{"version":3,"file":"app/vendors-node_modules_open-wc_testing-helpers_index_js-node_modules_node-jose_node_modules_nod-ef3e4e.4163e906.js","mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAyD;AACD;AACiC;AAU/D;AAC6B;AACU;AACS;;;;;;;;;;;;;;;;ACf1E;AACA;AACA;AACA;AACO;AACP;AACA;AACA,aAAa,OAAO;AACpB;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,aAAa,GAAG;AAChB,cAAc;AACd;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,aAAa,GAAG;AAChB,aAAa,GAAG;AAChB,cAAc,aAAa;AAC3B;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,aAAa,GAAG;AAChB,cAAc;AACd;AACA;AACA;AACA;AACA;;;;;;;;;;;;;;;;;;;;;;AChDA;AAC6D;AACT;AACjB;AACQ;AACiC;AACX;;AAEjE;AACA,aAAa,uCAAuC;AACpD,aAAa,qCAAqC;AAClD,aAAa,kCAAkC;AAC/C,aAAa,wDAAwD;AACrE,aAAa,yFAAyF;AACtG;;AAEA;AACA;AACA;AACA,UAAU;AACV;AACA;;AAEA;AACA;AACA;AACA,WAAW,UAAU;AACrB,aAAa;AACb;AACA;AACA;AACA;AACA,gCAAgC,4CAAK;AACrC;;AAEA;AACA;;AAEA;AACA;AACA;AACA,UAAU;AACV;AACA;;AAEA;AACA;AACA,WAAW,QAAQ;AACnB,aAAa;AACb;AACA;AACA;AACA,4BAA4B,4CAAK;AACjC;;AAEA;AACA;;AAEA;AACA;AACA;AACA,WAAW,eAAe;AAC1B,WAAW,mBAAmB;AAC9B,WAAW,mDAAmD;AAC9D,WAAW,uBAAuB;AAClC,aAAa;AACb;AACA;AACA;AACA,yBAAyB,oDAAc;AACvC;AACA;;AAEA;AACA;AACA;;AAEA;AACA,GAAG;;AAEH;AACA;AACA;AACA,WAAW,gBAAgB;AAC3B,WAAW,mBAAmB;AAC9B,WAAW,mDAAmD;AAC9D,WAAW,uBAAuB;AAClC,aAAa;AACb;AACA;AACA,wCAAwC,uDAAiB,GAAG,uDAAiB,GAAG,oDAAc;;AAE9F;AACA,IAAI,wDAAS;AACb;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,WAAW,QAAQ;AACnB,WAAW,mBAAmB;AAC9B,WAAW,mDAAmD;AAC9D,WAAW,uBAAuB;AAClC,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,SAAS,8EAAoB;AAC7B;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA,WAAW,qBAAqB;AAChC;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,cAAc,0BAA0B;;AAExC;AACA;AACA,cAAc,iBAAiB;;AAE/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;;AAEA;AACA;AACA;AACA,eAAe,QAAQ;AACvB,eAAe,oBAAoB;AACnC;AACA;AACA,aAAa,wEAAmB;AAChC;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAe,QAAQ;AACvB,iBAAiB;AACjB;AACA;AACA;AACA;;AAEA;AACA,UAAU,oEAAe;AACzB;AACA;;AAEA;AACA;AACA;AACA,eAAe,QAAQ;AACvB,iBAAiB;AACjB;AACA;AACA;AACA;;AAEA;AACA,UAAU,oEAAe;AACzB;AACA;AACA;;AAEO,4BAA4B,kEAAW;;;;;;;;;;;;;;;;AChN9C;AACA;AACA;AACA,UAAU;AACV;AACA;;AAEA;AACA;AACA;AACA,UAAU;AACV;AACA;;AAEA;AACA;AACA;AACA,UAAU;AACV;AACA,sCAAsC,MAAM,MAAM,MAAM;;AAExD;AACA;AACA;AACA,WAAW,QAAQ;AACnB,aAAa;AACb;AACA;;AAEA;AACA;AACA;AACA,WAAW,QAAQ;AACnB,WAAW,uBAAuB;AAClC,aAAa;AACb;AACA;;AAEA;AACA;AACA;AACA,WAAW,QAAQ;AACnB,WAAW,uBAAuB;AAClC,aAAa,QAAQ;AACrB;AACA;AACA,wBAAwB,QAAQ,GAAG,eAAe;;AAElD;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA,WAAW,QAAQ;AACnB,WAAW,uBAAuB;AAClC,aAAa,QAAQ;AACrB;AACO;AACP;AACA;AACA;;AAEA;AACA;;;;;;;;;;;;;;;;;ACrEA;AACA;AACA;AACA,UAAU;AACV;AACA;;AAEA;AACA;AACA;AACA,WAAW,QAAQ;AACnB,WAAW,oBAAoB;AAC/B;AACO;;AAEP;AACA;AACA;AACA;AACA,WAAW,oBAAoB;AAC/B,aAAa;AACb;AACO;;;;;;;;;;;;;;;;;;;ACtBgD;AAC6B;;AAEpF;AACA;AACA;AACA;AACA,WAAW,oBAAoB;AAC/B,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,WAAW,QAAQ;AACnB,WAAW,oBAAoB;AAC/B,WAAW,uBAAuB;AAClC;AACA;AACA,EAAE,yEAAoB;AACtB,iDAAiD;AACjD;;AAEA;AACA;AACA;AACA,WAAW,QAAQ;AACnB,WAAW,uBAAuB;AAClC,WAAW,4CAA4C;AACvD,aAAa;AACb;AACA;AACA,cAAc,oEAAe;;AAE7B;AACA;AACA;;AAEA;;AAEA;AACA;;AAEA;AACA;AACA;AACA,WAAW,QAAQ;AACnB,WAAW,oBAAoB;AAC/B,WAAW,4CAA4C;AACvD,aAAa;AACb;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA,IAAI,yEAAoB;;AAExB;AACA;;AAEA,cAAc,oEAAe;AAC7B;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA,WAAW,QAAQ;AACnB,WAAW,oBAAoB;AAC/B,WAAW,4CAA4C;AACvD,aAAa;AACb;AACO;AACP;AACA,IAAI,2EAAsB;AAC1B;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA,WAAW,QAAQ;AACnB,WAAW,oBAAoB;AAC/B,WAAW,4CAA4C;AACvD;AACO;AACP;;AAEA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;;;;;;;;;;;;;;;;;;AC3HkE;AACN;;AAE5D,oDAAoD,KAAK,IAAI,UAAU;;AAEvE;;AAEA;AACA,QAAQ,WAAW;;AAEnB;AACA;AACA,EAAE;AACF;AACA;;AAEA;AACA;AACA,qBAAqB;AACrB;AACO;AACP;AACA,sBAAsB,4EAAc;AACpC;AACA;AACA;AACA;AACA;AACA,IAAI,4EAAc;AAClB;AACA;AACA;AACA;AACA;AACA,kCAAkC,4DAAM;AACxC;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,8DAAQ;AAC3B;AACA;AACA;AACA;AACA;;;;;;;;;;;;;;;;;;AC9CuD;AACpB;;AAEnC;AACA,aAAa,qCAAqC;AAClD;;AAEA;AACA;AACA;AACA,UAAU;AACV;AACA;;AAEA;AACA;AACA;AACA,UAAU;AACV;AACA,qCAAqC,MAAM,MAAM,MAAM;;AAEvD;AACA;AACA;AACA,UAAU;AACV;AACA,wBAAwB,4CAAK;;AAE7B;AACA;AACA;AACA,WAAW,QAAQ;AACnB,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA,WAAW,sBAAsB;AACjC,WAAW,mBAAmB;AAC9B,WAAW,mDAAmD;AAC9D,WAAW,uBAAuB;AAClC,aAAa;AACb;AACA;AACA;AACA;AACA;;AAEA,qCAAqC,QAAQ;AAC7C;AACA;AACA,kBAAkB,oEAAe;AACjC;AACA;AACA;;AAEA;AACA;AACA,iCAAiC,KAAK,iBAAiB,QAAQ;AAC/D;AACA;;AAEA;AACA,GAAG;;AAEH;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,WAAW,sBAAsB;AACjC,WAAW,mBAAmB;AAC9B,WAAW,wEAAwE;AACnF,WAAW,4CAA4C;AACvD,aAAa;AACb;AACO;AACP;AACA;AACA;AACA;AACA;;;;;;;;;;;;;;;;;;ACpGyC;;AAEzC,iEAAiE,OAAO;;AAExE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,cAAc,SAAS;AACvB,WAAW,GAAG;AACd,aAAa;AACb;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,UAAU,sDAAS;AACnB;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;;;;;;;;;;;;;;;;;;;AC7CsE;AACT;AACjB;;AAE5C;AACA,aAAa,QAAQ;AACrB,cAAc,SAAS;AACvB,cAAc,sDAAsD;AACpE;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,cAAc,SAAS;AACvB,WAAW,0CAA0C;AACrD,WAAW,gBAAgB;AAC3B,aAAa,GAAG;AAChB;AACO;AACP;AACA,WAAW,oEAAiB;AAC5B;AACA,MAAM,yDAAgB;AACtB,WAAW,8DAAc;AACzB;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,cAAc,SAAS;AACvB,WAAW,0CAA0C;AACrD,WAAW,gBAAgB;AAC3B,aAAa,YAAY;AACzB;AACO;AACP;AACA,WAAW,gEAAa;AACxB;AACA,MAAM,yDAAgB;AACtB,WAAW,0DAAU;AACrB;AACA;AACA;;;;;;;;;;;;;;;;;;;AC/DqD;;AAEc;;AAEnE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM,kEAAc;AACpB,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,MAAM,kEAAc;AACpB,KAAK;AACL;AACA,EAAE;AACF;AACA;;;;;;;;;;;;;;;;;;ACzBA;AACO;;AAEP;AACA;AACA;AACA;AACA,WAAW,SAAS;AACpB,aAAa,SAAS;AACtB;AACO;AACP;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA,KAAK;AACL;AACA,6BAA6B;AAC7B;;;;;;;;;;;;;;;;;;;;;;;;AC3BA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ,0BAA0B,IAAI,KAAK,IAAI;AACvC;AACA;AACA,cAAc,aAAa;AAC3B,WAAW,gDAAgD;AAC3D,aAAa,QAAQ;AACrB;AACO;AACP,sBAAsB,gBAAgB;AACtC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,aAAa;AACb;AACO;AACP;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,QAAQ;AACnB,aAAa,eAAe;AAC5B;AACO;AACP,aAAa,OAAO;AACpB;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa,eAAe;AAC5B;AACO;AACP,aAAa,OAAO;AACpB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,aAAa;AACxB,aAAa,eAAe;AAC5B;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,aAAa;AACxB,aAAa,eAAe;AAC5B;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,aAAa;AACxB,WAAW,QAAQ;AACnB,aAAa,sBAAsB;AACnC;AACO;AACP,aAAa,OAAO;AACpB;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,qBAAqB;AACjC;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,kCAAkC;AAC7C;AACA,WAAW,QAAQ;AACnB,aAAa,uCAAuC;AACpD;AACO,mDAAmD;AAC1D,UAAU,gCAAgC;;AAE1C,aAAa,OAAO;AACpB;;AAEA;AACA;AACA,6CAA6C,QAAQ,iCAAiC,QAAQ;AAC9F,KAAK;;AAEL;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA,WAAW;AACX;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA,GAAG;AACH;;;;;;;;;;;;;;;;;;;AClL0C;;AAEnC;;AAEP;AACA;AACA,iBAAiB,oDAAc;AAC/B;AACA;AACA;AACA;AACA;AACA;;AAEO;AACP;AACA;;AAEA;AACA;AACA;AACA,UAAU;AACV;AACO;AACP;AACA;AACA;AACA;AACA,CAAC;;;;;;;;;;;;;;;;;;;AC5BsD;;AAET;;AAE9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,KAAK,QAAQ,KAAK,MAAM;AACnC;AACA,wBAAwB,KAAK;AAC7B;AACA,WAAW,sBAAsB;AACjC,WAAW,aAAa;AACxB,aAAa;AACb;AACO;AACP,qBAAqB;AACrB,qBAAqB;;AAErB;AACA,WAAW,0DAAO;AAClB;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,+BAA+B;AAC/B;AACA;AACA,6BAA6B;AAC7B;AACA;AACA;AACA,MAAM;AACN;AACA,sBAAsB;AACtB;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA,SAAS,0DAAO;AAChB;;AAEO;AACP;AACA;AACA;AACA;;;;;;;;;;;;;;;;;;;;;;;ACjE0C;AACW;AACd;AACc;AACf;AACiC;;AAEvE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA,wBAAwB,uBAAuB;AAC/C;AACA,SAAS,+CAAU;AACnB;AACA,SAAS,+CAAU;AACnB;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,cAAc,SAAS;AACvB,WAAW,mBAAmB;AAC9B,WAAW,sDAAsD;AACjE,aAAa;AACb;AACO,8CAA8C;AACrD,kBAAkB,kEAAc;;AAEhC,EAAE,oDAAM;AACR,6BAA6B,oFAAyB;AACtD;AACA;;AAEA,0BAA0B,oDAAc;AACxC,sBAAsB,GAAG;AACzB;AACA;;AAEA,oBAAoB,GAAG;AACvB;;AAEA;AACA;AACA;AACA,cAAc,SAAS;AACvB,WAAW,mBAAmB;AAC9B,WAAW,sDAAsD;AACjE,aAAa;AACb;AACO,gDAAgD;AACvD,aAAa,GAAG;AAChB;AACA;AACA;AACA,QAAQ,kEAAc;;AAEtB;AACA;AACA,iBAAiB,KAAK;AACtB;AACA,UAAU,kEAAc;;AAExB;AACA;;AAEA;AACA;;;;;;;;;;;;;;;;;;;AC9E+D;AACA;AACzB;;AAEtC,cAAc,sDAAsD;;AAEpE;AACA,MAAM,mDAAU;AAChB;AACA;;AAEA,0BAA0B,uDAAc;AACxC,WAAW,iDAAI;AACf;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wCAAwC,6EAAmB,CAAC,mDAAU;AACtE;AACA;AACA,wBAAwB,cAAc;AACtC,kBAAkB,cAAc;AAChC;AACA;;AAEA;AACA;;AAEA,eAAe,mBAAmB;AAClC;;AAEA,eAAe,0CAA0C;AACzD;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA,WAAW,QAAQ;AACnB,aAAa;AACb;AACA;AACA,8CAA8C,QAAQ;;AAEtD;AACA;AACA;;AAEA;AACA;;AAEA;;AAEA;;AAEA;AACA;AACA;AACA,WAAW,0CAA0C;AACrD,WAAW,mBAAmB;AAC9B,aAAa;AACb;AACO;AACP;AACA,QAAQ,gBAAgB;AACxB;AACA,WAAW,eAAe;AAC1B;;AAEA;AACA,SAAS,iDAAI;AACb;;;;;;;;;;;;;;;;;;;;;ACnGgC;AACqB;AACA;AACR;;AAE7C;AACA;AACA;AACA;AACA,cAAc,SAAS;AACvB,WAAW,QAAQ;AACnB,WAAW,sDAAsD,WAAW;AAC5E,aAAa;AACb;AACO,iDAAiD;AACxD,qBAAqB,kEAAc;AACnC;AACA,oBAAoB,GAAG;AACvB;;AAEA;AACA;AACA;AACA;AACA,cAAc,SAAS;AACvB,WAAW,QAAQ;AACnB,WAAW,sDAAsD;AACjE,aAAa;AACb;AACO,mDAAmD;AAC1D;AACA;AACA,WAAW,0DAAU,CAAC,8CAAI;AAC1B;;AAEA;AACA,QAAQ,kEAAc;AACtB;AACA;AACA;;;;;;;;;;;ACvCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;ACZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,4EAAM;AACd,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA,uBAAuB,gBAAgB;AACvC;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,qBAAqB,YAAY;AACjC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,uBAAuB,SAAS;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;;;;;;;;;;ACjJA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;;AAE7B;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,iBAAiB;;AAEjB;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,EAAE;AACF;AACA;AACA,EAAE;AACF;AACA;AACA,EAAE,OAAO;AACT;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,YAAY,SAAS;AACrB;AACA,aAAa,SAAS;AACtB;AACA,aAAa,SAAS;;AAEtB,uBAAuB;AACvB;AACA;AACA;AACA;;AAEA;AACA;AACA,wBAAwB,QAAQ;AAChC;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,kBAAkB,eAAe,cAAc;;AAE/C;AACA;AACA;AACA;AACA;AACA,2BAA2B;AAC3B;AACA;AACA;AACA,SAAS,qBAAqB;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mDAAmD,UAAU;AAC7D;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA,qBAAqB,cAAc;AACnC;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,sBAAsB,eAAe,+BAA+B;;AAEpE;AACA,mBAAmB;;AAEnB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,wBAAwB,OAAO;AAC/B,sBAAsB,OAAO;AAC7B,sBAAsB,OAAO;AAC7B,sBAAsB,OAAO;AAC7B,sBAAsB,OAAO;AAC7B;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,oBAAoB,QAAQ;AAC5B,eAAe,QAAQ;AACvB;AACA;AACA;;AAEA;AACA;AACA,iBAAiB,YAAY;AAC7B;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,QAAQ;AAC5B;AACA;AACA;AACA,gBAAgB,QAAQ;AACxB;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,qBAAqB,SAAS;AAC9B;AACA;AACA;AACA;AACA,oBAAoB,YAAY;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa,SAAS;AACtB;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,aAAa,WAAW;AACxB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4CAA4C;AAC5C,gBAAgB,oBAAoB,sBAAsB,OAAO,cAAc;AAC/E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB;AAChB;AACA;AACA;AACA;AACA,gDAAgD;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iCAAiC;AACjC;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,sBAAsB;AACtB;AACA;AACA;AACA;AACA,sBAAsB;AACtB,sBAAsB;AACtB,yBAAyB,mBAAmB;AAC5C,uBAAuB,eAAe;;AAEtC;AACA;AACA;AACA;AACA;;AAEA,wCAAwC;AACxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB;AAChB,6BAA6B;AAC7B,+BAA+B;AAC/B,8CAA8C;AAC9C;AACA;AACA,oCAAoC;AACpC;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,iBAAiB,cAAc;AAC/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,mBAAmB;AAClD;AACA;AACA;AACA;AACA;;AAEA,sBAAsB;AACtB,0BAA0B,eAAe;;AAEzC,qBAAqB;AACrB,4BAA4B,mBAAmB;;AAE/C;AACA;AACA;AACA;AACA;;AAEA;AACA,uBAAuB;;AAEvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,WAAW,QAAQ;AAC9B;AACA;AACA;;AAEA;AACA;AACA;AACA,gDAAgD;AAChD;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;;AAEA;;AAEA;;AAEA;AACA,qBAAqB,eAAe,gBAAgB;;AAEpD;AACA;AACA;AACA;AACA;AACA,EAAE;AACF;AACA;AACA;AACA;;AAEA;AACA,yBAAyB;;AAEzB;AACA,0BAA0B;;AAE1B;AACA,2BAA2B;;AAE3B;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,cAAc;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C;AAC3C;AACA;AACA;AACA;AACA;AACA,EAAE;AACF;AACA;AACA;AACA;AACA,+BAA+B;AAC/B;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA,kBAAkB,cAAc;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,uBAAuB;AACvB,oBAAoB;AACpB,oBAAoB;;AAEpB;AACA;AACA;AACA,WAAW,OAAO;AAClB;AACA;AACA,YAAY,YAAY;AACxB;AACA,EAAE;AACF;AACA,YAAY,SAAS;AACrB;AACA;AACA;AACA;AACA;;AAEA;AACA,uBAAuB;AACvB,oBAAoB,eAAe,4BAA4B;;AAE/D;AACA,sBAAsB;AACtB,mBAAmB,eAAe,2BAA2B;;AAE7D;AACA,uBAAuB;AACvB,oBAAoB,eAAe,4BAA4B;;AAE/D;AACA,0BAA0B;AAC1B,uBAAuB,eAAe,+BAA+B;;AAErE;AACA;AACA;AACA,eAAe,YAAY;AAC3B;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,+BAA+B;AAC/B;AACA;;AAEA;AACA;AACA;AACA,+BAA+B;AAC/B;AACA;;AAEA;AACA;AACA;AACA;AACA,sBAAsB,UAAU;AAChC,oBAAoB,SAAS;AAC7B,mBAAmB,SAAS;AAC5B,iBAAiB,SAAS;AAC1B;AACA;AACA;;AAEA;AACA;AACA,eAAe,YAAY;AAC3B;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,gBAAgB,UAAU;AAC1B;AACA;;AAEA;AACA;AACA;AACA,eAAe,YAAY;AAC3B;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,uBAAuB;;AAEvB;AACA,yBAAyB;;AAEzB;AACA,wBAAwB;;AAExB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,EAAE;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,oBAAoB,eAAe,iBAAiB;;AAEpD;AACA,yBAAyB,eAAe,iBAAiB;;AAEzD;AACA,yBAAyB,eAAe,sBAAsB;;AAE9D;AACA,uBAAuB,eAAe,yBAAyB;;AAE/D;AACA,0BAA0B,eAAe,yBAAyB;;AAElE;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,mBAAmB;AACnB,yBAAyB;AACzB,uBAAuB;;AAEvB;AACA;AACA;AACA;;AAEA;AACA,oBAAoB;;AAEpB;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA,oBAAoB,OAAO;AAC3B,yBAAyB,OAAO;AAChC;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA,8BAA8B,SAAS;AACvC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,OAAO,eAAe,aAAa,gBAAgB;AACnD;;AAEA,4BAA4B;;AAE5B;AACA;AACA;AACA,uBAAuB,kBAAkB;AACzC;AACA;AACA;AACA;AACA;AACA;;AAEA,iBAAiB;AACjB,6BAA6B,eAAe;;AAE5C,iBAAiB;AACjB,+BAA+B,mBAAmB;;AAElD;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,qBAAqB,SAAS;AAC9B,oBAAoB,cAAc;AAClC,YAAY;AACZ;AACA;AACA,GAAG;AACH,kBAAkB,eAAe,eAAe;AAChD,4BAA4B,OAAO,OAAO,QAAQ;AAClD;AACA;;AAEA;AACA,kBAAkB,OAAO,QAAQ;AACjC,iBAAiB,eAAe;AAChC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,yBAAyB,WAAW,OAAO;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B,QAAQ;AACpC;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC,iBAAiB;AACvD;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,sCAAsC,iBAAiB;AACvD;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iCAAiC;AACjC,oCAAoC;AACpC;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA,YAAY,sBAAsB;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,OAAO;AACtB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,qBAAqB,cAAc;AACnC;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;AC/uCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;;AAE7B;AACA;;;;;;;;;;;ACVA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;;;;;;;;;;ACXA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,QAAQ;AACvB;AACA,gBAAgB,QAAQ;AACxB;AACA;AACA;AACA;;AAEA;AACA;AACA,qBAAqB,SAAS;AAC9B;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;;;;;;;;;;ACxDA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;;AAE7B;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,4CAA4C,yBAAyB;AACrE,2CAA2C;AAC3C,kCAAkC;AAClC,wCAAwC;AACxC,wCAAwC;AACxC,kCAAkC;AAClC,uCAAuC;AACvC,mCAAmC;AACnC,kCAAkC;AAClC;AACA,sCAAsC;AACtC,qCAAqC;AACrC,uCAAuC;AACvC,sCAAsC;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C;AAC3C,8CAA8C;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uCAAuC;AACvC;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;AClLA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,4EAAM;AACd,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,oFAAU;AAClB,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,oFAAU;AAClB,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,OAAO;AACP,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA,QAAQ,oCAAoC;AAC5C;AACA,mCAAmC;AACnC;AACA;AACA,6CAA6C,YAAY;AACzD,4CAA4C;AAC5C;AACA;AACA;AACA,QAAQ,sCAAsC;AAC9C;AACA,yCAAyC;AACzC;AACA;AACA;AACA;AACA,yCAAyC;AACzC,MAAM;AACN;AACA;AACA,+BAA+B,cAAc;AAC7C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,iBAAiB;AACjD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,6EAA6E;AAC7E;AACA;AACA;AACA;AACA;AACA,uEAAuE;AACvE;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8DAA8D;AAC9D;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA,mEAAmE;AACnE;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4DAA4D;AAC5D;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;AACA,IAAI;AACJ;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA,eAAe,qBAAqB;AACpC;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa,UAAU;AACvB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa,UAAU;AACvB;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA,iBAAiB,QAAQ;AACzB;AACA;AACA;AACA;AACA,uBAAuB,cAAc;AACrC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,eAAe,OAAO;AACtB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAe,OAAO;AACtB;AACA;AACA,8BAA8B,QAAQ;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8BAA8B,gBAAgB;AAC9C;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;AC9/BA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,4EAAM;AACd,mBAAO,CAAC,gFAAQ;;AAEhB;;AAEA;AACA;AACA,WAAW,mBAAO,CAAC,qBAAQ;AAC3B;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;;AAEA;;AAEA;AACA;AACA;AACA,oBAAoB,IAAI;;AAExB;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,mBAAmB,UAAU;AAC7B;AACA;AACA;AACA;AACA;;AAEA,mBAAmB,IAAI;AACvB,qBAAqB,QAAQ;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA,iBAAiB,IAAI;AACrB;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;;;;;;;;;;AClNA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,cAAc;AACd;AACA;AACA;AACA,cAAc;AACd;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,mBAAmB,wBAAwB;AAC3C;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,2BAA2B,mBAAmB;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,sBAAsB;AACtB;AACA,wBAAwB,oBAAoB;AAC5C;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,YAAY;AACZ;AACA;AACA;AACA,0BAA0B;AAC1B,UAAU;AACV;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;AACA;AACA,yBAAyB;AACzB,UAAU;AACV;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,iBAAiB,0BAA0B;AAC3C;AACA;AACA;;AAEA;AACA;AACA;AACA,iBAAiB,iBAAiB;AAClC;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;;;;;;;;;;AC5OA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,oFAAU;AAClB,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,iBAAiB,eAAe;AAChC;AACA;;AAEA;;AAEA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;;AAEA;AACA;;AAEA;AACA,iBAAiB,qBAAqB;AACtC;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,+BAA+B,eAAe;AAC9C;;AAEA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,WAAW;AAC5B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;ACnRA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB,MAAM;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8BAA8B,aAAa;AAC3C,4CAA4C,cAAc,OAAO;AACjE;AACA;AACA;AACA;AACA,4BAA4B,cAAc;AAC1C,yCAAyC,eAAe,QAAQ;AAChE,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,UAAU;AAC1C,6CAA6C,WAAW,QAAQ;AAChE;AACA;AACA,iCAAiC,4BAA4B;AAC7D;AACA;AACA,iCAAiC,yBAAyB;AAC1D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,0FAAa;AACrB,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,oFAAU;AAClB,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA,SAAS;AACT,OAAO;AACP;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,iBAAiB,yBAAyB;AAC1C,mBAAmB,qCAAqC;AACxD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,WAAW,QAAQ;AACnB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,QAAQ;AACR;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,uBAAuB;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,QAAQ;AACnB;AACA,WAAW,QAAQ;AACnB;AACA;AACA,8CAA8C;;AAE9C;AACA;AACA;AACA;AACA;AACA;;AAEA,iBAAiB,2BAA2B;AAC5C;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,WAAW,QAAQ;AACnB;AACA,WAAW,QAAQ;AACnB;AACA,YAAY,OAAO;AACnB;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,iBAAiB,+BAA+B;AAChD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;AACA,mBAAmB;;AAEnB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,YAAY;AACZ;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,mBAAmB,uBAAuB;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA,qBAAqB,2BAA2B;AAChD;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;;AAEA;AACA,iBAAiB,kBAAkB;AACnC;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;ACjjCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,0FAAa;AACrB,mBAAO,CAAC,oFAAU;AAClB,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,sEAAsE;AACtE;AACA;AACA;AACA;AACA;AACA,gEAAgE;AAChE;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mCAAmC,iBAAiB;AACpD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,uBAAuB,kBAAkB;AACzC;AACA;AACA;;AAEA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;;AAEA;AACA,qBAAqB,6BAA6B;AAClD;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA,UAAU;AACV,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA,4DAA4D;AAC5D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wCAAwC;AACxC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wCAAwC;AACxC;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB,oCAAoC;AAC3D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,YAAY;AACZ;AACA;;AAEA;AACA;AACA,YAAY;AACZ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA,KAAK;;AAEL;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA,mBAAmB,wBAAwB;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C;AAC3C;AACA,QAAQ;AACR,6CAA6C;AAC7C;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,wCAAwC;AACxC;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA,mBAAmB,wBAAwB;AAC3C;;AAEA;AACA;AACA;AACA;AACA;AACA,6BAA6B;AAC7B;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA,wBAAwB,4CAA4C;AACpE;AACA;AACA;AACA;AACA,YAAY;AACZ;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,qBAAqB,2BAA2B;AAChD;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA,uBAAuB,kBAAkB;AACzC;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA,UAAU;AACV,2DAA2D;AAC3D;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA,qBAAqB,2BAA2B;AAChD;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC,uBAAuB;AAChE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,kBAAkB;AACnC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,uBAAuB;AACxC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC,uBAAuB;AAChE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,mBAAmB,0CAA0C;AAC7D;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,4BAA4B;AAC7C;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,oBAAoB;AACrC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,qBAAqB,qCAAqC;AAC1D;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,qBAAqB,4BAA4B;AACjD;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;;;;;;;;;;AC3uCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yCAAyC;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;;;;;;;;;;ACzZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,oFAAU;AAClB,mBAAO,CAAC,oFAAU;AAClB,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mDAAmD;AACnD;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,mEAAmE;AACnE;AACA;AACA;AACA;AACA;AACA,6DAA6D;AAC7D;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,iBAAiB;AACjD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,iBAAiB;AACjD;;;;;;;;;;;ACrGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,oFAAU;;AAElB;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA,4BAA4B;;AAE5B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,iBAAiB;AACjB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,qBAAqB,cAAc;AACnC;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;;AAEJ;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA,mBAAmB,gBAAgB;AACnC;AACA;AACA;AACA;;AAEA;AACA,mBAAmB,gBAAgB;AACnC;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;;AAEA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,uBAAuB,oBAAoB;AAC3C;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA,OAAO;;AAEP;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,CAAC;;;;;;;;;;;;ACxSD;AACA;AACA;AACA,mDAAmD;AACnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;AACA,GAAG,OAAO;AACV,YAAY,mBAAO,CAAC,qBAAQ;AAC5B;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,iBAAiB,QAAQ;AACzB;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,SAAS;AACT;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA,mBAAmB,QAAQ;AAC3B;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yBAAyB,oBAAoB;AAC7C;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,uBAAuB,OAAO;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,WAAW;AAC9B;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,OAAO;AAC1B;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B,QAAQ,OAAO,iBAAiB;AAC1D;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA,gCAAgC,QAAQ,OAAO,yBAAyB;AACxE,WAAW;AACX;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;;;;;;;;;;AClaA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,oFAAU;AAClB,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,IAAI;AACJ;AACA,IAAI;AACJ;AACA;;AAEA;AACA;AACA;;AAEA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA,8DAA8D;AAC9D;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;;AAEA,iEAAiE;AACjE;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA,uCAAuC;AACvC;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA,eAAe,aAAa;AAC5B;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA,eAAe,aAAa;AAC5B;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,eAAe,cAAc;AAC7B;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;;;;;;;;;;AChPA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,oFAAU;AAClB,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;;AAEhB;;AAEA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA,KAAK;AACL;AACA;;AAEA;AACA;AACA;AACA,EAAE;AACF;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;;AAEA,CAAC;;AAED,CAAC;;;;;;;;;;;AC9LD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,aAAa,SAAS;AACtB;AACA;;AAEA;;AAEA,oBAAoB,QAAQ;AAC5B;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,aAAa,QAAQ;AACrB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,OAAO;AACxB;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,OAAO;AACxB;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,QAAQ;AACzB;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,QAAQ;AACzB;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa,OAAO;AACpB;AACA;AACA;;AAEA;AACA,eAAe,OAAO;AACtB;;AAEA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA,qBAAqB,mBAAmB;AACxC,uBAAuB,oBAAoB;AAC3C;AACA;AACA;;AAEA;AACA,eAAe,OAAO;AACtB;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY;AACZ;AACA;AACA;;AAEA;AACA;AACA,cAAc;AACd;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;ACzZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,kFAAS;AACjB,mBAAO,CAAC,kFAAS;AACjB,mBAAO,CAAC,oFAAU;AAClB,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;AACA;;AAEA,oCAAoC,mBAAO,CAAC,qBAAQ;;AAEpD;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;;AAEA;;AAEA;AACA;;AAEA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;;AAEA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qBAAqB,cAAc;AACnC;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA,8BAA8B;;AAE9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA,UAAU;AACV;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;;AAEA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA,WAAW;AACX,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB,SAAS;AACT;AACA;AACA;AACA,yCAAyC,IAAI;AAC7C,SAAS;AACT;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA,MAAM;AACN,gBAAgB,qBAAqB;AACrC,MAAM;AACN;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW;;AAEX;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;;AAEA;AACA;;AAEA;AACA,gBAAgB;AAChB,MAAM;AACN;AACA;AACA;AACA;AACA;AACA,MAAM;AACN,gBAAgB,qBAAqB;AACrC,MAAM;AACN;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA,gBAAgB;AAChB;AACA,MAAM;AACN,gBAAgB,oBAAoB;AACpC;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;;AAEA;AACA,6CAA6C;AAC7C,yBAAyB;AACzB;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,YAAY;AAC/B;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA,qBAAqB,YAAY;AACjC;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,mBAAmB,YAAY;AAC/B;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,iBAAiB,kBAAkB;AACnC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,oDAAoD;AACpD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;;;;;;;;;;AC55DA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,4EAAM;AACd,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,mBAAmB,YAAY;AAC/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,iDAAiD,QAAQ;AACzD;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA,6DAA6D;AAC7D;AACA;AACA;AACA,mBAAmB,qCAAqC;AACxD;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,eAAe,QAAQ;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU,QAAQ;AAClB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU,QAAQ;AAClB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU,QAAQ;AAClB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU,QAAQ;AAClB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU,QAAQ;AAClB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;;;;;;;;;;AC9TA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,4EAAM;AACd,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,mBAAmB,YAAY;AAC/B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,iDAAiD,QAAQ;AACzD;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA,6DAA6D;AAC7D;AACA;AACA;AACA,mBAAmB,qCAAqC;AACxD;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,QAAQ;AACvB;AACA;AACA,UAAU,QAAQ;AAClB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,eAAe,QAAQ;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;ACtUA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,4EAAM;AACd,mBAAO,CAAC,gFAAQ;;AAEhB;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA,kBAAkB,SAAS;AAC3B;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,mBAAmB,YAAY;AAC/B;AACA;AACA;AACA;AACA,mBAAmB,mBAAmB;AACtC;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,iDAAiD,QAAQ;AACzD;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA,6DAA6D;AAC7D;AACA;AACA;AACA,mBAAmB,qCAAqC;AACxD;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,mBAAmB,eAAe;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA,MAAM;AACN;AACA;AACA,mBAAmB,UAAU;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,QAAQ;AACvB;AACA;AACA;AACA,UAAU,QAAQ;AAClB;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,2BAA2B;AAC3B;AACA;AACA;AACA;AACA,0CAA0C;;AAE1C;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,2BAA2B;AAC3B;AACA;AACA;AACA;AACA,0CAA0C;;AAE1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,eAAe,QAAQ;AACvB;AACA;AACA;AACA;AACA,8CAA8C;AAC9C;AACA;AACA;AACA,8CAA8C;;AAE9C;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,8CAA8C;AAC9C;AACA;AACA;AACA,8CAA8C;;AAE9C;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;;;;;;;;;;;AChjBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,YAAY,mBAAO,CAAC,kFAAS;;AAE7B;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,YAAY,OAAO,oBAAoB,OAAO,cAAc,OAAO;AACnE,oBAAoB,OAAO;AAC3B;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,qCAAqC;AACrC;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK,gBAAgB,iBAAiB;AACtC;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,CAAC;;AAED;AACA;AACA,SAAS,OAAO,oBAAoB,OAAO,aAAa,OAAO;;;AAG/D;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,qBAAM;AACjB;;AAEA;AACA,CAAC;;AAED;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA,IAAI;AACJ;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR,uBAAuB,gBAAgB;AACvC;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,8BAA8B;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yBAAyB,sBAAsB;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,OAAO;AACxB;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yBAAyB,0BAA0B;AACnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,OAAO;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,gBAAgB;AACxB;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,SAAS;AACT,SAAS;AACT,YAAY;AACZ,YAAY;AACZ;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,kEAAkE;AAClE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,gBAAgB;AACjC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,kEAAkE;AAClE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,gBAAgB;AACxB;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,kEAAkE;AAClE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,UAAU;AACV;AACA;;AAEA;AACA;AACA;AACA;AACA,kEAAkE;AAClE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,gBAAgB;AACjC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,kEAAkE;AAClE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,gBAAgB;AACjC;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,EAAE;AAC/B;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA,IAAI;AACJ;AACA,IAAI;AACJ;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,eAAe;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA,iBAAiB,OAAO;AACxB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,kBAAkB;AACnC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,kBAAkB;AACnC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yBAAyB,qBAAqB;AAC9C,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B,eAAe;AACzC,OAAO;AACP,KAAK;AACL,WAAW,+BAA+B;;AAE1C;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;;AAEA;AACA;AACA;AACA,mBAAmB,gBAAgB;AACnC;AACA;AACA;AACA;AACA,yBAAyB,gBAAgB;AACzC;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA,mBAAmB,gBAAgB;AACnC;AACA;AACA;;AAEA;AACA;AACA;AACA,mBAAmB,gBAAgB;AACnC;AACA;AACA,qBAAqB,gBAAgB;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;;;;;;;;;;;AC3lFA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,QAAQ;AACrC;AACA,0CAA0C,mBAAmB;AAC7D,oCAAoC;AACpC;AACA;AACA,gBAAgB,kBAAkB,uBAAuB;AACzD;AACA;AACA;AACA;AACA,eAAe,kBAAkB;AACjC,2BAA2B,MAAM;AACjC,iDAAiD,OAAO,MAAM;AAC9D;AACA;AACA;AACA;AACA,8CAA8C,sBAAsB;AACpE;AACA;AACA;AACA,YAAY,mBAAO,CAAC,kFAAS;AAC7B,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,4EAAM;AACd,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,gFAAQ;AAChB,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,8EAAO;AACf,mBAAO,CAAC,gFAAQ;;AAEhB;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;AACL;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,OAAO;AACP,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;AACL,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,kBAAkB,uBAAuB;AACzC;AACA;;AAEA;AACA;AACA;AACA,mBAAmB,sBAAsB;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,kBAAkB,wBAAwB;AAC1C;AACA;;AAEA;AACA;AACA;AACA;AACA,oBAAoB,oBAAoB;AACxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,uBAAuB;AAC/C;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe;AACf;;AAEA;AACA;AACA,iBAAiB,4CAA4C;AAC7D;AACA;AACA;AACA,MAAM;AACN;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;AACA;AACA;AACA,OAAO;AACP;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,+CAA+C;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA,+CAA+C;AAC/C;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,iBAAiB;AACjD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,kEAAkE;AAClE;AACA;AACA;AACA;AACA;AACA,4DAA4D;AAC5D;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,iBAAiB;AACjD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,iBAAiB;AACjD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B,EAAE;AAC5B;AACA;AACA,IAAI;AACJ;AACA,IAAI;AACJ;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,6EAA6E;AAC7E;AACA;AACA;AACA;AACA;AACA,uEAAuE;AACvE;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,iBAAiB;AACjD;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,iBAAiB;AACpC,4CAA4C,WAAW;AACvD;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB;;AAEA;AACA;AACA,mBAAmB,6CAA6C;AAChE;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,sBAAsB;AACtB;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;;AAEP;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,OAAO;AACP;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA,qBAAqB,iCAAiC;AACtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,wDAAwD,qBAAqB;AAC7E;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,4BAA4B;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oEAAoE;AACpE;AACA;AACA;AACA,oEAAoE;AACpE;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mDAAmD;AACnD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uCAAuC,SAAS;AAChD,uCAAuC;AACvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,uBAAuB;AACxC;AACA;AACA,oBAAoB,0BAA0B;AAC9C;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA,sBAAsB,sBAAsB;AAC5C;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,qBAAqB,qBAAqB;AAC1C;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO;;AAEP;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,OAAO;AACP;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,iBAAiB,kBAAkB;AACnC;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,kBAAkB;AACnC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,kBAAkB;AACnC;;AAEA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,6BAA6B;AACrD;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA,mBAAmB,uBAAuB;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,mBAAmB,uBAAuB;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA,WAAW,QAAQ;AACnB;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA,iBAAiB,kBAAkB;AACnC;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA,iBAAiB,iBAAiB;AAClC;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA,wCAAwC;AACxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,kBAAkB;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV,yBAAyB,kBAAkB;AAC3C;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,mBAAmB,kBAAkB;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,mBAAmB,kBAAkB;AACrC;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA,sBAAsB,YAAY;AAClC;;AAEA;;AAEA,0DAA0D;;AAE1D,sBAAsB,UAAU;AAChC;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,eAAe;AACf;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uDAAuD;AACvD;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY;AACZ;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qBAAqB,8CAA8C;AACnE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB;AACxB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA,IAAI;;AAEJ;AACA;;;;;;;;;;;;ACzqGa;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,uCAAsC;AACtC;AACA;AACA;AACA;AACA,CAAC,EAAC;AACF,yCAAwC;AACxC;AACA;AACA;AACA;AACA,CAAC,EAAC;AACF,6CAA4C;AAC5C;AACA;AACA;AACA;AACA,CAAC,EAAC;AACF,sCAAqC;AACrC;AACA;AACA;AACA;AACA,CAAC,EAAC;AACF,sCAAqC;AACrC;AACA;AACA;AACA;AACA,CAAC,EAAC;AACF,sCAAqC;AACrC;AACA;AACA;AACA;AACA,CAAC,EAAC;AACF,sCAAqC;AACrC;AACA;AACA;AACA;AACA,CAAC,EAAC;AACF,4CAA2C;AAC3C;AACA;AACA;AACA;AACA,CAAC,EAAC;AACF,2CAA0C;AAC1C;AACA;AACA;AACA;AACA,CAAC,EAAC;;AAEF,gCAAgC,mBAAO,CAAC,2FAAS;;AAEjD,iCAAiC,mBAAO,CAAC,2FAAS;;AAElD,iCAAiC,mBAAO,CAAC,2FAAS;;AAElD,iCAAiC,mBAAO,CAAC,2FAAS;;AAElD,kCAAkC,mBAAO,CAAC,6FAAU;;AAEpD,sCAAsC,mBAAO,CAAC,qGAAc;;AAE5D,uCAAuC,mBAAO,CAAC,uGAAe;;AAE9D,wCAAwC,mBAAO,CAAC,yGAAgB;;AAEhE,oCAAoC,mBAAO,CAAC,iGAAY;;AAExD,uCAAuC,uCAAuC;;;;;;;;;;;AC9EjE;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;;AAEf;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qDAAqD;;AAErD;;AAEA,oBAAoB,gBAAgB;AACpC;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;;AAGA;AACA;AACA;AACA;;AAEA,kBAAkB,cAAc;AAChC;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;;AAGA;AACA;AACA;AACA;AACA;AACA;;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,kBAAkB,cAAc;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;;AAGA;AACA;AACA;AACA;;AAEA;AACA;;AAEA,kBAAkB,aAAa;AAC/B;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AAGA;AACA;AACA;AACA;AACA;AACA;;;AAGA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA,kBAAe;;;;;;;;;;;AC9NF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;AACf;AACA;AACA;AACA;AACA,kBAAe;;;;;;;;;;;ACVF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;AACf;AACA,kBAAe;;;;;;;;;;;ACPF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;;AAEf,uCAAuC,mBAAO,CAAC,uGAAe;;AAE9D,uCAAuC,uCAAuC;;AAE9E;AACA;AACA;AACA;;AAEA;AACA,kCAAkC;;AAElC;AACA;AACA;AACA,qBAAqB;;AAErB;AACA,qBAAqB;;AAErB;AACA,qBAAqB;;AAErB;AACA,qBAAqB;AACrB;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,kBAAe;;;;;;;;;;;AC5CF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;AACf,6BAA6B,EAAE,UAAU,EAAE,eAAe,EAAE,gBAAgB,EAAE,UAAU,GAAG;AAC3F,kBAAe;;;;;;;;;;;ACPF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;AACf;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;;;;;;;;;;ACxBa;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;;AAEf;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA,qDAAqD;;AAErD;;AAEA,oBAAoB,gBAAgB;AACpC;AACA;AACA,IAAI;AACJ;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA,kBAAkB,OAAO;AACzB;;AAEA,oBAAoB,QAAQ;AAC5B;AACA;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA,kBAAkB,OAAO;AACzB;;AAEA,oBAAoB,QAAQ;AAC5B;AACA;;AAEA,qBAAqB,QAAQ;AAC7B;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA,oBAAoB,QAAQ;AAC5B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA,kBAAe;;;;;;;;;;;ACvGF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;AACf,uBAAuB;;AAEvB,uCAAuC,mBAAO,CAAC,uGAAe;;AAE9D,uCAAuC,uCAAuC;;AAE9E;AACA;AACA;AACA;AACA;;AAEA,gBAAgB,SAAS;AACzB;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA,6CAA6C;AAC7C;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA,kBAAe;;;;;;;;;;;AC3CF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;;AAEf,kCAAkC,mBAAO,CAAC,6FAAU;;AAEpD,iBAAiB,mBAAO,CAAC,yGAAgB;;AAEzC,uCAAuC,uCAAuC;;AAE9E;AACA;AACA;AACA;AACA;;AAEA,eAAe;;;AAGf;AACA,oBAAoB;;AAEpB;AACA;AACA;AACA;AACA;AACA,gFAAgF;AAChF;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;;;AAGA,wEAAwE;AACxE;;AAEA,4EAA4E;;AAE5E,gEAAgE;;AAEhE;AACA;AACA,IAAI;AACJ;;;AAGA;AACA;AACA,IAAI;;;AAGJ;AACA;AACA;;AAEA;AACA;AACA,wBAAwB;;AAExB,2BAA2B;;AAE3B;AACA;AACA;AACA;AACA,sBAAsB;;AAEtB;AACA;AACA,uBAAuB;;AAEvB,oCAAoC;;AAEpC,8BAA8B;;AAE9B,kCAAkC;;AAElC,4BAA4B;;AAE5B,kBAAkB,OAAO;AACzB;AACA;;AAEA;AACA;;AAEA;AACA,kBAAe;;;;;;;;;;;AC1GF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;;AAEf,gCAAgC,mBAAO,CAAC,6FAAU;;AAElD,iCAAiC,mBAAO,CAAC,6FAAU;;AAEnD,uCAAuC,uCAAuC;;AAE9E;AACA;AACA,kBAAe;;;;;;;;;;;ACfF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,WAAW,GAAG,WAAW;AACzB,kBAAe;;AAEf,iBAAiB,mBAAO,CAAC,yGAAgB;;AAEzC,oCAAoC,mBAAO,CAAC,iGAAY;;AAExD,uCAAuC,uCAAuC;;AAE9E;AACA,2CAA2C;;AAE3C;;AAEA,kBAAkB,gBAAgB;AAClC;AACA;;AAEA;AACA;;AAEA;AACA,WAAW;AACX;AACA,WAAW;;AAEX;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA,MAAM;AACN;AACA;;;AAGA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA,sBAAsB,QAAQ;AAC9B;AACA;;AAEA;AACA;;AAEA;AACA,IAAI;;;AAGJ;AACA,8BAA8B;AAC9B,IAAI,eAAe;;;AAGnB;AACA;AACA;AACA;;;;;;;;;;;AC/Ea;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;;AAEf,qCAAqC,mBAAO,CAAC,mGAAa;;AAE1D,kCAAkC,mBAAO,CAAC,6FAAU;;AAEpD,iBAAiB,mBAAO,CAAC,yGAAgB;;AAEzC,uCAAuC,uCAAuC;;AAE9E;AACA;AACA;AACA;;AAEA;;AAEA,kEAAkE;;;AAGlE;AACA,mCAAmC;;AAEnC;AACA;;AAEA,oBAAoB,QAAQ;AAC5B;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA,kBAAe;;;;;;;;;;;AC1CF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;;AAEf,gCAAgC,mBAAO,CAAC,6FAAU;;AAElD,kCAAkC,mBAAO,CAAC,+FAAW;;AAErD,uCAAuC,uCAAuC;;AAE9E;AACA;AACA,kBAAe;;;;;;;;;;;ACfF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;;AAEf,oCAAoC,mBAAO,CAAC,iGAAY;;AAExD,uCAAuC,uCAAuC;;AAE9E;AACA;AACA;;AAEA;AACA,kBAAe;;;;;;;;;;;AChBF;;AAEb,8CAA6C;AAC7C;AACA,CAAC,EAAC;AACF,kBAAe;;AAEf,uCAAuC,mBAAO,CAAC,uGAAe;;AAE9D,uCAAuC,uCAAuC;;AAE9E;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA,kBAAe;;;;;;;;;;;;ACpBf;AACA;AACA;AACA;AACA;AACA,CAAc;;AAEd,WAAW,mBAAO,CAAC,4DAAW;AAC9B,WAAW,mBAAO,CAAC,mEAAM;;AAEzB;AACA,aAAa,mBAAO,CAAC,iEAAa;AAClC;;AAEA;AACA;AACA,qBAAqB;AACrB;;AAEA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;AACA,sBAAsB,oBAAoB;AAC1C;AACA;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;AACA,sBAAsB,oBAAoB;AAC1C;AACA;AACA;AACA,KAAK;AACL;AACA,GAAG;;AAEH;AACA;AACA;AACA;AACA,GAAG;AACH;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,GAAG;AACH;AACA;;AAEA;AACA;AACA;AACA,WAAW,OAAO;AAClB;AACA;;AAEA;AACA,YAAY,OAAO;AACnB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;;AAEA;;;;;;;;;;;;ACxHA;AACA;AACA;AACA;AACA;AACA,CAAc;;AAEd;AACA,aAAa,mBAAO,CAAC,iEAAa;AAClC,WAAW,mBAAO,CAAC,6DAAW;AAC9B,WAAW,mBAAO,CAAC,6DAAW;AAC9B,YAAY,mBAAO,CAAC,+DAAY;AAChC;;;;;;;;;;;;;ACZA;AACA;AACA;AACA;AACA;AACA,CAAc;;AAEd,gBAAgB,mBAAO,CAAC,sEAAkB;AAC1C,WAAW,mBAAO,CAAC,4DAAW;;AAE9B;AACA,2BAA2B;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;;AAEH;AACA,sBAAsB,uBAAuB;AAC7C;AACA,GAAG;AACH;AACA,sBAAsB,8BAA8B;AACpD;AACA,GAAG;AACH;AACA,sBAAsB,0BAA0B;AAChD;AACA,GAAG;AACH;AACA,sBAAsB,4BAA4B;AAClD;AACA,GAAG;AACH;AACA,sBAAsB,qCAAqC;AAC3D;AACA,GAAG;AACH;AACA,sBAAsB,yCAAyC;AAC/D;AACA,GAAG;AACH;AACA,sBAAsB,mCAAmC;AACzD;AACA,GAAG;AACH;AACA,sBAAsB,+BAA+B;AACrD;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA,WAAW,OAAO;AAClB;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;;AAEH;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;;;;;;;;;;;;AC3FA;AACA;AACA;AACA;AACA;AACA,CAAc;;AAEd,YAAY,mBAAO,CAAC,8DAAc;AAClC,WAAW,mBAAO,CAAC,4DAAW;;AAE9B;AACA;AACA;;AAEA;AACA,sBAAsB,iBAAiB;AACvC,uBAAuB,4BAA4B;AACnD;AACA,GAAG;AACH;AACA,sBAAsB,cAAc;AACpC;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA,GAAG;;AAEH;AACA,sBAAsB,8BAA8B;AACpD;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;AACA,sBAAsB,wBAAwB;AAC9C;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;AACA,sBAAsB,2BAA2B;AACjD;AACA;AACA;AACA,QAAQ;AACR;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;;AAEA;;;;;;;;;;;;;ACpHA;AACA;AACA;AACA;AACA;AACA,CAAc;;AAEd,YAAY,mBAAO,CAAC,8DAAc;AAClC,WAAW,mBAAO,CAAC,4DAAW;;AAE9B;AACA;AACA;;AAEA;AACA,sBAAsB,iBAAiB;AACvC;AACA;AACA;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;AACA,sBAAsB,cAAc;AACpC,uBAAuB,+BAA+B;AACtD;AACA,GAAG;;AAEH;AACA,sBAAsB,0BAA0B;AAChD;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;AACA,sBAAsB,2BAA2B;AACjD,uBAAuB,gCAAgC;AACvD;AACA,GAAG;AACH;AACA,sBAAsB,8BAA8B;AACpD,wBAAwB,oCAAoC;AAC5D;AACA,GAAG;AACH;;AAEA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,gBAAgB,OAAO;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,OAAO;AACtB;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA,GAAG;AACH;AACA;;AAEA;;;;;;;;;;;;AC/FA;;AAEA,aAAa,qBAAM,WAAW,qBAAM,WAAW;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB,QAAQ;AAC/B;AACA;AACA;;AAEA;AACA;AACA;;AAEA;;;;;;;;;;;;AC9BA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,WAAW,mBAAO,CAAC,2EAAO;;AAE1B;AACA;AACA;AACA,gBAAgB,SAAS;AACzB;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA,oCAAoC,EAAE;AACtC,mBAAmB;AACnB;AACA;AACA,GAAG;;AAEH;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;;AAEA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;;AAEA;AACA,oCAAoC;AACpC;;AAEA;AACA;;AAEA;AACA;;AAEA;AACA;AACA,kBAAkB,OAAO;AACzB;AACA;;AAEA;AACA;;AAEA;;AAEA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;;AAEA;AACA;AACA;;AAEA;AACA;AACA,qBAAqB,SAAS;AAC9B;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;;;;;;;;;;;;;ACtLA;AACA;AACA;AACA;AACA;AACA,CAAc;;AAEd,YAAY,mBAAO,CAAC,8DAAc;AAClC,WAAW,mBAAO,CAAC,4DAAW;;AAE9B;AACA;AACA;;AAEA;AACA;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;AACA;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;AACA;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;AACA;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;AACA;AACA;AACA,KAAK;AACL;AACA;AACA,KAAK;AACL;AACA,GAAG;AACH;AACA;AACA;AACA,KAAK;AACL;AACA,GAAG;;AAEH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW;AACX;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,OAAO;;AAEP;AACA;AACA,GAAG;;AAEH;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,cAAc;AACd;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,gBAAgB;AAChB;AACA,GAAG;AACH;;AAEA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,KAAK;;AAEL;AACA,GAAG;AACH;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA,KAAK;;AAEL;AACA,GAAG;AACH;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,OAAO;AACP,MAAM;AACN,gBAAgB,OAAO;AACvB;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,KAAK;;AAEL;AACA;AACA;;AAEA;;;;;;;;;;;AC/MA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA,gCAAgC;AAChC;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qCAAqC,EAAE;AACvC;AACA,yDAAyD;AACzD;AACA;AACA;AACA,2GAA2G,EAAE;AAC7G;AACA;AACA;AACA;;AAEA,kBAAkB,mBAAO,CAAC,6BAAgB;AAC1C;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,wCAAwC;AACxC;AACA;AACA;;AAEA;;AAEA;AACA;AACA,MAAM;AACN;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA,uDAAuD;AACvD;AACA;AACA,kGAAkG,gCAAgC;AAClI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,kBAAkB;AAC1C;AACA;AACA;AACA,uDAAuD;AACvD;AACA;AACA;AACA;AACA,gCAAgC;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,uGAAuG;AAC7H;AACA,kCAAkC;AAClC,kBAAkB,uDAAuD;AACzE;AACA;AACA;AACA,sCAAsC,yBAAyB;AAC/D,UAAU;AACV;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kBAAkB,iBAAiB;AACnC;AACA;AACA;AACA,mBAAmB,qBAAM,4BAA4B,qBAAM;AAC3D;AACA,kBAAkB,qBAAqB;AACvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+BAA+B,gBAAgB;AAC/C;AACA,2BAA2B,iCAAiC;AAC5D;AACA,wBAAwB,8BAA8B;AACtD;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;;AAEA;AACA,iDAAiD;AACjD;;AAEA,wBAAwB;AACxB,uBAAuB;AACvB,yBAAyB;AACzB,wBAAwB;AACxB,yBAAyB;AACzB,yBAAyB;AACzB,0BAA0B;;AAE1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;;AAEA,iEAAiE;AACjE;AACA;AACA;;AAEA;AACA;AACA;;AAEA;AACA,kBAAkB;AAClB;AACA,aAAa;AACb;AACA;;AAEA;AACA,sBAAsB;AACtB,mCAAmC,OAAO;AAC1C,2BAA2B;AAC3B;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA,iCAAiC;AACjC,MAAM;AACN;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA,qCAAqC;AACrC,MAAM;AACN;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA,iCAAiC;AACjC,MAAM;AACN;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,UAAU;AACV;AACA;AACA,qCAAqC;AACrC,MAAM;AACN;AACA;;AAEA;AACA,uCAAuC;AACvC;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL,aAAa;AACb;AACA;;AAEA;AACA;AACA;;AAEA;AACA,sBAAsB,GAAG;AACzB;;AAEA;AACA;AACA,oCAAoC,sBAAsB;AAC1D;;AAEA;AACA,oBAAoB,eAAe;AACnC;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA,MAAM;AACN;AACA,MAAM;AACN;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA,2BAA2B;AAC3B;AACA;AACA;;AAEA;AACA;AACA;AACA;AACA;AACA,wBAAwB,gBAAgB;AACxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,iBAAiB;AACzC;AACA;AACA;;AAEA,2BAA2B;AAC3B,8BAA8B,YAAY;AAC1C,wEAAwE,YAAY;AACpF;AACA;AACA,sBAAsB;AACtB,UAAU;AACV;AACA,UAAU;AACV;AACA;AACA;AACA;AACA,wBAAwB,iBAAiB;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;;;;;;AC5hBA;;AAEA;AACA;AACA,WAAW,UAAU;AACrB,WAAW,QAAQ;AACnB,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;AAEA;AACA;AACA,WAAW,UAAU;AACrB,aAAa,mBAAmB;AAChC;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;;;;;;;;;ACjCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2FAA2F,MAAM;AACjG;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;;;;;;;;;;;;;;;;;;;;;;;AC7EA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,iBAAiB;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6CAA6C,cAAc;AAC3D;AACA,eAAe;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,0BAA0B;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,eAAe;AAChC;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP,sBAAsB,oGAAoG;AAC1H;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA,mEAAmE,KAAK;AACxE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;AACD;AACA,yCAAyC,cAAc;AACvD;AACA,WAAW;AACX;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB,cAAc;AACrC;AACA;AACA;AACA;AACA;AACA,oBAAoB,cAAc;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA,4CAA4C,oBAAoB,SAAS,oBAAoB;AAC7F;AACA,yDAAyD,SAAS;AAClE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;;;;;;;;ACzZA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,KAAK;AACL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8DAA8D;AAC9D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2CAA2C,eAAe;AAC1D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+DAA+D,KAAK;AACpE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB;AAChB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,OAAO;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qBAAqB;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,aAAa;AACjC,wBAAwB,KAAK;AAC7B,iBAAiB,SAAS;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,SAAS;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;ACtrBA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,kBAAkB;AAC7B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,WAAW;AACxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACsD;AACM;AAClB;AACqC;AAC3C;AACgD;AACV;AACzC;AACjC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,yBAAyB,qEAAe;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,+CAA+C,wEAA2B;AAC1E;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB,0DAAS;AAChC;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,0BAA0B;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,wEAA2B;AAC5C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2DAA2D,+CAA+C;AAC1G;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,gEAAM;AAC1B;AACA,iCAAiC;AACjC","sources":["webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/index.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/node_modules/@open-wc/scoped-elements/src/Cache.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/node_modules/@open-wc/scoped-elements/src/ScopedElementsMixin.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/node_modules/@open-wc/scoped-elements/src/createUniqueTag.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/node_modules/@open-wc/scoped-elements/src/globalTagsCache.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/node_modules/@open-wc/scoped-elements/src/registerElement.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/node_modules/@open-wc/scoped-elements/src/shadyTemplateFactory.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/node_modules/@open-wc/scoped-elements/src/transform.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/src/elementUpdated.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/src/fixture-no-side-effect.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/src/fixture.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/src/fixtureWrapper.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/src/helpers.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/src/lib.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/src/lit-html.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/src/litFixture.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/src/scopedElementsWrapper.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/src/stringFixture.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/forge.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/hmac.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/jsbn.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/md.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/mgf.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/mgf1.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/oids.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/pbe.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/pbkdf2.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/pem.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/pkcs1.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/pkcs12.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/pkcs7.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/pkcs7asn1.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/pki.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/prime.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/prng.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/pss.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/random.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/rc2.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/rsa.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/sha1.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/sha256.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/sha512.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/util.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/node-forge/lib/x509.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/index.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/md5.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/native.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/nil.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/parse.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/regex.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/rng.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/sha1.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/stringify.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/v1.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/v3.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/v35.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/v4.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/v5.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/validate.js","webpack://@agentx/agentx/../../node_modules/node-jose/node_modules/uuid/dist/commonjs-browser/version.js","webpack://@agentx/agentx/../../node_modules/node-kms/lib/context.js","webpack://@agentx/agentx/../../node_modules/node-kms/lib/index.js","webpack://@agentx/agentx/../../node_modules/node-kms/lib/keyobject.js","webpack://@agentx/agentx/../../node_modules/node-kms/lib/request.js","webpack://@agentx/agentx/../../node_modules/node-kms/lib/response.js","webpack://@agentx/agentx/../../node_modules/node-kms/node_modules/uuid/rng-browser.js","webpack://@agentx/agentx/../../node_modules/node-kms/node_modules/uuid/uuid.js","webpack://@agentx/agentx/../../node_modules/node-scr/lib/index.js","webpack://@agentx/agentx/../../node_modules/object-inspect/index.js","webpack://@agentx/agentx/../../node_modules/@open-wc/dedupe-mixin/src/dedupeMixin.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/node_modules/lit-element/lib/css-tag.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/node_modules/lit-element/lib/decorators.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/node_modules/lit-element/lib/updating-element.js","webpack://@agentx/agentx/../../node_modules/@open-wc/testing-helpers/node_modules/lit-element/lit-element.js"],"sourcesContent":["export { elementUpdated } from './src/elementUpdated.js';\nexport { fixture, fixtureSync } from './src/fixture.js';\nexport { cachedWrappers, fixtureCleanup, fixtureWrapper } from './src/fixtureWrapper.js';\nexport {\n  aTimeout,\n  defineCE,\n  isIE,\n  nextFrame,\n  oneEvent,\n  triggerBlurFor,\n  triggerFocusFor,\n  waitUntil,\n} from './src/helpers.js';\nexport { html, unsafeStatic } from './src/lit-html.js';\nexport { litFixture, litFixtureSync } from './src/litFixture.js';\nexport { stringFixture, stringFixtureSync } from './src/stringFixture.js';\n","/**\n * Cache class that allows to search in a cache hierarchy.\n * @template T, Q\n */\nexport class Cache {\n  /**\n   * Creates a Cache instance\n   * @param {Cache} [parent]\n   */\n  constructor(parent) {\n    this._parent = parent;\n    this._cache = new Map();\n  }\n\n  /**\n   * Returns a boolean indicating whether an element with the specified key exists or not.\n   *\n   * @param {T} key - The key of the element to test for presence in the Cache object.\n   * @return {boolean}\n   */\n  has(key) {\n    return !!(this._cache.has(key) || (this._parent && this._parent._cache.has(key)));\n  }\n\n  /**\n   * Adds or updates an element with a specified key and a value to a Cache object.\n   *\n   * @param {T} key - The key of the element to add to the Cache object.\n   * @param {Q} value - The value of the element to add to the Cache object.\n   * @return {Cache<T, Q>} the cache object\n   */\n  set(key, value) {\n    this._cache.set(key, value);\n\n    return this;\n  }\n\n  /**\n   * Returns a specified element from a Map object. If the value that is associated to the provided key is an\n   * object, then you will get a reference to that object and any change made to that object will effectively modify\n   * it inside the Map object.\n   *\n   * @param {T} key - The key of the element to return from the Cache object.\n   * @return {Q}\n   */\n  get(key) {\n    return this._cache.get(key) || (this._parent && this._parent._cache.get(key));\n  }\n}\n","/* eslint-disable no-use-before-define */\nimport { TemplateResult, SVGTemplateResult } from 'lit-html';\nimport { dedupeMixin } from '@open-wc/dedupe-mixin';\nimport { Cache } from './Cache.js';\nimport { transform } from './transform.js';\nimport { defineScopedElement, registerElement } from './registerElement.js';\nimport { shadyTemplateFactory } from './shadyTemplateFactory.js';\n\n/**\n * @typedef {import('./types').ScopedElementsMixin} ScopedElementsMixin\n * @typedef {import('./types').ScopedElementsMap} ScopedElementsMap\n * @typedef {import(\"lit-element\").LitElement} LitElement\n * @typedef {import('lit-html/lib/shady-render').ShadyRenderOptions} ShadyRenderOptions\n * @typedef {function(TemplateResult, Element|DocumentFragment|ShadowRoot, ShadyRenderOptions): void} RenderFunction\n */\n\n/**\n * Template caches\n *\n * @type {WeakMap<Function, Cache<TemplateStringsArray, TemplateStringsArray>>}\n */\nconst templateCaches = new WeakMap();\n\n/**\n * Retrieves or creates a templateCache for a specific key\n *\n * @param {Function} key\n * @returns {Cache<TemplateStringsArray, TemplateStringsArray>}\n */\nconst getTemplateCache = key => {\n  if (!templateCaches.has(key)) {\n    // @ts-ignore\n    templateCaches.set(key, new Cache(templateCaches.get(key.constructor)));\n  }\n\n  return templateCaches.get(key);\n};\n\n/**\n * Tags caches\n *\n * @type {WeakMap<object, Cache<string, string>>}\n */\nconst tagsCaches = new WeakMap();\n\n/**\n * Retrieves or creates a tagsCache for a specific key\n * @param {object} key\n * @returns {Cache<string, string>}\n */\nconst getTagsCache = key => {\n  if (!tagsCaches.has(key)) {\n    tagsCaches.set(key, new Cache(tagsCaches.get(key.constructor)));\n  }\n\n  return tagsCaches.get(key);\n};\n\n/**\n * Transforms an array of TemplateResults or arrays into another one with resolved scoped elements\n *\n * @param {ReadonlyArray} items\n * @param {ScopedElementsMap} scopedElements\n * @param {Cache<TemplateStringsArray, TemplateStringsArray>} templateCache\n * @param {Cache<string, string>} tagsCache\n * @returns {ReadonlyArray}\n */\nconst transformArray = (items, scopedElements, templateCache, tagsCache) =>\n  items.map(value => {\n    if (value instanceof TemplateResult) {\n      return transformTemplate(value, scopedElements, templateCache, tagsCache);\n    }\n\n    if (Array.isArray(value)) {\n      return transformArray(value, scopedElements, templateCache, tagsCache);\n    }\n\n    return value;\n  });\n\n/**\n * Transforms a TemplateResult into another one with resolved scoped elements\n *\n * @param {TemplateResult} template\n * @param {ScopedElementsMap} scopedElements\n * @param {Cache<TemplateStringsArray, TemplateStringsArray>} templateCache\n * @param {Cache<string, string>} tagsCache\n * @returns {TemplateResult}\n */\nconst transformTemplate = (template, scopedElements, templateCache, tagsCache) => {\n  const BaseClass = template instanceof SVGTemplateResult ? SVGTemplateResult : TemplateResult;\n\n  return new BaseClass(\n    transform(template.strings, scopedElements, templateCache, tagsCache),\n    transformArray(template.values, scopedElements, templateCache, tagsCache),\n    template.type,\n    template.processor,\n  );\n};\n\n/**\n * Gets an instance of the ScopedElementsTemplateFactory\n *\n * @param {string} scopeName\n * @param {ScopedElementsMap} scopedElements\n * @param {Cache<TemplateStringsArray, TemplateStringsArray>} templateCache\n * @param {Cache<string, string>} tagsCache\n * @returns {function(any): any}\n */\nconst scopedElementsTemplateFactory = (\n  scopeName,\n  scopedElements,\n  templateCache,\n  tagsCache,\n) => template => {\n  const newTemplate = transformTemplate(template, scopedElements, templateCache, tagsCache);\n\n  return shadyTemplateFactory(scopeName)(newTemplate);\n};\n\nconst version = '1.3.6';\n// eslint-disable-next-line dot-notation\nconst versions = (window['scopedElementsVersions'] || (window['scopedElementsVersions'] = []));\nif (!versions.includes(version)) {\n  versions.push(version);\n}\n\n/** @type {ScopedElementsMixin} */\nconst ScopedElementsMixinImplementation = superclass =>\n  class ScopedElementsHost extends superclass {\n    /**\n     * Obtains the scoped elements definitions map\n     *\n     * @returns {ScopedElementsMap}\n     */\n    static get scopedElements() {\n      return {};\n    }\n\n    static get scopedElementsVersion() {\n      return version;\n    }\n\n    /** @override */\n    static render(template, container, options) {\n      if (!options || typeof options !== 'object' || !options.scopeName) {\n        throw new Error('The `scopeName` option is required.');\n      }\n      const { scopeName, eventContext } = options;\n\n      const templateCache = getTemplateCache(eventContext);\n      const tagsCache = getTagsCache(eventContext);\n      const { scopedElements } = this;\n\n      return super.render(template, container, {\n        ...options,\n        templateFactory: scopedElementsTemplateFactory(\n          scopeName,\n          scopedElements,\n          templateCache,\n          tagsCache,\n        ),\n      });\n    }\n\n    /**\n     * Defines a scoped element\n     *\n     * @param {string} tagName\n     * @param {typeof HTMLElement} klass\n     */\n    defineScopedElement(tagName, klass) {\n      return defineScopedElement(tagName, klass, getTagsCache(this));\n    }\n\n    /**\n     * Returns a scoped tag name\n     *\n     * @deprecated Please, use the instance method instead of the static one. This static method is not able to\n     * obtain the tagName of lazy defined elements, while the instance one is.\n     * @param {string} tagName\n     * @returns {string|undefined}\n     */\n    static getScopedTagName(tagName) {\n      // @ts-ignore\n      const klass = this.scopedElements[tagName];\n\n      return klass\n        ? registerElement(tagName, klass, getTagsCache(this))\n        : getTagsCache(this).get(tagName);\n    }\n\n    /**\n     * Returns a scoped tag name\n     *\n     * @param {string} tagName\n     * @returns {string|undefined}\n     */\n    getScopedTagName(tagName) {\n      // @ts-ignore\n      const klass = this.constructor.scopedElements[tagName];\n\n      return klass\n        ? registerElement(tagName, klass, getTagsCache(this))\n        : getTagsCache(this).get(tagName);\n    }\n  };\n\nexport const ScopedElementsMixin = dedupeMixin(ScopedElementsMixinImplementation);\n","/**\n * Global counter to scope the custom elements\n *\n * @type {number}\n */\nlet counter = Math.round(Math.random() * 100000);\n\n/**\n * Allowed tag name chars\n *\n * @type {string}\n */\nconst chars = `-|\\\\.|[0-9]|[a-z]`;\n\n/**\n * Regular expression to check if a value is a valid tag name\n *\n * @type {RegExp}\n */\nconst tagRegExp = new RegExp(`[a-z](${chars})*-(${chars})*`);\n\n/**\n * Checks if the tag name is valid\n *\n * @param {string} tag\n * @returns {boolean}\n */\nconst isValid = tag => tagRegExp.exec(tag) !== null;\n\n/**\n * Checks if the tag is already registered\n *\n * @param {string} name\n * @param {CustomElementRegistry} registry\n * @returns {boolean}\n */\nconst isTagRegistered = (name, registry) => !!registry.get(name);\n\n/**\n * Given a tag name scopes it with a number suffix\n *\n * @param {string} tagName\n * @param {CustomElementRegistry} registry\n * @returns {string} scoped tag name\n */\nconst incrementTagName = (tagName, registry) => {\n  const newTagName = `${tagName}-${(counter += 1)}`;\n\n  if (isTagRegistered(newTagName, registry)) {\n    return incrementTagName(tagName, registry);\n  }\n\n  return newTagName;\n};\n\n/**\n * Creates a unique scoped tag name\n *\n * @exports\n * @param {string} tagName - tag name to scope\n * @param {CustomElementRegistry} registry\n * @returns {string} scoped tag name\n */\nexport function createUniqueTag(tagName, registry = customElements) {\n  if (!isValid(tagName)) {\n    throw new Error('tagName is invalid');\n  }\n\n  return incrementTagName(tagName, registry);\n}\n","/**\n * The global cache for tag names\n *\n * @type {WeakMap<typeof HTMLElement, string>}\n */\nconst globalTagsCache = new WeakMap();\n\n/**\n * Adds a tag to the global tags cache\n *\n * @param {string} tag\n * @param {typeof HTMLElement} klass\n */\nexport const addToGlobalTagsCache = (tag, klass) => globalTagsCache.set(klass, tag);\n\n/**\n * Gets a tag from the global tags cache\n *\n * @exports\n * @param {typeof HTMLElement} klass\n * @returns {undefined|string}\n */\nexport const getFromGlobalTagsCache = klass => globalTagsCache.get(klass);\n","import { createUniqueTag } from './createUniqueTag.js';\nimport { getFromGlobalTagsCache, addToGlobalTagsCache } from './globalTagsCache.js';\n\n/**\n * Checks if klass is a subclass of native HTMLElement or polyfilled HTMLElement.\n * We manually loop over the prototpe, so we can detect if we extend from native HTMLElement\n * or the polyfilled one from scoped-custom-element-registry (window.HTMLElement)\n * @param {typeof HTMLElement} klass a class, like LitElement\n * @returns {boolean}\n */\nfunction extendsHTMLElement(klass) {\n  let currentClass = klass;\n  while (currentClass) {\n    // currentClass could either be:\n    // 1. unpatched, native HTMLElement (when polyfill not loaded this is always the case), or:\n    // 2. patched window.HTMLElement (can be the case when polyfill is loaded)\n    // If polyfill is loaded and currentClass is the native HTMLElement, we don't have a\n    // reference to it (polyfill calls it NativeHTMLElement, but doesn't expose it),\n    // so we check its name.\n    if (currentClass === window.HTMLElement || currentClass.name === 'HTMLElement') {\n      return true;\n    }\n    currentClass = Object.getPrototypeOf(currentClass);\n  }\n  return false;\n}\n\n/**\n * Defines a custom element\n *\n * @param {string} tagName\n * @param {typeof HTMLElement} klass\n * @param {CustomElementRegistry} registry\n */\nconst defineElement = (tagName, klass, registry = customElements) => {\n  addToGlobalTagsCache(tagName, klass);\n  registry.define(tagName, class extends klass {});\n};\n\n/**\n * Stores a lazy element in the cache to be used in future\n *\n * @param {string} tagName\n * @param {CustomElementRegistry} registry\n * @param {import('./Cache.js').Cache<string, string>} tagsCache\n * @returns {string}\n */\nconst storeLazyElementInCache = (tagName, registry, tagsCache) => {\n  const tag = createUniqueTag(tagName, registry);\n\n  if (!tagsCache) {\n    throw new Error('Lazy scoped elements requires the use of tags cache');\n  }\n\n  tagsCache.set(tagName, tag);\n\n  return tag;\n};\n\n/**\n * Define a scoped custom element storing the scoped tag name in the cache\n *\n * @param {string} tagName\n * @param {typeof HTMLElement} klass\n * @param {import('./Cache.js').Cache<string, string>} tagsCache\n * @returns {string}\n */\nconst defineElementAndStoreInCache = (tagName, klass, tagsCache) => {\n  const registry = customElements;\n\n  if (!extendsHTMLElement(klass)) {\n    return storeLazyElementInCache(tagName, registry, tagsCache);\n  }\n\n  if (klass === customElements.get(tagName)) {\n    addToGlobalTagsCache(tagName, klass);\n\n    return tagName;\n  }\n\n  const tag = createUniqueTag(tagName, registry);\n  // @ts-ignore\n  // we extend it just in case the class has been defined manually\n  defineElement(tag, klass, registry);\n\n  return tag;\n};\n\n/**\n * Gets a scoped tag name from the cache or generates a new one and defines the element if needed\n *\n * @exports\n * @param {string} tagName\n * @param {typeof HTMLElement} klass\n * @param {import('./Cache.js').Cache<string, string>} tagsCache\n * @returns {string}\n */\nexport function registerElement(tagName, klass, tagsCache = undefined) {\n  const tag =\n    getFromGlobalTagsCache(klass) ||\n    (tagsCache && tagsCache.get(tagName)) ||\n    defineElementAndStoreInCache(tagName, klass, tagsCache);\n\n  return tag;\n}\n\n/**\n * Defines a lazy element\n *\n * @param {string} tagName\n * @param {typeof HTMLElement} klass\n * @param {import('./Cache.js').Cache<string, string>} tagsCache\n */\nexport function defineScopedElement(tagName, klass, tagsCache) {\n  const tag = tagsCache.get(tagName);\n\n  if (tag) {\n    if (customElements.get(tag) === undefined) {\n      defineElement(tag, klass, customElements);\n    }\n  } else {\n    tagsCache.set(tagName, registerElement(tagName, klass, tagsCache));\n  }\n}\n","import { templateCaches } from 'lit-html/lib/template-factory.js';\nimport { marker, Template } from 'lit-html/lib/template.js';\n\nconst getTemplateCacheKey = (type, scopeName) => `${type}--${scopeName}`;\n\nlet compatibleShadyCSSVersion = true;\n\n// @ts-ignore\nconst { ShadyCSS } = window;\n\nif (typeof ShadyCSS === 'undefined') {\n  compatibleShadyCSSVersion = false;\n} else if (typeof ShadyCSS.prepareTemplateDom === 'undefined') {\n  compatibleShadyCSSVersion = false;\n}\n\n/**\n * Template factory which scopes template DOM using ShadyCSS.\n * @param scopeName {string}\n */\nexport const shadyTemplateFactory = scopeName => result => {\n  const cacheKey = getTemplateCacheKey(result.type, scopeName);\n  let templateCache = templateCaches.get(cacheKey);\n  if (templateCache === undefined) {\n    templateCache = {\n      stringsArray: new WeakMap(),\n      keyString: new Map(),\n    };\n    templateCaches.set(cacheKey, templateCache);\n  }\n  let template = templateCache.stringsArray.get(result.strings);\n  if (template !== undefined) {\n    return template;\n  }\n  const key = result.strings.join(marker);\n  template = templateCache.keyString.get(key);\n  if (template === undefined) {\n    const element = result.getTemplateElement();\n    if (compatibleShadyCSSVersion) {\n      ShadyCSS.prepareTemplateDom(element, scopeName);\n    }\n    template = new Template(result, element);\n    templateCache.keyString.set(key, template);\n  }\n  templateCache.stringsArray.set(result.strings, template);\n  return template;\n};\n","import { registerElement } from './registerElement.js';\nimport { Cache } from './Cache.js';\n\n/**\n * @typedef {import('./types').ScopedElementsMap} ScopedElementsMap\n */\n\n/**\n * Allowed tag name chars\n *\n * @type {string}\n */\nconst chars = `-|\\\\.|[0-9]|[a-z]`;\n\n/**\n * Regular Expression to find a custom element tag\n *\n * @type {RegExp}\n */\nconst re = new RegExp(`<\\\\/?([a-z](${chars})*-(${chars})*)`, 'g');\n\n/**\n * The global cache of processed string arrays\n *\n * @type {Cache<TemplateStringsArray, TemplateStringsArray>}\n */\nconst globalCache = new Cache();\n\n/**\n * Find custom element tags in the string\n *\n * @param {string} str\n * @returns {RegExpExecArray[]}\n */\nconst matchAll = str => {\n  const matches = [];\n  let result;\n  // eslint-disable-next-line no-cond-assign\n  while ((result = re.exec(str)) !== null) {\n    matches.push(result);\n  }\n\n  return matches;\n};\n\n/**\n * Transforms a string array into another one with resolved scoped elements and caches it for future references\n *\n * @param {TemplateStringsArray} strings\n * @param {ScopedElementsMap} scopedElements\n * @param {Cache<TemplateStringsArray, TemplateStringsArray>} templateCache\n * @param {Cache<string, string>} tagsCache\n * @returns {TemplateStringsArray}\n */\nconst transformTemplate = (strings, scopedElements, templateCache, tagsCache) => {\n  const transformedStrings = strings.map(str => {\n    let acc = str;\n    const matches = matchAll(str);\n\n    for (let i = matches.length - 1; i >= 0; i -= 1) {\n      const item = matches[i];\n      const [block, tagName] = item;\n      const tag = registerElement(tagName, scopedElements[tagName], tagsCache);\n      const start = item.index + block.length - tagName.length;\n      const end = start + tagName.length;\n      const isClosingTag = block.indexOf('</') === 0;\n\n      acc =\n        acc.slice(0, start) +\n        (isClosingTag ? tag : `${tag} data-tag-name=\"${tagName}\"`) +\n        acc.slice(end);\n    }\n\n    return acc;\n  });\n\n  // @ts-ignore\n  // noinspection JSCheckFunctionSignatures\n  templateCache.set(strings, transformedStrings);\n\n  // @ts-ignore\n  // noinspection JSValidateTypes\n  return transformedStrings;\n};\n\n/**\n * Obtains the cached strings array with resolved scoped elements or creates it\n *\n * @exports\n * @param {TemplateStringsArray} strings\n * @param {ScopedElementsMap} scopedElements\n * @param {import('./Cache.js').Cache<TemplateStringsArray, TemplateStringsArray>} templateCache\n * @param {import('./Cache.js').Cache<string, string>} tagsCache\n * @returns {TemplateStringsArray}\n */\nexport function transform(strings, scopedElements, templateCache = globalCache, tagsCache) {\n  return (\n    templateCache.get(strings) ||\n    transformTemplate(strings, scopedElements, templateCache, tagsCache)\n  );\n}\n","import { nextFrame } from './helpers.js';\n\nconst isDefinedPromise = action => typeof action === 'object' && Promise.resolve(action) === action;\n\n/**\n * Awaits for \"update complete promises\" of elements\n * - for [lit-element](https://github.com/polymer/lit-element) that is `el.updateComplete`;\n * - for [stencil](https://github.com/ionic-team/stencil/) that is `el.componentOnReady()`;\n *\n * If none of those specfic Promise hooks are found, it will wait for one frame via\n * `await nextFrame()`.\n *\n * Ensures that ShadyDOM finished its job if available.\n *\n * @template {Element} T\n * @param {T} el\n * @returns {Promise<T>}\n */\nexport async function elementUpdated(el) {\n  let hasSpecificAwait = false;\n  // @ts-ignore\n  let update = el && el.updateComplete;\n  if (isDefinedPromise(update)) {\n    await update;\n    hasSpecificAwait = true;\n  }\n\n  // @ts-ignore\n  update = el && el.componentOnReady ? el.componentOnReady() : false;\n  if (isDefinedPromise(update)) {\n    await update;\n    hasSpecificAwait = true;\n  }\n\n  if (!hasSpecificAwait) {\n    await nextFrame();\n  }\n\n  // @ts-ignore\n  if (window.ShadyDOM && typeof window.ShadyDOM.flush === 'function') {\n    // @ts-ignore\n    window.ShadyDOM.flush();\n  }\n\n  return el;\n}\n","import { stringFixture, stringFixtureSync } from './stringFixture.js';\nimport { litFixture, litFixtureSync } from './litFixture.js';\nimport { isValidRenderArg } from './lib.js';\n\n/**\n * @typedef {object} FixtureOptions\n * @property {Element} [parentNode] optional parent node to render the fixture's template to\n * @property {import('@open-wc/scoped-elements').ScopedElementsMap} [scopedElements] optional scoped-elements\n * definition map\n */\n\n/**\n * Renders a string/TemplateResult and puts it in the DOM via a fixtureWrapper.\n *\n * @example\n * const el = fixtureSync('<my-el><span></span></my-el>');\n *\n * @template {Element} T\n * @param {import('./litFixture').LitHTMLRenderable} template Either a string or lit-html TemplateResult\n * @param {FixtureOptions} [options]\n * @returns {T} First child of the rendered DOM\n */\nexport function fixtureSync(template, options) {\n  if (typeof template === 'string') {\n    return stringFixtureSync(template, options);\n  }\n  if (isValidRenderArg(template)) {\n    return litFixtureSync(template, options);\n  }\n  throw new Error(\n    'Invalid template provided - string, number, boolean, Node, TemplateResult, or array or iterable thereof are supported',\n  );\n}\n\n/**\n * Renders a string/TemplateResult and puts it in the DOM via a fixtureWrapper.\n * By default fixture awaits the elements \"update complete\" Promise.\n * - for [lit-element](https://github.com/polymer/lit-element) that is `el.updateComplete`;\n * - for [stencil](https://github.com/ionic-team/stencil/) that is `el.componentOnReady()`;\n *\n * If none of those specfic Promise hooks are found, it will wait for one frame via\n * `await nextFrame()`.\n *\n * **Note**: this does not guarantee that the element is done rendering -\n * it just waits for the next JavaScript tick.\n *\n * @example\n * const el = await fixture('<my-el><span></span></my-el>');\n * expect(el.fullyRendered).to.be.true;\n *\n * @template {Element} T\n * @param {import('./litFixture').LitHTMLRenderable} template Either a string or lit-html TemplateResult\n * @param {FixtureOptions} [options]\n * @returns {Promise<T>} A Promise that will resolve to the first child of the rendered DOM\n */\nexport async function fixture(template, options) {\n  if (typeof template === 'string') {\n    return stringFixture(template, options);\n  }\n  if (isValidRenderArg(template)) {\n    return litFixture(template, options);\n  }\n  throw new Error('Invalid template provided - string or lit-html TemplateResult is supported');\n}\n","import { fixtureCleanup } from './fixtureWrapper.js';\n\nexport { fixture, fixtureSync } from './fixture-no-side-effect.js';\n\n/**\n * This registers the fixture cleanup as a side effect\n */\ntry {\n  // we should not assume that our users load mocha types globally\n  // @ts-ignore\n  if ('afterEach' in window) {\n    // @ts-ignore\n    afterEach(() => {\n      fixtureCleanup();\n    });\n  }\n  // @ts-ignore\n  if ('teardown' in window) {\n    // @ts-ignore\n    teardown(() => {\n      fixtureCleanup();\n    });\n  }\n} catch (error) {\n  /* do nothing */\n}\n","/** @type Array<Node> */\nexport const cachedWrappers = [];\n\n/**\n * Creates a wrapper as a direct child of `<body>` to put the tested element into.\n * Need to be in the DOM to test for example `connectedCallback()` on elements.\n *\n * @param {Element} [parentNode]\n * @returns {Element} wrapping node\n */\nexport function fixtureWrapper(parentNode = document.createElement('div')) {\n  document.body.appendChild(parentNode);\n  cachedWrappers.push(parentNode);\n  return parentNode;\n}\n\n/**\n * Cleans up all defined fixtures by removing the actual wrapper nodes.\n * Common usecase is at the end of each test.\n */\nexport function fixtureCleanup() {\n  if (cachedWrappers) {\n    cachedWrappers.forEach(wrapper => {\n      document.body.removeChild(wrapper);\n    });\n  }\n  cachedWrappers.length = 0; // reset it like this as we can't reassign it\n}\n","let defineCECounter = 0;\n\n/**\n * Registers a new element with an automatically generated unique name.\n * Helps to make a test fully isolated.\n *\n * @example\n * const tag = defineCE(class extends MyMixin(HTMLElement) {\n *   // define custom element class body\n * });\n * const el = fixture(`<${tag}></${tag}>`);\n * // test el\n *\n * @template {HTMLElement} T\n * @param {import(\"@open-wc/dedupe-mixin\").Constructor<T>} klass Class which extends HTMLElement\n * @returns {string} Tag name of the registered element\n */\nexport function defineCE(klass) {\n  const tag = `test-${defineCECounter}`;\n  customElements.define(tag, klass);\n  defineCECounter += 1;\n  return tag;\n}\n\n/**\n * Indicates that this is Internet Explorer.\n *\n * @returns {boolean}\n */\nexport function isIE() {\n  return !!navigator.userAgent.match(/Trident/g) || !!navigator.userAgent.match(/MSIE/g);\n}\n\n/**\n * Resolves after provided amount of miliseconds.\n *\n * @example\n * await aTimeout(100);\n *\n * @param {number} ms Miliseconds.\n * @returns {Promise<void>} Promise to await until time is up\n */\nexport function aTimeout(ms) {\n  return new Promise(resolve => {\n    setTimeout(resolve, ms);\n  });\n}\n\n/**\n * Resolves after requestAnimationFrame.\n *\n * @example\n * await nextFrame();\n *\n * @returns {Promise<void>} Promise that resolved after requestAnimationFrame\n */\nexport function nextFrame() {\n  return new Promise(resolve => requestAnimationFrame(() => resolve()));\n}\n\n/**\n * Blurs the provided element and await time before and after it on IE.\n *\n * @example\n * const el = await fixture('<input type=\"text\" autofocus />');\n * await triggerBlurFor(el);\n * // el is no longer focused\n *\n * @param {HTMLElement} element Element/Node to blur\n * @returns {Promise<void>} Promise to await until blur is done (for IE)\n */\nexport async function triggerBlurFor(element) {\n  if (isIE()) {\n    await nextFrame();\n    await nextFrame();\n  }\n  element.blur();\n  if (isIE()) {\n    element.blur();\n    await nextFrame();\n    await nextFrame();\n  }\n}\n\n/**\n * Focuses the provided element and await time before and after it on IE.\n *\n * Background info:\n * Adding an event and immediately trigger it fails in IE.\n * Also before checking the effects of a trigger IE needs some time.\n *\n * @example\n * const el = await fixture('<input type=\"text\" />');\n * await triggerFocusFor(el);\n * // el is now focused\n *\n * @param {HTMLElement} element Element/Node to focus\n * @returns {Promise<void>} Promise to await until focus is done (for IE)\n */\nexport async function triggerFocusFor(element) {\n  if (isIE()) {\n    await nextFrame();\n    await nextFrame();\n  }\n  element.focus();\n  if (isIE()) {\n    element.focus();\n    await nextFrame();\n    await nextFrame();\n  }\n}\n\n/**\n * Listens for one event and resolves with this event object after it was fired.\n *\n * @example\n * setTimeout(() => el.fireDone());\n * await oneEvent(el, 'done');\n * expect(el.done).to.be.true;\n *\n * @param {EventTarget} eventTarget Target of the event, usually an Element\n * @param {string} eventName Name of the event\n * @returns {Promise<CustomEvent>} Promise to await until the event has been fired\n */\nexport function oneEvent(eventTarget, eventName) {\n  return new Promise(resolve => {\n    function listener(ev) {\n      resolve(ev);\n      eventTarget.removeEventListener(eventName, listener);\n    }\n    eventTarget.addEventListener(eventName, listener);\n  });\n}\n\n/**\n * Waits until the given predicate returns a truthy value. Calls and awaits the predicate\n * function at the given interval time. Can be used to poll until a certain condition is true.\n *\n * @example\n * ```js\n * import { fixture, waitUntil } from '@open-wc/testing-helpers';\n *\n * const element = await fixture(html`<my-element></my-element>`);\n *\n * await waitUntil(() => element.someAsyncProperty, 'element should become ready');\n * ```\n *\n * @param {() => boolean | Promise<boolean>} predicate - predicate function which is called each poll interval.\n *   The predicate is awaited, so it can return a promise.\n * @param {string} [message] an optional message to display when the condition timed out\n * @param {{ interval?: number, timeout?: number }} [options] timeout and polling interval\n */\nexport function waitUntil(predicate, message, options = {}) {\n  const { interval = 50, timeout = 1000 } = options;\n\n  return new Promise((resolve, reject) => {\n    let timeoutId;\n\n    setTimeout(() => {\n      clearTimeout(timeoutId);\n      reject(new Error(message ? `Timeout: ${message}` : `waitUntil timed out after ${timeout}ms`));\n    }, timeout);\n\n    async function nextInterval() {\n      try {\n        if (await predicate()) {\n          resolve();\n        } else {\n          timeoutId = setTimeout(() => {\n            nextInterval();\n          }, interval);\n        }\n      } catch (error) {\n        reject(error);\n      }\n    }\n    nextInterval();\n  });\n}\n","import { TemplateResult } from 'lit-html';\n\nexport const isIterable = object => object != null && typeof object[Symbol.iterator] === 'function';\n\nfunction isValidNonIterableRenderArg(x) {\n  return (\n    x instanceof TemplateResult ||\n    x instanceof Node ||\n    typeof x === 'number' ||\n    typeof x === 'boolean' ||\n    typeof x === 'string'\n  );\n}\n\nexport function isValidRenderArg(x) {\n  return isIterable(x) ? [...x].every(isValidNonIterableRenderArg) : isValidNonIterableRenderArg(x);\n}\n\n/**\n * Node#nodeType enum\n * @readonly\n * @enum {number}\n */\nexport const NODE_TYPES = Object.freeze({\n  ELEMENT_NODE: 1,\n  TEXT_NODE: 3,\n  COMMENT_NODE: 8,\n  DOCUMENT_FRAGMENT_NODE: 11,\n});\n","import { html as litHtml } from 'lit-html/lit-html.js';\n\nexport { render } from 'lit-html/lit-html.js';\n\n/**\n * This is a wrapper around lit-html that supports dynamic strings to be added as a preprocessing\n * step, before a template is passed to lit's html function.\n * A dynamic string will be evaluated one time (on init) and passed to lit-html as being\n * part of the static string.\n *\n * WARNING: do not use in production!!! has a huge performance penalty as every string is\n * different from lit-htmls perspective so a new tag is created every time.\n *\n * A valid use case for this would be to create dynamic tag names.\n *\n * @example:\n * const tag = unsafeStatic('my-tag');\n * html`<${tag} prop=\"${prop}\"></${tag>`\n * // will in turn calls lit-html html function as:\n * html`<my-tag prop=\"${prop}\"></my-tag>`\n *\n * @param {TemplateStringsArray} strings Static Parts\n * @param {Array.<any>} values Dynamic Parts\n * @returns {import('lit-html').TemplateResult}\n */\nexport function html(strings, ...values) {\n  const newVal = []; // result values to be passed on to lit-html\n  const newStr = []; // result strings to be passed on to lit-html\n\n  if (values.length === 0) {\n    return litHtml(strings, ...values);\n  }\n\n  const isDynamicProp = p => p && p.d && typeof p.d === 'string' && Object.keys(p).length === 1;\n  const addToCurrentString = add => {\n    newStr[newStr.length - 1] = newStr[newStr.length - 1] + add;\n  };\n\n  // Create the result arrays\n  values.forEach((string, index) => {\n    if (index === 0) {\n      newStr.push(strings[0]); // this is either ''(if tagged starts with value) or string\n    }\n    // Situation 1 : dynamic string\n    const p = values[index]; // potential dynamic string\n    if (isDynamicProp(p)) {\n      addToCurrentString(p.d);\n      addToCurrentString(strings[index + 1]);\n    } else {\n      // Situation 2: no dynamic string, just push string and value\n      newVal.push(p); // a 'real' value\n      newStr.push(strings[index + 1]);\n    }\n  });\n  // Return lit template\n  // TODO: this is the reason it's not performant TemplateStringsArray needs to be always exactly\n  //   the same => e.g. would require specific caching\n  // @ts-ignore\n  return litHtml(newStr, ...newVal);\n}\n\nexport function unsafeStatic(options) {\n  return {\n    d: options,\n  };\n}\n","import { TemplateResult } from 'lit-html';\nimport { fixtureWrapper } from './fixtureWrapper.js';\nimport { render } from './lit-html.js';\nimport { elementUpdated } from './elementUpdated.js';\nimport { NODE_TYPES } from './lib.js';\nimport { getScopedElementsTemplate } from './scopedElementsWrapper.js';\n\n/**\n * @typedef {\n     import('lit-html').TemplateResult\n   | import('lit-html').TemplateResult[]\n   | Node | Node[]\n   | string | string[]\n   | number | number[]\n   | boolean | boolean[]\n } LitHTMLRenderable\n */\n\nconst isUsefulNode = ({ nodeType, textContent }) => {\n  switch (nodeType) {\n    case NODE_TYPES.COMMENT_NODE:\n      return false;\n    case NODE_TYPES.TEXT_NODE:\n      return textContent.trim();\n    default:\n      return true;\n  }\n};\n\n/**\n * Setups an element synchronously from the provided lit-html template and puts it in the DOM.\n *\n * @template {Element} T - Is an element or a node\n * @param {LitHTMLRenderable} template\n * @param {import('./fixture-no-side-effect.js').FixtureOptions} [options]\n * @returns {T}\n */\nexport function litFixtureSync(template, options = {}) {\n  const wrapper = fixtureWrapper(options.parentNode);\n\n  render(\n    options.scopedElements ? getScopedElementsTemplate(template, options.scopedElements) : template,\n    wrapper,\n  );\n\n  if (template instanceof TemplateResult) {\n    return /** @type {T} */ (wrapper.firstElementChild);\n  }\n  const [node] = Array.from(wrapper.childNodes).filter(isUsefulNode);\n\n  return /** @type {T} */ (node);\n}\n\n/**\n * Setups an element asynchronously from the provided lit-html template and puts it in the DOM.\n *\n * @template {Element} T - Is an element or a node\n * @param {LitHTMLRenderable} template\n * @param {import('./fixture-no-side-effect.js').FixtureOptions} [options]\n * @returns {Promise<T>}\n */\nexport async function litFixture(template, options = {}) {\n  /** @type {T} */\n  // NB: in the case of scopedElements, this is ScopedElementsTestWrapper, not T,\n  // but that's only a small lie\n  const el = litFixtureSync(template, options);\n  await elementUpdated(el);\n\n  if (options.scopedElements) {\n    const [node] =\n      /** @type {T[]} */\n      (Array.from(el.shadowRoot.childNodes).filter(isUsefulNode));\n    await elementUpdated(node);\n\n    return node;\n  }\n\n  return el;\n}\n","import { ScopedElementsMixin } from '@open-wc/scoped-elements';\nimport { html, LitElement, TemplateResult } from 'lit-element';\nimport { isIterable } from './lib.js';\n\n/** @typedef {import('@open-wc/scoped-elements').ScopedElementsMap} ScopedElementsMap */\n\nconst transform = template => {\n  if (isIterable(template)) {\n    return [...template].map(v => transform(v));\n  }\n\n  if (template instanceof TemplateResult) {\n    return html(template.strings, ...template.values);\n  }\n\n  return template;\n};\n\n/**\n * Regarding the @ts-expect-error, it is caused by having '& typeof ScopedElementsHost' on ScopedElementsMixin.\n * This type intersection is necessary though, in order to access static props of the mixin. For example:\n *\n * static get scopedElements() {\n *   return {\n *     ...super.scopedElements, // <-- this will error without '& typeof ScopedElementsHost'\n *   }\n * }\n *\n * However, a new type error is created --> Base constructors must all have the same return type.ts(2510)\n * But this can be ignored, and then at least you do get the super static props typed properly.\n */\n// @ts-expect-error\nclass ScopedElementsTestWrapper extends ScopedElementsMixin(LitElement) {\n  static get properties() {\n    return {\n      scopedElements: { type: Object },\n      template: { type: Object },\n    };\n  }\n\n  constructor() {\n    super();\n\n    /** @type {ScopedElementsMap} */\n    this.scopedElements = {};\n\n    /** @type {import('./litFixture').LitHTMLRenderable} */\n    // eslint-disable-next-line no-unused-expressions\n    this.template;\n  }\n\n  firstUpdated(_changed) {\n    super.firstUpdated(_changed);\n\n    Object.keys(this.scopedElements).forEach(key =>\n      this.defineScopedElement(key, this.scopedElements[key]),\n    );\n  }\n\n  render() {\n    return transform(this.template);\n  }\n}\n\n/**\n * Obtains a unique tag name for the test wrapper\n * @param {number} [counter=0]\n * @returns {string}\n */\nconst getWrapperUniqueName = (counter = 0) => {\n  const tag = `scoped-elements-test-wrapper-${counter}`;\n\n  if (customElements.get(tag) !== undefined) {\n    return getWrapperUniqueName(counter + 1);\n  }\n\n  return tag;\n};\n\nconst wrapperTagName = getWrapperUniqueName();\n\ncustomElements.define(wrapperTagName, ScopedElementsTestWrapper);\n\n/**\n * Wraps the template inside a scopedElements component\n *\n * @param {import('./litFixture').LitHTMLRenderable} template\n * @param {ScopedElementsMap} scopedElements\n * @returns {TemplateResult}\n */\nexport function getScopedElementsTemplate(template, scopedElements) {\n  const strings = [\n    `<${wrapperTagName} .scopedElements=\"`,\n    '\" .template=\"',\n    `\"></${wrapperTagName}>`,\n  ];\n\n  // @ts-ignore\n  return html(strings, scopedElements, template);\n}\n","import { html } from 'lit-html';\nimport { fixtureWrapper } from './fixtureWrapper.js';\nimport { elementUpdated } from './elementUpdated.js';\nimport { litFixture } from './litFixture.js';\n\n/**\n * Setups an element synchronously from the provided string template and puts it in the DOM.\n * Allows to specify properties via an object or a function taking the element as an argument.\n *\n * @template {Element} T - Is an element or a node\n * @param {string} template\n * @param {import('./fixture-no-side-effect.js').FixtureOptions} [options={}]\n * @returns {T}\n */\nexport function stringFixtureSync(template, options = {}) {\n  const parentNode = fixtureWrapper(options.parentNode);\n  parentNode.innerHTML = template;\n  return /** @type {T} */ (parentNode.children[0]);\n}\n\n/**\n * Setups an element asynchronously from the provided string template and puts it in the DOM.\n * Allows to specify properties via an object or a function taking the element as an argument.\n *\n * @template {Element} T - Is an element or a node\n * @param {string} template\n * @param {import('./fixture-no-side-effect.js').FixtureOptions} [options]\n * @returns {Promise<T>}\n */\nexport async function stringFixture(template, options = {}) {\n  if (options.scopedElements) {\n    // @ts-ignore\n    return litFixture(html([template]), options);\n  }\n\n  const el = stringFixtureSync(template, options);\n  await elementUpdated(el);\n  // @ts-ignore\n  return el;\n}\n","/**\n * Node.js module for Forge.\n *\n * @author Dave Longley\n *\n * Copyright 2011-2016 Digital Bazaar, Inc.\n */\nmodule.exports = {\n  // default options\n  options: {\n    usePureJavaScript: false\n  }\n};\n","/**\n * Hash-based Message Authentication Code implementation. Requires a message\n * digest object that can be obtained, for example, from forge.md.sha1 or\n * forge.md.md5.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2012 Digital Bazaar, Inc. All rights reserved.\n */\nvar forge = require('./forge');\nrequire('./md');\nrequire('./util');\n\n/* HMAC API */\nvar hmac = module.exports = forge.hmac = forge.hmac || {};\n\n/**\n * Creates an HMAC object that uses the given message digest object.\n *\n * @return an HMAC object.\n */\nhmac.create = function() {\n  // the hmac key to use\n  var _key = null;\n\n  // the message digest to use\n  var _md = null;\n\n  // the inner padding\n  var _ipadding = null;\n\n  // the outer padding\n  var _opadding = null;\n\n  // hmac context\n  var ctx = {};\n\n  /**\n   * Starts or restarts the HMAC with the given key and message digest.\n   *\n   * @param md the message digest to use, null to reuse the previous one,\n   *           a string to use builtin 'sha1', 'md5', 'sha256'.\n   * @param key the key to use as a string, array of bytes, byte buffer,\n   *           or null to reuse the previous key.\n   */\n  ctx.start = function(md, key) {\n    if(md !== null) {\n      if(typeof md === 'string') {\n        // create builtin message digest\n        md = md.toLowerCase();\n        if(md in forge.md.algorithms) {\n          _md = forge.md.algorithms[md].create();\n        } else {\n          throw new Error('Unknown hash algorithm \"' + md + '\"');\n        }\n      } else {\n        // store message digest\n        _md = md;\n      }\n    }\n\n    if(key === null) {\n      // reuse previous key\n      key = _key;\n    } else {\n      if(typeof key === 'string') {\n        // convert string into byte buffer\n        key = forge.util.createBuffer(key);\n      } else if(forge.util.isArray(key)) {\n        // convert byte array into byte buffer\n        var tmp = key;\n        key = forge.util.createBuffer();\n        for(var i = 0; i < tmp.length; ++i) {\n          key.putByte(tmp[i]);\n        }\n      }\n\n      // if key is longer than blocksize, hash it\n      var keylen = key.length();\n      if(keylen > _md.blockLength) {\n        _md.start();\n        _md.update(key.bytes());\n        key = _md.digest();\n      }\n\n      // mix key into inner and outer padding\n      // ipadding = [0x36 * blocksize] ^ key\n      // opadding = [0x5C * blocksize] ^ key\n      _ipadding = forge.util.createBuffer();\n      _opadding = forge.util.createBuffer();\n      keylen = key.length();\n      for(var i = 0; i < keylen; ++i) {\n        var tmp = key.at(i);\n        _ipadding.putByte(0x36 ^ tmp);\n        _opadding.putByte(0x5C ^ tmp);\n      }\n\n      // if key is shorter than blocksize, add additional padding\n      if(keylen < _md.blockLength) {\n        var tmp = _md.blockLength - keylen;\n        for(var i = 0; i < tmp; ++i) {\n          _ipadding.putByte(0x36);\n          _opadding.putByte(0x5C);\n        }\n      }\n      _key = key;\n      _ipadding = _ipadding.bytes();\n      _opadding = _opadding.bytes();\n    }\n\n    // digest is done like so: hash(opadding | hash(ipadding | message))\n\n    // prepare to do inner hash\n    // hash(ipadding | message)\n    _md.start();\n    _md.update(_ipadding);\n  };\n\n  /**\n   * Updates the HMAC with the given message bytes.\n   *\n   * @param bytes the bytes to update with.\n   */\n  ctx.update = function(bytes) {\n    _md.update(bytes);\n  };\n\n  /**\n   * Produces the Message Authentication Code (MAC).\n   *\n   * @return a byte buffer containing the digest value.\n   */\n  ctx.getMac = function() {\n    // digest is done like so: hash(opadding | hash(ipadding | message))\n    // here we do the outer hashing\n    var inner = _md.digest().bytes();\n    _md.start();\n    _md.update(_opadding);\n    _md.update(inner);\n    return _md.digest();\n  };\n  // alias for getMac\n  ctx.digest = ctx.getMac;\n\n  return ctx;\n};\n","// Copyright (c) 2005  Tom Wu\n// All Rights Reserved.\n// See \"LICENSE\" for details.\n\n// Basic JavaScript BN library - subset useful for RSA encryption.\n\n/*\nLicensing (LICENSE)\n-------------------\n\nThis software is covered under the following copyright:\n*/\n/*\n * Copyright (c) 2003-2005  Tom Wu\n * All Rights Reserved.\n *\n * Permission is hereby granted, free of charge, to any person obtaining\n * a copy of this software and associated documentation files (the\n * \"Software\"), to deal in the Software without restriction, including\n * without limitation the rights to use, copy, modify, merge, publish,\n * distribute, sublicense, and/or sell copies of the Software, and to\n * permit persons to whom the Software is furnished to do so, subject to\n * the following conditions:\n *\n * The above copyright notice and this permission notice shall be\n * included in all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS-IS\" AND WITHOUT WARRANTY OF ANY KIND,\n * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY\n * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.\n *\n * IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL,\n * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER\n * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF\n * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT\n * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.\n *\n * In addition, the following condition applies:\n *\n * All redistributions must retain an intact copy of this copyright notice\n * and disclaimer.\n */\n/*\nAddress all questions regarding this license to:\n\n  Tom Wu\n  tjw@cs.Stanford.EDU\n*/\nvar forge = require('./forge');\n\nmodule.exports = forge.jsbn = forge.jsbn || {};\n\n// Bits per digit\nvar dbits;\n\n// JavaScript engine analysis\nvar canary = 0xdeadbeefcafe;\nvar j_lm = ((canary&0xffffff)==0xefcafe);\n\n// (public) Constructor\nfunction BigInteger(a,b,c) {\n  this.data = [];\n  if(a != null)\n    if(\"number\" == typeof a) this.fromNumber(a,b,c);\n    else if(b == null && \"string\" != typeof a) this.fromString(a,256);\n    else this.fromString(a,b);\n}\nforge.jsbn.BigInteger = BigInteger;\n\n// return new, unset BigInteger\nfunction nbi() { return new BigInteger(null); }\n\n// am: Compute w_j += (x*this_i), propagate carries,\n// c is initial carry, returns final carry.\n// c < 3*dvalue, x < 2*dvalue, this_i < dvalue\n// We need to select the fastest one that works in this environment.\n\n// am1: use a single mult and divide to get the high bits,\n// max digit bits should be 26 because\n// max internal value = 2*dvalue^2-2*dvalue (< 2^53)\nfunction am1(i,x,w,j,c,n) {\n  while(--n >= 0) {\n    var v = x*this.data[i++]+w.data[j]+c;\n    c = Math.floor(v/0x4000000);\n    w.data[j++] = v&0x3ffffff;\n  }\n  return c;\n}\n// am2 avoids a big mult-and-extract completely.\n// Max digit bits should be <= 30 because we do bitwise ops\n// on values up to 2*hdvalue^2-hdvalue-1 (< 2^31)\nfunction am2(i,x,w,j,c,n) {\n  var xl = x&0x7fff, xh = x>>15;\n  while(--n >= 0) {\n    var l = this.data[i]&0x7fff;\n    var h = this.data[i++]>>15;\n    var m = xh*l+h*xl;\n    l = xl*l+((m&0x7fff)<<15)+w.data[j]+(c&0x3fffffff);\n    c = (l>>>30)+(m>>>15)+xh*h+(c>>>30);\n    w.data[j++] = l&0x3fffffff;\n  }\n  return c;\n}\n// Alternately, set max digit bits to 28 since some\n// browsers slow down when dealing with 32-bit numbers.\nfunction am3(i,x,w,j,c,n) {\n  var xl = x&0x3fff, xh = x>>14;\n  while(--n >= 0) {\n    var l = this.data[i]&0x3fff;\n    var h = this.data[i++]>>14;\n    var m = xh*l+h*xl;\n    l = xl*l+((m&0x3fff)<<14)+w.data[j]+c;\n    c = (l>>28)+(m>>14)+xh*h;\n    w.data[j++] = l&0xfffffff;\n  }\n  return c;\n}\n\n// node.js (no browser)\nif(typeof(navigator) === 'undefined')\n{\n   BigInteger.prototype.am = am3;\n   dbits = 28;\n} else if(j_lm && (navigator.appName == \"Microsoft Internet Explorer\")) {\n  BigInteger.prototype.am = am2;\n  dbits = 30;\n} else if(j_lm && (navigator.appName != \"Netscape\")) {\n  BigInteger.prototype.am = am1;\n  dbits = 26;\n} else { // Mozilla/Netscape seems to prefer am3\n  BigInteger.prototype.am = am3;\n  dbits = 28;\n}\n\nBigInteger.prototype.DB = dbits;\nBigInteger.prototype.DM = ((1<<dbits)-1);\nBigInteger.prototype.DV = (1<<dbits);\n\nvar BI_FP = 52;\nBigInteger.prototype.FV = Math.pow(2,BI_FP);\nBigInteger.prototype.F1 = BI_FP-dbits;\nBigInteger.prototype.F2 = 2*dbits-BI_FP;\n\n// Digit conversions\nvar BI_RM = \"0123456789abcdefghijklmnopqrstuvwxyz\";\nvar BI_RC = new Array();\nvar rr,vv;\nrr = \"0\".charCodeAt(0);\nfor(vv = 0; vv <= 9; ++vv) BI_RC[rr++] = vv;\nrr = \"a\".charCodeAt(0);\nfor(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;\nrr = \"A\".charCodeAt(0);\nfor(vv = 10; vv < 36; ++vv) BI_RC[rr++] = vv;\n\nfunction int2char(n) { return BI_RM.charAt(n); }\nfunction intAt(s,i) {\n  var c = BI_RC[s.charCodeAt(i)];\n  return (c==null)?-1:c;\n}\n\n// (protected) copy this to r\nfunction bnpCopyTo(r) {\n  for(var i = this.t-1; i >= 0; --i) r.data[i] = this.data[i];\n  r.t = this.t;\n  r.s = this.s;\n}\n\n// (protected) set from integer value x, -DV <= x < DV\nfunction bnpFromInt(x) {\n  this.t = 1;\n  this.s = (x<0)?-1:0;\n  if(x > 0) this.data[0] = x;\n  else if(x < -1) this.data[0] = x+this.DV;\n  else this.t = 0;\n}\n\n// return bigint initialized to value\nfunction nbv(i) { var r = nbi(); r.fromInt(i); return r; }\n\n// (protected) set from string and radix\nfunction bnpFromString(s,b) {\n  var k;\n  if(b == 16) k = 4;\n  else if(b == 8) k = 3;\n  else if(b == 256) k = 8; // byte array\n  else if(b == 2) k = 1;\n  else if(b == 32) k = 5;\n  else if(b == 4) k = 2;\n  else { this.fromRadix(s,b); return; }\n  this.t = 0;\n  this.s = 0;\n  var i = s.length, mi = false, sh = 0;\n  while(--i >= 0) {\n    var x = (k==8)?s[i]&0xff:intAt(s,i);\n    if(x < 0) {\n      if(s.charAt(i) == \"-\") mi = true;\n      continue;\n    }\n    mi = false;\n    if(sh == 0)\n      this.data[this.t++] = x;\n    else if(sh+k > this.DB) {\n      this.data[this.t-1] |= (x&((1<<(this.DB-sh))-1))<<sh;\n      this.data[this.t++] = (x>>(this.DB-sh));\n    } else\n      this.data[this.t-1] |= x<<sh;\n    sh += k;\n    if(sh >= this.DB) sh -= this.DB;\n  }\n  if(k == 8 && (s[0]&0x80) != 0) {\n    this.s = -1;\n    if(sh > 0) this.data[this.t-1] |= ((1<<(this.DB-sh))-1)<<sh;\n  }\n  this.clamp();\n  if(mi) BigInteger.ZERO.subTo(this,this);\n}\n\n// (protected) clamp off excess high words\nfunction bnpClamp() {\n  var c = this.s&this.DM;\n  while(this.t > 0 && this.data[this.t-1] == c) --this.t;\n}\n\n// (public) return string representation in given radix\nfunction bnToString(b) {\n  if(this.s < 0) return \"-\"+this.negate().toString(b);\n  var k;\n  if(b == 16) k = 4;\n  else if(b == 8) k = 3;\n  else if(b == 2) k = 1;\n  else if(b == 32) k = 5;\n  else if(b == 4) k = 2;\n  else return this.toRadix(b);\n  var km = (1<<k)-1, d, m = false, r = \"\", i = this.t;\n  var p = this.DB-(i*this.DB)%k;\n  if(i-- > 0) {\n    if(p < this.DB && (d = this.data[i]>>p) > 0) { m = true; r = int2char(d); }\n    while(i >= 0) {\n      if(p < k) {\n        d = (this.data[i]&((1<<p)-1))<<(k-p);\n        d |= this.data[--i]>>(p+=this.DB-k);\n      } else {\n        d = (this.data[i]>>(p-=k))&km;\n        if(p <= 0) { p += this.DB; --i; }\n      }\n      if(d > 0) m = true;\n      if(m) r += int2char(d);\n    }\n  }\n  return m?r:\"0\";\n}\n\n// (public) -this\nfunction bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; }\n\n// (public) |this|\nfunction bnAbs() { return (this.s<0)?this.negate():this; }\n\n// (public) return + if this > a, - if this < a, 0 if equal\nfunction bnCompareTo(a) {\n  var r = this.s-a.s;\n  if(r != 0) return r;\n  var i = this.t;\n  r = i-a.t;\n  if(r != 0) return (this.s<0)?-r:r;\n  while(--i >= 0) if((r=this.data[i]-a.data[i]) != 0) return r;\n  return 0;\n}\n\n// returns bit length of the integer x\nfunction nbits(x) {\n  var r = 1, t;\n  if((t=x>>>16) != 0) { x = t; r += 16; }\n  if((t=x>>8) != 0) { x = t; r += 8; }\n  if((t=x>>4) != 0) { x = t; r += 4; }\n  if((t=x>>2) != 0) { x = t; r += 2; }\n  if((t=x>>1) != 0) { x = t; r += 1; }\n  return r;\n}\n\n// (public) return the number of bits in \"this\"\nfunction bnBitLength() {\n  if(this.t <= 0) return 0;\n  return this.DB*(this.t-1)+nbits(this.data[this.t-1]^(this.s&this.DM));\n}\n\n// (protected) r = this << n*DB\nfunction bnpDLShiftTo(n,r) {\n  var i;\n  for(i = this.t-1; i >= 0; --i) r.data[i+n] = this.data[i];\n  for(i = n-1; i >= 0; --i) r.data[i] = 0;\n  r.t = this.t+n;\n  r.s = this.s;\n}\n\n// (protected) r = this >> n*DB\nfunction bnpDRShiftTo(n,r) {\n  for(var i = n; i < this.t; ++i) r.data[i-n] = this.data[i];\n  r.t = Math.max(this.t-n,0);\n  r.s = this.s;\n}\n\n// (protected) r = this << n\nfunction bnpLShiftTo(n,r) {\n  var bs = n%this.DB;\n  var cbs = this.DB-bs;\n  var bm = (1<<cbs)-1;\n  var ds = Math.floor(n/this.DB), c = (this.s<<bs)&this.DM, i;\n  for(i = this.t-1; i >= 0; --i) {\n    r.data[i+ds+1] = (this.data[i]>>cbs)|c;\n    c = (this.data[i]&bm)<<bs;\n  }\n  for(i = ds-1; i >= 0; --i) r.data[i] = 0;\n  r.data[ds] = c;\n  r.t = this.t+ds+1;\n  r.s = this.s;\n  r.clamp();\n}\n\n// (protected) r = this >> n\nfunction bnpRShiftTo(n,r) {\n  r.s = this.s;\n  var ds = Math.floor(n/this.DB);\n  if(ds >= this.t) { r.t = 0; return; }\n  var bs = n%this.DB;\n  var cbs = this.DB-bs;\n  var bm = (1<<bs)-1;\n  r.data[0] = this.data[ds]>>bs;\n  for(var i = ds+1; i < this.t; ++i) {\n    r.data[i-ds-1] |= (this.data[i]&bm)<<cbs;\n    r.data[i-ds] = this.data[i]>>bs;\n  }\n  if(bs > 0) r.data[this.t-ds-1] |= (this.s&bm)<<cbs;\n  r.t = this.t-ds;\n  r.clamp();\n}\n\n// (protected) r = this - a\nfunction bnpSubTo(a,r) {\n  var i = 0, c = 0, m = Math.min(a.t,this.t);\n  while(i < m) {\n    c += this.data[i]-a.data[i];\n    r.data[i++] = c&this.DM;\n    c >>= this.DB;\n  }\n  if(a.t < this.t) {\n    c -= a.s;\n    while(i < this.t) {\n      c += this.data[i];\n      r.data[i++] = c&this.DM;\n      c >>= this.DB;\n    }\n    c += this.s;\n  } else {\n    c += this.s;\n    while(i < a.t) {\n      c -= a.data[i];\n      r.data[i++] = c&this.DM;\n      c >>= this.DB;\n    }\n    c -= a.s;\n  }\n  r.s = (c<0)?-1:0;\n  if(c < -1) r.data[i++] = this.DV+c;\n  else if(c > 0) r.data[i++] = c;\n  r.t = i;\n  r.clamp();\n}\n\n// (protected) r = this * a, r != this,a (HAC 14.12)\n// \"this\" should be the larger one if appropriate.\nfunction bnpMultiplyTo(a,r) {\n  var x = this.abs(), y = a.abs();\n  var i = x.t;\n  r.t = i+y.t;\n  while(--i >= 0) r.data[i] = 0;\n  for(i = 0; i < y.t; ++i) r.data[i+x.t] = x.am(0,y.data[i],r,i,0,x.t);\n  r.s = 0;\n  r.clamp();\n  if(this.s != a.s) BigInteger.ZERO.subTo(r,r);\n}\n\n// (protected) r = this^2, r != this (HAC 14.16)\nfunction bnpSquareTo(r) {\n  var x = this.abs();\n  var i = r.t = 2*x.t;\n  while(--i >= 0) r.data[i] = 0;\n  for(i = 0; i < x.t-1; ++i) {\n    var c = x.am(i,x.data[i],r,2*i,0,1);\n    if((r.data[i+x.t]+=x.am(i+1,2*x.data[i],r,2*i+1,c,x.t-i-1)) >= x.DV) {\n      r.data[i+x.t] -= x.DV;\n      r.data[i+x.t+1] = 1;\n    }\n  }\n  if(r.t > 0) r.data[r.t-1] += x.am(i,x.data[i],r,2*i,0,1);\n  r.s = 0;\n  r.clamp();\n}\n\n// (protected) divide this by m, quotient and remainder to q, r (HAC 14.20)\n// r != q, this != m.  q or r may be null.\nfunction bnpDivRemTo(m,q,r) {\n  var pm = m.abs();\n  if(pm.t <= 0) return;\n  var pt = this.abs();\n  if(pt.t < pm.t) {\n    if(q != null) q.fromInt(0);\n    if(r != null) this.copyTo(r);\n    return;\n  }\n  if(r == null) r = nbi();\n  var y = nbi(), ts = this.s, ms = m.s;\n  var nsh = this.DB-nbits(pm.data[pm.t-1]);\t// normalize modulus\n  if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); } else { pm.copyTo(y); pt.copyTo(r); }\n  var ys = y.t;\n  var y0 = y.data[ys-1];\n  if(y0 == 0) return;\n  var yt = y0*(1<<this.F1)+((ys>1)?y.data[ys-2]>>this.F2:0);\n  var d1 = this.FV/yt, d2 = (1<<this.F1)/yt, e = 1<<this.F2;\n  var i = r.t, j = i-ys, t = (q==null)?nbi():q;\n  y.dlShiftTo(j,t);\n  if(r.compareTo(t) >= 0) {\n    r.data[r.t++] = 1;\n    r.subTo(t,r);\n  }\n  BigInteger.ONE.dlShiftTo(ys,t);\n  t.subTo(y,y);\t// \"negative\" y so we can replace sub with am later\n  while(y.t < ys) y.data[y.t++] = 0;\n  while(--j >= 0) {\n    // Estimate quotient digit\n    var qd = (r.data[--i]==y0)?this.DM:Math.floor(r.data[i]*d1+(r.data[i-1]+e)*d2);\n    if((r.data[i]+=y.am(0,qd,r,j,0,ys)) < qd) {\t// Try it out\n      y.dlShiftTo(j,t);\n      r.subTo(t,r);\n      while(r.data[i] < --qd) r.subTo(t,r);\n    }\n  }\n  if(q != null) {\n    r.drShiftTo(ys,q);\n    if(ts != ms) BigInteger.ZERO.subTo(q,q);\n  }\n  r.t = ys;\n  r.clamp();\n  if(nsh > 0) r.rShiftTo(nsh,r);\t// Denormalize remainder\n  if(ts < 0) BigInteger.ZERO.subTo(r,r);\n}\n\n// (public) this mod a\nfunction bnMod(a) {\n  var r = nbi();\n  this.abs().divRemTo(a,null,r);\n  if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r);\n  return r;\n}\n\n// Modular reduction using \"classic\" algorithm\nfunction Classic(m) { this.m = m; }\nfunction cConvert(x) {\n  if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m);\n  else return x;\n}\nfunction cRevert(x) { return x; }\nfunction cReduce(x) { x.divRemTo(this.m,null,x); }\nfunction cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }\nfunction cSqrTo(x,r) { x.squareTo(r); this.reduce(r); }\n\nClassic.prototype.convert = cConvert;\nClassic.prototype.revert = cRevert;\nClassic.prototype.reduce = cReduce;\nClassic.prototype.mulTo = cMulTo;\nClassic.prototype.sqrTo = cSqrTo;\n\n// (protected) return \"-1/this % 2^DB\"; useful for Mont. reduction\n// justification:\n//         xy == 1 (mod m)\n//         xy =  1+km\n//   xy(2-xy) = (1+km)(1-km)\n// x[y(2-xy)] = 1-k^2m^2\n// x[y(2-xy)] == 1 (mod m^2)\n// if y is 1/x mod m, then y(2-xy) is 1/x mod m^2\n// should reduce x and y(2-xy) by m^2 at each step to keep size bounded.\n// JS multiply \"overflows\" differently from C/C++, so care is needed here.\nfunction bnpInvDigit() {\n  if(this.t < 1) return 0;\n  var x = this.data[0];\n  if((x&1) == 0) return 0;\n  var y = x&3;\t\t// y == 1/x mod 2^2\n  y = (y*(2-(x&0xf)*y))&0xf;\t// y == 1/x mod 2^4\n  y = (y*(2-(x&0xff)*y))&0xff;\t// y == 1/x mod 2^8\n  y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff;\t// y == 1/x mod 2^16\n  // last step - calculate inverse mod DV directly;\n  // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints\n  y = (y*(2-x*y%this.DV))%this.DV;\t\t// y == 1/x mod 2^dbits\n  // we really want the negative inverse, and -DV < y < DV\n  return (y>0)?this.DV-y:-y;\n}\n\n// Montgomery reduction\nfunction Montgomery(m) {\n  this.m = m;\n  this.mp = m.invDigit();\n  this.mpl = this.mp&0x7fff;\n  this.mph = this.mp>>15;\n  this.um = (1<<(m.DB-15))-1;\n  this.mt2 = 2*m.t;\n}\n\n// xR mod m\nfunction montConvert(x) {\n  var r = nbi();\n  x.abs().dlShiftTo(this.m.t,r);\n  r.divRemTo(this.m,null,r);\n  if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r);\n  return r;\n}\n\n// x/R mod m\nfunction montRevert(x) {\n  var r = nbi();\n  x.copyTo(r);\n  this.reduce(r);\n  return r;\n}\n\n// x = x/R mod m (HAC 14.32)\nfunction montReduce(x) {\n  while(x.t <= this.mt2)\t// pad x so am has enough room later\n    x.data[x.t++] = 0;\n  for(var i = 0; i < this.m.t; ++i) {\n    // faster way of calculating u0 = x.data[i]*mp mod DV\n    var j = x.data[i]&0x7fff;\n    var u0 = (j*this.mpl+(((j*this.mph+(x.data[i]>>15)*this.mpl)&this.um)<<15))&x.DM;\n    // use am to combine the multiply-shift-add into one call\n    j = i+this.m.t;\n    x.data[j] += this.m.am(0,u0,x,i,0,this.m.t);\n    // propagate carry\n    while(x.data[j] >= x.DV) { x.data[j] -= x.DV; x.data[++j]++; }\n  }\n  x.clamp();\n  x.drShiftTo(this.m.t,x);\n  if(x.compareTo(this.m) >= 0) x.subTo(this.m,x);\n}\n\n// r = \"x^2/R mod m\"; x != r\nfunction montSqrTo(x,r) { x.squareTo(r); this.reduce(r); }\n\n// r = \"xy/R mod m\"; x,y != r\nfunction montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }\n\nMontgomery.prototype.convert = montConvert;\nMontgomery.prototype.revert = montRevert;\nMontgomery.prototype.reduce = montReduce;\nMontgomery.prototype.mulTo = montMulTo;\nMontgomery.prototype.sqrTo = montSqrTo;\n\n// (protected) true iff this is even\nfunction bnpIsEven() { return ((this.t>0)?(this.data[0]&1):this.s) == 0; }\n\n// (protected) this^e, e < 2^32, doing sqr and mul with \"r\" (HAC 14.79)\nfunction bnpExp(e,z) {\n  if(e > 0xffffffff || e < 1) return BigInteger.ONE;\n  var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1;\n  g.copyTo(r);\n  while(--i >= 0) {\n    z.sqrTo(r,r2);\n    if((e&(1<<i)) > 0) z.mulTo(r2,g,r);\n    else { var t = r; r = r2; r2 = t; }\n  }\n  return z.revert(r);\n}\n\n// (public) this^e % m, 0 <= e < 2^32\nfunction bnModPowInt(e,m) {\n  var z;\n  if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m);\n  return this.exp(e,z);\n}\n\n// protected\nBigInteger.prototype.copyTo = bnpCopyTo;\nBigInteger.prototype.fromInt = bnpFromInt;\nBigInteger.prototype.fromString = bnpFromString;\nBigInteger.prototype.clamp = bnpClamp;\nBigInteger.prototype.dlShiftTo = bnpDLShiftTo;\nBigInteger.prototype.drShiftTo = bnpDRShiftTo;\nBigInteger.prototype.lShiftTo = bnpLShiftTo;\nBigInteger.prototype.rShiftTo = bnpRShiftTo;\nBigInteger.prototype.subTo = bnpSubTo;\nBigInteger.prototype.multiplyTo = bnpMultiplyTo;\nBigInteger.prototype.squareTo = bnpSquareTo;\nBigInteger.prototype.divRemTo = bnpDivRemTo;\nBigInteger.prototype.invDigit = bnpInvDigit;\nBigInteger.prototype.isEven = bnpIsEven;\nBigInteger.prototype.exp = bnpExp;\n\n// public\nBigInteger.prototype.toString = bnToString;\nBigInteger.prototype.negate = bnNegate;\nBigInteger.prototype.abs = bnAbs;\nBigInteger.prototype.compareTo = bnCompareTo;\nBigInteger.prototype.bitLength = bnBitLength;\nBigInteger.prototype.mod = bnMod;\nBigInteger.prototype.modPowInt = bnModPowInt;\n\n// \"constants\"\nBigInteger.ZERO = nbv(0);\nBigInteger.ONE = nbv(1);\n\n// jsbn2 lib\n\n//Copyright (c) 2005-2009  Tom Wu\n//All Rights Reserved.\n//See \"LICENSE\" for details (See jsbn.js for LICENSE).\n\n//Extended JavaScript BN functions, required for RSA private ops.\n\n//Version 1.1: new BigInteger(\"0\", 10) returns \"proper\" zero\n\n//(public)\nfunction bnClone() { var r = nbi(); this.copyTo(r); return r; }\n\n//(public) return value as integer\nfunction bnIntValue() {\nif(this.s < 0) {\n if(this.t == 1) return this.data[0]-this.DV;\n else if(this.t == 0) return -1;\n} else if(this.t == 1) return this.data[0];\nelse if(this.t == 0) return 0;\n// assumes 16 < DB < 32\nreturn ((this.data[1]&((1<<(32-this.DB))-1))<<this.DB)|this.data[0];\n}\n\n//(public) return value as byte\nfunction bnByteValue() { return (this.t==0)?this.s:(this.data[0]<<24)>>24; }\n\n//(public) return value as short (assumes DB>=16)\nfunction bnShortValue() { return (this.t==0)?this.s:(this.data[0]<<16)>>16; }\n\n//(protected) return x s.t. r^x < DV\nfunction bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); }\n\n//(public) 0 if this == 0, 1 if this > 0\nfunction bnSigNum() {\nif(this.s < 0) return -1;\nelse if(this.t <= 0 || (this.t == 1 && this.data[0] <= 0)) return 0;\nelse return 1;\n}\n\n//(protected) convert to radix string\nfunction bnpToRadix(b) {\nif(b == null) b = 10;\nif(this.signum() == 0 || b < 2 || b > 36) return \"0\";\nvar cs = this.chunkSize(b);\nvar a = Math.pow(b,cs);\nvar d = nbv(a), y = nbi(), z = nbi(), r = \"\";\nthis.divRemTo(d,y,z);\nwhile(y.signum() > 0) {\n r = (a+z.intValue()).toString(b).substr(1) + r;\n y.divRemTo(d,y,z);\n}\nreturn z.intValue().toString(b) + r;\n}\n\n//(protected) convert from radix string\nfunction bnpFromRadix(s,b) {\nthis.fromInt(0);\nif(b == null) b = 10;\nvar cs = this.chunkSize(b);\nvar d = Math.pow(b,cs), mi = false, j = 0, w = 0;\nfor(var i = 0; i < s.length; ++i) {\n var x = intAt(s,i);\n if(x < 0) {\n   if(s.charAt(i) == \"-\" && this.signum() == 0) mi = true;\n   continue;\n }\n w = b*w+x;\n if(++j >= cs) {\n   this.dMultiply(d);\n   this.dAddOffset(w,0);\n   j = 0;\n   w = 0;\n }\n}\nif(j > 0) {\n this.dMultiply(Math.pow(b,j));\n this.dAddOffset(w,0);\n}\nif(mi) BigInteger.ZERO.subTo(this,this);\n}\n\n//(protected) alternate constructor\nfunction bnpFromNumber(a,b,c) {\nif(\"number\" == typeof b) {\n // new BigInteger(int,int,RNG)\n if(a < 2) this.fromInt(1);\n else {\n   this.fromNumber(a,c);\n   if(!this.testBit(a-1))  // force MSB set\n     this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this);\n   if(this.isEven()) this.dAddOffset(1,0); // force odd\n   while(!this.isProbablePrime(b)) {\n     this.dAddOffset(2,0);\n     if(this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a-1),this);\n   }\n }\n} else {\n // new BigInteger(int,RNG)\n var x = new Array(), t = a&7;\n x.length = (a>>3)+1;\n b.nextBytes(x);\n if(t > 0) x[0] &= ((1<<t)-1); else x[0] = 0;\n this.fromString(x,256);\n}\n}\n\n//(public) convert to bigendian byte array\nfunction bnToByteArray() {\nvar i = this.t, r = new Array();\nr[0] = this.s;\nvar p = this.DB-(i*this.DB)%8, d, k = 0;\nif(i-- > 0) {\n if(p < this.DB && (d = this.data[i]>>p) != (this.s&this.DM)>>p)\n   r[k++] = d|(this.s<<(this.DB-p));\n while(i >= 0) {\n   if(p < 8) {\n     d = (this.data[i]&((1<<p)-1))<<(8-p);\n     d |= this.data[--i]>>(p+=this.DB-8);\n   } else {\n     d = (this.data[i]>>(p-=8))&0xff;\n     if(p <= 0) { p += this.DB; --i; }\n   }\n   if((d&0x80) != 0) d |= -256;\n   if(k == 0 && (this.s&0x80) != (d&0x80)) ++k;\n   if(k > 0 || d != this.s) r[k++] = d;\n }\n}\nreturn r;\n}\n\nfunction bnEquals(a) { return(this.compareTo(a)==0); }\nfunction bnMin(a) { return(this.compareTo(a)<0)?this:a; }\nfunction bnMax(a) { return(this.compareTo(a)>0)?this:a; }\n\n//(protected) r = this op a (bitwise)\nfunction bnpBitwiseTo(a,op,r) {\nvar i, f, m = Math.min(a.t,this.t);\nfor(i = 0; i < m; ++i) r.data[i] = op(this.data[i],a.data[i]);\nif(a.t < this.t) {\n f = a.s&this.DM;\n for(i = m; i < this.t; ++i) r.data[i] = op(this.data[i],f);\n r.t = this.t;\n} else {\n f = this.s&this.DM;\n for(i = m; i < a.t; ++i) r.data[i] = op(f,a.data[i]);\n r.t = a.t;\n}\nr.s = op(this.s,a.s);\nr.clamp();\n}\n\n//(public) this & a\nfunction op_and(x,y) { return x&y; }\nfunction bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; }\n\n//(public) this | a\nfunction op_or(x,y) { return x|y; }\nfunction bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; }\n\n//(public) this ^ a\nfunction op_xor(x,y) { return x^y; }\nfunction bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; }\n\n//(public) this & ~a\nfunction op_andnot(x,y) { return x&~y; }\nfunction bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; }\n\n//(public) ~this\nfunction bnNot() {\nvar r = nbi();\nfor(var i = 0; i < this.t; ++i) r.data[i] = this.DM&~this.data[i];\nr.t = this.t;\nr.s = ~this.s;\nreturn r;\n}\n\n//(public) this << n\nfunction bnShiftLeft(n) {\nvar r = nbi();\nif(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r);\nreturn r;\n}\n\n//(public) this >> n\nfunction bnShiftRight(n) {\nvar r = nbi();\nif(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r);\nreturn r;\n}\n\n//return index of lowest 1-bit in x, x < 2^31\nfunction lbit(x) {\nif(x == 0) return -1;\nvar r = 0;\nif((x&0xffff) == 0) { x >>= 16; r += 16; }\nif((x&0xff) == 0) { x >>= 8; r += 8; }\nif((x&0xf) == 0) { x >>= 4; r += 4; }\nif((x&3) == 0) { x >>= 2; r += 2; }\nif((x&1) == 0) ++r;\nreturn r;\n}\n\n//(public) returns index of lowest 1-bit (or -1 if none)\nfunction bnGetLowestSetBit() {\nfor(var i = 0; i < this.t; ++i)\n if(this.data[i] != 0) return i*this.DB+lbit(this.data[i]);\nif(this.s < 0) return this.t*this.DB;\nreturn -1;\n}\n\n//return number of 1 bits in x\nfunction cbit(x) {\nvar r = 0;\nwhile(x != 0) { x &= x-1; ++r; }\nreturn r;\n}\n\n//(public) return number of set bits\nfunction bnBitCount() {\nvar r = 0, x = this.s&this.DM;\nfor(var i = 0; i < this.t; ++i) r += cbit(this.data[i]^x);\nreturn r;\n}\n\n//(public) true iff nth bit is set\nfunction bnTestBit(n) {\nvar j = Math.floor(n/this.DB);\nif(j >= this.t) return(this.s!=0);\nreturn((this.data[j]&(1<<(n%this.DB)))!=0);\n}\n\n//(protected) this op (1<<n)\nfunction bnpChangeBit(n,op) {\nvar r = BigInteger.ONE.shiftLeft(n);\nthis.bitwiseTo(r,op,r);\nreturn r;\n}\n\n//(public) this | (1<<n)\nfunction bnSetBit(n) { return this.changeBit(n,op_or); }\n\n//(public) this & ~(1<<n)\nfunction bnClearBit(n) { return this.changeBit(n,op_andnot); }\n\n//(public) this ^ (1<<n)\nfunction bnFlipBit(n) { return this.changeBit(n,op_xor); }\n\n//(protected) r = this + a\nfunction bnpAddTo(a,r) {\nvar i = 0, c = 0, m = Math.min(a.t,this.t);\nwhile(i < m) {\n c += this.data[i]+a.data[i];\n r.data[i++] = c&this.DM;\n c >>= this.DB;\n}\nif(a.t < this.t) {\n c += a.s;\n while(i < this.t) {\n   c += this.data[i];\n   r.data[i++] = c&this.DM;\n   c >>= this.DB;\n }\n c += this.s;\n} else {\n c += this.s;\n while(i < a.t) {\n   c += a.data[i];\n   r.data[i++] = c&this.DM;\n   c >>= this.DB;\n }\n c += a.s;\n}\nr.s = (c<0)?-1:0;\nif(c > 0) r.data[i++] = c;\nelse if(c < -1) r.data[i++] = this.DV+c;\nr.t = i;\nr.clamp();\n}\n\n//(public) this + a\nfunction bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; }\n\n//(public) this - a\nfunction bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; }\n\n//(public) this * a\nfunction bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; }\n\n//(public) this / a\nfunction bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; }\n\n//(public) this % a\nfunction bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; }\n\n//(public) [this/a,this%a]\nfunction bnDivideAndRemainder(a) {\nvar q = nbi(), r = nbi();\nthis.divRemTo(a,q,r);\nreturn new Array(q,r);\n}\n\n//(protected) this *= n, this >= 0, 1 < n < DV\nfunction bnpDMultiply(n) {\nthis.data[this.t] = this.am(0,n-1,this,0,0,this.t);\n++this.t;\nthis.clamp();\n}\n\n//(protected) this += n << w words, this >= 0\nfunction bnpDAddOffset(n,w) {\nif(n == 0) return;\nwhile(this.t <= w) this.data[this.t++] = 0;\nthis.data[w] += n;\nwhile(this.data[w] >= this.DV) {\n this.data[w] -= this.DV;\n if(++w >= this.t) this.data[this.t++] = 0;\n ++this.data[w];\n}\n}\n\n//A \"null\" reducer\nfunction NullExp() {}\nfunction nNop(x) { return x; }\nfunction nMulTo(x,y,r) { x.multiplyTo(y,r); }\nfunction nSqrTo(x,r) { x.squareTo(r); }\n\nNullExp.prototype.convert = nNop;\nNullExp.prototype.revert = nNop;\nNullExp.prototype.mulTo = nMulTo;\nNullExp.prototype.sqrTo = nSqrTo;\n\n//(public) this^e\nfunction bnPow(e) { return this.exp(e,new NullExp()); }\n\n//(protected) r = lower n words of \"this * a\", a.t <= n\n//\"this\" should be the larger one if appropriate.\nfunction bnpMultiplyLowerTo(a,n,r) {\nvar i = Math.min(this.t+a.t,n);\nr.s = 0; // assumes a,this >= 0\nr.t = i;\nwhile(i > 0) r.data[--i] = 0;\nvar j;\nfor(j = r.t-this.t; i < j; ++i) r.data[i+this.t] = this.am(0,a.data[i],r,i,0,this.t);\nfor(j = Math.min(a.t,n); i < j; ++i) this.am(0,a.data[i],r,i,0,n-i);\nr.clamp();\n}\n\n//(protected) r = \"this * a\" without lower n words, n > 0\n//\"this\" should be the larger one if appropriate.\nfunction bnpMultiplyUpperTo(a,n,r) {\n--n;\nvar i = r.t = this.t+a.t-n;\nr.s = 0; // assumes a,this >= 0\nwhile(--i >= 0) r.data[i] = 0;\nfor(i = Math.max(n-this.t,0); i < a.t; ++i)\n r.data[this.t+i-n] = this.am(n-i,a.data[i],r,0,0,this.t+i-n);\nr.clamp();\nr.drShiftTo(1,r);\n}\n\n//Barrett modular reduction\nfunction Barrett(m) {\n// setup Barrett\nthis.r2 = nbi();\nthis.q3 = nbi();\nBigInteger.ONE.dlShiftTo(2*m.t,this.r2);\nthis.mu = this.r2.divide(m);\nthis.m = m;\n}\n\nfunction barrettConvert(x) {\nif(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m);\nelse if(x.compareTo(this.m) < 0) return x;\nelse { var r = nbi(); x.copyTo(r); this.reduce(r); return r; }\n}\n\nfunction barrettRevert(x) { return x; }\n\n//x = x mod m (HAC 14.42)\nfunction barrettReduce(x) {\nx.drShiftTo(this.m.t-1,this.r2);\nif(x.t > this.m.t+1) { x.t = this.m.t+1; x.clamp(); }\nthis.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3);\nthis.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2);\nwhile(x.compareTo(this.r2) < 0) x.dAddOffset(1,this.m.t+1);\nx.subTo(this.r2,x);\nwhile(x.compareTo(this.m) >= 0) x.subTo(this.m,x);\n}\n\n//r = x^2 mod m; x != r\nfunction barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); }\n\n//r = x*y mod m; x,y != r\nfunction barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); }\n\nBarrett.prototype.convert = barrettConvert;\nBarrett.prototype.revert = barrettRevert;\nBarrett.prototype.reduce = barrettReduce;\nBarrett.prototype.mulTo = barrettMulTo;\nBarrett.prototype.sqrTo = barrettSqrTo;\n\n//(public) this^e % m (HAC 14.85)\nfunction bnModPow(e,m) {\nvar i = e.bitLength(), k, r = nbv(1), z;\nif(i <= 0) return r;\nelse if(i < 18) k = 1;\nelse if(i < 48) k = 3;\nelse if(i < 144) k = 4;\nelse if(i < 768) k = 5;\nelse k = 6;\nif(i < 8)\n z = new Classic(m);\nelse if(m.isEven())\n z = new Barrett(m);\nelse\n z = new Montgomery(m);\n\n// precomputation\nvar g = new Array(), n = 3, k1 = k-1, km = (1<<k)-1;\ng[1] = z.convert(this);\nif(k > 1) {\n var g2 = nbi();\n z.sqrTo(g[1],g2);\n while(n <= km) {\n   g[n] = nbi();\n   z.mulTo(g2,g[n-2],g[n]);\n   n += 2;\n }\n}\n\nvar j = e.t-1, w, is1 = true, r2 = nbi(), t;\ni = nbits(e.data[j])-1;\nwhile(j >= 0) {\n if(i >= k1) w = (e.data[j]>>(i-k1))&km;\n else {\n   w = (e.data[j]&((1<<(i+1))-1))<<(k1-i);\n   if(j > 0) w |= e.data[j-1]>>(this.DB+i-k1);\n }\n\n n = k;\n while((w&1) == 0) { w >>= 1; --n; }\n if((i -= n) < 0) { i += this.DB; --j; }\n if(is1) {  // ret == 1, don't bother squaring or multiplying it\n   g[w].copyTo(r);\n   is1 = false;\n } else {\n   while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; }\n   if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; }\n   z.mulTo(r2,g[w],r);\n }\n\n while(j >= 0 && (e.data[j]&(1<<i)) == 0) {\n   z.sqrTo(r,r2); t = r; r = r2; r2 = t;\n   if(--i < 0) { i = this.DB-1; --j; }\n }\n}\nreturn z.revert(r);\n}\n\n//(public) gcd(this,a) (HAC 14.54)\nfunction bnGCD(a) {\nvar x = (this.s<0)?this.negate():this.clone();\nvar y = (a.s<0)?a.negate():a.clone();\nif(x.compareTo(y) < 0) { var t = x; x = y; y = t; }\nvar i = x.getLowestSetBit(), g = y.getLowestSetBit();\nif(g < 0) return x;\nif(i < g) g = i;\nif(g > 0) {\n x.rShiftTo(g,x);\n y.rShiftTo(g,y);\n}\nwhile(x.signum() > 0) {\n if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x);\n if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y);\n if(x.compareTo(y) >= 0) {\n   x.subTo(y,x);\n   x.rShiftTo(1,x);\n } else {\n   y.subTo(x,y);\n   y.rShiftTo(1,y);\n }\n}\nif(g > 0) y.lShiftTo(g,y);\nreturn y;\n}\n\n//(protected) this % n, n < 2^26\nfunction bnpModInt(n) {\nif(n <= 0) return 0;\nvar d = this.DV%n, r = (this.s<0)?n-1:0;\nif(this.t > 0)\n if(d == 0) r = this.data[0]%n;\n else for(var i = this.t-1; i >= 0; --i) r = (d*r+this.data[i])%n;\nreturn r;\n}\n\n//(public) 1/this % m (HAC 14.61)\nfunction bnModInverse(m) {\nvar ac = m.isEven();\nif((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO;\nvar u = m.clone(), v = this.clone();\nvar a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1);\nwhile(u.signum() != 0) {\n while(u.isEven()) {\n   u.rShiftTo(1,u);\n   if(ac) {\n     if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); }\n     a.rShiftTo(1,a);\n   } else if(!b.isEven()) b.subTo(m,b);\n   b.rShiftTo(1,b);\n }\n while(v.isEven()) {\n   v.rShiftTo(1,v);\n   if(ac) {\n     if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); }\n     c.rShiftTo(1,c);\n   } else if(!d.isEven()) d.subTo(m,d);\n   d.rShiftTo(1,d);\n }\n if(u.compareTo(v) >= 0) {\n   u.subTo(v,u);\n   if(ac) a.subTo(c,a);\n   b.subTo(d,b);\n } else {\n   v.subTo(u,v);\n   if(ac) c.subTo(a,c);\n   d.subTo(b,d);\n }\n}\nif(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO;\nif(d.compareTo(m) >= 0) return d.subtract(m);\nif(d.signum() < 0) d.addTo(m,d); else return d;\nif(d.signum() < 0) return d.add(m); else return d;\n}\n\nvar lowprimes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509];\nvar lplim = (1<<26)/lowprimes[lowprimes.length-1];\n\n//(public) test primality with certainty >= 1-.5^t\nfunction bnIsProbablePrime(t) {\nvar i, x = this.abs();\nif(x.t == 1 && x.data[0] <= lowprimes[lowprimes.length-1]) {\n for(i = 0; i < lowprimes.length; ++i)\n   if(x.data[0] == lowprimes[i]) return true;\n return false;\n}\nif(x.isEven()) return false;\ni = 1;\nwhile(i < lowprimes.length) {\n var m = lowprimes[i], j = i+1;\n while(j < lowprimes.length && m < lplim) m *= lowprimes[j++];\n m = x.modInt(m);\n while(i < j) if(m%lowprimes[i++] == 0) return false;\n}\nreturn x.millerRabin(t);\n}\n\n//(protected) true if probably prime (HAC 4.24, Miller-Rabin)\nfunction bnpMillerRabin(t) {\nvar n1 = this.subtract(BigInteger.ONE);\nvar k = n1.getLowestSetBit();\nif(k <= 0) return false;\nvar r = n1.shiftRight(k);\nvar prng = bnGetPrng();\nvar a;\nfor(var i = 0; i < t; ++i) {\n // select witness 'a' at random from between 1 and n1\n do {\n   a = new BigInteger(this.bitLength(), prng);\n }\n while(a.compareTo(BigInteger.ONE) <= 0 || a.compareTo(n1) >= 0);\n var y = a.modPow(r,this);\n if(y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) {\n   var j = 1;\n   while(j++ < k && y.compareTo(n1) != 0) {\n     y = y.modPowInt(2,this);\n     if(y.compareTo(BigInteger.ONE) == 0) return false;\n   }\n   if(y.compareTo(n1) != 0) return false;\n }\n}\nreturn true;\n}\n\n// get pseudo random number generator\nfunction bnGetPrng() {\n  // create prng with api that matches BigInteger secure random\n  return {\n    // x is an array to fill with bytes\n    nextBytes: function(x) {\n      for(var i = 0; i < x.length; ++i) {\n        x[i] = Math.floor(Math.random() * 0x0100);\n      }\n    }\n  };\n}\n\n//protected\nBigInteger.prototype.chunkSize = bnpChunkSize;\nBigInteger.prototype.toRadix = bnpToRadix;\nBigInteger.prototype.fromRadix = bnpFromRadix;\nBigInteger.prototype.fromNumber = bnpFromNumber;\nBigInteger.prototype.bitwiseTo = bnpBitwiseTo;\nBigInteger.prototype.changeBit = bnpChangeBit;\nBigInteger.prototype.addTo = bnpAddTo;\nBigInteger.prototype.dMultiply = bnpDMultiply;\nBigInteger.prototype.dAddOffset = bnpDAddOffset;\nBigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo;\nBigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo;\nBigInteger.prototype.modInt = bnpModInt;\nBigInteger.prototype.millerRabin = bnpMillerRabin;\n\n//public\nBigInteger.prototype.clone = bnClone;\nBigInteger.prototype.intValue = bnIntValue;\nBigInteger.prototype.byteValue = bnByteValue;\nBigInteger.prototype.shortValue = bnShortValue;\nBigInteger.prototype.signum = bnSigNum;\nBigInteger.prototype.toByteArray = bnToByteArray;\nBigInteger.prototype.equals = bnEquals;\nBigInteger.prototype.min = bnMin;\nBigInteger.prototype.max = bnMax;\nBigInteger.prototype.and = bnAnd;\nBigInteger.prototype.or = bnOr;\nBigInteger.prototype.xor = bnXor;\nBigInteger.prototype.andNot = bnAndNot;\nBigInteger.prototype.not = bnNot;\nBigInteger.prototype.shiftLeft = bnShiftLeft;\nBigInteger.prototype.shiftRight = bnShiftRight;\nBigInteger.prototype.getLowestSetBit = bnGetLowestSetBit;\nBigInteger.prototype.bitCount = bnBitCount;\nBigInteger.prototype.testBit = bnTestBit;\nBigInteger.prototype.setBit = bnSetBit;\nBigInteger.prototype.clearBit = bnClearBit;\nBigInteger.prototype.flipBit = bnFlipBit;\nBigInteger.prototype.add = bnAdd;\nBigInteger.prototype.subtract = bnSubtract;\nBigInteger.prototype.multiply = bnMultiply;\nBigInteger.prototype.divide = bnDivide;\nBigInteger.prototype.remainder = bnRemainder;\nBigInteger.prototype.divideAndRemainder = bnDivideAndRemainder;\nBigInteger.prototype.modPow = bnModPow;\nBigInteger.prototype.modInverse = bnModInverse;\nBigInteger.prototype.pow = bnPow;\nBigInteger.prototype.gcd = bnGCD;\nBigInteger.prototype.isProbablePrime = bnIsProbablePrime;\n\n//BigInteger interfaces not implemented in jsbn:\n\n//BigInteger(int signum, byte[] magnitude)\n//double doubleValue()\n//float floatValue()\n//int hashCode()\n//long longValue()\n//static BigInteger valueOf(long val)\n","/**\n * Node.js module for Forge message digests.\n *\n * @author Dave Longley\n *\n * Copyright 2011-2017 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\n\nmodule.exports = forge.md = forge.md || {};\nforge.md.algorithms = forge.md.algorithms || {};\n","/**\n * Node.js module for Forge mask generation functions.\n *\n * @author Stefan Siegl\n *\n * Copyright 2012 Stefan Siegl <stesie@brokenpipe.de>\n */\nvar forge = require('./forge');\nrequire('./mgf1');\n\nmodule.exports = forge.mgf = forge.mgf || {};\nforge.mgf.mgf1 = forge.mgf1;\n","/**\n * Javascript implementation of mask generation function MGF1.\n *\n * @author Stefan Siegl\n * @author Dave Longley\n *\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n * Copyright (c) 2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\n\nforge.mgf = forge.mgf || {};\nvar mgf1 = module.exports = forge.mgf.mgf1 = forge.mgf1 = forge.mgf1 || {};\n\n/**\n * Creates a MGF1 mask generation function object.\n *\n * @param md the message digest API to use (eg: forge.md.sha1.create()).\n *\n * @return a mask generation function object.\n */\nmgf1.create = function(md) {\n  var mgf = {\n    /**\n     * Generate mask of specified length.\n     *\n     * @param {String} seed The seed for mask generation.\n     * @param maskLen Number of bytes to generate.\n     * @return {String} The generated mask.\n     */\n    generate: function(seed, maskLen) {\n      /* 2. Let T be the empty octet string. */\n      var t = new forge.util.ByteBuffer();\n\n      /* 3. For counter from 0 to ceil(maskLen / hLen), do the following: */\n      var len = Math.ceil(maskLen / md.digestLength);\n      for(var i = 0; i < len; i++) {\n        /* a. Convert counter to an octet string C of length 4 octets */\n        var c = new forge.util.ByteBuffer();\n        c.putInt32(i);\n\n        /* b. Concatenate the hash of the seed mgfSeed and C to the octet\n         * string T: */\n        md.start();\n        md.update(seed + c.getBytes());\n        t.putBuffer(md.digest());\n      }\n\n      /* Output the leading maskLen octets of T as the octet string mask. */\n      t.truncate(t.length() - maskLen);\n      return t.getBytes();\n    }\n  };\n\n  return mgf;\n};\n","/**\n * Object IDs for ASN.1.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2013 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\n\nforge.pki = forge.pki || {};\nvar oids = module.exports = forge.pki.oids = forge.oids = forge.oids || {};\n\n// set id to name mapping and name to id mapping\nfunction _IN(id, name) {\n  oids[id] = name;\n  oids[name] = id;\n}\n// set id to name mapping only\nfunction _I_(id, name) {\n  oids[id] = name;\n}\n\n// algorithm OIDs\n_IN('1.2.840.113549.1.1.1', 'rsaEncryption');\n// Note: md2 & md4 not implemented\n//_IN('1.2.840.113549.1.1.2', 'md2WithRSAEncryption');\n//_IN('1.2.840.113549.1.1.3', 'md4WithRSAEncryption');\n_IN('1.2.840.113549.1.1.4', 'md5WithRSAEncryption');\n_IN('1.2.840.113549.1.1.5', 'sha1WithRSAEncryption');\n_IN('1.2.840.113549.1.1.7', 'RSAES-OAEP');\n_IN('1.2.840.113549.1.1.8', 'mgf1');\n_IN('1.2.840.113549.1.1.9', 'pSpecified');\n_IN('1.2.840.113549.1.1.10', 'RSASSA-PSS');\n_IN('1.2.840.113549.1.1.11', 'sha256WithRSAEncryption');\n_IN('1.2.840.113549.1.1.12', 'sha384WithRSAEncryption');\n_IN('1.2.840.113549.1.1.13', 'sha512WithRSAEncryption');\n// Edwards-curve Digital Signature Algorithm (EdDSA) Ed25519\n_IN('1.3.101.112', 'EdDSA25519');\n\n_IN('1.2.840.10040.4.3', 'dsa-with-sha1');\n\n_IN('1.3.14.3.2.7', 'desCBC');\n\n_IN('1.3.14.3.2.26', 'sha1');\n// Deprecated equivalent of sha1WithRSAEncryption\n_IN('1.3.14.3.2.29', 'sha1WithRSASignature');\n_IN('2.16.840.1.101.3.4.2.1', 'sha256');\n_IN('2.16.840.1.101.3.4.2.2', 'sha384');\n_IN('2.16.840.1.101.3.4.2.3', 'sha512');\n_IN('2.16.840.1.101.3.4.2.4', 'sha224');\n_IN('2.16.840.1.101.3.4.2.5', 'sha512-224');\n_IN('2.16.840.1.101.3.4.2.6', 'sha512-256');\n_IN('1.2.840.113549.2.2', 'md2');\n_IN('1.2.840.113549.2.5', 'md5');\n\n// pkcs#7 content types\n_IN('1.2.840.113549.1.7.1', 'data');\n_IN('1.2.840.113549.1.7.2', 'signedData');\n_IN('1.2.840.113549.1.7.3', 'envelopedData');\n_IN('1.2.840.113549.1.7.4', 'signedAndEnvelopedData');\n_IN('1.2.840.113549.1.7.5', 'digestedData');\n_IN('1.2.840.113549.1.7.6', 'encryptedData');\n\n// pkcs#9 oids\n_IN('1.2.840.113549.1.9.1', 'emailAddress');\n_IN('1.2.840.113549.1.9.2', 'unstructuredName');\n_IN('1.2.840.113549.1.9.3', 'contentType');\n_IN('1.2.840.113549.1.9.4', 'messageDigest');\n_IN('1.2.840.113549.1.9.5', 'signingTime');\n_IN('1.2.840.113549.1.9.6', 'counterSignature');\n_IN('1.2.840.113549.1.9.7', 'challengePassword');\n_IN('1.2.840.113549.1.9.8', 'unstructuredAddress');\n_IN('1.2.840.113549.1.9.14', 'extensionRequest');\n\n_IN('1.2.840.113549.1.9.20', 'friendlyName');\n_IN('1.2.840.113549.1.9.21', 'localKeyId');\n_IN('1.2.840.113549.1.9.22.1', 'x509Certificate');\n\n// pkcs#12 safe bags\n_IN('1.2.840.113549.1.12.10.1.1', 'keyBag');\n_IN('1.2.840.113549.1.12.10.1.2', 'pkcs8ShroudedKeyBag');\n_IN('1.2.840.113549.1.12.10.1.3', 'certBag');\n_IN('1.2.840.113549.1.12.10.1.4', 'crlBag');\n_IN('1.2.840.113549.1.12.10.1.5', 'secretBag');\n_IN('1.2.840.113549.1.12.10.1.6', 'safeContentsBag');\n\n// password-based-encryption for pkcs#12\n_IN('1.2.840.113549.1.5.13', 'pkcs5PBES2');\n_IN('1.2.840.113549.1.5.12', 'pkcs5PBKDF2');\n\n_IN('1.2.840.113549.1.12.1.1', 'pbeWithSHAAnd128BitRC4');\n_IN('1.2.840.113549.1.12.1.2', 'pbeWithSHAAnd40BitRC4');\n_IN('1.2.840.113549.1.12.1.3', 'pbeWithSHAAnd3-KeyTripleDES-CBC');\n_IN('1.2.840.113549.1.12.1.4', 'pbeWithSHAAnd2-KeyTripleDES-CBC');\n_IN('1.2.840.113549.1.12.1.5', 'pbeWithSHAAnd128BitRC2-CBC');\n_IN('1.2.840.113549.1.12.1.6', 'pbewithSHAAnd40BitRC2-CBC');\n\n// hmac OIDs\n_IN('1.2.840.113549.2.7', 'hmacWithSHA1');\n_IN('1.2.840.113549.2.8', 'hmacWithSHA224');\n_IN('1.2.840.113549.2.9', 'hmacWithSHA256');\n_IN('1.2.840.113549.2.10', 'hmacWithSHA384');\n_IN('1.2.840.113549.2.11', 'hmacWithSHA512');\n\n// symmetric key algorithm oids\n_IN('1.2.840.113549.3.7', 'des-EDE3-CBC');\n_IN('2.16.840.1.101.3.4.1.2', 'aes128-CBC');\n_IN('2.16.840.1.101.3.4.1.22', 'aes192-CBC');\n_IN('2.16.840.1.101.3.4.1.42', 'aes256-CBC');\n\n// certificate issuer/subject OIDs\n_IN('2.5.4.3', 'commonName');\n_IN('2.5.4.4', 'surname');\n_IN('2.5.4.5', 'serialNumber');\n_IN('2.5.4.6', 'countryName');\n_IN('2.5.4.7', 'localityName');\n_IN('2.5.4.8', 'stateOrProvinceName');\n_IN('2.5.4.9', 'streetAddress');\n_IN('2.5.4.10', 'organizationName');\n_IN('2.5.4.11', 'organizationalUnitName');\n_IN('2.5.4.12', 'title');\n_IN('2.5.4.13', 'description');\n_IN('2.5.4.15', 'businessCategory');\n_IN('2.5.4.17', 'postalCode');\n_IN('2.5.4.42', 'givenName');\n_IN('1.3.6.1.4.1.311.60.2.1.2', 'jurisdictionOfIncorporationStateOrProvinceName');\n_IN('1.3.6.1.4.1.311.60.2.1.3', 'jurisdictionOfIncorporationCountryName');\n\n// X.509 extension OIDs\n_IN('2.16.840.1.113730.1.1', 'nsCertType');\n_IN('2.16.840.1.113730.1.13', 'nsComment'); // deprecated in theory; still widely used\n_I_('2.5.29.1', 'authorityKeyIdentifier'); // deprecated, use .35\n_I_('2.5.29.2', 'keyAttributes'); // obsolete use .37 or .15\n_I_('2.5.29.3', 'certificatePolicies'); // deprecated, use .32\n_I_('2.5.29.4', 'keyUsageRestriction'); // obsolete use .37 or .15\n_I_('2.5.29.5', 'policyMapping'); // deprecated use .33\n_I_('2.5.29.6', 'subtreesConstraint'); // obsolete use .30\n_I_('2.5.29.7', 'subjectAltName'); // deprecated use .17\n_I_('2.5.29.8', 'issuerAltName'); // deprecated use .18\n_I_('2.5.29.9', 'subjectDirectoryAttributes');\n_I_('2.5.29.10', 'basicConstraints'); // deprecated use .19\n_I_('2.5.29.11', 'nameConstraints'); // deprecated use .30\n_I_('2.5.29.12', 'policyConstraints'); // deprecated use .36\n_I_('2.5.29.13', 'basicConstraints'); // deprecated use .19\n_IN('2.5.29.14', 'subjectKeyIdentifier');\n_IN('2.5.29.15', 'keyUsage');\n_I_('2.5.29.16', 'privateKeyUsagePeriod');\n_IN('2.5.29.17', 'subjectAltName');\n_IN('2.5.29.18', 'issuerAltName');\n_IN('2.5.29.19', 'basicConstraints');\n_I_('2.5.29.20', 'cRLNumber');\n_I_('2.5.29.21', 'cRLReason');\n_I_('2.5.29.22', 'expirationDate');\n_I_('2.5.29.23', 'instructionCode');\n_I_('2.5.29.24', 'invalidityDate');\n_I_('2.5.29.25', 'cRLDistributionPoints'); // deprecated use .31\n_I_('2.5.29.26', 'issuingDistributionPoint'); // deprecated use .28\n_I_('2.5.29.27', 'deltaCRLIndicator');\n_I_('2.5.29.28', 'issuingDistributionPoint');\n_I_('2.5.29.29', 'certificateIssuer');\n_I_('2.5.29.30', 'nameConstraints');\n_IN('2.5.29.31', 'cRLDistributionPoints');\n_IN('2.5.29.32', 'certificatePolicies');\n_I_('2.5.29.33', 'policyMappings');\n_I_('2.5.29.34', 'policyConstraints'); // deprecated use .36\n_IN('2.5.29.35', 'authorityKeyIdentifier');\n_I_('2.5.29.36', 'policyConstraints');\n_IN('2.5.29.37', 'extKeyUsage');\n_I_('2.5.29.46', 'freshestCRL');\n_I_('2.5.29.54', 'inhibitAnyPolicy');\n\n// extKeyUsage purposes\n_IN('1.3.6.1.4.1.11129.2.4.2', 'timestampList');\n_IN('1.3.6.1.5.5.7.1.1', 'authorityInfoAccess');\n_IN('1.3.6.1.5.5.7.3.1', 'serverAuth');\n_IN('1.3.6.1.5.5.7.3.2', 'clientAuth');\n_IN('1.3.6.1.5.5.7.3.3', 'codeSigning');\n_IN('1.3.6.1.5.5.7.3.4', 'emailProtection');\n_IN('1.3.6.1.5.5.7.3.8', 'timeStamping');\n","/**\n * Password-based encryption functions.\n *\n * @author Dave Longley\n * @author Stefan Siegl <stesie@brokenpipe.de>\n *\n * Copyright (c) 2010-2013 Digital Bazaar, Inc.\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n *\n * An EncryptedPrivateKeyInfo:\n *\n * EncryptedPrivateKeyInfo ::= SEQUENCE {\n *   encryptionAlgorithm  EncryptionAlgorithmIdentifier,\n *   encryptedData        EncryptedData }\n *\n * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier\n *\n * EncryptedData ::= OCTET STRING\n */\nvar forge = require('./forge');\nrequire('./aes');\nrequire('./asn1');\nrequire('./des');\nrequire('./md');\nrequire('./oids');\nrequire('./pbkdf2');\nrequire('./pem');\nrequire('./random');\nrequire('./rc2');\nrequire('./rsa');\nrequire('./util');\n\nif(typeof BigInteger === 'undefined') {\n  var BigInteger = forge.jsbn.BigInteger;\n}\n\n// shortcut for asn.1 API\nvar asn1 = forge.asn1;\n\n/* Password-based encryption implementation. */\nvar pki = forge.pki = forge.pki || {};\nmodule.exports = pki.pbe = forge.pbe = forge.pbe || {};\nvar oids = pki.oids;\n\n// validator for an EncryptedPrivateKeyInfo structure\n// Note: Currently only works w/algorithm params\nvar encryptedPrivateKeyValidator = {\n  name: 'EncryptedPrivateKeyInfo',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'EncryptedPrivateKeyInfo.encryptionAlgorithm',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      name: 'AlgorithmIdentifier.algorithm',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OID,\n      constructed: false,\n      capture: 'encryptionOid'\n    }, {\n      name: 'AlgorithmIdentifier.parameters',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,\n      constructed: true,\n      captureAsn1: 'encryptionParams'\n    }]\n  }, {\n    // encryptedData\n    name: 'EncryptedPrivateKeyInfo.encryptedData',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OCTETSTRING,\n    constructed: false,\n    capture: 'encryptedData'\n  }]\n};\n\n// validator for a PBES2Algorithms structure\n// Note: Currently only works w/PBKDF2 + AES encryption schemes\nvar PBES2AlgorithmsValidator = {\n  name: 'PBES2Algorithms',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'PBES2Algorithms.keyDerivationFunc',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      name: 'PBES2Algorithms.keyDerivationFunc.oid',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OID,\n      constructed: false,\n      capture: 'kdfOid'\n    }, {\n      name: 'PBES2Algorithms.params',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,\n      constructed: true,\n      value: [{\n        name: 'PBES2Algorithms.params.salt',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.OCTETSTRING,\n        constructed: false,\n        capture: 'kdfSalt'\n      }, {\n        name: 'PBES2Algorithms.params.iterationCount',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.INTEGER,\n        constructed: false,\n        capture: 'kdfIterationCount'\n      }, {\n        name: 'PBES2Algorithms.params.keyLength',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.INTEGER,\n        constructed: false,\n        optional: true,\n        capture: 'keyLength'\n      }, {\n        // prf\n        name: 'PBES2Algorithms.params.prf',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.SEQUENCE,\n        constructed: true,\n        optional: true,\n        value: [{\n          name: 'PBES2Algorithms.params.prf.algorithm',\n          tagClass: asn1.Class.UNIVERSAL,\n          type: asn1.Type.OID,\n          constructed: false,\n          capture: 'prfOid'\n        }]\n      }]\n    }]\n  }, {\n    name: 'PBES2Algorithms.encryptionScheme',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      name: 'PBES2Algorithms.encryptionScheme.oid',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OID,\n      constructed: false,\n      capture: 'encOid'\n    }, {\n      name: 'PBES2Algorithms.encryptionScheme.iv',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OCTETSTRING,\n      constructed: false,\n      capture: 'encIv'\n    }]\n  }]\n};\n\nvar pkcs12PbeParamsValidator = {\n  name: 'pkcs-12PbeParams',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'pkcs-12PbeParams.salt',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OCTETSTRING,\n    constructed: false,\n    capture: 'salt'\n  }, {\n    name: 'pkcs-12PbeParams.iterations',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'iterations'\n  }]\n};\n\n/**\n * Encrypts a ASN.1 PrivateKeyInfo object, producing an EncryptedPrivateKeyInfo.\n *\n * PBES2Algorithms ALGORITHM-IDENTIFIER ::=\n *   { {PBES2-params IDENTIFIED BY id-PBES2}, ...}\n *\n * id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}\n *\n * PBES2-params ::= SEQUENCE {\n *   keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}},\n *   encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}\n * }\n *\n * PBES2-KDFs ALGORITHM-IDENTIFIER ::=\n *   { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... }\n *\n * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... }\n *\n * PBKDF2-params ::= SEQUENCE {\n *   salt CHOICE {\n *     specified OCTET STRING,\n *     otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}}\n *   },\n *   iterationCount INTEGER (1..MAX),\n *   keyLength INTEGER (1..MAX) OPTIONAL,\n *   prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1\n * }\n *\n * @param obj the ASN.1 PrivateKeyInfo object.\n * @param password the password to encrypt with.\n * @param options:\n *          algorithm the encryption algorithm to use\n *            ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'.\n *          count the iteration count to use.\n *          saltSize the salt size to use.\n *          prfAlgorithm the PRF message digest algorithm to use\n *            ('sha1', 'sha224', 'sha256', 'sha384', 'sha512')\n *\n * @return the ASN.1 EncryptedPrivateKeyInfo.\n */\npki.encryptPrivateKeyInfo = function(obj, password, options) {\n  // set default options\n  options = options || {};\n  options.saltSize = options.saltSize || 8;\n  options.count = options.count || 2048;\n  options.algorithm = options.algorithm || 'aes128';\n  options.prfAlgorithm = options.prfAlgorithm || 'sha1';\n\n  // generate PBE params\n  var salt = forge.random.getBytesSync(options.saltSize);\n  var count = options.count;\n  var countBytes = asn1.integerToDer(count);\n  var dkLen;\n  var encryptionAlgorithm;\n  var encryptedData;\n  if(options.algorithm.indexOf('aes') === 0 || options.algorithm === 'des') {\n    // do PBES2\n    var ivLen, encOid, cipherFn;\n    switch(options.algorithm) {\n    case 'aes128':\n      dkLen = 16;\n      ivLen = 16;\n      encOid = oids['aes128-CBC'];\n      cipherFn = forge.aes.createEncryptionCipher;\n      break;\n    case 'aes192':\n      dkLen = 24;\n      ivLen = 16;\n      encOid = oids['aes192-CBC'];\n      cipherFn = forge.aes.createEncryptionCipher;\n      break;\n    case 'aes256':\n      dkLen = 32;\n      ivLen = 16;\n      encOid = oids['aes256-CBC'];\n      cipherFn = forge.aes.createEncryptionCipher;\n      break;\n    case 'des':\n      dkLen = 8;\n      ivLen = 8;\n      encOid = oids['desCBC'];\n      cipherFn = forge.des.createEncryptionCipher;\n      break;\n    default:\n      var error = new Error('Cannot encrypt private key. Unknown encryption algorithm.');\n      error.algorithm = options.algorithm;\n      throw error;\n    }\n\n    // get PRF message digest\n    var prfAlgorithm = 'hmacWith' + options.prfAlgorithm.toUpperCase();\n    var md = prfAlgorithmToMessageDigest(prfAlgorithm);\n\n    // encrypt private key using pbe SHA-1 and AES/DES\n    var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md);\n    var iv = forge.random.getBytesSync(ivLen);\n    var cipher = cipherFn(dk);\n    cipher.start(iv);\n    cipher.update(asn1.toDer(obj));\n    cipher.finish();\n    encryptedData = cipher.output.getBytes();\n\n    // get PBKDF2-params\n    var params = createPbkdf2Params(salt, countBytes, dkLen, prfAlgorithm);\n\n    encryptionAlgorithm = asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        asn1.oidToDer(oids['pkcs5PBES2']).getBytes()),\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // keyDerivationFunc\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n            asn1.oidToDer(oids['pkcs5PBKDF2']).getBytes()),\n          // PBKDF2-params\n          params\n        ]),\n        // encryptionScheme\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n            asn1.oidToDer(encOid).getBytes()),\n          // iv\n          asn1.create(\n            asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, iv)\n        ])\n      ])\n    ]);\n  } else if(options.algorithm === '3des') {\n    // Do PKCS12 PBE\n    dkLen = 24;\n\n    var saltBytes = new forge.util.ByteBuffer(salt);\n    var dk = pki.pbe.generatePkcs12Key(password, saltBytes, 1, count, dkLen);\n    var iv = pki.pbe.generatePkcs12Key(password, saltBytes, 2, count, dkLen);\n    var cipher = forge.des.createEncryptionCipher(dk);\n    cipher.start(iv);\n    cipher.update(asn1.toDer(obj));\n    cipher.finish();\n    encryptedData = cipher.output.getBytes();\n\n    encryptionAlgorithm = asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        asn1.oidToDer(oids['pbeWithSHAAnd3-KeyTripleDES-CBC']).getBytes()),\n      // pkcs-12PbeParams\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // salt\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),\n        // iteration count\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n          countBytes.getBytes())\n      ])\n    ]);\n  } else {\n    var error = new Error('Cannot encrypt private key. Unknown encryption algorithm.');\n    error.algorithm = options.algorithm;\n    throw error;\n  }\n\n  // EncryptedPrivateKeyInfo\n  var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // encryptionAlgorithm\n    encryptionAlgorithm,\n    // encryptedData\n    asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, encryptedData)\n  ]);\n  return rval;\n};\n\n/**\n * Decrypts a ASN.1 PrivateKeyInfo object.\n *\n * @param obj the ASN.1 EncryptedPrivateKeyInfo object.\n * @param password the password to decrypt with.\n *\n * @return the ASN.1 PrivateKeyInfo on success, null on failure.\n */\npki.decryptPrivateKeyInfo = function(obj, password) {\n  var rval = null;\n\n  // get PBE params\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(obj, encryptedPrivateKeyValidator, capture, errors)) {\n    var error = new Error('Cannot read encrypted private key. ' +\n      'ASN.1 object is not a supported EncryptedPrivateKeyInfo.');\n    error.errors = errors;\n    throw error;\n  }\n\n  // get cipher\n  var oid = asn1.derToOid(capture.encryptionOid);\n  var cipher = pki.pbe.getCipher(oid, capture.encryptionParams, password);\n\n  // get encrypted data\n  var encrypted = forge.util.createBuffer(capture.encryptedData);\n\n  cipher.update(encrypted);\n  if(cipher.finish()) {\n    rval = asn1.fromDer(cipher.output);\n  }\n\n  return rval;\n};\n\n/**\n * Converts a EncryptedPrivateKeyInfo to PEM format.\n *\n * @param epki the EncryptedPrivateKeyInfo.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted encrypted private key.\n */\npki.encryptedPrivateKeyToPem = function(epki, maxline) {\n  // convert to DER, then PEM-encode\n  var msg = {\n    type: 'ENCRYPTED PRIVATE KEY',\n    body: asn1.toDer(epki).getBytes()\n  };\n  return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Converts a PEM-encoded EncryptedPrivateKeyInfo to ASN.1 format. Decryption\n * is not performed.\n *\n * @param pem the EncryptedPrivateKeyInfo in PEM-format.\n *\n * @return the ASN.1 EncryptedPrivateKeyInfo.\n */\npki.encryptedPrivateKeyFromPem = function(pem) {\n  var msg = forge.pem.decode(pem)[0];\n\n  if(msg.type !== 'ENCRYPTED PRIVATE KEY') {\n    var error = new Error('Could not convert encrypted private key from PEM; ' +\n      'PEM header type is \"ENCRYPTED PRIVATE KEY\".');\n    error.headerType = msg.type;\n    throw error;\n  }\n  if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n    throw new Error('Could not convert encrypted private key from PEM; ' +\n      'PEM is encrypted.');\n  }\n\n  // convert DER to ASN.1 object\n  return asn1.fromDer(msg.body);\n};\n\n/**\n * Encrypts an RSA private key. By default, the key will be wrapped in\n * a PrivateKeyInfo and encrypted to produce a PKCS#8 EncryptedPrivateKeyInfo.\n * This is the standard, preferred way to encrypt a private key.\n *\n * To produce a non-standard PEM-encrypted private key that uses encapsulated\n * headers to indicate the encryption algorithm (old-style non-PKCS#8 OpenSSL\n * private key encryption), set the 'legacy' option to true. Note: Using this\n * option will cause the iteration count to be forced to 1.\n *\n * Note: The 'des' algorithm is supported, but it is not considered to be\n * secure because it only uses a single 56-bit key. If possible, it is highly\n * recommended that a different algorithm be used.\n *\n * @param rsaKey the RSA key to encrypt.\n * @param password the password to use.\n * @param options:\n *          algorithm: the encryption algorithm to use\n *            ('aes128', 'aes192', 'aes256', '3des', 'des').\n *          count: the iteration count to use.\n *          saltSize: the salt size to use.\n *          legacy: output an old non-PKCS#8 PEM-encrypted+encapsulated\n *            headers (DEK-Info) private key.\n *\n * @return the PEM-encoded ASN.1 EncryptedPrivateKeyInfo.\n */\npki.encryptRsaPrivateKey = function(rsaKey, password, options) {\n  // standard PKCS#8\n  options = options || {};\n  if(!options.legacy) {\n    // encrypt PrivateKeyInfo\n    var rval = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(rsaKey));\n    rval = pki.encryptPrivateKeyInfo(rval, password, options);\n    return pki.encryptedPrivateKeyToPem(rval);\n  }\n\n  // legacy non-PKCS#8\n  var algorithm;\n  var iv;\n  var dkLen;\n  var cipherFn;\n  switch(options.algorithm) {\n  case 'aes128':\n    algorithm = 'AES-128-CBC';\n    dkLen = 16;\n    iv = forge.random.getBytesSync(16);\n    cipherFn = forge.aes.createEncryptionCipher;\n    break;\n  case 'aes192':\n    algorithm = 'AES-192-CBC';\n    dkLen = 24;\n    iv = forge.random.getBytesSync(16);\n    cipherFn = forge.aes.createEncryptionCipher;\n    break;\n  case 'aes256':\n    algorithm = 'AES-256-CBC';\n    dkLen = 32;\n    iv = forge.random.getBytesSync(16);\n    cipherFn = forge.aes.createEncryptionCipher;\n    break;\n  case '3des':\n    algorithm = 'DES-EDE3-CBC';\n    dkLen = 24;\n    iv = forge.random.getBytesSync(8);\n    cipherFn = forge.des.createEncryptionCipher;\n    break;\n  case 'des':\n    algorithm = 'DES-CBC';\n    dkLen = 8;\n    iv = forge.random.getBytesSync(8);\n    cipherFn = forge.des.createEncryptionCipher;\n    break;\n  default:\n    var error = new Error('Could not encrypt RSA private key; unsupported ' +\n      'encryption algorithm \"' + options.algorithm + '\".');\n    error.algorithm = options.algorithm;\n    throw error;\n  }\n\n  // encrypt private key using OpenSSL legacy key derivation\n  var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen);\n  var cipher = cipherFn(dk);\n  cipher.start(iv);\n  cipher.update(asn1.toDer(pki.privateKeyToAsn1(rsaKey)));\n  cipher.finish();\n\n  var msg = {\n    type: 'RSA PRIVATE KEY',\n    procType: {\n      version: '4',\n      type: 'ENCRYPTED'\n    },\n    dekInfo: {\n      algorithm: algorithm,\n      parameters: forge.util.bytesToHex(iv).toUpperCase()\n    },\n    body: cipher.output.getBytes()\n  };\n  return forge.pem.encode(msg);\n};\n\n/**\n * Decrypts an RSA private key.\n *\n * @param pem the PEM-formatted EncryptedPrivateKeyInfo to decrypt.\n * @param password the password to use.\n *\n * @return the RSA key on success, null on failure.\n */\npki.decryptRsaPrivateKey = function(pem, password) {\n  var rval = null;\n\n  var msg = forge.pem.decode(pem)[0];\n\n  if(msg.type !== 'ENCRYPTED PRIVATE KEY' &&\n    msg.type !== 'PRIVATE KEY' &&\n    msg.type !== 'RSA PRIVATE KEY') {\n    var error = new Error('Could not convert private key from PEM; PEM header type ' +\n      'is not \"ENCRYPTED PRIVATE KEY\", \"PRIVATE KEY\", or \"RSA PRIVATE KEY\".');\n    error.headerType = error;\n    throw error;\n  }\n\n  if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n    var dkLen;\n    var cipherFn;\n    switch(msg.dekInfo.algorithm) {\n    case 'DES-CBC':\n      dkLen = 8;\n      cipherFn = forge.des.createDecryptionCipher;\n      break;\n    case 'DES-EDE3-CBC':\n      dkLen = 24;\n      cipherFn = forge.des.createDecryptionCipher;\n      break;\n    case 'AES-128-CBC':\n      dkLen = 16;\n      cipherFn = forge.aes.createDecryptionCipher;\n      break;\n    case 'AES-192-CBC':\n      dkLen = 24;\n      cipherFn = forge.aes.createDecryptionCipher;\n      break;\n    case 'AES-256-CBC':\n      dkLen = 32;\n      cipherFn = forge.aes.createDecryptionCipher;\n      break;\n    case 'RC2-40-CBC':\n      dkLen = 5;\n      cipherFn = function(key) {\n        return forge.rc2.createDecryptionCipher(key, 40);\n      };\n      break;\n    case 'RC2-64-CBC':\n      dkLen = 8;\n      cipherFn = function(key) {\n        return forge.rc2.createDecryptionCipher(key, 64);\n      };\n      break;\n    case 'RC2-128-CBC':\n      dkLen = 16;\n      cipherFn = function(key) {\n        return forge.rc2.createDecryptionCipher(key, 128);\n      };\n      break;\n    default:\n      var error = new Error('Could not decrypt private key; unsupported ' +\n        'encryption algorithm \"' + msg.dekInfo.algorithm + '\".');\n      error.algorithm = msg.dekInfo.algorithm;\n      throw error;\n    }\n\n    // use OpenSSL legacy key derivation\n    var iv = forge.util.hexToBytes(msg.dekInfo.parameters);\n    var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen);\n    var cipher = cipherFn(dk);\n    cipher.start(iv);\n    cipher.update(forge.util.createBuffer(msg.body));\n    if(cipher.finish()) {\n      rval = cipher.output.getBytes();\n    } else {\n      return rval;\n    }\n  } else {\n    rval = msg.body;\n  }\n\n  if(msg.type === 'ENCRYPTED PRIVATE KEY') {\n    rval = pki.decryptPrivateKeyInfo(asn1.fromDer(rval), password);\n  } else {\n    // decryption already performed above\n    rval = asn1.fromDer(rval);\n  }\n\n  if(rval !== null) {\n    rval = pki.privateKeyFromAsn1(rval);\n  }\n\n  return rval;\n};\n\n/**\n * Derives a PKCS#12 key.\n *\n * @param password the password to derive the key material from, null or\n *          undefined for none.\n * @param salt the salt, as a ByteBuffer, to use.\n * @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).\n * @param iter the iteration count.\n * @param n the number of bytes to derive from the password.\n * @param md the message digest to use, defaults to SHA-1.\n *\n * @return a ByteBuffer with the bytes derived from the password.\n */\npki.pbe.generatePkcs12Key = function(password, salt, id, iter, n, md) {\n  var j, l;\n\n  if(typeof md === 'undefined' || md === null) {\n    if(!('sha1' in forge.md)) {\n      throw new Error('\"sha1\" hash algorithm unavailable.');\n    }\n    md = forge.md.sha1.create();\n  }\n\n  var u = md.digestLength;\n  var v = md.blockLength;\n  var result = new forge.util.ByteBuffer();\n\n  /* Convert password to Unicode byte buffer + trailing 0-byte. */\n  var passBuf = new forge.util.ByteBuffer();\n  if(password !== null && password !== undefined) {\n    for(l = 0; l < password.length; l++) {\n      passBuf.putInt16(password.charCodeAt(l));\n    }\n    passBuf.putInt16(0);\n  }\n\n  /* Length of salt and password in BYTES. */\n  var p = passBuf.length();\n  var s = salt.length();\n\n  /* 1. Construct a string, D (the \"diversifier\"), by concatenating\n        v copies of ID. */\n  var D = new forge.util.ByteBuffer();\n  D.fillWithByte(id, v);\n\n  /* 2. Concatenate copies of the salt together to create a string S of length\n        v * ceil(s / v) bytes (the final copy of the salt may be trunacted\n        to create S).\n        Note that if the salt is the empty string, then so is S. */\n  var Slen = v * Math.ceil(s / v);\n  var S = new forge.util.ByteBuffer();\n  for(l = 0; l < Slen; l++) {\n    S.putByte(salt.at(l % s));\n  }\n\n  /* 3. Concatenate copies of the password together to create a string P of\n        length v * ceil(p / v) bytes (the final copy of the password may be\n        truncated to create P).\n        Note that if the password is the empty string, then so is P. */\n  var Plen = v * Math.ceil(p / v);\n  var P = new forge.util.ByteBuffer();\n  for(l = 0; l < Plen; l++) {\n    P.putByte(passBuf.at(l % p));\n  }\n\n  /* 4. Set I=S||P to be the concatenation of S and P. */\n  var I = S;\n  I.putBuffer(P);\n\n  /* 5. Set c=ceil(n / u). */\n  var c = Math.ceil(n / u);\n\n  /* 6. For i=1, 2, ..., c, do the following: */\n  for(var i = 1; i <= c; i++) {\n    /* a) Set Ai=H^r(D||I). (l.e. the rth hash of D||I, H(H(H(...H(D||I)))) */\n    var buf = new forge.util.ByteBuffer();\n    buf.putBytes(D.bytes());\n    buf.putBytes(I.bytes());\n    for(var round = 0; round < iter; round++) {\n      md.start();\n      md.update(buf.getBytes());\n      buf = md.digest();\n    }\n\n    /* b) Concatenate copies of Ai to create a string B of length v bytes (the\n          final copy of Ai may be truncated to create B). */\n    var B = new forge.util.ByteBuffer();\n    for(l = 0; l < v; l++) {\n      B.putByte(buf.at(l % u));\n    }\n\n    /* c) Treating I as a concatenation I0, I1, ..., Ik-1 of v-byte blocks,\n          where k=ceil(s / v) + ceil(p / v), modify I by setting\n          Ij=(Ij+B+1) mod 2v for each j.  */\n    var k = Math.ceil(s / v) + Math.ceil(p / v);\n    var Inew = new forge.util.ByteBuffer();\n    for(j = 0; j < k; j++) {\n      var chunk = new forge.util.ByteBuffer(I.getBytes(v));\n      var x = 0x1ff;\n      for(l = B.length() - 1; l >= 0; l--) {\n        x = x >> 8;\n        x += B.at(l) + chunk.at(l);\n        chunk.setAt(l, x & 0xff);\n      }\n      Inew.putBuffer(chunk);\n    }\n    I = Inew;\n\n    /* Add Ai to A. */\n    result.putBuffer(buf);\n  }\n\n  result.truncate(result.length() - n);\n  return result;\n};\n\n/**\n * Get new Forge cipher object instance.\n *\n * @param oid the OID (in string notation).\n * @param params the ASN.1 params object.\n * @param password the password to decrypt with.\n *\n * @return new cipher object instance.\n */\npki.pbe.getCipher = function(oid, params, password) {\n  switch(oid) {\n  case pki.oids['pkcs5PBES2']:\n    return pki.pbe.getCipherForPBES2(oid, params, password);\n\n  case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:\n  case pki.oids['pbewithSHAAnd40BitRC2-CBC']:\n    return pki.pbe.getCipherForPKCS12PBE(oid, params, password);\n\n  default:\n    var error = new Error('Cannot read encrypted PBE data block. Unsupported OID.');\n    error.oid = oid;\n    error.supportedOids = [\n      'pkcs5PBES2',\n      'pbeWithSHAAnd3-KeyTripleDES-CBC',\n      'pbewithSHAAnd40BitRC2-CBC'\n    ];\n    throw error;\n  }\n};\n\n/**\n * Get new Forge cipher object instance according to PBES2 params block.\n *\n * The returned cipher instance is already started using the IV\n * from PBES2 parameter block.\n *\n * @param oid the PKCS#5 PBKDF2 OID (in string notation).\n * @param params the ASN.1 PBES2-params object.\n * @param password the password to decrypt with.\n *\n * @return new cipher object instance.\n */\npki.pbe.getCipherForPBES2 = function(oid, params, password) {\n  // get PBE params\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(params, PBES2AlgorithmsValidator, capture, errors)) {\n    var error = new Error('Cannot read password-based-encryption algorithm ' +\n      'parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo.');\n    error.errors = errors;\n    throw error;\n  }\n\n  // check oids\n  oid = asn1.derToOid(capture.kdfOid);\n  if(oid !== pki.oids['pkcs5PBKDF2']) {\n    var error = new Error('Cannot read encrypted private key. ' +\n      'Unsupported key derivation function OID.');\n    error.oid = oid;\n    error.supportedOids = ['pkcs5PBKDF2'];\n    throw error;\n  }\n  oid = asn1.derToOid(capture.encOid);\n  if(oid !== pki.oids['aes128-CBC'] &&\n    oid !== pki.oids['aes192-CBC'] &&\n    oid !== pki.oids['aes256-CBC'] &&\n    oid !== pki.oids['des-EDE3-CBC'] &&\n    oid !== pki.oids['desCBC']) {\n    var error = new Error('Cannot read encrypted private key. ' +\n      'Unsupported encryption scheme OID.');\n    error.oid = oid;\n    error.supportedOids = [\n      'aes128-CBC', 'aes192-CBC', 'aes256-CBC', 'des-EDE3-CBC', 'desCBC'];\n    throw error;\n  }\n\n  // set PBE params\n  var salt = capture.kdfSalt;\n  var count = forge.util.createBuffer(capture.kdfIterationCount);\n  count = count.getInt(count.length() << 3);\n  var dkLen;\n  var cipherFn;\n  switch(pki.oids[oid]) {\n  case 'aes128-CBC':\n    dkLen = 16;\n    cipherFn = forge.aes.createDecryptionCipher;\n    break;\n  case 'aes192-CBC':\n    dkLen = 24;\n    cipherFn = forge.aes.createDecryptionCipher;\n    break;\n  case 'aes256-CBC':\n    dkLen = 32;\n    cipherFn = forge.aes.createDecryptionCipher;\n    break;\n  case 'des-EDE3-CBC':\n    dkLen = 24;\n    cipherFn = forge.des.createDecryptionCipher;\n    break;\n  case 'desCBC':\n    dkLen = 8;\n    cipherFn = forge.des.createDecryptionCipher;\n    break;\n  }\n\n  // get PRF message digest\n  var md = prfOidToMessageDigest(capture.prfOid);\n\n  // decrypt private key using pbe with chosen PRF and AES/DES\n  var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md);\n  var iv = capture.encIv;\n  var cipher = cipherFn(dk);\n  cipher.start(iv);\n\n  return cipher;\n};\n\n/**\n * Get new Forge cipher object instance for PKCS#12 PBE.\n *\n * The returned cipher instance is already started using the key & IV\n * derived from the provided password and PKCS#12 PBE salt.\n *\n * @param oid The PKCS#12 PBE OID (in string notation).\n * @param params The ASN.1 PKCS#12 PBE-params object.\n * @param password The password to decrypt with.\n *\n * @return the new cipher object instance.\n */\npki.pbe.getCipherForPKCS12PBE = function(oid, params, password) {\n  // get PBE params\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(params, pkcs12PbeParamsValidator, capture, errors)) {\n    var error = new Error('Cannot read password-based-encryption algorithm ' +\n      'parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo.');\n    error.errors = errors;\n    throw error;\n  }\n\n  var salt = forge.util.createBuffer(capture.salt);\n  var count = forge.util.createBuffer(capture.iterations);\n  count = count.getInt(count.length() << 3);\n\n  var dkLen, dIvLen, cipherFn;\n  switch(oid) {\n    case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']:\n      dkLen = 24;\n      dIvLen = 8;\n      cipherFn = forge.des.startDecrypting;\n      break;\n\n    case pki.oids['pbewithSHAAnd40BitRC2-CBC']:\n      dkLen = 5;\n      dIvLen = 8;\n      cipherFn = function(key, iv) {\n        var cipher = forge.rc2.createDecryptionCipher(key, 40);\n        cipher.start(iv, null);\n        return cipher;\n      };\n      break;\n\n    default:\n      var error = new Error('Cannot read PKCS #12 PBE data block. Unsupported OID.');\n      error.oid = oid;\n      throw error;\n  }\n\n  // get PRF message digest\n  var md = prfOidToMessageDigest(capture.prfOid);\n  var key = pki.pbe.generatePkcs12Key(password, salt, 1, count, dkLen, md);\n  md.start();\n  var iv = pki.pbe.generatePkcs12Key(password, salt, 2, count, dIvLen, md);\n\n  return cipherFn(key, iv);\n};\n\n/**\n * OpenSSL's legacy key derivation function.\n *\n * See: http://www.openssl.org/docs/crypto/EVP_BytesToKey.html\n *\n * @param password the password to derive the key from.\n * @param salt the salt to use, null for none.\n * @param dkLen the number of bytes needed for the derived key.\n * @param [options] the options to use:\n *          [md] an optional message digest object to use.\n */\npki.pbe.opensslDeriveBytes = function(password, salt, dkLen, md) {\n  if(typeof md === 'undefined' || md === null) {\n    if(!('md5' in forge.md)) {\n      throw new Error('\"md5\" hash algorithm unavailable.');\n    }\n    md = forge.md.md5.create();\n  }\n  if(salt === null) {\n    salt = '';\n  }\n  var digests = [hash(md, password + salt)];\n  for(var length = 16, i = 1; length < dkLen; ++i, length += 16) {\n    digests.push(hash(md, digests[i - 1] + password + salt));\n  }\n  return digests.join('').substr(0, dkLen);\n};\n\nfunction hash(md, bytes) {\n  return md.start().update(bytes).digest().getBytes();\n}\n\nfunction prfOidToMessageDigest(prfOid) {\n  // get PRF algorithm, default to SHA-1\n  var prfAlgorithm;\n  if(!prfOid) {\n    prfAlgorithm = 'hmacWithSHA1';\n  } else {\n    prfAlgorithm = pki.oids[asn1.derToOid(prfOid)];\n    if(!prfAlgorithm) {\n      var error = new Error('Unsupported PRF OID.');\n      error.oid = prfOid;\n      error.supported = [\n        'hmacWithSHA1', 'hmacWithSHA224', 'hmacWithSHA256', 'hmacWithSHA384',\n        'hmacWithSHA512'];\n      throw error;\n    }\n  }\n  return prfAlgorithmToMessageDigest(prfAlgorithm);\n}\n\nfunction prfAlgorithmToMessageDigest(prfAlgorithm) {\n  var factory = forge.md;\n  switch(prfAlgorithm) {\n  case 'hmacWithSHA224':\n    factory = forge.md.sha512;\n  case 'hmacWithSHA1':\n  case 'hmacWithSHA256':\n  case 'hmacWithSHA384':\n  case 'hmacWithSHA512':\n    prfAlgorithm = prfAlgorithm.substr(8).toLowerCase();\n    break;\n  default:\n    var error = new Error('Unsupported PRF algorithm.');\n    error.algorithm = prfAlgorithm;\n    error.supported = [\n      'hmacWithSHA1', 'hmacWithSHA224', 'hmacWithSHA256', 'hmacWithSHA384',\n      'hmacWithSHA512'];\n    throw error;\n  }\n  if(!factory || !(prfAlgorithm in factory)) {\n    throw new Error('Unknown hash algorithm: ' + prfAlgorithm);\n  }\n  return factory[prfAlgorithm].create();\n}\n\nfunction createPbkdf2Params(salt, countBytes, dkLen, prfAlgorithm) {\n  var params = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // salt\n    asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt),\n    // iteration count\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      countBytes.getBytes())\n  ]);\n  // when PRF algorithm is not SHA-1 default, add key length and PRF algorithm\n  if(prfAlgorithm !== 'hmacWithSHA1') {\n    params.value.push(\n      // key length\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n        forge.util.hexToBytes(dkLen.toString(16))),\n      // AlgorithmIdentifier\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // algorithm\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n          asn1.oidToDer(pki.oids[prfAlgorithm]).getBytes()),\n        // parameters (null)\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n      ]));\n  }\n  return params;\n}\n","/**\n * Password-Based Key-Derivation Function #2 implementation.\n *\n * See RFC 2898 for details.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2013 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./hmac');\nrequire('./md');\nrequire('./util');\n\nvar pkcs5 = forge.pkcs5 = forge.pkcs5 || {};\n\nvar crypto;\nif(forge.util.isNodejs && !forge.options.usePureJavaScript) {\n  crypto = require('crypto');\n}\n\n/**\n * Derives a key from a password.\n *\n * @param p the password as a binary-encoded string of bytes.\n * @param s the salt as a binary-encoded string of bytes.\n * @param c the iteration count, a positive integer.\n * @param dkLen the intended length, in bytes, of the derived key,\n *          (max: 2^32 - 1) * hash length of the PRF.\n * @param [md] the message digest (or algorithm identifier as a string) to use\n *          in the PRF, defaults to SHA-1.\n * @param [callback(err, key)] presence triggers asynchronous version, called\n *          once the operation completes.\n *\n * @return the derived key, as a binary-encoded string of bytes, for the\n *           synchronous version (if no callback is specified).\n */\nmodule.exports = forge.pbkdf2 = pkcs5.pbkdf2 = function(\n  p, s, c, dkLen, md, callback) {\n  if(typeof md === 'function') {\n    callback = md;\n    md = null;\n  }\n\n  // use native implementation if possible and not disabled, note that\n  // some node versions only support SHA-1, others allow digest to be changed\n  if(forge.util.isNodejs && !forge.options.usePureJavaScript &&\n    crypto.pbkdf2 && (md === null || typeof md !== 'object') &&\n    (crypto.pbkdf2Sync.length > 4 || (!md || md === 'sha1'))) {\n    if(typeof md !== 'string') {\n      // default prf to SHA-1\n      md = 'sha1';\n    }\n    p = Buffer.from(p, 'binary');\n    s = Buffer.from(s, 'binary');\n    if(!callback) {\n      if(crypto.pbkdf2Sync.length === 4) {\n        return crypto.pbkdf2Sync(p, s, c, dkLen).toString('binary');\n      }\n      return crypto.pbkdf2Sync(p, s, c, dkLen, md).toString('binary');\n    }\n    if(crypto.pbkdf2Sync.length === 4) {\n      return crypto.pbkdf2(p, s, c, dkLen, function(err, key) {\n        if(err) {\n          return callback(err);\n        }\n        callback(null, key.toString('binary'));\n      });\n    }\n    return crypto.pbkdf2(p, s, c, dkLen, md, function(err, key) {\n      if(err) {\n        return callback(err);\n      }\n      callback(null, key.toString('binary'));\n    });\n  }\n\n  if(typeof md === 'undefined' || md === null) {\n    // default prf to SHA-1\n    md = 'sha1';\n  }\n  if(typeof md === 'string') {\n    if(!(md in forge.md.algorithms)) {\n      throw new Error('Unknown hash algorithm: ' + md);\n    }\n    md = forge.md[md].create();\n  }\n\n  var hLen = md.digestLength;\n\n  /* 1. If dkLen > (2^32 - 1) * hLen, output \"derived key too long\" and\n    stop. */\n  if(dkLen > (0xFFFFFFFF * hLen)) {\n    var err = new Error('Derived key is too long.');\n    if(callback) {\n      return callback(err);\n    }\n    throw err;\n  }\n\n  /* 2. Let len be the number of hLen-octet blocks in the derived key,\n    rounding up, and let r be the number of octets in the last\n    block:\n\n    len = CEIL(dkLen / hLen),\n    r = dkLen - (len - 1) * hLen. */\n  var len = Math.ceil(dkLen / hLen);\n  var r = dkLen - (len - 1) * hLen;\n\n  /* 3. For each block of the derived key apply the function F defined\n    below to the password P, the salt S, the iteration count c, and\n    the block index to compute the block:\n\n    T_1 = F(P, S, c, 1),\n    T_2 = F(P, S, c, 2),\n    ...\n    T_len = F(P, S, c, len),\n\n    where the function F is defined as the exclusive-or sum of the\n    first c iterates of the underlying pseudorandom function PRF\n    applied to the password P and the concatenation of the salt S\n    and the block index i:\n\n    F(P, S, c, i) = u_1 XOR u_2 XOR ... XOR u_c\n\n    where\n\n    u_1 = PRF(P, S || INT(i)),\n    u_2 = PRF(P, u_1),\n    ...\n    u_c = PRF(P, u_{c-1}).\n\n    Here, INT(i) is a four-octet encoding of the integer i, most\n    significant octet first. */\n  var prf = forge.hmac.create();\n  prf.start(md, p);\n  var dk = '';\n  var xor, u_c, u_c1;\n\n  // sync version\n  if(!callback) {\n    for(var i = 1; i <= len; ++i) {\n      // PRF(P, S || INT(i)) (first iteration)\n      prf.start(null, null);\n      prf.update(s);\n      prf.update(forge.util.int32ToBytes(i));\n      xor = u_c1 = prf.digest().getBytes();\n\n      // PRF(P, u_{c-1}) (other iterations)\n      for(var j = 2; j <= c; ++j) {\n        prf.start(null, null);\n        prf.update(u_c1);\n        u_c = prf.digest().getBytes();\n        // F(p, s, c, i)\n        xor = forge.util.xorBytes(xor, u_c, hLen);\n        u_c1 = u_c;\n      }\n\n      /* 4. Concatenate the blocks and extract the first dkLen octets to\n        produce a derived key DK:\n\n        DK = T_1 || T_2 ||  ...  || T_len<0..r-1> */\n      dk += (i < len) ? xor : xor.substr(0, r);\n    }\n    /* 5. Output the derived key DK. */\n    return dk;\n  }\n\n  // async version\n  var i = 1, j;\n  function outer() {\n    if(i > len) {\n      // done\n      return callback(null, dk);\n    }\n\n    // PRF(P, S || INT(i)) (first iteration)\n    prf.start(null, null);\n    prf.update(s);\n    prf.update(forge.util.int32ToBytes(i));\n    xor = u_c1 = prf.digest().getBytes();\n\n    // PRF(P, u_{c-1}) (other iterations)\n    j = 2;\n    inner();\n  }\n\n  function inner() {\n    if(j <= c) {\n      prf.start(null, null);\n      prf.update(u_c1);\n      u_c = prf.digest().getBytes();\n      // F(p, s, c, i)\n      xor = forge.util.xorBytes(xor, u_c, hLen);\n      u_c1 = u_c;\n      ++j;\n      return forge.util.setImmediate(inner);\n    }\n\n    /* 4. Concatenate the blocks and extract the first dkLen octets to\n      produce a derived key DK:\n\n      DK = T_1 || T_2 ||  ...  || T_len<0..r-1> */\n    dk += (i < len) ? xor : xor.substr(0, r);\n\n    ++i;\n    outer();\n  }\n\n  outer();\n};\n","/**\n * Javascript implementation of basic PEM (Privacy Enhanced Mail) algorithms.\n *\n * See: RFC 1421.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2013-2014 Digital Bazaar, Inc.\n *\n * A Forge PEM object has the following fields:\n *\n * type: identifies the type of message (eg: \"RSA PRIVATE KEY\").\n *\n * procType: identifies the type of processing performed on the message,\n *   it has two subfields: version and type, eg: 4,ENCRYPTED.\n *\n * contentDomain: identifies the type of content in the message, typically\n *   only uses the value: \"RFC822\".\n *\n * dekInfo: identifies the message encryption algorithm and mode and includes\n *   any parameters for the algorithm, it has two subfields: algorithm and\n *   parameters, eg: DES-CBC,F8143EDE5960C597.\n *\n * headers: contains all other PEM encapsulated headers -- where order is\n *   significant (for pairing data like recipient ID + key info).\n *\n * body: the binary-encoded body.\n */\nvar forge = require('./forge');\nrequire('./util');\n\n// shortcut for pem API\nvar pem = module.exports = forge.pem = forge.pem || {};\n\n/**\n * Encodes (serializes) the given PEM object.\n *\n * @param msg the PEM message object to encode.\n * @param options the options to use:\n *          maxline the maximum characters per line for the body, (default: 64).\n *\n * @return the PEM-formatted string.\n */\npem.encode = function(msg, options) {\n  options = options || {};\n  var rval = '-----BEGIN ' + msg.type + '-----\\r\\n';\n\n  // encode special headers\n  var header;\n  if(msg.procType) {\n    header = {\n      name: 'Proc-Type',\n      values: [String(msg.procType.version), msg.procType.type]\n    };\n    rval += foldHeader(header);\n  }\n  if(msg.contentDomain) {\n    header = {name: 'Content-Domain', values: [msg.contentDomain]};\n    rval += foldHeader(header);\n  }\n  if(msg.dekInfo) {\n    header = {name: 'DEK-Info', values: [msg.dekInfo.algorithm]};\n    if(msg.dekInfo.parameters) {\n      header.values.push(msg.dekInfo.parameters);\n    }\n    rval += foldHeader(header);\n  }\n\n  if(msg.headers) {\n    // encode all other headers\n    for(var i = 0; i < msg.headers.length; ++i) {\n      rval += foldHeader(msg.headers[i]);\n    }\n  }\n\n  // terminate header\n  if(msg.procType) {\n    rval += '\\r\\n';\n  }\n\n  // add body\n  rval += forge.util.encode64(msg.body, options.maxline || 64) + '\\r\\n';\n\n  rval += '-----END ' + msg.type + '-----\\r\\n';\n  return rval;\n};\n\n/**\n * Decodes (deserializes) all PEM messages found in the given string.\n *\n * @param str the PEM-formatted string to decode.\n *\n * @return the PEM message objects in an array.\n */\npem.decode = function(str) {\n  var rval = [];\n\n  // split string into PEM messages (be lenient w/EOF on BEGIN line)\n  var rMessage = /\\s*-----BEGIN ([A-Z0-9- ]+)-----\\r?\\n?([\\x21-\\x7e\\s]+?(?:\\r?\\n\\r?\\n))?([:A-Za-z0-9+\\/=\\s]+?)-----END \\1-----/g;\n  var rHeader = /([\\x21-\\x7e]+):\\s*([\\x21-\\x7e\\s^:]+)/;\n  var rCRLF = /\\r?\\n/;\n  var match;\n  while(true) {\n    match = rMessage.exec(str);\n    if(!match) {\n      break;\n    }\n\n    // accept \"NEW CERTIFICATE REQUEST\" as \"CERTIFICATE REQUEST\"\n    // https://datatracker.ietf.org/doc/html/rfc7468#section-7\n    var type = match[1];\n    if(type === 'NEW CERTIFICATE REQUEST') {\n      type = 'CERTIFICATE REQUEST';\n    }\n\n    var msg = {\n      type: type,\n      procType: null,\n      contentDomain: null,\n      dekInfo: null,\n      headers: [],\n      body: forge.util.decode64(match[3])\n    };\n    rval.push(msg);\n\n    // no headers\n    if(!match[2]) {\n      continue;\n    }\n\n    // parse headers\n    var lines = match[2].split(rCRLF);\n    var li = 0;\n    while(match && li < lines.length) {\n      // get line, trim any rhs whitespace\n      var line = lines[li].replace(/\\s+$/, '');\n\n      // RFC2822 unfold any following folded lines\n      for(var nl = li + 1; nl < lines.length; ++nl) {\n        var next = lines[nl];\n        if(!/\\s/.test(next[0])) {\n          break;\n        }\n        line += next;\n        li = nl;\n      }\n\n      // parse header\n      match = line.match(rHeader);\n      if(match) {\n        var header = {name: match[1], values: []};\n        var values = match[2].split(',');\n        for(var vi = 0; vi < values.length; ++vi) {\n          header.values.push(ltrim(values[vi]));\n        }\n\n        // Proc-Type must be the first header\n        if(!msg.procType) {\n          if(header.name !== 'Proc-Type') {\n            throw new Error('Invalid PEM formatted message. The first ' +\n              'encapsulated header must be \"Proc-Type\".');\n          } else if(header.values.length !== 2) {\n            throw new Error('Invalid PEM formatted message. The \"Proc-Type\" ' +\n              'header must have two subfields.');\n          }\n          msg.procType = {version: values[0], type: values[1]};\n        } else if(!msg.contentDomain && header.name === 'Content-Domain') {\n          // special-case Content-Domain\n          msg.contentDomain = values[0] || '';\n        } else if(!msg.dekInfo && header.name === 'DEK-Info') {\n          // special-case DEK-Info\n          if(header.values.length === 0) {\n            throw new Error('Invalid PEM formatted message. The \"DEK-Info\" ' +\n              'header must have at least one subfield.');\n          }\n          msg.dekInfo = {algorithm: values[0], parameters: values[1] || null};\n        } else {\n          msg.headers.push(header);\n        }\n      }\n\n      ++li;\n    }\n\n    if(msg.procType === 'ENCRYPTED' && !msg.dekInfo) {\n      throw new Error('Invalid PEM formatted message. The \"DEK-Info\" ' +\n        'header must be present if \"Proc-Type\" is \"ENCRYPTED\".');\n    }\n  }\n\n  if(rval.length === 0) {\n    throw new Error('Invalid PEM formatted message.');\n  }\n\n  return rval;\n};\n\nfunction foldHeader(header) {\n  var rval = header.name + ': ';\n\n  // ensure values with CRLF are folded\n  var values = [];\n  var insertSpace = function(match, $1) {\n    return ' ' + $1;\n  };\n  for(var i = 0; i < header.values.length; ++i) {\n    values.push(header.values[i].replace(/^(\\S+\\r\\n)/, insertSpace));\n  }\n  rval += values.join(',') + '\\r\\n';\n\n  // do folding\n  var length = 0;\n  var candidate = -1;\n  for(var i = 0; i < rval.length; ++i, ++length) {\n    if(length > 65 && candidate !== -1) {\n      var insert = rval[candidate];\n      if(insert === ',') {\n        ++candidate;\n        rval = rval.substr(0, candidate) + '\\r\\n ' + rval.substr(candidate);\n      } else {\n        rval = rval.substr(0, candidate) +\n          '\\r\\n' + insert + rval.substr(candidate + 1);\n      }\n      length = (i - candidate - 1);\n      candidate = -1;\n      ++i;\n    } else if(rval[i] === ' ' || rval[i] === '\\t' || rval[i] === ',') {\n      candidate = i;\n    }\n  }\n\n  return rval;\n}\n\nfunction ltrim(str) {\n  return str.replace(/^\\s+/, '');\n}\n","/**\n * Partial implementation of PKCS#1 v2.2: RSA-OEAP\n *\n * Modified but based on the following MIT and BSD licensed code:\n *\n * https://github.com/kjur/jsjws/blob/master/rsa.js:\n *\n * The 'jsjws'(JSON Web Signature JavaScript Library) License\n *\n * Copyright (c) 2012 Kenji Urushima\n *\n * Permission is hereby granted, free of charge, to any person obtaining a copy\n * of this software and associated documentation files (the \"Software\"), to deal\n * in the Software without restriction, including without limitation the rights\n * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\n * copies of the Software, and to permit persons to whom the Software is\n * furnished to do so, subject to the following conditions:\n *\n * The above copyright notice and this permission notice shall be included in\n * all copies or substantial portions of the Software.\n *\n * THE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\n * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\n * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\n * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\n * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\n * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\n * THE SOFTWARE.\n *\n * http://webrsa.cvs.sourceforge.net/viewvc/webrsa/Client/RSAES-OAEP.js?content-type=text%2Fplain:\n *\n * RSAES-OAEP.js\n * $Id: RSAES-OAEP.js,v 1.1.1.1 2003/03/19 15:37:20 ellispritchard Exp $\n * JavaScript Implementation of PKCS #1 v2.1 RSA CRYPTOGRAPHY STANDARD (RSA Laboratories, June 14, 2002)\n * Copyright (C) Ellis Pritchard, Guardian Unlimited 2003.\n * Contact: ellis@nukinetics.com\n * Distributed under the BSD License.\n *\n * Official documentation: http://www.rsa.com/rsalabs/node.asp?id=2125\n *\n * @author Evan Jones (http://evanjones.ca/)\n * @author Dave Longley\n *\n * Copyright (c) 2013-2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\nrequire('./random');\nrequire('./sha1');\n\n// shortcut for PKCS#1 API\nvar pkcs1 = module.exports = forge.pkcs1 = forge.pkcs1 || {};\n\n/**\n * Encode the given RSAES-OAEP message (M) using key, with optional label (L)\n * and seed.\n *\n * This method does not perform RSA encryption, it only encodes the message\n * using RSAES-OAEP.\n *\n * @param key the RSA key to use.\n * @param message the message to encode.\n * @param options the options to use:\n *          label an optional label to use.\n *          seed the seed to use.\n *          md the message digest object to use, undefined for SHA-1.\n *          mgf1 optional mgf1 parameters:\n *            md the message digest object to use for MGF1.\n *\n * @return the encoded message bytes.\n */\npkcs1.encode_rsa_oaep = function(key, message, options) {\n  // parse arguments\n  var label;\n  var seed;\n  var md;\n  var mgf1Md;\n  // legacy args (label, seed, md)\n  if(typeof options === 'string') {\n    label = options;\n    seed = arguments[3] || undefined;\n    md = arguments[4] || undefined;\n  } else if(options) {\n    label = options.label || undefined;\n    seed = options.seed || undefined;\n    md = options.md || undefined;\n    if(options.mgf1 && options.mgf1.md) {\n      mgf1Md = options.mgf1.md;\n    }\n  }\n\n  // default OAEP to SHA-1 message digest\n  if(!md) {\n    md = forge.md.sha1.create();\n  } else {\n    md.start();\n  }\n\n  // default MGF-1 to same as OAEP\n  if(!mgf1Md) {\n    mgf1Md = md;\n  }\n\n  // compute length in bytes and check output\n  var keyLength = Math.ceil(key.n.bitLength() / 8);\n  var maxLength = keyLength - 2 * md.digestLength - 2;\n  if(message.length > maxLength) {\n    var error = new Error('RSAES-OAEP input message length is too long.');\n    error.length = message.length;\n    error.maxLength = maxLength;\n    throw error;\n  }\n\n  if(!label) {\n    label = '';\n  }\n  md.update(label, 'raw');\n  var lHash = md.digest();\n\n  var PS = '';\n  var PS_length = maxLength - message.length;\n  for(var i = 0; i < PS_length; i++) {\n    PS += '\\x00';\n  }\n\n  var DB = lHash.getBytes() + PS + '\\x01' + message;\n\n  if(!seed) {\n    seed = forge.random.getBytes(md.digestLength);\n  } else if(seed.length !== md.digestLength) {\n    var error = new Error('Invalid RSAES-OAEP seed. The seed length must ' +\n      'match the digest length.');\n    error.seedLength = seed.length;\n    error.digestLength = md.digestLength;\n    throw error;\n  }\n\n  var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md);\n  var maskedDB = forge.util.xorBytes(DB, dbMask, DB.length);\n\n  var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md);\n  var maskedSeed = forge.util.xorBytes(seed, seedMask, seed.length);\n\n  // return encoded message\n  return '\\x00' + maskedSeed + maskedDB;\n};\n\n/**\n * Decode the given RSAES-OAEP encoded message (EM) using key, with optional\n * label (L).\n *\n * This method does not perform RSA decryption, it only decodes the message\n * using RSAES-OAEP.\n *\n * @param key the RSA key to use.\n * @param em the encoded message to decode.\n * @param options the options to use:\n *          label an optional label to use.\n *          md the message digest object to use for OAEP, undefined for SHA-1.\n *          mgf1 optional mgf1 parameters:\n *            md the message digest object to use for MGF1.\n *\n * @return the decoded message bytes.\n */\npkcs1.decode_rsa_oaep = function(key, em, options) {\n  // parse args\n  var label;\n  var md;\n  var mgf1Md;\n  // legacy args\n  if(typeof options === 'string') {\n    label = options;\n    md = arguments[3] || undefined;\n  } else if(options) {\n    label = options.label || undefined;\n    md = options.md || undefined;\n    if(options.mgf1 && options.mgf1.md) {\n      mgf1Md = options.mgf1.md;\n    }\n  }\n\n  // compute length in bytes\n  var keyLength = Math.ceil(key.n.bitLength() / 8);\n\n  if(em.length !== keyLength) {\n    var error = new Error('RSAES-OAEP encoded message length is invalid.');\n    error.length = em.length;\n    error.expectedLength = keyLength;\n    throw error;\n  }\n\n  // default OAEP to SHA-1 message digest\n  if(md === undefined) {\n    md = forge.md.sha1.create();\n  } else {\n    md.start();\n  }\n\n  // default MGF-1 to same as OAEP\n  if(!mgf1Md) {\n    mgf1Md = md;\n  }\n\n  if(keyLength < 2 * md.digestLength + 2) {\n    throw new Error('RSAES-OAEP key is too short for the hash function.');\n  }\n\n  if(!label) {\n    label = '';\n  }\n  md.update(label, 'raw');\n  var lHash = md.digest().getBytes();\n\n  // split the message into its parts\n  var y = em.charAt(0);\n  var maskedSeed = em.substring(1, md.digestLength + 1);\n  var maskedDB = em.substring(1 + md.digestLength);\n\n  var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md);\n  var seed = forge.util.xorBytes(maskedSeed, seedMask, maskedSeed.length);\n\n  var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md);\n  var db = forge.util.xorBytes(maskedDB, dbMask, maskedDB.length);\n\n  var lHashPrime = db.substring(0, md.digestLength);\n\n  // constant time check that all values match what is expected\n  var error = (y !== '\\x00');\n\n  // constant time check lHash vs lHashPrime\n  for(var i = 0; i < md.digestLength; ++i) {\n    error |= (lHash.charAt(i) !== lHashPrime.charAt(i));\n  }\n\n  // \"constant time\" find the 0x1 byte separating the padding (zeros) from the\n  // message\n  // TODO: It must be possible to do this in a better/smarter way?\n  var in_ps = 1;\n  var index = md.digestLength;\n  for(var j = md.digestLength; j < db.length; j++) {\n    var code = db.charCodeAt(j);\n\n    var is_0 = (code & 0x1) ^ 0x1;\n\n    // non-zero if not 0 or 1 in the ps section\n    var error_mask = in_ps ? 0xfffe : 0x0000;\n    error |= (code & error_mask);\n\n    // latch in_ps to zero after we find 0x1\n    in_ps = in_ps & is_0;\n    index += in_ps;\n  }\n\n  if(error || db.charCodeAt(index) !== 0x1) {\n    throw new Error('Invalid RSAES-OAEP padding.');\n  }\n\n  return db.substring(index + 1);\n};\n\nfunction rsa_mgf1(seed, maskLength, hash) {\n  // default to SHA-1 message digest\n  if(!hash) {\n    hash = forge.md.sha1.create();\n  }\n  var t = '';\n  var count = Math.ceil(maskLength / hash.digestLength);\n  for(var i = 0; i < count; ++i) {\n    var c = String.fromCharCode(\n      (i >> 24) & 0xFF, (i >> 16) & 0xFF, (i >> 8) & 0xFF, i & 0xFF);\n    hash.start();\n    hash.update(seed + c);\n    t += hash.digest().getBytes();\n  }\n  return t.substring(0, maskLength);\n}\n","/**\n * Javascript implementation of PKCS#12.\n *\n * @author Dave Longley\n * @author Stefan Siegl <stesie@brokenpipe.de>\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n *\n * The ASN.1 representation of PKCS#12 is as follows\n * (see ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12-tc1.pdf for details)\n *\n * PFX ::= SEQUENCE {\n *   version  INTEGER {v3(3)}(v3,...),\n *   authSafe ContentInfo,\n *   macData  MacData OPTIONAL\n * }\n *\n * MacData ::= SEQUENCE {\n *   mac DigestInfo,\n *   macSalt OCTET STRING,\n *   iterations INTEGER DEFAULT 1\n * }\n * Note: The iterations default is for historical reasons and its use is\n * deprecated. A higher value, like 1024, is recommended.\n *\n * DigestInfo is defined in PKCS#7 as follows:\n *\n * DigestInfo ::= SEQUENCE {\n *   digestAlgorithm DigestAlgorithmIdentifier,\n *   digest Digest\n * }\n *\n * DigestAlgorithmIdentifier ::= AlgorithmIdentifier\n *\n * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters\n * for the algorithm, if any. In the case of SHA1 there is none.\n *\n * AlgorithmIdentifer ::= SEQUENCE {\n *    algorithm OBJECT IDENTIFIER,\n *    parameters ANY DEFINED BY algorithm OPTIONAL\n * }\n *\n * Digest ::= OCTET STRING\n *\n *\n * ContentInfo ::= SEQUENCE {\n *   contentType ContentType,\n *   content     [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL\n * }\n *\n * ContentType ::= OBJECT IDENTIFIER\n *\n * AuthenticatedSafe ::= SEQUENCE OF ContentInfo\n * -- Data if unencrypted\n * -- EncryptedData if password-encrypted\n * -- EnvelopedData if public key-encrypted\n *\n *\n * SafeContents ::= SEQUENCE OF SafeBag\n *\n * SafeBag ::= SEQUENCE {\n *   bagId     BAG-TYPE.&id ({PKCS12BagSet})\n *   bagValue  [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}),\n *   bagAttributes SET OF PKCS12Attribute OPTIONAL\n * }\n *\n * PKCS12Attribute ::= SEQUENCE {\n *   attrId ATTRIBUTE.&id ({PKCS12AttrSet}),\n *   attrValues SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId})\n * } -- This type is compatible with the X.500 type 'Attribute'\n *\n * PKCS12AttrSet ATTRIBUTE ::= {\n *   friendlyName | -- from PKCS #9\n *   localKeyId, -- from PKCS #9\n *   ... -- Other attributes are allowed\n * }\n *\n * CertBag ::= SEQUENCE {\n *   certId    BAG-TYPE.&id   ({CertTypes}),\n *   certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId})\n * }\n *\n * x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {certTypes 1}}\n *   -- DER-encoded X.509 certificate stored in OCTET STRING\n *\n * sdsiCertificate BAG-TYPE ::= {IA5String IDENTIFIED BY {certTypes 2}}\n * -- Base64-encoded SDSI certificate stored in IA5String\n *\n * CertTypes BAG-TYPE ::= {\n *   x509Certificate |\n *   sdsiCertificate,\n *   ... -- For future extensions\n * }\n */\nvar forge = require('./forge');\nrequire('./asn1');\nrequire('./hmac');\nrequire('./oids');\nrequire('./pkcs7asn1');\nrequire('./pbe');\nrequire('./random');\nrequire('./rsa');\nrequire('./sha1');\nrequire('./util');\nrequire('./x509');\n\n// shortcut for asn.1 & PKI API\nvar asn1 = forge.asn1;\nvar pki = forge.pki;\n\n// shortcut for PKCS#12 API\nvar p12 = module.exports = forge.pkcs12 = forge.pkcs12 || {};\n\nvar contentInfoValidator = {\n  name: 'ContentInfo',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,  // a ContentInfo\n  constructed: true,\n  value: [{\n    name: 'ContentInfo.contentType',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OID,\n    constructed: false,\n    capture: 'contentType'\n  }, {\n    name: 'ContentInfo.content',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    constructed: true,\n    captureAsn1: 'content'\n  }]\n};\n\nvar pfxValidator = {\n  name: 'PFX',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'PFX.version',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'version'\n  },\n  contentInfoValidator, {\n    name: 'PFX.macData',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    optional: true,\n    captureAsn1: 'mac',\n    value: [{\n      name: 'PFX.macData.mac',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,  // DigestInfo\n      constructed: true,\n      value: [{\n        name: 'PFX.macData.mac.digestAlgorithm',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.SEQUENCE,  // DigestAlgorithmIdentifier\n        constructed: true,\n        value: [{\n          name: 'PFX.macData.mac.digestAlgorithm.algorithm',\n          tagClass: asn1.Class.UNIVERSAL,\n          type: asn1.Type.OID,\n          constructed: false,\n          capture: 'macAlgorithm'\n        }, {\n          name: 'PFX.macData.mac.digestAlgorithm.parameters',\n          tagClass: asn1.Class.UNIVERSAL,\n          captureAsn1: 'macAlgorithmParameters'\n        }]\n      }, {\n        name: 'PFX.macData.mac.digest',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.OCTETSTRING,\n        constructed: false,\n        capture: 'macDigest'\n      }]\n    }, {\n      name: 'PFX.macData.macSalt',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OCTETSTRING,\n      constructed: false,\n      capture: 'macSalt'\n    }, {\n      name: 'PFX.macData.iterations',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.INTEGER,\n      constructed: false,\n      optional: true,\n      capture: 'macIterations'\n    }]\n  }]\n};\n\nvar safeBagValidator = {\n  name: 'SafeBag',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'SafeBag.bagId',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OID,\n    constructed: false,\n    capture: 'bagId'\n  }, {\n    name: 'SafeBag.bagValue',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    constructed: true,\n    captureAsn1: 'bagValue'\n  }, {\n    name: 'SafeBag.bagAttributes',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SET,\n    constructed: true,\n    optional: true,\n    capture: 'bagAttributes'\n  }]\n};\n\nvar attributeValidator = {\n  name: 'Attribute',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'Attribute.attrId',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OID,\n    constructed: false,\n    capture: 'oid'\n  }, {\n    name: 'Attribute.attrValues',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SET,\n    constructed: true,\n    capture: 'values'\n  }]\n};\n\nvar certBagValidator = {\n  name: 'CertBag',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'CertBag.certId',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OID,\n    constructed: false,\n    capture: 'certId'\n  }, {\n    name: 'CertBag.certValue',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    constructed: true,\n    /* So far we only support X.509 certificates (which are wrapped in\n       an OCTET STRING, hence hard code that here). */\n    value: [{\n      name: 'CertBag.certValue[0]',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Class.OCTETSTRING,\n      constructed: false,\n      capture: 'cert'\n    }]\n  }]\n};\n\n/**\n * Search SafeContents structure for bags with matching attributes.\n *\n * The search can optionally be narrowed by a certain bag type.\n *\n * @param safeContents the SafeContents structure to search in.\n * @param attrName the name of the attribute to compare against.\n * @param attrValue the attribute value to search for.\n * @param [bagType] bag type to narrow search by.\n *\n * @return an array of matching bags.\n */\nfunction _getBagsByAttribute(safeContents, attrName, attrValue, bagType) {\n  var result = [];\n\n  for(var i = 0; i < safeContents.length; i++) {\n    for(var j = 0; j < safeContents[i].safeBags.length; j++) {\n      var bag = safeContents[i].safeBags[j];\n      if(bagType !== undefined && bag.type !== bagType) {\n        continue;\n      }\n      // only filter by bag type, no attribute specified\n      if(attrName === null) {\n        result.push(bag);\n        continue;\n      }\n      if(bag.attributes[attrName] !== undefined &&\n        bag.attributes[attrName].indexOf(attrValue) >= 0) {\n        result.push(bag);\n      }\n    }\n  }\n\n  return result;\n}\n\n/**\n * Converts a PKCS#12 PFX in ASN.1 notation into a PFX object.\n *\n * @param obj The PKCS#12 PFX in ASN.1 notation.\n * @param strict true to use strict DER decoding, false not to (default: true).\n * @param {String} password Password to decrypt with (optional).\n *\n * @return PKCS#12 PFX object.\n */\np12.pkcs12FromAsn1 = function(obj, strict, password) {\n  // handle args\n  if(typeof strict === 'string') {\n    password = strict;\n    strict = true;\n  } else if(strict === undefined) {\n    strict = true;\n  }\n\n  // validate PFX and capture data\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(obj, pfxValidator, capture, errors)) {\n    var error = new Error('Cannot read PKCS#12 PFX. ' +\n      'ASN.1 object is not an PKCS#12 PFX.');\n    error.errors = error;\n    throw error;\n  }\n\n  var pfx = {\n    version: capture.version.charCodeAt(0),\n    safeContents: [],\n\n    /**\n     * Gets bags with matching attributes.\n     *\n     * @param filter the attributes to filter by:\n     *          [localKeyId] the localKeyId to search for.\n     *          [localKeyIdHex] the localKeyId in hex to search for.\n     *          [friendlyName] the friendly name to search for.\n     *          [bagType] bag type to narrow each attribute search by.\n     *\n     * @return a map of attribute type to an array of matching bags or, if no\n     *           attribute was given but a bag type, the map key will be the\n     *           bag type.\n     */\n    getBags: function(filter) {\n      var rval = {};\n\n      var localKeyId;\n      if('localKeyId' in filter) {\n        localKeyId = filter.localKeyId;\n      } else if('localKeyIdHex' in filter) {\n        localKeyId = forge.util.hexToBytes(filter.localKeyIdHex);\n      }\n\n      // filter on bagType only\n      if(localKeyId === undefined && !('friendlyName' in filter) &&\n        'bagType' in filter) {\n        rval[filter.bagType] = _getBagsByAttribute(\n          pfx.safeContents, null, null, filter.bagType);\n      }\n\n      if(localKeyId !== undefined) {\n        rval.localKeyId = _getBagsByAttribute(\n          pfx.safeContents, 'localKeyId',\n          localKeyId, filter.bagType);\n      }\n      if('friendlyName' in filter) {\n        rval.friendlyName = _getBagsByAttribute(\n          pfx.safeContents, 'friendlyName',\n          filter.friendlyName, filter.bagType);\n      }\n\n      return rval;\n    },\n\n    /**\n     * DEPRECATED: use getBags() instead.\n     *\n     * Get bags with matching friendlyName attribute.\n     *\n     * @param friendlyName the friendly name to search for.\n     * @param [bagType] bag type to narrow search by.\n     *\n     * @return an array of bags with matching friendlyName attribute.\n     */\n    getBagsByFriendlyName: function(friendlyName, bagType) {\n      return _getBagsByAttribute(\n        pfx.safeContents, 'friendlyName', friendlyName, bagType);\n    },\n\n    /**\n     * DEPRECATED: use getBags() instead.\n     *\n     * Get bags with matching localKeyId attribute.\n     *\n     * @param localKeyId the localKeyId to search for.\n     * @param [bagType] bag type to narrow search by.\n     *\n     * @return an array of bags with matching localKeyId attribute.\n     */\n    getBagsByLocalKeyId: function(localKeyId, bagType) {\n      return _getBagsByAttribute(\n        pfx.safeContents, 'localKeyId', localKeyId, bagType);\n    }\n  };\n\n  if(capture.version.charCodeAt(0) !== 3) {\n    var error = new Error('PKCS#12 PFX of version other than 3 not supported.');\n    error.version = capture.version.charCodeAt(0);\n    throw error;\n  }\n\n  if(asn1.derToOid(capture.contentType) !== pki.oids.data) {\n    var error = new Error('Only PKCS#12 PFX in password integrity mode supported.');\n    error.oid = asn1.derToOid(capture.contentType);\n    throw error;\n  }\n\n  var data = capture.content.value[0];\n  if(data.tagClass !== asn1.Class.UNIVERSAL ||\n     data.type !== asn1.Type.OCTETSTRING) {\n    throw new Error('PKCS#12 authSafe content data is not an OCTET STRING.');\n  }\n  data = _decodePkcs7Data(data);\n\n  // check for MAC\n  if(capture.mac) {\n    var md = null;\n    var macKeyBytes = 0;\n    var macAlgorithm = asn1.derToOid(capture.macAlgorithm);\n    switch(macAlgorithm) {\n    case pki.oids.sha1:\n      md = forge.md.sha1.create();\n      macKeyBytes = 20;\n      break;\n    case pki.oids.sha256:\n      md = forge.md.sha256.create();\n      macKeyBytes = 32;\n      break;\n    case pki.oids.sha384:\n      md = forge.md.sha384.create();\n      macKeyBytes = 48;\n      break;\n    case pki.oids.sha512:\n      md = forge.md.sha512.create();\n      macKeyBytes = 64;\n      break;\n    case pki.oids.md5:\n      md = forge.md.md5.create();\n      macKeyBytes = 16;\n      break;\n    }\n    if(md === null) {\n      throw new Error('PKCS#12 uses unsupported MAC algorithm: ' + macAlgorithm);\n    }\n\n    // verify MAC (iterations default to 1)\n    var macSalt = new forge.util.ByteBuffer(capture.macSalt);\n    var macIterations = (('macIterations' in capture) ?\n      parseInt(forge.util.bytesToHex(capture.macIterations), 16) : 1);\n    var macKey = p12.generateKey(\n      password, macSalt, 3, macIterations, macKeyBytes, md);\n    var mac = forge.hmac.create();\n    mac.start(md, macKey);\n    mac.update(data.value);\n    var macValue = mac.getMac();\n    if(macValue.getBytes() !== capture.macDigest) {\n      throw new Error('PKCS#12 MAC could not be verified. Invalid password?');\n    }\n  }\n\n  _decodeAuthenticatedSafe(pfx, data.value, strict, password);\n  return pfx;\n};\n\n/**\n * Decodes PKCS#7 Data. PKCS#7 (RFC 2315) defines \"Data\" as an OCTET STRING,\n * but it is sometimes an OCTET STRING that is composed/constructed of chunks,\n * each its own OCTET STRING. This is BER-encoding vs. DER-encoding. This\n * function transforms this corner-case into the usual simple,\n * non-composed/constructed OCTET STRING.\n *\n * This function may be moved to ASN.1 at some point to better deal with\n * more BER-encoding issues, should they arise.\n *\n * @param data the ASN.1 Data object to transform.\n */\nfunction _decodePkcs7Data(data) {\n  // handle special case of \"chunked\" data content: an octet string composed\n  // of other octet strings\n  if(data.composed || data.constructed) {\n    var value = forge.util.createBuffer();\n    for(var i = 0; i < data.value.length; ++i) {\n      value.putBytes(data.value[i].value);\n    }\n    data.composed = data.constructed = false;\n    data.value = value.getBytes();\n  }\n  return data;\n}\n\n/**\n * Decode PKCS#12 AuthenticatedSafe (BER encoded) into PFX object.\n *\n * The AuthenticatedSafe is a BER-encoded SEQUENCE OF ContentInfo.\n *\n * @param pfx The PKCS#12 PFX object to fill.\n * @param {String} authSafe BER-encoded AuthenticatedSafe.\n * @param strict true to use strict DER decoding, false not to.\n * @param {String} password Password to decrypt with (optional).\n */\nfunction _decodeAuthenticatedSafe(pfx, authSafe, strict, password) {\n  authSafe = asn1.fromDer(authSafe, strict);  /* actually it's BER encoded */\n\n  if(authSafe.tagClass !== asn1.Class.UNIVERSAL ||\n     authSafe.type !== asn1.Type.SEQUENCE ||\n     authSafe.constructed !== true) {\n    throw new Error('PKCS#12 AuthenticatedSafe expected to be a ' +\n      'SEQUENCE OF ContentInfo');\n  }\n\n  for(var i = 0; i < authSafe.value.length; i++) {\n    var contentInfo = authSafe.value[i];\n\n    // validate contentInfo and capture data\n    var capture = {};\n    var errors = [];\n    if(!asn1.validate(contentInfo, contentInfoValidator, capture, errors)) {\n      var error = new Error('Cannot read ContentInfo.');\n      error.errors = errors;\n      throw error;\n    }\n\n    var obj = {\n      encrypted: false\n    };\n    var safeContents = null;\n    var data = capture.content.value[0];\n    switch(asn1.derToOid(capture.contentType)) {\n    case pki.oids.data:\n      if(data.tagClass !== asn1.Class.UNIVERSAL ||\n         data.type !== asn1.Type.OCTETSTRING) {\n        throw new Error('PKCS#12 SafeContents Data is not an OCTET STRING.');\n      }\n      safeContents = _decodePkcs7Data(data).value;\n      break;\n    case pki.oids.encryptedData:\n      safeContents = _decryptSafeContents(data, password);\n      obj.encrypted = true;\n      break;\n    default:\n      var error = new Error('Unsupported PKCS#12 contentType.');\n      error.contentType = asn1.derToOid(capture.contentType);\n      throw error;\n    }\n\n    obj.safeBags = _decodeSafeContents(safeContents, strict, password);\n    pfx.safeContents.push(obj);\n  }\n}\n\n/**\n * Decrypt PKCS#7 EncryptedData structure.\n *\n * @param data ASN.1 encoded EncryptedContentInfo object.\n * @param password The user-provided password.\n *\n * @return The decrypted SafeContents (ASN.1 object).\n */\nfunction _decryptSafeContents(data, password) {\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(\n    data, forge.pkcs7.asn1.encryptedDataValidator, capture, errors)) {\n    var error = new Error('Cannot read EncryptedContentInfo.');\n    error.errors = errors;\n    throw error;\n  }\n\n  var oid = asn1.derToOid(capture.contentType);\n  if(oid !== pki.oids.data) {\n    var error = new Error(\n      'PKCS#12 EncryptedContentInfo ContentType is not Data.');\n    error.oid = oid;\n    throw error;\n  }\n\n  // get cipher\n  oid = asn1.derToOid(capture.encAlgorithm);\n  var cipher = pki.pbe.getCipher(oid, capture.encParameter, password);\n\n  // get encrypted data\n  var encryptedContentAsn1 = _decodePkcs7Data(capture.encryptedContentAsn1);\n  var encrypted = forge.util.createBuffer(encryptedContentAsn1.value);\n\n  cipher.update(encrypted);\n  if(!cipher.finish()) {\n    throw new Error('Failed to decrypt PKCS#12 SafeContents.');\n  }\n\n  return cipher.output.getBytes();\n}\n\n/**\n * Decode PKCS#12 SafeContents (BER-encoded) into array of Bag objects.\n *\n * The safeContents is a BER-encoded SEQUENCE OF SafeBag.\n *\n * @param {String} safeContents BER-encoded safeContents.\n * @param strict true to use strict DER decoding, false not to.\n * @param {String} password Password to decrypt with (optional).\n *\n * @return {Array} Array of Bag objects.\n */\nfunction _decodeSafeContents(safeContents, strict, password) {\n  // if strict and no safe contents, return empty safes\n  if(!strict && safeContents.length === 0) {\n    return [];\n  }\n\n  // actually it's BER-encoded\n  safeContents = asn1.fromDer(safeContents, strict);\n\n  if(safeContents.tagClass !== asn1.Class.UNIVERSAL ||\n    safeContents.type !== asn1.Type.SEQUENCE ||\n    safeContents.constructed !== true) {\n    throw new Error(\n      'PKCS#12 SafeContents expected to be a SEQUENCE OF SafeBag.');\n  }\n\n  var res = [];\n  for(var i = 0; i < safeContents.value.length; i++) {\n    var safeBag = safeContents.value[i];\n\n    // validate SafeBag and capture data\n    var capture = {};\n    var errors = [];\n    if(!asn1.validate(safeBag, safeBagValidator, capture, errors)) {\n      var error = new Error('Cannot read SafeBag.');\n      error.errors = errors;\n      throw error;\n    }\n\n    /* Create bag object and push to result array. */\n    var bag = {\n      type: asn1.derToOid(capture.bagId),\n      attributes: _decodeBagAttributes(capture.bagAttributes)\n    };\n    res.push(bag);\n\n    var validator, decoder;\n    var bagAsn1 = capture.bagValue.value[0];\n    switch(bag.type) {\n      case pki.oids.pkcs8ShroudedKeyBag:\n        /* bagAsn1 has a EncryptedPrivateKeyInfo, which we need to decrypt.\n           Afterwards we can handle it like a keyBag,\n           which is a PrivateKeyInfo. */\n        bagAsn1 = pki.decryptPrivateKeyInfo(bagAsn1, password);\n        if(bagAsn1 === null) {\n          throw new Error(\n            'Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password?');\n        }\n\n        /* fall through */\n      case pki.oids.keyBag:\n        /* A PKCS#12 keyBag is a simple PrivateKeyInfo as understood by our\n           PKI module, hence we don't have to do validation/capturing here,\n           just pass what we already got. */\n        try {\n          bag.key = pki.privateKeyFromAsn1(bagAsn1);\n        } catch(e) {\n          // ignore unknown key type, pass asn1 value\n          bag.key = null;\n          bag.asn1 = bagAsn1;\n        }\n        continue;  /* Nothing more to do. */\n\n      case pki.oids.certBag:\n        /* A PKCS#12 certBag can wrap both X.509 and sdsi certificates.\n           Therefore put the SafeBag content through another validator to\n           capture the fields.  Afterwards check & store the results. */\n        validator = certBagValidator;\n        decoder = function() {\n          if(asn1.derToOid(capture.certId) !== pki.oids.x509Certificate) {\n            var error = new Error(\n              'Unsupported certificate type, only X.509 supported.');\n            error.oid = asn1.derToOid(capture.certId);\n            throw error;\n          }\n\n          // true=produce cert hash\n          var certAsn1 = asn1.fromDer(capture.cert, strict);\n          try {\n            bag.cert = pki.certificateFromAsn1(certAsn1, true);\n          } catch(e) {\n            // ignore unknown cert type, pass asn1 value\n            bag.cert = null;\n            bag.asn1 = certAsn1;\n          }\n        };\n        break;\n\n      default:\n        var error = new Error('Unsupported PKCS#12 SafeBag type.');\n        error.oid = bag.type;\n        throw error;\n    }\n\n    /* Validate SafeBag value (i.e. CertBag, etc.) and capture data if needed. */\n    if(validator !== undefined &&\n       !asn1.validate(bagAsn1, validator, capture, errors)) {\n      var error = new Error('Cannot read PKCS#12 ' + validator.name);\n      error.errors = errors;\n      throw error;\n    }\n\n    /* Call decoder function from above to store the results. */\n    decoder();\n  }\n\n  return res;\n}\n\n/**\n * Decode PKCS#12 SET OF PKCS12Attribute into JavaScript object.\n *\n * @param attributes SET OF PKCS12Attribute (ASN.1 object).\n *\n * @return the decoded attributes.\n */\nfunction _decodeBagAttributes(attributes) {\n  var decodedAttrs = {};\n\n  if(attributes !== undefined) {\n    for(var i = 0; i < attributes.length; ++i) {\n      var capture = {};\n      var errors = [];\n      if(!asn1.validate(attributes[i], attributeValidator, capture, errors)) {\n        var error = new Error('Cannot read PKCS#12 BagAttribute.');\n        error.errors = errors;\n        throw error;\n      }\n\n      var oid = asn1.derToOid(capture.oid);\n      if(pki.oids[oid] === undefined) {\n        // unsupported attribute type, ignore.\n        continue;\n      }\n\n      decodedAttrs[pki.oids[oid]] = [];\n      for(var j = 0; j < capture.values.length; ++j) {\n        decodedAttrs[pki.oids[oid]].push(capture.values[j].value);\n      }\n    }\n  }\n\n  return decodedAttrs;\n}\n\n/**\n * Wraps a private key and certificate in a PKCS#12 PFX wrapper. If a\n * password is provided then the private key will be encrypted.\n *\n * An entire certificate chain may also be included. To do this, pass\n * an array for the \"cert\" parameter where the first certificate is\n * the one that is paired with the private key and each subsequent one\n * verifies the previous one. The certificates may be in PEM format or\n * have been already parsed by Forge.\n *\n * @todo implement password-based-encryption for the whole package\n *\n * @param key the private key.\n * @param cert the certificate (may be an array of certificates in order\n *          to specify a certificate chain).\n * @param password the password to use, null for none.\n * @param options:\n *          algorithm the encryption algorithm to use\n *            ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'.\n *          count the iteration count to use.\n *          saltSize the salt size to use.\n *          useMac true to include a MAC, false not to, defaults to true.\n *          localKeyId the local key ID to use, in hex.\n *          friendlyName the friendly name to use.\n *          generateLocalKeyId true to generate a random local key ID,\n *            false not to, defaults to true.\n *\n * @return the PKCS#12 PFX ASN.1 object.\n */\np12.toPkcs12Asn1 = function(key, cert, password, options) {\n  // set default options\n  options = options || {};\n  options.saltSize = options.saltSize || 8;\n  options.count = options.count || 2048;\n  options.algorithm = options.algorithm || options.encAlgorithm || 'aes128';\n  if(!('useMac' in options)) {\n    options.useMac = true;\n  }\n  if(!('localKeyId' in options)) {\n    options.localKeyId = null;\n  }\n  if(!('generateLocalKeyId' in options)) {\n    options.generateLocalKeyId = true;\n  }\n\n  var localKeyId = options.localKeyId;\n  var bagAttrs;\n  if(localKeyId !== null) {\n    localKeyId = forge.util.hexToBytes(localKeyId);\n  } else if(options.generateLocalKeyId) {\n    // use SHA-1 of paired cert, if available\n    if(cert) {\n      var pairedCert = forge.util.isArray(cert) ? cert[0] : cert;\n      if(typeof pairedCert === 'string') {\n        pairedCert = pki.certificateFromPem(pairedCert);\n      }\n      var sha1 = forge.md.sha1.create();\n      sha1.update(asn1.toDer(pki.certificateToAsn1(pairedCert)).getBytes());\n      localKeyId = sha1.digest().getBytes();\n    } else {\n      // FIXME: consider using SHA-1 of public key (which can be generated\n      // from private key components), see: cert.generateSubjectKeyIdentifier\n      // generate random bytes\n      localKeyId = forge.random.getBytes(20);\n    }\n  }\n\n  var attrs = [];\n  if(localKeyId !== null) {\n    attrs.push(\n      // localKeyID\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // attrId\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n          asn1.oidToDer(pki.oids.localKeyId).getBytes()),\n        // attrValues\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n            localKeyId)\n        ])\n      ]));\n  }\n  if('friendlyName' in options) {\n    attrs.push(\n      // friendlyName\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // attrId\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n          asn1.oidToDer(pki.oids.friendlyName).getBytes()),\n        // attrValues\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BMPSTRING, false,\n            options.friendlyName)\n        ])\n      ]));\n  }\n\n  if(attrs.length > 0) {\n    bagAttrs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, attrs);\n  }\n\n  // collect contents for AuthenticatedSafe\n  var contents = [];\n\n  // create safe bag(s) for certificate chain\n  var chain = [];\n  if(cert !== null) {\n    if(forge.util.isArray(cert)) {\n      chain = cert;\n    } else {\n      chain = [cert];\n    }\n  }\n\n  var certSafeBags = [];\n  for(var i = 0; i < chain.length; ++i) {\n    // convert cert from PEM as necessary\n    cert = chain[i];\n    if(typeof cert === 'string') {\n      cert = pki.certificateFromPem(cert);\n    }\n\n    // SafeBag\n    var certBagAttrs = (i === 0) ? bagAttrs : undefined;\n    var certAsn1 = pki.certificateToAsn1(cert);\n    var certSafeBag =\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // bagId\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n          asn1.oidToDer(pki.oids.certBag).getBytes()),\n        // bagValue\n        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n          // CertBag\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n            // certId\n            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n              asn1.oidToDer(pki.oids.x509Certificate).getBytes()),\n            // certValue (x509Certificate)\n            asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n              asn1.create(\n                asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n                asn1.toDer(certAsn1).getBytes())\n            ])])]),\n        // bagAttributes (OPTIONAL)\n        certBagAttrs\n      ]);\n    certSafeBags.push(certSafeBag);\n  }\n\n  if(certSafeBags.length > 0) {\n    // SafeContents\n    var certSafeContents = asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, certSafeBags);\n\n    // ContentInfo\n    var certCI =\n      // PKCS#7 ContentInfo\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // contentType\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n          // OID for the content type is 'data'\n          asn1.oidToDer(pki.oids.data).getBytes()),\n        // content\n        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n          asn1.create(\n            asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n            asn1.toDer(certSafeContents).getBytes())\n        ])\n      ]);\n    contents.push(certCI);\n  }\n\n  // create safe contents for private key\n  var keyBag = null;\n  if(key !== null) {\n    // SafeBag\n    var pkAsn1 = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(key));\n    if(password === null) {\n      // no encryption\n      keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // bagId\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n          asn1.oidToDer(pki.oids.keyBag).getBytes()),\n        // bagValue\n        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n          // PrivateKeyInfo\n          pkAsn1\n        ]),\n        // bagAttributes (OPTIONAL)\n        bagAttrs\n      ]);\n    } else {\n      // encrypted PrivateKeyInfo\n      keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // bagId\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n          asn1.oidToDer(pki.oids.pkcs8ShroudedKeyBag).getBytes()),\n        // bagValue\n        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n          // EncryptedPrivateKeyInfo\n          pki.encryptPrivateKeyInfo(pkAsn1, password, options)\n        ]),\n        // bagAttributes (OPTIONAL)\n        bagAttrs\n      ]);\n    }\n\n    // SafeContents\n    var keySafeContents =\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [keyBag]);\n\n    // ContentInfo\n    var keyCI =\n      // PKCS#7 ContentInfo\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // contentType\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n          // OID for the content type is 'data'\n          asn1.oidToDer(pki.oids.data).getBytes()),\n        // content\n        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n          asn1.create(\n            asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n            asn1.toDer(keySafeContents).getBytes())\n        ])\n      ]);\n    contents.push(keyCI);\n  }\n\n  // create AuthenticatedSafe by stringing together the contents\n  var safe = asn1.create(\n    asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, contents);\n\n  var macData;\n  if(options.useMac) {\n    // MacData\n    var sha1 = forge.md.sha1.create();\n    var macSalt = new forge.util.ByteBuffer(\n      forge.random.getBytes(options.saltSize));\n    var count = options.count;\n    // 160-bit key\n    var key = p12.generateKey(password, macSalt, 3, count, 20);\n    var mac = forge.hmac.create();\n    mac.start(sha1, key);\n    mac.update(asn1.toDer(safe).getBytes());\n    var macValue = mac.getMac();\n    macData = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // mac DigestInfo\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // digestAlgorithm\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n          // algorithm = SHA-1\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n            asn1.oidToDer(pki.oids.sha1).getBytes()),\n          // parameters = Null\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n        ]),\n        // digest\n        asn1.create(\n          asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING,\n          false, macValue.getBytes())\n      ]),\n      // macSalt OCTET STRING\n      asn1.create(\n        asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, macSalt.getBytes()),\n      // iterations INTEGER (XXX: Only support count < 65536)\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n        asn1.integerToDer(count).getBytes()\n      )\n    ]);\n  }\n\n  // PFX\n  return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // version (3)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      asn1.integerToDer(3).getBytes()),\n    // PKCS#7 ContentInfo\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // contentType\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        // OID for the content type is 'data'\n        asn1.oidToDer(pki.oids.data).getBytes()),\n      // content\n      asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n        asn1.create(\n          asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n          asn1.toDer(safe).getBytes())\n      ])\n    ]),\n    macData\n  ]);\n};\n\n/**\n * Derives a PKCS#12 key.\n *\n * @param password the password to derive the key material from, null or\n *          undefined for none.\n * @param salt the salt, as a ByteBuffer, to use.\n * @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC).\n * @param iter the iteration count.\n * @param n the number of bytes to derive from the password.\n * @param md the message digest to use, defaults to SHA-1.\n *\n * @return a ByteBuffer with the bytes derived from the password.\n */\np12.generateKey = forge.pbe.generatePkcs12Key;\n","/**\n * Javascript implementation of PKCS#7 v1.5.\n *\n * @author Stefan Siegl\n * @author Dave Longley\n *\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n * Copyright (c) 2012-2015 Digital Bazaar, Inc.\n *\n * Currently this implementation only supports ContentType of EnvelopedData,\n * EncryptedData, or SignedData at the root level. The top level elements may\n * contain only a ContentInfo of ContentType Data, i.e. plain data. Further\n * nesting is not (yet) supported.\n *\n * The Forge validators for PKCS #7's ASN.1 structures are available from\n * a separate file pkcs7asn1.js, since those are referenced from other\n * PKCS standards like PKCS #12.\n */\nvar forge = require('./forge');\nrequire('./aes');\nrequire('./asn1');\nrequire('./des');\nrequire('./oids');\nrequire('./pem');\nrequire('./pkcs7asn1');\nrequire('./random');\nrequire('./util');\nrequire('./x509');\n\n// shortcut for ASN.1 API\nvar asn1 = forge.asn1;\n\n// shortcut for PKCS#7 API\nvar p7 = module.exports = forge.pkcs7 = forge.pkcs7 || {};\n\n/**\n * Converts a PKCS#7 message from PEM format.\n *\n * @param pem the PEM-formatted PKCS#7 message.\n *\n * @return the PKCS#7 message.\n */\np7.messageFromPem = function(pem) {\n  var msg = forge.pem.decode(pem)[0];\n\n  if(msg.type !== 'PKCS7') {\n    var error = new Error('Could not convert PKCS#7 message from PEM; PEM ' +\n      'header type is not \"PKCS#7\".');\n    error.headerType = msg.type;\n    throw error;\n  }\n  if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n    throw new Error('Could not convert PKCS#7 message from PEM; PEM is encrypted.');\n  }\n\n  // convert DER to ASN.1 object\n  var obj = asn1.fromDer(msg.body);\n\n  return p7.messageFromAsn1(obj);\n};\n\n/**\n * Converts a PKCS#7 message to PEM format.\n *\n * @param msg The PKCS#7 message object\n * @param maxline The maximum characters per line, defaults to 64.\n *\n * @return The PEM-formatted PKCS#7 message.\n */\np7.messageToPem = function(msg, maxline) {\n  // convert to ASN.1, then DER, then PEM-encode\n  var pemObj = {\n    type: 'PKCS7',\n    body: asn1.toDer(msg.toAsn1()).getBytes()\n  };\n  return forge.pem.encode(pemObj, {maxline: maxline});\n};\n\n/**\n * Converts a PKCS#7 message from an ASN.1 object.\n *\n * @param obj the ASN.1 representation of a ContentInfo.\n *\n * @return the PKCS#7 message.\n */\np7.messageFromAsn1 = function(obj) {\n  // validate root level ContentInfo and capture data\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(obj, p7.asn1.contentInfoValidator, capture, errors)) {\n    var error = new Error('Cannot read PKCS#7 message. ' +\n      'ASN.1 object is not an PKCS#7 ContentInfo.');\n    error.errors = errors;\n    throw error;\n  }\n\n  var contentType = asn1.derToOid(capture.contentType);\n  var msg;\n\n  switch(contentType) {\n    case forge.pki.oids.envelopedData:\n      msg = p7.createEnvelopedData();\n      break;\n\n    case forge.pki.oids.encryptedData:\n      msg = p7.createEncryptedData();\n      break;\n\n    case forge.pki.oids.signedData:\n      msg = p7.createSignedData();\n      break;\n\n    default:\n      throw new Error('Cannot read PKCS#7 message. ContentType with OID ' +\n        contentType + ' is not (yet) supported.');\n  }\n\n  msg.fromAsn1(capture.content.value[0]);\n  return msg;\n};\n\np7.createSignedData = function() {\n  var msg = null;\n  msg = {\n    type: forge.pki.oids.signedData,\n    version: 1,\n    certificates: [],\n    crls: [],\n    // TODO: add json-formatted signer stuff here?\n    signers: [],\n    // populated during sign()\n    digestAlgorithmIdentifiers: [],\n    contentInfo: null,\n    signerInfos: [],\n\n    fromAsn1: function(obj) {\n      // validate SignedData content block and capture data.\n      _fromAsn1(msg, obj, p7.asn1.signedDataValidator);\n      msg.certificates = [];\n      msg.crls = [];\n      msg.digestAlgorithmIdentifiers = [];\n      msg.contentInfo = null;\n      msg.signerInfos = [];\n\n      if(msg.rawCapture.certificates) {\n        var certs = msg.rawCapture.certificates.value;\n        for(var i = 0; i < certs.length; ++i) {\n          msg.certificates.push(forge.pki.certificateFromAsn1(certs[i]));\n        }\n      }\n\n      // TODO: parse crls\n    },\n\n    toAsn1: function() {\n      // degenerate case with no content\n      if(!msg.contentInfo) {\n        msg.sign();\n      }\n\n      var certs = [];\n      for(var i = 0; i < msg.certificates.length; ++i) {\n        certs.push(forge.pki.certificateToAsn1(msg.certificates[i]));\n      }\n\n      var crls = [];\n      // TODO: implement CRLs\n\n      // [0] SignedData\n      var signedData = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n          // Version\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n            asn1.integerToDer(msg.version).getBytes()),\n          // DigestAlgorithmIdentifiers\n          asn1.create(\n            asn1.Class.UNIVERSAL, asn1.Type.SET, true,\n            msg.digestAlgorithmIdentifiers),\n          // ContentInfo\n          msg.contentInfo\n        ])\n      ]);\n      if(certs.length > 0) {\n        // [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL\n        signedData.value[0].value.push(\n          asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, certs));\n      }\n      if(crls.length > 0) {\n        // [1] IMPLICIT CertificateRevocationLists OPTIONAL\n        signedData.value[0].value.push(\n          asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, crls));\n      }\n      // SignerInfos\n      signedData.value[0].value.push(\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true,\n          msg.signerInfos));\n\n      // ContentInfo\n      return asn1.create(\n        asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n          // ContentType\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n            asn1.oidToDer(msg.type).getBytes()),\n          // [0] SignedData\n          signedData\n        ]);\n    },\n\n    /**\n     * Add (another) entity to list of signers.\n     *\n     * Note: If authenticatedAttributes are provided, then, per RFC 2315,\n     * they must include at least two attributes: content type and\n     * message digest. The message digest attribute value will be\n     * auto-calculated during signing and will be ignored if provided.\n     *\n     * Here's an example of providing these two attributes:\n     *\n     * forge.pkcs7.createSignedData();\n     * p7.addSigner({\n     *   issuer: cert.issuer.attributes,\n     *   serialNumber: cert.serialNumber,\n     *   key: privateKey,\n     *   digestAlgorithm: forge.pki.oids.sha1,\n     *   authenticatedAttributes: [{\n     *     type: forge.pki.oids.contentType,\n     *     value: forge.pki.oids.data\n     *   }, {\n     *     type: forge.pki.oids.messageDigest\n     *   }]\n     * });\n     *\n     * TODO: Support [subjectKeyIdentifier] as signer's ID.\n     *\n     * @param signer the signer information:\n     *          key the signer's private key.\n     *          [certificate] a certificate containing the public key\n     *            associated with the signer's private key; use this option as\n     *            an alternative to specifying signer.issuer and\n     *            signer.serialNumber.\n     *          [issuer] the issuer attributes (eg: cert.issuer.attributes).\n     *          [serialNumber] the signer's certificate's serial number in\n     *           hexadecimal (eg: cert.serialNumber).\n     *          [digestAlgorithm] the message digest OID, as a string, to use\n     *            (eg: forge.pki.oids.sha1).\n     *          [authenticatedAttributes] an optional array of attributes\n     *            to also sign along with the content.\n     */\n    addSigner: function(signer) {\n      var issuer = signer.issuer;\n      var serialNumber = signer.serialNumber;\n      if(signer.certificate) {\n        var cert = signer.certificate;\n        if(typeof cert === 'string') {\n          cert = forge.pki.certificateFromPem(cert);\n        }\n        issuer = cert.issuer.attributes;\n        serialNumber = cert.serialNumber;\n      }\n      var key = signer.key;\n      if(!key) {\n        throw new Error(\n          'Could not add PKCS#7 signer; no private key specified.');\n      }\n      if(typeof key === 'string') {\n        key = forge.pki.privateKeyFromPem(key);\n      }\n\n      // ensure OID known for digest algorithm\n      var digestAlgorithm = signer.digestAlgorithm || forge.pki.oids.sha1;\n      switch(digestAlgorithm) {\n      case forge.pki.oids.sha1:\n      case forge.pki.oids.sha256:\n      case forge.pki.oids.sha384:\n      case forge.pki.oids.sha512:\n      case forge.pki.oids.md5:\n        break;\n      default:\n        throw new Error(\n          'Could not add PKCS#7 signer; unknown message digest algorithm: ' +\n          digestAlgorithm);\n      }\n\n      // if authenticatedAttributes is present, then the attributes\n      // must contain at least PKCS #9 content-type and message-digest\n      var authenticatedAttributes = signer.authenticatedAttributes || [];\n      if(authenticatedAttributes.length > 0) {\n        var contentType = false;\n        var messageDigest = false;\n        for(var i = 0; i < authenticatedAttributes.length; ++i) {\n          var attr = authenticatedAttributes[i];\n          if(!contentType && attr.type === forge.pki.oids.contentType) {\n            contentType = true;\n            if(messageDigest) {\n              break;\n            }\n            continue;\n          }\n          if(!messageDigest && attr.type === forge.pki.oids.messageDigest) {\n            messageDigest = true;\n            if(contentType) {\n              break;\n            }\n            continue;\n          }\n        }\n\n        if(!contentType || !messageDigest) {\n          throw new Error('Invalid signer.authenticatedAttributes. If ' +\n            'signer.authenticatedAttributes is specified, then it must ' +\n            'contain at least two attributes, PKCS #9 content-type and ' +\n            'PKCS #9 message-digest.');\n        }\n      }\n\n      msg.signers.push({\n        key: key,\n        version: 1,\n        issuer: issuer,\n        serialNumber: serialNumber,\n        digestAlgorithm: digestAlgorithm,\n        signatureAlgorithm: forge.pki.oids.rsaEncryption,\n        signature: null,\n        authenticatedAttributes: authenticatedAttributes,\n        unauthenticatedAttributes: []\n      });\n    },\n\n    /**\n     * Signs the content.\n     * @param options Options to apply when signing:\n     *    [detached] boolean. If signing should be done in detached mode. Defaults to false.\n     */\n    sign: function(options) {\n      options = options || {};\n      // auto-generate content info\n      if(typeof msg.content !== 'object' || msg.contentInfo === null) {\n        // use Data ContentInfo\n        msg.contentInfo = asn1.create(\n          asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n            // ContentType\n            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n              asn1.oidToDer(forge.pki.oids.data).getBytes())\n          ]);\n\n        // add actual content, if present\n        if('content' in msg) {\n          var content;\n          if(msg.content instanceof forge.util.ByteBuffer) {\n            content = msg.content.bytes();\n          } else if(typeof msg.content === 'string') {\n            content = forge.util.encodeUtf8(msg.content);\n          }\n\n          if (options.detached) {\n            msg.detachedContent = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, content);\n          } else {\n            msg.contentInfo.value.push(\n              // [0] EXPLICIT content\n              asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n                asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n                  content)\n              ]));\n          }\n        }\n      }\n\n      // no signers, return early (degenerate case for certificate container)\n      if(msg.signers.length === 0) {\n        return;\n      }\n\n      // generate digest algorithm identifiers\n      var mds = addDigestAlgorithmIds();\n\n      // generate signerInfos\n      addSignerInfos(mds);\n    },\n\n    verify: function() {\n      throw new Error('PKCS#7 signature verification not yet implemented.');\n    },\n\n    /**\n     * Add a certificate.\n     *\n     * @param cert the certificate to add.\n     */\n    addCertificate: function(cert) {\n      // convert from PEM\n      if(typeof cert === 'string') {\n        cert = forge.pki.certificateFromPem(cert);\n      }\n      msg.certificates.push(cert);\n    },\n\n    /**\n     * Add a certificate revokation list.\n     *\n     * @param crl the certificate revokation list to add.\n     */\n    addCertificateRevokationList: function(crl) {\n      throw new Error('PKCS#7 CRL support not yet implemented.');\n    }\n  };\n  return msg;\n\n  function addDigestAlgorithmIds() {\n    var mds = {};\n\n    for(var i = 0; i < msg.signers.length; ++i) {\n      var signer = msg.signers[i];\n      var oid = signer.digestAlgorithm;\n      if(!(oid in mds)) {\n        // content digest\n        mds[oid] = forge.md[forge.pki.oids[oid]].create();\n      }\n      if(signer.authenticatedAttributes.length === 0) {\n        // no custom attributes to digest; use content message digest\n        signer.md = mds[oid];\n      } else {\n        // custom attributes to be digested; use own message digest\n        // TODO: optimize to just copy message digest state if that\n        // feature is ever supported with message digests\n        signer.md = forge.md[forge.pki.oids[oid]].create();\n      }\n    }\n\n    // add unique digest algorithm identifiers\n    msg.digestAlgorithmIdentifiers = [];\n    for(var oid in mds) {\n      msg.digestAlgorithmIdentifiers.push(\n        // AlgorithmIdentifier\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n          // algorithm\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n            asn1.oidToDer(oid).getBytes()),\n          // parameters (null)\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n        ]));\n    }\n\n    return mds;\n  }\n\n  function addSignerInfos(mds) {\n    var content;\n\n    if (msg.detachedContent) {\n      // Signature has been made in detached mode.\n      content = msg.detachedContent;\n    } else {\n      // Note: ContentInfo is a SEQUENCE with 2 values, second value is\n      // the content field and is optional for a ContentInfo but required here\n      // since signers are present\n      // get ContentInfo content\n      content = msg.contentInfo.value[1];\n      // skip [0] EXPLICIT content wrapper\n      content = content.value[0];\n    }\n\n    if(!content) {\n      throw new Error(\n        'Could not sign PKCS#7 message; there is no content to sign.');\n    }\n\n    // get ContentInfo content type\n    var contentType = asn1.derToOid(msg.contentInfo.value[0].value);\n\n    // serialize content\n    var bytes = asn1.toDer(content);\n\n    // skip identifier and length per RFC 2315 9.3\n    // skip identifier (1 byte)\n    bytes.getByte();\n    // read and discard length bytes\n    asn1.getBerValueLength(bytes);\n    bytes = bytes.getBytes();\n\n    // digest content DER value bytes\n    for(var oid in mds) {\n      mds[oid].start().update(bytes);\n    }\n\n    // sign content\n    var signingTime = new Date();\n    for(var i = 0; i < msg.signers.length; ++i) {\n      var signer = msg.signers[i];\n\n      if(signer.authenticatedAttributes.length === 0) {\n        // if ContentInfo content type is not \"Data\", then\n        // authenticatedAttributes must be present per RFC 2315\n        if(contentType !== forge.pki.oids.data) {\n          throw new Error(\n            'Invalid signer; authenticatedAttributes must be present ' +\n            'when the ContentInfo content type is not PKCS#7 Data.');\n        }\n      } else {\n        // process authenticated attributes\n        // [0] IMPLICIT\n        signer.authenticatedAttributesAsn1 = asn1.create(\n          asn1.Class.CONTEXT_SPECIFIC, 0, true, []);\n\n        // per RFC 2315, attributes are to be digested using a SET container\n        // not the above [0] IMPLICIT container\n        var attrsAsn1 = asn1.create(\n          asn1.Class.UNIVERSAL, asn1.Type.SET, true, []);\n\n        for(var ai = 0; ai < signer.authenticatedAttributes.length; ++ai) {\n          var attr = signer.authenticatedAttributes[ai];\n          if(attr.type === forge.pki.oids.messageDigest) {\n            // use content message digest as value\n            attr.value = mds[signer.digestAlgorithm].digest();\n          } else if(attr.type === forge.pki.oids.signingTime) {\n            // auto-populate signing time if not already set\n            if(!attr.value) {\n              attr.value = signingTime;\n            }\n          }\n\n          // convert to ASN.1 and push onto Attributes SET (for signing) and\n          // onto authenticatedAttributesAsn1 to complete SignedData ASN.1\n          // TODO: optimize away duplication\n          attrsAsn1.value.push(_attributeToAsn1(attr));\n          signer.authenticatedAttributesAsn1.value.push(_attributeToAsn1(attr));\n        }\n\n        // DER-serialize and digest SET OF attributes only\n        bytes = asn1.toDer(attrsAsn1).getBytes();\n        signer.md.start().update(bytes);\n      }\n\n      // sign digest\n      signer.signature = signer.key.sign(signer.md, 'RSASSA-PKCS1-V1_5');\n    }\n\n    // add signer info\n    msg.signerInfos = _signersToAsn1(msg.signers);\n  }\n};\n\n/**\n * Creates an empty PKCS#7 message of type EncryptedData.\n *\n * @return the message.\n */\np7.createEncryptedData = function() {\n  var msg = null;\n  msg = {\n    type: forge.pki.oids.encryptedData,\n    version: 0,\n    encryptedContent: {\n      algorithm: forge.pki.oids['aes256-CBC']\n    },\n\n    /**\n     * Reads an EncryptedData content block (in ASN.1 format)\n     *\n     * @param obj The ASN.1 representation of the EncryptedData content block\n     */\n    fromAsn1: function(obj) {\n      // Validate EncryptedData content block and capture data.\n      _fromAsn1(msg, obj, p7.asn1.encryptedDataValidator);\n    },\n\n    /**\n     * Decrypt encrypted content\n     *\n     * @param key The (symmetric) key as a byte buffer\n     */\n    decrypt: function(key) {\n      if(key !== undefined) {\n        msg.encryptedContent.key = key;\n      }\n      _decryptContent(msg);\n    }\n  };\n  return msg;\n};\n\n/**\n * Creates an empty PKCS#7 message of type EnvelopedData.\n *\n * @return the message.\n */\np7.createEnvelopedData = function() {\n  var msg = null;\n  msg = {\n    type: forge.pki.oids.envelopedData,\n    version: 0,\n    recipients: [],\n    encryptedContent: {\n      algorithm: forge.pki.oids['aes256-CBC']\n    },\n\n    /**\n     * Reads an EnvelopedData content block (in ASN.1 format)\n     *\n     * @param obj the ASN.1 representation of the EnvelopedData content block.\n     */\n    fromAsn1: function(obj) {\n      // validate EnvelopedData content block and capture data\n      var capture = _fromAsn1(msg, obj, p7.asn1.envelopedDataValidator);\n      msg.recipients = _recipientsFromAsn1(capture.recipientInfos.value);\n    },\n\n    toAsn1: function() {\n      // ContentInfo\n      return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // ContentType\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n          asn1.oidToDer(msg.type).getBytes()),\n        // [0] EnvelopedData\n        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n            // Version\n            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n              asn1.integerToDer(msg.version).getBytes()),\n            // RecipientInfos\n            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true,\n              _recipientsToAsn1(msg.recipients)),\n            // EncryptedContentInfo\n            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true,\n              _encryptedContentToAsn1(msg.encryptedContent))\n          ])\n        ])\n      ]);\n    },\n\n    /**\n     * Find recipient by X.509 certificate's issuer.\n     *\n     * @param cert the certificate with the issuer to look for.\n     *\n     * @return the recipient object.\n     */\n    findRecipient: function(cert) {\n      var sAttr = cert.issuer.attributes;\n\n      for(var i = 0; i < msg.recipients.length; ++i) {\n        var r = msg.recipients[i];\n        var rAttr = r.issuer;\n\n        if(r.serialNumber !== cert.serialNumber) {\n          continue;\n        }\n\n        if(rAttr.length !== sAttr.length) {\n          continue;\n        }\n\n        var match = true;\n        for(var j = 0; j < sAttr.length; ++j) {\n          if(rAttr[j].type !== sAttr[j].type ||\n            rAttr[j].value !== sAttr[j].value) {\n            match = false;\n            break;\n          }\n        }\n\n        if(match) {\n          return r;\n        }\n      }\n\n      return null;\n    },\n\n    /**\n     * Decrypt enveloped content\n     *\n     * @param recipient The recipient object related to the private key\n     * @param privKey The (RSA) private key object\n     */\n    decrypt: function(recipient, privKey) {\n      if(msg.encryptedContent.key === undefined && recipient !== undefined &&\n        privKey !== undefined) {\n        switch(recipient.encryptedContent.algorithm) {\n          case forge.pki.oids.rsaEncryption:\n          case forge.pki.oids.desCBC:\n            var key = privKey.decrypt(recipient.encryptedContent.content);\n            msg.encryptedContent.key = forge.util.createBuffer(key);\n            break;\n\n          default:\n            throw new Error('Unsupported asymmetric cipher, ' +\n              'OID ' + recipient.encryptedContent.algorithm);\n        }\n      }\n\n      _decryptContent(msg);\n    },\n\n    /**\n     * Add (another) entity to list of recipients.\n     *\n     * @param cert The certificate of the entity to add.\n     */\n    addRecipient: function(cert) {\n      msg.recipients.push({\n        version: 0,\n        issuer: cert.issuer.attributes,\n        serialNumber: cert.serialNumber,\n        encryptedContent: {\n          // We simply assume rsaEncryption here, since forge.pki only\n          // supports RSA so far.  If the PKI module supports other\n          // ciphers one day, we need to modify this one as well.\n          algorithm: forge.pki.oids.rsaEncryption,\n          key: cert.publicKey\n        }\n      });\n    },\n\n    /**\n     * Encrypt enveloped content.\n     *\n     * This function supports two optional arguments, cipher and key, which\n     * can be used to influence symmetric encryption.  Unless cipher is\n     * provided, the cipher specified in encryptedContent.algorithm is used\n     * (defaults to AES-256-CBC).  If no key is provided, encryptedContent.key\n     * is (re-)used.  If that one's not set, a random key will be generated\n     * automatically.\n     *\n     * @param [key] The key to be used for symmetric encryption.\n     * @param [cipher] The OID of the symmetric cipher to use.\n     */\n    encrypt: function(key, cipher) {\n      // Part 1: Symmetric encryption\n      if(msg.encryptedContent.content === undefined) {\n        cipher = cipher || msg.encryptedContent.algorithm;\n        key = key || msg.encryptedContent.key;\n\n        var keyLen, ivLen, ciphFn;\n        switch(cipher) {\n          case forge.pki.oids['aes128-CBC']:\n            keyLen = 16;\n            ivLen = 16;\n            ciphFn = forge.aes.createEncryptionCipher;\n            break;\n\n          case forge.pki.oids['aes192-CBC']:\n            keyLen = 24;\n            ivLen = 16;\n            ciphFn = forge.aes.createEncryptionCipher;\n            break;\n\n          case forge.pki.oids['aes256-CBC']:\n            keyLen = 32;\n            ivLen = 16;\n            ciphFn = forge.aes.createEncryptionCipher;\n            break;\n\n          case forge.pki.oids['des-EDE3-CBC']:\n            keyLen = 24;\n            ivLen = 8;\n            ciphFn = forge.des.createEncryptionCipher;\n            break;\n\n          default:\n            throw new Error('Unsupported symmetric cipher, OID ' + cipher);\n        }\n\n        if(key === undefined) {\n          key = forge.util.createBuffer(forge.random.getBytes(keyLen));\n        } else if(key.length() != keyLen) {\n          throw new Error('Symmetric key has wrong length; ' +\n            'got ' + key.length() + ' bytes, expected ' + keyLen + '.');\n        }\n\n        // Keep a copy of the key & IV in the object, so the caller can\n        // use it for whatever reason.\n        msg.encryptedContent.algorithm = cipher;\n        msg.encryptedContent.key = key;\n        msg.encryptedContent.parameter = forge.util.createBuffer(\n          forge.random.getBytes(ivLen));\n\n        var ciph = ciphFn(key);\n        ciph.start(msg.encryptedContent.parameter.copy());\n        ciph.update(msg.content);\n\n        // The finish function does PKCS#7 padding by default, therefore\n        // no action required by us.\n        if(!ciph.finish()) {\n          throw new Error('Symmetric encryption failed.');\n        }\n\n        msg.encryptedContent.content = ciph.output;\n      }\n\n      // Part 2: asymmetric encryption for each recipient\n      for(var i = 0; i < msg.recipients.length; ++i) {\n        var recipient = msg.recipients[i];\n\n        // Nothing to do, encryption already done.\n        if(recipient.encryptedContent.content !== undefined) {\n          continue;\n        }\n\n        switch(recipient.encryptedContent.algorithm) {\n          case forge.pki.oids.rsaEncryption:\n            recipient.encryptedContent.content =\n              recipient.encryptedContent.key.encrypt(\n                msg.encryptedContent.key.data);\n            break;\n\n          default:\n            throw new Error('Unsupported asymmetric cipher, OID ' +\n              recipient.encryptedContent.algorithm);\n        }\n      }\n    }\n  };\n  return msg;\n};\n\n/**\n * Converts a single recipient from an ASN.1 object.\n *\n * @param obj the ASN.1 RecipientInfo.\n *\n * @return the recipient object.\n */\nfunction _recipientFromAsn1(obj) {\n  // validate EnvelopedData content block and capture data\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(obj, p7.asn1.recipientInfoValidator, capture, errors)) {\n    var error = new Error('Cannot read PKCS#7 RecipientInfo. ' +\n      'ASN.1 object is not an PKCS#7 RecipientInfo.');\n    error.errors = errors;\n    throw error;\n  }\n\n  return {\n    version: capture.version.charCodeAt(0),\n    issuer: forge.pki.RDNAttributesAsArray(capture.issuer),\n    serialNumber: forge.util.createBuffer(capture.serial).toHex(),\n    encryptedContent: {\n      algorithm: asn1.derToOid(capture.encAlgorithm),\n      parameter: capture.encParameter ? capture.encParameter.value : undefined,\n      content: capture.encKey\n    }\n  };\n}\n\n/**\n * Converts a single recipient object to an ASN.1 object.\n *\n * @param obj the recipient object.\n *\n * @return the ASN.1 RecipientInfo.\n */\nfunction _recipientToAsn1(obj) {\n  return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // Version\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      asn1.integerToDer(obj.version).getBytes()),\n    // IssuerAndSerialNumber\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // Name\n      forge.pki.distinguishedNameToAsn1({attributes: obj.issuer}),\n      // Serial\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n        forge.util.hexToBytes(obj.serialNumber))\n    ]),\n    // KeyEncryptionAlgorithmIdentifier\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // Algorithm\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        asn1.oidToDer(obj.encryptedContent.algorithm).getBytes()),\n      // Parameter, force NULL, only RSA supported for now.\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n    ]),\n    // EncryptedKey\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n      obj.encryptedContent.content)\n  ]);\n}\n\n/**\n * Map a set of RecipientInfo ASN.1 objects to recipient objects.\n *\n * @param infos an array of ASN.1 representations RecipientInfo (i.e. SET OF).\n *\n * @return an array of recipient objects.\n */\nfunction _recipientsFromAsn1(infos) {\n  var ret = [];\n  for(var i = 0; i < infos.length; ++i) {\n    ret.push(_recipientFromAsn1(infos[i]));\n  }\n  return ret;\n}\n\n/**\n * Map an array of recipient objects to ASN.1 RecipientInfo objects.\n *\n * @param recipients an array of recipientInfo objects.\n *\n * @return an array of ASN.1 RecipientInfos.\n */\nfunction _recipientsToAsn1(recipients) {\n  var ret = [];\n  for(var i = 0; i < recipients.length; ++i) {\n    ret.push(_recipientToAsn1(recipients[i]));\n  }\n  return ret;\n}\n\n/**\n * Converts a single signer from an ASN.1 object.\n *\n * @param obj the ASN.1 representation of a SignerInfo.\n *\n * @return the signer object.\n */\nfunction _signerFromAsn1(obj) {\n  // validate EnvelopedData content block and capture data\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(obj, p7.asn1.signerInfoValidator, capture, errors)) {\n    var error = new Error('Cannot read PKCS#7 SignerInfo. ' +\n      'ASN.1 object is not an PKCS#7 SignerInfo.');\n    error.errors = errors;\n    throw error;\n  }\n\n  var rval = {\n    version: capture.version.charCodeAt(0),\n    issuer: forge.pki.RDNAttributesAsArray(capture.issuer),\n    serialNumber: forge.util.createBuffer(capture.serial).toHex(),\n    digestAlgorithm: asn1.derToOid(capture.digestAlgorithm),\n    signatureAlgorithm: asn1.derToOid(capture.signatureAlgorithm),\n    signature: capture.signature,\n    authenticatedAttributes: [],\n    unauthenticatedAttributes: []\n  };\n\n  // TODO: convert attributes\n  var authenticatedAttributes = capture.authenticatedAttributes || [];\n  var unauthenticatedAttributes = capture.unauthenticatedAttributes || [];\n\n  return rval;\n}\n\n/**\n * Converts a single signerInfo object to an ASN.1 object.\n *\n * @param obj the signerInfo object.\n *\n * @return the ASN.1 representation of a SignerInfo.\n */\nfunction _signerToAsn1(obj) {\n  // SignerInfo\n  var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // version\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      asn1.integerToDer(obj.version).getBytes()),\n    // issuerAndSerialNumber\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // name\n      forge.pki.distinguishedNameToAsn1({attributes: obj.issuer}),\n      // serial\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n        forge.util.hexToBytes(obj.serialNumber))\n    ]),\n    // digestAlgorithm\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // algorithm\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        asn1.oidToDer(obj.digestAlgorithm).getBytes()),\n      // parameters (null)\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n    ])\n  ]);\n\n  // authenticatedAttributes (OPTIONAL)\n  if(obj.authenticatedAttributesAsn1) {\n    // add ASN.1 previously generated during signing\n    rval.value.push(obj.authenticatedAttributesAsn1);\n  }\n\n  // digestEncryptionAlgorithm\n  rval.value.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // algorithm\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n      asn1.oidToDer(obj.signatureAlgorithm).getBytes()),\n    // parameters (null)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n  ]));\n\n  // encryptedDigest\n  rval.value.push(asn1.create(\n    asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, obj.signature));\n\n  // unauthenticatedAttributes (OPTIONAL)\n  if(obj.unauthenticatedAttributes.length > 0) {\n    // [1] IMPLICIT\n    var attrsAsn1 = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, []);\n    for(var i = 0; i < obj.unauthenticatedAttributes.length; ++i) {\n      var attr = obj.unauthenticatedAttributes[i];\n      attrsAsn1.values.push(_attributeToAsn1(attr));\n    }\n    rval.value.push(attrsAsn1);\n  }\n\n  return rval;\n}\n\n/**\n * Map a set of SignerInfo ASN.1 objects to an array of signer objects.\n *\n * @param signerInfoAsn1s an array of ASN.1 SignerInfos (i.e. SET OF).\n *\n * @return an array of signers objects.\n */\nfunction _signersFromAsn1(signerInfoAsn1s) {\n  var ret = [];\n  for(var i = 0; i < signerInfoAsn1s.length; ++i) {\n    ret.push(_signerFromAsn1(signerInfoAsn1s[i]));\n  }\n  return ret;\n}\n\n/**\n * Map an array of signer objects to ASN.1 objects.\n *\n * @param signers an array of signer objects.\n *\n * @return an array of ASN.1 SignerInfos.\n */\nfunction _signersToAsn1(signers) {\n  var ret = [];\n  for(var i = 0; i < signers.length; ++i) {\n    ret.push(_signerToAsn1(signers[i]));\n  }\n  return ret;\n}\n\n/**\n * Convert an attribute object to an ASN.1 Attribute.\n *\n * @param attr the attribute object.\n *\n * @return the ASN.1 Attribute.\n */\nfunction _attributeToAsn1(attr) {\n  var value;\n\n  // TODO: generalize to support more attributes\n  if(attr.type === forge.pki.oids.contentType) {\n    value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n      asn1.oidToDer(attr.value).getBytes());\n  } else if(attr.type === forge.pki.oids.messageDigest) {\n    value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n      attr.value.bytes());\n  } else if(attr.type === forge.pki.oids.signingTime) {\n    /* Note per RFC 2985: Dates between 1 January 1950 and 31 December 2049\n      (inclusive) MUST be encoded as UTCTime. Any dates with year values\n      before 1950 or after 2049 MUST be encoded as GeneralizedTime. [Further,]\n      UTCTime values MUST be expressed in Greenwich Mean Time (Zulu) and MUST\n      include seconds (i.e., times are YYMMDDHHMMSSZ), even where the\n      number of seconds is zero.  Midnight (GMT) must be represented as\n      \"YYMMDD000000Z\". */\n    // TODO: make these module-level constants\n    var jan_1_1950 = new Date('1950-01-01T00:00:00Z');\n    var jan_1_2050 = new Date('2050-01-01T00:00:00Z');\n    var date = attr.value;\n    if(typeof date === 'string') {\n      // try to parse date\n      var timestamp = Date.parse(date);\n      if(!isNaN(timestamp)) {\n        date = new Date(timestamp);\n      } else if(date.length === 13) {\n        // YYMMDDHHMMSSZ (13 chars for UTCTime)\n        date = asn1.utcTimeToDate(date);\n      } else {\n        // assume generalized time\n        date = asn1.generalizedTimeToDate(date);\n      }\n    }\n\n    if(date >= jan_1_1950 && date < jan_1_2050) {\n      value = asn1.create(\n        asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false,\n        asn1.dateToUtcTime(date));\n    } else {\n      value = asn1.create(\n        asn1.Class.UNIVERSAL, asn1.Type.GENERALIZEDTIME, false,\n        asn1.dateToGeneralizedTime(date));\n    }\n  }\n\n  // TODO: expose as common API call\n  // create a RelativeDistinguishedName set\n  // each value in the set is an AttributeTypeAndValue first\n  // containing the type (an OID) and second the value\n  return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // AttributeType\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n      asn1.oidToDer(attr.type).getBytes()),\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [\n      // AttributeValue\n      value\n    ])\n  ]);\n}\n\n/**\n * Map messages encrypted content to ASN.1 objects.\n *\n * @param ec The encryptedContent object of the message.\n *\n * @return ASN.1 representation of the encryptedContent object (SEQUENCE).\n */\nfunction _encryptedContentToAsn1(ec) {\n  return [\n    // ContentType, always Data for the moment\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n      asn1.oidToDer(forge.pki.oids.data).getBytes()),\n    // ContentEncryptionAlgorithmIdentifier\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // Algorithm\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        asn1.oidToDer(ec.algorithm).getBytes()),\n      // Parameters (IV)\n      !ec.parameter ?\n        undefined :\n        asn1.create(\n          asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n          ec.parameter.getBytes())\n    ]),\n    // [0] EncryptedContent\n    asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n        ec.content.getBytes())\n    ])\n  ];\n}\n\n/**\n * Reads the \"common part\" of an PKCS#7 content block (in ASN.1 format)\n *\n * This function reads the \"common part\" of the PKCS#7 content blocks\n * EncryptedData and EnvelopedData, i.e. version number and symmetrically\n * encrypted content block.\n *\n * The result of the ASN.1 validate and capture process is returned\n * to allow the caller to extract further data, e.g. the list of recipients\n * in case of a EnvelopedData object.\n *\n * @param msg the PKCS#7 object to read the data to.\n * @param obj the ASN.1 representation of the content block.\n * @param validator the ASN.1 structure validator object to use.\n *\n * @return the value map captured by validator object.\n */\nfunction _fromAsn1(msg, obj, validator) {\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(obj, validator, capture, errors)) {\n    var error = new Error('Cannot read PKCS#7 message. ' +\n      'ASN.1 object is not a supported PKCS#7 message.');\n    error.errors = error;\n    throw error;\n  }\n\n  // Check contentType, so far we only support (raw) Data.\n  var contentType = asn1.derToOid(capture.contentType);\n  if(contentType !== forge.pki.oids.data) {\n    throw new Error('Unsupported PKCS#7 message. ' +\n      'Only wrapped ContentType Data supported.');\n  }\n\n  if(capture.encryptedContent) {\n    var content = '';\n    if(forge.util.isArray(capture.encryptedContent)) {\n      for(var i = 0; i < capture.encryptedContent.length; ++i) {\n        if(capture.encryptedContent[i].type !== asn1.Type.OCTETSTRING) {\n          throw new Error('Malformed PKCS#7 message, expecting encrypted ' +\n            'content constructed of only OCTET STRING objects.');\n        }\n        content += capture.encryptedContent[i].value;\n      }\n    } else {\n      content = capture.encryptedContent;\n    }\n    msg.encryptedContent = {\n      algorithm: asn1.derToOid(capture.encAlgorithm),\n      parameter: forge.util.createBuffer(capture.encParameter.value),\n      content: forge.util.createBuffer(content)\n    };\n  }\n\n  if(capture.content) {\n    var content = '';\n    if(forge.util.isArray(capture.content)) {\n      for(var i = 0; i < capture.content.length; ++i) {\n        if(capture.content[i].type !== asn1.Type.OCTETSTRING) {\n          throw new Error('Malformed PKCS#7 message, expecting ' +\n            'content constructed of only OCTET STRING objects.');\n        }\n        content += capture.content[i].value;\n      }\n    } else {\n      content = capture.content;\n    }\n    msg.content = forge.util.createBuffer(content);\n  }\n\n  msg.version = capture.version.charCodeAt(0);\n  msg.rawCapture = capture;\n\n  return capture;\n}\n\n/**\n * Decrypt the symmetrically encrypted content block of the PKCS#7 message.\n *\n * Decryption is skipped in case the PKCS#7 message object already has a\n * (decrypted) content attribute.  The algorithm, key and cipher parameters\n * (probably the iv) are taken from the encryptedContent attribute of the\n * message object.\n *\n * @param The PKCS#7 message object.\n */\nfunction _decryptContent(msg) {\n  if(msg.encryptedContent.key === undefined) {\n    throw new Error('Symmetric key not available.');\n  }\n\n  if(msg.content === undefined) {\n    var ciph;\n\n    switch(msg.encryptedContent.algorithm) {\n      case forge.pki.oids['aes128-CBC']:\n      case forge.pki.oids['aes192-CBC']:\n      case forge.pki.oids['aes256-CBC']:\n        ciph = forge.aes.createDecryptionCipher(msg.encryptedContent.key);\n        break;\n\n      case forge.pki.oids['desCBC']:\n      case forge.pki.oids['des-EDE3-CBC']:\n        ciph = forge.des.createDecryptionCipher(msg.encryptedContent.key);\n        break;\n\n      default:\n        throw new Error('Unsupported symmetric cipher, OID ' +\n          msg.encryptedContent.algorithm);\n    }\n    ciph.start(msg.encryptedContent.parameter);\n    ciph.update(msg.encryptedContent.content);\n\n    if(!ciph.finish()) {\n      throw new Error('Symmetric decryption failed.');\n    }\n\n    msg.content = ciph.output;\n  }\n}\n","/**\n * Javascript implementation of ASN.1 validators for PKCS#7 v1.5.\n *\n * @author Dave Longley\n * @author Stefan Siegl\n *\n * Copyright (c) 2012-2015 Digital Bazaar, Inc.\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n *\n * The ASN.1 representation of PKCS#7 is as follows\n * (see RFC #2315 for details, http://www.ietf.org/rfc/rfc2315.txt):\n *\n * A PKCS#7 message consists of a ContentInfo on root level, which may\n * contain any number of further ContentInfo nested into it.\n *\n * ContentInfo ::= SEQUENCE {\n *   contentType                ContentType,\n *   content               [0]  EXPLICIT ANY DEFINED BY contentType OPTIONAL\n * }\n *\n * ContentType ::= OBJECT IDENTIFIER\n *\n * EnvelopedData ::= SEQUENCE {\n *   version                    Version,\n *   recipientInfos             RecipientInfos,\n *   encryptedContentInfo       EncryptedContentInfo\n * }\n *\n * EncryptedData ::= SEQUENCE {\n *   version                    Version,\n *   encryptedContentInfo       EncryptedContentInfo\n * }\n *\n * id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2)\n *   us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 }\n *\n * SignedData ::= SEQUENCE {\n *   version           INTEGER,\n *   digestAlgorithms  DigestAlgorithmIdentifiers,\n *   contentInfo       ContentInfo,\n *   certificates      [0] IMPLICIT Certificates OPTIONAL,\n *   crls              [1] IMPLICIT CertificateRevocationLists OPTIONAL,\n *   signerInfos       SignerInfos\n * }\n *\n * SignerInfos ::= SET OF SignerInfo\n *\n * SignerInfo ::= SEQUENCE {\n *   version                    Version,\n *   issuerAndSerialNumber      IssuerAndSerialNumber,\n *   digestAlgorithm            DigestAlgorithmIdentifier,\n *   authenticatedAttributes    [0] IMPLICIT Attributes OPTIONAL,\n *   digestEncryptionAlgorithm  DigestEncryptionAlgorithmIdentifier,\n *   encryptedDigest            EncryptedDigest,\n *   unauthenticatedAttributes  [1] IMPLICIT Attributes OPTIONAL\n * }\n *\n * EncryptedDigest ::= OCTET STRING\n *\n * Attributes ::= SET OF Attribute\n *\n * Attribute ::= SEQUENCE {\n *   attrType    OBJECT IDENTIFIER,\n *   attrValues  SET OF AttributeValue\n * }\n *\n * AttributeValue ::= ANY\n *\n * Version ::= INTEGER\n *\n * RecipientInfos ::= SET OF RecipientInfo\n *\n * EncryptedContentInfo ::= SEQUENCE {\n *   contentType                 ContentType,\n *   contentEncryptionAlgorithm  ContentEncryptionAlgorithmIdentifier,\n *   encryptedContent       [0]  IMPLICIT EncryptedContent OPTIONAL\n * }\n *\n * ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier\n *\n * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters\n * for the algorithm, if any. In the case of AES and DES3, there is only one,\n * the IV.\n *\n * AlgorithmIdentifer ::= SEQUENCE {\n *    algorithm OBJECT IDENTIFIER,\n *    parameters ANY DEFINED BY algorithm OPTIONAL\n * }\n *\n * EncryptedContent ::= OCTET STRING\n *\n * RecipientInfo ::= SEQUENCE {\n *   version                     Version,\n *   issuerAndSerialNumber       IssuerAndSerialNumber,\n *   keyEncryptionAlgorithm      KeyEncryptionAlgorithmIdentifier,\n *   encryptedKey                EncryptedKey\n * }\n *\n * IssuerAndSerialNumber ::= SEQUENCE {\n *   issuer                      Name,\n *   serialNumber                CertificateSerialNumber\n * }\n *\n * CertificateSerialNumber ::= INTEGER\n *\n * KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier\n *\n * EncryptedKey ::= OCTET STRING\n */\nvar forge = require('./forge');\nrequire('./asn1');\nrequire('./util');\n\n// shortcut for ASN.1 API\nvar asn1 = forge.asn1;\n\n// shortcut for PKCS#7 API\nvar p7v = module.exports = forge.pkcs7asn1 = forge.pkcs7asn1 || {};\nforge.pkcs7 = forge.pkcs7 || {};\nforge.pkcs7.asn1 = p7v;\n\nvar contentInfoValidator = {\n  name: 'ContentInfo',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'ContentInfo.ContentType',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OID,\n    constructed: false,\n    capture: 'contentType'\n  }, {\n    name: 'ContentInfo.content',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    type: 0,\n    constructed: true,\n    optional: true,\n    captureAsn1: 'content'\n  }]\n};\np7v.contentInfoValidator = contentInfoValidator;\n\nvar encryptedContentInfoValidator = {\n  name: 'EncryptedContentInfo',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'EncryptedContentInfo.contentType',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OID,\n    constructed: false,\n    capture: 'contentType'\n  }, {\n    name: 'EncryptedContentInfo.contentEncryptionAlgorithm',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      name: 'EncryptedContentInfo.contentEncryptionAlgorithm.algorithm',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OID,\n      constructed: false,\n      capture: 'encAlgorithm'\n    }, {\n      name: 'EncryptedContentInfo.contentEncryptionAlgorithm.parameter',\n      tagClass: asn1.Class.UNIVERSAL,\n      captureAsn1: 'encParameter'\n    }]\n  }, {\n    name: 'EncryptedContentInfo.encryptedContent',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    type: 0,\n    /* The PKCS#7 structure output by OpenSSL somewhat differs from what\n     * other implementations do generate.\n     *\n     * OpenSSL generates a structure like this:\n     * SEQUENCE {\n     *    ...\n     *    [0]\n     *       26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38\n     *       C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45\n     *       ...\n     * }\n     *\n     * Whereas other implementations (and this PKCS#7 module) generate:\n     * SEQUENCE {\n     *    ...\n     *    [0] {\n     *       OCTET STRING\n     *          26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38\n     *          C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45\n     *          ...\n     *    }\n     * }\n     *\n     * In order to support both, we just capture the context specific\n     * field here.  The OCTET STRING bit is removed below.\n     */\n    capture: 'encryptedContent',\n    captureAsn1: 'encryptedContentAsn1'\n  }]\n};\n\np7v.envelopedDataValidator = {\n  name: 'EnvelopedData',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'EnvelopedData.Version',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'version'\n  }, {\n    name: 'EnvelopedData.RecipientInfos',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SET,\n    constructed: true,\n    captureAsn1: 'recipientInfos'\n  }].concat(encryptedContentInfoValidator)\n};\n\np7v.encryptedDataValidator = {\n  name: 'EncryptedData',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'EncryptedData.Version',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'version'\n  }].concat(encryptedContentInfoValidator)\n};\n\nvar signerValidator = {\n  name: 'SignerInfo',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'SignerInfo.version',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false\n  }, {\n    name: 'SignerInfo.issuerAndSerialNumber',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      name: 'SignerInfo.issuerAndSerialNumber.issuer',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,\n      constructed: true,\n      captureAsn1: 'issuer'\n    }, {\n      name: 'SignerInfo.issuerAndSerialNumber.serialNumber',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.INTEGER,\n      constructed: false,\n      capture: 'serial'\n    }]\n  }, {\n    name: 'SignerInfo.digestAlgorithm',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      name: 'SignerInfo.digestAlgorithm.algorithm',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OID,\n      constructed: false,\n      capture: 'digestAlgorithm'\n    }, {\n      name: 'SignerInfo.digestAlgorithm.parameter',\n      tagClass: asn1.Class.UNIVERSAL,\n      constructed: false,\n      captureAsn1: 'digestParameter',\n      optional: true\n    }]\n  }, {\n    name: 'SignerInfo.authenticatedAttributes',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    type: 0,\n    constructed: true,\n    optional: true,\n    capture: 'authenticatedAttributes'\n  }, {\n    name: 'SignerInfo.digestEncryptionAlgorithm',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    capture: 'signatureAlgorithm'\n  }, {\n    name: 'SignerInfo.encryptedDigest',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OCTETSTRING,\n    constructed: false,\n    capture: 'signature'\n  }, {\n    name: 'SignerInfo.unauthenticatedAttributes',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    type: 1,\n    constructed: true,\n    optional: true,\n    capture: 'unauthenticatedAttributes'\n  }]\n};\n\np7v.signedDataValidator = {\n  name: 'SignedData',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'SignedData.Version',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'version'\n  }, {\n    name: 'SignedData.DigestAlgorithms',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SET,\n    constructed: true,\n    captureAsn1: 'digestAlgorithms'\n  },\n  contentInfoValidator,\n  {\n    name: 'SignedData.Certificates',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    type: 0,\n    optional: true,\n    captureAsn1: 'certificates'\n  }, {\n    name: 'SignedData.CertificateRevocationLists',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    type: 1,\n    optional: true,\n    captureAsn1: 'crls'\n  }, {\n    name: 'SignedData.SignerInfos',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SET,\n    capture: 'signerInfos',\n    optional: true,\n    value: [signerValidator]\n  }]\n};\n\np7v.recipientInfoValidator = {\n  name: 'RecipientInfo',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'RecipientInfo.version',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'version'\n  }, {\n    name: 'RecipientInfo.issuerAndSerial',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      name: 'RecipientInfo.issuerAndSerial.issuer',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,\n      constructed: true,\n      captureAsn1: 'issuer'\n    }, {\n      name: 'RecipientInfo.issuerAndSerial.serialNumber',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.INTEGER,\n      constructed: false,\n      capture: 'serial'\n    }]\n  }, {\n    name: 'RecipientInfo.keyEncryptionAlgorithm',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      name: 'RecipientInfo.keyEncryptionAlgorithm.algorithm',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OID,\n      constructed: false,\n      capture: 'encAlgorithm'\n    }, {\n      name: 'RecipientInfo.keyEncryptionAlgorithm.parameter',\n      tagClass: asn1.Class.UNIVERSAL,\n      constructed: false,\n      captureAsn1: 'encParameter',\n      optional: true\n    }]\n  }, {\n    name: 'RecipientInfo.encryptedKey',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OCTETSTRING,\n    constructed: false,\n    capture: 'encKey'\n  }]\n};\n","/**\n * Javascript implementation of a basic Public Key Infrastructure, including\n * support for RSA public and private keys.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2013 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./asn1');\nrequire('./oids');\nrequire('./pbe');\nrequire('./pem');\nrequire('./pbkdf2');\nrequire('./pkcs12');\nrequire('./pss');\nrequire('./rsa');\nrequire('./util');\nrequire('./x509');\n\n// shortcut for asn.1 API\nvar asn1 = forge.asn1;\n\n/* Public Key Infrastructure (PKI) implementation. */\nvar pki = module.exports = forge.pki = forge.pki || {};\n\n/**\n * NOTE: THIS METHOD IS DEPRECATED. Use pem.decode() instead.\n *\n * Converts PEM-formatted data to DER.\n *\n * @param pem the PEM-formatted data.\n *\n * @return the DER-formatted data.\n */\npki.pemToDer = function(pem) {\n  var msg = forge.pem.decode(pem)[0];\n  if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n    throw new Error('Could not convert PEM to DER; PEM is encrypted.');\n  }\n  return forge.util.createBuffer(msg.body);\n};\n\n/**\n * Converts an RSA private key from PEM format.\n *\n * @param pem the PEM-formatted private key.\n *\n * @return the private key.\n */\npki.privateKeyFromPem = function(pem) {\n  var msg = forge.pem.decode(pem)[0];\n\n  if(msg.type !== 'PRIVATE KEY' && msg.type !== 'RSA PRIVATE KEY') {\n    var error = new Error('Could not convert private key from PEM; PEM ' +\n      'header type is not \"PRIVATE KEY\" or \"RSA PRIVATE KEY\".');\n    error.headerType = msg.type;\n    throw error;\n  }\n  if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n    throw new Error('Could not convert private key from PEM; PEM is encrypted.');\n  }\n\n  // convert DER to ASN.1 object\n  var obj = asn1.fromDer(msg.body);\n\n  return pki.privateKeyFromAsn1(obj);\n};\n\n/**\n * Converts an RSA private key to PEM format.\n *\n * @param key the private key.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted private key.\n */\npki.privateKeyToPem = function(key, maxline) {\n  // convert to ASN.1, then DER, then PEM-encode\n  var msg = {\n    type: 'RSA PRIVATE KEY',\n    body: asn1.toDer(pki.privateKeyToAsn1(key)).getBytes()\n  };\n  return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Converts a PrivateKeyInfo to PEM format.\n *\n * @param pki the PrivateKeyInfo.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted private key.\n */\npki.privateKeyInfoToPem = function(pki, maxline) {\n  // convert to DER, then PEM-encode\n  var msg = {\n    type: 'PRIVATE KEY',\n    body: asn1.toDer(pki).getBytes()\n  };\n  return forge.pem.encode(msg, {maxline: maxline});\n};\n","/**\n * Prime number generation API.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\nrequire('./jsbn');\nrequire('./random');\n\n(function() {\n\n// forge.prime already defined\nif(forge.prime) {\n  module.exports = forge.prime;\n  return;\n}\n\n/* PRIME API */\nvar prime = module.exports = forge.prime = forge.prime || {};\n\nvar BigInteger = forge.jsbn.BigInteger;\n\n// primes are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29\nvar GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];\nvar THIRTY = new BigInteger(null);\nTHIRTY.fromInt(30);\nvar op_or = function(x, y) {return x|y;};\n\n/**\n * Generates a random probable prime with the given number of bits.\n *\n * Alternative algorithms can be specified by name as a string or as an\n * object with custom options like so:\n *\n * {\n *   name: 'PRIMEINC',\n *   options: {\n *     maxBlockTime: <the maximum amount of time to block the main\n *       thread before allowing I/O other JS to run>,\n *     millerRabinTests: <the number of miller-rabin tests to run>,\n *     workerScript: <the worker script URL>,\n *     workers: <the number of web workers (if supported) to use,\n *       -1 to use estimated cores minus one>.\n *     workLoad: the size of the work load, ie: number of possible prime\n *       numbers for each web worker to check per work assignment,\n *       (default: 100).\n *   }\n * }\n *\n * @param bits the number of bits for the prime number.\n * @param options the options to use.\n *          [algorithm] the algorithm to use (default: 'PRIMEINC').\n *          [prng] a custom crypto-secure pseudo-random number generator to use,\n *            that must define \"getBytesSync\".\n *\n * @return callback(err, num) called once the operation completes.\n */\nprime.generateProbablePrime = function(bits, options, callback) {\n  if(typeof options === 'function') {\n    callback = options;\n    options = {};\n  }\n  options = options || {};\n\n  // default to PRIMEINC algorithm\n  var algorithm = options.algorithm || 'PRIMEINC';\n  if(typeof algorithm === 'string') {\n    algorithm = {name: algorithm};\n  }\n  algorithm.options = algorithm.options || {};\n\n  // create prng with api that matches BigInteger secure random\n  var prng = options.prng || forge.random;\n  var rng = {\n    // x is an array to fill with bytes\n    nextBytes: function(x) {\n      var b = prng.getBytesSync(x.length);\n      for(var i = 0; i < x.length; ++i) {\n        x[i] = b.charCodeAt(i);\n      }\n    }\n  };\n\n  if(algorithm.name === 'PRIMEINC') {\n    return primeincFindPrime(bits, rng, algorithm.options, callback);\n  }\n\n  throw new Error('Invalid prime generation algorithm: ' + algorithm.name);\n};\n\nfunction primeincFindPrime(bits, rng, options, callback) {\n  if('workers' in options) {\n    return primeincFindPrimeWithWorkers(bits, rng, options, callback);\n  }\n  return primeincFindPrimeWithoutWorkers(bits, rng, options, callback);\n}\n\nfunction primeincFindPrimeWithoutWorkers(bits, rng, options, callback) {\n  // initialize random number\n  var num = generateRandom(bits, rng);\n\n  /* Note: All primes are of the form 30k+i for i < 30 and gcd(30, i)=1. The\n  number we are given is always aligned at 30k + 1. Each time the number is\n  determined not to be prime we add to get to the next 'i', eg: if the number\n  was at 30k + 1 we add 6. */\n  var deltaIdx = 0;\n\n  // get required number of MR tests\n  var mrTests = getMillerRabinTests(num.bitLength());\n  if('millerRabinTests' in options) {\n    mrTests = options.millerRabinTests;\n  }\n\n  // find prime nearest to 'num' for maxBlockTime ms\n  // 10 ms gives 5ms of leeway for other calculations before dropping\n  // below 60fps (1000/60 == 16.67), but in reality, the number will\n  // likely be higher due to an 'atomic' big int modPow\n  var maxBlockTime = 10;\n  if('maxBlockTime' in options) {\n    maxBlockTime = options.maxBlockTime;\n  }\n\n  _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback);\n}\n\nfunction _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback) {\n  var start = +new Date();\n  do {\n    // overflow, regenerate random number\n    if(num.bitLength() > bits) {\n      num = generateRandom(bits, rng);\n    }\n    // do primality test\n    if(num.isProbablePrime(mrTests)) {\n      return callback(null, num);\n    }\n    // get next potential prime\n    num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0);\n  } while(maxBlockTime < 0 || (+new Date() - start < maxBlockTime));\n\n  // keep trying later\n  forge.util.setImmediate(function() {\n    _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback);\n  });\n}\n\n// NOTE: This algorithm is indeterminate in nature because workers\n// run in parallel looking at different segments of numbers. Even if this\n// algorithm is run twice with the same input from a predictable RNG, it\n// may produce different outputs.\nfunction primeincFindPrimeWithWorkers(bits, rng, options, callback) {\n  // web workers unavailable\n  if(typeof Worker === 'undefined') {\n    return primeincFindPrimeWithoutWorkers(bits, rng, options, callback);\n  }\n\n  // initialize random number\n  var num = generateRandom(bits, rng);\n\n  // use web workers to generate keys\n  var numWorkers = options.workers;\n  var workLoad = options.workLoad || 100;\n  var range = workLoad * 30 / 8;\n  var workerScript = options.workerScript || 'forge/prime.worker.js';\n  if(numWorkers === -1) {\n    return forge.util.estimateCores(function(err, cores) {\n      if(err) {\n        // default to 2\n        cores = 2;\n      }\n      numWorkers = cores - 1;\n      generate();\n    });\n  }\n  generate();\n\n  function generate() {\n    // require at least 1 worker\n    numWorkers = Math.max(1, numWorkers);\n\n    // TODO: consider optimizing by starting workers outside getPrime() ...\n    // note that in order to clean up they will have to be made internally\n    // asynchronous which may actually be slower\n\n    // start workers immediately\n    var workers = [];\n    for(var i = 0; i < numWorkers; ++i) {\n      // FIXME: fix path or use blob URLs\n      workers[i] = new Worker(workerScript);\n    }\n    var running = numWorkers;\n\n    // listen for requests from workers and assign ranges to find prime\n    for(var i = 0; i < numWorkers; ++i) {\n      workers[i].addEventListener('message', workerMessage);\n    }\n\n    /* Note: The distribution of random numbers is unknown. Therefore, each\n    web worker is continuously allocated a range of numbers to check for a\n    random number until one is found.\n\n    Every 30 numbers will be checked just 8 times, because prime numbers\n    have the form:\n\n    30k+i, for i < 30 and gcd(30, i)=1 (there are 8 values of i for this)\n\n    Therefore, if we want a web worker to run N checks before asking for\n    a new range of numbers, each range must contain N*30/8 numbers.\n\n    For 100 checks (workLoad), this is a range of 375. */\n\n    var found = false;\n    function workerMessage(e) {\n      // ignore message, prime already found\n      if(found) {\n        return;\n      }\n\n      --running;\n      var data = e.data;\n      if(data.found) {\n        // terminate all workers\n        for(var i = 0; i < workers.length; ++i) {\n          workers[i].terminate();\n        }\n        found = true;\n        return callback(null, new BigInteger(data.prime, 16));\n      }\n\n      // overflow, regenerate random number\n      if(num.bitLength() > bits) {\n        num = generateRandom(bits, rng);\n      }\n\n      // assign new range to check\n      var hex = num.toString(16);\n\n      // start prime search\n      e.target.postMessage({\n        hex: hex,\n        workLoad: workLoad\n      });\n\n      num.dAddOffset(range, 0);\n    }\n  }\n}\n\n/**\n * Generates a random number using the given number of bits and RNG.\n *\n * @param bits the number of bits for the number.\n * @param rng the random number generator to use.\n *\n * @return the random number.\n */\nfunction generateRandom(bits, rng) {\n  var num = new BigInteger(bits, rng);\n  // force MSB set\n  var bits1 = bits - 1;\n  if(!num.testBit(bits1)) {\n    num.bitwiseTo(BigInteger.ONE.shiftLeft(bits1), op_or, num);\n  }\n  // align number on 30k+1 boundary\n  num.dAddOffset(31 - num.mod(THIRTY).byteValue(), 0);\n  return num;\n}\n\n/**\n * Returns the required number of Miller-Rabin tests to generate a\n * prime with an error probability of (1/2)^80.\n *\n * See Handbook of Applied Cryptography Chapter 4, Table 4.4.\n *\n * @param bits the bit size.\n *\n * @return the required number of iterations.\n */\nfunction getMillerRabinTests(bits) {\n  if(bits <= 100) return 27;\n  if(bits <= 150) return 18;\n  if(bits <= 200) return 15;\n  if(bits <= 250) return 12;\n  if(bits <= 300) return 9;\n  if(bits <= 350) return 8;\n  if(bits <= 400) return 7;\n  if(bits <= 500) return 6;\n  if(bits <= 600) return 5;\n  if(bits <= 800) return 4;\n  if(bits <= 1250) return 3;\n  return 2;\n}\n\n})();\n","/**\n * A javascript implementation of a cryptographically-secure\n * Pseudo Random Number Generator (PRNG). The Fortuna algorithm is followed\n * here though the use of SHA-256 is not enforced; when generating an\n * a PRNG context, the hashing algorithm and block cipher used for\n * the generator are specified via a plugin.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./util');\n\nvar _crypto = null;\nif(forge.util.isNodejs && !forge.options.usePureJavaScript &&\n  !process.versions['node-webkit']) {\n  _crypto = require('crypto');\n}\n\n/* PRNG API */\nvar prng = module.exports = forge.prng = forge.prng || {};\n\n/**\n * Creates a new PRNG context.\n *\n * A PRNG plugin must be passed in that will provide:\n *\n * 1. A function that initializes the key and seed of a PRNG context. It\n *   will be given a 16 byte key and a 16 byte seed. Any key expansion\n *   or transformation of the seed from a byte string into an array of\n *   integers (or similar) should be performed.\n * 2. The cryptographic function used by the generator. It takes a key and\n *   a seed.\n * 3. A seed increment function. It takes the seed and returns seed + 1.\n * 4. An api to create a message digest.\n *\n * For an example, see random.js.\n *\n * @param plugin the PRNG plugin to use.\n */\nprng.create = function(plugin) {\n  var ctx = {\n    plugin: plugin,\n    key: null,\n    seed: null,\n    time: null,\n    // number of reseeds so far\n    reseeds: 0,\n    // amount of data generated so far\n    generated: 0,\n    // no initial key bytes\n    keyBytes: ''\n  };\n\n  // create 32 entropy pools (each is a message digest)\n  var md = plugin.md;\n  var pools = new Array(32);\n  for(var i = 0; i < 32; ++i) {\n    pools[i] = md.create();\n  }\n  ctx.pools = pools;\n\n  // entropy pools are written to cyclically, starting at index 0\n  ctx.pool = 0;\n\n  /**\n   * Generates random bytes. The bytes may be generated synchronously or\n   * asynchronously. Web workers must use the asynchronous interface or\n   * else the behavior is undefined.\n   *\n   * @param count the number of random bytes to generate.\n   * @param [callback(err, bytes)] called once the operation completes.\n   *\n   * @return count random bytes as a string.\n   */\n  ctx.generate = function(count, callback) {\n    // do synchronously\n    if(!callback) {\n      return ctx.generateSync(count);\n    }\n\n    // simple generator using counter-based CBC\n    var cipher = ctx.plugin.cipher;\n    var increment = ctx.plugin.increment;\n    var formatKey = ctx.plugin.formatKey;\n    var formatSeed = ctx.plugin.formatSeed;\n    var b = forge.util.createBuffer();\n\n    // paranoid deviation from Fortuna:\n    // reset key for every request to protect previously\n    // generated random bytes should the key be discovered;\n    // there is no 100ms based reseeding because of this\n    // forced reseed for every `generate` call\n    ctx.key = null;\n\n    generate();\n\n    function generate(err) {\n      if(err) {\n        return callback(err);\n      }\n\n      // sufficient bytes generated\n      if(b.length() >= count) {\n        return callback(null, b.getBytes(count));\n      }\n\n      // if amount of data generated is greater than 1 MiB, trigger reseed\n      if(ctx.generated > 0xfffff) {\n        ctx.key = null;\n      }\n\n      if(ctx.key === null) {\n        // prevent stack overflow\n        return forge.util.nextTick(function() {\n          _reseed(generate);\n        });\n      }\n\n      // generate the random bytes\n      var bytes = cipher(ctx.key, ctx.seed);\n      ctx.generated += bytes.length;\n      b.putBytes(bytes);\n\n      // generate bytes for a new key and seed\n      ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed)));\n      ctx.seed = formatSeed(cipher(ctx.key, ctx.seed));\n\n      forge.util.setImmediate(generate);\n    }\n  };\n\n  /**\n   * Generates random bytes synchronously.\n   *\n   * @param count the number of random bytes to generate.\n   *\n   * @return count random bytes as a string.\n   */\n  ctx.generateSync = function(count) {\n    // simple generator using counter-based CBC\n    var cipher = ctx.plugin.cipher;\n    var increment = ctx.plugin.increment;\n    var formatKey = ctx.plugin.formatKey;\n    var formatSeed = ctx.plugin.formatSeed;\n\n    // paranoid deviation from Fortuna:\n    // reset key for every request to protect previously\n    // generated random bytes should the key be discovered;\n    // there is no 100ms based reseeding because of this\n    // forced reseed for every `generateSync` call\n    ctx.key = null;\n\n    var b = forge.util.createBuffer();\n    while(b.length() < count) {\n      // if amount of data generated is greater than 1 MiB, trigger reseed\n      if(ctx.generated > 0xfffff) {\n        ctx.key = null;\n      }\n\n      if(ctx.key === null) {\n        _reseedSync();\n      }\n\n      // generate the random bytes\n      var bytes = cipher(ctx.key, ctx.seed);\n      ctx.generated += bytes.length;\n      b.putBytes(bytes);\n\n      // generate bytes for a new key and seed\n      ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed)));\n      ctx.seed = formatSeed(cipher(ctx.key, ctx.seed));\n    }\n\n    return b.getBytes(count);\n  };\n\n  /**\n   * Private function that asynchronously reseeds a generator.\n   *\n   * @param callback(err) called once the operation completes.\n   */\n  function _reseed(callback) {\n    if(ctx.pools[0].messageLength >= 32) {\n      _seed();\n      return callback();\n    }\n    // not enough seed data...\n    var needed = (32 - ctx.pools[0].messageLength) << 5;\n    ctx.seedFile(needed, function(err, bytes) {\n      if(err) {\n        return callback(err);\n      }\n      ctx.collect(bytes);\n      _seed();\n      callback();\n    });\n  }\n\n  /**\n   * Private function that synchronously reseeds a generator.\n   */\n  function _reseedSync() {\n    if(ctx.pools[0].messageLength >= 32) {\n      return _seed();\n    }\n    // not enough seed data...\n    var needed = (32 - ctx.pools[0].messageLength) << 5;\n    ctx.collect(ctx.seedFileSync(needed));\n    _seed();\n  }\n\n  /**\n   * Private function that seeds a generator once enough bytes are available.\n   */\n  function _seed() {\n    // update reseed count\n    ctx.reseeds = (ctx.reseeds === 0xffffffff) ? 0 : ctx.reseeds + 1;\n\n    // goal is to update `key` via:\n    // key = hash(key + s)\n    //   where 's' is all collected entropy from selected pools, then...\n\n    // create a plugin-based message digest\n    var md = ctx.plugin.md.create();\n\n    // consume current key bytes\n    md.update(ctx.keyBytes);\n\n    // digest the entropy of pools whose index k meet the\n    // condition 'n mod 2^k == 0' where n is the number of reseeds\n    var _2powK = 1;\n    for(var k = 0; k < 32; ++k) {\n      if(ctx.reseeds % _2powK === 0) {\n        md.update(ctx.pools[k].digest().getBytes());\n        ctx.pools[k].start();\n      }\n      _2powK = _2powK << 1;\n    }\n\n    // get digest for key bytes\n    ctx.keyBytes = md.digest().getBytes();\n\n    // paranoid deviation from Fortuna:\n    // update `seed` via `seed = hash(key)`\n    // instead of initializing to zero once and only\n    // ever incrementing it\n    md.start();\n    md.update(ctx.keyBytes);\n    var seedBytes = md.digest().getBytes();\n\n    // update state\n    ctx.key = ctx.plugin.formatKey(ctx.keyBytes);\n    ctx.seed = ctx.plugin.formatSeed(seedBytes);\n    ctx.generated = 0;\n  }\n\n  /**\n   * The built-in default seedFile. This seedFile is used when entropy\n   * is needed immediately.\n   *\n   * @param needed the number of bytes that are needed.\n   *\n   * @return the random bytes.\n   */\n  function defaultSeedFile(needed) {\n    // use window.crypto.getRandomValues strong source of entropy if available\n    var getRandomValues = null;\n    var globalScope = forge.util.globalScope;\n    var _crypto = globalScope.crypto || globalScope.msCrypto;\n    if(_crypto && _crypto.getRandomValues) {\n      getRandomValues = function(arr) {\n        return _crypto.getRandomValues(arr);\n      };\n    }\n\n    var b = forge.util.createBuffer();\n    if(getRandomValues) {\n      while(b.length() < needed) {\n        // max byte length is 65536 before QuotaExceededError is thrown\n        // http://www.w3.org/TR/WebCryptoAPI/#RandomSource-method-getRandomValues\n        var count = Math.max(1, Math.min(needed - b.length(), 65536) / 4);\n        var entropy = new Uint32Array(Math.floor(count));\n        try {\n          getRandomValues(entropy);\n          for(var i = 0; i < entropy.length; ++i) {\n            b.putInt32(entropy[i]);\n          }\n        } catch(e) {\n          /* only ignore QuotaExceededError */\n          if(!(typeof QuotaExceededError !== 'undefined' &&\n            e instanceof QuotaExceededError)) {\n            throw e;\n          }\n        }\n      }\n    }\n\n    // be sad and add some weak random data\n    if(b.length() < needed) {\n      /* Draws from Park-Miller \"minimal standard\" 31 bit PRNG,\n      implemented with David G. Carta's optimization: with 32 bit math\n      and without division (Public Domain). */\n      var hi, lo, next;\n      var seed = Math.floor(Math.random() * 0x010000);\n      while(b.length() < needed) {\n        lo = 16807 * (seed & 0xFFFF);\n        hi = 16807 * (seed >> 16);\n        lo += (hi & 0x7FFF) << 16;\n        lo += hi >> 15;\n        lo = (lo & 0x7FFFFFFF) + (lo >> 31);\n        seed = lo & 0xFFFFFFFF;\n\n        // consume lower 3 bytes of seed\n        for(var i = 0; i < 3; ++i) {\n          // throw in more pseudo random\n          next = seed >>> (i << 3);\n          next ^= Math.floor(Math.random() * 0x0100);\n          b.putByte(next & 0xFF);\n        }\n      }\n    }\n\n    return b.getBytes(needed);\n  }\n  // initialize seed file APIs\n  if(_crypto) {\n    // use nodejs async API\n    ctx.seedFile = function(needed, callback) {\n      _crypto.randomBytes(needed, function(err, bytes) {\n        if(err) {\n          return callback(err);\n        }\n        callback(null, bytes.toString());\n      });\n    };\n    // use nodejs sync API\n    ctx.seedFileSync = function(needed) {\n      return _crypto.randomBytes(needed).toString();\n    };\n  } else {\n    ctx.seedFile = function(needed, callback) {\n      try {\n        callback(null, defaultSeedFile(needed));\n      } catch(e) {\n        callback(e);\n      }\n    };\n    ctx.seedFileSync = defaultSeedFile;\n  }\n\n  /**\n   * Adds entropy to a prng ctx's accumulator.\n   *\n   * @param bytes the bytes of entropy as a string.\n   */\n  ctx.collect = function(bytes) {\n    // iterate over pools distributing entropy cyclically\n    var count = bytes.length;\n    for(var i = 0; i < count; ++i) {\n      ctx.pools[ctx.pool].update(bytes.substr(i, 1));\n      ctx.pool = (ctx.pool === 31) ? 0 : ctx.pool + 1;\n    }\n  };\n\n  /**\n   * Collects an integer of n bits.\n   *\n   * @param i the integer entropy.\n   * @param n the number of bits in the integer.\n   */\n  ctx.collectInt = function(i, n) {\n    var bytes = '';\n    for(var x = 0; x < n; x += 8) {\n      bytes += String.fromCharCode((i >> x) & 0xFF);\n    }\n    ctx.collect(bytes);\n  };\n\n  /**\n   * Registers a Web Worker to receive immediate entropy from the main thread.\n   * This method is required until Web Workers can access the native crypto\n   * API. This method should be called twice for each created worker, once in\n   * the main thread, and once in the worker itself.\n   *\n   * @param worker the worker to register.\n   */\n  ctx.registerWorker = function(worker) {\n    // worker receives random bytes\n    if(worker === self) {\n      ctx.seedFile = function(needed, callback) {\n        function listener(e) {\n          var data = e.data;\n          if(data.forge && data.forge.prng) {\n            self.removeEventListener('message', listener);\n            callback(data.forge.prng.err, data.forge.prng.bytes);\n          }\n        }\n        self.addEventListener('message', listener);\n        self.postMessage({forge: {prng: {needed: needed}}});\n      };\n    } else {\n      // main thread sends random bytes upon request\n      var listener = function(e) {\n        var data = e.data;\n        if(data.forge && data.forge.prng) {\n          ctx.seedFile(data.forge.prng.needed, function(err, bytes) {\n            worker.postMessage({forge: {prng: {err: err, bytes: bytes}}});\n          });\n        }\n      };\n      // TODO: do we need to remove the event listener when the worker dies?\n      worker.addEventListener('message', listener);\n    }\n  };\n\n  return ctx;\n};\n","/**\n * Javascript implementation of PKCS#1 PSS signature padding.\n *\n * @author Stefan Siegl\n *\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n */\nvar forge = require('./forge');\nrequire('./random');\nrequire('./util');\n\n// shortcut for PSS API\nvar pss = module.exports = forge.pss = forge.pss || {};\n\n/**\n * Creates a PSS signature scheme object.\n *\n * There are several ways to provide a salt for encoding:\n *\n * 1. Specify the saltLength only and the built-in PRNG will generate it.\n * 2. Specify the saltLength and a custom PRNG with 'getBytesSync' defined that\n *   will be used.\n * 3. Specify the salt itself as a forge.util.ByteBuffer.\n *\n * @param options the options to use:\n *          md the message digest object to use, a forge md instance.\n *          mgf the mask generation function to use, a forge mgf instance.\n *          [saltLength] the length of the salt in octets.\n *          [prng] the pseudo-random number generator to use to produce a salt.\n *          [salt] the salt to use when encoding.\n *\n * @return a signature scheme object.\n */\npss.create = function(options) {\n  // backwards compatibility w/legacy args: hash, mgf, sLen\n  if(arguments.length === 3) {\n    options = {\n      md: arguments[0],\n      mgf: arguments[1],\n      saltLength: arguments[2]\n    };\n  }\n\n  var hash = options.md;\n  var mgf = options.mgf;\n  var hLen = hash.digestLength;\n\n  var salt_ = options.salt || null;\n  if(typeof salt_ === 'string') {\n    // assume binary-encoded string\n    salt_ = forge.util.createBuffer(salt_);\n  }\n\n  var sLen;\n  if('saltLength' in options) {\n    sLen = options.saltLength;\n  } else if(salt_ !== null) {\n    sLen = salt_.length();\n  } else {\n    throw new Error('Salt length not specified or specific salt not given.');\n  }\n\n  if(salt_ !== null && salt_.length() !== sLen) {\n    throw new Error('Given salt length does not match length of given salt.');\n  }\n\n  var prng = options.prng || forge.random;\n\n  var pssobj = {};\n\n  /**\n   * Encodes a PSS signature.\n   *\n   * This function implements EMSA-PSS-ENCODE as per RFC 3447, section 9.1.1.\n   *\n   * @param md the message digest object with the hash to sign.\n   * @param modsBits the length of the RSA modulus in bits.\n   *\n   * @return the encoded message as a binary-encoded string of length\n   *           ceil((modBits - 1) / 8).\n   */\n  pssobj.encode = function(md, modBits) {\n    var i;\n    var emBits = modBits - 1;\n    var emLen = Math.ceil(emBits / 8);\n\n    /* 2. Let mHash = Hash(M), an octet string of length hLen. */\n    var mHash = md.digest().getBytes();\n\n    /* 3. If emLen < hLen + sLen + 2, output \"encoding error\" and stop. */\n    if(emLen < hLen + sLen + 2) {\n      throw new Error('Message is too long to encrypt.');\n    }\n\n    /* 4. Generate a random octet string salt of length sLen; if sLen = 0,\n     *    then salt is the empty string. */\n    var salt;\n    if(salt_ === null) {\n      salt = prng.getBytesSync(sLen);\n    } else {\n      salt = salt_.bytes();\n    }\n\n    /* 5. Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt; */\n    var m_ = new forge.util.ByteBuffer();\n    m_.fillWithByte(0, 8);\n    m_.putBytes(mHash);\n    m_.putBytes(salt);\n\n    /* 6. Let H = Hash(M'), an octet string of length hLen. */\n    hash.start();\n    hash.update(m_.getBytes());\n    var h = hash.digest().getBytes();\n\n    /* 7. Generate an octet string PS consisting of emLen - sLen - hLen - 2\n     *    zero octets.  The length of PS may be 0. */\n    var ps = new forge.util.ByteBuffer();\n    ps.fillWithByte(0, emLen - sLen - hLen - 2);\n\n    /* 8. Let DB = PS || 0x01 || salt; DB is an octet string of length\n     *    emLen - hLen - 1. */\n    ps.putByte(0x01);\n    ps.putBytes(salt);\n    var db = ps.getBytes();\n\n    /* 9. Let dbMask = MGF(H, emLen - hLen - 1). */\n    var maskLen = emLen - hLen - 1;\n    var dbMask = mgf.generate(h, maskLen);\n\n    /* 10. Let maskedDB = DB \\xor dbMask. */\n    var maskedDB = '';\n    for(i = 0; i < maskLen; i++) {\n      maskedDB += String.fromCharCode(db.charCodeAt(i) ^ dbMask.charCodeAt(i));\n    }\n\n    /* 11. Set the leftmost 8emLen - emBits bits of the leftmost octet in\n     *     maskedDB to zero. */\n    var mask = (0xFF00 >> (8 * emLen - emBits)) & 0xFF;\n    maskedDB = String.fromCharCode(maskedDB.charCodeAt(0) & ~mask) +\n      maskedDB.substr(1);\n\n    /* 12. Let EM = maskedDB || H || 0xbc.\n     * 13. Output EM. */\n    return maskedDB + h + String.fromCharCode(0xbc);\n  };\n\n  /**\n   * Verifies a PSS signature.\n   *\n   * This function implements EMSA-PSS-VERIFY as per RFC 3447, section 9.1.2.\n   *\n   * @param mHash the message digest hash, as a binary-encoded string, to\n   *         compare against the signature.\n   * @param em the encoded message, as a binary-encoded string\n   *          (RSA decryption result).\n   * @param modsBits the length of the RSA modulus in bits.\n   *\n   * @return true if the signature was verified, false if not.\n   */\n  pssobj.verify = function(mHash, em, modBits) {\n    var i;\n    var emBits = modBits - 1;\n    var emLen = Math.ceil(emBits / 8);\n\n    /* c. Convert the message representative m to an encoded message EM\n     *    of length emLen = ceil((modBits - 1) / 8) octets, where modBits\n     *    is the length in bits of the RSA modulus n */\n    em = em.substr(-emLen);\n\n    /* 3. If emLen < hLen + sLen + 2, output \"inconsistent\" and stop. */\n    if(emLen < hLen + sLen + 2) {\n      throw new Error('Inconsistent parameters to PSS signature verification.');\n    }\n\n    /* 4. If the rightmost octet of EM does not have hexadecimal value\n     *    0xbc, output \"inconsistent\" and stop. */\n    if(em.charCodeAt(emLen - 1) !== 0xbc) {\n      throw new Error('Encoded message does not end in 0xBC.');\n    }\n\n    /* 5. Let maskedDB be the leftmost emLen - hLen - 1 octets of EM, and\n     *    let H be the next hLen octets. */\n    var maskLen = emLen - hLen - 1;\n    var maskedDB = em.substr(0, maskLen);\n    var h = em.substr(maskLen, hLen);\n\n    /* 6. If the leftmost 8emLen - emBits bits of the leftmost octet in\n     *    maskedDB are not all equal to zero, output \"inconsistent\" and stop. */\n    var mask = (0xFF00 >> (8 * emLen - emBits)) & 0xFF;\n    if((maskedDB.charCodeAt(0) & mask) !== 0) {\n      throw new Error('Bits beyond keysize not zero as expected.');\n    }\n\n    /* 7. Let dbMask = MGF(H, emLen - hLen - 1). */\n    var dbMask = mgf.generate(h, maskLen);\n\n    /* 8. Let DB = maskedDB \\xor dbMask. */\n    var db = '';\n    for(i = 0; i < maskLen; i++) {\n      db += String.fromCharCode(maskedDB.charCodeAt(i) ^ dbMask.charCodeAt(i));\n    }\n\n    /* 9. Set the leftmost 8emLen - emBits bits of the leftmost octet\n     * in DB to zero. */\n    db = String.fromCharCode(db.charCodeAt(0) & ~mask) + db.substr(1);\n\n    /* 10. If the emLen - hLen - sLen - 2 leftmost octets of DB are not zero\n     * or if the octet at position emLen - hLen - sLen - 1 (the leftmost\n     * position is \"position 1\") does not have hexadecimal value 0x01,\n     * output \"inconsistent\" and stop. */\n    var checkLen = emLen - hLen - sLen - 2;\n    for(i = 0; i < checkLen; i++) {\n      if(db.charCodeAt(i) !== 0x00) {\n        throw new Error('Leftmost octets not zero as expected');\n      }\n    }\n\n    if(db.charCodeAt(checkLen) !== 0x01) {\n      throw new Error('Inconsistent PSS signature, 0x01 marker not found');\n    }\n\n    /* 11. Let salt be the last sLen octets of DB. */\n    var salt = db.substr(-sLen);\n\n    /* 12.  Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt */\n    var m_ = new forge.util.ByteBuffer();\n    m_.fillWithByte(0, 8);\n    m_.putBytes(mHash);\n    m_.putBytes(salt);\n\n    /* 13. Let H' = Hash(M'), an octet string of length hLen. */\n    hash.start();\n    hash.update(m_.getBytes());\n    var h_ = hash.digest().getBytes();\n\n    /* 14. If H = H', output \"consistent.\" Otherwise, output \"inconsistent.\" */\n    return h === h_;\n  };\n\n  return pssobj;\n};\n","/**\n * An API for getting cryptographically-secure random bytes. The bytes are\n * generated using the Fortuna algorithm devised by Bruce Schneier and\n * Niels Ferguson.\n *\n * Getting strong random bytes is not yet easy to do in javascript. The only\n * truish random entropy that can be collected is from the mouse, keyboard, or\n * from timing with respect to page loads, etc. This generator makes a poor\n * attempt at providing random bytes when those sources haven't yet provided\n * enough entropy to initially seed or to reseed the PRNG.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2009-2014 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./aes');\nrequire('./sha256');\nrequire('./prng');\nrequire('./util');\n\n(function() {\n\n// forge.random already defined\nif(forge.random && forge.random.getBytes) {\n  module.exports = forge.random;\n  return;\n}\n\n(function(jQuery) {\n\n// the default prng plugin, uses AES-128\nvar prng_aes = {};\nvar _prng_aes_output = new Array(4);\nvar _prng_aes_buffer = forge.util.createBuffer();\nprng_aes.formatKey = function(key) {\n  // convert the key into 32-bit integers\n  var tmp = forge.util.createBuffer(key);\n  key = new Array(4);\n  key[0] = tmp.getInt32();\n  key[1] = tmp.getInt32();\n  key[2] = tmp.getInt32();\n  key[3] = tmp.getInt32();\n\n  // return the expanded key\n  return forge.aes._expandKey(key, false);\n};\nprng_aes.formatSeed = function(seed) {\n  // convert seed into 32-bit integers\n  var tmp = forge.util.createBuffer(seed);\n  seed = new Array(4);\n  seed[0] = tmp.getInt32();\n  seed[1] = tmp.getInt32();\n  seed[2] = tmp.getInt32();\n  seed[3] = tmp.getInt32();\n  return seed;\n};\nprng_aes.cipher = function(key, seed) {\n  forge.aes._updateBlock(key, seed, _prng_aes_output, false);\n  _prng_aes_buffer.putInt32(_prng_aes_output[0]);\n  _prng_aes_buffer.putInt32(_prng_aes_output[1]);\n  _prng_aes_buffer.putInt32(_prng_aes_output[2]);\n  _prng_aes_buffer.putInt32(_prng_aes_output[3]);\n  return _prng_aes_buffer.getBytes();\n};\nprng_aes.increment = function(seed) {\n  // FIXME: do we care about carry or signed issues?\n  ++seed[3];\n  return seed;\n};\nprng_aes.md = forge.md.sha256;\n\n/**\n * Creates a new PRNG.\n */\nfunction spawnPrng() {\n  var ctx = forge.prng.create(prng_aes);\n\n  /**\n   * Gets random bytes. If a native secure crypto API is unavailable, this\n   * method tries to make the bytes more unpredictable by drawing from data that\n   * can be collected from the user of the browser, eg: mouse movement.\n   *\n   * If a callback is given, this method will be called asynchronously.\n   *\n   * @param count the number of random bytes to get.\n   * @param [callback(err, bytes)] called once the operation completes.\n   *\n   * @return the random bytes in a string.\n   */\n  ctx.getBytes = function(count, callback) {\n    return ctx.generate(count, callback);\n  };\n\n  /**\n   * Gets random bytes asynchronously. If a native secure crypto API is\n   * unavailable, this method tries to make the bytes more unpredictable by\n   * drawing from data that can be collected from the user of the browser,\n   * eg: mouse movement.\n   *\n   * @param count the number of random bytes to get.\n   *\n   * @return the random bytes in a string.\n   */\n  ctx.getBytesSync = function(count) {\n    return ctx.generate(count);\n  };\n\n  return ctx;\n}\n\n// create default prng context\nvar _ctx = spawnPrng();\n\n// add other sources of entropy only if window.crypto.getRandomValues is not\n// available -- otherwise this source will be automatically used by the prng\nvar getRandomValues = null;\nvar globalScope = forge.util.globalScope;\nvar _crypto = globalScope.crypto || globalScope.msCrypto;\nif(_crypto && _crypto.getRandomValues) {\n  getRandomValues = function(arr) {\n    return _crypto.getRandomValues(arr);\n  };\n}\n\nif(forge.options.usePureJavaScript ||\n  (!forge.util.isNodejs && !getRandomValues)) {\n  // if this is a web worker, do not use weak entropy, instead register to\n  // receive strong entropy asynchronously from the main thread\n  if(typeof window === 'undefined' || window.document === undefined) {\n    // FIXME:\n  }\n\n  // get load time entropy\n  _ctx.collectInt(+new Date(), 32);\n\n  // add some entropy from navigator object\n  if(typeof(navigator) !== 'undefined') {\n    var _navBytes = '';\n    for(var key in navigator) {\n      try {\n        if(typeof(navigator[key]) == 'string') {\n          _navBytes += navigator[key];\n        }\n      } catch(e) {\n        /* Some navigator keys might not be accessible, e.g. the geolocation\n          attribute throws an exception if touched in Mozilla chrome://\n          context.\n\n          Silently ignore this and just don't use this as a source of\n          entropy. */\n      }\n    }\n    _ctx.collect(_navBytes);\n    _navBytes = null;\n  }\n\n  // add mouse and keyboard collectors if jquery is available\n  if(jQuery) {\n    // set up mouse entropy capture\n    jQuery().mousemove(function(e) {\n      // add mouse coords\n      _ctx.collectInt(e.clientX, 16);\n      _ctx.collectInt(e.clientY, 16);\n    });\n\n    // set up keyboard entropy capture\n    jQuery().keypress(function(e) {\n      _ctx.collectInt(e.charCode, 8);\n    });\n  }\n}\n\n/* Random API */\nif(!forge.random) {\n  forge.random = _ctx;\n} else {\n  // extend forge.random with _ctx\n  for(var key in _ctx) {\n    forge.random[key] = _ctx[key];\n  }\n}\n\n// expose spawn PRNG\nforge.random.createInstance = spawnPrng;\n\nmodule.exports = forge.random;\n\n})(typeof(jQuery) !== 'undefined' ? jQuery : null);\n\n})();\n","/**\n * RC2 implementation.\n *\n * @author Stefan Siegl\n *\n * Copyright (c) 2012 Stefan Siegl <stesie@brokenpipe.de>\n *\n * Information on the RC2 cipher is available from RFC #2268,\n * http://www.ietf.org/rfc/rfc2268.txt\n */\nvar forge = require('./forge');\nrequire('./util');\n\nvar piTable = [\n  0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d,\n  0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2,\n  0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,\n  0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82,\n  0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc,\n  0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,\n  0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03,\n  0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7,\n  0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,\n  0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec,\n  0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39,\n  0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,\n  0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9,\n  0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9,\n  0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,\n  0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad\n];\n\nvar s = [1, 2, 3, 5];\n\n/**\n * Rotate a word left by given number of bits.\n *\n * Bits that are shifted out on the left are put back in on the right\n * hand side.\n *\n * @param word The word to shift left.\n * @param bits The number of bits to shift by.\n * @return The rotated word.\n */\nvar rol = function(word, bits) {\n  return ((word << bits) & 0xffff) | ((word & 0xffff) >> (16 - bits));\n};\n\n/**\n * Rotate a word right by given number of bits.\n *\n * Bits that are shifted out on the right are put back in on the left\n * hand side.\n *\n * @param word The word to shift right.\n * @param bits The number of bits to shift by.\n * @return The rotated word.\n */\nvar ror = function(word, bits) {\n  return ((word & 0xffff) >> bits) | ((word << (16 - bits)) & 0xffff);\n};\n\n/* RC2 API */\nmodule.exports = forge.rc2 = forge.rc2 || {};\n\n/**\n * Perform RC2 key expansion as per RFC #2268, section 2.\n *\n * @param key variable-length user key (between 1 and 128 bytes)\n * @param effKeyBits number of effective key bits (default: 128)\n * @return the expanded RC2 key (ByteBuffer of 128 bytes)\n */\nforge.rc2.expandKey = function(key, effKeyBits) {\n  if(typeof key === 'string') {\n    key = forge.util.createBuffer(key);\n  }\n  effKeyBits = effKeyBits || 128;\n\n  /* introduce variables that match the names used in RFC #2268 */\n  var L = key;\n  var T = key.length();\n  var T1 = effKeyBits;\n  var T8 = Math.ceil(T1 / 8);\n  var TM = 0xff >> (T1 & 0x07);\n  var i;\n\n  for(i = T; i < 128; i++) {\n    L.putByte(piTable[(L.at(i - 1) + L.at(i - T)) & 0xff]);\n  }\n\n  L.setAt(128 - T8, piTable[L.at(128 - T8) & TM]);\n\n  for(i = 127 - T8; i >= 0; i--) {\n    L.setAt(i, piTable[L.at(i + 1) ^ L.at(i + T8)]);\n  }\n\n  return L;\n};\n\n/**\n * Creates a RC2 cipher object.\n *\n * @param key the symmetric key to use (as base for key generation).\n * @param bits the number of effective key bits.\n * @param encrypt false for decryption, true for encryption.\n *\n * @return the cipher.\n */\nvar createCipher = function(key, bits, encrypt) {\n  var _finish = false, _input = null, _output = null, _iv = null;\n  var mixRound, mashRound;\n  var i, j, K = [];\n\n  /* Expand key and fill into K[] Array */\n  key = forge.rc2.expandKey(key, bits);\n  for(i = 0; i < 64; i++) {\n    K.push(key.getInt16Le());\n  }\n\n  if(encrypt) {\n    /**\n     * Perform one mixing round \"in place\".\n     *\n     * @param R Array of four words to perform mixing on.\n     */\n    mixRound = function(R) {\n      for(i = 0; i < 4; i++) {\n        R[i] += K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) +\n          ((~R[(i + 3) % 4]) & R[(i + 1) % 4]);\n        R[i] = rol(R[i], s[i]);\n        j++;\n      }\n    };\n\n    /**\n     * Perform one mashing round \"in place\".\n     *\n     * @param R Array of four words to perform mashing on.\n     */\n    mashRound = function(R) {\n      for(i = 0; i < 4; i++) {\n        R[i] += K[R[(i + 3) % 4] & 63];\n      }\n    };\n  } else {\n    /**\n     * Perform one r-mixing round \"in place\".\n     *\n     * @param R Array of four words to perform mixing on.\n     */\n    mixRound = function(R) {\n      for(i = 3; i >= 0; i--) {\n        R[i] = ror(R[i], s[i]);\n        R[i] -= K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) +\n          ((~R[(i + 3) % 4]) & R[(i + 1) % 4]);\n        j--;\n      }\n    };\n\n    /**\n     * Perform one r-mashing round \"in place\".\n     *\n     * @param R Array of four words to perform mashing on.\n     */\n    mashRound = function(R) {\n      for(i = 3; i >= 0; i--) {\n        R[i] -= K[R[(i + 3) % 4] & 63];\n      }\n    };\n  }\n\n  /**\n   * Run the specified cipher execution plan.\n   *\n   * This function takes four words from the input buffer, applies the IV on\n   * it (if requested) and runs the provided execution plan.\n   *\n   * The plan must be put together in form of a array of arrays.  Where the\n   * outer one is simply a list of steps to perform and the inner one needs\n   * to have two elements: the first one telling how many rounds to perform,\n   * the second one telling what to do (i.e. the function to call).\n   *\n   * @param {Array} plan The plan to execute.\n   */\n  var runPlan = function(plan) {\n    var R = [];\n\n    /* Get data from input buffer and fill the four words into R */\n    for(i = 0; i < 4; i++) {\n      var val = _input.getInt16Le();\n\n      if(_iv !== null) {\n        if(encrypt) {\n          /* We're encrypting, apply the IV first. */\n          val ^= _iv.getInt16Le();\n        } else {\n          /* We're decryption, keep cipher text for next block. */\n          _iv.putInt16Le(val);\n        }\n      }\n\n      R.push(val & 0xffff);\n    }\n\n    /* Reset global \"j\" variable as per spec. */\n    j = encrypt ? 0 : 63;\n\n    /* Run execution plan. */\n    for(var ptr = 0; ptr < plan.length; ptr++) {\n      for(var ctr = 0; ctr < plan[ptr][0]; ctr++) {\n        plan[ptr][1](R);\n      }\n    }\n\n    /* Write back result to output buffer. */\n    for(i = 0; i < 4; i++) {\n      if(_iv !== null) {\n        if(encrypt) {\n          /* We're encrypting in CBC-mode, feed back encrypted bytes into\n             IV buffer to carry it forward to next block. */\n          _iv.putInt16Le(R[i]);\n        } else {\n          R[i] ^= _iv.getInt16Le();\n        }\n      }\n\n      _output.putInt16Le(R[i]);\n    }\n  };\n\n  /* Create cipher object */\n  var cipher = null;\n  cipher = {\n    /**\n     * Starts or restarts the encryption or decryption process, whichever\n     * was previously configured.\n     *\n     * To use the cipher in CBC mode, iv may be given either as a string\n     * of bytes, or as a byte buffer.  For ECB mode, give null as iv.\n     *\n     * @param iv the initialization vector to use, null for ECB mode.\n     * @param output the output the buffer to write to, null to create one.\n     */\n    start: function(iv, output) {\n      if(iv) {\n        /* CBC mode */\n        if(typeof iv === 'string') {\n          iv = forge.util.createBuffer(iv);\n        }\n      }\n\n      _finish = false;\n      _input = forge.util.createBuffer();\n      _output = output || new forge.util.createBuffer();\n      _iv = iv;\n\n      cipher.output = _output;\n    },\n\n    /**\n     * Updates the next block.\n     *\n     * @param input the buffer to read from.\n     */\n    update: function(input) {\n      if(!_finish) {\n        // not finishing, so fill the input buffer with more input\n        _input.putBuffer(input);\n      }\n\n      while(_input.length() >= 8) {\n        runPlan([\n            [ 5, mixRound ],\n            [ 1, mashRound ],\n            [ 6, mixRound ],\n            [ 1, mashRound ],\n            [ 5, mixRound ]\n          ]);\n      }\n    },\n\n    /**\n     * Finishes encrypting or decrypting.\n     *\n     * @param pad a padding function to use, null for PKCS#7 padding,\n     *           signature(blockSize, buffer, decrypt).\n     *\n     * @return true if successful, false on error.\n     */\n    finish: function(pad) {\n      var rval = true;\n\n      if(encrypt) {\n        if(pad) {\n          rval = pad(8, _input, !encrypt);\n        } else {\n          // add PKCS#7 padding to block (each pad byte is the\n          // value of the number of pad bytes)\n          var padding = (_input.length() === 8) ? 8 : (8 - _input.length());\n          _input.fillWithByte(padding, padding);\n        }\n      }\n\n      if(rval) {\n        // do final update\n        _finish = true;\n        cipher.update();\n      }\n\n      if(!encrypt) {\n        // check for error: input data not a multiple of block size\n        rval = (_input.length() === 0);\n        if(rval) {\n          if(pad) {\n            rval = pad(8, _output, !encrypt);\n          } else {\n            // ensure padding byte count is valid\n            var len = _output.length();\n            var count = _output.at(len - 1);\n\n            if(count > len) {\n              rval = false;\n            } else {\n              // trim off padding bytes\n              _output.truncate(count);\n            }\n          }\n        }\n      }\n\n      return rval;\n    }\n  };\n\n  return cipher;\n};\n\n/**\n * Creates an RC2 cipher object to encrypt data in ECB or CBC mode using the\n * given symmetric key. The output will be stored in the 'output' member\n * of the returned cipher.\n *\n * The key and iv may be given as a string of bytes or a byte buffer.\n * The cipher is initialized to use 128 effective key bits.\n *\n * @param key the symmetric key to use.\n * @param iv the initialization vector to use.\n * @param output the buffer to write to, null to create one.\n *\n * @return the cipher.\n */\nforge.rc2.startEncrypting = function(key, iv, output) {\n  var cipher = forge.rc2.createEncryptionCipher(key, 128);\n  cipher.start(iv, output);\n  return cipher;\n};\n\n/**\n * Creates an RC2 cipher object to encrypt data in ECB or CBC mode using the\n * given symmetric key.\n *\n * The key may be given as a string of bytes or a byte buffer.\n *\n * To start encrypting call start() on the cipher with an iv and optional\n * output buffer.\n *\n * @param key the symmetric key to use.\n *\n * @return the cipher.\n */\nforge.rc2.createEncryptionCipher = function(key, bits) {\n  return createCipher(key, bits, true);\n};\n\n/**\n * Creates an RC2 cipher object to decrypt data in ECB or CBC mode using the\n * given symmetric key. The output will be stored in the 'output' member\n * of the returned cipher.\n *\n * The key and iv may be given as a string of bytes or a byte buffer.\n * The cipher is initialized to use 128 effective key bits.\n *\n * @param key the symmetric key to use.\n * @param iv the initialization vector to use.\n * @param output the buffer to write to, null to create one.\n *\n * @return the cipher.\n */\nforge.rc2.startDecrypting = function(key, iv, output) {\n  var cipher = forge.rc2.createDecryptionCipher(key, 128);\n  cipher.start(iv, output);\n  return cipher;\n};\n\n/**\n * Creates an RC2 cipher object to decrypt data in ECB or CBC mode using the\n * given symmetric key.\n *\n * The key may be given as a string of bytes or a byte buffer.\n *\n * To start decrypting call start() on the cipher with an iv and optional\n * output buffer.\n *\n * @param key the symmetric key to use.\n *\n * @return the cipher.\n */\nforge.rc2.createDecryptionCipher = function(key, bits) {\n  return createCipher(key, bits, false);\n};\n","/**\n * Javascript implementation of basic RSA algorithms.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n *\n * The only algorithm currently supported for PKI is RSA.\n *\n * An RSA key is often stored in ASN.1 DER format. The SubjectPublicKeyInfo\n * ASN.1 structure is composed of an algorithm of type AlgorithmIdentifier\n * and a subjectPublicKey of type bit string.\n *\n * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters\n * for the algorithm, if any. In the case of RSA, there aren't any.\n *\n * SubjectPublicKeyInfo ::= SEQUENCE {\n *   algorithm AlgorithmIdentifier,\n *   subjectPublicKey BIT STRING\n * }\n *\n * AlgorithmIdentifer ::= SEQUENCE {\n *   algorithm OBJECT IDENTIFIER,\n *   parameters ANY DEFINED BY algorithm OPTIONAL\n * }\n *\n * For an RSA public key, the subjectPublicKey is:\n *\n * RSAPublicKey ::= SEQUENCE {\n *   modulus            INTEGER,    -- n\n *   publicExponent     INTEGER     -- e\n * }\n *\n * PrivateKeyInfo ::= SEQUENCE {\n *   version                   Version,\n *   privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,\n *   privateKey                PrivateKey,\n *   attributes           [0]  IMPLICIT Attributes OPTIONAL\n * }\n *\n * Version ::= INTEGER\n * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier\n * PrivateKey ::= OCTET STRING\n * Attributes ::= SET OF Attribute\n *\n * An RSA private key as the following structure:\n *\n * RSAPrivateKey ::= SEQUENCE {\n *   version Version,\n *   modulus INTEGER, -- n\n *   publicExponent INTEGER, -- e\n *   privateExponent INTEGER, -- d\n *   prime1 INTEGER, -- p\n *   prime2 INTEGER, -- q\n *   exponent1 INTEGER, -- d mod (p-1)\n *   exponent2 INTEGER, -- d mod (q-1)\n *   coefficient INTEGER -- (inverse of q) mod p\n * }\n *\n * Version ::= INTEGER\n *\n * The OID for the RSA key algorithm is: 1.2.840.113549.1.1.1\n */\nvar forge = require('./forge');\nrequire('./asn1');\nrequire('./jsbn');\nrequire('./oids');\nrequire('./pkcs1');\nrequire('./prime');\nrequire('./random');\nrequire('./util');\n\nif(typeof BigInteger === 'undefined') {\n  var BigInteger = forge.jsbn.BigInteger;\n}\n\nvar _crypto = forge.util.isNodejs ? require('crypto') : null;\n\n// shortcut for asn.1 API\nvar asn1 = forge.asn1;\n\n// shortcut for util API\nvar util = forge.util;\n\n/*\n * RSA encryption and decryption, see RFC 2313.\n */\nforge.pki = forge.pki || {};\nmodule.exports = forge.pki.rsa = forge.rsa = forge.rsa || {};\nvar pki = forge.pki;\n\n// for finding primes, which are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29\nvar GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2];\n\n// validator for a PrivateKeyInfo structure\nvar privateKeyValidator = {\n  // PrivateKeyInfo\n  name: 'PrivateKeyInfo',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    // Version (INTEGER)\n    name: 'PrivateKeyInfo.version',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'privateKeyVersion'\n  }, {\n    // privateKeyAlgorithm\n    name: 'PrivateKeyInfo.privateKeyAlgorithm',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      name: 'AlgorithmIdentifier.algorithm',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OID,\n      constructed: false,\n      capture: 'privateKeyOid'\n    }]\n  }, {\n    // PrivateKey\n    name: 'PrivateKeyInfo',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OCTETSTRING,\n    constructed: false,\n    capture: 'privateKey'\n  }]\n};\n\n// validator for an RSA private key\nvar rsaPrivateKeyValidator = {\n  // RSAPrivateKey\n  name: 'RSAPrivateKey',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    // Version (INTEGER)\n    name: 'RSAPrivateKey.version',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'privateKeyVersion'\n  }, {\n    // modulus (n)\n    name: 'RSAPrivateKey.modulus',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'privateKeyModulus'\n  }, {\n    // publicExponent (e)\n    name: 'RSAPrivateKey.publicExponent',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'privateKeyPublicExponent'\n  }, {\n    // privateExponent (d)\n    name: 'RSAPrivateKey.privateExponent',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'privateKeyPrivateExponent'\n  }, {\n    // prime1 (p)\n    name: 'RSAPrivateKey.prime1',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'privateKeyPrime1'\n  }, {\n    // prime2 (q)\n    name: 'RSAPrivateKey.prime2',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'privateKeyPrime2'\n  }, {\n    // exponent1 (d mod (p-1))\n    name: 'RSAPrivateKey.exponent1',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'privateKeyExponent1'\n  }, {\n    // exponent2 (d mod (q-1))\n    name: 'RSAPrivateKey.exponent2',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'privateKeyExponent2'\n  }, {\n    // coefficient ((inverse of q) mod p)\n    name: 'RSAPrivateKey.coefficient',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'privateKeyCoefficient'\n  }]\n};\n\n// validator for an RSA public key\nvar rsaPublicKeyValidator = {\n  // RSAPublicKey\n  name: 'RSAPublicKey',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    // modulus (n)\n    name: 'RSAPublicKey.modulus',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'publicKeyModulus'\n  }, {\n    // publicExponent (e)\n    name: 'RSAPublicKey.exponent',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'publicKeyExponent'\n  }]\n};\n\n// validator for an SubjectPublicKeyInfo structure\n// Note: Currently only works with an RSA public key\nvar publicKeyValidator = forge.pki.rsa.publicKeyValidator = {\n  name: 'SubjectPublicKeyInfo',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  captureAsn1: 'subjectPublicKeyInfo',\n  value: [{\n    name: 'SubjectPublicKeyInfo.AlgorithmIdentifier',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      name: 'AlgorithmIdentifier.algorithm',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OID,\n      constructed: false,\n      capture: 'publicKeyOid'\n    }]\n  }, {\n    // subjectPublicKey\n    name: 'SubjectPublicKeyInfo.subjectPublicKey',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.BITSTRING,\n    constructed: false,\n    value: [{\n      // RSAPublicKey\n      name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,\n      constructed: true,\n      optional: true,\n      captureAsn1: 'rsaPublicKey'\n    }]\n  }]\n};\n\n// validator for a DigestInfo structure\nvar digestInfoValidator = {\n  name: 'DigestInfo',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'DigestInfo.DigestAlgorithm',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      name: 'DigestInfo.DigestAlgorithm.algorithmIdentifier',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OID,\n      constructed: false,\n      capture: 'algorithmIdentifier'\n    }, {\n      // NULL paramters\n      name: 'DigestInfo.DigestAlgorithm.parameters',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.NULL,\n      // captured only to check existence for md2 and md5\n      capture: 'parameters',\n      optional: true,\n      constructed: false\n    }]\n  }, {\n    // digest\n    name: 'DigestInfo.digest',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.OCTETSTRING,\n    constructed: false,\n    capture: 'digest'\n  }]\n};\n\n/**\n * Wrap digest in DigestInfo object.\n *\n * This function implements EMSA-PKCS1-v1_5-ENCODE as per RFC 3447.\n *\n * DigestInfo ::= SEQUENCE {\n *   digestAlgorithm DigestAlgorithmIdentifier,\n *   digest Digest\n * }\n *\n * DigestAlgorithmIdentifier ::= AlgorithmIdentifier\n * Digest ::= OCTET STRING\n *\n * @param md the message digest object with the hash to sign.\n *\n * @return the encoded message (ready for RSA encrytion)\n */\nvar emsaPkcs1v15encode = function(md) {\n  // get the oid for the algorithm\n  var oid;\n  if(md.algorithm in pki.oids) {\n    oid = pki.oids[md.algorithm];\n  } else {\n    var error = new Error('Unknown message digest algorithm.');\n    error.algorithm = md.algorithm;\n    throw error;\n  }\n  var oidBytes = asn1.oidToDer(oid).getBytes();\n\n  // create the digest info\n  var digestInfo = asn1.create(\n    asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n  var digestAlgorithm = asn1.create(\n    asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n  digestAlgorithm.value.push(asn1.create(\n    asn1.Class.UNIVERSAL, asn1.Type.OID, false, oidBytes));\n  digestAlgorithm.value.push(asn1.create(\n    asn1.Class.UNIVERSAL, asn1.Type.NULL, false, ''));\n  var digest = asn1.create(\n    asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING,\n    false, md.digest().getBytes());\n  digestInfo.value.push(digestAlgorithm);\n  digestInfo.value.push(digest);\n\n  // encode digest info\n  return asn1.toDer(digestInfo).getBytes();\n};\n\n/**\n * Performs x^c mod n (RSA encryption or decryption operation).\n *\n * @param x the number to raise and mod.\n * @param key the key to use.\n * @param pub true if the key is public, false if private.\n *\n * @return the result of x^c mod n.\n */\nvar _modPow = function(x, key, pub) {\n  if(pub) {\n    return x.modPow(key.e, key.n);\n  }\n\n  if(!key.p || !key.q) {\n    // allow calculation without CRT params (slow)\n    return x.modPow(key.d, key.n);\n  }\n\n  // pre-compute dP, dQ, and qInv if necessary\n  if(!key.dP) {\n    key.dP = key.d.mod(key.p.subtract(BigInteger.ONE));\n  }\n  if(!key.dQ) {\n    key.dQ = key.d.mod(key.q.subtract(BigInteger.ONE));\n  }\n  if(!key.qInv) {\n    key.qInv = key.q.modInverse(key.p);\n  }\n\n  /* Chinese remainder theorem (CRT) states:\n\n    Suppose n1, n2, ..., nk are positive integers which are pairwise\n    coprime (n1 and n2 have no common factors other than 1). For any\n    integers x1, x2, ..., xk there exists an integer x solving the\n    system of simultaneous congruences (where ~= means modularly\n    congruent so a ~= b mod n means a mod n = b mod n):\n\n    x ~= x1 mod n1\n    x ~= x2 mod n2\n    ...\n    x ~= xk mod nk\n\n    This system of congruences has a single simultaneous solution x\n    between 0 and n - 1. Furthermore, each xk solution and x itself\n    is congruent modulo the product n = n1*n2*...*nk.\n    So x1 mod n = x2 mod n = xk mod n = x mod n.\n\n    The single simultaneous solution x can be solved with the following\n    equation:\n\n    x = sum(xi*ri*si) mod n where ri = n/ni and si = ri^-1 mod ni.\n\n    Where x is less than n, xi = x mod ni.\n\n    For RSA we are only concerned with k = 2. The modulus n = pq, where\n    p and q are coprime. The RSA decryption algorithm is:\n\n    y = x^d mod n\n\n    Given the above:\n\n    x1 = x^d mod p\n    r1 = n/p = q\n    s1 = q^-1 mod p\n    x2 = x^d mod q\n    r2 = n/q = p\n    s2 = p^-1 mod q\n\n    So y = (x1r1s1 + x2r2s2) mod n\n         = ((x^d mod p)q(q^-1 mod p) + (x^d mod q)p(p^-1 mod q)) mod n\n\n    According to Fermat's Little Theorem, if the modulus P is prime,\n    for any integer A not evenly divisible by P, A^(P-1) ~= 1 mod P.\n    Since A is not divisible by P it follows that if:\n    N ~= M mod (P - 1), then A^N mod P = A^M mod P. Therefore:\n\n    A^N mod P = A^(M mod (P - 1)) mod P. (The latter takes less effort\n    to calculate). In order to calculate x^d mod p more quickly the\n    exponent d mod (p - 1) is stored in the RSA private key (the same\n    is done for x^d mod q). These values are referred to as dP and dQ\n    respectively. Therefore we now have:\n\n    y = ((x^dP mod p)q(q^-1 mod p) + (x^dQ mod q)p(p^-1 mod q)) mod n\n\n    Since we'll be reducing x^dP by modulo p (same for q) we can also\n    reduce x by p (and q respectively) before hand. Therefore, let\n\n    xp = ((x mod p)^dP mod p), and\n    xq = ((x mod q)^dQ mod q), yielding:\n\n    y = (xp*q*(q^-1 mod p) + xq*p*(p^-1 mod q)) mod n\n\n    This can be further reduced to a simple algorithm that only\n    requires 1 inverse (the q inverse is used) to be used and stored.\n    The algorithm is called Garner's algorithm. If qInv is the\n    inverse of q, we simply calculate:\n\n    y = (qInv*(xp - xq) mod p) * q + xq\n\n    However, there are two further complications. First, we need to\n    ensure that xp > xq to prevent signed BigIntegers from being used\n    so we add p until this is true (since we will be mod'ing with\n    p anyway). Then, there is a known timing attack on algorithms\n    using the CRT. To mitigate this risk, \"cryptographic blinding\"\n    should be used. This requires simply generating a random number r\n    between 0 and n-1 and its inverse and multiplying x by r^e before\n    calculating y and then multiplying y by r^-1 afterwards. Note that\n    r must be coprime with n (gcd(r, n) === 1) in order to have an\n    inverse.\n  */\n\n  // cryptographic blinding\n  var r;\n  do {\n    r = new BigInteger(\n      forge.util.bytesToHex(forge.random.getBytes(key.n.bitLength() / 8)),\n      16);\n  } while(r.compareTo(key.n) >= 0 || !r.gcd(key.n).equals(BigInteger.ONE));\n  x = x.multiply(r.modPow(key.e, key.n)).mod(key.n);\n\n  // calculate xp and xq\n  var xp = x.mod(key.p).modPow(key.dP, key.p);\n  var xq = x.mod(key.q).modPow(key.dQ, key.q);\n\n  // xp must be larger than xq to avoid signed bit usage\n  while(xp.compareTo(xq) < 0) {\n    xp = xp.add(key.p);\n  }\n\n  // do last step\n  var y = xp.subtract(xq)\n    .multiply(key.qInv).mod(key.p)\n    .multiply(key.q).add(xq);\n\n  // remove effect of random for cryptographic blinding\n  y = y.multiply(r.modInverse(key.n)).mod(key.n);\n\n  return y;\n};\n\n/**\n * NOTE: THIS METHOD IS DEPRECATED, use 'sign' on a private key object or\n * 'encrypt' on a public key object instead.\n *\n * Performs RSA encryption.\n *\n * The parameter bt controls whether to put padding bytes before the\n * message passed in. Set bt to either true or false to disable padding\n * completely (in order to handle e.g. EMSA-PSS encoding seperately before),\n * signaling whether the encryption operation is a public key operation\n * (i.e. encrypting data) or not, i.e. private key operation (data signing).\n *\n * For PKCS#1 v1.5 padding pass in the block type to use, i.e. either 0x01\n * (for signing) or 0x02 (for encryption). The key operation mode (private\n * or public) is derived from this flag in that case).\n *\n * @param m the message to encrypt as a byte string.\n * @param key the RSA key to use.\n * @param bt for PKCS#1 v1.5 padding, the block type to use\n *   (0x01 for private key, 0x02 for public),\n *   to disable padding: true = public key, false = private key.\n *\n * @return the encrypted bytes as a string.\n */\npki.rsa.encrypt = function(m, key, bt) {\n  var pub = bt;\n  var eb;\n\n  // get the length of the modulus in bytes\n  var k = Math.ceil(key.n.bitLength() / 8);\n\n  if(bt !== false && bt !== true) {\n    // legacy, default to PKCS#1 v1.5 padding\n    pub = (bt === 0x02);\n    eb = _encodePkcs1_v1_5(m, key, bt);\n  } else {\n    eb = forge.util.createBuffer();\n    eb.putBytes(m);\n  }\n\n  // load encryption block as big integer 'x'\n  // FIXME: hex conversion inefficient, get BigInteger w/byte strings\n  var x = new BigInteger(eb.toHex(), 16);\n\n  // do RSA encryption\n  var y = _modPow(x, key, pub);\n\n  // convert y into the encrypted data byte string, if y is shorter in\n  // bytes than k, then prepend zero bytes to fill up ed\n  // FIXME: hex conversion inefficient, get BigInteger w/byte strings\n  var yhex = y.toString(16);\n  var ed = forge.util.createBuffer();\n  var zeros = k - Math.ceil(yhex.length / 2);\n  while(zeros > 0) {\n    ed.putByte(0x00);\n    --zeros;\n  }\n  ed.putBytes(forge.util.hexToBytes(yhex));\n  return ed.getBytes();\n};\n\n/**\n * NOTE: THIS METHOD IS DEPRECATED, use 'decrypt' on a private key object or\n * 'verify' on a public key object instead.\n *\n * Performs RSA decryption.\n *\n * The parameter ml controls whether to apply PKCS#1 v1.5 padding\n * or not.  Set ml = false to disable padding removal completely\n * (in order to handle e.g. EMSA-PSS later on) and simply pass back\n * the RSA encryption block.\n *\n * @param ed the encrypted data to decrypt in as a byte string.\n * @param key the RSA key to use.\n * @param pub true for a public key operation, false for private.\n * @param ml the message length, if known, false to disable padding.\n *\n * @return the decrypted message as a byte string.\n */\npki.rsa.decrypt = function(ed, key, pub, ml) {\n  // get the length of the modulus in bytes\n  var k = Math.ceil(key.n.bitLength() / 8);\n\n  // error if the length of the encrypted data ED is not k\n  if(ed.length !== k) {\n    var error = new Error('Encrypted message length is invalid.');\n    error.length = ed.length;\n    error.expected = k;\n    throw error;\n  }\n\n  // convert encrypted data into a big integer\n  // FIXME: hex conversion inefficient, get BigInteger w/byte strings\n  var y = new BigInteger(forge.util.createBuffer(ed).toHex(), 16);\n\n  // y must be less than the modulus or it wasn't the result of\n  // a previous mod operation (encryption) using that modulus\n  if(y.compareTo(key.n) >= 0) {\n    throw new Error('Encrypted message is invalid.');\n  }\n\n  // do RSA decryption\n  var x = _modPow(y, key, pub);\n\n  // create the encryption block, if x is shorter in bytes than k, then\n  // prepend zero bytes to fill up eb\n  // FIXME: hex conversion inefficient, get BigInteger w/byte strings\n  var xhex = x.toString(16);\n  var eb = forge.util.createBuffer();\n  var zeros = k - Math.ceil(xhex.length / 2);\n  while(zeros > 0) {\n    eb.putByte(0x00);\n    --zeros;\n  }\n  eb.putBytes(forge.util.hexToBytes(xhex));\n\n  if(ml !== false) {\n    // legacy, default to PKCS#1 v1.5 padding\n    return _decodePkcs1_v1_5(eb.getBytes(), key, pub);\n  }\n\n  // return message\n  return eb.getBytes();\n};\n\n/**\n * Creates an RSA key-pair generation state object. It is used to allow\n * key-generation to be performed in steps. It also allows for a UI to\n * display progress updates.\n *\n * @param bits the size for the private key in bits, defaults to 2048.\n * @param e the public exponent to use, defaults to 65537 (0x10001).\n * @param [options] the options to use.\n *          prng a custom crypto-secure pseudo-random number generator to use,\n *            that must define \"getBytesSync\".\n *          algorithm the algorithm to use (default: 'PRIMEINC').\n *\n * @return the state object to use to generate the key-pair.\n */\npki.rsa.createKeyPairGenerationState = function(bits, e, options) {\n  // TODO: migrate step-based prime generation code to forge.prime\n\n  // set default bits\n  if(typeof(bits) === 'string') {\n    bits = parseInt(bits, 10);\n  }\n  bits = bits || 2048;\n\n  // create prng with api that matches BigInteger secure random\n  options = options || {};\n  var prng = options.prng || forge.random;\n  var rng = {\n    // x is an array to fill with bytes\n    nextBytes: function(x) {\n      var b = prng.getBytesSync(x.length);\n      for(var i = 0; i < x.length; ++i) {\n        x[i] = b.charCodeAt(i);\n      }\n    }\n  };\n\n  var algorithm = options.algorithm || 'PRIMEINC';\n\n  // create PRIMEINC algorithm state\n  var rval;\n  if(algorithm === 'PRIMEINC') {\n    rval = {\n      algorithm: algorithm,\n      state: 0,\n      bits: bits,\n      rng: rng,\n      eInt: e || 65537,\n      e: new BigInteger(null),\n      p: null,\n      q: null,\n      qBits: bits >> 1,\n      pBits: bits - (bits >> 1),\n      pqState: 0,\n      num: null,\n      keys: null\n    };\n    rval.e.fromInt(rval.eInt);\n  } else {\n    throw new Error('Invalid key generation algorithm: ' + algorithm);\n  }\n\n  return rval;\n};\n\n/**\n * Attempts to runs the key-generation algorithm for at most n seconds\n * (approximately) using the given state. When key-generation has completed,\n * the keys will be stored in state.keys.\n *\n * To use this function to update a UI while generating a key or to prevent\n * causing browser lockups/warnings, set \"n\" to a value other than 0. A\n * simple pattern for generating a key and showing a progress indicator is:\n *\n * var state = pki.rsa.createKeyPairGenerationState(2048);\n * var step = function() {\n *   // step key-generation, run algorithm for 100 ms, repeat\n *   if(!forge.pki.rsa.stepKeyPairGenerationState(state, 100)) {\n *     setTimeout(step, 1);\n *   } else {\n *     // key-generation complete\n *     // TODO: turn off progress indicator here\n *     // TODO: use the generated key-pair in \"state.keys\"\n *   }\n * };\n * // TODO: turn on progress indicator here\n * setTimeout(step, 0);\n *\n * @param state the state to use.\n * @param n the maximum number of milliseconds to run the algorithm for, 0\n *          to run the algorithm to completion.\n *\n * @return true if the key-generation completed, false if not.\n */\npki.rsa.stepKeyPairGenerationState = function(state, n) {\n  // set default algorithm if not set\n  if(!('algorithm' in state)) {\n    state.algorithm = 'PRIMEINC';\n  }\n\n  // TODO: migrate step-based prime generation code to forge.prime\n  // TODO: abstract as PRIMEINC algorithm\n\n  // do key generation (based on Tom Wu's rsa.js, see jsbn.js license)\n  // with some minor optimizations and designed to run in steps\n\n  // local state vars\n  var THIRTY = new BigInteger(null);\n  THIRTY.fromInt(30);\n  var deltaIdx = 0;\n  var op_or = function(x, y) {return x | y;};\n\n  // keep stepping until time limit is reached or done\n  var t1 = +new Date();\n  var t2;\n  var total = 0;\n  while(state.keys === null && (n <= 0 || total < n)) {\n    // generate p or q\n    if(state.state === 0) {\n      /* Note: All primes are of the form:\n\n        30k+i, for i < 30 and gcd(30, i)=1, where there are 8 values for i\n\n        When we generate a random number, we always align it at 30k + 1. Each\n        time the number is determined not to be prime we add to get to the\n        next 'i', eg: if the number was at 30k + 1 we add 6. */\n      var bits = (state.p === null) ? state.pBits : state.qBits;\n      var bits1 = bits - 1;\n\n      // get a random number\n      if(state.pqState === 0) {\n        state.num = new BigInteger(bits, state.rng);\n        // force MSB set\n        if(!state.num.testBit(bits1)) {\n          state.num.bitwiseTo(\n            BigInteger.ONE.shiftLeft(bits1), op_or, state.num);\n        }\n        // align number on 30k+1 boundary\n        state.num.dAddOffset(31 - state.num.mod(THIRTY).byteValue(), 0);\n        deltaIdx = 0;\n\n        ++state.pqState;\n      } else if(state.pqState === 1) {\n        // try to make the number a prime\n        if(state.num.bitLength() > bits) {\n          // overflow, try again\n          state.pqState = 0;\n          // do primality test\n        } else if(state.num.isProbablePrime(\n          _getMillerRabinTests(state.num.bitLength()))) {\n          ++state.pqState;\n        } else {\n          // get next potential prime\n          state.num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0);\n        }\n      } else if(state.pqState === 2) {\n        // ensure number is coprime with e\n        state.pqState =\n          (state.num.subtract(BigInteger.ONE).gcd(state.e)\n            .compareTo(BigInteger.ONE) === 0) ? 3 : 0;\n      } else if(state.pqState === 3) {\n        // store p or q\n        state.pqState = 0;\n        if(state.p === null) {\n          state.p = state.num;\n        } else {\n          state.q = state.num;\n        }\n\n        // advance state if both p and q are ready\n        if(state.p !== null && state.q !== null) {\n          ++state.state;\n        }\n        state.num = null;\n      }\n    } else if(state.state === 1) {\n      // ensure p is larger than q (swap them if not)\n      if(state.p.compareTo(state.q) < 0) {\n        state.num = state.p;\n        state.p = state.q;\n        state.q = state.num;\n      }\n      ++state.state;\n    } else if(state.state === 2) {\n      // compute phi: (p - 1)(q - 1) (Euler's totient function)\n      state.p1 = state.p.subtract(BigInteger.ONE);\n      state.q1 = state.q.subtract(BigInteger.ONE);\n      state.phi = state.p1.multiply(state.q1);\n      ++state.state;\n    } else if(state.state === 3) {\n      // ensure e and phi are coprime\n      if(state.phi.gcd(state.e).compareTo(BigInteger.ONE) === 0) {\n        // phi and e are coprime, advance\n        ++state.state;\n      } else {\n        // phi and e aren't coprime, so generate a new p and q\n        state.p = null;\n        state.q = null;\n        state.state = 0;\n      }\n    } else if(state.state === 4) {\n      // create n, ensure n is has the right number of bits\n      state.n = state.p.multiply(state.q);\n\n      // ensure n is right number of bits\n      if(state.n.bitLength() === state.bits) {\n        // success, advance\n        ++state.state;\n      } else {\n        // failed, get new q\n        state.q = null;\n        state.state = 0;\n      }\n    } else if(state.state === 5) {\n      // set keys\n      var d = state.e.modInverse(state.phi);\n      state.keys = {\n        privateKey: pki.rsa.setPrivateKey(\n          state.n, state.e, d, state.p, state.q,\n          d.mod(state.p1), d.mod(state.q1),\n          state.q.modInverse(state.p)),\n        publicKey: pki.rsa.setPublicKey(state.n, state.e)\n      };\n    }\n\n    // update timing\n    t2 = +new Date();\n    total += t2 - t1;\n    t1 = t2;\n  }\n\n  return state.keys !== null;\n};\n\n/**\n * Generates an RSA public-private key pair in a single call.\n *\n * To generate a key-pair in steps (to allow for progress updates and to\n * prevent blocking or warnings in slow browsers) then use the key-pair\n * generation state functions.\n *\n * To generate a key-pair asynchronously (either through web-workers, if\n * available, or by breaking up the work on the main thread), pass a\n * callback function.\n *\n * @param [bits] the size for the private key in bits, defaults to 2048.\n * @param [e] the public exponent to use, defaults to 65537.\n * @param [options] options for key-pair generation, if given then 'bits'\n *            and 'e' must *not* be given:\n *          bits the size for the private key in bits, (default: 2048).\n *          e the public exponent to use, (default: 65537 (0x10001)).\n *          workerScript the worker script URL.\n *          workers the number of web workers (if supported) to use,\n *            (default: 2).\n *          workLoad the size of the work load, ie: number of possible prime\n *            numbers for each web worker to check per work assignment,\n *            (default: 100).\n *          prng a custom crypto-secure pseudo-random number generator to use,\n *            that must define \"getBytesSync\". Disables use of native APIs.\n *          algorithm the algorithm to use (default: 'PRIMEINC').\n * @param [callback(err, keypair)] called once the operation completes.\n *\n * @return an object with privateKey and publicKey properties.\n */\npki.rsa.generateKeyPair = function(bits, e, options, callback) {\n  // (bits), (options), (callback)\n  if(arguments.length === 1) {\n    if(typeof bits === 'object') {\n      options = bits;\n      bits = undefined;\n    } else if(typeof bits === 'function') {\n      callback = bits;\n      bits = undefined;\n    }\n  } else if(arguments.length === 2) {\n    // (bits, e), (bits, options), (bits, callback), (options, callback)\n    if(typeof bits === 'number') {\n      if(typeof e === 'function') {\n        callback = e;\n        e = undefined;\n      } else if(typeof e !== 'number') {\n        options = e;\n        e = undefined;\n      }\n    } else {\n      options = bits;\n      callback = e;\n      bits = undefined;\n      e = undefined;\n    }\n  } else if(arguments.length === 3) {\n    // (bits, e, options), (bits, e, callback), (bits, options, callback)\n    if(typeof e === 'number') {\n      if(typeof options === 'function') {\n        callback = options;\n        options = undefined;\n      }\n    } else {\n      callback = options;\n      options = e;\n      e = undefined;\n    }\n  }\n  options = options || {};\n  if(bits === undefined) {\n    bits = options.bits || 2048;\n  }\n  if(e === undefined) {\n    e = options.e || 0x10001;\n  }\n\n  // use native code if permitted, available, and parameters are acceptable\n  if(!forge.options.usePureJavaScript && !options.prng &&\n    bits >= 256 && bits <= 16384 && (e === 0x10001 || e === 3)) {\n    if(callback) {\n      // try native async\n      if(_detectNodeCrypto('generateKeyPair')) {\n        return _crypto.generateKeyPair('rsa', {\n          modulusLength: bits,\n          publicExponent: e,\n          publicKeyEncoding: {\n            type: 'spki',\n            format: 'pem'\n          },\n          privateKeyEncoding: {\n            type: 'pkcs8',\n            format: 'pem'\n          }\n        }, function(err, pub, priv) {\n          if(err) {\n            return callback(err);\n          }\n          callback(null, {\n            privateKey: pki.privateKeyFromPem(priv),\n            publicKey: pki.publicKeyFromPem(pub)\n          });\n        });\n      }\n      if(_detectSubtleCrypto('generateKey') &&\n        _detectSubtleCrypto('exportKey')) {\n        // use standard native generateKey\n        return util.globalScope.crypto.subtle.generateKey({\n          name: 'RSASSA-PKCS1-v1_5',\n          modulusLength: bits,\n          publicExponent: _intToUint8Array(e),\n          hash: {name: 'SHA-256'}\n        }, true /* key can be exported*/, ['sign', 'verify'])\n        .then(function(pair) {\n          return util.globalScope.crypto.subtle.exportKey(\n            'pkcs8', pair.privateKey);\n        // avoiding catch(function(err) {...}) to support IE <= 8\n        }).then(undefined, function(err) {\n          callback(err);\n        }).then(function(pkcs8) {\n          if(pkcs8) {\n            var privateKey = pki.privateKeyFromAsn1(\n              asn1.fromDer(forge.util.createBuffer(pkcs8)));\n            callback(null, {\n              privateKey: privateKey,\n              publicKey: pki.setRsaPublicKey(privateKey.n, privateKey.e)\n            });\n          }\n        });\n      }\n      if(_detectSubtleMsCrypto('generateKey') &&\n        _detectSubtleMsCrypto('exportKey')) {\n        var genOp = util.globalScope.msCrypto.subtle.generateKey({\n          name: 'RSASSA-PKCS1-v1_5',\n          modulusLength: bits,\n          publicExponent: _intToUint8Array(e),\n          hash: {name: 'SHA-256'}\n        }, true /* key can be exported*/, ['sign', 'verify']);\n        genOp.oncomplete = function(e) {\n          var pair = e.target.result;\n          var exportOp = util.globalScope.msCrypto.subtle.exportKey(\n            'pkcs8', pair.privateKey);\n          exportOp.oncomplete = function(e) {\n            var pkcs8 = e.target.result;\n            var privateKey = pki.privateKeyFromAsn1(\n              asn1.fromDer(forge.util.createBuffer(pkcs8)));\n            callback(null, {\n              privateKey: privateKey,\n              publicKey: pki.setRsaPublicKey(privateKey.n, privateKey.e)\n            });\n          };\n          exportOp.onerror = function(err) {\n            callback(err);\n          };\n        };\n        genOp.onerror = function(err) {\n          callback(err);\n        };\n        return;\n      }\n    } else {\n      // try native sync\n      if(_detectNodeCrypto('generateKeyPairSync')) {\n        var keypair = _crypto.generateKeyPairSync('rsa', {\n          modulusLength: bits,\n          publicExponent: e,\n          publicKeyEncoding: {\n            type: 'spki',\n            format: 'pem'\n          },\n          privateKeyEncoding: {\n            type: 'pkcs8',\n            format: 'pem'\n          }\n        });\n        return {\n          privateKey: pki.privateKeyFromPem(keypair.privateKey),\n          publicKey: pki.publicKeyFromPem(keypair.publicKey)\n        };\n      }\n    }\n  }\n\n  // use JavaScript implementation\n  var state = pki.rsa.createKeyPairGenerationState(bits, e, options);\n  if(!callback) {\n    pki.rsa.stepKeyPairGenerationState(state, 0);\n    return state.keys;\n  }\n  _generateKeyPair(state, options, callback);\n};\n\n/**\n * Sets an RSA public key from BigIntegers modulus and exponent.\n *\n * @param n the modulus.\n * @param e the exponent.\n *\n * @return the public key.\n */\npki.setRsaPublicKey = pki.rsa.setPublicKey = function(n, e) {\n  var key = {\n    n: n,\n    e: e\n  };\n\n  /**\n   * Encrypts the given data with this public key. Newer applications\n   * should use the 'RSA-OAEP' decryption scheme, 'RSAES-PKCS1-V1_5' is for\n   * legacy applications.\n   *\n   * @param data the byte string to encrypt.\n   * @param scheme the encryption scheme to use:\n   *          'RSAES-PKCS1-V1_5' (default),\n   *          'RSA-OAEP',\n   *          'RAW', 'NONE', or null to perform raw RSA encryption,\n   *          an object with an 'encode' property set to a function\n   *          with the signature 'function(data, key)' that returns\n   *          a binary-encoded string representing the encoded data.\n   * @param schemeOptions any scheme-specific options.\n   *\n   * @return the encrypted byte string.\n   */\n  key.encrypt = function(data, scheme, schemeOptions) {\n    if(typeof scheme === 'string') {\n      scheme = scheme.toUpperCase();\n    } else if(scheme === undefined) {\n      scheme = 'RSAES-PKCS1-V1_5';\n    }\n\n    if(scheme === 'RSAES-PKCS1-V1_5') {\n      scheme = {\n        encode: function(m, key, pub) {\n          return _encodePkcs1_v1_5(m, key, 0x02).getBytes();\n        }\n      };\n    } else if(scheme === 'RSA-OAEP' || scheme === 'RSAES-OAEP') {\n      scheme = {\n        encode: function(m, key) {\n          return forge.pkcs1.encode_rsa_oaep(key, m, schemeOptions);\n        }\n      };\n    } else if(['RAW', 'NONE', 'NULL', null].indexOf(scheme) !== -1) {\n      scheme = {encode: function(e) {return e;}};\n    } else if(typeof scheme === 'string') {\n      throw new Error('Unsupported encryption scheme: \"' + scheme + '\".');\n    }\n\n    // do scheme-based encoding then rsa encryption\n    var e = scheme.encode(data, key, true);\n    return pki.rsa.encrypt(e, key, true);\n  };\n\n  /**\n   * Verifies the given signature against the given digest.\n   *\n   * PKCS#1 supports multiple (currently two) signature schemes:\n   * RSASSA-PKCS1-V1_5 and RSASSA-PSS.\n   *\n   * By default this implementation uses the \"old scheme\", i.e.\n   * RSASSA-PKCS1-V1_5, in which case once RSA-decrypted, the\n   * signature is an OCTET STRING that holds a DigestInfo.\n   *\n   * DigestInfo ::= SEQUENCE {\n   *   digestAlgorithm DigestAlgorithmIdentifier,\n   *   digest Digest\n   * }\n   * DigestAlgorithmIdentifier ::= AlgorithmIdentifier\n   * Digest ::= OCTET STRING\n   *\n   * To perform PSS signature verification, provide an instance\n   * of Forge PSS object as the scheme parameter.\n   *\n   * @param digest the message digest hash to compare against the signature,\n   *          as a binary-encoded string.\n   * @param signature the signature to verify, as a binary-encoded string.\n   * @param scheme signature verification scheme to use:\n   *          'RSASSA-PKCS1-V1_5' or undefined for RSASSA PKCS#1 v1.5,\n   *          a Forge PSS object for RSASSA-PSS,\n   *          'NONE' or null for none, DigestInfo will not be expected, but\n   *            PKCS#1 v1.5 padding will still be used.\n   * @param options optional verify options\n   *          _parseAllDigestBytes testing flag to control parsing of all\n   *            digest bytes. Unsupported and not for general usage.\n   *            (default: true)\n   *\n   * @return true if the signature was verified, false if not.\n   */\n  key.verify = function(digest, signature, scheme, options) {\n    if(typeof scheme === 'string') {\n      scheme = scheme.toUpperCase();\n    } else if(scheme === undefined) {\n      scheme = 'RSASSA-PKCS1-V1_5';\n    }\n    if(options === undefined) {\n      options = {\n        _parseAllDigestBytes: true\n      };\n    }\n    if(!('_parseAllDigestBytes' in options)) {\n      options._parseAllDigestBytes = true;\n    }\n\n    if(scheme === 'RSASSA-PKCS1-V1_5') {\n      scheme = {\n        verify: function(digest, d) {\n          // remove padding\n          d = _decodePkcs1_v1_5(d, key, true);\n          // d is ASN.1 BER-encoded DigestInfo\n          var obj = asn1.fromDer(d, {\n            parseAllBytes: options._parseAllDigestBytes\n          });\n\n          // validate DigestInfo\n          var capture = {};\n          var errors = [];\n          if(!asn1.validate(obj, digestInfoValidator, capture, errors)) {\n            var error = new Error(\n              'ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 ' +\n              'DigestInfo value.');\n            error.errors = errors;\n            throw error;\n          }\n          // check hash algorithm identifier\n          // see PKCS1-v1-5DigestAlgorithms in RFC 8017\n          // FIXME: add support to vaidator for strict value choices\n          var oid = asn1.derToOid(capture.algorithmIdentifier);\n          if(!(oid === forge.oids.md2 ||\n            oid === forge.oids.md5 ||\n            oid === forge.oids.sha1 ||\n            oid === forge.oids.sha224 ||\n            oid === forge.oids.sha256 ||\n            oid === forge.oids.sha384 ||\n            oid === forge.oids.sha512 ||\n            oid === forge.oids['sha512-224'] ||\n            oid === forge.oids['sha512-256'])) {\n            var error = new Error(\n              'Unknown RSASSA-PKCS1-v1_5 DigestAlgorithm identifier.');\n            error.oid = oid;\n            throw error;\n          }\n\n          // special check for md2 and md5 that NULL parameters exist\n          if(oid === forge.oids.md2 || oid === forge.oids.md5) {\n            if(!('parameters' in capture)) {\n              throw new Error(\n                'ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 ' +\n                'DigestInfo value. ' +\n                'Missing algorithm identifer NULL parameters.');\n            }\n          }\n\n          // compare the given digest to the decrypted one\n          return digest === capture.digest;\n        }\n      };\n    } else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) {\n      scheme = {\n        verify: function(digest, d) {\n          // remove padding\n          d = _decodePkcs1_v1_5(d, key, true);\n          return digest === d;\n        }\n      };\n    }\n\n    // do rsa decryption w/o any decoding, then verify -- which does decoding\n    var d = pki.rsa.decrypt(signature, key, true, false);\n    return scheme.verify(digest, d, key.n.bitLength());\n  };\n\n  return key;\n};\n\n/**\n * Sets an RSA private key from BigIntegers modulus, exponent, primes,\n * prime exponents, and modular multiplicative inverse.\n *\n * @param n the modulus.\n * @param e the public exponent.\n * @param d the private exponent ((inverse of e) mod n).\n * @param p the first prime.\n * @param q the second prime.\n * @param dP exponent1 (d mod (p-1)).\n * @param dQ exponent2 (d mod (q-1)).\n * @param qInv ((inverse of q) mod p)\n *\n * @return the private key.\n */\npki.setRsaPrivateKey = pki.rsa.setPrivateKey = function(\n  n, e, d, p, q, dP, dQ, qInv) {\n  var key = {\n    n: n,\n    e: e,\n    d: d,\n    p: p,\n    q: q,\n    dP: dP,\n    dQ: dQ,\n    qInv: qInv\n  };\n\n  /**\n   * Decrypts the given data with this private key. The decryption scheme\n   * must match the one used to encrypt the data.\n   *\n   * @param data the byte string to decrypt.\n   * @param scheme the decryption scheme to use:\n   *          'RSAES-PKCS1-V1_5' (default),\n   *          'RSA-OAEP',\n   *          'RAW', 'NONE', or null to perform raw RSA decryption.\n   * @param schemeOptions any scheme-specific options.\n   *\n   * @return the decrypted byte string.\n   */\n  key.decrypt = function(data, scheme, schemeOptions) {\n    if(typeof scheme === 'string') {\n      scheme = scheme.toUpperCase();\n    } else if(scheme === undefined) {\n      scheme = 'RSAES-PKCS1-V1_5';\n    }\n\n    // do rsa decryption w/o any decoding\n    var d = pki.rsa.decrypt(data, key, false, false);\n\n    if(scheme === 'RSAES-PKCS1-V1_5') {\n      scheme = {decode: _decodePkcs1_v1_5};\n    } else if(scheme === 'RSA-OAEP' || scheme === 'RSAES-OAEP') {\n      scheme = {\n        decode: function(d, key) {\n          return forge.pkcs1.decode_rsa_oaep(key, d, schemeOptions);\n        }\n      };\n    } else if(['RAW', 'NONE', 'NULL', null].indexOf(scheme) !== -1) {\n      scheme = {decode: function(d) {return d;}};\n    } else {\n      throw new Error('Unsupported encryption scheme: \"' + scheme + '\".');\n    }\n\n    // decode according to scheme\n    return scheme.decode(d, key, false);\n  };\n\n  /**\n   * Signs the given digest, producing a signature.\n   *\n   * PKCS#1 supports multiple (currently two) signature schemes:\n   * RSASSA-PKCS1-V1_5 and RSASSA-PSS.\n   *\n   * By default this implementation uses the \"old scheme\", i.e.\n   * RSASSA-PKCS1-V1_5. In order to generate a PSS signature, provide\n   * an instance of Forge PSS object as the scheme parameter.\n   *\n   * @param md the message digest object with the hash to sign.\n   * @param scheme the signature scheme to use:\n   *          'RSASSA-PKCS1-V1_5' or undefined for RSASSA PKCS#1 v1.5,\n   *          a Forge PSS object for RSASSA-PSS,\n   *          'NONE' or null for none, DigestInfo will not be used but\n   *            PKCS#1 v1.5 padding will still be used.\n   *\n   * @return the signature as a byte string.\n   */\n  key.sign = function(md, scheme) {\n    /* Note: The internal implementation of RSA operations is being\n      transitioned away from a PKCS#1 v1.5 hard-coded scheme. Some legacy\n      code like the use of an encoding block identifier 'bt' will eventually\n      be removed. */\n\n    // private key operation\n    var bt = false;\n\n    if(typeof scheme === 'string') {\n      scheme = scheme.toUpperCase();\n    }\n\n    if(scheme === undefined || scheme === 'RSASSA-PKCS1-V1_5') {\n      scheme = {encode: emsaPkcs1v15encode};\n      bt = 0x01;\n    } else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) {\n      scheme = {encode: function() {return md;}};\n      bt = 0x01;\n    }\n\n    // encode and then encrypt\n    var d = scheme.encode(md, key.n.bitLength());\n    return pki.rsa.encrypt(d, key, bt);\n  };\n\n  return key;\n};\n\n/**\n * Wraps an RSAPrivateKey ASN.1 object in an ASN.1 PrivateKeyInfo object.\n *\n * @param rsaKey the ASN.1 RSAPrivateKey.\n *\n * @return the ASN.1 PrivateKeyInfo.\n */\npki.wrapRsaPrivateKey = function(rsaKey) {\n  // PrivateKeyInfo\n  return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // version (0)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      asn1.integerToDer(0).getBytes()),\n    // privateKeyAlgorithm\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      asn1.create(\n        asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n    ]),\n    // PrivateKey\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false,\n      asn1.toDer(rsaKey).getBytes())\n  ]);\n};\n\n/**\n * Converts a private key from an ASN.1 object.\n *\n * @param obj the ASN.1 representation of a PrivateKeyInfo containing an\n *          RSAPrivateKey or an RSAPrivateKey.\n *\n * @return the private key.\n */\npki.privateKeyFromAsn1 = function(obj) {\n  // get PrivateKeyInfo\n  var capture = {};\n  var errors = [];\n  if(asn1.validate(obj, privateKeyValidator, capture, errors)) {\n    obj = asn1.fromDer(forge.util.createBuffer(capture.privateKey));\n  }\n\n  // get RSAPrivateKey\n  capture = {};\n  errors = [];\n  if(!asn1.validate(obj, rsaPrivateKeyValidator, capture, errors)) {\n    var error = new Error('Cannot read private key. ' +\n      'ASN.1 object does not contain an RSAPrivateKey.');\n    error.errors = errors;\n    throw error;\n  }\n\n  // Note: Version is currently ignored.\n  // capture.privateKeyVersion\n  // FIXME: inefficient, get a BigInteger that uses byte strings\n  var n, e, d, p, q, dP, dQ, qInv;\n  n = forge.util.createBuffer(capture.privateKeyModulus).toHex();\n  e = forge.util.createBuffer(capture.privateKeyPublicExponent).toHex();\n  d = forge.util.createBuffer(capture.privateKeyPrivateExponent).toHex();\n  p = forge.util.createBuffer(capture.privateKeyPrime1).toHex();\n  q = forge.util.createBuffer(capture.privateKeyPrime2).toHex();\n  dP = forge.util.createBuffer(capture.privateKeyExponent1).toHex();\n  dQ = forge.util.createBuffer(capture.privateKeyExponent2).toHex();\n  qInv = forge.util.createBuffer(capture.privateKeyCoefficient).toHex();\n\n  // set private key\n  return pki.setRsaPrivateKey(\n    new BigInteger(n, 16),\n    new BigInteger(e, 16),\n    new BigInteger(d, 16),\n    new BigInteger(p, 16),\n    new BigInteger(q, 16),\n    new BigInteger(dP, 16),\n    new BigInteger(dQ, 16),\n    new BigInteger(qInv, 16));\n};\n\n/**\n * Converts a private key to an ASN.1 RSAPrivateKey.\n *\n * @param key the private key.\n *\n * @return the ASN.1 representation of an RSAPrivateKey.\n */\npki.privateKeyToAsn1 = pki.privateKeyToRSAPrivateKey = function(key) {\n  // RSAPrivateKey\n  return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // version (0 = only 2 primes, 1 multiple primes)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      asn1.integerToDer(0).getBytes()),\n    // modulus (n)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      _bnToBytes(key.n)),\n    // publicExponent (e)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      _bnToBytes(key.e)),\n    // privateExponent (d)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      _bnToBytes(key.d)),\n    // privateKeyPrime1 (p)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      _bnToBytes(key.p)),\n    // privateKeyPrime2 (q)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      _bnToBytes(key.q)),\n    // privateKeyExponent1 (dP)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      _bnToBytes(key.dP)),\n    // privateKeyExponent2 (dQ)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      _bnToBytes(key.dQ)),\n    // coefficient (qInv)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      _bnToBytes(key.qInv))\n  ]);\n};\n\n/**\n * Converts a public key from an ASN.1 SubjectPublicKeyInfo or RSAPublicKey.\n *\n * @param obj the asn1 representation of a SubjectPublicKeyInfo or RSAPublicKey.\n *\n * @return the public key.\n */\npki.publicKeyFromAsn1 = function(obj) {\n  // get SubjectPublicKeyInfo\n  var capture = {};\n  var errors = [];\n  if(asn1.validate(obj, publicKeyValidator, capture, errors)) {\n    // get oid\n    var oid = asn1.derToOid(capture.publicKeyOid);\n    if(oid !== pki.oids.rsaEncryption) {\n      var error = new Error('Cannot read public key. Unknown OID.');\n      error.oid = oid;\n      throw error;\n    }\n    obj = capture.rsaPublicKey;\n  }\n\n  // get RSA params\n  errors = [];\n  if(!asn1.validate(obj, rsaPublicKeyValidator, capture, errors)) {\n    var error = new Error('Cannot read public key. ' +\n      'ASN.1 object does not contain an RSAPublicKey.');\n    error.errors = errors;\n    throw error;\n  }\n\n  // FIXME: inefficient, get a BigInteger that uses byte strings\n  var n = forge.util.createBuffer(capture.publicKeyModulus).toHex();\n  var e = forge.util.createBuffer(capture.publicKeyExponent).toHex();\n\n  // set public key\n  return pki.setRsaPublicKey(\n    new BigInteger(n, 16),\n    new BigInteger(e, 16));\n};\n\n/**\n * Converts a public key to an ASN.1 SubjectPublicKeyInfo.\n *\n * @param key the public key.\n *\n * @return the asn1 representation of a SubjectPublicKeyInfo.\n */\npki.publicKeyToAsn1 = pki.publicKeyToSubjectPublicKeyInfo = function(key) {\n  // SubjectPublicKeyInfo\n  return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // AlgorithmIdentifier\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // algorithm\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        asn1.oidToDer(pki.oids.rsaEncryption).getBytes()),\n      // parameters (null)\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n    ]),\n    // subjectPublicKey\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, [\n      pki.publicKeyToRSAPublicKey(key)\n    ])\n  ]);\n};\n\n/**\n * Converts a public key to an ASN.1 RSAPublicKey.\n *\n * @param key the public key.\n *\n * @return the asn1 representation of a RSAPublicKey.\n */\npki.publicKeyToRSAPublicKey = function(key) {\n  // RSAPublicKey\n  return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // modulus (n)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      _bnToBytes(key.n)),\n    // publicExponent (e)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      _bnToBytes(key.e))\n  ]);\n};\n\n/**\n * Encodes a message using PKCS#1 v1.5 padding.\n *\n * @param m the message to encode.\n * @param key the RSA key to use.\n * @param bt the block type to use, i.e. either 0x01 (for signing) or 0x02\n *          (for encryption).\n *\n * @return the padded byte buffer.\n */\nfunction _encodePkcs1_v1_5(m, key, bt) {\n  var eb = forge.util.createBuffer();\n\n  // get the length of the modulus in bytes\n  var k = Math.ceil(key.n.bitLength() / 8);\n\n  /* use PKCS#1 v1.5 padding */\n  if(m.length > (k - 11)) {\n    var error = new Error('Message is too long for PKCS#1 v1.5 padding.');\n    error.length = m.length;\n    error.max = k - 11;\n    throw error;\n  }\n\n  /* A block type BT, a padding string PS, and the data D shall be\n    formatted into an octet string EB, the encryption block:\n\n    EB = 00 || BT || PS || 00 || D\n\n    The block type BT shall be a single octet indicating the structure of\n    the encryption block. For this version of the document it shall have\n    value 00, 01, or 02. For a private-key operation, the block type\n    shall be 00 or 01. For a public-key operation, it shall be 02.\n\n    The padding string PS shall consist of k-3-||D|| octets. For block\n    type 00, the octets shall have value 00; for block type 01, they\n    shall have value FF; and for block type 02, they shall be\n    pseudorandomly generated and nonzero. This makes the length of the\n    encryption block EB equal to k. */\n\n  // build the encryption block\n  eb.putByte(0x00);\n  eb.putByte(bt);\n\n  // create the padding\n  var padNum = k - 3 - m.length;\n  var padByte;\n  // private key op\n  if(bt === 0x00 || bt === 0x01) {\n    padByte = (bt === 0x00) ? 0x00 : 0xFF;\n    for(var i = 0; i < padNum; ++i) {\n      eb.putByte(padByte);\n    }\n  } else {\n    // public key op\n    // pad with random non-zero values\n    while(padNum > 0) {\n      var numZeros = 0;\n      var padBytes = forge.random.getBytes(padNum);\n      for(var i = 0; i < padNum; ++i) {\n        padByte = padBytes.charCodeAt(i);\n        if(padByte === 0) {\n          ++numZeros;\n        } else {\n          eb.putByte(padByte);\n        }\n      }\n      padNum = numZeros;\n    }\n  }\n\n  // zero followed by message\n  eb.putByte(0x00);\n  eb.putBytes(m);\n\n  return eb;\n}\n\n/**\n * Decodes a message using PKCS#1 v1.5 padding.\n *\n * @param em the message to decode.\n * @param key the RSA key to use.\n * @param pub true if the key is a public key, false if it is private.\n * @param ml the message length, if specified.\n *\n * @return the decoded bytes.\n */\nfunction _decodePkcs1_v1_5(em, key, pub, ml) {\n  // get the length of the modulus in bytes\n  var k = Math.ceil(key.n.bitLength() / 8);\n\n  /* It is an error if any of the following conditions occurs:\n\n    1. The encryption block EB cannot be parsed unambiguously.\n    2. The padding string PS consists of fewer than eight octets\n      or is inconsisent with the block type BT.\n    3. The decryption process is a public-key operation and the block\n      type BT is not 00 or 01, or the decryption process is a\n      private-key operation and the block type is not 02.\n   */\n\n  // parse the encryption block\n  var eb = forge.util.createBuffer(em);\n  var first = eb.getByte();\n  var bt = eb.getByte();\n  if(first !== 0x00 ||\n    (pub && bt !== 0x00 && bt !== 0x01) ||\n    (!pub && bt != 0x02) ||\n    (pub && bt === 0x00 && typeof(ml) === 'undefined')) {\n    throw new Error('Encryption block is invalid.');\n  }\n\n  var padNum = 0;\n  if(bt === 0x00) {\n    // check all padding bytes for 0x00\n    padNum = k - 3 - ml;\n    for(var i = 0; i < padNum; ++i) {\n      if(eb.getByte() !== 0x00) {\n        throw new Error('Encryption block is invalid.');\n      }\n    }\n  } else if(bt === 0x01) {\n    // find the first byte that isn't 0xFF, should be after all padding\n    padNum = 0;\n    while(eb.length() > 1) {\n      if(eb.getByte() !== 0xFF) {\n        --eb.read;\n        break;\n      }\n      ++padNum;\n    }\n  } else if(bt === 0x02) {\n    // look for 0x00 byte\n    padNum = 0;\n    while(eb.length() > 1) {\n      if(eb.getByte() === 0x00) {\n        --eb.read;\n        break;\n      }\n      ++padNum;\n    }\n  }\n\n  // zero must be 0x00 and padNum must be (k - 3 - message length)\n  var zero = eb.getByte();\n  if(zero !== 0x00 || padNum !== (k - 3 - eb.length())) {\n    throw new Error('Encryption block is invalid.');\n  }\n\n  return eb.getBytes();\n}\n\n/**\n * Runs the key-generation algorithm asynchronously, either in the background\n * via Web Workers, or using the main thread and setImmediate.\n *\n * @param state the key-pair generation state.\n * @param [options] options for key-pair generation:\n *          workerScript the worker script URL.\n *          workers the number of web workers (if supported) to use,\n *            (default: 2, -1 to use estimated cores minus one).\n *          workLoad the size of the work load, ie: number of possible prime\n *            numbers for each web worker to check per work assignment,\n *            (default: 100).\n * @param callback(err, keypair) called once the operation completes.\n */\nfunction _generateKeyPair(state, options, callback) {\n  if(typeof options === 'function') {\n    callback = options;\n    options = {};\n  }\n  options = options || {};\n\n  var opts = {\n    algorithm: {\n      name: options.algorithm || 'PRIMEINC',\n      options: {\n        workers: options.workers || 2,\n        workLoad: options.workLoad || 100,\n        workerScript: options.workerScript\n      }\n    }\n  };\n  if('prng' in options) {\n    opts.prng = options.prng;\n  }\n\n  generate();\n\n  function generate() {\n    // find p and then q (done in series to simplify)\n    getPrime(state.pBits, function(err, num) {\n      if(err) {\n        return callback(err);\n      }\n      state.p = num;\n      if(state.q !== null) {\n        return finish(err, state.q);\n      }\n      getPrime(state.qBits, finish);\n    });\n  }\n\n  function getPrime(bits, callback) {\n    forge.prime.generateProbablePrime(bits, opts, callback);\n  }\n\n  function finish(err, num) {\n    if(err) {\n      return callback(err);\n    }\n\n    // set q\n    state.q = num;\n\n    // ensure p is larger than q (swap them if not)\n    if(state.p.compareTo(state.q) < 0) {\n      var tmp = state.p;\n      state.p = state.q;\n      state.q = tmp;\n    }\n\n    // ensure p is coprime with e\n    if(state.p.subtract(BigInteger.ONE).gcd(state.e)\n      .compareTo(BigInteger.ONE) !== 0) {\n      state.p = null;\n      generate();\n      return;\n    }\n\n    // ensure q is coprime with e\n    if(state.q.subtract(BigInteger.ONE).gcd(state.e)\n      .compareTo(BigInteger.ONE) !== 0) {\n      state.q = null;\n      getPrime(state.qBits, finish);\n      return;\n    }\n\n    // compute phi: (p - 1)(q - 1) (Euler's totient function)\n    state.p1 = state.p.subtract(BigInteger.ONE);\n    state.q1 = state.q.subtract(BigInteger.ONE);\n    state.phi = state.p1.multiply(state.q1);\n\n    // ensure e and phi are coprime\n    if(state.phi.gcd(state.e).compareTo(BigInteger.ONE) !== 0) {\n      // phi and e aren't coprime, so generate a new p and q\n      state.p = state.q = null;\n      generate();\n      return;\n    }\n\n    // create n, ensure n is has the right number of bits\n    state.n = state.p.multiply(state.q);\n    if(state.n.bitLength() !== state.bits) {\n      // failed, get new q\n      state.q = null;\n      getPrime(state.qBits, finish);\n      return;\n    }\n\n    // set keys\n    var d = state.e.modInverse(state.phi);\n    state.keys = {\n      privateKey: pki.rsa.setPrivateKey(\n        state.n, state.e, d, state.p, state.q,\n        d.mod(state.p1), d.mod(state.q1),\n        state.q.modInverse(state.p)),\n      publicKey: pki.rsa.setPublicKey(state.n, state.e)\n    };\n\n    callback(null, state.keys);\n  }\n}\n\n/**\n * Converts a positive BigInteger into 2's-complement big-endian bytes.\n *\n * @param b the big integer to convert.\n *\n * @return the bytes.\n */\nfunction _bnToBytes(b) {\n  // prepend 0x00 if first byte >= 0x80\n  var hex = b.toString(16);\n  if(hex[0] >= '8') {\n    hex = '00' + hex;\n  }\n  var bytes = forge.util.hexToBytes(hex);\n\n  // ensure integer is minimally-encoded\n  if(bytes.length > 1 &&\n    // leading 0x00 for positive integer\n    ((bytes.charCodeAt(0) === 0 &&\n    (bytes.charCodeAt(1) & 0x80) === 0) ||\n    // leading 0xFF for negative integer\n    (bytes.charCodeAt(0) === 0xFF &&\n    (bytes.charCodeAt(1) & 0x80) === 0x80))) {\n    return bytes.substr(1);\n  }\n  return bytes;\n}\n\n/**\n * Returns the required number of Miller-Rabin tests to generate a\n * prime with an error probability of (1/2)^80.\n *\n * See Handbook of Applied Cryptography Chapter 4, Table 4.4.\n *\n * @param bits the bit size.\n *\n * @return the required number of iterations.\n */\nfunction _getMillerRabinTests(bits) {\n  if(bits <= 100) return 27;\n  if(bits <= 150) return 18;\n  if(bits <= 200) return 15;\n  if(bits <= 250) return 12;\n  if(bits <= 300) return 9;\n  if(bits <= 350) return 8;\n  if(bits <= 400) return 7;\n  if(bits <= 500) return 6;\n  if(bits <= 600) return 5;\n  if(bits <= 800) return 4;\n  if(bits <= 1250) return 3;\n  return 2;\n}\n\n/**\n * Performs feature detection on the Node crypto interface.\n *\n * @param fn the feature (function) to detect.\n *\n * @return true if detected, false if not.\n */\nfunction _detectNodeCrypto(fn) {\n  return forge.util.isNodejs && typeof _crypto[fn] === 'function';\n}\n\n/**\n * Performs feature detection on the SubtleCrypto interface.\n *\n * @param fn the feature (function) to detect.\n *\n * @return true if detected, false if not.\n */\nfunction _detectSubtleCrypto(fn) {\n  return (typeof util.globalScope !== 'undefined' &&\n    typeof util.globalScope.crypto === 'object' &&\n    typeof util.globalScope.crypto.subtle === 'object' &&\n    typeof util.globalScope.crypto.subtle[fn] === 'function');\n}\n\n/**\n * Performs feature detection on the deprecated Microsoft Internet Explorer\n * outdated SubtleCrypto interface. This function should only be used after\n * checking for the modern, standard SubtleCrypto interface.\n *\n * @param fn the feature (function) to detect.\n *\n * @return true if detected, false if not.\n */\nfunction _detectSubtleMsCrypto(fn) {\n  return (typeof util.globalScope !== 'undefined' &&\n    typeof util.globalScope.msCrypto === 'object' &&\n    typeof util.globalScope.msCrypto.subtle === 'object' &&\n    typeof util.globalScope.msCrypto.subtle[fn] === 'function');\n}\n\nfunction _intToUint8Array(x) {\n  var bytes = forge.util.hexToBytes(x.toString(16));\n  var buffer = new Uint8Array(bytes.length);\n  for(var i = 0; i < bytes.length; ++i) {\n    buffer[i] = bytes.charCodeAt(i);\n  }\n  return buffer;\n}\n\nfunction _privateKeyFromJwk(jwk) {\n  if(jwk.kty !== 'RSA') {\n    throw new Error(\n      'Unsupported key algorithm \"' + jwk.kty + '\"; algorithm must be \"RSA\".');\n  }\n  return pki.setRsaPrivateKey(\n    _base64ToBigInt(jwk.n),\n    _base64ToBigInt(jwk.e),\n    _base64ToBigInt(jwk.d),\n    _base64ToBigInt(jwk.p),\n    _base64ToBigInt(jwk.q),\n    _base64ToBigInt(jwk.dp),\n    _base64ToBigInt(jwk.dq),\n    _base64ToBigInt(jwk.qi));\n}\n\nfunction _publicKeyFromJwk(jwk) {\n  if(jwk.kty !== 'RSA') {\n    throw new Error('Key algorithm must be \"RSA\".');\n  }\n  return pki.setRsaPublicKey(\n    _base64ToBigInt(jwk.n),\n    _base64ToBigInt(jwk.e));\n}\n\nfunction _base64ToBigInt(b64) {\n  return new BigInteger(forge.util.bytesToHex(forge.util.decode64(b64)), 16);\n}\n","/**\n * Secure Hash Algorithm with 160-bit digest (SHA-1) implementation.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2015 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./md');\nrequire('./util');\n\nvar sha1 = module.exports = forge.sha1 = forge.sha1 || {};\nforge.md.sha1 = forge.md.algorithms.sha1 = sha1;\n\n/**\n * Creates a SHA-1 message digest object.\n *\n * @return a message digest object.\n */\nsha1.create = function() {\n  // do initialization as necessary\n  if(!_initialized) {\n    _init();\n  }\n\n  // SHA-1 state contains five 32-bit integers\n  var _state = null;\n\n  // input buffer\n  var _input = forge.util.createBuffer();\n\n  // used for word storage\n  var _w = new Array(80);\n\n  // message digest object\n  var md = {\n    algorithm: 'sha1',\n    blockLength: 64,\n    digestLength: 20,\n    // 56-bit length of message so far (does not including padding)\n    messageLength: 0,\n    // true message length\n    fullMessageLength: null,\n    // size of message length in bytes\n    messageLengthSize: 8\n  };\n\n  /**\n   * Starts the digest.\n   *\n   * @return this digest object.\n   */\n  md.start = function() {\n    // up to 56-bit message length for convenience\n    md.messageLength = 0;\n\n    // full message length (set md.messageLength64 for backwards-compatibility)\n    md.fullMessageLength = md.messageLength64 = [];\n    var int32s = md.messageLengthSize / 4;\n    for(var i = 0; i < int32s; ++i) {\n      md.fullMessageLength.push(0);\n    }\n    _input = forge.util.createBuffer();\n    _state = {\n      h0: 0x67452301,\n      h1: 0xEFCDAB89,\n      h2: 0x98BADCFE,\n      h3: 0x10325476,\n      h4: 0xC3D2E1F0\n    };\n    return md;\n  };\n  // start digest automatically for first time\n  md.start();\n\n  /**\n   * Updates the digest with the given message input. The given input can\n   * treated as raw input (no encoding will be applied) or an encoding of\n   * 'utf8' maybe given to encode the input using UTF-8.\n   *\n   * @param msg the message input to update with.\n   * @param encoding the encoding to use (default: 'raw', other: 'utf8').\n   *\n   * @return this digest object.\n   */\n  md.update = function(msg, encoding) {\n    if(encoding === 'utf8') {\n      msg = forge.util.encodeUtf8(msg);\n    }\n\n    // update message length\n    var len = msg.length;\n    md.messageLength += len;\n    len = [(len / 0x100000000) >>> 0, len >>> 0];\n    for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {\n      md.fullMessageLength[i] += len[1];\n      len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0);\n      md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0;\n      len[0] = ((len[1] / 0x100000000) >>> 0);\n    }\n\n    // add bytes to input buffer\n    _input.putBytes(msg);\n\n    // process bytes\n    _update(_state, _w, _input);\n\n    // compact input buffer every 2K or if empty\n    if(_input.read > 2048 || _input.length() === 0) {\n      _input.compact();\n    }\n\n    return md;\n  };\n\n  /**\n   * Produces the digest.\n   *\n   * @return a byte buffer containing the digest value.\n   */\n  md.digest = function() {\n    /* Note: Here we copy the remaining bytes in the input buffer and\n    add the appropriate SHA-1 padding. Then we do the final update\n    on a copy of the state so that if the user wants to get\n    intermediate digests they can do so. */\n\n    /* Determine the number of bytes that must be added to the message\n    to ensure its length is congruent to 448 mod 512. In other words,\n    the data to be digested must be a multiple of 512 bits (or 128 bytes).\n    This data includes the message, some padding, and the length of the\n    message. Since the length of the message will be encoded as 8 bytes (64\n    bits), that means that the last segment of the data must have 56 bytes\n    (448 bits) of message and padding. Therefore, the length of the message\n    plus the padding must be congruent to 448 mod 512 because\n    512 - 128 = 448.\n\n    In order to fill up the message length it must be filled with\n    padding that begins with 1 bit followed by all 0 bits. Padding\n    must *always* be present, so if the message length is already\n    congruent to 448 mod 512, then 512 padding bits must be added. */\n\n    var finalBlock = forge.util.createBuffer();\n    finalBlock.putBytes(_input.bytes());\n\n    // compute remaining size to be digested (include message length size)\n    var remaining = (\n      md.fullMessageLength[md.fullMessageLength.length - 1] +\n      md.messageLengthSize);\n\n    // add padding for overflow blockSize - overflow\n    // _padding starts with 1 byte with first bit is set (byte value 128), then\n    // there may be up to (blockSize - 1) other pad bytes\n    var overflow = remaining & (md.blockLength - 1);\n    finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow));\n\n    // serialize message length in bits in big-endian order; since length\n    // is stored in bytes we multiply by 8 and add carry from next int\n    var next, carry;\n    var bits = md.fullMessageLength[0] * 8;\n    for(var i = 0; i < md.fullMessageLength.length - 1; ++i) {\n      next = md.fullMessageLength[i + 1] * 8;\n      carry = (next / 0x100000000) >>> 0;\n      bits += carry;\n      finalBlock.putInt32(bits >>> 0);\n      bits = next >>> 0;\n    }\n    finalBlock.putInt32(bits);\n\n    var s2 = {\n      h0: _state.h0,\n      h1: _state.h1,\n      h2: _state.h2,\n      h3: _state.h3,\n      h4: _state.h4\n    };\n    _update(s2, _w, finalBlock);\n    var rval = forge.util.createBuffer();\n    rval.putInt32(s2.h0);\n    rval.putInt32(s2.h1);\n    rval.putInt32(s2.h2);\n    rval.putInt32(s2.h3);\n    rval.putInt32(s2.h4);\n    return rval;\n  };\n\n  return md;\n};\n\n// sha-1 padding bytes not initialized yet\nvar _padding = null;\nvar _initialized = false;\n\n/**\n * Initializes the constant tables.\n */\nfunction _init() {\n  // create padding\n  _padding = String.fromCharCode(128);\n  _padding += forge.util.fillString(String.fromCharCode(0x00), 64);\n\n  // now initialized\n  _initialized = true;\n}\n\n/**\n * Updates a SHA-1 state with the given byte buffer.\n *\n * @param s the SHA-1 state to update.\n * @param w the array to use to store words.\n * @param bytes the byte buffer to update with.\n */\nfunction _update(s, w, bytes) {\n  // consume 512 bit (64 byte) chunks\n  var t, a, b, c, d, e, f, i;\n  var len = bytes.length();\n  while(len >= 64) {\n    // the w array will be populated with sixteen 32-bit big-endian words\n    // and then extended into 80 32-bit words according to SHA-1 algorithm\n    // and for 32-79 using Max Locktyukhin's optimization\n\n    // initialize hash value for this chunk\n    a = s.h0;\n    b = s.h1;\n    c = s.h2;\n    d = s.h3;\n    e = s.h4;\n\n    // round 1\n    for(i = 0; i < 16; ++i) {\n      t = bytes.getInt32();\n      w[i] = t;\n      f = d ^ (b & (c ^ d));\n      t = ((a << 5) | (a >>> 27)) + f + e + 0x5A827999 + t;\n      e = d;\n      d = c;\n      // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n      c = ((b << 30) | (b >>> 2)) >>> 0;\n      b = a;\n      a = t;\n    }\n    for(; i < 20; ++i) {\n      t = (w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]);\n      t = (t << 1) | (t >>> 31);\n      w[i] = t;\n      f = d ^ (b & (c ^ d));\n      t = ((a << 5) | (a >>> 27)) + f + e + 0x5A827999 + t;\n      e = d;\n      d = c;\n      // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n      c = ((b << 30) | (b >>> 2)) >>> 0;\n      b = a;\n      a = t;\n    }\n    // round 2\n    for(; i < 32; ++i) {\n      t = (w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]);\n      t = (t << 1) | (t >>> 31);\n      w[i] = t;\n      f = b ^ c ^ d;\n      t = ((a << 5) | (a >>> 27)) + f + e + 0x6ED9EBA1 + t;\n      e = d;\n      d = c;\n      // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n      c = ((b << 30) | (b >>> 2)) >>> 0;\n      b = a;\n      a = t;\n    }\n    for(; i < 40; ++i) {\n      t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]);\n      t = (t << 2) | (t >>> 30);\n      w[i] = t;\n      f = b ^ c ^ d;\n      t = ((a << 5) | (a >>> 27)) + f + e + 0x6ED9EBA1 + t;\n      e = d;\n      d = c;\n      // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n      c = ((b << 30) | (b >>> 2)) >>> 0;\n      b = a;\n      a = t;\n    }\n    // round 3\n    for(; i < 60; ++i) {\n      t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]);\n      t = (t << 2) | (t >>> 30);\n      w[i] = t;\n      f = (b & c) | (d & (b ^ c));\n      t = ((a << 5) | (a >>> 27)) + f + e + 0x8F1BBCDC + t;\n      e = d;\n      d = c;\n      // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n      c = ((b << 30) | (b >>> 2)) >>> 0;\n      b = a;\n      a = t;\n    }\n    // round 4\n    for(; i < 80; ++i) {\n      t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]);\n      t = (t << 2) | (t >>> 30);\n      w[i] = t;\n      f = b ^ c ^ d;\n      t = ((a << 5) | (a >>> 27)) + f + e + 0xCA62C1D6 + t;\n      e = d;\n      d = c;\n      // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n      c = ((b << 30) | (b >>> 2)) >>> 0;\n      b = a;\n      a = t;\n    }\n\n    // update hash state\n    s.h0 = (s.h0 + a) | 0;\n    s.h1 = (s.h1 + b) | 0;\n    s.h2 = (s.h2 + c) | 0;\n    s.h3 = (s.h3 + d) | 0;\n    s.h4 = (s.h4 + e) | 0;\n\n    len -= 64;\n  }\n}\n","/**\n * Secure Hash Algorithm with 256-bit digest (SHA-256) implementation.\n *\n * See FIPS 180-2 for details.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2015 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./md');\nrequire('./util');\n\nvar sha256 = module.exports = forge.sha256 = forge.sha256 || {};\nforge.md.sha256 = forge.md.algorithms.sha256 = sha256;\n\n/**\n * Creates a SHA-256 message digest object.\n *\n * @return a message digest object.\n */\nsha256.create = function() {\n  // do initialization as necessary\n  if(!_initialized) {\n    _init();\n  }\n\n  // SHA-256 state contains eight 32-bit integers\n  var _state = null;\n\n  // input buffer\n  var _input = forge.util.createBuffer();\n\n  // used for word storage\n  var _w = new Array(64);\n\n  // message digest object\n  var md = {\n    algorithm: 'sha256',\n    blockLength: 64,\n    digestLength: 32,\n    // 56-bit length of message so far (does not including padding)\n    messageLength: 0,\n    // true message length\n    fullMessageLength: null,\n    // size of message length in bytes\n    messageLengthSize: 8\n  };\n\n  /**\n   * Starts the digest.\n   *\n   * @return this digest object.\n   */\n  md.start = function() {\n    // up to 56-bit message length for convenience\n    md.messageLength = 0;\n\n    // full message length (set md.messageLength64 for backwards-compatibility)\n    md.fullMessageLength = md.messageLength64 = [];\n    var int32s = md.messageLengthSize / 4;\n    for(var i = 0; i < int32s; ++i) {\n      md.fullMessageLength.push(0);\n    }\n    _input = forge.util.createBuffer();\n    _state = {\n      h0: 0x6A09E667,\n      h1: 0xBB67AE85,\n      h2: 0x3C6EF372,\n      h3: 0xA54FF53A,\n      h4: 0x510E527F,\n      h5: 0x9B05688C,\n      h6: 0x1F83D9AB,\n      h7: 0x5BE0CD19\n    };\n    return md;\n  };\n  // start digest automatically for first time\n  md.start();\n\n  /**\n   * Updates the digest with the given message input. The given input can\n   * treated as raw input (no encoding will be applied) or an encoding of\n   * 'utf8' maybe given to encode the input using UTF-8.\n   *\n   * @param msg the message input to update with.\n   * @param encoding the encoding to use (default: 'raw', other: 'utf8').\n   *\n   * @return this digest object.\n   */\n  md.update = function(msg, encoding) {\n    if(encoding === 'utf8') {\n      msg = forge.util.encodeUtf8(msg);\n    }\n\n    // update message length\n    var len = msg.length;\n    md.messageLength += len;\n    len = [(len / 0x100000000) >>> 0, len >>> 0];\n    for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {\n      md.fullMessageLength[i] += len[1];\n      len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0);\n      md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0;\n      len[0] = ((len[1] / 0x100000000) >>> 0);\n    }\n\n    // add bytes to input buffer\n    _input.putBytes(msg);\n\n    // process bytes\n    _update(_state, _w, _input);\n\n    // compact input buffer every 2K or if empty\n    if(_input.read > 2048 || _input.length() === 0) {\n      _input.compact();\n    }\n\n    return md;\n  };\n\n  /**\n   * Produces the digest.\n   *\n   * @return a byte buffer containing the digest value.\n   */\n  md.digest = function() {\n    /* Note: Here we copy the remaining bytes in the input buffer and\n    add the appropriate SHA-256 padding. Then we do the final update\n    on a copy of the state so that if the user wants to get\n    intermediate digests they can do so. */\n\n    /* Determine the number of bytes that must be added to the message\n    to ensure its length is congruent to 448 mod 512. In other words,\n    the data to be digested must be a multiple of 512 bits (or 128 bytes).\n    This data includes the message, some padding, and the length of the\n    message. Since the length of the message will be encoded as 8 bytes (64\n    bits), that means that the last segment of the data must have 56 bytes\n    (448 bits) of message and padding. Therefore, the length of the message\n    plus the padding must be congruent to 448 mod 512 because\n    512 - 128 = 448.\n\n    In order to fill up the message length it must be filled with\n    padding that begins with 1 bit followed by all 0 bits. Padding\n    must *always* be present, so if the message length is already\n    congruent to 448 mod 512, then 512 padding bits must be added. */\n\n    var finalBlock = forge.util.createBuffer();\n    finalBlock.putBytes(_input.bytes());\n\n    // compute remaining size to be digested (include message length size)\n    var remaining = (\n      md.fullMessageLength[md.fullMessageLength.length - 1] +\n      md.messageLengthSize);\n\n    // add padding for overflow blockSize - overflow\n    // _padding starts with 1 byte with first bit is set (byte value 128), then\n    // there may be up to (blockSize - 1) other pad bytes\n    var overflow = remaining & (md.blockLength - 1);\n    finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow));\n\n    // serialize message length in bits in big-endian order; since length\n    // is stored in bytes we multiply by 8 and add carry from next int\n    var next, carry;\n    var bits = md.fullMessageLength[0] * 8;\n    for(var i = 0; i < md.fullMessageLength.length - 1; ++i) {\n      next = md.fullMessageLength[i + 1] * 8;\n      carry = (next / 0x100000000) >>> 0;\n      bits += carry;\n      finalBlock.putInt32(bits >>> 0);\n      bits = next >>> 0;\n    }\n    finalBlock.putInt32(bits);\n\n    var s2 = {\n      h0: _state.h0,\n      h1: _state.h1,\n      h2: _state.h2,\n      h3: _state.h3,\n      h4: _state.h4,\n      h5: _state.h5,\n      h6: _state.h6,\n      h7: _state.h7\n    };\n    _update(s2, _w, finalBlock);\n    var rval = forge.util.createBuffer();\n    rval.putInt32(s2.h0);\n    rval.putInt32(s2.h1);\n    rval.putInt32(s2.h2);\n    rval.putInt32(s2.h3);\n    rval.putInt32(s2.h4);\n    rval.putInt32(s2.h5);\n    rval.putInt32(s2.h6);\n    rval.putInt32(s2.h7);\n    return rval;\n  };\n\n  return md;\n};\n\n// sha-256 padding bytes not initialized yet\nvar _padding = null;\nvar _initialized = false;\n\n// table of constants\nvar _k = null;\n\n/**\n * Initializes the constant tables.\n */\nfunction _init() {\n  // create padding\n  _padding = String.fromCharCode(128);\n  _padding += forge.util.fillString(String.fromCharCode(0x00), 64);\n\n  // create K table for SHA-256\n  _k = [\n    0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5,\n    0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,\n    0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3,\n    0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174,\n    0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc,\n    0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da,\n    0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7,\n    0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967,\n    0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13,\n    0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85,\n    0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3,\n    0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070,\n    0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5,\n    0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,\n    0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208,\n    0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2];\n\n  // now initialized\n  _initialized = true;\n}\n\n/**\n * Updates a SHA-256 state with the given byte buffer.\n *\n * @param s the SHA-256 state to update.\n * @param w the array to use to store words.\n * @param bytes the byte buffer to update with.\n */\nfunction _update(s, w, bytes) {\n  // consume 512 bit (64 byte) chunks\n  var t1, t2, s0, s1, ch, maj, i, a, b, c, d, e, f, g, h;\n  var len = bytes.length();\n  while(len >= 64) {\n    // the w array will be populated with sixteen 32-bit big-endian words\n    // and then extended into 64 32-bit words according to SHA-256\n    for(i = 0; i < 16; ++i) {\n      w[i] = bytes.getInt32();\n    }\n    for(; i < 64; ++i) {\n      // XOR word 2 words ago rot right 17, rot right 19, shft right 10\n      t1 = w[i - 2];\n      t1 =\n        ((t1 >>> 17) | (t1 << 15)) ^\n        ((t1 >>> 19) | (t1 << 13)) ^\n        (t1 >>> 10);\n      // XOR word 15 words ago rot right 7, rot right 18, shft right 3\n      t2 = w[i - 15];\n      t2 =\n        ((t2 >>> 7) | (t2 << 25)) ^\n        ((t2 >>> 18) | (t2 << 14)) ^\n        (t2 >>> 3);\n      // sum(t1, word 7 ago, t2, word 16 ago) modulo 2^32\n      w[i] = (t1 + w[i - 7] + t2 + w[i - 16]) | 0;\n    }\n\n    // initialize hash value for this chunk\n    a = s.h0;\n    b = s.h1;\n    c = s.h2;\n    d = s.h3;\n    e = s.h4;\n    f = s.h5;\n    g = s.h6;\n    h = s.h7;\n\n    // round function\n    for(i = 0; i < 64; ++i) {\n      // Sum1(e)\n      s1 =\n        ((e >>> 6) | (e << 26)) ^\n        ((e >>> 11) | (e << 21)) ^\n        ((e >>> 25) | (e << 7));\n      // Ch(e, f, g) (optimized the same way as SHA-1)\n      ch = g ^ (e & (f ^ g));\n      // Sum0(a)\n      s0 =\n        ((a >>> 2) | (a << 30)) ^\n        ((a >>> 13) | (a << 19)) ^\n        ((a >>> 22) | (a << 10));\n      // Maj(a, b, c) (optimized the same way as SHA-1)\n      maj = (a & b) | (c & (a ^ b));\n\n      // main algorithm\n      t1 = h + s1 + ch + _k[i] + w[i];\n      t2 = s0 + maj;\n      h = g;\n      g = f;\n      f = e;\n      // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n      // can't truncate with `| 0`\n      e = (d + t1) >>> 0;\n      d = c;\n      c = b;\n      b = a;\n      // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug\n      // can't truncate with `| 0`\n      a = (t1 + t2) >>> 0;\n    }\n\n    // update hash state\n    s.h0 = (s.h0 + a) | 0;\n    s.h1 = (s.h1 + b) | 0;\n    s.h2 = (s.h2 + c) | 0;\n    s.h3 = (s.h3 + d) | 0;\n    s.h4 = (s.h4 + e) | 0;\n    s.h5 = (s.h5 + f) | 0;\n    s.h6 = (s.h6 + g) | 0;\n    s.h7 = (s.h7 + h) | 0;\n    len -= 64;\n  }\n}\n","/**\n * Secure Hash Algorithm with a 1024-bit block size implementation.\n *\n * This includes: SHA-512, SHA-384, SHA-512/224, and SHA-512/256. For\n * SHA-256 (block size 512 bits), see sha256.js.\n *\n * See FIPS 180-4 for details.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2014-2015 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nrequire('./md');\nrequire('./util');\n\nvar sha512 = module.exports = forge.sha512 = forge.sha512 || {};\n\n// SHA-512\nforge.md.sha512 = forge.md.algorithms.sha512 = sha512;\n\n// SHA-384\nvar sha384 = forge.sha384 = forge.sha512.sha384 = forge.sha512.sha384 || {};\nsha384.create = function() {\n  return sha512.create('SHA-384');\n};\nforge.md.sha384 = forge.md.algorithms.sha384 = sha384;\n\n// SHA-512/256\nforge.sha512.sha256 = forge.sha512.sha256 || {\n  create: function() {\n    return sha512.create('SHA-512/256');\n  }\n};\nforge.md['sha512/256'] = forge.md.algorithms['sha512/256'] =\n  forge.sha512.sha256;\n\n// SHA-512/224\nforge.sha512.sha224 = forge.sha512.sha224 || {\n  create: function() {\n    return sha512.create('SHA-512/224');\n  }\n};\nforge.md['sha512/224'] = forge.md.algorithms['sha512/224'] =\n  forge.sha512.sha224;\n\n/**\n * Creates a SHA-2 message digest object.\n *\n * @param algorithm the algorithm to use (SHA-512, SHA-384, SHA-512/224,\n *          SHA-512/256).\n *\n * @return a message digest object.\n */\nsha512.create = function(algorithm) {\n  // do initialization as necessary\n  if(!_initialized) {\n    _init();\n  }\n\n  if(typeof algorithm === 'undefined') {\n    algorithm = 'SHA-512';\n  }\n\n  if(!(algorithm in _states)) {\n    throw new Error('Invalid SHA-512 algorithm: ' + algorithm);\n  }\n\n  // SHA-512 state contains eight 64-bit integers (each as two 32-bit ints)\n  var _state = _states[algorithm];\n  var _h = null;\n\n  // input buffer\n  var _input = forge.util.createBuffer();\n\n  // used for 64-bit word storage\n  var _w = new Array(80);\n  for(var wi = 0; wi < 80; ++wi) {\n    _w[wi] = new Array(2);\n  }\n\n  // determine digest length by algorithm name (default)\n  var digestLength = 64;\n  switch(algorithm) {\n    case 'SHA-384':\n      digestLength = 48;\n      break;\n    case 'SHA-512/256':\n      digestLength = 32;\n      break;\n    case 'SHA-512/224':\n      digestLength = 28;\n      break;\n  }\n\n  // message digest object\n  var md = {\n    // SHA-512 => sha512\n    algorithm: algorithm.replace('-', '').toLowerCase(),\n    blockLength: 128,\n    digestLength: digestLength,\n    // 56-bit length of message so far (does not including padding)\n    messageLength: 0,\n    // true message length\n    fullMessageLength: null,\n    // size of message length in bytes\n    messageLengthSize: 16\n  };\n\n  /**\n   * Starts the digest.\n   *\n   * @return this digest object.\n   */\n  md.start = function() {\n    // up to 56-bit message length for convenience\n    md.messageLength = 0;\n\n    // full message length (set md.messageLength128 for backwards-compatibility)\n    md.fullMessageLength = md.messageLength128 = [];\n    var int32s = md.messageLengthSize / 4;\n    for(var i = 0; i < int32s; ++i) {\n      md.fullMessageLength.push(0);\n    }\n    _input = forge.util.createBuffer();\n    _h = new Array(_state.length);\n    for(var i = 0; i < _state.length; ++i) {\n      _h[i] = _state[i].slice(0);\n    }\n    return md;\n  };\n  // start digest automatically for first time\n  md.start();\n\n  /**\n   * Updates the digest with the given message input. The given input can\n   * treated as raw input (no encoding will be applied) or an encoding of\n   * 'utf8' maybe given to encode the input using UTF-8.\n   *\n   * @param msg the message input to update with.\n   * @param encoding the encoding to use (default: 'raw', other: 'utf8').\n   *\n   * @return this digest object.\n   */\n  md.update = function(msg, encoding) {\n    if(encoding === 'utf8') {\n      msg = forge.util.encodeUtf8(msg);\n    }\n\n    // update message length\n    var len = msg.length;\n    md.messageLength += len;\n    len = [(len / 0x100000000) >>> 0, len >>> 0];\n    for(var i = md.fullMessageLength.length - 1; i >= 0; --i) {\n      md.fullMessageLength[i] += len[1];\n      len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0);\n      md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0;\n      len[0] = ((len[1] / 0x100000000) >>> 0);\n    }\n\n    // add bytes to input buffer\n    _input.putBytes(msg);\n\n    // process bytes\n    _update(_h, _w, _input);\n\n    // compact input buffer every 2K or if empty\n    if(_input.read > 2048 || _input.length() === 0) {\n      _input.compact();\n    }\n\n    return md;\n  };\n\n  /**\n   * Produces the digest.\n   *\n   * @return a byte buffer containing the digest value.\n   */\n  md.digest = function() {\n    /* Note: Here we copy the remaining bytes in the input buffer and\n    add the appropriate SHA-512 padding. Then we do the final update\n    on a copy of the state so that if the user wants to get\n    intermediate digests they can do so. */\n\n    /* Determine the number of bytes that must be added to the message\n    to ensure its length is congruent to 896 mod 1024. In other words,\n    the data to be digested must be a multiple of 1024 bits (or 128 bytes).\n    This data includes the message, some padding, and the length of the\n    message. Since the length of the message will be encoded as 16 bytes (128\n    bits), that means that the last segment of the data must have 112 bytes\n    (896 bits) of message and padding. Therefore, the length of the message\n    plus the padding must be congruent to 896 mod 1024 because\n    1024 - 128 = 896.\n\n    In order to fill up the message length it must be filled with\n    padding that begins with 1 bit followed by all 0 bits. Padding\n    must *always* be present, so if the message length is already\n    congruent to 896 mod 1024, then 1024 padding bits must be added. */\n\n    var finalBlock = forge.util.createBuffer();\n    finalBlock.putBytes(_input.bytes());\n\n    // compute remaining size to be digested (include message length size)\n    var remaining = (\n      md.fullMessageLength[md.fullMessageLength.length - 1] +\n      md.messageLengthSize);\n\n    // add padding for overflow blockSize - overflow\n    // _padding starts with 1 byte with first bit is set (byte value 128), then\n    // there may be up to (blockSize - 1) other pad bytes\n    var overflow = remaining & (md.blockLength - 1);\n    finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow));\n\n    // serialize message length in bits in big-endian order; since length\n    // is stored in bytes we multiply by 8 and add carry from next int\n    var next, carry;\n    var bits = md.fullMessageLength[0] * 8;\n    for(var i = 0; i < md.fullMessageLength.length - 1; ++i) {\n      next = md.fullMessageLength[i + 1] * 8;\n      carry = (next / 0x100000000) >>> 0;\n      bits += carry;\n      finalBlock.putInt32(bits >>> 0);\n      bits = next >>> 0;\n    }\n    finalBlock.putInt32(bits);\n\n    var h = new Array(_h.length);\n    for(var i = 0; i < _h.length; ++i) {\n      h[i] = _h[i].slice(0);\n    }\n    _update(h, _w, finalBlock);\n    var rval = forge.util.createBuffer();\n    var hlen;\n    if(algorithm === 'SHA-512') {\n      hlen = h.length;\n    } else if(algorithm === 'SHA-384') {\n      hlen = h.length - 2;\n    } else {\n      hlen = h.length - 4;\n    }\n    for(var i = 0; i < hlen; ++i) {\n      rval.putInt32(h[i][0]);\n      if(i !== hlen - 1 || algorithm !== 'SHA-512/224') {\n        rval.putInt32(h[i][1]);\n      }\n    }\n    return rval;\n  };\n\n  return md;\n};\n\n// sha-512 padding bytes not initialized yet\nvar _padding = null;\nvar _initialized = false;\n\n// table of constants\nvar _k = null;\n\n// initial hash states\nvar _states = null;\n\n/**\n * Initializes the constant tables.\n */\nfunction _init() {\n  // create padding\n  _padding = String.fromCharCode(128);\n  _padding += forge.util.fillString(String.fromCharCode(0x00), 128);\n\n  // create K table for SHA-512\n  _k = [\n    [0x428a2f98, 0xd728ae22], [0x71374491, 0x23ef65cd],\n    [0xb5c0fbcf, 0xec4d3b2f], [0xe9b5dba5, 0x8189dbbc],\n    [0x3956c25b, 0xf348b538], [0x59f111f1, 0xb605d019],\n    [0x923f82a4, 0xaf194f9b], [0xab1c5ed5, 0xda6d8118],\n    [0xd807aa98, 0xa3030242], [0x12835b01, 0x45706fbe],\n    [0x243185be, 0x4ee4b28c], [0x550c7dc3, 0xd5ffb4e2],\n    [0x72be5d74, 0xf27b896f], [0x80deb1fe, 0x3b1696b1],\n    [0x9bdc06a7, 0x25c71235], [0xc19bf174, 0xcf692694],\n    [0xe49b69c1, 0x9ef14ad2], [0xefbe4786, 0x384f25e3],\n    [0x0fc19dc6, 0x8b8cd5b5], [0x240ca1cc, 0x77ac9c65],\n    [0x2de92c6f, 0x592b0275], [0x4a7484aa, 0x6ea6e483],\n    [0x5cb0a9dc, 0xbd41fbd4], [0x76f988da, 0x831153b5],\n    [0x983e5152, 0xee66dfab], [0xa831c66d, 0x2db43210],\n    [0xb00327c8, 0x98fb213f], [0xbf597fc7, 0xbeef0ee4],\n    [0xc6e00bf3, 0x3da88fc2], [0xd5a79147, 0x930aa725],\n    [0x06ca6351, 0xe003826f], [0x14292967, 0x0a0e6e70],\n    [0x27b70a85, 0x46d22ffc], [0x2e1b2138, 0x5c26c926],\n    [0x4d2c6dfc, 0x5ac42aed], [0x53380d13, 0x9d95b3df],\n    [0x650a7354, 0x8baf63de], [0x766a0abb, 0x3c77b2a8],\n    [0x81c2c92e, 0x47edaee6], [0x92722c85, 0x1482353b],\n    [0xa2bfe8a1, 0x4cf10364], [0xa81a664b, 0xbc423001],\n    [0xc24b8b70, 0xd0f89791], [0xc76c51a3, 0x0654be30],\n    [0xd192e819, 0xd6ef5218], [0xd6990624, 0x5565a910],\n    [0xf40e3585, 0x5771202a], [0x106aa070, 0x32bbd1b8],\n    [0x19a4c116, 0xb8d2d0c8], [0x1e376c08, 0x5141ab53],\n    [0x2748774c, 0xdf8eeb99], [0x34b0bcb5, 0xe19b48a8],\n    [0x391c0cb3, 0xc5c95a63], [0x4ed8aa4a, 0xe3418acb],\n    [0x5b9cca4f, 0x7763e373], [0x682e6ff3, 0xd6b2b8a3],\n    [0x748f82ee, 0x5defb2fc], [0x78a5636f, 0x43172f60],\n    [0x84c87814, 0xa1f0ab72], [0x8cc70208, 0x1a6439ec],\n    [0x90befffa, 0x23631e28], [0xa4506ceb, 0xde82bde9],\n    [0xbef9a3f7, 0xb2c67915], [0xc67178f2, 0xe372532b],\n    [0xca273ece, 0xea26619c], [0xd186b8c7, 0x21c0c207],\n    [0xeada7dd6, 0xcde0eb1e], [0xf57d4f7f, 0xee6ed178],\n    [0x06f067aa, 0x72176fba], [0x0a637dc5, 0xa2c898a6],\n    [0x113f9804, 0xbef90dae], [0x1b710b35, 0x131c471b],\n    [0x28db77f5, 0x23047d84], [0x32caab7b, 0x40c72493],\n    [0x3c9ebe0a, 0x15c9bebc], [0x431d67c4, 0x9c100d4c],\n    [0x4cc5d4be, 0xcb3e42b6], [0x597f299c, 0xfc657e2a],\n    [0x5fcb6fab, 0x3ad6faec], [0x6c44198c, 0x4a475817]\n  ];\n\n  // initial hash states\n  _states = {};\n  _states['SHA-512'] = [\n    [0x6a09e667, 0xf3bcc908],\n    [0xbb67ae85, 0x84caa73b],\n    [0x3c6ef372, 0xfe94f82b],\n    [0xa54ff53a, 0x5f1d36f1],\n    [0x510e527f, 0xade682d1],\n    [0x9b05688c, 0x2b3e6c1f],\n    [0x1f83d9ab, 0xfb41bd6b],\n    [0x5be0cd19, 0x137e2179]\n  ];\n  _states['SHA-384'] = [\n    [0xcbbb9d5d, 0xc1059ed8],\n    [0x629a292a, 0x367cd507],\n    [0x9159015a, 0x3070dd17],\n    [0x152fecd8, 0xf70e5939],\n    [0x67332667, 0xffc00b31],\n    [0x8eb44a87, 0x68581511],\n    [0xdb0c2e0d, 0x64f98fa7],\n    [0x47b5481d, 0xbefa4fa4]\n  ];\n  _states['SHA-512/256'] = [\n    [0x22312194, 0xFC2BF72C],\n    [0x9F555FA3, 0xC84C64C2],\n    [0x2393B86B, 0x6F53B151],\n    [0x96387719, 0x5940EABD],\n    [0x96283EE2, 0xA88EFFE3],\n    [0xBE5E1E25, 0x53863992],\n    [0x2B0199FC, 0x2C85B8AA],\n    [0x0EB72DDC, 0x81C52CA2]\n  ];\n  _states['SHA-512/224'] = [\n    [0x8C3D37C8, 0x19544DA2],\n    [0x73E19966, 0x89DCD4D6],\n    [0x1DFAB7AE, 0x32FF9C82],\n    [0x679DD514, 0x582F9FCF],\n    [0x0F6D2B69, 0x7BD44DA8],\n    [0x77E36F73, 0x04C48942],\n    [0x3F9D85A8, 0x6A1D36C8],\n    [0x1112E6AD, 0x91D692A1]\n  ];\n\n  // now initialized\n  _initialized = true;\n}\n\n/**\n * Updates a SHA-512 state with the given byte buffer.\n *\n * @param s the SHA-512 state to update.\n * @param w the array to use to store words.\n * @param bytes the byte buffer to update with.\n */\nfunction _update(s, w, bytes) {\n  // consume 512 bit (128 byte) chunks\n  var t1_hi, t1_lo;\n  var t2_hi, t2_lo;\n  var s0_hi, s0_lo;\n  var s1_hi, s1_lo;\n  var ch_hi, ch_lo;\n  var maj_hi, maj_lo;\n  var a_hi, a_lo;\n  var b_hi, b_lo;\n  var c_hi, c_lo;\n  var d_hi, d_lo;\n  var e_hi, e_lo;\n  var f_hi, f_lo;\n  var g_hi, g_lo;\n  var h_hi, h_lo;\n  var i, hi, lo, w2, w7, w15, w16;\n  var len = bytes.length();\n  while(len >= 128) {\n    // the w array will be populated with sixteen 64-bit big-endian words\n    // and then extended into 64 64-bit words according to SHA-512\n    for(i = 0; i < 16; ++i) {\n      w[i][0] = bytes.getInt32() >>> 0;\n      w[i][1] = bytes.getInt32() >>> 0;\n    }\n    for(; i < 80; ++i) {\n      // for word 2 words ago: ROTR 19(x) ^ ROTR 61(x) ^ SHR 6(x)\n      w2 = w[i - 2];\n      hi = w2[0];\n      lo = w2[1];\n\n      // high bits\n      t1_hi = (\n        ((hi >>> 19) | (lo << 13)) ^ // ROTR 19\n        ((lo >>> 29) | (hi << 3)) ^ // ROTR 61/(swap + ROTR 29)\n        (hi >>> 6)) >>> 0; // SHR 6\n      // low bits\n      t1_lo = (\n        ((hi << 13) | (lo >>> 19)) ^ // ROTR 19\n        ((lo << 3) | (hi >>> 29)) ^ // ROTR 61/(swap + ROTR 29)\n        ((hi << 26) | (lo >>> 6))) >>> 0; // SHR 6\n\n      // for word 15 words ago: ROTR 1(x) ^ ROTR 8(x) ^ SHR 7(x)\n      w15 = w[i - 15];\n      hi = w15[0];\n      lo = w15[1];\n\n      // high bits\n      t2_hi = (\n        ((hi >>> 1) | (lo << 31)) ^ // ROTR 1\n        ((hi >>> 8) | (lo << 24)) ^ // ROTR 8\n        (hi >>> 7)) >>> 0; // SHR 7\n      // low bits\n      t2_lo = (\n        ((hi << 31) | (lo >>> 1)) ^ // ROTR 1\n        ((hi << 24) | (lo >>> 8)) ^ // ROTR 8\n        ((hi << 25) | (lo >>> 7))) >>> 0; // SHR 7\n\n      // sum(t1, word 7 ago, t2, word 16 ago) modulo 2^64 (carry lo overflow)\n      w7 = w[i - 7];\n      w16 = w[i - 16];\n      lo = (t1_lo + w7[1] + t2_lo + w16[1]);\n      w[i][0] = (t1_hi + w7[0] + t2_hi + w16[0] +\n        ((lo / 0x100000000) >>> 0)) >>> 0;\n      w[i][1] = lo >>> 0;\n    }\n\n    // initialize hash value for this chunk\n    a_hi = s[0][0];\n    a_lo = s[0][1];\n    b_hi = s[1][0];\n    b_lo = s[1][1];\n    c_hi = s[2][0];\n    c_lo = s[2][1];\n    d_hi = s[3][0];\n    d_lo = s[3][1];\n    e_hi = s[4][0];\n    e_lo = s[4][1];\n    f_hi = s[5][0];\n    f_lo = s[5][1];\n    g_hi = s[6][0];\n    g_lo = s[6][1];\n    h_hi = s[7][0];\n    h_lo = s[7][1];\n\n    // round function\n    for(i = 0; i < 80; ++i) {\n      // Sum1(e) = ROTR 14(e) ^ ROTR 18(e) ^ ROTR 41(e)\n      s1_hi = (\n        ((e_hi >>> 14) | (e_lo << 18)) ^ // ROTR 14\n        ((e_hi >>> 18) | (e_lo << 14)) ^ // ROTR 18\n        ((e_lo >>> 9) | (e_hi << 23))) >>> 0; // ROTR 41/(swap + ROTR 9)\n      s1_lo = (\n        ((e_hi << 18) | (e_lo >>> 14)) ^ // ROTR 14\n        ((e_hi << 14) | (e_lo >>> 18)) ^ // ROTR 18\n        ((e_lo << 23) | (e_hi >>> 9))) >>> 0; // ROTR 41/(swap + ROTR 9)\n\n      // Ch(e, f, g) (optimized the same way as SHA-1)\n      ch_hi = (g_hi ^ (e_hi & (f_hi ^ g_hi))) >>> 0;\n      ch_lo = (g_lo ^ (e_lo & (f_lo ^ g_lo))) >>> 0;\n\n      // Sum0(a) = ROTR 28(a) ^ ROTR 34(a) ^ ROTR 39(a)\n      s0_hi = (\n        ((a_hi >>> 28) | (a_lo << 4)) ^ // ROTR 28\n        ((a_lo >>> 2) | (a_hi << 30)) ^ // ROTR 34/(swap + ROTR 2)\n        ((a_lo >>> 7) | (a_hi << 25))) >>> 0; // ROTR 39/(swap + ROTR 7)\n      s0_lo = (\n        ((a_hi << 4) | (a_lo >>> 28)) ^ // ROTR 28\n        ((a_lo << 30) | (a_hi >>> 2)) ^ // ROTR 34/(swap + ROTR 2)\n        ((a_lo << 25) | (a_hi >>> 7))) >>> 0; // ROTR 39/(swap + ROTR 7)\n\n      // Maj(a, b, c) (optimized the same way as SHA-1)\n      maj_hi = ((a_hi & b_hi) | (c_hi & (a_hi ^ b_hi))) >>> 0;\n      maj_lo = ((a_lo & b_lo) | (c_lo & (a_lo ^ b_lo))) >>> 0;\n\n      // main algorithm\n      // t1 = (h + s1 + ch + _k[i] + _w[i]) modulo 2^64 (carry lo overflow)\n      lo = (h_lo + s1_lo + ch_lo + _k[i][1] + w[i][1]);\n      t1_hi = (h_hi + s1_hi + ch_hi + _k[i][0] + w[i][0] +\n        ((lo / 0x100000000) >>> 0)) >>> 0;\n      t1_lo = lo >>> 0;\n\n      // t2 = s0 + maj modulo 2^64 (carry lo overflow)\n      lo = s0_lo + maj_lo;\n      t2_hi = (s0_hi + maj_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n      t2_lo = lo >>> 0;\n\n      h_hi = g_hi;\n      h_lo = g_lo;\n\n      g_hi = f_hi;\n      g_lo = f_lo;\n\n      f_hi = e_hi;\n      f_lo = e_lo;\n\n      // e = (d + t1) modulo 2^64 (carry lo overflow)\n      lo = d_lo + t1_lo;\n      e_hi = (d_hi + t1_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n      e_lo = lo >>> 0;\n\n      d_hi = c_hi;\n      d_lo = c_lo;\n\n      c_hi = b_hi;\n      c_lo = b_lo;\n\n      b_hi = a_hi;\n      b_lo = a_lo;\n\n      // a = (t1 + t2) modulo 2^64 (carry lo overflow)\n      lo = t1_lo + t2_lo;\n      a_hi = (t1_hi + t2_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n      a_lo = lo >>> 0;\n    }\n\n    // update hash state (additional modulo 2^64)\n    lo = s[0][1] + a_lo;\n    s[0][0] = (s[0][0] + a_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n    s[0][1] = lo >>> 0;\n\n    lo = s[1][1] + b_lo;\n    s[1][0] = (s[1][0] + b_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n    s[1][1] = lo >>> 0;\n\n    lo = s[2][1] + c_lo;\n    s[2][0] = (s[2][0] + c_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n    s[2][1] = lo >>> 0;\n\n    lo = s[3][1] + d_lo;\n    s[3][0] = (s[3][0] + d_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n    s[3][1] = lo >>> 0;\n\n    lo = s[4][1] + e_lo;\n    s[4][0] = (s[4][0] + e_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n    s[4][1] = lo >>> 0;\n\n    lo = s[5][1] + f_lo;\n    s[5][0] = (s[5][0] + f_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n    s[5][1] = lo >>> 0;\n\n    lo = s[6][1] + g_lo;\n    s[6][0] = (s[6][0] + g_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n    s[6][1] = lo >>> 0;\n\n    lo = s[7][1] + h_lo;\n    s[7][0] = (s[7][0] + h_hi + ((lo / 0x100000000) >>> 0)) >>> 0;\n    s[7][1] = lo >>> 0;\n\n    len -= 128;\n  }\n}\n","/**\n * Utility functions for web applications.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2018 Digital Bazaar, Inc.\n */\nvar forge = require('./forge');\nvar baseN = require('./baseN');\n\n/* Utilities API */\nvar util = module.exports = forge.util = forge.util || {};\n\n// define setImmediate and nextTick\n(function() {\n  // use native nextTick (unless we're in webpack)\n  // webpack (or better node-libs-browser polyfill) sets process.browser.\n  // this way we can detect webpack properly\n  if(typeof process !== 'undefined' && process.nextTick && !process.browser) {\n    util.nextTick = process.nextTick;\n    if(typeof setImmediate === 'function') {\n      util.setImmediate = setImmediate;\n    } else {\n      // polyfill setImmediate with nextTick, older versions of node\n      // (those w/o setImmediate) won't totally starve IO\n      util.setImmediate = util.nextTick;\n    }\n    return;\n  }\n\n  // polyfill nextTick with native setImmediate\n  if(typeof setImmediate === 'function') {\n    util.setImmediate = function() { return setImmediate.apply(undefined, arguments); };\n    util.nextTick = function(callback) {\n      return setImmediate(callback);\n    };\n    return;\n  }\n\n  /* Note: A polyfill upgrade pattern is used here to allow combining\n  polyfills. For example, MutationObserver is fast, but blocks UI updates,\n  so it needs to allow UI updates periodically, so it falls back on\n  postMessage or setTimeout. */\n\n  // polyfill with setTimeout\n  util.setImmediate = function(callback) {\n    setTimeout(callback, 0);\n  };\n\n  // upgrade polyfill to use postMessage\n  if(typeof window !== 'undefined' &&\n    typeof window.postMessage === 'function') {\n    var msg = 'forge.setImmediate';\n    var callbacks = [];\n    util.setImmediate = function(callback) {\n      callbacks.push(callback);\n      // only send message when one hasn't been sent in\n      // the current turn of the event loop\n      if(callbacks.length === 1) {\n        window.postMessage(msg, '*');\n      }\n    };\n    function handler(event) {\n      if(event.source === window && event.data === msg) {\n        event.stopPropagation();\n        var copy = callbacks.slice();\n        callbacks.length = 0;\n        copy.forEach(function(callback) {\n          callback();\n        });\n      }\n    }\n    window.addEventListener('message', handler, true);\n  }\n\n  // upgrade polyfill to use MutationObserver\n  if(typeof MutationObserver !== 'undefined') {\n    // polyfill with MutationObserver\n    var now = Date.now();\n    var attr = true;\n    var div = document.createElement('div');\n    var callbacks = [];\n    new MutationObserver(function() {\n      var copy = callbacks.slice();\n      callbacks.length = 0;\n      copy.forEach(function(callback) {\n        callback();\n      });\n    }).observe(div, {attributes: true});\n    var oldSetImmediate = util.setImmediate;\n    util.setImmediate = function(callback) {\n      if(Date.now() - now > 15) {\n        now = Date.now();\n        oldSetImmediate(callback);\n      } else {\n        callbacks.push(callback);\n        // only trigger observer when it hasn't been triggered in\n        // the current turn of the event loop\n        if(callbacks.length === 1) {\n          div.setAttribute('a', attr = !attr);\n        }\n      }\n    };\n  }\n\n  util.nextTick = util.setImmediate;\n})();\n\n// check if running under Node.js\nutil.isNodejs =\n  typeof process !== 'undefined' && process.versions && process.versions.node;\n\n\n// 'self' will also work in Web Workers (instance of WorkerGlobalScope) while\n// it will point to `window` in the main thread.\n// To remain compatible with older browsers, we fall back to 'window' if 'self'\n// is not available.\nutil.globalScope = (function() {\n  if(util.isNodejs) {\n    return global;\n  }\n\n  return typeof self === 'undefined' ? window : self;\n})();\n\n// define isArray\nutil.isArray = Array.isArray || function(x) {\n  return Object.prototype.toString.call(x) === '[object Array]';\n};\n\n// define isArrayBuffer\nutil.isArrayBuffer = function(x) {\n  return typeof ArrayBuffer !== 'undefined' && x instanceof ArrayBuffer;\n};\n\n// define isArrayBufferView\nutil.isArrayBufferView = function(x) {\n  return x && util.isArrayBuffer(x.buffer) && x.byteLength !== undefined;\n};\n\n/**\n * Ensure a bits param is 8, 16, 24, or 32. Used to validate input for\n * algorithms where bit manipulation, JavaScript limitations, and/or algorithm\n * design only allow for byte operations of a limited size.\n *\n * @param n number of bits.\n *\n * Throw Error if n invalid.\n */\nfunction _checkBitsParam(n) {\n  if(!(n === 8 || n === 16 || n === 24 || n === 32)) {\n    throw new Error('Only 8, 16, 24, or 32 bits supported: ' + n);\n  }\n}\n\n// TODO: set ByteBuffer to best available backing\nutil.ByteBuffer = ByteStringBuffer;\n\n/** Buffer w/BinaryString backing */\n\n/**\n * Constructor for a binary string backed byte buffer.\n *\n * @param [b] the bytes to wrap (either encoded as string, one byte per\n *          character, or as an ArrayBuffer or Typed Array).\n */\nfunction ByteStringBuffer(b) {\n  // TODO: update to match DataBuffer API\n\n  // the data in this buffer\n  this.data = '';\n  // the pointer for reading from this buffer\n  this.read = 0;\n\n  if(typeof b === 'string') {\n    this.data = b;\n  } else if(util.isArrayBuffer(b) || util.isArrayBufferView(b)) {\n    if(typeof Buffer !== 'undefined' && b instanceof Buffer) {\n      this.data = b.toString('binary');\n    } else {\n      // convert native buffer to forge buffer\n      // FIXME: support native buffers internally instead\n      var arr = new Uint8Array(b);\n      try {\n        this.data = String.fromCharCode.apply(null, arr);\n      } catch(e) {\n        for(var i = 0; i < arr.length; ++i) {\n          this.putByte(arr[i]);\n        }\n      }\n    }\n  } else if(b instanceof ByteStringBuffer ||\n    (typeof b === 'object' && typeof b.data === 'string' &&\n    typeof b.read === 'number')) {\n    // copy existing buffer\n    this.data = b.data;\n    this.read = b.read;\n  }\n\n  // used for v8 optimization\n  this._constructedStringLength = 0;\n}\nutil.ByteStringBuffer = ByteStringBuffer;\n\n/* Note: This is an optimization for V8-based browsers. When V8 concatenates\n  a string, the strings are only joined logically using a \"cons string\" or\n  \"constructed/concatenated string\". These containers keep references to one\n  another and can result in very large memory usage. For example, if a 2MB\n  string is constructed by concatenating 4 bytes together at a time, the\n  memory usage will be ~44MB; so ~22x increase. The strings are only joined\n  together when an operation requiring their joining takes place, such as\n  substr(). This function is called when adding data to this buffer to ensure\n  these types of strings are periodically joined to reduce the memory\n  footprint. */\nvar _MAX_CONSTRUCTED_STRING_LENGTH = 4096;\nutil.ByteStringBuffer.prototype._optimizeConstructedString = function(x) {\n  this._constructedStringLength += x;\n  if(this._constructedStringLength > _MAX_CONSTRUCTED_STRING_LENGTH) {\n    // this substr() should cause the constructed string to join\n    this.data.substr(0, 1);\n    this._constructedStringLength = 0;\n  }\n};\n\n/**\n * Gets the number of bytes in this buffer.\n *\n * @return the number of bytes in this buffer.\n */\nutil.ByteStringBuffer.prototype.length = function() {\n  return this.data.length - this.read;\n};\n\n/**\n * Gets whether or not this buffer is empty.\n *\n * @return true if this buffer is empty, false if not.\n */\nutil.ByteStringBuffer.prototype.isEmpty = function() {\n  return this.length() <= 0;\n};\n\n/**\n * Puts a byte in this buffer.\n *\n * @param b the byte to put.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putByte = function(b) {\n  return this.putBytes(String.fromCharCode(b));\n};\n\n/**\n * Puts a byte in this buffer N times.\n *\n * @param b the byte to put.\n * @param n the number of bytes of value b to put.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.fillWithByte = function(b, n) {\n  b = String.fromCharCode(b);\n  var d = this.data;\n  while(n > 0) {\n    if(n & 1) {\n      d += b;\n    }\n    n >>>= 1;\n    if(n > 0) {\n      b += b;\n    }\n  }\n  this.data = d;\n  this._optimizeConstructedString(n);\n  return this;\n};\n\n/**\n * Puts bytes in this buffer.\n *\n * @param bytes the bytes (as a binary encoded string) to put.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putBytes = function(bytes) {\n  this.data += bytes;\n  this._optimizeConstructedString(bytes.length);\n  return this;\n};\n\n/**\n * Puts a UTF-16 encoded string into this buffer.\n *\n * @param str the string to put.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putString = function(str) {\n  return this.putBytes(util.encodeUtf8(str));\n};\n\n/**\n * Puts a 16-bit integer in this buffer in big-endian order.\n *\n * @param i the 16-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt16 = function(i) {\n  return this.putBytes(\n    String.fromCharCode(i >> 8 & 0xFF) +\n    String.fromCharCode(i & 0xFF));\n};\n\n/**\n * Puts a 24-bit integer in this buffer in big-endian order.\n *\n * @param i the 24-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt24 = function(i) {\n  return this.putBytes(\n    String.fromCharCode(i >> 16 & 0xFF) +\n    String.fromCharCode(i >> 8 & 0xFF) +\n    String.fromCharCode(i & 0xFF));\n};\n\n/**\n * Puts a 32-bit integer in this buffer in big-endian order.\n *\n * @param i the 32-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt32 = function(i) {\n  return this.putBytes(\n    String.fromCharCode(i >> 24 & 0xFF) +\n    String.fromCharCode(i >> 16 & 0xFF) +\n    String.fromCharCode(i >> 8 & 0xFF) +\n    String.fromCharCode(i & 0xFF));\n};\n\n/**\n * Puts a 16-bit integer in this buffer in little-endian order.\n *\n * @param i the 16-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt16Le = function(i) {\n  return this.putBytes(\n    String.fromCharCode(i & 0xFF) +\n    String.fromCharCode(i >> 8 & 0xFF));\n};\n\n/**\n * Puts a 24-bit integer in this buffer in little-endian order.\n *\n * @param i the 24-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt24Le = function(i) {\n  return this.putBytes(\n    String.fromCharCode(i & 0xFF) +\n    String.fromCharCode(i >> 8 & 0xFF) +\n    String.fromCharCode(i >> 16 & 0xFF));\n};\n\n/**\n * Puts a 32-bit integer in this buffer in little-endian order.\n *\n * @param i the 32-bit integer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt32Le = function(i) {\n  return this.putBytes(\n    String.fromCharCode(i & 0xFF) +\n    String.fromCharCode(i >> 8 & 0xFF) +\n    String.fromCharCode(i >> 16 & 0xFF) +\n    String.fromCharCode(i >> 24 & 0xFF));\n};\n\n/**\n * Puts an n-bit integer in this buffer in big-endian order.\n *\n * @param i the n-bit integer.\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putInt = function(i, n) {\n  _checkBitsParam(n);\n  var bytes = '';\n  do {\n    n -= 8;\n    bytes += String.fromCharCode((i >> n) & 0xFF);\n  } while(n > 0);\n  return this.putBytes(bytes);\n};\n\n/**\n * Puts a signed n-bit integer in this buffer in big-endian order. Two's\n * complement representation is used.\n *\n * @param i the n-bit integer.\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putSignedInt = function(i, n) {\n  // putInt checks n\n  if(i < 0) {\n    i += 2 << (n - 1);\n  }\n  return this.putInt(i, n);\n};\n\n/**\n * Puts the given buffer into this buffer.\n *\n * @param buffer the buffer to put into this one.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.putBuffer = function(buffer) {\n  return this.putBytes(buffer.getBytes());\n};\n\n/**\n * Gets a byte from this buffer and advances the read pointer by 1.\n *\n * @return the byte.\n */\nutil.ByteStringBuffer.prototype.getByte = function() {\n  return this.data.charCodeAt(this.read++);\n};\n\n/**\n * Gets a uint16 from this buffer in big-endian order and advances the read\n * pointer by 2.\n *\n * @return the uint16.\n */\nutil.ByteStringBuffer.prototype.getInt16 = function() {\n  var rval = (\n    this.data.charCodeAt(this.read) << 8 ^\n    this.data.charCodeAt(this.read + 1));\n  this.read += 2;\n  return rval;\n};\n\n/**\n * Gets a uint24 from this buffer in big-endian order and advances the read\n * pointer by 3.\n *\n * @return the uint24.\n */\nutil.ByteStringBuffer.prototype.getInt24 = function() {\n  var rval = (\n    this.data.charCodeAt(this.read) << 16 ^\n    this.data.charCodeAt(this.read + 1) << 8 ^\n    this.data.charCodeAt(this.read + 2));\n  this.read += 3;\n  return rval;\n};\n\n/**\n * Gets a uint32 from this buffer in big-endian order and advances the read\n * pointer by 4.\n *\n * @return the word.\n */\nutil.ByteStringBuffer.prototype.getInt32 = function() {\n  var rval = (\n    this.data.charCodeAt(this.read) << 24 ^\n    this.data.charCodeAt(this.read + 1) << 16 ^\n    this.data.charCodeAt(this.read + 2) << 8 ^\n    this.data.charCodeAt(this.read + 3));\n  this.read += 4;\n  return rval;\n};\n\n/**\n * Gets a uint16 from this buffer in little-endian order and advances the read\n * pointer by 2.\n *\n * @return the uint16.\n */\nutil.ByteStringBuffer.prototype.getInt16Le = function() {\n  var rval = (\n    this.data.charCodeAt(this.read) ^\n    this.data.charCodeAt(this.read + 1) << 8);\n  this.read += 2;\n  return rval;\n};\n\n/**\n * Gets a uint24 from this buffer in little-endian order and advances the read\n * pointer by 3.\n *\n * @return the uint24.\n */\nutil.ByteStringBuffer.prototype.getInt24Le = function() {\n  var rval = (\n    this.data.charCodeAt(this.read) ^\n    this.data.charCodeAt(this.read + 1) << 8 ^\n    this.data.charCodeAt(this.read + 2) << 16);\n  this.read += 3;\n  return rval;\n};\n\n/**\n * Gets a uint32 from this buffer in little-endian order and advances the read\n * pointer by 4.\n *\n * @return the word.\n */\nutil.ByteStringBuffer.prototype.getInt32Le = function() {\n  var rval = (\n    this.data.charCodeAt(this.read) ^\n    this.data.charCodeAt(this.read + 1) << 8 ^\n    this.data.charCodeAt(this.read + 2) << 16 ^\n    this.data.charCodeAt(this.read + 3) << 24);\n  this.read += 4;\n  return rval;\n};\n\n/**\n * Gets an n-bit integer from this buffer in big-endian order and advances the\n * read pointer by ceil(n/8).\n *\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return the integer.\n */\nutil.ByteStringBuffer.prototype.getInt = function(n) {\n  _checkBitsParam(n);\n  var rval = 0;\n  do {\n    // TODO: Use (rval * 0x100) if adding support for 33 to 53 bits.\n    rval = (rval << 8) + this.data.charCodeAt(this.read++);\n    n -= 8;\n  } while(n > 0);\n  return rval;\n};\n\n/**\n * Gets a signed n-bit integer from this buffer in big-endian order, using\n * two's complement, and advances the read pointer by n/8.\n *\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return the integer.\n */\nutil.ByteStringBuffer.prototype.getSignedInt = function(n) {\n  // getInt checks n\n  var x = this.getInt(n);\n  var max = 2 << (n - 2);\n  if(x >= max) {\n    x -= max << 1;\n  }\n  return x;\n};\n\n/**\n * Reads bytes out as a binary encoded string and clears them from the\n * buffer. Note that the resulting string is binary encoded (in node.js this\n * encoding is referred to as `binary`, it is *not* `utf8`).\n *\n * @param count the number of bytes to read, undefined or null for all.\n *\n * @return a binary encoded string of bytes.\n */\nutil.ByteStringBuffer.prototype.getBytes = function(count) {\n  var rval;\n  if(count) {\n    // read count bytes\n    count = Math.min(this.length(), count);\n    rval = this.data.slice(this.read, this.read + count);\n    this.read += count;\n  } else if(count === 0) {\n    rval = '';\n  } else {\n    // read all bytes, optimize to only copy when needed\n    rval = (this.read === 0) ? this.data : this.data.slice(this.read);\n    this.clear();\n  }\n  return rval;\n};\n\n/**\n * Gets a binary encoded string of the bytes from this buffer without\n * modifying the read pointer.\n *\n * @param count the number of bytes to get, omit to get all.\n *\n * @return a string full of binary encoded characters.\n */\nutil.ByteStringBuffer.prototype.bytes = function(count) {\n  return (typeof(count) === 'undefined' ?\n    this.data.slice(this.read) :\n    this.data.slice(this.read, this.read + count));\n};\n\n/**\n * Gets a byte at the given index without modifying the read pointer.\n *\n * @param i the byte index.\n *\n * @return the byte.\n */\nutil.ByteStringBuffer.prototype.at = function(i) {\n  return this.data.charCodeAt(this.read + i);\n};\n\n/**\n * Puts a byte at the given index without modifying the read pointer.\n *\n * @param i the byte index.\n * @param b the byte to put.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.setAt = function(i, b) {\n  this.data = this.data.substr(0, this.read + i) +\n    String.fromCharCode(b) +\n    this.data.substr(this.read + i + 1);\n  return this;\n};\n\n/**\n * Gets the last byte without modifying the read pointer.\n *\n * @return the last byte.\n */\nutil.ByteStringBuffer.prototype.last = function() {\n  return this.data.charCodeAt(this.data.length - 1);\n};\n\n/**\n * Creates a copy of this buffer.\n *\n * @return the copy.\n */\nutil.ByteStringBuffer.prototype.copy = function() {\n  var c = util.createBuffer(this.data);\n  c.read = this.read;\n  return c;\n};\n\n/**\n * Compacts this buffer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.compact = function() {\n  if(this.read > 0) {\n    this.data = this.data.slice(this.read);\n    this.read = 0;\n  }\n  return this;\n};\n\n/**\n * Clears this buffer.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.clear = function() {\n  this.data = '';\n  this.read = 0;\n  return this;\n};\n\n/**\n * Shortens this buffer by triming bytes off of the end of this buffer.\n *\n * @param count the number of bytes to trim off.\n *\n * @return this buffer.\n */\nutil.ByteStringBuffer.prototype.truncate = function(count) {\n  var len = Math.max(0, this.length() - count);\n  this.data = this.data.substr(this.read, len);\n  this.read = 0;\n  return this;\n};\n\n/**\n * Converts this buffer to a hexadecimal string.\n *\n * @return a hexadecimal string.\n */\nutil.ByteStringBuffer.prototype.toHex = function() {\n  var rval = '';\n  for(var i = this.read; i < this.data.length; ++i) {\n    var b = this.data.charCodeAt(i);\n    if(b < 16) {\n      rval += '0';\n    }\n    rval += b.toString(16);\n  }\n  return rval;\n};\n\n/**\n * Converts this buffer to a UTF-16 string (standard JavaScript string).\n *\n * @return a UTF-16 string.\n */\nutil.ByteStringBuffer.prototype.toString = function() {\n  return util.decodeUtf8(this.bytes());\n};\n\n/** End Buffer w/BinaryString backing */\n\n/** Buffer w/UInt8Array backing */\n\n/**\n * FIXME: Experimental. Do not use yet.\n *\n * Constructor for an ArrayBuffer-backed byte buffer.\n *\n * The buffer may be constructed from a string, an ArrayBuffer, DataView, or a\n * TypedArray.\n *\n * If a string is given, its encoding should be provided as an option,\n * otherwise it will default to 'binary'. A 'binary' string is encoded such\n * that each character is one byte in length and size.\n *\n * If an ArrayBuffer, DataView, or TypedArray is given, it will be used\n * *directly* without any copying. Note that, if a write to the buffer requires\n * more space, the buffer will allocate a new backing ArrayBuffer to\n * accommodate. The starting read and write offsets for the buffer may be\n * given as options.\n *\n * @param [b] the initial bytes for this buffer.\n * @param options the options to use:\n *          [readOffset] the starting read offset to use (default: 0).\n *          [writeOffset] the starting write offset to use (default: the\n *            length of the first parameter).\n *          [growSize] the minimum amount, in bytes, to grow the buffer by to\n *            accommodate writes (default: 1024).\n *          [encoding] the encoding ('binary', 'utf8', 'utf16', 'hex') for the\n *            first parameter, if it is a string (default: 'binary').\n */\nfunction DataBuffer(b, options) {\n  // default options\n  options = options || {};\n\n  // pointers for read from/write to buffer\n  this.read = options.readOffset || 0;\n  this.growSize = options.growSize || 1024;\n\n  var isArrayBuffer = util.isArrayBuffer(b);\n  var isArrayBufferView = util.isArrayBufferView(b);\n  if(isArrayBuffer || isArrayBufferView) {\n    // use ArrayBuffer directly\n    if(isArrayBuffer) {\n      this.data = new DataView(b);\n    } else {\n      // TODO: adjust read/write offset based on the type of view\n      // or specify that this must be done in the options ... that the\n      // offsets are byte-based\n      this.data = new DataView(b.buffer, b.byteOffset, b.byteLength);\n    }\n    this.write = ('writeOffset' in options ?\n      options.writeOffset : this.data.byteLength);\n    return;\n  }\n\n  // initialize to empty array buffer and add any given bytes using putBytes\n  this.data = new DataView(new ArrayBuffer(0));\n  this.write = 0;\n\n  if(b !== null && b !== undefined) {\n    this.putBytes(b);\n  }\n\n  if('writeOffset' in options) {\n    this.write = options.writeOffset;\n  }\n}\nutil.DataBuffer = DataBuffer;\n\n/**\n * Gets the number of bytes in this buffer.\n *\n * @return the number of bytes in this buffer.\n */\nutil.DataBuffer.prototype.length = function() {\n  return this.write - this.read;\n};\n\n/**\n * Gets whether or not this buffer is empty.\n *\n * @return true if this buffer is empty, false if not.\n */\nutil.DataBuffer.prototype.isEmpty = function() {\n  return this.length() <= 0;\n};\n\n/**\n * Ensures this buffer has enough empty space to accommodate the given number\n * of bytes. An optional parameter may be given that indicates a minimum\n * amount to grow the buffer if necessary. If the parameter is not given,\n * the buffer will be grown by some previously-specified default amount\n * or heuristic.\n *\n * @param amount the number of bytes to accommodate.\n * @param [growSize] the minimum amount, in bytes, to grow the buffer by if\n *          necessary.\n */\nutil.DataBuffer.prototype.accommodate = function(amount, growSize) {\n  if(this.length() >= amount) {\n    return this;\n  }\n  growSize = Math.max(growSize || this.growSize, amount);\n\n  // grow buffer\n  var src = new Uint8Array(\n    this.data.buffer, this.data.byteOffset, this.data.byteLength);\n  var dst = new Uint8Array(this.length() + growSize);\n  dst.set(src);\n  this.data = new DataView(dst.buffer);\n\n  return this;\n};\n\n/**\n * Puts a byte in this buffer.\n *\n * @param b the byte to put.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putByte = function(b) {\n  this.accommodate(1);\n  this.data.setUint8(this.write++, b);\n  return this;\n};\n\n/**\n * Puts a byte in this buffer N times.\n *\n * @param b the byte to put.\n * @param n the number of bytes of value b to put.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.fillWithByte = function(b, n) {\n  this.accommodate(n);\n  for(var i = 0; i < n; ++i) {\n    this.data.setUint8(b);\n  }\n  return this;\n};\n\n/**\n * Puts bytes in this buffer. The bytes may be given as a string, an\n * ArrayBuffer, a DataView, or a TypedArray.\n *\n * @param bytes the bytes to put.\n * @param [encoding] the encoding for the first parameter ('binary', 'utf8',\n *          'utf16', 'hex'), if it is a string (default: 'binary').\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putBytes = function(bytes, encoding) {\n  if(util.isArrayBufferView(bytes)) {\n    var src = new Uint8Array(bytes.buffer, bytes.byteOffset, bytes.byteLength);\n    var len = src.byteLength - src.byteOffset;\n    this.accommodate(len);\n    var dst = new Uint8Array(this.data.buffer, this.write);\n    dst.set(src);\n    this.write += len;\n    return this;\n  }\n\n  if(util.isArrayBuffer(bytes)) {\n    var src = new Uint8Array(bytes);\n    this.accommodate(src.byteLength);\n    var dst = new Uint8Array(this.data.buffer);\n    dst.set(src, this.write);\n    this.write += src.byteLength;\n    return this;\n  }\n\n  // bytes is a util.DataBuffer or equivalent\n  if(bytes instanceof util.DataBuffer ||\n    (typeof bytes === 'object' &&\n    typeof bytes.read === 'number' && typeof bytes.write === 'number' &&\n    util.isArrayBufferView(bytes.data))) {\n    var src = new Uint8Array(bytes.data.byteLength, bytes.read, bytes.length());\n    this.accommodate(src.byteLength);\n    var dst = new Uint8Array(bytes.data.byteLength, this.write);\n    dst.set(src);\n    this.write += src.byteLength;\n    return this;\n  }\n\n  if(bytes instanceof util.ByteStringBuffer) {\n    // copy binary string and process as the same as a string parameter below\n    bytes = bytes.data;\n    encoding = 'binary';\n  }\n\n  // string conversion\n  encoding = encoding || 'binary';\n  if(typeof bytes === 'string') {\n    var view;\n\n    // decode from string\n    if(encoding === 'hex') {\n      this.accommodate(Math.ceil(bytes.length / 2));\n      view = new Uint8Array(this.data.buffer, this.write);\n      this.write += util.binary.hex.decode(bytes, view, this.write);\n      return this;\n    }\n    if(encoding === 'base64') {\n      this.accommodate(Math.ceil(bytes.length / 4) * 3);\n      view = new Uint8Array(this.data.buffer, this.write);\n      this.write += util.binary.base64.decode(bytes, view, this.write);\n      return this;\n    }\n\n    // encode text as UTF-8 bytes\n    if(encoding === 'utf8') {\n      // encode as UTF-8 then decode string as raw binary\n      bytes = util.encodeUtf8(bytes);\n      encoding = 'binary';\n    }\n\n    // decode string as raw binary\n    if(encoding === 'binary' || encoding === 'raw') {\n      // one byte per character\n      this.accommodate(bytes.length);\n      view = new Uint8Array(this.data.buffer, this.write);\n      this.write += util.binary.raw.decode(view);\n      return this;\n    }\n\n    // encode text as UTF-16 bytes\n    if(encoding === 'utf16') {\n      // two bytes per character\n      this.accommodate(bytes.length * 2);\n      view = new Uint16Array(this.data.buffer, this.write);\n      this.write += util.text.utf16.encode(view);\n      return this;\n    }\n\n    throw new Error('Invalid encoding: ' + encoding);\n  }\n\n  throw Error('Invalid parameter: ' + bytes);\n};\n\n/**\n * Puts the given buffer into this buffer.\n *\n * @param buffer the buffer to put into this one.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putBuffer = function(buffer) {\n  this.putBytes(buffer);\n  buffer.clear();\n  return this;\n};\n\n/**\n * Puts a string into this buffer.\n *\n * @param str the string to put.\n * @param [encoding] the encoding for the string (default: 'utf16').\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putString = function(str) {\n  return this.putBytes(str, 'utf16');\n};\n\n/**\n * Puts a 16-bit integer in this buffer in big-endian order.\n *\n * @param i the 16-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt16 = function(i) {\n  this.accommodate(2);\n  this.data.setInt16(this.write, i);\n  this.write += 2;\n  return this;\n};\n\n/**\n * Puts a 24-bit integer in this buffer in big-endian order.\n *\n * @param i the 24-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt24 = function(i) {\n  this.accommodate(3);\n  this.data.setInt16(this.write, i >> 8 & 0xFFFF);\n  this.data.setInt8(this.write, i >> 16 & 0xFF);\n  this.write += 3;\n  return this;\n};\n\n/**\n * Puts a 32-bit integer in this buffer in big-endian order.\n *\n * @param i the 32-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt32 = function(i) {\n  this.accommodate(4);\n  this.data.setInt32(this.write, i);\n  this.write += 4;\n  return this;\n};\n\n/**\n * Puts a 16-bit integer in this buffer in little-endian order.\n *\n * @param i the 16-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt16Le = function(i) {\n  this.accommodate(2);\n  this.data.setInt16(this.write, i, true);\n  this.write += 2;\n  return this;\n};\n\n/**\n * Puts a 24-bit integer in this buffer in little-endian order.\n *\n * @param i the 24-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt24Le = function(i) {\n  this.accommodate(3);\n  this.data.setInt8(this.write, i >> 16 & 0xFF);\n  this.data.setInt16(this.write, i >> 8 & 0xFFFF, true);\n  this.write += 3;\n  return this;\n};\n\n/**\n * Puts a 32-bit integer in this buffer in little-endian order.\n *\n * @param i the 32-bit integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt32Le = function(i) {\n  this.accommodate(4);\n  this.data.setInt32(this.write, i, true);\n  this.write += 4;\n  return this;\n};\n\n/**\n * Puts an n-bit integer in this buffer in big-endian order.\n *\n * @param i the n-bit integer.\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putInt = function(i, n) {\n  _checkBitsParam(n);\n  this.accommodate(n / 8);\n  do {\n    n -= 8;\n    this.data.setInt8(this.write++, (i >> n) & 0xFF);\n  } while(n > 0);\n  return this;\n};\n\n/**\n * Puts a signed n-bit integer in this buffer in big-endian order. Two's\n * complement representation is used.\n *\n * @param i the n-bit integer.\n * @param n the number of bits in the integer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.putSignedInt = function(i, n) {\n  _checkBitsParam(n);\n  this.accommodate(n / 8);\n  if(i < 0) {\n    i += 2 << (n - 1);\n  }\n  return this.putInt(i, n);\n};\n\n/**\n * Gets a byte from this buffer and advances the read pointer by 1.\n *\n * @return the byte.\n */\nutil.DataBuffer.prototype.getByte = function() {\n  return this.data.getInt8(this.read++);\n};\n\n/**\n * Gets a uint16 from this buffer in big-endian order and advances the read\n * pointer by 2.\n *\n * @return the uint16.\n */\nutil.DataBuffer.prototype.getInt16 = function() {\n  var rval = this.data.getInt16(this.read);\n  this.read += 2;\n  return rval;\n};\n\n/**\n * Gets a uint24 from this buffer in big-endian order and advances the read\n * pointer by 3.\n *\n * @return the uint24.\n */\nutil.DataBuffer.prototype.getInt24 = function() {\n  var rval = (\n    this.data.getInt16(this.read) << 8 ^\n    this.data.getInt8(this.read + 2));\n  this.read += 3;\n  return rval;\n};\n\n/**\n * Gets a uint32 from this buffer in big-endian order and advances the read\n * pointer by 4.\n *\n * @return the word.\n */\nutil.DataBuffer.prototype.getInt32 = function() {\n  var rval = this.data.getInt32(this.read);\n  this.read += 4;\n  return rval;\n};\n\n/**\n * Gets a uint16 from this buffer in little-endian order and advances the read\n * pointer by 2.\n *\n * @return the uint16.\n */\nutil.DataBuffer.prototype.getInt16Le = function() {\n  var rval = this.data.getInt16(this.read, true);\n  this.read += 2;\n  return rval;\n};\n\n/**\n * Gets a uint24 from this buffer in little-endian order and advances the read\n * pointer by 3.\n *\n * @return the uint24.\n */\nutil.DataBuffer.prototype.getInt24Le = function() {\n  var rval = (\n    this.data.getInt8(this.read) ^\n    this.data.getInt16(this.read + 1, true) << 8);\n  this.read += 3;\n  return rval;\n};\n\n/**\n * Gets a uint32 from this buffer in little-endian order and advances the read\n * pointer by 4.\n *\n * @return the word.\n */\nutil.DataBuffer.prototype.getInt32Le = function() {\n  var rval = this.data.getInt32(this.read, true);\n  this.read += 4;\n  return rval;\n};\n\n/**\n * Gets an n-bit integer from this buffer in big-endian order and advances the\n * read pointer by n/8.\n *\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return the integer.\n */\nutil.DataBuffer.prototype.getInt = function(n) {\n  _checkBitsParam(n);\n  var rval = 0;\n  do {\n    // TODO: Use (rval * 0x100) if adding support for 33 to 53 bits.\n    rval = (rval << 8) + this.data.getInt8(this.read++);\n    n -= 8;\n  } while(n > 0);\n  return rval;\n};\n\n/**\n * Gets a signed n-bit integer from this buffer in big-endian order, using\n * two's complement, and advances the read pointer by n/8.\n *\n * @param n the number of bits in the integer (8, 16, 24, or 32).\n *\n * @return the integer.\n */\nutil.DataBuffer.prototype.getSignedInt = function(n) {\n  // getInt checks n\n  var x = this.getInt(n);\n  var max = 2 << (n - 2);\n  if(x >= max) {\n    x -= max << 1;\n  }\n  return x;\n};\n\n/**\n * Reads bytes out as a binary encoded string and clears them from the\n * buffer.\n *\n * @param count the number of bytes to read, undefined or null for all.\n *\n * @return a binary encoded string of bytes.\n */\nutil.DataBuffer.prototype.getBytes = function(count) {\n  // TODO: deprecate this method, it is poorly named and\n  // this.toString('binary') replaces it\n  // add a toTypedArray()/toArrayBuffer() function\n  var rval;\n  if(count) {\n    // read count bytes\n    count = Math.min(this.length(), count);\n    rval = this.data.slice(this.read, this.read + count);\n    this.read += count;\n  } else if(count === 0) {\n    rval = '';\n  } else {\n    // read all bytes, optimize to only copy when needed\n    rval = (this.read === 0) ? this.data : this.data.slice(this.read);\n    this.clear();\n  }\n  return rval;\n};\n\n/**\n * Gets a binary encoded string of the bytes from this buffer without\n * modifying the read pointer.\n *\n * @param count the number of bytes to get, omit to get all.\n *\n * @return a string full of binary encoded characters.\n */\nutil.DataBuffer.prototype.bytes = function(count) {\n  // TODO: deprecate this method, it is poorly named, add \"getString()\"\n  return (typeof(count) === 'undefined' ?\n    this.data.slice(this.read) :\n    this.data.slice(this.read, this.read + count));\n};\n\n/**\n * Gets a byte at the given index without modifying the read pointer.\n *\n * @param i the byte index.\n *\n * @return the byte.\n */\nutil.DataBuffer.prototype.at = function(i) {\n  return this.data.getUint8(this.read + i);\n};\n\n/**\n * Puts a byte at the given index without modifying the read pointer.\n *\n * @param i the byte index.\n * @param b the byte to put.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.setAt = function(i, b) {\n  this.data.setUint8(i, b);\n  return this;\n};\n\n/**\n * Gets the last byte without modifying the read pointer.\n *\n * @return the last byte.\n */\nutil.DataBuffer.prototype.last = function() {\n  return this.data.getUint8(this.write - 1);\n};\n\n/**\n * Creates a copy of this buffer.\n *\n * @return the copy.\n */\nutil.DataBuffer.prototype.copy = function() {\n  return new util.DataBuffer(this);\n};\n\n/**\n * Compacts this buffer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.compact = function() {\n  if(this.read > 0) {\n    var src = new Uint8Array(this.data.buffer, this.read);\n    var dst = new Uint8Array(src.byteLength);\n    dst.set(src);\n    this.data = new DataView(dst);\n    this.write -= this.read;\n    this.read = 0;\n  }\n  return this;\n};\n\n/**\n * Clears this buffer.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.clear = function() {\n  this.data = new DataView(new ArrayBuffer(0));\n  this.read = this.write = 0;\n  return this;\n};\n\n/**\n * Shortens this buffer by triming bytes off of the end of this buffer.\n *\n * @param count the number of bytes to trim off.\n *\n * @return this buffer.\n */\nutil.DataBuffer.prototype.truncate = function(count) {\n  this.write = Math.max(0, this.length() - count);\n  this.read = Math.min(this.read, this.write);\n  return this;\n};\n\n/**\n * Converts this buffer to a hexadecimal string.\n *\n * @return a hexadecimal string.\n */\nutil.DataBuffer.prototype.toHex = function() {\n  var rval = '';\n  for(var i = this.read; i < this.data.byteLength; ++i) {\n    var b = this.data.getUint8(i);\n    if(b < 16) {\n      rval += '0';\n    }\n    rval += b.toString(16);\n  }\n  return rval;\n};\n\n/**\n * Converts this buffer to a string, using the given encoding. If no\n * encoding is given, 'utf8' (UTF-8) is used.\n *\n * @param [encoding] the encoding to use: 'binary', 'utf8', 'utf16', 'hex',\n *          'base64' (default: 'utf8').\n *\n * @return a string representation of the bytes in this buffer.\n */\nutil.DataBuffer.prototype.toString = function(encoding) {\n  var view = new Uint8Array(this.data, this.read, this.length());\n  encoding = encoding || 'utf8';\n\n  // encode to string\n  if(encoding === 'binary' || encoding === 'raw') {\n    return util.binary.raw.encode(view);\n  }\n  if(encoding === 'hex') {\n    return util.binary.hex.encode(view);\n  }\n  if(encoding === 'base64') {\n    return util.binary.base64.encode(view);\n  }\n\n  // decode to text\n  if(encoding === 'utf8') {\n    return util.text.utf8.decode(view);\n  }\n  if(encoding === 'utf16') {\n    return util.text.utf16.decode(view);\n  }\n\n  throw new Error('Invalid encoding: ' + encoding);\n};\n\n/** End Buffer w/UInt8Array backing */\n\n/**\n * Creates a buffer that stores bytes. A value may be given to populate the\n * buffer with data. This value can either be string of encoded bytes or a\n * regular string of characters. When passing a string of binary encoded\n * bytes, the encoding `raw` should be given. This is also the default. When\n * passing a string of characters, the encoding `utf8` should be given.\n *\n * @param [input] a string with encoded bytes to store in the buffer.\n * @param [encoding] (default: 'raw', other: 'utf8').\n */\nutil.createBuffer = function(input, encoding) {\n  // TODO: deprecate, use new ByteBuffer() instead\n  encoding = encoding || 'raw';\n  if(input !== undefined && encoding === 'utf8') {\n    input = util.encodeUtf8(input);\n  }\n  return new util.ByteBuffer(input);\n};\n\n/**\n * Fills a string with a particular value. If you want the string to be a byte\n * string, pass in String.fromCharCode(theByte).\n *\n * @param c the character to fill the string with, use String.fromCharCode\n *          to fill the string with a byte value.\n * @param n the number of characters of value c to fill with.\n *\n * @return the filled string.\n */\nutil.fillString = function(c, n) {\n  var s = '';\n  while(n > 0) {\n    if(n & 1) {\n      s += c;\n    }\n    n >>>= 1;\n    if(n > 0) {\n      c += c;\n    }\n  }\n  return s;\n};\n\n/**\n * Performs a per byte XOR between two byte strings and returns the result as a\n * string of bytes.\n *\n * @param s1 first string of bytes.\n * @param s2 second string of bytes.\n * @param n the number of bytes to XOR.\n *\n * @return the XOR'd result.\n */\nutil.xorBytes = function(s1, s2, n) {\n  var s3 = '';\n  var b = '';\n  var t = '';\n  var i = 0;\n  var c = 0;\n  for(; n > 0; --n, ++i) {\n    b = s1.charCodeAt(i) ^ s2.charCodeAt(i);\n    if(c >= 10) {\n      s3 += t;\n      t = '';\n      c = 0;\n    }\n    t += String.fromCharCode(b);\n    ++c;\n  }\n  s3 += t;\n  return s3;\n};\n\n/**\n * Converts a hex string into a 'binary' encoded string of bytes.\n *\n * @param hex the hexadecimal string to convert.\n *\n * @return the binary-encoded string of bytes.\n */\nutil.hexToBytes = function(hex) {\n  // TODO: deprecate: \"Deprecated. Use util.binary.hex.decode instead.\"\n  var rval = '';\n  var i = 0;\n  if(hex.length & 1 == 1) {\n    // odd number of characters, convert first character alone\n    i = 1;\n    rval += String.fromCharCode(parseInt(hex[0], 16));\n  }\n  // convert 2 characters (1 byte) at a time\n  for(; i < hex.length; i += 2) {\n    rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16));\n  }\n  return rval;\n};\n\n/**\n * Converts a 'binary' encoded string of bytes to hex.\n *\n * @param bytes the byte string to convert.\n *\n * @return the string of hexadecimal characters.\n */\nutil.bytesToHex = function(bytes) {\n  // TODO: deprecate: \"Deprecated. Use util.binary.hex.encode instead.\"\n  return util.createBuffer(bytes).toHex();\n};\n\n/**\n * Converts an 32-bit integer to 4-big-endian byte string.\n *\n * @param i the integer.\n *\n * @return the byte string.\n */\nutil.int32ToBytes = function(i) {\n  return (\n    String.fromCharCode(i >> 24 & 0xFF) +\n    String.fromCharCode(i >> 16 & 0xFF) +\n    String.fromCharCode(i >> 8 & 0xFF) +\n    String.fromCharCode(i & 0xFF));\n};\n\n// base64 characters, reverse mapping\nvar _base64 =\n  'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=';\nvar _base64Idx = [\n/*43 -43 = 0*/\n/*'+',  1,  2,  3,'/' */\n   62, -1, -1, -1, 63,\n\n/*'0','1','2','3','4','5','6','7','8','9' */\n   52, 53, 54, 55, 56, 57, 58, 59, 60, 61,\n\n/*15, 16, 17,'=', 19, 20, 21 */\n  -1, -1, -1, 64, -1, -1, -1,\n\n/*65 - 43 = 22*/\n/*'A','B','C','D','E','F','G','H','I','J','K','L','M', */\n   0,  1,  2,  3,  4,  5,  6,  7,  8,  9, 10, 11, 12,\n\n/*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */\n   13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25,\n\n/*91 - 43 = 48 */\n/*48, 49, 50, 51, 52, 53 */\n  -1, -1, -1, -1, -1, -1,\n\n/*97 - 43 = 54*/\n/*'a','b','c','d','e','f','g','h','i','j','k','l','m' */\n   26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38,\n\n/*'n','o','p','q','r','s','t','u','v','w','x','y','z' */\n   39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51\n];\n\n// base58 characters (Bitcoin alphabet)\nvar _base58 = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz';\n\n/**\n * Base64 encodes a 'binary' encoded string of bytes.\n *\n * @param input the binary encoded string of bytes to base64-encode.\n * @param maxline the maximum number of encoded characters per line to use,\n *          defaults to none.\n *\n * @return the base64-encoded output.\n */\nutil.encode64 = function(input, maxline) {\n  // TODO: deprecate: \"Deprecated. Use util.binary.base64.encode instead.\"\n  var line = '';\n  var output = '';\n  var chr1, chr2, chr3;\n  var i = 0;\n  while(i < input.length) {\n    chr1 = input.charCodeAt(i++);\n    chr2 = input.charCodeAt(i++);\n    chr3 = input.charCodeAt(i++);\n\n    // encode 4 character group\n    line += _base64.charAt(chr1 >> 2);\n    line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4));\n    if(isNaN(chr2)) {\n      line += '==';\n    } else {\n      line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6));\n      line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63);\n    }\n\n    if(maxline && line.length > maxline) {\n      output += line.substr(0, maxline) + '\\r\\n';\n      line = line.substr(maxline);\n    }\n  }\n  output += line;\n  return output;\n};\n\n/**\n * Base64 decodes a string into a 'binary' encoded string of bytes.\n *\n * @param input the base64-encoded input.\n *\n * @return the binary encoded string.\n */\nutil.decode64 = function(input) {\n  // TODO: deprecate: \"Deprecated. Use util.binary.base64.decode instead.\"\n\n  // remove all non-base64 characters\n  input = input.replace(/[^A-Za-z0-9\\+\\/\\=]/g, '');\n\n  var output = '';\n  var enc1, enc2, enc3, enc4;\n  var i = 0;\n\n  while(i < input.length) {\n    enc1 = _base64Idx[input.charCodeAt(i++) - 43];\n    enc2 = _base64Idx[input.charCodeAt(i++) - 43];\n    enc3 = _base64Idx[input.charCodeAt(i++) - 43];\n    enc4 = _base64Idx[input.charCodeAt(i++) - 43];\n\n    output += String.fromCharCode((enc1 << 2) | (enc2 >> 4));\n    if(enc3 !== 64) {\n      // decoded at least 2 bytes\n      output += String.fromCharCode(((enc2 & 15) << 4) | (enc3 >> 2));\n      if(enc4 !== 64) {\n        // decoded 3 bytes\n        output += String.fromCharCode(((enc3 & 3) << 6) | enc4);\n      }\n    }\n  }\n\n  return output;\n};\n\n/**\n * Encodes the given string of characters (a standard JavaScript\n * string) as a binary encoded string where the bytes represent\n * a UTF-8 encoded string of characters. Non-ASCII characters will be\n * encoded as multiple bytes according to UTF-8.\n *\n * @param str a standard string of characters to encode.\n *\n * @return the binary encoded string.\n */\nutil.encodeUtf8 = function(str) {\n  return unescape(encodeURIComponent(str));\n};\n\n/**\n * Decodes a binary encoded string that contains bytes that\n * represent a UTF-8 encoded string of characters -- into a\n * string of characters (a standard JavaScript string).\n *\n * @param str the binary encoded string to decode.\n *\n * @return the resulting standard string of characters.\n */\nutil.decodeUtf8 = function(str) {\n  return decodeURIComponent(escape(str));\n};\n\n// binary encoding/decoding tools\n// FIXME: Experimental. Do not use yet.\nutil.binary = {\n  raw: {},\n  hex: {},\n  base64: {},\n  base58: {},\n  baseN : {\n    encode: baseN.encode,\n    decode: baseN.decode\n  }\n};\n\n/**\n * Encodes a Uint8Array as a binary-encoded string. This encoding uses\n * a value between 0 and 255 for each character.\n *\n * @param bytes the Uint8Array to encode.\n *\n * @return the binary-encoded string.\n */\nutil.binary.raw.encode = function(bytes) {\n  return String.fromCharCode.apply(null, bytes);\n};\n\n/**\n * Decodes a binary-encoded string to a Uint8Array. This encoding uses\n * a value between 0 and 255 for each character.\n *\n * @param str the binary-encoded string to decode.\n * @param [output] an optional Uint8Array to write the output to; if it\n *          is too small, an exception will be thrown.\n * @param [offset] the start offset for writing to the output (default: 0).\n *\n * @return the Uint8Array or the number of bytes written if output was given.\n */\nutil.binary.raw.decode = function(str, output, offset) {\n  var out = output;\n  if(!out) {\n    out = new Uint8Array(str.length);\n  }\n  offset = offset || 0;\n  var j = offset;\n  for(var i = 0; i < str.length; ++i) {\n    out[j++] = str.charCodeAt(i);\n  }\n  return output ? (j - offset) : out;\n};\n\n/**\n * Encodes a 'binary' string, ArrayBuffer, DataView, TypedArray, or\n * ByteBuffer as a string of hexadecimal characters.\n *\n * @param bytes the bytes to convert.\n *\n * @return the string of hexadecimal characters.\n */\nutil.binary.hex.encode = util.bytesToHex;\n\n/**\n * Decodes a hex-encoded string to a Uint8Array.\n *\n * @param hex the hexadecimal string to convert.\n * @param [output] an optional Uint8Array to write the output to; if it\n *          is too small, an exception will be thrown.\n * @param [offset] the start offset for writing to the output (default: 0).\n *\n * @return the Uint8Array or the number of bytes written if output was given.\n */\nutil.binary.hex.decode = function(hex, output, offset) {\n  var out = output;\n  if(!out) {\n    out = new Uint8Array(Math.ceil(hex.length / 2));\n  }\n  offset = offset || 0;\n  var i = 0, j = offset;\n  if(hex.length & 1) {\n    // odd number of characters, convert first character alone\n    i = 1;\n    out[j++] = parseInt(hex[0], 16);\n  }\n  // convert 2 characters (1 byte) at a time\n  for(; i < hex.length; i += 2) {\n    out[j++] = parseInt(hex.substr(i, 2), 16);\n  }\n  return output ? (j - offset) : out;\n};\n\n/**\n * Base64-encodes a Uint8Array.\n *\n * @param input the Uint8Array to encode.\n * @param maxline the maximum number of encoded characters per line to use,\n *          defaults to none.\n *\n * @return the base64-encoded output string.\n */\nutil.binary.base64.encode = function(input, maxline) {\n  var line = '';\n  var output = '';\n  var chr1, chr2, chr3;\n  var i = 0;\n  while(i < input.byteLength) {\n    chr1 = input[i++];\n    chr2 = input[i++];\n    chr3 = input[i++];\n\n    // encode 4 character group\n    line += _base64.charAt(chr1 >> 2);\n    line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4));\n    if(isNaN(chr2)) {\n      line += '==';\n    } else {\n      line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6));\n      line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63);\n    }\n\n    if(maxline && line.length > maxline) {\n      output += line.substr(0, maxline) + '\\r\\n';\n      line = line.substr(maxline);\n    }\n  }\n  output += line;\n  return output;\n};\n\n/**\n * Decodes a base64-encoded string to a Uint8Array.\n *\n * @param input the base64-encoded input string.\n * @param [output] an optional Uint8Array to write the output to; if it\n *          is too small, an exception will be thrown.\n * @param [offset] the start offset for writing to the output (default: 0).\n *\n * @return the Uint8Array or the number of bytes written if output was given.\n */\nutil.binary.base64.decode = function(input, output, offset) {\n  var out = output;\n  if(!out) {\n    out = new Uint8Array(Math.ceil(input.length / 4) * 3);\n  }\n\n  // remove all non-base64 characters\n  input = input.replace(/[^A-Za-z0-9\\+\\/\\=]/g, '');\n\n  offset = offset || 0;\n  var enc1, enc2, enc3, enc4;\n  var i = 0, j = offset;\n\n  while(i < input.length) {\n    enc1 = _base64Idx[input.charCodeAt(i++) - 43];\n    enc2 = _base64Idx[input.charCodeAt(i++) - 43];\n    enc3 = _base64Idx[input.charCodeAt(i++) - 43];\n    enc4 = _base64Idx[input.charCodeAt(i++) - 43];\n\n    out[j++] = (enc1 << 2) | (enc2 >> 4);\n    if(enc3 !== 64) {\n      // decoded at least 2 bytes\n      out[j++] = ((enc2 & 15) << 4) | (enc3 >> 2);\n      if(enc4 !== 64) {\n        // decoded 3 bytes\n        out[j++] = ((enc3 & 3) << 6) | enc4;\n      }\n    }\n  }\n\n  // make sure result is the exact decoded length\n  return output ? (j - offset) : out.subarray(0, j);\n};\n\n// add support for base58 encoding/decoding with Bitcoin alphabet\nutil.binary.base58.encode = function(input, maxline) {\n  return util.binary.baseN.encode(input, _base58, maxline);\n};\nutil.binary.base58.decode = function(input, maxline) {\n  return util.binary.baseN.decode(input, _base58, maxline);\n};\n\n// text encoding/decoding tools\n// FIXME: Experimental. Do not use yet.\nutil.text = {\n  utf8: {},\n  utf16: {}\n};\n\n/**\n * Encodes the given string as UTF-8 in a Uint8Array.\n *\n * @param str the string to encode.\n * @param [output] an optional Uint8Array to write the output to; if it\n *          is too small, an exception will be thrown.\n * @param [offset] the start offset for writing to the output (default: 0).\n *\n * @return the Uint8Array or the number of bytes written if output was given.\n */\nutil.text.utf8.encode = function(str, output, offset) {\n  str = util.encodeUtf8(str);\n  var out = output;\n  if(!out) {\n    out = new Uint8Array(str.length);\n  }\n  offset = offset || 0;\n  var j = offset;\n  for(var i = 0; i < str.length; ++i) {\n    out[j++] = str.charCodeAt(i);\n  }\n  return output ? (j - offset) : out;\n};\n\n/**\n * Decodes the UTF-8 contents from a Uint8Array.\n *\n * @param bytes the Uint8Array to decode.\n *\n * @return the resulting string.\n */\nutil.text.utf8.decode = function(bytes) {\n  return util.decodeUtf8(String.fromCharCode.apply(null, bytes));\n};\n\n/**\n * Encodes the given string as UTF-16 in a Uint8Array.\n *\n * @param str the string to encode.\n * @param [output] an optional Uint8Array to write the output to; if it\n *          is too small, an exception will be thrown.\n * @param [offset] the start offset for writing to the output (default: 0).\n *\n * @return the Uint8Array or the number of bytes written if output was given.\n */\nutil.text.utf16.encode = function(str, output, offset) {\n  var out = output;\n  if(!out) {\n    out = new Uint8Array(str.length * 2);\n  }\n  var view = new Uint16Array(out.buffer);\n  offset = offset || 0;\n  var j = offset;\n  var k = offset;\n  for(var i = 0; i < str.length; ++i) {\n    view[k++] = str.charCodeAt(i);\n    j += 2;\n  }\n  return output ? (j - offset) : out;\n};\n\n/**\n * Decodes the UTF-16 contents from a Uint8Array.\n *\n * @param bytes the Uint8Array to decode.\n *\n * @return the resulting string.\n */\nutil.text.utf16.decode = function(bytes) {\n  return String.fromCharCode.apply(null, new Uint16Array(bytes.buffer));\n};\n\n/**\n * Deflates the given data using a flash interface.\n *\n * @param api the flash interface.\n * @param bytes the data.\n * @param raw true to return only raw deflate data, false to include zlib\n *          header and trailer.\n *\n * @return the deflated data as a string.\n */\nutil.deflate = function(api, bytes, raw) {\n  bytes = util.decode64(api.deflate(util.encode64(bytes)).rval);\n\n  // strip zlib header and trailer if necessary\n  if(raw) {\n    // zlib header is 2 bytes (CMF,FLG) where FLG indicates that\n    // there is a 4-byte DICT (alder-32) block before the data if\n    // its 5th bit is set\n    var start = 2;\n    var flg = bytes.charCodeAt(1);\n    if(flg & 0x20) {\n      start = 6;\n    }\n    // zlib trailer is 4 bytes of adler-32\n    bytes = bytes.substring(start, bytes.length - 4);\n  }\n\n  return bytes;\n};\n\n/**\n * Inflates the given data using a flash interface.\n *\n * @param api the flash interface.\n * @param bytes the data.\n * @param raw true if the incoming data has no zlib header or trailer and is\n *          raw DEFLATE data.\n *\n * @return the inflated data as a string, null on error.\n */\nutil.inflate = function(api, bytes, raw) {\n  // TODO: add zlib header and trailer if necessary/possible\n  var rval = api.inflate(util.encode64(bytes)).rval;\n  return (rval === null) ? null : util.decode64(rval);\n};\n\n/**\n * Sets a storage object.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n * @param obj the storage object, null to remove.\n */\nvar _setStorageObject = function(api, id, obj) {\n  if(!api) {\n    throw new Error('WebStorage not available.');\n  }\n\n  var rval;\n  if(obj === null) {\n    rval = api.removeItem(id);\n  } else {\n    // json-encode and base64-encode object\n    obj = util.encode64(JSON.stringify(obj));\n    rval = api.setItem(id, obj);\n  }\n\n  // handle potential flash error\n  if(typeof(rval) !== 'undefined' && rval.rval !== true) {\n    var error = new Error(rval.error.message);\n    error.id = rval.error.id;\n    error.name = rval.error.name;\n    throw error;\n  }\n};\n\n/**\n * Gets a storage object.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n *\n * @return the storage object entry or null if none exists.\n */\nvar _getStorageObject = function(api, id) {\n  if(!api) {\n    throw new Error('WebStorage not available.');\n  }\n\n  // get the existing entry\n  var rval = api.getItem(id);\n\n  /* Note: We check api.init because we can't do (api == localStorage)\n    on IE because of \"Class doesn't support Automation\" exception. Only\n    the flash api has an init method so this works too, but we need a\n    better solution in the future. */\n\n  // flash returns item wrapped in an object, handle special case\n  if(api.init) {\n    if(rval.rval === null) {\n      if(rval.error) {\n        var error = new Error(rval.error.message);\n        error.id = rval.error.id;\n        error.name = rval.error.name;\n        throw error;\n      }\n      // no error, but also no item\n      rval = null;\n    } else {\n      rval = rval.rval;\n    }\n  }\n\n  // handle decoding\n  if(rval !== null) {\n    // base64-decode and json-decode data\n    rval = JSON.parse(util.decode64(rval));\n  }\n\n  return rval;\n};\n\n/**\n * Stores an item in local storage.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n * @param key the key for the item.\n * @param data the data for the item (any javascript object/primitive).\n */\nvar _setItem = function(api, id, key, data) {\n  // get storage object\n  var obj = _getStorageObject(api, id);\n  if(obj === null) {\n    // create a new storage object\n    obj = {};\n  }\n  // update key\n  obj[key] = data;\n\n  // set storage object\n  _setStorageObject(api, id, obj);\n};\n\n/**\n * Gets an item from local storage.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n * @param key the key for the item.\n *\n * @return the item.\n */\nvar _getItem = function(api, id, key) {\n  // get storage object\n  var rval = _getStorageObject(api, id);\n  if(rval !== null) {\n    // return data at key\n    rval = (key in rval) ? rval[key] : null;\n  }\n\n  return rval;\n};\n\n/**\n * Removes an item from local storage.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n * @param key the key for the item.\n */\nvar _removeItem = function(api, id, key) {\n  // get storage object\n  var obj = _getStorageObject(api, id);\n  if(obj !== null && key in obj) {\n    // remove key\n    delete obj[key];\n\n    // see if entry has no keys remaining\n    var empty = true;\n    for(var prop in obj) {\n      empty = false;\n      break;\n    }\n    if(empty) {\n      // remove entry entirely if no keys are left\n      obj = null;\n    }\n\n    // set storage object\n    _setStorageObject(api, id, obj);\n  }\n};\n\n/**\n * Clears the local disk storage identified by the given ID.\n *\n * @param api the storage interface.\n * @param id the storage ID to use.\n */\nvar _clearItems = function(api, id) {\n  _setStorageObject(api, id, null);\n};\n\n/**\n * Calls a storage function.\n *\n * @param func the function to call.\n * @param args the arguments for the function.\n * @param location the location argument.\n *\n * @return the return value from the function.\n */\nvar _callStorageFunction = function(func, args, location) {\n  var rval = null;\n\n  // default storage types\n  if(typeof(location) === 'undefined') {\n    location = ['web', 'flash'];\n  }\n\n  // apply storage types in order of preference\n  var type;\n  var done = false;\n  var exception = null;\n  for(var idx in location) {\n    type = location[idx];\n    try {\n      if(type === 'flash' || type === 'both') {\n        if(args[0] === null) {\n          throw new Error('Flash local storage not available.');\n        }\n        rval = func.apply(this, args);\n        done = (type === 'flash');\n      }\n      if(type === 'web' || type === 'both') {\n        args[0] = localStorage;\n        rval = func.apply(this, args);\n        done = true;\n      }\n    } catch(ex) {\n      exception = ex;\n    }\n    if(done) {\n      break;\n    }\n  }\n\n  if(!done) {\n    throw exception;\n  }\n\n  return rval;\n};\n\n/**\n * Stores an item on local disk.\n *\n * The available types of local storage include 'flash', 'web', and 'both'.\n *\n * The type 'flash' refers to flash local storage (SharedObject). In order\n * to use flash local storage, the 'api' parameter must be valid. The type\n * 'web' refers to WebStorage, if supported by the browser. The type 'both'\n * refers to storing using both 'flash' and 'web', not just one or the\n * other.\n *\n * The location array should list the storage types to use in order of\n * preference:\n *\n * ['flash']: flash only storage\n * ['web']: web only storage\n * ['both']: try to store in both\n * ['flash','web']: store in flash first, but if not available, 'web'\n * ['web','flash']: store in web first, but if not available, 'flash'\n *\n * The location array defaults to: ['web', 'flash']\n *\n * @param api the flash interface, null to use only WebStorage.\n * @param id the storage ID to use.\n * @param key the key for the item.\n * @param data the data for the item (any javascript object/primitive).\n * @param location an array with the preferred types of storage to use.\n */\nutil.setItem = function(api, id, key, data, location) {\n  _callStorageFunction(_setItem, arguments, location);\n};\n\n/**\n * Gets an item on local disk.\n *\n * Set setItem() for details on storage types.\n *\n * @param api the flash interface, null to use only WebStorage.\n * @param id the storage ID to use.\n * @param key the key for the item.\n * @param location an array with the preferred types of storage to use.\n *\n * @return the item.\n */\nutil.getItem = function(api, id, key, location) {\n  return _callStorageFunction(_getItem, arguments, location);\n};\n\n/**\n * Removes an item on local disk.\n *\n * Set setItem() for details on storage types.\n *\n * @param api the flash interface.\n * @param id the storage ID to use.\n * @param key the key for the item.\n * @param location an array with the preferred types of storage to use.\n */\nutil.removeItem = function(api, id, key, location) {\n  _callStorageFunction(_removeItem, arguments, location);\n};\n\n/**\n * Clears the local disk storage identified by the given ID.\n *\n * Set setItem() for details on storage types.\n *\n * @param api the flash interface if flash is available.\n * @param id the storage ID to use.\n * @param location an array with the preferred types of storage to use.\n */\nutil.clearItems = function(api, id, location) {\n  _callStorageFunction(_clearItems, arguments, location);\n};\n\n/**\n * Check if an object is empty.\n *\n * Taken from:\n * http://stackoverflow.com/questions/679915/how-do-i-test-for-an-empty-javascript-object-from-json/679937#679937\n *\n * @param object the object to check.\n */\nutil.isEmpty = function(obj) {\n  for(var prop in obj) {\n    if(obj.hasOwnProperty(prop)) {\n      return false;\n    }\n  }\n  return true;\n};\n\n/**\n * Format with simple printf-style interpolation.\n *\n * %%: literal '%'\n * %s,%o: convert next argument into a string.\n *\n * @param format the string to format.\n * @param ... arguments to interpolate into the format string.\n */\nutil.format = function(format) {\n  var re = /%./g;\n  // current match\n  var match;\n  // current part\n  var part;\n  // current arg index\n  var argi = 0;\n  // collected parts to recombine later\n  var parts = [];\n  // last index found\n  var last = 0;\n  // loop while matches remain\n  while((match = re.exec(format))) {\n    part = format.substring(last, re.lastIndex - 2);\n    // don't add empty strings (ie, parts between %s%s)\n    if(part.length > 0) {\n      parts.push(part);\n    }\n    last = re.lastIndex;\n    // switch on % code\n    var code = match[0][1];\n    switch(code) {\n    case 's':\n    case 'o':\n      // check if enough arguments were given\n      if(argi < arguments.length) {\n        parts.push(arguments[argi++ + 1]);\n      } else {\n        parts.push('<?>');\n      }\n      break;\n    // FIXME: do proper formating for numbers, etc\n    //case 'f':\n    //case 'd':\n    case '%':\n      parts.push('%');\n      break;\n    default:\n      parts.push('<%' + code + '?>');\n    }\n  }\n  // add trailing part of format string\n  parts.push(format.substring(last));\n  return parts.join('');\n};\n\n/**\n * Formats a number.\n *\n * http://snipplr.com/view/5945/javascript-numberformat--ported-from-php/\n */\nutil.formatNumber = function(number, decimals, dec_point, thousands_sep) {\n  // http://kevin.vanzonneveld.net\n  // +   original by: Jonas Raoni Soares Silva (http://www.jsfromhell.com)\n  // +   improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net)\n  // +     bugfix by: Michael White (http://crestidg.com)\n  // +     bugfix by: Benjamin Lupton\n  // +     bugfix by: Allan Jensen (http://www.winternet.no)\n  // +    revised by: Jonas Raoni Soares Silva (http://www.jsfromhell.com)\n  // *     example 1: number_format(1234.5678, 2, '.', '');\n  // *     returns 1: 1234.57\n\n  var n = number, c = isNaN(decimals = Math.abs(decimals)) ? 2 : decimals;\n  var d = dec_point === undefined ? ',' : dec_point;\n  var t = thousands_sep === undefined ?\n   '.' : thousands_sep, s = n < 0 ? '-' : '';\n  var i = parseInt((n = Math.abs(+n || 0).toFixed(c)), 10) + '';\n  var j = (i.length > 3) ? i.length % 3 : 0;\n  return s + (j ? i.substr(0, j) + t : '') +\n    i.substr(j).replace(/(\\d{3})(?=\\d)/g, '$1' + t) +\n    (c ? d + Math.abs(n - i).toFixed(c).slice(2) : '');\n};\n\n/**\n * Formats a byte size.\n *\n * http://snipplr.com/view/5949/format-humanize-file-byte-size-presentation-in-javascript/\n */\nutil.formatSize = function(size) {\n  if(size >= 1073741824) {\n    size = util.formatNumber(size / 1073741824, 2, '.', '') + ' GiB';\n  } else if(size >= 1048576) {\n    size = util.formatNumber(size / 1048576, 2, '.', '') + ' MiB';\n  } else if(size >= 1024) {\n    size = util.formatNumber(size / 1024, 0) + ' KiB';\n  } else {\n    size = util.formatNumber(size, 0) + ' bytes';\n  }\n  return size;\n};\n\n/**\n * Converts an IPv4 or IPv6 string representation into bytes (in network order).\n *\n * @param ip the IPv4 or IPv6 address to convert.\n *\n * @return the 4-byte IPv6 or 16-byte IPv6 address or null if the address can't\n *         be parsed.\n */\nutil.bytesFromIP = function(ip) {\n  if(ip.indexOf('.') !== -1) {\n    return util.bytesFromIPv4(ip);\n  }\n  if(ip.indexOf(':') !== -1) {\n    return util.bytesFromIPv6(ip);\n  }\n  return null;\n};\n\n/**\n * Converts an IPv4 string representation into bytes (in network order).\n *\n * @param ip the IPv4 address to convert.\n *\n * @return the 4-byte address or null if the address can't be parsed.\n */\nutil.bytesFromIPv4 = function(ip) {\n  ip = ip.split('.');\n  if(ip.length !== 4) {\n    return null;\n  }\n  var b = util.createBuffer();\n  for(var i = 0; i < ip.length; ++i) {\n    var num = parseInt(ip[i], 10);\n    if(isNaN(num)) {\n      return null;\n    }\n    b.putByte(num);\n  }\n  return b.getBytes();\n};\n\n/**\n * Converts an IPv6 string representation into bytes (in network order).\n *\n * @param ip the IPv6 address to convert.\n *\n * @return the 16-byte address or null if the address can't be parsed.\n */\nutil.bytesFromIPv6 = function(ip) {\n  var blanks = 0;\n  ip = ip.split(':').filter(function(e) {\n    if(e.length === 0) ++blanks;\n    return true;\n  });\n  var zeros = (8 - ip.length + blanks) * 2;\n  var b = util.createBuffer();\n  for(var i = 0; i < 8; ++i) {\n    if(!ip[i] || ip[i].length === 0) {\n      b.fillWithByte(0, zeros);\n      zeros = 0;\n      continue;\n    }\n    var bytes = util.hexToBytes(ip[i]);\n    if(bytes.length < 2) {\n      b.putByte(0);\n    }\n    b.putBytes(bytes);\n  }\n  return b.getBytes();\n};\n\n/**\n * Converts 4-bytes into an IPv4 string representation or 16-bytes into\n * an IPv6 string representation. The bytes must be in network order.\n *\n * @param bytes the bytes to convert.\n *\n * @return the IPv4 or IPv6 string representation if 4 or 16 bytes,\n *         respectively, are given, otherwise null.\n */\nutil.bytesToIP = function(bytes) {\n  if(bytes.length === 4) {\n    return util.bytesToIPv4(bytes);\n  }\n  if(bytes.length === 16) {\n    return util.bytesToIPv6(bytes);\n  }\n  return null;\n};\n\n/**\n * Converts 4-bytes into an IPv4 string representation. The bytes must be\n * in network order.\n *\n * @param bytes the bytes to convert.\n *\n * @return the IPv4 string representation or null for an invalid # of bytes.\n */\nutil.bytesToIPv4 = function(bytes) {\n  if(bytes.length !== 4) {\n    return null;\n  }\n  var ip = [];\n  for(var i = 0; i < bytes.length; ++i) {\n    ip.push(bytes.charCodeAt(i));\n  }\n  return ip.join('.');\n};\n\n/**\n * Converts 16-bytes into an IPv16 string representation. The bytes must be\n * in network order.\n *\n * @param bytes the bytes to convert.\n *\n * @return the IPv16 string representation or null for an invalid # of bytes.\n */\nutil.bytesToIPv6 = function(bytes) {\n  if(bytes.length !== 16) {\n    return null;\n  }\n  var ip = [];\n  var zeroGroups = [];\n  var zeroMaxGroup = 0;\n  for(var i = 0; i < bytes.length; i += 2) {\n    var hex = util.bytesToHex(bytes[i] + bytes[i + 1]);\n    // canonicalize zero representation\n    while(hex[0] === '0' && hex !== '0') {\n      hex = hex.substr(1);\n    }\n    if(hex === '0') {\n      var last = zeroGroups[zeroGroups.length - 1];\n      var idx = ip.length;\n      if(!last || idx !== last.end + 1) {\n        zeroGroups.push({start: idx, end: idx});\n      } else {\n        last.end = idx;\n        if((last.end - last.start) >\n          (zeroGroups[zeroMaxGroup].end - zeroGroups[zeroMaxGroup].start)) {\n          zeroMaxGroup = zeroGroups.length - 1;\n        }\n      }\n    }\n    ip.push(hex);\n  }\n  if(zeroGroups.length > 0) {\n    var group = zeroGroups[zeroMaxGroup];\n    // only shorten group of length > 0\n    if(group.end - group.start > 0) {\n      ip.splice(group.start, group.end - group.start + 1, '');\n      if(group.start === 0) {\n        ip.unshift('');\n      }\n      if(group.end === 7) {\n        ip.push('');\n      }\n    }\n  }\n  return ip.join(':');\n};\n\n/**\n * Estimates the number of processes that can be run concurrently. If\n * creating Web Workers, keep in mind that the main JavaScript process needs\n * its own core.\n *\n * @param options the options to use:\n *          update true to force an update (not use the cached value).\n * @param callback(err, max) called once the operation completes.\n */\nutil.estimateCores = function(options, callback) {\n  if(typeof options === 'function') {\n    callback = options;\n    options = {};\n  }\n  options = options || {};\n  if('cores' in util && !options.update) {\n    return callback(null, util.cores);\n  }\n  if(typeof navigator !== 'undefined' &&\n    'hardwareConcurrency' in navigator &&\n    navigator.hardwareConcurrency > 0) {\n    util.cores = navigator.hardwareConcurrency;\n    return callback(null, util.cores);\n  }\n  if(typeof Worker === 'undefined') {\n    // workers not available\n    util.cores = 1;\n    return callback(null, util.cores);\n  }\n  if(typeof Blob === 'undefined') {\n    // can't estimate, default to 2\n    util.cores = 2;\n    return callback(null, util.cores);\n  }\n\n  // create worker concurrency estimation code as blob\n  var blobUrl = URL.createObjectURL(new Blob(['(',\n    function() {\n      self.addEventListener('message', function(e) {\n        // run worker for 4 ms\n        var st = Date.now();\n        var et = st + 4;\n        while(Date.now() < et);\n        self.postMessage({st: st, et: et});\n      });\n    }.toString(),\n  ')()'], {type: 'application/javascript'}));\n\n  // take 5 samples using 16 workers\n  sample([], 5, 16);\n\n  function sample(max, samples, numWorkers) {\n    if(samples === 0) {\n      // get overlap average\n      var avg = Math.floor(max.reduce(function(avg, x) {\n        return avg + x;\n      }, 0) / max.length);\n      util.cores = Math.max(1, avg);\n      URL.revokeObjectURL(blobUrl);\n      return callback(null, util.cores);\n    }\n    map(numWorkers, function(err, results) {\n      max.push(reduce(numWorkers, results));\n      sample(max, samples - 1, numWorkers);\n    });\n  }\n\n  function map(numWorkers, callback) {\n    var workers = [];\n    var results = [];\n    for(var i = 0; i < numWorkers; ++i) {\n      var worker = new Worker(blobUrl);\n      worker.addEventListener('message', function(e) {\n        results.push(e.data);\n        if(results.length === numWorkers) {\n          for(var i = 0; i < numWorkers; ++i) {\n            workers[i].terminate();\n          }\n          callback(null, results);\n        }\n      });\n      workers.push(worker);\n    }\n    for(var i = 0; i < numWorkers; ++i) {\n      workers[i].postMessage(i);\n    }\n  }\n\n  function reduce(numWorkers, results) {\n    // find overlapping time windows\n    var overlaps = [];\n    for(var n = 0; n < numWorkers; ++n) {\n      var r1 = results[n];\n      var overlap = overlaps[n] = [];\n      for(var i = 0; i < numWorkers; ++i) {\n        if(n === i) {\n          continue;\n        }\n        var r2 = results[i];\n        if((r1.st > r2.st && r1.st < r2.et) ||\n          (r2.st > r1.st && r2.st < r1.et)) {\n          overlap.push(i);\n        }\n      }\n    }\n    // get maximum overlaps ... don't include overlapping worker itself\n    // as the main JS process was also being scheduled during the work and\n    // would have to be subtracted from the estimate anyway\n    return overlaps.reduce(function(max, overlap) {\n      return Math.max(max, overlap.length);\n    }, 0);\n  }\n};\n","/**\n * Javascript implementation of X.509 and related components (such as\n * Certification Signing Requests) of a Public Key Infrastructure.\n *\n * @author Dave Longley\n *\n * Copyright (c) 2010-2014 Digital Bazaar, Inc.\n *\n * The ASN.1 representation of an X.509v3 certificate is as follows\n * (see RFC 2459):\n *\n * Certificate ::= SEQUENCE {\n *   tbsCertificate       TBSCertificate,\n *   signatureAlgorithm   AlgorithmIdentifier,\n *   signatureValue       BIT STRING\n * }\n *\n * TBSCertificate ::= SEQUENCE {\n *   version         [0]  EXPLICIT Version DEFAULT v1,\n *   serialNumber         CertificateSerialNumber,\n *   signature            AlgorithmIdentifier,\n *   issuer               Name,\n *   validity             Validity,\n *   subject              Name,\n *   subjectPublicKeyInfo SubjectPublicKeyInfo,\n *   issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,\n *                        -- If present, version shall be v2 or v3\n *   subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,\n *                        -- If present, version shall be v2 or v3\n *   extensions      [3]  EXPLICIT Extensions OPTIONAL\n *                        -- If present, version shall be v3\n * }\n *\n * Version ::= INTEGER  { v1(0), v2(1), v3(2) }\n *\n * CertificateSerialNumber ::= INTEGER\n *\n * Name ::= CHOICE {\n *   // only one possible choice for now\n *   RDNSequence\n * }\n *\n * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName\n *\n * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue\n *\n * AttributeTypeAndValue ::= SEQUENCE {\n *   type     AttributeType,\n *   value    AttributeValue\n * }\n * AttributeType ::= OBJECT IDENTIFIER\n * AttributeValue ::= ANY DEFINED BY AttributeType\n *\n * Validity ::= SEQUENCE {\n *   notBefore      Time,\n *   notAfter       Time\n * }\n *\n * Time ::= CHOICE {\n *   utcTime        UTCTime,\n *   generalTime    GeneralizedTime\n * }\n *\n * UniqueIdentifier ::= BIT STRING\n *\n * SubjectPublicKeyInfo ::= SEQUENCE {\n *   algorithm            AlgorithmIdentifier,\n *   subjectPublicKey     BIT STRING\n * }\n *\n * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension\n *\n * Extension ::= SEQUENCE {\n *   extnID      OBJECT IDENTIFIER,\n *   critical    BOOLEAN DEFAULT FALSE,\n *   extnValue   OCTET STRING\n * }\n *\n * The only key algorithm currently supported for PKI is RSA.\n *\n * RSASSA-PSS signatures are described in RFC 3447 and RFC 4055.\n *\n * PKCS#10 v1.7 describes certificate signing requests:\n *\n * CertificationRequestInfo:\n *\n * CertificationRequestInfo ::= SEQUENCE {\n *   version       INTEGER { v1(0) } (v1,...),\n *   subject       Name,\n *   subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},\n *   attributes    [0] Attributes{{ CRIAttributes }}\n * }\n *\n * Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }}\n *\n * CRIAttributes  ATTRIBUTE  ::= {\n *   ... -- add any locally defined attributes here -- }\n *\n * Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {\n *   type   ATTRIBUTE.&id({IOSet}),\n *   values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})\n * }\n *\n * CertificationRequest ::= SEQUENCE {\n *   certificationRequestInfo CertificationRequestInfo,\n *   signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},\n *   signature          BIT STRING\n * }\n */\nvar forge = require('./forge');\nrequire('./aes');\nrequire('./asn1');\nrequire('./des');\nrequire('./md');\nrequire('./mgf');\nrequire('./oids');\nrequire('./pem');\nrequire('./pss');\nrequire('./rsa');\nrequire('./util');\n\n// shortcut for asn.1 API\nvar asn1 = forge.asn1;\n\n/* Public Key Infrastructure (PKI) implementation. */\nvar pki = module.exports = forge.pki = forge.pki || {};\nvar oids = pki.oids;\n\n// short name OID mappings\nvar _shortNames = {};\n_shortNames['CN'] = oids['commonName'];\n_shortNames['commonName'] = 'CN';\n_shortNames['C'] = oids['countryName'];\n_shortNames['countryName'] = 'C';\n_shortNames['L'] = oids['localityName'];\n_shortNames['localityName'] = 'L';\n_shortNames['ST'] = oids['stateOrProvinceName'];\n_shortNames['stateOrProvinceName'] = 'ST';\n_shortNames['O'] = oids['organizationName'];\n_shortNames['organizationName'] = 'O';\n_shortNames['OU'] = oids['organizationalUnitName'];\n_shortNames['organizationalUnitName'] = 'OU';\n_shortNames['E'] = oids['emailAddress'];\n_shortNames['emailAddress'] = 'E';\n\n// validator for an SubjectPublicKeyInfo structure\n// Note: Currently only works with an RSA public key\nvar publicKeyValidator = forge.pki.rsa.publicKeyValidator;\n\n// validator for an X.509v3 certificate\nvar x509CertificateValidator = {\n  name: 'Certificate',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'Certificate.TBSCertificate',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    captureAsn1: 'tbsCertificate',\n    value: [{\n      name: 'Certificate.TBSCertificate.version',\n      tagClass: asn1.Class.CONTEXT_SPECIFIC,\n      type: 0,\n      constructed: true,\n      optional: true,\n      value: [{\n        name: 'Certificate.TBSCertificate.version.integer',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.INTEGER,\n        constructed: false,\n        capture: 'certVersion'\n      }]\n    }, {\n      name: 'Certificate.TBSCertificate.serialNumber',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.INTEGER,\n      constructed: false,\n      capture: 'certSerialNumber'\n    }, {\n      name: 'Certificate.TBSCertificate.signature',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,\n      constructed: true,\n      value: [{\n        name: 'Certificate.TBSCertificate.signature.algorithm',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.OID,\n        constructed: false,\n        capture: 'certinfoSignatureOid'\n      }, {\n        name: 'Certificate.TBSCertificate.signature.parameters',\n        tagClass: asn1.Class.UNIVERSAL,\n        optional: true,\n        captureAsn1: 'certinfoSignatureParams'\n      }]\n    }, {\n      name: 'Certificate.TBSCertificate.issuer',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,\n      constructed: true,\n      captureAsn1: 'certIssuer'\n    }, {\n      name: 'Certificate.TBSCertificate.validity',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,\n      constructed: true,\n      // Note: UTC and generalized times may both appear so the capture\n      // names are based on their detected order, the names used below\n      // are only for the common case, which validity time really means\n      // \"notBefore\" and which means \"notAfter\" will be determined by order\n      value: [{\n        // notBefore (Time) (UTC time case)\n        name: 'Certificate.TBSCertificate.validity.notBefore (utc)',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.UTCTIME,\n        constructed: false,\n        optional: true,\n        capture: 'certValidity1UTCTime'\n      }, {\n        // notBefore (Time) (generalized time case)\n        name: 'Certificate.TBSCertificate.validity.notBefore (generalized)',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.GENERALIZEDTIME,\n        constructed: false,\n        optional: true,\n        capture: 'certValidity2GeneralizedTime'\n      }, {\n        // notAfter (Time) (only UTC time is supported)\n        name: 'Certificate.TBSCertificate.validity.notAfter (utc)',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.UTCTIME,\n        constructed: false,\n        optional: true,\n        capture: 'certValidity3UTCTime'\n      }, {\n        // notAfter (Time) (only UTC time is supported)\n        name: 'Certificate.TBSCertificate.validity.notAfter (generalized)',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.GENERALIZEDTIME,\n        constructed: false,\n        optional: true,\n        capture: 'certValidity4GeneralizedTime'\n      }]\n    }, {\n      // Name (subject) (RDNSequence)\n      name: 'Certificate.TBSCertificate.subject',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,\n      constructed: true,\n      captureAsn1: 'certSubject'\n    },\n    // SubjectPublicKeyInfo\n    publicKeyValidator,\n    {\n      // issuerUniqueID (optional)\n      name: 'Certificate.TBSCertificate.issuerUniqueID',\n      tagClass: asn1.Class.CONTEXT_SPECIFIC,\n      type: 1,\n      constructed: true,\n      optional: true,\n      value: [{\n        name: 'Certificate.TBSCertificate.issuerUniqueID.id',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.BITSTRING,\n        constructed: false,\n        // TODO: support arbitrary bit length ids\n        captureBitStringValue: 'certIssuerUniqueId'\n      }]\n    }, {\n      // subjectUniqueID (optional)\n      name: 'Certificate.TBSCertificate.subjectUniqueID',\n      tagClass: asn1.Class.CONTEXT_SPECIFIC,\n      type: 2,\n      constructed: true,\n      optional: true,\n      value: [{\n        name: 'Certificate.TBSCertificate.subjectUniqueID.id',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.BITSTRING,\n        constructed: false,\n        // TODO: support arbitrary bit length ids\n        captureBitStringValue: 'certSubjectUniqueId'\n      }]\n    }, {\n      // Extensions (optional)\n      name: 'Certificate.TBSCertificate.extensions',\n      tagClass: asn1.Class.CONTEXT_SPECIFIC,\n      type: 3,\n      constructed: true,\n      captureAsn1: 'certExtensions',\n      optional: true\n    }]\n  }, {\n    // AlgorithmIdentifier (signature algorithm)\n    name: 'Certificate.signatureAlgorithm',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    value: [{\n      // algorithm\n      name: 'Certificate.signatureAlgorithm.algorithm',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.OID,\n      constructed: false,\n      capture: 'certSignatureOid'\n    }, {\n      name: 'Certificate.TBSCertificate.signature.parameters',\n      tagClass: asn1.Class.UNIVERSAL,\n      optional: true,\n      captureAsn1: 'certSignatureParams'\n    }]\n  }, {\n    // SignatureValue\n    name: 'Certificate.signatureValue',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.BITSTRING,\n    constructed: false,\n    captureBitStringValue: 'certSignature'\n  }]\n};\n\nvar rsassaPssParameterValidator = {\n  name: 'rsapss',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  value: [{\n    name: 'rsapss.hashAlgorithm',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    type: 0,\n    constructed: true,\n    value: [{\n      name: 'rsapss.hashAlgorithm.AlgorithmIdentifier',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Class.SEQUENCE,\n      constructed: true,\n      optional: true,\n      value: [{\n        name: 'rsapss.hashAlgorithm.AlgorithmIdentifier.algorithm',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.OID,\n        constructed: false,\n        capture: 'hashOid'\n        /* parameter block omitted, for SHA1 NULL anyhow. */\n      }]\n    }]\n  }, {\n    name: 'rsapss.maskGenAlgorithm',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    type: 1,\n    constructed: true,\n    value: [{\n      name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Class.SEQUENCE,\n      constructed: true,\n      optional: true,\n      value: [{\n        name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.algorithm',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.OID,\n        constructed: false,\n        capture: 'maskGenOid'\n      }, {\n        name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.params',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.SEQUENCE,\n        constructed: true,\n        value: [{\n          name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.params.algorithm',\n          tagClass: asn1.Class.UNIVERSAL,\n          type: asn1.Type.OID,\n          constructed: false,\n          capture: 'maskGenHashOid'\n          /* parameter block omitted, for SHA1 NULL anyhow. */\n        }]\n      }]\n    }]\n  }, {\n    name: 'rsapss.saltLength',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    type: 2,\n    optional: true,\n    value: [{\n      name: 'rsapss.saltLength.saltLength',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Class.INTEGER,\n      constructed: false,\n      capture: 'saltLength'\n    }]\n  }, {\n    name: 'rsapss.trailerField',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    type: 3,\n    optional: true,\n    value: [{\n      name: 'rsapss.trailer.trailer',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Class.INTEGER,\n      constructed: false,\n      capture: 'trailer'\n    }]\n  }]\n};\n\n// validator for a CertificationRequestInfo structure\nvar certificationRequestInfoValidator = {\n  name: 'CertificationRequestInfo',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  captureAsn1: 'certificationRequestInfo',\n  value: [{\n    name: 'CertificationRequestInfo.integer',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.INTEGER,\n    constructed: false,\n    capture: 'certificationRequestInfoVersion'\n  }, {\n    // Name (subject) (RDNSequence)\n    name: 'CertificationRequestInfo.subject',\n    tagClass: asn1.Class.UNIVERSAL,\n    type: asn1.Type.SEQUENCE,\n    constructed: true,\n    captureAsn1: 'certificationRequestInfoSubject'\n  },\n  // SubjectPublicKeyInfo\n  publicKeyValidator,\n  {\n    name: 'CertificationRequestInfo.attributes',\n    tagClass: asn1.Class.CONTEXT_SPECIFIC,\n    type: 0,\n    constructed: true,\n    optional: true,\n    capture: 'certificationRequestInfoAttributes',\n    value: [{\n      name: 'CertificationRequestInfo.attributes',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,\n      constructed: true,\n      value: [{\n        name: 'CertificationRequestInfo.attributes.type',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.OID,\n        constructed: false\n      }, {\n        name: 'CertificationRequestInfo.attributes.value',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.SET,\n        constructed: true\n      }]\n    }]\n  }]\n};\n\n// validator for a CertificationRequest structure\nvar certificationRequestValidator = {\n  name: 'CertificationRequest',\n  tagClass: asn1.Class.UNIVERSAL,\n  type: asn1.Type.SEQUENCE,\n  constructed: true,\n  captureAsn1: 'csr',\n  value: [\n    certificationRequestInfoValidator, {\n      // AlgorithmIdentifier (signature algorithm)\n      name: 'CertificationRequest.signatureAlgorithm',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.SEQUENCE,\n      constructed: true,\n      value: [{\n        // algorithm\n        name: 'CertificationRequest.signatureAlgorithm.algorithm',\n        tagClass: asn1.Class.UNIVERSAL,\n        type: asn1.Type.OID,\n        constructed: false,\n        capture: 'csrSignatureOid'\n      }, {\n        name: 'CertificationRequest.signatureAlgorithm.parameters',\n        tagClass: asn1.Class.UNIVERSAL,\n        optional: true,\n        captureAsn1: 'csrSignatureParams'\n      }]\n    }, {\n      // signature\n      name: 'CertificationRequest.signature',\n      tagClass: asn1.Class.UNIVERSAL,\n      type: asn1.Type.BITSTRING,\n      constructed: false,\n      captureBitStringValue: 'csrSignature'\n    }\n  ]\n};\n\n/**\n * Converts an RDNSequence of ASN.1 DER-encoded RelativeDistinguishedName\n * sets into an array with objects that have type and value properties.\n *\n * @param rdn the RDNSequence to convert.\n * @param md a message digest to append type and value to if provided.\n */\npki.RDNAttributesAsArray = function(rdn, md) {\n  var rval = [];\n\n  // each value in 'rdn' in is a SET of RelativeDistinguishedName\n  var set, attr, obj;\n  for(var si = 0; si < rdn.value.length; ++si) {\n    // get the RelativeDistinguishedName set\n    set = rdn.value[si];\n\n    // each value in the SET is an AttributeTypeAndValue sequence\n    // containing first a type (an OID) and second a value (defined by\n    // the OID)\n    for(var i = 0; i < set.value.length; ++i) {\n      obj = {};\n      attr = set.value[i];\n      obj.type = asn1.derToOid(attr.value[0].value);\n      obj.value = attr.value[1].value;\n      obj.valueTagClass = attr.value[1].type;\n      // if the OID is known, get its name and short name\n      if(obj.type in oids) {\n        obj.name = oids[obj.type];\n        if(obj.name in _shortNames) {\n          obj.shortName = _shortNames[obj.name];\n        }\n      }\n      if(md) {\n        md.update(obj.type);\n        md.update(obj.value);\n      }\n      rval.push(obj);\n    }\n  }\n\n  return rval;\n};\n\n/**\n * Converts ASN.1 CRIAttributes into an array with objects that have type and\n * value properties.\n *\n * @param attributes the CRIAttributes to convert.\n */\npki.CRIAttributesAsArray = function(attributes) {\n  var rval = [];\n\n  // each value in 'attributes' in is a SEQUENCE with an OID and a SET\n  for(var si = 0; si < attributes.length; ++si) {\n    // get the attribute sequence\n    var seq = attributes[si];\n\n    // each value in the SEQUENCE containing first a type (an OID) and\n    // second a set of values (defined by the OID)\n    var type = asn1.derToOid(seq.value[0].value);\n    var values = seq.value[1].value;\n    for(var vi = 0; vi < values.length; ++vi) {\n      var obj = {};\n      obj.type = type;\n      obj.value = values[vi].value;\n      obj.valueTagClass = values[vi].type;\n      // if the OID is known, get its name and short name\n      if(obj.type in oids) {\n        obj.name = oids[obj.type];\n        if(obj.name in _shortNames) {\n          obj.shortName = _shortNames[obj.name];\n        }\n      }\n      // parse extensions\n      if(obj.type === oids.extensionRequest) {\n        obj.extensions = [];\n        for(var ei = 0; ei < obj.value.length; ++ei) {\n          obj.extensions.push(pki.certificateExtensionFromAsn1(obj.value[ei]));\n        }\n      }\n      rval.push(obj);\n    }\n  }\n\n  return rval;\n};\n\n/**\n * Gets an issuer or subject attribute from its name, type, or short name.\n *\n * @param obj the issuer or subject object.\n * @param options a short name string or an object with:\n *          shortName the short name for the attribute.\n *          name the name for the attribute.\n *          type the type for the attribute.\n *\n * @return the attribute.\n */\nfunction _getAttribute(obj, options) {\n  if(typeof options === 'string') {\n    options = {shortName: options};\n  }\n\n  var rval = null;\n  var attr;\n  for(var i = 0; rval === null && i < obj.attributes.length; ++i) {\n    attr = obj.attributes[i];\n    if(options.type && options.type === attr.type) {\n      rval = attr;\n    } else if(options.name && options.name === attr.name) {\n      rval = attr;\n    } else if(options.shortName && options.shortName === attr.shortName) {\n      rval = attr;\n    }\n  }\n  return rval;\n}\n\n/**\n * Converts signature parameters from ASN.1 structure.\n *\n * Currently only RSASSA-PSS supported.  The PKCS#1 v1.5 signature scheme had\n * no parameters.\n *\n * RSASSA-PSS-params  ::=  SEQUENCE  {\n *   hashAlgorithm      [0] HashAlgorithm DEFAULT\n *                             sha1Identifier,\n *   maskGenAlgorithm   [1] MaskGenAlgorithm DEFAULT\n *                             mgf1SHA1Identifier,\n *   saltLength         [2] INTEGER DEFAULT 20,\n *   trailerField       [3] INTEGER DEFAULT 1\n * }\n *\n * HashAlgorithm  ::=  AlgorithmIdentifier\n *\n * MaskGenAlgorithm  ::=  AlgorithmIdentifier\n *\n * AlgorithmIdentifer ::= SEQUENCE {\n *   algorithm OBJECT IDENTIFIER,\n *   parameters ANY DEFINED BY algorithm OPTIONAL\n * }\n *\n * @param oid The OID specifying the signature algorithm\n * @param obj The ASN.1 structure holding the parameters\n * @param fillDefaults Whether to use return default values where omitted\n * @return signature parameter object\n */\nvar _readSignatureParameters = function(oid, obj, fillDefaults) {\n  var params = {};\n\n  if(oid !== oids['RSASSA-PSS']) {\n    return params;\n  }\n\n  if(fillDefaults) {\n    params = {\n      hash: {\n        algorithmOid: oids['sha1']\n      },\n      mgf: {\n        algorithmOid: oids['mgf1'],\n        hash: {\n          algorithmOid: oids['sha1']\n        }\n      },\n      saltLength: 20\n    };\n  }\n\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(obj, rsassaPssParameterValidator, capture, errors)) {\n    var error = new Error('Cannot read RSASSA-PSS parameter block.');\n    error.errors = errors;\n    throw error;\n  }\n\n  if(capture.hashOid !== undefined) {\n    params.hash = params.hash || {};\n    params.hash.algorithmOid = asn1.derToOid(capture.hashOid);\n  }\n\n  if(capture.maskGenOid !== undefined) {\n    params.mgf = params.mgf || {};\n    params.mgf.algorithmOid = asn1.derToOid(capture.maskGenOid);\n    params.mgf.hash = params.mgf.hash || {};\n    params.mgf.hash.algorithmOid = asn1.derToOid(capture.maskGenHashOid);\n  }\n\n  if(capture.saltLength !== undefined) {\n    params.saltLength = capture.saltLength.charCodeAt(0);\n  }\n\n  return params;\n};\n\n/**\n * Create signature digest for OID.\n *\n * @param options\n *   signatureOid: the OID specifying the signature algorithm.\n *   type: a human readable type for error messages\n * @return a created md instance. throws if unknown oid.\n */\nvar _createSignatureDigest = function(options) {\n  switch(oids[options.signatureOid]) {\n    case 'sha1WithRSAEncryption':\n    // deprecated alias\n    case 'sha1WithRSASignature':\n      return forge.md.sha1.create();\n    case 'md5WithRSAEncryption':\n      return forge.md.md5.create();\n    case 'sha256WithRSAEncryption':\n      return forge.md.sha256.create();\n    case 'sha384WithRSAEncryption':\n      return forge.md.sha384.create();\n    case 'sha512WithRSAEncryption':\n      return forge.md.sha512.create();\n    case 'RSASSA-PSS':\n      return forge.md.sha256.create();\n    default:\n      var error = new Error(\n        'Could not compute ' + options.type + ' digest. ' +\n        'Unknown signature OID.');\n      error.signatureOid = options.signatureOid;\n      throw error;\n  }\n};\n\n/**\n * Verify signature on certificate or CSR.\n *\n * @param options:\n *   certificate the certificate or CSR to verify.\n *   md the signature digest.\n *   signature the signature\n * @return a created md instance. throws if unknown oid.\n */\nvar _verifySignature = function(options) {\n  var cert = options.certificate;\n  var scheme;\n\n  switch(cert.signatureOid) {\n    case oids.sha1WithRSAEncryption:\n    // deprecated alias\n    case oids.sha1WithRSASignature:\n      /* use PKCS#1 v1.5 padding scheme */\n      break;\n    case oids['RSASSA-PSS']:\n      var hash, mgf;\n\n      /* initialize mgf */\n      hash = oids[cert.signatureParameters.mgf.hash.algorithmOid];\n      if(hash === undefined || forge.md[hash] === undefined) {\n        var error = new Error('Unsupported MGF hash function.');\n        error.oid = cert.signatureParameters.mgf.hash.algorithmOid;\n        error.name = hash;\n        throw error;\n      }\n\n      mgf = oids[cert.signatureParameters.mgf.algorithmOid];\n      if(mgf === undefined || forge.mgf[mgf] === undefined) {\n        var error = new Error('Unsupported MGF function.');\n        error.oid = cert.signatureParameters.mgf.algorithmOid;\n        error.name = mgf;\n        throw error;\n      }\n\n      mgf = forge.mgf[mgf].create(forge.md[hash].create());\n\n      /* initialize hash function */\n      hash = oids[cert.signatureParameters.hash.algorithmOid];\n      if(hash === undefined || forge.md[hash] === undefined) {\n        var error = new Error('Unsupported RSASSA-PSS hash function.');\n        error.oid = cert.signatureParameters.hash.algorithmOid;\n        error.name = hash;\n        throw error;\n      }\n\n      scheme = forge.pss.create(\n        forge.md[hash].create(), mgf, cert.signatureParameters.saltLength\n      );\n      break;\n  }\n\n  // verify signature on cert using public key\n  return cert.publicKey.verify(\n    options.md.digest().getBytes(), options.signature, scheme\n  );\n};\n\n/**\n * Converts an X.509 certificate from PEM format.\n *\n * Note: If the certificate is to be verified then compute hash should\n * be set to true. This will scan the TBSCertificate part of the ASN.1\n * object while it is converted so it doesn't need to be converted back\n * to ASN.1-DER-encoding later.\n *\n * @param pem the PEM-formatted certificate.\n * @param computeHash true to compute the hash for verification.\n * @param strict true to be strict when checking ASN.1 value lengths, false to\n *          allow truncated values (default: true).\n *\n * @return the certificate.\n */\npki.certificateFromPem = function(pem, computeHash, strict) {\n  var msg = forge.pem.decode(pem)[0];\n\n  if(msg.type !== 'CERTIFICATE' &&\n    msg.type !== 'X509 CERTIFICATE' &&\n    msg.type !== 'TRUSTED CERTIFICATE') {\n    var error = new Error(\n      'Could not convert certificate from PEM; PEM header type ' +\n      'is not \"CERTIFICATE\", \"X509 CERTIFICATE\", or \"TRUSTED CERTIFICATE\".');\n    error.headerType = msg.type;\n    throw error;\n  }\n  if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n    throw new Error(\n      'Could not convert certificate from PEM; PEM is encrypted.');\n  }\n\n  // convert DER to ASN.1 object\n  var obj = asn1.fromDer(msg.body, strict);\n\n  return pki.certificateFromAsn1(obj, computeHash);\n};\n\n/**\n * Converts an X.509 certificate to PEM format.\n *\n * @param cert the certificate.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted certificate.\n */\npki.certificateToPem = function(cert, maxline) {\n  // convert to ASN.1, then DER, then PEM-encode\n  var msg = {\n    type: 'CERTIFICATE',\n    body: asn1.toDer(pki.certificateToAsn1(cert)).getBytes()\n  };\n  return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Converts an RSA public key from PEM format.\n *\n * @param pem the PEM-formatted public key.\n *\n * @return the public key.\n */\npki.publicKeyFromPem = function(pem) {\n  var msg = forge.pem.decode(pem)[0];\n\n  if(msg.type !== 'PUBLIC KEY' && msg.type !== 'RSA PUBLIC KEY') {\n    var error = new Error('Could not convert public key from PEM; PEM header ' +\n      'type is not \"PUBLIC KEY\" or \"RSA PUBLIC KEY\".');\n    error.headerType = msg.type;\n    throw error;\n  }\n  if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n    throw new Error('Could not convert public key from PEM; PEM is encrypted.');\n  }\n\n  // convert DER to ASN.1 object\n  var obj = asn1.fromDer(msg.body);\n\n  return pki.publicKeyFromAsn1(obj);\n};\n\n/**\n * Converts an RSA public key to PEM format (using a SubjectPublicKeyInfo).\n *\n * @param key the public key.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted public key.\n */\npki.publicKeyToPem = function(key, maxline) {\n  // convert to ASN.1, then DER, then PEM-encode\n  var msg = {\n    type: 'PUBLIC KEY',\n    body: asn1.toDer(pki.publicKeyToAsn1(key)).getBytes()\n  };\n  return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Converts an RSA public key to PEM format (using an RSAPublicKey).\n *\n * @param key the public key.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted public key.\n */\npki.publicKeyToRSAPublicKeyPem = function(key, maxline) {\n  // convert to ASN.1, then DER, then PEM-encode\n  var msg = {\n    type: 'RSA PUBLIC KEY',\n    body: asn1.toDer(pki.publicKeyToRSAPublicKey(key)).getBytes()\n  };\n  return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Gets a fingerprint for the given public key.\n *\n * @param options the options to use.\n *          [md] the message digest object to use (defaults to forge.md.sha1).\n *          [type] the type of fingerprint, such as 'RSAPublicKey',\n *            'SubjectPublicKeyInfo' (defaults to 'RSAPublicKey').\n *          [encoding] an alternative output encoding, such as 'hex'\n *            (defaults to none, outputs a byte buffer).\n *          [delimiter] the delimiter to use between bytes for 'hex' encoded\n *            output, eg: ':' (defaults to none).\n *\n * @return the fingerprint as a byte buffer or other encoding based on options.\n */\npki.getPublicKeyFingerprint = function(key, options) {\n  options = options || {};\n  var md = options.md || forge.md.sha1.create();\n  var type = options.type || 'RSAPublicKey';\n\n  var bytes;\n  switch(type) {\n    case 'RSAPublicKey':\n      bytes = asn1.toDer(pki.publicKeyToRSAPublicKey(key)).getBytes();\n      break;\n    case 'SubjectPublicKeyInfo':\n      bytes = asn1.toDer(pki.publicKeyToAsn1(key)).getBytes();\n      break;\n    default:\n      throw new Error('Unknown fingerprint type \"' + options.type + '\".');\n  }\n\n  // hash public key bytes\n  md.start();\n  md.update(bytes);\n  var digest = md.digest();\n  if(options.encoding === 'hex') {\n    var hex = digest.toHex();\n    if(options.delimiter) {\n      return hex.match(/.{2}/g).join(options.delimiter);\n    }\n    return hex;\n  } else if(options.encoding === 'binary') {\n    return digest.getBytes();\n  } else if(options.encoding) {\n    throw new Error('Unknown encoding \"' + options.encoding + '\".');\n  }\n  return digest;\n};\n\n/**\n * Converts a PKCS#10 certification request (CSR) from PEM format.\n *\n * Note: If the certification request is to be verified then compute hash\n * should be set to true. This will scan the CertificationRequestInfo part of\n * the ASN.1 object while it is converted so it doesn't need to be converted\n * back to ASN.1-DER-encoding later.\n *\n * @param pem the PEM-formatted certificate.\n * @param computeHash true to compute the hash for verification.\n * @param strict true to be strict when checking ASN.1 value lengths, false to\n *          allow truncated values (default: true).\n *\n * @return the certification request (CSR).\n */\npki.certificationRequestFromPem = function(pem, computeHash, strict) {\n  var msg = forge.pem.decode(pem)[0];\n\n  if(msg.type !== 'CERTIFICATE REQUEST') {\n    var error = new Error('Could not convert certification request from PEM; ' +\n      'PEM header type is not \"CERTIFICATE REQUEST\".');\n    error.headerType = msg.type;\n    throw error;\n  }\n  if(msg.procType && msg.procType.type === 'ENCRYPTED') {\n    throw new Error('Could not convert certification request from PEM; ' +\n      'PEM is encrypted.');\n  }\n\n  // convert DER to ASN.1 object\n  var obj = asn1.fromDer(msg.body, strict);\n\n  return pki.certificationRequestFromAsn1(obj, computeHash);\n};\n\n/**\n * Converts a PKCS#10 certification request (CSR) to PEM format.\n *\n * @param csr the certification request.\n * @param maxline the maximum characters per line, defaults to 64.\n *\n * @return the PEM-formatted certification request.\n */\npki.certificationRequestToPem = function(csr, maxline) {\n  // convert to ASN.1, then DER, then PEM-encode\n  var msg = {\n    type: 'CERTIFICATE REQUEST',\n    body: asn1.toDer(pki.certificationRequestToAsn1(csr)).getBytes()\n  };\n  return forge.pem.encode(msg, {maxline: maxline});\n};\n\n/**\n * Creates an empty X.509v3 RSA certificate.\n *\n * @return the certificate.\n */\npki.createCertificate = function() {\n  var cert = {};\n  cert.version = 0x02;\n  cert.serialNumber = '00';\n  cert.signatureOid = null;\n  cert.signature = null;\n  cert.siginfo = {};\n  cert.siginfo.algorithmOid = null;\n  cert.validity = {};\n  cert.validity.notBefore = new Date();\n  cert.validity.notAfter = new Date();\n\n  cert.issuer = {};\n  cert.issuer.getField = function(sn) {\n    return _getAttribute(cert.issuer, sn);\n  };\n  cert.issuer.addField = function(attr) {\n    _fillMissingFields([attr]);\n    cert.issuer.attributes.push(attr);\n  };\n  cert.issuer.attributes = [];\n  cert.issuer.hash = null;\n\n  cert.subject = {};\n  cert.subject.getField = function(sn) {\n    return _getAttribute(cert.subject, sn);\n  };\n  cert.subject.addField = function(attr) {\n    _fillMissingFields([attr]);\n    cert.subject.attributes.push(attr);\n  };\n  cert.subject.attributes = [];\n  cert.subject.hash = null;\n\n  cert.extensions = [];\n  cert.publicKey = null;\n  cert.md = null;\n\n  /**\n   * Sets the subject of this certificate.\n   *\n   * @param attrs the array of subject attributes to use.\n   * @param uniqueId an optional a unique ID to use.\n   */\n  cert.setSubject = function(attrs, uniqueId) {\n    // set new attributes, clear hash\n    _fillMissingFields(attrs);\n    cert.subject.attributes = attrs;\n    delete cert.subject.uniqueId;\n    if(uniqueId) {\n      // TODO: support arbitrary bit length ids\n      cert.subject.uniqueId = uniqueId;\n    }\n    cert.subject.hash = null;\n  };\n\n  /**\n   * Sets the issuer of this certificate.\n   *\n   * @param attrs the array of issuer attributes to use.\n   * @param uniqueId an optional a unique ID to use.\n   */\n  cert.setIssuer = function(attrs, uniqueId) {\n    // set new attributes, clear hash\n    _fillMissingFields(attrs);\n    cert.issuer.attributes = attrs;\n    delete cert.issuer.uniqueId;\n    if(uniqueId) {\n      // TODO: support arbitrary bit length ids\n      cert.issuer.uniqueId = uniqueId;\n    }\n    cert.issuer.hash = null;\n  };\n\n  /**\n   * Sets the extensions of this certificate.\n   *\n   * @param exts the array of extensions to use.\n   */\n  cert.setExtensions = function(exts) {\n    for(var i = 0; i < exts.length; ++i) {\n      _fillMissingExtensionFields(exts[i], {cert: cert});\n    }\n    // set new extensions\n    cert.extensions = exts;\n  };\n\n  /**\n   * Gets an extension by its name or id.\n   *\n   * @param options the name to use or an object with:\n   *          name the name to use.\n   *          id the id to use.\n   *\n   * @return the extension or null if not found.\n   */\n  cert.getExtension = function(options) {\n    if(typeof options === 'string') {\n      options = {name: options};\n    }\n\n    var rval = null;\n    var ext;\n    for(var i = 0; rval === null && i < cert.extensions.length; ++i) {\n      ext = cert.extensions[i];\n      if(options.id && ext.id === options.id) {\n        rval = ext;\n      } else if(options.name && ext.name === options.name) {\n        rval = ext;\n      }\n    }\n    return rval;\n  };\n\n  /**\n   * Signs this certificate using the given private key.\n   *\n   * @param key the private key to sign with.\n   * @param md the message digest object to use (defaults to forge.md.sha1).\n   */\n  cert.sign = function(key, md) {\n    // TODO: get signature OID from private key\n    cert.md = md || forge.md.sha1.create();\n    var algorithmOid = oids[cert.md.algorithm + 'WithRSAEncryption'];\n    if(!algorithmOid) {\n      var error = new Error('Could not compute certificate digest. ' +\n        'Unknown message digest algorithm OID.');\n      error.algorithm = cert.md.algorithm;\n      throw error;\n    }\n    cert.signatureOid = cert.siginfo.algorithmOid = algorithmOid;\n\n    // get TBSCertificate, convert to DER\n    cert.tbsCertificate = pki.getTBSCertificate(cert);\n    var bytes = asn1.toDer(cert.tbsCertificate);\n\n    // digest and sign\n    cert.md.update(bytes.getBytes());\n    cert.signature = key.sign(cert.md);\n  };\n\n  /**\n   * Attempts verify the signature on the passed certificate using this\n   * certificate's public key.\n   *\n   * @param child the certificate to verify.\n   *\n   * @return true if verified, false if not.\n   */\n  cert.verify = function(child) {\n    var rval = false;\n\n    if(!cert.issued(child)) {\n      var issuer = child.issuer;\n      var subject = cert.subject;\n      var error = new Error(\n        'The parent certificate did not issue the given child ' +\n        'certificate; the child certificate\\'s issuer does not match the ' +\n        'parent\\'s subject.');\n      error.expectedIssuer = subject.attributes;\n      error.actualIssuer = issuer.attributes;\n      throw error;\n    }\n\n    var md = child.md;\n    if(md === null) {\n      // create digest for OID signature types\n      md = _createSignatureDigest({\n        signatureOid: child.signatureOid,\n        type: 'certificate'\n      });\n\n      // produce DER formatted TBSCertificate and digest it\n      var tbsCertificate = child.tbsCertificate || pki.getTBSCertificate(child);\n      var bytes = asn1.toDer(tbsCertificate);\n      md.update(bytes.getBytes());\n    }\n\n    if(md !== null) {\n      rval = _verifySignature({\n        certificate: cert, md: md, signature: child.signature\n      });\n    }\n\n    return rval;\n  };\n\n  /**\n   * Returns true if this certificate's issuer matches the passed\n   * certificate's subject. Note that no signature check is performed.\n   *\n   * @param parent the certificate to check.\n   *\n   * @return true if this certificate's issuer matches the passed certificate's\n   *         subject.\n   */\n  cert.isIssuer = function(parent) {\n    var rval = false;\n\n    var i = cert.issuer;\n    var s = parent.subject;\n\n    // compare hashes if present\n    if(i.hash && s.hash) {\n      rval = (i.hash === s.hash);\n    } else if(i.attributes.length === s.attributes.length) {\n      // all attributes are the same so issuer matches subject\n      rval = true;\n      var iattr, sattr;\n      for(var n = 0; rval && n < i.attributes.length; ++n) {\n        iattr = i.attributes[n];\n        sattr = s.attributes[n];\n        if(iattr.type !== sattr.type || iattr.value !== sattr.value) {\n          // attribute mismatch\n          rval = false;\n        }\n      }\n    }\n\n    return rval;\n  };\n\n  /**\n   * Returns true if this certificate's subject matches the issuer of the\n   * given certificate). Note that not signature check is performed.\n   *\n   * @param child the certificate to check.\n   *\n   * @return true if this certificate's subject matches the passed\n   *         certificate's issuer.\n   */\n  cert.issued = function(child) {\n    return child.isIssuer(cert);\n  };\n\n  /**\n   * Generates the subjectKeyIdentifier for this certificate as byte buffer.\n   *\n   * @return the subjectKeyIdentifier for this certificate as byte buffer.\n   */\n  cert.generateSubjectKeyIdentifier = function() {\n    /* See: 4.2.1.2 section of the the RFC3280, keyIdentifier is either:\n\n      (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the\n        value of the BIT STRING subjectPublicKey (excluding the tag,\n        length, and number of unused bits).\n\n      (2) The keyIdentifier is composed of a four bit type field with\n        the value 0100 followed by the least significant 60 bits of the\n        SHA-1 hash of the value of the BIT STRING subjectPublicKey\n        (excluding the tag, length, and number of unused bit string bits).\n    */\n\n    // skipping the tag, length, and number of unused bits is the same\n    // as just using the RSAPublicKey (for RSA keys, which are the\n    // only ones supported)\n    return pki.getPublicKeyFingerprint(cert.publicKey, {type: 'RSAPublicKey'});\n  };\n\n  /**\n   * Verifies the subjectKeyIdentifier extension value for this certificate\n   * against its public key. If no extension is found, false will be\n   * returned.\n   *\n   * @return true if verified, false if not.\n   */\n  cert.verifySubjectKeyIdentifier = function() {\n    var oid = oids['subjectKeyIdentifier'];\n    for(var i = 0; i < cert.extensions.length; ++i) {\n      var ext = cert.extensions[i];\n      if(ext.id === oid) {\n        var ski = cert.generateSubjectKeyIdentifier().getBytes();\n        return (forge.util.hexToBytes(ext.subjectKeyIdentifier) === ski);\n      }\n    }\n    return false;\n  };\n\n  return cert;\n};\n\n/**\n * Converts an X.509v3 RSA certificate from an ASN.1 object.\n *\n * Note: If the certificate is to be verified then compute hash should\n * be set to true. There is currently no implementation for converting\n * a certificate back to ASN.1 so the TBSCertificate part of the ASN.1\n * object needs to be scanned before the cert object is created.\n *\n * @param obj the asn1 representation of an X.509v3 RSA certificate.\n * @param computeHash true to compute the hash for verification.\n *\n * @return the certificate.\n */\npki.certificateFromAsn1 = function(obj, computeHash) {\n  // validate certificate and capture data\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(obj, x509CertificateValidator, capture, errors)) {\n    var error = new Error('Cannot read X.509 certificate. ' +\n      'ASN.1 object is not an X509v3 Certificate.');\n    error.errors = errors;\n    throw error;\n  }\n\n  // get oid\n  var oid = asn1.derToOid(capture.publicKeyOid);\n  if(oid !== pki.oids.rsaEncryption) {\n    throw new Error('Cannot read public key. OID is not RSA.');\n  }\n\n  // create certificate\n  var cert = pki.createCertificate();\n  cert.version = capture.certVersion ?\n    capture.certVersion.charCodeAt(0) : 0;\n  var serial = forge.util.createBuffer(capture.certSerialNumber);\n  cert.serialNumber = serial.toHex();\n  cert.signatureOid = forge.asn1.derToOid(capture.certSignatureOid);\n  cert.signatureParameters = _readSignatureParameters(\n    cert.signatureOid, capture.certSignatureParams, true);\n  cert.siginfo.algorithmOid = forge.asn1.derToOid(capture.certinfoSignatureOid);\n  cert.siginfo.parameters = _readSignatureParameters(cert.siginfo.algorithmOid,\n    capture.certinfoSignatureParams, false);\n  cert.signature = capture.certSignature;\n\n  var validity = [];\n  if(capture.certValidity1UTCTime !== undefined) {\n    validity.push(asn1.utcTimeToDate(capture.certValidity1UTCTime));\n  }\n  if(capture.certValidity2GeneralizedTime !== undefined) {\n    validity.push(asn1.generalizedTimeToDate(\n      capture.certValidity2GeneralizedTime));\n  }\n  if(capture.certValidity3UTCTime !== undefined) {\n    validity.push(asn1.utcTimeToDate(capture.certValidity3UTCTime));\n  }\n  if(capture.certValidity4GeneralizedTime !== undefined) {\n    validity.push(asn1.generalizedTimeToDate(\n      capture.certValidity4GeneralizedTime));\n  }\n  if(validity.length > 2) {\n    throw new Error('Cannot read notBefore/notAfter validity times; more ' +\n      'than two times were provided in the certificate.');\n  }\n  if(validity.length < 2) {\n    throw new Error('Cannot read notBefore/notAfter validity times; they ' +\n      'were not provided as either UTCTime or GeneralizedTime.');\n  }\n  cert.validity.notBefore = validity[0];\n  cert.validity.notAfter = validity[1];\n\n  // keep TBSCertificate to preserve signature when exporting\n  cert.tbsCertificate = capture.tbsCertificate;\n\n  if(computeHash) {\n    // create digest for OID signature type\n    cert.md = _createSignatureDigest({\n      signatureOid: cert.signatureOid,\n      type: 'certificate'\n    });\n\n    // produce DER formatted TBSCertificate and digest it\n    var bytes = asn1.toDer(cert.tbsCertificate);\n    cert.md.update(bytes.getBytes());\n  }\n\n  // handle issuer, build issuer message digest\n  var imd = forge.md.sha1.create();\n  var ibytes = asn1.toDer(capture.certIssuer);\n  imd.update(ibytes.getBytes());\n  cert.issuer.getField = function(sn) {\n    return _getAttribute(cert.issuer, sn);\n  };\n  cert.issuer.addField = function(attr) {\n    _fillMissingFields([attr]);\n    cert.issuer.attributes.push(attr);\n  };\n  cert.issuer.attributes = pki.RDNAttributesAsArray(capture.certIssuer);\n  if(capture.certIssuerUniqueId) {\n    cert.issuer.uniqueId = capture.certIssuerUniqueId;\n  }\n  cert.issuer.hash = imd.digest().toHex();\n\n  // handle subject, build subject message digest\n  var smd = forge.md.sha1.create();\n  var sbytes = asn1.toDer(capture.certSubject);\n  smd.update(sbytes.getBytes());\n  cert.subject.getField = function(sn) {\n    return _getAttribute(cert.subject, sn);\n  };\n  cert.subject.addField = function(attr) {\n    _fillMissingFields([attr]);\n    cert.subject.attributes.push(attr);\n  };\n  cert.subject.attributes = pki.RDNAttributesAsArray(capture.certSubject);\n  if(capture.certSubjectUniqueId) {\n    cert.subject.uniqueId = capture.certSubjectUniqueId;\n  }\n  cert.subject.hash = smd.digest().toHex();\n\n  // handle extensions\n  if(capture.certExtensions) {\n    cert.extensions = pki.certificateExtensionsFromAsn1(capture.certExtensions);\n  } else {\n    cert.extensions = [];\n  }\n\n  // convert RSA public key from ASN.1\n  cert.publicKey = pki.publicKeyFromAsn1(capture.subjectPublicKeyInfo);\n\n  return cert;\n};\n\n/**\n * Converts an ASN.1 extensions object (with extension sequences as its\n * values) into an array of extension objects with types and values.\n *\n * Supported extensions:\n *\n * id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }\n * KeyUsage ::= BIT STRING {\n *   digitalSignature        (0),\n *   nonRepudiation          (1),\n *   keyEncipherment         (2),\n *   dataEncipherment        (3),\n *   keyAgreement            (4),\n *   keyCertSign             (5),\n *   cRLSign                 (6),\n *   encipherOnly            (7),\n *   decipherOnly            (8)\n * }\n *\n * id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 }\n * BasicConstraints ::= SEQUENCE {\n *   cA                      BOOLEAN DEFAULT FALSE,\n *   pathLenConstraint       INTEGER (0..MAX) OPTIONAL\n * }\n *\n * subjectAltName EXTENSION ::= {\n *   SYNTAX GeneralNames\n *   IDENTIFIED BY id-ce-subjectAltName\n * }\n *\n * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName\n *\n * GeneralName ::= CHOICE {\n *   otherName      [0] INSTANCE OF OTHER-NAME,\n *   rfc822Name     [1] IA5String,\n *   dNSName        [2] IA5String,\n *   x400Address    [3] ORAddress,\n *   directoryName  [4] Name,\n *   ediPartyName   [5] EDIPartyName,\n *   uniformResourceIdentifier [6] IA5String,\n *   IPAddress      [7] OCTET STRING,\n *   registeredID   [8] OBJECT IDENTIFIER\n * }\n *\n * OTHER-NAME ::= TYPE-IDENTIFIER\n *\n * EDIPartyName ::= SEQUENCE {\n *   nameAssigner [0] DirectoryString {ub-name} OPTIONAL,\n *   partyName    [1] DirectoryString {ub-name}\n * }\n *\n * @param exts the extensions ASN.1 with extension sequences to parse.\n *\n * @return the array.\n */\npki.certificateExtensionsFromAsn1 = function(exts) {\n  var rval = [];\n  for(var i = 0; i < exts.value.length; ++i) {\n    // get extension sequence\n    var extseq = exts.value[i];\n    for(var ei = 0; ei < extseq.value.length; ++ei) {\n      rval.push(pki.certificateExtensionFromAsn1(extseq.value[ei]));\n    }\n  }\n\n  return rval;\n};\n\n/**\n * Parses a single certificate extension from ASN.1.\n *\n * @param ext the extension in ASN.1 format.\n *\n * @return the parsed extension as an object.\n */\npki.certificateExtensionFromAsn1 = function(ext) {\n  // an extension has:\n  // [0] extnID      OBJECT IDENTIFIER\n  // [1] critical    BOOLEAN DEFAULT FALSE\n  // [2] extnValue   OCTET STRING\n  var e = {};\n  e.id = asn1.derToOid(ext.value[0].value);\n  e.critical = false;\n  if(ext.value[1].type === asn1.Type.BOOLEAN) {\n    e.critical = (ext.value[1].value.charCodeAt(0) !== 0x00);\n    e.value = ext.value[2].value;\n  } else {\n    e.value = ext.value[1].value;\n  }\n  // if the oid is known, get its name\n  if(e.id in oids) {\n    e.name = oids[e.id];\n\n    // handle key usage\n    if(e.name === 'keyUsage') {\n      // get value as BIT STRING\n      var ev = asn1.fromDer(e.value);\n      var b2 = 0x00;\n      var b3 = 0x00;\n      if(ev.value.length > 1) {\n        // skip first byte, just indicates unused bits which\n        // will be padded with 0s anyway\n        // get bytes with flag bits\n        b2 = ev.value.charCodeAt(1);\n        b3 = ev.value.length > 2 ? ev.value.charCodeAt(2) : 0;\n      }\n      // set flags\n      e.digitalSignature = (b2 & 0x80) === 0x80;\n      e.nonRepudiation = (b2 & 0x40) === 0x40;\n      e.keyEncipherment = (b2 & 0x20) === 0x20;\n      e.dataEncipherment = (b2 & 0x10) === 0x10;\n      e.keyAgreement = (b2 & 0x08) === 0x08;\n      e.keyCertSign = (b2 & 0x04) === 0x04;\n      e.cRLSign = (b2 & 0x02) === 0x02;\n      e.encipherOnly = (b2 & 0x01) === 0x01;\n      e.decipherOnly = (b3 & 0x80) === 0x80;\n    } else if(e.name === 'basicConstraints') {\n      // handle basic constraints\n      // get value as SEQUENCE\n      var ev = asn1.fromDer(e.value);\n      // get cA BOOLEAN flag (defaults to false)\n      if(ev.value.length > 0 && ev.value[0].type === asn1.Type.BOOLEAN) {\n        e.cA = (ev.value[0].value.charCodeAt(0) !== 0x00);\n      } else {\n        e.cA = false;\n      }\n      // get path length constraint\n      var value = null;\n      if(ev.value.length > 0 && ev.value[0].type === asn1.Type.INTEGER) {\n        value = ev.value[0].value;\n      } else if(ev.value.length > 1) {\n        value = ev.value[1].value;\n      }\n      if(value !== null) {\n        e.pathLenConstraint = asn1.derToInteger(value);\n      }\n    } else if(e.name === 'extKeyUsage') {\n      // handle extKeyUsage\n      // value is a SEQUENCE of OIDs\n      var ev = asn1.fromDer(e.value);\n      for(var vi = 0; vi < ev.value.length; ++vi) {\n        var oid = asn1.derToOid(ev.value[vi].value);\n        if(oid in oids) {\n          e[oids[oid]] = true;\n        } else {\n          e[oid] = true;\n        }\n      }\n    } else if(e.name === 'nsCertType') {\n      // handle nsCertType\n      // get value as BIT STRING\n      var ev = asn1.fromDer(e.value);\n      var b2 = 0x00;\n      if(ev.value.length > 1) {\n        // skip first byte, just indicates unused bits which\n        // will be padded with 0s anyway\n        // get bytes with flag bits\n        b2 = ev.value.charCodeAt(1);\n      }\n      // set flags\n      e.client = (b2 & 0x80) === 0x80;\n      e.server = (b2 & 0x40) === 0x40;\n      e.email = (b2 & 0x20) === 0x20;\n      e.objsign = (b2 & 0x10) === 0x10;\n      e.reserved = (b2 & 0x08) === 0x08;\n      e.sslCA = (b2 & 0x04) === 0x04;\n      e.emailCA = (b2 & 0x02) === 0x02;\n      e.objCA = (b2 & 0x01) === 0x01;\n    } else if(\n      e.name === 'subjectAltName' ||\n      e.name === 'issuerAltName') {\n      // handle subjectAltName/issuerAltName\n      e.altNames = [];\n\n      // ev is a SYNTAX SEQUENCE\n      var gn;\n      var ev = asn1.fromDer(e.value);\n      for(var n = 0; n < ev.value.length; ++n) {\n        // get GeneralName\n        gn = ev.value[n];\n\n        var altName = {\n          type: gn.type,\n          value: gn.value\n        };\n        e.altNames.push(altName);\n\n        // Note: Support for types 1,2,6,7,8\n        switch(gn.type) {\n          // rfc822Name\n          case 1:\n          // dNSName\n          case 2:\n          // uniformResourceIdentifier (URI)\n          case 6:\n            break;\n          // IPAddress\n          case 7:\n            // convert to IPv4/IPv6 string representation\n            altName.ip = forge.util.bytesToIP(gn.value);\n            break;\n          // registeredID\n          case 8:\n            altName.oid = asn1.derToOid(gn.value);\n            break;\n          default:\n            // unsupported\n        }\n      }\n    } else if(e.name === 'subjectKeyIdentifier') {\n      // value is an OCTETSTRING w/the hash of the key-type specific\n      // public key structure (eg: RSAPublicKey)\n      var ev = asn1.fromDer(e.value);\n      e.subjectKeyIdentifier = forge.util.bytesToHex(ev.value);\n    }\n  }\n  return e;\n};\n\n/**\n * Converts a PKCS#10 certification request (CSR) from an ASN.1 object.\n *\n * Note: If the certification request is to be verified then compute hash\n * should be set to true. There is currently no implementation for converting\n * a certificate back to ASN.1 so the CertificationRequestInfo part of the\n * ASN.1 object needs to be scanned before the csr object is created.\n *\n * @param obj the asn1 representation of a PKCS#10 certification request (CSR).\n * @param computeHash true to compute the hash for verification.\n *\n * @return the certification request (CSR).\n */\npki.certificationRequestFromAsn1 = function(obj, computeHash) {\n  // validate certification request and capture data\n  var capture = {};\n  var errors = [];\n  if(!asn1.validate(obj, certificationRequestValidator, capture, errors)) {\n    var error = new Error('Cannot read PKCS#10 certificate request. ' +\n      'ASN.1 object is not a PKCS#10 CertificationRequest.');\n    error.errors = errors;\n    throw error;\n  }\n\n  // get oid\n  var oid = asn1.derToOid(capture.publicKeyOid);\n  if(oid !== pki.oids.rsaEncryption) {\n    throw new Error('Cannot read public key. OID is not RSA.');\n  }\n\n  // create certification request\n  var csr = pki.createCertificationRequest();\n  csr.version = capture.csrVersion ? capture.csrVersion.charCodeAt(0) : 0;\n  csr.signatureOid = forge.asn1.derToOid(capture.csrSignatureOid);\n  csr.signatureParameters = _readSignatureParameters(\n    csr.signatureOid, capture.csrSignatureParams, true);\n  csr.siginfo.algorithmOid = forge.asn1.derToOid(capture.csrSignatureOid);\n  csr.siginfo.parameters = _readSignatureParameters(\n    csr.siginfo.algorithmOid, capture.csrSignatureParams, false);\n  csr.signature = capture.csrSignature;\n\n  // keep CertificationRequestInfo to preserve signature when exporting\n  csr.certificationRequestInfo = capture.certificationRequestInfo;\n\n  if(computeHash) {\n    // create digest for OID signature type\n    csr.md = _createSignatureDigest({\n      signatureOid: csr.signatureOid,\n      type: 'certification request'\n    });\n\n    // produce DER formatted CertificationRequestInfo and digest it\n    var bytes = asn1.toDer(csr.certificationRequestInfo);\n    csr.md.update(bytes.getBytes());\n  }\n\n  // handle subject, build subject message digest\n  var smd = forge.md.sha1.create();\n  csr.subject.getField = function(sn) {\n    return _getAttribute(csr.subject, sn);\n  };\n  csr.subject.addField = function(attr) {\n    _fillMissingFields([attr]);\n    csr.subject.attributes.push(attr);\n  };\n  csr.subject.attributes = pki.RDNAttributesAsArray(\n    capture.certificationRequestInfoSubject, smd);\n  csr.subject.hash = smd.digest().toHex();\n\n  // convert RSA public key from ASN.1\n  csr.publicKey = pki.publicKeyFromAsn1(capture.subjectPublicKeyInfo);\n\n  // convert attributes from ASN.1\n  csr.getAttribute = function(sn) {\n    return _getAttribute(csr, sn);\n  };\n  csr.addAttribute = function(attr) {\n    _fillMissingFields([attr]);\n    csr.attributes.push(attr);\n  };\n  csr.attributes = pki.CRIAttributesAsArray(\n    capture.certificationRequestInfoAttributes || []);\n\n  return csr;\n};\n\n/**\n * Creates an empty certification request (a CSR or certificate signing\n * request). Once created, its public key and attributes can be set and then\n * it can be signed.\n *\n * @return the empty certification request.\n */\npki.createCertificationRequest = function() {\n  var csr = {};\n  csr.version = 0x00;\n  csr.signatureOid = null;\n  csr.signature = null;\n  csr.siginfo = {};\n  csr.siginfo.algorithmOid = null;\n\n  csr.subject = {};\n  csr.subject.getField = function(sn) {\n    return _getAttribute(csr.subject, sn);\n  };\n  csr.subject.addField = function(attr) {\n    _fillMissingFields([attr]);\n    csr.subject.attributes.push(attr);\n  };\n  csr.subject.attributes = [];\n  csr.subject.hash = null;\n\n  csr.publicKey = null;\n  csr.attributes = [];\n  csr.getAttribute = function(sn) {\n    return _getAttribute(csr, sn);\n  };\n  csr.addAttribute = function(attr) {\n    _fillMissingFields([attr]);\n    csr.attributes.push(attr);\n  };\n  csr.md = null;\n\n  /**\n   * Sets the subject of this certification request.\n   *\n   * @param attrs the array of subject attributes to use.\n   */\n  csr.setSubject = function(attrs) {\n    // set new attributes\n    _fillMissingFields(attrs);\n    csr.subject.attributes = attrs;\n    csr.subject.hash = null;\n  };\n\n  /**\n   * Sets the attributes of this certification request.\n   *\n   * @param attrs the array of attributes to use.\n   */\n  csr.setAttributes = function(attrs) {\n    // set new attributes\n    _fillMissingFields(attrs);\n    csr.attributes = attrs;\n  };\n\n  /**\n   * Signs this certification request using the given private key.\n   *\n   * @param key the private key to sign with.\n   * @param md the message digest object to use (defaults to forge.md.sha1).\n   */\n  csr.sign = function(key, md) {\n    // TODO: get signature OID from private key\n    csr.md = md || forge.md.sha1.create();\n    var algorithmOid = oids[csr.md.algorithm + 'WithRSAEncryption'];\n    if(!algorithmOid) {\n      var error = new Error('Could not compute certification request digest. ' +\n        'Unknown message digest algorithm OID.');\n      error.algorithm = csr.md.algorithm;\n      throw error;\n    }\n    csr.signatureOid = csr.siginfo.algorithmOid = algorithmOid;\n\n    // get CertificationRequestInfo, convert to DER\n    csr.certificationRequestInfo = pki.getCertificationRequestInfo(csr);\n    var bytes = asn1.toDer(csr.certificationRequestInfo);\n\n    // digest and sign\n    csr.md.update(bytes.getBytes());\n    csr.signature = key.sign(csr.md);\n  };\n\n  /**\n   * Attempts verify the signature on the passed certification request using\n   * its public key.\n   *\n   * A CSR that has been exported to a file in PEM format can be verified using\n   * OpenSSL using this command:\n   *\n   * openssl req -in <the-csr-pem-file> -verify -noout -text\n   *\n   * @return true if verified, false if not.\n   */\n  csr.verify = function() {\n    var rval = false;\n\n    var md = csr.md;\n    if(md === null) {\n      md = _createSignatureDigest({\n        signatureOid: csr.signatureOid,\n        type: 'certification request'\n      });\n\n      // produce DER formatted CertificationRequestInfo and digest it\n      var cri = csr.certificationRequestInfo ||\n        pki.getCertificationRequestInfo(csr);\n      var bytes = asn1.toDer(cri);\n      md.update(bytes.getBytes());\n    }\n\n    if(md !== null) {\n      rval = _verifySignature({\n        certificate: csr, md: md, signature: csr.signature\n      });\n    }\n\n    return rval;\n  };\n\n  return csr;\n};\n\n/**\n * Converts an X.509 subject or issuer to an ASN.1 RDNSequence.\n *\n * @param obj the subject or issuer (distinguished name).\n *\n * @return the ASN.1 RDNSequence.\n */\nfunction _dnToAsn1(obj) {\n  // create an empty RDNSequence\n  var rval = asn1.create(\n    asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n\n  // iterate over attributes\n  var attr, set;\n  var attrs = obj.attributes;\n  for(var i = 0; i < attrs.length; ++i) {\n    attr = attrs[i];\n    var value = attr.value;\n\n    // reuse tag class for attribute value if available\n    var valueTagClass = asn1.Type.PRINTABLESTRING;\n    if('valueTagClass' in attr) {\n      valueTagClass = attr.valueTagClass;\n\n      if(valueTagClass === asn1.Type.UTF8) {\n        value = forge.util.encodeUtf8(value);\n      }\n      // FIXME: handle more encodings\n    }\n\n    // create a RelativeDistinguishedName set\n    // each value in the set is an AttributeTypeAndValue first\n    // containing the type (an OID) and second the value\n    set = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n        // AttributeType\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n          asn1.oidToDer(attr.type).getBytes()),\n        // AttributeValue\n        asn1.create(asn1.Class.UNIVERSAL, valueTagClass, false, value)\n      ])\n    ]);\n    rval.value.push(set);\n  }\n\n  return rval;\n}\n\n/**\n * Gets all printable attributes (typically of an issuer or subject) in a\n * simplified JSON format for display.\n *\n * @param attrs the attributes.\n *\n * @return the JSON for display.\n */\nfunction _getAttributesAsJson(attrs) {\n  var rval = {};\n  for(var i = 0; i < attrs.length; ++i) {\n    var attr = attrs[i];\n    if(attr.shortName && (\n      attr.valueTagClass === asn1.Type.UTF8 ||\n      attr.valueTagClass === asn1.Type.PRINTABLESTRING ||\n      attr.valueTagClass === asn1.Type.IA5STRING)) {\n      var value = attr.value;\n      if(attr.valueTagClass === asn1.Type.UTF8) {\n        value = forge.util.encodeUtf8(attr.value);\n      }\n      if(!(attr.shortName in rval)) {\n        rval[attr.shortName] = value;\n      } else if(forge.util.isArray(rval[attr.shortName])) {\n        rval[attr.shortName].push(value);\n      } else {\n        rval[attr.shortName] = [rval[attr.shortName], value];\n      }\n    }\n  }\n  return rval;\n}\n\n/**\n * Fills in missing fields in attributes.\n *\n * @param attrs the attributes to fill missing fields in.\n */\nfunction _fillMissingFields(attrs) {\n  var attr;\n  for(var i = 0; i < attrs.length; ++i) {\n    attr = attrs[i];\n\n    // populate missing name\n    if(typeof attr.name === 'undefined') {\n      if(attr.type && attr.type in pki.oids) {\n        attr.name = pki.oids[attr.type];\n      } else if(attr.shortName && attr.shortName in _shortNames) {\n        attr.name = pki.oids[_shortNames[attr.shortName]];\n      }\n    }\n\n    // populate missing type (OID)\n    if(typeof attr.type === 'undefined') {\n      if(attr.name && attr.name in pki.oids) {\n        attr.type = pki.oids[attr.name];\n      } else {\n        var error = new Error('Attribute type not specified.');\n        error.attribute = attr;\n        throw error;\n      }\n    }\n\n    // populate missing shortname\n    if(typeof attr.shortName === 'undefined') {\n      if(attr.name && attr.name in _shortNames) {\n        attr.shortName = _shortNames[attr.name];\n      }\n    }\n\n    // convert extensions to value\n    if(attr.type === oids.extensionRequest) {\n      attr.valueConstructed = true;\n      attr.valueTagClass = asn1.Type.SEQUENCE;\n      if(!attr.value && attr.extensions) {\n        attr.value = [];\n        for(var ei = 0; ei < attr.extensions.length; ++ei) {\n          attr.value.push(pki.certificateExtensionToAsn1(\n            _fillMissingExtensionFields(attr.extensions[ei])));\n        }\n      }\n    }\n\n    if(typeof attr.value === 'undefined') {\n      var error = new Error('Attribute value not specified.');\n      error.attribute = attr;\n      throw error;\n    }\n  }\n}\n\n/**\n * Fills in missing fields in certificate extensions.\n *\n * @param e the extension.\n * @param [options] the options to use.\n *          [cert] the certificate the extensions are for.\n *\n * @return the extension.\n */\nfunction _fillMissingExtensionFields(e, options) {\n  options = options || {};\n\n  // populate missing name\n  if(typeof e.name === 'undefined') {\n    if(e.id && e.id in pki.oids) {\n      e.name = pki.oids[e.id];\n    }\n  }\n\n  // populate missing id\n  if(typeof e.id === 'undefined') {\n    if(e.name && e.name in pki.oids) {\n      e.id = pki.oids[e.name];\n    } else {\n      var error = new Error('Extension ID not specified.');\n      error.extension = e;\n      throw error;\n    }\n  }\n\n  if(typeof e.value !== 'undefined') {\n    return e;\n  }\n\n  // handle missing value:\n\n  // value is a BIT STRING\n  if(e.name === 'keyUsage') {\n    // build flags\n    var unused = 0;\n    var b2 = 0x00;\n    var b3 = 0x00;\n    if(e.digitalSignature) {\n      b2 |= 0x80;\n      unused = 7;\n    }\n    if(e.nonRepudiation) {\n      b2 |= 0x40;\n      unused = 6;\n    }\n    if(e.keyEncipherment) {\n      b2 |= 0x20;\n      unused = 5;\n    }\n    if(e.dataEncipherment) {\n      b2 |= 0x10;\n      unused = 4;\n    }\n    if(e.keyAgreement) {\n      b2 |= 0x08;\n      unused = 3;\n    }\n    if(e.keyCertSign) {\n      b2 |= 0x04;\n      unused = 2;\n    }\n    if(e.cRLSign) {\n      b2 |= 0x02;\n      unused = 1;\n    }\n    if(e.encipherOnly) {\n      b2 |= 0x01;\n      unused = 0;\n    }\n    if(e.decipherOnly) {\n      b3 |= 0x80;\n      unused = 7;\n    }\n\n    // create bit string\n    var value = String.fromCharCode(unused);\n    if(b3 !== 0) {\n      value += String.fromCharCode(b2) + String.fromCharCode(b3);\n    } else if(b2 !== 0) {\n      value += String.fromCharCode(b2);\n    }\n    e.value = asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, value);\n  } else if(e.name === 'basicConstraints') {\n    // basicConstraints is a SEQUENCE\n    e.value = asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n    // cA BOOLEAN flag defaults to false\n    if(e.cA) {\n      e.value.value.push(asn1.create(\n        asn1.Class.UNIVERSAL, asn1.Type.BOOLEAN, false,\n        String.fromCharCode(0xFF)));\n    }\n    if('pathLenConstraint' in e) {\n      e.value.value.push(asn1.create(\n        asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n        asn1.integerToDer(e.pathLenConstraint).getBytes()));\n    }\n  } else if(e.name === 'extKeyUsage') {\n    // extKeyUsage is a SEQUENCE of OIDs\n    e.value = asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n    var seq = e.value.value;\n    for(var key in e) {\n      if(e[key] !== true) {\n        continue;\n      }\n      // key is name in OID map\n      if(key in oids) {\n        seq.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID,\n          false, asn1.oidToDer(oids[key]).getBytes()));\n      } else if(key.indexOf('.') !== -1) {\n        // assume key is an OID\n        seq.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID,\n          false, asn1.oidToDer(key).getBytes()));\n      }\n    }\n  } else if(e.name === 'nsCertType') {\n    // nsCertType is a BIT STRING\n    // build flags\n    var unused = 0;\n    var b2 = 0x00;\n\n    if(e.client) {\n      b2 |= 0x80;\n      unused = 7;\n    }\n    if(e.server) {\n      b2 |= 0x40;\n      unused = 6;\n    }\n    if(e.email) {\n      b2 |= 0x20;\n      unused = 5;\n    }\n    if(e.objsign) {\n      b2 |= 0x10;\n      unused = 4;\n    }\n    if(e.reserved) {\n      b2 |= 0x08;\n      unused = 3;\n    }\n    if(e.sslCA) {\n      b2 |= 0x04;\n      unused = 2;\n    }\n    if(e.emailCA) {\n      b2 |= 0x02;\n      unused = 1;\n    }\n    if(e.objCA) {\n      b2 |= 0x01;\n      unused = 0;\n    }\n\n    // create bit string\n    var value = String.fromCharCode(unused);\n    if(b2 !== 0) {\n      value += String.fromCharCode(b2);\n    }\n    e.value = asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, value);\n  } else if(e.name === 'subjectAltName' || e.name === 'issuerAltName') {\n    // SYNTAX SEQUENCE\n    e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n\n    var altName;\n    for(var n = 0; n < e.altNames.length; ++n) {\n      altName = e.altNames[n];\n      var value = altName.value;\n      // handle IP\n      if(altName.type === 7 && altName.ip) {\n        value = forge.util.bytesFromIP(altName.ip);\n        if(value === null) {\n          var error = new Error(\n            'Extension \"ip\" value is not a valid IPv4 or IPv6 address.');\n          error.extension = e;\n          throw error;\n        }\n      } else if(altName.type === 8) {\n        // handle OID\n        if(altName.oid) {\n          value = asn1.oidToDer(asn1.oidToDer(altName.oid));\n        } else {\n          // deprecated ... convert value to OID\n          value = asn1.oidToDer(value);\n        }\n      }\n      e.value.value.push(asn1.create(\n        asn1.Class.CONTEXT_SPECIFIC, altName.type, false,\n        value));\n    }\n  } else if(e.name === 'nsComment' && options.cert) {\n    // sanity check value is ASCII (req'd) and not too big\n    if(!(/^[\\x00-\\x7F]*$/.test(e.comment)) ||\n      (e.comment.length < 1) || (e.comment.length > 128)) {\n      throw new Error('Invalid \"nsComment\" content.');\n    }\n    // IA5STRING opaque comment\n    e.value = asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.IA5STRING, false, e.comment);\n  } else if(e.name === 'subjectKeyIdentifier' && options.cert) {\n    var ski = options.cert.generateSubjectKeyIdentifier();\n    e.subjectKeyIdentifier = ski.toHex();\n    // OCTETSTRING w/digest\n    e.value = asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, ski.getBytes());\n  } else if(e.name === 'authorityKeyIdentifier' && options.cert) {\n    // SYNTAX SEQUENCE\n    e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n    var seq = e.value.value;\n\n    if(e.keyIdentifier) {\n      var keyIdentifier = (e.keyIdentifier === true ?\n        options.cert.generateSubjectKeyIdentifier().getBytes() :\n        e.keyIdentifier);\n      seq.push(\n        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, false, keyIdentifier));\n    }\n\n    if(e.authorityCertIssuer) {\n      var authorityCertIssuer = [\n        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 4, true, [\n          _dnToAsn1(e.authorityCertIssuer === true ?\n            options.cert.issuer : e.authorityCertIssuer)\n        ])\n      ];\n      seq.push(\n        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, authorityCertIssuer));\n    }\n\n    if(e.serialNumber) {\n      var serialNumber = forge.util.hexToBytes(e.serialNumber === true ?\n        options.cert.serialNumber : e.serialNumber);\n      seq.push(\n        asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, false, serialNumber));\n    }\n  } else if(e.name === 'cRLDistributionPoints') {\n    e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n    var seq = e.value.value;\n\n    // Create sub SEQUENCE of DistributionPointName\n    var subSeq = asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n\n    // Create fullName CHOICE\n    var fullNameGeneralNames = asn1.create(\n      asn1.Class.CONTEXT_SPECIFIC, 0, true, []);\n    var altName;\n    for(var n = 0; n < e.altNames.length; ++n) {\n      altName = e.altNames[n];\n      var value = altName.value;\n      // handle IP\n      if(altName.type === 7 && altName.ip) {\n        value = forge.util.bytesFromIP(altName.ip);\n        if(value === null) {\n          var error = new Error(\n            'Extension \"ip\" value is not a valid IPv4 or IPv6 address.');\n          error.extension = e;\n          throw error;\n        }\n      } else if(altName.type === 8) {\n        // handle OID\n        if(altName.oid) {\n          value = asn1.oidToDer(asn1.oidToDer(altName.oid));\n        } else {\n          // deprecated ... convert value to OID\n          value = asn1.oidToDer(value);\n        }\n      }\n      fullNameGeneralNames.value.push(asn1.create(\n        asn1.Class.CONTEXT_SPECIFIC, altName.type, false,\n        value));\n    }\n\n    // Add to the parent SEQUENCE\n    subSeq.value.push(asn1.create(\n      asn1.Class.CONTEXT_SPECIFIC, 0, true, [fullNameGeneralNames]));\n    seq.push(subSeq);\n  }\n\n  // ensure value has been defined by now\n  if(typeof e.value === 'undefined') {\n    var error = new Error('Extension value not specified.');\n    error.extension = e;\n    throw error;\n  }\n\n  return e;\n}\n\n/**\n * Convert signature parameters object to ASN.1\n *\n * @param {String} oid Signature algorithm OID\n * @param params The signature parametrs object\n * @return ASN.1 object representing signature parameters\n */\nfunction _signatureParametersToAsn1(oid, params) {\n  switch(oid) {\n    case oids['RSASSA-PSS']:\n      var parts = [];\n\n      if(params.hash.algorithmOid !== undefined) {\n        parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n              asn1.oidToDer(params.hash.algorithmOid).getBytes()),\n            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n          ])\n        ]));\n      }\n\n      if(params.mgf.algorithmOid !== undefined) {\n        parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n              asn1.oidToDer(params.mgf.algorithmOid).getBytes()),\n            asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n              asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n                asn1.oidToDer(params.mgf.hash.algorithmOid).getBytes()),\n              asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')\n            ])\n          ])\n        ]));\n      }\n\n      if(params.saltLength !== undefined) {\n        parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [\n          asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n            asn1.integerToDer(params.saltLength).getBytes())\n        ]));\n      }\n\n      return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, parts);\n\n    default:\n      return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '');\n  }\n}\n\n/**\n * Converts a certification request's attributes to an ASN.1 set of\n * CRIAttributes.\n *\n * @param csr certification request.\n *\n * @return the ASN.1 set of CRIAttributes.\n */\nfunction _CRIAttributesToAsn1(csr) {\n  // create an empty context-specific container\n  var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, []);\n\n  // no attributes, return empty container\n  if(csr.attributes.length === 0) {\n    return rval;\n  }\n\n  // each attribute has a sequence with a type and a set of values\n  var attrs = csr.attributes;\n  for(var i = 0; i < attrs.length; ++i) {\n    var attr = attrs[i];\n    var value = attr.value;\n\n    // reuse tag class for attribute value if available\n    var valueTagClass = asn1.Type.UTF8;\n    if('valueTagClass' in attr) {\n      valueTagClass = attr.valueTagClass;\n    }\n    if(valueTagClass === asn1.Type.UTF8) {\n      value = forge.util.encodeUtf8(value);\n    }\n    var valueConstructed = false;\n    if('valueConstructed' in attr) {\n      valueConstructed = attr.valueConstructed;\n    }\n    // FIXME: handle more encodings\n\n    // create a RelativeDistinguishedName set\n    // each value in the set is an AttributeTypeAndValue first\n    // containing the type (an OID) and second the value\n    var seq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // AttributeType\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        asn1.oidToDer(attr.type).getBytes()),\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [\n        // AttributeValue\n        asn1.create(\n          asn1.Class.UNIVERSAL, valueTagClass, valueConstructed, value)\n      ])\n    ]);\n    rval.value.push(seq);\n  }\n\n  return rval;\n}\n\nvar jan_1_1950 = new Date('1950-01-01T00:00:00Z');\nvar jan_1_2050 = new Date('2050-01-01T00:00:00Z');\n\n/**\n * Converts a Date object to ASN.1\n * Handles the different format before and after 1st January 2050\n *\n * @param date date object.\n *\n * @return the ASN.1 object representing the date.\n */\nfunction _dateToAsn1(date) {\n  if(date >= jan_1_1950 && date < jan_1_2050) {\n    return asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false,\n      asn1.dateToUtcTime(date));\n  } else {\n    return asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.GENERALIZEDTIME, false,\n      asn1.dateToGeneralizedTime(date));\n  }\n}\n\n/**\n * Gets the ASN.1 TBSCertificate part of an X.509v3 certificate.\n *\n * @param cert the certificate.\n *\n * @return the asn1 TBSCertificate.\n */\npki.getTBSCertificate = function(cert) {\n  // TBSCertificate\n  var notBefore = _dateToAsn1(cert.validity.notBefore);\n  var notAfter = _dateToAsn1(cert.validity.notAfter);\n  var tbs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // version\n    asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [\n      // integer\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n        asn1.integerToDer(cert.version).getBytes())\n    ]),\n    // serialNumber\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      forge.util.hexToBytes(cert.serialNumber)),\n    // signature\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // algorithm\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        asn1.oidToDer(cert.siginfo.algorithmOid).getBytes()),\n      // parameters\n      _signatureParametersToAsn1(\n        cert.siginfo.algorithmOid, cert.siginfo.parameters)\n    ]),\n    // issuer\n    _dnToAsn1(cert.issuer),\n    // validity\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      notBefore,\n      notAfter\n    ]),\n    // subject\n    _dnToAsn1(cert.subject),\n    // SubjectPublicKeyInfo\n    pki.publicKeyToAsn1(cert.publicKey)\n  ]);\n\n  if(cert.issuer.uniqueId) {\n    // issuerUniqueID (optional)\n    tbs.value.push(\n      asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,\n          // TODO: support arbitrary bit length ids\n          String.fromCharCode(0x00) +\n          cert.issuer.uniqueId\n        )\n      ])\n    );\n  }\n  if(cert.subject.uniqueId) {\n    // subjectUniqueID (optional)\n    tbs.value.push(\n      asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [\n        asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,\n          // TODO: support arbitrary bit length ids\n          String.fromCharCode(0x00) +\n          cert.subject.uniqueId\n        )\n      ])\n    );\n  }\n\n  if(cert.extensions.length > 0) {\n    // extensions (optional)\n    tbs.value.push(pki.certificateExtensionsToAsn1(cert.extensions));\n  }\n\n  return tbs;\n};\n\n/**\n * Gets the ASN.1 CertificationRequestInfo part of a\n * PKCS#10 CertificationRequest.\n *\n * @param csr the certification request.\n *\n * @return the asn1 CertificationRequestInfo.\n */\npki.getCertificationRequestInfo = function(csr) {\n  // CertificationRequestInfo\n  var cri = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // version\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false,\n      asn1.integerToDer(csr.version).getBytes()),\n    // subject\n    _dnToAsn1(csr.subject),\n    // SubjectPublicKeyInfo\n    pki.publicKeyToAsn1(csr.publicKey),\n    // attributes\n    _CRIAttributesToAsn1(csr)\n  ]);\n\n  return cri;\n};\n\n/**\n * Converts a DistinguishedName (subject or issuer) to an ASN.1 object.\n *\n * @param dn the DistinguishedName.\n *\n * @return the asn1 representation of a DistinguishedName.\n */\npki.distinguishedNameToAsn1 = function(dn) {\n  return _dnToAsn1(dn);\n};\n\n/**\n * Converts an X.509v3 RSA certificate to an ASN.1 object.\n *\n * @param cert the certificate.\n *\n * @return the asn1 representation of an X.509v3 RSA certificate.\n */\npki.certificateToAsn1 = function(cert) {\n  // prefer cached TBSCertificate over generating one\n  var tbsCertificate = cert.tbsCertificate || pki.getTBSCertificate(cert);\n\n  // Certificate\n  return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // TBSCertificate\n    tbsCertificate,\n    // AlgorithmIdentifier (signature algorithm)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // algorithm\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        asn1.oidToDer(cert.signatureOid).getBytes()),\n      // parameters\n      _signatureParametersToAsn1(cert.signatureOid, cert.signatureParameters)\n    ]),\n    // SignatureValue\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,\n      String.fromCharCode(0x00) + cert.signature)\n  ]);\n};\n\n/**\n * Converts X.509v3 certificate extensions to ASN.1.\n *\n * @param exts the extensions to convert.\n *\n * @return the extensions in ASN.1 format.\n */\npki.certificateExtensionsToAsn1 = function(exts) {\n  // create top-level extension container\n  var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 3, true, []);\n\n  // create extension sequence (stores a sequence for each extension)\n  var seq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n  rval.value.push(seq);\n\n  for(var i = 0; i < exts.length; ++i) {\n    seq.value.push(pki.certificateExtensionToAsn1(exts[i]));\n  }\n\n  return rval;\n};\n\n/**\n * Converts a single certificate extension to ASN.1.\n *\n * @param ext the extension to convert.\n *\n * @return the extension in ASN.1 format.\n */\npki.certificateExtensionToAsn1 = function(ext) {\n  // create a sequence for each extension\n  var extseq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []);\n\n  // extnID (OID)\n  extseq.value.push(asn1.create(\n    asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n    asn1.oidToDer(ext.id).getBytes()));\n\n  // critical defaults to false\n  if(ext.critical) {\n    // critical BOOLEAN DEFAULT FALSE\n    extseq.value.push(asn1.create(\n      asn1.Class.UNIVERSAL, asn1.Type.BOOLEAN, false,\n      String.fromCharCode(0xFF)));\n  }\n\n  var value = ext.value;\n  if(typeof ext.value !== 'string') {\n    // value is asn.1\n    value = asn1.toDer(value).getBytes();\n  }\n\n  // extnValue (OCTET STRING)\n  extseq.value.push(asn1.create(\n    asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, value));\n\n  return extseq;\n};\n\n/**\n * Converts a PKCS#10 certification request to an ASN.1 object.\n *\n * @param csr the certification request.\n *\n * @return the asn1 representation of a certification request.\n */\npki.certificationRequestToAsn1 = function(csr) {\n  // prefer cached CertificationRequestInfo over generating one\n  var cri = csr.certificationRequestInfo ||\n    pki.getCertificationRequestInfo(csr);\n\n  // Certificate\n  return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n    // CertificationRequestInfo\n    cri,\n    // AlgorithmIdentifier (signature algorithm)\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [\n      // algorithm\n      asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false,\n        asn1.oidToDer(csr.signatureOid).getBytes()),\n      // parameters\n      _signatureParametersToAsn1(csr.signatureOid, csr.signatureParameters)\n    ]),\n    // signature\n    asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false,\n      String.fromCharCode(0x00) + csr.signature)\n  ]);\n};\n\n/**\n * Creates a CA store.\n *\n * @param certs an optional array of certificate objects or PEM-formatted\n *          certificate strings to add to the CA store.\n *\n * @return the CA store.\n */\npki.createCaStore = function(certs) {\n  // create CA store\n  var caStore = {\n    // stored certificates\n    certs: {}\n  };\n\n  /**\n   * Gets the certificate that issued the passed certificate or its\n   * 'parent'.\n   *\n   * @param cert the certificate to get the parent for.\n   *\n   * @return the parent certificate or null if none was found.\n   */\n  caStore.getIssuer = function(cert) {\n    var rval = getBySubject(cert.issuer);\n\n    // see if there are multiple matches\n    /*if(forge.util.isArray(rval)) {\n      // TODO: resolve multiple matches by checking\n      // authorityKey/subjectKey/issuerUniqueID/other identifiers, etc.\n      // FIXME: or alternatively do authority key mapping\n      // if possible (X.509v1 certs can't work?)\n      throw new Error('Resolving multiple issuer matches not implemented yet.');\n    }*/\n\n    return rval;\n  };\n\n  /**\n   * Adds a trusted certificate to the store.\n   *\n   * @param cert the certificate to add as a trusted certificate (either a\n   *          pki.certificate object or a PEM-formatted certificate).\n   */\n  caStore.addCertificate = function(cert) {\n    // convert from pem if necessary\n    if(typeof cert === 'string') {\n      cert = forge.pki.certificateFromPem(cert);\n    }\n\n    ensureSubjectHasHash(cert.subject);\n\n    if(!caStore.hasCertificate(cert)) { // avoid duplicate certificates in store\n      if(cert.subject.hash in caStore.certs) {\n        // subject hash already exists, append to array\n        var tmp = caStore.certs[cert.subject.hash];\n        if(!forge.util.isArray(tmp)) {\n          tmp = [tmp];\n        }\n        tmp.push(cert);\n        caStore.certs[cert.subject.hash] = tmp;\n      } else {\n        caStore.certs[cert.subject.hash] = cert;\n      }\n    }\n  };\n\n  /**\n   * Checks to see if the given certificate is in the store.\n   *\n   * @param cert the certificate to check (either a pki.certificate or a\n   *          PEM-formatted certificate).\n   *\n   * @return true if the certificate is in the store, false if not.\n   */\n  caStore.hasCertificate = function(cert) {\n    // convert from pem if necessary\n    if(typeof cert === 'string') {\n      cert = forge.pki.certificateFromPem(cert);\n    }\n\n    var match = getBySubject(cert.subject);\n    if(!match) {\n      return false;\n    }\n    if(!forge.util.isArray(match)) {\n      match = [match];\n    }\n    // compare DER-encoding of certificates\n    var der1 = asn1.toDer(pki.certificateToAsn1(cert)).getBytes();\n    for(var i = 0; i < match.length; ++i) {\n      var der2 = asn1.toDer(pki.certificateToAsn1(match[i])).getBytes();\n      if(der1 === der2) {\n        return true;\n      }\n    }\n    return false;\n  };\n\n  /**\n   * Lists all of the certificates kept in the store.\n   *\n   * @return an array of all of the pki.certificate objects in the store.\n   */\n  caStore.listAllCertificates = function() {\n    var certList = [];\n\n    for(var hash in caStore.certs) {\n      if(caStore.certs.hasOwnProperty(hash)) {\n        var value = caStore.certs[hash];\n        if(!forge.util.isArray(value)) {\n          certList.push(value);\n        } else {\n          for(var i = 0; i < value.length; ++i) {\n            certList.push(value[i]);\n          }\n        }\n      }\n    }\n\n    return certList;\n  };\n\n  /**\n   * Removes a certificate from the store.\n   *\n   * @param cert the certificate to remove (either a pki.certificate or a\n   *          PEM-formatted certificate).\n   *\n   * @return the certificate that was removed or null if the certificate\n   *           wasn't in store.\n   */\n  caStore.removeCertificate = function(cert) {\n    var result;\n\n    // convert from pem if necessary\n    if(typeof cert === 'string') {\n      cert = forge.pki.certificateFromPem(cert);\n    }\n    ensureSubjectHasHash(cert.subject);\n    if(!caStore.hasCertificate(cert)) {\n      return null;\n    }\n\n    var match = getBySubject(cert.subject);\n\n    if(!forge.util.isArray(match)) {\n      result = caStore.certs[cert.subject.hash];\n      delete caStore.certs[cert.subject.hash];\n      return result;\n    }\n\n    // compare DER-encoding of certificates\n    var der1 = asn1.toDer(pki.certificateToAsn1(cert)).getBytes();\n    for(var i = 0; i < match.length; ++i) {\n      var der2 = asn1.toDer(pki.certificateToAsn1(match[i])).getBytes();\n      if(der1 === der2) {\n        result = match[i];\n        match.splice(i, 1);\n      }\n    }\n    if(match.length === 0) {\n      delete caStore.certs[cert.subject.hash];\n    }\n\n    return result;\n  };\n\n  function getBySubject(subject) {\n    ensureSubjectHasHash(subject);\n    return caStore.certs[subject.hash] || null;\n  }\n\n  function ensureSubjectHasHash(subject) {\n    // produce subject hash if it doesn't exist\n    if(!subject.hash) {\n      var md = forge.md.sha1.create();\n      subject.attributes = pki.RDNAttributesAsArray(_dnToAsn1(subject), md);\n      subject.hash = md.digest().toHex();\n    }\n  }\n\n  // auto-add passed in certs\n  if(certs) {\n    // parse PEM-formatted certificates as necessary\n    for(var i = 0; i < certs.length; ++i) {\n      var cert = certs[i];\n      caStore.addCertificate(cert);\n    }\n  }\n\n  return caStore;\n};\n\n/**\n * Certificate verification errors, based on TLS.\n */\npki.certificateError = {\n  bad_certificate: 'forge.pki.BadCertificate',\n  unsupported_certificate: 'forge.pki.UnsupportedCertificate',\n  certificate_revoked: 'forge.pki.CertificateRevoked',\n  certificate_expired: 'forge.pki.CertificateExpired',\n  certificate_unknown: 'forge.pki.CertificateUnknown',\n  unknown_ca: 'forge.pki.UnknownCertificateAuthority'\n};\n\n/**\n * Verifies a certificate chain against the given Certificate Authority store\n * with an optional custom verify callback.\n *\n * @param caStore a certificate store to verify against.\n * @param chain the certificate chain to verify, with the root or highest\n *          authority at the end (an array of certificates).\n * @param options a callback to be called for every certificate in the chain or\n *                  an object with:\n *                  verify a callback to be called for every certificate in the\n *                    chain\n *                  validityCheckDate the date against which the certificate\n *                    validity period should be checked. Pass null to not check\n *                    the validity period. By default, the current date is used.\n *\n * The verify callback has the following signature:\n *\n * verified - Set to true if certificate was verified, otherwise the\n *   pki.certificateError for why the certificate failed.\n * depth - The current index in the chain, where 0 is the end point's cert.\n * certs - The certificate chain, *NOTE* an empty chain indicates an anonymous\n *   end point.\n *\n * The function returns true on success and on failure either the appropriate\n * pki.certificateError or an object with 'error' set to the appropriate\n * pki.certificateError and 'message' set to a custom error message.\n *\n * @return true if successful, error thrown if not.\n */\npki.verifyCertificateChain = function(caStore, chain, options) {\n  /* From: RFC3280 - Internet X.509 Public Key Infrastructure Certificate\n    Section 6: Certification Path Validation\n    See inline parentheticals related to this particular implementation.\n\n    The primary goal of path validation is to verify the binding between\n    a subject distinguished name or a subject alternative name and subject\n    public key, as represented in the end entity certificate, based on the\n    public key of the trust anchor. This requires obtaining a sequence of\n    certificates that support that binding. That sequence should be provided\n    in the passed 'chain'. The trust anchor should be in the given CA\n    store. The 'end entity' certificate is the certificate provided by the\n    end point (typically a server) and is the first in the chain.\n\n    To meet this goal, the path validation process verifies, among other\n    things, that a prospective certification path (a sequence of n\n    certificates or a 'chain') satisfies the following conditions:\n\n    (a) for all x in {1, ..., n-1}, the subject of certificate x is\n          the issuer of certificate x+1;\n\n    (b) certificate 1 is issued by the trust anchor;\n\n    (c) certificate n is the certificate to be validated; and\n\n    (d) for all x in {1, ..., n}, the certificate was valid at the\n          time in question.\n\n    Note that here 'n' is index 0 in the chain and 1 is the last certificate\n    in the chain and it must be signed by a certificate in the connection's\n    CA store.\n\n    The path validation process also determines the set of certificate\n    policies that are valid for this path, based on the certificate policies\n    extension, policy mapping extension, policy constraints extension, and\n    inhibit any-policy extension.\n\n    Note: Policy mapping extension not supported (Not Required).\n\n    Note: If the certificate has an unsupported critical extension, then it\n    must be rejected.\n\n    Note: A certificate is self-issued if the DNs that appear in the subject\n    and issuer fields are identical and are not empty.\n\n    The path validation algorithm assumes the following seven inputs are\n    provided to the path processing logic. What this specific implementation\n    will use is provided parenthetically:\n\n    (a) a prospective certification path of length n (the 'chain')\n    (b) the current date/time: ('now').\n    (c) user-initial-policy-set: A set of certificate policy identifiers\n          naming the policies that are acceptable to the certificate user.\n          The user-initial-policy-set contains the special value any-policy\n          if the user is not concerned about certificate policy\n          (Not implemented. Any policy is accepted).\n    (d) trust anchor information, describing a CA that serves as a trust\n          anchor for the certification path. The trust anchor information\n          includes:\n\n      (1)  the trusted issuer name,\n      (2)  the trusted public key algorithm,\n      (3)  the trusted public key, and\n      (4)  optionally, the trusted public key parameters associated\n             with the public key.\n\n      (Trust anchors are provided via certificates in the CA store).\n\n      The trust anchor information may be provided to the path processing\n      procedure in the form of a self-signed certificate. The trusted anchor\n      information is trusted because it was delivered to the path processing\n      procedure by some trustworthy out-of-band procedure. If the trusted\n      public key algorithm requires parameters, then the parameters are\n      provided along with the trusted public key (No parameters used in this\n      implementation).\n\n    (e) initial-policy-mapping-inhibit, which indicates if policy mapping is\n          allowed in the certification path.\n          (Not implemented, no policy checking)\n\n    (f) initial-explicit-policy, which indicates if the path must be valid\n          for at least one of the certificate policies in the user-initial-\n          policy-set.\n          (Not implemented, no policy checking)\n\n    (g) initial-any-policy-inhibit, which indicates whether the\n          anyPolicy OID should be processed if it is included in a\n          certificate.\n          (Not implemented, so any policy is valid provided that it is\n          not marked as critical) */\n\n  /* Basic Path Processing:\n\n    For each certificate in the 'chain', the following is checked:\n\n    1. The certificate validity period includes the current time.\n    2. The certificate was signed by its parent (where the parent is either\n       the next in the chain or from the CA store). Allow processing to\n       continue to the next step if no parent is found but the certificate is\n       in the CA store.\n    3. TODO: The certificate has not been revoked.\n    4. The certificate issuer name matches the parent's subject name.\n    5. TODO: If the certificate is self-issued and not the final certificate\n       in the chain, skip this step, otherwise verify that the subject name\n       is within one of the permitted subtrees of X.500 distinguished names\n       and that each of the alternative names in the subjectAltName extension\n       (critical or non-critical) is within one of the permitted subtrees for\n       that name type.\n    6. TODO: If the certificate is self-issued and not the final certificate\n       in the chain, skip this step, otherwise verify that the subject name\n       is not within one of the excluded subtrees for X.500 distinguished\n       names and none of the subjectAltName extension names are excluded for\n       that name type.\n    7. The other steps in the algorithm for basic path processing involve\n       handling the policy extension which is not presently supported in this\n       implementation. Instead, if a critical policy extension is found, the\n       certificate is rejected as not supported.\n    8. If the certificate is not the first or if its the only certificate in\n       the chain (having no parent from the CA store or is self-signed) and it\n       has a critical key usage extension, verify that the keyCertSign bit is\n       set. If the key usage extension exists, verify that the basic\n       constraints extension exists. If the basic constraints extension exists,\n       verify that the cA flag is set. If pathLenConstraint is set, ensure that\n       the number of certificates that precede in the chain (come earlier\n       in the chain as implemented below), excluding the very first in the\n       chain (typically the end-entity one), isn't greater than the\n       pathLenConstraint. This constraint limits the number of intermediate\n       CAs that may appear below a CA before only end-entity certificates\n       may be issued. */\n\n  // if a verify callback is passed as the third parameter, package it within\n  // the options object. This is to support a legacy function signature that\n  // expected the verify callback as the third parameter.\n  if(typeof options === 'function') {\n    options = {verify: options};\n  }\n  options = options || {};\n\n  // copy cert chain references to another array to protect against changes\n  // in verify callback\n  chain = chain.slice(0);\n  var certs = chain.slice(0);\n\n  var validityCheckDate = options.validityCheckDate;\n  // if no validityCheckDate is specified, default to the current date. Make\n  // sure to maintain the value null because it indicates that the validity\n  // period should not be checked.\n  if(typeof validityCheckDate === 'undefined') {\n    validityCheckDate = new Date();\n  }\n\n  // verify each cert in the chain using its parent, where the parent\n  // is either the next in the chain or from the CA store\n  var first = true;\n  var error = null;\n  var depth = 0;\n  do {\n    var cert = chain.shift();\n    var parent = null;\n    var selfSigned = false;\n\n    if(validityCheckDate) {\n      // 1. check valid time\n      if(validityCheckDate < cert.validity.notBefore ||\n         validityCheckDate > cert.validity.notAfter) {\n        error = {\n          message: 'Certificate is not valid yet or has expired.',\n          error: pki.certificateError.certificate_expired,\n          notBefore: cert.validity.notBefore,\n          notAfter: cert.validity.notAfter,\n          // TODO: we might want to reconsider renaming 'now' to\n          // 'validityCheckDate' should this API be changed in the future.\n          now: validityCheckDate\n        };\n      }\n    }\n\n    // 2. verify with parent from chain or CA store\n    if(error === null) {\n      parent = chain[0] || caStore.getIssuer(cert);\n      if(parent === null) {\n        // check for self-signed cert\n        if(cert.isIssuer(cert)) {\n          selfSigned = true;\n          parent = cert;\n        }\n      }\n\n      if(parent) {\n        // FIXME: current CA store implementation might have multiple\n        // certificates where the issuer can't be determined from the\n        // certificate (happens rarely with, eg: old certificates) so normalize\n        // by always putting parents into an array\n        // TODO: there's may be an extreme degenerate case currently uncovered\n        // where an old intermediate certificate seems to have a matching parent\n        // but none of the parents actually verify ... but the intermediate\n        // is in the CA and it should pass this check; needs investigation\n        var parents = parent;\n        if(!forge.util.isArray(parents)) {\n          parents = [parents];\n        }\n\n        // try to verify with each possible parent (typically only one)\n        var verified = false;\n        while(!verified && parents.length > 0) {\n          parent = parents.shift();\n          try {\n            verified = parent.verify(cert);\n          } catch(ex) {\n            // failure to verify, don't care why, try next one\n          }\n        }\n\n        if(!verified) {\n          error = {\n            message: 'Certificate signature is invalid.',\n            error: pki.certificateError.bad_certificate\n          };\n        }\n      }\n\n      if(error === null && (!parent || selfSigned) &&\n        !caStore.hasCertificate(cert)) {\n        // no parent issuer and certificate itself is not trusted\n        error = {\n          message: 'Certificate is not trusted.',\n          error: pki.certificateError.unknown_ca\n        };\n      }\n    }\n\n    // TODO: 3. check revoked\n\n    // 4. check for matching issuer/subject\n    if(error === null && parent && !cert.isIssuer(parent)) {\n      // parent is not issuer\n      error = {\n        message: 'Certificate issuer is invalid.',\n        error: pki.certificateError.bad_certificate\n      };\n    }\n\n    // 5. TODO: check names with permitted names tree\n\n    // 6. TODO: check names against excluded names tree\n\n    // 7. check for unsupported critical extensions\n    if(error === null) {\n      // supported extensions\n      var se = {\n        keyUsage: true,\n        basicConstraints: true\n      };\n      for(var i = 0; error === null && i < cert.extensions.length; ++i) {\n        var ext = cert.extensions[i];\n        if(ext.critical && !(ext.name in se)) {\n          error = {\n            message:\n              'Certificate has an unsupported critical extension.',\n            error: pki.certificateError.unsupported_certificate\n          };\n        }\n      }\n    }\n\n    // 8. check for CA if cert is not first or is the only certificate\n    // remaining in chain with no parent or is self-signed\n    if(error === null &&\n      (!first || (chain.length === 0 && (!parent || selfSigned)))) {\n      // first check keyUsage extension and then basic constraints\n      var bcExt = cert.getExtension('basicConstraints');\n      var keyUsageExt = cert.getExtension('keyUsage');\n      if(keyUsageExt !== null) {\n        // keyCertSign must be true and there must be a basic\n        // constraints extension\n        if(!keyUsageExt.keyCertSign || bcExt === null) {\n          // bad certificate\n          error = {\n            message:\n              'Certificate keyUsage or basicConstraints conflict ' +\n              'or indicate that the certificate is not a CA. ' +\n              'If the certificate is the only one in the chain or ' +\n              'isn\\'t the first then the certificate must be a ' +\n              'valid CA.',\n            error: pki.certificateError.bad_certificate\n          };\n        }\n      }\n      // basic constraints cA flag must be set\n      if(error === null && bcExt !== null && !bcExt.cA) {\n        // bad certificate\n        error = {\n          message:\n            'Certificate basicConstraints indicates the certificate ' +\n            'is not a CA.',\n          error: pki.certificateError.bad_certificate\n        };\n      }\n      // if error is not null and keyUsage is available, then we know it\n      // has keyCertSign and there is a basic constraints extension too,\n      // which means we can check pathLenConstraint (if it exists)\n      if(error === null && keyUsageExt !== null &&\n        'pathLenConstraint' in bcExt) {\n        // pathLen is the maximum # of intermediate CA certs that can be\n        // found between the current certificate and the end-entity (depth 0)\n        // certificate; this number does not include the end-entity (depth 0,\n        // last in the chain) even if it happens to be a CA certificate itself\n        var pathLen = depth - 1;\n        if(pathLen > bcExt.pathLenConstraint) {\n          // pathLenConstraint violated, bad certificate\n          error = {\n            message:\n              'Certificate basicConstraints pathLenConstraint violated.',\n            error: pki.certificateError.bad_certificate\n          };\n        }\n      }\n    }\n\n    // call application callback\n    var vfd = (error === null) ? true : error.error;\n    var ret = options.verify ? options.verify(vfd, depth, certs) : vfd;\n    if(ret === true) {\n      // clear any set error\n      error = null;\n    } else {\n      // if passed basic tests, set default message and alert\n      if(vfd === true) {\n        error = {\n          message: 'The application rejected the certificate.',\n          error: pki.certificateError.bad_certificate\n        };\n      }\n\n      // check for custom error info\n      if(ret || ret === 0) {\n        // set custom message and error\n        if(typeof ret === 'object' && !forge.util.isArray(ret)) {\n          if(ret.message) {\n            error.message = ret.message;\n          }\n          if(ret.error) {\n            error.error = ret.error;\n          }\n        } else if(typeof ret === 'string') {\n          // set custom error\n          error.error = ret;\n        }\n      }\n\n      // throw error\n      throw error;\n    }\n\n    // no longer first cert in chain\n    first = false;\n    ++depth;\n  } while(chain.length > 0);\n\n  return true;\n};\n","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nObject.defineProperty(exports, \"NIL\", {\n  enumerable: true,\n  get: function get() {\n    return _nil.default;\n  }\n});\nObject.defineProperty(exports, \"parse\", {\n  enumerable: true,\n  get: function get() {\n    return _parse.default;\n  }\n});\nObject.defineProperty(exports, \"stringify\", {\n  enumerable: true,\n  get: function get() {\n    return _stringify.default;\n  }\n});\nObject.defineProperty(exports, \"v1\", {\n  enumerable: true,\n  get: function get() {\n    return _v.default;\n  }\n});\nObject.defineProperty(exports, \"v3\", {\n  enumerable: true,\n  get: function get() {\n    return _v2.default;\n  }\n});\nObject.defineProperty(exports, \"v4\", {\n  enumerable: true,\n  get: function get() {\n    return _v3.default;\n  }\n});\nObject.defineProperty(exports, \"v5\", {\n  enumerable: true,\n  get: function get() {\n    return _v4.default;\n  }\n});\nObject.defineProperty(exports, \"validate\", {\n  enumerable: true,\n  get: function get() {\n    return _validate.default;\n  }\n});\nObject.defineProperty(exports, \"version\", {\n  enumerable: true,\n  get: function get() {\n    return _version.default;\n  }\n});\n\nvar _v = _interopRequireDefault(require(\"./v1.js\"));\n\nvar _v2 = _interopRequireDefault(require(\"./v3.js\"));\n\nvar _v3 = _interopRequireDefault(require(\"./v4.js\"));\n\nvar _v4 = _interopRequireDefault(require(\"./v5.js\"));\n\nvar _nil = _interopRequireDefault(require(\"./nil.js\"));\n\nvar _version = _interopRequireDefault(require(\"./version.js\"));\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nvar _stringify = _interopRequireDefault(require(\"./stringify.js\"));\n\nvar _parse = _interopRequireDefault(require(\"./parse.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\n/*\n * Browser-compatible JavaScript MD5\n *\n * Modification of JavaScript MD5\n * https://github.com/blueimp/JavaScript-MD5\n *\n * Copyright 2011, Sebastian Tschan\n * https://blueimp.net\n *\n * Licensed under the MIT license:\n * https://opensource.org/licenses/MIT\n *\n * Based on\n * A JavaScript implementation of the RSA Data Security, Inc. MD5 Message\n * Digest Algorithm, as defined in RFC 1321.\n * Version 2.2 Copyright (C) Paul Johnston 1999 - 2009\n * Other contributors: Greg Holt, Andrew Kepert, Ydnar, Lostinet\n * Distributed under the BSD License\n * See http://pajhome.org.uk/crypt/md5 for more info.\n */\nfunction md5(bytes) {\n  if (typeof bytes === 'string') {\n    const msg = unescape(encodeURIComponent(bytes)); // UTF8 escape\n\n    bytes = new Uint8Array(msg.length);\n\n    for (let i = 0; i < msg.length; ++i) {\n      bytes[i] = msg.charCodeAt(i);\n    }\n  }\n\n  return md5ToHexEncodedArray(wordsToMd5(bytesToWords(bytes), bytes.length * 8));\n}\n/*\n * Convert an array of little-endian words to an array of bytes\n */\n\n\nfunction md5ToHexEncodedArray(input) {\n  const output = [];\n  const length32 = input.length * 32;\n  const hexTab = '0123456789abcdef';\n\n  for (let i = 0; i < length32; i += 8) {\n    const x = input[i >> 5] >>> i % 32 & 0xff;\n    const hex = parseInt(hexTab.charAt(x >>> 4 & 0x0f) + hexTab.charAt(x & 0x0f), 16);\n    output.push(hex);\n  }\n\n  return output;\n}\n/**\n * Calculate output length with padding and bit length\n */\n\n\nfunction getOutputLength(inputLength8) {\n  return (inputLength8 + 64 >>> 9 << 4) + 14 + 1;\n}\n/*\n * Calculate the MD5 of an array of little-endian words, and a bit length.\n */\n\n\nfunction wordsToMd5(x, len) {\n  /* append padding */\n  x[len >> 5] |= 0x80 << len % 32;\n  x[getOutputLength(len) - 1] = len;\n  let a = 1732584193;\n  let b = -271733879;\n  let c = -1732584194;\n  let d = 271733878;\n\n  for (let i = 0; i < x.length; i += 16) {\n    const olda = a;\n    const oldb = b;\n    const oldc = c;\n    const oldd = d;\n    a = md5ff(a, b, c, d, x[i], 7, -680876936);\n    d = md5ff(d, a, b, c, x[i + 1], 12, -389564586);\n    c = md5ff(c, d, a, b, x[i + 2], 17, 606105819);\n    b = md5ff(b, c, d, a, x[i + 3], 22, -1044525330);\n    a = md5ff(a, b, c, d, x[i + 4], 7, -176418897);\n    d = md5ff(d, a, b, c, x[i + 5], 12, 1200080426);\n    c = md5ff(c, d, a, b, x[i + 6], 17, -1473231341);\n    b = md5ff(b, c, d, a, x[i + 7], 22, -45705983);\n    a = md5ff(a, b, c, d, x[i + 8], 7, 1770035416);\n    d = md5ff(d, a, b, c, x[i + 9], 12, -1958414417);\n    c = md5ff(c, d, a, b, x[i + 10], 17, -42063);\n    b = md5ff(b, c, d, a, x[i + 11], 22, -1990404162);\n    a = md5ff(a, b, c, d, x[i + 12], 7, 1804603682);\n    d = md5ff(d, a, b, c, x[i + 13], 12, -40341101);\n    c = md5ff(c, d, a, b, x[i + 14], 17, -1502002290);\n    b = md5ff(b, c, d, a, x[i + 15], 22, 1236535329);\n    a = md5gg(a, b, c, d, x[i + 1], 5, -165796510);\n    d = md5gg(d, a, b, c, x[i + 6], 9, -1069501632);\n    c = md5gg(c, d, a, b, x[i + 11], 14, 643717713);\n    b = md5gg(b, c, d, a, x[i], 20, -373897302);\n    a = md5gg(a, b, c, d, x[i + 5], 5, -701558691);\n    d = md5gg(d, a, b, c, x[i + 10], 9, 38016083);\n    c = md5gg(c, d, a, b, x[i + 15], 14, -660478335);\n    b = md5gg(b, c, d, a, x[i + 4], 20, -405537848);\n    a = md5gg(a, b, c, d, x[i + 9], 5, 568446438);\n    d = md5gg(d, a, b, c, x[i + 14], 9, -1019803690);\n    c = md5gg(c, d, a, b, x[i + 3], 14, -187363961);\n    b = md5gg(b, c, d, a, x[i + 8], 20, 1163531501);\n    a = md5gg(a, b, c, d, x[i + 13], 5, -1444681467);\n    d = md5gg(d, a, b, c, x[i + 2], 9, -51403784);\n    c = md5gg(c, d, a, b, x[i + 7], 14, 1735328473);\n    b = md5gg(b, c, d, a, x[i + 12], 20, -1926607734);\n    a = md5hh(a, b, c, d, x[i + 5], 4, -378558);\n    d = md5hh(d, a, b, c, x[i + 8], 11, -2022574463);\n    c = md5hh(c, d, a, b, x[i + 11], 16, 1839030562);\n    b = md5hh(b, c, d, a, x[i + 14], 23, -35309556);\n    a = md5hh(a, b, c, d, x[i + 1], 4, -1530992060);\n    d = md5hh(d, a, b, c, x[i + 4], 11, 1272893353);\n    c = md5hh(c, d, a, b, x[i + 7], 16, -155497632);\n    b = md5hh(b, c, d, a, x[i + 10], 23, -1094730640);\n    a = md5hh(a, b, c, d, x[i + 13], 4, 681279174);\n    d = md5hh(d, a, b, c, x[i], 11, -358537222);\n    c = md5hh(c, d, a, b, x[i + 3], 16, -722521979);\n    b = md5hh(b, c, d, a, x[i + 6], 23, 76029189);\n    a = md5hh(a, b, c, d, x[i + 9], 4, -640364487);\n    d = md5hh(d, a, b, c, x[i + 12], 11, -421815835);\n    c = md5hh(c, d, a, b, x[i + 15], 16, 530742520);\n    b = md5hh(b, c, d, a, x[i + 2], 23, -995338651);\n    a = md5ii(a, b, c, d, x[i], 6, -198630844);\n    d = md5ii(d, a, b, c, x[i + 7], 10, 1126891415);\n    c = md5ii(c, d, a, b, x[i + 14], 15, -1416354905);\n    b = md5ii(b, c, d, a, x[i + 5], 21, -57434055);\n    a = md5ii(a, b, c, d, x[i + 12], 6, 1700485571);\n    d = md5ii(d, a, b, c, x[i + 3], 10, -1894986606);\n    c = md5ii(c, d, a, b, x[i + 10], 15, -1051523);\n    b = md5ii(b, c, d, a, x[i + 1], 21, -2054922799);\n    a = md5ii(a, b, c, d, x[i + 8], 6, 1873313359);\n    d = md5ii(d, a, b, c, x[i + 15], 10, -30611744);\n    c = md5ii(c, d, a, b, x[i + 6], 15, -1560198380);\n    b = md5ii(b, c, d, a, x[i + 13], 21, 1309151649);\n    a = md5ii(a, b, c, d, x[i + 4], 6, -145523070);\n    d = md5ii(d, a, b, c, x[i + 11], 10, -1120210379);\n    c = md5ii(c, d, a, b, x[i + 2], 15, 718787259);\n    b = md5ii(b, c, d, a, x[i + 9], 21, -343485551);\n    a = safeAdd(a, olda);\n    b = safeAdd(b, oldb);\n    c = safeAdd(c, oldc);\n    d = safeAdd(d, oldd);\n  }\n\n  return [a, b, c, d];\n}\n/*\n * Convert an array bytes to an array of little-endian words\n * Characters >255 have their high-byte silently ignored.\n */\n\n\nfunction bytesToWords(input) {\n  if (input.length === 0) {\n    return [];\n  }\n\n  const length8 = input.length * 8;\n  const output = new Uint32Array(getOutputLength(length8));\n\n  for (let i = 0; i < length8; i += 8) {\n    output[i >> 5] |= (input[i / 8] & 0xff) << i % 32;\n  }\n\n  return output;\n}\n/*\n * Add integers, wrapping at 2^32. This uses 16-bit operations internally\n * to work around bugs in some JS interpreters.\n */\n\n\nfunction safeAdd(x, y) {\n  const lsw = (x & 0xffff) + (y & 0xffff);\n  const msw = (x >> 16) + (y >> 16) + (lsw >> 16);\n  return msw << 16 | lsw & 0xffff;\n}\n/*\n * Bitwise rotate a 32-bit number to the left.\n */\n\n\nfunction bitRotateLeft(num, cnt) {\n  return num << cnt | num >>> 32 - cnt;\n}\n/*\n * These functions implement the four basic operations the algorithm uses.\n */\n\n\nfunction md5cmn(q, a, b, x, s, t) {\n  return safeAdd(bitRotateLeft(safeAdd(safeAdd(a, q), safeAdd(x, t)), s), b);\n}\n\nfunction md5ff(a, b, c, d, x, s, t) {\n  return md5cmn(b & c | ~b & d, a, b, x, s, t);\n}\n\nfunction md5gg(a, b, c, d, x, s, t) {\n  return md5cmn(b & d | c & ~d, a, b, x, s, t);\n}\n\nfunction md5hh(a, b, c, d, x, s, t) {\n  return md5cmn(b ^ c ^ d, a, b, x, s, t);\n}\n\nfunction md5ii(a, b, c, d, x, s, t) {\n  return md5cmn(c ^ (b | ~d), a, b, x, s, t);\n}\n\nvar _default = md5;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\nconst randomUUID = typeof crypto !== 'undefined' && crypto.randomUUID && crypto.randomUUID.bind(crypto);\nvar _default = {\n  randomUUID\n};\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\nvar _default = '00000000-0000-0000-0000-000000000000';\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction parse(uuid) {\n  if (!(0, _validate.default)(uuid)) {\n    throw TypeError('Invalid UUID');\n  }\n\n  let v;\n  const arr = new Uint8Array(16); // Parse ########-....-....-....-............\n\n  arr[0] = (v = parseInt(uuid.slice(0, 8), 16)) >>> 24;\n  arr[1] = v >>> 16 & 0xff;\n  arr[2] = v >>> 8 & 0xff;\n  arr[3] = v & 0xff; // Parse ........-####-....-....-............\n\n  arr[4] = (v = parseInt(uuid.slice(9, 13), 16)) >>> 8;\n  arr[5] = v & 0xff; // Parse ........-....-####-....-............\n\n  arr[6] = (v = parseInt(uuid.slice(14, 18), 16)) >>> 8;\n  arr[7] = v & 0xff; // Parse ........-....-....-####-............\n\n  arr[8] = (v = parseInt(uuid.slice(19, 23), 16)) >>> 8;\n  arr[9] = v & 0xff; // Parse ........-....-....-....-############\n  // (Use \"/\" to avoid 32-bit truncation when bit-shifting high-order bytes)\n\n  arr[10] = (v = parseInt(uuid.slice(24, 36), 16)) / 0x10000000000 & 0xff;\n  arr[11] = v / 0x100000000 & 0xff;\n  arr[12] = v >>> 24 & 0xff;\n  arr[13] = v >>> 16 & 0xff;\n  arr[14] = v >>> 8 & 0xff;\n  arr[15] = v & 0xff;\n  return arr;\n}\n\nvar _default = parse;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\nvar _default = /^(?:[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}|00000000-0000-0000-0000-000000000000)$/i;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = rng;\n// Unique ID creation requires a high quality random # generator. In the browser we therefore\n// require the crypto API and do not support built-in fallback to lower quality random number\n// generators (like Math.random()).\nlet getRandomValues;\nconst rnds8 = new Uint8Array(16);\n\nfunction rng() {\n  // lazy load so that environments that need to polyfill have a chance to do so\n  if (!getRandomValues) {\n    // getRandomValues needs to be invoked in a context where \"this\" is a Crypto implementation.\n    getRandomValues = typeof crypto !== 'undefined' && crypto.getRandomValues && crypto.getRandomValues.bind(crypto);\n\n    if (!getRandomValues) {\n      throw new Error('crypto.getRandomValues() not supported. See https://github.com/uuidjs/uuid#getrandomvalues-not-supported');\n    }\n  }\n\n  return getRandomValues(rnds8);\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\n// Adapted from Chris Veness' SHA1 code at\n// http://www.movable-type.co.uk/scripts/sha1.html\nfunction f(s, x, y, z) {\n  switch (s) {\n    case 0:\n      return x & y ^ ~x & z;\n\n    case 1:\n      return x ^ y ^ z;\n\n    case 2:\n      return x & y ^ x & z ^ y & z;\n\n    case 3:\n      return x ^ y ^ z;\n  }\n}\n\nfunction ROTL(x, n) {\n  return x << n | x >>> 32 - n;\n}\n\nfunction sha1(bytes) {\n  const K = [0x5a827999, 0x6ed9eba1, 0x8f1bbcdc, 0xca62c1d6];\n  const H = [0x67452301, 0xefcdab89, 0x98badcfe, 0x10325476, 0xc3d2e1f0];\n\n  if (typeof bytes === 'string') {\n    const msg = unescape(encodeURIComponent(bytes)); // UTF8 escape\n\n    bytes = [];\n\n    for (let i = 0; i < msg.length; ++i) {\n      bytes.push(msg.charCodeAt(i));\n    }\n  } else if (!Array.isArray(bytes)) {\n    // Convert Array-like to Array\n    bytes = Array.prototype.slice.call(bytes);\n  }\n\n  bytes.push(0x80);\n  const l = bytes.length / 4 + 2;\n  const N = Math.ceil(l / 16);\n  const M = new Array(N);\n\n  for (let i = 0; i < N; ++i) {\n    const arr = new Uint32Array(16);\n\n    for (let j = 0; j < 16; ++j) {\n      arr[j] = bytes[i * 64 + j * 4] << 24 | bytes[i * 64 + j * 4 + 1] << 16 | bytes[i * 64 + j * 4 + 2] << 8 | bytes[i * 64 + j * 4 + 3];\n    }\n\n    M[i] = arr;\n  }\n\n  M[N - 1][14] = (bytes.length - 1) * 8 / Math.pow(2, 32);\n  M[N - 1][14] = Math.floor(M[N - 1][14]);\n  M[N - 1][15] = (bytes.length - 1) * 8 & 0xffffffff;\n\n  for (let i = 0; i < N; ++i) {\n    const W = new Uint32Array(80);\n\n    for (let t = 0; t < 16; ++t) {\n      W[t] = M[i][t];\n    }\n\n    for (let t = 16; t < 80; ++t) {\n      W[t] = ROTL(W[t - 3] ^ W[t - 8] ^ W[t - 14] ^ W[t - 16], 1);\n    }\n\n    let a = H[0];\n    let b = H[1];\n    let c = H[2];\n    let d = H[3];\n    let e = H[4];\n\n    for (let t = 0; t < 80; ++t) {\n      const s = Math.floor(t / 20);\n      const T = ROTL(a, 5) + f(s, b, c, d) + e + K[s] + W[t] >>> 0;\n      e = d;\n      d = c;\n      c = ROTL(b, 30) >>> 0;\n      b = a;\n      a = T;\n    }\n\n    H[0] = H[0] + a >>> 0;\n    H[1] = H[1] + b >>> 0;\n    H[2] = H[2] + c >>> 0;\n    H[3] = H[3] + d >>> 0;\n    H[4] = H[4] + e >>> 0;\n  }\n\n  return [H[0] >> 24 & 0xff, H[0] >> 16 & 0xff, H[0] >> 8 & 0xff, H[0] & 0xff, H[1] >> 24 & 0xff, H[1] >> 16 & 0xff, H[1] >> 8 & 0xff, H[1] & 0xff, H[2] >> 24 & 0xff, H[2] >> 16 & 0xff, H[2] >> 8 & 0xff, H[2] & 0xff, H[3] >> 24 & 0xff, H[3] >> 16 & 0xff, H[3] >> 8 & 0xff, H[3] & 0xff, H[4] >> 24 & 0xff, H[4] >> 16 & 0xff, H[4] >> 8 & 0xff, H[4] & 0xff];\n}\n\nvar _default = sha1;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\nexports.unsafeStringify = unsafeStringify;\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\n/**\n * Convert array of 16 byte values to UUID string format of the form:\n * XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\n */\nconst byteToHex = [];\n\nfor (let i = 0; i < 256; ++i) {\n  byteToHex.push((i + 0x100).toString(16).slice(1));\n}\n\nfunction unsafeStringify(arr, offset = 0) {\n  // Note: Be careful editing this code!  It's been tuned for performance\n  // and works in ways you may not expect. See https://github.com/uuidjs/uuid/pull/434\n  return byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + '-' + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + '-' + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + '-' + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + '-' + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]];\n}\n\nfunction stringify(arr, offset = 0) {\n  const uuid = unsafeStringify(arr, offset); // Consistency check for valid UUID.  If this throws, it's likely due to one\n  // of the following:\n  // - One or more input array values don't map to a hex octet (leading to\n  // \"undefined\" in the uuid)\n  // - Invalid input values for the RFC `version` or `variant` fields\n\n  if (!(0, _validate.default)(uuid)) {\n    throw TypeError('Stringified UUID is invalid');\n  }\n\n  return uuid;\n}\n\nvar _default = stringify;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _rng = _interopRequireDefault(require(\"./rng.js\"));\n\nvar _stringify = require(\"./stringify.js\");\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\n// **`v1()` - Generate time-based UUID**\n//\n// Inspired by https://github.com/LiosK/UUID.js\n// and http://docs.python.org/library/uuid.html\nlet _nodeId;\n\nlet _clockseq; // Previous uuid creation time\n\n\nlet _lastMSecs = 0;\nlet _lastNSecs = 0; // See https://github.com/uuidjs/uuid for API details\n\nfunction v1(options, buf, offset) {\n  let i = buf && offset || 0;\n  const b = buf || new Array(16);\n  options = options || {};\n  let node = options.node || _nodeId;\n  let clockseq = options.clockseq !== undefined ? options.clockseq : _clockseq; // node and clockseq need to be initialized to random values if they're not\n  // specified.  We do this lazily to minimize issues related to insufficient\n  // system entropy.  See #189\n\n  if (node == null || clockseq == null) {\n    const seedBytes = options.random || (options.rng || _rng.default)();\n\n    if (node == null) {\n      // Per 4.5, create and 48-bit node id, (47 random bits + multicast bit = 1)\n      node = _nodeId = [seedBytes[0] | 0x01, seedBytes[1], seedBytes[2], seedBytes[3], seedBytes[4], seedBytes[5]];\n    }\n\n    if (clockseq == null) {\n      // Per 4.2.2, randomize (14 bit) clockseq\n      clockseq = _clockseq = (seedBytes[6] << 8 | seedBytes[7]) & 0x3fff;\n    }\n  } // UUID timestamps are 100 nano-second units since the Gregorian epoch,\n  // (1582-10-15 00:00).  JSNumbers aren't precise enough for this, so\n  // time is handled internally as 'msecs' (integer milliseconds) and 'nsecs'\n  // (100-nanoseconds offset from msecs) since unix epoch, 1970-01-01 00:00.\n\n\n  let msecs = options.msecs !== undefined ? options.msecs : Date.now(); // Per 4.2.1.2, use count of uuid's generated during the current clock\n  // cycle to simulate higher resolution clock\n\n  let nsecs = options.nsecs !== undefined ? options.nsecs : _lastNSecs + 1; // Time since last uuid creation (in msecs)\n\n  const dt = msecs - _lastMSecs + (nsecs - _lastNSecs) / 10000; // Per 4.2.1.2, Bump clockseq on clock regression\n\n  if (dt < 0 && options.clockseq === undefined) {\n    clockseq = clockseq + 1 & 0x3fff;\n  } // Reset nsecs if clock regresses (new clockseq) or we've moved onto a new\n  // time interval\n\n\n  if ((dt < 0 || msecs > _lastMSecs) && options.nsecs === undefined) {\n    nsecs = 0;\n  } // Per 4.2.1.2 Throw error if too many uuids are requested\n\n\n  if (nsecs >= 10000) {\n    throw new Error(\"uuid.v1(): Can't create more than 10M uuids/sec\");\n  }\n\n  _lastMSecs = msecs;\n  _lastNSecs = nsecs;\n  _clockseq = clockseq; // Per 4.1.4 - Convert from unix epoch to Gregorian epoch\n\n  msecs += 12219292800000; // `time_low`\n\n  const tl = ((msecs & 0xfffffff) * 10000 + nsecs) % 0x100000000;\n  b[i++] = tl >>> 24 & 0xff;\n  b[i++] = tl >>> 16 & 0xff;\n  b[i++] = tl >>> 8 & 0xff;\n  b[i++] = tl & 0xff; // `time_mid`\n\n  const tmh = msecs / 0x100000000 * 10000 & 0xfffffff;\n  b[i++] = tmh >>> 8 & 0xff;\n  b[i++] = tmh & 0xff; // `time_high_and_version`\n\n  b[i++] = tmh >>> 24 & 0xf | 0x10; // include version\n\n  b[i++] = tmh >>> 16 & 0xff; // `clock_seq_hi_and_reserved` (Per 4.2.2 - include variant)\n\n  b[i++] = clockseq >>> 8 | 0x80; // `clock_seq_low`\n\n  b[i++] = clockseq & 0xff; // `node`\n\n  for (let n = 0; n < 6; ++n) {\n    b[i + n] = node[n];\n  }\n\n  return buf || (0, _stringify.unsafeStringify)(b);\n}\n\nvar _default = v1;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _v = _interopRequireDefault(require(\"./v35.js\"));\n\nvar _md = _interopRequireDefault(require(\"./md5.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nconst v3 = (0, _v.default)('v3', 0x30, _md.default);\nvar _default = v3;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.URL = exports.DNS = void 0;\nexports.default = v35;\n\nvar _stringify = require(\"./stringify.js\");\n\nvar _parse = _interopRequireDefault(require(\"./parse.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction stringToBytes(str) {\n  str = unescape(encodeURIComponent(str)); // UTF8 escape\n\n  const bytes = [];\n\n  for (let i = 0; i < str.length; ++i) {\n    bytes.push(str.charCodeAt(i));\n  }\n\n  return bytes;\n}\n\nconst DNS = '6ba7b810-9dad-11d1-80b4-00c04fd430c8';\nexports.DNS = DNS;\nconst URL = '6ba7b811-9dad-11d1-80b4-00c04fd430c8';\nexports.URL = URL;\n\nfunction v35(name, version, hashfunc) {\n  function generateUUID(value, namespace, buf, offset) {\n    var _namespace;\n\n    if (typeof value === 'string') {\n      value = stringToBytes(value);\n    }\n\n    if (typeof namespace === 'string') {\n      namespace = (0, _parse.default)(namespace);\n    }\n\n    if (((_namespace = namespace) === null || _namespace === void 0 ? void 0 : _namespace.length) !== 16) {\n      throw TypeError('Namespace must be array-like (16 iterable integer values, 0-255)');\n    } // Compute hash of namespace and value, Per 4.3\n    // Future: Use spread syntax when supported on all platforms, e.g. `bytes =\n    // hashfunc([...namespace, ... value])`\n\n\n    let bytes = new Uint8Array(16 + value.length);\n    bytes.set(namespace);\n    bytes.set(value, namespace.length);\n    bytes = hashfunc(bytes);\n    bytes[6] = bytes[6] & 0x0f | version;\n    bytes[8] = bytes[8] & 0x3f | 0x80;\n\n    if (buf) {\n      offset = offset || 0;\n\n      for (let i = 0; i < 16; ++i) {\n        buf[offset + i] = bytes[i];\n      }\n\n      return buf;\n    }\n\n    return (0, _stringify.unsafeStringify)(bytes);\n  } // Function#name is not settable on some platforms (#270)\n\n\n  try {\n    generateUUID.name = name; // eslint-disable-next-line no-empty\n  } catch (err) {} // For CommonJS default export support\n\n\n  generateUUID.DNS = DNS;\n  generateUUID.URL = URL;\n  return generateUUID;\n}","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _native = _interopRequireDefault(require(\"./native.js\"));\n\nvar _rng = _interopRequireDefault(require(\"./rng.js\"));\n\nvar _stringify = require(\"./stringify.js\");\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction v4(options, buf, offset) {\n  if (_native.default.randomUUID && !buf && !options) {\n    return _native.default.randomUUID();\n  }\n\n  options = options || {};\n\n  const rnds = options.random || (options.rng || _rng.default)(); // Per 4.4, set bits for version and `clock_seq_hi_and_reserved`\n\n\n  rnds[6] = rnds[6] & 0x0f | 0x40;\n  rnds[8] = rnds[8] & 0x3f | 0x80; // Copy bytes to buffer, if provided\n\n  if (buf) {\n    offset = offset || 0;\n\n    for (let i = 0; i < 16; ++i) {\n      buf[offset + i] = rnds[i];\n    }\n\n    return buf;\n  }\n\n  return (0, _stringify.unsafeStringify)(rnds);\n}\n\nvar _default = v4;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _v = _interopRequireDefault(require(\"./v35.js\"));\n\nvar _sha = _interopRequireDefault(require(\"./sha1.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nconst v5 = (0, _v.default)('v5', 0x50, _sha.default);\nvar _default = v5;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _regex = _interopRequireDefault(require(\"./regex.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction validate(uuid) {\n  return typeof uuid === 'string' && _regex.default.test(uuid);\n}\n\nvar _default = validate;\nexports.default = _default;","\"use strict\";\n\nObject.defineProperty(exports, \"__esModule\", {\n  value: true\n});\nexports.default = void 0;\n\nvar _validate = _interopRequireDefault(require(\"./validate.js\"));\n\nfunction _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; }\n\nfunction version(uuid) {\n  if (!(0, _validate.default)(uuid)) {\n    throw TypeError('Invalid UUID');\n  }\n\n  return parseInt(uuid.slice(14, 15), 16);\n}\n\nvar _default = version;\nexports.default = _default;","/**!\n * lib/keyobject.js -- KMS Key Representation\n *\n * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.\n */\n \"use strict\";\n\nvar jose = require(\"node-jose\"),\n    uuid = require(\"uuid\");\n\nvar KMS = {\n  KeyObject: require(\"./keyobject\")\n};\n\nfunction KMSContext() {\n  var sharedKey = null,\n      clientInfo = {},\n      serverInfo = {};\n\n  Object.defineProperty(this, \"ephemeralKey\", {\n    get: function() {\n      // TODO: honor expiration\n      return sharedKey;\n    },\n    set: function(key) {\n      sharedKey = key ?\n                  KMS.KeyObject.fromObject(key) :\n                  null;\n    },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"clientInfo\", {\n    get: function() { return clientInfo; },\n    set: function(info) {\n      // TODO: validate client info\n      clientInfo = info || {};\n    },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"serverInfo\", {\n    get: function() { return serverInfo; },\n    set: function(info) {\n      // TODO: validate server info\n      serverInfo = info || {};\n    },\n    enumerable: true\n  });\n\n  Object.defineProperty(this, \"requestId\", {\n    value: function() {\n      return uuid();\n    }\n  });\n}\n\nKMSContext.prototype.createECDHKey = function() {\n  var clientInfo = this.clientInfo;\n  var ks = jose.JWK.createKeyStore();\n\n  // TODO: make this more configurable\n  var keyType = \"EC\",\n      keyOrder = \"P-256\",\n      expiresIn = 3600000;\n  var promise = ks.generate(keyType, keyOrder);\n  promise = promise.then(function(k) {\n    var ts = new Date();\n    var rep = {\n     uri: \"-internal/\" + k.kid,\n     jwk: k.toJSON(true),\n     userId: (clientInfo && clientInfo.credential && clientInfo.credential.userId) ||\n             \"\",\n     clientId: (clientInfo && clientInfo.clientId) ||\n               \"\",\n     createDate: ts,\n     expirationDate: new Date(ts.getTime() + expiresIn)\n    };\n\n    return new KMS.KeyObject(rep);\n  });\n  return promise;\n};\n\nKMSContext.prototype.deriveEphemeralKey = function(remote) {\n  var local = this.ephemeralKey;\n  if (!local || !local.jwk || \"EC\" !== local.jwk.kty) {\n    return Promise.reject(new Error(\"invalid local ECDH key\"));\n  }\n  remote = KMS.KeyObject.fromObject(remote);\n\n  var promise;\n  promise = Promise.all([local.asKey(), remote.asKey()]);\n  promise = promise.then(function(keys) {\n    var lkey = keys[0],\n        rkey = keys[1];\n    var props = {\n      public: rkey.toObject()\n    };\n    var k = lkey.toObject(true);\n    return jose.JWA.derive(\"ECDH-HKDF\", k, props);\n  });\n  promise = promise.then(function(result) {\n    var uri = remote.uri,\n        created = remote.createDate,\n        expires = remote.expirationDate;\n    var shared = {\n      uri: uri,\n      createDate: created,\n      expirationDate: expires,\n      jwk: {\n        kty: \"oct\",\n        kid: uri,\n        alg: \"A256GCM\",\n        k: jose.util.base64url.encode(result)\n      }\n    };\n    return new KMS.KeyObject(shared);\n  });\n  return promise;\n};\n\nmodule.exports = KMSContext;\n","/**!\n * lib/index.js -- KMS Entry Point\n *\n * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.\n */\n \"use strict\";\n\nmodule.exports = {\n  KeyObject: require(\"./keyobject\"),\n  Context: require(\"./context\"),\n  Request: require(\"./request\"),\n  Response: require(\"./response\")\n};\n","/**!\n * lib/keyobject.js -- KMS Key Representation\n *\n * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.\n */\n \"use strict\";\n\nvar cloneDeep = require(\"lodash.clonedeep\"),\n    jose = require(\"node-jose\");\n\nfunction KMSKeyObject(rep) {\n  rep = cloneDeep(rep || {});\n  // coerce date fields\n  [\"createDate\", \"expirationDate\", \"bindDate\"].forEach(function(f) {\n    if (f in rep && rep[f]) {\n      rep[f] = \"string\" === typeof rep[f] ?\n               new Date(Date.parse(rep[f])) :\n               rep[f];\n    }\n  });\n\n  Object.defineProperty(this, \"uri\", {\n    get: function() { return rep.uri || \"\"; },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"jwk\", {\n    get: function() { return rep.jwk || undefined; },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"userId\", {\n    get: function() { return rep.userId || \"\"; },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"clientId\", {\n    get: function() { return rep.clientId || \"\"; },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"createDate\", {\n    get: function() { return rep.createDate || undefined; },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"expirationDate\", {\n    get: function() { return rep.expirationDate || undefined; },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"bindDate\", {\n    get: function() { return rep.bindDate || undefined; },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"resourceUri\", {\n    get: function() { return rep.resourceUri || \"\"; },\n    enumerable: true\n  });\n}\n\n// ### Instance Methods ###\nKMSKeyObject.prototype.asKey = function() {\n  if (!this.jwk) {\n    return Promise.reject(new Error(\"'jwk' not set\"));\n  }\n  return jose.JWK.asKey(this.jwk);\n};\n\nKMSKeyObject.prototype.toJSON = function() {\n  var self = this,\n      json = {};\n  Object.keys(this).forEach(function(f) {\n    var v = self[f];\n    if (\"function\" === typeof v || \"undefined\" === typeof v) {\n      return;\n    }\n    if (v instanceof Date) {\n      v = v.toISOString();\n    }\n    json[f] = cloneDeep(v);\n  });\n\n  return json;\n};\n\n// ### Class Functions ###\nKMSKeyObject.fromObject = function(rep) {\n  if (!rep) {\n    throw new TypeError(\"representation required\");\n  }\n  if (rep instanceof KMSKeyObject) {\n    return rep;\n  }\n  return new KMSKeyObject(rep);\n};\n\nmodule.exports = KMSKeyObject;\n","/**!\n * lib/request.js -- KMS (Generic) Request\n *\n * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.\n */\n \"use strict\";\n\nvar clone = require(\"lodash.clone\"),\n    jose = require(\"node-jose\");\n\nfunction KMSRequest(body) {\n  var wrapped = \"\";\n  body = (body && clone(body)) || {};\n\n  Object.defineProperty(this, \"wrapped\", {\n    get: function() { return wrapped; },\n    set: function(w) { wrapped = String(w || \"\"); },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"body\", {\n    get: function() { return body; },\n    set: function(b) {\n      b = (b && clone(b)) || {};\n\n      // carry forward requestId\n      if (\"requestId\" in body) {\n        b.requestId = body.requestId;\n      }\n      // carry forward uri\n      if (\"uri\" in body) {\n        b.uri = body.uri;\n      }\n      // carry forward method\n      if (\"method\" in body) {\n        b.method = body.method;\n      }\n      // clear any wrapped, then save\n      wrapped = \"\";\n      body = b;\n    },\n    enumerable: true\n  });\n\n  Object.defineProperty(this, \"requestId\", {\n    get: function() { return body.requestId || \"\"; },\n    set: function(id) {\n      if (!id) {\n        delete body.requestId;\n      } else {\n        body.requestId = id;\n      }\n    },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"uri\", {\n    get: function() { return body.uri || \"\"; },\n    set: function(uri) {\n      if (!uri) {\n        delete body.uri;\n      } else {\n        body.uri = uri;\n      }\n    },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"method\", {\n    get: function() { return body.method || \"\"; },\n    set: function(method) {\n      if (!method) {\n        delete body.method;\n      } else {\n        body.method = method;\n      }\n    },\n    enumerable: true\n  });\n}\n\nKMSRequest.prototype.wrap = function(ctx, opts) {\n  opts = opts || {};\n\n  // TODO: make this more configurable\n  var self = this,\n      promise;\n\n  // set the requestId if not already set\n  if (!this.requestId || opts.requestId) {\n    this.requestId = opts.requestId || ctx.requestId();\n  }\n\n  var body = this.body;\n  body.client = ctx.clientInfo;\n\n  // prepare the key\n  if (opts.serverKey) {\n    promise = jose.JWK.asKey(ctx.serverInfo.key);\n  } else {\n    promise = ctx.ephemeralKey.asKey();\n  }\n  promise = promise.then(function(jwk) {\n    var key = jwk;\n    var cfg = {\n      compact: true,\n      contentAlg: opts.contentAlg || \"A256GCM\"\n    };\n    var jwe = jose.JWE.createEncrypt(cfg, key);\n    return jwe.final(JSON.stringify(self.body), \"utf8\");\n  });\n  promise = promise.then(function(result) {\n    // save wrapped\n    self.wrapped = result;\n    return result;\n  });\n  return promise;\n};\n\nmodule.exports = KMSRequest;\n","/**!\n * lib/response.js -- KMS (Generic) Response\n *\n * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.\n */\n \"use strict\";\n\nvar clone = require(\"lodash.clone\"),\n    jose = require(\"node-jose\");\n\nfunction KMSResponse(wrapped) {\n  wrapped = wrapped || \"\";\n  var body = {};\n\n  Object.defineProperty(this, \"wrapped\", {\n    get: function() { return wrapped; },\n    set: function(w) {\n      // clear existing body before saving wrapped\n      body = {};\n      wrapped = String(w || \"\");\n    },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"body\", {\n    get: function() { return body; },\n    set: function(b) { body = (b && clone(b)) || {}; },\n    enumerable: true\n  });\n\n  Object.defineProperty(this, \"status\", {\n    get: function() { return body.status || 0; },\n    set: function(s) {\n      s = parseInt(s);\n      if (!isNaN(s)) {\n        body.status = s;\n      }\n    },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"reason\", {\n    get: function() { return body.reason || \"\"; },\n    set: function(r) { body.reason = String(r || \"\"); },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"requestId\", {\n    get: function() { return body.requestId || \"\"; },\n    set: function(id) { body.requestId = String(id || \"\"); },\n    enumerable: true\n  });\n}\n\nKMSResponse.prototype.unwrap = function(ctx, opts) {\n  opts = opts || {};\n\n  var keystore = jose.JWK.createKeyStore(),\n      waiting = [],\n      key;\n\n  // add ephemeral key (if any)\n  key = ctx.ephemeralKey && ctx.ephemeralKey.jwk;\n  if (key) {\n    waiting.push(keystore.add(key));\n  }\n  // add server key (if any)\n  key = ctx.serverInfo && ctx.serverInfo.key;\n  if (key) {\n    waiting.push(keystore.add(key));\n  }\n\n  var self = this;\n  var promise = Promise.all(waiting);\n  promise = promise.then(function() {\n    var wrapped = self.wrapped;\n    // count the dots\n    switch ((wrapped.match(/\\./g) || []).length) {\n      case 2:   // signed\n        return jose.JWS.createVerify(keystore).\n               verify(wrapped);\n      case 4:   // encrypted\n        return jose.JWE.createDecrypt(keystore).\n               decrypt(wrapped);\n      default:  // bogus\n        return Promise.reject(new Error(\"invalid wrapped\"));\n    }\n  });\n  promise = promise.then(function(result) {\n    // parse result to JSON\n    result = (result.plaintext || result.payload).toString(\"utf8\");\n    result = JSON.parse(result);\n    // save it before returning it\n    self.body = result;\n    return result;\n  });\n  return promise;\n};\n\nmodule.exports = KMSResponse;\n","\nvar rng;\n\nvar crypto = global.crypto || global.msCrypto; // for IE 11\nif (crypto && crypto.getRandomValues) {\n  // WHATWG crypto-based RNG - http://wiki.whatwg.org/wiki/Crypto\n  // Moderately fast, high quality\n  var _rnds8 = new Uint8Array(16);\n  rng = function whatwgRNG() {\n    crypto.getRandomValues(_rnds8);\n    return _rnds8;\n  };\n}\n\nif (!rng) {\n  // Math.random()-based (RNG)\n  //\n  // If all else fails, use Math.random().  It's fast, but is of unspecified\n  // quality.\n  var  _rnds = new Array(16);\n  rng = function() {\n    for (var i = 0, r; i < 16; i++) {\n      if ((i & 0x03) === 0) r = Math.random() * 0x100000000;\n      _rnds[i] = r >>> ((i & 0x03) << 3) & 0xff;\n    }\n\n    return _rnds;\n  };\n}\n\nmodule.exports = rng;\n\n","//     uuid.js\n//\n//     Copyright (c) 2010-2012 Robert Kieffer\n//     MIT License - http://opensource.org/licenses/mit-license.php\n\n// Unique ID creation requires a high quality random # generator.  We feature\n// detect to determine the best RNG source, normalizing to a function that\n// returns 128-bits of randomness, since that's what's usually required\nvar _rng = require('./rng');\n\n// Maps for number <-> hex string conversion\nvar _byteToHex = [];\nvar _hexToByte = {};\nfor (var i = 0; i < 256; i++) {\n  _byteToHex[i] = (i + 0x100).toString(16).substr(1);\n  _hexToByte[_byteToHex[i]] = i;\n}\n\n// **`parse()` - Parse a UUID into it's component bytes**\nfunction parse(s, buf, offset) {\n  var i = (buf && offset) || 0, ii = 0;\n\n  buf = buf || [];\n  s.toLowerCase().replace(/[0-9a-f]{2}/g, function(oct) {\n    if (ii < 16) { // Don't overflow!\n      buf[i + ii++] = _hexToByte[oct];\n    }\n  });\n\n  // Zero out remaining bytes if string was short\n  while (ii < 16) {\n    buf[i + ii++] = 0;\n  }\n\n  return buf;\n}\n\n// **`unparse()` - Convert UUID byte array (ala parse()) into a string**\nfunction unparse(buf, offset) {\n  var i = offset || 0, bth = _byteToHex;\n  return  bth[buf[i++]] + bth[buf[i++]] +\n          bth[buf[i++]] + bth[buf[i++]] + '-' +\n          bth[buf[i++]] + bth[buf[i++]] + '-' +\n          bth[buf[i++]] + bth[buf[i++]] + '-' +\n          bth[buf[i++]] + bth[buf[i++]] + '-' +\n          bth[buf[i++]] + bth[buf[i++]] +\n          bth[buf[i++]] + bth[buf[i++]] +\n          bth[buf[i++]] + bth[buf[i++]];\n}\n\n// **`v1()` - Generate time-based UUID**\n//\n// Inspired by https://github.com/LiosK/UUID.js\n// and http://docs.python.org/library/uuid.html\n\n// random #'s we need to init node and clockseq\nvar _seedBytes = _rng();\n\n// Per 4.5, create and 48-bit node id, (47 random bits + multicast bit = 1)\nvar _nodeId = [\n  _seedBytes[0] | 0x01,\n  _seedBytes[1], _seedBytes[2], _seedBytes[3], _seedBytes[4], _seedBytes[5]\n];\n\n// Per 4.2.2, randomize (14 bit) clockseq\nvar _clockseq = (_seedBytes[6] << 8 | _seedBytes[7]) & 0x3fff;\n\n// Previous uuid creation time\nvar _lastMSecs = 0, _lastNSecs = 0;\n\n// See https://github.com/broofa/node-uuid for API details\nfunction v1(options, buf, offset) {\n  var i = buf && offset || 0;\n  var b = buf || [];\n\n  options = options || {};\n\n  var clockseq = options.clockseq !== undefined ? options.clockseq : _clockseq;\n\n  // UUID timestamps are 100 nano-second units since the Gregorian epoch,\n  // (1582-10-15 00:00).  JSNumbers aren't precise enough for this, so\n  // time is handled internally as 'msecs' (integer milliseconds) and 'nsecs'\n  // (100-nanoseconds offset from msecs) since unix epoch, 1970-01-01 00:00.\n  var msecs = options.msecs !== undefined ? options.msecs : new Date().getTime();\n\n  // Per 4.2.1.2, use count of uuid's generated during the current clock\n  // cycle to simulate higher resolution clock\n  var nsecs = options.nsecs !== undefined ? options.nsecs : _lastNSecs + 1;\n\n  // Time since last uuid creation (in msecs)\n  var dt = (msecs - _lastMSecs) + (nsecs - _lastNSecs)/10000;\n\n  // Per 4.2.1.2, Bump clockseq on clock regression\n  if (dt < 0 && options.clockseq === undefined) {\n    clockseq = clockseq + 1 & 0x3fff;\n  }\n\n  // Reset nsecs if clock regresses (new clockseq) or we've moved onto a new\n  // time interval\n  if ((dt < 0 || msecs > _lastMSecs) && options.nsecs === undefined) {\n    nsecs = 0;\n  }\n\n  // Per 4.2.1.2 Throw error if too many uuids are requested\n  if (nsecs >= 10000) {\n    throw new Error('uuid.v1(): Can\\'t create more than 10M uuids/sec');\n  }\n\n  _lastMSecs = msecs;\n  _lastNSecs = nsecs;\n  _clockseq = clockseq;\n\n  // Per 4.1.4 - Convert from unix epoch to Gregorian epoch\n  msecs += 12219292800000;\n\n  // `time_low`\n  var tl = ((msecs & 0xfffffff) * 10000 + nsecs) % 0x100000000;\n  b[i++] = tl >>> 24 & 0xff;\n  b[i++] = tl >>> 16 & 0xff;\n  b[i++] = tl >>> 8 & 0xff;\n  b[i++] = tl & 0xff;\n\n  // `time_mid`\n  var tmh = (msecs / 0x100000000 * 10000) & 0xfffffff;\n  b[i++] = tmh >>> 8 & 0xff;\n  b[i++] = tmh & 0xff;\n\n  // `time_high_and_version`\n  b[i++] = tmh >>> 24 & 0xf | 0x10; // include version\n  b[i++] = tmh >>> 16 & 0xff;\n\n  // `clock_seq_hi_and_reserved` (Per 4.2.2 - include variant)\n  b[i++] = clockseq >>> 8 | 0x80;\n\n  // `clock_seq_low`\n  b[i++] = clockseq & 0xff;\n\n  // `node`\n  var node = options.node || _nodeId;\n  for (var n = 0; n < 6; n++) {\n    b[i + n] = node[n];\n  }\n\n  return buf ? buf : unparse(b);\n}\n\n// **`v4()` - Generate random UUID**\n\n// See https://github.com/broofa/node-uuid for API details\nfunction v4(options, buf, offset) {\n  // Deprecated - 'format' argument, as supported in v1.2\n  var i = buf && offset || 0;\n\n  if (typeof(options) == 'string') {\n    buf = options == 'binary' ? new Array(16) : null;\n    options = null;\n  }\n  options = options || {};\n\n  var rnds = options.random || (options.rng || _rng)();\n\n  // Per 4.4, set bits for version and `clock_seq_hi_and_reserved`\n  rnds[6] = (rnds[6] & 0x0f) | 0x40;\n  rnds[8] = (rnds[8] & 0x3f) | 0x80;\n\n  // Copy bytes to buffer, if provided\n  if (buf) {\n    for (var ii = 0; ii < 16; ii++) {\n      buf[i + ii] = rnds[ii];\n    }\n  }\n\n  return buf || unparse(rnds);\n}\n\n// Export public API\nvar uuid = v4;\nuuid.v1 = v1;\nuuid.v4 = v4;\nuuid.parse = parse;\nuuid.unparse = unparse;\n\nmodule.exports = uuid;\n","/**!\n * lib/index.js -- SCR Implementation\n *\n * Copyright (c) 2015 Cisco Systems, Inc. See LICENSE file.\n */\n \"use strict\";\n\nvar clone = require(\"lodash.clone\"),\n    jose = require(\"node-jose\");\n\nfunction SCRObject(cfg) {\n  cfg.loc = cfg.loc || undefined;\n  cfg.tag = cfg.tag || undefined;\n\n  Object.defineProperty(this, \"enc\", {\n    get: function() {\n      return cfg.enc;\n    },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"key\", {\n    get: function() {\n      return cfg.key;\n    },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"iv\", {\n    get: function() {\n      return cfg.iv;\n    },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"aad\", {\n    get: function() {\n      return cfg.aad;\n    },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"loc\", {\n    get: function() {\n      return cfg.loc;\n    },\n    set: function(loc) {\n      cfg.loc = loc;\n    },\n    enumerable: true\n  });\n  Object.defineProperty(this, \"tag\", {\n    get: function() {\n      return cfg.tag;\n    },\n    enumerable: true\n  });\n\n  Object.defineProperty(this, \"toJSON\", {\n    value: function() {\n      var key = cfg.key.get(\"k\", true);\n      var data = {};\n      data.enc = cfg.enc;\n      data.key = jose.util.base64url.encode(key);\n      data.iv = jose.util.base64url.encode(cfg.iv);\n      data.aad = cfg.aad;\n\n      if (cfg.loc) {\n        data.loc = cfg.loc;\n      }\n      if (cfg.tag) {\n        data.tag = jose.util.base64url.encode(cfg.tag);\n      }\n\n      return data;\n    }\n  });\n  Object.defineProperty(this, \"toJWE\", {\n    value: function(jwk) {\n      var self = this,\n          promise;\n      promise = jose.JWK.asKey(jwk);\n      promise = promise.then(function(jwk) {\n        var rcpt = {\n          header: {\n            alg: \"dir\"\n          },\n          key: jwk,\n          reference: false\n        };\n        var opts = {\n          compact: true,\n          contentAlg: cfg.enc\n        };\n\n        var data = self.toJSON();\n        data = JSON.stringify(data);\n        return jose.JWE.createEncrypt(opts, rcpt).\n               final(data, \"utf8\");\n      });\n\n      return promise;\n    }\n  });\n\n  Object.defineProperty(this, \"encrypt\", {\n    value: function(pdata) {\n      var props = {\n        iv: cfg.iv,\n        adata: new Buffer(cfg.aad, \"utf8\")\n      };\n\n      // condition the data before encrypting\n      pdata = jose.util.asBuffer(pdata);\n      return cfg.key.encrypt(cfg.enc, pdata, props).\n             then(function(result) {\n                var cdata = result.data;\n                cfg.tag = result.tag;\n\n                return cdata;\n             });\n    }\n  });\n  Object.defineProperty(this, \"decrypt\", {\n    value: function(cdata) {\n        var props = {\n          iv: cfg.iv,\n          adata: new Buffer(cfg.aad, \"utf8\"),\n          mac: cfg.tag\n        };\n\n        // condition data before decrypting\n        cdata = jose.util.asBuffer(cdata);\n        return cfg.key.decrypt(cfg.enc, cdata, props).\n               then(function(pdata) {\n                  return pdata;\n               });\n    }\n  });\n}\n\nvar SCR = {\n  create: function() {\n    // TODO: make this more configurable\n    // TODO: abstract away forge??\n    var iv = jose.util.randomBytes(12);\n    var aad = new Date().toISOString();\n\n    var keystore = jose.JWK.createKeyStore();\n    var promise = keystore.generate(\"oct\", 256);\n    promise = promise.then(function(key) {\n      return new SCRObject({\n        enc: \"A256GCM\",\n        key: key,\n        iv: iv,\n        aad: aad\n      });\n    });\n\n    return promise;\n  },\n  fromJWE: function(jwk, jwe) {\n    var promise;\n    promise = jose.JWK.asKey(jwk);\n    promise = promise.then(function(jwk) {\n      return jose.JWE.createDecrypt(jwk).decrypt(jwe);\n    });\n    promise = promise.then(function(result) {\n      result = result.plaintext.toString(\"utf8\");\n      result = JSON.parse(result);\n      return SCR.fromJSON(result);\n    });\n\n    return promise;\n  },\n  fromJSON: function(json) {\n    // create a copy to mitigate tampering\n    var cfg = clone(json);\n\n    var promise;\n    if (json.key) {\n      promise = jose.JWK.asKey({\n        kty: \"oct\",\n        k: json.key\n      });\n    } else {\n      promise = Promise.resolve();\n    }\n    promise = promise.then(function(key) {\n      if (key) {\n        cfg.key = key;\n      }\n\n      if (\"iv\" in cfg) {\n        cfg.iv = Buffer.isBuffer(cfg.iv) ?\n                 cfg.iv :\n                 jose.util.base64url.decode(cfg.iv);\n      }\n      if (\"tag\" in cfg) {\n        cfg.tag = Buffer.isBuffer(cfg.tag) ?\n                  cfg.tag :\n                  jose.util.base64url.decode(cfg.tag);\n      }\n\n      return new SCRObject(cfg);\n    });\n\n    return promise;\n  }\n};\n\nmodule.exports = SCR;\n","var hasMap = typeof Map === 'function' && Map.prototype;\nvar mapSizeDescriptor = Object.getOwnPropertyDescriptor && hasMap ? Object.getOwnPropertyDescriptor(Map.prototype, 'size') : null;\nvar mapSize = hasMap && mapSizeDescriptor && typeof mapSizeDescriptor.get === 'function' ? mapSizeDescriptor.get : null;\nvar mapForEach = hasMap && Map.prototype.forEach;\nvar hasSet = typeof Set === 'function' && Set.prototype;\nvar setSizeDescriptor = Object.getOwnPropertyDescriptor && hasSet ? Object.getOwnPropertyDescriptor(Set.prototype, 'size') : null;\nvar setSize = hasSet && setSizeDescriptor && typeof setSizeDescriptor.get === 'function' ? setSizeDescriptor.get : null;\nvar setForEach = hasSet && Set.prototype.forEach;\nvar hasWeakMap = typeof WeakMap === 'function' && WeakMap.prototype;\nvar weakMapHas = hasWeakMap ? WeakMap.prototype.has : null;\nvar hasWeakSet = typeof WeakSet === 'function' && WeakSet.prototype;\nvar weakSetHas = hasWeakSet ? WeakSet.prototype.has : null;\nvar hasWeakRef = typeof WeakRef === 'function' && WeakRef.prototype;\nvar weakRefDeref = hasWeakRef ? WeakRef.prototype.deref : null;\nvar booleanValueOf = Boolean.prototype.valueOf;\nvar objectToString = Object.prototype.toString;\nvar functionToString = Function.prototype.toString;\nvar $match = String.prototype.match;\nvar $slice = String.prototype.slice;\nvar $replace = String.prototype.replace;\nvar $toUpperCase = String.prototype.toUpperCase;\nvar $toLowerCase = String.prototype.toLowerCase;\nvar $test = RegExp.prototype.test;\nvar $concat = Array.prototype.concat;\nvar $join = Array.prototype.join;\nvar $arrSlice = Array.prototype.slice;\nvar $floor = Math.floor;\nvar bigIntValueOf = typeof BigInt === 'function' ? BigInt.prototype.valueOf : null;\nvar gOPS = Object.getOwnPropertySymbols;\nvar symToString = typeof Symbol === 'function' && typeof Symbol.iterator === 'symbol' ? Symbol.prototype.toString : null;\nvar hasShammedSymbols = typeof Symbol === 'function' && typeof Symbol.iterator === 'object';\n// ie, `has-tostringtag/shams\nvar toStringTag = typeof Symbol === 'function' && Symbol.toStringTag && (typeof Symbol.toStringTag === hasShammedSymbols ? 'object' : 'symbol')\n    ? Symbol.toStringTag\n    : null;\nvar isEnumerable = Object.prototype.propertyIsEnumerable;\n\nvar gPO = (typeof Reflect === 'function' ? Reflect.getPrototypeOf : Object.getPrototypeOf) || (\n    [].__proto__ === Array.prototype // eslint-disable-line no-proto\n        ? function (O) {\n            return O.__proto__; // eslint-disable-line no-proto\n        }\n        : null\n);\n\nfunction addNumericSeparator(num, str) {\n    if (\n        num === Infinity\n        || num === -Infinity\n        || num !== num\n        || (num && num > -1000 && num < 1000)\n        || $test.call(/e/, str)\n    ) {\n        return str;\n    }\n    var sepRegex = /[0-9](?=(?:[0-9]{3})+(?![0-9]))/g;\n    if (typeof num === 'number') {\n        var int = num < 0 ? -$floor(-num) : $floor(num); // trunc(num)\n        if (int !== num) {\n            var intStr = String(int);\n            var dec = $slice.call(str, intStr.length + 1);\n            return $replace.call(intStr, sepRegex, '$&_') + '.' + $replace.call($replace.call(dec, /([0-9]{3})/g, '$&_'), /_$/, '');\n        }\n    }\n    return $replace.call(str, sepRegex, '$&_');\n}\n\nvar utilInspect = require('./util.inspect');\nvar inspectCustom = utilInspect.custom;\nvar inspectSymbol = isSymbol(inspectCustom) ? inspectCustom : null;\n\nvar quotes = {\n    __proto__: null,\n    'double': '\"',\n    single: \"'\"\n};\nvar quoteREs = {\n    __proto__: null,\n    'double': /([\"\\\\])/g,\n    single: /(['\\\\])/g\n};\n\nmodule.exports = function inspect_(obj, options, depth, seen) {\n    var opts = options || {};\n\n    if (has(opts, 'quoteStyle') && !has(quotes, opts.quoteStyle)) {\n        throw new TypeError('option \"quoteStyle\" must be \"single\" or \"double\"');\n    }\n    if (\n        has(opts, 'maxStringLength') && (typeof opts.maxStringLength === 'number'\n            ? opts.maxStringLength < 0 && opts.maxStringLength !== Infinity\n            : opts.maxStringLength !== null\n        )\n    ) {\n        throw new TypeError('option \"maxStringLength\", if provided, must be a positive integer, Infinity, or `null`');\n    }\n    var customInspect = has(opts, 'customInspect') ? opts.customInspect : true;\n    if (typeof customInspect !== 'boolean' && customInspect !== 'symbol') {\n        throw new TypeError('option \"customInspect\", if provided, must be `true`, `false`, or `\\'symbol\\'`');\n    }\n\n    if (\n        has(opts, 'indent')\n        && opts.indent !== null\n        && opts.indent !== '\\t'\n        && !(parseInt(opts.indent, 10) === opts.indent && opts.indent > 0)\n    ) {\n        throw new TypeError('option \"indent\" must be \"\\\\t\", an integer > 0, or `null`');\n    }\n    if (has(opts, 'numericSeparator') && typeof opts.numericSeparator !== 'boolean') {\n        throw new TypeError('option \"numericSeparator\", if provided, must be `true` or `false`');\n    }\n    var numericSeparator = opts.numericSeparator;\n\n    if (typeof obj === 'undefined') {\n        return 'undefined';\n    }\n    if (obj === null) {\n        return 'null';\n    }\n    if (typeof obj === 'boolean') {\n        return obj ? 'true' : 'false';\n    }\n\n    if (typeof obj === 'string') {\n        return inspectString(obj, opts);\n    }\n    if (typeof obj === 'number') {\n        if (obj === 0) {\n            return Infinity / obj > 0 ? '0' : '-0';\n        }\n        var str = String(obj);\n        return numericSeparator ? addNumericSeparator(obj, str) : str;\n    }\n    if (typeof obj === 'bigint') {\n        var bigIntStr = String(obj) + 'n';\n        return numericSeparator ? addNumericSeparator(obj, bigIntStr) : bigIntStr;\n    }\n\n    var maxDepth = typeof opts.depth === 'undefined' ? 5 : opts.depth;\n    if (typeof depth === 'undefined') { depth = 0; }\n    if (depth >= maxDepth && maxDepth > 0 && typeof obj === 'object') {\n        return isArray(obj) ? '[Array]' : '[Object]';\n    }\n\n    var indent = getIndent(opts, depth);\n\n    if (typeof seen === 'undefined') {\n        seen = [];\n    } else if (indexOf(seen, obj) >= 0) {\n        return '[Circular]';\n    }\n\n    function inspect(value, from, noIndent) {\n        if (from) {\n            seen = $arrSlice.call(seen);\n            seen.push(from);\n        }\n        if (noIndent) {\n            var newOpts = {\n                depth: opts.depth\n            };\n            if (has(opts, 'quoteStyle')) {\n                newOpts.quoteStyle = opts.quoteStyle;\n            }\n            return inspect_(value, newOpts, depth + 1, seen);\n        }\n        return inspect_(value, opts, depth + 1, seen);\n    }\n\n    if (typeof obj === 'function' && !isRegExp(obj)) { // in older engines, regexes are callable\n        var name = nameOf(obj);\n        var keys = arrObjKeys(obj, inspect);\n        return '[Function' + (name ? ': ' + name : ' (anonymous)') + ']' + (keys.length > 0 ? ' { ' + $join.call(keys, ', ') + ' }' : '');\n    }\n    if (isSymbol(obj)) {\n        var symString = hasShammedSymbols ? $replace.call(String(obj), /^(Symbol\\(.*\\))_[^)]*$/, '$1') : symToString.call(obj);\n        return typeof obj === 'object' && !hasShammedSymbols ? markBoxed(symString) : symString;\n    }\n    if (isElement(obj)) {\n        var s = '<' + $toLowerCase.call(String(obj.nodeName));\n        var attrs = obj.attributes || [];\n        for (var i = 0; i < attrs.length; i++) {\n            s += ' ' + attrs[i].name + '=' + wrapQuotes(quote(attrs[i].value), 'double', opts);\n        }\n        s += '>';\n        if (obj.childNodes && obj.childNodes.length) { s += '...'; }\n        s += '</' + $toLowerCase.call(String(obj.nodeName)) + '>';\n        return s;\n    }\n    if (isArray(obj)) {\n        if (obj.length === 0) { return '[]'; }\n        var xs = arrObjKeys(obj, inspect);\n        if (indent && !singleLineValues(xs)) {\n            return '[' + indentedJoin(xs, indent) + ']';\n        }\n        return '[ ' + $join.call(xs, ', ') + ' ]';\n    }\n    if (isError(obj)) {\n        var parts = arrObjKeys(obj, inspect);\n        if (!('cause' in Error.prototype) && 'cause' in obj && !isEnumerable.call(obj, 'cause')) {\n            return '{ [' + String(obj) + '] ' + $join.call($concat.call('[cause]: ' + inspect(obj.cause), parts), ', ') + ' }';\n        }\n        if (parts.length === 0) { return '[' + String(obj) + ']'; }\n        return '{ [' + String(obj) + '] ' + $join.call(parts, ', ') + ' }';\n    }\n    if (typeof obj === 'object' && customInspect) {\n        if (inspectSymbol && typeof obj[inspectSymbol] === 'function' && utilInspect) {\n            return utilInspect(obj, { depth: maxDepth - depth });\n        } else if (customInspect !== 'symbol' && typeof obj.inspect === 'function') {\n            return obj.inspect();\n        }\n    }\n    if (isMap(obj)) {\n        var mapParts = [];\n        if (mapForEach) {\n            mapForEach.call(obj, function (value, key) {\n                mapParts.push(inspect(key, obj, true) + ' => ' + inspect(value, obj));\n            });\n        }\n        return collectionOf('Map', mapSize.call(obj), mapParts, indent);\n    }\n    if (isSet(obj)) {\n        var setParts = [];\n        if (setForEach) {\n            setForEach.call(obj, function (value) {\n                setParts.push(inspect(value, obj));\n            });\n        }\n        return collectionOf('Set', setSize.call(obj), setParts, indent);\n    }\n    if (isWeakMap(obj)) {\n        return weakCollectionOf('WeakMap');\n    }\n    if (isWeakSet(obj)) {\n        return weakCollectionOf('WeakSet');\n    }\n    if (isWeakRef(obj)) {\n        return weakCollectionOf('WeakRef');\n    }\n    if (isNumber(obj)) {\n        return markBoxed(inspect(Number(obj)));\n    }\n    if (isBigInt(obj)) {\n        return markBoxed(inspect(bigIntValueOf.call(obj)));\n    }\n    if (isBoolean(obj)) {\n        return markBoxed(booleanValueOf.call(obj));\n    }\n    if (isString(obj)) {\n        return markBoxed(inspect(String(obj)));\n    }\n    // note: in IE 8, sometimes `global !== window` but both are the prototypes of each other\n    /* eslint-env browser */\n    if (typeof window !== 'undefined' && obj === window) {\n        return '{ [object Window] }';\n    }\n    if (\n        (typeof globalThis !== 'undefined' && obj === globalThis)\n        || (typeof global !== 'undefined' && obj === global)\n    ) {\n        return '{ [object globalThis] }';\n    }\n    if (!isDate(obj) && !isRegExp(obj)) {\n        var ys = arrObjKeys(obj, inspect);\n        var isPlainObject = gPO ? gPO(obj) === Object.prototype : obj instanceof Object || obj.constructor === Object;\n        var protoTag = obj instanceof Object ? '' : 'null prototype';\n        var stringTag = !isPlainObject && toStringTag && Object(obj) === obj && toStringTag in obj ? $slice.call(toStr(obj), 8, -1) : protoTag ? 'Object' : '';\n        var constructorTag = isPlainObject || typeof obj.constructor !== 'function' ? '' : obj.constructor.name ? obj.constructor.name + ' ' : '';\n        var tag = constructorTag + (stringTag || protoTag ? '[' + $join.call($concat.call([], stringTag || [], protoTag || []), ': ') + '] ' : '');\n        if (ys.length === 0) { return tag + '{}'; }\n        if (indent) {\n            return tag + '{' + indentedJoin(ys, indent) + '}';\n        }\n        return tag + '{ ' + $join.call(ys, ', ') + ' }';\n    }\n    return String(obj);\n};\n\nfunction wrapQuotes(s, defaultStyle, opts) {\n    var style = opts.quoteStyle || defaultStyle;\n    var quoteChar = quotes[style];\n    return quoteChar + s + quoteChar;\n}\n\nfunction quote(s) {\n    return $replace.call(String(s), /\"/g, '&quot;');\n}\n\nfunction isArray(obj) { return toStr(obj) === '[object Array]' && (!toStringTag || !(typeof obj === 'object' && toStringTag in obj)); }\nfunction isDate(obj) { return toStr(obj) === '[object Date]' && (!toStringTag || !(typeof obj === 'object' && toStringTag in obj)); }\nfunction isRegExp(obj) { return toStr(obj) === '[object RegExp]' && (!toStringTag || !(typeof obj === 'object' && toStringTag in obj)); }\nfunction isError(obj) { return toStr(obj) === '[object Error]' && (!toStringTag || !(typeof obj === 'object' && toStringTag in obj)); }\nfunction isString(obj) { return toStr(obj) === '[object String]' && (!toStringTag || !(typeof obj === 'object' && toStringTag in obj)); }\nfunction isNumber(obj) { return toStr(obj) === '[object Number]' && (!toStringTag || !(typeof obj === 'object' && toStringTag in obj)); }\nfunction isBoolean(obj) { return toStr(obj) === '[object Boolean]' && (!toStringTag || !(typeof obj === 'object' && toStringTag in obj)); }\n\n// Symbol and BigInt do have Symbol.toStringTag by spec, so that can't be used to eliminate false positives\nfunction isSymbol(obj) {\n    if (hasShammedSymbols) {\n        return obj && typeof obj === 'object' && obj instanceof Symbol;\n    }\n    if (typeof obj === 'symbol') {\n        return true;\n    }\n    if (!obj || typeof obj !== 'object' || !symToString) {\n        return false;\n    }\n    try {\n        symToString.call(obj);\n        return true;\n    } catch (e) {}\n    return false;\n}\n\nfunction isBigInt(obj) {\n    if (!obj || typeof obj !== 'object' || !bigIntValueOf) {\n        return false;\n    }\n    try {\n        bigIntValueOf.call(obj);\n        return true;\n    } catch (e) {}\n    return false;\n}\n\nvar hasOwn = Object.prototype.hasOwnProperty || function (key) { return key in this; };\nfunction has(obj, key) {\n    return hasOwn.call(obj, key);\n}\n\nfunction toStr(obj) {\n    return objectToString.call(obj);\n}\n\nfunction nameOf(f) {\n    if (f.name) { return f.name; }\n    var m = $match.call(functionToString.call(f), /^function\\s*([\\w$]+)/);\n    if (m) { return m[1]; }\n    return null;\n}\n\nfunction indexOf(xs, x) {\n    if (xs.indexOf) { return xs.indexOf(x); }\n    for (var i = 0, l = xs.length; i < l; i++) {\n        if (xs[i] === x) { return i; }\n    }\n    return -1;\n}\n\nfunction isMap(x) {\n    if (!mapSize || !x || typeof x !== 'object') {\n        return false;\n    }\n    try {\n        mapSize.call(x);\n        try {\n            setSize.call(x);\n        } catch (s) {\n            return true;\n        }\n        return x instanceof Map; // core-js workaround, pre-v2.5.0\n    } catch (e) {}\n    return false;\n}\n\nfunction isWeakMap(x) {\n    if (!weakMapHas || !x || typeof x !== 'object') {\n        return false;\n    }\n    try {\n        weakMapHas.call(x, weakMapHas);\n        try {\n            weakSetHas.call(x, weakSetHas);\n        } catch (s) {\n            return true;\n        }\n        return x instanceof WeakMap; // core-js workaround, pre-v2.5.0\n    } catch (e) {}\n    return false;\n}\n\nfunction isWeakRef(x) {\n    if (!weakRefDeref || !x || typeof x !== 'object') {\n        return false;\n    }\n    try {\n        weakRefDeref.call(x);\n        return true;\n    } catch (e) {}\n    return false;\n}\n\nfunction isSet(x) {\n    if (!setSize || !x || typeof x !== 'object') {\n        return false;\n    }\n    try {\n        setSize.call(x);\n        try {\n            mapSize.call(x);\n        } catch (m) {\n            return true;\n        }\n        return x instanceof Set; // core-js workaround, pre-v2.5.0\n    } catch (e) {}\n    return false;\n}\n\nfunction isWeakSet(x) {\n    if (!weakSetHas || !x || typeof x !== 'object') {\n        return false;\n    }\n    try {\n        weakSetHas.call(x, weakSetHas);\n        try {\n            weakMapHas.call(x, weakMapHas);\n        } catch (s) {\n            return true;\n        }\n        return x instanceof WeakSet; // core-js workaround, pre-v2.5.0\n    } catch (e) {}\n    return false;\n}\n\nfunction isElement(x) {\n    if (!x || typeof x !== 'object') { return false; }\n    if (typeof HTMLElement !== 'undefined' && x instanceof HTMLElement) {\n        return true;\n    }\n    return typeof x.nodeName === 'string' && typeof x.getAttribute === 'function';\n}\n\nfunction inspectString(str, opts) {\n    if (str.length > opts.maxStringLength) {\n        var remaining = str.length - opts.maxStringLength;\n        var trailer = '... ' + remaining + ' more character' + (remaining > 1 ? 's' : '');\n        return inspectString($slice.call(str, 0, opts.maxStringLength), opts) + trailer;\n    }\n    var quoteRE = quoteREs[opts.quoteStyle || 'single'];\n    quoteRE.lastIndex = 0;\n    // eslint-disable-next-line no-control-regex\n    var s = $replace.call($replace.call(str, quoteRE, '\\\\$1'), /[\\x00-\\x1f]/g, lowbyte);\n    return wrapQuotes(s, 'single', opts);\n}\n\nfunction lowbyte(c) {\n    var n = c.charCodeAt(0);\n    var x = {\n        8: 'b',\n        9: 't',\n        10: 'n',\n        12: 'f',\n        13: 'r'\n    }[n];\n    if (x) { return '\\\\' + x; }\n    return '\\\\x' + (n < 0x10 ? '0' : '') + $toUpperCase.call(n.toString(16));\n}\n\nfunction markBoxed(str) {\n    return 'Object(' + str + ')';\n}\n\nfunction weakCollectionOf(type) {\n    return type + ' { ? }';\n}\n\nfunction collectionOf(type, size, entries, indent) {\n    var joinedEntries = indent ? indentedJoin(entries, indent) : $join.call(entries, ', ');\n    return type + ' (' + size + ') {' + joinedEntries + '}';\n}\n\nfunction singleLineValues(xs) {\n    for (var i = 0; i < xs.length; i++) {\n        if (indexOf(xs[i], '\\n') >= 0) {\n            return false;\n        }\n    }\n    return true;\n}\n\nfunction getIndent(opts, depth) {\n    var baseIndent;\n    if (opts.indent === '\\t') {\n        baseIndent = '\\t';\n    } else if (typeof opts.indent === 'number' && opts.indent > 0) {\n        baseIndent = $join.call(Array(opts.indent + 1), ' ');\n    } else {\n        return null;\n    }\n    return {\n        base: baseIndent,\n        prev: $join.call(Array(depth + 1), baseIndent)\n    };\n}\n\nfunction indentedJoin(xs, indent) {\n    if (xs.length === 0) { return ''; }\n    var lineJoiner = '\\n' + indent.prev + indent.base;\n    return lineJoiner + $join.call(xs, ',' + lineJoiner) + '\\n' + indent.prev;\n}\n\nfunction arrObjKeys(obj, inspect) {\n    var isArr = isArray(obj);\n    var xs = [];\n    if (isArr) {\n        xs.length = obj.length;\n        for (var i = 0; i < obj.length; i++) {\n            xs[i] = has(obj, i) ? inspect(obj[i], obj) : '';\n        }\n    }\n    var syms = typeof gOPS === 'function' ? gOPS(obj) : [];\n    var symMap;\n    if (hasShammedSymbols) {\n        symMap = {};\n        for (var k = 0; k < syms.length; k++) {\n            symMap['$' + syms[k]] = syms[k];\n        }\n    }\n\n    for (var key in obj) { // eslint-disable-line no-restricted-syntax\n        if (!has(obj, key)) { continue; } // eslint-disable-line no-restricted-syntax, no-continue\n        if (isArr && String(Number(key)) === key && key < obj.length) { continue; } // eslint-disable-line no-restricted-syntax, no-continue\n        if (hasShammedSymbols && symMap['$' + key] instanceof Symbol) {\n            // this is to prevent shammed Symbols, which are stored as strings, from being included in the string key section\n            continue; // eslint-disable-line no-restricted-syntax, no-continue\n        } else if ($test.call(/[^\\w$]/, key)) {\n            xs.push(inspect(key, obj) + ': ' + inspect(obj[key], obj));\n        } else {\n            xs.push(key + ': ' + inspect(obj[key], obj));\n        }\n    }\n    if (typeof gOPS === 'function') {\n        for (var j = 0; j < syms.length; j++) {\n            if (isEnumerable.call(obj, syms[j])) {\n                xs.push('[' + inspect(syms[j]) + ']: ' + inspect(obj[syms[j]], obj));\n            }\n        }\n    }\n    return xs;\n}\n","const appliedClassMixins = new WeakMap();\n\n/** Vefify if the Mixin was previously applyed\n * @private\n * @param {function} mixin      Mixin being applyed\n * @param {object} superClass   Class receiving the new mixin\n * @returns {boolean}\n */\nfunction wasMixinPreviouslyApplied(mixin, superClass) {\n  let klass = superClass;\n  while (klass) {\n    if (appliedClassMixins.get(klass) === mixin) {\n      return true;\n    }\n    klass = Object.getPrototypeOf(klass);\n  }\n  return false;\n}\n\n/** Apply each mixin in the chain to make sure they are not applied more than once to the final class.\n * @export\n * @param {function} mixin      Mixin to be applyed\n * @returns {object}            Mixed class with mixin applied\n */\nexport function dedupeMixin(mixin) {\n  return superClass => {\n    if (wasMixinPreviouslyApplied(mixin, superClass)) {\n      return superClass;\n    }\n    const mixedClass = mixin(superClass);\n    appliedClassMixins.set(mixedClass, mixin);\n    return mixedClass;\n  };\n}\n","/**\n@license\nCopyright (c) 2019 The Polymer Project Authors. All rights reserved.\nThis code may only be used under the BSD style license found at\nhttp://polymer.github.io/LICENSE.txt The complete set of authors may be found at\nhttp://polymer.github.io/AUTHORS.txt The complete set of contributors may be\nfound at http://polymer.github.io/CONTRIBUTORS.txt Code distributed by Google as\npart of the polymer project is also subject to an additional IP rights grant\nfound at http://polymer.github.io/PATENTS.txt\n*/\n/**\n * Whether the current browser supports `adoptedStyleSheets`.\n */\nexport const supportsAdoptingStyleSheets = (window.ShadowRoot) &&\n    (window.ShadyCSS === undefined || window.ShadyCSS.nativeShadow) &&\n    ('adoptedStyleSheets' in Document.prototype) &&\n    ('replace' in CSSStyleSheet.prototype);\nconst constructionToken = Symbol();\nexport class CSSResult {\n    constructor(cssText, safeToken) {\n        if (safeToken !== constructionToken) {\n            throw new Error('CSSResult is not constructable. Use `unsafeCSS` or `css` instead.');\n        }\n        this.cssText = cssText;\n    }\n    // Note, this is a getter so that it's lazy. In practice, this means\n    // stylesheets are not created until the first element instance is made.\n    get styleSheet() {\n        if (this._styleSheet === undefined) {\n            // Note, if `supportsAdoptingStyleSheets` is true then we assume\n            // CSSStyleSheet is constructable.\n            if (supportsAdoptingStyleSheets) {\n                this._styleSheet = new CSSStyleSheet();\n                this._styleSheet.replaceSync(this.cssText);\n            }\n            else {\n                this._styleSheet = null;\n            }\n        }\n        return this._styleSheet;\n    }\n    toString() {\n        return this.cssText;\n    }\n}\n/**\n * Wrap a value for interpolation in a [[`css`]] tagged template literal.\n *\n * This is unsafe because untrusted CSS text can be used to phone home\n * or exfiltrate data to an attacker controlled site. Take care to only use\n * this with trusted input.\n */\nexport const unsafeCSS = (value) => {\n    return new CSSResult(String(value), constructionToken);\n};\nconst textFromCSSResult = (value) => {\n    if (value instanceof CSSResult) {\n        return value.cssText;\n    }\n    else if (typeof value === 'number') {\n        return value;\n    }\n    else {\n        throw new Error(`Value passed to 'css' function must be a 'css' function result: ${value}. Use 'unsafeCSS' to pass non-literal values, but\n            take care to ensure page security.`);\n    }\n};\n/**\n * Template tag which which can be used with LitElement's [[LitElement.styles |\n * `styles`]] property to set element styles. For security reasons, only literal\n * string values may be used. To incorporate non-literal values [[`unsafeCSS`]]\n * may be used inside a template string part.\n */\nexport const css = (strings, ...values) => {\n    const cssText = values.reduce((acc, v, idx) => acc + textFromCSSResult(v) + strings[idx + 1], strings[0]);\n    return new CSSResult(cssText, constructionToken);\n};\n//# sourceMappingURL=css-tag.js.map","/**\n * @license\n * Copyright (c) 2017 The Polymer Project Authors. All rights reserved.\n * This code may only be used under the BSD style license found at\n * http://polymer.github.io/LICENSE.txt\n * The complete set of authors may be found at\n * http://polymer.github.io/AUTHORS.txt\n * The complete set of contributors may be found at\n * http://polymer.github.io/CONTRIBUTORS.txt\n * Code distributed by Google as part of the polymer project is also\n * subject to an additional IP rights grant found at\n * http://polymer.github.io/PATENTS.txt\n */\nconst legacyCustomElement = (tagName, clazz) => {\n    window.customElements.define(tagName, clazz);\n    // Cast as any because TS doesn't recognize the return type as being a\n    // subtype of the decorated class when clazz is typed as\n    // `Constructor<HTMLElement>` for some reason.\n    // `Constructor<HTMLElement>` is helpful to make sure the decorator is\n    // applied to elements however.\n    // tslint:disable-next-line:no-any\n    return clazz;\n};\nconst standardCustomElement = (tagName, descriptor) => {\n    const { kind, elements } = descriptor;\n    return {\n        kind,\n        elements,\n        // This callback is called once the class is otherwise fully defined\n        finisher(clazz) {\n            window.customElements.define(tagName, clazz);\n        }\n    };\n};\n/**\n * Class decorator factory that defines the decorated class as a custom element.\n *\n * ```\n * @customElement('my-element')\n * class MyElement {\n *   render() {\n *     return html``;\n *   }\n * }\n * ```\n * @category Decorator\n * @param tagName The name of the custom element to define.\n */\nexport const customElement = (tagName) => (classOrDescriptor) => (typeof classOrDescriptor === 'function') ?\n    legacyCustomElement(tagName, classOrDescriptor) :\n    standardCustomElement(tagName, classOrDescriptor);\nconst standardProperty = (options, element) => {\n    // When decorating an accessor, pass it through and add property metadata.\n    // Note, the `hasOwnProperty` check in `createProperty` ensures we don't\n    // stomp over the user's accessor.\n    if (element.kind === 'method' && element.descriptor &&\n        !('value' in element.descriptor)) {\n        return Object.assign(Object.assign({}, element), { finisher(clazz) {\n                clazz.createProperty(element.key, options);\n            } });\n    }\n    else {\n        // createProperty() takes care of defining the property, but we still\n        // must return some kind of descriptor, so return a descriptor for an\n        // unused prototype field. The finisher calls createProperty().\n        return {\n            kind: 'field',\n            key: Symbol(),\n            placement: 'own',\n            descriptor: {},\n            // When @babel/plugin-proposal-decorators implements initializers,\n            // do this instead of the initializer below. See:\n            // https://github.com/babel/babel/issues/9260 extras: [\n            //   {\n            //     kind: 'initializer',\n            //     placement: 'own',\n            //     initializer: descriptor.initializer,\n            //   }\n            // ],\n            initializer() {\n                if (typeof element.initializer === 'function') {\n                    this[element.key] = element.initializer.call(this);\n                }\n            },\n            finisher(clazz) {\n                clazz.createProperty(element.key, options);\n            }\n        };\n    }\n};\nconst legacyProperty = (options, proto, name) => {\n    proto.constructor\n        .createProperty(name, options);\n};\n/**\n * A property decorator which creates a LitElement property which reflects a\n * corresponding attribute value. A [[`PropertyDeclaration`]] may optionally be\n * supplied to configure property features.\n *\n * This decorator should only be used for public fields. Private or protected\n * fields should use the [[`internalProperty`]] decorator.\n *\n * @example\n * ```ts\n * class MyElement {\n *   @property({ type: Boolean })\n *   clicked = false;\n * }\n * ```\n * @category Decorator\n * @ExportDecoratedItems\n */\nexport function property(options) {\n    // tslint:disable-next-line:no-any decorator\n    return (protoOrDescriptor, name) => (name !== undefined) ?\n        legacyProperty(options, protoOrDescriptor, name) :\n        standardProperty(options, protoOrDescriptor);\n}\n/**\n * Declares a private or protected property that still triggers updates to the\n * element when it changes.\n *\n * Properties declared this way must not be used from HTML or HTML templating\n * systems, they're solely for properties internal to the element. These\n * properties may be renamed by optimization tools like the Closure Compiler.\n * @category Decorator\n * @deprecated `internalProperty` has been renamed to `state` in lit-element\n *     3.0. Please update to `state` now to be compatible with 3.0.\n */\nexport function internalProperty(options) {\n    return property({ attribute: false, hasChanged: options === null || options === void 0 ? void 0 : options.hasChanged });\n}\n/**\n * Declares a private or protected property that still triggers updates to the\n * element when it changes.\n *\n * Properties declared this way must not be used from HTML or HTML templating\n * systems, they're solely for properties internal to the element. These\n * properties may be renamed by optimization tools like the Closure Compiler.\n * @category Decorator\n */\nexport const state = (options) => internalProperty(options);\n/**\n * A property decorator that converts a class property into a getter that\n * executes a querySelector on the element's renderRoot.\n *\n * @param selector A DOMString containing one or more selectors to match.\n * @param cache An optional boolean which when true performs the DOM query only\n * once and caches the result.\n *\n * See: https://developer.mozilla.org/en-US/docs/Web/API/Document/querySelector\n *\n * @example\n *\n * ```ts\n * class MyElement {\n *   @query('#first')\n *   first;\n *\n *   render() {\n *     return html`\n *       <div id=\"first\"></div>\n *       <div id=\"second\"></div>\n *     `;\n *   }\n * }\n * ```\n * @category Decorator\n */\nexport function query(selector, cache) {\n    return (protoOrDescriptor, \n    // tslint:disable-next-line:no-any decorator\n    name) => {\n        const descriptor = {\n            get() {\n                return this.renderRoot.querySelector(selector);\n            },\n            enumerable: true,\n            configurable: true,\n        };\n        if (cache) {\n            const prop = name !== undefined ? name : protoOrDescriptor.key;\n            const key = typeof prop === 'symbol' ? Symbol() : `__${prop}`;\n            descriptor.get = function () {\n                if (this[key] === undefined) {\n                    (this[key] =\n                        this.renderRoot.querySelector(selector));\n                }\n                return this[key];\n            };\n        }\n        return (name !== undefined) ?\n            legacyQuery(descriptor, protoOrDescriptor, name) :\n            standardQuery(descriptor, protoOrDescriptor);\n    };\n}\n// Note, in the future, we may extend this decorator to support the use case\n// where the queried element may need to do work to become ready to interact\n// with (e.g. load some implementation code). If so, we might elect to\n// add a second argument defining a function that can be run to make the\n// queried element loaded/updated/ready.\n/**\n * A property decorator that converts a class property into a getter that\n * returns a promise that resolves to the result of a querySelector on the\n * element's renderRoot done after the element's `updateComplete` promise\n * resolves. When the queried property may change with element state, this\n * decorator can be used instead of requiring users to await the\n * `updateComplete` before accessing the property.\n *\n * @param selector A DOMString containing one or more selectors to match.\n *\n * See: https://developer.mozilla.org/en-US/docs/Web/API/Document/querySelector\n *\n * @example\n * ```ts\n * class MyElement {\n *   @queryAsync('#first')\n *   first;\n *\n *   render() {\n *     return html`\n *       <div id=\"first\"></div>\n *       <div id=\"second\"></div>\n *     `;\n *   }\n * }\n *\n * // external usage\n * async doSomethingWithFirst() {\n *  (await aMyElement.first).doSomething();\n * }\n * ```\n * @category Decorator\n */\nexport function queryAsync(selector) {\n    return (protoOrDescriptor, \n    // tslint:disable-next-line:no-any decorator\n    name) => {\n        const descriptor = {\n            async get() {\n                await this.updateComplete;\n                return this.renderRoot.querySelector(selector);\n            },\n            enumerable: true,\n            configurable: true,\n        };\n        return (name !== undefined) ?\n            legacyQuery(descriptor, protoOrDescriptor, name) :\n            standardQuery(descriptor, protoOrDescriptor);\n    };\n}\n/**\n * A property decorator that converts a class property into a getter\n * that executes a querySelectorAll on the element's renderRoot.\n *\n * @param selector A DOMString containing one or more selectors to match.\n *\n * See:\n * https://developer.mozilla.org/en-US/docs/Web/API/Document/querySelectorAll\n *\n * @example\n * ```ts\n * class MyElement {\n *   @queryAll('div')\n *   divs;\n *\n *   render() {\n *     return html`\n *       <div id=\"first\"></div>\n *       <div id=\"second\"></div>\n *     `;\n *   }\n * }\n * ```\n * @category Decorator\n */\nexport function queryAll(selector) {\n    return (protoOrDescriptor, \n    // tslint:disable-next-line:no-any decorator\n    name) => {\n        const descriptor = {\n            get() {\n                return this.renderRoot.querySelectorAll(selector);\n            },\n            enumerable: true,\n            configurable: true,\n        };\n        return (name !== undefined) ?\n            legacyQuery(descriptor, protoOrDescriptor, name) :\n            standardQuery(descriptor, protoOrDescriptor);\n    };\n}\nconst legacyQuery = (descriptor, proto, name) => {\n    Object.defineProperty(proto, name, descriptor);\n};\nconst standardQuery = (descriptor, element) => ({\n    kind: 'method',\n    placement: 'prototype',\n    key: element.key,\n    descriptor,\n});\nconst standardEventOptions = (options, element) => {\n    return Object.assign(Object.assign({}, element), { finisher(clazz) {\n            Object.assign(clazz.prototype[element.key], options);\n        } });\n};\nconst legacyEventOptions = \n// tslint:disable-next-line:no-any legacy decorator\n(options, proto, name) => {\n    Object.assign(proto[name], options);\n};\n/**\n * Adds event listener options to a method used as an event listener in a\n * lit-html template.\n *\n * @param options An object that specifies event listener options as accepted by\n * `EventTarget#addEventListener` and `EventTarget#removeEventListener`.\n *\n * Current browsers support the `capture`, `passive`, and `once` options. See:\n * https://developer.mozilla.org/en-US/docs/Web/API/EventTarget/addEventListener#Parameters\n *\n * @example\n * ```ts\n * class MyElement {\n *   clicked = false;\n *\n *   render() {\n *     return html`\n *       <div @click=${this._onClick}`>\n *         <button></button>\n *       </div>\n *     `;\n *   }\n *\n *   @eventOptions({capture: true})\n *   _onClick(e) {\n *     this.clicked = true;\n *   }\n * }\n * ```\n * @category Decorator\n */\nexport function eventOptions(options) {\n    // Return value typed as any to prevent TypeScript from complaining that\n    // standard decorator function signature does not match TypeScript decorator\n    // signature\n    // TODO(kschaaf): unclear why it was only failing on this decorator and not\n    // the others\n    return ((protoOrDescriptor, name) => (name !== undefined) ?\n        legacyEventOptions(options, protoOrDescriptor, name) :\n        standardEventOptions(options, protoOrDescriptor));\n}\n// x-browser support for matches\n// tslint:disable-next-line:no-any\nconst ElementProto = Element.prototype;\nconst legacyMatches = ElementProto.msMatchesSelector || ElementProto.webkitMatchesSelector;\n/**\n * A property decorator that converts a class property into a getter that\n * returns the `assignedNodes` of the given named `slot`. Note, the type of\n * this property should be annotated as `NodeListOf<HTMLElement>`.\n *\n * @param slotName A string name of the slot.\n * @param flatten A boolean which when true flattens the assigned nodes,\n * meaning any assigned nodes that are slot elements are replaced with their\n * assigned nodes.\n * @param selector A string which filters the results to elements that match\n * the given css selector.\n *\n * * @example\n * ```ts\n * class MyElement {\n *   @queryAssignedNodes('list', true, '.item')\n *   listItems;\n *\n *   render() {\n *     return html`\n *       <slot name=\"list\"></slot>\n *     `;\n *   }\n * }\n * ```\n * @category Decorator\n */\nexport function queryAssignedNodes(slotName = '', flatten = false, selector = '') {\n    return (protoOrDescriptor, \n    // tslint:disable-next-line:no-any decorator\n    name) => {\n        const descriptor = {\n            get() {\n                const slotSelector = `slot${slotName ? `[name=${slotName}]` : ':not([name])'}`;\n                const slot = this.renderRoot.querySelector(slotSelector);\n                let nodes = slot && slot.assignedNodes({ flatten });\n                if (nodes && selector) {\n                    nodes = nodes.filter((node) => node.nodeType === Node.ELEMENT_NODE &&\n                        // tslint:disable-next-line:no-any testing existence on older browsers\n                        (node.matches ?\n                            node.matches(selector) :\n                            legacyMatches.call(node, selector)));\n                }\n                return nodes;\n            },\n            enumerable: true,\n            configurable: true,\n        };\n        return (name !== undefined) ?\n            legacyQuery(descriptor, protoOrDescriptor, name) :\n            standardQuery(descriptor, protoOrDescriptor);\n    };\n}\n//# sourceMappingURL=decorators.js.map","/**\n * @license\n * Copyright (c) 2017 The Polymer Project Authors. All rights reserved.\n * This code may only be used under the BSD style license found at\n * http://polymer.github.io/LICENSE.txt\n * The complete set of authors may be found at\n * http://polymer.github.io/AUTHORS.txt\n * The complete set of contributors may be found at\n * http://polymer.github.io/CONTRIBUTORS.txt\n * Code distributed by Google as part of the polymer project is also\n * subject to an additional IP rights grant found at\n * http://polymer.github.io/PATENTS.txt\n */\nvar _a;\n/**\n * Use this module if you want to create your own base class extending\n * [[UpdatingElement]].\n * @packageDocumentation\n */\n/*\n * When using Closure Compiler, JSCompiler_renameProperty(property, object) is\n * replaced at compile time by the munged name for object[property]. We cannot\n * alias this function, so we have to use a small shim that has the same\n * behavior when not compiling.\n */\nwindow.JSCompiler_renameProperty =\n    (prop, _obj) => prop;\nexport const defaultConverter = {\n    toAttribute(value, type) {\n        switch (type) {\n            case Boolean:\n                return value ? '' : null;\n            case Object:\n            case Array:\n                // if the value is `null` or `undefined` pass this through\n                // to allow removing/no change behavior.\n                return value == null ? value : JSON.stringify(value);\n        }\n        return value;\n    },\n    fromAttribute(value, type) {\n        switch (type) {\n            case Boolean:\n                return value !== null;\n            case Number:\n                return value === null ? null : Number(value);\n            case Object:\n            case Array:\n                // Type assert to adhere to Bazel's \"must type assert JSON parse\" rule.\n                return JSON.parse(value);\n        }\n        return value;\n    }\n};\n/**\n * Change function that returns true if `value` is different from `oldValue`.\n * This method is used as the default for a property's `hasChanged` function.\n */\nexport const notEqual = (value, old) => {\n    // This ensures (old==NaN, value==NaN) always returns false\n    return old !== value && (old === old || value === value);\n};\nconst defaultPropertyDeclaration = {\n    attribute: true,\n    type: String,\n    converter: defaultConverter,\n    reflect: false,\n    hasChanged: notEqual\n};\nconst STATE_HAS_UPDATED = 1;\nconst STATE_UPDATE_REQUESTED = 1 << 2;\nconst STATE_IS_REFLECTING_TO_ATTRIBUTE = 1 << 3;\nconst STATE_IS_REFLECTING_TO_PROPERTY = 1 << 4;\n/**\n * The Closure JS Compiler doesn't currently have good support for static\n * property semantics where \"this\" is dynamic (e.g.\n * https://github.com/google/closure-compiler/issues/3177 and others) so we use\n * this hack to bypass any rewriting by the compiler.\n */\nconst finalized = 'finalized';\n/**\n * Base element class which manages element properties and attributes. When\n * properties change, the `update` method is asynchronously called. This method\n * should be supplied by subclassers to render updates as desired.\n * @noInheritDoc\n */\nexport class UpdatingElement extends HTMLElement {\n    constructor() {\n        super();\n        this.initialize();\n    }\n    /**\n     * Returns a list of attributes corresponding to the registered properties.\n     * @nocollapse\n     */\n    static get observedAttributes() {\n        // note: piggy backing on this to ensure we're finalized.\n        this.finalize();\n        const attributes = [];\n        // Use forEach so this works even if for/of loops are compiled to for loops\n        // expecting arrays\n        this._classProperties.forEach((v, p) => {\n            const attr = this._attributeNameForProperty(p, v);\n            if (attr !== undefined) {\n                this._attributeToPropertyMap.set(attr, p);\n                attributes.push(attr);\n            }\n        });\n        return attributes;\n    }\n    /**\n     * Ensures the private `_classProperties` property metadata is created.\n     * In addition to `finalize` this is also called in `createProperty` to\n     * ensure the `@property` decorator can add property metadata.\n     */\n    /** @nocollapse */\n    static _ensureClassProperties() {\n        // ensure private storage for property declarations.\n        if (!this.hasOwnProperty(JSCompiler_renameProperty('_classProperties', this))) {\n            this._classProperties = new Map();\n            // NOTE: Workaround IE11 not supporting Map constructor argument.\n            const superProperties = Object.getPrototypeOf(this)._classProperties;\n            if (superProperties !== undefined) {\n                superProperties.forEach((v, k) => this._classProperties.set(k, v));\n            }\n        }\n    }\n    /**\n     * Creates a property accessor on the element prototype if one does not exist\n     * and stores a PropertyDeclaration for the property with the given options.\n     * The property setter calls the property's `hasChanged` property option\n     * or uses a strict identity check to determine whether or not to request\n     * an update.\n     *\n     * This method may be overridden to customize properties; however,\n     * when doing so, it's important to call `super.createProperty` to ensure\n     * the property is setup correctly. This method calls\n     * `getPropertyDescriptor` internally to get a descriptor to install.\n     * To customize what properties do when they are get or set, override\n     * `getPropertyDescriptor`. To customize the options for a property,\n     * implement `createProperty` like this:\n     *\n     * static createProperty(name, options) {\n     *   options = Object.assign(options, {myOption: true});\n     *   super.createProperty(name, options);\n     * }\n     *\n     * @nocollapse\n     */\n    static createProperty(name, options = defaultPropertyDeclaration) {\n        // Note, since this can be called by the `@property` decorator which\n        // is called before `finalize`, we ensure storage exists for property\n        // metadata.\n        this._ensureClassProperties();\n        this._classProperties.set(name, options);\n        // Do not generate an accessor if the prototype already has one, since\n        // it would be lost otherwise and that would never be the user's intention;\n        // Instead, we expect users to call `requestUpdate` themselves from\n        // user-defined accessors. Note that if the super has an accessor we will\n        // still overwrite it\n        if (options.noAccessor || this.prototype.hasOwnProperty(name)) {\n            return;\n        }\n        const key = typeof name === 'symbol' ? Symbol() : `__${name}`;\n        const descriptor = this.getPropertyDescriptor(name, key, options);\n        if (descriptor !== undefined) {\n            Object.defineProperty(this.prototype, name, descriptor);\n        }\n    }\n    /**\n     * Returns a property descriptor to be defined on the given named property.\n     * If no descriptor is returned, the property will not become an accessor.\n     * For example,\n     *\n     *   class MyElement extends LitElement {\n     *     static getPropertyDescriptor(name, key, options) {\n     *       const defaultDescriptor =\n     *           super.getPropertyDescriptor(name, key, options);\n     *       const setter = defaultDescriptor.set;\n     *       return {\n     *         get: defaultDescriptor.get,\n     *         set(value) {\n     *           setter.call(this, value);\n     *           // custom action.\n     *         },\n     *         configurable: true,\n     *         enumerable: true\n     *       }\n     *     }\n     *   }\n     *\n     * @nocollapse\n     */\n    static getPropertyDescriptor(name, key, options) {\n        return {\n            // tslint:disable-next-line:no-any no symbol in index\n            get() {\n                return this[key];\n            },\n            set(value) {\n                const oldValue = this[name];\n                this[key] = value;\n                this\n                    .requestUpdateInternal(name, oldValue, options);\n            },\n            configurable: true,\n            enumerable: true\n        };\n    }\n    /**\n     * Returns the property options associated with the given property.\n     * These options are defined with a PropertyDeclaration via the `properties`\n     * object or the `@property` decorator and are registered in\n     * `createProperty(...)`.\n     *\n     * Note, this method should be considered \"final\" and not overridden. To\n     * customize the options for a given property, override `createProperty`.\n     *\n     * @nocollapse\n     * @final\n     */\n    static getPropertyOptions(name) {\n        return this._classProperties && this._classProperties.get(name) ||\n            defaultPropertyDeclaration;\n    }\n    /**\n     * Creates property accessors for registered properties and ensures\n     * any superclasses are also finalized.\n     * @nocollapse\n     */\n    static finalize() {\n        // finalize any superclasses\n        const superCtor = Object.getPrototypeOf(this);\n        if (!superCtor.hasOwnProperty(finalized)) {\n            superCtor.finalize();\n        }\n        this[finalized] = true;\n        this._ensureClassProperties();\n        // initialize Map populated in observedAttributes\n        this._attributeToPropertyMap = new Map();\n        // make any properties\n        // Note, only process \"own\" properties since this element will inherit\n        // any properties defined on the superClass, and finalization ensures\n        // the entire prototype chain is finalized.\n        if (this.hasOwnProperty(JSCompiler_renameProperty('properties', this))) {\n            const props = this.properties;\n            // support symbols in properties (IE11 does not support this)\n            const propKeys = [\n                ...Object.getOwnPropertyNames(props),\n                ...(typeof Object.getOwnPropertySymbols === 'function') ?\n                    Object.getOwnPropertySymbols(props) :\n                    []\n            ];\n            // This for/of is ok because propKeys is an array\n            for (const p of propKeys) {\n                // note, use of `any` is due to TypeSript lack of support for symbol in\n                // index types\n                // tslint:disable-next-line:no-any no symbol in index\n                this.createProperty(p, props[p]);\n            }\n        }\n    }\n    /**\n     * Returns the property name for the given attribute `name`.\n     * @nocollapse\n     */\n    static _attributeNameForProperty(name, options) {\n        const attribute = options.attribute;\n        return attribute === false ?\n            undefined :\n            (typeof attribute === 'string' ?\n                attribute :\n                (typeof name === 'string' ? name.toLowerCase() : undefined));\n    }\n    /**\n     * Returns true if a property should request an update.\n     * Called when a property value is set and uses the `hasChanged`\n     * option for the property if present or a strict identity check.\n     * @nocollapse\n     */\n    static _valueHasChanged(value, old, hasChanged = notEqual) {\n        return hasChanged(value, old);\n    }\n    /**\n     * Returns the property value for the given attribute value.\n     * Called via the `attributeChangedCallback` and uses the property's\n     * `converter` or `converter.fromAttribute` property option.\n     * @nocollapse\n     */\n    static _propertyValueFromAttribute(value, options) {\n        const type = options.type;\n        const converter = options.converter || defaultConverter;\n        const fromAttribute = (typeof converter === 'function' ? converter : converter.fromAttribute);\n        return fromAttribute ? fromAttribute(value, type) : value;\n    }\n    /**\n     * Returns the attribute value for the given property value. If this\n     * returns undefined, the property will *not* be reflected to an attribute.\n     * If this returns null, the attribute will be removed, otherwise the\n     * attribute will be set to the value.\n     * This uses the property's `reflect` and `type.toAttribute` property options.\n     * @nocollapse\n     */\n    static _propertyValueToAttribute(value, options) {\n        if (options.reflect === undefined) {\n            return;\n        }\n        const type = options.type;\n        const converter = options.converter;\n        const toAttribute = converter && converter.toAttribute ||\n            defaultConverter.toAttribute;\n        return toAttribute(value, type);\n    }\n    /**\n     * Performs element initialization. By default captures any pre-set values for\n     * registered properties.\n     */\n    initialize() {\n        this._updateState = 0;\n        this._updatePromise =\n            new Promise((res) => this._enableUpdatingResolver = res);\n        this._changedProperties = new Map();\n        this._saveInstanceProperties();\n        // ensures first update will be caught by an early access of\n        // `updateComplete`\n        this.requestUpdateInternal();\n    }\n    /**\n     * Fixes any properties set on the instance before upgrade time.\n     * Otherwise these would shadow the accessor and break these properties.\n     * The properties are stored in a Map which is played back after the\n     * constructor runs. Note, on very old versions of Safari (<=9) or Chrome\n     * (<=41), properties created for native platform properties like (`id` or\n     * `name`) may not have default values set in the element constructor. On\n     * these browsers native properties appear on instances and therefore their\n     * default value will overwrite any element default (e.g. if the element sets\n     * this.id = 'id' in the constructor, the 'id' will become '' since this is\n     * the native platform default).\n     */\n    _saveInstanceProperties() {\n        // Use forEach so this works even if for/of loops are compiled to for loops\n        // expecting arrays\n        this.constructor\n            ._classProperties.forEach((_v, p) => {\n            if (this.hasOwnProperty(p)) {\n                const value = this[p];\n                delete this[p];\n                if (!this._instanceProperties) {\n                    this._instanceProperties = new Map();\n                }\n                this._instanceProperties.set(p, value);\n            }\n        });\n    }\n    /**\n     * Applies previously saved instance properties.\n     */\n    _applyInstanceProperties() {\n        // Use forEach so this works even if for/of loops are compiled to for loops\n        // expecting arrays\n        // tslint:disable-next-line:no-any\n        this._instanceProperties.forEach((v, p) => this[p] = v);\n        this._instanceProperties = undefined;\n    }\n    connectedCallback() {\n        // Ensure first connection completes an update. Updates cannot complete\n        // before connection.\n        this.enableUpdating();\n    }\n    enableUpdating() {\n        if (this._enableUpdatingResolver !== undefined) {\n            this._enableUpdatingResolver();\n            this._enableUpdatingResolver = undefined;\n        }\n    }\n    /**\n     * Allows for `super.disconnectedCallback()` in extensions while\n     * reserving the possibility of making non-breaking feature additions\n     * when disconnecting at some point in the future.\n     */\n    disconnectedCallback() {\n    }\n    /**\n     * Synchronizes property values when attributes change.\n     */\n    attributeChangedCallback(name, old, value) {\n        if (old !== value) {\n            this._attributeToProperty(name, value);\n        }\n    }\n    _propertyToAttribute(name, value, options = defaultPropertyDeclaration) {\n        const ctor = this.constructor;\n        const attr = ctor._attributeNameForProperty(name, options);\n        if (attr !== undefined) {\n            const attrValue = ctor._propertyValueToAttribute(value, options);\n            // an undefined value does not change the attribute.\n            if (attrValue === undefined) {\n                return;\n            }\n            // Track if the property is being reflected to avoid\n            // setting the property again via `attributeChangedCallback`. Note:\n            // 1. this takes advantage of the fact that the callback is synchronous.\n            // 2. will behave incorrectly if multiple attributes are in the reaction\n            // stack at time of calling. However, since we process attributes\n            // in `update` this should not be possible (or an extreme corner case\n            // that we'd like to discover).\n            // mark state reflecting\n            this._updateState = this._updateState | STATE_IS_REFLECTING_TO_ATTRIBUTE;\n            if (attrValue == null) {\n                this.removeAttribute(attr);\n            }\n            else {\n                this.setAttribute(attr, attrValue);\n            }\n            // mark state not reflecting\n            this._updateState = this._updateState & ~STATE_IS_REFLECTING_TO_ATTRIBUTE;\n        }\n    }\n    _attributeToProperty(name, value) {\n        // Use tracking info to avoid deserializing attribute value if it was\n        // just set from a property setter.\n        if (this._updateState & STATE_IS_REFLECTING_TO_ATTRIBUTE) {\n            return;\n        }\n        const ctor = this.constructor;\n        // Note, hint this as an `AttributeMap` so closure clearly understands\n        // the type; it has issues with tracking types through statics\n        // tslint:disable-next-line:no-unnecessary-type-assertion\n        const propName = ctor._attributeToPropertyMap.get(name);\n        if (propName !== undefined) {\n            const options = ctor.getPropertyOptions(propName);\n            // mark state reflecting\n            this._updateState = this._updateState | STATE_IS_REFLECTING_TO_PROPERTY;\n            this[propName] =\n                // tslint:disable-next-line:no-any\n                ctor._propertyValueFromAttribute(value, options);\n            // mark state not reflecting\n            this._updateState = this._updateState & ~STATE_IS_REFLECTING_TO_PROPERTY;\n        }\n    }\n    /**\n     * This protected version of `requestUpdate` does not access or return the\n     * `updateComplete` promise. This promise can be overridden and is therefore\n     * not free to access.\n     */\n    requestUpdateInternal(name, oldValue, options) {\n        let shouldRequestUpdate = true;\n        // If we have a property key, perform property update steps.\n        if (name !== undefined) {\n            const ctor = this.constructor;\n            options = options || ctor.getPropertyOptions(name);\n            if (ctor._valueHasChanged(this[name], oldValue, options.hasChanged)) {\n                if (!this._changedProperties.has(name)) {\n                    this._changedProperties.set(name, oldValue);\n                }\n                // Add to reflecting properties set.\n                // Note, it's important that every change has a chance to add the\n                // property to `_reflectingProperties`. This ensures setting\n                // attribute + property reflects correctly.\n                if (options.reflect === true &&\n                    !(this._updateState & STATE_IS_REFLECTING_TO_PROPERTY)) {\n                    if (this._reflectingProperties === undefined) {\n                        this._reflectingProperties = new Map();\n                    }\n                    this._reflectingProperties.set(name, options);\n                }\n            }\n            else {\n                // Abort the request if the property should not be considered changed.\n                shouldRequestUpdate = false;\n            }\n        }\n        if (!this._hasRequestedUpdate && shouldRequestUpdate) {\n            this._updatePromise = this._enqueueUpdate();\n        }\n    }\n    /**\n     * Requests an update which is processed asynchronously. This should\n     * be called when an element should update based on some state not triggered\n     * by setting a property. In this case, pass no arguments. It should also be\n     * called when manually implementing a property setter. In this case, pass the\n     * property `name` and `oldValue` to ensure that any configured property\n     * options are honored. Returns the `updateComplete` Promise which is resolved\n     * when the update completes.\n     *\n     * @param name {PropertyKey} (optional) name of requesting property\n     * @param oldValue {any} (optional) old value of requesting property\n     * @returns {Promise} A Promise that is resolved when the update completes.\n     */\n    requestUpdate(name, oldValue) {\n        this.requestUpdateInternal(name, oldValue);\n        return this.updateComplete;\n    }\n    /**\n     * Sets up the element to asynchronously update.\n     */\n    async _enqueueUpdate() {\n        this._updateState = this._updateState | STATE_UPDATE_REQUESTED;\n        try {\n            // Ensure any previous update has resolved before updating.\n            // This `await` also ensures that property changes are batched.\n            await this._updatePromise;\n        }\n        catch (e) {\n            // Ignore any previous errors. We only care that the previous cycle is\n            // done. Any error should have been handled in the previous update.\n        }\n        const result = this.performUpdate();\n        // If `performUpdate` returns a Promise, we await it. This is done to\n        // enable coordinating updates with a scheduler. Note, the result is\n        // checked to avoid delaying an additional microtask unless we need to.\n        if (result != null) {\n            await result;\n        }\n        return !this._hasRequestedUpdate;\n    }\n    get _hasRequestedUpdate() {\n        return (this._updateState & STATE_UPDATE_REQUESTED);\n    }\n    get hasUpdated() {\n        return (this._updateState & STATE_HAS_UPDATED);\n    }\n    /**\n     * Performs an element update. Note, if an exception is thrown during the\n     * update, `firstUpdated` and `updated` will not be called.\n     *\n     * You can override this method to change the timing of updates. If this\n     * method is overridden, `super.performUpdate()` must be called.\n     *\n     * For instance, to schedule updates to occur just before the next frame:\n     *\n     * ```\n     * protected async performUpdate(): Promise<unknown> {\n     *   await new Promise((resolve) => requestAnimationFrame(() => resolve()));\n     *   super.performUpdate();\n     * }\n     * ```\n     */\n    performUpdate() {\n        // Abort any update if one is not pending when this is called.\n        // This can happen if `performUpdate` is called early to \"flush\"\n        // the update.\n        if (!this._hasRequestedUpdate) {\n            return;\n        }\n        // Mixin instance properties once, if they exist.\n        if (this._instanceProperties) {\n            this._applyInstanceProperties();\n        }\n        let shouldUpdate = false;\n        const changedProperties = this._changedProperties;\n        try {\n            shouldUpdate = this.shouldUpdate(changedProperties);\n            if (shouldUpdate) {\n                this.update(changedProperties);\n            }\n            else {\n                this._markUpdated();\n            }\n        }\n        catch (e) {\n            // Prevent `firstUpdated` and `updated` from running when there's an\n            // update exception.\n            shouldUpdate = false;\n            // Ensure element can accept additional updates after an exception.\n            this._markUpdated();\n            throw e;\n        }\n        if (shouldUpdate) {\n            if (!(this._updateState & STATE_HAS_UPDATED)) {\n                this._updateState = this._updateState | STATE_HAS_UPDATED;\n                this.firstUpdated(changedProperties);\n            }\n            this.updated(changedProperties);\n        }\n    }\n    _markUpdated() {\n        this._changedProperties = new Map();\n        this._updateState = this._updateState & ~STATE_UPDATE_REQUESTED;\n    }\n    /**\n     * Returns a Promise that resolves when the element has completed updating.\n     * The Promise value is a boolean that is `true` if the element completed the\n     * update without triggering another update. The Promise result is `false` if\n     * a property was set inside `updated()`. If the Promise is rejected, an\n     * exception was thrown during the update.\n     *\n     * To await additional asynchronous work, override the `_getUpdateComplete`\n     * method. For example, it is sometimes useful to await a rendered element\n     * before fulfilling this Promise. To do this, first await\n     * `super._getUpdateComplete()`, then any subsequent state.\n     *\n     * @returns {Promise} The Promise returns a boolean that indicates if the\n     * update resolved without triggering another update.\n     */\n    get updateComplete() {\n        return this._getUpdateComplete();\n    }\n    /**\n     * Override point for the `updateComplete` promise.\n     *\n     * It is not safe to override the `updateComplete` getter directly due to a\n     * limitation in TypeScript which means it is not possible to call a\n     * superclass getter (e.g. `super.updateComplete.then(...)`) when the target\n     * language is ES5 (https://github.com/microsoft/TypeScript/issues/338).\n     * This method should be overridden instead. For example:\n     *\n     *   class MyElement extends LitElement {\n     *     async _getUpdateComplete() {\n     *       await super._getUpdateComplete();\n     *       await this._myChild.updateComplete;\n     *     }\n     *   }\n     * @deprecated Override `getUpdateComplete()` instead for forward\n     *     compatibility with `lit-element` 3.0 / `@lit/reactive-element`.\n     */\n    _getUpdateComplete() {\n        return this.getUpdateComplete();\n    }\n    /**\n     * Override point for the `updateComplete` promise.\n     *\n     * It is not safe to override the `updateComplete` getter directly due to a\n     * limitation in TypeScript which means it is not possible to call a\n     * superclass getter (e.g. `super.updateComplete.then(...)`) when the target\n     * language is ES5 (https://github.com/microsoft/TypeScript/issues/338).\n     * This method should be overridden instead. For example:\n     *\n     *   class MyElement extends LitElement {\n     *     async getUpdateComplete() {\n     *       await super.getUpdateComplete();\n     *       await this._myChild.updateComplete;\n     *     }\n     *   }\n     */\n    getUpdateComplete() {\n        return this._updatePromise;\n    }\n    /**\n     * Controls whether or not `update` should be called when the element requests\n     * an update. By default, this method always returns `true`, but this can be\n     * customized to control when to update.\n     *\n     * @param _changedProperties Map of changed properties with old values\n     */\n    shouldUpdate(_changedProperties) {\n        return true;\n    }\n    /**\n     * Updates the element. This method reflects property values to attributes.\n     * It can be overridden to render and keep updated element DOM.\n     * Setting properties inside this method will *not* trigger\n     * another update.\n     *\n     * @param _changedProperties Map of changed properties with old values\n     */\n    update(_changedProperties) {\n        if (this._reflectingProperties !== undefined &&\n            this._reflectingProperties.size > 0) {\n            // Use forEach so this works even if for/of loops are compiled to for\n            // loops expecting arrays\n            this._reflectingProperties.forEach((v, k) => this._propertyToAttribute(k, this[k], v));\n            this._reflectingProperties = undefined;\n        }\n        this._markUpdated();\n    }\n    /**\n     * Invoked whenever the element is updated. Implement to perform\n     * post-updating tasks via DOM APIs, for example, focusing an element.\n     *\n     * Setting properties inside this method will trigger the element to update\n     * again after this update cycle completes.\n     *\n     * @param _changedProperties Map of changed properties with old values\n     */\n    updated(_changedProperties) {\n    }\n    /**\n     * Invoked when the element is first updated. Implement to perform one time\n     * work on the element after update.\n     *\n     * Setting properties inside this method will trigger the element to update\n     * again after this update cycle completes.\n     *\n     * @param _changedProperties Map of changed properties with old values\n     */\n    firstUpdated(_changedProperties) {\n    }\n}\n_a = finalized;\n/**\n * Marks class as having finished creating properties.\n */\nUpdatingElement[_a] = true;\n//# sourceMappingURL=updating-element.js.map","/**\n * @license\n * Copyright (c) 2017 The Polymer Project Authors. All rights reserved.\n * This code may only be used under the BSD style license found at\n * http://polymer.github.io/LICENSE.txt\n * The complete set of authors may be found at\n * http://polymer.github.io/AUTHORS.txt\n * The complete set of contributors may be found at\n * http://polymer.github.io/CONTRIBUTORS.txt\n * Code distributed by Google as part of the polymer project is also\n * subject to an additional IP rights grant found at\n * http://polymer.github.io/PATENTS.txt\n */\n/**\n * The main LitElement module, which defines the [[`LitElement`]] base class and\n * related APIs.\n *\n *  LitElement components can define a template and a set of observed\n * properties. Changing an observed property triggers a re-render of the\n * element.\n *\n *  Import [[`LitElement`]] and [[`html`]] from this module to create a\n * component:\n *\n *  ```js\n * import {LitElement, html} from 'lit-element';\n *\n * class MyElement extends LitElement {\n *\n *   // Declare observed properties\n *   static get properties() {\n *     return {\n *       adjective: {}\n *     }\n *   }\n *\n *   constructor() {\n *     this.adjective = 'awesome';\n *   }\n *\n *   // Define the element's template\n *   render() {\n *     return html`<p>your ${adjective} template here</p>`;\n *   }\n * }\n *\n * customElements.define('my-element', MyElement);\n * ```\n *\n * `LitElement` extends [[`UpdatingElement`]] and adds lit-html templating.\n * The `UpdatingElement` class is provided for users that want to build\n * their own custom element base classes that don't use lit-html.\n *\n * @packageDocumentation\n */\nimport { render } from 'lit-html/lib/shady-render.js';\nimport { UpdatingElement } from './lib/updating-element.js';\nexport * from './lib/updating-element.js';\nexport { UpdatingElement as ReactiveElement } from './lib/updating-element.js';\nexport * from './lib/decorators.js';\nexport { html, svg, TemplateResult, SVGTemplateResult } from 'lit-html/lit-html.js';\nimport { supportsAdoptingStyleSheets, unsafeCSS } from './lib/css-tag.js';\nexport * from './lib/css-tag.js';\n// IMPORTANT: do not change the property name or the assignment expression.\n// This line will be used in regexes to search for LitElement usage.\n// TODO(justinfagnani): inject version number at build time\n(window['litElementVersions'] || (window['litElementVersions'] = []))\n    .push('2.5.1');\n/**\n * Sentinal value used to avoid calling lit-html's render function when\n * subclasses do not implement `render`\n */\nconst renderNotImplemented = {};\n/**\n * Base element class that manages element properties and attributes, and\n * renders a lit-html template.\n *\n * To define a component, subclass `LitElement` and implement a\n * `render` method to provide the component's template. Define properties\n * using the [[`properties`]] property or the [[`property`]] decorator.\n */\nexport class LitElement extends UpdatingElement {\n    /**\n     * Return the array of styles to apply to the element.\n     * Override this method to integrate into a style management system.\n     *\n     * @nocollapse\n     */\n    static getStyles() {\n        return this.styles;\n    }\n    /** @nocollapse */\n    static _getUniqueStyles() {\n        // Only gather styles once per class\n        if (this.hasOwnProperty(JSCompiler_renameProperty('_styles', this))) {\n            return;\n        }\n        // Take care not to call `this.getStyles()` multiple times since this\n        // generates new CSSResults each time.\n        // TODO(sorvell): Since we do not cache CSSResults by input, any\n        // shared styles will generate new stylesheet objects, which is wasteful.\n        // This should be addressed when a browser ships constructable\n        // stylesheets.\n        const userStyles = this.getStyles();\n        if (Array.isArray(userStyles)) {\n            // De-duplicate styles preserving the _last_ instance in the set.\n            // This is a performance optimization to avoid duplicated styles that can\n            // occur especially when composing via subclassing.\n            // The last item is kept to try to preserve the cascade order with the\n            // assumption that it's most important that last added styles override\n            // previous styles.\n            const addStyles = (styles, set) => styles.reduceRight((set, s) => \n            // Note: On IE set.add() does not return the set\n            Array.isArray(s) ? addStyles(s, set) : (set.add(s), set), set);\n            // Array.from does not work on Set in IE, otherwise return\n            // Array.from(addStyles(userStyles, new Set<CSSResult>())).reverse()\n            const set = addStyles(userStyles, new Set());\n            const styles = [];\n            set.forEach((v) => styles.unshift(v));\n            this._styles = styles;\n        }\n        else {\n            this._styles = userStyles === undefined ? [] : [userStyles];\n        }\n        // Ensure that there are no invalid CSSStyleSheet instances here. They are\n        // invalid in two conditions.\n        // (1) the sheet is non-constructible (`sheet` of a HTMLStyleElement), but\n        //     this is impossible to check except via .replaceSync or use\n        // (2) the ShadyCSS polyfill is enabled (:. supportsAdoptingStyleSheets is\n        //     false)\n        this._styles = this._styles.map((s) => {\n            if (s instanceof CSSStyleSheet && !supportsAdoptingStyleSheets) {\n                // Flatten the cssText from the passed constructible stylesheet (or\n                // undetectable non-constructible stylesheet). The user might have\n                // expected to update their stylesheets over time, but the alternative\n                // is a crash.\n                const cssText = Array.prototype.slice.call(s.cssRules)\n                    .reduce((css, rule) => css + rule.cssText, '');\n                return unsafeCSS(cssText);\n            }\n            return s;\n        });\n    }\n    /**\n     * Performs element initialization. By default this calls\n     * [[`createRenderRoot`]] to create the element [[`renderRoot`]] node and\n     * captures any pre-set values for registered properties.\n     */\n    initialize() {\n        super.initialize();\n        this.constructor._getUniqueStyles();\n        this.renderRoot = this.createRenderRoot();\n        // Note, if renderRoot is not a shadowRoot, styles would/could apply to the\n        // element's getRootNode(). While this could be done, we're choosing not to\n        // support this now since it would require different logic around de-duping.\n        if (window.ShadowRoot && this.renderRoot instanceof window.ShadowRoot) {\n            this.adoptStyles();\n        }\n    }\n    /**\n     * Returns the node into which the element should render and by default\n     * creates and returns an open shadowRoot. Implement to customize where the\n     * element's DOM is rendered. For example, to render into the element's\n     * childNodes, return `this`.\n     * @returns {Element|DocumentFragment} Returns a node into which to render.\n     */\n    createRenderRoot() {\n        return this.attachShadow(this.constructor.shadowRootOptions);\n    }\n    /**\n     * Applies styling to the element shadowRoot using the [[`styles`]]\n     * property. Styling will apply using `shadowRoot.adoptedStyleSheets` where\n     * available and will fallback otherwise. When Shadow DOM is polyfilled,\n     * ShadyCSS scopes styles and adds them to the document. When Shadow DOM\n     * is available but `adoptedStyleSheets` is not, styles are appended to the\n     * end of the `shadowRoot` to [mimic spec\n     * behavior](https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).\n     */\n    adoptStyles() {\n        const styles = this.constructor._styles;\n        if (styles.length === 0) {\n            return;\n        }\n        // There are three separate cases here based on Shadow DOM support.\n        // (1) shadowRoot polyfilled: use ShadyCSS\n        // (2) shadowRoot.adoptedStyleSheets available: use it\n        // (3) shadowRoot.adoptedStyleSheets polyfilled: append styles after\n        // rendering\n        if (window.ShadyCSS !== undefined && !window.ShadyCSS.nativeShadow) {\n            window.ShadyCSS.ScopingShim.prepareAdoptedCssText(styles.map((s) => s.cssText), this.localName);\n        }\n        else if (supportsAdoptingStyleSheets) {\n            this.renderRoot.adoptedStyleSheets =\n                styles.map((s) => s instanceof CSSStyleSheet ? s : s.styleSheet);\n        }\n        else {\n            // This must be done after rendering so the actual style insertion is done\n            // in `update`.\n            this._needsShimAdoptedStyleSheets = true;\n        }\n    }\n    connectedCallback() {\n        super.connectedCallback();\n        // Note, first update/render handles styleElement so we only call this if\n        // connected after first update.\n        if (this.hasUpdated && window.ShadyCSS !== undefined) {\n            window.ShadyCSS.styleElement(this);\n        }\n    }\n    /**\n     * Updates the element. This method reflects property values to attributes\n     * and calls `render` to render DOM via lit-html. Setting properties inside\n     * this method will *not* trigger another update.\n     * @param _changedProperties Map of changed properties with old values\n     */\n    update(changedProperties) {\n        // Setting properties in `render` should not trigger an update. Since\n        // updates are allowed after super.update, it's important to call `render`\n        // before that.\n        const templateResult = this.render();\n        super.update(changedProperties);\n        // If render is not implemented by the component, don't call lit-html render\n        if (templateResult !== renderNotImplemented) {\n            this.constructor\n                .render(templateResult, this.renderRoot, { scopeName: this.localName, eventContext: this });\n        }\n        // When native Shadow DOM is used but adoptedStyles are not supported,\n        // insert styling after rendering to ensure adoptedStyles have highest\n        // priority.\n        if (this._needsShimAdoptedStyleSheets) {\n            this._needsShimAdoptedStyleSheets = false;\n            this.constructor._styles.forEach((s) => {\n                const style = document.createElement('style');\n                style.textContent = s.cssText;\n                this.renderRoot.appendChild(style);\n            });\n        }\n    }\n    /**\n     * Invoked on each update to perform rendering tasks. This method may return\n     * any value renderable by lit-html's `NodePart` - typically a\n     * `TemplateResult`. Setting properties inside this method will *not* trigger\n     * the element to update.\n     */\n    render() {\n        return renderNotImplemented;\n    }\n}\n/**\n * Ensure this class is marked as `finalized` as an optimization ensuring\n * it will not needlessly try to `finalize`.\n *\n * Note this property name is a string to prevent breaking Closure JS Compiler\n * optimizations. See updating-element.ts for more information.\n */\nLitElement['finalized'] = true;\n/**\n * Reference to the underlying library method used to render the element's\n * DOM. By default, points to the `render` method from lit-html's shady-render\n * module.\n *\n * **Most users will never need to touch this property.**\n *\n * This  property should not be confused with the `render` instance method,\n * which should be overridden to define a template for the element.\n *\n * Advanced users creating a new base class based on LitElement can override\n * this property to point to a custom render method with a signature that\n * matches [shady-render's `render`\n * method](https://lit-html.polymer-project.org/api/modules/shady_render.html#render).\n *\n * @nocollapse\n */\nLitElement.render = render;\n/** @nocollapse */\nLitElement.shadowRootOptions = { mode: 'open' };\n//# sourceMappingURL=lit-element.js.map"],"names":[],"sourceRoot":""}