{"version":3,"sources":["webpack:///./node_modules/@azure/msal-common/dist/client/SilentFlowClient.js","webpack:///./node_modules/@azure/msal-common/dist/client/AuthorizationCodeClient.js","webpack:///./node_modules/@azure/msal-common/dist/cache/entities/AccessTokenEntity.js","webpack:///./node_modules/@azure/msal-common/dist/cache/entities/CacheRecord.js","webpack:///./node_modules/@azure/msal-common/dist/error/ServerError.js","webpack:///./node_modules/@azure/msal-common/dist/cache/entities/IdTokenEntity.js","webpack:///./node_modules/@azure/msal-common/dist/client/RefreshTokenClient.js","webpack:///./node_modules/@azure/msal-common/dist/cache/entities/ServerTelemetryEntity.js","webpack:///./node_modules/@azure/msal-common/dist/crypto/PopTokenGenerator.js","webpack:///./node_modules/@azure/msal-common/dist/crypto/ICrypto.js","webpack:///./node_modules/@azure/msal-common/dist/cache/persistence/TokenCacheContext.js","webpack:///./node_modules/@azure/msal-common/dist/cache/entities/RefreshTokenEntity.js","webpack:///./node_modules/@azure/msal-common/dist/cache/entities/CredentialEntity.js","webpack:///./node_modules/@azure/msal-common/dist/cache/entities/AuthorityMetadataEntity.js","webpack:///./node_modules/@azure/msal-common/dist/error/ClientAuthError.js","webpack:///./node_modules/@azure/msal-common/dist/cache/entities/AppMetadataEntity.js","webpack:///./node_modules/@azure/msal-common/dist/error/InteractionRequiredAuthError.js","webpack:///./node_modules/@azure/msal-common/dist/cache/entities/ThrottlingEntity.js","webpack:///./node_modules/@azure/msal-common/dist/config/ClientConfiguration.js","webpack:///./node_modules/@azure/msal-common/dist/error/ClientConfigurationError.js","webpack:///./node_modules/@azure/msal-common/dist/error/AuthError.js","webpack:///./node_modules/@azure/msal-common/dist/cache/CacheManager.js","webpack:///./node_modules/@azure/msal-common/dist/cache/entities/AccountEntity.js","webpack:///./node_modules/@azure/msal-common/dist/client/BaseClient.js"],"names":["SilentFlowClient","_super","configuration","call","this","prototype","acquireToken","request","e_1","refreshTokenClient","_a","label","trys","push","acquireCachedToken","sent","errorCode","tokenRefreshRequired","code","config","acquireTokenByRefreshToken","_b","_c","_d","requestScopes","environment","authScheme","cacheRecord","_e","createEmptyTokenRequestError","forceRefresh","serverTelemetryManager","setCacheOutcome","FORCE_REFRESH","logger","info","createRefreshRequiredError","isEmptyObj","claims","account","createNoAccountInSilentRequestError","scopes","authority","getPreferredCache","authenticationScheme","BEARER","cacheManager","readCacheRecord","authOptions","clientId","sshKid","accessToken","NO_CACHED_ACCESS_TOKEN","wasClockTurnedBack","cachedAt","isTokenExpired","expiresOn","systemOptions","tokenRenewalOffsetSeconds","CACHED_ACCESS_TOKEN_EXPIRED","refreshOn","REFRESH_CACHED_ACCESS_TOKEN","incrementCacheHits","generateResultFromCacheRecord","idTokenObj","idToken","secret","cryptoInterface","generateAuthenticationResult","cryptoUtils","AuthorizationCodeClient","getAuthCodeUrl","queryString","createAuthCodeUrlQueryString","appendQueryString","authorizationEndpoint","authCodePayload","reqTimestamp","response","responseHandler","isEmpty","createTokenRequestCannotBeMadeError","nowSeconds","executeTokenRequest","serializableCache","persistencePlugin","validateTokenResponse","body","handleServerTokenResponse","handleFragmentResponse","hashFragment","cachedState","hashUrlString","serverParams","getDeserializedHash","getHash","validateServerAuthorizationCodeResponse","createNoAuthCodeInServerResponseError","getLogoutUri","logoutRequest","createEmptyLogoutRequestError","createLogoutUrlQueryString","endSessionEndpoint","thumbprint","requestBody","queryParameters","ccsCredential","clientInfo","headers","endpoint","canonicalAuthority","resourceRequestMethod","resourceRequestUri","shrClaims","sshJwk","createTokenRequestBody","createTokenQueryParameters","undefined","credential","uid","CLIENT_INFO_SEPARATOR","utid","type","HOME_ACCOUNT_ID","e","verbose","createTokenRequestHeaders","tokenEndpoint","executePostToTokenEndpoint","parameterBuilder","tokenQueryParameters","addExtraQueryParameters","createQueryString","clientAssertion","popTokenGenerator","cnfString","correlationId","ccsCred","addClientId","addRedirectUri","redirectUri","addScopes","addAuthorizationCode","addLibraryInfo","libraryInfo","addThrottling","addServerTelemetry","codeVerifier","addCodeVerifier","clientCredentials","clientSecret","addClientSecret","addClientAssertion","assertion","addClientAssertionType","assertionType","addGrantType","AUTHORIZATION_CODE_GRANT","addClientInfo","POP","generateCnf","addPopToken","SSH","createMissingSshJwkError","addSshJwk","createNewGuid","addCorrelationId","clientCapabilities","length","addClaims","preventCorsPreflight","addCcsOid","UPN","addCcsUpn","extraScopesToConsent","addResponseMode","responseMode","addResponseTypeCode","codeChallenge","codeChallengeMethod","addCodeChallengeParams","prompt","addPrompt","domainHint","addDomainHint","SELECT_ACCOUNT","sid","NONE","addSid","accountSid","extractAccountSid","homeAccountId","loginHint","addLoginHint","username","nonce","addNonce","state","addState","extraQueryParameters","postLogoutRedirectUri","addPostLogoutRedirectUri","idTokenHint","addIdTokenHint","idTokenClaims","tokenClaims","AccessTokenEntity","apply","arguments","createAccessTokenEntity","tenantId","extExpiresOn","tokenType","oboAssertion","keyId","atEntity","credentialType","ACCESS_TOKEN","currentTime","toString","extendedExpiresOn","realm","target","ACCESS_TOKEN_WITH_AUTH_SCHEME","extractTokenClaims","cnf","kid","createTokenClaimsRequiredError","isAccessTokenEntity","entity","hasOwnProperty","CacheRecord","accountEntity","idTokenEntity","accessTokenEntity","refreshTokenEntity","appMetadataEntity","refreshToken","appMetadata","ServerError","errorMessage","subError","_this","name","Object","setPrototypeOf","IdTokenEntity","createIdTokenEntity","ID_TOKEN","isIdTokenEntity","RefreshTokenClient","isFOCI","noFamilyRTInCache","clientMismatchErrorWithFamilyRT","isAppMetadataFOCI","acquireTokenWithCachedRefreshToken","noTokensFoundError","INVALID_GRANT_ERROR","CLIENT_MISMATCH_ERROR","foci","refreshTokenRequest","readRefreshTokenFromCache","createNoTokensFoundError","REFRESH_TOKEN_GRANT","addRefreshToken","ServerTelemetryEntity","failedRequests","errors","cacheHits","isServerTelemetryEntity","key","validateKey","indexOf","CACHE_KEY","validateEntity","KeyLocation","PopTokenGenerator","reqCnf","generateKid","base64Encode","JSON","stringify","kidThumbprint","getPublicKeyThumbprint","xms_ksl","SW","signPopToken","signPayload","payload","shrNonce","resourceUrlString","resourceUrlComponents","getUrlComponents","signJwt","at","ts","m","toUpperCase","u","HostNameAndPort","p","AbsolutePath","q","QueryString","client_claims","DEFAULT_CRYPTO_IMPLEMENTATION","notImplErr","createUnexpectedError","base64Decode","generatePkceCodes","removeTokenBindingKey","clearKeystore","TokenCacheContext","tokenCache","hasChanged","cache","defineProperty","get","enumerable","configurable","RefreshTokenEntity","createRefreshTokenEntity","familyId","rtEntity","REFRESH_TOKEN","isRefreshTokenEntity","CredentialEntity","generateAccountId","generateAccountIdForCacheKey","generateCredentialId","generateCredentialIdForCacheKey","generateTarget","generateTargetForCacheKey","generateCredentialKey","generateCredentialCacheKey","generateType","createUnexpectedCredentialTypeError","getCredentialType","toLowerCase","NOT_DEFINED","credentialKey","join","CACHE_KEY_SEPARATOR","accountId","clientOrFamilyId","credentialId","AuthorityMetadataEntity","expiresAt","REFRESH_TIME_SECONDS","updateCloudDiscoveryMetadata","metadata","fromNetwork","aliases","preferred_cache","preferred_network","aliasesFromNetwork","updateEndpointMetadata","authorization_endpoint","token_endpoint","end_session_endpoint","issuer","endpointsFromNetwork","updateCanonicalAuthority","canonical_authority","resetExpiresAt","isExpired","isAuthorityMetadataEntity","ClientAuthErrorMessage","clientInfoDecodingError","desc","clientInfoEmptyError","tokenParsingError","nullOrEmptyToken","endpointResolutionError","networkError","unableToGetOpenidConfigError","hashNotDeserialized","blankGuidGenerated","invalidStateError","stateMismatchError","stateNotFoundError","nonceMismatchError","nonceNotFoundError","multipleMatchingTokens","multipleMatchingAccounts","multipleMatchingAppMetadata","tokenRequestCannotBeMade","appendEmptyScopeError","removeEmptyScopeError","appendScopeSetError","emptyInputScopeSetError","DeviceCodePollingCancelled","DeviceCodeExpired","DeviceCodeUnknownError","NoAccountInSilentRequest","invalidCacheRecord","invalidCacheEnvironment","noAccountFound","CachePluginError","noCryptoObj","invalidCacheType","unexpectedAccountType","unexpectedCredentialType","invalidAssertion","invalidClientCredential","userTimeoutReached","tokenClaimsRequired","noAuthorizationCodeFromServer","noAzureRegionDetected","accessTokenEntityNullError","bindingKeyNotRemovedError","logoutNotSupported","ClientAuthError","createClientInfoDecodingError","caughtError","createClientInfoEmptyError","createTokenParsingError","caughtExtractionError","createTokenNullOrEmptyError","invalidRawTokenString","createEndpointDiscoveryIncompleteError","errDetail","createNetworkError","split","createUnableToGetOpenidConfigError","createHashNotDeserializedError","hashParamObj","createInvalidStateError","invalidState","errorString","createStateMismatchError","createStateNotFoundError","missingState","createNonceMismatchError","createNonceNotFoundError","missingNonce","createMultipleMatchingTokensInCacheError","createMultipleMatchingAccountsInCacheError","createMultipleMatchingAppMetadataInCacheError","createAppendEmptyScopeToSetError","givenScope","createRemoveEmptyScopeFromSetError","createAppendScopeSetError","appendError","createEmptyInputScopeSetError","createDeviceCodeCancelledError","createDeviceCodeExpiredError","createDeviceCodeUnknownError","createNullOrUndefinedCacheRecord","createInvalidCacheEnvironmentError","createNoAccountFoundError","createCachePluginError","createNoCryptoObjectError","operationName","createInvalidCacheTypeError","createUnexpectedAccountTypeError","createInvalidAssertionError","createInvalidCredentialError","createUserTimeoutReachedError","createBindingKeyNotRemovedError","createLogoutNotSupportedError","AppMetadataEntity","generateAppMetadataKey","generateAppMetadataCacheKey","appMetaDataKeyArray","createAppMetadataEntity","isAppMetadataEntity","InteractionRequiredServerErrorMessage","InteractionRequiredAuthSubErrorMessage","InteractionRequiredAuthErrorMessage","InteractionRequiredAuthError","isInteractionRequiredError","isInteractionRequiredErrorCode","isInteractionRequiredSubError","isInteractionRequiredErrorDesc","some","irErrorCode","ThrottlingEntity","isThrottlingEntity","THROTTLING_PREFIX","DEFAULT_TOKEN_RENEWAL_OFFSET_SEC","DEFAULT_SYSTEM_OPTIONS","DEFAULT_LOGGER_IMPLEMENTATION","loggerCallback","piiLoggingEnabled","logLevel","Info","DEFAULT_NETWORK_IMPLEMENTATION","sendGetRequestAsync","sendPostRequestAsync","DEFAULT_LIBRARY_INFO","sku","SKU","version","cpu","os","DEFAULT_CLIENT_CREDENTIALS","buildClientConfiguration","userAuthOptions","userSystemOptions","userLoggerOption","loggerOptions","storageImplementation","storageInterface","networkImplementation","networkInterface","cryptoImplementation","buildAuthOptions","ClientConfigurationErrorMessage","redirectUriNotSet","postLogoutUriNotSet","claimsRequestParsingError","authorityUriInsecure","urlParseError","urlEmptyError","emptyScopesError","nonArrayScopesError","clientIdSingleScopeError","invalidPrompt","invalidClaimsRequest","tokenRequestEmptyError","logoutRequestEmptyError","invalidCodeChallengeMethod","invalidCodeChallengeParams","invalidCloudDiscoveryMetadata","invalidAuthorityMetadata","untrustedAuthority","missingSshJwk","missingSshKid","missingNonceAuthenticationHeader","invalidAuthenticationHeader","ClientConfigurationError","createRedirectUriEmptyError","createPostLogoutRedirectUriEmptyError","createClaimsRequestParsingError","claimsRequestParseError","createInsecureAuthorityUriError","urlString","createUrlParseError","createUrlEmptyError","createEmptyScopesArrayError","createClientIdSingleScopeError","inputScopes","createInvalidPromptError","promptValue","createInvalidClaimsRequestError","createInvalidCodeChallengeMethodError","createInvalidCodeChallengeParamsError","createInvalidCloudDiscoveryMetadataError","createInvalidAuthorityMetadataError","createUntrustedAuthorityError","createMissingSshKidError","createMissingNonceAuthenticationHeadersError","createInvalidAuthenticationHeaderError","invalidHeaderName","details","AuthErrorMessage","unexpectedError","AuthError","suberror","EMPTY_STRING","setCorrelationId","errDesc","Error","CacheManager","cryptoImpl","getAllAccounts","currentAccounts","getAccountsFilteredBy","accountValues","keys","map","accountKey","numAccounts","allAccounts","value","toObject","accountInfo","getAccountInfo","readIdTokenFromCache","saveCacheRecord","setAccount","setIdTokenCredential","saveAccessToken","setRefreshTokenCredential","setAppMetadata","currentTokenCache","currentScopes","currentAccessTokens","removedAccessTokens_1","getCredentialsFilteredBy","fromString","accessTokens","forEach","tokenEntity","tokenScopeSet","intersectingScopeSets","removeCredential","Promise","all","setAccessTokenCredential","accountFilter","getAccountsFilteredByInternal","allCacheKeys","getKeys","matchingAccounts","cacheKey","getAccount","matchHomeAccountId","matchEnvironment","matchRealm","filter","getCredentialsFilteredByInternal","matchingCredentials","idTokens","refreshTokens","credType","getSpecificCredential","matchOboAssertion","matchCredentialType","matchClientId","matchFamilyId","matchTarget","matchTokenType","removeItem","CREDENTIAL","matchKeyId","getAppMetadataFilteredBy","getAppMetadataFilteredByInternal","matchingAppMetadata","isAppMetadata","getAppMetadata","getAuthorityMetadataByAlias","host","getAuthorityMetadataKeys","matchedEntity","isAuthorityMetadata","getAuthorityMetadata","removeAllAccounts","removedAccounts","removeAccount","removeAccountContext","ACCOUNT","removedCredentials","cacheEntity","accessTokenWithAuthSchemeEntity","removeAppMetadata","APP_METADATA","cachedAccount","readAccountFromCache","cachedIdToken","cachedAccessToken","readAccessTokenFromCache","cachedRefreshToken","cachedAppMetadata","readAppMetadataFromCache","generateAccountCacheKey","idTokenFilter","credentialCache","numIdTokens","accessTokenFilter","printScopesLowerCase","numAccessTokens","familyRT","id","refreshTokenFilter","numRefreshTokens","appMetadataFilter","appMetadataEntries","numAppMetadata","cloudMetadata","isNotAccessTokenCredential","entityScopeSet","requestTargetScopeSet","containsOnlyOIDCScopes","removeScope","OFFLINE_ACCESS_SCOPE","removeOIDCScopes","containsScopeSet","generateAuthorityMetadataCacheKey","getIdTokenCredential","getAccessTokenCredential","getRefreshTokenCredential","obj","json","propertyName","DefaultStorageClass","setServerTelemetry","getServerTelemetry","setAuthorityMetadata","setThrottlingCache","getThrottlingCache","containsKey","clear","AccountEntity","generateAccountKey","localAccountId","authorityType","ADFS_ACCOUNT_TYPE","ADFS","MSAV1_ACCOUNT_TYPE","MSA","MSSTS_ACCOUNT_TYPE","MSSTS","GENERIC_ACCOUNT_TYPE","GENERIC","accountInterface","createAccount","cloudGraphHostName","msGraphHost","_f","env","tid","oid","sub","preferred_username","emails","createGenericAccount","Adfs","upn","generateHomeAccountId","serverClientInfo","authType","cryptoObj","isAccountEntity","accountInfoIsEqual","accountA","accountB","compareClaims","claimsMatch","accountAClaims","accountBClaims","iat","BaseClient","networkClient","networkManager","CONTENT_TYPE","URL_FORM_CONTENT_TYPE","CCS_HEADER","sendPostRequest","status","clearTelemetryCache","updateAuthority","updatedAuthority","discoveryComplete"],"mappings":"0HAAA,0KAkBIA,EAAkC,SAAUC,GAE5C,SAASD,EAAiBE,GACtB,OAAOD,EAAOE,KAAKC,KAAMF,IAAkBE,KA+G/C,OAjHA,eAAUJ,EAAkBC,GAS5BD,EAAiBK,UAAUC,aAAe,SAAUC,GAChD,OAAO,eAAUH,UAAM,OAAQ,GAAQ,WACnC,IAAII,EAAKC,EACT,OAAO,eAAYL,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAED,OADAD,EAAGE,KAAKC,KAAK,CAAC,EAAG,EAAG,CAAE,IACf,CAAC,EAAaT,KAAKU,mBAAmBP,IACjD,KAAK,EAAG,MAAO,CAAC,EAAcG,EAAGK,QACjC,KAAK,EAED,GADAP,EAAME,EAAGK,OACLP,aAAe,QAAmBA,EAAIQ,YAAc,OAAuBC,qBAAqBC,KAEhG,OADAT,EAAqB,IAAI,OAAmBL,KAAKe,QAC1C,CAAC,EAAcV,EAAmBW,2BAA2Bb,IAGpE,MAAMC,EAEd,KAAK,EAAG,MAAO,CAAC,WAShCR,EAAiBK,UAAUS,mBAAqB,SAAUP,GACtD,IAAIG,EAAIW,EAAIC,EAAIC,EAChB,OAAO,eAAUnB,UAAM,OAAQ,GAAQ,WACnC,IAAIoB,EAAeC,EAAaC,EAAYC,EAC5C,OAAO,eAAYvB,MAAM,SAAUwB,GAC/B,OAAQA,EAAGjB,OACP,KAAK,EAED,IAAKJ,EACD,MAAM,OAAyBsB,+BAEnC,GAAItB,EAAQuB,aAIR,MAFuC,QAAtCpB,EAAKN,KAAK2B,8BAA2C,IAAPrB,GAAyBA,EAAGsB,gBAAgB,OAAaC,eACxG7B,KAAK8B,OAAOC,KAAK,sFACX,OAAgBC,6BAErB,IAAK,OAAYC,WAAW9B,EAAQ+B,QAGrC,MADAlC,KAAK8B,OAAOC,KAAK,sFACX,OAAgBC,6BAG1B,IAAK7B,EAAQgC,QACT,MAAM,OAAgBC,sCAM1B,GAJAhB,EAAgB,IAAI,OAASjB,EAAQkC,QAAU,IAC/ChB,EAAclB,EAAQmC,WAAatC,KAAKsC,UAAUC,oBAClDjB,EAAanB,EAAQqC,sBAAwB,OAAqBC,OAClElB,EAAcvB,KAAK0C,aAAaC,gBAAgBxC,EAAQgC,QAASnC,KAAKe,OAAO6B,YAAYC,SAAUzB,EAAeC,EAAaC,EAAYnB,EAAQ2C,SAC9IvB,EAAYwB,YAIb,MAFuC,QAAtC9B,EAAKjB,KAAK2B,8BAA2C,IAAPV,GAAyBA,EAAGW,gBAAgB,OAAaoB,wBACxGhD,KAAK8B,OAAOC,KAAK,kGACX,OAAgBC,6BAErB,GAAI,OAAUiB,mBAAmB1B,EAAYwB,YAAYG,WAC1D,OAAUC,eAAe5B,EAAYwB,YAAYK,UAAWpD,KAAKe,OAAOsC,cAAcC,2BAItF,MAFuC,QAAtCpC,EAAKlB,KAAK2B,8BAA2C,IAAPT,GAAyBA,EAAGU,gBAAgB,OAAa2B,6BACxGvD,KAAK8B,OAAOC,KAAK,8FAAgG/B,KAAKe,OAAOsC,cAAcC,0BAA4B,aACjK,OAAgBtB,6BAErB,GAAIT,EAAYwB,YAAYS,WAAa,OAAUL,eAAe5B,EAAYwB,YAAYS,UAAW,GAItG,MAFuC,QAAtCrC,EAAKnB,KAAK2B,8BAA2C,IAAPR,GAAyBA,EAAGS,gBAAgB,OAAa6B,6BACxGzD,KAAK8B,OAAOC,KAAK,sGACX,OAAgBC,6BAK1B,OAHIhC,KAAKe,OAAOY,wBACZ3B,KAAKe,OAAOY,uBAAuB+B,qBAEhC,CAAC,EAAa1D,KAAK2D,8BAA8BpC,EAAapB,IACzE,KAAK,EAAG,MAAO,CAAC,EAAcqB,EAAGb,gBASjDf,EAAiBK,UAAU0D,8BAAgC,SAAUpC,EAAapB,GAC9E,OAAO,eAAUH,UAAM,OAAQ,GAAQ,WACnC,IAAI4D,EACJ,OAAO,eAAY5D,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAID,OAHIgB,EAAYsC,UACZD,EAAa,IAAI,OAAUrC,EAAYsC,QAAQC,OAAQ9D,KAAKe,OAAOgD,kBAEhE,CAAC,EAAa,OAAgBC,6BAA6BhE,KAAKiE,YAAajE,KAAKsC,UAAWf,GAAa,EAAMpB,EAASyD,IACpI,KAAK,EAAG,MAAO,CAAC,EAActD,EAAGK,gBAK1Cf,EAlH0B,CAmHnC,S,oCCrIF,kMAuBIsE,EAAyC,SAAUrE,GAEnD,SAASqE,EAAwBpE,GAC7B,OAAOD,EAAOE,KAAKC,KAAMF,IAAkBE,KAkX/C,OApXA,eAAUkE,EAAyBrE,GAcnCqE,EAAwBjE,UAAUkE,eAAiB,SAAUhE,GACzD,OAAO,eAAUH,UAAM,OAAQ,GAAQ,WACnC,IAAIoE,EACJ,OAAO,eAAYpE,MAAM,SAAUM,GAE/B,OADA8D,EAAcpE,KAAKqE,6BAA6BlE,GACzC,CAAC,EAAc,OAAUmE,kBAAkBtE,KAAKsC,UAAUiC,sBAAuBH,WASpGF,EAAwBjE,UAAUC,aAAe,SAAUC,EAASqE,GAChE,OAAO,eAAUxE,UAAM,OAAQ,GAAQ,WACnC,IAAIyE,EAAcC,EAAUC,EAC5B,OAAO,eAAY3E,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAED,GADAP,KAAK8B,OAAOC,KAAK,yBACZ5B,GAAW,OAAYyE,QAAQzE,EAAQW,MACxC,MAAM,OAAgB+D,sCAG1B,OADAJ,EAAe,OAAUK,aAClB,CAAC,EAAa9E,KAAK+E,oBAAoB/E,KAAKsC,UAAWnC,IAClE,KAAK,EAKD,OAJAuE,EAAWpE,EAAGK,OACdgE,EAAkB,IAAI,OAAgB3E,KAAKe,OAAO6B,YAAYC,SAAU7C,KAAK0C,aAAc1C,KAAKiE,YAAajE,KAAK8B,OAAQ9B,KAAKe,OAAOiE,kBAAmBhF,KAAKe,OAAOkE,mBAErKN,EAAgBO,sBAAsBR,EAASS,MACxC,CAAC,EAAaR,EAAgBS,0BAA0BV,EAASS,KAAMnF,KAAKsC,UAAWmC,EAActE,EAASqE,IACzH,KAAK,EAAG,MAAO,CAAC,EAAclE,EAAGK,gBAUjDuD,EAAwBjE,UAAUoF,uBAAyB,SAAUC,EAAcC,GAE/E,IAAIZ,EAAkB,IAAI,OAAgB3E,KAAKe,OAAO6B,YAAYC,SAAU7C,KAAK0C,aAAc1C,KAAKiE,YAAajE,KAAK8B,OAAQ,KAAM,MAEhI0D,EAAgB,IAAI,OAAUF,GAE9BG,EAAe,OAAUC,oBAAoBF,EAAcG,WAI/D,GAFAhB,EAAgBiB,wCAAwCH,EAAcF,EAAavF,KAAKiE,cAEnFwB,EAAa3E,KACd,MAAM,OAAgB+E,wCAE1B,OAAO,eAAS,eAAS,GAAIJ,GAAe,CAExC3E,KAAM2E,EAAa3E,QAO3BoD,EAAwBjE,UAAU6F,aAAe,SAAUC,GAEvD,IAAKA,EACD,MAAM,OAAyBC,gCAEnC,IAAI5B,EAAcpE,KAAKiG,2BAA2BF,GAElD,OAAO,OAAUzB,kBAAkBtE,KAAKsC,UAAU4D,mBAAoB9B,IAO1EF,EAAwBjE,UAAU8E,oBAAsB,SAAUzC,EAAWnC,GACzE,OAAO,eAAUH,UAAM,OAAQ,GAAQ,WACnC,IAAImG,EAAYC,EAAaC,EAAiBC,EAAeC,EAAYC,EAASC,EAClF,OAAO,eAAYzG,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAYD,OAXA4F,EAAa,CACTtD,SAAU7C,KAAKe,OAAO6B,YAAYC,SAClCP,UAAWA,EAAUoE,mBACrBrE,OAAQlC,EAAQkC,OAChBG,qBAAsBrC,EAAQqC,qBAC9BmE,sBAAuBxG,EAAQwG,sBAC/BC,mBAAoBzG,EAAQyG,mBAC5BC,UAAW1G,EAAQ0G,UACnBC,OAAQ3G,EAAQ2G,OAChBhE,OAAQ3C,EAAQ2C,QAEb,CAAC,EAAa9C,KAAK+G,uBAAuB5G,IACrD,KAAK,EAID,GAHAiG,EAAc9F,EAAGK,OACjB0F,EAAkBrG,KAAKgH,2BAA2B7G,GAClDmG,OAAgBW,EACZ9G,EAAQoG,WACR,IACIA,EAAa,eAAgBpG,EAAQoG,WAAYvG,KAAKiE,aACtDqC,EAAgB,CACZY,WAAY,GAAKX,EAAWY,IAAM,OAAWC,sBAAwBb,EAAWc,KAChFC,KAAM,OAAkBC,iBAGhC,MAAOC,GACHxH,KAAK8B,OAAO2F,QAAQ,+CAAiDD,GAK7E,OAFAhB,EAAUxG,KAAK0H,0BAA0BpB,GAAiBnG,EAAQmG,eAClEG,EAAW,OAAY7B,QAAQyB,GAAmB/D,EAAUqF,cAAgBrF,EAAUqF,cAAgB,IAAMtB,EACrG,CAAC,EAAcrG,KAAK4H,2BAA2BnB,EAAUL,EAAaI,EAASL,YAS1GjC,EAAwBjE,UAAU+G,2BAA6B,SAAU7G,GACrE,IAAI0H,EAAmB,IAAI,OAI3B,OAHI1H,EAAQ2H,sBACRD,EAAiBE,wBAAwB5H,EAAQ2H,sBAE9CD,EAAiBG,qBAM5B9D,EAAwBjE,UAAU8G,uBAAyB,SAAU5G,GACjE,OAAO,eAAUH,UAAM,OAAQ,GAAQ,WACnC,IAAI6H,EAAkBI,EAAiBC,EAAmBC,EAAWC,EAAeC,EAAqB9B,EACzG,OAAO,eAAYvG,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EA6BD,OA5BAsH,EAAmB,IAAI,OACvBA,EAAiBS,YAAYtI,KAAKe,OAAO6B,YAAYC,UAErDgF,EAAiBU,eAAepI,EAAQqI,aAExCX,EAAiBY,UAAUtI,EAAQkC,QAEnCwF,EAAiBa,qBAAqBvI,EAAQW,MAE9C+G,EAAiBc,eAAe3I,KAAKe,OAAO6H,aAC5Cf,EAAiBgB,gBACb7I,KAAK2B,wBACLkG,EAAiBiB,mBAAmB9I,KAAK2B,wBAGzCxB,EAAQ4I,cACRlB,EAAiBmB,gBAAgB7I,EAAQ4I,cAEzC/I,KAAKe,OAAOkI,kBAAkBC,cAC9BrB,EAAiBsB,gBAAgBnJ,KAAKe,OAAOkI,kBAAkBC,cAE/DlJ,KAAKe,OAAOkI,kBAAkBhB,kBAC9BA,EAAkBjI,KAAKe,OAAOkI,kBAAkBhB,gBAChDJ,EAAiBuB,mBAAmBnB,EAAgBoB,WACpDxB,EAAiByB,uBAAuBrB,EAAgBsB,gBAE5D1B,EAAiB2B,aAAa,OAAUC,0BACxC5B,EAAiB6B,gBACXvJ,EAAQqC,uBAAyB,OAAqBmH,IAAa,CAAC,EAAa,IACvFzB,EAAoB,IAAI,OAAkBlI,KAAKiE,aACxC,CAAC,EAAaiE,EAAkB0B,YAAYzJ,KACvD,KAAK,EAGD,OAFAgI,EAAY7H,EAAGK,OACfkH,EAAiBgC,YAAY1B,GACtB,CAAC,EAAa,GACzB,KAAK,EACD,GAAIhI,EAAQqC,uBAAyB,OAAqBsH,IAAK,CAC3D,IAAI3J,EAAQ2G,OAIR,MAAM,OAAyBiD,2BAH/BlC,EAAiBmC,UAAU7J,EAAQ2G,QAM3CxG,EAAGC,MAAQ,EACf,KAAK,EAOD,GANA6H,EAAgBjI,EAAQiI,eAAiBpI,KAAKe,OAAOgD,gBAAgBkG,gBACrEpC,EAAiBqC,iBAAiB9B,KAC7B,OAAYnG,WAAW9B,EAAQ+B,SAAWlC,KAAKe,OAAO6B,YAAYuH,oBAAsBnK,KAAKe,OAAO6B,YAAYuH,mBAAmBC,OAAS,IAC7IvC,EAAiBwC,UAAUlK,EAAQ+B,OAAQlC,KAAKe,OAAO6B,YAAYuH,oBAEvE9B,OAAUpB,EACN9G,EAAQoG,WACR,IACIA,EAAa,eAAgBpG,EAAQoG,WAAYvG,KAAKiE,aACtDoE,EAAU,CACNnB,WAAY,GAAKX,EAAWY,IAAM,OAAWC,sBAAwBb,EAAWc,KAChFC,KAAM,OAAkBC,iBAGhC,MAAOC,GACHxH,KAAK8B,OAAO2F,QAAQ,+CAAiDD,QAIzEa,EAAUlI,EAAQmG,cAGtB,GAAItG,KAAKe,OAAOsC,cAAciH,sBAAwBjC,EAClD,OAAQA,EAAQf,MACZ,KAAK,OAAkBC,gBACnB,IACIhB,EAAa,eAAiC8B,EAAQnB,YACtDW,EAAiB0C,UAAUhE,GAE/B,MAAOiB,GACHxH,KAAK8B,OAAO2F,QAAQ,mDAAqDD,GAE7E,MACJ,KAAK,OAAkBgD,IACnB3C,EAAiB4C,UAAUpC,EAAQnB,YACnC,MAGZ,MAAO,CAAC,EAAcW,EAAiBG,6BAS3D9D,EAAwBjE,UAAUoE,6BAA+B,SAAUlE,GACvE,IAAI0H,EAAmB,IAAI,OAC3BA,EAAiBS,YAAYtI,KAAKe,OAAO6B,YAAYC,UACrD,IAAIzB,EAAgB,eAAejB,EAAQkC,QAAU,GAAIlC,EAAQuK,sBAAwB,IACzF7C,EAAiBY,UAAUrH,GAE3ByG,EAAiBU,eAAepI,EAAQqI,aAExC,IAAIJ,EAAgBjI,EAAQiI,eAAiBpI,KAAKe,OAAOgD,gBAAgBkG,gBAoBzE,GAnBApC,EAAiBqC,iBAAiB9B,GAElCP,EAAiB8C,gBAAgBxK,EAAQyK,cAEzC/C,EAAiBgD,sBAEjBhD,EAAiBc,eAAe3I,KAAKe,OAAO6H,aAE5Cf,EAAiB6B,gBACbvJ,EAAQ2K,eAAiB3K,EAAQ4K,qBACjClD,EAAiBmD,uBAAuB7K,EAAQ2K,cAAe3K,EAAQ4K,qBAEvE5K,EAAQ8K,QACRpD,EAAiBqD,UAAU/K,EAAQ8K,QAEnC9K,EAAQgL,YACRtD,EAAiBuD,cAAcjL,EAAQgL,YAGvChL,EAAQ8K,SAAW,OAAYI,eAE/B,GAAIlL,EAAQmL,KAAOnL,EAAQ8K,SAAW,OAAYM,KAE9CvL,KAAK8B,OAAO2F,QAAQ,yEACpBI,EAAiB2D,OAAOrL,EAAQmL,UAE/B,GAAInL,EAAQgC,QAAS,CACtB,IAAIsJ,EAAazL,KAAK0L,kBAAkBvL,EAAQgC,SAEhD,GAAIsJ,GAActL,EAAQ8K,SAAW,OAAYM,KAAM,CAEnDvL,KAAK8B,OAAO2F,QAAQ,yEACpBI,EAAiB2D,OAAOC,GACxB,IACI,IAAIlF,EAAa,eAAiCpG,EAAQgC,QAAQwJ,eAClE9D,EAAiB0C,UAAUhE,GAE/B,MAAOiB,GACHxH,KAAK8B,OAAO2F,QAAQ,mDAAqDD,SAG5E,GAAIrH,EAAQyL,UACb5L,KAAK8B,OAAO2F,QAAQ,gEACpBI,EAAiBgE,aAAa1L,EAAQyL,WACtC/D,EAAiB4C,UAAUtK,EAAQyL,gBAElC,GAAIzL,EAAQgC,QAAQ2J,SAAU,CAE/B9L,KAAK8B,OAAO2F,QAAQ,gEACpBI,EAAiBgE,aAAa1L,EAAQgC,QAAQ2J,UAC9C,IACQvF,EAAa,eAAiCpG,EAAQgC,QAAQwJ,eAClE9D,EAAiB0C,UAAUhE,GAE/B,MAAOiB,GACHxH,KAAK8B,OAAO2F,QAAQ,mDAAqDD,UAI5ErH,EAAQyL,YACb5L,KAAK8B,OAAO2F,QAAQ,4EACpBI,EAAiBgE,aAAa1L,EAAQyL,WACtC/D,EAAiB4C,UAAUtK,EAAQyL,iBAIvC5L,KAAK8B,OAAO2F,QAAQ,kFAcxB,OAZItH,EAAQ4L,OACRlE,EAAiBmE,SAAS7L,EAAQ4L,OAElC5L,EAAQ8L,OACRpE,EAAiBqE,SAAS/L,EAAQ8L,SAEjC,OAAYrH,QAAQzE,EAAQ+B,SAAWlC,KAAKe,OAAO6B,YAAYuH,oBAAsBnK,KAAKe,OAAO6B,YAAYuH,mBAAmBC,OAAS,IAC1IvC,EAAiBwC,UAAUlK,EAAQ+B,OAAQlC,KAAKe,OAAO6B,YAAYuH,oBAEnEhK,EAAQgM,sBACRtE,EAAiBE,wBAAwB5H,EAAQgM,sBAE9CtE,EAAiBG,qBAM5B9D,EAAwBjE,UAAUgG,2BAA6B,SAAU9F,GACrE,IAAI0H,EAAmB,IAAI,OAgB3B,OAfI1H,EAAQiM,uBACRvE,EAAiBwE,yBAAyBlM,EAAQiM,uBAElDjM,EAAQiI,eACRP,EAAiBqC,iBAAiB/J,EAAQiI,eAE1CjI,EAAQmM,aACRzE,EAAiB0E,eAAepM,EAAQmM,aAExCnM,EAAQ8L,OACRpE,EAAiBqE,SAAS/L,EAAQ8L,OAElC9L,EAAQgM,sBACRtE,EAAiBE,wBAAwB5H,EAAQgM,sBAE9CtE,EAAiBG,qBAM5B9D,EAAwBjE,UAAUyL,kBAAoB,SAAUvJ,GAC5D,GAAIA,EAAQqK,cAAe,CACvB,IAAIC,EAActK,EAAQqK,cAC1B,OAAOC,EAAYnB,KAAO,KAE9B,OAAO,MAEJpH,EArXiC,CAsX1C,S,oCC7YF,0HAsCIwI,EAAmC,SAAU7M,GAE7C,SAAS6M,IACL,OAAkB,OAAX7M,GAAmBA,EAAO8M,MAAM3M,KAAM4M,YAAc5M,KAuE/D,OAzEA,eAAU0M,EAAmB7M,GAe7B6M,EAAkBG,wBAA0B,SAAUlB,EAAetK,EAAa0B,EAAaF,EAAUiK,EAAUzK,EAAQe,EAAW2J,EAAc9I,EAAaT,EAAWwJ,EAAWC,EAAcC,GACjM,IAAI5M,EACA6M,EAAW,IAAIT,EACnBS,EAASxB,cAAgBA,EACzBwB,EAASC,eAAiB,OAAeC,aACzCF,EAASrJ,OAASf,EAClB,IAAIuK,EAAc,OAAUxI,aAkB5B,GAjBAqI,EAASjK,SAAWoK,EAAYC,WAKhCJ,EAAS/J,UAAYA,EAAUmK,WAC/BJ,EAASK,kBAAoBT,EAAaQ,WACtC/J,IACA2J,EAAS3J,UAAYA,EAAU+J,YAEnCJ,EAAS9L,YAAcA,EACvB8L,EAAStK,SAAWA,EACpBsK,EAASM,MAAQX,EACjBK,EAASO,OAASrL,EAClB8K,EAASF,aAAeA,EACxBE,EAASH,UAAY,OAAYpI,QAAQoI,GAAa,OAAqBvK,OAASuK,EAEhFG,EAASH,YAAc,OAAqBvK,OAE5C,OADA0K,EAASC,eAAiB,OAAeO,8BACjCR,EAASH,WACb,KAAK,OAAqBrD,IAEtB,IAAI8C,EAAc,OAAUmB,mBAAmB7K,EAAakB,GAC5D,KAA2F,QAApF3D,EAAqB,OAAhBmM,QAAwC,IAAhBA,OAAyB,EAASA,EAAYoB,WAAwB,IAAPvN,OAAgB,EAASA,EAAGwN,KAC3H,MAAM,OAAgBC,iCAE1BZ,EAASD,MAAQT,EAAYoB,IAAIC,IACjC,MACJ,KAAK,OAAqBhE,IACtBqD,EAASD,MAAQA,EAG7B,OAAOC,GAMXT,EAAkBsB,oBAAsB,SAAUC,GAC9C,QAAKA,IAGGA,EAAOC,eAAe,kBAC1BD,EAAOC,eAAe,gBACtBD,EAAOC,eAAe,mBACtBD,EAAOC,eAAe,UACtBD,EAAOC,eAAe,aACtBD,EAAOC,eAAe,WACtBD,EAAOC,eAAe,YACrBD,EAAO,oBAAsB,OAAeZ,cAAgBY,EAAO,oBAAsB,OAAeN,iCAE1GjB,EA1E2B,CA2EpC,S,oCCjHF;;AAMA,IAAIyB,EAA6B,WAC7B,SAASA,EAAYC,EAAeC,EAAeC,EAAmBC,EAAoBC,GACtFxO,KAAKmC,QAAUiM,GAAiB,KAChCpO,KAAK6D,QAAUwK,GAAiB,KAChCrO,KAAK+C,YAAcuL,GAAqB,KACxCtO,KAAKyO,aAAeF,GAAsB,KAC1CvO,KAAK0O,YAAcF,GAAqB,KAE5C,OAAOL,EARqB,I,oCCNhC,8DAYIQ,EAA6B,SAAU9O,GAEvC,SAAS8O,EAAY/N,EAAWgO,EAAcC,GAC1C,IAAIC,EAAQjP,EAAOE,KAAKC,KAAMY,EAAWgO,EAAcC,IAAa7O,KAGpE,OAFA8O,EAAMC,KAAO,cACbC,OAAOC,eAAeH,EAAOH,EAAY1O,WAClC6O,EAEX,OAPA,eAAUH,EAAa9O,GAOhB8O,EARqB,CAS9B,S,oCCrBF,0EA2BIO,EAA+B,SAAUrP,GAEzC,SAASqP,IACL,OAAkB,OAAXrP,GAAmBA,EAAO8M,MAAM3M,KAAM4M,YAAc5M,KAoC/D,OAtCA,eAAUkP,EAAerP,GAWzBqP,EAAcC,oBAAsB,SAAUxD,EAAetK,EAAawC,EAAShB,EAAUiK,EAAUG,GACnG,IAAIoB,EAAgB,IAAIa,EAQxB,OAPAb,EAAcjB,eAAiB,OAAegC,SAC9Cf,EAAc1C,cAAgBA,EAC9B0C,EAAchN,YAAcA,EAC5BgN,EAAcxL,SAAWA,EACzBwL,EAAcvK,OAASD,EACvBwK,EAAcZ,MAAQX,EACtBuB,EAAcpB,aAAeA,EACtBoB,GAMXa,EAAcG,gBAAkB,SAAUpB,GACtC,QAAKA,IAGGA,EAAOC,eAAe,kBAC1BD,EAAOC,eAAe,gBACtBD,EAAOC,eAAe,mBACtBD,EAAOC,eAAe,UACtBD,EAAOC,eAAe,aACtBD,EAAOC,eAAe,WACtBD,EAAO,oBAAsB,OAAemB,WAE7CF,EAvCuB,CAwChC,S,oCCnEF,0NAyBII,EAAoC,SAAUzP,GAE9C,SAASyP,EAAmBxP,GACxB,OAAOD,EAAOE,KAAKC,KAAMF,IAAkBE,KAoM/C,OAtMA,eAAUsP,EAAoBzP,GAI9ByP,EAAmBrP,UAAUC,aAAe,SAAUC,GAClD,OAAO,eAAUH,UAAM,OAAQ,GAAQ,WACnC,IAAIyE,EAAcC,EAAUC,EAC5B,OAAO,eAAY3E,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAED,OADAkE,EAAe,OAAUK,aAClB,CAAC,EAAa9E,KAAK+E,oBAAoB5E,EAASH,KAAKsC,YAChE,KAAK,EAID,OAHAoC,EAAWpE,EAAGK,OACdgE,EAAkB,IAAI,OAAgB3E,KAAKe,OAAO6B,YAAYC,SAAU7C,KAAK0C,aAAc1C,KAAKiE,YAAajE,KAAK8B,OAAQ9B,KAAKe,OAAOiE,kBAAmBhF,KAAKe,OAAOkE,mBACrKN,EAAgBO,sBAAsBR,EAASS,MACxC,CAAC,EAAcR,EAAgBS,0BAA0BV,EAASS,KAAMnF,KAAKsC,UAAWmC,EAActE,OAAS8G,OAAWA,GAAW,YAShKqI,EAAmBrP,UAAUe,2BAA6B,SAAUb,GAChE,OAAO,eAAUH,UAAM,OAAQ,GAAQ,WACnC,IAAIuP,EAAQC,EAAmBC,EAC/B,OAAO,eAAYzP,MAAM,SAAUM,GAE/B,IAAKH,EACD,MAAM,OAAyBsB,+BAGnC,IAAKtB,EAAQgC,QACT,MAAM,OAAgBC,sCAI1B,GAFAmN,EAASvP,KAAK0C,aAAagN,kBAAkBvP,EAAQgC,QAAQd,YAAarB,KAAKe,OAAO6B,YAAYC,UAE9F0M,EACA,IACI,MAAO,CAAC,EAAcvP,KAAK2P,mCAAmCxP,GAAS,IAE3E,MAAOqH,GAIH,GAHAgI,EAAoBhI,aAAa,QAAgCA,EAAE5G,YAAc,OAAoCgP,mBAAmB9O,KACxI2O,EAAkCjI,aAAa,QAAeA,EAAE5G,YAAc,OAAOiP,qBAAuBrI,EAAEqH,WAAa,OAAOiB,sBAE9HN,GAAqBC,EACrB,MAAO,CAAC,EAAczP,KAAK2P,mCAAmCxP,GAAS,IAIvE,MAAMqH,EAKlB,MAAO,CAAC,EAAcxH,KAAK2P,mCAAmCxP,GAAS,WAQnFmP,EAAmBrP,UAAU0P,mCAAqC,SAAUxP,EAAS4P,GACjF,OAAO,eAAU/P,UAAM,OAAQ,GAAQ,WACnC,IAAIyO,EAAcuB,EAClB,OAAO,eAAYhQ,MAAM,SAAUM,GAG/B,GAFAmO,EAAezO,KAAK0C,aAAauN,0BAA0BjQ,KAAKe,OAAO6B,YAAYC,SAAU1C,EAAQgC,QAAS4N,IAEzGtB,EACD,MAAM,OAA6ByB,2BAMvC,OAJAF,EAAsB,eAAS,eAAS,GAAI7P,GAAU,CAAEsO,aAAcA,EAAa3K,OAAQtB,qBAAsBrC,EAAQqC,sBAAwB,OAAqBC,OAAQ6D,cAAe,CACrLY,WAAY/G,EAAQgC,QAAQwJ,cAC5BrE,KAAM,OAAkBC,mBAEzB,CAAC,EAAcvH,KAAKE,aAAa8P,WASpDV,EAAmBrP,UAAU8E,oBAAsB,SAAU5E,EAASmC,GAClE,OAAO,eAAUtC,UAAM,OAAQ,GAAQ,WACnC,IAAIoG,EAAaC,EAAiBG,EAASL,EAAYM,EACvD,OAAO,eAAYzG,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAAG,MAAO,CAAC,EAAaP,KAAK+G,uBAAuB5G,IACzD,KAAK,EAgBD,OAfAiG,EAAc9F,EAAGK,OACjB0F,EAAkBrG,KAAKgH,2BAA2B7G,GAClDqG,EAAUxG,KAAK0H,0BAA0BvH,EAAQmG,eACjDH,EAAa,CACTtD,SAAU7C,KAAKe,OAAO6B,YAAYC,SAClCP,UAAWA,EAAUoE,mBACrBrE,OAAQlC,EAAQkC,OAChBG,qBAAsBrC,EAAQqC,qBAC9BmE,sBAAuBxG,EAAQwG,sBAC/BC,mBAAoBzG,EAAQyG,mBAC5BC,UAAW1G,EAAQ0G,UACnBC,OAAQ3G,EAAQ2G,OAChBhE,OAAQ3C,EAAQ2C,QAEpB2D,EAAW,OAAUnC,kBAAkBhC,EAAUqF,cAAetB,GACzD,CAAC,EAAcrG,KAAK4H,2BAA2BnB,EAAUL,EAAaI,EAASL,YAS1GmJ,EAAmBrP,UAAU+G,2BAA6B,SAAU7G,GAChE,IAAI0H,EAAmB,IAAI,OAI3B,OAHI1H,EAAQ2H,sBACRD,EAAiBE,wBAAwB5H,EAAQ2H,sBAE9CD,EAAiBG,qBAM5BsH,EAAmBrP,UAAU8G,uBAAyB,SAAU5G,GAC5D,OAAO,eAAUH,UAAM,OAAQ,GAAQ,WACnC,IAAI6H,EAAkBO,EAAeH,EAAiBC,EAAmBC,EAAW5B,EACpF,OAAO,eAAYvG,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAsBD,OArBAsH,EAAmB,IAAI,OACvBA,EAAiBS,YAAYtI,KAAKe,OAAO6B,YAAYC,UACrDgF,EAAiBY,UAAUtI,EAAQkC,QACnCwF,EAAiB2B,aAAa,OAAU2G,qBACxCtI,EAAiB6B,gBACjB7B,EAAiBc,eAAe3I,KAAKe,OAAO6H,aAC5Cf,EAAiBgB,gBACb7I,KAAK2B,wBACLkG,EAAiBiB,mBAAmB9I,KAAK2B,wBAE7CyG,EAAgBjI,EAAQiI,eAAiBpI,KAAKe,OAAOgD,gBAAgBkG,gBACrEpC,EAAiBqC,iBAAiB9B,GAClCP,EAAiBuI,gBAAgBjQ,EAAQsO,cACrCzO,KAAKe,OAAOkI,kBAAkBC,cAC9BrB,EAAiBsB,gBAAgBnJ,KAAKe,OAAOkI,kBAAkBC,cAE/DlJ,KAAKe,OAAOkI,kBAAkBhB,kBAC9BA,EAAkBjI,KAAKe,OAAOkI,kBAAkBhB,gBAChDJ,EAAiBuB,mBAAmBnB,EAAgBoB,WACpDxB,EAAiByB,uBAAuBrB,EAAgBsB,gBAEtDpJ,EAAQqC,uBAAyB,OAAqBmH,IAAa,CAAC,EAAa,IACvFzB,EAAoB,IAAI,OAAkBlI,KAAKiE,aACxC,CAAC,EAAaiE,EAAkB0B,YAAYzJ,KACvD,KAAK,EAGD,OAFAgI,EAAY7H,EAAGK,OACfkH,EAAiBgC,YAAY1B,GACtB,CAAC,EAAa,GACzB,KAAK,EACD,GAAIhI,EAAQqC,uBAAyB,OAAqBsH,IAAK,CAC3D,IAAI3J,EAAQ2G,OAIR,MAAM,OAAyBiD,2BAH/BlC,EAAiBmC,UAAU7J,EAAQ2G,QAM3CxG,EAAGC,MAAQ,EACf,KAAK,EAID,KAHK,OAAY0B,WAAW9B,EAAQ+B,SAAWlC,KAAKe,OAAO6B,YAAYuH,oBAAsBnK,KAAKe,OAAO6B,YAAYuH,mBAAmBC,OAAS,IAC7IvC,EAAiBwC,UAAUlK,EAAQ+B,OAAQlC,KAAKe,OAAO6B,YAAYuH,oBAEnEnK,KAAKe,OAAOsC,cAAciH,sBAAwBnK,EAAQmG,cAC1D,OAAQnG,EAAQmG,cAAcgB,MAC1B,KAAK,OAAkBC,gBACnB,IACIhB,EAAa,eAAiCpG,EAAQmG,cAAcY,YACpEW,EAAiB0C,UAAUhE,GAE/B,MAAOiB,GACHxH,KAAK8B,OAAO2F,QAAQ,mDAAqDD,GAE7E,MACJ,KAAK,OAAkBgD,IACnB3C,EAAiB4C,UAAUtK,EAAQmG,cAAcY,YACjD,MAGZ,MAAO,CAAC,EAAcW,EAAiBG,6BAKpDsH,EAvM4B,CAwMrC,S,kCCjOF,kDAQIe,EAAuC,WACvC,SAASA,IACLrQ,KAAKsQ,eAAiB,GACtBtQ,KAAKuQ,OAAS,GACdvQ,KAAKwQ,UAAY,EAkBrB,OAXAH,EAAsBI,wBAA0B,SAAUC,EAAKzC,GAC3D,IAAI0C,EAAgE,IAAlDD,EAAIE,QAAQ,OAAuBC,WACjDC,GAAiB,EAOrB,OANI7C,IACA6C,EACI7C,EAAOC,eAAe,mBAClBD,EAAOC,eAAe,WACtBD,EAAOC,eAAe,cAE3ByC,GAAeG,GAEnBT,EAtB+B;iFCR1C,sCAYIU,EAZJ,6DAaA,SAAWA,GACPA,EAAY,MAAQ,KACpBA,EAAY,OAAS,OAFzB,CAGGA,IAAgBA,EAAc,KACjC,IAAIC,EAAmC,WACnC,SAASA,EAAkB/M,GACvBjE,KAAKiE,YAAcA,EA2DvB,OAzDA+M,EAAkB/Q,UAAU2J,YAAc,SAAUzJ,GAChD,OAAO,eAAUH,UAAM,OAAQ,GAAQ,WACnC,IAAIiR,EACJ,OAAO,eAAYjR,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAAG,MAAO,CAAC,EAAaP,KAAKkR,YAAY/Q,IAC9C,KAAK,EAED,OADA8Q,EAAS3Q,EAAGK,OACL,CAAC,EAAcX,KAAKiE,YAAYkN,aAAaC,KAAKC,UAAUJ,aAKvFD,EAAkB/Q,UAAUiR,YAAc,SAAU/Q,GAChD,OAAO,eAAUH,UAAM,OAAQ,GAAQ,WACnC,IAAIsR,EACJ,OAAO,eAAYtR,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAAG,MAAO,CAAC,EAAaP,KAAKiE,YAAYsN,uBAAuBpR,IACrE,KAAK,EAED,OADAmR,EAAgBhR,EAAGK,OACZ,CAAC,EAAc,CACdmN,IAAKwD,EACLE,QAAST,EAAYU,aAMjDT,EAAkB/Q,UAAUyR,aAAe,SAAU3O,EAAa5C,GAC9D,IAAIG,EACJ,OAAO,eAAUN,UAAM,OAAQ,GAAQ,WACnC,IAAIyM,EACJ,OAAO,eAAYzM,MAAM,SAAUiB,GAE/B,GADAwL,EAAc,OAAUmB,mBAAmB7K,EAAa/C,KAAKiE,eAC8B,QAApF3D,EAAqB,OAAhBmM,QAAwC,IAAhBA,OAAyB,EAASA,EAAYoB,WAAwB,IAAPvN,OAAgB,EAASA,EAAGwN,KAC3H,MAAM,OAAgBC,iCAE1B,MAAO,CAAC,EAAc/N,KAAK2R,YAAY5O,EAAa0J,EAAYoB,IAAIC,IAAK3N,WAIrF6Q,EAAkB/Q,UAAU0R,YAAc,SAAUC,EAAS9D,EAAK3N,EAAS+B,GACvE,OAAO,eAAUlC,UAAM,OAAQ,GAAQ,WACnC,IAAI2G,EAAuBC,EAAoBC,EAAWgL,EAAUC,EAAmBC,EACvF,OAAO,eAAY/R,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAID,OAHAoG,EAAwBxG,EAAQwG,sBAAuBC,EAAqBzG,EAAQyG,mBAAoBC,EAAY1G,EAAQ0G,UAAWgL,EAAW1R,EAAQ0R,SAC1JC,EAAoB,EAAuB,IAAI,OAAUlL,QAAsBK,EAC/E8K,EAA8C,OAAtBD,QAAoD,IAAtBA,OAA+B,EAASA,EAAkBE,mBACzG,CAAC,EAAahS,KAAKiE,YAAYgO,QAAQ,eAAS,CAAEC,GAAIN,EAASO,GAAI,OAAUrN,aAAcsN,EAA6B,OAA1BzL,QAA4D,IAA1BA,OAAmC,EAASA,EAAsB0L,cAAeC,EAA6B,OAA1BP,QAA4D,IAA1BA,OAAmC,EAASA,EAAsBQ,gBAAiBxG,MAAO8F,GAAY7R,KAAKiE,YAAYgG,gBAAiBuI,EAA6B,OAA1BT,QAA4D,IAA1BA,OAAmC,EAASA,EAAsBU,aAAcC,GAA8B,OAA1BX,QAA4D,IAA1BA,OAAmC,EAASA,EAAsBY,aAAe,CAAC,GAAIZ,EAAsBY,kBAAe1L,EAAW2L,cAAe/L,QAAaI,GAAa/E,GAAS4L,IAC5tB,KAAK,EAAG,MAAO,CAAC,EAAcxN,EAAGK,gBAK1CqQ,EA7D2B,I,oCCjBtC,8DASI6B,EAAgC,CAChC5I,cAAe,WACX,IAAI6I,EAAa,8DACjB,MAAM,OAAUC,sBAAsBD,IAE1CE,aAAc,WACV,IAAIF,EAAa,6DACjB,MAAM,OAAUC,sBAAsBD,IAE1C3B,aAAc,WACV,IAAI2B,EAAa,6DACjB,MAAM,OAAUC,sBAAsBD,IAE1CG,kBAAmB,WACf,OAAO,eAAUjT,UAAM,OAAQ,GAAQ,WACnC,IAAI8S,EACJ,OAAO,eAAY9S,MAAM,SAAUM,GAE/B,MADAwS,EAAa,kEACP,OAAUC,sBAAsBD,UAIlDvB,uBAAwB,WACpB,OAAO,eAAUvR,UAAM,OAAQ,GAAQ,WACnC,IAAI8S,EACJ,OAAO,eAAY9S,MAAM,SAAUM,GAE/B,MADAwS,EAAa,uEACP,OAAUC,sBAAsBD,UAIlDI,sBAAuB,WACnB,OAAO,eAAUlT,UAAM,OAAQ,GAAQ,WACnC,IAAI8S,EACJ,OAAO,eAAY9S,MAAM,SAAUM,GAE/B,MADAwS,EAAa,sEACP,OAAUC,sBAAsBD,UAIlDK,cAAe,WACX,OAAO,eAAUnT,UAAM,OAAQ,GAAQ,WACnC,IAAI8S,EACJ,OAAO,eAAY9S,MAAM,SAAUM,GAE/B,MADAwS,EAAa,8DACP,OAAUC,sBAAsBD,UAIlDb,QAAS,WACL,OAAO,eAAUjS,UAAM,OAAQ,GAAQ,WACnC,IAAI8S,EACJ,OAAO,eAAY9S,MAAM,SAAUM,GAE/B,MADAwS,EAAa,wDACP,OAAUC,sBAAsBD,Y,oCC/DtD;;AASI,IAAIM,EAAmC,WACvC,SAASA,EAAkBC,EAAYC,GACnCtT,KAAKuT,MAAQF,EACbrT,KAAKsT,WAAaA,EAsBtB,OApBAtE,OAAOwE,eAAeJ,EAAkBnT,UAAW,kBAAmB,CAIlEwT,IAAK,WACD,OAAOzT,KAAKsT,YAEhBI,YAAY,EACZC,cAAc,IAElB3E,OAAOwE,eAAeJ,EAAkBnT,UAAW,aAAc,CAI7DwT,IAAK,WACD,OAAOzT,KAAKuT,OAEhBG,YAAY,EACZC,cAAc,IAEXP,EAzB+B,I,oCCT1C,0EA6BIQ,EAAoC,SAAU/T,GAE9C,SAAS+T,IACL,OAAkB,OAAX/T,GAAmBA,EAAO8M,MAAM3M,KAAM4M,YAAc5M,KAoC/D,OAtCA,eAAU4T,EAAoB/T,GAW9B+T,EAAmBC,yBAA2B,SAAUlI,EAAetK,EAAaoN,EAAc5L,EAAUiR,EAAU7G,GAClH,IAAI8G,EAAW,IAAIH,EASnB,OARAG,EAASlR,SAAWA,EACpBkR,EAAS3G,eAAiB,OAAe4G,cACzCD,EAAS1S,YAAcA,EACvB0S,EAASpI,cAAgBA,EACzBoI,EAASjQ,OAAS2K,EAClBsF,EAAS9G,aAAeA,EACpB6G,IACAC,EAASD,SAAWA,GACjBC,GAMXH,EAAmBK,qBAAuB,SAAUhG,GAChD,QAAKA,IAGGA,EAAOC,eAAe,kBAC1BD,EAAOC,eAAe,gBACtBD,EAAOC,eAAe,mBACtBD,EAAOC,eAAe,aACtBD,EAAOC,eAAe,WACtBD,EAAO,oBAAsB,OAAe+F,gBAE7CJ,EAvC4B,CAwCrC,S,kCCrEF,8DA8BIM,EAAkC,WAClC,SAASA,KAiHT,OA5GAA,EAAiBjU,UAAUkU,kBAAoB,WAC3C,OAAOD,EAAiBE,6BAA6BpU,KAAK2L,cAAe3L,KAAKqB,cAKlF6S,EAAiBjU,UAAUoU,qBAAuB,WAC9C,OAAOH,EAAiBI,gCAAgCtU,KAAKoN,eAAgBpN,KAAK6C,SAAU7C,KAAKyN,MAAOzN,KAAK8T,WAKjHI,EAAiBjU,UAAUsU,eAAiB,WACxC,OAAOL,EAAiBM,0BAA0BxU,KAAK0N,SAK3DwG,EAAiBjU,UAAUwU,sBAAwB,WAC/C,OAAOP,EAAiBQ,2BAA2B1U,KAAK2L,cAAe3L,KAAKqB,YAAarB,KAAKoN,eAAgBpN,KAAK6C,SAAU7C,KAAKyN,MAAOzN,KAAK0N,OAAQ1N,KAAK8T,SAAU9T,KAAKgN,YAK9KkH,EAAiBjU,UAAU0U,aAAe,WACtC,OAAQ3U,KAAKoN,gBACT,KAAK,OAAegC,SAChB,OAAO,OAAUA,SACrB,KAAK,OAAe/B,aACpB,KAAK,OAAeM,8BAChB,OAAO,OAAUN,aACrB,KAAK,OAAe2G,cAChB,OAAO,OAAUA,cACrB,QACI,MAAM,OAAgBY,wCAQlCV,EAAiBW,kBAAoB,SAAUnE,GAE3C,OAAgE,IAA5DA,EAAIE,QAAQ,OAAevD,aAAayH,gBAEyC,IAA7EpE,EAAIE,QAAQ,OAAejD,8BAA8BmH,eAClD,OAAenH,8BAEnB,OAAeN,cAEuC,IAAxDqD,EAAIE,QAAQ,OAAexB,SAAS0F,eAClC,OAAe1F,UAE4C,IAA7DsB,EAAIE,QAAQ,OAAeoD,cAAcc,eACvC,OAAed,cAEnB,OAAUe,aAMrBb,EAAiBQ,2BAA6B,SAAU/I,EAAetK,EAAa+L,EAAgBvK,EAAU4K,EAAOC,EAAQoG,EAAU9G,GACnI,IAAIgI,EAAgB,CAChBhV,KAAKoU,6BAA6BzI,EAAetK,GACjDrB,KAAKsU,gCAAgClH,EAAgBvK,EAAU4K,EAAOqG,GACtE9T,KAAKwU,0BAA0B9G,IAMnC,OAHIV,GAAaA,IAAc,OAAqBvK,QAChDuS,EAAcvU,KAAKuM,EAAU8H,eAE1BE,EAAcC,KAAK,OAAWC,qBAAqBJ,eAO9DZ,EAAiBE,6BAA+B,SAAUzI,EAAetK,GACrE,IAAI8T,EAAY,CAACxJ,EAAetK,GAChC,OAAO8T,EAAUF,KAAK,OAAWC,qBAAqBJ,eAS1DZ,EAAiBI,gCAAkC,SAAUlH,EAAgBvK,EAAU4K,EAAOqG,GAC1F,IAAIsB,EAAmBhI,IAAmB,OAAe4G,eACnDF,GACAjR,EACFwS,EAAe,CACfjI,EACAgI,EACA3H,GAAS,IAEb,OAAO4H,EAAaJ,KAAK,OAAWC,qBAAqBJ,eAK7DZ,EAAiBM,0BAA4B,SAAUnS,GACnD,OAAQA,GAAU,IAAIyS,eAEnBZ,EAlH0B,I,kCC9BrC,8DASIoB,EAAyC,WACzC,SAASA,IACLtV,KAAKuV,UAAY,OAAUzQ,aAAe,OAA6B0Q,qBAgE3E,OAzDAF,EAAwBrV,UAAUwV,6BAA+B,SAAUC,EAAUC,GACjF3V,KAAK4V,QAAUF,EAASE,QACxB5V,KAAK6V,gBAAkBH,EAASG,gBAChC7V,KAAK8V,kBAAoBJ,EAASI,kBAClC9V,KAAK+V,mBAAqBJ,GAO9BL,EAAwBrV,UAAU+V,uBAAyB,SAAUN,EAAUC,GAC3E3V,KAAKiW,uBAAyBP,EAASO,uBACvCjW,KAAKkW,eAAiBR,EAASQ,eAC/BlW,KAAKmW,qBAAuBT,EAASS,qBACrCnW,KAAKoW,OAASV,EAASU,OACvBpW,KAAKqW,qBAAuBV,GAMhCL,EAAwBrV,UAAUqW,yBAA2B,SAAUhU,GACnEtC,KAAKuW,oBAAsBjU,GAK/BgT,EAAwBrV,UAAUuW,eAAiB,WAC/CxW,KAAKuV,UAAY,OAAUzQ,aAAe,OAA6B0Q,sBAK3EF,EAAwBrV,UAAUwW,UAAY,WAC1C,OAAOzW,KAAKuV,WAAa,OAAUzQ,cAMvCwQ,EAAwBoB,0BAA4B,SAAUhG,EAAKzC,GAC/D,QAAKA,IAG2D,IAAxDyC,EAAIE,QAAQ,OAA6BC,YAC7C5C,EAAOC,eAAe,YACtBD,EAAOC,eAAe,oBACtBD,EAAOC,eAAe,sBACtBD,EAAOC,eAAe,wBACtBD,EAAOC,eAAe,2BACtBD,EAAOC,eAAe,mBACtBD,EAAOC,eAAe,WACtBD,EAAOC,eAAe,uBACtBD,EAAOC,eAAe,yBACtBD,EAAOC,eAAe,eAEvBoH,EAlEiC,I,kCCT5C,gGAYIqB,EAAyB,CACzBC,wBAAyB,CACrB9V,KAAM,6BACN+V,KAAM,+GAEVC,qBAAsB,CAClBhW,KAAM,0BACN+V,KAAM,mFAEVE,kBAAmB,CACfjW,KAAM,sBACN+V,KAAM,8EAEVG,iBAAkB,CACdlW,KAAM,sBACN+V,KAAM,oFAEVI,wBAAyB,CACrBnW,KAAM,6BACN+V,KAAM,2EAEVK,aAAc,CACVpW,KAAM,gBACN+V,KAAM,+EAEVM,6BAA8B,CAC1BrW,KAAM,sBACN+V,KAAM,+IAEVO,oBAAqB,CACjBtW,KAAM,wBACN+V,KAAM,uGAEVQ,mBAAoB,CAChBvW,KAAM,uBACN+V,KAAM,sFAEVS,kBAAmB,CACfxW,KAAM,gBACN+V,KAAM,6IAEVU,mBAAoB,CAChBzW,KAAM,iBACN+V,KAAM,iGAEVW,mBAAoB,CAChB1W,KAAM,kBACN+V,KAAM,mBAEVY,mBAAoB,CAChB3W,KAAM,iBACN+V,KAAM,wFAEVa,mBAAoB,CAChB5W,KAAM,kBACN+V,KAAM,mBAEVjH,mBAAoB,CAChB9O,KAAM,kBACN+V,KAAM,oLAEVc,uBAAwB,CACpB7W,KAAM,2BACN+V,KAAM,qJAGVe,yBAA0B,CACtB9W,KAAM,6BACN+V,KAAM,6HAEVgB,4BAA6B,CACzB/W,KAAM,gCACN+V,KAAM,oIAEViB,yBAA0B,CACtBhX,KAAM,yBACN+V,KAAM,6EAEVkB,sBAAuB,CACnBjX,KAAM,4BACN+V,KAAM,8FAEVmB,sBAAuB,CACnBlX,KAAM,4BACN+V,KAAM,gGAEVoB,oBAAqB,CACjBnX,KAAM,yBACN+V,KAAM,wCAEVqB,wBAAyB,CACrBpX,KAAM,uBACN+V,KAAM,6CAEVsB,2BAA4B,CACxBrX,KAAM,gCACN+V,KAAM,mHAEVuB,kBAAmB,CACftX,KAAM,sBACN+V,KAAM,2BAEVwB,uBAAwB,CACpBvX,KAAM,4BACN+V,KAAM,oDAEVyB,yBAA0B,CACtBxX,KAAM,+BACN+V,KAAM,2FAEV0B,mBAAoB,CAChBzX,KAAM,uBACN+V,KAAM,8CAEV2B,wBAAyB,CACrB1X,KAAM,4BACN+V,KAAM,6DAEV4B,eAAgB,CACZ3X,KAAM,mBACN+V,KAAM,4CAEV6B,iBAAkB,CACd5X,KAAM,sCACN+V,KAAM,iFAEV8B,YAAa,CACT7X,KAAM,mBACN+V,KAAM,6EAEV+B,iBAAkB,CACd9X,KAAM,qBACN+V,KAAM,sBAEVgC,sBAAuB,CACnB/X,KAAM,0BACN+V,KAAM,4BAEViC,yBAA0B,CACtBhY,KAAM,6BACN+V,KAAM,+BAEVkC,iBAAkB,CACdjY,KAAM,oBACN+V,KAAM,4FAEVmC,wBAAyB,CACrBlY,KAAM,4BACN+V,KAAM,kKAEVhW,qBAAsB,CAClBC,KAAM,yBACN+V,KAAM,sOAEVoC,mBAAoB,CAChBnY,KAAM,uBACN+V,KAAM,wDAEVqC,oBAAqB,CACjBpY,KAAM,0CACN+V,KAAM,mEAEVsC,8BAA+B,CAC3BrY,KAAM,kDACN+V,KAAM,qEAEVuC,sBAAuB,CACnBtY,KAAM,2BACN+V,KAAM,mEAEVwC,2BAA4B,CACxBvY,KAAM,2BACN+V,KAAM,uGAEVyC,0BAA2B,CACvBxY,KAAM,0BACN+V,KAAM,+DAEV0C,mBAAoB,CAChBzY,KAAM,qCACN+V,KAAM,gDAMV2C,EAAiC,SAAU3Z,GAE3C,SAAS2Z,EAAgB5Y,EAAWgO,GAChC,IAAIE,EAAQjP,EAAOE,KAAKC,KAAMY,EAAWgO,IAAiB5O,KAG1D,OAFA8O,EAAMC,KAAO,kBACbC,OAAOC,eAAeH,EAAO0K,EAAgBvZ,WACtC6O,EAkQX,OAvQA,eAAU0K,EAAiB3Z,GAW3B2Z,EAAgBC,8BAAgC,SAAUC,GACtD,OAAO,IAAIF,EAAgB7C,EAAuBC,wBAAwB9V,KAAM6V,EAAuBC,wBAAwBC,KAAO,uBAAyB6C,IAMnKF,EAAgBG,2BAA6B,WACzC,OAAO,IAAIH,EAAgB7C,EAAuBG,qBAAqBhW,KAAM,GAAK6V,EAAuBG,qBAAqBD,OAMlI2C,EAAgBI,wBAA0B,SAAUC,GAChD,OAAO,IAAIL,EAAgB7C,EAAuBI,kBAAkBjW,KAAM6V,EAAuBI,kBAAkBF,KAAO,uBAAyBgD,IAMvJL,EAAgBM,4BAA8B,SAAUC,GACpD,OAAO,IAAIP,EAAgB7C,EAAuBK,iBAAiBlW,KAAM6V,EAAuBK,iBAAiBH,KAAO,qBAAuBkD,IAKnJP,EAAgBQ,uCAAyC,SAAUC,GAC/D,OAAO,IAAIT,EAAgB7C,EAAuBM,wBAAwBnW,KAAM6V,EAAuBM,wBAAwBJ,KAAO,YAAcoD,IAKxJT,EAAgBU,mBAAqB,SAAUzT,EAAUwT,GACrD,OAAO,IAAIT,EAAgB7C,EAAuBO,aAAapW,KAAM6V,EAAuBO,aAAaL,KAAO,0BAA4BoD,EAAY,0BAA4BxT,EAAS0T,MAAM,KAAK,KAK5MX,EAAgBY,mCAAqC,SAAUH,GAC3D,OAAO,IAAIT,EAAgB7C,EAAuBQ,6BAA6BrW,KAAM6V,EAAuBQ,6BAA6BN,KAAO,0CAA4CoD,IAMhMT,EAAgBa,+BAAiC,SAAUC,GACvD,OAAO,IAAId,EAAgB7C,EAAuBS,oBAAoBtW,KAAM6V,EAAuBS,oBAAoBP,KAAO,kBAAoByD,IAMtJd,EAAgBe,wBAA0B,SAAUC,EAAcC,GAC9D,OAAO,IAAIjB,EAAgB7C,EAAuBW,kBAAkBxW,KAAM6V,EAAuBW,kBAAkBT,KAAO,mBAAqB2D,EAAe,eAAiBC,IAKnLjB,EAAgBkB,yBAA2B,WACvC,OAAO,IAAIlB,EAAgB7C,EAAuBY,mBAAmBzW,KAAM6V,EAAuBY,mBAAmBV,OAMzH2C,EAAgBmB,yBAA2B,SAAUC,GACjD,OAAO,IAAIpB,EAAgB7C,EAAuBa,mBAAmB1W,KAAM6V,EAAuBa,mBAAmBX,KAAO,MAAQ+D,IAKxIpB,EAAgBqB,yBAA2B,WACvC,OAAO,IAAIrB,EAAgB7C,EAAuBc,mBAAmB3W,KAAM6V,EAAuBc,mBAAmBZ,OAMzH2C,EAAgBsB,yBAA2B,SAAUC,GACjD,OAAO,IAAIvB,EAAgB7C,EAAuBe,mBAAmB5W,KAAM6V,EAAuBe,mBAAmBb,KAAO,MAAQkE,IAKxIvB,EAAgBwB,yCAA2C,WACvD,OAAO,IAAIxB,EAAgB7C,EAAuBgB,uBAAuB7W,KAAM6V,EAAuBgB,uBAAuBd,KAAO,MAKxI2C,EAAgByB,2CAA6C,WACzD,OAAO,IAAIzB,EAAgB7C,EAAuBiB,yBAAyB9W,KAAM6V,EAAuBiB,yBAAyBf,OAKrI2C,EAAgB0B,8CAAgD,WAC5D,OAAO,IAAI1B,EAAgB7C,EAAuBkB,4BAA4B/W,KAAM6V,EAAuBkB,4BAA4BhB,OAK3I2C,EAAgB3U,oCAAsC,WAClD,OAAO,IAAI2U,EAAgB7C,EAAuBmB,yBAAyBhX,KAAM6V,EAAuBmB,yBAAyBjB,OAMrI2C,EAAgB2B,iCAAmC,SAAUC,GACzD,OAAO,IAAI5B,EAAgB7C,EAAuBoB,sBAAsBjX,KAAM6V,EAAuBoB,sBAAsBlB,KAAO,iBAAmBuE,IAMzJ5B,EAAgB6B,mCAAqC,SAAUD,GAC3D,OAAO,IAAI5B,EAAgB7C,EAAuBqB,sBAAsBlX,KAAM6V,EAAuBqB,sBAAsBnB,KAAO,iBAAmBuE,IAMzJ5B,EAAgB8B,0BAA4B,SAAUC,GAClD,OAAO,IAAI/B,EAAgB7C,EAAuBsB,oBAAoBnX,KAAM6V,EAAuBsB,oBAAoBpB,KAAO,kBAAoB0E,IAMtJ/B,EAAgBgC,8BAAgC,WAC5C,OAAO,IAAIhC,EAAgB7C,EAAuBuB,wBAAwBpX,KAAM,GAAK6V,EAAuBuB,wBAAwBrB,OAKxI2C,EAAgBiC,+BAAiC,WAC7C,OAAO,IAAIjC,EAAgB7C,EAAuBwB,2BAA2BrX,KAAM,GAAK6V,EAAuBwB,2BAA2BtB,OAK9I2C,EAAgBkC,6BAA+B,WAC3C,OAAO,IAAIlC,EAAgB7C,EAAuByB,kBAAkBtX,KAAM,GAAK6V,EAAuByB,kBAAkBvB,OAK5H2C,EAAgBmC,6BAA+B,WAC3C,OAAO,IAAInC,EAAgB7C,EAAuB0B,uBAAuBvX,KAAM,GAAK6V,EAAuB0B,uBAAuBxB,OAKtI2C,EAAgBpX,oCAAsC,WAClD,OAAO,IAAIoX,EAAgB7C,EAAuB2B,yBAAyBxX,KAAM,GAAK6V,EAAuB2B,yBAAyBzB,OAK1I2C,EAAgBoC,iCAAmC,WAC/C,OAAO,IAAIpC,EAAgB7C,EAAuB4B,mBAAmBzX,KAAM6V,EAAuB4B,mBAAmB1B,OAKzH2C,EAAgBqC,mCAAqC,WACjD,OAAO,IAAIrC,EAAgB7C,EAAuB6B,wBAAwB1X,KAAM6V,EAAuB6B,wBAAwB3B,OAKnI2C,EAAgBsC,0BAA4B,WACxC,OAAO,IAAItC,EAAgB7C,EAAuB8B,eAAe3X,KAAM6V,EAAuB8B,eAAe5B,OAKjH2C,EAAgBuC,uBAAyB,WACrC,OAAO,IAAIvC,EAAgB7C,EAAuB+B,iBAAiB5X,KAAM,GAAK6V,EAAuB+B,iBAAiB7B,OAM1H2C,EAAgBwC,0BAA4B,SAAUC,GAClD,OAAO,IAAIzC,EAAgB7C,EAAuBgC,YAAY7X,KAAM,GAAK6V,EAAuBgC,YAAY9B,KAAOoF,IAKvHzC,EAAgB0C,4BAA8B,WAC1C,OAAO,IAAI1C,EAAgB7C,EAAuBiC,iBAAiB9X,KAAM,GAAK6V,EAAuBiC,iBAAiB/B,OAK1H2C,EAAgB2C,iCAAmC,WAC/C,OAAO,IAAI3C,EAAgB7C,EAAuBkC,sBAAsB/X,KAAM,GAAK6V,EAAuBkC,sBAAsBhC,OAKpI2C,EAAgB5E,oCAAsC,WAClD,OAAO,IAAI4E,EAAgB7C,EAAuBmC,yBAAyBhY,KAAM,GAAK6V,EAAuBmC,yBAAyBjC,OAK1I2C,EAAgB4C,4BAA8B,WAC1C,OAAO,IAAI5C,EAAgB7C,EAAuBoC,iBAAiBjY,KAAM,GAAK6V,EAAuBoC,iBAAiBlC,OAK1H2C,EAAgB6C,6BAA+B,WAC3C,OAAO,IAAI7C,EAAgB7C,EAAuBqC,wBAAwBlY,KAAM,GAAK6V,EAAuBqC,wBAAwBnC,OAKxI2C,EAAgBxX,2BAA6B,WACzC,OAAO,IAAIwX,EAAgB7C,EAAuB9V,qBAAqBC,KAAM6V,EAAuB9V,qBAAqBgW,OAK7H2C,EAAgB8C,8BAAgC,WAC5C,OAAO,IAAI9C,EAAgB7C,EAAuBsC,mBAAmBnY,KAAM6V,EAAuBsC,mBAAmBpC,OAKzH2C,EAAgBzL,+BAAiC,WAC7C,OAAO,IAAIyL,EAAgB7C,EAAuBuC,oBAAoBpY,KAAM6V,EAAuBuC,oBAAoBrC,OAK3H2C,EAAgB3T,sCAAwC,WACpD,OAAO,IAAI2T,EAAgB7C,EAAuBwC,8BAA8BrY,KAAM6V,EAAuBwC,8BAA8BtC,OAE/I2C,EAAgB+C,gCAAkC,WAC9C,OAAO,IAAI/C,EAAgB7C,EAAuB2C,0BAA0BxY,KAAM6V,EAAuB2C,0BAA0BzC,OAKvI2C,EAAgBgD,8BAAgC,WAC5C,OAAO,IAAIhD,EAAgB7C,EAAuB4C,mBAAmBzY,KAAM6V,EAAuB4C,mBAAmB1C,OAElH2C,EAxQyB,CAyQlC,S,kCC/cF,kDAsBIiD,EAAmC,WACnC,SAASA,KA8CT,OAzCAA,EAAkBxc,UAAUyc,uBAAyB,WACjD,OAAOD,EAAkBE,4BAA4B3c,KAAKqB,YAAarB,KAAK6C,WAKhF4Z,EAAkBE,4BAA8B,SAAUtb,EAAawB,GACnE,IAAI+Z,EAAsB,CACtB,OACAvb,EACAwB,GAEJ,OAAO+Z,EAAoB3H,KAAK,OAAWC,qBAAqBJ,eAQpE2H,EAAkBI,wBAA0B,SAAUha,EAAUxB,EAAayS,GACzE,IAAIpF,EAAc,IAAI+N,EAMtB,OALA/N,EAAY7L,SAAWA,EACvB6L,EAAYrN,YAAcA,EACtByS,IACApF,EAAYoF,SAAWA,GAEpBpF,GAMX+N,EAAkBK,oBAAsB,SAAUpM,EAAKzC,GACnD,QAAKA,IAGiC,IAA9ByC,EAAIE,QAAQ,SAChB3C,EAAOC,eAAe,aACtBD,EAAOC,eAAe,iBAEvBuO,EA/C2B;+ECtBtC,gGAYIM,EAAwC,CACxC,uBACA,mBACA,kBAEAC,EAAyC,CACzC,eACA,oBACA,eACA,wBACA,oBAKAC,EAAsC,CACtCrN,mBAAoB,CAChB9O,KAAM,kBACN+V,KAAM,yDAMVqG,EAA8C,SAAUrd,GAExD,SAASqd,EAA6Btc,EAAWgO,EAAcC,GAC3D,IAAIC,EAAQjP,EAAOE,KAAKC,KAAMY,EAAWgO,EAAcC,IAAa7O,KAGpE,OAFA8O,EAAMC,KAAO,+BACbC,OAAOC,eAAeH,EAAOoO,EAA6Bjd,WACnD6O,EAsBX,OA3BA,eAAUoO,EAA8Brd,GAaxCqd,EAA6BC,2BAA6B,SAAUvc,EAAW6Z,EAAa5L,GACxF,IAAIuO,IAAmCxc,GAAamc,EAAsCnM,QAAQhQ,IAAc,EAC5Gyc,IAAkCxO,GAAYmO,EAAuCpM,QAAQ/B,IAAa,EAC1GyO,IAAmC7C,GAAesC,EAAsCQ,MAAK,SAAUC,GACvG,OAAO/C,EAAY7J,QAAQ4M,IAAgB,KAE/C,OAAOJ,GAAkCE,GAAkCD,GAK/EH,EAA6BhN,yBAA2B,WACpD,OAAO,IAAIgN,EAA6BD,EAAoCrN,mBAAmB9O,KAAMmc,EAAoCrN,mBAAmBiH,OAEzJqG,EA5BsC,CA6B/C,S,kCCjEF,kDAQIO,EAAkC,WAClC,SAASA,KAkBT,OAXAA,EAAiBC,mBAAqB,SAAUhN,EAAKzC,GACjD,IAAI0C,GAAc,EACdD,IACAC,EAAqE,IAAvDD,EAAIE,QAAQ,OAAoB+M,oBAElD,IAAI7M,GAAiB,EAIrB,OAHI7C,IACA6C,EAAiB7C,EAAOC,eAAe,iBAEpCyC,GAAeG,GAEnB2M,EAnB0B;+ECRrC,4JAeIG,EAAmC,IACnCC,EAAyB,CACzBva,0BAA2Bsa,EAC3BtT,sBAAsB,GAEtBwT,EAAgC,CAChCC,eAAgB,aAGhBC,mBAAmB,EACnBC,SAAU,OAASC,KACnB9V,cAAe,IAEf+V,EAAiC,CACjCC,oBAAqB,WACjB,OAAO,eAAUpe,UAAM,OAAQ,GAAQ,WACnC,IAAI8S,EACJ,OAAO,eAAY9S,MAAM,SAAUM,GAE/B,MADAwS,EAAa,qEACP,OAAUC,sBAAsBD,UAIlDuL,qBAAsB,WAClB,OAAO,eAAUre,UAAM,OAAQ,GAAQ,WACnC,IAAI8S,EACJ,OAAO,eAAY9S,MAAM,SAAUM,GAE/B,MADAwS,EAAa,sEACP,OAAUC,sBAAsBD,WAKlDwL,EAAuB,CACvBC,IAAK,OAAUC,IACfC,QAAS,OACTC,IAAK,GACLC,GAAI,IAEJC,EAA6B,CAC7B1V,aAAc,GACdjB,qBAAiBhB,GASrB,SAAS4X,EAAyBve,GAC9B,IAAIwe,EAAkBxe,EAAGsC,YAAamc,EAAoBze,EAAG+C,cAAe2b,EAAmB1e,EAAG2e,cAAeC,EAAwB5e,EAAG6e,iBAAkBC,EAAwB9e,EAAG+e,iBAAkBC,EAAuBhf,EAAGyD,gBAAiBkF,EAAoB3I,EAAG2I,kBAAmBL,EAActI,EAAGsI,YAAajH,EAAyBrB,EAAGqB,uBAAwBsD,EAAoB3E,EAAG2E,kBAAmBD,EAAoB1E,EAAG0E,kBAC/aia,EAAgB,eAAS,eAAS,GAAInB,GAAgCkB,GAC1E,MAAO,CACHpc,YAAa2c,EAAiBT,GAC9Bzb,cAAe,eAAS,eAAS,GAAIwa,GAAyBkB,GAC9DE,cAAeA,EACfE,iBAAkBD,GAAyB,IAAI,OAAoBJ,EAAgBjc,SAAU,QAC7Fwc,iBAAkBD,GAAyBjB,EAC3Cpa,gBAAiBub,GAAwB,OACzCrW,kBAAmBA,GAAqB2V,EACxChW,YAAa,eAAS,eAAS,GAAI0V,GAAuB1V,GAC1DjH,uBAAwBA,GAA0B,KAClDsD,kBAAmBA,GAAqB,KACxCD,kBAAmBA,GAAqB,MAOhD,SAASua,EAAiB3c,GACtB,OAAO,eAAS,CAAEuH,mBAAoB,IAAMvH,K,kCCvFhD,8DAYI4c,EAAkC,CAClCC,kBAAmB,CACf3e,KAAM,qBACN+V,KAAM,oEAEV6I,oBAAqB,CACjB5e,KAAM,wBACN+V,KAAM,4CAEV8I,0BAA2B,CACvB7e,KAAM,+BACN+V,KAAM,oDAEV+I,qBAAsB,CAClB9e,KAAM,yBACN+V,KAAM,6NAEVgJ,cAAe,CACX/e,KAAM,kBACN+V,KAAM,sDAEViJ,cAAe,CACXhf,KAAM,kBACN+V,KAAM,0BAEVkJ,iBAAkB,CACdjf,KAAM,2BACN+V,KAAM,kHAEVmJ,oBAAqB,CACjBlf,KAAM,8BACN+V,KAAM,yCAEVoJ,yBAA0B,CACtBnf,KAAM,8BACN+V,KAAM,qDAEVqJ,cAAe,CACXpf,KAAM,uBACN+V,KAAM,gRAEVsJ,qBAAsB,CAClBrf,KAAM,iBACN+V,KAAM,6DAEVuJ,uBAAwB,CACpBtf,KAAM,sBACN+V,KAAM,mDAEVwJ,wBAAyB,CACrBvf,KAAM,uBACN+V,KAAM,6CAEVyJ,2BAA4B,CACxBxf,KAAM,gCACN+V,KAAM,iFAEV0J,2BAA4B,CACxBzf,KAAM,sBACN+V,KAAM,uGAEV2J,8BAA+B,CAC3B1f,KAAM,mCACN+V,KAAM,uIAEV4J,yBAA0B,CACtB3f,KAAM,6BACN+V,KAAM,2IAEV6J,mBAAoB,CAChB5f,KAAM,sBACN+V,KAAM,8HAEV8J,cAAe,CACX7f,KAAM,kBACN+V,KAAM,+HAEV+J,cAAe,CACX9f,KAAM,kBACN+V,KAAM,yJAEVgK,iCAAkC,CAC9B/f,KAAM,sCACN+V,KAAM,kLAEViK,4BAA6B,CACzBhgB,KAAM,gCACN+V,KAAM,2CAMVkK,EAA0C,SAAUlhB,GAEpD,SAASkhB,EAAyBngB,EAAWgO,GACzC,IAAIE,EAAQjP,EAAOE,KAAKC,KAAMY,EAAWgO,IAAiB5O,KAG1D,OAFA8O,EAAMC,KAAO,2BACbC,OAAOC,eAAeH,EAAOiS,EAAyB9gB,WAC/C6O,EAsIX,OA3IA,eAAUiS,EAA0BlhB,GAUpCkhB,EAAyBC,4BAA8B,WACnD,OAAO,IAAID,EAAyBvB,EAAgCC,kBAAkB3e,KAAM0e,EAAgCC,kBAAkB5I,OAKlJkK,EAAyBE,sCAAwC,WAC7D,OAAO,IAAIF,EAAyBvB,EAAgCE,oBAAoB5e,KAAM0e,EAAgCE,oBAAoB7I,OAKtJkK,EAAyBG,gCAAkC,SAAUC,GACjE,OAAO,IAAIJ,EAAyBvB,EAAgCG,0BAA0B7e,KAAM0e,EAAgCG,0BAA0B9I,KAAO,iBAAmBsK,IAM5LJ,EAAyBK,gCAAkC,SAAUC,GACjE,OAAO,IAAIN,EAAyBvB,EAAgCI,qBAAqB9e,KAAM0e,EAAgCI,qBAAqB/I,KAAO,eAAiBwK,IAMhLN,EAAyBO,oBAAsB,SAAUzB,GACrD,OAAO,IAAIkB,EAAyBvB,EAAgCK,cAAc/e,KAAM0e,EAAgCK,cAAchJ,KAAO,iBAAmBgJ,IAMpKkB,EAAyBQ,oBAAsB,WAC3C,OAAO,IAAIR,EAAyBvB,EAAgCM,cAAchf,KAAM0e,EAAgCM,cAAcjJ,OAM1IkK,EAAyBS,4BAA8B,WACnD,OAAO,IAAIT,EAAyBvB,EAAgCO,iBAAiBjf,KAAM,GAAK0e,EAAgCO,iBAAiBlJ,OAMrJkK,EAAyBU,+BAAiC,SAAUC,GAChE,OAAO,IAAIX,EAAyBvB,EAAgCS,yBAAyBnf,KAAM0e,EAAgCS,yBAAyBpJ,KAAO,kBAAoB6K,IAM3LX,EAAyBY,yBAA2B,SAAUC,GAC1D,OAAO,IAAIb,EAAyBvB,EAAgCU,cAAcpf,KAAM0e,EAAgCU,cAAcrJ,KAAO,iBAAmB+K,IAKpKb,EAAyBc,gCAAkC,WACvD,OAAO,IAAId,EAAyBvB,EAAgCW,qBAAqBrf,KAAM0e,EAAgCW,qBAAqBtJ,OAKxJkK,EAAyB/a,8BAAgC,WACrD,OAAO,IAAI+a,EAAyBvB,EAAgCa,wBAAwBvf,KAAM0e,EAAgCa,wBAAwBxJ,OAK9JkK,EAAyBtf,6BAA+B,WACpD,OAAO,IAAIsf,EAAyBvB,EAAgCY,uBAAuBtf,KAAM0e,EAAgCY,uBAAuBvJ,OAK5JkK,EAAyBe,sCAAwC,WAC7D,OAAO,IAAIf,EAAyBvB,EAAgCc,2BAA2Bxf,KAAM0e,EAAgCc,2BAA2BzJ,OAKpKkK,EAAyBgB,sCAAwC,WAC7D,OAAO,IAAIhB,EAAyBvB,EAAgCe,2BAA2Bzf,KAAM0e,EAAgCe,2BAA2B1J,OAKpKkK,EAAyBiB,yCAA2C,WAChE,OAAO,IAAIjB,EAAyBvB,EAAgCgB,8BAA8B1f,KAAM0e,EAAgCgB,8BAA8B3J,OAK1KkK,EAAyBkB,oCAAsC,WAC3D,OAAO,IAAIlB,EAAyBvB,EAAgCiB,yBAAyB3f,KAAM0e,EAAgCiB,yBAAyB5J,OAKhKkK,EAAyBmB,8BAAgC,WACrD,OAAO,IAAInB,EAAyBvB,EAAgCkB,mBAAmB5f,KAAM0e,EAAgCkB,mBAAmB7J,OAKpJkK,EAAyBhX,yBAA2B,WAChD,OAAO,IAAIgX,EAAyBvB,EAAgCmB,cAAc7f,KAAM0e,EAAgCmB,cAAc9J,OAK1IkK,EAAyBoB,yBAA2B,WAChD,OAAO,IAAIpB,EAAyBvB,EAAgCoB,cAAc9f,KAAM0e,EAAgCoB,cAAc/J,OAK1IkK,EAAyBqB,6CAA+C,WACpE,OAAO,IAAIrB,EAAyBvB,EAAgCqB,iCAAiC/f,KAAM0e,EAAgCqB,iCAAiChK,OAKhLkK,EAAyBsB,uCAAyC,SAAUC,EAAmBC,GAC3F,OAAO,IAAIxB,EAAyBvB,EAAgCsB,4BAA4BhgB,KAAM0e,EAAgCsB,4BAA4BjK,KAAO,qBAAuByL,EAAoB,cAAgBC,IAEjOxB,EA5IkC,CA6I3C,S,kCCtPF,8DAYIyB,EAAmB,CACnBC,gBAAiB,CACb3hB,KAAM,mBACN+V,KAAM,wCAMV6L,EAA2B,SAAU7iB,GAErC,SAAS6iB,EAAU9hB,EAAWgO,EAAc+T,GACxC,IAAI7T,EAAQ9O,KACRya,EAAc7L,EAAehO,EAAY,KAAOgO,EAAehO,EAOnE,OANAkO,EAAQjP,EAAOE,KAAKC,KAAMya,IAAgBza,KAC1CgP,OAAOC,eAAeH,EAAO4T,EAAUziB,WACvC6O,EAAMlO,UAAYA,GAAa,OAAUgiB,aACzC9T,EAAMF,aAAeA,GAAgB,GACrCE,EAAMD,SAAW8T,GAAY,GAC7B7T,EAAMC,KAAO,YACND,EAYX,OAtBA,eAAU4T,EAAW7iB,GAYrB6iB,EAAUziB,UAAU4iB,iBAAmB,SAAUza,GAC7CpI,KAAKoI,cAAgBA,GAMzBsa,EAAU3P,sBAAwB,SAAU+P,GACxC,OAAO,IAAIJ,EAAUF,EAAiBC,gBAAgB3hB,KAAM0hB,EAAiBC,gBAAgB5L,KAAO,KAAOiM,IAExGJ,EAvBmB,CAwB5BK,Q,kCC7CF,wKAkBIC,EAA8B,WAC9B,SAASA,EAAangB,EAAUogB,GAC5BjjB,KAAK6C,SAAWA,EAChB7C,KAAKijB,WAAaA,EAitBtB,OA5sBAD,EAAa/iB,UAAUijB,eAAiB,WACpC,IAAIpU,EAAQ9O,KACRmjB,EAAkBnjB,KAAKojB,wBACvBC,EAAgBrU,OAAOsU,KAAKH,GAAiBI,KAAI,SAAUC,GAAc,OAAOL,EAAgBK,MAChGC,EAAcJ,EAAcjZ,OAChC,GAAIqZ,EAAc,EACd,MAAO,GAGP,IAAIC,EAAcL,EAAcE,KAAI,SAAUI,GAC1C,IAAIvV,EAAgB4U,EAAaY,SAAS,IAAI,OAAiBD,GAC3DE,EAAczV,EAAc0V,iBAC5BjgB,EAAUiL,EAAMiV,qBAAqBjV,EAAMjM,SAAUghB,GAIzD,OAHIhgB,IAAYggB,EAAYrX,gBACxBqX,EAAYrX,cAAgB,IAAI,OAAU3I,EAAQC,OAAQgL,EAAMmU,YAAY/gB,QAEzE2hB,KAEX,OAAOH,GAOfV,EAAa/iB,UAAU+jB,gBAAkB,SAAUziB,GAC/C,OAAO,eAAUvB,UAAM,OAAQ,GAAQ,WACnC,OAAO,eAAYA,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EACD,IAAKgB,EACD,MAAM,OAAgBqa,mCAQ1B,OANMra,EAAYY,SACdnC,KAAKikB,WAAW1iB,EAAYY,SAE1BZ,EAAYsC,SACd7D,KAAKkkB,qBAAqB3iB,EAAYsC,SAEnCtC,EAAYwB,YACZ,CAAC,EAAa/C,KAAKmkB,gBAAgB5iB,EAAYwB,cADf,CAAC,EAAa,GAEzD,KAAK,EACDzC,EAAGK,OACHL,EAAGC,MAAQ,EACf,KAAK,EAOD,OANMgB,EAAYkN,cACdzO,KAAKokB,0BAA0B7iB,EAAYkN,cAEzClN,EAAYmN,aACd1O,KAAKqkB,eAAe9iB,EAAYmN,aAE7B,CAAC,WAS5BsU,EAAa/iB,UAAUkkB,gBAAkB,SAAUjd,GAC/C,OAAO,eAAUlH,UAAM,OAAQ,GAAQ,WACnC,IAAIskB,EAAmBC,EAAeC,EAAqBC,EACvD3V,EAAQ9O,KACZ,OAAO,eAAYA,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAWD,OAVA+jB,EAAoBtkB,KAAK0kB,yBAAyB,CAC9C7hB,SAAUqE,EAAWrE,SACrBuK,eAAgBlG,EAAWkG,eAC3B/L,YAAa6F,EAAW7F,YACxBsK,cAAezE,EAAWyE,cAC1B8B,MAAOvG,EAAWuG,MAClBT,UAAW9F,EAAW8F,YAE1BuX,EAAgB,OAASI,WAAWzd,EAAWwG,QAC/C8W,EAAsBxV,OAAOsU,KAAKgB,EAAkBM,cAAcrB,KAAI,SAAU7S,GAAO,OAAO4T,EAAkBM,aAAalU,MACxH8T,GACLC,EAAwB,GACxBD,EAAoBK,SAAQ,SAAUC,GAClC,IAAIC,EAAgB,OAASJ,WAAWG,EAAYpX,QAChDqX,EAAcC,sBAAsBT,IACpCE,EAAsBhkB,KAAKqO,EAAMmW,iBAAiBH,OAGnD,CAAC,EAAaI,QAAQC,IAAIV,KARA,CAAC,EAAa,GASnD,KAAK,EACDnkB,EAAGK,OACHL,EAAGC,MAAQ,EACf,KAAK,EAED,OADAP,KAAKolB,yBAAyBle,GACvB,CAAC,WAY5B8b,EAAa/iB,UAAUmjB,sBAAwB,SAAUiC,GACrD,OAAOrlB,KAAKslB,8BAA8BD,EAAgBA,EAAc1Z,cAAgB,GAAI0Z,EAAgBA,EAAchkB,YAAc,GAAIgkB,EAAgBA,EAAc5X,MAAQ,KAStLuV,EAAa/iB,UAAUqlB,8BAAgC,SAAU3Z,EAAetK,EAAaoM,GACzF,IAAIqB,EAAQ9O,KACRulB,EAAevlB,KAAKwlB,UACpBC,EAAmB,GAiBvB,OAhBAF,EAAaV,SAAQ,SAAUa,GAC3B,IAAIzX,EAASa,EAAM6W,WAAWD,GACzBzX,IAGCtC,IAAkBmD,EAAM8W,mBAAmB3X,EAAQtC,IAGnDtK,IAAgByN,EAAM+W,iBAAiB5X,EAAQ5M,IAG/CoM,IAAUqB,EAAMgX,WAAW7X,EAAQR,KAGzCgY,EAAiBC,GAAYzX,OAE1BwX,GAWXzC,EAAa/iB,UAAUykB,yBAA2B,SAAUqB,GACxD,OAAO/lB,KAAKgmB,iCAAiCD,EAAOpa,cAAeoa,EAAO1kB,YAAa0kB,EAAO3Y,eAAgB2Y,EAAOljB,SAAUkjB,EAAOjS,SAAUiS,EAAOtY,MAAOsY,EAAOrY,OAAQqY,EAAO9Y,aAAc8Y,EAAO/Y,UAAW+Y,EAAO7Y,QAa/N8V,EAAa/iB,UAAU+lB,iCAAmC,SAAUra,EAAetK,EAAa+L,EAAgBvK,EAAUiR,EAAUrG,EAAOC,EAAQT,EAAcD,EAAWE,GACxK,IAAI4B,EAAQ9O,KACRulB,EAAevlB,KAAKwlB,UACpBS,EAAsB,CACtBC,SAAU,GACVtB,aAAc,GACduB,cAAe,IA4EnB,OA1EAZ,EAAaV,SAAQ,SAAUa,GAE3B,IAAIU,EAAW,OAAiBvR,kBAAkB6Q,GAClD,GAAIU,IAAa,OAAUrR,YAA3B,CAIA,IAAI9G,EAASa,EAAMuX,sBAAsBX,EAAUU,GACnD,GAAKnY,KAGChB,GAAiB6B,EAAMwX,kBAAkBrY,EAAQhB,OAGjDtB,GAAkBmD,EAAM8W,mBAAmB3X,EAAQtC,OAGnDtK,GAAgByN,EAAM+W,iBAAiB5X,EAAQ5M,OAG/CoM,GAAUqB,EAAMgX,WAAW7X,EAAQR,OAGnCL,GAAmB0B,EAAMyX,oBAAoBtY,EAAQb,OAGrDvK,GAAaiM,EAAM0X,cAAcvY,EAAQpL,OAGzCiR,GAAahF,EAAM2X,cAAcxY,EAAQ6F,OAOzCpG,GAAWoB,EAAM4X,YAAYzY,EAAQP,IAA3C,CAIA,GAAIN,IAAmB,OAAeO,8BAA+B,CACjE,GAAMX,IAAc8B,EAAM6X,eAAe1Y,EAAQjB,GAC7C,OAEJ,OAAQA,GACJ,KAAK,OAAqBrD,IAEtB,IAAoD,IAAhD+b,EAAS9U,QAAQ,OAAqBjH,KAGtC,YADAmF,EAAM8X,WAAWlB,EAAU,OAAgBmB,YAG/C,MACJ,KAAK,OAAqB/c,IAEtB,GAAIoD,IAAU4B,EAAMgY,WAAW7Y,EAAQf,GACnC,OAEJ,OAGZ,OAAQkZ,GACJ,KAAK,OAAehX,SAChB6W,EAAoBC,SAASR,GAAYzX,EACzC,MACJ,KAAK,OAAeZ,aACpB,KAAK,OAAeM,8BAChBsY,EAAoBrB,aAAac,GAAYzX,EAC7C,MACJ,KAAK,OAAe+F,cAChBiS,EAAoBE,cAAcT,GAAYzX,EAC9C,YAGLgY,GAMXjD,EAAa/iB,UAAU8mB,yBAA2B,SAAUhB,GACxD,OAAO/lB,KAAKgnB,iCAAiCjB,EAAO1kB,YAAa0kB,EAAOljB,WAO5EmgB,EAAa/iB,UAAU+mB,iCAAmC,SAAU3lB,EAAawB,GAC7E,IAAIiM,EAAQ9O,KACRulB,EAAevlB,KAAKwlB,UACpByB,EAAsB,GAmB1B,OAlBA1B,EAAaV,SAAQ,SAAUa,GAE3B,GAAK5W,EAAMoY,cAAcxB,GAAzB,CAIA,IAAIzX,EAASa,EAAMqY,eAAezB,GAC7BzX,IAGC5M,IAAgByN,EAAM+W,iBAAiB5X,EAAQ5M,IAG/CwB,IAAaiM,EAAM0X,cAAcvY,EAAQpL,KAG/CokB,EAAoBvB,GAAYzX,QAE7BgZ,GAMXjE,EAAa/iB,UAAUmnB,4BAA8B,SAAUC,GAC3D,IAAIvY,EAAQ9O,KACRulB,EAAevlB,KAAKsnB,2BACpBC,EAAgB,KAgBpB,OAfAhC,EAAaV,SAAQ,SAAUa,GAE3B,GAAK5W,EAAM0Y,oBAAoB9B,KAAmD,IAAtCA,EAAS9U,QAAQ9B,EAAMjM,UAAnE,CAIA,IAAIoL,EAASa,EAAM2Y,qBAAqB/B,GACnCzX,IAGiC,IAAlCA,EAAO2H,QAAQhF,QAAQyW,KAG3BE,EAAgBtZ,OAEbsZ,GAKXvE,EAAa/iB,UAAUynB,kBAAoB,WACvC,OAAO,eAAU1nB,UAAM,OAAQ,GAAQ,WACnC,IAAIulB,EAAcoC,EACd7Y,EAAQ9O,KACZ,OAAO,eAAYA,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAUD,OATAglB,EAAevlB,KAAKwlB,UACpBmC,EAAkB,GAClBpC,EAAaV,SAAQ,SAAUa,GAC3B,IAAIzX,EAASa,EAAM6W,WAAWD,GACzBzX,GAGL0Z,EAAgBlnB,KAAKqO,EAAM8Y,cAAclC,OAEtC,CAAC,EAAaR,QAAQC,IAAIwC,IACrC,KAAK,EAED,OADArnB,EAAGK,OACI,CAAC,GAAc,WAS1CqiB,EAAa/iB,UAAU2nB,cAAgB,SAAUpE,GAC7C,OAAO,eAAUxjB,UAAM,OAAQ,GAAQ,WACnC,IAAImC,EACJ,OAAO,eAAYnC,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAED,GADA4B,EAAUnC,KAAK2lB,WAAWnC,IACrBrhB,EACD,MAAM,OAAgB2Z,4BAE1B,MAAO,CAAC,EAAa9b,KAAK6nB,qBAAqB1lB,IACnD,KAAK,EAAG,MAAO,CAAC,EAAgB7B,EAAGK,QAAWX,KAAK4mB,WAAWpD,EAAY,OAAgBsE,kBAS1G9E,EAAa/iB,UAAU4nB,qBAAuB,SAAU1lB,GACpD,OAAO,eAAUnC,UAAM,OAAQ,GAAQ,WACnC,IAAIulB,EAAcpQ,EAAW4S,EACzBjZ,EAAQ9O,KACZ,OAAO,eAAYA,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAeD,OAdAglB,EAAevlB,KAAKwlB,UACpBrQ,EAAYhT,EAAQgS,oBACpB4T,EAAqB,GACrBxC,EAAaV,SAAQ,SAAUa,GAE3B,IAAIU,EAAW,OAAiBvR,kBAAkB6Q,GAClD,GAAIU,IAAa,OAAUrR,YAA3B,CAGA,IAAIiT,EAAclZ,EAAMuX,sBAAsBX,EAAUU,GAClD4B,GAAe7S,IAAc6S,EAAY7T,qBAC3C4T,EAAmBtnB,KAAKqO,EAAMmW,iBAAiB+C,QAGhD,CAAC,EAAa9C,QAAQC,IAAI4C,IACrC,KAAK,EAED,OADAznB,EAAGK,OACI,CAAC,GAAc,WAS1CqiB,EAAa/iB,UAAUglB,iBAAmB,SAAU/d,GAChD,OAAO,eAAUlH,UAAM,OAAQ,GAAQ,WACnC,IAAI0Q,EAAKuX,EAAiCna,EAC1C,OAAO,eAAY9N,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAED,GADAmQ,EAAMxJ,EAAWuN,wBACXvN,EAAWkG,eAAe0H,gBAAkB,OAAenH,8BAA8BmH,cAAgB,MAAO,CAAC,EAAa,GACpI,GAAM5N,EAAW8F,YAAc,OAAqBrD,IAAM,MAAO,CAAC,EAAa,GAG/E,GAFAse,EAAkC/gB,EAClC4G,EAAMma,EAAgC/a,OACjCY,EAAK,MAAO,CAAC,EAAa,GAC/BxN,EAAGC,MAAQ,EACf,KAAK,EAED,OADAD,EAAGE,KAAKC,KAAK,CAAC,EAAG,EAAG,CAAE,IACf,CAAC,EAAaT,KAAKijB,WAAW/P,sBAAsBpF,IAC/D,KAAK,EAED,OADAxN,EAAGK,OACI,CAAC,EAAa,GACzB,KAAK,EAED,MADAL,EAAGK,OACG,OAAgB4b,kCAC1B,KAAK,EAAG,MAAO,CAAC,EAAcvc,KAAK4mB,WAAWlW,EAAK,OAAgBmW,qBAQnF7D,EAAa/iB,UAAUioB,kBAAoB,WACvC,IAAIpZ,EAAQ9O,KACRulB,EAAevlB,KAAKwlB,UAMxB,OALAD,EAAaV,SAAQ,SAAUa,GACvB5W,EAAMoY,cAAcxB,IACpB5W,EAAM8X,WAAWlB,EAAU,OAAgByC,kBAG5C,GAUXnF,EAAa/iB,UAAU0C,gBAAkB,SAAUR,EAASU,EAAUR,EAAQhB,EAAaC,EAAY4L,GACnG,IAAIkb,EAAgBpoB,KAAKqoB,qBAAqBlmB,GAC1CmmB,EAAgBtoB,KAAK+jB,qBAAqBlhB,EAAUV,GACpDomB,EAAoBvoB,KAAKwoB,yBAAyB3lB,EAAUV,EAASE,EAAQf,EAAY4L,GACzFub,EAAqBzoB,KAAKiQ,0BAA0BpN,EAAUV,GAAS,GACvEumB,EAAoB1oB,KAAK2oB,yBAAyBtnB,EAAawB,GAInE,OAHIulB,GAAiBE,IACjBF,EAAc5b,cAAgB,IAAI,OAAU8b,EAAcxkB,OAAQ9D,KAAKijB,YAAY/gB,QAEhF,CACHC,QAASimB,EACTvkB,QAASykB,EACTvlB,YAAawlB,EACb9Z,aAAcga,EACd/Z,YAAaga,IAOrB1F,EAAa/iB,UAAUooB,qBAAuB,SAAUlmB,GACpD,IAAIqhB,EAAa,OAAcoF,wBAAwBzmB,GACvD,OAAOnC,KAAK2lB,WAAWnC,IAQ3BR,EAAa/iB,UAAU8jB,qBAAuB,SAAUlhB,EAAUV,GAC9D,IAAI0mB,EAAgB,CAChBld,cAAexJ,EAAQwJ,cACvBtK,YAAac,EAAQd,YACrB+L,eAAgB,OAAegC,SAC/BvM,SAAUA,EACV4K,MAAOtL,EAAQ2K,UAEfgc,EAAkB9oB,KAAK0kB,yBAAyBmE,GAChD3C,EAAWlX,OAAOsU,KAAKwF,EAAgB5C,UAAU3C,KAAI,SAAU7S,GAAO,OAAOoY,EAAgB5C,SAASxV,MACtGqY,EAAc7C,EAAS9b,OAC3B,GAAI2e,EAAc,EACd,OAAO,KAEN,GAAIA,EAAc,EACnB,MAAM,OAAgB/N,2CAE1B,OAAOkL,EAAS,IASpBlD,EAAa/iB,UAAUuoB,yBAA2B,SAAU3lB,EAAUV,EAASE,EAAQf,EAAY4L,GAE/F,IAAIE,EAAkB9L,GAAcA,IAAe,OAAqBmB,OAAU,OAAekL,8BAAgC,OAAeN,aAC5I2b,EAAoB,CACpBrd,cAAexJ,EAAQwJ,cACvBtK,YAAac,EAAQd,YACrB+L,eAAgBA,EAChBvK,SAAUA,EACV4K,MAAOtL,EAAQ2K,SACfY,OAAQrL,EAAO4mB,uBACfjc,UAAW1L,EACX4L,MAAOA,GAEP4b,EAAkB9oB,KAAK0kB,yBAAyBsE,GAChDpE,EAAe5V,OAAOsU,KAAKwF,EAAgBlE,cAAcrB,KAAI,SAAU7S,GAAO,OAAOoY,EAAgBlE,aAAalU,MAClHwY,EAAkBtE,EAAaxa,OACnC,GAAI8e,EAAkB,EAClB,OAAO,KAEN,GAAIA,EAAkB,EACvB,MAAM,OAAgBlO,2CAE1B,OAAO4J,EAAa,IAQxB5B,EAAa/iB,UAAUgQ,0BAA4B,SAAUpN,EAAUV,EAASgnB,GAC5E,IAAIC,EAAKD,EAAW,YAAgBliB,EAChCoiB,EAAqB,CACrB1d,cAAexJ,EAAQwJ,cACvBtK,YAAac,EAAQd,YACrB+L,eAAgB,OAAe4G,cAC/BnR,SAAUA,EACViR,SAAUsV,GAEVN,EAAkB9oB,KAAK0kB,yBAAyB2E,GAChDlD,EAAgBnX,OAAOsU,KAAKwF,EAAgB3C,eAAe5C,KAAI,SAAU7S,GAAO,OAAOoY,EAAgB3C,cAAczV,MACrH4Y,EAAmBnD,EAAc/b,OACrC,OAAIkf,EAAmB,EACZ,KAGJnD,EAAc,IAKzBnD,EAAa/iB,UAAU0oB,yBAA2B,SAAUtnB,EAAawB,GACrE,IAAI0mB,EAAoB,CACpBloB,YAAaA,EACbwB,SAAUA,GAEV6L,EAAc1O,KAAK+mB,yBAAyBwC,GAC5CC,EAAqBxa,OAAOsU,KAAK5U,GAAa6U,KAAI,SAAU7S,GAAO,OAAOhC,EAAYgC,MACtF+Y,EAAiBD,EAAmBpf,OACxC,GAAIqf,EAAiB,EACjB,OAAO,KAEN,GAAIA,EAAiB,EACtB,MAAM,OAAgBvO,gDAE1B,OAAOsO,EAAmB,IAO9BxG,EAAa/iB,UAAUyP,kBAAoB,SAAUrO,EAAawB,GAC9D,IAAI6L,EAAc1O,KAAK2oB,yBAAyBtnB,EAAawB,GAC7D,SAAU6L,GAAeA,EAAYoF,WAAa,SAOtDkP,EAAa/iB,UAAU2lB,mBAAqB,SAAU3X,EAAQtC,GAC1D,SAAUsC,EAAOtC,eAAiBA,IAAkBsC,EAAOtC,gBAO/DqX,EAAa/iB,UAAUqmB,kBAAoB,SAAUrY,EAAQhB,GACzD,SAAUgB,EAAOhB,cAAgBA,IAAiBgB,EAAOhB,eAO7D+V,EAAa/iB,UAAU4lB,iBAAmB,SAAU5X,EAAQ5M,GACxD,IAAIqoB,EAAgB1pB,KAAKonB,4BAA4B/lB,GACrD,SAAIqoB,GAAiBA,EAAc9T,QAAQhF,QAAQ3C,EAAO5M,cAAgB,IAU9E2hB,EAAa/iB,UAAUsmB,oBAAsB,SAAUtY,EAAQb,GAC3D,OAAQa,EAAOb,gBAAkBA,EAAe0H,gBAAkB7G,EAAOb,eAAe0H,eAO5FkO,EAAa/iB,UAAUumB,cAAgB,SAAUvY,EAAQpL,GACrD,SAAUoL,EAAOpL,UAAYA,IAAaoL,EAAOpL,WAOrDmgB,EAAa/iB,UAAUwmB,cAAgB,SAAUxY,EAAQ6F,GACrD,SAAU7F,EAAO6F,UAAYA,IAAa7F,EAAO6F,WAOrDkP,EAAa/iB,UAAU6lB,WAAa,SAAU7X,EAAQR,GAClD,SAAUQ,EAAOR,OAASA,IAAUQ,EAAOR,QAO/CuV,EAAa/iB,UAAUymB,YAAc,SAAUzY,EAAQP,GACnD,IAAIic,EAA8B1b,EAAOb,iBAAmB,OAAeC,cAAgBY,EAAOb,iBAAmB,OAAeO,8BACpI,GAAIgc,IAA+B1b,EAAOP,OACtC,OAAO,EAEX,IAAIkc,EAAiB,OAASjF,WAAW1W,EAAOP,QAC5Cmc,EAAwB,OAASlF,WAAWjX,GAOhD,OANKmc,EAAsBC,yBAIvBD,EAAsBE,YAAY,OAAUC,sBAH5CH,EAAsBI,mBAKnBL,EAAeM,iBAAiBL,IAO3C7G,EAAa/iB,UAAU0mB,eAAiB,SAAU1Y,EAAQjB,GACtD,SAAUiB,EAAOjB,WAAaiB,EAAOjB,YAAcA,IAOvDgW,EAAa/iB,UAAU6mB,WAAa,SAAU7Y,EAAQf,GAClD,SAAUe,EAAOf,OAASe,EAAOf,QAAUA,IAM/C8V,EAAa/iB,UAAUinB,cAAgB,SAAUxW,GAC7C,OAAsC,IAA/BA,EAAIE,QAAQ,SAMvBoS,EAAa/iB,UAAUunB,oBAAsB,SAAU9W,GACnD,OAAgE,IAAzDA,EAAIE,QAAQ,OAA6BC,YAKpDmS,EAAa/iB,UAAUkqB,kCAAoC,SAAU7nB,GACjE,OAAO,OAA6BuO,UAAY,IAAM7Q,KAAK6C,SAAW,IAAMP,GAOhF0gB,EAAa/iB,UAAUomB,sBAAwB,SAAU3V,EAAK0V,GAC1D,OAAQA,GACJ,KAAK,OAAehX,SAChB,OAAOpP,KAAKoqB,qBAAqB1Z,GAErC,KAAK,OAAerD,aACpB,KAAK,OAAeM,8BAChB,OAAO3N,KAAKqqB,yBAAyB3Z,GAEzC,KAAK,OAAesD,cAChB,OAAOhU,KAAKsqB,0BAA0B5Z,GAE1C,QACI,OAAO,OAQnBsS,EAAaY,SAAW,SAAU2G,EAAKC,GACnC,IAAK,IAAIC,KAAgBD,EACrBD,EAAIE,GAAgBD,EAAKC,GAE7B,OAAOF,GAEJvH,EAptBsB,GAstB7B0H,EAAqC,SAAU7qB,GAE/C,SAAS6qB,IACL,OAAkB,OAAX7qB,GAAmBA,EAAO8M,MAAM3M,KAAM4M,YAAc5M,KA2F/D,OA7FA,eAAU0qB,EAAqB7qB,GAI/B6qB,EAAoBzqB,UAAUgkB,WAAa,WACvC,IAAInR,EAAa,4FACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAU0lB,WAAa,WACvC,IAAI7S,EAAa,4FACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUikB,qBAAuB,WACjD,IAAIpR,EAAa,sGACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUmqB,qBAAuB,WACjD,IAAItX,EAAa,sGACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUmlB,yBAA2B,WACrD,IAAItS,EAAa,0GACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUoqB,yBAA2B,WACrD,IAAIvX,EAAa,0GACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUmkB,0BAA4B,WACtD,IAAItR,EAAa,2GACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUqqB,0BAA4B,WACtD,IAAIxX,EAAa,2GACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUokB,eAAiB,WAC3C,IAAIvR,EAAa,gGACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUknB,eAAiB,WAC3C,IAAIrU,EAAa,gGACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAU0qB,mBAAqB,WAC/C,IAAI7X,EAAa,oGACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAU2qB,mBAAqB,WAC/C,IAAI9X,EAAa,oGACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAU4qB,qBAAuB,WACjD,IAAI/X,EAAa,sGACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUwnB,qBAAuB,WACjD,IAAI3U,EAAa,sGACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUqnB,yBAA2B,WACrD,IAAIxU,EAAa,0GACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAU6qB,mBAAqB,WAC/C,IAAIhY,EAAa,oGACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAU8qB,mBAAqB,WAC/C,IAAIjY,EAAa,oGACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAU2mB,WAAa,WACvC,IAAI9T,EAAa,4FACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAU+qB,YAAc,WACxC,IAAIlY,EAAa,6FACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUulB,QAAU,WACpC,IAAI1S,EAAa,yFACjB,MAAM,OAAUC,sBAAsBD,IAE1C4X,EAAoBzqB,UAAUgrB,MAAQ,WAClC,OAAO,eAAUjrB,UAAM,OAAQ,GAAQ,WACnC,IAAI8S,EACJ,OAAO,eAAY9S,MAAM,SAAUM,GAE/B,MADAwS,EAAa,uFACP,OAAUC,sBAAsBD,UAI3C4X,EA9F6B,CA+FtC1H,I,kCCv0BF,kGAmCIkI,EAA+B,WAC/B,SAASA,KAyMT,OApMAA,EAAcjrB,UAAUkU,kBAAoB,WACxC,IAAIgB,EAAY,CAACnV,KAAK2L,cAAe3L,KAAKqB,aAC1C,OAAO8T,EAAUF,KAAK,OAAWC,qBAAqBJ,eAK1DoW,EAAcjrB,UAAUkrB,mBAAqB,WACzC,OAAOD,EAActC,wBAAwB,CACzCjd,cAAe3L,KAAK2L,cACpBtK,YAAarB,KAAKqB,YAClByL,SAAU9M,KAAKyN,MACf3B,SAAU9L,KAAK8L,SACfsf,eAAgBprB,KAAKorB,kBAM7BF,EAAcjrB,UAAU0U,aAAe,WACnC,OAAQ3U,KAAKqrB,eACT,KAAK,OAAiBC,kBAClB,OAAO,OAAUC,KACrB,KAAK,OAAiBC,mBAClB,OAAO,OAAUC,IACrB,KAAK,OAAiBC,mBAClB,OAAO,OAAUC,MACrB,KAAK,OAAiBC,qBAClB,OAAO,OAAUC,QACrB,QACI,MAAM,OAAgB1P,qCAOlC+O,EAAcjrB,UAAU6jB,eAAiB,WACrC,MAAO,CACHnY,cAAe3L,KAAK2L,cACpBtK,YAAarB,KAAKqB,YAClByL,SAAU9M,KAAKyN,MACf3B,SAAU9L,KAAK8L,SACfsf,eAAgBprB,KAAKorB,eACrBrc,KAAM/O,KAAK+O,KACXvC,cAAexM,KAAKwM,gBAO5B0e,EAActC,wBAA0B,SAAUkD,GAC9C,IAAItI,EAAa,CACbsI,EAAiBngB,cACjBmgB,EAAiBzqB,aAAe,GAChCyqB,EAAiBhf,UAAY,IAEjC,OAAO0W,EAAWvO,KAAK,OAAWC,qBAAqBJ,eAS3DoW,EAAca,cAAgB,SAAUxlB,EAAYoF,EAAe9H,EAASvB,EAAW2K,EAAc+e,EAAoBC,EAAa5qB,GAClI,IAAIf,EAAIW,EAAIC,EAAIC,EAAIK,EAAI0qB,EACpB/pB,EAAU,IAAI+oB,EAClB/oB,EAAQkpB,cAAgB,OAAiBK,mBACzCvpB,EAAQoE,WAAaA,EACrBpE,EAAQwJ,cAAgBA,EACxB,IAAIwgB,EAAM9qB,GAAgBiB,GAAaA,EAAUC,oBACjD,IAAK4pB,EACD,MAAM,OAAgBtQ,qCAmB1B,OAjBA1Z,EAAQd,YAAc8qB,EAEtBhqB,EAAQsL,OAAqF,QAA3EnN,EAAiB,OAAZuD,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,cAA2B,IAAP5B,OAAgB,EAASA,EAAG8rB,MAAQ,GACzIjqB,EAAQ8K,aAAeA,EACnBpJ,IACA1B,EAAQqK,cAAgB3I,EAAQ3B,OAEhCC,EAAQipB,gBAA8F,QAA3EnqB,EAAiB,OAAZ4C,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,cAA2B,IAAPjB,OAAgB,EAASA,EAAGorB,OAAqF,QAA3EnrB,EAAiB,OAAZ2C,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,cAA2B,IAAPhB,OAAgB,EAASA,EAAGorB,MAAQ,GAK3QnqB,EAAQ2J,UAAwF,QAA3E3K,EAAiB,OAAZ0C,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,cAA2B,IAAPf,OAAgB,EAASA,EAAGorB,uBAAqG,QAA3E/qB,EAAiB,OAAZqC,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,cAA2B,IAAPV,OAAgB,EAASA,EAAGgrB,QAAU3oB,EAAQ3B,OAAOsqB,OAAO,GAAK,IAClTrqB,EAAQ4M,KAAmF,QAA3Emd,EAAiB,OAAZroB,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,cAA2B,IAAPgqB,OAAgB,EAASA,EAAGnd,MAEnI5M,EAAQ6pB,mBAAqBA,EAC7B7pB,EAAQ8pB,YAAcA,EACf9pB,GAOX+oB,EAAcuB,qBAAuB,SAAU9gB,EAAe9H,EAASvB,EAAW2K,EAAc+e,EAAoBC,EAAa5qB,GAC7H,IAAIf,EAAIW,EAAIC,EAAIC,EACZgB,EAAU,IAAI+oB,EAClB/oB,EAAQkpB,cAAiB/oB,GAAaA,EAAU+oB,gBAAkB,OAAcqB,KAAQ,OAAiBpB,kBAAoB,OAAiBM,qBAC9IzpB,EAAQwJ,cAAgBA,EAExBxJ,EAAQsL,MAAQ,GAChBtL,EAAQ8K,aAAeA,EACvB,IAAIkf,EAAM9qB,GAAeiB,GAAaA,EAAUC,oBAChD,IAAK4pB,EACD,MAAM,OAAgBtQ,qCAiB1B,OAfIhY,IAEA1B,EAAQipB,gBAA8F,QAA3E9qB,EAAiB,OAAZuD,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,cAA2B,IAAP5B,OAAgB,EAASA,EAAG+rB,OAAqF,QAA3EprB,EAAiB,OAAZ4C,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,cAA2B,IAAPjB,OAAgB,EAASA,EAAGqrB,MAAQ,GAE3QnqB,EAAQ2J,UAAwF,QAA3E5K,EAAiB,OAAZ2C,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,cAA2B,IAAPhB,OAAgB,EAASA,EAAGyrB,MAAQ,GAC5IxqB,EAAQ4M,MAAoF,QAA3E5N,EAAiB,OAAZ0C,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,cAA2B,IAAPf,OAAgB,EAASA,EAAG4N,OAAS,GACzI5M,EAAQqK,cAA4B,OAAZ3I,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,QAEtFC,EAAQd,YAAc8qB,EACtBhqB,EAAQ6pB,mBAAqBA,EAC7B7pB,EAAQ8pB,YAAcA,EAKf9pB,GAOX+oB,EAAc0B,sBAAwB,SAAUC,EAAkBC,EAAUhrB,EAAQirB,EAAWlpB,GAC3F,IAAIvD,EACA6U,GAAyF,QAA3E7U,EAAiB,OAAZuD,QAAgC,IAAZA,OAAqB,EAASA,EAAQ3B,cAA2B,IAAP5B,OAAgB,EAASA,EAAGgsB,KAAOzoB,EAAQ3B,OAAOoqB,IAAM,OAAU1J,aAEvK,GAAIkK,IAAa,OAAcJ,KAC3B,OAAOvX,EAGX,GAAI0X,EACA,IACI,IAAItmB,EAAa,eAAgBsmB,EAAkBE,GACnD,IAAK,OAAYnoB,QAAQ2B,EAAWY,OAAS,OAAYvC,QAAQ2B,EAAWc,MACxE,MAAO,GAAKd,EAAWY,IAAM,OAAWC,sBAAwBb,EAAWc,KAGnF,MAAOG,IAIX,OADA1F,EAAO2F,QAAQ,8BACR0N,GAMX+V,EAAc8B,gBAAkB,SAAU/e,GACtC,QAAKA,IAGGA,EAAOC,eAAe,kBAC1BD,EAAOC,eAAe,gBACtBD,EAAOC,eAAe,UACtBD,EAAOC,eAAe,mBACtBD,EAAOC,eAAe,aACtBD,EAAOC,eAAe,mBAQ9Bgd,EAAc+B,mBAAqB,SAAUC,EAAUC,EAAUC,GAC7D,IAAKF,IAAaC,EACd,OAAO,EAEX,IAAIE,GAAc,EAClB,GAAID,EAAe,CACf,IAAIE,EAAkBJ,EAAS1gB,eAAiB,GAC5C+gB,EAAkBJ,EAAS3gB,eAAiB,GAEhD6gB,EAAeC,EAAeE,MAAQD,EAAeC,KAChDF,EAAevhB,QAAUwhB,EAAexhB,MAEjD,OAAQmhB,EAASvhB,gBAAkBwhB,EAASxhB,eACvCuhB,EAAS9B,iBAAmB+B,EAAS/B,gBACrC8B,EAASphB,WAAaqhB,EAASrhB,UAC/BohB,EAASpgB,WAAaqgB,EAASrgB,UAC/BogB,EAAS7rB,cAAgB8rB,EAAS9rB,aACnCgsB,GAEDnC,EA1MuB,I,kCCnClC,kJAmBIuC,EAA4B,WAC5B,SAASA,EAAW3tB,GAEhBE,KAAKe,OAAS,eAAyBjB,GAEvCE,KAAK8B,OAAS,IAAI,OAAO9B,KAAKe,OAAOke,cAAe,OAAM,QAE1Djf,KAAKiE,YAAcjE,KAAKe,OAAOgD,gBAE/B/D,KAAK0C,aAAe1C,KAAKe,OAAOoe,iBAEhCnf,KAAK0tB,cAAgB1tB,KAAKe,OAAOse,iBAEjCrf,KAAK2tB,eAAiB,IAAI,OAAe3tB,KAAK0tB,cAAe1tB,KAAK0C,cAElE1C,KAAK2B,uBAAyB3B,KAAKe,OAAOY,uBAE1C3B,KAAKsC,UAAYtC,KAAKe,OAAO6B,YAAYN,UA4D7C,OAvDAmrB,EAAWxtB,UAAUyH,0BAA4B,SAAUW,GACvD,IAAI7B,EAAU,GAEd,GADAA,EAAQ,OAAYonB,cAAgB,OAAUC,uBACzC7tB,KAAKe,OAAOsC,cAAciH,sBAAwBjC,EACnD,OAAQA,EAAQf,MACZ,KAAK,OAAkBC,gBACnB,IACI,IAAIhB,EAAa,eAAiC8B,EAAQnB,YAC1DV,EAAQ,OAAYsnB,YAAc,OAASvnB,EAAWY,IAAM,IAAMZ,EAAWc,KAEjF,MAAOG,GACHxH,KAAK8B,OAAO2F,QAAQ,mDAAqDD,GAE7E,MACJ,KAAK,OAAkBgD,IACnBhE,EAAQ,OAAYsnB,YAAc,QAAUzlB,EAAQnB,WACpD,MAGZ,OAAOV,GASXinB,EAAWxtB,UAAU2H,2BAA6B,SAAUD,EAAevD,EAAaoC,EAASL,GAC7F,OAAO,eAAUnG,UAAM,OAAQ,GAAQ,WACnC,IAAI0E,EACJ,OAAO,eAAY1E,MAAM,SAAUM,GAC/B,OAAQA,EAAGC,OACP,KAAK,EAAG,MAAO,CAAC,EAAaP,KAAK2tB,eAAeI,gBAAgB5nB,EAAYwB,EAAe,CAAExC,KAAMf,EAAaoC,QAASA,KAC1H,KAAK,EAMD,OALA9B,EAAWpE,EAAGK,OACVX,KAAKe,OAAOY,wBAA0B+C,EAASspB,OAAS,KAA2B,MAApBtpB,EAASspB,QAExEhuB,KAAKe,OAAOY,uBAAuBssB,sBAEhC,CAAC,EAAcvpB,WAS1C+oB,EAAWxtB,UAAUiuB,gBAAkB,SAAUC,GAC7C,IAAKA,EAAiBC,oBAClB,MAAM,OAAgBpU,uCAAuC,2DAEjEha,KAAKsC,UAAY6rB,GAEdV,EA7EoB","file":"js/chunk-vendors~c6d43eae.b10802af.js","sourcesContent":["/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __extends, __awaiter, __generator } from '../_virtual/_tslib.js';\nimport { BaseClient } from './BaseClient.js';\nimport { ScopeSet } from '../request/ScopeSet.js';\nimport { AuthToken } from '../account/AuthToken.js';\nimport { TimeUtils } from '../utils/TimeUtils.js';\nimport { RefreshTokenClient } from './RefreshTokenClient.js';\nimport { ClientAuthError, ClientAuthErrorMessage } from '../error/ClientAuthError.js';\nimport { ClientConfigurationError } from '../error/ClientConfigurationError.js';\nimport { ResponseHandler } from '../response/ResponseHandler.js';\nimport { CacheOutcome, AuthenticationScheme } from '../utils/Constants.js';\nimport { StringUtils } from '../utils/StringUtils.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nvar SilentFlowClient = /** @class */ (function (_super) {\r\n __extends(SilentFlowClient, _super);\r\n function SilentFlowClient(configuration) {\r\n return _super.call(this, configuration) || this;\r\n }\r\n /**\r\n * Retrieves a token from cache if it is still valid, or uses the cached refresh token to renew\r\n * the given token and returns the renewed token\r\n * @param request\r\n */\r\n SilentFlowClient.prototype.acquireToken = function (request) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var e_1, refreshTokenClient;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n _a.trys.push([0, 2, , 3]);\r\n return [4 /*yield*/, this.acquireCachedToken(request)];\r\n case 1: return [2 /*return*/, _a.sent()];\r\n case 2:\r\n e_1 = _a.sent();\r\n if (e_1 instanceof ClientAuthError && e_1.errorCode === ClientAuthErrorMessage.tokenRefreshRequired.code) {\r\n refreshTokenClient = new RefreshTokenClient(this.config);\r\n return [2 /*return*/, refreshTokenClient.acquireTokenByRefreshToken(request)];\r\n }\r\n else {\r\n throw e_1;\r\n }\r\n case 3: return [2 /*return*/];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * Retrieves token from cache or throws an error if it must be refreshed.\r\n * @param request\r\n */\r\n SilentFlowClient.prototype.acquireCachedToken = function (request) {\r\n var _a, _b, _c, _d;\r\n return __awaiter(this, void 0, void 0, function () {\r\n var requestScopes, environment, authScheme, cacheRecord;\r\n return __generator(this, function (_e) {\r\n switch (_e.label) {\r\n case 0:\r\n // Cannot renew token if no request object is given.\r\n if (!request) {\r\n throw ClientConfigurationError.createEmptyTokenRequestError();\r\n }\r\n if (request.forceRefresh) {\r\n // Must refresh due to present force_refresh flag.\r\n (_a = this.serverTelemetryManager) === null || _a === void 0 ? void 0 : _a.setCacheOutcome(CacheOutcome.FORCE_REFRESH);\r\n this.logger.info(\"SilentFlowClient:acquireCachedToken - Skipping cache because forceRefresh is true.\");\r\n throw ClientAuthError.createRefreshRequiredError();\r\n }\r\n else if (!StringUtils.isEmptyObj(request.claims)) {\r\n // Must refresh due to request parameters.\r\n this.logger.info(\"SilentFlowClient:acquireCachedToken - Skipping cache because claims are requested.\");\r\n throw ClientAuthError.createRefreshRequiredError();\r\n }\r\n // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases\r\n if (!request.account) {\r\n throw ClientAuthError.createNoAccountInSilentRequestError();\r\n }\r\n requestScopes = new ScopeSet(request.scopes || []);\r\n environment = request.authority || this.authority.getPreferredCache();\r\n authScheme = request.authenticationScheme || AuthenticationScheme.BEARER;\r\n cacheRecord = this.cacheManager.readCacheRecord(request.account, this.config.authOptions.clientId, requestScopes, environment, authScheme, request.sshKid);\r\n if (!cacheRecord.accessToken) {\r\n // Must refresh due to non-existent access_token.\r\n (_b = this.serverTelemetryManager) === null || _b === void 0 ? void 0 : _b.setCacheOutcome(CacheOutcome.NO_CACHED_ACCESS_TOKEN);\r\n this.logger.info(\"SilentFlowClient:acquireCachedToken - No access token found in cache for the given properties.\");\r\n throw ClientAuthError.createRefreshRequiredError();\r\n }\r\n else if (TimeUtils.wasClockTurnedBack(cacheRecord.accessToken.cachedAt) ||\r\n TimeUtils.isTokenExpired(cacheRecord.accessToken.expiresOn, this.config.systemOptions.tokenRenewalOffsetSeconds)) {\r\n // Must refresh due to expired access_token.\r\n (_c = this.serverTelemetryManager) === null || _c === void 0 ? void 0 : _c.setCacheOutcome(CacheOutcome.CACHED_ACCESS_TOKEN_EXPIRED);\r\n this.logger.info(\"SilentFlowClient:acquireCachedToken - Cached access token is expired or will expire within \" + this.config.systemOptions.tokenRenewalOffsetSeconds + \" seconds.\");\r\n throw ClientAuthError.createRefreshRequiredError();\r\n }\r\n else if (cacheRecord.accessToken.refreshOn && TimeUtils.isTokenExpired(cacheRecord.accessToken.refreshOn, 0)) {\r\n // Must refresh due to the refresh_in value.\r\n (_d = this.serverTelemetryManager) === null || _d === void 0 ? void 0 : _d.setCacheOutcome(CacheOutcome.REFRESH_CACHED_ACCESS_TOKEN);\r\n this.logger.info(\"SilentFlowClient:acquireCachedToken - Cached access token's refreshOn property has been exceeded'.\");\r\n throw ClientAuthError.createRefreshRequiredError();\r\n }\r\n if (this.config.serverTelemetryManager) {\r\n this.config.serverTelemetryManager.incrementCacheHits();\r\n }\r\n return [4 /*yield*/, this.generateResultFromCacheRecord(cacheRecord, request)];\r\n case 1: return [2 /*return*/, _e.sent()];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * Helper function to build response object from the CacheRecord\r\n * @param cacheRecord\r\n */\r\n SilentFlowClient.prototype.generateResultFromCacheRecord = function (cacheRecord, request) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var idTokenObj;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n if (cacheRecord.idToken) {\r\n idTokenObj = new AuthToken(cacheRecord.idToken.secret, this.config.cryptoInterface);\r\n }\r\n return [4 /*yield*/, ResponseHandler.generateAuthenticationResult(this.cryptoUtils, this.authority, cacheRecord, true, request, idTokenObj)];\r\n case 1: return [2 /*return*/, _a.sent()];\r\n }\r\n });\r\n });\r\n };\r\n return SilentFlowClient;\r\n}(BaseClient));\n\nexport { SilentFlowClient };\n//# sourceMappingURL=SilentFlowClient.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __extends, __awaiter, __generator, __assign, __spreadArrays } from '../_virtual/_tslib.js';\nimport { BaseClient } from './BaseClient.js';\nimport { RequestParameterBuilder } from '../request/RequestParameterBuilder.js';\nimport { PromptValue, Separators, AuthenticationScheme, GrantType } from '../utils/Constants.js';\nimport { ResponseHandler } from '../response/ResponseHandler.js';\nimport { StringUtils } from '../utils/StringUtils.js';\nimport { ClientAuthError } from '../error/ClientAuthError.js';\nimport { UrlString } from '../url/UrlString.js';\nimport { PopTokenGenerator } from '../crypto/PopTokenGenerator.js';\nimport { TimeUtils } from '../utils/TimeUtils.js';\nimport { buildClientInfoFromHomeAccountId, buildClientInfo } from '../account/ClientInfo.js';\nimport { CcsCredentialType } from '../account/CcsCredential.js';\nimport { ClientConfigurationError } from '../error/ClientConfigurationError.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Oauth2.0 Authorization Code client\r\n */\r\nvar AuthorizationCodeClient = /** @class */ (function (_super) {\r\n __extends(AuthorizationCodeClient, _super);\r\n function AuthorizationCodeClient(configuration) {\r\n return _super.call(this, configuration) || this;\r\n }\r\n /**\r\n * Creates the URL of the authorization request letting the user input credentials and consent to the\r\n * application. The URL target the /authorize endpoint of the authority configured in the\r\n * application object.\r\n *\r\n * Once the user inputs their credentials and consents, the authority will send a response to the redirect URI\r\n * sent in the request and should contain an authorization code, which can then be used to acquire tokens via\r\n * acquireToken(AuthorizationCodeRequest)\r\n * @param request\r\n */\r\n AuthorizationCodeClient.prototype.getAuthCodeUrl = function (request) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var queryString;\r\n return __generator(this, function (_a) {\r\n queryString = this.createAuthCodeUrlQueryString(request);\r\n return [2 /*return*/, UrlString.appendQueryString(this.authority.authorizationEndpoint, queryString)];\r\n });\r\n });\r\n };\r\n /**\r\n * API to acquire a token in exchange of 'authorization_code` acquired by the user in the first leg of the\r\n * authorization_code_grant\r\n * @param request\r\n */\r\n AuthorizationCodeClient.prototype.acquireToken = function (request, authCodePayload) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var reqTimestamp, response, responseHandler;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n this.logger.info(\"in acquireToken call\");\r\n if (!request || StringUtils.isEmpty(request.code)) {\r\n throw ClientAuthError.createTokenRequestCannotBeMadeError();\r\n }\r\n reqTimestamp = TimeUtils.nowSeconds();\r\n return [4 /*yield*/, this.executeTokenRequest(this.authority, request)];\r\n case 1:\r\n response = _a.sent();\r\n responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin);\r\n // Validate response. This function throws a server error if an error is returned by the server.\r\n responseHandler.validateTokenResponse(response.body);\r\n return [4 /*yield*/, responseHandler.handleServerTokenResponse(response.body, this.authority, reqTimestamp, request, authCodePayload)];\r\n case 2: return [2 /*return*/, _a.sent()];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * Handles the hash fragment response from public client code request. Returns a code response used by\r\n * the client to exchange for a token in acquireToken.\r\n * @param hashFragment\r\n */\r\n AuthorizationCodeClient.prototype.handleFragmentResponse = function (hashFragment, cachedState) {\r\n // Handle responses.\r\n var responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, null, null);\r\n // Deserialize hash fragment response parameters.\r\n var hashUrlString = new UrlString(hashFragment);\r\n // Deserialize hash fragment response parameters.\r\n var serverParams = UrlString.getDeserializedHash(hashUrlString.getHash());\r\n // Get code response\r\n responseHandler.validateServerAuthorizationCodeResponse(serverParams, cachedState, this.cryptoUtils);\r\n // throw when there is no auth code in the response\r\n if (!serverParams.code) {\r\n throw ClientAuthError.createNoAuthCodeInServerResponseError();\r\n }\r\n return __assign(__assign({}, serverParams), { \r\n // Code param is optional in ServerAuthorizationCodeResponse but required in AuthorizationCodePaylod\r\n code: serverParams.code });\r\n };\r\n /**\r\n * Used to log out the current user, and redirect the user to the postLogoutRedirectUri.\r\n * Default behaviour is to redirect the user to `window.location.href`.\r\n * @param authorityUri\r\n */\r\n AuthorizationCodeClient.prototype.getLogoutUri = function (logoutRequest) {\r\n // Throw error if logoutRequest is null/undefined\r\n if (!logoutRequest) {\r\n throw ClientConfigurationError.createEmptyLogoutRequestError();\r\n }\r\n var queryString = this.createLogoutUrlQueryString(logoutRequest);\r\n // Construct logout URI.\r\n return UrlString.appendQueryString(this.authority.endSessionEndpoint, queryString);\r\n };\r\n /**\r\n * Executes POST request to token endpoint\r\n * @param authority\r\n * @param request\r\n */\r\n AuthorizationCodeClient.prototype.executeTokenRequest = function (authority, request) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var thumbprint, requestBody, queryParameters, ccsCredential, clientInfo, headers, endpoint;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n thumbprint = {\r\n clientId: this.config.authOptions.clientId,\r\n authority: authority.canonicalAuthority,\r\n scopes: request.scopes,\r\n authenticationScheme: request.authenticationScheme,\r\n resourceRequestMethod: request.resourceRequestMethod,\r\n resourceRequestUri: request.resourceRequestUri,\r\n shrClaims: request.shrClaims,\r\n sshJwk: request.sshJwk,\r\n sshKid: request.sshKid\r\n };\r\n return [4 /*yield*/, this.createTokenRequestBody(request)];\r\n case 1:\r\n requestBody = _a.sent();\r\n queryParameters = this.createTokenQueryParameters(request);\r\n ccsCredential = undefined;\r\n if (request.clientInfo) {\r\n try {\r\n clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils);\r\n ccsCredential = {\r\n credential: \"\" + clientInfo.uid + Separators.CLIENT_INFO_SEPARATOR + clientInfo.utid,\r\n type: CcsCredentialType.HOME_ACCOUNT_ID\r\n };\r\n }\r\n catch (e) {\r\n this.logger.verbose(\"Could not parse client info for CCS Header: \" + e);\r\n }\r\n }\r\n headers = this.createTokenRequestHeaders(ccsCredential || request.ccsCredential);\r\n endpoint = StringUtils.isEmpty(queryParameters) ? authority.tokenEndpoint : authority.tokenEndpoint + \"?\" + queryParameters;\r\n return [2 /*return*/, this.executePostToTokenEndpoint(endpoint, requestBody, headers, thumbprint)];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * Creates query string for the /token request\r\n * @param request\r\n */\r\n AuthorizationCodeClient.prototype.createTokenQueryParameters = function (request) {\r\n var parameterBuilder = new RequestParameterBuilder();\r\n if (request.tokenQueryParameters) {\r\n parameterBuilder.addExtraQueryParameters(request.tokenQueryParameters);\r\n }\r\n return parameterBuilder.createQueryString();\r\n };\r\n /**\r\n * Generates a map for all the params to be sent to the service\r\n * @param request\r\n */\r\n AuthorizationCodeClient.prototype.createTokenRequestBody = function (request) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var parameterBuilder, clientAssertion, popTokenGenerator, cnfString, correlationId, ccsCred, clientInfo, clientInfo;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n parameterBuilder = new RequestParameterBuilder();\r\n parameterBuilder.addClientId(this.config.authOptions.clientId);\r\n // validate the redirectUri (to be a non null value)\r\n parameterBuilder.addRedirectUri(request.redirectUri);\r\n // Add scope array, parameter builder will add default scopes and dedupe\r\n parameterBuilder.addScopes(request.scopes);\r\n // add code: user set, not validated\r\n parameterBuilder.addAuthorizationCode(request.code);\r\n // Add library metadata\r\n parameterBuilder.addLibraryInfo(this.config.libraryInfo);\r\n parameterBuilder.addThrottling();\r\n if (this.serverTelemetryManager) {\r\n parameterBuilder.addServerTelemetry(this.serverTelemetryManager);\r\n }\r\n // add code_verifier if passed\r\n if (request.codeVerifier) {\r\n parameterBuilder.addCodeVerifier(request.codeVerifier);\r\n }\r\n if (this.config.clientCredentials.clientSecret) {\r\n parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);\r\n }\r\n if (this.config.clientCredentials.clientAssertion) {\r\n clientAssertion = this.config.clientCredentials.clientAssertion;\r\n parameterBuilder.addClientAssertion(clientAssertion.assertion);\r\n parameterBuilder.addClientAssertionType(clientAssertion.assertionType);\r\n }\r\n parameterBuilder.addGrantType(GrantType.AUTHORIZATION_CODE_GRANT);\r\n parameterBuilder.addClientInfo();\r\n if (!(request.authenticationScheme === AuthenticationScheme.POP)) return [3 /*break*/, 2];\r\n popTokenGenerator = new PopTokenGenerator(this.cryptoUtils);\r\n return [4 /*yield*/, popTokenGenerator.generateCnf(request)];\r\n case 1:\r\n cnfString = _a.sent();\r\n parameterBuilder.addPopToken(cnfString);\r\n return [3 /*break*/, 3];\r\n case 2:\r\n if (request.authenticationScheme === AuthenticationScheme.SSH) {\r\n if (request.sshJwk) {\r\n parameterBuilder.addSshJwk(request.sshJwk);\r\n }\r\n else {\r\n throw ClientConfigurationError.createMissingSshJwkError();\r\n }\r\n }\r\n _a.label = 3;\r\n case 3:\r\n correlationId = request.correlationId || this.config.cryptoInterface.createNewGuid();\r\n parameterBuilder.addCorrelationId(correlationId);\r\n if (!StringUtils.isEmptyObj(request.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) {\r\n parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);\r\n }\r\n ccsCred = undefined;\r\n if (request.clientInfo) {\r\n try {\r\n clientInfo = buildClientInfo(request.clientInfo, this.cryptoUtils);\r\n ccsCred = {\r\n credential: \"\" + clientInfo.uid + Separators.CLIENT_INFO_SEPARATOR + clientInfo.utid,\r\n type: CcsCredentialType.HOME_ACCOUNT_ID\r\n };\r\n }\r\n catch (e) {\r\n this.logger.verbose(\"Could not parse client info for CCS Header: \" + e);\r\n }\r\n }\r\n else {\r\n ccsCred = request.ccsCredential;\r\n }\r\n // Adds these as parameters in the request instead of headers to prevent CORS preflight request\r\n if (this.config.systemOptions.preventCorsPreflight && ccsCred) {\r\n switch (ccsCred.type) {\r\n case CcsCredentialType.HOME_ACCOUNT_ID:\r\n try {\r\n clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential);\r\n parameterBuilder.addCcsOid(clientInfo);\r\n }\r\n catch (e) {\r\n this.logger.verbose(\"Could not parse home account ID for CCS Header: \" + e);\r\n }\r\n break;\r\n case CcsCredentialType.UPN:\r\n parameterBuilder.addCcsUpn(ccsCred.credential);\r\n break;\r\n }\r\n }\r\n return [2 /*return*/, parameterBuilder.createQueryString()];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * This API validates the `AuthorizationCodeUrlRequest` and creates a URL\r\n * @param request\r\n */\r\n AuthorizationCodeClient.prototype.createAuthCodeUrlQueryString = function (request) {\r\n var parameterBuilder = new RequestParameterBuilder();\r\n parameterBuilder.addClientId(this.config.authOptions.clientId);\r\n var requestScopes = __spreadArrays(request.scopes || [], request.extraScopesToConsent || []);\r\n parameterBuilder.addScopes(requestScopes);\r\n // validate the redirectUri (to be a non null value)\r\n parameterBuilder.addRedirectUri(request.redirectUri);\r\n // generate the correlationId if not set by the user and add\r\n var correlationId = request.correlationId || this.config.cryptoInterface.createNewGuid();\r\n parameterBuilder.addCorrelationId(correlationId);\r\n // add response_mode. If not passed in it defaults to query.\r\n parameterBuilder.addResponseMode(request.responseMode);\r\n // add response_type = code\r\n parameterBuilder.addResponseTypeCode();\r\n // add library info parameters\r\n parameterBuilder.addLibraryInfo(this.config.libraryInfo);\r\n // add client_info=1\r\n parameterBuilder.addClientInfo();\r\n if (request.codeChallenge && request.codeChallengeMethod) {\r\n parameterBuilder.addCodeChallengeParams(request.codeChallenge, request.codeChallengeMethod);\r\n }\r\n if (request.prompt) {\r\n parameterBuilder.addPrompt(request.prompt);\r\n }\r\n if (request.domainHint) {\r\n parameterBuilder.addDomainHint(request.domainHint);\r\n }\r\n // Add sid or loginHint with preference for sid -> loginHint -> username of AccountInfo object\r\n if (request.prompt !== PromptValue.SELECT_ACCOUNT) {\r\n // AAD will throw if prompt=select_account is passed with an account hint\r\n if (request.sid && request.prompt === PromptValue.NONE) {\r\n // SessionID is only used in silent calls\r\n this.logger.verbose(\"createAuthCodeUrlQueryString: Prompt is none, adding sid from request\");\r\n parameterBuilder.addSid(request.sid);\r\n }\r\n else if (request.account) {\r\n var accountSid = this.extractAccountSid(request.account);\r\n // If account and loginHint are provided, we will check account first for sid before adding loginHint\r\n if (accountSid && request.prompt === PromptValue.NONE) {\r\n // SessionId is only used in silent calls\r\n this.logger.verbose(\"createAuthCodeUrlQueryString: Prompt is none, adding sid from account\");\r\n parameterBuilder.addSid(accountSid);\r\n try {\r\n var clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);\r\n parameterBuilder.addCcsOid(clientInfo);\r\n }\r\n catch (e) {\r\n this.logger.verbose(\"Could not parse home account ID for CCS Header: \" + e);\r\n }\r\n }\r\n else if (request.loginHint) {\r\n this.logger.verbose(\"createAuthCodeUrlQueryString: Adding login_hint from request\");\r\n parameterBuilder.addLoginHint(request.loginHint);\r\n parameterBuilder.addCcsUpn(request.loginHint);\r\n }\r\n else if (request.account.username) {\r\n // Fallback to account username if provided\r\n this.logger.verbose(\"createAuthCodeUrlQueryString: Adding login_hint from account\");\r\n parameterBuilder.addLoginHint(request.account.username);\r\n try {\r\n var clientInfo = buildClientInfoFromHomeAccountId(request.account.homeAccountId);\r\n parameterBuilder.addCcsOid(clientInfo);\r\n }\r\n catch (e) {\r\n this.logger.verbose(\"Could not parse home account ID for CCS Header: \" + e);\r\n }\r\n }\r\n }\r\n else if (request.loginHint) {\r\n this.logger.verbose(\"createAuthCodeUrlQueryString: No account, adding login_hint from request\");\r\n parameterBuilder.addLoginHint(request.loginHint);\r\n parameterBuilder.addCcsUpn(request.loginHint);\r\n }\r\n }\r\n else {\r\n this.logger.verbose(\"createAuthCodeUrlQueryString: Prompt is select_account, ignoring account hints\");\r\n }\r\n if (request.nonce) {\r\n parameterBuilder.addNonce(request.nonce);\r\n }\r\n if (request.state) {\r\n parameterBuilder.addState(request.state);\r\n }\r\n if (!StringUtils.isEmpty(request.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) {\r\n parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);\r\n }\r\n if (request.extraQueryParameters) {\r\n parameterBuilder.addExtraQueryParameters(request.extraQueryParameters);\r\n }\r\n return parameterBuilder.createQueryString();\r\n };\r\n /**\r\n * This API validates the `EndSessionRequest` and creates a URL\r\n * @param request\r\n */\r\n AuthorizationCodeClient.prototype.createLogoutUrlQueryString = function (request) {\r\n var parameterBuilder = new RequestParameterBuilder();\r\n if (request.postLogoutRedirectUri) {\r\n parameterBuilder.addPostLogoutRedirectUri(request.postLogoutRedirectUri);\r\n }\r\n if (request.correlationId) {\r\n parameterBuilder.addCorrelationId(request.correlationId);\r\n }\r\n if (request.idTokenHint) {\r\n parameterBuilder.addIdTokenHint(request.idTokenHint);\r\n }\r\n if (request.state) {\r\n parameterBuilder.addState(request.state);\r\n }\r\n if (request.extraQueryParameters) {\r\n parameterBuilder.addExtraQueryParameters(request.extraQueryParameters);\r\n }\r\n return parameterBuilder.createQueryString();\r\n };\r\n /**\r\n * Helper to get sid from account. Returns null if idTokenClaims are not present or sid is not present.\r\n * @param account\r\n */\r\n AuthorizationCodeClient.prototype.extractAccountSid = function (account) {\r\n if (account.idTokenClaims) {\r\n var tokenClaims = account.idTokenClaims;\r\n return tokenClaims.sid || null;\r\n }\r\n return null;\r\n };\r\n return AuthorizationCodeClient;\r\n}(BaseClient));\n\nexport { AuthorizationCodeClient };\n//# sourceMappingURL=AuthorizationCodeClient.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __extends } from '../../_virtual/_tslib.js';\nimport { CredentialEntity } from './CredentialEntity.js';\nimport { CredentialType, AuthenticationScheme } from '../../utils/Constants.js';\nimport { TimeUtils } from '../../utils/TimeUtils.js';\nimport { StringUtils } from '../../utils/StringUtils.js';\nimport { AuthToken } from '../../account/AuthToken.js';\nimport { ClientAuthError } from '../../error/ClientAuthError.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * ACCESS_TOKEN Credential Type\r\n *\r\n * Key:Value Schema:\r\n *\r\n * Key Example: uid.utid-login.microsoftonline.com-accesstoken-clientId-contoso.com-user.read\r\n *\r\n * Value Schema:\r\n * {\r\n * homeAccountId: home account identifier for the auth scheme,\r\n * environment: entity that issued the token, represented as a full host\r\n * credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other\r\n * clientId: client ID of the application\r\n * secret: Actual credential as a string\r\n * familyId: Family ID identifier, usually only used for refresh tokens\r\n * realm: Full tenant or organizational identifier that the account belongs to\r\n * target: Permissions that are included in the token, or for refresh tokens, the resource identifier.\r\n * cachedAt: Absolute device time when entry was created in the cache.\r\n * expiresOn: Token expiry time, calculated based on current UTC time in seconds. Represented as a string.\r\n * extendedExpiresOn: Additional extended expiry time until when token is valid in case of server-side outage. Represented as string in UTC seconds.\r\n * keyId: used for POP and SSH tokenTypes\r\n * tokenType: Type of the token issued. Usually \"Bearer\"\r\n * }\r\n */\r\nvar AccessTokenEntity = /** @class */ (function (_super) {\r\n __extends(AccessTokenEntity, _super);\r\n function AccessTokenEntity() {\r\n return _super !== null && _super.apply(this, arguments) || this;\r\n }\r\n /**\r\n * Create AccessTokenEntity\r\n * @param homeAccountId\r\n * @param environment\r\n * @param accessToken\r\n * @param clientId\r\n * @param tenantId\r\n * @param scopes\r\n * @param expiresOn\r\n * @param extExpiresOn\r\n */\r\n AccessTokenEntity.createAccessTokenEntity = function (homeAccountId, environment, accessToken, clientId, tenantId, scopes, expiresOn, extExpiresOn, cryptoUtils, refreshOn, tokenType, oboAssertion, keyId) {\r\n var _a;\r\n var atEntity = new AccessTokenEntity();\r\n atEntity.homeAccountId = homeAccountId;\r\n atEntity.credentialType = CredentialType.ACCESS_TOKEN;\r\n atEntity.secret = accessToken;\r\n var currentTime = TimeUtils.nowSeconds();\r\n atEntity.cachedAt = currentTime.toString();\r\n /*\r\n * Token expiry time.\r\n * This value should be  calculated based on the current UTC time measured locally and the value  expires_in Represented as a string in JSON.\r\n */\r\n atEntity.expiresOn = expiresOn.toString();\r\n atEntity.extendedExpiresOn = extExpiresOn.toString();\r\n if (refreshOn) {\r\n atEntity.refreshOn = refreshOn.toString();\r\n }\r\n atEntity.environment = environment;\r\n atEntity.clientId = clientId;\r\n atEntity.realm = tenantId;\r\n atEntity.target = scopes;\r\n atEntity.oboAssertion = oboAssertion;\r\n atEntity.tokenType = StringUtils.isEmpty(tokenType) ? AuthenticationScheme.BEARER : tokenType;\r\n // Create Access Token With Auth Scheme instead of regular access token\r\n if (atEntity.tokenType !== AuthenticationScheme.BEARER) {\r\n atEntity.credentialType = CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;\r\n switch (atEntity.tokenType) {\r\n case AuthenticationScheme.POP:\r\n // Make sure keyId is present and add it to credential\r\n var tokenClaims = AuthToken.extractTokenClaims(accessToken, cryptoUtils);\r\n if (!((_a = tokenClaims === null || tokenClaims === void 0 ? void 0 : tokenClaims.cnf) === null || _a === void 0 ? void 0 : _a.kid)) {\r\n throw ClientAuthError.createTokenClaimsRequiredError();\r\n }\r\n atEntity.keyId = tokenClaims.cnf.kid;\r\n break;\r\n case AuthenticationScheme.SSH:\r\n atEntity.keyId = keyId;\r\n }\r\n }\r\n return atEntity;\r\n };\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n AccessTokenEntity.isAccessTokenEntity = function (entity) {\r\n if (!entity) {\r\n return false;\r\n }\r\n return (entity.hasOwnProperty(\"homeAccountId\") &&\r\n entity.hasOwnProperty(\"environment\") &&\r\n entity.hasOwnProperty(\"credentialType\") &&\r\n entity.hasOwnProperty(\"realm\") &&\r\n entity.hasOwnProperty(\"clientId\") &&\r\n entity.hasOwnProperty(\"secret\") &&\r\n entity.hasOwnProperty(\"target\") &&\r\n (entity[\"credentialType\"] === CredentialType.ACCESS_TOKEN || entity[\"credentialType\"] === CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME));\r\n };\r\n return AccessTokenEntity;\r\n}(CredentialEntity));\n\nexport { AccessTokenEntity };\n//# sourceMappingURL=AccessTokenEntity.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nvar CacheRecord = /** @class */ (function () {\r\n function CacheRecord(accountEntity, idTokenEntity, accessTokenEntity, refreshTokenEntity, appMetadataEntity) {\r\n this.account = accountEntity || null;\r\n this.idToken = idTokenEntity || null;\r\n this.accessToken = accessTokenEntity || null;\r\n this.refreshToken = refreshTokenEntity || null;\r\n this.appMetadata = appMetadataEntity || null;\r\n }\r\n return CacheRecord;\r\n}());\n\nexport { CacheRecord };\n//# sourceMappingURL=CacheRecord.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __extends } from '../_virtual/_tslib.js';\nimport { AuthError } from './AuthError.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Error thrown when there is an error with the server code, for example, unavailability.\r\n */\r\nvar ServerError = /** @class */ (function (_super) {\r\n __extends(ServerError, _super);\r\n function ServerError(errorCode, errorMessage, subError) {\r\n var _this = _super.call(this, errorCode, errorMessage, subError) || this;\r\n _this.name = \"ServerError\";\r\n Object.setPrototypeOf(_this, ServerError.prototype);\r\n return _this;\r\n }\r\n return ServerError;\r\n}(AuthError));\n\nexport { ServerError };\n//# sourceMappingURL=ServerError.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __extends } from '../../_virtual/_tslib.js';\nimport { CredentialEntity } from './CredentialEntity.js';\nimport { CredentialType } from '../../utils/Constants.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * ID_TOKEN Cache\r\n *\r\n * Key:Value Schema:\r\n *\r\n * Key Example: uid.utid-login.microsoftonline.com-idtoken-clientId-contoso.com-\r\n *\r\n * Value Schema:\r\n * {\r\n * homeAccountId: home account identifier for the auth scheme,\r\n * environment: entity that issued the token, represented as a full host\r\n * credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other\r\n * clientId: client ID of the application\r\n * secret: Actual credential as a string\r\n * realm: Full tenant or organizational identifier that the account belongs to\r\n * }\r\n */\r\nvar IdTokenEntity = /** @class */ (function (_super) {\r\n __extends(IdTokenEntity, _super);\r\n function IdTokenEntity() {\r\n return _super !== null && _super.apply(this, arguments) || this;\r\n }\r\n /**\r\n * Create IdTokenEntity\r\n * @param homeAccountId\r\n * @param authenticationResult\r\n * @param clientId\r\n * @param authority\r\n */\r\n IdTokenEntity.createIdTokenEntity = function (homeAccountId, environment, idToken, clientId, tenantId, oboAssertion) {\r\n var idTokenEntity = new IdTokenEntity();\r\n idTokenEntity.credentialType = CredentialType.ID_TOKEN;\r\n idTokenEntity.homeAccountId = homeAccountId;\r\n idTokenEntity.environment = environment;\r\n idTokenEntity.clientId = clientId;\r\n idTokenEntity.secret = idToken;\r\n idTokenEntity.realm = tenantId;\r\n idTokenEntity.oboAssertion = oboAssertion;\r\n return idTokenEntity;\r\n };\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n IdTokenEntity.isIdTokenEntity = function (entity) {\r\n if (!entity) {\r\n return false;\r\n }\r\n return (entity.hasOwnProperty(\"homeAccountId\") &&\r\n entity.hasOwnProperty(\"environment\") &&\r\n entity.hasOwnProperty(\"credentialType\") &&\r\n entity.hasOwnProperty(\"realm\") &&\r\n entity.hasOwnProperty(\"clientId\") &&\r\n entity.hasOwnProperty(\"secret\") &&\r\n entity[\"credentialType\"] === CredentialType.ID_TOKEN);\r\n };\r\n return IdTokenEntity;\r\n}(CredentialEntity));\n\nexport { IdTokenEntity };\n//# sourceMappingURL=IdTokenEntity.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __extends, __awaiter, __generator, __assign } from '../_virtual/_tslib.js';\nimport { BaseClient } from './BaseClient.js';\nimport { RequestParameterBuilder } from '../request/RequestParameterBuilder.js';\nimport { AuthenticationScheme, GrantType, Errors } from '../utils/Constants.js';\nimport { ResponseHandler } from '../response/ResponseHandler.js';\nimport { PopTokenGenerator } from '../crypto/PopTokenGenerator.js';\nimport { StringUtils } from '../utils/StringUtils.js';\nimport { ClientConfigurationError } from '../error/ClientConfigurationError.js';\nimport { ClientAuthError } from '../error/ClientAuthError.js';\nimport { ServerError } from '../error/ServerError.js';\nimport { TimeUtils } from '../utils/TimeUtils.js';\nimport { UrlString } from '../url/UrlString.js';\nimport { CcsCredentialType } from '../account/CcsCredential.js';\nimport { buildClientInfoFromHomeAccountId } from '../account/ClientInfo.js';\nimport { InteractionRequiredAuthError, InteractionRequiredAuthErrorMessage } from '../error/InteractionRequiredAuthError.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * OAuth2.0 refresh token client\r\n */\r\nvar RefreshTokenClient = /** @class */ (function (_super) {\r\n __extends(RefreshTokenClient, _super);\r\n function RefreshTokenClient(configuration) {\r\n return _super.call(this, configuration) || this;\r\n }\r\n RefreshTokenClient.prototype.acquireToken = function (request) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var reqTimestamp, response, responseHandler;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n reqTimestamp = TimeUtils.nowSeconds();\r\n return [4 /*yield*/, this.executeTokenRequest(request, this.authority)];\r\n case 1:\r\n response = _a.sent();\r\n responseHandler = new ResponseHandler(this.config.authOptions.clientId, this.cacheManager, this.cryptoUtils, this.logger, this.config.serializableCache, this.config.persistencePlugin);\r\n responseHandler.validateTokenResponse(response.body);\r\n return [2 /*return*/, responseHandler.handleServerTokenResponse(response.body, this.authority, reqTimestamp, request, undefined, undefined, true)];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * Gets cached refresh token and attaches to request, then calls acquireToken API\r\n * @param request\r\n */\r\n RefreshTokenClient.prototype.acquireTokenByRefreshToken = function (request) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var isFOCI, noFamilyRTInCache, clientMismatchErrorWithFamilyRT;\r\n return __generator(this, function (_a) {\r\n // Cannot renew token if no request object is given.\r\n if (!request) {\r\n throw ClientConfigurationError.createEmptyTokenRequestError();\r\n }\r\n // We currently do not support silent flow for account === null use cases; This will be revisited for confidential flow usecases\r\n if (!request.account) {\r\n throw ClientAuthError.createNoAccountInSilentRequestError();\r\n }\r\n isFOCI = this.cacheManager.isAppMetadataFOCI(request.account.environment, this.config.authOptions.clientId);\r\n // if the app is part of the family, retrive a Family refresh token if present and make a refreshTokenRequest\r\n if (isFOCI) {\r\n try {\r\n return [2 /*return*/, this.acquireTokenWithCachedRefreshToken(request, true)];\r\n }\r\n catch (e) {\r\n noFamilyRTInCache = e instanceof InteractionRequiredAuthError && e.errorCode === InteractionRequiredAuthErrorMessage.noTokensFoundError.code;\r\n clientMismatchErrorWithFamilyRT = e instanceof ServerError && e.errorCode === Errors.INVALID_GRANT_ERROR && e.subError === Errors.CLIENT_MISMATCH_ERROR;\r\n // if family Refresh Token (FRT) cache acquisition fails or if client_mismatch error is seen with FRT, reattempt with application Refresh Token (ART)\r\n if (noFamilyRTInCache || clientMismatchErrorWithFamilyRT) {\r\n return [2 /*return*/, this.acquireTokenWithCachedRefreshToken(request, false)];\r\n // throw in all other cases\r\n }\r\n else {\r\n throw e;\r\n }\r\n }\r\n }\r\n // fall back to application refresh token acquisition\r\n return [2 /*return*/, this.acquireTokenWithCachedRefreshToken(request, false)];\r\n });\r\n });\r\n };\r\n /**\r\n * makes a network call to acquire tokens by exchanging RefreshToken available in userCache; throws if refresh token is not cached\r\n * @param request\r\n */\r\n RefreshTokenClient.prototype.acquireTokenWithCachedRefreshToken = function (request, foci) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var refreshToken, refreshTokenRequest;\r\n return __generator(this, function (_a) {\r\n refreshToken = this.cacheManager.readRefreshTokenFromCache(this.config.authOptions.clientId, request.account, foci);\r\n // no refresh Token\r\n if (!refreshToken) {\r\n throw InteractionRequiredAuthError.createNoTokensFoundError();\r\n }\r\n refreshTokenRequest = __assign(__assign({}, request), { refreshToken: refreshToken.secret, authenticationScheme: request.authenticationScheme || AuthenticationScheme.BEARER, ccsCredential: {\r\n credential: request.account.homeAccountId,\r\n type: CcsCredentialType.HOME_ACCOUNT_ID\r\n } });\r\n return [2 /*return*/, this.acquireToken(refreshTokenRequest)];\r\n });\r\n });\r\n };\r\n /**\r\n * Constructs the network message and makes a NW call to the underlying secure token service\r\n * @param request\r\n * @param authority\r\n */\r\n RefreshTokenClient.prototype.executeTokenRequest = function (request, authority) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var requestBody, queryParameters, headers, thumbprint, endpoint;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0: return [4 /*yield*/, this.createTokenRequestBody(request)];\r\n case 1:\r\n requestBody = _a.sent();\r\n queryParameters = this.createTokenQueryParameters(request);\r\n headers = this.createTokenRequestHeaders(request.ccsCredential);\r\n thumbprint = {\r\n clientId: this.config.authOptions.clientId,\r\n authority: authority.canonicalAuthority,\r\n scopes: request.scopes,\r\n authenticationScheme: request.authenticationScheme,\r\n resourceRequestMethod: request.resourceRequestMethod,\r\n resourceRequestUri: request.resourceRequestUri,\r\n shrClaims: request.shrClaims,\r\n sshJwk: request.sshJwk,\r\n sshKid: request.sshKid\r\n };\r\n endpoint = UrlString.appendQueryString(authority.tokenEndpoint, queryParameters);\r\n return [2 /*return*/, this.executePostToTokenEndpoint(endpoint, requestBody, headers, thumbprint)];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * Creates query string for the /token request\r\n * @param request\r\n */\r\n RefreshTokenClient.prototype.createTokenQueryParameters = function (request) {\r\n var parameterBuilder = new RequestParameterBuilder();\r\n if (request.tokenQueryParameters) {\r\n parameterBuilder.addExtraQueryParameters(request.tokenQueryParameters);\r\n }\r\n return parameterBuilder.createQueryString();\r\n };\r\n /**\r\n * Helper function to create the token request body\r\n * @param request\r\n */\r\n RefreshTokenClient.prototype.createTokenRequestBody = function (request) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var parameterBuilder, correlationId, clientAssertion, popTokenGenerator, cnfString, clientInfo;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n parameterBuilder = new RequestParameterBuilder();\r\n parameterBuilder.addClientId(this.config.authOptions.clientId);\r\n parameterBuilder.addScopes(request.scopes);\r\n parameterBuilder.addGrantType(GrantType.REFRESH_TOKEN_GRANT);\r\n parameterBuilder.addClientInfo();\r\n parameterBuilder.addLibraryInfo(this.config.libraryInfo);\r\n parameterBuilder.addThrottling();\r\n if (this.serverTelemetryManager) {\r\n parameterBuilder.addServerTelemetry(this.serverTelemetryManager);\r\n }\r\n correlationId = request.correlationId || this.config.cryptoInterface.createNewGuid();\r\n parameterBuilder.addCorrelationId(correlationId);\r\n parameterBuilder.addRefreshToken(request.refreshToken);\r\n if (this.config.clientCredentials.clientSecret) {\r\n parameterBuilder.addClientSecret(this.config.clientCredentials.clientSecret);\r\n }\r\n if (this.config.clientCredentials.clientAssertion) {\r\n clientAssertion = this.config.clientCredentials.clientAssertion;\r\n parameterBuilder.addClientAssertion(clientAssertion.assertion);\r\n parameterBuilder.addClientAssertionType(clientAssertion.assertionType);\r\n }\r\n if (!(request.authenticationScheme === AuthenticationScheme.POP)) return [3 /*break*/, 2];\r\n popTokenGenerator = new PopTokenGenerator(this.cryptoUtils);\r\n return [4 /*yield*/, popTokenGenerator.generateCnf(request)];\r\n case 1:\r\n cnfString = _a.sent();\r\n parameterBuilder.addPopToken(cnfString);\r\n return [3 /*break*/, 3];\r\n case 2:\r\n if (request.authenticationScheme === AuthenticationScheme.SSH) {\r\n if (request.sshJwk) {\r\n parameterBuilder.addSshJwk(request.sshJwk);\r\n }\r\n else {\r\n throw ClientConfigurationError.createMissingSshJwkError();\r\n }\r\n }\r\n _a.label = 3;\r\n case 3:\r\n if (!StringUtils.isEmptyObj(request.claims) || this.config.authOptions.clientCapabilities && this.config.authOptions.clientCapabilities.length > 0) {\r\n parameterBuilder.addClaims(request.claims, this.config.authOptions.clientCapabilities);\r\n }\r\n if (this.config.systemOptions.preventCorsPreflight && request.ccsCredential) {\r\n switch (request.ccsCredential.type) {\r\n case CcsCredentialType.HOME_ACCOUNT_ID:\r\n try {\r\n clientInfo = buildClientInfoFromHomeAccountId(request.ccsCredential.credential);\r\n parameterBuilder.addCcsOid(clientInfo);\r\n }\r\n catch (e) {\r\n this.logger.verbose(\"Could not parse home account ID for CCS Header: \" + e);\r\n }\r\n break;\r\n case CcsCredentialType.UPN:\r\n parameterBuilder.addCcsUpn(request.ccsCredential.credential);\r\n break;\r\n }\r\n }\r\n return [2 /*return*/, parameterBuilder.createQueryString()];\r\n }\r\n });\r\n });\r\n };\r\n return RefreshTokenClient;\r\n}(BaseClient));\n\nexport { RefreshTokenClient };\n//# sourceMappingURL=RefreshTokenClient.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { SERVER_TELEM_CONSTANTS } from '../../utils/Constants.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nvar ServerTelemetryEntity = /** @class */ (function () {\r\n function ServerTelemetryEntity() {\r\n this.failedRequests = [];\r\n this.errors = [];\r\n this.cacheHits = 0;\r\n }\r\n /**\r\n * validates if a given cache entry is \"Telemetry\", parses \r\n * @param key\r\n * @param entity\r\n */\r\n ServerTelemetryEntity.isServerTelemetryEntity = function (key, entity) {\r\n var validateKey = key.indexOf(SERVER_TELEM_CONSTANTS.CACHE_KEY) === 0;\r\n var validateEntity = true;\r\n if (entity) {\r\n validateEntity =\r\n entity.hasOwnProperty(\"failedRequests\") &&\r\n entity.hasOwnProperty(\"errors\") &&\r\n entity.hasOwnProperty(\"cacheHits\");\r\n }\r\n return validateKey && validateEntity;\r\n };\r\n return ServerTelemetryEntity;\r\n}());\n\nexport { ServerTelemetryEntity };\n//# sourceMappingURL=ServerTelemetryEntity.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __awaiter, __generator, __assign } from '../_virtual/_tslib.js';\nimport { AuthToken } from '../account/AuthToken.js';\nimport { TimeUtils } from '../utils/TimeUtils.js';\nimport { UrlString } from '../url/UrlString.js';\nimport { ClientAuthError } from '../error/ClientAuthError.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nvar KeyLocation;\r\n(function (KeyLocation) {\r\n KeyLocation[\"SW\"] = \"sw\";\r\n KeyLocation[\"UHW\"] = \"uhw\";\r\n})(KeyLocation || (KeyLocation = {}));\r\nvar PopTokenGenerator = /** @class */ (function () {\r\n function PopTokenGenerator(cryptoUtils) {\r\n this.cryptoUtils = cryptoUtils;\r\n }\r\n PopTokenGenerator.prototype.generateCnf = function (request) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var reqCnf;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0: return [4 /*yield*/, this.generateKid(request)];\r\n case 1:\r\n reqCnf = _a.sent();\r\n return [2 /*return*/, this.cryptoUtils.base64Encode(JSON.stringify(reqCnf))];\r\n }\r\n });\r\n });\r\n };\r\n PopTokenGenerator.prototype.generateKid = function (request) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var kidThumbprint;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0: return [4 /*yield*/, this.cryptoUtils.getPublicKeyThumbprint(request)];\r\n case 1:\r\n kidThumbprint = _a.sent();\r\n return [2 /*return*/, {\r\n kid: kidThumbprint,\r\n xms_ksl: KeyLocation.SW\r\n }];\r\n }\r\n });\r\n });\r\n };\r\n PopTokenGenerator.prototype.signPopToken = function (accessToken, request) {\r\n var _a;\r\n return __awaiter(this, void 0, void 0, function () {\r\n var tokenClaims;\r\n return __generator(this, function (_b) {\r\n tokenClaims = AuthToken.extractTokenClaims(accessToken, this.cryptoUtils);\r\n if (!((_a = tokenClaims === null || tokenClaims === void 0 ? void 0 : tokenClaims.cnf) === null || _a === void 0 ? void 0 : _a.kid)) {\r\n throw ClientAuthError.createTokenClaimsRequiredError();\r\n }\r\n return [2 /*return*/, this.signPayload(accessToken, tokenClaims.cnf.kid, request)];\r\n });\r\n });\r\n };\r\n PopTokenGenerator.prototype.signPayload = function (payload, kid, request, claims) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var resourceRequestMethod, resourceRequestUri, shrClaims, shrNonce, resourceUrlString, resourceUrlComponents;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n resourceRequestMethod = request.resourceRequestMethod, resourceRequestUri = request.resourceRequestUri, shrClaims = request.shrClaims, shrNonce = request.shrNonce;\r\n resourceUrlString = (resourceRequestUri) ? new UrlString(resourceRequestUri) : undefined;\r\n resourceUrlComponents = resourceUrlString === null || resourceUrlString === void 0 ? void 0 : resourceUrlString.getUrlComponents();\r\n return [4 /*yield*/, this.cryptoUtils.signJwt(__assign({ at: payload, ts: TimeUtils.nowSeconds(), m: resourceRequestMethod === null || resourceRequestMethod === void 0 ? void 0 : resourceRequestMethod.toUpperCase(), u: resourceUrlComponents === null || resourceUrlComponents === void 0 ? void 0 : resourceUrlComponents.HostNameAndPort, nonce: shrNonce || this.cryptoUtils.createNewGuid(), p: resourceUrlComponents === null || resourceUrlComponents === void 0 ? void 0 : resourceUrlComponents.AbsolutePath, q: (resourceUrlComponents === null || resourceUrlComponents === void 0 ? void 0 : resourceUrlComponents.QueryString) ? [[], resourceUrlComponents.QueryString] : undefined, client_claims: shrClaims || undefined }, claims), kid)];\r\n case 1: return [2 /*return*/, _a.sent()];\r\n }\r\n });\r\n });\r\n };\r\n return PopTokenGenerator;\r\n}());\n\nexport { PopTokenGenerator };\n//# sourceMappingURL=PopTokenGenerator.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __awaiter, __generator } from '../_virtual/_tslib.js';\nimport { AuthError } from '../error/AuthError.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nvar DEFAULT_CRYPTO_IMPLEMENTATION = {\r\n createNewGuid: function () {\r\n var notImplErr = \"Crypto interface - createNewGuid() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n },\r\n base64Decode: function () {\r\n var notImplErr = \"Crypto interface - base64Decode() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n },\r\n base64Encode: function () {\r\n var notImplErr = \"Crypto interface - base64Encode() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n },\r\n generatePkceCodes: function () {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var notImplErr;\r\n return __generator(this, function (_a) {\r\n notImplErr = \"Crypto interface - generatePkceCodes() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n });\r\n });\r\n },\r\n getPublicKeyThumbprint: function () {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var notImplErr;\r\n return __generator(this, function (_a) {\r\n notImplErr = \"Crypto interface - getPublicKeyThumbprint() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n });\r\n });\r\n },\r\n removeTokenBindingKey: function () {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var notImplErr;\r\n return __generator(this, function (_a) {\r\n notImplErr = \"Crypto interface - removeTokenBindingKey() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n });\r\n });\r\n },\r\n clearKeystore: function () {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var notImplErr;\r\n return __generator(this, function (_a) {\r\n notImplErr = \"Crypto interface - clearKeystore() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n });\r\n });\r\n },\r\n signJwt: function () {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var notImplErr;\r\n return __generator(this, function (_a) {\r\n notImplErr = \"Crypto interface - signJwt() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n });\r\n });\r\n }\r\n};\n\nexport { DEFAULT_CRYPTO_IMPLEMENTATION };\n//# sourceMappingURL=ICrypto.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * This class instance helps track the memory changes facilitating\r\n * decisions to read from and write to the persistent cache\r\n */ var TokenCacheContext = /** @class */ (function () {\r\n function TokenCacheContext(tokenCache, hasChanged) {\r\n this.cache = tokenCache;\r\n this.hasChanged = hasChanged;\r\n }\r\n Object.defineProperty(TokenCacheContext.prototype, \"cacheHasChanged\", {\r\n /**\r\n * boolean which indicates the changes in cache\r\n */\r\n get: function () {\r\n return this.hasChanged;\r\n },\r\n enumerable: false,\r\n configurable: true\r\n });\r\n Object.defineProperty(TokenCacheContext.prototype, \"tokenCache\", {\r\n /**\r\n * function to retrieve the token cache\r\n */\r\n get: function () {\r\n return this.cache;\r\n },\r\n enumerable: false,\r\n configurable: true\r\n });\r\n return TokenCacheContext;\r\n}());\n\nexport { TokenCacheContext };\n//# sourceMappingURL=TokenCacheContext.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __extends } from '../../_virtual/_tslib.js';\nimport { CredentialEntity } from './CredentialEntity.js';\nimport { CredentialType } from '../../utils/Constants.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * REFRESH_TOKEN Cache\r\n *\r\n * Key:Value Schema:\r\n *\r\n * Key Example: uid.utid-login.microsoftonline.com-refreshtoken-clientId--\r\n *\r\n * Value:\r\n * {\r\n * homeAccountId: home account identifier for the auth scheme,\r\n * environment: entity that issued the token, represented as a full host\r\n * credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other\r\n * clientId: client ID of the application\r\n * secret: Actual credential as a string\r\n * familyId: Family ID identifier, '1' represents Microsoft Family\r\n * realm: Full tenant or organizational identifier that the account belongs to\r\n * target: Permissions that are included in the token, or for refresh tokens, the resource identifier.\r\n * }\r\n */\r\nvar RefreshTokenEntity = /** @class */ (function (_super) {\r\n __extends(RefreshTokenEntity, _super);\r\n function RefreshTokenEntity() {\r\n return _super !== null && _super.apply(this, arguments) || this;\r\n }\r\n /**\r\n * Create RefreshTokenEntity\r\n * @param homeAccountId\r\n * @param authenticationResult\r\n * @param clientId\r\n * @param authority\r\n */\r\n RefreshTokenEntity.createRefreshTokenEntity = function (homeAccountId, environment, refreshToken, clientId, familyId, oboAssertion) {\r\n var rtEntity = new RefreshTokenEntity();\r\n rtEntity.clientId = clientId;\r\n rtEntity.credentialType = CredentialType.REFRESH_TOKEN;\r\n rtEntity.environment = environment;\r\n rtEntity.homeAccountId = homeAccountId;\r\n rtEntity.secret = refreshToken;\r\n rtEntity.oboAssertion = oboAssertion;\r\n if (familyId)\r\n rtEntity.familyId = familyId;\r\n return rtEntity;\r\n };\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n RefreshTokenEntity.isRefreshTokenEntity = function (entity) {\r\n if (!entity) {\r\n return false;\r\n }\r\n return (entity.hasOwnProperty(\"homeAccountId\") &&\r\n entity.hasOwnProperty(\"environment\") &&\r\n entity.hasOwnProperty(\"credentialType\") &&\r\n entity.hasOwnProperty(\"clientId\") &&\r\n entity.hasOwnProperty(\"secret\") &&\r\n entity[\"credentialType\"] === CredentialType.REFRESH_TOKEN);\r\n };\r\n return RefreshTokenEntity;\r\n}(CredentialEntity));\n\nexport { RefreshTokenEntity };\n//# sourceMappingURL=RefreshTokenEntity.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { CredentialType, CacheType, Constants, AuthenticationScheme, Separators } from '../../utils/Constants.js';\nimport { ClientAuthError } from '../../error/ClientAuthError.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Base type for credentials to be stored in the cache: eg: ACCESS_TOKEN, ID_TOKEN etc\r\n *\r\n * Key:Value Schema:\r\n *\r\n * Key: ------\r\n *\r\n * Value Schema:\r\n * {\r\n * homeAccountId: home account identifier for the auth scheme,\r\n * environment: entity that issued the token, represented as a full host\r\n * credentialType: Type of credential as a string, can be one of the following: RefreshToken, AccessToken, IdToken, Password, Cookie, Certificate, Other\r\n * clientId: client ID of the application\r\n * secret: Actual credential as a string\r\n * familyId: Family ID identifier, usually only used for refresh tokens\r\n * realm: Full tenant or organizational identifier that the account belongs to\r\n * target: Permissions that are included in the token, or for refresh tokens, the resource identifier.\r\n * oboAssertion: access token passed in as part of OBO request\r\n * tokenType: Matches the authentication scheme for which the token was issued (i.e. Bearer or pop)\r\n * }\r\n */\r\nvar CredentialEntity = /** @class */ (function () {\r\n function CredentialEntity() {\r\n }\r\n /**\r\n * Generate Account Id key component as per the schema: -\r\n */\r\n CredentialEntity.prototype.generateAccountId = function () {\r\n return CredentialEntity.generateAccountIdForCacheKey(this.homeAccountId, this.environment);\r\n };\r\n /**\r\n * Generate Credential Id key component as per the schema: --\r\n */\r\n CredentialEntity.prototype.generateCredentialId = function () {\r\n return CredentialEntity.generateCredentialIdForCacheKey(this.credentialType, this.clientId, this.realm, this.familyId);\r\n };\r\n /**\r\n * Generate target key component as per schema: \r\n */\r\n CredentialEntity.prototype.generateTarget = function () {\r\n return CredentialEntity.generateTargetForCacheKey(this.target);\r\n };\r\n /**\r\n * generates credential key\r\n */\r\n CredentialEntity.prototype.generateCredentialKey = function () {\r\n return CredentialEntity.generateCredentialCacheKey(this.homeAccountId, this.environment, this.credentialType, this.clientId, this.realm, this.target, this.familyId, this.tokenType);\r\n };\r\n /**\r\n * returns the type of the cache (in this case credential)\r\n */\r\n CredentialEntity.prototype.generateType = function () {\r\n switch (this.credentialType) {\r\n case CredentialType.ID_TOKEN:\r\n return CacheType.ID_TOKEN;\r\n case CredentialType.ACCESS_TOKEN:\r\n case CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME:\r\n return CacheType.ACCESS_TOKEN;\r\n case CredentialType.REFRESH_TOKEN:\r\n return CacheType.REFRESH_TOKEN;\r\n default: {\r\n throw ClientAuthError.createUnexpectedCredentialTypeError();\r\n }\r\n }\r\n };\r\n /**\r\n * helper function to return `CredentialType`\r\n * @param key\r\n */\r\n CredentialEntity.getCredentialType = function (key) {\r\n // First keyword search will match all \"AccessToken\" and \"AccessToken_With_AuthScheme\" credentials\r\n if (key.indexOf(CredentialType.ACCESS_TOKEN.toLowerCase()) !== -1) {\r\n // Perform second search to differentiate between \"AccessToken\" and \"AccessToken_With_AuthScheme\" credential types\r\n if (key.indexOf(CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase()) !== -1) {\r\n return CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME;\r\n }\r\n return CredentialType.ACCESS_TOKEN;\r\n }\r\n else if (key.indexOf(CredentialType.ID_TOKEN.toLowerCase()) !== -1) {\r\n return CredentialType.ID_TOKEN;\r\n }\r\n else if (key.indexOf(CredentialType.REFRESH_TOKEN.toLowerCase()) !== -1) {\r\n return CredentialType.REFRESH_TOKEN;\r\n }\r\n return Constants.NOT_DEFINED;\r\n };\r\n /**\r\n * generates credential key\r\n * -\\-----\r\n */\r\n CredentialEntity.generateCredentialCacheKey = function (homeAccountId, environment, credentialType, clientId, realm, target, familyId, tokenType) {\r\n var credentialKey = [\r\n this.generateAccountIdForCacheKey(homeAccountId, environment),\r\n this.generateCredentialIdForCacheKey(credentialType, clientId, realm, familyId),\r\n this.generateTargetForCacheKey(target)\r\n ];\r\n // PoP Tokens and SSH certs include scheme in cache key\r\n if (tokenType && tokenType !== AuthenticationScheme.BEARER) {\r\n credentialKey.push(tokenType.toLowerCase());\r\n }\r\n return credentialKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n };\r\n /**\r\n * generates Account Id for keys\r\n * @param homeAccountId\r\n * @param environment\r\n */\r\n CredentialEntity.generateAccountIdForCacheKey = function (homeAccountId, environment) {\r\n var accountId = [homeAccountId, environment];\r\n return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n };\r\n /**\r\n * Generates Credential Id for keys\r\n * @param credentialType\r\n * @param realm\r\n * @param clientId\r\n * @param familyId\r\n */\r\n CredentialEntity.generateCredentialIdForCacheKey = function (credentialType, clientId, realm, familyId) {\r\n var clientOrFamilyId = credentialType === CredentialType.REFRESH_TOKEN\r\n ? familyId || clientId\r\n : clientId;\r\n var credentialId = [\r\n credentialType,\r\n clientOrFamilyId,\r\n realm || \"\",\r\n ];\r\n return credentialId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n };\r\n /**\r\n * Generate target key component as per schema: \r\n */\r\n CredentialEntity.generateTargetForCacheKey = function (scopes) {\r\n return (scopes || \"\").toLowerCase();\r\n };\r\n return CredentialEntity;\r\n}());\n\nexport { CredentialEntity };\n//# sourceMappingURL=CredentialEntity.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { AUTHORITY_METADATA_CONSTANTS } from '../../utils/Constants.js';\nimport { TimeUtils } from '../../utils/TimeUtils.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nvar AuthorityMetadataEntity = /** @class */ (function () {\r\n function AuthorityMetadataEntity() {\r\n this.expiresAt = TimeUtils.nowSeconds() + AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS;\r\n }\r\n /**\r\n * Update the entity with new aliases, preferred_cache and preferred_network values\r\n * @param metadata\r\n * @param fromNetwork\r\n */\r\n AuthorityMetadataEntity.prototype.updateCloudDiscoveryMetadata = function (metadata, fromNetwork) {\r\n this.aliases = metadata.aliases;\r\n this.preferred_cache = metadata.preferred_cache;\r\n this.preferred_network = metadata.preferred_network;\r\n this.aliasesFromNetwork = fromNetwork;\r\n };\r\n /**\r\n * Update the entity with new endpoints\r\n * @param metadata\r\n * @param fromNetwork\r\n */\r\n AuthorityMetadataEntity.prototype.updateEndpointMetadata = function (metadata, fromNetwork) {\r\n this.authorization_endpoint = metadata.authorization_endpoint;\r\n this.token_endpoint = metadata.token_endpoint;\r\n this.end_session_endpoint = metadata.end_session_endpoint;\r\n this.issuer = metadata.issuer;\r\n this.endpointsFromNetwork = fromNetwork;\r\n };\r\n /**\r\n * Save the authority that was used to create this cache entry\r\n * @param authority\r\n */\r\n AuthorityMetadataEntity.prototype.updateCanonicalAuthority = function (authority) {\r\n this.canonical_authority = authority;\r\n };\r\n /**\r\n * Reset the exiresAt value\r\n */\r\n AuthorityMetadataEntity.prototype.resetExpiresAt = function () {\r\n this.expiresAt = TimeUtils.nowSeconds() + AUTHORITY_METADATA_CONSTANTS.REFRESH_TIME_SECONDS;\r\n };\r\n /**\r\n * Returns whether or not the data needs to be refreshed\r\n */\r\n AuthorityMetadataEntity.prototype.isExpired = function () {\r\n return this.expiresAt <= TimeUtils.nowSeconds();\r\n };\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n AuthorityMetadataEntity.isAuthorityMetadataEntity = function (key, entity) {\r\n if (!entity) {\r\n return false;\r\n }\r\n return (key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) === 0 &&\r\n entity.hasOwnProperty(\"aliases\") &&\r\n entity.hasOwnProperty(\"preferred_cache\") &&\r\n entity.hasOwnProperty(\"preferred_network\") &&\r\n entity.hasOwnProperty(\"canonical_authority\") &&\r\n entity.hasOwnProperty(\"authorization_endpoint\") &&\r\n entity.hasOwnProperty(\"token_endpoint\") &&\r\n entity.hasOwnProperty(\"issuer\") &&\r\n entity.hasOwnProperty(\"aliasesFromNetwork\") &&\r\n entity.hasOwnProperty(\"endpointsFromNetwork\") &&\r\n entity.hasOwnProperty(\"expiresAt\"));\r\n };\r\n return AuthorityMetadataEntity;\r\n}());\n\nexport { AuthorityMetadataEntity };\n//# sourceMappingURL=AuthorityMetadataEntity.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __extends } from '../_virtual/_tslib.js';\nimport { AuthError } from './AuthError.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * ClientAuthErrorMessage class containing string constants used by error codes and messages.\r\n */\r\nvar ClientAuthErrorMessage = {\r\n clientInfoDecodingError: {\r\n code: \"client_info_decoding_error\",\r\n desc: \"The client info could not be parsed/decoded correctly. Please review the trace to determine the root cause.\"\r\n },\r\n clientInfoEmptyError: {\r\n code: \"client_info_empty_error\",\r\n desc: \"The client info was empty. Please review the trace to determine the root cause.\"\r\n },\r\n tokenParsingError: {\r\n code: \"token_parsing_error\",\r\n desc: \"Token cannot be parsed. Please review stack trace to determine root cause.\"\r\n },\r\n nullOrEmptyToken: {\r\n code: \"null_or_empty_token\",\r\n desc: \"The token is null or empty. Please review the trace to determine the root cause.\"\r\n },\r\n endpointResolutionError: {\r\n code: \"endpoints_resolution_error\",\r\n desc: \"Error: could not resolve endpoints. Please check network and try again.\"\r\n },\r\n networkError: {\r\n code: \"network_error\",\r\n desc: \"Network request failed. Please check network trace to determine root cause.\"\r\n },\r\n unableToGetOpenidConfigError: {\r\n code: \"openid_config_error\",\r\n desc: \"Could not retrieve endpoints. Check your authority and verify the .well-known/openid-configuration endpoint returns the required endpoints.\"\r\n },\r\n hashNotDeserialized: {\r\n code: \"hash_not_deserialized\",\r\n desc: \"The hash parameters could not be deserialized. Please review the trace to determine the root cause.\"\r\n },\r\n blankGuidGenerated: {\r\n code: \"blank_guid_generated\",\r\n desc: \"The guid generated was blank. Please review the trace to determine the root cause.\"\r\n },\r\n invalidStateError: {\r\n code: \"invalid_state\",\r\n desc: \"State was not the expected format. Please check the logs to determine whether the request was sent using ProtocolUtils.setRequestState().\"\r\n },\r\n stateMismatchError: {\r\n code: \"state_mismatch\",\r\n desc: \"State mismatch error. Please check your network. Continued requests may cause cache overflow.\"\r\n },\r\n stateNotFoundError: {\r\n code: \"state_not_found\",\r\n desc: \"State not found\"\r\n },\r\n nonceMismatchError: {\r\n code: \"nonce_mismatch\",\r\n desc: \"Nonce mismatch error. This may be caused by a race condition in concurrent requests.\"\r\n },\r\n nonceNotFoundError: {\r\n code: \"nonce_not_found\",\r\n desc: \"nonce not found\"\r\n },\r\n noTokensFoundError: {\r\n code: \"no_tokens_found\",\r\n desc: \"No tokens were found for the given scopes, and no authorization code was passed to acquireToken. You must retrieve an authorization code before making a call to acquireToken().\"\r\n },\r\n multipleMatchingTokens: {\r\n code: \"multiple_matching_tokens\",\r\n desc: \"The cache contains multiple tokens satisfying the requirements. \" +\r\n \"Call AcquireToken again providing more requirements such as authority or account.\"\r\n },\r\n multipleMatchingAccounts: {\r\n code: \"multiple_matching_accounts\",\r\n desc: \"The cache contains multiple accounts satisfying the given parameters. Please pass more info to obtain the correct account\"\r\n },\r\n multipleMatchingAppMetadata: {\r\n code: \"multiple_matching_appMetadata\",\r\n desc: \"The cache contains multiple appMetadata satisfying the given parameters. Please pass more info to obtain the correct appMetadata\"\r\n },\r\n tokenRequestCannotBeMade: {\r\n code: \"request_cannot_be_made\",\r\n desc: \"Token request cannot be made without authorization code or refresh token.\"\r\n },\r\n appendEmptyScopeError: {\r\n code: \"cannot_append_empty_scope\",\r\n desc: \"Cannot append null or empty scope to ScopeSet. Please check the stack trace for more info.\"\r\n },\r\n removeEmptyScopeError: {\r\n code: \"cannot_remove_empty_scope\",\r\n desc: \"Cannot remove null or empty scope from ScopeSet. Please check the stack trace for more info.\"\r\n },\r\n appendScopeSetError: {\r\n code: \"cannot_append_scopeset\",\r\n desc: \"Cannot append ScopeSet due to error.\"\r\n },\r\n emptyInputScopeSetError: {\r\n code: \"empty_input_scopeset\",\r\n desc: \"Empty input ScopeSet cannot be processed.\"\r\n },\r\n DeviceCodePollingCancelled: {\r\n code: \"device_code_polling_cancelled\",\r\n desc: \"Caller has cancelled token endpoint polling during device code flow by setting DeviceCodeRequest.cancel = true.\"\r\n },\r\n DeviceCodeExpired: {\r\n code: \"device_code_expired\",\r\n desc: \"Device code is expired.\"\r\n },\r\n DeviceCodeUnknownError: {\r\n code: \"device_code_unknown_error\",\r\n desc: \"Device code stopped polling for unknown reasons.\"\r\n },\r\n NoAccountInSilentRequest: {\r\n code: \"no_account_in_silent_request\",\r\n desc: \"Please pass an account object, silent flow is not supported without account information\"\r\n },\r\n invalidCacheRecord: {\r\n code: \"invalid_cache_record\",\r\n desc: \"Cache record object was null or undefined.\"\r\n },\r\n invalidCacheEnvironment: {\r\n code: \"invalid_cache_environment\",\r\n desc: \"Invalid environment when attempting to create cache entry\"\r\n },\r\n noAccountFound: {\r\n code: \"no_account_found\",\r\n desc: \"No account found in cache for given key.\"\r\n },\r\n CachePluginError: {\r\n code: \"no cache plugin set on CacheManager\",\r\n desc: \"ICachePlugin needs to be set before using readFromStorage or writeFromStorage\"\r\n },\r\n noCryptoObj: {\r\n code: \"no_crypto_object\",\r\n desc: \"No crypto object detected. This is required for the following operation: \"\r\n },\r\n invalidCacheType: {\r\n code: \"invalid_cache_type\",\r\n desc: \"Invalid cache type\"\r\n },\r\n unexpectedAccountType: {\r\n code: \"unexpected_account_type\",\r\n desc: \"Unexpected account type.\"\r\n },\r\n unexpectedCredentialType: {\r\n code: \"unexpected_credential_type\",\r\n desc: \"Unexpected credential type.\"\r\n },\r\n invalidAssertion: {\r\n code: \"invalid_assertion\",\r\n desc: \"Client assertion must meet requirements described in https://tools.ietf.org/html/rfc7515\"\r\n },\r\n invalidClientCredential: {\r\n code: \"invalid_client_credential\",\r\n desc: \"Client credential (secret, certificate, or assertion) must not be empty when creating a confidential client. An application should at most have one credential\"\r\n },\r\n tokenRefreshRequired: {\r\n code: \"token_refresh_required\",\r\n desc: \"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.\"\r\n },\r\n userTimeoutReached: {\r\n code: \"user_timeout_reached\",\r\n desc: \"User defined timeout for device code polling reached\",\r\n },\r\n tokenClaimsRequired: {\r\n code: \"token_claims_cnf_required_for_signedjwt\",\r\n desc: \"Cannot generate a POP jwt if the token_claims are not populated\"\r\n },\r\n noAuthorizationCodeFromServer: {\r\n code: \"authorization_code_missing_from_server_response\",\r\n desc: \"Server response does not contain an authorization code to proceed\"\r\n },\r\n noAzureRegionDetected: {\r\n code: \"no_azure_region_detected\",\r\n desc: \"No azure region was detected and no fallback was made available\"\r\n },\r\n accessTokenEntityNullError: {\r\n code: \"access_token_entity_null\",\r\n desc: \"Access token entity is null, please check logs and cache to ensure a valid access token is present.\"\r\n },\r\n bindingKeyNotRemovedError: {\r\n code: \"binding_key_not_removed\",\r\n desc: \"Could not remove the credential's binding key from storage.\"\r\n },\r\n logoutNotSupported: {\r\n code: \"end_session_endpoint_not_supported\",\r\n desc: \"Provided authority does not support logout.\"\r\n }\r\n};\r\n/**\r\n * Error thrown when there is an error in the client code running on the browser.\r\n */\r\nvar ClientAuthError = /** @class */ (function (_super) {\r\n __extends(ClientAuthError, _super);\r\n function ClientAuthError(errorCode, errorMessage) {\r\n var _this = _super.call(this, errorCode, errorMessage) || this;\r\n _this.name = \"ClientAuthError\";\r\n Object.setPrototypeOf(_this, ClientAuthError.prototype);\r\n return _this;\r\n }\r\n /**\r\n * Creates an error thrown when client info object doesn't decode correctly.\r\n * @param caughtError\r\n */\r\n ClientAuthError.createClientInfoDecodingError = function (caughtError) {\r\n return new ClientAuthError(ClientAuthErrorMessage.clientInfoDecodingError.code, ClientAuthErrorMessage.clientInfoDecodingError.desc + \" Failed with error: \" + caughtError);\r\n };\r\n /**\r\n * Creates an error thrown if the client info is empty.\r\n * @param rawClientInfo\r\n */\r\n ClientAuthError.createClientInfoEmptyError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.clientInfoEmptyError.code, \"\" + ClientAuthErrorMessage.clientInfoEmptyError.desc);\r\n };\r\n /**\r\n * Creates an error thrown when the id token extraction errors out.\r\n * @param err\r\n */\r\n ClientAuthError.createTokenParsingError = function (caughtExtractionError) {\r\n return new ClientAuthError(ClientAuthErrorMessage.tokenParsingError.code, ClientAuthErrorMessage.tokenParsingError.desc + \" Failed with error: \" + caughtExtractionError);\r\n };\r\n /**\r\n * Creates an error thrown when the id token string is null or empty.\r\n * @param invalidRawTokenString\r\n */\r\n ClientAuthError.createTokenNullOrEmptyError = function (invalidRawTokenString) {\r\n return new ClientAuthError(ClientAuthErrorMessage.nullOrEmptyToken.code, ClientAuthErrorMessage.nullOrEmptyToken.desc + \" Raw Token Value: \" + invalidRawTokenString);\r\n };\r\n /**\r\n * Creates an error thrown when the endpoint discovery doesn't complete correctly.\r\n */\r\n ClientAuthError.createEndpointDiscoveryIncompleteError = function (errDetail) {\r\n return new ClientAuthError(ClientAuthErrorMessage.endpointResolutionError.code, ClientAuthErrorMessage.endpointResolutionError.desc + \" Detail: \" + errDetail);\r\n };\r\n /**\r\n * Creates an error thrown when the fetch client throws\r\n */\r\n ClientAuthError.createNetworkError = function (endpoint, errDetail) {\r\n return new ClientAuthError(ClientAuthErrorMessage.networkError.code, ClientAuthErrorMessage.networkError.desc + \" | Fetch client threw: \" + errDetail + \" | Attempted to reach: \" + endpoint.split(\"?\")[0]);\r\n };\r\n /**\r\n * Creates an error thrown when the openid-configuration endpoint cannot be reached or does not contain the required data\r\n */\r\n ClientAuthError.createUnableToGetOpenidConfigError = function (errDetail) {\r\n return new ClientAuthError(ClientAuthErrorMessage.unableToGetOpenidConfigError.code, ClientAuthErrorMessage.unableToGetOpenidConfigError.desc + \" Attempted to retrieve endpoints from: \" + errDetail);\r\n };\r\n /**\r\n * Creates an error thrown when the hash cannot be deserialized.\r\n * @param hashParamObj\r\n */\r\n ClientAuthError.createHashNotDeserializedError = function (hashParamObj) {\r\n return new ClientAuthError(ClientAuthErrorMessage.hashNotDeserialized.code, ClientAuthErrorMessage.hashNotDeserialized.desc + \" Given Object: \" + hashParamObj);\r\n };\r\n /**\r\n * Creates an error thrown when the state cannot be parsed.\r\n * @param invalidState\r\n */\r\n ClientAuthError.createInvalidStateError = function (invalidState, errorString) {\r\n return new ClientAuthError(ClientAuthErrorMessage.invalidStateError.code, ClientAuthErrorMessage.invalidStateError.desc + \" Invalid State: \" + invalidState + \", Root Err: \" + errorString);\r\n };\r\n /**\r\n * Creates an error thrown when two states do not match.\r\n */\r\n ClientAuthError.createStateMismatchError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.stateMismatchError.code, ClientAuthErrorMessage.stateMismatchError.desc);\r\n };\r\n /**\r\n * Creates an error thrown when the state is not present\r\n * @param missingState\r\n */\r\n ClientAuthError.createStateNotFoundError = function (missingState) {\r\n return new ClientAuthError(ClientAuthErrorMessage.stateNotFoundError.code, ClientAuthErrorMessage.stateNotFoundError.desc + \": \" + missingState);\r\n };\r\n /**\r\n * Creates an error thrown when the nonce does not match.\r\n */\r\n ClientAuthError.createNonceMismatchError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.nonceMismatchError.code, ClientAuthErrorMessage.nonceMismatchError.desc);\r\n };\r\n /**\r\n * Creates an error thrown when the mnonce is not present\r\n * @param missingNonce\r\n */\r\n ClientAuthError.createNonceNotFoundError = function (missingNonce) {\r\n return new ClientAuthError(ClientAuthErrorMessage.nonceNotFoundError.code, ClientAuthErrorMessage.nonceNotFoundError.desc + \": \" + missingNonce);\r\n };\r\n /**\r\n * Throws error when multiple tokens are in cache.\r\n */\r\n ClientAuthError.createMultipleMatchingTokensInCacheError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.multipleMatchingTokens.code, ClientAuthErrorMessage.multipleMatchingTokens.desc + \".\");\r\n };\r\n /**\r\n * Throws error when multiple accounts are in cache for the given params\r\n */\r\n ClientAuthError.createMultipleMatchingAccountsInCacheError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.multipleMatchingAccounts.code, ClientAuthErrorMessage.multipleMatchingAccounts.desc);\r\n };\r\n /**\r\n * Throws error when multiple appMetada are in cache for the given clientId.\r\n */\r\n ClientAuthError.createMultipleMatchingAppMetadataInCacheError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.multipleMatchingAppMetadata.code, ClientAuthErrorMessage.multipleMatchingAppMetadata.desc);\r\n };\r\n /**\r\n * Throws error when no auth code or refresh token is given to ServerTokenRequestParameters.\r\n */\r\n ClientAuthError.createTokenRequestCannotBeMadeError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.tokenRequestCannotBeMade.code, ClientAuthErrorMessage.tokenRequestCannotBeMade.desc);\r\n };\r\n /**\r\n * Throws error when attempting to append a null, undefined or empty scope to a set\r\n * @param givenScope\r\n */\r\n ClientAuthError.createAppendEmptyScopeToSetError = function (givenScope) {\r\n return new ClientAuthError(ClientAuthErrorMessage.appendEmptyScopeError.code, ClientAuthErrorMessage.appendEmptyScopeError.desc + \" Given Scope: \" + givenScope);\r\n };\r\n /**\r\n * Throws error when attempting to append a null, undefined or empty scope to a set\r\n * @param givenScope\r\n */\r\n ClientAuthError.createRemoveEmptyScopeFromSetError = function (givenScope) {\r\n return new ClientAuthError(ClientAuthErrorMessage.removeEmptyScopeError.code, ClientAuthErrorMessage.removeEmptyScopeError.desc + \" Given Scope: \" + givenScope);\r\n };\r\n /**\r\n * Throws error when attempting to append null or empty ScopeSet.\r\n * @param appendError\r\n */\r\n ClientAuthError.createAppendScopeSetError = function (appendError) {\r\n return new ClientAuthError(ClientAuthErrorMessage.appendScopeSetError.code, ClientAuthErrorMessage.appendScopeSetError.desc + \" Detail Error: \" + appendError);\r\n };\r\n /**\r\n * Throws error if ScopeSet is null or undefined.\r\n * @param givenScopeSet\r\n */\r\n ClientAuthError.createEmptyInputScopeSetError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.emptyInputScopeSetError.code, \"\" + ClientAuthErrorMessage.emptyInputScopeSetError.desc);\r\n };\r\n /**\r\n * Throws error if user sets CancellationToken.cancel = true during polling of token endpoint during device code flow\r\n */\r\n ClientAuthError.createDeviceCodeCancelledError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.DeviceCodePollingCancelled.code, \"\" + ClientAuthErrorMessage.DeviceCodePollingCancelled.desc);\r\n };\r\n /**\r\n * Throws error if device code is expired\r\n */\r\n ClientAuthError.createDeviceCodeExpiredError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.DeviceCodeExpired.code, \"\" + ClientAuthErrorMessage.DeviceCodeExpired.desc);\r\n };\r\n /**\r\n * Throws error if device code is expired\r\n */\r\n ClientAuthError.createDeviceCodeUnknownError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.DeviceCodeUnknownError.code, \"\" + ClientAuthErrorMessage.DeviceCodeUnknownError.desc);\r\n };\r\n /**\r\n * Throws error when silent requests are made without an account object\r\n */\r\n ClientAuthError.createNoAccountInSilentRequestError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.NoAccountInSilentRequest.code, \"\" + ClientAuthErrorMessage.NoAccountInSilentRequest.desc);\r\n };\r\n /**\r\n * Throws error when cache record is null or undefined.\r\n */\r\n ClientAuthError.createNullOrUndefinedCacheRecord = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.invalidCacheRecord.code, ClientAuthErrorMessage.invalidCacheRecord.desc);\r\n };\r\n /**\r\n * Throws error when provided environment is not part of the CloudDiscoveryMetadata object\r\n */\r\n ClientAuthError.createInvalidCacheEnvironmentError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.invalidCacheEnvironment.code, ClientAuthErrorMessage.invalidCacheEnvironment.desc);\r\n };\r\n /**\r\n * Throws error when account is not found in cache.\r\n */\r\n ClientAuthError.createNoAccountFoundError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.noAccountFound.code, ClientAuthErrorMessage.noAccountFound.desc);\r\n };\r\n /**\r\n * Throws error if ICachePlugin not set on CacheManager.\r\n */\r\n ClientAuthError.createCachePluginError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.CachePluginError.code, \"\" + ClientAuthErrorMessage.CachePluginError.desc);\r\n };\r\n /**\r\n * Throws error if crypto object not found.\r\n * @param operationName\r\n */\r\n ClientAuthError.createNoCryptoObjectError = function (operationName) {\r\n return new ClientAuthError(ClientAuthErrorMessage.noCryptoObj.code, \"\" + ClientAuthErrorMessage.noCryptoObj.desc + operationName);\r\n };\r\n /**\r\n * Throws error if cache type is invalid.\r\n */\r\n ClientAuthError.createInvalidCacheTypeError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.invalidCacheType.code, \"\" + ClientAuthErrorMessage.invalidCacheType.desc);\r\n };\r\n /**\r\n * Throws error if unexpected account type.\r\n */\r\n ClientAuthError.createUnexpectedAccountTypeError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.unexpectedAccountType.code, \"\" + ClientAuthErrorMessage.unexpectedAccountType.desc);\r\n };\r\n /**\r\n * Throws error if unexpected credential type.\r\n */\r\n ClientAuthError.createUnexpectedCredentialTypeError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.unexpectedCredentialType.code, \"\" + ClientAuthErrorMessage.unexpectedCredentialType.desc);\r\n };\r\n /**\r\n * Throws error if client assertion is not valid.\r\n */\r\n ClientAuthError.createInvalidAssertionError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.invalidAssertion.code, \"\" + ClientAuthErrorMessage.invalidAssertion.desc);\r\n };\r\n /**\r\n * Throws error if client assertion is not valid.\r\n */\r\n ClientAuthError.createInvalidCredentialError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.invalidClientCredential.code, \"\" + ClientAuthErrorMessage.invalidClientCredential.desc);\r\n };\r\n /**\r\n * Throws error if token cannot be retrieved from cache due to refresh being required.\r\n */\r\n ClientAuthError.createRefreshRequiredError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.tokenRefreshRequired.code, ClientAuthErrorMessage.tokenRefreshRequired.desc);\r\n };\r\n /**\r\n * Throws error if the user defined timeout is reached.\r\n */\r\n ClientAuthError.createUserTimeoutReachedError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.userTimeoutReached.code, ClientAuthErrorMessage.userTimeoutReached.desc);\r\n };\r\n /*\r\n * Throws error if token claims are not populated for a signed jwt generation\r\n */\r\n ClientAuthError.createTokenClaimsRequiredError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.tokenClaimsRequired.code, ClientAuthErrorMessage.tokenClaimsRequired.desc);\r\n };\r\n /**\r\n * Throws error when the authorization code is missing from the server response\r\n */\r\n ClientAuthError.createNoAuthCodeInServerResponseError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.noAuthorizationCodeFromServer.code, ClientAuthErrorMessage.noAuthorizationCodeFromServer.desc);\r\n };\r\n ClientAuthError.createBindingKeyNotRemovedError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.bindingKeyNotRemovedError.code, ClientAuthErrorMessage.bindingKeyNotRemovedError.desc);\r\n };\r\n /**\r\n * Thrown when logout is attempted for an authority that doesnt have an end_session_endpoint\r\n */\r\n ClientAuthError.createLogoutNotSupportedError = function () {\r\n return new ClientAuthError(ClientAuthErrorMessage.logoutNotSupported.code, ClientAuthErrorMessage.logoutNotSupported.desc);\r\n };\r\n return ClientAuthError;\r\n}(AuthError));\n\nexport { ClientAuthError, ClientAuthErrorMessage };\n//# sourceMappingURL=ClientAuthError.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { Separators, APP_METADATA } from '../../utils/Constants.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * APP_METADATA Cache\r\n *\r\n * Key:Value Schema:\r\n *\r\n * Key: appmetadata--\r\n *\r\n * Value:\r\n * {\r\n * clientId: client ID of the application\r\n * environment: entity that issued the token, represented as a full host\r\n * familyId: Family ID identifier, '1' represents Microsoft Family\r\n * }\r\n */\r\nvar AppMetadataEntity = /** @class */ (function () {\r\n function AppMetadataEntity() {\r\n }\r\n /**\r\n * Generate AppMetadata Cache Key as per the schema: appmetadata--\r\n */\r\n AppMetadataEntity.prototype.generateAppMetadataKey = function () {\r\n return AppMetadataEntity.generateAppMetadataCacheKey(this.environment, this.clientId);\r\n };\r\n /**\r\n * Generate AppMetadata Cache Key\r\n */\r\n AppMetadataEntity.generateAppMetadataCacheKey = function (environment, clientId) {\r\n var appMetaDataKeyArray = [\r\n APP_METADATA,\r\n environment,\r\n clientId,\r\n ];\r\n return appMetaDataKeyArray.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n };\r\n /**\r\n * Creates AppMetadataEntity\r\n * @param clientId\r\n * @param environment\r\n * @param familyId\r\n */\r\n AppMetadataEntity.createAppMetadataEntity = function (clientId, environment, familyId) {\r\n var appMetadata = new AppMetadataEntity();\r\n appMetadata.clientId = clientId;\r\n appMetadata.environment = environment;\r\n if (familyId) {\r\n appMetadata.familyId = familyId;\r\n }\r\n return appMetadata;\r\n };\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n AppMetadataEntity.isAppMetadataEntity = function (key, entity) {\r\n if (!entity) {\r\n return false;\r\n }\r\n return (key.indexOf(APP_METADATA) === 0 &&\r\n entity.hasOwnProperty(\"clientId\") &&\r\n entity.hasOwnProperty(\"environment\"));\r\n };\r\n return AppMetadataEntity;\r\n}());\n\nexport { AppMetadataEntity };\n//# sourceMappingURL=AppMetadataEntity.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __extends } from '../_virtual/_tslib.js';\nimport { AuthError } from './AuthError.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * InteractionRequiredServerErrorMessage contains string constants used by error codes and messages returned by the server indicating interaction is required\r\n */\r\nvar InteractionRequiredServerErrorMessage = [\r\n \"interaction_required\",\r\n \"consent_required\",\r\n \"login_required\"\r\n];\r\nvar InteractionRequiredAuthSubErrorMessage = [\r\n \"message_only\",\r\n \"additional_action\",\r\n \"basic_action\",\r\n \"user_password_expired\",\r\n \"consent_required\"\r\n];\r\n/**\r\n * Interaction required errors defined by the SDK\r\n */\r\nvar InteractionRequiredAuthErrorMessage = {\r\n noTokensFoundError: {\r\n code: \"no_tokens_found\",\r\n desc: \"No refresh token found in the cache. Please sign-in.\"\r\n }\r\n};\r\n/**\r\n * Error thrown when user interaction is required.\r\n */\r\nvar InteractionRequiredAuthError = /** @class */ (function (_super) {\r\n __extends(InteractionRequiredAuthError, _super);\r\n function InteractionRequiredAuthError(errorCode, errorMessage, subError) {\r\n var _this = _super.call(this, errorCode, errorMessage, subError) || this;\r\n _this.name = \"InteractionRequiredAuthError\";\r\n Object.setPrototypeOf(_this, InteractionRequiredAuthError.prototype);\r\n return _this;\r\n }\r\n /**\r\n * Helper function used to determine if an error thrown by the server requires interaction to resolve\r\n * @param errorCode\r\n * @param errorString\r\n * @param subError\r\n */\r\n InteractionRequiredAuthError.isInteractionRequiredError = function (errorCode, errorString, subError) {\r\n var isInteractionRequiredErrorCode = !!errorCode && InteractionRequiredServerErrorMessage.indexOf(errorCode) > -1;\r\n var isInteractionRequiredSubError = !!subError && InteractionRequiredAuthSubErrorMessage.indexOf(subError) > -1;\r\n var isInteractionRequiredErrorDesc = !!errorString && InteractionRequiredServerErrorMessage.some(function (irErrorCode) {\r\n return errorString.indexOf(irErrorCode) > -1;\r\n });\r\n return isInteractionRequiredErrorCode || isInteractionRequiredErrorDesc || isInteractionRequiredSubError;\r\n };\r\n /**\r\n * Creates an error thrown when the authorization code required for a token request is null or empty.\r\n */\r\n InteractionRequiredAuthError.createNoTokensFoundError = function () {\r\n return new InteractionRequiredAuthError(InteractionRequiredAuthErrorMessage.noTokensFoundError.code, InteractionRequiredAuthErrorMessage.noTokensFoundError.desc);\r\n };\r\n return InteractionRequiredAuthError;\r\n}(AuthError));\n\nexport { InteractionRequiredAuthError, InteractionRequiredAuthErrorMessage, InteractionRequiredAuthSubErrorMessage, InteractionRequiredServerErrorMessage };\n//# sourceMappingURL=InteractionRequiredAuthError.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { ThrottlingConstants } from '../../utils/Constants.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\nvar ThrottlingEntity = /** @class */ (function () {\r\n function ThrottlingEntity() {\r\n }\r\n /**\r\n * validates if a given cache entry is \"Throttling\", parses \r\n * @param key\r\n * @param entity\r\n */\r\n ThrottlingEntity.isThrottlingEntity = function (key, entity) {\r\n var validateKey = false;\r\n if (key) {\r\n validateKey = key.indexOf(ThrottlingConstants.THROTTLING_PREFIX) === 0;\r\n }\r\n var validateEntity = true;\r\n if (entity) {\r\n validateEntity = entity.hasOwnProperty(\"throttleTime\");\r\n }\r\n return validateKey && validateEntity;\r\n };\r\n return ThrottlingEntity;\r\n}());\n\nexport { ThrottlingEntity };\n//# sourceMappingURL=ThrottlingEntity.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __assign, __awaiter, __generator } from '../_virtual/_tslib.js';\nimport { DEFAULT_CRYPTO_IMPLEMENTATION } from '../crypto/ICrypto.js';\nimport { AuthError } from '../error/AuthError.js';\nimport { LogLevel } from '../logger/Logger.js';\nimport { Constants } from '../utils/Constants.js';\nimport { version } from '../packageMetadata.js';\nimport { DefaultStorageClass } from '../cache/CacheManager.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n// Token renewal offset default in seconds\r\nvar DEFAULT_TOKEN_RENEWAL_OFFSET_SEC = 300;\r\nvar DEFAULT_SYSTEM_OPTIONS = {\r\n tokenRenewalOffsetSeconds: DEFAULT_TOKEN_RENEWAL_OFFSET_SEC,\r\n preventCorsPreflight: false\r\n};\r\nvar DEFAULT_LOGGER_IMPLEMENTATION = {\r\n loggerCallback: function () {\r\n // allow users to not set loggerCallback\r\n },\r\n piiLoggingEnabled: false,\r\n logLevel: LogLevel.Info,\r\n correlationId: \"\"\r\n};\r\nvar DEFAULT_NETWORK_IMPLEMENTATION = {\r\n sendGetRequestAsync: function () {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var notImplErr;\r\n return __generator(this, function (_a) {\r\n notImplErr = \"Network interface - sendGetRequestAsync() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n });\r\n });\r\n },\r\n sendPostRequestAsync: function () {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var notImplErr;\r\n return __generator(this, function (_a) {\r\n notImplErr = \"Network interface - sendPostRequestAsync() has not been implemented\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n });\r\n });\r\n }\r\n};\r\nvar DEFAULT_LIBRARY_INFO = {\r\n sku: Constants.SKU,\r\n version: version,\r\n cpu: \"\",\r\n os: \"\"\r\n};\r\nvar DEFAULT_CLIENT_CREDENTIALS = {\r\n clientSecret: \"\",\r\n clientAssertion: undefined\r\n};\r\n/**\r\n * Function that sets the default options when not explicitly configured from app developer\r\n *\r\n * @param Configuration\r\n *\r\n * @returns Configuration\r\n */\r\nfunction buildClientConfiguration(_a) {\r\n var userAuthOptions = _a.authOptions, userSystemOptions = _a.systemOptions, userLoggerOption = _a.loggerOptions, storageImplementation = _a.storageInterface, networkImplementation = _a.networkInterface, cryptoImplementation = _a.cryptoInterface, clientCredentials = _a.clientCredentials, libraryInfo = _a.libraryInfo, serverTelemetryManager = _a.serverTelemetryManager, persistencePlugin = _a.persistencePlugin, serializableCache = _a.serializableCache;\r\n var loggerOptions = __assign(__assign({}, DEFAULT_LOGGER_IMPLEMENTATION), userLoggerOption);\r\n return {\r\n authOptions: buildAuthOptions(userAuthOptions),\r\n systemOptions: __assign(__assign({}, DEFAULT_SYSTEM_OPTIONS), userSystemOptions),\r\n loggerOptions: loggerOptions,\r\n storageInterface: storageImplementation || new DefaultStorageClass(userAuthOptions.clientId, DEFAULT_CRYPTO_IMPLEMENTATION),\r\n networkInterface: networkImplementation || DEFAULT_NETWORK_IMPLEMENTATION,\r\n cryptoInterface: cryptoImplementation || DEFAULT_CRYPTO_IMPLEMENTATION,\r\n clientCredentials: clientCredentials || DEFAULT_CLIENT_CREDENTIALS,\r\n libraryInfo: __assign(__assign({}, DEFAULT_LIBRARY_INFO), libraryInfo),\r\n serverTelemetryManager: serverTelemetryManager || null,\r\n persistencePlugin: persistencePlugin || null,\r\n serializableCache: serializableCache || null\r\n };\r\n}\r\n/**\r\n * Construct authoptions from the client and platform passed values\r\n * @param authOptions\r\n */\r\nfunction buildAuthOptions(authOptions) {\r\n return __assign({ clientCapabilities: [] }, authOptions);\r\n}\n\nexport { DEFAULT_SYSTEM_OPTIONS, buildClientConfiguration };\n//# sourceMappingURL=ClientConfiguration.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __extends } from '../_virtual/_tslib.js';\nimport { ClientAuthError } from './ClientAuthError.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * ClientConfigurationErrorMessage class containing string constants used by error codes and messages.\r\n */\r\nvar ClientConfigurationErrorMessage = {\r\n redirectUriNotSet: {\r\n code: \"redirect_uri_empty\",\r\n desc: \"A redirect URI is required for all calls, and none has been set.\"\r\n },\r\n postLogoutUriNotSet: {\r\n code: \"post_logout_uri_empty\",\r\n desc: \"A post logout redirect has not been set.\"\r\n },\r\n claimsRequestParsingError: {\r\n code: \"claims_request_parsing_error\",\r\n desc: \"Could not parse the given claims request object.\"\r\n },\r\n authorityUriInsecure: {\r\n code: \"authority_uri_insecure\",\r\n desc: \"Authority URIs must use https. Please see here for valid authority configuration options: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-initializing-client-applications#configuration-options\"\r\n },\r\n urlParseError: {\r\n code: \"url_parse_error\",\r\n desc: \"URL could not be parsed into appropriate segments.\"\r\n },\r\n urlEmptyError: {\r\n code: \"empty_url_error\",\r\n desc: \"URL was empty or null.\"\r\n },\r\n emptyScopesError: {\r\n code: \"empty_input_scopes_error\",\r\n desc: \"Scopes cannot be passed as null, undefined or empty array because they are required to obtain an access token.\"\r\n },\r\n nonArrayScopesError: {\r\n code: \"nonarray_input_scopes_error\",\r\n desc: \"Scopes cannot be passed as non-array.\"\r\n },\r\n clientIdSingleScopeError: {\r\n code: \"clientid_input_scopes_error\",\r\n desc: \"Client ID can only be provided as a single scope.\"\r\n },\r\n invalidPrompt: {\r\n code: \"invalid_prompt_value\",\r\n desc: \"Supported prompt values are 'login', 'select_account', 'consent', 'create' and 'none'. Please see here for valid configuration options: https://azuread.github.io/microsoft-authentication-library-for-js/ref/modules/_azure_msal_common.html#commonauthorizationurlrequest\",\r\n },\r\n invalidClaimsRequest: {\r\n code: \"invalid_claims\",\r\n desc: \"Given claims parameter must be a stringified JSON object.\"\r\n },\r\n tokenRequestEmptyError: {\r\n code: \"token_request_empty\",\r\n desc: \"Token request was empty and not found in cache.\"\r\n },\r\n logoutRequestEmptyError: {\r\n code: \"logout_request_empty\",\r\n desc: \"The logout request was null or undefined.\"\r\n },\r\n invalidCodeChallengeMethod: {\r\n code: \"invalid_code_challenge_method\",\r\n desc: \"code_challenge_method passed is invalid. Valid values are \\\"plain\\\" and \\\"S256\\\".\"\r\n },\r\n invalidCodeChallengeParams: {\r\n code: \"pkce_params_missing\",\r\n desc: \"Both params: code_challenge and code_challenge_method are to be passed if to be sent in the request\"\r\n },\r\n invalidCloudDiscoveryMetadata: {\r\n code: \"invalid_cloud_discovery_metadata\",\r\n desc: \"Invalid cloudDiscoveryMetadata provided. Must be a stringified JSON object containing tenant_discovery_endpoint and metadata fields\"\r\n },\r\n invalidAuthorityMetadata: {\r\n code: \"invalid_authority_metadata\",\r\n desc: \"Invalid authorityMetadata provided. Must by a stringified JSON object containing authorization_endpoint, token_endpoint, issuer fields.\"\r\n },\r\n untrustedAuthority: {\r\n code: \"untrusted_authority\",\r\n desc: \"The provided authority is not a trusted authority. Please include this authority in the knownAuthorities config parameter.\"\r\n },\r\n missingSshJwk: {\r\n code: \"missing_ssh_jwk\",\r\n desc: \"Missing sshJwk in SSH certificate request. A stringified JSON Web Key is required when using the SSH authentication scheme.\"\r\n },\r\n missingSshKid: {\r\n code: \"missing_ssh_kid\",\r\n desc: \"Missing sshKid in SSH certificate request. A string that uniquely identifies the public SSH key is required when using the SSH authentication scheme.\"\r\n },\r\n missingNonceAuthenticationHeader: {\r\n code: \"missing_nonce_authentication_header\",\r\n desc: \"Unable to find an authentication header containing server nonce. Either the Authentication-Info or WWW-Authenticate headers must be present in order to obtain a server nonce.\"\r\n },\r\n invalidAuthenticationHeader: {\r\n code: \"invalid_authentication_header\",\r\n desc: \"Invalid authentication header provided\"\r\n }\r\n};\r\n/**\r\n * Error thrown when there is an error in configuration of the MSAL.js library.\r\n */\r\nvar ClientConfigurationError = /** @class */ (function (_super) {\r\n __extends(ClientConfigurationError, _super);\r\n function ClientConfigurationError(errorCode, errorMessage) {\r\n var _this = _super.call(this, errorCode, errorMessage) || this;\r\n _this.name = \"ClientConfigurationError\";\r\n Object.setPrototypeOf(_this, ClientConfigurationError.prototype);\r\n return _this;\r\n }\r\n /**\r\n * Creates an error thrown when the redirect uri is empty (not set by caller)\r\n */\r\n ClientConfigurationError.createRedirectUriEmptyError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.redirectUriNotSet.code, ClientConfigurationErrorMessage.redirectUriNotSet.desc);\r\n };\r\n /**\r\n * Creates an error thrown when the post-logout redirect uri is empty (not set by caller)\r\n */\r\n ClientConfigurationError.createPostLogoutRedirectUriEmptyError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.postLogoutUriNotSet.code, ClientConfigurationErrorMessage.postLogoutUriNotSet.desc);\r\n };\r\n /**\r\n * Creates an error thrown when the claims request could not be successfully parsed\r\n */\r\n ClientConfigurationError.createClaimsRequestParsingError = function (claimsRequestParseError) {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.claimsRequestParsingError.code, ClientConfigurationErrorMessage.claimsRequestParsingError.desc + \" Given value: \" + claimsRequestParseError);\r\n };\r\n /**\r\n * Creates an error thrown if authority uri is given an insecure protocol.\r\n * @param urlString\r\n */\r\n ClientConfigurationError.createInsecureAuthorityUriError = function (urlString) {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.authorityUriInsecure.code, ClientConfigurationErrorMessage.authorityUriInsecure.desc + \" Given URI: \" + urlString);\r\n };\r\n /**\r\n * Creates an error thrown if URL string does not parse into separate segments.\r\n * @param urlString\r\n */\r\n ClientConfigurationError.createUrlParseError = function (urlParseError) {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.urlParseError.code, ClientConfigurationErrorMessage.urlParseError.desc + \" Given Error: \" + urlParseError);\r\n };\r\n /**\r\n * Creates an error thrown if URL string is empty or null.\r\n * @param urlString\r\n */\r\n ClientConfigurationError.createUrlEmptyError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.urlEmptyError.code, ClientConfigurationErrorMessage.urlEmptyError.desc);\r\n };\r\n /**\r\n * Error thrown when scopes are empty.\r\n * @param scopesValue\r\n */\r\n ClientConfigurationError.createEmptyScopesArrayError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.emptyScopesError.code, \"\" + ClientConfigurationErrorMessage.emptyScopesError.desc);\r\n };\r\n /**\r\n * Error thrown when client id scope is not provided as single scope.\r\n * @param inputScopes\r\n */\r\n ClientConfigurationError.createClientIdSingleScopeError = function (inputScopes) {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.clientIdSingleScopeError.code, ClientConfigurationErrorMessage.clientIdSingleScopeError.desc + \" Given Scopes: \" + inputScopes);\r\n };\r\n /**\r\n * Error thrown when prompt is not an allowed type.\r\n * @param promptValue\r\n */\r\n ClientConfigurationError.createInvalidPromptError = function (promptValue) {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidPrompt.code, ClientConfigurationErrorMessage.invalidPrompt.desc + \" Given value: \" + promptValue);\r\n };\r\n /**\r\n * Creates error thrown when claims parameter is not a stringified JSON object\r\n */\r\n ClientConfigurationError.createInvalidClaimsRequestError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidClaimsRequest.code, ClientConfigurationErrorMessage.invalidClaimsRequest.desc);\r\n };\r\n /**\r\n * Throws error when token request is empty and nothing cached in storage.\r\n */\r\n ClientConfigurationError.createEmptyLogoutRequestError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.logoutRequestEmptyError.code, ClientConfigurationErrorMessage.logoutRequestEmptyError.desc);\r\n };\r\n /**\r\n * Throws error when token request is empty and nothing cached in storage.\r\n */\r\n ClientConfigurationError.createEmptyTokenRequestError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.tokenRequestEmptyError.code, ClientConfigurationErrorMessage.tokenRequestEmptyError.desc);\r\n };\r\n /**\r\n * Throws error when an invalid code_challenge_method is passed by the user\r\n */\r\n ClientConfigurationError.createInvalidCodeChallengeMethodError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidCodeChallengeMethod.code, ClientConfigurationErrorMessage.invalidCodeChallengeMethod.desc);\r\n };\r\n /**\r\n * Throws error when both params: code_challenge and code_challenge_method are not passed together\r\n */\r\n ClientConfigurationError.createInvalidCodeChallengeParamsError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidCodeChallengeParams.code, ClientConfigurationErrorMessage.invalidCodeChallengeParams.desc);\r\n };\r\n /**\r\n * Throws an error when the user passes invalid cloudDiscoveryMetadata\r\n */\r\n ClientConfigurationError.createInvalidCloudDiscoveryMetadataError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidCloudDiscoveryMetadata.code, ClientConfigurationErrorMessage.invalidCloudDiscoveryMetadata.desc);\r\n };\r\n /**\r\n * Throws an error when the user passes invalid cloudDiscoveryMetadata\r\n */\r\n ClientConfigurationError.createInvalidAuthorityMetadataError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidAuthorityMetadata.code, ClientConfigurationErrorMessage.invalidAuthorityMetadata.desc);\r\n };\r\n /**\r\n * Throws error when provided authority is not a member of the trusted host list\r\n */\r\n ClientConfigurationError.createUntrustedAuthorityError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.untrustedAuthority.code, ClientConfigurationErrorMessage.untrustedAuthority.desc);\r\n };\r\n /*\r\n * Throws an error when the authentication scheme is set to SSH but the SSH public key is omitted from the request\r\n */\r\n ClientConfigurationError.createMissingSshJwkError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.missingSshJwk.code, ClientConfigurationErrorMessage.missingSshJwk.desc);\r\n };\r\n /**\r\n * Throws an error when the authentication scheme is set to SSH but the SSH public key ID is omitted from the request\r\n */\r\n ClientConfigurationError.createMissingSshKidError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.missingSshKid.code, ClientConfigurationErrorMessage.missingSshKid.desc);\r\n };\r\n /**\r\n * Throws error when provided headers don't contain a header that a server nonce can be extracted from\r\n */\r\n ClientConfigurationError.createMissingNonceAuthenticationHeadersError = function () {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.missingNonceAuthenticationHeader.code, ClientConfigurationErrorMessage.missingNonceAuthenticationHeader.desc);\r\n };\r\n /**\r\n * Throws error when a provided header is invalid in any way\r\n */\r\n ClientConfigurationError.createInvalidAuthenticationHeaderError = function (invalidHeaderName, details) {\r\n return new ClientConfigurationError(ClientConfigurationErrorMessage.invalidAuthenticationHeader.code, ClientConfigurationErrorMessage.invalidAuthenticationHeader.desc + \". Invalid header: \" + invalidHeaderName + \". Details: \" + details);\r\n };\r\n return ClientConfigurationError;\r\n}(ClientAuthError));\n\nexport { ClientConfigurationError, ClientConfigurationErrorMessage };\n//# sourceMappingURL=ClientConfigurationError.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __extends } from '../_virtual/_tslib.js';\nimport { Constants } from '../utils/Constants.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * AuthErrorMessage class containing string constants used by error codes and messages.\r\n */\r\nvar AuthErrorMessage = {\r\n unexpectedError: {\r\n code: \"unexpected_error\",\r\n desc: \"Unexpected error in authentication.\"\r\n }\r\n};\r\n/**\r\n * General error class thrown by the MSAL.js library.\r\n */\r\nvar AuthError = /** @class */ (function (_super) {\r\n __extends(AuthError, _super);\r\n function AuthError(errorCode, errorMessage, suberror) {\r\n var _this = this;\r\n var errorString = errorMessage ? errorCode + \": \" + errorMessage : errorCode;\r\n _this = _super.call(this, errorString) || this;\r\n Object.setPrototypeOf(_this, AuthError.prototype);\r\n _this.errorCode = errorCode || Constants.EMPTY_STRING;\r\n _this.errorMessage = errorMessage || \"\";\r\n _this.subError = suberror || \"\";\r\n _this.name = \"AuthError\";\r\n return _this;\r\n }\r\n AuthError.prototype.setCorrelationId = function (correlationId) {\r\n this.correlationId = correlationId;\r\n };\r\n /**\r\n * Creates an error that is thrown when something unexpected happens in the library.\r\n * @param errDesc\r\n */\r\n AuthError.createUnexpectedError = function (errDesc) {\r\n return new AuthError(AuthErrorMessage.unexpectedError.code, AuthErrorMessage.unexpectedError.desc + \": \" + errDesc);\r\n };\r\n return AuthError;\r\n}(Error));\n\nexport { AuthError, AuthErrorMessage };\n//# sourceMappingURL=AuthError.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __awaiter, __generator, __extends } from '../_virtual/_tslib.js';\nimport { Constants, CredentialType, AuthenticationScheme, CacheSchemaType, THE_FAMILY_ID, APP_METADATA, AUTHORITY_METADATA_CONSTANTS } from '../utils/Constants.js';\nimport { CredentialEntity } from './entities/CredentialEntity.js';\nimport { ScopeSet } from '../request/ScopeSet.js';\nimport { AccountEntity } from './entities/AccountEntity.js';\nimport { AuthError } from '../error/AuthError.js';\nimport { ClientAuthError } from '../error/ClientAuthError.js';\nimport { AuthToken } from '../account/AuthToken.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Interface class which implement cache storage functions used by MSAL to perform validity checks, and store tokens.\r\n */\r\nvar CacheManager = /** @class */ (function () {\r\n function CacheManager(clientId, cryptoImpl) {\r\n this.clientId = clientId;\r\n this.cryptoImpl = cryptoImpl;\r\n }\r\n /**\r\n * Returns all accounts in cache\r\n */\r\n CacheManager.prototype.getAllAccounts = function () {\r\n var _this = this;\r\n var currentAccounts = this.getAccountsFilteredBy();\r\n var accountValues = Object.keys(currentAccounts).map(function (accountKey) { return currentAccounts[accountKey]; });\r\n var numAccounts = accountValues.length;\r\n if (numAccounts < 1) {\r\n return [];\r\n }\r\n else {\r\n var allAccounts = accountValues.map(function (value) {\r\n var accountEntity = CacheManager.toObject(new AccountEntity(), value);\r\n var accountInfo = accountEntity.getAccountInfo();\r\n var idToken = _this.readIdTokenFromCache(_this.clientId, accountInfo);\r\n if (idToken && !accountInfo.idTokenClaims) {\r\n accountInfo.idTokenClaims = new AuthToken(idToken.secret, _this.cryptoImpl).claims;\r\n }\r\n return accountInfo;\r\n });\r\n return allAccounts;\r\n }\r\n };\r\n /**\r\n * saves a cache record\r\n * @param cacheRecord\r\n */\r\n CacheManager.prototype.saveCacheRecord = function (cacheRecord) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n if (!cacheRecord) {\r\n throw ClientAuthError.createNullOrUndefinedCacheRecord();\r\n }\r\n if (!!cacheRecord.account) {\r\n this.setAccount(cacheRecord.account);\r\n }\r\n if (!!cacheRecord.idToken) {\r\n this.setIdTokenCredential(cacheRecord.idToken);\r\n }\r\n if (!!!cacheRecord.accessToken) return [3 /*break*/, 2];\r\n return [4 /*yield*/, this.saveAccessToken(cacheRecord.accessToken)];\r\n case 1:\r\n _a.sent();\r\n _a.label = 2;\r\n case 2:\r\n if (!!cacheRecord.refreshToken) {\r\n this.setRefreshTokenCredential(cacheRecord.refreshToken);\r\n }\r\n if (!!cacheRecord.appMetadata) {\r\n this.setAppMetadata(cacheRecord.appMetadata);\r\n }\r\n return [2 /*return*/];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * saves access token credential\r\n * @param credential\r\n */\r\n CacheManager.prototype.saveAccessToken = function (credential) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var currentTokenCache, currentScopes, currentAccessTokens, removedAccessTokens_1;\r\n var _this = this;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n currentTokenCache = this.getCredentialsFilteredBy({\r\n clientId: credential.clientId,\r\n credentialType: credential.credentialType,\r\n environment: credential.environment,\r\n homeAccountId: credential.homeAccountId,\r\n realm: credential.realm,\r\n tokenType: credential.tokenType\r\n });\r\n currentScopes = ScopeSet.fromString(credential.target);\r\n currentAccessTokens = Object.keys(currentTokenCache.accessTokens).map(function (key) { return currentTokenCache.accessTokens[key]; });\r\n if (!currentAccessTokens) return [3 /*break*/, 2];\r\n removedAccessTokens_1 = [];\r\n currentAccessTokens.forEach(function (tokenEntity) {\r\n var tokenScopeSet = ScopeSet.fromString(tokenEntity.target);\r\n if (tokenScopeSet.intersectingScopeSets(currentScopes)) {\r\n removedAccessTokens_1.push(_this.removeCredential(tokenEntity));\r\n }\r\n });\r\n return [4 /*yield*/, Promise.all(removedAccessTokens_1)];\r\n case 1:\r\n _a.sent();\r\n _a.label = 2;\r\n case 2:\r\n this.setAccessTokenCredential(credential);\r\n return [2 /*return*/];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * retrieve accounts matching all provided filters; if no filter is set, get all accounts\r\n * not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared\r\n * @param homeAccountId\r\n * @param environment\r\n * @param realm\r\n */\r\n CacheManager.prototype.getAccountsFilteredBy = function (accountFilter) {\r\n return this.getAccountsFilteredByInternal(accountFilter ? accountFilter.homeAccountId : \"\", accountFilter ? accountFilter.environment : \"\", accountFilter ? accountFilter.realm : \"\");\r\n };\r\n /**\r\n * retrieve accounts matching all provided filters; if no filter is set, get all accounts\r\n * not checking for casing as keys are all generated in lower case, remember to convert to lower case if object properties are compared\r\n * @param homeAccountId\r\n * @param environment\r\n * @param realm\r\n */\r\n CacheManager.prototype.getAccountsFilteredByInternal = function (homeAccountId, environment, realm) {\r\n var _this = this;\r\n var allCacheKeys = this.getKeys();\r\n var matchingAccounts = {};\r\n allCacheKeys.forEach(function (cacheKey) {\r\n var entity = _this.getAccount(cacheKey);\r\n if (!entity) {\r\n return;\r\n }\r\n if (!!homeAccountId && !_this.matchHomeAccountId(entity, homeAccountId)) {\r\n return;\r\n }\r\n if (!!environment && !_this.matchEnvironment(entity, environment)) {\r\n return;\r\n }\r\n if (!!realm && !_this.matchRealm(entity, realm)) {\r\n return;\r\n }\r\n matchingAccounts[cacheKey] = entity;\r\n });\r\n return matchingAccounts;\r\n };\r\n /**\r\n * retrieve credentails matching all provided filters; if no filter is set, get all credentials\r\n * @param homeAccountId\r\n * @param environment\r\n * @param credentialType\r\n * @param clientId\r\n * @param realm\r\n * @param target\r\n */\r\n CacheManager.prototype.getCredentialsFilteredBy = function (filter) {\r\n return this.getCredentialsFilteredByInternal(filter.homeAccountId, filter.environment, filter.credentialType, filter.clientId, filter.familyId, filter.realm, filter.target, filter.oboAssertion, filter.tokenType, filter.keyId);\r\n };\r\n /**\r\n * Support function to help match credentials\r\n * @param homeAccountId\r\n * @param environment\r\n * @param credentialType\r\n * @param clientId\r\n * @param realm\r\n * @param target\r\n * @param oboAssertion\r\n * @param tokenType\r\n */\r\n CacheManager.prototype.getCredentialsFilteredByInternal = function (homeAccountId, environment, credentialType, clientId, familyId, realm, target, oboAssertion, tokenType, keyId) {\r\n var _this = this;\r\n var allCacheKeys = this.getKeys();\r\n var matchingCredentials = {\r\n idTokens: {},\r\n accessTokens: {},\r\n refreshTokens: {},\r\n };\r\n allCacheKeys.forEach(function (cacheKey) {\r\n // don't parse any non-credential type cache entities\r\n var credType = CredentialEntity.getCredentialType(cacheKey);\r\n if (credType === Constants.NOT_DEFINED) {\r\n return;\r\n }\r\n // Attempt retrieval\r\n var entity = _this.getSpecificCredential(cacheKey, credType);\r\n if (!entity) {\r\n return;\r\n }\r\n if (!!oboAssertion && !_this.matchOboAssertion(entity, oboAssertion)) {\r\n return;\r\n }\r\n if (!!homeAccountId && !_this.matchHomeAccountId(entity, homeAccountId)) {\r\n return;\r\n }\r\n if (!!environment && !_this.matchEnvironment(entity, environment)) {\r\n return;\r\n }\r\n if (!!realm && !_this.matchRealm(entity, realm)) {\r\n return;\r\n }\r\n if (!!credentialType && !_this.matchCredentialType(entity, credentialType)) {\r\n return;\r\n }\r\n if (!!clientId && !_this.matchClientId(entity, clientId)) {\r\n return;\r\n }\r\n if (!!familyId && !_this.matchFamilyId(entity, familyId)) {\r\n return;\r\n }\r\n /*\r\n * idTokens do not have \"target\", target specific refreshTokens do exist for some types of authentication\r\n * Resource specific refresh tokens case will be added when the support is deemed necessary\r\n */\r\n if (!!target && !_this.matchTarget(entity, target)) {\r\n return;\r\n }\r\n // Access Token with Auth Scheme specific matching\r\n if (credentialType === CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME) {\r\n if (!!tokenType && !_this.matchTokenType(entity, tokenType)) {\r\n return;\r\n }\r\n switch (tokenType) {\r\n case AuthenticationScheme.POP:\r\n // This check avoids matching outdated POP tokens that don't have the <-scheme> in the cache key\r\n if (cacheKey.indexOf(AuthenticationScheme.POP) === -1) {\r\n // AccessToken_With_AuthScheme that doesn't have \"-pop\" in the key is outdated and needs to be removed\r\n _this.removeItem(cacheKey, CacheSchemaType.CREDENTIAL);\r\n return;\r\n }\r\n break;\r\n case AuthenticationScheme.SSH:\r\n // KeyId (sshKid) in request must match cached SSH certificate keyId because SSH cert is bound to a specific key\r\n if (keyId && !_this.matchKeyId(entity, keyId)) {\r\n return;\r\n }\r\n break;\r\n }\r\n }\r\n switch (credType) {\r\n case CredentialType.ID_TOKEN:\r\n matchingCredentials.idTokens[cacheKey] = entity;\r\n break;\r\n case CredentialType.ACCESS_TOKEN:\r\n case CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME:\r\n matchingCredentials.accessTokens[cacheKey] = entity;\r\n break;\r\n case CredentialType.REFRESH_TOKEN:\r\n matchingCredentials.refreshTokens[cacheKey] = entity;\r\n break;\r\n }\r\n });\r\n return matchingCredentials;\r\n };\r\n /**\r\n * retrieve appMetadata matching all provided filters; if no filter is set, get all appMetadata\r\n * @param filter\r\n */\r\n CacheManager.prototype.getAppMetadataFilteredBy = function (filter) {\r\n return this.getAppMetadataFilteredByInternal(filter.environment, filter.clientId);\r\n };\r\n /**\r\n * Support function to help match appMetadata\r\n * @param environment\r\n * @param clientId\r\n */\r\n CacheManager.prototype.getAppMetadataFilteredByInternal = function (environment, clientId) {\r\n var _this = this;\r\n var allCacheKeys = this.getKeys();\r\n var matchingAppMetadata = {};\r\n allCacheKeys.forEach(function (cacheKey) {\r\n // don't parse any non-appMetadata type cache entities\r\n if (!_this.isAppMetadata(cacheKey)) {\r\n return;\r\n }\r\n // Attempt retrieval\r\n var entity = _this.getAppMetadata(cacheKey);\r\n if (!entity) {\r\n return;\r\n }\r\n if (!!environment && !_this.matchEnvironment(entity, environment)) {\r\n return;\r\n }\r\n if (!!clientId && !_this.matchClientId(entity, clientId)) {\r\n return;\r\n }\r\n matchingAppMetadata[cacheKey] = entity;\r\n });\r\n return matchingAppMetadata;\r\n };\r\n /**\r\n * retrieve authorityMetadata that contains a matching alias\r\n * @param filter\r\n */\r\n CacheManager.prototype.getAuthorityMetadataByAlias = function (host) {\r\n var _this = this;\r\n var allCacheKeys = this.getAuthorityMetadataKeys();\r\n var matchedEntity = null;\r\n allCacheKeys.forEach(function (cacheKey) {\r\n // don't parse any non-authorityMetadata type cache entities\r\n if (!_this.isAuthorityMetadata(cacheKey) || cacheKey.indexOf(_this.clientId) === -1) {\r\n return;\r\n }\r\n // Attempt retrieval\r\n var entity = _this.getAuthorityMetadata(cacheKey);\r\n if (!entity) {\r\n return;\r\n }\r\n if (entity.aliases.indexOf(host) === -1) {\r\n return;\r\n }\r\n matchedEntity = entity;\r\n });\r\n return matchedEntity;\r\n };\r\n /**\r\n * Removes all accounts and related tokens from cache.\r\n */\r\n CacheManager.prototype.removeAllAccounts = function () {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var allCacheKeys, removedAccounts;\r\n var _this = this;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n allCacheKeys = this.getKeys();\r\n removedAccounts = [];\r\n allCacheKeys.forEach(function (cacheKey) {\r\n var entity = _this.getAccount(cacheKey);\r\n if (!entity) {\r\n return;\r\n }\r\n removedAccounts.push(_this.removeAccount(cacheKey));\r\n });\r\n return [4 /*yield*/, Promise.all(removedAccounts)];\r\n case 1:\r\n _a.sent();\r\n return [2 /*return*/, true];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * returns a boolean if the given account is removed\r\n * @param account\r\n */\r\n CacheManager.prototype.removeAccount = function (accountKey) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var account;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n account = this.getAccount(accountKey);\r\n if (!account) {\r\n throw ClientAuthError.createNoAccountFoundError();\r\n }\r\n return [4 /*yield*/, this.removeAccountContext(account)];\r\n case 1: return [2 /*return*/, ((_a.sent()) && this.removeItem(accountKey, CacheSchemaType.ACCOUNT))];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * returns a boolean if the given account is removed\r\n * @param account\r\n */\r\n CacheManager.prototype.removeAccountContext = function (account) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var allCacheKeys, accountId, removedCredentials;\r\n var _this = this;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n allCacheKeys = this.getKeys();\r\n accountId = account.generateAccountId();\r\n removedCredentials = [];\r\n allCacheKeys.forEach(function (cacheKey) {\r\n // don't parse any non-credential type cache entities\r\n var credType = CredentialEntity.getCredentialType(cacheKey);\r\n if (credType === Constants.NOT_DEFINED) {\r\n return;\r\n }\r\n var cacheEntity = _this.getSpecificCredential(cacheKey, credType);\r\n if (!!cacheEntity && accountId === cacheEntity.generateAccountId()) {\r\n removedCredentials.push(_this.removeCredential(cacheEntity));\r\n }\r\n });\r\n return [4 /*yield*/, Promise.all(removedCredentials)];\r\n case 1:\r\n _a.sent();\r\n return [2 /*return*/, true];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * returns a boolean if the given credential is removed\r\n * @param credential\r\n */\r\n CacheManager.prototype.removeCredential = function (credential) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var key, accessTokenWithAuthSchemeEntity, kid;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0:\r\n key = credential.generateCredentialKey();\r\n if (!(credential.credentialType.toLowerCase() === CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME.toLowerCase())) return [3 /*break*/, 4];\r\n if (!(credential.tokenType === AuthenticationScheme.POP)) return [3 /*break*/, 4];\r\n accessTokenWithAuthSchemeEntity = credential;\r\n kid = accessTokenWithAuthSchemeEntity.keyId;\r\n if (!kid) return [3 /*break*/, 4];\r\n _a.label = 1;\r\n case 1:\r\n _a.trys.push([1, 3, , 4]);\r\n return [4 /*yield*/, this.cryptoImpl.removeTokenBindingKey(kid)];\r\n case 2:\r\n _a.sent();\r\n return [3 /*break*/, 4];\r\n case 3:\r\n _a.sent();\r\n throw ClientAuthError.createBindingKeyNotRemovedError();\r\n case 4: return [2 /*return*/, this.removeItem(key, CacheSchemaType.CREDENTIAL)];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * Removes all app metadata objects from cache.\r\n */\r\n CacheManager.prototype.removeAppMetadata = function () {\r\n var _this = this;\r\n var allCacheKeys = this.getKeys();\r\n allCacheKeys.forEach(function (cacheKey) {\r\n if (_this.isAppMetadata(cacheKey)) {\r\n _this.removeItem(cacheKey, CacheSchemaType.APP_METADATA);\r\n }\r\n });\r\n return true;\r\n };\r\n /**\r\n * Retrieve the cached credentials into a cacherecord\r\n * @param account\r\n * @param clientId\r\n * @param scopes\r\n * @param environment\r\n * @param authScheme\r\n */\r\n CacheManager.prototype.readCacheRecord = function (account, clientId, scopes, environment, authScheme, keyId) {\r\n var cachedAccount = this.readAccountFromCache(account);\r\n var cachedIdToken = this.readIdTokenFromCache(clientId, account);\r\n var cachedAccessToken = this.readAccessTokenFromCache(clientId, account, scopes, authScheme, keyId);\r\n var cachedRefreshToken = this.readRefreshTokenFromCache(clientId, account, false);\r\n var cachedAppMetadata = this.readAppMetadataFromCache(environment, clientId);\r\n if (cachedAccount && cachedIdToken) {\r\n cachedAccount.idTokenClaims = new AuthToken(cachedIdToken.secret, this.cryptoImpl).claims;\r\n }\r\n return {\r\n account: cachedAccount,\r\n idToken: cachedIdToken,\r\n accessToken: cachedAccessToken,\r\n refreshToken: cachedRefreshToken,\r\n appMetadata: cachedAppMetadata,\r\n };\r\n };\r\n /**\r\n * Retrieve AccountEntity from cache\r\n * @param account\r\n */\r\n CacheManager.prototype.readAccountFromCache = function (account) {\r\n var accountKey = AccountEntity.generateAccountCacheKey(account);\r\n return this.getAccount(accountKey);\r\n };\r\n /**\r\n * Retrieve IdTokenEntity from cache\r\n * @param clientId\r\n * @param account\r\n * @param inputRealm\r\n */\r\n CacheManager.prototype.readIdTokenFromCache = function (clientId, account) {\r\n var idTokenFilter = {\r\n homeAccountId: account.homeAccountId,\r\n environment: account.environment,\r\n credentialType: CredentialType.ID_TOKEN,\r\n clientId: clientId,\r\n realm: account.tenantId,\r\n };\r\n var credentialCache = this.getCredentialsFilteredBy(idTokenFilter);\r\n var idTokens = Object.keys(credentialCache.idTokens).map(function (key) { return credentialCache.idTokens[key]; });\r\n var numIdTokens = idTokens.length;\r\n if (numIdTokens < 1) {\r\n return null;\r\n }\r\n else if (numIdTokens > 1) {\r\n throw ClientAuthError.createMultipleMatchingTokensInCacheError();\r\n }\r\n return idTokens[0];\r\n };\r\n /**\r\n * Retrieve AccessTokenEntity from cache\r\n * @param clientId\r\n * @param account\r\n * @param scopes\r\n * @param authScheme\r\n */\r\n CacheManager.prototype.readAccessTokenFromCache = function (clientId, account, scopes, authScheme, keyId) {\r\n // Distinguish between Bearer and PoP/SSH token cache types\r\n var credentialType = (authScheme && authScheme !== AuthenticationScheme.BEARER) ? CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME : CredentialType.ACCESS_TOKEN;\r\n var accessTokenFilter = {\r\n homeAccountId: account.homeAccountId,\r\n environment: account.environment,\r\n credentialType: credentialType,\r\n clientId: clientId,\r\n realm: account.tenantId,\r\n target: scopes.printScopesLowerCase(),\r\n tokenType: authScheme,\r\n keyId: keyId\r\n };\r\n var credentialCache = this.getCredentialsFilteredBy(accessTokenFilter);\r\n var accessTokens = Object.keys(credentialCache.accessTokens).map(function (key) { return credentialCache.accessTokens[key]; });\r\n var numAccessTokens = accessTokens.length;\r\n if (numAccessTokens < 1) {\r\n return null;\r\n }\r\n else if (numAccessTokens > 1) {\r\n throw ClientAuthError.createMultipleMatchingTokensInCacheError();\r\n }\r\n return accessTokens[0];\r\n };\r\n /**\r\n * Helper to retrieve the appropriate refresh token from cache\r\n * @param clientId\r\n * @param account\r\n * @param familyRT\r\n */\r\n CacheManager.prototype.readRefreshTokenFromCache = function (clientId, account, familyRT) {\r\n var id = familyRT ? THE_FAMILY_ID : undefined;\r\n var refreshTokenFilter = {\r\n homeAccountId: account.homeAccountId,\r\n environment: account.environment,\r\n credentialType: CredentialType.REFRESH_TOKEN,\r\n clientId: clientId,\r\n familyId: id\r\n };\r\n var credentialCache = this.getCredentialsFilteredBy(refreshTokenFilter);\r\n var refreshTokens = Object.keys(credentialCache.refreshTokens).map(function (key) { return credentialCache.refreshTokens[key]; });\r\n var numRefreshTokens = refreshTokens.length;\r\n if (numRefreshTokens < 1) {\r\n return null;\r\n }\r\n // address the else case after remove functions address environment aliases\r\n return refreshTokens[0];\r\n };\r\n /**\r\n * Retrieve AppMetadataEntity from cache\r\n */\r\n CacheManager.prototype.readAppMetadataFromCache = function (environment, clientId) {\r\n var appMetadataFilter = {\r\n environment: environment,\r\n clientId: clientId,\r\n };\r\n var appMetadata = this.getAppMetadataFilteredBy(appMetadataFilter);\r\n var appMetadataEntries = Object.keys(appMetadata).map(function (key) { return appMetadata[key]; });\r\n var numAppMetadata = appMetadataEntries.length;\r\n if (numAppMetadata < 1) {\r\n return null;\r\n }\r\n else if (numAppMetadata > 1) {\r\n throw ClientAuthError.createMultipleMatchingAppMetadataInCacheError();\r\n }\r\n return appMetadataEntries[0];\r\n };\r\n /**\r\n * Return the family_id value associated with FOCI\r\n * @param environment\r\n * @param clientId\r\n */\r\n CacheManager.prototype.isAppMetadataFOCI = function (environment, clientId) {\r\n var appMetadata = this.readAppMetadataFromCache(environment, clientId);\r\n return !!(appMetadata && appMetadata.familyId === THE_FAMILY_ID);\r\n };\r\n /**\r\n * helper to match account ids\r\n * @param value\r\n * @param homeAccountId\r\n */\r\n CacheManager.prototype.matchHomeAccountId = function (entity, homeAccountId) {\r\n return !!(entity.homeAccountId && homeAccountId === entity.homeAccountId);\r\n };\r\n /**\r\n * helper to match assertion\r\n * @param value\r\n * @param oboAssertion\r\n */\r\n CacheManager.prototype.matchOboAssertion = function (entity, oboAssertion) {\r\n return !!(entity.oboAssertion && oboAssertion === entity.oboAssertion);\r\n };\r\n /**\r\n * helper to match environment\r\n * @param value\r\n * @param environment\r\n */\r\n CacheManager.prototype.matchEnvironment = function (entity, environment) {\r\n var cloudMetadata = this.getAuthorityMetadataByAlias(environment);\r\n if (cloudMetadata && cloudMetadata.aliases.indexOf(entity.environment) > -1) {\r\n return true;\r\n }\r\n return false;\r\n };\r\n /**\r\n * helper to match credential type\r\n * @param entity\r\n * @param credentialType\r\n */\r\n CacheManager.prototype.matchCredentialType = function (entity, credentialType) {\r\n return (entity.credentialType && credentialType.toLowerCase() === entity.credentialType.toLowerCase());\r\n };\r\n /**\r\n * helper to match client ids\r\n * @param entity\r\n * @param clientId\r\n */\r\n CacheManager.prototype.matchClientId = function (entity, clientId) {\r\n return !!(entity.clientId && clientId === entity.clientId);\r\n };\r\n /**\r\n * helper to match family ids\r\n * @param entity\r\n * @param familyId\r\n */\r\n CacheManager.prototype.matchFamilyId = function (entity, familyId) {\r\n return !!(entity.familyId && familyId === entity.familyId);\r\n };\r\n /**\r\n * helper to match realm\r\n * @param entity\r\n * @param realm\r\n */\r\n CacheManager.prototype.matchRealm = function (entity, realm) {\r\n return !!(entity.realm && realm === entity.realm);\r\n };\r\n /**\r\n * Returns true if the target scopes are a subset of the current entity's scopes, false otherwise.\r\n * @param entity\r\n * @param target\r\n */\r\n CacheManager.prototype.matchTarget = function (entity, target) {\r\n var isNotAccessTokenCredential = (entity.credentialType !== CredentialType.ACCESS_TOKEN && entity.credentialType !== CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME);\r\n if (isNotAccessTokenCredential || !entity.target) {\r\n return false;\r\n }\r\n var entityScopeSet = ScopeSet.fromString(entity.target);\r\n var requestTargetScopeSet = ScopeSet.fromString(target);\r\n if (!requestTargetScopeSet.containsOnlyOIDCScopes()) {\r\n requestTargetScopeSet.removeOIDCScopes(); // ignore OIDC scopes\r\n }\r\n else {\r\n requestTargetScopeSet.removeScope(Constants.OFFLINE_ACCESS_SCOPE);\r\n }\r\n return entityScopeSet.containsScopeSet(requestTargetScopeSet);\r\n };\r\n /**\r\n * Returns true if the credential's tokenType or Authentication Scheme matches the one in the request, false otherwise\r\n * @param entity\r\n * @param tokenType\r\n */\r\n CacheManager.prototype.matchTokenType = function (entity, tokenType) {\r\n return !!(entity.tokenType && entity.tokenType === tokenType);\r\n };\r\n /**\r\n * Returns true if the credential's keyId matches the one in the request, false otherwise\r\n * @param entity\r\n * @param tokenType\r\n */\r\n CacheManager.prototype.matchKeyId = function (entity, keyId) {\r\n return !!(entity.keyId && entity.keyId === keyId);\r\n };\r\n /**\r\n * returns if a given cache entity is of the type appmetadata\r\n * @param key\r\n */\r\n CacheManager.prototype.isAppMetadata = function (key) {\r\n return key.indexOf(APP_METADATA) !== -1;\r\n };\r\n /**\r\n * returns if a given cache entity is of the type authoritymetadata\r\n * @param key\r\n */\r\n CacheManager.prototype.isAuthorityMetadata = function (key) {\r\n return key.indexOf(AUTHORITY_METADATA_CONSTANTS.CACHE_KEY) !== -1;\r\n };\r\n /**\r\n * returns cache key used for cloud instance metadata\r\n */\r\n CacheManager.prototype.generateAuthorityMetadataCacheKey = function (authority) {\r\n return AUTHORITY_METADATA_CONSTANTS.CACHE_KEY + \"-\" + this.clientId + \"-\" + authority;\r\n };\r\n /**\r\n * Returns the specific credential (IdToken/AccessToken/RefreshToken) from the cache\r\n * @param key\r\n * @param credType\r\n */\r\n CacheManager.prototype.getSpecificCredential = function (key, credType) {\r\n switch (credType) {\r\n case CredentialType.ID_TOKEN: {\r\n return this.getIdTokenCredential(key);\r\n }\r\n case CredentialType.ACCESS_TOKEN:\r\n case CredentialType.ACCESS_TOKEN_WITH_AUTH_SCHEME: {\r\n return this.getAccessTokenCredential(key);\r\n }\r\n case CredentialType.REFRESH_TOKEN: {\r\n return this.getRefreshTokenCredential(key);\r\n }\r\n default:\r\n return null;\r\n }\r\n };\r\n /**\r\n * Helper to convert serialized data to object\r\n * @param obj\r\n * @param json\r\n */\r\n CacheManager.toObject = function (obj, json) {\r\n for (var propertyName in json) {\r\n obj[propertyName] = json[propertyName];\r\n }\r\n return obj;\r\n };\r\n return CacheManager;\r\n}());\r\nvar DefaultStorageClass = /** @class */ (function (_super) {\r\n __extends(DefaultStorageClass, _super);\r\n function DefaultStorageClass() {\r\n return _super !== null && _super.apply(this, arguments) || this;\r\n }\r\n DefaultStorageClass.prototype.setAccount = function () {\r\n var notImplErr = \"Storage interface - setAccount() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.getAccount = function () {\r\n var notImplErr = \"Storage interface - getAccount() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.setIdTokenCredential = function () {\r\n var notImplErr = \"Storage interface - setIdTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.getIdTokenCredential = function () {\r\n var notImplErr = \"Storage interface - getIdTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.setAccessTokenCredential = function () {\r\n var notImplErr = \"Storage interface - setAccessTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.getAccessTokenCredential = function () {\r\n var notImplErr = \"Storage interface - getAccessTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.setRefreshTokenCredential = function () {\r\n var notImplErr = \"Storage interface - setRefreshTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.getRefreshTokenCredential = function () {\r\n var notImplErr = \"Storage interface - getRefreshTokenCredential() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.setAppMetadata = function () {\r\n var notImplErr = \"Storage interface - setAppMetadata() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.getAppMetadata = function () {\r\n var notImplErr = \"Storage interface - getAppMetadata() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.setServerTelemetry = function () {\r\n var notImplErr = \"Storage interface - setServerTelemetry() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.getServerTelemetry = function () {\r\n var notImplErr = \"Storage interface - getServerTelemetry() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.setAuthorityMetadata = function () {\r\n var notImplErr = \"Storage interface - setAuthorityMetadata() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.getAuthorityMetadata = function () {\r\n var notImplErr = \"Storage interface - getAuthorityMetadata() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.getAuthorityMetadataKeys = function () {\r\n var notImplErr = \"Storage interface - getAuthorityMetadataKeys() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.setThrottlingCache = function () {\r\n var notImplErr = \"Storage interface - setThrottlingCache() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.getThrottlingCache = function () {\r\n var notImplErr = \"Storage interface - getThrottlingCache() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.removeItem = function () {\r\n var notImplErr = \"Storage interface - removeItem() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.containsKey = function () {\r\n var notImplErr = \"Storage interface - containsKey() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.getKeys = function () {\r\n var notImplErr = \"Storage interface - getKeys() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n };\r\n DefaultStorageClass.prototype.clear = function () {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var notImplErr;\r\n return __generator(this, function (_a) {\r\n notImplErr = \"Storage interface - clear() has not been implemented for the cacheStorage interface.\";\r\n throw AuthError.createUnexpectedError(notImplErr);\r\n });\r\n });\r\n };\r\n return DefaultStorageClass;\r\n}(CacheManager));\n\nexport { CacheManager, DefaultStorageClass };\n//# sourceMappingURL=CacheManager.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { Separators, CacheAccountType, CacheType, Constants } from '../../utils/Constants.js';\nimport { buildClientInfo } from '../../account/ClientInfo.js';\nimport { StringUtils } from '../../utils/StringUtils.js';\nimport { ClientAuthError } from '../../error/ClientAuthError.js';\nimport { AuthorityType } from '../../authority/AuthorityType.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Type that defines required and optional parameters for an Account field (based on universal cache schema implemented by all MSALs).\r\n *\r\n * Key : Value Schema\r\n *\r\n * Key: --\r\n *\r\n * Value Schema:\r\n * {\r\n * homeAccountId: home account identifier for the auth scheme,\r\n * environment: entity that issued the token, represented as a full host\r\n * realm: Full tenant or organizational identifier that the account belongs to\r\n * localAccountId: Original tenant-specific accountID, usually used for legacy cases\r\n * username: primary username that represents the user, usually corresponds to preferred_username in the v2 endpt\r\n * authorityType: Accounts authority type as a string\r\n * name: Full name for the account, including given name and family name,\r\n * clientInfo: Full base64 encoded client info received from ESTS\r\n * lastModificationTime: last time this entity was modified in the cache\r\n * lastModificationApp:\r\n * oboAssertion: access token passed in as part of OBO request\r\n * idTokenClaims: Object containing claims parsed from ID token\r\n * }\r\n */\r\nvar AccountEntity = /** @class */ (function () {\r\n function AccountEntity() {\r\n }\r\n /**\r\n * Generate Account Id key component as per the schema: -\r\n */\r\n AccountEntity.prototype.generateAccountId = function () {\r\n var accountId = [this.homeAccountId, this.environment];\r\n return accountId.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n };\r\n /**\r\n * Generate Account Cache Key as per the schema: --\r\n */\r\n AccountEntity.prototype.generateAccountKey = function () {\r\n return AccountEntity.generateAccountCacheKey({\r\n homeAccountId: this.homeAccountId,\r\n environment: this.environment,\r\n tenantId: this.realm,\r\n username: this.username,\r\n localAccountId: this.localAccountId\r\n });\r\n };\r\n /**\r\n * returns the type of the cache (in this case account)\r\n */\r\n AccountEntity.prototype.generateType = function () {\r\n switch (this.authorityType) {\r\n case CacheAccountType.ADFS_ACCOUNT_TYPE:\r\n return CacheType.ADFS;\r\n case CacheAccountType.MSAV1_ACCOUNT_TYPE:\r\n return CacheType.MSA;\r\n case CacheAccountType.MSSTS_ACCOUNT_TYPE:\r\n return CacheType.MSSTS;\r\n case CacheAccountType.GENERIC_ACCOUNT_TYPE:\r\n return CacheType.GENERIC;\r\n default: {\r\n throw ClientAuthError.createUnexpectedAccountTypeError();\r\n }\r\n }\r\n };\r\n /**\r\n * Returns the AccountInfo interface for this account.\r\n */\r\n AccountEntity.prototype.getAccountInfo = function () {\r\n return {\r\n homeAccountId: this.homeAccountId,\r\n environment: this.environment,\r\n tenantId: this.realm,\r\n username: this.username,\r\n localAccountId: this.localAccountId,\r\n name: this.name,\r\n idTokenClaims: this.idTokenClaims\r\n };\r\n };\r\n /**\r\n * Generates account key from interface\r\n * @param accountInterface\r\n */\r\n AccountEntity.generateAccountCacheKey = function (accountInterface) {\r\n var accountKey = [\r\n accountInterface.homeAccountId,\r\n accountInterface.environment || \"\",\r\n accountInterface.tenantId || \"\",\r\n ];\r\n return accountKey.join(Separators.CACHE_KEY_SEPARATOR).toLowerCase();\r\n };\r\n /**\r\n * Build Account cache from IdToken, clientInfo and authority/policy. Associated with AAD.\r\n * @param clientInfo\r\n * @param authority\r\n * @param idToken\r\n * @param policy\r\n */\r\n AccountEntity.createAccount = function (clientInfo, homeAccountId, idToken, authority, oboAssertion, cloudGraphHostName, msGraphHost, environment) {\r\n var _a, _b, _c, _d, _e, _f;\r\n var account = new AccountEntity();\r\n account.authorityType = CacheAccountType.MSSTS_ACCOUNT_TYPE;\r\n account.clientInfo = clientInfo;\r\n account.homeAccountId = homeAccountId;\r\n var env = environment || (authority && authority.getPreferredCache());\r\n if (!env) {\r\n throw ClientAuthError.createInvalidCacheEnvironmentError();\r\n }\r\n account.environment = env;\r\n // non AAD scenarios can have empty realm\r\n account.realm = ((_a = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _a === void 0 ? void 0 : _a.tid) || \"\";\r\n account.oboAssertion = oboAssertion;\r\n if (idToken) {\r\n account.idTokenClaims = idToken.claims;\r\n // How do you account for MSA CID here?\r\n account.localAccountId = ((_b = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _b === void 0 ? void 0 : _b.oid) || ((_c = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _c === void 0 ? void 0 : _c.sub) || \"\";\r\n /*\r\n * In B2C scenarios the emails claim is used instead of preferred_username and it is an array. In most cases it will contain a single email.\r\n * This field should not be relied upon if a custom policy is configured to return more than 1 email.\r\n */\r\n account.username = ((_d = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _d === void 0 ? void 0 : _d.preferred_username) || (((_e = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _e === void 0 ? void 0 : _e.emails) ? idToken.claims.emails[0] : \"\");\r\n account.name = (_f = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _f === void 0 ? void 0 : _f.name;\r\n }\r\n account.cloudGraphHostName = cloudGraphHostName;\r\n account.msGraphHost = msGraphHost;\r\n return account;\r\n };\r\n /**\r\n * Builds non-AAD/ADFS account.\r\n * @param authority\r\n * @param idToken\r\n */\r\n AccountEntity.createGenericAccount = function (homeAccountId, idToken, authority, oboAssertion, cloudGraphHostName, msGraphHost, environment) {\r\n var _a, _b, _c, _d;\r\n var account = new AccountEntity();\r\n account.authorityType = (authority && authority.authorityType === AuthorityType.Adfs) ? CacheAccountType.ADFS_ACCOUNT_TYPE : CacheAccountType.GENERIC_ACCOUNT_TYPE;\r\n account.homeAccountId = homeAccountId;\r\n // non AAD scenarios can have empty realm\r\n account.realm = \"\";\r\n account.oboAssertion = oboAssertion;\r\n var env = environment || authority && authority.getPreferredCache();\r\n if (!env) {\r\n throw ClientAuthError.createInvalidCacheEnvironmentError();\r\n }\r\n if (idToken) {\r\n // How do you account for MSA CID here?\r\n account.localAccountId = ((_a = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _a === void 0 ? void 0 : _a.oid) || ((_b = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _b === void 0 ? void 0 : _b.sub) || \"\";\r\n // upn claim for most ADFS scenarios\r\n account.username = ((_c = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _c === void 0 ? void 0 : _c.upn) || \"\";\r\n account.name = ((_d = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _d === void 0 ? void 0 : _d.name) || \"\";\r\n account.idTokenClaims = idToken === null || idToken === void 0 ? void 0 : idToken.claims;\r\n }\r\n account.environment = env;\r\n account.cloudGraphHostName = cloudGraphHostName;\r\n account.msGraphHost = msGraphHost;\r\n /*\r\n * add uniqueName to claims\r\n * account.name = idToken.claims.uniqueName;\r\n */\r\n return account;\r\n };\r\n /**\r\n * Generate HomeAccountId from server response\r\n * @param serverClientInfo\r\n * @param authType\r\n */\r\n AccountEntity.generateHomeAccountId = function (serverClientInfo, authType, logger, cryptoObj, idToken) {\r\n var _a;\r\n var accountId = ((_a = idToken === null || idToken === void 0 ? void 0 : idToken.claims) === null || _a === void 0 ? void 0 : _a.sub) ? idToken.claims.sub : Constants.EMPTY_STRING;\r\n // since ADFS does not have tid and does not set client_info\r\n if (authType === AuthorityType.Adfs) {\r\n return accountId;\r\n }\r\n // for cases where there is clientInfo\r\n if (serverClientInfo) {\r\n try {\r\n var clientInfo = buildClientInfo(serverClientInfo, cryptoObj);\r\n if (!StringUtils.isEmpty(clientInfo.uid) && !StringUtils.isEmpty(clientInfo.utid)) {\r\n return \"\" + clientInfo.uid + Separators.CLIENT_INFO_SEPARATOR + clientInfo.utid;\r\n }\r\n }\r\n catch (e) { }\r\n }\r\n // default to \"sub\" claim\r\n logger.verbose(\"No client info in response\");\r\n return accountId;\r\n };\r\n /**\r\n * Validates an entity: checks for all expected params\r\n * @param entity\r\n */\r\n AccountEntity.isAccountEntity = function (entity) {\r\n if (!entity) {\r\n return false;\r\n }\r\n return (entity.hasOwnProperty(\"homeAccountId\") &&\r\n entity.hasOwnProperty(\"environment\") &&\r\n entity.hasOwnProperty(\"realm\") &&\r\n entity.hasOwnProperty(\"localAccountId\") &&\r\n entity.hasOwnProperty(\"username\") &&\r\n entity.hasOwnProperty(\"authorityType\"));\r\n };\r\n /**\r\n * Helper function to determine whether 2 accountInfo objects represent the same account\r\n * @param accountA\r\n * @param accountB\r\n * @param compareClaims - If set to true idTokenClaims will also be compared to determine account equality\r\n */\r\n AccountEntity.accountInfoIsEqual = function (accountA, accountB, compareClaims) {\r\n if (!accountA || !accountB) {\r\n return false;\r\n }\r\n var claimsMatch = true; // default to true so as to not fail comparison below if compareClaims: false\r\n if (compareClaims) {\r\n var accountAClaims = (accountA.idTokenClaims || {});\r\n var accountBClaims = (accountB.idTokenClaims || {});\r\n // issued at timestamp and nonce are expected to change each time a new id token is acquired\r\n claimsMatch = (accountAClaims.iat === accountBClaims.iat) &&\r\n (accountAClaims.nonce === accountBClaims.nonce);\r\n }\r\n return (accountA.homeAccountId === accountB.homeAccountId) &&\r\n (accountA.localAccountId === accountB.localAccountId) &&\r\n (accountA.username === accountB.username) &&\r\n (accountA.tenantId === accountB.tenantId) &&\r\n (accountA.environment === accountB.environment) &&\r\n claimsMatch;\r\n };\r\n return AccountEntity;\r\n}());\n\nexport { AccountEntity };\n//# sourceMappingURL=AccountEntity.js.map\n","/*! @azure/msal-common v5.1.0 2021-11-02 */\n'use strict';\nimport { __awaiter, __generator } from '../_virtual/_tslib.js';\nimport { buildClientConfiguration } from '../config/ClientConfiguration.js';\nimport { NetworkManager } from '../network/NetworkManager.js';\nimport { Logger } from '../logger/Logger.js';\nimport { HeaderNames, Constants } from '../utils/Constants.js';\nimport { name, version } from '../packageMetadata.js';\nimport { ClientAuthError } from '../error/ClientAuthError.js';\nimport { CcsCredentialType } from '../account/CcsCredential.js';\nimport { buildClientInfoFromHomeAccountId } from '../account/ClientInfo.js';\n\n/*\r\n * Copyright (c) Microsoft Corporation. All rights reserved.\r\n * Licensed under the MIT License.\r\n */\r\n/**\r\n * Base application class which will construct requests to send to and handle responses from the Microsoft STS using the authorization code flow.\r\n */\r\nvar BaseClient = /** @class */ (function () {\r\n function BaseClient(configuration) {\r\n // Set the configuration\r\n this.config = buildClientConfiguration(configuration);\r\n // Initialize the logger\r\n this.logger = new Logger(this.config.loggerOptions, name, version);\r\n // Initialize crypto\r\n this.cryptoUtils = this.config.cryptoInterface;\r\n // Initialize storage interface\r\n this.cacheManager = this.config.storageInterface;\r\n // Set the network interface\r\n this.networkClient = this.config.networkInterface;\r\n // Set the NetworkManager\r\n this.networkManager = new NetworkManager(this.networkClient, this.cacheManager);\r\n // Set TelemetryManager\r\n this.serverTelemetryManager = this.config.serverTelemetryManager;\r\n // set Authority\r\n this.authority = this.config.authOptions.authority;\r\n }\r\n /**\r\n * Creates default headers for requests to token endpoint\r\n */\r\n BaseClient.prototype.createTokenRequestHeaders = function (ccsCred) {\r\n var headers = {};\r\n headers[HeaderNames.CONTENT_TYPE] = Constants.URL_FORM_CONTENT_TYPE;\r\n if (!this.config.systemOptions.preventCorsPreflight && ccsCred) {\r\n switch (ccsCred.type) {\r\n case CcsCredentialType.HOME_ACCOUNT_ID:\r\n try {\r\n var clientInfo = buildClientInfoFromHomeAccountId(ccsCred.credential);\r\n headers[HeaderNames.CCS_HEADER] = \"Oid:\" + clientInfo.uid + \"@\" + clientInfo.utid;\r\n }\r\n catch (e) {\r\n this.logger.verbose(\"Could not parse home account ID for CCS Header: \" + e);\r\n }\r\n break;\r\n case CcsCredentialType.UPN:\r\n headers[HeaderNames.CCS_HEADER] = \"UPN: \" + ccsCred.credential;\r\n break;\r\n }\r\n }\r\n return headers;\r\n };\r\n /**\r\n * Http post to token endpoint\r\n * @param tokenEndpoint\r\n * @param queryString\r\n * @param headers\r\n * @param thumbprint\r\n */\r\n BaseClient.prototype.executePostToTokenEndpoint = function (tokenEndpoint, queryString, headers, thumbprint) {\r\n return __awaiter(this, void 0, void 0, function () {\r\n var response;\r\n return __generator(this, function (_a) {\r\n switch (_a.label) {\r\n case 0: return [4 /*yield*/, this.networkManager.sendPostRequest(thumbprint, tokenEndpoint, { body: queryString, headers: headers })];\r\n case 1:\r\n response = _a.sent();\r\n if (this.config.serverTelemetryManager && response.status < 500 && response.status !== 429) {\r\n // Telemetry data successfully logged by server, clear Telemetry cache\r\n this.config.serverTelemetryManager.clearTelemetryCache();\r\n }\r\n return [2 /*return*/, response];\r\n }\r\n });\r\n });\r\n };\r\n /**\r\n * Updates the authority object of the client. Endpoint discovery must be completed.\r\n * @param updatedAuthority\r\n */\r\n BaseClient.prototype.updateAuthority = function (updatedAuthority) {\r\n if (!updatedAuthority.discoveryComplete()) {\r\n throw ClientAuthError.createEndpointDiscoveryIncompleteError(\"Updated authority has not completed endpoint discovery.\");\r\n }\r\n this.authority = updatedAuthority;\r\n };\r\n return BaseClient;\r\n}());\n\nexport { BaseClient };\n//# sourceMappingURL=BaseClient.js.map\n"],"sourceRoot":""}