UNPKG

@duosecurity/duo_universal

Version:

Node.js implementation of the Duo Universal SDK.

github.com/duosecurity/duo_universal_nodejs

duosecurity/duo_universal_nodejs

1 lines 49.1 kB
1
{"version":3,"sources":["../src/client.ts","../src/constants.ts","../package.json","../src/duo-exception.ts","../src/util.ts"],"sourcesContent":["// SPDX-FileCopyrightText: 2021 Lukas Hroch\n// SPDX-FileCopyrightText: 2022 Cisco Systems, Inc. and/or its affiliates\n//\n// SPDX-License-Identifier: MIT\n\nimport axios, { AxiosInstance } from 'axios';\nimport https from 'https';\nimport { SignJWT, jwtVerify } from 'jose';\nimport * as constants from './constants';\nimport { DuoException } from './duo-exception';\nimport {\n AuthorizationRequest,\n AuthorizationRequestPayload,\n HealthCheckRequest,\n HealthCheckResponse,\n TokenRequest,\n TokenResponse,\n TokenResponsePayload,\n} from './http';\nimport { generateRandomString, getTimeInSeconds } from './util';\n\nexport type ClientOptions = {\n clientId: string;\n clientSecret: string;\n apiHost: string;\n redirectUrl: string;\n useDuoCodeAttribute?: boolean;\n};\n\nexport class Client {\n readonly HEALTH_CHECK_ENDPOINT = '/oauth/v1/health_check';\n\n readonly AUTHORIZE_ENDPOINT = '/oauth/v1/authorize';\n\n readonly TOKEN_ENDPOINT = '/oauth/v1/token';\n\n private clientId: string;\n\n private clientSecret: Uint8Array;\n\n private apiHost: string;\n\n private baseURL: string;\n\n private redirectUrl: string;\n\n private useDuoCodeAttribute: boolean;\n\n private axios: AxiosInstance;\n\n constructor(options: ClientOptions) {\n this.validateInitialConfig(options);\n\n const { clientId, clientSecret, apiHost, redirectUrl, useDuoCodeAttribute } = options;\n\n this.clientId = clientId;\n this.clientSecret = new TextEncoder().encode(clientSecret);\n this.apiHost = apiHost;\n this.baseURL = `https://${this.apiHost}`;\n this.redirectUrl = redirectUrl;\n this.useDuoCodeAttribute = useDuoCodeAttribute ?? true;\n\n const agent = new https.Agent({\n ca: constants.DUO_PINNED_CERT,\n });\n\n this.axios = axios.create({\n baseURL: this.baseURL,\n httpsAgent: agent,\n httpAgent: Error('HTTP disabled. Must use HTTPS'),\n });\n }\n\n /**\n * Validate that the clientId and clientSecret are the proper length.\n *\n * @private\n * @param {ClientOptions} options\n * @memberof Client\n */\n private validateInitialConfig(options: ClientOptions): void {\n const { clientId, clientSecret, apiHost, redirectUrl } = options;\n\n if (clientId.length !== constants.CLIENT_ID_LENGTH)\n throw new DuoException(constants.INVALID_CLIENT_ID_ERROR);\n\n if (clientSecret.length !== constants.CLIENT_SECRET_LENGTH)\n throw new DuoException(constants.INVALID_CLIENT_SECRET_ERROR);\n\n if (apiHost === '') throw new DuoException(constants.PARSING_CONFIG_ERROR);\n try {\n new globalThis.URL(redirectUrl);\n } catch {\n throw new DuoException(constants.PARSING_CONFIG_ERROR);\n }\n }\n\n /**\n * Retrieves exception message for DuoException from HTTPS result message.\n *\n * @private\n * @param {*} result\n * @returns {string}\n * @memberof Client\n */\n private getExceptionFromResult(result: any): string {\n const { message, message_detail, error, error_description } = result;\n\n if (message && message_detail) return `${message}: ${message_detail}`;\n\n if (error && error_description) return `${error}: ${error_description}`;\n\n return constants.MALFORMED_RESPONSE;\n }\n\n /**\n * Create client JWT payload\n *\n * @private\n * @param {string} audience\n * @returns {string}\n * @memberof Client\n */\n private async createJwtPayload(audience: string): Promise<string> {\n const timeInSecs = getTimeInSeconds();\n\n const jwt = await new SignJWT({\n iss: this.clientId,\n sub: this.clientId,\n aud: audience,\n jti: generateRandomString(constants.JTI_LENGTH),\n iat: timeInSecs,\n exp: timeInSecs + constants.JWT_EXPIRATION,\n })\n .setProtectedHeader({ alg: constants.SIG_ALGORITHM })\n .sign(this.clientSecret);\n\n return jwt;\n }\n\n /**\n * Verify JWT token\n *\n * @private\n * @template T\n * @param {string} token\n * @returns {Promise<T>}\n * @memberof Client\n */\n private async verifyToken<T>(token: string): Promise<T> {\n const tokenEndpoint = `${this.baseURL}${this.TOKEN_ENDPOINT}`;\n const clientId = this.clientId;\n try {\n const decoded = await jwtVerify<T>(token, this.clientSecret, {\n algorithms: [constants.SIG_ALGORITHM],\n clockTolerance: constants.JWT_LEEWAY,\n issuer: tokenEndpoint,\n audience: clientId,\n });\n\n return decoded.payload;\n } catch (err) {\n throw new DuoException(constants.JWT_DECODE_ERROR, err instanceof Error ? err : undefined);\n }\n }\n\n /**\n * Error handler to throw relevant error\n *\n * @private\n * @param {unknown} error\n * @returns {never}\n * @memberof Client\n */\n private handleErrorResponse(error: unknown): never {\n if (error instanceof DuoException) throw error;\n\n if (axios.isAxiosError(error)) {\n const data = error.response?.data;\n throw new DuoException(data ? this.getExceptionFromResult(data) : error.message, error);\n }\n\n if (error instanceof Error) throw new DuoException(error.message, error);\n\n throw new DuoException(constants.MALFORMED_RESPONSE);\n }\n\n /**\n * Generate a random hex string with a length of DEFAULT_STATE_LENGTH.\n *\n * @returns {string}\n * @memberof Client\n */\n generateState(): string {\n return generateRandomString(constants.DEFAULT_STATE_LENGTH);\n }\n\n /**\n * Makes a call to HEALTH_CHECK_ENDPOINT to see if Duo is available.\n *\n * @returns {Promise<HealthCheckResponse>}\n * @memberof Client\n */\n async healthCheck(): Promise<HealthCheckResponse> {\n const audience = `${this.baseURL}${this.HEALTH_CHECK_ENDPOINT}`;\n const jwtPayload = await this.createJwtPayload(audience);\n const request: HealthCheckRequest = {\n client_id: this.clientId,\n client_assertion: jwtPayload,\n };\n\n try {\n const { data } = await this.axios.post<HealthCheckResponse>(\n this.HEALTH_CHECK_ENDPOINT,\n new globalThis.URLSearchParams(request),\n );\n const { stat } = data;\n\n if (!stat || stat !== 'OK') throw new DuoException(this.getExceptionFromResult(data));\n\n return data;\n } catch (err) {\n this.handleErrorResponse(err);\n }\n }\n\n /**\n * Generate URI to redirect to for the Duo prompt.\n *\n * @param {string} username\n * @param {string} state\n * @returns {string}\n * @memberof Client\n */\n async createAuthUrl(username: string, state: string): Promise<string> {\n if (!username) throw new DuoException(constants.DUO_USERNAME_ERROR);\n\n if (\n !state ||\n state.length < constants.MIN_STATE_LENGTH ||\n state.length > constants.MAX_STATE_LENGTH\n )\n throw new DuoException(constants.DUO_STATE_ERROR);\n\n const timeInSecs = getTimeInSeconds();\n\n const payload: AuthorizationRequestPayload = {\n response_type: 'code',\n scope: 'openid',\n exp: timeInSecs + constants.JWT_EXPIRATION,\n client_id: this.clientId,\n redirect_uri: this.redirectUrl,\n state,\n duo_uname: username,\n iss: this.clientId,\n aud: this.baseURL,\n use_duo_code_attribute: this.useDuoCodeAttribute,\n };\n\n const request = await new SignJWT(payload)\n .setProtectedHeader({ alg: constants.SIG_ALGORITHM })\n .sign(this.clientSecret);\n\n const query: AuthorizationRequest = {\n response_type: 'code',\n client_id: this.clientId,\n request: request,\n redirect_uri: this.redirectUrl,\n scope: 'openid',\n };\n\n return `${this.baseURL}${this.AUTHORIZE_ENDPOINT}?${new globalThis.URLSearchParams(query).toString()}`;\n }\n\n /**\n * Exchange a code returned by Duo for a token that contains information about the authorization.\n *\n * @param {string} code\n * @param {string} username\n * @param {(string | null)} [nonce=null]\n * @returns {Promise<TokenResponsePayload>}\n * @memberof Client\n */\n async exchangeAuthorizationCodeFor2FAResult(\n code: string,\n username: string,\n nonce: string | null = null,\n ): Promise<TokenResponsePayload> {\n if (!code) throw new DuoException(constants.MISSING_CODE_ERROR);\n\n if (!username) throw new DuoException(constants.USERNAME_ERROR);\n\n const tokenEndpoint = `${this.baseURL}${this.TOKEN_ENDPOINT}`;\n const jwtPayload = await this.createJwtPayload(tokenEndpoint);\n\n const request: TokenRequest = {\n grant_type: constants.GRANT_TYPE,\n code,\n redirect_uri: this.redirectUrl,\n client_id: this.clientId,\n client_assertion_type: constants.CLIENT_ASSERTION_TYPE,\n client_assertion: jwtPayload,\n };\n\n try {\n const { data } = await this.axios.post<TokenResponse>(\n this.TOKEN_ENDPOINT,\n new globalThis.URLSearchParams(request),\n {\n headers: {\n 'user-agent': `${constants.USER_AGENT} node/${process.versions.node} v8/${process.versions.v8}`,\n },\n },\n );\n\n /* Verify that we are receiving the expected response from Duo */\n const resultKeys = Object.keys(data);\n const requiredKeys = ['id_token', 'access_token', 'expires_in', 'token_type'];\n\n if (requiredKeys.some((key) => !resultKeys.includes(key)))\n throw new DuoException(constants.MALFORMED_RESPONSE);\n\n if (data.token_type !== 'Bearer') throw new DuoException(constants.MALFORMED_RESPONSE);\n\n const token = await this.verifyToken<TokenResponsePayload>(data.id_token);\n\n const tokenKeys = Object.keys(token);\n const requiredTokenKeys = ['exp', 'iat', 'iss', 'aud'];\n\n if (requiredTokenKeys.some((key) => !tokenKeys.includes(key)))\n throw new DuoException(constants.MALFORMED_RESPONSE);\n\n if (!token.preferred_username || token.preferred_username !== username)\n throw new DuoException(constants.USERNAME_ERROR);\n\n if (nonce && (!token.nonce || token.nonce !== nonce))\n throw new DuoException(constants.NONCE_ERROR);\n\n return token;\n } catch (err) {\n this.handleErrorResponse(err);\n }\n }\n}\n","// SPDX-FileCopyrightText: 2021 Lukas Hroch\n// SPDX-FileCopyrightText: 2022 Cisco Systems, Inc. and/or its affiliates\n//\n// SPDX-License-Identifier: MIT\n\nimport { version } from '../package.json';\n\nexport const CLIENT_ID_LENGTH = 20;\nexport const CLIENT_SECRET_LENGTH = 40;\nexport const DEFAULT_STATE_LENGTH = 36;\nexport const MAX_STATE_LENGTH = 1024;\nexport const MIN_STATE_LENGTH = 22;\nexport const JTI_LENGTH = 36;\nexport const JWT_EXPIRATION = 300;\nexport const JWT_LEEWAY = 60;\n\nexport const USER_AGENT = `duo_universal_node/${version}`;\nexport const SIG_ALGORITHM = 'HS512';\nexport const GRANT_TYPE = 'authorization_code';\nexport const CLIENT_ASSERTION_TYPE = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer';\n\nexport const USERNAME_ERROR = 'The username is invalid';\nexport const NONCE_ERROR = 'The nonce is invalid';\nexport const JWT_DECODE_ERROR = 'Error decoding JWT';\nexport const PARSING_CONFIG_ERROR = 'Error parsing config';\nexport const INVALID_CLIENT_ID_ERROR = 'The Client ID is invalid';\nexport const INVALID_CLIENT_SECRET_ERROR = 'The Client Secret is invalid';\nexport const DUO_USERNAME_ERROR = 'The username is invalid';\nexport const DUO_STATE_ERROR = `State must be between ${MIN_STATE_LENGTH} to ${MAX_STATE_LENGTH} characters long`;\nexport const FAILED_CONNECTION = 'Unable to connect to Duo';\nexport const MALFORMED_RESPONSE = 'Result missing expected data';\nexport const MISSING_CODE_ERROR = 'Missing authorization code';\n\nexport const DUO_PINNED_CERT = `\n# Source URL: https://www.amazontrust.com/repository/AmazonRootCA1.cer\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=Amazon Root CA 1,O=Amazon,C=US\n# Issuer: CN=Amazon Root CA 1,O=Amazon,C=US\n# Expiration Date: 2038-01-17 00:00:00\n# Serial Number: 66C9FCF99BF8C0A39E2F0788A43E696365BCA\n# SHA256 Fingerprint: 8ecde6884f3d87b1125ba31ac3fcb13d7016de7f57cc904fe1cb97c6ae98196e\n-----BEGIN CERTIFICATE-----\nMIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF\nADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\nb24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL\nMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\nb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj\nca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM\n9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw\nIFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6\nVOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L\n93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm\njgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA\nA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI\nU5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs\nN+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv\no/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU\n5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy\nrqXRfboQnoZsG4q5WTP468SQvvG5\n-----END CERTIFICATE-----\n\n# Source URL: https://www.amazontrust.com/repository/AmazonRootCA2.cer\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=Amazon Root CA 2,O=Amazon,C=US\n# Issuer: CN=Amazon Root CA 2,O=Amazon,C=US\n# Expiration Date: 2040-05-26 00:00:00\n# Serial Number: 66C9FD29635869F0A0FE58678F85B26BB8A37\n# SHA256 Fingerprint: 1ba5b2aa8c65401a82960118f80bec4f62304d83cec4713a19c39c011ea46db4\n-----BEGIN CERTIFICATE-----\nMIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF\nADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\nb24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL\nMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\nb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK\ngXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ\nW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg\n1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K\n8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r\n2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me\nz/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR\n8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj\nmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz\n7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6\n+XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI\n0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB\nAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm\nUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2\nLIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY\n+gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS\nk5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl\n7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm\nbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl\nurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+\nfUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63\nn749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE\n76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H\n9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT\n4PsJYGw=\n-----END CERTIFICATE-----\n\n# Source URL: https://www.amazontrust.com/repository/AmazonRootCA3.cer\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=Amazon Root CA 3,O=Amazon,C=US\n# Issuer: CN=Amazon Root CA 3,O=Amazon,C=US\n# Expiration Date: 2040-05-26 00:00:00\n# Serial Number: 66C9FD5749736663F3B0B9AD9E89E7603F24A\n# SHA256 Fingerprint: 18ce6cfe7bf14e60b2e347b8dfe868cb31d02ebb3ada271569f50343b46db3a4\n-----BEGIN CERTIFICATE-----\nMIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5\nMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g\nUm9vdCBDQSAzMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG\nA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg\nQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZBf8ANm+gBG1bG8lKl\nui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjrZt6j\nQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSr\nttvXBp43rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkr\nBqWTrBqYaGFy+uGh0PsceGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteM\nYyRIHN8wfdVoOw==\n-----END CERTIFICATE-----\n\n# Source URL: https://www.amazontrust.com/repository/AmazonRootCA4.cer\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=Amazon Root CA 4,O=Amazon,C=US\n# Issuer: CN=Amazon Root CA 4,O=Amazon,C=US\n# Expiration Date: 2040-05-26 00:00:00\n# Serial Number: 66C9FD7C1BB104C2943E5717B7B2CC81AC10E\n# SHA256 Fingerprint: e35d28419ed02025cfa69038cd623962458da5c695fbdea3c22b0bfb25897092\n-----BEGIN CERTIFICATE-----\nMIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5\nMQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24g\nUm9vdCBDQSA0MB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkG\nA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJvb3Qg\nQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN/sGKe0uoe0ZLY7Bi\n9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri83Bk\nM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB\n/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WB\nMAoGCCqGSM49BAMDA2gAMGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlw\nCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1AE47xDqUEpHJWEadIRNyp4iciuRMStuW\n1KyLa2tJElMzrdfkviT8tQp21KW8EA==\n-----END CERTIFICATE-----\n\n# Source URL: https://www.amazontrust.com/repository/SFSRootCAG2.cer\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US\n# Issuer: CN=Starfield Services Root Certificate Authority - G2,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US\n# Expiration Date: 2037-12-31 23:59:59\n# Serial Number: 0\n# SHA256 Fingerprint: 568d6905a2c88708a4b3025190edcfedb1974a606a13c6e5290fcb2ae63edab5\n-----BEGIN CERTIFICATE-----\nMIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMx\nEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT\nHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVs\nZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5\nMDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNVBAYTAlVTMRAwDgYD\nVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFy\nZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2Vy\ndmljZXMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20p\nOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm2\n8xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4PahHQUw2eeBGg6345AWh1K\nTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLPLJGmpufe\nhRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk\n6mFBrMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAw\nDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+q\nAdcwKziIorhtSpzyEZGDMA0GCSqGSIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMI\nbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPPE95Dz+I0swSdHynVv/heyNXB\nve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTyxQGjhdByPq1z\nqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd\niEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn\n0q23KXB56jzaYyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCN\nsSi6\n-----END CERTIFICATE-----\n\n# Source URL: https://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US\n# Issuer: CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US\n# Expiration Date: 2031-11-10 00:00:00\n# Serial Number: 2AC5C266A0B409B8F0B79F2AE462577\n# SHA256 Fingerprint: 7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf\n-----BEGIN CERTIFICATE-----\nMIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBs\nMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\nd3cuZGlnaWNlcnQuY29tMSswKQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5j\nZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAwMFoXDTMxMTExMDAwMDAwMFowbDEL\nMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3\nLmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFuY2Ug\nRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm\n+9S75S0tMqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTW\nPNt0OKRKzE0lgvdKpVMSOO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEM\nxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFB\nIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQNAQTXKFx01p8VdteZOE3\nhzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUeh10aUAsg\nEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaA\nFLE+w2kD+L9HAdSYJhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3Nec\nnzyIZgYIVyHbIUf4KmeqvxgydkAQV8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6z\neM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFpmyPInngiK3BD41VHMWEZ71jF\nhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkKmNEVX58Svnw2\nYzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe\nvEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep\n+OkuE6N36B9K\n-----END CERTIFICATE-----\n\n# Source URL: https://cacerts.digicert.com/DigiCertTLSECCP384RootG5.crt\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=DigiCert TLS ECC P384 Root G5,O=DigiCert, Inc.,C=US\n# Issuer: CN=DigiCert TLS ECC P384 Root G5,O=DigiCert, Inc.,C=US\n# Expiration Date: 2046-01-14 23:59:59\n# Serial Number: 9E09365ACF7D9C8B93E1C0B042A2EF3\n# SHA256 Fingerprint: 018e13f0772532cf809bd1b17281867283fc48c6e13be9c69812854a490c1b05\n-----BEGIN CERTIFICATE-----\nMIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw\nCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp\nZ2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2\nMDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ\nbmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQgUm9vdCBHNTB2MBAG\nByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1TzvdlHJS\n7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp\n0zVozptjn4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICIS\nB4CIfBFqMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49\nBAMDA2gAMGUCMQCJao1H5+z8blUD2WdsJk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQ\nLgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIxAJSdYsiJvRmEFOml+wG4\nDXZDjC5Ty3zfDBeWUA==\n-----END CERTIFICATE-----\n\n# Source URL: https://cacerts.digicert.com/DigiCertTLSRSA4096RootG5.crt\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=DigiCert TLS RSA4096 Root G5,O=DigiCert, Inc.,C=US\n# Issuer: CN=DigiCert TLS RSA4096 Root G5,O=DigiCert, Inc.,C=US\n# Expiration Date: 2046-01-14 23:59:59\n# Serial Number: 8F9B478A8FA7EDA6A333789DE7CCF8A\n# SHA256 Fingerprint: 371a00dc0533b3721a7eeb40e8419e70799d2b0a0f2c1d80693165f7cec4ad75\n-----BEGIN CERTIFICATE-----\nMIIFZjCCA06gAwIBAgIQCPm0eKj6ftpqMzeJ3nzPijANBgkqhkiG9w0BAQwFADBN\nMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJTAjBgNVBAMT\nHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwHhcNMjEwMTE1MDAwMDAwWhcN\nNDYwMTE0MjM1OTU5WjBNMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQs\nIEluYy4xJTAjBgNVBAMTHERpZ2lDZXJ0IFRMUyBSU0E0MDk2IFJvb3QgRzUwggIi\nMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz0PTJeRGd/fxmgefM1eS87IE+\najWOLrfn3q/5B03PMJ3qCQuZvWxX2hhKuHisOjmopkisLnLlvevxGs3npAOpPxG0\n2C+JFvuUAT27L/gTBaF4HI4o4EXgg/RZG5Wzrn4DReW+wkL+7vI8toUTmDKdFqgp\nwgscONyfMXdcvyej/Cestyu9dJsXLfKB2l2w4SMXPohKEiPQ6s+d3gMXsUJKoBZM\npG2T6T867jp8nVid9E6P/DsjyG244gXazOvswzH016cpVIDPRFtMbzCe88zdH5RD\nnU1/cHAN1DrRN/BsnZvAFJNY781BOHW8EwOVfH/jXOnVDdXifBBiqmvwPXbzP6Po\nsMH976pXTayGpxi0KcEsDr9kvimM2AItzVwv8n/vFfQMFawKsPHTDU9qTXeXAaDx\nZre3zu/O7Oyldcqs4+Fj97ihBMi8ez9dLRYiVu1ISf6nL3kwJZu6ay0/nTvEF+cd\nLvvyz6b84xQslpghjLSR6Rlgg/IwKwZzUNWYOwbpx4oMYIwo+FKbbuH2TbsGJJvX\nKyY//SovcfXWJL5/MZ4PbeiPT02jP/816t9JXkGPhvnxd3lLG7SjXi/7RgLQZhNe\nXoVPzthwiHvOAbWWl9fNff2C+MIkwcoBOU+NosEUQB+cZtUMCUbW8tDRSHZWOkPL\ntgoRObqME2wGtZ7P6wIDAQABo0IwQDAdBgNVHQ4EFgQUUTMc7TZArxfTJc1paPKv\nTiM+s0EwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcN\nAQEMBQADggIBAGCmr1tfV9qJ20tQqcQjNSH/0GEwhJG3PxDPJY7Jv0Y02cEhJhxw\nGXIeo8mH/qlDZJY6yFMECrZBu8RHANmfGBg7sg7zNOok992vIGCukihfNudd5N7H\nPNtQOa27PShNlnx2xlv0wdsUpasZYgcYQF+Xkdycx6u1UQ3maVNVzDl92sURVXLF\nO4uJ+DQtpBflF+aZfTCIITfNMBc9uPK8qHWgQ9w+iUuQrm0D4ByjoJYJu32jtyoQ\nREtGBzRj7TG5BO6jm5qu5jF49OokYTurWGT/u4cnYiWB39yhL/btp/96j1EuMPik\nAdKFOV8BmZZvWltwGUb+hmA+rYAQCd05JS9Yf7vSdPD3Rh9GOUrYU9DzLjtxpdRv\n/PNn5AeP3SYZ4Y1b+qOTEZvpyDrDVWiakuFSdjjo4bq9+0/V77PnSIMx8IIh47a+\np6tv75/fTM8BuGJqIz3nCU2AG3swpMPdB380vqQmsvZB6Akd4yCYqjdP//fx4ilw\nMUc/dNAUFvohigLVigmUdy7yWSiLfFCSCmZ4OIN1xLVaqBHG5cGdZlXPU8Sv13WF\nqUITVuwhd4GTWgzqltlJyqEI8pc7bZsEGCREjnwB8twl2F6GmrE52/WRMmrRpnCK\novfepEWFJqgejF0pW8hL2JpqA15w8oVPbEtoL8pU9ozaMv7Da4M/OMZ+\n-----END CERTIFICATE-----\n\n# Source URL: https://secure.globalsign.com/cacert/rootr46.crt\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=GlobalSign Root R46,O=GlobalSign nv-sa,C=BE\n# Issuer: CN=GlobalSign Root R46,O=GlobalSign nv-sa,C=BE\n# Expiration Date: 2046-03-20 00:00:00\n# Serial Number: 11D2BBB9D723189E405F0A9D2DD0DF2567D1\n# SHA256 Fingerprint: 4fa3126d8d3a11d1c4855a4f807cbad6cf919d3a5a88b03bea2c6372d93c40c9\n-----BEGIN CERTIFICATE-----\nMIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUA\nMEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD\nVQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMy\nMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt\nc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08EsCVeJ\nOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQG\nvGIFAha/r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud\n316HCkD7rRlr+/fKYIje2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo\n0q3v84RLHIf8E6M6cqJaESvWJ3En7YEtbWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSE\ny132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvjK8Cd+RTyG/FWaha/LIWF\nzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD412lPFzYE\n+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCN\nI/onccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzs\nx2sZy/N78CsHpdlseVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqa\nByFrgY/bxFn63iLABJzjqls2k+g9vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC\n4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNV\nHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEMBQADggIBAHx4\n7PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg\nJuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti\n2kM3S+LGteWygxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIk\npnnpHs6i58FZFZ8d4kuaPp92CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRF\nFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZmOUdkLG5NrmJ7v2B0GbhWrJKsFjLt\nrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qqJZ4d16GLuc1CLgSk\nZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwyeqiv5\nu+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP\n4vkYxboznxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6\nN3ec592kD3ZDZopD8p/7DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3\nvouXsXgxT7PntgMTzlSdriVZzH81Xwj3QEUxeCp6\n-----END CERTIFICATE-----\n\n# Source URL: https://secure.globalsign.com/cacert/roote46.crt\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=GlobalSign Root E46,O=GlobalSign nv-sa,C=BE\n# Issuer: CN=GlobalSign Root E46,O=GlobalSign nv-sa,C=BE\n# Expiration Date: 2046-03-20 00:00:00\n# Serial Number: 11D2BBBA336ED4BCE62468C50D841D98E843\n# SHA256 Fingerprint: cbb9c44d84b8043e1050ea31a69f514955d7bfd2e2c6b49301019ad61d9f5058\n-----BEGIN CERTIFICATE-----\nMIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYx\nCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQD\nExNHbG9iYWxTaWduIFJvb3QgRTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAw\nMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2Ex\nHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcqhkjOPQIBBgUrgQQA\nIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkBjtjq\nR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGdd\nyXqBPCCjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud\nDgQWBBQxCpCPtsad0kRLgLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ\n7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZkvLtoURMMA/cVi4RguYv/Uo7njLwcAjA8\n+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+CAezNIm8BZ/3Hobui3A=\n-----END CERTIFICATE-----\n\n# Source URL: https://i.pki.goog/r2.crt\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=GTS Root R2,O=Google Trust Services LLC,C=US\n# Issuer: CN=GTS Root R2,O=Google Trust Services LLC,C=US\n# Expiration Date: 2036-06-22 00:00:00\n# Serial Number: 203E5AEC58D04251AAB1125AA\n# SHA256 Fingerprint: 8d25cd97229dbf70356bda4eb3cc734031e24cf00fafcfd32dc76eb5841c7ea8\n-----BEGIN CERTIFICATE-----\nMIIFVzCCAz+gAwIBAgINAgPlrsWNBCUaqxElqjANBgkqhkiG9w0BAQwFADBHMQsw\nCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEU\nMBIGA1UEAxMLR1RTIFJvb3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAw\nMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZp\nY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUA\nA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTukk3LvCvpt\nnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY\n6Dlo7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAu\nMC6C/Pq8tBcKSOWIm8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7k\nRXuJVfeKH2JShBKzwkCX44ofR5GmdFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWg\nf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbuak7MkogwTZq9TwtImoS1mKPV\n+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscszcTJGr61K8Yzo\ndDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW\nIr9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKa\nG73VululycslaVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCq\ngc7dGtxRcw1PcOnlthYhGXmy5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwID\nAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E\nFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEMBQADggIBAB/Kzt3H\nvqGf2SdMC9wXmBFqiN495nFWcrKeGk6c1SuYJF2ba3uwM4IJvd8lRuqYnrYb/oM8\n0mJhwQTtzuDFycgTE1XnqGOtjHsB/ncw4c5omwX4Eu55MaBBRTUoCnGkJE+M3DyC\nB19m3H0Q/gxhswWV7uGugQ+o+MePTagjAiZrHYNSVc61LwDKgEDg4XSsYPWHgJ2u\nNmSRXbBoGOqKYcl3qJfEycel/FVL8/B/uWU9J2jQzGv6U53hkRrJXRqWbTKH7QMg\nyALOWr7Z6v2yTcQvG99fevX4i8buMTolUVVnjWQye+mew4K6Ki3pHrTgSAai/Gev\nHyICc/sgCq+dVEuhzf9gR7A/Xe8bVr2XIZYtCtFenTgCR2y59PYjJbigapordwj6\nxLEokCZYCDzifqrXPW+6MYgKBesntaFJ7qBFVHvmJ2WZICGoo7z7GJa7Um8M7YNR\nTOlZ4iBgxcJlkoKM8xAfDoqXvneCbT+PHV28SSe9zE8P4c52hgQjxcCMElv924Sg\nJPFI/2R80L5cFtHvma3AH/vLrrw4IgYmZNralw4/KBVEqE8AyvCazM90arQ+POuV\n7LXTWtiBmelDGDfrs7vRWGJB82bSj6p4lVQgw1oudCvV0b4YacCs1aTPObpRhANl\n6WLAYv7YTVWW4tAR+kg0Eeye7QUd5MjWHYbL\n-----END CERTIFICATE-----\n\n# Source URL: https://i.pki.goog/r4.crt\n# Certificate #1 Details:\n# Original Format: DER\n# Subject: CN=GTS Root R4,O=Google Trust Services LLC,C=US\n# Issuer: CN=GTS Root R4,O=Google Trust Services LLC,C=US\n# Expiration Date: 2036-06-22 00:00:00\n# Serial Number: 203E5C068EF631A9C72905052\n# SHA256 Fingerprint: 349dfa4058c5e263123b398ae795573c4e1313c83fe68f93556cd5e8031b3c7d\n-----BEGIN CERTIFICATE-----\nMIICCTCCAY6gAwIBAgINAgPlwGjvYxqccpBQUjAKBggqhkjOPQQDAzBHMQswCQYD\nVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIG\nA1UEAxMLR1RTIFJvb3QgUjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAw\nWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2Vz\nIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcqhkjOPQIBBgUrgQQAIgNi\nAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa6zzuhXyi\nQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvR\nHYqjQjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQW\nBBSATNbrdP9JNqPV2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNpADBmAjEA6ED/g94D\n9J+uHXqnLrmvT/aDHQ4thQEd0dlq7A/Cr8deVl5c1RxYIigL9zC2L7F8AjEA8GE8\np/SgguMh1YQdc4acLa/KNJvxn7kjNuK8YAOdgLOaVsjh4rsUecrNIdSUtUlD\n-----END CERTIFICATE-----\n\n# Source URL: https://www.identrust.com/file-download/download/public/5718\n# Certificate #1 Details:\n# Original Format: PKCS7-DER\n# Subject: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US\n# Issuer: CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US\n# Expiration Date: 2034-01-16 18:12:23\n# Serial Number: A0142800000014523C844B500000002\n# SHA256 Fingerprint: 5d56499be4d2e08bcfcad08a3e38723d50503bde706948e42f55603019e528ae\n-----BEGIN CERTIFICATE-----\nMIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBK\nMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVu\nVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQw\nMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MScw\nJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENBIDEwggIiMA0GCSqG\nSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ldhNlT\n3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU\n+ehcCuz/mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gp\nS0l4PJNgiCL8mdo2yMKi1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1\nbVoE/c40yiTcdCMbXTMTEl3EASX2MN0CXZ/g1Ue9tOsbobtJSdifWwLziuQkkORi\nT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl3ZBWzvurpWCdxJ35UrCL\nvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzyNeVJSQjK\nVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZK\ndHzVWYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHT\nc+XvvqDtMwt0viAgxGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hv\nl7yTmvmcEpB4eoCHFddydJxVdHixuuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5N\niGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB\n/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZIhvcNAQELBQAD\nggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH\n6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwt\nLRvM7Kqas6pgghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93\nnAbowacYXVKV7cndJZ5t+qntozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3\n+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmVYjzlVYA211QC//G5Xc7UI2/YRYRK\nW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUXfeu+h1sXIFRRk0pT\nAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/rokTLq\nl1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG\n4iZZRHUe2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZ\nmUlO+KWA2yUPHGNiiskzZ2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A\n7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7RcGzM7vRX+Bi6hG6H\n-----END CERTIFICATE-----\n\n# Source URL: https://www.identrust.com/file-download/download/public/5842\n# Certificate #1 Details:\n# Original Format: PKCS7-PEM\n# Subject: CN=IdenTrust Commercial Root TLS ECC CA 2,O=IdenTrust,C=US\n# Issuer: CN=IdenTrust Commercial Root TLS ECC CA 2,O=IdenTrust,C=US\n# Expiration Date: 2039-04-11 21:11:10\n# Serial Number: 40018ECF000DE911D7447B73E4C1F82E\n# SHA256 Fingerprint: 983d826ba9c87f653ff9e8384c5413e1d59acf19ddc9c98cecae5fdea2ac229c\n-----BEGIN CERTIFICATE-----\nMIICbDCCAc2gAwIBAgIQQAGOzwAN6RHXRHtz5MH4LjAKBggqhkjOPQQDBDBSMQsw\nCQYDVQQGEwJVUzESMBAGA1UEChMJSWRlblRydXN0MS8wLQYDVQQDEyZJZGVuVHJ1\nc3QgQ29tbWVyY2lhbCBSb290IFRMUyBFQ0MgQ0EgMjAeFw0yNDA0MTEyMTExMTFa\nFw0zOTA0MTEyMTExMTBaMFIxCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1\nc3QxLzAtBgNVBAMTJklkZW5UcnVzdCBDb21tZXJjaWFsIFJvb3QgVExTIEVDQyBD\nQSAyMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBwomiZTgLg8KqEImMmnO5rNPb\nOo9sv5w4nJh45CXs9Gcu8YET9ulxsyVBCVSfSYeppdtXFEWYyBi0QRCAlp5YZHQB\nH675v5rWVKRXvhzsuUNi9Xw0Zy1bAXaikmsrY/J0L52j2RulW4q4WvE7f23VFwZu\nd82J8k0YG+M4MpmdOho1rsKjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/\nBAQDAgGGMB0GA1UdDgQWBBQhNGgGrnXhVx/FuQqjXpuH+IlbwzAKBggqhkjOPQQD\nBAOBjAAwgYgCQgDc9F4WOxAgci2uQWfsX9cjeIvDXaaeVjDz31Ycc+ZdPrK1JKrB\nf6CuTwWy8VojtGxdM3PJMkJC4LGPuhcvkHLo4gJCAV5h+PXe4bDJ3QxE8hkGFoUW\nAk6KtMCIpbLyt5pHrROi+YW9MpScoNGJkg96G1ETvJTWz6dv0uQYjKXt3jlOfQ7g\n-----END CERTIFICATE-----\n\n# Source URL: https://ssl-ccp.secureserver.net/repository/sfroot-g2.crt\n# Certificate #1 Details:\n# Original Format: PEM\n# Subject: CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US\n# Issuer: CN=Starfield Root Certificate Authority - G2,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US\n# Expiration Date: 2037-12-31 23:59:59\n# Serial Number: 0\n# SHA256 Fingerprint: 2ce1cb0bf9d2f9e102993fbe215152c3b2dd0cabde1c68e5319b839154dbb7f5\n-----BEGIN CERTIFICATE-----\nMIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMx\nEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoT\nHFN0YXJmaWVsZCBUZWNobm9sb2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVs\nZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAw\nMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6\nb25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQgVGVj\naG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZp\nY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\nggEBAL3twQP89o/8ArFvW59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMg\nnLRJdzIpVv257IzdIvpy3Cdhl+72WoTsbhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1\nHOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNkN3mSwOxGXn/hbVNMYq/N\nHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7NfZTD4p7dN\ndloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0\nHZbUJtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAO\nBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0G\nCSqGSIb3DQEBCwUAA4IBAQARWfolTwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjU\nsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx4mcujJUDJi5DnUox9g61DLu3\n4jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUwF5okxBDgBPfg\n8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K\npL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1\nmMpYjn0q7pBZc2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0\n-----END CERTIFICATE-----`;\n","{\n \"name\": \"@duosecurity/duo_universal\",\n \"version\": \"3.0.1\",\n \"description\": \"Node.js implementation of the Duo Universal SDK.\",\n \"keywords\": [\n \"duo\",\n \"duo security\"\n ],\n \"license\": \"MIT\",\n \"repository\": {\n \"type\": \"git\",\n \"url\": \"git+https://github.com/duosecurity/duo_universal_nodejs.git\"\n },\n \"homepage\": \"https://github.com/duosecurity/duo_universal_nodejs#readme\",\n \"bugs\": {\n \"url\": \"https://github.com/duosecurity/duo_universal_nodejs/issues\"\n },\n \"packageManager\": \"pnpm@10.13.1\",\n \"main\": \"dist/index.js\",\n \"module\": \"dist/index.mjs\",\n \"types\": \"dist/index.d.ts\",\n \"exports\": {\n \".\": {\n \"import\": {\n \"types\": \"./dist/index.d.mts\",\n \"default\": \"./dist/index.mjs\"\n },\n \"require\": {\n \"types\": \"./dist/index.d.ts\",\n \"default\": \"./dist/index.js\"\n }\n }\n },\n \"engines\": {\n \"node\": \">=20\"\n },\n \"files\": [\n \"dist\"\n ],\n \"scripts\": {\n \"build\": \"tsup --env.NODE_ENV production\",\n \"prepublishOnly\": \"pnpm build\",\n \"lint\": \"eslint ./src --fix\",\n \"test\": \"vitest\",\n \"test:coverage\": \"vitest run --coverage\"\n },\n \"dependencies\": {\n \"axios\": \"1.13.6\",\n \"jose\": \"^6.0.11\"\n },\n \"devDependencies\": {\n \"@eslint/js\": \"^9.30.1\",\n \"@types/node\": \"^22.16.3\",\n \"@vitest/coverage-v8\": \"^3.2.4\",\n \"eslint\": \"^9.30.1\",\n \"eslint-config-prettier\": \"^10.1.5\",\n \"eslint-plugin-prettier\": \"^5.5.1\",\n \"prettier\": \"^3.6.2\",\n \"tsup\": \"^8.5.0\",\n \"typescript\": \"^5.8.3\",\n \"typescript-eslint\": \"^8.36.0\",\n \"vitest\": \"^3.2.4\"\n },\n \"overrides\": {\n \"glob-parent\": \"^6.0.2\"\n }\n}\n","// SPDX-FileCopyrightText: 2021 Lukas Hroch\n//\n// SPDX-License-Identifier: MIT\nexport class DuoException extends Error {\n inner?: Error;\n\n constructor(message: string, error?: Error | null) {\n super(message);\n\n this.name = 'DuoException';\n\n if (error) this.inner = error;\n }\n}\n","// SPDX-FileCopyrightText: 2021 Lukas Hroch\n// SPDX-FileCopyrightText: 2022 Cisco Systems, Inc. and/or its affiliates\n//\n// SPDX-License-Identifier: MIT\n\nexport const generateRandomString = (length: number) => {\n const arr = new Uint8Array((length % 2 ? length + 1 : length) / 2);\n globalThis.crypto.getRandomValues(arr);\n return Array.from(arr, (dec) => dec.toString(16).padStart(2, '0'))\n .join('')\n .slice(0, length);\n};\n\nexport const getTimeInSeconds = (date = new Date(Date.now())): number =>\n Math.round(date.getTime() / 1000);\n"],"mappings":";;;;;;;AAKA,OAAO,WAA8B;AACrC,OAAO,WAAW;AAClB,SAAS,SAAS,iBAAiB;;;ACPnC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACEE,cAAW;;;ADKN,IAAM,mBAAmB;AACzB,IAAM,uBAAuB;AAC7B,IAAM,uBAAuB;AAC7B,IAAM,mBAAmB;AACzB,IAAM,mBAAmB;AACzB,IAAM,aAAa;AACnB,IAAM,iBAAiB;AACvB,IAAM,aAAa;AAEnB,IAAM,aAAa,sBAAsB,OAAO;AAChD,IAAM,gBAAgB;AACtB,IAAM,aAAa;AACnB,IAAM,wBAAwB;AAE9B,IAAM,iBAAiB;AACvB,IAAM,cAAc;AACpB,IAAM,mBAAmB;AACzB,IAAM,uBAAuB;AAC7B,IAAM,0BAA0B;AAChC,IAAM,8BAA8B;AACpC,IAAM,qBAAqB;AAC3B,IAAM,kBAAkB,yBAAyB,gBAAgB,OAAO,gBAAgB;AACxF,IAAM,oBAAoB;AAC1B,IAAM,qBAAqB;AAC3B,IAAM,qBAAqB;AAE3B,IAAM,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;AE9BxB,IAAM,eAAN,cAA2B,MAAM;AAAA,EACtC;AAAA,EAEA,YAAY,SAAiB,OAAsB;AACjD,UAAM,OAAO;AAEb,SAAK,OAAO;AAEZ,QAAI,MAAO,MAAK,QAAQ;AAAA,EAC1B;AACF;;;ACbA;AAAA;AAAA;AAAA;AAAA;AAKO,IAAM,uBAAuB,CAAC,WAAmB;AACtD,QAAM,MAAM,IAAI,YAAY,SAAS,IAAI,SAAS,IAAI,UAAU,CAAC;AACjE,aAAW,OAAO,gBAAgB,GAAG;AACrC,SAAO,MAAM,KAAK,KAAK,CAAC,QAAQ,IAAI,SAAS,EAAE,EAAE,SAAS,GAAG,GAAG,CAAC,EAC9D,KAAK,EAAE,EACP,MAAM,GAAG,MAAM;AACpB;AAEO,IAAM,mBAAmB,CAAC,OAAO,IAAI,KAAK,KAAK,IAAI,CAAC,MACzD,KAAK,MAAM,KAAK,QAAQ,IAAI,GAAI;;;AJe3B,IAAM,SAAN,MAAa;AAAA,EACT,wBAAwB;AAAA,EAExB,qBAAqB;AAAA,EAErB,iBAAiB;AAAA,EAElB;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAEA;AAAA,EAER,YAAY,SAAwB;AAClC,SAAK,sBAAsB,OAAO;AAElC,UAAM,EAAE,UAAU,cAAc,SAAS,aAAa,oBAAoB,IAAI;AAE9E,SAAK,WAAW;AAChB,SAAK,eAAe,IAAI,YAAY,EAAE,OAAO,YAAY;AACzD,SAAK,UAAU;AACf,SAAK,UAAU,WAAW,KAAK,OAAO;AACtC,SAAK,cAAc;AACnB,SAAK,sBAAsB,uBAAuB;AAElD,UAAM,QAAQ,IAAI,MAAM,MAAM;AAAA,MAC5B,IAAc;AAAA,IAChB,CAAC;AAED,SAAK,QAAQ,MAAM,OAAO;AAAA,MACxB,SAAS,KAAK;AAAA,MACd,YAAY;AAAA,MACZ,WAAW,MAAM,+BAA+B;AAAA,IAClD,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EASQ,sBAAsB,SAA8B;AAC1D,UAAM,EAAE,UAAU,cAAc,SAAS,YAAY,IAAI;AAEzD,QAAI,SAAS,WAAqB;AAChC,YAAM,IAAI,aAAuB,uBAAuB;AAE1D,QAAI,aAAa,WAAqB;AACpC,YAAM,IAAI,aAAuB,2BAA2B;AAE9D,QAAI,YAAY,GAAI,OAAM,IAAI,aAAuB,oBAAoB;AACzE,QAAI;AACF,UAAI,WAAW,IAAI,WAAW;AAAA,IAChC,QAAQ;AACN,YAAM,IAAI,aAAuB,oBAAoB;AAAA,IACvD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUQ,uBAAuB,QAAqB;AAClD,UAAM,EAAE,SAAS,gBAAgB,OAAO,kBAAkB,IAAI;AAE9D,QAAI,WAAW,eAAgB,QAAO,GAAG,OAAO,KAAK,cAAc;AAEnE,QAAI,SAAS,kBAAmB,QAAO,GAAG,KAAK,KAAK,iBAAiB;AAErE,WAAiB;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAc,iBAAiB,UAAmC;AAChE,UAAM,aAAa,iBAAiB;AAEpC,UAAM,MAAM,MAAM,IAAI,QAAQ;AAAA,MAC5B,KAAK,KAAK;AAAA,MACV,KAAK,KAAK;AAAA,MACV,KAAK;AAAA,MACL,KAAK,qBAA+B,UAAU;AAAA,MAC9C,KAAK;AAAA,MACL,KAAK,aAAuB;AAAA,IAC9B,CAAC,EACE,mBAAmB,EAAE,KAAe,cAAc,CAAC,EACnD,KAAK,KAAK,YAAY;AAEzB,WAAO;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAc,YAAe,OAA2B;AACtD,UAAM,gBAAgB,GAAG,KAAK,OAAO,GAAG,KAAK,cAAc;AAC3D,UAAM,WAAW,KAAK;AACtB,QAAI;AACF,YAAM,UAAU,MAAM,UAAa,OAAO,KAAK,cAAc;AAAA,QAC3D,YAAY,CAAW,aAAa;AAAA,QACpC,gBAA0B;AAAA,QAC1B,QAAQ;AAAA,QACR,UAAU;AAAA,MACZ,CAAC;AAED,aAAO,QAAQ;AAAA,IACjB,SAAS,KAAK;AACZ,YAAM,IAAI,aAAuB,kBAAkB,eAAe,QAAQ,MAAM,MAAS;AAAA,IAC3F;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUQ,oBAAoB,OAAuB;AACjD,QAAI,iBAAiB,aAAc,OAAM;AAEzC,QAAI,MAAM,aAAa,KAAK,GAAG;AAC7B,YAAM,OAAO,MAAM,UAAU;AAC7B,YAAM,IAAI,aAAa,OAAO,KAAK,uBAAuB,IAAI,IAAI,MAAM,SAAS,KAAK;AAAA,IACxF;AAEA,QAAI,iBAAiB,MAAO,OAAM,IAAI,aAAa,MAAM,SAAS,KAAK;AAEvE,UAAM,IAAI,aAAuB,kBAAkB;AAAA,EACrD;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,gBAAwB;AACtB,WAAO,qBAA+B,oBAAoB;AAAA,EAC5D;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQA,MAAM,cAA4C;AAChD,UAAM,WAAW,GAAG,KAAK,OAAO,GAAG,KAAK,qBAAqB;AAC7D,UAAM,aAAa,MAAM,KAAK,iBAAiB,QAAQ;AACvD,UAAM,UAA8B;AAAA,MAClC,WAAW,KAAK;AAAA,MAChB,kBAAkB;AAAA,IACpB;AAEA,QAAI;AACF,YAAM,EAAE,KAAK,IAAI,MAAM,KAAK,MAAM;AAAA,QAChC,KAAK;AAAA,QACL,IAAI,WAAW,gBAAgB,OAAO;AAAA,MACxC;AACA,YAAM,EAAE,KAAK,IAAI;AAEjB,UAAI,CAAC,QAAQ,SAAS,KAAM,OAAM,IAAI,aAAa,KAAK,uBAAuB,IAAI,CAAC;AAEpF,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,WAAK,oBAAoB,GAAG;AAAA,IAC9B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAUA,MAAM,cAAc,UAAkB,OAAgC;AACpE,QAAI,CAAC,SAAU,OAAM,IAAI,aAAuB,kBAAkB;AAElE,QACE,CAAC,SACD,MAAM,SAAmB,oBACzB,MAAM,SAAmB;AAEzB,YAAM,IAAI,aAAuB,eAAe;AAElD,UAAM,aAAa,iBAAiB;AAEpC,UAAM,UAAuC;AAAA,MAC3C,eAAe;AAAA,MACf,OAAO;AAAA,MACP,KAAK,aAAuB;AAAA,MAC5B,WAAW,KAAK;AAAA,MAChB,cAAc,KAAK;AAAA,MACnB;AAAA,MACA,WAAW;AAAA,MACX,KAAK,KAAK;AAAA,MACV,KAAK,KAAK;AAAA,MACV,wBAAwB,KAAK;AAAA,IAC/B;AAEA,UAAM,UAAU,MAAM,IAAI,QAAQ,OAAO,EACtC,mBAAmB,EAAE,KAAe,cAAc,CAAC,EACnD,KAAK,KAAK,YAAY;AAEzB,UAAM,QAA8B;AAAA,MAClC,eAAe;AAAA,MACf,WAAW,KAAK;AAAA,MAChB;AAAA,MACA,cAAc,KAAK;AAAA,MACnB,OAAO;AAAA,IACT;AAEA,WAAO,GAAG,KAAK,OAAO,GAAG,KAAK,kBAAkB,IAAI,IAAI,WAAW,gBAAgB,KAAK,EAAE,SAAS,CAAC;AAAA,EACtG;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAWA,MAAM,sCACJ,MACA,UACA,QAAuB,MACQ;AAC/B,QAAI,CAAC,KAAM,OAAM,IAAI,aAAuB,kBAAkB;AAE9D,QAAI,CAAC,SAAU,OAAM,IAAI,aAAuB,cAAc;AAE9D,UAAM,gBAAgB,GAAG,KAAK,OAAO,GAAG,KAAK,cAAc;AAC3D,UAAM,aAAa,MAAM,KAAK,iBAAiB,aAAa;AAE5D,UAAM,UAAwB;AAAA,MAC5B,YAAsB;AAAA,MACtB;AAAA,MACA,cAAc,KAAK;AAAA,MACnB,WAAW,KAAK;AAAA,MAChB,uBAAiC;AAAA,MACjC,kBAAkB;AAAA,IACpB;AAEA,QAAI;AACF,YAAM,EAAE,KAAK,IAAI,MAAM,KAAK,MAAM;AAAA,QAChC,KAAK;AAAA,QACL,IAAI,WAAW,gBAAgB,OAAO;AAAA,QACtC;AAAA,UACE,SAAS;AAAA,YACP,cAAc,GAAa,UAAU,SAAS,QAAQ,SAAS,IAAI,OAAO,QAAQ,SAAS,EAAE;AAAA,UAC/F;AAAA,QACF;AAAA,MACF;AAGA,YAAM,aAAa,OAAO,KAAK,IAAI;AACnC,YAAM,eAAe,CAAC,YAAY,gBAAgB,cAAc,YAAY;AAE5E,UAAI,aAAa,KAAK,CAAC,QAAQ,CAAC,WAAW,SAAS,GAAG,CAAC;AACtD,cAAM,IAAI,aAAuB,kBAAkB;AAErD,UAAI,KAAK,eAAe,SAAU,OAAM,IAAI,aAAuB,kBAAkB;AAErF,YAAM,QAAQ,MAAM,KAAK,YAAkC,KAAK,QAAQ;AAExE,YAAM,YAAY,OAAO,KAAK,KAAK;AACnC,YAAM,oBAAoB,CAAC,OAAO,OAAO,OAAO,KAAK;AAErD,UAAI,kBAAkB,KAAK,CAAC,QAAQ,CAAC,UAAU,SAAS,GAAG,CAAC;AAC1D,cAAM,IAAI,aAAuB,kBAAkB;AAErD,UAAI,CAAC,MAAM,sBAAsB,MAAM,uBAAuB;AAC5D,cAAM,IAAI,aAAuB,cAAc;AAEjD,UAAI,UAAU,CAAC,MAAM,SAAS,MAAM,UAAU;AAC5C,cAAM,IAAI,aAAuB,WAAW;AAE9C,aAAO;AAAA,IACT,SAAS,KAAK;AACZ,WAAK,oBAAoB,GAAG;AAAA,IAC9B;AAAA,EACF;AACF;","names":[]}