{"version":3,"file":"EcdsaSd2023.mjs","names":["current: unknown","proofOptions: Partial<EcdsaSd2023Proof>","proof: EcdsaSd2023Proof","derivedDoc: Record<string, unknown>","derivedProof: EcdsaSd2023Proof","sorted: Record<string, unknown>","x: Uint8Array","y: Uint8Array"],"sources":["../../src/cryptosuites/EcdsaSd2023.ts"],"sourcesContent":["/**\n * ECDSA SD 2023 Cryptosuite\n *\n * Implements the ecdsa-sd-2023 cryptosuite for Data Integrity proofs with\n * selective disclosure support.\n *\n * Spec: https://www.w3.org/TR/vc-di-ecdsa/#ecdsa-sd-2023\n *\n * Key features:\n * - Uses ECDSA P-256 (secp256r1) signature algorithm\n * - Supports selective disclosure of claims\n * - Uses mandatory and selective pointers for claim selection\n * - Produces DataIntegrityProof with cryptosuite: 'ecdsa-sd-2023'\n *\n * Note: This implementation provides the structure and interface.\n * Full selective disclosure requires BBS+ style commitments which would need\n * additional crypto libraries. For now, this provides basic ECDSA signing\n * with the correct proof structure.\n */\n\nimport {\n  CRYPTOSUITE_ECDSA_SD_2023,\n  DATA_INTEGRITY_V2_CONTEXT_URL,\n  PROOF_TYPE_DATA_INTEGRITY,\n  VM_TYPE_MULTIKEY,\n} from './constants'\nimport bs58 from 'bs58'\nimport { Hasher } from '@credo-ts/core'\n\n// P-256 multicodec prefixes\nconst P256_PUB_MULTICODEC = new Uint8Array([0x80, 0x24])\nconst P256_PRIV_MULTICODEC = new Uint8Array([0x86, 0x26])\n\n/**\n * JsonWebKey interface for Web Crypto API compatibility\n * (DOM type not available in Node.js tsconfig)\n */\ninterface JsonWebKey {\n  kty?: string\n  crv?: string\n  x?: string\n  y?: string\n  d?: string\n  [key: string]: unknown\n}\n\nexport interface EcdsaSd2023KeyPair {\n  id: string\n  controller: string\n  publicKeyMultibase: string\n  privateKeyMultibase?: string\n}\n\nexport interface EcdsaSd2023Proof {\n  type: typeof PROOF_TYPE_DATA_INTEGRITY\n  cryptosuite: typeof CRYPTOSUITE_ECDSA_SD_2023\n  created: string\n  verificationMethod: string\n  proofPurpose: string\n  proofValue: string\n}\n\nexport interface SignOptions {\n  document: Record<string, unknown>\n  keyPair: EcdsaSd2023KeyPair\n  purpose?: string\n  date?: Date | string\n  mandatoryPointers?: string[]\n}\n\nexport interface DeriveOptions {\n  signedDocument: Record<string, unknown>\n  selectivePointers: string[]\n}\n\nexport interface VerifyOptions {\n  document: Record<string, unknown>\n  proof: EcdsaSd2023Proof\n  publicKeyMultibase: string\n}\n\n/**\n * JSON Pointer helper to get value at path\n */\nfunction getValueAtPointer(obj: Record<string, unknown>, pointer: string): unknown {\n  if (!pointer.startsWith('/')) {\n    throw new Error('JSON pointer must start with /')\n  }\n\n  const parts = pointer.slice(1).split('/')\n  let current: unknown = obj\n\n  for (const part of parts) {\n    if (current === null || current === undefined) {\n      return undefined\n    }\n\n    const decodedPart = part.replace(/~1/g, '/').replace(/~0/g, '~')\n\n    if (Array.isArray(current)) {\n      const index = parseInt(decodedPart, 10)\n      current = current[index]\n    } else if (typeof current === 'object') {\n      current = (current as Record<string, unknown>)[decodedPart]\n    } else {\n      return undefined\n    }\n  }\n\n  return current\n}\n\n/**\n * JSON Pointer helper to set value at path\n */\nfunction setValueAtPointer(obj: Record<string, unknown>, pointer: string, value: unknown): void {\n  if (!pointer.startsWith('/')) {\n    throw new Error('JSON pointer must start with /')\n  }\n\n  const parts = pointer.slice(1).split('/')\n  let current: unknown = obj\n\n  for (let i = 0; i < parts.length - 1; i++) {\n    const part = parts[i].replace(/~1/g, '/').replace(/~0/g, '~')\n\n    if (Array.isArray(current)) {\n      const index = parseInt(part, 10)\n      if (current[index] === undefined) {\n        current[index] = {}\n      }\n      current = current[index]\n    } else if (typeof current === 'object' && current !== null) {\n      const record = current as Record<string, unknown>\n      if (record[part] === undefined) {\n        record[part] = {}\n      }\n      current = record[part]\n    }\n  }\n\n  const lastPart = parts[parts.length - 1].replace(/~1/g, '/').replace(/~0/g, '~')\n\n  if (Array.isArray(current)) {\n    const index = parseInt(lastPart, 10)\n    current[index] = value\n  } else if (typeof current === 'object' && current !== null) {\n    ;(current as Record<string, unknown>)[lastPart] = value\n  }\n}\n\n/**\n * ECDSA SD 2023 Cryptosuite implementation\n *\n * Note: Full selective disclosure support requires BBS+ style cryptography.\n * This implementation provides the structure and basic ECDSA signing.\n * For production use with actual selective disclosure, integrate with\n * @mattrglobal/bbs-signatures or similar.\n */\nexport class EcdsaSd2023Cryptosuite {\n  public static readonly proofType = PROOF_TYPE_DATA_INTEGRITY\n  public static readonly cryptosuite = CRYPTOSUITE_ECDSA_SD_2023\n  public static readonly contextUrl = DATA_INTEGRITY_V2_CONTEXT_URL\n  public static readonly verificationMethodTypes = [VM_TYPE_MULTIKEY]\n\n  /**\n   * Sign a document using ecdsa-sd-2023 cryptosuite\n   *\n   * @param options - Sign options including document, keyPair, and mandatoryPointers\n   * @returns Signed document with base proof\n   */\n  public async sign(options: SignOptions): Promise<Record<string, unknown>> {\n    const { document, keyPair, purpose = 'assertionMethod', date, mandatoryPointers = [] } = options\n\n    // Create proof options\n    const proofOptions: Partial<EcdsaSd2023Proof> = {\n      type: PROOF_TYPE_DATA_INTEGRITY,\n      cryptosuite: CRYPTOSUITE_ECDSA_SD_2023,\n      created: date ? new Date(date).toISOString() : new Date().toISOString(),\n      verificationMethod: keyPair.id,\n      proofPurpose: purpose,\n    }\n\n    // Store mandatory pointers in proof (for derive to use later)\n    const proofWithPointers = {\n      ...proofOptions,\n      // Store mandatory claim references\n      _mandatoryPointers: mandatoryPointers,\n    }\n\n    // Create hash data\n    const documentCopy = { ...document }\n    delete (documentCopy as Record<string, unknown>).proof\n\n    const hashData = this.createHashData(documentCopy, proofWithPointers)\n\n    // Sign using Web Crypto API (P-256/ECDSA)\n    const signature = await this.signWithP256(hashData, keyPair)\n\n    // Create proof value\n    // In ecdsa-sd-2023, the proofValue contains:\n    // 1. The base signature\n    // 2. Commitments to selective claims\n    // 3. Mandatory claim hashes\n    // For this simplified version, we just include the signature\n    const proofValue = this.encodeProofValue({\n      signature,\n      mandatoryPointers,\n    })\n\n    // Create final proof\n    const proof: EcdsaSd2023Proof = {\n      type: PROOF_TYPE_DATA_INTEGRITY,\n      cryptosuite: CRYPTOSUITE_ECDSA_SD_2023,\n      created: proofOptions.created!,\n      verificationMethod: proofOptions.verificationMethod!,\n      proofPurpose: proofOptions.proofPurpose!,\n      proofValue,\n    }\n\n    return {\n      ...document,\n      proof,\n    }\n  }\n\n  /**\n   * Derive a selective disclosure proof from a base proof\n   *\n   * @param options - Derive options including signed document and selective pointers\n   * @returns Derived document with only selected claims\n   */\n  public async derive(options: DeriveOptions): Promise<Record<string, unknown>> {\n    const { signedDocument, selectivePointers } = options\n\n    const proof = signedDocument.proof as EcdsaSd2023Proof\n    if (!proof || proof.cryptosuite !== CRYPTOSUITE_ECDSA_SD_2023) {\n      throw new Error('Document must have an ecdsa-sd-2023 proof for derivation')\n    }\n\n    // Parse the original proof value\n    const { signature, mandatoryPointers } = this.decodeProofValue(proof.proofValue)\n\n    // Create derived document with only selected + mandatory claims\n    const allPointers = [...new Set([...mandatoryPointers, ...selectivePointers])]\n\n    // Build derived document\n    const derivedDoc: Record<string, unknown> = {\n      '@context': signedDocument['@context'],\n      type: signedDocument.type,\n    }\n\n    // Copy mandatory fields\n    if (signedDocument.id) derivedDoc.id = signedDocument.id\n    if (signedDocument.issuer) derivedDoc.issuer = signedDocument.issuer\n    if (signedDocument.validFrom) derivedDoc.validFrom = signedDocument.validFrom\n\n    // Copy selected claims\n    for (const pointer of allPointers) {\n      const value = getValueAtPointer(signedDocument as Record<string, unknown>, pointer)\n      if (value !== undefined) {\n        setValueAtPointer(derivedDoc, pointer, value)\n      }\n    }\n\n    // Create derived proof\n    const derivedProof: EcdsaSd2023Proof = {\n      type: PROOF_TYPE_DATA_INTEGRITY,\n      cryptosuite: CRYPTOSUITE_ECDSA_SD_2023,\n      created: proof.created,\n      verificationMethod: proof.verificationMethod,\n      proofPurpose: proof.proofPurpose,\n      proofValue: this.encodeProofValue({\n        signature,\n        mandatoryPointers,\n        derivedFrom: proof.proofValue,\n        selectedPointers: selectivePointers,\n      }),\n    }\n\n    return {\n      ...derivedDoc,\n      proof: derivedProof,\n    }\n  }\n\n  /**\n   * Verify a document with ecdsa-sd-2023 proof\n   */\n  public async verify(options: VerifyOptions): Promise<{ verified: boolean; error?: string }> {\n    const { document, proof, publicKeyMultibase } = options\n\n    try {\n      // Validate proof structure\n      if (proof.type !== PROOF_TYPE_DATA_INTEGRITY) {\n        return { verified: false, error: `Invalid proof type: ${proof.type}` }\n      }\n      if (proof.cryptosuite !== CRYPTOSUITE_ECDSA_SD_2023) {\n        return { verified: false, error: `Invalid cryptosuite: ${proof.cryptosuite}` }\n      }\n\n      // Parse proof value\n      const { signature } = this.decodeProofValue(proof.proofValue)\n\n      // Recreate hash data\n      const documentCopy = { ...document }\n      delete (documentCopy as Record<string, unknown>).proof\n\n      const proofOptions = {\n        type: proof.type,\n        cryptosuite: proof.cryptosuite,\n        created: proof.created,\n        verificationMethod: proof.verificationMethod,\n        proofPurpose: proof.proofPurpose,\n      }\n\n      const hashData = this.createHashData(documentCopy, proofOptions)\n\n      // Verify signature\n      const verified = await this.verifyWithP256(hashData, signature, publicKeyMultibase)\n\n      return { verified }\n    } catch (error) {\n      const err = error as Error\n      return { verified: false, error: err.message }\n    }\n  }\n\n  /**\n   * Check if this suite matches a given proof\n   */\n  public matchProof(proof: Record<string, unknown>): boolean {\n    return (\n      proof.type === PROOF_TYPE_DATA_INTEGRITY && proof.cryptosuite === CRYPTOSUITE_ECDSA_SD_2023\n    )\n  }\n\n  /**\n   * Create hash data for signing/verification\n   */\n  private createHashData(\n    document: Record<string, unknown>,\n    proofOptions: Record<string, unknown>\n  ): Uint8Array {\n    const combined = {\n      document: this.sortObject(document),\n      proofOptions: this.sortObject(proofOptions),\n    }\n\n    const encoder = new TextEncoder()\n    return encoder.encode(JSON.stringify(combined))\n  }\n\n  /**\n   * Deep sort object keys for consistent serialization\n   */\n  private sortObject(obj: Record<string, unknown>): Record<string, unknown> {\n    if (Array.isArray(obj)) {\n      return obj.map((item) =>\n        typeof item === 'object' && item !== null\n          ? this.sortObject(item as Record<string, unknown>)\n          : item\n      ) as unknown as Record<string, unknown>\n    }\n\n    if (typeof obj !== 'object' || obj === null) {\n      return obj\n    }\n\n    const sorted: Record<string, unknown> = {}\n    const keys = Object.keys(obj).sort()\n\n    for (const key of keys) {\n      // Skip internal fields\n      if (key.startsWith('_')) continue\n\n      const value = obj[key]\n      sorted[key] =\n        typeof value === 'object' && value !== null\n          ? this.sortObject(value as Record<string, unknown>)\n          : value\n    }\n\n    return sorted\n  }\n\n  /**\n   * Get Web Crypto SubtleCrypto API if available\n   */\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  private getSubtleCrypto(): any {\n    // Try to get crypto.subtle from globalThis (works in Node.js 15+ and browsers)\n    try {\n      // eslint-disable-next-line @typescript-eslint/no-explicit-any\n      const globalCrypto = (globalThis as any).crypto\n      if (globalCrypto?.subtle) {\n        return globalCrypto.subtle\n      }\n    } catch {\n      // Crypto not available\n    }\n    return undefined\n  }\n\n  /**\n   * Sign data with P-256 key using Web Crypto API with JWK import\n   */\n  private async signWithP256(\n    data: Uint8Array,\n    keyPair: EcdsaSd2023KeyPair\n  ): Promise<Uint8Array> {\n    if (!keyPair.privateKeyMultibase) {\n      throw new Error('Private key is required for signing')\n    }\n\n    const subtle = this.getSubtleCrypto()\n    if (!subtle) {\n      throw new Error('Web Crypto API (subtle) not available')\n    }\n\n    try {\n      // Decode private and public keys from multibase\n      const privateKeyRaw = this.decodePrivateKeyRaw(keyPair.privateKeyMultibase)\n      const publicKeyRaw = this.decodePublicKeyRaw(keyPair.publicKeyMultibase)\n\n      // Convert to JWK format\n      const jwk = this.privateKeyToJwk(privateKeyRaw, publicKeyRaw)\n\n      // Import the key using JWK format\n      const cryptoKey = await subtle.importKey(\n        'jwk',\n        jwk,\n        { name: 'ECDSA', namedCurve: 'P-256' },\n        false,\n        ['sign']\n      )\n\n      // Sign the data\n      const signatureBuffer = await subtle.sign(\n        { name: 'ECDSA', hash: 'SHA-256' },\n        cryptoKey,\n        data\n      )\n\n      return new Uint8Array(signatureBuffer)\n    } catch (error) {\n      throw new Error(`P-256 signing failed: ${(error as Error).message}`)\n    }\n  }\n\n  /**\n   * Verify signature with P-256 public key using Web Crypto API with JWK import\n   */\n  private async verifyWithP256(\n    data: Uint8Array,\n    signature: Uint8Array,\n    publicKeyMultibase: string\n  ): Promise<boolean> {\n    const subtle = this.getSubtleCrypto()\n    if (!subtle) {\n      throw new Error('Web Crypto API (subtle) not available')\n    }\n\n    try {\n      // Decode public key from multibase\n      const publicKeyRaw = this.decodePublicKeyRaw(publicKeyMultibase)\n\n      // Convert to JWK format\n      const jwk = this.publicKeyToJwk(publicKeyRaw)\n\n      // Import the public key using JWK format\n      const cryptoKey = await subtle.importKey(\n        'jwk',\n        jwk,\n        { name: 'ECDSA', namedCurve: 'P-256' },\n        false,\n        ['verify']\n      )\n\n      // Verify the signature\n      return await subtle.verify(\n        { name: 'ECDSA', hash: 'SHA-256' },\n        cryptoKey,\n        signature,\n        data\n      )\n    } catch (error) {\n      throw new Error(`P-256 verification failed: ${(error as Error).message}`)\n    }\n  }\n\n  /**\n   * SHA-256 hash using cross-platform Hasher\n   */\n  private sha256(data: Uint8Array): Uint8Array {\n    return Hasher.hash(data, 'sha-256')\n  }\n\n  /**\n   * Decode private key from multibase and return raw 32-byte scalar\n   */\n  private decodePrivateKeyRaw(privateKeyMultibase: string): Uint8Array {\n    if (!privateKeyMultibase.startsWith('z')) {\n      throw new Error('Invalid multibase prefix: expected base58btc (z)')\n    }\n\n    const decoded = bs58.decode(privateKeyMultibase.slice(1))\n\n    // Check for P-256 private key multicodec prefix (0x8626)\n    if (decoded.length > 2 && decoded[0] === P256_PRIV_MULTICODEC[0] && decoded[1] === P256_PRIV_MULTICODEC[1]) {\n      return decoded.slice(2)\n    }\n\n    // If no multicodec prefix, assume raw key material\n    return decoded\n  }\n\n  /**\n   * Decode public key from multibase and return raw bytes\n   * Returns uncompressed format (65 bytes: 0x04 || x || y)\n   */\n  private decodePublicKeyRaw(publicKeyMultibase: string): Uint8Array {\n    if (!publicKeyMultibase.startsWith('z')) {\n      throw new Error('Invalid multibase prefix: expected base58btc (z)')\n    }\n\n    const decoded = bs58.decode(publicKeyMultibase.slice(1))\n\n    // Check for P-256 public key multicodec prefix (0x8024)\n    if (decoded.length > 2 && decoded[0] === P256_PUB_MULTICODEC[0] && decoded[1] === P256_PUB_MULTICODEC[1]) {\n      return decoded.slice(2)\n    }\n\n    // If no multicodec prefix, assume raw key material\n    return decoded\n  }\n\n  /**\n   * Convert raw P-256 private key to JWK format for Web Crypto\n   */\n  private privateKeyToJwk(\n    privateKeyRaw: Uint8Array,\n    publicKeyRaw: Uint8Array\n  ): JsonWebKey {\n    // Private key is 32 bytes (scalar d)\n    // Public key is 65 bytes uncompressed (0x04 || x || y) or 64 bytes (x || y)\n\n    let x: Uint8Array\n    let y: Uint8Array\n\n    if (publicKeyRaw.length === 65 && publicKeyRaw[0] === 0x04) {\n      // Uncompressed format with 0x04 prefix\n      x = publicKeyRaw.slice(1, 33)\n      y = publicKeyRaw.slice(33, 65)\n    } else if (publicKeyRaw.length === 64) {\n      // Raw x || y without prefix\n      x = publicKeyRaw.slice(0, 32)\n      y = publicKeyRaw.slice(32, 64)\n    } else {\n      throw new Error(`Invalid P-256 public key length: ${publicKeyRaw.length}`)\n    }\n\n    return {\n      kty: 'EC',\n      crv: 'P-256',\n      x: Buffer.from(x).toString('base64url'),\n      y: Buffer.from(y).toString('base64url'),\n      d: Buffer.from(privateKeyRaw).toString('base64url'),\n    }\n  }\n\n  /**\n   * Convert raw P-256 public key to JWK format for Web Crypto\n   */\n  private publicKeyToJwk(publicKeyRaw: Uint8Array): JsonWebKey {\n    let x: Uint8Array\n    let y: Uint8Array\n\n    if (publicKeyRaw.length === 65 && publicKeyRaw[0] === 0x04) {\n      // Uncompressed format with 0x04 prefix\n      x = publicKeyRaw.slice(1, 33)\n      y = publicKeyRaw.slice(33, 65)\n    } else if (publicKeyRaw.length === 64) {\n      // Raw x || y without prefix\n      x = publicKeyRaw.slice(0, 32)\n      y = publicKeyRaw.slice(32, 64)\n    } else {\n      throw new Error(`Invalid P-256 public key length: ${publicKeyRaw.length}`)\n    }\n\n    return {\n      kty: 'EC',\n      crv: 'P-256',\n      x: Buffer.from(x).toString('base64url'),\n      y: Buffer.from(y).toString('base64url'),\n    }\n  }\n\n  /**\n   * Encode proof value (base64url encoded JSON)\n   */\n  private encodeProofValue(data: {\n    signature: Uint8Array\n    mandatoryPointers: string[]\n    derivedFrom?: string\n    selectedPointers?: string[]\n  }): string {\n    const payload = {\n      s: Buffer.from(data.signature).toString('base64'),\n      m: data.mandatoryPointers,\n      d: data.derivedFrom,\n      p: data.selectedPointers,\n    }\n\n    // Use 'u' prefix for base64url encoding\n    return 'u' + Buffer.from(JSON.stringify(payload)).toString('base64url')\n  }\n\n  /**\n   * Decode proof value\n   */\n  private decodeProofValue(proofValue: string): {\n    signature: Uint8Array\n    mandatoryPointers: string[]\n    derivedFrom?: string\n    selectedPointers?: string[]\n  } {\n    if (!proofValue.startsWith('u')) {\n      throw new Error('Invalid proof value: expected base64url (u) prefix')\n    }\n\n    const json = Buffer.from(proofValue.slice(1), 'base64url').toString('utf-8')\n    const payload = JSON.parse(json)\n\n    return {\n      signature: Buffer.from(payload.s, 'base64'),\n      mandatoryPointers: payload.m || [],\n      derivedFrom: payload.d,\n      selectedPointers: payload.p,\n    }\n  }\n\n  /**\n   * Generate a new P-256 key pair with multibase encoding\n   * Uses Web Crypto API for key generation\n   */\n  public static async generateKeyPair(controller: string, keyId?: string): Promise<EcdsaSd2023KeyPair> {\n    // Use Web Crypto to generate P-256 key pair\n    // eslint-disable-next-line @typescript-eslint/no-explicit-any\n    const subtle = (globalThis as any).crypto?.subtle\n    if (!subtle) {\n      throw new Error('Web Crypto API (subtle) not available for key generation')\n    }\n\n    // Generate key pair\n    const keyPair = await subtle.generateKey(\n      { name: 'ECDSA', namedCurve: 'P-256' },\n      true, // extractable\n      ['sign', 'verify']\n    )\n\n    // Export keys to JWK format\n    const publicJwk = await subtle.exportKey('jwk', keyPair.publicKey) as JsonWebKey\n    const privateJwk = await subtle.exportKey('jwk', keyPair.privateKey) as JsonWebKey\n\n    // Extract raw key bytes from JWK\n    const x = Buffer.from(publicJwk.x!, 'base64url')\n    const y = Buffer.from(publicJwk.y!, 'base64url')\n    const d = Buffer.from(privateJwk.d!, 'base64url')\n\n    // Create uncompressed public key (0x04 || x || y)\n    const publicKeyRaw = Buffer.concat([Buffer.from([0x04]), x, y])\n\n    // Encode with multicodec prefixes\n    const pubWithHeader = Buffer.concat([Buffer.from(P256_PUB_MULTICODEC), publicKeyRaw])\n    const privWithHeader = Buffer.concat([Buffer.from(P256_PRIV_MULTICODEC), d])\n\n    const publicKeyMultibase = 'z' + bs58.encode(pubWithHeader)\n    const privateKeyMultibase = 'z' + bs58.encode(privWithHeader)\n\n    const id = keyId || `${controller}#key-1`\n\n    return {\n      id,\n      controller,\n      publicKeyMultibase,\n      privateKeyMultibase,\n    }\n  }\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AA8BA,MAAM,sBAAsB,IAAI,WAAW,CAAC,KAAM,GAAK,CAAC;AACxD,MAAM,uBAAuB,IAAI,WAAW,CAAC,KAAM,GAAK,CAAC;;;;AAqDzD,SAAS,kBAAkB,KAA8B,SAA0B;AACjF,KAAI,CAAC,QAAQ,WAAW,IAAI,CAC1B,OAAM,IAAI,MAAM,iCAAiC;CAGnD,MAAM,QAAQ,QAAQ,MAAM,EAAE,CAAC,MAAM,IAAI;CACzC,IAAIA,UAAmB;AAEvB,MAAK,MAAM,QAAQ,OAAO;AACxB,MAAI,YAAY,QAAQ,YAAY,OAClC;EAGF,MAAM,cAAc,KAAK,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI;AAEhE,MAAI,MAAM,QAAQ,QAAQ,CAExB,WAAU,QADI,SAAS,aAAa,GAAG;WAE9B,OAAO,YAAY,SAC5B,WAAW,QAAoC;MAE/C;;AAIJ,QAAO;;;;;AAMT,SAAS,kBAAkB,KAA8B,SAAiB,OAAsB;AAC9F,KAAI,CAAC,QAAQ,WAAW,IAAI,CAC1B,OAAM,IAAI,MAAM,iCAAiC;CAGnD,MAAM,QAAQ,QAAQ,MAAM,EAAE,CAAC,MAAM,IAAI;CACzC,IAAIA,UAAmB;AAEvB,MAAK,IAAI,IAAI,GAAG,IAAI,MAAM,SAAS,GAAG,KAAK;EACzC,MAAM,OAAO,MAAM,GAAG,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI;AAE7D,MAAI,MAAM,QAAQ,QAAQ,EAAE;GAC1B,MAAM,QAAQ,SAAS,MAAM,GAAG;AAChC,OAAI,QAAQ,WAAW,OACrB,SAAQ,SAAS,EAAE;AAErB,aAAU,QAAQ;aACT,OAAO,YAAY,YAAY,YAAY,MAAM;GAC1D,MAAM,SAAS;AACf,OAAI,OAAO,UAAU,OACnB,QAAO,QAAQ,EAAE;AAEnB,aAAU,OAAO;;;CAIrB,MAAM,WAAW,MAAM,MAAM,SAAS,GAAG,QAAQ,OAAO,IAAI,CAAC,QAAQ,OAAO,IAAI;AAEhF,KAAI,MAAM,QAAQ,QAAQ,EAAE;EAC1B,MAAM,QAAQ,SAAS,UAAU,GAAG;AACpC,UAAQ,SAAS;YACR,OAAO,YAAY,YAAY,YAAY,KACnD,CAAC,QAAoC,YAAY;;;;;;;;;;AAYtD,IAAa,yBAAb,MAAoC;;;;;;;CAYlC,MAAa,KAAK,SAAwD;EACxE,MAAM,EAAE,UAAU,SAAS,UAAU,mBAAmB,MAAM,oBAAoB,EAAE,KAAK;EAGzF,MAAMC,eAA0C;GAC9C,MAAM;GACN,aAAa;GACb,SAAS,OAAO,IAAI,KAAK,KAAK,CAAC,aAAa,oBAAG,IAAI,MAAM,EAAC,aAAa;GACvE,oBAAoB,QAAQ;GAC5B,cAAc;GACf;EAGD,MAAM,oBAAoB;GACxB,GAAG;GAEH,oBAAoB;GACrB;EAGD,MAAM,eAAe,EAAE,GAAG,UAAU;AACpC,SAAQ,aAAyC;EAEjD,MAAM,WAAW,KAAK,eAAe,cAAc,kBAAkB;EAGrE,MAAM,YAAY,MAAM,KAAK,aAAa,UAAU,QAAQ;EAQ5D,MAAM,aAAa,KAAK,iBAAiB;GACvC;GACA;GACD,CAAC;EAGF,MAAMC,QAA0B;GAC9B,MAAM;GACN,aAAa;GACb,SAAS,aAAa;GACtB,oBAAoB,aAAa;GACjC,cAAc,aAAa;GAC3B;GACD;AAED,SAAO;GACL,GAAG;GACH;GACD;;;;;;;;CASH,MAAa,OAAO,SAA0D;EAC5E,MAAM,EAAE,gBAAgB,sBAAsB;EAE9C,MAAM,QAAQ,eAAe;AAC7B,MAAI,CAAC,SAAS,MAAM,gBAAgB,0BAClC,OAAM,IAAI,MAAM,2DAA2D;EAI7E,MAAM,EAAE,WAAW,sBAAsB,KAAK,iBAAiB,MAAM,WAAW;EAGhF,MAAM,cAAc,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,mBAAmB,GAAG,kBAAkB,CAAC,CAAC;EAG9E,MAAMC,aAAsC;GAC1C,YAAY,eAAe;GAC3B,MAAM,eAAe;GACtB;AAGD,MAAI,eAAe,GAAI,YAAW,KAAK,eAAe;AACtD,MAAI,eAAe,OAAQ,YAAW,SAAS,eAAe;AAC9D,MAAI,eAAe,UAAW,YAAW,YAAY,eAAe;AAGpE,OAAK,MAAM,WAAW,aAAa;GACjC,MAAM,QAAQ,kBAAkB,gBAA2C,QAAQ;AACnF,OAAI,UAAU,OACZ,mBAAkB,YAAY,SAAS,MAAM;;EAKjD,MAAMC,eAAiC;GACrC,MAAM;GACN,aAAa;GACb,SAAS,MAAM;GACf,oBAAoB,MAAM;GAC1B,cAAc,MAAM;GACpB,YAAY,KAAK,iBAAiB;IAChC;IACA;IACA,aAAa,MAAM;IACnB,kBAAkB;IACnB,CAAC;GACH;AAED,SAAO;GACL,GAAG;GACH,OAAO;GACR;;;;;CAMH,MAAa,OAAO,SAAwE;EAC1F,MAAM,EAAE,UAAU,OAAO,uBAAuB;AAEhD,MAAI;AAEF,OAAI,MAAM,SAAS,0BACjB,QAAO;IAAE,UAAU;IAAO,OAAO,uBAAuB,MAAM;IAAQ;AAExE,OAAI,MAAM,gBAAgB,0BACxB,QAAO;IAAE,UAAU;IAAO,OAAO,wBAAwB,MAAM;IAAe;GAIhF,MAAM,EAAE,cAAc,KAAK,iBAAiB,MAAM,WAAW;GAG7D,MAAM,eAAe,EAAE,GAAG,UAAU;AACpC,UAAQ,aAAyC;GAEjD,MAAM,eAAe;IACnB,MAAM,MAAM;IACZ,aAAa,MAAM;IACnB,SAAS,MAAM;IACf,oBAAoB,MAAM;IAC1B,cAAc,MAAM;IACrB;GAED,MAAM,WAAW,KAAK,eAAe,cAAc,aAAa;AAKhE,UAAO,EAAE,UAFQ,MAAM,KAAK,eAAe,UAAU,WAAW,mBAAmB,EAEhE;WACZ,OAAO;AAEd,UAAO;IAAE,UAAU;IAAO,OADd,MACyB;IAAS;;;;;;CAOlD,AAAO,WAAW,OAAyC;AACzD,SACE,MAAM,SAAS,6BAA6B,MAAM,gBAAgB;;;;;CAOtE,AAAQ,eACN,UACA,cACY;EACZ,MAAM,WAAW;GACf,UAAU,KAAK,WAAW,SAAS;GACnC,cAAc,KAAK,WAAW,aAAa;GAC5C;AAGD,SADgB,IAAI,aAAa,CAClB,OAAO,KAAK,UAAU,SAAS,CAAC;;;;;CAMjD,AAAQ,WAAW,KAAuD;AACxE,MAAI,MAAM,QAAQ,IAAI,CACpB,QAAO,IAAI,KAAK,SACd,OAAO,SAAS,YAAY,SAAS,OACjC,KAAK,WAAW,KAAgC,GAChD,KACL;AAGH,MAAI,OAAO,QAAQ,YAAY,QAAQ,KACrC,QAAO;EAGT,MAAMC,SAAkC,EAAE;EAC1C,MAAM,OAAO,OAAO,KAAK,IAAI,CAAC,MAAM;AAEpC,OAAK,MAAM,OAAO,MAAM;AAEtB,OAAI,IAAI,WAAW,IAAI,CAAE;GAEzB,MAAM,QAAQ,IAAI;AAClB,UAAO,OACL,OAAO,UAAU,YAAY,UAAU,OACnC,KAAK,WAAW,MAAiC,GACjD;;AAGR,SAAO;;;;;CAOT,AAAQ,kBAAuB;AAE7B,MAAI;GAEF,MAAM,eAAgB,WAAmB;AACzC,OAAI,cAAc,OAChB,QAAO,aAAa;UAEhB;;;;;CASV,MAAc,aACZ,MACA,SACqB;AACrB,MAAI,CAAC,QAAQ,oBACX,OAAM,IAAI,MAAM,sCAAsC;EAGxD,MAAM,SAAS,KAAK,iBAAiB;AACrC,MAAI,CAAC,OACH,OAAM,IAAI,MAAM,wCAAwC;AAG1D,MAAI;GAEF,MAAM,gBAAgB,KAAK,oBAAoB,QAAQ,oBAAoB;GAC3E,MAAM,eAAe,KAAK,mBAAmB,QAAQ,mBAAmB;GAGxE,MAAM,MAAM,KAAK,gBAAgB,eAAe,aAAa;GAG7D,MAAM,YAAY,MAAM,OAAO,UAC7B,OACA,KACA;IAAE,MAAM;IAAS,YAAY;IAAS,EACtC,OACA,CAAC,OAAO,CACT;GAGD,MAAM,kBAAkB,MAAM,OAAO,KACnC;IAAE,MAAM;IAAS,MAAM;IAAW,EAClC,WACA,KACD;AAED,UAAO,IAAI,WAAW,gBAAgB;WAC/B,OAAO;AACd,SAAM,IAAI,MAAM,yBAA0B,MAAgB,UAAU;;;;;;CAOxE,MAAc,eACZ,MACA,WACA,oBACkB;EAClB,MAAM,SAAS,KAAK,iBAAiB;AACrC,MAAI,CAAC,OACH,OAAM,IAAI,MAAM,wCAAwC;AAG1D,MAAI;GAEF,MAAM,eAAe,KAAK,mBAAmB,mBAAmB;GAGhE,MAAM,MAAM,KAAK,eAAe,aAAa;GAG7C,MAAM,YAAY,MAAM,OAAO,UAC7B,OACA,KACA;IAAE,MAAM;IAAS,YAAY;IAAS,EACtC,OACA,CAAC,SAAS,CACX;AAGD,UAAO,MAAM,OAAO,OAClB;IAAE,MAAM;IAAS,MAAM;IAAW,EAClC,WACA,WACA,KACD;WACM,OAAO;AACd,SAAM,IAAI,MAAM,8BAA+B,MAAgB,UAAU;;;;;;CAO7E,AAAQ,OAAO,MAA8B;AAC3C,SAAO,OAAO,KAAK,MAAM,UAAU;;;;;CAMrC,AAAQ,oBAAoB,qBAAyC;AACnE,MAAI,CAAC,oBAAoB,WAAW,IAAI,CACtC,OAAM,IAAI,MAAM,mDAAmD;EAGrE,MAAM,UAAU,KAAK,OAAO,oBAAoB,MAAM,EAAE,CAAC;AAGzD,MAAI,QAAQ,SAAS,KAAK,QAAQ,OAAO,qBAAqB,MAAM,QAAQ,OAAO,qBAAqB,GACtG,QAAO,QAAQ,MAAM,EAAE;AAIzB,SAAO;;;;;;CAOT,AAAQ,mBAAmB,oBAAwC;AACjE,MAAI,CAAC,mBAAmB,WAAW,IAAI,CACrC,OAAM,IAAI,MAAM,mDAAmD;EAGrE,MAAM,UAAU,KAAK,OAAO,mBAAmB,MAAM,EAAE,CAAC;AAGxD,MAAI,QAAQ,SAAS,KAAK,QAAQ,OAAO,oBAAoB,MAAM,QAAQ,OAAO,oBAAoB,GACpG,QAAO,QAAQ,MAAM,EAAE;AAIzB,SAAO;;;;;CAMT,AAAQ,gBACN,eACA,cACY;EAIZ,IAAIC;EACJ,IAAIC;AAEJ,MAAI,aAAa,WAAW,MAAM,aAAa,OAAO,GAAM;AAE1D,OAAI,aAAa,MAAM,GAAG,GAAG;AAC7B,OAAI,aAAa,MAAM,IAAI,GAAG;aACrB,aAAa,WAAW,IAAI;AAErC,OAAI,aAAa,MAAM,GAAG,GAAG;AAC7B,OAAI,aAAa,MAAM,IAAI,GAAG;QAE9B,OAAM,IAAI,MAAM,oCAAoC,aAAa,SAAS;AAG5E,SAAO;GACL,KAAK;GACL,KAAK;GACL,GAAG,OAAO,KAAK,EAAE,CAAC,SAAS,YAAY;GACvC,GAAG,OAAO,KAAK,EAAE,CAAC,SAAS,YAAY;GACvC,GAAG,OAAO,KAAK,cAAc,CAAC,SAAS,YAAY;GACpD;;;;;CAMH,AAAQ,eAAe,cAAsC;EAC3D,IAAID;EACJ,IAAIC;AAEJ,MAAI,aAAa,WAAW,MAAM,aAAa,OAAO,GAAM;AAE1D,OAAI,aAAa,MAAM,GAAG,GAAG;AAC7B,OAAI,aAAa,MAAM,IAAI,GAAG;aACrB,aAAa,WAAW,IAAI;AAErC,OAAI,aAAa,MAAM,GAAG,GAAG;AAC7B,OAAI,aAAa,MAAM,IAAI,GAAG;QAE9B,OAAM,IAAI,MAAM,oCAAoC,aAAa,SAAS;AAG5E,SAAO;GACL,KAAK;GACL,KAAK;GACL,GAAG,OAAO,KAAK,EAAE,CAAC,SAAS,YAAY;GACvC,GAAG,OAAO,KAAK,EAAE,CAAC,SAAS,YAAY;GACxC;;;;;CAMH,AAAQ,iBAAiB,MAKd;EACT,MAAM,UAAU;GACd,GAAG,OAAO,KAAK,KAAK,UAAU,CAAC,SAAS,SAAS;GACjD,GAAG,KAAK;GACR,GAAG,KAAK;GACR,GAAG,KAAK;GACT;AAGD,SAAO,MAAM,OAAO,KAAK,KAAK,UAAU,QAAQ,CAAC,CAAC,SAAS,YAAY;;;;;CAMzE,AAAQ,iBAAiB,YAKvB;AACA,MAAI,CAAC,WAAW,WAAW,IAAI,CAC7B,OAAM,IAAI,MAAM,qDAAqD;EAGvE,MAAM,OAAO,OAAO,KAAK,WAAW,MAAM,EAAE,EAAE,YAAY,CAAC,SAAS,QAAQ;EAC5E,MAAM,UAAU,KAAK,MAAM,KAAK;AAEhC,SAAO;GACL,WAAW,OAAO,KAAK,QAAQ,GAAG,SAAS;GAC3C,mBAAmB,QAAQ,KAAK,EAAE;GAClC,aAAa,QAAQ;GACrB,kBAAkB,QAAQ;GAC3B;;;;;;CAOH,aAAoB,gBAAgB,YAAoB,OAA6C;EAGnG,MAAM,SAAU,WAAmB,QAAQ;AAC3C,MAAI,CAAC,OACH,OAAM,IAAI,MAAM,2DAA2D;EAI7E,MAAM,UAAU,MAAM,OAAO,YAC3B;GAAE,MAAM;GAAS,YAAY;GAAS,EACtC,MACA,CAAC,QAAQ,SAAS,CACnB;EAGD,MAAM,YAAY,MAAM,OAAO,UAAU,OAAO,QAAQ,UAAU;EAClE,MAAM,aAAa,MAAM,OAAO,UAAU,OAAO,QAAQ,WAAW;EAGpE,MAAM,IAAI,OAAO,KAAK,UAAU,GAAI,YAAY;EAChD,MAAM,IAAI,OAAO,KAAK,UAAU,GAAI,YAAY;EAChD,MAAM,IAAI,OAAO,KAAK,WAAW,GAAI,YAAY;EAGjD,MAAM,eAAe,OAAO,OAAO;GAAC,OAAO,KAAK,CAAC,EAAK,CAAC;GAAE;GAAG;GAAE,CAAC;EAG/D,MAAM,gBAAgB,OAAO,OAAO,CAAC,OAAO,KAAK,oBAAoB,EAAE,aAAa,CAAC;EACrF,MAAM,iBAAiB,OAAO,OAAO,CAAC,OAAO,KAAK,qBAAqB,EAAE,EAAE,CAAC;EAE5E,MAAM,qBAAqB,MAAM,KAAK,OAAO,cAAc;EAC3D,MAAM,sBAAsB,MAAM,KAAK,OAAO,eAAe;AAI7D,SAAO;GACL,IAHS,SAAS,GAAG,WAAW;GAIhC;GACA;GACA;GACD;;;uBA/gBoB,YAAY;uBACZ,cAAc;uBACd,aAAa;uBACb,0BAA0B,CAAC,iBAAiB"}