Skip to content

GitLab

Commit 3a84cbd5 authored by Ahmet Turan Koçak's avatar Ahmet Turan Koçak
Browse files

Initial commit

parents
Hide whitespace changes
Inline Side-by-side
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/crypto/HashUtils.d.ts 0 → 100644
View file @ 3a84cbd5
/// <reference types="node" />
export declare class HashUtils {
/**
* generate 'SHA256' hash
* @param buffer
*/
sha256(buffer: string): Buffer;
}
//# sourceMappingURL=HashUtils.d.ts.map
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/crypto/HashUtils.d.ts.map 0 → 100644
View file @ 3a84cbd5
{"version":3,"file":"HashUtils.d.ts","sourceRoot":"","sources":["../src/crypto/HashUtils.ts"],"names":[],"mappings":";AAQA,qBAAa,SAAS;IAClB;;;OAGG;IACH,MAAM,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM;CAMjC"}
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/crypto/PkceGenerator.d.ts 0 → 100644
View file @ 3a84cbd5
import { PkceCodes } from "@azure/msal-common";
/**
* https://tools.ietf.org/html/rfc7636#page-8
*/
export declare class PkceGenerator {
private hashUtils;
constructor();
/**
* generates the codeVerfier and the challenge from the codeVerfier
* reference: https://tools.ietf.org/html/rfc7636#section-4.1 and https://tools.ietf.org/html/rfc7636#section-4.2
*/
generatePkceCodes(): Promise<PkceCodes>;
/**
* generates the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.1
*/
private generateCodeVerifier;
/**
* generate the challenge from the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.2
* @param codeVerifier
*/
private generateCodeChallengeFromVerifier;
}
//# sourceMappingURL=PkceGenerator.d.ts.map
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/crypto/PkceGenerator.d.ts.map 0 → 100644
View file @ 3a84cbd5
{"version":3,"file":"PkceGenerator.d.ts","sourceRoot":"","sources":["../src/crypto/PkceGenerator.ts"],"names":[],"mappings":"AAKA,OAAO,EAAa,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAM1D;;GAEG;AACH,qBAAa,aAAa;IACtB,OAAO,CAAC,SAAS,CAAY;;IAK7B;;;OAGG;IACG,iBAAiB,IAAI,OAAO,CAAC,SAAS,CAAC;IAM7C;;OAEG;IACH,OAAO,CAAC,oBAAoB;IAmB5B;;;OAGG;IACH,OAAO,CAAC,iCAAiC;CAO5C"}
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/error/NodeAuthError.d.ts 0 → 100644
View file @ 3a84cbd5
import { AuthError } from "@azure/msal-common";
/**
* NodeAuthErrorMessage class containing string constants used by error codes and messages.
*/
export declare const NodeAuthErrorMessage: {
invalidLoopbackAddressType: {
code: string;
desc: string;
};
unableToLoadRedirectUri: {
code: string;
desc: string;
};
noAuthCodeInResponse: {
code: string;
desc: string;
};
noLoopbackServerExists: {
code: string;
desc: string;
};
loopbackServerAlreadyExists: {
code: string;
desc: string;
};
loopbackServerTimeout: {
code: string;
desc: string;
};
stateNotFoundError: {
code: string;
desc: string;
};
};
export declare class NodeAuthError extends AuthError {
constructor(errorCode: string, errorMessage?: string);
/**
* Creates an error thrown if loopback server address is of type string.
*/
static createInvalidLoopbackAddressTypeError(): NodeAuthError;
/**
* Creates an error thrown if the loopback server is unable to get a url.
*/
static createUnableToLoadRedirectUrlError(): NodeAuthError;
/**
* Creates an error thrown if the server response does not contain an auth code.
*/
static createNoAuthCodeInResponseError(): NodeAuthError;
/**
* Creates an error thrown if the loopback server has not been spun up yet.
*/
static createNoLoopbackServerExistsError(): NodeAuthError;
/**
* Creates an error thrown if a loopback server already exists when attempting to create another one.
*/
static createLoopbackServerAlreadyExistsError(): NodeAuthError;
/**
* Creates an error thrown if the loopback server times out registering the auth code listener.
*/
static createLoopbackServerTimeoutError(): NodeAuthError;
/**
* Creates an error thrown when the state is not present.
*/
static createStateNotFoundError(): NodeAuthError;
}
//# sourceMappingURL=NodeAuthError.d.ts.map
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/error/NodeAuthError.d.ts.map 0 → 100644
View file @ 3a84cbd5
{"version":3,"file":"NodeAuthError.d.ts","sourceRoot":"","sources":["../src/error/NodeAuthError.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C;;GAEG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6BhC,CAAC;AAEF,qBAAa,aAAc,SAAQ,SAAS;gBAC5B,SAAS,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,MAAM;IAKpD;;OAEG;IACH,MAAM,CAAC,qCAAqC,IAAI,aAAa;IAK7D;;OAEG;IACH,MAAM,CAAC,kCAAkC,IAAI,aAAa;IAK1D;;OAEG;IACH,MAAM,CAAC,+BAA+B,IAAI,aAAa;IAKvD;;OAEG;IACH,MAAM,CAAC,iCAAiC,IAAI,aAAa;IAKzD;;OAEG;IACH,MAAM,CAAC,sCAAsC,IAAI,aAAa;IAK9D;;OAEG;IACH,MAAM,CAAC,gCAAgC,IAAI,aAAa;IAKxD;;OAEG;IACH,MAAM,CAAC,wBAAwB,IAAI,aAAa;CAGnD"}
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/index.d.ts 0 → 100644
View file @ 3a84cbd5
/**
* @packageDocumentation
* @module @azure/msal-node
*/
export { IPublicClientApplication } from "./client/IPublicClientApplication";
export { IConfidentialClientApplication } from "./client/IConfidentialClientApplication";
export { ITokenCache } from "./cache/ITokenCache";
export { ICacheClient } from "./cache/distributed/ICacheClient";
export { IPartitionManager } from "./cache/distributed/IPartitionManager";
export { PublicClientApplication } from "./client/PublicClientApplication";
export { ConfidentialClientApplication } from "./client/ConfidentialClientApplication";
export { ClientApplication } from "./client/ClientApplication";
export { Configuration, buildAppConfiguration, NodeAuthOptions, NodeSystemOptions, CacheOptions } from "./config/Configuration";
export { ClientAssertion } from "./client/ClientAssertion";
export { TokenCache } from "./cache/TokenCache";
export { NodeStorage } from "./cache/NodeStorage";
export { CacheKVStore, JsonCache, InMemoryCache, SerializedAccountEntity, SerializedIdTokenEntity, SerializedAccessTokenEntity, SerializedAppMetadataEntity, SerializedRefreshTokenEntity } from "./cache/serializer/SerializerTypes";
export { DistributedCachePlugin } from "./cache/distributed/DistributedCachePlugin";
export { CryptoProvider } from "./crypto/CryptoProvider";
export type { AuthorizationCodeRequest } from "./request/AuthorizationCodeRequest";
export type { AuthorizationUrlRequest } from "./request/AuthorizationUrlRequest";
export type { ClientCredentialRequest } from "./request/ClientCredentialRequest";
export type { DeviceCodeRequest } from "./request/DeviceCodeRequest";
export type { OnBehalfOfRequest } from "./request/OnBehalfOfRequest";
export type { UsernamePasswordRequest } from "./request/UsernamePasswordRequest";
export type { RefreshTokenRequest } from "./request/RefreshTokenRequest";
export type { SilentFlowRequest } from "./request/SilentFlowRequest";
export type { InteractiveRequest } from "./request/InteractiveRequest";
export { PromptValue, ResponseMode, AuthorizationCodePayload, AuthenticationResult, AccountInfo, ValidCacheType, AuthError, AuthErrorMessage, ClientAuthError, ClientAuthErrorMessage, ClientConfigurationError, ClientConfigurationErrorMessage, InteractionRequiredAuthError, InteractionRequiredAuthErrorMessage, ServerError, INetworkModule, NetworkRequestOptions, NetworkResponse, Logger, LogLevel, ProtocolMode, ICachePlugin, TokenCacheContext, ISerializableTokenCache, AzureCloudInstance, AzureCloudOptions, IAppTokenProvider, AppTokenProviderParameters, AppTokenProviderResult } from "@azure/msal-common";
export { version } from "./packageMetadata";
//# sourceMappingURL=index.d.ts.map
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/index.d.ts.map 0 → 100644
View file @ 3a84cbd5
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["src/index.ts"],"names":[],"mappings":"AAKA;;;GAGG;AAGH,OAAO,EAAE,wBAAwB,EAAE,MAAM,mCAAmC,CAAC;AAC7E,OAAO,EAAE,8BAA8B,EAAE,MAAM,yCAAyC,CAAC;AACzF,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,kCAAkC,CAAC;AAChE,OAAO,EAAE,iBAAiB,EAAE,MAAM,uCAAuC,CAAC;AAG1E,OAAO,EAAE,uBAAuB,EAAE,MAAM,kCAAkC,CAAC;AAC3E,OAAO,EAAE,6BAA6B,EAAE,MAAM,wCAAwC,CAAC;AACvF,OAAO,EAAE,iBAAiB,EAAE,MAAM,4BAA4B,CAAC;AAC/D,OAAO,EAAE,aAAa,EAAE,qBAAqB,EAAE,eAAe,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,wBAAwB,CAAC;AAChI,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAG3D,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,aAAa,EAAE,uBAAuB,EAAE,uBAAuB,EAAE,2BAA2B,EAAE,2BAA2B,EAAE,4BAA4B,EAAE,MAAM,oCAAoC,CAAC;AACtO,OAAO,EAAE,sBAAsB,EAAE,MAAM,4CAA4C,CAAC;AAGpF,OAAO,EAAE,cAAc,EAAE,MAAM,yBAAyB,CAAC;AAGzD,YAAY,EAAE,wBAAwB,EAAE,MAAM,oCAAoC,CAAC;AACnF,YAAY,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AACjF,YAAY,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AACjF,YAAY,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AACrE,YAAY,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AACrE,YAAY,EAAE,uBAAuB,EAAE,MAAM,mCAAmC,CAAC;AACjF,YAAY,EAAE,mBAAmB,EAAE,MAAM,+BAA+B,CAAC;AACzE,YAAY,EAAE,iBAAiB,EAAE,MAAM,6BAA6B,CAAC;AACrE,YAAY,EAAE,kBAAkB,EAAE,MAAM,8BAA8B,CAAC;AAGvE,OAAO,EAEH,WAAW,EACX,YAAY,EACZ,wBAAwB,EAExB,oBAAoB,EAEpB,WAAW,EACX,cAAc,EAEd,SAAS,EACT,gBAAgB,EAChB,eAAe,EACf,sBAAsB,EACtB,wBAAwB,EACxB,+BAA+B,EAC/B,4BAA4B,EAC5B,mCAAmC,EACnC,WAAW,EAEX,cAAc,EACd,qBAAqB,EACrB,eAAe,EAEf,MAAM,EACN,QAAQ,EAER,YAAY,EACZ,YAAY,EACZ,iBAAiB,EACjB,uBAAuB,EAEvB,kBAAkB,EAClB,iBAAiB,EAEjB,iBAAiB,EACjB,0BAA0B,EAC1B,sBAAsB,EACzB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,OAAO,EAAE,MAAM,mBAAmB,CAAC"}
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/index.js 0 → 100644
View file @ 3a84cbd5
'use strict'
if (process.env.NODE_ENV === 'production') {
module.exports = require('./msal-node.cjs.production.min.js')
} else {
module.exports = require('./msal-node.cjs.development.js')
}
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/msal-node.cjs.development.js 0 → 100644
View file @ 3a84cbd5
'use strict';
Object.defineProperty(exports, '__esModule', { value: true });
function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }
var msalCommon = require('@azure/msal-common');
var http = require('http');
var http__default = _interopDefault(http);
var https = _interopDefault(require('https'));
var uuid = require('uuid');
var crypto = _interopDefault(require('crypto'));
var jsonwebtoken = require('jsonwebtoken');
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* http methods
*/
var HttpMethod;
(function (HttpMethod) {
HttpMethod["GET"] = "get";
HttpMethod["POST"] = "post";
})(HttpMethod || (HttpMethod = {}));
var HttpStatus;
(function (HttpStatus) {
HttpStatus[HttpStatus["SUCCESS_RANGE_START"] = 200] = "SUCCESS_RANGE_START";
HttpStatus[HttpStatus["SUCCESS_RANGE_END"] = 299] = "SUCCESS_RANGE_END";
HttpStatus[HttpStatus["REDIRECT"] = 302] = "REDIRECT";
HttpStatus[HttpStatus["CLIENT_ERROR_RANGE_START"] = 400] = "CLIENT_ERROR_RANGE_START";
HttpStatus[HttpStatus["CLIENT_ERROR_RANGE_END"] = 499] = "CLIENT_ERROR_RANGE_END";
HttpStatus[HttpStatus["SERVER_ERROR_RANGE_START"] = 500] = "SERVER_ERROR_RANGE_START";
HttpStatus[HttpStatus["SERVER_ERROR_RANGE_END"] = 599] = "SERVER_ERROR_RANGE_END";
})(HttpStatus || (HttpStatus = {}));
var ProxyStatus;
(function (ProxyStatus) {
ProxyStatus[ProxyStatus["SUCCESS_RANGE_START"] = 200] = "SUCCESS_RANGE_START";
ProxyStatus[ProxyStatus["SUCCESS_RANGE_END"] = 299] = "SUCCESS_RANGE_END";
ProxyStatus[ProxyStatus["SERVER_ERROR"] = 500] = "SERVER_ERROR";
})(ProxyStatus || (ProxyStatus = {}));
/**
* Constants used for region discovery
*/
const REGION_ENVIRONMENT_VARIABLE = "REGION_NAME";
/**
* Constant used for PKCE
*/
const RANDOM_OCTET_SIZE = 32;
/**
* Constants used in PKCE
*/
const Hash = {
SHA256: "sha256"
};
/**
* Constants for encoding schemes
*/
const CharSet = {
CV_CHARSET: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~"
};
/**
* Constants
*/
const Constants = {
MSAL_SKU: "msal.js.node",
JWT_BEARER_ASSERTION_TYPE: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
AUTHORIZATION_PENDING: "authorization_pending",
HTTP_PROTOCOL: "http://",
LOCALHOST: "localhost"
};
/**
* API Codes for Telemetry purposes.
* Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs
* 0-99 Silent Flow
* 600-699 Device Code Flow
* 800-899 Auth Code Flow
*/
var ApiId;
(function (ApiId) {
ApiId[ApiId["acquireTokenSilent"] = 62] = "acquireTokenSilent";
ApiId[ApiId["acquireTokenByUsernamePassword"] = 371] = "acquireTokenByUsernamePassword";
ApiId[ApiId["acquireTokenByDeviceCode"] = 671] = "acquireTokenByDeviceCode";
ApiId[ApiId["acquireTokenByClientCredential"] = 771] = "acquireTokenByClientCredential";
ApiId[ApiId["acquireTokenByCode"] = 871] = "acquireTokenByCode";
ApiId[ApiId["acquireTokenByRefreshToken"] = 872] = "acquireTokenByRefreshToken";
})(ApiId || (ApiId = {}));
/**
* JWT constants
*/
const JwtConstants = {
ALGORITHM: "alg",
RSA_256: "RS256",
X5T: "x5t",
X5C: "x5c",
AUDIENCE: "aud",
EXPIRATION_TIME: "exp",
ISSUER: "iss",
SUBJECT: "sub",
NOT_BEFORE: "nbf",
JWT_ID: "jti"
};
const LOOPBACK_SERVER_CONSTANTS = {
INTERVAL_MS: 100,
TIMEOUT_MS: 5000
};
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class NetworkUtils {
static getNetworkResponse(headers, body, statusCode) {
return {
headers: headers,
body: body,
status: statusCode
};
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class implements the API for network requests.
*/
class HttpClient {
/**
* Http Get request
* @param url
* @param options
*/
async sendGetRequestAsync(url, options) {
if (options != null && options.proxyUrl) {
return networkRequestViaProxy(url, HttpMethod.GET, options);
} else {
return networkRequestViaHttps(url, HttpMethod.GET, options);
}
}
/**
* Http Post request
* @param url
* @param options
*/
async sendPostRequestAsync(url, options, cancellationToken) {
if (options != null && options.proxyUrl) {
return networkRequestViaProxy(url, HttpMethod.POST, options, cancellationToken);
} else {
return networkRequestViaHttps(url, HttpMethod.POST, options, cancellationToken);
}
}
}
const networkRequestViaProxy = (url, httpMethod, options, timeout) => {
const headers = (options == null ? void 0 : options.headers) || {};
const proxyUrl = new URL((options == null ? void 0 : options.proxyUrl) || "");
const destinationUrl = new URL(url); // "method: connect" must be used to establish a connection to the proxy
const tunnelRequestOptions = {
host: proxyUrl.hostname,
port: proxyUrl.port,
method: "CONNECT",
path: destinationUrl.hostname,
headers: headers
};
if (timeout) {
tunnelRequestOptions.timeout = timeout;
} // compose a request string for the socket
let postRequestStringContent = "";
if (httpMethod === HttpMethod.POST) {
const body = (options == null ? void 0 : options.body) || "";
postRequestStringContent = "Content-Type: application/x-www-form-urlencoded\r\n" + `Content-Length: ${body.length}\r\n` + `\r\n${body}`;
}
const outgoingRequestString = `${httpMethod.toUpperCase()} ${destinationUrl.href} HTTP/1.1\r\n` + `Host: ${destinationUrl.host}\r\n` + "Connection: close\r\n" + postRequestStringContent + "\r\n";
return new Promise((resolve, reject) => {
const request = http__default.request(tunnelRequestOptions);
if (tunnelRequestOptions.timeout) {
request.on("timeout", () => {
request.destroy();
reject(new Error("Request time out"));
});
}
request.end(); // establish connection to the proxy
request.on("connect", (response, socket) => {
const proxyStatusCode = (response == null ? void 0 : response.statusCode) || ProxyStatus.SERVER_ERROR;
if (proxyStatusCode < ProxyStatus.SUCCESS_RANGE_START || proxyStatusCode > ProxyStatus.SUCCESS_RANGE_END) {
request.destroy();
socket.destroy();
reject(new Error(`Error connecting to proxy. Http status code: ${response.statusCode}. Http status message: ${(response == null ? void 0 : response.statusMessage) || "Unknown"}`));
}
if (tunnelRequestOptions.timeout) {
socket.setTimeout(tunnelRequestOptions.timeout);
socket.on("timeout", () => {
request.destroy();
socket.destroy();
reject(new Error("Request time out"));
});
} // make a request over an HTTP tunnel
socket.write(outgoingRequestString);
const data = [];
socket.on("data", chunk => {
data.push(chunk);
});
socket.on("end", () => {
// combine all received buffer streams into one buffer, and then into a string
const dataString = Buffer.concat([...data]).toString(); // separate each line into it's own entry in an arry
const dataStringArray = dataString.split("\r\n"); // the first entry will contain the statusCode and statusMessage
const httpStatusCode = parseInt(dataStringArray[0].split(" ")[1]); // remove "HTTP/1.1" and the status code to get the status message
const statusMessage = dataStringArray[0].split(" ").slice(2).join(" "); // the last entry will contain the body
const body = dataStringArray[dataStringArray.length - 1]; // everything in between the first and last entries are the headers
const headersArray = dataStringArray.slice(1, dataStringArray.length - 2); // build an object out of all the headers
const entries = new Map();
headersArray.forEach(header => {
/**
* the header might look like "Content-Length: 1531", but that is just a string
* it needs to be converted to a key/value pair
* split the string at the first instance of ":"
* there may be more than one ":" if the value of the header is supposed to be a JSON object
*/
const headerKeyValue = header.split(new RegExp(/:\s(.*)/s));
const headerKey = headerKeyValue[0];
let headerValue = headerKeyValue[1]; // check if the value of the header is supposed to be a JSON object
try {
const object = JSON.parse(headerValue); // if it is, then convert it from a string to a JSON object
if (object && typeof object === "object") {
headerValue = object;
}
} catch (e) {// otherwise, leave it as a string
}
entries.set(headerKey, headerValue);
});
const headers = Object.fromEntries(entries);
const parsedHeaders = headers;
const networkResponse = NetworkUtils.getNetworkResponse(parsedHeaders, parseBody(httpStatusCode, statusMessage, parsedHeaders, body), httpStatusCode);
if ((httpStatusCode < HttpStatus.SUCCESS_RANGE_START || httpStatusCode > HttpStatus.SUCCESS_RANGE_END) && // do not destroy the request for the device code flow
networkResponse.body["error"] !== Constants.AUTHORIZATION_PENDING) {
request.destroy();
}
resolve(networkResponse);
});
socket.on("error", chunk => {
request.destroy();
socket.destroy();
reject(new Error(chunk.toString()));
});
});
request.on("error", chunk => {
request.destroy();
reject(new Error(chunk.toString()));
});
});
};
const networkRequestViaHttps = (url, httpMethod, options, timeout) => {
const isPostRequest = httpMethod === HttpMethod.POST;
const body = (options == null ? void 0 : options.body) || "";
const emptyHeaders = {};
const customOptions = {
method: httpMethod,
headers: (options == null ? void 0 : options.headers) || emptyHeaders
};
if (timeout) {
customOptions.timeout = timeout;
}
if (isPostRequest) {
// needed for post request to work
customOptions.headers = { ...customOptions.headers,
"Content-Length": body.length
};
}
return new Promise((resolve, reject) => {
const request = https.request(url, customOptions);
if (timeout) {
request.on("timeout", () => {
request.destroy();
reject(new Error("Request time out"));
});
}
if (isPostRequest) {
request.write(body);
}
request.end();
request.on("response", response => {
const headers = response.headers;
const statusCode = response.statusCode;
const statusMessage = response.statusMessage;
const data = [];
response.on("data", chunk => {
data.push(chunk);
});
response.on("end", () => {
// combine all received buffer streams into one buffer, and then into a string
const body = Buffer.concat([...data]).toString();
const parsedHeaders = headers;
const networkResponse = NetworkUtils.getNetworkResponse(parsedHeaders, parseBody(statusCode, statusMessage, parsedHeaders, body), statusCode);
if ((statusCode < HttpStatus.SUCCESS_RANGE_START || statusCode > HttpStatus.SUCCESS_RANGE_END) && // do not destroy the request for the device code flow
networkResponse.body["error"] !== Constants.AUTHORIZATION_PENDING) {
request.destroy();
}
resolve(networkResponse);
});
});
request.on("error", chunk => {
request.destroy();
reject(new Error(chunk.toString()));
});
});
};
/**
* Check if extra parsing is needed on the repsonse from the server
* @param statusCode {number} the status code of the response from the server
* @param statusMessage {string | undefined} the status message of the response from the server
* @param headers {Record<string, string>} the headers of the response from the server
* @param body {string} the body from the response of the server
* @returns {Object} JSON parsed body or error object
*/
const parseBody = (statusCode, statusMessage, headers, body) => {
/*
* Informational responses (100 – 199)
* Successful responses (200 – 299)
* Redirection messages (300 – 399)
* Client error responses (400 – 499)
* Server error responses (500 – 599)
*/
let parsedBody;
try {
parsedBody = JSON.parse(body);
} catch (error) {
let errorType;
let errorDescriptionHelper;
if (statusCode >= HttpStatus.CLIENT_ERROR_RANGE_START && statusCode <= HttpStatus.CLIENT_ERROR_RANGE_END) {
errorType = "client_error";
errorDescriptionHelper = "A client";
} else if (statusCode >= HttpStatus.SERVER_ERROR_RANGE_START && statusCode <= HttpStatus.SERVER_ERROR_RANGE_END) {
errorType = "server_error";
errorDescriptionHelper = "A server";
} else {
errorType = "unknown_error";
errorDescriptionHelper = "An unknown";
}
parsedBody = {
error: errorType,
error_description: `${errorDescriptionHelper} error occured.\nHttp status code: ${statusCode}\nHttp status message: ${statusMessage || "Unknown"}\nHeaders: ${JSON.stringify(headers)}`
};
}
return parsedBody;
};
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
const DEFAULT_AUTH_OPTIONS = {
clientId: msalCommon.Constants.EMPTY_STRING,
authority: msalCommon.Constants.DEFAULT_AUTHORITY,
clientSecret: msalCommon.Constants.EMPTY_STRING,
clientAssertion: msalCommon.Constants.EMPTY_STRING,
clientCertificate: {
thumbprint: msalCommon.Constants.EMPTY_STRING,
privateKey: msalCommon.Constants.EMPTY_STRING,
x5c: msalCommon.Constants.EMPTY_STRING
},
knownAuthorities: [],
cloudDiscoveryMetadata: msalCommon.Constants.EMPTY_STRING,
authorityMetadata: msalCommon.Constants.EMPTY_STRING,
clientCapabilities: [],
protocolMode: msalCommon.ProtocolMode.AAD,
azureCloudOptions: {
azureCloudInstance: msalCommon.AzureCloudInstance.None,
tenant: msalCommon.Constants.EMPTY_STRING
},
skipAuthorityMetadataCache: false
};
const DEFAULT_CACHE_OPTIONS = {};
const DEFAULT_LOGGER_OPTIONS = {
loggerCallback: () => {// allow users to not set logger call back
},
piiLoggingEnabled: false,
logLevel: msalCommon.LogLevel.Info
};
const DEFAULT_SYSTEM_OPTIONS = {
loggerOptions: DEFAULT_LOGGER_OPTIONS,
networkClient: /*#__PURE__*/new HttpClient(),
proxyUrl: msalCommon.Constants.EMPTY_STRING
};
const DEFAULT_TELEMETRY_OPTIONS = {
application: {
appName: msalCommon.Constants.EMPTY_STRING,
appVersion: msalCommon.Constants.EMPTY_STRING
}
};
/**
* Sets the default options when not explicitly configured from app developer
*
* @param auth - Authentication options
* @param cache - Cache options
* @param system - System options
* @param telemetry - Telemetry options
*
* @returns Configuration
* @public
*/
function buildAppConfiguration({
auth,
cache,
system,
telemetry
}) {
return {
auth: { ...DEFAULT_AUTH_OPTIONS,
...auth
},
cache: { ...DEFAULT_CACHE_OPTIONS,
...cache
},
system: { ...DEFAULT_SYSTEM_OPTIONS,
...system
},
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS,
...telemetry
}
};
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class GuidGenerator {
/**
*
* RFC4122: The version 4 UUID is meant for generating UUIDs from truly-random or pseudo-random numbers.
* uuidv4 generates guids from cryprtographically-string random
*/
generateGuid() {
return uuid.v4();
}
/**
* verifies if a string is GUID
* @param guid
*/
isGuid(guid) {
const regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
return regexGuid.test(guid);
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class EncodingUtils {
/**
* 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.
* 'base64': Base64 encoding.
*
* @param str text
*/
static base64Encode(str, encoding) {
return Buffer.from(str, encoding).toString("base64");
}
/**
* encode a URL
* @param str
*/
static base64EncodeUrl(str, encoding) {
return EncodingUtils.base64Encode(str, encoding).replace(/=/g, msalCommon.Constants.EMPTY_STRING).replace(/\+/g, "-").replace(/\//g, "_");
}
/**
* 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.
* 'base64': Base64 encoding.
*
* @param base64Str Base64 encoded text
*/
static base64Decode(base64Str) {
return Buffer.from(base64Str, "base64").toString("utf8");
}
/**
* @param base64Str Base64 encoded Url
*/
static base64DecodeUrl(base64Str) {
let str = base64Str.replace(/-/g, "+").replace(/_/g, "/");
while (str.length % 4) {
str += "=";
}
return EncodingUtils.base64Decode(str);
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class HashUtils {
/**
* generate 'SHA256' hash
* @param buffer
*/
sha256(buffer) {
return crypto.createHash(Hash.SHA256).update(buffer).digest();
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* https://tools.ietf.org/html/rfc7636#page-8
*/
class PkceGenerator {
constructor() {
this.hashUtils = new HashUtils();
}
/**
* generates the codeVerfier and the challenge from the codeVerfier
* reference: https://tools.ietf.org/html/rfc7636#section-4.1 and https://tools.ietf.org/html/rfc7636#section-4.2
*/
async generatePkceCodes() {
const verifier = this.generateCodeVerifier();
const challenge = this.generateCodeChallengeFromVerifier(verifier);
return {
verifier,
challenge
};
}
/**
* generates the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.1
*/
generateCodeVerifier() {
const charArr = [];
const maxNumber = 256 - 256 % CharSet.CV_CHARSET.length;
while (charArr.length <= RANDOM_OCTET_SIZE) {
const byte = crypto.randomBytes(1)[0];
if (byte >= maxNumber) {
/*
* Ignore this number to maintain randomness.
* Including it would result in an unequal distribution of characters after doing the modulo
*/
continue;
}
const index = byte % CharSet.CV_CHARSET.length;
charArr.push(CharSet.CV_CHARSET[index]);
}
const verifier = charArr.join(msalCommon.Constants.EMPTY_STRING);
return EncodingUtils.base64EncodeUrl(verifier);
}
/**
* generate the challenge from the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.2
* @param codeVerifier
*/
generateCodeChallengeFromVerifier(codeVerifier) {
return EncodingUtils.base64EncodeUrl(this.hashUtils.sha256(codeVerifier).toString("base64"), "base64");
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class implements MSAL node's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and
* implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).
* @public
*/
class CryptoProvider {
constructor() {
// Browser crypto needs to be validated first before any other classes can be set.
this.pkceGenerator = new PkceGenerator();
this.guidGenerator = new GuidGenerator();
this.hashUtils = new HashUtils();
}
/**
* Creates a new random GUID - used to populate state and nonce.
* @returns string (GUID)
*/
createNewGuid() {
return this.guidGenerator.generateGuid();
}
/**
* Encodes input string to base64.
* @param input - string to be encoded
*/
base64Encode(input) {
return EncodingUtils.base64Encode(input);
}
/**
* Decodes input string from base64.
* @param input - string to be decoded
*/
base64Decode(input) {
return EncodingUtils.base64Decode(input);
}
/**
* Generates PKCE codes used in Authorization Code Flow.
*/
generatePkceCodes() {
return this.pkceGenerator.generatePkceCodes();
}
/**
* Generates a keypair, stores it and returns a thumbprint - not yet implemented for node
*/
getPublicKeyThumbprint() {
throw new Error("Method not implemented.");
}
/**
* Removes cryptographic keypair from key store matching the keyId passed in
* @param kid
*/
removeTokenBindingKey() {
throw new Error("Method not implemented.");
}
/**
* Removes all cryptographic keys from Keystore
*/
clearKeystore() {
throw new Error("Method not implemented.");
}
/**
* Signs the given object as a jwt payload with private key retrieved by given kid - currently not implemented for node
*/
signJwt() {
throw new Error("Method not implemented.");
}
/**
* Returns the SHA-256 hash of an input string
*/
async hashString(plainText) {
return EncodingUtils.base64EncodeUrl(this.hashUtils.sha256(plainText).toString("base64"), "base64");
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class deserializes cache entities read from the file into in memory object types defined internally
*/
class Deserializer {
/**
* Parse the JSON blob in memory and deserialize the content
* @param cachedJson
*/
static deserializeJSONBlob(jsonFile) {
const deserializedCache = msalCommon.StringUtils.isEmpty(jsonFile) ? {} : JSON.parse(jsonFile);
return deserializedCache;
}
/**
* Deserializes accounts to AccountEntity objects
* @param accounts
*/
static deserializeAccounts(accounts) {
const accountObjects = {};
if (accounts) {
Object.keys(accounts).map(function (key) {
const serializedAcc = accounts[key];
const mappedAcc = {
homeAccountId: serializedAcc.home_account_id,
environment: serializedAcc.environment,
realm: serializedAcc.realm,
localAccountId: serializedAcc.local_account_id,
username: serializedAcc.username,
authorityType: serializedAcc.authority_type,
name: serializedAcc.name,
clientInfo: serializedAcc.client_info,
lastModificationTime: serializedAcc.last_modification_time,
lastModificationApp: serializedAcc.last_modification_app
};
const account = new msalCommon.AccountEntity();
msalCommon.CacheManager.toObject(account, mappedAcc);
accountObjects[key] = account;
});
}
return accountObjects;
}
/**
* Deserializes id tokens to IdTokenEntity objects
* @param idTokens
*/
static deserializeIdTokens(idTokens) {
const idObjects = {};
if (idTokens) {
Object.keys(idTokens).map(function (key) {
const serializedIdT = idTokens[key];
const mappedIdT = {
homeAccountId: serializedIdT.home_account_id,
environment: serializedIdT.environment,
credentialType: serializedIdT.credential_type,
clientId: serializedIdT.client_id,
secret: serializedIdT.secret,
realm: serializedIdT.realm
};
const idToken = new msalCommon.IdTokenEntity();
msalCommon.CacheManager.toObject(idToken, mappedIdT);
idObjects[key] = idToken;
});
}
return idObjects;
}
/**
* Deserializes access tokens to AccessTokenEntity objects
* @param accessTokens
*/
static deserializeAccessTokens(accessTokens) {
const atObjects = {};
if (accessTokens) {
Object.keys(accessTokens).map(function (key) {
const serializedAT = accessTokens[key];
const mappedAT = {
homeAccountId: serializedAT.home_account_id,
environment: serializedAT.environment,
credentialType: serializedAT.credential_type,
clientId: serializedAT.client_id,
secret: serializedAT.secret,
realm: serializedAT.realm,
target: serializedAT.target,
cachedAt: serializedAT.cached_at,
expiresOn: serializedAT.expires_on,
extendedExpiresOn: serializedAT.extended_expires_on,
refreshOn: serializedAT.refresh_on,
keyId: serializedAT.key_id,
tokenType: serializedAT.token_type,
requestedClaims: serializedAT.requestedClaims,
requestedClaimsHash: serializedAT.requestedClaimsHash,
userAssertionHash: serializedAT.userAssertionHash
};
const accessToken = new msalCommon.AccessTokenEntity();
msalCommon.CacheManager.toObject(accessToken, mappedAT);
atObjects[key] = accessToken;
});
}
return atObjects;
}
/**
* Deserializes refresh tokens to RefreshTokenEntity objects
* @param refreshTokens
*/
static deserializeRefreshTokens(refreshTokens) {
const rtObjects = {};
if (refreshTokens) {
Object.keys(refreshTokens).map(function (key) {
const serializedRT = refreshTokens[key];
const mappedRT = {
homeAccountId: serializedRT.home_account_id,
environment: serializedRT.environment,
credentialType: serializedRT.credential_type,
clientId: serializedRT.client_id,
secret: serializedRT.secret,
familyId: serializedRT.family_id,
target: serializedRT.target,
realm: serializedRT.realm
};
const refreshToken = new msalCommon.RefreshTokenEntity();
msalCommon.CacheManager.toObject(refreshToken, mappedRT);
rtObjects[key] = refreshToken;
});
}
return rtObjects;
}
/**
* Deserializes appMetadata to AppMetaData objects
* @param appMetadata
*/
static deserializeAppMetadata(appMetadata) {
const appMetadataObjects = {};
if (appMetadata) {
Object.keys(appMetadata).map(function (key) {
const serializedAmdt = appMetadata[key];
const mappedAmd = {
clientId: serializedAmdt.client_id,
environment: serializedAmdt.environment,
familyId: serializedAmdt.family_id
};
const amd = new msalCommon.AppMetadataEntity();
msalCommon.CacheManager.toObject(amd, mappedAmd);
appMetadataObjects[key] = amd;
});
}
return appMetadataObjects;
}
/**
* Deserialize an inMemory Cache
* @param jsonCache
*/
static deserializeAllCache(jsonCache) {
return {
accounts: jsonCache.Account ? this.deserializeAccounts(jsonCache.Account) : {},
idTokens: jsonCache.IdToken ? this.deserializeIdTokens(jsonCache.IdToken) : {},
accessTokens: jsonCache.AccessToken ? this.deserializeAccessTokens(jsonCache.AccessToken) : {},
refreshTokens: jsonCache.RefreshToken ? this.deserializeRefreshTokens(jsonCache.RefreshToken) : {},
appMetadata: jsonCache.AppMetadata ? this.deserializeAppMetadata(jsonCache.AppMetadata) : {}
};
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class Serializer {
/**
* serialize the JSON blob
* @param data
*/
static serializeJSONBlob(data) {
return JSON.stringify(data);
}
/**
* Serialize Accounts
* @param accCache
*/
static serializeAccounts(accCache) {
const accounts = {};
Object.keys(accCache).map(function (key) {
const accountEntity = accCache[key];
accounts[key] = {
home_account_id: accountEntity.homeAccountId,
environment: accountEntity.environment,
realm: accountEntity.realm,
local_account_id: accountEntity.localAccountId,
username: accountEntity.username,
authority_type: accountEntity.authorityType,
name: accountEntity.name,
client_info: accountEntity.clientInfo,
last_modification_time: accountEntity.lastModificationTime,
last_modification_app: accountEntity.lastModificationApp
};
});
return accounts;
}
/**
* Serialize IdTokens
* @param idTCache
*/
static serializeIdTokens(idTCache) {
const idTokens = {};
Object.keys(idTCache).map(function (key) {
const idTEntity = idTCache[key];
idTokens[key] = {
home_account_id: idTEntity.homeAccountId,
environment: idTEntity.environment,
credential_type: idTEntity.credentialType,
client_id: idTEntity.clientId,
secret: idTEntity.secret,
realm: idTEntity.realm
};
});
return idTokens;
}
/**
* Serializes AccessTokens
* @param atCache
*/
static serializeAccessTokens(atCache) {
const accessTokens = {};
Object.keys(atCache).map(function (key) {
const atEntity = atCache[key];
accessTokens[key] = {
home_account_id: atEntity.homeAccountId,
environment: atEntity.environment,
credential_type: atEntity.credentialType,
client_id: atEntity.clientId,
secret: atEntity.secret,
realm: atEntity.realm,
target: atEntity.target,
cached_at: atEntity.cachedAt,
expires_on: atEntity.expiresOn,
extended_expires_on: atEntity.extendedExpiresOn,
refresh_on: atEntity.refreshOn,
key_id: atEntity.keyId,
token_type: atEntity.tokenType,
requestedClaims: atEntity.requestedClaims,
requestedClaimsHash: atEntity.requestedClaimsHash,
userAssertionHash: atEntity.userAssertionHash
};
});
return accessTokens;
}
/**
* Serialize refreshTokens
* @param rtCache
*/
static serializeRefreshTokens(rtCache) {
const refreshTokens = {};
Object.keys(rtCache).map(function (key) {
const rtEntity = rtCache[key];
refreshTokens[key] = {
home_account_id: rtEntity.homeAccountId,
environment: rtEntity.environment,
credential_type: rtEntity.credentialType,
client_id: rtEntity.clientId,
secret: rtEntity.secret,
family_id: rtEntity.familyId,
target: rtEntity.target,
realm: rtEntity.realm
};
});
return refreshTokens;
}
/**
* Serialize amdtCache
* @param amdtCache
*/
static serializeAppMetadata(amdtCache) {
const appMetadata = {};
Object.keys(amdtCache).map(function (key) {
const amdtEntity = amdtCache[key];
appMetadata[key] = {
client_id: amdtEntity.clientId,
environment: amdtEntity.environment,
family_id: amdtEntity.familyId
};
});
return appMetadata;
}
/**
* Serialize the cache
* @param jsonContent
*/
static serializeAllCache(inMemCache) {
return {
Account: this.serializeAccounts(inMemCache.accounts),
IdToken: this.serializeIdTokens(inMemCache.idTokens),
AccessToken: this.serializeAccessTokens(inMemCache.accessTokens),
RefreshToken: this.serializeRefreshTokens(inMemCache.refreshTokens),
AppMetadata: this.serializeAppMetadata(inMemCache.appMetadata)
};
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class implements Storage for node, reading cache from user specified storage location or an extension library
* @public
*/
class NodeStorage extends msalCommon.CacheManager {
constructor(logger, clientId, cryptoImpl) {
super(clientId, cryptoImpl);
this.cache = {};
this.changeEmitters = [];
this.logger = logger;
}
/**
* Queue up callbacks
* @param func - a callback function for cache change indication
*/
registerChangeEmitter(func) {
this.changeEmitters.push(func);
}
/**
* Invoke the callback when cache changes
*/
emitChange() {
this.changeEmitters.forEach(func => func.call(null));
}
/**
* Converts cacheKVStore to InMemoryCache
* @param cache - key value store
*/
cacheToInMemoryCache(cache) {
const inMemoryCache = {
accounts: {},
idTokens: {},
accessTokens: {},
refreshTokens: {},
appMetadata: {}
};
for (const key in cache) {
if (cache[key] instanceof msalCommon.AccountEntity) {
inMemoryCache.accounts[key] = cache[key];
} else if (cache[key] instanceof msalCommon.IdTokenEntity) {
inMemoryCache.idTokens[key] = cache[key];
} else if (cache[key] instanceof msalCommon.AccessTokenEntity) {
inMemoryCache.accessTokens[key] = cache[key];
} else if (cache[key] instanceof msalCommon.RefreshTokenEntity) {
inMemoryCache.refreshTokens[key] = cache[key];
} else if (cache[key] instanceof msalCommon.AppMetadataEntity) {
inMemoryCache.appMetadata[key] = cache[key];
} else {
continue;
}
}
return inMemoryCache;
}
/**
* converts inMemoryCache to CacheKVStore
* @param inMemoryCache - kvstore map for inmemory
*/
inMemoryCacheToCache(inMemoryCache) {
// convert in memory cache to a flat Key-Value map
let cache = this.getCache();
cache = { ...cache,
...inMemoryCache.accounts,
...inMemoryCache.idTokens,
...inMemoryCache.accessTokens,
...inMemoryCache.refreshTokens,
...inMemoryCache.appMetadata
}; // convert in memory cache to a flat Key-Value map
return cache;
}
/**
* gets the current in memory cache for the client
*/
getInMemoryCache() {
this.logger.trace("Getting in-memory cache"); // convert the cache key value store to inMemoryCache
const inMemoryCache = this.cacheToInMemoryCache(this.getCache());
return inMemoryCache;
}
/**
* sets the current in memory cache for the client
* @param inMemoryCache - key value map in memory
*/
setInMemoryCache(inMemoryCache) {
this.logger.trace("Setting in-memory cache"); // convert and append the inMemoryCache to cacheKVStore
const cache = this.inMemoryCacheToCache(inMemoryCache);
this.setCache(cache);
this.emitChange();
}
/**
* get the current cache key-value store
*/
getCache() {
this.logger.trace("Getting cache key-value store");
return this.cache;
}
/**
* sets the current cache (key value store)
* @param cacheMap - key value map
*/
setCache(cache) {
this.logger.trace("Setting cache key value store");
this.cache = cache; // mark change in cache
this.emitChange();
}
/**
* Gets cache item with given key.
* @param key - lookup key for the cache entry
*/
getItem(key) {
this.logger.tracePii(`Item key: ${key}`); // read cache
const cache = this.getCache();
return cache[key];
}
/**
* Gets cache item with given key-value
* @param key - lookup key for the cache entry
* @param value - value of the cache entry
*/
setItem(key, value) {
this.logger.tracePii(`Item key: ${key}`); // read cache
const cache = this.getCache();
cache[key] = value; // write to cache
this.setCache(cache);
}
/**
* fetch the account entity
* @param accountKey - lookup key to fetch cache type AccountEntity
*/
getAccount(accountKey) {
const account = this.getItem(accountKey);
if (msalCommon.AccountEntity.isAccountEntity(account)) {
return account;
}
return null;
}
/**
* set account entity
* @param account - cache value to be set of type AccountEntity
*/
setAccount(account) {
const accountKey = account.generateAccountKey();
this.setItem(accountKey, account);
}
/**
* fetch the idToken credential
* @param idTokenKey - lookup key to fetch cache type IdTokenEntity
*/
getIdTokenCredential(idTokenKey) {
const idToken = this.getItem(idTokenKey);
if (msalCommon.IdTokenEntity.isIdTokenEntity(idToken)) {
return idToken;
}
return null;
}
/**
* set idToken credential
* @param idToken - cache value to be set of type IdTokenEntity
*/
setIdTokenCredential(idToken) {
const idTokenKey = idToken.generateCredentialKey();
this.setItem(idTokenKey, idToken);
}
/**
* fetch the accessToken credential
* @param accessTokenKey - lookup key to fetch cache type AccessTokenEntity
*/
getAccessTokenCredential(accessTokenKey) {
const accessToken = this.getItem(accessTokenKey);
if (msalCommon.AccessTokenEntity.isAccessTokenEntity(accessToken)) {
return accessToken;
}
return null;
}
/**
* set accessToken credential
* @param accessToken - cache value to be set of type AccessTokenEntity
*/
setAccessTokenCredential(accessToken) {
const accessTokenKey = accessToken.generateCredentialKey();
this.setItem(accessTokenKey, accessToken);
}
/**
* fetch the refreshToken credential
* @param refreshTokenKey - lookup key to fetch cache type RefreshTokenEntity
*/
getRefreshTokenCredential(refreshTokenKey) {
const refreshToken = this.getItem(refreshTokenKey);
if (msalCommon.RefreshTokenEntity.isRefreshTokenEntity(refreshToken)) {
return refreshToken;
}
return null;
}
/**
* set refreshToken credential
* @param refreshToken - cache value to be set of type RefreshTokenEntity
*/
setRefreshTokenCredential(refreshToken) {
const refreshTokenKey = refreshToken.generateCredentialKey();
this.setItem(refreshTokenKey, refreshToken);
}
/**
* fetch appMetadata entity from the platform cache
* @param appMetadataKey - lookup key to fetch cache type AppMetadataEntity
*/
getAppMetadata(appMetadataKey) {
const appMetadata = this.getItem(appMetadataKey);
if (msalCommon.AppMetadataEntity.isAppMetadataEntity(appMetadataKey, appMetadata)) {
return appMetadata;
}
return null;
}
/**
* set appMetadata entity to the platform cache
* @param appMetadata - cache value to be set of type AppMetadataEntity
*/
setAppMetadata(appMetadata) {
const appMetadataKey = appMetadata.generateAppMetadataKey();
this.setItem(appMetadataKey, appMetadata);
}
/**
* fetch server telemetry entity from the platform cache
* @param serverTelemetrykey - lookup key to fetch cache type ServerTelemetryEntity
*/
getServerTelemetry(serverTelemetrykey) {
const serverTelemetryEntity = this.getItem(serverTelemetrykey);
if (serverTelemetryEntity && msalCommon.ServerTelemetryEntity.isServerTelemetryEntity(serverTelemetrykey, serverTelemetryEntity)) {
return serverTelemetryEntity;
}
return null;
}
/**
* set server telemetry entity to the platform cache
* @param serverTelemetryKey - lookup key to fetch cache type ServerTelemetryEntity
* @param serverTelemetry - cache value to be set of type ServerTelemetryEntity
*/
setServerTelemetry(serverTelemetryKey, serverTelemetry) {
this.setItem(serverTelemetryKey, serverTelemetry);
}
/**
* fetch authority metadata entity from the platform cache
* @param key - lookup key to fetch cache type AuthorityMetadataEntity
*/
getAuthorityMetadata(key) {
const authorityMetadataEntity = this.getItem(key);
if (authorityMetadataEntity && msalCommon.AuthorityMetadataEntity.isAuthorityMetadataEntity(key, authorityMetadataEntity)) {
return authorityMetadataEntity;
}
return null;
}
/**
* Get all authority metadata keys
*/
getAuthorityMetadataKeys() {
return this.getKeys().filter(key => {
return this.isAuthorityMetadata(key);
});
}
/**
* set authority metadata entity to the platform cache
* @param key - lookup key to fetch cache type AuthorityMetadataEntity
* @param metadata - cache value to be set of type AuthorityMetadataEntity
*/
setAuthorityMetadata(key, metadata) {
this.setItem(key, metadata);
}
/**
* fetch throttling entity from the platform cache
* @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity
*/
getThrottlingCache(throttlingCacheKey) {
const throttlingCache = this.getItem(throttlingCacheKey);
if (throttlingCache && msalCommon.ThrottlingEntity.isThrottlingEntity(throttlingCacheKey, throttlingCache)) {
return throttlingCache;
}
return null;
}
/**
* set throttling entity to the platform cache
* @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity
* @param throttlingCache - cache value to be set of type ThrottlingEntity
*/
setThrottlingCache(throttlingCacheKey, throttlingCache) {
this.setItem(throttlingCacheKey, throttlingCache);
}
/**
* Removes the cache item from memory with the given key.
* @param key - lookup key to remove a cache entity
* @param inMemory - key value map of the cache
*/
removeItem(key) {
this.logger.tracePii(`Item key: ${key}`); // read inMemoryCache
let result = false;
const cache = this.getCache();
if (!!cache[key]) {
delete cache[key];
result = true;
} // write to the cache after removal
if (result) {
this.setCache(cache);
this.emitChange();
}
return result;
}
/**
* Checks whether key is in cache.
* @param key - look up key for a cache entity
*/
containsKey(key) {
return this.getKeys().includes(key);
}
/**
* Gets all keys in window.
*/
getKeys() {
this.logger.trace("Retrieving all cache keys"); // read cache
const cache = this.getCache();
return [...Object.keys(cache)];
}
/**
* Clears all cache entries created by MSAL (except tokens).
*/
async clear() {
this.logger.trace("Clearing cache entries created by MSAL"); // read inMemoryCache
const cacheKeys = this.getKeys(); // delete each element
cacheKeys.forEach(key => {
this.removeItem(key);
});
this.emitChange();
}
/**
* Initialize in memory cache from an exisiting cache vault
* @param cache - blob formatted cache (JSON)
*/
static generateInMemoryCache(cache) {
return Deserializer.deserializeAllCache(Deserializer.deserializeJSONBlob(cache));
}
/**
* retrieves the final JSON
* @param inMemoryCache - itemised cache read from the JSON
*/
static generateJsonCache(inMemoryCache) {
return Serializer.serializeAllCache(inMemoryCache);
}
/**
* Updates a credential's cache key if the current cache key is outdated
*/
updateCredentialCacheKey(currentCacheKey, credential) {
const updatedCacheKey = credential.generateCredentialKey();
if (currentCacheKey !== updatedCacheKey) {
const cacheItem = this.getItem(currentCacheKey);
if (cacheItem) {
this.removeItem(currentCacheKey);
this.setItem(updatedCacheKey, cacheItem);
this.logger.verbose(`Updated an outdated ${credential.credentialType} cache key`);
return updatedCacheKey;
} else {
this.logger.error(`Attempted to update an outdated ${credential.credentialType} cache key but no item matching the outdated key was found in storage`);
}
}
return currentCacheKey;
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
const defaultSerializedCache = {
Account: {},
IdToken: {},
AccessToken: {},
RefreshToken: {},
AppMetadata: {}
};
/**
* In-memory token cache manager
* @public
*/
class TokenCache {
constructor(storage, logger, cachePlugin) {
this.cacheHasChanged = false;
this.storage = storage;
this.storage.registerChangeEmitter(this.handleChangeEvent.bind(this));
if (cachePlugin) {
this.persistence = cachePlugin;
}
this.logger = logger;
}
/**
* Set to true if cache state has changed since last time serialize or writeToPersistence was called
*/
hasChanged() {
return this.cacheHasChanged;
}
/**
* Serializes in memory cache to JSON
*/
serialize() {
this.logger.trace("Serializing in-memory cache");
let finalState = Serializer.serializeAllCache(this.storage.getInMemoryCache()); // if cacheSnapshot not null or empty, merge
if (!msalCommon.StringUtils.isEmpty(this.cacheSnapshot)) {
this.logger.trace("Reading cache snapshot from disk");
finalState = this.mergeState(JSON.parse(this.cacheSnapshot), finalState);
} else {
this.logger.trace("No cache snapshot to merge");
}
this.cacheHasChanged = false;
return JSON.stringify(finalState);
}
/**
* Deserializes JSON to in-memory cache. JSON should be in MSAL cache schema format
* @param cache - blob formatted cache
*/
deserialize(cache) {
this.logger.trace("Deserializing JSON to in-memory cache");
this.cacheSnapshot = cache;
if (!msalCommon.StringUtils.isEmpty(this.cacheSnapshot)) {
this.logger.trace("Reading cache snapshot from disk");
const deserializedCache = Deserializer.deserializeAllCache(this.overlayDefaults(JSON.parse(this.cacheSnapshot)));
this.storage.setInMemoryCache(deserializedCache);
} else {
this.logger.trace("No cache snapshot to deserialize");
}
}
/**
* Fetches the cache key-value map
*/
getKVStore() {
return this.storage.getCache();
}
/**
* API that retrieves all accounts currently in cache to the user
*/
async getAllAccounts() {
this.logger.trace("getAllAccounts called");
let cacheContext;
try {
if (this.persistence) {
cacheContext = new msalCommon.TokenCacheContext(this, false);
await this.persistence.beforeCacheAccess(cacheContext);
}
return this.storage.getAllAccounts();
} finally {
if (this.persistence && cacheContext) {
await this.persistence.afterCacheAccess(cacheContext);
}
}
}
/**
* Returns the signed in account matching homeAccountId.
* (the account object is created at the time of successful login)
* or null when no matching account is found
* @param homeAccountId - unique identifier for an account (uid.utid)
*/
async getAccountByHomeId(homeAccountId) {
const allAccounts = await this.getAllAccounts();
if (!msalCommon.StringUtils.isEmpty(homeAccountId) && allAccounts && allAccounts.length) {
return allAccounts.filter(accountObj => accountObj.homeAccountId === homeAccountId)[0] || null;
} else {
return null;
}
}
/**
* Returns the signed in account matching localAccountId.
* (the account object is created at the time of successful login)
* or null when no matching account is found
* @param localAccountId - unique identifier of an account (sub/obj when homeAccountId cannot be populated)
*/
async getAccountByLocalId(localAccountId) {
const allAccounts = await this.getAllAccounts();
if (!msalCommon.StringUtils.isEmpty(localAccountId) && allAccounts && allAccounts.length) {
return allAccounts.filter(accountObj => accountObj.localAccountId === localAccountId)[0] || null;
} else {
return null;
}
}
/**
* API to remove a specific account and the relevant data from cache
* @param account - AccountInfo passed by the user
*/
async removeAccount(account) {
this.logger.trace("removeAccount called");
let cacheContext;
try {
if (this.persistence) {
cacheContext = new msalCommon.TokenCacheContext(this, true);
await this.persistence.beforeCacheAccess(cacheContext);
}
await this.storage.removeAccount(msalCommon.AccountEntity.generateAccountCacheKey(account));
} finally {
if (this.persistence && cacheContext) {
await this.persistence.afterCacheAccess(cacheContext);
}
}
}
/**
* Called when the cache has changed state.
*/
handleChangeEvent() {
this.cacheHasChanged = true;
}
/**
* Merge in memory cache with the cache snapshot.
* @param oldState - cache before changes
* @param currentState - current cache state in the library
*/
mergeState(oldState, currentState) {
this.logger.trace("Merging in-memory cache with cache snapshot");
const stateAfterRemoval = this.mergeRemovals(oldState, currentState);
return this.mergeUpdates(stateAfterRemoval, currentState);
}
/**
* Deep update of oldState based on newState values
* @param oldState - cache before changes
* @param newState - updated cache
*/
mergeUpdates(oldState, newState) {
Object.keys(newState).forEach(newKey => {
const newValue = newState[newKey]; // if oldState does not contain value but newValue does, add it
if (!oldState.hasOwnProperty(newKey)) {
if (newValue !== null) {
oldState[newKey] = newValue;
}
} else {
// both oldState and newState contain the key, do deep update
const newValueNotNull = newValue !== null;
const newValueIsObject = typeof newValue === "object";
const newValueIsNotArray = !Array.isArray(newValue);
const oldStateNotUndefinedOrNull = typeof oldState[newKey] !== "undefined" && oldState[newKey] !== null;
if (newValueNotNull && newValueIsObject && newValueIsNotArray && oldStateNotUndefinedOrNull) {
this.mergeUpdates(oldState[newKey], newValue);
} else {
oldState[newKey] = newValue;
}
}
});
return oldState;
}
/**
* Removes entities in oldState that the were removed from newState. If there are any unknown values in root of
* oldState that are not recognized, they are left untouched.
* @param oldState - cache before changes
* @param newState - updated cache
*/
mergeRemovals(oldState, newState) {
this.logger.trace("Remove updated entries in cache");
const accounts = oldState.Account ? this.mergeRemovalsDict(oldState.Account, newState.Account) : oldState.Account;
const accessTokens = oldState.AccessToken ? this.mergeRemovalsDict(oldState.AccessToken, newState.AccessToken) : oldState.AccessToken;
const refreshTokens = oldState.RefreshToken ? this.mergeRemovalsDict(oldState.RefreshToken, newState.RefreshToken) : oldState.RefreshToken;
const idTokens = oldState.IdToken ? this.mergeRemovalsDict(oldState.IdToken, newState.IdToken) : oldState.IdToken;
const appMetadata = oldState.AppMetadata ? this.mergeRemovalsDict(oldState.AppMetadata, newState.AppMetadata) : oldState.AppMetadata;
return { ...oldState,
Account: accounts,
AccessToken: accessTokens,
RefreshToken: refreshTokens,
IdToken: idTokens,
AppMetadata: appMetadata
};
}
/**
* Helper to merge new cache with the old one
* @param oldState - cache before changes
* @param newState - updated cache
*/
mergeRemovalsDict(oldState, newState) {
const finalState = { ...oldState
};
Object.keys(oldState).forEach(oldKey => {
if (!newState || !newState.hasOwnProperty(oldKey)) {
delete finalState[oldKey];
}
});
return finalState;
}
/**
* Helper to overlay as a part of cache merge
* @param passedInCache - cache read from the blob
*/
overlayDefaults(passedInCache) {
this.logger.trace("Overlaying input cache with the default cache");
return {
Account: { ...defaultSerializedCache.Account,
...passedInCache.Account
},
IdToken: { ...defaultSerializedCache.IdToken,
...passedInCache.IdToken
},
AccessToken: { ...defaultSerializedCache.AccessToken,
...passedInCache.AccessToken
},
RefreshToken: { ...defaultSerializedCache.RefreshToken,
...passedInCache.RefreshToken
},
AppMetadata: { ...defaultSerializedCache.AppMetadata,
...passedInCache.AppMetadata
}
};
}
}
/* eslint-disable header/header */
const name = "@azure/msal-node";
const version = "1.14.5";
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* NodeAuthErrorMessage class containing string constants used by error codes and messages.
*/
const NodeAuthErrorMessage = {
invalidLoopbackAddressType: {
code: "invalid_loopback_server_address_type",
desc: "Loopback server address is not type string. This is unexpected."
},
unableToLoadRedirectUri: {
code: "unable_to_load_redirectUrl",
desc: "Loopback server callback was invoked without a url. This is unexpected."
},
noAuthCodeInResponse: {
code: "no_auth_code_in_response",
desc: "No auth code found in the server response. Please check your network trace to determine what happened."
},
noLoopbackServerExists: {
code: "no_loopback_server_exists",
desc: "No loopback server exists yet."
},
loopbackServerAlreadyExists: {
code: "loopback_server_already_exists",
desc: "Loopback server already exists. Cannot create another."
},
loopbackServerTimeout: {
code: "loopback_server_timeout",
desc: "Timed out waiting for auth code listener to be registered."
},
stateNotFoundError: {
code: "state_not_found",
desc: "State not found. Please verify that the request originated from msal."
}
};
class NodeAuthError extends msalCommon.AuthError {
constructor(errorCode, errorMessage) {
super(errorCode, errorMessage);
this.name = "NodeAuthError";
}
/**
* Creates an error thrown if loopback server address is of type string.
*/
static createInvalidLoopbackAddressTypeError() {
return new NodeAuthError(NodeAuthErrorMessage.invalidLoopbackAddressType.code, `${NodeAuthErrorMessage.invalidLoopbackAddressType.desc}`);
}
/**
* Creates an error thrown if the loopback server is unable to get a url.
*/
static createUnableToLoadRedirectUrlError() {
return new NodeAuthError(NodeAuthErrorMessage.unableToLoadRedirectUri.code, `${NodeAuthErrorMessage.unableToLoadRedirectUri.desc}`);
}
/**
* Creates an error thrown if the server response does not contain an auth code.
*/
static createNoAuthCodeInResponseError() {
return new NodeAuthError(NodeAuthErrorMessage.noAuthCodeInResponse.code, `${NodeAuthErrorMessage.noAuthCodeInResponse.desc}`);
}
/**
* Creates an error thrown if the loopback server has not been spun up yet.
*/
static createNoLoopbackServerExistsError() {
return new NodeAuthError(NodeAuthErrorMessage.noLoopbackServerExists.code, `${NodeAuthErrorMessage.noLoopbackServerExists.desc}`);
}
/**
* Creates an error thrown if a loopback server already exists when attempting to create another one.
*/
static createLoopbackServerAlreadyExistsError() {
return new NodeAuthError(NodeAuthErrorMessage.loopbackServerAlreadyExists.code, `${NodeAuthErrorMessage.loopbackServerAlreadyExists.desc}`);
}
/**
* Creates an error thrown if the loopback server times out registering the auth code listener.
*/
static createLoopbackServerTimeoutError() {
return new NodeAuthError(NodeAuthErrorMessage.loopbackServerTimeout.code, `${NodeAuthErrorMessage.loopbackServerTimeout.desc}`);
}
/**
* Creates an error thrown when the state is not present.
*/
static createStateNotFoundError() {
return new NodeAuthError(NodeAuthErrorMessage.stateNotFoundError.code, NodeAuthErrorMessage.stateNotFoundError.desc);
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Base abstract class for all ClientApplications - public and confidential
* @public
*/
class ClientApplication {
/**
* Constructor for the ClientApplication
*/
constructor(configuration) {
this.config = buildAppConfiguration(configuration);
this.cryptoProvider = new CryptoProvider();
this.logger = new msalCommon.Logger(this.config.system.loggerOptions, name, version);
this.storage = new NodeStorage(this.logger, this.config.auth.clientId, this.cryptoProvider);
this.tokenCache = new TokenCache(this.storage, this.logger, this.config.cache.cachePlugin);
}
/**
* Creates the URL of the authorization request, letting the user input credentials and consent to the
* application. The URL targets the /authorize endpoint of the authority configured in the
* application object.
*
* Once the user inputs their credentials and consents, the authority will send a response to the redirect URI
* sent in the request and should contain an authorization code, which can then be used to acquire tokens via
* `acquireTokenByCode(AuthorizationCodeRequest)`.
*/
async getAuthCodeUrl(request) {
this.logger.info("getAuthCodeUrl called", request.correlationId);
const validRequest = { ...request,
...(await this.initializeBaseRequest(request)),
responseMode: request.responseMode || msalCommon.ResponseMode.QUERY,
authenticationScheme: msalCommon.AuthenticationScheme.BEARER
};
const authClientConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, undefined, undefined, request.azureCloudOptions);
const authorizationCodeClient = new msalCommon.AuthorizationCodeClient(authClientConfig);
this.logger.verbose("Auth code client created", validRequest.correlationId);
return authorizationCodeClient.getAuthCodeUrl(validRequest);
}
/**
* Acquires a token by exchanging the Authorization Code received from the first step of OAuth2.0
* Authorization Code flow.
*
* `getAuthCodeUrl(AuthorizationCodeUrlRequest)` can be used to create the URL for the first step of OAuth2.0
* Authorization Code flow. Ensure that values for redirectUri and scopes in AuthorizationCodeUrlRequest and
* AuthorizationCodeRequest are the same.
*/
async acquireTokenByCode(request, authCodePayLoad) {
this.logger.info("acquireTokenByCode called");
if (request.state && authCodePayLoad) {
this.logger.info("acquireTokenByCode - validating state");
this.validateState(request.state, authCodePayLoad.state || ""); // eslint-disable-next-line no-param-reassign
authCodePayLoad = { ...authCodePayLoad,
state: ""
};
}
const validRequest = { ...request,
...(await this.initializeBaseRequest(request)),
authenticationScheme: msalCommon.AuthenticationScheme.BEARER
};
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByCode, validRequest.correlationId);
try {
const authClientConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, undefined, request.azureCloudOptions);
const authorizationCodeClient = new msalCommon.AuthorizationCodeClient(authClientConfig);
this.logger.verbose("Auth code client created", validRequest.correlationId);
return authorizationCodeClient.acquireToken(validRequest, authCodePayLoad);
} catch (e) {
if (e instanceof msalCommon.AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Acquires a token by exchanging the refresh token provided for a new set of tokens.
*
* This API is provided only for scenarios where you would like to migrate from ADAL to MSAL. Otherwise, it is
* recommended that you use `acquireTokenSilent()` for silent scenarios. When using `acquireTokenSilent()`, MSAL will
* handle the caching and refreshing of tokens automatically.
*/
async acquireTokenByRefreshToken(request) {
this.logger.info("acquireTokenByRefreshToken called", request.correlationId);
const validRequest = { ...request,
...(await this.initializeBaseRequest(request)),
authenticationScheme: msalCommon.AuthenticationScheme.BEARER
};
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByRefreshToken, validRequest.correlationId);
try {
const refreshTokenClientConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, undefined, request.azureCloudOptions);
const refreshTokenClient = new msalCommon.RefreshTokenClient(refreshTokenClientConfig);
this.logger.verbose("Refresh token client created", validRequest.correlationId);
return refreshTokenClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof msalCommon.AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Acquires a token silently when a user specifies the account the token is requested for.
*
* This API expects the user to provide an account object and looks into the cache to retrieve the token if present.
* There is also an optional "forceRefresh" boolean the user can send to bypass the cache for access_token and id_token.
* In case the refresh_token is expired or not found, an error is thrown
* and the guidance is for the user to call any interactive token acquisition API (eg: `acquireTokenByCode()`).
*/
async acquireTokenSilent(request) {
const validRequest = { ...request,
...(await this.initializeBaseRequest(request)),
forceRefresh: request.forceRefresh || false
};
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenSilent, validRequest.correlationId, validRequest.forceRefresh);
try {
const silentFlowClientConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, undefined, request.azureCloudOptions);
const silentFlowClient = new msalCommon.SilentFlowClient(silentFlowClientConfig);
this.logger.verbose("Silent flow client created", validRequest.correlationId);
return silentFlowClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof msalCommon.AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Acquires tokens with password grant by exchanging client applications username and password for credentials
*
* The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely.
* More details on this recommendation at https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.4
* Microsoft's documentation and recommendations are at:
* https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#usernamepassword
*
* @param request - UsenamePasswordRequest
*/
async acquireTokenByUsernamePassword(request) {
this.logger.info("acquireTokenByUsernamePassword called", request.correlationId);
const validRequest = { ...request,
...(await this.initializeBaseRequest(request))
};
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByUsernamePassword, validRequest.correlationId);
try {
const usernamePasswordClientConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, undefined, request.azureCloudOptions);
const usernamePasswordClient = new msalCommon.UsernamePasswordClient(usernamePasswordClientConfig);
this.logger.verbose("Username password client created", validRequest.correlationId);
return usernamePasswordClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof msalCommon.AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Gets the token cache for the application.
*/
getTokenCache() {
this.logger.info("getTokenCache called");
return this.tokenCache;
}
/**
* Validates OIDC state by comparing the user cached state with the state received from the server.
*
* This API is provided for scenarios where you would use OAuth2.0 state parameter to mitigate against
* CSRF attacks.
* For more information about state, visit https://datatracker.ietf.org/doc/html/rfc6819#section-3.6.
* @param state
* @param cachedState
*/
validateState(state, cachedState) {
if (!state) {
throw NodeAuthError.createStateNotFoundError();
}
if (state !== cachedState) {
throw msalCommon.ClientAuthError.createStateMismatchError();
}
}
/**
* Returns the logger instance
*/
getLogger() {
return this.logger;
}
/**
* Replaces the default logger set in configurations with new Logger with new configurations
* @param logger - Logger instance
*/
setLogger(logger) {
this.logger = logger;
}
/**
* Builds the common configuration to be passed to the common component based on the platform configurarion
* @param authority - user passed authority in configuration
* @param serverTelemetryManager - initializes servertelemetry if passed
*/
async buildOauthClientConfiguration(authority, requestCorrelationId, serverTelemetryManager, azureRegionConfiguration, azureCloudOptions) {
this.logger.verbose("buildOauthClientConfiguration called", requestCorrelationId); // precedence - azureCloudInstance + tenant >> authority and request >> config
const userAzureCloudOptions = azureCloudOptions ? azureCloudOptions : this.config.auth.azureCloudOptions; // using null assertion operator as we ensure that all config values have default values in buildConfiguration()
this.logger.verbose(`building oauth client configuration with the authority: ${authority}`, requestCorrelationId);
const discoveredAuthority = await this.createAuthority(authority, azureRegionConfiguration, requestCorrelationId, userAzureCloudOptions);
serverTelemetryManager == null ? void 0 : serverTelemetryManager.updateRegionDiscoveryMetadata(discoveredAuthority.regionDiscoveryMetadata);
const clientConfiguration = {
authOptions: {
clientId: this.config.auth.clientId,
authority: discoveredAuthority,
clientCapabilities: this.config.auth.clientCapabilities
},
systemOptions: {
proxyUrl: this.config.system.proxyUrl
},
loggerOptions: {
logLevel: this.config.system.loggerOptions.logLevel,
loggerCallback: this.config.system.loggerOptions.loggerCallback,
piiLoggingEnabled: this.config.system.loggerOptions.piiLoggingEnabled,
correlationId: requestCorrelationId
},
cryptoInterface: this.cryptoProvider,
networkInterface: this.config.system.networkClient,
storageInterface: this.storage,
serverTelemetryManager: serverTelemetryManager,
clientCredentials: {
clientSecret: this.clientSecret,
clientAssertion: this.clientAssertion ? this.getClientAssertion(discoveredAuthority) : undefined
},
libraryInfo: {
sku: Constants.MSAL_SKU,
version: version,
cpu: process.arch || msalCommon.Constants.EMPTY_STRING,
os: process.platform || msalCommon.Constants.EMPTY_STRING
},
telemetry: this.config.telemetry,
persistencePlugin: this.config.cache.cachePlugin,
serializableCache: this.tokenCache
};
return clientConfiguration;
}
getClientAssertion(authority) {
return {
assertion: this.clientAssertion.getJwt(this.cryptoProvider, this.config.auth.clientId, authority.tokenEndpoint),
assertionType: Constants.JWT_BEARER_ASSERTION_TYPE
};
}
/**
* Generates a request with the default scopes & generates a correlationId.
* @param authRequest - BaseAuthRequest for initialization
*/
async initializeBaseRequest(authRequest) {
this.logger.verbose("initializeRequestScopes called", authRequest.correlationId); // Default authenticationScheme to Bearer, log that POP isn't supported yet
if (authRequest.authenticationScheme && authRequest.authenticationScheme === msalCommon.AuthenticationScheme.POP) {
this.logger.verbose("Authentication Scheme 'pop' is not supported yet, setting Authentication Scheme to 'Bearer' for request", authRequest.correlationId);
}
authRequest.authenticationScheme = msalCommon.AuthenticationScheme.BEARER; // Set requested claims hash if claims were requested
if (authRequest.claims && !msalCommon.StringUtils.isEmpty(authRequest.claims)) {
authRequest.requestedClaimsHash = await this.cryptoProvider.hashString(authRequest.claims);
}
return { ...authRequest,
scopes: [...(authRequest && authRequest.scopes || []), ...msalCommon.OIDC_DEFAULT_SCOPES],
correlationId: authRequest && authRequest.correlationId || this.cryptoProvider.createNewGuid(),
authority: authRequest.authority || this.config.auth.authority
};
}
/**
* Initializes the server telemetry payload
* @param apiId - Id for a specific request
* @param correlationId - GUID
* @param forceRefresh - boolean to indicate network call
*/
initializeServerTelemetryManager(apiId, correlationId, forceRefresh) {
const telemetryPayload = {
clientId: this.config.auth.clientId,
correlationId: correlationId,
apiId: apiId,
forceRefresh: forceRefresh || false
};
return new msalCommon.ServerTelemetryManager(telemetryPayload, this.storage);
}
/**
* Create authority instance. If authority not passed in request, default to authority set on the application
* object. If no authority set in application object, then default to common authority.
* @param authorityString - authority from user configuration
*/
async createAuthority(authorityString, azureRegionConfiguration, requestCorrelationId, azureCloudOptions) {
this.logger.verbose("createAuthority called", requestCorrelationId); // build authority string based on auth params - azureCloudInstance is prioritized if provided
const authorityUrl = msalCommon.Authority.generateAuthority(authorityString, azureCloudOptions);
const authorityOptions = {
protocolMode: this.config.auth.protocolMode,
knownAuthorities: this.config.auth.knownAuthorities,
cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,
authorityMetadata: this.config.auth.authorityMetadata,
azureRegionConfiguration,
skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache
};
return await msalCommon.AuthorityFactory.createDiscoveredInstance(authorityUrl, this.config.system.networkClient, this.storage, authorityOptions, this.logger, this.config.system.proxyUrl);
}
/**
* Clear the cache
*/
clearCache() {
this.storage.clear();
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class LoopbackClient {
/**
* Spins up a loopback server which returns the server response when the localhost redirectUri is hit
* @param successTemplate
* @param errorTemplate
* @returns
*/
async listenForAuthCode(successTemplate, errorTemplate) {
if (!!this.server) {
throw NodeAuthError.createLoopbackServerAlreadyExistsError();
}
const authCodeListener = new Promise((resolve, reject) => {
this.server = http.createServer(async (req, res) => {
const url = req.url;
if (!url) {
res.end(errorTemplate || "Error occurred loading redirectUrl");
reject(NodeAuthError.createUnableToLoadRedirectUrlError());
return;
} else if (url === msalCommon.Constants.FORWARD_SLASH) {
res.end(successTemplate || "Auth code was successfully acquired. You can close this window now.");
return;
}
const authCodeResponse = msalCommon.UrlString.getDeserializedQueryString(url);
if (authCodeResponse.code) {
const redirectUri = await this.getRedirectUri();
res.writeHead(HttpStatus.REDIRECT, {
location: redirectUri
}); // Prevent auth code from being saved in the browser history
res.end();
}
resolve(authCodeResponse);
});
this.server.listen(0); // Listen on any available port
}); // Wait for server to be listening
await new Promise(resolve => {
let ticks = 0;
const id = setInterval(() => {
if (LOOPBACK_SERVER_CONSTANTS.TIMEOUT_MS / LOOPBACK_SERVER_CONSTANTS.INTERVAL_MS < ticks) {
throw NodeAuthError.createLoopbackServerTimeoutError();
}
if (this.server.listening) {
clearInterval(id);
resolve();
}
ticks++;
}, LOOPBACK_SERVER_CONSTANTS.INTERVAL_MS);
});
return authCodeListener;
}
/**
* Get the port that the loopback server is running on
* @returns
*/
getRedirectUri() {
if (!this.server) {
throw NodeAuthError.createNoLoopbackServerExistsError();
}
const address = this.server.address();
if (!address || typeof address === "string" || !address.port) {
this.closeServer();
throw NodeAuthError.createInvalidLoopbackAddressTypeError();
}
const port = address && address.port;
return `${Constants.HTTP_PROTOCOL}${Constants.LOCALHOST}:${port}`;
}
/**
* Close the loopback server
*/
closeServer() {
if (!!this.server) {
this.server.close();
}
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class is to be used to acquire tokens for public client applications (desktop, mobile). Public client applications
* are not trusted to safely store application secrets, and therefore can only request tokens in the name of an user.
* @public
*/
class PublicClientApplication extends ClientApplication {
/**
* Important attributes in the Configuration object for auth are:
* - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal.
* - authority: the authority URL for your application.
*
* AAD authorities are of the form https://login.microsoftonline.com/\{Enter_the_Tenant_Info_Here\}.
* - If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).
* - If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations.
* - If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common.
* - To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers.
*
* Azure B2C authorities are of the form https://\{instance\}/\{tenant\}/\{policy\}. Each policy is considered
* its own authority. You will have to set the all of the knownAuthorities at the time of the client application
* construction.
*
* ADFS authorities are of the form https://\{instance\}/adfs.
*/
constructor(configuration) {
super(configuration);
}
/**
* Acquires a token from the authority using OAuth2.0 device code flow.
* This flow is designed for devices that do not have access to a browser or have input constraints.
* The authorization server issues a DeviceCode object with a verification code, an end-user code,
* and the end-user verification URI. The DeviceCode object is provided through a callback, and the end-user should be
* instructed to use another device to navigate to the verification URI to input credentials.
* Since the client cannot receive incoming requests, it polls the authorization server repeatedly
* until the end-user completes input of credentials.
*/
async acquireTokenByDeviceCode(request) {
this.logger.info("acquireTokenByDeviceCode called", request.correlationId);
const validRequest = Object.assign(request, await this.initializeBaseRequest(request));
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByDeviceCode, validRequest.correlationId);
try {
const deviceCodeConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, undefined, request.azureCloudOptions);
const deviceCodeClient = new msalCommon.DeviceCodeClient(deviceCodeConfig);
this.logger.verbose("Device code client created", validRequest.correlationId);
return deviceCodeClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof msalCommon.AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Acquires a token by requesting an Authorization code then exchanging it for a token.
*/
async acquireTokenInteractive(request) {
const {
verifier,
challenge
} = await this.cryptoProvider.generatePkceCodes();
const {
openBrowser,
successTemplate,
errorTemplate,
...remainingProperties
} = request;
const loopbackClient = new LoopbackClient();
const authCodeListener = loopbackClient.listenForAuthCode(successTemplate, errorTemplate);
const redirectUri = loopbackClient.getRedirectUri();
const validRequest = { ...remainingProperties,
scopes: request.scopes || msalCommon.OIDC_DEFAULT_SCOPES,
redirectUri: redirectUri,
responseMode: msalCommon.ResponseMode.QUERY,
codeChallenge: challenge,
codeChallengeMethod: msalCommon.CodeChallengeMethodValues.S256
};
const authCodeUrl = await this.getAuthCodeUrl(validRequest);
await openBrowser(authCodeUrl);
const authCodeResponse = await authCodeListener.finally(() => {
loopbackClient.closeServer();
});
if (authCodeResponse.error) {
throw new msalCommon.ServerError(authCodeResponse.error, authCodeResponse.error_description, authCodeResponse.suberror);
} else if (!authCodeResponse.code) {
throw NodeAuthError.createNoAuthCodeInResponseError();
}
const clientInfo = authCodeResponse.client_info;
const tokenRequest = {
code: authCodeResponse.code,
codeVerifier: verifier,
clientInfo: clientInfo || msalCommon.Constants.EMPTY_STRING,
...validRequest
};
return this.acquireTokenByCode(tokenRequest);
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Client assertion of type jwt-bearer used in confidential client flows
* @public
*/
class ClientAssertion {
/**
* Initialize the ClientAssertion class from the clientAssertion passed by the user
* @param assertion - refer https://tools.ietf.org/html/rfc7521
*/
static fromAssertion(assertion) {
const clientAssertion = new ClientAssertion();
clientAssertion.jwt = assertion;
return clientAssertion;
}
/**
* Initialize the ClientAssertion class from the certificate passed by the user
* @param thumbprint - identifier of a certificate
* @param privateKey - secret key
* @param publicCertificate - electronic document provided to prove the ownership of the public key
*/
static fromCertificate(thumbprint, privateKey, publicCertificate) {
const clientAssertion = new ClientAssertion();
clientAssertion.privateKey = privateKey;
clientAssertion.thumbprint = thumbprint;
if (publicCertificate) {
clientAssertion.publicCertificate = this.parseCertificate(publicCertificate);
}
return clientAssertion;
}
/**
* Update JWT for certificate based clientAssertion, if passed by the user, uses it as is
* @param cryptoProvider - library's crypto helper
* @param issuer - iss claim
* @param jwtAudience - aud claim
*/
getJwt(cryptoProvider, issuer, jwtAudience) {
// if assertion was created from certificate, check if jwt is expired and create new one.
if (this.privateKey && this.thumbprint) {
if (this.jwt && !this.isExpired() && issuer === this.issuer && jwtAudience === this.jwtAudience) {
return this.jwt;
}
return this.createJwt(cryptoProvider, issuer, jwtAudience);
}
/*
* if assertion was created by caller, then we just append it. It is up to the caller to
* ensure that it contains necessary claims and that it is not expired.
*/
if (this.jwt) {
return this.jwt;
}
throw msalCommon.ClientAuthError.createInvalidAssertionError();
}
/**
* JWT format and required claims specified: https://tools.ietf.org/html/rfc7523#section-3
*/
createJwt(cryptoProvider, issuer, jwtAudience) {
this.issuer = issuer;
this.jwtAudience = jwtAudience;
const issuedAt = msalCommon.TimeUtils.nowSeconds();
this.expirationTime = issuedAt + 600;
const header = {
alg: JwtConstants.RSA_256,
x5t: EncodingUtils.base64EncodeUrl(this.thumbprint, "hex")
};
if (this.publicCertificate) {
Object.assign(header, {
x5c: this.publicCertificate
});
}
const payload = {
[JwtConstants.AUDIENCE]: this.jwtAudience,
[JwtConstants.EXPIRATION_TIME]: this.expirationTime,
[JwtConstants.ISSUER]: this.issuer,
[JwtConstants.SUBJECT]: this.issuer,
[JwtConstants.NOT_BEFORE]: issuedAt,
[JwtConstants.JWT_ID]: cryptoProvider.createNewGuid()
};
this.jwt = jsonwebtoken.sign(payload, this.privateKey, {
header
});
return this.jwt;
}
/**
* Utility API to check expiration
*/
isExpired() {
return this.expirationTime < msalCommon.TimeUtils.nowSeconds();
}
/**
* Extracts the raw certs from a given certificate string and returns them in an array.
* @param publicCertificate - electronic document provided to prove the ownership of the public key
*/
static parseCertificate(publicCertificate) {
/**
* This is regex to identify the certs in a given certificate string.
* We want to look for the contents between the BEGIN and END certificate strings, without the associated newlines.
* The information in parens "(.+?)" is the capture group to represent the cert we want isolated.
* "." means any string character, "+" means match 1 or more times, and "?" means the shortest match.
* The "g" at the end of the regex means search the string globally, and the "s" enables the "." to match newlines.
*/
const regexToFindCerts = /-----BEGIN CERTIFICATE-----\r*\n(.+?)\r*\n-----END CERTIFICATE-----/gs;
const certs = [];
let matches;
while ((matches = regexToFindCerts.exec(publicCertificate)) !== null) {
// matches[1] represents the first parens capture group in the regex.
certs.push(matches[1].replace(/\r*\n/g, msalCommon.Constants.EMPTY_STRING));
}
return certs;
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class is to be used to acquire tokens for confidential client applications (webApp, webAPI). Confidential client applications
* will configure application secrets, client certificates/assertions as applicable
* @public
*/
class ConfidentialClientApplication extends ClientApplication {
/**
* Constructor for the ConfidentialClientApplication
*
* Required attributes in the Configuration object are:
* - clientID: the application ID of your application. You can obtain one by registering your application with our application registration portal
* - authority: the authority URL for your application.
* - client credential: Must set either client secret, certificate, or assertion for confidential clients. You can obtain a client secret from the application registration portal.
*
* In Azure AD, authority is a URL indicating of the form https://login.microsoftonline.com/\{Enter_the_Tenant_Info_Here\}.
* If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).
* If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations.
* If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common.
* To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers.
*
* In Azure B2C, authority is of the form https://\{instance\}/tfp/\{tenant\}/\{policyName\}/
* Full B2C functionality will be available in this library in future versions.
*
* @param Configuration - configuration object for the MSAL ConfidentialClientApplication instance
*/
constructor(configuration) {
super(configuration);
this.setClientCredential(this.config);
this.appTokenProvider = undefined;
}
/**
* This extensibility point only works for the client_credential flow, i.e. acquireTokenByClientCredential and
* is meant for Azure SDK to enhance Managed Identity support.
*
* @param IAppTokenProvider - Extensibility interface, which allows the app developer to return a token from a custom source.
*/
SetAppTokenProvider(provider) {
this.appTokenProvider = provider;
}
/**
* Acquires tokens from the authority for the application (not for an end user).
*/
async acquireTokenByClientCredential(request) {
this.logger.info("acquireTokenByClientCredential called", request.correlationId); // If there is a client assertion present in the request, it overrides the one present in the client configuration
let clientAssertion;
if (request.clientAssertion) {
clientAssertion = {
assertion: request.clientAssertion,
assertionType: Constants.JWT_BEARER_ASSERTION_TYPE
};
}
const baseRequest = await this.initializeBaseRequest(request); // valid base request should not contain oidc scopes in this grant type
const validBaseRequest = { ...baseRequest,
scopes: baseRequest.scopes.filter(scope => !msalCommon.OIDC_DEFAULT_SCOPES.includes(scope))
};
const validRequest = { ...request,
...validBaseRequest,
clientAssertion
};
const azureRegionConfiguration = {
azureRegion: validRequest.azureRegion,
environmentRegion: process.env[REGION_ENVIRONMENT_VARIABLE]
};
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByClientCredential, validRequest.correlationId, validRequest.skipCache);
try {
const clientCredentialConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, azureRegionConfiguration, request.azureCloudOptions);
const clientCredentialClient = new msalCommon.ClientCredentialClient(clientCredentialConfig, this.appTokenProvider);
this.logger.verbose("Client credential client created", validRequest.correlationId);
return clientCredentialClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof msalCommon.AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Acquires tokens from the authority for the application.
*
* Used in scenarios where the current app is a middle-tier service which was called with a token
* representing an end user. The current app can use the token (oboAssertion) to request another
* token to access downstream web API, on behalf of that user.
*
* The current middle-tier app has no user interaction to obtain consent.
* See how to gain consent upfront for your middle-tier app from this article.
* https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#gaining-consent-for-the-middle-tier-application
*/
async acquireTokenOnBehalfOf(request) {
this.logger.info("acquireTokenOnBehalfOf called", request.correlationId);
const validRequest = { ...request,
...(await this.initializeBaseRequest(request))
};
try {
const onBehalfOfConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, undefined, undefined, request.azureCloudOptions);
const oboClient = new msalCommon.OnBehalfOfClient(onBehalfOfConfig);
this.logger.verbose("On behalf of client created", validRequest.correlationId);
return oboClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof msalCommon.AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
throw e;
}
}
setClientCredential(configuration) {
const clientSecretNotEmpty = !msalCommon.StringUtils.isEmpty(configuration.auth.clientSecret);
const clientAssertionNotEmpty = !msalCommon.StringUtils.isEmpty(configuration.auth.clientAssertion);
const certificate = configuration.auth.clientCertificate || {
thumbprint: msalCommon.Constants.EMPTY_STRING,
privateKey: msalCommon.Constants.EMPTY_STRING
};
const certificateNotEmpty = !msalCommon.StringUtils.isEmpty(certificate.thumbprint) || !msalCommon.StringUtils.isEmpty(certificate.privateKey);
/*
* If app developer configures this callback, they don't need a credential
* i.e. AzureSDK can get token from Managed Identity without a cert / secret
*/
if (this.appTokenProvider) {
return;
} // Check that at most one credential is set on the application
if (clientSecretNotEmpty && clientAssertionNotEmpty || clientAssertionNotEmpty && certificateNotEmpty || clientSecretNotEmpty && certificateNotEmpty) {
throw msalCommon.ClientAuthError.createInvalidCredentialError();
}
if (configuration.auth.clientSecret) {
this.clientSecret = configuration.auth.clientSecret;
return;
}
if (configuration.auth.clientAssertion) {
this.clientAssertion = ClientAssertion.fromAssertion(configuration.auth.clientAssertion);
return;
}
if (!certificateNotEmpty) {
throw msalCommon.ClientAuthError.createInvalidCredentialError();
} else {
var _configuration$auth$c;
this.clientAssertion = ClientAssertion.fromCertificate(certificate.thumbprint, certificate.privateKey, (_configuration$auth$c = configuration.auth.clientCertificate) == null ? void 0 : _configuration$auth$c.x5c);
}
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class DistributedCachePlugin {
constructor(client, partitionManager) {
this.client = client;
this.partitionManager = partitionManager;
}
async beforeCacheAccess(cacheContext) {
const partitionKey = await this.partitionManager.getKey();
const cacheData = await this.client.get(partitionKey);
cacheContext.tokenCache.deserialize(cacheData);
}
async afterCacheAccess(cacheContext) {
if (cacheContext.cacheHasChanged) {
const kvStore = cacheContext.tokenCache.getKVStore();
const accountEntities = Object.values(kvStore).filter(value => msalCommon.AccountEntity.isAccountEntity(value));
if (accountEntities.length > 0) {
const accountEntity = accountEntities[0];
const partitionKey = await this.partitionManager.extractKey(accountEntity);
await this.client.set(partitionKey, cacheContext.tokenCache.serialize());
}
}
}
}
Object.defineProperty(exports, 'AuthError', {
enumerable: true,
get: function () {
return msalCommon.AuthError;
}
});
Object.defineProperty(exports, 'AuthErrorMessage', {
enumerable: true,
get: function () {
return msalCommon.AuthErrorMessage;
}
});
Object.defineProperty(exports, 'AzureCloudInstance', {
enumerable: true,
get: function () {
return msalCommon.AzureCloudInstance;
}
});
Object.defineProperty(exports, 'ClientAuthError', {
enumerable: true,
get: function () {
return msalCommon.ClientAuthError;
}
});
Object.defineProperty(exports, 'ClientAuthErrorMessage', {
enumerable: true,
get: function () {
return msalCommon.ClientAuthErrorMessage;
}
});
Object.defineProperty(exports, 'ClientConfigurationError', {
enumerable: true,
get: function () {
return msalCommon.ClientConfigurationError;
}
});
Object.defineProperty(exports, 'ClientConfigurationErrorMessage', {
enumerable: true,
get: function () {
return msalCommon.ClientConfigurationErrorMessage;
}
});
Object.defineProperty(exports, 'InteractionRequiredAuthError', {
enumerable: true,
get: function () {
return msalCommon.InteractionRequiredAuthError;
}
});
Object.defineProperty(exports, 'InteractionRequiredAuthErrorMessage', {
enumerable: true,
get: function () {
return msalCommon.InteractionRequiredAuthErrorMessage;
}
});
Object.defineProperty(exports, 'LogLevel', {
enumerable: true,
get: function () {
return msalCommon.LogLevel;
}
});
Object.defineProperty(exports, 'Logger', {
enumerable: true,
get: function () {
return msalCommon.Logger;
}
});
Object.defineProperty(exports, 'PromptValue', {
enumerable: true,
get: function () {
return msalCommon.PromptValue;
}
});
Object.defineProperty(exports, 'ProtocolMode', {
enumerable: true,
get: function () {
return msalCommon.ProtocolMode;
}
});
Object.defineProperty(exports, 'ResponseMode', {
enumerable: true,
get: function () {
return msalCommon.ResponseMode;
}
});
Object.defineProperty(exports, 'ServerError', {
enumerable: true,
get: function () {
return msalCommon.ServerError;
}
});
Object.defineProperty(exports, 'TokenCacheContext', {
enumerable: true,
get: function () {
return msalCommon.TokenCacheContext;
}
});
exports.ClientApplication = ClientApplication;
exports.ClientAssertion = ClientAssertion;
exports.ConfidentialClientApplication = ConfidentialClientApplication;
exports.CryptoProvider = CryptoProvider;
exports.DistributedCachePlugin = DistributedCachePlugin;
exports.NodeStorage = NodeStorage;
exports.PublicClientApplication = PublicClientApplication;
exports.TokenCache = TokenCache;
exports.buildAppConfiguration = buildAppConfiguration;
exports.version = version;
//# sourceMappingURL=msal-node.cjs.development.js.map
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/msal-node.cjs.development.js.map 0 → 100644
View file @ 3a84cbd5
{"version":3,"file":"msal-node.cjs.development.js","sources":["../src/utils/Constants.ts","../src/utils/NetworkUtils.ts","../src/network/HttpClient.ts","../src/config/Configuration.ts","../src/crypto/GuidGenerator.ts","../src/utils/EncodingUtils.ts","../src/crypto/HashUtils.ts","../src/crypto/PkceGenerator.ts","../src/crypto/CryptoProvider.ts","../src/cache/serializer/Deserializer.ts","../src/cache/serializer/Serializer.ts","../src/cache/NodeStorage.ts","../src/cache/TokenCache.ts","../src/packageMetadata.ts","../src/error/NodeAuthError.ts","../src/client/ClientApplication.ts","../src/network/LoopbackClient.ts","../src/client/PublicClientApplication.ts","../src/client/ClientAssertion.ts","../src/client/ConfidentialClientApplication.ts","../src/cache/distributed/DistributedCachePlugin.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * http methods\n */\nexport enum HttpMethod {\n GET = \"get\",\n POST = \"post\",\n}\n\nexport enum HttpStatus {\n SUCCESS_RANGE_START = 200,\n SUCCESS_RANGE_END = 299,\n REDIRECT = 302,\n CLIENT_ERROR_RANGE_START = 400,\n CLIENT_ERROR_RANGE_END = 499,\n SERVER_ERROR_RANGE_START = 500,\n SERVER_ERROR_RANGE_END = 599\n}\n\nexport enum ProxyStatus {\n SUCCESS_RANGE_START = 200,\n SUCCESS_RANGE_END = 299,\n SERVER_ERROR = 500\n}\n\n/**\n * Constants used for region discovery\n */\nexport const REGION_ENVIRONMENT_VARIABLE = \"REGION_NAME\";\n\n/**\n * Constant used for PKCE\n */\nexport const RANDOM_OCTET_SIZE = 32;\n\n/**\n * Constants used in PKCE\n */\nexport const Hash = {\n SHA256: \"sha256\",\n};\n\n/**\n * Constants for encoding schemes\n */\nexport const CharSet = {\n CV_CHARSET:\n \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~\",\n};\n\n/**\n * Cache Constants\n */\nexport const CACHE = {\n FILE_CACHE: \"fileCache\",\n EXTENSION_LIB: \"extenstion_library\",\n};\n\n/**\n * Constants\n */\nexport const Constants = {\n MSAL_SKU: \"msal.js.node\",\n JWT_BEARER_ASSERTION_TYPE: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n AUTHORIZATION_PENDING: \"authorization_pending\",\n HTTP_PROTOCOL: \"http://\",\n LOCALHOST: \"localhost\"\n};\n\n/**\n * API Codes for Telemetry purposes.\n * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs\n * 0-99 Silent Flow\n * 600-699 Device Code Flow\n * 800-899 Auth Code Flow\n */\nexport enum ApiId {\n acquireTokenSilent = 62,\n acquireTokenByUsernamePassword = 371,\n acquireTokenByDeviceCode = 671,\n acquireTokenByClientCredential = 771,\n acquireTokenByCode = 871,\n acquireTokenByRefreshToken = 872\n}\n\n/**\n * JWT constants\n */\nexport const JwtConstants = {\n ALGORITHM: \"alg\",\n RSA_256: \"RS256\",\n X5T: \"x5t\", \n X5C: \"x5c\",\n AUDIENCE: \"aud\",\n EXPIRATION_TIME: \"exp\",\n ISSUER: \"iss\",\n SUBJECT: \"sub\",\n NOT_BEFORE: \"nbf\",\n JWT_ID: \"jti\",\n};\n\nexport const LOOPBACK_SERVER_CONSTANTS = {\n INTERVAL_MS: 100,\n TIMEOUT_MS: 5000\n};\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { NetworkResponse } from \"@azure/msal-common\";\n\nexport class NetworkUtils {\n static getNetworkResponse<T>(headers: Record<string, string>, body: T, statusCode: number): NetworkResponse<T> {\n return {\n headers: headers,\n body: body,\n status: statusCode,\n };\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n INetworkModule,\n NetworkRequestOptions,\n NetworkResponse\n} from \"@azure/msal-common\";\nimport { HttpMethod, Constants, HttpStatus, ProxyStatus } from \"../utils/Constants\";\nimport { NetworkUtils } from \"../utils/NetworkUtils\";\nimport http from \"http\";\nimport https from \"https\";\n\n/**\n * This class implements the API for network requests.\n */\nexport class HttpClient implements INetworkModule {\n\n /**\n * Http Get request\n * @param url\n * @param options\n */\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n ): Promise<NetworkResponse<T>> {\n if (options?.proxyUrl) {\n return networkRequestViaProxy(url, HttpMethod.GET, options);\n } else {\n return networkRequestViaHttps(url, HttpMethod.GET, options);\n }\n }\n\n /**\n * Http Post request\n * @param url\n * @param options\n */\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n cancellationToken?: number,\n ): Promise<NetworkResponse<T>> {\n if (options?.proxyUrl) {\n return networkRequestViaProxy(url, HttpMethod.POST, options, cancellationToken);\n } else {\n return networkRequestViaHttps(url, HttpMethod.POST, options, cancellationToken);\n }\n }\n}\n\nconst networkRequestViaProxy = <T>(\n url: string,\n httpMethod: string,\n options: NetworkRequestOptions,\n timeout?: number,\n): Promise<NetworkResponse<T>> => {\n const headers = options?.headers || {} as Record<string, string>;\n const proxyUrl = new URL(options?.proxyUrl || \"\");\n const destinationUrl = new URL(url);\n\n // \"method: connect\" must be used to establish a connection to the proxy\n const tunnelRequestOptions: https.RequestOptions = {\n host: proxyUrl.hostname,\n port: proxyUrl.port,\n method: \"CONNECT\",\n path: destinationUrl.hostname,\n headers: headers,\n };\n\n if (timeout) {\n tunnelRequestOptions.timeout = timeout;\n }\n\n // compose a request string for the socket\n let postRequestStringContent: string = \"\";\n if (httpMethod === HttpMethod.POST) {\n const body = options?.body || \"\";\n postRequestStringContent =\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\" +\n `Content-Length: ${body.length}\\r\\n` +\n `\\r\\n${body}`;\n }\n const outgoingRequestString = `${httpMethod.toUpperCase()} ${destinationUrl.href} HTTP/1.1\\r\\n` +\n `Host: ${destinationUrl.host}\\r\\n` +\n \"Connection: close\\r\\n\" +\n postRequestStringContent +\n \"\\r\\n\";\n\n return new Promise<NetworkResponse<T>>(((resolve, reject) => {\n const request = http.request(tunnelRequestOptions);\n\n if (tunnelRequestOptions.timeout) {\n request.on(\"timeout\", () => {\n request.destroy();\n reject(new Error(\"Request time out\"));\n });\n }\n\n request.end();\n\n // establish connection to the proxy\n request.on(\"connect\", (response, socket) => {\n const proxyStatusCode = response?.statusCode || ProxyStatus.SERVER_ERROR;\n if ((proxyStatusCode < ProxyStatus.SUCCESS_RANGE_START) || (proxyStatusCode > ProxyStatus.SUCCESS_RANGE_END)) {\n request.destroy();\n socket.destroy();\n reject(new Error(`Error connecting to proxy. Http status code: ${response.statusCode}. Http status message: ${response?.statusMessage || \"Unknown\"}`));\n }\n if (tunnelRequestOptions.timeout) {\n socket.setTimeout(tunnelRequestOptions.timeout);\n socket.on(\"timeout\", () => {\n request.destroy();\n socket.destroy();\n reject(new Error(\"Request time out\"));\n });\n }\n\n // make a request over an HTTP tunnel\n socket.write(outgoingRequestString);\n\n const data: Buffer[] = [];\n socket.on(\"data\", (chunk) => {\n data.push(chunk);\n });\n\n socket.on(\"end\", () => {\n // combine all received buffer streams into one buffer, and then into a string\n const dataString = Buffer.concat([...data]).toString();\n\n // separate each line into it's own entry in an arry\n const dataStringArray = dataString.split(\"\\r\\n\");\n // the first entry will contain the statusCode and statusMessage\n const httpStatusCode = parseInt(dataStringArray[0].split(\" \")[1]);\n // remove \"HTTP/1.1\" and the status code to get the status message\n const statusMessage = dataStringArray[0].split(\" \").slice(2).join(\" \");\n // the last entry will contain the body\n const body = dataStringArray[dataStringArray.length - 1];\n\n // everything in between the first and last entries are the headers\n const headersArray = dataStringArray.slice(1, dataStringArray.length - 2);\n\n // build an object out of all the headers\n const entries = new Map();\n headersArray.forEach((header) => {\n /**\n * the header might look like \"Content-Length: 1531\", but that is just a string\n * it needs to be converted to a key/value pair\n * split the string at the first instance of \":\"\n * there may be more than one \":\" if the value of the header is supposed to be a JSON object\n */\n const headerKeyValue = header.split(new RegExp(/:\\s(.*)/s));\n const headerKey = headerKeyValue[0];\n let headerValue = headerKeyValue[1];\n\n // check if the value of the header is supposed to be a JSON object\n try {\n const object = JSON.parse(headerValue);\n\n // if it is, then convert it from a string to a JSON object\n if (object && (typeof object === \"object\")) {\n headerValue = object;\n }\n } catch (e) {\n // otherwise, leave it as a string\n }\n\n entries.set(headerKey, headerValue);\n });\n const headers = Object.fromEntries(entries);\n\n const parsedHeaders = headers as Record<string, string>;\n const networkResponse = NetworkUtils.getNetworkResponse(\n parsedHeaders,\n parseBody(httpStatusCode, statusMessage, parsedHeaders, body) as T,\n httpStatusCode\n );\n\n if (((httpStatusCode < HttpStatus.SUCCESS_RANGE_START) || (httpStatusCode > HttpStatus.SUCCESS_RANGE_END)) &&\n // do not destroy the request for the device code flow\n networkResponse.body[\"error\"] !== Constants.AUTHORIZATION_PENDING) {\n request.destroy();\n }\n resolve(networkResponse);\n });\n\n socket.on(\"error\", (chunk) => {\n request.destroy();\n socket.destroy();\n reject(new Error(chunk.toString()));\n });\n });\n\n request.on(\"error\", (chunk) => {\n request.destroy();\n reject(new Error(chunk.toString()));\n });\n }));\n};\n\nconst networkRequestViaHttps = <T>(\n url: string,\n httpMethod: string,\n options?: NetworkRequestOptions,\n timeout?: number,\n): Promise<NetworkResponse<T>> => {\n const isPostRequest = httpMethod === HttpMethod.POST;\n const body: string = options?.body || \"\";\n\n const emptyHeaders: Record<string, string> = {};\n const customOptions: https.RequestOptions = {\n method: httpMethod,\n headers: options?.headers || emptyHeaders,\n };\n\n if (timeout) {\n customOptions.timeout = timeout;\n }\n\n if (isPostRequest) {\n // needed for post request to work\n customOptions.headers = {\n ...customOptions.headers,\n \"Content-Length\": body.length,\n };\n }\n\n return new Promise<NetworkResponse<T>>((resolve, reject) => {\n const request = https.request(url, customOptions);\n\n if (timeout) {\n request.on(\"timeout\", () => {\n request.destroy();\n reject(new Error(\"Request time out\"));\n });\n }\n\n if (isPostRequest) {\n request.write(body);\n }\n\n request.end();\n\n request.on(\"response\", (response) => {\n const headers = response.headers;\n const statusCode = response.statusCode as number;\n const statusMessage = response.statusMessage;\n\n const data: Buffer[] = [];\n response.on(\"data\", (chunk) => {\n data.push(chunk);\n });\n\n response.on(\"end\", () => {\n // combine all received buffer streams into one buffer, and then into a string\n const body = Buffer.concat([...data]).toString();\n\n const parsedHeaders = headers as Record<string, string>;\n const networkResponse = NetworkUtils.getNetworkResponse(\n parsedHeaders,\n parseBody(statusCode, statusMessage, parsedHeaders, body) as T,\n statusCode\n );\n\n if (((statusCode < HttpStatus.SUCCESS_RANGE_START) || (statusCode > HttpStatus.SUCCESS_RANGE_END)) &&\n // do not destroy the request for the device code flow\n networkResponse.body[\"error\"] !== Constants.AUTHORIZATION_PENDING) {\n request.destroy();\n }\n resolve(networkResponse);\n });\n });\n\n request.on(\"error\", (chunk) => {\n request.destroy();\n reject(new Error(chunk.toString()));\n });\n });\n};\n\n/**\n * Check if extra parsing is needed on the repsonse from the server\n * @param statusCode {number} the status code of the response from the server\n * @param statusMessage {string | undefined} the status message of the response from the server\n * @param headers {Record<string, string>} the headers of the response from the server\n * @param body {string} the body from the response of the server\n * @returns {Object} JSON parsed body or error object\n */\nconst parseBody = (statusCode: number, statusMessage: string | undefined, headers: Record<string, string>, body: string) => {\n /*\n * Informational responses (100 – 199)\n * Successful responses (200 – 299)\n * Redirection messages (300 – 399)\n * Client error responses (400 – 499)\n * Server error responses (500 – 599)\n */\n \n let parsedBody;\n try {\n parsedBody = JSON.parse(body);\n } catch (error) {\n let errorType;\n let errorDescriptionHelper;\n if ((statusCode >= HttpStatus.CLIENT_ERROR_RANGE_START) && (statusCode <= HttpStatus.CLIENT_ERROR_RANGE_END)) {\n errorType = \"client_error\";\n errorDescriptionHelper = \"A client\";\n } else if ((statusCode >= HttpStatus.SERVER_ERROR_RANGE_START) && (statusCode <= HttpStatus.SERVER_ERROR_RANGE_END)) {\n errorType = \"server_error\";\n errorDescriptionHelper = \"A server\";\n } else {\n errorType = \"unknown_error\";\n errorDescriptionHelper = \"An unknown\";\n }\n\n parsedBody = {\n error: errorType,\n error_description: `${errorDescriptionHelper} error occured.\\nHttp status code: ${statusCode}\\nHttp status message: ${statusMessage || \"Unknown\"}\\nHeaders: ${JSON.stringify(headers)}`\n };\n }\n\n return parsedBody;\n};\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n LoggerOptions,\n INetworkModule,\n LogLevel,\n ProtocolMode,\n ICachePlugin,\n Constants,\n AzureCloudInstance,\n AzureCloudOptions,\n ApplicationTelemetry\n} from \"@azure/msal-common\";\nimport { HttpClient } from \"../network/HttpClient\";\n\n/**\n * - clientId - Client id of the application.\n * - authority - Url of the authority. If no value is set, defaults to https://login.microsoftonline.com/common.\n * - knownAuthorities - Needed for Azure B2C and ADFS. All authorities that will be used in the client application. Only the host of the authority should be passed in.\n * - clientSecret - Secret string that the application uses when requesting a token. Only used in confidential client applications. Can be created in the Azure app registration portal.\n * - clientAssertion - Assertion string that the application uses when requesting a token. Only used in confidential client applications. Assertion should be of type urn:ietf:params:oauth:client-assertion-type:jwt-bearer.\n * - clientCertificate - Certificate that the application uses when requesting a token. Only used in confidential client applications. Requires hex encoded X.509 SHA-1 thumbprint of the certificiate, and the PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- )\n * - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.\n * - skipAuthorityMetadataCache - A flag to choose whether to use or not use the local metadata cache during authority initialization. Defaults to false.\n * @public\n */\nexport type NodeAuthOptions = {\n clientId: string;\n authority?: string;\n clientSecret?: string;\n clientAssertion?: string;\n clientCertificate?: {\n thumbprint: string,\n privateKey: string,\n x5c?: string\n };\n knownAuthorities?: Array<string>;\n cloudDiscoveryMetadata?: string;\n authorityMetadata?: string;\n clientCapabilities?: Array<string>;\n protocolMode?: ProtocolMode;\n azureCloudOptions?: AzureCloudOptions;\n skipAuthorityMetadataCache?: boolean;\n};\n\n/**\n * Use this to configure the below cache configuration options:\n *\n * - cachePlugin - Plugin for reading and writing token cache to disk.\n * @public\n */\nexport type CacheOptions = {\n cachePlugin?: ICachePlugin;\n};\n\n/**\n * Type for configuring logger and http client options\n *\n * - logger - Used to initialize the Logger object; TODO: Expand on logger details or link to the documentation on logger\n * - networkClient - Http client used for all http get and post calls. Defaults to using MSAL's default http client.\n * @public\n */\nexport type NodeSystemOptions = {\n loggerOptions?: LoggerOptions;\n networkClient?: INetworkModule;\n proxyUrl?: string;\n};\n\nexport type NodeTelemetryOptions = {\n application?: ApplicationTelemetry;\n};\n\n/**\n * Use the configuration object to configure MSAL and initialize the client application object\n *\n * - auth: this is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform\n * - cache: this is where you configure cache location\n * - system: this is where you can configure the network client, logger\n * @public\n */\nexport type Configuration = {\n auth: NodeAuthOptions;\n cache?: CacheOptions;\n system?: NodeSystemOptions;\n telemetry?: NodeTelemetryOptions;\n};\n\nconst DEFAULT_AUTH_OPTIONS: Required<NodeAuthOptions> = {\n clientId: Constants.EMPTY_STRING,\n authority: Constants.DEFAULT_AUTHORITY,\n clientSecret: Constants.EMPTY_STRING,\n clientAssertion: Constants.EMPTY_STRING,\n clientCertificate: {\n thumbprint: Constants.EMPTY_STRING,\n privateKey: Constants.EMPTY_STRING,\n x5c: Constants.EMPTY_STRING\n },\n knownAuthorities: [],\n cloudDiscoveryMetadata: Constants.EMPTY_STRING,\n authorityMetadata: Constants.EMPTY_STRING,\n clientCapabilities: [],\n protocolMode: ProtocolMode.AAD,\n azureCloudOptions: {\n azureCloudInstance: AzureCloudInstance.None,\n tenant: Constants.EMPTY_STRING\n },\n skipAuthorityMetadataCache: false,\n};\n\nconst DEFAULT_CACHE_OPTIONS: CacheOptions = {};\n\nconst DEFAULT_LOGGER_OPTIONS: LoggerOptions = {\n loggerCallback: (): void => {\n // allow users to not set logger call back\n },\n piiLoggingEnabled: false,\n logLevel: LogLevel.Info,\n};\n\nconst DEFAULT_SYSTEM_OPTIONS: Required<NodeSystemOptions> = {\n loggerOptions: DEFAULT_LOGGER_OPTIONS,\n networkClient: new HttpClient(),\n proxyUrl: Constants.EMPTY_STRING,\n};\n\nconst DEFAULT_TELEMETRY_OPTIONS: Required<NodeTelemetryOptions> = {\n application: {\n appName: Constants.EMPTY_STRING,\n appVersion: Constants.EMPTY_STRING\n }\n};\n\nexport type NodeConfiguration = {\n auth: Required<NodeAuthOptions>;\n cache: CacheOptions;\n system: Required<NodeSystemOptions>;\n telemetry: Required<NodeTelemetryOptions>;\n};\n\n/**\n * Sets the default options when not explicitly configured from app developer\n *\n * @param auth - Authentication options\n * @param cache - Cache options\n * @param system - System options\n * @param telemetry - Telemetry options\n *\n * @returns Configuration\n * @public\n */\nexport function buildAppConfiguration({\n auth,\n cache,\n system,\n telemetry\n}: Configuration): NodeConfiguration {\n\n return {\n auth: { ...DEFAULT_AUTH_OPTIONS, ...auth },\n cache: { ...DEFAULT_CACHE_OPTIONS, ...cache },\n system: { ...DEFAULT_SYSTEM_OPTIONS, ...system },\n telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry }\n };\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { IGuidGenerator } from \"@azure/msal-common\";\nimport { v4 as uuidv4 } from \"uuid\";\n\nexport class GuidGenerator implements IGuidGenerator {\n /**\n *\n * RFC4122: The version 4 UUID is meant for generating UUIDs from truly-random or pseudo-random numbers.\n * uuidv4 generates guids from cryprtographically-string random\n */\n generateGuid(): string {\n return uuidv4();\n }\n\n /**\n * verifies if a string is GUID\n * @param guid\n */\n isGuid(guid: string): boolean {\n const regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;\n return regexGuid.test(guid);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Constants } from \"@azure/msal-common\";\n\nexport class EncodingUtils {\n /**\n * 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.\n * 'base64': Base64 encoding.\n *\n * @param str text\n */\n static base64Encode(str: string, encoding?: BufferEncoding): string {\n return Buffer.from(str, encoding).toString(\"base64\");\n }\n\n /**\n * encode a URL\n * @param str\n */\n static base64EncodeUrl(str: string, encoding?: BufferEncoding): string {\n return EncodingUtils.base64Encode(str, encoding)\n .replace(/=/g, Constants.EMPTY_STRING)\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\");\n }\n\n /**\n * 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.\n * 'base64': Base64 encoding.\n *\n * @param base64Str Base64 encoded text\n */\n static base64Decode(base64Str: string): string {\n return Buffer.from(base64Str, \"base64\").toString(\"utf8\");\n }\n\n /**\n * @param base64Str Base64 encoded Url\n */\n static base64DecodeUrl(base64Str: string): string {\n let str = base64Str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n while (str.length % 4) {\n str += \"=\";\n }\n return EncodingUtils.base64Decode(str);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Hash } from \"../utils/Constants\";\nimport crypto from \"crypto\";\n\nexport class HashUtils {\n /**\n * generate 'SHA256' hash\n * @param buffer\n */\n sha256(buffer: string): Buffer {\n return crypto\n .createHash(Hash.SHA256)\n .update(buffer)\n .digest();\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Constants, PkceCodes } from \"@azure/msal-common\";\nimport { CharSet, RANDOM_OCTET_SIZE } from \"../utils/Constants\";\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\nimport { HashUtils } from \"./HashUtils\";\nimport crypto from \"crypto\";\n\n/**\n * https://tools.ietf.org/html/rfc7636#page-8\n */\nexport class PkceGenerator {\n private hashUtils: HashUtils;\n\n constructor() {\n this.hashUtils = new HashUtils();\n }\n /**\n * generates the codeVerfier and the challenge from the codeVerfier\n * reference: https://tools.ietf.org/html/rfc7636#section-4.1 and https://tools.ietf.org/html/rfc7636#section-4.2\n */\n async generatePkceCodes(): Promise<PkceCodes> {\n const verifier = this.generateCodeVerifier();\n const challenge = this.generateCodeChallengeFromVerifier(verifier);\n return { verifier, challenge };\n }\n\n /**\n * generates the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.1\n */\n private generateCodeVerifier(): string {\n const charArr = [];\n const maxNumber = 256 - (256 % CharSet.CV_CHARSET.length);\n while (charArr.length <= RANDOM_OCTET_SIZE) {\n const byte = crypto.randomBytes(1)[0];\n if (byte >= maxNumber) {\n /* \n * Ignore this number to maintain randomness.\n * Including it would result in an unequal distribution of characters after doing the modulo\n */\n continue;\n }\n const index = byte % CharSet.CV_CHARSET.length;\n charArr.push(CharSet.CV_CHARSET[index]);\n }\n const verifier: string = charArr.join(Constants.EMPTY_STRING);\n return EncodingUtils.base64EncodeUrl(verifier);\n }\n\n /**\n * generate the challenge from the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.2\n * @param codeVerifier\n */\n private generateCodeChallengeFromVerifier(codeVerifier: string): string {\n return EncodingUtils.base64EncodeUrl(\n this.hashUtils.sha256(codeVerifier).toString(\"base64\"), \n \"base64\" \n );\n }\n\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ICrypto, PkceCodes } from \"@azure/msal-common\";\nimport { GuidGenerator } from \"./GuidGenerator\";\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\nimport { PkceGenerator } from \"./PkceGenerator\";\nimport { HashUtils } from \"./HashUtils\";\n\n/**\n * This class implements MSAL node's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and\n * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).\n * @public\n */\nexport class CryptoProvider implements ICrypto {\n private pkceGenerator: PkceGenerator;\n private guidGenerator: GuidGenerator;\n private hashUtils: HashUtils;\n\n constructor() {\n // Browser crypto needs to be validated first before any other classes can be set.\n this.pkceGenerator = new PkceGenerator();\n this.guidGenerator = new GuidGenerator();\n this.hashUtils = new HashUtils();\n }\n\n /**\n * Creates a new random GUID - used to populate state and nonce.\n * @returns string (GUID)\n */\n createNewGuid(): string {\n return this.guidGenerator.generateGuid();\n }\n\n /**\n * Encodes input string to base64.\n * @param input - string to be encoded\n */\n base64Encode(input: string): string {\n return EncodingUtils.base64Encode(input);\n }\n\n /**\n * Decodes input string from base64.\n * @param input - string to be decoded\n */\n base64Decode(input: string): string {\n return EncodingUtils.base64Decode(input);\n }\n\n /**\n * Generates PKCE codes used in Authorization Code Flow.\n */\n generatePkceCodes(): Promise<PkceCodes> {\n return this.pkceGenerator.generatePkceCodes();\n }\n\n /**\n * Generates a keypair, stores it and returns a thumbprint - not yet implemented for node\n */\n getPublicKeyThumbprint(): Promise<string> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Removes cryptographic keypair from key store matching the keyId passed in\n * @param kid \n */\n removeTokenBindingKey(): Promise<boolean> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Removes all cryptographic keys from Keystore\n */\n clearKeystore(): Promise<boolean> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Signs the given object as a jwt payload with private key retrieved by given kid - currently not implemented for node\n */\n signJwt(): Promise<string> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Returns the SHA-256 hash of an input string\n */\n async hashString(plainText: string): Promise<string> {\n return EncodingUtils.base64EncodeUrl(\n this.hashUtils.sha256(plainText).toString(\"base64\"), \n \"base64\" \n );\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { StringUtils, AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache, AccountEntity, IdTokenEntity, AccessTokenEntity, RefreshTokenEntity, AppMetadataEntity, CacheManager } from \"@azure/msal-common\";\nimport { JsonCache, InMemoryCache, SerializedAccountEntity, SerializedIdTokenEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedAppMetadataEntity } from \"./SerializerTypes\";\n\n/**\n * This class deserializes cache entities read from the file into in memory object types defined internally\n */\nexport class Deserializer {\n /**\n * Parse the JSON blob in memory and deserialize the content\n * @param cachedJson\n */\n static deserializeJSONBlob(jsonFile: string): JsonCache {\n const deserializedCache = StringUtils.isEmpty(jsonFile)\n ? {}\n : JSON.parse(jsonFile);\n return deserializedCache;\n }\n\n /**\n * Deserializes accounts to AccountEntity objects\n * @param accounts\n */\n static deserializeAccounts(accounts: Record<string, SerializedAccountEntity>): AccountCache {\n const accountObjects: AccountCache = {};\n if (accounts) {\n Object.keys(accounts).map(function (key) {\n const serializedAcc = accounts[key];\n const mappedAcc = {\n homeAccountId: serializedAcc.home_account_id,\n environment: serializedAcc.environment,\n realm: serializedAcc.realm,\n localAccountId: serializedAcc.local_account_id,\n username: serializedAcc.username,\n authorityType: serializedAcc.authority_type,\n name: serializedAcc.name,\n clientInfo: serializedAcc.client_info,\n lastModificationTime: serializedAcc.last_modification_time,\n lastModificationApp: serializedAcc.last_modification_app,\n };\n const account: AccountEntity = new AccountEntity();\n CacheManager.toObject(account, mappedAcc);\n accountObjects[key] = account;\n });\n }\n\n return accountObjects;\n }\n\n /**\n * Deserializes id tokens to IdTokenEntity objects\n * @param idTokens\n */\n static deserializeIdTokens(idTokens: Record<string, SerializedIdTokenEntity>): IdTokenCache {\n const idObjects: IdTokenCache = {};\n if (idTokens) {\n Object.keys(idTokens).map(function (key) {\n const serializedIdT = idTokens[key];\n const mappedIdT = {\n homeAccountId: serializedIdT.home_account_id,\n environment: serializedIdT.environment,\n credentialType: serializedIdT.credential_type,\n clientId: serializedIdT.client_id,\n secret: serializedIdT.secret,\n realm: serializedIdT.realm,\n };\n const idToken: IdTokenEntity = new IdTokenEntity();\n CacheManager.toObject(idToken, mappedIdT);\n idObjects[key] = idToken;\n });\n }\n return idObjects;\n }\n\n /**\n * Deserializes access tokens to AccessTokenEntity objects\n * @param accessTokens\n */\n static deserializeAccessTokens(accessTokens: Record<string, SerializedAccessTokenEntity>): AccessTokenCache {\n const atObjects: AccessTokenCache = {};\n if (accessTokens) {\n Object.keys(accessTokens).map(function (key) {\n const serializedAT = accessTokens[key];\n const mappedAT = {\n homeAccountId: serializedAT.home_account_id,\n environment: serializedAT.environment,\n credentialType: serializedAT.credential_type,\n clientId: serializedAT.client_id,\n secret: serializedAT.secret,\n realm: serializedAT.realm,\n target: serializedAT.target,\n cachedAt: serializedAT.cached_at,\n expiresOn: serializedAT.expires_on,\n extendedExpiresOn: serializedAT.extended_expires_on,\n refreshOn: serializedAT.refresh_on,\n keyId: serializedAT.key_id,\n tokenType: serializedAT.token_type,\n requestedClaims: serializedAT.requestedClaims,\n requestedClaimsHash: serializedAT.requestedClaimsHash,\n userAssertionHash: serializedAT.userAssertionHash,\n };\n const accessToken: AccessTokenEntity = new AccessTokenEntity();\n CacheManager.toObject(accessToken, mappedAT);\n atObjects[key] = accessToken;\n });\n }\n\n return atObjects;\n }\n\n /**\n * Deserializes refresh tokens to RefreshTokenEntity objects\n * @param refreshTokens\n */\n static deserializeRefreshTokens(refreshTokens: Record<string, SerializedRefreshTokenEntity>): RefreshTokenCache {\n const rtObjects: RefreshTokenCache = {};\n if (refreshTokens) {\n Object.keys(refreshTokens).map(function (key) {\n const serializedRT = refreshTokens[key];\n const mappedRT = {\n homeAccountId: serializedRT.home_account_id,\n environment: serializedRT.environment,\n credentialType: serializedRT.credential_type,\n clientId: serializedRT.client_id,\n secret: serializedRT.secret,\n familyId: serializedRT.family_id,\n target: serializedRT.target,\n realm: serializedRT.realm,\n };\n const refreshToken: RefreshTokenEntity = new RefreshTokenEntity();\n CacheManager.toObject(refreshToken, mappedRT);\n rtObjects[key] = refreshToken;\n });\n }\n\n return rtObjects;\n }\n\n /**\n * Deserializes appMetadata to AppMetaData objects\n * @param appMetadata\n */\n static deserializeAppMetadata(appMetadata: Record<string, SerializedAppMetadataEntity>): AppMetadataCache {\n const appMetadataObjects: AppMetadataCache = {};\n if (appMetadata) {\n Object.keys(appMetadata).map(function (key) {\n const serializedAmdt = appMetadata[key];\n const mappedAmd = {\n clientId: serializedAmdt.client_id,\n environment: serializedAmdt.environment,\n familyId: serializedAmdt.family_id,\n };\n const amd: AppMetadataEntity = new AppMetadataEntity();\n CacheManager.toObject(amd, mappedAmd);\n appMetadataObjects[key] = amd;\n });\n }\n\n return appMetadataObjects;\n }\n\n /**\n * Deserialize an inMemory Cache\n * @param jsonCache\n */\n static deserializeAllCache(jsonCache: JsonCache): InMemoryCache {\n return {\n accounts: jsonCache.Account\n ? this.deserializeAccounts(jsonCache.Account)\n : {},\n idTokens: jsonCache.IdToken\n ? this.deserializeIdTokens(jsonCache.IdToken)\n : {},\n accessTokens: jsonCache.AccessToken\n ? this.deserializeAccessTokens(jsonCache.AccessToken)\n : {},\n refreshTokens: jsonCache.RefreshToken\n ? this.deserializeRefreshTokens(jsonCache.RefreshToken)\n : {},\n appMetadata: jsonCache.AppMetadata\n ? this.deserializeAppMetadata(jsonCache.AppMetadata)\n : {},\n };\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache } from \"@azure/msal-common\";\nimport { InMemoryCache, JsonCache, SerializedAccountEntity, SerializedIdTokenEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedAppMetadataEntity } from \"./SerializerTypes\";\n\nexport class Serializer {\n /**\n * serialize the JSON blob\n * @param data\n */\n static serializeJSONBlob(data: JsonCache): string {\n return JSON.stringify(data);\n }\n\n /**\n * Serialize Accounts\n * @param accCache\n */\n static serializeAccounts(accCache: AccountCache): Record<string, SerializedAccountEntity> {\n const accounts: Record<string, SerializedAccountEntity> = {};\n Object.keys(accCache).map(function (key) {\n const accountEntity = accCache[key];\n accounts[key] = {\n home_account_id: accountEntity.homeAccountId,\n environment: accountEntity.environment,\n realm: accountEntity.realm,\n local_account_id: accountEntity.localAccountId,\n username: accountEntity.username,\n authority_type: accountEntity.authorityType,\n name: accountEntity.name,\n client_info: accountEntity.clientInfo,\n last_modification_time: accountEntity.lastModificationTime,\n last_modification_app: accountEntity.lastModificationApp,\n };\n });\n\n return accounts;\n }\n\n /**\n * Serialize IdTokens\n * @param idTCache\n */\n static serializeIdTokens(idTCache: IdTokenCache): Record<string, SerializedIdTokenEntity> {\n const idTokens: Record<string, SerializedIdTokenEntity> = {};\n Object.keys(idTCache).map(function (key) {\n const idTEntity = idTCache[key];\n idTokens[key] = {\n home_account_id: idTEntity.homeAccountId,\n environment: idTEntity.environment,\n credential_type: idTEntity.credentialType,\n client_id: idTEntity.clientId,\n secret: idTEntity.secret,\n realm: idTEntity.realm,\n };\n });\n\n return idTokens;\n }\n\n /**\n * Serializes AccessTokens\n * @param atCache\n */\n static serializeAccessTokens(atCache: AccessTokenCache): Record<string, SerializedAccessTokenEntity> {\n const accessTokens: Record<string, SerializedAccessTokenEntity> = {};\n Object.keys(atCache).map(function (key) {\n const atEntity = atCache[key];\n accessTokens[key] = {\n home_account_id: atEntity.homeAccountId,\n environment: atEntity.environment,\n credential_type: atEntity.credentialType,\n client_id: atEntity.clientId,\n secret: atEntity.secret,\n realm: atEntity.realm,\n target: atEntity.target,\n cached_at: atEntity.cachedAt,\n expires_on: atEntity.expiresOn,\n extended_expires_on: atEntity.extendedExpiresOn,\n refresh_on: atEntity.refreshOn,\n key_id: atEntity.keyId,\n token_type: atEntity.tokenType,\n requestedClaims: atEntity.requestedClaims,\n requestedClaimsHash: atEntity.requestedClaimsHash,\n userAssertionHash: atEntity.userAssertionHash\n };\n });\n\n return accessTokens;\n }\n\n /**\n * Serialize refreshTokens\n * @param rtCache\n */\n static serializeRefreshTokens(rtCache: RefreshTokenCache): Record<string, SerializedRefreshTokenEntity> {\n const refreshTokens: Record<string, SerializedRefreshTokenEntity> = {};\n Object.keys(rtCache).map(function (key) {\n const rtEntity = rtCache[key];\n refreshTokens[key] = {\n home_account_id: rtEntity.homeAccountId,\n environment: rtEntity.environment,\n credential_type: rtEntity.credentialType,\n client_id: rtEntity.clientId,\n secret: rtEntity.secret,\n family_id: rtEntity.familyId,\n target: rtEntity.target,\n realm: rtEntity.realm\n };\n });\n\n return refreshTokens;\n }\n\n /**\n * Serialize amdtCache\n * @param amdtCache\n */\n static serializeAppMetadata(amdtCache: AppMetadataCache): Record<string, SerializedAppMetadataEntity> {\n const appMetadata: Record<string, SerializedAppMetadataEntity> = {};\n Object.keys(amdtCache).map(function (key) {\n const amdtEntity = amdtCache[key];\n appMetadata[key] = {\n client_id: amdtEntity.clientId,\n environment: amdtEntity.environment,\n family_id: amdtEntity.familyId,\n };\n });\n\n return appMetadata;\n }\n\n /**\n * Serialize the cache\n * @param jsonContent\n */\n static serializeAllCache(inMemCache: InMemoryCache): JsonCache {\n return {\n Account: this.serializeAccounts(inMemCache.accounts),\n IdToken: this.serializeIdTokens(inMemCache.idTokens),\n AccessToken: this.serializeAccessTokens(inMemCache.accessTokens),\n RefreshToken: this.serializeRefreshTokens(inMemCache.refreshTokens),\n AppMetadata: this.serializeAppMetadata(inMemCache.appMetadata),\n };\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AccountEntity,\n IdTokenEntity,\n AccessTokenEntity,\n RefreshTokenEntity,\n AppMetadataEntity,\n ServerTelemetryEntity,\n ThrottlingEntity,\n CacheManager,\n Logger,\n ValidCacheType,\n ICrypto,\n AuthorityMetadataEntity,\n ValidCredentialType\n} from \"@azure/msal-common\";\nimport { Deserializer } from \"./serializer/Deserializer\";\nimport { Serializer } from \"./serializer/Serializer\";\nimport { InMemoryCache, JsonCache, CacheKVStore } from \"./serializer/SerializerTypes\";\n\n/**\n * This class implements Storage for node, reading cache from user specified storage location or an extension library\n * @public\n */\nexport class NodeStorage extends CacheManager {\n // Cache configuration, either set by user or default values.\n private logger: Logger;\n private cache: CacheKVStore = {};\n private changeEmitters: Array<Function> = [];\n\n constructor(logger: Logger, clientId: string, cryptoImpl: ICrypto) {\n super(clientId, cryptoImpl);\n this.logger = logger;\n }\n\n /**\n * Queue up callbacks\n * @param func - a callback function for cache change indication\n */\n registerChangeEmitter(func: () => void): void {\n this.changeEmitters.push(func);\n }\n\n /**\n * Invoke the callback when cache changes\n */\n emitChange(): void {\n this.changeEmitters.forEach(func => func.call(null));\n }\n\n /**\n * Converts cacheKVStore to InMemoryCache\n * @param cache - key value store\n */\n cacheToInMemoryCache(cache: CacheKVStore): InMemoryCache {\n const inMemoryCache: InMemoryCache = {\n accounts: {},\n idTokens: {},\n accessTokens: {},\n refreshTokens: {},\n appMetadata: {},\n };\n\n for (const key in cache) {\n if (cache[key as string] instanceof AccountEntity) {\n inMemoryCache.accounts[key] = cache[key] as AccountEntity;\n } else if (cache[key] instanceof IdTokenEntity) {\n inMemoryCache.idTokens[key] = cache[key] as IdTokenEntity;\n } else if (cache[key] instanceof AccessTokenEntity) {\n inMemoryCache.accessTokens[key] = cache[key] as AccessTokenEntity;\n } else if (cache[key] instanceof RefreshTokenEntity) {\n inMemoryCache.refreshTokens[key] = cache[key] as RefreshTokenEntity;\n } else if (cache[key] instanceof AppMetadataEntity) {\n inMemoryCache.appMetadata[key] = cache[key] as AppMetadataEntity;\n } else {\n continue;\n }\n }\n\n return inMemoryCache;\n }\n\n /**\n * converts inMemoryCache to CacheKVStore\n * @param inMemoryCache - kvstore map for inmemory\n */\n inMemoryCacheToCache(inMemoryCache: InMemoryCache): CacheKVStore {\n\n // convert in memory cache to a flat Key-Value map\n let cache = this.getCache();\n\n cache = {\n ...cache,\n ...inMemoryCache.accounts,\n ...inMemoryCache.idTokens,\n ...inMemoryCache.accessTokens,\n ...inMemoryCache.refreshTokens,\n ...inMemoryCache.appMetadata\n };\n\n // convert in memory cache to a flat Key-Value map\n return cache;\n }\n\n /**\n * gets the current in memory cache for the client\n */\n getInMemoryCache(): InMemoryCache {\n this.logger.trace(\"Getting in-memory cache\");\n\n // convert the cache key value store to inMemoryCache\n const inMemoryCache = this.cacheToInMemoryCache(this.getCache());\n return inMemoryCache;\n }\n\n /**\n * sets the current in memory cache for the client\n * @param inMemoryCache - key value map in memory\n */\n setInMemoryCache(inMemoryCache: InMemoryCache): void{\n this.logger.trace(\"Setting in-memory cache\");\n\n // convert and append the inMemoryCache to cacheKVStore\n const cache = this.inMemoryCacheToCache(inMemoryCache);\n this.setCache(cache);\n\n this.emitChange();\n }\n\n /**\n * get the current cache key-value store\n */\n getCache(): CacheKVStore {\n this.logger.trace(\"Getting cache key-value store\");\n return this.cache;\n }\n\n /**\n * sets the current cache (key value store)\n * @param cacheMap - key value map\n */\n setCache(cache: CacheKVStore): void {\n this.logger.trace(\"Setting cache key value store\");\n this.cache = cache;\n\n // mark change in cache\n this.emitChange();\n }\n\n /**\n * Gets cache item with given key.\n * @param key - lookup key for the cache entry\n */\n getItem(key: string): ValidCacheType {\n this.logger.tracePii(`Item key: ${key}`);\n\n // read cache\n const cache = this.getCache();\n return cache[key];\n }\n\n /**\n * Gets cache item with given key-value\n * @param key - lookup key for the cache entry\n * @param value - value of the cache entry\n */\n setItem(key: string, value: ValidCacheType): void {\n this.logger.tracePii(`Item key: ${key}`);\n\n // read cache\n const cache = this.getCache();\n cache[key] = value;\n\n // write to cache\n this.setCache(cache);\n }\n\n /**\n * fetch the account entity\n * @param accountKey - lookup key to fetch cache type AccountEntity\n */\n getAccount(accountKey: string): AccountEntity | null {\n const account = this.getItem(accountKey) as AccountEntity;\n if (AccountEntity.isAccountEntity(account)) {\n return account;\n }\n return null;\n }\n\n /**\n * set account entity\n * @param account - cache value to be set of type AccountEntity\n */\n setAccount(account: AccountEntity): void {\n const accountKey = account.generateAccountKey();\n this.setItem(accountKey, account);\n }\n\n /**\n * fetch the idToken credential\n * @param idTokenKey - lookup key to fetch cache type IdTokenEntity\n */\n getIdTokenCredential(idTokenKey: string): IdTokenEntity | null {\n const idToken = this.getItem(idTokenKey) as IdTokenEntity;\n if (IdTokenEntity.isIdTokenEntity(idToken)) {\n return idToken;\n }\n return null;\n }\n\n /**\n * set idToken credential\n * @param idToken - cache value to be set of type IdTokenEntity\n */\n setIdTokenCredential(idToken: IdTokenEntity): void {\n const idTokenKey = idToken.generateCredentialKey();\n this.setItem(idTokenKey, idToken);\n }\n\n /**\n * fetch the accessToken credential\n * @param accessTokenKey - lookup key to fetch cache type AccessTokenEntity\n */\n getAccessTokenCredential(accessTokenKey: string): AccessTokenEntity | null {\n const accessToken = this.getItem(accessTokenKey) as AccessTokenEntity;\n if (AccessTokenEntity.isAccessTokenEntity(accessToken)) {\n return accessToken;\n }\n return null;\n }\n\n /**\n * set accessToken credential\n * @param accessToken - cache value to be set of type AccessTokenEntity\n */\n setAccessTokenCredential(accessToken: AccessTokenEntity): void {\n const accessTokenKey = accessToken.generateCredentialKey();\n this.setItem(accessTokenKey, accessToken);\n }\n\n /**\n * fetch the refreshToken credential\n * @param refreshTokenKey - lookup key to fetch cache type RefreshTokenEntity\n */\n getRefreshTokenCredential(refreshTokenKey: string): RefreshTokenEntity | null {\n const refreshToken = this.getItem(refreshTokenKey) as RefreshTokenEntity;\n if (RefreshTokenEntity.isRefreshTokenEntity(refreshToken)) {\n return refreshToken as RefreshTokenEntity;\n }\n return null;\n }\n\n /**\n * set refreshToken credential\n * @param refreshToken - cache value to be set of type RefreshTokenEntity\n */\n setRefreshTokenCredential(refreshToken: RefreshTokenEntity): void {\n const refreshTokenKey = refreshToken.generateCredentialKey();\n this.setItem(refreshTokenKey, refreshToken);\n }\n\n /**\n * fetch appMetadata entity from the platform cache\n * @param appMetadataKey - lookup key to fetch cache type AppMetadataEntity\n */\n getAppMetadata(appMetadataKey: string): AppMetadataEntity | null {\n const appMetadata: AppMetadataEntity = this.getItem(appMetadataKey) as AppMetadataEntity;\n if (AppMetadataEntity.isAppMetadataEntity(appMetadataKey, appMetadata)) {\n return appMetadata;\n }\n return null;\n }\n\n /**\n * set appMetadata entity to the platform cache\n * @param appMetadata - cache value to be set of type AppMetadataEntity\n */\n setAppMetadata(appMetadata: AppMetadataEntity): void {\n const appMetadataKey = appMetadata.generateAppMetadataKey();\n this.setItem(appMetadataKey, appMetadata);\n }\n\n /**\n * fetch server telemetry entity from the platform cache\n * @param serverTelemetrykey - lookup key to fetch cache type ServerTelemetryEntity\n */\n getServerTelemetry(serverTelemetrykey: string): ServerTelemetryEntity | null {\n const serverTelemetryEntity: ServerTelemetryEntity = this.getItem(serverTelemetrykey) as ServerTelemetryEntity;\n if (serverTelemetryEntity && ServerTelemetryEntity.isServerTelemetryEntity(serverTelemetrykey, serverTelemetryEntity)) {\n return serverTelemetryEntity;\n }\n return null;\n }\n\n /**\n * set server telemetry entity to the platform cache\n * @param serverTelemetryKey - lookup key to fetch cache type ServerTelemetryEntity\n * @param serverTelemetry - cache value to be set of type ServerTelemetryEntity\n */\n setServerTelemetry(serverTelemetryKey: string, serverTelemetry: ServerTelemetryEntity): void {\n this.setItem(serverTelemetryKey, serverTelemetry);\n }\n\n /**\n * fetch authority metadata entity from the platform cache\n * @param key - lookup key to fetch cache type AuthorityMetadataEntity\n */\n getAuthorityMetadata(key: string): AuthorityMetadataEntity | null {\n const authorityMetadataEntity: AuthorityMetadataEntity = this.getItem(key) as AuthorityMetadataEntity;\n if (authorityMetadataEntity && AuthorityMetadataEntity.isAuthorityMetadataEntity(key, authorityMetadataEntity)) {\n return authorityMetadataEntity;\n }\n return null;\n }\n\n /**\n * Get all authority metadata keys\n */\n getAuthorityMetadataKeys(): Array<string> {\n return this.getKeys().filter((key) => {\n return this.isAuthorityMetadata(key);\n });\n }\n\n /**\n * set authority metadata entity to the platform cache\n * @param key - lookup key to fetch cache type AuthorityMetadataEntity\n * @param metadata - cache value to be set of type AuthorityMetadataEntity\n */\n setAuthorityMetadata(key: string, metadata: AuthorityMetadataEntity): void {\n this.setItem(key, metadata);\n }\n\n /**\n * fetch throttling entity from the platform cache\n * @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity\n */\n getThrottlingCache(throttlingCacheKey: string): ThrottlingEntity | null {\n const throttlingCache: ThrottlingEntity = this.getItem(throttlingCacheKey) as ThrottlingEntity;\n if (throttlingCache && ThrottlingEntity.isThrottlingEntity(throttlingCacheKey, throttlingCache)) {\n return throttlingCache;\n }\n return null;\n }\n\n /**\n * set throttling entity to the platform cache\n * @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity\n * @param throttlingCache - cache value to be set of type ThrottlingEntity\n */\n setThrottlingCache(throttlingCacheKey: string, throttlingCache: ThrottlingEntity): void {\n this.setItem(throttlingCacheKey, throttlingCache);\n }\n\n /**\n * Removes the cache item from memory with the given key.\n * @param key - lookup key to remove a cache entity\n * @param inMemory - key value map of the cache\n */\n removeItem(key: string): boolean {\n this.logger.tracePii(`Item key: ${key}`);\n\n // read inMemoryCache\n let result: boolean = false;\n const cache = this.getCache();\n\n if (!!cache[key]) {\n delete cache[key];\n result = true;\n }\n\n // write to the cache after removal\n if (result) {\n this.setCache(cache);\n this.emitChange();\n }\n return result;\n }\n\n /**\n * Checks whether key is in cache.\n * @param key - look up key for a cache entity\n */\n containsKey(key: string): boolean {\n return this.getKeys().includes(key);\n }\n\n /**\n * Gets all keys in window.\n */\n getKeys(): string[] {\n this.logger.trace(\"Retrieving all cache keys\");\n\n // read cache\n const cache = this.getCache();\n return [ ...Object.keys(cache)];\n }\n\n /**\n * Clears all cache entries created by MSAL (except tokens).\n */\n async clear(): Promise<void> {\n this.logger.trace(\"Clearing cache entries created by MSAL\");\n\n // read inMemoryCache\n const cacheKeys = this.getKeys();\n\n // delete each element\n cacheKeys.forEach(key => {\n this.removeItem(key);\n });\n this.emitChange();\n }\n\n /**\n * Initialize in memory cache from an exisiting cache vault\n * @param cache - blob formatted cache (JSON)\n */\n static generateInMemoryCache(cache: string): InMemoryCache {\n return Deserializer.deserializeAllCache(\n Deserializer.deserializeJSONBlob(cache)\n );\n }\n\n /**\n * retrieves the final JSON\n * @param inMemoryCache - itemised cache read from the JSON\n */\n static generateJsonCache(inMemoryCache: InMemoryCache): JsonCache {\n return Serializer.serializeAllCache(inMemoryCache);\n }\n\n /**\n * Updates a credential's cache key if the current cache key is outdated\n */\n updateCredentialCacheKey(currentCacheKey: string, credential: ValidCredentialType): string {\n const updatedCacheKey = credential.generateCredentialKey();\n\n if (currentCacheKey !== updatedCacheKey) {\n const cacheItem = this.getItem(currentCacheKey);\n if (cacheItem) {\n this.removeItem(currentCacheKey);\n this.setItem(updatedCacheKey, cacheItem);\n this.logger.verbose(`Updated an outdated ${credential.credentialType} cache key`);\n return updatedCacheKey;\n } else {\n this.logger.error(`Attempted to update an outdated ${credential.credentialType} cache key but no item matching the outdated key was found in storage`);\n }\n }\n\n return currentCacheKey;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { NodeStorage } from \"./NodeStorage\";\nimport { StringUtils, AccountEntity, AccountInfo, Logger, ISerializableTokenCache, ICachePlugin, TokenCacheContext } from \"@azure/msal-common\";\nimport { InMemoryCache, JsonCache, SerializedAccountEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedIdTokenEntity, SerializedAppMetadataEntity, CacheKVStore } from \"./serializer/SerializerTypes\";\nimport { Deserializer } from \"./serializer/Deserializer\";\nimport { Serializer } from \"./serializer/Serializer\";\nimport { ITokenCache } from \"./ITokenCache\";\n\nconst defaultSerializedCache: JsonCache = {\n Account: {},\n IdToken: {},\n AccessToken: {},\n RefreshToken: {},\n AppMetadata: {},\n};\n\n/**\n * In-memory token cache manager\n * @public\n */\nexport class TokenCache implements ISerializableTokenCache, ITokenCache {\n\n private storage: NodeStorage;\n private cacheHasChanged: boolean;\n private cacheSnapshot: string;\n private readonly persistence: ICachePlugin;\n private logger: Logger;\n\n constructor(storage: NodeStorage, logger: Logger, cachePlugin?: ICachePlugin) {\n this.cacheHasChanged = false;\n this.storage = storage;\n this.storage.registerChangeEmitter(this.handleChangeEvent.bind(this));\n if (cachePlugin) {\n this.persistence = cachePlugin;\n }\n this.logger = logger;\n }\n\n /**\n * Set to true if cache state has changed since last time serialize or writeToPersistence was called\n */\n hasChanged(): boolean {\n return this.cacheHasChanged;\n }\n\n /**\n * Serializes in memory cache to JSON\n */\n serialize(): string {\n this.logger.trace(\"Serializing in-memory cache\");\n let finalState = Serializer.serializeAllCache(\n this.storage.getInMemoryCache() as InMemoryCache\n );\n\n // if cacheSnapshot not null or empty, merge\n if (!StringUtils.isEmpty(this.cacheSnapshot)) {\n this.logger.trace(\"Reading cache snapshot from disk\");\n finalState = this.mergeState(\n JSON.parse(this.cacheSnapshot),\n finalState\n );\n } else {\n this.logger.trace(\"No cache snapshot to merge\");\n }\n this.cacheHasChanged = false;\n\n return JSON.stringify(finalState);\n }\n\n /**\n * Deserializes JSON to in-memory cache. JSON should be in MSAL cache schema format\n * @param cache - blob formatted cache\n */\n deserialize(cache: string): void {\n this.logger.trace(\"Deserializing JSON to in-memory cache\");\n this.cacheSnapshot = cache;\n\n if (!StringUtils.isEmpty(this.cacheSnapshot)) {\n this.logger.trace(\"Reading cache snapshot from disk\");\n const deserializedCache = Deserializer.deserializeAllCache(\n this.overlayDefaults(JSON.parse(this.cacheSnapshot))\n );\n this.storage.setInMemoryCache(deserializedCache);\n } else {\n this.logger.trace(\"No cache snapshot to deserialize\");\n }\n }\n\n /**\n * Fetches the cache key-value map\n */\n getKVStore(): CacheKVStore {\n return this.storage.getCache();\n }\n\n /**\n * API that retrieves all accounts currently in cache to the user\n */\n async getAllAccounts(): Promise<AccountInfo[]> {\n\n this.logger.trace(\"getAllAccounts called\");\n let cacheContext;\n try {\n if (this.persistence) {\n cacheContext = new TokenCacheContext(this, false);\n await this.persistence.beforeCacheAccess(cacheContext);\n }\n return this.storage.getAllAccounts();\n } finally {\n if (this.persistence && cacheContext) {\n await this.persistence.afterCacheAccess(cacheContext);\n }\n }\n }\n\n /**\n * Returns the signed in account matching homeAccountId.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found\n * @param homeAccountId - unique identifier for an account (uid.utid)\n */\n async getAccountByHomeId(homeAccountId: string): Promise<AccountInfo | null> {\n const allAccounts = await this.getAllAccounts();\n if (!StringUtils.isEmpty(homeAccountId) && allAccounts && allAccounts.length) {\n return allAccounts.filter(accountObj => accountObj.homeAccountId === homeAccountId)[0] || null;\n } else {\n return null;\n }\n }\n\n /**\n * Returns the signed in account matching localAccountId.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found\n * @param localAccountId - unique identifier of an account (sub/obj when homeAccountId cannot be populated)\n */\n async getAccountByLocalId(localAccountId: string): Promise<AccountInfo | null> {\n const allAccounts = await this.getAllAccounts();\n if (!StringUtils.isEmpty(localAccountId) && allAccounts && allAccounts.length) {\n return allAccounts.filter(accountObj => accountObj.localAccountId === localAccountId)[0] || null;\n } else {\n return null;\n }\n }\n\n /**\n * API to remove a specific account and the relevant data from cache\n * @param account - AccountInfo passed by the user\n */\n async removeAccount(account: AccountInfo): Promise<void> {\n this.logger.trace(\"removeAccount called\");\n let cacheContext;\n try {\n if (this.persistence) {\n cacheContext = new TokenCacheContext(this, true);\n await this.persistence.beforeCacheAccess(cacheContext);\n }\n await this.storage.removeAccount(AccountEntity.generateAccountCacheKey(account));\n } finally {\n if (this.persistence && cacheContext) {\n await this.persistence.afterCacheAccess(cacheContext);\n }\n }\n }\n\n /**\n * Called when the cache has changed state.\n */\n private handleChangeEvent() {\n this.cacheHasChanged = true;\n }\n\n /**\n * Merge in memory cache with the cache snapshot.\n * @param oldState - cache before changes\n * @param currentState - current cache state in the library\n */\n private mergeState(oldState: JsonCache, currentState: JsonCache): JsonCache {\n this.logger.trace(\"Merging in-memory cache with cache snapshot\");\n const stateAfterRemoval = this.mergeRemovals(oldState, currentState);\n return this.mergeUpdates(stateAfterRemoval, currentState);\n }\n\n /**\n * Deep update of oldState based on newState values\n * @param oldState - cache before changes\n * @param newState - updated cache\n */\n private mergeUpdates(oldState: object, newState: object): JsonCache {\n Object.keys(newState).forEach((newKey: string) => {\n const newValue = newState[newKey];\n\n // if oldState does not contain value but newValue does, add it\n if (!oldState.hasOwnProperty(newKey)) {\n if (newValue !== null) {\n oldState[newKey] = newValue;\n }\n } else {\n // both oldState and newState contain the key, do deep update\n const newValueNotNull = newValue !== null;\n const newValueIsObject = typeof newValue === \"object\";\n const newValueIsNotArray = !Array.isArray(newValue);\n const oldStateNotUndefinedOrNull = typeof oldState[newKey] !== \"undefined\" && oldState[newKey] !== null;\n\n if (newValueNotNull && newValueIsObject && newValueIsNotArray && oldStateNotUndefinedOrNull) {\n this.mergeUpdates(oldState[newKey], newValue);\n } else {\n oldState[newKey] = newValue;\n }\n }\n });\n\n return oldState as JsonCache;\n }\n\n /**\n * Removes entities in oldState that the were removed from newState. If there are any unknown values in root of\n * oldState that are not recognized, they are left untouched.\n * @param oldState - cache before changes\n * @param newState - updated cache\n */\n private mergeRemovals(oldState: JsonCache, newState: JsonCache): JsonCache {\n this.logger.trace(\"Remove updated entries in cache\");\n const accounts = oldState.Account ? this.mergeRemovalsDict<SerializedAccountEntity>(oldState.Account, newState.Account) : oldState.Account;\n const accessTokens = oldState.AccessToken ? this.mergeRemovalsDict<SerializedAccessTokenEntity>(oldState.AccessToken, newState.AccessToken) : oldState.AccessToken;\n const refreshTokens = oldState.RefreshToken ? this.mergeRemovalsDict<SerializedRefreshTokenEntity>(oldState.RefreshToken, newState.RefreshToken) : oldState.RefreshToken;\n const idTokens = oldState.IdToken ? this.mergeRemovalsDict<SerializedIdTokenEntity>(oldState.IdToken, newState.IdToken) : oldState.IdToken;\n const appMetadata = oldState.AppMetadata ? this.mergeRemovalsDict<SerializedAppMetadataEntity>(oldState.AppMetadata, newState.AppMetadata) : oldState.AppMetadata;\n\n return {\n ...oldState,\n Account: accounts,\n AccessToken: accessTokens,\n RefreshToken: refreshTokens,\n IdToken: idTokens,\n AppMetadata: appMetadata\n };\n }\n\n /**\n * Helper to merge new cache with the old one\n * @param oldState - cache before changes\n * @param newState - updated cache\n */\n private mergeRemovalsDict<T>(oldState: Record<string, T>, newState?: Record<string, T>): Record<string, T> {\n const finalState = { ...oldState };\n Object.keys(oldState).forEach((oldKey) => {\n if (!newState || !(newState.hasOwnProperty(oldKey))) {\n delete finalState[oldKey];\n }\n });\n return finalState;\n }\n\n /**\n * Helper to overlay as a part of cache merge\n * @param passedInCache - cache read from the blob\n */\n private overlayDefaults(passedInCache: JsonCache): JsonCache {\n this.logger.trace(\"Overlaying input cache with the default cache\");\n return {\n Account: {\n ...defaultSerializedCache.Account,\n ...passedInCache.Account,\n },\n IdToken: {\n ...defaultSerializedCache.IdToken,\n ...passedInCache.IdToken,\n },\n AccessToken: {\n ...defaultSerializedCache.AccessToken,\n ...passedInCache.AccessToken,\n },\n RefreshToken: {\n ...defaultSerializedCache.RefreshToken,\n ...passedInCache.RefreshToken,\n },\n AppMetadata: {\n ...defaultSerializedCache.AppMetadata,\n ...passedInCache.AppMetadata,\n },\n };\n }\n}\n","/* eslint-disable header/header */\nexport const name = \"@azure/msal-node\";\nexport const version = \"1.14.5\";\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AuthError } from \"@azure/msal-common\";\n\n/**\n * NodeAuthErrorMessage class containing string constants used by error codes and messages.\n */\nexport const NodeAuthErrorMessage = {\n invalidLoopbackAddressType: {\n code: \"invalid_loopback_server_address_type\",\n desc: \"Loopback server address is not type string. This is unexpected.\"\n },\n unableToLoadRedirectUri: {\n code: \"unable_to_load_redirectUrl\",\n desc: \"Loopback server callback was invoked without a url. This is unexpected.\"\n },\n noAuthCodeInResponse: {\n code: \"no_auth_code_in_response\",\n desc: \"No auth code found in the server response. Please check your network trace to determine what happened.\"\n },\n noLoopbackServerExists: {\n code: \"no_loopback_server_exists\",\n desc: \"No loopback server exists yet.\"\n },\n loopbackServerAlreadyExists: {\n code: \"loopback_server_already_exists\",\n desc: \"Loopback server already exists. Cannot create another.\"\n },\n loopbackServerTimeout: {\n code: \"loopback_server_timeout\",\n desc: \"Timed out waiting for auth code listener to be registered.\"\n },\n stateNotFoundError: {\n code: \"state_not_found\",\n desc: \"State not found. Please verify that the request originated from msal.\"\n },\n};\n\nexport class NodeAuthError extends AuthError {\n constructor(errorCode: string, errorMessage?: string) {\n super(errorCode, errorMessage);\n this.name = \"NodeAuthError\";\n }\n\n /**\n * Creates an error thrown if loopback server address is of type string.\n */\n static createInvalidLoopbackAddressTypeError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.invalidLoopbackAddressType.code,\n `${NodeAuthErrorMessage.invalidLoopbackAddressType.desc}`);\n }\n\n /**\n * Creates an error thrown if the loopback server is unable to get a url.\n */\n static createUnableToLoadRedirectUrlError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.unableToLoadRedirectUri.code,\n `${NodeAuthErrorMessage.unableToLoadRedirectUri.desc}`);\n }\n\n /**\n * Creates an error thrown if the server response does not contain an auth code.\n */\n static createNoAuthCodeInResponseError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.noAuthCodeInResponse.code,\n `${NodeAuthErrorMessage.noAuthCodeInResponse.desc}`);\n }\n\n /**\n * Creates an error thrown if the loopback server has not been spun up yet.\n */\n static createNoLoopbackServerExistsError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.noLoopbackServerExists.code,\n `${NodeAuthErrorMessage.noLoopbackServerExists.desc}`);\n }\n\n /**\n * Creates an error thrown if a loopback server already exists when attempting to create another one.\n */\n static createLoopbackServerAlreadyExistsError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.loopbackServerAlreadyExists.code,\n `${NodeAuthErrorMessage.loopbackServerAlreadyExists.desc}`);\n }\n\n /**\n * Creates an error thrown if the loopback server times out registering the auth code listener.\n */\n static createLoopbackServerTimeoutError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.loopbackServerTimeout.code,\n `${NodeAuthErrorMessage.loopbackServerTimeout.desc}`);\n }\n\n /**\n * Creates an error thrown when the state is not present.\n */\n static createStateNotFoundError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.stateNotFoundError.code, NodeAuthErrorMessage.stateNotFoundError.desc);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AuthorizationCodeClient,\n ClientConfiguration,\n RefreshTokenClient,\n AuthenticationResult,\n Authority,\n AuthorityFactory,\n BaseAuthRequest,\n SilentFlowClient,\n Logger,\n ServerTelemetryManager,\n ServerTelemetryRequest,\n CommonSilentFlowRequest,\n CommonRefreshTokenRequest,\n CommonAuthorizationCodeRequest,\n CommonAuthorizationUrlRequest,\n CommonUsernamePasswordRequest,\n UsernamePasswordClient,\n AuthenticationScheme,\n ResponseMode,\n AuthorityOptions,\n OIDC_DEFAULT_SCOPES,\n AzureRegionConfiguration,\n AuthError,\n AzureCloudOptions,\n AuthorizationCodePayload,\n StringUtils,\n ClientAuthError,\n Constants,\n} from \"@azure/msal-common\";\nimport { Configuration, buildAppConfiguration, NodeConfiguration } from \"../config/Configuration\";\nimport { CryptoProvider } from \"../crypto/CryptoProvider\";\nimport { NodeStorage } from \"../cache/NodeStorage\";\nimport { Constants as NodeConstants, ApiId } from \"../utils/Constants\";\nimport { TokenCache } from \"../cache/TokenCache\";\nimport { ClientAssertion } from \"./ClientAssertion\";\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest\";\nimport { AuthorizationCodeRequest } from \"../request/AuthorizationCodeRequest\";\nimport { RefreshTokenRequest } from \"../request/RefreshTokenRequest\";\nimport { SilentFlowRequest } from \"../request/SilentFlowRequest\";\nimport { version, name } from \"../packageMetadata\";\nimport { UsernamePasswordRequest } from \"../request/UsernamePasswordRequest\";\nimport { NodeAuthError } from \"../error/NodeAuthError\";\n\n/**\n * Base abstract class for all ClientApplications - public and confidential\n * @public\n */\nexport abstract class ClientApplication {\n\n protected readonly cryptoProvider: CryptoProvider;\n private tokenCache: TokenCache;\n\n /**\n * Platform storage object\n */\n protected storage: NodeStorage;\n /**\n * Logger object to log the application flow\n */\n protected logger: Logger;\n /**\n * Platform configuration initialized by the application\n */\n protected config: NodeConfiguration;\n /**\n * Client assertion passed by the user for confidential client flows\n */\n protected clientAssertion: ClientAssertion;\n /**\n * Client secret passed by the user for confidential client flows\n */\n protected clientSecret: string;\n\n /**\n * Constructor for the ClientApplication\n */\n protected constructor(configuration: Configuration) {\n this.config = buildAppConfiguration(configuration);\n this.cryptoProvider = new CryptoProvider();\n this.logger = new Logger(this.config.system.loggerOptions, name, version);\n this.storage = new NodeStorage(this.logger, this.config.auth.clientId, this.cryptoProvider);\n this.tokenCache = new TokenCache(\n this.storage,\n this.logger,\n this.config.cache.cachePlugin\n );\n }\n\n /**\n * Creates the URL of the authorization request, letting the user input credentials and consent to the\n * application. The URL targets the /authorize endpoint of the authority configured in the\n * application object.\n *\n * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI\n * sent in the request and should contain an authorization code, which can then be used to acquire tokens via\n * `acquireTokenByCode(AuthorizationCodeRequest)`.\n */\n async getAuthCodeUrl(request: AuthorizationUrlRequest): Promise<string> {\n this.logger.info(\"getAuthCodeUrl called\", request.correlationId);\n const validRequest: CommonAuthorizationUrlRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n responseMode: request.responseMode || ResponseMode.QUERY,\n authenticationScheme: AuthenticationScheme.BEARER\n };\n\n const authClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n undefined,\n undefined,\n request.azureCloudOptions\n );\n const authorizationCodeClient = new AuthorizationCodeClient(\n authClientConfig\n );\n this.logger.verbose(\"Auth code client created\", validRequest.correlationId);\n return authorizationCodeClient.getAuthCodeUrl(validRequest);\n }\n\n /**\n * Acquires a token by exchanging the Authorization Code received from the first step of OAuth2.0\n * Authorization Code flow.\n *\n * `getAuthCodeUrl(AuthorizationCodeUrlRequest)` can be used to create the URL for the first step of OAuth2.0\n * Authorization Code flow. Ensure that values for redirectUri and scopes in AuthorizationCodeUrlRequest and\n * AuthorizationCodeRequest are the same.\n */\n async acquireTokenByCode(request: AuthorizationCodeRequest, authCodePayLoad?: AuthorizationCodePayload): Promise<AuthenticationResult> {\n this.logger.info(\"acquireTokenByCode called\");\n if (request.state && authCodePayLoad){\n this.logger.info(\"acquireTokenByCode - validating state\");\n this.validateState(request.state, authCodePayLoad.state || \"\");\n // eslint-disable-next-line no-param-reassign\n authCodePayLoad= {...authCodePayLoad, state: \"\"};\n }\n const validRequest: CommonAuthorizationCodeRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n authenticationScheme: AuthenticationScheme.BEARER\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByCode, validRequest.correlationId);\n try {\n const authClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const authorizationCodeClient = new AuthorizationCodeClient(\n authClientConfig\n );\n this.logger.verbose(\"Auth code client created\", validRequest.correlationId);\n return authorizationCodeClient.acquireToken(validRequest, authCodePayLoad);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires a token by exchanging the refresh token provided for a new set of tokens.\n *\n * This API is provided only for scenarios where you would like to migrate from ADAL to MSAL. Otherwise, it is\n * recommended that you use `acquireTokenSilent()` for silent scenarios. When using `acquireTokenSilent()`, MSAL will\n * handle the caching and refreshing of tokens automatically.\n */\n async acquireTokenByRefreshToken(request: RefreshTokenRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByRefreshToken called\", request.correlationId);\n const validRequest: CommonRefreshTokenRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n authenticationScheme: AuthenticationScheme.BEARER\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByRefreshToken, validRequest.correlationId);\n try {\n const refreshTokenClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const refreshTokenClient = new RefreshTokenClient(\n refreshTokenClientConfig\n );\n this.logger.verbose(\"Refresh token client created\", validRequest.correlationId);\n return refreshTokenClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires a token silently when a user specifies the account the token is requested for.\n *\n * This API expects the user to provide an account object and looks into the cache to retrieve the token if present.\n * There is also an optional \"forceRefresh\" boolean the user can send to bypass the cache for access_token and id_token.\n * In case the refresh_token is expired or not found, an error is thrown\n * and the guidance is for the user to call any interactive token acquisition API (eg: `acquireTokenByCode()`).\n */\n async acquireTokenSilent(request: SilentFlowRequest): Promise<AuthenticationResult | null> {\n const validRequest: CommonSilentFlowRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n forceRefresh: request.forceRefresh || false\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenSilent, validRequest.correlationId, validRequest.forceRefresh);\n try {\n const silentFlowClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const silentFlowClient = new SilentFlowClient(\n silentFlowClientConfig\n );\n this.logger.verbose(\"Silent flow client created\", validRequest.correlationId);\n return silentFlowClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires tokens with password grant by exchanging client applications username and password for credentials\n *\n * The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely.\n * More details on this recommendation at https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.4\n * Microsoft's documentation and recommendations are at:\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#usernamepassword\n *\n * @param request - UsenamePasswordRequest\n */\n async acquireTokenByUsernamePassword(request: UsernamePasswordRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByUsernamePassword called\", request.correlationId);\n const validRequest: CommonUsernamePasswordRequest = {\n ...request,\n ... await this.initializeBaseRequest(request)\n };\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByUsernamePassword, validRequest.correlationId);\n try {\n const usernamePasswordClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const usernamePasswordClient = new UsernamePasswordClient(usernamePasswordClientConfig);\n this.logger.verbose(\"Username password client created\", validRequest.correlationId);\n return usernamePasswordClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Gets the token cache for the application.\n */\n getTokenCache(): TokenCache {\n this.logger.info(\"getTokenCache called\");\n return this.tokenCache;\n }\n\n /**\n * Validates OIDC state by comparing the user cached state with the state received from the server.\n * \n * This API is provided for scenarios where you would use OAuth2.0 state parameter to mitigate against\n * CSRF attacks.\n * For more information about state, visit https://datatracker.ietf.org/doc/html/rfc6819#section-3.6.\n * @param state\n * @param cachedState\n */\n protected validateState(state: string, cachedState: string): void {\n if(!state) {\n throw NodeAuthError.createStateNotFoundError();\n }\n\n if(state !== cachedState) {\n throw ClientAuthError.createStateMismatchError();\n }\n }\n\n /**\n * Returns the logger instance\n */\n getLogger(): Logger {\n return this.logger;\n }\n\n /**\n * Replaces the default logger set in configurations with new Logger with new configurations\n * @param logger - Logger instance\n */\n setLogger(logger: Logger): void {\n this.logger = logger;\n }\n\n /**\n * Builds the common configuration to be passed to the common component based on the platform configurarion\n * @param authority - user passed authority in configuration\n * @param serverTelemetryManager - initializes servertelemetry if passed\n */\n protected async buildOauthClientConfiguration(\n authority: string,\n requestCorrelationId?: string, \n serverTelemetryManager?: ServerTelemetryManager,\n azureRegionConfiguration?: AzureRegionConfiguration, \n azureCloudOptions?: AzureCloudOptions): Promise<ClientConfiguration> {\n \n this.logger.verbose(\"buildOauthClientConfiguration called\", requestCorrelationId);\n\n // precedence - azureCloudInstance + tenant >> authority and request >> config\n const userAzureCloudOptions = azureCloudOptions ? azureCloudOptions : this.config.auth.azureCloudOptions;\n\n // using null assertion operator as we ensure that all config values have default values in buildConfiguration()\n this.logger.verbose(`building oauth client configuration with the authority: ${authority}`, requestCorrelationId);\n const discoveredAuthority = await this.createAuthority(authority, azureRegionConfiguration, requestCorrelationId, userAzureCloudOptions);\n\n serverTelemetryManager?.updateRegionDiscoveryMetadata(discoveredAuthority.regionDiscoveryMetadata);\n\n const clientConfiguration: ClientConfiguration = {\n authOptions: {\n clientId: this.config.auth.clientId,\n authority: discoveredAuthority,\n clientCapabilities: this.config.auth.clientCapabilities\n },\n systemOptions: {\n proxyUrl: this.config.system.proxyUrl,\n },\n loggerOptions: {\n logLevel: this.config.system.loggerOptions.logLevel,\n loggerCallback: this.config.system.loggerOptions\n .loggerCallback,\n piiLoggingEnabled: this.config.system.loggerOptions\n .piiLoggingEnabled,\n correlationId: requestCorrelationId\n },\n cryptoInterface: this.cryptoProvider,\n networkInterface: this.config.system.networkClient,\n storageInterface: this.storage,\n serverTelemetryManager: serverTelemetryManager,\n clientCredentials: {\n clientSecret: this.clientSecret,\n clientAssertion: this.clientAssertion ? this.getClientAssertion(discoveredAuthority) : undefined,\n },\n libraryInfo: {\n sku: NodeConstants.MSAL_SKU,\n version: version,\n cpu: process.arch || Constants.EMPTY_STRING,\n os: process.platform || Constants.EMPTY_STRING,\n },\n telemetry: this.config.telemetry,\n persistencePlugin: this.config.cache.cachePlugin,\n serializableCache: this.tokenCache \n };\n\n return clientConfiguration;\n }\n\n private getClientAssertion(authority: Authority): { assertion: string, assertionType: string } {\n return {\n assertion: this.clientAssertion.getJwt(this.cryptoProvider, this.config.auth.clientId, authority.tokenEndpoint),\n assertionType: NodeConstants.JWT_BEARER_ASSERTION_TYPE\n };\n }\n\n /**\n * Generates a request with the default scopes & generates a correlationId.\n * @param authRequest - BaseAuthRequest for initialization\n */\n protected async initializeBaseRequest(authRequest: Partial<BaseAuthRequest>): Promise<BaseAuthRequest> {\n this.logger.verbose(\"initializeRequestScopes called\", authRequest.correlationId);\n // Default authenticationScheme to Bearer, log that POP isn't supported yet\n if (authRequest.authenticationScheme && authRequest.authenticationScheme === AuthenticationScheme.POP) {\n this.logger.verbose(\"Authentication Scheme 'pop' is not supported yet, setting Authentication Scheme to 'Bearer' for request\", authRequest.correlationId);\n }\n\n authRequest.authenticationScheme = AuthenticationScheme.BEARER;\n\n // Set requested claims hash if claims were requested\n if (authRequest.claims && !StringUtils.isEmpty(authRequest.claims)) {\n authRequest.requestedClaimsHash = await this.cryptoProvider.hashString(authRequest.claims);\n }\n\n return {\n ...authRequest,\n scopes: [...((authRequest && authRequest.scopes) || []), ...OIDC_DEFAULT_SCOPES],\n correlationId: authRequest && authRequest.correlationId || this.cryptoProvider.createNewGuid(),\n authority: authRequest.authority || this.config.auth.authority\n };\n }\n\n /**\n * Initializes the server telemetry payload\n * @param apiId - Id for a specific request\n * @param correlationId - GUID\n * @param forceRefresh - boolean to indicate network call\n */\n protected initializeServerTelemetryManager(apiId: number, correlationId: string, forceRefresh?: boolean): ServerTelemetryManager {\n const telemetryPayload: ServerTelemetryRequest = {\n clientId: this.config.auth.clientId,\n correlationId: correlationId,\n apiId: apiId,\n forceRefresh: forceRefresh || false\n };\n\n return new ServerTelemetryManager(telemetryPayload, this.storage);\n }\n\n /**\n * Create authority instance. If authority not passed in request, default to authority set on the application\n * object. If no authority set in application object, then default to common authority.\n * @param authorityString - authority from user configuration\n */\n private async createAuthority(authorityString: string, azureRegionConfiguration?: AzureRegionConfiguration, requestCorrelationId?: string, azureCloudOptions?: AzureCloudOptions): Promise<Authority> {\n this.logger.verbose(\"createAuthority called\", requestCorrelationId);\n\n // build authority string based on auth params - azureCloudInstance is prioritized if provided\n const authorityUrl = Authority.generateAuthority(authorityString, azureCloudOptions);\n\n const authorityOptions: AuthorityOptions = {\n protocolMode: this.config.auth.protocolMode,\n knownAuthorities: this.config.auth.knownAuthorities,\n cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,\n authorityMetadata: this.config.auth.authorityMetadata,\n azureRegionConfiguration,\n skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache,\n };\n\n return await AuthorityFactory.createDiscoveredInstance(authorityUrl, this.config.system.networkClient, this.storage, authorityOptions, this.logger, this.config.system.proxyUrl);\n }\n\n /**\n * Clear the cache\n */\n clearCache(): void {\n this.storage.clear();\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Constants as CommonConstants, ServerAuthorizationCodeResponse, UrlString } from \"@azure/msal-common\";\nimport { createServer, IncomingMessage, Server, ServerResponse } from \"http\";\nimport { NodeAuthError } from \"../error/NodeAuthError\";\nimport { Constants, HttpStatus, LOOPBACK_SERVER_CONSTANTS } from \"../utils/Constants\";\n\nexport class LoopbackClient {\n private server: Server;\n\n /**\n * Spins up a loopback server which returns the server response when the localhost redirectUri is hit\n * @param successTemplate \n * @param errorTemplate \n * @returns \n */\n async listenForAuthCode(successTemplate?: string, errorTemplate?: string): Promise<ServerAuthorizationCodeResponse> {\n if (!!this.server) {\n throw NodeAuthError.createLoopbackServerAlreadyExistsError();\n }\n\n const authCodeListener = new Promise<ServerAuthorizationCodeResponse>((resolve, reject) => {\n this.server = createServer(async (req: IncomingMessage, res: ServerResponse) => {\n const url = req.url;\n if (!url) {\n res.end(errorTemplate || \"Error occurred loading redirectUrl\");\n reject(NodeAuthError.createUnableToLoadRedirectUrlError());\n return;\n } else if (url === CommonConstants.FORWARD_SLASH) {\n res.end(successTemplate || \"Auth code was successfully acquired. You can close this window now.\");\n return;\n }\n \n const authCodeResponse = UrlString.getDeserializedQueryString(url);\n if (authCodeResponse.code) {\n const redirectUri = await this.getRedirectUri();\n res.writeHead(HttpStatus.REDIRECT, { location: redirectUri }); // Prevent auth code from being saved in the browser history\n res.end();\n }\n resolve(authCodeResponse);\n });\n this.server.listen(0); // Listen on any available port\n });\n\n // Wait for server to be listening\n await new Promise<void>((resolve) => {\n let ticks = 0;\n const id = setInterval(() => {\n if ((LOOPBACK_SERVER_CONSTANTS.TIMEOUT_MS / LOOPBACK_SERVER_CONSTANTS.INTERVAL_MS) < ticks) {\n throw NodeAuthError.createLoopbackServerTimeoutError();\n }\n \n if (this.server.listening) {\n clearInterval(id);\n resolve();\n }\n ticks++;\n }, LOOPBACK_SERVER_CONSTANTS.INTERVAL_MS);\n });\n\n return authCodeListener;\n }\n\n /**\n * Get the port that the loopback server is running on\n * @returns \n */\n getRedirectUri(): string {\n if (!this.server) {\n throw NodeAuthError.createNoLoopbackServerExistsError();\n }\n \n const address = this.server.address();\n if (!address || typeof address === \"string\" || !address.port) {\n this.closeServer();\n throw NodeAuthError.createInvalidLoopbackAddressTypeError();\n } \n\n const port = address && address.port;\n\n return `${Constants.HTTP_PROTOCOL}${Constants.LOCALHOST}:${port}`;\n }\n\n /**\n * Close the loopback server\n */\n closeServer(): void {\n if (!!this.server) {\n this.server.close();\n }\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ApiId } from \"../utils/Constants\";\nimport {\n DeviceCodeClient,\n AuthenticationResult,\n CommonDeviceCodeRequest,\n AuthError,\n ResponseMode,\n OIDC_DEFAULT_SCOPES,\n CodeChallengeMethodValues,\n Constants as CommonConstants,\n ServerError\n} from \"@azure/msal-common\";\nimport { Configuration } from \"../config/Configuration\";\nimport { ClientApplication } from \"./ClientApplication\";\nimport { IPublicClientApplication } from \"./IPublicClientApplication\";\nimport { DeviceCodeRequest } from \"../request/DeviceCodeRequest\";\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest\";\nimport { AuthorizationCodeRequest } from \"../request/AuthorizationCodeRequest\";\nimport { InteractiveRequest } from \"../request/InteractiveRequest\";\nimport { NodeAuthError } from \"../error/NodeAuthError\";\nimport { LoopbackClient } from \"../network/LoopbackClient\";\n\n/**\n * This class is to be used to acquire tokens for public client applications (desktop, mobile). Public client applications\n * are not trusted to safely store application secrets, and therefore can only request tokens in the name of an user.\n * @public\n */\nexport class PublicClientApplication extends ClientApplication implements IPublicClientApplication {\n /**\n * Important attributes in the Configuration object for auth are:\n * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal.\n * - authority: the authority URL for your application.\n *\n * AAD authorities are of the form https://login.microsoftonline.com/\\{Enter_the_Tenant_Info_Here\\}.\n * - If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\n * - If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\n * - If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\n * - To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\n *\n * Azure B2C authorities are of the form https://\\{instance\\}/\\{tenant\\}/\\{policy\\}. Each policy is considered\n * its own authority. You will have to set the all of the knownAuthorities at the time of the client application\n * construction.\n *\n * ADFS authorities are of the form https://\\{instance\\}/adfs.\n */\n constructor(configuration: Configuration) {\n super(configuration);\n }\n\n /**\n * Acquires a token from the authority using OAuth2.0 device code flow.\n * This flow is designed for devices that do not have access to a browser or have input constraints.\n * The authorization server issues a DeviceCode object with a verification code, an end-user code,\n * and the end-user verification URI. The DeviceCode object is provided through a callback, and the end-user should be\n * instructed to use another device to navigate to the verification URI to input credentials.\n * Since the client cannot receive incoming requests, it polls the authorization server repeatedly\n * until the end-user completes input of credentials.\n */\n public async acquireTokenByDeviceCode(request: DeviceCodeRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByDeviceCode called\", request.correlationId);\n const validRequest: CommonDeviceCodeRequest = Object.assign(request, await this.initializeBaseRequest(request));\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByDeviceCode, validRequest.correlationId);\n try {\n const deviceCodeConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const deviceCodeClient = new DeviceCodeClient(deviceCodeConfig);\n this.logger.verbose(\"Device code client created\", validRequest.correlationId);\n return deviceCodeClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires a token by requesting an Authorization code then exchanging it for a token.\n */\n async acquireTokenInteractive(request: InteractiveRequest): Promise<AuthenticationResult> {\n const { verifier, challenge } = await this.cryptoProvider.generatePkceCodes();\n const { openBrowser, successTemplate, errorTemplate, ...remainingProperties } = request;\n\n const loopbackClient = new LoopbackClient();\n const authCodeListener = loopbackClient.listenForAuthCode(successTemplate, errorTemplate);\n const redirectUri = loopbackClient.getRedirectUri();\n\n const validRequest: AuthorizationUrlRequest = {\n ...remainingProperties,\n scopes: request.scopes || OIDC_DEFAULT_SCOPES,\n redirectUri: redirectUri,\n responseMode: ResponseMode.QUERY,\n codeChallenge: challenge, \n codeChallengeMethod: CodeChallengeMethodValues.S256\n };\n\n const authCodeUrl = await this.getAuthCodeUrl(validRequest);\n await openBrowser(authCodeUrl);\n const authCodeResponse = await authCodeListener.finally(() => {\n loopbackClient.closeServer();\n });\n\n if (authCodeResponse.error) {\n throw new ServerError(authCodeResponse.error, authCodeResponse.error_description, authCodeResponse.suberror);\n } else if (!authCodeResponse.code) {\n throw NodeAuthError.createNoAuthCodeInResponseError();\n }\n\n const clientInfo = authCodeResponse.client_info;\n const tokenRequest: AuthorizationCodeRequest = {\n code: authCodeResponse.code,\n codeVerifier: verifier,\n clientInfo: clientInfo || CommonConstants.EMPTY_STRING,\n ...validRequest\n };\n return this.acquireTokenByCode(tokenRequest);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { JwtHeader, sign } from \"jsonwebtoken\";\nimport { TimeUtils, ClientAuthError, Constants } from \"@azure/msal-common\";\nimport { CryptoProvider } from \"../crypto/CryptoProvider\";\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\nimport { JwtConstants } from \"../utils/Constants\";\n\n/**\n * Client assertion of type jwt-bearer used in confidential client flows\n * @public\n */\nexport class ClientAssertion {\n\n private jwt: string;\n private privateKey: string;\n private thumbprint: string;\n private expirationTime: number;\n private issuer: string;\n private jwtAudience: string;\n private publicCertificate: Array<string>;\n\n /**\n * Initialize the ClientAssertion class from the clientAssertion passed by the user\n * @param assertion - refer https://tools.ietf.org/html/rfc7521\n */\n public static fromAssertion(assertion: string): ClientAssertion {\n const clientAssertion = new ClientAssertion();\n clientAssertion.jwt = assertion;\n return clientAssertion;\n }\n\n /**\n * Initialize the ClientAssertion class from the certificate passed by the user\n * @param thumbprint - identifier of a certificate\n * @param privateKey - secret key\n * @param publicCertificate - electronic document provided to prove the ownership of the public key\n */\n public static fromCertificate(thumbprint: string, privateKey: string, publicCertificate?: string): ClientAssertion {\n const clientAssertion = new ClientAssertion();\n clientAssertion.privateKey = privateKey;\n clientAssertion.thumbprint = thumbprint;\n if (publicCertificate) {\n clientAssertion.publicCertificate = this.parseCertificate(publicCertificate);\n }\n return clientAssertion;\n }\n\n /**\n * Update JWT for certificate based clientAssertion, if passed by the user, uses it as is\n * @param cryptoProvider - library's crypto helper\n * @param issuer - iss claim\n * @param jwtAudience - aud claim\n */\n public getJwt(cryptoProvider: CryptoProvider, issuer: string, jwtAudience: string): string {\n // if assertion was created from certificate, check if jwt is expired and create new one.\n if (this.privateKey && this.thumbprint) {\n\n if (this.jwt && !this.isExpired() && issuer === this.issuer && jwtAudience === this.jwtAudience) {\n return this.jwt;\n }\n\n return this.createJwt(cryptoProvider, issuer, jwtAudience);\n }\n\n /*\n * if assertion was created by caller, then we just append it. It is up to the caller to\n * ensure that it contains necessary claims and that it is not expired.\n */\n if (this.jwt) {\n return this.jwt;\n }\n\n throw ClientAuthError.createInvalidAssertionError();\n }\n\n /**\n * JWT format and required claims specified: https://tools.ietf.org/html/rfc7523#section-3\n */\n private createJwt(cryptoProvider: CryptoProvider, issuer: string, jwtAudience: string): string {\n\n this.issuer = issuer;\n this.jwtAudience = jwtAudience;\n const issuedAt = TimeUtils.nowSeconds();\n this.expirationTime = issuedAt + 600;\n\n const header: JwtHeader = {\n alg: JwtConstants.RSA_256,\n x5t: EncodingUtils.base64EncodeUrl(this.thumbprint, \"hex\")\n };\n\n if (this.publicCertificate) {\n Object.assign(header, {\n x5c: this.publicCertificate\n } as Partial<JwtHeader>);\n }\n\n const payload = {\n [JwtConstants.AUDIENCE]: this.jwtAudience,\n [JwtConstants.EXPIRATION_TIME]: this.expirationTime,\n [JwtConstants.ISSUER]: this.issuer,\n [JwtConstants.SUBJECT]: this.issuer,\n [JwtConstants.NOT_BEFORE]: issuedAt,\n [JwtConstants.JWT_ID]: cryptoProvider.createNewGuid()\n };\n\n this.jwt = sign(payload, this.privateKey, { header });\n return this.jwt;\n }\n\n /**\n * Utility API to check expiration\n */\n private isExpired(): boolean {\n return this.expirationTime < TimeUtils.nowSeconds();\n }\n\n /**\n * Extracts the raw certs from a given certificate string and returns them in an array.\n * @param publicCertificate - electronic document provided to prove the ownership of the public key\n */\n public static parseCertificate(publicCertificate: string): Array<string> {\n /**\n * This is regex to identify the certs in a given certificate string.\n * We want to look for the contents between the BEGIN and END certificate strings, without the associated newlines.\n * The information in parens \"(.+?)\" is the capture group to represent the cert we want isolated.\n * \".\" means any string character, \"+\" means match 1 or more times, and \"?\" means the shortest match.\n * The \"g\" at the end of the regex means search the string globally, and the \"s\" enables the \".\" to match newlines.\n */\n const regexToFindCerts = /-----BEGIN CERTIFICATE-----\\r*\\n(.+?)\\r*\\n-----END CERTIFICATE-----/gs;\n const certs: string[] = [];\n\n let matches;\n while ((matches = regexToFindCerts.exec(publicCertificate)) !== null) {\n // matches[1] represents the first parens capture group in the regex.\n certs.push(matches[1].replace(/\\r*\\n/g, Constants.EMPTY_STRING));\n }\n\n return certs;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ClientApplication } from \"./ClientApplication\";\nimport { Configuration } from \"../config/Configuration\";\nimport { ClientAssertion } from \"./ClientAssertion\";\nimport { Constants as NodeConstants, ApiId, REGION_ENVIRONMENT_VARIABLE } from \"../utils/Constants\";\nimport {\n ClientCredentialClient,\n OnBehalfOfClient,\n CommonClientCredentialRequest,\n CommonOnBehalfOfRequest,\n AuthenticationResult,\n StringUtils,\n ClientAuthError,\n AzureRegionConfiguration,\n AuthError,\n Constants,\n IAppTokenProvider,\n OIDC_DEFAULT_SCOPES\n} from \"@azure/msal-common\";\nimport { IConfidentialClientApplication } from \"./IConfidentialClientApplication\";\nimport { OnBehalfOfRequest } from \"../request/OnBehalfOfRequest\";\nimport { ClientCredentialRequest } from \"../request/ClientCredentialRequest\";\n\n/**\n * This class is to be used to acquire tokens for confidential client applications (webApp, webAPI). Confidential client applications\n * will configure application secrets, client certificates/assertions as applicable\n * @public\n */\nexport class ConfidentialClientApplication extends ClientApplication implements IConfidentialClientApplication {\n private appTokenProvider?: IAppTokenProvider;\n\n /**\n * Constructor for the ConfidentialClientApplication\n *\n * Required attributes in the Configuration object are:\n * - clientID: the application ID of your application. You can obtain one by registering your application with our application registration portal\n * - authority: the authority URL for your application.\n * - client credential: Must set either client secret, certificate, or assertion for confidential clients. You can obtain a client secret from the application registration portal.\n *\n * In Azure AD, authority is a URL indicating of the form https://login.microsoftonline.com/\\{Enter_the_Tenant_Info_Here\\}.\n * If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\n * If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\n * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\n * To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\n *\n * In Azure B2C, authority is of the form https://\\{instance\\}/tfp/\\{tenant\\}/\\{policyName\\}/\n * Full B2C functionality will be available in this library in future versions.\n *\n * @param Configuration - configuration object for the MSAL ConfidentialClientApplication instance\n */\n constructor(configuration: Configuration) {\n super(configuration);\n this.setClientCredential(this.config);\n this.appTokenProvider = undefined;\n }\n\n /** \n * This extensibility point only works for the client_credential flow, i.e. acquireTokenByClientCredential and\n * is meant for Azure SDK to enhance Managed Identity support.\n * \n * @param IAppTokenProvider - Extensibility interface, which allows the app developer to return a token from a custom source. \n */\n SetAppTokenProvider(provider: IAppTokenProvider): void {\n this.appTokenProvider = provider;\n }\n\n /**\n * Acquires tokens from the authority for the application (not for an end user).\n */\n public async acquireTokenByClientCredential(request: ClientCredentialRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByClientCredential called\", request.correlationId);\n\n // If there is a client assertion present in the request, it overrides the one present in the client configuration\n let clientAssertion;\n if (request.clientAssertion) {\n clientAssertion = {\n assertion: request.clientAssertion,\n assertionType: NodeConstants.JWT_BEARER_ASSERTION_TYPE\n };\n }\n\n const baseRequest = await this.initializeBaseRequest(request);\n\n // valid base request should not contain oidc scopes in this grant type\n const validBaseRequest = {\n ...baseRequest,\n scopes: baseRequest.scopes.filter((scope: string) => !OIDC_DEFAULT_SCOPES.includes(scope))\n };\n\n const validRequest: CommonClientCredentialRequest = {\n ...request,\n ...validBaseRequest,\n clientAssertion\n };\n\n const azureRegionConfiguration: AzureRegionConfiguration = {\n azureRegion: validRequest.azureRegion,\n environmentRegion: process.env[REGION_ENVIRONMENT_VARIABLE]\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByClientCredential, validRequest.correlationId, validRequest.skipCache);\n try {\n const clientCredentialConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n azureRegionConfiguration,\n request.azureCloudOptions\n );\n const clientCredentialClient = new ClientCredentialClient(clientCredentialConfig, this.appTokenProvider);\n this.logger.verbose(\"Client credential client created\", validRequest.correlationId);\n return clientCredentialClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires tokens from the authority for the application.\n *\n * Used in scenarios where the current app is a middle-tier service which was called with a token\n * representing an end user. The current app can use the token (oboAssertion) to request another\n * token to access downstream web API, on behalf of that user.\n *\n * The current middle-tier app has no user interaction to obtain consent.\n * See how to gain consent upfront for your middle-tier app from this article.\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#gaining-consent-for-the-middle-tier-application\n */\n public async acquireTokenOnBehalfOf(request: OnBehalfOfRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenOnBehalfOf called\", request.correlationId);\n const validRequest: CommonOnBehalfOfRequest = {\n ...request,\n ... await this.initializeBaseRequest(request)\n };\n try {\n const onBehalfOfConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n undefined,\n undefined,\n request.azureCloudOptions\n );\n const oboClient = new OnBehalfOfClient(onBehalfOfConfig);\n this.logger.verbose(\"On behalf of client created\", validRequest.correlationId);\n return oboClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n throw e;\n }\n }\n\n private setClientCredential(configuration: Configuration): void {\n const clientSecretNotEmpty = !StringUtils.isEmpty(configuration.auth.clientSecret);\n const clientAssertionNotEmpty = !StringUtils.isEmpty(configuration.auth.clientAssertion);\n const certificate = configuration.auth.clientCertificate || {\n thumbprint: Constants.EMPTY_STRING,\n privateKey: Constants.EMPTY_STRING\n };\n const certificateNotEmpty = !StringUtils.isEmpty(certificate.thumbprint) || !StringUtils.isEmpty(certificate.privateKey);\n\n /*\n * If app developer configures this callback, they don't need a credential\n * i.e. AzureSDK can get token from Managed Identity without a cert / secret\n */\n if (this.appTokenProvider) {\n return;\n }\n\n // Check that at most one credential is set on the application\n if (\n clientSecretNotEmpty && clientAssertionNotEmpty ||\n clientAssertionNotEmpty && certificateNotEmpty ||\n clientSecretNotEmpty && certificateNotEmpty) {\n throw ClientAuthError.createInvalidCredentialError();\n }\n\n if (configuration.auth.clientSecret) {\n this.clientSecret = configuration.auth.clientSecret;\n return;\n }\n\n if (configuration.auth.clientAssertion) {\n this.clientAssertion = ClientAssertion.fromAssertion(configuration.auth.clientAssertion);\n return;\n }\n\n if (!certificateNotEmpty) {\n throw ClientAuthError.createInvalidCredentialError();\n } else {\n this.clientAssertion = ClientAssertion.fromCertificate(certificate.thumbprint, certificate.privateKey, configuration.auth.clientCertificate?.x5c);\n }\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AccountEntity, ICachePlugin, TokenCacheContext } from \"@azure/msal-common\";\nimport { TokenCache } from \"../TokenCache\";\nimport { IPartitionManager } from \"./IPartitionManager\";\nimport { ICacheClient } from \"./ICacheClient\";\n\nexport class DistributedCachePlugin implements ICachePlugin {\n private client: ICacheClient;\n private partitionManager: IPartitionManager;\n\n constructor(client: ICacheClient, partitionManager: IPartitionManager) {\n this.client = client;\n this.partitionManager = partitionManager;\n }\n \n public async beforeCacheAccess(cacheContext: TokenCacheContext): Promise<void> {\n const partitionKey = await this.partitionManager.getKey();\n const cacheData = await this.client.get(partitionKey);\n cacheContext.tokenCache.deserialize(cacheData);\n }\n \n public async afterCacheAccess(cacheContext: TokenCacheContext): Promise<void> {\n if (cacheContext.cacheHasChanged) {\n const kvStore = (cacheContext.tokenCache as TokenCache).getKVStore();\n const accountEntities = Object.values(kvStore).filter(value => AccountEntity.isAccountEntity(value as object));\n\n if (accountEntities.length > 0) {\n const accountEntity = accountEntities[0] as AccountEntity;\n const partitionKey = await this.partitionManager.extractKey(accountEntity);\n \n await this.client.set(partitionKey, cacheContext.tokenCache.serialize()); \n }\n }\n }\n}\n"],"names":["HttpMethod","HttpStatus","ProxyStatus","REGION_ENVIRONMENT_VARIABLE","RANDOM_OCTET_SIZE","Hash","SHA256","CharSet","CV_CHARSET","Constants","MSAL_SKU","JWT_BEARER_ASSERTION_TYPE","AUTHORIZATION_PENDING","HTTP_PROTOCOL","LOCALHOST","ApiId","JwtConstants","ALGORITHM","RSA_256","X5T","X5C","AUDIENCE","EXPIRATION_TIME","ISSUER","SUBJECT","NOT_BEFORE","JWT_ID","LOOPBACK_SERVER_CONSTANTS","INTERVAL_MS","TIMEOUT_MS","NetworkUtils","getNetworkResponse","headers","body","statusCode","status","HttpClient","sendGetRequestAsync","url","options","proxyUrl","networkRequestViaProxy","GET","networkRequestViaHttps","sendPostRequestAsync","cancellationToken","POST","httpMethod","timeout","URL","destinationUrl","tunnelRequestOptions","host","hostname","port","method","path","postRequestStringContent","length","outgoingRequestString","toUpperCase","href","Promise","resolve","reject","request","http","on","destroy","Error","end","response","socket","proxyStatusCode","SERVER_ERROR","SUCCESS_RANGE_START","SUCCESS_RANGE_END","statusMessage","setTimeout","write","data","chunk","push","dataString","Buffer","concat","toString","dataStringArray","split","httpStatusCode","parseInt","slice","join","headersArray","entries","Map","forEach","header","headerKeyValue","RegExp","headerKey","headerValue","object","JSON","parse","e","set","Object","fromEntries","parsedHeaders","networkResponse","parseBody","isPostRequest","emptyHeaders","customOptions","https","parsedBody","error","errorType","errorDescriptionHelper","CLIENT_ERROR_RANGE_START","CLIENT_ERROR_RANGE_END","SERVER_ERROR_RANGE_START","SERVER_ERROR_RANGE_END","error_description","stringify","DEFAULT_AUTH_OPTIONS","clientId","EMPTY_STRING","authority","DEFAULT_AUTHORITY","clientSecret","clientAssertion","clientCertificate","thumbprint","privateKey","x5c","knownAuthorities","cloudDiscoveryMetadata","authorityMetadata","clientCapabilities","protocolMode","ProtocolMode","AAD","azureCloudOptions","azureCloudInstance","AzureCloudInstance","None","tenant","skipAuthorityMetadataCache","DEFAULT_CACHE_OPTIONS","DEFAULT_LOGGER_OPTIONS","loggerCallback","piiLoggingEnabled","logLevel","LogLevel","Info","DEFAULT_SYSTEM_OPTIONS","loggerOptions","networkClient","DEFAULT_TELEMETRY_OPTIONS","application","appName","appVersion","buildAppConfiguration","auth","cache","system","telemetry","GuidGenerator","generateGuid","uuidv4","isGuid","guid","regexGuid","test","EncodingUtils","base64Encode","str","encoding","from","base64EncodeUrl","replace","base64Decode","base64Str","base64DecodeUrl","HashUtils","sha256","buffer","crypto","createHash","update","digest","PkceGenerator","constructor","hashUtils","generatePkceCodes","verifier","generateCodeVerifier","challenge","generateCodeChallengeFromVerifier","charArr","maxNumber","byte","randomBytes","index","codeVerifier","CryptoProvider","pkceGenerator","guidGenerator","createNewGuid","input","getPublicKeyThumbprint","removeTokenBindingKey","clearKeystore","signJwt","hashString","plainText","Deserializer","deserializeJSONBlob","jsonFile","deserializedCache","StringUtils","isEmpty","deserializeAccounts","accounts","accountObjects","keys","map","key","serializedAcc","mappedAcc","homeAccountId","home_account_id","environment","realm","localAccountId","local_account_id","username","authorityType","authority_type","name","clientInfo","client_info","lastModificationTime","last_modification_time","lastModificationApp","last_modification_app","account","AccountEntity","CacheManager","toObject","deserializeIdTokens","idTokens","idObjects","serializedIdT","mappedIdT","credentialType","credential_type","client_id","secret","idToken","IdTokenEntity","deserializeAccessTokens","accessTokens","atObjects","serializedAT","mappedAT","target","cachedAt","cached_at","expiresOn","expires_on","extendedExpiresOn","extended_expires_on","refreshOn","refresh_on","keyId","key_id","tokenType","token_type","requestedClaims","requestedClaimsHash","userAssertionHash","accessToken","AccessTokenEntity","deserializeRefreshTokens","refreshTokens","rtObjects","serializedRT","mappedRT","familyId","family_id","refreshToken","RefreshTokenEntity","deserializeAppMetadata","appMetadata","appMetadataObjects","serializedAmdt","mappedAmd","amd","AppMetadataEntity","deserializeAllCache","jsonCache","Account","IdToken","AccessToken","RefreshToken","AppMetadata","Serializer","serializeJSONBlob","serializeAccounts","accCache","accountEntity","serializeIdTokens","idTCache","idTEntity","serializeAccessTokens","atCache","atEntity","serializeRefreshTokens","rtCache","rtEntity","serializeAppMetadata","amdtCache","amdtEntity","serializeAllCache","inMemCache","NodeStorage","logger","cryptoImpl","registerChangeEmitter","func","changeEmitters","emitChange","call","cacheToInMemoryCache","inMemoryCache","inMemoryCacheToCache","getCache","getInMemoryCache","trace","setInMemoryCache","setCache","getItem","tracePii","setItem","value","getAccount","accountKey","isAccountEntity","setAccount","generateAccountKey","getIdTokenCredential","idTokenKey","isIdTokenEntity","setIdTokenCredential","generateCredentialKey","getAccessTokenCredential","accessTokenKey","isAccessTokenEntity","setAccessTokenCredential","getRefreshTokenCredential","refreshTokenKey","isRefreshTokenEntity","setRefreshTokenCredential","getAppMetadata","appMetadataKey","isAppMetadataEntity","setAppMetadata","generateAppMetadataKey","getServerTelemetry","serverTelemetrykey","serverTelemetryEntity","ServerTelemetryEntity","isServerTelemetryEntity","setServerTelemetry","serverTelemetryKey","serverTelemetry","getAuthorityMetadata","authorityMetadataEntity","AuthorityMetadataEntity","isAuthorityMetadataEntity","getAuthorityMetadataKeys","getKeys","filter","isAuthorityMetadata","setAuthorityMetadata","metadata","getThrottlingCache","throttlingCacheKey","throttlingCache","ThrottlingEntity","isThrottlingEntity","setThrottlingCache","removeItem","result","containsKey","includes","clear","cacheKeys","generateInMemoryCache","generateJsonCache","updateCredentialCacheKey","currentCacheKey","credential","updatedCacheKey","cacheItem","verbose","defaultSerializedCache","TokenCache","storage","cachePlugin","cacheHasChanged","handleChangeEvent","bind","persistence","hasChanged","serialize","finalState","cacheSnapshot","mergeState","deserialize","overlayDefaults","getKVStore","getAllAccounts","cacheContext","TokenCacheContext","beforeCacheAccess","afterCacheAccess","getAccountByHomeId","allAccounts","accountObj","getAccountByLocalId","removeAccount","generateAccountCacheKey","oldState","currentState","stateAfterRemoval","mergeRemovals","mergeUpdates","newState","newKey","newValue","hasOwnProperty","newValueNotNull","newValueIsObject","newValueIsNotArray","Array","isArray","oldStateNotUndefinedOrNull","mergeRemovalsDict","oldKey","passedInCache","version","NodeAuthErrorMessage","invalidLoopbackAddressType","code","desc","unableToLoadRedirectUri","noAuthCodeInResponse","noLoopbackServerExists","loopbackServerAlreadyExists","loopbackServerTimeout","stateNotFoundError","NodeAuthError","AuthError","errorCode","errorMessage","createInvalidLoopbackAddressTypeError","createUnableToLoadRedirectUrlError","createNoAuthCodeInResponseError","createNoLoopbackServerExistsError","createLoopbackServerAlreadyExistsError","createLoopbackServerTimeoutError","createStateNotFoundError","ClientApplication","configuration","config","cryptoProvider","Logger","tokenCache","getAuthCodeUrl","info","correlationId","validRequest","initializeBaseRequest","responseMode","ResponseMode","QUERY","authenticationScheme","AuthenticationScheme","BEARER","authClientConfig","buildOauthClientConfiguration","undefined","authorizationCodeClient","AuthorizationCodeClient","acquireTokenByCode","authCodePayLoad","state","validateState","serverTelemetryManager","initializeServerTelemetryManager","acquireToken","setCorrelationId","cacheFailedRequest","acquireTokenByRefreshToken","refreshTokenClientConfig","refreshTokenClient","RefreshTokenClient","acquireTokenSilent","forceRefresh","silentFlowClientConfig","silentFlowClient","SilentFlowClient","acquireTokenByUsernamePassword","usernamePasswordClientConfig","usernamePasswordClient","UsernamePasswordClient","getTokenCache","cachedState","ClientAuthError","createStateMismatchError","getLogger","setLogger","requestCorrelationId","azureRegionConfiguration","userAzureCloudOptions","discoveredAuthority","createAuthority","updateRegionDiscoveryMetadata","regionDiscoveryMetadata","clientConfiguration","authOptions","systemOptions","cryptoInterface","networkInterface","storageInterface","clientCredentials","getClientAssertion","libraryInfo","sku","NodeConstants","cpu","process","arch","os","platform","persistencePlugin","serializableCache","assertion","getJwt","tokenEndpoint","assertionType","authRequest","POP","claims","scopes","OIDC_DEFAULT_SCOPES","apiId","telemetryPayload","ServerTelemetryManager","authorityString","authorityUrl","Authority","generateAuthority","authorityOptions","AuthorityFactory","createDiscoveredInstance","clearCache","LoopbackClient","listenForAuthCode","successTemplate","errorTemplate","server","authCodeListener","createServer","req","res","CommonConstants","FORWARD_SLASH","authCodeResponse","UrlString","getDeserializedQueryString","redirectUri","getRedirectUri","writeHead","REDIRECT","location","listen","ticks","id","setInterval","listening","clearInterval","address","closeServer","close","PublicClientApplication","acquireTokenByDeviceCode","assign","deviceCodeConfig","deviceCodeClient","DeviceCodeClient","acquireTokenInteractive","openBrowser","remainingProperties","loopbackClient","codeChallenge","codeChallengeMethod","CodeChallengeMethodValues","S256","authCodeUrl","finally","ServerError","suberror","tokenRequest","ClientAssertion","fromAssertion","jwt","fromCertificate","publicCertificate","parseCertificate","issuer","jwtAudience","isExpired","createJwt","createInvalidAssertionError","issuedAt","TimeUtils","nowSeconds","expirationTime","alg","x5t","payload","sign","regexToFindCerts","certs","matches","exec","ConfidentialClientApplication","setClientCredential","appTokenProvider","SetAppTokenProvider","provider","acquireTokenByClientCredential","baseRequest","validBaseRequest","scope","azureRegion","environmentRegion","env","skipCache","clientCredentialConfig","clientCredentialClient","ClientCredentialClient","acquireTokenOnBehalfOf","onBehalfOfConfig","oboClient","OnBehalfOfClient","clientSecretNotEmpty","clientAssertionNotEmpty","certificate","certificateNotEmpty","createInvalidCredentialError","DistributedCachePlugin","client","partitionManager","partitionKey","getKey","cacheData","get","kvStore","accountEntities","values","extractKey"],"mappings":";;;;;;;;;;;;;;AAAA;;;;;AAKA;;;AAGA,IAAYA,UAAZ;;AAAA,WAAYA;EACRA,iBAAA,QAAA;EACAA,kBAAA,SAAA;AACH,CAHD,EAAYA,UAAU,KAAVA,UAAU,KAAA,CAAtB;;AAKA,IAAYC,UAAZ;;AAAA,WAAYA;EACRA,mDAAA,wBAAA;EACAA,iDAAA,sBAAA;EACAA,wCAAA,aAAA;EACAA,wDAAA,6BAAA;EACAA,sDAAA,2BAAA;EACAA,wDAAA,6BAAA;EACAA,sDAAA,2BAAA;AACH,CARD,EAAYA,UAAU,KAAVA,UAAU,KAAA,CAAtB;;AAUA,IAAYC,WAAZ;;AAAA,WAAYA;EACRA,qDAAA,wBAAA;EACAA,mDAAA,sBAAA;EACAA,8CAAA,iBAAA;AACH,CAJD,EAAYA,WAAW,KAAXA,WAAW,KAAA,CAAvB;AAMA;;;;;AAGO,MAAMC,2BAA2B,GAAG,aAApC;AAEP;;;;AAGO,MAAMC,iBAAiB,GAAG,EAA1B;AAEP;;;;AAGO,MAAMC,IAAI,GAAG;EAChBC,MAAM,EAAE;AADQ,CAAb;AAIP;;;;AAGO,MAAMC,OAAO,GAAG;EACnBC,UAAU,EACN;AAFe,CAAhB;AAaP;;;;AAGO,MAAMC,SAAS,GAAG;EACrBC,QAAQ,EAAE,cADW;EAErBC,yBAAyB,EAAE,wDAFN;EAGrBC,qBAAqB,EAAE,uBAHF;EAIrBC,aAAa,EAAE,SAJM;EAKrBC,SAAS,EAAE;AALU,CAAlB;AAQP;;;;;;;;AAOA,IAAYC,KAAZ;;AAAA,WAAYA;EACRA,uCAAA,uBAAA;EACAA,oDAAA,mCAAA;EACAA,8CAAA,6BAAA;EACAA,oDAAA,mCAAA;EACAA,wCAAA,uBAAA;EACAA,gDAAA,+BAAA;AACH,CAPD,EAAYA,KAAK,KAALA,KAAK,KAAA,CAAjB;AASA;;;;;AAGO,MAAMC,YAAY,GAAG;EACxBC,SAAS,EAAE,KADa;EAExBC,OAAO,EAAE,OAFe;EAGxBC,GAAG,EAAE,KAHmB;EAIxBC,GAAG,EAAE,KAJmB;EAKxBC,QAAQ,EAAE,KALc;EAMxBC,eAAe,EAAE,KANO;EAOxBC,MAAM,EAAE,KAPgB;EAQxBC,OAAO,EAAE,KARe;EASxBC,UAAU,EAAE,KATY;EAUxBC,MAAM,EAAE;AAVgB,CAArB;AAaA,MAAMC,yBAAyB,GAAG;EACrCC,WAAW,EAAE,GADwB;EAErCC,UAAU,EAAE;AAFyB,CAAlC;;ACzGP;;;;AAOA,MAAaC;EACgB,OAAlBC,kBAAkB,CAAIC,OAAJ,EAAqCC,IAArC,EAA8CC,UAA9C;IACrB,OAAO;MACHF,OAAO,EAAEA,OADN;MAEHC,IAAI,EAAEA,IAFH;MAGHE,MAAM,EAAED;KAHZ;;;;;ACTR;;;;AAUA,AAKA;;;;AAGA,MAAaE;;;;;;EAOgB,MAAnBC,mBAAmB,CACrBC,GADqB,EAErBC,OAFqB;IAIrB,IAAIA,OAAJ,YAAIA,OAAO,CAAEC,QAAb,EAAuB;MACnB,OAAOC,sBAAsB,CAACH,GAAD,EAAMtC,UAAU,CAAC0C,GAAjB,EAAsBH,OAAtB,CAA7B;KADJ,MAEO;MACH,OAAOI,sBAAsB,CAACL,GAAD,EAAMtC,UAAU,CAAC0C,GAAjB,EAAsBH,OAAtB,CAA7B;;;;;;;;;;EASkB,MAApBK,oBAAoB,CACtBN,GADsB,EAEtBC,OAFsB,EAGtBM,iBAHsB;IAKtB,IAAIN,OAAJ,YAAIA,OAAO,CAAEC,QAAb,EAAuB;MACnB,OAAOC,sBAAsB,CAACH,GAAD,EAAMtC,UAAU,CAAC8C,IAAjB,EAAuBP,OAAvB,EAAgCM,iBAAhC,CAA7B;KADJ,MAEO;MACH,OAAOF,sBAAsB,CAACL,GAAD,EAAMtC,UAAU,CAAC8C,IAAjB,EAAuBP,OAAvB,EAAgCM,iBAAhC,CAA7B;;;;;;AAKZ,MAAMJ,sBAAsB,GAAG,CAC3BH,GAD2B,EAE3BS,UAF2B,EAG3BR,OAH2B,EAI3BS,OAJ2B;EAM3B,MAAMhB,OAAO,GAAG,CAAAO,OAAO,QAAP,YAAAA,OAAO,CAAEP,OAAT,KAAoB,EAApC;EACA,MAAMQ,QAAQ,GAAG,IAAIS,GAAJ,CAAQ,CAAAV,OAAO,QAAP,YAAAA,OAAO,CAAEC,QAAT,KAAqB,EAA7B,CAAjB;EACA,MAAMU,cAAc,GAAG,IAAID,GAAJ,CAAQX,GAAR,CAAvB;;EAGA,MAAMa,oBAAoB,GAAyB;IAC/CC,IAAI,EAAEZ,QAAQ,CAACa,QADgC;IAE/CC,IAAI,EAAEd,QAAQ,CAACc,IAFgC;IAG/CC,MAAM,EAAE,SAHuC;IAI/CC,IAAI,EAAEN,cAAc,CAACG,QAJ0B;IAK/CrB,OAAO,EAAEA;GALb;;EAQA,IAAIgB,OAAJ,EAAa;IACTG,oBAAoB,CAACH,OAArB,GAA+BA,OAA/B;;;;EAIJ,IAAIS,wBAAwB,GAAW,EAAvC;;EACA,IAAIV,UAAU,KAAK/C,UAAU,CAAC8C,IAA9B,EAAoC;IAChC,MAAMb,IAAI,GAAG,CAAAM,OAAO,QAAP,YAAAA,OAAO,CAAEN,IAAT,KAAiB,EAA9B;IACAwB,wBAAwB,GACpB,2EACmBxB,IAAI,CAACyB,YADxB,UAEOzB,MAHX;;;EAKJ,MAAM0B,qBAAqB,MAAMZ,UAAU,CAACa,WAAX,MAA4BV,cAAc,CAACW,mBAA9C,YACjBX,cAAc,CAACE,UADE,GAE1B,uBAF0B,GAG1BK,wBAH0B,GAI1B,MAJJ;EAMA,OAAO,IAAIK,OAAJ,CAAiC,CAACC,OAAD,EAAUC,MAAV;IACpC,MAAMC,OAAO,GAAGC,aAAI,CAACD,OAAL,CAAad,oBAAb,CAAhB;;IAEA,IAAIA,oBAAoB,CAACH,OAAzB,EAAkC;MAC9BiB,OAAO,CAACE,EAAR,CAAW,SAAX,EAAsB;QAClBF,OAAO,CAACG,OAAR;QACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAU,kBAAV,CAAD,CAAN;OAFJ;;;IAMJJ,OAAO,CAACK,GAAR;;IAGAL,OAAO,CAACE,EAAR,CAAW,SAAX,EAAsB,CAACI,QAAD,EAAWC,MAAX;MAClB,MAAMC,eAAe,GAAG,CAAAF,QAAQ,QAAR,YAAAA,QAAQ,CAAErC,UAAV,KAAwBhC,WAAW,CAACwE,YAA5D;;MACA,IAAKD,eAAe,GAAGvE,WAAW,CAACyE,mBAA/B,IAAwDF,eAAe,GAAGvE,WAAW,CAAC0E,iBAA1F,EAA8G;QAC1GX,OAAO,CAACG,OAAR;QACAI,MAAM,CAACJ,OAAP;QACAJ,MAAM,CAAC,IAAIK,KAAJ,iDAA0DE,QAAQ,CAACrC,oCAAoC,CAAAqC,QAAQ,QAAR,YAAAA,QAAQ,CAAEM,aAAV,KAA2B,WAAlI,CAAD,CAAN;;;MAEJ,IAAI1B,oBAAoB,CAACH,OAAzB,EAAkC;QAC9BwB,MAAM,CAACM,UAAP,CAAkB3B,oBAAoB,CAACH,OAAvC;QACAwB,MAAM,CAACL,EAAP,CAAU,SAAV,EAAqB;UACjBF,OAAO,CAACG,OAAR;UACAI,MAAM,CAACJ,OAAP;UACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAU,kBAAV,CAAD,CAAN;SAHJ;;;;MAQJG,MAAM,CAACO,KAAP,CAAapB,qBAAb;MAEA,MAAMqB,IAAI,GAAa,EAAvB;MACAR,MAAM,CAACL,EAAP,CAAU,MAAV,EAAmBc,KAAD;QACdD,IAAI,CAACE,IAAL,CAAUD,KAAV;OADJ;MAIAT,MAAM,CAACL,EAAP,CAAU,KAAV,EAAiB;;QAEb,MAAMgB,UAAU,GAAGC,MAAM,CAACC,MAAP,CAAc,CAAC,GAAGL,IAAJ,CAAd,EAAyBM,QAAzB,EAAnB;;QAGA,MAAMC,eAAe,GAAGJ,UAAU,CAACK,KAAX,CAAiB,MAAjB,CAAxB;;QAEA,MAAMC,cAAc,GAAGC,QAAQ,CAACH,eAAe,CAAC,CAAD,CAAf,CAAmBC,KAAnB,CAAyB,GAAzB,EAA8B,CAA9B,CAAD,CAA/B;;QAEA,MAAMX,aAAa,GAAGU,eAAe,CAAC,CAAD,CAAf,CAAmBC,KAAnB,CAAyB,GAAzB,EAA8BG,KAA9B,CAAoC,CAApC,EAAuCC,IAAvC,CAA4C,GAA5C,CAAtB;;QAEA,MAAM3D,IAAI,GAAGsD,eAAe,CAACA,eAAe,CAAC7B,MAAhB,GAAyB,CAA1B,CAA5B;;QAGA,MAAMmC,YAAY,GAAGN,eAAe,CAACI,KAAhB,CAAsB,CAAtB,EAAyBJ,eAAe,CAAC7B,MAAhB,GAAyB,CAAlD,CAArB;;QAGA,MAAMoC,OAAO,GAAG,IAAIC,GAAJ,EAAhB;QACAF,YAAY,CAACG,OAAb,CAAsBC,MAAD;;;;;;;UAOjB,MAAMC,cAAc,GAAGD,MAAM,CAACT,KAAP,CAAa,IAAIW,MAAJ,CAAW,UAAX,CAAb,CAAvB;UACA,MAAMC,SAAS,GAAGF,cAAc,CAAC,CAAD,CAAhC;UACA,IAAIG,WAAW,GAAGH,cAAc,CAAC,CAAD,CAAhC;;UAGA,IAAI;YACA,MAAMI,MAAM,GAAGC,IAAI,CAACC,KAAL,CAAWH,WAAX,CAAf,CADA;;YAIA,IAAIC,MAAM,IAAK,OAAOA,MAAP,KAAkB,QAAjC,EAA4C;cACxCD,WAAW,GAAGC,MAAd;;WALR,CAOE,OAAOG,CAAP,EAAU;;;UAIZX,OAAO,CAACY,GAAR,CAAYN,SAAZ,EAAuBC,WAAvB;SAvBJ;QAyBA,MAAMrE,OAAO,GAAG2E,MAAM,CAACC,WAAP,CAAmBd,OAAnB,CAAhB;QAEA,MAAMe,aAAa,GAAG7E,OAAtB;QACA,MAAM8E,eAAe,GAAGhF,YAAY,CAACC,kBAAb,CACpB8E,aADoB,EAEpBE,SAAS,CAACtB,cAAD,EAAiBZ,aAAjB,EAAgCgC,aAAhC,EAA+C5E,IAA/C,CAFW,EAGpBwD,cAHoB,CAAxB;;QAMA,IAAI,CAAEA,cAAc,GAAGxF,UAAU,CAAC0E,mBAA7B,IAAsDc,cAAc,GAAGxF,UAAU,CAAC2E,iBAAnF;QAEAkC,eAAe,CAAC7E,IAAhB,CAAqB,OAArB,MAAkCxB,SAAS,CAACG,qBAFhD,EAEuE;UACnEqD,OAAO,CAACG,OAAR;;;QAEJL,OAAO,CAAC+C,eAAD,CAAP;OAzDJ;MA4DAtC,MAAM,CAACL,EAAP,CAAU,OAAV,EAAoBc,KAAD;QACfhB,OAAO,CAACG,OAAR;QACAI,MAAM,CAACJ,OAAP;QACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAUY,KAAK,CAACK,QAAN,EAAV,CAAD,CAAN;OAHJ;KApFJ;IA2FArB,OAAO,CAACE,EAAR,CAAW,OAAX,EAAqBc,KAAD;MAChBhB,OAAO,CAACG,OAAR;MACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAUY,KAAK,CAACK,QAAN,EAAV,CAAD,CAAN;KAFJ;GAxGG,CAAP;AA6GH,CAnJD;;AAqJA,MAAM3C,sBAAsB,GAAG,CAC3BL,GAD2B,EAE3BS,UAF2B,EAG3BR,OAH2B,EAI3BS,OAJ2B;EAM3B,MAAMgE,aAAa,GAAGjE,UAAU,KAAK/C,UAAU,CAAC8C,IAAhD;EACA,MAAMb,IAAI,GAAW,CAAAM,OAAO,QAAP,YAAAA,OAAO,CAAEN,IAAT,KAAiB,EAAtC;EAEA,MAAMgF,YAAY,GAA2B,EAA7C;EACA,MAAMC,aAAa,GAAyB;IACxC3D,MAAM,EAAER,UADgC;IAExCf,OAAO,EAAE,CAAAO,OAAO,QAAP,YAAAA,OAAO,CAAEP,OAAT,KAAoBiF;GAFjC;;EAKA,IAAIjE,OAAJ,EAAa;IACTkE,aAAa,CAAClE,OAAd,GAAwBA,OAAxB;;;EAGJ,IAAIgE,aAAJ,EAAmB;;IAEfE,aAAa,CAAClF,OAAd,GAAwB,EACpB,GAAGkF,aAAa,CAAClF,OADG;MAEpB,kBAAkBC,IAAI,CAACyB;KAF3B;;;EAMJ,OAAO,IAAII,OAAJ,CAAgC,CAACC,OAAD,EAAUC,MAAV;IACnC,MAAMC,OAAO,GAAGkD,KAAK,CAAClD,OAAN,CAAc3B,GAAd,EAAmB4E,aAAnB,CAAhB;;IAEA,IAAIlE,OAAJ,EAAa;MACTiB,OAAO,CAACE,EAAR,CAAW,SAAX,EAAsB;QAClBF,OAAO,CAACG,OAAR;QACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAU,kBAAV,CAAD,CAAN;OAFJ;;;IAMJ,IAAI2C,aAAJ,EAAmB;MACf/C,OAAO,CAACc,KAAR,CAAc9C,IAAd;;;IAGJgC,OAAO,CAACK,GAAR;IAEAL,OAAO,CAACE,EAAR,CAAW,UAAX,EAAwBI,QAAD;MACnB,MAAMvC,OAAO,GAAGuC,QAAQ,CAACvC,OAAzB;MACA,MAAME,UAAU,GAAGqC,QAAQ,CAACrC,UAA5B;MACA,MAAM2C,aAAa,GAAGN,QAAQ,CAACM,aAA/B;MAEA,MAAMG,IAAI,GAAa,EAAvB;MACAT,QAAQ,CAACJ,EAAT,CAAY,MAAZ,EAAqBc,KAAD;QAChBD,IAAI,CAACE,IAAL,CAAUD,KAAV;OADJ;MAIAV,QAAQ,CAACJ,EAAT,CAAY,KAAZ,EAAmB;;QAEf,MAAMlC,IAAI,GAAGmD,MAAM,CAACC,MAAP,CAAc,CAAC,GAAGL,IAAJ,CAAd,EAAyBM,QAAzB,EAAb;QAEA,MAAMuB,aAAa,GAAG7E,OAAtB;QACA,MAAM8E,eAAe,GAAGhF,YAAY,CAACC,kBAAb,CACpB8E,aADoB,EAEpBE,SAAS,CAAC7E,UAAD,EAAa2C,aAAb,EAA4BgC,aAA5B,EAA2C5E,IAA3C,CAFW,EAGpBC,UAHoB,CAAxB;;QAMA,IAAI,CAAEA,UAAU,GAAGjC,UAAU,CAAC0E,mBAAzB,IAAkDzC,UAAU,GAAGjC,UAAU,CAAC2E,iBAA3E;QAEAkC,eAAe,CAAC7E,IAAhB,CAAqB,OAArB,MAAkCxB,SAAS,CAACG,qBAFhD,EAEuE;UACnEqD,OAAO,CAACG,OAAR;;;QAEJL,OAAO,CAAC+C,eAAD,CAAP;OAhBJ;KAVJ;IA8BA7C,OAAO,CAACE,EAAR,CAAW,OAAX,EAAqBc,KAAD;MAChBhB,OAAO,CAACG,OAAR;MACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAUY,KAAK,CAACK,QAAN,EAAV,CAAD,CAAN;KAFJ;GA9CG,CAAP;AAmDH,CA9ED;AAgFA;;;;;;;;;;AAQA,MAAMyB,SAAS,GAAG,CAAC7E,UAAD,EAAqB2C,aAArB,EAAwD7C,OAAxD,EAAyFC,IAAzF;;;;;;;;EASd,IAAImF,UAAJ;;EACA,IAAI;IACAA,UAAU,GAAGb,IAAI,CAACC,KAAL,CAAWvE,IAAX,CAAb;GADJ,CAEE,OAAOoF,KAAP,EAAc;IACZ,IAAIC,SAAJ;IACA,IAAIC,sBAAJ;;IACA,IAAKrF,UAAU,IAAIjC,UAAU,CAACuH,wBAA1B,IAAwDtF,UAAU,IAAIjC,UAAU,CAACwH,sBAArF,EAA8G;MAC1GH,SAAS,GAAG,cAAZ;MACAC,sBAAsB,GAAG,UAAzB;KAFJ,MAGO,IAAKrF,UAAU,IAAIjC,UAAU,CAACyH,wBAA1B,IAAwDxF,UAAU,IAAIjC,UAAU,CAAC0H,sBAArF,EAA8G;MACjHL,SAAS,GAAG,cAAZ;MACAC,sBAAsB,GAAG,UAAzB;KAFG,MAGA;MACHD,SAAS,GAAG,eAAZ;MACAC,sBAAsB,GAAG,YAAzB;;;IAGJH,UAAU,GAAG;MACTC,KAAK,EAAEC,SADE;MAETM,iBAAiB,KAAKL,4DAA4DrF,oCAAoC2C,aAAa,IAAI,uBAAuB0B,IAAI,CAACsB,SAAL,CAAe7F,OAAf;KAFlK;;;EAMJ,OAAOoF,UAAP;AACH,CAjCD;;ACnSA;;;;AAKA,AAqFA,MAAMU,oBAAoB,GAA8B;EACpDC,QAAQ,EAAEtH,oBAAS,CAACuH,YADgC;EAEpDC,SAAS,EAAExH,oBAAS,CAACyH,iBAF+B;EAGpDC,YAAY,EAAE1H,oBAAS,CAACuH,YAH4B;EAIpDI,eAAe,EAAE3H,oBAAS,CAACuH,YAJyB;EAKpDK,iBAAiB,EAAE;IACfC,UAAU,EAAE7H,oBAAS,CAACuH,YADP;IAEfO,UAAU,EAAE9H,oBAAS,CAACuH,YAFP;IAGfQ,GAAG,EAAE/H,oBAAS,CAACuH;GARiC;EAUpDS,gBAAgB,EAAE,EAVkC;EAWpDC,sBAAsB,EAAEjI,oBAAS,CAACuH,YAXkB;EAYpDW,iBAAiB,EAAElI,oBAAS,CAACuH,YAZuB;EAapDY,kBAAkB,EAAE,EAbgC;EAcpDC,YAAY,EAAEC,uBAAY,CAACC,GAdyB;EAepDC,iBAAiB,EAAE;IACfC,kBAAkB,EAAEC,6BAAkB,CAACC,IADxB;IAEfC,MAAM,EAAE3I,oBAAS,CAACuH;GAjB8B;EAmBpDqB,0BAA0B,EAAE;AAnBwB,CAAxD;AAsBA,MAAMC,qBAAqB,GAAiB,EAA5C;AAEA,MAAMC,sBAAsB,GAAkB;EAC1CC,cAAc,EAAE;GAD0B;EAI1CC,iBAAiB,EAAE,KAJuB;EAK1CC,QAAQ,EAAEC,mBAAQ,CAACC;AALuB,CAA9C;AAQA,MAAMC,sBAAsB,GAAgC;EACxDC,aAAa,EAAEP,sBADyC;EAExDQ,aAAa,eAAE,IAAI3H,UAAJ,EAFyC;EAGxDI,QAAQ,EAAE/B,oBAAS,CAACuH;AAHoC,CAA5D;AAMA,MAAMgC,yBAAyB,GAAmC;EAC9DC,WAAW,EAAE;IACTC,OAAO,EAAEzJ,oBAAS,CAACuH,YADV;IAETmC,UAAU,EAAE1J,oBAAS,CAACuH;;AAHoC,CAAlE;AAcA;;;;;;;;;;;;AAWA,SAAgBoC,sBAAsB;EAClCC,IADkC;EAElCC,KAFkC;EAGlCC,MAHkC;EAIlCC;AAJkC;EAOlC,OAAO;IACHH,IAAI,EAAE,EAAE,GAAGvC,oBAAL;MAA2B,GAAGuC;KADjC;IAEHC,KAAK,EAAE,EAAE,GAAGhB,qBAAL;MAA4B,GAAGgB;KAFnC;IAGHC,MAAM,EAAE,EAAE,GAAGV,sBAAL;MAA6B,GAAGU;KAHrC;IAIHC,SAAS,EAAE,EAAE,GAAGR,yBAAL;MAAgC,GAAGQ;;GAJlD;AAMH;;ACtKD;;;;AAMA,MAEaC;;;;;;EAMTC,YAAY;IACR,OAAOC,OAAM,EAAb;;;;;;;;EAOJC,MAAM,CAACC,IAAD;IACF,MAAMC,SAAS,GAAG,4EAAlB;IACA,OAAOA,SAAS,CAACC,IAAV,CAAeF,IAAf,CAAP;;;;;ACxBR;;;;AAKA,MAEaG;;;;;;;EAOU,OAAZC,YAAY,CAACC,GAAD,EAAcC,QAAd;IACf,OAAO/F,MAAM,CAACgG,IAAP,CAAYF,GAAZ,EAAiBC,QAAjB,EAA2B7F,QAA3B,CAAoC,QAApC,CAAP;;;;;;;;EAOkB,OAAf+F,eAAe,CAACH,GAAD,EAAcC,QAAd;IAClB,OAAOH,aAAa,CAACC,YAAd,CAA2BC,GAA3B,EAAgCC,QAAhC,EACFG,OADE,CACM,IADN,EACY7K,oBAAS,CAACuH,YADtB,EAEFsD,OAFE,CAEM,KAFN,EAEa,GAFb,EAGFA,OAHE,CAGM,KAHN,EAGa,GAHb,CAAP;;;;;;;;;;EAYe,OAAZC,YAAY,CAACC,SAAD;IACf,OAAOpG,MAAM,CAACgG,IAAP,CAAYI,SAAZ,EAAuB,QAAvB,EAAiClG,QAAjC,CAA0C,MAA1C,CAAP;;;;;;;EAMkB,OAAfmG,eAAe,CAACD,SAAD;IAClB,IAAIN,GAAG,GAAGM,SAAS,CAACF,OAAV,CAAkB,IAAlB,EAAwB,GAAxB,EAA6BA,OAA7B,CAAqC,IAArC,EAA2C,GAA3C,CAAV;;IACA,OAAOJ,GAAG,CAACxH,MAAJ,GAAa,CAApB,EAAuB;MACnBwH,GAAG,IAAI,GAAP;;;IAEJ,OAAOF,aAAa,CAACO,YAAd,CAA2BL,GAA3B,CAAP;;;;;AC/CR;;;;AAKA,MAGaQ;;;;;EAKTC,MAAM,CAACC,MAAD;IACF,OAAOC,MAAM,CACRC,UADE,CACSzL,IAAI,CAACC,MADd,EAEFyL,MAFE,CAEKH,MAFL,EAGFI,MAHE,EAAP;;;;;ACdR;;;;AAKA,AAMA;;;;AAGA,MAAaC;EAGTC;IACI,KAAKC,SAAL,GAAiB,IAAIT,SAAJ,EAAjB;;;;;;;;EAMmB,MAAjBU,iBAAiB;IACnB,MAAMC,QAAQ,GAAG,KAAKC,oBAAL,EAAjB;IACA,MAAMC,SAAS,GAAG,KAAKC,iCAAL,CAAuCH,QAAvC,CAAlB;IACA,OAAO;MAAEA,QAAF;MAAYE;KAAnB;;;;;;;EAMID,oBAAoB;IACxB,MAAMG,OAAO,GAAG,EAAhB;IACA,MAAMC,SAAS,GAAG,MAAO,MAAMnM,OAAO,CAACC,UAAR,CAAmBkD,MAAlD;;IACA,OAAO+I,OAAO,CAAC/I,MAAR,IAAkBtD,iBAAzB,EAA4C;MACxC,MAAMuM,IAAI,GAAGd,MAAM,CAACe,WAAP,CAAmB,CAAnB,EAAsB,CAAtB,CAAb;;MACA,IAAID,IAAI,IAAID,SAAZ,EAAuB;;;;;QAKnB;;;MAEJ,MAAMG,KAAK,GAAGF,IAAI,GAAGpM,OAAO,CAACC,UAAR,CAAmBkD,MAAxC;MACA+I,OAAO,CAACvH,IAAR,CAAa3E,OAAO,CAACC,UAAR,CAAmBqM,KAAnB,CAAb;;;IAEJ,MAAMR,QAAQ,GAAWI,OAAO,CAAC7G,IAAR,CAAanF,oBAAS,CAACuH,YAAvB,CAAzB;IACA,OAAOgD,aAAa,CAACK,eAAd,CAA8BgB,QAA9B,CAAP;;;;;;;;EAOIG,iCAAiC,CAACM,YAAD;IACrC,OAAO9B,aAAa,CAACK,eAAd,CACH,KAAKc,SAAL,CAAeR,MAAf,CAAsBmB,YAAtB,EAAoCxH,QAApC,CAA6C,QAA7C,CADG,EAEH,QAFG,CAAP;;;;;ACzDR;;;;AAMA,AAKA;;;;;;AAKA,MAAayH;EAKTb;;IAEI,KAAKc,aAAL,GAAqB,IAAIf,aAAJ,EAArB;IACA,KAAKgB,aAAL,GAAqB,IAAIxC,aAAJ,EAArB;IACA,KAAK0B,SAAL,GAAiB,IAAIT,SAAJ,EAAjB;;;;;;;;EAOJwB,aAAa;IACT,OAAO,KAAKD,aAAL,CAAmBvC,YAAnB,EAAP;;;;;;;;EAOJO,YAAY,CAACkC,KAAD;IACR,OAAOnC,aAAa,CAACC,YAAd,CAA2BkC,KAA3B,CAAP;;;;;;;;EAOJ5B,YAAY,CAAC4B,KAAD;IACR,OAAOnC,aAAa,CAACO,YAAd,CAA2B4B,KAA3B,CAAP;;;;;;;EAMJf,iBAAiB;IACb,OAAO,KAAKY,aAAL,CAAmBZ,iBAAnB,EAAP;;;;;;;EAMJgB,sBAAsB;IAClB,MAAM,IAAI/I,KAAJ,CAAU,yBAAV,CAAN;;;;;;;;EAOJgJ,qBAAqB;IACjB,MAAM,IAAIhJ,KAAJ,CAAU,yBAAV,CAAN;;;;;;;EAMJiJ,aAAa;IACT,MAAM,IAAIjJ,KAAJ,CAAU,yBAAV,CAAN;;;;;;;EAMJkJ,OAAO;IACH,MAAM,IAAIlJ,KAAJ,CAAU,yBAAV,CAAN;;;;;;;EAMY,MAAVmJ,UAAU,CAACC,SAAD;IACZ,OAAOzC,aAAa,CAACK,eAAd,CACH,KAAKc,SAAL,CAAeR,MAAf,CAAsB8B,SAAtB,EAAiCnI,QAAjC,CAA0C,QAA1C,CADG,EAEH,QAFG,CAAP;;;;;AC5FR;;;;AAKA,AAGA;;;;AAGA,MAAaoI;;;;;EAKiB,OAAnBC,mBAAmB,CAACC,QAAD;IACtB,MAAMC,iBAAiB,GAAGC,sBAAW,CAACC,OAAZ,CAAoBH,QAApB,IACpB,EADoB,GAEpBrH,IAAI,CAACC,KAAL,CAAWoH,QAAX,CAFN;IAGA,OAAOC,iBAAP;;;;;;;;EAOsB,OAAnBG,mBAAmB,CAACC,QAAD;IACtB,MAAMC,cAAc,GAAiB,EAArC;;IACA,IAAID,QAAJ,EAAc;MACVtH,MAAM,CAACwH,IAAP,CAAYF,QAAZ,EAAsBG,GAAtB,CAA0B,UAAUC,GAAV;QACtB,MAAMC,aAAa,GAAGL,QAAQ,CAACI,GAAD,CAA9B;QACA,MAAME,SAAS,GAAG;UACdC,aAAa,EAAEF,aAAa,CAACG,eADf;UAEdC,WAAW,EAAEJ,aAAa,CAACI,WAFb;UAGdC,KAAK,EAAEL,aAAa,CAACK,KAHP;UAIdC,cAAc,EAAEN,aAAa,CAACO,gBAJhB;UAKdC,QAAQ,EAAER,aAAa,CAACQ,QALV;UAMdC,aAAa,EAAET,aAAa,CAACU,cANf;UAOdC,IAAI,EAAEX,aAAa,CAACW,IAPN;UAQdC,UAAU,EAAEZ,aAAa,CAACa,WARZ;UASdC,oBAAoB,EAAEd,aAAa,CAACe,sBATtB;UAUdC,mBAAmB,EAAEhB,aAAa,CAACiB;SAVvC;QAYA,MAAMC,OAAO,GAAkB,IAAIC,wBAAJ,EAA/B;QACAC,uBAAY,CAACC,QAAb,CAAsBH,OAAtB,EAA+BjB,SAA/B;QACAL,cAAc,CAACG,GAAD,CAAd,GAAsBmB,OAAtB;OAhBJ;;;IAoBJ,OAAOtB,cAAP;;;;;;;;EAOsB,OAAnB0B,mBAAmB,CAACC,QAAD;IACtB,MAAMC,SAAS,GAAiB,EAAhC;;IACA,IAAID,QAAJ,EAAc;MACVlJ,MAAM,CAACwH,IAAP,CAAY0B,QAAZ,EAAsBzB,GAAtB,CAA0B,UAAUC,GAAV;QACtB,MAAM0B,aAAa,GAAGF,QAAQ,CAACxB,GAAD,CAA9B;QACA,MAAM2B,SAAS,GAAG;UACdxB,aAAa,EAAEuB,aAAa,CAACtB,eADf;UAEdC,WAAW,EAAEqB,aAAa,CAACrB,WAFb;UAGduB,cAAc,EAAEF,aAAa,CAACG,eAHhB;UAIdnI,QAAQ,EAAEgI,aAAa,CAACI,SAJV;UAKdC,MAAM,EAAEL,aAAa,CAACK,MALR;UAMdzB,KAAK,EAAEoB,aAAa,CAACpB;SANzB;QAQA,MAAM0B,OAAO,GAAkB,IAAIC,wBAAJ,EAA/B;QACAZ,uBAAY,CAACC,QAAb,CAAsBU,OAAtB,EAA+BL,SAA/B;QACAF,SAAS,CAACzB,GAAD,CAAT,GAAiBgC,OAAjB;OAZJ;;;IAeJ,OAAOP,SAAP;;;;;;;;EAO0B,OAAvBS,uBAAuB,CAACC,YAAD;IAC1B,MAAMC,SAAS,GAAqB,EAApC;;IACA,IAAID,YAAJ,EAAkB;MACd7J,MAAM,CAACwH,IAAP,CAAYqC,YAAZ,EAA0BpC,GAA1B,CAA8B,UAAUC,GAAV;QAC1B,MAAMqC,YAAY,GAAGF,YAAY,CAACnC,GAAD,CAAjC;QACA,MAAMsC,QAAQ,GAAG;UACbnC,aAAa,EAAEkC,YAAY,CAACjC,eADf;UAEbC,WAAW,EAAEgC,YAAY,CAAChC,WAFb;UAGbuB,cAAc,EAAES,YAAY,CAACR,eAHhB;UAIbnI,QAAQ,EAAE2I,YAAY,CAACP,SAJV;UAKbC,MAAM,EAAEM,YAAY,CAACN,MALR;UAMbzB,KAAK,EAAE+B,YAAY,CAAC/B,KANP;UAObiC,MAAM,EAAEF,YAAY,CAACE,MAPR;UAQbC,QAAQ,EAAEH,YAAY,CAACI,SARV;UASbC,SAAS,EAAEL,YAAY,CAACM,UATX;UAUbC,iBAAiB,EAAEP,YAAY,CAACQ,mBAVnB;UAWbC,SAAS,EAAET,YAAY,CAACU,UAXX;UAYbC,KAAK,EAAEX,YAAY,CAACY,MAZP;UAabC,SAAS,EAAEb,YAAY,CAACc,UAbX;UAcbC,eAAe,EAAEf,YAAY,CAACe,eAdjB;UAebC,mBAAmB,EAAEhB,YAAY,CAACgB,mBAfrB;UAgBbC,iBAAiB,EAAEjB,YAAY,CAACiB;SAhBpC;QAkBA,MAAMC,WAAW,GAAsB,IAAIC,4BAAJ,EAAvC;QACAnC,uBAAY,CAACC,QAAb,CAAsBiC,WAAtB,EAAmCjB,QAAnC;QACAF,SAAS,CAACpC,GAAD,CAAT,GAAiBuD,WAAjB;OAtBJ;;;IA0BJ,OAAOnB,SAAP;;;;;;;;EAO2B,OAAxBqB,wBAAwB,CAACC,aAAD;IAC3B,MAAMC,SAAS,GAAsB,EAArC;;IACA,IAAID,aAAJ,EAAmB;MACfpL,MAAM,CAACwH,IAAP,CAAY4D,aAAZ,EAA2B3D,GAA3B,CAA+B,UAAUC,GAAV;QAC3B,MAAM4D,YAAY,GAAGF,aAAa,CAAC1D,GAAD,CAAlC;QACA,MAAM6D,QAAQ,GAAG;UACb1D,aAAa,EAAEyD,YAAY,CAACxD,eADf;UAEbC,WAAW,EAAEuD,YAAY,CAACvD,WAFb;UAGbuB,cAAc,EAAEgC,YAAY,CAAC/B,eAHhB;UAIbnI,QAAQ,EAAEkK,YAAY,CAAC9B,SAJV;UAKbC,MAAM,EAAE6B,YAAY,CAAC7B,MALR;UAMb+B,QAAQ,EAAEF,YAAY,CAACG,SANV;UAObxB,MAAM,EAAEqB,YAAY,CAACrB,MAPR;UAQbjC,KAAK,EAAEsD,YAAY,CAACtD;SARxB;QAUA,MAAM0D,YAAY,GAAuB,IAAIC,6BAAJ,EAAzC;QACA5C,uBAAY,CAACC,QAAb,CAAsB0C,YAAtB,EAAoCH,QAApC;QACAF,SAAS,CAAC3D,GAAD,CAAT,GAAiBgE,YAAjB;OAdJ;;;IAkBJ,OAAOL,SAAP;;;;;;;;EAOyB,OAAtBO,sBAAsB,CAACC,WAAD;IACzB,MAAMC,kBAAkB,GAAqB,EAA7C;;IACA,IAAID,WAAJ,EAAiB;MACb7L,MAAM,CAACwH,IAAP,CAAYqE,WAAZ,EAAyBpE,GAAzB,CAA6B,UAAUC,GAAV;QACzB,MAAMqE,cAAc,GAAGF,WAAW,CAACnE,GAAD,CAAlC;QACA,MAAMsE,SAAS,GAAG;UACd5K,QAAQ,EAAE2K,cAAc,CAACvC,SADX;UAEdzB,WAAW,EAAEgE,cAAc,CAAChE,WAFd;UAGdyD,QAAQ,EAAEO,cAAc,CAACN;SAH7B;QAKA,MAAMQ,GAAG,GAAsB,IAAIC,4BAAJ,EAA/B;QACAnD,uBAAY,CAACC,QAAb,CAAsBiD,GAAtB,EAA2BD,SAA3B;QACAF,kBAAkB,CAACpE,GAAD,CAAlB,GAA0BuE,GAA1B;OATJ;;;IAaJ,OAAOH,kBAAP;;;;;;;;EAOsB,OAAnBK,mBAAmB,CAACC,SAAD;IACtB,OAAO;MACH9E,QAAQ,EAAE8E,SAAS,CAACC,OAAV,GACJ,KAAKhF,mBAAL,CAAyB+E,SAAS,CAACC,OAAnC,CADI,GAEJ,EAHH;MAIHnD,QAAQ,EAAEkD,SAAS,CAACE,OAAV,GACJ,KAAKrD,mBAAL,CAAyBmD,SAAS,CAACE,OAAnC,CADI,GAEJ,EANH;MAOHzC,YAAY,EAAEuC,SAAS,CAACG,WAAV,GACR,KAAK3C,uBAAL,CAA6BwC,SAAS,CAACG,WAAvC,CADQ,GAER,EATH;MAUHnB,aAAa,EAAEgB,SAAS,CAACI,YAAV,GACT,KAAKrB,wBAAL,CAA8BiB,SAAS,CAACI,YAAxC,CADS,GAET,EAZH;MAaHX,WAAW,EAAEO,SAAS,CAACK,WAAV,GACP,KAAKb,sBAAL,CAA4BQ,SAAS,CAACK,WAAtC,CADO,GAEP;KAfV;;;;;AC1KR;;;;AAQA,MAAaC;;;;;EAKe,OAAjBC,iBAAiB,CAACtO,IAAD;IACpB,OAAOuB,IAAI,CAACsB,SAAL,CAAe7C,IAAf,CAAP;;;;;;;;EAOoB,OAAjBuO,iBAAiB,CAACC,QAAD;IACpB,MAAMvF,QAAQ,GAA4C,EAA1D;IACAtH,MAAM,CAACwH,IAAP,CAAYqF,QAAZ,EAAsBpF,GAAtB,CAA0B,UAAUC,GAAV;MACtB,MAAMoF,aAAa,GAAGD,QAAQ,CAACnF,GAAD,CAA9B;MACAJ,QAAQ,CAACI,GAAD,CAAR,GAAgB;QACZI,eAAe,EAAEgF,aAAa,CAACjF,aADnB;QAEZE,WAAW,EAAE+E,aAAa,CAAC/E,WAFf;QAGZC,KAAK,EAAE8E,aAAa,CAAC9E,KAHT;QAIZE,gBAAgB,EAAE4E,aAAa,CAAC7E,cAJpB;QAKZE,QAAQ,EAAE2E,aAAa,CAAC3E,QALZ;QAMZE,cAAc,EAAEyE,aAAa,CAAC1E,aANlB;QAOZE,IAAI,EAAEwE,aAAa,CAACxE,IAPR;QAQZE,WAAW,EAAEsE,aAAa,CAACvE,UARf;QASZG,sBAAsB,EAAEoE,aAAa,CAACrE,oBAT1B;QAUZG,qBAAqB,EAAEkE,aAAa,CAACnE;OAVzC;KAFJ;IAgBA,OAAOrB,QAAP;;;;;;;;EAOoB,OAAjByF,iBAAiB,CAACC,QAAD;IACpB,MAAM9D,QAAQ,GAA4C,EAA1D;IACAlJ,MAAM,CAACwH,IAAP,CAAYwF,QAAZ,EAAsBvF,GAAtB,CAA0B,UAAUC,GAAV;MACtB,MAAMuF,SAAS,GAAGD,QAAQ,CAACtF,GAAD,CAA1B;MACAwB,QAAQ,CAACxB,GAAD,CAAR,GAAgB;QACZI,eAAe,EAAEmF,SAAS,CAACpF,aADf;QAEZE,WAAW,EAAEkF,SAAS,CAAClF,WAFX;QAGZwB,eAAe,EAAE0D,SAAS,CAAC3D,cAHf;QAIZE,SAAS,EAAEyD,SAAS,CAAC7L,QAJT;QAKZqI,MAAM,EAAEwD,SAAS,CAACxD,MALN;QAMZzB,KAAK,EAAEiF,SAAS,CAACjF;OANrB;KAFJ;IAYA,OAAOkB,QAAP;;;;;;;;EAOwB,OAArBgE,qBAAqB,CAACC,OAAD;IACxB,MAAMtD,YAAY,GAAgD,EAAlE;IACA7J,MAAM,CAACwH,IAAP,CAAY2F,OAAZ,EAAqB1F,GAArB,CAAyB,UAAUC,GAAV;MACrB,MAAM0F,QAAQ,GAAGD,OAAO,CAACzF,GAAD,CAAxB;MACAmC,YAAY,CAACnC,GAAD,CAAZ,GAAoB;QAChBI,eAAe,EAAEsF,QAAQ,CAACvF,aADV;QAEhBE,WAAW,EAAEqF,QAAQ,CAACrF,WAFN;QAGhBwB,eAAe,EAAE6D,QAAQ,CAAC9D,cAHV;QAIhBE,SAAS,EAAE4D,QAAQ,CAAChM,QAJJ;QAKhBqI,MAAM,EAAE2D,QAAQ,CAAC3D,MALD;QAMhBzB,KAAK,EAAEoF,QAAQ,CAACpF,KANA;QAOhBiC,MAAM,EAAEmD,QAAQ,CAACnD,MAPD;QAQhBE,SAAS,EAAEiD,QAAQ,CAAClD,QARJ;QAShBG,UAAU,EAAE+C,QAAQ,CAAChD,SATL;QAUhBG,mBAAmB,EAAE6C,QAAQ,CAAC9C,iBAVd;QAWhBG,UAAU,EAAE2C,QAAQ,CAAC5C,SAXL;QAYhBG,MAAM,EAAEyC,QAAQ,CAAC1C,KAZD;QAahBG,UAAU,EAAEuC,QAAQ,CAACxC,SAbL;QAchBE,eAAe,EAAEsC,QAAQ,CAACtC,eAdV;QAehBC,mBAAmB,EAAEqC,QAAQ,CAACrC,mBAfd;QAgBhBC,iBAAiB,EAAEoC,QAAQ,CAACpC;OAhBhC;KAFJ;IAsBA,OAAOnB,YAAP;;;;;;;;EAOyB,OAAtBwD,sBAAsB,CAACC,OAAD;IACzB,MAAMlC,aAAa,GAAiD,EAApE;IACApL,MAAM,CAACwH,IAAP,CAAY8F,OAAZ,EAAqB7F,GAArB,CAAyB,UAAUC,GAAV;MACrB,MAAM6F,QAAQ,GAAGD,OAAO,CAAC5F,GAAD,CAAxB;MACA0D,aAAa,CAAC1D,GAAD,CAAb,GAAqB;QACjBI,eAAe,EAAEyF,QAAQ,CAAC1F,aADT;QAEjBE,WAAW,EAAEwF,QAAQ,CAACxF,WAFL;QAGjBwB,eAAe,EAAEgE,QAAQ,CAACjE,cAHT;QAIjBE,SAAS,EAAE+D,QAAQ,CAACnM,QAJH;QAKjBqI,MAAM,EAAE8D,QAAQ,CAAC9D,MALA;QAMjBgC,SAAS,EAAE8B,QAAQ,CAAC/B,QANH;QAOjBvB,MAAM,EAAEsD,QAAQ,CAACtD,MAPA;QAQjBjC,KAAK,EAAEuF,QAAQ,CAACvF;OARpB;KAFJ;IAcA,OAAOoD,aAAP;;;;;;;;EAOuB,OAApBoC,oBAAoB,CAACC,SAAD;IACvB,MAAM5B,WAAW,GAAgD,EAAjE;IACA7L,MAAM,CAACwH,IAAP,CAAYiG,SAAZ,EAAuBhG,GAAvB,CAA2B,UAAUC,GAAV;MACvB,MAAMgG,UAAU,GAAGD,SAAS,CAAC/F,GAAD,CAA5B;MACAmE,WAAW,CAACnE,GAAD,CAAX,GAAmB;QACf8B,SAAS,EAAEkE,UAAU,CAACtM,QADP;QAEf2G,WAAW,EAAE2F,UAAU,CAAC3F,WAFT;QAGf0D,SAAS,EAAEiC,UAAU,CAAClC;OAH1B;KAFJ;IASA,OAAOK,WAAP;;;;;;;;EAOoB,OAAjB8B,iBAAiB,CAACC,UAAD;IACpB,OAAO;MACHvB,OAAO,EAAE,KAAKO,iBAAL,CAAuBgB,UAAU,CAACtG,QAAlC,CADN;MAEHgF,OAAO,EAAE,KAAKS,iBAAL,CAAuBa,UAAU,CAAC1E,QAAlC,CAFN;MAGHqD,WAAW,EAAE,KAAKW,qBAAL,CAA2BU,UAAU,CAAC/D,YAAtC,CAHV;MAIH2C,YAAY,EAAE,KAAKa,sBAAL,CAA4BO,UAAU,CAACxC,aAAvC,CAJX;MAKHqB,WAAW,EAAE,KAAKe,oBAAL,CAA0BI,UAAU,CAAC/B,WAArC;KALjB;;;;;AC5IR;;;;AAKA,AAmBA;;;;;AAIA,MAAagC,oBAAoB9E;EAM7BxD,YAAYuI,QAAgB1M,UAAkB2M;IAC1C,MAAM3M,QAAN,EAAgB2M,UAAhB;IAJI,UAAA,GAAsB,EAAtB;IACA,mBAAA,GAAkC,EAAlC;IAIJ,KAAKD,MAAL,GAAcA,MAAd;;;;;;;;EAOJE,qBAAqB,CAACC,IAAD;IACjB,KAAKC,cAAL,CAAoB3P,IAApB,CAAyB0P,IAAzB;;;;;;;EAMJE,UAAU;IACN,KAAKD,cAAL,CAAoB7O,OAApB,CAA4B4O,IAAI,IAAIA,IAAI,CAACG,IAAL,CAAU,IAAV,CAApC;;;;;;;;EAOJC,oBAAoB,CAAC1K,KAAD;IAChB,MAAM2K,aAAa,GAAkB;MACjChH,QAAQ,EAAE,EADuB;MAEjC4B,QAAQ,EAAE,EAFuB;MAGjCW,YAAY,EAAE,EAHmB;MAIjCuB,aAAa,EAAE,EAJkB;MAKjCS,WAAW,EAAE;KALjB;;IAQA,KAAK,MAAMnE,GAAX,IAAkB/D,KAAlB,EAAyB;MACrB,IAAIA,KAAK,CAAC+D,GAAD,CAAL,YAAgCoB,wBAApC,EAAmD;QAC/CwF,aAAa,CAAChH,QAAd,CAAuBI,GAAvB,IAA8B/D,KAAK,CAAC+D,GAAD,CAAnC;OADJ,MAEO,IAAI/D,KAAK,CAAC+D,GAAD,CAAL,YAAsBiC,wBAA1B,EAAyC;QAC5C2E,aAAa,CAACpF,QAAd,CAAuBxB,GAAvB,IAA8B/D,KAAK,CAAC+D,GAAD,CAAnC;OADG,MAEA,IAAI/D,KAAK,CAAC+D,GAAD,CAAL,YAAsBwD,4BAA1B,EAA6C;QAChDoD,aAAa,CAACzE,YAAd,CAA2BnC,GAA3B,IAAkC/D,KAAK,CAAC+D,GAAD,CAAvC;OADG,MAEA,IAAI/D,KAAK,CAAC+D,GAAD,CAAL,YAAsBiE,6BAA1B,EAA8C;QACjD2C,aAAa,CAAClD,aAAd,CAA4B1D,GAA5B,IAAmC/D,KAAK,CAAC+D,GAAD,CAAxC;OADG,MAEA,IAAI/D,KAAK,CAAC+D,GAAD,CAAL,YAAsBwE,4BAA1B,EAA6C;QAChDoC,aAAa,CAACzC,WAAd,CAA0BnE,GAA1B,IAAiC/D,KAAK,CAAC+D,GAAD,CAAtC;OADG,MAEA;QACH;;;;IAIR,OAAO4G,aAAP;;;;;;;;EAOJC,oBAAoB,CAACD,aAAD;;IAGhB,IAAI3K,KAAK,GAAG,KAAK6K,QAAL,EAAZ;IAEA7K,KAAK,GAAG,EACJ,GAAGA,KADC;MAEJ,GAAG2K,aAAa,CAAChH,QAFb;MAGJ,GAAGgH,aAAa,CAACpF,QAHb;MAIJ,GAAGoF,aAAa,CAACzE,YAJb;MAKJ,GAAGyE,aAAa,CAAClD,aALb;MAMJ,GAAGkD,aAAa,CAACzC;KANrB;;IAUA,OAAOlI,KAAP;;;;;;;EAMJ8K,gBAAgB;IACZ,KAAKX,MAAL,CAAYY,KAAZ,CAAkB,yBAAlB;;IAGA,MAAMJ,aAAa,GAAG,KAAKD,oBAAL,CAA0B,KAAKG,QAAL,EAA1B,CAAtB;IACA,OAAOF,aAAP;;;;;;;;EAOJK,gBAAgB,CAACL,aAAD;IACZ,KAAKR,MAAL,CAAYY,KAAZ,CAAkB,yBAAlB;;IAGA,MAAM/K,KAAK,GAAG,KAAK4K,oBAAL,CAA0BD,aAA1B,CAAd;IACA,KAAKM,QAAL,CAAcjL,KAAd;IAEA,KAAKwK,UAAL;;;;;;;EAMJK,QAAQ;IACJ,KAAKV,MAAL,CAAYY,KAAZ,CAAkB,+BAAlB;IACA,OAAO,KAAK/K,KAAZ;;;;;;;;EAOJiL,QAAQ,CAACjL,KAAD;IACJ,KAAKmK,MAAL,CAAYY,KAAZ,CAAkB,+BAAlB;IACA,KAAK/K,KAAL,GAAaA,KAAb;;IAGA,KAAKwK,UAAL;;;;;;;;EAOJU,OAAO,CAACnH,GAAD;IACH,KAAKoG,MAAL,CAAYgB,QAAZ,cAAkCpH,KAAlC;;IAGA,MAAM/D,KAAK,GAAG,KAAK6K,QAAL,EAAd;IACA,OAAO7K,KAAK,CAAC+D,GAAD,CAAZ;;;;;;;;;EAQJqH,OAAO,CAACrH,GAAD,EAAcsH,KAAd;IACH,KAAKlB,MAAL,CAAYgB,QAAZ,cAAkCpH,KAAlC;;IAGA,MAAM/D,KAAK,GAAG,KAAK6K,QAAL,EAAd;IACA7K,KAAK,CAAC+D,GAAD,CAAL,GAAasH,KAAb;;IAGA,KAAKJ,QAAL,CAAcjL,KAAd;;;;;;;;EAOJsL,UAAU,CAACC,UAAD;IACN,MAAMrG,OAAO,GAAG,KAAKgG,OAAL,CAAaK,UAAb,CAAhB;;IACA,IAAIpG,wBAAa,CAACqG,eAAd,CAA8BtG,OAA9B,CAAJ,EAA4C;MACxC,OAAOA,OAAP;;;IAEJ,OAAO,IAAP;;;;;;;;EAOJuG,UAAU,CAACvG,OAAD;IACN,MAAMqG,UAAU,GAAGrG,OAAO,CAACwG,kBAAR,EAAnB;IACA,KAAKN,OAAL,CAAaG,UAAb,EAAyBrG,OAAzB;;;;;;;;EAOJyG,oBAAoB,CAACC,UAAD;IAChB,MAAM7F,OAAO,GAAG,KAAKmF,OAAL,CAAaU,UAAb,CAAhB;;IACA,IAAI5F,wBAAa,CAAC6F,eAAd,CAA8B9F,OAA9B,CAAJ,EAA4C;MACxC,OAAOA,OAAP;;;IAEJ,OAAO,IAAP;;;;;;;;EAOJ+F,oBAAoB,CAAC/F,OAAD;IAChB,MAAM6F,UAAU,GAAG7F,OAAO,CAACgG,qBAAR,EAAnB;IACA,KAAKX,OAAL,CAAaQ,UAAb,EAAyB7F,OAAzB;;;;;;;;EAOJiG,wBAAwB,CAACC,cAAD;IACpB,MAAM3E,WAAW,GAAG,KAAK4D,OAAL,CAAae,cAAb,CAApB;;IACA,IAAI1E,4BAAiB,CAAC2E,mBAAlB,CAAsC5E,WAAtC,CAAJ,EAAwD;MACpD,OAAOA,WAAP;;;IAEJ,OAAO,IAAP;;;;;;;;EAOJ6E,wBAAwB,CAAC7E,WAAD;IACpB,MAAM2E,cAAc,GAAG3E,WAAW,CAACyE,qBAAZ,EAAvB;IACA,KAAKX,OAAL,CAAaa,cAAb,EAA6B3E,WAA7B;;;;;;;;EAOJ8E,yBAAyB,CAACC,eAAD;IACrB,MAAMtE,YAAY,GAAG,KAAKmD,OAAL,CAAamB,eAAb,CAArB;;IACA,IAAIrE,6BAAkB,CAACsE,oBAAnB,CAAwCvE,YAAxC,CAAJ,EAA2D;MACvD,OAAOA,YAAP;;;IAEJ,OAAO,IAAP;;;;;;;;EAOJwE,yBAAyB,CAACxE,YAAD;IACrB,MAAMsE,eAAe,GAAGtE,YAAY,CAACgE,qBAAb,EAAxB;IACA,KAAKX,OAAL,CAAaiB,eAAb,EAA8BtE,YAA9B;;;;;;;;EAOJyE,cAAc,CAACC,cAAD;IACV,MAAMvE,WAAW,GAAsB,KAAKgD,OAAL,CAAauB,cAAb,CAAvC;;IACA,IAAIlE,4BAAiB,CAACmE,mBAAlB,CAAsCD,cAAtC,EAAsDvE,WAAtD,CAAJ,EAAwE;MACpE,OAAOA,WAAP;;;IAEJ,OAAO,IAAP;;;;;;;;EAOJyE,cAAc,CAACzE,WAAD;IACV,MAAMuE,cAAc,GAAGvE,WAAW,CAAC0E,sBAAZ,EAAvB;IACA,KAAKxB,OAAL,CAAaqB,cAAb,EAA6BvE,WAA7B;;;;;;;;EAOJ2E,kBAAkB,CAACC,kBAAD;IACd,MAAMC,qBAAqB,GAA0B,KAAK7B,OAAL,CAAa4B,kBAAb,CAArD;;IACA,IAAIC,qBAAqB,IAAIC,gCAAqB,CAACC,uBAAtB,CAA8CH,kBAA9C,EAAkEC,qBAAlE,CAA7B,EAAuH;MACnH,OAAOA,qBAAP;;;IAEJ,OAAO,IAAP;;;;;;;;;EAQJG,kBAAkB,CAACC,kBAAD,EAA6BC,eAA7B;IACd,KAAKhC,OAAL,CAAa+B,kBAAb,EAAiCC,eAAjC;;;;;;;;EAOJC,oBAAoB,CAACtJ,GAAD;IAChB,MAAMuJ,uBAAuB,GAA4B,KAAKpC,OAAL,CAAanH,GAAb,CAAzD;;IACA,IAAIuJ,uBAAuB,IAAIC,kCAAuB,CAACC,yBAAxB,CAAkDzJ,GAAlD,EAAuDuJ,uBAAvD,CAA/B,EAAgH;MAC5G,OAAOA,uBAAP;;;IAEJ,OAAO,IAAP;;;;;;;EAMJG,wBAAwB;IACpB,OAAO,KAAKC,OAAL,GAAeC,MAAf,CAAuB5J,GAAD;MACzB,OAAO,KAAK6J,mBAAL,CAAyB7J,GAAzB,CAAP;KADG,CAAP;;;;;;;;;EAUJ8J,oBAAoB,CAAC9J,GAAD,EAAc+J,QAAd;IAChB,KAAK1C,OAAL,CAAarH,GAAb,EAAkB+J,QAAlB;;;;;;;;EAOJC,kBAAkB,CAACC,kBAAD;IACd,MAAMC,eAAe,GAAqB,KAAK/C,OAAL,CAAa8C,kBAAb,CAA1C;;IACA,IAAIC,eAAe,IAAIC,2BAAgB,CAACC,kBAAjB,CAAoCH,kBAApC,EAAwDC,eAAxD,CAAvB,EAAiG;MAC7F,OAAOA,eAAP;;;IAEJ,OAAO,IAAP;;;;;;;;;EAQJG,kBAAkB,CAACJ,kBAAD,EAA6BC,eAA7B;IACd,KAAK7C,OAAL,CAAa4C,kBAAb,EAAiCC,eAAjC;;;;;;;;;EAQJI,UAAU,CAACtK,GAAD;IACN,KAAKoG,MAAL,CAAYgB,QAAZ,cAAkCpH,KAAlC;;IAGA,IAAIuK,MAAM,GAAY,KAAtB;IACA,MAAMtO,KAAK,GAAG,KAAK6K,QAAL,EAAd;;IAEA,IAAI,CAAC,CAAC7K,KAAK,CAAC+D,GAAD,CAAX,EAAkB;MACd,OAAO/D,KAAK,CAAC+D,GAAD,CAAZ;MACAuK,MAAM,GAAG,IAAT;;;;IAIJ,IAAIA,MAAJ,EAAY;MACR,KAAKrD,QAAL,CAAcjL,KAAd;MACA,KAAKwK,UAAL;;;IAEJ,OAAO8D,MAAP;;;;;;;;EAOJC,WAAW,CAACxK,GAAD;IACP,OAAO,KAAK2J,OAAL,GAAec,QAAf,CAAwBzK,GAAxB,CAAP;;;;;;;EAMJ2J,OAAO;IACH,KAAKvD,MAAL,CAAYY,KAAZ,CAAkB,2BAAlB;;IAGA,MAAM/K,KAAK,GAAG,KAAK6K,QAAL,EAAd;IACA,OAAO,CAAE,GAAGxO,MAAM,CAACwH,IAAP,CAAY7D,KAAZ,CAAL,CAAP;;;;;;;EAMO,MAALyO,KAAK;IACP,KAAKtE,MAAL,CAAYY,KAAZ,CAAkB,wCAAlB;;IAGA,MAAM2D,SAAS,GAAG,KAAKhB,OAAL,EAAlB;;IAGAgB,SAAS,CAAChT,OAAV,CAAkBqI,GAAG;MACjB,KAAKsK,UAAL,CAAgBtK,GAAhB;KADJ;IAGA,KAAKyG,UAAL;;;;;;;;EAOwB,OAArBmE,qBAAqB,CAAC3O,KAAD;IACxB,OAAOoD,YAAY,CAACoF,mBAAb,CACHpF,YAAY,CAACC,mBAAb,CAAiCrD,KAAjC,CADG,CAAP;;;;;;;;EASoB,OAAjB4O,iBAAiB,CAACjE,aAAD;IACpB,OAAO5B,UAAU,CAACiB,iBAAX,CAA6BW,aAA7B,CAAP;;;;;;;EAMJkE,wBAAwB,CAACC,eAAD,EAA0BC,UAA1B;IACpB,MAAMC,eAAe,GAAGD,UAAU,CAAChD,qBAAX,EAAxB;;IAEA,IAAI+C,eAAe,KAAKE,eAAxB,EAAyC;MACrC,MAAMC,SAAS,GAAG,KAAK/D,OAAL,CAAa4D,eAAb,CAAlB;;MACA,IAAIG,SAAJ,EAAe;QACX,KAAKZ,UAAL,CAAgBS,eAAhB;QACA,KAAK1D,OAAL,CAAa4D,eAAb,EAA8BC,SAA9B;QACA,KAAK9E,MAAL,CAAY+E,OAAZ,wBAA2CH,UAAU,CAACpJ,0BAAtD;QACA,OAAOqJ,eAAP;OAJJ,MAKO;QACH,KAAK7E,MAAL,CAAYpN,KAAZ,oCAAqDgS,UAAU,CAACpJ,qFAAhE;;;;IAIR,OAAOmJ,eAAP;;;;;ACtcR;;;;AAMA,AAMA,MAAMK,sBAAsB,GAAc;EACtCzG,OAAO,EAAE,EAD6B;EAEtCC,OAAO,EAAE,EAF6B;EAGtCC,WAAW,EAAE,EAHyB;EAItCC,YAAY,EAAE,EAJwB;EAKtCC,WAAW,EAAE;AALyB,CAA1C;AAQA;;;;;AAIA,MAAasG;EAQTxN,YAAYyN,SAAsBlF,QAAgBmF;IAC9C,KAAKC,eAAL,GAAuB,KAAvB;IACA,KAAKF,OAAL,GAAeA,OAAf;IACA,KAAKA,OAAL,CAAahF,qBAAb,CAAmC,KAAKmF,iBAAL,CAAuBC,IAAvB,CAA4B,IAA5B,CAAnC;;IACA,IAAIH,WAAJ,EAAiB;MACb,KAAKI,WAAL,GAAmBJ,WAAnB;;;IAEJ,KAAKnF,MAAL,GAAcA,MAAd;;;;;;;EAMJwF,UAAU;IACN,OAAO,KAAKJ,eAAZ;;;;;;;EAMJK,SAAS;IACL,KAAKzF,MAAL,CAAYY,KAAZ,CAAkB,6BAAlB;IACA,IAAI8E,UAAU,GAAG9G,UAAU,CAACiB,iBAAX,CACb,KAAKqF,OAAL,CAAavE,gBAAb,EADa,CAAjB;;IAKA,IAAI,CAACtH,sBAAW,CAACC,OAAZ,CAAoB,KAAKqM,aAAzB,CAAL,EAA8C;MAC1C,KAAK3F,MAAL,CAAYY,KAAZ,CAAkB,kCAAlB;MACA8E,UAAU,GAAG,KAAKE,UAAL,CACT9T,IAAI,CAACC,KAAL,CAAW,KAAK4T,aAAhB,CADS,EAETD,UAFS,CAAb;KAFJ,MAMO;MACH,KAAK1F,MAAL,CAAYY,KAAZ,CAAkB,4BAAlB;;;IAEJ,KAAKwE,eAAL,GAAuB,KAAvB;IAEA,OAAOtT,IAAI,CAACsB,SAAL,CAAesS,UAAf,CAAP;;;;;;;;EAOJG,WAAW,CAAChQ,KAAD;IACP,KAAKmK,MAAL,CAAYY,KAAZ,CAAkB,uCAAlB;IACA,KAAK+E,aAAL,GAAqB9P,KAArB;;IAEA,IAAI,CAACwD,sBAAW,CAACC,OAAZ,CAAoB,KAAKqM,aAAzB,CAAL,EAA8C;MAC1C,KAAK3F,MAAL,CAAYY,KAAZ,CAAkB,kCAAlB;MACA,MAAMxH,iBAAiB,GAAGH,YAAY,CAACoF,mBAAb,CACtB,KAAKyH,eAAL,CAAqBhU,IAAI,CAACC,KAAL,CAAW,KAAK4T,aAAhB,CAArB,CADsB,CAA1B;MAGA,KAAKT,OAAL,CAAarE,gBAAb,CAA8BzH,iBAA9B;KALJ,MAMO;MACH,KAAK4G,MAAL,CAAYY,KAAZ,CAAkB,kCAAlB;;;;;;;;EAORmF,UAAU;IACN,OAAO,KAAKb,OAAL,CAAaxE,QAAb,EAAP;;;;;;;EAMgB,MAAdsF,cAAc;IAEhB,KAAKhG,MAAL,CAAYY,KAAZ,CAAkB,uBAAlB;IACA,IAAIqF,YAAJ;;IACA,IAAI;MACA,IAAI,KAAKV,WAAT,EAAsB;QAClBU,YAAY,GAAG,IAAIC,4BAAJ,CAAsB,IAAtB,EAA4B,KAA5B,CAAf;QACA,MAAM,KAAKX,WAAL,CAAiBY,iBAAjB,CAAmCF,YAAnC,CAAN;;;MAEJ,OAAO,KAAKf,OAAL,CAAac,cAAb,EAAP;KALJ,SAMU;MACN,IAAI,KAAKT,WAAL,IAAoBU,YAAxB,EAAsC;QAClC,MAAM,KAAKV,WAAL,CAAiBa,gBAAjB,CAAkCH,YAAlC,CAAN;;;;;;;;;;;;EAWY,MAAlBI,kBAAkB,CAACtM,aAAD;IACpB,MAAMuM,WAAW,GAAG,MAAM,KAAKN,cAAL,EAA1B;;IACA,IAAI,CAAC3M,sBAAW,CAACC,OAAZ,CAAoBS,aAApB,CAAD,IAAuCuM,WAAvC,IAAsDA,WAAW,CAACrX,MAAtE,EAA8E;MAC1E,OAAOqX,WAAW,CAAC9C,MAAZ,CAAmB+C,UAAU,IAAIA,UAAU,CAACxM,aAAX,KAA6BA,aAA9D,EAA6E,CAA7E,KAAmF,IAA1F;KADJ,MAEO;MACH,OAAO,IAAP;;;;;;;;;;;EAUiB,MAAnByM,mBAAmB,CAACrM,cAAD;IACrB,MAAMmM,WAAW,GAAG,MAAM,KAAKN,cAAL,EAA1B;;IACA,IAAI,CAAC3M,sBAAW,CAACC,OAAZ,CAAoBa,cAApB,CAAD,IAAwCmM,WAAxC,IAAuDA,WAAW,CAACrX,MAAvE,EAA+E;MAC3E,OAAOqX,WAAW,CAAC9C,MAAZ,CAAmB+C,UAAU,IAAIA,UAAU,CAACpM,cAAX,KAA8BA,cAA/D,EAA+E,CAA/E,KAAqF,IAA5F;KADJ,MAEO;MACH,OAAO,IAAP;;;;;;;;;EAQW,MAAbsM,aAAa,CAAC1L,OAAD;IACf,KAAKiF,MAAL,CAAYY,KAAZ,CAAkB,sBAAlB;IACA,IAAIqF,YAAJ;;IACA,IAAI;MACA,IAAI,KAAKV,WAAT,EAAsB;QAClBU,YAAY,GAAG,IAAIC,4BAAJ,CAAsB,IAAtB,EAA4B,IAA5B,CAAf;QACA,MAAM,KAAKX,WAAL,CAAiBY,iBAAjB,CAAmCF,YAAnC,CAAN;;;MAEJ,MAAM,KAAKf,OAAL,CAAauB,aAAb,CAA2BzL,wBAAa,CAAC0L,uBAAd,CAAsC3L,OAAtC,CAA3B,CAAN;KALJ,SAMU;MACN,IAAI,KAAKwK,WAAL,IAAoBU,YAAxB,EAAsC;QAClC,MAAM,KAAKV,WAAL,CAAiBa,gBAAjB,CAAkCH,YAAlC,CAAN;;;;;;;;;EAQJZ,iBAAiB;IACrB,KAAKD,eAAL,GAAuB,IAAvB;;;;;;;;;EAQIQ,UAAU,CAACe,QAAD,EAAsBC,YAAtB;IACd,KAAK5G,MAAL,CAAYY,KAAZ,CAAkB,6CAAlB;IACA,MAAMiG,iBAAiB,GAAG,KAAKC,aAAL,CAAmBH,QAAnB,EAA6BC,YAA7B,CAA1B;IACA,OAAO,KAAKG,YAAL,CAAkBF,iBAAlB,EAAqCD,YAArC,CAAP;;;;;;;;;EAQIG,YAAY,CAACJ,QAAD,EAAmBK,QAAnB;IAChB9U,MAAM,CAACwH,IAAP,CAAYsN,QAAZ,EAAsBzV,OAAtB,CAA+B0V,MAAD;MAC1B,MAAMC,QAAQ,GAAGF,QAAQ,CAACC,MAAD,CAAzB;;MAGA,IAAI,CAACN,QAAQ,CAACQ,cAAT,CAAwBF,MAAxB,CAAL,EAAsC;QAClC,IAAIC,QAAQ,KAAK,IAAjB,EAAuB;UACnBP,QAAQ,CAACM,MAAD,CAAR,GAAmBC,QAAnB;;OAFR,MAIO;;QAEH,MAAME,eAAe,GAAGF,QAAQ,KAAK,IAArC;QACA,MAAMG,gBAAgB,GAAG,OAAOH,QAAP,KAAoB,QAA7C;QACA,MAAMI,kBAAkB,GAAG,CAACC,KAAK,CAACC,OAAN,CAAcN,QAAd,CAA5B;QACA,MAAMO,0BAA0B,GAAG,OAAOd,QAAQ,CAACM,MAAD,CAAf,KAA4B,WAA5B,IAA2CN,QAAQ,CAACM,MAAD,CAAR,KAAqB,IAAnG;;QAEA,IAAIG,eAAe,IAAIC,gBAAnB,IAAuCC,kBAAvC,IAA6DG,0BAAjE,EAA6F;UACzF,KAAKV,YAAL,CAAkBJ,QAAQ,CAACM,MAAD,CAA1B,EAAoCC,QAApC;SADJ,MAEO;UACHP,QAAQ,CAACM,MAAD,CAAR,GAAmBC,QAAnB;;;KAlBZ;IAuBA,OAAOP,QAAP;;;;;;;;;;EASIG,aAAa,CAACH,QAAD,EAAsBK,QAAtB;IACjB,KAAKhH,MAAL,CAAYY,KAAZ,CAAkB,iCAAlB;IACA,MAAMpH,QAAQ,GAAGmN,QAAQ,CAACpI,OAAT,GAAmB,KAAKmJ,iBAAL,CAAgDf,QAAQ,CAACpI,OAAzD,EAAkEyI,QAAQ,CAACzI,OAA3E,CAAnB,GAAyGoI,QAAQ,CAACpI,OAAnI;IACA,MAAMxC,YAAY,GAAG4K,QAAQ,CAAClI,WAAT,GAAuB,KAAKiJ,iBAAL,CAAoDf,QAAQ,CAAClI,WAA7D,EAA0EuI,QAAQ,CAACvI,WAAnF,CAAvB,GAAyHkI,QAAQ,CAAClI,WAAvJ;IACA,MAAMnB,aAAa,GAAGqJ,QAAQ,CAACjI,YAAT,GAAwB,KAAKgJ,iBAAL,CAAqDf,QAAQ,CAACjI,YAA9D,EAA4EsI,QAAQ,CAACtI,YAArF,CAAxB,GAA6HiI,QAAQ,CAACjI,YAA5J;IACA,MAAMtD,QAAQ,GAAGuL,QAAQ,CAACnI,OAAT,GAAmB,KAAKkJ,iBAAL,CAAgDf,QAAQ,CAACnI,OAAzD,EAAkEwI,QAAQ,CAACxI,OAA3E,CAAnB,GAAyGmI,QAAQ,CAACnI,OAAnI;IACA,MAAMT,WAAW,GAAG4I,QAAQ,CAAChI,WAAT,GAAuB,KAAK+I,iBAAL,CAAoDf,QAAQ,CAAChI,WAA7D,EAA0EqI,QAAQ,CAACrI,WAAnF,CAAvB,GAAyHgI,QAAQ,CAAChI,WAAtJ;IAEA,OAAO,EACH,GAAGgI,QADA;MAEHpI,OAAO,EAAE/E,QAFN;MAGHiF,WAAW,EAAE1C,YAHV;MAIH2C,YAAY,EAAEpB,aAJX;MAKHkB,OAAO,EAAEpD,QALN;MAMHuD,WAAW,EAAEZ;KANjB;;;;;;;;;EAeI2J,iBAAiB,CAAIf,QAAJ,EAAiCK,QAAjC;IACrB,MAAMtB,UAAU,GAAG,EAAE,GAAGiB;KAAxB;IACAzU,MAAM,CAACwH,IAAP,CAAYiN,QAAZ,EAAsBpV,OAAtB,CAA+BoW,MAAD;MAC1B,IAAI,CAACX,QAAD,IAAa,CAAEA,QAAQ,CAACG,cAAT,CAAwBQ,MAAxB,CAAnB,EAAqD;QACjD,OAAOjC,UAAU,CAACiC,MAAD,CAAjB;;KAFR;IAKA,OAAOjC,UAAP;;;;;;;;EAOII,eAAe,CAAC8B,aAAD;IACnB,KAAK5H,MAAL,CAAYY,KAAZ,CAAkB,+CAAlB;IACA,OAAO;MACHrC,OAAO,EAAE,EACL,GAAGyG,sBAAsB,CAACzG,OADrB;QAEL,GAAGqJ,aAAa,CAACrJ;OAHlB;MAKHC,OAAO,EAAE,EACL,GAAGwG,sBAAsB,CAACxG,OADrB;QAEL,GAAGoJ,aAAa,CAACpJ;OAPlB;MASHC,WAAW,EAAE,EACT,GAAGuG,sBAAsB,CAACvG,WADjB;QAET,GAAGmJ,aAAa,CAACnJ;OAXlB;MAaHC,YAAY,EAAE,EACV,GAAGsG,sBAAsB,CAACtG,YADhB;QAEV,GAAGkJ,aAAa,CAAClJ;OAflB;MAiBHC,WAAW,EAAE,EACT,GAAGqG,sBAAsB,CAACrG,WADjB;QAET,GAAGiJ,aAAa,CAACjJ;;KAnBzB;;;;;ACxQR;AACA,AAAO,MAAMnE,IAAI,GAAG,kBAAb;AACP,MAAaqN,OAAO,GAAG,QAAhB;;ACFP;;;;AAKA,AAEA;;;;AAGA,AAAO,MAAMC,oBAAoB,GAAG;EAChCC,0BAA0B,EAAE;IACxBC,IAAI,EAAE,sCADkB;IAExBC,IAAI,EAAE;GAHsB;EAKhCC,uBAAuB,EAAE;IACrBF,IAAI,EAAE,4BADe;IAErBC,IAAI,EAAE;GAPsB;EAShCE,oBAAoB,EAAE;IAClBH,IAAI,EAAE,0BADY;IAElBC,IAAI,EAAE;GAXsB;EAahCG,sBAAsB,EAAE;IACpBJ,IAAI,EAAE,2BADc;IAEpBC,IAAI,EAAE;GAfsB;EAiBhCI,2BAA2B,EAAE;IACzBL,IAAI,EAAE,gCADmB;IAEzBC,IAAI,EAAE;GAnBsB;EAqBhCK,qBAAqB,EAAE;IACnBN,IAAI,EAAE,yBADa;IAEnBC,IAAI,EAAE;GAvBsB;EAyBhCM,kBAAkB,EAAE;IAChBP,IAAI,EAAE,iBADU;IAEhBC,IAAI,EAAE;;AA3BsB,CAA7B;AA+BP,MAAaO,sBAAsBC;EAC/BhR,YAAYiR,WAAmBC;IAC3B,MAAMD,SAAN,EAAiBC,YAAjB;IACA,KAAKnO,IAAL,GAAY,eAAZ;;;;;;;EAMwC,OAArCoO,qCAAqC;IACxC,OAAO,IAAIJ,aAAJ,CAAkBV,oBAAoB,CAACC,0BAArB,CAAgDC,IAAlE,KACAF,oBAAoB,CAACC,0BAArB,CAAgDE,MADhD,CAAP;;;;;;;EAOqC,OAAlCY,kCAAkC;IACrC,OAAO,IAAIL,aAAJ,CAAkBV,oBAAoB,CAACI,uBAArB,CAA6CF,IAA/D,KACAF,oBAAoB,CAACI,uBAArB,CAA6CD,MAD7C,CAAP;;;;;;;EAOkC,OAA/Ba,+BAA+B;IAClC,OAAO,IAAIN,aAAJ,CAAkBV,oBAAoB,CAACK,oBAArB,CAA0CH,IAA5D,KACAF,oBAAoB,CAACK,oBAArB,CAA0CF,MAD1C,CAAP;;;;;;;EAOoC,OAAjCc,iCAAiC;IACpC,OAAO,IAAIP,aAAJ,CAAkBV,oBAAoB,CAACM,sBAArB,CAA4CJ,IAA9D,KACAF,oBAAoB,CAACM,sBAArB,CAA4CH,MAD5C,CAAP;;;;;;;EAOyC,OAAtCe,sCAAsC;IACzC,OAAO,IAAIR,aAAJ,CAAkBV,oBAAoB,CAACO,2BAArB,CAAiDL,IAAnE,KACAF,oBAAoB,CAACO,2BAArB,CAAiDJ,MADjD,CAAP;;;;;;;EAOmC,OAAhCgB,gCAAgC;IACnC,OAAO,IAAIT,aAAJ,CAAkBV,oBAAoB,CAACQ,qBAArB,CAA2CN,IAA7D,KACAF,oBAAoB,CAACQ,qBAArB,CAA2CL,MAD3C,CAAP;;;;;;;EAO2B,OAAxBiB,wBAAwB;IAC3B,OAAO,IAAIV,aAAJ,CAAkBV,oBAAoB,CAACS,kBAArB,CAAwCP,IAA1D,EAAgEF,oBAAoB,CAACS,kBAArB,CAAwCN,IAAxG,CAAP;;;;;ACnGR;;;;AAKA,AA4CA;;;;;AAIA,MAAsBkB;;;;EA6BlB1R,YAAsB2R;IAClB,KAAKC,MAAL,GAAc1T,qBAAqB,CAACyT,aAAD,CAAnC;IACA,KAAKE,cAAL,GAAsB,IAAIhR,cAAJ,EAAtB;IACA,KAAK0H,MAAL,GAAc,IAAIuJ,iBAAJ,CAAW,KAAKF,MAAL,CAAYvT,MAAZ,CAAmBT,aAA9B,EAA6CmF,IAA7C,EAAmDqN,OAAnD,CAAd;IACA,KAAK3C,OAAL,GAAe,IAAInF,WAAJ,CAAgB,KAAKC,MAArB,EAA6B,KAAKqJ,MAAL,CAAYzT,IAAZ,CAAiBtC,QAA9C,EAAwD,KAAKgW,cAA7D,CAAf;IACA,KAAKE,UAAL,GAAkB,IAAIvE,UAAJ,CACd,KAAKC,OADS,EAEd,KAAKlF,MAFS,EAGd,KAAKqJ,MAAL,CAAYxT,KAAZ,CAAkBsP,WAHJ,CAAlB;;;;;;;;;;;;;EAgBgB,MAAdsE,cAAc,CAACja,OAAD;IAChB,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,uBAAjB,EAA0Cla,OAAO,CAACma,aAAlD;IACA,MAAMC,YAAY,GAAkC,EAChD,GAAGpa,OAD6C;MAEhD,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV,CAFgD;MAGhDsa,YAAY,EAAEta,OAAO,CAACsa,YAAR,IAAwBC,uBAAY,CAACC,KAHH;MAIhDC,oBAAoB,EAAEC,+BAAoB,CAACC;KAJ/C;IAOA,MAAMC,gBAAgB,GAAG,MAAM,KAAKC,6BAAL,CAC3BT,YAAY,CAACpW,SADc,EAE3BoW,YAAY,CAACD,aAFc,EAG3BW,SAH2B,EAI3BA,SAJ2B,EAK3B9a,OAAO,CAAC+E,iBALmB,CAA/B;IAOA,MAAMgW,uBAAuB,GAAG,IAAIC,kCAAJ,CAC5BJ,gBAD4B,CAAhC;IAGA,KAAKpK,MAAL,CAAY+E,OAAZ,CAAoB,0BAApB,EAAgD6E,YAAY,CAACD,aAA7D;IACA,OAAOY,uBAAuB,CAACd,cAAxB,CAAuCG,YAAvC,CAAP;;;;;;;;;;;;EAWoB,MAAlBa,kBAAkB,CAACjb,OAAD,EAAoCkb,eAApC;IACpB,KAAK1K,MAAL,CAAY0J,IAAZ,CAAiB,2BAAjB;;IACA,IAAIla,OAAO,CAACmb,KAAR,IAAiBD,eAArB,EAAqC;MACjC,KAAK1K,MAAL,CAAY0J,IAAZ,CAAiB,uCAAjB;MACA,KAAKkB,aAAL,CAAmBpb,OAAO,CAACmb,KAA3B,EAAkCD,eAAe,CAACC,KAAhB,IAAyB,EAA3D,EAFiC;;MAIjCD,eAAe,GAAE,EAAC,GAAGA,eAAJ;QAAqBC,KAAK,EAAE;OAA7C;;;IAEJ,MAAMf,YAAY,GAAmC,EACjD,GAAGpa,OAD8C;MAEjD,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV,CAFiD;MAGjDya,oBAAoB,EAAEC,+BAAoB,CAACC;KAH/C;IAMA,MAAMU,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAACme,kBAA5C,EAAgEb,YAAY,CAACD,aAA7E,CAA/B;;IACA,IAAI;MACA,MAAMS,gBAAgB,GAAG,MAAM,KAAKC,6BAAL,CAC3BT,YAAY,CAACpW,SADc,EAE3BoW,YAAY,CAACD,aAFc,EAG3BkB,sBAH2B,EAI3BP,SAJ2B,EAK3B9a,OAAO,CAAC+E,iBALmB,CAA/B;MAOA,MAAMgW,uBAAuB,GAAG,IAAIC,kCAAJ,CAC5BJ,gBAD4B,CAAhC;MAGA,KAAKpK,MAAL,CAAY+E,OAAZ,CAAoB,0BAApB,EAAgD6E,YAAY,CAACD,aAA7D;MACA,OAAOY,uBAAuB,CAACQ,YAAxB,CAAqCnB,YAArC,EAAmDc,eAAnD,CAAP;KAZJ,CAaE,OAAO1Y,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,oBAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;;;;;EAWwB,MAA1BkZ,0BAA0B,CAAC1b,OAAD;IAC5B,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,mCAAjB,EAAsDla,OAAO,CAACma,aAA9D;IACA,MAAMC,YAAY,GAA8B,EAC5C,GAAGpa,OADyC;MAE5C,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV,CAF4C;MAG5Cya,oBAAoB,EAAEC,+BAAoB,CAACC;KAH/C;IAMA,MAAMU,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAAC4e,0BAA5C,EAAwEtB,YAAY,CAACD,aAArF,CAA/B;;IACA,IAAI;MACA,MAAMwB,wBAAwB,GAAG,MAAM,KAAKd,6BAAL,CACnCT,YAAY,CAACpW,SADsB,EAEnCoW,YAAY,CAACD,aAFsB,EAGnCkB,sBAHmC,EAInCP,SAJmC,EAKnC9a,OAAO,CAAC+E,iBAL2B,CAAvC;MAOA,MAAM6W,kBAAkB,GAAG,IAAIC,6BAAJ,CACvBF,wBADuB,CAA3B;MAGA,KAAKnL,MAAL,CAAY+E,OAAZ,CAAoB,8BAApB,EAAoD6E,YAAY,CAACD,aAAjE;MACA,OAAOyB,kBAAkB,CAACL,YAAnB,CAAgCnB,YAAhC,CAAP;KAZJ,CAaE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,oBAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;;;;;;EAYgB,MAAlBsZ,kBAAkB,CAAC9b,OAAD;IACpB,MAAMoa,YAAY,GAA4B,EAC1C,GAAGpa,OADuC;MAE1C,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV,CAF0C;MAG1C+b,YAAY,EAAE/b,OAAO,CAAC+b,YAAR,IAAwB;KAH1C;IAMA,MAAMV,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAACgf,kBAA5C,EAAgE1B,YAAY,CAACD,aAA7E,EAA4FC,YAAY,CAAC2B,YAAzG,CAA/B;;IACA,IAAI;MACA,MAAMC,sBAAsB,GAAG,MAAM,KAAKnB,6BAAL,CACjCT,YAAY,CAACpW,SADoB,EAEjCoW,YAAY,CAACD,aAFoB,EAGjCkB,sBAHiC,EAIjCP,SAJiC,EAKjC9a,OAAO,CAAC+E,iBALyB,CAArC;MAOA,MAAMkX,gBAAgB,GAAG,IAAIC,2BAAJ,CACrBF,sBADqB,CAAzB;MAGA,KAAKxL,MAAL,CAAY+E,OAAZ,CAAoB,4BAApB,EAAkD6E,YAAY,CAACD,aAA/D;MACA,OAAO8B,gBAAgB,CAACV,YAAjB,CAA8BnB,YAA9B,CAAP;KAZJ,CAaE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,oBAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;;;;;;;;EAc4B,MAA9B2Z,8BAA8B,CAACnc,OAAD;IAChC,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,uCAAjB,EAA0Dla,OAAO,CAACma,aAAlE;IACA,MAAMC,YAAY,GAAkC,EAChD,GAAGpa,OAD6C;MAEhD,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV;KAFJ;IAIA,MAAMqb,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAACqf,8BAA5C,EAA4E/B,YAAY,CAACD,aAAzF,CAA/B;;IACA,IAAI;MACA,MAAMiC,4BAA4B,GAAG,MAAM,KAAKvB,6BAAL,CACvCT,YAAY,CAACpW,SAD0B,EAEvCoW,YAAY,CAACD,aAF0B,EAGvCkB,sBAHuC,EAIvCP,SAJuC,EAKvC9a,OAAO,CAAC+E,iBAL+B,CAA3C;MAOA,MAAMsX,sBAAsB,GAAG,IAAIC,iCAAJ,CAA2BF,4BAA3B,CAA/B;MACA,KAAK5L,MAAL,CAAY+E,OAAZ,CAAoB,kCAApB,EAAwD6E,YAAY,CAACD,aAArE;MACA,OAAOkC,sBAAsB,CAACd,YAAvB,CAAoCnB,YAApC,CAAP;KAVJ,CAWE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,oBAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;EAOR+Z,aAAa;IACT,KAAK/L,MAAL,CAAY0J,IAAZ,CAAiB,sBAAjB;IACA,OAAO,KAAKF,UAAZ;;;;;;;;;;;;;EAYMoB,aAAa,CAACD,KAAD,EAAgBqB,WAAhB;IACnB,IAAG,CAACrB,KAAJ,EAAW;MACP,MAAMnC,aAAa,CAACU,wBAAd,EAAN;;;IAGJ,IAAGyB,KAAK,KAAKqB,WAAb,EAA0B;MACtB,MAAMC,0BAAe,CAACC,wBAAhB,EAAN;;;;;;;;EAORC,SAAS;IACL,OAAO,KAAKnM,MAAZ;;;;;;;;EAOJoM,SAAS,CAACpM,MAAD;IACL,KAAKA,MAAL,GAAcA,MAAd;;;;;;;;;EAQyC,MAA7BqK,6BAA6B,CACzC7W,SADyC,EAEzC6Y,oBAFyC,EAGzCxB,sBAHyC,EAIzCyB,wBAJyC,EAKzC/X,iBALyC;IAOzC,KAAKyL,MAAL,CAAY+E,OAAZ,CAAoB,sCAApB,EAA4DsH,oBAA5D;;IAGA,MAAME,qBAAqB,GAAGhY,iBAAiB,GAAGA,iBAAH,GAAuB,KAAK8U,MAAL,CAAYzT,IAAZ,CAAiBrB,iBAAvF;;IAGA,KAAKyL,MAAL,CAAY+E,OAAZ,4DAA+EvR,WAA/E,EAA4F6Y,oBAA5F;IACA,MAAMG,mBAAmB,GAAG,MAAM,KAAKC,eAAL,CAAqBjZ,SAArB,EAAgC8Y,wBAAhC,EAA0DD,oBAA1D,EAAgFE,qBAAhF,CAAlC;IAEA1B,sBAAsB,QAAtB,YAAAA,sBAAsB,CAAE6B,6BAAxB,CAAsDF,mBAAmB,CAACG,uBAA1E;IAEA,MAAMC,mBAAmB,GAAwB;MAC7CC,WAAW,EAAE;QACTvZ,QAAQ,EAAE,KAAK+V,MAAL,CAAYzT,IAAZ,CAAiBtC,QADlB;QAETE,SAAS,EAAEgZ,mBAFF;QAGTrY,kBAAkB,EAAE,KAAKkV,MAAL,CAAYzT,IAAZ,CAAiBzB;OAJI;MAM7C2Y,aAAa,EAAE;QACX/e,QAAQ,EAAE,KAAKsb,MAAL,CAAYvT,MAAZ,CAAmB/H;OAPY;MAS7CsH,aAAa,EAAE;QACXJ,QAAQ,EAAE,KAAKoU,MAAL,CAAYvT,MAAZ,CAAmBT,aAAnB,CAAiCJ,QADhC;QAEXF,cAAc,EAAE,KAAKsU,MAAL,CAAYvT,MAAZ,CAAmBT,aAAnB,CACXN,cAHM;QAIXC,iBAAiB,EAAE,KAAKqU,MAAL,CAAYvT,MAAZ,CAAmBT,aAAnB,CACdL,iBALM;QAMX2U,aAAa,EAAE0C;OAf0B;MAiB7CU,eAAe,EAAE,KAAKzD,cAjBuB;MAkB7C0D,gBAAgB,EAAE,KAAK3D,MAAL,CAAYvT,MAAZ,CAAmBR,aAlBQ;MAmB7C2X,gBAAgB,EAAE,KAAK/H,OAnBsB;MAoB7C2F,sBAAsB,EAAEA,sBApBqB;MAqB7CqC,iBAAiB,EAAE;QACfxZ,YAAY,EAAE,KAAKA,YADJ;QAEfC,eAAe,EAAE,KAAKA,eAAL,GAAuB,KAAKwZ,kBAAL,CAAwBX,mBAAxB,CAAvB,GAAsElC;OAvB9C;MAyB7C8C,WAAW,EAAE;QACTC,GAAG,EAAEC,SAAa,CAACrhB,QADV;QAET4b,OAAO,EAAEA,OAFA;QAGT0F,GAAG,EAAEC,OAAO,CAACC,IAAR,IAAgBzhB,oBAAS,CAACuH,YAHtB;QAITma,EAAE,EAAEF,OAAO,CAACG,QAAR,IAAoB3hB,oBAAS,CAACuH;OA7BO;MA+B7CwC,SAAS,EAAE,KAAKsT,MAAL,CAAYtT,SA/BsB;MAgC7C6X,iBAAiB,EAAE,KAAKvE,MAAL,CAAYxT,KAAZ,CAAkBsP,WAhCQ;MAiC7C0I,iBAAiB,EAAE,KAAKrE;KAjC5B;IAoCA,OAAOoD,mBAAP;;;EAGIO,kBAAkB,CAAC3Z,SAAD;IACtB,OAAO;MACHsa,SAAS,EAAE,KAAKna,eAAL,CAAqBoa,MAArB,CAA4B,KAAKzE,cAAjC,EAAiD,KAAKD,MAAL,CAAYzT,IAAZ,CAAiBtC,QAAlE,EAA4EE,SAAS,CAACwa,aAAtF,CADR;MAEHC,aAAa,EAAEX,SAAa,CAACphB;KAFjC;;;;;;;;EAUiC,MAArB2d,qBAAqB,CAACqE,WAAD;IACjC,KAAKlO,MAAL,CAAY+E,OAAZ,CAAoB,gCAApB,EAAsDmJ,WAAW,CAACvE,aAAlE;;IAEA,IAAIuE,WAAW,CAACjE,oBAAZ,IAAoCiE,WAAW,CAACjE,oBAAZ,KAAqCC,+BAAoB,CAACiE,GAAlG,EAAuG;MACnG,KAAKnO,MAAL,CAAY+E,OAAZ,CAAoB,yGAApB,EAA+HmJ,WAAW,CAACvE,aAA3I;;;IAGJuE,WAAW,CAACjE,oBAAZ,GAAmCC,+BAAoB,CAACC,MAAxD;;IAGA,IAAI+D,WAAW,CAACE,MAAZ,IAAsB,CAAC/U,sBAAW,CAACC,OAAZ,CAAoB4U,WAAW,CAACE,MAAhC,CAA3B,EAAoE;MAChEF,WAAW,CAACjR,mBAAZ,GAAkC,MAAM,KAAKqM,cAAL,CAAoBvQ,UAApB,CAA+BmV,WAAW,CAACE,MAA3C,CAAxC;;;IAGJ,OAAO,EACH,GAAGF,WADA;MAEHG,MAAM,EAAE,CAAC,IAAKH,WAAW,IAAIA,WAAW,CAACG,MAA5B,IAAuC,EAA3C,CAAD,EAAiD,GAAGC,8BAApD,CAFL;MAGH3E,aAAa,EAAEuE,WAAW,IAAIA,WAAW,CAACvE,aAA3B,IAA4C,KAAKL,cAAL,CAAoB7Q,aAApB,EAHxD;MAIHjF,SAAS,EAAE0a,WAAW,CAAC1a,SAAZ,IAAyB,KAAK6V,MAAL,CAAYzT,IAAZ,CAAiBpC;KAJzD;;;;;;;;;;EAcMsX,gCAAgC,CAACyD,KAAD,EAAgB5E,aAAhB,EAAuC4B,YAAvC;IACtC,MAAMiD,gBAAgB,GAA2B;MAC7Clb,QAAQ,EAAE,KAAK+V,MAAL,CAAYzT,IAAZ,CAAiBtC,QADkB;MAE7CqW,aAAa,EAAEA,aAF8B;MAG7C4E,KAAK,EAAEA,KAHsC;MAI7ChD,YAAY,EAAEA,YAAY,IAAI;KAJlC;IAOA,OAAO,IAAIkD,iCAAJ,CAA2BD,gBAA3B,EAA6C,KAAKtJ,OAAlD,CAAP;;;;;;;;;EAQyB,MAAfuH,eAAe,CAACiC,eAAD,EAA0BpC,wBAA1B,EAA+ED,oBAA/E,EAA8G9X,iBAA9G;IACzB,KAAKyL,MAAL,CAAY+E,OAAZ,CAAoB,wBAApB,EAA8CsH,oBAA9C;;IAGA,MAAMsC,YAAY,GAAGC,oBAAS,CAACC,iBAAV,CAA4BH,eAA5B,EAA6Cna,iBAA7C,CAArB;IAEA,MAAMua,gBAAgB,GAAqB;MACvC1a,YAAY,EAAE,KAAKiV,MAAL,CAAYzT,IAAZ,CAAiBxB,YADQ;MAEvCJ,gBAAgB,EAAE,KAAKqV,MAAL,CAAYzT,IAAZ,CAAiB5B,gBAFI;MAGvCC,sBAAsB,EAAE,KAAKoV,MAAL,CAAYzT,IAAZ,CAAiB3B,sBAHF;MAIvCC,iBAAiB,EAAE,KAAKmV,MAAL,CAAYzT,IAAZ,CAAiB1B,iBAJG;MAKvCoY,wBALuC;MAMvC1X,0BAA0B,EAAE,KAAKyU,MAAL,CAAYzT,IAAZ,CAAiBhB;KANjD;IASA,OAAO,MAAMma,2BAAgB,CAACC,wBAAjB,CAA0CL,YAA1C,EAAwD,KAAKtF,MAAL,CAAYvT,MAAZ,CAAmBR,aAA3E,EAA0F,KAAK4P,OAA/F,EAAwG4J,gBAAxG,EAA0H,KAAK9O,MAA/H,EAAuI,KAAKqJ,MAAL,CAAYvT,MAAZ,CAAmB/H,QAA1J,CAAb;;;;;;;EAMJkhB,UAAU;IACN,KAAK/J,OAAL,CAAaZ,KAAb;;;;;ACjdR;;;;AAKA,MAKa4K;;;;;;;EASc,MAAjBC,iBAAiB,CAACC,eAAD,EAA2BC,aAA3B;IACnB,IAAI,CAAC,CAAC,KAAKC,MAAX,EAAmB;MACf,MAAM9G,aAAa,CAACQ,sCAAd,EAAN;;;IAGJ,MAAMuG,gBAAgB,GAAG,IAAIlgB,OAAJ,CAA6C,CAACC,OAAD,EAAUC,MAAV;MAClE,KAAK+f,MAAL,GAAcE,iBAAY,CAAC,OAAOC,GAAP,EAA6BC,GAA7B;QACvB,MAAM7hB,GAAG,GAAG4hB,GAAG,CAAC5hB,GAAhB;;QACA,IAAI,CAACA,GAAL,EAAU;UACN6hB,GAAG,CAAC7f,GAAJ,CAAQwf,aAAa,IAAI,oCAAzB;UACA9f,MAAM,CAACiZ,aAAa,CAACK,kCAAd,EAAD,CAAN;UACA;SAHJ,MAIO,IAAIhb,GAAG,KAAK8hB,oBAAe,CAACC,aAA5B,EAA2C;UAC9CF,GAAG,CAAC7f,GAAJ,CAAQuf,eAAe,IAAI,qEAA3B;UACA;;;QAGJ,MAAMS,gBAAgB,GAAGC,oBAAS,CAACC,0BAAV,CAAqCliB,GAArC,CAAzB;;QACA,IAAIgiB,gBAAgB,CAAC7H,IAArB,EAA2B;UACvB,MAAMgI,WAAW,GAAG,MAAM,KAAKC,cAAL,EAA1B;UACAP,GAAG,CAACQ,SAAJ,CAAc1kB,UAAU,CAAC2kB,QAAzB,EAAmC;YAAEC,QAAQ,EAAEJ;WAA/C,EAFuB;;UAGvBN,GAAG,CAAC7f,GAAJ;;;QAEJP,OAAO,CAACugB,gBAAD,CAAP;OAjBsB,CAA1B;MAmBA,KAAKP,MAAL,CAAYe,MAAZ,CAAmB,CAAnB;KApBqB,CAAzB;;IAwBA,MAAM,IAAIhhB,OAAJ,CAAmBC,OAAD;MACpB,IAAIghB,KAAK,GAAG,CAAZ;MACA,MAAMC,EAAE,GAAGC,WAAW,CAAC;QACnB,IAAKtjB,yBAAyB,CAACE,UAA1B,GAAuCF,yBAAyB,CAACC,WAAlE,GAAiFmjB,KAArF,EAA4F;UACxF,MAAM9H,aAAa,CAACS,gCAAd,EAAN;;;QAGJ,IAAI,KAAKqG,MAAL,CAAYmB,SAAhB,EAA2B;UACvBC,aAAa,CAACH,EAAD,CAAb;UACAjhB,OAAO;;;QAEXghB,KAAK;OATa,EAUnBpjB,yBAAyB,CAACC,WAVP,CAAtB;KAFE,CAAN;IAeA,OAAOoiB,gBAAP;;;;;;;;EAOJU,cAAc;IACV,IAAI,CAAC,KAAKX,MAAV,EAAkB;MACd,MAAM9G,aAAa,CAACO,iCAAd,EAAN;;;IAGJ,MAAM4H,OAAO,GAAG,KAAKrB,MAAL,CAAYqB,OAAZ,EAAhB;;IACA,IAAI,CAACA,OAAD,IAAY,OAAOA,OAAP,KAAmB,QAA/B,IAA2C,CAACA,OAAO,CAAC9hB,IAAxD,EAA8D;MAC1D,KAAK+hB,WAAL;MACA,MAAMpI,aAAa,CAACI,qCAAd,EAAN;;;IAGJ,MAAM/Z,IAAI,GAAG8hB,OAAO,IAAIA,OAAO,CAAC9hB,IAAhC;IAEA,UAAU7C,SAAS,CAACI,gBAAgBJ,SAAS,CAACK,aAAawC,MAA3D;;;;;;;EAMJ+hB,WAAW;IACP,IAAI,CAAC,CAAC,KAAKtB,MAAX,EAAmB;MACf,KAAKA,MAAL,CAAYuB,KAAZ;;;;;;AC3FZ;;;;AAKA,AAsBA;;;;;;AAKA,MAAaC,gCAAgC3H;;;;;;;;;;;;;;;;;;EAkBzC1R,YAAY2R;IACR,MAAMA,aAAN;;;;;;;;;;;;;EAYiC,MAAxB2H,wBAAwB,CAACvhB,OAAD;IACjC,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,iCAAjB,EAAoDla,OAAO,CAACma,aAA5D;IACA,MAAMC,YAAY,GAA4B1X,MAAM,CAAC8e,MAAP,CAAcxhB,OAAd,EAAwB,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAA9B,CAA9C;IACA,MAAMqb,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAACykB,wBAA5C,EAAsEnH,YAAY,CAACD,aAAnF,CAA/B;;IACA,IAAI;MACA,MAAMsH,gBAAgB,GAAG,MAAM,KAAK5G,6BAAL,CAC3BT,YAAY,CAACpW,SADc,EAE3BoW,YAAY,CAACD,aAFc,EAG3BkB,sBAH2B,EAI3BP,SAJ2B,EAK3B9a,OAAO,CAAC+E,iBALmB,CAA/B;MAOA,MAAM2c,gBAAgB,GAAG,IAAIC,2BAAJ,CAAqBF,gBAArB,CAAzB;MACA,KAAKjR,MAAL,CAAY+E,OAAZ,CAAoB,4BAApB,EAAkD6E,YAAY,CAACD,aAA/D;MACA,OAAOuH,gBAAgB,CAACnG,YAAjB,CAA8BnB,YAA9B,CAAP;KAVJ,CAWE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,oBAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;EAOqB,MAAvBof,uBAAuB,CAAC5hB,OAAD;IACzB,MAAM;MAAEoI,QAAF;MAAYE;QAAc,MAAM,KAAKwR,cAAL,CAAoB3R,iBAApB,EAAtC;IACA,MAAM;MAAE0Z,WAAF;MAAejC,eAAf;MAAgCC,aAAhC;MAA+C,GAAGiC;QAAwB9hB,OAAhF;IAEA,MAAM+hB,cAAc,GAAG,IAAIrC,cAAJ,EAAvB;IACA,MAAMK,gBAAgB,GAAGgC,cAAc,CAACpC,iBAAf,CAAiCC,eAAjC,EAAkDC,aAAlD,CAAzB;IACA,MAAMW,WAAW,GAAGuB,cAAc,CAACtB,cAAf,EAApB;IAEA,MAAMrG,YAAY,GAA4B,EAC1C,GAAG0H,mBADuC;MAE1CjD,MAAM,EAAE7e,OAAO,CAAC6e,MAAR,IAAkBC,8BAFgB;MAG1C0B,WAAW,EAAEA,WAH6B;MAI1ClG,YAAY,EAAEC,uBAAY,CAACC,KAJe;MAK1CwH,aAAa,EAAE1Z,SAL2B;MAM1C2Z,mBAAmB,EAAEC,oCAAyB,CAACC;KANnD;IASA,MAAMC,WAAW,GAAG,MAAM,KAAKnI,cAAL,CAAoBG,YAApB,CAA1B;IACA,MAAMyH,WAAW,CAACO,WAAD,CAAjB;IACA,MAAM/B,gBAAgB,GAAG,MAAMN,gBAAgB,CAACsC,OAAjB,CAAyB;MACpDN,cAAc,CAACX,WAAf;KAD2B,CAA/B;;IAIA,IAAIf,gBAAgB,CAACjd,KAArB,EAA4B;MACxB,MAAM,IAAIkf,sBAAJ,CAAgBjC,gBAAgB,CAACjd,KAAjC,EAAwCid,gBAAgB,CAAC1c,iBAAzD,EAA4E0c,gBAAgB,CAACkC,QAA7F,CAAN;KADJ,MAEO,IAAI,CAAClC,gBAAgB,CAAC7H,IAAtB,EAA4B;MAC/B,MAAMQ,aAAa,CAACM,+BAAd,EAAN;;;IAGJ,MAAMrO,UAAU,GAAGoV,gBAAgB,CAACnV,WAApC;IACA,MAAMsX,YAAY,GAA6B;MAC3ChK,IAAI,EAAE6H,gBAAgB,CAAC7H,IADoB;MAE3C3P,YAAY,EAAET,QAF6B;MAG3C6C,UAAU,EAAEA,UAAU,IAAIkV,oBAAe,CAACpc,YAHC;MAI3C,GAAGqW;KAJP;IAMA,OAAO,KAAKa,kBAAL,CAAwBuH,YAAxB,CAAP;;;;;AC9HR;;;;AAKA,AAMA;;;;;AAIA,MAAaC;;;;;EAckB,OAAbC,aAAa,CAACpE,SAAD;IACvB,MAAMna,eAAe,GAAG,IAAIse,eAAJ,EAAxB;IACAte,eAAe,CAACwe,GAAhB,GAAsBrE,SAAtB;IACA,OAAOna,eAAP;;;;;;;;;;EASyB,OAAfye,eAAe,CAACve,UAAD,EAAqBC,UAArB,EAAyCue,iBAAzC;IACzB,MAAM1e,eAAe,GAAG,IAAIse,eAAJ,EAAxB;IACAte,eAAe,CAACG,UAAhB,GAA6BA,UAA7B;IACAH,eAAe,CAACE,UAAhB,GAA6BA,UAA7B;;IACA,IAAIwe,iBAAJ,EAAuB;MACnB1e,eAAe,CAAC0e,iBAAhB,GAAoC,KAAKC,gBAAL,CAAsBD,iBAAtB,CAApC;;;IAEJ,OAAO1e,eAAP;;;;;;;;;;EASGoa,MAAM,CAACzE,cAAD,EAAiCiJ,MAAjC,EAAiDC,WAAjD;;IAET,IAAI,KAAK1e,UAAL,IAAmB,KAAKD,UAA5B,EAAwC;MAEpC,IAAI,KAAKse,GAAL,IAAY,CAAC,KAAKM,SAAL,EAAb,IAAiCF,MAAM,KAAK,KAAKA,MAAjD,IAA2DC,WAAW,KAAK,KAAKA,WAApF,EAAiG;QAC7F,OAAO,KAAKL,GAAZ;;;MAGJ,OAAO,KAAKO,SAAL,CAAepJ,cAAf,EAA+BiJ,MAA/B,EAAuCC,WAAvC,CAAP;;;;;;;;IAOJ,IAAI,KAAKL,GAAT,EAAc;MACV,OAAO,KAAKA,GAAZ;;;IAGJ,MAAMlG,0BAAe,CAAC0G,2BAAhB,EAAN;;;;;;;EAMID,SAAS,CAACpJ,cAAD,EAAiCiJ,MAAjC,EAAiDC,WAAjD;IAEb,KAAKD,MAAL,GAAcA,MAAd;IACA,KAAKC,WAAL,GAAmBA,WAAnB;IACA,MAAMI,QAAQ,GAAGC,oBAAS,CAACC,UAAV,EAAjB;IACA,KAAKC,cAAL,GAAsBH,QAAQ,GAAG,GAAjC;IAEA,MAAMphB,MAAM,GAAc;MACtBwhB,GAAG,EAAEzmB,YAAY,CAACE,OADI;MAEtBwmB,GAAG,EAAE1c,aAAa,CAACK,eAAd,CAA8B,KAAK/C,UAAnC,EAA+C,KAA/C;KAFT;;IAKA,IAAI,KAAKwe,iBAAT,EAA4B;MACxBngB,MAAM,CAAC8e,MAAP,CAAcxf,MAAd,EAAsB;QAClBuC,GAAG,EAAE,KAAKse;OADd;;;IAKJ,MAAMa,OAAO,GAAG;MACZ,CAAC3mB,YAAY,CAACK,QAAd,GAAyB,KAAK4lB,WADlB;MAEZ,CAACjmB,YAAY,CAACM,eAAd,GAAgC,KAAKkmB,cAFzB;MAGZ,CAACxmB,YAAY,CAACO,MAAd,GAAuB,KAAKylB,MAHhB;MAIZ,CAAChmB,YAAY,CAACQ,OAAd,GAAwB,KAAKwlB,MAJjB;MAKZ,CAAChmB,YAAY,CAACS,UAAd,GAA2B4lB,QALf;MAMZ,CAACrmB,YAAY,CAACU,MAAd,GAAuBqc,cAAc,CAAC7Q,aAAf;KAN3B;IASA,KAAK0Z,GAAL,GAAWgB,iBAAI,CAACD,OAAD,EAAU,KAAKpf,UAAf,EAA2B;MAAEtC;KAA7B,CAAf;IACA,OAAO,KAAK2gB,GAAZ;;;;;;;EAMIM,SAAS;IACb,OAAO,KAAKM,cAAL,GAAsBF,oBAAS,CAACC,UAAV,EAA7B;;;;;;;;EAO0B,OAAhBR,gBAAgB,CAACD,iBAAD;;;;;;;;IAQ1B,MAAMe,gBAAgB,GAAG,uEAAzB;IACA,MAAMC,KAAK,GAAa,EAAxB;IAEA,IAAIC,OAAJ;;IACA,OAAO,CAACA,OAAO,GAAGF,gBAAgB,CAACG,IAAjB,CAAsBlB,iBAAtB,CAAX,MAAyD,IAAhE,EAAsE;;MAElEgB,KAAK,CAAC5iB,IAAN,CAAW6iB,OAAO,CAAC,CAAD,CAAP,CAAWzc,OAAX,CAAmB,QAAnB,EAA6B7K,oBAAS,CAACuH,YAAvC,CAAX;;;IAGJ,OAAO8f,KAAP;;;;;AC7IR;;;;AAKA,AAsBA;;;;;;AAKA,MAAaG,sCAAsCrK;;;;;;;;;;;;;;;;;;;;EAsB/C1R,YAAY2R;IACR,MAAMA,aAAN;IACA,KAAKqK,mBAAL,CAAyB,KAAKpK,MAA9B;IACA,KAAKqK,gBAAL,GAAwBpJ,SAAxB;;;;;;;;;;EASJqJ,mBAAmB,CAACC,QAAD;IACf,KAAKF,gBAAL,GAAwBE,QAAxB;;;;;;;EAMuC,MAA9BC,8BAA8B,CAACrkB,OAAD;IACvC,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,uCAAjB,EAA0Dla,OAAO,CAACma,aAAlE;;IAGA,IAAIhW,eAAJ;;IACA,IAAInE,OAAO,CAACmE,eAAZ,EAA6B;MACzBA,eAAe,GAAG;QACdma,SAAS,EAAEte,OAAO,CAACmE,eADL;QAEdsa,aAAa,EAAEX,SAAa,CAACphB;OAFjC;;;IAMJ,MAAM4nB,WAAW,GAAG,MAAM,KAAKjK,qBAAL,CAA2Bra,OAA3B,CAA1B;;IAGA,MAAMukB,gBAAgB,GAAG,EACrB,GAAGD,WADkB;MAErBzF,MAAM,EAAEyF,WAAW,CAACzF,MAAZ,CAAmB7K,MAAnB,CAA2BwQ,KAAD,IAAmB,CAAC1F,8BAAmB,CAACjK,QAApB,CAA6B2P,KAA7B,CAA9C;KAFZ;IAKA,MAAMpK,YAAY,GAAkC,EAChD,GAAGpa,OAD6C;MAEhD,GAAGukB,gBAF6C;MAGhDpgB;KAHJ;IAMA,MAAM2Y,wBAAwB,GAA6B;MACvD2H,WAAW,EAAErK,YAAY,CAACqK,WAD6B;MAEvDC,iBAAiB,EAAE1G,OAAO,CAAC2G,GAAR,CAAYzoB,2BAAZ;KAFvB;IAKA,MAAMmf,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAACunB,8BAA5C,EAA4EjK,YAAY,CAACD,aAAzF,EAAwGC,YAAY,CAACwK,SAArH,CAA/B;;IACA,IAAI;MACA,MAAMC,sBAAsB,GAAG,MAAM,KAAKhK,6BAAL,CACjCT,YAAY,CAACpW,SADoB,EAEjCoW,YAAY,CAACD,aAFoB,EAGjCkB,sBAHiC,EAIjCyB,wBAJiC,EAKjC9c,OAAO,CAAC+E,iBALyB,CAArC;MAOA,MAAM+f,sBAAsB,GAAG,IAAIC,iCAAJ,CAA2BF,sBAA3B,EAAmD,KAAKX,gBAAxD,CAA/B;MACA,KAAK1T,MAAL,CAAY+E,OAAZ,CAAoB,kCAApB,EAAwD6E,YAAY,CAACD,aAArE;MACA,OAAO2K,sBAAsB,CAACvJ,YAAvB,CAAoCnB,YAApC,CAAP;KAVJ,CAWE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,oBAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;;;;;;;;;EAe2B,MAAtBwiB,sBAAsB,CAAChlB,OAAD;IAC/B,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,+BAAjB,EAAkDla,OAAO,CAACma,aAA1D;IACA,MAAMC,YAAY,GAA4B,EAC1C,GAAGpa,OADuC;MAE1C,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV;KAFJ;;IAIA,IAAI;MACA,MAAMilB,gBAAgB,GAAG,MAAM,KAAKpK,6BAAL,CAC3BT,YAAY,CAACpW,SADc,EAE3BoW,YAAY,CAACD,aAFc,EAG3BW,SAH2B,EAI3BA,SAJ2B,EAK3B9a,OAAO,CAAC+E,iBALmB,CAA/B;MAOA,MAAMmgB,SAAS,GAAG,IAAIC,2BAAJ,CAAqBF,gBAArB,CAAlB;MACA,KAAKzU,MAAL,CAAY+E,OAAZ,CAAoB,6BAApB,EAAmD6E,YAAY,CAACD,aAAhE;MACA,OAAO+K,SAAS,CAAC3J,YAAV,CAAuBnB,YAAvB,CAAP;KAVJ,CAWE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,oBAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJ,MAAM3X,CAAN;;;;EAIAyhB,mBAAmB,CAACrK,aAAD;IACvB,MAAMwL,oBAAoB,GAAG,CAACvb,sBAAW,CAACC,OAAZ,CAAoB8P,aAAa,CAACxT,IAAd,CAAmBlC,YAAvC,CAA9B;IACA,MAAMmhB,uBAAuB,GAAG,CAACxb,sBAAW,CAACC,OAAZ,CAAoB8P,aAAa,CAACxT,IAAd,CAAmBjC,eAAvC,CAAjC;IACA,MAAMmhB,WAAW,GAAG1L,aAAa,CAACxT,IAAd,CAAmBhC,iBAAnB,IAAwC;MACxDC,UAAU,EAAE7H,oBAAS,CAACuH,YADkC;MAExDO,UAAU,EAAE9H,oBAAS,CAACuH;KAF1B;IAIA,MAAMwhB,mBAAmB,GAAG,CAAC1b,sBAAW,CAACC,OAAZ,CAAoBwb,WAAW,CAACjhB,UAAhC,CAAD,IAAgD,CAACwF,sBAAW,CAACC,OAAZ,CAAoBwb,WAAW,CAAChhB,UAAhC,CAA7E;;;;;;IAMA,IAAI,KAAK4f,gBAAT,EAA2B;MACvB;;;;IAIJ,IACIkB,oBAAoB,IAAIC,uBAAxB,IACAA,uBAAuB,IAAIE,mBAD3B,IAEAH,oBAAoB,IAAIG,mBAH5B,EAGiD;MAC7C,MAAM9I,0BAAe,CAAC+I,4BAAhB,EAAN;;;IAGJ,IAAI5L,aAAa,CAACxT,IAAd,CAAmBlC,YAAvB,EAAqC;MACjC,KAAKA,YAAL,GAAoB0V,aAAa,CAACxT,IAAd,CAAmBlC,YAAvC;MACA;;;IAGJ,IAAI0V,aAAa,CAACxT,IAAd,CAAmBjC,eAAvB,EAAwC;MACpC,KAAKA,eAAL,GAAuBse,eAAe,CAACC,aAAhB,CAA8B9I,aAAa,CAACxT,IAAd,CAAmBjC,eAAjD,CAAvB;MACA;;;IAGJ,IAAI,CAACohB,mBAAL,EAA0B;MACtB,MAAM9I,0BAAe,CAAC+I,4BAAhB,EAAN;KADJ,MAEO;MAAA;;MACH,KAAKrhB,eAAL,GAAuBse,eAAe,CAACG,eAAhB,CAAgC0C,WAAW,CAACjhB,UAA5C,EAAwDihB,WAAW,CAAChhB,UAApE,2BAAgFsV,aAAa,CAACxT,IAAd,CAAmBhC,iBAAnG,qBAAgF,sBAAsCG,GAAtH,CAAvB;;;;;;ACvMZ;;;;AAKA,MAKakhB;EAITxd,YAAYyd,QAAsBC;IAC9B,KAAKD,MAAL,GAAcA,MAAd;IACA,KAAKC,gBAAL,GAAwBA,gBAAxB;;;EAG0B,MAAjBhP,iBAAiB,CAACF,YAAD;IAC1B,MAAMmP,YAAY,GAAG,MAAM,KAAKD,gBAAL,CAAsBE,MAAtB,EAA3B;IACA,MAAMC,SAAS,GAAG,MAAM,KAAKJ,MAAL,CAAYK,GAAZ,CAAgBH,YAAhB,CAAxB;IACAnP,YAAY,CAACuD,UAAb,CAAwB3D,WAAxB,CAAoCyP,SAApC;;;EAGyB,MAAhBlP,gBAAgB,CAACH,YAAD;IACzB,IAAIA,YAAY,CAACb,eAAjB,EAAkC;MAC9B,MAAMoQ,OAAO,GAAIvP,YAAY,CAACuD,UAAb,CAAuCzD,UAAvC,EAAjB;MACA,MAAM0P,eAAe,GAAGvjB,MAAM,CAACwjB,MAAP,CAAcF,OAAd,EAAuBhS,MAAvB,CAA8BtC,KAAK,IAAIlG,wBAAa,CAACqG,eAAd,CAA8BH,KAA9B,CAAvC,CAAxB;;MAEA,IAAIuU,eAAe,CAACxmB,MAAhB,GAAyB,CAA7B,EAAgC;QAC5B,MAAM+P,aAAa,GAAGyW,eAAe,CAAC,CAAD,CAArC;QACA,MAAML,YAAY,GAAG,MAAM,KAAKD,gBAAL,CAAsBQ,UAAtB,CAAiC3W,aAAjC,CAA3B;QAEA,MAAM,KAAKkW,MAAL,CAAYjjB,GAAZ,CAAgBmjB,YAAhB,EAA8BnP,YAAY,CAACuD,UAAb,CAAwB/D,SAAxB,EAA9B,CAAN;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;"}
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/msal-node.cjs.production.min.js 0 → 100644
View file @ 3a84cbd5
"use strict";function e(e){return e&&"object"==typeof e&&"default"in e?e.default:e}Object.defineProperty(exports,"__esModule",{value:!0});var t,r,n,i=require("@azure/msal-common"),o=require("http"),s=e(o),a=e(require("https")),c=require("uuid"),l=e(require("crypto")),h=require("jsonwebtoken");!function(e){e.GET="get",e.POST="post"}(t||(t={})),function(e){e[e.SUCCESS_RANGE_START=200]="SUCCESS_RANGE_START",e[e.SUCCESS_RANGE_END=299]="SUCCESS_RANGE_END",e[e.REDIRECT=302]="REDIRECT",e[e.CLIENT_ERROR_RANGE_START=400]="CLIENT_ERROR_RANGE_START",e[e.CLIENT_ERROR_RANGE_END=499]="CLIENT_ERROR_RANGE_END",e[e.SERVER_ERROR_RANGE_START=500]="SERVER_ERROR_RANGE_START",e[e.SERVER_ERROR_RANGE_END=599]="SERVER_ERROR_RANGE_END"}(r||(r={})),function(e){e[e.SUCCESS_RANGE_START=200]="SUCCESS_RANGE_START",e[e.SUCCESS_RANGE_END=299]="SUCCESS_RANGE_END",e[e.SERVER_ERROR=500]="SERVER_ERROR"}(n||(n={}));const u="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";var d;!function(e){e[e.acquireTokenSilent=62]="acquireTokenSilent",e[e.acquireTokenByUsernamePassword=371]="acquireTokenByUsernamePassword",e[e.acquireTokenByDeviceCode=671]="acquireTokenByDeviceCode",e[e.acquireTokenByClientCredential=771]="acquireTokenByClientCredential",e[e.acquireTokenByCode=871]="acquireTokenByCode",e[e.acquireTokenByRefreshToken=872]="acquireTokenByRefreshToken"}(d||(d={}));class g{static getNetworkResponse(e,t,r){return{headers:e,body:t,status:r}}}class p{async sendGetRequestAsync(e,r){return null!=r&&r.proxyUrl?y(e,t.GET,r):m(e,t.GET,r)}async sendPostRequestAsync(e,r,n){return null!=r&&r.proxyUrl?y(e,t.POST,r,n):m(e,t.POST,r,n)}}const y=(e,i,o,a)=>{const c=(null==o?void 0:o.headers)||{},l=new URL((null==o?void 0:o.proxyUrl)||""),h=new URL(e),u={host:l.hostname,port:l.port,method:"CONNECT",path:h.hostname,headers:c};a&&(u.timeout=a);let d="";if(i===t.POST){const e=(null==o?void 0:o.body)||"";d=`Content-Type: application/x-www-form-urlencoded\r\nContent-Length: ${e.length}\r\n\r\n`+e}const p=`${i.toUpperCase()} ${h.href} HTTP/1.1\r\nHost: ${h.host}\r\nConnection: close\r\n`+d+"\r\n";return new Promise((e,t)=>{const i=s.request(u);u.timeout&&i.on("timeout",()=>{i.destroy(),t(new Error("Request time out"))}),i.end(),i.on("connect",(o,s)=>{const a=(null==o?void 0:o.statusCode)||n.SERVER_ERROR;(a<n.SUCCESS_RANGE_START||a>n.SUCCESS_RANGE_END)&&(i.destroy(),s.destroy(),t(new Error(`Error connecting to proxy. Http status code: ${o.statusCode}. Http status message: ${(null==o?void 0:o.statusMessage)||"Unknown"}`))),u.timeout&&(s.setTimeout(u.timeout),s.on("timeout",()=>{i.destroy(),s.destroy(),t(new Error("Request time out"))})),s.write(p);const c=[];s.on("data",e=>{c.push(e)}),s.on("end",()=>{const t=Buffer.concat([...c]).toString().split("\r\n"),n=parseInt(t[0].split(" ")[1]),o=t[0].split(" ").slice(2).join(" "),s=t[t.length-1],a=t.slice(1,t.length-2),l=new Map;a.forEach(e=>{const t=e.split(new RegExp(/:\s(.*)/s)),r=t[0];let n=t[1];try{const e=JSON.parse(n);e&&"object"==typeof e&&(n=e)}catch(e){}l.set(r,n)});const h=Object.fromEntries(l),u=g.getNetworkResponse(h,C(n,o,h,s),n);(n<r.SUCCESS_RANGE_START||n>r.SUCCESS_RANGE_END)&&"authorization_pending"!==u.body.error&&i.destroy(),e(u)}),s.on("error",e=>{i.destroy(),s.destroy(),t(new Error(e.toString()))})}),i.on("error",e=>{i.destroy(),t(new Error(e.toString()))})})},m=(e,n,i,o)=>{const s=n===t.POST,c=(null==i?void 0:i.body)||"",l={method:n,headers:(null==i?void 0:i.headers)||{}};return o&&(l.timeout=o),s&&(l.headers={...l.headers,"Content-Length":c.length}),new Promise((t,n)=>{const i=a.request(e,l);o&&i.on("timeout",()=>{i.destroy(),n(new Error("Request time out"))}),s&&i.write(c),i.end(),i.on("response",e=>{const n=e.headers,o=e.statusCode,s=e.statusMessage,a=[];e.on("data",e=>{a.push(e)}),e.on("end",()=>{const e=Buffer.concat([...a]).toString(),c=g.getNetworkResponse(n,C(o,s,n,e),o);(o<r.SUCCESS_RANGE_START||o>r.SUCCESS_RANGE_END)&&"authorization_pending"!==c.body.error&&i.destroy(),t(c)})}),i.on("error",e=>{i.destroy(),n(new Error(e.toString()))})})},C=(e,t,n,i)=>{let o;try{o=JSON.parse(i)}catch(i){let s,a;e>=r.CLIENT_ERROR_RANGE_START&&e<=r.CLIENT_ERROR_RANGE_END?(s="client_error",a="A client"):e>=r.SERVER_ERROR_RANGE_START&&e<=r.SERVER_ERROR_RANGE_END?(s="server_error",a="A server"):(s="unknown_error",a="An unknown"),o={error:s,error_description:`${a} error occured.\nHttp status code: ${e}\nHttp status message: ${t||"Unknown"}\nHeaders: ${JSON.stringify(n)}`}}return o},f={clientId:i.Constants.EMPTY_STRING,authority:i.Constants.DEFAULT_AUTHORITY,clientSecret:i.Constants.EMPTY_STRING,clientAssertion:i.Constants.EMPTY_STRING,clientCertificate:{thumbprint:i.Constants.EMPTY_STRING,privateKey:i.Constants.EMPTY_STRING,x5c:i.Constants.EMPTY_STRING},knownAuthorities:[],cloudDiscoveryMetadata:i.Constants.EMPTY_STRING,authorityMetadata:i.Constants.EMPTY_STRING,clientCapabilities:[],protocolMode:i.ProtocolMode.AAD,azureCloudOptions:{azureCloudInstance:i.AzureCloudInstance.None,tenant:i.Constants.EMPTY_STRING},skipAuthorityMetadataCache:!1},T={},E={loggerOptions:{loggerCallback:()=>{},piiLoggingEnabled:!1,logLevel:i.LogLevel.Info},networkClient:new p,proxyUrl:i.Constants.EMPTY_STRING},A={application:{appName:i.Constants.EMPTY_STRING,appVersion:i.Constants.EMPTY_STRING}};function R({auth:e,cache:t,system:r,telemetry:n}){return{auth:{...f,...e},cache:{...T,...t},system:{...E,...r},telemetry:{...A,...n}}}class k{generateGuid(){return c.v4()}isGuid(e){return/^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i.test(e)}}class S{static base64Encode(e,t){return Buffer.from(e,t).toString("base64")}static base64EncodeUrl(e,t){return S.base64Encode(e,t).replace(/=/g,i.Constants.EMPTY_STRING).replace(/\+/g,"-").replace(/\//g,"_")}static base64Decode(e){return Buffer.from(e,"base64").toString("utf8")}static base64DecodeUrl(e){let t=e.replace(/-/g,"+").replace(/_/g,"/");for(;t.length%4;)t+="=";return S.base64Decode(t)}}class I{sha256(e){return l.createHash("sha256").update(e).digest()}}class _{constructor(){this.hashUtils=new I}async generatePkceCodes(){const e=this.generateCodeVerifier();return{verifier:e,challenge:this.generateCodeChallengeFromVerifier(e)}}generateCodeVerifier(){const e=[],t=256-256%u.length;for(;e.length<=32;){const r=l.randomBytes(1)[0];r>=t||e.push(u[r%u.length])}const r=e.join(i.Constants.EMPTY_STRING);return S.base64EncodeUrl(r)}generateCodeChallengeFromVerifier(e){return S.base64EncodeUrl(this.hashUtils.sha256(e).toString("base64"),"base64")}}class v{constructor(){this.pkceGenerator=new _,this.guidGenerator=new k,this.hashUtils=new I}createNewGuid(){return this.guidGenerator.generateGuid()}base64Encode(e){return S.base64Encode(e)}base64Decode(e){return S.base64Decode(e)}generatePkceCodes(){return this.pkceGenerator.generatePkceCodes()}getPublicKeyThumbprint(){throw new Error("Method not implemented.")}removeTokenBindingKey(){throw new Error("Method not implemented.")}clearKeystore(){throw new Error("Method not implemented.")}signJwt(){throw new Error("Method not implemented.")}async hashString(e){return S.base64EncodeUrl(this.hashUtils.sha256(e).toString("base64"),"base64")}}class w{static deserializeJSONBlob(e){return i.StringUtils.isEmpty(e)?{}:JSON.parse(e)}static deserializeAccounts(e){const t={};return e&&Object.keys(e).map((function(r){const n=e[r],o={homeAccountId:n.home_account_id,environment:n.environment,realm:n.realm,localAccountId:n.local_account_id,username:n.username,authorityType:n.authority_type,name:n.name,clientInfo:n.client_info,lastModificationTime:n.last_modification_time,lastModificationApp:n.last_modification_app},s=new i.AccountEntity;i.CacheManager.toObject(s,o),t[r]=s})),t}static deserializeIdTokens(e){const t={};return e&&Object.keys(e).map((function(r){const n=e[r],o={homeAccountId:n.home_account_id,environment:n.environment,credentialType:n.credential_type,clientId:n.client_id,secret:n.secret,realm:n.realm},s=new i.IdTokenEntity;i.CacheManager.toObject(s,o),t[r]=s})),t}static deserializeAccessTokens(e){const t={};return e&&Object.keys(e).map((function(r){const n=e[r],o={homeAccountId:n.home_account_id,environment:n.environment,credentialType:n.credential_type,clientId:n.client_id,secret:n.secret,realm:n.realm,target:n.target,cachedAt:n.cached_at,expiresOn:n.expires_on,extendedExpiresOn:n.extended_expires_on,refreshOn:n.refresh_on,keyId:n.key_id,tokenType:n.token_type,requestedClaims:n.requestedClaims,requestedClaimsHash:n.requestedClaimsHash,userAssertionHash:n.userAssertionHash},s=new i.AccessTokenEntity;i.CacheManager.toObject(s,o),t[r]=s})),t}static deserializeRefreshTokens(e){const t={};return e&&Object.keys(e).map((function(r){const n=e[r],o={homeAccountId:n.home_account_id,environment:n.environment,credentialType:n.credential_type,clientId:n.client_id,secret:n.secret,familyId:n.family_id,target:n.target,realm:n.realm},s=new i.RefreshTokenEntity;i.CacheManager.toObject(s,o),t[r]=s})),t}static deserializeAppMetadata(e){const t={};return e&&Object.keys(e).map((function(r){const n=e[r],o={clientId:n.client_id,environment:n.environment,familyId:n.family_id},s=new i.AppMetadataEntity;i.CacheManager.toObject(s,o),t[r]=s})),t}static deserializeAllCache(e){return{accounts:e.Account?this.deserializeAccounts(e.Account):{},idTokens:e.IdToken?this.deserializeIdTokens(e.IdToken):{},accessTokens:e.AccessToken?this.deserializeAccessTokens(e.AccessToken):{},refreshTokens:e.RefreshToken?this.deserializeRefreshTokens(e.RefreshToken):{},appMetadata:e.AppMetadata?this.deserializeAppMetadata(e.AppMetadata):{}}}}class b{static serializeJSONBlob(e){return JSON.stringify(e)}static serializeAccounts(e){const t={};return Object.keys(e).map((function(r){const n=e[r];t[r]={home_account_id:n.homeAccountId,environment:n.environment,realm:n.realm,local_account_id:n.localAccountId,username:n.username,authority_type:n.authorityType,name:n.name,client_info:n.clientInfo,last_modification_time:n.lastModificationTime,last_modification_app:n.lastModificationApp}})),t}static serializeIdTokens(e){const t={};return Object.keys(e).map((function(r){const n=e[r];t[r]={home_account_id:n.homeAccountId,environment:n.environment,credential_type:n.credentialType,client_id:n.clientId,secret:n.secret,realm:n.realm}})),t}static serializeAccessTokens(e){const t={};return Object.keys(e).map((function(r){const n=e[r];t[r]={home_account_id:n.homeAccountId,environment:n.environment,credential_type:n.credentialType,client_id:n.clientId,secret:n.secret,realm:n.realm,target:n.target,cached_at:n.cachedAt,expires_on:n.expiresOn,extended_expires_on:n.extendedExpiresOn,refresh_on:n.refreshOn,key_id:n.keyId,token_type:n.tokenType,requestedClaims:n.requestedClaims,requestedClaimsHash:n.requestedClaimsHash,userAssertionHash:n.userAssertionHash}})),t}static serializeRefreshTokens(e){const t={};return Object.keys(e).map((function(r){const n=e[r];t[r]={home_account_id:n.homeAccountId,environment:n.environment,credential_type:n.credentialType,client_id:n.clientId,secret:n.secret,family_id:n.familyId,target:n.target,realm:n.realm}})),t}static serializeAppMetadata(e){const t={};return Object.keys(e).map((function(r){const n=e[r];t[r]={client_id:n.clientId,environment:n.environment,family_id:n.familyId}})),t}static serializeAllCache(e){return{Account:this.serializeAccounts(e.accounts),IdToken:this.serializeIdTokens(e.idTokens),AccessToken:this.serializeAccessTokens(e.accessTokens),RefreshToken:this.serializeRefreshTokens(e.refreshTokens),AppMetadata:this.serializeAppMetadata(e.appMetadata)}}}class M extends i.CacheManager{constructor(e,t,r){super(t,r),this.cache={},this.changeEmitters=[],this.logger=e}registerChangeEmitter(e){this.changeEmitters.push(e)}emitChange(){this.changeEmitters.forEach(e=>e.call(null))}cacheToInMemoryCache(e){const t={accounts:{},idTokens:{},accessTokens:{},refreshTokens:{},appMetadata:{}};for(const r in e)if(e[r]instanceof i.AccountEntity)t.accounts[r]=e[r];else if(e[r]instanceof i.IdTokenEntity)t.idTokens[r]=e[r];else if(e[r]instanceof i.AccessTokenEntity)t.accessTokens[r]=e[r];else if(e[r]instanceof i.RefreshTokenEntity)t.refreshTokens[r]=e[r];else{if(!(e[r]instanceof i.AppMetadataEntity))continue;t.appMetadata[r]=e[r]}return t}inMemoryCacheToCache(e){let t=this.getCache();return t={...t,...e.accounts,...e.idTokens,...e.accessTokens,...e.refreshTokens,...e.appMetadata},t}getInMemoryCache(){return this.logger.trace("Getting in-memory cache"),this.cacheToInMemoryCache(this.getCache())}setInMemoryCache(e){this.logger.trace("Setting in-memory cache");const t=this.inMemoryCacheToCache(e);this.setCache(t),this.emitChange()}getCache(){return this.logger.trace("Getting cache key-value store"),this.cache}setCache(e){this.logger.trace("Setting cache key value store"),this.cache=e,this.emitChange()}getItem(e){return this.logger.tracePii("Item key: "+e),this.getCache()[e]}setItem(e,t){this.logger.tracePii("Item key: "+e);const r=this.getCache();r[e]=t,this.setCache(r)}getAccount(e){const t=this.getItem(e);return i.AccountEntity.isAccountEntity(t)?t:null}setAccount(e){const t=e.generateAccountKey();this.setItem(t,e)}getIdTokenCredential(e){const t=this.getItem(e);return i.IdTokenEntity.isIdTokenEntity(t)?t:null}setIdTokenCredential(e){const t=e.generateCredentialKey();this.setItem(t,e)}getAccessTokenCredential(e){const t=this.getItem(e);return i.AccessTokenEntity.isAccessTokenEntity(t)?t:null}setAccessTokenCredential(e){const t=e.generateCredentialKey();this.setItem(t,e)}getRefreshTokenCredential(e){const t=this.getItem(e);return i.RefreshTokenEntity.isRefreshTokenEntity(t)?t:null}setRefreshTokenCredential(e){const t=e.generateCredentialKey();this.setItem(t,e)}getAppMetadata(e){const t=this.getItem(e);return i.AppMetadataEntity.isAppMetadataEntity(e,t)?t:null}setAppMetadata(e){const t=e.generateAppMetadataKey();this.setItem(t,e)}getServerTelemetry(e){const t=this.getItem(e);return t&&i.ServerTelemetryEntity.isServerTelemetryEntity(e,t)?t:null}setServerTelemetry(e,t){this.setItem(e,t)}getAuthorityMetadata(e){const t=this.getItem(e);return t&&i.AuthorityMetadataEntity.isAuthorityMetadataEntity(e,t)?t:null}getAuthorityMetadataKeys(){return this.getKeys().filter(e=>this.isAuthorityMetadata(e))}setAuthorityMetadata(e,t){this.setItem(e,t)}getThrottlingCache(e){const t=this.getItem(e);return t&&i.ThrottlingEntity.isThrottlingEntity(e,t)?t:null}setThrottlingCache(e,t){this.setItem(e,t)}removeItem(e){this.logger.tracePii("Item key: "+e);let t=!1;const r=this.getCache();return r[e]&&(delete r[e],t=!0),t&&(this.setCache(r),this.emitChange()),t}containsKey(e){return this.getKeys().includes(e)}getKeys(){this.logger.trace("Retrieving all cache keys");const e=this.getCache();return[...Object.keys(e)]}async clear(){this.logger.trace("Clearing cache entries created by MSAL"),this.getKeys().forEach(e=>{this.removeItem(e)}),this.emitChange()}static generateInMemoryCache(e){return w.deserializeAllCache(w.deserializeJSONBlob(e))}static generateJsonCache(e){return b.serializeAllCache(e)}updateCredentialCacheKey(e,t){const r=t.generateCredentialKey();if(e!==r){const n=this.getItem(e);if(n)return this.removeItem(e),this.setItem(r,n),this.logger.verbose(`Updated an outdated ${t.credentialType} cache key`),r;this.logger.error(`Attempted to update an outdated ${t.credentialType} cache key but no item matching the outdated key was found in storage`)}return e}}const O={},N={},P={},q={},U={};class x{constructor(e,t,r){this.cacheHasChanged=!1,this.storage=e,this.storage.registerChangeEmitter(this.handleChangeEvent.bind(this)),r&&(this.persistence=r),this.logger=t}hasChanged(){return this.cacheHasChanged}serialize(){this.logger.trace("Serializing in-memory cache");let e=b.serializeAllCache(this.storage.getInMemoryCache());return i.StringUtils.isEmpty(this.cacheSnapshot)?this.logger.trace("No cache snapshot to merge"):(this.logger.trace("Reading cache snapshot from disk"),e=this.mergeState(JSON.parse(this.cacheSnapshot),e)),this.cacheHasChanged=!1,JSON.stringify(e)}deserialize(e){if(this.logger.trace("Deserializing JSON to in-memory cache"),this.cacheSnapshot=e,i.StringUtils.isEmpty(this.cacheSnapshot))this.logger.trace("No cache snapshot to deserialize");else{this.logger.trace("Reading cache snapshot from disk");const e=w.deserializeAllCache(this.overlayDefaults(JSON.parse(this.cacheSnapshot)));this.storage.setInMemoryCache(e)}}getKVStore(){return this.storage.getCache()}async getAllAccounts(){let e;this.logger.trace("getAllAccounts called");try{return this.persistence&&(e=new i.TokenCacheContext(this,!1),await this.persistence.beforeCacheAccess(e)),this.storage.getAllAccounts()}finally{this.persistence&&e&&await this.persistence.afterCacheAccess(e)}}async getAccountByHomeId(e){const t=await this.getAllAccounts();return!i.StringUtils.isEmpty(e)&&t&&t.length&&t.filter(t=>t.homeAccountId===e)[0]||null}async getAccountByLocalId(e){const t=await this.getAllAccounts();return!i.StringUtils.isEmpty(e)&&t&&t.length&&t.filter(t=>t.localAccountId===e)[0]||null}async removeAccount(e){let t;this.logger.trace("removeAccount called");try{this.persistence&&(t=new i.TokenCacheContext(this,!0),await this.persistence.beforeCacheAccess(t)),await this.storage.removeAccount(i.AccountEntity.generateAccountCacheKey(e))}finally{this.persistence&&t&&await this.persistence.afterCacheAccess(t)}}handleChangeEvent(){this.cacheHasChanged=!0}mergeState(e,t){this.logger.trace("Merging in-memory cache with cache snapshot");const r=this.mergeRemovals(e,t);return this.mergeUpdates(r,t)}mergeUpdates(e,t){return Object.keys(t).forEach(r=>{const n=t[r];if(e.hasOwnProperty(r)){const t=null!==n,i="object"==typeof n,o=!Array.isArray(n),s=null!=e[r];t&&i&&o&&s?this.mergeUpdates(e[r],n):e[r]=n}else null!==n&&(e[r]=n)}),e}mergeRemovals(e,t){this.logger.trace("Remove updated entries in cache");const r=e.Account?this.mergeRemovalsDict(e.Account,t.Account):e.Account,n=e.AccessToken?this.mergeRemovalsDict(e.AccessToken,t.AccessToken):e.AccessToken,i=e.RefreshToken?this.mergeRemovalsDict(e.RefreshToken,t.RefreshToken):e.RefreshToken,o=e.IdToken?this.mergeRemovalsDict(e.IdToken,t.IdToken):e.IdToken,s=e.AppMetadata?this.mergeRemovalsDict(e.AppMetadata,t.AppMetadata):e.AppMetadata;return{...e,Account:r,AccessToken:n,RefreshToken:i,IdToken:o,AppMetadata:s}}mergeRemovalsDict(e,t){const r={...e};return Object.keys(e).forEach(e=>{t&&t.hasOwnProperty(e)||delete r[e]}),r}overlayDefaults(e){return this.logger.trace("Overlaying input cache with the default cache"),{Account:{...O,...e.Account},IdToken:{...N,...e.IdToken},AccessToken:{...P,...e.AccessToken},RefreshToken:{...q,...e.RefreshToken},AppMetadata:{...U,...e.AppMetadata}}}}class z extends i.AuthError{constructor(e,t){super(e,t),this.name="NodeAuthError"}static createInvalidLoopbackAddressTypeError(){return new z("invalid_loopback_server_address_type","Loopback server address is not type string. This is unexpected.")}static createUnableToLoadRedirectUrlError(){return new z("unable_to_load_redirectUrl","Loopback server callback was invoked without a url. This is unexpected.")}static createNoAuthCodeInResponseError(){return new z("no_auth_code_in_response","No auth code found in the server response. Please check your network trace to determine what happened.")}static createNoLoopbackServerExistsError(){return new z("no_loopback_server_exists","No loopback server exists yet.")}static createLoopbackServerAlreadyExistsError(){return new z("loopback_server_already_exists","Loopback server already exists. Cannot create another.")}static createLoopbackServerTimeoutError(){return new z("loopback_server_timeout","Timed out waiting for auth code listener to be registered.")}static createStateNotFoundError(){return new z("state_not_found","State not found. Please verify that the request originated from msal.")}}class G{constructor(e){this.config=R(e),this.cryptoProvider=new v,this.logger=new i.Logger(this.config.system.loggerOptions,"@azure/msal-node","1.14.5"),this.storage=new M(this.logger,this.config.auth.clientId,this.cryptoProvider),this.tokenCache=new x(this.storage,this.logger,this.config.cache.cachePlugin)}async getAuthCodeUrl(e){this.logger.info("getAuthCodeUrl called",e.correlationId);const t={...e,...await this.initializeBaseRequest(e),responseMode:e.responseMode||i.ResponseMode.QUERY,authenticationScheme:i.AuthenticationScheme.BEARER},r=await this.buildOauthClientConfiguration(t.authority,t.correlationId,void 0,void 0,e.azureCloudOptions),n=new i.AuthorizationCodeClient(r);return this.logger.verbose("Auth code client created",t.correlationId),n.getAuthCodeUrl(t)}async acquireTokenByCode(e,t){this.logger.info("acquireTokenByCode called"),e.state&&t&&(this.logger.info("acquireTokenByCode - validating state"),this.validateState(e.state,t.state||""),t={...t,state:""});const r={...e,...await this.initializeBaseRequest(e),authenticationScheme:i.AuthenticationScheme.BEARER},n=this.initializeServerTelemetryManager(d.acquireTokenByCode,r.correlationId);try{const o=await this.buildOauthClientConfiguration(r.authority,r.correlationId,n,void 0,e.azureCloudOptions),s=new i.AuthorizationCodeClient(o);return this.logger.verbose("Auth code client created",r.correlationId),s.acquireToken(r,t)}catch(e){throw e instanceof i.AuthError&&e.setCorrelationId(r.correlationId),n.cacheFailedRequest(e),e}}async acquireTokenByRefreshToken(e){this.logger.info("acquireTokenByRefreshToken called",e.correlationId);const t={...e,...await this.initializeBaseRequest(e),authenticationScheme:i.AuthenticationScheme.BEARER},r=this.initializeServerTelemetryManager(d.acquireTokenByRefreshToken,t.correlationId);try{const n=await this.buildOauthClientConfiguration(t.authority,t.correlationId,r,void 0,e.azureCloudOptions),o=new i.RefreshTokenClient(n);return this.logger.verbose("Refresh token client created",t.correlationId),o.acquireToken(t)}catch(e){throw e instanceof i.AuthError&&e.setCorrelationId(t.correlationId),r.cacheFailedRequest(e),e}}async acquireTokenSilent(e){const t={...e,...await this.initializeBaseRequest(e),forceRefresh:e.forceRefresh||!1},r=this.initializeServerTelemetryManager(d.acquireTokenSilent,t.correlationId,t.forceRefresh);try{const n=await this.buildOauthClientConfiguration(t.authority,t.correlationId,r,void 0,e.azureCloudOptions),o=new i.SilentFlowClient(n);return this.logger.verbose("Silent flow client created",t.correlationId),o.acquireToken(t)}catch(e){throw e instanceof i.AuthError&&e.setCorrelationId(t.correlationId),r.cacheFailedRequest(e),e}}async acquireTokenByUsernamePassword(e){this.logger.info("acquireTokenByUsernamePassword called",e.correlationId);const t={...e,...await this.initializeBaseRequest(e)},r=this.initializeServerTelemetryManager(d.acquireTokenByUsernamePassword,t.correlationId);try{const n=await this.buildOauthClientConfiguration(t.authority,t.correlationId,r,void 0,e.azureCloudOptions),o=new i.UsernamePasswordClient(n);return this.logger.verbose("Username password client created",t.correlationId),o.acquireToken(t)}catch(e){throw e instanceof i.AuthError&&e.setCorrelationId(t.correlationId),r.cacheFailedRequest(e),e}}getTokenCache(){return this.logger.info("getTokenCache called"),this.tokenCache}validateState(e,t){if(!e)throw z.createStateNotFoundError();if(e!==t)throw i.ClientAuthError.createStateMismatchError()}getLogger(){return this.logger}setLogger(e){this.logger=e}async buildOauthClientConfiguration(e,t,r,n,o){this.logger.verbose("buildOauthClientConfiguration called",t);const s=o||this.config.auth.azureCloudOptions;this.logger.verbose("building oauth client configuration with the authority: "+e,t);const a=await this.createAuthority(e,n,t,s);return null==r||r.updateRegionDiscoveryMetadata(a.regionDiscoveryMetadata),{authOptions:{clientId:this.config.auth.clientId,authority:a,clientCapabilities:this.config.auth.clientCapabilities},systemOptions:{proxyUrl:this.config.system.proxyUrl},loggerOptions:{logLevel:this.config.system.loggerOptions.logLevel,loggerCallback:this.config.system.loggerOptions.loggerCallback,piiLoggingEnabled:this.config.system.loggerOptions.piiLoggingEnabled,correlationId:t},cryptoInterface:this.cryptoProvider,networkInterface:this.config.system.networkClient,storageInterface:this.storage,serverTelemetryManager:r,clientCredentials:{clientSecret:this.clientSecret,clientAssertion:this.clientAssertion?this.getClientAssertion(a):void 0},libraryInfo:{sku:"msal.js.node",version:"1.14.5",cpu:process.arch||i.Constants.EMPTY_STRING,os:process.platform||i.Constants.EMPTY_STRING},telemetry:this.config.telemetry,persistencePlugin:this.config.cache.cachePlugin,serializableCache:this.tokenCache}}getClientAssertion(e){return{assertion:this.clientAssertion.getJwt(this.cryptoProvider,this.config.auth.clientId,e.tokenEndpoint),assertionType:"urn:ietf:params:oauth:client-assertion-type:jwt-bearer"}}async initializeBaseRequest(e){return this.logger.verbose("initializeRequestScopes called",e.correlationId),e.authenticationScheme&&e.authenticationScheme===i.AuthenticationScheme.POP&&this.logger.verbose("Authentication Scheme 'pop' is not supported yet, setting Authentication Scheme to 'Bearer' for request",e.correlationId),e.authenticationScheme=i.AuthenticationScheme.BEARER,e.claims&&!i.StringUtils.isEmpty(e.claims)&&(e.requestedClaimsHash=await this.cryptoProvider.hashString(e.claims)),{...e,scopes:[...e&&e.scopes||[],...i.OIDC_DEFAULT_SCOPES],correlationId:e&&e.correlationId||this.cryptoProvider.createNewGuid(),authority:e.authority||this.config.auth.authority}}initializeServerTelemetryManager(e,t,r){return new i.ServerTelemetryManager({clientId:this.config.auth.clientId,correlationId:t,apiId:e,forceRefresh:r||!1},this.storage)}async createAuthority(e,t,r,n){this.logger.verbose("createAuthority called",r);const o=i.Authority.generateAuthority(e,n),s={protocolMode:this.config.auth.protocolMode,knownAuthorities:this.config.auth.knownAuthorities,cloudDiscoveryMetadata:this.config.auth.cloudDiscoveryMetadata,authorityMetadata:this.config.auth.authorityMetadata,azureRegionConfiguration:t,skipAuthorityMetadataCache:this.config.auth.skipAuthorityMetadataCache};return await i.AuthorityFactory.createDiscoveredInstance(o,this.config.system.networkClient,this.storage,s,this.logger,this.config.system.proxyUrl)}clearCache(){this.storage.clear()}}class j{async listenForAuthCode(e,t){if(this.server)throw z.createLoopbackServerAlreadyExistsError();const n=new Promise((n,s)=>{this.server=o.createServer(async(o,a)=>{const c=o.url;if(!c)return a.end(t||"Error occurred loading redirectUrl"),void s(z.createUnableToLoadRedirectUrlError());if(c===i.Constants.FORWARD_SLASH)return void a.end(e||"Auth code was successfully acquired. You can close this window now.");const l=i.UrlString.getDeserializedQueryString(c);if(l.code){const e=await this.getRedirectUri();a.writeHead(r.REDIRECT,{location:e}),a.end()}n(l)}),this.server.listen(0)});return await new Promise(e=>{let t=0;const r=setInterval(()=>{if(50<t)throw z.createLoopbackServerTimeoutError();this.server.listening&&(clearInterval(r),e()),t++},100)}),n}getRedirectUri(){if(!this.server)throw z.createNoLoopbackServerExistsError();const e=this.server.address();if(!e||"string"==typeof e||!e.port)throw this.closeServer(),z.createInvalidLoopbackAddressTypeError();return"http://localhost:"+(e&&e.port)}closeServer(){this.server&&this.server.close()}}class B{static fromAssertion(e){const t=new B;return t.jwt=e,t}static fromCertificate(e,t,r){const n=new B;return n.privateKey=t,n.thumbprint=e,r&&(n.publicCertificate=this.parseCertificate(r)),n}getJwt(e,t,r){if(this.privateKey&&this.thumbprint)return this.jwt&&!this.isExpired()&&t===this.issuer&&r===this.jwtAudience?this.jwt:this.createJwt(e,t,r);if(this.jwt)return this.jwt;throw i.ClientAuthError.createInvalidAssertionError()}createJwt(e,t,r){this.issuer=t,this.jwtAudience=r;const n=i.TimeUtils.nowSeconds();this.expirationTime=n+600;const o={alg:"RS256",x5t:S.base64EncodeUrl(this.thumbprint,"hex")};this.publicCertificate&&Object.assign(o,{x5c:this.publicCertificate});const s={aud:this.jwtAudience,exp:this.expirationTime,iss:this.issuer,sub:this.issuer,nbf:n,jti:e.createNewGuid()};return this.jwt=h.sign(s,this.privateKey,{header:o}),this.jwt}isExpired(){return this.expirationTime<i.TimeUtils.nowSeconds()}static parseCertificate(e){const t=/-----BEGIN CERTIFICATE-----\r*\n(.+?)\r*\n-----END CERTIFICATE-----/gs,r=[];let n;for(;null!==(n=t.exec(e));)r.push(n[1].replace(/\r*\n/g,i.Constants.EMPTY_STRING));return r}}Object.defineProperty(exports,"AuthError",{enumerable:!0,get:function(){return i.AuthError}}),Object.defineProperty(exports,"AuthErrorMessage",{enumerable:!0,get:function(){return i.AuthErrorMessage}}),Object.defineProperty(exports,"AzureCloudInstance",{enumerable:!0,get:function(){return i.AzureCloudInstance}}),Object.defineProperty(exports,"ClientAuthError",{enumerable:!0,get:function(){return i.ClientAuthError}}),Object.defineProperty(exports,"ClientAuthErrorMessage",{enumerable:!0,get:function(){return i.ClientAuthErrorMessage}}),Object.defineProperty(exports,"ClientConfigurationError",{enumerable:!0,get:function(){return i.ClientConfigurationError}}),Object.defineProperty(exports,"ClientConfigurationErrorMessage",{enumerable:!0,get:function(){return i.ClientConfigurationErrorMessage}}),Object.defineProperty(exports,"InteractionRequiredAuthError",{enumerable:!0,get:function(){return i.InteractionRequiredAuthError}}),Object.defineProperty(exports,"InteractionRequiredAuthErrorMessage",{enumerable:!0,get:function(){return i.InteractionRequiredAuthErrorMessage}}),Object.defineProperty(exports,"LogLevel",{enumerable:!0,get:function(){return i.LogLevel}}),Object.defineProperty(exports,"Logger",{enumerable:!0,get:function(){return i.Logger}}),Object.defineProperty(exports,"PromptValue",{enumerable:!0,get:function(){return i.PromptValue}}),Object.defineProperty(exports,"ProtocolMode",{enumerable:!0,get:function(){return i.ProtocolMode}}),Object.defineProperty(exports,"ResponseMode",{enumerable:!0,get:function(){return i.ResponseMode}}),Object.defineProperty(exports,"ServerError",{enumerable:!0,get:function(){return i.ServerError}}),Object.defineProperty(exports,"TokenCacheContext",{enumerable:!0,get:function(){return i.TokenCacheContext}}),exports.ClientApplication=G,exports.ClientAssertion=B,exports.ConfidentialClientApplication=class extends G{constructor(e){super(e),this.setClientCredential(this.config),this.appTokenProvider=void 0}SetAppTokenProvider(e){this.appTokenProvider=e}async acquireTokenByClientCredential(e){let t;this.logger.info("acquireTokenByClientCredential called",e.correlationId),e.clientAssertion&&(t={assertion:e.clientAssertion,assertionType:"urn:ietf:params:oauth:client-assertion-type:jwt-bearer"});const r=await this.initializeBaseRequest(e),n={...r,scopes:r.scopes.filter(e=>!i.OIDC_DEFAULT_SCOPES.includes(e))},o={...e,...n,clientAssertion:t},s={azureRegion:o.azureRegion,environmentRegion:process.env.REGION_NAME},a=this.initializeServerTelemetryManager(d.acquireTokenByClientCredential,o.correlationId,o.skipCache);try{const t=await this.buildOauthClientConfiguration(o.authority,o.correlationId,a,s,e.azureCloudOptions),r=new i.ClientCredentialClient(t,this.appTokenProvider);return this.logger.verbose("Client credential client created",o.correlationId),r.acquireToken(o)}catch(e){throw e instanceof i.AuthError&&e.setCorrelationId(o.correlationId),a.cacheFailedRequest(e),e}}async acquireTokenOnBehalfOf(e){this.logger.info("acquireTokenOnBehalfOf called",e.correlationId);const t={...e,...await this.initializeBaseRequest(e)};try{const r=await this.buildOauthClientConfiguration(t.authority,t.correlationId,void 0,void 0,e.azureCloudOptions),n=new i.OnBehalfOfClient(r);return this.logger.verbose("On behalf of client created",t.correlationId),n.acquireToken(t)}catch(e){throw e instanceof i.AuthError&&e.setCorrelationId(t.correlationId),e}}setClientCredential(e){const t=!i.StringUtils.isEmpty(e.auth.clientSecret),r=!i.StringUtils.isEmpty(e.auth.clientAssertion),n=e.auth.clientCertificate||{thumbprint:i.Constants.EMPTY_STRING,privateKey:i.Constants.EMPTY_STRING},o=!i.StringUtils.isEmpty(n.thumbprint)||!i.StringUtils.isEmpty(n.privateKey);if(!this.appTokenProvider){if(t&&r||r&&o||t&&o)throw i.ClientAuthError.createInvalidCredentialError();if(e.auth.clientSecret)this.clientSecret=e.auth.clientSecret;else if(e.auth.clientAssertion)this.clientAssertion=B.fromAssertion(e.auth.clientAssertion);else{if(!o)throw i.ClientAuthError.createInvalidCredentialError();var s;this.clientAssertion=B.fromCertificate(n.thumbprint,n.privateKey,null==(s=e.auth.clientCertificate)?void 0:s.x5c)}}}},exports.CryptoProvider=v,exports.DistributedCachePlugin=class{constructor(e,t){this.client=e,this.partitionManager=t}async beforeCacheAccess(e){const t=await this.partitionManager.getKey(),r=await this.client.get(t);e.tokenCache.deserialize(r)}async afterCacheAccess(e){if(e.cacheHasChanged){const t=e.tokenCache.getKVStore(),r=Object.values(t).filter(e=>i.AccountEntity.isAccountEntity(e));if(r.length>0){const t=r[0],n=await this.partitionManager.extractKey(t);await this.client.set(n,e.tokenCache.serialize())}}}},exports.NodeStorage=M,exports.PublicClientApplication=class extends G{constructor(e){super(e)}async acquireTokenByDeviceCode(e){this.logger.info("acquireTokenByDeviceCode called",e.correlationId);const t=Object.assign(e,await this.initializeBaseRequest(e)),r=this.initializeServerTelemetryManager(d.acquireTokenByDeviceCode,t.correlationId);try{const n=await this.buildOauthClientConfiguration(t.authority,t.correlationId,r,void 0,e.azureCloudOptions),o=new i.DeviceCodeClient(n);return this.logger.verbose("Device code client created",t.correlationId),o.acquireToken(t)}catch(e){throw e instanceof i.AuthError&&e.setCorrelationId(t.correlationId),r.cacheFailedRequest(e),e}}async acquireTokenInteractive(e){const{verifier:t,challenge:r}=await this.cryptoProvider.generatePkceCodes(),{openBrowser:n,successTemplate:o,errorTemplate:s,...a}=e,c=new j,l=c.listenForAuthCode(o,s),h=c.getRedirectUri(),u={...a,scopes:e.scopes||i.OIDC_DEFAULT_SCOPES,redirectUri:h,responseMode:i.ResponseMode.QUERY,codeChallenge:r,codeChallengeMethod:i.CodeChallengeMethodValues.S256},d=await this.getAuthCodeUrl(u);await n(d);const g=await l.finally(()=>{c.closeServer()});if(g.error)throw new i.ServerError(g.error,g.error_description,g.suberror);if(!g.code)throw z.createNoAuthCodeInResponseError();const p={code:g.code,codeVerifier:t,clientInfo:g.client_info||i.Constants.EMPTY_STRING,...u};return this.acquireTokenByCode(p)}},exports.TokenCache=x,exports.buildAppConfiguration=R,exports.version="1.14.5";
//# sourceMappingURL=msal-node.cjs.production.min.js.map
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/msal-node.cjs.production.min.js.map 0 → 100644
View file @ 3a84cbd5
{"version":3,"file":"msal-node.cjs.production.min.js","sources":["../src/utils/Constants.ts","../src/utils/NetworkUtils.ts","../src/network/HttpClient.ts","../src/config/Configuration.ts","../src/crypto/GuidGenerator.ts","../src/utils/EncodingUtils.ts","../src/crypto/HashUtils.ts","../src/crypto/PkceGenerator.ts","../src/crypto/CryptoProvider.ts","../src/cache/serializer/Deserializer.ts","../src/cache/serializer/Serializer.ts","../src/cache/NodeStorage.ts","../src/cache/TokenCache.ts","../src/error/NodeAuthError.ts","../src/client/ClientApplication.ts","../src/packageMetadata.ts","../src/network/LoopbackClient.ts","../src/client/ClientAssertion.ts","../src/client/ConfidentialClientApplication.ts","../src/cache/distributed/DistributedCachePlugin.ts","../src/client/PublicClientApplication.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * http methods\n */\nexport enum HttpMethod {\n GET = \"get\",\n POST = \"post\",\n}\n\nexport enum HttpStatus {\n SUCCESS_RANGE_START = 200,\n SUCCESS_RANGE_END = 299,\n REDIRECT = 302,\n CLIENT_ERROR_RANGE_START = 400,\n CLIENT_ERROR_RANGE_END = 499,\n SERVER_ERROR_RANGE_START = 500,\n SERVER_ERROR_RANGE_END = 599\n}\n\nexport enum ProxyStatus {\n SUCCESS_RANGE_START = 200,\n SUCCESS_RANGE_END = 299,\n SERVER_ERROR = 500\n}\n\n/**\n * Constants used for region discovery\n */\nexport const REGION_ENVIRONMENT_VARIABLE = \"REGION_NAME\";\n\n/**\n * Constant used for PKCE\n */\nexport const RANDOM_OCTET_SIZE = 32;\n\n/**\n * Constants used in PKCE\n */\nexport const Hash = {\n SHA256: \"sha256\",\n};\n\n/**\n * Constants for encoding schemes\n */\nexport const CharSet = {\n CV_CHARSET:\n \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~\",\n};\n\n/**\n * Cache Constants\n */\nexport const CACHE = {\n FILE_CACHE: \"fileCache\",\n EXTENSION_LIB: \"extenstion_library\",\n};\n\n/**\n * Constants\n */\nexport const Constants = {\n MSAL_SKU: \"msal.js.node\",\n JWT_BEARER_ASSERTION_TYPE: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n AUTHORIZATION_PENDING: \"authorization_pending\",\n HTTP_PROTOCOL: \"http://\",\n LOCALHOST: \"localhost\"\n};\n\n/**\n * API Codes for Telemetry purposes.\n * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs\n * 0-99 Silent Flow\n * 600-699 Device Code Flow\n * 800-899 Auth Code Flow\n */\nexport enum ApiId {\n acquireTokenSilent = 62,\n acquireTokenByUsernamePassword = 371,\n acquireTokenByDeviceCode = 671,\n acquireTokenByClientCredential = 771,\n acquireTokenByCode = 871,\n acquireTokenByRefreshToken = 872\n}\n\n/**\n * JWT constants\n */\nexport const JwtConstants = {\n ALGORITHM: \"alg\",\n RSA_256: \"RS256\",\n X5T: \"x5t\", \n X5C: \"x5c\",\n AUDIENCE: \"aud\",\n EXPIRATION_TIME: \"exp\",\n ISSUER: \"iss\",\n SUBJECT: \"sub\",\n NOT_BEFORE: \"nbf\",\n JWT_ID: \"jti\",\n};\n\nexport const LOOPBACK_SERVER_CONSTANTS = {\n INTERVAL_MS: 100,\n TIMEOUT_MS: 5000\n};\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { NetworkResponse } from \"@azure/msal-common\";\n\nexport class NetworkUtils {\n static getNetworkResponse<T>(headers: Record<string, string>, body: T, statusCode: number): NetworkResponse<T> {\n return {\n headers: headers,\n body: body,\n status: statusCode,\n };\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n INetworkModule,\n NetworkRequestOptions,\n NetworkResponse\n} from \"@azure/msal-common\";\nimport { HttpMethod, Constants, HttpStatus, ProxyStatus } from \"../utils/Constants\";\nimport { NetworkUtils } from \"../utils/NetworkUtils\";\nimport http from \"http\";\nimport https from \"https\";\n\n/**\n * This class implements the API for network requests.\n */\nexport class HttpClient implements INetworkModule {\n\n /**\n * Http Get request\n * @param url\n * @param options\n */\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n ): Promise<NetworkResponse<T>> {\n if (options?.proxyUrl) {\n return networkRequestViaProxy(url, HttpMethod.GET, options);\n } else {\n return networkRequestViaHttps(url, HttpMethod.GET, options);\n }\n }\n\n /**\n * Http Post request\n * @param url\n * @param options\n */\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n cancellationToken?: number,\n ): Promise<NetworkResponse<T>> {\n if (options?.proxyUrl) {\n return networkRequestViaProxy(url, HttpMethod.POST, options, cancellationToken);\n } else {\n return networkRequestViaHttps(url, HttpMethod.POST, options, cancellationToken);\n }\n }\n}\n\nconst networkRequestViaProxy = <T>(\n url: string,\n httpMethod: string,\n options: NetworkRequestOptions,\n timeout?: number,\n): Promise<NetworkResponse<T>> => {\n const headers = options?.headers || {} as Record<string, string>;\n const proxyUrl = new URL(options?.proxyUrl || \"\");\n const destinationUrl = new URL(url);\n\n // \"method: connect\" must be used to establish a connection to the proxy\n const tunnelRequestOptions: https.RequestOptions = {\n host: proxyUrl.hostname,\n port: proxyUrl.port,\n method: \"CONNECT\",\n path: destinationUrl.hostname,\n headers: headers,\n };\n\n if (timeout) {\n tunnelRequestOptions.timeout = timeout;\n }\n\n // compose a request string for the socket\n let postRequestStringContent: string = \"\";\n if (httpMethod === HttpMethod.POST) {\n const body = options?.body || \"\";\n postRequestStringContent =\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\" +\n `Content-Length: ${body.length}\\r\\n` +\n `\\r\\n${body}`;\n }\n const outgoingRequestString = `${httpMethod.toUpperCase()} ${destinationUrl.href} HTTP/1.1\\r\\n` +\n `Host: ${destinationUrl.host}\\r\\n` +\n \"Connection: close\\r\\n\" +\n postRequestStringContent +\n \"\\r\\n\";\n\n return new Promise<NetworkResponse<T>>(((resolve, reject) => {\n const request = http.request(tunnelRequestOptions);\n\n if (tunnelRequestOptions.timeout) {\n request.on(\"timeout\", () => {\n request.destroy();\n reject(new Error(\"Request time out\"));\n });\n }\n\n request.end();\n\n // establish connection to the proxy\n request.on(\"connect\", (response, socket) => {\n const proxyStatusCode = response?.statusCode || ProxyStatus.SERVER_ERROR;\n if ((proxyStatusCode < ProxyStatus.SUCCESS_RANGE_START) || (proxyStatusCode > ProxyStatus.SUCCESS_RANGE_END)) {\n request.destroy();\n socket.destroy();\n reject(new Error(`Error connecting to proxy. Http status code: ${response.statusCode}. Http status message: ${response?.statusMessage || \"Unknown\"}`));\n }\n if (tunnelRequestOptions.timeout) {\n socket.setTimeout(tunnelRequestOptions.timeout);\n socket.on(\"timeout\", () => {\n request.destroy();\n socket.destroy();\n reject(new Error(\"Request time out\"));\n });\n }\n\n // make a request over an HTTP tunnel\n socket.write(outgoingRequestString);\n\n const data: Buffer[] = [];\n socket.on(\"data\", (chunk) => {\n data.push(chunk);\n });\n\n socket.on(\"end\", () => {\n // combine all received buffer streams into one buffer, and then into a string\n const dataString = Buffer.concat([...data]).toString();\n\n // separate each line into it's own entry in an arry\n const dataStringArray = dataString.split(\"\\r\\n\");\n // the first entry will contain the statusCode and statusMessage\n const httpStatusCode = parseInt(dataStringArray[0].split(\" \")[1]);\n // remove \"HTTP/1.1\" and the status code to get the status message\n const statusMessage = dataStringArray[0].split(\" \").slice(2).join(\" \");\n // the last entry will contain the body\n const body = dataStringArray[dataStringArray.length - 1];\n\n // everything in between the first and last entries are the headers\n const headersArray = dataStringArray.slice(1, dataStringArray.length - 2);\n\n // build an object out of all the headers\n const entries = new Map();\n headersArray.forEach((header) => {\n /**\n * the header might look like \"Content-Length: 1531\", but that is just a string\n * it needs to be converted to a key/value pair\n * split the string at the first instance of \":\"\n * there may be more than one \":\" if the value of the header is supposed to be a JSON object\n */\n const headerKeyValue = header.split(new RegExp(/:\\s(.*)/s));\n const headerKey = headerKeyValue[0];\n let headerValue = headerKeyValue[1];\n\n // check if the value of the header is supposed to be a JSON object\n try {\n const object = JSON.parse(headerValue);\n\n // if it is, then convert it from a string to a JSON object\n if (object && (typeof object === \"object\")) {\n headerValue = object;\n }\n } catch (e) {\n // otherwise, leave it as a string\n }\n\n entries.set(headerKey, headerValue);\n });\n const headers = Object.fromEntries(entries);\n\n const parsedHeaders = headers as Record<string, string>;\n const networkResponse = NetworkUtils.getNetworkResponse(\n parsedHeaders,\n parseBody(httpStatusCode, statusMessage, parsedHeaders, body) as T,\n httpStatusCode\n );\n\n if (((httpStatusCode < HttpStatus.SUCCESS_RANGE_START) || (httpStatusCode > HttpStatus.SUCCESS_RANGE_END)) &&\n // do not destroy the request for the device code flow\n networkResponse.body[\"error\"] !== Constants.AUTHORIZATION_PENDING) {\n request.destroy();\n }\n resolve(networkResponse);\n });\n\n socket.on(\"error\", (chunk) => {\n request.destroy();\n socket.destroy();\n reject(new Error(chunk.toString()));\n });\n });\n\n request.on(\"error\", (chunk) => {\n request.destroy();\n reject(new Error(chunk.toString()));\n });\n }));\n};\n\nconst networkRequestViaHttps = <T>(\n url: string,\n httpMethod: string,\n options?: NetworkRequestOptions,\n timeout?: number,\n): Promise<NetworkResponse<T>> => {\n const isPostRequest = httpMethod === HttpMethod.POST;\n const body: string = options?.body || \"\";\n\n const emptyHeaders: Record<string, string> = {};\n const customOptions: https.RequestOptions = {\n method: httpMethod,\n headers: options?.headers || emptyHeaders,\n };\n\n if (timeout) {\n customOptions.timeout = timeout;\n }\n\n if (isPostRequest) {\n // needed for post request to work\n customOptions.headers = {\n ...customOptions.headers,\n \"Content-Length\": body.length,\n };\n }\n\n return new Promise<NetworkResponse<T>>((resolve, reject) => {\n const request = https.request(url, customOptions);\n\n if (timeout) {\n request.on(\"timeout\", () => {\n request.destroy();\n reject(new Error(\"Request time out\"));\n });\n }\n\n if (isPostRequest) {\n request.write(body);\n }\n\n request.end();\n\n request.on(\"response\", (response) => {\n const headers = response.headers;\n const statusCode = response.statusCode as number;\n const statusMessage = response.statusMessage;\n\n const data: Buffer[] = [];\n response.on(\"data\", (chunk) => {\n data.push(chunk);\n });\n\n response.on(\"end\", () => {\n // combine all received buffer streams into one buffer, and then into a string\n const body = Buffer.concat([...data]).toString();\n\n const parsedHeaders = headers as Record<string, string>;\n const networkResponse = NetworkUtils.getNetworkResponse(\n parsedHeaders,\n parseBody(statusCode, statusMessage, parsedHeaders, body) as T,\n statusCode\n );\n\n if (((statusCode < HttpStatus.SUCCESS_RANGE_START) || (statusCode > HttpStatus.SUCCESS_RANGE_END)) &&\n // do not destroy the request for the device code flow\n networkResponse.body[\"error\"] !== Constants.AUTHORIZATION_PENDING) {\n request.destroy();\n }\n resolve(networkResponse);\n });\n });\n\n request.on(\"error\", (chunk) => {\n request.destroy();\n reject(new Error(chunk.toString()));\n });\n });\n};\n\n/**\n * Check if extra parsing is needed on the repsonse from the server\n * @param statusCode {number} the status code of the response from the server\n * @param statusMessage {string | undefined} the status message of the response from the server\n * @param headers {Record<string, string>} the headers of the response from the server\n * @param body {string} the body from the response of the server\n * @returns {Object} JSON parsed body or error object\n */\nconst parseBody = (statusCode: number, statusMessage: string | undefined, headers: Record<string, string>, body: string) => {\n /*\n * Informational responses (100 – 199)\n * Successful responses (200 – 299)\n * Redirection messages (300 – 399)\n * Client error responses (400 – 499)\n * Server error responses (500 – 599)\n */\n \n let parsedBody;\n try {\n parsedBody = JSON.parse(body);\n } catch (error) {\n let errorType;\n let errorDescriptionHelper;\n if ((statusCode >= HttpStatus.CLIENT_ERROR_RANGE_START) && (statusCode <= HttpStatus.CLIENT_ERROR_RANGE_END)) {\n errorType = \"client_error\";\n errorDescriptionHelper = \"A client\";\n } else if ((statusCode >= HttpStatus.SERVER_ERROR_RANGE_START) && (statusCode <= HttpStatus.SERVER_ERROR_RANGE_END)) {\n errorType = \"server_error\";\n errorDescriptionHelper = \"A server\";\n } else {\n errorType = \"unknown_error\";\n errorDescriptionHelper = \"An unknown\";\n }\n\n parsedBody = {\n error: errorType,\n error_description: `${errorDescriptionHelper} error occured.\\nHttp status code: ${statusCode}\\nHttp status message: ${statusMessage || \"Unknown\"}\\nHeaders: ${JSON.stringify(headers)}`\n };\n }\n\n return parsedBody;\n};\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n LoggerOptions,\n INetworkModule,\n LogLevel,\n ProtocolMode,\n ICachePlugin,\n Constants,\n AzureCloudInstance,\n AzureCloudOptions,\n ApplicationTelemetry\n} from \"@azure/msal-common\";\nimport { HttpClient } from \"../network/HttpClient\";\n\n/**\n * - clientId - Client id of the application.\n * - authority - Url of the authority. If no value is set, defaults to https://login.microsoftonline.com/common.\n * - knownAuthorities - Needed for Azure B2C and ADFS. All authorities that will be used in the client application. Only the host of the authority should be passed in.\n * - clientSecret - Secret string that the application uses when requesting a token. Only used in confidential client applications. Can be created in the Azure app registration portal.\n * - clientAssertion - Assertion string that the application uses when requesting a token. Only used in confidential client applications. Assertion should be of type urn:ietf:params:oauth:client-assertion-type:jwt-bearer.\n * - clientCertificate - Certificate that the application uses when requesting a token. Only used in confidential client applications. Requires hex encoded X.509 SHA-1 thumbprint of the certificiate, and the PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- )\n * - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.\n * - skipAuthorityMetadataCache - A flag to choose whether to use or not use the local metadata cache during authority initialization. Defaults to false.\n * @public\n */\nexport type NodeAuthOptions = {\n clientId: string;\n authority?: string;\n clientSecret?: string;\n clientAssertion?: string;\n clientCertificate?: {\n thumbprint: string,\n privateKey: string,\n x5c?: string\n };\n knownAuthorities?: Array<string>;\n cloudDiscoveryMetadata?: string;\n authorityMetadata?: string;\n clientCapabilities?: Array<string>;\n protocolMode?: ProtocolMode;\n azureCloudOptions?: AzureCloudOptions;\n skipAuthorityMetadataCache?: boolean;\n};\n\n/**\n * Use this to configure the below cache configuration options:\n *\n * - cachePlugin - Plugin for reading and writing token cache to disk.\n * @public\n */\nexport type CacheOptions = {\n cachePlugin?: ICachePlugin;\n};\n\n/**\n * Type for configuring logger and http client options\n *\n * - logger - Used to initialize the Logger object; TODO: Expand on logger details or link to the documentation on logger\n * - networkClient - Http client used for all http get and post calls. Defaults to using MSAL's default http client.\n * @public\n */\nexport type NodeSystemOptions = {\n loggerOptions?: LoggerOptions;\n networkClient?: INetworkModule;\n proxyUrl?: string;\n};\n\nexport type NodeTelemetryOptions = {\n application?: ApplicationTelemetry;\n};\n\n/**\n * Use the configuration object to configure MSAL and initialize the client application object\n *\n * - auth: this is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform\n * - cache: this is where you configure cache location\n * - system: this is where you can configure the network client, logger\n * @public\n */\nexport type Configuration = {\n auth: NodeAuthOptions;\n cache?: CacheOptions;\n system?: NodeSystemOptions;\n telemetry?: NodeTelemetryOptions;\n};\n\nconst DEFAULT_AUTH_OPTIONS: Required<NodeAuthOptions> = {\n clientId: Constants.EMPTY_STRING,\n authority: Constants.DEFAULT_AUTHORITY,\n clientSecret: Constants.EMPTY_STRING,\n clientAssertion: Constants.EMPTY_STRING,\n clientCertificate: {\n thumbprint: Constants.EMPTY_STRING,\n privateKey: Constants.EMPTY_STRING,\n x5c: Constants.EMPTY_STRING\n },\n knownAuthorities: [],\n cloudDiscoveryMetadata: Constants.EMPTY_STRING,\n authorityMetadata: Constants.EMPTY_STRING,\n clientCapabilities: [],\n protocolMode: ProtocolMode.AAD,\n azureCloudOptions: {\n azureCloudInstance: AzureCloudInstance.None,\n tenant: Constants.EMPTY_STRING\n },\n skipAuthorityMetadataCache: false,\n};\n\nconst DEFAULT_CACHE_OPTIONS: CacheOptions = {};\n\nconst DEFAULT_LOGGER_OPTIONS: LoggerOptions = {\n loggerCallback: (): void => {\n // allow users to not set logger call back\n },\n piiLoggingEnabled: false,\n logLevel: LogLevel.Info,\n};\n\nconst DEFAULT_SYSTEM_OPTIONS: Required<NodeSystemOptions> = {\n loggerOptions: DEFAULT_LOGGER_OPTIONS,\n networkClient: new HttpClient(),\n proxyUrl: Constants.EMPTY_STRING,\n};\n\nconst DEFAULT_TELEMETRY_OPTIONS: Required<NodeTelemetryOptions> = {\n application: {\n appName: Constants.EMPTY_STRING,\n appVersion: Constants.EMPTY_STRING\n }\n};\n\nexport type NodeConfiguration = {\n auth: Required<NodeAuthOptions>;\n cache: CacheOptions;\n system: Required<NodeSystemOptions>;\n telemetry: Required<NodeTelemetryOptions>;\n};\n\n/**\n * Sets the default options when not explicitly configured from app developer\n *\n * @param auth - Authentication options\n * @param cache - Cache options\n * @param system - System options\n * @param telemetry - Telemetry options\n *\n * @returns Configuration\n * @public\n */\nexport function buildAppConfiguration({\n auth,\n cache,\n system,\n telemetry\n}: Configuration): NodeConfiguration {\n\n return {\n auth: { ...DEFAULT_AUTH_OPTIONS, ...auth },\n cache: { ...DEFAULT_CACHE_OPTIONS, ...cache },\n system: { ...DEFAULT_SYSTEM_OPTIONS, ...system },\n telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry }\n };\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { IGuidGenerator } from \"@azure/msal-common\";\nimport { v4 as uuidv4 } from \"uuid\";\n\nexport class GuidGenerator implements IGuidGenerator {\n /**\n *\n * RFC4122: The version 4 UUID is meant for generating UUIDs from truly-random or pseudo-random numbers.\n * uuidv4 generates guids from cryprtographically-string random\n */\n generateGuid(): string {\n return uuidv4();\n }\n\n /**\n * verifies if a string is GUID\n * @param guid\n */\n isGuid(guid: string): boolean {\n const regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;\n return regexGuid.test(guid);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Constants } from \"@azure/msal-common\";\n\nexport class EncodingUtils {\n /**\n * 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.\n * 'base64': Base64 encoding.\n *\n * @param str text\n */\n static base64Encode(str: string, encoding?: BufferEncoding): string {\n return Buffer.from(str, encoding).toString(\"base64\");\n }\n\n /**\n * encode a URL\n * @param str\n */\n static base64EncodeUrl(str: string, encoding?: BufferEncoding): string {\n return EncodingUtils.base64Encode(str, encoding)\n .replace(/=/g, Constants.EMPTY_STRING)\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\");\n }\n\n /**\n * 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.\n * 'base64': Base64 encoding.\n *\n * @param base64Str Base64 encoded text\n */\n static base64Decode(base64Str: string): string {\n return Buffer.from(base64Str, \"base64\").toString(\"utf8\");\n }\n\n /**\n * @param base64Str Base64 encoded Url\n */\n static base64DecodeUrl(base64Str: string): string {\n let str = base64Str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n while (str.length % 4) {\n str += \"=\";\n }\n return EncodingUtils.base64Decode(str);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Hash } from \"../utils/Constants\";\nimport crypto from \"crypto\";\n\nexport class HashUtils {\n /**\n * generate 'SHA256' hash\n * @param buffer\n */\n sha256(buffer: string): Buffer {\n return crypto\n .createHash(Hash.SHA256)\n .update(buffer)\n .digest();\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Constants, PkceCodes } from \"@azure/msal-common\";\nimport { CharSet, RANDOM_OCTET_SIZE } from \"../utils/Constants\";\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\nimport { HashUtils } from \"./HashUtils\";\nimport crypto from \"crypto\";\n\n/**\n * https://tools.ietf.org/html/rfc7636#page-8\n */\nexport class PkceGenerator {\n private hashUtils: HashUtils;\n\n constructor() {\n this.hashUtils = new HashUtils();\n }\n /**\n * generates the codeVerfier and the challenge from the codeVerfier\n * reference: https://tools.ietf.org/html/rfc7636#section-4.1 and https://tools.ietf.org/html/rfc7636#section-4.2\n */\n async generatePkceCodes(): Promise<PkceCodes> {\n const verifier = this.generateCodeVerifier();\n const challenge = this.generateCodeChallengeFromVerifier(verifier);\n return { verifier, challenge };\n }\n\n /**\n * generates the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.1\n */\n private generateCodeVerifier(): string {\n const charArr = [];\n const maxNumber = 256 - (256 % CharSet.CV_CHARSET.length);\n while (charArr.length <= RANDOM_OCTET_SIZE) {\n const byte = crypto.randomBytes(1)[0];\n if (byte >= maxNumber) {\n /* \n * Ignore this number to maintain randomness.\n * Including it would result in an unequal distribution of characters after doing the modulo\n */\n continue;\n }\n const index = byte % CharSet.CV_CHARSET.length;\n charArr.push(CharSet.CV_CHARSET[index]);\n }\n const verifier: string = charArr.join(Constants.EMPTY_STRING);\n return EncodingUtils.base64EncodeUrl(verifier);\n }\n\n /**\n * generate the challenge from the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.2\n * @param codeVerifier\n */\n private generateCodeChallengeFromVerifier(codeVerifier: string): string {\n return EncodingUtils.base64EncodeUrl(\n this.hashUtils.sha256(codeVerifier).toString(\"base64\"), \n \"base64\" \n );\n }\n\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ICrypto, PkceCodes } from \"@azure/msal-common\";\nimport { GuidGenerator } from \"./GuidGenerator\";\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\nimport { PkceGenerator } from \"./PkceGenerator\";\nimport { HashUtils } from \"./HashUtils\";\n\n/**\n * This class implements MSAL node's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and\n * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).\n * @public\n */\nexport class CryptoProvider implements ICrypto {\n private pkceGenerator: PkceGenerator;\n private guidGenerator: GuidGenerator;\n private hashUtils: HashUtils;\n\n constructor() {\n // Browser crypto needs to be validated first before any other classes can be set.\n this.pkceGenerator = new PkceGenerator();\n this.guidGenerator = new GuidGenerator();\n this.hashUtils = new HashUtils();\n }\n\n /**\n * Creates a new random GUID - used to populate state and nonce.\n * @returns string (GUID)\n */\n createNewGuid(): string {\n return this.guidGenerator.generateGuid();\n }\n\n /**\n * Encodes input string to base64.\n * @param input - string to be encoded\n */\n base64Encode(input: string): string {\n return EncodingUtils.base64Encode(input);\n }\n\n /**\n * Decodes input string from base64.\n * @param input - string to be decoded\n */\n base64Decode(input: string): string {\n return EncodingUtils.base64Decode(input);\n }\n\n /**\n * Generates PKCE codes used in Authorization Code Flow.\n */\n generatePkceCodes(): Promise<PkceCodes> {\n return this.pkceGenerator.generatePkceCodes();\n }\n\n /**\n * Generates a keypair, stores it and returns a thumbprint - not yet implemented for node\n */\n getPublicKeyThumbprint(): Promise<string> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Removes cryptographic keypair from key store matching the keyId passed in\n * @param kid \n */\n removeTokenBindingKey(): Promise<boolean> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Removes all cryptographic keys from Keystore\n */\n clearKeystore(): Promise<boolean> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Signs the given object as a jwt payload with private key retrieved by given kid - currently not implemented for node\n */\n signJwt(): Promise<string> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Returns the SHA-256 hash of an input string\n */\n async hashString(plainText: string): Promise<string> {\n return EncodingUtils.base64EncodeUrl(\n this.hashUtils.sha256(plainText).toString(\"base64\"), \n \"base64\" \n );\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { StringUtils, AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache, AccountEntity, IdTokenEntity, AccessTokenEntity, RefreshTokenEntity, AppMetadataEntity, CacheManager } from \"@azure/msal-common\";\nimport { JsonCache, InMemoryCache, SerializedAccountEntity, SerializedIdTokenEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedAppMetadataEntity } from \"./SerializerTypes\";\n\n/**\n * This class deserializes cache entities read from the file into in memory object types defined internally\n */\nexport class Deserializer {\n /**\n * Parse the JSON blob in memory and deserialize the content\n * @param cachedJson\n */\n static deserializeJSONBlob(jsonFile: string): JsonCache {\n const deserializedCache = StringUtils.isEmpty(jsonFile)\n ? {}\n : JSON.parse(jsonFile);\n return deserializedCache;\n }\n\n /**\n * Deserializes accounts to AccountEntity objects\n * @param accounts\n */\n static deserializeAccounts(accounts: Record<string, SerializedAccountEntity>): AccountCache {\n const accountObjects: AccountCache = {};\n if (accounts) {\n Object.keys(accounts).map(function (key) {\n const serializedAcc = accounts[key];\n const mappedAcc = {\n homeAccountId: serializedAcc.home_account_id,\n environment: serializedAcc.environment,\n realm: serializedAcc.realm,\n localAccountId: serializedAcc.local_account_id,\n username: serializedAcc.username,\n authorityType: serializedAcc.authority_type,\n name: serializedAcc.name,\n clientInfo: serializedAcc.client_info,\n lastModificationTime: serializedAcc.last_modification_time,\n lastModificationApp: serializedAcc.last_modification_app,\n };\n const account: AccountEntity = new AccountEntity();\n CacheManager.toObject(account, mappedAcc);\n accountObjects[key] = account;\n });\n }\n\n return accountObjects;\n }\n\n /**\n * Deserializes id tokens to IdTokenEntity objects\n * @param idTokens\n */\n static deserializeIdTokens(idTokens: Record<string, SerializedIdTokenEntity>): IdTokenCache {\n const idObjects: IdTokenCache = {};\n if (idTokens) {\n Object.keys(idTokens).map(function (key) {\n const serializedIdT = idTokens[key];\n const mappedIdT = {\n homeAccountId: serializedIdT.home_account_id,\n environment: serializedIdT.environment,\n credentialType: serializedIdT.credential_type,\n clientId: serializedIdT.client_id,\n secret: serializedIdT.secret,\n realm: serializedIdT.realm,\n };\n const idToken: IdTokenEntity = new IdTokenEntity();\n CacheManager.toObject(idToken, mappedIdT);\n idObjects[key] = idToken;\n });\n }\n return idObjects;\n }\n\n /**\n * Deserializes access tokens to AccessTokenEntity objects\n * @param accessTokens\n */\n static deserializeAccessTokens(accessTokens: Record<string, SerializedAccessTokenEntity>): AccessTokenCache {\n const atObjects: AccessTokenCache = {};\n if (accessTokens) {\n Object.keys(accessTokens).map(function (key) {\n const serializedAT = accessTokens[key];\n const mappedAT = {\n homeAccountId: serializedAT.home_account_id,\n environment: serializedAT.environment,\n credentialType: serializedAT.credential_type,\n clientId: serializedAT.client_id,\n secret: serializedAT.secret,\n realm: serializedAT.realm,\n target: serializedAT.target,\n cachedAt: serializedAT.cached_at,\n expiresOn: serializedAT.expires_on,\n extendedExpiresOn: serializedAT.extended_expires_on,\n refreshOn: serializedAT.refresh_on,\n keyId: serializedAT.key_id,\n tokenType: serializedAT.token_type,\n requestedClaims: serializedAT.requestedClaims,\n requestedClaimsHash: serializedAT.requestedClaimsHash,\n userAssertionHash: serializedAT.userAssertionHash,\n };\n const accessToken: AccessTokenEntity = new AccessTokenEntity();\n CacheManager.toObject(accessToken, mappedAT);\n atObjects[key] = accessToken;\n });\n }\n\n return atObjects;\n }\n\n /**\n * Deserializes refresh tokens to RefreshTokenEntity objects\n * @param refreshTokens\n */\n static deserializeRefreshTokens(refreshTokens: Record<string, SerializedRefreshTokenEntity>): RefreshTokenCache {\n const rtObjects: RefreshTokenCache = {};\n if (refreshTokens) {\n Object.keys(refreshTokens).map(function (key) {\n const serializedRT = refreshTokens[key];\n const mappedRT = {\n homeAccountId: serializedRT.home_account_id,\n environment: serializedRT.environment,\n credentialType: serializedRT.credential_type,\n clientId: serializedRT.client_id,\n secret: serializedRT.secret,\n familyId: serializedRT.family_id,\n target: serializedRT.target,\n realm: serializedRT.realm,\n };\n const refreshToken: RefreshTokenEntity = new RefreshTokenEntity();\n CacheManager.toObject(refreshToken, mappedRT);\n rtObjects[key] = refreshToken;\n });\n }\n\n return rtObjects;\n }\n\n /**\n * Deserializes appMetadata to AppMetaData objects\n * @param appMetadata\n */\n static deserializeAppMetadata(appMetadata: Record<string, SerializedAppMetadataEntity>): AppMetadataCache {\n const appMetadataObjects: AppMetadataCache = {};\n if (appMetadata) {\n Object.keys(appMetadata).map(function (key) {\n const serializedAmdt = appMetadata[key];\n const mappedAmd = {\n clientId: serializedAmdt.client_id,\n environment: serializedAmdt.environment,\n familyId: serializedAmdt.family_id,\n };\n const amd: AppMetadataEntity = new AppMetadataEntity();\n CacheManager.toObject(amd, mappedAmd);\n appMetadataObjects[key] = amd;\n });\n }\n\n return appMetadataObjects;\n }\n\n /**\n * Deserialize an inMemory Cache\n * @param jsonCache\n */\n static deserializeAllCache(jsonCache: JsonCache): InMemoryCache {\n return {\n accounts: jsonCache.Account\n ? this.deserializeAccounts(jsonCache.Account)\n : {},\n idTokens: jsonCache.IdToken\n ? this.deserializeIdTokens(jsonCache.IdToken)\n : {},\n accessTokens: jsonCache.AccessToken\n ? this.deserializeAccessTokens(jsonCache.AccessToken)\n : {},\n refreshTokens: jsonCache.RefreshToken\n ? this.deserializeRefreshTokens(jsonCache.RefreshToken)\n : {},\n appMetadata: jsonCache.AppMetadata\n ? this.deserializeAppMetadata(jsonCache.AppMetadata)\n : {},\n };\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache } from \"@azure/msal-common\";\nimport { InMemoryCache, JsonCache, SerializedAccountEntity, SerializedIdTokenEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedAppMetadataEntity } from \"./SerializerTypes\";\n\nexport class Serializer {\n /**\n * serialize the JSON blob\n * @param data\n */\n static serializeJSONBlob(data: JsonCache): string {\n return JSON.stringify(data);\n }\n\n /**\n * Serialize Accounts\n * @param accCache\n */\n static serializeAccounts(accCache: AccountCache): Record<string, SerializedAccountEntity> {\n const accounts: Record<string, SerializedAccountEntity> = {};\n Object.keys(accCache).map(function (key) {\n const accountEntity = accCache[key];\n accounts[key] = {\n home_account_id: accountEntity.homeAccountId,\n environment: accountEntity.environment,\n realm: accountEntity.realm,\n local_account_id: accountEntity.localAccountId,\n username: accountEntity.username,\n authority_type: accountEntity.authorityType,\n name: accountEntity.name,\n client_info: accountEntity.clientInfo,\n last_modification_time: accountEntity.lastModificationTime,\n last_modification_app: accountEntity.lastModificationApp,\n };\n });\n\n return accounts;\n }\n\n /**\n * Serialize IdTokens\n * @param idTCache\n */\n static serializeIdTokens(idTCache: IdTokenCache): Record<string, SerializedIdTokenEntity> {\n const idTokens: Record<string, SerializedIdTokenEntity> = {};\n Object.keys(idTCache).map(function (key) {\n const idTEntity = idTCache[key];\n idTokens[key] = {\n home_account_id: idTEntity.homeAccountId,\n environment: idTEntity.environment,\n credential_type: idTEntity.credentialType,\n client_id: idTEntity.clientId,\n secret: idTEntity.secret,\n realm: idTEntity.realm,\n };\n });\n\n return idTokens;\n }\n\n /**\n * Serializes AccessTokens\n * @param atCache\n */\n static serializeAccessTokens(atCache: AccessTokenCache): Record<string, SerializedAccessTokenEntity> {\n const accessTokens: Record<string, SerializedAccessTokenEntity> = {};\n Object.keys(atCache).map(function (key) {\n const atEntity = atCache[key];\n accessTokens[key] = {\n home_account_id: atEntity.homeAccountId,\n environment: atEntity.environment,\n credential_type: atEntity.credentialType,\n client_id: atEntity.clientId,\n secret: atEntity.secret,\n realm: atEntity.realm,\n target: atEntity.target,\n cached_at: atEntity.cachedAt,\n expires_on: atEntity.expiresOn,\n extended_expires_on: atEntity.extendedExpiresOn,\n refresh_on: atEntity.refreshOn,\n key_id: atEntity.keyId,\n token_type: atEntity.tokenType,\n requestedClaims: atEntity.requestedClaims,\n requestedClaimsHash: atEntity.requestedClaimsHash,\n userAssertionHash: atEntity.userAssertionHash\n };\n });\n\n return accessTokens;\n }\n\n /**\n * Serialize refreshTokens\n * @param rtCache\n */\n static serializeRefreshTokens(rtCache: RefreshTokenCache): Record<string, SerializedRefreshTokenEntity> {\n const refreshTokens: Record<string, SerializedRefreshTokenEntity> = {};\n Object.keys(rtCache).map(function (key) {\n const rtEntity = rtCache[key];\n refreshTokens[key] = {\n home_account_id: rtEntity.homeAccountId,\n environment: rtEntity.environment,\n credential_type: rtEntity.credentialType,\n client_id: rtEntity.clientId,\n secret: rtEntity.secret,\n family_id: rtEntity.familyId,\n target: rtEntity.target,\n realm: rtEntity.realm\n };\n });\n\n return refreshTokens;\n }\n\n /**\n * Serialize amdtCache\n * @param amdtCache\n */\n static serializeAppMetadata(amdtCache: AppMetadataCache): Record<string, SerializedAppMetadataEntity> {\n const appMetadata: Record<string, SerializedAppMetadataEntity> = {};\n Object.keys(amdtCache).map(function (key) {\n const amdtEntity = amdtCache[key];\n appMetadata[key] = {\n client_id: amdtEntity.clientId,\n environment: amdtEntity.environment,\n family_id: amdtEntity.familyId,\n };\n });\n\n return appMetadata;\n }\n\n /**\n * Serialize the cache\n * @param jsonContent\n */\n static serializeAllCache(inMemCache: InMemoryCache): JsonCache {\n return {\n Account: this.serializeAccounts(inMemCache.accounts),\n IdToken: this.serializeIdTokens(inMemCache.idTokens),\n AccessToken: this.serializeAccessTokens(inMemCache.accessTokens),\n RefreshToken: this.serializeRefreshTokens(inMemCache.refreshTokens),\n AppMetadata: this.serializeAppMetadata(inMemCache.appMetadata),\n };\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AccountEntity,\n IdTokenEntity,\n AccessTokenEntity,\n RefreshTokenEntity,\n AppMetadataEntity,\n ServerTelemetryEntity,\n ThrottlingEntity,\n CacheManager,\n Logger,\n ValidCacheType,\n ICrypto,\n AuthorityMetadataEntity,\n ValidCredentialType\n} from \"@azure/msal-common\";\nimport { Deserializer } from \"./serializer/Deserializer\";\nimport { Serializer } from \"./serializer/Serializer\";\nimport { InMemoryCache, JsonCache, CacheKVStore } from \"./serializer/SerializerTypes\";\n\n/**\n * This class implements Storage for node, reading cache from user specified storage location or an extension library\n * @public\n */\nexport class NodeStorage extends CacheManager {\n // Cache configuration, either set by user or default values.\n private logger: Logger;\n private cache: CacheKVStore = {};\n private changeEmitters: Array<Function> = [];\n\n constructor(logger: Logger, clientId: string, cryptoImpl: ICrypto) {\n super(clientId, cryptoImpl);\n this.logger = logger;\n }\n\n /**\n * Queue up callbacks\n * @param func - a callback function for cache change indication\n */\n registerChangeEmitter(func: () => void): void {\n this.changeEmitters.push(func);\n }\n\n /**\n * Invoke the callback when cache changes\n */\n emitChange(): void {\n this.changeEmitters.forEach(func => func.call(null));\n }\n\n /**\n * Converts cacheKVStore to InMemoryCache\n * @param cache - key value store\n */\n cacheToInMemoryCache(cache: CacheKVStore): InMemoryCache {\n const inMemoryCache: InMemoryCache = {\n accounts: {},\n idTokens: {},\n accessTokens: {},\n refreshTokens: {},\n appMetadata: {},\n };\n\n for (const key in cache) {\n if (cache[key as string] instanceof AccountEntity) {\n inMemoryCache.accounts[key] = cache[key] as AccountEntity;\n } else if (cache[key] instanceof IdTokenEntity) {\n inMemoryCache.idTokens[key] = cache[key] as IdTokenEntity;\n } else if (cache[key] instanceof AccessTokenEntity) {\n inMemoryCache.accessTokens[key] = cache[key] as AccessTokenEntity;\n } else if (cache[key] instanceof RefreshTokenEntity) {\n inMemoryCache.refreshTokens[key] = cache[key] as RefreshTokenEntity;\n } else if (cache[key] instanceof AppMetadataEntity) {\n inMemoryCache.appMetadata[key] = cache[key] as AppMetadataEntity;\n } else {\n continue;\n }\n }\n\n return inMemoryCache;\n }\n\n /**\n * converts inMemoryCache to CacheKVStore\n * @param inMemoryCache - kvstore map for inmemory\n */\n inMemoryCacheToCache(inMemoryCache: InMemoryCache): CacheKVStore {\n\n // convert in memory cache to a flat Key-Value map\n let cache = this.getCache();\n\n cache = {\n ...cache,\n ...inMemoryCache.accounts,\n ...inMemoryCache.idTokens,\n ...inMemoryCache.accessTokens,\n ...inMemoryCache.refreshTokens,\n ...inMemoryCache.appMetadata\n };\n\n // convert in memory cache to a flat Key-Value map\n return cache;\n }\n\n /**\n * gets the current in memory cache for the client\n */\n getInMemoryCache(): InMemoryCache {\n this.logger.trace(\"Getting in-memory cache\");\n\n // convert the cache key value store to inMemoryCache\n const inMemoryCache = this.cacheToInMemoryCache(this.getCache());\n return inMemoryCache;\n }\n\n /**\n * sets the current in memory cache for the client\n * @param inMemoryCache - key value map in memory\n */\n setInMemoryCache(inMemoryCache: InMemoryCache): void{\n this.logger.trace(\"Setting in-memory cache\");\n\n // convert and append the inMemoryCache to cacheKVStore\n const cache = this.inMemoryCacheToCache(inMemoryCache);\n this.setCache(cache);\n\n this.emitChange();\n }\n\n /**\n * get the current cache key-value store\n */\n getCache(): CacheKVStore {\n this.logger.trace(\"Getting cache key-value store\");\n return this.cache;\n }\n\n /**\n * sets the current cache (key value store)\n * @param cacheMap - key value map\n */\n setCache(cache: CacheKVStore): void {\n this.logger.trace(\"Setting cache key value store\");\n this.cache = cache;\n\n // mark change in cache\n this.emitChange();\n }\n\n /**\n * Gets cache item with given key.\n * @param key - lookup key for the cache entry\n */\n getItem(key: string): ValidCacheType {\n this.logger.tracePii(`Item key: ${key}`);\n\n // read cache\n const cache = this.getCache();\n return cache[key];\n }\n\n /**\n * Gets cache item with given key-value\n * @param key - lookup key for the cache entry\n * @param value - value of the cache entry\n */\n setItem(key: string, value: ValidCacheType): void {\n this.logger.tracePii(`Item key: ${key}`);\n\n // read cache\n const cache = this.getCache();\n cache[key] = value;\n\n // write to cache\n this.setCache(cache);\n }\n\n /**\n * fetch the account entity\n * @param accountKey - lookup key to fetch cache type AccountEntity\n */\n getAccount(accountKey: string): AccountEntity | null {\n const account = this.getItem(accountKey) as AccountEntity;\n if (AccountEntity.isAccountEntity(account)) {\n return account;\n }\n return null;\n }\n\n /**\n * set account entity\n * @param account - cache value to be set of type AccountEntity\n */\n setAccount(account: AccountEntity): void {\n const accountKey = account.generateAccountKey();\n this.setItem(accountKey, account);\n }\n\n /**\n * fetch the idToken credential\n * @param idTokenKey - lookup key to fetch cache type IdTokenEntity\n */\n getIdTokenCredential(idTokenKey: string): IdTokenEntity | null {\n const idToken = this.getItem(idTokenKey) as IdTokenEntity;\n if (IdTokenEntity.isIdTokenEntity(idToken)) {\n return idToken;\n }\n return null;\n }\n\n /**\n * set idToken credential\n * @param idToken - cache value to be set of type IdTokenEntity\n */\n setIdTokenCredential(idToken: IdTokenEntity): void {\n const idTokenKey = idToken.generateCredentialKey();\n this.setItem(idTokenKey, idToken);\n }\n\n /**\n * fetch the accessToken credential\n * @param accessTokenKey - lookup key to fetch cache type AccessTokenEntity\n */\n getAccessTokenCredential(accessTokenKey: string): AccessTokenEntity | null {\n const accessToken = this.getItem(accessTokenKey) as AccessTokenEntity;\n if (AccessTokenEntity.isAccessTokenEntity(accessToken)) {\n return accessToken;\n }\n return null;\n }\n\n /**\n * set accessToken credential\n * @param accessToken - cache value to be set of type AccessTokenEntity\n */\n setAccessTokenCredential(accessToken: AccessTokenEntity): void {\n const accessTokenKey = accessToken.generateCredentialKey();\n this.setItem(accessTokenKey, accessToken);\n }\n\n /**\n * fetch the refreshToken credential\n * @param refreshTokenKey - lookup key to fetch cache type RefreshTokenEntity\n */\n getRefreshTokenCredential(refreshTokenKey: string): RefreshTokenEntity | null {\n const refreshToken = this.getItem(refreshTokenKey) as RefreshTokenEntity;\n if (RefreshTokenEntity.isRefreshTokenEntity(refreshToken)) {\n return refreshToken as RefreshTokenEntity;\n }\n return null;\n }\n\n /**\n * set refreshToken credential\n * @param refreshToken - cache value to be set of type RefreshTokenEntity\n */\n setRefreshTokenCredential(refreshToken: RefreshTokenEntity): void {\n const refreshTokenKey = refreshToken.generateCredentialKey();\n this.setItem(refreshTokenKey, refreshToken);\n }\n\n /**\n * fetch appMetadata entity from the platform cache\n * @param appMetadataKey - lookup key to fetch cache type AppMetadataEntity\n */\n getAppMetadata(appMetadataKey: string): AppMetadataEntity | null {\n const appMetadata: AppMetadataEntity = this.getItem(appMetadataKey) as AppMetadataEntity;\n if (AppMetadataEntity.isAppMetadataEntity(appMetadataKey, appMetadata)) {\n return appMetadata;\n }\n return null;\n }\n\n /**\n * set appMetadata entity to the platform cache\n * @param appMetadata - cache value to be set of type AppMetadataEntity\n */\n setAppMetadata(appMetadata: AppMetadataEntity): void {\n const appMetadataKey = appMetadata.generateAppMetadataKey();\n this.setItem(appMetadataKey, appMetadata);\n }\n\n /**\n * fetch server telemetry entity from the platform cache\n * @param serverTelemetrykey - lookup key to fetch cache type ServerTelemetryEntity\n */\n getServerTelemetry(serverTelemetrykey: string): ServerTelemetryEntity | null {\n const serverTelemetryEntity: ServerTelemetryEntity = this.getItem(serverTelemetrykey) as ServerTelemetryEntity;\n if (serverTelemetryEntity && ServerTelemetryEntity.isServerTelemetryEntity(serverTelemetrykey, serverTelemetryEntity)) {\n return serverTelemetryEntity;\n }\n return null;\n }\n\n /**\n * set server telemetry entity to the platform cache\n * @param serverTelemetryKey - lookup key to fetch cache type ServerTelemetryEntity\n * @param serverTelemetry - cache value to be set of type ServerTelemetryEntity\n */\n setServerTelemetry(serverTelemetryKey: string, serverTelemetry: ServerTelemetryEntity): void {\n this.setItem(serverTelemetryKey, serverTelemetry);\n }\n\n /**\n * fetch authority metadata entity from the platform cache\n * @param key - lookup key to fetch cache type AuthorityMetadataEntity\n */\n getAuthorityMetadata(key: string): AuthorityMetadataEntity | null {\n const authorityMetadataEntity: AuthorityMetadataEntity = this.getItem(key) as AuthorityMetadataEntity;\n if (authorityMetadataEntity && AuthorityMetadataEntity.isAuthorityMetadataEntity(key, authorityMetadataEntity)) {\n return authorityMetadataEntity;\n }\n return null;\n }\n\n /**\n * Get all authority metadata keys\n */\n getAuthorityMetadataKeys(): Array<string> {\n return this.getKeys().filter((key) => {\n return this.isAuthorityMetadata(key);\n });\n }\n\n /**\n * set authority metadata entity to the platform cache\n * @param key - lookup key to fetch cache type AuthorityMetadataEntity\n * @param metadata - cache value to be set of type AuthorityMetadataEntity\n */\n setAuthorityMetadata(key: string, metadata: AuthorityMetadataEntity): void {\n this.setItem(key, metadata);\n }\n\n /**\n * fetch throttling entity from the platform cache\n * @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity\n */\n getThrottlingCache(throttlingCacheKey: string): ThrottlingEntity | null {\n const throttlingCache: ThrottlingEntity = this.getItem(throttlingCacheKey) as ThrottlingEntity;\n if (throttlingCache && ThrottlingEntity.isThrottlingEntity(throttlingCacheKey, throttlingCache)) {\n return throttlingCache;\n }\n return null;\n }\n\n /**\n * set throttling entity to the platform cache\n * @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity\n * @param throttlingCache - cache value to be set of type ThrottlingEntity\n */\n setThrottlingCache(throttlingCacheKey: string, throttlingCache: ThrottlingEntity): void {\n this.setItem(throttlingCacheKey, throttlingCache);\n }\n\n /**\n * Removes the cache item from memory with the given key.\n * @param key - lookup key to remove a cache entity\n * @param inMemory - key value map of the cache\n */\n removeItem(key: string): boolean {\n this.logger.tracePii(`Item key: ${key}`);\n\n // read inMemoryCache\n let result: boolean = false;\n const cache = this.getCache();\n\n if (!!cache[key]) {\n delete cache[key];\n result = true;\n }\n\n // write to the cache after removal\n if (result) {\n this.setCache(cache);\n this.emitChange();\n }\n return result;\n }\n\n /**\n * Checks whether key is in cache.\n * @param key - look up key for a cache entity\n */\n containsKey(key: string): boolean {\n return this.getKeys().includes(key);\n }\n\n /**\n * Gets all keys in window.\n */\n getKeys(): string[] {\n this.logger.trace(\"Retrieving all cache keys\");\n\n // read cache\n const cache = this.getCache();\n return [ ...Object.keys(cache)];\n }\n\n /**\n * Clears all cache entries created by MSAL (except tokens).\n */\n async clear(): Promise<void> {\n this.logger.trace(\"Clearing cache entries created by MSAL\");\n\n // read inMemoryCache\n const cacheKeys = this.getKeys();\n\n // delete each element\n cacheKeys.forEach(key => {\n this.removeItem(key);\n });\n this.emitChange();\n }\n\n /**\n * Initialize in memory cache from an exisiting cache vault\n * @param cache - blob formatted cache (JSON)\n */\n static generateInMemoryCache(cache: string): InMemoryCache {\n return Deserializer.deserializeAllCache(\n Deserializer.deserializeJSONBlob(cache)\n );\n }\n\n /**\n * retrieves the final JSON\n * @param inMemoryCache - itemised cache read from the JSON\n */\n static generateJsonCache(inMemoryCache: InMemoryCache): JsonCache {\n return Serializer.serializeAllCache(inMemoryCache);\n }\n\n /**\n * Updates a credential's cache key if the current cache key is outdated\n */\n updateCredentialCacheKey(currentCacheKey: string, credential: ValidCredentialType): string {\n const updatedCacheKey = credential.generateCredentialKey();\n\n if (currentCacheKey !== updatedCacheKey) {\n const cacheItem = this.getItem(currentCacheKey);\n if (cacheItem) {\n this.removeItem(currentCacheKey);\n this.setItem(updatedCacheKey, cacheItem);\n this.logger.verbose(`Updated an outdated ${credential.credentialType} cache key`);\n return updatedCacheKey;\n } else {\n this.logger.error(`Attempted to update an outdated ${credential.credentialType} cache key but no item matching the outdated key was found in storage`);\n }\n }\n\n return currentCacheKey;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { NodeStorage } from \"./NodeStorage\";\nimport { StringUtils, AccountEntity, AccountInfo, Logger, ISerializableTokenCache, ICachePlugin, TokenCacheContext } from \"@azure/msal-common\";\nimport { InMemoryCache, JsonCache, SerializedAccountEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedIdTokenEntity, SerializedAppMetadataEntity, CacheKVStore } from \"./serializer/SerializerTypes\";\nimport { Deserializer } from \"./serializer/Deserializer\";\nimport { Serializer } from \"./serializer/Serializer\";\nimport { ITokenCache } from \"./ITokenCache\";\n\nconst defaultSerializedCache: JsonCache = {\n Account: {},\n IdToken: {},\n AccessToken: {},\n RefreshToken: {},\n AppMetadata: {},\n};\n\n/**\n * In-memory token cache manager\n * @public\n */\nexport class TokenCache implements ISerializableTokenCache, ITokenCache {\n\n private storage: NodeStorage;\n private cacheHasChanged: boolean;\n private cacheSnapshot: string;\n private readonly persistence: ICachePlugin;\n private logger: Logger;\n\n constructor(storage: NodeStorage, logger: Logger, cachePlugin?: ICachePlugin) {\n this.cacheHasChanged = false;\n this.storage = storage;\n this.storage.registerChangeEmitter(this.handleChangeEvent.bind(this));\n if (cachePlugin) {\n this.persistence = cachePlugin;\n }\n this.logger = logger;\n }\n\n /**\n * Set to true if cache state has changed since last time serialize or writeToPersistence was called\n */\n hasChanged(): boolean {\n return this.cacheHasChanged;\n }\n\n /**\n * Serializes in memory cache to JSON\n */\n serialize(): string {\n this.logger.trace(\"Serializing in-memory cache\");\n let finalState = Serializer.serializeAllCache(\n this.storage.getInMemoryCache() as InMemoryCache\n );\n\n // if cacheSnapshot not null or empty, merge\n if (!StringUtils.isEmpty(this.cacheSnapshot)) {\n this.logger.trace(\"Reading cache snapshot from disk\");\n finalState = this.mergeState(\n JSON.parse(this.cacheSnapshot),\n finalState\n );\n } else {\n this.logger.trace(\"No cache snapshot to merge\");\n }\n this.cacheHasChanged = false;\n\n return JSON.stringify(finalState);\n }\n\n /**\n * Deserializes JSON to in-memory cache. JSON should be in MSAL cache schema format\n * @param cache - blob formatted cache\n */\n deserialize(cache: string): void {\n this.logger.trace(\"Deserializing JSON to in-memory cache\");\n this.cacheSnapshot = cache;\n\n if (!StringUtils.isEmpty(this.cacheSnapshot)) {\n this.logger.trace(\"Reading cache snapshot from disk\");\n const deserializedCache = Deserializer.deserializeAllCache(\n this.overlayDefaults(JSON.parse(this.cacheSnapshot))\n );\n this.storage.setInMemoryCache(deserializedCache);\n } else {\n this.logger.trace(\"No cache snapshot to deserialize\");\n }\n }\n\n /**\n * Fetches the cache key-value map\n */\n getKVStore(): CacheKVStore {\n return this.storage.getCache();\n }\n\n /**\n * API that retrieves all accounts currently in cache to the user\n */\n async getAllAccounts(): Promise<AccountInfo[]> {\n\n this.logger.trace(\"getAllAccounts called\");\n let cacheContext;\n try {\n if (this.persistence) {\n cacheContext = new TokenCacheContext(this, false);\n await this.persistence.beforeCacheAccess(cacheContext);\n }\n return this.storage.getAllAccounts();\n } finally {\n if (this.persistence && cacheContext) {\n await this.persistence.afterCacheAccess(cacheContext);\n }\n }\n }\n\n /**\n * Returns the signed in account matching homeAccountId.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found\n * @param homeAccountId - unique identifier for an account (uid.utid)\n */\n async getAccountByHomeId(homeAccountId: string): Promise<AccountInfo | null> {\n const allAccounts = await this.getAllAccounts();\n if (!StringUtils.isEmpty(homeAccountId) && allAccounts && allAccounts.length) {\n return allAccounts.filter(accountObj => accountObj.homeAccountId === homeAccountId)[0] || null;\n } else {\n return null;\n }\n }\n\n /**\n * Returns the signed in account matching localAccountId.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found\n * @param localAccountId - unique identifier of an account (sub/obj when homeAccountId cannot be populated)\n */\n async getAccountByLocalId(localAccountId: string): Promise<AccountInfo | null> {\n const allAccounts = await this.getAllAccounts();\n if (!StringUtils.isEmpty(localAccountId) && allAccounts && allAccounts.length) {\n return allAccounts.filter(accountObj => accountObj.localAccountId === localAccountId)[0] || null;\n } else {\n return null;\n }\n }\n\n /**\n * API to remove a specific account and the relevant data from cache\n * @param account - AccountInfo passed by the user\n */\n async removeAccount(account: AccountInfo): Promise<void> {\n this.logger.trace(\"removeAccount called\");\n let cacheContext;\n try {\n if (this.persistence) {\n cacheContext = new TokenCacheContext(this, true);\n await this.persistence.beforeCacheAccess(cacheContext);\n }\n await this.storage.removeAccount(AccountEntity.generateAccountCacheKey(account));\n } finally {\n if (this.persistence && cacheContext) {\n await this.persistence.afterCacheAccess(cacheContext);\n }\n }\n }\n\n /**\n * Called when the cache has changed state.\n */\n private handleChangeEvent() {\n this.cacheHasChanged = true;\n }\n\n /**\n * Merge in memory cache with the cache snapshot.\n * @param oldState - cache before changes\n * @param currentState - current cache state in the library\n */\n private mergeState(oldState: JsonCache, currentState: JsonCache): JsonCache {\n this.logger.trace(\"Merging in-memory cache with cache snapshot\");\n const stateAfterRemoval = this.mergeRemovals(oldState, currentState);\n return this.mergeUpdates(stateAfterRemoval, currentState);\n }\n\n /**\n * Deep update of oldState based on newState values\n * @param oldState - cache before changes\n * @param newState - updated cache\n */\n private mergeUpdates(oldState: object, newState: object): JsonCache {\n Object.keys(newState).forEach((newKey: string) => {\n const newValue = newState[newKey];\n\n // if oldState does not contain value but newValue does, add it\n if (!oldState.hasOwnProperty(newKey)) {\n if (newValue !== null) {\n oldState[newKey] = newValue;\n }\n } else {\n // both oldState and newState contain the key, do deep update\n const newValueNotNull = newValue !== null;\n const newValueIsObject = typeof newValue === \"object\";\n const newValueIsNotArray = !Array.isArray(newValue);\n const oldStateNotUndefinedOrNull = typeof oldState[newKey] !== \"undefined\" && oldState[newKey] !== null;\n\n if (newValueNotNull && newValueIsObject && newValueIsNotArray && oldStateNotUndefinedOrNull) {\n this.mergeUpdates(oldState[newKey], newValue);\n } else {\n oldState[newKey] = newValue;\n }\n }\n });\n\n return oldState as JsonCache;\n }\n\n /**\n * Removes entities in oldState that the were removed from newState. If there are any unknown values in root of\n * oldState that are not recognized, they are left untouched.\n * @param oldState - cache before changes\n * @param newState - updated cache\n */\n private mergeRemovals(oldState: JsonCache, newState: JsonCache): JsonCache {\n this.logger.trace(\"Remove updated entries in cache\");\n const accounts = oldState.Account ? this.mergeRemovalsDict<SerializedAccountEntity>(oldState.Account, newState.Account) : oldState.Account;\n const accessTokens = oldState.AccessToken ? this.mergeRemovalsDict<SerializedAccessTokenEntity>(oldState.AccessToken, newState.AccessToken) : oldState.AccessToken;\n const refreshTokens = oldState.RefreshToken ? this.mergeRemovalsDict<SerializedRefreshTokenEntity>(oldState.RefreshToken, newState.RefreshToken) : oldState.RefreshToken;\n const idTokens = oldState.IdToken ? this.mergeRemovalsDict<SerializedIdTokenEntity>(oldState.IdToken, newState.IdToken) : oldState.IdToken;\n const appMetadata = oldState.AppMetadata ? this.mergeRemovalsDict<SerializedAppMetadataEntity>(oldState.AppMetadata, newState.AppMetadata) : oldState.AppMetadata;\n\n return {\n ...oldState,\n Account: accounts,\n AccessToken: accessTokens,\n RefreshToken: refreshTokens,\n IdToken: idTokens,\n AppMetadata: appMetadata\n };\n }\n\n /**\n * Helper to merge new cache with the old one\n * @param oldState - cache before changes\n * @param newState - updated cache\n */\n private mergeRemovalsDict<T>(oldState: Record<string, T>, newState?: Record<string, T>): Record<string, T> {\n const finalState = { ...oldState };\n Object.keys(oldState).forEach((oldKey) => {\n if (!newState || !(newState.hasOwnProperty(oldKey))) {\n delete finalState[oldKey];\n }\n });\n return finalState;\n }\n\n /**\n * Helper to overlay as a part of cache merge\n * @param passedInCache - cache read from the blob\n */\n private overlayDefaults(passedInCache: JsonCache): JsonCache {\n this.logger.trace(\"Overlaying input cache with the default cache\");\n return {\n Account: {\n ...defaultSerializedCache.Account,\n ...passedInCache.Account,\n },\n IdToken: {\n ...defaultSerializedCache.IdToken,\n ...passedInCache.IdToken,\n },\n AccessToken: {\n ...defaultSerializedCache.AccessToken,\n ...passedInCache.AccessToken,\n },\n RefreshToken: {\n ...defaultSerializedCache.RefreshToken,\n ...passedInCache.RefreshToken,\n },\n AppMetadata: {\n ...defaultSerializedCache.AppMetadata,\n ...passedInCache.AppMetadata,\n },\n };\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AuthError } from \"@azure/msal-common\";\n\n/**\n * NodeAuthErrorMessage class containing string constants used by error codes and messages.\n */\nexport const NodeAuthErrorMessage = {\n invalidLoopbackAddressType: {\n code: \"invalid_loopback_server_address_type\",\n desc: \"Loopback server address is not type string. This is unexpected.\"\n },\n unableToLoadRedirectUri: {\n code: \"unable_to_load_redirectUrl\",\n desc: \"Loopback server callback was invoked without a url. This is unexpected.\"\n },\n noAuthCodeInResponse: {\n code: \"no_auth_code_in_response\",\n desc: \"No auth code found in the server response. Please check your network trace to determine what happened.\"\n },\n noLoopbackServerExists: {\n code: \"no_loopback_server_exists\",\n desc: \"No loopback server exists yet.\"\n },\n loopbackServerAlreadyExists: {\n code: \"loopback_server_already_exists\",\n desc: \"Loopback server already exists. Cannot create another.\"\n },\n loopbackServerTimeout: {\n code: \"loopback_server_timeout\",\n desc: \"Timed out waiting for auth code listener to be registered.\"\n },\n stateNotFoundError: {\n code: \"state_not_found\",\n desc: \"State not found. Please verify that the request originated from msal.\"\n },\n};\n\nexport class NodeAuthError extends AuthError {\n constructor(errorCode: string, errorMessage?: string) {\n super(errorCode, errorMessage);\n this.name = \"NodeAuthError\";\n }\n\n /**\n * Creates an error thrown if loopback server address is of type string.\n */\n static createInvalidLoopbackAddressTypeError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.invalidLoopbackAddressType.code,\n `${NodeAuthErrorMessage.invalidLoopbackAddressType.desc}`);\n }\n\n /**\n * Creates an error thrown if the loopback server is unable to get a url.\n */\n static createUnableToLoadRedirectUrlError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.unableToLoadRedirectUri.code,\n `${NodeAuthErrorMessage.unableToLoadRedirectUri.desc}`);\n }\n\n /**\n * Creates an error thrown if the server response does not contain an auth code.\n */\n static createNoAuthCodeInResponseError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.noAuthCodeInResponse.code,\n `${NodeAuthErrorMessage.noAuthCodeInResponse.desc}`);\n }\n\n /**\n * Creates an error thrown if the loopback server has not been spun up yet.\n */\n static createNoLoopbackServerExistsError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.noLoopbackServerExists.code,\n `${NodeAuthErrorMessage.noLoopbackServerExists.desc}`);\n }\n\n /**\n * Creates an error thrown if a loopback server already exists when attempting to create another one.\n */\n static createLoopbackServerAlreadyExistsError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.loopbackServerAlreadyExists.code,\n `${NodeAuthErrorMessage.loopbackServerAlreadyExists.desc}`);\n }\n\n /**\n * Creates an error thrown if the loopback server times out registering the auth code listener.\n */\n static createLoopbackServerTimeoutError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.loopbackServerTimeout.code,\n `${NodeAuthErrorMessage.loopbackServerTimeout.desc}`);\n }\n\n /**\n * Creates an error thrown when the state is not present.\n */\n static createStateNotFoundError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.stateNotFoundError.code, NodeAuthErrorMessage.stateNotFoundError.desc);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AuthorizationCodeClient,\n ClientConfiguration,\n RefreshTokenClient,\n AuthenticationResult,\n Authority,\n AuthorityFactory,\n BaseAuthRequest,\n SilentFlowClient,\n Logger,\n ServerTelemetryManager,\n ServerTelemetryRequest,\n CommonSilentFlowRequest,\n CommonRefreshTokenRequest,\n CommonAuthorizationCodeRequest,\n CommonAuthorizationUrlRequest,\n CommonUsernamePasswordRequest,\n UsernamePasswordClient,\n AuthenticationScheme,\n ResponseMode,\n AuthorityOptions,\n OIDC_DEFAULT_SCOPES,\n AzureRegionConfiguration,\n AuthError,\n AzureCloudOptions,\n AuthorizationCodePayload,\n StringUtils,\n ClientAuthError,\n Constants,\n} from \"@azure/msal-common\";\nimport { Configuration, buildAppConfiguration, NodeConfiguration } from \"../config/Configuration\";\nimport { CryptoProvider } from \"../crypto/CryptoProvider\";\nimport { NodeStorage } from \"../cache/NodeStorage\";\nimport { Constants as NodeConstants, ApiId } from \"../utils/Constants\";\nimport { TokenCache } from \"../cache/TokenCache\";\nimport { ClientAssertion } from \"./ClientAssertion\";\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest\";\nimport { AuthorizationCodeRequest } from \"../request/AuthorizationCodeRequest\";\nimport { RefreshTokenRequest } from \"../request/RefreshTokenRequest\";\nimport { SilentFlowRequest } from \"../request/SilentFlowRequest\";\nimport { version, name } from \"../packageMetadata\";\nimport { UsernamePasswordRequest } from \"../request/UsernamePasswordRequest\";\nimport { NodeAuthError } from \"../error/NodeAuthError\";\n\n/**\n * Base abstract class for all ClientApplications - public and confidential\n * @public\n */\nexport abstract class ClientApplication {\n\n protected readonly cryptoProvider: CryptoProvider;\n private tokenCache: TokenCache;\n\n /**\n * Platform storage object\n */\n protected storage: NodeStorage;\n /**\n * Logger object to log the application flow\n */\n protected logger: Logger;\n /**\n * Platform configuration initialized by the application\n */\n protected config: NodeConfiguration;\n /**\n * Client assertion passed by the user for confidential client flows\n */\n protected clientAssertion: ClientAssertion;\n /**\n * Client secret passed by the user for confidential client flows\n */\n protected clientSecret: string;\n\n /**\n * Constructor for the ClientApplication\n */\n protected constructor(configuration: Configuration) {\n this.config = buildAppConfiguration(configuration);\n this.cryptoProvider = new CryptoProvider();\n this.logger = new Logger(this.config.system.loggerOptions, name, version);\n this.storage = new NodeStorage(this.logger, this.config.auth.clientId, this.cryptoProvider);\n this.tokenCache = new TokenCache(\n this.storage,\n this.logger,\n this.config.cache.cachePlugin\n );\n }\n\n /**\n * Creates the URL of the authorization request, letting the user input credentials and consent to the\n * application. The URL targets the /authorize endpoint of the authority configured in the\n * application object.\n *\n * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI\n * sent in the request and should contain an authorization code, which can then be used to acquire tokens via\n * `acquireTokenByCode(AuthorizationCodeRequest)`.\n */\n async getAuthCodeUrl(request: AuthorizationUrlRequest): Promise<string> {\n this.logger.info(\"getAuthCodeUrl called\", request.correlationId);\n const validRequest: CommonAuthorizationUrlRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n responseMode: request.responseMode || ResponseMode.QUERY,\n authenticationScheme: AuthenticationScheme.BEARER\n };\n\n const authClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n undefined,\n undefined,\n request.azureCloudOptions\n );\n const authorizationCodeClient = new AuthorizationCodeClient(\n authClientConfig\n );\n this.logger.verbose(\"Auth code client created\", validRequest.correlationId);\n return authorizationCodeClient.getAuthCodeUrl(validRequest);\n }\n\n /**\n * Acquires a token by exchanging the Authorization Code received from the first step of OAuth2.0\n * Authorization Code flow.\n *\n * `getAuthCodeUrl(AuthorizationCodeUrlRequest)` can be used to create the URL for the first step of OAuth2.0\n * Authorization Code flow. Ensure that values for redirectUri and scopes in AuthorizationCodeUrlRequest and\n * AuthorizationCodeRequest are the same.\n */\n async acquireTokenByCode(request: AuthorizationCodeRequest, authCodePayLoad?: AuthorizationCodePayload): Promise<AuthenticationResult> {\n this.logger.info(\"acquireTokenByCode called\");\n if (request.state && authCodePayLoad){\n this.logger.info(\"acquireTokenByCode - validating state\");\n this.validateState(request.state, authCodePayLoad.state || \"\");\n // eslint-disable-next-line no-param-reassign\n authCodePayLoad= {...authCodePayLoad, state: \"\"};\n }\n const validRequest: CommonAuthorizationCodeRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n authenticationScheme: AuthenticationScheme.BEARER\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByCode, validRequest.correlationId);\n try {\n const authClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const authorizationCodeClient = new AuthorizationCodeClient(\n authClientConfig\n );\n this.logger.verbose(\"Auth code client created\", validRequest.correlationId);\n return authorizationCodeClient.acquireToken(validRequest, authCodePayLoad);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires a token by exchanging the refresh token provided for a new set of tokens.\n *\n * This API is provided only for scenarios where you would like to migrate from ADAL to MSAL. Otherwise, it is\n * recommended that you use `acquireTokenSilent()` for silent scenarios. When using `acquireTokenSilent()`, MSAL will\n * handle the caching and refreshing of tokens automatically.\n */\n async acquireTokenByRefreshToken(request: RefreshTokenRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByRefreshToken called\", request.correlationId);\n const validRequest: CommonRefreshTokenRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n authenticationScheme: AuthenticationScheme.BEARER\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByRefreshToken, validRequest.correlationId);\n try {\n const refreshTokenClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const refreshTokenClient = new RefreshTokenClient(\n refreshTokenClientConfig\n );\n this.logger.verbose(\"Refresh token client created\", validRequest.correlationId);\n return refreshTokenClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires a token silently when a user specifies the account the token is requested for.\n *\n * This API expects the user to provide an account object and looks into the cache to retrieve the token if present.\n * There is also an optional \"forceRefresh\" boolean the user can send to bypass the cache for access_token and id_token.\n * In case the refresh_token is expired or not found, an error is thrown\n * and the guidance is for the user to call any interactive token acquisition API (eg: `acquireTokenByCode()`).\n */\n async acquireTokenSilent(request: SilentFlowRequest): Promise<AuthenticationResult | null> {\n const validRequest: CommonSilentFlowRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n forceRefresh: request.forceRefresh || false\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenSilent, validRequest.correlationId, validRequest.forceRefresh);\n try {\n const silentFlowClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const silentFlowClient = new SilentFlowClient(\n silentFlowClientConfig\n );\n this.logger.verbose(\"Silent flow client created\", validRequest.correlationId);\n return silentFlowClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires tokens with password grant by exchanging client applications username and password for credentials\n *\n * The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely.\n * More details on this recommendation at https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.4\n * Microsoft's documentation and recommendations are at:\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#usernamepassword\n *\n * @param request - UsenamePasswordRequest\n */\n async acquireTokenByUsernamePassword(request: UsernamePasswordRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByUsernamePassword called\", request.correlationId);\n const validRequest: CommonUsernamePasswordRequest = {\n ...request,\n ... await this.initializeBaseRequest(request)\n };\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByUsernamePassword, validRequest.correlationId);\n try {\n const usernamePasswordClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const usernamePasswordClient = new UsernamePasswordClient(usernamePasswordClientConfig);\n this.logger.verbose(\"Username password client created\", validRequest.correlationId);\n return usernamePasswordClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Gets the token cache for the application.\n */\n getTokenCache(): TokenCache {\n this.logger.info(\"getTokenCache called\");\n return this.tokenCache;\n }\n\n /**\n * Validates OIDC state by comparing the user cached state with the state received from the server.\n * \n * This API is provided for scenarios where you would use OAuth2.0 state parameter to mitigate against\n * CSRF attacks.\n * For more information about state, visit https://datatracker.ietf.org/doc/html/rfc6819#section-3.6.\n * @param state\n * @param cachedState\n */\n protected validateState(state: string, cachedState: string): void {\n if(!state) {\n throw NodeAuthError.createStateNotFoundError();\n }\n\n if(state !== cachedState) {\n throw ClientAuthError.createStateMismatchError();\n }\n }\n\n /**\n * Returns the logger instance\n */\n getLogger(): Logger {\n return this.logger;\n }\n\n /**\n * Replaces the default logger set in configurations with new Logger with new configurations\n * @param logger - Logger instance\n */\n setLogger(logger: Logger): void {\n this.logger = logger;\n }\n\n /**\n * Builds the common configuration to be passed to the common component based on the platform configurarion\n * @param authority - user passed authority in configuration\n * @param serverTelemetryManager - initializes servertelemetry if passed\n */\n protected async buildOauthClientConfiguration(\n authority: string,\n requestCorrelationId?: string, \n serverTelemetryManager?: ServerTelemetryManager,\n azureRegionConfiguration?: AzureRegionConfiguration, \n azureCloudOptions?: AzureCloudOptions): Promise<ClientConfiguration> {\n \n this.logger.verbose(\"buildOauthClientConfiguration called\", requestCorrelationId);\n\n // precedence - azureCloudInstance + tenant >> authority and request >> config\n const userAzureCloudOptions = azureCloudOptions ? azureCloudOptions : this.config.auth.azureCloudOptions;\n\n // using null assertion operator as we ensure that all config values have default values in buildConfiguration()\n this.logger.verbose(`building oauth client configuration with the authority: ${authority}`, requestCorrelationId);\n const discoveredAuthority = await this.createAuthority(authority, azureRegionConfiguration, requestCorrelationId, userAzureCloudOptions);\n\n serverTelemetryManager?.updateRegionDiscoveryMetadata(discoveredAuthority.regionDiscoveryMetadata);\n\n const clientConfiguration: ClientConfiguration = {\n authOptions: {\n clientId: this.config.auth.clientId,\n authority: discoveredAuthority,\n clientCapabilities: this.config.auth.clientCapabilities\n },\n systemOptions: {\n proxyUrl: this.config.system.proxyUrl,\n },\n loggerOptions: {\n logLevel: this.config.system.loggerOptions.logLevel,\n loggerCallback: this.config.system.loggerOptions\n .loggerCallback,\n piiLoggingEnabled: this.config.system.loggerOptions\n .piiLoggingEnabled,\n correlationId: requestCorrelationId\n },\n cryptoInterface: this.cryptoProvider,\n networkInterface: this.config.system.networkClient,\n storageInterface: this.storage,\n serverTelemetryManager: serverTelemetryManager,\n clientCredentials: {\n clientSecret: this.clientSecret,\n clientAssertion: this.clientAssertion ? this.getClientAssertion(discoveredAuthority) : undefined,\n },\n libraryInfo: {\n sku: NodeConstants.MSAL_SKU,\n version: version,\n cpu: process.arch || Constants.EMPTY_STRING,\n os: process.platform || Constants.EMPTY_STRING,\n },\n telemetry: this.config.telemetry,\n persistencePlugin: this.config.cache.cachePlugin,\n serializableCache: this.tokenCache \n };\n\n return clientConfiguration;\n }\n\n private getClientAssertion(authority: Authority): { assertion: string, assertionType: string } {\n return {\n assertion: this.clientAssertion.getJwt(this.cryptoProvider, this.config.auth.clientId, authority.tokenEndpoint),\n assertionType: NodeConstants.JWT_BEARER_ASSERTION_TYPE\n };\n }\n\n /**\n * Generates a request with the default scopes & generates a correlationId.\n * @param authRequest - BaseAuthRequest for initialization\n */\n protected async initializeBaseRequest(authRequest: Partial<BaseAuthRequest>): Promise<BaseAuthRequest> {\n this.logger.verbose(\"initializeRequestScopes called\", authRequest.correlationId);\n // Default authenticationScheme to Bearer, log that POP isn't supported yet\n if (authRequest.authenticationScheme && authRequest.authenticationScheme === AuthenticationScheme.POP) {\n this.logger.verbose(\"Authentication Scheme 'pop' is not supported yet, setting Authentication Scheme to 'Bearer' for request\", authRequest.correlationId);\n }\n\n authRequest.authenticationScheme = AuthenticationScheme.BEARER;\n\n // Set requested claims hash if claims were requested\n if (authRequest.claims && !StringUtils.isEmpty(authRequest.claims)) {\n authRequest.requestedClaimsHash = await this.cryptoProvider.hashString(authRequest.claims);\n }\n\n return {\n ...authRequest,\n scopes: [...((authRequest && authRequest.scopes) || []), ...OIDC_DEFAULT_SCOPES],\n correlationId: authRequest && authRequest.correlationId || this.cryptoProvider.createNewGuid(),\n authority: authRequest.authority || this.config.auth.authority\n };\n }\n\n /**\n * Initializes the server telemetry payload\n * @param apiId - Id for a specific request\n * @param correlationId - GUID\n * @param forceRefresh - boolean to indicate network call\n */\n protected initializeServerTelemetryManager(apiId: number, correlationId: string, forceRefresh?: boolean): ServerTelemetryManager {\n const telemetryPayload: ServerTelemetryRequest = {\n clientId: this.config.auth.clientId,\n correlationId: correlationId,\n apiId: apiId,\n forceRefresh: forceRefresh || false\n };\n\n return new ServerTelemetryManager(telemetryPayload, this.storage);\n }\n\n /**\n * Create authority instance. If authority not passed in request, default to authority set on the application\n * object. If no authority set in application object, then default to common authority.\n * @param authorityString - authority from user configuration\n */\n private async createAuthority(authorityString: string, azureRegionConfiguration?: AzureRegionConfiguration, requestCorrelationId?: string, azureCloudOptions?: AzureCloudOptions): Promise<Authority> {\n this.logger.verbose(\"createAuthority called\", requestCorrelationId);\n\n // build authority string based on auth params - azureCloudInstance is prioritized if provided\n const authorityUrl = Authority.generateAuthority(authorityString, azureCloudOptions);\n\n const authorityOptions: AuthorityOptions = {\n protocolMode: this.config.auth.protocolMode,\n knownAuthorities: this.config.auth.knownAuthorities,\n cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,\n authorityMetadata: this.config.auth.authorityMetadata,\n azureRegionConfiguration,\n skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache,\n };\n\n return await AuthorityFactory.createDiscoveredInstance(authorityUrl, this.config.system.networkClient, this.storage, authorityOptions, this.logger, this.config.system.proxyUrl);\n }\n\n /**\n * Clear the cache\n */\n clearCache(): void {\n this.storage.clear();\n }\n}\n","/* eslint-disable header/header */\nexport const name = \"@azure/msal-node\";\nexport const version = \"1.14.5\";\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Constants as CommonConstants, ServerAuthorizationCodeResponse, UrlString } from \"@azure/msal-common\";\nimport { createServer, IncomingMessage, Server, ServerResponse } from \"http\";\nimport { NodeAuthError } from \"../error/NodeAuthError\";\nimport { Constants, HttpStatus, LOOPBACK_SERVER_CONSTANTS } from \"../utils/Constants\";\n\nexport class LoopbackClient {\n private server: Server;\n\n /**\n * Spins up a loopback server which returns the server response when the localhost redirectUri is hit\n * @param successTemplate \n * @param errorTemplate \n * @returns \n */\n async listenForAuthCode(successTemplate?: string, errorTemplate?: string): Promise<ServerAuthorizationCodeResponse> {\n if (!!this.server) {\n throw NodeAuthError.createLoopbackServerAlreadyExistsError();\n }\n\n const authCodeListener = new Promise<ServerAuthorizationCodeResponse>((resolve, reject) => {\n this.server = createServer(async (req: IncomingMessage, res: ServerResponse) => {\n const url = req.url;\n if (!url) {\n res.end(errorTemplate || \"Error occurred loading redirectUrl\");\n reject(NodeAuthError.createUnableToLoadRedirectUrlError());\n return;\n } else if (url === CommonConstants.FORWARD_SLASH) {\n res.end(successTemplate || \"Auth code was successfully acquired. You can close this window now.\");\n return;\n }\n \n const authCodeResponse = UrlString.getDeserializedQueryString(url);\n if (authCodeResponse.code) {\n const redirectUri = await this.getRedirectUri();\n res.writeHead(HttpStatus.REDIRECT, { location: redirectUri }); // Prevent auth code from being saved in the browser history\n res.end();\n }\n resolve(authCodeResponse);\n });\n this.server.listen(0); // Listen on any available port\n });\n\n // Wait for server to be listening\n await new Promise<void>((resolve) => {\n let ticks = 0;\n const id = setInterval(() => {\n if ((LOOPBACK_SERVER_CONSTANTS.TIMEOUT_MS / LOOPBACK_SERVER_CONSTANTS.INTERVAL_MS) < ticks) {\n throw NodeAuthError.createLoopbackServerTimeoutError();\n }\n \n if (this.server.listening) {\n clearInterval(id);\n resolve();\n }\n ticks++;\n }, LOOPBACK_SERVER_CONSTANTS.INTERVAL_MS);\n });\n\n return authCodeListener;\n }\n\n /**\n * Get the port that the loopback server is running on\n * @returns \n */\n getRedirectUri(): string {\n if (!this.server) {\n throw NodeAuthError.createNoLoopbackServerExistsError();\n }\n \n const address = this.server.address();\n if (!address || typeof address === \"string\" || !address.port) {\n this.closeServer();\n throw NodeAuthError.createInvalidLoopbackAddressTypeError();\n } \n\n const port = address && address.port;\n\n return `${Constants.HTTP_PROTOCOL}${Constants.LOCALHOST}:${port}`;\n }\n\n /**\n * Close the loopback server\n */\n closeServer(): void {\n if (!!this.server) {\n this.server.close();\n }\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { JwtHeader, sign } from \"jsonwebtoken\";\nimport { TimeUtils, ClientAuthError, Constants } from \"@azure/msal-common\";\nimport { CryptoProvider } from \"../crypto/CryptoProvider\";\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\nimport { JwtConstants } from \"../utils/Constants\";\n\n/**\n * Client assertion of type jwt-bearer used in confidential client flows\n * @public\n */\nexport class ClientAssertion {\n\n private jwt: string;\n private privateKey: string;\n private thumbprint: string;\n private expirationTime: number;\n private issuer: string;\n private jwtAudience: string;\n private publicCertificate: Array<string>;\n\n /**\n * Initialize the ClientAssertion class from the clientAssertion passed by the user\n * @param assertion - refer https://tools.ietf.org/html/rfc7521\n */\n public static fromAssertion(assertion: string): ClientAssertion {\n const clientAssertion = new ClientAssertion();\n clientAssertion.jwt = assertion;\n return clientAssertion;\n }\n\n /**\n * Initialize the ClientAssertion class from the certificate passed by the user\n * @param thumbprint - identifier of a certificate\n * @param privateKey - secret key\n * @param publicCertificate - electronic document provided to prove the ownership of the public key\n */\n public static fromCertificate(thumbprint: string, privateKey: string, publicCertificate?: string): ClientAssertion {\n const clientAssertion = new ClientAssertion();\n clientAssertion.privateKey = privateKey;\n clientAssertion.thumbprint = thumbprint;\n if (publicCertificate) {\n clientAssertion.publicCertificate = this.parseCertificate(publicCertificate);\n }\n return clientAssertion;\n }\n\n /**\n * Update JWT for certificate based clientAssertion, if passed by the user, uses it as is\n * @param cryptoProvider - library's crypto helper\n * @param issuer - iss claim\n * @param jwtAudience - aud claim\n */\n public getJwt(cryptoProvider: CryptoProvider, issuer: string, jwtAudience: string): string {\n // if assertion was created from certificate, check if jwt is expired and create new one.\n if (this.privateKey && this.thumbprint) {\n\n if (this.jwt && !this.isExpired() && issuer === this.issuer && jwtAudience === this.jwtAudience) {\n return this.jwt;\n }\n\n return this.createJwt(cryptoProvider, issuer, jwtAudience);\n }\n\n /*\n * if assertion was created by caller, then we just append it. It is up to the caller to\n * ensure that it contains necessary claims and that it is not expired.\n */\n if (this.jwt) {\n return this.jwt;\n }\n\n throw ClientAuthError.createInvalidAssertionError();\n }\n\n /**\n * JWT format and required claims specified: https://tools.ietf.org/html/rfc7523#section-3\n */\n private createJwt(cryptoProvider: CryptoProvider, issuer: string, jwtAudience: string): string {\n\n this.issuer = issuer;\n this.jwtAudience = jwtAudience;\n const issuedAt = TimeUtils.nowSeconds();\n this.expirationTime = issuedAt + 600;\n\n const header: JwtHeader = {\n alg: JwtConstants.RSA_256,\n x5t: EncodingUtils.base64EncodeUrl(this.thumbprint, \"hex\")\n };\n\n if (this.publicCertificate) {\n Object.assign(header, {\n x5c: this.publicCertificate\n } as Partial<JwtHeader>);\n }\n\n const payload = {\n [JwtConstants.AUDIENCE]: this.jwtAudience,\n [JwtConstants.EXPIRATION_TIME]: this.expirationTime,\n [JwtConstants.ISSUER]: this.issuer,\n [JwtConstants.SUBJECT]: this.issuer,\n [JwtConstants.NOT_BEFORE]: issuedAt,\n [JwtConstants.JWT_ID]: cryptoProvider.createNewGuid()\n };\n\n this.jwt = sign(payload, this.privateKey, { header });\n return this.jwt;\n }\n\n /**\n * Utility API to check expiration\n */\n private isExpired(): boolean {\n return this.expirationTime < TimeUtils.nowSeconds();\n }\n\n /**\n * Extracts the raw certs from a given certificate string and returns them in an array.\n * @param publicCertificate - electronic document provided to prove the ownership of the public key\n */\n public static parseCertificate(publicCertificate: string): Array<string> {\n /**\n * This is regex to identify the certs in a given certificate string.\n * We want to look for the contents between the BEGIN and END certificate strings, without the associated newlines.\n * The information in parens \"(.+?)\" is the capture group to represent the cert we want isolated.\n * \".\" means any string character, \"+\" means match 1 or more times, and \"?\" means the shortest match.\n * The \"g\" at the end of the regex means search the string globally, and the \"s\" enables the \".\" to match newlines.\n */\n const regexToFindCerts = /-----BEGIN CERTIFICATE-----\\r*\\n(.+?)\\r*\\n-----END CERTIFICATE-----/gs;\n const certs: string[] = [];\n\n let matches;\n while ((matches = regexToFindCerts.exec(publicCertificate)) !== null) {\n // matches[1] represents the first parens capture group in the regex.\n certs.push(matches[1].replace(/\\r*\\n/g, Constants.EMPTY_STRING));\n }\n\n return certs;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ClientApplication } from \"./ClientApplication\";\nimport { Configuration } from \"../config/Configuration\";\nimport { ClientAssertion } from \"./ClientAssertion\";\nimport { Constants as NodeConstants, ApiId, REGION_ENVIRONMENT_VARIABLE } from \"../utils/Constants\";\nimport {\n ClientCredentialClient,\n OnBehalfOfClient,\n CommonClientCredentialRequest,\n CommonOnBehalfOfRequest,\n AuthenticationResult,\n StringUtils,\n ClientAuthError,\n AzureRegionConfiguration,\n AuthError,\n Constants,\n IAppTokenProvider,\n OIDC_DEFAULT_SCOPES\n} from \"@azure/msal-common\";\nimport { IConfidentialClientApplication } from \"./IConfidentialClientApplication\";\nimport { OnBehalfOfRequest } from \"../request/OnBehalfOfRequest\";\nimport { ClientCredentialRequest } from \"../request/ClientCredentialRequest\";\n\n/**\n * This class is to be used to acquire tokens for confidential client applications (webApp, webAPI). Confidential client applications\n * will configure application secrets, client certificates/assertions as applicable\n * @public\n */\nexport class ConfidentialClientApplication extends ClientApplication implements IConfidentialClientApplication {\n private appTokenProvider?: IAppTokenProvider;\n\n /**\n * Constructor for the ConfidentialClientApplication\n *\n * Required attributes in the Configuration object are:\n * - clientID: the application ID of your application. You can obtain one by registering your application with our application registration portal\n * - authority: the authority URL for your application.\n * - client credential: Must set either client secret, certificate, or assertion for confidential clients. You can obtain a client secret from the application registration portal.\n *\n * In Azure AD, authority is a URL indicating of the form https://login.microsoftonline.com/\\{Enter_the_Tenant_Info_Here\\}.\n * If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\n * If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\n * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\n * To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\n *\n * In Azure B2C, authority is of the form https://\\{instance\\}/tfp/\\{tenant\\}/\\{policyName\\}/\n * Full B2C functionality will be available in this library in future versions.\n *\n * @param Configuration - configuration object for the MSAL ConfidentialClientApplication instance\n */\n constructor(configuration: Configuration) {\n super(configuration);\n this.setClientCredential(this.config);\n this.appTokenProvider = undefined;\n }\n\n /** \n * This extensibility point only works for the client_credential flow, i.e. acquireTokenByClientCredential and\n * is meant for Azure SDK to enhance Managed Identity support.\n * \n * @param IAppTokenProvider - Extensibility interface, which allows the app developer to return a token from a custom source. \n */\n SetAppTokenProvider(provider: IAppTokenProvider): void {\n this.appTokenProvider = provider;\n }\n\n /**\n * Acquires tokens from the authority for the application (not for an end user).\n */\n public async acquireTokenByClientCredential(request: ClientCredentialRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByClientCredential called\", request.correlationId);\n\n // If there is a client assertion present in the request, it overrides the one present in the client configuration\n let clientAssertion;\n if (request.clientAssertion) {\n clientAssertion = {\n assertion: request.clientAssertion,\n assertionType: NodeConstants.JWT_BEARER_ASSERTION_TYPE\n };\n }\n\n const baseRequest = await this.initializeBaseRequest(request);\n\n // valid base request should not contain oidc scopes in this grant type\n const validBaseRequest = {\n ...baseRequest,\n scopes: baseRequest.scopes.filter((scope: string) => !OIDC_DEFAULT_SCOPES.includes(scope))\n };\n\n const validRequest: CommonClientCredentialRequest = {\n ...request,\n ...validBaseRequest,\n clientAssertion\n };\n\n const azureRegionConfiguration: AzureRegionConfiguration = {\n azureRegion: validRequest.azureRegion,\n environmentRegion: process.env[REGION_ENVIRONMENT_VARIABLE]\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByClientCredential, validRequest.correlationId, validRequest.skipCache);\n try {\n const clientCredentialConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n azureRegionConfiguration,\n request.azureCloudOptions\n );\n const clientCredentialClient = new ClientCredentialClient(clientCredentialConfig, this.appTokenProvider);\n this.logger.verbose(\"Client credential client created\", validRequest.correlationId);\n return clientCredentialClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires tokens from the authority for the application.\n *\n * Used in scenarios where the current app is a middle-tier service which was called with a token\n * representing an end user. The current app can use the token (oboAssertion) to request another\n * token to access downstream web API, on behalf of that user.\n *\n * The current middle-tier app has no user interaction to obtain consent.\n * See how to gain consent upfront for your middle-tier app from this article.\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#gaining-consent-for-the-middle-tier-application\n */\n public async acquireTokenOnBehalfOf(request: OnBehalfOfRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenOnBehalfOf called\", request.correlationId);\n const validRequest: CommonOnBehalfOfRequest = {\n ...request,\n ... await this.initializeBaseRequest(request)\n };\n try {\n const onBehalfOfConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n undefined,\n undefined,\n request.azureCloudOptions\n );\n const oboClient = new OnBehalfOfClient(onBehalfOfConfig);\n this.logger.verbose(\"On behalf of client created\", validRequest.correlationId);\n return oboClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n throw e;\n }\n }\n\n private setClientCredential(configuration: Configuration): void {\n const clientSecretNotEmpty = !StringUtils.isEmpty(configuration.auth.clientSecret);\n const clientAssertionNotEmpty = !StringUtils.isEmpty(configuration.auth.clientAssertion);\n const certificate = configuration.auth.clientCertificate || {\n thumbprint: Constants.EMPTY_STRING,\n privateKey: Constants.EMPTY_STRING\n };\n const certificateNotEmpty = !StringUtils.isEmpty(certificate.thumbprint) || !StringUtils.isEmpty(certificate.privateKey);\n\n /*\n * If app developer configures this callback, they don't need a credential\n * i.e. AzureSDK can get token from Managed Identity without a cert / secret\n */\n if (this.appTokenProvider) {\n return;\n }\n\n // Check that at most one credential is set on the application\n if (\n clientSecretNotEmpty && clientAssertionNotEmpty ||\n clientAssertionNotEmpty && certificateNotEmpty ||\n clientSecretNotEmpty && certificateNotEmpty) {\n throw ClientAuthError.createInvalidCredentialError();\n }\n\n if (configuration.auth.clientSecret) {\n this.clientSecret = configuration.auth.clientSecret;\n return;\n }\n\n if (configuration.auth.clientAssertion) {\n this.clientAssertion = ClientAssertion.fromAssertion(configuration.auth.clientAssertion);\n return;\n }\n\n if (!certificateNotEmpty) {\n throw ClientAuthError.createInvalidCredentialError();\n } else {\n this.clientAssertion = ClientAssertion.fromCertificate(certificate.thumbprint, certificate.privateKey, configuration.auth.clientCertificate?.x5c);\n }\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AccountEntity, ICachePlugin, TokenCacheContext } from \"@azure/msal-common\";\nimport { TokenCache } from \"../TokenCache\";\nimport { IPartitionManager } from \"./IPartitionManager\";\nimport { ICacheClient } from \"./ICacheClient\";\n\nexport class DistributedCachePlugin implements ICachePlugin {\n private client: ICacheClient;\n private partitionManager: IPartitionManager;\n\n constructor(client: ICacheClient, partitionManager: IPartitionManager) {\n this.client = client;\n this.partitionManager = partitionManager;\n }\n \n public async beforeCacheAccess(cacheContext: TokenCacheContext): Promise<void> {\n const partitionKey = await this.partitionManager.getKey();\n const cacheData = await this.client.get(partitionKey);\n cacheContext.tokenCache.deserialize(cacheData);\n }\n \n public async afterCacheAccess(cacheContext: TokenCacheContext): Promise<void> {\n if (cacheContext.cacheHasChanged) {\n const kvStore = (cacheContext.tokenCache as TokenCache).getKVStore();\n const accountEntities = Object.values(kvStore).filter(value => AccountEntity.isAccountEntity(value as object));\n\n if (accountEntities.length > 0) {\n const accountEntity = accountEntities[0] as AccountEntity;\n const partitionKey = await this.partitionManager.extractKey(accountEntity);\n \n await this.client.set(partitionKey, cacheContext.tokenCache.serialize()); \n }\n }\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ApiId } from \"../utils/Constants\";\nimport {\n DeviceCodeClient,\n AuthenticationResult,\n CommonDeviceCodeRequest,\n AuthError,\n ResponseMode,\n OIDC_DEFAULT_SCOPES,\n CodeChallengeMethodValues,\n Constants as CommonConstants,\n ServerError\n} from \"@azure/msal-common\";\nimport { Configuration } from \"../config/Configuration\";\nimport { ClientApplication } from \"./ClientApplication\";\nimport { IPublicClientApplication } from \"./IPublicClientApplication\";\nimport { DeviceCodeRequest } from \"../request/DeviceCodeRequest\";\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest\";\nimport { AuthorizationCodeRequest } from \"../request/AuthorizationCodeRequest\";\nimport { InteractiveRequest } from \"../request/InteractiveRequest\";\nimport { NodeAuthError } from \"../error/NodeAuthError\";\nimport { LoopbackClient } from \"../network/LoopbackClient\";\n\n/**\n * This class is to be used to acquire tokens for public client applications (desktop, mobile). Public client applications\n * are not trusted to safely store application secrets, and therefore can only request tokens in the name of an user.\n * @public\n */\nexport class PublicClientApplication extends ClientApplication implements IPublicClientApplication {\n /**\n * Important attributes in the Configuration object for auth are:\n * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal.\n * - authority: the authority URL for your application.\n *\n * AAD authorities are of the form https://login.microsoftonline.com/\\{Enter_the_Tenant_Info_Here\\}.\n * - If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\n * - If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\n * - If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\n * - To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\n *\n * Azure B2C authorities are of the form https://\\{instance\\}/\\{tenant\\}/\\{policy\\}. Each policy is considered\n * its own authority. You will have to set the all of the knownAuthorities at the time of the client application\n * construction.\n *\n * ADFS authorities are of the form https://\\{instance\\}/adfs.\n */\n constructor(configuration: Configuration) {\n super(configuration);\n }\n\n /**\n * Acquires a token from the authority using OAuth2.0 device code flow.\n * This flow is designed for devices that do not have access to a browser or have input constraints.\n * The authorization server issues a DeviceCode object with a verification code, an end-user code,\n * and the end-user verification URI. The DeviceCode object is provided through a callback, and the end-user should be\n * instructed to use another device to navigate to the verification URI to input credentials.\n * Since the client cannot receive incoming requests, it polls the authorization server repeatedly\n * until the end-user completes input of credentials.\n */\n public async acquireTokenByDeviceCode(request: DeviceCodeRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByDeviceCode called\", request.correlationId);\n const validRequest: CommonDeviceCodeRequest = Object.assign(request, await this.initializeBaseRequest(request));\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByDeviceCode, validRequest.correlationId);\n try {\n const deviceCodeConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const deviceCodeClient = new DeviceCodeClient(deviceCodeConfig);\n this.logger.verbose(\"Device code client created\", validRequest.correlationId);\n return deviceCodeClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires a token by requesting an Authorization code then exchanging it for a token.\n */\n async acquireTokenInteractive(request: InteractiveRequest): Promise<AuthenticationResult> {\n const { verifier, challenge } = await this.cryptoProvider.generatePkceCodes();\n const { openBrowser, successTemplate, errorTemplate, ...remainingProperties } = request;\n\n const loopbackClient = new LoopbackClient();\n const authCodeListener = loopbackClient.listenForAuthCode(successTemplate, errorTemplate);\n const redirectUri = loopbackClient.getRedirectUri();\n\n const validRequest: AuthorizationUrlRequest = {\n ...remainingProperties,\n scopes: request.scopes || OIDC_DEFAULT_SCOPES,\n redirectUri: redirectUri,\n responseMode: ResponseMode.QUERY,\n codeChallenge: challenge, \n codeChallengeMethod: CodeChallengeMethodValues.S256\n };\n\n const authCodeUrl = await this.getAuthCodeUrl(validRequest);\n await openBrowser(authCodeUrl);\n const authCodeResponse = await authCodeListener.finally(() => {\n loopbackClient.closeServer();\n });\n\n if (authCodeResponse.error) {\n throw new ServerError(authCodeResponse.error, authCodeResponse.error_description, authCodeResponse.suberror);\n } else if (!authCodeResponse.code) {\n throw NodeAuthError.createNoAuthCodeInResponseError();\n }\n\n const clientInfo = authCodeResponse.client_info;\n const tokenRequest: AuthorizationCodeRequest = {\n code: authCodeResponse.code,\n codeVerifier: verifier,\n clientInfo: clientInfo || CommonConstants.EMPTY_STRING,\n ...validRequest\n };\n return this.acquireTokenByCode(tokenRequest);\n }\n}\n"],"names":["HttpMethod","HttpStatus","ProxyStatus","CharSet","ApiId","NetworkUtils","[object Object]","headers","body","statusCode","status","HttpClient","url","options","proxyUrl","networkRequestViaProxy","GET","networkRequestViaHttps","cancellationToken","POST","httpMethod","timeout","URL","destinationUrl","tunnelRequestOptions","host","hostname","port","method","path","postRequestStringContent","length","outgoingRequestString","toUpperCase","href","Promise","resolve","reject","request","http","on","destroy","Error","end","response","socket","proxyStatusCode","SERVER_ERROR","SUCCESS_RANGE_START","SUCCESS_RANGE_END","statusMessage","setTimeout","write","data","chunk","push","dataStringArray","Buffer","concat","toString","split","httpStatusCode","parseInt","slice","join","headersArray","entries","Map","forEach","header","headerKeyValue","RegExp","headerKey","headerValue","object","JSON","parse","e","set","Object","fromEntries","networkResponse","getNetworkResponse","parseBody","isPostRequest","customOptions","Content-Length","https","parsedBody","error","errorType","errorDescriptionHelper","CLIENT_ERROR_RANGE_START","CLIENT_ERROR_RANGE_END","SERVER_ERROR_RANGE_START","SERVER_ERROR_RANGE_END","error_description","stringify","DEFAULT_AUTH_OPTIONS","clientId","Constants","EMPTY_STRING","authority","DEFAULT_AUTHORITY","clientSecret","clientAssertion","clientCertificate","thumbprint","privateKey","x5c","knownAuthorities","cloudDiscoveryMetadata","authorityMetadata","clientCapabilities","protocolMode","ProtocolMode","AAD","azureCloudOptions","azureCloudInstance","AzureCloudInstance","None","tenant","skipAuthorityMetadataCache","DEFAULT_CACHE_OPTIONS","DEFAULT_SYSTEM_OPTIONS","loggerOptions","loggerCallback","piiLoggingEnabled","logLevel","LogLevel","Info","networkClient","DEFAULT_TELEMETRY_OPTIONS","application","appName","appVersion","buildAppConfiguration","auth","cache","system","telemetry","GuidGenerator","generateGuid","uuidv4","isGuid","guid","test","EncodingUtils","str","encoding","from","base64Encode","replace","base64Str","base64Decode","HashUtils","sha256","buffer","crypto","createHash","update","digest","PkceGenerator","constructor","this","hashUtils","verifier","generateCodeVerifier","challenge","generateCodeChallengeFromVerifier","charArr","maxNumber","byte","randomBytes","base64EncodeUrl","codeVerifier","CryptoProvider","pkceGenerator","guidGenerator","createNewGuid","input","generatePkceCodes","getPublicKeyThumbprint","removeTokenBindingKey","clearKeystore","signJwt","plainText","Deserializer","jsonFile","StringUtils","isEmpty","accounts","accountObjects","keys","map","key","serializedAcc","mappedAcc","homeAccountId","home_account_id","environment","realm","localAccountId","local_account_id","username","authorityType","authority_type","name","clientInfo","client_info","lastModificationTime","last_modification_time","lastModificationApp","last_modification_app","account","AccountEntity","CacheManager","toObject","idTokens","idObjects","serializedIdT","mappedIdT","credentialType","credential_type","client_id","secret","idToken","IdTokenEntity","accessTokens","atObjects","serializedAT","mappedAT","target","cachedAt","cached_at","expiresOn","expires_on","extendedExpiresOn","extended_expires_on","refreshOn","refresh_on","keyId","key_id","tokenType","token_type","requestedClaims","requestedClaimsHash","userAssertionHash","accessToken","AccessTokenEntity","refreshTokens","rtObjects","serializedRT","mappedRT","familyId","family_id","refreshToken","RefreshTokenEntity","appMetadata","appMetadataObjects","serializedAmdt","mappedAmd","amd","AppMetadataEntity","jsonCache","Account","deserializeAccounts","IdToken","deserializeIdTokens","AccessToken","deserializeAccessTokens","RefreshToken","deserializeRefreshTokens","AppMetadata","deserializeAppMetadata","Serializer","accCache","accountEntity","idTCache","idTEntity","atCache","atEntity","rtCache","rtEntity","amdtCache","amdtEntity","inMemCache","serializeAccounts","serializeIdTokens","serializeAccessTokens","serializeRefreshTokens","serializeAppMetadata","NodeStorage","logger","cryptoImpl","super","registerChangeEmitter","func","changeEmitters","emitChange","call","cacheToInMemoryCache","inMemoryCache","inMemoryCacheToCache","getCache","getInMemoryCache","trace","setInMemoryCache","setCache","getItem","tracePii","setItem","value","getAccount","accountKey","isAccountEntity","setAccount","generateAccountKey","getIdTokenCredential","idTokenKey","isIdTokenEntity","setIdTokenCredential","generateCredentialKey","getAccessTokenCredential","accessTokenKey","isAccessTokenEntity","setAccessTokenCredential","getRefreshTokenCredential","refreshTokenKey","isRefreshTokenEntity","setRefreshTokenCredential","getAppMetadata","appMetadataKey","isAppMetadataEntity","setAppMetadata","generateAppMetadataKey","getServerTelemetry","serverTelemetrykey","serverTelemetryEntity","ServerTelemetryEntity","isServerTelemetryEntity","setServerTelemetry","serverTelemetryKey","serverTelemetry","getAuthorityMetadata","authorityMetadataEntity","AuthorityMetadataEntity","isAuthorityMetadataEntity","getAuthorityMetadataKeys","getKeys","filter","isAuthorityMetadata","setAuthorityMetadata","metadata","getThrottlingCache","throttlingCacheKey","throttlingCache","ThrottlingEntity","isThrottlingEntity","setThrottlingCache","removeItem","result","containsKey","includes","deserializeAllCache","deserializeJSONBlob","serializeAllCache","updateCredentialCacheKey","currentCacheKey","credential","updatedCacheKey","cacheItem","verbose","defaultSerializedCache","TokenCache","storage","cachePlugin","cacheHasChanged","handleChangeEvent","bind","persistence","hasChanged","serialize","finalState","cacheSnapshot","mergeState","deserialize","deserializedCache","overlayDefaults","getKVStore","cacheContext","TokenCacheContext","beforeCacheAccess","getAllAccounts","afterCacheAccess","allAccounts","accountObj","removeAccount","generateAccountCacheKey","oldState","currentState","stateAfterRemoval","mergeRemovals","mergeUpdates","newState","newKey","newValue","hasOwnProperty","newValueNotNull","newValueIsObject","newValueIsNotArray","Array","isArray","oldStateNotUndefinedOrNull","mergeRemovalsDict","oldKey","passedInCache","NodeAuthError","AuthError","errorCode","errorMessage","ClientApplication","configuration","config","cryptoProvider","Logger","tokenCache","info","correlationId","validRequest","initializeBaseRequest","responseMode","ResponseMode","QUERY","authenticationScheme","AuthenticationScheme","BEARER","authClientConfig","buildOauthClientConfiguration","undefined","authorizationCodeClient","AuthorizationCodeClient","getAuthCodeUrl","authCodePayLoad","state","validateState","serverTelemetryManager","initializeServerTelemetryManager","acquireTokenByCode","acquireToken","setCorrelationId","cacheFailedRequest","acquireTokenByRefreshToken","refreshTokenClientConfig","refreshTokenClient","RefreshTokenClient","forceRefresh","acquireTokenSilent","silentFlowClientConfig","silentFlowClient","SilentFlowClient","acquireTokenByUsernamePassword","usernamePasswordClientConfig","usernamePasswordClient","UsernamePasswordClient","getTokenCache","cachedState","createStateNotFoundError","ClientAuthError","createStateMismatchError","getLogger","setLogger","requestCorrelationId","azureRegionConfiguration","userAzureCloudOptions","discoveredAuthority","createAuthority","updateRegionDiscoveryMetadata","regionDiscoveryMetadata","authOptions","systemOptions","cryptoInterface","networkInterface","storageInterface","clientCredentials","getClientAssertion","libraryInfo","sku","version","cpu","process","arch","os","platform","persistencePlugin","serializableCache","assertion","getJwt","tokenEndpoint","assertionType","authRequest","POP","claims","hashString","scopes","OIDC_DEFAULT_SCOPES","apiId","ServerTelemetryManager","authorityString","authorityUrl","Authority","generateAuthority","authorityOptions","AuthorityFactory","createDiscoveredInstance","clearCache","clear","LoopbackClient","successTemplate","errorTemplate","server","createLoopbackServerAlreadyExistsError","authCodeListener","createServer","async","req","res","createUnableToLoadRedirectUrlError","CommonConstants","FORWARD_SLASH","authCodeResponse","UrlString","getDeserializedQueryString","code","redirectUri","getRedirectUri","writeHead","REDIRECT","location","listen","ticks","id","setInterval","LOOPBACK_SERVER_CONSTANTS","createLoopbackServerTimeoutError","listening","clearInterval","createNoLoopbackServerExistsError","address","closeServer","createInvalidLoopbackAddressTypeError","close","ClientAssertion","jwt","publicCertificate","parseCertificate","issuer","jwtAudience","isExpired","createJwt","createInvalidAssertionError","issuedAt","TimeUtils","nowSeconds","expirationTime","alg","x5t","assign","payload","aud","exp","iss","sub","nbf","jti","sign","regexToFindCerts","certs","matches","exec","setClientCredential","appTokenProvider","SetAppTokenProvider","provider","baseRequest","validBaseRequest","scope","azureRegion","environmentRegion","env","acquireTokenByClientCredential","skipCache","clientCredentialConfig","clientCredentialClient","ClientCredentialClient","onBehalfOfConfig","oboClient","OnBehalfOfClient","clientSecretNotEmpty","clientAssertionNotEmpty","certificate","certificateNotEmpty","createInvalidCredentialError","fromAssertion","fromCertificate","_configuration$auth$c","client","partitionManager","partitionKey","getKey","cacheData","get","kvStore","accountEntities","values","extractKey","acquireTokenByDeviceCode","deviceCodeConfig","deviceCodeClient","DeviceCodeClient","openBrowser","remainingProperties","loopbackClient","listenForAuthCode","codeChallenge","codeChallengeMethod","CodeChallengeMethodValues","S256","authCodeUrl","finally","ServerError","suberror","createNoAuthCodeInResponseError","tokenRequest"],"mappings":"8IAQYA,EAKAC,EAUAC,qJAfZ,SAAYF,GACRA,YACAA,cAFJ,CAAYA,IAAAA,OAKZ,SAAYC,GACRA,mDACAA,+CACAA,6BACAA,6DACAA,yDACAA,6DACAA,yDAPJ,CAAYA,IAAAA,OAUZ,SAAYC,GACRA,mDACAA,+CACAA,qCAHJ,CAAYA,IAAAA,OASL,MAiBMC,EAEL,qEA6BR,IAAYC,GAAZ,SAAYA,GACRA,gDACAA,yEACAA,6DACAA,yEACAA,iDACAA,iEANJ,CAAYA,IAAAA,OCzEZ,MAAaC,EACgBC,0BAAIC,EAAiCC,EAASC,GACnE,MAAO,CACHF,QAASA,EACTC,KAAMA,EACNE,OAAQD,ICMpB,MAAaE,EAOgBL,0BACrBM,EACAC,GAEA,aAAIA,GAAAA,EAASC,SACFC,EAAuBH,EAAKZ,EAAWgB,IAAKH,GAE5CI,EAAuBL,EAAKZ,EAAWgB,IAAKH,GASjCP,2BACtBM,EACAC,EACAK,GAEA,aAAIL,GAAAA,EAASC,SACFC,EAAuBH,EAAKZ,EAAWmB,KAAMN,EAASK,GAEtDD,EAAuBL,EAAKZ,EAAWmB,KAAMN,EAASK,IAKzE,MAAMH,EAAyB,CAC3BH,EACAQ,EACAP,EACAQ,KAEA,MAAMd,SAAUM,SAAAA,EAASN,UAAW,GAC9BO,EAAW,IAAIQ,WAAIT,SAAAA,EAASC,WAAY,IACxCS,EAAiB,IAAID,IAAIV,GAGzBY,EAA6C,CAC/CC,KAAMX,EAASY,SACfC,KAAMb,EAASa,KACfC,OAAQ,UACRC,KAAMN,EAAeG,SACrBnB,QAASA,GAGTc,IACAG,EAAqBH,QAAUA,GAInC,IAAIS,EAAmC,GACvC,GAAIV,IAAepB,EAAWmB,KAAM,CAChC,MAAMX,SAAOK,SAAAA,EAASL,OAAQ,GAC9BsB,wEAEuBtB,EAAKuB,iBACjBvB,EAEf,MAAMwB,KAA2BZ,EAAWa,iBAAiBV,EAAeW,0BAC/DX,EAAeE,gCAExBK,EACA,OAEJ,OAAO,IAAIK,QAA6B,CAACC,EAASC,KAC9C,MAAMC,EAAUC,EAAKD,QAAQd,GAEzBA,EAAqBH,SACrBiB,EAAQE,GAAG,UAAW,KAClBF,EAAQG,UACRJ,EAAO,IAAIK,MAAM,uBAIzBJ,EAAQK,MAGRL,EAAQE,GAAG,UAAW,CAACI,EAAUC,KAC7B,MAAMC,SAAkBF,SAAAA,EAAUnC,aAAcP,EAAY6C,cACvDD,EAAkB5C,EAAY8C,qBAAyBF,EAAkB5C,EAAY+C,qBACtFX,EAAQG,UACRI,EAAOJ,UACPJ,EAAO,IAAIK,sDAAsDE,EAASnC,2CAAoCmC,SAAAA,EAAUM,gBAAiB,eAEzI1B,EAAqBH,UACrBwB,EAAOM,WAAW3B,EAAqBH,SACvCwB,EAAOL,GAAG,UAAW,KACjBF,EAAQG,UACRI,EAAOJ,UACPJ,EAAO,IAAIK,MAAM,wBAKzBG,EAAOO,MAAMpB,GAEb,MAAMqB,EAAiB,GACvBR,EAAOL,GAAG,OAASc,IACfD,EAAKE,KAAKD,KAGdT,EAAOL,GAAG,MAAO,KAEb,MAGMgB,EAHaC,OAAOC,OAAO,IAAIL,IAAOM,WAGTC,MAAM,QAEnCC,EAAiBC,SAASN,EAAgB,GAAGI,MAAM,KAAK,IAExDV,EAAgBM,EAAgB,GAAGI,MAAM,KAAKG,MAAM,GAAGC,KAAK,KAE5DxD,EAAOgD,EAAgBA,EAAgBzB,OAAS,GAGhDkC,EAAeT,EAAgBO,MAAM,EAAGP,EAAgBzB,OAAS,GAGjEmC,EAAU,IAAIC,IACpBF,EAAaG,QAASC,IAOlB,MAAMC,EAAiBD,EAAOT,MAAM,IAAIW,OAAO,aACzCC,EAAYF,EAAe,GACjC,IAAIG,EAAcH,EAAe,GAGjC,IACI,MAAMI,EAASC,KAAKC,MAAMH,GAGtBC,GAA6B,iBAAXA,IAClBD,EAAcC,GAEpB,MAAOG,IAITX,EAAQY,IAAIN,EAAWC,KAE3B,MAAMlE,EAAUwE,OAAOC,YAAYd,GAG7Be,EAAkB5E,EAAa6E,mBADf3E,EAGlB4E,EAAUtB,EAAgBX,EAHR3C,EAGsCC,GACxDqD,IAGEA,EAAiB5D,EAAW+C,qBAAyBa,EAAiB5D,EAAWgD,oBFjH5E,0BEmHPgC,EAAgBzE,KAAhB,OACA8B,EAAQG,UAEZL,EAAQ6C,KAGZpC,EAAOL,GAAG,QAAUc,IAChBhB,EAAQG,UACRI,EAAOJ,UACPJ,EAAO,IAAIK,MAAMY,EAAMK,iBAI/BrB,EAAQE,GAAG,QAAUc,IACjBhB,EAAQG,UACRJ,EAAO,IAAIK,MAAMY,EAAMK,kBAK7B1C,EAAyB,CAC3BL,EACAQ,EACAP,EACAQ,KAEA,MAAM+D,EAAgBhE,IAAepB,EAAWmB,KAC1CX,SAAeK,SAAAA,EAASL,OAAQ,GAGhC6E,EAAsC,CACxCzD,OAAQR,EACRb,eAASM,SAAAA,EAASN,UAHuB,IAkB7C,OAZIc,IACAgE,EAAchE,QAAUA,GAGxB+D,IAEAC,EAAc9E,QAAU,IACjB8E,EAAc9E,QACjB+E,iBAAkB9E,EAAKuB,SAIxB,IAAII,QAA4B,CAACC,EAASC,KAC7C,MAAMC,EAAUiD,EAAMjD,QAAQ1B,EAAKyE,GAE/BhE,GACAiB,EAAQE,GAAG,UAAW,KAClBF,EAAQG,UACRJ,EAAO,IAAIK,MAAM,uBAIrB0C,GACA9C,EAAQc,MAAM5C,GAGlB8B,EAAQK,MAERL,EAAQE,GAAG,WAAaI,IACpB,MAAMrC,EAAUqC,EAASrC,QACnBE,EAAamC,EAASnC,WACtByC,EAAgBN,EAASM,cAEzBG,EAAiB,GACvBT,EAASJ,GAAG,OAASc,IACjBD,EAAKE,KAAKD,KAGdV,EAASJ,GAAG,MAAO,KAEf,MAAMhC,EAAOiD,OAAOC,OAAO,IAAIL,IAAOM,WAGhCsB,EAAkB5E,EAAa6E,mBADf3E,EAGlB4E,EAAU1E,EAAYyC,EAHJ3C,EAGkCC,GACpDC,IAGEA,EAAaR,EAAW+C,qBAAyBvC,EAAaR,EAAWgD,oBFvMpE,0BEyMPgC,EAAgBzE,KAAhB,OACA8B,EAAQG,UAEZL,EAAQ6C,OAIhB3C,EAAQE,GAAG,QAAUc,IACjBhB,EAAQG,UACRJ,EAAO,IAAIK,MAAMY,EAAMK,kBAa7BwB,EAAY,CAAC1E,EAAoByC,EAAmC3C,EAAiCC,KASvG,IAAIgF,EACJ,IACIA,EAAab,KAAKC,MAAMpE,GAC1B,MAAOiF,GACL,IAAIC,EACAC,EACClF,GAAcR,EAAW2F,0BAA8BnF,GAAcR,EAAW4F,wBACjFH,EAAY,eACZC,EAAyB,YACjBlF,GAAcR,EAAW6F,0BAA8BrF,GAAcR,EAAW8F,wBACxFL,EAAY,eACZC,EAAyB,aAEzBD,EAAY,gBACZC,EAAyB,cAG7BH,EAAa,CACTC,MAAOC,EACPM,qBAAsBL,uCAA4DlF,2BAAoCyC,GAAiB,uBAAuByB,KAAKsB,UAAU1F,MAIrL,OAAOiF,GCzOLU,EAAkD,CACpDC,SAAUC,YAAUC,aACpBC,UAAWF,YAAUG,kBACrBC,aAAcJ,YAAUC,aACxBI,gBAAiBL,YAAUC,aAC3BK,kBAAmB,CACfC,WAAYP,YAAUC,aACtBO,WAAYR,YAAUC,aACtBQ,IAAKT,YAAUC,cAEnBS,iBAAkB,GAClBC,uBAAwBX,YAAUC,aAClCW,kBAAmBZ,YAAUC,aAC7BY,mBAAoB,GACpBC,aAAcC,eAAaC,IAC3BC,kBAAmB,CACfC,mBAAoBC,qBAAmBC,KACvCC,OAAQrB,YAAUC,cAEtBqB,4BAA4B,GAG1BC,EAAsC,GAUtCC,EAAsD,CACxDC,cAT0C,CAC1CC,eAAgB,OAGhBC,mBAAmB,EACnBC,SAAUC,WAASC,MAKnBC,cAAe,IAAIxH,EACnBG,SAAUsF,YAAUC,cAGlB+B,EAA4D,CAC9DC,YAAa,CACTC,QAASlC,YAAUC,aACnBkC,WAAYnC,YAAUC,eAsB9B,SAAgBmC,GAAsBC,KAClCA,EADkCC,MAElCA,EAFkCC,OAGlCA,EAHkCC,UAIlCA,IAGA,MAAO,CACHH,KAAM,IAAKvC,KAAyBuC,GACpCC,MAAO,IAAKf,KAA0Be,GACtCC,OAAQ,IAAKf,KAA2Be,GACxCC,UAAW,IAAKR,KAA8BQ,IC9JtD,MAEaC,EAMTC,eACI,OAAOC,OAOXC,OAAOC,GAEH,MADkB,6EACDC,KAAKD,ICnB9B,MAEaE,EAOU7I,oBAAC8I,EAAaC,GAC7B,OAAO5F,OAAO6F,KAAKF,EAAKC,GAAU1F,SAAS,UAOzBrD,uBAAC8I,EAAaC,GAChC,OAAOF,EAAcI,aAAaH,EAAKC,GAClCG,QAAQ,KAAMpD,YAAUC,cACxBmD,QAAQ,MAAO,KACfA,QAAQ,MAAO,KASLlJ,oBAACmJ,GAChB,OAAOhG,OAAO6F,KAAKG,EAAW,UAAU9F,SAAS,QAM/BrD,uBAACmJ,GACnB,IAAIL,EAAMK,EAAUD,QAAQ,KAAM,KAAKA,QAAQ,KAAM,KACrD,KAAOJ,EAAIrH,OAAS,GAChBqH,GAAO,IAEX,OAAOD,EAAcO,aAAaN,IC1C1C,MAGaO,EAKTC,OAAOC,GACH,OAAOC,EACFC,WN4BD,UM3BCC,OAAOH,GACPI,UCHb,MAAaC,EAGTC,cACIC,KAAKC,UAAY,IAAIV,EAMFrJ,0BACnB,MAAMgK,EAAWF,KAAKG,uBAEtB,MAAO,CAAED,SAAAA,EAAUE,UADDJ,KAAKK,kCAAkCH,IAOrDC,uBACJ,MAAMG,EAAU,GACVC,EAAY,IAAO,IAAMxK,EAAmB4B,OAClD,KAAO2I,EAAQ3I,QPCU,IODmB,CACxC,MAAM6I,EAAOd,EAAOe,YAAY,GAAG,GAC/BD,GAAQD,GAQZD,EAAQnH,KAAKpD,EADCyK,EAAOzK,EAAmB4B,SAG5C,MAAMuI,EAAmBI,EAAQ1G,KAAKoC,YAAUC,cAChD,OAAO8C,EAAc2B,gBAAgBR,GAOjCG,kCAAkCM,GACtC,OAAO5B,EAAc2B,gBACjBV,KAAKC,UAAUT,OAAOmB,GAAcpH,SAAS,UAC7C,WC3CZ,MAAaqH,EAKTb,cAEIC,KAAKa,cAAgB,IAAIf,EACzBE,KAAKc,cAAgB,IAAIrC,EACzBuB,KAAKC,UAAY,IAAIV,EAOzBwB,gBACI,OAAOf,KAAKc,cAAcpC,eAO9BS,aAAa6B,GACT,OAAOjC,EAAcI,aAAa6B,GAOtC1B,aAAa0B,GACT,OAAOjC,EAAcO,aAAa0B,GAMtCC,oBACI,OAAOjB,KAAKa,cAAcI,oBAM9BC,yBACI,MAAM,IAAI5I,MAAM,2BAOpB6I,wBACI,MAAM,IAAI7I,MAAM,2BAMpB8I,gBACI,MAAM,IAAI9I,MAAM,2BAMpB+I,UACI,MAAM,IAAI/I,MAAM,2BAMJpC,iBAACoL,GACb,OAAOvC,EAAc2B,gBACjBV,KAAKC,UAAUT,OAAO8B,GAAW/H,SAAS,UAC1C,WCnFZ,MAAagI,EAKiBrL,2BAACsL,GAIvB,OAH0BC,cAAYC,QAAQF,GACxC,GACAjH,KAAKC,MAAMgH,GAQKtL,2BAACyL,GACvB,MAAMC,EAA+B,GAsBrC,OArBID,GACAhH,OAAOkH,KAAKF,GAAUG,KAAI,SAAUC,GAChC,MAAMC,EAAgBL,EAASI,GACzBE,EAAY,CACdC,cAAeF,EAAcG,gBAC7BC,YAAaJ,EAAcI,YAC3BC,MAAOL,EAAcK,MACrBC,eAAgBN,EAAcO,iBAC9BC,SAAUR,EAAcQ,SACxBC,cAAeT,EAAcU,eAC7BC,KAAMX,EAAcW,KACpBC,WAAYZ,EAAca,YAC1BC,qBAAsBd,EAAce,uBACpCC,oBAAqBhB,EAAciB,uBAEjCC,EAAyB,IAAIC,gBACnCC,eAAaC,SAASH,EAASjB,GAC/BL,EAAeG,GAAOmB,KAIvBtB,EAOe1L,2BAACoN,GACvB,MAAMC,EAA0B,GAiBhC,OAhBID,GACA3I,OAAOkH,KAAKyB,GAAUxB,KAAI,SAAUC,GAChC,MAAMyB,EAAgBF,EAASvB,GACzB0B,EAAY,CACdvB,cAAesB,EAAcrB,gBAC7BC,YAAaoB,EAAcpB,YAC3BsB,eAAgBF,EAAcG,gBAC9B5H,SAAUyH,EAAcI,UACxBC,OAAQL,EAAcK,OACtBxB,MAAOmB,EAAcnB,OAEnByB,EAAyB,IAAIC,gBACnCX,eAAaC,SAASS,EAASL,GAC/BF,EAAUxB,GAAO+B,KAGlBP,EAOmBrN,+BAAC8N,GAC3B,MAAMC,EAA8B,GA4BpC,OA3BID,GACArJ,OAAOkH,KAAKmC,GAAclC,KAAI,SAAUC,GACpC,MAAMmC,EAAeF,EAAajC,GAC5BoC,EAAW,CACbjC,cAAegC,EAAa/B,gBAC5BC,YAAa8B,EAAa9B,YAC1BsB,eAAgBQ,EAAaP,gBAC7B5H,SAAUmI,EAAaN,UACvBC,OAAQK,EAAaL,OACrBxB,MAAO6B,EAAa7B,MACpB+B,OAAQF,EAAaE,OACrBC,SAAUH,EAAaI,UACvBC,UAAWL,EAAaM,WACxBC,kBAAmBP,EAAaQ,oBAChCC,UAAWT,EAAaU,WACxBC,MAAOX,EAAaY,OACpBC,UAAWb,EAAac,WACxBC,gBAAiBf,EAAae,gBAC9BC,oBAAqBhB,EAAagB,oBAClCC,kBAAmBjB,EAAaiB,mBAE9BC,EAAiC,IAAIC,oBAC3CjC,eAAaC,SAAS+B,EAAajB,GACnCF,EAAUlC,GAAOqD,KAIlBnB,EAOoB/N,gCAACoP,GAC5B,MAAMC,EAA+B,GAoBrC,OAnBID,GACA3K,OAAOkH,KAAKyD,GAAexD,KAAI,SAAUC,GACrC,MAAMyD,EAAeF,EAAcvD,GAC7B0D,EAAW,CACbvD,cAAesD,EAAarD,gBAC5BC,YAAaoD,EAAapD,YAC1BsB,eAAgB8B,EAAa7B,gBAC7B5H,SAAUyJ,EAAa5B,UACvBC,OAAQ2B,EAAa3B,OACrB6B,SAAUF,EAAaG,UACvBvB,OAAQoB,EAAapB,OACrB/B,MAAOmD,EAAanD,OAElBuD,EAAmC,IAAIC,qBAC7CzC,eAAaC,SAASuC,EAAcH,GACpCF,EAAUxD,GAAO6D,KAIlBL,EAOkBrP,8BAAC4P,GAC1B,MAAMC,EAAuC,GAe7C,OAdID,GACAnL,OAAOkH,KAAKiE,GAAahE,KAAI,SAAUC,GACnC,MAAMiE,EAAiBF,EAAY/D,GAC7BkE,EAAY,CACdlK,SAAUiK,EAAepC,UACzBxB,YAAa4D,EAAe5D,YAC5BsD,SAAUM,EAAeL,WAEvBO,EAAyB,IAAIC,oBACnC/C,eAAaC,SAAS6C,EAAKD,GAC3BF,EAAmBhE,GAAOmE,KAI3BH,EAOe7P,2BAACkQ,GACvB,MAAO,CACHzE,SAAUyE,EAAUC,QACdrG,KAAKsG,oBAAoBF,EAAUC,SACnC,GACN/C,SAAU8C,EAAUG,QACdvG,KAAKwG,oBAAoBJ,EAAUG,SACnC,GACNvC,aAAcoC,EAAUK,YAClBzG,KAAK0G,wBAAwBN,EAAUK,aACvC,GACNnB,cAAec,EAAUO,aACnB3G,KAAK4G,yBAAyBR,EAAUO,cACxC,GACNb,YAAaM,EAAUS,YACjB7G,KAAK8G,uBAAuBV,EAAUS,aACtC,KCjLlB,MAAaE,EAKe7Q,yBAAC+C,GACrB,OAAOsB,KAAKsB,UAAU5C,GAOF/C,yBAAC8Q,GACrB,MAAMrF,EAAoD,GAiB1D,OAhBAhH,OAAOkH,KAAKmF,GAAUlF,KAAI,SAAUC,GAChC,MAAMkF,EAAgBD,EAASjF,GAC/BJ,EAASI,GAAO,CACZI,gBAAiB8E,EAAc/E,cAC/BE,YAAa6E,EAAc7E,YAC3BC,MAAO4E,EAAc5E,MACrBE,iBAAkB0E,EAAc3E,eAChCE,SAAUyE,EAAczE,SACxBE,eAAgBuE,EAAcxE,cAC9BE,KAAMsE,EAActE,KACpBE,YAAaoE,EAAcrE,WAC3BG,uBAAwBkE,EAAcnE,qBACtCG,sBAAuBgE,EAAcjE,wBAItCrB,EAOazL,yBAACgR,GACrB,MAAM5D,EAAoD,GAa1D,OAZA3I,OAAOkH,KAAKqF,GAAUpF,KAAI,SAAUC,GAChC,MAAMoF,EAAYD,EAASnF,GAC3BuB,EAASvB,GAAO,CACZI,gBAAiBgF,EAAUjF,cAC3BE,YAAa+E,EAAU/E,YACvBuB,gBAAiBwD,EAAUzD,eAC3BE,UAAWuD,EAAUpL,SACrB8H,OAAQsD,EAAUtD,OAClBxB,MAAO8E,EAAU9E,UAIlBiB,EAOiBpN,6BAACkR,GACzB,MAAMpD,EAA4D,GAuBlE,OAtBArJ,OAAOkH,KAAKuF,GAAStF,KAAI,SAAUC,GAC/B,MAAMsF,EAAWD,EAAQrF,GACzBiC,EAAajC,GAAO,CAChBI,gBAAiBkF,EAASnF,cAC1BE,YAAaiF,EAASjF,YACtBuB,gBAAiB0D,EAAS3D,eAC1BE,UAAWyD,EAAStL,SACpB8H,OAAQwD,EAASxD,OACjBxB,MAAOgF,EAAShF,MAChB+B,OAAQiD,EAASjD,OACjBE,UAAW+C,EAAShD,SACpBG,WAAY6C,EAAS9C,UACrBG,oBAAqB2C,EAAS5C,kBAC9BG,WAAYyC,EAAS1C,UACrBG,OAAQuC,EAASxC,MACjBG,WAAYqC,EAAStC,UACrBE,gBAAiBoC,EAASpC,gBAC1BC,oBAAqBmC,EAASnC,oBAC9BC,kBAAmBkC,EAASlC,sBAI7BnB,EAOkB9N,8BAACoR,GAC1B,MAAMhC,EAA8D,GAepE,OAdA3K,OAAOkH,KAAKyF,GAASxF,KAAI,SAAUC,GAC/B,MAAMwF,EAAWD,EAAQvF,GACzBuD,EAAcvD,GAAO,CACjBI,gBAAiBoF,EAASrF,cAC1BE,YAAamF,EAASnF,YACtBuB,gBAAiB4D,EAAS7D,eAC1BE,UAAW2D,EAASxL,SACpB8H,OAAQ0D,EAAS1D,OACjB8B,UAAW4B,EAAS7B,SACpBtB,OAAQmD,EAASnD,OACjB/B,MAAOkF,EAASlF,UAIjBiD,EAOgBpP,4BAACsR,GACxB,MAAM1B,EAA2D,GAUjE,OATAnL,OAAOkH,KAAK2F,GAAW1F,KAAI,SAAUC,GACjC,MAAM0F,EAAaD,EAAUzF,GAC7B+D,EAAY/D,GAAO,CACf6B,UAAW6D,EAAW1L,SACtBqG,YAAaqF,EAAWrF,YACxBuD,UAAW8B,EAAW/B,aAIvBI,EAOa5P,yBAACwR,GACrB,MAAO,CACHrB,QAASrG,KAAK2H,kBAAkBD,EAAW/F,UAC3C4E,QAASvG,KAAK4H,kBAAkBF,EAAWpE,UAC3CmD,YAAazG,KAAK6H,sBAAsBH,EAAW1D,cACnD2C,aAAc3G,KAAK8H,uBAAuBJ,EAAWpC,eACrDuB,YAAa7G,KAAK+H,qBAAqBL,EAAW5B,qBCrHjDkC,UAAoB5E,eAM7BrD,YAAYkI,EAAgBlM,EAAkBmM,GAC1CC,MAAMpM,EAAUmM,GAJZlI,WAAsB,GACtBA,oBAAkC,GAItCA,KAAKiI,OAASA,EAOlBG,sBAAsBC,GAClBrI,KAAKsI,eAAenP,KAAKkP,GAM7BE,aACIvI,KAAKsI,eAAetO,QAAQqO,GAAQA,EAAKG,KAAK,OAOlDC,qBAAqBnK,GACjB,MAAMoK,EAA+B,CACjC/G,SAAU,GACV2B,SAAU,GACVU,aAAc,GACdsB,cAAe,GACfQ,YAAa,IAGjB,IAAK,MAAM/D,KAAOzD,EACd,GAAIA,EAAMyD,aAA0BoB,gBAChCuF,EAAc/G,SAASI,GAAOzD,EAAMyD,QACjC,GAAIzD,EAAMyD,aAAgBgC,gBAC7B2E,EAAcpF,SAASvB,GAAOzD,EAAMyD,QACjC,GAAIzD,EAAMyD,aAAgBsD,oBAC7BqD,EAAc1E,aAAajC,GAAOzD,EAAMyD,QACrC,GAAIzD,EAAMyD,aAAgB8D,qBAC7B6C,EAAcpD,cAAcvD,GAAOzD,EAAMyD,OACtC,CAAA,KAAIzD,EAAMyD,aAAgBoE,qBAG7B,SAFAuC,EAAc5C,YAAY/D,GAAOzD,EAAMyD,GAM/C,OAAO2G,EAOXC,qBAAqBD,GAGjB,IAAIpK,EAAQ0B,KAAK4I,WAYjB,OAVAtK,EAAQ,IACDA,KACAoK,EAAc/G,YACd+G,EAAcpF,YACdoF,EAAc1E,gBACd0E,EAAcpD,iBACdoD,EAAc5C,aAIdxH,EAMXuK,mBAKI,OAJA7I,KAAKiI,OAAOa,MAAM,2BAGI9I,KAAKyI,qBAAqBzI,KAAK4I,YAQzDG,iBAAiBL,GACb1I,KAAKiI,OAAOa,MAAM,2BAGlB,MAAMxK,EAAQ0B,KAAK2I,qBAAqBD,GACxC1I,KAAKgJ,SAAS1K,GAEd0B,KAAKuI,aAMTK,WAEI,OADA5I,KAAKiI,OAAOa,MAAM,iCACX9I,KAAK1B,MAOhB0K,SAAS1K,GACL0B,KAAKiI,OAAOa,MAAM,iCAClB9I,KAAK1B,MAAQA,EAGb0B,KAAKuI,aAOTU,QAAQlH,GAKJ,OAJA/B,KAAKiI,OAAOiB,sBAAsBnH,GAGpB/B,KAAK4I,WACN7G,GAQjBoH,QAAQpH,EAAaqH,GACjBpJ,KAAKiI,OAAOiB,sBAAsBnH,GAGlC,MAAMzD,EAAQ0B,KAAK4I,WACnBtK,EAAMyD,GAAOqH,EAGbpJ,KAAKgJ,SAAS1K,GAOlB+K,WAAWC,GACP,MAAMpG,EAAUlD,KAAKiJ,QAAQK,GAC7B,OAAInG,gBAAcoG,gBAAgBrG,GACvBA,EAEJ,KAOXsG,WAAWtG,GACP,MAAMoG,EAAapG,EAAQuG,qBAC3BzJ,KAAKmJ,QAAQG,EAAYpG,GAO7BwG,qBAAqBC,GACjB,MAAM7F,EAAU9D,KAAKiJ,QAAQU,GAC7B,OAAI5F,gBAAc6F,gBAAgB9F,GACvBA,EAEJ,KAOX+F,qBAAqB/F,GACjB,MAAM6F,EAAa7F,EAAQgG,wBAC3B9J,KAAKmJ,QAAQQ,EAAY7F,GAO7BiG,yBAAyBC,GACrB,MAAM5E,EAAcpF,KAAKiJ,QAAQe,GACjC,OAAI3E,oBAAkB4E,oBAAoB7E,GAC/BA,EAEJ,KAOX8E,yBAAyB9E,GACrB,MAAM4E,EAAiB5E,EAAY0E,wBACnC9J,KAAKmJ,QAAQa,EAAgB5E,GAOjC+E,0BAA0BC,GACtB,MAAMxE,EAAe5F,KAAKiJ,QAAQmB,GAClC,OAAIvE,qBAAmBwE,qBAAqBzE,GACjCA,EAEJ,KAOX0E,0BAA0B1E,GACtB,MAAMwE,EAAkBxE,EAAakE,wBACrC9J,KAAKmJ,QAAQiB,EAAiBxE,GAOlC2E,eAAeC,GACX,MAAM1E,EAAiC9F,KAAKiJ,QAAQuB,GACpD,OAAIrE,oBAAkBsE,oBAAoBD,EAAgB1E,GAC/CA,EAEJ,KAOX4E,eAAe5E,GACX,MAAM0E,EAAiB1E,EAAY6E,yBACnC3K,KAAKmJ,QAAQqB,EAAgB1E,GAOjC8E,mBAAmBC,GACf,MAAMC,EAA+C9K,KAAKiJ,QAAQ4B,GAClE,OAAIC,GAAyBC,wBAAsBC,wBAAwBH,EAAoBC,GACpFA,EAEJ,KAQXG,mBAAmBC,EAA4BC,GAC3CnL,KAAKmJ,QAAQ+B,EAAoBC,GAOrCC,qBAAqBrJ,GACjB,MAAMsJ,EAAmDrL,KAAKiJ,QAAQlH,GACtE,OAAIsJ,GAA2BC,0BAAwBC,0BAA0BxJ,EAAKsJ,GAC3EA,EAEJ,KAMXG,2BACI,OAAOxL,KAAKyL,UAAUC,OAAQ3J,GACnB/B,KAAK2L,oBAAoB5J,IASxC6J,qBAAqB7J,EAAa8J,GAC9B7L,KAAKmJ,QAAQpH,EAAK8J,GAOtBC,mBAAmBC,GACf,MAAMC,EAAoChM,KAAKiJ,QAAQ8C,GACvD,OAAIC,GAAmBC,mBAAiBC,mBAAmBH,EAAoBC,GACpEA,EAEJ,KAQXG,mBAAmBJ,EAA4BC,GAC3ChM,KAAKmJ,QAAQ4C,EAAoBC,GAQrCI,WAAWrK,GACP/B,KAAKiI,OAAOiB,sBAAsBnH,GAGlC,IAAIsK,GAAkB,EACtB,MAAM/N,EAAQ0B,KAAK4I,WAYnB,OAVMtK,EAAMyD,YACDzD,EAAMyD,GACbsK,GAAS,GAITA,IACArM,KAAKgJ,SAAS1K,GACd0B,KAAKuI,cAEF8D,EAOXC,YAAYvK,GACR,OAAO/B,KAAKyL,UAAUc,SAASxK,GAMnC0J,UACIzL,KAAKiI,OAAOa,MAAM,6BAGlB,MAAMxK,EAAQ0B,KAAK4I,WACnB,MAAO,IAAKjO,OAAOkH,KAAKvD,IAMjBpI,cACP8J,KAAKiI,OAAOa,MAAM,0CAGA9I,KAAKyL,UAGbzR,QAAQ+H,IACd/B,KAAKoM,WAAWrK,KAEpB/B,KAAKuI,aAOmBrS,6BAACoI,GACzB,OAAOiD,EAAaiL,oBAChBjL,EAAakL,oBAAoBnO,IAQjBpI,yBAACwS,GACrB,OAAO3B,EAAW2F,kBAAkBhE,GAMxCiE,yBAAyBC,EAAyBC,GAC9C,MAAMC,EAAkBD,EAAW/C,wBAEnC,GAAI8C,IAAoBE,EAAiB,CACrC,MAAMC,EAAY/M,KAAKiJ,QAAQ2D,GAC/B,GAAIG,EAIA,OAHA/M,KAAKoM,WAAWQ,GAChB5M,KAAKmJ,QAAQ2D,EAAiBC,GAC9B/M,KAAKiI,OAAO+E,+BAA+BH,EAAWnJ,4BAC/CoJ,EAEP9M,KAAKiI,OAAO5M,yCAAyCwR,EAAWnJ,uFAIxE,OAAOkJ,GChcf,MAMMK,EACO,GADPA,EAEO,GAFPA,EAGW,GAHXA,EAIY,GAJZA,EAKW,GAOjB,MAAaC,EAQTnN,YAAYoN,EAAsBlF,EAAgBmF,GAC9CpN,KAAKqN,iBAAkB,EACvBrN,KAAKmN,QAAUA,EACfnN,KAAKmN,QAAQ/E,sBAAsBpI,KAAKsN,kBAAkBC,KAAKvN,OAC3DoN,IACApN,KAAKwN,YAAcJ,GAEvBpN,KAAKiI,OAASA,EAMlBwF,aACI,OAAOzN,KAAKqN,gBAMhBK,YACI1N,KAAKiI,OAAOa,MAAM,+BAClB,IAAI6E,EAAa5G,EAAW2F,kBACxB1M,KAAKmN,QAAQtE,oBAejB,OAXKpH,cAAYC,QAAQ1B,KAAK4N,eAO1B5N,KAAKiI,OAAOa,MAAM,+BANlB9I,KAAKiI,OAAOa,MAAM,oCAClB6E,EAAa3N,KAAK6N,WACdtT,KAAKC,MAAMwF,KAAK4N,eAChBD,IAKR3N,KAAKqN,iBAAkB,EAEhB9S,KAAKsB,UAAU8R,GAO1BG,YAAYxP,GAIR,GAHA0B,KAAKiI,OAAOa,MAAM,yCAClB9I,KAAK4N,cAAgBtP,EAEhBmD,cAAYC,QAAQ1B,KAAK4N,eAO1B5N,KAAKiI,OAAOa,MAAM,wCAPwB,CAC1C9I,KAAKiI,OAAOa,MAAM,oCAClB,MAAMiF,EAAoBxM,EAAaiL,oBACnCxM,KAAKgO,gBAAgBzT,KAAKC,MAAMwF,KAAK4N,iBAEzC5N,KAAKmN,QAAQpE,iBAAiBgF,IAStCE,aACI,OAAOjO,KAAKmN,QAAQvE,WAMJ1S,uBAGhB,IAAIgY,EADJlO,KAAKiI,OAAOa,MAAM,yBAElB,IAKI,OAJI9I,KAAKwN,cACLU,EAAe,IAAIC,oBAAkBnO,MAAM,SACrCA,KAAKwN,YAAYY,kBAAkBF,IAEtClO,KAAKmN,QAAQkB,yBAEhBrO,KAAKwN,aAAeU,SACdlO,KAAKwN,YAAYc,iBAAiBJ,IAW5BhY,yBAACgM,GACrB,MAAMqM,QAAoBvO,KAAKqO,iBAC/B,OAAK5M,cAAYC,QAAQQ,IAAkBqM,GAAeA,EAAY5W,QAC3D4W,EAAY7C,OAAO8C,GAAcA,EAAWtM,gBAAkBA,GAAe,IAE7E,KAUUhM,0BAACoM,GACtB,MAAMiM,QAAoBvO,KAAKqO,iBAC/B,OAAK5M,cAAYC,QAAQY,IAAmBiM,GAAeA,EAAY5W,QAC5D4W,EAAY7C,OAAO8C,GAAcA,EAAWlM,iBAAmBA,GAAgB,IAE/E,KAQIpM,oBAACgN,GAEhB,IAAIgL,EADJlO,KAAKiI,OAAOa,MAAM,wBAElB,IACQ9I,KAAKwN,cACLU,EAAe,IAAIC,oBAAkBnO,MAAM,SACrCA,KAAKwN,YAAYY,kBAAkBF,UAEvClO,KAAKmN,QAAQsB,cAActL,gBAAcuL,wBAAwBxL,YAEnElD,KAAKwN,aAAeU,SACdlO,KAAKwN,YAAYc,iBAAiBJ,IAQ5CZ,oBACJtN,KAAKqN,iBAAkB,EAQnBQ,WAAWc,EAAqBC,GACpC5O,KAAKiI,OAAOa,MAAM,+CAClB,MAAM+F,EAAoB7O,KAAK8O,cAAcH,EAAUC,GACvD,OAAO5O,KAAK+O,aAAaF,EAAmBD,GAQxCG,aAAaJ,EAAkBK,GAwBnC,OAvBArU,OAAOkH,KAAKmN,GAAUhV,QAASiV,IAC3B,MAAMC,EAAWF,EAASC,GAG1B,GAAKN,EAASQ,eAAeF,GAItB,CAEH,MAAMG,EAA+B,OAAbF,EAClBG,EAAuC,iBAAbH,EAC1BI,GAAsBC,MAAMC,QAAQN,GACpCO,EAA6B,MAAOd,EAASM,GAE/CG,GAAmBC,GAAoBC,GAAsBG,EAC7DzP,KAAK+O,aAAaJ,EAASM,GAASC,GAEpCP,EAASM,GAAUC,OAbN,OAAbA,IACAP,EAASM,GAAUC,KAiBxBP,EASHG,cAAcH,EAAqBK,GACvChP,KAAKiI,OAAOa,MAAM,mCAClB,MAAMnH,EAAWgN,EAAStI,QAAUrG,KAAK0P,kBAA2Cf,EAAStI,QAAS2I,EAAS3I,SAAWsI,EAAStI,QAC7HrC,EAAe2K,EAASlI,YAAczG,KAAK0P,kBAA+Cf,EAASlI,YAAauI,EAASvI,aAAekI,EAASlI,YACjJnB,EAAgBqJ,EAAShI,aAAe3G,KAAK0P,kBAAgDf,EAAShI,aAAcqI,EAASrI,cAAgBgI,EAAShI,aACtJrD,EAAWqL,EAASpI,QAAUvG,KAAK0P,kBAA2Cf,EAASpI,QAASyI,EAASzI,SAAWoI,EAASpI,QAC7HT,EAAc6I,EAAS9H,YAAc7G,KAAK0P,kBAA+Cf,EAAS9H,YAAamI,EAASnI,aAAe8H,EAAS9H,YAEtJ,MAAO,IACA8H,EACHtI,QAAS1E,EACT8E,YAAazC,EACb2C,aAAcrB,EACdiB,QAASjD,EACTuD,YAAaf,GASb4J,kBAAqBf,EAA6BK,GACtD,MAAMrB,EAAa,IAAKgB,GAMxB,OALAhU,OAAOkH,KAAK8M,GAAU3U,QAAS2V,IACtBX,GAAcA,EAASG,eAAeQ,WAChChC,EAAWgC,KAGnBhC,EAOHK,gBAAgB4B,GAEpB,OADA5P,KAAKiI,OAAOa,MAAM,iDACX,CACHzC,QAAS,IACF4G,KACA2C,EAAcvJ,SAErBE,QAAS,IACF0G,KACA2C,EAAcrJ,SAErBE,YAAa,IACNwG,KACA2C,EAAcnJ,aAErBE,aAAc,IACPsG,KACA2C,EAAcjJ,cAErBE,YAAa,IACNoG,KACA2C,EAAc/I,qBClPpBgJ,UAAsBC,YAC/B/P,YAAYgQ,EAAmBC,GAC3B7H,MAAM4H,EAAWC,GACjBhQ,KAAK2C,KAAO,gBAM4BzM,+CACxC,OAAO,IAAI2Z,EAvCL,uCACA,mEA6C+B3Z,4CACrC,OAAO,IAAI2Z,EA3CL,6BACA,2EAiD4B3Z,yCAClC,OAAO,IAAI2Z,EA/CL,2BACA,0GAqD8B3Z,2CACpC,OAAO,IAAI2Z,EAnDL,4BACA,kCAyDmC3Z,gDACzC,OAAO,IAAI2Z,EAvDL,iCACA,0DA6D6B3Z,0CACnC,OAAO,IAAI2Z,EA3DL,0BACA,8DAiEqB3Z,kCAC3B,OAAO,IAAI2Z,EA/DL,kBACA,0ECgBd,MAAsBI,EA6BlBlQ,YAAsBmQ,GAClBlQ,KAAKmQ,OAAS/R,EAAsB8R,GACpClQ,KAAKoQ,eAAiB,IAAIxP,EAC1BZ,KAAKiI,OAAS,IAAIoI,SAAOrQ,KAAKmQ,OAAO5R,OAAOd,cCpFhC,mBACG,UDoFfuC,KAAKmN,QAAU,IAAInF,EAAYhI,KAAKiI,OAAQjI,KAAKmQ,OAAO9R,KAAKtC,SAAUiE,KAAKoQ,gBAC5EpQ,KAAKsQ,WAAa,IAAIpD,EAClBlN,KAAKmN,QACLnN,KAAKiI,OACLjI,KAAKmQ,OAAO7R,MAAM8O,aAaNlX,qBAACgC,GACjB8H,KAAKiI,OAAOsI,KAAK,wBAAyBrY,EAAQsY,eAClD,MAAMC,EAA8C,IAC7CvY,WACO8H,KAAK0Q,sBAAsBxY,GACrCyY,aAAczY,EAAQyY,cAAgBC,eAAaC,MACnDC,qBAAsBC,uBAAqBC,QAGzCC,QAAyBjR,KAAKkR,8BAChCT,EAAavU,UACbuU,EAAaD,mBACbW,OACAA,EACAjZ,EAAQ+E,mBAENmU,EAA0B,IAAIC,0BAChCJ,GAGJ,OADAjR,KAAKiI,OAAO+E,QAAQ,2BAA4ByD,EAAaD,eACtDY,EAAwBE,eAAeb,GAW1Bva,yBAACgC,EAAmCqZ,GACxDvR,KAAKiI,OAAOsI,KAAK,6BACbrY,EAAQsZ,OAASD,IACjBvR,KAAKiI,OAAOsI,KAAK,yCACjBvQ,KAAKyR,cAAcvZ,EAAQsZ,MAAOD,EAAgBC,OAAS,IAE3DD,EAAiB,IAAIA,EAAiBC,MAAO,KAEjD,MAAMf,EAA+C,IAC9CvY,WACO8H,KAAK0Q,sBAAsBxY,GACrC4Y,qBAAsBC,uBAAqBC,QAGzCU,EAAyB1R,KAAK2R,iCAAiC3b,EAAM4b,mBAAoBnB,EAAaD,eAC5G,IACI,MAAMS,QAAyBjR,KAAKkR,8BAChCT,EAAavU,UACbuU,EAAaD,cACbkB,OACAP,EACAjZ,EAAQ+E,mBAENmU,EAA0B,IAAIC,0BAChCJ,GAGJ,OADAjR,KAAKiI,OAAO+E,QAAQ,2BAA4ByD,EAAaD,eACtDY,EAAwBS,aAAapB,EAAcc,GAC5D,MAAO9W,GAKL,MAJIA,aAAaqV,aACbrV,EAAEqX,iBAAiBrB,EAAaD,eAEpCkB,EAAuBK,mBAAmBtX,GACpCA,GAWkBvE,iCAACgC,GAC7B8H,KAAKiI,OAAOsI,KAAK,oCAAqCrY,EAAQsY,eAC9D,MAAMC,EAA0C,IACzCvY,WACO8H,KAAK0Q,sBAAsBxY,GACrC4Y,qBAAsBC,uBAAqBC,QAGzCU,EAAyB1R,KAAK2R,iCAAiC3b,EAAMgc,2BAA4BvB,EAAaD,eACpH,IACI,MAAMyB,QAAiCjS,KAAKkR,8BACxCT,EAAavU,UACbuU,EAAaD,cACbkB,OACAP,EACAjZ,EAAQ+E,mBAENiV,EAAqB,IAAIC,qBAC3BF,GAGJ,OADAjS,KAAKiI,OAAO+E,QAAQ,+BAAgCyD,EAAaD,eAC1D0B,EAAmBL,aAAapB,GACzC,MAAOhW,GAKL,MAJIA,aAAaqV,aACbrV,EAAEqX,iBAAiBrB,EAAaD,eAEpCkB,EAAuBK,mBAAmBtX,GACpCA,GAYUvE,yBAACgC,GACrB,MAAMuY,EAAwC,IACvCvY,WACO8H,KAAK0Q,sBAAsBxY,GACrCka,aAAcla,EAAQka,eAAgB,GAGpCV,EAAyB1R,KAAK2R,iCAAiC3b,EAAMqc,mBAAoB5B,EAAaD,cAAeC,EAAa2B,cACxI,IACI,MAAME,QAA+BtS,KAAKkR,8BACtCT,EAAavU,UACbuU,EAAaD,cACbkB,OACAP,EACAjZ,EAAQ+E,mBAENsV,EAAmB,IAAIC,mBACzBF,GAGJ,OADAtS,KAAKiI,OAAO+E,QAAQ,6BAA8ByD,EAAaD,eACxD+B,EAAiBV,aAAapB,GACvC,MAAOhW,GAKL,MAJIA,aAAaqV,aACbrV,EAAEqX,iBAAiBrB,EAAaD,eAEpCkB,EAAuBK,mBAAmBtX,GACpCA,GAcsBvE,qCAACgC,GACjC8H,KAAKiI,OAAOsI,KAAK,wCAAyCrY,EAAQsY,eAClE,MAAMC,EAA8C,IAC7CvY,WACO8H,KAAK0Q,sBAAsBxY,IAEnCwZ,EAAyB1R,KAAK2R,iCAAiC3b,EAAMyc,+BAAgChC,EAAaD,eACxH,IACI,MAAMkC,QAAqC1S,KAAKkR,8BAC5CT,EAAavU,UACbuU,EAAaD,cACbkB,OACAP,EACAjZ,EAAQ+E,mBAEN0V,EAAyB,IAAIC,yBAAuBF,GAE1D,OADA1S,KAAKiI,OAAO+E,QAAQ,mCAAoCyD,EAAaD,eAC9DmC,EAAuBd,aAAapB,GAC7C,MAAOhW,GAKL,MAJIA,aAAaqV,aACbrV,EAAEqX,iBAAiBrB,EAAaD,eAEpCkB,EAAuBK,mBAAmBtX,GACpCA,GAOdoY,gBAEI,OADA7S,KAAKiI,OAAOsI,KAAK,wBACVvQ,KAAKsQ,WAYNmB,cAAcD,EAAesB,GACnC,IAAItB,EACA,MAAM3B,EAAckD,2BAGxB,GAAGvB,IAAUsB,EACT,MAAME,kBAAgBC,2BAO9BC,YACI,OAAOlT,KAAKiI,OAOhBkL,UAAUlL,GACNjI,KAAKiI,OAASA,EAQ2B/R,oCACzCgG,EACAkX,EACA1B,EACA2B,EACApW,GAEA+C,KAAKiI,OAAO+E,QAAQ,uCAAwCoG,GAG5D,MAAME,EAAwBrW,GAAwC+C,KAAKmQ,OAAO9R,KAAKpB,kBAGvF+C,KAAKiI,OAAO+E,mEAAmE9Q,EAAakX,GAC5F,MAAMG,QAA4BvT,KAAKwT,gBAAgBtX,EAAWmX,EAA0BD,EAAsBE,GAwClH,aAtCA5B,GAAAA,EAAwB+B,8BAA8BF,EAAoBG,yBAEzB,CAC7CC,YAAa,CACT5X,SAAUiE,KAAKmQ,OAAO9R,KAAKtC,SAC3BG,UAAWqX,EACX1W,mBAAoBmD,KAAKmQ,OAAO9R,KAAKxB,oBAEzC+W,cAAe,CACXld,SAAUsJ,KAAKmQ,OAAO5R,OAAO7H,UAEjC+G,cAAe,CACXG,SAAUoC,KAAKmQ,OAAO5R,OAAOd,cAAcG,SAC3CF,eAAgBsC,KAAKmQ,OAAO5R,OAAOd,cAC9BC,eACLC,kBAAmBqC,KAAKmQ,OAAO5R,OAAOd,cACjCE,kBACL6S,cAAe4C,GAEnBS,gBAAiB7T,KAAKoQ,eACtB0D,iBAAkB9T,KAAKmQ,OAAO5R,OAAOR,cACrCgW,iBAAkB/T,KAAKmN,QACvBuE,uBAAwBA,EACxBsC,kBAAmB,CACf5X,aAAc4D,KAAK5D,aACnBC,gBAAiB2D,KAAK3D,gBAAkB2D,KAAKiU,mBAAmBV,QAAuBpC,GAE3F+C,YAAa,CACTC,IdrTF,ecsTEC,QCtXO,SDuXPC,IAAKC,QAAQC,MAAQvY,YAAUC,aAC/BuY,GAAIF,QAAQG,UAAYzY,YAAUC,cAEtCuC,UAAWwB,KAAKmQ,OAAO3R,UACvBkW,kBAAmB1U,KAAKmQ,OAAO7R,MAAM8O,YACrCuH,kBAAmB3U,KAAKsQ,YAMxB2D,mBAAmB/X,GACvB,MAAO,CACH0Y,UAAW5U,KAAK3D,gBAAgBwY,OAAO7U,KAAKoQ,eAAgBpQ,KAAKmQ,OAAO9R,KAAKtC,SAAUG,EAAU4Y,eACjGC,cdpUmB,0Dc4UU7e,4BAAC8e,GAclC,OAbAhV,KAAKiI,OAAO+E,QAAQ,iCAAkCgI,EAAYxE,eAE9DwE,EAAYlE,sBAAwBkE,EAAYlE,uBAAyBC,uBAAqBkE,KAC9FjV,KAAKiI,OAAO+E,QAAQ,0GAA2GgI,EAAYxE,eAG/IwE,EAAYlE,qBAAuBC,uBAAqBC,OAGpDgE,EAAYE,SAAWzT,cAAYC,QAAQsT,EAAYE,UACvDF,EAAY9P,0BAA4BlF,KAAKoQ,eAAe+E,WAAWH,EAAYE,SAGhF,IACAF,EACHI,OAAQ,IAAMJ,GAAeA,EAAYI,QAAW,MAAQC,uBAC5D7E,cAAewE,GAAeA,EAAYxE,eAAiBxQ,KAAKoQ,eAAerP,gBAC/E7E,UAAW8Y,EAAY9Y,WAAa8D,KAAKmQ,OAAO9R,KAAKnC,WAUnDyV,iCAAiC2D,EAAe9E,EAAuB4B,GAQ7E,OAAO,IAAImD,yBAPsC,CAC7CxZ,SAAUiE,KAAKmQ,OAAO9R,KAAKtC,SAC3ByU,cAAeA,EACf8E,MAAOA,EACPlD,aAAcA,IAAgB,GAGkBpS,KAAKmN,SAQhCjX,sBAACsf,EAAyBnC,EAAqDD,EAA+BnW,GACvI+C,KAAKiI,OAAO+E,QAAQ,yBAA0BoG,GAG9C,MAAMqC,EAAeC,YAAUC,kBAAkBH,EAAiBvY,GAE5D2Y,EAAqC,CACvC9Y,aAAckD,KAAKmQ,OAAO9R,KAAKvB,aAC/BJ,iBAAkBsD,KAAKmQ,OAAO9R,KAAK3B,iBACnCC,uBAAwBqD,KAAKmQ,OAAO9R,KAAK1B,uBACzCC,kBAAmBoD,KAAKmQ,OAAO9R,KAAKzB,kBACpCyW,yBAAAA,EACA/V,2BAA4B0C,KAAKmQ,OAAO9R,KAAKf,4BAGjD,aAAauY,mBAAiBC,yBAAyBL,EAAczV,KAAKmQ,OAAO5R,OAAOR,cAAeiC,KAAKmN,QAASyI,EAAkB5V,KAAKiI,OAAQjI,KAAKmQ,OAAO5R,OAAO7H,UAM3Kqf,aACI/V,KAAKmN,QAAQ6I,SE5crB,MAKaC,EASc/f,wBAACggB,EAA0BC,GAC9C,GAAMnW,KAAKoW,OACP,MAAMvG,EAAcwG,yCAGxB,MAAMC,EAAmB,IAAIve,QAAyC,CAACC,EAASC,KAC5E+H,KAAKoW,OAASG,eAAaC,MAAOC,EAAsBC,KACpD,MAAMlgB,EAAMigB,EAAIjgB,IAChB,IAAKA,EAGD,OAFAkgB,EAAIne,IAAI4d,GAAiB,2CACzBle,EAAO4X,EAAc8G,sCAElB,GAAIngB,IAAQogB,YAAgBC,cAE/B,YADAH,EAAIne,IAAI2d,GAAmB,uEAI/B,MAAMY,EAAmBC,YAAUC,2BAA2BxgB,GAC9D,GAAIsgB,EAAiBG,KAAM,CACvB,MAAMC,QAAoBlX,KAAKmX,iBAC/BT,EAAIU,UAAUvhB,EAAWwhB,SAAU,CAAEC,SAAUJ,IAC/CR,EAAIne,MAERP,EAAQ8e,KAEZ9W,KAAKoW,OAAOmB,OAAO,KAmBvB,aAfM,IAAIxf,QAAeC,IACrB,IAAIwf,EAAQ,EACZ,MAAMC,EAAKC,YAAY,KACnB,GAAKC,GAAgFH,EACjF,MAAM3H,EAAc+H,mCAGpB5X,KAAKoW,OAAOyB,YACZC,cAAcL,GACdzf,KAEJwf,KhB+CC,OgB3CFlB,EAOXa,iBACI,IAAKnX,KAAKoW,OACN,MAAMvG,EAAckI,oCAGxB,MAAMC,EAAUhY,KAAKoW,OAAO4B,UAC5B,IAAKA,GAA8B,iBAAZA,IAAyBA,EAAQzgB,KAEpD,MADAyI,KAAKiY,cACCpI,EAAcqI,wCAKxB,2BAFaF,GAAWA,EAAQzgB,MAQpC0gB,cACUjY,KAAKoW,QACPpW,KAAKoW,OAAO+B,SC5ExB,MAAaC,EAckBliB,qBAAC0e,GACxB,MAAMvY,EAAkB,IAAI+b,EAE5B,OADA/b,EAAgBgc,IAAMzD,EACfvY,EASkBnG,uBAACqG,EAAoBC,EAAoB8b,GAClE,MAAMjc,EAAkB,IAAI+b,EAM5B,OALA/b,EAAgBG,WAAaA,EAC7BH,EAAgBE,WAAaA,EACzB+b,IACAjc,EAAgBic,kBAAoBtY,KAAKuY,iBAAiBD,IAEvDjc,EASJwY,OAAOzE,EAAgCoI,EAAgBC,GAE1D,GAAIzY,KAAKxD,YAAcwD,KAAKzD,WAExB,OAAIyD,KAAKqY,MAAQrY,KAAK0Y,aAAeF,IAAWxY,KAAKwY,QAAUC,IAAgBzY,KAAKyY,YACzEzY,KAAKqY,IAGTrY,KAAK2Y,UAAUvI,EAAgBoI,EAAQC,GAOlD,GAAIzY,KAAKqY,IACL,OAAOrY,KAAKqY,IAGhB,MAAMrF,kBAAgB4F,8BAMlBD,UAAUvI,EAAgCoI,EAAgBC,GAE9DzY,KAAKwY,OAASA,EACdxY,KAAKyY,YAAcA,EACnB,MAAMI,EAAWC,YAAUC,aAC3B/Y,KAAKgZ,eAAiBH,EAAW,IAEjC,MAAM5e,EAAoB,CACtBgf,IjBIC,QiBHDC,IAAKna,EAAc2B,gBAAgBV,KAAKzD,WAAY,QAGpDyD,KAAKsY,mBACL3d,OAAOwe,OAAOlf,EAAQ,CAClBwC,IAAKuD,KAAKsY,oBAIlB,MAAMc,EAAU,CACZC,IAAyBrZ,KAAKyY,YAC9Ba,IAAgCtZ,KAAKgZ,eACrCO,IAAuBvZ,KAAKwY,OAC5BgB,IAAwBxZ,KAAKwY,OAC7BiB,IAA2BZ,EAC3Ba,IAAuBtJ,EAAerP,iBAI1C,OADAf,KAAKqY,IAAMsB,OAAKP,EAASpZ,KAAKxD,WAAY,CAAEvC,OAAAA,IACrC+F,KAAKqY,IAMRK,YACJ,OAAO1Y,KAAKgZ,eAAiBF,YAAUC,aAOb7iB,wBAACoiB,GAQ3B,MAAMsB,EAAmB,wEACnBC,EAAkB,GAExB,IAAIC,EACJ,KAAgE,QAAxDA,EAAUF,EAAiBG,KAAKzB,KAEpCuB,EAAM1gB,KAAK2gB,EAAQ,GAAG1a,QAAQ,SAAUpD,YAAUC,eAGtD,OAAO4d,m1DC7GoC5J,EAsB/ClQ,YAAYmQ,GACR/H,MAAM+H,GACNlQ,KAAKga,oBAAoBha,KAAKmQ,QAC9BnQ,KAAKia,sBAAmB9I,EAS5B+I,oBAAoBC,GAChBna,KAAKia,iBAAmBE,EAMejkB,qCAACgC,GAIxC,IAAImE,EAHJ2D,KAAKiI,OAAOsI,KAAK,wCAAyCrY,EAAQsY,eAI9DtY,EAAQmE,kBACRA,EAAkB,CACduY,UAAW1c,EAAQmE,gBACnB0Y,clBde,2DkBkBvB,MAAMqF,QAAoBpa,KAAK0Q,sBAAsBxY,GAG/CmiB,EAAmB,IAClBD,EACHhF,OAAQgF,EAAYhF,OAAO1J,OAAQ4O,IAAmBjF,sBAAoB9I,SAAS+N,KAGjF7J,EAA8C,IAC7CvY,KACAmiB,EACHhe,gBAAAA,GAGEgX,EAAqD,CACvDkH,YAAa9J,EAAa8J,YAC1BC,kBAAmBlG,QAAQmG,IAAR,aAGjB/I,EAAyB1R,KAAK2R,iCAAiC3b,EAAM0kB,+BAAgCjK,EAAaD,cAAeC,EAAakK,WACpJ,IACI,MAAMC,QAA+B5a,KAAKkR,8BACtCT,EAAavU,UACbuU,EAAaD,cACbkB,EACA2B,EACAnb,EAAQ+E,mBAEN4d,EAAyB,IAAIC,yBAAuBF,EAAwB5a,KAAKia,kBAEvF,OADAja,KAAKiI,OAAO+E,QAAQ,mCAAoCyD,EAAaD,eAC9DqK,EAAuBhJ,aAAapB,GAC7C,MAAOhW,GAKL,MAJIA,aAAaqV,aACbrV,EAAEqX,iBAAiBrB,EAAaD,eAEpCkB,EAAuBK,mBAAmBtX,GACpCA,GAeqBvE,6BAACgC,GAChC8H,KAAKiI,OAAOsI,KAAK,gCAAiCrY,EAAQsY,eAC1D,MAAMC,EAAwC,IACvCvY,WACO8H,KAAK0Q,sBAAsBxY,IAEzC,IACI,MAAM6iB,QAAyB/a,KAAKkR,8BAChCT,EAAavU,UACbuU,EAAaD,mBACbW,OACAA,EACAjZ,EAAQ+E,mBAEN+d,EAAY,IAAIC,mBAAiBF,GAEvC,OADA/a,KAAKiI,OAAO+E,QAAQ,8BAA+ByD,EAAaD,eACzDwK,EAAUnJ,aAAapB,GAChC,MAAOhW,GAIL,MAHIA,aAAaqV,aACbrV,EAAEqX,iBAAiBrB,EAAaD,eAE9B/V,GAINuf,oBAAoB9J,GACxB,MAAMgL,GAAwBzZ,cAAYC,QAAQwO,EAAc7R,KAAKjC,cAC/D+e,GAA2B1Z,cAAYC,QAAQwO,EAAc7R,KAAKhC,iBAClE+e,EAAclL,EAAc7R,KAAK/B,mBAAqB,CACxDC,WAAYP,YAAUC,aACtBO,WAAYR,YAAUC,cAEpBof,GAAuB5Z,cAAYC,QAAQ0Z,EAAY7e,cAAgBkF,cAAYC,QAAQ0Z,EAAY5e,YAM7G,IAAIwD,KAAKia,iBAAT,CAKA,GACIiB,GAAwBC,GACxBA,GAA2BE,GAC3BH,GAAwBG,EACxB,MAAMrI,kBAAgBsI,+BAG1B,GAAIpL,EAAc7R,KAAKjC,aACnB4D,KAAK5D,aAAe8T,EAAc7R,KAAKjC,kBAI3C,GAAI8T,EAAc7R,KAAKhC,gBACnB2D,KAAK3D,gBAAkB+b,EAAgBmD,cAAcrL,EAAc7R,KAAKhC,qBAD5E,CAKA,IAAKgf,EACD,MAAMrI,kBAAgBsI,+BACnB,MACHtb,KAAK3D,gBAAkB+b,EAAgBoD,gBAAgBJ,EAAY7e,WAAY6e,EAAY5e,oBAAY0T,EAAc7R,KAAK/B,0BAAnBmf,EAAsChf,iEClMzJ,MASIsD,YAAY2b,EAAsBC,GAC9B3b,KAAK0b,OAASA,EACd1b,KAAK2b,iBAAmBA,EAGEzlB,wBAACgY,GAC3B,MAAM0N,QAAqB5b,KAAK2b,iBAAiBE,SAC3CC,QAAkB9b,KAAK0b,OAAOK,IAAIH,GACxC1N,EAAaoC,WAAWxC,YAAYgO,GAGX5lB,uBAACgY,GAC1B,GAAIA,EAAab,gBAAiB,CAC9B,MAAM2O,EAAW9N,EAAaoC,WAA0BrC,aAClDgO,EAAkBthB,OAAOuhB,OAAOF,GAAStQ,OAAOtC,GAASjG,gBAAcoG,gBAAgBH,IAE7F,GAAI6S,EAAgBtkB,OAAS,EAAG,CAC5B,MAAMsP,EAAgBgV,EAAgB,GAChCL,QAAqB5b,KAAK2b,iBAAiBQ,WAAWlV,SAEtDjH,KAAK0b,OAAOhhB,IAAIkhB,EAAc1N,EAAaoC,WAAW5C,qFCF/BuC,EAkBzClQ,YAAYmQ,GACR/H,MAAM+H,GAY2Bha,+BAACgC,GAClC8H,KAAKiI,OAAOsI,KAAK,kCAAmCrY,EAAQsY,eAC5D,MAAMC,EAAwC9V,OAAOwe,OAAOjhB,QAAgB8H,KAAK0Q,sBAAsBxY,IACjGwZ,EAAyB1R,KAAK2R,iCAAiC3b,EAAMomB,yBAA0B3L,EAAaD,eAClH,IACI,MAAM6L,QAAyBrc,KAAKkR,8BAChCT,EAAavU,UACbuU,EAAaD,cACbkB,OACAP,EACAjZ,EAAQ+E,mBAENqf,EAAmB,IAAIC,mBAAiBF,GAE9C,OADArc,KAAKiI,OAAO+E,QAAQ,6BAA8ByD,EAAaD,eACxD8L,EAAiBzK,aAAapB,GACvC,MAAOhW,GAKL,MAJIA,aAAaqV,aACbrV,EAAEqX,iBAAiBrB,EAAaD,eAEpCkB,EAAuBK,mBAAmBtX,GACpCA,GAOevE,8BAACgC,GAC1B,MAAMgI,SAAEA,EAAFE,UAAYA,SAAoBJ,KAAKoQ,eAAenP,qBACpDub,YAAEA,EAAFtG,gBAAeA,EAAfC,cAAgCA,KAAkBsG,GAAwBvkB,EAE1EwkB,EAAiB,IAAIzG,EACrBK,EAAmBoG,EAAeC,kBAAkBzG,EAAiBC,GACrEe,EAAcwF,EAAevF,iBAE7B1G,EAAwC,IACvCgM,EACHrH,OAAQld,EAAQkd,QAAUC,sBAC1B6B,YAAaA,EACbvG,aAAcC,eAAaC,MAC3B+L,cAAexc,EACfyc,oBAAqBC,4BAA0BC,MAG7CC,QAAoBhd,KAAKsR,eAAeb,SACxC+L,EAAYQ,GAClB,MAAMlG,QAAyBR,EAAiB2G,QAAQ,KACpDP,EAAezE,gBAGnB,GAAInB,EAAiBzb,MACjB,MAAM,IAAI6hB,cAAYpG,EAAiBzb,MAAOyb,EAAiBlb,kBAAmBkb,EAAiBqG,UAChG,IAAKrG,EAAiBG,KACzB,MAAMpH,EAAcuN,kCAGxB,MACMC,EAAyC,CAC3CpG,KAAMH,EAAiBG,KACvBtW,aAAcT,EACd0C,WAJekU,EAAiBjU,aAIN+T,YAAgB3a,gBACvCwU,GAEP,OAAOzQ,KAAK4R,mBAAmByL,0EL5HhB"}
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/msal-node.esm.js 0 → 100644
View file @ 3a84cbd5
import { Constants as Constants$1, ProtocolMode, AzureCloudInstance, LogLevel, StringUtils, AccountEntity, CacheManager, IdTokenEntity, AccessTokenEntity, RefreshTokenEntity, AppMetadataEntity, ServerTelemetryEntity, AuthorityMetadataEntity, ThrottlingEntity, TokenCacheContext, AuthError, Logger, ResponseMode, AuthenticationScheme, AuthorizationCodeClient, RefreshTokenClient, SilentFlowClient, UsernamePasswordClient, ClientAuthError, OIDC_DEFAULT_SCOPES, ServerTelemetryManager, Authority, AuthorityFactory, UrlString, DeviceCodeClient, ServerError, CodeChallengeMethodValues, TimeUtils, ClientCredentialClient, OnBehalfOfClient } from '@azure/msal-common';
export { AuthError, AuthErrorMessage, AzureCloudInstance, ClientAuthError, ClientAuthErrorMessage, ClientConfigurationError, ClientConfigurationErrorMessage, InteractionRequiredAuthError, InteractionRequiredAuthErrorMessage, LogLevel, Logger, PromptValue, ProtocolMode, ResponseMode, ServerError, TokenCacheContext } from '@azure/msal-common';
import http, { createServer } from 'http';
import https from 'https';
import { v4 } from 'uuid';
import crypto from 'crypto';
import { sign } from 'jsonwebtoken';
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* http methods
*/
var HttpMethod;
(function (HttpMethod) {
HttpMethod["GET"] = "get";
HttpMethod["POST"] = "post";
})(HttpMethod || (HttpMethod = {}));
var HttpStatus;
(function (HttpStatus) {
HttpStatus[HttpStatus["SUCCESS_RANGE_START"] = 200] = "SUCCESS_RANGE_START";
HttpStatus[HttpStatus["SUCCESS_RANGE_END"] = 299] = "SUCCESS_RANGE_END";
HttpStatus[HttpStatus["REDIRECT"] = 302] = "REDIRECT";
HttpStatus[HttpStatus["CLIENT_ERROR_RANGE_START"] = 400] = "CLIENT_ERROR_RANGE_START";
HttpStatus[HttpStatus["CLIENT_ERROR_RANGE_END"] = 499] = "CLIENT_ERROR_RANGE_END";
HttpStatus[HttpStatus["SERVER_ERROR_RANGE_START"] = 500] = "SERVER_ERROR_RANGE_START";
HttpStatus[HttpStatus["SERVER_ERROR_RANGE_END"] = 599] = "SERVER_ERROR_RANGE_END";
})(HttpStatus || (HttpStatus = {}));
var ProxyStatus;
(function (ProxyStatus) {
ProxyStatus[ProxyStatus["SUCCESS_RANGE_START"] = 200] = "SUCCESS_RANGE_START";
ProxyStatus[ProxyStatus["SUCCESS_RANGE_END"] = 299] = "SUCCESS_RANGE_END";
ProxyStatus[ProxyStatus["SERVER_ERROR"] = 500] = "SERVER_ERROR";
})(ProxyStatus || (ProxyStatus = {}));
/**
* Constants used for region discovery
*/
const REGION_ENVIRONMENT_VARIABLE = "REGION_NAME";
/**
* Constant used for PKCE
*/
const RANDOM_OCTET_SIZE = 32;
/**
* Constants used in PKCE
*/
const Hash = {
SHA256: "sha256"
};
/**
* Constants for encoding schemes
*/
const CharSet = {
CV_CHARSET: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~"
};
/**
* Constants
*/
const Constants = {
MSAL_SKU: "msal.js.node",
JWT_BEARER_ASSERTION_TYPE: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
AUTHORIZATION_PENDING: "authorization_pending",
HTTP_PROTOCOL: "http://",
LOCALHOST: "localhost"
};
/**
* API Codes for Telemetry purposes.
* Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs
* 0-99 Silent Flow
* 600-699 Device Code Flow
* 800-899 Auth Code Flow
*/
var ApiId;
(function (ApiId) {
ApiId[ApiId["acquireTokenSilent"] = 62] = "acquireTokenSilent";
ApiId[ApiId["acquireTokenByUsernamePassword"] = 371] = "acquireTokenByUsernamePassword";
ApiId[ApiId["acquireTokenByDeviceCode"] = 671] = "acquireTokenByDeviceCode";
ApiId[ApiId["acquireTokenByClientCredential"] = 771] = "acquireTokenByClientCredential";
ApiId[ApiId["acquireTokenByCode"] = 871] = "acquireTokenByCode";
ApiId[ApiId["acquireTokenByRefreshToken"] = 872] = "acquireTokenByRefreshToken";
})(ApiId || (ApiId = {}));
/**
* JWT constants
*/
const JwtConstants = {
ALGORITHM: "alg",
RSA_256: "RS256",
X5T: "x5t",
X5C: "x5c",
AUDIENCE: "aud",
EXPIRATION_TIME: "exp",
ISSUER: "iss",
SUBJECT: "sub",
NOT_BEFORE: "nbf",
JWT_ID: "jti"
};
const LOOPBACK_SERVER_CONSTANTS = {
INTERVAL_MS: 100,
TIMEOUT_MS: 5000
};
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class NetworkUtils {
static getNetworkResponse(headers, body, statusCode) {
return {
headers: headers,
body: body,
status: statusCode
};
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class implements the API for network requests.
*/
class HttpClient {
/**
* Http Get request
* @param url
* @param options
*/
async sendGetRequestAsync(url, options) {
if (options != null && options.proxyUrl) {
return networkRequestViaProxy(url, HttpMethod.GET, options);
} else {
return networkRequestViaHttps(url, HttpMethod.GET, options);
}
}
/**
* Http Post request
* @param url
* @param options
*/
async sendPostRequestAsync(url, options, cancellationToken) {
if (options != null && options.proxyUrl) {
return networkRequestViaProxy(url, HttpMethod.POST, options, cancellationToken);
} else {
return networkRequestViaHttps(url, HttpMethod.POST, options, cancellationToken);
}
}
}
const networkRequestViaProxy = (url, httpMethod, options, timeout) => {
const headers = (options == null ? void 0 : options.headers) || {};
const proxyUrl = new URL((options == null ? void 0 : options.proxyUrl) || "");
const destinationUrl = new URL(url); // "method: connect" must be used to establish a connection to the proxy
const tunnelRequestOptions = {
host: proxyUrl.hostname,
port: proxyUrl.port,
method: "CONNECT",
path: destinationUrl.hostname,
headers: headers
};
if (timeout) {
tunnelRequestOptions.timeout = timeout;
} // compose a request string for the socket
let postRequestStringContent = "";
if (httpMethod === HttpMethod.POST) {
const body = (options == null ? void 0 : options.body) || "";
postRequestStringContent = "Content-Type: application/x-www-form-urlencoded\r\n" + `Content-Length: ${body.length}\r\n` + `\r\n${body}`;
}
const outgoingRequestString = `${httpMethod.toUpperCase()} ${destinationUrl.href} HTTP/1.1\r\n` + `Host: ${destinationUrl.host}\r\n` + "Connection: close\r\n" + postRequestStringContent + "\r\n";
return new Promise((resolve, reject) => {
const request = http.request(tunnelRequestOptions);
if (tunnelRequestOptions.timeout) {
request.on("timeout", () => {
request.destroy();
reject(new Error("Request time out"));
});
}
request.end(); // establish connection to the proxy
request.on("connect", (response, socket) => {
const proxyStatusCode = (response == null ? void 0 : response.statusCode) || ProxyStatus.SERVER_ERROR;
if (proxyStatusCode < ProxyStatus.SUCCESS_RANGE_START || proxyStatusCode > ProxyStatus.SUCCESS_RANGE_END) {
request.destroy();
socket.destroy();
reject(new Error(`Error connecting to proxy. Http status code: ${response.statusCode}. Http status message: ${(response == null ? void 0 : response.statusMessage) || "Unknown"}`));
}
if (tunnelRequestOptions.timeout) {
socket.setTimeout(tunnelRequestOptions.timeout);
socket.on("timeout", () => {
request.destroy();
socket.destroy();
reject(new Error("Request time out"));
});
} // make a request over an HTTP tunnel
socket.write(outgoingRequestString);
const data = [];
socket.on("data", chunk => {
data.push(chunk);
});
socket.on("end", () => {
// combine all received buffer streams into one buffer, and then into a string
const dataString = Buffer.concat([...data]).toString(); // separate each line into it's own entry in an arry
const dataStringArray = dataString.split("\r\n"); // the first entry will contain the statusCode and statusMessage
const httpStatusCode = parseInt(dataStringArray[0].split(" ")[1]); // remove "HTTP/1.1" and the status code to get the status message
const statusMessage = dataStringArray[0].split(" ").slice(2).join(" "); // the last entry will contain the body
const body = dataStringArray[dataStringArray.length - 1]; // everything in between the first and last entries are the headers
const headersArray = dataStringArray.slice(1, dataStringArray.length - 2); // build an object out of all the headers
const entries = new Map();
headersArray.forEach(header => {
/**
* the header might look like "Content-Length: 1531", but that is just a string
* it needs to be converted to a key/value pair
* split the string at the first instance of ":"
* there may be more than one ":" if the value of the header is supposed to be a JSON object
*/
const headerKeyValue = header.split(new RegExp(/:\s(.*)/s));
const headerKey = headerKeyValue[0];
let headerValue = headerKeyValue[1]; // check if the value of the header is supposed to be a JSON object
try {
const object = JSON.parse(headerValue); // if it is, then convert it from a string to a JSON object
if (object && typeof object === "object") {
headerValue = object;
}
} catch (e) {// otherwise, leave it as a string
}
entries.set(headerKey, headerValue);
});
const headers = Object.fromEntries(entries);
const parsedHeaders = headers;
const networkResponse = NetworkUtils.getNetworkResponse(parsedHeaders, parseBody(httpStatusCode, statusMessage, parsedHeaders, body), httpStatusCode);
if ((httpStatusCode < HttpStatus.SUCCESS_RANGE_START || httpStatusCode > HttpStatus.SUCCESS_RANGE_END) && // do not destroy the request for the device code flow
networkResponse.body["error"] !== Constants.AUTHORIZATION_PENDING) {
request.destroy();
}
resolve(networkResponse);
});
socket.on("error", chunk => {
request.destroy();
socket.destroy();
reject(new Error(chunk.toString()));
});
});
request.on("error", chunk => {
request.destroy();
reject(new Error(chunk.toString()));
});
});
};
const networkRequestViaHttps = (url, httpMethod, options, timeout) => {
const isPostRequest = httpMethod === HttpMethod.POST;
const body = (options == null ? void 0 : options.body) || "";
const emptyHeaders = {};
const customOptions = {
method: httpMethod,
headers: (options == null ? void 0 : options.headers) || emptyHeaders
};
if (timeout) {
customOptions.timeout = timeout;
}
if (isPostRequest) {
// needed for post request to work
customOptions.headers = { ...customOptions.headers,
"Content-Length": body.length
};
}
return new Promise((resolve, reject) => {
const request = https.request(url, customOptions);
if (timeout) {
request.on("timeout", () => {
request.destroy();
reject(new Error("Request time out"));
});
}
if (isPostRequest) {
request.write(body);
}
request.end();
request.on("response", response => {
const headers = response.headers;
const statusCode = response.statusCode;
const statusMessage = response.statusMessage;
const data = [];
response.on("data", chunk => {
data.push(chunk);
});
response.on("end", () => {
// combine all received buffer streams into one buffer, and then into a string
const body = Buffer.concat([...data]).toString();
const parsedHeaders = headers;
const networkResponse = NetworkUtils.getNetworkResponse(parsedHeaders, parseBody(statusCode, statusMessage, parsedHeaders, body), statusCode);
if ((statusCode < HttpStatus.SUCCESS_RANGE_START || statusCode > HttpStatus.SUCCESS_RANGE_END) && // do not destroy the request for the device code flow
networkResponse.body["error"] !== Constants.AUTHORIZATION_PENDING) {
request.destroy();
}
resolve(networkResponse);
});
});
request.on("error", chunk => {
request.destroy();
reject(new Error(chunk.toString()));
});
});
};
/**
* Check if extra parsing is needed on the repsonse from the server
* @param statusCode {number} the status code of the response from the server
* @param statusMessage {string | undefined} the status message of the response from the server
* @param headers {Record<string, string>} the headers of the response from the server
* @param body {string} the body from the response of the server
* @returns {Object} JSON parsed body or error object
*/
const parseBody = (statusCode, statusMessage, headers, body) => {
/*
* Informational responses (100 – 199)
* Successful responses (200 – 299)
* Redirection messages (300 – 399)
* Client error responses (400 – 499)
* Server error responses (500 – 599)
*/
let parsedBody;
try {
parsedBody = JSON.parse(body);
} catch (error) {
let errorType;
let errorDescriptionHelper;
if (statusCode >= HttpStatus.CLIENT_ERROR_RANGE_START && statusCode <= HttpStatus.CLIENT_ERROR_RANGE_END) {
errorType = "client_error";
errorDescriptionHelper = "A client";
} else if (statusCode >= HttpStatus.SERVER_ERROR_RANGE_START && statusCode <= HttpStatus.SERVER_ERROR_RANGE_END) {
errorType = "server_error";
errorDescriptionHelper = "A server";
} else {
errorType = "unknown_error";
errorDescriptionHelper = "An unknown";
}
parsedBody = {
error: errorType,
error_description: `${errorDescriptionHelper} error occured.\nHttp status code: ${statusCode}\nHttp status message: ${statusMessage || "Unknown"}\nHeaders: ${JSON.stringify(headers)}`
};
}
return parsedBody;
};
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
const DEFAULT_AUTH_OPTIONS = {
clientId: Constants$1.EMPTY_STRING,
authority: Constants$1.DEFAULT_AUTHORITY,
clientSecret: Constants$1.EMPTY_STRING,
clientAssertion: Constants$1.EMPTY_STRING,
clientCertificate: {
thumbprint: Constants$1.EMPTY_STRING,
privateKey: Constants$1.EMPTY_STRING,
x5c: Constants$1.EMPTY_STRING
},
knownAuthorities: [],
cloudDiscoveryMetadata: Constants$1.EMPTY_STRING,
authorityMetadata: Constants$1.EMPTY_STRING,
clientCapabilities: [],
protocolMode: ProtocolMode.AAD,
azureCloudOptions: {
azureCloudInstance: AzureCloudInstance.None,
tenant: Constants$1.EMPTY_STRING
},
skipAuthorityMetadataCache: false
};
const DEFAULT_CACHE_OPTIONS = {};
const DEFAULT_LOGGER_OPTIONS = {
loggerCallback: () => {// allow users to not set logger call back
},
piiLoggingEnabled: false,
logLevel: LogLevel.Info
};
const DEFAULT_SYSTEM_OPTIONS = {
loggerOptions: DEFAULT_LOGGER_OPTIONS,
networkClient: /*#__PURE__*/new HttpClient(),
proxyUrl: Constants$1.EMPTY_STRING
};
const DEFAULT_TELEMETRY_OPTIONS = {
application: {
appName: Constants$1.EMPTY_STRING,
appVersion: Constants$1.EMPTY_STRING
}
};
/**
* Sets the default options when not explicitly configured from app developer
*
* @param auth - Authentication options
* @param cache - Cache options
* @param system - System options
* @param telemetry - Telemetry options
*
* @returns Configuration
* @public
*/
function buildAppConfiguration({
auth,
cache,
system,
telemetry
}) {
return {
auth: { ...DEFAULT_AUTH_OPTIONS,
...auth
},
cache: { ...DEFAULT_CACHE_OPTIONS,
...cache
},
system: { ...DEFAULT_SYSTEM_OPTIONS,
...system
},
telemetry: { ...DEFAULT_TELEMETRY_OPTIONS,
...telemetry
}
};
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class GuidGenerator {
/**
*
* RFC4122: The version 4 UUID is meant for generating UUIDs from truly-random or pseudo-random numbers.
* uuidv4 generates guids from cryprtographically-string random
*/
generateGuid() {
return v4();
}
/**
* verifies if a string is GUID
* @param guid
*/
isGuid(guid) {
const regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
return regexGuid.test(guid);
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class EncodingUtils {
/**
* 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.
* 'base64': Base64 encoding.
*
* @param str text
*/
static base64Encode(str, encoding) {
return Buffer.from(str, encoding).toString("base64");
}
/**
* encode a URL
* @param str
*/
static base64EncodeUrl(str, encoding) {
return EncodingUtils.base64Encode(str, encoding).replace(/=/g, Constants$1.EMPTY_STRING).replace(/\+/g, "-").replace(/\//g, "_");
}
/**
* 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.
* 'base64': Base64 encoding.
*
* @param base64Str Base64 encoded text
*/
static base64Decode(base64Str) {
return Buffer.from(base64Str, "base64").toString("utf8");
}
/**
* @param base64Str Base64 encoded Url
*/
static base64DecodeUrl(base64Str) {
let str = base64Str.replace(/-/g, "+").replace(/_/g, "/");
while (str.length % 4) {
str += "=";
}
return EncodingUtils.base64Decode(str);
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class HashUtils {
/**
* generate 'SHA256' hash
* @param buffer
*/
sha256(buffer) {
return crypto.createHash(Hash.SHA256).update(buffer).digest();
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* https://tools.ietf.org/html/rfc7636#page-8
*/
class PkceGenerator {
constructor() {
this.hashUtils = new HashUtils();
}
/**
* generates the codeVerfier and the challenge from the codeVerfier
* reference: https://tools.ietf.org/html/rfc7636#section-4.1 and https://tools.ietf.org/html/rfc7636#section-4.2
*/
async generatePkceCodes() {
const verifier = this.generateCodeVerifier();
const challenge = this.generateCodeChallengeFromVerifier(verifier);
return {
verifier,
challenge
};
}
/**
* generates the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.1
*/
generateCodeVerifier() {
const charArr = [];
const maxNumber = 256 - 256 % CharSet.CV_CHARSET.length;
while (charArr.length <= RANDOM_OCTET_SIZE) {
const byte = crypto.randomBytes(1)[0];
if (byte >= maxNumber) {
/*
* Ignore this number to maintain randomness.
* Including it would result in an unequal distribution of characters after doing the modulo
*/
continue;
}
const index = byte % CharSet.CV_CHARSET.length;
charArr.push(CharSet.CV_CHARSET[index]);
}
const verifier = charArr.join(Constants$1.EMPTY_STRING);
return EncodingUtils.base64EncodeUrl(verifier);
}
/**
* generate the challenge from the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.2
* @param codeVerifier
*/
generateCodeChallengeFromVerifier(codeVerifier) {
return EncodingUtils.base64EncodeUrl(this.hashUtils.sha256(codeVerifier).toString("base64"), "base64");
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class implements MSAL node's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and
* implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).
* @public
*/
class CryptoProvider {
constructor() {
// Browser crypto needs to be validated first before any other classes can be set.
this.pkceGenerator = new PkceGenerator();
this.guidGenerator = new GuidGenerator();
this.hashUtils = new HashUtils();
}
/**
* Creates a new random GUID - used to populate state and nonce.
* @returns string (GUID)
*/
createNewGuid() {
return this.guidGenerator.generateGuid();
}
/**
* Encodes input string to base64.
* @param input - string to be encoded
*/
base64Encode(input) {
return EncodingUtils.base64Encode(input);
}
/**
* Decodes input string from base64.
* @param input - string to be decoded
*/
base64Decode(input) {
return EncodingUtils.base64Decode(input);
}
/**
* Generates PKCE codes used in Authorization Code Flow.
*/
generatePkceCodes() {
return this.pkceGenerator.generatePkceCodes();
}
/**
* Generates a keypair, stores it and returns a thumbprint - not yet implemented for node
*/
getPublicKeyThumbprint() {
throw new Error("Method not implemented.");
}
/**
* Removes cryptographic keypair from key store matching the keyId passed in
* @param kid
*/
removeTokenBindingKey() {
throw new Error("Method not implemented.");
}
/**
* Removes all cryptographic keys from Keystore
*/
clearKeystore() {
throw new Error("Method not implemented.");
}
/**
* Signs the given object as a jwt payload with private key retrieved by given kid - currently not implemented for node
*/
signJwt() {
throw new Error("Method not implemented.");
}
/**
* Returns the SHA-256 hash of an input string
*/
async hashString(plainText) {
return EncodingUtils.base64EncodeUrl(this.hashUtils.sha256(plainText).toString("base64"), "base64");
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class deserializes cache entities read from the file into in memory object types defined internally
*/
class Deserializer {
/**
* Parse the JSON blob in memory and deserialize the content
* @param cachedJson
*/
static deserializeJSONBlob(jsonFile) {
const deserializedCache = StringUtils.isEmpty(jsonFile) ? {} : JSON.parse(jsonFile);
return deserializedCache;
}
/**
* Deserializes accounts to AccountEntity objects
* @param accounts
*/
static deserializeAccounts(accounts) {
const accountObjects = {};
if (accounts) {
Object.keys(accounts).map(function (key) {
const serializedAcc = accounts[key];
const mappedAcc = {
homeAccountId: serializedAcc.home_account_id,
environment: serializedAcc.environment,
realm: serializedAcc.realm,
localAccountId: serializedAcc.local_account_id,
username: serializedAcc.username,
authorityType: serializedAcc.authority_type,
name: serializedAcc.name,
clientInfo: serializedAcc.client_info,
lastModificationTime: serializedAcc.last_modification_time,
lastModificationApp: serializedAcc.last_modification_app
};
const account = new AccountEntity();
CacheManager.toObject(account, mappedAcc);
accountObjects[key] = account;
});
}
return accountObjects;
}
/**
* Deserializes id tokens to IdTokenEntity objects
* @param idTokens
*/
static deserializeIdTokens(idTokens) {
const idObjects = {};
if (idTokens) {
Object.keys(idTokens).map(function (key) {
const serializedIdT = idTokens[key];
const mappedIdT = {
homeAccountId: serializedIdT.home_account_id,
environment: serializedIdT.environment,
credentialType: serializedIdT.credential_type,
clientId: serializedIdT.client_id,
secret: serializedIdT.secret,
realm: serializedIdT.realm
};
const idToken = new IdTokenEntity();
CacheManager.toObject(idToken, mappedIdT);
idObjects[key] = idToken;
});
}
return idObjects;
}
/**
* Deserializes access tokens to AccessTokenEntity objects
* @param accessTokens
*/
static deserializeAccessTokens(accessTokens) {
const atObjects = {};
if (accessTokens) {
Object.keys(accessTokens).map(function (key) {
const serializedAT = accessTokens[key];
const mappedAT = {
homeAccountId: serializedAT.home_account_id,
environment: serializedAT.environment,
credentialType: serializedAT.credential_type,
clientId: serializedAT.client_id,
secret: serializedAT.secret,
realm: serializedAT.realm,
target: serializedAT.target,
cachedAt: serializedAT.cached_at,
expiresOn: serializedAT.expires_on,
extendedExpiresOn: serializedAT.extended_expires_on,
refreshOn: serializedAT.refresh_on,
keyId: serializedAT.key_id,
tokenType: serializedAT.token_type,
requestedClaims: serializedAT.requestedClaims,
requestedClaimsHash: serializedAT.requestedClaimsHash,
userAssertionHash: serializedAT.userAssertionHash
};
const accessToken = new AccessTokenEntity();
CacheManager.toObject(accessToken, mappedAT);
atObjects[key] = accessToken;
});
}
return atObjects;
}
/**
* Deserializes refresh tokens to RefreshTokenEntity objects
* @param refreshTokens
*/
static deserializeRefreshTokens(refreshTokens) {
const rtObjects = {};
if (refreshTokens) {
Object.keys(refreshTokens).map(function (key) {
const serializedRT = refreshTokens[key];
const mappedRT = {
homeAccountId: serializedRT.home_account_id,
environment: serializedRT.environment,
credentialType: serializedRT.credential_type,
clientId: serializedRT.client_id,
secret: serializedRT.secret,
familyId: serializedRT.family_id,
target: serializedRT.target,
realm: serializedRT.realm
};
const refreshToken = new RefreshTokenEntity();
CacheManager.toObject(refreshToken, mappedRT);
rtObjects[key] = refreshToken;
});
}
return rtObjects;
}
/**
* Deserializes appMetadata to AppMetaData objects
* @param appMetadata
*/
static deserializeAppMetadata(appMetadata) {
const appMetadataObjects = {};
if (appMetadata) {
Object.keys(appMetadata).map(function (key) {
const serializedAmdt = appMetadata[key];
const mappedAmd = {
clientId: serializedAmdt.client_id,
environment: serializedAmdt.environment,
familyId: serializedAmdt.family_id
};
const amd = new AppMetadataEntity();
CacheManager.toObject(amd, mappedAmd);
appMetadataObjects[key] = amd;
});
}
return appMetadataObjects;
}
/**
* Deserialize an inMemory Cache
* @param jsonCache
*/
static deserializeAllCache(jsonCache) {
return {
accounts: jsonCache.Account ? this.deserializeAccounts(jsonCache.Account) : {},
idTokens: jsonCache.IdToken ? this.deserializeIdTokens(jsonCache.IdToken) : {},
accessTokens: jsonCache.AccessToken ? this.deserializeAccessTokens(jsonCache.AccessToken) : {},
refreshTokens: jsonCache.RefreshToken ? this.deserializeRefreshTokens(jsonCache.RefreshToken) : {},
appMetadata: jsonCache.AppMetadata ? this.deserializeAppMetadata(jsonCache.AppMetadata) : {}
};
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class Serializer {
/**
* serialize the JSON blob
* @param data
*/
static serializeJSONBlob(data) {
return JSON.stringify(data);
}
/**
* Serialize Accounts
* @param accCache
*/
static serializeAccounts(accCache) {
const accounts = {};
Object.keys(accCache).map(function (key) {
const accountEntity = accCache[key];
accounts[key] = {
home_account_id: accountEntity.homeAccountId,
environment: accountEntity.environment,
realm: accountEntity.realm,
local_account_id: accountEntity.localAccountId,
username: accountEntity.username,
authority_type: accountEntity.authorityType,
name: accountEntity.name,
client_info: accountEntity.clientInfo,
last_modification_time: accountEntity.lastModificationTime,
last_modification_app: accountEntity.lastModificationApp
};
});
return accounts;
}
/**
* Serialize IdTokens
* @param idTCache
*/
static serializeIdTokens(idTCache) {
const idTokens = {};
Object.keys(idTCache).map(function (key) {
const idTEntity = idTCache[key];
idTokens[key] = {
home_account_id: idTEntity.homeAccountId,
environment: idTEntity.environment,
credential_type: idTEntity.credentialType,
client_id: idTEntity.clientId,
secret: idTEntity.secret,
realm: idTEntity.realm
};
});
return idTokens;
}
/**
* Serializes AccessTokens
* @param atCache
*/
static serializeAccessTokens(atCache) {
const accessTokens = {};
Object.keys(atCache).map(function (key) {
const atEntity = atCache[key];
accessTokens[key] = {
home_account_id: atEntity.homeAccountId,
environment: atEntity.environment,
credential_type: atEntity.credentialType,
client_id: atEntity.clientId,
secret: atEntity.secret,
realm: atEntity.realm,
target: atEntity.target,
cached_at: atEntity.cachedAt,
expires_on: atEntity.expiresOn,
extended_expires_on: atEntity.extendedExpiresOn,
refresh_on: atEntity.refreshOn,
key_id: atEntity.keyId,
token_type: atEntity.tokenType,
requestedClaims: atEntity.requestedClaims,
requestedClaimsHash: atEntity.requestedClaimsHash,
userAssertionHash: atEntity.userAssertionHash
};
});
return accessTokens;
}
/**
* Serialize refreshTokens
* @param rtCache
*/
static serializeRefreshTokens(rtCache) {
const refreshTokens = {};
Object.keys(rtCache).map(function (key) {
const rtEntity = rtCache[key];
refreshTokens[key] = {
home_account_id: rtEntity.homeAccountId,
environment: rtEntity.environment,
credential_type: rtEntity.credentialType,
client_id: rtEntity.clientId,
secret: rtEntity.secret,
family_id: rtEntity.familyId,
target: rtEntity.target,
realm: rtEntity.realm
};
});
return refreshTokens;
}
/**
* Serialize amdtCache
* @param amdtCache
*/
static serializeAppMetadata(amdtCache) {
const appMetadata = {};
Object.keys(amdtCache).map(function (key) {
const amdtEntity = amdtCache[key];
appMetadata[key] = {
client_id: amdtEntity.clientId,
environment: amdtEntity.environment,
family_id: amdtEntity.familyId
};
});
return appMetadata;
}
/**
* Serialize the cache
* @param jsonContent
*/
static serializeAllCache(inMemCache) {
return {
Account: this.serializeAccounts(inMemCache.accounts),
IdToken: this.serializeIdTokens(inMemCache.idTokens),
AccessToken: this.serializeAccessTokens(inMemCache.accessTokens),
RefreshToken: this.serializeRefreshTokens(inMemCache.refreshTokens),
AppMetadata: this.serializeAppMetadata(inMemCache.appMetadata)
};
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class implements Storage for node, reading cache from user specified storage location or an extension library
* @public
*/
class NodeStorage extends CacheManager {
constructor(logger, clientId, cryptoImpl) {
super(clientId, cryptoImpl);
this.cache = {};
this.changeEmitters = [];
this.logger = logger;
}
/**
* Queue up callbacks
* @param func - a callback function for cache change indication
*/
registerChangeEmitter(func) {
this.changeEmitters.push(func);
}
/**
* Invoke the callback when cache changes
*/
emitChange() {
this.changeEmitters.forEach(func => func.call(null));
}
/**
* Converts cacheKVStore to InMemoryCache
* @param cache - key value store
*/
cacheToInMemoryCache(cache) {
const inMemoryCache = {
accounts: {},
idTokens: {},
accessTokens: {},
refreshTokens: {},
appMetadata: {}
};
for (const key in cache) {
if (cache[key] instanceof AccountEntity) {
inMemoryCache.accounts[key] = cache[key];
} else if (cache[key] instanceof IdTokenEntity) {
inMemoryCache.idTokens[key] = cache[key];
} else if (cache[key] instanceof AccessTokenEntity) {
inMemoryCache.accessTokens[key] = cache[key];
} else if (cache[key] instanceof RefreshTokenEntity) {
inMemoryCache.refreshTokens[key] = cache[key];
} else if (cache[key] instanceof AppMetadataEntity) {
inMemoryCache.appMetadata[key] = cache[key];
} else {
continue;
}
}
return inMemoryCache;
}
/**
* converts inMemoryCache to CacheKVStore
* @param inMemoryCache - kvstore map for inmemory
*/
inMemoryCacheToCache(inMemoryCache) {
// convert in memory cache to a flat Key-Value map
let cache = this.getCache();
cache = { ...cache,
...inMemoryCache.accounts,
...inMemoryCache.idTokens,
...inMemoryCache.accessTokens,
...inMemoryCache.refreshTokens,
...inMemoryCache.appMetadata
}; // convert in memory cache to a flat Key-Value map
return cache;
}
/**
* gets the current in memory cache for the client
*/
getInMemoryCache() {
this.logger.trace("Getting in-memory cache"); // convert the cache key value store to inMemoryCache
const inMemoryCache = this.cacheToInMemoryCache(this.getCache());
return inMemoryCache;
}
/**
* sets the current in memory cache for the client
* @param inMemoryCache - key value map in memory
*/
setInMemoryCache(inMemoryCache) {
this.logger.trace("Setting in-memory cache"); // convert and append the inMemoryCache to cacheKVStore
const cache = this.inMemoryCacheToCache(inMemoryCache);
this.setCache(cache);
this.emitChange();
}
/**
* get the current cache key-value store
*/
getCache() {
this.logger.trace("Getting cache key-value store");
return this.cache;
}
/**
* sets the current cache (key value store)
* @param cacheMap - key value map
*/
setCache(cache) {
this.logger.trace("Setting cache key value store");
this.cache = cache; // mark change in cache
this.emitChange();
}
/**
* Gets cache item with given key.
* @param key - lookup key for the cache entry
*/
getItem(key) {
this.logger.tracePii(`Item key: ${key}`); // read cache
const cache = this.getCache();
return cache[key];
}
/**
* Gets cache item with given key-value
* @param key - lookup key for the cache entry
* @param value - value of the cache entry
*/
setItem(key, value) {
this.logger.tracePii(`Item key: ${key}`); // read cache
const cache = this.getCache();
cache[key] = value; // write to cache
this.setCache(cache);
}
/**
* fetch the account entity
* @param accountKey - lookup key to fetch cache type AccountEntity
*/
getAccount(accountKey) {
const account = this.getItem(accountKey);
if (AccountEntity.isAccountEntity(account)) {
return account;
}
return null;
}
/**
* set account entity
* @param account - cache value to be set of type AccountEntity
*/
setAccount(account) {
const accountKey = account.generateAccountKey();
this.setItem(accountKey, account);
}
/**
* fetch the idToken credential
* @param idTokenKey - lookup key to fetch cache type IdTokenEntity
*/
getIdTokenCredential(idTokenKey) {
const idToken = this.getItem(idTokenKey);
if (IdTokenEntity.isIdTokenEntity(idToken)) {
return idToken;
}
return null;
}
/**
* set idToken credential
* @param idToken - cache value to be set of type IdTokenEntity
*/
setIdTokenCredential(idToken) {
const idTokenKey = idToken.generateCredentialKey();
this.setItem(idTokenKey, idToken);
}
/**
* fetch the accessToken credential
* @param accessTokenKey - lookup key to fetch cache type AccessTokenEntity
*/
getAccessTokenCredential(accessTokenKey) {
const accessToken = this.getItem(accessTokenKey);
if (AccessTokenEntity.isAccessTokenEntity(accessToken)) {
return accessToken;
}
return null;
}
/**
* set accessToken credential
* @param accessToken - cache value to be set of type AccessTokenEntity
*/
setAccessTokenCredential(accessToken) {
const accessTokenKey = accessToken.generateCredentialKey();
this.setItem(accessTokenKey, accessToken);
}
/**
* fetch the refreshToken credential
* @param refreshTokenKey - lookup key to fetch cache type RefreshTokenEntity
*/
getRefreshTokenCredential(refreshTokenKey) {
const refreshToken = this.getItem(refreshTokenKey);
if (RefreshTokenEntity.isRefreshTokenEntity(refreshToken)) {
return refreshToken;
}
return null;
}
/**
* set refreshToken credential
* @param refreshToken - cache value to be set of type RefreshTokenEntity
*/
setRefreshTokenCredential(refreshToken) {
const refreshTokenKey = refreshToken.generateCredentialKey();
this.setItem(refreshTokenKey, refreshToken);
}
/**
* fetch appMetadata entity from the platform cache
* @param appMetadataKey - lookup key to fetch cache type AppMetadataEntity
*/
getAppMetadata(appMetadataKey) {
const appMetadata = this.getItem(appMetadataKey);
if (AppMetadataEntity.isAppMetadataEntity(appMetadataKey, appMetadata)) {
return appMetadata;
}
return null;
}
/**
* set appMetadata entity to the platform cache
* @param appMetadata - cache value to be set of type AppMetadataEntity
*/
setAppMetadata(appMetadata) {
const appMetadataKey = appMetadata.generateAppMetadataKey();
this.setItem(appMetadataKey, appMetadata);
}
/**
* fetch server telemetry entity from the platform cache
* @param serverTelemetrykey - lookup key to fetch cache type ServerTelemetryEntity
*/
getServerTelemetry(serverTelemetrykey) {
const serverTelemetryEntity = this.getItem(serverTelemetrykey);
if (serverTelemetryEntity && ServerTelemetryEntity.isServerTelemetryEntity(serverTelemetrykey, serverTelemetryEntity)) {
return serverTelemetryEntity;
}
return null;
}
/**
* set server telemetry entity to the platform cache
* @param serverTelemetryKey - lookup key to fetch cache type ServerTelemetryEntity
* @param serverTelemetry - cache value to be set of type ServerTelemetryEntity
*/
setServerTelemetry(serverTelemetryKey, serverTelemetry) {
this.setItem(serverTelemetryKey, serverTelemetry);
}
/**
* fetch authority metadata entity from the platform cache
* @param key - lookup key to fetch cache type AuthorityMetadataEntity
*/
getAuthorityMetadata(key) {
const authorityMetadataEntity = this.getItem(key);
if (authorityMetadataEntity && AuthorityMetadataEntity.isAuthorityMetadataEntity(key, authorityMetadataEntity)) {
return authorityMetadataEntity;
}
return null;
}
/**
* Get all authority metadata keys
*/
getAuthorityMetadataKeys() {
return this.getKeys().filter(key => {
return this.isAuthorityMetadata(key);
});
}
/**
* set authority metadata entity to the platform cache
* @param key - lookup key to fetch cache type AuthorityMetadataEntity
* @param metadata - cache value to be set of type AuthorityMetadataEntity
*/
setAuthorityMetadata(key, metadata) {
this.setItem(key, metadata);
}
/**
* fetch throttling entity from the platform cache
* @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity
*/
getThrottlingCache(throttlingCacheKey) {
const throttlingCache = this.getItem(throttlingCacheKey);
if (throttlingCache && ThrottlingEntity.isThrottlingEntity(throttlingCacheKey, throttlingCache)) {
return throttlingCache;
}
return null;
}
/**
* set throttling entity to the platform cache
* @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity
* @param throttlingCache - cache value to be set of type ThrottlingEntity
*/
setThrottlingCache(throttlingCacheKey, throttlingCache) {
this.setItem(throttlingCacheKey, throttlingCache);
}
/**
* Removes the cache item from memory with the given key.
* @param key - lookup key to remove a cache entity
* @param inMemory - key value map of the cache
*/
removeItem(key) {
this.logger.tracePii(`Item key: ${key}`); // read inMemoryCache
let result = false;
const cache = this.getCache();
if (!!cache[key]) {
delete cache[key];
result = true;
} // write to the cache after removal
if (result) {
this.setCache(cache);
this.emitChange();
}
return result;
}
/**
* Checks whether key is in cache.
* @param key - look up key for a cache entity
*/
containsKey(key) {
return this.getKeys().includes(key);
}
/**
* Gets all keys in window.
*/
getKeys() {
this.logger.trace("Retrieving all cache keys"); // read cache
const cache = this.getCache();
return [...Object.keys(cache)];
}
/**
* Clears all cache entries created by MSAL (except tokens).
*/
async clear() {
this.logger.trace("Clearing cache entries created by MSAL"); // read inMemoryCache
const cacheKeys = this.getKeys(); // delete each element
cacheKeys.forEach(key => {
this.removeItem(key);
});
this.emitChange();
}
/**
* Initialize in memory cache from an exisiting cache vault
* @param cache - blob formatted cache (JSON)
*/
static generateInMemoryCache(cache) {
return Deserializer.deserializeAllCache(Deserializer.deserializeJSONBlob(cache));
}
/**
* retrieves the final JSON
* @param inMemoryCache - itemised cache read from the JSON
*/
static generateJsonCache(inMemoryCache) {
return Serializer.serializeAllCache(inMemoryCache);
}
/**
* Updates a credential's cache key if the current cache key is outdated
*/
updateCredentialCacheKey(currentCacheKey, credential) {
const updatedCacheKey = credential.generateCredentialKey();
if (currentCacheKey !== updatedCacheKey) {
const cacheItem = this.getItem(currentCacheKey);
if (cacheItem) {
this.removeItem(currentCacheKey);
this.setItem(updatedCacheKey, cacheItem);
this.logger.verbose(`Updated an outdated ${credential.credentialType} cache key`);
return updatedCacheKey;
} else {
this.logger.error(`Attempted to update an outdated ${credential.credentialType} cache key but no item matching the outdated key was found in storage`);
}
}
return currentCacheKey;
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
const defaultSerializedCache = {
Account: {},
IdToken: {},
AccessToken: {},
RefreshToken: {},
AppMetadata: {}
};
/**
* In-memory token cache manager
* @public
*/
class TokenCache {
constructor(storage, logger, cachePlugin) {
this.cacheHasChanged = false;
this.storage = storage;
this.storage.registerChangeEmitter(this.handleChangeEvent.bind(this));
if (cachePlugin) {
this.persistence = cachePlugin;
}
this.logger = logger;
}
/**
* Set to true if cache state has changed since last time serialize or writeToPersistence was called
*/
hasChanged() {
return this.cacheHasChanged;
}
/**
* Serializes in memory cache to JSON
*/
serialize() {
this.logger.trace("Serializing in-memory cache");
let finalState = Serializer.serializeAllCache(this.storage.getInMemoryCache()); // if cacheSnapshot not null or empty, merge
if (!StringUtils.isEmpty(this.cacheSnapshot)) {
this.logger.trace("Reading cache snapshot from disk");
finalState = this.mergeState(JSON.parse(this.cacheSnapshot), finalState);
} else {
this.logger.trace("No cache snapshot to merge");
}
this.cacheHasChanged = false;
return JSON.stringify(finalState);
}
/**
* Deserializes JSON to in-memory cache. JSON should be in MSAL cache schema format
* @param cache - blob formatted cache
*/
deserialize(cache) {
this.logger.trace("Deserializing JSON to in-memory cache");
this.cacheSnapshot = cache;
if (!StringUtils.isEmpty(this.cacheSnapshot)) {
this.logger.trace("Reading cache snapshot from disk");
const deserializedCache = Deserializer.deserializeAllCache(this.overlayDefaults(JSON.parse(this.cacheSnapshot)));
this.storage.setInMemoryCache(deserializedCache);
} else {
this.logger.trace("No cache snapshot to deserialize");
}
}
/**
* Fetches the cache key-value map
*/
getKVStore() {
return this.storage.getCache();
}
/**
* API that retrieves all accounts currently in cache to the user
*/
async getAllAccounts() {
this.logger.trace("getAllAccounts called");
let cacheContext;
try {
if (this.persistence) {
cacheContext = new TokenCacheContext(this, false);
await this.persistence.beforeCacheAccess(cacheContext);
}
return this.storage.getAllAccounts();
} finally {
if (this.persistence && cacheContext) {
await this.persistence.afterCacheAccess(cacheContext);
}
}
}
/**
* Returns the signed in account matching homeAccountId.
* (the account object is created at the time of successful login)
* or null when no matching account is found
* @param homeAccountId - unique identifier for an account (uid.utid)
*/
async getAccountByHomeId(homeAccountId) {
const allAccounts = await this.getAllAccounts();
if (!StringUtils.isEmpty(homeAccountId) && allAccounts && allAccounts.length) {
return allAccounts.filter(accountObj => accountObj.homeAccountId === homeAccountId)[0] || null;
} else {
return null;
}
}
/**
* Returns the signed in account matching localAccountId.
* (the account object is created at the time of successful login)
* or null when no matching account is found
* @param localAccountId - unique identifier of an account (sub/obj when homeAccountId cannot be populated)
*/
async getAccountByLocalId(localAccountId) {
const allAccounts = await this.getAllAccounts();
if (!StringUtils.isEmpty(localAccountId) && allAccounts && allAccounts.length) {
return allAccounts.filter(accountObj => accountObj.localAccountId === localAccountId)[0] || null;
} else {
return null;
}
}
/**
* API to remove a specific account and the relevant data from cache
* @param account - AccountInfo passed by the user
*/
async removeAccount(account) {
this.logger.trace("removeAccount called");
let cacheContext;
try {
if (this.persistence) {
cacheContext = new TokenCacheContext(this, true);
await this.persistence.beforeCacheAccess(cacheContext);
}
await this.storage.removeAccount(AccountEntity.generateAccountCacheKey(account));
} finally {
if (this.persistence && cacheContext) {
await this.persistence.afterCacheAccess(cacheContext);
}
}
}
/**
* Called when the cache has changed state.
*/
handleChangeEvent() {
this.cacheHasChanged = true;
}
/**
* Merge in memory cache with the cache snapshot.
* @param oldState - cache before changes
* @param currentState - current cache state in the library
*/
mergeState(oldState, currentState) {
this.logger.trace("Merging in-memory cache with cache snapshot");
const stateAfterRemoval = this.mergeRemovals(oldState, currentState);
return this.mergeUpdates(stateAfterRemoval, currentState);
}
/**
* Deep update of oldState based on newState values
* @param oldState - cache before changes
* @param newState - updated cache
*/
mergeUpdates(oldState, newState) {
Object.keys(newState).forEach(newKey => {
const newValue = newState[newKey]; // if oldState does not contain value but newValue does, add it
if (!oldState.hasOwnProperty(newKey)) {
if (newValue !== null) {
oldState[newKey] = newValue;
}
} else {
// both oldState and newState contain the key, do deep update
const newValueNotNull = newValue !== null;
const newValueIsObject = typeof newValue === "object";
const newValueIsNotArray = !Array.isArray(newValue);
const oldStateNotUndefinedOrNull = typeof oldState[newKey] !== "undefined" && oldState[newKey] !== null;
if (newValueNotNull && newValueIsObject && newValueIsNotArray && oldStateNotUndefinedOrNull) {
this.mergeUpdates(oldState[newKey], newValue);
} else {
oldState[newKey] = newValue;
}
}
});
return oldState;
}
/**
* Removes entities in oldState that the were removed from newState. If there are any unknown values in root of
* oldState that are not recognized, they are left untouched.
* @param oldState - cache before changes
* @param newState - updated cache
*/
mergeRemovals(oldState, newState) {
this.logger.trace("Remove updated entries in cache");
const accounts = oldState.Account ? this.mergeRemovalsDict(oldState.Account, newState.Account) : oldState.Account;
const accessTokens = oldState.AccessToken ? this.mergeRemovalsDict(oldState.AccessToken, newState.AccessToken) : oldState.AccessToken;
const refreshTokens = oldState.RefreshToken ? this.mergeRemovalsDict(oldState.RefreshToken, newState.RefreshToken) : oldState.RefreshToken;
const idTokens = oldState.IdToken ? this.mergeRemovalsDict(oldState.IdToken, newState.IdToken) : oldState.IdToken;
const appMetadata = oldState.AppMetadata ? this.mergeRemovalsDict(oldState.AppMetadata, newState.AppMetadata) : oldState.AppMetadata;
return { ...oldState,
Account: accounts,
AccessToken: accessTokens,
RefreshToken: refreshTokens,
IdToken: idTokens,
AppMetadata: appMetadata
};
}
/**
* Helper to merge new cache with the old one
* @param oldState - cache before changes
* @param newState - updated cache
*/
mergeRemovalsDict(oldState, newState) {
const finalState = { ...oldState
};
Object.keys(oldState).forEach(oldKey => {
if (!newState || !newState.hasOwnProperty(oldKey)) {
delete finalState[oldKey];
}
});
return finalState;
}
/**
* Helper to overlay as a part of cache merge
* @param passedInCache - cache read from the blob
*/
overlayDefaults(passedInCache) {
this.logger.trace("Overlaying input cache with the default cache");
return {
Account: { ...defaultSerializedCache.Account,
...passedInCache.Account
},
IdToken: { ...defaultSerializedCache.IdToken,
...passedInCache.IdToken
},
AccessToken: { ...defaultSerializedCache.AccessToken,
...passedInCache.AccessToken
},
RefreshToken: { ...defaultSerializedCache.RefreshToken,
...passedInCache.RefreshToken
},
AppMetadata: { ...defaultSerializedCache.AppMetadata,
...passedInCache.AppMetadata
}
};
}
}
/* eslint-disable header/header */
const name = "@azure/msal-node";
const version = "1.14.5";
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* NodeAuthErrorMessage class containing string constants used by error codes and messages.
*/
const NodeAuthErrorMessage = {
invalidLoopbackAddressType: {
code: "invalid_loopback_server_address_type",
desc: "Loopback server address is not type string. This is unexpected."
},
unableToLoadRedirectUri: {
code: "unable_to_load_redirectUrl",
desc: "Loopback server callback was invoked without a url. This is unexpected."
},
noAuthCodeInResponse: {
code: "no_auth_code_in_response",
desc: "No auth code found in the server response. Please check your network trace to determine what happened."
},
noLoopbackServerExists: {
code: "no_loopback_server_exists",
desc: "No loopback server exists yet."
},
loopbackServerAlreadyExists: {
code: "loopback_server_already_exists",
desc: "Loopback server already exists. Cannot create another."
},
loopbackServerTimeout: {
code: "loopback_server_timeout",
desc: "Timed out waiting for auth code listener to be registered."
},
stateNotFoundError: {
code: "state_not_found",
desc: "State not found. Please verify that the request originated from msal."
}
};
class NodeAuthError extends AuthError {
constructor(errorCode, errorMessage) {
super(errorCode, errorMessage);
this.name = "NodeAuthError";
}
/**
* Creates an error thrown if loopback server address is of type string.
*/
static createInvalidLoopbackAddressTypeError() {
return new NodeAuthError(NodeAuthErrorMessage.invalidLoopbackAddressType.code, `${NodeAuthErrorMessage.invalidLoopbackAddressType.desc}`);
}
/**
* Creates an error thrown if the loopback server is unable to get a url.
*/
static createUnableToLoadRedirectUrlError() {
return new NodeAuthError(NodeAuthErrorMessage.unableToLoadRedirectUri.code, `${NodeAuthErrorMessage.unableToLoadRedirectUri.desc}`);
}
/**
* Creates an error thrown if the server response does not contain an auth code.
*/
static createNoAuthCodeInResponseError() {
return new NodeAuthError(NodeAuthErrorMessage.noAuthCodeInResponse.code, `${NodeAuthErrorMessage.noAuthCodeInResponse.desc}`);
}
/**
* Creates an error thrown if the loopback server has not been spun up yet.
*/
static createNoLoopbackServerExistsError() {
return new NodeAuthError(NodeAuthErrorMessage.noLoopbackServerExists.code, `${NodeAuthErrorMessage.noLoopbackServerExists.desc}`);
}
/**
* Creates an error thrown if a loopback server already exists when attempting to create another one.
*/
static createLoopbackServerAlreadyExistsError() {
return new NodeAuthError(NodeAuthErrorMessage.loopbackServerAlreadyExists.code, `${NodeAuthErrorMessage.loopbackServerAlreadyExists.desc}`);
}
/**
* Creates an error thrown if the loopback server times out registering the auth code listener.
*/
static createLoopbackServerTimeoutError() {
return new NodeAuthError(NodeAuthErrorMessage.loopbackServerTimeout.code, `${NodeAuthErrorMessage.loopbackServerTimeout.desc}`);
}
/**
* Creates an error thrown when the state is not present.
*/
static createStateNotFoundError() {
return new NodeAuthError(NodeAuthErrorMessage.stateNotFoundError.code, NodeAuthErrorMessage.stateNotFoundError.desc);
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Base abstract class for all ClientApplications - public and confidential
* @public
*/
class ClientApplication {
/**
* Constructor for the ClientApplication
*/
constructor(configuration) {
this.config = buildAppConfiguration(configuration);
this.cryptoProvider = new CryptoProvider();
this.logger = new Logger(this.config.system.loggerOptions, name, version);
this.storage = new NodeStorage(this.logger, this.config.auth.clientId, this.cryptoProvider);
this.tokenCache = new TokenCache(this.storage, this.logger, this.config.cache.cachePlugin);
}
/**
* Creates the URL of the authorization request, letting the user input credentials and consent to the
* application. The URL targets the /authorize endpoint of the authority configured in the
* application object.
*
* Once the user inputs their credentials and consents, the authority will send a response to the redirect URI
* sent in the request and should contain an authorization code, which can then be used to acquire tokens via
* `acquireTokenByCode(AuthorizationCodeRequest)`.
*/
async getAuthCodeUrl(request) {
this.logger.info("getAuthCodeUrl called", request.correlationId);
const validRequest = { ...request,
...(await this.initializeBaseRequest(request)),
responseMode: request.responseMode || ResponseMode.QUERY,
authenticationScheme: AuthenticationScheme.BEARER
};
const authClientConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, undefined, undefined, request.azureCloudOptions);
const authorizationCodeClient = new AuthorizationCodeClient(authClientConfig);
this.logger.verbose("Auth code client created", validRequest.correlationId);
return authorizationCodeClient.getAuthCodeUrl(validRequest);
}
/**
* Acquires a token by exchanging the Authorization Code received from the first step of OAuth2.0
* Authorization Code flow.
*
* `getAuthCodeUrl(AuthorizationCodeUrlRequest)` can be used to create the URL for the first step of OAuth2.0
* Authorization Code flow. Ensure that values for redirectUri and scopes in AuthorizationCodeUrlRequest and
* AuthorizationCodeRequest are the same.
*/
async acquireTokenByCode(request, authCodePayLoad) {
this.logger.info("acquireTokenByCode called");
if (request.state && authCodePayLoad) {
this.logger.info("acquireTokenByCode - validating state");
this.validateState(request.state, authCodePayLoad.state || ""); // eslint-disable-next-line no-param-reassign
authCodePayLoad = { ...authCodePayLoad,
state: ""
};
}
const validRequest = { ...request,
...(await this.initializeBaseRequest(request)),
authenticationScheme: AuthenticationScheme.BEARER
};
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByCode, validRequest.correlationId);
try {
const authClientConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, undefined, request.azureCloudOptions);
const authorizationCodeClient = new AuthorizationCodeClient(authClientConfig);
this.logger.verbose("Auth code client created", validRequest.correlationId);
return authorizationCodeClient.acquireToken(validRequest, authCodePayLoad);
} catch (e) {
if (e instanceof AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Acquires a token by exchanging the refresh token provided for a new set of tokens.
*
* This API is provided only for scenarios where you would like to migrate from ADAL to MSAL. Otherwise, it is
* recommended that you use `acquireTokenSilent()` for silent scenarios. When using `acquireTokenSilent()`, MSAL will
* handle the caching and refreshing of tokens automatically.
*/
async acquireTokenByRefreshToken(request) {
this.logger.info("acquireTokenByRefreshToken called", request.correlationId);
const validRequest = { ...request,
...(await this.initializeBaseRequest(request)),
authenticationScheme: AuthenticationScheme.BEARER
};
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByRefreshToken, validRequest.correlationId);
try {
const refreshTokenClientConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, undefined, request.azureCloudOptions);
const refreshTokenClient = new RefreshTokenClient(refreshTokenClientConfig);
this.logger.verbose("Refresh token client created", validRequest.correlationId);
return refreshTokenClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Acquires a token silently when a user specifies the account the token is requested for.
*
* This API expects the user to provide an account object and looks into the cache to retrieve the token if present.
* There is also an optional "forceRefresh" boolean the user can send to bypass the cache for access_token and id_token.
* In case the refresh_token is expired or not found, an error is thrown
* and the guidance is for the user to call any interactive token acquisition API (eg: `acquireTokenByCode()`).
*/
async acquireTokenSilent(request) {
const validRequest = { ...request,
...(await this.initializeBaseRequest(request)),
forceRefresh: request.forceRefresh || false
};
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenSilent, validRequest.correlationId, validRequest.forceRefresh);
try {
const silentFlowClientConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, undefined, request.azureCloudOptions);
const silentFlowClient = new SilentFlowClient(silentFlowClientConfig);
this.logger.verbose("Silent flow client created", validRequest.correlationId);
return silentFlowClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Acquires tokens with password grant by exchanging client applications username and password for credentials
*
* The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely.
* More details on this recommendation at https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.4
* Microsoft's documentation and recommendations are at:
* https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#usernamepassword
*
* @param request - UsenamePasswordRequest
*/
async acquireTokenByUsernamePassword(request) {
this.logger.info("acquireTokenByUsernamePassword called", request.correlationId);
const validRequest = { ...request,
...(await this.initializeBaseRequest(request))
};
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByUsernamePassword, validRequest.correlationId);
try {
const usernamePasswordClientConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, undefined, request.azureCloudOptions);
const usernamePasswordClient = new UsernamePasswordClient(usernamePasswordClientConfig);
this.logger.verbose("Username password client created", validRequest.correlationId);
return usernamePasswordClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Gets the token cache for the application.
*/
getTokenCache() {
this.logger.info("getTokenCache called");
return this.tokenCache;
}
/**
* Validates OIDC state by comparing the user cached state with the state received from the server.
*
* This API is provided for scenarios where you would use OAuth2.0 state parameter to mitigate against
* CSRF attacks.
* For more information about state, visit https://datatracker.ietf.org/doc/html/rfc6819#section-3.6.
* @param state
* @param cachedState
*/
validateState(state, cachedState) {
if (!state) {
throw NodeAuthError.createStateNotFoundError();
}
if (state !== cachedState) {
throw ClientAuthError.createStateMismatchError();
}
}
/**
* Returns the logger instance
*/
getLogger() {
return this.logger;
}
/**
* Replaces the default logger set in configurations with new Logger with new configurations
* @param logger - Logger instance
*/
setLogger(logger) {
this.logger = logger;
}
/**
* Builds the common configuration to be passed to the common component based on the platform configurarion
* @param authority - user passed authority in configuration
* @param serverTelemetryManager - initializes servertelemetry if passed
*/
async buildOauthClientConfiguration(authority, requestCorrelationId, serverTelemetryManager, azureRegionConfiguration, azureCloudOptions) {
this.logger.verbose("buildOauthClientConfiguration called", requestCorrelationId); // precedence - azureCloudInstance + tenant >> authority and request >> config
const userAzureCloudOptions = azureCloudOptions ? azureCloudOptions : this.config.auth.azureCloudOptions; // using null assertion operator as we ensure that all config values have default values in buildConfiguration()
this.logger.verbose(`building oauth client configuration with the authority: ${authority}`, requestCorrelationId);
const discoveredAuthority = await this.createAuthority(authority, azureRegionConfiguration, requestCorrelationId, userAzureCloudOptions);
serverTelemetryManager == null ? void 0 : serverTelemetryManager.updateRegionDiscoveryMetadata(discoveredAuthority.regionDiscoveryMetadata);
const clientConfiguration = {
authOptions: {
clientId: this.config.auth.clientId,
authority: discoveredAuthority,
clientCapabilities: this.config.auth.clientCapabilities
},
systemOptions: {
proxyUrl: this.config.system.proxyUrl
},
loggerOptions: {
logLevel: this.config.system.loggerOptions.logLevel,
loggerCallback: this.config.system.loggerOptions.loggerCallback,
piiLoggingEnabled: this.config.system.loggerOptions.piiLoggingEnabled,
correlationId: requestCorrelationId
},
cryptoInterface: this.cryptoProvider,
networkInterface: this.config.system.networkClient,
storageInterface: this.storage,
serverTelemetryManager: serverTelemetryManager,
clientCredentials: {
clientSecret: this.clientSecret,
clientAssertion: this.clientAssertion ? this.getClientAssertion(discoveredAuthority) : undefined
},
libraryInfo: {
sku: Constants.MSAL_SKU,
version: version,
cpu: process.arch || Constants$1.EMPTY_STRING,
os: process.platform || Constants$1.EMPTY_STRING
},
telemetry: this.config.telemetry,
persistencePlugin: this.config.cache.cachePlugin,
serializableCache: this.tokenCache
};
return clientConfiguration;
}
getClientAssertion(authority) {
return {
assertion: this.clientAssertion.getJwt(this.cryptoProvider, this.config.auth.clientId, authority.tokenEndpoint),
assertionType: Constants.JWT_BEARER_ASSERTION_TYPE
};
}
/**
* Generates a request with the default scopes & generates a correlationId.
* @param authRequest - BaseAuthRequest for initialization
*/
async initializeBaseRequest(authRequest) {
this.logger.verbose("initializeRequestScopes called", authRequest.correlationId); // Default authenticationScheme to Bearer, log that POP isn't supported yet
if (authRequest.authenticationScheme && authRequest.authenticationScheme === AuthenticationScheme.POP) {
this.logger.verbose("Authentication Scheme 'pop' is not supported yet, setting Authentication Scheme to 'Bearer' for request", authRequest.correlationId);
}
authRequest.authenticationScheme = AuthenticationScheme.BEARER; // Set requested claims hash if claims were requested
if (authRequest.claims && !StringUtils.isEmpty(authRequest.claims)) {
authRequest.requestedClaimsHash = await this.cryptoProvider.hashString(authRequest.claims);
}
return { ...authRequest,
scopes: [...(authRequest && authRequest.scopes || []), ...OIDC_DEFAULT_SCOPES],
correlationId: authRequest && authRequest.correlationId || this.cryptoProvider.createNewGuid(),
authority: authRequest.authority || this.config.auth.authority
};
}
/**
* Initializes the server telemetry payload
* @param apiId - Id for a specific request
* @param correlationId - GUID
* @param forceRefresh - boolean to indicate network call
*/
initializeServerTelemetryManager(apiId, correlationId, forceRefresh) {
const telemetryPayload = {
clientId: this.config.auth.clientId,
correlationId: correlationId,
apiId: apiId,
forceRefresh: forceRefresh || false
};
return new ServerTelemetryManager(telemetryPayload, this.storage);
}
/**
* Create authority instance. If authority not passed in request, default to authority set on the application
* object. If no authority set in application object, then default to common authority.
* @param authorityString - authority from user configuration
*/
async createAuthority(authorityString, azureRegionConfiguration, requestCorrelationId, azureCloudOptions) {
this.logger.verbose("createAuthority called", requestCorrelationId); // build authority string based on auth params - azureCloudInstance is prioritized if provided
const authorityUrl = Authority.generateAuthority(authorityString, azureCloudOptions);
const authorityOptions = {
protocolMode: this.config.auth.protocolMode,
knownAuthorities: this.config.auth.knownAuthorities,
cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,
authorityMetadata: this.config.auth.authorityMetadata,
azureRegionConfiguration,
skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache
};
return await AuthorityFactory.createDiscoveredInstance(authorityUrl, this.config.system.networkClient, this.storage, authorityOptions, this.logger, this.config.system.proxyUrl);
}
/**
* Clear the cache
*/
clearCache() {
this.storage.clear();
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class LoopbackClient {
/**
* Spins up a loopback server which returns the server response when the localhost redirectUri is hit
* @param successTemplate
* @param errorTemplate
* @returns
*/
async listenForAuthCode(successTemplate, errorTemplate) {
if (!!this.server) {
throw NodeAuthError.createLoopbackServerAlreadyExistsError();
}
const authCodeListener = new Promise((resolve, reject) => {
this.server = createServer(async (req, res) => {
const url = req.url;
if (!url) {
res.end(errorTemplate || "Error occurred loading redirectUrl");
reject(NodeAuthError.createUnableToLoadRedirectUrlError());
return;
} else if (url === Constants$1.FORWARD_SLASH) {
res.end(successTemplate || "Auth code was successfully acquired. You can close this window now.");
return;
}
const authCodeResponse = UrlString.getDeserializedQueryString(url);
if (authCodeResponse.code) {
const redirectUri = await this.getRedirectUri();
res.writeHead(HttpStatus.REDIRECT, {
location: redirectUri
}); // Prevent auth code from being saved in the browser history
res.end();
}
resolve(authCodeResponse);
});
this.server.listen(0); // Listen on any available port
}); // Wait for server to be listening
await new Promise(resolve => {
let ticks = 0;
const id = setInterval(() => {
if (LOOPBACK_SERVER_CONSTANTS.TIMEOUT_MS / LOOPBACK_SERVER_CONSTANTS.INTERVAL_MS < ticks) {
throw NodeAuthError.createLoopbackServerTimeoutError();
}
if (this.server.listening) {
clearInterval(id);
resolve();
}
ticks++;
}, LOOPBACK_SERVER_CONSTANTS.INTERVAL_MS);
});
return authCodeListener;
}
/**
* Get the port that the loopback server is running on
* @returns
*/
getRedirectUri() {
if (!this.server) {
throw NodeAuthError.createNoLoopbackServerExistsError();
}
const address = this.server.address();
if (!address || typeof address === "string" || !address.port) {
this.closeServer();
throw NodeAuthError.createInvalidLoopbackAddressTypeError();
}
const port = address && address.port;
return `${Constants.HTTP_PROTOCOL}${Constants.LOCALHOST}:${port}`;
}
/**
* Close the loopback server
*/
closeServer() {
if (!!this.server) {
this.server.close();
}
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class is to be used to acquire tokens for public client applications (desktop, mobile). Public client applications
* are not trusted to safely store application secrets, and therefore can only request tokens in the name of an user.
* @public
*/
class PublicClientApplication extends ClientApplication {
/**
* Important attributes in the Configuration object for auth are:
* - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal.
* - authority: the authority URL for your application.
*
* AAD authorities are of the form https://login.microsoftonline.com/\{Enter_the_Tenant_Info_Here\}.
* - If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).
* - If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations.
* - If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common.
* - To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers.
*
* Azure B2C authorities are of the form https://\{instance\}/\{tenant\}/\{policy\}. Each policy is considered
* its own authority. You will have to set the all of the knownAuthorities at the time of the client application
* construction.
*
* ADFS authorities are of the form https://\{instance\}/adfs.
*/
constructor(configuration) {
super(configuration);
}
/**
* Acquires a token from the authority using OAuth2.0 device code flow.
* This flow is designed for devices that do not have access to a browser or have input constraints.
* The authorization server issues a DeviceCode object with a verification code, an end-user code,
* and the end-user verification URI. The DeviceCode object is provided through a callback, and the end-user should be
* instructed to use another device to navigate to the verification URI to input credentials.
* Since the client cannot receive incoming requests, it polls the authorization server repeatedly
* until the end-user completes input of credentials.
*/
async acquireTokenByDeviceCode(request) {
this.logger.info("acquireTokenByDeviceCode called", request.correlationId);
const validRequest = Object.assign(request, await this.initializeBaseRequest(request));
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByDeviceCode, validRequest.correlationId);
try {
const deviceCodeConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, undefined, request.azureCloudOptions);
const deviceCodeClient = new DeviceCodeClient(deviceCodeConfig);
this.logger.verbose("Device code client created", validRequest.correlationId);
return deviceCodeClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Acquires a token by requesting an Authorization code then exchanging it for a token.
*/
async acquireTokenInteractive(request) {
const {
verifier,
challenge
} = await this.cryptoProvider.generatePkceCodes();
const {
openBrowser,
successTemplate,
errorTemplate,
...remainingProperties
} = request;
const loopbackClient = new LoopbackClient();
const authCodeListener = loopbackClient.listenForAuthCode(successTemplate, errorTemplate);
const redirectUri = loopbackClient.getRedirectUri();
const validRequest = { ...remainingProperties,
scopes: request.scopes || OIDC_DEFAULT_SCOPES,
redirectUri: redirectUri,
responseMode: ResponseMode.QUERY,
codeChallenge: challenge,
codeChallengeMethod: CodeChallengeMethodValues.S256
};
const authCodeUrl = await this.getAuthCodeUrl(validRequest);
await openBrowser(authCodeUrl);
const authCodeResponse = await authCodeListener.finally(() => {
loopbackClient.closeServer();
});
if (authCodeResponse.error) {
throw new ServerError(authCodeResponse.error, authCodeResponse.error_description, authCodeResponse.suberror);
} else if (!authCodeResponse.code) {
throw NodeAuthError.createNoAuthCodeInResponseError();
}
const clientInfo = authCodeResponse.client_info;
const tokenRequest = {
code: authCodeResponse.code,
codeVerifier: verifier,
clientInfo: clientInfo || Constants$1.EMPTY_STRING,
...validRequest
};
return this.acquireTokenByCode(tokenRequest);
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* Client assertion of type jwt-bearer used in confidential client flows
* @public
*/
class ClientAssertion {
/**
* Initialize the ClientAssertion class from the clientAssertion passed by the user
* @param assertion - refer https://tools.ietf.org/html/rfc7521
*/
static fromAssertion(assertion) {
const clientAssertion = new ClientAssertion();
clientAssertion.jwt = assertion;
return clientAssertion;
}
/**
* Initialize the ClientAssertion class from the certificate passed by the user
* @param thumbprint - identifier of a certificate
* @param privateKey - secret key
* @param publicCertificate - electronic document provided to prove the ownership of the public key
*/
static fromCertificate(thumbprint, privateKey, publicCertificate) {
const clientAssertion = new ClientAssertion();
clientAssertion.privateKey = privateKey;
clientAssertion.thumbprint = thumbprint;
if (publicCertificate) {
clientAssertion.publicCertificate = this.parseCertificate(publicCertificate);
}
return clientAssertion;
}
/**
* Update JWT for certificate based clientAssertion, if passed by the user, uses it as is
* @param cryptoProvider - library's crypto helper
* @param issuer - iss claim
* @param jwtAudience - aud claim
*/
getJwt(cryptoProvider, issuer, jwtAudience) {
// if assertion was created from certificate, check if jwt is expired and create new one.
if (this.privateKey && this.thumbprint) {
if (this.jwt && !this.isExpired() && issuer === this.issuer && jwtAudience === this.jwtAudience) {
return this.jwt;
}
return this.createJwt(cryptoProvider, issuer, jwtAudience);
}
/*
* if assertion was created by caller, then we just append it. It is up to the caller to
* ensure that it contains necessary claims and that it is not expired.
*/
if (this.jwt) {
return this.jwt;
}
throw ClientAuthError.createInvalidAssertionError();
}
/**
* JWT format and required claims specified: https://tools.ietf.org/html/rfc7523#section-3
*/
createJwt(cryptoProvider, issuer, jwtAudience) {
this.issuer = issuer;
this.jwtAudience = jwtAudience;
const issuedAt = TimeUtils.nowSeconds();
this.expirationTime = issuedAt + 600;
const header = {
alg: JwtConstants.RSA_256,
x5t: EncodingUtils.base64EncodeUrl(this.thumbprint, "hex")
};
if (this.publicCertificate) {
Object.assign(header, {
x5c: this.publicCertificate
});
}
const payload = {
[JwtConstants.AUDIENCE]: this.jwtAudience,
[JwtConstants.EXPIRATION_TIME]: this.expirationTime,
[JwtConstants.ISSUER]: this.issuer,
[JwtConstants.SUBJECT]: this.issuer,
[JwtConstants.NOT_BEFORE]: issuedAt,
[JwtConstants.JWT_ID]: cryptoProvider.createNewGuid()
};
this.jwt = sign(payload, this.privateKey, {
header
});
return this.jwt;
}
/**
* Utility API to check expiration
*/
isExpired() {
return this.expirationTime < TimeUtils.nowSeconds();
}
/**
* Extracts the raw certs from a given certificate string and returns them in an array.
* @param publicCertificate - electronic document provided to prove the ownership of the public key
*/
static parseCertificate(publicCertificate) {
/**
* This is regex to identify the certs in a given certificate string.
* We want to look for the contents between the BEGIN and END certificate strings, without the associated newlines.
* The information in parens "(.+?)" is the capture group to represent the cert we want isolated.
* "." means any string character, "+" means match 1 or more times, and "?" means the shortest match.
* The "g" at the end of the regex means search the string globally, and the "s" enables the "." to match newlines.
*/
const regexToFindCerts = /-----BEGIN CERTIFICATE-----\r*\n(.+?)\r*\n-----END CERTIFICATE-----/gs;
const certs = [];
let matches;
while ((matches = regexToFindCerts.exec(publicCertificate)) !== null) {
// matches[1] represents the first parens capture group in the regex.
certs.push(matches[1].replace(/\r*\n/g, Constants$1.EMPTY_STRING));
}
return certs;
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
/**
* This class is to be used to acquire tokens for confidential client applications (webApp, webAPI). Confidential client applications
* will configure application secrets, client certificates/assertions as applicable
* @public
*/
class ConfidentialClientApplication extends ClientApplication {
/**
* Constructor for the ConfidentialClientApplication
*
* Required attributes in the Configuration object are:
* - clientID: the application ID of your application. You can obtain one by registering your application with our application registration portal
* - authority: the authority URL for your application.
* - client credential: Must set either client secret, certificate, or assertion for confidential clients. You can obtain a client secret from the application registration portal.
*
* In Azure AD, authority is a URL indicating of the form https://login.microsoftonline.com/\{Enter_the_Tenant_Info_Here\}.
* If your application supports Accounts in one organizational directory, replace "Enter_the_Tenant_Info_Here" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).
* If your application supports Accounts in any organizational directory, replace "Enter_the_Tenant_Info_Here" value with organizations.
* If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace "Enter_the_Tenant_Info_Here" value with common.
* To restrict support to Personal Microsoft accounts only, replace "Enter_the_Tenant_Info_Here" value with consumers.
*
* In Azure B2C, authority is of the form https://\{instance\}/tfp/\{tenant\}/\{policyName\}/
* Full B2C functionality will be available in this library in future versions.
*
* @param Configuration - configuration object for the MSAL ConfidentialClientApplication instance
*/
constructor(configuration) {
super(configuration);
this.setClientCredential(this.config);
this.appTokenProvider = undefined;
}
/**
* This extensibility point only works for the client_credential flow, i.e. acquireTokenByClientCredential and
* is meant for Azure SDK to enhance Managed Identity support.
*
* @param IAppTokenProvider - Extensibility interface, which allows the app developer to return a token from a custom source.
*/
SetAppTokenProvider(provider) {
this.appTokenProvider = provider;
}
/**
* Acquires tokens from the authority for the application (not for an end user).
*/
async acquireTokenByClientCredential(request) {
this.logger.info("acquireTokenByClientCredential called", request.correlationId); // If there is a client assertion present in the request, it overrides the one present in the client configuration
let clientAssertion;
if (request.clientAssertion) {
clientAssertion = {
assertion: request.clientAssertion,
assertionType: Constants.JWT_BEARER_ASSERTION_TYPE
};
}
const baseRequest = await this.initializeBaseRequest(request); // valid base request should not contain oidc scopes in this grant type
const validBaseRequest = { ...baseRequest,
scopes: baseRequest.scopes.filter(scope => !OIDC_DEFAULT_SCOPES.includes(scope))
};
const validRequest = { ...request,
...validBaseRequest,
clientAssertion
};
const azureRegionConfiguration = {
azureRegion: validRequest.azureRegion,
environmentRegion: process.env[REGION_ENVIRONMENT_VARIABLE]
};
const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByClientCredential, validRequest.correlationId, validRequest.skipCache);
try {
const clientCredentialConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, serverTelemetryManager, azureRegionConfiguration, request.azureCloudOptions);
const clientCredentialClient = new ClientCredentialClient(clientCredentialConfig, this.appTokenProvider);
this.logger.verbose("Client credential client created", validRequest.correlationId);
return clientCredentialClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
serverTelemetryManager.cacheFailedRequest(e);
throw e;
}
}
/**
* Acquires tokens from the authority for the application.
*
* Used in scenarios where the current app is a middle-tier service which was called with a token
* representing an end user. The current app can use the token (oboAssertion) to request another
* token to access downstream web API, on behalf of that user.
*
* The current middle-tier app has no user interaction to obtain consent.
* See how to gain consent upfront for your middle-tier app from this article.
* https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#gaining-consent-for-the-middle-tier-application
*/
async acquireTokenOnBehalfOf(request) {
this.logger.info("acquireTokenOnBehalfOf called", request.correlationId);
const validRequest = { ...request,
...(await this.initializeBaseRequest(request))
};
try {
const onBehalfOfConfig = await this.buildOauthClientConfiguration(validRequest.authority, validRequest.correlationId, undefined, undefined, request.azureCloudOptions);
const oboClient = new OnBehalfOfClient(onBehalfOfConfig);
this.logger.verbose("On behalf of client created", validRequest.correlationId);
return oboClient.acquireToken(validRequest);
} catch (e) {
if (e instanceof AuthError) {
e.setCorrelationId(validRequest.correlationId);
}
throw e;
}
}
setClientCredential(configuration) {
const clientSecretNotEmpty = !StringUtils.isEmpty(configuration.auth.clientSecret);
const clientAssertionNotEmpty = !StringUtils.isEmpty(configuration.auth.clientAssertion);
const certificate = configuration.auth.clientCertificate || {
thumbprint: Constants$1.EMPTY_STRING,
privateKey: Constants$1.EMPTY_STRING
};
const certificateNotEmpty = !StringUtils.isEmpty(certificate.thumbprint) || !StringUtils.isEmpty(certificate.privateKey);
/*
* If app developer configures this callback, they don't need a credential
* i.e. AzureSDK can get token from Managed Identity without a cert / secret
*/
if (this.appTokenProvider) {
return;
} // Check that at most one credential is set on the application
if (clientSecretNotEmpty && clientAssertionNotEmpty || clientAssertionNotEmpty && certificateNotEmpty || clientSecretNotEmpty && certificateNotEmpty) {
throw ClientAuthError.createInvalidCredentialError();
}
if (configuration.auth.clientSecret) {
this.clientSecret = configuration.auth.clientSecret;
return;
}
if (configuration.auth.clientAssertion) {
this.clientAssertion = ClientAssertion.fromAssertion(configuration.auth.clientAssertion);
return;
}
if (!certificateNotEmpty) {
throw ClientAuthError.createInvalidCredentialError();
} else {
var _configuration$auth$c;
this.clientAssertion = ClientAssertion.fromCertificate(certificate.thumbprint, certificate.privateKey, (_configuration$auth$c = configuration.auth.clientCertificate) == null ? void 0 : _configuration$auth$c.x5c);
}
}
}
/*
* Copyright (c) Microsoft Corporation. All rights reserved.
* Licensed under the MIT License.
*/
class DistributedCachePlugin {
constructor(client, partitionManager) {
this.client = client;
this.partitionManager = partitionManager;
}
async beforeCacheAccess(cacheContext) {
const partitionKey = await this.partitionManager.getKey();
const cacheData = await this.client.get(partitionKey);
cacheContext.tokenCache.deserialize(cacheData);
}
async afterCacheAccess(cacheContext) {
if (cacheContext.cacheHasChanged) {
const kvStore = cacheContext.tokenCache.getKVStore();
const accountEntities = Object.values(kvStore).filter(value => AccountEntity.isAccountEntity(value));
if (accountEntities.length > 0) {
const accountEntity = accountEntities[0];
const partitionKey = await this.partitionManager.extractKey(accountEntity);
await this.client.set(partitionKey, cacheContext.tokenCache.serialize());
}
}
}
}
export { ClientApplication, ClientAssertion, ConfidentialClientApplication, CryptoProvider, DistributedCachePlugin, NodeStorage, PublicClientApplication, TokenCache, buildAppConfiguration, version };
//# sourceMappingURL=msal-node.esm.js.map
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/msal-node.esm.js.map 0 → 100644
View file @ 3a84cbd5
{"version":3,"file":"msal-node.esm.js","sources":["../src/utils/Constants.ts","../src/utils/NetworkUtils.ts","../src/network/HttpClient.ts","../src/config/Configuration.ts","../src/crypto/GuidGenerator.ts","../src/utils/EncodingUtils.ts","../src/crypto/HashUtils.ts","../src/crypto/PkceGenerator.ts","../src/crypto/CryptoProvider.ts","../src/cache/serializer/Deserializer.ts","../src/cache/serializer/Serializer.ts","../src/cache/NodeStorage.ts","../src/cache/TokenCache.ts","../src/packageMetadata.ts","../src/error/NodeAuthError.ts","../src/client/ClientApplication.ts","../src/network/LoopbackClient.ts","../src/client/PublicClientApplication.ts","../src/client/ClientAssertion.ts","../src/client/ConfidentialClientApplication.ts","../src/cache/distributed/DistributedCachePlugin.ts"],"sourcesContent":["/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\n/**\n * http methods\n */\nexport enum HttpMethod {\n GET = \"get\",\n POST = \"post\",\n}\n\nexport enum HttpStatus {\n SUCCESS_RANGE_START = 200,\n SUCCESS_RANGE_END = 299,\n REDIRECT = 302,\n CLIENT_ERROR_RANGE_START = 400,\n CLIENT_ERROR_RANGE_END = 499,\n SERVER_ERROR_RANGE_START = 500,\n SERVER_ERROR_RANGE_END = 599\n}\n\nexport enum ProxyStatus {\n SUCCESS_RANGE_START = 200,\n SUCCESS_RANGE_END = 299,\n SERVER_ERROR = 500\n}\n\n/**\n * Constants used for region discovery\n */\nexport const REGION_ENVIRONMENT_VARIABLE = \"REGION_NAME\";\n\n/**\n * Constant used for PKCE\n */\nexport const RANDOM_OCTET_SIZE = 32;\n\n/**\n * Constants used in PKCE\n */\nexport const Hash = {\n SHA256: \"sha256\",\n};\n\n/**\n * Constants for encoding schemes\n */\nexport const CharSet = {\n CV_CHARSET:\n \"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~\",\n};\n\n/**\n * Cache Constants\n */\nexport const CACHE = {\n FILE_CACHE: \"fileCache\",\n EXTENSION_LIB: \"extenstion_library\",\n};\n\n/**\n * Constants\n */\nexport const Constants = {\n MSAL_SKU: \"msal.js.node\",\n JWT_BEARER_ASSERTION_TYPE: \"urn:ietf:params:oauth:client-assertion-type:jwt-bearer\",\n AUTHORIZATION_PENDING: \"authorization_pending\",\n HTTP_PROTOCOL: \"http://\",\n LOCALHOST: \"localhost\"\n};\n\n/**\n * API Codes for Telemetry purposes.\n * Before adding a new code you must claim it in the MSAL Telemetry tracker as these number spaces are shared across all MSALs\n * 0-99 Silent Flow\n * 600-699 Device Code Flow\n * 800-899 Auth Code Flow\n */\nexport enum ApiId {\n acquireTokenSilent = 62,\n acquireTokenByUsernamePassword = 371,\n acquireTokenByDeviceCode = 671,\n acquireTokenByClientCredential = 771,\n acquireTokenByCode = 871,\n acquireTokenByRefreshToken = 872\n}\n\n/**\n * JWT constants\n */\nexport const JwtConstants = {\n ALGORITHM: \"alg\",\n RSA_256: \"RS256\",\n X5T: \"x5t\", \n X5C: \"x5c\",\n AUDIENCE: \"aud\",\n EXPIRATION_TIME: \"exp\",\n ISSUER: \"iss\",\n SUBJECT: \"sub\",\n NOT_BEFORE: \"nbf\",\n JWT_ID: \"jti\",\n};\n\nexport const LOOPBACK_SERVER_CONSTANTS = {\n INTERVAL_MS: 100,\n TIMEOUT_MS: 5000\n};\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { NetworkResponse } from \"@azure/msal-common\";\n\nexport class NetworkUtils {\n static getNetworkResponse<T>(headers: Record<string, string>, body: T, statusCode: number): NetworkResponse<T> {\n return {\n headers: headers,\n body: body,\n status: statusCode,\n };\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n INetworkModule,\n NetworkRequestOptions,\n NetworkResponse\n} from \"@azure/msal-common\";\nimport { HttpMethod, Constants, HttpStatus, ProxyStatus } from \"../utils/Constants\";\nimport { NetworkUtils } from \"../utils/NetworkUtils\";\nimport http from \"http\";\nimport https from \"https\";\n\n/**\n * This class implements the API for network requests.\n */\nexport class HttpClient implements INetworkModule {\n\n /**\n * Http Get request\n * @param url\n * @param options\n */\n async sendGetRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n ): Promise<NetworkResponse<T>> {\n if (options?.proxyUrl) {\n return networkRequestViaProxy(url, HttpMethod.GET, options);\n } else {\n return networkRequestViaHttps(url, HttpMethod.GET, options);\n }\n }\n\n /**\n * Http Post request\n * @param url\n * @param options\n */\n async sendPostRequestAsync<T>(\n url: string,\n options?: NetworkRequestOptions,\n cancellationToken?: number,\n ): Promise<NetworkResponse<T>> {\n if (options?.proxyUrl) {\n return networkRequestViaProxy(url, HttpMethod.POST, options, cancellationToken);\n } else {\n return networkRequestViaHttps(url, HttpMethod.POST, options, cancellationToken);\n }\n }\n}\n\nconst networkRequestViaProxy = <T>(\n url: string,\n httpMethod: string,\n options: NetworkRequestOptions,\n timeout?: number,\n): Promise<NetworkResponse<T>> => {\n const headers = options?.headers || {} as Record<string, string>;\n const proxyUrl = new URL(options?.proxyUrl || \"\");\n const destinationUrl = new URL(url);\n\n // \"method: connect\" must be used to establish a connection to the proxy\n const tunnelRequestOptions: https.RequestOptions = {\n host: proxyUrl.hostname,\n port: proxyUrl.port,\n method: \"CONNECT\",\n path: destinationUrl.hostname,\n headers: headers,\n };\n\n if (timeout) {\n tunnelRequestOptions.timeout = timeout;\n }\n\n // compose a request string for the socket\n let postRequestStringContent: string = \"\";\n if (httpMethod === HttpMethod.POST) {\n const body = options?.body || \"\";\n postRequestStringContent =\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\" +\n `Content-Length: ${body.length}\\r\\n` +\n `\\r\\n${body}`;\n }\n const outgoingRequestString = `${httpMethod.toUpperCase()} ${destinationUrl.href} HTTP/1.1\\r\\n` +\n `Host: ${destinationUrl.host}\\r\\n` +\n \"Connection: close\\r\\n\" +\n postRequestStringContent +\n \"\\r\\n\";\n\n return new Promise<NetworkResponse<T>>(((resolve, reject) => {\n const request = http.request(tunnelRequestOptions);\n\n if (tunnelRequestOptions.timeout) {\n request.on(\"timeout\", () => {\n request.destroy();\n reject(new Error(\"Request time out\"));\n });\n }\n\n request.end();\n\n // establish connection to the proxy\n request.on(\"connect\", (response, socket) => {\n const proxyStatusCode = response?.statusCode || ProxyStatus.SERVER_ERROR;\n if ((proxyStatusCode < ProxyStatus.SUCCESS_RANGE_START) || (proxyStatusCode > ProxyStatus.SUCCESS_RANGE_END)) {\n request.destroy();\n socket.destroy();\n reject(new Error(`Error connecting to proxy. Http status code: ${response.statusCode}. Http status message: ${response?.statusMessage || \"Unknown\"}`));\n }\n if (tunnelRequestOptions.timeout) {\n socket.setTimeout(tunnelRequestOptions.timeout);\n socket.on(\"timeout\", () => {\n request.destroy();\n socket.destroy();\n reject(new Error(\"Request time out\"));\n });\n }\n\n // make a request over an HTTP tunnel\n socket.write(outgoingRequestString);\n\n const data: Buffer[] = [];\n socket.on(\"data\", (chunk) => {\n data.push(chunk);\n });\n\n socket.on(\"end\", () => {\n // combine all received buffer streams into one buffer, and then into a string\n const dataString = Buffer.concat([...data]).toString();\n\n // separate each line into it's own entry in an arry\n const dataStringArray = dataString.split(\"\\r\\n\");\n // the first entry will contain the statusCode and statusMessage\n const httpStatusCode = parseInt(dataStringArray[0].split(\" \")[1]);\n // remove \"HTTP/1.1\" and the status code to get the status message\n const statusMessage = dataStringArray[0].split(\" \").slice(2).join(\" \");\n // the last entry will contain the body\n const body = dataStringArray[dataStringArray.length - 1];\n\n // everything in between the first and last entries are the headers\n const headersArray = dataStringArray.slice(1, dataStringArray.length - 2);\n\n // build an object out of all the headers\n const entries = new Map();\n headersArray.forEach((header) => {\n /**\n * the header might look like \"Content-Length: 1531\", but that is just a string\n * it needs to be converted to a key/value pair\n * split the string at the first instance of \":\"\n * there may be more than one \":\" if the value of the header is supposed to be a JSON object\n */\n const headerKeyValue = header.split(new RegExp(/:\\s(.*)/s));\n const headerKey = headerKeyValue[0];\n let headerValue = headerKeyValue[1];\n\n // check if the value of the header is supposed to be a JSON object\n try {\n const object = JSON.parse(headerValue);\n\n // if it is, then convert it from a string to a JSON object\n if (object && (typeof object === \"object\")) {\n headerValue = object;\n }\n } catch (e) {\n // otherwise, leave it as a string\n }\n\n entries.set(headerKey, headerValue);\n });\n const headers = Object.fromEntries(entries);\n\n const parsedHeaders = headers as Record<string, string>;\n const networkResponse = NetworkUtils.getNetworkResponse(\n parsedHeaders,\n parseBody(httpStatusCode, statusMessage, parsedHeaders, body) as T,\n httpStatusCode\n );\n\n if (((httpStatusCode < HttpStatus.SUCCESS_RANGE_START) || (httpStatusCode > HttpStatus.SUCCESS_RANGE_END)) &&\n // do not destroy the request for the device code flow\n networkResponse.body[\"error\"] !== Constants.AUTHORIZATION_PENDING) {\n request.destroy();\n }\n resolve(networkResponse);\n });\n\n socket.on(\"error\", (chunk) => {\n request.destroy();\n socket.destroy();\n reject(new Error(chunk.toString()));\n });\n });\n\n request.on(\"error\", (chunk) => {\n request.destroy();\n reject(new Error(chunk.toString()));\n });\n }));\n};\n\nconst networkRequestViaHttps = <T>(\n url: string,\n httpMethod: string,\n options?: NetworkRequestOptions,\n timeout?: number,\n): Promise<NetworkResponse<T>> => {\n const isPostRequest = httpMethod === HttpMethod.POST;\n const body: string = options?.body || \"\";\n\n const emptyHeaders: Record<string, string> = {};\n const customOptions: https.RequestOptions = {\n method: httpMethod,\n headers: options?.headers || emptyHeaders,\n };\n\n if (timeout) {\n customOptions.timeout = timeout;\n }\n\n if (isPostRequest) {\n // needed for post request to work\n customOptions.headers = {\n ...customOptions.headers,\n \"Content-Length\": body.length,\n };\n }\n\n return new Promise<NetworkResponse<T>>((resolve, reject) => {\n const request = https.request(url, customOptions);\n\n if (timeout) {\n request.on(\"timeout\", () => {\n request.destroy();\n reject(new Error(\"Request time out\"));\n });\n }\n\n if (isPostRequest) {\n request.write(body);\n }\n\n request.end();\n\n request.on(\"response\", (response) => {\n const headers = response.headers;\n const statusCode = response.statusCode as number;\n const statusMessage = response.statusMessage;\n\n const data: Buffer[] = [];\n response.on(\"data\", (chunk) => {\n data.push(chunk);\n });\n\n response.on(\"end\", () => {\n // combine all received buffer streams into one buffer, and then into a string\n const body = Buffer.concat([...data]).toString();\n\n const parsedHeaders = headers as Record<string, string>;\n const networkResponse = NetworkUtils.getNetworkResponse(\n parsedHeaders,\n parseBody(statusCode, statusMessage, parsedHeaders, body) as T,\n statusCode\n );\n\n if (((statusCode < HttpStatus.SUCCESS_RANGE_START) || (statusCode > HttpStatus.SUCCESS_RANGE_END)) &&\n // do not destroy the request for the device code flow\n networkResponse.body[\"error\"] !== Constants.AUTHORIZATION_PENDING) {\n request.destroy();\n }\n resolve(networkResponse);\n });\n });\n\n request.on(\"error\", (chunk) => {\n request.destroy();\n reject(new Error(chunk.toString()));\n });\n });\n};\n\n/**\n * Check if extra parsing is needed on the repsonse from the server\n * @param statusCode {number} the status code of the response from the server\n * @param statusMessage {string | undefined} the status message of the response from the server\n * @param headers {Record<string, string>} the headers of the response from the server\n * @param body {string} the body from the response of the server\n * @returns {Object} JSON parsed body or error object\n */\nconst parseBody = (statusCode: number, statusMessage: string | undefined, headers: Record<string, string>, body: string) => {\n /*\n * Informational responses (100 – 199)\n * Successful responses (200 – 299)\n * Redirection messages (300 – 399)\n * Client error responses (400 – 499)\n * Server error responses (500 – 599)\n */\n \n let parsedBody;\n try {\n parsedBody = JSON.parse(body);\n } catch (error) {\n let errorType;\n let errorDescriptionHelper;\n if ((statusCode >= HttpStatus.CLIENT_ERROR_RANGE_START) && (statusCode <= HttpStatus.CLIENT_ERROR_RANGE_END)) {\n errorType = \"client_error\";\n errorDescriptionHelper = \"A client\";\n } else if ((statusCode >= HttpStatus.SERVER_ERROR_RANGE_START) && (statusCode <= HttpStatus.SERVER_ERROR_RANGE_END)) {\n errorType = \"server_error\";\n errorDescriptionHelper = \"A server\";\n } else {\n errorType = \"unknown_error\";\n errorDescriptionHelper = \"An unknown\";\n }\n\n parsedBody = {\n error: errorType,\n error_description: `${errorDescriptionHelper} error occured.\\nHttp status code: ${statusCode}\\nHttp status message: ${statusMessage || \"Unknown\"}\\nHeaders: ${JSON.stringify(headers)}`\n };\n }\n\n return parsedBody;\n};\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n LoggerOptions,\n INetworkModule,\n LogLevel,\n ProtocolMode,\n ICachePlugin,\n Constants,\n AzureCloudInstance,\n AzureCloudOptions,\n ApplicationTelemetry\n} from \"@azure/msal-common\";\nimport { HttpClient } from \"../network/HttpClient\";\n\n/**\n * - clientId - Client id of the application.\n * - authority - Url of the authority. If no value is set, defaults to https://login.microsoftonline.com/common.\n * - knownAuthorities - Needed for Azure B2C and ADFS. All authorities that will be used in the client application. Only the host of the authority should be passed in.\n * - clientSecret - Secret string that the application uses when requesting a token. Only used in confidential client applications. Can be created in the Azure app registration portal.\n * - clientAssertion - Assertion string that the application uses when requesting a token. Only used in confidential client applications. Assertion should be of type urn:ietf:params:oauth:client-assertion-type:jwt-bearer.\n * - clientCertificate - Certificate that the application uses when requesting a token. Only used in confidential client applications. Requires hex encoded X.509 SHA-1 thumbprint of the certificiate, and the PEM encoded private key (string should contain -----BEGIN PRIVATE KEY----- ... -----END PRIVATE KEY----- )\n * - protocolMode - Enum that represents the protocol that msal follows. Used for configuring proper endpoints.\n * - skipAuthorityMetadataCache - A flag to choose whether to use or not use the local metadata cache during authority initialization. Defaults to false.\n * @public\n */\nexport type NodeAuthOptions = {\n clientId: string;\n authority?: string;\n clientSecret?: string;\n clientAssertion?: string;\n clientCertificate?: {\n thumbprint: string,\n privateKey: string,\n x5c?: string\n };\n knownAuthorities?: Array<string>;\n cloudDiscoveryMetadata?: string;\n authorityMetadata?: string;\n clientCapabilities?: Array<string>;\n protocolMode?: ProtocolMode;\n azureCloudOptions?: AzureCloudOptions;\n skipAuthorityMetadataCache?: boolean;\n};\n\n/**\n * Use this to configure the below cache configuration options:\n *\n * - cachePlugin - Plugin for reading and writing token cache to disk.\n * @public\n */\nexport type CacheOptions = {\n cachePlugin?: ICachePlugin;\n};\n\n/**\n * Type for configuring logger and http client options\n *\n * - logger - Used to initialize the Logger object; TODO: Expand on logger details or link to the documentation on logger\n * - networkClient - Http client used for all http get and post calls. Defaults to using MSAL's default http client.\n * @public\n */\nexport type NodeSystemOptions = {\n loggerOptions?: LoggerOptions;\n networkClient?: INetworkModule;\n proxyUrl?: string;\n};\n\nexport type NodeTelemetryOptions = {\n application?: ApplicationTelemetry;\n};\n\n/**\n * Use the configuration object to configure MSAL and initialize the client application object\n *\n * - auth: this is where you configure auth elements like clientID, authority used for authenticating against the Microsoft Identity Platform\n * - cache: this is where you configure cache location\n * - system: this is where you can configure the network client, logger\n * @public\n */\nexport type Configuration = {\n auth: NodeAuthOptions;\n cache?: CacheOptions;\n system?: NodeSystemOptions;\n telemetry?: NodeTelemetryOptions;\n};\n\nconst DEFAULT_AUTH_OPTIONS: Required<NodeAuthOptions> = {\n clientId: Constants.EMPTY_STRING,\n authority: Constants.DEFAULT_AUTHORITY,\n clientSecret: Constants.EMPTY_STRING,\n clientAssertion: Constants.EMPTY_STRING,\n clientCertificate: {\n thumbprint: Constants.EMPTY_STRING,\n privateKey: Constants.EMPTY_STRING,\n x5c: Constants.EMPTY_STRING\n },\n knownAuthorities: [],\n cloudDiscoveryMetadata: Constants.EMPTY_STRING,\n authorityMetadata: Constants.EMPTY_STRING,\n clientCapabilities: [],\n protocolMode: ProtocolMode.AAD,\n azureCloudOptions: {\n azureCloudInstance: AzureCloudInstance.None,\n tenant: Constants.EMPTY_STRING\n },\n skipAuthorityMetadataCache: false,\n};\n\nconst DEFAULT_CACHE_OPTIONS: CacheOptions = {};\n\nconst DEFAULT_LOGGER_OPTIONS: LoggerOptions = {\n loggerCallback: (): void => {\n // allow users to not set logger call back\n },\n piiLoggingEnabled: false,\n logLevel: LogLevel.Info,\n};\n\nconst DEFAULT_SYSTEM_OPTIONS: Required<NodeSystemOptions> = {\n loggerOptions: DEFAULT_LOGGER_OPTIONS,\n networkClient: new HttpClient(),\n proxyUrl: Constants.EMPTY_STRING,\n};\n\nconst DEFAULT_TELEMETRY_OPTIONS: Required<NodeTelemetryOptions> = {\n application: {\n appName: Constants.EMPTY_STRING,\n appVersion: Constants.EMPTY_STRING\n }\n};\n\nexport type NodeConfiguration = {\n auth: Required<NodeAuthOptions>;\n cache: CacheOptions;\n system: Required<NodeSystemOptions>;\n telemetry: Required<NodeTelemetryOptions>;\n};\n\n/**\n * Sets the default options when not explicitly configured from app developer\n *\n * @param auth - Authentication options\n * @param cache - Cache options\n * @param system - System options\n * @param telemetry - Telemetry options\n *\n * @returns Configuration\n * @public\n */\nexport function buildAppConfiguration({\n auth,\n cache,\n system,\n telemetry\n}: Configuration): NodeConfiguration {\n\n return {\n auth: { ...DEFAULT_AUTH_OPTIONS, ...auth },\n cache: { ...DEFAULT_CACHE_OPTIONS, ...cache },\n system: { ...DEFAULT_SYSTEM_OPTIONS, ...system },\n telemetry: { ...DEFAULT_TELEMETRY_OPTIONS, ...telemetry }\n };\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { IGuidGenerator } from \"@azure/msal-common\";\nimport { v4 as uuidv4 } from \"uuid\";\n\nexport class GuidGenerator implements IGuidGenerator {\n /**\n *\n * RFC4122: The version 4 UUID is meant for generating UUIDs from truly-random or pseudo-random numbers.\n * uuidv4 generates guids from cryprtographically-string random\n */\n generateGuid(): string {\n return uuidv4();\n }\n\n /**\n * verifies if a string is GUID\n * @param guid\n */\n isGuid(guid: string): boolean {\n const regexGuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;\n return regexGuid.test(guid);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Constants } from \"@azure/msal-common\";\n\nexport class EncodingUtils {\n /**\n * 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.\n * 'base64': Base64 encoding.\n *\n * @param str text\n */\n static base64Encode(str: string, encoding?: BufferEncoding): string {\n return Buffer.from(str, encoding).toString(\"base64\");\n }\n\n /**\n * encode a URL\n * @param str\n */\n static base64EncodeUrl(str: string, encoding?: BufferEncoding): string {\n return EncodingUtils.base64Encode(str, encoding)\n .replace(/=/g, Constants.EMPTY_STRING)\n .replace(/\\+/g, \"-\")\n .replace(/\\//g, \"_\");\n }\n\n /**\n * 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.\n * 'base64': Base64 encoding.\n *\n * @param base64Str Base64 encoded text\n */\n static base64Decode(base64Str: string): string {\n return Buffer.from(base64Str, \"base64\").toString(\"utf8\");\n }\n\n /**\n * @param base64Str Base64 encoded Url\n */\n static base64DecodeUrl(base64Str: string): string {\n let str = base64Str.replace(/-/g, \"+\").replace(/_/g, \"/\");\n while (str.length % 4) {\n str += \"=\";\n }\n return EncodingUtils.base64Decode(str);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Hash } from \"../utils/Constants\";\nimport crypto from \"crypto\";\n\nexport class HashUtils {\n /**\n * generate 'SHA256' hash\n * @param buffer\n */\n sha256(buffer: string): Buffer {\n return crypto\n .createHash(Hash.SHA256)\n .update(buffer)\n .digest();\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Constants, PkceCodes } from \"@azure/msal-common\";\nimport { CharSet, RANDOM_OCTET_SIZE } from \"../utils/Constants\";\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\nimport { HashUtils } from \"./HashUtils\";\nimport crypto from \"crypto\";\n\n/**\n * https://tools.ietf.org/html/rfc7636#page-8\n */\nexport class PkceGenerator {\n private hashUtils: HashUtils;\n\n constructor() {\n this.hashUtils = new HashUtils();\n }\n /**\n * generates the codeVerfier and the challenge from the codeVerfier\n * reference: https://tools.ietf.org/html/rfc7636#section-4.1 and https://tools.ietf.org/html/rfc7636#section-4.2\n */\n async generatePkceCodes(): Promise<PkceCodes> {\n const verifier = this.generateCodeVerifier();\n const challenge = this.generateCodeChallengeFromVerifier(verifier);\n return { verifier, challenge };\n }\n\n /**\n * generates the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.1\n */\n private generateCodeVerifier(): string {\n const charArr = [];\n const maxNumber = 256 - (256 % CharSet.CV_CHARSET.length);\n while (charArr.length <= RANDOM_OCTET_SIZE) {\n const byte = crypto.randomBytes(1)[0];\n if (byte >= maxNumber) {\n /* \n * Ignore this number to maintain randomness.\n * Including it would result in an unequal distribution of characters after doing the modulo\n */\n continue;\n }\n const index = byte % CharSet.CV_CHARSET.length;\n charArr.push(CharSet.CV_CHARSET[index]);\n }\n const verifier: string = charArr.join(Constants.EMPTY_STRING);\n return EncodingUtils.base64EncodeUrl(verifier);\n }\n\n /**\n * generate the challenge from the codeVerfier; reference: https://tools.ietf.org/html/rfc7636#section-4.2\n * @param codeVerifier\n */\n private generateCodeChallengeFromVerifier(codeVerifier: string): string {\n return EncodingUtils.base64EncodeUrl(\n this.hashUtils.sha256(codeVerifier).toString(\"base64\"), \n \"base64\" \n );\n }\n\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ICrypto, PkceCodes } from \"@azure/msal-common\";\nimport { GuidGenerator } from \"./GuidGenerator\";\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\nimport { PkceGenerator } from \"./PkceGenerator\";\nimport { HashUtils } from \"./HashUtils\";\n\n/**\n * This class implements MSAL node's crypto interface, which allows it to perform base64 encoding and decoding, generating cryptographically random GUIDs and\n * implementing Proof Key for Code Exchange specs for the OAuth Authorization Code Flow using PKCE (rfc here: https://tools.ietf.org/html/rfc7636).\n * @public\n */\nexport class CryptoProvider implements ICrypto {\n private pkceGenerator: PkceGenerator;\n private guidGenerator: GuidGenerator;\n private hashUtils: HashUtils;\n\n constructor() {\n // Browser crypto needs to be validated first before any other classes can be set.\n this.pkceGenerator = new PkceGenerator();\n this.guidGenerator = new GuidGenerator();\n this.hashUtils = new HashUtils();\n }\n\n /**\n * Creates a new random GUID - used to populate state and nonce.\n * @returns string (GUID)\n */\n createNewGuid(): string {\n return this.guidGenerator.generateGuid();\n }\n\n /**\n * Encodes input string to base64.\n * @param input - string to be encoded\n */\n base64Encode(input: string): string {\n return EncodingUtils.base64Encode(input);\n }\n\n /**\n * Decodes input string from base64.\n * @param input - string to be decoded\n */\n base64Decode(input: string): string {\n return EncodingUtils.base64Decode(input);\n }\n\n /**\n * Generates PKCE codes used in Authorization Code Flow.\n */\n generatePkceCodes(): Promise<PkceCodes> {\n return this.pkceGenerator.generatePkceCodes();\n }\n\n /**\n * Generates a keypair, stores it and returns a thumbprint - not yet implemented for node\n */\n getPublicKeyThumbprint(): Promise<string> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Removes cryptographic keypair from key store matching the keyId passed in\n * @param kid \n */\n removeTokenBindingKey(): Promise<boolean> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Removes all cryptographic keys from Keystore\n */\n clearKeystore(): Promise<boolean> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Signs the given object as a jwt payload with private key retrieved by given kid - currently not implemented for node\n */\n signJwt(): Promise<string> {\n throw new Error(\"Method not implemented.\");\n }\n\n /**\n * Returns the SHA-256 hash of an input string\n */\n async hashString(plainText: string): Promise<string> {\n return EncodingUtils.base64EncodeUrl(\n this.hashUtils.sha256(plainText).toString(\"base64\"), \n \"base64\" \n );\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { StringUtils, AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache, AccountEntity, IdTokenEntity, AccessTokenEntity, RefreshTokenEntity, AppMetadataEntity, CacheManager } from \"@azure/msal-common\";\nimport { JsonCache, InMemoryCache, SerializedAccountEntity, SerializedIdTokenEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedAppMetadataEntity } from \"./SerializerTypes\";\n\n/**\n * This class deserializes cache entities read from the file into in memory object types defined internally\n */\nexport class Deserializer {\n /**\n * Parse the JSON blob in memory and deserialize the content\n * @param cachedJson\n */\n static deserializeJSONBlob(jsonFile: string): JsonCache {\n const deserializedCache = StringUtils.isEmpty(jsonFile)\n ? {}\n : JSON.parse(jsonFile);\n return deserializedCache;\n }\n\n /**\n * Deserializes accounts to AccountEntity objects\n * @param accounts\n */\n static deserializeAccounts(accounts: Record<string, SerializedAccountEntity>): AccountCache {\n const accountObjects: AccountCache = {};\n if (accounts) {\n Object.keys(accounts).map(function (key) {\n const serializedAcc = accounts[key];\n const mappedAcc = {\n homeAccountId: serializedAcc.home_account_id,\n environment: serializedAcc.environment,\n realm: serializedAcc.realm,\n localAccountId: serializedAcc.local_account_id,\n username: serializedAcc.username,\n authorityType: serializedAcc.authority_type,\n name: serializedAcc.name,\n clientInfo: serializedAcc.client_info,\n lastModificationTime: serializedAcc.last_modification_time,\n lastModificationApp: serializedAcc.last_modification_app,\n };\n const account: AccountEntity = new AccountEntity();\n CacheManager.toObject(account, mappedAcc);\n accountObjects[key] = account;\n });\n }\n\n return accountObjects;\n }\n\n /**\n * Deserializes id tokens to IdTokenEntity objects\n * @param idTokens\n */\n static deserializeIdTokens(idTokens: Record<string, SerializedIdTokenEntity>): IdTokenCache {\n const idObjects: IdTokenCache = {};\n if (idTokens) {\n Object.keys(idTokens).map(function (key) {\n const serializedIdT = idTokens[key];\n const mappedIdT = {\n homeAccountId: serializedIdT.home_account_id,\n environment: serializedIdT.environment,\n credentialType: serializedIdT.credential_type,\n clientId: serializedIdT.client_id,\n secret: serializedIdT.secret,\n realm: serializedIdT.realm,\n };\n const idToken: IdTokenEntity = new IdTokenEntity();\n CacheManager.toObject(idToken, mappedIdT);\n idObjects[key] = idToken;\n });\n }\n return idObjects;\n }\n\n /**\n * Deserializes access tokens to AccessTokenEntity objects\n * @param accessTokens\n */\n static deserializeAccessTokens(accessTokens: Record<string, SerializedAccessTokenEntity>): AccessTokenCache {\n const atObjects: AccessTokenCache = {};\n if (accessTokens) {\n Object.keys(accessTokens).map(function (key) {\n const serializedAT = accessTokens[key];\n const mappedAT = {\n homeAccountId: serializedAT.home_account_id,\n environment: serializedAT.environment,\n credentialType: serializedAT.credential_type,\n clientId: serializedAT.client_id,\n secret: serializedAT.secret,\n realm: serializedAT.realm,\n target: serializedAT.target,\n cachedAt: serializedAT.cached_at,\n expiresOn: serializedAT.expires_on,\n extendedExpiresOn: serializedAT.extended_expires_on,\n refreshOn: serializedAT.refresh_on,\n keyId: serializedAT.key_id,\n tokenType: serializedAT.token_type,\n requestedClaims: serializedAT.requestedClaims,\n requestedClaimsHash: serializedAT.requestedClaimsHash,\n userAssertionHash: serializedAT.userAssertionHash,\n };\n const accessToken: AccessTokenEntity = new AccessTokenEntity();\n CacheManager.toObject(accessToken, mappedAT);\n atObjects[key] = accessToken;\n });\n }\n\n return atObjects;\n }\n\n /**\n * Deserializes refresh tokens to RefreshTokenEntity objects\n * @param refreshTokens\n */\n static deserializeRefreshTokens(refreshTokens: Record<string, SerializedRefreshTokenEntity>): RefreshTokenCache {\n const rtObjects: RefreshTokenCache = {};\n if (refreshTokens) {\n Object.keys(refreshTokens).map(function (key) {\n const serializedRT = refreshTokens[key];\n const mappedRT = {\n homeAccountId: serializedRT.home_account_id,\n environment: serializedRT.environment,\n credentialType: serializedRT.credential_type,\n clientId: serializedRT.client_id,\n secret: serializedRT.secret,\n familyId: serializedRT.family_id,\n target: serializedRT.target,\n realm: serializedRT.realm,\n };\n const refreshToken: RefreshTokenEntity = new RefreshTokenEntity();\n CacheManager.toObject(refreshToken, mappedRT);\n rtObjects[key] = refreshToken;\n });\n }\n\n return rtObjects;\n }\n\n /**\n * Deserializes appMetadata to AppMetaData objects\n * @param appMetadata\n */\n static deserializeAppMetadata(appMetadata: Record<string, SerializedAppMetadataEntity>): AppMetadataCache {\n const appMetadataObjects: AppMetadataCache = {};\n if (appMetadata) {\n Object.keys(appMetadata).map(function (key) {\n const serializedAmdt = appMetadata[key];\n const mappedAmd = {\n clientId: serializedAmdt.client_id,\n environment: serializedAmdt.environment,\n familyId: serializedAmdt.family_id,\n };\n const amd: AppMetadataEntity = new AppMetadataEntity();\n CacheManager.toObject(amd, mappedAmd);\n appMetadataObjects[key] = amd;\n });\n }\n\n return appMetadataObjects;\n }\n\n /**\n * Deserialize an inMemory Cache\n * @param jsonCache\n */\n static deserializeAllCache(jsonCache: JsonCache): InMemoryCache {\n return {\n accounts: jsonCache.Account\n ? this.deserializeAccounts(jsonCache.Account)\n : {},\n idTokens: jsonCache.IdToken\n ? this.deserializeIdTokens(jsonCache.IdToken)\n : {},\n accessTokens: jsonCache.AccessToken\n ? this.deserializeAccessTokens(jsonCache.AccessToken)\n : {},\n refreshTokens: jsonCache.RefreshToken\n ? this.deserializeRefreshTokens(jsonCache.RefreshToken)\n : {},\n appMetadata: jsonCache.AppMetadata\n ? this.deserializeAppMetadata(jsonCache.AppMetadata)\n : {},\n };\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AccountCache, IdTokenCache, AccessTokenCache, RefreshTokenCache, AppMetadataCache } from \"@azure/msal-common\";\nimport { InMemoryCache, JsonCache, SerializedAccountEntity, SerializedIdTokenEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedAppMetadataEntity } from \"./SerializerTypes\";\n\nexport class Serializer {\n /**\n * serialize the JSON blob\n * @param data\n */\n static serializeJSONBlob(data: JsonCache): string {\n return JSON.stringify(data);\n }\n\n /**\n * Serialize Accounts\n * @param accCache\n */\n static serializeAccounts(accCache: AccountCache): Record<string, SerializedAccountEntity> {\n const accounts: Record<string, SerializedAccountEntity> = {};\n Object.keys(accCache).map(function (key) {\n const accountEntity = accCache[key];\n accounts[key] = {\n home_account_id: accountEntity.homeAccountId,\n environment: accountEntity.environment,\n realm: accountEntity.realm,\n local_account_id: accountEntity.localAccountId,\n username: accountEntity.username,\n authority_type: accountEntity.authorityType,\n name: accountEntity.name,\n client_info: accountEntity.clientInfo,\n last_modification_time: accountEntity.lastModificationTime,\n last_modification_app: accountEntity.lastModificationApp,\n };\n });\n\n return accounts;\n }\n\n /**\n * Serialize IdTokens\n * @param idTCache\n */\n static serializeIdTokens(idTCache: IdTokenCache): Record<string, SerializedIdTokenEntity> {\n const idTokens: Record<string, SerializedIdTokenEntity> = {};\n Object.keys(idTCache).map(function (key) {\n const idTEntity = idTCache[key];\n idTokens[key] = {\n home_account_id: idTEntity.homeAccountId,\n environment: idTEntity.environment,\n credential_type: idTEntity.credentialType,\n client_id: idTEntity.clientId,\n secret: idTEntity.secret,\n realm: idTEntity.realm,\n };\n });\n\n return idTokens;\n }\n\n /**\n * Serializes AccessTokens\n * @param atCache\n */\n static serializeAccessTokens(atCache: AccessTokenCache): Record<string, SerializedAccessTokenEntity> {\n const accessTokens: Record<string, SerializedAccessTokenEntity> = {};\n Object.keys(atCache).map(function (key) {\n const atEntity = atCache[key];\n accessTokens[key] = {\n home_account_id: atEntity.homeAccountId,\n environment: atEntity.environment,\n credential_type: atEntity.credentialType,\n client_id: atEntity.clientId,\n secret: atEntity.secret,\n realm: atEntity.realm,\n target: atEntity.target,\n cached_at: atEntity.cachedAt,\n expires_on: atEntity.expiresOn,\n extended_expires_on: atEntity.extendedExpiresOn,\n refresh_on: atEntity.refreshOn,\n key_id: atEntity.keyId,\n token_type: atEntity.tokenType,\n requestedClaims: atEntity.requestedClaims,\n requestedClaimsHash: atEntity.requestedClaimsHash,\n userAssertionHash: atEntity.userAssertionHash\n };\n });\n\n return accessTokens;\n }\n\n /**\n * Serialize refreshTokens\n * @param rtCache\n */\n static serializeRefreshTokens(rtCache: RefreshTokenCache): Record<string, SerializedRefreshTokenEntity> {\n const refreshTokens: Record<string, SerializedRefreshTokenEntity> = {};\n Object.keys(rtCache).map(function (key) {\n const rtEntity = rtCache[key];\n refreshTokens[key] = {\n home_account_id: rtEntity.homeAccountId,\n environment: rtEntity.environment,\n credential_type: rtEntity.credentialType,\n client_id: rtEntity.clientId,\n secret: rtEntity.secret,\n family_id: rtEntity.familyId,\n target: rtEntity.target,\n realm: rtEntity.realm\n };\n });\n\n return refreshTokens;\n }\n\n /**\n * Serialize amdtCache\n * @param amdtCache\n */\n static serializeAppMetadata(amdtCache: AppMetadataCache): Record<string, SerializedAppMetadataEntity> {\n const appMetadata: Record<string, SerializedAppMetadataEntity> = {};\n Object.keys(amdtCache).map(function (key) {\n const amdtEntity = amdtCache[key];\n appMetadata[key] = {\n client_id: amdtEntity.clientId,\n environment: amdtEntity.environment,\n family_id: amdtEntity.familyId,\n };\n });\n\n return appMetadata;\n }\n\n /**\n * Serialize the cache\n * @param jsonContent\n */\n static serializeAllCache(inMemCache: InMemoryCache): JsonCache {\n return {\n Account: this.serializeAccounts(inMemCache.accounts),\n IdToken: this.serializeIdTokens(inMemCache.idTokens),\n AccessToken: this.serializeAccessTokens(inMemCache.accessTokens),\n RefreshToken: this.serializeRefreshTokens(inMemCache.refreshTokens),\n AppMetadata: this.serializeAppMetadata(inMemCache.appMetadata),\n };\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AccountEntity,\n IdTokenEntity,\n AccessTokenEntity,\n RefreshTokenEntity,\n AppMetadataEntity,\n ServerTelemetryEntity,\n ThrottlingEntity,\n CacheManager,\n Logger,\n ValidCacheType,\n ICrypto,\n AuthorityMetadataEntity,\n ValidCredentialType\n} from \"@azure/msal-common\";\nimport { Deserializer } from \"./serializer/Deserializer\";\nimport { Serializer } from \"./serializer/Serializer\";\nimport { InMemoryCache, JsonCache, CacheKVStore } from \"./serializer/SerializerTypes\";\n\n/**\n * This class implements Storage for node, reading cache from user specified storage location or an extension library\n * @public\n */\nexport class NodeStorage extends CacheManager {\n // Cache configuration, either set by user or default values.\n private logger: Logger;\n private cache: CacheKVStore = {};\n private changeEmitters: Array<Function> = [];\n\n constructor(logger: Logger, clientId: string, cryptoImpl: ICrypto) {\n super(clientId, cryptoImpl);\n this.logger = logger;\n }\n\n /**\n * Queue up callbacks\n * @param func - a callback function for cache change indication\n */\n registerChangeEmitter(func: () => void): void {\n this.changeEmitters.push(func);\n }\n\n /**\n * Invoke the callback when cache changes\n */\n emitChange(): void {\n this.changeEmitters.forEach(func => func.call(null));\n }\n\n /**\n * Converts cacheKVStore to InMemoryCache\n * @param cache - key value store\n */\n cacheToInMemoryCache(cache: CacheKVStore): InMemoryCache {\n const inMemoryCache: InMemoryCache = {\n accounts: {},\n idTokens: {},\n accessTokens: {},\n refreshTokens: {},\n appMetadata: {},\n };\n\n for (const key in cache) {\n if (cache[key as string] instanceof AccountEntity) {\n inMemoryCache.accounts[key] = cache[key] as AccountEntity;\n } else if (cache[key] instanceof IdTokenEntity) {\n inMemoryCache.idTokens[key] = cache[key] as IdTokenEntity;\n } else if (cache[key] instanceof AccessTokenEntity) {\n inMemoryCache.accessTokens[key] = cache[key] as AccessTokenEntity;\n } else if (cache[key] instanceof RefreshTokenEntity) {\n inMemoryCache.refreshTokens[key] = cache[key] as RefreshTokenEntity;\n } else if (cache[key] instanceof AppMetadataEntity) {\n inMemoryCache.appMetadata[key] = cache[key] as AppMetadataEntity;\n } else {\n continue;\n }\n }\n\n return inMemoryCache;\n }\n\n /**\n * converts inMemoryCache to CacheKVStore\n * @param inMemoryCache - kvstore map for inmemory\n */\n inMemoryCacheToCache(inMemoryCache: InMemoryCache): CacheKVStore {\n\n // convert in memory cache to a flat Key-Value map\n let cache = this.getCache();\n\n cache = {\n ...cache,\n ...inMemoryCache.accounts,\n ...inMemoryCache.idTokens,\n ...inMemoryCache.accessTokens,\n ...inMemoryCache.refreshTokens,\n ...inMemoryCache.appMetadata\n };\n\n // convert in memory cache to a flat Key-Value map\n return cache;\n }\n\n /**\n * gets the current in memory cache for the client\n */\n getInMemoryCache(): InMemoryCache {\n this.logger.trace(\"Getting in-memory cache\");\n\n // convert the cache key value store to inMemoryCache\n const inMemoryCache = this.cacheToInMemoryCache(this.getCache());\n return inMemoryCache;\n }\n\n /**\n * sets the current in memory cache for the client\n * @param inMemoryCache - key value map in memory\n */\n setInMemoryCache(inMemoryCache: InMemoryCache): void{\n this.logger.trace(\"Setting in-memory cache\");\n\n // convert and append the inMemoryCache to cacheKVStore\n const cache = this.inMemoryCacheToCache(inMemoryCache);\n this.setCache(cache);\n\n this.emitChange();\n }\n\n /**\n * get the current cache key-value store\n */\n getCache(): CacheKVStore {\n this.logger.trace(\"Getting cache key-value store\");\n return this.cache;\n }\n\n /**\n * sets the current cache (key value store)\n * @param cacheMap - key value map\n */\n setCache(cache: CacheKVStore): void {\n this.logger.trace(\"Setting cache key value store\");\n this.cache = cache;\n\n // mark change in cache\n this.emitChange();\n }\n\n /**\n * Gets cache item with given key.\n * @param key - lookup key for the cache entry\n */\n getItem(key: string): ValidCacheType {\n this.logger.tracePii(`Item key: ${key}`);\n\n // read cache\n const cache = this.getCache();\n return cache[key];\n }\n\n /**\n * Gets cache item with given key-value\n * @param key - lookup key for the cache entry\n * @param value - value of the cache entry\n */\n setItem(key: string, value: ValidCacheType): void {\n this.logger.tracePii(`Item key: ${key}`);\n\n // read cache\n const cache = this.getCache();\n cache[key] = value;\n\n // write to cache\n this.setCache(cache);\n }\n\n /**\n * fetch the account entity\n * @param accountKey - lookup key to fetch cache type AccountEntity\n */\n getAccount(accountKey: string): AccountEntity | null {\n const account = this.getItem(accountKey) as AccountEntity;\n if (AccountEntity.isAccountEntity(account)) {\n return account;\n }\n return null;\n }\n\n /**\n * set account entity\n * @param account - cache value to be set of type AccountEntity\n */\n setAccount(account: AccountEntity): void {\n const accountKey = account.generateAccountKey();\n this.setItem(accountKey, account);\n }\n\n /**\n * fetch the idToken credential\n * @param idTokenKey - lookup key to fetch cache type IdTokenEntity\n */\n getIdTokenCredential(idTokenKey: string): IdTokenEntity | null {\n const idToken = this.getItem(idTokenKey) as IdTokenEntity;\n if (IdTokenEntity.isIdTokenEntity(idToken)) {\n return idToken;\n }\n return null;\n }\n\n /**\n * set idToken credential\n * @param idToken - cache value to be set of type IdTokenEntity\n */\n setIdTokenCredential(idToken: IdTokenEntity): void {\n const idTokenKey = idToken.generateCredentialKey();\n this.setItem(idTokenKey, idToken);\n }\n\n /**\n * fetch the accessToken credential\n * @param accessTokenKey - lookup key to fetch cache type AccessTokenEntity\n */\n getAccessTokenCredential(accessTokenKey: string): AccessTokenEntity | null {\n const accessToken = this.getItem(accessTokenKey) as AccessTokenEntity;\n if (AccessTokenEntity.isAccessTokenEntity(accessToken)) {\n return accessToken;\n }\n return null;\n }\n\n /**\n * set accessToken credential\n * @param accessToken - cache value to be set of type AccessTokenEntity\n */\n setAccessTokenCredential(accessToken: AccessTokenEntity): void {\n const accessTokenKey = accessToken.generateCredentialKey();\n this.setItem(accessTokenKey, accessToken);\n }\n\n /**\n * fetch the refreshToken credential\n * @param refreshTokenKey - lookup key to fetch cache type RefreshTokenEntity\n */\n getRefreshTokenCredential(refreshTokenKey: string): RefreshTokenEntity | null {\n const refreshToken = this.getItem(refreshTokenKey) as RefreshTokenEntity;\n if (RefreshTokenEntity.isRefreshTokenEntity(refreshToken)) {\n return refreshToken as RefreshTokenEntity;\n }\n return null;\n }\n\n /**\n * set refreshToken credential\n * @param refreshToken - cache value to be set of type RefreshTokenEntity\n */\n setRefreshTokenCredential(refreshToken: RefreshTokenEntity): void {\n const refreshTokenKey = refreshToken.generateCredentialKey();\n this.setItem(refreshTokenKey, refreshToken);\n }\n\n /**\n * fetch appMetadata entity from the platform cache\n * @param appMetadataKey - lookup key to fetch cache type AppMetadataEntity\n */\n getAppMetadata(appMetadataKey: string): AppMetadataEntity | null {\n const appMetadata: AppMetadataEntity = this.getItem(appMetadataKey) as AppMetadataEntity;\n if (AppMetadataEntity.isAppMetadataEntity(appMetadataKey, appMetadata)) {\n return appMetadata;\n }\n return null;\n }\n\n /**\n * set appMetadata entity to the platform cache\n * @param appMetadata - cache value to be set of type AppMetadataEntity\n */\n setAppMetadata(appMetadata: AppMetadataEntity): void {\n const appMetadataKey = appMetadata.generateAppMetadataKey();\n this.setItem(appMetadataKey, appMetadata);\n }\n\n /**\n * fetch server telemetry entity from the platform cache\n * @param serverTelemetrykey - lookup key to fetch cache type ServerTelemetryEntity\n */\n getServerTelemetry(serverTelemetrykey: string): ServerTelemetryEntity | null {\n const serverTelemetryEntity: ServerTelemetryEntity = this.getItem(serverTelemetrykey) as ServerTelemetryEntity;\n if (serverTelemetryEntity && ServerTelemetryEntity.isServerTelemetryEntity(serverTelemetrykey, serverTelemetryEntity)) {\n return serverTelemetryEntity;\n }\n return null;\n }\n\n /**\n * set server telemetry entity to the platform cache\n * @param serverTelemetryKey - lookup key to fetch cache type ServerTelemetryEntity\n * @param serverTelemetry - cache value to be set of type ServerTelemetryEntity\n */\n setServerTelemetry(serverTelemetryKey: string, serverTelemetry: ServerTelemetryEntity): void {\n this.setItem(serverTelemetryKey, serverTelemetry);\n }\n\n /**\n * fetch authority metadata entity from the platform cache\n * @param key - lookup key to fetch cache type AuthorityMetadataEntity\n */\n getAuthorityMetadata(key: string): AuthorityMetadataEntity | null {\n const authorityMetadataEntity: AuthorityMetadataEntity = this.getItem(key) as AuthorityMetadataEntity;\n if (authorityMetadataEntity && AuthorityMetadataEntity.isAuthorityMetadataEntity(key, authorityMetadataEntity)) {\n return authorityMetadataEntity;\n }\n return null;\n }\n\n /**\n * Get all authority metadata keys\n */\n getAuthorityMetadataKeys(): Array<string> {\n return this.getKeys().filter((key) => {\n return this.isAuthorityMetadata(key);\n });\n }\n\n /**\n * set authority metadata entity to the platform cache\n * @param key - lookup key to fetch cache type AuthorityMetadataEntity\n * @param metadata - cache value to be set of type AuthorityMetadataEntity\n */\n setAuthorityMetadata(key: string, metadata: AuthorityMetadataEntity): void {\n this.setItem(key, metadata);\n }\n\n /**\n * fetch throttling entity from the platform cache\n * @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity\n */\n getThrottlingCache(throttlingCacheKey: string): ThrottlingEntity | null {\n const throttlingCache: ThrottlingEntity = this.getItem(throttlingCacheKey) as ThrottlingEntity;\n if (throttlingCache && ThrottlingEntity.isThrottlingEntity(throttlingCacheKey, throttlingCache)) {\n return throttlingCache;\n }\n return null;\n }\n\n /**\n * set throttling entity to the platform cache\n * @param throttlingCacheKey - lookup key to fetch cache type ThrottlingEntity\n * @param throttlingCache - cache value to be set of type ThrottlingEntity\n */\n setThrottlingCache(throttlingCacheKey: string, throttlingCache: ThrottlingEntity): void {\n this.setItem(throttlingCacheKey, throttlingCache);\n }\n\n /**\n * Removes the cache item from memory with the given key.\n * @param key - lookup key to remove a cache entity\n * @param inMemory - key value map of the cache\n */\n removeItem(key: string): boolean {\n this.logger.tracePii(`Item key: ${key}`);\n\n // read inMemoryCache\n let result: boolean = false;\n const cache = this.getCache();\n\n if (!!cache[key]) {\n delete cache[key];\n result = true;\n }\n\n // write to the cache after removal\n if (result) {\n this.setCache(cache);\n this.emitChange();\n }\n return result;\n }\n\n /**\n * Checks whether key is in cache.\n * @param key - look up key for a cache entity\n */\n containsKey(key: string): boolean {\n return this.getKeys().includes(key);\n }\n\n /**\n * Gets all keys in window.\n */\n getKeys(): string[] {\n this.logger.trace(\"Retrieving all cache keys\");\n\n // read cache\n const cache = this.getCache();\n return [ ...Object.keys(cache)];\n }\n\n /**\n * Clears all cache entries created by MSAL (except tokens).\n */\n async clear(): Promise<void> {\n this.logger.trace(\"Clearing cache entries created by MSAL\");\n\n // read inMemoryCache\n const cacheKeys = this.getKeys();\n\n // delete each element\n cacheKeys.forEach(key => {\n this.removeItem(key);\n });\n this.emitChange();\n }\n\n /**\n * Initialize in memory cache from an exisiting cache vault\n * @param cache - blob formatted cache (JSON)\n */\n static generateInMemoryCache(cache: string): InMemoryCache {\n return Deserializer.deserializeAllCache(\n Deserializer.deserializeJSONBlob(cache)\n );\n }\n\n /**\n * retrieves the final JSON\n * @param inMemoryCache - itemised cache read from the JSON\n */\n static generateJsonCache(inMemoryCache: InMemoryCache): JsonCache {\n return Serializer.serializeAllCache(inMemoryCache);\n }\n\n /**\n * Updates a credential's cache key if the current cache key is outdated\n */\n updateCredentialCacheKey(currentCacheKey: string, credential: ValidCredentialType): string {\n const updatedCacheKey = credential.generateCredentialKey();\n\n if (currentCacheKey !== updatedCacheKey) {\n const cacheItem = this.getItem(currentCacheKey);\n if (cacheItem) {\n this.removeItem(currentCacheKey);\n this.setItem(updatedCacheKey, cacheItem);\n this.logger.verbose(`Updated an outdated ${credential.credentialType} cache key`);\n return updatedCacheKey;\n } else {\n this.logger.error(`Attempted to update an outdated ${credential.credentialType} cache key but no item matching the outdated key was found in storage`);\n }\n }\n\n return currentCacheKey;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { NodeStorage } from \"./NodeStorage\";\nimport { StringUtils, AccountEntity, AccountInfo, Logger, ISerializableTokenCache, ICachePlugin, TokenCacheContext } from \"@azure/msal-common\";\nimport { InMemoryCache, JsonCache, SerializedAccountEntity, SerializedAccessTokenEntity, SerializedRefreshTokenEntity, SerializedIdTokenEntity, SerializedAppMetadataEntity, CacheKVStore } from \"./serializer/SerializerTypes\";\nimport { Deserializer } from \"./serializer/Deserializer\";\nimport { Serializer } from \"./serializer/Serializer\";\nimport { ITokenCache } from \"./ITokenCache\";\n\nconst defaultSerializedCache: JsonCache = {\n Account: {},\n IdToken: {},\n AccessToken: {},\n RefreshToken: {},\n AppMetadata: {},\n};\n\n/**\n * In-memory token cache manager\n * @public\n */\nexport class TokenCache implements ISerializableTokenCache, ITokenCache {\n\n private storage: NodeStorage;\n private cacheHasChanged: boolean;\n private cacheSnapshot: string;\n private readonly persistence: ICachePlugin;\n private logger: Logger;\n\n constructor(storage: NodeStorage, logger: Logger, cachePlugin?: ICachePlugin) {\n this.cacheHasChanged = false;\n this.storage = storage;\n this.storage.registerChangeEmitter(this.handleChangeEvent.bind(this));\n if (cachePlugin) {\n this.persistence = cachePlugin;\n }\n this.logger = logger;\n }\n\n /**\n * Set to true if cache state has changed since last time serialize or writeToPersistence was called\n */\n hasChanged(): boolean {\n return this.cacheHasChanged;\n }\n\n /**\n * Serializes in memory cache to JSON\n */\n serialize(): string {\n this.logger.trace(\"Serializing in-memory cache\");\n let finalState = Serializer.serializeAllCache(\n this.storage.getInMemoryCache() as InMemoryCache\n );\n\n // if cacheSnapshot not null or empty, merge\n if (!StringUtils.isEmpty(this.cacheSnapshot)) {\n this.logger.trace(\"Reading cache snapshot from disk\");\n finalState = this.mergeState(\n JSON.parse(this.cacheSnapshot),\n finalState\n );\n } else {\n this.logger.trace(\"No cache snapshot to merge\");\n }\n this.cacheHasChanged = false;\n\n return JSON.stringify(finalState);\n }\n\n /**\n * Deserializes JSON to in-memory cache. JSON should be in MSAL cache schema format\n * @param cache - blob formatted cache\n */\n deserialize(cache: string): void {\n this.logger.trace(\"Deserializing JSON to in-memory cache\");\n this.cacheSnapshot = cache;\n\n if (!StringUtils.isEmpty(this.cacheSnapshot)) {\n this.logger.trace(\"Reading cache snapshot from disk\");\n const deserializedCache = Deserializer.deserializeAllCache(\n this.overlayDefaults(JSON.parse(this.cacheSnapshot))\n );\n this.storage.setInMemoryCache(deserializedCache);\n } else {\n this.logger.trace(\"No cache snapshot to deserialize\");\n }\n }\n\n /**\n * Fetches the cache key-value map\n */\n getKVStore(): CacheKVStore {\n return this.storage.getCache();\n }\n\n /**\n * API that retrieves all accounts currently in cache to the user\n */\n async getAllAccounts(): Promise<AccountInfo[]> {\n\n this.logger.trace(\"getAllAccounts called\");\n let cacheContext;\n try {\n if (this.persistence) {\n cacheContext = new TokenCacheContext(this, false);\n await this.persistence.beforeCacheAccess(cacheContext);\n }\n return this.storage.getAllAccounts();\n } finally {\n if (this.persistence && cacheContext) {\n await this.persistence.afterCacheAccess(cacheContext);\n }\n }\n }\n\n /**\n * Returns the signed in account matching homeAccountId.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found\n * @param homeAccountId - unique identifier for an account (uid.utid)\n */\n async getAccountByHomeId(homeAccountId: string): Promise<AccountInfo | null> {\n const allAccounts = await this.getAllAccounts();\n if (!StringUtils.isEmpty(homeAccountId) && allAccounts && allAccounts.length) {\n return allAccounts.filter(accountObj => accountObj.homeAccountId === homeAccountId)[0] || null;\n } else {\n return null;\n }\n }\n\n /**\n * Returns the signed in account matching localAccountId.\n * (the account object is created at the time of successful login)\n * or null when no matching account is found\n * @param localAccountId - unique identifier of an account (sub/obj when homeAccountId cannot be populated)\n */\n async getAccountByLocalId(localAccountId: string): Promise<AccountInfo | null> {\n const allAccounts = await this.getAllAccounts();\n if (!StringUtils.isEmpty(localAccountId) && allAccounts && allAccounts.length) {\n return allAccounts.filter(accountObj => accountObj.localAccountId === localAccountId)[0] || null;\n } else {\n return null;\n }\n }\n\n /**\n * API to remove a specific account and the relevant data from cache\n * @param account - AccountInfo passed by the user\n */\n async removeAccount(account: AccountInfo): Promise<void> {\n this.logger.trace(\"removeAccount called\");\n let cacheContext;\n try {\n if (this.persistence) {\n cacheContext = new TokenCacheContext(this, true);\n await this.persistence.beforeCacheAccess(cacheContext);\n }\n await this.storage.removeAccount(AccountEntity.generateAccountCacheKey(account));\n } finally {\n if (this.persistence && cacheContext) {\n await this.persistence.afterCacheAccess(cacheContext);\n }\n }\n }\n\n /**\n * Called when the cache has changed state.\n */\n private handleChangeEvent() {\n this.cacheHasChanged = true;\n }\n\n /**\n * Merge in memory cache with the cache snapshot.\n * @param oldState - cache before changes\n * @param currentState - current cache state in the library\n */\n private mergeState(oldState: JsonCache, currentState: JsonCache): JsonCache {\n this.logger.trace(\"Merging in-memory cache with cache snapshot\");\n const stateAfterRemoval = this.mergeRemovals(oldState, currentState);\n return this.mergeUpdates(stateAfterRemoval, currentState);\n }\n\n /**\n * Deep update of oldState based on newState values\n * @param oldState - cache before changes\n * @param newState - updated cache\n */\n private mergeUpdates(oldState: object, newState: object): JsonCache {\n Object.keys(newState).forEach((newKey: string) => {\n const newValue = newState[newKey];\n\n // if oldState does not contain value but newValue does, add it\n if (!oldState.hasOwnProperty(newKey)) {\n if (newValue !== null) {\n oldState[newKey] = newValue;\n }\n } else {\n // both oldState and newState contain the key, do deep update\n const newValueNotNull = newValue !== null;\n const newValueIsObject = typeof newValue === \"object\";\n const newValueIsNotArray = !Array.isArray(newValue);\n const oldStateNotUndefinedOrNull = typeof oldState[newKey] !== \"undefined\" && oldState[newKey] !== null;\n\n if (newValueNotNull && newValueIsObject && newValueIsNotArray && oldStateNotUndefinedOrNull) {\n this.mergeUpdates(oldState[newKey], newValue);\n } else {\n oldState[newKey] = newValue;\n }\n }\n });\n\n return oldState as JsonCache;\n }\n\n /**\n * Removes entities in oldState that the were removed from newState. If there are any unknown values in root of\n * oldState that are not recognized, they are left untouched.\n * @param oldState - cache before changes\n * @param newState - updated cache\n */\n private mergeRemovals(oldState: JsonCache, newState: JsonCache): JsonCache {\n this.logger.trace(\"Remove updated entries in cache\");\n const accounts = oldState.Account ? this.mergeRemovalsDict<SerializedAccountEntity>(oldState.Account, newState.Account) : oldState.Account;\n const accessTokens = oldState.AccessToken ? this.mergeRemovalsDict<SerializedAccessTokenEntity>(oldState.AccessToken, newState.AccessToken) : oldState.AccessToken;\n const refreshTokens = oldState.RefreshToken ? this.mergeRemovalsDict<SerializedRefreshTokenEntity>(oldState.RefreshToken, newState.RefreshToken) : oldState.RefreshToken;\n const idTokens = oldState.IdToken ? this.mergeRemovalsDict<SerializedIdTokenEntity>(oldState.IdToken, newState.IdToken) : oldState.IdToken;\n const appMetadata = oldState.AppMetadata ? this.mergeRemovalsDict<SerializedAppMetadataEntity>(oldState.AppMetadata, newState.AppMetadata) : oldState.AppMetadata;\n\n return {\n ...oldState,\n Account: accounts,\n AccessToken: accessTokens,\n RefreshToken: refreshTokens,\n IdToken: idTokens,\n AppMetadata: appMetadata\n };\n }\n\n /**\n * Helper to merge new cache with the old one\n * @param oldState - cache before changes\n * @param newState - updated cache\n */\n private mergeRemovalsDict<T>(oldState: Record<string, T>, newState?: Record<string, T>): Record<string, T> {\n const finalState = { ...oldState };\n Object.keys(oldState).forEach((oldKey) => {\n if (!newState || !(newState.hasOwnProperty(oldKey))) {\n delete finalState[oldKey];\n }\n });\n return finalState;\n }\n\n /**\n * Helper to overlay as a part of cache merge\n * @param passedInCache - cache read from the blob\n */\n private overlayDefaults(passedInCache: JsonCache): JsonCache {\n this.logger.trace(\"Overlaying input cache with the default cache\");\n return {\n Account: {\n ...defaultSerializedCache.Account,\n ...passedInCache.Account,\n },\n IdToken: {\n ...defaultSerializedCache.IdToken,\n ...passedInCache.IdToken,\n },\n AccessToken: {\n ...defaultSerializedCache.AccessToken,\n ...passedInCache.AccessToken,\n },\n RefreshToken: {\n ...defaultSerializedCache.RefreshToken,\n ...passedInCache.RefreshToken,\n },\n AppMetadata: {\n ...defaultSerializedCache.AppMetadata,\n ...passedInCache.AppMetadata,\n },\n };\n }\n}\n","/* eslint-disable header/header */\nexport const name = \"@azure/msal-node\";\nexport const version = \"1.14.5\";\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AuthError } from \"@azure/msal-common\";\n\n/**\n * NodeAuthErrorMessage class containing string constants used by error codes and messages.\n */\nexport const NodeAuthErrorMessage = {\n invalidLoopbackAddressType: {\n code: \"invalid_loopback_server_address_type\",\n desc: \"Loopback server address is not type string. This is unexpected.\"\n },\n unableToLoadRedirectUri: {\n code: \"unable_to_load_redirectUrl\",\n desc: \"Loopback server callback was invoked without a url. This is unexpected.\"\n },\n noAuthCodeInResponse: {\n code: \"no_auth_code_in_response\",\n desc: \"No auth code found in the server response. Please check your network trace to determine what happened.\"\n },\n noLoopbackServerExists: {\n code: \"no_loopback_server_exists\",\n desc: \"No loopback server exists yet.\"\n },\n loopbackServerAlreadyExists: {\n code: \"loopback_server_already_exists\",\n desc: \"Loopback server already exists. Cannot create another.\"\n },\n loopbackServerTimeout: {\n code: \"loopback_server_timeout\",\n desc: \"Timed out waiting for auth code listener to be registered.\"\n },\n stateNotFoundError: {\n code: \"state_not_found\",\n desc: \"State not found. Please verify that the request originated from msal.\"\n },\n};\n\nexport class NodeAuthError extends AuthError {\n constructor(errorCode: string, errorMessage?: string) {\n super(errorCode, errorMessage);\n this.name = \"NodeAuthError\";\n }\n\n /**\n * Creates an error thrown if loopback server address is of type string.\n */\n static createInvalidLoopbackAddressTypeError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.invalidLoopbackAddressType.code,\n `${NodeAuthErrorMessage.invalidLoopbackAddressType.desc}`);\n }\n\n /**\n * Creates an error thrown if the loopback server is unable to get a url.\n */\n static createUnableToLoadRedirectUrlError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.unableToLoadRedirectUri.code,\n `${NodeAuthErrorMessage.unableToLoadRedirectUri.desc}`);\n }\n\n /**\n * Creates an error thrown if the server response does not contain an auth code.\n */\n static createNoAuthCodeInResponseError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.noAuthCodeInResponse.code,\n `${NodeAuthErrorMessage.noAuthCodeInResponse.desc}`);\n }\n\n /**\n * Creates an error thrown if the loopback server has not been spun up yet.\n */\n static createNoLoopbackServerExistsError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.noLoopbackServerExists.code,\n `${NodeAuthErrorMessage.noLoopbackServerExists.desc}`);\n }\n\n /**\n * Creates an error thrown if a loopback server already exists when attempting to create another one.\n */\n static createLoopbackServerAlreadyExistsError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.loopbackServerAlreadyExists.code,\n `${NodeAuthErrorMessage.loopbackServerAlreadyExists.desc}`);\n }\n\n /**\n * Creates an error thrown if the loopback server times out registering the auth code listener.\n */\n static createLoopbackServerTimeoutError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.loopbackServerTimeout.code,\n `${NodeAuthErrorMessage.loopbackServerTimeout.desc}`);\n }\n\n /**\n * Creates an error thrown when the state is not present.\n */\n static createStateNotFoundError(): NodeAuthError {\n return new NodeAuthError(NodeAuthErrorMessage.stateNotFoundError.code, NodeAuthErrorMessage.stateNotFoundError.desc);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport {\n AuthorizationCodeClient,\n ClientConfiguration,\n RefreshTokenClient,\n AuthenticationResult,\n Authority,\n AuthorityFactory,\n BaseAuthRequest,\n SilentFlowClient,\n Logger,\n ServerTelemetryManager,\n ServerTelemetryRequest,\n CommonSilentFlowRequest,\n CommonRefreshTokenRequest,\n CommonAuthorizationCodeRequest,\n CommonAuthorizationUrlRequest,\n CommonUsernamePasswordRequest,\n UsernamePasswordClient,\n AuthenticationScheme,\n ResponseMode,\n AuthorityOptions,\n OIDC_DEFAULT_SCOPES,\n AzureRegionConfiguration,\n AuthError,\n AzureCloudOptions,\n AuthorizationCodePayload,\n StringUtils,\n ClientAuthError,\n Constants,\n} from \"@azure/msal-common\";\nimport { Configuration, buildAppConfiguration, NodeConfiguration } from \"../config/Configuration\";\nimport { CryptoProvider } from \"../crypto/CryptoProvider\";\nimport { NodeStorage } from \"../cache/NodeStorage\";\nimport { Constants as NodeConstants, ApiId } from \"../utils/Constants\";\nimport { TokenCache } from \"../cache/TokenCache\";\nimport { ClientAssertion } from \"./ClientAssertion\";\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest\";\nimport { AuthorizationCodeRequest } from \"../request/AuthorizationCodeRequest\";\nimport { RefreshTokenRequest } from \"../request/RefreshTokenRequest\";\nimport { SilentFlowRequest } from \"../request/SilentFlowRequest\";\nimport { version, name } from \"../packageMetadata\";\nimport { UsernamePasswordRequest } from \"../request/UsernamePasswordRequest\";\nimport { NodeAuthError } from \"../error/NodeAuthError\";\n\n/**\n * Base abstract class for all ClientApplications - public and confidential\n * @public\n */\nexport abstract class ClientApplication {\n\n protected readonly cryptoProvider: CryptoProvider;\n private tokenCache: TokenCache;\n\n /**\n * Platform storage object\n */\n protected storage: NodeStorage;\n /**\n * Logger object to log the application flow\n */\n protected logger: Logger;\n /**\n * Platform configuration initialized by the application\n */\n protected config: NodeConfiguration;\n /**\n * Client assertion passed by the user for confidential client flows\n */\n protected clientAssertion: ClientAssertion;\n /**\n * Client secret passed by the user for confidential client flows\n */\n protected clientSecret: string;\n\n /**\n * Constructor for the ClientApplication\n */\n protected constructor(configuration: Configuration) {\n this.config = buildAppConfiguration(configuration);\n this.cryptoProvider = new CryptoProvider();\n this.logger = new Logger(this.config.system.loggerOptions, name, version);\n this.storage = new NodeStorage(this.logger, this.config.auth.clientId, this.cryptoProvider);\n this.tokenCache = new TokenCache(\n this.storage,\n this.logger,\n this.config.cache.cachePlugin\n );\n }\n\n /**\n * Creates the URL of the authorization request, letting the user input credentials and consent to the\n * application. The URL targets the /authorize endpoint of the authority configured in the\n * application object.\n *\n * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI\n * sent in the request and should contain an authorization code, which can then be used to acquire tokens via\n * `acquireTokenByCode(AuthorizationCodeRequest)`.\n */\n async getAuthCodeUrl(request: AuthorizationUrlRequest): Promise<string> {\n this.logger.info(\"getAuthCodeUrl called\", request.correlationId);\n const validRequest: CommonAuthorizationUrlRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n responseMode: request.responseMode || ResponseMode.QUERY,\n authenticationScheme: AuthenticationScheme.BEARER\n };\n\n const authClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n undefined,\n undefined,\n request.azureCloudOptions\n );\n const authorizationCodeClient = new AuthorizationCodeClient(\n authClientConfig\n );\n this.logger.verbose(\"Auth code client created\", validRequest.correlationId);\n return authorizationCodeClient.getAuthCodeUrl(validRequest);\n }\n\n /**\n * Acquires a token by exchanging the Authorization Code received from the first step of OAuth2.0\n * Authorization Code flow.\n *\n * `getAuthCodeUrl(AuthorizationCodeUrlRequest)` can be used to create the URL for the first step of OAuth2.0\n * Authorization Code flow. Ensure that values for redirectUri and scopes in AuthorizationCodeUrlRequest and\n * AuthorizationCodeRequest are the same.\n */\n async acquireTokenByCode(request: AuthorizationCodeRequest, authCodePayLoad?: AuthorizationCodePayload): Promise<AuthenticationResult> {\n this.logger.info(\"acquireTokenByCode called\");\n if (request.state && authCodePayLoad){\n this.logger.info(\"acquireTokenByCode - validating state\");\n this.validateState(request.state, authCodePayLoad.state || \"\");\n // eslint-disable-next-line no-param-reassign\n authCodePayLoad= {...authCodePayLoad, state: \"\"};\n }\n const validRequest: CommonAuthorizationCodeRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n authenticationScheme: AuthenticationScheme.BEARER\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByCode, validRequest.correlationId);\n try {\n const authClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const authorizationCodeClient = new AuthorizationCodeClient(\n authClientConfig\n );\n this.logger.verbose(\"Auth code client created\", validRequest.correlationId);\n return authorizationCodeClient.acquireToken(validRequest, authCodePayLoad);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires a token by exchanging the refresh token provided for a new set of tokens.\n *\n * This API is provided only for scenarios where you would like to migrate from ADAL to MSAL. Otherwise, it is\n * recommended that you use `acquireTokenSilent()` for silent scenarios. When using `acquireTokenSilent()`, MSAL will\n * handle the caching and refreshing of tokens automatically.\n */\n async acquireTokenByRefreshToken(request: RefreshTokenRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByRefreshToken called\", request.correlationId);\n const validRequest: CommonRefreshTokenRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n authenticationScheme: AuthenticationScheme.BEARER\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByRefreshToken, validRequest.correlationId);\n try {\n const refreshTokenClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const refreshTokenClient = new RefreshTokenClient(\n refreshTokenClientConfig\n );\n this.logger.verbose(\"Refresh token client created\", validRequest.correlationId);\n return refreshTokenClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires a token silently when a user specifies the account the token is requested for.\n *\n * This API expects the user to provide an account object and looks into the cache to retrieve the token if present.\n * There is also an optional \"forceRefresh\" boolean the user can send to bypass the cache for access_token and id_token.\n * In case the refresh_token is expired or not found, an error is thrown\n * and the guidance is for the user to call any interactive token acquisition API (eg: `acquireTokenByCode()`).\n */\n async acquireTokenSilent(request: SilentFlowRequest): Promise<AuthenticationResult | null> {\n const validRequest: CommonSilentFlowRequest = {\n ...request,\n ... await this.initializeBaseRequest(request),\n forceRefresh: request.forceRefresh || false\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenSilent, validRequest.correlationId, validRequest.forceRefresh);\n try {\n const silentFlowClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const silentFlowClient = new SilentFlowClient(\n silentFlowClientConfig\n );\n this.logger.verbose(\"Silent flow client created\", validRequest.correlationId);\n return silentFlowClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires tokens with password grant by exchanging client applications username and password for credentials\n *\n * The latest OAuth 2.0 Security Best Current Practice disallows the password grant entirely.\n * More details on this recommendation at https://tools.ietf.org/html/draft-ietf-oauth-security-topics-13#section-3.4\n * Microsoft's documentation and recommendations are at:\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows#usernamepassword\n *\n * @param request - UsenamePasswordRequest\n */\n async acquireTokenByUsernamePassword(request: UsernamePasswordRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByUsernamePassword called\", request.correlationId);\n const validRequest: CommonUsernamePasswordRequest = {\n ...request,\n ... await this.initializeBaseRequest(request)\n };\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByUsernamePassword, validRequest.correlationId);\n try {\n const usernamePasswordClientConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const usernamePasswordClient = new UsernamePasswordClient(usernamePasswordClientConfig);\n this.logger.verbose(\"Username password client created\", validRequest.correlationId);\n return usernamePasswordClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Gets the token cache for the application.\n */\n getTokenCache(): TokenCache {\n this.logger.info(\"getTokenCache called\");\n return this.tokenCache;\n }\n\n /**\n * Validates OIDC state by comparing the user cached state with the state received from the server.\n * \n * This API is provided for scenarios where you would use OAuth2.0 state parameter to mitigate against\n * CSRF attacks.\n * For more information about state, visit https://datatracker.ietf.org/doc/html/rfc6819#section-3.6.\n * @param state\n * @param cachedState\n */\n protected validateState(state: string, cachedState: string): void {\n if(!state) {\n throw NodeAuthError.createStateNotFoundError();\n }\n\n if(state !== cachedState) {\n throw ClientAuthError.createStateMismatchError();\n }\n }\n\n /**\n * Returns the logger instance\n */\n getLogger(): Logger {\n return this.logger;\n }\n\n /**\n * Replaces the default logger set in configurations with new Logger with new configurations\n * @param logger - Logger instance\n */\n setLogger(logger: Logger): void {\n this.logger = logger;\n }\n\n /**\n * Builds the common configuration to be passed to the common component based on the platform configurarion\n * @param authority - user passed authority in configuration\n * @param serverTelemetryManager - initializes servertelemetry if passed\n */\n protected async buildOauthClientConfiguration(\n authority: string,\n requestCorrelationId?: string, \n serverTelemetryManager?: ServerTelemetryManager,\n azureRegionConfiguration?: AzureRegionConfiguration, \n azureCloudOptions?: AzureCloudOptions): Promise<ClientConfiguration> {\n \n this.logger.verbose(\"buildOauthClientConfiguration called\", requestCorrelationId);\n\n // precedence - azureCloudInstance + tenant >> authority and request >> config\n const userAzureCloudOptions = azureCloudOptions ? azureCloudOptions : this.config.auth.azureCloudOptions;\n\n // using null assertion operator as we ensure that all config values have default values in buildConfiguration()\n this.logger.verbose(`building oauth client configuration with the authority: ${authority}`, requestCorrelationId);\n const discoveredAuthority = await this.createAuthority(authority, azureRegionConfiguration, requestCorrelationId, userAzureCloudOptions);\n\n serverTelemetryManager?.updateRegionDiscoveryMetadata(discoveredAuthority.regionDiscoveryMetadata);\n\n const clientConfiguration: ClientConfiguration = {\n authOptions: {\n clientId: this.config.auth.clientId,\n authority: discoveredAuthority,\n clientCapabilities: this.config.auth.clientCapabilities\n },\n systemOptions: {\n proxyUrl: this.config.system.proxyUrl,\n },\n loggerOptions: {\n logLevel: this.config.system.loggerOptions.logLevel,\n loggerCallback: this.config.system.loggerOptions\n .loggerCallback,\n piiLoggingEnabled: this.config.system.loggerOptions\n .piiLoggingEnabled,\n correlationId: requestCorrelationId\n },\n cryptoInterface: this.cryptoProvider,\n networkInterface: this.config.system.networkClient,\n storageInterface: this.storage,\n serverTelemetryManager: serverTelemetryManager,\n clientCredentials: {\n clientSecret: this.clientSecret,\n clientAssertion: this.clientAssertion ? this.getClientAssertion(discoveredAuthority) : undefined,\n },\n libraryInfo: {\n sku: NodeConstants.MSAL_SKU,\n version: version,\n cpu: process.arch || Constants.EMPTY_STRING,\n os: process.platform || Constants.EMPTY_STRING,\n },\n telemetry: this.config.telemetry,\n persistencePlugin: this.config.cache.cachePlugin,\n serializableCache: this.tokenCache \n };\n\n return clientConfiguration;\n }\n\n private getClientAssertion(authority: Authority): { assertion: string, assertionType: string } {\n return {\n assertion: this.clientAssertion.getJwt(this.cryptoProvider, this.config.auth.clientId, authority.tokenEndpoint),\n assertionType: NodeConstants.JWT_BEARER_ASSERTION_TYPE\n };\n }\n\n /**\n * Generates a request with the default scopes & generates a correlationId.\n * @param authRequest - BaseAuthRequest for initialization\n */\n protected async initializeBaseRequest(authRequest: Partial<BaseAuthRequest>): Promise<BaseAuthRequest> {\n this.logger.verbose(\"initializeRequestScopes called\", authRequest.correlationId);\n // Default authenticationScheme to Bearer, log that POP isn't supported yet\n if (authRequest.authenticationScheme && authRequest.authenticationScheme === AuthenticationScheme.POP) {\n this.logger.verbose(\"Authentication Scheme 'pop' is not supported yet, setting Authentication Scheme to 'Bearer' for request\", authRequest.correlationId);\n }\n\n authRequest.authenticationScheme = AuthenticationScheme.BEARER;\n\n // Set requested claims hash if claims were requested\n if (authRequest.claims && !StringUtils.isEmpty(authRequest.claims)) {\n authRequest.requestedClaimsHash = await this.cryptoProvider.hashString(authRequest.claims);\n }\n\n return {\n ...authRequest,\n scopes: [...((authRequest && authRequest.scopes) || []), ...OIDC_DEFAULT_SCOPES],\n correlationId: authRequest && authRequest.correlationId || this.cryptoProvider.createNewGuid(),\n authority: authRequest.authority || this.config.auth.authority\n };\n }\n\n /**\n * Initializes the server telemetry payload\n * @param apiId - Id for a specific request\n * @param correlationId - GUID\n * @param forceRefresh - boolean to indicate network call\n */\n protected initializeServerTelemetryManager(apiId: number, correlationId: string, forceRefresh?: boolean): ServerTelemetryManager {\n const telemetryPayload: ServerTelemetryRequest = {\n clientId: this.config.auth.clientId,\n correlationId: correlationId,\n apiId: apiId,\n forceRefresh: forceRefresh || false\n };\n\n return new ServerTelemetryManager(telemetryPayload, this.storage);\n }\n\n /**\n * Create authority instance. If authority not passed in request, default to authority set on the application\n * object. If no authority set in application object, then default to common authority.\n * @param authorityString - authority from user configuration\n */\n private async createAuthority(authorityString: string, azureRegionConfiguration?: AzureRegionConfiguration, requestCorrelationId?: string, azureCloudOptions?: AzureCloudOptions): Promise<Authority> {\n this.logger.verbose(\"createAuthority called\", requestCorrelationId);\n\n // build authority string based on auth params - azureCloudInstance is prioritized if provided\n const authorityUrl = Authority.generateAuthority(authorityString, azureCloudOptions);\n\n const authorityOptions: AuthorityOptions = {\n protocolMode: this.config.auth.protocolMode,\n knownAuthorities: this.config.auth.knownAuthorities,\n cloudDiscoveryMetadata: this.config.auth.cloudDiscoveryMetadata,\n authorityMetadata: this.config.auth.authorityMetadata,\n azureRegionConfiguration,\n skipAuthorityMetadataCache: this.config.auth.skipAuthorityMetadataCache,\n };\n\n return await AuthorityFactory.createDiscoveredInstance(authorityUrl, this.config.system.networkClient, this.storage, authorityOptions, this.logger, this.config.system.proxyUrl);\n }\n\n /**\n * Clear the cache\n */\n clearCache(): void {\n this.storage.clear();\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { Constants as CommonConstants, ServerAuthorizationCodeResponse, UrlString } from \"@azure/msal-common\";\nimport { createServer, IncomingMessage, Server, ServerResponse } from \"http\";\nimport { NodeAuthError } from \"../error/NodeAuthError\";\nimport { Constants, HttpStatus, LOOPBACK_SERVER_CONSTANTS } from \"../utils/Constants\";\n\nexport class LoopbackClient {\n private server: Server;\n\n /**\n * Spins up a loopback server which returns the server response when the localhost redirectUri is hit\n * @param successTemplate \n * @param errorTemplate \n * @returns \n */\n async listenForAuthCode(successTemplate?: string, errorTemplate?: string): Promise<ServerAuthorizationCodeResponse> {\n if (!!this.server) {\n throw NodeAuthError.createLoopbackServerAlreadyExistsError();\n }\n\n const authCodeListener = new Promise<ServerAuthorizationCodeResponse>((resolve, reject) => {\n this.server = createServer(async (req: IncomingMessage, res: ServerResponse) => {\n const url = req.url;\n if (!url) {\n res.end(errorTemplate || \"Error occurred loading redirectUrl\");\n reject(NodeAuthError.createUnableToLoadRedirectUrlError());\n return;\n } else if (url === CommonConstants.FORWARD_SLASH) {\n res.end(successTemplate || \"Auth code was successfully acquired. You can close this window now.\");\n return;\n }\n \n const authCodeResponse = UrlString.getDeserializedQueryString(url);\n if (authCodeResponse.code) {\n const redirectUri = await this.getRedirectUri();\n res.writeHead(HttpStatus.REDIRECT, { location: redirectUri }); // Prevent auth code from being saved in the browser history\n res.end();\n }\n resolve(authCodeResponse);\n });\n this.server.listen(0); // Listen on any available port\n });\n\n // Wait for server to be listening\n await new Promise<void>((resolve) => {\n let ticks = 0;\n const id = setInterval(() => {\n if ((LOOPBACK_SERVER_CONSTANTS.TIMEOUT_MS / LOOPBACK_SERVER_CONSTANTS.INTERVAL_MS) < ticks) {\n throw NodeAuthError.createLoopbackServerTimeoutError();\n }\n \n if (this.server.listening) {\n clearInterval(id);\n resolve();\n }\n ticks++;\n }, LOOPBACK_SERVER_CONSTANTS.INTERVAL_MS);\n });\n\n return authCodeListener;\n }\n\n /**\n * Get the port that the loopback server is running on\n * @returns \n */\n getRedirectUri(): string {\n if (!this.server) {\n throw NodeAuthError.createNoLoopbackServerExistsError();\n }\n \n const address = this.server.address();\n if (!address || typeof address === \"string\" || !address.port) {\n this.closeServer();\n throw NodeAuthError.createInvalidLoopbackAddressTypeError();\n } \n\n const port = address && address.port;\n\n return `${Constants.HTTP_PROTOCOL}${Constants.LOCALHOST}:${port}`;\n }\n\n /**\n * Close the loopback server\n */\n closeServer(): void {\n if (!!this.server) {\n this.server.close();\n }\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ApiId } from \"../utils/Constants\";\nimport {\n DeviceCodeClient,\n AuthenticationResult,\n CommonDeviceCodeRequest,\n AuthError,\n ResponseMode,\n OIDC_DEFAULT_SCOPES,\n CodeChallengeMethodValues,\n Constants as CommonConstants,\n ServerError\n} from \"@azure/msal-common\";\nimport { Configuration } from \"../config/Configuration\";\nimport { ClientApplication } from \"./ClientApplication\";\nimport { IPublicClientApplication } from \"./IPublicClientApplication\";\nimport { DeviceCodeRequest } from \"../request/DeviceCodeRequest\";\nimport { AuthorizationUrlRequest } from \"../request/AuthorizationUrlRequest\";\nimport { AuthorizationCodeRequest } from \"../request/AuthorizationCodeRequest\";\nimport { InteractiveRequest } from \"../request/InteractiveRequest\";\nimport { NodeAuthError } from \"../error/NodeAuthError\";\nimport { LoopbackClient } from \"../network/LoopbackClient\";\n\n/**\n * This class is to be used to acquire tokens for public client applications (desktop, mobile). Public client applications\n * are not trusted to safely store application secrets, and therefore can only request tokens in the name of an user.\n * @public\n */\nexport class PublicClientApplication extends ClientApplication implements IPublicClientApplication {\n /**\n * Important attributes in the Configuration object for auth are:\n * - clientID: the application ID of your application. You can obtain one by registering your application with our Application registration portal.\n * - authority: the authority URL for your application.\n *\n * AAD authorities are of the form https://login.microsoftonline.com/\\{Enter_the_Tenant_Info_Here\\}.\n * - If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\n * - If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\n * - If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\n * - To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\n *\n * Azure B2C authorities are of the form https://\\{instance\\}/\\{tenant\\}/\\{policy\\}. Each policy is considered\n * its own authority. You will have to set the all of the knownAuthorities at the time of the client application\n * construction.\n *\n * ADFS authorities are of the form https://\\{instance\\}/adfs.\n */\n constructor(configuration: Configuration) {\n super(configuration);\n }\n\n /**\n * Acquires a token from the authority using OAuth2.0 device code flow.\n * This flow is designed for devices that do not have access to a browser or have input constraints.\n * The authorization server issues a DeviceCode object with a verification code, an end-user code,\n * and the end-user verification URI. The DeviceCode object is provided through a callback, and the end-user should be\n * instructed to use another device to navigate to the verification URI to input credentials.\n * Since the client cannot receive incoming requests, it polls the authorization server repeatedly\n * until the end-user completes input of credentials.\n */\n public async acquireTokenByDeviceCode(request: DeviceCodeRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByDeviceCode called\", request.correlationId);\n const validRequest: CommonDeviceCodeRequest = Object.assign(request, await this.initializeBaseRequest(request));\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByDeviceCode, validRequest.correlationId);\n try {\n const deviceCodeConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n undefined,\n request.azureCloudOptions\n );\n const deviceCodeClient = new DeviceCodeClient(deviceCodeConfig);\n this.logger.verbose(\"Device code client created\", validRequest.correlationId);\n return deviceCodeClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires a token by requesting an Authorization code then exchanging it for a token.\n */\n async acquireTokenInteractive(request: InteractiveRequest): Promise<AuthenticationResult> {\n const { verifier, challenge } = await this.cryptoProvider.generatePkceCodes();\n const { openBrowser, successTemplate, errorTemplate, ...remainingProperties } = request;\n\n const loopbackClient = new LoopbackClient();\n const authCodeListener = loopbackClient.listenForAuthCode(successTemplate, errorTemplate);\n const redirectUri = loopbackClient.getRedirectUri();\n\n const validRequest: AuthorizationUrlRequest = {\n ...remainingProperties,\n scopes: request.scopes || OIDC_DEFAULT_SCOPES,\n redirectUri: redirectUri,\n responseMode: ResponseMode.QUERY,\n codeChallenge: challenge, \n codeChallengeMethod: CodeChallengeMethodValues.S256\n };\n\n const authCodeUrl = await this.getAuthCodeUrl(validRequest);\n await openBrowser(authCodeUrl);\n const authCodeResponse = await authCodeListener.finally(() => {\n loopbackClient.closeServer();\n });\n\n if (authCodeResponse.error) {\n throw new ServerError(authCodeResponse.error, authCodeResponse.error_description, authCodeResponse.suberror);\n } else if (!authCodeResponse.code) {\n throw NodeAuthError.createNoAuthCodeInResponseError();\n }\n\n const clientInfo = authCodeResponse.client_info;\n const tokenRequest: AuthorizationCodeRequest = {\n code: authCodeResponse.code,\n codeVerifier: verifier,\n clientInfo: clientInfo || CommonConstants.EMPTY_STRING,\n ...validRequest\n };\n return this.acquireTokenByCode(tokenRequest);\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { JwtHeader, sign } from \"jsonwebtoken\";\nimport { TimeUtils, ClientAuthError, Constants } from \"@azure/msal-common\";\nimport { CryptoProvider } from \"../crypto/CryptoProvider\";\nimport { EncodingUtils } from \"../utils/EncodingUtils\";\nimport { JwtConstants } from \"../utils/Constants\";\n\n/**\n * Client assertion of type jwt-bearer used in confidential client flows\n * @public\n */\nexport class ClientAssertion {\n\n private jwt: string;\n private privateKey: string;\n private thumbprint: string;\n private expirationTime: number;\n private issuer: string;\n private jwtAudience: string;\n private publicCertificate: Array<string>;\n\n /**\n * Initialize the ClientAssertion class from the clientAssertion passed by the user\n * @param assertion - refer https://tools.ietf.org/html/rfc7521\n */\n public static fromAssertion(assertion: string): ClientAssertion {\n const clientAssertion = new ClientAssertion();\n clientAssertion.jwt = assertion;\n return clientAssertion;\n }\n\n /**\n * Initialize the ClientAssertion class from the certificate passed by the user\n * @param thumbprint - identifier of a certificate\n * @param privateKey - secret key\n * @param publicCertificate - electronic document provided to prove the ownership of the public key\n */\n public static fromCertificate(thumbprint: string, privateKey: string, publicCertificate?: string): ClientAssertion {\n const clientAssertion = new ClientAssertion();\n clientAssertion.privateKey = privateKey;\n clientAssertion.thumbprint = thumbprint;\n if (publicCertificate) {\n clientAssertion.publicCertificate = this.parseCertificate(publicCertificate);\n }\n return clientAssertion;\n }\n\n /**\n * Update JWT for certificate based clientAssertion, if passed by the user, uses it as is\n * @param cryptoProvider - library's crypto helper\n * @param issuer - iss claim\n * @param jwtAudience - aud claim\n */\n public getJwt(cryptoProvider: CryptoProvider, issuer: string, jwtAudience: string): string {\n // if assertion was created from certificate, check if jwt is expired and create new one.\n if (this.privateKey && this.thumbprint) {\n\n if (this.jwt && !this.isExpired() && issuer === this.issuer && jwtAudience === this.jwtAudience) {\n return this.jwt;\n }\n\n return this.createJwt(cryptoProvider, issuer, jwtAudience);\n }\n\n /*\n * if assertion was created by caller, then we just append it. It is up to the caller to\n * ensure that it contains necessary claims and that it is not expired.\n */\n if (this.jwt) {\n return this.jwt;\n }\n\n throw ClientAuthError.createInvalidAssertionError();\n }\n\n /**\n * JWT format and required claims specified: https://tools.ietf.org/html/rfc7523#section-3\n */\n private createJwt(cryptoProvider: CryptoProvider, issuer: string, jwtAudience: string): string {\n\n this.issuer = issuer;\n this.jwtAudience = jwtAudience;\n const issuedAt = TimeUtils.nowSeconds();\n this.expirationTime = issuedAt + 600;\n\n const header: JwtHeader = {\n alg: JwtConstants.RSA_256,\n x5t: EncodingUtils.base64EncodeUrl(this.thumbprint, \"hex\")\n };\n\n if (this.publicCertificate) {\n Object.assign(header, {\n x5c: this.publicCertificate\n } as Partial<JwtHeader>);\n }\n\n const payload = {\n [JwtConstants.AUDIENCE]: this.jwtAudience,\n [JwtConstants.EXPIRATION_TIME]: this.expirationTime,\n [JwtConstants.ISSUER]: this.issuer,\n [JwtConstants.SUBJECT]: this.issuer,\n [JwtConstants.NOT_BEFORE]: issuedAt,\n [JwtConstants.JWT_ID]: cryptoProvider.createNewGuid()\n };\n\n this.jwt = sign(payload, this.privateKey, { header });\n return this.jwt;\n }\n\n /**\n * Utility API to check expiration\n */\n private isExpired(): boolean {\n return this.expirationTime < TimeUtils.nowSeconds();\n }\n\n /**\n * Extracts the raw certs from a given certificate string and returns them in an array.\n * @param publicCertificate - electronic document provided to prove the ownership of the public key\n */\n public static parseCertificate(publicCertificate: string): Array<string> {\n /**\n * This is regex to identify the certs in a given certificate string.\n * We want to look for the contents between the BEGIN and END certificate strings, without the associated newlines.\n * The information in parens \"(.+?)\" is the capture group to represent the cert we want isolated.\n * \".\" means any string character, \"+\" means match 1 or more times, and \"?\" means the shortest match.\n * The \"g\" at the end of the regex means search the string globally, and the \"s\" enables the \".\" to match newlines.\n */\n const regexToFindCerts = /-----BEGIN CERTIFICATE-----\\r*\\n(.+?)\\r*\\n-----END CERTIFICATE-----/gs;\n const certs: string[] = [];\n\n let matches;\n while ((matches = regexToFindCerts.exec(publicCertificate)) !== null) {\n // matches[1] represents the first parens capture group in the regex.\n certs.push(matches[1].replace(/\\r*\\n/g, Constants.EMPTY_STRING));\n }\n\n return certs;\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { ClientApplication } from \"./ClientApplication\";\nimport { Configuration } from \"../config/Configuration\";\nimport { ClientAssertion } from \"./ClientAssertion\";\nimport { Constants as NodeConstants, ApiId, REGION_ENVIRONMENT_VARIABLE } from \"../utils/Constants\";\nimport {\n ClientCredentialClient,\n OnBehalfOfClient,\n CommonClientCredentialRequest,\n CommonOnBehalfOfRequest,\n AuthenticationResult,\n StringUtils,\n ClientAuthError,\n AzureRegionConfiguration,\n AuthError,\n Constants,\n IAppTokenProvider,\n OIDC_DEFAULT_SCOPES\n} from \"@azure/msal-common\";\nimport { IConfidentialClientApplication } from \"./IConfidentialClientApplication\";\nimport { OnBehalfOfRequest } from \"../request/OnBehalfOfRequest\";\nimport { ClientCredentialRequest } from \"../request/ClientCredentialRequest\";\n\n/**\n * This class is to be used to acquire tokens for confidential client applications (webApp, webAPI). Confidential client applications\n * will configure application secrets, client certificates/assertions as applicable\n * @public\n */\nexport class ConfidentialClientApplication extends ClientApplication implements IConfidentialClientApplication {\n private appTokenProvider?: IAppTokenProvider;\n\n /**\n * Constructor for the ConfidentialClientApplication\n *\n * Required attributes in the Configuration object are:\n * - clientID: the application ID of your application. You can obtain one by registering your application with our application registration portal\n * - authority: the authority URL for your application.\n * - client credential: Must set either client secret, certificate, or assertion for confidential clients. You can obtain a client secret from the application registration portal.\n *\n * In Azure AD, authority is a URL indicating of the form https://login.microsoftonline.com/\\{Enter_the_Tenant_Info_Here\\}.\n * If your application supports Accounts in one organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with the Tenant Id or Tenant name (for example, contoso.microsoft.com).\n * If your application supports Accounts in any organizational directory, replace \"Enter_the_Tenant_Info_Here\" value with organizations.\n * If your application supports Accounts in any organizational directory and personal Microsoft accounts, replace \"Enter_the_Tenant_Info_Here\" value with common.\n * To restrict support to Personal Microsoft accounts only, replace \"Enter_the_Tenant_Info_Here\" value with consumers.\n *\n * In Azure B2C, authority is of the form https://\\{instance\\}/tfp/\\{tenant\\}/\\{policyName\\}/\n * Full B2C functionality will be available in this library in future versions.\n *\n * @param Configuration - configuration object for the MSAL ConfidentialClientApplication instance\n */\n constructor(configuration: Configuration) {\n super(configuration);\n this.setClientCredential(this.config);\n this.appTokenProvider = undefined;\n }\n\n /** \n * This extensibility point only works for the client_credential flow, i.e. acquireTokenByClientCredential and\n * is meant for Azure SDK to enhance Managed Identity support.\n * \n * @param IAppTokenProvider - Extensibility interface, which allows the app developer to return a token from a custom source. \n */\n SetAppTokenProvider(provider: IAppTokenProvider): void {\n this.appTokenProvider = provider;\n }\n\n /**\n * Acquires tokens from the authority for the application (not for an end user).\n */\n public async acquireTokenByClientCredential(request: ClientCredentialRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenByClientCredential called\", request.correlationId);\n\n // If there is a client assertion present in the request, it overrides the one present in the client configuration\n let clientAssertion;\n if (request.clientAssertion) {\n clientAssertion = {\n assertion: request.clientAssertion,\n assertionType: NodeConstants.JWT_BEARER_ASSERTION_TYPE\n };\n }\n\n const baseRequest = await this.initializeBaseRequest(request);\n\n // valid base request should not contain oidc scopes in this grant type\n const validBaseRequest = {\n ...baseRequest,\n scopes: baseRequest.scopes.filter((scope: string) => !OIDC_DEFAULT_SCOPES.includes(scope))\n };\n\n const validRequest: CommonClientCredentialRequest = {\n ...request,\n ...validBaseRequest,\n clientAssertion\n };\n\n const azureRegionConfiguration: AzureRegionConfiguration = {\n azureRegion: validRequest.azureRegion,\n environmentRegion: process.env[REGION_ENVIRONMENT_VARIABLE]\n };\n\n const serverTelemetryManager = this.initializeServerTelemetryManager(ApiId.acquireTokenByClientCredential, validRequest.correlationId, validRequest.skipCache);\n try {\n const clientCredentialConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n serverTelemetryManager,\n azureRegionConfiguration,\n request.azureCloudOptions\n );\n const clientCredentialClient = new ClientCredentialClient(clientCredentialConfig, this.appTokenProvider);\n this.logger.verbose(\"Client credential client created\", validRequest.correlationId);\n return clientCredentialClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n serverTelemetryManager.cacheFailedRequest(e);\n throw e;\n }\n }\n\n /**\n * Acquires tokens from the authority for the application.\n *\n * Used in scenarios where the current app is a middle-tier service which was called with a token\n * representing an end user. The current app can use the token (oboAssertion) to request another\n * token to access downstream web API, on behalf of that user.\n *\n * The current middle-tier app has no user interaction to obtain consent.\n * See how to gain consent upfront for your middle-tier app from this article.\n * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#gaining-consent-for-the-middle-tier-application\n */\n public async acquireTokenOnBehalfOf(request: OnBehalfOfRequest): Promise<AuthenticationResult | null> {\n this.logger.info(\"acquireTokenOnBehalfOf called\", request.correlationId);\n const validRequest: CommonOnBehalfOfRequest = {\n ...request,\n ... await this.initializeBaseRequest(request)\n };\n try {\n const onBehalfOfConfig = await this.buildOauthClientConfiguration(\n validRequest.authority,\n validRequest.correlationId,\n undefined,\n undefined,\n request.azureCloudOptions\n );\n const oboClient = new OnBehalfOfClient(onBehalfOfConfig);\n this.logger.verbose(\"On behalf of client created\", validRequest.correlationId);\n return oboClient.acquireToken(validRequest);\n } catch (e) {\n if (e instanceof AuthError) {\n e.setCorrelationId(validRequest.correlationId);\n }\n throw e;\n }\n }\n\n private setClientCredential(configuration: Configuration): void {\n const clientSecretNotEmpty = !StringUtils.isEmpty(configuration.auth.clientSecret);\n const clientAssertionNotEmpty = !StringUtils.isEmpty(configuration.auth.clientAssertion);\n const certificate = configuration.auth.clientCertificate || {\n thumbprint: Constants.EMPTY_STRING,\n privateKey: Constants.EMPTY_STRING\n };\n const certificateNotEmpty = !StringUtils.isEmpty(certificate.thumbprint) || !StringUtils.isEmpty(certificate.privateKey);\n\n /*\n * If app developer configures this callback, they don't need a credential\n * i.e. AzureSDK can get token from Managed Identity without a cert / secret\n */\n if (this.appTokenProvider) {\n return;\n }\n\n // Check that at most one credential is set on the application\n if (\n clientSecretNotEmpty && clientAssertionNotEmpty ||\n clientAssertionNotEmpty && certificateNotEmpty ||\n clientSecretNotEmpty && certificateNotEmpty) {\n throw ClientAuthError.createInvalidCredentialError();\n }\n\n if (configuration.auth.clientSecret) {\n this.clientSecret = configuration.auth.clientSecret;\n return;\n }\n\n if (configuration.auth.clientAssertion) {\n this.clientAssertion = ClientAssertion.fromAssertion(configuration.auth.clientAssertion);\n return;\n }\n\n if (!certificateNotEmpty) {\n throw ClientAuthError.createInvalidCredentialError();\n } else {\n this.clientAssertion = ClientAssertion.fromCertificate(certificate.thumbprint, certificate.privateKey, configuration.auth.clientCertificate?.x5c);\n }\n }\n}\n","/*\n * Copyright (c) Microsoft Corporation. All rights reserved.\n * Licensed under the MIT License.\n */\n\nimport { AccountEntity, ICachePlugin, TokenCacheContext } from \"@azure/msal-common\";\nimport { TokenCache } from \"../TokenCache\";\nimport { IPartitionManager } from \"./IPartitionManager\";\nimport { ICacheClient } from \"./ICacheClient\";\n\nexport class DistributedCachePlugin implements ICachePlugin {\n private client: ICacheClient;\n private partitionManager: IPartitionManager;\n\n constructor(client: ICacheClient, partitionManager: IPartitionManager) {\n this.client = client;\n this.partitionManager = partitionManager;\n }\n \n public async beforeCacheAccess(cacheContext: TokenCacheContext): Promise<void> {\n const partitionKey = await this.partitionManager.getKey();\n const cacheData = await this.client.get(partitionKey);\n cacheContext.tokenCache.deserialize(cacheData);\n }\n \n public async afterCacheAccess(cacheContext: TokenCacheContext): Promise<void> {\n if (cacheContext.cacheHasChanged) {\n const kvStore = (cacheContext.tokenCache as TokenCache).getKVStore();\n const accountEntities = Object.values(kvStore).filter(value => AccountEntity.isAccountEntity(value as object));\n\n if (accountEntities.length > 0) {\n const accountEntity = accountEntities[0] as AccountEntity;\n const partitionKey = await this.partitionManager.extractKey(accountEntity);\n \n await this.client.set(partitionKey, cacheContext.tokenCache.serialize()); \n }\n }\n }\n}\n"],"names":["HttpMethod","HttpStatus","ProxyStatus","REGION_ENVIRONMENT_VARIABLE","RANDOM_OCTET_SIZE","Hash","SHA256","CharSet","CV_CHARSET","Constants","MSAL_SKU","JWT_BEARER_ASSERTION_TYPE","AUTHORIZATION_PENDING","HTTP_PROTOCOL","LOCALHOST","ApiId","JwtConstants","ALGORITHM","RSA_256","X5T","X5C","AUDIENCE","EXPIRATION_TIME","ISSUER","SUBJECT","NOT_BEFORE","JWT_ID","LOOPBACK_SERVER_CONSTANTS","INTERVAL_MS","TIMEOUT_MS","NetworkUtils","getNetworkResponse","headers","body","statusCode","status","HttpClient","sendGetRequestAsync","url","options","proxyUrl","networkRequestViaProxy","GET","networkRequestViaHttps","sendPostRequestAsync","cancellationToken","POST","httpMethod","timeout","URL","destinationUrl","tunnelRequestOptions","host","hostname","port","method","path","postRequestStringContent","length","outgoingRequestString","toUpperCase","href","Promise","resolve","reject","request","http","on","destroy","Error","end","response","socket","proxyStatusCode","SERVER_ERROR","SUCCESS_RANGE_START","SUCCESS_RANGE_END","statusMessage","setTimeout","write","data","chunk","push","dataString","Buffer","concat","toString","dataStringArray","split","httpStatusCode","parseInt","slice","join","headersArray","entries","Map","forEach","header","headerKeyValue","RegExp","headerKey","headerValue","object","JSON","parse","e","set","Object","fromEntries","parsedHeaders","networkResponse","parseBody","isPostRequest","emptyHeaders","customOptions","https","parsedBody","error","errorType","errorDescriptionHelper","CLIENT_ERROR_RANGE_START","CLIENT_ERROR_RANGE_END","SERVER_ERROR_RANGE_START","SERVER_ERROR_RANGE_END","error_description","stringify","DEFAULT_AUTH_OPTIONS","clientId","EMPTY_STRING","authority","DEFAULT_AUTHORITY","clientSecret","clientAssertion","clientCertificate","thumbprint","privateKey","x5c","knownAuthorities","cloudDiscoveryMetadata","authorityMetadata","clientCapabilities","protocolMode","ProtocolMode","AAD","azureCloudOptions","azureCloudInstance","AzureCloudInstance","None","tenant","skipAuthorityMetadataCache","DEFAULT_CACHE_OPTIONS","DEFAULT_LOGGER_OPTIONS","loggerCallback","piiLoggingEnabled","logLevel","LogLevel","Info","DEFAULT_SYSTEM_OPTIONS","loggerOptions","networkClient","DEFAULT_TELEMETRY_OPTIONS","application","appName","appVersion","buildAppConfiguration","auth","cache","system","telemetry","GuidGenerator","generateGuid","uuidv4","isGuid","guid","regexGuid","test","EncodingUtils","base64Encode","str","encoding","from","base64EncodeUrl","replace","base64Decode","base64Str","base64DecodeUrl","HashUtils","sha256","buffer","crypto","createHash","update","digest","PkceGenerator","constructor","hashUtils","generatePkceCodes","verifier","generateCodeVerifier","challenge","generateCodeChallengeFromVerifier","charArr","maxNumber","byte","randomBytes","index","codeVerifier","CryptoProvider","pkceGenerator","guidGenerator","createNewGuid","input","getPublicKeyThumbprint","removeTokenBindingKey","clearKeystore","signJwt","hashString","plainText","Deserializer","deserializeJSONBlob","jsonFile","deserializedCache","StringUtils","isEmpty","deserializeAccounts","accounts","accountObjects","keys","map","key","serializedAcc","mappedAcc","homeAccountId","home_account_id","environment","realm","localAccountId","local_account_id","username","authorityType","authority_type","name","clientInfo","client_info","lastModificationTime","last_modification_time","lastModificationApp","last_modification_app","account","AccountEntity","CacheManager","toObject","deserializeIdTokens","idTokens","idObjects","serializedIdT","mappedIdT","credentialType","credential_type","client_id","secret","idToken","IdTokenEntity","deserializeAccessTokens","accessTokens","atObjects","serializedAT","mappedAT","target","cachedAt","cached_at","expiresOn","expires_on","extendedExpiresOn","extended_expires_on","refreshOn","refresh_on","keyId","key_id","tokenType","token_type","requestedClaims","requestedClaimsHash","userAssertionHash","accessToken","AccessTokenEntity","deserializeRefreshTokens","refreshTokens","rtObjects","serializedRT","mappedRT","familyId","family_id","refreshToken","RefreshTokenEntity","deserializeAppMetadata","appMetadata","appMetadataObjects","serializedAmdt","mappedAmd","amd","AppMetadataEntity","deserializeAllCache","jsonCache","Account","IdToken","AccessToken","RefreshToken","AppMetadata","Serializer","serializeJSONBlob","serializeAccounts","accCache","accountEntity","serializeIdTokens","idTCache","idTEntity","serializeAccessTokens","atCache","atEntity","serializeRefreshTokens","rtCache","rtEntity","serializeAppMetadata","amdtCache","amdtEntity","serializeAllCache","inMemCache","NodeStorage","logger","cryptoImpl","registerChangeEmitter","func","changeEmitters","emitChange","call","cacheToInMemoryCache","inMemoryCache","inMemoryCacheToCache","getCache","getInMemoryCache","trace","setInMemoryCache","setCache","getItem","tracePii","setItem","value","getAccount","accountKey","isAccountEntity","setAccount","generateAccountKey","getIdTokenCredential","idTokenKey","isIdTokenEntity","setIdTokenCredential","generateCredentialKey","getAccessTokenCredential","accessTokenKey","isAccessTokenEntity","setAccessTokenCredential","getRefreshTokenCredential","refreshTokenKey","isRefreshTokenEntity","setRefreshTokenCredential","getAppMetadata","appMetadataKey","isAppMetadataEntity","setAppMetadata","generateAppMetadataKey","getServerTelemetry","serverTelemetrykey","serverTelemetryEntity","ServerTelemetryEntity","isServerTelemetryEntity","setServerTelemetry","serverTelemetryKey","serverTelemetry","getAuthorityMetadata","authorityMetadataEntity","AuthorityMetadataEntity","isAuthorityMetadataEntity","getAuthorityMetadataKeys","getKeys","filter","isAuthorityMetadata","setAuthorityMetadata","metadata","getThrottlingCache","throttlingCacheKey","throttlingCache","ThrottlingEntity","isThrottlingEntity","setThrottlingCache","removeItem","result","containsKey","includes","clear","cacheKeys","generateInMemoryCache","generateJsonCache","updateCredentialCacheKey","currentCacheKey","credential","updatedCacheKey","cacheItem","verbose","defaultSerializedCache","TokenCache","storage","cachePlugin","cacheHasChanged","handleChangeEvent","bind","persistence","hasChanged","serialize","finalState","cacheSnapshot","mergeState","deserialize","overlayDefaults","getKVStore","getAllAccounts","cacheContext","TokenCacheContext","beforeCacheAccess","afterCacheAccess","getAccountByHomeId","allAccounts","accountObj","getAccountByLocalId","removeAccount","generateAccountCacheKey","oldState","currentState","stateAfterRemoval","mergeRemovals","mergeUpdates","newState","newKey","newValue","hasOwnProperty","newValueNotNull","newValueIsObject","newValueIsNotArray","Array","isArray","oldStateNotUndefinedOrNull","mergeRemovalsDict","oldKey","passedInCache","version","NodeAuthErrorMessage","invalidLoopbackAddressType","code","desc","unableToLoadRedirectUri","noAuthCodeInResponse","noLoopbackServerExists","loopbackServerAlreadyExists","loopbackServerTimeout","stateNotFoundError","NodeAuthError","AuthError","errorCode","errorMessage","createInvalidLoopbackAddressTypeError","createUnableToLoadRedirectUrlError","createNoAuthCodeInResponseError","createNoLoopbackServerExistsError","createLoopbackServerAlreadyExistsError","createLoopbackServerTimeoutError","createStateNotFoundError","ClientApplication","configuration","config","cryptoProvider","Logger","tokenCache","getAuthCodeUrl","info","correlationId","validRequest","initializeBaseRequest","responseMode","ResponseMode","QUERY","authenticationScheme","AuthenticationScheme","BEARER","authClientConfig","buildOauthClientConfiguration","undefined","authorizationCodeClient","AuthorizationCodeClient","acquireTokenByCode","authCodePayLoad","state","validateState","serverTelemetryManager","initializeServerTelemetryManager","acquireToken","setCorrelationId","cacheFailedRequest","acquireTokenByRefreshToken","refreshTokenClientConfig","refreshTokenClient","RefreshTokenClient","acquireTokenSilent","forceRefresh","silentFlowClientConfig","silentFlowClient","SilentFlowClient","acquireTokenByUsernamePassword","usernamePasswordClientConfig","usernamePasswordClient","UsernamePasswordClient","getTokenCache","cachedState","ClientAuthError","createStateMismatchError","getLogger","setLogger","requestCorrelationId","azureRegionConfiguration","userAzureCloudOptions","discoveredAuthority","createAuthority","updateRegionDiscoveryMetadata","regionDiscoveryMetadata","clientConfiguration","authOptions","systemOptions","cryptoInterface","networkInterface","storageInterface","clientCredentials","getClientAssertion","libraryInfo","sku","NodeConstants","cpu","process","arch","os","platform","persistencePlugin","serializableCache","assertion","getJwt","tokenEndpoint","assertionType","authRequest","POP","claims","scopes","OIDC_DEFAULT_SCOPES","apiId","telemetryPayload","ServerTelemetryManager","authorityString","authorityUrl","Authority","generateAuthority","authorityOptions","AuthorityFactory","createDiscoveredInstance","clearCache","LoopbackClient","listenForAuthCode","successTemplate","errorTemplate","server","authCodeListener","createServer","req","res","CommonConstants","FORWARD_SLASH","authCodeResponse","UrlString","getDeserializedQueryString","redirectUri","getRedirectUri","writeHead","REDIRECT","location","listen","ticks","id","setInterval","listening","clearInterval","address","closeServer","close","PublicClientApplication","acquireTokenByDeviceCode","assign","deviceCodeConfig","deviceCodeClient","DeviceCodeClient","acquireTokenInteractive","openBrowser","remainingProperties","loopbackClient","codeChallenge","codeChallengeMethod","CodeChallengeMethodValues","S256","authCodeUrl","finally","ServerError","suberror","tokenRequest","ClientAssertion","fromAssertion","jwt","fromCertificate","publicCertificate","parseCertificate","issuer","jwtAudience","isExpired","createJwt","createInvalidAssertionError","issuedAt","TimeUtils","nowSeconds","expirationTime","alg","x5t","payload","sign","regexToFindCerts","certs","matches","exec","ConfidentialClientApplication","setClientCredential","appTokenProvider","SetAppTokenProvider","provider","acquireTokenByClientCredential","baseRequest","validBaseRequest","scope","azureRegion","environmentRegion","env","skipCache","clientCredentialConfig","clientCredentialClient","ClientCredentialClient","acquireTokenOnBehalfOf","onBehalfOfConfig","oboClient","OnBehalfOfClient","clientSecretNotEmpty","clientAssertionNotEmpty","certificate","certificateNotEmpty","createInvalidCredentialError","DistributedCachePlugin","client","partitionManager","partitionKey","getKey","cacheData","get","kvStore","accountEntities","values","extractKey"],"mappings":";;;;;;;;AAAA;;;;;AAKA;;;AAGA,IAAYA,UAAZ;;AAAA,WAAYA;EACRA,iBAAA,QAAA;EACAA,kBAAA,SAAA;AACH,CAHD,EAAYA,UAAU,KAAVA,UAAU,KAAA,CAAtB;;AAKA,IAAYC,UAAZ;;AAAA,WAAYA;EACRA,mDAAA,wBAAA;EACAA,iDAAA,sBAAA;EACAA,wCAAA,aAAA;EACAA,wDAAA,6BAAA;EACAA,sDAAA,2BAAA;EACAA,wDAAA,6BAAA;EACAA,sDAAA,2BAAA;AACH,CARD,EAAYA,UAAU,KAAVA,UAAU,KAAA,CAAtB;;AAUA,IAAYC,WAAZ;;AAAA,WAAYA;EACRA,qDAAA,wBAAA;EACAA,mDAAA,sBAAA;EACAA,8CAAA,iBAAA;AACH,CAJD,EAAYA,WAAW,KAAXA,WAAW,KAAA,CAAvB;AAMA;;;;;AAGO,MAAMC,2BAA2B,GAAG,aAApC;AAEP;;;;AAGO,MAAMC,iBAAiB,GAAG,EAA1B;AAEP;;;;AAGO,MAAMC,IAAI,GAAG;EAChBC,MAAM,EAAE;AADQ,CAAb;AAIP;;;;AAGO,MAAMC,OAAO,GAAG;EACnBC,UAAU,EACN;AAFe,CAAhB;AAaP;;;;AAGO,MAAMC,SAAS,GAAG;EACrBC,QAAQ,EAAE,cADW;EAErBC,yBAAyB,EAAE,wDAFN;EAGrBC,qBAAqB,EAAE,uBAHF;EAIrBC,aAAa,EAAE,SAJM;EAKrBC,SAAS,EAAE;AALU,CAAlB;AAQP;;;;;;;;AAOA,IAAYC,KAAZ;;AAAA,WAAYA;EACRA,uCAAA,uBAAA;EACAA,oDAAA,mCAAA;EACAA,8CAAA,6BAAA;EACAA,oDAAA,mCAAA;EACAA,wCAAA,uBAAA;EACAA,gDAAA,+BAAA;AACH,CAPD,EAAYA,KAAK,KAALA,KAAK,KAAA,CAAjB;AASA;;;;;AAGO,MAAMC,YAAY,GAAG;EACxBC,SAAS,EAAE,KADa;EAExBC,OAAO,EAAE,OAFe;EAGxBC,GAAG,EAAE,KAHmB;EAIxBC,GAAG,EAAE,KAJmB;EAKxBC,QAAQ,EAAE,KALc;EAMxBC,eAAe,EAAE,KANO;EAOxBC,MAAM,EAAE,KAPgB;EAQxBC,OAAO,EAAE,KARe;EASxBC,UAAU,EAAE,KATY;EAUxBC,MAAM,EAAE;AAVgB,CAArB;AAaA,MAAMC,yBAAyB,GAAG;EACrCC,WAAW,EAAE,GADwB;EAErCC,UAAU,EAAE;AAFyB,CAAlC;;ACzGP;;;;AAOA,MAAaC;EACgB,OAAlBC,kBAAkB,CAAIC,OAAJ,EAAqCC,IAArC,EAA8CC,UAA9C;IACrB,OAAO;MACHF,OAAO,EAAEA,OADN;MAEHC,IAAI,EAAEA,IAFH;MAGHE,MAAM,EAAED;KAHZ;;;;;ACTR;;;;AAUA,AAKA;;;;AAGA,MAAaE;;;;;;EAOgB,MAAnBC,mBAAmB,CACrBC,GADqB,EAErBC,OAFqB;IAIrB,IAAIA,OAAJ,YAAIA,OAAO,CAAEC,QAAb,EAAuB;MACnB,OAAOC,sBAAsB,CAACH,GAAD,EAAMtC,UAAU,CAAC0C,GAAjB,EAAsBH,OAAtB,CAA7B;KADJ,MAEO;MACH,OAAOI,sBAAsB,CAACL,GAAD,EAAMtC,UAAU,CAAC0C,GAAjB,EAAsBH,OAAtB,CAA7B;;;;;;;;;;EASkB,MAApBK,oBAAoB,CACtBN,GADsB,EAEtBC,OAFsB,EAGtBM,iBAHsB;IAKtB,IAAIN,OAAJ,YAAIA,OAAO,CAAEC,QAAb,EAAuB;MACnB,OAAOC,sBAAsB,CAACH,GAAD,EAAMtC,UAAU,CAAC8C,IAAjB,EAAuBP,OAAvB,EAAgCM,iBAAhC,CAA7B;KADJ,MAEO;MACH,OAAOF,sBAAsB,CAACL,GAAD,EAAMtC,UAAU,CAAC8C,IAAjB,EAAuBP,OAAvB,EAAgCM,iBAAhC,CAA7B;;;;;;AAKZ,MAAMJ,sBAAsB,GAAG,CAC3BH,GAD2B,EAE3BS,UAF2B,EAG3BR,OAH2B,EAI3BS,OAJ2B;EAM3B,MAAMhB,OAAO,GAAG,CAAAO,OAAO,QAAP,YAAAA,OAAO,CAAEP,OAAT,KAAoB,EAApC;EACA,MAAMQ,QAAQ,GAAG,IAAIS,GAAJ,CAAQ,CAAAV,OAAO,QAAP,YAAAA,OAAO,CAAEC,QAAT,KAAqB,EAA7B,CAAjB;EACA,MAAMU,cAAc,GAAG,IAAID,GAAJ,CAAQX,GAAR,CAAvB;;EAGA,MAAMa,oBAAoB,GAAyB;IAC/CC,IAAI,EAAEZ,QAAQ,CAACa,QADgC;IAE/CC,IAAI,EAAEd,QAAQ,CAACc,IAFgC;IAG/CC,MAAM,EAAE,SAHuC;IAI/CC,IAAI,EAAEN,cAAc,CAACG,QAJ0B;IAK/CrB,OAAO,EAAEA;GALb;;EAQA,IAAIgB,OAAJ,EAAa;IACTG,oBAAoB,CAACH,OAArB,GAA+BA,OAA/B;;;;EAIJ,IAAIS,wBAAwB,GAAW,EAAvC;;EACA,IAAIV,UAAU,KAAK/C,UAAU,CAAC8C,IAA9B,EAAoC;IAChC,MAAMb,IAAI,GAAG,CAAAM,OAAO,QAAP,YAAAA,OAAO,CAAEN,IAAT,KAAiB,EAA9B;IACAwB,wBAAwB,GACpB,2EACmBxB,IAAI,CAACyB,YADxB,UAEOzB,MAHX;;;EAKJ,MAAM0B,qBAAqB,MAAMZ,UAAU,CAACa,WAAX,MAA4BV,cAAc,CAACW,mBAA9C,YACjBX,cAAc,CAACE,UADE,GAE1B,uBAF0B,GAG1BK,wBAH0B,GAI1B,MAJJ;EAMA,OAAO,IAAIK,OAAJ,CAAiC,CAACC,OAAD,EAAUC,MAAV;IACpC,MAAMC,OAAO,GAAGC,IAAI,CAACD,OAAL,CAAad,oBAAb,CAAhB;;IAEA,IAAIA,oBAAoB,CAACH,OAAzB,EAAkC;MAC9BiB,OAAO,CAACE,EAAR,CAAW,SAAX,EAAsB;QAClBF,OAAO,CAACG,OAAR;QACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAU,kBAAV,CAAD,CAAN;OAFJ;;;IAMJJ,OAAO,CAACK,GAAR;;IAGAL,OAAO,CAACE,EAAR,CAAW,SAAX,EAAsB,CAACI,QAAD,EAAWC,MAAX;MAClB,MAAMC,eAAe,GAAG,CAAAF,QAAQ,QAAR,YAAAA,QAAQ,CAAErC,UAAV,KAAwBhC,WAAW,CAACwE,YAA5D;;MACA,IAAKD,eAAe,GAAGvE,WAAW,CAACyE,mBAA/B,IAAwDF,eAAe,GAAGvE,WAAW,CAAC0E,iBAA1F,EAA8G;QAC1GX,OAAO,CAACG,OAAR;QACAI,MAAM,CAACJ,OAAP;QACAJ,MAAM,CAAC,IAAIK,KAAJ,iDAA0DE,QAAQ,CAACrC,oCAAoC,CAAAqC,QAAQ,QAAR,YAAAA,QAAQ,CAAEM,aAAV,KAA2B,WAAlI,CAAD,CAAN;;;MAEJ,IAAI1B,oBAAoB,CAACH,OAAzB,EAAkC;QAC9BwB,MAAM,CAACM,UAAP,CAAkB3B,oBAAoB,CAACH,OAAvC;QACAwB,MAAM,CAACL,EAAP,CAAU,SAAV,EAAqB;UACjBF,OAAO,CAACG,OAAR;UACAI,MAAM,CAACJ,OAAP;UACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAU,kBAAV,CAAD,CAAN;SAHJ;;;;MAQJG,MAAM,CAACO,KAAP,CAAapB,qBAAb;MAEA,MAAMqB,IAAI,GAAa,EAAvB;MACAR,MAAM,CAACL,EAAP,CAAU,MAAV,EAAmBc,KAAD;QACdD,IAAI,CAACE,IAAL,CAAUD,KAAV;OADJ;MAIAT,MAAM,CAACL,EAAP,CAAU,KAAV,EAAiB;;QAEb,MAAMgB,UAAU,GAAGC,MAAM,CAACC,MAAP,CAAc,CAAC,GAAGL,IAAJ,CAAd,EAAyBM,QAAzB,EAAnB;;QAGA,MAAMC,eAAe,GAAGJ,UAAU,CAACK,KAAX,CAAiB,MAAjB,CAAxB;;QAEA,MAAMC,cAAc,GAAGC,QAAQ,CAACH,eAAe,CAAC,CAAD,CAAf,CAAmBC,KAAnB,CAAyB,GAAzB,EAA8B,CAA9B,CAAD,CAA/B;;QAEA,MAAMX,aAAa,GAAGU,eAAe,CAAC,CAAD,CAAf,CAAmBC,KAAnB,CAAyB,GAAzB,EAA8BG,KAA9B,CAAoC,CAApC,EAAuCC,IAAvC,CAA4C,GAA5C,CAAtB;;QAEA,MAAM3D,IAAI,GAAGsD,eAAe,CAACA,eAAe,CAAC7B,MAAhB,GAAyB,CAA1B,CAA5B;;QAGA,MAAMmC,YAAY,GAAGN,eAAe,CAACI,KAAhB,CAAsB,CAAtB,EAAyBJ,eAAe,CAAC7B,MAAhB,GAAyB,CAAlD,CAArB;;QAGA,MAAMoC,OAAO,GAAG,IAAIC,GAAJ,EAAhB;QACAF,YAAY,CAACG,OAAb,CAAsBC,MAAD;;;;;;;UAOjB,MAAMC,cAAc,GAAGD,MAAM,CAACT,KAAP,CAAa,IAAIW,MAAJ,CAAW,UAAX,CAAb,CAAvB;UACA,MAAMC,SAAS,GAAGF,cAAc,CAAC,CAAD,CAAhC;UACA,IAAIG,WAAW,GAAGH,cAAc,CAAC,CAAD,CAAhC;;UAGA,IAAI;YACA,MAAMI,MAAM,GAAGC,IAAI,CAACC,KAAL,CAAWH,WAAX,CAAf,CADA;;YAIA,IAAIC,MAAM,IAAK,OAAOA,MAAP,KAAkB,QAAjC,EAA4C;cACxCD,WAAW,GAAGC,MAAd;;WALR,CAOE,OAAOG,CAAP,EAAU;;;UAIZX,OAAO,CAACY,GAAR,CAAYN,SAAZ,EAAuBC,WAAvB;SAvBJ;QAyBA,MAAMrE,OAAO,GAAG2E,MAAM,CAACC,WAAP,CAAmBd,OAAnB,CAAhB;QAEA,MAAMe,aAAa,GAAG7E,OAAtB;QACA,MAAM8E,eAAe,GAAGhF,YAAY,CAACC,kBAAb,CACpB8E,aADoB,EAEpBE,SAAS,CAACtB,cAAD,EAAiBZ,aAAjB,EAAgCgC,aAAhC,EAA+C5E,IAA/C,CAFW,EAGpBwD,cAHoB,CAAxB;;QAMA,IAAI,CAAEA,cAAc,GAAGxF,UAAU,CAAC0E,mBAA7B,IAAsDc,cAAc,GAAGxF,UAAU,CAAC2E,iBAAnF;QAEAkC,eAAe,CAAC7E,IAAhB,CAAqB,OAArB,MAAkCxB,SAAS,CAACG,qBAFhD,EAEuE;UACnEqD,OAAO,CAACG,OAAR;;;QAEJL,OAAO,CAAC+C,eAAD,CAAP;OAzDJ;MA4DAtC,MAAM,CAACL,EAAP,CAAU,OAAV,EAAoBc,KAAD;QACfhB,OAAO,CAACG,OAAR;QACAI,MAAM,CAACJ,OAAP;QACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAUY,KAAK,CAACK,QAAN,EAAV,CAAD,CAAN;OAHJ;KApFJ;IA2FArB,OAAO,CAACE,EAAR,CAAW,OAAX,EAAqBc,KAAD;MAChBhB,OAAO,CAACG,OAAR;MACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAUY,KAAK,CAACK,QAAN,EAAV,CAAD,CAAN;KAFJ;GAxGG,CAAP;AA6GH,CAnJD;;AAqJA,MAAM3C,sBAAsB,GAAG,CAC3BL,GAD2B,EAE3BS,UAF2B,EAG3BR,OAH2B,EAI3BS,OAJ2B;EAM3B,MAAMgE,aAAa,GAAGjE,UAAU,KAAK/C,UAAU,CAAC8C,IAAhD;EACA,MAAMb,IAAI,GAAW,CAAAM,OAAO,QAAP,YAAAA,OAAO,CAAEN,IAAT,KAAiB,EAAtC;EAEA,MAAMgF,YAAY,GAA2B,EAA7C;EACA,MAAMC,aAAa,GAAyB;IACxC3D,MAAM,EAAER,UADgC;IAExCf,OAAO,EAAE,CAAAO,OAAO,QAAP,YAAAA,OAAO,CAAEP,OAAT,KAAoBiF;GAFjC;;EAKA,IAAIjE,OAAJ,EAAa;IACTkE,aAAa,CAAClE,OAAd,GAAwBA,OAAxB;;;EAGJ,IAAIgE,aAAJ,EAAmB;;IAEfE,aAAa,CAAClF,OAAd,GAAwB,EACpB,GAAGkF,aAAa,CAAClF,OADG;MAEpB,kBAAkBC,IAAI,CAACyB;KAF3B;;;EAMJ,OAAO,IAAII,OAAJ,CAAgC,CAACC,OAAD,EAAUC,MAAV;IACnC,MAAMC,OAAO,GAAGkD,KAAK,CAAClD,OAAN,CAAc3B,GAAd,EAAmB4E,aAAnB,CAAhB;;IAEA,IAAIlE,OAAJ,EAAa;MACTiB,OAAO,CAACE,EAAR,CAAW,SAAX,EAAsB;QAClBF,OAAO,CAACG,OAAR;QACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAU,kBAAV,CAAD,CAAN;OAFJ;;;IAMJ,IAAI2C,aAAJ,EAAmB;MACf/C,OAAO,CAACc,KAAR,CAAc9C,IAAd;;;IAGJgC,OAAO,CAACK,GAAR;IAEAL,OAAO,CAACE,EAAR,CAAW,UAAX,EAAwBI,QAAD;MACnB,MAAMvC,OAAO,GAAGuC,QAAQ,CAACvC,OAAzB;MACA,MAAME,UAAU,GAAGqC,QAAQ,CAACrC,UAA5B;MACA,MAAM2C,aAAa,GAAGN,QAAQ,CAACM,aAA/B;MAEA,MAAMG,IAAI,GAAa,EAAvB;MACAT,QAAQ,CAACJ,EAAT,CAAY,MAAZ,EAAqBc,KAAD;QAChBD,IAAI,CAACE,IAAL,CAAUD,KAAV;OADJ;MAIAV,QAAQ,CAACJ,EAAT,CAAY,KAAZ,EAAmB;;QAEf,MAAMlC,IAAI,GAAGmD,MAAM,CAACC,MAAP,CAAc,CAAC,GAAGL,IAAJ,CAAd,EAAyBM,QAAzB,EAAb;QAEA,MAAMuB,aAAa,GAAG7E,OAAtB;QACA,MAAM8E,eAAe,GAAGhF,YAAY,CAACC,kBAAb,CACpB8E,aADoB,EAEpBE,SAAS,CAAC7E,UAAD,EAAa2C,aAAb,EAA4BgC,aAA5B,EAA2C5E,IAA3C,CAFW,EAGpBC,UAHoB,CAAxB;;QAMA,IAAI,CAAEA,UAAU,GAAGjC,UAAU,CAAC0E,mBAAzB,IAAkDzC,UAAU,GAAGjC,UAAU,CAAC2E,iBAA3E;QAEAkC,eAAe,CAAC7E,IAAhB,CAAqB,OAArB,MAAkCxB,SAAS,CAACG,qBAFhD,EAEuE;UACnEqD,OAAO,CAACG,OAAR;;;QAEJL,OAAO,CAAC+C,eAAD,CAAP;OAhBJ;KAVJ;IA8BA7C,OAAO,CAACE,EAAR,CAAW,OAAX,EAAqBc,KAAD;MAChBhB,OAAO,CAACG,OAAR;MACAJ,MAAM,CAAC,IAAIK,KAAJ,CAAUY,KAAK,CAACK,QAAN,EAAV,CAAD,CAAN;KAFJ;GA9CG,CAAP;AAmDH,CA9ED;AAgFA;;;;;;;;;;AAQA,MAAMyB,SAAS,GAAG,CAAC7E,UAAD,EAAqB2C,aAArB,EAAwD7C,OAAxD,EAAyFC,IAAzF;;;;;;;;EASd,IAAImF,UAAJ;;EACA,IAAI;IACAA,UAAU,GAAGb,IAAI,CAACC,KAAL,CAAWvE,IAAX,CAAb;GADJ,CAEE,OAAOoF,KAAP,EAAc;IACZ,IAAIC,SAAJ;IACA,IAAIC,sBAAJ;;IACA,IAAKrF,UAAU,IAAIjC,UAAU,CAACuH,wBAA1B,IAAwDtF,UAAU,IAAIjC,UAAU,CAACwH,sBAArF,EAA8G;MAC1GH,SAAS,GAAG,cAAZ;MACAC,sBAAsB,GAAG,UAAzB;KAFJ,MAGO,IAAKrF,UAAU,IAAIjC,UAAU,CAACyH,wBAA1B,IAAwDxF,UAAU,IAAIjC,UAAU,CAAC0H,sBAArF,EAA8G;MACjHL,SAAS,GAAG,cAAZ;MACAC,sBAAsB,GAAG,UAAzB;KAFG,MAGA;MACHD,SAAS,GAAG,eAAZ;MACAC,sBAAsB,GAAG,YAAzB;;;IAGJH,UAAU,GAAG;MACTC,KAAK,EAAEC,SADE;MAETM,iBAAiB,KAAKL,4DAA4DrF,oCAAoC2C,aAAa,IAAI,uBAAuB0B,IAAI,CAACsB,SAAL,CAAe7F,OAAf;KAFlK;;;EAMJ,OAAOoF,UAAP;AACH,CAjCD;;ACnSA;;;;AAKA,AAqFA,MAAMU,oBAAoB,GAA8B;EACpDC,QAAQ,EAAEtH,WAAS,CAACuH,YADgC;EAEpDC,SAAS,EAAExH,WAAS,CAACyH,iBAF+B;EAGpDC,YAAY,EAAE1H,WAAS,CAACuH,YAH4B;EAIpDI,eAAe,EAAE3H,WAAS,CAACuH,YAJyB;EAKpDK,iBAAiB,EAAE;IACfC,UAAU,EAAE7H,WAAS,CAACuH,YADP;IAEfO,UAAU,EAAE9H,WAAS,CAACuH,YAFP;IAGfQ,GAAG,EAAE/H,WAAS,CAACuH;GARiC;EAUpDS,gBAAgB,EAAE,EAVkC;EAWpDC,sBAAsB,EAAEjI,WAAS,CAACuH,YAXkB;EAYpDW,iBAAiB,EAAElI,WAAS,CAACuH,YAZuB;EAapDY,kBAAkB,EAAE,EAbgC;EAcpDC,YAAY,EAAEC,YAAY,CAACC,GAdyB;EAepDC,iBAAiB,EAAE;IACfC,kBAAkB,EAAEC,kBAAkB,CAACC,IADxB;IAEfC,MAAM,EAAE3I,WAAS,CAACuH;GAjB8B;EAmBpDqB,0BAA0B,EAAE;AAnBwB,CAAxD;AAsBA,MAAMC,qBAAqB,GAAiB,EAA5C;AAEA,MAAMC,sBAAsB,GAAkB;EAC1CC,cAAc,EAAE;GAD0B;EAI1CC,iBAAiB,EAAE,KAJuB;EAK1CC,QAAQ,EAAEC,QAAQ,CAACC;AALuB,CAA9C;AAQA,MAAMC,sBAAsB,GAAgC;EACxDC,aAAa,EAAEP,sBADyC;EAExDQ,aAAa,eAAE,IAAI3H,UAAJ,EAFyC;EAGxDI,QAAQ,EAAE/B,WAAS,CAACuH;AAHoC,CAA5D;AAMA,MAAMgC,yBAAyB,GAAmC;EAC9DC,WAAW,EAAE;IACTC,OAAO,EAAEzJ,WAAS,CAACuH,YADV;IAETmC,UAAU,EAAE1J,WAAS,CAACuH;;AAHoC,CAAlE;AAcA;;;;;;;;;;;;AAWA,SAAgBoC,sBAAsB;EAClCC,IADkC;EAElCC,KAFkC;EAGlCC,MAHkC;EAIlCC;AAJkC;EAOlC,OAAO;IACHH,IAAI,EAAE,EAAE,GAAGvC,oBAAL;MAA2B,GAAGuC;KADjC;IAEHC,KAAK,EAAE,EAAE,GAAGhB,qBAAL;MAA4B,GAAGgB;KAFnC;IAGHC,MAAM,EAAE,EAAE,GAAGV,sBAAL;MAA6B,GAAGU;KAHrC;IAIHC,SAAS,EAAE,EAAE,GAAGR,yBAAL;MAAgC,GAAGQ;;GAJlD;AAMH;;ACtKD;;;;AAMA,MAEaC;;;;;;EAMTC,YAAY;IACR,OAAOC,EAAM,EAAb;;;;;;;;EAOJC,MAAM,CAACC,IAAD;IACF,MAAMC,SAAS,GAAG,4EAAlB;IACA,OAAOA,SAAS,CAACC,IAAV,CAAeF,IAAf,CAAP;;;;;ACxBR;;;;AAKA,MAEaG;;;;;;;EAOU,OAAZC,YAAY,CAACC,GAAD,EAAcC,QAAd;IACf,OAAO/F,MAAM,CAACgG,IAAP,CAAYF,GAAZ,EAAiBC,QAAjB,EAA2B7F,QAA3B,CAAoC,QAApC,CAAP;;;;;;;;EAOkB,OAAf+F,eAAe,CAACH,GAAD,EAAcC,QAAd;IAClB,OAAOH,aAAa,CAACC,YAAd,CAA2BC,GAA3B,EAAgCC,QAAhC,EACFG,OADE,CACM,IADN,EACY7K,WAAS,CAACuH,YADtB,EAEFsD,OAFE,CAEM,KAFN,EAEa,GAFb,EAGFA,OAHE,CAGM,KAHN,EAGa,GAHb,CAAP;;;;;;;;;;EAYe,OAAZC,YAAY,CAACC,SAAD;IACf,OAAOpG,MAAM,CAACgG,IAAP,CAAYI,SAAZ,EAAuB,QAAvB,EAAiClG,QAAjC,CAA0C,MAA1C,CAAP;;;;;;;EAMkB,OAAfmG,eAAe,CAACD,SAAD;IAClB,IAAIN,GAAG,GAAGM,SAAS,CAACF,OAAV,CAAkB,IAAlB,EAAwB,GAAxB,EAA6BA,OAA7B,CAAqC,IAArC,EAA2C,GAA3C,CAAV;;IACA,OAAOJ,GAAG,CAACxH,MAAJ,GAAa,CAApB,EAAuB;MACnBwH,GAAG,IAAI,GAAP;;;IAEJ,OAAOF,aAAa,CAACO,YAAd,CAA2BL,GAA3B,CAAP;;;;;AC/CR;;;;AAKA,MAGaQ;;;;;EAKTC,MAAM,CAACC,MAAD;IACF,OAAOC,MAAM,CACRC,UADE,CACSzL,IAAI,CAACC,MADd,EAEFyL,MAFE,CAEKH,MAFL,EAGFI,MAHE,EAAP;;;;;ACdR;;;;AAKA,AAMA;;;;AAGA,MAAaC;EAGTC;IACI,KAAKC,SAAL,GAAiB,IAAIT,SAAJ,EAAjB;;;;;;;;EAMmB,MAAjBU,iBAAiB;IACnB,MAAMC,QAAQ,GAAG,KAAKC,oBAAL,EAAjB;IACA,MAAMC,SAAS,GAAG,KAAKC,iCAAL,CAAuCH,QAAvC,CAAlB;IACA,OAAO;MAAEA,QAAF;MAAYE;KAAnB;;;;;;;EAMID,oBAAoB;IACxB,MAAMG,OAAO,GAAG,EAAhB;IACA,MAAMC,SAAS,GAAG,MAAO,MAAMnM,OAAO,CAACC,UAAR,CAAmBkD,MAAlD;;IACA,OAAO+I,OAAO,CAAC/I,MAAR,IAAkBtD,iBAAzB,EAA4C;MACxC,MAAMuM,IAAI,GAAGd,MAAM,CAACe,WAAP,CAAmB,CAAnB,EAAsB,CAAtB,CAAb;;MACA,IAAID,IAAI,IAAID,SAAZ,EAAuB;;;;;QAKnB;;;MAEJ,MAAMG,KAAK,GAAGF,IAAI,GAAGpM,OAAO,CAACC,UAAR,CAAmBkD,MAAxC;MACA+I,OAAO,CAACvH,IAAR,CAAa3E,OAAO,CAACC,UAAR,CAAmBqM,KAAnB,CAAb;;;IAEJ,MAAMR,QAAQ,GAAWI,OAAO,CAAC7G,IAAR,CAAanF,WAAS,CAACuH,YAAvB,CAAzB;IACA,OAAOgD,aAAa,CAACK,eAAd,CAA8BgB,QAA9B,CAAP;;;;;;;;EAOIG,iCAAiC,CAACM,YAAD;IACrC,OAAO9B,aAAa,CAACK,eAAd,CACH,KAAKc,SAAL,CAAeR,MAAf,CAAsBmB,YAAtB,EAAoCxH,QAApC,CAA6C,QAA7C,CADG,EAEH,QAFG,CAAP;;;;;ACzDR;;;;AAMA,AAKA;;;;;;AAKA,MAAayH;EAKTb;;IAEI,KAAKc,aAAL,GAAqB,IAAIf,aAAJ,EAArB;IACA,KAAKgB,aAAL,GAAqB,IAAIxC,aAAJ,EAArB;IACA,KAAK0B,SAAL,GAAiB,IAAIT,SAAJ,EAAjB;;;;;;;;EAOJwB,aAAa;IACT,OAAO,KAAKD,aAAL,CAAmBvC,YAAnB,EAAP;;;;;;;;EAOJO,YAAY,CAACkC,KAAD;IACR,OAAOnC,aAAa,CAACC,YAAd,CAA2BkC,KAA3B,CAAP;;;;;;;;EAOJ5B,YAAY,CAAC4B,KAAD;IACR,OAAOnC,aAAa,CAACO,YAAd,CAA2B4B,KAA3B,CAAP;;;;;;;EAMJf,iBAAiB;IACb,OAAO,KAAKY,aAAL,CAAmBZ,iBAAnB,EAAP;;;;;;;EAMJgB,sBAAsB;IAClB,MAAM,IAAI/I,KAAJ,CAAU,yBAAV,CAAN;;;;;;;;EAOJgJ,qBAAqB;IACjB,MAAM,IAAIhJ,KAAJ,CAAU,yBAAV,CAAN;;;;;;;EAMJiJ,aAAa;IACT,MAAM,IAAIjJ,KAAJ,CAAU,yBAAV,CAAN;;;;;;;EAMJkJ,OAAO;IACH,MAAM,IAAIlJ,KAAJ,CAAU,yBAAV,CAAN;;;;;;;EAMY,MAAVmJ,UAAU,CAACC,SAAD;IACZ,OAAOzC,aAAa,CAACK,eAAd,CACH,KAAKc,SAAL,CAAeR,MAAf,CAAsB8B,SAAtB,EAAiCnI,QAAjC,CAA0C,QAA1C,CADG,EAEH,QAFG,CAAP;;;;;AC5FR;;;;AAKA,AAGA;;;;AAGA,MAAaoI;;;;;EAKiB,OAAnBC,mBAAmB,CAACC,QAAD;IACtB,MAAMC,iBAAiB,GAAGC,WAAW,CAACC,OAAZ,CAAoBH,QAApB,IACpB,EADoB,GAEpBrH,IAAI,CAACC,KAAL,CAAWoH,QAAX,CAFN;IAGA,OAAOC,iBAAP;;;;;;;;EAOsB,OAAnBG,mBAAmB,CAACC,QAAD;IACtB,MAAMC,cAAc,GAAiB,EAArC;;IACA,IAAID,QAAJ,EAAc;MACVtH,MAAM,CAACwH,IAAP,CAAYF,QAAZ,EAAsBG,GAAtB,CAA0B,UAAUC,GAAV;QACtB,MAAMC,aAAa,GAAGL,QAAQ,CAACI,GAAD,CAA9B;QACA,MAAME,SAAS,GAAG;UACdC,aAAa,EAAEF,aAAa,CAACG,eADf;UAEdC,WAAW,EAAEJ,aAAa,CAACI,WAFb;UAGdC,KAAK,EAAEL,aAAa,CAACK,KAHP;UAIdC,cAAc,EAAEN,aAAa,CAACO,gBAJhB;UAKdC,QAAQ,EAAER,aAAa,CAACQ,QALV;UAMdC,aAAa,EAAET,aAAa,CAACU,cANf;UAOdC,IAAI,EAAEX,aAAa,CAACW,IAPN;UAQdC,UAAU,EAAEZ,aAAa,CAACa,WARZ;UASdC,oBAAoB,EAAEd,aAAa,CAACe,sBATtB;UAUdC,mBAAmB,EAAEhB,aAAa,CAACiB;SAVvC;QAYA,MAAMC,OAAO,GAAkB,IAAIC,aAAJ,EAA/B;QACAC,YAAY,CAACC,QAAb,CAAsBH,OAAtB,EAA+BjB,SAA/B;QACAL,cAAc,CAACG,GAAD,CAAd,GAAsBmB,OAAtB;OAhBJ;;;IAoBJ,OAAOtB,cAAP;;;;;;;;EAOsB,OAAnB0B,mBAAmB,CAACC,QAAD;IACtB,MAAMC,SAAS,GAAiB,EAAhC;;IACA,IAAID,QAAJ,EAAc;MACVlJ,MAAM,CAACwH,IAAP,CAAY0B,QAAZ,EAAsBzB,GAAtB,CAA0B,UAAUC,GAAV;QACtB,MAAM0B,aAAa,GAAGF,QAAQ,CAACxB,GAAD,CAA9B;QACA,MAAM2B,SAAS,GAAG;UACdxB,aAAa,EAAEuB,aAAa,CAACtB,eADf;UAEdC,WAAW,EAAEqB,aAAa,CAACrB,WAFb;UAGduB,cAAc,EAAEF,aAAa,CAACG,eAHhB;UAIdnI,QAAQ,EAAEgI,aAAa,CAACI,SAJV;UAKdC,MAAM,EAAEL,aAAa,CAACK,MALR;UAMdzB,KAAK,EAAEoB,aAAa,CAACpB;SANzB;QAQA,MAAM0B,OAAO,GAAkB,IAAIC,aAAJ,EAA/B;QACAZ,YAAY,CAACC,QAAb,CAAsBU,OAAtB,EAA+BL,SAA/B;QACAF,SAAS,CAACzB,GAAD,CAAT,GAAiBgC,OAAjB;OAZJ;;;IAeJ,OAAOP,SAAP;;;;;;;;EAO0B,OAAvBS,uBAAuB,CAACC,YAAD;IAC1B,MAAMC,SAAS,GAAqB,EAApC;;IACA,IAAID,YAAJ,EAAkB;MACd7J,MAAM,CAACwH,IAAP,CAAYqC,YAAZ,EAA0BpC,GAA1B,CAA8B,UAAUC,GAAV;QAC1B,MAAMqC,YAAY,GAAGF,YAAY,CAACnC,GAAD,CAAjC;QACA,MAAMsC,QAAQ,GAAG;UACbnC,aAAa,EAAEkC,YAAY,CAACjC,eADf;UAEbC,WAAW,EAAEgC,YAAY,CAAChC,WAFb;UAGbuB,cAAc,EAAES,YAAY,CAACR,eAHhB;UAIbnI,QAAQ,EAAE2I,YAAY,CAACP,SAJV;UAKbC,MAAM,EAAEM,YAAY,CAACN,MALR;UAMbzB,KAAK,EAAE+B,YAAY,CAAC/B,KANP;UAObiC,MAAM,EAAEF,YAAY,CAACE,MAPR;UAQbC,QAAQ,EAAEH,YAAY,CAACI,SARV;UASbC,SAAS,EAAEL,YAAY,CAACM,UATX;UAUbC,iBAAiB,EAAEP,YAAY,CAACQ,mBAVnB;UAWbC,SAAS,EAAET,YAAY,CAACU,UAXX;UAYbC,KAAK,EAAEX,YAAY,CAACY,MAZP;UAabC,SAAS,EAAEb,YAAY,CAACc,UAbX;UAcbC,eAAe,EAAEf,YAAY,CAACe,eAdjB;UAebC,mBAAmB,EAAEhB,YAAY,CAACgB,mBAfrB;UAgBbC,iBAAiB,EAAEjB,YAAY,CAACiB;SAhBpC;QAkBA,MAAMC,WAAW,GAAsB,IAAIC,iBAAJ,EAAvC;QACAnC,YAAY,CAACC,QAAb,CAAsBiC,WAAtB,EAAmCjB,QAAnC;QACAF,SAAS,CAACpC,GAAD,CAAT,GAAiBuD,WAAjB;OAtBJ;;;IA0BJ,OAAOnB,SAAP;;;;;;;;EAO2B,OAAxBqB,wBAAwB,CAACC,aAAD;IAC3B,MAAMC,SAAS,GAAsB,EAArC;;IACA,IAAID,aAAJ,EAAmB;MACfpL,MAAM,CAACwH,IAAP,CAAY4D,aAAZ,EAA2B3D,GAA3B,CAA+B,UAAUC,GAAV;QAC3B,MAAM4D,YAAY,GAAGF,aAAa,CAAC1D,GAAD,CAAlC;QACA,MAAM6D,QAAQ,GAAG;UACb1D,aAAa,EAAEyD,YAAY,CAACxD,eADf;UAEbC,WAAW,EAAEuD,YAAY,CAACvD,WAFb;UAGbuB,cAAc,EAAEgC,YAAY,CAAC/B,eAHhB;UAIbnI,QAAQ,EAAEkK,YAAY,CAAC9B,SAJV;UAKbC,MAAM,EAAE6B,YAAY,CAAC7B,MALR;UAMb+B,QAAQ,EAAEF,YAAY,CAACG,SANV;UAObxB,MAAM,EAAEqB,YAAY,CAACrB,MAPR;UAQbjC,KAAK,EAAEsD,YAAY,CAACtD;SARxB;QAUA,MAAM0D,YAAY,GAAuB,IAAIC,kBAAJ,EAAzC;QACA5C,YAAY,CAACC,QAAb,CAAsB0C,YAAtB,EAAoCH,QAApC;QACAF,SAAS,CAAC3D,GAAD,CAAT,GAAiBgE,YAAjB;OAdJ;;;IAkBJ,OAAOL,SAAP;;;;;;;;EAOyB,OAAtBO,sBAAsB,CAACC,WAAD;IACzB,MAAMC,kBAAkB,GAAqB,EAA7C;;IACA,IAAID,WAAJ,EAAiB;MACb7L,MAAM,CAACwH,IAAP,CAAYqE,WAAZ,EAAyBpE,GAAzB,CAA6B,UAAUC,GAAV;QACzB,MAAMqE,cAAc,GAAGF,WAAW,CAACnE,GAAD,CAAlC;QACA,MAAMsE,SAAS,GAAG;UACd5K,QAAQ,EAAE2K,cAAc,CAACvC,SADX;UAEdzB,WAAW,EAAEgE,cAAc,CAAChE,WAFd;UAGdyD,QAAQ,EAAEO,cAAc,CAACN;SAH7B;QAKA,MAAMQ,GAAG,GAAsB,IAAIC,iBAAJ,EAA/B;QACAnD,YAAY,CAACC,QAAb,CAAsBiD,GAAtB,EAA2BD,SAA3B;QACAF,kBAAkB,CAACpE,GAAD,CAAlB,GAA0BuE,GAA1B;OATJ;;;IAaJ,OAAOH,kBAAP;;;;;;;;EAOsB,OAAnBK,mBAAmB,CAACC,SAAD;IACtB,OAAO;MACH9E,QAAQ,EAAE8E,SAAS,CAACC,OAAV,GACJ,KAAKhF,mBAAL,CAAyB+E,SAAS,CAACC,OAAnC,CADI,GAEJ,EAHH;MAIHnD,QAAQ,EAAEkD,SAAS,CAACE,OAAV,GACJ,KAAKrD,mBAAL,CAAyBmD,SAAS,CAACE,OAAnC,CADI,GAEJ,EANH;MAOHzC,YAAY,EAAEuC,SAAS,CAACG,WAAV,GACR,KAAK3C,uBAAL,CAA6BwC,SAAS,CAACG,WAAvC,CADQ,GAER,EATH;MAUHnB,aAAa,EAAEgB,SAAS,CAACI,YAAV,GACT,KAAKrB,wBAAL,CAA8BiB,SAAS,CAACI,YAAxC,CADS,GAET,EAZH;MAaHX,WAAW,EAAEO,SAAS,CAACK,WAAV,GACP,KAAKb,sBAAL,CAA4BQ,SAAS,CAACK,WAAtC,CADO,GAEP;KAfV;;;;;AC1KR;;;;AAQA,MAAaC;;;;;EAKe,OAAjBC,iBAAiB,CAACtO,IAAD;IACpB,OAAOuB,IAAI,CAACsB,SAAL,CAAe7C,IAAf,CAAP;;;;;;;;EAOoB,OAAjBuO,iBAAiB,CAACC,QAAD;IACpB,MAAMvF,QAAQ,GAA4C,EAA1D;IACAtH,MAAM,CAACwH,IAAP,CAAYqF,QAAZ,EAAsBpF,GAAtB,CAA0B,UAAUC,GAAV;MACtB,MAAMoF,aAAa,GAAGD,QAAQ,CAACnF,GAAD,CAA9B;MACAJ,QAAQ,CAACI,GAAD,CAAR,GAAgB;QACZI,eAAe,EAAEgF,aAAa,CAACjF,aADnB;QAEZE,WAAW,EAAE+E,aAAa,CAAC/E,WAFf;QAGZC,KAAK,EAAE8E,aAAa,CAAC9E,KAHT;QAIZE,gBAAgB,EAAE4E,aAAa,CAAC7E,cAJpB;QAKZE,QAAQ,EAAE2E,aAAa,CAAC3E,QALZ;QAMZE,cAAc,EAAEyE,aAAa,CAAC1E,aANlB;QAOZE,IAAI,EAAEwE,aAAa,CAACxE,IAPR;QAQZE,WAAW,EAAEsE,aAAa,CAACvE,UARf;QASZG,sBAAsB,EAAEoE,aAAa,CAACrE,oBAT1B;QAUZG,qBAAqB,EAAEkE,aAAa,CAACnE;OAVzC;KAFJ;IAgBA,OAAOrB,QAAP;;;;;;;;EAOoB,OAAjByF,iBAAiB,CAACC,QAAD;IACpB,MAAM9D,QAAQ,GAA4C,EAA1D;IACAlJ,MAAM,CAACwH,IAAP,CAAYwF,QAAZ,EAAsBvF,GAAtB,CAA0B,UAAUC,GAAV;MACtB,MAAMuF,SAAS,GAAGD,QAAQ,CAACtF,GAAD,CAA1B;MACAwB,QAAQ,CAACxB,GAAD,CAAR,GAAgB;QACZI,eAAe,EAAEmF,SAAS,CAACpF,aADf;QAEZE,WAAW,EAAEkF,SAAS,CAAClF,WAFX;QAGZwB,eAAe,EAAE0D,SAAS,CAAC3D,cAHf;QAIZE,SAAS,EAAEyD,SAAS,CAAC7L,QAJT;QAKZqI,MAAM,EAAEwD,SAAS,CAACxD,MALN;QAMZzB,KAAK,EAAEiF,SAAS,CAACjF;OANrB;KAFJ;IAYA,OAAOkB,QAAP;;;;;;;;EAOwB,OAArBgE,qBAAqB,CAACC,OAAD;IACxB,MAAMtD,YAAY,GAAgD,EAAlE;IACA7J,MAAM,CAACwH,IAAP,CAAY2F,OAAZ,EAAqB1F,GAArB,CAAyB,UAAUC,GAAV;MACrB,MAAM0F,QAAQ,GAAGD,OAAO,CAACzF,GAAD,CAAxB;MACAmC,YAAY,CAACnC,GAAD,CAAZ,GAAoB;QAChBI,eAAe,EAAEsF,QAAQ,CAACvF,aADV;QAEhBE,WAAW,EAAEqF,QAAQ,CAACrF,WAFN;QAGhBwB,eAAe,EAAE6D,QAAQ,CAAC9D,cAHV;QAIhBE,SAAS,EAAE4D,QAAQ,CAAChM,QAJJ;QAKhBqI,MAAM,EAAE2D,QAAQ,CAAC3D,MALD;QAMhBzB,KAAK,EAAEoF,QAAQ,CAACpF,KANA;QAOhBiC,MAAM,EAAEmD,QAAQ,CAACnD,MAPD;QAQhBE,SAAS,EAAEiD,QAAQ,CAAClD,QARJ;QAShBG,UAAU,EAAE+C,QAAQ,CAAChD,SATL;QAUhBG,mBAAmB,EAAE6C,QAAQ,CAAC9C,iBAVd;QAWhBG,UAAU,EAAE2C,QAAQ,CAAC5C,SAXL;QAYhBG,MAAM,EAAEyC,QAAQ,CAAC1C,KAZD;QAahBG,UAAU,EAAEuC,QAAQ,CAACxC,SAbL;QAchBE,eAAe,EAAEsC,QAAQ,CAACtC,eAdV;QAehBC,mBAAmB,EAAEqC,QAAQ,CAACrC,mBAfd;QAgBhBC,iBAAiB,EAAEoC,QAAQ,CAACpC;OAhBhC;KAFJ;IAsBA,OAAOnB,YAAP;;;;;;;;EAOyB,OAAtBwD,sBAAsB,CAACC,OAAD;IACzB,MAAMlC,aAAa,GAAiD,EAApE;IACApL,MAAM,CAACwH,IAAP,CAAY8F,OAAZ,EAAqB7F,GAArB,CAAyB,UAAUC,GAAV;MACrB,MAAM6F,QAAQ,GAAGD,OAAO,CAAC5F,GAAD,CAAxB;MACA0D,aAAa,CAAC1D,GAAD,CAAb,GAAqB;QACjBI,eAAe,EAAEyF,QAAQ,CAAC1F,aADT;QAEjBE,WAAW,EAAEwF,QAAQ,CAACxF,WAFL;QAGjBwB,eAAe,EAAEgE,QAAQ,CAACjE,cAHT;QAIjBE,SAAS,EAAE+D,QAAQ,CAACnM,QAJH;QAKjBqI,MAAM,EAAE8D,QAAQ,CAAC9D,MALA;QAMjBgC,SAAS,EAAE8B,QAAQ,CAAC/B,QANH;QAOjBvB,MAAM,EAAEsD,QAAQ,CAACtD,MAPA;QAQjBjC,KAAK,EAAEuF,QAAQ,CAACvF;OARpB;KAFJ;IAcA,OAAOoD,aAAP;;;;;;;;EAOuB,OAApBoC,oBAAoB,CAACC,SAAD;IACvB,MAAM5B,WAAW,GAAgD,EAAjE;IACA7L,MAAM,CAACwH,IAAP,CAAYiG,SAAZ,EAAuBhG,GAAvB,CAA2B,UAAUC,GAAV;MACvB,MAAMgG,UAAU,GAAGD,SAAS,CAAC/F,GAAD,CAA5B;MACAmE,WAAW,CAACnE,GAAD,CAAX,GAAmB;QACf8B,SAAS,EAAEkE,UAAU,CAACtM,QADP;QAEf2G,WAAW,EAAE2F,UAAU,CAAC3F,WAFT;QAGf0D,SAAS,EAAEiC,UAAU,CAAClC;OAH1B;KAFJ;IASA,OAAOK,WAAP;;;;;;;;EAOoB,OAAjB8B,iBAAiB,CAACC,UAAD;IACpB,OAAO;MACHvB,OAAO,EAAE,KAAKO,iBAAL,CAAuBgB,UAAU,CAACtG,QAAlC,CADN;MAEHgF,OAAO,EAAE,KAAKS,iBAAL,CAAuBa,UAAU,CAAC1E,QAAlC,CAFN;MAGHqD,WAAW,EAAE,KAAKW,qBAAL,CAA2BU,UAAU,CAAC/D,YAAtC,CAHV;MAIH2C,YAAY,EAAE,KAAKa,sBAAL,CAA4BO,UAAU,CAACxC,aAAvC,CAJX;MAKHqB,WAAW,EAAE,KAAKe,oBAAL,CAA0BI,UAAU,CAAC/B,WAArC;KALjB;;;;;AC5IR;;;;AAKA,AAmBA;;;;;AAIA,MAAagC,oBAAoB9E;EAM7BxD,YAAYuI,QAAgB1M,UAAkB2M;IAC1C,MAAM3M,QAAN,EAAgB2M,UAAhB;IAJI,UAAA,GAAsB,EAAtB;IACA,mBAAA,GAAkC,EAAlC;IAIJ,KAAKD,MAAL,GAAcA,MAAd;;;;;;;;EAOJE,qBAAqB,CAACC,IAAD;IACjB,KAAKC,cAAL,CAAoB3P,IAApB,CAAyB0P,IAAzB;;;;;;;EAMJE,UAAU;IACN,KAAKD,cAAL,CAAoB7O,OAApB,CAA4B4O,IAAI,IAAIA,IAAI,CAACG,IAAL,CAAU,IAAV,CAApC;;;;;;;;EAOJC,oBAAoB,CAAC1K,KAAD;IAChB,MAAM2K,aAAa,GAAkB;MACjChH,QAAQ,EAAE,EADuB;MAEjC4B,QAAQ,EAAE,EAFuB;MAGjCW,YAAY,EAAE,EAHmB;MAIjCuB,aAAa,EAAE,EAJkB;MAKjCS,WAAW,EAAE;KALjB;;IAQA,KAAK,MAAMnE,GAAX,IAAkB/D,KAAlB,EAAyB;MACrB,IAAIA,KAAK,CAAC+D,GAAD,CAAL,YAAgCoB,aAApC,EAAmD;QAC/CwF,aAAa,CAAChH,QAAd,CAAuBI,GAAvB,IAA8B/D,KAAK,CAAC+D,GAAD,CAAnC;OADJ,MAEO,IAAI/D,KAAK,CAAC+D,GAAD,CAAL,YAAsBiC,aAA1B,EAAyC;QAC5C2E,aAAa,CAACpF,QAAd,CAAuBxB,GAAvB,IAA8B/D,KAAK,CAAC+D,GAAD,CAAnC;OADG,MAEA,IAAI/D,KAAK,CAAC+D,GAAD,CAAL,YAAsBwD,iBAA1B,EAA6C;QAChDoD,aAAa,CAACzE,YAAd,CAA2BnC,GAA3B,IAAkC/D,KAAK,CAAC+D,GAAD,CAAvC;OADG,MAEA,IAAI/D,KAAK,CAAC+D,GAAD,CAAL,YAAsBiE,kBAA1B,EAA8C;QACjD2C,aAAa,CAAClD,aAAd,CAA4B1D,GAA5B,IAAmC/D,KAAK,CAAC+D,GAAD,CAAxC;OADG,MAEA,IAAI/D,KAAK,CAAC+D,GAAD,CAAL,YAAsBwE,iBAA1B,EAA6C;QAChDoC,aAAa,CAACzC,WAAd,CAA0BnE,GAA1B,IAAiC/D,KAAK,CAAC+D,GAAD,CAAtC;OADG,MAEA;QACH;;;;IAIR,OAAO4G,aAAP;;;;;;;;EAOJC,oBAAoB,CAACD,aAAD;;IAGhB,IAAI3K,KAAK,GAAG,KAAK6K,QAAL,EAAZ;IAEA7K,KAAK,GAAG,EACJ,GAAGA,KADC;MAEJ,GAAG2K,aAAa,CAAChH,QAFb;MAGJ,GAAGgH,aAAa,CAACpF,QAHb;MAIJ,GAAGoF,aAAa,CAACzE,YAJb;MAKJ,GAAGyE,aAAa,CAAClD,aALb;MAMJ,GAAGkD,aAAa,CAACzC;KANrB;;IAUA,OAAOlI,KAAP;;;;;;;EAMJ8K,gBAAgB;IACZ,KAAKX,MAAL,CAAYY,KAAZ,CAAkB,yBAAlB;;IAGA,MAAMJ,aAAa,GAAG,KAAKD,oBAAL,CAA0B,KAAKG,QAAL,EAA1B,CAAtB;IACA,OAAOF,aAAP;;;;;;;;EAOJK,gBAAgB,CAACL,aAAD;IACZ,KAAKR,MAAL,CAAYY,KAAZ,CAAkB,yBAAlB;;IAGA,MAAM/K,KAAK,GAAG,KAAK4K,oBAAL,CAA0BD,aAA1B,CAAd;IACA,KAAKM,QAAL,CAAcjL,KAAd;IAEA,KAAKwK,UAAL;;;;;;;EAMJK,QAAQ;IACJ,KAAKV,MAAL,CAAYY,KAAZ,CAAkB,+BAAlB;IACA,OAAO,KAAK/K,KAAZ;;;;;;;;EAOJiL,QAAQ,CAACjL,KAAD;IACJ,KAAKmK,MAAL,CAAYY,KAAZ,CAAkB,+BAAlB;IACA,KAAK/K,KAAL,GAAaA,KAAb;;IAGA,KAAKwK,UAAL;;;;;;;;EAOJU,OAAO,CAACnH,GAAD;IACH,KAAKoG,MAAL,CAAYgB,QAAZ,cAAkCpH,KAAlC;;IAGA,MAAM/D,KAAK,GAAG,KAAK6K,QAAL,EAAd;IACA,OAAO7K,KAAK,CAAC+D,GAAD,CAAZ;;;;;;;;;EAQJqH,OAAO,CAACrH,GAAD,EAAcsH,KAAd;IACH,KAAKlB,MAAL,CAAYgB,QAAZ,cAAkCpH,KAAlC;;IAGA,MAAM/D,KAAK,GAAG,KAAK6K,QAAL,EAAd;IACA7K,KAAK,CAAC+D,GAAD,CAAL,GAAasH,KAAb;;IAGA,KAAKJ,QAAL,CAAcjL,KAAd;;;;;;;;EAOJsL,UAAU,CAACC,UAAD;IACN,MAAMrG,OAAO,GAAG,KAAKgG,OAAL,CAAaK,UAAb,CAAhB;;IACA,IAAIpG,aAAa,CAACqG,eAAd,CAA8BtG,OAA9B,CAAJ,EAA4C;MACxC,OAAOA,OAAP;;;IAEJ,OAAO,IAAP;;;;;;;;EAOJuG,UAAU,CAACvG,OAAD;IACN,MAAMqG,UAAU,GAAGrG,OAAO,CAACwG,kBAAR,EAAnB;IACA,KAAKN,OAAL,CAAaG,UAAb,EAAyBrG,OAAzB;;;;;;;;EAOJyG,oBAAoB,CAACC,UAAD;IAChB,MAAM7F,OAAO,GAAG,KAAKmF,OAAL,CAAaU,UAAb,CAAhB;;IACA,IAAI5F,aAAa,CAAC6F,eAAd,CAA8B9F,OAA9B,CAAJ,EAA4C;MACxC,OAAOA,OAAP;;;IAEJ,OAAO,IAAP;;;;;;;;EAOJ+F,oBAAoB,CAAC/F,OAAD;IAChB,MAAM6F,UAAU,GAAG7F,OAAO,CAACgG,qBAAR,EAAnB;IACA,KAAKX,OAAL,CAAaQ,UAAb,EAAyB7F,OAAzB;;;;;;;;EAOJiG,wBAAwB,CAACC,cAAD;IACpB,MAAM3E,WAAW,GAAG,KAAK4D,OAAL,CAAae,cAAb,CAApB;;IACA,IAAI1E,iBAAiB,CAAC2E,mBAAlB,CAAsC5E,WAAtC,CAAJ,EAAwD;MACpD,OAAOA,WAAP;;;IAEJ,OAAO,IAAP;;;;;;;;EAOJ6E,wBAAwB,CAAC7E,WAAD;IACpB,MAAM2E,cAAc,GAAG3E,WAAW,CAACyE,qBAAZ,EAAvB;IACA,KAAKX,OAAL,CAAaa,cAAb,EAA6B3E,WAA7B;;;;;;;;EAOJ8E,yBAAyB,CAACC,eAAD;IACrB,MAAMtE,YAAY,GAAG,KAAKmD,OAAL,CAAamB,eAAb,CAArB;;IACA,IAAIrE,kBAAkB,CAACsE,oBAAnB,CAAwCvE,YAAxC,CAAJ,EAA2D;MACvD,OAAOA,YAAP;;;IAEJ,OAAO,IAAP;;;;;;;;EAOJwE,yBAAyB,CAACxE,YAAD;IACrB,MAAMsE,eAAe,GAAGtE,YAAY,CAACgE,qBAAb,EAAxB;IACA,KAAKX,OAAL,CAAaiB,eAAb,EAA8BtE,YAA9B;;;;;;;;EAOJyE,cAAc,CAACC,cAAD;IACV,MAAMvE,WAAW,GAAsB,KAAKgD,OAAL,CAAauB,cAAb,CAAvC;;IACA,IAAIlE,iBAAiB,CAACmE,mBAAlB,CAAsCD,cAAtC,EAAsDvE,WAAtD,CAAJ,EAAwE;MACpE,OAAOA,WAAP;;;IAEJ,OAAO,IAAP;;;;;;;;EAOJyE,cAAc,CAACzE,WAAD;IACV,MAAMuE,cAAc,GAAGvE,WAAW,CAAC0E,sBAAZ,EAAvB;IACA,KAAKxB,OAAL,CAAaqB,cAAb,EAA6BvE,WAA7B;;;;;;;;EAOJ2E,kBAAkB,CAACC,kBAAD;IACd,MAAMC,qBAAqB,GAA0B,KAAK7B,OAAL,CAAa4B,kBAAb,CAArD;;IACA,IAAIC,qBAAqB,IAAIC,qBAAqB,CAACC,uBAAtB,CAA8CH,kBAA9C,EAAkEC,qBAAlE,CAA7B,EAAuH;MACnH,OAAOA,qBAAP;;;IAEJ,OAAO,IAAP;;;;;;;;;EAQJG,kBAAkB,CAACC,kBAAD,EAA6BC,eAA7B;IACd,KAAKhC,OAAL,CAAa+B,kBAAb,EAAiCC,eAAjC;;;;;;;;EAOJC,oBAAoB,CAACtJ,GAAD;IAChB,MAAMuJ,uBAAuB,GAA4B,KAAKpC,OAAL,CAAanH,GAAb,CAAzD;;IACA,IAAIuJ,uBAAuB,IAAIC,uBAAuB,CAACC,yBAAxB,CAAkDzJ,GAAlD,EAAuDuJ,uBAAvD,CAA/B,EAAgH;MAC5G,OAAOA,uBAAP;;;IAEJ,OAAO,IAAP;;;;;;;EAMJG,wBAAwB;IACpB,OAAO,KAAKC,OAAL,GAAeC,MAAf,CAAuB5J,GAAD;MACzB,OAAO,KAAK6J,mBAAL,CAAyB7J,GAAzB,CAAP;KADG,CAAP;;;;;;;;;EAUJ8J,oBAAoB,CAAC9J,GAAD,EAAc+J,QAAd;IAChB,KAAK1C,OAAL,CAAarH,GAAb,EAAkB+J,QAAlB;;;;;;;;EAOJC,kBAAkB,CAACC,kBAAD;IACd,MAAMC,eAAe,GAAqB,KAAK/C,OAAL,CAAa8C,kBAAb,CAA1C;;IACA,IAAIC,eAAe,IAAIC,gBAAgB,CAACC,kBAAjB,CAAoCH,kBAApC,EAAwDC,eAAxD,CAAvB,EAAiG;MAC7F,OAAOA,eAAP;;;IAEJ,OAAO,IAAP;;;;;;;;;EAQJG,kBAAkB,CAACJ,kBAAD,EAA6BC,eAA7B;IACd,KAAK7C,OAAL,CAAa4C,kBAAb,EAAiCC,eAAjC;;;;;;;;;EAQJI,UAAU,CAACtK,GAAD;IACN,KAAKoG,MAAL,CAAYgB,QAAZ,cAAkCpH,KAAlC;;IAGA,IAAIuK,MAAM,GAAY,KAAtB;IACA,MAAMtO,KAAK,GAAG,KAAK6K,QAAL,EAAd;;IAEA,IAAI,CAAC,CAAC7K,KAAK,CAAC+D,GAAD,CAAX,EAAkB;MACd,OAAO/D,KAAK,CAAC+D,GAAD,CAAZ;MACAuK,MAAM,GAAG,IAAT;;;;IAIJ,IAAIA,MAAJ,EAAY;MACR,KAAKrD,QAAL,CAAcjL,KAAd;MACA,KAAKwK,UAAL;;;IAEJ,OAAO8D,MAAP;;;;;;;;EAOJC,WAAW,CAACxK,GAAD;IACP,OAAO,KAAK2J,OAAL,GAAec,QAAf,CAAwBzK,GAAxB,CAAP;;;;;;;EAMJ2J,OAAO;IACH,KAAKvD,MAAL,CAAYY,KAAZ,CAAkB,2BAAlB;;IAGA,MAAM/K,KAAK,GAAG,KAAK6K,QAAL,EAAd;IACA,OAAO,CAAE,GAAGxO,MAAM,CAACwH,IAAP,CAAY7D,KAAZ,CAAL,CAAP;;;;;;;EAMO,MAALyO,KAAK;IACP,KAAKtE,MAAL,CAAYY,KAAZ,CAAkB,wCAAlB;;IAGA,MAAM2D,SAAS,GAAG,KAAKhB,OAAL,EAAlB;;IAGAgB,SAAS,CAAChT,OAAV,CAAkBqI,GAAG;MACjB,KAAKsK,UAAL,CAAgBtK,GAAhB;KADJ;IAGA,KAAKyG,UAAL;;;;;;;;EAOwB,OAArBmE,qBAAqB,CAAC3O,KAAD;IACxB,OAAOoD,YAAY,CAACoF,mBAAb,CACHpF,YAAY,CAACC,mBAAb,CAAiCrD,KAAjC,CADG,CAAP;;;;;;;;EASoB,OAAjB4O,iBAAiB,CAACjE,aAAD;IACpB,OAAO5B,UAAU,CAACiB,iBAAX,CAA6BW,aAA7B,CAAP;;;;;;;EAMJkE,wBAAwB,CAACC,eAAD,EAA0BC,UAA1B;IACpB,MAAMC,eAAe,GAAGD,UAAU,CAAChD,qBAAX,EAAxB;;IAEA,IAAI+C,eAAe,KAAKE,eAAxB,EAAyC;MACrC,MAAMC,SAAS,GAAG,KAAK/D,OAAL,CAAa4D,eAAb,CAAlB;;MACA,IAAIG,SAAJ,EAAe;QACX,KAAKZ,UAAL,CAAgBS,eAAhB;QACA,KAAK1D,OAAL,CAAa4D,eAAb,EAA8BC,SAA9B;QACA,KAAK9E,MAAL,CAAY+E,OAAZ,wBAA2CH,UAAU,CAACpJ,0BAAtD;QACA,OAAOqJ,eAAP;OAJJ,MAKO;QACH,KAAK7E,MAAL,CAAYpN,KAAZ,oCAAqDgS,UAAU,CAACpJ,qFAAhE;;;;IAIR,OAAOmJ,eAAP;;;;;ACtcR;;;;AAMA,AAMA,MAAMK,sBAAsB,GAAc;EACtCzG,OAAO,EAAE,EAD6B;EAEtCC,OAAO,EAAE,EAF6B;EAGtCC,WAAW,EAAE,EAHyB;EAItCC,YAAY,EAAE,EAJwB;EAKtCC,WAAW,EAAE;AALyB,CAA1C;AAQA;;;;;AAIA,MAAasG;EAQTxN,YAAYyN,SAAsBlF,QAAgBmF;IAC9C,KAAKC,eAAL,GAAuB,KAAvB;IACA,KAAKF,OAAL,GAAeA,OAAf;IACA,KAAKA,OAAL,CAAahF,qBAAb,CAAmC,KAAKmF,iBAAL,CAAuBC,IAAvB,CAA4B,IAA5B,CAAnC;;IACA,IAAIH,WAAJ,EAAiB;MACb,KAAKI,WAAL,GAAmBJ,WAAnB;;;IAEJ,KAAKnF,MAAL,GAAcA,MAAd;;;;;;;EAMJwF,UAAU;IACN,OAAO,KAAKJ,eAAZ;;;;;;;EAMJK,SAAS;IACL,KAAKzF,MAAL,CAAYY,KAAZ,CAAkB,6BAAlB;IACA,IAAI8E,UAAU,GAAG9G,UAAU,CAACiB,iBAAX,CACb,KAAKqF,OAAL,CAAavE,gBAAb,EADa,CAAjB;;IAKA,IAAI,CAACtH,WAAW,CAACC,OAAZ,CAAoB,KAAKqM,aAAzB,CAAL,EAA8C;MAC1C,KAAK3F,MAAL,CAAYY,KAAZ,CAAkB,kCAAlB;MACA8E,UAAU,GAAG,KAAKE,UAAL,CACT9T,IAAI,CAACC,KAAL,CAAW,KAAK4T,aAAhB,CADS,EAETD,UAFS,CAAb;KAFJ,MAMO;MACH,KAAK1F,MAAL,CAAYY,KAAZ,CAAkB,4BAAlB;;;IAEJ,KAAKwE,eAAL,GAAuB,KAAvB;IAEA,OAAOtT,IAAI,CAACsB,SAAL,CAAesS,UAAf,CAAP;;;;;;;;EAOJG,WAAW,CAAChQ,KAAD;IACP,KAAKmK,MAAL,CAAYY,KAAZ,CAAkB,uCAAlB;IACA,KAAK+E,aAAL,GAAqB9P,KAArB;;IAEA,IAAI,CAACwD,WAAW,CAACC,OAAZ,CAAoB,KAAKqM,aAAzB,CAAL,EAA8C;MAC1C,KAAK3F,MAAL,CAAYY,KAAZ,CAAkB,kCAAlB;MACA,MAAMxH,iBAAiB,GAAGH,YAAY,CAACoF,mBAAb,CACtB,KAAKyH,eAAL,CAAqBhU,IAAI,CAACC,KAAL,CAAW,KAAK4T,aAAhB,CAArB,CADsB,CAA1B;MAGA,KAAKT,OAAL,CAAarE,gBAAb,CAA8BzH,iBAA9B;KALJ,MAMO;MACH,KAAK4G,MAAL,CAAYY,KAAZ,CAAkB,kCAAlB;;;;;;;;EAORmF,UAAU;IACN,OAAO,KAAKb,OAAL,CAAaxE,QAAb,EAAP;;;;;;;EAMgB,MAAdsF,cAAc;IAEhB,KAAKhG,MAAL,CAAYY,KAAZ,CAAkB,uBAAlB;IACA,IAAIqF,YAAJ;;IACA,IAAI;MACA,IAAI,KAAKV,WAAT,EAAsB;QAClBU,YAAY,GAAG,IAAIC,iBAAJ,CAAsB,IAAtB,EAA4B,KAA5B,CAAf;QACA,MAAM,KAAKX,WAAL,CAAiBY,iBAAjB,CAAmCF,YAAnC,CAAN;;;MAEJ,OAAO,KAAKf,OAAL,CAAac,cAAb,EAAP;KALJ,SAMU;MACN,IAAI,KAAKT,WAAL,IAAoBU,YAAxB,EAAsC;QAClC,MAAM,KAAKV,WAAL,CAAiBa,gBAAjB,CAAkCH,YAAlC,CAAN;;;;;;;;;;;;EAWY,MAAlBI,kBAAkB,CAACtM,aAAD;IACpB,MAAMuM,WAAW,GAAG,MAAM,KAAKN,cAAL,EAA1B;;IACA,IAAI,CAAC3M,WAAW,CAACC,OAAZ,CAAoBS,aAApB,CAAD,IAAuCuM,WAAvC,IAAsDA,WAAW,CAACrX,MAAtE,EAA8E;MAC1E,OAAOqX,WAAW,CAAC9C,MAAZ,CAAmB+C,UAAU,IAAIA,UAAU,CAACxM,aAAX,KAA6BA,aAA9D,EAA6E,CAA7E,KAAmF,IAA1F;KADJ,MAEO;MACH,OAAO,IAAP;;;;;;;;;;;EAUiB,MAAnByM,mBAAmB,CAACrM,cAAD;IACrB,MAAMmM,WAAW,GAAG,MAAM,KAAKN,cAAL,EAA1B;;IACA,IAAI,CAAC3M,WAAW,CAACC,OAAZ,CAAoBa,cAApB,CAAD,IAAwCmM,WAAxC,IAAuDA,WAAW,CAACrX,MAAvE,EAA+E;MAC3E,OAAOqX,WAAW,CAAC9C,MAAZ,CAAmB+C,UAAU,IAAIA,UAAU,CAACpM,cAAX,KAA8BA,cAA/D,EAA+E,CAA/E,KAAqF,IAA5F;KADJ,MAEO;MACH,OAAO,IAAP;;;;;;;;;EAQW,MAAbsM,aAAa,CAAC1L,OAAD;IACf,KAAKiF,MAAL,CAAYY,KAAZ,CAAkB,sBAAlB;IACA,IAAIqF,YAAJ;;IACA,IAAI;MACA,IAAI,KAAKV,WAAT,EAAsB;QAClBU,YAAY,GAAG,IAAIC,iBAAJ,CAAsB,IAAtB,EAA4B,IAA5B,CAAf;QACA,MAAM,KAAKX,WAAL,CAAiBY,iBAAjB,CAAmCF,YAAnC,CAAN;;;MAEJ,MAAM,KAAKf,OAAL,CAAauB,aAAb,CAA2BzL,aAAa,CAAC0L,uBAAd,CAAsC3L,OAAtC,CAA3B,CAAN;KALJ,SAMU;MACN,IAAI,KAAKwK,WAAL,IAAoBU,YAAxB,EAAsC;QAClC,MAAM,KAAKV,WAAL,CAAiBa,gBAAjB,CAAkCH,YAAlC,CAAN;;;;;;;;;EAQJZ,iBAAiB;IACrB,KAAKD,eAAL,GAAuB,IAAvB;;;;;;;;;EAQIQ,UAAU,CAACe,QAAD,EAAsBC,YAAtB;IACd,KAAK5G,MAAL,CAAYY,KAAZ,CAAkB,6CAAlB;IACA,MAAMiG,iBAAiB,GAAG,KAAKC,aAAL,CAAmBH,QAAnB,EAA6BC,YAA7B,CAA1B;IACA,OAAO,KAAKG,YAAL,CAAkBF,iBAAlB,EAAqCD,YAArC,CAAP;;;;;;;;;EAQIG,YAAY,CAACJ,QAAD,EAAmBK,QAAnB;IAChB9U,MAAM,CAACwH,IAAP,CAAYsN,QAAZ,EAAsBzV,OAAtB,CAA+B0V,MAAD;MAC1B,MAAMC,QAAQ,GAAGF,QAAQ,CAACC,MAAD,CAAzB;;MAGA,IAAI,CAACN,QAAQ,CAACQ,cAAT,CAAwBF,MAAxB,CAAL,EAAsC;QAClC,IAAIC,QAAQ,KAAK,IAAjB,EAAuB;UACnBP,QAAQ,CAACM,MAAD,CAAR,GAAmBC,QAAnB;;OAFR,MAIO;;QAEH,MAAME,eAAe,GAAGF,QAAQ,KAAK,IAArC;QACA,MAAMG,gBAAgB,GAAG,OAAOH,QAAP,KAAoB,QAA7C;QACA,MAAMI,kBAAkB,GAAG,CAACC,KAAK,CAACC,OAAN,CAAcN,QAAd,CAA5B;QACA,MAAMO,0BAA0B,GAAG,OAAOd,QAAQ,CAACM,MAAD,CAAf,KAA4B,WAA5B,IAA2CN,QAAQ,CAACM,MAAD,CAAR,KAAqB,IAAnG;;QAEA,IAAIG,eAAe,IAAIC,gBAAnB,IAAuCC,kBAAvC,IAA6DG,0BAAjE,EAA6F;UACzF,KAAKV,YAAL,CAAkBJ,QAAQ,CAACM,MAAD,CAA1B,EAAoCC,QAApC;SADJ,MAEO;UACHP,QAAQ,CAACM,MAAD,CAAR,GAAmBC,QAAnB;;;KAlBZ;IAuBA,OAAOP,QAAP;;;;;;;;;;EASIG,aAAa,CAACH,QAAD,EAAsBK,QAAtB;IACjB,KAAKhH,MAAL,CAAYY,KAAZ,CAAkB,iCAAlB;IACA,MAAMpH,QAAQ,GAAGmN,QAAQ,CAACpI,OAAT,GAAmB,KAAKmJ,iBAAL,CAAgDf,QAAQ,CAACpI,OAAzD,EAAkEyI,QAAQ,CAACzI,OAA3E,CAAnB,GAAyGoI,QAAQ,CAACpI,OAAnI;IACA,MAAMxC,YAAY,GAAG4K,QAAQ,CAAClI,WAAT,GAAuB,KAAKiJ,iBAAL,CAAoDf,QAAQ,CAAClI,WAA7D,EAA0EuI,QAAQ,CAACvI,WAAnF,CAAvB,GAAyHkI,QAAQ,CAAClI,WAAvJ;IACA,MAAMnB,aAAa,GAAGqJ,QAAQ,CAACjI,YAAT,GAAwB,KAAKgJ,iBAAL,CAAqDf,QAAQ,CAACjI,YAA9D,EAA4EsI,QAAQ,CAACtI,YAArF,CAAxB,GAA6HiI,QAAQ,CAACjI,YAA5J;IACA,MAAMtD,QAAQ,GAAGuL,QAAQ,CAACnI,OAAT,GAAmB,KAAKkJ,iBAAL,CAAgDf,QAAQ,CAACnI,OAAzD,EAAkEwI,QAAQ,CAACxI,OAA3E,CAAnB,GAAyGmI,QAAQ,CAACnI,OAAnI;IACA,MAAMT,WAAW,GAAG4I,QAAQ,CAAChI,WAAT,GAAuB,KAAK+I,iBAAL,CAAoDf,QAAQ,CAAChI,WAA7D,EAA0EqI,QAAQ,CAACrI,WAAnF,CAAvB,GAAyHgI,QAAQ,CAAChI,WAAtJ;IAEA,OAAO,EACH,GAAGgI,QADA;MAEHpI,OAAO,EAAE/E,QAFN;MAGHiF,WAAW,EAAE1C,YAHV;MAIH2C,YAAY,EAAEpB,aAJX;MAKHkB,OAAO,EAAEpD,QALN;MAMHuD,WAAW,EAAEZ;KANjB;;;;;;;;;EAeI2J,iBAAiB,CAAIf,QAAJ,EAAiCK,QAAjC;IACrB,MAAMtB,UAAU,GAAG,EAAE,GAAGiB;KAAxB;IACAzU,MAAM,CAACwH,IAAP,CAAYiN,QAAZ,EAAsBpV,OAAtB,CAA+BoW,MAAD;MAC1B,IAAI,CAACX,QAAD,IAAa,CAAEA,QAAQ,CAACG,cAAT,CAAwBQ,MAAxB,CAAnB,EAAqD;QACjD,OAAOjC,UAAU,CAACiC,MAAD,CAAjB;;KAFR;IAKA,OAAOjC,UAAP;;;;;;;;EAOII,eAAe,CAAC8B,aAAD;IACnB,KAAK5H,MAAL,CAAYY,KAAZ,CAAkB,+CAAlB;IACA,OAAO;MACHrC,OAAO,EAAE,EACL,GAAGyG,sBAAsB,CAACzG,OADrB;QAEL,GAAGqJ,aAAa,CAACrJ;OAHlB;MAKHC,OAAO,EAAE,EACL,GAAGwG,sBAAsB,CAACxG,OADrB;QAEL,GAAGoJ,aAAa,CAACpJ;OAPlB;MASHC,WAAW,EAAE,EACT,GAAGuG,sBAAsB,CAACvG,WADjB;QAET,GAAGmJ,aAAa,CAACnJ;OAXlB;MAaHC,YAAY,EAAE,EACV,GAAGsG,sBAAsB,CAACtG,YADhB;QAEV,GAAGkJ,aAAa,CAAClJ;OAflB;MAiBHC,WAAW,EAAE,EACT,GAAGqG,sBAAsB,CAACrG,WADjB;QAET,GAAGiJ,aAAa,CAACjJ;;KAnBzB;;;;;ACxQR;AACA,AAAO,MAAMnE,IAAI,GAAG,kBAAb;AACP,MAAaqN,OAAO,GAAG,QAAhB;;ACFP;;;;AAKA,AAEA;;;;AAGA,AAAO,MAAMC,oBAAoB,GAAG;EAChCC,0BAA0B,EAAE;IACxBC,IAAI,EAAE,sCADkB;IAExBC,IAAI,EAAE;GAHsB;EAKhCC,uBAAuB,EAAE;IACrBF,IAAI,EAAE,4BADe;IAErBC,IAAI,EAAE;GAPsB;EAShCE,oBAAoB,EAAE;IAClBH,IAAI,EAAE,0BADY;IAElBC,IAAI,EAAE;GAXsB;EAahCG,sBAAsB,EAAE;IACpBJ,IAAI,EAAE,2BADc;IAEpBC,IAAI,EAAE;GAfsB;EAiBhCI,2BAA2B,EAAE;IACzBL,IAAI,EAAE,gCADmB;IAEzBC,IAAI,EAAE;GAnBsB;EAqBhCK,qBAAqB,EAAE;IACnBN,IAAI,EAAE,yBADa;IAEnBC,IAAI,EAAE;GAvBsB;EAyBhCM,kBAAkB,EAAE;IAChBP,IAAI,EAAE,iBADU;IAEhBC,IAAI,EAAE;;AA3BsB,CAA7B;AA+BP,MAAaO,sBAAsBC;EAC/BhR,YAAYiR,WAAmBC;IAC3B,MAAMD,SAAN,EAAiBC,YAAjB;IACA,KAAKnO,IAAL,GAAY,eAAZ;;;;;;;EAMwC,OAArCoO,qCAAqC;IACxC,OAAO,IAAIJ,aAAJ,CAAkBV,oBAAoB,CAACC,0BAArB,CAAgDC,IAAlE,KACAF,oBAAoB,CAACC,0BAArB,CAAgDE,MADhD,CAAP;;;;;;;EAOqC,OAAlCY,kCAAkC;IACrC,OAAO,IAAIL,aAAJ,CAAkBV,oBAAoB,CAACI,uBAArB,CAA6CF,IAA/D,KACAF,oBAAoB,CAACI,uBAArB,CAA6CD,MAD7C,CAAP;;;;;;;EAOkC,OAA/Ba,+BAA+B;IAClC,OAAO,IAAIN,aAAJ,CAAkBV,oBAAoB,CAACK,oBAArB,CAA0CH,IAA5D,KACAF,oBAAoB,CAACK,oBAArB,CAA0CF,MAD1C,CAAP;;;;;;;EAOoC,OAAjCc,iCAAiC;IACpC,OAAO,IAAIP,aAAJ,CAAkBV,oBAAoB,CAACM,sBAArB,CAA4CJ,IAA9D,KACAF,oBAAoB,CAACM,sBAArB,CAA4CH,MAD5C,CAAP;;;;;;;EAOyC,OAAtCe,sCAAsC;IACzC,OAAO,IAAIR,aAAJ,CAAkBV,oBAAoB,CAACO,2BAArB,CAAiDL,IAAnE,KACAF,oBAAoB,CAACO,2BAArB,CAAiDJ,MADjD,CAAP;;;;;;;EAOmC,OAAhCgB,gCAAgC;IACnC,OAAO,IAAIT,aAAJ,CAAkBV,oBAAoB,CAACQ,qBAArB,CAA2CN,IAA7D,KACAF,oBAAoB,CAACQ,qBAArB,CAA2CL,MAD3C,CAAP;;;;;;;EAO2B,OAAxBiB,wBAAwB;IAC3B,OAAO,IAAIV,aAAJ,CAAkBV,oBAAoB,CAACS,kBAArB,CAAwCP,IAA1D,EAAgEF,oBAAoB,CAACS,kBAArB,CAAwCN,IAAxG,CAAP;;;;;ACnGR;;;;AAKA,AA4CA;;;;;AAIA,MAAsBkB;;;;EA6BlB1R,YAAsB2R;IAClB,KAAKC,MAAL,GAAc1T,qBAAqB,CAACyT,aAAD,CAAnC;IACA,KAAKE,cAAL,GAAsB,IAAIhR,cAAJ,EAAtB;IACA,KAAK0H,MAAL,GAAc,IAAIuJ,MAAJ,CAAW,KAAKF,MAAL,CAAYvT,MAAZ,CAAmBT,aAA9B,EAA6CmF,IAA7C,EAAmDqN,OAAnD,CAAd;IACA,KAAK3C,OAAL,GAAe,IAAInF,WAAJ,CAAgB,KAAKC,MAArB,EAA6B,KAAKqJ,MAAL,CAAYzT,IAAZ,CAAiBtC,QAA9C,EAAwD,KAAKgW,cAA7D,CAAf;IACA,KAAKE,UAAL,GAAkB,IAAIvE,UAAJ,CACd,KAAKC,OADS,EAEd,KAAKlF,MAFS,EAGd,KAAKqJ,MAAL,CAAYxT,KAAZ,CAAkBsP,WAHJ,CAAlB;;;;;;;;;;;;;EAgBgB,MAAdsE,cAAc,CAACja,OAAD;IAChB,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,uBAAjB,EAA0Cla,OAAO,CAACma,aAAlD;IACA,MAAMC,YAAY,GAAkC,EAChD,GAAGpa,OAD6C;MAEhD,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV,CAFgD;MAGhDsa,YAAY,EAAEta,OAAO,CAACsa,YAAR,IAAwBC,YAAY,CAACC,KAHH;MAIhDC,oBAAoB,EAAEC,oBAAoB,CAACC;KAJ/C;IAOA,MAAMC,gBAAgB,GAAG,MAAM,KAAKC,6BAAL,CAC3BT,YAAY,CAACpW,SADc,EAE3BoW,YAAY,CAACD,aAFc,EAG3BW,SAH2B,EAI3BA,SAJ2B,EAK3B9a,OAAO,CAAC+E,iBALmB,CAA/B;IAOA,MAAMgW,uBAAuB,GAAG,IAAIC,uBAAJ,CAC5BJ,gBAD4B,CAAhC;IAGA,KAAKpK,MAAL,CAAY+E,OAAZ,CAAoB,0BAApB,EAAgD6E,YAAY,CAACD,aAA7D;IACA,OAAOY,uBAAuB,CAACd,cAAxB,CAAuCG,YAAvC,CAAP;;;;;;;;;;;;EAWoB,MAAlBa,kBAAkB,CAACjb,OAAD,EAAoCkb,eAApC;IACpB,KAAK1K,MAAL,CAAY0J,IAAZ,CAAiB,2BAAjB;;IACA,IAAIla,OAAO,CAACmb,KAAR,IAAiBD,eAArB,EAAqC;MACjC,KAAK1K,MAAL,CAAY0J,IAAZ,CAAiB,uCAAjB;MACA,KAAKkB,aAAL,CAAmBpb,OAAO,CAACmb,KAA3B,EAAkCD,eAAe,CAACC,KAAhB,IAAyB,EAA3D,EAFiC;;MAIjCD,eAAe,GAAE,EAAC,GAAGA,eAAJ;QAAqBC,KAAK,EAAE;OAA7C;;;IAEJ,MAAMf,YAAY,GAAmC,EACjD,GAAGpa,OAD8C;MAEjD,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV,CAFiD;MAGjDya,oBAAoB,EAAEC,oBAAoB,CAACC;KAH/C;IAMA,MAAMU,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAACme,kBAA5C,EAAgEb,YAAY,CAACD,aAA7E,CAA/B;;IACA,IAAI;MACA,MAAMS,gBAAgB,GAAG,MAAM,KAAKC,6BAAL,CAC3BT,YAAY,CAACpW,SADc,EAE3BoW,YAAY,CAACD,aAFc,EAG3BkB,sBAH2B,EAI3BP,SAJ2B,EAK3B9a,OAAO,CAAC+E,iBALmB,CAA/B;MAOA,MAAMgW,uBAAuB,GAAG,IAAIC,uBAAJ,CAC5BJ,gBAD4B,CAAhC;MAGA,KAAKpK,MAAL,CAAY+E,OAAZ,CAAoB,0BAApB,EAAgD6E,YAAY,CAACD,aAA7D;MACA,OAAOY,uBAAuB,CAACQ,YAAxB,CAAqCnB,YAArC,EAAmDc,eAAnD,CAAP;KAZJ,CAaE,OAAO1Y,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,SAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;;;;;EAWwB,MAA1BkZ,0BAA0B,CAAC1b,OAAD;IAC5B,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,mCAAjB,EAAsDla,OAAO,CAACma,aAA9D;IACA,MAAMC,YAAY,GAA8B,EAC5C,GAAGpa,OADyC;MAE5C,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV,CAF4C;MAG5Cya,oBAAoB,EAAEC,oBAAoB,CAACC;KAH/C;IAMA,MAAMU,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAAC4e,0BAA5C,EAAwEtB,YAAY,CAACD,aAArF,CAA/B;;IACA,IAAI;MACA,MAAMwB,wBAAwB,GAAG,MAAM,KAAKd,6BAAL,CACnCT,YAAY,CAACpW,SADsB,EAEnCoW,YAAY,CAACD,aAFsB,EAGnCkB,sBAHmC,EAInCP,SAJmC,EAKnC9a,OAAO,CAAC+E,iBAL2B,CAAvC;MAOA,MAAM6W,kBAAkB,GAAG,IAAIC,kBAAJ,CACvBF,wBADuB,CAA3B;MAGA,KAAKnL,MAAL,CAAY+E,OAAZ,CAAoB,8BAApB,EAAoD6E,YAAY,CAACD,aAAjE;MACA,OAAOyB,kBAAkB,CAACL,YAAnB,CAAgCnB,YAAhC,CAAP;KAZJ,CAaE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,SAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;;;;;;EAYgB,MAAlBsZ,kBAAkB,CAAC9b,OAAD;IACpB,MAAMoa,YAAY,GAA4B,EAC1C,GAAGpa,OADuC;MAE1C,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV,CAF0C;MAG1C+b,YAAY,EAAE/b,OAAO,CAAC+b,YAAR,IAAwB;KAH1C;IAMA,MAAMV,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAACgf,kBAA5C,EAAgE1B,YAAY,CAACD,aAA7E,EAA4FC,YAAY,CAAC2B,YAAzG,CAA/B;;IACA,IAAI;MACA,MAAMC,sBAAsB,GAAG,MAAM,KAAKnB,6BAAL,CACjCT,YAAY,CAACpW,SADoB,EAEjCoW,YAAY,CAACD,aAFoB,EAGjCkB,sBAHiC,EAIjCP,SAJiC,EAKjC9a,OAAO,CAAC+E,iBALyB,CAArC;MAOA,MAAMkX,gBAAgB,GAAG,IAAIC,gBAAJ,CACrBF,sBADqB,CAAzB;MAGA,KAAKxL,MAAL,CAAY+E,OAAZ,CAAoB,4BAApB,EAAkD6E,YAAY,CAACD,aAA/D;MACA,OAAO8B,gBAAgB,CAACV,YAAjB,CAA8BnB,YAA9B,CAAP;KAZJ,CAaE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,SAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;;;;;;;;EAc4B,MAA9B2Z,8BAA8B,CAACnc,OAAD;IAChC,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,uCAAjB,EAA0Dla,OAAO,CAACma,aAAlE;IACA,MAAMC,YAAY,GAAkC,EAChD,GAAGpa,OAD6C;MAEhD,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV;KAFJ;IAIA,MAAMqb,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAACqf,8BAA5C,EAA4E/B,YAAY,CAACD,aAAzF,CAA/B;;IACA,IAAI;MACA,MAAMiC,4BAA4B,GAAG,MAAM,KAAKvB,6BAAL,CACvCT,YAAY,CAACpW,SAD0B,EAEvCoW,YAAY,CAACD,aAF0B,EAGvCkB,sBAHuC,EAIvCP,SAJuC,EAKvC9a,OAAO,CAAC+E,iBAL+B,CAA3C;MAOA,MAAMsX,sBAAsB,GAAG,IAAIC,sBAAJ,CAA2BF,4BAA3B,CAA/B;MACA,KAAK5L,MAAL,CAAY+E,OAAZ,CAAoB,kCAApB,EAAwD6E,YAAY,CAACD,aAArE;MACA,OAAOkC,sBAAsB,CAACd,YAAvB,CAAoCnB,YAApC,CAAP;KAVJ,CAWE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,SAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;EAOR+Z,aAAa;IACT,KAAK/L,MAAL,CAAY0J,IAAZ,CAAiB,sBAAjB;IACA,OAAO,KAAKF,UAAZ;;;;;;;;;;;;;EAYMoB,aAAa,CAACD,KAAD,EAAgBqB,WAAhB;IACnB,IAAG,CAACrB,KAAJ,EAAW;MACP,MAAMnC,aAAa,CAACU,wBAAd,EAAN;;;IAGJ,IAAGyB,KAAK,KAAKqB,WAAb,EAA0B;MACtB,MAAMC,eAAe,CAACC,wBAAhB,EAAN;;;;;;;;EAORC,SAAS;IACL,OAAO,KAAKnM,MAAZ;;;;;;;;EAOJoM,SAAS,CAACpM,MAAD;IACL,KAAKA,MAAL,GAAcA,MAAd;;;;;;;;;EAQyC,MAA7BqK,6BAA6B,CACzC7W,SADyC,EAEzC6Y,oBAFyC,EAGzCxB,sBAHyC,EAIzCyB,wBAJyC,EAKzC/X,iBALyC;IAOzC,KAAKyL,MAAL,CAAY+E,OAAZ,CAAoB,sCAApB,EAA4DsH,oBAA5D;;IAGA,MAAME,qBAAqB,GAAGhY,iBAAiB,GAAGA,iBAAH,GAAuB,KAAK8U,MAAL,CAAYzT,IAAZ,CAAiBrB,iBAAvF;;IAGA,KAAKyL,MAAL,CAAY+E,OAAZ,4DAA+EvR,WAA/E,EAA4F6Y,oBAA5F;IACA,MAAMG,mBAAmB,GAAG,MAAM,KAAKC,eAAL,CAAqBjZ,SAArB,EAAgC8Y,wBAAhC,EAA0DD,oBAA1D,EAAgFE,qBAAhF,CAAlC;IAEA1B,sBAAsB,QAAtB,YAAAA,sBAAsB,CAAE6B,6BAAxB,CAAsDF,mBAAmB,CAACG,uBAA1E;IAEA,MAAMC,mBAAmB,GAAwB;MAC7CC,WAAW,EAAE;QACTvZ,QAAQ,EAAE,KAAK+V,MAAL,CAAYzT,IAAZ,CAAiBtC,QADlB;QAETE,SAAS,EAAEgZ,mBAFF;QAGTrY,kBAAkB,EAAE,KAAKkV,MAAL,CAAYzT,IAAZ,CAAiBzB;OAJI;MAM7C2Y,aAAa,EAAE;QACX/e,QAAQ,EAAE,KAAKsb,MAAL,CAAYvT,MAAZ,CAAmB/H;OAPY;MAS7CsH,aAAa,EAAE;QACXJ,QAAQ,EAAE,KAAKoU,MAAL,CAAYvT,MAAZ,CAAmBT,aAAnB,CAAiCJ,QADhC;QAEXF,cAAc,EAAE,KAAKsU,MAAL,CAAYvT,MAAZ,CAAmBT,aAAnB,CACXN,cAHM;QAIXC,iBAAiB,EAAE,KAAKqU,MAAL,CAAYvT,MAAZ,CAAmBT,aAAnB,CACdL,iBALM;QAMX2U,aAAa,EAAE0C;OAf0B;MAiB7CU,eAAe,EAAE,KAAKzD,cAjBuB;MAkB7C0D,gBAAgB,EAAE,KAAK3D,MAAL,CAAYvT,MAAZ,CAAmBR,aAlBQ;MAmB7C2X,gBAAgB,EAAE,KAAK/H,OAnBsB;MAoB7C2F,sBAAsB,EAAEA,sBApBqB;MAqB7CqC,iBAAiB,EAAE;QACfxZ,YAAY,EAAE,KAAKA,YADJ;QAEfC,eAAe,EAAE,KAAKA,eAAL,GAAuB,KAAKwZ,kBAAL,CAAwBX,mBAAxB,CAAvB,GAAsElC;OAvB9C;MAyB7C8C,WAAW,EAAE;QACTC,GAAG,EAAEC,SAAa,CAACrhB,QADV;QAET4b,OAAO,EAAEA,OAFA;QAGT0F,GAAG,EAAEC,OAAO,CAACC,IAAR,IAAgBzhB,WAAS,CAACuH,YAHtB;QAITma,EAAE,EAAEF,OAAO,CAACG,QAAR,IAAoB3hB,WAAS,CAACuH;OA7BO;MA+B7CwC,SAAS,EAAE,KAAKsT,MAAL,CAAYtT,SA/BsB;MAgC7C6X,iBAAiB,EAAE,KAAKvE,MAAL,CAAYxT,KAAZ,CAAkBsP,WAhCQ;MAiC7C0I,iBAAiB,EAAE,KAAKrE;KAjC5B;IAoCA,OAAOoD,mBAAP;;;EAGIO,kBAAkB,CAAC3Z,SAAD;IACtB,OAAO;MACHsa,SAAS,EAAE,KAAKna,eAAL,CAAqBoa,MAArB,CAA4B,KAAKzE,cAAjC,EAAiD,KAAKD,MAAL,CAAYzT,IAAZ,CAAiBtC,QAAlE,EAA4EE,SAAS,CAACwa,aAAtF,CADR;MAEHC,aAAa,EAAEX,SAAa,CAACphB;KAFjC;;;;;;;;EAUiC,MAArB2d,qBAAqB,CAACqE,WAAD;IACjC,KAAKlO,MAAL,CAAY+E,OAAZ,CAAoB,gCAApB,EAAsDmJ,WAAW,CAACvE,aAAlE;;IAEA,IAAIuE,WAAW,CAACjE,oBAAZ,IAAoCiE,WAAW,CAACjE,oBAAZ,KAAqCC,oBAAoB,CAACiE,GAAlG,EAAuG;MACnG,KAAKnO,MAAL,CAAY+E,OAAZ,CAAoB,yGAApB,EAA+HmJ,WAAW,CAACvE,aAA3I;;;IAGJuE,WAAW,CAACjE,oBAAZ,GAAmCC,oBAAoB,CAACC,MAAxD;;IAGA,IAAI+D,WAAW,CAACE,MAAZ,IAAsB,CAAC/U,WAAW,CAACC,OAAZ,CAAoB4U,WAAW,CAACE,MAAhC,CAA3B,EAAoE;MAChEF,WAAW,CAACjR,mBAAZ,GAAkC,MAAM,KAAKqM,cAAL,CAAoBvQ,UAApB,CAA+BmV,WAAW,CAACE,MAA3C,CAAxC;;;IAGJ,OAAO,EACH,GAAGF,WADA;MAEHG,MAAM,EAAE,CAAC,IAAKH,WAAW,IAAIA,WAAW,CAACG,MAA5B,IAAuC,EAA3C,CAAD,EAAiD,GAAGC,mBAApD,CAFL;MAGH3E,aAAa,EAAEuE,WAAW,IAAIA,WAAW,CAACvE,aAA3B,IAA4C,KAAKL,cAAL,CAAoB7Q,aAApB,EAHxD;MAIHjF,SAAS,EAAE0a,WAAW,CAAC1a,SAAZ,IAAyB,KAAK6V,MAAL,CAAYzT,IAAZ,CAAiBpC;KAJzD;;;;;;;;;;EAcMsX,gCAAgC,CAACyD,KAAD,EAAgB5E,aAAhB,EAAuC4B,YAAvC;IACtC,MAAMiD,gBAAgB,GAA2B;MAC7Clb,QAAQ,EAAE,KAAK+V,MAAL,CAAYzT,IAAZ,CAAiBtC,QADkB;MAE7CqW,aAAa,EAAEA,aAF8B;MAG7C4E,KAAK,EAAEA,KAHsC;MAI7ChD,YAAY,EAAEA,YAAY,IAAI;KAJlC;IAOA,OAAO,IAAIkD,sBAAJ,CAA2BD,gBAA3B,EAA6C,KAAKtJ,OAAlD,CAAP;;;;;;;;;EAQyB,MAAfuH,eAAe,CAACiC,eAAD,EAA0BpC,wBAA1B,EAA+ED,oBAA/E,EAA8G9X,iBAA9G;IACzB,KAAKyL,MAAL,CAAY+E,OAAZ,CAAoB,wBAApB,EAA8CsH,oBAA9C;;IAGA,MAAMsC,YAAY,GAAGC,SAAS,CAACC,iBAAV,CAA4BH,eAA5B,EAA6Cna,iBAA7C,CAArB;IAEA,MAAMua,gBAAgB,GAAqB;MACvC1a,YAAY,EAAE,KAAKiV,MAAL,CAAYzT,IAAZ,CAAiBxB,YADQ;MAEvCJ,gBAAgB,EAAE,KAAKqV,MAAL,CAAYzT,IAAZ,CAAiB5B,gBAFI;MAGvCC,sBAAsB,EAAE,KAAKoV,MAAL,CAAYzT,IAAZ,CAAiB3B,sBAHF;MAIvCC,iBAAiB,EAAE,KAAKmV,MAAL,CAAYzT,IAAZ,CAAiB1B,iBAJG;MAKvCoY,wBALuC;MAMvC1X,0BAA0B,EAAE,KAAKyU,MAAL,CAAYzT,IAAZ,CAAiBhB;KANjD;IASA,OAAO,MAAMma,gBAAgB,CAACC,wBAAjB,CAA0CL,YAA1C,EAAwD,KAAKtF,MAAL,CAAYvT,MAAZ,CAAmBR,aAA3E,EAA0F,KAAK4P,OAA/F,EAAwG4J,gBAAxG,EAA0H,KAAK9O,MAA/H,EAAuI,KAAKqJ,MAAL,CAAYvT,MAAZ,CAAmB/H,QAA1J,CAAb;;;;;;;EAMJkhB,UAAU;IACN,KAAK/J,OAAL,CAAaZ,KAAb;;;;;ACjdR;;;;AAKA,MAKa4K;;;;;;;EASc,MAAjBC,iBAAiB,CAACC,eAAD,EAA2BC,aAA3B;IACnB,IAAI,CAAC,CAAC,KAAKC,MAAX,EAAmB;MACf,MAAM9G,aAAa,CAACQ,sCAAd,EAAN;;;IAGJ,MAAMuG,gBAAgB,GAAG,IAAIlgB,OAAJ,CAA6C,CAACC,OAAD,EAAUC,MAAV;MAClE,KAAK+f,MAAL,GAAcE,YAAY,CAAC,OAAOC,GAAP,EAA6BC,GAA7B;QACvB,MAAM7hB,GAAG,GAAG4hB,GAAG,CAAC5hB,GAAhB;;QACA,IAAI,CAACA,GAAL,EAAU;UACN6hB,GAAG,CAAC7f,GAAJ,CAAQwf,aAAa,IAAI,oCAAzB;UACA9f,MAAM,CAACiZ,aAAa,CAACK,kCAAd,EAAD,CAAN;UACA;SAHJ,MAIO,IAAIhb,GAAG,KAAK8hB,WAAe,CAACC,aAA5B,EAA2C;UAC9CF,GAAG,CAAC7f,GAAJ,CAAQuf,eAAe,IAAI,qEAA3B;UACA;;;QAGJ,MAAMS,gBAAgB,GAAGC,SAAS,CAACC,0BAAV,CAAqCliB,GAArC,CAAzB;;QACA,IAAIgiB,gBAAgB,CAAC7H,IAArB,EAA2B;UACvB,MAAMgI,WAAW,GAAG,MAAM,KAAKC,cAAL,EAA1B;UACAP,GAAG,CAACQ,SAAJ,CAAc1kB,UAAU,CAAC2kB,QAAzB,EAAmC;YAAEC,QAAQ,EAAEJ;WAA/C,EAFuB;;UAGvBN,GAAG,CAAC7f,GAAJ;;;QAEJP,OAAO,CAACugB,gBAAD,CAAP;OAjBsB,CAA1B;MAmBA,KAAKP,MAAL,CAAYe,MAAZ,CAAmB,CAAnB;KApBqB,CAAzB;;IAwBA,MAAM,IAAIhhB,OAAJ,CAAmBC,OAAD;MACpB,IAAIghB,KAAK,GAAG,CAAZ;MACA,MAAMC,EAAE,GAAGC,WAAW,CAAC;QACnB,IAAKtjB,yBAAyB,CAACE,UAA1B,GAAuCF,yBAAyB,CAACC,WAAlE,GAAiFmjB,KAArF,EAA4F;UACxF,MAAM9H,aAAa,CAACS,gCAAd,EAAN;;;QAGJ,IAAI,KAAKqG,MAAL,CAAYmB,SAAhB,EAA2B;UACvBC,aAAa,CAACH,EAAD,CAAb;UACAjhB,OAAO;;;QAEXghB,KAAK;OATa,EAUnBpjB,yBAAyB,CAACC,WAVP,CAAtB;KAFE,CAAN;IAeA,OAAOoiB,gBAAP;;;;;;;;EAOJU,cAAc;IACV,IAAI,CAAC,KAAKX,MAAV,EAAkB;MACd,MAAM9G,aAAa,CAACO,iCAAd,EAAN;;;IAGJ,MAAM4H,OAAO,GAAG,KAAKrB,MAAL,CAAYqB,OAAZ,EAAhB;;IACA,IAAI,CAACA,OAAD,IAAY,OAAOA,OAAP,KAAmB,QAA/B,IAA2C,CAACA,OAAO,CAAC9hB,IAAxD,EAA8D;MAC1D,KAAK+hB,WAAL;MACA,MAAMpI,aAAa,CAACI,qCAAd,EAAN;;;IAGJ,MAAM/Z,IAAI,GAAG8hB,OAAO,IAAIA,OAAO,CAAC9hB,IAAhC;IAEA,UAAU7C,SAAS,CAACI,gBAAgBJ,SAAS,CAACK,aAAawC,MAA3D;;;;;;;EAMJ+hB,WAAW;IACP,IAAI,CAAC,CAAC,KAAKtB,MAAX,EAAmB;MACf,KAAKA,MAAL,CAAYuB,KAAZ;;;;;;AC3FZ;;;;AAKA,AAsBA;;;;;;AAKA,MAAaC,gCAAgC3H;;;;;;;;;;;;;;;;;;EAkBzC1R,YAAY2R;IACR,MAAMA,aAAN;;;;;;;;;;;;;EAYiC,MAAxB2H,wBAAwB,CAACvhB,OAAD;IACjC,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,iCAAjB,EAAoDla,OAAO,CAACma,aAA5D;IACA,MAAMC,YAAY,GAA4B1X,MAAM,CAAC8e,MAAP,CAAcxhB,OAAd,EAAwB,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAA9B,CAA9C;IACA,MAAMqb,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAACykB,wBAA5C,EAAsEnH,YAAY,CAACD,aAAnF,CAA/B;;IACA,IAAI;MACA,MAAMsH,gBAAgB,GAAG,MAAM,KAAK5G,6BAAL,CAC3BT,YAAY,CAACpW,SADc,EAE3BoW,YAAY,CAACD,aAFc,EAG3BkB,sBAH2B,EAI3BP,SAJ2B,EAK3B9a,OAAO,CAAC+E,iBALmB,CAA/B;MAOA,MAAM2c,gBAAgB,GAAG,IAAIC,gBAAJ,CAAqBF,gBAArB,CAAzB;MACA,KAAKjR,MAAL,CAAY+E,OAAZ,CAAoB,4BAApB,EAAkD6E,YAAY,CAACD,aAA/D;MACA,OAAOuH,gBAAgB,CAACnG,YAAjB,CAA8BnB,YAA9B,CAAP;KAVJ,CAWE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,SAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;EAOqB,MAAvBof,uBAAuB,CAAC5hB,OAAD;IACzB,MAAM;MAAEoI,QAAF;MAAYE;QAAc,MAAM,KAAKwR,cAAL,CAAoB3R,iBAApB,EAAtC;IACA,MAAM;MAAE0Z,WAAF;MAAejC,eAAf;MAAgCC,aAAhC;MAA+C,GAAGiC;QAAwB9hB,OAAhF;IAEA,MAAM+hB,cAAc,GAAG,IAAIrC,cAAJ,EAAvB;IACA,MAAMK,gBAAgB,GAAGgC,cAAc,CAACpC,iBAAf,CAAiCC,eAAjC,EAAkDC,aAAlD,CAAzB;IACA,MAAMW,WAAW,GAAGuB,cAAc,CAACtB,cAAf,EAApB;IAEA,MAAMrG,YAAY,GAA4B,EAC1C,GAAG0H,mBADuC;MAE1CjD,MAAM,EAAE7e,OAAO,CAAC6e,MAAR,IAAkBC,mBAFgB;MAG1C0B,WAAW,EAAEA,WAH6B;MAI1ClG,YAAY,EAAEC,YAAY,CAACC,KAJe;MAK1CwH,aAAa,EAAE1Z,SAL2B;MAM1C2Z,mBAAmB,EAAEC,yBAAyB,CAACC;KANnD;IASA,MAAMC,WAAW,GAAG,MAAM,KAAKnI,cAAL,CAAoBG,YAApB,CAA1B;IACA,MAAMyH,WAAW,CAACO,WAAD,CAAjB;IACA,MAAM/B,gBAAgB,GAAG,MAAMN,gBAAgB,CAACsC,OAAjB,CAAyB;MACpDN,cAAc,CAACX,WAAf;KAD2B,CAA/B;;IAIA,IAAIf,gBAAgB,CAACjd,KAArB,EAA4B;MACxB,MAAM,IAAIkf,WAAJ,CAAgBjC,gBAAgB,CAACjd,KAAjC,EAAwCid,gBAAgB,CAAC1c,iBAAzD,EAA4E0c,gBAAgB,CAACkC,QAA7F,CAAN;KADJ,MAEO,IAAI,CAAClC,gBAAgB,CAAC7H,IAAtB,EAA4B;MAC/B,MAAMQ,aAAa,CAACM,+BAAd,EAAN;;;IAGJ,MAAMrO,UAAU,GAAGoV,gBAAgB,CAACnV,WAApC;IACA,MAAMsX,YAAY,GAA6B;MAC3ChK,IAAI,EAAE6H,gBAAgB,CAAC7H,IADoB;MAE3C3P,YAAY,EAAET,QAF6B;MAG3C6C,UAAU,EAAEA,UAAU,IAAIkV,WAAe,CAACpc,YAHC;MAI3C,GAAGqW;KAJP;IAMA,OAAO,KAAKa,kBAAL,CAAwBuH,YAAxB,CAAP;;;;;AC9HR;;;;AAKA,AAMA;;;;;AAIA,MAAaC;;;;;EAckB,OAAbC,aAAa,CAACpE,SAAD;IACvB,MAAMna,eAAe,GAAG,IAAIse,eAAJ,EAAxB;IACAte,eAAe,CAACwe,GAAhB,GAAsBrE,SAAtB;IACA,OAAOna,eAAP;;;;;;;;;;EASyB,OAAfye,eAAe,CAACve,UAAD,EAAqBC,UAArB,EAAyCue,iBAAzC;IACzB,MAAM1e,eAAe,GAAG,IAAIse,eAAJ,EAAxB;IACAte,eAAe,CAACG,UAAhB,GAA6BA,UAA7B;IACAH,eAAe,CAACE,UAAhB,GAA6BA,UAA7B;;IACA,IAAIwe,iBAAJ,EAAuB;MACnB1e,eAAe,CAAC0e,iBAAhB,GAAoC,KAAKC,gBAAL,CAAsBD,iBAAtB,CAApC;;;IAEJ,OAAO1e,eAAP;;;;;;;;;;EASGoa,MAAM,CAACzE,cAAD,EAAiCiJ,MAAjC,EAAiDC,WAAjD;;IAET,IAAI,KAAK1e,UAAL,IAAmB,KAAKD,UAA5B,EAAwC;MAEpC,IAAI,KAAKse,GAAL,IAAY,CAAC,KAAKM,SAAL,EAAb,IAAiCF,MAAM,KAAK,KAAKA,MAAjD,IAA2DC,WAAW,KAAK,KAAKA,WAApF,EAAiG;QAC7F,OAAO,KAAKL,GAAZ;;;MAGJ,OAAO,KAAKO,SAAL,CAAepJ,cAAf,EAA+BiJ,MAA/B,EAAuCC,WAAvC,CAAP;;;;;;;;IAOJ,IAAI,KAAKL,GAAT,EAAc;MACV,OAAO,KAAKA,GAAZ;;;IAGJ,MAAMlG,eAAe,CAAC0G,2BAAhB,EAAN;;;;;;;EAMID,SAAS,CAACpJ,cAAD,EAAiCiJ,MAAjC,EAAiDC,WAAjD;IAEb,KAAKD,MAAL,GAAcA,MAAd;IACA,KAAKC,WAAL,GAAmBA,WAAnB;IACA,MAAMI,QAAQ,GAAGC,SAAS,CAACC,UAAV,EAAjB;IACA,KAAKC,cAAL,GAAsBH,QAAQ,GAAG,GAAjC;IAEA,MAAMphB,MAAM,GAAc;MACtBwhB,GAAG,EAAEzmB,YAAY,CAACE,OADI;MAEtBwmB,GAAG,EAAE1c,aAAa,CAACK,eAAd,CAA8B,KAAK/C,UAAnC,EAA+C,KAA/C;KAFT;;IAKA,IAAI,KAAKwe,iBAAT,EAA4B;MACxBngB,MAAM,CAAC8e,MAAP,CAAcxf,MAAd,EAAsB;QAClBuC,GAAG,EAAE,KAAKse;OADd;;;IAKJ,MAAMa,OAAO,GAAG;MACZ,CAAC3mB,YAAY,CAACK,QAAd,GAAyB,KAAK4lB,WADlB;MAEZ,CAACjmB,YAAY,CAACM,eAAd,GAAgC,KAAKkmB,cAFzB;MAGZ,CAACxmB,YAAY,CAACO,MAAd,GAAuB,KAAKylB,MAHhB;MAIZ,CAAChmB,YAAY,CAACQ,OAAd,GAAwB,KAAKwlB,MAJjB;MAKZ,CAAChmB,YAAY,CAACS,UAAd,GAA2B4lB,QALf;MAMZ,CAACrmB,YAAY,CAACU,MAAd,GAAuBqc,cAAc,CAAC7Q,aAAf;KAN3B;IASA,KAAK0Z,GAAL,GAAWgB,IAAI,CAACD,OAAD,EAAU,KAAKpf,UAAf,EAA2B;MAAEtC;KAA7B,CAAf;IACA,OAAO,KAAK2gB,GAAZ;;;;;;;EAMIM,SAAS;IACb,OAAO,KAAKM,cAAL,GAAsBF,SAAS,CAACC,UAAV,EAA7B;;;;;;;;EAO0B,OAAhBR,gBAAgB,CAACD,iBAAD;;;;;;;;IAQ1B,MAAMe,gBAAgB,GAAG,uEAAzB;IACA,MAAMC,KAAK,GAAa,EAAxB;IAEA,IAAIC,OAAJ;;IACA,OAAO,CAACA,OAAO,GAAGF,gBAAgB,CAACG,IAAjB,CAAsBlB,iBAAtB,CAAX,MAAyD,IAAhE,EAAsE;;MAElEgB,KAAK,CAAC5iB,IAAN,CAAW6iB,OAAO,CAAC,CAAD,CAAP,CAAWzc,OAAX,CAAmB,QAAnB,EAA6B7K,WAAS,CAACuH,YAAvC,CAAX;;;IAGJ,OAAO8f,KAAP;;;;;AC7IR;;;;AAKA,AAsBA;;;;;;AAKA,MAAaG,sCAAsCrK;;;;;;;;;;;;;;;;;;;;EAsB/C1R,YAAY2R;IACR,MAAMA,aAAN;IACA,KAAKqK,mBAAL,CAAyB,KAAKpK,MAA9B;IACA,KAAKqK,gBAAL,GAAwBpJ,SAAxB;;;;;;;;;;EASJqJ,mBAAmB,CAACC,QAAD;IACf,KAAKF,gBAAL,GAAwBE,QAAxB;;;;;;;EAMuC,MAA9BC,8BAA8B,CAACrkB,OAAD;IACvC,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,uCAAjB,EAA0Dla,OAAO,CAACma,aAAlE;;IAGA,IAAIhW,eAAJ;;IACA,IAAInE,OAAO,CAACmE,eAAZ,EAA6B;MACzBA,eAAe,GAAG;QACdma,SAAS,EAAEte,OAAO,CAACmE,eADL;QAEdsa,aAAa,EAAEX,SAAa,CAACphB;OAFjC;;;IAMJ,MAAM4nB,WAAW,GAAG,MAAM,KAAKjK,qBAAL,CAA2Bra,OAA3B,CAA1B;;IAGA,MAAMukB,gBAAgB,GAAG,EACrB,GAAGD,WADkB;MAErBzF,MAAM,EAAEyF,WAAW,CAACzF,MAAZ,CAAmB7K,MAAnB,CAA2BwQ,KAAD,IAAmB,CAAC1F,mBAAmB,CAACjK,QAApB,CAA6B2P,KAA7B,CAA9C;KAFZ;IAKA,MAAMpK,YAAY,GAAkC,EAChD,GAAGpa,OAD6C;MAEhD,GAAGukB,gBAF6C;MAGhDpgB;KAHJ;IAMA,MAAM2Y,wBAAwB,GAA6B;MACvD2H,WAAW,EAAErK,YAAY,CAACqK,WAD6B;MAEvDC,iBAAiB,EAAE1G,OAAO,CAAC2G,GAAR,CAAYzoB,2BAAZ;KAFvB;IAKA,MAAMmf,sBAAsB,GAAG,KAAKC,gCAAL,CAAsCxe,KAAK,CAACunB,8BAA5C,EAA4EjK,YAAY,CAACD,aAAzF,EAAwGC,YAAY,CAACwK,SAArH,CAA/B;;IACA,IAAI;MACA,MAAMC,sBAAsB,GAAG,MAAM,KAAKhK,6BAAL,CACjCT,YAAY,CAACpW,SADoB,EAEjCoW,YAAY,CAACD,aAFoB,EAGjCkB,sBAHiC,EAIjCyB,wBAJiC,EAKjC9c,OAAO,CAAC+E,iBALyB,CAArC;MAOA,MAAM+f,sBAAsB,GAAG,IAAIC,sBAAJ,CAA2BF,sBAA3B,EAAmD,KAAKX,gBAAxD,CAA/B;MACA,KAAK1T,MAAL,CAAY+E,OAAZ,CAAoB,kCAApB,EAAwD6E,YAAY,CAACD,aAArE;MACA,OAAO2K,sBAAsB,CAACvJ,YAAvB,CAAoCnB,YAApC,CAAP;KAVJ,CAWE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,SAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJkB,sBAAsB,CAACI,kBAAvB,CAA0CjZ,CAA1C;MACA,MAAMA,CAAN;;;;;;;;;;;;;;;;EAe2B,MAAtBwiB,sBAAsB,CAAChlB,OAAD;IAC/B,KAAKwQ,MAAL,CAAY0J,IAAZ,CAAiB,+BAAjB,EAAkDla,OAAO,CAACma,aAA1D;IACA,MAAMC,YAAY,GAA4B,EAC1C,GAAGpa,OADuC;MAE1C,IAAI,MAAM,KAAKqa,qBAAL,CAA2Bra,OAA3B,CAAV;KAFJ;;IAIA,IAAI;MACA,MAAMilB,gBAAgB,GAAG,MAAM,KAAKpK,6BAAL,CAC3BT,YAAY,CAACpW,SADc,EAE3BoW,YAAY,CAACD,aAFc,EAG3BW,SAH2B,EAI3BA,SAJ2B,EAK3B9a,OAAO,CAAC+E,iBALmB,CAA/B;MAOA,MAAMmgB,SAAS,GAAG,IAAIC,gBAAJ,CAAqBF,gBAArB,CAAlB;MACA,KAAKzU,MAAL,CAAY+E,OAAZ,CAAoB,6BAApB,EAAmD6E,YAAY,CAACD,aAAhE;MACA,OAAO+K,SAAS,CAAC3J,YAAV,CAAuBnB,YAAvB,CAAP;KAVJ,CAWE,OAAO5X,CAAP,EAAU;MACR,IAAIA,CAAC,YAAYyW,SAAjB,EAA4B;QACxBzW,CAAC,CAACgZ,gBAAF,CAAmBpB,YAAY,CAACD,aAAhC;;;MAEJ,MAAM3X,CAAN;;;;EAIAyhB,mBAAmB,CAACrK,aAAD;IACvB,MAAMwL,oBAAoB,GAAG,CAACvb,WAAW,CAACC,OAAZ,CAAoB8P,aAAa,CAACxT,IAAd,CAAmBlC,YAAvC,CAA9B;IACA,MAAMmhB,uBAAuB,GAAG,CAACxb,WAAW,CAACC,OAAZ,CAAoB8P,aAAa,CAACxT,IAAd,CAAmBjC,eAAvC,CAAjC;IACA,MAAMmhB,WAAW,GAAG1L,aAAa,CAACxT,IAAd,CAAmBhC,iBAAnB,IAAwC;MACxDC,UAAU,EAAE7H,WAAS,CAACuH,YADkC;MAExDO,UAAU,EAAE9H,WAAS,CAACuH;KAF1B;IAIA,MAAMwhB,mBAAmB,GAAG,CAAC1b,WAAW,CAACC,OAAZ,CAAoBwb,WAAW,CAACjhB,UAAhC,CAAD,IAAgD,CAACwF,WAAW,CAACC,OAAZ,CAAoBwb,WAAW,CAAChhB,UAAhC,CAA7E;;;;;;IAMA,IAAI,KAAK4f,gBAAT,EAA2B;MACvB;;;;IAIJ,IACIkB,oBAAoB,IAAIC,uBAAxB,IACAA,uBAAuB,IAAIE,mBAD3B,IAEAH,oBAAoB,IAAIG,mBAH5B,EAGiD;MAC7C,MAAM9I,eAAe,CAAC+I,4BAAhB,EAAN;;;IAGJ,IAAI5L,aAAa,CAACxT,IAAd,CAAmBlC,YAAvB,EAAqC;MACjC,KAAKA,YAAL,GAAoB0V,aAAa,CAACxT,IAAd,CAAmBlC,YAAvC;MACA;;;IAGJ,IAAI0V,aAAa,CAACxT,IAAd,CAAmBjC,eAAvB,EAAwC;MACpC,KAAKA,eAAL,GAAuBse,eAAe,CAACC,aAAhB,CAA8B9I,aAAa,CAACxT,IAAd,CAAmBjC,eAAjD,CAAvB;MACA;;;IAGJ,IAAI,CAACohB,mBAAL,EAA0B;MACtB,MAAM9I,eAAe,CAAC+I,4BAAhB,EAAN;KADJ,MAEO;MAAA;;MACH,KAAKrhB,eAAL,GAAuBse,eAAe,CAACG,eAAhB,CAAgC0C,WAAW,CAACjhB,UAA5C,EAAwDihB,WAAW,CAAChhB,UAApE,2BAAgFsV,aAAa,CAACxT,IAAd,CAAmBhC,iBAAnG,qBAAgF,sBAAsCG,GAAtH,CAAvB;;;;;;ACvMZ;;;;AAKA,MAKakhB;EAITxd,YAAYyd,QAAsBC;IAC9B,KAAKD,MAAL,GAAcA,MAAd;IACA,KAAKC,gBAAL,GAAwBA,gBAAxB;;;EAG0B,MAAjBhP,iBAAiB,CAACF,YAAD;IAC1B,MAAMmP,YAAY,GAAG,MAAM,KAAKD,gBAAL,CAAsBE,MAAtB,EAA3B;IACA,MAAMC,SAAS,GAAG,MAAM,KAAKJ,MAAL,CAAYK,GAAZ,CAAgBH,YAAhB,CAAxB;IACAnP,YAAY,CAACuD,UAAb,CAAwB3D,WAAxB,CAAoCyP,SAApC;;;EAGyB,MAAhBlP,gBAAgB,CAACH,YAAD;IACzB,IAAIA,YAAY,CAACb,eAAjB,EAAkC;MAC9B,MAAMoQ,OAAO,GAAIvP,YAAY,CAACuD,UAAb,CAAuCzD,UAAvC,EAAjB;MACA,MAAM0P,eAAe,GAAGvjB,MAAM,CAACwjB,MAAP,CAAcF,OAAd,EAAuBhS,MAAvB,CAA8BtC,KAAK,IAAIlG,aAAa,CAACqG,eAAd,CAA8BH,KAA9B,CAAvC,CAAxB;;MAEA,IAAIuU,eAAe,CAACxmB,MAAhB,GAAyB,CAA7B,EAAgC;QAC5B,MAAM+P,aAAa,GAAGyW,eAAe,CAAC,CAAD,CAArC;QACA,MAAML,YAAY,GAAG,MAAM,KAAKD,gBAAL,CAAsBQ,UAAtB,CAAiC3W,aAAjC,CAA3B;QAEA,MAAM,KAAKkW,MAAL,CAAYjjB,GAAZ,CAAgBmjB,YAAhB,EAA8BnP,YAAY,CAACuD,UAAb,CAAwB/D,SAAxB,EAA9B,CAAN;;;;;;;;;"}
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/network/HttpClient.d.ts 0 → 100644
View file @ 3a84cbd5
import { INetworkModule, NetworkRequestOptions, NetworkResponse } from "@azure/msal-common";
/**
* This class implements the API for network requests.
*/
export declare class HttpClient implements INetworkModule {
/**
* Http Get request
* @param url
* @param options
*/
sendGetRequestAsync<T>(url: string, options?: NetworkRequestOptions): Promise<NetworkResponse<T>>;
/**
* Http Post request
* @param url
* @param options
*/
sendPostRequestAsync<T>(url: string, options?: NetworkRequestOptions, cancellationToken?: number): Promise<NetworkResponse<T>>;
}
//# sourceMappingURL=HttpClient.d.ts.map
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/network/HttpClient.d.ts.map 0 → 100644
View file @ 3a84cbd5
{"version":3,"file":"HttpClient.d.ts","sourceRoot":"","sources":["../src/network/HttpClient.ts"],"names":[],"mappings":"AAKA,OAAO,EACH,cAAc,EACd,qBAAqB,EACrB,eAAe,EAClB,MAAM,oBAAoB,CAAC;AAM5B;;GAEG;AACH,qBAAa,UAAW,YAAW,cAAc;IAE7C;;;;OAIG;IACG,mBAAmB,CAAC,CAAC,EACvB,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,GAChC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;IAQ9B;;;;OAIG;IACG,oBAAoB,CAAC,CAAC,EACxB,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,qBAAqB,EAC/B,iBAAiB,CAAC,EAAE,MAAM,GAC3B,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;CAOjC"}
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/network/LoopbackClient.d.ts 0 → 100644
View file @ 3a84cbd5
import { ServerAuthorizationCodeResponse } from "@azure/msal-common";
export declare class LoopbackClient {
private server;
/**
* Spins up a loopback server which returns the server response when the localhost redirectUri is hit
* @param successTemplate
* @param errorTemplate
* @returns
*/
listenForAuthCode(successTemplate?: string, errorTemplate?: string): Promise<ServerAuthorizationCodeResponse>;
/**
* Get the port that the loopback server is running on
* @returns
*/
getRedirectUri(): string;
/**
* Close the loopback server
*/
closeServer(): void;
}
//# sourceMappingURL=LoopbackClient.d.ts.map
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/network/LoopbackClient.d.ts.map 0 → 100644
View file @ 3a84cbd5
{"version":3,"file":"LoopbackClient.d.ts","sourceRoot":"","sources":["../src/network/LoopbackClient.ts"],"names":[],"mappings":"AAKA,OAAO,EAAgC,+BAA+B,EAAa,MAAM,oBAAoB,CAAC;AAK9G,qBAAa,cAAc;IACvB,OAAO,CAAC,MAAM,CAAS;IAEvB;;;;;OAKG;IACG,iBAAiB,CAAC,eAAe,CAAC,EAAE,MAAM,EAAE,aAAa,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,+BAA+B,CAAC;IA+CnH;;;OAGG;IACH,cAAc,IAAI,MAAM;IAgBxB;;OAEG;IACH,WAAW,IAAI,IAAI;CAKtB"}
\ No newline at end of file
javascript/node_modules/.staging/@azure/msal-node-74053576/dist/packageMetadata.d.ts 0 → 100644
View file @ 3a84cbd5
export declare const name = "@azure/msal-node";
export declare const version = "1.14.5";
//# sourceMappingURL=packageMetadata.d.ts.map
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment