAC1D,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,qBAAqB,EAAE,aAAa,CAAC;qBACvF,IAAI,CAAC,CAAC,YAAoB,EAAE,EAAE;oBAC7B,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;oBAC1E,MAAM,mBAAmB,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,EAAE,8BAA8B,CAAkB,CAAC;oBAC3G,IAAI,mBAAmB,CAAC,MAAM,IAAI,CAAC;wBACjC,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;oBAExD,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI;wBACjB,CAAC,cAAc;wBACb,CAAC,IAAI,CAAC,iBAAiB,CAAC,YAAY,EAAE,mBAAmB,CAAC,CAAC,CAAC,EAAE,KAAM,CAAC;wBACzE,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;oBAEhE,IAAI,CAAC,6BAA6B,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,EAAE,GAAG,EAAE,YAAa,EAAE,QAAQ,CAAC,CAAC;gBACtG,CAAC,CAAC,CAAC;aACJ;YAED,iFAAiF;YACjF,yBAAyB;YAEzB,MAAM,YAAY,GAAG;gBACnB,YAAY,EAAE,IAAI;gBAClB,eAAe,EAAE,IAAI;gBACrB,iBAAiB,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC;aACnD,CAAC;YACF,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAC/C,OAAO,MAAM,CAAC,kBAAkB,CAAC,GAAG,CAAC;iBACpC,IAAI,CAAC,GAAG,CAAC,EAAE;gBACV,MAAM,QAAQ,GAAG,GAAG,CAAC,QAAQ,CAAC;gBAC9B,IAAI,QAAQ,EAAE;oBACZ,MAAM,SAAS,GAAG,QAAQ,CAAC,SAAS,CAAC;oBACrC,IAAI,CAAC,SAAS,EAAE;wBACd,MAAM,MAAM,GAAG,QAAQ,CAAC,MAAM,CAAC;wBAC/B,IAAI,MAAM,EAAE;4BACV,MAAM,UAAU,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;4BACxC,IAAI,UAAU,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,8CAA8C,EAAE;gCAC1F,MAAM,gBAAgB,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC;gCAClD,IAAI,gBAAgB,IAAI,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,8CAA8C,EAAE;oCACtG,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE;wCACxC,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;qCACjD;oCACD,OAAO,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;iCACpC;6BACF;4BAED,oFAAoF;4BACpF,gFAAgF;4BAChF,gEAAgE;4BAChE,IAAI,UAAU,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,EAAE;gCACvC,MAAM,OAAO,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;gCACzD,IAAI,OAAO,IAAI,SAAS,EAAE;oCACtB,IAAI,GAAG,GAAG,aAAa,CAAC;oCACxB,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,EAAE;wCAC3B,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;qCACpC;yCAAM,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,EAAE;wCACnC,GAAG,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;qCAC9D;oCACD,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,yBAAyB,GAAG,OAAO,GAAG,UAAU,GAAG,GAAG,CAAC,CAAC;oCAChF,MAAM,WAAW,GAAG;wCAClB,QAAQ,EAAE,QAAQ;wCAClB,QAAQ,EAAE,IAAI;qCACf,CAAC;oCACF,6DAA6D;oCAC7D,KAAK,CAAC,SAAS,GAAG,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;oCACzE,OAAO,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;iCAC9B;6BACF;yBACF;wBACD,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;qBAC3C;iBACF;qBAAM;oBACL,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,cAAc,EAAE;wBACxC,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;qBACzD;oBACD,MAAM,cAAc,GAAG,GAAG,CAAC,cAAc,CAAC;oBAC1C,IAAI,cAAc,EAAC;wBACjB,OAAO,QAAQ,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;qBACnC;yBAAM;wBACL,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;qBAClD;iBACF;YACH,CAAC,CAAC,CAAC;QACP,CAAC,CAAC;aACD,KAAK,CAAC,GAAG,CAAC,EAAE;YACX,KAAK,CAAC,+CAA+C,EAAE,GAAG,CAAC,CAAC;YAC5D,IAAI,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE;gBACrC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,YAAa,CAAC;qBAChF,IAAI,CAAC;oBACJ,QAAQ,CAAC,GAAG,CAAC,CAAC;gBAChB,CAAC,CAAC,CAAC;aACJ;iBAAM;gBACL,QAAQ,CAAC,GAAG,CAAC,CAAC;aACf;QACH,CAAC,CAAC,CAAC;IACL,CAAC;IAED,oBAAoB,CAAC,YAA2B;QAC9C,IAAI,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE;YACrC,IAAI,YAAY,EAAE;gBAChB,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,YAAY,CAAC;qBACjF,IAAI,CAAC,MAAM,CAAC,EAAE;oBACb,IAAI,CAAC,MAAM;wBACT,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;oBAC/C,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;gBAC3B,CAAC,CAAC,CAAC;aACN;iBAAM;gBACL,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC1D;SACF;aAAM;YACL,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;SAC1B;IACH,CAAC;IAED,gBAAgB,CAAC,SAAmB,EAAE,aAA4B,EAAE,QAAoF;QACtJ,MAAM,eAAe,GAAG,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,cAAc,CAAC;QAE/E,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,eAAe,CAAW,EAAE,QAAQ,CAAC,CAAC;QACzE,IAAI,CAAC,UAAU,CAAC,IAAI,EAAE,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE;YACtC,IAAI,GAAG,EAAE;gBACP,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;aACtB;YAED,MAAM,GAAG,GAAG,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC,eAAe,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC;YACxE,MAAM,YAAY,GAAG;gBACnB,YAAY,EAAE,IAAI;gBAClB,eAAe,EAAE,IAAI;gBACrB,iBAAiB,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC;aACnD,CAAC;YACF,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;YAC/C,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,CAAC,GAAiB,EAAE,GAAc,EAAE,EAAE;gBACjE,IAAI,GAAG,EAAE;oBACP,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;iBACtB;gBAED,CAAC,KAAK,IAAI,EAAE;oBACV,OAAO,eAAe,KAAK,cAAc,CAAC,CAAC;wBACzC,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;gBACnE,CAAC,CAAC,EAAE;qBACH,IAAI,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,4BAA4B,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC;qBACvE,IAAI,CAAC,GAAG,EAAE,CAAC,8BAA8B,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;qBACpE,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/B,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,4BAA4B,CAAC,SAAmB,EAAE,aAA4B;QAC5E,MAAM,MAAM,GAAG,aAAc,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,EAAE;YAC/B,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACvE,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;QACnB,CAAC,CAAC;QAEF,IAAI,SAAS,CAAC,SAAS,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;YAC5C,IAAI,SAAS,GAAG,QAAQ,CAAC,aAAa,CAAC,IAAI,QAAQ,CAAC,cAAc,CAAC,CAAC;YAEpE,IAAI,QAAQ,CAAC,YAAY,CAAC,EAAE;gBAC1B,SAAS,IAAI,GAAG,GAAG,QAAQ,CAAC,YAAY,CAAC,CAAC;aAC3C;YAED,SAAS,IAAI,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;YAEtC,OAAO,IAAI,CAAC,YAAY,EAAE;iBACvB,IAAI,CAAC,KAAK,CAAC,EAAE;gBACZ,MAAM,sBAAsB,GAAG,KAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBAChD,OAAO,IAAI,CAAC,4BAA4B,CACtC,SAAS,EAAE,SAAS,CAAC,SAAmB,EAAE,SAAS,CAAC,MAAgB,EAAE,IAAI,CAC3E,CAAC;gBACJ,CAAC,CAAC,CAAC;gBAEH,IAAI,CAAC,sBAAsB,EAAE;oBAC3B,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;iBACtC;YACH,CAAC,CAAC,CAAC;SACN;aAAM;YACL,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;SAC9B;IACH,CAAC;IAED,4BAA4B,CAAC,SAA4B,EAAE,SAAiB,EAAE,GAAW,EAAE,IAAY;QACrG,oFAAoF;QACpF,SAAS,QAAQ,CAAE,OAAe;YAChC,gDAAgD;YAChD,wFAAwF;YACxF,MAAM,UAAU,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,UAAU,EAAC,IAAI,CAAC,CAAC;YAC9D,OAAO,OAAO,CAAC,WAAW,EAAE,KAAK,UAAU,CAAC;QAC9C,CAAC;QACD,MAAM,CAAC,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACjD,IAAI,YAAY,CAAC;QACjB,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE;YACV,YAAY,GAAG,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC;SACtC;aACI;YACH,MAAM,IAAI,KAAK,CAAC,GAAG,GAAG,mBAAmB,CAAC,CAAC;SAC5C;QAED,MAAM,QAAQ,GAAG,MAAM,CAAC,YAAY,CAAC,YAAY,CAAC,CAAC;QACnD,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAE3B,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IACpE,CAAC;IAED,mBAAmB,CAAC,GAAc;QAChC,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;QACrC,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;QACnC,MAAM,UAAU,GAAG,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,IAAI,CAAC,4BAA4B,CAC9C,KAAK,EAAE,UAAU,CAAC,SAAS,EAAE,UAAU,CAAC,YAAY,CACrD,CAAC;QACF,IAAI,MAAM,EAAE;YACV,MAAM,MAAM,CAAC;SACd;IACH,CAAC;IAED,oBAAoB,CAAC,GAAc;QACjC,OAAO,CAAC,KAAK,IAAI,EAAE;YACjB,MAAM,UAAU,GAAG,GAAG,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;YACtE,IAAI,UAAU,KAAK,4CAA4C;gBAC7D,MAAM,IAAI,KAAK,CAAC,mBAAmB,GAAG,UAAU,CAAC,CAAC;YAEpD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YACtC,MAAM,YAAY,GAAG,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,YAAY,CAAC;YACvD,IAAI,YAAY,EAAE;gBAChB,OAAO,IAAI,CAAC,oBAAoB,CAAC,YAAY,CAAC,CAAC;aAChD;YAED,OAAO,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC,CAAC,EAAE,CAAC;IACP,CAAC;IAED,YAAY,CAAC,WAAsB;QACjC,IAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;YACzB,MAAM,MAAM,GAAG,WAAW,CAAC,MAAM,CAAC;YAClC,IAAI,MAAM,EAAE;gBACV,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,SAAS;oBACxC,MAAM,IAAI,KAAK,CAAC,iCAAiC,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,GAAG,aAAa,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aAC7G;iBAAM;gBACL,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;aACxC;SACF;IACH,CAAC;IAED,6BAA6B,CAAC,GAA+B,EAAE,eAAuB,EAAE,YAAoB,EAAE,QAAqG;QACjN,IAAI,GAAG,CAAC;QACR,MAAM,YAAY,GAAG;YACnB,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,IAAI;YACrB,iBAAiB,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC;SACnD,CAAC;QACF,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,OAAO,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,EAAa,CAAC;QAC9B,IAAI,SAAoB,CAAC;QACzB,IAAI,eAA0B,CAAC;QAC/B,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC/C,MAAM,CAAC,kBAAkB,CAAC,GAAG,CAAC;aAC7B,IAAI,CAAC,CAAC,GAAc,EAAE,EAAE;YACvB,eAAe,GAAG,GAAG,CAAC;YACtB,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;YAE1B,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;YAChC,IAAI,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;gBACzB,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;aAC9B;YAED,IAAI,YAAY,EAAE;gBAChB,OAAO,CAAC,YAAY,GAAG,YAAY,CAAC;aACrC;YAED,MAAM,cAAc,GAAG,SAAS,CAAC,cAAc,CAAC;YAChD,IAAI,cAAc,EAAE;gBAClB,IAAI,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,EAAE;oBAC3D,OAAO,CAAC,YAAY,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC;iBACzD;aACF;YAED,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC;YAClC,IAAI,mBAAmB,EAAE,WAAW,CAAC;YACrC,IAAI,OAAO,EAAE;gBACX,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;gBACjC,IAAI,MAAM,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;oBACzB,OAAO,CAAC,MAAM,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAE7B,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE;wBACrC,OAAO,CAAC,YAAY,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;wBAC1C,OAAO,CAAC,aAAa,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC;wBAClD,OAAO,CAAC,eAAe,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;qBACvD;iBACF;gBAED,mBAAmB,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC;oBAChC,OAAO,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC/D,WAAW,GAAG,mBAAmB,IAAI,mBAAmB,CAAC,uBAAuB,CAAC,CAAC;oBACpE,mBAAmB,CAAC,uBAAuB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;gBACpE,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,mBAAmB,IAAI,OAAO,CAAC,CAAC,CAAC,CAAC,mBAAmB,CAAC,MAAM,GAAG,CAAC,EAAE;oBAC/E,GAAG,GAAG,mEAAmE,CAAC;oBAC1E,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;iBACtB;gBAED,IAAI,mBAAmB,EAAE;oBACvB,IAAI,WAAW,IAAI,WAAW,CAAC,CAAC,EAAE;wBAChC,MAAM,gBAAgB,GAAG,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;wBACjD,MAAM,mBAAmB,GAAG,WAAW,CAAC,CAAC,CAAC,YAAY,CAAC;wBAEvD,MAAM,OAAO,GAAG,IAAI,CAAC,4BAA4B,CACjC,KAAK,EAAE,gBAAgB,EAAE,mBAAmB,CAAC,CAAC;wBAC9D,IAAI,OAAO,EAAE;4BACX,MAAM,OAAO,CAAC;yBACf;qBACF;iBACF;aACF;YAED,iFAAiF;YACjF,mDAAmD;YACnD,IAAI,IAAI,CAAC,OAAO,CAAC,oBAAoB,EAAE;gBACrC,IAAI,mBAAmB,EAAE;oBACvB,IAAI,WAAW,IAAI,WAAW,CAAC,CAAC,EAAE;wBAChC,MAAM,mBAAmB,GAAG,WAAW,CAAC,CAAC,CAAC,YAAY,CAAC;wBACvD,IAAI,YAAY,IAAI,mBAAmB,IAAI,mBAAmB,IAAI,YAAY,EAAE;4BAC9E,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,YAAY,CAAC;iCACpF,IAAI,CAAC,GAAG,EAAE;gCACT,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;4BAC/C,CAAC,CAAC,CAAC;yBACN;6BAAM,IAAI,mBAAmB,EAAE;4BAC9B,IAAI,sBAAsB,GAAG,KAAK,CAAC;4BACnC,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,mBAAmB,CAAC;iCACxF,IAAI,CAAC,MAAM,CAAC,EAAE;gCACb,IAAI,MAAM,EAAE;oCACV,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,MAAM,CAAC,CAAC;oCACnC,IAAI,KAAK,GAAG,SAAS,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,2BAA2B;wCACxE,sBAAsB,GAAG,IAAI,CAAC;iCACjC;gCACD,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,YAAY,CAAC,CAAC;4BAC1F,CAAC,CAAC;iCACD,IAAI,CAAC,GAAG,EAAE;gCACT,IAAI,CAAC,sBAAsB,EAAE;oCAC3B,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;iCAC9C;gCACD,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;4BAC3B,CAAC,CAAC,CAAC;yBACN;qBACF;iBACF;qBAAM;oBACL,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,YAAY,CAAC,CAAC;oBACjF,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;iBAC1B;aACF;iBAAM;gBACL,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;aAC1B;QACH,CAAC,CAAC;aACD,IAAI,CAAC,GAAG,EAAE;YACT,MAAM,UAAU,GAAG,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;YACzE,IAAI,SAAS,CAAC,UAAU,IAAI,SAAS,CAAC,UAAU,CAAC,MAAM,GAAG,CAAC,EAAE;gBAC3D,GAAG,GAAG,yDAAyD,CAAC;gBAChE,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC;aACtB;YACD,IAAG,UAAU,IAAI,UAAU,CAAC,CAAC,EAAE;gBAC7B,MAAM,MAAM,GAAG,IAAI,CAAC,4BAA4B,CAClC,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;gBACxE,IAAG,MAAM;oBACP,MAAM,MAAM,CAAC;aAChB;YAED,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;gBACzB,MAAM,WAAW,GAAG,IAAI,CAAC,0BAA0B,CACrC,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,UAAU,CAAC,mBAAmB,CAAC,CAAC;gBACrE,IAAG,WAAW;oBACZ,MAAM,WAAW,CAAC;aACrB;YAED,MAAM,kBAAkB,GAAG,SAAS,CAAC,kBAAkB,CAAC;YACxD,IAAI,kBAAkB,EAAE;gBACtB,MAAM,UAAU,GAAgB,EAAE,CAAC,MAAM,CAAC,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC,IAAe,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;qBAC7E,GAAG,CAAC,CAAC,IAAe,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;gBAEvF,MAAM,eAAe,GAAG,CAAC,KAAgB,EAAE,EAAE;oBAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAC,EAAE,GAAG,OAAO,CAAC,GAAG,KAAG,GAAG,IAAI,GAAG,KAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC1F,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;gBACzC,CAAC,CAAC;gBAEF,IAAI,UAAU,EAAE;oBACd,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE;wBAC/B,IAAG,CAAC,MAAM,CAAC,SAAS,CAAC,cAAc,CAAC,IAAI,CAAC,SAAS,EAAE,gBAAgB,CAAC,EAAE;4BACnE,sDAAsD;4BACtD,OAAO;yBACR;wBACD,MAAM,KAAK,GAAG,SAAS,CAAC,cAAc,CAAC;wBACvC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;4BACtB,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;yBACvD;6BAAM;4BACL,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;yBACxD;oBACH,CAAC,CAAC,CAAC;iBACJ;aACF;YAED,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,OAAO,CAAC,mCAAmC,CAAC,EAAE;gBACjE,qFAAqF;gBACrF,mCAAmC;gBACnC,OAAO,CAAC,IAAI,GAAG,OAAO,CAAC,mCAAmC,CAAC,CAAC;aAC7D;YAED,IAAI,CAAC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,IAAI,EAAE;gBAClC,OAAO,CAAC,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC;aAC9B;YAED,OAAO,CAAC,eAAe,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;YAC/C,OAAO,CAAC,YAAY,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC;YAC7C,OAAO,CAAC,kBAAkB,GAAG,GAAG,EAAE,CAAC,eAAe,CAAC;YAEnD,QAAQ,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACjC,CAAC,CAAC;aACD,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/B,CAAC;IAED,4BAA4B,CAAC,KAAa,EAAE,SAAiB,EAAE,YAAoB;QACjF,IAAI,IAAI,CAAC,OAAO,CAAC,mBAAmB,IAAI,CAAC,CAAC;YACtC,OAAO,IAAI,CAAC;QAEhB,IAAI,SAAS,EAAE;YACb,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YAC1C,IAAI,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,mBAAmB,GAAG,WAAW;gBACtD,OAAO,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;SACtD;QACD,IAAI,YAAY,EAAE;YAChB,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAChD,IAAI,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,mBAAmB,IAAI,cAAc;gBAC5D,OAAO,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;SAC9C;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,0BAA0B,CAAC,gBAAwB,EAAE,oBAA8C;QACjG,IAAI,CAAC,oBAAoB,IAAI,oBAAoB,CAAC,MAAM,GAAG,CAAC,EAAE;YAC5D,OAAO,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;SAC/D;QACD,MAAM,MAAM,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE;YACtD,IAAI,CAAC,WAAW,CAAC,QAAQ,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE;gBACnF,OAAO,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;aAC9E;YACD,IAAI,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,gBAAgB,EAAE;gBAClD,OAAO,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACtD;YACD,OAAO,IAAI,CAAC;QACd,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE;YACjB,OAAO,MAAM,KAAK,IAAI,CAAC;QACzB,CAAC,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE;YACrB,OAAO,MAAM,CAAC,CAAC,CAAC,CAAC;SAClB;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,mBAAmB,CAAC,SAAiC,EAAE,QAA6E;QAClI,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC1E,MAAM,GAAG,GAAG,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;QACxD,MAAM,YAAY,GAAG;YACnB,YAAY,EAAE,IAAI;YAClB,eAAe,EAAE,IAAI;YACrB,iBAAiB,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC;SACnD,CAAC;QACF,MAAM,MAAM,GAAG,IAAI,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;QAC/C,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,CAAC,GAAiB,EAAE,GAAc,EAAE,EAAE;YAC5D,IAAI,GAAG,EAAE;gBACP,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC;aACtB;YAED,IAAI,CAAC,YAAY,EAAE;iBAClB,IAAI,CAAC,KAAK,CAAC,EAAE;gBACZ,yDAAyD;gBACzD,IAAI,IAAI,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,CAAC,eAAe,EAAE,KAAM,CAAC,EAAE;oBAClF,OAAO,QAAQ,CAAC,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;iBACpE;gBAED,+BAA+B,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;YAC5D,CAAC,CAAC;iBACD,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,CAAC,IAAU,EAAE,GAAS,EAAE,QAAyD;QACxF,MAAM,OAAO,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,2DAA2D,CAAW,CAAC;QAC5G,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,EACtC,gEAAgE,CAAW,CAAC;QAE9E,IAAI,OAAO,CAAC,MAAM,GAAG,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;YAC5C,OAAO,QAAQ,CAAC,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC;SACrD;QACD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;YACxB,OAAO,kBAAkB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;SACjD;QACD,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE;YAC7B,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE;gBAC/B,OAAO,QAAQ,CAAC,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAC;aAC7E;YAED,MAAM,cAAc,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,mCAAmC,CAAC,CAAC;YAE7F,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE;gBAC/B,OAAO,QAAQ,CAAC,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC;aACrD;YACD,MAAM,gBAAgB,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YAEtD,MAAM,aAAa,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC1D,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,gBAAgB,EAAE,aAAa,CAAC;iBAChF,IAAI,CAAC,UAAU,YAAoB;gBAClC,MAAM,YAAY,GAAG,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;gBAC1E,MAAM,YAAY,GAAG,SAAS,CAAC,KAAK,CAAC,YAAY,EAAE,2BAA2B,CAAW,CAAC;gBAC1F,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE;oBAC7B,OAAO,QAAQ,CAAC,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC,CAAC;iBAClE;gBACD,OAAO,kBAAkB,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;YACvD,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAU,EAAE,EAAE;gBACpB,QAAQ,CAAC,GAAG,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;SACN;QACD,QAAQ,CAAC,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,+BAA+B,CAAE,cAA6B,EAAE,WAA2B;QACzF,MAAM,QAAQ,GAAuB;YACnC,kBAAkB,EAAG;gBACnB,QAAQ,EAAE,sCAAsC;gBAChD,WAAW,EAAE,oCAAoC;gBACjD,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM;gBAChC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;gBAC9C,iBAAiB,EAAG;oBAClB,6BAA6B,EAAE,sCAAsC;iBACtE;aACF;SACF,CAAC;QAEF,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE;YAC9B,IAAI,CAAC,cAAc,EAAE;gBACnB,MAAM,IAAI,KAAK,CACb,kFAAkF,CAAC,CAAC;aACvF;SACF;QACD,IAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAC;YACzB,IAAG,CAAC,WAAW,EAAC;gBACd,MAAM,IAAI,KAAK,CACb,qFAAqF,CAAC,CAAC;aAC1F;SACF;QAED,IAAG,IAAI,CAAC,OAAO,CAAC,aAAa,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAC;YACvD,QAAQ,CAAC,gBAAgB,CAAC,eAAe,CAAC,aAAa,GAAC,EAAE,CAAC;YAC3D,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;gBAE3B,WAAW,GAAG,WAAY,CAAC,OAAO,CAAE,6BAA6B,EAAE,EAAE,CAAE,CAAC;gBACxE,WAAW,GAAG,WAAW,CAAC,OAAO,CAAE,2BAA2B,EAAE,EAAE,CAAE,CAAC;gBACrE,WAAW,GAAG,WAAW,CAAC,OAAO,CAAE,OAAO,EAAE,IAAI,CAAE,CAAC;gBAEnD,QAAQ,CAAC,gBAAgB,CAAC,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC;oBAC3D,MAAM,EAAE,SAAS;oBACjB,YAAY,EAAG;wBACb,aAAa,EAAG;4BACd,oBAAoB,EAAE;gCACpB,OAAO,EAAE,WAAW;6BACrB;yBACF;qBACF;iBACF,CAAC,CAAC;aACJ;YAED,IAAI,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE;gBAE9B,cAAc,GAAG,cAAe,CAAC,OAAO,CAAE,6BAA6B,EAAE,EAAE,CAAE,CAAC;gBAC9E,cAAc,GAAG,cAAc,CAAC,OAAO,CAAE,2BAA2B,EAAE,EAAE,CAAE,CAAC;gBAC3E,cAAc,GAAG,cAAc,CAAC,OAAO,CAAE,OAAO,EAAE,IAAI,CAAE,CAAC;gBAEzD,QAAQ,CAAC,gBAAgB,CAAC,eAAe,CAAC,aAAa,CAAC,IAAI,CAAC;oBAC3D,MAAM,EAAE,YAAY;oBACpB,YAAY,EAAG;wBACb,aAAa,EAAG;4BACd,oBAAoB,EAAE;gCACpB,OAAO,EAAE,cAAc;6BACxB;yBACF;qBACF;oBACD,kBAAkB,EAAG;wBACnB,0DAA0D;wBAC1D,EAAE,YAAY,EAAE,6CAA6C,EAAE;wBAC/D,EAAE,YAAY,EAAE,6CAA6C,EAAE;wBAC/D,EAAE,YAAY,EAAE,gDAAgD,EAAE;qBACnE;iBACF,CAAC,CAAC;aACJ;SACF;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE;YAClC,QAAQ,CAAC,gBAAgB,CAAC,eAAe,CAAC,mBAAmB,GAAG;gBAC9D,UAAU,EAAE,gDAAgD;gBAC5D,WAAW,EAAE,IAAI,CAAC,OAAO,CAAC,iBAAiB;aAC5C,CAAC;SACH;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,gBAAgB,EAAE;YACjC,QAAQ,CAAC,gBAAgB,CAAC,eAAe,CAAC,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,gBAAgB,CAAC;SACxF;QAED,QAAQ,CAAC,gBAAgB,CAAC,eAAe,CAAC,wBAAwB,GAAG;YACnE,QAAQ,EAAE,GAAG;YACb,YAAY,EAAE,MAAM;YACpB,UAAU,EAAE,gDAAgD;YAC5D,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC;SACrC,CAAC;QACF,OAAO,UAAU,CAAC,MAAM,CAAC,QAA0C,CAAC,CAAC,GAAG,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1H,CAAC;IAED,QAAQ,CAAC,GAAmB;;QAC1B,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,GAAG,CAAC;QAEhD,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,GAAG,CAAC;QAEnC,MAAM,UAAU,GAAG;YACjB,6BAA6B;YAC7B,GAAG,OAAC,GAAG,CAAC,KAAK,CAAC,UAAU,CAAC,mCAAI,EAAE,CAAC;YAChC,2BAA2B;YAC3B,EAAE;SACH,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,OAAO,UAAU,CAAC;IACpB,CAAC;IAED,iBAAiB,CAAC,GAAY;QAC5B,6DAA6D;QAC7D,oFAAoF;QACpF,+EAA+E;QAC/E,OAAO,GAAG,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IACrC,CAAC;IAED,YAAY,CAAC,GAAW;QACtB,wDAAwD;QACxD,8HAA8H;QAC9H,OAAO,IAAI,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;IAClE,CAAC;CACF;AAEQ,oBAAI","sourcesContent":["import Debug from 'debug';\nconst debug = Debug('passport-saml');\nimport * as zlib from 'zlib';\nimport * as xml2js from 'xml2js';\nimport * as xmlCrypto from 'xml-crypto';\nimport * as crypto from 'crypto';\nimport * as xmldom from 'xmldom';\nimport * as url from 'url';\nimport * as querystring from 'querystring';\nimport * as xmlbuilder from 'xmlbuilder';\nimport * as xmlenc from 'xml-encryption';\nimport * as util from 'util';\nimport {CacheProvider as InMemoryCacheProvider} from './inmemory-cache-provider';\nimport * as algorithms from './algorithms';\nimport { signAuthnRequestPost } from './saml-post-signing';\nimport type { Request } from 'express';\nimport { ParsedQs } from 'qs';\nimport { AudienceRestrictionXML,\n AuthenticateOptions,\n AuthorizeOptions,\n AuthorizeRequestXML,\n CertCallback,\n LogoutRequestXML,\n Profile,\n RequestWithUser,\n SAMLOptions,\n SamlIDPListConfig,\n SamlIDPEntryConfig,\n SamlScopingConfig,\n ServiceMetadataXML,\n XMLInput,\n XMLObject,\n XMLOutput,\n XMLValue\n } from './types';\nconst { xpath } = xmlCrypto;\n\ninterface NameID {\n value: string | null;\n format: string | null;\n}\n\nfunction processValidlySignedPostRequest(self: SAML, doc: XMLOutput, dom: Document, callback: (err: Error | null, profile?: Profile, loggedOut?: boolean) => void) {\n const request = doc.LogoutRequest;\n if (request) {\n const profile = {} as Profile;\n if (request.$.ID) {\n profile.ID = request.$.ID;\n } else {\n return callback(new Error('Missing SAML LogoutRequest ID'));\n }\n const issuer = request.Issuer;\n if (issuer && issuer[0]._) {\n profile.issuer = issuer[0]._;\n } else {\n return callback(new Error('Missing SAML issuer'));\n }\n self.getNameID(self, dom, function (err, nameID) {\n if(err) {\n return callback(err);\n }\n\n if (nameID) {\n profile.nameID = nameID.value;\n if (nameID.format) {\n profile.nameIDFormat = nameID.format;\n }\n } else {\n return callback(new Error('Missing SAML NameID'));\n }\n const sessionIndex = request.SessionIndex;\n if (sessionIndex) {\n profile.sessionIndex = sessionIndex[0]._;\n }\n callback(null, profile, true);\n });\n } else {\n return callback(new Error('Unknown SAML request message'));\n }\n}\n\n\nfunction processValidlySignedSamlLogout(self: SAML, doc: XMLOutput, dom: Document, callback: (err: Error | null, profile?: Profile | null | undefined, loggedOut?: boolean | undefined) => void) {\n const response = doc.LogoutResponse;\n const request = doc.LogoutRequest;\n\n if (response){\n return callback(null, null, true);\n } else if (request) {\n processValidlySignedPostRequest(self, doc, dom, callback);\n } else {\n throw new Error('Unknown SAML response message');\n }\n}\n\nfunction callBackWithNameID(nameid: Node, callback: (err: Error | null, value: NameID) => void) {\n const format = xmlCrypto.xpath(nameid, \"@Format\") as Node[];\n return callback(null, {\n value: nameid.textContent,\n format: format && format[0] && format[0].nodeValue\n });\n}\n\nclass SAML {\n options: SAMLOptions;\n cacheProvider: InMemoryCacheProvider;\n\n constructor(options: Partial) {\n this.options = this.initialize(options);\n this.cacheProvider = this.options.cacheProvider;\n }\n initialize(options: Partial): SAMLOptions {\n if (!options) {\n options = {};\n }\n\n if (options.privateCert) {\n console.warn(\"options.privateCert has been deprecated; use options.privateKey instead.\");\n\n if (options.privateKey == null) {\n options.privateKey = options.privateCert;\n }\n }\n\n if (options.RACComparison) {\n console.warn(\"options.RACComparison has been deprecated; use options.racComparison instead.\")\n\n if (options.racComparison == null) {\n options.racComparison = options.RACComparison;\n }\n }\n\n if (options.disableRequestACSUrl) {\n console.warn(\"options.disableRequestACSUrl has been deprecated; use options.disableRequestAcsUrl instead.\")\n\n if (options.disableRequestAcsUrl == null) {\n options.disableRequestAcsUrl = options.disableRequestACSUrl;\n }\n }\n\n if (Object.prototype.hasOwnProperty.call(options, 'cert') && !options.cert) {\n throw new Error('Invalid property: cert must not be empty');\n }\n\n if (!options.path) {\n options.path = '/saml/consume';\n }\n\n if (!options.host) {\n options.host = 'localhost';\n }\n\n if (!options.issuer) {\n options.issuer = 'onelogin_saml';\n }\n\n if (options.identifierFormat === undefined) {\n options.identifierFormat = \"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\";\n }\n\n if (options.authnContext === undefined) {\n options.authnContext = \"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport\";\n }\n\n if (!Array.isArray(options.authnContext)) {\n options.authnContext = [options.authnContext];\n }\n\n if (!options.acceptedClockSkewMs) {\n // default to no skew\n options.acceptedClockSkewMs = 0;\n }\n\n if(!options.validateInResponseTo){\n options.validateInResponseTo = false;\n }\n\n if(!options.requestIdExpirationPeriodMs){\n options.requestIdExpirationPeriodMs = 28800000; // 8 hours\n }\n\n if(!options.cacheProvider){\n options.cacheProvider = new InMemoryCacheProvider(\n {keyExpirationPeriodMs: options.requestIdExpirationPeriodMs });\n }\n\n if (!options.logoutUrl) {\n // Default to Entry Point\n options.logoutUrl = options.entryPoint || '';\n }\n\n // sha1, sha256, or sha512\n if (!options.signatureAlgorithm) {\n options.signatureAlgorithm = 'sha1';\n }\n\n /**\n * List of possible values:\n * - exact : Assertion context must exactly match a context in the list\n * - minimum: Assertion context must be at least as strong as a context in the list\n * - maximum: Assertion context must be no stronger than a context in the list\n * - better: Assertion context must be stronger than all contexts in the list\n */\n if (!options.racComparison || ['exact','minimum','maximum','better'].indexOf(options.racComparison) === -1){\n options.racComparison = 'exact';\n }\n\n return options as SAMLOptions;\n }\n\n getProtocol(req: Request | {headers?: undefined, protocol?: undefined}) {\n return this.options.protocol || (req.protocol || 'http').concat('://');\n }\n\n getCallbackUrl(req: Request | {headers?: undefined, protocol?: undefined}) {\n // Post-auth destination\n if (this.options.callbackUrl) {\n return this.options.callbackUrl;\n } else {\n let host;\n if (req.headers) {\n host = req.headers.host;\n } else {\n host = this.options.host;\n }\n return this.getProtocol(req) + host + this.options.path;\n }\n }\n\n generateUniqueID () {\n return crypto.randomBytes(10).toString('hex');\n }\n\n generateInstant() {\n return new Date().toISOString();\n }\n\n signRequest(samlMessage: querystring.ParsedUrlQueryInput) {\n const samlMessageToSign: querystring.ParsedUrlQueryInput = {};\n samlMessage.SigAlg = algorithms.getSigningAlgorithm(this.options.signatureAlgorithm);\n const signer = algorithms.getSigner(this.options.signatureAlgorithm);\n if (samlMessage.SAMLRequest) {\n samlMessageToSign.SAMLRequest = samlMessage.SAMLRequest;\n }\n if (samlMessage.SAMLResponse) {\n samlMessageToSign.SAMLResponse = samlMessage.SAMLResponse;\n }\n if (samlMessage.RelayState) {\n samlMessageToSign.RelayState = samlMessage.RelayState;\n }\n if (samlMessage.SigAlg) {\n samlMessageToSign.SigAlg = samlMessage.SigAlg;\n }\n signer.update(querystring.stringify(samlMessageToSign));\n samlMessage.Signature = signer.sign(this.keyToPEM(this.options.privateKey), 'base64');\n }\n\n generateAuthorizeRequest(req: Request, isPassive: boolean, isHttpPostBinding: boolean, callback: (err: Error | null, request?: string) => void) {\n const id = \"_\" + this.generateUniqueID();\n const instant = this.generateInstant();\n const forceAuthn = this.options.forceAuthn || false;\n\n (async () => {\n if(this.options.validateInResponseTo) {\n return util.promisify(this.cacheProvider.save).bind(this.cacheProvider)(id, instant);\n } else {\n return;\n }\n })()\n .then(() => {\n const request: AuthorizeRequestXML = {\n 'samlp:AuthnRequest': {\n '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',\n '@ID': id,\n '@Version': '2.0',\n '@IssueInstant': instant,\n '@ProtocolBinding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',\n '@Destination': this.options.entryPoint,\n 'saml:Issuer' : {\n '@xmlns:saml' : 'urn:oasis:names:tc:SAML:2.0:assertion',\n '#text': this.options.issuer\n }\n }\n };\n\n if (isPassive)\n request['samlp:AuthnRequest']['@IsPassive'] = true;\n\n if (forceAuthn) {\n request['samlp:AuthnRequest']['@ForceAuthn'] = true;\n }\n\n if (!this.options.disableRequestAcsUrl) {\n request['samlp:AuthnRequest']['@AssertionConsumerServiceURL'] = this.getCallbackUrl(req);\n }\n\n if (this.options.identifierFormat) {\n request['samlp:AuthnRequest']['samlp:NameIDPolicy'] = {\n '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',\n '@Format': this.options.identifierFormat,\n '@AllowCreate': 'true'\n };\n }\n\n if (!this.options.disableRequestedAuthnContext) {\n const authnContextClassRefs: XMLInput[] = [];\n (this.options.authnContext as string[]).forEach(function(value) {\n authnContextClassRefs.push({\n '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',\n '#text': value\n });\n });\n\n request['samlp:AuthnRequest']['samlp:RequestedAuthnContext'] = {\n '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',\n '@Comparison': this.options.racComparison,\n 'saml:AuthnContextClassRef': authnContextClassRefs\n };\n }\n\n if (this.options.attributeConsumingServiceIndex != null) {\n request['samlp:AuthnRequest']['@AttributeConsumingServiceIndex'] = this.options.attributeConsumingServiceIndex;\n }\n\n if (this.options.providerName) {\n request['samlp:AuthnRequest']['@ProviderName'] = this.options.providerName;\n }\n\n if (this.options.scoping) {\n const scoping: XMLInput = {\n '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',\n };\n\n if (typeof this.options.scoping.proxyCount === 'number') {\n scoping['@ProxyCount'] = this.options.scoping.proxyCount;\n }\n\n if (this.options.scoping.idpList) {\n scoping['samlp:IDPList'] = this.options.scoping.idpList.map((idpListItem: SamlIDPListConfig) => {\n const formattedIdpListItem: XMLInput = {\n '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',\n };\n\n if (idpListItem.entries) {\n formattedIdpListItem['samlp:IDPEntry'] = idpListItem.entries.map((entry: SamlIDPEntryConfig) => {\n const formattedEntry: XMLInput = {\n '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',\n };\n\n formattedEntry['@ProviderID'] = entry.providerId;\n\n if (entry.name) {\n formattedEntry['@Name'] = entry.name;\n }\n\n if (entry.loc) {\n formattedEntry['@Loc'] = entry.loc;\n }\n\n return formattedEntry;\n });\n }\n\n if (idpListItem.getComplete) {\n formattedIdpListItem['samlp:GetComplete'] = idpListItem.getComplete;\n }\n\n return formattedIdpListItem;\n });\n }\n\n if (this.options.scoping.requesterId) {\n scoping['samlp:RequesterID'] = this.options.scoping.requesterId;\n }\n\n request['samlp:AuthnRequest']['samlp:Scoping'] = scoping;\n }\n\n let stringRequest = xmlbuilder.create(request as unknown as Record).end();\n if (isHttpPostBinding && this.options.privateKey) {\n stringRequest = signAuthnRequestPost(stringRequest, this.options);\n }\n callback(null, stringRequest);\n })\n .catch(function(err){\n callback(err);\n });\n }\n\n generateLogoutRequest(req: RequestWithUser) {\n const id = \"_\" + this.generateUniqueID();\n const instant = this.generateInstant();\n\n const request = {\n 'samlp:LogoutRequest' : {\n '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',\n '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',\n '@ID': id,\n '@Version': '2.0',\n '@IssueInstant': instant,\n '@Destination': this.options.logoutUrl,\n 'saml:Issuer' : {\n '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',\n '#text': this.options.issuer\n },\n 'saml:NameID' : {\n '@Format': req.user!.nameIDFormat,\n '#text': req.user!.nameID\n }\n }\n } as LogoutRequestXML;\n\n if (req.user!.nameQualifier != null) {\n request['samlp:LogoutRequest']['saml:NameID']['@NameQualifier'] = req.user!.nameQualifier;\n }\n\n if (req.user!.spNameQualifier != null) {\n request['samlp:LogoutRequest']['saml:NameID']['@SPNameQualifier'] = req.user!.spNameQualifier;\n }\n\n if (req.user!.sessionIndex) {\n request['samlp:LogoutRequest']['saml2p:SessionIndex'] = {\n '@xmlns:saml2p': 'urn:oasis:names:tc:SAML:2.0:protocol',\n '#text': req.user!.sessionIndex\n };\n }\n\n return util.promisify(this.cacheProvider.save).bind(this.cacheProvider)(id, instant)\n .then(function() {\n return xmlbuilder.create(request as unknown as Record).end();\n });\n }\n\n generateLogoutResponse(req: Request, logoutRequest: Profile) {\n const id = \"_\" + this.generateUniqueID();\n const instant = this.generateInstant();\n\n const request = {\n 'samlp:LogoutResponse' : {\n '@xmlns:samlp': 'urn:oasis:names:tc:SAML:2.0:protocol',\n '@xmlns:saml': 'urn:oasis:names:tc:SAML:2.0:assertion',\n '@ID': id,\n '@Version': '2.0',\n '@IssueInstant': instant,\n '@Destination': this.options.logoutUrl,\n '@InResponseTo': logoutRequest.ID,\n 'saml:Issuer' : {\n '#text': this.options.issuer\n },\n 'samlp:Status': {\n 'samlp:StatusCode': {\n '@Value': 'urn:oasis:names:tc:SAML:2.0:status:Success'\n }\n }\n }\n };\n\n return xmlbuilder.create(request).end();\n }\n\n requestToUrl(request: string | null | undefined, response: string | null, operation: string, additionalParameters: querystring.ParsedUrlQuery, callback: (err: Error | null, url?: string | null | undefined) => void) {\n\n const requestToUrlHelper = (err: Error | null, buffer: Buffer) => {\n if (err) {\n return callback(err);\n }\n\n const base64 = buffer.toString('base64');\n let target = url.parse(this.options.entryPoint, true);\n\n if (operation === 'logout') {\n if (this.options.logoutUrl) {\n target = url.parse(this.options.logoutUrl, true);\n }\n } else if (operation !== 'authorize') {\n return callback(new Error(\"Unknown operation: \"+operation));\n }\n\n const samlMessage: querystring.ParsedUrlQuery = request ? {\n SAMLRequest: base64\n } : {\n SAMLResponse: base64\n };\n Object.keys(additionalParameters).forEach(k => {\n samlMessage[k] = additionalParameters[k];\n });\n if (this.options.privateKey) {\n try {\n if (!this.options.entryPoint) {\n throw new Error('\"entryPoint\" config parameter is required for signed messages');\n }\n\n // sets .SigAlg and .Signature\n this.signRequest(samlMessage);\n\n } catch (ex) {\n return callback(ex);\n }\n }\n Object.keys(samlMessage).forEach(k => {\n target.query[k] = samlMessage[k];\n });\n\n // Delete 'search' to for pulling query string from 'query'\n // https://nodejs.org/api/url.html#url_url_format_urlobj\n target.search = null;\n\n callback(null, url.format(target));\n };\n\n if (this.options.skipRequestCompression) {\n requestToUrlHelper(null, Buffer.from((request || response)!, 'utf8'));\n }\n else {\n zlib.deflateRaw((request || response)!, requestToUrlHelper);\n }\n }\n\n getAdditionalParams(req: Request, operation: string, overrideParams?: querystring.ParsedUrlQuery) {\n const additionalParams: querystring.ParsedUrlQuery = {};\n\n const RelayState = req.query && req.query.RelayState || req.body && req.body.RelayState;\n if (RelayState) {\n additionalParams.RelayState = RelayState;\n }\n\n const optionsAdditionalParams = this.options.additionalParams || {};\n Object.keys(optionsAdditionalParams).forEach(function(k) {\n additionalParams[k] = optionsAdditionalParams[k];\n });\n\n let optionsAdditionalParamsForThisOperation: Record = {};\n if (operation == \"authorize\") {\n optionsAdditionalParamsForThisOperation = this.options.additionalAuthorizeParams || {};\n }\n if (operation == \"logout\") {\n optionsAdditionalParamsForThisOperation = this.options.additionalLogoutParams || {};\n }\n\n Object.keys(optionsAdditionalParamsForThisOperation).forEach(function(k) {\n additionalParams[k] = optionsAdditionalParamsForThisOperation[k];\n });\n\n overrideParams = overrideParams || {};\n Object.keys(overrideParams).forEach(function(k) {\n additionalParams[k] = overrideParams![k];\n });\n\n return additionalParams;\n }\n\n getAuthorizeUrl(req: Request, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void) {\n this.generateAuthorizeRequest(req, this.options.passive, false, (err: Error | null, request) => {\n if (err)\n return callback(err);\n const operation = 'authorize';\n const overrideParams = options ? options.additionalParams || {} : {};\n this.requestToUrl(request, null, operation, this.getAdditionalParams(req, operation, overrideParams), callback);\n });\n }\n\n getAuthorizeForm(req: Request, callback: (err: Error | null, data?: unknown) => void) {\n // The quoteattr() function is used in a context, where the result will not be evaluated by javascript\n // but must be interpreted by an XML or HTML parser, and it must absolutely avoid breaking the syntax\n // of an element attribute.\n const quoteattr = function(s: string | number | boolean | undefined | null | readonly string[] | readonly number[] | readonly boolean[], preserveCR?: boolean) {\n const preserveCRChar = preserveCR ? ' ' : '\\n';\n return ('' + s) // Forces the conversion to string.\n .replace(/&/g, '&') // This MUST be the 1st replacement.\n .replace(/'/g, ''') // The 4 other predefined entities, required.\n .replace(/\"/g, '"')\n .replace(//g, '>')\n // Add other replacements here for HTML only\n // Or for XML, only if the named entities are defined in its DTD.\n .replace(/\\r\\n/g, preserveCRChar) // Must be before the next replacement.\n .replace(/[\\r\\n]/g, preserveCRChar);\n };\n\n const getAuthorizeFormHelper = (err: Error | null, buffer?: Buffer) => {\n if (err) {\n return callback(err);\n }\n\n const operation = 'authorize';\n const additionalParameters = this.getAdditionalParams(req, operation);\n const samlMessage: querystring.ParsedUrlQueryInput = {\n SAMLRequest: buffer!.toString('base64')\n };\n\n Object.keys(additionalParameters).forEach(k => {\n samlMessage[k] = additionalParameters[k] || '';\n });\n\n const formInputs = Object.keys(samlMessage).map(k => {\n return '';\n }).join('\\r\\n');\n\n callback(null, [\n '',\n '',\n '',\n '',\n '',\n '',\n '',\n '',\n '
',\n formInputs,\n '',\n '
',\n '', // Hide the form if JavaScript is enabled\n '',\n ''\n ].join('\\r\\n'));\n };\n\n this.generateAuthorizeRequest(req, this.options.passive, true, (err: Error | null, request?: string) => {\n if (err) {\n return callback(err);\n }\n\n if (this.options.skipRequestCompression) {\n getAuthorizeFormHelper(null, Buffer.from(request!, 'utf8'));\n } else {\n zlib.deflateRaw(request!, getAuthorizeFormHelper);\n }\n });\n\n }\n\n getLogoutUrl(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void) {\n return this.generateLogoutRequest(req)\n .then(request => {\n const operation = 'logout';\n const overrideParams = options ? options.additionalParams || {} : {};\n return this.requestToUrl(request, null, operation, this.getAdditionalParams(req, operation, overrideParams), callback);\n });\n }\n\n getLogoutResponseUrl(req: RequestWithUser, options: AuthenticateOptions & AuthorizeOptions, callback: (err: Error | null, url?: string | null) => void) {\n const response = this.generateLogoutResponse(req, req.samlLogoutRequest);\n const operation = 'logout';\n const overrideParams = options ? options.additionalParams || {} : {};\n this.requestToUrl(null, response, operation, this.getAdditionalParams(req, operation, overrideParams), callback);\n }\n\n certToPEM(cert: string): string {\n cert = cert.match(/.{1,64}/g)!.join('\\n');\n\n if (cert.indexOf('-BEGIN CERTIFICATE-') === -1)\n cert = \"-----BEGIN CERTIFICATE-----\\n\" + cert;\n if (cert.indexOf('-END CERTIFICATE-') === -1)\n cert = cert + \"\\n-----END CERTIFICATE-----\\n\";\n\n return cert;\n }\n\n certsToCheck(): Promise {\n if (!this.options.cert) {\n return Promise.resolve(undefined);\n }\n if (typeof(this.options.cert) === 'function') {\n return util.promisify(this.options.cert as CertCallback)()\n .then((certs) => {\n if (!Array.isArray(certs)) {\n certs = [certs as string];\n }\n return Promise.resolve(certs as string[]);\n });\n }\n let certs = this.options.cert;\n if (!Array.isArray(certs)) {\n certs = [certs];\n }\n return Promise.resolve(certs);\n }\n\n // This function checks that the |currentNode| in the |fullXml| document contains exactly 1 valid\n // signature of the |currentNode|.\n //\n // See https://github.com/bergie/passport-saml/issues/19 for references to some of the attack\n // vectors against SAML signature verification.\n validateSignature(fullXml: string, currentNode: HTMLElement, certs: string[]) {\n const xpathSigQuery = \".//*[\" +\n \"local-name(.)='Signature' and \" +\n \"namespace-uri(.)='http://www.w3.org/2000/09/xmldsig#' and \" +\n \"descendant::*[local-name(.)='Reference' and @URI='#\"+currentNode.getAttribute('ID')+\"']\" +\n \"]\";\n const signatures = xmlCrypto.xpath(currentNode, xpathSigQuery);\n // This function is expecting to validate exactly one signature, so if we find more or fewer\n // than that, reject.\n if (signatures.length != 1) {\n return false;\n }\n\n const signature = signatures[0];\n return certs.some(certToCheck => {\n return this.validateSignatureForCert(signature as string, certToCheck, fullXml, currentNode);\n });\n }\n\n// This function checks that the |signature| is signed with a given |cert|.\n validateSignatureForCert(signature: string | Node, cert: string, fullXml: string, currentNode: HTMLElement) {\n const sig = new xmlCrypto.SignedXml();\n sig.keyInfoProvider = {\n file: '',\n getKeyInfo: key => \"\",\n getKey: keyInfo => Buffer.from(this.certToPEM(cert)),\n };\n signature = this.normalizeNewlines(signature.toString());\n sig.loadSignature(signature);\n // We expect each signature to contain exactly one reference to the top level of the xml we\n // are validating, so if we see anything else, reject.\n if (sig.references.length != 1 )\n return false;\n const refUri = sig.references[0].uri!;\n const refId = (refUri[0] === '#') ? refUri.substring(1) : refUri;\n // If we can't find the reference at the top level, reject\n const idAttribute = currentNode.getAttribute('ID') ? 'ID' : 'Id';\n if (currentNode.getAttribute(idAttribute) != refId)\n return false;\n // If we find any extra referenced nodes, reject. (xml-crypto only verifies one digest, so\n // multiple candidate references is bad news)\n const totalReferencedNodes = xmlCrypto.xpath(currentNode.ownerDocument,\n \"//*[@\" + idAttribute + \"='\" + refId + \"']\");\n\n if (totalReferencedNodes.length > 1) {\n return false;\n }\n // normalize XML to replace XML-encoded carriage returns with actual carriage returns\n fullXml = this.normalizeXml(fullXml);\n fullXml = this.normalizeNewlines(fullXml);\n return sig.checkSignature(fullXml);\n }\n\n validatePostResponse(container: Record, callback: (err: Error | null, profile?: Profile | null, loggedOut?: boolean) => void) {\n let xml: string, doc: Document, inResponseTo: string | null;\n\n (async() => {\n xml = Buffer.from(container.SAMLResponse, 'base64').toString('utf8');\n doc = new xmldom.DOMParser({\n }).parseFromString(xml);\n\n if (!Object.prototype.hasOwnProperty.call(doc, 'documentElement'))\n throw new Error('SAMLResponse is not valid base64-encoded XML');\n\n const inResponseToNodes = xmlCrypto.xpath(doc, \"/*[local-name()='Response']/@InResponseTo\") as Attr[];\n\n if (inResponseToNodes) {\n inResponseTo = inResponseToNodes.length ? inResponseToNodes[0].nodeValue : null;\n\n return this.validateInResponseTo(inResponseTo);\n }\n })()\n .then(() => this.certsToCheck())\n .then(certs => {\n // Check if this document has a valid top-level signature\n let validSignature = false;\n if (this.options.cert && this.validateSignature(xml, doc.documentElement, certs!)) {\n validSignature = true;\n }\n\n const assertions = xmlCrypto.xpath(doc, \"/*[local-name()='Response']/*[local-name()='Assertion']\") as HTMLElement[];\n const encryptedAssertions = xmlCrypto.xpath(doc,\n \"/*[local-name()='Response']/*[local-name()='EncryptedAssertion']\");\n\n if (assertions.length + encryptedAssertions.length > 1) {\n // There's no reason I know of that we want to handle multiple assertions, and it seems like a\n // potential risk vector for signature scope issues, so treat this as an invalid signature\n throw new Error('Invalid signature: multiple assertions');\n }\n\n if (assertions.length == 1) {\n if (this.options.cert &&\n !validSignature &&\n !this.validateSignature(xml, assertions[0], certs!)) {\n throw new Error('Invalid signature');\n }\n return this.processValidlySignedAssertion(assertions[0].toString(), xml, inResponseTo!, callback);\n }\n\n if (encryptedAssertions.length == 1) {\n if (!this.options.decryptionPvk)\n throw new Error('No decryption key for encrypted SAML response');\n\n const encryptedAssertionXml = encryptedAssertions[0].toString();\n\n const xmlencOptions = { key: this.options.decryptionPvk };\n return util.promisify(xmlenc.decrypt).bind(xmlenc)(encryptedAssertionXml, xmlencOptions)\n .then((decryptedXml: string) => {\n const decryptedDoc = new xmldom.DOMParser().parseFromString(decryptedXml);\n const decryptedAssertions = xmlCrypto.xpath(decryptedDoc, \"/*[local-name()='Assertion']\") as HTMLElement[];\n if (decryptedAssertions.length != 1)\n throw new Error('Invalid EncryptedAssertion content');\n\n if (this.options.cert &&\n !validSignature &&\n !this.validateSignature(decryptedXml, decryptedAssertions[0], certs!))\n throw new Error('Invalid signature from encrypted assertion');\n\n this.processValidlySignedAssertion(decryptedAssertions[0].toString(), xml, inResponseTo!, callback);\n });\n }\n\n // If there's no assertion, fall back on xml2js response parsing for the status &\n // LogoutResponse code.\n\n const parserConfig = {\n explicitRoot: true,\n explicitCharkey: true,\n tagNameProcessors: [xml2js.processors.stripPrefix]\n };\n const parser = new xml2js.Parser(parserConfig);\n return parser.parseStringPromise(xml)\n .then(doc => {\n const response = doc.Response;\n if (response) {\n const assertion = response.Assertion;\n if (!assertion) {\n const status = response.Status;\n if (status) {\n const statusCode = status[0].StatusCode;\n if (statusCode && statusCode[0].$.Value === \"urn:oasis:names:tc:SAML:2.0:status:Responder\") {\n const nestedStatusCode = statusCode[0].StatusCode;\n if (nestedStatusCode && nestedStatusCode[0].$.Value === \"urn:oasis:names:tc:SAML:2.0:status:NoPassive\") {\n if (this.options.cert && !validSignature) {\n throw new Error('Invalid signature: NoPassive');\n }\n return callback(null, null, false);\n }\n }\n\n // Note that we're not requiring a valid signature before this logic -- since we are\n // throwing an error in any case, and some providers don't sign error results,\n // let's go ahead and give the potentially more helpful error.\n if (statusCode && statusCode[0].$.Value) {\n const msgType = statusCode[0].$.Value.match(/[^:]*$/)[0];\n if (msgType != 'Success') {\n let msg = 'unspecified';\n if (status[0].StatusMessage) {\n msg = status[0].StatusMessage[0]._;\n } else if (statusCode[0].StatusCode) {\n msg = statusCode[0].StatusCode[0].$.Value.match(/[^:]*$/)[0];\n }\n const error = new Error('SAML provider returned ' + msgType + ' error: ' + msg);\n const builderOpts = {\n rootName: 'Status',\n headless: true\n };\n // @ts-expect-error adding extra attr to default Error object\n error.statusXml = new xml2js.Builder(builderOpts).buildObject(status[0]);\n return Promise.reject(error);\n }\n }\n }\n throw new Error('Missing SAML assertion');\n }\n } else {\n if (this.options.cert && !validSignature) {\n throw new Error('Invalid signature: No response found');\n }\n const logoutResponse = doc.LogoutResponse;\n if (logoutResponse){\n return callback(null, null, true);\n } else {\n throw new Error('Unknown SAML response message');\n }\n }\n });\n })\n .catch(err => {\n debug('validatePostResponse resulted in an error: %s', err);\n if (this.options.validateInResponseTo) {\n util.promisify(this.cacheProvider.remove).bind(this.cacheProvider)(inResponseTo!)\n .then(function() {\n callback(err);\n });\n } else {\n callback(err);\n }\n });\n }\n\n validateInResponseTo(inResponseTo: string | null) {\n if (this.options.validateInResponseTo) {\n if (inResponseTo) {\n return util.promisify(this.cacheProvider.get).bind(this.cacheProvider)(inResponseTo)\n .then(result => {\n if (!result)\n throw new Error('InResponseTo is not valid');\n return Promise.resolve();\n });\n } else {\n throw new Error('InResponseTo is missing from response');\n }\n } else {\n return Promise.resolve();\n }\n }\n\n validateRedirect(container: ParsedQs, originalQuery: string | null, callback: (err: Error | null, profile?: Profile | null, loggedOut?: boolean) => void) {\n const samlMessageType = container.SAMLRequest ? 'SAMLRequest' : 'SAMLResponse';\n\n const data = Buffer.from(container[samlMessageType] as string, \"base64\");\n zlib.inflateRaw(data, (err, inflated) => {\n if (err) {\n return callback(err);\n }\n\n const dom = new xmldom.DOMParser().parseFromString(inflated.toString());\n const parserConfig = {\n explicitRoot: true,\n explicitCharkey: true,\n tagNameProcessors: [xml2js.processors.stripPrefix]\n };\n const parser = new xml2js.Parser(parserConfig);\n parser.parseString(inflated, (err: Error | null, doc: XMLOutput) => {\n if (err) {\n return callback(err);\n }\n\n (async () => {\n return samlMessageType === 'SAMLResponse' ?\n this.verifyLogoutResponse(doc) : this.verifyLogoutRequest(doc);\n })()\n .then(() => this.hasValidSignatureForRedirect(container, originalQuery))\n .then(() => processValidlySignedSamlLogout(this, doc, dom, callback))\n .catch(err => callback(err));\n });\n });\n }\n\n hasValidSignatureForRedirect(container: ParsedQs, originalQuery: string | null): Promise {\n const tokens = originalQuery!.split('&');\n const getParam = (key: string) => {\n const exists = tokens.filter(t => { return new RegExp(key).test(t); });\n return exists[0];\n };\n\n if (container.Signature && this.options.cert) {\n let urlString = getParam('SAMLRequest') || getParam('SAMLResponse');\n\n if (getParam('RelayState')) {\n urlString += '&' + getParam('RelayState');\n }\n\n urlString += '&' + getParam('SigAlg');\n\n return this.certsToCheck()\n .then(certs => {\n const hasValidQuerySignature = certs!.some(cert => {\n return this.validateSignatureForRedirect(\n urlString, container.Signature as string, container.SigAlg as string, cert\n );\n });\n\n if (!hasValidQuerySignature) {\n throw new Error('Invalid signature');\n }\n });\n } else {\n return Promise.resolve(true);\n }\n }\n\n validateSignatureForRedirect(urlString: crypto.BinaryLike, signature: string, alg: string, cert: string) {\n // See if we support a matching algorithm, case-insensitive. Otherwise, throw error.\n function hasMatch (ourAlgo: string) {\n // The incoming algorithm is forwarded as a URL.\n // We trim everything before the last # get something we can compare to the Node.js list\n const algFromURI = alg.toLowerCase().replace(/.*#(.*)$/,'$1');\n return ourAlgo.toLowerCase() === algFromURI;\n }\n const i = crypto.getHashes().findIndex(hasMatch);\n let matchingAlgo;\n if (i > -1) {\n matchingAlgo = crypto.getHashes()[i];\n }\n else {\n throw new Error(alg + ' is not supported');\n }\n\n const verifier = crypto.createVerify(matchingAlgo);\n verifier.update(urlString);\n\n return verifier.verify(this.certToPEM(cert), signature, 'base64');\n }\n\n verifyLogoutRequest(doc: XMLOutput) {\n this.verifyIssuer(doc.LogoutRequest);\n const nowMs = new Date().getTime();\n const conditions = doc.LogoutRequest.$;\n const conErr = this.checkTimestampsValidityError(\n nowMs, conditions.NotBefore, conditions.NotOnOrAfter\n );\n if (conErr) {\n throw conErr;\n }\n }\n\n verifyLogoutResponse(doc: XMLOutput) {\n return (async () => {\n const statusCode = doc.LogoutResponse.Status[0].StatusCode[0].$.Value;\n if (statusCode !== \"urn:oasis:names:tc:SAML:2.0:status:Success\")\n throw new Error('Bad status code: ' + statusCode);\n\n this.verifyIssuer(doc.LogoutResponse);\n const inResponseTo = doc.LogoutResponse.$.InResponseTo;\n if (inResponseTo) {\n return this.validateInResponseTo(inResponseTo);\n }\n\n return Promise.resolve(true);\n })();\n }\n\n verifyIssuer(samlMessage: XMLOutput) {\n if(this.options.idpIssuer) {\n const issuer = samlMessage.Issuer;\n if (issuer) {\n if (issuer[0]._ !== this.options.idpIssuer)\n throw new Error('Unknown SAML issuer. Expected: ' + this.options.idpIssuer + ' Received: ' + issuer[0]._);\n } else {\n throw new Error('Missing SAML issuer');\n }\n }\n }\n\n processValidlySignedAssertion(xml: xml2js.convertableToString, samlResponseXml: string, inResponseTo: string, callback: (err: Error | null, profile?: Profile | undefined, loggedOut?: boolean | undefined) => void) {\n let msg;\n const parserConfig = {\n explicitRoot: true,\n explicitCharkey: true,\n tagNameProcessors: [xml2js.processors.stripPrefix]\n };\n const nowMs = new Date().getTime();\n const profile = {} as Profile;\n let assertion: XMLOutput;\n let parsedAssertion: XMLOutput;\n const parser = new xml2js.Parser(parserConfig);\n parser.parseStringPromise(xml)\n .then((doc: XMLOutput) => {\n parsedAssertion = doc;\n assertion = doc.Assertion;\n\n const issuer = assertion.Issuer;\n if (issuer && issuer[0]._) {\n profile.issuer = issuer[0]._;\n }\n\n if (inResponseTo) {\n profile.inResponseTo = inResponseTo;\n }\n\n const authnStatement = assertion.AuthnStatement;\n if (authnStatement) {\n if (authnStatement[0].$ && authnStatement[0].$.SessionIndex) {\n profile.sessionIndex = authnStatement[0].$.SessionIndex;\n }\n }\n\n const subject = assertion.Subject;\n let subjectConfirmation, confirmData;\n if (subject) {\n const nameID = subject[0].NameID;\n if (nameID && nameID[0]._) {\n profile.nameID = nameID[0]._;\n\n if (nameID[0].$ && nameID[0].$.Format) {\n profile.nameIDFormat = nameID[0].$.Format;\n profile.nameQualifier = nameID[0].$.NameQualifier;\n profile.spNameQualifier = nameID[0].$.SPNameQualifier;\n }\n }\n\n subjectConfirmation = subject[0].SubjectConfirmation ?\n subject[0].SubjectConfirmation[0] : null;\n confirmData = subjectConfirmation && subjectConfirmation.SubjectConfirmationData ?\n subjectConfirmation.SubjectConfirmationData[0] : null;\n if (subject[0].SubjectConfirmation && subject[0].SubjectConfirmation.length > 1) {\n msg = 'Unable to process multiple SubjectConfirmations in SAML assertion';\n throw new Error(msg);\n }\n\n if (subjectConfirmation) {\n if (confirmData && confirmData.$) {\n const subjectNotBefore = confirmData.$.NotBefore;\n const subjectNotOnOrAfter = confirmData.$.NotOnOrAfter;\n\n const subjErr = this.checkTimestampsValidityError(\n nowMs, subjectNotBefore, subjectNotOnOrAfter);\n if (subjErr) {\n throw subjErr;\n }\n }\n }\n }\n\n // Test to see that if we have a SubjectConfirmation InResponseTo that it matches\n // the 'InResponseTo' attribute set in the Response\n if (this.options.validateInResponseTo) {\n if (subjectConfirmation) {\n if (confirmData && confirmData.$) {\n const subjectInResponseTo = confirmData.$.InResponseTo;\n if (inResponseTo && subjectInResponseTo && subjectInResponseTo != inResponseTo) {\n return util.promisify(this.cacheProvider.remove).bind(this.cacheProvider)(inResponseTo)\n .then(() => {\n throw new Error('InResponseTo is not valid');\n });\n } else if (subjectInResponseTo) {\n let foundValidInResponseTo = false;\n return util.promisify(this.cacheProvider.get).bind(this.cacheProvider)(subjectInResponseTo)\n .then(result => {\n if (result) {\n const createdAt = new Date(result);\n if (nowMs < createdAt.getTime() + this.options.requestIdExpirationPeriodMs)\n foundValidInResponseTo = true;\n }\n return util.promisify(this.cacheProvider.remove).bind(this.cacheProvider)(inResponseTo);\n })\n .then(() => {\n if (!foundValidInResponseTo) {\n throw new Error('InResponseTo is not valid');\n }\n return Promise.resolve();\n });\n }\n }\n } else {\n util.promisify(this.cacheProvider.remove).bind(this.cacheProvider)(inResponseTo);\n return Promise.resolve();\n }\n } else {\n return Promise.resolve();\n }\n })\n .then(() => {\n const conditions = assertion.Conditions ? assertion.Conditions[0] : null;\n if (assertion.Conditions && assertion.Conditions.length > 1) {\n msg = 'Unable to process multiple conditions in SAML assertion';\n throw new Error(msg);\n }\n if(conditions && conditions.$) {\n const conErr = this.checkTimestampsValidityError(\n nowMs, conditions.$.NotBefore, conditions.$.NotOnOrAfter);\n if(conErr)\n throw conErr;\n }\n\n if (this.options.audience) {\n const audienceErr = this.checkAudienceValidityError(\n this.options.audience, conditions.AudienceRestriction);\n if(audienceErr)\n throw audienceErr;\n }\n\n const attributeStatement = assertion.AttributeStatement;\n if (attributeStatement) {\n const attributes: XMLOutput[] = [].concat(...attributeStatement.filter((attr: XMLObject) => Array.isArray(attr.Attribute))\n .map((attr: XMLObject) => attr.Attribute));\n\n const attrValueMapper = (value: XMLObject) => {\n const hasChildren = Object.keys(value).some((cur)=> { return (cur!=='_' && cur!=='$'); });\n return (hasChildren) ? value : value._;\n };\n\n if (attributes) {\n attributes.forEach(attribute => {\n if(!Object.prototype.hasOwnProperty.call(attribute, 'AttributeValue')) {\n // if attributes has no AttributeValue child, continue\n return;\n }\n const value = attribute.AttributeValue;\n if (value.length === 1) {\n profile[attribute.$.Name] = attrValueMapper(value[0]);\n } else {\n profile[attribute.$.Name] = value.map(attrValueMapper);\n }\n });\n }\n }\n\n if (!profile.mail && profile['urn:oid:0.9.2342.19200300.100.1.3']) {\n // See https://spaces.internet2.edu/display/InCFederation/Supported+Attribute+Summary\n // for definition of attribute OIDs\n profile.mail = profile['urn:oid:0.9.2342.19200300.100.1.3'];\n }\n\n if (!profile.email && profile.mail) {\n profile.email = profile.mail;\n }\n\n profile.getAssertionXml = () => xml.toString();\n profile.getAssertion = () => parsedAssertion;\n profile.getSamlResponseXml = () => samlResponseXml;\n\n callback(null, profile, false);\n })\n .catch(err => callback(err));\n }\n\n checkTimestampsValidityError(nowMs: number, notBefore: string, notOnOrAfter: string) {\n if (this.options.acceptedClockSkewMs == -1)\n return null;\n\n if (notBefore) {\n const notBeforeMs = Date.parse(notBefore);\n if (nowMs + this.options.acceptedClockSkewMs < notBeforeMs)\n return new Error('SAML assertion not yet valid');\n }\n if (notOnOrAfter) {\n const notOnOrAfterMs = Date.parse(notOnOrAfter);\n if (nowMs - this.options.acceptedClockSkewMs >= notOnOrAfterMs)\n return new Error('SAML assertion expired');\n }\n\n return null;\n }\n\n checkAudienceValidityError(expectedAudience: string, audienceRestrictions: AudienceRestrictionXML[]) {\n if (!audienceRestrictions || audienceRestrictions.length < 1) {\n return new Error('SAML assertion has no AudienceRestriction');\n }\n const errors = audienceRestrictions.map((restriction) => {\n if (!restriction.Audience || !restriction.Audience[0] || !restriction.Audience[0]._) {\n return new Error('SAML assertion AudienceRestriction has no Audience value');\n }\n if (restriction.Audience[0]._ !== expectedAudience) {\n return new Error('SAML assertion audience mismatch');\n }\n return null;\n }).filter(result => {\n return result !== null;\n });\n if (errors.length > 0) {\n return errors[0];\n }\n return null;\n }\n\n validatePostRequest(container: Record, callback: (err: Error | null, profile?: Profile, loggedOut?: boolean) => void) {\n const xml = Buffer.from(container.SAMLRequest, 'base64').toString('utf8');\n const dom = new xmldom.DOMParser().parseFromString(xml);\n const parserConfig = {\n explicitRoot: true,\n explicitCharkey: true,\n tagNameProcessors: [xml2js.processors.stripPrefix]\n };\n const parser = new xml2js.Parser(parserConfig);\n parser.parseString(xml, (err: Error | null, doc: XMLOutput) => {\n if (err) {\n return callback(err);\n }\n\n this.certsToCheck()\n .then(certs => {\n // Check if this document has a valid top-level signature\n if (this.options.cert && !this.validateSignature(xml, dom.documentElement, certs!)) {\n return callback(new Error('Invalid signature on documentElement'));\n }\n\n processValidlySignedPostRequest(this, doc, dom, callback);\n })\n .catch(err => callback(err));\n });\n }\n\n getNameID(self: SAML, doc: Node, callback: (err: Error | null, nameID?: XMLOutput) => void) {\n const nameIds = xmlCrypto.xpath(doc, \"/*[local-name()='LogoutRequest']/*[local-name()='NameID']\") as Node[];\n const encryptedIds = xmlCrypto.xpath(doc,\n \"/*[local-name()='LogoutRequest']/*[local-name()='EncryptedID']\") as Node[];\n\n if (nameIds.length + encryptedIds.length > 1) {\n return callback(new Error('Invalid LogoutRequest'));\n }\n if (nameIds.length === 1) {\n return callBackWithNameID(nameIds[0], callback);\n }\n if (encryptedIds.length === 1) {\n if (!self.options.decryptionPvk) {\n return callback(new Error('No decryption key for encrypted SAML response'));\n }\n\n const encryptedDatas = xmlCrypto.xpath(encryptedIds[0], \"./*[local-name()='EncryptedData']\");\n\n if (encryptedDatas.length !== 1) {\n return callback(new Error('Invalid LogoutRequest'));\n }\n const encryptedDataXml = encryptedDatas[0].toString();\n\n const xmlencOptions = { key: self.options.decryptionPvk };\n return util.promisify(xmlenc.decrypt).bind(xmlenc)(encryptedDataXml, xmlencOptions)\n .then(function (decryptedXml: string) {\n const decryptedDoc = new xmldom.DOMParser().parseFromString(decryptedXml);\n const decryptedIds = xmlCrypto.xpath(decryptedDoc, \"/*[local-name()='NameID']\") as Node[];\n if (decryptedIds.length !== 1) {\n return callback(new Error('Invalid EncryptedAssertion content'));\n }\n return callBackWithNameID(decryptedIds[0], callback);\n })\n .catch((err: Error) => {\n callback(err);\n });\n }\n callback(new Error('Missing SAML NameID'));\n }\n\n generateServiceProviderMetadata( decryptionCert: string | null, signingCert?: string | null ) {\n const metadata: ServiceMetadataXML = {\n 'EntityDescriptor' : {\n '@xmlns': 'urn:oasis:names:tc:SAML:2.0:metadata',\n '@xmlns:ds': 'http://www.w3.org/2000/09/xmldsig#',\n '@entityID': this.options.issuer,\n '@ID': this.options.issuer.replace(/\\W/g, '_'),\n 'SPSSODescriptor' : {\n '@protocolSupportEnumeration': 'urn:oasis:names:tc:SAML:2.0:protocol',\n },\n }\n };\n\n if (this.options.decryptionPvk) {\n if (!decryptionCert) {\n throw new Error(\n \"Missing decryptionCert while generating metadata for decrypting service provider\");\n }\n }\n if(this.options.privateKey){\n if(!signingCert){\n throw new Error(\n \"Missing signingCert while generating metadata for signing service provider messages\");\n }\n }\n\n if(this.options.decryptionPvk || this.options.privateKey){\n metadata.EntityDescriptor.SPSSODescriptor.KeyDescriptor=[];\n if (this.options.privateKey) {\n\n signingCert = signingCert!.replace( /-+BEGIN CERTIFICATE-+\\r?\\n?/, '' );\n signingCert = signingCert.replace( /-+END CERTIFICATE-+\\r?\\n?/, '' );\n signingCert = signingCert.replace( /\\r\\n/g, '\\n' );\n\n metadata.EntityDescriptor.SPSSODescriptor.KeyDescriptor.push({\n '@use': 'signing',\n 'ds:KeyInfo' : {\n 'ds:X509Data' : {\n 'ds:X509Certificate': {\n '#text': signingCert\n }\n }\n }\n });\n }\n\n if (this.options.decryptionPvk) {\n\n decryptionCert = decryptionCert!.replace( /-+BEGIN CERTIFICATE-+\\r?\\n?/, '' );\n decryptionCert = decryptionCert.replace( /-+END CERTIFICATE-+\\r?\\n?/, '' );\n decryptionCert = decryptionCert.replace( /\\r\\n/g, '\\n' );\n\n metadata.EntityDescriptor.SPSSODescriptor.KeyDescriptor.push({\n '@use': 'encryption',\n 'ds:KeyInfo' : {\n 'ds:X509Data' : {\n 'ds:X509Certificate': {\n '#text': decryptionCert\n }\n }\n },\n 'EncryptionMethod' : [\n // this should be the set that the xmlenc library supports\n { '@Algorithm': 'http://www.w3.org/2001/04/xmlenc#aes256-cbc' },\n { '@Algorithm': 'http://www.w3.org/2001/04/xmlenc#aes128-cbc' },\n { '@Algorithm': 'http://www.w3.org/2001/04/xmlenc#tripledes-cbc' }\n ]\n });\n }\n }\n\n if (this.options.logoutCallbackUrl) {\n metadata.EntityDescriptor.SPSSODescriptor.SingleLogoutService = {\n '@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',\n '@Location': this.options.logoutCallbackUrl\n };\n }\n\n if (this.options.identifierFormat) {\n metadata.EntityDescriptor.SPSSODescriptor.NameIDFormat = this.options.identifierFormat;\n }\n\n metadata.EntityDescriptor.SPSSODescriptor.AssertionConsumerService = {\n '@index': '1',\n '@isDefault': 'true',\n '@Binding': 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',\n '@Location': this.getCallbackUrl({})\n };\n return xmlbuilder.create(metadata as unknown as Record).end({ pretty: true, indent: ' ', newline: '\\n' });\n }\n\n keyToPEM(key: crypto.KeyLike) {\n if (!key || typeof key !== 'string') return key;\n\n const lines = key.split(/\\r?\\n/);\n if (lines.length !== 1) return key;\n\n const wrappedKey = [\n '-----BEGIN PRIVATE KEY-----',\n ...(key.match(/.{1,64}/g) ?? []),\n '-----END PRIVATE KEY-----',\n ''\n ].join('\\n');\n return wrappedKey;\n }\n\n normalizeNewlines(xml : string) : string {\n // we can use this utility before passing XML to `xml-crypto`\n // we are considered the XML processor and are responsible for newline normalization\n // https://github.com/node-saml/passport-saml/issues/431#issuecomment-718132752\n return xml.replace(/\\r\\n?/g, \"\\n\");\n }\n\n normalizeXml(xml: string): string {\n // we can use this utility to parse and re-stringify XML\n // `DOMParser` will take care of normalization tasks, like replacing XML-encoded carriage returns with actual carriage returns\n return new xmldom.DOMParser({}).parseFromString(xml).toString();\n }\n}\n\nexport { SAML };\n"]}