require('./sourcemap-register.js');/******/ (() => { // webpackBootstrap /******/ var __webpack_modules__ = ({ /***/ 4832: /***/ ((module) => { "use strict"; module.exports = JSON.parse('{"proxy":"ghcr.io/github/dependabot-update-job-proxy/dependabot-update-job-proxy@sha256:de86aff88f5bd2a6606aa57f461dce81dc36ec058d737964b115c01aae4bf1e0","updater":"ghcr.io/dependabot/dependabot-updater/dependabot-updater@sha256:45fba063271b238fbb85479538d9ab8b4e27317674b98dc3e9519036816de3ba"}'); /***/ }), /***/ 7351: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.issue = exports.issueCommand = void 0; const os = __importStar(__nccwpck_require__(2087)); const utils_1 = __nccwpck_require__(5278); /** * Commands * * Command Format: * ::name key=value,key=value::message * * Examples: * ::warning::This is the message * ::set-env name=MY_VAR::some value */ function issueCommand(command, properties, message) { const cmd = new Command(command, properties, message); process.stdout.write(cmd.toString() + os.EOL); } exports.issueCommand = issueCommand; function issue(name, message = '') { issueCommand(name, {}, message); } exports.issue = issue; const CMD_STRING = '::'; class Command { constructor(command, properties, message) { if (!command) { command = 'missing.command'; } this.command = command; this.properties = properties; this.message = message; } toString() { let cmdStr = CMD_STRING + this.command; if (this.properties && Object.keys(this.properties).length > 0) { cmdStr += ' '; let first = true; for (const key in this.properties) { if (this.properties.hasOwnProperty(key)) { const val = this.properties[key]; if (val) { if (first) { first = false; } else { cmdStr += ','; } cmdStr += `${key}=${escapeProperty(val)}`; } } } } cmdStr += `${CMD_STRING}${escapeData(this.message)}`; return cmdStr; } } function escapeData(s) { return utils_1.toCommandValue(s) .replace(/%/g, '%25') .replace(/\r/g, '%0D') .replace(/\n/g, '%0A'); } function escapeProperty(s) { return utils_1.toCommandValue(s) .replace(/%/g, '%25') .replace(/\r/g, '%0D') .replace(/\n/g, '%0A') .replace(/:/g, '%3A') .replace(/,/g, '%2C'); } //# sourceMappingURL=command.js.map /***/ }), /***/ 2186: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.getIDToken = exports.getState = exports.saveState = exports.group = exports.endGroup = exports.startGroup = exports.info = exports.notice = exports.warning = exports.error = exports.debug = exports.isDebug = exports.setFailed = exports.setCommandEcho = exports.setOutput = exports.getBooleanInput = exports.getMultilineInput = exports.getInput = exports.addPath = exports.setSecret = exports.exportVariable = exports.ExitCode = void 0; const command_1 = __nccwpck_require__(7351); const file_command_1 = __nccwpck_require__(717); const utils_1 = __nccwpck_require__(5278); const os = __importStar(__nccwpck_require__(2087)); const path = __importStar(__nccwpck_require__(5622)); const oidc_utils_1 = __nccwpck_require__(8041); /** * The code to exit an action */ var ExitCode; (function (ExitCode) { /** * A code indicating that the action was successful */ ExitCode[ExitCode["Success"] = 0] = "Success"; /** * A code indicating that the action was a failure */ ExitCode[ExitCode["Failure"] = 1] = "Failure"; })(ExitCode = exports.ExitCode || (exports.ExitCode = {})); //----------------------------------------------------------------------- // Variables //----------------------------------------------------------------------- /** * Sets env variable for this action and future actions in the job * @param name the name of the variable to set * @param val the value of the variable. Non-string values will be converted to a string via JSON.stringify */ // eslint-disable-next-line @typescript-eslint/no-explicit-any function exportVariable(name, val) { const convertedVal = utils_1.toCommandValue(val); process.env[name] = convertedVal; const filePath = process.env['GITHUB_ENV'] || ''; if (filePath) { const delimiter = '_GitHubActionsFileCommandDelimeter_'; const commandValue = `${name}<<${delimiter}${os.EOL}${convertedVal}${os.EOL}${delimiter}`; file_command_1.issueCommand('ENV', commandValue); } else { command_1.issueCommand('set-env', { name }, convertedVal); } } exports.exportVariable = exportVariable; /** * Registers a secret which will get masked from logs * @param secret value of the secret */ function setSecret(secret) { command_1.issueCommand('add-mask', {}, secret); } exports.setSecret = setSecret; /** * Prepends inputPath to the PATH (for this action and future actions) * @param inputPath */ function addPath(inputPath) { const filePath = process.env['GITHUB_PATH'] || ''; if (filePath) { file_command_1.issueCommand('PATH', inputPath); } else { command_1.issueCommand('add-path', {}, inputPath); } process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`; } exports.addPath = addPath; /** * Gets the value of an input. * Unless trimWhitespace is set to false in InputOptions, the value is also trimmed. * Returns an empty string if the value is not defined. * * @param name name of the input to get * @param options optional. See InputOptions. * @returns string */ function getInput(name, options) { const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || ''; if (options && options.required && !val) { throw new Error(`Input required and not supplied: ${name}`); } if (options && options.trimWhitespace === false) { return val; } return val.trim(); } exports.getInput = getInput; /** * Gets the values of an multiline input. Each value is also trimmed. * * @param name name of the input to get * @param options optional. See InputOptions. * @returns string[] * */ function getMultilineInput(name, options) { const inputs = getInput(name, options) .split('\n') .filter(x => x !== ''); return inputs; } exports.getMultilineInput = getMultilineInput; /** * Gets the input value of the boolean type in the YAML 1.2 "core schema" specification. * Support boolean input list: `true | True | TRUE | false | False | FALSE` . * The return value is also in boolean type. * ref: https://yaml.org/spec/1.2/spec.html#id2804923 * * @param name name of the input to get * @param options optional. See InputOptions. * @returns boolean */ function getBooleanInput(name, options) { const trueValue = ['true', 'True', 'TRUE']; const falseValue = ['false', 'False', 'FALSE']; const val = getInput(name, options); if (trueValue.includes(val)) return true; if (falseValue.includes(val)) return false; throw new TypeError(`Input does not meet YAML 1.2 "Core Schema" specification: ${name}\n` + `Support boolean input list: \`true | True | TRUE | false | False | FALSE\``); } exports.getBooleanInput = getBooleanInput; /** * Sets the value of an output. * * @param name name of the output to set * @param value value to store. Non-string values will be converted to a string via JSON.stringify */ // eslint-disable-next-line @typescript-eslint/no-explicit-any function setOutput(name, value) { process.stdout.write(os.EOL); command_1.issueCommand('set-output', { name }, value); } exports.setOutput = setOutput; /** * Enables or disables the echoing of commands into stdout for the rest of the step. * Echoing is disabled by default if ACTIONS_STEP_DEBUG is not set. * */ function setCommandEcho(enabled) { command_1.issue('echo', enabled ? 'on' : 'off'); } exports.setCommandEcho = setCommandEcho; //----------------------------------------------------------------------- // Results //----------------------------------------------------------------------- /** * Sets the action status to failed. * When the action exits it will be with an exit code of 1 * @param message add error issue message */ function setFailed(message) { process.exitCode = ExitCode.Failure; error(message); } exports.setFailed = setFailed; //----------------------------------------------------------------------- // Logging Commands //----------------------------------------------------------------------- /** * Gets whether Actions Step Debug is on or not */ function isDebug() { return process.env['RUNNER_DEBUG'] === '1'; } exports.isDebug = isDebug; /** * Writes debug message to user log * @param message debug message */ function debug(message) { command_1.issueCommand('debug', {}, message); } exports.debug = debug; /** * Adds an error issue * @param message error issue message. Errors will be converted to string via toString() * @param properties optional properties to add to the annotation. */ function error(message, properties = {}) { command_1.issueCommand('error', utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message); } exports.error = error; /** * Adds a warning issue * @param message warning issue message. Errors will be converted to string via toString() * @param properties optional properties to add to the annotation. */ function warning(message, properties = {}) { command_1.issueCommand('warning', utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message); } exports.warning = warning; /** * Adds a notice issue * @param message notice issue message. Errors will be converted to string via toString() * @param properties optional properties to add to the annotation. */ function notice(message, properties = {}) { command_1.issueCommand('notice', utils_1.toCommandProperties(properties), message instanceof Error ? message.toString() : message); } exports.notice = notice; /** * Writes info to log with console.log. * @param message info message */ function info(message) { process.stdout.write(message + os.EOL); } exports.info = info; /** * Begin an output group. * * Output until the next `groupEnd` will be foldable in this group * * @param name The name of the output group */ function startGroup(name) { command_1.issue('group', name); } exports.startGroup = startGroup; /** * End an output group. */ function endGroup() { command_1.issue('endgroup'); } exports.endGroup = endGroup; /** * Wrap an asynchronous function call in a group. * * Returns the same type as the function itself. * * @param name The name of the group * @param fn The function to wrap in the group */ function group(name, fn) { return __awaiter(this, void 0, void 0, function* () { startGroup(name); let result; try { result = yield fn(); } finally { endGroup(); } return result; }); } exports.group = group; //----------------------------------------------------------------------- // Wrapper action state //----------------------------------------------------------------------- /** * Saves state for current action, the state can only be retrieved by this action's post job execution. * * @param name name of the state to store * @param value value to store. Non-string values will be converted to a string via JSON.stringify */ // eslint-disable-next-line @typescript-eslint/no-explicit-any function saveState(name, value) { command_1.issueCommand('save-state', { name }, value); } exports.saveState = saveState; /** * Gets the value of an state set by this action's main execution. * * @param name name of the state to get * @returns string */ function getState(name) { return process.env[`STATE_${name}`] || ''; } exports.getState = getState; function getIDToken(aud) { return __awaiter(this, void 0, void 0, function* () { return yield oidc_utils_1.OidcClient.getIDToken(aud); }); } exports.getIDToken = getIDToken; //# sourceMappingURL=core.js.map /***/ }), /***/ 717: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; // For internal use, subject to change. var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.issueCommand = void 0; // We use any as a valid input type /* eslint-disable @typescript-eslint/no-explicit-any */ const fs = __importStar(__nccwpck_require__(5747)); const os = __importStar(__nccwpck_require__(2087)); const utils_1 = __nccwpck_require__(5278); function issueCommand(command, message) { const filePath = process.env[`GITHUB_${command}`]; if (!filePath) { throw new Error(`Unable to find environment variable for file command ${command}`); } if (!fs.existsSync(filePath)) { throw new Error(`Missing file at path: ${filePath}`); } fs.appendFileSync(filePath, `${utils_1.toCommandValue(message)}${os.EOL}`, { encoding: 'utf8' }); } exports.issueCommand = issueCommand; //# sourceMappingURL=file-command.js.map /***/ }), /***/ 8041: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.OidcClient = void 0; const http_client_1 = __nccwpck_require__(9925); const auth_1 = __nccwpck_require__(3702); const core_1 = __nccwpck_require__(2186); class OidcClient { static createHttpClient(allowRetry = true, maxRetry = 10) { const requestOptions = { allowRetries: allowRetry, maxRetries: maxRetry }; return new http_client_1.HttpClient('actions/oidc-client', [new auth_1.BearerCredentialHandler(OidcClient.getRequestToken())], requestOptions); } static getRequestToken() { const token = process.env['ACTIONS_ID_TOKEN_REQUEST_TOKEN']; if (!token) { throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_TOKEN env variable'); } return token; } static getIDTokenUrl() { const runtimeUrl = process.env['ACTIONS_ID_TOKEN_REQUEST_URL']; if (!runtimeUrl) { throw new Error('Unable to get ACTIONS_ID_TOKEN_REQUEST_URL env variable'); } return runtimeUrl; } static getCall(id_token_url) { var _a; return __awaiter(this, void 0, void 0, function* () { const httpclient = OidcClient.createHttpClient(); const res = yield httpclient .getJson(id_token_url) .catch(error => { throw new Error(`Failed to get ID Token. \n Error Code : ${error.statusCode}\n Error Message: ${error.result.message}`); }); const id_token = (_a = res.result) === null || _a === void 0 ? void 0 : _a.value; if (!id_token) { throw new Error('Response json body do not have ID Token field'); } return id_token; }); } static getIDToken(audience) { return __awaiter(this, void 0, void 0, function* () { try { // New ID Token is requested from action service let id_token_url = OidcClient.getIDTokenUrl(); if (audience) { const encodedAudience = encodeURIComponent(audience); id_token_url = `${id_token_url}&audience=${encodedAudience}`; } core_1.debug(`ID token url is ${id_token_url}`); const id_token = yield OidcClient.getCall(id_token_url); core_1.setSecret(id_token); return id_token; } catch (error) { throw new Error(`Error message: ${error.message}`); } }); } } exports.OidcClient = OidcClient; //# sourceMappingURL=oidc-utils.js.map /***/ }), /***/ 5278: /***/ ((__unused_webpack_module, exports) => { "use strict"; // We use any as a valid input type /* eslint-disable @typescript-eslint/no-explicit-any */ Object.defineProperty(exports, "__esModule", ({ value: true })); exports.toCommandProperties = exports.toCommandValue = void 0; /** * Sanitizes an input into a string so it can be passed into issueCommand safely * @param input input to sanitize into a string */ function toCommandValue(input) { if (input === null || input === undefined) { return ''; } else if (typeof input === 'string' || input instanceof String) { return input; } return JSON.stringify(input); } exports.toCommandValue = toCommandValue; /** * * @param annotationProperties * @returns The command properties to send with the actual annotation command * See IssueCommandProperties: https://github.com/actions/runner/blob/main/src/Runner.Worker/ActionCommandManager.cs#L646 */ function toCommandProperties(annotationProperties) { if (!Object.keys(annotationProperties).length) { return {}; } return { title: annotationProperties.title, file: annotationProperties.file, line: annotationProperties.startLine, endLine: annotationProperties.endLine, col: annotationProperties.startColumn, endColumn: annotationProperties.endColumn }; } exports.toCommandProperties = toCommandProperties; //# sourceMappingURL=utils.js.map /***/ }), /***/ 4087: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.Context = void 0; const fs_1 = __nccwpck_require__(5747); const os_1 = __nccwpck_require__(2087); class Context { /** * Hydrate the context from the environment */ constructor() { var _a, _b, _c; this.payload = {}; if (process.env.GITHUB_EVENT_PATH) { if (fs_1.existsSync(process.env.GITHUB_EVENT_PATH)) { this.payload = JSON.parse(fs_1.readFileSync(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' })); } else { const path = process.env.GITHUB_EVENT_PATH; process.stdout.write(`GITHUB_EVENT_PATH ${path} does not exist${os_1.EOL}`); } } this.eventName = process.env.GITHUB_EVENT_NAME; this.sha = process.env.GITHUB_SHA; this.ref = process.env.GITHUB_REF; this.workflow = process.env.GITHUB_WORKFLOW; this.action = process.env.GITHUB_ACTION; this.actor = process.env.GITHUB_ACTOR; this.job = process.env.GITHUB_JOB; this.runNumber = parseInt(process.env.GITHUB_RUN_NUMBER, 10); this.runId = parseInt(process.env.GITHUB_RUN_ID, 10); this.apiUrl = (_a = process.env.GITHUB_API_URL) !== null && _a !== void 0 ? _a : `https://api.github.com`; this.serverUrl = (_b = process.env.GITHUB_SERVER_URL) !== null && _b !== void 0 ? _b : `https://github.com`; this.graphqlUrl = (_c = process.env.GITHUB_GRAPHQL_URL) !== null && _c !== void 0 ? _c : `https://api.github.com/graphql`; } get issue() { const payload = this.payload; return Object.assign(Object.assign({}, this.repo), { number: (payload.issue || payload.pull_request || payload).number }); } get repo() { if (process.env.GITHUB_REPOSITORY) { const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/'); return { owner, repo }; } if (this.payload.repository) { return { owner: this.payload.repository.owner.login, repo: this.payload.repository.name }; } throw new Error("context.repo requires a GITHUB_REPOSITORY environment variable like 'owner/repo'"); } } exports.Context = Context; //# sourceMappingURL=context.js.map /***/ }), /***/ 5438: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.getOctokit = exports.context = void 0; const Context = __importStar(__nccwpck_require__(4087)); const utils_1 = __nccwpck_require__(3030); exports.context = new Context.Context(); /** * Returns a hydrated octokit ready to use for GitHub Actions * * @param token the repo PAT or GITHUB_TOKEN * @param options other options to set */ function getOctokit(token, options) { return new utils_1.GitHub(utils_1.getOctokitOptions(token, options)); } exports.getOctokit = getOctokit; //# sourceMappingURL=github.js.map /***/ }), /***/ 7914: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.getApiBaseUrl = exports.getProxyAgent = exports.getAuthString = void 0; const httpClient = __importStar(__nccwpck_require__(9925)); function getAuthString(token, options) { if (!token && !options.auth) { throw new Error('Parameter token or opts.auth is required'); } else if (token && options.auth) { throw new Error('Parameters token and opts.auth may not both be specified'); } return typeof options.auth === 'string' ? options.auth : `token ${token}`; } exports.getAuthString = getAuthString; function getProxyAgent(destinationUrl) { const hc = new httpClient.HttpClient(); return hc.getAgent(destinationUrl); } exports.getProxyAgent = getProxyAgent; function getApiBaseUrl() { return process.env['GITHUB_API_URL'] || 'https://api.github.com'; } exports.getApiBaseUrl = getApiBaseUrl; //# sourceMappingURL=utils.js.map /***/ }), /***/ 3030: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.getOctokitOptions = exports.GitHub = exports.context = void 0; const Context = __importStar(__nccwpck_require__(4087)); const Utils = __importStar(__nccwpck_require__(7914)); // octokit + plugins const core_1 = __nccwpck_require__(6762); const plugin_rest_endpoint_methods_1 = __nccwpck_require__(3044); const plugin_paginate_rest_1 = __nccwpck_require__(4193); exports.context = new Context.Context(); const baseUrl = Utils.getApiBaseUrl(); const defaults = { baseUrl, request: { agent: Utils.getProxyAgent(baseUrl) } }; exports.GitHub = core_1.Octokit.plugin(plugin_rest_endpoint_methods_1.restEndpointMethods, plugin_paginate_rest_1.paginateRest).defaults(defaults); /** * Convience function to correctly format Octokit Options to pass into the constructor. * * @param token the repo PAT or GITHUB_TOKEN * @param options other options to set */ function getOctokitOptions(token, options) { const opts = Object.assign({}, options || {}); // Shallow clone - don't mutate the object provided by the caller // Auth const auth = Utils.getAuthString(token, opts); if (auth) { opts.auth = auth; } return opts; } exports.getOctokitOptions = getOctokitOptions; //# sourceMappingURL=utils.js.map /***/ }), /***/ 3702: /***/ ((__unused_webpack_module, exports) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); class BasicCredentialHandler { constructor(username, password) { this.username = username; this.password = password; } prepareRequest(options) { options.headers['Authorization'] = 'Basic ' + Buffer.from(this.username + ':' + this.password).toString('base64'); } // This handler cannot handle 401 canHandleAuthentication(response) { return false; } handleAuthentication(httpClient, requestInfo, objs) { return null; } } exports.BasicCredentialHandler = BasicCredentialHandler; class BearerCredentialHandler { constructor(token) { this.token = token; } // currently implements pre-authorization // TODO: support preAuth = false where it hooks on 401 prepareRequest(options) { options.headers['Authorization'] = 'Bearer ' + this.token; } // This handler cannot handle 401 canHandleAuthentication(response) { return false; } handleAuthentication(httpClient, requestInfo, objs) { return null; } } exports.BearerCredentialHandler = BearerCredentialHandler; class PersonalAccessTokenCredentialHandler { constructor(token) { this.token = token; } // currently implements pre-authorization // TODO: support preAuth = false where it hooks on 401 prepareRequest(options) { options.headers['Authorization'] = 'Basic ' + Buffer.from('PAT:' + this.token).toString('base64'); } // This handler cannot handle 401 canHandleAuthentication(response) { return false; } handleAuthentication(httpClient, requestInfo, objs) { return null; } } exports.PersonalAccessTokenCredentialHandler = PersonalAccessTokenCredentialHandler; /***/ }), /***/ 9925: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); const http = __nccwpck_require__(8605); const https = __nccwpck_require__(7211); const pm = __nccwpck_require__(6443); let tunnel; var HttpCodes; (function (HttpCodes) { HttpCodes[HttpCodes["OK"] = 200] = "OK"; HttpCodes[HttpCodes["MultipleChoices"] = 300] = "MultipleChoices"; HttpCodes[HttpCodes["MovedPermanently"] = 301] = "MovedPermanently"; HttpCodes[HttpCodes["ResourceMoved"] = 302] = "ResourceMoved"; HttpCodes[HttpCodes["SeeOther"] = 303] = "SeeOther"; HttpCodes[HttpCodes["NotModified"] = 304] = "NotModified"; HttpCodes[HttpCodes["UseProxy"] = 305] = "UseProxy"; HttpCodes[HttpCodes["SwitchProxy"] = 306] = "SwitchProxy"; HttpCodes[HttpCodes["TemporaryRedirect"] = 307] = "TemporaryRedirect"; HttpCodes[HttpCodes["PermanentRedirect"] = 308] = "PermanentRedirect"; HttpCodes[HttpCodes["BadRequest"] = 400] = "BadRequest"; HttpCodes[HttpCodes["Unauthorized"] = 401] = "Unauthorized"; HttpCodes[HttpCodes["PaymentRequired"] = 402] = "PaymentRequired"; HttpCodes[HttpCodes["Forbidden"] = 403] = "Forbidden"; HttpCodes[HttpCodes["NotFound"] = 404] = "NotFound"; HttpCodes[HttpCodes["MethodNotAllowed"] = 405] = "MethodNotAllowed"; HttpCodes[HttpCodes["NotAcceptable"] = 406] = "NotAcceptable"; HttpCodes[HttpCodes["ProxyAuthenticationRequired"] = 407] = "ProxyAuthenticationRequired"; HttpCodes[HttpCodes["RequestTimeout"] = 408] = "RequestTimeout"; HttpCodes[HttpCodes["Conflict"] = 409] = "Conflict"; HttpCodes[HttpCodes["Gone"] = 410] = "Gone"; HttpCodes[HttpCodes["TooManyRequests"] = 429] = "TooManyRequests"; HttpCodes[HttpCodes["InternalServerError"] = 500] = "InternalServerError"; HttpCodes[HttpCodes["NotImplemented"] = 501] = "NotImplemented"; HttpCodes[HttpCodes["BadGateway"] = 502] = "BadGateway"; HttpCodes[HttpCodes["ServiceUnavailable"] = 503] = "ServiceUnavailable"; HttpCodes[HttpCodes["GatewayTimeout"] = 504] = "GatewayTimeout"; })(HttpCodes = exports.HttpCodes || (exports.HttpCodes = {})); var Headers; (function (Headers) { Headers["Accept"] = "accept"; Headers["ContentType"] = "content-type"; })(Headers = exports.Headers || (exports.Headers = {})); var MediaTypes; (function (MediaTypes) { MediaTypes["ApplicationJson"] = "application/json"; })(MediaTypes = exports.MediaTypes || (exports.MediaTypes = {})); /** * Returns the proxy URL, depending upon the supplied url and proxy environment variables. * @param serverUrl The server URL where the request will be sent. For example, https://api.github.com */ function getProxyUrl(serverUrl) { let proxyUrl = pm.getProxyUrl(new URL(serverUrl)); return proxyUrl ? proxyUrl.href : ''; } exports.getProxyUrl = getProxyUrl; const HttpRedirectCodes = [ HttpCodes.MovedPermanently, HttpCodes.ResourceMoved, HttpCodes.SeeOther, HttpCodes.TemporaryRedirect, HttpCodes.PermanentRedirect ]; const HttpResponseRetryCodes = [ HttpCodes.BadGateway, HttpCodes.ServiceUnavailable, HttpCodes.GatewayTimeout ]; const RetryableHttpVerbs = ['OPTIONS', 'GET', 'DELETE', 'HEAD']; const ExponentialBackoffCeiling = 10; const ExponentialBackoffTimeSlice = 5; class HttpClientError extends Error { constructor(message, statusCode) { super(message); this.name = 'HttpClientError'; this.statusCode = statusCode; Object.setPrototypeOf(this, HttpClientError.prototype); } } exports.HttpClientError = HttpClientError; class HttpClientResponse { constructor(message) { this.message = message; } readBody() { return new Promise(async (resolve, reject) => { let output = Buffer.alloc(0); this.message.on('data', (chunk) => { output = Buffer.concat([output, chunk]); }); this.message.on('end', () => { resolve(output.toString()); }); }); } } exports.HttpClientResponse = HttpClientResponse; function isHttps(requestUrl) { let parsedUrl = new URL(requestUrl); return parsedUrl.protocol === 'https:'; } exports.isHttps = isHttps; class HttpClient { constructor(userAgent, handlers, requestOptions) { this._ignoreSslError = false; this._allowRedirects = true; this._allowRedirectDowngrade = false; this._maxRedirects = 50; this._allowRetries = false; this._maxRetries = 1; this._keepAlive = false; this._disposed = false; this.userAgent = userAgent; this.handlers = handlers || []; this.requestOptions = requestOptions; if (requestOptions) { if (requestOptions.ignoreSslError != null) { this._ignoreSslError = requestOptions.ignoreSslError; } this._socketTimeout = requestOptions.socketTimeout; if (requestOptions.allowRedirects != null) { this._allowRedirects = requestOptions.allowRedirects; } if (requestOptions.allowRedirectDowngrade != null) { this._allowRedirectDowngrade = requestOptions.allowRedirectDowngrade; } if (requestOptions.maxRedirects != null) { this._maxRedirects = Math.max(requestOptions.maxRedirects, 0); } if (requestOptions.keepAlive != null) { this._keepAlive = requestOptions.keepAlive; } if (requestOptions.allowRetries != null) { this._allowRetries = requestOptions.allowRetries; } if (requestOptions.maxRetries != null) { this._maxRetries = requestOptions.maxRetries; } } } options(requestUrl, additionalHeaders) { return this.request('OPTIONS', requestUrl, null, additionalHeaders || {}); } get(requestUrl, additionalHeaders) { return this.request('GET', requestUrl, null, additionalHeaders || {}); } del(requestUrl, additionalHeaders) { return this.request('DELETE', requestUrl, null, additionalHeaders || {}); } post(requestUrl, data, additionalHeaders) { return this.request('POST', requestUrl, data, additionalHeaders || {}); } patch(requestUrl, data, additionalHeaders) { return this.request('PATCH', requestUrl, data, additionalHeaders || {}); } put(requestUrl, data, additionalHeaders) { return this.request('PUT', requestUrl, data, additionalHeaders || {}); } head(requestUrl, additionalHeaders) { return this.request('HEAD', requestUrl, null, additionalHeaders || {}); } sendStream(verb, requestUrl, stream, additionalHeaders) { return this.request(verb, requestUrl, stream, additionalHeaders); } /** * Gets a typed object from an endpoint * Be aware that not found returns a null. Other errors (4xx, 5xx) reject the promise */ async getJson(requestUrl, additionalHeaders = {}) { additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson); let res = await this.get(requestUrl, additionalHeaders); return this._processResponse(res, this.requestOptions); } async postJson(requestUrl, obj, additionalHeaders = {}) { let data = JSON.stringify(obj, null, 2); additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson); additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.ContentType, MediaTypes.ApplicationJson); let res = await this.post(requestUrl, data, additionalHeaders); return this._processResponse(res, this.requestOptions); } async putJson(requestUrl, obj, additionalHeaders = {}) { let data = JSON.stringify(obj, null, 2); additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson); additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.ContentType, MediaTypes.ApplicationJson); let res = await this.put(requestUrl, data, additionalHeaders); return this._processResponse(res, this.requestOptions); } async patchJson(requestUrl, obj, additionalHeaders = {}) { let data = JSON.stringify(obj, null, 2); additionalHeaders[Headers.Accept] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.Accept, MediaTypes.ApplicationJson); additionalHeaders[Headers.ContentType] = this._getExistingOrDefaultHeader(additionalHeaders, Headers.ContentType, MediaTypes.ApplicationJson); let res = await this.patch(requestUrl, data, additionalHeaders); return this._processResponse(res, this.requestOptions); } /** * Makes a raw http request. * All other methods such as get, post, patch, and request ultimately call this. * Prefer get, del, post and patch */ async request(verb, requestUrl, data, headers) { if (this._disposed) { throw new Error('Client has already been disposed.'); } let parsedUrl = new URL(requestUrl); let info = this._prepareRequest(verb, parsedUrl, headers); // Only perform retries on reads since writes may not be idempotent. let maxTries = this._allowRetries && RetryableHttpVerbs.indexOf(verb) != -1 ? this._maxRetries + 1 : 1; let numTries = 0; let response; while (numTries < maxTries) { response = await this.requestRaw(info, data); // Check if it's an authentication challenge if (response && response.message && response.message.statusCode === HttpCodes.Unauthorized) { let authenticationHandler; for (let i = 0; i < this.handlers.length; i++) { if (this.handlers[i].canHandleAuthentication(response)) { authenticationHandler = this.handlers[i]; break; } } if (authenticationHandler) { return authenticationHandler.handleAuthentication(this, info, data); } else { // We have received an unauthorized response but have no handlers to handle it. // Let the response return to the caller. return response; } } let redirectsRemaining = this._maxRedirects; while (HttpRedirectCodes.indexOf(response.message.statusCode) != -1 && this._allowRedirects && redirectsRemaining > 0) { const redirectUrl = response.message.headers['location']; if (!redirectUrl) { // if there's no location to redirect to, we won't break; } let parsedRedirectUrl = new URL(redirectUrl); if (parsedUrl.protocol == 'https:' && parsedUrl.protocol != parsedRedirectUrl.protocol && !this._allowRedirectDowngrade) { throw new Error('Redirect from HTTPS to HTTP protocol. This downgrade is not allowed for security reasons. If you want to allow this behavior, set the allowRedirectDowngrade option to true.'); } // we need to finish reading the response before reassigning response // which will leak the open socket. await response.readBody(); // strip authorization header if redirected to a different hostname if (parsedRedirectUrl.hostname !== parsedUrl.hostname) { for (let header in headers) { // header names are case insensitive if (header.toLowerCase() === 'authorization') { delete headers[header]; } } } // let's make the request with the new redirectUrl info = this._prepareRequest(verb, parsedRedirectUrl, headers); response = await this.requestRaw(info, data); redirectsRemaining--; } if (HttpResponseRetryCodes.indexOf(response.message.statusCode) == -1) { // If not a retry code, return immediately instead of retrying return response; } numTries += 1; if (numTries < maxTries) { await response.readBody(); await this._performExponentialBackoff(numTries); } } return response; } /** * Needs to be called if keepAlive is set to true in request options. */ dispose() { if (this._agent) { this._agent.destroy(); } this._disposed = true; } /** * Raw request. * @param info * @param data */ requestRaw(info, data) { return new Promise((resolve, reject) => { let callbackForResult = function (err, res) { if (err) { reject(err); } resolve(res); }; this.requestRawWithCallback(info, data, callbackForResult); }); } /** * Raw request with callback. * @param info * @param data * @param onResult */ requestRawWithCallback(info, data, onResult) { let socket; if (typeof data === 'string') { info.options.headers['Content-Length'] = Buffer.byteLength(data, 'utf8'); } let callbackCalled = false; let handleResult = (err, res) => { if (!callbackCalled) { callbackCalled = true; onResult(err, res); } }; let req = info.httpModule.request(info.options, (msg) => { let res = new HttpClientResponse(msg); handleResult(null, res); }); req.on('socket', sock => { socket = sock; }); // If we ever get disconnected, we want the socket to timeout eventually req.setTimeout(this._socketTimeout || 3 * 60000, () => { if (socket) { socket.end(); } handleResult(new Error('Request timeout: ' + info.options.path), null); }); req.on('error', function (err) { // err has statusCode property // res should have headers handleResult(err, null); }); if (data && typeof data === 'string') { req.write(data, 'utf8'); } if (data && typeof data !== 'string') { data.on('close', function () { req.end(); }); data.pipe(req); } else { req.end(); } } /** * Gets an http agent. This function is useful when you need an http agent that handles * routing through a proxy server - depending upon the url and proxy environment variables. * @param serverUrl The server URL where the request will be sent. For example, https://api.github.com */ getAgent(serverUrl) { let parsedUrl = new URL(serverUrl); return this._getAgent(parsedUrl); } _prepareRequest(method, requestUrl, headers) { const info = {}; info.parsedUrl = requestUrl; const usingSsl = info.parsedUrl.protocol === 'https:'; info.httpModule = usingSsl ? https : http; const defaultPort = usingSsl ? 443 : 80; info.options = {}; info.options.host = info.parsedUrl.hostname; info.options.port = info.parsedUrl.port ? parseInt(info.parsedUrl.port) : defaultPort; info.options.path = (info.parsedUrl.pathname || '') + (info.parsedUrl.search || ''); info.options.method = method; info.options.headers = this._mergeHeaders(headers); if (this.userAgent != null) { info.options.headers['user-agent'] = this.userAgent; } info.options.agent = this._getAgent(info.parsedUrl); // gives handlers an opportunity to participate if (this.handlers) { this.handlers.forEach(handler => { handler.prepareRequest(info.options); }); } return info; } _mergeHeaders(headers) { const lowercaseKeys = obj => Object.keys(obj).reduce((c, k) => ((c[k.toLowerCase()] = obj[k]), c), {}); if (this.requestOptions && this.requestOptions.headers) { return Object.assign({}, lowercaseKeys(this.requestOptions.headers), lowercaseKeys(headers)); } return lowercaseKeys(headers || {}); } _getExistingOrDefaultHeader(additionalHeaders, header, _default) { const lowercaseKeys = obj => Object.keys(obj).reduce((c, k) => ((c[k.toLowerCase()] = obj[k]), c), {}); let clientHeader; if (this.requestOptions && this.requestOptions.headers) { clientHeader = lowercaseKeys(this.requestOptions.headers)[header]; } return additionalHeaders[header] || clientHeader || _default; } _getAgent(parsedUrl) { let agent; let proxyUrl = pm.getProxyUrl(parsedUrl); let useProxy = proxyUrl && proxyUrl.hostname; if (this._keepAlive && useProxy) { agent = this._proxyAgent; } if (this._keepAlive && !useProxy) { agent = this._agent; } // if agent is already assigned use that agent. if (!!agent) { return agent; } const usingSsl = parsedUrl.protocol === 'https:'; let maxSockets = 100; if (!!this.requestOptions) { maxSockets = this.requestOptions.maxSockets || http.globalAgent.maxSockets; } if (useProxy) { // If using proxy, need tunnel if (!tunnel) { tunnel = __nccwpck_require__(4294); } const agentOptions = { maxSockets: maxSockets, keepAlive: this._keepAlive, proxy: { ...((proxyUrl.username || proxyUrl.password) && { proxyAuth: `${proxyUrl.username}:${proxyUrl.password}` }), host: proxyUrl.hostname, port: proxyUrl.port } }; let tunnelAgent; const overHttps = proxyUrl.protocol === 'https:'; if (usingSsl) { tunnelAgent = overHttps ? tunnel.httpsOverHttps : tunnel.httpsOverHttp; } else { tunnelAgent = overHttps ? tunnel.httpOverHttps : tunnel.httpOverHttp; } agent = tunnelAgent(agentOptions); this._proxyAgent = agent; } // if reusing agent across request and tunneling agent isn't assigned create a new agent if (this._keepAlive && !agent) { const options = { keepAlive: this._keepAlive, maxSockets: maxSockets }; agent = usingSsl ? new https.Agent(options) : new http.Agent(options); this._agent = agent; } // if not using private agent and tunnel agent isn't setup then use global agent if (!agent) { agent = usingSsl ? https.globalAgent : http.globalAgent; } if (usingSsl && this._ignoreSslError) { // we don't want to set NODE_TLS_REJECT_UNAUTHORIZED=0 since that will affect request for entire process // http.RequestOptions doesn't expose a way to modify RequestOptions.agent.options // we have to cast it to any and change it directly agent.options = Object.assign(agent.options || {}, { rejectUnauthorized: false }); } return agent; } _performExponentialBackoff(retryNumber) { retryNumber = Math.min(ExponentialBackoffCeiling, retryNumber); const ms = ExponentialBackoffTimeSlice * Math.pow(2, retryNumber); return new Promise(resolve => setTimeout(() => resolve(), ms)); } static dateTimeDeserializer(key, value) { if (typeof value === 'string') { let a = new Date(value); if (!isNaN(a.valueOf())) { return a; } } return value; } async _processResponse(res, options) { return new Promise(async (resolve, reject) => { const statusCode = res.message.statusCode; const response = { statusCode: statusCode, result: null, headers: {} }; // not found leads to null obj returned if (statusCode == HttpCodes.NotFound) { resolve(response); } let obj; let contents; // get the result from the body try { contents = await res.readBody(); if (contents && contents.length > 0) { if (options && options.deserializeDates) { obj = JSON.parse(contents, HttpClient.dateTimeDeserializer); } else { obj = JSON.parse(contents); } response.result = obj; } response.headers = res.message.headers; } catch (err) { // Invalid resource (contents not json); leaving result obj null } // note that 3xx redirects are handled by the http layer. if (statusCode > 299) { let msg; // if exception/error in body, attempt to get better error if (obj && obj.message) { msg = obj.message; } else if (contents && contents.length > 0) { // it may be the case that the exception is in the body message as string msg = contents; } else { msg = 'Failed request: (' + statusCode + ')'; } let err = new HttpClientError(msg, statusCode); err.result = response.result; reject(err); } else { resolve(response); } }); } } exports.HttpClient = HttpClient; /***/ }), /***/ 6443: /***/ ((__unused_webpack_module, exports) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); function getProxyUrl(reqUrl) { let usingSsl = reqUrl.protocol === 'https:'; let proxyUrl; if (checkBypass(reqUrl)) { return proxyUrl; } let proxyVar; if (usingSsl) { proxyVar = process.env['https_proxy'] || process.env['HTTPS_PROXY']; } else { proxyVar = process.env['http_proxy'] || process.env['HTTP_PROXY']; } if (proxyVar) { proxyUrl = new URL(proxyVar); } return proxyUrl; } exports.getProxyUrl = getProxyUrl; function checkBypass(reqUrl) { if (!reqUrl.hostname) { return false; } let noProxy = process.env['no_proxy'] || process.env['NO_PROXY'] || ''; if (!noProxy) { return false; } // Determine the request port let reqPort; if (reqUrl.port) { reqPort = Number(reqUrl.port); } else if (reqUrl.protocol === 'http:') { reqPort = 80; } else if (reqUrl.protocol === 'https:') { reqPort = 443; } // Format the request hostname and hostname with port let upperReqHosts = [reqUrl.hostname.toUpperCase()]; if (typeof reqPort === 'number') { upperReqHosts.push(`${upperReqHosts[0]}:${reqPort}`); } // Compare request host against noproxy for (let upperNoProxyItem of noProxy .split(',') .map(x => x.trim().toUpperCase()) .filter(x => x)) { if (upperReqHosts.some(x => x === upperNoProxyItem)) { return true; } } return false; } exports.checkBypass = checkBypass; /***/ }), /***/ 334: /***/ ((__unused_webpack_module, exports) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); async function auth(token) { const tokenType = token.split(/\./).length === 3 ? "app" : /^v\d+\./.test(token) ? "installation" : "oauth"; return { type: "token", token: token, tokenType }; } /** * Prefix token for usage in the Authorization header * * @param token OAuth token or JSON Web Token */ function withAuthorizationPrefix(token) { if (token.split(/\./).length === 3) { return `bearer ${token}`; } return `token ${token}`; } async function hook(token, request, route, parameters) { const endpoint = request.endpoint.merge(route, parameters); endpoint.headers.authorization = withAuthorizationPrefix(token); return request(endpoint); } const createTokenAuth = function createTokenAuth(token) { if (!token) { throw new Error("[@octokit/auth-token] No token passed to createTokenAuth"); } if (typeof token !== "string") { throw new Error("[@octokit/auth-token] Token passed to createTokenAuth is not a string"); } token = token.replace(/^(token|bearer) +/i, ""); return Object.assign(auth.bind(null, token), { hook: hook.bind(null, token) }); }; exports.createTokenAuth = createTokenAuth; //# sourceMappingURL=index.js.map /***/ }), /***/ 6762: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); var universalUserAgent = __nccwpck_require__(5030); var beforeAfterHook = __nccwpck_require__(3682); var request = __nccwpck_require__(6234); var graphql = __nccwpck_require__(8467); var authToken = __nccwpck_require__(334); function _objectWithoutPropertiesLoose(source, excluded) { if (source == null) return {}; var target = {}; var sourceKeys = Object.keys(source); var key, i; for (i = 0; i < sourceKeys.length; i++) { key = sourceKeys[i]; if (excluded.indexOf(key) >= 0) continue; target[key] = source[key]; } return target; } function _objectWithoutProperties(source, excluded) { if (source == null) return {}; var target = _objectWithoutPropertiesLoose(source, excluded); var key, i; if (Object.getOwnPropertySymbols) { var sourceSymbolKeys = Object.getOwnPropertySymbols(source); for (i = 0; i < sourceSymbolKeys.length; i++) { key = sourceSymbolKeys[i]; if (excluded.indexOf(key) >= 0) continue; if (!Object.prototype.propertyIsEnumerable.call(source, key)) continue; target[key] = source[key]; } } return target; } const VERSION = "3.4.0"; class Octokit { constructor(options = {}) { const hook = new beforeAfterHook.Collection(); const requestDefaults = { baseUrl: request.request.endpoint.DEFAULTS.baseUrl, headers: {}, request: Object.assign({}, options.request, { // @ts-ignore internal usage only, no need to type hook: hook.bind(null, "request") }), mediaType: { previews: [], format: "" } }; // prepend default user agent with `options.userAgent` if set requestDefaults.headers["user-agent"] = [options.userAgent, `octokit-core.js/${VERSION} ${universalUserAgent.getUserAgent()}`].filter(Boolean).join(" "); if (options.baseUrl) { requestDefaults.baseUrl = options.baseUrl; } if (options.previews) { requestDefaults.mediaType.previews = options.previews; } if (options.timeZone) { requestDefaults.headers["time-zone"] = options.timeZone; } this.request = request.request.defaults(requestDefaults); this.graphql = graphql.withCustomRequest(this.request).defaults(requestDefaults); this.log = Object.assign({ debug: () => {}, info: () => {}, warn: console.warn.bind(console), error: console.error.bind(console) }, options.log); this.hook = hook; // (1) If neither `options.authStrategy` nor `options.auth` are set, the `octokit` instance // is unauthenticated. The `this.auth()` method is a no-op and no request hook is registered. // (2) If only `options.auth` is set, use the default token authentication strategy. // (3) If `options.authStrategy` is set then use it and pass in `options.auth`. Always pass own request as many strategies accept a custom request instance. // TODO: type `options.auth` based on `options.authStrategy`. if (!options.authStrategy) { if (!options.auth) { // (1) this.auth = async () => ({ type: "unauthenticated" }); } else { // (2) const auth = authToken.createTokenAuth(options.auth); // @ts-ignore ¯\_(ツ)_/¯ hook.wrap("request", auth.hook); this.auth = auth; } } else { const { authStrategy } = options, otherOptions = _objectWithoutProperties(options, ["authStrategy"]); const auth = authStrategy(Object.assign({ request: this.request, log: this.log, // we pass the current octokit instance as well as its constructor options // to allow for authentication strategies that return a new octokit instance // that shares the same internal state as the current one. The original // requirement for this was the "event-octokit" authentication strategy // of https://github.com/probot/octokit-auth-probot. octokit: this, octokitOptions: otherOptions }, options.auth)); // @ts-ignore ¯\_(ツ)_/¯ hook.wrap("request", auth.hook); this.auth = auth; } // apply plugins // https://stackoverflow.com/a/16345172 const classConstructor = this.constructor; classConstructor.plugins.forEach(plugin => { Object.assign(this, plugin(this, options)); }); } static defaults(defaults) { const OctokitWithDefaults = class extends this { constructor(...args) { const options = args[0] || {}; if (typeof defaults === "function") { super(defaults(options)); return; } super(Object.assign({}, defaults, options, options.userAgent && defaults.userAgent ? { userAgent: `${options.userAgent} ${defaults.userAgent}` } : null)); } }; return OctokitWithDefaults; } /** * Attach a plugin (or many) to your Octokit instance. * * @example * const API = Octokit.plugin(plugin1, plugin2, plugin3, ...) */ static plugin(...newPlugins) { var _a; const currentPlugins = this.plugins; const NewOctokit = (_a = class extends this {}, _a.plugins = currentPlugins.concat(newPlugins.filter(plugin => !currentPlugins.includes(plugin))), _a); return NewOctokit; } } Octokit.VERSION = VERSION; Octokit.plugins = []; exports.Octokit = Octokit; //# sourceMappingURL=index.js.map /***/ }), /***/ 9440: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); var isPlainObject = __nccwpck_require__(3287); var universalUserAgent = __nccwpck_require__(5030); function lowercaseKeys(object) { if (!object) { return {}; } return Object.keys(object).reduce((newObj, key) => { newObj[key.toLowerCase()] = object[key]; return newObj; }, {}); } function mergeDeep(defaults, options) { const result = Object.assign({}, defaults); Object.keys(options).forEach(key => { if (isPlainObject.isPlainObject(options[key])) { if (!(key in defaults)) Object.assign(result, { [key]: options[key] });else result[key] = mergeDeep(defaults[key], options[key]); } else { Object.assign(result, { [key]: options[key] }); } }); return result; } function removeUndefinedProperties(obj) { for (const key in obj) { if (obj[key] === undefined) { delete obj[key]; } } return obj; } function merge(defaults, route, options) { if (typeof route === "string") { let [method, url] = route.split(" "); options = Object.assign(url ? { method, url } : { url: method }, options); } else { options = Object.assign({}, route); } // lowercase header names before merging with defaults to avoid duplicates options.headers = lowercaseKeys(options.headers); // remove properties with undefined values before merging removeUndefinedProperties(options); removeUndefinedProperties(options.headers); const mergedOptions = mergeDeep(defaults || {}, options); // mediaType.previews arrays are merged, instead of overwritten if (defaults && defaults.mediaType.previews.length) { mergedOptions.mediaType.previews = defaults.mediaType.previews.filter(preview => !mergedOptions.mediaType.previews.includes(preview)).concat(mergedOptions.mediaType.previews); } mergedOptions.mediaType.previews = mergedOptions.mediaType.previews.map(preview => preview.replace(/-preview/, "")); return mergedOptions; } function addQueryParameters(url, parameters) { const separator = /\?/.test(url) ? "&" : "?"; const names = Object.keys(parameters); if (names.length === 0) { return url; } return url + separator + names.map(name => { if (name === "q") { return "q=" + parameters.q.split("+").map(encodeURIComponent).join("+"); } return `${name}=${encodeURIComponent(parameters[name])}`; }).join("&"); } const urlVariableRegex = /\{[^}]+\}/g; function removeNonChars(variableName) { return variableName.replace(/^\W+|\W+$/g, "").split(/,/); } function extractUrlVariableNames(url) { const matches = url.match(urlVariableRegex); if (!matches) { return []; } return matches.map(removeNonChars).reduce((a, b) => a.concat(b), []); } function omit(object, keysToOmit) { return Object.keys(object).filter(option => !keysToOmit.includes(option)).reduce((obj, key) => { obj[key] = object[key]; return obj; }, {}); } // Based on https://github.com/bramstein/url-template, licensed under BSD // TODO: create separate package. // // Copyright (c) 2012-2014, Bram Stein // All rights reserved. // Redistribution and use in source and binary forms, with or without // modification, are permitted provided that the following conditions // are met: // 1. Redistributions of source code must retain the above copyright // notice, this list of conditions and the following disclaimer. // 2. Redistributions in binary form must reproduce the above copyright // notice, this list of conditions and the following disclaimer in the // documentation and/or other materials provided with the distribution. // 3. The name of the author may not be used to endorse or promote products // derived from this software without specific prior written permission. // THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED // WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO // EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, // INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, // BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY // OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING // NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, // EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. /* istanbul ignore file */ function encodeReserved(str) { return str.split(/(%[0-9A-Fa-f]{2})/g).map(function (part) { if (!/%[0-9A-Fa-f]/.test(part)) { part = encodeURI(part).replace(/%5B/g, "[").replace(/%5D/g, "]"); } return part; }).join(""); } function encodeUnreserved(str) { return encodeURIComponent(str).replace(/[!'()*]/g, function (c) { return "%" + c.charCodeAt(0).toString(16).toUpperCase(); }); } function encodeValue(operator, value, key) { value = operator === "+" || operator === "#" ? encodeReserved(value) : encodeUnreserved(value); if (key) { return encodeUnreserved(key) + "=" + value; } else { return value; } } function isDefined(value) { return value !== undefined && value !== null; } function isKeyOperator(operator) { return operator === ";" || operator === "&" || operator === "?"; } function getValues(context, operator, key, modifier) { var value = context[key], result = []; if (isDefined(value) && value !== "") { if (typeof value === "string" || typeof value === "number" || typeof value === "boolean") { value = value.toString(); if (modifier && modifier !== "*") { value = value.substring(0, parseInt(modifier, 10)); } result.push(encodeValue(operator, value, isKeyOperator(operator) ? key : "")); } else { if (modifier === "*") { if (Array.isArray(value)) { value.filter(isDefined).forEach(function (value) { result.push(encodeValue(operator, value, isKeyOperator(operator) ? key : "")); }); } else { Object.keys(value).forEach(function (k) { if (isDefined(value[k])) { result.push(encodeValue(operator, value[k], k)); } }); } } else { const tmp = []; if (Array.isArray(value)) { value.filter(isDefined).forEach(function (value) { tmp.push(encodeValue(operator, value)); }); } else { Object.keys(value).forEach(function (k) { if (isDefined(value[k])) { tmp.push(encodeUnreserved(k)); tmp.push(encodeValue(operator, value[k].toString())); } }); } if (isKeyOperator(operator)) { result.push(encodeUnreserved(key) + "=" + tmp.join(",")); } else if (tmp.length !== 0) { result.push(tmp.join(",")); } } } } else { if (operator === ";") { if (isDefined(value)) { result.push(encodeUnreserved(key)); } } else if (value === "" && (operator === "&" || operator === "?")) { result.push(encodeUnreserved(key) + "="); } else if (value === "") { result.push(""); } } return result; } function parseUrl(template) { return { expand: expand.bind(null, template) }; } function expand(template, context) { var operators = ["+", "#", ".", "/", ";", "?", "&"]; return template.replace(/\{([^\{\}]+)\}|([^\{\}]+)/g, function (_, expression, literal) { if (expression) { let operator = ""; const values = []; if (operators.indexOf(expression.charAt(0)) !== -1) { operator = expression.charAt(0); expression = expression.substr(1); } expression.split(/,/g).forEach(function (variable) { var tmp = /([^:\*]*)(?::(\d+)|(\*))?/.exec(variable); values.push(getValues(context, operator, tmp[1], tmp[2] || tmp[3])); }); if (operator && operator !== "+") { var separator = ","; if (operator === "?") { separator = "&"; } else if (operator !== "#") { separator = operator; } return (values.length !== 0 ? operator : "") + values.join(separator); } else { return values.join(","); } } else { return encodeReserved(literal); } }); } function parse(options) { // https://fetch.spec.whatwg.org/#methods let method = options.method.toUpperCase(); // replace :varname with {varname} to make it RFC 6570 compatible let url = (options.url || "/").replace(/:([a-z]\w+)/g, "{$1}"); let headers = Object.assign({}, options.headers); let body; let parameters = omit(options, ["method", "baseUrl", "url", "headers", "request", "mediaType"]); // extract variable names from URL to calculate remaining variables later const urlVariableNames = extractUrlVariableNames(url); url = parseUrl(url).expand(parameters); if (!/^http/.test(url)) { url = options.baseUrl + url; } const omittedParameters = Object.keys(options).filter(option => urlVariableNames.includes(option)).concat("baseUrl"); const remainingParameters = omit(parameters, omittedParameters); const isBinaryRequest = /application\/octet-stream/i.test(headers.accept); if (!isBinaryRequest) { if (options.mediaType.format) { // e.g. application/vnd.github.v3+json => application/vnd.github.v3.raw headers.accept = headers.accept.split(/,/).map(preview => preview.replace(/application\/vnd(\.\w+)(\.v3)?(\.\w+)?(\+json)?$/, `application/vnd$1$2.${options.mediaType.format}`)).join(","); } if (options.mediaType.previews.length) { const previewsFromAcceptHeader = headers.accept.match(/[\w-]+(?=-preview)/g) || []; headers.accept = previewsFromAcceptHeader.concat(options.mediaType.previews).map(preview => { const format = options.mediaType.format ? `.${options.mediaType.format}` : "+json"; return `application/vnd.github.${preview}-preview${format}`; }).join(","); } } // for GET/HEAD requests, set URL query parameters from remaining parameters // for PATCH/POST/PUT/DELETE requests, set request body from remaining parameters if (["GET", "HEAD"].includes(method)) { url = addQueryParameters(url, remainingParameters); } else { if ("data" in remainingParameters) { body = remainingParameters.data; } else { if (Object.keys(remainingParameters).length) { body = remainingParameters; } else { headers["content-length"] = 0; } } } // default content-type for JSON if body is set if (!headers["content-type"] && typeof body !== "undefined") { headers["content-type"] = "application/json; charset=utf-8"; } // GitHub expects 'content-length: 0' header for PUT/PATCH requests without body. // fetch does not allow to set `content-length` header, but we can set body to an empty string if (["PATCH", "PUT"].includes(method) && typeof body === "undefined") { body = ""; } // Only return body/request keys if present return Object.assign({ method, url, headers }, typeof body !== "undefined" ? { body } : null, options.request ? { request: options.request } : null); } function endpointWithDefaults(defaults, route, options) { return parse(merge(defaults, route, options)); } function withDefaults(oldDefaults, newDefaults) { const DEFAULTS = merge(oldDefaults, newDefaults); const endpoint = endpointWithDefaults.bind(null, DEFAULTS); return Object.assign(endpoint, { DEFAULTS, defaults: withDefaults.bind(null, DEFAULTS), merge: merge.bind(null, DEFAULTS), parse }); } const VERSION = "6.0.11"; const userAgent = `octokit-endpoint.js/${VERSION} ${universalUserAgent.getUserAgent()}`; // DEFAULTS has all properties set that EndpointOptions has, except url. // So we use RequestParameters and add method as additional required property. const DEFAULTS = { method: "GET", baseUrl: "https://api.github.com", headers: { accept: "application/vnd.github.v3+json", "user-agent": userAgent }, mediaType: { format: "", previews: [] } }; const endpoint = withDefaults(null, DEFAULTS); exports.endpoint = endpoint; //# sourceMappingURL=index.js.map /***/ }), /***/ 8467: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); var request = __nccwpck_require__(6234); var universalUserAgent = __nccwpck_require__(5030); const VERSION = "4.6.2"; class GraphqlError extends Error { constructor(request, response) { const message = response.data.errors[0].message; super(message); Object.assign(this, response.data); Object.assign(this, { headers: response.headers }); this.name = "GraphqlError"; this.request = request; // Maintains proper stack trace (only available on V8) /* istanbul ignore next */ if (Error.captureStackTrace) { Error.captureStackTrace(this, this.constructor); } } } const NON_VARIABLE_OPTIONS = ["method", "baseUrl", "url", "headers", "request", "query", "mediaType"]; const FORBIDDEN_VARIABLE_OPTIONS = ["query", "method", "url"]; const GHES_V3_SUFFIX_REGEX = /\/api\/v3\/?$/; function graphql(request, query, options) { if (options) { if (typeof query === "string" && "query" in options) { return Promise.reject(new Error(`[@octokit/graphql] "query" cannot be used as variable name`)); } for (const key in options) { if (!FORBIDDEN_VARIABLE_OPTIONS.includes(key)) continue; return Promise.reject(new Error(`[@octokit/graphql] "${key}" cannot be used as variable name`)); } } const parsedOptions = typeof query === "string" ? Object.assign({ query }, options) : query; const requestOptions = Object.keys(parsedOptions).reduce((result, key) => { if (NON_VARIABLE_OPTIONS.includes(key)) { result[key] = parsedOptions[key]; return result; } if (!result.variables) { result.variables = {}; } result.variables[key] = parsedOptions[key]; return result; }, {}); // workaround for GitHub Enterprise baseUrl set with /api/v3 suffix // https://github.com/octokit/auth-app.js/issues/111#issuecomment-657610451 const baseUrl = parsedOptions.baseUrl || request.endpoint.DEFAULTS.baseUrl; if (GHES_V3_SUFFIX_REGEX.test(baseUrl)) { requestOptions.url = baseUrl.replace(GHES_V3_SUFFIX_REGEX, "/api/graphql"); } return request(requestOptions).then(response => { if (response.data.errors) { const headers = {}; for (const key of Object.keys(response.headers)) { headers[key] = response.headers[key]; } throw new GraphqlError(requestOptions, { headers, data: response.data }); } return response.data.data; }); } function withDefaults(request$1, newDefaults) { const newRequest = request$1.defaults(newDefaults); const newApi = (query, options) => { return graphql(newRequest, query, options); }; return Object.assign(newApi, { defaults: withDefaults.bind(null, newRequest), endpoint: request.request.endpoint }); } const graphql$1 = withDefaults(request.request, { headers: { "user-agent": `octokit-graphql.js/${VERSION} ${universalUserAgent.getUserAgent()}` }, method: "POST", url: "/graphql" }); function withCustomRequest(customRequest) { return withDefaults(customRequest, { method: "POST", url: "/graphql" }); } exports.graphql = graphql$1; exports.withCustomRequest = withCustomRequest; //# sourceMappingURL=index.js.map /***/ }), /***/ 4193: /***/ ((__unused_webpack_module, exports) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); const VERSION = "2.13.3"; /** * Some “list” response that can be paginated have a different response structure * * They have a `total_count` key in the response (search also has `incomplete_results`, * /installation/repositories also has `repository_selection`), as well as a key with * the list of the items which name varies from endpoint to endpoint. * * Octokit normalizes these responses so that paginated results are always returned following * the same structure. One challenge is that if the list response has only one page, no Link * header is provided, so this header alone is not sufficient to check wether a response is * paginated or not. * * We check if a "total_count" key is present in the response data, but also make sure that * a "url" property is not, as the "Get the combined status for a specific ref" endpoint would * otherwise match: https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref */ function normalizePaginatedListResponse(response) { const responseNeedsNormalization = "total_count" in response.data && !("url" in response.data); if (!responseNeedsNormalization) return response; // keep the additional properties intact as there is currently no other way // to retrieve the same information. const incompleteResults = response.data.incomplete_results; const repositorySelection = response.data.repository_selection; const totalCount = response.data.total_count; delete response.data.incomplete_results; delete response.data.repository_selection; delete response.data.total_count; const namespaceKey = Object.keys(response.data)[0]; const data = response.data[namespaceKey]; response.data = data; if (typeof incompleteResults !== "undefined") { response.data.incomplete_results = incompleteResults; } if (typeof repositorySelection !== "undefined") { response.data.repository_selection = repositorySelection; } response.data.total_count = totalCount; return response; } function iterator(octokit, route, parameters) { const options = typeof route === "function" ? route.endpoint(parameters) : octokit.request.endpoint(route, parameters); const requestMethod = typeof route === "function" ? route : octokit.request; const method = options.method; const headers = options.headers; let url = options.url; return { [Symbol.asyncIterator]: () => ({ async next() { if (!url) return { done: true }; const response = await requestMethod({ method, url, headers }); const normalizedResponse = normalizePaginatedListResponse(response); // `response.headers.link` format: // '; rel="next", ; rel="last"' // sets `url` to undefined if "next" URL is not present or `link` header is not set url = ((normalizedResponse.headers.link || "").match(/<([^>]+)>;\s*rel="next"/) || [])[1]; return { value: normalizedResponse }; } }) }; } function paginate(octokit, route, parameters, mapFn) { if (typeof parameters === "function") { mapFn = parameters; parameters = undefined; } return gather(octokit, [], iterator(octokit, route, parameters)[Symbol.asyncIterator](), mapFn); } function gather(octokit, results, iterator, mapFn) { return iterator.next().then(result => { if (result.done) { return results; } let earlyExit = false; function done() { earlyExit = true; } results = results.concat(mapFn ? mapFn(result.value, done) : result.value.data); if (earlyExit) { return results; } return gather(octokit, results, iterator, mapFn); }); } const composePaginateRest = Object.assign(paginate, { iterator }); const paginatingEndpoints = ["GET /app/installations", "GET /applications/grants", "GET /authorizations", "GET /enterprises/{enterprise}/actions/permissions/organizations", "GET /enterprises/{enterprise}/actions/runner-groups", "GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/organizations", "GET /enterprises/{enterprise}/actions/runner-groups/{runner_group_id}/runners", "GET /enterprises/{enterprise}/actions/runners", "GET /enterprises/{enterprise}/actions/runners/downloads", "GET /events", "GET /gists", "GET /gists/public", "GET /gists/starred", "GET /gists/{gist_id}/comments", "GET /gists/{gist_id}/commits", "GET /gists/{gist_id}/forks", "GET /installation/repositories", "GET /issues", "GET /marketplace_listing/plans", "GET /marketplace_listing/plans/{plan_id}/accounts", "GET /marketplace_listing/stubbed/plans", "GET /marketplace_listing/stubbed/plans/{plan_id}/accounts", "GET /networks/{owner}/{repo}/events", "GET /notifications", "GET /organizations", "GET /orgs/{org}/actions/permissions/repositories", "GET /orgs/{org}/actions/runner-groups", "GET /orgs/{org}/actions/runner-groups/{runner_group_id}/repositories", "GET /orgs/{org}/actions/runner-groups/{runner_group_id}/runners", "GET /orgs/{org}/actions/runners", "GET /orgs/{org}/actions/runners/downloads", "GET /orgs/{org}/actions/secrets", "GET /orgs/{org}/actions/secrets/{secret_name}/repositories", "GET /orgs/{org}/blocks", "GET /orgs/{org}/credential-authorizations", "GET /orgs/{org}/events", "GET /orgs/{org}/failed_invitations", "GET /orgs/{org}/hooks", "GET /orgs/{org}/installations", "GET /orgs/{org}/invitations", "GET /orgs/{org}/invitations/{invitation_id}/teams", "GET /orgs/{org}/issues", "GET /orgs/{org}/members", "GET /orgs/{org}/migrations", "GET /orgs/{org}/migrations/{migration_id}/repositories", "GET /orgs/{org}/outside_collaborators", "GET /orgs/{org}/projects", "GET /orgs/{org}/public_members", "GET /orgs/{org}/repos", "GET /orgs/{org}/team-sync/groups", "GET /orgs/{org}/teams", "GET /orgs/{org}/teams/{team_slug}/discussions", "GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments", "GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", "GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", "GET /orgs/{org}/teams/{team_slug}/invitations", "GET /orgs/{org}/teams/{team_slug}/members", "GET /orgs/{org}/teams/{team_slug}/projects", "GET /orgs/{org}/teams/{team_slug}/repos", "GET /orgs/{org}/teams/{team_slug}/team-sync/group-mappings", "GET /orgs/{org}/teams/{team_slug}/teams", "GET /projects/columns/{column_id}/cards", "GET /projects/{project_id}/collaborators", "GET /projects/{project_id}/columns", "GET /repos/{owner}/{repo}/actions/artifacts", "GET /repos/{owner}/{repo}/actions/runners", "GET /repos/{owner}/{repo}/actions/runners/downloads", "GET /repos/{owner}/{repo}/actions/runs", "GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts", "GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs", "GET /repos/{owner}/{repo}/actions/secrets", "GET /repos/{owner}/{repo}/actions/workflows", "GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs", "GET /repos/{owner}/{repo}/assignees", "GET /repos/{owner}/{repo}/branches", "GET /repos/{owner}/{repo}/check-runs/{check_run_id}/annotations", "GET /repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs", "GET /repos/{owner}/{repo}/code-scanning/alerts", "GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances", "GET /repos/{owner}/{repo}/code-scanning/analyses", "GET /repos/{owner}/{repo}/collaborators", "GET /repos/{owner}/{repo}/comments", "GET /repos/{owner}/{repo}/comments/{comment_id}/reactions", "GET /repos/{owner}/{repo}/commits", "GET /repos/{owner}/{repo}/commits/{commit_sha}/branches-where-head", "GET /repos/{owner}/{repo}/commits/{commit_sha}/comments", "GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls", "GET /repos/{owner}/{repo}/commits/{ref}/check-runs", "GET /repos/{owner}/{repo}/commits/{ref}/check-suites", "GET /repos/{owner}/{repo}/commits/{ref}/statuses", "GET /repos/{owner}/{repo}/contributors", "GET /repos/{owner}/{repo}/deployments", "GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses", "GET /repos/{owner}/{repo}/events", "GET /repos/{owner}/{repo}/forks", "GET /repos/{owner}/{repo}/git/matching-refs/{ref}", "GET /repos/{owner}/{repo}/hooks", "GET /repos/{owner}/{repo}/invitations", "GET /repos/{owner}/{repo}/issues", "GET /repos/{owner}/{repo}/issues/comments", "GET /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions", "GET /repos/{owner}/{repo}/issues/events", "GET /repos/{owner}/{repo}/issues/{issue_number}/comments", "GET /repos/{owner}/{repo}/issues/{issue_number}/events", "GET /repos/{owner}/{repo}/issues/{issue_number}/labels", "GET /repos/{owner}/{repo}/issues/{issue_number}/reactions", "GET /repos/{owner}/{repo}/issues/{issue_number}/timeline", "GET /repos/{owner}/{repo}/keys", "GET /repos/{owner}/{repo}/labels", "GET /repos/{owner}/{repo}/milestones", "GET /repos/{owner}/{repo}/milestones/{milestone_number}/labels", "GET /repos/{owner}/{repo}/notifications", "GET /repos/{owner}/{repo}/pages/builds", "GET /repos/{owner}/{repo}/projects", "GET /repos/{owner}/{repo}/pulls", "GET /repos/{owner}/{repo}/pulls/comments", "GET /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions", "GET /repos/{owner}/{repo}/pulls/{pull_number}/comments", "GET /repos/{owner}/{repo}/pulls/{pull_number}/commits", "GET /repos/{owner}/{repo}/pulls/{pull_number}/files", "GET /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers", "GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews", "GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments", "GET /repos/{owner}/{repo}/releases", "GET /repos/{owner}/{repo}/releases/{release_id}/assets", "GET /repos/{owner}/{repo}/secret-scanning/alerts", "GET /repos/{owner}/{repo}/stargazers", "GET /repos/{owner}/{repo}/subscribers", "GET /repos/{owner}/{repo}/tags", "GET /repos/{owner}/{repo}/teams", "GET /repositories", "GET /repositories/{repository_id}/environments/{environment_name}/secrets", "GET /scim/v2/enterprises/{enterprise}/Groups", "GET /scim/v2/enterprises/{enterprise}/Users", "GET /scim/v2/organizations/{org}/Users", "GET /search/code", "GET /search/commits", "GET /search/issues", "GET /search/labels", "GET /search/repositories", "GET /search/topics", "GET /search/users", "GET /teams/{team_id}/discussions", "GET /teams/{team_id}/discussions/{discussion_number}/comments", "GET /teams/{team_id}/discussions/{discussion_number}/comments/{comment_number}/reactions", "GET /teams/{team_id}/discussions/{discussion_number}/reactions", "GET /teams/{team_id}/invitations", "GET /teams/{team_id}/members", "GET /teams/{team_id}/projects", "GET /teams/{team_id}/repos", "GET /teams/{team_id}/team-sync/group-mappings", "GET /teams/{team_id}/teams", "GET /user/blocks", "GET /user/emails", "GET /user/followers", "GET /user/following", "GET /user/gpg_keys", "GET /user/installations", "GET /user/installations/{installation_id}/repositories", "GET /user/issues", "GET /user/keys", "GET /user/marketplace_purchases", "GET /user/marketplace_purchases/stubbed", "GET /user/memberships/orgs", "GET /user/migrations", "GET /user/migrations/{migration_id}/repositories", "GET /user/orgs", "GET /user/public_emails", "GET /user/repos", "GET /user/repository_invitations", "GET /user/starred", "GET /user/subscriptions", "GET /user/teams", "GET /users", "GET /users/{username}/events", "GET /users/{username}/events/orgs/{org}", "GET /users/{username}/events/public", "GET /users/{username}/followers", "GET /users/{username}/following", "GET /users/{username}/gists", "GET /users/{username}/gpg_keys", "GET /users/{username}/keys", "GET /users/{username}/orgs", "GET /users/{username}/projects", "GET /users/{username}/received_events", "GET /users/{username}/received_events/public", "GET /users/{username}/repos", "GET /users/{username}/starred", "GET /users/{username}/subscriptions"]; function isPaginatingEndpoint(arg) { if (typeof arg === "string") { return paginatingEndpoints.includes(arg); } else { return false; } } /** * @param octokit Octokit instance * @param options Options passed to Octokit constructor */ function paginateRest(octokit) { return { paginate: Object.assign(paginate.bind(null, octokit), { iterator: iterator.bind(null, octokit) }) }; } paginateRest.VERSION = VERSION; exports.composePaginateRest = composePaginateRest; exports.isPaginatingEndpoint = isPaginatingEndpoint; exports.paginateRest = paginateRest; exports.paginatingEndpoints = paginatingEndpoints; //# sourceMappingURL=index.js.map /***/ }), /***/ 3044: /***/ ((__unused_webpack_module, exports) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); if (enumerableOnly) { symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; }); } keys.push.apply(keys, symbols); } return keys; } function _objectSpread2(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; if (i % 2) { ownKeys(Object(source), true).forEach(function (key) { _defineProperty(target, key, source[key]); }); } else if (Object.getOwnPropertyDescriptors) { Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)); } else { ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } } return target; } function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; } const Endpoints = { actions: { addSelectedRepoToOrgSecret: ["PUT /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}"], approveWorkflowRun: ["POST /repos/{owner}/{repo}/actions/runs/{run_id}/approve"], cancelWorkflowRun: ["POST /repos/{owner}/{repo}/actions/runs/{run_id}/cancel"], createOrUpdateEnvironmentSecret: ["PUT /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"], createOrUpdateOrgSecret: ["PUT /orgs/{org}/actions/secrets/{secret_name}"], createOrUpdateRepoSecret: ["PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}"], createRegistrationTokenForOrg: ["POST /orgs/{org}/actions/runners/registration-token"], createRegistrationTokenForRepo: ["POST /repos/{owner}/{repo}/actions/runners/registration-token"], createRemoveTokenForOrg: ["POST /orgs/{org}/actions/runners/remove-token"], createRemoveTokenForRepo: ["POST /repos/{owner}/{repo}/actions/runners/remove-token"], createWorkflowDispatch: ["POST /repos/{owner}/{repo}/actions/workflows/{workflow_id}/dispatches"], deleteArtifact: ["DELETE /repos/{owner}/{repo}/actions/artifacts/{artifact_id}"], deleteEnvironmentSecret: ["DELETE /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"], deleteOrgSecret: ["DELETE /orgs/{org}/actions/secrets/{secret_name}"], deleteRepoSecret: ["DELETE /repos/{owner}/{repo}/actions/secrets/{secret_name}"], deleteSelfHostedRunnerFromOrg: ["DELETE /orgs/{org}/actions/runners/{runner_id}"], deleteSelfHostedRunnerFromRepo: ["DELETE /repos/{owner}/{repo}/actions/runners/{runner_id}"], deleteWorkflowRun: ["DELETE /repos/{owner}/{repo}/actions/runs/{run_id}"], deleteWorkflowRunLogs: ["DELETE /repos/{owner}/{repo}/actions/runs/{run_id}/logs"], disableSelectedRepositoryGithubActionsOrganization: ["DELETE /orgs/{org}/actions/permissions/repositories/{repository_id}"], disableWorkflow: ["PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/disable"], downloadArtifact: ["GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}/{archive_format}"], downloadJobLogsForWorkflowRun: ["GET /repos/{owner}/{repo}/actions/jobs/{job_id}/logs"], downloadWorkflowRunLogs: ["GET /repos/{owner}/{repo}/actions/runs/{run_id}/logs"], enableSelectedRepositoryGithubActionsOrganization: ["PUT /orgs/{org}/actions/permissions/repositories/{repository_id}"], enableWorkflow: ["PUT /repos/{owner}/{repo}/actions/workflows/{workflow_id}/enable"], getAllowedActionsOrganization: ["GET /orgs/{org}/actions/permissions/selected-actions"], getAllowedActionsRepository: ["GET /repos/{owner}/{repo}/actions/permissions/selected-actions"], getArtifact: ["GET /repos/{owner}/{repo}/actions/artifacts/{artifact_id}"], getEnvironmentPublicKey: ["GET /repositories/{repository_id}/environments/{environment_name}/secrets/public-key"], getEnvironmentSecret: ["GET /repositories/{repository_id}/environments/{environment_name}/secrets/{secret_name}"], getGithubActionsPermissionsOrganization: ["GET /orgs/{org}/actions/permissions"], getGithubActionsPermissionsRepository: ["GET /repos/{owner}/{repo}/actions/permissions"], getJobForWorkflowRun: ["GET /repos/{owner}/{repo}/actions/jobs/{job_id}"], getOrgPublicKey: ["GET /orgs/{org}/actions/secrets/public-key"], getOrgSecret: ["GET /orgs/{org}/actions/secrets/{secret_name}"], getPendingDeploymentsForRun: ["GET /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments"], getRepoPermissions: ["GET /repos/{owner}/{repo}/actions/permissions", {}, { renamed: ["actions", "getGithubActionsPermissionsRepository"] }], getRepoPublicKey: ["GET /repos/{owner}/{repo}/actions/secrets/public-key"], getRepoSecret: ["GET /repos/{owner}/{repo}/actions/secrets/{secret_name}"], getReviewsForRun: ["GET /repos/{owner}/{repo}/actions/runs/{run_id}/approvals"], getSelfHostedRunnerForOrg: ["GET /orgs/{org}/actions/runners/{runner_id}"], getSelfHostedRunnerForRepo: ["GET /repos/{owner}/{repo}/actions/runners/{runner_id}"], getWorkflow: ["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}"], getWorkflowRun: ["GET /repos/{owner}/{repo}/actions/runs/{run_id}"], getWorkflowRunUsage: ["GET /repos/{owner}/{repo}/actions/runs/{run_id}/timing"], getWorkflowUsage: ["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/timing"], listArtifactsForRepo: ["GET /repos/{owner}/{repo}/actions/artifacts"], listEnvironmentSecrets: ["GET /repositories/{repository_id}/environments/{environment_name}/secrets"], listJobsForWorkflowRun: ["GET /repos/{owner}/{repo}/actions/runs/{run_id}/jobs"], listOrgSecrets: ["GET /orgs/{org}/actions/secrets"], listRepoSecrets: ["GET /repos/{owner}/{repo}/actions/secrets"], listRepoWorkflows: ["GET /repos/{owner}/{repo}/actions/workflows"], listRunnerApplicationsForOrg: ["GET /orgs/{org}/actions/runners/downloads"], listRunnerApplicationsForRepo: ["GET /repos/{owner}/{repo}/actions/runners/downloads"], listSelectedReposForOrgSecret: ["GET /orgs/{org}/actions/secrets/{secret_name}/repositories"], listSelectedRepositoriesEnabledGithubActionsOrganization: ["GET /orgs/{org}/actions/permissions/repositories"], listSelfHostedRunnersForOrg: ["GET /orgs/{org}/actions/runners"], listSelfHostedRunnersForRepo: ["GET /repos/{owner}/{repo}/actions/runners"], listWorkflowRunArtifacts: ["GET /repos/{owner}/{repo}/actions/runs/{run_id}/artifacts"], listWorkflowRuns: ["GET /repos/{owner}/{repo}/actions/workflows/{workflow_id}/runs"], listWorkflowRunsForRepo: ["GET /repos/{owner}/{repo}/actions/runs"], reRunWorkflow: ["POST /repos/{owner}/{repo}/actions/runs/{run_id}/rerun"], removeSelectedRepoFromOrgSecret: ["DELETE /orgs/{org}/actions/secrets/{secret_name}/repositories/{repository_id}"], reviewPendingDeploymentsForRun: ["POST /repos/{owner}/{repo}/actions/runs/{run_id}/pending_deployments"], setAllowedActionsOrganization: ["PUT /orgs/{org}/actions/permissions/selected-actions"], setAllowedActionsRepository: ["PUT /repos/{owner}/{repo}/actions/permissions/selected-actions"], setGithubActionsPermissionsOrganization: ["PUT /orgs/{org}/actions/permissions"], setGithubActionsPermissionsRepository: ["PUT /repos/{owner}/{repo}/actions/permissions"], setSelectedReposForOrgSecret: ["PUT /orgs/{org}/actions/secrets/{secret_name}/repositories"], setSelectedRepositoriesEnabledGithubActionsOrganization: ["PUT /orgs/{org}/actions/permissions/repositories"] }, activity: { checkRepoIsStarredByAuthenticatedUser: ["GET /user/starred/{owner}/{repo}"], deleteRepoSubscription: ["DELETE /repos/{owner}/{repo}/subscription"], deleteThreadSubscription: ["DELETE /notifications/threads/{thread_id}/subscription"], getFeeds: ["GET /feeds"], getRepoSubscription: ["GET /repos/{owner}/{repo}/subscription"], getThread: ["GET /notifications/threads/{thread_id}"], getThreadSubscriptionForAuthenticatedUser: ["GET /notifications/threads/{thread_id}/subscription"], listEventsForAuthenticatedUser: ["GET /users/{username}/events"], listNotificationsForAuthenticatedUser: ["GET /notifications"], listOrgEventsForAuthenticatedUser: ["GET /users/{username}/events/orgs/{org}"], listPublicEvents: ["GET /events"], listPublicEventsForRepoNetwork: ["GET /networks/{owner}/{repo}/events"], listPublicEventsForUser: ["GET /users/{username}/events/public"], listPublicOrgEvents: ["GET /orgs/{org}/events"], listReceivedEventsForUser: ["GET /users/{username}/received_events"], listReceivedPublicEventsForUser: ["GET /users/{username}/received_events/public"], listRepoEvents: ["GET /repos/{owner}/{repo}/events"], listRepoNotificationsForAuthenticatedUser: ["GET /repos/{owner}/{repo}/notifications"], listReposStarredByAuthenticatedUser: ["GET /user/starred"], listReposStarredByUser: ["GET /users/{username}/starred"], listReposWatchedByUser: ["GET /users/{username}/subscriptions"], listStargazersForRepo: ["GET /repos/{owner}/{repo}/stargazers"], listWatchedReposForAuthenticatedUser: ["GET /user/subscriptions"], listWatchersForRepo: ["GET /repos/{owner}/{repo}/subscribers"], markNotificationsAsRead: ["PUT /notifications"], markRepoNotificationsAsRead: ["PUT /repos/{owner}/{repo}/notifications"], markThreadAsRead: ["PATCH /notifications/threads/{thread_id}"], setRepoSubscription: ["PUT /repos/{owner}/{repo}/subscription"], setThreadSubscription: ["PUT /notifications/threads/{thread_id}/subscription"], starRepoForAuthenticatedUser: ["PUT /user/starred/{owner}/{repo}"], unstarRepoForAuthenticatedUser: ["DELETE /user/starred/{owner}/{repo}"] }, apps: { addRepoToInstallation: ["PUT /user/installations/{installation_id}/repositories/{repository_id}"], checkToken: ["POST /applications/{client_id}/token"], createContentAttachment: ["POST /content_references/{content_reference_id}/attachments", { mediaType: { previews: ["corsair"] } }], createContentAttachmentForRepo: ["POST /repos/{owner}/{repo}/content_references/{content_reference_id}/attachments", { mediaType: { previews: ["corsair"] } }], createFromManifest: ["POST /app-manifests/{code}/conversions"], createInstallationAccessToken: ["POST /app/installations/{installation_id}/access_tokens"], deleteAuthorization: ["DELETE /applications/{client_id}/grant"], deleteInstallation: ["DELETE /app/installations/{installation_id}"], deleteToken: ["DELETE /applications/{client_id}/token"], getAuthenticated: ["GET /app"], getBySlug: ["GET /apps/{app_slug}"], getInstallation: ["GET /app/installations/{installation_id}"], getOrgInstallation: ["GET /orgs/{org}/installation"], getRepoInstallation: ["GET /repos/{owner}/{repo}/installation"], getSubscriptionPlanForAccount: ["GET /marketplace_listing/accounts/{account_id}"], getSubscriptionPlanForAccountStubbed: ["GET /marketplace_listing/stubbed/accounts/{account_id}"], getUserInstallation: ["GET /users/{username}/installation"], getWebhookConfigForApp: ["GET /app/hook/config"], listAccountsForPlan: ["GET /marketplace_listing/plans/{plan_id}/accounts"], listAccountsForPlanStubbed: ["GET /marketplace_listing/stubbed/plans/{plan_id}/accounts"], listInstallationReposForAuthenticatedUser: ["GET /user/installations/{installation_id}/repositories"], listInstallations: ["GET /app/installations"], listInstallationsForAuthenticatedUser: ["GET /user/installations"], listPlans: ["GET /marketplace_listing/plans"], listPlansStubbed: ["GET /marketplace_listing/stubbed/plans"], listReposAccessibleToInstallation: ["GET /installation/repositories"], listSubscriptionsForAuthenticatedUser: ["GET /user/marketplace_purchases"], listSubscriptionsForAuthenticatedUserStubbed: ["GET /user/marketplace_purchases/stubbed"], removeRepoFromInstallation: ["DELETE /user/installations/{installation_id}/repositories/{repository_id}"], resetToken: ["PATCH /applications/{client_id}/token"], revokeInstallationAccessToken: ["DELETE /installation/token"], scopeToken: ["POST /applications/{client_id}/token/scoped"], suspendInstallation: ["PUT /app/installations/{installation_id}/suspended"], unsuspendInstallation: ["DELETE /app/installations/{installation_id}/suspended"], updateWebhookConfigForApp: ["PATCH /app/hook/config"] }, billing: { getGithubActionsBillingOrg: ["GET /orgs/{org}/settings/billing/actions"], getGithubActionsBillingUser: ["GET /users/{username}/settings/billing/actions"], getGithubPackagesBillingOrg: ["GET /orgs/{org}/settings/billing/packages"], getGithubPackagesBillingUser: ["GET /users/{username}/settings/billing/packages"], getSharedStorageBillingOrg: ["GET /orgs/{org}/settings/billing/shared-storage"], getSharedStorageBillingUser: ["GET /users/{username}/settings/billing/shared-storage"] }, checks: { create: ["POST /repos/{owner}/{repo}/check-runs"], createSuite: ["POST /repos/{owner}/{repo}/check-suites"], get: ["GET /repos/{owner}/{repo}/check-runs/{check_run_id}"], getSuite: ["GET /repos/{owner}/{repo}/check-suites/{check_suite_id}"], listAnnotations: ["GET /repos/{owner}/{repo}/check-runs/{check_run_id}/annotations"], listForRef: ["GET /repos/{owner}/{repo}/commits/{ref}/check-runs"], listForSuite: ["GET /repos/{owner}/{repo}/check-suites/{check_suite_id}/check-runs"], listSuitesForRef: ["GET /repos/{owner}/{repo}/commits/{ref}/check-suites"], rerequestSuite: ["POST /repos/{owner}/{repo}/check-suites/{check_suite_id}/rerequest"], setSuitesPreferences: ["PATCH /repos/{owner}/{repo}/check-suites/preferences"], update: ["PATCH /repos/{owner}/{repo}/check-runs/{check_run_id}"] }, codeScanning: { deleteAnalysis: ["DELETE /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}{?confirm_delete}"], getAlert: ["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}", {}, { renamedParameters: { alert_id: "alert_number" } }], getAnalysis: ["GET /repos/{owner}/{repo}/code-scanning/analyses/{analysis_id}"], getSarif: ["GET /repos/{owner}/{repo}/code-scanning/sarifs/{sarif_id}"], listAlertInstances: ["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances"], listAlertsForRepo: ["GET /repos/{owner}/{repo}/code-scanning/alerts"], listAlertsInstances: ["GET /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}/instances", {}, { renamed: ["codeScanning", "listAlertInstances"] }], listRecentAnalyses: ["GET /repos/{owner}/{repo}/code-scanning/analyses"], updateAlert: ["PATCH /repos/{owner}/{repo}/code-scanning/alerts/{alert_number}"], uploadSarif: ["POST /repos/{owner}/{repo}/code-scanning/sarifs"] }, codesOfConduct: { getAllCodesOfConduct: ["GET /codes_of_conduct", { mediaType: { previews: ["scarlet-witch"] } }], getConductCode: ["GET /codes_of_conduct/{key}", { mediaType: { previews: ["scarlet-witch"] } }], getForRepo: ["GET /repos/{owner}/{repo}/community/code_of_conduct", { mediaType: { previews: ["scarlet-witch"] } }] }, emojis: { get: ["GET /emojis"] }, enterpriseAdmin: { disableSelectedOrganizationGithubActionsEnterprise: ["DELETE /enterprises/{enterprise}/actions/permissions/organizations/{org_id}"], enableSelectedOrganizationGithubActionsEnterprise: ["PUT /enterprises/{enterprise}/actions/permissions/organizations/{org_id}"], getAllowedActionsEnterprise: ["GET /enterprises/{enterprise}/actions/permissions/selected-actions"], getGithubActionsPermissionsEnterprise: ["GET /enterprises/{enterprise}/actions/permissions"], listSelectedOrganizationsEnabledGithubActionsEnterprise: ["GET /enterprises/{enterprise}/actions/permissions/organizations"], setAllowedActionsEnterprise: ["PUT /enterprises/{enterprise}/actions/permissions/selected-actions"], setGithubActionsPermissionsEnterprise: ["PUT /enterprises/{enterprise}/actions/permissions"], setSelectedOrganizationsEnabledGithubActionsEnterprise: ["PUT /enterprises/{enterprise}/actions/permissions/organizations"] }, gists: { checkIsStarred: ["GET /gists/{gist_id}/star"], create: ["POST /gists"], createComment: ["POST /gists/{gist_id}/comments"], delete: ["DELETE /gists/{gist_id}"], deleteComment: ["DELETE /gists/{gist_id}/comments/{comment_id}"], fork: ["POST /gists/{gist_id}/forks"], get: ["GET /gists/{gist_id}"], getComment: ["GET /gists/{gist_id}/comments/{comment_id}"], getRevision: ["GET /gists/{gist_id}/{sha}"], list: ["GET /gists"], listComments: ["GET /gists/{gist_id}/comments"], listCommits: ["GET /gists/{gist_id}/commits"], listForUser: ["GET /users/{username}/gists"], listForks: ["GET /gists/{gist_id}/forks"], listPublic: ["GET /gists/public"], listStarred: ["GET /gists/starred"], star: ["PUT /gists/{gist_id}/star"], unstar: ["DELETE /gists/{gist_id}/star"], update: ["PATCH /gists/{gist_id}"], updateComment: ["PATCH /gists/{gist_id}/comments/{comment_id}"] }, git: { createBlob: ["POST /repos/{owner}/{repo}/git/blobs"], createCommit: ["POST /repos/{owner}/{repo}/git/commits"], createRef: ["POST /repos/{owner}/{repo}/git/refs"], createTag: ["POST /repos/{owner}/{repo}/git/tags"], createTree: ["POST /repos/{owner}/{repo}/git/trees"], deleteRef: ["DELETE /repos/{owner}/{repo}/git/refs/{ref}"], getBlob: ["GET /repos/{owner}/{repo}/git/blobs/{file_sha}"], getCommit: ["GET /repos/{owner}/{repo}/git/commits/{commit_sha}"], getRef: ["GET /repos/{owner}/{repo}/git/ref/{ref}"], getTag: ["GET /repos/{owner}/{repo}/git/tags/{tag_sha}"], getTree: ["GET /repos/{owner}/{repo}/git/trees/{tree_sha}"], listMatchingRefs: ["GET /repos/{owner}/{repo}/git/matching-refs/{ref}"], updateRef: ["PATCH /repos/{owner}/{repo}/git/refs/{ref}"] }, gitignore: { getAllTemplates: ["GET /gitignore/templates"], getTemplate: ["GET /gitignore/templates/{name}"] }, interactions: { getRestrictionsForAuthenticatedUser: ["GET /user/interaction-limits"], getRestrictionsForOrg: ["GET /orgs/{org}/interaction-limits"], getRestrictionsForRepo: ["GET /repos/{owner}/{repo}/interaction-limits"], getRestrictionsForYourPublicRepos: ["GET /user/interaction-limits", {}, { renamed: ["interactions", "getRestrictionsForAuthenticatedUser"] }], removeRestrictionsForAuthenticatedUser: ["DELETE /user/interaction-limits"], removeRestrictionsForOrg: ["DELETE /orgs/{org}/interaction-limits"], removeRestrictionsForRepo: ["DELETE /repos/{owner}/{repo}/interaction-limits"], removeRestrictionsForYourPublicRepos: ["DELETE /user/interaction-limits", {}, { renamed: ["interactions", "removeRestrictionsForAuthenticatedUser"] }], setRestrictionsForAuthenticatedUser: ["PUT /user/interaction-limits"], setRestrictionsForOrg: ["PUT /orgs/{org}/interaction-limits"], setRestrictionsForRepo: ["PUT /repos/{owner}/{repo}/interaction-limits"], setRestrictionsForYourPublicRepos: ["PUT /user/interaction-limits", {}, { renamed: ["interactions", "setRestrictionsForAuthenticatedUser"] }] }, issues: { addAssignees: ["POST /repos/{owner}/{repo}/issues/{issue_number}/assignees"], addLabels: ["POST /repos/{owner}/{repo}/issues/{issue_number}/labels"], checkUserCanBeAssigned: ["GET /repos/{owner}/{repo}/assignees/{assignee}"], create: ["POST /repos/{owner}/{repo}/issues"], createComment: ["POST /repos/{owner}/{repo}/issues/{issue_number}/comments"], createLabel: ["POST /repos/{owner}/{repo}/labels"], createMilestone: ["POST /repos/{owner}/{repo}/milestones"], deleteComment: ["DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}"], deleteLabel: ["DELETE /repos/{owner}/{repo}/labels/{name}"], deleteMilestone: ["DELETE /repos/{owner}/{repo}/milestones/{milestone_number}"], get: ["GET /repos/{owner}/{repo}/issues/{issue_number}"], getComment: ["GET /repos/{owner}/{repo}/issues/comments/{comment_id}"], getEvent: ["GET /repos/{owner}/{repo}/issues/events/{event_id}"], getLabel: ["GET /repos/{owner}/{repo}/labels/{name}"], getMilestone: ["GET /repos/{owner}/{repo}/milestones/{milestone_number}"], list: ["GET /issues"], listAssignees: ["GET /repos/{owner}/{repo}/assignees"], listComments: ["GET /repos/{owner}/{repo}/issues/{issue_number}/comments"], listCommentsForRepo: ["GET /repos/{owner}/{repo}/issues/comments"], listEvents: ["GET /repos/{owner}/{repo}/issues/{issue_number}/events"], listEventsForRepo: ["GET /repos/{owner}/{repo}/issues/events"], listEventsForTimeline: ["GET /repos/{owner}/{repo}/issues/{issue_number}/timeline", { mediaType: { previews: ["mockingbird"] } }], listForAuthenticatedUser: ["GET /user/issues"], listForOrg: ["GET /orgs/{org}/issues"], listForRepo: ["GET /repos/{owner}/{repo}/issues"], listLabelsForMilestone: ["GET /repos/{owner}/{repo}/milestones/{milestone_number}/labels"], listLabelsForRepo: ["GET /repos/{owner}/{repo}/labels"], listLabelsOnIssue: ["GET /repos/{owner}/{repo}/issues/{issue_number}/labels"], listMilestones: ["GET /repos/{owner}/{repo}/milestones"], lock: ["PUT /repos/{owner}/{repo}/issues/{issue_number}/lock"], removeAllLabels: ["DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels"], removeAssignees: ["DELETE /repos/{owner}/{repo}/issues/{issue_number}/assignees"], removeLabel: ["DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels/{name}"], setLabels: ["PUT /repos/{owner}/{repo}/issues/{issue_number}/labels"], unlock: ["DELETE /repos/{owner}/{repo}/issues/{issue_number}/lock"], update: ["PATCH /repos/{owner}/{repo}/issues/{issue_number}"], updateComment: ["PATCH /repos/{owner}/{repo}/issues/comments/{comment_id}"], updateLabel: ["PATCH /repos/{owner}/{repo}/labels/{name}"], updateMilestone: ["PATCH /repos/{owner}/{repo}/milestones/{milestone_number}"] }, licenses: { get: ["GET /licenses/{license}"], getAllCommonlyUsed: ["GET /licenses"], getForRepo: ["GET /repos/{owner}/{repo}/license"] }, markdown: { render: ["POST /markdown"], renderRaw: ["POST /markdown/raw", { headers: { "content-type": "text/plain; charset=utf-8" } }] }, meta: { get: ["GET /meta"], getOctocat: ["GET /octocat"], getZen: ["GET /zen"], root: ["GET /"] }, migrations: { cancelImport: ["DELETE /repos/{owner}/{repo}/import"], deleteArchiveForAuthenticatedUser: ["DELETE /user/migrations/{migration_id}/archive", { mediaType: { previews: ["wyandotte"] } }], deleteArchiveForOrg: ["DELETE /orgs/{org}/migrations/{migration_id}/archive", { mediaType: { previews: ["wyandotte"] } }], downloadArchiveForOrg: ["GET /orgs/{org}/migrations/{migration_id}/archive", { mediaType: { previews: ["wyandotte"] } }], getArchiveForAuthenticatedUser: ["GET /user/migrations/{migration_id}/archive", { mediaType: { previews: ["wyandotte"] } }], getCommitAuthors: ["GET /repos/{owner}/{repo}/import/authors"], getImportStatus: ["GET /repos/{owner}/{repo}/import"], getLargeFiles: ["GET /repos/{owner}/{repo}/import/large_files"], getStatusForAuthenticatedUser: ["GET /user/migrations/{migration_id}", { mediaType: { previews: ["wyandotte"] } }], getStatusForOrg: ["GET /orgs/{org}/migrations/{migration_id}", { mediaType: { previews: ["wyandotte"] } }], listForAuthenticatedUser: ["GET /user/migrations", { mediaType: { previews: ["wyandotte"] } }], listForOrg: ["GET /orgs/{org}/migrations", { mediaType: { previews: ["wyandotte"] } }], listReposForOrg: ["GET /orgs/{org}/migrations/{migration_id}/repositories", { mediaType: { previews: ["wyandotte"] } }], listReposForUser: ["GET /user/migrations/{migration_id}/repositories", { mediaType: { previews: ["wyandotte"] } }], mapCommitAuthor: ["PATCH /repos/{owner}/{repo}/import/authors/{author_id}"], setLfsPreference: ["PATCH /repos/{owner}/{repo}/import/lfs"], startForAuthenticatedUser: ["POST /user/migrations"], startForOrg: ["POST /orgs/{org}/migrations"], startImport: ["PUT /repos/{owner}/{repo}/import"], unlockRepoForAuthenticatedUser: ["DELETE /user/migrations/{migration_id}/repos/{repo_name}/lock", { mediaType: { previews: ["wyandotte"] } }], unlockRepoForOrg: ["DELETE /orgs/{org}/migrations/{migration_id}/repos/{repo_name}/lock", { mediaType: { previews: ["wyandotte"] } }], updateImport: ["PATCH /repos/{owner}/{repo}/import"] }, orgs: { blockUser: ["PUT /orgs/{org}/blocks/{username}"], cancelInvitation: ["DELETE /orgs/{org}/invitations/{invitation_id}"], checkBlockedUser: ["GET /orgs/{org}/blocks/{username}"], checkMembershipForUser: ["GET /orgs/{org}/members/{username}"], checkPublicMembershipForUser: ["GET /orgs/{org}/public_members/{username}"], convertMemberToOutsideCollaborator: ["PUT /orgs/{org}/outside_collaborators/{username}"], createInvitation: ["POST /orgs/{org}/invitations"], createWebhook: ["POST /orgs/{org}/hooks"], deleteWebhook: ["DELETE /orgs/{org}/hooks/{hook_id}"], get: ["GET /orgs/{org}"], getMembershipForAuthenticatedUser: ["GET /user/memberships/orgs/{org}"], getMembershipForUser: ["GET /orgs/{org}/memberships/{username}"], getWebhook: ["GET /orgs/{org}/hooks/{hook_id}"], getWebhookConfigForOrg: ["GET /orgs/{org}/hooks/{hook_id}/config"], list: ["GET /organizations"], listAppInstallations: ["GET /orgs/{org}/installations"], listBlockedUsers: ["GET /orgs/{org}/blocks"], listFailedInvitations: ["GET /orgs/{org}/failed_invitations"], listForAuthenticatedUser: ["GET /user/orgs"], listForUser: ["GET /users/{username}/orgs"], listInvitationTeams: ["GET /orgs/{org}/invitations/{invitation_id}/teams"], listMembers: ["GET /orgs/{org}/members"], listMembershipsForAuthenticatedUser: ["GET /user/memberships/orgs"], listOutsideCollaborators: ["GET /orgs/{org}/outside_collaborators"], listPendingInvitations: ["GET /orgs/{org}/invitations"], listPublicMembers: ["GET /orgs/{org}/public_members"], listWebhooks: ["GET /orgs/{org}/hooks"], pingWebhook: ["POST /orgs/{org}/hooks/{hook_id}/pings"], removeMember: ["DELETE /orgs/{org}/members/{username}"], removeMembershipForUser: ["DELETE /orgs/{org}/memberships/{username}"], removeOutsideCollaborator: ["DELETE /orgs/{org}/outside_collaborators/{username}"], removePublicMembershipForAuthenticatedUser: ["DELETE /orgs/{org}/public_members/{username}"], setMembershipForUser: ["PUT /orgs/{org}/memberships/{username}"], setPublicMembershipForAuthenticatedUser: ["PUT /orgs/{org}/public_members/{username}"], unblockUser: ["DELETE /orgs/{org}/blocks/{username}"], update: ["PATCH /orgs/{org}"], updateMembershipForAuthenticatedUser: ["PATCH /user/memberships/orgs/{org}"], updateWebhook: ["PATCH /orgs/{org}/hooks/{hook_id}"], updateWebhookConfigForOrg: ["PATCH /orgs/{org}/hooks/{hook_id}/config"] }, packages: { deletePackageForAuthenticatedUser: ["DELETE /user/packages/{package_type}/{package_name}"], deletePackageForOrg: ["DELETE /orgs/{org}/packages/{package_type}/{package_name}"], deletePackageVersionForAuthenticatedUser: ["DELETE /user/packages/{package_type}/{package_name}/versions/{package_version_id}"], deletePackageVersionForOrg: ["DELETE /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}"], getAllPackageVersionsForAPackageOwnedByAnOrg: ["GET /orgs/{org}/packages/{package_type}/{package_name}/versions", {}, { renamed: ["packages", "getAllPackageVersionsForPackageOwnedByOrg"] }], getAllPackageVersionsForAPackageOwnedByTheAuthenticatedUser: ["GET /user/packages/{package_type}/{package_name}/versions", {}, { renamed: ["packages", "getAllPackageVersionsForPackageOwnedByAuthenticatedUser"] }], getAllPackageVersionsForPackageOwnedByAuthenticatedUser: ["GET /user/packages/{package_type}/{package_name}/versions"], getAllPackageVersionsForPackageOwnedByOrg: ["GET /orgs/{org}/packages/{package_type}/{package_name}/versions"], getAllPackageVersionsForPackageOwnedByUser: ["GET /users/{username}/packages/{package_type}/{package_name}/versions"], getPackageForAuthenticatedUser: ["GET /user/packages/{package_type}/{package_name}"], getPackageForOrganization: ["GET /orgs/{org}/packages/{package_type}/{package_name}"], getPackageForUser: ["GET /users/{username}/packages/{package_type}/{package_name}"], getPackageVersionForAuthenticatedUser: ["GET /user/packages/{package_type}/{package_name}/versions/{package_version_id}"], getPackageVersionForOrganization: ["GET /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}"], getPackageVersionForUser: ["GET /users/{username}/packages/{package_type}/{package_name}/versions/{package_version_id}"], restorePackageForAuthenticatedUser: ["POST /user/packages/{package_type}/{package_name}/restore{?token}"], restorePackageForOrg: ["POST /orgs/{org}/packages/{package_type}/{package_name}/restore{?token}"], restorePackageVersionForAuthenticatedUser: ["POST /user/packages/{package_type}/{package_name}/versions/{package_version_id}/restore"], restorePackageVersionForOrg: ["POST /orgs/{org}/packages/{package_type}/{package_name}/versions/{package_version_id}/restore"] }, projects: { addCollaborator: ["PUT /projects/{project_id}/collaborators/{username}", { mediaType: { previews: ["inertia"] } }], createCard: ["POST /projects/columns/{column_id}/cards", { mediaType: { previews: ["inertia"] } }], createColumn: ["POST /projects/{project_id}/columns", { mediaType: { previews: ["inertia"] } }], createForAuthenticatedUser: ["POST /user/projects", { mediaType: { previews: ["inertia"] } }], createForOrg: ["POST /orgs/{org}/projects", { mediaType: { previews: ["inertia"] } }], createForRepo: ["POST /repos/{owner}/{repo}/projects", { mediaType: { previews: ["inertia"] } }], delete: ["DELETE /projects/{project_id}", { mediaType: { previews: ["inertia"] } }], deleteCard: ["DELETE /projects/columns/cards/{card_id}", { mediaType: { previews: ["inertia"] } }], deleteColumn: ["DELETE /projects/columns/{column_id}", { mediaType: { previews: ["inertia"] } }], get: ["GET /projects/{project_id}", { mediaType: { previews: ["inertia"] } }], getCard: ["GET /projects/columns/cards/{card_id}", { mediaType: { previews: ["inertia"] } }], getColumn: ["GET /projects/columns/{column_id}", { mediaType: { previews: ["inertia"] } }], getPermissionForUser: ["GET /projects/{project_id}/collaborators/{username}/permission", { mediaType: { previews: ["inertia"] } }], listCards: ["GET /projects/columns/{column_id}/cards", { mediaType: { previews: ["inertia"] } }], listCollaborators: ["GET /projects/{project_id}/collaborators", { mediaType: { previews: ["inertia"] } }], listColumns: ["GET /projects/{project_id}/columns", { mediaType: { previews: ["inertia"] } }], listForOrg: ["GET /orgs/{org}/projects", { mediaType: { previews: ["inertia"] } }], listForRepo: ["GET /repos/{owner}/{repo}/projects", { mediaType: { previews: ["inertia"] } }], listForUser: ["GET /users/{username}/projects", { mediaType: { previews: ["inertia"] } }], moveCard: ["POST /projects/columns/cards/{card_id}/moves", { mediaType: { previews: ["inertia"] } }], moveColumn: ["POST /projects/columns/{column_id}/moves", { mediaType: { previews: ["inertia"] } }], removeCollaborator: ["DELETE /projects/{project_id}/collaborators/{username}", { mediaType: { previews: ["inertia"] } }], update: ["PATCH /projects/{project_id}", { mediaType: { previews: ["inertia"] } }], updateCard: ["PATCH /projects/columns/cards/{card_id}", { mediaType: { previews: ["inertia"] } }], updateColumn: ["PATCH /projects/columns/{column_id}", { mediaType: { previews: ["inertia"] } }] }, pulls: { checkIfMerged: ["GET /repos/{owner}/{repo}/pulls/{pull_number}/merge"], create: ["POST /repos/{owner}/{repo}/pulls"], createReplyForReviewComment: ["POST /repos/{owner}/{repo}/pulls/{pull_number}/comments/{comment_id}/replies"], createReview: ["POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews"], createReviewComment: ["POST /repos/{owner}/{repo}/pulls/{pull_number}/comments"], deletePendingReview: ["DELETE /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"], deleteReviewComment: ["DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}"], dismissReview: ["PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/dismissals"], get: ["GET /repos/{owner}/{repo}/pulls/{pull_number}"], getReview: ["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"], getReviewComment: ["GET /repos/{owner}/{repo}/pulls/comments/{comment_id}"], list: ["GET /repos/{owner}/{repo}/pulls"], listCommentsForReview: ["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/comments"], listCommits: ["GET /repos/{owner}/{repo}/pulls/{pull_number}/commits"], listFiles: ["GET /repos/{owner}/{repo}/pulls/{pull_number}/files"], listRequestedReviewers: ["GET /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"], listReviewComments: ["GET /repos/{owner}/{repo}/pulls/{pull_number}/comments"], listReviewCommentsForRepo: ["GET /repos/{owner}/{repo}/pulls/comments"], listReviews: ["GET /repos/{owner}/{repo}/pulls/{pull_number}/reviews"], merge: ["PUT /repos/{owner}/{repo}/pulls/{pull_number}/merge"], removeRequestedReviewers: ["DELETE /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"], requestReviewers: ["POST /repos/{owner}/{repo}/pulls/{pull_number}/requested_reviewers"], submitReview: ["POST /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}/events"], update: ["PATCH /repos/{owner}/{repo}/pulls/{pull_number}"], updateBranch: ["PUT /repos/{owner}/{repo}/pulls/{pull_number}/update-branch", { mediaType: { previews: ["lydian"] } }], updateReview: ["PUT /repos/{owner}/{repo}/pulls/{pull_number}/reviews/{review_id}"], updateReviewComment: ["PATCH /repos/{owner}/{repo}/pulls/comments/{comment_id}"] }, rateLimit: { get: ["GET /rate_limit"] }, reactions: { createForCommitComment: ["POST /repos/{owner}/{repo}/comments/{comment_id}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], createForIssue: ["POST /repos/{owner}/{repo}/issues/{issue_number}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], createForIssueComment: ["POST /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], createForPullRequestReviewComment: ["POST /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], createForRelease: ["POST /repos/{owner}/{repo}/releases/{release_id}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], createForTeamDiscussionCommentInOrg: ["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], createForTeamDiscussionInOrg: ["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], deleteForCommitComment: ["DELETE /repos/{owner}/{repo}/comments/{comment_id}/reactions/{reaction_id}", { mediaType: { previews: ["squirrel-girl"] } }], deleteForIssue: ["DELETE /repos/{owner}/{repo}/issues/{issue_number}/reactions/{reaction_id}", { mediaType: { previews: ["squirrel-girl"] } }], deleteForIssueComment: ["DELETE /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions/{reaction_id}", { mediaType: { previews: ["squirrel-girl"] } }], deleteForPullRequestComment: ["DELETE /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions/{reaction_id}", { mediaType: { previews: ["squirrel-girl"] } }], deleteForTeamDiscussion: ["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions/{reaction_id}", { mediaType: { previews: ["squirrel-girl"] } }], deleteForTeamDiscussionComment: ["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions/{reaction_id}", { mediaType: { previews: ["squirrel-girl"] } }], deleteLegacy: ["DELETE /reactions/{reaction_id}", { mediaType: { previews: ["squirrel-girl"] } }, { deprecated: "octokit.rest.reactions.deleteLegacy() is deprecated, see https://docs.github.com/rest/reference/reactions/#delete-a-reaction-legacy" }], listForCommitComment: ["GET /repos/{owner}/{repo}/comments/{comment_id}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], listForIssue: ["GET /repos/{owner}/{repo}/issues/{issue_number}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], listForIssueComment: ["GET /repos/{owner}/{repo}/issues/comments/{comment_id}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], listForPullRequestReviewComment: ["GET /repos/{owner}/{repo}/pulls/comments/{comment_id}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], listForTeamDiscussionCommentInOrg: ["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}/reactions", { mediaType: { previews: ["squirrel-girl"] } }], listForTeamDiscussionInOrg: ["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/reactions", { mediaType: { previews: ["squirrel-girl"] } }] }, repos: { acceptInvitation: ["PATCH /user/repository_invitations/{invitation_id}"], addAppAccessRestrictions: ["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps", {}, { mapToData: "apps" }], addCollaborator: ["PUT /repos/{owner}/{repo}/collaborators/{username}"], addStatusCheckContexts: ["POST /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts", {}, { mapToData: "contexts" }], addTeamAccessRestrictions: ["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams", {}, { mapToData: "teams" }], addUserAccessRestrictions: ["POST /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users", {}, { mapToData: "users" }], checkCollaborator: ["GET /repos/{owner}/{repo}/collaborators/{username}"], checkVulnerabilityAlerts: ["GET /repos/{owner}/{repo}/vulnerability-alerts", { mediaType: { previews: ["dorian"] } }], compareCommits: ["GET /repos/{owner}/{repo}/compare/{base}...{head}"], compareCommitsWithBasehead: ["GET /repos/{owner}/{repo}/compare/{basehead}"], createCommitComment: ["POST /repos/{owner}/{repo}/commits/{commit_sha}/comments"], createCommitSignatureProtection: ["POST /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures", { mediaType: { previews: ["zzzax"] } }], createCommitStatus: ["POST /repos/{owner}/{repo}/statuses/{sha}"], createDeployKey: ["POST /repos/{owner}/{repo}/keys"], createDeployment: ["POST /repos/{owner}/{repo}/deployments"], createDeploymentStatus: ["POST /repos/{owner}/{repo}/deployments/{deployment_id}/statuses"], createDispatchEvent: ["POST /repos/{owner}/{repo}/dispatches"], createForAuthenticatedUser: ["POST /user/repos"], createFork: ["POST /repos/{owner}/{repo}/forks"], createInOrg: ["POST /orgs/{org}/repos"], createOrUpdateEnvironment: ["PUT /repos/{owner}/{repo}/environments/{environment_name}"], createOrUpdateFileContents: ["PUT /repos/{owner}/{repo}/contents/{path}"], createPagesSite: ["POST /repos/{owner}/{repo}/pages", { mediaType: { previews: ["switcheroo"] } }], createRelease: ["POST /repos/{owner}/{repo}/releases"], createUsingTemplate: ["POST /repos/{template_owner}/{template_repo}/generate", { mediaType: { previews: ["baptiste"] } }], createWebhook: ["POST /repos/{owner}/{repo}/hooks"], declineInvitation: ["DELETE /user/repository_invitations/{invitation_id}"], delete: ["DELETE /repos/{owner}/{repo}"], deleteAccessRestrictions: ["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions"], deleteAdminBranchProtection: ["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"], deleteAnEnvironment: ["DELETE /repos/{owner}/{repo}/environments/{environment_name}"], deleteBranchProtection: ["DELETE /repos/{owner}/{repo}/branches/{branch}/protection"], deleteCommitComment: ["DELETE /repos/{owner}/{repo}/comments/{comment_id}"], deleteCommitSignatureProtection: ["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures", { mediaType: { previews: ["zzzax"] } }], deleteDeployKey: ["DELETE /repos/{owner}/{repo}/keys/{key_id}"], deleteDeployment: ["DELETE /repos/{owner}/{repo}/deployments/{deployment_id}"], deleteFile: ["DELETE /repos/{owner}/{repo}/contents/{path}"], deleteInvitation: ["DELETE /repos/{owner}/{repo}/invitations/{invitation_id}"], deletePagesSite: ["DELETE /repos/{owner}/{repo}/pages", { mediaType: { previews: ["switcheroo"] } }], deletePullRequestReviewProtection: ["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"], deleteRelease: ["DELETE /repos/{owner}/{repo}/releases/{release_id}"], deleteReleaseAsset: ["DELETE /repos/{owner}/{repo}/releases/assets/{asset_id}"], deleteWebhook: ["DELETE /repos/{owner}/{repo}/hooks/{hook_id}"], disableAutomatedSecurityFixes: ["DELETE /repos/{owner}/{repo}/automated-security-fixes", { mediaType: { previews: ["london"] } }], disableVulnerabilityAlerts: ["DELETE /repos/{owner}/{repo}/vulnerability-alerts", { mediaType: { previews: ["dorian"] } }], downloadArchive: ["GET /repos/{owner}/{repo}/zipball/{ref}", {}, { renamed: ["repos", "downloadZipballArchive"] }], downloadTarballArchive: ["GET /repos/{owner}/{repo}/tarball/{ref}"], downloadZipballArchive: ["GET /repos/{owner}/{repo}/zipball/{ref}"], enableAutomatedSecurityFixes: ["PUT /repos/{owner}/{repo}/automated-security-fixes", { mediaType: { previews: ["london"] } }], enableVulnerabilityAlerts: ["PUT /repos/{owner}/{repo}/vulnerability-alerts", { mediaType: { previews: ["dorian"] } }], get: ["GET /repos/{owner}/{repo}"], getAccessRestrictions: ["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions"], getAdminBranchProtection: ["GET /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"], getAllEnvironments: ["GET /repos/{owner}/{repo}/environments"], getAllStatusCheckContexts: ["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts"], getAllTopics: ["GET /repos/{owner}/{repo}/topics", { mediaType: { previews: ["mercy"] } }], getAppsWithAccessToProtectedBranch: ["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps"], getBranch: ["GET /repos/{owner}/{repo}/branches/{branch}"], getBranchProtection: ["GET /repos/{owner}/{repo}/branches/{branch}/protection"], getClones: ["GET /repos/{owner}/{repo}/traffic/clones"], getCodeFrequencyStats: ["GET /repos/{owner}/{repo}/stats/code_frequency"], getCollaboratorPermissionLevel: ["GET /repos/{owner}/{repo}/collaborators/{username}/permission"], getCombinedStatusForRef: ["GET /repos/{owner}/{repo}/commits/{ref}/status"], getCommit: ["GET /repos/{owner}/{repo}/commits/{ref}"], getCommitActivityStats: ["GET /repos/{owner}/{repo}/stats/commit_activity"], getCommitComment: ["GET /repos/{owner}/{repo}/comments/{comment_id}"], getCommitSignatureProtection: ["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_signatures", { mediaType: { previews: ["zzzax"] } }], getCommunityProfileMetrics: ["GET /repos/{owner}/{repo}/community/profile"], getContent: ["GET /repos/{owner}/{repo}/contents/{path}"], getContributorsStats: ["GET /repos/{owner}/{repo}/stats/contributors"], getDeployKey: ["GET /repos/{owner}/{repo}/keys/{key_id}"], getDeployment: ["GET /repos/{owner}/{repo}/deployments/{deployment_id}"], getDeploymentStatus: ["GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses/{status_id}"], getEnvironment: ["GET /repos/{owner}/{repo}/environments/{environment_name}"], getLatestPagesBuild: ["GET /repos/{owner}/{repo}/pages/builds/latest"], getLatestRelease: ["GET /repos/{owner}/{repo}/releases/latest"], getPages: ["GET /repos/{owner}/{repo}/pages"], getPagesBuild: ["GET /repos/{owner}/{repo}/pages/builds/{build_id}"], getPagesHealthCheck: ["GET /repos/{owner}/{repo}/pages/health"], getParticipationStats: ["GET /repos/{owner}/{repo}/stats/participation"], getPullRequestReviewProtection: ["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"], getPunchCardStats: ["GET /repos/{owner}/{repo}/stats/punch_card"], getReadme: ["GET /repos/{owner}/{repo}/readme"], getReadmeInDirectory: ["GET /repos/{owner}/{repo}/readme/{dir}"], getRelease: ["GET /repos/{owner}/{repo}/releases/{release_id}"], getReleaseAsset: ["GET /repos/{owner}/{repo}/releases/assets/{asset_id}"], getReleaseByTag: ["GET /repos/{owner}/{repo}/releases/tags/{tag}"], getStatusChecksProtection: ["GET /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"], getTeamsWithAccessToProtectedBranch: ["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams"], getTopPaths: ["GET /repos/{owner}/{repo}/traffic/popular/paths"], getTopReferrers: ["GET /repos/{owner}/{repo}/traffic/popular/referrers"], getUsersWithAccessToProtectedBranch: ["GET /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users"], getViews: ["GET /repos/{owner}/{repo}/traffic/views"], getWebhook: ["GET /repos/{owner}/{repo}/hooks/{hook_id}"], getWebhookConfigForRepo: ["GET /repos/{owner}/{repo}/hooks/{hook_id}/config"], listBranches: ["GET /repos/{owner}/{repo}/branches"], listBranchesForHeadCommit: ["GET /repos/{owner}/{repo}/commits/{commit_sha}/branches-where-head", { mediaType: { previews: ["groot"] } }], listCollaborators: ["GET /repos/{owner}/{repo}/collaborators"], listCommentsForCommit: ["GET /repos/{owner}/{repo}/commits/{commit_sha}/comments"], listCommitCommentsForRepo: ["GET /repos/{owner}/{repo}/comments"], listCommitStatusesForRef: ["GET /repos/{owner}/{repo}/commits/{ref}/statuses"], listCommits: ["GET /repos/{owner}/{repo}/commits"], listContributors: ["GET /repos/{owner}/{repo}/contributors"], listDeployKeys: ["GET /repos/{owner}/{repo}/keys"], listDeploymentStatuses: ["GET /repos/{owner}/{repo}/deployments/{deployment_id}/statuses"], listDeployments: ["GET /repos/{owner}/{repo}/deployments"], listForAuthenticatedUser: ["GET /user/repos"], listForOrg: ["GET /orgs/{org}/repos"], listForUser: ["GET /users/{username}/repos"], listForks: ["GET /repos/{owner}/{repo}/forks"], listInvitations: ["GET /repos/{owner}/{repo}/invitations"], listInvitationsForAuthenticatedUser: ["GET /user/repository_invitations"], listLanguages: ["GET /repos/{owner}/{repo}/languages"], listPagesBuilds: ["GET /repos/{owner}/{repo}/pages/builds"], listPublic: ["GET /repositories"], listPullRequestsAssociatedWithCommit: ["GET /repos/{owner}/{repo}/commits/{commit_sha}/pulls", { mediaType: { previews: ["groot"] } }], listReleaseAssets: ["GET /repos/{owner}/{repo}/releases/{release_id}/assets"], listReleases: ["GET /repos/{owner}/{repo}/releases"], listTags: ["GET /repos/{owner}/{repo}/tags"], listTeams: ["GET /repos/{owner}/{repo}/teams"], listWebhooks: ["GET /repos/{owner}/{repo}/hooks"], merge: ["POST /repos/{owner}/{repo}/merges"], pingWebhook: ["POST /repos/{owner}/{repo}/hooks/{hook_id}/pings"], removeAppAccessRestrictions: ["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps", {}, { mapToData: "apps" }], removeCollaborator: ["DELETE /repos/{owner}/{repo}/collaborators/{username}"], removeStatusCheckContexts: ["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts", {}, { mapToData: "contexts" }], removeStatusCheckProtection: ["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"], removeTeamAccessRestrictions: ["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams", {}, { mapToData: "teams" }], removeUserAccessRestrictions: ["DELETE /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users", {}, { mapToData: "users" }], renameBranch: ["POST /repos/{owner}/{repo}/branches/{branch}/rename"], replaceAllTopics: ["PUT /repos/{owner}/{repo}/topics", { mediaType: { previews: ["mercy"] } }], requestPagesBuild: ["POST /repos/{owner}/{repo}/pages/builds"], setAdminBranchProtection: ["POST /repos/{owner}/{repo}/branches/{branch}/protection/enforce_admins"], setAppAccessRestrictions: ["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/apps", {}, { mapToData: "apps" }], setStatusCheckContexts: ["PUT /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks/contexts", {}, { mapToData: "contexts" }], setTeamAccessRestrictions: ["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/teams", {}, { mapToData: "teams" }], setUserAccessRestrictions: ["PUT /repos/{owner}/{repo}/branches/{branch}/protection/restrictions/users", {}, { mapToData: "users" }], testPushWebhook: ["POST /repos/{owner}/{repo}/hooks/{hook_id}/tests"], transfer: ["POST /repos/{owner}/{repo}/transfer"], update: ["PATCH /repos/{owner}/{repo}"], updateBranchProtection: ["PUT /repos/{owner}/{repo}/branches/{branch}/protection"], updateCommitComment: ["PATCH /repos/{owner}/{repo}/comments/{comment_id}"], updateInformationAboutPagesSite: ["PUT /repos/{owner}/{repo}/pages"], updateInvitation: ["PATCH /repos/{owner}/{repo}/invitations/{invitation_id}"], updatePullRequestReviewProtection: ["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_pull_request_reviews"], updateRelease: ["PATCH /repos/{owner}/{repo}/releases/{release_id}"], updateReleaseAsset: ["PATCH /repos/{owner}/{repo}/releases/assets/{asset_id}"], updateStatusCheckPotection: ["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks", {}, { renamed: ["repos", "updateStatusCheckProtection"] }], updateStatusCheckProtection: ["PATCH /repos/{owner}/{repo}/branches/{branch}/protection/required_status_checks"], updateWebhook: ["PATCH /repos/{owner}/{repo}/hooks/{hook_id}"], updateWebhookConfigForRepo: ["PATCH /repos/{owner}/{repo}/hooks/{hook_id}/config"], uploadReleaseAsset: ["POST /repos/{owner}/{repo}/releases/{release_id}/assets{?name,label}", { baseUrl: "https://uploads.github.com" }] }, search: { code: ["GET /search/code"], commits: ["GET /search/commits", { mediaType: { previews: ["cloak"] } }], issuesAndPullRequests: ["GET /search/issues"], labels: ["GET /search/labels"], repos: ["GET /search/repositories"], topics: ["GET /search/topics", { mediaType: { previews: ["mercy"] } }], users: ["GET /search/users"] }, secretScanning: { getAlert: ["GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}"], listAlertsForRepo: ["GET /repos/{owner}/{repo}/secret-scanning/alerts"], updateAlert: ["PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}"] }, teams: { addOrUpdateMembershipForUserInOrg: ["PUT /orgs/{org}/teams/{team_slug}/memberships/{username}"], addOrUpdateProjectPermissionsInOrg: ["PUT /orgs/{org}/teams/{team_slug}/projects/{project_id}", { mediaType: { previews: ["inertia"] } }], addOrUpdateRepoPermissionsInOrg: ["PUT /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"], checkPermissionsForProjectInOrg: ["GET /orgs/{org}/teams/{team_slug}/projects/{project_id}", { mediaType: { previews: ["inertia"] } }], checkPermissionsForRepoInOrg: ["GET /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"], create: ["POST /orgs/{org}/teams"], createDiscussionCommentInOrg: ["POST /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments"], createDiscussionInOrg: ["POST /orgs/{org}/teams/{team_slug}/discussions"], deleteDiscussionCommentInOrg: ["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"], deleteDiscussionInOrg: ["DELETE /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"], deleteInOrg: ["DELETE /orgs/{org}/teams/{team_slug}"], getByName: ["GET /orgs/{org}/teams/{team_slug}"], getDiscussionCommentInOrg: ["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"], getDiscussionInOrg: ["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"], getMembershipForUserInOrg: ["GET /orgs/{org}/teams/{team_slug}/memberships/{username}"], list: ["GET /orgs/{org}/teams"], listChildInOrg: ["GET /orgs/{org}/teams/{team_slug}/teams"], listDiscussionCommentsInOrg: ["GET /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments"], listDiscussionsInOrg: ["GET /orgs/{org}/teams/{team_slug}/discussions"], listForAuthenticatedUser: ["GET /user/teams"], listMembersInOrg: ["GET /orgs/{org}/teams/{team_slug}/members"], listPendingInvitationsInOrg: ["GET /orgs/{org}/teams/{team_slug}/invitations"], listProjectsInOrg: ["GET /orgs/{org}/teams/{team_slug}/projects", { mediaType: { previews: ["inertia"] } }], listReposInOrg: ["GET /orgs/{org}/teams/{team_slug}/repos"], removeMembershipForUserInOrg: ["DELETE /orgs/{org}/teams/{team_slug}/memberships/{username}"], removeProjectInOrg: ["DELETE /orgs/{org}/teams/{team_slug}/projects/{project_id}"], removeRepoInOrg: ["DELETE /orgs/{org}/teams/{team_slug}/repos/{owner}/{repo}"], updateDiscussionCommentInOrg: ["PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}/comments/{comment_number}"], updateDiscussionInOrg: ["PATCH /orgs/{org}/teams/{team_slug}/discussions/{discussion_number}"], updateInOrg: ["PATCH /orgs/{org}/teams/{team_slug}"] }, users: { addEmailForAuthenticated: ["POST /user/emails"], block: ["PUT /user/blocks/{username}"], checkBlocked: ["GET /user/blocks/{username}"], checkFollowingForUser: ["GET /users/{username}/following/{target_user}"], checkPersonIsFollowedByAuthenticated: ["GET /user/following/{username}"], createGpgKeyForAuthenticated: ["POST /user/gpg_keys"], createPublicSshKeyForAuthenticated: ["POST /user/keys"], deleteEmailForAuthenticated: ["DELETE /user/emails"], deleteGpgKeyForAuthenticated: ["DELETE /user/gpg_keys/{gpg_key_id}"], deletePublicSshKeyForAuthenticated: ["DELETE /user/keys/{key_id}"], follow: ["PUT /user/following/{username}"], getAuthenticated: ["GET /user"], getByUsername: ["GET /users/{username}"], getContextForUser: ["GET /users/{username}/hovercard"], getGpgKeyForAuthenticated: ["GET /user/gpg_keys/{gpg_key_id}"], getPublicSshKeyForAuthenticated: ["GET /user/keys/{key_id}"], list: ["GET /users"], listBlockedByAuthenticated: ["GET /user/blocks"], listEmailsForAuthenticated: ["GET /user/emails"], listFollowedByAuthenticated: ["GET /user/following"], listFollowersForAuthenticatedUser: ["GET /user/followers"], listFollowersForUser: ["GET /users/{username}/followers"], listFollowingForUser: ["GET /users/{username}/following"], listGpgKeysForAuthenticated: ["GET /user/gpg_keys"], listGpgKeysForUser: ["GET /users/{username}/gpg_keys"], listPublicEmailsForAuthenticated: ["GET /user/public_emails"], listPublicKeysForUser: ["GET /users/{username}/keys"], listPublicSshKeysForAuthenticated: ["GET /user/keys"], setPrimaryEmailVisibilityForAuthenticated: ["PATCH /user/email/visibility"], unblock: ["DELETE /user/blocks/{username}"], unfollow: ["DELETE /user/following/{username}"], updateAuthenticated: ["PATCH /user"] } }; const VERSION = "5.3.1"; function endpointsToMethods(octokit, endpointsMap) { const newMethods = {}; for (const [scope, endpoints] of Object.entries(endpointsMap)) { for (const [methodName, endpoint] of Object.entries(endpoints)) { const [route, defaults, decorations] = endpoint; const [method, url] = route.split(/ /); const endpointDefaults = Object.assign({ method, url }, defaults); if (!newMethods[scope]) { newMethods[scope] = {}; } const scopeMethods = newMethods[scope]; if (decorations) { scopeMethods[methodName] = decorate(octokit, scope, methodName, endpointDefaults, decorations); continue; } scopeMethods[methodName] = octokit.request.defaults(endpointDefaults); } } return newMethods; } function decorate(octokit, scope, methodName, defaults, decorations) { const requestWithDefaults = octokit.request.defaults(defaults); /* istanbul ignore next */ function withDecorations(...args) { // @ts-ignore https://github.com/microsoft/TypeScript/issues/25488 let options = requestWithDefaults.endpoint.merge(...args); // There are currently no other decorations than `.mapToData` if (decorations.mapToData) { options = Object.assign({}, options, { data: options[decorations.mapToData], [decorations.mapToData]: undefined }); return requestWithDefaults(options); } if (decorations.renamed) { const [newScope, newMethodName] = decorations.renamed; octokit.log.warn(`octokit.${scope}.${methodName}() has been renamed to octokit.${newScope}.${newMethodName}()`); } if (decorations.deprecated) { octokit.log.warn(decorations.deprecated); } if (decorations.renamedParameters) { // @ts-ignore https://github.com/microsoft/TypeScript/issues/25488 const options = requestWithDefaults.endpoint.merge(...args); for (const [name, alias] of Object.entries(decorations.renamedParameters)) { if (name in options) { octokit.log.warn(`"${name}" parameter is deprecated for "octokit.${scope}.${methodName}()". Use "${alias}" instead`); if (!(alias in options)) { options[alias] = options[name]; } delete options[name]; } } return requestWithDefaults(options); } // @ts-ignore https://github.com/microsoft/TypeScript/issues/25488 return requestWithDefaults(...args); } return Object.assign(withDecorations, requestWithDefaults); } function restEndpointMethods(octokit) { const api = endpointsToMethods(octokit, Endpoints); return { rest: api }; } restEndpointMethods.VERSION = VERSION; function legacyRestEndpointMethods(octokit) { const api = endpointsToMethods(octokit, Endpoints); return _objectSpread2(_objectSpread2({}, api), {}, { rest: api }); } legacyRestEndpointMethods.VERSION = VERSION; exports.legacyRestEndpointMethods = legacyRestEndpointMethods; exports.restEndpointMethods = restEndpointMethods; //# sourceMappingURL=index.js.map /***/ }), /***/ 537: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; } var deprecation = __nccwpck_require__(8932); var once = _interopDefault(__nccwpck_require__(1223)); const logOnce = once(deprecation => console.warn(deprecation)); /** * Error with extra properties to help with debugging */ class RequestError extends Error { constructor(message, statusCode, options) { super(message); // Maintains proper stack trace (only available on V8) /* istanbul ignore next */ if (Error.captureStackTrace) { Error.captureStackTrace(this, this.constructor); } this.name = "HttpError"; this.status = statusCode; Object.defineProperty(this, "code", { get() { logOnce(new deprecation.Deprecation("[@octokit/request-error] `error.code` is deprecated, use `error.status`.")); return statusCode; } }); this.headers = options.headers || {}; // redact request credentials without mutating original request options const requestCopy = Object.assign({}, options.request); if (options.request.headers.authorization) { requestCopy.headers = Object.assign({}, options.request.headers, { authorization: options.request.headers.authorization.replace(/ .*$/, " [REDACTED]") }); } requestCopy.url = requestCopy.url // client_id & client_secret can be passed as URL query parameters to increase rate limit // see https://developer.github.com/v3/#increasing-the-unauthenticated-rate-limit-for-oauth-applications .replace(/\bclient_secret=\w+/g, "client_secret=[REDACTED]") // OAuth tokens can be passed as URL query parameters, although it is not recommended // see https://developer.github.com/v3/#oauth2-token-sent-in-a-header .replace(/\baccess_token=\w+/g, "access_token=[REDACTED]"); this.request = requestCopy; } } exports.RequestError = RequestError; //# sourceMappingURL=index.js.map /***/ }), /***/ 6234: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; } var endpoint = __nccwpck_require__(9440); var universalUserAgent = __nccwpck_require__(5030); var isPlainObject = __nccwpck_require__(3287); var nodeFetch = _interopDefault(__nccwpck_require__(467)); var requestError = __nccwpck_require__(537); const VERSION = "5.4.15"; function getBufferResponse(response) { return response.arrayBuffer(); } function fetchWrapper(requestOptions) { if (isPlainObject.isPlainObject(requestOptions.body) || Array.isArray(requestOptions.body)) { requestOptions.body = JSON.stringify(requestOptions.body); } let headers = {}; let status; let url; const fetch = requestOptions.request && requestOptions.request.fetch || nodeFetch; return fetch(requestOptions.url, Object.assign({ method: requestOptions.method, body: requestOptions.body, headers: requestOptions.headers, redirect: requestOptions.redirect }, // `requestOptions.request.agent` type is incompatible // see https://github.com/octokit/types.ts/pull/264 requestOptions.request)).then(response => { url = response.url; status = response.status; for (const keyAndValue of response.headers) { headers[keyAndValue[0]] = keyAndValue[1]; } if (status === 204 || status === 205) { return; } // GitHub API returns 200 for HEAD requests if (requestOptions.method === "HEAD") { if (status < 400) { return; } throw new requestError.RequestError(response.statusText, status, { headers, request: requestOptions }); } if (status === 304) { throw new requestError.RequestError("Not modified", status, { headers, request: requestOptions }); } if (status >= 400) { return response.text().then(message => { const error = new requestError.RequestError(message, status, { headers, request: requestOptions }); try { let responseBody = JSON.parse(error.message); Object.assign(error, responseBody); let errors = responseBody.errors; // Assumption `errors` would always be in Array format error.message = error.message + ": " + errors.map(JSON.stringify).join(", "); } catch (e) {// ignore, see octokit/rest.js#684 } throw error; }); } const contentType = response.headers.get("content-type"); if (/application\/json/.test(contentType)) { return response.json(); } if (!contentType || /^text\/|charset=utf-8$/.test(contentType)) { return response.text(); } return getBufferResponse(response); }).then(data => { return { status, url, headers, data }; }).catch(error => { if (error instanceof requestError.RequestError) { throw error; } throw new requestError.RequestError(error.message, 500, { headers, request: requestOptions }); }); } function withDefaults(oldEndpoint, newDefaults) { const endpoint = oldEndpoint.defaults(newDefaults); const newApi = function (route, parameters) { const endpointOptions = endpoint.merge(route, parameters); if (!endpointOptions.request || !endpointOptions.request.hook) { return fetchWrapper(endpoint.parse(endpointOptions)); } const request = (route, parameters) => { return fetchWrapper(endpoint.parse(endpoint.merge(route, parameters))); }; Object.assign(request, { endpoint, defaults: withDefaults.bind(null, endpoint) }); return endpointOptions.request.hook(request, endpointOptions); }; return Object.assign(newApi, { endpoint, defaults: withDefaults.bind(null, endpoint) }); } const request = withDefaults(endpoint.endpoint, { headers: { "user-agent": `octokit-request.js/${VERSION} ${universalUserAgent.getUserAgent()}` } }); exports.request = request; //# sourceMappingURL=index.js.map /***/ }), /***/ 9348: /***/ ((module) => { // Copyright 2011 Mark Cavage All rights reserved. module.exports = { newInvalidAsn1Error: function (msg) { var e = new Error(); e.name = 'InvalidAsn1Error'; e.message = msg || ''; return e; } }; /***/ }), /***/ 194: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { // Copyright 2011 Mark Cavage All rights reserved. var errors = __nccwpck_require__(9348); var types = __nccwpck_require__(2473); var Reader = __nccwpck_require__(290); var Writer = __nccwpck_require__(3200); // --- Exports module.exports = { Reader: Reader, Writer: Writer }; for (var t in types) { if (types.hasOwnProperty(t)) module.exports[t] = types[t]; } for (var e in errors) { if (errors.hasOwnProperty(e)) module.exports[e] = errors[e]; } /***/ }), /***/ 290: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { // Copyright 2011 Mark Cavage All rights reserved. var assert = __nccwpck_require__(2357); var Buffer = __nccwpck_require__(5118).Buffer; var ASN1 = __nccwpck_require__(2473); var errors = __nccwpck_require__(9348); // --- Globals var newInvalidAsn1Error = errors.newInvalidAsn1Error; // --- API function Reader(data) { if (!data || !Buffer.isBuffer(data)) throw new TypeError('data must be a node Buffer'); this._buf = data; this._size = data.length; // These hold the "current" state this._len = 0; this._offset = 0; } Object.defineProperty(Reader.prototype, 'length', { enumerable: true, get: function () { return (this._len); } }); Object.defineProperty(Reader.prototype, 'offset', { enumerable: true, get: function () { return (this._offset); } }); Object.defineProperty(Reader.prototype, 'remain', { get: function () { return (this._size - this._offset); } }); Object.defineProperty(Reader.prototype, 'buffer', { get: function () { return (this._buf.slice(this._offset)); } }); /** * Reads a single byte and advances offset; you can pass in `true` to make this * a "peek" operation (i.e., get the byte, but don't advance the offset). * * @param {Boolean} peek true means don't move offset. * @return {Number} the next byte, null if not enough data. */ Reader.prototype.readByte = function (peek) { if (this._size - this._offset < 1) return null; var b = this._buf[this._offset] & 0xff; if (!peek) this._offset += 1; return b; }; Reader.prototype.peek = function () { return this.readByte(true); }; /** * Reads a (potentially) variable length off the BER buffer. This call is * not really meant to be called directly, as callers have to manipulate * the internal buffer afterwards. * * As a result of this call, you can call `Reader.length`, until the * next thing called that does a readLength. * * @return {Number} the amount of offset to advance the buffer. * @throws {InvalidAsn1Error} on bad ASN.1 */ Reader.prototype.readLength = function (offset) { if (offset === undefined) offset = this._offset; if (offset >= this._size) return null; var lenB = this._buf[offset++] & 0xff; if (lenB === null) return null; if ((lenB & 0x80) === 0x80) { lenB &= 0x7f; if (lenB === 0) throw newInvalidAsn1Error('Indefinite length not supported'); if (lenB > 4) throw newInvalidAsn1Error('encoding too long'); if (this._size - offset < lenB) return null; this._len = 0; for (var i = 0; i < lenB; i++) this._len = (this._len << 8) + (this._buf[offset++] & 0xff); } else { // Wasn't a variable length this._len = lenB; } return offset; }; /** * Parses the next sequence in this BER buffer. * * To get the length of the sequence, call `Reader.length`. * * @return {Number} the sequence's tag. */ Reader.prototype.readSequence = function (tag) { var seq = this.peek(); if (seq === null) return null; if (tag !== undefined && tag !== seq) throw newInvalidAsn1Error('Expected 0x' + tag.toString(16) + ': got 0x' + seq.toString(16)); var o = this.readLength(this._offset + 1); // stored in `length` if (o === null) return null; this._offset = o; return seq; }; Reader.prototype.readInt = function () { return this._readTag(ASN1.Integer); }; Reader.prototype.readBoolean = function () { return (this._readTag(ASN1.Boolean) === 0 ? false : true); }; Reader.prototype.readEnumeration = function () { return this._readTag(ASN1.Enumeration); }; Reader.prototype.readString = function (tag, retbuf) { if (!tag) tag = ASN1.OctetString; var b = this.peek(); if (b === null) return null; if (b !== tag) throw newInvalidAsn1Error('Expected 0x' + tag.toString(16) + ': got 0x' + b.toString(16)); var o = this.readLength(this._offset + 1); // stored in `length` if (o === null) return null; if (this.length > this._size - o) return null; this._offset = o; if (this.length === 0) return retbuf ? Buffer.alloc(0) : ''; var str = this._buf.slice(this._offset, this._offset + this.length); this._offset += this.length; return retbuf ? str : str.toString('utf8'); }; Reader.prototype.readOID = function (tag) { if (!tag) tag = ASN1.OID; var b = this.readString(tag, true); if (b === null) return null; var values = []; var value = 0; for (var i = 0; i < b.length; i++) { var byte = b[i] & 0xff; value <<= 7; value += byte & 0x7f; if ((byte & 0x80) === 0) { values.push(value); value = 0; } } value = values.shift(); values.unshift(value % 40); values.unshift((value / 40) >> 0); return values.join('.'); }; Reader.prototype._readTag = function (tag) { assert.ok(tag !== undefined); var b = this.peek(); if (b === null) return null; if (b !== tag) throw newInvalidAsn1Error('Expected 0x' + tag.toString(16) + ': got 0x' + b.toString(16)); var o = this.readLength(this._offset + 1); // stored in `length` if (o === null) return null; if (this.length > 4) throw newInvalidAsn1Error('Integer too long: ' + this.length); if (this.length > this._size - o) return null; this._offset = o; var fb = this._buf[this._offset]; var value = 0; for (var i = 0; i < this.length; i++) { value <<= 8; value |= (this._buf[this._offset++] & 0xff); } if ((fb & 0x80) === 0x80 && i !== 4) value -= (1 << (i * 8)); return value >> 0; }; // --- Exported API module.exports = Reader; /***/ }), /***/ 2473: /***/ ((module) => { // Copyright 2011 Mark Cavage All rights reserved. module.exports = { EOC: 0, Boolean: 1, Integer: 2, BitString: 3, OctetString: 4, Null: 5, OID: 6, ObjectDescriptor: 7, External: 8, Real: 9, // float Enumeration: 10, PDV: 11, Utf8String: 12, RelativeOID: 13, Sequence: 16, Set: 17, NumericString: 18, PrintableString: 19, T61String: 20, VideotexString: 21, IA5String: 22, UTCTime: 23, GeneralizedTime: 24, GraphicString: 25, VisibleString: 26, GeneralString: 28, UniversalString: 29, CharacterString: 30, BMPString: 31, Constructor: 32, Context: 128 }; /***/ }), /***/ 3200: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { // Copyright 2011 Mark Cavage All rights reserved. var assert = __nccwpck_require__(2357); var Buffer = __nccwpck_require__(5118).Buffer; var ASN1 = __nccwpck_require__(2473); var errors = __nccwpck_require__(9348); // --- Globals var newInvalidAsn1Error = errors.newInvalidAsn1Error; var DEFAULT_OPTS = { size: 1024, growthFactor: 8 }; // --- Helpers function merge(from, to) { assert.ok(from); assert.equal(typeof (from), 'object'); assert.ok(to); assert.equal(typeof (to), 'object'); var keys = Object.getOwnPropertyNames(from); keys.forEach(function (key) { if (to[key]) return; var value = Object.getOwnPropertyDescriptor(from, key); Object.defineProperty(to, key, value); }); return to; } // --- API function Writer(options) { options = merge(DEFAULT_OPTS, options || {}); this._buf = Buffer.alloc(options.size || 1024); this._size = this._buf.length; this._offset = 0; this._options = options; // A list of offsets in the buffer where we need to insert // sequence tag/len pairs. this._seq = []; } Object.defineProperty(Writer.prototype, 'buffer', { get: function () { if (this._seq.length) throw newInvalidAsn1Error(this._seq.length + ' unended sequence(s)'); return (this._buf.slice(0, this._offset)); } }); Writer.prototype.writeByte = function (b) { if (typeof (b) !== 'number') throw new TypeError('argument must be a Number'); this._ensure(1); this._buf[this._offset++] = b; }; Writer.prototype.writeInt = function (i, tag) { if (typeof (i) !== 'number') throw new TypeError('argument must be a Number'); if (typeof (tag) !== 'number') tag = ASN1.Integer; var sz = 4; while ((((i & 0xff800000) === 0) || ((i & 0xff800000) === 0xff800000 >> 0)) && (sz > 1)) { sz--; i <<= 8; } if (sz > 4) throw newInvalidAsn1Error('BER ints cannot be > 0xffffffff'); this._ensure(2 + sz); this._buf[this._offset++] = tag; this._buf[this._offset++] = sz; while (sz-- > 0) { this._buf[this._offset++] = ((i & 0xff000000) >>> 24); i <<= 8; } }; Writer.prototype.writeNull = function () { this.writeByte(ASN1.Null); this.writeByte(0x00); }; Writer.prototype.writeEnumeration = function (i, tag) { if (typeof (i) !== 'number') throw new TypeError('argument must be a Number'); if (typeof (tag) !== 'number') tag = ASN1.Enumeration; return this.writeInt(i, tag); }; Writer.prototype.writeBoolean = function (b, tag) { if (typeof (b) !== 'boolean') throw new TypeError('argument must be a Boolean'); if (typeof (tag) !== 'number') tag = ASN1.Boolean; this._ensure(3); this._buf[this._offset++] = tag; this._buf[this._offset++] = 0x01; this._buf[this._offset++] = b ? 0xff : 0x00; }; Writer.prototype.writeString = function (s, tag) { if (typeof (s) !== 'string') throw new TypeError('argument must be a string (was: ' + typeof (s) + ')'); if (typeof (tag) !== 'number') tag = ASN1.OctetString; var len = Buffer.byteLength(s); this.writeByte(tag); this.writeLength(len); if (len) { this._ensure(len); this._buf.write(s, this._offset); this._offset += len; } }; Writer.prototype.writeBuffer = function (buf, tag) { if (typeof (tag) !== 'number') throw new TypeError('tag must be a number'); if (!Buffer.isBuffer(buf)) throw new TypeError('argument must be a buffer'); this.writeByte(tag); this.writeLength(buf.length); this._ensure(buf.length); buf.copy(this._buf, this._offset, 0, buf.length); this._offset += buf.length; }; Writer.prototype.writeStringArray = function (strings) { if ((!strings instanceof Array)) throw new TypeError('argument must be an Array[String]'); var self = this; strings.forEach(function (s) { self.writeString(s); }); }; // This is really to solve DER cases, but whatever for now Writer.prototype.writeOID = function (s, tag) { if (typeof (s) !== 'string') throw new TypeError('argument must be a string'); if (typeof (tag) !== 'number') tag = ASN1.OID; if (!/^([0-9]+\.){3,}[0-9]+$/.test(s)) throw new Error('argument is not a valid OID string'); function encodeOctet(bytes, octet) { if (octet < 128) { bytes.push(octet); } else if (octet < 16384) { bytes.push((octet >>> 7) | 0x80); bytes.push(octet & 0x7F); } else if (octet < 2097152) { bytes.push((octet >>> 14) | 0x80); bytes.push(((octet >>> 7) | 0x80) & 0xFF); bytes.push(octet & 0x7F); } else if (octet < 268435456) { bytes.push((octet >>> 21) | 0x80); bytes.push(((octet >>> 14) | 0x80) & 0xFF); bytes.push(((octet >>> 7) | 0x80) & 0xFF); bytes.push(octet & 0x7F); } else { bytes.push(((octet >>> 28) | 0x80) & 0xFF); bytes.push(((octet >>> 21) | 0x80) & 0xFF); bytes.push(((octet >>> 14) | 0x80) & 0xFF); bytes.push(((octet >>> 7) | 0x80) & 0xFF); bytes.push(octet & 0x7F); } } var tmp = s.split('.'); var bytes = []; bytes.push(parseInt(tmp[0], 10) * 40 + parseInt(tmp[1], 10)); tmp.slice(2).forEach(function (b) { encodeOctet(bytes, parseInt(b, 10)); }); var self = this; this._ensure(2 + bytes.length); this.writeByte(tag); this.writeLength(bytes.length); bytes.forEach(function (b) { self.writeByte(b); }); }; Writer.prototype.writeLength = function (len) { if (typeof (len) !== 'number') throw new TypeError('argument must be a Number'); this._ensure(4); if (len <= 0x7f) { this._buf[this._offset++] = len; } else if (len <= 0xff) { this._buf[this._offset++] = 0x81; this._buf[this._offset++] = len; } else if (len <= 0xffff) { this._buf[this._offset++] = 0x82; this._buf[this._offset++] = len >> 8; this._buf[this._offset++] = len; } else if (len <= 0xffffff) { this._buf[this._offset++] = 0x83; this._buf[this._offset++] = len >> 16; this._buf[this._offset++] = len >> 8; this._buf[this._offset++] = len; } else { throw newInvalidAsn1Error('Length too long (> 4 bytes)'); } }; Writer.prototype.startSequence = function (tag) { if (typeof (tag) !== 'number') tag = ASN1.Sequence | ASN1.Constructor; this.writeByte(tag); this._seq.push(this._offset); this._ensure(3); this._offset += 3; }; Writer.prototype.endSequence = function () { var seq = this._seq.pop(); var start = seq + 3; var len = this._offset - start; if (len <= 0x7f) { this._shift(start, len, -2); this._buf[seq] = len; } else if (len <= 0xff) { this._shift(start, len, -1); this._buf[seq] = 0x81; this._buf[seq + 1] = len; } else if (len <= 0xffff) { this._buf[seq] = 0x82; this._buf[seq + 1] = len >> 8; this._buf[seq + 2] = len; } else if (len <= 0xffffff) { this._shift(start, len, 1); this._buf[seq] = 0x83; this._buf[seq + 1] = len >> 16; this._buf[seq + 2] = len >> 8; this._buf[seq + 3] = len; } else { throw newInvalidAsn1Error('Sequence too long'); } }; Writer.prototype._shift = function (start, len, shift) { assert.ok(start !== undefined); assert.ok(len !== undefined); assert.ok(shift); this._buf.copy(this._buf, start + shift, start, start + len); this._offset += shift; }; Writer.prototype._ensure = function (len) { assert.ok(len); if (this._size - this._offset < len) { var sz = this._size * this._options.growthFactor; if (sz - this._offset < len) sz += len; var buf = Buffer.alloc(sz); this._buf.copy(buf, 0, 0, this._offset); this._buf = buf; this._size = sz; } }; // --- Exported API module.exports = Writer; /***/ }), /***/ 970: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { // Copyright 2011 Mark Cavage All rights reserved. // If you have no idea what ASN.1 or BER is, see this: // ftp://ftp.rsa.com/pub/pkcs/ascii/layman.asc var Ber = __nccwpck_require__(194); // --- Exported API module.exports = { Ber: Ber, BerReader: Ber.Reader, BerWriter: Ber.Writer }; /***/ }), /***/ 6545: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { module.exports = __nccwpck_require__(2618); /***/ }), /***/ 8104: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); var settle = __nccwpck_require__(3211); var buildFullPath = __nccwpck_require__(1934); var buildURL = __nccwpck_require__(646); var http = __nccwpck_require__(8605); var https = __nccwpck_require__(7211); var httpFollow = __nccwpck_require__(7707).http; var httpsFollow = __nccwpck_require__(7707).https; var url = __nccwpck_require__(8835); var zlib = __nccwpck_require__(8761); var VERSION = __nccwpck_require__(4322).version; var createError = __nccwpck_require__(5226); var enhanceError = __nccwpck_require__(1516); var defaults = __nccwpck_require__(8190); var Cancel = __nccwpck_require__(8875); var isHttps = /https:?/; /** * * @param {http.ClientRequestArgs} options * @param {AxiosProxyConfig} proxy * @param {string} location */ function setProxy(options, proxy, location) { options.hostname = proxy.host; options.host = proxy.host; options.port = proxy.port; options.path = location; // Basic proxy authorization if (proxy.auth) { var base64 = Buffer.from(proxy.auth.username + ':' + proxy.auth.password, 'utf8').toString('base64'); options.headers['Proxy-Authorization'] = 'Basic ' + base64; } // If a proxy is used, any redirects must also pass through the proxy options.beforeRedirect = function beforeRedirect(redirection) { redirection.headers.host = redirection.host; setProxy(redirection, proxy, redirection.href); }; } /*eslint consistent-return:0*/ module.exports = function httpAdapter(config) { return new Promise(function dispatchHttpRequest(resolvePromise, rejectPromise) { var onCanceled; function done() { if (config.cancelToken) { config.cancelToken.unsubscribe(onCanceled); } if (config.signal) { config.signal.removeEventListener('abort', onCanceled); } } var resolve = function resolve(value) { done(); resolvePromise(value); }; var reject = function reject(value) { done(); rejectPromise(value); }; var data = config.data; var headers = config.headers; var headerNames = {}; Object.keys(headers).forEach(function storeLowerName(name) { headerNames[name.toLowerCase()] = name; }); // Set User-Agent (required by some servers) // See https://github.com/axios/axios/issues/69 if ('user-agent' in headerNames) { // User-Agent is specified; handle case where no UA header is desired if (!headers[headerNames['user-agent']]) { delete headers[headerNames['user-agent']]; } // Otherwise, use specified value } else { // Only set header if it hasn't been set in config headers['User-Agent'] = 'axios/' + VERSION; } if (data && !utils.isStream(data)) { if (Buffer.isBuffer(data)) { // Nothing to do... } else if (utils.isArrayBuffer(data)) { data = Buffer.from(new Uint8Array(data)); } else if (utils.isString(data)) { data = Buffer.from(data, 'utf-8'); } else { return reject(createError( 'Data after transformation must be a string, an ArrayBuffer, a Buffer, or a Stream', config )); } // Add Content-Length header if data exists if (!headerNames['content-length']) { headers['Content-Length'] = data.length; } } // HTTP basic authentication var auth = undefined; if (config.auth) { var username = config.auth.username || ''; var password = config.auth.password || ''; auth = username + ':' + password; } // Parse url var fullPath = buildFullPath(config.baseURL, config.url); var parsed = url.parse(fullPath); var protocol = parsed.protocol || 'http:'; if (!auth && parsed.auth) { var urlAuth = parsed.auth.split(':'); var urlUsername = urlAuth[0] || ''; var urlPassword = urlAuth[1] || ''; auth = urlUsername + ':' + urlPassword; } if (auth && headerNames.authorization) { delete headers[headerNames.authorization]; } var isHttpsRequest = isHttps.test(protocol); var agent = isHttpsRequest ? config.httpsAgent : config.httpAgent; var options = { path: buildURL(parsed.path, config.params, config.paramsSerializer).replace(/^\?/, ''), method: config.method.toUpperCase(), headers: headers, agent: agent, agents: { http: config.httpAgent, https: config.httpsAgent }, auth: auth }; if (config.socketPath) { options.socketPath = config.socketPath; } else { options.hostname = parsed.hostname; options.port = parsed.port; } var proxy = config.proxy; if (!proxy && proxy !== false) { var proxyEnv = protocol.slice(0, -1) + '_proxy'; var proxyUrl = process.env[proxyEnv] || process.env[proxyEnv.toUpperCase()]; if (proxyUrl) { var parsedProxyUrl = url.parse(proxyUrl); var noProxyEnv = process.env.no_proxy || process.env.NO_PROXY; var shouldProxy = true; if (noProxyEnv) { var noProxy = noProxyEnv.split(',').map(function trim(s) { return s.trim(); }); shouldProxy = !noProxy.some(function proxyMatch(proxyElement) { if (!proxyElement) { return false; } if (proxyElement === '*') { return true; } if (proxyElement[0] === '.' && parsed.hostname.substr(parsed.hostname.length - proxyElement.length) === proxyElement) { return true; } return parsed.hostname === proxyElement; }); } if (shouldProxy) { proxy = { host: parsedProxyUrl.hostname, port: parsedProxyUrl.port, protocol: parsedProxyUrl.protocol }; if (parsedProxyUrl.auth) { var proxyUrlAuth = parsedProxyUrl.auth.split(':'); proxy.auth = { username: proxyUrlAuth[0], password: proxyUrlAuth[1] }; } } } } if (proxy) { options.headers.host = parsed.hostname + (parsed.port ? ':' + parsed.port : ''); setProxy(options, proxy, protocol + '//' + parsed.hostname + (parsed.port ? ':' + parsed.port : '') + options.path); } var transport; var isHttpsProxy = isHttpsRequest && (proxy ? isHttps.test(proxy.protocol) : true); if (config.transport) { transport = config.transport; } else if (config.maxRedirects === 0) { transport = isHttpsProxy ? https : http; } else { if (config.maxRedirects) { options.maxRedirects = config.maxRedirects; } transport = isHttpsProxy ? httpsFollow : httpFollow; } if (config.maxBodyLength > -1) { options.maxBodyLength = config.maxBodyLength; } if (config.insecureHTTPParser) { options.insecureHTTPParser = config.insecureHTTPParser; } // Create the request var req = transport.request(options, function handleResponse(res) { if (req.aborted) return; // uncompress the response body transparently if required var stream = res; // return the last request in case of redirects var lastRequest = res.req || req; // if no content, is HEAD request or decompress disabled we should not decompress if (res.statusCode !== 204 && lastRequest.method !== 'HEAD' && config.decompress !== false) { switch (res.headers['content-encoding']) { /*eslint default-case:0*/ case 'gzip': case 'compress': case 'deflate': // add the unzipper to the body stream processing pipeline stream = stream.pipe(zlib.createUnzip()); // remove the content-encoding in order to not confuse downstream operations delete res.headers['content-encoding']; break; } } var response = { status: res.statusCode, statusText: res.statusMessage, headers: res.headers, config: config, request: lastRequest }; if (config.responseType === 'stream') { response.data = stream; settle(resolve, reject, response); } else { var responseBuffer = []; var totalResponseBytes = 0; stream.on('data', function handleStreamData(chunk) { responseBuffer.push(chunk); totalResponseBytes += chunk.length; // make sure the content length is not over the maxContentLength if specified if (config.maxContentLength > -1 && totalResponseBytes > config.maxContentLength) { stream.destroy(); reject(createError('maxContentLength size of ' + config.maxContentLength + ' exceeded', config, null, lastRequest)); } }); stream.on('error', function handleStreamError(err) { if (req.aborted) return; reject(enhanceError(err, config, null, lastRequest)); }); stream.on('end', function handleStreamEnd() { var responseData = Buffer.concat(responseBuffer); if (config.responseType !== 'arraybuffer') { responseData = responseData.toString(config.responseEncoding); if (!config.responseEncoding || config.responseEncoding === 'utf8') { responseData = utils.stripBOM(responseData); } } response.data = responseData; settle(resolve, reject, response); }); } }); // Handle errors req.on('error', function handleRequestError(err) { if (req.aborted && err.code !== 'ERR_FR_TOO_MANY_REDIRECTS') return; reject(enhanceError(err, config, null, req)); }); // Handle request timeout if (config.timeout) { // This is forcing a int timeout to avoid problems if the `req` interface doesn't handle other types. var timeout = parseInt(config.timeout, 10); if (isNaN(timeout)) { reject(createError( 'error trying to parse `config.timeout` to int', config, 'ERR_PARSE_TIMEOUT', req )); return; } // Sometime, the response will be very slow, and does not respond, the connect event will be block by event loop system. // And timer callback will be fired, and abort() will be invoked before connection, then get "socket hang up" and code ECONNRESET. // At this time, if we have a large number of request, nodejs will hang up some socket on background. and the number will up and up. // And then these socket which be hang up will devoring CPU little by little. // ClientRequest.setTimeout will be fired on the specify milliseconds, and can make sure that abort() will be fired after connect. req.setTimeout(timeout, function handleRequestTimeout() { req.abort(); var transitional = config.transitional || defaults.transitional; reject(createError( 'timeout of ' + timeout + 'ms exceeded', config, transitional.clarifyTimeoutError ? 'ETIMEDOUT' : 'ECONNABORTED', req )); }); } if (config.cancelToken || config.signal) { // Handle cancellation // eslint-disable-next-line func-names onCanceled = function(cancel) { if (req.aborted) return; req.abort(); reject(!cancel || (cancel && cancel.type) ? new Cancel('canceled') : cancel); }; config.cancelToken && config.cancelToken.subscribe(onCanceled); if (config.signal) { config.signal.aborted ? onCanceled() : config.signal.addEventListener('abort', onCanceled); } } // Send the request if (utils.isStream(data)) { data.on('error', function handleStreamError(err) { reject(enhanceError(err, config, null, req)); }).pipe(req); } else { req.end(data); } }); }; /***/ }), /***/ 3454: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); var settle = __nccwpck_require__(3211); var cookies = __nccwpck_require__(1545); var buildURL = __nccwpck_require__(646); var buildFullPath = __nccwpck_require__(1934); var parseHeaders = __nccwpck_require__(6455); var isURLSameOrigin = __nccwpck_require__(3608); var createError = __nccwpck_require__(5226); var defaults = __nccwpck_require__(8190); var Cancel = __nccwpck_require__(8875); module.exports = function xhrAdapter(config) { return new Promise(function dispatchXhrRequest(resolve, reject) { var requestData = config.data; var requestHeaders = config.headers; var responseType = config.responseType; var onCanceled; function done() { if (config.cancelToken) { config.cancelToken.unsubscribe(onCanceled); } if (config.signal) { config.signal.removeEventListener('abort', onCanceled); } } if (utils.isFormData(requestData)) { delete requestHeaders['Content-Type']; // Let the browser set it } var request = new XMLHttpRequest(); // HTTP basic authentication if (config.auth) { var username = config.auth.username || ''; var password = config.auth.password ? unescape(encodeURIComponent(config.auth.password)) : ''; requestHeaders.Authorization = 'Basic ' + btoa(username + ':' + password); } var fullPath = buildFullPath(config.baseURL, config.url); request.open(config.method.toUpperCase(), buildURL(fullPath, config.params, config.paramsSerializer), true); // Set the request timeout in MS request.timeout = config.timeout; function onloadend() { if (!request) { return; } // Prepare the response var responseHeaders = 'getAllResponseHeaders' in request ? parseHeaders(request.getAllResponseHeaders()) : null; var responseData = !responseType || responseType === 'text' || responseType === 'json' ? request.responseText : request.response; var response = { data: responseData, status: request.status, statusText: request.statusText, headers: responseHeaders, config: config, request: request }; settle(function _resolve(value) { resolve(value); done(); }, function _reject(err) { reject(err); done(); }, response); // Clean up request request = null; } if ('onloadend' in request) { // Use onloadend if available request.onloadend = onloadend; } else { // Listen for ready state to emulate onloadend request.onreadystatechange = function handleLoad() { if (!request || request.readyState !== 4) { return; } // The request errored out and we didn't get a response, this will be // handled by onerror instead // With one exception: request that using file: protocol, most browsers // will return status as 0 even though it's a successful request if (request.status === 0 && !(request.responseURL && request.responseURL.indexOf('file:') === 0)) { return; } // readystate handler is calling before onerror or ontimeout handlers, // so we should call onloadend on the next 'tick' setTimeout(onloadend); }; } // Handle browser request cancellation (as opposed to a manual cancellation) request.onabort = function handleAbort() { if (!request) { return; } reject(createError('Request aborted', config, 'ECONNABORTED', request)); // Clean up request request = null; }; // Handle low level network errors request.onerror = function handleError() { // Real errors are hidden from us by the browser // onerror should only fire if it's a network error reject(createError('Network Error', config, null, request)); // Clean up request request = null; }; // Handle timeout request.ontimeout = function handleTimeout() { var timeoutErrorMessage = config.timeout ? 'timeout of ' + config.timeout + 'ms exceeded' : 'timeout exceeded'; var transitional = config.transitional || defaults.transitional; if (config.timeoutErrorMessage) { timeoutErrorMessage = config.timeoutErrorMessage; } reject(createError( timeoutErrorMessage, config, transitional.clarifyTimeoutError ? 'ETIMEDOUT' : 'ECONNABORTED', request)); // Clean up request request = null; }; // Add xsrf header // This is only done if running in a standard browser environment. // Specifically not if we're in a web worker, or react-native. if (utils.isStandardBrowserEnv()) { // Add xsrf header var xsrfValue = (config.withCredentials || isURLSameOrigin(fullPath)) && config.xsrfCookieName ? cookies.read(config.xsrfCookieName) : undefined; if (xsrfValue) { requestHeaders[config.xsrfHeaderName] = xsrfValue; } } // Add headers to the request if ('setRequestHeader' in request) { utils.forEach(requestHeaders, function setRequestHeader(val, key) { if (typeof requestData === 'undefined' && key.toLowerCase() === 'content-type') { // Remove Content-Type if data is undefined delete requestHeaders[key]; } else { // Otherwise add header to the request request.setRequestHeader(key, val); } }); } // Add withCredentials to request if needed if (!utils.isUndefined(config.withCredentials)) { request.withCredentials = !!config.withCredentials; } // Add responseType to request if needed if (responseType && responseType !== 'json') { request.responseType = config.responseType; } // Handle progress if needed if (typeof config.onDownloadProgress === 'function') { request.addEventListener('progress', config.onDownloadProgress); } // Not all browsers support upload events if (typeof config.onUploadProgress === 'function' && request.upload) { request.upload.addEventListener('progress', config.onUploadProgress); } if (config.cancelToken || config.signal) { // Handle cancellation // eslint-disable-next-line func-names onCanceled = function(cancel) { if (!request) { return; } reject(!cancel || (cancel && cancel.type) ? new Cancel('canceled') : cancel); request.abort(); request = null; }; config.cancelToken && config.cancelToken.subscribe(onCanceled); if (config.signal) { config.signal.aborted ? onCanceled() : config.signal.addEventListener('abort', onCanceled); } } if (!requestData) { requestData = null; } // Send the request request.send(requestData); }); }; /***/ }), /***/ 2618: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); var bind = __nccwpck_require__(7065); var Axios = __nccwpck_require__(8178); var mergeConfig = __nccwpck_require__(4831); var defaults = __nccwpck_require__(8190); /** * Create an instance of Axios * * @param {Object} defaultConfig The default config for the instance * @return {Axios} A new instance of Axios */ function createInstance(defaultConfig) { var context = new Axios(defaultConfig); var instance = bind(Axios.prototype.request, context); // Copy axios.prototype to instance utils.extend(instance, Axios.prototype, context); // Copy context to instance utils.extend(instance, context); // Factory for creating new instances instance.create = function create(instanceConfig) { return createInstance(mergeConfig(defaultConfig, instanceConfig)); }; return instance; } // Create the default instance to be exported var axios = createInstance(defaults); // Expose Axios class to allow class inheritance axios.Axios = Axios; // Expose Cancel & CancelToken axios.Cancel = __nccwpck_require__(8875); axios.CancelToken = __nccwpck_require__(1587); axios.isCancel = __nccwpck_require__(4057); axios.VERSION = __nccwpck_require__(4322).version; // Expose all/spread axios.all = function all(promises) { return Promise.all(promises); }; axios.spread = __nccwpck_require__(4850); // Expose isAxiosError axios.isAxiosError = __nccwpck_require__(650); module.exports = axios; // Allow use of default import syntax in TypeScript module.exports.default = axios; /***/ }), /***/ 8875: /***/ ((module) => { "use strict"; /** * A `Cancel` is an object that is thrown when an operation is canceled. * * @class * @param {string=} message The message. */ function Cancel(message) { this.message = message; } Cancel.prototype.toString = function toString() { return 'Cancel' + (this.message ? ': ' + this.message : ''); }; Cancel.prototype.__CANCEL__ = true; module.exports = Cancel; /***/ }), /***/ 1587: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var Cancel = __nccwpck_require__(8875); /** * A `CancelToken` is an object that can be used to request cancellation of an operation. * * @class * @param {Function} executor The executor function. */ function CancelToken(executor) { if (typeof executor !== 'function') { throw new TypeError('executor must be a function.'); } var resolvePromise; this.promise = new Promise(function promiseExecutor(resolve) { resolvePromise = resolve; }); var token = this; // eslint-disable-next-line func-names this.promise.then(function(cancel) { if (!token._listeners) return; var i; var l = token._listeners.length; for (i = 0; i < l; i++) { token._listeners[i](cancel); } token._listeners = null; }); // eslint-disable-next-line func-names this.promise.then = function(onfulfilled) { var _resolve; // eslint-disable-next-line func-names var promise = new Promise(function(resolve) { token.subscribe(resolve); _resolve = resolve; }).then(onfulfilled); promise.cancel = function reject() { token.unsubscribe(_resolve); }; return promise; }; executor(function cancel(message) { if (token.reason) { // Cancellation has already been requested return; } token.reason = new Cancel(message); resolvePromise(token.reason); }); } /** * Throws a `Cancel` if cancellation has been requested. */ CancelToken.prototype.throwIfRequested = function throwIfRequested() { if (this.reason) { throw this.reason; } }; /** * Subscribe to the cancel signal */ CancelToken.prototype.subscribe = function subscribe(listener) { if (this.reason) { listener(this.reason); return; } if (this._listeners) { this._listeners.push(listener); } else { this._listeners = [listener]; } }; /** * Unsubscribe from the cancel signal */ CancelToken.prototype.unsubscribe = function unsubscribe(listener) { if (!this._listeners) { return; } var index = this._listeners.indexOf(listener); if (index !== -1) { this._listeners.splice(index, 1); } }; /** * Returns an object that contains a new `CancelToken` and a function that, when called, * cancels the `CancelToken`. */ CancelToken.source = function source() { var cancel; var token = new CancelToken(function executor(c) { cancel = c; }); return { token: token, cancel: cancel }; }; module.exports = CancelToken; /***/ }), /***/ 4057: /***/ ((module) => { "use strict"; module.exports = function isCancel(value) { return !!(value && value.__CANCEL__); }; /***/ }), /***/ 8178: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); var buildURL = __nccwpck_require__(646); var InterceptorManager = __nccwpck_require__(3214); var dispatchRequest = __nccwpck_require__(5062); var mergeConfig = __nccwpck_require__(4831); var validator = __nccwpck_require__(1632); var validators = validator.validators; /** * Create a new instance of Axios * * @param {Object} instanceConfig The default config for the instance */ function Axios(instanceConfig) { this.defaults = instanceConfig; this.interceptors = { request: new InterceptorManager(), response: new InterceptorManager() }; } /** * Dispatch a request * * @param {Object} config The config specific for this request (merged with this.defaults) */ Axios.prototype.request = function request(config) { /*eslint no-param-reassign:0*/ // Allow for axios('example/url'[, config]) a la fetch API if (typeof config === 'string') { config = arguments[1] || {}; config.url = arguments[0]; } else { config = config || {}; } config = mergeConfig(this.defaults, config); // Set config.method if (config.method) { config.method = config.method.toLowerCase(); } else if (this.defaults.method) { config.method = this.defaults.method.toLowerCase(); } else { config.method = 'get'; } var transitional = config.transitional; if (transitional !== undefined) { validator.assertOptions(transitional, { silentJSONParsing: validators.transitional(validators.boolean), forcedJSONParsing: validators.transitional(validators.boolean), clarifyTimeoutError: validators.transitional(validators.boolean) }, false); } // filter out skipped interceptors var requestInterceptorChain = []; var synchronousRequestInterceptors = true; this.interceptors.request.forEach(function unshiftRequestInterceptors(interceptor) { if (typeof interceptor.runWhen === 'function' && interceptor.runWhen(config) === false) { return; } synchronousRequestInterceptors = synchronousRequestInterceptors && interceptor.synchronous; requestInterceptorChain.unshift(interceptor.fulfilled, interceptor.rejected); }); var responseInterceptorChain = []; this.interceptors.response.forEach(function pushResponseInterceptors(interceptor) { responseInterceptorChain.push(interceptor.fulfilled, interceptor.rejected); }); var promise; if (!synchronousRequestInterceptors) { var chain = [dispatchRequest, undefined]; Array.prototype.unshift.apply(chain, requestInterceptorChain); chain = chain.concat(responseInterceptorChain); promise = Promise.resolve(config); while (chain.length) { promise = promise.then(chain.shift(), chain.shift()); } return promise; } var newConfig = config; while (requestInterceptorChain.length) { var onFulfilled = requestInterceptorChain.shift(); var onRejected = requestInterceptorChain.shift(); try { newConfig = onFulfilled(newConfig); } catch (error) { onRejected(error); break; } } try { promise = dispatchRequest(newConfig); } catch (error) { return Promise.reject(error); } while (responseInterceptorChain.length) { promise = promise.then(responseInterceptorChain.shift(), responseInterceptorChain.shift()); } return promise; }; Axios.prototype.getUri = function getUri(config) { config = mergeConfig(this.defaults, config); return buildURL(config.url, config.params, config.paramsSerializer).replace(/^\?/, ''); }; // Provide aliases for supported request methods utils.forEach(['delete', 'get', 'head', 'options'], function forEachMethodNoData(method) { /*eslint func-names:0*/ Axios.prototype[method] = function(url, config) { return this.request(mergeConfig(config || {}, { method: method, url: url, data: (config || {}).data })); }; }); utils.forEach(['post', 'put', 'patch'], function forEachMethodWithData(method) { /*eslint func-names:0*/ Axios.prototype[method] = function(url, data, config) { return this.request(mergeConfig(config || {}, { method: method, url: url, data: data })); }; }); module.exports = Axios; /***/ }), /***/ 3214: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); function InterceptorManager() { this.handlers = []; } /** * Add a new interceptor to the stack * * @param {Function} fulfilled The function to handle `then` for a `Promise` * @param {Function} rejected The function to handle `reject` for a `Promise` * * @return {Number} An ID used to remove interceptor later */ InterceptorManager.prototype.use = function use(fulfilled, rejected, options) { this.handlers.push({ fulfilled: fulfilled, rejected: rejected, synchronous: options ? options.synchronous : false, runWhen: options ? options.runWhen : null }); return this.handlers.length - 1; }; /** * Remove an interceptor from the stack * * @param {Number} id The ID that was returned by `use` */ InterceptorManager.prototype.eject = function eject(id) { if (this.handlers[id]) { this.handlers[id] = null; } }; /** * Iterate over all the registered interceptors * * This method is particularly useful for skipping over any * interceptors that may have become `null` calling `eject`. * * @param {Function} fn The function to call for each interceptor */ InterceptorManager.prototype.forEach = function forEach(fn) { utils.forEach(this.handlers, function forEachHandler(h) { if (h !== null) { fn(h); } }); }; module.exports = InterceptorManager; /***/ }), /***/ 1934: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var isAbsoluteURL = __nccwpck_require__(1301); var combineURLs = __nccwpck_require__(7189); /** * Creates a new URL by combining the baseURL with the requestedURL, * only when the requestedURL is not already an absolute URL. * If the requestURL is absolute, this function returns the requestedURL untouched. * * @param {string} baseURL The base URL * @param {string} requestedURL Absolute or relative URL to combine * @returns {string} The combined full path */ module.exports = function buildFullPath(baseURL, requestedURL) { if (baseURL && !isAbsoluteURL(requestedURL)) { return combineURLs(baseURL, requestedURL); } return requestedURL; }; /***/ }), /***/ 5226: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var enhanceError = __nccwpck_require__(1516); /** * Create an Error with the specified message, config, error code, request and response. * * @param {string} message The error message. * @param {Object} config The config. * @param {string} [code] The error code (for example, 'ECONNABORTED'). * @param {Object} [request] The request. * @param {Object} [response] The response. * @returns {Error} The created error. */ module.exports = function createError(message, config, code, request, response) { var error = new Error(message); return enhanceError(error, config, code, request, response); }; /***/ }), /***/ 5062: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); var transformData = __nccwpck_require__(9812); var isCancel = __nccwpck_require__(4057); var defaults = __nccwpck_require__(8190); var Cancel = __nccwpck_require__(8875); /** * Throws a `Cancel` if cancellation has been requested. */ function throwIfCancellationRequested(config) { if (config.cancelToken) { config.cancelToken.throwIfRequested(); } if (config.signal && config.signal.aborted) { throw new Cancel('canceled'); } } /** * Dispatch a request to the server using the configured adapter. * * @param {object} config The config that is to be used for the request * @returns {Promise} The Promise to be fulfilled */ module.exports = function dispatchRequest(config) { throwIfCancellationRequested(config); // Ensure headers exist config.headers = config.headers || {}; // Transform request data config.data = transformData.call( config, config.data, config.headers, config.transformRequest ); // Flatten headers config.headers = utils.merge( config.headers.common || {}, config.headers[config.method] || {}, config.headers ); utils.forEach( ['delete', 'get', 'head', 'post', 'put', 'patch', 'common'], function cleanHeaderConfig(method) { delete config.headers[method]; } ); var adapter = config.adapter || defaults.adapter; return adapter(config).then(function onAdapterResolution(response) { throwIfCancellationRequested(config); // Transform response data response.data = transformData.call( config, response.data, response.headers, config.transformResponse ); return response; }, function onAdapterRejection(reason) { if (!isCancel(reason)) { throwIfCancellationRequested(config); // Transform response data if (reason && reason.response) { reason.response.data = transformData.call( config, reason.response.data, reason.response.headers, config.transformResponse ); } } return Promise.reject(reason); }); }; /***/ }), /***/ 1516: /***/ ((module) => { "use strict"; /** * Update an Error with the specified config, error code, and response. * * @param {Error} error The error to update. * @param {Object} config The config. * @param {string} [code] The error code (for example, 'ECONNABORTED'). * @param {Object} [request] The request. * @param {Object} [response] The response. * @returns {Error} The error. */ module.exports = function enhanceError(error, config, code, request, response) { error.config = config; if (code) { error.code = code; } error.request = request; error.response = response; error.isAxiosError = true; error.toJSON = function toJSON() { return { // Standard message: this.message, name: this.name, // Microsoft description: this.description, number: this.number, // Mozilla fileName: this.fileName, lineNumber: this.lineNumber, columnNumber: this.columnNumber, stack: this.stack, // Axios config: this.config, code: this.code, status: this.response && this.response.status ? this.response.status : null }; }; return error; }; /***/ }), /***/ 4831: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); /** * Config-specific merge-function which creates a new config-object * by merging two configuration objects together. * * @param {Object} config1 * @param {Object} config2 * @returns {Object} New object resulting from merging config2 to config1 */ module.exports = function mergeConfig(config1, config2) { // eslint-disable-next-line no-param-reassign config2 = config2 || {}; var config = {}; function getMergedValue(target, source) { if (utils.isPlainObject(target) && utils.isPlainObject(source)) { return utils.merge(target, source); } else if (utils.isPlainObject(source)) { return utils.merge({}, source); } else if (utils.isArray(source)) { return source.slice(); } return source; } // eslint-disable-next-line consistent-return function mergeDeepProperties(prop) { if (!utils.isUndefined(config2[prop])) { return getMergedValue(config1[prop], config2[prop]); } else if (!utils.isUndefined(config1[prop])) { return getMergedValue(undefined, config1[prop]); } } // eslint-disable-next-line consistent-return function valueFromConfig2(prop) { if (!utils.isUndefined(config2[prop])) { return getMergedValue(undefined, config2[prop]); } } // eslint-disable-next-line consistent-return function defaultToConfig2(prop) { if (!utils.isUndefined(config2[prop])) { return getMergedValue(undefined, config2[prop]); } else if (!utils.isUndefined(config1[prop])) { return getMergedValue(undefined, config1[prop]); } } // eslint-disable-next-line consistent-return function mergeDirectKeys(prop) { if (prop in config2) { return getMergedValue(config1[prop], config2[prop]); } else if (prop in config1) { return getMergedValue(undefined, config1[prop]); } } var mergeMap = { 'url': valueFromConfig2, 'method': valueFromConfig2, 'data': valueFromConfig2, 'baseURL': defaultToConfig2, 'transformRequest': defaultToConfig2, 'transformResponse': defaultToConfig2, 'paramsSerializer': defaultToConfig2, 'timeout': defaultToConfig2, 'timeoutMessage': defaultToConfig2, 'withCredentials': defaultToConfig2, 'adapter': defaultToConfig2, 'responseType': defaultToConfig2, 'xsrfCookieName': defaultToConfig2, 'xsrfHeaderName': defaultToConfig2, 'onUploadProgress': defaultToConfig2, 'onDownloadProgress': defaultToConfig2, 'decompress': defaultToConfig2, 'maxContentLength': defaultToConfig2, 'maxBodyLength': defaultToConfig2, 'transport': defaultToConfig2, 'httpAgent': defaultToConfig2, 'httpsAgent': defaultToConfig2, 'cancelToken': defaultToConfig2, 'socketPath': defaultToConfig2, 'responseEncoding': defaultToConfig2, 'validateStatus': mergeDirectKeys }; utils.forEach(Object.keys(config1).concat(Object.keys(config2)), function computeConfigValue(prop) { var merge = mergeMap[prop] || mergeDeepProperties; var configValue = merge(prop); (utils.isUndefined(configValue) && merge !== mergeDirectKeys) || (config[prop] = configValue); }); return config; }; /***/ }), /***/ 3211: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var createError = __nccwpck_require__(5226); /** * Resolve or reject a Promise based on response status. * * @param {Function} resolve A function that resolves the promise. * @param {Function} reject A function that rejects the promise. * @param {object} response The response. */ module.exports = function settle(resolve, reject, response) { var validateStatus = response.config.validateStatus; if (!response.status || !validateStatus || validateStatus(response.status)) { resolve(response); } else { reject(createError( 'Request failed with status code ' + response.status, response.config, null, response.request, response )); } }; /***/ }), /***/ 9812: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); var defaults = __nccwpck_require__(8190); /** * Transform the data for a request or a response * * @param {Object|String} data The data to be transformed * @param {Array} headers The headers for the request or response * @param {Array|Function} fns A single function or Array of functions * @returns {*} The resulting transformed data */ module.exports = function transformData(data, headers, fns) { var context = this || defaults; /*eslint no-param-reassign:0*/ utils.forEach(fns, function transform(fn) { data = fn.call(context, data, headers); }); return data; }; /***/ }), /***/ 8190: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); var normalizeHeaderName = __nccwpck_require__(6240); var enhanceError = __nccwpck_require__(1516); var DEFAULT_CONTENT_TYPE = { 'Content-Type': 'application/x-www-form-urlencoded' }; function setContentTypeIfUnset(headers, value) { if (!utils.isUndefined(headers) && utils.isUndefined(headers['Content-Type'])) { headers['Content-Type'] = value; } } function getDefaultAdapter() { var adapter; if (typeof XMLHttpRequest !== 'undefined') { // For browsers use XHR adapter adapter = __nccwpck_require__(3454); } else if (typeof process !== 'undefined' && Object.prototype.toString.call(process) === '[object process]') { // For node use HTTP adapter adapter = __nccwpck_require__(8104); } return adapter; } function stringifySafely(rawValue, parser, encoder) { if (utils.isString(rawValue)) { try { (parser || JSON.parse)(rawValue); return utils.trim(rawValue); } catch (e) { if (e.name !== 'SyntaxError') { throw e; } } } return (encoder || JSON.stringify)(rawValue); } var defaults = { transitional: { silentJSONParsing: true, forcedJSONParsing: true, clarifyTimeoutError: false }, adapter: getDefaultAdapter(), transformRequest: [function transformRequest(data, headers) { normalizeHeaderName(headers, 'Accept'); normalizeHeaderName(headers, 'Content-Type'); if (utils.isFormData(data) || utils.isArrayBuffer(data) || utils.isBuffer(data) || utils.isStream(data) || utils.isFile(data) || utils.isBlob(data) ) { return data; } if (utils.isArrayBufferView(data)) { return data.buffer; } if (utils.isURLSearchParams(data)) { setContentTypeIfUnset(headers, 'application/x-www-form-urlencoded;charset=utf-8'); return data.toString(); } if (utils.isObject(data) || (headers && headers['Content-Type'] === 'application/json')) { setContentTypeIfUnset(headers, 'application/json'); return stringifySafely(data); } return data; }], transformResponse: [function transformResponse(data) { var transitional = this.transitional || defaults.transitional; var silentJSONParsing = transitional && transitional.silentJSONParsing; var forcedJSONParsing = transitional && transitional.forcedJSONParsing; var strictJSONParsing = !silentJSONParsing && this.responseType === 'json'; if (strictJSONParsing || (forcedJSONParsing && utils.isString(data) && data.length)) { try { return JSON.parse(data); } catch (e) { if (strictJSONParsing) { if (e.name === 'SyntaxError') { throw enhanceError(e, this, 'E_JSON_PARSE'); } throw e; } } } return data; }], /** * A timeout in milliseconds to abort a request. If set to 0 (default) a * timeout is not created. */ timeout: 0, xsrfCookieName: 'XSRF-TOKEN', xsrfHeaderName: 'X-XSRF-TOKEN', maxContentLength: -1, maxBodyLength: -1, validateStatus: function validateStatus(status) { return status >= 200 && status < 300; }, headers: { common: { 'Accept': 'application/json, text/plain, */*' } } }; utils.forEach(['delete', 'get', 'head'], function forEachMethodNoData(method) { defaults.headers[method] = {}; }); utils.forEach(['post', 'put', 'patch'], function forEachMethodWithData(method) { defaults.headers[method] = utils.merge(DEFAULT_CONTENT_TYPE); }); module.exports = defaults; /***/ }), /***/ 4322: /***/ ((module) => { module.exports = { "version": "0.23.0" }; /***/ }), /***/ 7065: /***/ ((module) => { "use strict"; module.exports = function bind(fn, thisArg) { return function wrap() { var args = new Array(arguments.length); for (var i = 0; i < args.length; i++) { args[i] = arguments[i]; } return fn.apply(thisArg, args); }; }; /***/ }), /***/ 646: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); function encode(val) { return encodeURIComponent(val). replace(/%3A/gi, ':'). replace(/%24/g, '$'). replace(/%2C/gi, ','). replace(/%20/g, '+'). replace(/%5B/gi, '['). replace(/%5D/gi, ']'); } /** * Build a URL by appending params to the end * * @param {string} url The base of the url (e.g., http://www.google.com) * @param {object} [params] The params to be appended * @returns {string} The formatted url */ module.exports = function buildURL(url, params, paramsSerializer) { /*eslint no-param-reassign:0*/ if (!params) { return url; } var serializedParams; if (paramsSerializer) { serializedParams = paramsSerializer(params); } else if (utils.isURLSearchParams(params)) { serializedParams = params.toString(); } else { var parts = []; utils.forEach(params, function serialize(val, key) { if (val === null || typeof val === 'undefined') { return; } if (utils.isArray(val)) { key = key + '[]'; } else { val = [val]; } utils.forEach(val, function parseValue(v) { if (utils.isDate(v)) { v = v.toISOString(); } else if (utils.isObject(v)) { v = JSON.stringify(v); } parts.push(encode(key) + '=' + encode(v)); }); }); serializedParams = parts.join('&'); } if (serializedParams) { var hashmarkIndex = url.indexOf('#'); if (hashmarkIndex !== -1) { url = url.slice(0, hashmarkIndex); } url += (url.indexOf('?') === -1 ? '?' : '&') + serializedParams; } return url; }; /***/ }), /***/ 7189: /***/ ((module) => { "use strict"; /** * Creates a new URL by combining the specified URLs * * @param {string} baseURL The base URL * @param {string} relativeURL The relative URL * @returns {string} The combined URL */ module.exports = function combineURLs(baseURL, relativeURL) { return relativeURL ? baseURL.replace(/\/+$/, '') + '/' + relativeURL.replace(/^\/+/, '') : baseURL; }; /***/ }), /***/ 1545: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); module.exports = ( utils.isStandardBrowserEnv() ? // Standard browser envs support document.cookie (function standardBrowserEnv() { return { write: function write(name, value, expires, path, domain, secure) { var cookie = []; cookie.push(name + '=' + encodeURIComponent(value)); if (utils.isNumber(expires)) { cookie.push('expires=' + new Date(expires).toGMTString()); } if (utils.isString(path)) { cookie.push('path=' + path); } if (utils.isString(domain)) { cookie.push('domain=' + domain); } if (secure === true) { cookie.push('secure'); } document.cookie = cookie.join('; '); }, read: function read(name) { var match = document.cookie.match(new RegExp('(^|;\\s*)(' + name + ')=([^;]*)')); return (match ? decodeURIComponent(match[3]) : null); }, remove: function remove(name) { this.write(name, '', Date.now() - 86400000); } }; })() : // Non standard browser env (web workers, react-native) lack needed support. (function nonStandardBrowserEnv() { return { write: function write() {}, read: function read() { return null; }, remove: function remove() {} }; })() ); /***/ }), /***/ 1301: /***/ ((module) => { "use strict"; /** * Determines whether the specified URL is absolute * * @param {string} url The URL to test * @returns {boolean} True if the specified URL is absolute, otherwise false */ module.exports = function isAbsoluteURL(url) { // A URL is considered absolute if it begins with "://" or "//" (protocol-relative URL). // RFC 3986 defines scheme name as a sequence of characters beginning with a letter and followed // by any combination of letters, digits, plus, period, or hyphen. return /^([a-z][a-z\d\+\-\.]*:)?\/\//i.test(url); }; /***/ }), /***/ 650: /***/ ((module) => { "use strict"; /** * Determines whether the payload is an error thrown by Axios * * @param {*} payload The value to test * @returns {boolean} True if the payload is an error thrown by Axios, otherwise false */ module.exports = function isAxiosError(payload) { return (typeof payload === 'object') && (payload.isAxiosError === true); }; /***/ }), /***/ 3608: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); module.exports = ( utils.isStandardBrowserEnv() ? // Standard browser envs have full support of the APIs needed to test // whether the request URL is of the same origin as current location. (function standardBrowserEnv() { var msie = /(msie|trident)/i.test(navigator.userAgent); var urlParsingNode = document.createElement('a'); var originURL; /** * Parse a URL to discover it's components * * @param {String} url The URL to be parsed * @returns {Object} */ function resolveURL(url) { var href = url; if (msie) { // IE needs attribute set twice to normalize properties urlParsingNode.setAttribute('href', href); href = urlParsingNode.href; } urlParsingNode.setAttribute('href', href); // urlParsingNode provides the UrlUtils interface - http://url.spec.whatwg.org/#urlutils return { href: urlParsingNode.href, protocol: urlParsingNode.protocol ? urlParsingNode.protocol.replace(/:$/, '') : '', host: urlParsingNode.host, search: urlParsingNode.search ? urlParsingNode.search.replace(/^\?/, '') : '', hash: urlParsingNode.hash ? urlParsingNode.hash.replace(/^#/, '') : '', hostname: urlParsingNode.hostname, port: urlParsingNode.port, pathname: (urlParsingNode.pathname.charAt(0) === '/') ? urlParsingNode.pathname : '/' + urlParsingNode.pathname }; } originURL = resolveURL(window.location.href); /** * Determine if a URL shares the same origin as the current location * * @param {String} requestURL The URL to test * @returns {boolean} True if URL shares the same origin, otherwise false */ return function isURLSameOrigin(requestURL) { var parsed = (utils.isString(requestURL)) ? resolveURL(requestURL) : requestURL; return (parsed.protocol === originURL.protocol && parsed.host === originURL.host); }; })() : // Non standard browser envs (web workers, react-native) lack needed support. (function nonStandardBrowserEnv() { return function isURLSameOrigin() { return true; }; })() ); /***/ }), /***/ 6240: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); module.exports = function normalizeHeaderName(headers, normalizedName) { utils.forEach(headers, function processHeader(value, name) { if (name !== normalizedName && name.toUpperCase() === normalizedName.toUpperCase()) { headers[normalizedName] = value; delete headers[name]; } }); }; /***/ }), /***/ 6455: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var utils = __nccwpck_require__(328); // Headers whose duplicates are ignored by node // c.f. https://nodejs.org/api/http.html#http_message_headers var ignoreDuplicateOf = [ 'age', 'authorization', 'content-length', 'content-type', 'etag', 'expires', 'from', 'host', 'if-modified-since', 'if-unmodified-since', 'last-modified', 'location', 'max-forwards', 'proxy-authorization', 'referer', 'retry-after', 'user-agent' ]; /** * Parse headers into an object * * ``` * Date: Wed, 27 Aug 2014 08:58:49 GMT * Content-Type: application/json * Connection: keep-alive * Transfer-Encoding: chunked * ``` * * @param {String} headers Headers needing to be parsed * @returns {Object} Headers parsed into an object */ module.exports = function parseHeaders(headers) { var parsed = {}; var key; var val; var i; if (!headers) { return parsed; } utils.forEach(headers.split('\n'), function parser(line) { i = line.indexOf(':'); key = utils.trim(line.substr(0, i)).toLowerCase(); val = utils.trim(line.substr(i + 1)); if (key) { if (parsed[key] && ignoreDuplicateOf.indexOf(key) >= 0) { return; } if (key === 'set-cookie') { parsed[key] = (parsed[key] ? parsed[key] : []).concat([val]); } else { parsed[key] = parsed[key] ? parsed[key] + ', ' + val : val; } } }); return parsed; }; /***/ }), /***/ 4850: /***/ ((module) => { "use strict"; /** * Syntactic sugar for invoking a function and expanding an array for arguments. * * Common use case would be to use `Function.prototype.apply`. * * ```js * function f(x, y, z) {} * var args = [1, 2, 3]; * f.apply(null, args); * ``` * * With `spread` this example can be re-written. * * ```js * spread(function(x, y, z) {})([1, 2, 3]); * ``` * * @param {Function} callback * @returns {Function} */ module.exports = function spread(callback) { return function wrap(arr) { return callback.apply(null, arr); }; }; /***/ }), /***/ 1632: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var VERSION = __nccwpck_require__(4322).version; var validators = {}; // eslint-disable-next-line func-names ['object', 'boolean', 'number', 'function', 'string', 'symbol'].forEach(function(type, i) { validators[type] = function validator(thing) { return typeof thing === type || 'a' + (i < 1 ? 'n ' : ' ') + type; }; }); var deprecatedWarnings = {}; /** * Transitional option validator * @param {function|boolean?} validator - set to false if the transitional option has been removed * @param {string?} version - deprecated version / removed since version * @param {string?} message - some message with additional info * @returns {function} */ validators.transitional = function transitional(validator, version, message) { function formatMessage(opt, desc) { return '[Axios v' + VERSION + '] Transitional option \'' + opt + '\'' + desc + (message ? '. ' + message : ''); } // eslint-disable-next-line func-names return function(value, opt, opts) { if (validator === false) { throw new Error(formatMessage(opt, ' has been removed' + (version ? ' in ' + version : ''))); } if (version && !deprecatedWarnings[opt]) { deprecatedWarnings[opt] = true; // eslint-disable-next-line no-console console.warn( formatMessage( opt, ' has been deprecated since v' + version + ' and will be removed in the near future' ) ); } return validator ? validator(value, opt, opts) : true; }; }; /** * Assert object's properties type * @param {object} options * @param {object} schema * @param {boolean?} allowUnknown */ function assertOptions(options, schema, allowUnknown) { if (typeof options !== 'object') { throw new TypeError('options must be an object'); } var keys = Object.keys(options); var i = keys.length; while (i-- > 0) { var opt = keys[i]; var validator = schema[opt]; if (validator) { var value = options[opt]; var result = value === undefined || validator(value, opt, options); if (result !== true) { throw new TypeError('option ' + opt + ' must be ' + result); } continue; } if (allowUnknown !== true) { throw Error('Unknown option ' + opt); } } } module.exports = { assertOptions: assertOptions, validators: validators }; /***/ }), /***/ 328: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var bind = __nccwpck_require__(7065); // utils is a library of generic helper functions non-specific to axios var toString = Object.prototype.toString; /** * Determine if a value is an Array * * @param {Object} val The value to test * @returns {boolean} True if value is an Array, otherwise false */ function isArray(val) { return toString.call(val) === '[object Array]'; } /** * Determine if a value is undefined * * @param {Object} val The value to test * @returns {boolean} True if the value is undefined, otherwise false */ function isUndefined(val) { return typeof val === 'undefined'; } /** * Determine if a value is a Buffer * * @param {Object} val The value to test * @returns {boolean} True if value is a Buffer, otherwise false */ function isBuffer(val) { return val !== null && !isUndefined(val) && val.constructor !== null && !isUndefined(val.constructor) && typeof val.constructor.isBuffer === 'function' && val.constructor.isBuffer(val); } /** * Determine if a value is an ArrayBuffer * * @param {Object} val The value to test * @returns {boolean} True if value is an ArrayBuffer, otherwise false */ function isArrayBuffer(val) { return toString.call(val) === '[object ArrayBuffer]'; } /** * Determine if a value is a FormData * * @param {Object} val The value to test * @returns {boolean} True if value is an FormData, otherwise false */ function isFormData(val) { return (typeof FormData !== 'undefined') && (val instanceof FormData); } /** * Determine if a value is a view on an ArrayBuffer * * @param {Object} val The value to test * @returns {boolean} True if value is a view on an ArrayBuffer, otherwise false */ function isArrayBufferView(val) { var result; if ((typeof ArrayBuffer !== 'undefined') && (ArrayBuffer.isView)) { result = ArrayBuffer.isView(val); } else { result = (val) && (val.buffer) && (val.buffer instanceof ArrayBuffer); } return result; } /** * Determine if a value is a String * * @param {Object} val The value to test * @returns {boolean} True if value is a String, otherwise false */ function isString(val) { return typeof val === 'string'; } /** * Determine if a value is a Number * * @param {Object} val The value to test * @returns {boolean} True if value is a Number, otherwise false */ function isNumber(val) { return typeof val === 'number'; } /** * Determine if a value is an Object * * @param {Object} val The value to test * @returns {boolean} True if value is an Object, otherwise false */ function isObject(val) { return val !== null && typeof val === 'object'; } /** * Determine if a value is a plain Object * * @param {Object} val The value to test * @return {boolean} True if value is a plain Object, otherwise false */ function isPlainObject(val) { if (toString.call(val) !== '[object Object]') { return false; } var prototype = Object.getPrototypeOf(val); return prototype === null || prototype === Object.prototype; } /** * Determine if a value is a Date * * @param {Object} val The value to test * @returns {boolean} True if value is a Date, otherwise false */ function isDate(val) { return toString.call(val) === '[object Date]'; } /** * Determine if a value is a File * * @param {Object} val The value to test * @returns {boolean} True if value is a File, otherwise false */ function isFile(val) { return toString.call(val) === '[object File]'; } /** * Determine if a value is a Blob * * @param {Object} val The value to test * @returns {boolean} True if value is a Blob, otherwise false */ function isBlob(val) { return toString.call(val) === '[object Blob]'; } /** * Determine if a value is a Function * * @param {Object} val The value to test * @returns {boolean} True if value is a Function, otherwise false */ function isFunction(val) { return toString.call(val) === '[object Function]'; } /** * Determine if a value is a Stream * * @param {Object} val The value to test * @returns {boolean} True if value is a Stream, otherwise false */ function isStream(val) { return isObject(val) && isFunction(val.pipe); } /** * Determine if a value is a URLSearchParams object * * @param {Object} val The value to test * @returns {boolean} True if value is a URLSearchParams object, otherwise false */ function isURLSearchParams(val) { return typeof URLSearchParams !== 'undefined' && val instanceof URLSearchParams; } /** * Trim excess whitespace off the beginning and end of a string * * @param {String} str The String to trim * @returns {String} The String freed of excess whitespace */ function trim(str) { return str.trim ? str.trim() : str.replace(/^\s+|\s+$/g, ''); } /** * Determine if we're running in a standard browser environment * * This allows axios to run in a web worker, and react-native. * Both environments support XMLHttpRequest, but not fully standard globals. * * web workers: * typeof window -> undefined * typeof document -> undefined * * react-native: * navigator.product -> 'ReactNative' * nativescript * navigator.product -> 'NativeScript' or 'NS' */ function isStandardBrowserEnv() { if (typeof navigator !== 'undefined' && (navigator.product === 'ReactNative' || navigator.product === 'NativeScript' || navigator.product === 'NS')) { return false; } return ( typeof window !== 'undefined' && typeof document !== 'undefined' ); } /** * Iterate over an Array or an Object invoking a function for each item. * * If `obj` is an Array callback will be called passing * the value, index, and complete array for each item. * * If 'obj' is an Object callback will be called passing * the value, key, and complete object for each property. * * @param {Object|Array} obj The object to iterate * @param {Function} fn The callback to invoke for each item */ function forEach(obj, fn) { // Don't bother if no value provided if (obj === null || typeof obj === 'undefined') { return; } // Force an array if not already something iterable if (typeof obj !== 'object') { /*eslint no-param-reassign:0*/ obj = [obj]; } if (isArray(obj)) { // Iterate over array values for (var i = 0, l = obj.length; i < l; i++) { fn.call(null, obj[i], i, obj); } } else { // Iterate over object keys for (var key in obj) { if (Object.prototype.hasOwnProperty.call(obj, key)) { fn.call(null, obj[key], key, obj); } } } } /** * Accepts varargs expecting each argument to be an object, then * immutably merges the properties of each object and returns result. * * When multiple objects contain the same key the later object in * the arguments list will take precedence. * * Example: * * ```js * var result = merge({foo: 123}, {foo: 456}); * console.log(result.foo); // outputs 456 * ``` * * @param {Object} obj1 Object to merge * @returns {Object} Result of all merge properties */ function merge(/* obj1, obj2, obj3, ... */) { var result = {}; function assignValue(val, key) { if (isPlainObject(result[key]) && isPlainObject(val)) { result[key] = merge(result[key], val); } else if (isPlainObject(val)) { result[key] = merge({}, val); } else if (isArray(val)) { result[key] = val.slice(); } else { result[key] = val; } } for (var i = 0, l = arguments.length; i < l; i++) { forEach(arguments[i], assignValue); } return result; } /** * Extends object a by mutably adding to it the properties of object b. * * @param {Object} a The object to be extended * @param {Object} b The object to copy properties from * @param {Object} thisArg The object to bind function to * @return {Object} The resulting value of object a */ function extend(a, b, thisArg) { forEach(b, function assignValue(val, key) { if (thisArg && typeof val === 'function') { a[key] = bind(val, thisArg); } else { a[key] = val; } }); return a; } /** * Remove byte order marker. This catches EF BB BF (the UTF-8 BOM) * * @param {string} content with BOM * @return {string} content value without BOM */ function stripBOM(content) { if (content.charCodeAt(0) === 0xFEFF) { content = content.slice(1); } return content; } module.exports = { isArray: isArray, isArrayBuffer: isArrayBuffer, isBuffer: isBuffer, isFormData: isFormData, isArrayBufferView: isArrayBufferView, isString: isString, isNumber: isNumber, isObject: isObject, isPlainObject: isPlainObject, isUndefined: isUndefined, isDate: isDate, isFile: isFile, isBlob: isBlob, isFunction: isFunction, isStream: isStream, isURLSearchParams: isURLSearchParams, isStandardBrowserEnv: isStandardBrowserEnv, forEach: forEach, merge: merge, extend: extend, trim: trim, stripBOM: stripBOM }; /***/ }), /***/ 5447: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var crypto_hash_sha512 = __nccwpck_require__(8729).lowlevel.crypto_hash; /* * This file is a 1:1 port from the OpenBSD blowfish.c and bcrypt_pbkdf.c. As a * result, it retains the original copyright and license. The two files are * under slightly different (but compatible) licenses, and are here combined in * one file. * * Credit for the actual porting work goes to: * Devi Mandiri */ /* * The Blowfish portions are under the following license: * * Blowfish block cipher for OpenBSD * Copyright 1997 Niels Provos * All rights reserved. * * Implementation advice by David Mazieres . * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* * The bcrypt_pbkdf portions are under the following license: * * Copyright (c) 2013 Ted Unangst * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ /* * Performance improvements (Javascript-specific): * * Copyright 2016, Joyent Inc * Author: Alex Wilson * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ // Ported from OpenBSD bcrypt_pbkdf.c v1.9 var BLF_J = 0; var Blowfish = function() { this.S = [ new Uint32Array([ 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a]), new Uint32Array([ 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7]), new Uint32Array([ 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0]), new Uint32Array([ 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6]) ]; this.P = new Uint32Array([ 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b]); }; function F(S, x8, i) { return (((S[0][x8[i+3]] + S[1][x8[i+2]]) ^ S[2][x8[i+1]]) + S[3][x8[i]]); }; Blowfish.prototype.encipher = function(x, x8) { if (x8 === undefined) { x8 = new Uint8Array(x.buffer); if (x.byteOffset !== 0) x8 = x8.subarray(x.byteOffset); } x[0] ^= this.P[0]; for (var i = 1; i < 16; i += 2) { x[1] ^= F(this.S, x8, 0) ^ this.P[i]; x[0] ^= F(this.S, x8, 4) ^ this.P[i+1]; } var t = x[0]; x[0] = x[1] ^ this.P[17]; x[1] = t; }; Blowfish.prototype.decipher = function(x) { var x8 = new Uint8Array(x.buffer); if (x.byteOffset !== 0) x8 = x8.subarray(x.byteOffset); x[0] ^= this.P[17]; for (var i = 16; i > 0; i -= 2) { x[1] ^= F(this.S, x8, 0) ^ this.P[i]; x[0] ^= F(this.S, x8, 4) ^ this.P[i-1]; } var t = x[0]; x[0] = x[1] ^ this.P[0]; x[1] = t; }; function stream2word(data, databytes){ var i, temp = 0; for (i = 0; i < 4; i++, BLF_J++) { if (BLF_J >= databytes) BLF_J = 0; temp = (temp << 8) | data[BLF_J]; } return temp; }; Blowfish.prototype.expand0state = function(key, keybytes) { var d = new Uint32Array(2), i, k; var d8 = new Uint8Array(d.buffer); for (i = 0, BLF_J = 0; i < 18; i++) { this.P[i] ^= stream2word(key, keybytes); } BLF_J = 0; for (i = 0; i < 18; i += 2) { this.encipher(d, d8); this.P[i] = d[0]; this.P[i+1] = d[1]; } for (i = 0; i < 4; i++) { for (k = 0; k < 256; k += 2) { this.encipher(d, d8); this.S[i][k] = d[0]; this.S[i][k+1] = d[1]; } } }; Blowfish.prototype.expandstate = function(data, databytes, key, keybytes) { var d = new Uint32Array(2), i, k; for (i = 0, BLF_J = 0; i < 18; i++) { this.P[i] ^= stream2word(key, keybytes); } for (i = 0, BLF_J = 0; i < 18; i += 2) { d[0] ^= stream2word(data, databytes); d[1] ^= stream2word(data, databytes); this.encipher(d); this.P[i] = d[0]; this.P[i+1] = d[1]; } for (i = 0; i < 4; i++) { for (k = 0; k < 256; k += 2) { d[0] ^= stream2word(data, databytes); d[1] ^= stream2word(data, databytes); this.encipher(d); this.S[i][k] = d[0]; this.S[i][k+1] = d[1]; } } BLF_J = 0; }; Blowfish.prototype.enc = function(data, blocks) { for (var i = 0; i < blocks; i++) { this.encipher(data.subarray(i*2)); } }; Blowfish.prototype.dec = function(data, blocks) { for (var i = 0; i < blocks; i++) { this.decipher(data.subarray(i*2)); } }; var BCRYPT_BLOCKS = 8, BCRYPT_HASHSIZE = 32; function bcrypt_hash(sha2pass, sha2salt, out) { var state = new Blowfish(), cdata = new Uint32Array(BCRYPT_BLOCKS), i, ciphertext = new Uint8Array([79,120,121,99,104,114,111,109,97,116,105, 99,66,108,111,119,102,105,115,104,83,119,97,116,68,121,110,97,109, 105,116,101]); //"OxychromaticBlowfishSwatDynamite" state.expandstate(sha2salt, 64, sha2pass, 64); for (i = 0; i < 64; i++) { state.expand0state(sha2salt, 64); state.expand0state(sha2pass, 64); } for (i = 0; i < BCRYPT_BLOCKS; i++) cdata[i] = stream2word(ciphertext, ciphertext.byteLength); for (i = 0; i < 64; i++) state.enc(cdata, cdata.byteLength / 8); for (i = 0; i < BCRYPT_BLOCKS; i++) { out[4*i+3] = cdata[i] >>> 24; out[4*i+2] = cdata[i] >>> 16; out[4*i+1] = cdata[i] >>> 8; out[4*i+0] = cdata[i]; } }; function bcrypt_pbkdf(pass, passlen, salt, saltlen, key, keylen, rounds) { var sha2pass = new Uint8Array(64), sha2salt = new Uint8Array(64), out = new Uint8Array(BCRYPT_HASHSIZE), tmpout = new Uint8Array(BCRYPT_HASHSIZE), countsalt = new Uint8Array(saltlen+4), i, j, amt, stride, dest, count, origkeylen = keylen; if (rounds < 1) return -1; if (passlen === 0 || saltlen === 0 || keylen === 0 || keylen > (out.byteLength * out.byteLength) || saltlen > (1<<20)) return -1; stride = Math.floor((keylen + out.byteLength - 1) / out.byteLength); amt = Math.floor((keylen + stride - 1) / stride); for (i = 0; i < saltlen; i++) countsalt[i] = salt[i]; crypto_hash_sha512(sha2pass, pass, passlen); for (count = 1; keylen > 0; count++) { countsalt[saltlen+0] = count >>> 24; countsalt[saltlen+1] = count >>> 16; countsalt[saltlen+2] = count >>> 8; countsalt[saltlen+3] = count; crypto_hash_sha512(sha2salt, countsalt, saltlen + 4); bcrypt_hash(sha2pass, sha2salt, tmpout); for (i = out.byteLength; i--;) out[i] = tmpout[i]; for (i = 1; i < rounds; i++) { crypto_hash_sha512(sha2salt, tmpout, tmpout.byteLength); bcrypt_hash(sha2pass, sha2salt, tmpout); for (j = 0; j < out.byteLength; j++) out[j] ^= tmpout[j]; } amt = Math.min(amt, keylen); for (i = 0; i < amt; i++) { dest = i * stride + (count - 1); if (dest >= origkeylen) break; key[dest] = out[i]; } keylen -= i; } return 0; }; module.exports = { BLOCKS: BCRYPT_BLOCKS, HASHSIZE: BCRYPT_HASHSIZE, hash: bcrypt_hash, pbkdf: bcrypt_pbkdf }; /***/ }), /***/ 3682: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var register = __nccwpck_require__(4670) var addHook = __nccwpck_require__(5549) var removeHook = __nccwpck_require__(6819) // bind with array of arguments: https://stackoverflow.com/a/21792913 var bind = Function.bind var bindable = bind.bind(bind) function bindApi (hook, state, name) { var removeHookRef = bindable(removeHook, null).apply(null, name ? [state, name] : [state]) hook.api = { remove: removeHookRef } hook.remove = removeHookRef ;['before', 'error', 'after', 'wrap'].forEach(function (kind) { var args = name ? [state, kind, name] : [state, kind] hook[kind] = hook.api[kind] = bindable(addHook, null).apply(null, args) }) } function HookSingular () { var singularHookName = 'h' var singularHookState = { registry: {} } var singularHook = register.bind(null, singularHookState, singularHookName) bindApi(singularHook, singularHookState, singularHookName) return singularHook } function HookCollection () { var state = { registry: {} } var hook = register.bind(null, state) bindApi(hook, state) return hook } var collectionHookDeprecationMessageDisplayed = false function Hook () { if (!collectionHookDeprecationMessageDisplayed) { console.warn('[before-after-hook]: "Hook()" repurposing warning, use "Hook.Collection()". Read more: https://git.io/upgrade-before-after-hook-to-1.4') collectionHookDeprecationMessageDisplayed = true } return HookCollection() } Hook.Singular = HookSingular.bind() Hook.Collection = HookCollection.bind() module.exports = Hook // expose constructors as a named property for TypeScript module.exports.Hook = Hook module.exports.Singular = Hook.Singular module.exports.Collection = Hook.Collection /***/ }), /***/ 5549: /***/ ((module) => { module.exports = addHook; function addHook(state, kind, name, hook) { var orig = hook; if (!state.registry[name]) { state.registry[name] = []; } if (kind === "before") { hook = function (method, options) { return Promise.resolve() .then(orig.bind(null, options)) .then(method.bind(null, options)); }; } if (kind === "after") { hook = function (method, options) { var result; return Promise.resolve() .then(method.bind(null, options)) .then(function (result_) { result = result_; return orig(result, options); }) .then(function () { return result; }); }; } if (kind === "error") { hook = function (method, options) { return Promise.resolve() .then(method.bind(null, options)) .catch(function (error) { return orig(error, options); }); }; } state.registry[name].push({ hook: hook, orig: orig, }); } /***/ }), /***/ 4670: /***/ ((module) => { module.exports = register; function register(state, name, method, options) { if (typeof method !== "function") { throw new Error("method for before hook must be a function"); } if (!options) { options = {}; } if (Array.isArray(name)) { return name.reverse().reduce(function (callback, name) { return register.bind(null, state, name, callback, options); }, method)(); } return Promise.resolve().then(function () { if (!state.registry[name]) { return method(options); } return state.registry[name].reduce(function (method, registered) { return registered.hook.bind(null, method, options); }, method)(); }); } /***/ }), /***/ 6819: /***/ ((module) => { module.exports = removeHook; function removeHook(state, name, method) { if (!state.registry[name]) { return; } var index = state.registry[name] .map(function (registered) { return registered.orig; }) .indexOf(method); if (index === -1) { return; } state.registry[name].splice(index, 1); } /***/ }), /***/ 3664: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const { Buffer } = __nccwpck_require__(4293) const symbol = Symbol.for('BufferList') function BufferList (buf) { if (!(this instanceof BufferList)) { return new BufferList(buf) } BufferList._init.call(this, buf) } BufferList._init = function _init (buf) { Object.defineProperty(this, symbol, { value: true }) this._bufs = [] this.length = 0 if (buf) { this.append(buf) } } BufferList.prototype._new = function _new (buf) { return new BufferList(buf) } BufferList.prototype._offset = function _offset (offset) { if (offset === 0) { return [0, 0] } let tot = 0 for (let i = 0; i < this._bufs.length; i++) { const _t = tot + this._bufs[i].length if (offset < _t || i === this._bufs.length - 1) { return [i, offset - tot] } tot = _t } } BufferList.prototype._reverseOffset = function (blOffset) { const bufferId = blOffset[0] let offset = blOffset[1] for (let i = 0; i < bufferId; i++) { offset += this._bufs[i].length } return offset } BufferList.prototype.get = function get (index) { if (index > this.length || index < 0) { return undefined } const offset = this._offset(index) return this._bufs[offset[0]][offset[1]] } BufferList.prototype.slice = function slice (start, end) { if (typeof start === 'number' && start < 0) { start += this.length } if (typeof end === 'number' && end < 0) { end += this.length } return this.copy(null, 0, start, end) } BufferList.prototype.copy = function copy (dst, dstStart, srcStart, srcEnd) { if (typeof srcStart !== 'number' || srcStart < 0) { srcStart = 0 } if (typeof srcEnd !== 'number' || srcEnd > this.length) { srcEnd = this.length } if (srcStart >= this.length) { return dst || Buffer.alloc(0) } if (srcEnd <= 0) { return dst || Buffer.alloc(0) } const copy = !!dst const off = this._offset(srcStart) const len = srcEnd - srcStart let bytes = len let bufoff = (copy && dstStart) || 0 let start = off[1] // copy/slice everything if (srcStart === 0 && srcEnd === this.length) { if (!copy) { // slice, but full concat if multiple buffers return this._bufs.length === 1 ? this._bufs[0] : Buffer.concat(this._bufs, this.length) } // copy, need to copy individual buffers for (let i = 0; i < this._bufs.length; i++) { this._bufs[i].copy(dst, bufoff) bufoff += this._bufs[i].length } return dst } // easy, cheap case where it's a subset of one of the buffers if (bytes <= this._bufs[off[0]].length - start) { return copy ? this._bufs[off[0]].copy(dst, dstStart, start, start + bytes) : this._bufs[off[0]].slice(start, start + bytes) } if (!copy) { // a slice, we need something to copy in to dst = Buffer.allocUnsafe(len) } for (let i = off[0]; i < this._bufs.length; i++) { const l = this._bufs[i].length - start if (bytes > l) { this._bufs[i].copy(dst, bufoff, start) bufoff += l } else { this._bufs[i].copy(dst, bufoff, start, start + bytes) bufoff += l break } bytes -= l if (start) { start = 0 } } // safeguard so that we don't return uninitialized memory if (dst.length > bufoff) return dst.slice(0, bufoff) return dst } BufferList.prototype.shallowSlice = function shallowSlice (start, end) { start = start || 0 end = typeof end !== 'number' ? this.length : end if (start < 0) { start += this.length } if (end < 0) { end += this.length } if (start === end) { return this._new() } const startOffset = this._offset(start) const endOffset = this._offset(end) const buffers = this._bufs.slice(startOffset[0], endOffset[0] + 1) if (endOffset[1] === 0) { buffers.pop() } else { buffers[buffers.length - 1] = buffers[buffers.length - 1].slice(0, endOffset[1]) } if (startOffset[1] !== 0) { buffers[0] = buffers[0].slice(startOffset[1]) } return this._new(buffers) } BufferList.prototype.toString = function toString (encoding, start, end) { return this.slice(start, end).toString(encoding) } BufferList.prototype.consume = function consume (bytes) { // first, normalize the argument, in accordance with how Buffer does it bytes = Math.trunc(bytes) // do nothing if not a positive number if (Number.isNaN(bytes) || bytes <= 0) return this while (this._bufs.length) { if (bytes >= this._bufs[0].length) { bytes -= this._bufs[0].length this.length -= this._bufs[0].length this._bufs.shift() } else { this._bufs[0] = this._bufs[0].slice(bytes) this.length -= bytes break } } return this } BufferList.prototype.duplicate = function duplicate () { const copy = this._new() for (let i = 0; i < this._bufs.length; i++) { copy.append(this._bufs[i]) } return copy } BufferList.prototype.append = function append (buf) { if (buf == null) { return this } if (buf.buffer) { // append a view of the underlying ArrayBuffer this._appendBuffer(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength)) } else if (Array.isArray(buf)) { for (let i = 0; i < buf.length; i++) { this.append(buf[i]) } } else if (this._isBufferList(buf)) { // unwrap argument into individual BufferLists for (let i = 0; i < buf._bufs.length; i++) { this.append(buf._bufs[i]) } } else { // coerce number arguments to strings, since Buffer(number) does // uninitialized memory allocation if (typeof buf === 'number') { buf = buf.toString() } this._appendBuffer(Buffer.from(buf)) } return this } BufferList.prototype._appendBuffer = function appendBuffer (buf) { this._bufs.push(buf) this.length += buf.length } BufferList.prototype.indexOf = function (search, offset, encoding) { if (encoding === undefined && typeof offset === 'string') { encoding = offset offset = undefined } if (typeof search === 'function' || Array.isArray(search)) { throw new TypeError('The "value" argument must be one of type string, Buffer, BufferList, or Uint8Array.') } else if (typeof search === 'number') { search = Buffer.from([search]) } else if (typeof search === 'string') { search = Buffer.from(search, encoding) } else if (this._isBufferList(search)) { search = search.slice() } else if (Array.isArray(search.buffer)) { search = Buffer.from(search.buffer, search.byteOffset, search.byteLength) } else if (!Buffer.isBuffer(search)) { search = Buffer.from(search) } offset = Number(offset || 0) if (isNaN(offset)) { offset = 0 } if (offset < 0) { offset = this.length + offset } if (offset < 0) { offset = 0 } if (search.length === 0) { return offset > this.length ? this.length : offset } const blOffset = this._offset(offset) let blIndex = blOffset[0] // index of which internal buffer we're working on let buffOffset = blOffset[1] // offset of the internal buffer we're working on // scan over each buffer for (; blIndex < this._bufs.length; blIndex++) { const buff = this._bufs[blIndex] while (buffOffset < buff.length) { const availableWindow = buff.length - buffOffset if (availableWindow >= search.length) { const nativeSearchResult = buff.indexOf(search, buffOffset) if (nativeSearchResult !== -1) { return this._reverseOffset([blIndex, nativeSearchResult]) } buffOffset = buff.length - search.length + 1 // end of native search window } else { const revOffset = this._reverseOffset([blIndex, buffOffset]) if (this._match(revOffset, search)) { return revOffset } buffOffset++ } } buffOffset = 0 } return -1 } BufferList.prototype._match = function (offset, search) { if (this.length - offset < search.length) { return false } for (let searchOffset = 0; searchOffset < search.length; searchOffset++) { if (this.get(offset + searchOffset) !== search[searchOffset]) { return false } } return true } ;(function () { const methods = { readDoubleBE: 8, readDoubleLE: 8, readFloatBE: 4, readFloatLE: 4, readInt32BE: 4, readInt32LE: 4, readUInt32BE: 4, readUInt32LE: 4, readInt16BE: 2, readInt16LE: 2, readUInt16BE: 2, readUInt16LE: 2, readInt8: 1, readUInt8: 1, readIntBE: null, readIntLE: null, readUIntBE: null, readUIntLE: null } for (const m in methods) { (function (m) { if (methods[m] === null) { BufferList.prototype[m] = function (offset, byteLength) { return this.slice(offset, offset + byteLength)[m](0, byteLength) } } else { BufferList.prototype[m] = function (offset = 0) { return this.slice(offset, offset + methods[m])[m](0) } } }(m)) } }()) // Used internally by the class and also as an indicator of this object being // a `BufferList`. It's not possible to use `instanceof BufferList` in a browser // environment because there could be multiple different copies of the // BufferList class and some `BufferList`s might be `BufferList`s. BufferList.prototype._isBufferList = function _isBufferList (b) { return b instanceof BufferList || BufferList.isBufferList(b) } BufferList.isBufferList = function isBufferList (b) { return b != null && b[symbol] } module.exports = BufferList /***/ }), /***/ 336: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const DuplexStream = __nccwpck_require__(1642).Duplex const inherits = __nccwpck_require__(4124) const BufferList = __nccwpck_require__(3664) function BufferListStream (callback) { if (!(this instanceof BufferListStream)) { return new BufferListStream(callback) } if (typeof callback === 'function') { this._callback = callback const piper = function piper (err) { if (this._callback) { this._callback(err) this._callback = null } }.bind(this) this.on('pipe', function onPipe (src) { src.on('error', piper) }) this.on('unpipe', function onUnpipe (src) { src.removeListener('error', piper) }) callback = null } BufferList._init.call(this, callback) DuplexStream.call(this) } inherits(BufferListStream, DuplexStream) Object.assign(BufferListStream.prototype, BufferList.prototype) BufferListStream.prototype._new = function _new (callback) { return new BufferListStream(callback) } BufferListStream.prototype._write = function _write (buf, encoding, callback) { this._appendBuffer(buf) if (typeof callback === 'function') { callback() } } BufferListStream.prototype._read = function _read (size) { if (!this.length) { return this.push(null) } size = Math.min(size, this.length) this.push(this.slice(0, size)) this.consume(size) } BufferListStream.prototype.end = function end (chunk) { DuplexStream.prototype.end.call(this, chunk) if (this._callback) { this._callback(null, this.slice()) this._callback = null } } BufferListStream.prototype._destroy = function _destroy (err, cb) { this._bufs.length = 0 this.length = 0 cb(err) } BufferListStream.prototype._isBufferList = function _isBufferList (b) { return b instanceof BufferListStream || b instanceof BufferList || BufferListStream.isBufferList(b) } BufferListStream.isBufferList = BufferList.isBufferList module.exports = BufferListStream module.exports.BufferListStream = BufferListStream module.exports.BufferList = BufferList /***/ }), /***/ 9051: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const fs = __nccwpck_require__(5747) const path = __nccwpck_require__(5622) /* istanbul ignore next */ const LCHOWN = fs.lchown ? 'lchown' : 'chown' /* istanbul ignore next */ const LCHOWNSYNC = fs.lchownSync ? 'lchownSync' : 'chownSync' /* istanbul ignore next */ const needEISDIRHandled = fs.lchown && !process.version.match(/v1[1-9]+\./) && !process.version.match(/v10\.[6-9]/) const lchownSync = (path, uid, gid) => { try { return fs[LCHOWNSYNC](path, uid, gid) } catch (er) { if (er.code !== 'ENOENT') throw er } } /* istanbul ignore next */ const chownSync = (path, uid, gid) => { try { return fs.chownSync(path, uid, gid) } catch (er) { if (er.code !== 'ENOENT') throw er } } /* istanbul ignore next */ const handleEISDIR = needEISDIRHandled ? (path, uid, gid, cb) => er => { // Node prior to v10 had a very questionable implementation of // fs.lchown, which would always try to call fs.open on a directory // Fall back to fs.chown in those cases. if (!er || er.code !== 'EISDIR') cb(er) else fs.chown(path, uid, gid, cb) } : (_, __, ___, cb) => cb /* istanbul ignore next */ const handleEISDirSync = needEISDIRHandled ? (path, uid, gid) => { try { return lchownSync(path, uid, gid) } catch (er) { if (er.code !== 'EISDIR') throw er chownSync(path, uid, gid) } } : (path, uid, gid) => lchownSync(path, uid, gid) // fs.readdir could only accept an options object as of node v6 const nodeVersion = process.version let readdir = (path, options, cb) => fs.readdir(path, options, cb) let readdirSync = (path, options) => fs.readdirSync(path, options) /* istanbul ignore next */ if (/^v4\./.test(nodeVersion)) readdir = (path, options, cb) => fs.readdir(path, cb) const chown = (cpath, uid, gid, cb) => { fs[LCHOWN](cpath, uid, gid, handleEISDIR(cpath, uid, gid, er => { // Skip ENOENT error cb(er && er.code !== 'ENOENT' ? er : null) })) } const chownrKid = (p, child, uid, gid, cb) => { if (typeof child === 'string') return fs.lstat(path.resolve(p, child), (er, stats) => { // Skip ENOENT error if (er) return cb(er.code !== 'ENOENT' ? er : null) stats.name = child chownrKid(p, stats, uid, gid, cb) }) if (child.isDirectory()) { chownr(path.resolve(p, child.name), uid, gid, er => { if (er) return cb(er) const cpath = path.resolve(p, child.name) chown(cpath, uid, gid, cb) }) } else { const cpath = path.resolve(p, child.name) chown(cpath, uid, gid, cb) } } const chownr = (p, uid, gid, cb) => { readdir(p, { withFileTypes: true }, (er, children) => { // any error other than ENOTDIR or ENOTSUP means it's not readable, // or doesn't exist. give up. if (er) { if (er.code === 'ENOENT') return cb() else if (er.code !== 'ENOTDIR' && er.code !== 'ENOTSUP') return cb(er) } if (er || !children.length) return chown(p, uid, gid, cb) let len = children.length let errState = null const then = er => { if (errState) return if (er) return cb(errState = er) if (-- len === 0) return chown(p, uid, gid, cb) } children.forEach(child => chownrKid(p, child, uid, gid, then)) }) } const chownrKidSync = (p, child, uid, gid) => { if (typeof child === 'string') { try { const stats = fs.lstatSync(path.resolve(p, child)) stats.name = child child = stats } catch (er) { if (er.code === 'ENOENT') return else throw er } } if (child.isDirectory()) chownrSync(path.resolve(p, child.name), uid, gid) handleEISDirSync(path.resolve(p, child.name), uid, gid) } const chownrSync = (p, uid, gid) => { let children try { children = readdirSync(p, { withFileTypes: true }) } catch (er) { if (er.code === 'ENOENT') return else if (er.code === 'ENOTDIR' || er.code === 'ENOTSUP') return handleEISDirSync(p, uid, gid) else throw er } if (children && children.length) children.forEach(child => chownrKidSync(p, child, uid, gid)) return handleEISDirSync(p, uid, gid) } module.exports = chownr chownr.sync = chownrSync /***/ }), /***/ 4137: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { const binding = __nccwpck_require__(4240); module.exports = binding.getCPUInfo; /***/ }), /***/ 8222: /***/ ((module, exports, __nccwpck_require__) => { /* eslint-env browser */ /** * This is the web browser implementation of `debug()`. */ exports.formatArgs = formatArgs; exports.save = save; exports.load = load; exports.useColors = useColors; exports.storage = localstorage(); exports.destroy = (() => { let warned = false; return () => { if (!warned) { warned = true; console.warn('Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.'); } }; })(); /** * Colors. */ exports.colors = [ '#0000CC', '#0000FF', '#0033CC', '#0033FF', '#0066CC', '#0066FF', '#0099CC', '#0099FF', '#00CC00', '#00CC33', '#00CC66', '#00CC99', '#00CCCC', '#00CCFF', '#3300CC', '#3300FF', '#3333CC', '#3333FF', '#3366CC', '#3366FF', '#3399CC', '#3399FF', '#33CC00', '#33CC33', '#33CC66', '#33CC99', '#33CCCC', '#33CCFF', '#6600CC', '#6600FF', '#6633CC', '#6633FF', '#66CC00', '#66CC33', '#9900CC', '#9900FF', '#9933CC', '#9933FF', '#99CC00', '#99CC33', '#CC0000', '#CC0033', '#CC0066', '#CC0099', '#CC00CC', '#CC00FF', '#CC3300', '#CC3333', '#CC3366', '#CC3399', '#CC33CC', '#CC33FF', '#CC6600', '#CC6633', '#CC9900', '#CC9933', '#CCCC00', '#CCCC33', '#FF0000', '#FF0033', '#FF0066', '#FF0099', '#FF00CC', '#FF00FF', '#FF3300', '#FF3333', '#FF3366', '#FF3399', '#FF33CC', '#FF33FF', '#FF6600', '#FF6633', '#FF9900', '#FF9933', '#FFCC00', '#FFCC33' ]; /** * Currently only WebKit-based Web Inspectors, Firefox >= v31, * and the Firebug extension (any Firefox version) are known * to support "%c" CSS customizations. * * TODO: add a `localStorage` variable to explicitly enable/disable colors */ // eslint-disable-next-line complexity function useColors() { // NB: In an Electron preload script, document will be defined but not fully // initialized. Since we know we're in Chrome, we'll just detect this case // explicitly if (typeof window !== 'undefined' && window.process && (window.process.type === 'renderer' || window.process.__nwjs)) { return true; } // Internet Explorer and Edge do not support colors. if (typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/(edge|trident)\/(\d+)/)) { return false; } // Is webkit? http://stackoverflow.com/a/16459606/376773 // document is undefined in react-native: https://github.com/facebook/react-native/pull/1632 return (typeof document !== 'undefined' && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance) || // Is firebug? http://stackoverflow.com/a/398120/376773 (typeof window !== 'undefined' && window.console && (window.console.firebug || (window.console.exception && window.console.table))) || // Is firefox >= v31? // https://developer.mozilla.org/en-US/docs/Tools/Web_Console#Styling_messages (typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/firefox\/(\d+)/) && parseInt(RegExp.$1, 10) >= 31) || // Double check webkit in userAgent just in case we are in a worker (typeof navigator !== 'undefined' && navigator.userAgent && navigator.userAgent.toLowerCase().match(/applewebkit\/(\d+)/)); } /** * Colorize log arguments if enabled. * * @api public */ function formatArgs(args) { args[0] = (this.useColors ? '%c' : '') + this.namespace + (this.useColors ? ' %c' : ' ') + args[0] + (this.useColors ? '%c ' : ' ') + '+' + module.exports.humanize(this.diff); if (!this.useColors) { return; } const c = 'color: ' + this.color; args.splice(1, 0, c, 'color: inherit'); // The final "%c" is somewhat tricky, because there could be other // arguments passed either before or after the %c, so we need to // figure out the correct index to insert the CSS into let index = 0; let lastC = 0; args[0].replace(/%[a-zA-Z%]/g, match => { if (match === '%%') { return; } index++; if (match === '%c') { // We only are interested in the *last* %c // (the user may have provided their own) lastC = index; } }); args.splice(lastC, 0, c); } /** * Invokes `console.debug()` when available. * No-op when `console.debug` is not a "function". * If `console.debug` is not available, falls back * to `console.log`. * * @api public */ exports.log = console.debug || console.log || (() => {}); /** * Save `namespaces`. * * @param {String} namespaces * @api private */ function save(namespaces) { try { if (namespaces) { exports.storage.setItem('debug', namespaces); } else { exports.storage.removeItem('debug'); } } catch (error) { // Swallow // XXX (@Qix-) should we be logging these? } } /** * Load `namespaces`. * * @return {String} returns the previously persisted debug modes * @api private */ function load() { let r; try { r = exports.storage.getItem('debug'); } catch (error) { // Swallow // XXX (@Qix-) should we be logging these? } // If debug isn't set in LS, and we're in Electron, try to load $DEBUG if (!r && typeof process !== 'undefined' && 'env' in process) { r = process.env.DEBUG; } return r; } /** * Localstorage attempts to return the localstorage. * * This is necessary because safari throws * when a user disables cookies/localstorage * and you attempt to access it. * * @return {LocalStorage} * @api private */ function localstorage() { try { // TVMLKit (Apple TV JS Runtime) does not have a window object, just localStorage in the global context // The Browser also has localStorage in the global context. return localStorage; } catch (error) { // Swallow // XXX (@Qix-) should we be logging these? } } module.exports = __nccwpck_require__(6243)(exports); const {formatters} = module.exports; /** * Map %j to `JSON.stringify()`, since no Web Inspectors do that by default. */ formatters.j = function (v) { try { return JSON.stringify(v); } catch (error) { return '[UnexpectedJSONParseError]: ' + error.message; } }; /***/ }), /***/ 6243: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * This is the common logic for both the Node.js and web browser * implementations of `debug()`. */ function setup(env) { createDebug.debug = createDebug; createDebug.default = createDebug; createDebug.coerce = coerce; createDebug.disable = disable; createDebug.enable = enable; createDebug.enabled = enabled; createDebug.humanize = __nccwpck_require__(900); createDebug.destroy = destroy; Object.keys(env).forEach(key => { createDebug[key] = env[key]; }); /** * The currently active debug mode names, and names to skip. */ createDebug.names = []; createDebug.skips = []; /** * Map of special "%n" handling functions, for the debug "format" argument. * * Valid key names are a single, lower or upper-case letter, i.e. "n" and "N". */ createDebug.formatters = {}; /** * Selects a color for a debug namespace * @param {String} namespace The namespace string for the for the debug instance to be colored * @return {Number|String} An ANSI color code for the given namespace * @api private */ function selectColor(namespace) { let hash = 0; for (let i = 0; i < namespace.length; i++) { hash = ((hash << 5) - hash) + namespace.charCodeAt(i); hash |= 0; // Convert to 32bit integer } return createDebug.colors[Math.abs(hash) % createDebug.colors.length]; } createDebug.selectColor = selectColor; /** * Create a debugger with the given `namespace`. * * @param {String} namespace * @return {Function} * @api public */ function createDebug(namespace) { let prevTime; let enableOverride = null; function debug(...args) { // Disabled? if (!debug.enabled) { return; } const self = debug; // Set `diff` timestamp const curr = Number(new Date()); const ms = curr - (prevTime || curr); self.diff = ms; self.prev = prevTime; self.curr = curr; prevTime = curr; args[0] = createDebug.coerce(args[0]); if (typeof args[0] !== 'string') { // Anything else let's inspect with %O args.unshift('%O'); } // Apply any `formatters` transformations let index = 0; args[0] = args[0].replace(/%([a-zA-Z%])/g, (match, format) => { // If we encounter an escaped % then don't increase the array index if (match === '%%') { return '%'; } index++; const formatter = createDebug.formatters[format]; if (typeof formatter === 'function') { const val = args[index]; match = formatter.call(self, val); // Now we need to remove `args[index]` since it's inlined in the `format` args.splice(index, 1); index--; } return match; }); // Apply env-specific formatting (colors, etc.) createDebug.formatArgs.call(self, args); const logFn = self.log || createDebug.log; logFn.apply(self, args); } debug.namespace = namespace; debug.useColors = createDebug.useColors(); debug.color = createDebug.selectColor(namespace); debug.extend = extend; debug.destroy = createDebug.destroy; // XXX Temporary. Will be removed in the next major release. Object.defineProperty(debug, 'enabled', { enumerable: true, configurable: false, get: () => enableOverride === null ? createDebug.enabled(namespace) : enableOverride, set: v => { enableOverride = v; } }); // Env-specific initialization logic for debug instances if (typeof createDebug.init === 'function') { createDebug.init(debug); } return debug; } function extend(namespace, delimiter) { const newDebug = createDebug(this.namespace + (typeof delimiter === 'undefined' ? ':' : delimiter) + namespace); newDebug.log = this.log; return newDebug; } /** * Enables a debug mode by namespaces. This can include modes * separated by a colon and wildcards. * * @param {String} namespaces * @api public */ function enable(namespaces) { createDebug.save(namespaces); createDebug.names = []; createDebug.skips = []; let i; const split = (typeof namespaces === 'string' ? namespaces : '').split(/[\s,]+/); const len = split.length; for (i = 0; i < len; i++) { if (!split[i]) { // ignore empty strings continue; } namespaces = split[i].replace(/\*/g, '.*?'); if (namespaces[0] === '-') { createDebug.skips.push(new RegExp('^' + namespaces.substr(1) + '$')); } else { createDebug.names.push(new RegExp('^' + namespaces + '$')); } } } /** * Disable debug output. * * @return {String} namespaces * @api public */ function disable() { const namespaces = [ ...createDebug.names.map(toNamespace), ...createDebug.skips.map(toNamespace).map(namespace => '-' + namespace) ].join(','); createDebug.enable(''); return namespaces; } /** * Returns true if the given mode name is enabled, false otherwise. * * @param {String} name * @return {Boolean} * @api public */ function enabled(name) { if (name[name.length - 1] === '*') { return true; } let i; let len; for (i = 0, len = createDebug.skips.length; i < len; i++) { if (createDebug.skips[i].test(name)) { return false; } } for (i = 0, len = createDebug.names.length; i < len; i++) { if (createDebug.names[i].test(name)) { return true; } } return false; } /** * Convert regexp to namespace * * @param {RegExp} regxep * @return {String} namespace * @api private */ function toNamespace(regexp) { return regexp.toString() .substring(2, regexp.toString().length - 2) .replace(/\.\*\?$/, '*'); } /** * Coerce `val`. * * @param {Mixed} val * @return {Mixed} * @api private */ function coerce(val) { if (val instanceof Error) { return val.stack || val.message; } return val; } /** * XXX DO NOT USE. This is a temporary stub function. * XXX It WILL be removed in the next major release. */ function destroy() { console.warn('Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.'); } createDebug.enable(createDebug.load()); return createDebug; } module.exports = setup; /***/ }), /***/ 8237: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Detect Electron renderer / nwjs process, which is node, but we should * treat as a browser. */ if (typeof process === 'undefined' || process.type === 'renderer' || process.browser === true || process.__nwjs) { module.exports = __nccwpck_require__(8222); } else { module.exports = __nccwpck_require__(5332); } /***/ }), /***/ 5332: /***/ ((module, exports, __nccwpck_require__) => { /** * Module dependencies. */ const tty = __nccwpck_require__(3867); const util = __nccwpck_require__(1669); /** * This is the Node.js implementation of `debug()`. */ exports.init = init; exports.log = log; exports.formatArgs = formatArgs; exports.save = save; exports.load = load; exports.useColors = useColors; exports.destroy = util.deprecate( () => {}, 'Instance method `debug.destroy()` is deprecated and no longer does anything. It will be removed in the next major version of `debug`.' ); /** * Colors. */ exports.colors = [6, 2, 3, 4, 5, 1]; try { // Optional dependency (as in, doesn't need to be installed, NOT like optionalDependencies in package.json) // eslint-disable-next-line import/no-extraneous-dependencies const supportsColor = __nccwpck_require__(9318); if (supportsColor && (supportsColor.stderr || supportsColor).level >= 2) { exports.colors = [ 20, 21, 26, 27, 32, 33, 38, 39, 40, 41, 42, 43, 44, 45, 56, 57, 62, 63, 68, 69, 74, 75, 76, 77, 78, 79, 80, 81, 92, 93, 98, 99, 112, 113, 128, 129, 134, 135, 148, 149, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 178, 179, 184, 185, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 214, 215, 220, 221 ]; } } catch (error) { // Swallow - we only care if `supports-color` is available; it doesn't have to be. } /** * Build up the default `inspectOpts` object from the environment variables. * * $ DEBUG_COLORS=no DEBUG_DEPTH=10 DEBUG_SHOW_HIDDEN=enabled node script.js */ exports.inspectOpts = Object.keys(process.env).filter(key => { return /^debug_/i.test(key); }).reduce((obj, key) => { // Camel-case const prop = key .substring(6) .toLowerCase() .replace(/_([a-z])/g, (_, k) => { return k.toUpperCase(); }); // Coerce string value into JS value let val = process.env[key]; if (/^(yes|on|true|enabled)$/i.test(val)) { val = true; } else if (/^(no|off|false|disabled)$/i.test(val)) { val = false; } else if (val === 'null') { val = null; } else { val = Number(val); } obj[prop] = val; return obj; }, {}); /** * Is stdout a TTY? Colored output is enabled when `true`. */ function useColors() { return 'colors' in exports.inspectOpts ? Boolean(exports.inspectOpts.colors) : tty.isatty(process.stderr.fd); } /** * Adds ANSI color escape codes if enabled. * * @api public */ function formatArgs(args) { const {namespace: name, useColors} = this; if (useColors) { const c = this.color; const colorCode = '\u001B[3' + (c < 8 ? c : '8;5;' + c); const prefix = ` ${colorCode};1m${name} \u001B[0m`; args[0] = prefix + args[0].split('\n').join('\n' + prefix); args.push(colorCode + 'm+' + module.exports.humanize(this.diff) + '\u001B[0m'); } else { args[0] = getDate() + name + ' ' + args[0]; } } function getDate() { if (exports.inspectOpts.hideDate) { return ''; } return new Date().toISOString() + ' '; } /** * Invokes `util.format()` with the specified arguments and writes to stderr. */ function log(...args) { return process.stderr.write(util.format(...args) + '\n'); } /** * Save `namespaces`. * * @param {String} namespaces * @api private */ function save(namespaces) { if (namespaces) { process.env.DEBUG = namespaces; } else { // If you set a process.env field to null or undefined, it gets cast to the // string 'null' or 'undefined'. Just delete instead. delete process.env.DEBUG; } } /** * Load `namespaces`. * * @return {String} returns the previously persisted debug modes * @api private */ function load() { return process.env.DEBUG; } /** * Init logic for `debug` instances. * * Create a new `inspectOpts` object in case `useColors` is set * differently for a particular `debug` instance. */ function init(debug) { debug.inspectOpts = {}; const keys = Object.keys(exports.inspectOpts); for (let i = 0; i < keys.length; i++) { debug.inspectOpts[keys[i]] = exports.inspectOpts[keys[i]]; } } module.exports = __nccwpck_require__(6243)(exports); const {formatters} = module.exports; /** * Map %o to `util.inspect()`, all on a single line. */ formatters.o = function (v) { this.inspectOpts.colors = this.useColors; return util.inspect(v, this.inspectOpts) .split('\n') .map(str => str.trim()) .join(' '); }; /** * Map %O to `util.inspect()`, allowing multiple lines if needed. */ formatters.O = function (v) { this.inspectOpts.colors = this.useColors; return util.inspect(v, this.inspectOpts); }; /***/ }), /***/ 8932: /***/ ((__unused_webpack_module, exports) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); class Deprecation extends Error { constructor(message) { super(message); // Maintains proper stack trace (only available on V8) /* istanbul ignore next */ if (Error.captureStackTrace) { Error.captureStackTrace(this, this.constructor); } this.name = 'Deprecation'; } } exports.Deprecation = Deprecation; /***/ }), /***/ 4305: /***/ ((module, exports, __nccwpck_require__) => { //Based on follow-redirects v0.0.x var nativeHttps = __nccwpck_require__(7211), nativeHttp = __nccwpck_require__(8605), url = __nccwpck_require__(8835), utils = __nccwpck_require__(4967); var maxRedirects = module.exports.maxRedirects = 5; var protocols = { https: nativeHttps, http: nativeHttp }; for (var protocol in protocols) { var h = function() {}; h.prototype = protocols[protocol]; h = new h(); h.request = function(h) { return function(options, callback, redirectOptions) { redirectOptions = redirectOptions || {}; var max = (typeof options === 'object' && 'maxRedirects' in options) ? options.maxRedirects : exports.maxRedirects; var redirect = utils.extend({ count: 0, max: max, clientRequest: null, userCallback: callback }, redirectOptions); if (redirect.count > redirect.max) { var err = new Error('Max redirects exceeded. To allow more redirects, pass options.maxRedirects property.'); redirect.clientRequest.emit('error', err); return redirect.clientRequest; } redirect.count++; var reqUrl; if (typeof options === 'string') { reqUrl = options; } else { reqUrl = url.format(utils.extend({ protocol: protocol }, options)); } var clientRequest = Object.getPrototypeOf(h).request(options, redirectCallback(reqUrl, redirect)); if (!redirect.clientRequest) redirect.clientRequest = clientRequest; function redirectCallback(reqUrl, redirect) { return function(res) { if (res.statusCode < 300 || res.statusCode > 399) { return redirect.userCallback(res); } if (!('location' in res.headers)) { return redirect.userCallback(res); } var redirectUrl = url.resolve(reqUrl, res.headers.location); var proto = url.parse(redirectUrl).protocol; proto = proto.substr(0, proto.length - 1); return module.exports[proto].get(redirectUrl, redirectCallback(reqUrl, redirect), redirect); }; } return clientRequest; }; }(h); // see https://github.com/joyent/node/blob/master/lib/http.js#L1623 h.get = function(h) { return function(options, cb, redirectOptions) { var req = h.request(options, cb, redirectOptions); req.end(); return req; }; }(h); module.exports[protocol] = h; } /***/ }), /***/ 3855: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { module.exports = HttpDuplex; var util = __nccwpck_require__(1669), stream = __nccwpck_require__(1642); util.inherits(HttpDuplex, stream.Duplex); function HttpDuplex(req, res, options) { var self = this; if (!(self instanceof HttpDuplex)) return new HttpDuplex(req, res, options); stream.Duplex.call(self, options); self._output = null; self.connect(req, res); } HttpDuplex.prototype.connect = function(req, res) { var self = this; self.req = req; self._output = res; self.emit('response', res); res.on('data', function(c) { if (!self.push(c)) self._output.pause(); }); res.on('end', function() { self.push(null); }); }; HttpDuplex.prototype._read = function(n) { if (this._output) this._output.resume(); }; HttpDuplex.prototype._write = function(chunk, encoding, cb) { this.req.write(chunk, encoding); cb(); }; HttpDuplex.prototype.end = function(chunk, encoding, cb) { this._output.socket.destroy(); return this.req.end(chunk, encoding, cb); }; HttpDuplex.prototype.destroy = function() { this.req.destroy(); this._output.socket.destroy(); }; /***/ }), /***/ 6042: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var querystring = __nccwpck_require__(1191), http = __nccwpck_require__(4305), fs = __nccwpck_require__(5747), path = __nccwpck_require__(5622), url = __nccwpck_require__(8835), ssh = __nccwpck_require__(7964), HttpDuplex = __nccwpck_require__(3855), debug = __nccwpck_require__(8237)('modem'), utils = __nccwpck_require__(4967), util = __nccwpck_require__(1669), url = __nccwpck_require__(8835), splitca = __nccwpck_require__(9798), isWin = __nccwpck_require__(2087).type() === 'Windows_NT'; var defaultOpts = function () { var host; var opts = {}; if (!process.env.DOCKER_HOST) { // Windows socket path: //./pipe/docker_engine ( Windows 10 ) // Linux & Darwin socket path: /var/run/docker.sock opts.socketPath = isWin ? '//./pipe/docker_engine' : '/var/run/docker.sock'; } else if (process.env.DOCKER_HOST.indexOf('unix://') === 0) { // Strip off unix://, fall back to default of /var/run/docker.sock if // unix:// was passed without a path opts.socketPath = process.env.DOCKER_HOST.substring(7) || '/var/run/docker.sock'; } else if (process.env.DOCKER_HOST.indexOf('npipe://') === 0) { // Strip off npipe://, fall back to default of //./pipe/docker_engine if // npipe:// was passed without a path opts.socketPath = process.env.DOCKER_HOST.substring(8) || '//./pipe/docker_engine'; } else { var hostStr = process.env.DOCKER_HOST; if (hostStr.indexOf('\/\/') < 0) { hostStr = 'tcp://' + hostStr; } try { host = new url.URL(hostStr); } catch (err) { throw new Error('DOCKER_HOST env variable should be something like tcp://localhost:1234'); } opts.port = host.port; if (process.env.DOCKER_TLS_VERIFY === '1' || opts.port === '2376') { opts.protocol = 'https'; } else if (host.protocol === 'ssh:') { opts.protocol = 'ssh'; opts.username = host.username; opts.sshOptions = { agent: process.env.SSH_AUTH_SOCK, } } else { opts.protocol = 'http'; } opts.host = host.hostname; if (process.env.DOCKER_CERT_PATH) { opts.ca = splitca(path.join(process.env.DOCKER_CERT_PATH, 'ca.pem')); opts.cert = fs.readFileSync(path.join(process.env.DOCKER_CERT_PATH, 'cert.pem')); opts.key = fs.readFileSync(path.join(process.env.DOCKER_CERT_PATH, 'key.pem')); } if (process.env.DOCKER_CLIENT_TIMEOUT) { opts.timeout = parseInt(process.env.DOCKER_CLIENT_TIMEOUT, 10); } } return opts; }; var Modem = function (options) { var optDefaults = defaultOpts(); var opts = Object.assign({}, optDefaults, options); this.host = opts.host; if(!this.host) { this.socketPath = opts.socketPath; } this.port = opts.port; this.username = opts.username; this.password = opts.password; this.version = opts.version; this.key = opts.key; this.cert = opts.cert; this.ca = opts.ca; this.timeout = opts.timeout; this.connectionTimeout = opts.connectionTimeout; this.checkServerIdentity = opts.checkServerIdentity; this.agent = opts.agent; this.headers = opts.headers || {}; this.sshOptions = Object.assign({}, options ? options.sshOptions : {}, optDefaults.sshOptions); //retrocompabitlity if(this.sshOptions.agentForward === undefined) { this.sshOptions.agentForward = opts.agentForward; } if (this.key && this.cert && this.ca) { this.protocol = 'https'; } this.protocol = opts.protocol || this.protocol || 'http'; }; Modem.prototype.dial = function (options, callback) { var opts, address, data; var self = this; if (options.options) { opts = options.options; } // Prevent credentials from showing up in URL if (opts && opts.authconfig) { delete opts.authconfig; } // Prevent abortsignal from showing up in the URL if (opts && opts.abortSignal) { delete opts.abortSignal; } if (this.version) { options.path = '/' + this.version + options.path; } if (this.host) { var parsed = url.parse(self.host); address = url.format({ 'protocol': parsed.protocol || self.protocol, 'hostname': parsed.hostname || self.host, 'port': self.port }); address = url.resolve(address, options.path); } else { address = options.path; } if (options.path.indexOf('?') !== -1) { if (opts && Object.keys(opts).length > 0) { address += this.buildQuerystring(opts._query || opts); } else { address = address.substring(0, address.length - 1); } } var optionsf = { path: address, method: options.method, headers: options.headers || Object.assign({}, self.headers), key: self.key, cert: self.cert, ca: self.ca }; if (this.checkServerIdentity) { optionsf.checkServerIdentity = this.checkServerIdentity; } if (this.agent) { optionsf.agent = this.agent; } if (options.authconfig) { optionsf.headers['X-Registry-Auth'] = options.authconfig.key || options.authconfig.base64 || Buffer.from(JSON.stringify(options.authconfig)).toString('base64'); } if (options.registryconfig) { optionsf.headers['X-Registry-Config'] = options.registryconfig.base64 || Buffer.from(JSON.stringify(options.registryconfig)).toString('base64'); } if (options.abortSignal) { optionsf.signal = options.abortSignal; } if (options.file) { if (typeof options.file === 'string') { data = fs.createReadStream(path.resolve(options.file)); } else { data = options.file; } optionsf.headers['Content-Type'] = 'application/tar'; } else if (opts && options.method === 'POST') { data = JSON.stringify(opts._body || opts); if (options.allowEmpty) { optionsf.headers['Content-Type'] = 'application/json'; } else { if (data !== '{}' && data !== '""') { optionsf.headers['Content-Type'] = 'application/json'; } else { data = undefined; } } } if (typeof data === 'string') { optionsf.headers['Content-Length'] = Buffer.byteLength(data); } else if (Buffer.isBuffer(data) === true) { optionsf.headers['Content-Length'] = data.length; } else if (optionsf.method === 'PUT' || options.hijack || options.openStdin) { optionsf.headers['Transfer-Encoding'] = 'chunked'; } if (options.hijack) { optionsf.headers.Connection = 'Upgrade'; optionsf.headers.Upgrade = 'tcp'; } if (this.socketPath) { optionsf.socketPath = this.socketPath; } else { var urlp = url.parse(address); optionsf.hostname = urlp.hostname; optionsf.port = urlp.port; optionsf.path = urlp.path; } this.buildRequest(optionsf, options, data, callback); }; Modem.prototype.buildRequest = function (options, context, data, callback) { var self = this; var connectionTimeoutTimer; var opts = self.protocol === 'ssh' ? Object.assign(options, { agent: ssh(Object.assign({}, self.sshOptions, { 'host': self.host, 'port': self.port, 'username': self.username, 'password': self.password, })), protocol: 'http:', }) : options; var req = http[self.protocol === 'ssh' ? 'http' : self.protocol].request(opts, function () { }); debug('Sending: %s', util.inspect(options, { showHidden: true, depth: null })); if (self.connectionTimeout) { connectionTimeoutTimer = setTimeout(function () { debug('Connection Timeout of %s ms exceeded', self.connectionTimeout); req.abort(); }, self.connectionTimeout); } if (self.timeout) { req.on('socket', function (socket) { socket.setTimeout(self.timeout); socket.on('timeout', function () { debug('Timeout of %s ms exceeded', self.timeout); req.abort(); }); }); } if (context.hijack === true) { clearTimeout(connectionTimeoutTimer); req.on('upgrade', function (res, sock, head) { return callback(null, sock); }); } req.on('connect', function () { clearTimeout(connectionTimeoutTimer); }); req.on('disconnect', function () { clearTimeout(connectionTimeoutTimer); }); req.on('response', function (res) { clearTimeout(connectionTimeoutTimer); if (context.isStream === true) { self.buildPayload(null, context.isStream, context.statusCodes, context.openStdin, req, res, null, callback); } else { var chunks = []; res.on('data', function (chunk) { chunks.push(chunk); }); res.on('end', function () { var buffer = Buffer.concat(chunks); var result = buffer.toString(); debug('Received: %s', result); var json = utils.parseJSON(result) || buffer; self.buildPayload(null, context.isStream, context.statusCodes, false, req, res, json, callback); }); } }); req.on('error', function (error) { clearTimeout(connectionTimeoutTimer); self.buildPayload(error, context.isStream, context.statusCodes, false, {}, {}, null, callback); }); if (typeof data === 'string' || Buffer.isBuffer(data)) { req.write(data); } else if (data) { data.on('error', function (error) { req.destroy(error); }); data.pipe(req); } if (!context.hijack && !context.openStdin && (typeof data === 'string' || data === undefined || Buffer.isBuffer(data))) { req.end(); } }; Modem.prototype.buildPayload = function (err, isStream, statusCodes, openStdin, req, res, json, cb) { if (err) return cb(err, null); if (statusCodes[res.statusCode] !== true) { getCause(isStream, res, json, function (err, cause) { var msg = new Error( '(HTTP code ' + res.statusCode + ') ' + (statusCodes[res.statusCode] || 'unexpected') + ' - ' + (cause.message || cause) + ' ' ); msg.reason = statusCodes[res.statusCode]; msg.statusCode = res.statusCode; msg.json = json; cb(msg, null); }); } else { if (openStdin) { cb(null, new HttpDuplex(req, res)); } else if (isStream) { cb(null, res); } else { cb(null, json); } } function getCause(isStream, res, json, callback) { var chunks = ''; if (isStream) { res.on('data', function (chunk) { chunks += chunk; }); res.on('end', function () { callback(null, utils.parseJSON(chunks) || chunks); }); } else { callback(null, json); } } }; Modem.prototype.demuxStream = function (stream, stdout, stderr) { var nextDataType = null; var nextDataLength = null; var buffer = Buffer.from(''); function processData(data) { if (data) { buffer = Buffer.concat([buffer, data]); } if (!nextDataType) { if (buffer.length >= 8) { var header = bufferSlice(8); nextDataType = header.readUInt8(0); nextDataLength = header.readUInt32BE(4); // It's possible we got a "data" that contains multiple messages // Process the next one processData(); } } else { if (buffer.length >= nextDataLength) { var content = bufferSlice(nextDataLength); if (nextDataType === 1) { stdout.write(content); } else { stderr.write(content); } nextDataType = null; // It's possible we got a "data" that contains multiple messages // Process the next one processData(); } } } function bufferSlice(end) { var out = buffer.slice(0, end); buffer = Buffer.from(buffer.slice(end, buffer.length)); return out; } stream.on('data', processData); }; Modem.prototype.followProgress = function (stream, onFinished, onProgress) { var buf = ''; var output = []; var finished = false; stream.on('data', onStreamEvent); stream.on('error', onStreamError); stream.on('end', onStreamEnd); stream.on('close', onStreamEnd); function onStreamEvent(data) { buf += data.toString(); pump(); function pump() { var pos; while ((pos = buf.indexOf('\n')) >= 0) { if (pos == 0) { buf = buf.slice(1); continue; } processLine(buf.slice(0, pos)); buf = buf.slice(pos + 1); } } function processLine(line) { if (line[line.length - 1] == '\r') line = line.substr(0, line.length - 1); if (line.length > 0) { var obj = JSON.parse(line); output.push(obj); if (onProgress) { onProgress(obj); } } } }; function onStreamError(err) { finished = true; stream.removeListener('data', onStreamEvent); stream.removeListener('error', onStreamError); stream.removeListener('end', onStreamEnd); stream.removeListener('close', onStreamEnd); onFinished(err, output); } function onStreamEnd() { if(!finished) onFinished(null, output); finished = true; } }; Modem.prototype.buildQuerystring = function (opts) { var clone = {}; // serialize map values as JSON strings, else querystring truncates. Object.keys(opts).map(function (key, i) { if (opts[key] && typeof opts[key] === 'object' && !Array.isArray(opts[key]) // Ref: https://docs.docker.com/engine/api/v1.40/#operation/ImageBuild // > cachefrom (string) JSON array of images used for build cache resolution. || key === 'cachefrom' ) { clone[key] = JSON.stringify(opts[key]); } else { clone[key] = opts[key]; } }); return querystring.stringify(clone); }; module.exports = Modem; /***/ }), /***/ 7964: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var Client = __nccwpck_require__(5869).Client, http = __nccwpck_require__(8605); module.exports = function(opt) { var conn = new Client(); var agent = new http.Agent(); agent.createConnection = function(options, fn) { conn.once('ready', function() { conn.exec('docker system dial-stdio', function(err, stream) { if (err) { conn.end(); agent.destroy(); return; } fn(null, stream); stream.once('close', () => { conn.end(); agent.destroy(); }); }); }).connect(opt); conn.once('end', () => agent.destroy()); }; return agent; }; /***/ }), /***/ 4967: /***/ ((module) => { // https://github.com/HenrikJoreteg/extend-object/blob/v0.1.0/extend-object.js var arr = []; var each = arr.forEach; var slice = arr.slice; module.exports.extend = function(obj) { each.call(slice.call(arguments, 1), function(source) { if (source) { for (var prop in source) { obj[prop] = source[prop]; } } }); return obj; }; module.exports.parseJSON = function(s) { try { return JSON.parse(s); } catch (e) { return null; } }; /***/ }), /***/ 5004: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var util = __nccwpck_require__(1604); /** * Represents a config * @param {Object} modem docker-modem * @param {String} id Config's id */ var Config = function(modem, id) { this.modem = modem; this.id = id; }; Config.prototype[__nccwpck_require__(1669).inspect.custom] = function() { return this; }; /** * Inspect * * @param {Object} opts Options (optional) * @param {Function} callback Callback, if specified Docker will be queried. * @return {Object} Name only if callback isn't specified. */ Config.prototype.inspect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/configs/' + this.id, method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'config not found', 500: 'server error', 503: 'node is not part of a swarm' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Update a config. * * @param {object} opts * @param {function} callback */ Config.prototype.update = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/configs/' + this.id + '/update?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'config not found', 500: 'server error', 503: 'node is not part of a swarm' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Removes the config * @param {[Object]} opts Remove options (optional) * @param {Function} callback Callback */ Config.prototype.remove = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/configs/' + this.id, method: 'DELETE', abortSignal: opts.abortSignal, statusCodes: { 200: true, 204: true, 404: 'config not found', 500: 'server error', 503: 'node is not part of a swarm' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; module.exports = Config; /***/ }), /***/ 5815: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var extend = __nccwpck_require__(1604).extend, Exec = __nccwpck_require__(3149), util = __nccwpck_require__(1604); /** * Represents a Container * @param {Object} modem docker-modem * @param {String} id Container's ID */ var Container = function(modem, id) { this.modem = modem; this.id = id; this.defaultOptions = { top: {}, start: {}, commit: {}, stop: {}, pause: {}, unpause: {}, restart: {}, resize: {}, attach: {}, remove: {}, copy: {}, kill: {}, exec: {}, rename: {}, log: {}, stats: {}, getArchive: {}, infoArchive: {}, putArchive: {}, update: {}, wait: {} }; }; Container.prototype[__nccwpck_require__(1669).inspect.custom] = function() { return this; }; /** * Inspect * @param {Object} opts Options (optional) * @param {Function} callback Callback, if supplied will query Docker. * @return {Object} ID only and only if callback isn't supplied. */ Container.prototype.inspect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/containers/' + this.id + '/json?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'no such container', 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Rename * @param {Object} opts Rename options * @param {Function} callback Callback */ Container.prototype.rename = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.rename); var optsf = { path: '/containers/' + this.id + '/rename?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 204: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Update * @param {Object} opts Update options * @param {Function} callback Callback */ Container.prototype.update = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.update); var optsf = { path: '/containers/' + this.id + '/update', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 204: true, 400: 'bad parameter', 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Top * @param {Object} opts like 'ps_args' (optional) * @param {Function} callback Callback */ Container.prototype.top = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.top); var optsf = { path: '/containers/' + this.id + '/top?', method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Containers changes * @param {Object} Options * @param {Function} callback Callback */ Container.prototype.changes = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/containers/' + this.id + '/changes', method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'no such container', 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Checkpoints list * @param {Object} opts List checkpoints options (optional) * @param {Function} callback Callback */ Container.prototype.listCheckpoint = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/containers/' + this.id + '/checkpoints?', method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Delete checkpoint * @param {Object} opts Delete checkpoint options (optional) * @param {Function} callback Callback */ Container.prototype.deleteCheckpoint = function(checkpoint, opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/containers/' + this.id + '/checkpoints/' + checkpoint + '?', method: 'DELETE', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 204: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Create checkpoint * @param {Object} opts Create checkpoint options (optional) * @param {Function} callback Callback */ Container.prototype.createCheckpoint = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/containers/' + this.id + '/checkpoints', method: 'POST', abortSignal: args.opts.abortSignal, allowEmpty: true, statusCodes: { 200: true, //unofficial, but proxies may return it 204: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Export * @param {Object} opts Options (optional) * @param {Function} callback Callback with the octet-stream. */ Container.prototype.export = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/containers/' + this.id + '/export', method: 'GET', abortSignal: args.opts.abortSignal, isStream: true, statusCodes: { 200: true, 404: 'no such container', 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Start * @param {Object} opts Container start options (optional) * @param {Function} callback Callback */ Container.prototype.start = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.start); var optsf = { path: '/containers/' + this.id + '/start?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 204: true, 304: 'container already started', 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Pause * @param {Object} opts Pause options (optional) * @param {Function} callback Callback */ Container.prototype.pause = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.pause); var optsf = { path: '/containers/' + this.id + '/pause', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 204: true, 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Unpause * @param {Object} opts Unpause options (optional) * @param {Function} callback Callback */ Container.prototype.unpause = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.unpause); var optsf = { path: '/containers/' + this.id + '/unpause', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 204: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Setup an exec call to a running container * * @param {object} opts * @param {function} callback */ Container.prototype.exec = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.exec); var optsf = { path: '/containers/' + this.id + '/exec', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 201: true, 404: 'no such container', 409: 'container stopped/paused', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(new Exec(self.modem, data.Id)); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return args.callback(err, data); args.callback(err, new Exec(self.modem, data.Id)); }); } }; /** * Commit * @param {Object} opts Commit options like 'Hostname' (optional) * @param {Function} callback Callback */ Container.prototype.commit = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.commit); args.opts.container = this.id; var optsf = { path: '/commit?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 201: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Stop * @param {Object} opts Container stop options, like 't' (optional) * @param {Function} callback Callback */ Container.prototype.stop = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.stop); var optsf = { path: '/containers/' + this.id + '/stop?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 204: true, 304: 'container already stopped', 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Restart * @param {Object} opts Container restart options, like 't' (optional) * @param {Function} callback Callback */ Container.prototype.restart = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.restart); var optsf = { path: '/containers/' + this.id + '/restart?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 204: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Kill * @param {Object} opts Container kill options, like 'signal' (optional) * @param {Function} callback Callback */ Container.prototype.kill = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.kill); var optsf = { path: '/containers/' + this.id + '/kill?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 204: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Container resize * @param {[type]} opts Resize options. (optional) * @param {Function} callback Callback */ Container.prototype.resize = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.resize); var optsf = { path: '/containers/' + this.id + '/resize?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 400: 'bad parameter', 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Attach * @param {Object} opts Attach options, like 'logs' (optional) * @param {Function} callback Callback with stream. */ Container.prototype.attach = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.attach); var optsf = { path: '/containers/' + this.id + '/attach?', method: 'POST', abortSignal: args.opts.abortSignal, isStream: true, hijack: args.opts.hijack, openStdin: args.opts.stdin, statusCodes: { 200: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, stream) { if (err) { return reject(err); } resolve(stream); }); }); } else { this.modem.dial(optsf, function(err, stream) { args.callback(err, stream); }); } }; /** * Waits for a container to end. * @param {[type]} opts Container wait options, like condition. (optional) * @param {Function} callback Callback */ Container.prototype.wait = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.wait); var optsf = { path: '/containers/' + this.id + '/wait?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 400: 'bad parameter', 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Removes a container * @param {Object} opts Remove options, like 'force' (optional) * @param {Function} callback Callback */ Container.prototype.remove = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.remove); var optsf = { path: '/containers/' + this.id + '?', method: 'DELETE', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 204: true, 400: 'bad parameter', 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Copy (WARNING: DEPRECATED since RAPI v1.20) * @param {Object} opts Copy options, like 'Resource' (optional) * @param {Function} callback Callback with stream. */ Container.prototype.copy = function(opts, callback) { var self = this; console.log('container.copy is deprecated since Docker v1.8.x'); var args = util.processArgs(opts, callback, this.defaultOptions.copy); var optsf = { path: '/containers/' + this.id + '/copy', method: 'POST', abortSignal: args.opts.abortSignal, isStream: true, statusCodes: { 200: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * getArchive * @param {Object} opts Archive options, like 'path' * @param {Function} callback Callback with stream. */ Container.prototype.getArchive = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.getArchive); var optsf = { path: '/containers/' + this.id + '/archive?', method: 'GET', abortSignal: args.opts.abortSignal, isStream: true, statusCodes: { 200: true, 400: 'client error, bad parameters', 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * infoArchive * @param {Object} opts Archive options, like 'path' * @param {Function} callback Callback with stream. */ Container.prototype.infoArchive = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.infoArchive); var optsf = { path: '/containers/' + this.id + '/archive?', method: 'HEAD', abortSignal: args.opts.abortSignal, isStream: true, statusCodes: { 200: true, 400: 'client error, bad parameters', 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * putArchive * @param {Object} opts Archive options, like 'path' * @param {Function} callback Callback with stream. */ Container.prototype.putArchive = function(file, opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.putArchive); var optsf = { path: '/containers/' + this.id + '/archive?', method: 'PUT', file: file, abortSignal: args.opts.abortSignal, isStream: true, statusCodes: { 200: true, 400: 'client error, bad parameters', 403: 'client error, permission denied', 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Container logs * @param {Object} opts Logs options. (optional) * @param {Function} callback Callback with data */ Container.prototype.logs = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.log); var optsf = { path: '/containers/' + this.id + '/logs?', method: 'GET', abortSignal: args.opts.abortSignal, isStream: args.opts.follow || false, statusCodes: { 200: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Container stats * @param {Object} opts Stats options. (optional) * @param {Function} callback Callback with data */ Container.prototype.stats = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.stats); var isStream = true; if (args.opts.stream === false) { isStream = false; } var optsf = { path: '/containers/' + this.id + '/stats?', method: 'GET', abortSignal: args.opts.abortSignal, isStream: isStream, statusCodes: { 200: true, 404: 'no such container', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; module.exports = Container; /***/ }), /***/ 4571: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var EventEmitter = __nccwpck_require__(8614).EventEmitter, Modem = __nccwpck_require__(6042), tar = __nccwpck_require__(366), zlib = __nccwpck_require__(8761), Container = __nccwpck_require__(5815), Image = __nccwpck_require__(6689), Volume = __nccwpck_require__(4877), Network = __nccwpck_require__(9780), Service = __nccwpck_require__(8866), Plugin = __nccwpck_require__(6606), Secret = __nccwpck_require__(9934), Config = __nccwpck_require__(5004), Task = __nccwpck_require__(1385), Node = __nccwpck_require__(2297), Exec = __nccwpck_require__(3149), util = __nccwpck_require__(1604), extend = util.extend; var Docker = function(opts) { if (!(this instanceof Docker)) return new Docker(opts); var plibrary = global.Promise; if (opts && opts.Promise) { plibrary = opts.Promise; if (Object.keys(opts).length === 1) { opts = undefined; } } this.modem = new Modem(opts); this.modem.Promise = plibrary; }; /** * Creates a new container * @param {Object} opts Create options * @param {Function} callback Callback */ Docker.prototype.createContainer = function(opts, callback) { var self = this; var optsf = { path: '/containers/create?', method: 'POST', options: opts, authconfig: opts.authconfig, abortSignal: opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 201: true, 404: 'no such container', 406: 'impossible to attach', 500: 'server error' } }; delete opts.authconfig; if (callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(self.getContainer(data.Id)); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return callback(err, data); callback(err, self.getContainer(data.Id)); }); } }; /** * Creates a new image * @param {Object} auth Authentication (optional) * @param {Object} opts Create options * @param {Function} callback Callback */ Docker.prototype.createImage = function(auth, opts, callback) { var self = this; if (!callback && typeof opts === 'function') { callback = opts; opts = auth; auth = opts.authconfig || undefined; } else if (!callback && !opts) { opts = auth; auth = opts.authconfig; } var optsf = { path: '/images/create?', method: 'POST', options: opts, authconfig: auth, abortSignal: opts.abortSignal, isStream: true, statusCodes: { 200: true, 500: 'server error' } }; if (callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { callback(err, data); }); } }; /** * Load image * @param {String} file File * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.loadImage = function(file, opts, callback) { var self = this; if (!callback && typeof opts === 'function') { callback = opts; opts = null; } var optsf = { path: '/images/load?', method: 'POST', options: opts, file: file, abortSignal: opts && opts.abortSignal, isStream: true, statusCodes: { 200: true, 500: 'server error' } }; if (callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { callback(err, data); }); } }; /** * Import image from a tar archive * @param {String} file File * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.importImage = function(file, opts, callback) { var self = this; if (!callback && typeof opts === 'function') { callback = opts; opts = undefined; } if (!opts) opts = {}; opts.fromSrc = '-'; var optsf = { path: '/images/create?', method: 'POST', options: opts, file: file, abortSignal: opts.abortSignal, isStream: true, statusCodes: { 200: true, 500: 'server error' } }; if (callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { callback(err, data); }); } }; /** * Verifies auth * @param {Object} opts Options * @param {Function} callback Callback */ Docker.prototype.checkAuth = function(opts, callback) { var self = this; var optsf = { path: '/auth', method: 'POST', options: opts, abortSignal: opts.abortSignal, statusCodes: { 200: true, 204: true, 500: 'server error' } }; if (callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { callback(err, data); }); } }; /** * Builds an image * @param {String} file File * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.buildImage = function(file, opts, callback) { var self = this; if (!callback && typeof opts === 'function') { callback = opts; opts = null; } function build(file) { var optsf = { path: '/build?', method: 'POST', file: file, options: opts, abortSignal: opts && opts.abortSignal, isStream: true, statusCodes: { 200: true, 500: 'server error' } }; if (opts) { if (opts.registryconfig) { optsf.registryconfig = optsf.options.registryconfig; delete optsf.options.registryconfig; } //undocumented? if (opts.authconfig) { optsf.authconfig = optsf.options.authconfig; delete optsf.options.authconfig; } } if (callback === undefined) { return new self.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { self.modem.dial(optsf, function(err, data) { callback(err, data); }); } } if (file && file.context) { var pack = tar.pack(file.context, { entries: file.src }); return build(pack.pipe(zlib.createGzip())); } else { return build(file); } }; /** * Fetches a Container by ID * @param {String} id Container's ID */ Docker.prototype.getContainer = function(id) { return new Container(this.modem, id); }; /** * Fetches an Image by name * @param {String} name Image's name */ Docker.prototype.getImage = function(name) { return new Image(this.modem, name); }; /** * Fetches a Volume by name * @param {String} name Volume's name */ Docker.prototype.getVolume = function(name) { return new Volume(this.modem, name); }; /** * Fetches a Plugin by name * @param {String} name Volume's name */ Docker.prototype.getPlugin = function(name, remote) { return new Plugin(this.modem, name, remote); }; /** * Fetches a Service by id * @param {String} id Services's id */ Docker.prototype.getService = function(id) { return new Service(this.modem, id); }; /** * Fetches a Task by id * @param {String} id Task's id */ Docker.prototype.getTask = function(id) { return new Task(this.modem, id); }; /** * Fetches Node by id * @param {String} id Node's id */ Docker.prototype.getNode = function(id) { return new Node(this.modem, id); }; /** * Fetches a Network by id * @param {String} id network's id */ Docker.prototype.getNetwork = function(id) { return new Network(this.modem, id); }; /** * Fetches a Secret by id * @param {String} id network's id */ Docker.prototype.getSecret = function(id) { return new Secret(this.modem, id); }; /** * Fetches a Config by id * @param {String} id network's id */ Docker.prototype.getConfig = function(id) { return new Config(this.modem, id); }; /** * Fetches an Exec instance by ID * @param {String} id Exec instance's ID */ Docker.prototype.getExec = function(id) { return new Exec(this.modem, id); }; /** * Lists containers * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.listContainers = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/containers/json?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 400: 'bad parameter', 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Lists images * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.listImages = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/images/json?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 400: 'bad parameter', 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Get images * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.getImages = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/images/get?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, isStream: true, statusCodes: { 200: true, 400: 'bad parameter', 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Lists Services * @param {Object} opts * @param {Function} callback Callback */ Docker.prototype.listServices = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/services?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Lists Nodes * @param {Object} opts * @param {Function} callback Callback */ Docker.prototype.listNodes = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/nodes?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 400: 'bad parameter', 404: 'no such node', 500: 'server error', 503: 'node is not part of a swarm', } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Lists Tasks * @param {Object} opts * @param {Function} callback Callback */ Docker.prototype.listTasks = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/tasks?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Creates a new secret * @param {Object} opts Create options * @param {Function} callback Callback */ Docker.prototype.createSecret = function(opts, callback) { var args = util.processArgs(opts, callback); var self = this; var optsf = { path: '/secrets/create?', method: 'POST', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 201: true, 406: 'server error or node is not part of a swarm', 409: 'name conflicts with an existing object', 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(self.getSecret(data.ID)); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return args.callback(err, data); args.callback(err, self.getSecret(data.ID)); }); } }; /** * Creates a new config * @param {Object} opts Config options * @param {Function} callback Callback */ Docker.prototype.createConfig = function(opts, callback) { var args = util.processArgs(opts, callback); var self = this; var optsf = { path: '/configs/create?', method: 'POST', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 201: true, 406: 'server error or node is not part of a swarm', 409: 'name conflicts with an existing object', 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(self.getConfig(data.ID)); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return args.callback(err, data); args.callback(err, self.getConfig(data.ID)); }); } }; /** * Lists secrets * @param {Object} opts * @param {Function} callback Callback */ Docker.prototype.listSecrets = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/secrets?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Lists configs * @param {Object} opts * @param {Function} callback Callback */ Docker.prototype.listConfigs = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/configs?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Creates a new plugin * @param {Object} opts Create options * @param {Function} callback Callback */ Docker.prototype.createPlugin = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/plugins/create?', method: 'POST', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 204: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(self.getPlugin(args.opts.name)); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return args.callback(err, data); args.callback(err, self.getPlugin(args.opts.name)); }); } }; /** * Lists plugins * @param {Object} opts * @param {Function} callback Callback */ Docker.prototype.listPlugins = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/plugins?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Prune images * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.pruneImages = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/images/prune?', method: 'POST', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Prune builder * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.pruneBuilder = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/build/prune', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Prune containers * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.pruneContainers = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/containers/prune?', method: 'POST', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Prune volumes * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.pruneVolumes = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/volumes/prune?', method: 'POST', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Prune networks * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.pruneNetworks = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/networks/prune?', method: 'POST', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Creates a new volume * @param {Object} opts Create options * @param {Function} callback Callback */ Docker.prototype.createVolume = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/volumes/create?', method: 'POST', allowEmpty: true, options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 201: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(self.getVolume(data.Name)); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return args.callback(err, data); args.callback(err, self.getVolume(data.Name)); }); } }; /** * Creates a new service * @param {Object} auth * @param {Object} opts Create options * @param {Function} callback Callback */ Docker.prototype.createService = function(auth, opts, callback) { if (!callback && typeof opts === 'function') { callback = opts; opts = auth; auth = opts.authconfig || undefined; } else if (!opts && !callback) { opts = auth; } var self = this; var optsf = { path: '/services/create', method: 'POST', options: opts, authconfig: auth, abortSignal: opts && opts.abortSignal, statusCodes: { 200: true, 201: true, 500: 'server error' } }; if (callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(self.getService(data.ID || data.Id)); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return callback(err, data); callback(err, self.getService(data.ID || data.Id)); }); } }; /** * Lists volumes * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.listVolumes = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/volumes?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 400: 'bad parameter', 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Creates a new network * @param {Object} opts Create options * @param {Function} callback Callback */ Docker.prototype.createNetwork = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/networks/create?', method: 'POST', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 201: true, 404: 'driver not found', 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(self.getNetwork(data.Id)); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return args.callback(err, data); args.callback(err, self.getNetwork(data.Id)); }); } }; /** * Lists networks * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.listNetworks = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/networks?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 400: 'bad parameter', 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Search images * @param {Object} opts Options * @param {Function} callback Callback */ Docker.prototype.searchImages = function(opts, callback) { var self = this; var optsf = { path: '/images/search?', method: 'GET', options: opts, authconfig: opts.authconfig, abortSignal: opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { callback(err, data); }); } }; /** * Info * @param {Object} opts Options (optional) * @param {Function} callback Callback with info */ Docker.prototype.info = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var opts = { path: '/info', method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(opts, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(opts, function(err, data) { args.callback(err, data); }); } }; /** * Version * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.version = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var opts = { path: '/version', method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(opts, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(opts, function(err, data) { args.callback(err, data); }); } }; /** * Ping * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.ping = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/_ping', method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * SystemDf equivalent to system/df API Engine * get usage data information * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.df = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/system/df', method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Events * @param {Object} opts Events options, like 'since' (optional) * @param {Function} callback Callback */ Docker.prototype.getEvents = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/events?', method: 'GET', options: args.opts, abortSignal: args.opts.abortSignal, isStream: true, statusCodes: { 200: true, 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Pull is a wrapper around createImage, parsing image's tags. * @param {String} repoTag Repository tag * @param {Object} opts Options (optional) * @param {Function} callback Callback * @param {Object} auth Authentication (optional) * @return {Object} Image */ Docker.prototype.pull = function(repoTag, opts, callback, auth) { var args = util.processArgs(opts, callback); var imageSrc = util.parseRepositoryTag(repoTag); args.opts.fromImage = imageSrc.repository; args.opts.tag = imageSrc.tag || 'latest'; var argsf = [args.opts, args.callback]; if (auth) { argsf = [auth, args.opts, args.callback]; } return this.createImage.apply(this, argsf); }; /** * Like run command from Docker's CLI * @param {String} image Image name to be used. * @param {Array} cmd Command to run in array format. * @param {Object} streamo Output stream * @param {Object} createOptions Container create options (optional) * @param {Object} startOptions Container start options (optional) * @param {Function} callback Callback * @return {Object} EventEmitter */ Docker.prototype.run = function(image, cmd, streamo, createOptions, startOptions, callback) { if (typeof arguments[arguments.length - 1] === 'function') { return this.runCallback(image, cmd, streamo, createOptions, startOptions, callback); } else { return this.runPromise(image, cmd, streamo, createOptions, startOptions); } }; Docker.prototype.runCallback = function(image, cmd, streamo, createOptions, startOptions, callback) { if (!callback && typeof createOptions === 'function') { callback = createOptions; createOptions = {}; startOptions = {}; } else if (!callback && typeof startOptions === 'function') { callback = startOptions; startOptions = {}; } var hub = new EventEmitter(); function handler(err, container) { if (err) return callback(err, null, container); hub.emit('container', container); container.attach({ stream: true, stdout: true, stderr: true }, function handler(err, stream) { if (err) return callback(err, null, container); hub.emit('stream', stream); if (streamo) { if (streamo instanceof Array) { stream.on('end', function() { try { streamo[0].end(); } catch (e) {} try { streamo[1].end(); } catch (e) {} }); container.modem.demuxStream(stream, streamo[0], streamo[1]); } else { stream.setEncoding('utf8'); stream.pipe(streamo, { end: true }); } } container.start(startOptions, function(err, data) { if (err) return callback(err, data, container); hub.emit('start', container); container.wait(function(err, data) { hub.emit('data', data); callback(err, data, container); }); }); }); } var optsc = { 'Hostname': '', 'User': '', 'AttachStdin': false, 'AttachStdout': true, 'AttachStderr': true, 'Tty': true, 'OpenStdin': false, 'StdinOnce': false, 'Env': null, 'Cmd': cmd, 'Image': image, 'Volumes': {}, 'VolumesFrom': [] }; extend(optsc, createOptions); this.createContainer(optsc, handler); return hub; }; Docker.prototype.runPromise = function(image, cmd, streamo, createOptions, startOptions) { var self = this; createOptions = createOptions || {}; startOptions = startOptions || {}; var optsc = { 'Hostname': '', 'User': '', 'AttachStdin': false, 'AttachStdout': true, 'AttachStderr': true, 'Tty': true, 'OpenStdin': false, 'StdinOnce': false, 'Env': null, 'Cmd': cmd, 'Image': image, 'Volumes': {}, 'VolumesFrom': [] }; extend(optsc, createOptions); var containero; return new this.modem.Promise(function(resolve, reject) { self.createContainer(optsc).then(function(container) { containero = container; return container.attach({ stream: true, stdout: true, stderr: true }); }).then(function(stream) { if (streamo) { if (streamo instanceof Array) { stream.on('end', function() { try { streamo[0].end(); } catch (e) {} try { streamo[1].end(); } catch (e) {} }); containero.modem.demuxStream(stream, streamo[0], streamo[1]); } else { stream.setEncoding('utf8'); stream.pipe(streamo, { end: true }); } } return containero.start(startOptions); }).then(function(data) { return containero.wait(); }).then(function(data) { resolve([data, containero]); }).catch(function(err) { reject(err); }); }); }; /** * Init swarm. * * @param {object} opts * @param {function} callback */ Docker.prototype.swarmInit = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/swarm/init', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 400: 'bad parameter', 406: 'node is already part of a Swarm' }, options: args.opts }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Join swarm. * * @param {object} opts * @param {function} callback */ Docker.prototype.swarmJoin = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/swarm/join', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 400: 'bad parameter', 406: 'node is already part of a Swarm' }, options: args.opts }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Leave swarm. * * @param {object} opts * @param {function} callback */ Docker.prototype.swarmLeave = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/swarm/leave?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 406: 'node is not part of a Swarm' }, options: args.opts }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Update swarm. * * @param {object} opts * @param {function} callback */ Docker.prototype.swarmUpdate = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/swarm/update?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 400: 'bad parameter', 406: 'node is already part of a Swarm' }, options: args.opts }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Inspect a Swarm. * Warning: This method is not documented in the API * * @param {Object} opts Options (optional) * @param {Function} callback Callback */ Docker.prototype.swarmInspect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/swarm', method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 406: 'This node is not a swarm manager', 500: 'server error' } }; if (args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; Docker.Container = Container; Docker.Image = Image; Docker.Volume = Volume; Docker.Network = Network; Docker.Service = Service; Docker.Plugin = Plugin; Docker.Secret = Secret; Docker.Task = Task; Docker.Node = Node; Docker.Exec = Exec; module.exports = Docker; /***/ }), /***/ 3149: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var util = __nccwpck_require__(1604); /** * Represents an Exec * @param {Object} modem docker-modem * @param {String} id Exec's ID */ var Exec = function(modem, id) { this.modem = modem; this.id = id; }; Exec.prototype[__nccwpck_require__(1669).inspect.custom] = function() { return this; }; /** * Start the exec call that was setup. * * @param {object} opts * @param {function} callback */ Exec.prototype.start = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/exec/' + this.id + '/start', method: 'POST', abortSignal: args.opts.abortSignal, isStream: true, allowEmpty: true, hijack: args.opts.hijack, openStdin: args.opts.stdin, statusCodes: { 200: true, 204: true, 404: 'no such exec', 409: 'container stopped/paused', 500: 'container not running' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return args.callback(err, data); args.callback(err, data); }); } }; /** * Resize the exec call that was setup. * * @param {object} opts * @param {function} callback */ Exec.prototype.resize = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/exec/' + this.id + '/resize?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'no such exec', 500: 'container not running' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return args.callback(err, data); args.callback(err, data); }); } }; /** * Get low-level information about the exec call. * * @param {Object} opts Options (optional) * @param {function} callback */ Exec.prototype.inspect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/exec/' + this.id + '/json', method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'no such exec', 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return callback(err, data); args.callback(err, data); }); } }; module.exports = Exec; /***/ }), /***/ 6689: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var util = __nccwpck_require__(1604); /** * Represents an image * @param {Object} modem docker-modem * @param {String} name Image's name */ var Image = function(modem, name) { this.modem = modem; this.name = name; }; Image.prototype[__nccwpck_require__(1669).inspect.custom] = function() { return this; }; /** * Inspect * @param {Function} callback Callback, if specified Docker will be queried. * @return {Object} Name only if callback isn't specified. */ Image.prototype.inspect = function(callback) { var self = this; var opts = { path: '/images/' + this.name + '/json', method: 'GET', statusCodes: { 200: true, 404: 'no such image', 500: 'server error' } }; if(callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(opts, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(opts, function(err, data) { if (err) return callback(err, data); callback(err, data); }); } }; /** * Distribution * @param {Object} opts * @param {Function} callback Callback, if specified Docker will be queried. * @return {Object} Name only if callback isn't specified. */ Image.prototype.distribution = function(opts, callback) { var args = util.processArgs(opts, callback); var self = this; var fopts = { path: '/distribution/' + this.name + '/json', method: 'GET', statusCodes: { 200: true, 401: 'no such image', 500: 'server error' }, authconfig: (args.opts) ? args.opts.authconfig : undefined }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(fopts, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(fopts, function(err, data) { if (err) return args.callback(err, data); args.callback(err, data); }); } }; /** * History * @param {Function} callback Callback */ Image.prototype.history = function(callback) { var self = this; var opts = { path: '/images/' + this.name + '/history', method: 'GET', statusCodes: { 200: true, 404: 'no such image', 500: 'server error' } }; if(callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(opts, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(opts, function(err, data) { if (err) return callback(err, data); callback(err, data); }); } }; /** * Get * @param {Function} callback Callback with data stream. */ Image.prototype.get = function(callback) { var self = this; var opts = { path: '/images/' + this.name + '/get', method: 'GET', isStream: true, statusCodes: { 200: true, 500: 'server error' } }; if(callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(opts, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(opts, function(err, data) { if (err) return callback(err, data); callback(err, data); }); } }; /** * Push * @param {Object} opts Push options, like 'registry' (optional) * @param {Function} callback Callback with stream. * @param {Object} auth Registry authentication */ Image.prototype.push = function(opts, callback, auth) { var self = this; var args = util.processArgs(opts, callback); var isStream = true; if (args.opts.stream === false) { isStream = false; } var optsf = { path: '/images/' + this.name + '/push?', method: 'POST', options: args.opts, authconfig: args.opts.authconfig || auth, abortSignal: args.opts.abortSignal, isStream: isStream, statusCodes: { 200: true, 404: 'no such image', 500: 'server error' } }; delete optsf.options.authconfig; if(callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { callback(err, data); }); } }; /** * Tag * @param {Object} opts Tag options, like 'repo' (optional) * @param {Function} callback Callback */ Image.prototype.tag = function(opts, callback) { var self = this; var optsf = { path: '/images/' + this.name + '/tag?', method: 'POST', options: opts, abortSignal: opts && opts.abortSignal, statusCodes: { 200: true, // unofficial, but proxies may return it 201: true, 400: 'bad parameter', 404: 'no such image', 409: 'conflict', 500: 'server error' } }; if(callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { callback(err, data); }); } }; /** * Removes the image * @param {[Object]} opts Remove options (optional) * @param {Function} callback Callback */ Image.prototype.remove = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/images/' + this.name + '?', method: 'DELETE', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'no such image', 409: 'conflict', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; module.exports = Image; /***/ }), /***/ 9780: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var util = __nccwpck_require__(1604); /** * Represents an network * @param {Object} modem docker-modem * @param {String} id Network's id */ var Network = function(modem, id) { this.modem = modem; this.id = id; }; Network.prototype[__nccwpck_require__(1669).inspect.custom] = function() { return this; }; /** * Inspect * @param {Function} callback Callback, if specified Docker will be queried. * @return {Object} Id only if callback isn't specified. */ Network.prototype.inspect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var opts = { path: '/networks/' + this.id + '?', method: 'GET', statusCodes: { 200: true, 404: 'no such network', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(opts, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(opts, function(err, data) { args.callback(err, data); }); } }; /** * Removes the network * @param {[Object]} opts Remove options (optional) * @param {Function} callback Callback */ Network.prototype.remove = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/networks/' + this.id, method: 'DELETE', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 204: true, 404: 'no such network', 409: 'conflict', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Connects a container to a network * @param {[Object]} opts Connect options (optional) * @param {Function} callback Callback */ Network.prototype.connect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/networks/' + this.id + '/connect', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 201: true, 404: 'network or container is not found', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Disconnects a container from a network * @param {[Object]} opts Disconnect options (optional) * @param {Function} callback Callback */ Network.prototype.disconnect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/networks/' + this.id + '/disconnect', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 201: true, 404: 'network or container is not found', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; module.exports = Network; /***/ }), /***/ 2297: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var util = __nccwpck_require__(1604); /** * Represents an Node * @param {Object} modem docker-modem * @param {String} id Node's ID */ var Node = function(modem, id) { this.modem = modem; this.id = id; }; Node.prototype[__nccwpck_require__(1669).inspect.custom] = function() { return this; }; /** * Query Docker for Node details. * * @param {Object} opts Options (optional) * @param {function} callback */ Node.prototype.inspect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/nodes/' + this.id, method: 'GET', abortSignal: args.abortSignal, statusCodes: { 200: true, 404: 'no such node', 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Update a node. * * @param {object} opts * @param {function} callback */ Node.prototype.update = function(opts, callback) { var self = this; if (!callback && typeof opts === 'function') { callback = opts; } var optsf = { path: '/nodes/' + this.id + '/update?', method: 'POST', abortSignal: opts && opts.abortSignal, statusCodes: { 200: true, 404: 'no such node', 406: 'node is not part of a swarm', 500: 'server error' }, options: opts }; if(callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { callback(err, data); }); } }; /** * Remove a Node. * Warning: This method is not documented in the API. * * @param {object} opts * @param {function} callback */ Node.prototype.remove = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/nodes/' + this.id + '?', method: 'DELETE', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'no such node', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; module.exports = Node; /***/ }), /***/ 6606: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var util = __nccwpck_require__(1604); /** * Represents a plugin * @param {Object} modem docker-modem * @param {String} name Plugin's name */ var Plugin = function(modem, name, remote) { this.modem = modem; this.name = name; this.remote = remote || name; }; Plugin.prototype[__nccwpck_require__(1669).inspect.custom] = function() { return this; }; /** * Inspect * * @param {Object} opts Options (optional) * @param {Function} callback Callback, if specified Docker will be queried. * @return {Object} Name only if callback isn't specified. */ Plugin.prototype.inspect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/plugins/' + this.name, method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'plugin is not installed', 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Removes the plugin * @param {[Object]} opts Remove options (optional) * @param {Function} callback Callback */ Plugin.prototype.remove = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/plugins/' + this.name + '?', method: 'DELETE', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'plugin is not installed', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { if (err) return args.callback(err, data); args.callback(err, data); }); } }; /** * get privileges * @param {Object} opts Options (optional) * @param {Function} callback Callback * @return {Object} Name only if callback isn't specified. */ Plugin.prototype.privileges = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/plugins/privileges?', method: 'GET', options: { 'remote': this.remote }, abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Installs a new plugin * @param {Object} opts Create options * @param {Function} callback Callback */ Plugin.prototype.pull = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); if(args.opts._query && !args.opts._query.name) { args.opts._query.name = this.name; } if(args.opts._query && !args.opts._query.remote) { args.opts._query.remote = this.remote; } var optsf = { path: '/plugins/pull?', method: 'POST', abortSignal: args.opts.abortSignal, isStream: true, options: args.opts, statusCodes: { 200: true, // unofficial, but proxies may return it 204: true, 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Enable * @param {Object} opts Plugin enable options (optional) * @param {Function} callback Callback */ Plugin.prototype.enable = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/plugins/' + this.name + '/enable?', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Disable * @param {Object} opts Plugin disable options (optional) * @param {Function} callback Callback */ Plugin.prototype.disable = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/plugins/' + this.name + '/disable', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Push * @param {Object} opts Plugin push options (optional) * @param {Function} callback Callback */ Plugin.prototype.push = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/plugins/' + this.name + '/push', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'plugin not installed', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * COnfigure * @param {Object} opts Plugin configure options (optional) * @param {Function} callback Callback */ Plugin.prototype.configure = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/plugins/' + this.name + '/set', method: 'POST', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'plugin not installed', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Upgrade plugin * * @param {object} auth * @param {object} opts * @param {function} callback */ Plugin.prototype.upgrade = function(auth, opts, callback) { var self = this; if (!callback && typeof opts === 'function') { callback = opts; opts = auth; auth = opts.authconfig || undefined; } var optsf = { path: '/plugins/' + this.name + '/upgrade?', method: 'POST', abortSignal: opts && opts.abortSignal, statusCodes: { 200: true, 204: true, 404: 'plugin not installed', 500: 'server error' }, authconfig: auth, options: opts }; if(callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { callback(err, data); }); } }; module.exports = Plugin; /***/ }), /***/ 9934: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var util = __nccwpck_require__(1604); /** * Represents a secret * @param {Object} modem docker-modem * @param {String} id Secret's id */ var Secret = function(modem, id) { this.modem = modem; this.id = id; }; Secret.prototype[__nccwpck_require__(1669).inspect.custom] = function() { return this; }; /** * Inspect * @param {Object} opts Options (optional) * @param {Function} callback Callback, if specified Docker will be queried. * @return {Object} Name only if callback isn't specified. */ Secret.prototype.inspect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/secrets/' + this.id, method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'secret not found', 406: 'node is not part of a swarm', 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Update a secret. * * @param {object} opts * @param {function} callback */ Secret.prototype.update = function(opts, callback) { var self = this; if (!callback && typeof opts === 'function') { callback = opts; } var optsf = { path: '/secrets/' + this.id + '/update?', method: 'POST', abortSignal: opts && opts.abortSignal, statusCodes: { 200: true, 404: 'secret not found', 500: 'server error' }, options: opts }; if(callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { callback(err, data); }); } }; /** * Removes the secret * @param {[Object]} opts Remove options (optional) * @param {Function} callback Callback */ Secret.prototype.remove = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/secrets/' + this.id, method: 'DELETE', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 204: true, 404: 'secret not found', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; module.exports = Secret; /***/ }), /***/ 8866: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var util = __nccwpck_require__(1604); /** * Represents an Service * @param {Object} modem docker-modem * @param {String} id Service's ID */ var Service = function(modem, id) { this.modem = modem; this.id = id; }; Service.prototype[__nccwpck_require__(1669).inspect.custom] = function() { return this; }; /** * Query Docker for service details. * * @param {Object} opts Options (optional) * @param {function} callback */ Service.prototype.inspect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/services/' + this.id, method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'no such service', 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Delete Service * * @param {Object} opts Options (optional) * @param {function} callback */ Service.prototype.remove = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/services/' + this.id, method: 'DELETE', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 204: true, 404: 'no such service', 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Update service * * @param {object} auth * @param {object} opts * @param {function} callback */ Service.prototype.update = function(auth, opts, callback) { var self = this; if (!callback) { var t = typeof opts; if(t === 'function'){ callback = opts; opts = auth; auth = opts.authconfig || undefined; } else if (t === 'undefined'){ opts = auth; auth = opts.authconfig || undefined; } } var optsf = { path: '/services/' + this.id + '/update?', method: 'POST', abortSignal: opts && opts.abortSignal, statusCodes: { 200: true, 404: 'no such service', 500: 'server error' }, authconfig: auth, options: opts }; if(callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { callback(err, data); }); } }; /** * Service logs * @param {Object} opts Logs options. (optional) * @param {Function} callback Callback with data */ Service.prototype.logs = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, {}); var optsf = { path: '/services/' + this.id + '/logs?', method: 'GET', abortSignal: args.opts.abortSignal, isStream: args.opts.follow || false, statusCodes: { 200: true, 404: 'no such service', 500: 'server error', 503: 'node is not part of a swarm' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; module.exports = Service; /***/ }), /***/ 1385: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var util = __nccwpck_require__(1604); /** * Represents an Task * @param {Object} modem docker-modem * @param {String} id Task's ID */ var Task = function(modem, id) { this.modem = modem; this.id = id; this.defaultOptions = { log: {} }; }; Task.prototype[__nccwpck_require__(1669).inspect.custom] = function() { return this; }; /** * Query Docker for Task details. * * @param {Object} opts Options (optional) * @param {function} callback */ Task.prototype.inspect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/tasks/' + this.id, method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'unknown task', 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Task logs * @param {Object} opts Logs options. (optional) * @param {Function} callback Callback with data */ Task.prototype.logs = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback, this.defaultOptions.log); var optsf = { path: '/tasks/' + this.id + '/logs?', method: 'GET', abortSignal: args.opts.abortSignal, isStream: args.opts.follow || false, statusCodes: { 101: true, 200: true, 404: 'no such container', 500: 'server error', 503: 'node is not part of a swarm' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; module.exports = Task; /***/ }), /***/ 1604: /***/ ((module) => { // https://github.com/HenrikJoreteg/extend-object/blob/v0.1.0/extend-object.js var arr = []; var each = arr.forEach; var slice = arr.slice; module.exports.extend = function(obj) { each.call(slice.call(arguments, 1), function(source) { if (source) { for (var prop in source) { obj[prop] = source[prop]; } } }); return obj; }; module.exports.processArgs = function(opts, callback, defaultOpts) { if (!callback && typeof opts === 'function') { callback = opts; opts = null; } return { callback: callback, opts: module.exports.extend({}, defaultOpts, opts) }; }; /** * Parse the given repo tag name (as a string) and break it out into repo/tag pair. * // if given the input http://localhost:8080/woot:latest * { * repository: 'http://localhost:8080/woot', * tag: 'latest' * } * @param {String} input Input e.g: 'repo/foo', 'ubuntu', 'ubuntu:latest' * @return {Object} input parsed into the repo and tag. */ module.exports.parseRepositoryTag = function(input) { var separatorPos; var digestPos = input.indexOf('@'); var colonPos = input.lastIndexOf(':'); // @ symbol is more important if (digestPos >= 0) { separatorPos = digestPos; } else if (colonPos >= 0) { separatorPos = colonPos; } else { // no colon nor @ return { repository: input }; } // last colon is either the tag (or part of a port designation) var tag = input.slice(separatorPos + 1); // if it contains a / its not a tag and is part of the url if (tag.indexOf('/') === -1) { return { repository: input.slice(0, separatorPos), tag: tag }; } return { repository: input }; }; /***/ }), /***/ 4877: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var util = __nccwpck_require__(1604); /** * Represents a volume * @param {Object} modem docker-modem * @param {String} name Volume's name */ var Volume = function(modem, name) { this.modem = modem; this.name = name; }; Volume.prototype[__nccwpck_require__(1669).inspect.custom] = function() { return this; }; /** * Inspect * @param {Object} opts Options (optional) * @param {Function} callback Callback, if specified Docker will be queried. * @return {Object} Name only if callback isn't specified. */ Volume.prototype.inspect = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/volumes/' + this.name, method: 'GET', abortSignal: args.opts.abortSignal, statusCodes: { 200: true, 404: 'no such volume', 500: 'server error' } }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; /** * Removes the volume * @param {[Object]} opts Remove options (optional) * @param {Function} callback Callback */ Volume.prototype.remove = function(opts, callback) { var self = this; var args = util.processArgs(opts, callback); var optsf = { path: '/volumes/' + this.name, method: 'DELETE', abortSignal: args.opts.abortSignal, statusCodes: { 204: true, 404: 'no such volume', 409: 'conflict', 500: 'server error' }, options: args.opts }; if(args.callback === undefined) { return new this.modem.Promise(function(resolve, reject) { self.modem.dial(optsf, function(err, data) { if (err) { return reject(err); } resolve(data); }); }); } else { this.modem.dial(optsf, function(err, data) { args.callback(err, data); }); } }; module.exports = Volume; /***/ }), /***/ 1205: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var once = __nccwpck_require__(1223); var noop = function() {}; var isRequest = function(stream) { return stream.setHeader && typeof stream.abort === 'function'; }; var isChildProcess = function(stream) { return stream.stdio && Array.isArray(stream.stdio) && stream.stdio.length === 3 }; var eos = function(stream, opts, callback) { if (typeof opts === 'function') return eos(stream, null, opts); if (!opts) opts = {}; callback = once(callback || noop); var ws = stream._writableState; var rs = stream._readableState; var readable = opts.readable || (opts.readable !== false && stream.readable); var writable = opts.writable || (opts.writable !== false && stream.writable); var cancelled = false; var onlegacyfinish = function() { if (!stream.writable) onfinish(); }; var onfinish = function() { writable = false; if (!readable) callback.call(stream); }; var onend = function() { readable = false; if (!writable) callback.call(stream); }; var onexit = function(exitCode) { callback.call(stream, exitCode ? new Error('exited with error code: ' + exitCode) : null); }; var onerror = function(err) { callback.call(stream, err); }; var onclose = function() { process.nextTick(onclosenexttick); }; var onclosenexttick = function() { if (cancelled) return; if (readable && !(rs && (rs.ended && !rs.destroyed))) return callback.call(stream, new Error('premature close')); if (writable && !(ws && (ws.ended && !ws.destroyed))) return callback.call(stream, new Error('premature close')); }; var onrequest = function() { stream.req.on('finish', onfinish); }; if (isRequest(stream)) { stream.on('complete', onfinish); stream.on('abort', onclose); if (stream.req) onrequest(); else stream.on('request', onrequest); } else if (writable && !ws) { // legacy streams stream.on('end', onlegacyfinish); stream.on('close', onlegacyfinish); } if (isChildProcess(stream)) stream.on('exit', onexit); stream.on('end', onend); stream.on('finish', onfinish); if (opts.error !== false) stream.on('error', onerror); stream.on('close', onclose); return function() { cancelled = true; stream.removeListener('complete', onfinish); stream.removeListener('abort', onclose); stream.removeListener('request', onrequest); if (stream.req) stream.req.removeListener('finish', onfinish); stream.removeListener('end', onlegacyfinish); stream.removeListener('close', onlegacyfinish); stream.removeListener('finish', onfinish); stream.removeListener('exit', onexit); stream.removeListener('end', onend); stream.removeListener('error', onerror); stream.removeListener('close', onclose); }; }; module.exports = eos; /***/ }), /***/ 1133: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var debug; module.exports = function () { if (!debug) { try { /* eslint global-require: off */ debug = __nccwpck_require__(8237)("follow-redirects"); } catch (error) { /* */ } if (typeof debug !== "function") { debug = function () { /* */ }; } } debug.apply(null, arguments); }; /***/ }), /***/ 7707: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var url = __nccwpck_require__(8835); var URL = url.URL; var http = __nccwpck_require__(8605); var https = __nccwpck_require__(7211); var Writable = __nccwpck_require__(2413).Writable; var assert = __nccwpck_require__(2357); var debug = __nccwpck_require__(1133); // Create handlers that pass events from native requests var events = ["abort", "aborted", "connect", "error", "socket", "timeout"]; var eventHandlers = Object.create(null); events.forEach(function (event) { eventHandlers[event] = function (arg1, arg2, arg3) { this._redirectable.emit(event, arg1, arg2, arg3); }; }); // Error types with codes var RedirectionError = createErrorType( "ERR_FR_REDIRECTION_FAILURE", "Redirected request failed" ); var TooManyRedirectsError = createErrorType( "ERR_FR_TOO_MANY_REDIRECTS", "Maximum number of redirects exceeded" ); var MaxBodyLengthExceededError = createErrorType( "ERR_FR_MAX_BODY_LENGTH_EXCEEDED", "Request body larger than maxBodyLength limit" ); var WriteAfterEndError = createErrorType( "ERR_STREAM_WRITE_AFTER_END", "write after end" ); // An HTTP(S) request that can be redirected function RedirectableRequest(options, responseCallback) { // Initialize the request Writable.call(this); this._sanitizeOptions(options); this._options = options; this._ended = false; this._ending = false; this._redirectCount = 0; this._redirects = []; this._requestBodyLength = 0; this._requestBodyBuffers = []; // Attach a callback if passed if (responseCallback) { this.on("response", responseCallback); } // React to responses of native requests var self = this; this._onNativeResponse = function (response) { self._processResponse(response); }; // Perform the first request this._performRequest(); } RedirectableRequest.prototype = Object.create(Writable.prototype); RedirectableRequest.prototype.abort = function () { abortRequest(this._currentRequest); this.emit("abort"); }; // Writes buffered data to the current native request RedirectableRequest.prototype.write = function (data, encoding, callback) { // Writing is not allowed if end has been called if (this._ending) { throw new WriteAfterEndError(); } // Validate input and shift parameters if necessary if (!(typeof data === "string" || typeof data === "object" && ("length" in data))) { throw new TypeError("data should be a string, Buffer or Uint8Array"); } if (typeof encoding === "function") { callback = encoding; encoding = null; } // Ignore empty buffers, since writing them doesn't invoke the callback // https://github.com/nodejs/node/issues/22066 if (data.length === 0) { if (callback) { callback(); } return; } // Only write when we don't exceed the maximum body length if (this._requestBodyLength + data.length <= this._options.maxBodyLength) { this._requestBodyLength += data.length; this._requestBodyBuffers.push({ data: data, encoding: encoding }); this._currentRequest.write(data, encoding, callback); } // Error when we exceed the maximum body length else { this.emit("error", new MaxBodyLengthExceededError()); this.abort(); } }; // Ends the current native request RedirectableRequest.prototype.end = function (data, encoding, callback) { // Shift parameters if necessary if (typeof data === "function") { callback = data; data = encoding = null; } else if (typeof encoding === "function") { callback = encoding; encoding = null; } // Write data if needed and end if (!data) { this._ended = this._ending = true; this._currentRequest.end(null, null, callback); } else { var self = this; var currentRequest = this._currentRequest; this.write(data, encoding, function () { self._ended = true; currentRequest.end(null, null, callback); }); this._ending = true; } }; // Sets a header value on the current native request RedirectableRequest.prototype.setHeader = function (name, value) { this._options.headers[name] = value; this._currentRequest.setHeader(name, value); }; // Clears a header value on the current native request RedirectableRequest.prototype.removeHeader = function (name) { delete this._options.headers[name]; this._currentRequest.removeHeader(name); }; // Global timeout for all underlying requests RedirectableRequest.prototype.setTimeout = function (msecs, callback) { var self = this; // Destroys the socket on timeout function destroyOnTimeout(socket) { socket.setTimeout(msecs); socket.removeListener("timeout", socket.destroy); socket.addListener("timeout", socket.destroy); } // Sets up a timer to trigger a timeout event function startTimer(socket) { if (self._timeout) { clearTimeout(self._timeout); } self._timeout = setTimeout(function () { self.emit("timeout"); clearTimer(); }, msecs); destroyOnTimeout(socket); } // Stops a timeout from triggering function clearTimer() { // Clear the timeout if (self._timeout) { clearTimeout(self._timeout); self._timeout = null; } // Clean up all attached listeners self.removeListener("abort", clearTimer); self.removeListener("error", clearTimer); self.removeListener("response", clearTimer); if (callback) { self.removeListener("timeout", callback); } if (!self.socket) { self._currentRequest.removeListener("socket", startTimer); } } // Attach callback if passed if (callback) { this.on("timeout", callback); } // Start the timer if or when the socket is opened if (this.socket) { startTimer(this.socket); } else { this._currentRequest.once("socket", startTimer); } // Clean up on events this.on("socket", destroyOnTimeout); this.on("abort", clearTimer); this.on("error", clearTimer); this.on("response", clearTimer); return this; }; // Proxy all other public ClientRequest methods [ "flushHeaders", "getHeader", "setNoDelay", "setSocketKeepAlive", ].forEach(function (method) { RedirectableRequest.prototype[method] = function (a, b) { return this._currentRequest[method](a, b); }; }); // Proxy all public ClientRequest properties ["aborted", "connection", "socket"].forEach(function (property) { Object.defineProperty(RedirectableRequest.prototype, property, { get: function () { return this._currentRequest[property]; }, }); }); RedirectableRequest.prototype._sanitizeOptions = function (options) { // Ensure headers are always present if (!options.headers) { options.headers = {}; } // Since http.request treats host as an alias of hostname, // but the url module interprets host as hostname plus port, // eliminate the host property to avoid confusion. if (options.host) { // Use hostname if set, because it has precedence if (!options.hostname) { options.hostname = options.host; } delete options.host; } // Complete the URL object when necessary if (!options.pathname && options.path) { var searchPos = options.path.indexOf("?"); if (searchPos < 0) { options.pathname = options.path; } else { options.pathname = options.path.substring(0, searchPos); options.search = options.path.substring(searchPos); } } }; // Executes the next native request (initial or redirect) RedirectableRequest.prototype._performRequest = function () { // Load the native protocol var protocol = this._options.protocol; var nativeProtocol = this._options.nativeProtocols[protocol]; if (!nativeProtocol) { this.emit("error", new TypeError("Unsupported protocol " + protocol)); return; } // If specified, use the agent corresponding to the protocol // (HTTP and HTTPS use different types of agents) if (this._options.agents) { var scheme = protocol.substr(0, protocol.length - 1); this._options.agent = this._options.agents[scheme]; } // Create the native request var request = this._currentRequest = nativeProtocol.request(this._options, this._onNativeResponse); this._currentUrl = url.format(this._options); // Set up event handlers request._redirectable = this; for (var e = 0; e < events.length; e++) { request.on(events[e], eventHandlers[events[e]]); } // End a redirected request // (The first request must be ended explicitly with RedirectableRequest#end) if (this._isRedirect) { // Write the request entity and end. var i = 0; var self = this; var buffers = this._requestBodyBuffers; (function writeNext(error) { // Only write if this request has not been redirected yet /* istanbul ignore else */ if (request === self._currentRequest) { // Report any write errors /* istanbul ignore if */ if (error) { self.emit("error", error); } // Write the next buffer if there are still left else if (i < buffers.length) { var buffer = buffers[i++]; /* istanbul ignore else */ if (!request.finished) { request.write(buffer.data, buffer.encoding, writeNext); } } // End the request if `end` has been called on us else if (self._ended) { request.end(); } } }()); } }; // Processes a response from the current native request RedirectableRequest.prototype._processResponse = function (response) { // Store the redirected response var statusCode = response.statusCode; if (this._options.trackRedirects) { this._redirects.push({ url: this._currentUrl, headers: response.headers, statusCode: statusCode, }); } // RFC7231§6.4: The 3xx (Redirection) class of status code indicates // that further action needs to be taken by the user agent in order to // fulfill the request. If a Location header field is provided, // the user agent MAY automatically redirect its request to the URI // referenced by the Location field value, // even if the specific status code is not understood. // If the response is not a redirect; return it as-is var location = response.headers.location; if (!location || this._options.followRedirects === false || statusCode < 300 || statusCode >= 400) { response.responseUrl = this._currentUrl; response.redirects = this._redirects; this.emit("response", response); // Clean up this._requestBodyBuffers = []; return; } // The response is a redirect, so abort the current request abortRequest(this._currentRequest); // Discard the remainder of the response to avoid waiting for data response.destroy(); // RFC7231§6.4: A client SHOULD detect and intervene // in cyclical redirections (i.e., "infinite" redirection loops). if (++this._redirectCount > this._options.maxRedirects) { this.emit("error", new TooManyRedirectsError()); return; } // RFC7231§6.4: Automatic redirection needs to done with // care for methods not known to be safe, […] // RFC7231§6.4.2–3: For historical reasons, a user agent MAY change // the request method from POST to GET for the subsequent request. if ((statusCode === 301 || statusCode === 302) && this._options.method === "POST" || // RFC7231§6.4.4: The 303 (See Other) status code indicates that // the server is redirecting the user agent to a different resource […] // A user agent can perform a retrieval request targeting that URI // (a GET or HEAD request if using HTTP) […] (statusCode === 303) && !/^(?:GET|HEAD)$/.test(this._options.method)) { this._options.method = "GET"; // Drop a possible entity and headers related to it this._requestBodyBuffers = []; removeMatchingHeaders(/^content-/i, this._options.headers); } // Drop the Host header, as the redirect might lead to a different host var currentHostHeader = removeMatchingHeaders(/^host$/i, this._options.headers); // If the redirect is relative, carry over the host of the last request var currentUrlParts = url.parse(this._currentUrl); var currentHost = currentHostHeader || currentUrlParts.host; var currentUrl = /^\w+:/.test(location) ? this._currentUrl : url.format(Object.assign(currentUrlParts, { host: currentHost })); // Determine the URL of the redirection var redirectUrl; try { redirectUrl = url.resolve(currentUrl, location); } catch (cause) { this.emit("error", new RedirectionError(cause)); return; } // Create the redirected request debug("redirecting to", redirectUrl); this._isRedirect = true; var redirectUrlParts = url.parse(redirectUrl); Object.assign(this._options, redirectUrlParts); // Drop confidential headers when redirecting to a less secure protocol // or to a different domain that is not a superdomain if (redirectUrlParts.protocol !== currentUrlParts.protocol && redirectUrlParts.protocol !== "https:" || redirectUrlParts.host !== currentHost && !isSubdomain(redirectUrlParts.host, currentHost)) { removeMatchingHeaders(/^(?:authorization|cookie)$/i, this._options.headers); } // Evaluate the beforeRedirect callback if (typeof this._options.beforeRedirect === "function") { var responseDetails = { headers: response.headers }; try { this._options.beforeRedirect.call(null, this._options, responseDetails); } catch (err) { this.emit("error", err); return; } this._sanitizeOptions(this._options); } // Perform the redirected request try { this._performRequest(); } catch (cause) { this.emit("error", new RedirectionError(cause)); } }; // Wraps the key/value object of protocols with redirect functionality function wrap(protocols) { // Default settings var exports = { maxRedirects: 21, maxBodyLength: 10 * 1024 * 1024, }; // Wrap each protocol var nativeProtocols = {}; Object.keys(protocols).forEach(function (scheme) { var protocol = scheme + ":"; var nativeProtocol = nativeProtocols[protocol] = protocols[scheme]; var wrappedProtocol = exports[scheme] = Object.create(nativeProtocol); // Executes a request, following redirects function request(input, options, callback) { // Parse parameters if (typeof input === "string") { var urlStr = input; try { input = urlToOptions(new URL(urlStr)); } catch (err) { /* istanbul ignore next */ input = url.parse(urlStr); } } else if (URL && (input instanceof URL)) { input = urlToOptions(input); } else { callback = options; options = input; input = { protocol: protocol }; } if (typeof options === "function") { callback = options; options = null; } // Set defaults options = Object.assign({ maxRedirects: exports.maxRedirects, maxBodyLength: exports.maxBodyLength, }, input, options); options.nativeProtocols = nativeProtocols; assert.equal(options.protocol, protocol, "protocol mismatch"); debug("options", options); return new RedirectableRequest(options, callback); } // Executes a GET request, following redirects function get(input, options, callback) { var wrappedRequest = wrappedProtocol.request(input, options, callback); wrappedRequest.end(); return wrappedRequest; } // Expose the properties on the wrapped protocol Object.defineProperties(wrappedProtocol, { request: { value: request, configurable: true, enumerable: true, writable: true }, get: { value: get, configurable: true, enumerable: true, writable: true }, }); }); return exports; } /* istanbul ignore next */ function noop() { /* empty */ } // from https://github.com/nodejs/node/blob/master/lib/internal/url.js function urlToOptions(urlObject) { var options = { protocol: urlObject.protocol, hostname: urlObject.hostname.startsWith("[") ? /* istanbul ignore next */ urlObject.hostname.slice(1, -1) : urlObject.hostname, hash: urlObject.hash, search: urlObject.search, pathname: urlObject.pathname, path: urlObject.pathname + urlObject.search, href: urlObject.href, }; if (urlObject.port !== "") { options.port = Number(urlObject.port); } return options; } function removeMatchingHeaders(regex, headers) { var lastValue; for (var header in headers) { if (regex.test(header)) { lastValue = headers[header]; delete headers[header]; } } return (lastValue === null || typeof lastValue === "undefined") ? undefined : String(lastValue).trim(); } function createErrorType(code, defaultMessage) { function CustomError(cause) { Error.captureStackTrace(this, this.constructor); if (!cause) { this.message = defaultMessage; } else { this.message = defaultMessage + ": " + cause.message; this.cause = cause; } } CustomError.prototype = new Error(); CustomError.prototype.constructor = CustomError; CustomError.prototype.name = "Error [" + code + "]"; CustomError.prototype.code = code; return CustomError; } function abortRequest(request) { for (var e = 0; e < events.length; e++) { request.removeListener(events[e], eventHandlers[events[e]]); } request.on("error", noop); request.abort(); } function isSubdomain(subdomain, domain) { const dot = subdomain.length - domain.length - 1; return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain); } // Exports module.exports = wrap({ http: http, https: https }); module.exports.wrap = wrap; /***/ }), /***/ 3186: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { module.exports = __nccwpck_require__(5747).constants || __nccwpck_require__(7619) /***/ }), /***/ 1621: /***/ ((module) => { "use strict"; module.exports = (flag, argv = process.argv) => { const prefix = flag.startsWith('-') ? '' : (flag.length === 1 ? '-' : '--'); const position = argv.indexOf(prefix + flag); const terminatorPosition = argv.indexOf('--'); return position !== -1 && (terminatorPosition === -1 || position < terminatorPosition); }; /***/ }), /***/ 4124: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { try { var util = __nccwpck_require__(1669); /* istanbul ignore next */ if (typeof util.inherits !== 'function') throw ''; module.exports = util.inherits; } catch (e) { /* istanbul ignore next */ module.exports = __nccwpck_require__(8544); } /***/ }), /***/ 8544: /***/ ((module) => { if (typeof Object.create === 'function') { // implementation from standard node.js 'util' module module.exports = function inherits(ctor, superCtor) { if (superCtor) { ctor.super_ = superCtor ctor.prototype = Object.create(superCtor.prototype, { constructor: { value: ctor, enumerable: false, writable: true, configurable: true } }) } }; } else { // old school shim for old browsers module.exports = function inherits(ctor, superCtor) { if (superCtor) { ctor.super_ = superCtor var TempCtor = function () {} TempCtor.prototype = superCtor.prototype ctor.prototype = new TempCtor() ctor.prototype.constructor = ctor } } } /***/ }), /***/ 3287: /***/ ((__unused_webpack_module, exports) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); /*! * is-plain-object * * Copyright (c) 2014-2017, Jon Schlinkert. * Released under the MIT License. */ function isObject(o) { return Object.prototype.toString.call(o) === '[object Object]'; } function isPlainObject(o) { var ctor,prot; if (isObject(o) === false) return false; // If has modified constructor ctor = o.constructor; if (ctor === undefined) return true; // If has modified prototype prot = ctor.prototype; if (isObject(prot) === false) return false; // If constructor does not have an Object-specific method if (prot.hasOwnProperty('isPrototypeOf') === false) { return false; } // Most likely a plain Object return true; } exports.isPlainObject = isPlainObject; /***/ }), /***/ 7614: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var path = __nccwpck_require__(5622); var fs = __nccwpck_require__(5747); var _0777 = parseInt('0777', 8); module.exports = mkdirP.mkdirp = mkdirP.mkdirP = mkdirP; function mkdirP (p, opts, f, made) { if (typeof opts === 'function') { f = opts; opts = {}; } else if (!opts || typeof opts !== 'object') { opts = { mode: opts }; } var mode = opts.mode; var xfs = opts.fs || fs; if (mode === undefined) { mode = _0777 & (~process.umask()); } if (!made) made = null; var cb = f || function () {}; p = path.resolve(p); xfs.mkdir(p, mode, function (er) { if (!er) { made = made || p; return cb(null, made); } switch (er.code) { case 'ENOENT': mkdirP(path.dirname(p), opts, function (er, made) { if (er) cb(er, made); else mkdirP(p, opts, cb, made); }); break; // In the case of any other error, just see if there's a dir // there already. If so, then hooray! If not, then something // is borked. default: xfs.stat(p, function (er2, stat) { // if the stat fails, then that's super weird. // let the original error be the failure reason. if (er2 || !stat.isDirectory()) cb(er, made) else cb(null, made); }); break; } }); } mkdirP.sync = function sync (p, opts, made) { if (!opts || typeof opts !== 'object') { opts = { mode: opts }; } var mode = opts.mode; var xfs = opts.fs || fs; if (mode === undefined) { mode = _0777 & (~process.umask()); } if (!made) made = null; p = path.resolve(p); try { xfs.mkdirSync(p, mode); made = made || p; } catch (err0) { switch (err0.code) { case 'ENOENT' : made = sync(path.dirname(p), opts, made); sync(p, opts, made); break; // In the case of any other error, just see if there's a dir // there already. If so, then hooray! If not, then something // is borked. default: var stat; try { stat = xfs.statSync(p); } catch (err1) { throw err0; } if (!stat.isDirectory()) throw err0; break; } } return made; }; /***/ }), /***/ 900: /***/ ((module) => { /** * Helpers. */ var s = 1000; var m = s * 60; var h = m * 60; var d = h * 24; var w = d * 7; var y = d * 365.25; /** * Parse or format the given `val`. * * Options: * * - `long` verbose formatting [false] * * @param {String|Number} val * @param {Object} [options] * @throws {Error} throw an error if val is not a non-empty string or a number * @return {String|Number} * @api public */ module.exports = function(val, options) { options = options || {}; var type = typeof val; if (type === 'string' && val.length > 0) { return parse(val); } else if (type === 'number' && isFinite(val)) { return options.long ? fmtLong(val) : fmtShort(val); } throw new Error( 'val is not a non-empty string or a valid number. val=' + JSON.stringify(val) ); }; /** * Parse the given `str` and return milliseconds. * * @param {String} str * @return {Number} * @api private */ function parse(str) { str = String(str); if (str.length > 100) { return; } var match = /^(-?(?:\d+)?\.?\d+) *(milliseconds?|msecs?|ms|seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)?$/i.exec( str ); if (!match) { return; } var n = parseFloat(match[1]); var type = (match[2] || 'ms').toLowerCase(); switch (type) { case 'years': case 'year': case 'yrs': case 'yr': case 'y': return n * y; case 'weeks': case 'week': case 'w': return n * w; case 'days': case 'day': case 'd': return n * d; case 'hours': case 'hour': case 'hrs': case 'hr': case 'h': return n * h; case 'minutes': case 'minute': case 'mins': case 'min': case 'm': return n * m; case 'seconds': case 'second': case 'secs': case 'sec': case 's': return n * s; case 'milliseconds': case 'millisecond': case 'msecs': case 'msec': case 'ms': return n; default: return undefined; } } /** * Short format for `ms`. * * @param {Number} ms * @return {String} * @api private */ function fmtShort(ms) { var msAbs = Math.abs(ms); if (msAbs >= d) { return Math.round(ms / d) + 'd'; } if (msAbs >= h) { return Math.round(ms / h) + 'h'; } if (msAbs >= m) { return Math.round(ms / m) + 'm'; } if (msAbs >= s) { return Math.round(ms / s) + 's'; } return ms + 'ms'; } /** * Long format for `ms`. * * @param {Number} ms * @return {String} * @api private */ function fmtLong(ms) { var msAbs = Math.abs(ms); if (msAbs >= d) { return plural(ms, msAbs, d, 'day'); } if (msAbs >= h) { return plural(ms, msAbs, h, 'hour'); } if (msAbs >= m) { return plural(ms, msAbs, m, 'minute'); } if (msAbs >= s) { return plural(ms, msAbs, s, 'second'); } return ms + ' ms'; } /** * Pluralization helper. */ function plural(ms, msAbs, n, name) { var isPlural = msAbs >= n * 1.5; return Math.round(ms / n) + ' ' + name + (isPlural ? 's' : ''); } /***/ }), /***/ 467: /***/ ((module, exports, __nccwpck_require__) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; } var Stream = _interopDefault(__nccwpck_require__(2413)); var http = _interopDefault(__nccwpck_require__(8605)); var Url = _interopDefault(__nccwpck_require__(8835)); var whatwgUrl = _interopDefault(__nccwpck_require__(3323)); var https = _interopDefault(__nccwpck_require__(7211)); var zlib = _interopDefault(__nccwpck_require__(8761)); // Based on https://github.com/tmpvar/jsdom/blob/aa85b2abf07766ff7bf5c1f6daafb3726f2f2db5/lib/jsdom/living/blob.js // fix for "Readable" isn't a named export issue const Readable = Stream.Readable; const BUFFER = Symbol('buffer'); const TYPE = Symbol('type'); class Blob { constructor() { this[TYPE] = ''; const blobParts = arguments[0]; const options = arguments[1]; const buffers = []; let size = 0; if (blobParts) { const a = blobParts; const length = Number(a.length); for (let i = 0; i < length; i++) { const element = a[i]; let buffer; if (element instanceof Buffer) { buffer = element; } else if (ArrayBuffer.isView(element)) { buffer = Buffer.from(element.buffer, element.byteOffset, element.byteLength); } else if (element instanceof ArrayBuffer) { buffer = Buffer.from(element); } else if (element instanceof Blob) { buffer = element[BUFFER]; } else { buffer = Buffer.from(typeof element === 'string' ? element : String(element)); } size += buffer.length; buffers.push(buffer); } } this[BUFFER] = Buffer.concat(buffers); let type = options && options.type !== undefined && String(options.type).toLowerCase(); if (type && !/[^\u0020-\u007E]/.test(type)) { this[TYPE] = type; } } get size() { return this[BUFFER].length; } get type() { return this[TYPE]; } text() { return Promise.resolve(this[BUFFER].toString()); } arrayBuffer() { const buf = this[BUFFER]; const ab = buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength); return Promise.resolve(ab); } stream() { const readable = new Readable(); readable._read = function () {}; readable.push(this[BUFFER]); readable.push(null); return readable; } toString() { return '[object Blob]'; } slice() { const size = this.size; const start = arguments[0]; const end = arguments[1]; let relativeStart, relativeEnd; if (start === undefined) { relativeStart = 0; } else if (start < 0) { relativeStart = Math.max(size + start, 0); } else { relativeStart = Math.min(start, size); } if (end === undefined) { relativeEnd = size; } else if (end < 0) { relativeEnd = Math.max(size + end, 0); } else { relativeEnd = Math.min(end, size); } const span = Math.max(relativeEnd - relativeStart, 0); const buffer = this[BUFFER]; const slicedBuffer = buffer.slice(relativeStart, relativeStart + span); const blob = new Blob([], { type: arguments[2] }); blob[BUFFER] = slicedBuffer; return blob; } } Object.defineProperties(Blob.prototype, { size: { enumerable: true }, type: { enumerable: true }, slice: { enumerable: true } }); Object.defineProperty(Blob.prototype, Symbol.toStringTag, { value: 'Blob', writable: false, enumerable: false, configurable: true }); /** * fetch-error.js * * FetchError interface for operational errors */ /** * Create FetchError instance * * @param String message Error message for human * @param String type Error type for machine * @param String systemError For Node.js system error * @return FetchError */ function FetchError(message, type, systemError) { Error.call(this, message); this.message = message; this.type = type; // when err.type is `system`, err.code contains system error code if (systemError) { this.code = this.errno = systemError.code; } // hide custom error implementation details from end-users Error.captureStackTrace(this, this.constructor); } FetchError.prototype = Object.create(Error.prototype); FetchError.prototype.constructor = FetchError; FetchError.prototype.name = 'FetchError'; let convert; try { convert = __nccwpck_require__(2877).convert; } catch (e) {} const INTERNALS = Symbol('Body internals'); // fix an issue where "PassThrough" isn't a named export for node <10 const PassThrough = Stream.PassThrough; /** * Body mixin * * Ref: https://fetch.spec.whatwg.org/#body * * @param Stream body Readable stream * @param Object opts Response options * @return Void */ function Body(body) { var _this = this; var _ref = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {}, _ref$size = _ref.size; let size = _ref$size === undefined ? 0 : _ref$size; var _ref$timeout = _ref.timeout; let timeout = _ref$timeout === undefined ? 0 : _ref$timeout; if (body == null) { // body is undefined or null body = null; } else if (isURLSearchParams(body)) { // body is a URLSearchParams body = Buffer.from(body.toString()); } else if (isBlob(body)) ; else if (Buffer.isBuffer(body)) ; else if (Object.prototype.toString.call(body) === '[object ArrayBuffer]') { // body is ArrayBuffer body = Buffer.from(body); } else if (ArrayBuffer.isView(body)) { // body is ArrayBufferView body = Buffer.from(body.buffer, body.byteOffset, body.byteLength); } else if (body instanceof Stream) ; else { // none of the above // coerce to string then buffer body = Buffer.from(String(body)); } this[INTERNALS] = { body, disturbed: false, error: null }; this.size = size; this.timeout = timeout; if (body instanceof Stream) { body.on('error', function (err) { const error = err.name === 'AbortError' ? err : new FetchError(`Invalid response body while trying to fetch ${_this.url}: ${err.message}`, 'system', err); _this[INTERNALS].error = error; }); } } Body.prototype = { get body() { return this[INTERNALS].body; }, get bodyUsed() { return this[INTERNALS].disturbed; }, /** * Decode response as ArrayBuffer * * @return Promise */ arrayBuffer() { return consumeBody.call(this).then(function (buf) { return buf.buffer.slice(buf.byteOffset, buf.byteOffset + buf.byteLength); }); }, /** * Return raw response as Blob * * @return Promise */ blob() { let ct = this.headers && this.headers.get('content-type') || ''; return consumeBody.call(this).then(function (buf) { return Object.assign( // Prevent copying new Blob([], { type: ct.toLowerCase() }), { [BUFFER]: buf }); }); }, /** * Decode response as json * * @return Promise */ json() { var _this2 = this; return consumeBody.call(this).then(function (buffer) { try { return JSON.parse(buffer.toString()); } catch (err) { return Body.Promise.reject(new FetchError(`invalid json response body at ${_this2.url} reason: ${err.message}`, 'invalid-json')); } }); }, /** * Decode response as text * * @return Promise */ text() { return consumeBody.call(this).then(function (buffer) { return buffer.toString(); }); }, /** * Decode response as buffer (non-spec api) * * @return Promise */ buffer() { return consumeBody.call(this); }, /** * Decode response as text, while automatically detecting the encoding and * trying to decode to UTF-8 (non-spec api) * * @return Promise */ textConverted() { var _this3 = this; return consumeBody.call(this).then(function (buffer) { return convertBody(buffer, _this3.headers); }); } }; // In browsers, all properties are enumerable. Object.defineProperties(Body.prototype, { body: { enumerable: true }, bodyUsed: { enumerable: true }, arrayBuffer: { enumerable: true }, blob: { enumerable: true }, json: { enumerable: true }, text: { enumerable: true } }); Body.mixIn = function (proto) { for (const name of Object.getOwnPropertyNames(Body.prototype)) { // istanbul ignore else: future proof if (!(name in proto)) { const desc = Object.getOwnPropertyDescriptor(Body.prototype, name); Object.defineProperty(proto, name, desc); } } }; /** * Consume and convert an entire Body to a Buffer. * * Ref: https://fetch.spec.whatwg.org/#concept-body-consume-body * * @return Promise */ function consumeBody() { var _this4 = this; if (this[INTERNALS].disturbed) { return Body.Promise.reject(new TypeError(`body used already for: ${this.url}`)); } this[INTERNALS].disturbed = true; if (this[INTERNALS].error) { return Body.Promise.reject(this[INTERNALS].error); } let body = this.body; // body is null if (body === null) { return Body.Promise.resolve(Buffer.alloc(0)); } // body is blob if (isBlob(body)) { body = body.stream(); } // body is buffer if (Buffer.isBuffer(body)) { return Body.Promise.resolve(body); } // istanbul ignore if: should never happen if (!(body instanceof Stream)) { return Body.Promise.resolve(Buffer.alloc(0)); } // body is stream // get ready to actually consume the body let accum = []; let accumBytes = 0; let abort = false; return new Body.Promise(function (resolve, reject) { let resTimeout; // allow timeout on slow response body if (_this4.timeout) { resTimeout = setTimeout(function () { abort = true; reject(new FetchError(`Response timeout while trying to fetch ${_this4.url} (over ${_this4.timeout}ms)`, 'body-timeout')); }, _this4.timeout); } // handle stream errors body.on('error', function (err) { if (err.name === 'AbortError') { // if the request was aborted, reject with this Error abort = true; reject(err); } else { // other errors, such as incorrect content-encoding reject(new FetchError(`Invalid response body while trying to fetch ${_this4.url}: ${err.message}`, 'system', err)); } }); body.on('data', function (chunk) { if (abort || chunk === null) { return; } if (_this4.size && accumBytes + chunk.length > _this4.size) { abort = true; reject(new FetchError(`content size at ${_this4.url} over limit: ${_this4.size}`, 'max-size')); return; } accumBytes += chunk.length; accum.push(chunk); }); body.on('end', function () { if (abort) { return; } clearTimeout(resTimeout); try { resolve(Buffer.concat(accum, accumBytes)); } catch (err) { // handle streams that have accumulated too much data (issue #414) reject(new FetchError(`Could not create Buffer from response body for ${_this4.url}: ${err.message}`, 'system', err)); } }); }); } /** * Detect buffer encoding and convert to target encoding * ref: http://www.w3.org/TR/2011/WD-html5-20110113/parsing.html#determining-the-character-encoding * * @param Buffer buffer Incoming buffer * @param String encoding Target encoding * @return String */ function convertBody(buffer, headers) { if (typeof convert !== 'function') { throw new Error('The package `encoding` must be installed to use the textConverted() function'); } const ct = headers.get('content-type'); let charset = 'utf-8'; let res, str; // header if (ct) { res = /charset=([^;]*)/i.exec(ct); } // no charset in content type, peek at response body for at most 1024 bytes str = buffer.slice(0, 1024).toString(); // html5 if (!res && str) { res = / 0 && arguments[0] !== undefined ? arguments[0] : undefined; this[MAP] = Object.create(null); if (init instanceof Headers) { const rawHeaders = init.raw(); const headerNames = Object.keys(rawHeaders); for (const headerName of headerNames) { for (const value of rawHeaders[headerName]) { this.append(headerName, value); } } return; } // We don't worry about converting prop to ByteString here as append() // will handle it. if (init == null) ; else if (typeof init === 'object') { const method = init[Symbol.iterator]; if (method != null) { if (typeof method !== 'function') { throw new TypeError('Header pairs must be iterable'); } // sequence> // Note: per spec we have to first exhaust the lists then process them const pairs = []; for (const pair of init) { if (typeof pair !== 'object' || typeof pair[Symbol.iterator] !== 'function') { throw new TypeError('Each header pair must be iterable'); } pairs.push(Array.from(pair)); } for (const pair of pairs) { if (pair.length !== 2) { throw new TypeError('Each header pair must be a name/value tuple'); } this.append(pair[0], pair[1]); } } else { // record for (const key of Object.keys(init)) { const value = init[key]; this.append(key, value); } } } else { throw new TypeError('Provided initializer must be an object'); } } /** * Return combined header value given name * * @param String name Header name * @return Mixed */ get(name) { name = `${name}`; validateName(name); const key = find(this[MAP], name); if (key === undefined) { return null; } return this[MAP][key].join(', '); } /** * Iterate over all headers * * @param Function callback Executed for each item with parameters (value, name, thisArg) * @param Boolean thisArg `this` context for callback function * @return Void */ forEach(callback) { let thisArg = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : undefined; let pairs = getHeaders(this); let i = 0; while (i < pairs.length) { var _pairs$i = pairs[i]; const name = _pairs$i[0], value = _pairs$i[1]; callback.call(thisArg, value, name, this); pairs = getHeaders(this); i++; } } /** * Overwrite header values given name * * @param String name Header name * @param String value Header value * @return Void */ set(name, value) { name = `${name}`; value = `${value}`; validateName(name); validateValue(value); const key = find(this[MAP], name); this[MAP][key !== undefined ? key : name] = [value]; } /** * Append a value onto existing header * * @param String name Header name * @param String value Header value * @return Void */ append(name, value) { name = `${name}`; value = `${value}`; validateName(name); validateValue(value); const key = find(this[MAP], name); if (key !== undefined) { this[MAP][key].push(value); } else { this[MAP][name] = [value]; } } /** * Check for header name existence * * @param String name Header name * @return Boolean */ has(name) { name = `${name}`; validateName(name); return find(this[MAP], name) !== undefined; } /** * Delete all header values given name * * @param String name Header name * @return Void */ delete(name) { name = `${name}`; validateName(name); const key = find(this[MAP], name); if (key !== undefined) { delete this[MAP][key]; } } /** * Return raw headers (non-spec api) * * @return Object */ raw() { return this[MAP]; } /** * Get an iterator on keys. * * @return Iterator */ keys() { return createHeadersIterator(this, 'key'); } /** * Get an iterator on values. * * @return Iterator */ values() { return createHeadersIterator(this, 'value'); } /** * Get an iterator on entries. * * This is the default iterator of the Headers object. * * @return Iterator */ [Symbol.iterator]() { return createHeadersIterator(this, 'key+value'); } } Headers.prototype.entries = Headers.prototype[Symbol.iterator]; Object.defineProperty(Headers.prototype, Symbol.toStringTag, { value: 'Headers', writable: false, enumerable: false, configurable: true }); Object.defineProperties(Headers.prototype, { get: { enumerable: true }, forEach: { enumerable: true }, set: { enumerable: true }, append: { enumerable: true }, has: { enumerable: true }, delete: { enumerable: true }, keys: { enumerable: true }, values: { enumerable: true }, entries: { enumerable: true } }); function getHeaders(headers) { let kind = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : 'key+value'; const keys = Object.keys(headers[MAP]).sort(); return keys.map(kind === 'key' ? function (k) { return k.toLowerCase(); } : kind === 'value' ? function (k) { return headers[MAP][k].join(', '); } : function (k) { return [k.toLowerCase(), headers[MAP][k].join(', ')]; }); } const INTERNAL = Symbol('internal'); function createHeadersIterator(target, kind) { const iterator = Object.create(HeadersIteratorPrototype); iterator[INTERNAL] = { target, kind, index: 0 }; return iterator; } const HeadersIteratorPrototype = Object.setPrototypeOf({ next() { // istanbul ignore if if (!this || Object.getPrototypeOf(this) !== HeadersIteratorPrototype) { throw new TypeError('Value of `this` is not a HeadersIterator'); } var _INTERNAL = this[INTERNAL]; const target = _INTERNAL.target, kind = _INTERNAL.kind, index = _INTERNAL.index; const values = getHeaders(target, kind); const len = values.length; if (index >= len) { return { value: undefined, done: true }; } this[INTERNAL].index = index + 1; return { value: values[index], done: false }; } }, Object.getPrototypeOf(Object.getPrototypeOf([][Symbol.iterator]()))); Object.defineProperty(HeadersIteratorPrototype, Symbol.toStringTag, { value: 'HeadersIterator', writable: false, enumerable: false, configurable: true }); /** * Export the Headers object in a form that Node.js can consume. * * @param Headers headers * @return Object */ function exportNodeCompatibleHeaders(headers) { const obj = Object.assign({ __proto__: null }, headers[MAP]); // http.request() only supports string as Host header. This hack makes // specifying custom Host header possible. const hostHeaderKey = find(headers[MAP], 'Host'); if (hostHeaderKey !== undefined) { obj[hostHeaderKey] = obj[hostHeaderKey][0]; } return obj; } /** * Create a Headers object from an object of headers, ignoring those that do * not conform to HTTP grammar productions. * * @param Object obj Object of headers * @return Headers */ function createHeadersLenient(obj) { const headers = new Headers(); for (const name of Object.keys(obj)) { if (invalidTokenRegex.test(name)) { continue; } if (Array.isArray(obj[name])) { for (const val of obj[name]) { if (invalidHeaderCharRegex.test(val)) { continue; } if (headers[MAP][name] === undefined) { headers[MAP][name] = [val]; } else { headers[MAP][name].push(val); } } } else if (!invalidHeaderCharRegex.test(obj[name])) { headers[MAP][name] = [obj[name]]; } } return headers; } const INTERNALS$1 = Symbol('Response internals'); // fix an issue where "STATUS_CODES" aren't a named export for node <10 const STATUS_CODES = http.STATUS_CODES; /** * Response class * * @param Stream body Readable stream * @param Object opts Response options * @return Void */ class Response { constructor() { let body = arguments.length > 0 && arguments[0] !== undefined ? arguments[0] : null; let opts = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {}; Body.call(this, body, opts); const status = opts.status || 200; const headers = new Headers(opts.headers); if (body != null && !headers.has('Content-Type')) { const contentType = extractContentType(body); if (contentType) { headers.append('Content-Type', contentType); } } this[INTERNALS$1] = { url: opts.url, status, statusText: opts.statusText || STATUS_CODES[status], headers, counter: opts.counter }; } get url() { return this[INTERNALS$1].url || ''; } get status() { return this[INTERNALS$1].status; } /** * Convenience property representing if the request ended normally */ get ok() { return this[INTERNALS$1].status >= 200 && this[INTERNALS$1].status < 300; } get redirected() { return this[INTERNALS$1].counter > 0; } get statusText() { return this[INTERNALS$1].statusText; } get headers() { return this[INTERNALS$1].headers; } /** * Clone this response * * @return Response */ clone() { return new Response(clone(this), { url: this.url, status: this.status, statusText: this.statusText, headers: this.headers, ok: this.ok, redirected: this.redirected }); } } Body.mixIn(Response.prototype); Object.defineProperties(Response.prototype, { url: { enumerable: true }, status: { enumerable: true }, ok: { enumerable: true }, redirected: { enumerable: true }, statusText: { enumerable: true }, headers: { enumerable: true }, clone: { enumerable: true } }); Object.defineProperty(Response.prototype, Symbol.toStringTag, { value: 'Response', writable: false, enumerable: false, configurable: true }); const INTERNALS$2 = Symbol('Request internals'); const URL = Url.URL || whatwgUrl.URL; // fix an issue where "format", "parse" aren't a named export for node <10 const parse_url = Url.parse; const format_url = Url.format; /** * Wrapper around `new URL` to handle arbitrary URLs * * @param {string} urlStr * @return {void} */ function parseURL(urlStr) { /* Check whether the URL is absolute or not Scheme: https://tools.ietf.org/html/rfc3986#section-3.1 Absolute URL: https://tools.ietf.org/html/rfc3986#section-4.3 */ if (/^[a-zA-Z][a-zA-Z\d+\-.]*:/.exec(urlStr)) { urlStr = new URL(urlStr).toString(); } // Fallback to old implementation for arbitrary URLs return parse_url(urlStr); } const streamDestructionSupported = 'destroy' in Stream.Readable.prototype; /** * Check if a value is an instance of Request. * * @param Mixed input * @return Boolean */ function isRequest(input) { return typeof input === 'object' && typeof input[INTERNALS$2] === 'object'; } function isAbortSignal(signal) { const proto = signal && typeof signal === 'object' && Object.getPrototypeOf(signal); return !!(proto && proto.constructor.name === 'AbortSignal'); } /** * Request class * * @param Mixed input Url or Request instance * @param Object init Custom options * @return Void */ class Request { constructor(input) { let init = arguments.length > 1 && arguments[1] !== undefined ? arguments[1] : {}; let parsedURL; // normalize input if (!isRequest(input)) { if (input && input.href) { // in order to support Node.js' Url objects; though WHATWG's URL objects // will fall into this branch also (since their `toString()` will return // `href` property anyway) parsedURL = parseURL(input.href); } else { // coerce input to a string before attempting to parse parsedURL = parseURL(`${input}`); } input = {}; } else { parsedURL = parseURL(input.url); } let method = init.method || input.method || 'GET'; method = method.toUpperCase(); if ((init.body != null || isRequest(input) && input.body !== null) && (method === 'GET' || method === 'HEAD')) { throw new TypeError('Request with GET/HEAD method cannot have body'); } let inputBody = init.body != null ? init.body : isRequest(input) && input.body !== null ? clone(input) : null; Body.call(this, inputBody, { timeout: init.timeout || input.timeout || 0, size: init.size || input.size || 0 }); const headers = new Headers(init.headers || input.headers || {}); if (inputBody != null && !headers.has('Content-Type')) { const contentType = extractContentType(inputBody); if (contentType) { headers.append('Content-Type', contentType); } } let signal = isRequest(input) ? input.signal : null; if ('signal' in init) signal = init.signal; if (signal != null && !isAbortSignal(signal)) { throw new TypeError('Expected signal to be an instanceof AbortSignal'); } this[INTERNALS$2] = { method, redirect: init.redirect || input.redirect || 'follow', headers, parsedURL, signal }; // node-fetch-only options this.follow = init.follow !== undefined ? init.follow : input.follow !== undefined ? input.follow : 20; this.compress = init.compress !== undefined ? init.compress : input.compress !== undefined ? input.compress : true; this.counter = init.counter || input.counter || 0; this.agent = init.agent || input.agent; } get method() { return this[INTERNALS$2].method; } get url() { return format_url(this[INTERNALS$2].parsedURL); } get headers() { return this[INTERNALS$2].headers; } get redirect() { return this[INTERNALS$2].redirect; } get signal() { return this[INTERNALS$2].signal; } /** * Clone this request * * @return Request */ clone() { return new Request(this); } } Body.mixIn(Request.prototype); Object.defineProperty(Request.prototype, Symbol.toStringTag, { value: 'Request', writable: false, enumerable: false, configurable: true }); Object.defineProperties(Request.prototype, { method: { enumerable: true }, url: { enumerable: true }, headers: { enumerable: true }, redirect: { enumerable: true }, clone: { enumerable: true }, signal: { enumerable: true } }); /** * Convert a Request to Node.js http request options. * * @param Request A Request instance * @return Object The options object to be passed to http.request */ function getNodeRequestOptions(request) { const parsedURL = request[INTERNALS$2].parsedURL; const headers = new Headers(request[INTERNALS$2].headers); // fetch step 1.3 if (!headers.has('Accept')) { headers.set('Accept', '*/*'); } // Basic fetch if (!parsedURL.protocol || !parsedURL.hostname) { throw new TypeError('Only absolute URLs are supported'); } if (!/^https?:$/.test(parsedURL.protocol)) { throw new TypeError('Only HTTP(S) protocols are supported'); } if (request.signal && request.body instanceof Stream.Readable && !streamDestructionSupported) { throw new Error('Cancellation of streamed requests with AbortSignal is not supported in node < 8'); } // HTTP-network-or-cache fetch steps 2.4-2.7 let contentLengthValue = null; if (request.body == null && /^(POST|PUT)$/i.test(request.method)) { contentLengthValue = '0'; } if (request.body != null) { const totalBytes = getTotalBytes(request); if (typeof totalBytes === 'number') { contentLengthValue = String(totalBytes); } } if (contentLengthValue) { headers.set('Content-Length', contentLengthValue); } // HTTP-network-or-cache fetch step 2.11 if (!headers.has('User-Agent')) { headers.set('User-Agent', 'node-fetch/1.0 (+https://github.com/bitinn/node-fetch)'); } // HTTP-network-or-cache fetch step 2.15 if (request.compress && !headers.has('Accept-Encoding')) { headers.set('Accept-Encoding', 'gzip,deflate'); } let agent = request.agent; if (typeof agent === 'function') { agent = agent(parsedURL); } if (!headers.has('Connection') && !agent) { headers.set('Connection', 'close'); } // HTTP-network fetch step 4.2 // chunked encoding is handled by Node.js return Object.assign({}, parsedURL, { method: request.method, headers: exportNodeCompatibleHeaders(headers), agent }); } /** * abort-error.js * * AbortError interface for cancelled requests */ /** * Create AbortError instance * * @param String message Error message for human * @return AbortError */ function AbortError(message) { Error.call(this, message); this.type = 'aborted'; this.message = message; // hide custom error implementation details from end-users Error.captureStackTrace(this, this.constructor); } AbortError.prototype = Object.create(Error.prototype); AbortError.prototype.constructor = AbortError; AbortError.prototype.name = 'AbortError'; const URL$1 = Url.URL || whatwgUrl.URL; // fix an issue where "PassThrough", "resolve" aren't a named export for node <10 const PassThrough$1 = Stream.PassThrough; const isDomainOrSubdomain = function isDomainOrSubdomain(destination, original) { const orig = new URL$1(original).hostname; const dest = new URL$1(destination).hostname; return orig === dest || orig[orig.length - dest.length - 1] === '.' && orig.endsWith(dest); }; /** * Fetch function * * @param Mixed url Absolute url or Request instance * @param Object opts Fetch options * @return Promise */ function fetch(url, opts) { // allow custom promise if (!fetch.Promise) { throw new Error('native promise missing, set fetch.Promise to your favorite alternative'); } Body.Promise = fetch.Promise; // wrap http.request into fetch return new fetch.Promise(function (resolve, reject) { // build request object const request = new Request(url, opts); const options = getNodeRequestOptions(request); const send = (options.protocol === 'https:' ? https : http).request; const signal = request.signal; let response = null; const abort = function abort() { let error = new AbortError('The user aborted a request.'); reject(error); if (request.body && request.body instanceof Stream.Readable) { request.body.destroy(error); } if (!response || !response.body) return; response.body.emit('error', error); }; if (signal && signal.aborted) { abort(); return; } const abortAndFinalize = function abortAndFinalize() { abort(); finalize(); }; // send request const req = send(options); let reqTimeout; if (signal) { signal.addEventListener('abort', abortAndFinalize); } function finalize() { req.abort(); if (signal) signal.removeEventListener('abort', abortAndFinalize); clearTimeout(reqTimeout); } if (request.timeout) { req.once('socket', function (socket) { reqTimeout = setTimeout(function () { reject(new FetchError(`network timeout at: ${request.url}`, 'request-timeout')); finalize(); }, request.timeout); }); } req.on('error', function (err) { reject(new FetchError(`request to ${request.url} failed, reason: ${err.message}`, 'system', err)); finalize(); }); req.on('response', function (res) { clearTimeout(reqTimeout); const headers = createHeadersLenient(res.headers); // HTTP fetch step 5 if (fetch.isRedirect(res.statusCode)) { // HTTP fetch step 5.2 const location = headers.get('Location'); // HTTP fetch step 5.3 let locationURL = null; try { locationURL = location === null ? null : new URL$1(location, request.url).toString(); } catch (err) { // error here can only be invalid URL in Location: header // do not throw when options.redirect == manual // let the user extract the errorneous redirect URL if (request.redirect !== 'manual') { reject(new FetchError(`uri requested responds with an invalid redirect URL: ${location}`, 'invalid-redirect')); finalize(); return; } } // HTTP fetch step 5.5 switch (request.redirect) { case 'error': reject(new FetchError(`uri requested responds with a redirect, redirect mode is set to error: ${request.url}`, 'no-redirect')); finalize(); return; case 'manual': // node-fetch-specific step: make manual redirect a bit easier to use by setting the Location header value to the resolved URL. if (locationURL !== null) { // handle corrupted header try { headers.set('Location', locationURL); } catch (err) { // istanbul ignore next: nodejs server prevent invalid response headers, we can't test this through normal request reject(err); } } break; case 'follow': // HTTP-redirect fetch step 2 if (locationURL === null) { break; } // HTTP-redirect fetch step 5 if (request.counter >= request.follow) { reject(new FetchError(`maximum redirect reached at: ${request.url}`, 'max-redirect')); finalize(); return; } // HTTP-redirect fetch step 6 (counter increment) // Create a new Request object. const requestOpts = { headers: new Headers(request.headers), follow: request.follow, counter: request.counter + 1, agent: request.agent, compress: request.compress, method: request.method, body: request.body, signal: request.signal, timeout: request.timeout, size: request.size }; if (!isDomainOrSubdomain(request.url, locationURL)) { for (const name of ['authorization', 'www-authenticate', 'cookie', 'cookie2']) { requestOpts.headers.delete(name); } } // HTTP-redirect fetch step 9 if (res.statusCode !== 303 && request.body && getTotalBytes(request) === null) { reject(new FetchError('Cannot follow redirect with body being a readable stream', 'unsupported-redirect')); finalize(); return; } // HTTP-redirect fetch step 11 if (res.statusCode === 303 || (res.statusCode === 301 || res.statusCode === 302) && request.method === 'POST') { requestOpts.method = 'GET'; requestOpts.body = undefined; requestOpts.headers.delete('content-length'); } // HTTP-redirect fetch step 15 resolve(fetch(new Request(locationURL, requestOpts))); finalize(); return; } } // prepare response res.once('end', function () { if (signal) signal.removeEventListener('abort', abortAndFinalize); }); let body = res.pipe(new PassThrough$1()); const response_options = { url: request.url, status: res.statusCode, statusText: res.statusMessage, headers: headers, size: request.size, timeout: request.timeout, counter: request.counter }; // HTTP-network fetch step 12.1.1.3 const codings = headers.get('Content-Encoding'); // HTTP-network fetch step 12.1.1.4: handle content codings // in following scenarios we ignore compression support // 1. compression support is disabled // 2. HEAD request // 3. no Content-Encoding header // 4. no content response (204) // 5. content not modified response (304) if (!request.compress || request.method === 'HEAD' || codings === null || res.statusCode === 204 || res.statusCode === 304) { response = new Response(body, response_options); resolve(response); return; } // For Node v6+ // Be less strict when decoding compressed responses, since sometimes // servers send slightly invalid responses that are still accepted // by common browsers. // Always using Z_SYNC_FLUSH is what cURL does. const zlibOptions = { flush: zlib.Z_SYNC_FLUSH, finishFlush: zlib.Z_SYNC_FLUSH }; // for gzip if (codings == 'gzip' || codings == 'x-gzip') { body = body.pipe(zlib.createGunzip(zlibOptions)); response = new Response(body, response_options); resolve(response); return; } // for deflate if (codings == 'deflate' || codings == 'x-deflate') { // handle the infamous raw deflate response from old servers // a hack for old IIS and Apache servers const raw = res.pipe(new PassThrough$1()); raw.once('data', function (chunk) { // see http://stackoverflow.com/questions/37519828 if ((chunk[0] & 0x0F) === 0x08) { body = body.pipe(zlib.createInflate()); } else { body = body.pipe(zlib.createInflateRaw()); } response = new Response(body, response_options); resolve(response); }); return; } // for br if (codings == 'br' && typeof zlib.createBrotliDecompress === 'function') { body = body.pipe(zlib.createBrotliDecompress()); response = new Response(body, response_options); resolve(response); return; } // otherwise, use response as-is response = new Response(body, response_options); resolve(response); }); writeToStream(req, request); }); } /** * Redirect code matching * * @param Number code Status code * @return Boolean */ fetch.isRedirect = function (code) { return code === 301 || code === 302 || code === 303 || code === 307 || code === 308; }; // expose Promise fetch.Promise = global.Promise; module.exports = exports = fetch; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.default = exports; exports.Headers = Headers; exports.Request = Request; exports.Response = Response; exports.FetchError = FetchError; /***/ }), /***/ 2299: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var punycode = __nccwpck_require__(4213); var mappingTable = __nccwpck_require__(8661); var PROCESSING_OPTIONS = { TRANSITIONAL: 0, NONTRANSITIONAL: 1 }; function normalize(str) { // fix bug in v8 return str.split('\u0000').map(function (s) { return s.normalize('NFC'); }).join('\u0000'); } function findStatus(val) { var start = 0; var end = mappingTable.length - 1; while (start <= end) { var mid = Math.floor((start + end) / 2); var target = mappingTable[mid]; if (target[0][0] <= val && target[0][1] >= val) { return target; } else if (target[0][0] > val) { end = mid - 1; } else { start = mid + 1; } } return null; } var regexAstralSymbols = /[\uD800-\uDBFF][\uDC00-\uDFFF]/g; function countSymbols(string) { return string // replace every surrogate pair with a BMP symbol .replace(regexAstralSymbols, '_') // then get the length .length; } function mapChars(domain_name, useSTD3, processing_option) { var hasError = false; var processed = ""; var len = countSymbols(domain_name); for (var i = 0; i < len; ++i) { var codePoint = domain_name.codePointAt(i); var status = findStatus(codePoint); switch (status[1]) { case "disallowed": hasError = true; processed += String.fromCodePoint(codePoint); break; case "ignored": break; case "mapped": processed += String.fromCodePoint.apply(String, status[2]); break; case "deviation": if (processing_option === PROCESSING_OPTIONS.TRANSITIONAL) { processed += String.fromCodePoint.apply(String, status[2]); } else { processed += String.fromCodePoint(codePoint); } break; case "valid": processed += String.fromCodePoint(codePoint); break; case "disallowed_STD3_mapped": if (useSTD3) { hasError = true; processed += String.fromCodePoint(codePoint); } else { processed += String.fromCodePoint.apply(String, status[2]); } break; case "disallowed_STD3_valid": if (useSTD3) { hasError = true; } processed += String.fromCodePoint(codePoint); break; } } return { string: processed, error: hasError }; } var combiningMarksRegex = /[\u0300-\u036F\u0483-\u0489\u0591-\u05BD\u05BF\u05C1\u05C2\u05C4\u05C5\u05C7\u0610-\u061A\u064B-\u065F\u0670\u06D6-\u06DC\u06DF-\u06E4\u06E7\u06E8\u06EA-\u06ED\u0711\u0730-\u074A\u07A6-\u07B0\u07EB-\u07F3\u0816-\u0819\u081B-\u0823\u0825-\u0827\u0829-\u082D\u0859-\u085B\u08E4-\u0903\u093A-\u093C\u093E-\u094F\u0951-\u0957\u0962\u0963\u0981-\u0983\u09BC\u09BE-\u09C4\u09C7\u09C8\u09CB-\u09CD\u09D7\u09E2\u09E3\u0A01-\u0A03\u0A3C\u0A3E-\u0A42\u0A47\u0A48\u0A4B-\u0A4D\u0A51\u0A70\u0A71\u0A75\u0A81-\u0A83\u0ABC\u0ABE-\u0AC5\u0AC7-\u0AC9\u0ACB-\u0ACD\u0AE2\u0AE3\u0B01-\u0B03\u0B3C\u0B3E-\u0B44\u0B47\u0B48\u0B4B-\u0B4D\u0B56\u0B57\u0B62\u0B63\u0B82\u0BBE-\u0BC2\u0BC6-\u0BC8\u0BCA-\u0BCD\u0BD7\u0C00-\u0C03\u0C3E-\u0C44\u0C46-\u0C48\u0C4A-\u0C4D\u0C55\u0C56\u0C62\u0C63\u0C81-\u0C83\u0CBC\u0CBE-\u0CC4\u0CC6-\u0CC8\u0CCA-\u0CCD\u0CD5\u0CD6\u0CE2\u0CE3\u0D01-\u0D03\u0D3E-\u0D44\u0D46-\u0D48\u0D4A-\u0D4D\u0D57\u0D62\u0D63\u0D82\u0D83\u0DCA\u0DCF-\u0DD4\u0DD6\u0DD8-\u0DDF\u0DF2\u0DF3\u0E31\u0E34-\u0E3A\u0E47-\u0E4E\u0EB1\u0EB4-\u0EB9\u0EBB\u0EBC\u0EC8-\u0ECD\u0F18\u0F19\u0F35\u0F37\u0F39\u0F3E\u0F3F\u0F71-\u0F84\u0F86\u0F87\u0F8D-\u0F97\u0F99-\u0FBC\u0FC6\u102B-\u103E\u1056-\u1059\u105E-\u1060\u1062-\u1064\u1067-\u106D\u1071-\u1074\u1082-\u108D\u108F\u109A-\u109D\u135D-\u135F\u1712-\u1714\u1732-\u1734\u1752\u1753\u1772\u1773\u17B4-\u17D3\u17DD\u180B-\u180D\u18A9\u1920-\u192B\u1930-\u193B\u19B0-\u19C0\u19C8\u19C9\u1A17-\u1A1B\u1A55-\u1A5E\u1A60-\u1A7C\u1A7F\u1AB0-\u1ABE\u1B00-\u1B04\u1B34-\u1B44\u1B6B-\u1B73\u1B80-\u1B82\u1BA1-\u1BAD\u1BE6-\u1BF3\u1C24-\u1C37\u1CD0-\u1CD2\u1CD4-\u1CE8\u1CED\u1CF2-\u1CF4\u1CF8\u1CF9\u1DC0-\u1DF5\u1DFC-\u1DFF\u20D0-\u20F0\u2CEF-\u2CF1\u2D7F\u2DE0-\u2DFF\u302A-\u302F\u3099\u309A\uA66F-\uA672\uA674-\uA67D\uA69F\uA6F0\uA6F1\uA802\uA806\uA80B\uA823-\uA827\uA880\uA881\uA8B4-\uA8C4\uA8E0-\uA8F1\uA926-\uA92D\uA947-\uA953\uA980-\uA983\uA9B3-\uA9C0\uA9E5\uAA29-\uAA36\uAA43\uAA4C\uAA4D\uAA7B-\uAA7D\uAAB0\uAAB2-\uAAB4\uAAB7\uAAB8\uAABE\uAABF\uAAC1\uAAEB-\uAAEF\uAAF5\uAAF6\uABE3-\uABEA\uABEC\uABED\uFB1E\uFE00-\uFE0F\uFE20-\uFE2D]|\uD800[\uDDFD\uDEE0\uDF76-\uDF7A]|\uD802[\uDE01-\uDE03\uDE05\uDE06\uDE0C-\uDE0F\uDE38-\uDE3A\uDE3F\uDEE5\uDEE6]|\uD804[\uDC00-\uDC02\uDC38-\uDC46\uDC7F-\uDC82\uDCB0-\uDCBA\uDD00-\uDD02\uDD27-\uDD34\uDD73\uDD80-\uDD82\uDDB3-\uDDC0\uDE2C-\uDE37\uDEDF-\uDEEA\uDF01-\uDF03\uDF3C\uDF3E-\uDF44\uDF47\uDF48\uDF4B-\uDF4D\uDF57\uDF62\uDF63\uDF66-\uDF6C\uDF70-\uDF74]|\uD805[\uDCB0-\uDCC3\uDDAF-\uDDB5\uDDB8-\uDDC0\uDE30-\uDE40\uDEAB-\uDEB7]|\uD81A[\uDEF0-\uDEF4\uDF30-\uDF36]|\uD81B[\uDF51-\uDF7E\uDF8F-\uDF92]|\uD82F[\uDC9D\uDC9E]|\uD834[\uDD65-\uDD69\uDD6D-\uDD72\uDD7B-\uDD82\uDD85-\uDD8B\uDDAA-\uDDAD\uDE42-\uDE44]|\uD83A[\uDCD0-\uDCD6]|\uDB40[\uDD00-\uDDEF]/; function validateLabel(label, processing_option) { if (label.substr(0, 4) === "xn--") { label = punycode.toUnicode(label); processing_option = PROCESSING_OPTIONS.NONTRANSITIONAL; } var error = false; if (normalize(label) !== label || (label[3] === "-" && label[4] === "-") || label[0] === "-" || label[label.length - 1] === "-" || label.indexOf(".") !== -1 || label.search(combiningMarksRegex) === 0) { error = true; } var len = countSymbols(label); for (var i = 0; i < len; ++i) { var status = findStatus(label.codePointAt(i)); if ((processing === PROCESSING_OPTIONS.TRANSITIONAL && status[1] !== "valid") || (processing === PROCESSING_OPTIONS.NONTRANSITIONAL && status[1] !== "valid" && status[1] !== "deviation")) { error = true; break; } } return { label: label, error: error }; } function processing(domain_name, useSTD3, processing_option) { var result = mapChars(domain_name, useSTD3, processing_option); result.string = normalize(result.string); var labels = result.string.split("."); for (var i = 0; i < labels.length; ++i) { try { var validation = validateLabel(labels[i]); labels[i] = validation.label; result.error = result.error || validation.error; } catch(e) { result.error = true; } } return { string: labels.join("."), error: result.error }; } module.exports.toASCII = function(domain_name, useSTD3, processing_option, verifyDnsLength) { var result = processing(domain_name, useSTD3, processing_option); var labels = result.string.split("."); labels = labels.map(function(l) { try { return punycode.toASCII(l); } catch(e) { result.error = true; return l; } }); if (verifyDnsLength) { var total = labels.slice(0, labels.length - 1).join(".").length; if (total.length > 253 || total.length === 0) { result.error = true; } for (var i=0; i < labels.length; ++i) { if (labels.length > 63 || labels.length === 0) { result.error = true; break; } } } if (result.error) return null; return labels.join("."); }; module.exports.toUnicode = function(domain_name, useSTD3) { var result = processing(domain_name, useSTD3, PROCESSING_OPTIONS.NONTRANSITIONAL); return { domain: result.string, error: result.error }; }; module.exports.PROCESSING_OPTIONS = PROCESSING_OPTIONS; /***/ }), /***/ 5871: /***/ ((module) => { "use strict"; var conversions = {}; module.exports = conversions; function sign(x) { return x < 0 ? -1 : 1; } function evenRound(x) { // Round x to the nearest integer, choosing the even integer if it lies halfway between two. if ((x % 1) === 0.5 && (x & 1) === 0) { // [even number].5; round down (i.e. floor) return Math.floor(x); } else { return Math.round(x); } } function createNumberConversion(bitLength, typeOpts) { if (!typeOpts.unsigned) { --bitLength; } const lowerBound = typeOpts.unsigned ? 0 : -Math.pow(2, bitLength); const upperBound = Math.pow(2, bitLength) - 1; const moduloVal = typeOpts.moduloBitLength ? Math.pow(2, typeOpts.moduloBitLength) : Math.pow(2, bitLength); const moduloBound = typeOpts.moduloBitLength ? Math.pow(2, typeOpts.moduloBitLength - 1) : Math.pow(2, bitLength - 1); return function(V, opts) { if (!opts) opts = {}; let x = +V; if (opts.enforceRange) { if (!Number.isFinite(x)) { throw new TypeError("Argument is not a finite number"); } x = sign(x) * Math.floor(Math.abs(x)); if (x < lowerBound || x > upperBound) { throw new TypeError("Argument is not in byte range"); } return x; } if (!isNaN(x) && opts.clamp) { x = evenRound(x); if (x < lowerBound) x = lowerBound; if (x > upperBound) x = upperBound; return x; } if (!Number.isFinite(x) || x === 0) { return 0; } x = sign(x) * Math.floor(Math.abs(x)); x = x % moduloVal; if (!typeOpts.unsigned && x >= moduloBound) { return x - moduloVal; } else if (typeOpts.unsigned) { if (x < 0) { x += moduloVal; } else if (x === -0) { // don't return negative zero return 0; } } return x; } } conversions["void"] = function () { return undefined; }; conversions["boolean"] = function (val) { return !!val; }; conversions["byte"] = createNumberConversion(8, { unsigned: false }); conversions["octet"] = createNumberConversion(8, { unsigned: true }); conversions["short"] = createNumberConversion(16, { unsigned: false }); conversions["unsigned short"] = createNumberConversion(16, { unsigned: true }); conversions["long"] = createNumberConversion(32, { unsigned: false }); conversions["unsigned long"] = createNumberConversion(32, { unsigned: true }); conversions["long long"] = createNumberConversion(32, { unsigned: false, moduloBitLength: 64 }); conversions["unsigned long long"] = createNumberConversion(32, { unsigned: true, moduloBitLength: 64 }); conversions["double"] = function (V) { const x = +V; if (!Number.isFinite(x)) { throw new TypeError("Argument is not a finite floating-point value"); } return x; }; conversions["unrestricted double"] = function (V) { const x = +V; if (isNaN(x)) { throw new TypeError("Argument is NaN"); } return x; }; // not quite valid, but good enough for JS conversions["float"] = conversions["double"]; conversions["unrestricted float"] = conversions["unrestricted double"]; conversions["DOMString"] = function (V, opts) { if (!opts) opts = {}; if (opts.treatNullAsEmptyString && V === null) { return ""; } return String(V); }; conversions["ByteString"] = function (V, opts) { const x = String(V); let c = undefined; for (let i = 0; (c = x.codePointAt(i)) !== undefined; ++i) { if (c > 255) { throw new TypeError("Argument is not a valid bytestring"); } } return x; }; conversions["USVString"] = function (V) { const S = String(V); const n = S.length; const U = []; for (let i = 0; i < n; ++i) { const c = S.charCodeAt(i); if (c < 0xD800 || c > 0xDFFF) { U.push(String.fromCodePoint(c)); } else if (0xDC00 <= c && c <= 0xDFFF) { U.push(String.fromCodePoint(0xFFFD)); } else { if (i === n - 1) { U.push(String.fromCodePoint(0xFFFD)); } else { const d = S.charCodeAt(i + 1); if (0xDC00 <= d && d <= 0xDFFF) { const a = c & 0x3FF; const b = d & 0x3FF; U.push(String.fromCodePoint((2 << 15) + (2 << 9) * a + b)); ++i; } else { U.push(String.fromCodePoint(0xFFFD)); } } } } return U.join(''); }; conversions["Date"] = function (V, opts) { if (!(V instanceof Date)) { throw new TypeError("Argument is not a Date object"); } if (isNaN(V)) { return undefined; } return V; }; conversions["RegExp"] = function (V, opts) { if (!(V instanceof RegExp)) { V = new RegExp(V); } return V; }; /***/ }), /***/ 8262: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; const usm = __nccwpck_require__(33); exports.implementation = class URLImpl { constructor(constructorArgs) { const url = constructorArgs[0]; const base = constructorArgs[1]; let parsedBase = null; if (base !== undefined) { parsedBase = usm.basicURLParse(base); if (parsedBase === "failure") { throw new TypeError("Invalid base URL"); } } const parsedURL = usm.basicURLParse(url, { baseURL: parsedBase }); if (parsedURL === "failure") { throw new TypeError("Invalid URL"); } this._url = parsedURL; // TODO: query stuff } get href() { return usm.serializeURL(this._url); } set href(v) { const parsedURL = usm.basicURLParse(v); if (parsedURL === "failure") { throw new TypeError("Invalid URL"); } this._url = parsedURL; } get origin() { return usm.serializeURLOrigin(this._url); } get protocol() { return this._url.scheme + ":"; } set protocol(v) { usm.basicURLParse(v + ":", { url: this._url, stateOverride: "scheme start" }); } get username() { return this._url.username; } set username(v) { if (usm.cannotHaveAUsernamePasswordPort(this._url)) { return; } usm.setTheUsername(this._url, v); } get password() { return this._url.password; } set password(v) { if (usm.cannotHaveAUsernamePasswordPort(this._url)) { return; } usm.setThePassword(this._url, v); } get host() { const url = this._url; if (url.host === null) { return ""; } if (url.port === null) { return usm.serializeHost(url.host); } return usm.serializeHost(url.host) + ":" + usm.serializeInteger(url.port); } set host(v) { if (this._url.cannotBeABaseURL) { return; } usm.basicURLParse(v, { url: this._url, stateOverride: "host" }); } get hostname() { if (this._url.host === null) { return ""; } return usm.serializeHost(this._url.host); } set hostname(v) { if (this._url.cannotBeABaseURL) { return; } usm.basicURLParse(v, { url: this._url, stateOverride: "hostname" }); } get port() { if (this._url.port === null) { return ""; } return usm.serializeInteger(this._url.port); } set port(v) { if (usm.cannotHaveAUsernamePasswordPort(this._url)) { return; } if (v === "") { this._url.port = null; } else { usm.basicURLParse(v, { url: this._url, stateOverride: "port" }); } } get pathname() { if (this._url.cannotBeABaseURL) { return this._url.path[0]; } if (this._url.path.length === 0) { return ""; } return "/" + this._url.path.join("/"); } set pathname(v) { if (this._url.cannotBeABaseURL) { return; } this._url.path = []; usm.basicURLParse(v, { url: this._url, stateOverride: "path start" }); } get search() { if (this._url.query === null || this._url.query === "") { return ""; } return "?" + this._url.query; } set search(v) { // TODO: query stuff const url = this._url; if (v === "") { url.query = null; return; } const input = v[0] === "?" ? v.substring(1) : v; url.query = ""; usm.basicURLParse(input, { url, stateOverride: "query" }); } get hash() { if (this._url.fragment === null || this._url.fragment === "") { return ""; } return "#" + this._url.fragment; } set hash(v) { if (v === "") { this._url.fragment = null; return; } const input = v[0] === "#" ? v.substring(1) : v; this._url.fragment = ""; usm.basicURLParse(input, { url: this._url, stateOverride: "fragment" }); } toJSON() { return this.href; } }; /***/ }), /***/ 653: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const conversions = __nccwpck_require__(5871); const utils = __nccwpck_require__(276); const Impl = __nccwpck_require__(8262); const impl = utils.implSymbol; function URL(url) { if (!this || this[impl] || !(this instanceof URL)) { throw new TypeError("Failed to construct 'URL': Please use the 'new' operator, this DOM object constructor cannot be called as a function."); } if (arguments.length < 1) { throw new TypeError("Failed to construct 'URL': 1 argument required, but only " + arguments.length + " present."); } const args = []; for (let i = 0; i < arguments.length && i < 2; ++i) { args[i] = arguments[i]; } args[0] = conversions["USVString"](args[0]); if (args[1] !== undefined) { args[1] = conversions["USVString"](args[1]); } module.exports.setup(this, args); } URL.prototype.toJSON = function toJSON() { if (!this || !module.exports.is(this)) { throw new TypeError("Illegal invocation"); } const args = []; for (let i = 0; i < arguments.length && i < 0; ++i) { args[i] = arguments[i]; } return this[impl].toJSON.apply(this[impl], args); }; Object.defineProperty(URL.prototype, "href", { get() { return this[impl].href; }, set(V) { V = conversions["USVString"](V); this[impl].href = V; }, enumerable: true, configurable: true }); URL.prototype.toString = function () { if (!this || !module.exports.is(this)) { throw new TypeError("Illegal invocation"); } return this.href; }; Object.defineProperty(URL.prototype, "origin", { get() { return this[impl].origin; }, enumerable: true, configurable: true }); Object.defineProperty(URL.prototype, "protocol", { get() { return this[impl].protocol; }, set(V) { V = conversions["USVString"](V); this[impl].protocol = V; }, enumerable: true, configurable: true }); Object.defineProperty(URL.prototype, "username", { get() { return this[impl].username; }, set(V) { V = conversions["USVString"](V); this[impl].username = V; }, enumerable: true, configurable: true }); Object.defineProperty(URL.prototype, "password", { get() { return this[impl].password; }, set(V) { V = conversions["USVString"](V); this[impl].password = V; }, enumerable: true, configurable: true }); Object.defineProperty(URL.prototype, "host", { get() { return this[impl].host; }, set(V) { V = conversions["USVString"](V); this[impl].host = V; }, enumerable: true, configurable: true }); Object.defineProperty(URL.prototype, "hostname", { get() { return this[impl].hostname; }, set(V) { V = conversions["USVString"](V); this[impl].hostname = V; }, enumerable: true, configurable: true }); Object.defineProperty(URL.prototype, "port", { get() { return this[impl].port; }, set(V) { V = conversions["USVString"](V); this[impl].port = V; }, enumerable: true, configurable: true }); Object.defineProperty(URL.prototype, "pathname", { get() { return this[impl].pathname; }, set(V) { V = conversions["USVString"](V); this[impl].pathname = V; }, enumerable: true, configurable: true }); Object.defineProperty(URL.prototype, "search", { get() { return this[impl].search; }, set(V) { V = conversions["USVString"](V); this[impl].search = V; }, enumerable: true, configurable: true }); Object.defineProperty(URL.prototype, "hash", { get() { return this[impl].hash; }, set(V) { V = conversions["USVString"](V); this[impl].hash = V; }, enumerable: true, configurable: true }); module.exports = { is(obj) { return !!obj && obj[impl] instanceof Impl.implementation; }, create(constructorArgs, privateData) { let obj = Object.create(URL.prototype); this.setup(obj, constructorArgs, privateData); return obj; }, setup(obj, constructorArgs, privateData) { if (!privateData) privateData = {}; privateData.wrapper = obj; obj[impl] = new Impl.implementation(constructorArgs, privateData); obj[impl][utils.wrapperSymbol] = obj; }, interface: URL, expose: { Window: { URL: URL }, Worker: { URL: URL } } }; /***/ }), /***/ 3323: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; exports.URL = __nccwpck_require__(653).interface; exports.serializeURL = __nccwpck_require__(33).serializeURL; exports.serializeURLOrigin = __nccwpck_require__(33).serializeURLOrigin; exports.basicURLParse = __nccwpck_require__(33).basicURLParse; exports.setTheUsername = __nccwpck_require__(33).setTheUsername; exports.setThePassword = __nccwpck_require__(33).setThePassword; exports.serializeHost = __nccwpck_require__(33).serializeHost; exports.serializeInteger = __nccwpck_require__(33).serializeInteger; exports.parseURL = __nccwpck_require__(33).parseURL; /***/ }), /***/ 33: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const punycode = __nccwpck_require__(4213); const tr46 = __nccwpck_require__(2299); const specialSchemes = { ftp: 21, file: null, gopher: 70, http: 80, https: 443, ws: 80, wss: 443 }; const failure = Symbol("failure"); function countSymbols(str) { return punycode.ucs2.decode(str).length; } function at(input, idx) { const c = input[idx]; return isNaN(c) ? undefined : String.fromCodePoint(c); } function isASCIIDigit(c) { return c >= 0x30 && c <= 0x39; } function isASCIIAlpha(c) { return (c >= 0x41 && c <= 0x5A) || (c >= 0x61 && c <= 0x7A); } function isASCIIAlphanumeric(c) { return isASCIIAlpha(c) || isASCIIDigit(c); } function isASCIIHex(c) { return isASCIIDigit(c) || (c >= 0x41 && c <= 0x46) || (c >= 0x61 && c <= 0x66); } function isSingleDot(buffer) { return buffer === "." || buffer.toLowerCase() === "%2e"; } function isDoubleDot(buffer) { buffer = buffer.toLowerCase(); return buffer === ".." || buffer === "%2e." || buffer === ".%2e" || buffer === "%2e%2e"; } function isWindowsDriveLetterCodePoints(cp1, cp2) { return isASCIIAlpha(cp1) && (cp2 === 58 || cp2 === 124); } function isWindowsDriveLetterString(string) { return string.length === 2 && isASCIIAlpha(string.codePointAt(0)) && (string[1] === ":" || string[1] === "|"); } function isNormalizedWindowsDriveLetterString(string) { return string.length === 2 && isASCIIAlpha(string.codePointAt(0)) && string[1] === ":"; } function containsForbiddenHostCodePoint(string) { return string.search(/\u0000|\u0009|\u000A|\u000D|\u0020|#|%|\/|:|\?|@|\[|\\|\]/) !== -1; } function containsForbiddenHostCodePointExcludingPercent(string) { return string.search(/\u0000|\u0009|\u000A|\u000D|\u0020|#|\/|:|\?|@|\[|\\|\]/) !== -1; } function isSpecialScheme(scheme) { return specialSchemes[scheme] !== undefined; } function isSpecial(url) { return isSpecialScheme(url.scheme); } function defaultPort(scheme) { return specialSchemes[scheme]; } function percentEncode(c) { let hex = c.toString(16).toUpperCase(); if (hex.length === 1) { hex = "0" + hex; } return "%" + hex; } function utf8PercentEncode(c) { const buf = new Buffer(c); let str = ""; for (let i = 0; i < buf.length; ++i) { str += percentEncode(buf[i]); } return str; } function utf8PercentDecode(str) { const input = new Buffer(str); const output = []; for (let i = 0; i < input.length; ++i) { if (input[i] !== 37) { output.push(input[i]); } else if (input[i] === 37 && isASCIIHex(input[i + 1]) && isASCIIHex(input[i + 2])) { output.push(parseInt(input.slice(i + 1, i + 3).toString(), 16)); i += 2; } else { output.push(input[i]); } } return new Buffer(output).toString(); } function isC0ControlPercentEncode(c) { return c <= 0x1F || c > 0x7E; } const extraPathPercentEncodeSet = new Set([32, 34, 35, 60, 62, 63, 96, 123, 125]); function isPathPercentEncode(c) { return isC0ControlPercentEncode(c) || extraPathPercentEncodeSet.has(c); } const extraUserinfoPercentEncodeSet = new Set([47, 58, 59, 61, 64, 91, 92, 93, 94, 124]); function isUserinfoPercentEncode(c) { return isPathPercentEncode(c) || extraUserinfoPercentEncodeSet.has(c); } function percentEncodeChar(c, encodeSetPredicate) { const cStr = String.fromCodePoint(c); if (encodeSetPredicate(c)) { return utf8PercentEncode(cStr); } return cStr; } function parseIPv4Number(input) { let R = 10; if (input.length >= 2 && input.charAt(0) === "0" && input.charAt(1).toLowerCase() === "x") { input = input.substring(2); R = 16; } else if (input.length >= 2 && input.charAt(0) === "0") { input = input.substring(1); R = 8; } if (input === "") { return 0; } const regex = R === 10 ? /[^0-9]/ : (R === 16 ? /[^0-9A-Fa-f]/ : /[^0-7]/); if (regex.test(input)) { return failure; } return parseInt(input, R); } function parseIPv4(input) { const parts = input.split("."); if (parts[parts.length - 1] === "") { if (parts.length > 1) { parts.pop(); } } if (parts.length > 4) { return input; } const numbers = []; for (const part of parts) { if (part === "") { return input; } const n = parseIPv4Number(part); if (n === failure) { return input; } numbers.push(n); } for (let i = 0; i < numbers.length - 1; ++i) { if (numbers[i] > 255) { return failure; } } if (numbers[numbers.length - 1] >= Math.pow(256, 5 - numbers.length)) { return failure; } let ipv4 = numbers.pop(); let counter = 0; for (const n of numbers) { ipv4 += n * Math.pow(256, 3 - counter); ++counter; } return ipv4; } function serializeIPv4(address) { let output = ""; let n = address; for (let i = 1; i <= 4; ++i) { output = String(n % 256) + output; if (i !== 4) { output = "." + output; } n = Math.floor(n / 256); } return output; } function parseIPv6(input) { const address = [0, 0, 0, 0, 0, 0, 0, 0]; let pieceIndex = 0; let compress = null; let pointer = 0; input = punycode.ucs2.decode(input); if (input[pointer] === 58) { if (input[pointer + 1] !== 58) { return failure; } pointer += 2; ++pieceIndex; compress = pieceIndex; } while (pointer < input.length) { if (pieceIndex === 8) { return failure; } if (input[pointer] === 58) { if (compress !== null) { return failure; } ++pointer; ++pieceIndex; compress = pieceIndex; continue; } let value = 0; let length = 0; while (length < 4 && isASCIIHex(input[pointer])) { value = value * 0x10 + parseInt(at(input, pointer), 16); ++pointer; ++length; } if (input[pointer] === 46) { if (length === 0) { return failure; } pointer -= length; if (pieceIndex > 6) { return failure; } let numbersSeen = 0; while (input[pointer] !== undefined) { let ipv4Piece = null; if (numbersSeen > 0) { if (input[pointer] === 46 && numbersSeen < 4) { ++pointer; } else { return failure; } } if (!isASCIIDigit(input[pointer])) { return failure; } while (isASCIIDigit(input[pointer])) { const number = parseInt(at(input, pointer)); if (ipv4Piece === null) { ipv4Piece = number; } else if (ipv4Piece === 0) { return failure; } else { ipv4Piece = ipv4Piece * 10 + number; } if (ipv4Piece > 255) { return failure; } ++pointer; } address[pieceIndex] = address[pieceIndex] * 0x100 + ipv4Piece; ++numbersSeen; if (numbersSeen === 2 || numbersSeen === 4) { ++pieceIndex; } } if (numbersSeen !== 4) { return failure; } break; } else if (input[pointer] === 58) { ++pointer; if (input[pointer] === undefined) { return failure; } } else if (input[pointer] !== undefined) { return failure; } address[pieceIndex] = value; ++pieceIndex; } if (compress !== null) { let swaps = pieceIndex - compress; pieceIndex = 7; while (pieceIndex !== 0 && swaps > 0) { const temp = address[compress + swaps - 1]; address[compress + swaps - 1] = address[pieceIndex]; address[pieceIndex] = temp; --pieceIndex; --swaps; } } else if (compress === null && pieceIndex !== 8) { return failure; } return address; } function serializeIPv6(address) { let output = ""; const seqResult = findLongestZeroSequence(address); const compress = seqResult.idx; let ignore0 = false; for (let pieceIndex = 0; pieceIndex <= 7; ++pieceIndex) { if (ignore0 && address[pieceIndex] === 0) { continue; } else if (ignore0) { ignore0 = false; } if (compress === pieceIndex) { const separator = pieceIndex === 0 ? "::" : ":"; output += separator; ignore0 = true; continue; } output += address[pieceIndex].toString(16); if (pieceIndex !== 7) { output += ":"; } } return output; } function parseHost(input, isSpecialArg) { if (input[0] === "[") { if (input[input.length - 1] !== "]") { return failure; } return parseIPv6(input.substring(1, input.length - 1)); } if (!isSpecialArg) { return parseOpaqueHost(input); } const domain = utf8PercentDecode(input); const asciiDomain = tr46.toASCII(domain, false, tr46.PROCESSING_OPTIONS.NONTRANSITIONAL, false); if (asciiDomain === null) { return failure; } if (containsForbiddenHostCodePoint(asciiDomain)) { return failure; } const ipv4Host = parseIPv4(asciiDomain); if (typeof ipv4Host === "number" || ipv4Host === failure) { return ipv4Host; } return asciiDomain; } function parseOpaqueHost(input) { if (containsForbiddenHostCodePointExcludingPercent(input)) { return failure; } let output = ""; const decoded = punycode.ucs2.decode(input); for (let i = 0; i < decoded.length; ++i) { output += percentEncodeChar(decoded[i], isC0ControlPercentEncode); } return output; } function findLongestZeroSequence(arr) { let maxIdx = null; let maxLen = 1; // only find elements > 1 let currStart = null; let currLen = 0; for (let i = 0; i < arr.length; ++i) { if (arr[i] !== 0) { if (currLen > maxLen) { maxIdx = currStart; maxLen = currLen; } currStart = null; currLen = 0; } else { if (currStart === null) { currStart = i; } ++currLen; } } // if trailing zeros if (currLen > maxLen) { maxIdx = currStart; maxLen = currLen; } return { idx: maxIdx, len: maxLen }; } function serializeHost(host) { if (typeof host === "number") { return serializeIPv4(host); } // IPv6 serializer if (host instanceof Array) { return "[" + serializeIPv6(host) + "]"; } return host; } function trimControlChars(url) { return url.replace(/^[\u0000-\u001F\u0020]+|[\u0000-\u001F\u0020]+$/g, ""); } function trimTabAndNewline(url) { return url.replace(/\u0009|\u000A|\u000D/g, ""); } function shortenPath(url) { const path = url.path; if (path.length === 0) { return; } if (url.scheme === "file" && path.length === 1 && isNormalizedWindowsDriveLetter(path[0])) { return; } path.pop(); } function includesCredentials(url) { return url.username !== "" || url.password !== ""; } function cannotHaveAUsernamePasswordPort(url) { return url.host === null || url.host === "" || url.cannotBeABaseURL || url.scheme === "file"; } function isNormalizedWindowsDriveLetter(string) { return /^[A-Za-z]:$/.test(string); } function URLStateMachine(input, base, encodingOverride, url, stateOverride) { this.pointer = 0; this.input = input; this.base = base || null; this.encodingOverride = encodingOverride || "utf-8"; this.stateOverride = stateOverride; this.url = url; this.failure = false; this.parseError = false; if (!this.url) { this.url = { scheme: "", username: "", password: "", host: null, port: null, path: [], query: null, fragment: null, cannotBeABaseURL: false }; const res = trimControlChars(this.input); if (res !== this.input) { this.parseError = true; } this.input = res; } const res = trimTabAndNewline(this.input); if (res !== this.input) { this.parseError = true; } this.input = res; this.state = stateOverride || "scheme start"; this.buffer = ""; this.atFlag = false; this.arrFlag = false; this.passwordTokenSeenFlag = false; this.input = punycode.ucs2.decode(this.input); for (; this.pointer <= this.input.length; ++this.pointer) { const c = this.input[this.pointer]; const cStr = isNaN(c) ? undefined : String.fromCodePoint(c); // exec state machine const ret = this["parse " + this.state](c, cStr); if (!ret) { break; // terminate algorithm } else if (ret === failure) { this.failure = true; break; } } } URLStateMachine.prototype["parse scheme start"] = function parseSchemeStart(c, cStr) { if (isASCIIAlpha(c)) { this.buffer += cStr.toLowerCase(); this.state = "scheme"; } else if (!this.stateOverride) { this.state = "no scheme"; --this.pointer; } else { this.parseError = true; return failure; } return true; }; URLStateMachine.prototype["parse scheme"] = function parseScheme(c, cStr) { if (isASCIIAlphanumeric(c) || c === 43 || c === 45 || c === 46) { this.buffer += cStr.toLowerCase(); } else if (c === 58) { if (this.stateOverride) { if (isSpecial(this.url) && !isSpecialScheme(this.buffer)) { return false; } if (!isSpecial(this.url) && isSpecialScheme(this.buffer)) { return false; } if ((includesCredentials(this.url) || this.url.port !== null) && this.buffer === "file") { return false; } if (this.url.scheme === "file" && (this.url.host === "" || this.url.host === null)) { return false; } } this.url.scheme = this.buffer; this.buffer = ""; if (this.stateOverride) { return false; } if (this.url.scheme === "file") { if (this.input[this.pointer + 1] !== 47 || this.input[this.pointer + 2] !== 47) { this.parseError = true; } this.state = "file"; } else if (isSpecial(this.url) && this.base !== null && this.base.scheme === this.url.scheme) { this.state = "special relative or authority"; } else if (isSpecial(this.url)) { this.state = "special authority slashes"; } else if (this.input[this.pointer + 1] === 47) { this.state = "path or authority"; ++this.pointer; } else { this.url.cannotBeABaseURL = true; this.url.path.push(""); this.state = "cannot-be-a-base-URL path"; } } else if (!this.stateOverride) { this.buffer = ""; this.state = "no scheme"; this.pointer = -1; } else { this.parseError = true; return failure; } return true; }; URLStateMachine.prototype["parse no scheme"] = function parseNoScheme(c) { if (this.base === null || (this.base.cannotBeABaseURL && c !== 35)) { return failure; } else if (this.base.cannotBeABaseURL && c === 35) { this.url.scheme = this.base.scheme; this.url.path = this.base.path.slice(); this.url.query = this.base.query; this.url.fragment = ""; this.url.cannotBeABaseURL = true; this.state = "fragment"; } else if (this.base.scheme === "file") { this.state = "file"; --this.pointer; } else { this.state = "relative"; --this.pointer; } return true; }; URLStateMachine.prototype["parse special relative or authority"] = function parseSpecialRelativeOrAuthority(c) { if (c === 47 && this.input[this.pointer + 1] === 47) { this.state = "special authority ignore slashes"; ++this.pointer; } else { this.parseError = true; this.state = "relative"; --this.pointer; } return true; }; URLStateMachine.prototype["parse path or authority"] = function parsePathOrAuthority(c) { if (c === 47) { this.state = "authority"; } else { this.state = "path"; --this.pointer; } return true; }; URLStateMachine.prototype["parse relative"] = function parseRelative(c) { this.url.scheme = this.base.scheme; if (isNaN(c)) { this.url.username = this.base.username; this.url.password = this.base.password; this.url.host = this.base.host; this.url.port = this.base.port; this.url.path = this.base.path.slice(); this.url.query = this.base.query; } else if (c === 47) { this.state = "relative slash"; } else if (c === 63) { this.url.username = this.base.username; this.url.password = this.base.password; this.url.host = this.base.host; this.url.port = this.base.port; this.url.path = this.base.path.slice(); this.url.query = ""; this.state = "query"; } else if (c === 35) { this.url.username = this.base.username; this.url.password = this.base.password; this.url.host = this.base.host; this.url.port = this.base.port; this.url.path = this.base.path.slice(); this.url.query = this.base.query; this.url.fragment = ""; this.state = "fragment"; } else if (isSpecial(this.url) && c === 92) { this.parseError = true; this.state = "relative slash"; } else { this.url.username = this.base.username; this.url.password = this.base.password; this.url.host = this.base.host; this.url.port = this.base.port; this.url.path = this.base.path.slice(0, this.base.path.length - 1); this.state = "path"; --this.pointer; } return true; }; URLStateMachine.prototype["parse relative slash"] = function parseRelativeSlash(c) { if (isSpecial(this.url) && (c === 47 || c === 92)) { if (c === 92) { this.parseError = true; } this.state = "special authority ignore slashes"; } else if (c === 47) { this.state = "authority"; } else { this.url.username = this.base.username; this.url.password = this.base.password; this.url.host = this.base.host; this.url.port = this.base.port; this.state = "path"; --this.pointer; } return true; }; URLStateMachine.prototype["parse special authority slashes"] = function parseSpecialAuthoritySlashes(c) { if (c === 47 && this.input[this.pointer + 1] === 47) { this.state = "special authority ignore slashes"; ++this.pointer; } else { this.parseError = true; this.state = "special authority ignore slashes"; --this.pointer; } return true; }; URLStateMachine.prototype["parse special authority ignore slashes"] = function parseSpecialAuthorityIgnoreSlashes(c) { if (c !== 47 && c !== 92) { this.state = "authority"; --this.pointer; } else { this.parseError = true; } return true; }; URLStateMachine.prototype["parse authority"] = function parseAuthority(c, cStr) { if (c === 64) { this.parseError = true; if (this.atFlag) { this.buffer = "%40" + this.buffer; } this.atFlag = true; // careful, this is based on buffer and has its own pointer (this.pointer != pointer) and inner chars const len = countSymbols(this.buffer); for (let pointer = 0; pointer < len; ++pointer) { const codePoint = this.buffer.codePointAt(pointer); if (codePoint === 58 && !this.passwordTokenSeenFlag) { this.passwordTokenSeenFlag = true; continue; } const encodedCodePoints = percentEncodeChar(codePoint, isUserinfoPercentEncode); if (this.passwordTokenSeenFlag) { this.url.password += encodedCodePoints; } else { this.url.username += encodedCodePoints; } } this.buffer = ""; } else if (isNaN(c) || c === 47 || c === 63 || c === 35 || (isSpecial(this.url) && c === 92)) { if (this.atFlag && this.buffer === "") { this.parseError = true; return failure; } this.pointer -= countSymbols(this.buffer) + 1; this.buffer = ""; this.state = "host"; } else { this.buffer += cStr; } return true; }; URLStateMachine.prototype["parse hostname"] = URLStateMachine.prototype["parse host"] = function parseHostName(c, cStr) { if (this.stateOverride && this.url.scheme === "file") { --this.pointer; this.state = "file host"; } else if (c === 58 && !this.arrFlag) { if (this.buffer === "") { this.parseError = true; return failure; } const host = parseHost(this.buffer, isSpecial(this.url)); if (host === failure) { return failure; } this.url.host = host; this.buffer = ""; this.state = "port"; if (this.stateOverride === "hostname") { return false; } } else if (isNaN(c) || c === 47 || c === 63 || c === 35 || (isSpecial(this.url) && c === 92)) { --this.pointer; if (isSpecial(this.url) && this.buffer === "") { this.parseError = true; return failure; } else if (this.stateOverride && this.buffer === "" && (includesCredentials(this.url) || this.url.port !== null)) { this.parseError = true; return false; } const host = parseHost(this.buffer, isSpecial(this.url)); if (host === failure) { return failure; } this.url.host = host; this.buffer = ""; this.state = "path start"; if (this.stateOverride) { return false; } } else { if (c === 91) { this.arrFlag = true; } else if (c === 93) { this.arrFlag = false; } this.buffer += cStr; } return true; }; URLStateMachine.prototype["parse port"] = function parsePort(c, cStr) { if (isASCIIDigit(c)) { this.buffer += cStr; } else if (isNaN(c) || c === 47 || c === 63 || c === 35 || (isSpecial(this.url) && c === 92) || this.stateOverride) { if (this.buffer !== "") { const port = parseInt(this.buffer); if (port > Math.pow(2, 16) - 1) { this.parseError = true; return failure; } this.url.port = port === defaultPort(this.url.scheme) ? null : port; this.buffer = ""; } if (this.stateOverride) { return false; } this.state = "path start"; --this.pointer; } else { this.parseError = true; return failure; } return true; }; const fileOtherwiseCodePoints = new Set([47, 92, 63, 35]); URLStateMachine.prototype["parse file"] = function parseFile(c) { this.url.scheme = "file"; if (c === 47 || c === 92) { if (c === 92) { this.parseError = true; } this.state = "file slash"; } else if (this.base !== null && this.base.scheme === "file") { if (isNaN(c)) { this.url.host = this.base.host; this.url.path = this.base.path.slice(); this.url.query = this.base.query; } else if (c === 63) { this.url.host = this.base.host; this.url.path = this.base.path.slice(); this.url.query = ""; this.state = "query"; } else if (c === 35) { this.url.host = this.base.host; this.url.path = this.base.path.slice(); this.url.query = this.base.query; this.url.fragment = ""; this.state = "fragment"; } else { if (this.input.length - this.pointer - 1 === 0 || // remaining consists of 0 code points !isWindowsDriveLetterCodePoints(c, this.input[this.pointer + 1]) || (this.input.length - this.pointer - 1 >= 2 && // remaining has at least 2 code points !fileOtherwiseCodePoints.has(this.input[this.pointer + 2]))) { this.url.host = this.base.host; this.url.path = this.base.path.slice(); shortenPath(this.url); } else { this.parseError = true; } this.state = "path"; --this.pointer; } } else { this.state = "path"; --this.pointer; } return true; }; URLStateMachine.prototype["parse file slash"] = function parseFileSlash(c) { if (c === 47 || c === 92) { if (c === 92) { this.parseError = true; } this.state = "file host"; } else { if (this.base !== null && this.base.scheme === "file") { if (isNormalizedWindowsDriveLetterString(this.base.path[0])) { this.url.path.push(this.base.path[0]); } else { this.url.host = this.base.host; } } this.state = "path"; --this.pointer; } return true; }; URLStateMachine.prototype["parse file host"] = function parseFileHost(c, cStr) { if (isNaN(c) || c === 47 || c === 92 || c === 63 || c === 35) { --this.pointer; if (!this.stateOverride && isWindowsDriveLetterString(this.buffer)) { this.parseError = true; this.state = "path"; } else if (this.buffer === "") { this.url.host = ""; if (this.stateOverride) { return false; } this.state = "path start"; } else { let host = parseHost(this.buffer, isSpecial(this.url)); if (host === failure) { return failure; } if (host === "localhost") { host = ""; } this.url.host = host; if (this.stateOverride) { return false; } this.buffer = ""; this.state = "path start"; } } else { this.buffer += cStr; } return true; }; URLStateMachine.prototype["parse path start"] = function parsePathStart(c) { if (isSpecial(this.url)) { if (c === 92) { this.parseError = true; } this.state = "path"; if (c !== 47 && c !== 92) { --this.pointer; } } else if (!this.stateOverride && c === 63) { this.url.query = ""; this.state = "query"; } else if (!this.stateOverride && c === 35) { this.url.fragment = ""; this.state = "fragment"; } else if (c !== undefined) { this.state = "path"; if (c !== 47) { --this.pointer; } } return true; }; URLStateMachine.prototype["parse path"] = function parsePath(c) { if (isNaN(c) || c === 47 || (isSpecial(this.url) && c === 92) || (!this.stateOverride && (c === 63 || c === 35))) { if (isSpecial(this.url) && c === 92) { this.parseError = true; } if (isDoubleDot(this.buffer)) { shortenPath(this.url); if (c !== 47 && !(isSpecial(this.url) && c === 92)) { this.url.path.push(""); } } else if (isSingleDot(this.buffer) && c !== 47 && !(isSpecial(this.url) && c === 92)) { this.url.path.push(""); } else if (!isSingleDot(this.buffer)) { if (this.url.scheme === "file" && this.url.path.length === 0 && isWindowsDriveLetterString(this.buffer)) { if (this.url.host !== "" && this.url.host !== null) { this.parseError = true; this.url.host = ""; } this.buffer = this.buffer[0] + ":"; } this.url.path.push(this.buffer); } this.buffer = ""; if (this.url.scheme === "file" && (c === undefined || c === 63 || c === 35)) { while (this.url.path.length > 1 && this.url.path[0] === "") { this.parseError = true; this.url.path.shift(); } } if (c === 63) { this.url.query = ""; this.state = "query"; } if (c === 35) { this.url.fragment = ""; this.state = "fragment"; } } else { // TODO: If c is not a URL code point and not "%", parse error. if (c === 37 && (!isASCIIHex(this.input[this.pointer + 1]) || !isASCIIHex(this.input[this.pointer + 2]))) { this.parseError = true; } this.buffer += percentEncodeChar(c, isPathPercentEncode); } return true; }; URLStateMachine.prototype["parse cannot-be-a-base-URL path"] = function parseCannotBeABaseURLPath(c) { if (c === 63) { this.url.query = ""; this.state = "query"; } else if (c === 35) { this.url.fragment = ""; this.state = "fragment"; } else { // TODO: Add: not a URL code point if (!isNaN(c) && c !== 37) { this.parseError = true; } if (c === 37 && (!isASCIIHex(this.input[this.pointer + 1]) || !isASCIIHex(this.input[this.pointer + 2]))) { this.parseError = true; } if (!isNaN(c)) { this.url.path[0] = this.url.path[0] + percentEncodeChar(c, isC0ControlPercentEncode); } } return true; }; URLStateMachine.prototype["parse query"] = function parseQuery(c, cStr) { if (isNaN(c) || (!this.stateOverride && c === 35)) { if (!isSpecial(this.url) || this.url.scheme === "ws" || this.url.scheme === "wss") { this.encodingOverride = "utf-8"; } const buffer = new Buffer(this.buffer); // TODO: Use encoding override instead for (let i = 0; i < buffer.length; ++i) { if (buffer[i] < 0x21 || buffer[i] > 0x7E || buffer[i] === 0x22 || buffer[i] === 0x23 || buffer[i] === 0x3C || buffer[i] === 0x3E) { this.url.query += percentEncode(buffer[i]); } else { this.url.query += String.fromCodePoint(buffer[i]); } } this.buffer = ""; if (c === 35) { this.url.fragment = ""; this.state = "fragment"; } } else { // TODO: If c is not a URL code point and not "%", parse error. if (c === 37 && (!isASCIIHex(this.input[this.pointer + 1]) || !isASCIIHex(this.input[this.pointer + 2]))) { this.parseError = true; } this.buffer += cStr; } return true; }; URLStateMachine.prototype["parse fragment"] = function parseFragment(c) { if (isNaN(c)) { // do nothing } else if (c === 0x0) { this.parseError = true; } else { // TODO: If c is not a URL code point and not "%", parse error. if (c === 37 && (!isASCIIHex(this.input[this.pointer + 1]) || !isASCIIHex(this.input[this.pointer + 2]))) { this.parseError = true; } this.url.fragment += percentEncodeChar(c, isC0ControlPercentEncode); } return true; }; function serializeURL(url, excludeFragment) { let output = url.scheme + ":"; if (url.host !== null) { output += "//"; if (url.username !== "" || url.password !== "") { output += url.username; if (url.password !== "") { output += ":" + url.password; } output += "@"; } output += serializeHost(url.host); if (url.port !== null) { output += ":" + url.port; } } else if (url.host === null && url.scheme === "file") { output += "//"; } if (url.cannotBeABaseURL) { output += url.path[0]; } else { for (const string of url.path) { output += "/" + string; } } if (url.query !== null) { output += "?" + url.query; } if (!excludeFragment && url.fragment !== null) { output += "#" + url.fragment; } return output; } function serializeOrigin(tuple) { let result = tuple.scheme + "://"; result += serializeHost(tuple.host); if (tuple.port !== null) { result += ":" + tuple.port; } return result; } module.exports.serializeURL = serializeURL; module.exports.serializeURLOrigin = function (url) { // https://url.spec.whatwg.org/#concept-url-origin switch (url.scheme) { case "blob": try { return module.exports.serializeURLOrigin(module.exports.parseURL(url.path[0])); } catch (e) { // serializing an opaque origin returns "null" return "null"; } case "ftp": case "gopher": case "http": case "https": case "ws": case "wss": return serializeOrigin({ scheme: url.scheme, host: url.host, port: url.port }); case "file": // spec says "exercise to the reader", chrome says "file://" return "file://"; default: // serializing an opaque origin returns "null" return "null"; } }; module.exports.basicURLParse = function (input, options) { if (options === undefined) { options = {}; } const usm = new URLStateMachine(input, options.baseURL, options.encodingOverride, options.url, options.stateOverride); if (usm.failure) { return "failure"; } return usm.url; }; module.exports.setTheUsername = function (url, username) { url.username = ""; const decoded = punycode.ucs2.decode(username); for (let i = 0; i < decoded.length; ++i) { url.username += percentEncodeChar(decoded[i], isUserinfoPercentEncode); } }; module.exports.setThePassword = function (url, password) { url.password = ""; const decoded = punycode.ucs2.decode(password); for (let i = 0; i < decoded.length; ++i) { url.password += percentEncodeChar(decoded[i], isUserinfoPercentEncode); } }; module.exports.serializeHost = serializeHost; module.exports.cannotHaveAUsernamePasswordPort = cannotHaveAUsernamePasswordPort; module.exports.serializeInteger = function (integer) { return String(integer); }; module.exports.parseURL = function (input, options) { if (options === undefined) { options = {}; } // We don't handle blobs, so this just delegates: return module.exports.basicURLParse(input, { baseURL: options.baseURL, encodingOverride: options.encodingOverride }); }; /***/ }), /***/ 276: /***/ ((module) => { "use strict"; module.exports.mixin = function mixin(target, source) { const keys = Object.getOwnPropertyNames(source); for (let i = 0; i < keys.length; ++i) { Object.defineProperty(target, keys[i], Object.getOwnPropertyDescriptor(source, keys[i])); } }; module.exports.wrapperSymbol = Symbol("wrapper"); module.exports.implSymbol = Symbol("impl"); module.exports.wrapperForImpl = function (impl) { return impl[module.exports.wrapperSymbol]; }; module.exports.implForWrapper = function (wrapper) { return wrapper[module.exports.implSymbol]; }; /***/ }), /***/ 7994: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Advanced Encryption Standard (AES) implementation. * * This implementation is based on the public domain library 'jscrypto' which * was written by: * * Emily Stark (estark@stanford.edu) * Mike Hamburg (mhamburg@stanford.edu) * Dan Boneh (dabo@cs.stanford.edu) * * Parts of this code are based on the OpenSSL implementation of AES: * http://www.openssl.org * * @author Dave Longley * * Copyright (c) 2010-2014 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(7088); __nccwpck_require__(873); __nccwpck_require__(8339); /* AES API */ module.exports = forge.aes = forge.aes || {}; /** * Deprecated. Instead, use: * * var cipher = forge.cipher.createCipher('AES-', key); * cipher.start({iv: iv}); * * Creates an AES cipher object to encrypt data using the given symmetric key. * The output will be stored in the 'output' member of the returned cipher. * * The key and iv may be given as a string of bytes, an array of bytes, * a byte buffer, or an array of 32-bit words. * * @param key the symmetric key to use. * @param iv the initialization vector to use. * @param output the buffer to write to, null to create one. * @param mode the cipher mode to use (default: 'CBC'). * * @return the cipher. */ forge.aes.startEncrypting = function(key, iv, output, mode) { var cipher = _createCipher({ key: key, output: output, decrypt: false, mode: mode }); cipher.start(iv); return cipher; }; /** * Deprecated. Instead, use: * * var cipher = forge.cipher.createCipher('AES-', key); * * Creates an AES cipher object to encrypt data using the given symmetric key. * * The key may be given as a string of bytes, an array of bytes, a * byte buffer, or an array of 32-bit words. * * @param key the symmetric key to use. * @param mode the cipher mode to use (default: 'CBC'). * * @return the cipher. */ forge.aes.createEncryptionCipher = function(key, mode) { return _createCipher({ key: key, output: null, decrypt: false, mode: mode }); }; /** * Deprecated. Instead, use: * * var decipher = forge.cipher.createDecipher('AES-', key); * decipher.start({iv: iv}); * * Creates an AES cipher object to decrypt data using the given symmetric key. * The output will be stored in the 'output' member of the returned cipher. * * The key and iv may be given as a string of bytes, an array of bytes, * a byte buffer, or an array of 32-bit words. * * @param key the symmetric key to use. * @param iv the initialization vector to use. * @param output the buffer to write to, null to create one. * @param mode the cipher mode to use (default: 'CBC'). * * @return the cipher. */ forge.aes.startDecrypting = function(key, iv, output, mode) { var cipher = _createCipher({ key: key, output: output, decrypt: true, mode: mode }); cipher.start(iv); return cipher; }; /** * Deprecated. Instead, use: * * var decipher = forge.cipher.createDecipher('AES-', key); * * Creates an AES cipher object to decrypt data using the given symmetric key. * * The key may be given as a string of bytes, an array of bytes, a * byte buffer, or an array of 32-bit words. * * @param key the symmetric key to use. * @param mode the cipher mode to use (default: 'CBC'). * * @return the cipher. */ forge.aes.createDecryptionCipher = function(key, mode) { return _createCipher({ key: key, output: null, decrypt: true, mode: mode }); }; /** * Creates a new AES cipher algorithm object. * * @param name the name of the algorithm. * @param mode the mode factory function. * * @return the AES algorithm object. */ forge.aes.Algorithm = function(name, mode) { if(!init) { initialize(); } var self = this; self.name = name; self.mode = new mode({ blockSize: 16, cipher: { encrypt: function(inBlock, outBlock) { return _updateBlock(self._w, inBlock, outBlock, false); }, decrypt: function(inBlock, outBlock) { return _updateBlock(self._w, inBlock, outBlock, true); } } }); self._init = false; }; /** * Initializes this AES algorithm by expanding its key. * * @param options the options to use. * key the key to use with this algorithm. * decrypt true if the algorithm should be initialized for decryption, * false for encryption. */ forge.aes.Algorithm.prototype.initialize = function(options) { if(this._init) { return; } var key = options.key; var tmp; /* Note: The key may be a string of bytes, an array of bytes, a byte buffer, or an array of 32-bit integers. If the key is in bytes, then it must be 16, 24, or 32 bytes in length. If it is in 32-bit integers, it must be 4, 6, or 8 integers long. */ if(typeof key === 'string' && (key.length === 16 || key.length === 24 || key.length === 32)) { // convert key string into byte buffer key = forge.util.createBuffer(key); } else if(forge.util.isArray(key) && (key.length === 16 || key.length === 24 || key.length === 32)) { // convert key integer array into byte buffer tmp = key; key = forge.util.createBuffer(); for(var i = 0; i < tmp.length; ++i) { key.putByte(tmp[i]); } } // convert key byte buffer into 32-bit integer array if(!forge.util.isArray(key)) { tmp = key; key = []; // key lengths of 16, 24, 32 bytes allowed var len = tmp.length(); if(len === 16 || len === 24 || len === 32) { len = len >>> 2; for(var i = 0; i < len; ++i) { key.push(tmp.getInt32()); } } } // key must be an array of 32-bit integers by now if(!forge.util.isArray(key) || !(key.length === 4 || key.length === 6 || key.length === 8)) { throw new Error('Invalid key parameter.'); } // encryption operation is always used for these modes var mode = this.mode.name; var encryptOp = (['CFB', 'OFB', 'CTR', 'GCM'].indexOf(mode) !== -1); // do key expansion this._w = _expandKey(key, options.decrypt && !encryptOp); this._init = true; }; /** * Expands a key. Typically only used for testing. * * @param key the symmetric key to expand, as an array of 32-bit words. * @param decrypt true to expand for decryption, false for encryption. * * @return the expanded key. */ forge.aes._expandKey = function(key, decrypt) { if(!init) { initialize(); } return _expandKey(key, decrypt); }; /** * Updates a single block. Typically only used for testing. * * @param w the expanded key to use. * @param input an array of block-size 32-bit words. * @param output an array of block-size 32-bit words. * @param decrypt true to decrypt, false to encrypt. */ forge.aes._updateBlock = _updateBlock; /** Register AES algorithms **/ registerAlgorithm('AES-ECB', forge.cipher.modes.ecb); registerAlgorithm('AES-CBC', forge.cipher.modes.cbc); registerAlgorithm('AES-CFB', forge.cipher.modes.cfb); registerAlgorithm('AES-OFB', forge.cipher.modes.ofb); registerAlgorithm('AES-CTR', forge.cipher.modes.ctr); registerAlgorithm('AES-GCM', forge.cipher.modes.gcm); function registerAlgorithm(name, mode) { var factory = function() { return new forge.aes.Algorithm(name, mode); }; forge.cipher.registerAlgorithm(name, factory); } /** AES implementation **/ var init = false; // not yet initialized var Nb = 4; // number of words comprising the state (AES = 4) var sbox; // non-linear substitution table used in key expansion var isbox; // inversion of sbox var rcon; // round constant word array var mix; // mix-columns table var imix; // inverse mix-columns table /** * Performs initialization, ie: precomputes tables to optimize for speed. * * One way to understand how AES works is to imagine that 'addition' and * 'multiplication' are interfaces that require certain mathematical * properties to hold true (ie: they are associative) but they might have * different implementations and produce different kinds of results ... * provided that their mathematical properties remain true. AES defines * its own methods of addition and multiplication but keeps some important * properties the same, ie: associativity and distributivity. The * explanation below tries to shed some light on how AES defines addition * and multiplication of bytes and 32-bit words in order to perform its * encryption and decryption algorithms. * * The basics: * * The AES algorithm views bytes as binary representations of polynomials * that have either 1 or 0 as the coefficients. It defines the addition * or subtraction of two bytes as the XOR operation. It also defines the * multiplication of two bytes as a finite field referred to as GF(2^8) * (Note: 'GF' means "Galois Field" which is a field that contains a finite * number of elements so GF(2^8) has 256 elements). * * This means that any two bytes can be represented as binary polynomials; * when they multiplied together and modularly reduced by an irreducible * polynomial of the 8th degree, the results are the field GF(2^8). The * specific irreducible polynomial that AES uses in hexadecimal is 0x11b. * This multiplication is associative with 0x01 as the identity: * * (b * 0x01 = GF(b, 0x01) = b). * * The operation GF(b, 0x02) can be performed at the byte level by left * shifting b once and then XOR'ing it (to perform the modular reduction) * with 0x11b if b is >= 128. Repeated application of the multiplication * of 0x02 can be used to implement the multiplication of any two bytes. * * For instance, multiplying 0x57 and 0x13, denoted as GF(0x57, 0x13), can * be performed by factoring 0x13 into 0x01, 0x02, and 0x10. Then these * factors can each be multiplied by 0x57 and then added together. To do * the multiplication, values for 0x57 multiplied by each of these 3 factors * can be precomputed and stored in a table. To add them, the values from * the table are XOR'd together. * * AES also defines addition and multiplication of words, that is 4-byte * numbers represented as polynomials of 3 degrees where the coefficients * are the values of the bytes. * * The word [a0, a1, a2, a3] is a polynomial a3x^3 + a2x^2 + a1x + a0. * * Addition is performed by XOR'ing like powers of x. Multiplication * is performed in two steps, the first is an algebriac expansion as * you would do normally (where addition is XOR). But the result is * a polynomial larger than 3 degrees and thus it cannot fit in a word. So * next the result is modularly reduced by an AES-specific polynomial of * degree 4 which will always produce a polynomial of less than 4 degrees * such that it will fit in a word. In AES, this polynomial is x^4 + 1. * * The modular product of two polynomials 'a' and 'b' is thus: * * d(x) = d3x^3 + d2x^2 + d1x + d0 * with * d0 = GF(a0, b0) ^ GF(a3, b1) ^ GF(a2, b2) ^ GF(a1, b3) * d1 = GF(a1, b0) ^ GF(a0, b1) ^ GF(a3, b2) ^ GF(a2, b3) * d2 = GF(a2, b0) ^ GF(a1, b1) ^ GF(a0, b2) ^ GF(a3, b3) * d3 = GF(a3, b0) ^ GF(a2, b1) ^ GF(a1, b2) ^ GF(a0, b3) * * As a matrix: * * [d0] = [a0 a3 a2 a1][b0] * [d1] [a1 a0 a3 a2][b1] * [d2] [a2 a1 a0 a3][b2] * [d3] [a3 a2 a1 a0][b3] * * Special polynomials defined by AES (0x02 == {02}): * a(x) = {03}x^3 + {01}x^2 + {01}x + {02} * a^-1(x) = {0b}x^3 + {0d}x^2 + {09}x + {0e}. * * These polynomials are used in the MixColumns() and InverseMixColumns() * operations, respectively, to cause each element in the state to affect * the output (referred to as diffusing). * * RotWord() uses: a0 = a1 = a2 = {00} and a3 = {01}, which is the * polynomial x3. * * The ShiftRows() method modifies the last 3 rows in the state (where * the state is 4 words with 4 bytes per word) by shifting bytes cyclically. * The 1st byte in the second row is moved to the end of the row. The 1st * and 2nd bytes in the third row are moved to the end of the row. The 1st, * 2nd, and 3rd bytes are moved in the fourth row. * * More details on how AES arithmetic works: * * In the polynomial representation of binary numbers, XOR performs addition * and subtraction and multiplication in GF(2^8) denoted as GF(a, b) * corresponds with the multiplication of polynomials modulo an irreducible * polynomial of degree 8. In other words, for AES, GF(a, b) will multiply * polynomial 'a' with polynomial 'b' and then do a modular reduction by * an AES-specific irreducible polynomial of degree 8. * * A polynomial is irreducible if its only divisors are one and itself. For * the AES algorithm, this irreducible polynomial is: * * m(x) = x^8 + x^4 + x^3 + x + 1, * * or {01}{1b} in hexadecimal notation, where each coefficient is a bit: * 100011011 = 283 = 0x11b. * * For example, GF(0x57, 0x83) = 0xc1 because * * 0x57 = 87 = 01010111 = x^6 + x^4 + x^2 + x + 1 * 0x85 = 131 = 10000101 = x^7 + x + 1 * * (x^6 + x^4 + x^2 + x + 1) * (x^7 + x + 1) * = x^13 + x^11 + x^9 + x^8 + x^7 + * x^7 + x^5 + x^3 + x^2 + x + * x^6 + x^4 + x^2 + x + 1 * = x^13 + x^11 + x^9 + x^8 + x^6 + x^5 + x^4 + x^3 + 1 = y * y modulo (x^8 + x^4 + x^3 + x + 1) * = x^7 + x^6 + 1. * * The modular reduction by m(x) guarantees the result will be a binary * polynomial of less than degree 8, so that it can fit in a byte. * * The operation to multiply a binary polynomial b with x (the polynomial * x in binary representation is 00000010) is: * * b_7x^8 + b_6x^7 + b_5x^6 + b_4x^5 + b_3x^4 + b_2x^3 + b_1x^2 + b_0x^1 * * To get GF(b, x) we must reduce that by m(x). If b_7 is 0 (that is the * most significant bit is 0 in b) then the result is already reduced. If * it is 1, then we can reduce it by subtracting m(x) via an XOR. * * It follows that multiplication by x (00000010 or 0x02) can be implemented * by performing a left shift followed by a conditional bitwise XOR with * 0x1b. This operation on bytes is denoted by xtime(). Multiplication by * higher powers of x can be implemented by repeated application of xtime(). * * By adding intermediate results, multiplication by any constant can be * implemented. For instance: * * GF(0x57, 0x13) = 0xfe because: * * xtime(b) = (b & 128) ? (b << 1 ^ 0x11b) : (b << 1) * * Note: We XOR with 0x11b instead of 0x1b because in javascript our * datatype for b can be larger than 1 byte, so a left shift will not * automatically eliminate bits that overflow a byte ... by XOR'ing the * overflow bit with 1 (the extra one from 0x11b) we zero it out. * * GF(0x57, 0x02) = xtime(0x57) = 0xae * GF(0x57, 0x04) = xtime(0xae) = 0x47 * GF(0x57, 0x08) = xtime(0x47) = 0x8e * GF(0x57, 0x10) = xtime(0x8e) = 0x07 * * GF(0x57, 0x13) = GF(0x57, (0x01 ^ 0x02 ^ 0x10)) * * And by the distributive property (since XOR is addition and GF() is * multiplication): * * = GF(0x57, 0x01) ^ GF(0x57, 0x02) ^ GF(0x57, 0x10) * = 0x57 ^ 0xae ^ 0x07 * = 0xfe. */ function initialize() { init = true; /* Populate the Rcon table. These are the values given by [x^(i-1),{00},{00},{00}] where x^(i-1) are powers of x (and x = 0x02) in the field of GF(2^8), where i starts at 1. rcon[0] = [0x00, 0x00, 0x00, 0x00] rcon[1] = [0x01, 0x00, 0x00, 0x00] 2^(1-1) = 2^0 = 1 rcon[2] = [0x02, 0x00, 0x00, 0x00] 2^(2-1) = 2^1 = 2 ... rcon[9] = [0x1B, 0x00, 0x00, 0x00] 2^(9-1) = 2^8 = 0x1B rcon[10] = [0x36, 0x00, 0x00, 0x00] 2^(10-1) = 2^9 = 0x36 We only store the first byte because it is the only one used. */ rcon = [0x00, 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36]; // compute xtime table which maps i onto GF(i, 0x02) var xtime = new Array(256); for(var i = 0; i < 128; ++i) { xtime[i] = i << 1; xtime[i + 128] = (i + 128) << 1 ^ 0x11B; } // compute all other tables sbox = new Array(256); isbox = new Array(256); mix = new Array(4); imix = new Array(4); for(var i = 0; i < 4; ++i) { mix[i] = new Array(256); imix[i] = new Array(256); } var e = 0, ei = 0, e2, e4, e8, sx, sx2, me, ime; for(var i = 0; i < 256; ++i) { /* We need to generate the SubBytes() sbox and isbox tables so that we can perform byte substitutions. This requires us to traverse all of the elements in GF, find their multiplicative inverses, and apply to each the following affine transformation: bi' = bi ^ b(i + 4) mod 8 ^ b(i + 5) mod 8 ^ b(i + 6) mod 8 ^ b(i + 7) mod 8 ^ ci for 0 <= i < 8, where bi is the ith bit of the byte, and ci is the ith bit of a byte c with the value {63} or {01100011}. It is possible to traverse every possible value in a Galois field using what is referred to as a 'generator'. There are many generators (128 out of 256): 3,5,6,9,11,82 to name a few. To fully traverse GF we iterate 255 times, multiplying by our generator each time. On each iteration we can determine the multiplicative inverse for the current element. Suppose there is an element in GF 'e'. For a given generator 'g', e = g^x. The multiplicative inverse of e is g^(255 - x). It turns out that if use the inverse of a generator as another generator it will produce all of the corresponding multiplicative inverses at the same time. For this reason, we choose 5 as our inverse generator because it only requires 2 multiplies and 1 add and its inverse, 82, requires relatively few operations as well. In order to apply the affine transformation, the multiplicative inverse 'ei' of 'e' can be repeatedly XOR'd (4 times) with a bit-cycling of 'ei'. To do this 'ei' is first stored in 's' and 'x'. Then 's' is left shifted and the high bit of 's' is made the low bit. The resulting value is stored in 's'. Then 'x' is XOR'd with 's' and stored in 'x'. On each subsequent iteration the same operation is performed. When 4 iterations are complete, 'x' is XOR'd with 'c' (0x63) and the transformed value is stored in 'x'. For example: s = 01000001 x = 01000001 iteration 1: s = 10000010, x ^= s iteration 2: s = 00000101, x ^= s iteration 3: s = 00001010, x ^= s iteration 4: s = 00010100, x ^= s x ^= 0x63 This can be done with a loop where s = (s << 1) | (s >> 7). However, it can also be done by using a single 16-bit (in this case 32-bit) number 'sx'. Since XOR is an associative operation, we can set 'sx' to 'ei' and then XOR it with 'sx' left-shifted 1,2,3, and 4 times. The most significant bits will flow into the high 8 bit positions and be correctly XOR'd with one another. All that remains will be to cycle the high 8 bits by XOR'ing them all with the lower 8 bits afterwards. At the same time we're populating sbox and isbox we can precompute the multiplication we'll need to do to do MixColumns() later. */ // apply affine transformation sx = ei ^ (ei << 1) ^ (ei << 2) ^ (ei << 3) ^ (ei << 4); sx = (sx >> 8) ^ (sx & 255) ^ 0x63; // update tables sbox[e] = sx; isbox[sx] = e; /* Mixing columns is done using matrix multiplication. The columns that are to be mixed are each a single word in the current state. The state has Nb columns (4 columns). Therefore each column is a 4 byte word. So to mix the columns in a single column 'c' where its rows are r0, r1, r2, and r3, we use the following matrix multiplication: [2 3 1 1]*[r0,c]=[r'0,c] [1 2 3 1] [r1,c] [r'1,c] [1 1 2 3] [r2,c] [r'2,c] [3 1 1 2] [r3,c] [r'3,c] r0, r1, r2, and r3 are each 1 byte of one of the words in the state (a column). To do matrix multiplication for each mixed column c' we multiply the corresponding row from the left matrix with the corresponding column from the right matrix. In total, we get 4 equations: r0,c' = 2*r0,c + 3*r1,c + 1*r2,c + 1*r3,c r1,c' = 1*r0,c + 2*r1,c + 3*r2,c + 1*r3,c r2,c' = 1*r0,c + 1*r1,c + 2*r2,c + 3*r3,c r3,c' = 3*r0,c + 1*r1,c + 1*r2,c + 2*r3,c As usual, the multiplication is as previously defined and the addition is XOR. In order to optimize mixing columns we can store the multiplication results in tables. If you think of the whole column as a word (it might help to visualize by mentally rotating the equations above by counterclockwise 90 degrees) then you can see that it would be useful to map the multiplications performed on each byte (r0, r1, r2, r3) onto a word as well. For instance, we could map 2*r0,1*r0,1*r0,3*r0 onto a word by storing 2*r0 in the highest 8 bits and 3*r0 in the lowest 8 bits (with the other two respectively in the middle). This means that a table can be constructed that uses r0 as an index to the word. We can do the same with r1, r2, and r3, creating a total of 4 tables. To construct a full c', we can just look up each byte of c in their respective tables and XOR the results together. Also, to build each table we only have to calculate the word for 2,1,1,3 for every byte ... which we can do on each iteration of this loop since we will iterate over every byte. After we have calculated 2,1,1,3 we can get the results for the other tables by cycling the byte at the end to the beginning. For instance we can take the result of table 2,1,1,3 and produce table 3,2,1,1 by moving the right most byte to the left most position just like how you can imagine the 3 moved out of 2,1,1,3 and to the front to produce 3,2,1,1. There is another optimization in that the same multiples of the current element we need in order to advance our generator to the next iteration can be reused in performing the 2,1,1,3 calculation. We also calculate the inverse mix column tables, with e,9,d,b being the inverse of 2,1,1,3. When we're done, and we need to actually mix columns, the first byte of each state word should be put through mix[0] (2,1,1,3), the second through mix[1] (3,2,1,1) and so forth. Then they should be XOR'd together to produce the fully mixed column. */ // calculate mix and imix table values sx2 = xtime[sx]; e2 = xtime[e]; e4 = xtime[e2]; e8 = xtime[e4]; me = (sx2 << 24) ^ // 2 (sx << 16) ^ // 1 (sx << 8) ^ // 1 (sx ^ sx2); // 3 ime = (e2 ^ e4 ^ e8) << 24 ^ // E (14) (e ^ e8) << 16 ^ // 9 (e ^ e4 ^ e8) << 8 ^ // D (13) (e ^ e2 ^ e8); // B (11) // produce each of the mix tables by rotating the 2,1,1,3 value for(var n = 0; n < 4; ++n) { mix[n][e] = me; imix[n][sx] = ime; // cycle the right most byte to the left most position // ie: 2,1,1,3 becomes 3,2,1,1 me = me << 24 | me >>> 8; ime = ime << 24 | ime >>> 8; } // get next element and inverse if(e === 0) { // 1 is the inverse of 1 e = ei = 1; } else { // e = 2e + 2*2*2*(10e)) = multiply e by 82 (chosen generator) // ei = ei + 2*2*ei = multiply ei by 5 (inverse generator) e = e2 ^ xtime[xtime[xtime[e2 ^ e8]]]; ei ^= xtime[xtime[ei]]; } } } /** * Generates a key schedule using the AES key expansion algorithm. * * The AES algorithm takes the Cipher Key, K, and performs a Key Expansion * routine to generate a key schedule. The Key Expansion generates a total * of Nb*(Nr + 1) words: the algorithm requires an initial set of Nb words, * and each of the Nr rounds requires Nb words of key data. The resulting * key schedule consists of a linear array of 4-byte words, denoted [wi ], * with i in the range 0 <= i < Nb(Nr + 1). * * KeyExpansion(byte key[4*Nk], word w[Nb*(Nr+1)], Nk) * AES-128 (Nb=4, Nk=4, Nr=10) * AES-192 (Nb=4, Nk=6, Nr=12) * AES-256 (Nb=4, Nk=8, Nr=14) * Note: Nr=Nk+6. * * Nb is the number of columns (32-bit words) comprising the State (or * number of bytes in a block). For AES, Nb=4. * * @param key the key to schedule (as an array of 32-bit words). * @param decrypt true to modify the key schedule to decrypt, false not to. * * @return the generated key schedule. */ function _expandKey(key, decrypt) { // copy the key's words to initialize the key schedule var w = key.slice(0); /* RotWord() will rotate a word, moving the first byte to the last byte's position (shifting the other bytes left). We will be getting the value of Rcon at i / Nk. 'i' will iterate from Nk to (Nb * Nr+1). Nk = 4 (4 byte key), Nb = 4 (4 words in a block), Nr = Nk + 6 (10). Therefore 'i' will iterate from 4 to 44 (exclusive). Each time we iterate 4 times, i / Nk will increase by 1. We use a counter iNk to keep track of this. */ // go through the rounds expanding the key var temp, iNk = 1; var Nk = w.length; var Nr1 = Nk + 6 + 1; var end = Nb * Nr1; for(var i = Nk; i < end; ++i) { temp = w[i - 1]; if(i % Nk === 0) { // temp = SubWord(RotWord(temp)) ^ Rcon[i / Nk] temp = sbox[temp >>> 16 & 255] << 24 ^ sbox[temp >>> 8 & 255] << 16 ^ sbox[temp & 255] << 8 ^ sbox[temp >>> 24] ^ (rcon[iNk] << 24); iNk++; } else if(Nk > 6 && (i % Nk === 4)) { // temp = SubWord(temp) temp = sbox[temp >>> 24] << 24 ^ sbox[temp >>> 16 & 255] << 16 ^ sbox[temp >>> 8 & 255] << 8 ^ sbox[temp & 255]; } w[i] = w[i - Nk] ^ temp; } /* When we are updating a cipher block we always use the code path for encryption whether we are decrypting or not (to shorten code and simplify the generation of look up tables). However, because there are differences in the decryption algorithm, other than just swapping in different look up tables, we must transform our key schedule to account for these changes: 1. The decryption algorithm gets its key rounds in reverse order. 2. The decryption algorithm adds the round key before mixing columns instead of afterwards. We don't need to modify our key schedule to handle the first case, we can just traverse the key schedule in reverse order when decrypting. The second case requires a little work. The tables we built for performing rounds will take an input and then perform SubBytes() and MixColumns() or, for the decrypt version, InvSubBytes() and InvMixColumns(). But the decrypt algorithm requires us to AddRoundKey() before InvMixColumns(). This means we'll need to apply some transformations to the round key to inverse-mix its columns so they'll be correct for moving AddRoundKey() to after the state has had its columns inverse-mixed. To inverse-mix the columns of the state when we're decrypting we use a lookup table that will apply InvSubBytes() and InvMixColumns() at the same time. However, the round key's bytes are not inverse-substituted in the decryption algorithm. To get around this problem, we can first substitute the bytes in the round key so that when we apply the transformation via the InvSubBytes()+InvMixColumns() table, it will undo our substitution leaving us with the original value that we want -- and then inverse-mix that value. This change will correctly alter our key schedule so that we can XOR each round key with our already transformed decryption state. This allows us to use the same code path as the encryption algorithm. We make one more change to the decryption key. Since the decryption algorithm runs in reverse from the encryption algorithm, we reverse the order of the round keys to avoid having to iterate over the key schedule backwards when running the encryption algorithm later in decryption mode. In addition to reversing the order of the round keys, we also swap each round key's 2nd and 4th rows. See the comments section where rounds are performed for more details about why this is done. These changes are done inline with the other substitution described above. */ if(decrypt) { var tmp; var m0 = imix[0]; var m1 = imix[1]; var m2 = imix[2]; var m3 = imix[3]; var wnew = w.slice(0); end = w.length; for(var i = 0, wi = end - Nb; i < end; i += Nb, wi -= Nb) { // do not sub the first or last round key (round keys are Nb // words) as no column mixing is performed before they are added, // but do change the key order if(i === 0 || i === (end - Nb)) { wnew[i] = w[wi]; wnew[i + 1] = w[wi + 3]; wnew[i + 2] = w[wi + 2]; wnew[i + 3] = w[wi + 1]; } else { // substitute each round key byte because the inverse-mix // table will inverse-substitute it (effectively cancel the // substitution because round key bytes aren't sub'd in // decryption mode) and swap indexes 3 and 1 for(var n = 0; n < Nb; ++n) { tmp = w[wi + n]; wnew[i + (3&-n)] = m0[sbox[tmp >>> 24]] ^ m1[sbox[tmp >>> 16 & 255]] ^ m2[sbox[tmp >>> 8 & 255]] ^ m3[sbox[tmp & 255]]; } } } w = wnew; } return w; } /** * Updates a single block (16 bytes) using AES. The update will either * encrypt or decrypt the block. * * @param w the key schedule. * @param input the input block (an array of 32-bit words). * @param output the updated output block. * @param decrypt true to decrypt the block, false to encrypt it. */ function _updateBlock(w, input, output, decrypt) { /* Cipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)]) begin byte state[4,Nb] state = in AddRoundKey(state, w[0, Nb-1]) for round = 1 step 1 to Nr-1 SubBytes(state) ShiftRows(state) MixColumns(state) AddRoundKey(state, w[round*Nb, (round+1)*Nb-1]) end for SubBytes(state) ShiftRows(state) AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1]) out = state end InvCipher(byte in[4*Nb], byte out[4*Nb], word w[Nb*(Nr+1)]) begin byte state[4,Nb] state = in AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1]) for round = Nr-1 step -1 downto 1 InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w[round*Nb, (round+1)*Nb-1]) InvMixColumns(state) end for InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w[0, Nb-1]) out = state end */ // Encrypt: AddRoundKey(state, w[0, Nb-1]) // Decrypt: AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1]) var Nr = w.length / 4 - 1; var m0, m1, m2, m3, sub; if(decrypt) { m0 = imix[0]; m1 = imix[1]; m2 = imix[2]; m3 = imix[3]; sub = isbox; } else { m0 = mix[0]; m1 = mix[1]; m2 = mix[2]; m3 = mix[3]; sub = sbox; } var a, b, c, d, a2, b2, c2; a = input[0] ^ w[0]; b = input[decrypt ? 3 : 1] ^ w[1]; c = input[2] ^ w[2]; d = input[decrypt ? 1 : 3] ^ w[3]; var i = 3; /* In order to share code we follow the encryption algorithm when both encrypting and decrypting. To account for the changes required in the decryption algorithm, we use different lookup tables when decrypting and use a modified key schedule to account for the difference in the order of transformations applied when performing rounds. We also get key rounds in reverse order (relative to encryption). */ for(var round = 1; round < Nr; ++round) { /* As described above, we'll be using table lookups to perform the column mixing. Each column is stored as a word in the state (the array 'input' has one column as a word at each index). In order to mix a column, we perform these transformations on each row in c, which is 1 byte in each word. The new column for c0 is c'0: m0 m1 m2 m3 r0,c'0 = 2*r0,c0 + 3*r1,c0 + 1*r2,c0 + 1*r3,c0 r1,c'0 = 1*r0,c0 + 2*r1,c0 + 3*r2,c0 + 1*r3,c0 r2,c'0 = 1*r0,c0 + 1*r1,c0 + 2*r2,c0 + 3*r3,c0 r3,c'0 = 3*r0,c0 + 1*r1,c0 + 1*r2,c0 + 2*r3,c0 So using mix tables where c0 is a word with r0 being its upper 8 bits and r3 being its lower 8 bits: m0[c0 >> 24] will yield this word: [2*r0,1*r0,1*r0,3*r0] ... m3[c0 & 255] will yield this word: [1*r3,1*r3,3*r3,2*r3] Therefore to mix the columns in each word in the state we do the following (& 255 omitted for brevity): c'0,r0 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3] c'0,r1 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3] c'0,r2 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3] c'0,r3 = m0[c0 >> 24] ^ m1[c1 >> 16] ^ m2[c2 >> 8] ^ m3[c3] However, before mixing, the algorithm requires us to perform ShiftRows(). The ShiftRows() transformation cyclically shifts the last 3 rows of the state over different offsets. The first row (r = 0) is not shifted. s'_r,c = s_r,(c + shift(r, Nb) mod Nb for 0 < r < 4 and 0 <= c < Nb and shift(1, 4) = 1 shift(2, 4) = 2 shift(3, 4) = 3. This causes the first byte in r = 1 to be moved to the end of the row, the first 2 bytes in r = 2 to be moved to the end of the row, the first 3 bytes in r = 3 to be moved to the end of the row: r1: [c0 c1 c2 c3] => [c1 c2 c3 c0] r2: [c0 c1 c2 c3] [c2 c3 c0 c1] r3: [c0 c1 c2 c3] [c3 c0 c1 c2] We can make these substitutions inline with our column mixing to generate an updated set of equations to produce each word in the state (note the columns have changed positions): c0 c1 c2 c3 => c0 c1 c2 c3 c0 c1 c2 c3 c1 c2 c3 c0 (cycled 1 byte) c0 c1 c2 c3 c2 c3 c0 c1 (cycled 2 bytes) c0 c1 c2 c3 c3 c0 c1 c2 (cycled 3 bytes) Therefore: c'0 = 2*r0,c0 + 3*r1,c1 + 1*r2,c2 + 1*r3,c3 c'0 = 1*r0,c0 + 2*r1,c1 + 3*r2,c2 + 1*r3,c3 c'0 = 1*r0,c0 + 1*r1,c1 + 2*r2,c2 + 3*r3,c3 c'0 = 3*r0,c0 + 1*r1,c1 + 1*r2,c2 + 2*r3,c3 c'1 = 2*r0,c1 + 3*r1,c2 + 1*r2,c3 + 1*r3,c0 c'1 = 1*r0,c1 + 2*r1,c2 + 3*r2,c3 + 1*r3,c0 c'1 = 1*r0,c1 + 1*r1,c2 + 2*r2,c3 + 3*r3,c0 c'1 = 3*r0,c1 + 1*r1,c2 + 1*r2,c3 + 2*r3,c0 ... and so forth for c'2 and c'3. The important distinction is that the columns are cycling, with c0 being used with the m0 map when calculating c0, but c1 being used with the m0 map when calculating c1 ... and so forth. When performing the inverse we transform the mirror image and skip the bottom row, instead of the top one, and move upwards: c3 c2 c1 c0 => c0 c3 c2 c1 (cycled 3 bytes) *same as encryption c3 c2 c1 c0 c1 c0 c3 c2 (cycled 2 bytes) c3 c2 c1 c0 c2 c1 c0 c3 (cycled 1 byte) *same as encryption c3 c2 c1 c0 c3 c2 c1 c0 If you compare the resulting matrices for ShiftRows()+MixColumns() and for InvShiftRows()+InvMixColumns() the 2nd and 4th columns are different (in encrypt mode vs. decrypt mode). So in order to use the same code to handle both encryption and decryption, we will need to do some mapping. If in encryption mode we let a=c0, b=c1, c=c2, d=c3, and r be a row number in the state, then the resulting matrix in encryption mode for applying the above transformations would be: r1: a b c d r2: b c d a r3: c d a b r4: d a b c If we did the same in decryption mode we would get: r1: a d c b r2: b a d c r3: c b a d r4: d c b a If instead we swap d and b (set b=c3 and d=c1), then we get: r1: a b c d r2: d a b c r3: c d a b r4: b c d a Now the 1st and 3rd rows are the same as the encryption matrix. All we need to do then to make the mapping exactly the same is to swap the 2nd and 4th rows when in decryption mode. To do this without having to do it on each iteration, we swapped the 2nd and 4th rows in the decryption key schedule. We also have to do the swap above when we first pull in the input and when we set the final output. */ a2 = m0[a >>> 24] ^ m1[b >>> 16 & 255] ^ m2[c >>> 8 & 255] ^ m3[d & 255] ^ w[++i]; b2 = m0[b >>> 24] ^ m1[c >>> 16 & 255] ^ m2[d >>> 8 & 255] ^ m3[a & 255] ^ w[++i]; c2 = m0[c >>> 24] ^ m1[d >>> 16 & 255] ^ m2[a >>> 8 & 255] ^ m3[b & 255] ^ w[++i]; d = m0[d >>> 24] ^ m1[a >>> 16 & 255] ^ m2[b >>> 8 & 255] ^ m3[c & 255] ^ w[++i]; a = a2; b = b2; c = c2; } /* Encrypt: SubBytes(state) ShiftRows(state) AddRoundKey(state, w[Nr*Nb, (Nr+1)*Nb-1]) Decrypt: InvShiftRows(state) InvSubBytes(state) AddRoundKey(state, w[0, Nb-1]) */ // Note: rows are shifted inline output[0] = (sub[a >>> 24] << 24) ^ (sub[b >>> 16 & 255] << 16) ^ (sub[c >>> 8 & 255] << 8) ^ (sub[d & 255]) ^ w[++i]; output[decrypt ? 3 : 1] = (sub[b >>> 24] << 24) ^ (sub[c >>> 16 & 255] << 16) ^ (sub[d >>> 8 & 255] << 8) ^ (sub[a & 255]) ^ w[++i]; output[2] = (sub[c >>> 24] << 24) ^ (sub[d >>> 16 & 255] << 16) ^ (sub[a >>> 8 & 255] << 8) ^ (sub[b & 255]) ^ w[++i]; output[decrypt ? 1 : 3] = (sub[d >>> 24] << 24) ^ (sub[a >>> 16 & 255] << 16) ^ (sub[b >>> 8 & 255] << 8) ^ (sub[c & 255]) ^ w[++i]; } /** * Deprecated. Instead, use: * * forge.cipher.createCipher('AES-', key); * forge.cipher.createDecipher('AES-', key); * * Creates a deprecated AES cipher object. This object's mode will default to * CBC (cipher-block-chaining). * * The key and iv may be given as a string of bytes, an array of bytes, a * byte buffer, or an array of 32-bit words. * * @param options the options to use. * key the symmetric key to use. * output the buffer to write to. * decrypt true for decryption, false for encryption. * mode the cipher mode to use (default: 'CBC'). * * @return the cipher. */ function _createCipher(options) { options = options || {}; var mode = (options.mode || 'CBC').toUpperCase(); var algorithm = 'AES-' + mode; var cipher; if(options.decrypt) { cipher = forge.cipher.createDecipher(algorithm, options.key); } else { cipher = forge.cipher.createCipher(algorithm, options.key); } // backwards compatible start API var start = cipher.start; cipher.start = function(iv, options) { // backwards compatibility: support second arg as output buffer var output = null; if(options instanceof forge.util.ByteBuffer) { output = options; options = {}; } options = options || {}; options.output = output; options.iv = iv; start.call(cipher, options); }; return cipher; } /***/ }), /***/ 1449: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * A Javascript implementation of AES Cipher Suites for TLS. * * @author Dave Longley * * Copyright (c) 2009-2015 Digital Bazaar, Inc. * */ var forge = __nccwpck_require__(9177); __nccwpck_require__(7994); __nccwpck_require__(9167); var tls = module.exports = forge.tls; /** * Supported cipher suites. */ tls.CipherSuites['TLS_RSA_WITH_AES_128_CBC_SHA'] = { id: [0x00, 0x2f], name: 'TLS_RSA_WITH_AES_128_CBC_SHA', initSecurityParameters: function(sp) { sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes; sp.cipher_type = tls.CipherType.block; sp.enc_key_length = 16; sp.block_length = 16; sp.fixed_iv_length = 16; sp.record_iv_length = 16; sp.mac_algorithm = tls.MACAlgorithm.hmac_sha1; sp.mac_length = 20; sp.mac_key_length = 20; }, initConnectionState: initConnectionState }; tls.CipherSuites['TLS_RSA_WITH_AES_256_CBC_SHA'] = { id: [0x00, 0x35], name: 'TLS_RSA_WITH_AES_256_CBC_SHA', initSecurityParameters: function(sp) { sp.bulk_cipher_algorithm = tls.BulkCipherAlgorithm.aes; sp.cipher_type = tls.CipherType.block; sp.enc_key_length = 32; sp.block_length = 16; sp.fixed_iv_length = 16; sp.record_iv_length = 16; sp.mac_algorithm = tls.MACAlgorithm.hmac_sha1; sp.mac_length = 20; sp.mac_key_length = 20; }, initConnectionState: initConnectionState }; function initConnectionState(state, c, sp) { var client = (c.entity === forge.tls.ConnectionEnd.client); // cipher setup state.read.cipherState = { init: false, cipher: forge.cipher.createDecipher('AES-CBC', client ? sp.keys.server_write_key : sp.keys.client_write_key), iv: client ? sp.keys.server_write_IV : sp.keys.client_write_IV }; state.write.cipherState = { init: false, cipher: forge.cipher.createCipher('AES-CBC', client ? sp.keys.client_write_key : sp.keys.server_write_key), iv: client ? sp.keys.client_write_IV : sp.keys.server_write_IV }; state.read.cipherFunction = decrypt_aes_cbc_sha1; state.write.cipherFunction = encrypt_aes_cbc_sha1; // MAC setup state.read.macLength = state.write.macLength = sp.mac_length; state.read.macFunction = state.write.macFunction = tls.hmac_sha1; } /** * Encrypts the TLSCompressed record into a TLSCipherText record using AES * in CBC mode. * * @param record the TLSCompressed record to encrypt. * @param s the ConnectionState to use. * * @return true on success, false on failure. */ function encrypt_aes_cbc_sha1(record, s) { var rval = false; // append MAC to fragment, update sequence number var mac = s.macFunction(s.macKey, s.sequenceNumber, record); record.fragment.putBytes(mac); s.updateSequenceNumber(); // TLS 1.1+ use an explicit IV every time to protect against CBC attacks var iv; if(record.version.minor === tls.Versions.TLS_1_0.minor) { // use the pre-generated IV when initializing for TLS 1.0, otherwise use // the residue from the previous encryption iv = s.cipherState.init ? null : s.cipherState.iv; } else { iv = forge.random.getBytesSync(16); } s.cipherState.init = true; // start cipher var cipher = s.cipherState.cipher; cipher.start({iv: iv}); // TLS 1.1+ write IV into output if(record.version.minor >= tls.Versions.TLS_1_1.minor) { cipher.output.putBytes(iv); } // do encryption (default padding is appropriate) cipher.update(record.fragment); if(cipher.finish(encrypt_aes_cbc_sha1_padding)) { // set record fragment to encrypted output record.fragment = cipher.output; record.length = record.fragment.length(); rval = true; } return rval; } /** * Handles padding for aes_cbc_sha1 in encrypt mode. * * @param blockSize the block size. * @param input the input buffer. * @param decrypt true in decrypt mode, false in encrypt mode. * * @return true on success, false on failure. */ function encrypt_aes_cbc_sha1_padding(blockSize, input, decrypt) { /* The encrypted data length (TLSCiphertext.length) is one more than the sum of SecurityParameters.block_length, TLSCompressed.length, SecurityParameters.mac_length, and padding_length. The padding may be any length up to 255 bytes long, as long as it results in the TLSCiphertext.length being an integral multiple of the block length. Lengths longer than necessary might be desirable to frustrate attacks on a protocol based on analysis of the lengths of exchanged messages. Each uint8 in the padding data vector must be filled with the padding length value. The padding length should be such that the total size of the GenericBlockCipher structure is a multiple of the cipher's block length. Legal values range from zero to 255, inclusive. This length specifies the length of the padding field exclusive of the padding_length field itself. This is slightly different from PKCS#7 because the padding value is 1 less than the actual number of padding bytes if you include the padding_length uint8 itself as a padding byte. */ if(!decrypt) { // get the number of padding bytes required to reach the blockSize and // subtract 1 for the padding value (to make room for the padding_length // uint8) var padding = blockSize - (input.length() % blockSize); input.fillWithByte(padding - 1, padding); } return true; } /** * Handles padding for aes_cbc_sha1 in decrypt mode. * * @param blockSize the block size. * @param output the output buffer. * @param decrypt true in decrypt mode, false in encrypt mode. * * @return true on success, false on failure. */ function decrypt_aes_cbc_sha1_padding(blockSize, output, decrypt) { var rval = true; if(decrypt) { /* The last byte in the output specifies the number of padding bytes not including itself. Each of the padding bytes has the same value as that last byte (known as the padding_length). Here we check all padding bytes to ensure they have the value of padding_length even if one of them is bad in order to ward-off timing attacks. */ var len = output.length(); var paddingLength = output.last(); for(var i = len - 1 - paddingLength; i < len - 1; ++i) { rval = rval && (output.at(i) == paddingLength); } if(rval) { // trim off padding bytes and last padding length byte output.truncate(paddingLength + 1); } } return rval; } /** * Decrypts a TLSCipherText record into a TLSCompressed record using * AES in CBC mode. * * @param record the TLSCipherText record to decrypt. * @param s the ConnectionState to use. * * @return true on success, false on failure. */ function decrypt_aes_cbc_sha1(record, s) { var rval = false; var iv; if(record.version.minor === tls.Versions.TLS_1_0.minor) { // use pre-generated IV when initializing for TLS 1.0, otherwise use the // residue from the previous decryption iv = s.cipherState.init ? null : s.cipherState.iv; } else { // TLS 1.1+ use an explicit IV every time to protect against CBC attacks // that is appended to the record fragment iv = record.fragment.getBytes(16); } s.cipherState.init = true; // start cipher var cipher = s.cipherState.cipher; cipher.start({iv: iv}); // do decryption cipher.update(record.fragment); rval = cipher.finish(decrypt_aes_cbc_sha1_padding); // even if decryption fails, keep going to minimize timing attacks // decrypted data: // first (len - 20) bytes = application data // last 20 bytes = MAC var macLen = s.macLength; // create a random MAC to check against should the mac length check fail // Note: do this regardless of the failure to keep timing consistent var mac = forge.random.getBytesSync(macLen); // get fragment and mac var len = cipher.output.length(); if(len >= macLen) { record.fragment = cipher.output.getBytes(len - macLen); mac = cipher.output.getBytes(macLen); } else { // bad data, but get bytes anyway to try to keep timing consistent record.fragment = cipher.output.getBytes(); } record.fragment = forge.util.createBuffer(record.fragment); record.length = record.fragment.length(); // see if data integrity checks out, update sequence number var mac2 = s.macFunction(s.macKey, s.sequenceNumber, record); s.updateSequenceNumber(); rval = compareMacs(s.macKey, mac, mac2) && rval; return rval; } /** * Safely compare two MACs. This function will compare two MACs in a way * that protects against timing attacks. * * TODO: Expose elsewhere as a utility API. * * See: https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/ * * @param key the MAC key to use. * @param mac1 as a binary-encoded string of bytes. * @param mac2 as a binary-encoded string of bytes. * * @return true if the MACs are the same, false if not. */ function compareMacs(key, mac1, mac2) { var hmac = forge.hmac.create(); hmac.start('SHA1', key); hmac.update(mac1); mac1 = hmac.digest().getBytes(); hmac.start(null, null); hmac.update(mac2); mac2 = hmac.digest().getBytes(); return mac1 === mac2; } /***/ }), /***/ 9414: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { /** * Copyright (c) 2019 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(9549); var asn1 = forge.asn1; exports.privateKeyValidator = { // PrivateKeyInfo name: 'PrivateKeyInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ // Version (INTEGER) name: 'PrivateKeyInfo.version', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'privateKeyVersion' }, { // privateKeyAlgorithm name: 'PrivateKeyInfo.privateKeyAlgorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'AlgorithmIdentifier.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'privateKeyOid' }] }, { // PrivateKey name: 'PrivateKeyInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, capture: 'privateKey' }] }; exports.publicKeyValidator = { name: 'SubjectPublicKeyInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, captureAsn1: 'subjectPublicKeyInfo', value: [{ name: 'SubjectPublicKeyInfo.AlgorithmIdentifier', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'AlgorithmIdentifier.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'publicKeyOid' }] }, // capture group for ed25519PublicKey { tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.BITSTRING, constructed: false, composed: true, captureBitStringValue: 'ed25519PublicKey' } // FIXME: this is capture group for rsaPublicKey, use it in this API or // discard? /* { // subjectPublicKey name: 'SubjectPublicKeyInfo.subjectPublicKey', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.BITSTRING, constructed: false, value: [{ // RSAPublicKey name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, optional: true, captureAsn1: 'rsaPublicKey' }] } */ ] }; /***/ }), /***/ 9549: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Javascript implementation of Abstract Syntax Notation Number One. * * @author Dave Longley * * Copyright (c) 2010-2015 Digital Bazaar, Inc. * * An API for storing data using the Abstract Syntax Notation Number One * format using DER (Distinguished Encoding Rules) encoding. This encoding is * commonly used to store data for PKI, i.e. X.509 Certificates, and this * implementation exists for that purpose. * * Abstract Syntax Notation Number One (ASN.1) is used to define the abstract * syntax of information without restricting the way the information is encoded * for transmission. It provides a standard that allows for open systems * communication. ASN.1 defines the syntax of information data and a number of * simple data types as well as a notation for describing them and specifying * values for them. * * The RSA algorithm creates public and private keys that are often stored in * X.509 or PKCS#X formats -- which use ASN.1 (encoded in DER format). This * class provides the most basic functionality required to store and load DSA * keys that are encoded according to ASN.1. * * The most common binary encodings for ASN.1 are BER (Basic Encoding Rules) * and DER (Distinguished Encoding Rules). DER is just a subset of BER that * has stricter requirements for how data must be encoded. * * Each ASN.1 structure has a tag (a byte identifying the ASN.1 structure type) * and a byte array for the value of this ASN1 structure which may be data or a * list of ASN.1 structures. * * Each ASN.1 structure using BER is (Tag-Length-Value): * * | byte 0 | bytes X | bytes Y | * |--------|---------|---------- * | tag | length | value | * * ASN.1 allows for tags to be of "High-tag-number form" which allows a tag to * be two or more octets, but that is not supported by this class. A tag is * only 1 byte. Bits 1-5 give the tag number (ie the data type within a * particular 'class'), 6 indicates whether or not the ASN.1 value is * constructed from other ASN.1 values, and bits 7 and 8 give the 'class'. If * bits 7 and 8 are both zero, the class is UNIVERSAL. If only bit 7 is set, * then the class is APPLICATION. If only bit 8 is set, then the class is * CONTEXT_SPECIFIC. If both bits 7 and 8 are set, then the class is PRIVATE. * The tag numbers for the data types for the class UNIVERSAL are listed below: * * UNIVERSAL 0 Reserved for use by the encoding rules * UNIVERSAL 1 Boolean type * UNIVERSAL 2 Integer type * UNIVERSAL 3 Bitstring type * UNIVERSAL 4 Octetstring type * UNIVERSAL 5 Null type * UNIVERSAL 6 Object identifier type * UNIVERSAL 7 Object descriptor type * UNIVERSAL 8 External type and Instance-of type * UNIVERSAL 9 Real type * UNIVERSAL 10 Enumerated type * UNIVERSAL 11 Embedded-pdv type * UNIVERSAL 12 UTF8String type * UNIVERSAL 13 Relative object identifier type * UNIVERSAL 14-15 Reserved for future editions * UNIVERSAL 16 Sequence and Sequence-of types * UNIVERSAL 17 Set and Set-of types * UNIVERSAL 18-22, 25-30 Character string types * UNIVERSAL 23-24 Time types * * The length of an ASN.1 structure is specified after the tag identifier. * There is a definite form and an indefinite form. The indefinite form may * be used if the encoding is constructed and not all immediately available. * The indefinite form is encoded using a length byte with only the 8th bit * set. The end of the constructed object is marked using end-of-contents * octets (two zero bytes). * * The definite form looks like this: * * The length may take up 1 or more bytes, it depends on the length of the * value of the ASN.1 structure. DER encoding requires that if the ASN.1 * structure has a value that has a length greater than 127, more than 1 byte * will be used to store its length, otherwise just one byte will be used. * This is strict. * * In the case that the length of the ASN.1 value is less than 127, 1 octet * (byte) is used to store the "short form" length. The 8th bit has a value of * 0 indicating the length is "short form" and not "long form" and bits 7-1 * give the length of the data. (The 8th bit is the left-most, most significant * bit: also known as big endian or network format). * * In the case that the length of the ASN.1 value is greater than 127, 2 to * 127 octets (bytes) are used to store the "long form" length. The first * byte's 8th bit is set to 1 to indicate the length is "long form." Bits 7-1 * give the number of additional octets. All following octets are in base 256 * with the most significant digit first (typical big-endian binary unsigned * integer storage). So, for instance, if the length of a value was 257, the * first byte would be set to: * * 10000010 = 130 = 0x82. * * This indicates there are 2 octets (base 256) for the length. The second and * third bytes (the octets just mentioned) would store the length in base 256: * * octet 2: 00000001 = 1 * 256^1 = 256 * octet 3: 00000001 = 1 * 256^0 = 1 * total = 257 * * The algorithm for converting a js integer value of 257 to base-256 is: * * var value = 257; * var bytes = []; * bytes[0] = (value >>> 8) & 0xFF; // most significant byte first * bytes[1] = value & 0xFF; // least significant byte last * * On the ASN.1 UNIVERSAL Object Identifier (OID) type: * * An OID can be written like: "value1.value2.value3...valueN" * * The DER encoding rules: * * The first byte has the value 40 * value1 + value2. * The following bytes, if any, encode the remaining values. Each value is * encoded in base 128, most significant digit first (big endian), with as * few digits as possible, and the most significant bit of each byte set * to 1 except the last in each value's encoding. For example: Given the * OID "1.2.840.113549", its DER encoding is (remember each byte except the * last one in each encoding is OR'd with 0x80): * * byte 1: 40 * 1 + 2 = 42 = 0x2A. * bytes 2-3: 128 * 6 + 72 = 840 = 6 72 = 6 72 = 0x0648 = 0x8648 * bytes 4-6: 16384 * 6 + 128 * 119 + 13 = 6 119 13 = 0x06770D = 0x86F70D * * The final value is: 0x2A864886F70D. * The full OID (including ASN.1 tag and length of 6 bytes) is: * 0x06062A864886F70D */ var forge = __nccwpck_require__(9177); __nccwpck_require__(8339); __nccwpck_require__(1925); /* ASN.1 API */ var asn1 = module.exports = forge.asn1 = forge.asn1 || {}; /** * ASN.1 classes. */ asn1.Class = { UNIVERSAL: 0x00, APPLICATION: 0x40, CONTEXT_SPECIFIC: 0x80, PRIVATE: 0xC0 }; /** * ASN.1 types. Not all types are supported by this implementation, only * those necessary to implement a simple PKI are implemented. */ asn1.Type = { NONE: 0, BOOLEAN: 1, INTEGER: 2, BITSTRING: 3, OCTETSTRING: 4, NULL: 5, OID: 6, ODESC: 7, EXTERNAL: 8, REAL: 9, ENUMERATED: 10, EMBEDDED: 11, UTF8: 12, ROID: 13, SEQUENCE: 16, SET: 17, PRINTABLESTRING: 19, IA5STRING: 22, UTCTIME: 23, GENERALIZEDTIME: 24, BMPSTRING: 30 }; /** * Creates a new asn1 object. * * @param tagClass the tag class for the object. * @param type the data type (tag number) for the object. * @param constructed true if the asn1 object is in constructed form. * @param value the value for the object, if it is not constructed. * @param [options] the options to use: * [bitStringContents] the plain BIT STRING content including padding * byte. * * @return the asn1 object. */ asn1.create = function(tagClass, type, constructed, value, options) { /* An asn1 object has a tagClass, a type, a constructed flag, and a value. The value's type depends on the constructed flag. If constructed, it will contain a list of other asn1 objects. If not, it will contain the ASN.1 value as an array of bytes formatted according to the ASN.1 data type. */ // remove undefined values if(forge.util.isArray(value)) { var tmp = []; for(var i = 0; i < value.length; ++i) { if(value[i] !== undefined) { tmp.push(value[i]); } } value = tmp; } var obj = { tagClass: tagClass, type: type, constructed: constructed, composed: constructed || forge.util.isArray(value), value: value }; if(options && 'bitStringContents' in options) { // TODO: copy byte buffer if it's a buffer not a string obj.bitStringContents = options.bitStringContents; // TODO: add readonly flag to avoid this overhead // save copy to detect changes obj.original = asn1.copy(obj); } return obj; }; /** * Copies an asn1 object. * * @param obj the asn1 object. * @param [options] copy options: * [excludeBitStringContents] true to not copy bitStringContents * * @return the a copy of the asn1 object. */ asn1.copy = function(obj, options) { var copy; if(forge.util.isArray(obj)) { copy = []; for(var i = 0; i < obj.length; ++i) { copy.push(asn1.copy(obj[i], options)); } return copy; } if(typeof obj === 'string') { // TODO: copy byte buffer if it's a buffer not a string return obj; } copy = { tagClass: obj.tagClass, type: obj.type, constructed: obj.constructed, composed: obj.composed, value: asn1.copy(obj.value, options) }; if(options && !options.excludeBitStringContents) { // TODO: copy byte buffer if it's a buffer not a string copy.bitStringContents = obj.bitStringContents; } return copy; }; /** * Compares asn1 objects for equality. * * Note this function does not run in constant time. * * @param obj1 the first asn1 object. * @param obj2 the second asn1 object. * @param [options] compare options: * [includeBitStringContents] true to compare bitStringContents * * @return true if the asn1 objects are equal. */ asn1.equals = function(obj1, obj2, options) { if(forge.util.isArray(obj1)) { if(!forge.util.isArray(obj2)) { return false; } if(obj1.length !== obj2.length) { return false; } for(var i = 0; i < obj1.length; ++i) { if(!asn1.equals(obj1[i], obj2[i])) { return false; } } return true; } if(typeof obj1 !== typeof obj2) { return false; } if(typeof obj1 === 'string') { return obj1 === obj2; } var equal = obj1.tagClass === obj2.tagClass && obj1.type === obj2.type && obj1.constructed === obj2.constructed && obj1.composed === obj2.composed && asn1.equals(obj1.value, obj2.value); if(options && options.includeBitStringContents) { equal = equal && (obj1.bitStringContents === obj2.bitStringContents); } return equal; }; /** * Gets the length of a BER-encoded ASN.1 value. * * In case the length is not specified, undefined is returned. * * @param b the BER-encoded ASN.1 byte buffer, starting with the first * length byte. * * @return the length of the BER-encoded ASN.1 value or undefined. */ asn1.getBerValueLength = function(b) { // TODO: move this function and related DER/BER functions to a der.js // file; better abstract ASN.1 away from der/ber. var b2 = b.getByte(); if(b2 === 0x80) { return undefined; } // see if the length is "short form" or "long form" (bit 8 set) var length; var longForm = b2 & 0x80; if(!longForm) { // length is just the first byte length = b2; } else { // the number of bytes the length is specified in bits 7 through 1 // and each length byte is in big-endian base-256 length = b.getInt((b2 & 0x7F) << 3); } return length; }; /** * Check if the byte buffer has enough bytes. Throws an Error if not. * * @param bytes the byte buffer to parse from. * @param remaining the bytes remaining in the current parsing state. * @param n the number of bytes the buffer must have. */ function _checkBufferLength(bytes, remaining, n) { if(n > remaining) { var error = new Error('Too few bytes to parse DER.'); error.available = bytes.length(); error.remaining = remaining; error.requested = n; throw error; } } /** * Gets the length of a BER-encoded ASN.1 value. * * In case the length is not specified, undefined is returned. * * @param bytes the byte buffer to parse from. * @param remaining the bytes remaining in the current parsing state. * * @return the length of the BER-encoded ASN.1 value or undefined. */ var _getValueLength = function(bytes, remaining) { // TODO: move this function and related DER/BER functions to a der.js // file; better abstract ASN.1 away from der/ber. // fromDer already checked that this byte exists var b2 = bytes.getByte(); remaining--; if(b2 === 0x80) { return undefined; } // see if the length is "short form" or "long form" (bit 8 set) var length; var longForm = b2 & 0x80; if(!longForm) { // length is just the first byte length = b2; } else { // the number of bytes the length is specified in bits 7 through 1 // and each length byte is in big-endian base-256 var longFormBytes = b2 & 0x7F; _checkBufferLength(bytes, remaining, longFormBytes); length = bytes.getInt(longFormBytes << 3); } // FIXME: this will only happen for 32 bit getInt with high bit set if(length < 0) { throw new Error('Negative length: ' + length); } return length; }; /** * Parses an asn1 object from a byte buffer in DER format. * * @param bytes the byte buffer to parse from. * @param [strict] true to be strict when checking value lengths, false to * allow truncated values (default: true). * @param [options] object with options or boolean strict flag * [strict] true to be strict when checking value lengths, false to * allow truncated values (default: true). * [parseAllBytes] true to ensure all bytes are parsed * (default: true) * [decodeBitStrings] true to attempt to decode the content of * BIT STRINGs (not OCTET STRINGs) using strict mode. Note that * without schema support to understand the data context this can * erroneously decode values that happen to be valid ASN.1. This * flag will be deprecated or removed as soon as schema support is * available. (default: true) * * @throws Will throw an error for various malformed input conditions. * * @return the parsed asn1 object. */ asn1.fromDer = function(bytes, options) { if(options === undefined) { options = { strict: true, parseAllBytes: true, decodeBitStrings: true }; } if(typeof options === 'boolean') { options = { strict: options, parseAllBytes: true, decodeBitStrings: true }; } if(!('strict' in options)) { options.strict = true; } if(!('parseAllBytes' in options)) { options.parseAllBytes = true; } if(!('decodeBitStrings' in options)) { options.decodeBitStrings = true; } // wrap in buffer if needed if(typeof bytes === 'string') { bytes = forge.util.createBuffer(bytes); } var byteCount = bytes.length(); var value = _fromDer(bytes, bytes.length(), 0, options); if(options.parseAllBytes && bytes.length() !== 0) { var error = new Error('Unparsed DER bytes remain after ASN.1 parsing.'); error.byteCount = byteCount; error.remaining = bytes.length(); throw error; } return value; }; /** * Internal function to parse an asn1 object from a byte buffer in DER format. * * @param bytes the byte buffer to parse from. * @param remaining the number of bytes remaining for this chunk. * @param depth the current parsing depth. * @param options object with same options as fromDer(). * * @return the parsed asn1 object. */ function _fromDer(bytes, remaining, depth, options) { // temporary storage for consumption calculations var start; // minimum length for ASN.1 DER structure is 2 _checkBufferLength(bytes, remaining, 2); // get the first byte var b1 = bytes.getByte(); // consumed one byte remaining--; // get the tag class var tagClass = (b1 & 0xC0); // get the type (bits 1-5) var type = b1 & 0x1F; // get the variable value length and adjust remaining bytes start = bytes.length(); var length = _getValueLength(bytes, remaining); remaining -= start - bytes.length(); // ensure there are enough bytes to get the value if(length !== undefined && length > remaining) { if(options.strict) { var error = new Error('Too few bytes to read ASN.1 value.'); error.available = bytes.length(); error.remaining = remaining; error.requested = length; throw error; } // Note: be lenient with truncated values and use remaining state bytes length = remaining; } // value storage var value; // possible BIT STRING contents storage var bitStringContents; // constructed flag is bit 6 (32 = 0x20) of the first byte var constructed = ((b1 & 0x20) === 0x20); if(constructed) { // parse child asn1 objects from the value value = []; if(length === undefined) { // asn1 object of indefinite length, read until end tag for(;;) { _checkBufferLength(bytes, remaining, 2); if(bytes.bytes(2) === String.fromCharCode(0, 0)) { bytes.getBytes(2); remaining -= 2; break; } start = bytes.length(); value.push(_fromDer(bytes, remaining, depth + 1, options)); remaining -= start - bytes.length(); } } else { // parsing asn1 object of definite length while(length > 0) { start = bytes.length(); value.push(_fromDer(bytes, length, depth + 1, options)); remaining -= start - bytes.length(); length -= start - bytes.length(); } } } // if a BIT STRING, save the contents including padding if(value === undefined && tagClass === asn1.Class.UNIVERSAL && type === asn1.Type.BITSTRING) { bitStringContents = bytes.bytes(length); } // determine if a non-constructed value should be decoded as a composed // value that contains other ASN.1 objects. BIT STRINGs (and OCTET STRINGs) // can be used this way. if(value === undefined && options.decodeBitStrings && tagClass === asn1.Class.UNIVERSAL && // FIXME: OCTET STRINGs not yet supported here // .. other parts of forge expect to decode OCTET STRINGs manually (type === asn1.Type.BITSTRING /*|| type === asn1.Type.OCTETSTRING*/) && length > 1) { // save read position var savedRead = bytes.read; var savedRemaining = remaining; var unused = 0; if(type === asn1.Type.BITSTRING) { /* The first octet gives the number of bits by which the length of the bit string is less than the next multiple of eight (this is called the "number of unused bits"). The second and following octets give the value of the bit string converted to an octet string. */ _checkBufferLength(bytes, remaining, 1); unused = bytes.getByte(); remaining--; } // if all bits are used, maybe the BIT/OCTET STRING holds ASN.1 objs if(unused === 0) { try { // attempt to parse child asn1 object from the value // (stored in array to signal composed value) start = bytes.length(); var subOptions = { // enforce strict mode to avoid parsing ASN.1 from plain data strict: true, decodeBitStrings: true }; var composed = _fromDer(bytes, remaining, depth + 1, subOptions); var used = start - bytes.length(); remaining -= used; if(type == asn1.Type.BITSTRING) { used++; } // if the data all decoded and the class indicates UNIVERSAL or // CONTEXT_SPECIFIC then assume we've got an encapsulated ASN.1 object var tc = composed.tagClass; if(used === length && (tc === asn1.Class.UNIVERSAL || tc === asn1.Class.CONTEXT_SPECIFIC)) { value = [composed]; } } catch(ex) { } } if(value === undefined) { // restore read position bytes.read = savedRead; remaining = savedRemaining; } } if(value === undefined) { // asn1 not constructed or composed, get raw value // TODO: do DER to OID conversion and vice-versa in .toDer? if(length === undefined) { if(options.strict) { throw new Error('Non-constructed ASN.1 object of indefinite length.'); } // be lenient and use remaining state bytes length = remaining; } if(type === asn1.Type.BMPSTRING) { value = ''; for(; length > 0; length -= 2) { _checkBufferLength(bytes, remaining, 2); value += String.fromCharCode(bytes.getInt16()); remaining -= 2; } } else { value = bytes.getBytes(length); remaining -= length; } } // add BIT STRING contents if available var asn1Options = bitStringContents === undefined ? null : { bitStringContents: bitStringContents }; // create and return asn1 object return asn1.create(tagClass, type, constructed, value, asn1Options); } /** * Converts the given asn1 object to a buffer of bytes in DER format. * * @param asn1 the asn1 object to convert to bytes. * * @return the buffer of bytes. */ asn1.toDer = function(obj) { var bytes = forge.util.createBuffer(); // build the first byte var b1 = obj.tagClass | obj.type; // for storing the ASN.1 value var value = forge.util.createBuffer(); // use BIT STRING contents if available and data not changed var useBitStringContents = false; if('bitStringContents' in obj) { useBitStringContents = true; if(obj.original) { useBitStringContents = asn1.equals(obj, obj.original); } } if(useBitStringContents) { value.putBytes(obj.bitStringContents); } else if(obj.composed) { // if composed, use each child asn1 object's DER bytes as value // turn on 6th bit (0x20 = 32) to indicate asn1 is constructed // from other asn1 objects if(obj.constructed) { b1 |= 0x20; } else { // type is a bit string, add unused bits of 0x00 value.putByte(0x00); } // add all of the child DER bytes together for(var i = 0; i < obj.value.length; ++i) { if(obj.value[i] !== undefined) { value.putBuffer(asn1.toDer(obj.value[i])); } } } else { // use asn1.value directly if(obj.type === asn1.Type.BMPSTRING) { for(var i = 0; i < obj.value.length; ++i) { value.putInt16(obj.value.charCodeAt(i)); } } else { // ensure integer is minimally-encoded // TODO: should all leading bytes be stripped vs just one? // .. ex '00 00 01' => '01'? if(obj.type === asn1.Type.INTEGER && obj.value.length > 1 && // leading 0x00 for positive integer ((obj.value.charCodeAt(0) === 0 && (obj.value.charCodeAt(1) & 0x80) === 0) || // leading 0xFF for negative integer (obj.value.charCodeAt(0) === 0xFF && (obj.value.charCodeAt(1) & 0x80) === 0x80))) { value.putBytes(obj.value.substr(1)); } else { value.putBytes(obj.value); } } } // add tag byte bytes.putByte(b1); // use "short form" encoding if(value.length() <= 127) { // one byte describes the length // bit 8 = 0 and bits 7-1 = length bytes.putByte(value.length() & 0x7F); } else { // use "long form" encoding // 2 to 127 bytes describe the length // first byte: bit 8 = 1 and bits 7-1 = # of additional bytes // other bytes: length in base 256, big-endian var len = value.length(); var lenBytes = ''; do { lenBytes += String.fromCharCode(len & 0xFF); len = len >>> 8; } while(len > 0); // set first byte to # bytes used to store the length and turn on // bit 8 to indicate long-form length is used bytes.putByte(lenBytes.length | 0x80); // concatenate length bytes in reverse since they were generated // little endian and we need big endian for(var i = lenBytes.length - 1; i >= 0; --i) { bytes.putByte(lenBytes.charCodeAt(i)); } } // concatenate value bytes bytes.putBuffer(value); return bytes; }; /** * Converts an OID dot-separated string to a byte buffer. The byte buffer * contains only the DER-encoded value, not any tag or length bytes. * * @param oid the OID dot-separated string. * * @return the byte buffer. */ asn1.oidToDer = function(oid) { // split OID into individual values var values = oid.split('.'); var bytes = forge.util.createBuffer(); // first byte is 40 * value1 + value2 bytes.putByte(40 * parseInt(values[0], 10) + parseInt(values[1], 10)); // other bytes are each value in base 128 with 8th bit set except for // the last byte for each value var last, valueBytes, value, b; for(var i = 2; i < values.length; ++i) { // produce value bytes in reverse because we don't know how many // bytes it will take to store the value last = true; valueBytes = []; value = parseInt(values[i], 10); do { b = value & 0x7F; value = value >>> 7; // if value is not last, then turn on 8th bit if(!last) { b |= 0x80; } valueBytes.push(b); last = false; } while(value > 0); // add value bytes in reverse (needs to be in big endian) for(var n = valueBytes.length - 1; n >= 0; --n) { bytes.putByte(valueBytes[n]); } } return bytes; }; /** * Converts a DER-encoded byte buffer to an OID dot-separated string. The * byte buffer should contain only the DER-encoded value, not any tag or * length bytes. * * @param bytes the byte buffer. * * @return the OID dot-separated string. */ asn1.derToOid = function(bytes) { var oid; // wrap in buffer if needed if(typeof bytes === 'string') { bytes = forge.util.createBuffer(bytes); } // first byte is 40 * value1 + value2 var b = bytes.getByte(); oid = Math.floor(b / 40) + '.' + (b % 40); // other bytes are each value in base 128 with 8th bit set except for // the last byte for each value var value = 0; while(bytes.length() > 0) { b = bytes.getByte(); value = value << 7; // not the last byte for the value if(b & 0x80) { value += b & 0x7F; } else { // last byte oid += '.' + (value + b); value = 0; } } return oid; }; /** * Converts a UTCTime value to a date. * * Note: GeneralizedTime has 4 digits for the year and is used for X.509 * dates past 2049. Parsing that structure hasn't been implemented yet. * * @param utc the UTCTime value to convert. * * @return the date. */ asn1.utcTimeToDate = function(utc) { /* The following formats can be used: YYMMDDhhmmZ YYMMDDhhmm+hh'mm' YYMMDDhhmm-hh'mm' YYMMDDhhmmssZ YYMMDDhhmmss+hh'mm' YYMMDDhhmmss-hh'mm' Where: YY is the least significant two digits of the year MM is the month (01 to 12) DD is the day (01 to 31) hh is the hour (00 to 23) mm are the minutes (00 to 59) ss are the seconds (00 to 59) Z indicates that local time is GMT, + indicates that local time is later than GMT, and - indicates that local time is earlier than GMT hh' is the absolute value of the offset from GMT in hours mm' is the absolute value of the offset from GMT in minutes */ var date = new Date(); // if YY >= 50 use 19xx, if YY < 50 use 20xx var year = parseInt(utc.substr(0, 2), 10); year = (year >= 50) ? 1900 + year : 2000 + year; var MM = parseInt(utc.substr(2, 2), 10) - 1; // use 0-11 for month var DD = parseInt(utc.substr(4, 2), 10); var hh = parseInt(utc.substr(6, 2), 10); var mm = parseInt(utc.substr(8, 2), 10); var ss = 0; // not just YYMMDDhhmmZ if(utc.length > 11) { // get character after minutes var c = utc.charAt(10); var end = 10; // see if seconds are present if(c !== '+' && c !== '-') { // get seconds ss = parseInt(utc.substr(10, 2), 10); end += 2; } } // update date date.setUTCFullYear(year, MM, DD); date.setUTCHours(hh, mm, ss, 0); if(end) { // get +/- after end of time c = utc.charAt(end); if(c === '+' || c === '-') { // get hours+minutes offset var hhoffset = parseInt(utc.substr(end + 1, 2), 10); var mmoffset = parseInt(utc.substr(end + 4, 2), 10); // calculate offset in milliseconds var offset = hhoffset * 60 + mmoffset; offset *= 60000; // apply offset if(c === '+') { date.setTime(+date - offset); } else { date.setTime(+date + offset); } } } return date; }; /** * Converts a GeneralizedTime value to a date. * * @param gentime the GeneralizedTime value to convert. * * @return the date. */ asn1.generalizedTimeToDate = function(gentime) { /* The following formats can be used: YYYYMMDDHHMMSS YYYYMMDDHHMMSS.fff YYYYMMDDHHMMSSZ YYYYMMDDHHMMSS.fffZ YYYYMMDDHHMMSS+hh'mm' YYYYMMDDHHMMSS.fff+hh'mm' YYYYMMDDHHMMSS-hh'mm' YYYYMMDDHHMMSS.fff-hh'mm' Where: YYYY is the year MM is the month (01 to 12) DD is the day (01 to 31) hh is the hour (00 to 23) mm are the minutes (00 to 59) ss are the seconds (00 to 59) .fff is the second fraction, accurate to three decimal places Z indicates that local time is GMT, + indicates that local time is later than GMT, and - indicates that local time is earlier than GMT hh' is the absolute value of the offset from GMT in hours mm' is the absolute value of the offset from GMT in minutes */ var date = new Date(); var YYYY = parseInt(gentime.substr(0, 4), 10); var MM = parseInt(gentime.substr(4, 2), 10) - 1; // use 0-11 for month var DD = parseInt(gentime.substr(6, 2), 10); var hh = parseInt(gentime.substr(8, 2), 10); var mm = parseInt(gentime.substr(10, 2), 10); var ss = parseInt(gentime.substr(12, 2), 10); var fff = 0; var offset = 0; var isUTC = false; if(gentime.charAt(gentime.length - 1) === 'Z') { isUTC = true; } var end = gentime.length - 5, c = gentime.charAt(end); if(c === '+' || c === '-') { // get hours+minutes offset var hhoffset = parseInt(gentime.substr(end + 1, 2), 10); var mmoffset = parseInt(gentime.substr(end + 4, 2), 10); // calculate offset in milliseconds offset = hhoffset * 60 + mmoffset; offset *= 60000; // apply offset if(c === '+') { offset *= -1; } isUTC = true; } // check for second fraction if(gentime.charAt(14) === '.') { fff = parseFloat(gentime.substr(14), 10) * 1000; } if(isUTC) { date.setUTCFullYear(YYYY, MM, DD); date.setUTCHours(hh, mm, ss, fff); // apply offset date.setTime(+date + offset); } else { date.setFullYear(YYYY, MM, DD); date.setHours(hh, mm, ss, fff); } return date; }; /** * Converts a date to a UTCTime value. * * Note: GeneralizedTime has 4 digits for the year and is used for X.509 * dates past 2049. Converting to a GeneralizedTime hasn't been * implemented yet. * * @param date the date to convert. * * @return the UTCTime value. */ asn1.dateToUtcTime = function(date) { // TODO: validate; currently assumes proper format if(typeof date === 'string') { return date; } var rval = ''; // create format YYMMDDhhmmssZ var format = []; format.push(('' + date.getUTCFullYear()).substr(2)); format.push('' + (date.getUTCMonth() + 1)); format.push('' + date.getUTCDate()); format.push('' + date.getUTCHours()); format.push('' + date.getUTCMinutes()); format.push('' + date.getUTCSeconds()); // ensure 2 digits are used for each format entry for(var i = 0; i < format.length; ++i) { if(format[i].length < 2) { rval += '0'; } rval += format[i]; } rval += 'Z'; return rval; }; /** * Converts a date to a GeneralizedTime value. * * @param date the date to convert. * * @return the GeneralizedTime value as a string. */ asn1.dateToGeneralizedTime = function(date) { // TODO: validate; currently assumes proper format if(typeof date === 'string') { return date; } var rval = ''; // create format YYYYMMDDHHMMSSZ var format = []; format.push('' + date.getUTCFullYear()); format.push('' + (date.getUTCMonth() + 1)); format.push('' + date.getUTCDate()); format.push('' + date.getUTCHours()); format.push('' + date.getUTCMinutes()); format.push('' + date.getUTCSeconds()); // ensure 2 digits are used for each format entry for(var i = 0; i < format.length; ++i) { if(format[i].length < 2) { rval += '0'; } rval += format[i]; } rval += 'Z'; return rval; }; /** * Converts a javascript integer to a DER-encoded byte buffer to be used * as the value for an INTEGER type. * * @param x the integer. * * @return the byte buffer. */ asn1.integerToDer = function(x) { var rval = forge.util.createBuffer(); if(x >= -0x80 && x < 0x80) { return rval.putSignedInt(x, 8); } if(x >= -0x8000 && x < 0x8000) { return rval.putSignedInt(x, 16); } if(x >= -0x800000 && x < 0x800000) { return rval.putSignedInt(x, 24); } if(x >= -0x80000000 && x < 0x80000000) { return rval.putSignedInt(x, 32); } var error = new Error('Integer too large; max is 32-bits.'); error.integer = x; throw error; }; /** * Converts a DER-encoded byte buffer to a javascript integer. This is * typically used to decode the value of an INTEGER type. * * @param bytes the byte buffer. * * @return the integer. */ asn1.derToInteger = function(bytes) { // wrap in buffer if needed if(typeof bytes === 'string') { bytes = forge.util.createBuffer(bytes); } var n = bytes.length() * 8; if(n > 32) { throw new Error('Integer too large; max is 32-bits.'); } return bytes.getSignedInt(n); }; /** * Validates that the given ASN.1 object is at least a super set of the * given ASN.1 structure. Only tag classes and types are checked. An * optional map may also be provided to capture ASN.1 values while the * structure is checked. * * To capture an ASN.1 value, set an object in the validator's 'capture' * parameter to the key to use in the capture map. To capture the full * ASN.1 object, specify 'captureAsn1'. To capture BIT STRING bytes, including * the leading unused bits counter byte, specify 'captureBitStringContents'. * To capture BIT STRING bytes, without the leading unused bits counter byte, * specify 'captureBitStringValue'. * * Objects in the validator may set a field 'optional' to true to indicate * that it isn't necessary to pass validation. * * @param obj the ASN.1 object to validate. * @param v the ASN.1 structure validator. * @param capture an optional map to capture values in. * @param errors an optional array for storing validation errors. * * @return true on success, false on failure. */ asn1.validate = function(obj, v, capture, errors) { var rval = false; // ensure tag class and type are the same if specified if((obj.tagClass === v.tagClass || typeof(v.tagClass) === 'undefined') && (obj.type === v.type || typeof(v.type) === 'undefined')) { // ensure constructed flag is the same if specified if(obj.constructed === v.constructed || typeof(v.constructed) === 'undefined') { rval = true; // handle sub values if(v.value && forge.util.isArray(v.value)) { var j = 0; for(var i = 0; rval && i < v.value.length; ++i) { rval = v.value[i].optional || false; if(obj.value[j]) { rval = asn1.validate(obj.value[j], v.value[i], capture, errors); if(rval) { ++j; } else if(v.value[i].optional) { rval = true; } } if(!rval && errors) { errors.push( '[' + v.name + '] ' + 'Tag class "' + v.tagClass + '", type "' + v.type + '" expected value length "' + v.value.length + '", got "' + obj.value.length + '"'); } } } if(rval && capture) { if(v.capture) { capture[v.capture] = obj.value; } if(v.captureAsn1) { capture[v.captureAsn1] = obj; } if(v.captureBitStringContents && 'bitStringContents' in obj) { capture[v.captureBitStringContents] = obj.bitStringContents; } if(v.captureBitStringValue && 'bitStringContents' in obj) { var value; if(obj.bitStringContents.length < 2) { capture[v.captureBitStringValue] = ''; } else { // FIXME: support unused bits with data shifting var unused = obj.bitStringContents.charCodeAt(0); if(unused !== 0) { throw new Error( 'captureBitStringValue only supported for zero unused bits'); } capture[v.captureBitStringValue] = obj.bitStringContents.slice(1); } } } } else if(errors) { errors.push( '[' + v.name + '] ' + 'Expected constructed "' + v.constructed + '", got "' + obj.constructed + '"'); } } else if(errors) { if(obj.tagClass !== v.tagClass) { errors.push( '[' + v.name + '] ' + 'Expected tag class "' + v.tagClass + '", got "' + obj.tagClass + '"'); } if(obj.type !== v.type) { errors.push( '[' + v.name + '] ' + 'Expected type "' + v.type + '", got "' + obj.type + '"'); } } return rval; }; // regex for testing for non-latin characters var _nonLatinRegex = /[^\\u0000-\\u00ff]/; /** * Pretty prints an ASN.1 object to a string. * * @param obj the object to write out. * @param level the level in the tree. * @param indentation the indentation to use. * * @return the string. */ asn1.prettyPrint = function(obj, level, indentation) { var rval = ''; // set default level and indentation level = level || 0; indentation = indentation || 2; // start new line for deep levels if(level > 0) { rval += '\n'; } // create indent var indent = ''; for(var i = 0; i < level * indentation; ++i) { indent += ' '; } // print class:type rval += indent + 'Tag: '; switch(obj.tagClass) { case asn1.Class.UNIVERSAL: rval += 'Universal:'; break; case asn1.Class.APPLICATION: rval += 'Application:'; break; case asn1.Class.CONTEXT_SPECIFIC: rval += 'Context-Specific:'; break; case asn1.Class.PRIVATE: rval += 'Private:'; break; } if(obj.tagClass === asn1.Class.UNIVERSAL) { rval += obj.type; // known types switch(obj.type) { case asn1.Type.NONE: rval += ' (None)'; break; case asn1.Type.BOOLEAN: rval += ' (Boolean)'; break; case asn1.Type.INTEGER: rval += ' (Integer)'; break; case asn1.Type.BITSTRING: rval += ' (Bit string)'; break; case asn1.Type.OCTETSTRING: rval += ' (Octet string)'; break; case asn1.Type.NULL: rval += ' (Null)'; break; case asn1.Type.OID: rval += ' (Object Identifier)'; break; case asn1.Type.ODESC: rval += ' (Object Descriptor)'; break; case asn1.Type.EXTERNAL: rval += ' (External or Instance of)'; break; case asn1.Type.REAL: rval += ' (Real)'; break; case asn1.Type.ENUMERATED: rval += ' (Enumerated)'; break; case asn1.Type.EMBEDDED: rval += ' (Embedded PDV)'; break; case asn1.Type.UTF8: rval += ' (UTF8)'; break; case asn1.Type.ROID: rval += ' (Relative Object Identifier)'; break; case asn1.Type.SEQUENCE: rval += ' (Sequence)'; break; case asn1.Type.SET: rval += ' (Set)'; break; case asn1.Type.PRINTABLESTRING: rval += ' (Printable String)'; break; case asn1.Type.IA5String: rval += ' (IA5String (ASCII))'; break; case asn1.Type.UTCTIME: rval += ' (UTC time)'; break; case asn1.Type.GENERALIZEDTIME: rval += ' (Generalized time)'; break; case asn1.Type.BMPSTRING: rval += ' (BMP String)'; break; } } else { rval += obj.type; } rval += '\n'; rval += indent + 'Constructed: ' + obj.constructed + '\n'; if(obj.composed) { var subvalues = 0; var sub = ''; for(var i = 0; i < obj.value.length; ++i) { if(obj.value[i] !== undefined) { subvalues += 1; sub += asn1.prettyPrint(obj.value[i], level + 1, indentation); if((i + 1) < obj.value.length) { sub += ','; } } } rval += indent + 'Sub values: ' + subvalues + sub; } else { rval += indent + 'Value: '; if(obj.type === asn1.Type.OID) { var oid = asn1.derToOid(obj.value); rval += oid; if(forge.pki && forge.pki.oids) { if(oid in forge.pki.oids) { rval += ' (' + forge.pki.oids[oid] + ') '; } } } if(obj.type === asn1.Type.INTEGER) { try { rval += asn1.derToInteger(obj.value); } catch(ex) { rval += '0x' + forge.util.bytesToHex(obj.value); } } else if(obj.type === asn1.Type.BITSTRING) { // TODO: shift bits as needed to display without padding if(obj.value.length > 1) { // remove unused bits field rval += '0x' + forge.util.bytesToHex(obj.value.slice(1)); } else { rval += '(none)'; } // show unused bit count if(obj.value.length > 0) { var unused = obj.value.charCodeAt(0); if(unused == 1) { rval += ' (1 unused bit shown)'; } else if(unused > 1) { rval += ' (' + unused + ' unused bits shown)'; } } } else if(obj.type === asn1.Type.OCTETSTRING) { if(!_nonLatinRegex.test(obj.value)) { rval += '(' + obj.value + ') '; } rval += '0x' + forge.util.bytesToHex(obj.value); } else if(obj.type === asn1.Type.UTF8) { try { rval += forge.util.decodeUtf8(obj.value); } catch(e) { if(e.message === 'URI malformed') { rval += '0x' + forge.util.bytesToHex(obj.value) + ' (malformed UTF8)'; } else { throw e; } } } else if(obj.type === asn1.Type.PRINTABLESTRING || obj.type === asn1.Type.IA5String) { rval += obj.value; } else if(_nonLatinRegex.test(obj.value)) { rval += '0x' + forge.util.bytesToHex(obj.value); } else if(obj.value.length === 0) { rval += '[null]'; } else { rval += obj.value; } } return rval; }; /***/ }), /***/ 2300: /***/ ((module) => { /** * Base-N/Base-X encoding/decoding functions. * * Original implementation from base-x: * https://github.com/cryptocoinjs/base-x * * Which is MIT licensed: * * The MIT License (MIT) * * Copyright base-x contributors (c) 2016 * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER * DEALINGS IN THE SOFTWARE. */ var api = {}; module.exports = api; // baseN alphabet indexes var _reverseAlphabets = {}; /** * BaseN-encodes a Uint8Array using the given alphabet. * * @param input the Uint8Array to encode. * @param maxline the maximum number of encoded characters per line to use, * defaults to none. * * @return the baseN-encoded output string. */ api.encode = function(input, alphabet, maxline) { if(typeof alphabet !== 'string') { throw new TypeError('"alphabet" must be a string.'); } if(maxline !== undefined && typeof maxline !== 'number') { throw new TypeError('"maxline" must be a number.'); } var output = ''; if(!(input instanceof Uint8Array)) { // assume forge byte buffer output = _encodeWithByteBuffer(input, alphabet); } else { var i = 0; var base = alphabet.length; var first = alphabet.charAt(0); var digits = [0]; for(i = 0; i < input.length; ++i) { for(var j = 0, carry = input[i]; j < digits.length; ++j) { carry += digits[j] << 8; digits[j] = carry % base; carry = (carry / base) | 0; } while(carry > 0) { digits.push(carry % base); carry = (carry / base) | 0; } } // deal with leading zeros for(i = 0; input[i] === 0 && i < input.length - 1; ++i) { output += first; } // convert digits to a string for(i = digits.length - 1; i >= 0; --i) { output += alphabet[digits[i]]; } } if(maxline) { var regex = new RegExp('.{1,' + maxline + '}', 'g'); output = output.match(regex).join('\r\n'); } return output; }; /** * Decodes a baseN-encoded (using the given alphabet) string to a * Uint8Array. * * @param input the baseN-encoded input string. * * @return the Uint8Array. */ api.decode = function(input, alphabet) { if(typeof input !== 'string') { throw new TypeError('"input" must be a string.'); } if(typeof alphabet !== 'string') { throw new TypeError('"alphabet" must be a string.'); } var table = _reverseAlphabets[alphabet]; if(!table) { // compute reverse alphabet table = _reverseAlphabets[alphabet] = []; for(var i = 0; i < alphabet.length; ++i) { table[alphabet.charCodeAt(i)] = i; } } // remove whitespace characters input = input.replace(/\s/g, ''); var base = alphabet.length; var first = alphabet.charAt(0); var bytes = [0]; for(var i = 0; i < input.length; i++) { var value = table[input.charCodeAt(i)]; if(value === undefined) { return; } for(var j = 0, carry = value; j < bytes.length; ++j) { carry += bytes[j] * base; bytes[j] = carry & 0xff; carry >>= 8; } while(carry > 0) { bytes.push(carry & 0xff); carry >>= 8; } } // deal with leading zeros for(var k = 0; input[k] === first && k < input.length - 1; ++k) { bytes.push(0); } if(typeof Buffer !== 'undefined') { return Buffer.from(bytes.reverse()); } return new Uint8Array(bytes.reverse()); }; function _encodeWithByteBuffer(input, alphabet) { var i = 0; var base = alphabet.length; var first = alphabet.charAt(0); var digits = [0]; for(i = 0; i < input.length(); ++i) { for(var j = 0, carry = input.at(i); j < digits.length; ++j) { carry += digits[j] << 8; digits[j] = carry % base; carry = (carry / base) | 0; } while(carry > 0) { digits.push(carry % base); carry = (carry / base) | 0; } } var output = ''; // deal with leading zeros for(i = 0; input.at(i) === 0 && i < input.length() - 1; ++i) { output += first; } // convert digits to a string for(i = digits.length - 1; i >= 0; --i) { output += alphabet[digits[i]]; } return output; } /***/ }), /***/ 7088: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Cipher base API. * * @author Dave Longley * * Copyright (c) 2010-2014 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(8339); module.exports = forge.cipher = forge.cipher || {}; // registered algorithms forge.cipher.algorithms = forge.cipher.algorithms || {}; /** * Creates a cipher object that can be used to encrypt data using the given * algorithm and key. The algorithm may be provided as a string value for a * previously registered algorithm or it may be given as a cipher algorithm * API object. * * @param algorithm the algorithm to use, either a string or an algorithm API * object. * @param key the key to use, as a binary-encoded string of bytes or a * byte buffer. * * @return the cipher. */ forge.cipher.createCipher = function(algorithm, key) { var api = algorithm; if(typeof api === 'string') { api = forge.cipher.getAlgorithm(api); if(api) { api = api(); } } if(!api) { throw new Error('Unsupported algorithm: ' + algorithm); } // assume block cipher return new forge.cipher.BlockCipher({ algorithm: api, key: key, decrypt: false }); }; /** * Creates a decipher object that can be used to decrypt data using the given * algorithm and key. The algorithm may be provided as a string value for a * previously registered algorithm or it may be given as a cipher algorithm * API object. * * @param algorithm the algorithm to use, either a string or an algorithm API * object. * @param key the key to use, as a binary-encoded string of bytes or a * byte buffer. * * @return the cipher. */ forge.cipher.createDecipher = function(algorithm, key) { var api = algorithm; if(typeof api === 'string') { api = forge.cipher.getAlgorithm(api); if(api) { api = api(); } } if(!api) { throw new Error('Unsupported algorithm: ' + algorithm); } // assume block cipher return new forge.cipher.BlockCipher({ algorithm: api, key: key, decrypt: true }); }; /** * Registers an algorithm by name. If the name was already registered, the * algorithm API object will be overwritten. * * @param name the name of the algorithm. * @param algorithm the algorithm API object. */ forge.cipher.registerAlgorithm = function(name, algorithm) { name = name.toUpperCase(); forge.cipher.algorithms[name] = algorithm; }; /** * Gets a registered algorithm by name. * * @param name the name of the algorithm. * * @return the algorithm, if found, null if not. */ forge.cipher.getAlgorithm = function(name) { name = name.toUpperCase(); if(name in forge.cipher.algorithms) { return forge.cipher.algorithms[name]; } return null; }; var BlockCipher = forge.cipher.BlockCipher = function(options) { this.algorithm = options.algorithm; this.mode = this.algorithm.mode; this.blockSize = this.mode.blockSize; this._finish = false; this._input = null; this.output = null; this._op = options.decrypt ? this.mode.decrypt : this.mode.encrypt; this._decrypt = options.decrypt; this.algorithm.initialize(options); }; /** * Starts or restarts the encryption or decryption process, whichever * was previously configured. * * For non-GCM mode, the IV may be a binary-encoded string of bytes, an array * of bytes, a byte buffer, or an array of 32-bit integers. If the IV is in * bytes, then it must be Nb (16) bytes in length. If the IV is given in as * 32-bit integers, then it must be 4 integers long. * * Note: an IV is not required or used in ECB mode. * * For GCM-mode, the IV must be given as a binary-encoded string of bytes or * a byte buffer. The number of bytes should be 12 (96 bits) as recommended * by NIST SP-800-38D but another length may be given. * * @param options the options to use: * iv the initialization vector to use as a binary-encoded string of * bytes, null to reuse the last ciphered block from a previous * update() (this "residue" method is for legacy support only). * additionalData additional authentication data as a binary-encoded * string of bytes, for 'GCM' mode, (default: none). * tagLength desired length of authentication tag, in bits, for * 'GCM' mode (0-128, default: 128). * tag the authentication tag to check if decrypting, as a * binary-encoded string of bytes. * output the output the buffer to write to, null to create one. */ BlockCipher.prototype.start = function(options) { options = options || {}; var opts = {}; for(var key in options) { opts[key] = options[key]; } opts.decrypt = this._decrypt; this._finish = false; this._input = forge.util.createBuffer(); this.output = options.output || forge.util.createBuffer(); this.mode.start(opts); }; /** * Updates the next block according to the cipher mode. * * @param input the buffer to read from. */ BlockCipher.prototype.update = function(input) { if(input) { // input given, so empty it into the input buffer this._input.putBuffer(input); } // do cipher operation until it needs more input and not finished while(!this._op.call(this.mode, this._input, this.output, this._finish) && !this._finish) {} // free consumed memory from input buffer this._input.compact(); }; /** * Finishes encrypting or decrypting. * * @param pad a padding function to use in CBC mode, null for default, * signature(blockSize, buffer, decrypt). * * @return true if successful, false on error. */ BlockCipher.prototype.finish = function(pad) { // backwards-compatibility w/deprecated padding API // Note: will overwrite padding functions even after another start() call if(pad && (this.mode.name === 'ECB' || this.mode.name === 'CBC')) { this.mode.pad = function(input) { return pad(this.blockSize, input, false); }; this.mode.unpad = function(output) { return pad(this.blockSize, output, true); }; } // build options for padding and afterFinish functions var options = {}; options.decrypt = this._decrypt; // get # of bytes that won't fill a block options.overflow = this._input.length() % this.blockSize; if(!this._decrypt && this.mode.pad) { if(!this.mode.pad(this._input, options)) { return false; } } // do final update this._finish = true; this.update(); if(this._decrypt && this.mode.unpad) { if(!this.mode.unpad(this.output, options)) { return false; } } if(this.mode.afterFinish) { if(!this.mode.afterFinish(this.output, options)) { return false; } } return true; }; /***/ }), /***/ 873: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Supported cipher modes. * * @author Dave Longley * * Copyright (c) 2010-2014 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(8339); forge.cipher = forge.cipher || {}; // supported cipher modes var modes = module.exports = forge.cipher.modes = forge.cipher.modes || {}; /** Electronic codebook (ECB) (Don't use this; it's not secure) **/ modes.ecb = function(options) { options = options || {}; this.name = 'ECB'; this.cipher = options.cipher; this.blockSize = options.blockSize || 16; this._ints = this.blockSize / 4; this._inBlock = new Array(this._ints); this._outBlock = new Array(this._ints); }; modes.ecb.prototype.start = function(options) {}; modes.ecb.prototype.encrypt = function(input, output, finish) { // not enough input to encrypt if(input.length() < this.blockSize && !(finish && input.length() > 0)) { return true; } // get next block for(var i = 0; i < this._ints; ++i) { this._inBlock[i] = input.getInt32(); } // encrypt block this.cipher.encrypt(this._inBlock, this._outBlock); // write output for(var i = 0; i < this._ints; ++i) { output.putInt32(this._outBlock[i]); } }; modes.ecb.prototype.decrypt = function(input, output, finish) { // not enough input to decrypt if(input.length() < this.blockSize && !(finish && input.length() > 0)) { return true; } // get next block for(var i = 0; i < this._ints; ++i) { this._inBlock[i] = input.getInt32(); } // decrypt block this.cipher.decrypt(this._inBlock, this._outBlock); // write output for(var i = 0; i < this._ints; ++i) { output.putInt32(this._outBlock[i]); } }; modes.ecb.prototype.pad = function(input, options) { // add PKCS#7 padding to block (each pad byte is the // value of the number of pad bytes) var padding = (input.length() === this.blockSize ? this.blockSize : (this.blockSize - input.length())); input.fillWithByte(padding, padding); return true; }; modes.ecb.prototype.unpad = function(output, options) { // check for error: input data not a multiple of blockSize if(options.overflow > 0) { return false; } // ensure padding byte count is valid var len = output.length(); var count = output.at(len - 1); if(count > (this.blockSize << 2)) { return false; } // trim off padding bytes output.truncate(count); return true; }; /** Cipher-block Chaining (CBC) **/ modes.cbc = function(options) { options = options || {}; this.name = 'CBC'; this.cipher = options.cipher; this.blockSize = options.blockSize || 16; this._ints = this.blockSize / 4; this._inBlock = new Array(this._ints); this._outBlock = new Array(this._ints); }; modes.cbc.prototype.start = function(options) { // Note: legacy support for using IV residue (has security flaws) // if IV is null, reuse block from previous processing if(options.iv === null) { // must have a previous block if(!this._prev) { throw new Error('Invalid IV parameter.'); } this._iv = this._prev.slice(0); } else if(!('iv' in options)) { throw new Error('Invalid IV parameter.'); } else { // save IV as "previous" block this._iv = transformIV(options.iv, this.blockSize); this._prev = this._iv.slice(0); } }; modes.cbc.prototype.encrypt = function(input, output, finish) { // not enough input to encrypt if(input.length() < this.blockSize && !(finish && input.length() > 0)) { return true; } // get next block // CBC XOR's IV (or previous block) with plaintext for(var i = 0; i < this._ints; ++i) { this._inBlock[i] = this._prev[i] ^ input.getInt32(); } // encrypt block this.cipher.encrypt(this._inBlock, this._outBlock); // write output, save previous block for(var i = 0; i < this._ints; ++i) { output.putInt32(this._outBlock[i]); } this._prev = this._outBlock; }; modes.cbc.prototype.decrypt = function(input, output, finish) { // not enough input to decrypt if(input.length() < this.blockSize && !(finish && input.length() > 0)) { return true; } // get next block for(var i = 0; i < this._ints; ++i) { this._inBlock[i] = input.getInt32(); } // decrypt block this.cipher.decrypt(this._inBlock, this._outBlock); // write output, save previous ciphered block // CBC XOR's IV (or previous block) with ciphertext for(var i = 0; i < this._ints; ++i) { output.putInt32(this._prev[i] ^ this._outBlock[i]); } this._prev = this._inBlock.slice(0); }; modes.cbc.prototype.pad = function(input, options) { // add PKCS#7 padding to block (each pad byte is the // value of the number of pad bytes) var padding = (input.length() === this.blockSize ? this.blockSize : (this.blockSize - input.length())); input.fillWithByte(padding, padding); return true; }; modes.cbc.prototype.unpad = function(output, options) { // check for error: input data not a multiple of blockSize if(options.overflow > 0) { return false; } // ensure padding byte count is valid var len = output.length(); var count = output.at(len - 1); if(count > (this.blockSize << 2)) { return false; } // trim off padding bytes output.truncate(count); return true; }; /** Cipher feedback (CFB) **/ modes.cfb = function(options) { options = options || {}; this.name = 'CFB'; this.cipher = options.cipher; this.blockSize = options.blockSize || 16; this._ints = this.blockSize / 4; this._inBlock = null; this._outBlock = new Array(this._ints); this._partialBlock = new Array(this._ints); this._partialOutput = forge.util.createBuffer(); this._partialBytes = 0; }; modes.cfb.prototype.start = function(options) { if(!('iv' in options)) { throw new Error('Invalid IV parameter.'); } // use IV as first input this._iv = transformIV(options.iv, this.blockSize); this._inBlock = this._iv.slice(0); this._partialBytes = 0; }; modes.cfb.prototype.encrypt = function(input, output, finish) { // not enough input to encrypt var inputLength = input.length(); if(inputLength === 0) { return true; } // encrypt block this.cipher.encrypt(this._inBlock, this._outBlock); // handle full block if(this._partialBytes === 0 && inputLength >= this.blockSize) { // XOR input with output, write input as output for(var i = 0; i < this._ints; ++i) { this._inBlock[i] = input.getInt32() ^ this._outBlock[i]; output.putInt32(this._inBlock[i]); } return; } // handle partial block var partialBytes = (this.blockSize - inputLength) % this.blockSize; if(partialBytes > 0) { partialBytes = this.blockSize - partialBytes; } // XOR input with output, write input as partial output this._partialOutput.clear(); for(var i = 0; i < this._ints; ++i) { this._partialBlock[i] = input.getInt32() ^ this._outBlock[i]; this._partialOutput.putInt32(this._partialBlock[i]); } if(partialBytes > 0) { // block still incomplete, restore input buffer input.read -= this.blockSize; } else { // block complete, update input block for(var i = 0; i < this._ints; ++i) { this._inBlock[i] = this._partialBlock[i]; } } // skip any previous partial bytes if(this._partialBytes > 0) { this._partialOutput.getBytes(this._partialBytes); } if(partialBytes > 0 && !finish) { output.putBytes(this._partialOutput.getBytes( partialBytes - this._partialBytes)); this._partialBytes = partialBytes; return true; } output.putBytes(this._partialOutput.getBytes( inputLength - this._partialBytes)); this._partialBytes = 0; }; modes.cfb.prototype.decrypt = function(input, output, finish) { // not enough input to decrypt var inputLength = input.length(); if(inputLength === 0) { return true; } // encrypt block (CFB always uses encryption mode) this.cipher.encrypt(this._inBlock, this._outBlock); // handle full block if(this._partialBytes === 0 && inputLength >= this.blockSize) { // XOR input with output, write input as output for(var i = 0; i < this._ints; ++i) { this._inBlock[i] = input.getInt32(); output.putInt32(this._inBlock[i] ^ this._outBlock[i]); } return; } // handle partial block var partialBytes = (this.blockSize - inputLength) % this.blockSize; if(partialBytes > 0) { partialBytes = this.blockSize - partialBytes; } // XOR input with output, write input as partial output this._partialOutput.clear(); for(var i = 0; i < this._ints; ++i) { this._partialBlock[i] = input.getInt32(); this._partialOutput.putInt32(this._partialBlock[i] ^ this._outBlock[i]); } if(partialBytes > 0) { // block still incomplete, restore input buffer input.read -= this.blockSize; } else { // block complete, update input block for(var i = 0; i < this._ints; ++i) { this._inBlock[i] = this._partialBlock[i]; } } // skip any previous partial bytes if(this._partialBytes > 0) { this._partialOutput.getBytes(this._partialBytes); } if(partialBytes > 0 && !finish) { output.putBytes(this._partialOutput.getBytes( partialBytes - this._partialBytes)); this._partialBytes = partialBytes; return true; } output.putBytes(this._partialOutput.getBytes( inputLength - this._partialBytes)); this._partialBytes = 0; }; /** Output feedback (OFB) **/ modes.ofb = function(options) { options = options || {}; this.name = 'OFB'; this.cipher = options.cipher; this.blockSize = options.blockSize || 16; this._ints = this.blockSize / 4; this._inBlock = null; this._outBlock = new Array(this._ints); this._partialOutput = forge.util.createBuffer(); this._partialBytes = 0; }; modes.ofb.prototype.start = function(options) { if(!('iv' in options)) { throw new Error('Invalid IV parameter.'); } // use IV as first input this._iv = transformIV(options.iv, this.blockSize); this._inBlock = this._iv.slice(0); this._partialBytes = 0; }; modes.ofb.prototype.encrypt = function(input, output, finish) { // not enough input to encrypt var inputLength = input.length(); if(input.length() === 0) { return true; } // encrypt block (OFB always uses encryption mode) this.cipher.encrypt(this._inBlock, this._outBlock); // handle full block if(this._partialBytes === 0 && inputLength >= this.blockSize) { // XOR input with output and update next input for(var i = 0; i < this._ints; ++i) { output.putInt32(input.getInt32() ^ this._outBlock[i]); this._inBlock[i] = this._outBlock[i]; } return; } // handle partial block var partialBytes = (this.blockSize - inputLength) % this.blockSize; if(partialBytes > 0) { partialBytes = this.blockSize - partialBytes; } // XOR input with output this._partialOutput.clear(); for(var i = 0; i < this._ints; ++i) { this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]); } if(partialBytes > 0) { // block still incomplete, restore input buffer input.read -= this.blockSize; } else { // block complete, update input block for(var i = 0; i < this._ints; ++i) { this._inBlock[i] = this._outBlock[i]; } } // skip any previous partial bytes if(this._partialBytes > 0) { this._partialOutput.getBytes(this._partialBytes); } if(partialBytes > 0 && !finish) { output.putBytes(this._partialOutput.getBytes( partialBytes - this._partialBytes)); this._partialBytes = partialBytes; return true; } output.putBytes(this._partialOutput.getBytes( inputLength - this._partialBytes)); this._partialBytes = 0; }; modes.ofb.prototype.decrypt = modes.ofb.prototype.encrypt; /** Counter (CTR) **/ modes.ctr = function(options) { options = options || {}; this.name = 'CTR'; this.cipher = options.cipher; this.blockSize = options.blockSize || 16; this._ints = this.blockSize / 4; this._inBlock = null; this._outBlock = new Array(this._ints); this._partialOutput = forge.util.createBuffer(); this._partialBytes = 0; }; modes.ctr.prototype.start = function(options) { if(!('iv' in options)) { throw new Error('Invalid IV parameter.'); } // use IV as first input this._iv = transformIV(options.iv, this.blockSize); this._inBlock = this._iv.slice(0); this._partialBytes = 0; }; modes.ctr.prototype.encrypt = function(input, output, finish) { // not enough input to encrypt var inputLength = input.length(); if(inputLength === 0) { return true; } // encrypt block (CTR always uses encryption mode) this.cipher.encrypt(this._inBlock, this._outBlock); // handle full block if(this._partialBytes === 0 && inputLength >= this.blockSize) { // XOR input with output for(var i = 0; i < this._ints; ++i) { output.putInt32(input.getInt32() ^ this._outBlock[i]); } } else { // handle partial block var partialBytes = (this.blockSize - inputLength) % this.blockSize; if(partialBytes > 0) { partialBytes = this.blockSize - partialBytes; } // XOR input with output this._partialOutput.clear(); for(var i = 0; i < this._ints; ++i) { this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]); } if(partialBytes > 0) { // block still incomplete, restore input buffer input.read -= this.blockSize; } // skip any previous partial bytes if(this._partialBytes > 0) { this._partialOutput.getBytes(this._partialBytes); } if(partialBytes > 0 && !finish) { output.putBytes(this._partialOutput.getBytes( partialBytes - this._partialBytes)); this._partialBytes = partialBytes; return true; } output.putBytes(this._partialOutput.getBytes( inputLength - this._partialBytes)); this._partialBytes = 0; } // block complete, increment counter (input block) inc32(this._inBlock); }; modes.ctr.prototype.decrypt = modes.ctr.prototype.encrypt; /** Galois/Counter Mode (GCM) **/ modes.gcm = function(options) { options = options || {}; this.name = 'GCM'; this.cipher = options.cipher; this.blockSize = options.blockSize || 16; this._ints = this.blockSize / 4; this._inBlock = new Array(this._ints); this._outBlock = new Array(this._ints); this._partialOutput = forge.util.createBuffer(); this._partialBytes = 0; // R is actually this value concatenated with 120 more zero bits, but // we only XOR against R so the other zeros have no effect -- we just // apply this value to the first integer in a block this._R = 0xE1000000; }; modes.gcm.prototype.start = function(options) { if(!('iv' in options)) { throw new Error('Invalid IV parameter.'); } // ensure IV is a byte buffer var iv = forge.util.createBuffer(options.iv); // no ciphered data processed yet this._cipherLength = 0; // default additional data is none var additionalData; if('additionalData' in options) { additionalData = forge.util.createBuffer(options.additionalData); } else { additionalData = forge.util.createBuffer(); } // default tag length is 128 bits if('tagLength' in options) { this._tagLength = options.tagLength; } else { this._tagLength = 128; } // if tag is given, ensure tag matches tag length this._tag = null; if(options.decrypt) { // save tag to check later this._tag = forge.util.createBuffer(options.tag).getBytes(); if(this._tag.length !== (this._tagLength / 8)) { throw new Error('Authentication tag does not match tag length.'); } } // create tmp storage for hash calculation this._hashBlock = new Array(this._ints); // no tag generated yet this.tag = null; // generate hash subkey // (apply block cipher to "zero" block) this._hashSubkey = new Array(this._ints); this.cipher.encrypt([0, 0, 0, 0], this._hashSubkey); // generate table M // use 4-bit tables (32 component decomposition of a 16 byte value) // 8-bit tables take more space and are known to have security // vulnerabilities (in native implementations) this.componentBits = 4; this._m = this.generateHashTable(this._hashSubkey, this.componentBits); // Note: support IV length different from 96 bits? (only supporting // 96 bits is recommended by NIST SP-800-38D) // generate J_0 var ivLength = iv.length(); if(ivLength === 12) { // 96-bit IV this._j0 = [iv.getInt32(), iv.getInt32(), iv.getInt32(), 1]; } else { // IV is NOT 96-bits this._j0 = [0, 0, 0, 0]; while(iv.length() > 0) { this._j0 = this.ghash( this._hashSubkey, this._j0, [iv.getInt32(), iv.getInt32(), iv.getInt32(), iv.getInt32()]); } this._j0 = this.ghash( this._hashSubkey, this._j0, [0, 0].concat(from64To32(ivLength * 8))); } // generate ICB (initial counter block) this._inBlock = this._j0.slice(0); inc32(this._inBlock); this._partialBytes = 0; // consume authentication data additionalData = forge.util.createBuffer(additionalData); // save additional data length as a BE 64-bit number this._aDataLength = from64To32(additionalData.length() * 8); // pad additional data to 128 bit (16 byte) block size var overflow = additionalData.length() % this.blockSize; if(overflow) { additionalData.fillWithByte(0, this.blockSize - overflow); } this._s = [0, 0, 0, 0]; while(additionalData.length() > 0) { this._s = this.ghash(this._hashSubkey, this._s, [ additionalData.getInt32(), additionalData.getInt32(), additionalData.getInt32(), additionalData.getInt32() ]); } }; modes.gcm.prototype.encrypt = function(input, output, finish) { // not enough input to encrypt var inputLength = input.length(); if(inputLength === 0) { return true; } // encrypt block this.cipher.encrypt(this._inBlock, this._outBlock); // handle full block if(this._partialBytes === 0 && inputLength >= this.blockSize) { // XOR input with output for(var i = 0; i < this._ints; ++i) { output.putInt32(this._outBlock[i] ^= input.getInt32()); } this._cipherLength += this.blockSize; } else { // handle partial block var partialBytes = (this.blockSize - inputLength) % this.blockSize; if(partialBytes > 0) { partialBytes = this.blockSize - partialBytes; } // XOR input with output this._partialOutput.clear(); for(var i = 0; i < this._ints; ++i) { this._partialOutput.putInt32(input.getInt32() ^ this._outBlock[i]); } if(partialBytes <= 0 || finish) { // handle overflow prior to hashing if(finish) { // get block overflow var overflow = inputLength % this.blockSize; this._cipherLength += overflow; // truncate for hash function this._partialOutput.truncate(this.blockSize - overflow); } else { this._cipherLength += this.blockSize; } // get output block for hashing for(var i = 0; i < this._ints; ++i) { this._outBlock[i] = this._partialOutput.getInt32(); } this._partialOutput.read -= this.blockSize; } // skip any previous partial bytes if(this._partialBytes > 0) { this._partialOutput.getBytes(this._partialBytes); } if(partialBytes > 0 && !finish) { // block still incomplete, restore input buffer, get partial output, // and return early input.read -= this.blockSize; output.putBytes(this._partialOutput.getBytes( partialBytes - this._partialBytes)); this._partialBytes = partialBytes; return true; } output.putBytes(this._partialOutput.getBytes( inputLength - this._partialBytes)); this._partialBytes = 0; } // update hash block S this._s = this.ghash(this._hashSubkey, this._s, this._outBlock); // increment counter (input block) inc32(this._inBlock); }; modes.gcm.prototype.decrypt = function(input, output, finish) { // not enough input to decrypt var inputLength = input.length(); if(inputLength < this.blockSize && !(finish && inputLength > 0)) { return true; } // encrypt block (GCM always uses encryption mode) this.cipher.encrypt(this._inBlock, this._outBlock); // increment counter (input block) inc32(this._inBlock); // update hash block S this._hashBlock[0] = input.getInt32(); this._hashBlock[1] = input.getInt32(); this._hashBlock[2] = input.getInt32(); this._hashBlock[3] = input.getInt32(); this._s = this.ghash(this._hashSubkey, this._s, this._hashBlock); // XOR hash input with output for(var i = 0; i < this._ints; ++i) { output.putInt32(this._outBlock[i] ^ this._hashBlock[i]); } // increment cipher data length if(inputLength < this.blockSize) { this._cipherLength += inputLength % this.blockSize; } else { this._cipherLength += this.blockSize; } }; modes.gcm.prototype.afterFinish = function(output, options) { var rval = true; // handle overflow if(options.decrypt && options.overflow) { output.truncate(this.blockSize - options.overflow); } // handle authentication tag this.tag = forge.util.createBuffer(); // concatenate additional data length with cipher length var lengths = this._aDataLength.concat(from64To32(this._cipherLength * 8)); // include lengths in hash this._s = this.ghash(this._hashSubkey, this._s, lengths); // do GCTR(J_0, S) var tag = []; this.cipher.encrypt(this._j0, tag); for(var i = 0; i < this._ints; ++i) { this.tag.putInt32(this._s[i] ^ tag[i]); } // trim tag to length this.tag.truncate(this.tag.length() % (this._tagLength / 8)); // check authentication tag if(options.decrypt && this.tag.bytes() !== this._tag) { rval = false; } return rval; }; /** * See NIST SP-800-38D 6.3 (Algorithm 1). This function performs Galois * field multiplication. The field, GF(2^128), is defined by the polynomial: * * x^128 + x^7 + x^2 + x + 1 * * Which is represented in little-endian binary form as: 11100001 (0xe1). When * the value of a coefficient is 1, a bit is set. The value R, is the * concatenation of this value and 120 zero bits, yielding a 128-bit value * which matches the block size. * * This function will multiply two elements (vectors of bytes), X and Y, in * the field GF(2^128). The result is initialized to zero. For each bit of * X (out of 128), x_i, if x_i is set, then the result is multiplied (XOR'd) * by the current value of Y. For each bit, the value of Y will be raised by * a power of x (multiplied by the polynomial x). This can be achieved by * shifting Y once to the right. If the current value of Y, prior to being * multiplied by x, has 0 as its LSB, then it is a 127th degree polynomial. * Otherwise, we must divide by R after shifting to find the remainder. * * @param x the first block to multiply by the second. * @param y the second block to multiply by the first. * * @return the block result of the multiplication. */ modes.gcm.prototype.multiply = function(x, y) { var z_i = [0, 0, 0, 0]; var v_i = y.slice(0); // calculate Z_128 (block has 128 bits) for(var i = 0; i < 128; ++i) { // if x_i is 0, Z_{i+1} = Z_i (unchanged) // else Z_{i+1} = Z_i ^ V_i // get x_i by finding 32-bit int position, then left shift 1 by remainder var x_i = x[(i / 32) | 0] & (1 << (31 - i % 32)); if(x_i) { z_i[0] ^= v_i[0]; z_i[1] ^= v_i[1]; z_i[2] ^= v_i[2]; z_i[3] ^= v_i[3]; } // if LSB(V_i) is 1, V_i = V_i >> 1 // else V_i = (V_i >> 1) ^ R this.pow(v_i, v_i); } return z_i; }; modes.gcm.prototype.pow = function(x, out) { // if LSB(x) is 1, x = x >>> 1 // else x = (x >>> 1) ^ R var lsb = x[3] & 1; // always do x >>> 1: // starting with the rightmost integer, shift each integer to the right // one bit, pulling in the bit from the integer to the left as its top // most bit (do this for the last 3 integers) for(var i = 3; i > 0; --i) { out[i] = (x[i] >>> 1) | ((x[i - 1] & 1) << 31); } // shift the first integer normally out[0] = x[0] >>> 1; // if lsb was not set, then polynomial had a degree of 127 and doesn't // need to divided; otherwise, XOR with R to find the remainder; we only // need to XOR the first integer since R technically ends w/120 zero bits if(lsb) { out[0] ^= this._R; } }; modes.gcm.prototype.tableMultiply = function(x) { // assumes 4-bit tables are used var z = [0, 0, 0, 0]; for(var i = 0; i < 32; ++i) { var idx = (i / 8) | 0; var x_i = (x[idx] >>> ((7 - (i % 8)) * 4)) & 0xF; var ah = this._m[i][x_i]; z[0] ^= ah[0]; z[1] ^= ah[1]; z[2] ^= ah[2]; z[3] ^= ah[3]; } return z; }; /** * A continuing version of the GHASH algorithm that operates on a single * block. The hash block, last hash value (Ym) and the new block to hash * are given. * * @param h the hash block. * @param y the previous value for Ym, use [0, 0, 0, 0] for a new hash. * @param x the block to hash. * * @return the hashed value (Ym). */ modes.gcm.prototype.ghash = function(h, y, x) { y[0] ^= x[0]; y[1] ^= x[1]; y[2] ^= x[2]; y[3] ^= x[3]; return this.tableMultiply(y); //return this.multiply(y, h); }; /** * Precomputes a table for multiplying against the hash subkey. This * mechanism provides a substantial speed increase over multiplication * performed without a table. The table-based multiplication this table is * for solves X * H by multiplying each component of X by H and then * composing the results together using XOR. * * This function can be used to generate tables with different bit sizes * for the components, however, this implementation assumes there are * 32 components of X (which is a 16 byte vector), therefore each component * takes 4-bits (so the table is constructed with bits=4). * * @param h the hash subkey. * @param bits the bit size for a component. */ modes.gcm.prototype.generateHashTable = function(h, bits) { // TODO: There are further optimizations that would use only the // first table M_0 (or some variant) along with a remainder table; // this can be explored in the future var multiplier = 8 / bits; var perInt = 4 * multiplier; var size = 16 * multiplier; var m = new Array(size); for(var i = 0; i < size; ++i) { var tmp = [0, 0, 0, 0]; var idx = (i / perInt) | 0; var shft = ((perInt - 1 - (i % perInt)) * bits); tmp[idx] = (1 << (bits - 1)) << shft; m[i] = this.generateSubHashTable(this.multiply(tmp, h), bits); } return m; }; /** * Generates a table for multiplying against the hash subkey for one * particular component (out of all possible component values). * * @param mid the pre-multiplied value for the middle key of the table. * @param bits the bit size for a component. */ modes.gcm.prototype.generateSubHashTable = function(mid, bits) { // compute the table quickly by minimizing the number of // POW operations -- they only need to be performed for powers of 2, // all other entries can be composed from those powers using XOR var size = 1 << bits; var half = size >>> 1; var m = new Array(size); m[half] = mid.slice(0); var i = half >>> 1; while(i > 0) { // raise m0[2 * i] and store in m0[i] this.pow(m[2 * i], m[i] = []); i >>= 1; } i = 2; while(i < half) { for(var j = 1; j < i; ++j) { var m_i = m[i]; var m_j = m[j]; m[i + j] = [ m_i[0] ^ m_j[0], m_i[1] ^ m_j[1], m_i[2] ^ m_j[2], m_i[3] ^ m_j[3] ]; } i *= 2; } m[0] = [0, 0, 0, 0]; /* Note: We could avoid storing these by doing composition during multiply calculate top half using composition by speed is preferred. */ for(i = half + 1; i < size; ++i) { var c = m[i ^ half]; m[i] = [mid[0] ^ c[0], mid[1] ^ c[1], mid[2] ^ c[2], mid[3] ^ c[3]]; } return m; }; /** Utility functions */ function transformIV(iv, blockSize) { if(typeof iv === 'string') { // convert iv string into byte buffer iv = forge.util.createBuffer(iv); } if(forge.util.isArray(iv) && iv.length > 4) { // convert iv byte array into byte buffer var tmp = iv; iv = forge.util.createBuffer(); for(var i = 0; i < tmp.length; ++i) { iv.putByte(tmp[i]); } } if(iv.length() < blockSize) { throw new Error( 'Invalid IV length; got ' + iv.length() + ' bytes and expected ' + blockSize + ' bytes.'); } if(!forge.util.isArray(iv)) { // convert iv byte buffer into 32-bit integer array var ints = []; var blocks = blockSize / 4; for(var i = 0; i < blocks; ++i) { ints.push(iv.getInt32()); } iv = ints; } return iv; } function inc32(block) { // increment last 32 bits of block only block[block.length - 1] = (block[block.length - 1] + 1) & 0xFFFFFFFF; } function from64To32(num) { // convert 64-bit number to two BE Int32s return [(num / 0x100000000) | 0, num & 0xFFFFFFFF]; } /***/ }), /***/ 7157: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * DES (Data Encryption Standard) implementation. * * This implementation supports DES as well as 3DES-EDE in ECB and CBC mode. * It is based on the BSD-licensed implementation by Paul Tero: * * Paul Tero, July 2001 * http://www.tero.co.uk/des/ * * Optimised for performance with large blocks by * Michael Hayworth, November 2001 * http://www.netdealing.com * * THIS SOFTWARE IS PROVIDED "AS IS" AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * * @author Stefan Siegl * @author Dave Longley * * Copyright (c) 2012 Stefan Siegl * Copyright (c) 2012-2014 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(7088); __nccwpck_require__(873); __nccwpck_require__(8339); /* DES API */ module.exports = forge.des = forge.des || {}; /** * Deprecated. Instead, use: * * var cipher = forge.cipher.createCipher('DES-', key); * cipher.start({iv: iv}); * * Creates an DES cipher object to encrypt data using the given symmetric key. * The output will be stored in the 'output' member of the returned cipher. * * The key and iv may be given as binary-encoded strings of bytes or * byte buffers. * * @param key the symmetric key to use (64 or 192 bits). * @param iv the initialization vector to use. * @param output the buffer to write to, null to create one. * @param mode the cipher mode to use (default: 'CBC' if IV is * given, 'ECB' if null). * * @return the cipher. */ forge.des.startEncrypting = function(key, iv, output, mode) { var cipher = _createCipher({ key: key, output: output, decrypt: false, mode: mode || (iv === null ? 'ECB' : 'CBC') }); cipher.start(iv); return cipher; }; /** * Deprecated. Instead, use: * * var cipher = forge.cipher.createCipher('DES-', key); * * Creates an DES cipher object to encrypt data using the given symmetric key. * * The key may be given as a binary-encoded string of bytes or a byte buffer. * * @param key the symmetric key to use (64 or 192 bits). * @param mode the cipher mode to use (default: 'CBC'). * * @return the cipher. */ forge.des.createEncryptionCipher = function(key, mode) { return _createCipher({ key: key, output: null, decrypt: false, mode: mode }); }; /** * Deprecated. Instead, use: * * var decipher = forge.cipher.createDecipher('DES-', key); * decipher.start({iv: iv}); * * Creates an DES cipher object to decrypt data using the given symmetric key. * The output will be stored in the 'output' member of the returned cipher. * * The key and iv may be given as binary-encoded strings of bytes or * byte buffers. * * @param key the symmetric key to use (64 or 192 bits). * @param iv the initialization vector to use. * @param output the buffer to write to, null to create one. * @param mode the cipher mode to use (default: 'CBC' if IV is * given, 'ECB' if null). * * @return the cipher. */ forge.des.startDecrypting = function(key, iv, output, mode) { var cipher = _createCipher({ key: key, output: output, decrypt: true, mode: mode || (iv === null ? 'ECB' : 'CBC') }); cipher.start(iv); return cipher; }; /** * Deprecated. Instead, use: * * var decipher = forge.cipher.createDecipher('DES-', key); * * Creates an DES cipher object to decrypt data using the given symmetric key. * * The key may be given as a binary-encoded string of bytes or a byte buffer. * * @param key the symmetric key to use (64 or 192 bits). * @param mode the cipher mode to use (default: 'CBC'). * * @return the cipher. */ forge.des.createDecryptionCipher = function(key, mode) { return _createCipher({ key: key, output: null, decrypt: true, mode: mode }); }; /** * Creates a new DES cipher algorithm object. * * @param name the name of the algorithm. * @param mode the mode factory function. * * @return the DES algorithm object. */ forge.des.Algorithm = function(name, mode) { var self = this; self.name = name; self.mode = new mode({ blockSize: 8, cipher: { encrypt: function(inBlock, outBlock) { return _updateBlock(self._keys, inBlock, outBlock, false); }, decrypt: function(inBlock, outBlock) { return _updateBlock(self._keys, inBlock, outBlock, true); } } }); self._init = false; }; /** * Initializes this DES algorithm by expanding its key. * * @param options the options to use. * key the key to use with this algorithm. * decrypt true if the algorithm should be initialized for decryption, * false for encryption. */ forge.des.Algorithm.prototype.initialize = function(options) { if(this._init) { return; } var key = forge.util.createBuffer(options.key); if(this.name.indexOf('3DES') === 0) { if(key.length() !== 24) { throw new Error('Invalid Triple-DES key size: ' + key.length() * 8); } } // do key expansion to 16 or 48 subkeys (single or triple DES) this._keys = _createKeys(key); this._init = true; }; /** Register DES algorithms **/ registerAlgorithm('DES-ECB', forge.cipher.modes.ecb); registerAlgorithm('DES-CBC', forge.cipher.modes.cbc); registerAlgorithm('DES-CFB', forge.cipher.modes.cfb); registerAlgorithm('DES-OFB', forge.cipher.modes.ofb); registerAlgorithm('DES-CTR', forge.cipher.modes.ctr); registerAlgorithm('3DES-ECB', forge.cipher.modes.ecb); registerAlgorithm('3DES-CBC', forge.cipher.modes.cbc); registerAlgorithm('3DES-CFB', forge.cipher.modes.cfb); registerAlgorithm('3DES-OFB', forge.cipher.modes.ofb); registerAlgorithm('3DES-CTR', forge.cipher.modes.ctr); function registerAlgorithm(name, mode) { var factory = function() { return new forge.des.Algorithm(name, mode); }; forge.cipher.registerAlgorithm(name, factory); } /** DES implementation **/ var spfunction1 = [0x1010400,0,0x10000,0x1010404,0x1010004,0x10404,0x4,0x10000,0x400,0x1010400,0x1010404,0x400,0x1000404,0x1010004,0x1000000,0x4,0x404,0x1000400,0x1000400,0x10400,0x10400,0x1010000,0x1010000,0x1000404,0x10004,0x1000004,0x1000004,0x10004,0,0x404,0x10404,0x1000000,0x10000,0x1010404,0x4,0x1010000,0x1010400,0x1000000,0x1000000,0x400,0x1010004,0x10000,0x10400,0x1000004,0x400,0x4,0x1000404,0x10404,0x1010404,0x10004,0x1010000,0x1000404,0x1000004,0x404,0x10404,0x1010400,0x404,0x1000400,0x1000400,0,0x10004,0x10400,0,0x1010004]; var spfunction2 = [-0x7fef7fe0,-0x7fff8000,0x8000,0x108020,0x100000,0x20,-0x7fefffe0,-0x7fff7fe0,-0x7fffffe0,-0x7fef7fe0,-0x7fef8000,-0x80000000,-0x7fff8000,0x100000,0x20,-0x7fefffe0,0x108000,0x100020,-0x7fff7fe0,0,-0x80000000,0x8000,0x108020,-0x7ff00000,0x100020,-0x7fffffe0,0,0x108000,0x8020,-0x7fef8000,-0x7ff00000,0x8020,0,0x108020,-0x7fefffe0,0x100000,-0x7fff7fe0,-0x7ff00000,-0x7fef8000,0x8000,-0x7ff00000,-0x7fff8000,0x20,-0x7fef7fe0,0x108020,0x20,0x8000,-0x80000000,0x8020,-0x7fef8000,0x100000,-0x7fffffe0,0x100020,-0x7fff7fe0,-0x7fffffe0,0x100020,0x108000,0,-0x7fff8000,0x8020,-0x80000000,-0x7fefffe0,-0x7fef7fe0,0x108000]; var spfunction3 = [0x208,0x8020200,0,0x8020008,0x8000200,0,0x20208,0x8000200,0x20008,0x8000008,0x8000008,0x20000,0x8020208,0x20008,0x8020000,0x208,0x8000000,0x8,0x8020200,0x200,0x20200,0x8020000,0x8020008,0x20208,0x8000208,0x20200,0x20000,0x8000208,0x8,0x8020208,0x200,0x8000000,0x8020200,0x8000000,0x20008,0x208,0x20000,0x8020200,0x8000200,0,0x200,0x20008,0x8020208,0x8000200,0x8000008,0x200,0,0x8020008,0x8000208,0x20000,0x8000000,0x8020208,0x8,0x20208,0x20200,0x8000008,0x8020000,0x8000208,0x208,0x8020000,0x20208,0x8,0x8020008,0x20200]; var spfunction4 = [0x802001,0x2081,0x2081,0x80,0x802080,0x800081,0x800001,0x2001,0,0x802000,0x802000,0x802081,0x81,0,0x800080,0x800001,0x1,0x2000,0x800000,0x802001,0x80,0x800000,0x2001,0x2080,0x800081,0x1,0x2080,0x800080,0x2000,0x802080,0x802081,0x81,0x800080,0x800001,0x802000,0x802081,0x81,0,0,0x802000,0x2080,0x800080,0x800081,0x1,0x802001,0x2081,0x2081,0x80,0x802081,0x81,0x1,0x2000,0x800001,0x2001,0x802080,0x800081,0x2001,0x2080,0x800000,0x802001,0x80,0x800000,0x2000,0x802080]; var spfunction5 = [0x100,0x2080100,0x2080000,0x42000100,0x80000,0x100,0x40000000,0x2080000,0x40080100,0x80000,0x2000100,0x40080100,0x42000100,0x42080000,0x80100,0x40000000,0x2000000,0x40080000,0x40080000,0,0x40000100,0x42080100,0x42080100,0x2000100,0x42080000,0x40000100,0,0x42000000,0x2080100,0x2000000,0x42000000,0x80100,0x80000,0x42000100,0x100,0x2000000,0x40000000,0x2080000,0x42000100,0x40080100,0x2000100,0x40000000,0x42080000,0x2080100,0x40080100,0x100,0x2000000,0x42080000,0x42080100,0x80100,0x42000000,0x42080100,0x2080000,0,0x40080000,0x42000000,0x80100,0x2000100,0x40000100,0x80000,0,0x40080000,0x2080100,0x40000100]; var spfunction6 = [0x20000010,0x20400000,0x4000,0x20404010,0x20400000,0x10,0x20404010,0x400000,0x20004000,0x404010,0x400000,0x20000010,0x400010,0x20004000,0x20000000,0x4010,0,0x400010,0x20004010,0x4000,0x404000,0x20004010,0x10,0x20400010,0x20400010,0,0x404010,0x20404000,0x4010,0x404000,0x20404000,0x20000000,0x20004000,0x10,0x20400010,0x404000,0x20404010,0x400000,0x4010,0x20000010,0x400000,0x20004000,0x20000000,0x4010,0x20000010,0x20404010,0x404000,0x20400000,0x404010,0x20404000,0,0x20400010,0x10,0x4000,0x20400000,0x404010,0x4000,0x400010,0x20004010,0,0x20404000,0x20000000,0x400010,0x20004010]; var spfunction7 = [0x200000,0x4200002,0x4000802,0,0x800,0x4000802,0x200802,0x4200800,0x4200802,0x200000,0,0x4000002,0x2,0x4000000,0x4200002,0x802,0x4000800,0x200802,0x200002,0x4000800,0x4000002,0x4200000,0x4200800,0x200002,0x4200000,0x800,0x802,0x4200802,0x200800,0x2,0x4000000,0x200800,0x4000000,0x200800,0x200000,0x4000802,0x4000802,0x4200002,0x4200002,0x2,0x200002,0x4000000,0x4000800,0x200000,0x4200800,0x802,0x200802,0x4200800,0x802,0x4000002,0x4200802,0x4200000,0x200800,0,0x2,0x4200802,0,0x200802,0x4200000,0x800,0x4000002,0x4000800,0x800,0x200002]; var spfunction8 = [0x10001040,0x1000,0x40000,0x10041040,0x10000000,0x10001040,0x40,0x10000000,0x40040,0x10040000,0x10041040,0x41000,0x10041000,0x41040,0x1000,0x40,0x10040000,0x10000040,0x10001000,0x1040,0x41000,0x40040,0x10040040,0x10041000,0x1040,0,0,0x10040040,0x10000040,0x10001000,0x41040,0x40000,0x41040,0x40000,0x10041000,0x1000,0x40,0x10040040,0x1000,0x41040,0x10001000,0x40,0x10000040,0x10040000,0x10040040,0x10000000,0x40000,0x10001040,0,0x10041040,0x40040,0x10000040,0x10040000,0x10001000,0x10001040,0,0x10041040,0x41000,0x41000,0x1040,0x1040,0x40040,0x10000000,0x10041000]; /** * Create necessary sub keys. * * @param key the 64-bit or 192-bit key. * * @return the expanded keys. */ function _createKeys(key) { var pc2bytes0 = [0,0x4,0x20000000,0x20000004,0x10000,0x10004,0x20010000,0x20010004,0x200,0x204,0x20000200,0x20000204,0x10200,0x10204,0x20010200,0x20010204], pc2bytes1 = [0,0x1,0x100000,0x100001,0x4000000,0x4000001,0x4100000,0x4100001,0x100,0x101,0x100100,0x100101,0x4000100,0x4000101,0x4100100,0x4100101], pc2bytes2 = [0,0x8,0x800,0x808,0x1000000,0x1000008,0x1000800,0x1000808,0,0x8,0x800,0x808,0x1000000,0x1000008,0x1000800,0x1000808], pc2bytes3 = [0,0x200000,0x8000000,0x8200000,0x2000,0x202000,0x8002000,0x8202000,0x20000,0x220000,0x8020000,0x8220000,0x22000,0x222000,0x8022000,0x8222000], pc2bytes4 = [0,0x40000,0x10,0x40010,0,0x40000,0x10,0x40010,0x1000,0x41000,0x1010,0x41010,0x1000,0x41000,0x1010,0x41010], pc2bytes5 = [0,0x400,0x20,0x420,0,0x400,0x20,0x420,0x2000000,0x2000400,0x2000020,0x2000420,0x2000000,0x2000400,0x2000020,0x2000420], pc2bytes6 = [0,0x10000000,0x80000,0x10080000,0x2,0x10000002,0x80002,0x10080002,0,0x10000000,0x80000,0x10080000,0x2,0x10000002,0x80002,0x10080002], pc2bytes7 = [0,0x10000,0x800,0x10800,0x20000000,0x20010000,0x20000800,0x20010800,0x20000,0x30000,0x20800,0x30800,0x20020000,0x20030000,0x20020800,0x20030800], pc2bytes8 = [0,0x40000,0,0x40000,0x2,0x40002,0x2,0x40002,0x2000000,0x2040000,0x2000000,0x2040000,0x2000002,0x2040002,0x2000002,0x2040002], pc2bytes9 = [0,0x10000000,0x8,0x10000008,0,0x10000000,0x8,0x10000008,0x400,0x10000400,0x408,0x10000408,0x400,0x10000400,0x408,0x10000408], pc2bytes10 = [0,0x20,0,0x20,0x100000,0x100020,0x100000,0x100020,0x2000,0x2020,0x2000,0x2020,0x102000,0x102020,0x102000,0x102020], pc2bytes11 = [0,0x1000000,0x200,0x1000200,0x200000,0x1200000,0x200200,0x1200200,0x4000000,0x5000000,0x4000200,0x5000200,0x4200000,0x5200000,0x4200200,0x5200200], pc2bytes12 = [0,0x1000,0x8000000,0x8001000,0x80000,0x81000,0x8080000,0x8081000,0x10,0x1010,0x8000010,0x8001010,0x80010,0x81010,0x8080010,0x8081010], pc2bytes13 = [0,0x4,0x100,0x104,0,0x4,0x100,0x104,0x1,0x5,0x101,0x105,0x1,0x5,0x101,0x105]; // how many iterations (1 for des, 3 for triple des) // changed by Paul 16/6/2007 to use Triple DES for 9+ byte keys var iterations = key.length() > 8 ? 3 : 1; // stores the return keys var keys = []; // now define the left shifts which need to be done var shifts = [0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0]; var n = 0, tmp; for(var j = 0; j < iterations; j++) { var left = key.getInt32(); var right = key.getInt32(); tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f; right ^= tmp; left ^= (tmp << 4); tmp = ((right >>> -16) ^ left) & 0x0000ffff; left ^= tmp; right ^= (tmp << -16); tmp = ((left >>> 2) ^ right) & 0x33333333; right ^= tmp; left ^= (tmp << 2); tmp = ((right >>> -16) ^ left) & 0x0000ffff; left ^= tmp; right ^= (tmp << -16); tmp = ((left >>> 1) ^ right) & 0x55555555; right ^= tmp; left ^= (tmp << 1); tmp = ((right >>> 8) ^ left) & 0x00ff00ff; left ^= tmp; right ^= (tmp << 8); tmp = ((left >>> 1) ^ right) & 0x55555555; right ^= tmp; left ^= (tmp << 1); // right needs to be shifted and OR'd with last four bits of left tmp = (left << 8) | ((right >>> 20) & 0x000000f0); // left needs to be put upside down left = ((right << 24) | ((right << 8) & 0xff0000) | ((right >>> 8) & 0xff00) | ((right >>> 24) & 0xf0)); right = tmp; // now go through and perform these shifts on the left and right keys for(var i = 0; i < shifts.length; ++i) { //shift the keys either one or two bits to the left if(shifts[i]) { left = (left << 2) | (left >>> 26); right = (right << 2) | (right >>> 26); } else { left = (left << 1) | (left >>> 27); right = (right << 1) | (right >>> 27); } left &= -0xf; right &= -0xf; // now apply PC-2, in such a way that E is easier when encrypting or // decrypting this conversion will look like PC-2 except only the last 6 // bits of each byte are used rather than 48 consecutive bits and the // order of lines will be according to how the S selection functions will // be applied: S2, S4, S6, S8, S1, S3, S5, S7 var lefttmp = ( pc2bytes0[left >>> 28] | pc2bytes1[(left >>> 24) & 0xf] | pc2bytes2[(left >>> 20) & 0xf] | pc2bytes3[(left >>> 16) & 0xf] | pc2bytes4[(left >>> 12) & 0xf] | pc2bytes5[(left >>> 8) & 0xf] | pc2bytes6[(left >>> 4) & 0xf]); var righttmp = ( pc2bytes7[right >>> 28] | pc2bytes8[(right >>> 24) & 0xf] | pc2bytes9[(right >>> 20) & 0xf] | pc2bytes10[(right >>> 16) & 0xf] | pc2bytes11[(right >>> 12) & 0xf] | pc2bytes12[(right >>> 8) & 0xf] | pc2bytes13[(right >>> 4) & 0xf]); tmp = ((righttmp >>> 16) ^ lefttmp) & 0x0000ffff; keys[n++] = lefttmp ^ tmp; keys[n++] = righttmp ^ (tmp << 16); } } return keys; } /** * Updates a single block (1 byte) using DES. The update will either * encrypt or decrypt the block. * * @param keys the expanded keys. * @param input the input block (an array of 32-bit words). * @param output the updated output block. * @param decrypt true to decrypt the block, false to encrypt it. */ function _updateBlock(keys, input, output, decrypt) { // set up loops for single or triple DES var iterations = keys.length === 32 ? 3 : 9; var looping; if(iterations === 3) { looping = decrypt ? [30, -2, -2] : [0, 32, 2]; } else { looping = (decrypt ? [94, 62, -2, 32, 64, 2, 30, -2, -2] : [0, 32, 2, 62, 30, -2, 64, 96, 2]); } var tmp; var left = input[0]; var right = input[1]; // first each 64 bit chunk of the message must be permuted according to IP tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f; right ^= tmp; left ^= (tmp << 4); tmp = ((left >>> 16) ^ right) & 0x0000ffff; right ^= tmp; left ^= (tmp << 16); tmp = ((right >>> 2) ^ left) & 0x33333333; left ^= tmp; right ^= (tmp << 2); tmp = ((right >>> 8) ^ left) & 0x00ff00ff; left ^= tmp; right ^= (tmp << 8); tmp = ((left >>> 1) ^ right) & 0x55555555; right ^= tmp; left ^= (tmp << 1); // rotate left 1 bit left = ((left << 1) | (left >>> 31)); right = ((right << 1) | (right >>> 31)); for(var j = 0; j < iterations; j += 3) { var endloop = looping[j + 1]; var loopinc = looping[j + 2]; // now go through and perform the encryption or decryption for(var i = looping[j]; i != endloop; i += loopinc) { var right1 = right ^ keys[i]; var right2 = ((right >>> 4) | (right << 28)) ^ keys[i + 1]; // passing these bytes through the S selection functions tmp = left; left = right; right = tmp ^ ( spfunction2[(right1 >>> 24) & 0x3f] | spfunction4[(right1 >>> 16) & 0x3f] | spfunction6[(right1 >>> 8) & 0x3f] | spfunction8[right1 & 0x3f] | spfunction1[(right2 >>> 24) & 0x3f] | spfunction3[(right2 >>> 16) & 0x3f] | spfunction5[(right2 >>> 8) & 0x3f] | spfunction7[right2 & 0x3f]); } // unreverse left and right tmp = left; left = right; right = tmp; } // rotate right 1 bit left = ((left >>> 1) | (left << 31)); right = ((right >>> 1) | (right << 31)); // now perform IP-1, which is IP in the opposite direction tmp = ((left >>> 1) ^ right) & 0x55555555; right ^= tmp; left ^= (tmp << 1); tmp = ((right >>> 8) ^ left) & 0x00ff00ff; left ^= tmp; right ^= (tmp << 8); tmp = ((right >>> 2) ^ left) & 0x33333333; left ^= tmp; right ^= (tmp << 2); tmp = ((left >>> 16) ^ right) & 0x0000ffff; right ^= tmp; left ^= (tmp << 16); tmp = ((left >>> 4) ^ right) & 0x0f0f0f0f; right ^= tmp; left ^= (tmp << 4); output[0] = left; output[1] = right; } /** * Deprecated. Instead, use: * * forge.cipher.createCipher('DES-', key); * forge.cipher.createDecipher('DES-', key); * * Creates a deprecated DES cipher object. This object's mode will default to * CBC (cipher-block-chaining). * * The key may be given as a binary-encoded string of bytes or a byte buffer. * * @param options the options to use. * key the symmetric key to use (64 or 192 bits). * output the buffer to write to. * decrypt true for decryption, false for encryption. * mode the cipher mode to use (default: 'CBC'). * * @return the cipher. */ function _createCipher(options) { options = options || {}; var mode = (options.mode || 'CBC').toUpperCase(); var algorithm = 'DES-' + mode; var cipher; if(options.decrypt) { cipher = forge.cipher.createDecipher(algorithm, options.key); } else { cipher = forge.cipher.createCipher(algorithm, options.key); } // backwards compatible start API var start = cipher.start; cipher.start = function(iv, options) { // backwards compatibility: support second arg as output buffer var output = null; if(options instanceof forge.util.ByteBuffer) { output = options; options = {}; } options = options || {}; options.output = output; options.iv = iv; start.call(cipher, options); }; return cipher; } /***/ }), /***/ 0: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * JavaScript implementation of Ed25519. * * Copyright (c) 2017-2019 Digital Bazaar, Inc. * * This implementation is based on the most excellent TweetNaCl which is * in the public domain. Many thanks to its contributors: * * https://github.com/dchest/tweetnacl-js */ var forge = __nccwpck_require__(9177); __nccwpck_require__(7052); __nccwpck_require__(7821); __nccwpck_require__(9542); __nccwpck_require__(8339); var asn1Validator = __nccwpck_require__(9414); var publicKeyValidator = asn1Validator.publicKeyValidator; var privateKeyValidator = asn1Validator.privateKeyValidator; if(typeof BigInteger === 'undefined') { var BigInteger = forge.jsbn.BigInteger; } var ByteBuffer = forge.util.ByteBuffer; var NativeBuffer = typeof Buffer === 'undefined' ? Uint8Array : Buffer; /* * Ed25519 algorithms, see RFC 8032: * https://tools.ietf.org/html/rfc8032 */ forge.pki = forge.pki || {}; module.exports = forge.pki.ed25519 = forge.ed25519 = forge.ed25519 || {}; var ed25519 = forge.ed25519; ed25519.constants = {}; ed25519.constants.PUBLIC_KEY_BYTE_LENGTH = 32; ed25519.constants.PRIVATE_KEY_BYTE_LENGTH = 64; ed25519.constants.SEED_BYTE_LENGTH = 32; ed25519.constants.SIGN_BYTE_LENGTH = 64; ed25519.constants.HASH_BYTE_LENGTH = 64; ed25519.generateKeyPair = function(options) { options = options || {}; var seed = options.seed; if(seed === undefined) { // generate seed seed = forge.random.getBytesSync(ed25519.constants.SEED_BYTE_LENGTH); } else if(typeof seed === 'string') { if(seed.length !== ed25519.constants.SEED_BYTE_LENGTH) { throw new TypeError( '"seed" must be ' + ed25519.constants.SEED_BYTE_LENGTH + ' bytes in length.'); } } else if(!(seed instanceof Uint8Array)) { throw new TypeError( '"seed" must be a node.js Buffer, Uint8Array, or a binary string.'); } seed = messageToNativeBuffer({message: seed, encoding: 'binary'}); var pk = new NativeBuffer(ed25519.constants.PUBLIC_KEY_BYTE_LENGTH); var sk = new NativeBuffer(ed25519.constants.PRIVATE_KEY_BYTE_LENGTH); for(var i = 0; i < 32; ++i) { sk[i] = seed[i]; } crypto_sign_keypair(pk, sk); return {publicKey: pk, privateKey: sk}; }; /** * Converts a private key from a RFC8410 ASN.1 encoding. * * @param obj - The asn1 representation of a private key. * * @returns {Object} keyInfo - The key information. * @returns {Buffer|Uint8Array} keyInfo.privateKeyBytes - 32 private key bytes. */ ed25519.privateKeyFromAsn1 = function(obj) { var capture = {}; var errors = []; var valid = forge.asn1.validate(obj, privateKeyValidator, capture, errors); if(!valid) { var error = new Error('Invalid Key.'); error.errors = errors; throw error; } var oid = forge.asn1.derToOid(capture.privateKeyOid); var ed25519Oid = forge.oids.EdDSA25519; if(oid !== ed25519Oid) { throw new Error('Invalid OID "' + oid + '"; OID must be "' + ed25519Oid + '".'); } var privateKey = capture.privateKey; // manually extract the private key bytes from nested octet string, see FIXME: // https://github.com/digitalbazaar/forge/blob/master/lib/asn1.js#L542 var privateKeyBytes = messageToNativeBuffer({ message: forge.asn1.fromDer(privateKey).value, encoding: 'binary' }); // TODO: RFC8410 specifies a format for encoding the public key bytes along // with the private key bytes. `publicKeyBytes` can be returned in the // future. https://tools.ietf.org/html/rfc8410#section-10.3 return {privateKeyBytes: privateKeyBytes}; }; /** * Converts a public key from a RFC8410 ASN.1 encoding. * * @param obj - The asn1 representation of a public key. * * @return {Buffer|Uint8Array} - 32 public key bytes. */ ed25519.publicKeyFromAsn1 = function(obj) { // get SubjectPublicKeyInfo var capture = {}; var errors = []; var valid = forge.asn1.validate(obj, publicKeyValidator, capture, errors); if(!valid) { var error = new Error('Invalid Key.'); error.errors = errors; throw error; } var oid = forge.asn1.derToOid(capture.publicKeyOid); var ed25519Oid = forge.oids.EdDSA25519; if(oid !== ed25519Oid) { throw new Error('Invalid OID "' + oid + '"; OID must be "' + ed25519Oid + '".'); } var publicKeyBytes = capture.ed25519PublicKey; if(publicKeyBytes.length !== ed25519.constants.PUBLIC_KEY_BYTE_LENGTH) { throw new Error('Key length is invalid.'); } return messageToNativeBuffer({ message: publicKeyBytes, encoding: 'binary' }); }; ed25519.publicKeyFromPrivateKey = function(options) { options = options || {}; var privateKey = messageToNativeBuffer({ message: options.privateKey, encoding: 'binary' }); if(privateKey.length !== ed25519.constants.PRIVATE_KEY_BYTE_LENGTH) { throw new TypeError( '"options.privateKey" must have a byte length of ' + ed25519.constants.PRIVATE_KEY_BYTE_LENGTH); } var pk = new NativeBuffer(ed25519.constants.PUBLIC_KEY_BYTE_LENGTH); for(var i = 0; i < pk.length; ++i) { pk[i] = privateKey[32 + i]; } return pk; }; ed25519.sign = function(options) { options = options || {}; var msg = messageToNativeBuffer(options); var privateKey = messageToNativeBuffer({ message: options.privateKey, encoding: 'binary' }); if(privateKey.length === ed25519.constants.SEED_BYTE_LENGTH) { var keyPair = ed25519.generateKeyPair({seed: privateKey}); privateKey = keyPair.privateKey; } else if(privateKey.length !== ed25519.constants.PRIVATE_KEY_BYTE_LENGTH) { throw new TypeError( '"options.privateKey" must have a byte length of ' + ed25519.constants.SEED_BYTE_LENGTH + ' or ' + ed25519.constants.PRIVATE_KEY_BYTE_LENGTH); } var signedMsg = new NativeBuffer( ed25519.constants.SIGN_BYTE_LENGTH + msg.length); crypto_sign(signedMsg, msg, msg.length, privateKey); var sig = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH); for(var i = 0; i < sig.length; ++i) { sig[i] = signedMsg[i]; } return sig; }; ed25519.verify = function(options) { options = options || {}; var msg = messageToNativeBuffer(options); if(options.signature === undefined) { throw new TypeError( '"options.signature" must be a node.js Buffer, a Uint8Array, a forge ' + 'ByteBuffer, or a binary string.'); } var sig = messageToNativeBuffer({ message: options.signature, encoding: 'binary' }); if(sig.length !== ed25519.constants.SIGN_BYTE_LENGTH) { throw new TypeError( '"options.signature" must have a byte length of ' + ed25519.constants.SIGN_BYTE_LENGTH); } var publicKey = messageToNativeBuffer({ message: options.publicKey, encoding: 'binary' }); if(publicKey.length !== ed25519.constants.PUBLIC_KEY_BYTE_LENGTH) { throw new TypeError( '"options.publicKey" must have a byte length of ' + ed25519.constants.PUBLIC_KEY_BYTE_LENGTH); } var sm = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH + msg.length); var m = new NativeBuffer(ed25519.constants.SIGN_BYTE_LENGTH + msg.length); var i; for(i = 0; i < ed25519.constants.SIGN_BYTE_LENGTH; ++i) { sm[i] = sig[i]; } for(i = 0; i < msg.length; ++i) { sm[i + ed25519.constants.SIGN_BYTE_LENGTH] = msg[i]; } return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); }; function messageToNativeBuffer(options) { var message = options.message; if(message instanceof Uint8Array || message instanceof NativeBuffer) { return message; } var encoding = options.encoding; if(message === undefined) { if(options.md) { // TODO: more rigorous validation that `md` is a MessageDigest message = options.md.digest().getBytes(); encoding = 'binary'; } else { throw new TypeError('"options.message" or "options.md" not specified.'); } } if(typeof message === 'string' && !encoding) { throw new TypeError('"options.encoding" must be "binary" or "utf8".'); } if(typeof message === 'string') { if(typeof Buffer !== 'undefined') { return Buffer.from(message, encoding); } message = new ByteBuffer(message, encoding); } else if(!(message instanceof ByteBuffer)) { throw new TypeError( '"options.message" must be a node.js Buffer, a Uint8Array, a forge ' + 'ByteBuffer, or a string with "options.encoding" specifying its ' + 'encoding.'); } // convert to native buffer var buffer = new NativeBuffer(message.length()); for(var i = 0; i < buffer.length; ++i) { buffer[i] = message.at(i); } return buffer; } var gf0 = gf(); var gf1 = gf([1]); var D = gf([ 0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]); var D2 = gf([ 0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]); var X = gf([ 0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]); var Y = gf([ 0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]); var L = new Float64Array([ 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); var I = gf([ 0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); // TODO: update forge buffer implementation to use `Buffer` or `Uint8Array`, // whichever is available, to improve performance function sha512(msg, msgLen) { // Note: `out` and `msg` are NativeBuffer var md = forge.md.sha512.create(); var buffer = new ByteBuffer(msg); md.update(buffer.getBytes(msgLen), 'binary'); var hash = md.digest().getBytes(); if(typeof Buffer !== 'undefined') { return Buffer.from(hash, 'binary'); } var out = new NativeBuffer(ed25519.constants.HASH_BYTE_LENGTH); for(var i = 0; i < 64; ++i) { out[i] = hash.charCodeAt(i); } return out; } function crypto_sign_keypair(pk, sk) { var p = [gf(), gf(), gf(), gf()]; var i; var d = sha512(sk, 32); d[0] &= 248; d[31] &= 127; d[31] |= 64; scalarbase(p, d); pack(pk, p); for(i = 0; i < 32; ++i) { sk[i + 32] = pk[i]; } return 0; } // Note: difference from C - smlen returned, not passed as argument. function crypto_sign(sm, m, n, sk) { var i, j, x = new Float64Array(64); var p = [gf(), gf(), gf(), gf()]; var d = sha512(sk, 32); d[0] &= 248; d[31] &= 127; d[31] |= 64; var smlen = n + 64; for(i = 0; i < n; ++i) { sm[64 + i] = m[i]; } for(i = 0; i < 32; ++i) { sm[32 + i] = d[32 + i]; } var r = sha512(sm.subarray(32), n + 32); reduce(r); scalarbase(p, r); pack(sm, p); for(i = 32; i < 64; ++i) { sm[i] = sk[i]; } var h = sha512(sm, n + 64); reduce(h); for(i = 32; i < 64; ++i) { x[i] = 0; } for(i = 0; i < 32; ++i) { x[i] = r[i]; } for(i = 0; i < 32; ++i) { for(j = 0; j < 32; j++) { x[i + j] += h[i] * d[j]; } } modL(sm.subarray(32), x); return smlen; } function crypto_sign_open(m, sm, n, pk) { var i, mlen; var t = new NativeBuffer(32); var p = [gf(), gf(), gf(), gf()], q = [gf(), gf(), gf(), gf()]; mlen = -1; if(n < 64) { return -1; } if(unpackneg(q, pk)) { return -1; } for(i = 0; i < n; ++i) { m[i] = sm[i]; } for(i = 0; i < 32; ++i) { m[i + 32] = pk[i]; } var h = sha512(m, n); reduce(h); scalarmult(p, q, h); scalarbase(q, sm.subarray(32)); add(p, q); pack(t, p); n -= 64; if(crypto_verify_32(sm, 0, t, 0)) { for(i = 0; i < n; ++i) { m[i] = 0; } return -1; } for(i = 0; i < n; ++i) { m[i] = sm[i + 64]; } mlen = n; return mlen; } function modL(r, x) { var carry, i, j, k; for(i = 63; i >= 32; --i) { carry = 0; for(j = i - 32, k = i - 12; j < k; ++j) { x[j] += carry - 16 * x[i] * L[j - (i - 32)]; carry = (x[j] + 128) >> 8; x[j] -= carry * 256; } x[j] += carry; x[i] = 0; } carry = 0; for(j = 0; j < 32; ++j) { x[j] += carry - (x[31] >> 4) * L[j]; carry = x[j] >> 8; x[j] &= 255; } for(j = 0; j < 32; ++j) { x[j] -= carry * L[j]; } for(i = 0; i < 32; ++i) { x[i + 1] += x[i] >> 8; r[i] = x[i] & 255; } } function reduce(r) { var x = new Float64Array(64); for(var i = 0; i < 64; ++i) { x[i] = r[i]; r[i] = 0; } modL(r, x); } function add(p, q) { var a = gf(), b = gf(), c = gf(), d = gf(), e = gf(), f = gf(), g = gf(), h = gf(), t = gf(); Z(a, p[1], p[0]); Z(t, q[1], q[0]); M(a, a, t); A(b, p[0], p[1]); A(t, q[0], q[1]); M(b, b, t); M(c, p[3], q[3]); M(c, c, D2); M(d, p[2], q[2]); A(d, d, d); Z(e, b, a); Z(f, d, c); A(g, d, c); A(h, b, a); M(p[0], e, f); M(p[1], h, g); M(p[2], g, f); M(p[3], e, h); } function cswap(p, q, b) { for(var i = 0; i < 4; ++i) { sel25519(p[i], q[i], b); } } function pack(r, p) { var tx = gf(), ty = gf(), zi = gf(); inv25519(zi, p[2]); M(tx, p[0], zi); M(ty, p[1], zi); pack25519(r, ty); r[31] ^= par25519(tx) << 7; } function pack25519(o, n) { var i, j, b; var m = gf(), t = gf(); for(i = 0; i < 16; ++i) { t[i] = n[i]; } car25519(t); car25519(t); car25519(t); for(j = 0; j < 2; ++j) { m[0] = t[0] - 0xffed; for(i = 1; i < 15; ++i) { m[i] = t[i] - 0xffff - ((m[i - 1] >> 16) & 1); m[i-1] &= 0xffff; } m[15] = t[15] - 0x7fff - ((m[14] >> 16) & 1); b = (m[15] >> 16) & 1; m[14] &= 0xffff; sel25519(t, m, 1 - b); } for (i = 0; i < 16; i++) { o[2 * i] = t[i] & 0xff; o[2 * i + 1] = t[i] >> 8; } } function unpackneg(r, p) { var t = gf(), chk = gf(), num = gf(), den = gf(), den2 = gf(), den4 = gf(), den6 = gf(); set25519(r[2], gf1); unpack25519(r[1], p); S(num, r[1]); M(den, num, D); Z(num, num, r[2]); A(den, r[2], den); S(den2, den); S(den4, den2); M(den6, den4, den2); M(t, den6, num); M(t, t, den); pow2523(t, t); M(t, t, num); M(t, t, den); M(t, t, den); M(r[0], t, den); S(chk, r[0]); M(chk, chk, den); if(neq25519(chk, num)) { M(r[0], r[0], I); } S(chk, r[0]); M(chk, chk, den); if(neq25519(chk, num)) { return -1; } if(par25519(r[0]) === (p[31] >> 7)) { Z(r[0], gf0, r[0]); } M(r[3], r[0], r[1]); return 0; } function unpack25519(o, n) { var i; for(i = 0; i < 16; ++i) { o[i] = n[2 * i] + (n[2 * i + 1] << 8); } o[15] &= 0x7fff; } function pow2523(o, i) { var c = gf(); var a; for(a = 0; a < 16; ++a) { c[a] = i[a]; } for(a = 250; a >= 0; --a) { S(c, c); if(a !== 1) { M(c, c, i); } } for(a = 0; a < 16; ++a) { o[a] = c[a]; } } function neq25519(a, b) { var c = new NativeBuffer(32); var d = new NativeBuffer(32); pack25519(c, a); pack25519(d, b); return crypto_verify_32(c, 0, d, 0); } function crypto_verify_32(x, xi, y, yi) { return vn(x, xi, y, yi, 32); } function vn(x, xi, y, yi, n) { var i, d = 0; for(i = 0; i < n; ++i) { d |= x[xi + i] ^ y[yi + i]; } return (1 & ((d - 1) >>> 8)) - 1; } function par25519(a) { var d = new NativeBuffer(32); pack25519(d, a); return d[0] & 1; } function scalarmult(p, q, s) { var b, i; set25519(p[0], gf0); set25519(p[1], gf1); set25519(p[2], gf1); set25519(p[3], gf0); for(i = 255; i >= 0; --i) { b = (s[(i / 8)|0] >> (i & 7)) & 1; cswap(p, q, b); add(q, p); add(p, p); cswap(p, q, b); } } function scalarbase(p, s) { var q = [gf(), gf(), gf(), gf()]; set25519(q[0], X); set25519(q[1], Y); set25519(q[2], gf1); M(q[3], X, Y); scalarmult(p, q, s); } function set25519(r, a) { var i; for(i = 0; i < 16; i++) { r[i] = a[i] | 0; } } function inv25519(o, i) { var c = gf(); var a; for(a = 0; a < 16; ++a) { c[a] = i[a]; } for(a = 253; a >= 0; --a) { S(c, c); if(a !== 2 && a !== 4) { M(c, c, i); } } for(a = 0; a < 16; ++a) { o[a] = c[a]; } } function car25519(o) { var i, v, c = 1; for(i = 0; i < 16; ++i) { v = o[i] + c + 65535; c = Math.floor(v / 65536); o[i] = v - c * 65536; } o[0] += c - 1 + 37 * (c - 1); } function sel25519(p, q, b) { var t, c = ~(b - 1); for(var i = 0; i < 16; ++i) { t = c & (p[i] ^ q[i]); p[i] ^= t; q[i] ^= t; } } function gf(init) { var i, r = new Float64Array(16); if(init) { for(i = 0; i < init.length; ++i) { r[i] = init[i]; } } return r; } function A(o, a, b) { for(var i = 0; i < 16; ++i) { o[i] = a[i] + b[i]; } } function Z(o, a, b) { for(var i = 0; i < 16; ++i) { o[i] = a[i] - b[i]; } } function S(o, a) { M(o, a, a); } function M(o, a, b) { var v, c, t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, b0 = b[0], b1 = b[1], b2 = b[2], b3 = b[3], b4 = b[4], b5 = b[5], b6 = b[6], b7 = b[7], b8 = b[8], b9 = b[9], b10 = b[10], b11 = b[11], b12 = b[12], b13 = b[13], b14 = b[14], b15 = b[15]; v = a[0]; t0 += v * b0; t1 += v * b1; t2 += v * b2; t3 += v * b3; t4 += v * b4; t5 += v * b5; t6 += v * b6; t7 += v * b7; t8 += v * b8; t9 += v * b9; t10 += v * b10; t11 += v * b11; t12 += v * b12; t13 += v * b13; t14 += v * b14; t15 += v * b15; v = a[1]; t1 += v * b0; t2 += v * b1; t3 += v * b2; t4 += v * b3; t5 += v * b4; t6 += v * b5; t7 += v * b6; t8 += v * b7; t9 += v * b8; t10 += v * b9; t11 += v * b10; t12 += v * b11; t13 += v * b12; t14 += v * b13; t15 += v * b14; t16 += v * b15; v = a[2]; t2 += v * b0; t3 += v * b1; t4 += v * b2; t5 += v * b3; t6 += v * b4; t7 += v * b5; t8 += v * b6; t9 += v * b7; t10 += v * b8; t11 += v * b9; t12 += v * b10; t13 += v * b11; t14 += v * b12; t15 += v * b13; t16 += v * b14; t17 += v * b15; v = a[3]; t3 += v * b0; t4 += v * b1; t5 += v * b2; t6 += v * b3; t7 += v * b4; t8 += v * b5; t9 += v * b6; t10 += v * b7; t11 += v * b8; t12 += v * b9; t13 += v * b10; t14 += v * b11; t15 += v * b12; t16 += v * b13; t17 += v * b14; t18 += v * b15; v = a[4]; t4 += v * b0; t5 += v * b1; t6 += v * b2; t7 += v * b3; t8 += v * b4; t9 += v * b5; t10 += v * b6; t11 += v * b7; t12 += v * b8; t13 += v * b9; t14 += v * b10; t15 += v * b11; t16 += v * b12; t17 += v * b13; t18 += v * b14; t19 += v * b15; v = a[5]; t5 += v * b0; t6 += v * b1; t7 += v * b2; t8 += v * b3; t9 += v * b4; t10 += v * b5; t11 += v * b6; t12 += v * b7; t13 += v * b8; t14 += v * b9; t15 += v * b10; t16 += v * b11; t17 += v * b12; t18 += v * b13; t19 += v * b14; t20 += v * b15; v = a[6]; t6 += v * b0; t7 += v * b1; t8 += v * b2; t9 += v * b3; t10 += v * b4; t11 += v * b5; t12 += v * b6; t13 += v * b7; t14 += v * b8; t15 += v * b9; t16 += v * b10; t17 += v * b11; t18 += v * b12; t19 += v * b13; t20 += v * b14; t21 += v * b15; v = a[7]; t7 += v * b0; t8 += v * b1; t9 += v * b2; t10 += v * b3; t11 += v * b4; t12 += v * b5; t13 += v * b6; t14 += v * b7; t15 += v * b8; t16 += v * b9; t17 += v * b10; t18 += v * b11; t19 += v * b12; t20 += v * b13; t21 += v * b14; t22 += v * b15; v = a[8]; t8 += v * b0; t9 += v * b1; t10 += v * b2; t11 += v * b3; t12 += v * b4; t13 += v * b5; t14 += v * b6; t15 += v * b7; t16 += v * b8; t17 += v * b9; t18 += v * b10; t19 += v * b11; t20 += v * b12; t21 += v * b13; t22 += v * b14; t23 += v * b15; v = a[9]; t9 += v * b0; t10 += v * b1; t11 += v * b2; t12 += v * b3; t13 += v * b4; t14 += v * b5; t15 += v * b6; t16 += v * b7; t17 += v * b8; t18 += v * b9; t19 += v * b10; t20 += v * b11; t21 += v * b12; t22 += v * b13; t23 += v * b14; t24 += v * b15; v = a[10]; t10 += v * b0; t11 += v * b1; t12 += v * b2; t13 += v * b3; t14 += v * b4; t15 += v * b5; t16 += v * b6; t17 += v * b7; t18 += v * b8; t19 += v * b9; t20 += v * b10; t21 += v * b11; t22 += v * b12; t23 += v * b13; t24 += v * b14; t25 += v * b15; v = a[11]; t11 += v * b0; t12 += v * b1; t13 += v * b2; t14 += v * b3; t15 += v * b4; t16 += v * b5; t17 += v * b6; t18 += v * b7; t19 += v * b8; t20 += v * b9; t21 += v * b10; t22 += v * b11; t23 += v * b12; t24 += v * b13; t25 += v * b14; t26 += v * b15; v = a[12]; t12 += v * b0; t13 += v * b1; t14 += v * b2; t15 += v * b3; t16 += v * b4; t17 += v * b5; t18 += v * b6; t19 += v * b7; t20 += v * b8; t21 += v * b9; t22 += v * b10; t23 += v * b11; t24 += v * b12; t25 += v * b13; t26 += v * b14; t27 += v * b15; v = a[13]; t13 += v * b0; t14 += v * b1; t15 += v * b2; t16 += v * b3; t17 += v * b4; t18 += v * b5; t19 += v * b6; t20 += v * b7; t21 += v * b8; t22 += v * b9; t23 += v * b10; t24 += v * b11; t25 += v * b12; t26 += v * b13; t27 += v * b14; t28 += v * b15; v = a[14]; t14 += v * b0; t15 += v * b1; t16 += v * b2; t17 += v * b3; t18 += v * b4; t19 += v * b5; t20 += v * b6; t21 += v * b7; t22 += v * b8; t23 += v * b9; t24 += v * b10; t25 += v * b11; t26 += v * b12; t27 += v * b13; t28 += v * b14; t29 += v * b15; v = a[15]; t15 += v * b0; t16 += v * b1; t17 += v * b2; t18 += v * b3; t19 += v * b4; t20 += v * b5; t21 += v * b6; t22 += v * b7; t23 += v * b8; t24 += v * b9; t25 += v * b10; t26 += v * b11; t27 += v * b12; t28 += v * b13; t29 += v * b14; t30 += v * b15; t0 += 38 * t16; t1 += 38 * t17; t2 += 38 * t18; t3 += 38 * t19; t4 += 38 * t20; t5 += 38 * t21; t6 += 38 * t22; t7 += 38 * t23; t8 += 38 * t24; t9 += 38 * t25; t10 += 38 * t26; t11 += 38 * t27; t12 += 38 * t28; t13 += 38 * t29; t14 += 38 * t30; // t15 left as is // first car c = 1; v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; t0 += c-1 + 37 * (c-1); // second car c = 1; v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; t0 += c-1 + 37 * (c-1); o[ 0] = t0; o[ 1] = t1; o[ 2] = t2; o[ 3] = t3; o[ 4] = t4; o[ 5] = t5; o[ 6] = t6; o[ 7] = t7; o[ 8] = t8; o[ 9] = t9; o[10] = t10; o[11] = t11; o[12] = t12; o[13] = t13; o[14] = t14; o[15] = t15; } /***/ }), /***/ 9177: /***/ ((module) => { /** * Node.js module for Forge. * * @author Dave Longley * * Copyright 2011-2016 Digital Bazaar, Inc. */ module.exports = { // default options options: { usePureJavaScript: false } }; /***/ }), /***/ 5104: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Hash-based Message Authentication Code implementation. Requires a message * digest object that can be obtained, for example, from forge.md.sha1 or * forge.md.md5. * * @author Dave Longley * * Copyright (c) 2010-2012 Digital Bazaar, Inc. All rights reserved. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(6231); __nccwpck_require__(8339); /* HMAC API */ var hmac = module.exports = forge.hmac = forge.hmac || {}; /** * Creates an HMAC object that uses the given message digest object. * * @return an HMAC object. */ hmac.create = function() { // the hmac key to use var _key = null; // the message digest to use var _md = null; // the inner padding var _ipadding = null; // the outer padding var _opadding = null; // hmac context var ctx = {}; /** * Starts or restarts the HMAC with the given key and message digest. * * @param md the message digest to use, null to reuse the previous one, * a string to use builtin 'sha1', 'md5', 'sha256'. * @param key the key to use as a string, array of bytes, byte buffer, * or null to reuse the previous key. */ ctx.start = function(md, key) { if(md !== null) { if(typeof md === 'string') { // create builtin message digest md = md.toLowerCase(); if(md in forge.md.algorithms) { _md = forge.md.algorithms[md].create(); } else { throw new Error('Unknown hash algorithm "' + md + '"'); } } else { // store message digest _md = md; } } if(key === null) { // reuse previous key key = _key; } else { if(typeof key === 'string') { // convert string into byte buffer key = forge.util.createBuffer(key); } else if(forge.util.isArray(key)) { // convert byte array into byte buffer var tmp = key; key = forge.util.createBuffer(); for(var i = 0; i < tmp.length; ++i) { key.putByte(tmp[i]); } } // if key is longer than blocksize, hash it var keylen = key.length(); if(keylen > _md.blockLength) { _md.start(); _md.update(key.bytes()); key = _md.digest(); } // mix key into inner and outer padding // ipadding = [0x36 * blocksize] ^ key // opadding = [0x5C * blocksize] ^ key _ipadding = forge.util.createBuffer(); _opadding = forge.util.createBuffer(); keylen = key.length(); for(var i = 0; i < keylen; ++i) { var tmp = key.at(i); _ipadding.putByte(0x36 ^ tmp); _opadding.putByte(0x5C ^ tmp); } // if key is shorter than blocksize, add additional padding if(keylen < _md.blockLength) { var tmp = _md.blockLength - keylen; for(var i = 0; i < tmp; ++i) { _ipadding.putByte(0x36); _opadding.putByte(0x5C); } } _key = key; _ipadding = _ipadding.bytes(); _opadding = _opadding.bytes(); } // digest is done like so: hash(opadding | hash(ipadding | message)) // prepare to do inner hash // hash(ipadding | message) _md.start(); _md.update(_ipadding); }; /** * Updates the HMAC with the given message bytes. * * @param bytes the bytes to update with. */ ctx.update = function(bytes) { _md.update(bytes); }; /** * Produces the Message Authentication Code (MAC). * * @return a byte buffer containing the digest value. */ ctx.getMac = function() { // digest is done like so: hash(opadding | hash(ipadding | message)) // here we do the outer hashing var inner = _md.digest().bytes(); _md.start(); _md.update(_opadding); _md.update(inner); return _md.digest(); }; // alias for getMac ctx.digest = ctx.getMac; return ctx; }; /***/ }), /***/ 7655: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Node.js module for Forge. * * @author Dave Longley * * Copyright 2011-2016 Digital Bazaar, Inc. */ module.exports = __nccwpck_require__(9177); __nccwpck_require__(7994); __nccwpck_require__(1449); __nccwpck_require__(9549); __nccwpck_require__(7088); __nccwpck_require__(7157); __nccwpck_require__(0); __nccwpck_require__(5104); __nccwpck_require__(5173); __nccwpck_require__(9994); __nccwpck_require__(1145); __nccwpck_require__(3339); __nccwpck_require__(1611); __nccwpck_require__(154); __nccwpck_require__(7014); __nccwpck_require__(466); __nccwpck_require__(4829); __nccwpck_require__(6924); __nccwpck_require__(6861); __nccwpck_require__(4467); __nccwpck_require__(4376); __nccwpck_require__(7821); __nccwpck_require__(9965); __nccwpck_require__(4280); __nccwpck_require__(9167); __nccwpck_require__(8339); /***/ }), /***/ 7052: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { // Copyright (c) 2005 Tom Wu // All Rights Reserved. // See "LICENSE" for details. // Basic JavaScript BN library - subset useful for RSA encryption. /* Licensing (LICENSE) ------------------- This software is covered under the following copyright: */ /* * Copyright (c) 2003-2005 Tom Wu * All Rights Reserved. * * Permission is hereby granted, free of charge, to any person obtaining * a copy of this software and associated documentation files (the * "Software"), to deal in the Software without restriction, including * without limitation the rights to use, copy, modify, merge, publish, * distribute, sublicense, and/or sell copies of the Software, and to * permit persons to whom the Software is furnished to do so, subject to * the following conditions: * * The above copyright notice and this permission notice shall be * included in all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. * * IN NO EVENT SHALL TOM WU BE LIABLE FOR ANY SPECIAL, INCIDENTAL, * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * In addition, the following condition applies: * * All redistributions must retain an intact copy of this copyright notice * and disclaimer. */ /* Address all questions regarding this license to: Tom Wu tjw@cs.Stanford.EDU */ var forge = __nccwpck_require__(9177); module.exports = forge.jsbn = forge.jsbn || {}; // Bits per digit var dbits; // JavaScript engine analysis var canary = 0xdeadbeefcafe; var j_lm = ((canary&0xffffff)==0xefcafe); // (public) Constructor function BigInteger(a,b,c) { this.data = []; if(a != null) if("number" == typeof a) this.fromNumber(a,b,c); else if(b == null && "string" != typeof a) this.fromString(a,256); else this.fromString(a,b); } forge.jsbn.BigInteger = BigInteger; // return new, unset BigInteger function nbi() { return new BigInteger(null); } // am: Compute w_j += (x*this_i), propagate carries, // c is initial carry, returns final carry. // c < 3*dvalue, x < 2*dvalue, this_i < dvalue // We need to select the fastest one that works in this environment. // am1: use a single mult and divide to get the high bits, // max digit bits should be 26 because // max internal value = 2*dvalue^2-2*dvalue (< 2^53) function am1(i,x,w,j,c,n) { while(--n >= 0) { var v = x*this.data[i++]+w.data[j]+c; c = Math.floor(v/0x4000000); w.data[j++] = v&0x3ffffff; } return c; } // am2 avoids a big mult-and-extract completely. // Max digit bits should be <= 30 because we do bitwise ops // on values up to 2*hdvalue^2-hdvalue-1 (< 2^31) function am2(i,x,w,j,c,n) { var xl = x&0x7fff, xh = x>>15; while(--n >= 0) { var l = this.data[i]&0x7fff; var h = this.data[i++]>>15; var m = xh*l+h*xl; l = xl*l+((m&0x7fff)<<15)+w.data[j]+(c&0x3fffffff); c = (l>>>30)+(m>>>15)+xh*h+(c>>>30); w.data[j++] = l&0x3fffffff; } return c; } // Alternately, set max digit bits to 28 since some // browsers slow down when dealing with 32-bit numbers. function am3(i,x,w,j,c,n) { var xl = x&0x3fff, xh = x>>14; while(--n >= 0) { var l = this.data[i]&0x3fff; var h = this.data[i++]>>14; var m = xh*l+h*xl; l = xl*l+((m&0x3fff)<<14)+w.data[j]+c; c = (l>>28)+(m>>14)+xh*h; w.data[j++] = l&0xfffffff; } return c; } // node.js (no browser) if(typeof(navigator) === 'undefined') { BigInteger.prototype.am = am3; dbits = 28; } else if(j_lm && (navigator.appName == "Microsoft Internet Explorer")) { BigInteger.prototype.am = am2; dbits = 30; } else if(j_lm && (navigator.appName != "Netscape")) { BigInteger.prototype.am = am1; dbits = 26; } else { // Mozilla/Netscape seems to prefer am3 BigInteger.prototype.am = am3; dbits = 28; } BigInteger.prototype.DB = dbits; BigInteger.prototype.DM = ((1<= 0; --i) r.data[i] = this.data[i]; r.t = this.t; r.s = this.s; } // (protected) set from integer value x, -DV <= x < DV function bnpFromInt(x) { this.t = 1; this.s = (x<0)?-1:0; if(x > 0) this.data[0] = x; else if(x < -1) this.data[0] = x+this.DV; else this.t = 0; } // return bigint initialized to value function nbv(i) { var r = nbi(); r.fromInt(i); return r; } // (protected) set from string and radix function bnpFromString(s,b) { var k; if(b == 16) k = 4; else if(b == 8) k = 3; else if(b == 256) k = 8; // byte array else if(b == 2) k = 1; else if(b == 32) k = 5; else if(b == 4) k = 2; else { this.fromRadix(s,b); return; } this.t = 0; this.s = 0; var i = s.length, mi = false, sh = 0; while(--i >= 0) { var x = (k==8)?s[i]&0xff:intAt(s,i); if(x < 0) { if(s.charAt(i) == "-") mi = true; continue; } mi = false; if(sh == 0) this.data[this.t++] = x; else if(sh+k > this.DB) { this.data[this.t-1] |= (x&((1<<(this.DB-sh))-1))<>(this.DB-sh)); } else this.data[this.t-1] |= x<= this.DB) sh -= this.DB; } if(k == 8 && (s[0]&0x80) != 0) { this.s = -1; if(sh > 0) this.data[this.t-1] |= ((1<<(this.DB-sh))-1)< 0 && this.data[this.t-1] == c) --this.t; } // (public) return string representation in given radix function bnToString(b) { if(this.s < 0) return "-"+this.negate().toString(b); var k; if(b == 16) k = 4; else if(b == 8) k = 3; else if(b == 2) k = 1; else if(b == 32) k = 5; else if(b == 4) k = 2; else return this.toRadix(b); var km = (1< 0) { if(p < this.DB && (d = this.data[i]>>p) > 0) { m = true; r = int2char(d); } while(i >= 0) { if(p < k) { d = (this.data[i]&((1<>(p+=this.DB-k); } else { d = (this.data[i]>>(p-=k))&km; if(p <= 0) { p += this.DB; --i; } } if(d > 0) m = true; if(m) r += int2char(d); } } return m?r:"0"; } // (public) -this function bnNegate() { var r = nbi(); BigInteger.ZERO.subTo(this,r); return r; } // (public) |this| function bnAbs() { return (this.s<0)?this.negate():this; } // (public) return + if this > a, - if this < a, 0 if equal function bnCompareTo(a) { var r = this.s-a.s; if(r != 0) return r; var i = this.t; r = i-a.t; if(r != 0) return (this.s<0)?-r:r; while(--i >= 0) if((r=this.data[i]-a.data[i]) != 0) return r; return 0; } // returns bit length of the integer x function nbits(x) { var r = 1, t; if((t=x>>>16) != 0) { x = t; r += 16; } if((t=x>>8) != 0) { x = t; r += 8; } if((t=x>>4) != 0) { x = t; r += 4; } if((t=x>>2) != 0) { x = t; r += 2; } if((t=x>>1) != 0) { x = t; r += 1; } return r; } // (public) return the number of bits in "this" function bnBitLength() { if(this.t <= 0) return 0; return this.DB*(this.t-1)+nbits(this.data[this.t-1]^(this.s&this.DM)); } // (protected) r = this << n*DB function bnpDLShiftTo(n,r) { var i; for(i = this.t-1; i >= 0; --i) r.data[i+n] = this.data[i]; for(i = n-1; i >= 0; --i) r.data[i] = 0; r.t = this.t+n; r.s = this.s; } // (protected) r = this >> n*DB function bnpDRShiftTo(n,r) { for(var i = n; i < this.t; ++i) r.data[i-n] = this.data[i]; r.t = Math.max(this.t-n,0); r.s = this.s; } // (protected) r = this << n function bnpLShiftTo(n,r) { var bs = n%this.DB; var cbs = this.DB-bs; var bm = (1<= 0; --i) { r.data[i+ds+1] = (this.data[i]>>cbs)|c; c = (this.data[i]&bm)<= 0; --i) r.data[i] = 0; r.data[ds] = c; r.t = this.t+ds+1; r.s = this.s; r.clamp(); } // (protected) r = this >> n function bnpRShiftTo(n,r) { r.s = this.s; var ds = Math.floor(n/this.DB); if(ds >= this.t) { r.t = 0; return; } var bs = n%this.DB; var cbs = this.DB-bs; var bm = (1<>bs; for(var i = ds+1; i < this.t; ++i) { r.data[i-ds-1] |= (this.data[i]&bm)<>bs; } if(bs > 0) r.data[this.t-ds-1] |= (this.s&bm)<>= this.DB; } if(a.t < this.t) { c -= a.s; while(i < this.t) { c += this.data[i]; r.data[i++] = c&this.DM; c >>= this.DB; } c += this.s; } else { c += this.s; while(i < a.t) { c -= a.data[i]; r.data[i++] = c&this.DM; c >>= this.DB; } c -= a.s; } r.s = (c<0)?-1:0; if(c < -1) r.data[i++] = this.DV+c; else if(c > 0) r.data[i++] = c; r.t = i; r.clamp(); } // (protected) r = this * a, r != this,a (HAC 14.12) // "this" should be the larger one if appropriate. function bnpMultiplyTo(a,r) { var x = this.abs(), y = a.abs(); var i = x.t; r.t = i+y.t; while(--i >= 0) r.data[i] = 0; for(i = 0; i < y.t; ++i) r.data[i+x.t] = x.am(0,y.data[i],r,i,0,x.t); r.s = 0; r.clamp(); if(this.s != a.s) BigInteger.ZERO.subTo(r,r); } // (protected) r = this^2, r != this (HAC 14.16) function bnpSquareTo(r) { var x = this.abs(); var i = r.t = 2*x.t; while(--i >= 0) r.data[i] = 0; for(i = 0; i < x.t-1; ++i) { var c = x.am(i,x.data[i],r,2*i,0,1); if((r.data[i+x.t]+=x.am(i+1,2*x.data[i],r,2*i+1,c,x.t-i-1)) >= x.DV) { r.data[i+x.t] -= x.DV; r.data[i+x.t+1] = 1; } } if(r.t > 0) r.data[r.t-1] += x.am(i,x.data[i],r,2*i,0,1); r.s = 0; r.clamp(); } // (protected) divide this by m, quotient and remainder to q, r (HAC 14.20) // r != q, this != m. q or r may be null. function bnpDivRemTo(m,q,r) { var pm = m.abs(); if(pm.t <= 0) return; var pt = this.abs(); if(pt.t < pm.t) { if(q != null) q.fromInt(0); if(r != null) this.copyTo(r); return; } if(r == null) r = nbi(); var y = nbi(), ts = this.s, ms = m.s; var nsh = this.DB-nbits(pm.data[pm.t-1]); // normalize modulus if(nsh > 0) { pm.lShiftTo(nsh,y); pt.lShiftTo(nsh,r); } else { pm.copyTo(y); pt.copyTo(r); } var ys = y.t; var y0 = y.data[ys-1]; if(y0 == 0) return; var yt = y0*(1<1)?y.data[ys-2]>>this.F2:0); var d1 = this.FV/yt, d2 = (1<= 0) { r.data[r.t++] = 1; r.subTo(t,r); } BigInteger.ONE.dlShiftTo(ys,t); t.subTo(y,y); // "negative" y so we can replace sub with am later while(y.t < ys) y.data[y.t++] = 0; while(--j >= 0) { // Estimate quotient digit var qd = (r.data[--i]==y0)?this.DM:Math.floor(r.data[i]*d1+(r.data[i-1]+e)*d2); if((r.data[i]+=y.am(0,qd,r,j,0,ys)) < qd) { // Try it out y.dlShiftTo(j,t); r.subTo(t,r); while(r.data[i] < --qd) r.subTo(t,r); } } if(q != null) { r.drShiftTo(ys,q); if(ts != ms) BigInteger.ZERO.subTo(q,q); } r.t = ys; r.clamp(); if(nsh > 0) r.rShiftTo(nsh,r); // Denormalize remainder if(ts < 0) BigInteger.ZERO.subTo(r,r); } // (public) this mod a function bnMod(a) { var r = nbi(); this.abs().divRemTo(a,null,r); if(this.s < 0 && r.compareTo(BigInteger.ZERO) > 0) a.subTo(r,r); return r; } // Modular reduction using "classic" algorithm function Classic(m) { this.m = m; } function cConvert(x) { if(x.s < 0 || x.compareTo(this.m) >= 0) return x.mod(this.m); else return x; } function cRevert(x) { return x; } function cReduce(x) { x.divRemTo(this.m,null,x); } function cMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } function cSqrTo(x,r) { x.squareTo(r); this.reduce(r); } Classic.prototype.convert = cConvert; Classic.prototype.revert = cRevert; Classic.prototype.reduce = cReduce; Classic.prototype.mulTo = cMulTo; Classic.prototype.sqrTo = cSqrTo; // (protected) return "-1/this % 2^DB"; useful for Mont. reduction // justification: // xy == 1 (mod m) // xy = 1+km // xy(2-xy) = (1+km)(1-km) // x[y(2-xy)] = 1-k^2m^2 // x[y(2-xy)] == 1 (mod m^2) // if y is 1/x mod m, then y(2-xy) is 1/x mod m^2 // should reduce x and y(2-xy) by m^2 at each step to keep size bounded. // JS multiply "overflows" differently from C/C++, so care is needed here. function bnpInvDigit() { if(this.t < 1) return 0; var x = this.data[0]; if((x&1) == 0) return 0; var y = x&3; // y == 1/x mod 2^2 y = (y*(2-(x&0xf)*y))&0xf; // y == 1/x mod 2^4 y = (y*(2-(x&0xff)*y))&0xff; // y == 1/x mod 2^8 y = (y*(2-(((x&0xffff)*y)&0xffff)))&0xffff; // y == 1/x mod 2^16 // last step - calculate inverse mod DV directly; // assumes 16 < DB <= 32 and assumes ability to handle 48-bit ints y = (y*(2-x*y%this.DV))%this.DV; // y == 1/x mod 2^dbits // we really want the negative inverse, and -DV < y < DV return (y>0)?this.DV-y:-y; } // Montgomery reduction function Montgomery(m) { this.m = m; this.mp = m.invDigit(); this.mpl = this.mp&0x7fff; this.mph = this.mp>>15; this.um = (1<<(m.DB-15))-1; this.mt2 = 2*m.t; } // xR mod m function montConvert(x) { var r = nbi(); x.abs().dlShiftTo(this.m.t,r); r.divRemTo(this.m,null,r); if(x.s < 0 && r.compareTo(BigInteger.ZERO) > 0) this.m.subTo(r,r); return r; } // x/R mod m function montRevert(x) { var r = nbi(); x.copyTo(r); this.reduce(r); return r; } // x = x/R mod m (HAC 14.32) function montReduce(x) { while(x.t <= this.mt2) // pad x so am has enough room later x.data[x.t++] = 0; for(var i = 0; i < this.m.t; ++i) { // faster way of calculating u0 = x.data[i]*mp mod DV var j = x.data[i]&0x7fff; var u0 = (j*this.mpl+(((j*this.mph+(x.data[i]>>15)*this.mpl)&this.um)<<15))&x.DM; // use am to combine the multiply-shift-add into one call j = i+this.m.t; x.data[j] += this.m.am(0,u0,x,i,0,this.m.t); // propagate carry while(x.data[j] >= x.DV) { x.data[j] -= x.DV; x.data[++j]++; } } x.clamp(); x.drShiftTo(this.m.t,x); if(x.compareTo(this.m) >= 0) x.subTo(this.m,x); } // r = "x^2/R mod m"; x != r function montSqrTo(x,r) { x.squareTo(r); this.reduce(r); } // r = "xy/R mod m"; x,y != r function montMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } Montgomery.prototype.convert = montConvert; Montgomery.prototype.revert = montRevert; Montgomery.prototype.reduce = montReduce; Montgomery.prototype.mulTo = montMulTo; Montgomery.prototype.sqrTo = montSqrTo; // (protected) true iff this is even function bnpIsEven() { return ((this.t>0)?(this.data[0]&1):this.s) == 0; } // (protected) this^e, e < 2^32, doing sqr and mul with "r" (HAC 14.79) function bnpExp(e,z) { if(e > 0xffffffff || e < 1) return BigInteger.ONE; var r = nbi(), r2 = nbi(), g = z.convert(this), i = nbits(e)-1; g.copyTo(r); while(--i >= 0) { z.sqrTo(r,r2); if((e&(1< 0) z.mulTo(r2,g,r); else { var t = r; r = r2; r2 = t; } } return z.revert(r); } // (public) this^e % m, 0 <= e < 2^32 function bnModPowInt(e,m) { var z; if(e < 256 || m.isEven()) z = new Classic(m); else z = new Montgomery(m); return this.exp(e,z); } // protected BigInteger.prototype.copyTo = bnpCopyTo; BigInteger.prototype.fromInt = bnpFromInt; BigInteger.prototype.fromString = bnpFromString; BigInteger.prototype.clamp = bnpClamp; BigInteger.prototype.dlShiftTo = bnpDLShiftTo; BigInteger.prototype.drShiftTo = bnpDRShiftTo; BigInteger.prototype.lShiftTo = bnpLShiftTo; BigInteger.prototype.rShiftTo = bnpRShiftTo; BigInteger.prototype.subTo = bnpSubTo; BigInteger.prototype.multiplyTo = bnpMultiplyTo; BigInteger.prototype.squareTo = bnpSquareTo; BigInteger.prototype.divRemTo = bnpDivRemTo; BigInteger.prototype.invDigit = bnpInvDigit; BigInteger.prototype.isEven = bnpIsEven; BigInteger.prototype.exp = bnpExp; // public BigInteger.prototype.toString = bnToString; BigInteger.prototype.negate = bnNegate; BigInteger.prototype.abs = bnAbs; BigInteger.prototype.compareTo = bnCompareTo; BigInteger.prototype.bitLength = bnBitLength; BigInteger.prototype.mod = bnMod; BigInteger.prototype.modPowInt = bnModPowInt; // "constants" BigInteger.ZERO = nbv(0); BigInteger.ONE = nbv(1); // jsbn2 lib //Copyright (c) 2005-2009 Tom Wu //All Rights Reserved. //See "LICENSE" for details (See jsbn.js for LICENSE). //Extended JavaScript BN functions, required for RSA private ops. //Version 1.1: new BigInteger("0", 10) returns "proper" zero //(public) function bnClone() { var r = nbi(); this.copyTo(r); return r; } //(public) return value as integer function bnIntValue() { if(this.s < 0) { if(this.t == 1) return this.data[0]-this.DV; else if(this.t == 0) return -1; } else if(this.t == 1) return this.data[0]; else if(this.t == 0) return 0; // assumes 16 < DB < 32 return ((this.data[1]&((1<<(32-this.DB))-1))<>24; } //(public) return value as short (assumes DB>=16) function bnShortValue() { return (this.t==0)?this.s:(this.data[0]<<16)>>16; } //(protected) return x s.t. r^x < DV function bnpChunkSize(r) { return Math.floor(Math.LN2*this.DB/Math.log(r)); } //(public) 0 if this == 0, 1 if this > 0 function bnSigNum() { if(this.s < 0) return -1; else if(this.t <= 0 || (this.t == 1 && this.data[0] <= 0)) return 0; else return 1; } //(protected) convert to radix string function bnpToRadix(b) { if(b == null) b = 10; if(this.signum() == 0 || b < 2 || b > 36) return "0"; var cs = this.chunkSize(b); var a = Math.pow(b,cs); var d = nbv(a), y = nbi(), z = nbi(), r = ""; this.divRemTo(d,y,z); while(y.signum() > 0) { r = (a+z.intValue()).toString(b).substr(1) + r; y.divRemTo(d,y,z); } return z.intValue().toString(b) + r; } //(protected) convert from radix string function bnpFromRadix(s,b) { this.fromInt(0); if(b == null) b = 10; var cs = this.chunkSize(b); var d = Math.pow(b,cs), mi = false, j = 0, w = 0; for(var i = 0; i < s.length; ++i) { var x = intAt(s,i); if(x < 0) { if(s.charAt(i) == "-" && this.signum() == 0) mi = true; continue; } w = b*w+x; if(++j >= cs) { this.dMultiply(d); this.dAddOffset(w,0); j = 0; w = 0; } } if(j > 0) { this.dMultiply(Math.pow(b,j)); this.dAddOffset(w,0); } if(mi) BigInteger.ZERO.subTo(this,this); } //(protected) alternate constructor function bnpFromNumber(a,b,c) { if("number" == typeof b) { // new BigInteger(int,int,RNG) if(a < 2) this.fromInt(1); else { this.fromNumber(a,c); if(!this.testBit(a-1)) // force MSB set this.bitwiseTo(BigInteger.ONE.shiftLeft(a-1),op_or,this); if(this.isEven()) this.dAddOffset(1,0); // force odd while(!this.isProbablePrime(b)) { this.dAddOffset(2,0); if(this.bitLength() > a) this.subTo(BigInteger.ONE.shiftLeft(a-1),this); } } } else { // new BigInteger(int,RNG) var x = new Array(), t = a&7; x.length = (a>>3)+1; b.nextBytes(x); if(t > 0) x[0] &= ((1< 0) { if(p < this.DB && (d = this.data[i]>>p) != (this.s&this.DM)>>p) r[k++] = d|(this.s<<(this.DB-p)); while(i >= 0) { if(p < 8) { d = (this.data[i]&((1<>(p+=this.DB-8); } else { d = (this.data[i]>>(p-=8))&0xff; if(p <= 0) { p += this.DB; --i; } } if((d&0x80) != 0) d |= -256; if(k == 0 && (this.s&0x80) != (d&0x80)) ++k; if(k > 0 || d != this.s) r[k++] = d; } } return r; } function bnEquals(a) { return(this.compareTo(a)==0); } function bnMin(a) { return(this.compareTo(a)<0)?this:a; } function bnMax(a) { return(this.compareTo(a)>0)?this:a; } //(protected) r = this op a (bitwise) function bnpBitwiseTo(a,op,r) { var i, f, m = Math.min(a.t,this.t); for(i = 0; i < m; ++i) r.data[i] = op(this.data[i],a.data[i]); if(a.t < this.t) { f = a.s&this.DM; for(i = m; i < this.t; ++i) r.data[i] = op(this.data[i],f); r.t = this.t; } else { f = this.s&this.DM; for(i = m; i < a.t; ++i) r.data[i] = op(f,a.data[i]); r.t = a.t; } r.s = op(this.s,a.s); r.clamp(); } //(public) this & a function op_and(x,y) { return x&y; } function bnAnd(a) { var r = nbi(); this.bitwiseTo(a,op_and,r); return r; } //(public) this | a function op_or(x,y) { return x|y; } function bnOr(a) { var r = nbi(); this.bitwiseTo(a,op_or,r); return r; } //(public) this ^ a function op_xor(x,y) { return x^y; } function bnXor(a) { var r = nbi(); this.bitwiseTo(a,op_xor,r); return r; } //(public) this & ~a function op_andnot(x,y) { return x&~y; } function bnAndNot(a) { var r = nbi(); this.bitwiseTo(a,op_andnot,r); return r; } //(public) ~this function bnNot() { var r = nbi(); for(var i = 0; i < this.t; ++i) r.data[i] = this.DM&~this.data[i]; r.t = this.t; r.s = ~this.s; return r; } //(public) this << n function bnShiftLeft(n) { var r = nbi(); if(n < 0) this.rShiftTo(-n,r); else this.lShiftTo(n,r); return r; } //(public) this >> n function bnShiftRight(n) { var r = nbi(); if(n < 0) this.lShiftTo(-n,r); else this.rShiftTo(n,r); return r; } //return index of lowest 1-bit in x, x < 2^31 function lbit(x) { if(x == 0) return -1; var r = 0; if((x&0xffff) == 0) { x >>= 16; r += 16; } if((x&0xff) == 0) { x >>= 8; r += 8; } if((x&0xf) == 0) { x >>= 4; r += 4; } if((x&3) == 0) { x >>= 2; r += 2; } if((x&1) == 0) ++r; return r; } //(public) returns index of lowest 1-bit (or -1 if none) function bnGetLowestSetBit() { for(var i = 0; i < this.t; ++i) if(this.data[i] != 0) return i*this.DB+lbit(this.data[i]); if(this.s < 0) return this.t*this.DB; return -1; } //return number of 1 bits in x function cbit(x) { var r = 0; while(x != 0) { x &= x-1; ++r; } return r; } //(public) return number of set bits function bnBitCount() { var r = 0, x = this.s&this.DM; for(var i = 0; i < this.t; ++i) r += cbit(this.data[i]^x); return r; } //(public) true iff nth bit is set function bnTestBit(n) { var j = Math.floor(n/this.DB); if(j >= this.t) return(this.s!=0); return((this.data[j]&(1<<(n%this.DB)))!=0); } //(protected) this op (1<>= this.DB; } if(a.t < this.t) { c += a.s; while(i < this.t) { c += this.data[i]; r.data[i++] = c&this.DM; c >>= this.DB; } c += this.s; } else { c += this.s; while(i < a.t) { c += a.data[i]; r.data[i++] = c&this.DM; c >>= this.DB; } c += a.s; } r.s = (c<0)?-1:0; if(c > 0) r.data[i++] = c; else if(c < -1) r.data[i++] = this.DV+c; r.t = i; r.clamp(); } //(public) this + a function bnAdd(a) { var r = nbi(); this.addTo(a,r); return r; } //(public) this - a function bnSubtract(a) { var r = nbi(); this.subTo(a,r); return r; } //(public) this * a function bnMultiply(a) { var r = nbi(); this.multiplyTo(a,r); return r; } //(public) this / a function bnDivide(a) { var r = nbi(); this.divRemTo(a,r,null); return r; } //(public) this % a function bnRemainder(a) { var r = nbi(); this.divRemTo(a,null,r); return r; } //(public) [this/a,this%a] function bnDivideAndRemainder(a) { var q = nbi(), r = nbi(); this.divRemTo(a,q,r); return new Array(q,r); } //(protected) this *= n, this >= 0, 1 < n < DV function bnpDMultiply(n) { this.data[this.t] = this.am(0,n-1,this,0,0,this.t); ++this.t; this.clamp(); } //(protected) this += n << w words, this >= 0 function bnpDAddOffset(n,w) { if(n == 0) return; while(this.t <= w) this.data[this.t++] = 0; this.data[w] += n; while(this.data[w] >= this.DV) { this.data[w] -= this.DV; if(++w >= this.t) this.data[this.t++] = 0; ++this.data[w]; } } //A "null" reducer function NullExp() {} function nNop(x) { return x; } function nMulTo(x,y,r) { x.multiplyTo(y,r); } function nSqrTo(x,r) { x.squareTo(r); } NullExp.prototype.convert = nNop; NullExp.prototype.revert = nNop; NullExp.prototype.mulTo = nMulTo; NullExp.prototype.sqrTo = nSqrTo; //(public) this^e function bnPow(e) { return this.exp(e,new NullExp()); } //(protected) r = lower n words of "this * a", a.t <= n //"this" should be the larger one if appropriate. function bnpMultiplyLowerTo(a,n,r) { var i = Math.min(this.t+a.t,n); r.s = 0; // assumes a,this >= 0 r.t = i; while(i > 0) r.data[--i] = 0; var j; for(j = r.t-this.t; i < j; ++i) r.data[i+this.t] = this.am(0,a.data[i],r,i,0,this.t); for(j = Math.min(a.t,n); i < j; ++i) this.am(0,a.data[i],r,i,0,n-i); r.clamp(); } //(protected) r = "this * a" without lower n words, n > 0 //"this" should be the larger one if appropriate. function bnpMultiplyUpperTo(a,n,r) { --n; var i = r.t = this.t+a.t-n; r.s = 0; // assumes a,this >= 0 while(--i >= 0) r.data[i] = 0; for(i = Math.max(n-this.t,0); i < a.t; ++i) r.data[this.t+i-n] = this.am(n-i,a.data[i],r,0,0,this.t+i-n); r.clamp(); r.drShiftTo(1,r); } //Barrett modular reduction function Barrett(m) { // setup Barrett this.r2 = nbi(); this.q3 = nbi(); BigInteger.ONE.dlShiftTo(2*m.t,this.r2); this.mu = this.r2.divide(m); this.m = m; } function barrettConvert(x) { if(x.s < 0 || x.t > 2*this.m.t) return x.mod(this.m); else if(x.compareTo(this.m) < 0) return x; else { var r = nbi(); x.copyTo(r); this.reduce(r); return r; } } function barrettRevert(x) { return x; } //x = x mod m (HAC 14.42) function barrettReduce(x) { x.drShiftTo(this.m.t-1,this.r2); if(x.t > this.m.t+1) { x.t = this.m.t+1; x.clamp(); } this.mu.multiplyUpperTo(this.r2,this.m.t+1,this.q3); this.m.multiplyLowerTo(this.q3,this.m.t+1,this.r2); while(x.compareTo(this.r2) < 0) x.dAddOffset(1,this.m.t+1); x.subTo(this.r2,x); while(x.compareTo(this.m) >= 0) x.subTo(this.m,x); } //r = x^2 mod m; x != r function barrettSqrTo(x,r) { x.squareTo(r); this.reduce(r); } //r = x*y mod m; x,y != r function barrettMulTo(x,y,r) { x.multiplyTo(y,r); this.reduce(r); } Barrett.prototype.convert = barrettConvert; Barrett.prototype.revert = barrettRevert; Barrett.prototype.reduce = barrettReduce; Barrett.prototype.mulTo = barrettMulTo; Barrett.prototype.sqrTo = barrettSqrTo; //(public) this^e % m (HAC 14.85) function bnModPow(e,m) { var i = e.bitLength(), k, r = nbv(1), z; if(i <= 0) return r; else if(i < 18) k = 1; else if(i < 48) k = 3; else if(i < 144) k = 4; else if(i < 768) k = 5; else k = 6; if(i < 8) z = new Classic(m); else if(m.isEven()) z = new Barrett(m); else z = new Montgomery(m); // precomputation var g = new Array(), n = 3, k1 = k-1, km = (1< 1) { var g2 = nbi(); z.sqrTo(g[1],g2); while(n <= km) { g[n] = nbi(); z.mulTo(g2,g[n-2],g[n]); n += 2; } } var j = e.t-1, w, is1 = true, r2 = nbi(), t; i = nbits(e.data[j])-1; while(j >= 0) { if(i >= k1) w = (e.data[j]>>(i-k1))&km; else { w = (e.data[j]&((1<<(i+1))-1))<<(k1-i); if(j > 0) w |= e.data[j-1]>>(this.DB+i-k1); } n = k; while((w&1) == 0) { w >>= 1; --n; } if((i -= n) < 0) { i += this.DB; --j; } if(is1) { // ret == 1, don't bother squaring or multiplying it g[w].copyTo(r); is1 = false; } else { while(n > 1) { z.sqrTo(r,r2); z.sqrTo(r2,r); n -= 2; } if(n > 0) z.sqrTo(r,r2); else { t = r; r = r2; r2 = t; } z.mulTo(r2,g[w],r); } while(j >= 0 && (e.data[j]&(1< 0) { x.rShiftTo(g,x); y.rShiftTo(g,y); } while(x.signum() > 0) { if((i = x.getLowestSetBit()) > 0) x.rShiftTo(i,x); if((i = y.getLowestSetBit()) > 0) y.rShiftTo(i,y); if(x.compareTo(y) >= 0) { x.subTo(y,x); x.rShiftTo(1,x); } else { y.subTo(x,y); y.rShiftTo(1,y); } } if(g > 0) y.lShiftTo(g,y); return y; } //(protected) this % n, n < 2^26 function bnpModInt(n) { if(n <= 0) return 0; var d = this.DV%n, r = (this.s<0)?n-1:0; if(this.t > 0) if(d == 0) r = this.data[0]%n; else for(var i = this.t-1; i >= 0; --i) r = (d*r+this.data[i])%n; return r; } //(public) 1/this % m (HAC 14.61) function bnModInverse(m) { var ac = m.isEven(); if((this.isEven() && ac) || m.signum() == 0) return BigInteger.ZERO; var u = m.clone(), v = this.clone(); var a = nbv(1), b = nbv(0), c = nbv(0), d = nbv(1); while(u.signum() != 0) { while(u.isEven()) { u.rShiftTo(1,u); if(ac) { if(!a.isEven() || !b.isEven()) { a.addTo(this,a); b.subTo(m,b); } a.rShiftTo(1,a); } else if(!b.isEven()) b.subTo(m,b); b.rShiftTo(1,b); } while(v.isEven()) { v.rShiftTo(1,v); if(ac) { if(!c.isEven() || !d.isEven()) { c.addTo(this,c); d.subTo(m,d); } c.rShiftTo(1,c); } else if(!d.isEven()) d.subTo(m,d); d.rShiftTo(1,d); } if(u.compareTo(v) >= 0) { u.subTo(v,u); if(ac) a.subTo(c,a); b.subTo(d,b); } else { v.subTo(u,v); if(ac) c.subTo(a,c); d.subTo(b,d); } } if(v.compareTo(BigInteger.ONE) != 0) return BigInteger.ZERO; if(d.compareTo(m) >= 0) return d.subtract(m); if(d.signum() < 0) d.addTo(m,d); else return d; if(d.signum() < 0) return d.add(m); else return d; } var lowprimes = [2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97,101,103,107,109,113,127,131,137,139,149,151,157,163,167,173,179,181,191,193,197,199,211,223,227,229,233,239,241,251,257,263,269,271,277,281,283,293,307,311,313,317,331,337,347,349,353,359,367,373,379,383,389,397,401,409,419,421,431,433,439,443,449,457,461,463,467,479,487,491,499,503,509]; var lplim = (1<<26)/lowprimes[lowprimes.length-1]; //(public) test primality with certainty >= 1-.5^t function bnIsProbablePrime(t) { var i, x = this.abs(); if(x.t == 1 && x.data[0] <= lowprimes[lowprimes.length-1]) { for(i = 0; i < lowprimes.length; ++i) if(x.data[0] == lowprimes[i]) return true; return false; } if(x.isEven()) return false; i = 1; while(i < lowprimes.length) { var m = lowprimes[i], j = i+1; while(j < lowprimes.length && m < lplim) m *= lowprimes[j++]; m = x.modInt(m); while(i < j) if(m%lowprimes[i++] == 0) return false; } return x.millerRabin(t); } //(protected) true if probably prime (HAC 4.24, Miller-Rabin) function bnpMillerRabin(t) { var n1 = this.subtract(BigInteger.ONE); var k = n1.getLowestSetBit(); if(k <= 0) return false; var r = n1.shiftRight(k); var prng = bnGetPrng(); var a; for(var i = 0; i < t; ++i) { // select witness 'a' at random from between 1 and n1 do { a = new BigInteger(this.bitLength(), prng); } while(a.compareTo(BigInteger.ONE) <= 0 || a.compareTo(n1) >= 0); var y = a.modPow(r,this); if(y.compareTo(BigInteger.ONE) != 0 && y.compareTo(n1) != 0) { var j = 1; while(j++ < k && y.compareTo(n1) != 0) { y = y.modPowInt(2,this); if(y.compareTo(BigInteger.ONE) == 0) return false; } if(y.compareTo(n1) != 0) return false; } } return true; } // get pseudo random number generator function bnGetPrng() { // create prng with api that matches BigInteger secure random return { // x is an array to fill with bytes nextBytes: function(x) { for(var i = 0; i < x.length; ++i) { x[i] = Math.floor(Math.random() * 0x0100); } } }; } //protected BigInteger.prototype.chunkSize = bnpChunkSize; BigInteger.prototype.toRadix = bnpToRadix; BigInteger.prototype.fromRadix = bnpFromRadix; BigInteger.prototype.fromNumber = bnpFromNumber; BigInteger.prototype.bitwiseTo = bnpBitwiseTo; BigInteger.prototype.changeBit = bnpChangeBit; BigInteger.prototype.addTo = bnpAddTo; BigInteger.prototype.dMultiply = bnpDMultiply; BigInteger.prototype.dAddOffset = bnpDAddOffset; BigInteger.prototype.multiplyLowerTo = bnpMultiplyLowerTo; BigInteger.prototype.multiplyUpperTo = bnpMultiplyUpperTo; BigInteger.prototype.modInt = bnpModInt; BigInteger.prototype.millerRabin = bnpMillerRabin; //public BigInteger.prototype.clone = bnClone; BigInteger.prototype.intValue = bnIntValue; BigInteger.prototype.byteValue = bnByteValue; BigInteger.prototype.shortValue = bnShortValue; BigInteger.prototype.signum = bnSigNum; BigInteger.prototype.toByteArray = bnToByteArray; BigInteger.prototype.equals = bnEquals; BigInteger.prototype.min = bnMin; BigInteger.prototype.max = bnMax; BigInteger.prototype.and = bnAnd; BigInteger.prototype.or = bnOr; BigInteger.prototype.xor = bnXor; BigInteger.prototype.andNot = bnAndNot; BigInteger.prototype.not = bnNot; BigInteger.prototype.shiftLeft = bnShiftLeft; BigInteger.prototype.shiftRight = bnShiftRight; BigInteger.prototype.getLowestSetBit = bnGetLowestSetBit; BigInteger.prototype.bitCount = bnBitCount; BigInteger.prototype.testBit = bnTestBit; BigInteger.prototype.setBit = bnSetBit; BigInteger.prototype.clearBit = bnClearBit; BigInteger.prototype.flipBit = bnFlipBit; BigInteger.prototype.add = bnAdd; BigInteger.prototype.subtract = bnSubtract; BigInteger.prototype.multiply = bnMultiply; BigInteger.prototype.divide = bnDivide; BigInteger.prototype.remainder = bnRemainder; BigInteger.prototype.divideAndRemainder = bnDivideAndRemainder; BigInteger.prototype.modPow = bnModPow; BigInteger.prototype.modInverse = bnModInverse; BigInteger.prototype.pow = bnPow; BigInteger.prototype.gcd = bnGCD; BigInteger.prototype.isProbablePrime = bnIsProbablePrime; //BigInteger interfaces not implemented in jsbn: //BigInteger(int signum, byte[] magnitude) //double doubleValue() //float floatValue() //int hashCode() //long longValue() //static BigInteger valueOf(long val) /***/ }), /***/ 5173: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Javascript implementation of RSA-KEM. * * @author Lautaro Cozzani Rodriguez * @author Dave Longley * * Copyright (c) 2014 Lautaro Cozzani * Copyright (c) 2014 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(8339); __nccwpck_require__(7821); __nccwpck_require__(7052); module.exports = forge.kem = forge.kem || {}; var BigInteger = forge.jsbn.BigInteger; /** * The API for the RSA Key Encapsulation Mechanism (RSA-KEM) from ISO 18033-2. */ forge.kem.rsa = {}; /** * Creates an RSA KEM API object for generating a secret asymmetric key. * * The symmetric key may be generated via a call to 'encrypt', which will * produce a ciphertext to be transmitted to the recipient and a key to be * kept secret. The ciphertext is a parameter to be passed to 'decrypt' which * will produce the same secret key for the recipient to use to decrypt a * message that was encrypted with the secret key. * * @param kdf the KDF API to use (eg: new forge.kem.kdf1()). * @param options the options to use. * [prng] a custom crypto-secure pseudo-random number generator to use, * that must define "getBytesSync". */ forge.kem.rsa.create = function(kdf, options) { options = options || {}; var prng = options.prng || forge.random; var kem = {}; /** * Generates a secret key and its encapsulation. * * @param publicKey the RSA public key to encrypt with. * @param keyLength the length, in bytes, of the secret key to generate. * * @return an object with: * encapsulation: the ciphertext for generating the secret key, as a * binary-encoded string of bytes. * key: the secret key to use for encrypting a message. */ kem.encrypt = function(publicKey, keyLength) { // generate a random r where 1 < r < n var byteLength = Math.ceil(publicKey.n.bitLength() / 8); var r; do { r = new BigInteger( forge.util.bytesToHex(prng.getBytesSync(byteLength)), 16).mod(publicKey.n); } while(r.compareTo(BigInteger.ONE) <= 0); // prepend r with zeros r = forge.util.hexToBytes(r.toString(16)); var zeros = byteLength - r.length; if(zeros > 0) { r = forge.util.fillString(String.fromCharCode(0), zeros) + r; } // encrypt the random var encapsulation = publicKey.encrypt(r, 'NONE'); // generate the secret key var key = kdf.generate(r, keyLength); return {encapsulation: encapsulation, key: key}; }; /** * Decrypts an encapsulated secret key. * * @param privateKey the RSA private key to decrypt with. * @param encapsulation the ciphertext for generating the secret key, as * a binary-encoded string of bytes. * @param keyLength the length, in bytes, of the secret key to generate. * * @return the secret key as a binary-encoded string of bytes. */ kem.decrypt = function(privateKey, encapsulation, keyLength) { // decrypt the encapsulation and generate the secret key var r = privateKey.decrypt(encapsulation, 'NONE'); return kdf.generate(r, keyLength); }; return kem; }; // TODO: add forge.kem.kdf.create('KDF1', {md: ..., ...}) API? /** * Creates a key derivation API object that implements KDF1 per ISO 18033-2. * * @param md the hash API to use. * @param [digestLength] an optional digest length that must be positive and * less than or equal to md.digestLength. * * @return a KDF1 API object. */ forge.kem.kdf1 = function(md, digestLength) { _createKDF(this, md, 0, digestLength || md.digestLength); }; /** * Creates a key derivation API object that implements KDF2 per ISO 18033-2. * * @param md the hash API to use. * @param [digestLength] an optional digest length that must be positive and * less than or equal to md.digestLength. * * @return a KDF2 API object. */ forge.kem.kdf2 = function(md, digestLength) { _createKDF(this, md, 1, digestLength || md.digestLength); }; /** * Creates a KDF1 or KDF2 API object. * * @param md the hash API to use. * @param counterStart the starting index for the counter. * @param digestLength the digest length to use. * * @return the KDF API object. */ function _createKDF(kdf, md, counterStart, digestLength) { /** * Generate a key of the specified length. * * @param x the binary-encoded byte string to generate a key from. * @param length the number of bytes to generate (the size of the key). * * @return the key as a binary-encoded string. */ kdf.generate = function(x, length) { var key = new forge.util.ByteBuffer(); // run counter from counterStart to ceil(length / Hash.len) var k = Math.ceil(length / digestLength) + counterStart; var c = new forge.util.ByteBuffer(); for(var i = counterStart; i < k; ++i) { // I2OSP(i, 4): convert counter to an octet string of 4 octets c.putInt32(i); // digest 'x' and the counter and add the result to the key md.start(); md.update(x + c.getBytes()); var hash = md.digest(); key.putBytes(hash.getBytes(digestLength)); } // truncate to the correct key length key.truncate(key.length() - length); return key.getBytes(); }; } /***/ }), /***/ 9994: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Cross-browser support for logging in a web application. * * @author David I. Lehn * * Copyright (c) 2008-2013 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(8339); /* LOG API */ module.exports = forge.log = forge.log || {}; /** * Application logging system. * * Each logger level available as it's own function of the form: * forge.log.level(category, args...) * The category is an arbitrary string, and the args are the same as * Firebug's console.log API. By default the call will be output as: * 'LEVEL [category] , args[1], ...' * This enables proper % formatting via the first argument. * Each category is enabled by default but can be enabled or disabled with * the setCategoryEnabled() function. */ // list of known levels forge.log.levels = [ 'none', 'error', 'warning', 'info', 'debug', 'verbose', 'max']; // info on the levels indexed by name: // index: level index // name: uppercased display name var sLevelInfo = {}; // list of loggers var sLoggers = []; /** * Standard console logger. If no console support is enabled this will * remain null. Check before using. */ var sConsoleLogger = null; // logger flags /** * Lock the level at the current value. Used in cases where user config may * set the level such that only critical messages are seen but more verbose * messages are needed for debugging or other purposes. */ forge.log.LEVEL_LOCKED = (1 << 1); /** * Always call log function. By default, the logging system will check the * message level against logger.level before calling the log function. This * flag allows the function to do its own check. */ forge.log.NO_LEVEL_CHECK = (1 << 2); /** * Perform message interpolation with the passed arguments. "%" style * fields in log messages will be replaced by arguments as needed. Some * loggers, such as Firebug, may do this automatically. The original log * message will be available as 'message' and the interpolated version will * be available as 'fullMessage'. */ forge.log.INTERPOLATE = (1 << 3); // setup each log level for(var i = 0; i < forge.log.levels.length; ++i) { var level = forge.log.levels[i]; sLevelInfo[level] = { index: i, name: level.toUpperCase() }; } /** * Message logger. Will dispatch a message to registered loggers as needed. * * @param message message object */ forge.log.logMessage = function(message) { var messageLevelIndex = sLevelInfo[message.level].index; for(var i = 0; i < sLoggers.length; ++i) { var logger = sLoggers[i]; if(logger.flags & forge.log.NO_LEVEL_CHECK) { logger.f(message); } else { // get logger level var loggerLevelIndex = sLevelInfo[logger.level].index; // check level if(messageLevelIndex <= loggerLevelIndex) { // message critical enough, call logger logger.f(logger, message); } } } }; /** * Sets the 'standard' key on a message object to: * "LEVEL [category] " + message * * @param message a message log object */ forge.log.prepareStandard = function(message) { if(!('standard' in message)) { message.standard = sLevelInfo[message.level].name + //' ' + +message.timestamp + ' [' + message.category + '] ' + message.message; } }; /** * Sets the 'full' key on a message object to the original message * interpolated via % formatting with the message arguments. * * @param message a message log object. */ forge.log.prepareFull = function(message) { if(!('full' in message)) { // copy args and insert message at the front var args = [message.message]; args = args.concat([] || 0); // format the message message.full = forge.util.format.apply(this, args); } }; /** * Applies both preparseStandard() and prepareFull() to a message object and * store result in 'standardFull'. * * @param message a message log object. */ forge.log.prepareStandardFull = function(message) { if(!('standardFull' in message)) { // FIXME implement 'standardFull' logging forge.log.prepareStandard(message); message.standardFull = message.standard; } }; // create log level functions if(true) { // levels for which we want functions var levels = ['error', 'warning', 'info', 'debug', 'verbose']; for(var i = 0; i < levels.length; ++i) { // wrap in a function to ensure proper level var is passed (function(level) { // create function for this level forge.log[level] = function(category, message/*, args...*/) { // convert arguments to real array, remove category and message var args = Array.prototype.slice.call(arguments).slice(2); // create message object // Note: interpolation and standard formatting is done lazily var msg = { timestamp: new Date(), level: level, category: category, message: message, 'arguments': args /*standard*/ /*full*/ /*fullMessage*/ }; // process this message forge.log.logMessage(msg); }; })(levels[i]); } } /** * Creates a new logger with specified custom logging function. * * The logging function has a signature of: * function(logger, message) * logger: current logger * message: object: * level: level id * category: category * message: string message * arguments: Array of extra arguments * fullMessage: interpolated message and arguments if INTERPOLATE flag set * * @param logFunction a logging function which takes a log message object * as a parameter. * * @return a logger object. */ forge.log.makeLogger = function(logFunction) { var logger = { flags: 0, f: logFunction }; forge.log.setLevel(logger, 'none'); return logger; }; /** * Sets the current log level on a logger. * * @param logger the target logger. * @param level the new maximum log level as a string. * * @return true if set, false if not. */ forge.log.setLevel = function(logger, level) { var rval = false; if(logger && !(logger.flags & forge.log.LEVEL_LOCKED)) { for(var i = 0; i < forge.log.levels.length; ++i) { var aValidLevel = forge.log.levels[i]; if(level == aValidLevel) { // set level logger.level = level; rval = true; break; } } } return rval; }; /** * Locks the log level at its current value. * * @param logger the target logger. * @param lock boolean lock value, default to true. */ forge.log.lock = function(logger, lock) { if(typeof lock === 'undefined' || lock) { logger.flags |= forge.log.LEVEL_LOCKED; } else { logger.flags &= ~forge.log.LEVEL_LOCKED; } }; /** * Adds a logger. * * @param logger the logger object. */ forge.log.addLogger = function(logger) { sLoggers.push(logger); }; // setup the console logger if possible, else create fake console.log if(typeof(console) !== 'undefined' && 'log' in console) { var logger; if(console.error && console.warn && console.info && console.debug) { // looks like Firebug-style logging is available // level handlers map var levelHandlers = { error: console.error, warning: console.warn, info: console.info, debug: console.debug, verbose: console.debug }; var f = function(logger, message) { forge.log.prepareStandard(message); var handler = levelHandlers[message.level]; // prepend standard message and concat args var args = [message.standard]; args = args.concat(message['arguments'].slice()); // apply to low-level console function handler.apply(console, args); }; logger = forge.log.makeLogger(f); } else { // only appear to have basic console.log var f = function(logger, message) { forge.log.prepareStandardFull(message); console.log(message.standardFull); }; logger = forge.log.makeLogger(f); } forge.log.setLevel(logger, 'debug'); forge.log.addLogger(logger); sConsoleLogger = logger; } else { // define fake console.log to avoid potential script errors on // browsers that do not have console logging console = { log: function() {} }; } /* * Check for logging control query vars in current URL. * * console.level= * Set's the console log level by name. Useful to override defaults and * allow more verbose logging before a user config is loaded. * * console.lock= * Lock the console log level at whatever level it is set at. This is run * after console.level is processed. Useful to force a level of verbosity * that could otherwise be limited by a user config. */ if(sConsoleLogger !== null && typeof window !== 'undefined' && window.location ) { var query = new URL(window.location.href).searchParams; if(query.has('console.level')) { // set with last value forge.log.setLevel( sConsoleLogger, query.get('console.level').slice(-1)[0]); } if(query.has('console.lock')) { // set with last value var lock = query.get('console.lock').slice(-1)[0]; if(lock == 'true') { forge.log.lock(sConsoleLogger); } } } // provide public access to console logger forge.log.consoleLogger = sConsoleLogger; /***/ }), /***/ 1145: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Node.js module for all known Forge message digests. * * @author Dave Longley * * Copyright 2011-2017 Digital Bazaar, Inc. */ module.exports = __nccwpck_require__(6231); __nccwpck_require__(6594); __nccwpck_require__(279); __nccwpck_require__(4086); __nccwpck_require__(9542); /***/ }), /***/ 6231: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Node.js module for Forge message digests. * * @author Dave Longley * * Copyright 2011-2017 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); module.exports = forge.md = forge.md || {}; forge.md.algorithms = forge.md.algorithms || {}; /***/ }), /***/ 6594: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Message Digest Algorithm 5 with 128-bit digest (MD5) implementation. * * @author Dave Longley * * Copyright (c) 2010-2014 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(6231); __nccwpck_require__(8339); var md5 = module.exports = forge.md5 = forge.md5 || {}; forge.md.md5 = forge.md.algorithms.md5 = md5; /** * Creates an MD5 message digest object. * * @return a message digest object. */ md5.create = function() { // do initialization as necessary if(!_initialized) { _init(); } // MD5 state contains four 32-bit integers var _state = null; // input buffer var _input = forge.util.createBuffer(); // used for word storage var _w = new Array(16); // message digest object var md = { algorithm: 'md5', blockLength: 64, digestLength: 16, // 56-bit length of message so far (does not including padding) messageLength: 0, // true message length fullMessageLength: null, // size of message length in bytes messageLengthSize: 8 }; /** * Starts the digest. * * @return this digest object. */ md.start = function() { // up to 56-bit message length for convenience md.messageLength = 0; // full message length (set md.messageLength64 for backwards-compatibility) md.fullMessageLength = md.messageLength64 = []; var int32s = md.messageLengthSize / 4; for(var i = 0; i < int32s; ++i) { md.fullMessageLength.push(0); } _input = forge.util.createBuffer(); _state = { h0: 0x67452301, h1: 0xEFCDAB89, h2: 0x98BADCFE, h3: 0x10325476 }; return md; }; // start digest automatically for first time md.start(); /** * Updates the digest with the given message input. The given input can * treated as raw input (no encoding will be applied) or an encoding of * 'utf8' maybe given to encode the input using UTF-8. * * @param msg the message input to update with. * @param encoding the encoding to use (default: 'raw', other: 'utf8'). * * @return this digest object. */ md.update = function(msg, encoding) { if(encoding === 'utf8') { msg = forge.util.encodeUtf8(msg); } // update message length var len = msg.length; md.messageLength += len; len = [(len / 0x100000000) >>> 0, len >>> 0]; for(var i = md.fullMessageLength.length - 1; i >= 0; --i) { md.fullMessageLength[i] += len[1]; len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0); md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; len[0] = (len[1] / 0x100000000) >>> 0; } // add bytes to input buffer _input.putBytes(msg); // process bytes _update(_state, _w, _input); // compact input buffer every 2K or if empty if(_input.read > 2048 || _input.length() === 0) { _input.compact(); } return md; }; /** * Produces the digest. * * @return a byte buffer containing the digest value. */ md.digest = function() { /* Note: Here we copy the remaining bytes in the input buffer and add the appropriate MD5 padding. Then we do the final update on a copy of the state so that if the user wants to get intermediate digests they can do so. */ /* Determine the number of bytes that must be added to the message to ensure its length is congruent to 448 mod 512. In other words, the data to be digested must be a multiple of 512 bits (or 128 bytes). This data includes the message, some padding, and the length of the message. Since the length of the message will be encoded as 8 bytes (64 bits), that means that the last segment of the data must have 56 bytes (448 bits) of message and padding. Therefore, the length of the message plus the padding must be congruent to 448 mod 512 because 512 - 128 = 448. In order to fill up the message length it must be filled with padding that begins with 1 bit followed by all 0 bits. Padding must *always* be present, so if the message length is already congruent to 448 mod 512, then 512 padding bits must be added. */ var finalBlock = forge.util.createBuffer(); finalBlock.putBytes(_input.bytes()); // compute remaining size to be digested (include message length size) var remaining = ( md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize); // add padding for overflow blockSize - overflow // _padding starts with 1 byte with first bit is set (byte value 128), then // there may be up to (blockSize - 1) other pad bytes var overflow = remaining & (md.blockLength - 1); finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); // serialize message length in bits in little-endian order; since length // is stored in bytes we multiply by 8 and add carry var bits, carry = 0; for(var i = md.fullMessageLength.length - 1; i >= 0; --i) { bits = md.fullMessageLength[i] * 8 + carry; carry = (bits / 0x100000000) >>> 0; finalBlock.putInt32Le(bits >>> 0); } var s2 = { h0: _state.h0, h1: _state.h1, h2: _state.h2, h3: _state.h3 }; _update(s2, _w, finalBlock); var rval = forge.util.createBuffer(); rval.putInt32Le(s2.h0); rval.putInt32Le(s2.h1); rval.putInt32Le(s2.h2); rval.putInt32Le(s2.h3); return rval; }; return md; }; // padding, constant tables for calculating md5 var _padding = null; var _g = null; var _r = null; var _k = null; var _initialized = false; /** * Initializes the constant tables. */ function _init() { // create padding _padding = String.fromCharCode(128); _padding += forge.util.fillString(String.fromCharCode(0x00), 64); // g values _g = [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9]; // rounds table _r = [ 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 7, 12, 17, 22, 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20, 5, 9, 14, 20, 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23, 4, 11, 16, 23, 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21, 6, 10, 15, 21]; // get the result of abs(sin(i + 1)) as a 32-bit integer _k = new Array(64); for(var i = 0; i < 64; ++i) { _k[i] = Math.floor(Math.abs(Math.sin(i + 1)) * 0x100000000); } // now initialized _initialized = true; } /** * Updates an MD5 state with the given byte buffer. * * @param s the MD5 state to update. * @param w the array to use to store words. * @param bytes the byte buffer to update with. */ function _update(s, w, bytes) { // consume 512 bit (64 byte) chunks var t, a, b, c, d, f, r, i; var len = bytes.length(); while(len >= 64) { // initialize hash value for this chunk a = s.h0; b = s.h1; c = s.h2; d = s.h3; // round 1 for(i = 0; i < 16; ++i) { w[i] = bytes.getInt32Le(); f = d ^ (b & (c ^ d)); t = (a + f + _k[i] + w[i]); r = _r[i]; a = d; d = c; c = b; b += (t << r) | (t >>> (32 - r)); } // round 2 for(; i < 32; ++i) { f = c ^ (d & (b ^ c)); t = (a + f + _k[i] + w[_g[i]]); r = _r[i]; a = d; d = c; c = b; b += (t << r) | (t >>> (32 - r)); } // round 3 for(; i < 48; ++i) { f = b ^ c ^ d; t = (a + f + _k[i] + w[_g[i]]); r = _r[i]; a = d; d = c; c = b; b += (t << r) | (t >>> (32 - r)); } // round 4 for(; i < 64; ++i) { f = c ^ (b | ~d); t = (a + f + _k[i] + w[_g[i]]); r = _r[i]; a = d; d = c; c = b; b += (t << r) | (t >>> (32 - r)); } // update hash state s.h0 = (s.h0 + a) | 0; s.h1 = (s.h1 + b) | 0; s.h2 = (s.h2 + c) | 0; s.h3 = (s.h3 + d) | 0; len -= 64; } } /***/ }), /***/ 7973: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Node.js module for Forge mask generation functions. * * @author Stefan Siegl * * Copyright 2012 Stefan Siegl */ var forge = __nccwpck_require__(9177); __nccwpck_require__(3339); module.exports = forge.mgf = forge.mgf || {}; forge.mgf.mgf1 = forge.mgf1; /***/ }), /***/ 3339: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Javascript implementation of mask generation function MGF1. * * @author Stefan Siegl * @author Dave Longley * * Copyright (c) 2012 Stefan Siegl * Copyright (c) 2014 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(8339); forge.mgf = forge.mgf || {}; var mgf1 = module.exports = forge.mgf.mgf1 = forge.mgf1 = forge.mgf1 || {}; /** * Creates a MGF1 mask generation function object. * * @param md the message digest API to use (eg: forge.md.sha1.create()). * * @return a mask generation function object. */ mgf1.create = function(md) { var mgf = { /** * Generate mask of specified length. * * @param {String} seed The seed for mask generation. * @param maskLen Number of bytes to generate. * @return {String} The generated mask. */ generate: function(seed, maskLen) { /* 2. Let T be the empty octet string. */ var t = new forge.util.ByteBuffer(); /* 3. For counter from 0 to ceil(maskLen / hLen), do the following: */ var len = Math.ceil(maskLen / md.digestLength); for(var i = 0; i < len; i++) { /* a. Convert counter to an octet string C of length 4 octets */ var c = new forge.util.ByteBuffer(); c.putInt32(i); /* b. Concatenate the hash of the seed mgfSeed and C to the octet * string T: */ md.start(); md.update(seed + c.getBytes()); t.putBuffer(md.digest()); } /* Output the leading maskLen octets of T as the octet string mask. */ t.truncate(t.length() - maskLen); return t.getBytes(); } }; return mgf; }; /***/ }), /***/ 1925: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Object IDs for ASN.1. * * @author Dave Longley * * Copyright (c) 2010-2013 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); forge.pki = forge.pki || {}; var oids = module.exports = forge.pki.oids = forge.oids = forge.oids || {}; // set id to name mapping and name to id mapping function _IN(id, name) { oids[id] = name; oids[name] = id; } // set id to name mapping only function _I_(id, name) { oids[id] = name; } // algorithm OIDs _IN('1.2.840.113549.1.1.1', 'rsaEncryption'); // Note: md2 & md4 not implemented //_IN('1.2.840.113549.1.1.2', 'md2WithRSAEncryption'); //_IN('1.2.840.113549.1.1.3', 'md4WithRSAEncryption'); _IN('1.2.840.113549.1.1.4', 'md5WithRSAEncryption'); _IN('1.2.840.113549.1.1.5', 'sha1WithRSAEncryption'); _IN('1.2.840.113549.1.1.7', 'RSAES-OAEP'); _IN('1.2.840.113549.1.1.8', 'mgf1'); _IN('1.2.840.113549.1.1.9', 'pSpecified'); _IN('1.2.840.113549.1.1.10', 'RSASSA-PSS'); _IN('1.2.840.113549.1.1.11', 'sha256WithRSAEncryption'); _IN('1.2.840.113549.1.1.12', 'sha384WithRSAEncryption'); _IN('1.2.840.113549.1.1.13', 'sha512WithRSAEncryption'); // Edwards-curve Digital Signature Algorithm (EdDSA) Ed25519 _IN('1.3.101.112', 'EdDSA25519'); _IN('1.2.840.10040.4.3', 'dsa-with-sha1'); _IN('1.3.14.3.2.7', 'desCBC'); _IN('1.3.14.3.2.26', 'sha1'); // Deprecated equivalent of sha1WithRSAEncryption _IN('1.3.14.3.2.29', 'sha1WithRSASignature'); _IN('2.16.840.1.101.3.4.2.1', 'sha256'); _IN('2.16.840.1.101.3.4.2.2', 'sha384'); _IN('2.16.840.1.101.3.4.2.3', 'sha512'); _IN('2.16.840.1.101.3.4.2.4', 'sha224'); _IN('2.16.840.1.101.3.4.2.5', 'sha512-224'); _IN('2.16.840.1.101.3.4.2.6', 'sha512-256'); _IN('1.2.840.113549.2.2', 'md2'); _IN('1.2.840.113549.2.5', 'md5'); // pkcs#7 content types _IN('1.2.840.113549.1.7.1', 'data'); _IN('1.2.840.113549.1.7.2', 'signedData'); _IN('1.2.840.113549.1.7.3', 'envelopedData'); _IN('1.2.840.113549.1.7.4', 'signedAndEnvelopedData'); _IN('1.2.840.113549.1.7.5', 'digestedData'); _IN('1.2.840.113549.1.7.6', 'encryptedData'); // pkcs#9 oids _IN('1.2.840.113549.1.9.1', 'emailAddress'); _IN('1.2.840.113549.1.9.2', 'unstructuredName'); _IN('1.2.840.113549.1.9.3', 'contentType'); _IN('1.2.840.113549.1.9.4', 'messageDigest'); _IN('1.2.840.113549.1.9.5', 'signingTime'); _IN('1.2.840.113549.1.9.6', 'counterSignature'); _IN('1.2.840.113549.1.9.7', 'challengePassword'); _IN('1.2.840.113549.1.9.8', 'unstructuredAddress'); _IN('1.2.840.113549.1.9.14', 'extensionRequest'); _IN('1.2.840.113549.1.9.20', 'friendlyName'); _IN('1.2.840.113549.1.9.21', 'localKeyId'); _IN('1.2.840.113549.1.9.22.1', 'x509Certificate'); // pkcs#12 safe bags _IN('1.2.840.113549.1.12.10.1.1', 'keyBag'); _IN('1.2.840.113549.1.12.10.1.2', 'pkcs8ShroudedKeyBag'); _IN('1.2.840.113549.1.12.10.1.3', 'certBag'); _IN('1.2.840.113549.1.12.10.1.4', 'crlBag'); _IN('1.2.840.113549.1.12.10.1.5', 'secretBag'); _IN('1.2.840.113549.1.12.10.1.6', 'safeContentsBag'); // password-based-encryption for pkcs#12 _IN('1.2.840.113549.1.5.13', 'pkcs5PBES2'); _IN('1.2.840.113549.1.5.12', 'pkcs5PBKDF2'); _IN('1.2.840.113549.1.12.1.1', 'pbeWithSHAAnd128BitRC4'); _IN('1.2.840.113549.1.12.1.2', 'pbeWithSHAAnd40BitRC4'); _IN('1.2.840.113549.1.12.1.3', 'pbeWithSHAAnd3-KeyTripleDES-CBC'); _IN('1.2.840.113549.1.12.1.4', 'pbeWithSHAAnd2-KeyTripleDES-CBC'); _IN('1.2.840.113549.1.12.1.5', 'pbeWithSHAAnd128BitRC2-CBC'); _IN('1.2.840.113549.1.12.1.6', 'pbewithSHAAnd40BitRC2-CBC'); // hmac OIDs _IN('1.2.840.113549.2.7', 'hmacWithSHA1'); _IN('1.2.840.113549.2.8', 'hmacWithSHA224'); _IN('1.2.840.113549.2.9', 'hmacWithSHA256'); _IN('1.2.840.113549.2.10', 'hmacWithSHA384'); _IN('1.2.840.113549.2.11', 'hmacWithSHA512'); // symmetric key algorithm oids _IN('1.2.840.113549.3.7', 'des-EDE3-CBC'); _IN('2.16.840.1.101.3.4.1.2', 'aes128-CBC'); _IN('2.16.840.1.101.3.4.1.22', 'aes192-CBC'); _IN('2.16.840.1.101.3.4.1.42', 'aes256-CBC'); // certificate issuer/subject OIDs _IN('2.5.4.3', 'commonName'); _IN('2.5.4.4', 'surname'); _IN('2.5.4.5', 'serialNumber'); _IN('2.5.4.6', 'countryName'); _IN('2.5.4.7', 'localityName'); _IN('2.5.4.8', 'stateOrProvinceName'); _IN('2.5.4.9', 'streetAddress'); _IN('2.5.4.10', 'organizationName'); _IN('2.5.4.11', 'organizationalUnitName'); _IN('2.5.4.12', 'title'); _IN('2.5.4.13', 'description'); _IN('2.5.4.15', 'businessCategory'); _IN('2.5.4.17', 'postalCode'); _IN('2.5.4.42', 'givenName'); _IN('1.3.6.1.4.1.311.60.2.1.2', 'jurisdictionOfIncorporationStateOrProvinceName'); _IN('1.3.6.1.4.1.311.60.2.1.3', 'jurisdictionOfIncorporationCountryName'); // X.509 extension OIDs _IN('2.16.840.1.113730.1.1', 'nsCertType'); _IN('2.16.840.1.113730.1.13', 'nsComment'); // deprecated in theory; still widely used _I_('2.5.29.1', 'authorityKeyIdentifier'); // deprecated, use .35 _I_('2.5.29.2', 'keyAttributes'); // obsolete use .37 or .15 _I_('2.5.29.3', 'certificatePolicies'); // deprecated, use .32 _I_('2.5.29.4', 'keyUsageRestriction'); // obsolete use .37 or .15 _I_('2.5.29.5', 'policyMapping'); // deprecated use .33 _I_('2.5.29.6', 'subtreesConstraint'); // obsolete use .30 _I_('2.5.29.7', 'subjectAltName'); // deprecated use .17 _I_('2.5.29.8', 'issuerAltName'); // deprecated use .18 _I_('2.5.29.9', 'subjectDirectoryAttributes'); _I_('2.5.29.10', 'basicConstraints'); // deprecated use .19 _I_('2.5.29.11', 'nameConstraints'); // deprecated use .30 _I_('2.5.29.12', 'policyConstraints'); // deprecated use .36 _I_('2.5.29.13', 'basicConstraints'); // deprecated use .19 _IN('2.5.29.14', 'subjectKeyIdentifier'); _IN('2.5.29.15', 'keyUsage'); _I_('2.5.29.16', 'privateKeyUsagePeriod'); _IN('2.5.29.17', 'subjectAltName'); _IN('2.5.29.18', 'issuerAltName'); _IN('2.5.29.19', 'basicConstraints'); _I_('2.5.29.20', 'cRLNumber'); _I_('2.5.29.21', 'cRLReason'); _I_('2.5.29.22', 'expirationDate'); _I_('2.5.29.23', 'instructionCode'); _I_('2.5.29.24', 'invalidityDate'); _I_('2.5.29.25', 'cRLDistributionPoints'); // deprecated use .31 _I_('2.5.29.26', 'issuingDistributionPoint'); // deprecated use .28 _I_('2.5.29.27', 'deltaCRLIndicator'); _I_('2.5.29.28', 'issuingDistributionPoint'); _I_('2.5.29.29', 'certificateIssuer'); _I_('2.5.29.30', 'nameConstraints'); _IN('2.5.29.31', 'cRLDistributionPoints'); _IN('2.5.29.32', 'certificatePolicies'); _I_('2.5.29.33', 'policyMappings'); _I_('2.5.29.34', 'policyConstraints'); // deprecated use .36 _IN('2.5.29.35', 'authorityKeyIdentifier'); _I_('2.5.29.36', 'policyConstraints'); _IN('2.5.29.37', 'extKeyUsage'); _I_('2.5.29.46', 'freshestCRL'); _I_('2.5.29.54', 'inhibitAnyPolicy'); // extKeyUsage purposes _IN('1.3.6.1.4.1.11129.2.4.2', 'timestampList'); _IN('1.3.6.1.5.5.7.1.1', 'authorityInfoAccess'); _IN('1.3.6.1.5.5.7.3.1', 'serverAuth'); _IN('1.3.6.1.5.5.7.3.2', 'clientAuth'); _IN('1.3.6.1.5.5.7.3.3', 'codeSigning'); _IN('1.3.6.1.5.5.7.3.4', 'emailProtection'); _IN('1.3.6.1.5.5.7.3.8', 'timeStamping'); /***/ }), /***/ 1281: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Password-based encryption functions. * * @author Dave Longley * @author Stefan Siegl * * Copyright (c) 2010-2013 Digital Bazaar, Inc. * Copyright (c) 2012 Stefan Siegl * * An EncryptedPrivateKeyInfo: * * EncryptedPrivateKeyInfo ::= SEQUENCE { * encryptionAlgorithm EncryptionAlgorithmIdentifier, * encryptedData EncryptedData } * * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier * * EncryptedData ::= OCTET STRING */ var forge = __nccwpck_require__(9177); __nccwpck_require__(7994); __nccwpck_require__(9549); __nccwpck_require__(7157); __nccwpck_require__(6231); __nccwpck_require__(1925); __nccwpck_require__(1611); __nccwpck_require__(154); __nccwpck_require__(7821); __nccwpck_require__(9965); __nccwpck_require__(3921); __nccwpck_require__(8339); if(typeof BigInteger === 'undefined') { var BigInteger = forge.jsbn.BigInteger; } // shortcut for asn.1 API var asn1 = forge.asn1; /* Password-based encryption implementation. */ var pki = forge.pki = forge.pki || {}; module.exports = pki.pbe = forge.pbe = forge.pbe || {}; var oids = pki.oids; // validator for an EncryptedPrivateKeyInfo structure // Note: Currently only works w/algorithm params var encryptedPrivateKeyValidator = { name: 'EncryptedPrivateKeyInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'EncryptedPrivateKeyInfo.encryptionAlgorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'AlgorithmIdentifier.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'encryptionOid' }, { name: 'AlgorithmIdentifier.parameters', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, captureAsn1: 'encryptionParams' }] }, { // encryptedData name: 'EncryptedPrivateKeyInfo.encryptedData', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, capture: 'encryptedData' }] }; // validator for a PBES2Algorithms structure // Note: Currently only works w/PBKDF2 + AES encryption schemes var PBES2AlgorithmsValidator = { name: 'PBES2Algorithms', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'PBES2Algorithms.keyDerivationFunc', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'PBES2Algorithms.keyDerivationFunc.oid', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'kdfOid' }, { name: 'PBES2Algorithms.params', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'PBES2Algorithms.params.salt', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, capture: 'kdfSalt' }, { name: 'PBES2Algorithms.params.iterationCount', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'kdfIterationCount' }, { name: 'PBES2Algorithms.params.keyLength', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, optional: true, capture: 'keyLength' }, { // prf name: 'PBES2Algorithms.params.prf', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, optional: true, value: [{ name: 'PBES2Algorithms.params.prf.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'prfOid' }] }] }] }, { name: 'PBES2Algorithms.encryptionScheme', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'PBES2Algorithms.encryptionScheme.oid', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'encOid' }, { name: 'PBES2Algorithms.encryptionScheme.iv', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, capture: 'encIv' }] }] }; var pkcs12PbeParamsValidator = { name: 'pkcs-12PbeParams', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'pkcs-12PbeParams.salt', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, capture: 'salt' }, { name: 'pkcs-12PbeParams.iterations', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'iterations' }] }; /** * Encrypts a ASN.1 PrivateKeyInfo object, producing an EncryptedPrivateKeyInfo. * * PBES2Algorithms ALGORITHM-IDENTIFIER ::= * { {PBES2-params IDENTIFIED BY id-PBES2}, ...} * * id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} * * PBES2-params ::= SEQUENCE { * keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, * encryptionScheme AlgorithmIdentifier {{PBES2-Encs}} * } * * PBES2-KDFs ALGORITHM-IDENTIFIER ::= * { {PBKDF2-params IDENTIFIED BY id-PBKDF2}, ... } * * PBES2-Encs ALGORITHM-IDENTIFIER ::= { ... } * * PBKDF2-params ::= SEQUENCE { * salt CHOICE { * specified OCTET STRING, * otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} * }, * iterationCount INTEGER (1..MAX), * keyLength INTEGER (1..MAX) OPTIONAL, * prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 * } * * @param obj the ASN.1 PrivateKeyInfo object. * @param password the password to encrypt with. * @param options: * algorithm the encryption algorithm to use * ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'. * count the iteration count to use. * saltSize the salt size to use. * prfAlgorithm the PRF message digest algorithm to use * ('sha1', 'sha224', 'sha256', 'sha384', 'sha512') * * @return the ASN.1 EncryptedPrivateKeyInfo. */ pki.encryptPrivateKeyInfo = function(obj, password, options) { // set default options options = options || {}; options.saltSize = options.saltSize || 8; options.count = options.count || 2048; options.algorithm = options.algorithm || 'aes128'; options.prfAlgorithm = options.prfAlgorithm || 'sha1'; // generate PBE params var salt = forge.random.getBytesSync(options.saltSize); var count = options.count; var countBytes = asn1.integerToDer(count); var dkLen; var encryptionAlgorithm; var encryptedData; if(options.algorithm.indexOf('aes') === 0 || options.algorithm === 'des') { // do PBES2 var ivLen, encOid, cipherFn; switch(options.algorithm) { case 'aes128': dkLen = 16; ivLen = 16; encOid = oids['aes128-CBC']; cipherFn = forge.aes.createEncryptionCipher; break; case 'aes192': dkLen = 24; ivLen = 16; encOid = oids['aes192-CBC']; cipherFn = forge.aes.createEncryptionCipher; break; case 'aes256': dkLen = 32; ivLen = 16; encOid = oids['aes256-CBC']; cipherFn = forge.aes.createEncryptionCipher; break; case 'des': dkLen = 8; ivLen = 8; encOid = oids['desCBC']; cipherFn = forge.des.createEncryptionCipher; break; default: var error = new Error('Cannot encrypt private key. Unknown encryption algorithm.'); error.algorithm = options.algorithm; throw error; } // get PRF message digest var prfAlgorithm = 'hmacWith' + options.prfAlgorithm.toUpperCase(); var md = prfAlgorithmToMessageDigest(prfAlgorithm); // encrypt private key using pbe SHA-1 and AES/DES var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md); var iv = forge.random.getBytesSync(ivLen); var cipher = cipherFn(dk); cipher.start(iv); cipher.update(asn1.toDer(obj)); cipher.finish(); encryptedData = cipher.output.getBytes(); // get PBKDF2-params var params = createPbkdf2Params(salt, countBytes, dkLen, prfAlgorithm); encryptionAlgorithm = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(oids['pkcs5PBES2']).getBytes()), asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // keyDerivationFunc asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(oids['pkcs5PBKDF2']).getBytes()), // PBKDF2-params params ]), // encryptionScheme asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(encOid).getBytes()), // iv asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, iv) ]) ]) ]); } else if(options.algorithm === '3des') { // Do PKCS12 PBE dkLen = 24; var saltBytes = new forge.util.ByteBuffer(salt); var dk = pki.pbe.generatePkcs12Key(password, saltBytes, 1, count, dkLen); var iv = pki.pbe.generatePkcs12Key(password, saltBytes, 2, count, dkLen); var cipher = forge.des.createEncryptionCipher(dk); cipher.start(iv); cipher.update(asn1.toDer(obj)); cipher.finish(); encryptedData = cipher.output.getBytes(); encryptionAlgorithm = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(oids['pbeWithSHAAnd3-KeyTripleDES-CBC']).getBytes()), // pkcs-12PbeParams asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // salt asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt), // iteration count asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, countBytes.getBytes()) ]) ]); } else { var error = new Error('Cannot encrypt private key. Unknown encryption algorithm.'); error.algorithm = options.algorithm; throw error; } // EncryptedPrivateKeyInfo var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // encryptionAlgorithm encryptionAlgorithm, // encryptedData asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, encryptedData) ]); return rval; }; /** * Decrypts a ASN.1 PrivateKeyInfo object. * * @param obj the ASN.1 EncryptedPrivateKeyInfo object. * @param password the password to decrypt with. * * @return the ASN.1 PrivateKeyInfo on success, null on failure. */ pki.decryptPrivateKeyInfo = function(obj, password) { var rval = null; // get PBE params var capture = {}; var errors = []; if(!asn1.validate(obj, encryptedPrivateKeyValidator, capture, errors)) { var error = new Error('Cannot read encrypted private key. ' + 'ASN.1 object is not a supported EncryptedPrivateKeyInfo.'); error.errors = errors; throw error; } // get cipher var oid = asn1.derToOid(capture.encryptionOid); var cipher = pki.pbe.getCipher(oid, capture.encryptionParams, password); // get encrypted data var encrypted = forge.util.createBuffer(capture.encryptedData); cipher.update(encrypted); if(cipher.finish()) { rval = asn1.fromDer(cipher.output); } return rval; }; /** * Converts a EncryptedPrivateKeyInfo to PEM format. * * @param epki the EncryptedPrivateKeyInfo. * @param maxline the maximum characters per line, defaults to 64. * * @return the PEM-formatted encrypted private key. */ pki.encryptedPrivateKeyToPem = function(epki, maxline) { // convert to DER, then PEM-encode var msg = { type: 'ENCRYPTED PRIVATE KEY', body: asn1.toDer(epki).getBytes() }; return forge.pem.encode(msg, {maxline: maxline}); }; /** * Converts a PEM-encoded EncryptedPrivateKeyInfo to ASN.1 format. Decryption * is not performed. * * @param pem the EncryptedPrivateKeyInfo in PEM-format. * * @return the ASN.1 EncryptedPrivateKeyInfo. */ pki.encryptedPrivateKeyFromPem = function(pem) { var msg = forge.pem.decode(pem)[0]; if(msg.type !== 'ENCRYPTED PRIVATE KEY') { var error = new Error('Could not convert encrypted private key from PEM; ' + 'PEM header type is "ENCRYPTED PRIVATE KEY".'); error.headerType = msg.type; throw error; } if(msg.procType && msg.procType.type === 'ENCRYPTED') { throw new Error('Could not convert encrypted private key from PEM; ' + 'PEM is encrypted.'); } // convert DER to ASN.1 object return asn1.fromDer(msg.body); }; /** * Encrypts an RSA private key. By default, the key will be wrapped in * a PrivateKeyInfo and encrypted to produce a PKCS#8 EncryptedPrivateKeyInfo. * This is the standard, preferred way to encrypt a private key. * * To produce a non-standard PEM-encrypted private key that uses encapsulated * headers to indicate the encryption algorithm (old-style non-PKCS#8 OpenSSL * private key encryption), set the 'legacy' option to true. Note: Using this * option will cause the iteration count to be forced to 1. * * Note: The 'des' algorithm is supported, but it is not considered to be * secure because it only uses a single 56-bit key. If possible, it is highly * recommended that a different algorithm be used. * * @param rsaKey the RSA key to encrypt. * @param password the password to use. * @param options: * algorithm: the encryption algorithm to use * ('aes128', 'aes192', 'aes256', '3des', 'des'). * count: the iteration count to use. * saltSize: the salt size to use. * legacy: output an old non-PKCS#8 PEM-encrypted+encapsulated * headers (DEK-Info) private key. * * @return the PEM-encoded ASN.1 EncryptedPrivateKeyInfo. */ pki.encryptRsaPrivateKey = function(rsaKey, password, options) { // standard PKCS#8 options = options || {}; if(!options.legacy) { // encrypt PrivateKeyInfo var rval = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(rsaKey)); rval = pki.encryptPrivateKeyInfo(rval, password, options); return pki.encryptedPrivateKeyToPem(rval); } // legacy non-PKCS#8 var algorithm; var iv; var dkLen; var cipherFn; switch(options.algorithm) { case 'aes128': algorithm = 'AES-128-CBC'; dkLen = 16; iv = forge.random.getBytesSync(16); cipherFn = forge.aes.createEncryptionCipher; break; case 'aes192': algorithm = 'AES-192-CBC'; dkLen = 24; iv = forge.random.getBytesSync(16); cipherFn = forge.aes.createEncryptionCipher; break; case 'aes256': algorithm = 'AES-256-CBC'; dkLen = 32; iv = forge.random.getBytesSync(16); cipherFn = forge.aes.createEncryptionCipher; break; case '3des': algorithm = 'DES-EDE3-CBC'; dkLen = 24; iv = forge.random.getBytesSync(8); cipherFn = forge.des.createEncryptionCipher; break; case 'des': algorithm = 'DES-CBC'; dkLen = 8; iv = forge.random.getBytesSync(8); cipherFn = forge.des.createEncryptionCipher; break; default: var error = new Error('Could not encrypt RSA private key; unsupported ' + 'encryption algorithm "' + options.algorithm + '".'); error.algorithm = options.algorithm; throw error; } // encrypt private key using OpenSSL legacy key derivation var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen); var cipher = cipherFn(dk); cipher.start(iv); cipher.update(asn1.toDer(pki.privateKeyToAsn1(rsaKey))); cipher.finish(); var msg = { type: 'RSA PRIVATE KEY', procType: { version: '4', type: 'ENCRYPTED' }, dekInfo: { algorithm: algorithm, parameters: forge.util.bytesToHex(iv).toUpperCase() }, body: cipher.output.getBytes() }; return forge.pem.encode(msg); }; /** * Decrypts an RSA private key. * * @param pem the PEM-formatted EncryptedPrivateKeyInfo to decrypt. * @param password the password to use. * * @return the RSA key on success, null on failure. */ pki.decryptRsaPrivateKey = function(pem, password) { var rval = null; var msg = forge.pem.decode(pem)[0]; if(msg.type !== 'ENCRYPTED PRIVATE KEY' && msg.type !== 'PRIVATE KEY' && msg.type !== 'RSA PRIVATE KEY') { var error = new Error('Could not convert private key from PEM; PEM header type ' + 'is not "ENCRYPTED PRIVATE KEY", "PRIVATE KEY", or "RSA PRIVATE KEY".'); error.headerType = error; throw error; } if(msg.procType && msg.procType.type === 'ENCRYPTED') { var dkLen; var cipherFn; switch(msg.dekInfo.algorithm) { case 'DES-CBC': dkLen = 8; cipherFn = forge.des.createDecryptionCipher; break; case 'DES-EDE3-CBC': dkLen = 24; cipherFn = forge.des.createDecryptionCipher; break; case 'AES-128-CBC': dkLen = 16; cipherFn = forge.aes.createDecryptionCipher; break; case 'AES-192-CBC': dkLen = 24; cipherFn = forge.aes.createDecryptionCipher; break; case 'AES-256-CBC': dkLen = 32; cipherFn = forge.aes.createDecryptionCipher; break; case 'RC2-40-CBC': dkLen = 5; cipherFn = function(key) { return forge.rc2.createDecryptionCipher(key, 40); }; break; case 'RC2-64-CBC': dkLen = 8; cipherFn = function(key) { return forge.rc2.createDecryptionCipher(key, 64); }; break; case 'RC2-128-CBC': dkLen = 16; cipherFn = function(key) { return forge.rc2.createDecryptionCipher(key, 128); }; break; default: var error = new Error('Could not decrypt private key; unsupported ' + 'encryption algorithm "' + msg.dekInfo.algorithm + '".'); error.algorithm = msg.dekInfo.algorithm; throw error; } // use OpenSSL legacy key derivation var iv = forge.util.hexToBytes(msg.dekInfo.parameters); var dk = forge.pbe.opensslDeriveBytes(password, iv.substr(0, 8), dkLen); var cipher = cipherFn(dk); cipher.start(iv); cipher.update(forge.util.createBuffer(msg.body)); if(cipher.finish()) { rval = cipher.output.getBytes(); } else { return rval; } } else { rval = msg.body; } if(msg.type === 'ENCRYPTED PRIVATE KEY') { rval = pki.decryptPrivateKeyInfo(asn1.fromDer(rval), password); } else { // decryption already performed above rval = asn1.fromDer(rval); } if(rval !== null) { rval = pki.privateKeyFromAsn1(rval); } return rval; }; /** * Derives a PKCS#12 key. * * @param password the password to derive the key material from, null or * undefined for none. * @param salt the salt, as a ByteBuffer, to use. * @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC). * @param iter the iteration count. * @param n the number of bytes to derive from the password. * @param md the message digest to use, defaults to SHA-1. * * @return a ByteBuffer with the bytes derived from the password. */ pki.pbe.generatePkcs12Key = function(password, salt, id, iter, n, md) { var j, l; if(typeof md === 'undefined' || md === null) { if(!('sha1' in forge.md)) { throw new Error('"sha1" hash algorithm unavailable.'); } md = forge.md.sha1.create(); } var u = md.digestLength; var v = md.blockLength; var result = new forge.util.ByteBuffer(); /* Convert password to Unicode byte buffer + trailing 0-byte. */ var passBuf = new forge.util.ByteBuffer(); if(password !== null && password !== undefined) { for(l = 0; l < password.length; l++) { passBuf.putInt16(password.charCodeAt(l)); } passBuf.putInt16(0); } /* Length of salt and password in BYTES. */ var p = passBuf.length(); var s = salt.length(); /* 1. Construct a string, D (the "diversifier"), by concatenating v copies of ID. */ var D = new forge.util.ByteBuffer(); D.fillWithByte(id, v); /* 2. Concatenate copies of the salt together to create a string S of length v * ceil(s / v) bytes (the final copy of the salt may be trunacted to create S). Note that if the salt is the empty string, then so is S. */ var Slen = v * Math.ceil(s / v); var S = new forge.util.ByteBuffer(); for(l = 0; l < Slen; l++) { S.putByte(salt.at(l % s)); } /* 3. Concatenate copies of the password together to create a string P of length v * ceil(p / v) bytes (the final copy of the password may be truncated to create P). Note that if the password is the empty string, then so is P. */ var Plen = v * Math.ceil(p / v); var P = new forge.util.ByteBuffer(); for(l = 0; l < Plen; l++) { P.putByte(passBuf.at(l % p)); } /* 4. Set I=S||P to be the concatenation of S and P. */ var I = S; I.putBuffer(P); /* 5. Set c=ceil(n / u). */ var c = Math.ceil(n / u); /* 6. For i=1, 2, ..., c, do the following: */ for(var i = 1; i <= c; i++) { /* a) Set Ai=H^r(D||I). (l.e. the rth hash of D||I, H(H(H(...H(D||I)))) */ var buf = new forge.util.ByteBuffer(); buf.putBytes(D.bytes()); buf.putBytes(I.bytes()); for(var round = 0; round < iter; round++) { md.start(); md.update(buf.getBytes()); buf = md.digest(); } /* b) Concatenate copies of Ai to create a string B of length v bytes (the final copy of Ai may be truncated to create B). */ var B = new forge.util.ByteBuffer(); for(l = 0; l < v; l++) { B.putByte(buf.at(l % u)); } /* c) Treating I as a concatenation I0, I1, ..., Ik-1 of v-byte blocks, where k=ceil(s / v) + ceil(p / v), modify I by setting Ij=(Ij+B+1) mod 2v for each j. */ var k = Math.ceil(s / v) + Math.ceil(p / v); var Inew = new forge.util.ByteBuffer(); for(j = 0; j < k; j++) { var chunk = new forge.util.ByteBuffer(I.getBytes(v)); var x = 0x1ff; for(l = B.length() - 1; l >= 0; l--) { x = x >> 8; x += B.at(l) + chunk.at(l); chunk.setAt(l, x & 0xff); } Inew.putBuffer(chunk); } I = Inew; /* Add Ai to A. */ result.putBuffer(buf); } result.truncate(result.length() - n); return result; }; /** * Get new Forge cipher object instance. * * @param oid the OID (in string notation). * @param params the ASN.1 params object. * @param password the password to decrypt with. * * @return new cipher object instance. */ pki.pbe.getCipher = function(oid, params, password) { switch(oid) { case pki.oids['pkcs5PBES2']: return pki.pbe.getCipherForPBES2(oid, params, password); case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']: case pki.oids['pbewithSHAAnd40BitRC2-CBC']: return pki.pbe.getCipherForPKCS12PBE(oid, params, password); default: var error = new Error('Cannot read encrypted PBE data block. Unsupported OID.'); error.oid = oid; error.supportedOids = [ 'pkcs5PBES2', 'pbeWithSHAAnd3-KeyTripleDES-CBC', 'pbewithSHAAnd40BitRC2-CBC' ]; throw error; } }; /** * Get new Forge cipher object instance according to PBES2 params block. * * The returned cipher instance is already started using the IV * from PBES2 parameter block. * * @param oid the PKCS#5 PBKDF2 OID (in string notation). * @param params the ASN.1 PBES2-params object. * @param password the password to decrypt with. * * @return new cipher object instance. */ pki.pbe.getCipherForPBES2 = function(oid, params, password) { // get PBE params var capture = {}; var errors = []; if(!asn1.validate(params, PBES2AlgorithmsValidator, capture, errors)) { var error = new Error('Cannot read password-based-encryption algorithm ' + 'parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo.'); error.errors = errors; throw error; } // check oids oid = asn1.derToOid(capture.kdfOid); if(oid !== pki.oids['pkcs5PBKDF2']) { var error = new Error('Cannot read encrypted private key. ' + 'Unsupported key derivation function OID.'); error.oid = oid; error.supportedOids = ['pkcs5PBKDF2']; throw error; } oid = asn1.derToOid(capture.encOid); if(oid !== pki.oids['aes128-CBC'] && oid !== pki.oids['aes192-CBC'] && oid !== pki.oids['aes256-CBC'] && oid !== pki.oids['des-EDE3-CBC'] && oid !== pki.oids['desCBC']) { var error = new Error('Cannot read encrypted private key. ' + 'Unsupported encryption scheme OID.'); error.oid = oid; error.supportedOids = [ 'aes128-CBC', 'aes192-CBC', 'aes256-CBC', 'des-EDE3-CBC', 'desCBC']; throw error; } // set PBE params var salt = capture.kdfSalt; var count = forge.util.createBuffer(capture.kdfIterationCount); count = count.getInt(count.length() << 3); var dkLen; var cipherFn; switch(pki.oids[oid]) { case 'aes128-CBC': dkLen = 16; cipherFn = forge.aes.createDecryptionCipher; break; case 'aes192-CBC': dkLen = 24; cipherFn = forge.aes.createDecryptionCipher; break; case 'aes256-CBC': dkLen = 32; cipherFn = forge.aes.createDecryptionCipher; break; case 'des-EDE3-CBC': dkLen = 24; cipherFn = forge.des.createDecryptionCipher; break; case 'desCBC': dkLen = 8; cipherFn = forge.des.createDecryptionCipher; break; } // get PRF message digest var md = prfOidToMessageDigest(capture.prfOid); // decrypt private key using pbe with chosen PRF and AES/DES var dk = forge.pkcs5.pbkdf2(password, salt, count, dkLen, md); var iv = capture.encIv; var cipher = cipherFn(dk); cipher.start(iv); return cipher; }; /** * Get new Forge cipher object instance for PKCS#12 PBE. * * The returned cipher instance is already started using the key & IV * derived from the provided password and PKCS#12 PBE salt. * * @param oid The PKCS#12 PBE OID (in string notation). * @param params The ASN.1 PKCS#12 PBE-params object. * @param password The password to decrypt with. * * @return the new cipher object instance. */ pki.pbe.getCipherForPKCS12PBE = function(oid, params, password) { // get PBE params var capture = {}; var errors = []; if(!asn1.validate(params, pkcs12PbeParamsValidator, capture, errors)) { var error = new Error('Cannot read password-based-encryption algorithm ' + 'parameters. ASN.1 object is not a supported EncryptedPrivateKeyInfo.'); error.errors = errors; throw error; } var salt = forge.util.createBuffer(capture.salt); var count = forge.util.createBuffer(capture.iterations); count = count.getInt(count.length() << 3); var dkLen, dIvLen, cipherFn; switch(oid) { case pki.oids['pbeWithSHAAnd3-KeyTripleDES-CBC']: dkLen = 24; dIvLen = 8; cipherFn = forge.des.startDecrypting; break; case pki.oids['pbewithSHAAnd40BitRC2-CBC']: dkLen = 5; dIvLen = 8; cipherFn = function(key, iv) { var cipher = forge.rc2.createDecryptionCipher(key, 40); cipher.start(iv, null); return cipher; }; break; default: var error = new Error('Cannot read PKCS #12 PBE data block. Unsupported OID.'); error.oid = oid; throw error; } // get PRF message digest var md = prfOidToMessageDigest(capture.prfOid); var key = pki.pbe.generatePkcs12Key(password, salt, 1, count, dkLen, md); md.start(); var iv = pki.pbe.generatePkcs12Key(password, salt, 2, count, dIvLen, md); return cipherFn(key, iv); }; /** * OpenSSL's legacy key derivation function. * * See: http://www.openssl.org/docs/crypto/EVP_BytesToKey.html * * @param password the password to derive the key from. * @param salt the salt to use, null for none. * @param dkLen the number of bytes needed for the derived key. * @param [options] the options to use: * [md] an optional message digest object to use. */ pki.pbe.opensslDeriveBytes = function(password, salt, dkLen, md) { if(typeof md === 'undefined' || md === null) { if(!('md5' in forge.md)) { throw new Error('"md5" hash algorithm unavailable.'); } md = forge.md.md5.create(); } if(salt === null) { salt = ''; } var digests = [hash(md, password + salt)]; for(var length = 16, i = 1; length < dkLen; ++i, length += 16) { digests.push(hash(md, digests[i - 1] + password + salt)); } return digests.join('').substr(0, dkLen); }; function hash(md, bytes) { return md.start().update(bytes).digest().getBytes(); } function prfOidToMessageDigest(prfOid) { // get PRF algorithm, default to SHA-1 var prfAlgorithm; if(!prfOid) { prfAlgorithm = 'hmacWithSHA1'; } else { prfAlgorithm = pki.oids[asn1.derToOid(prfOid)]; if(!prfAlgorithm) { var error = new Error('Unsupported PRF OID.'); error.oid = prfOid; error.supported = [ 'hmacWithSHA1', 'hmacWithSHA224', 'hmacWithSHA256', 'hmacWithSHA384', 'hmacWithSHA512']; throw error; } } return prfAlgorithmToMessageDigest(prfAlgorithm); } function prfAlgorithmToMessageDigest(prfAlgorithm) { var factory = forge.md; switch(prfAlgorithm) { case 'hmacWithSHA224': factory = forge.md.sha512; case 'hmacWithSHA1': case 'hmacWithSHA256': case 'hmacWithSHA384': case 'hmacWithSHA512': prfAlgorithm = prfAlgorithm.substr(8).toLowerCase(); break; default: var error = new Error('Unsupported PRF algorithm.'); error.algorithm = prfAlgorithm; error.supported = [ 'hmacWithSHA1', 'hmacWithSHA224', 'hmacWithSHA256', 'hmacWithSHA384', 'hmacWithSHA512']; throw error; } if(!factory || !(prfAlgorithm in factory)) { throw new Error('Unknown hash algorithm: ' + prfAlgorithm); } return factory[prfAlgorithm].create(); } function createPbkdf2Params(salt, countBytes, dkLen, prfAlgorithm) { var params = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // salt asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, salt), // iteration count asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, countBytes.getBytes()) ]); // when PRF algorithm is not SHA-1 default, add key length and PRF algorithm if(prfAlgorithm !== 'hmacWithSHA1') { params.value.push( // key length asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, forge.util.hexToBytes(dkLen.toString(16))), // AlgorithmIdentifier asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // algorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(pki.oids[prfAlgorithm]).getBytes()), // parameters (null) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '') ])); } return params; } /***/ }), /***/ 1611: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Password-Based Key-Derivation Function #2 implementation. * * See RFC 2898 for details. * * @author Dave Longley * * Copyright (c) 2010-2013 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(5104); __nccwpck_require__(6231); __nccwpck_require__(8339); var pkcs5 = forge.pkcs5 = forge.pkcs5 || {}; var crypto; if(forge.util.isNodejs && !forge.options.usePureJavaScript) { crypto = __nccwpck_require__(6417); } /** * Derives a key from a password. * * @param p the password as a binary-encoded string of bytes. * @param s the salt as a binary-encoded string of bytes. * @param c the iteration count, a positive integer. * @param dkLen the intended length, in bytes, of the derived key, * (max: 2^32 - 1) * hash length of the PRF. * @param [md] the message digest (or algorithm identifier as a string) to use * in the PRF, defaults to SHA-1. * @param [callback(err, key)] presence triggers asynchronous version, called * once the operation completes. * * @return the derived key, as a binary-encoded string of bytes, for the * synchronous version (if no callback is specified). */ module.exports = forge.pbkdf2 = pkcs5.pbkdf2 = function( p, s, c, dkLen, md, callback) { if(typeof md === 'function') { callback = md; md = null; } // use native implementation if possible and not disabled, note that // some node versions only support SHA-1, others allow digest to be changed if(forge.util.isNodejs && !forge.options.usePureJavaScript && crypto.pbkdf2 && (md === null || typeof md !== 'object') && (crypto.pbkdf2Sync.length > 4 || (!md || md === 'sha1'))) { if(typeof md !== 'string') { // default prf to SHA-1 md = 'sha1'; } p = Buffer.from(p, 'binary'); s = Buffer.from(s, 'binary'); if(!callback) { if(crypto.pbkdf2Sync.length === 4) { return crypto.pbkdf2Sync(p, s, c, dkLen).toString('binary'); } return crypto.pbkdf2Sync(p, s, c, dkLen, md).toString('binary'); } if(crypto.pbkdf2Sync.length === 4) { return crypto.pbkdf2(p, s, c, dkLen, function(err, key) { if(err) { return callback(err); } callback(null, key.toString('binary')); }); } return crypto.pbkdf2(p, s, c, dkLen, md, function(err, key) { if(err) { return callback(err); } callback(null, key.toString('binary')); }); } if(typeof md === 'undefined' || md === null) { // default prf to SHA-1 md = 'sha1'; } if(typeof md === 'string') { if(!(md in forge.md.algorithms)) { throw new Error('Unknown hash algorithm: ' + md); } md = forge.md[md].create(); } var hLen = md.digestLength; /* 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. */ if(dkLen > (0xFFFFFFFF * hLen)) { var err = new Error('Derived key is too long.'); if(callback) { return callback(err); } throw err; } /* 2. Let len be the number of hLen-octet blocks in the derived key, rounding up, and let r be the number of octets in the last block: len = CEIL(dkLen / hLen), r = dkLen - (len - 1) * hLen. */ var len = Math.ceil(dkLen / hLen); var r = dkLen - (len - 1) * hLen; /* 3. For each block of the derived key apply the function F defined below to the password P, the salt S, the iteration count c, and the block index to compute the block: T_1 = F(P, S, c, 1), T_2 = F(P, S, c, 2), ... T_len = F(P, S, c, len), where the function F is defined as the exclusive-or sum of the first c iterates of the underlying pseudorandom function PRF applied to the password P and the concatenation of the salt S and the block index i: F(P, S, c, i) = u_1 XOR u_2 XOR ... XOR u_c where u_1 = PRF(P, S || INT(i)), u_2 = PRF(P, u_1), ... u_c = PRF(P, u_{c-1}). Here, INT(i) is a four-octet encoding of the integer i, most significant octet first. */ var prf = forge.hmac.create(); prf.start(md, p); var dk = ''; var xor, u_c, u_c1; // sync version if(!callback) { for(var i = 1; i <= len; ++i) { // PRF(P, S || INT(i)) (first iteration) prf.start(null, null); prf.update(s); prf.update(forge.util.int32ToBytes(i)); xor = u_c1 = prf.digest().getBytes(); // PRF(P, u_{c-1}) (other iterations) for(var j = 2; j <= c; ++j) { prf.start(null, null); prf.update(u_c1); u_c = prf.digest().getBytes(); // F(p, s, c, i) xor = forge.util.xorBytes(xor, u_c, hLen); u_c1 = u_c; } /* 4. Concatenate the blocks and extract the first dkLen octets to produce a derived key DK: DK = T_1 || T_2 || ... || T_len<0..r-1> */ dk += (i < len) ? xor : xor.substr(0, r); } /* 5. Output the derived key DK. */ return dk; } // async version var i = 1, j; function outer() { if(i > len) { // done return callback(null, dk); } // PRF(P, S || INT(i)) (first iteration) prf.start(null, null); prf.update(s); prf.update(forge.util.int32ToBytes(i)); xor = u_c1 = prf.digest().getBytes(); // PRF(P, u_{c-1}) (other iterations) j = 2; inner(); } function inner() { if(j <= c) { prf.start(null, null); prf.update(u_c1); u_c = prf.digest().getBytes(); // F(p, s, c, i) xor = forge.util.xorBytes(xor, u_c, hLen); u_c1 = u_c; ++j; return forge.util.setImmediate(inner); } /* 4. Concatenate the blocks and extract the first dkLen octets to produce a derived key DK: DK = T_1 || T_2 || ... || T_len<0..r-1> */ dk += (i < len) ? xor : xor.substr(0, r); ++i; outer(); } outer(); }; /***/ }), /***/ 154: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Javascript implementation of basic PEM (Privacy Enhanced Mail) algorithms. * * See: RFC 1421. * * @author Dave Longley * * Copyright (c) 2013-2014 Digital Bazaar, Inc. * * A Forge PEM object has the following fields: * * type: identifies the type of message (eg: "RSA PRIVATE KEY"). * * procType: identifies the type of processing performed on the message, * it has two subfields: version and type, eg: 4,ENCRYPTED. * * contentDomain: identifies the type of content in the message, typically * only uses the value: "RFC822". * * dekInfo: identifies the message encryption algorithm and mode and includes * any parameters for the algorithm, it has two subfields: algorithm and * parameters, eg: DES-CBC,F8143EDE5960C597. * * headers: contains all other PEM encapsulated headers -- where order is * significant (for pairing data like recipient ID + key info). * * body: the binary-encoded body. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(8339); // shortcut for pem API var pem = module.exports = forge.pem = forge.pem || {}; /** * Encodes (serializes) the given PEM object. * * @param msg the PEM message object to encode. * @param options the options to use: * maxline the maximum characters per line for the body, (default: 64). * * @return the PEM-formatted string. */ pem.encode = function(msg, options) { options = options || {}; var rval = '-----BEGIN ' + msg.type + '-----\r\n'; // encode special headers var header; if(msg.procType) { header = { name: 'Proc-Type', values: [String(msg.procType.version), msg.procType.type] }; rval += foldHeader(header); } if(msg.contentDomain) { header = {name: 'Content-Domain', values: [msg.contentDomain]}; rval += foldHeader(header); } if(msg.dekInfo) { header = {name: 'DEK-Info', values: [msg.dekInfo.algorithm]}; if(msg.dekInfo.parameters) { header.values.push(msg.dekInfo.parameters); } rval += foldHeader(header); } if(msg.headers) { // encode all other headers for(var i = 0; i < msg.headers.length; ++i) { rval += foldHeader(msg.headers[i]); } } // terminate header if(msg.procType) { rval += '\r\n'; } // add body rval += forge.util.encode64(msg.body, options.maxline || 64) + '\r\n'; rval += '-----END ' + msg.type + '-----\r\n'; return rval; }; /** * Decodes (deserializes) all PEM messages found in the given string. * * @param str the PEM-formatted string to decode. * * @return the PEM message objects in an array. */ pem.decode = function(str) { var rval = []; // split string into PEM messages (be lenient w/EOF on BEGIN line) var rMessage = /\s*-----BEGIN ([A-Z0-9- ]+)-----\r?\n?([\x21-\x7e\s]+?(?:\r?\n\r?\n))?([:A-Za-z0-9+\/=\s]+?)-----END \1-----/g; var rHeader = /([\x21-\x7e]+):\s*([\x21-\x7e\s^:]+)/; var rCRLF = /\r?\n/; var match; while(true) { match = rMessage.exec(str); if(!match) { break; } // accept "NEW CERTIFICATE REQUEST" as "CERTIFICATE REQUEST" // https://datatracker.ietf.org/doc/html/rfc7468#section-7 var type = match[1]; if(type === 'NEW CERTIFICATE REQUEST') { type = 'CERTIFICATE REQUEST'; } var msg = { type: type, procType: null, contentDomain: null, dekInfo: null, headers: [], body: forge.util.decode64(match[3]) }; rval.push(msg); // no headers if(!match[2]) { continue; } // parse headers var lines = match[2].split(rCRLF); var li = 0; while(match && li < lines.length) { // get line, trim any rhs whitespace var line = lines[li].replace(/\s+$/, ''); // RFC2822 unfold any following folded lines for(var nl = li + 1; nl < lines.length; ++nl) { var next = lines[nl]; if(!/\s/.test(next[0])) { break; } line += next; li = nl; } // parse header match = line.match(rHeader); if(match) { var header = {name: match[1], values: []}; var values = match[2].split(','); for(var vi = 0; vi < values.length; ++vi) { header.values.push(ltrim(values[vi])); } // Proc-Type must be the first header if(!msg.procType) { if(header.name !== 'Proc-Type') { throw new Error('Invalid PEM formatted message. The first ' + 'encapsulated header must be "Proc-Type".'); } else if(header.values.length !== 2) { throw new Error('Invalid PEM formatted message. The "Proc-Type" ' + 'header must have two subfields.'); } msg.procType = {version: values[0], type: values[1]}; } else if(!msg.contentDomain && header.name === 'Content-Domain') { // special-case Content-Domain msg.contentDomain = values[0] || ''; } else if(!msg.dekInfo && header.name === 'DEK-Info') { // special-case DEK-Info if(header.values.length === 0) { throw new Error('Invalid PEM formatted message. The "DEK-Info" ' + 'header must have at least one subfield.'); } msg.dekInfo = {algorithm: values[0], parameters: values[1] || null}; } else { msg.headers.push(header); } } ++li; } if(msg.procType === 'ENCRYPTED' && !msg.dekInfo) { throw new Error('Invalid PEM formatted message. The "DEK-Info" ' + 'header must be present if "Proc-Type" is "ENCRYPTED".'); } } if(rval.length === 0) { throw new Error('Invalid PEM formatted message.'); } return rval; }; function foldHeader(header) { var rval = header.name + ': '; // ensure values with CRLF are folded var values = []; var insertSpace = function(match, $1) { return ' ' + $1; }; for(var i = 0; i < header.values.length; ++i) { values.push(header.values[i].replace(/^(\S+\r\n)/, insertSpace)); } rval += values.join(',') + '\r\n'; // do folding var length = 0; var candidate = -1; for(var i = 0; i < rval.length; ++i, ++length) { if(length > 65 && candidate !== -1) { var insert = rval[candidate]; if(insert === ',') { ++candidate; rval = rval.substr(0, candidate) + '\r\n ' + rval.substr(candidate); } else { rval = rval.substr(0, candidate) + '\r\n' + insert + rval.substr(candidate + 1); } length = (i - candidate - 1); candidate = -1; ++i; } else if(rval[i] === ' ' || rval[i] === '\t' || rval[i] === ',') { candidate = i; } } return rval; } function ltrim(str) { return str.replace(/^\s+/, ''); } /***/ }), /***/ 7014: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Partial implementation of PKCS#1 v2.2: RSA-OEAP * * Modified but based on the following MIT and BSD licensed code: * * https://github.com/kjur/jsjws/blob/master/rsa.js: * * The 'jsjws'(JSON Web Signature JavaScript Library) License * * Copyright (c) 2012 Kenji Urushima * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * http://webrsa.cvs.sourceforge.net/viewvc/webrsa/Client/RSAES-OAEP.js?content-type=text%2Fplain: * * RSAES-OAEP.js * $Id: RSAES-OAEP.js,v 1.1.1.1 2003/03/19 15:37:20 ellispritchard Exp $ * JavaScript Implementation of PKCS #1 v2.1 RSA CRYPTOGRAPHY STANDARD (RSA Laboratories, June 14, 2002) * Copyright (C) Ellis Pritchard, Guardian Unlimited 2003. * Contact: ellis@nukinetics.com * Distributed under the BSD License. * * Official documentation: http://www.rsa.com/rsalabs/node.asp?id=2125 * * @author Evan Jones (http://evanjones.ca/) * @author Dave Longley * * Copyright (c) 2013-2014 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(8339); __nccwpck_require__(7821); __nccwpck_require__(279); // shortcut for PKCS#1 API var pkcs1 = module.exports = forge.pkcs1 = forge.pkcs1 || {}; /** * Encode the given RSAES-OAEP message (M) using key, with optional label (L) * and seed. * * This method does not perform RSA encryption, it only encodes the message * using RSAES-OAEP. * * @param key the RSA key to use. * @param message the message to encode. * @param options the options to use: * label an optional label to use. * seed the seed to use. * md the message digest object to use, undefined for SHA-1. * mgf1 optional mgf1 parameters: * md the message digest object to use for MGF1. * * @return the encoded message bytes. */ pkcs1.encode_rsa_oaep = function(key, message, options) { // parse arguments var label; var seed; var md; var mgf1Md; // legacy args (label, seed, md) if(typeof options === 'string') { label = options; seed = arguments[3] || undefined; md = arguments[4] || undefined; } else if(options) { label = options.label || undefined; seed = options.seed || undefined; md = options.md || undefined; if(options.mgf1 && options.mgf1.md) { mgf1Md = options.mgf1.md; } } // default OAEP to SHA-1 message digest if(!md) { md = forge.md.sha1.create(); } else { md.start(); } // default MGF-1 to same as OAEP if(!mgf1Md) { mgf1Md = md; } // compute length in bytes and check output var keyLength = Math.ceil(key.n.bitLength() / 8); var maxLength = keyLength - 2 * md.digestLength - 2; if(message.length > maxLength) { var error = new Error('RSAES-OAEP input message length is too long.'); error.length = message.length; error.maxLength = maxLength; throw error; } if(!label) { label = ''; } md.update(label, 'raw'); var lHash = md.digest(); var PS = ''; var PS_length = maxLength - message.length; for(var i = 0; i < PS_length; i++) { PS += '\x00'; } var DB = lHash.getBytes() + PS + '\x01' + message; if(!seed) { seed = forge.random.getBytes(md.digestLength); } else if(seed.length !== md.digestLength) { var error = new Error('Invalid RSAES-OAEP seed. The seed length must ' + 'match the digest length.'); error.seedLength = seed.length; error.digestLength = md.digestLength; throw error; } var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md); var maskedDB = forge.util.xorBytes(DB, dbMask, DB.length); var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md); var maskedSeed = forge.util.xorBytes(seed, seedMask, seed.length); // return encoded message return '\x00' + maskedSeed + maskedDB; }; /** * Decode the given RSAES-OAEP encoded message (EM) using key, with optional * label (L). * * This method does not perform RSA decryption, it only decodes the message * using RSAES-OAEP. * * @param key the RSA key to use. * @param em the encoded message to decode. * @param options the options to use: * label an optional label to use. * md the message digest object to use for OAEP, undefined for SHA-1. * mgf1 optional mgf1 parameters: * md the message digest object to use for MGF1. * * @return the decoded message bytes. */ pkcs1.decode_rsa_oaep = function(key, em, options) { // parse args var label; var md; var mgf1Md; // legacy args if(typeof options === 'string') { label = options; md = arguments[3] || undefined; } else if(options) { label = options.label || undefined; md = options.md || undefined; if(options.mgf1 && options.mgf1.md) { mgf1Md = options.mgf1.md; } } // compute length in bytes var keyLength = Math.ceil(key.n.bitLength() / 8); if(em.length !== keyLength) { var error = new Error('RSAES-OAEP encoded message length is invalid.'); error.length = em.length; error.expectedLength = keyLength; throw error; } // default OAEP to SHA-1 message digest if(md === undefined) { md = forge.md.sha1.create(); } else { md.start(); } // default MGF-1 to same as OAEP if(!mgf1Md) { mgf1Md = md; } if(keyLength < 2 * md.digestLength + 2) { throw new Error('RSAES-OAEP key is too short for the hash function.'); } if(!label) { label = ''; } md.update(label, 'raw'); var lHash = md.digest().getBytes(); // split the message into its parts var y = em.charAt(0); var maskedSeed = em.substring(1, md.digestLength + 1); var maskedDB = em.substring(1 + md.digestLength); var seedMask = rsa_mgf1(maskedDB, md.digestLength, mgf1Md); var seed = forge.util.xorBytes(maskedSeed, seedMask, maskedSeed.length); var dbMask = rsa_mgf1(seed, keyLength - md.digestLength - 1, mgf1Md); var db = forge.util.xorBytes(maskedDB, dbMask, maskedDB.length); var lHashPrime = db.substring(0, md.digestLength); // constant time check that all values match what is expected var error = (y !== '\x00'); // constant time check lHash vs lHashPrime for(var i = 0; i < md.digestLength; ++i) { error |= (lHash.charAt(i) !== lHashPrime.charAt(i)); } // "constant time" find the 0x1 byte separating the padding (zeros) from the // message // TODO: It must be possible to do this in a better/smarter way? var in_ps = 1; var index = md.digestLength; for(var j = md.digestLength; j < db.length; j++) { var code = db.charCodeAt(j); var is_0 = (code & 0x1) ^ 0x1; // non-zero if not 0 or 1 in the ps section var error_mask = in_ps ? 0xfffe : 0x0000; error |= (code & error_mask); // latch in_ps to zero after we find 0x1 in_ps = in_ps & is_0; index += in_ps; } if(error || db.charCodeAt(index) !== 0x1) { throw new Error('Invalid RSAES-OAEP padding.'); } return db.substring(index + 1); }; function rsa_mgf1(seed, maskLength, hash) { // default to SHA-1 message digest if(!hash) { hash = forge.md.sha1.create(); } var t = ''; var count = Math.ceil(maskLength / hash.digestLength); for(var i = 0; i < count; ++i) { var c = String.fromCharCode( (i >> 24) & 0xFF, (i >> 16) & 0xFF, (i >> 8) & 0xFF, i & 0xFF); hash.start(); hash.update(seed + c); t += hash.digest().getBytes(); } return t.substring(0, maskLength); } /***/ }), /***/ 466: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Javascript implementation of PKCS#12. * * @author Dave Longley * @author Stefan Siegl * * Copyright (c) 2010-2014 Digital Bazaar, Inc. * Copyright (c) 2012 Stefan Siegl * * The ASN.1 representation of PKCS#12 is as follows * (see ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12-tc1.pdf for details) * * PFX ::= SEQUENCE { * version INTEGER {v3(3)}(v3,...), * authSafe ContentInfo, * macData MacData OPTIONAL * } * * MacData ::= SEQUENCE { * mac DigestInfo, * macSalt OCTET STRING, * iterations INTEGER DEFAULT 1 * } * Note: The iterations default is for historical reasons and its use is * deprecated. A higher value, like 1024, is recommended. * * DigestInfo is defined in PKCS#7 as follows: * * DigestInfo ::= SEQUENCE { * digestAlgorithm DigestAlgorithmIdentifier, * digest Digest * } * * DigestAlgorithmIdentifier ::= AlgorithmIdentifier * * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters * for the algorithm, if any. In the case of SHA1 there is none. * * AlgorithmIdentifer ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL * } * * Digest ::= OCTET STRING * * * ContentInfo ::= SEQUENCE { * contentType ContentType, * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL * } * * ContentType ::= OBJECT IDENTIFIER * * AuthenticatedSafe ::= SEQUENCE OF ContentInfo * -- Data if unencrypted * -- EncryptedData if password-encrypted * -- EnvelopedData if public key-encrypted * * * SafeContents ::= SEQUENCE OF SafeBag * * SafeBag ::= SEQUENCE { * bagId BAG-TYPE.&id ({PKCS12BagSet}) * bagValue [0] EXPLICIT BAG-TYPE.&Type({PKCS12BagSet}{@bagId}), * bagAttributes SET OF PKCS12Attribute OPTIONAL * } * * PKCS12Attribute ::= SEQUENCE { * attrId ATTRIBUTE.&id ({PKCS12AttrSet}), * attrValues SET OF ATTRIBUTE.&Type ({PKCS12AttrSet}{@attrId}) * } -- This type is compatible with the X.500 type 'Attribute' * * PKCS12AttrSet ATTRIBUTE ::= { * friendlyName | -- from PKCS #9 * localKeyId, -- from PKCS #9 * ... -- Other attributes are allowed * } * * CertBag ::= SEQUENCE { * certId BAG-TYPE.&id ({CertTypes}), * certValue [0] EXPLICIT BAG-TYPE.&Type ({CertTypes}{@certId}) * } * * x509Certificate BAG-TYPE ::= {OCTET STRING IDENTIFIED BY {certTypes 1}} * -- DER-encoded X.509 certificate stored in OCTET STRING * * sdsiCertificate BAG-TYPE ::= {IA5String IDENTIFIED BY {certTypes 2}} * -- Base64-encoded SDSI certificate stored in IA5String * * CertTypes BAG-TYPE ::= { * x509Certificate | * sdsiCertificate, * ... -- For future extensions * } */ var forge = __nccwpck_require__(9177); __nccwpck_require__(9549); __nccwpck_require__(5104); __nccwpck_require__(1925); __nccwpck_require__(266); __nccwpck_require__(1281); __nccwpck_require__(7821); __nccwpck_require__(3921); __nccwpck_require__(279); __nccwpck_require__(8339); __nccwpck_require__(8180); // shortcut for asn.1 & PKI API var asn1 = forge.asn1; var pki = forge.pki; // shortcut for PKCS#12 API var p12 = module.exports = forge.pkcs12 = forge.pkcs12 || {}; var contentInfoValidator = { name: 'ContentInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, // a ContentInfo constructed: true, value: [{ name: 'ContentInfo.contentType', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'contentType' }, { name: 'ContentInfo.content', tagClass: asn1.Class.CONTEXT_SPECIFIC, constructed: true, captureAsn1: 'content' }] }; var pfxValidator = { name: 'PFX', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'PFX.version', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'version' }, contentInfoValidator, { name: 'PFX.macData', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, optional: true, captureAsn1: 'mac', value: [{ name: 'PFX.macData.mac', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, // DigestInfo constructed: true, value: [{ name: 'PFX.macData.mac.digestAlgorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, // DigestAlgorithmIdentifier constructed: true, value: [{ name: 'PFX.macData.mac.digestAlgorithm.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'macAlgorithm' }, { name: 'PFX.macData.mac.digestAlgorithm.parameters', tagClass: asn1.Class.UNIVERSAL, captureAsn1: 'macAlgorithmParameters' }] }, { name: 'PFX.macData.mac.digest', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, capture: 'macDigest' }] }, { name: 'PFX.macData.macSalt', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, capture: 'macSalt' }, { name: 'PFX.macData.iterations', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, optional: true, capture: 'macIterations' }] }] }; var safeBagValidator = { name: 'SafeBag', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'SafeBag.bagId', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'bagId' }, { name: 'SafeBag.bagValue', tagClass: asn1.Class.CONTEXT_SPECIFIC, constructed: true, captureAsn1: 'bagValue' }, { name: 'SafeBag.bagAttributes', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SET, constructed: true, optional: true, capture: 'bagAttributes' }] }; var attributeValidator = { name: 'Attribute', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'Attribute.attrId', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'oid' }, { name: 'Attribute.attrValues', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SET, constructed: true, capture: 'values' }] }; var certBagValidator = { name: 'CertBag', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'CertBag.certId', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'certId' }, { name: 'CertBag.certValue', tagClass: asn1.Class.CONTEXT_SPECIFIC, constructed: true, /* So far we only support X.509 certificates (which are wrapped in an OCTET STRING, hence hard code that here). */ value: [{ name: 'CertBag.certValue[0]', tagClass: asn1.Class.UNIVERSAL, type: asn1.Class.OCTETSTRING, constructed: false, capture: 'cert' }] }] }; /** * Search SafeContents structure for bags with matching attributes. * * The search can optionally be narrowed by a certain bag type. * * @param safeContents the SafeContents structure to search in. * @param attrName the name of the attribute to compare against. * @param attrValue the attribute value to search for. * @param [bagType] bag type to narrow search by. * * @return an array of matching bags. */ function _getBagsByAttribute(safeContents, attrName, attrValue, bagType) { var result = []; for(var i = 0; i < safeContents.length; i++) { for(var j = 0; j < safeContents[i].safeBags.length; j++) { var bag = safeContents[i].safeBags[j]; if(bagType !== undefined && bag.type !== bagType) { continue; } // only filter by bag type, no attribute specified if(attrName === null) { result.push(bag); continue; } if(bag.attributes[attrName] !== undefined && bag.attributes[attrName].indexOf(attrValue) >= 0) { result.push(bag); } } } return result; } /** * Converts a PKCS#12 PFX in ASN.1 notation into a PFX object. * * @param obj The PKCS#12 PFX in ASN.1 notation. * @param strict true to use strict DER decoding, false not to (default: true). * @param {String} password Password to decrypt with (optional). * * @return PKCS#12 PFX object. */ p12.pkcs12FromAsn1 = function(obj, strict, password) { // handle args if(typeof strict === 'string') { password = strict; strict = true; } else if(strict === undefined) { strict = true; } // validate PFX and capture data var capture = {}; var errors = []; if(!asn1.validate(obj, pfxValidator, capture, errors)) { var error = new Error('Cannot read PKCS#12 PFX. ' + 'ASN.1 object is not an PKCS#12 PFX.'); error.errors = error; throw error; } var pfx = { version: capture.version.charCodeAt(0), safeContents: [], /** * Gets bags with matching attributes. * * @param filter the attributes to filter by: * [localKeyId] the localKeyId to search for. * [localKeyIdHex] the localKeyId in hex to search for. * [friendlyName] the friendly name to search for. * [bagType] bag type to narrow each attribute search by. * * @return a map of attribute type to an array of matching bags or, if no * attribute was given but a bag type, the map key will be the * bag type. */ getBags: function(filter) { var rval = {}; var localKeyId; if('localKeyId' in filter) { localKeyId = filter.localKeyId; } else if('localKeyIdHex' in filter) { localKeyId = forge.util.hexToBytes(filter.localKeyIdHex); } // filter on bagType only if(localKeyId === undefined && !('friendlyName' in filter) && 'bagType' in filter) { rval[filter.bagType] = _getBagsByAttribute( pfx.safeContents, null, null, filter.bagType); } if(localKeyId !== undefined) { rval.localKeyId = _getBagsByAttribute( pfx.safeContents, 'localKeyId', localKeyId, filter.bagType); } if('friendlyName' in filter) { rval.friendlyName = _getBagsByAttribute( pfx.safeContents, 'friendlyName', filter.friendlyName, filter.bagType); } return rval; }, /** * DEPRECATED: use getBags() instead. * * Get bags with matching friendlyName attribute. * * @param friendlyName the friendly name to search for. * @param [bagType] bag type to narrow search by. * * @return an array of bags with matching friendlyName attribute. */ getBagsByFriendlyName: function(friendlyName, bagType) { return _getBagsByAttribute( pfx.safeContents, 'friendlyName', friendlyName, bagType); }, /** * DEPRECATED: use getBags() instead. * * Get bags with matching localKeyId attribute. * * @param localKeyId the localKeyId to search for. * @param [bagType] bag type to narrow search by. * * @return an array of bags with matching localKeyId attribute. */ getBagsByLocalKeyId: function(localKeyId, bagType) { return _getBagsByAttribute( pfx.safeContents, 'localKeyId', localKeyId, bagType); } }; if(capture.version.charCodeAt(0) !== 3) { var error = new Error('PKCS#12 PFX of version other than 3 not supported.'); error.version = capture.version.charCodeAt(0); throw error; } if(asn1.derToOid(capture.contentType) !== pki.oids.data) { var error = new Error('Only PKCS#12 PFX in password integrity mode supported.'); error.oid = asn1.derToOid(capture.contentType); throw error; } var data = capture.content.value[0]; if(data.tagClass !== asn1.Class.UNIVERSAL || data.type !== asn1.Type.OCTETSTRING) { throw new Error('PKCS#12 authSafe content data is not an OCTET STRING.'); } data = _decodePkcs7Data(data); // check for MAC if(capture.mac) { var md = null; var macKeyBytes = 0; var macAlgorithm = asn1.derToOid(capture.macAlgorithm); switch(macAlgorithm) { case pki.oids.sha1: md = forge.md.sha1.create(); macKeyBytes = 20; break; case pki.oids.sha256: md = forge.md.sha256.create(); macKeyBytes = 32; break; case pki.oids.sha384: md = forge.md.sha384.create(); macKeyBytes = 48; break; case pki.oids.sha512: md = forge.md.sha512.create(); macKeyBytes = 64; break; case pki.oids.md5: md = forge.md.md5.create(); macKeyBytes = 16; break; } if(md === null) { throw new Error('PKCS#12 uses unsupported MAC algorithm: ' + macAlgorithm); } // verify MAC (iterations default to 1) var macSalt = new forge.util.ByteBuffer(capture.macSalt); var macIterations = (('macIterations' in capture) ? parseInt(forge.util.bytesToHex(capture.macIterations), 16) : 1); var macKey = p12.generateKey( password, macSalt, 3, macIterations, macKeyBytes, md); var mac = forge.hmac.create(); mac.start(md, macKey); mac.update(data.value); var macValue = mac.getMac(); if(macValue.getBytes() !== capture.macDigest) { throw new Error('PKCS#12 MAC could not be verified. Invalid password?'); } } _decodeAuthenticatedSafe(pfx, data.value, strict, password); return pfx; }; /** * Decodes PKCS#7 Data. PKCS#7 (RFC 2315) defines "Data" as an OCTET STRING, * but it is sometimes an OCTET STRING that is composed/constructed of chunks, * each its own OCTET STRING. This is BER-encoding vs. DER-encoding. This * function transforms this corner-case into the usual simple, * non-composed/constructed OCTET STRING. * * This function may be moved to ASN.1 at some point to better deal with * more BER-encoding issues, should they arise. * * @param data the ASN.1 Data object to transform. */ function _decodePkcs7Data(data) { // handle special case of "chunked" data content: an octet string composed // of other octet strings if(data.composed || data.constructed) { var value = forge.util.createBuffer(); for(var i = 0; i < data.value.length; ++i) { value.putBytes(data.value[i].value); } data.composed = data.constructed = false; data.value = value.getBytes(); } return data; } /** * Decode PKCS#12 AuthenticatedSafe (BER encoded) into PFX object. * * The AuthenticatedSafe is a BER-encoded SEQUENCE OF ContentInfo. * * @param pfx The PKCS#12 PFX object to fill. * @param {String} authSafe BER-encoded AuthenticatedSafe. * @param strict true to use strict DER decoding, false not to. * @param {String} password Password to decrypt with (optional). */ function _decodeAuthenticatedSafe(pfx, authSafe, strict, password) { authSafe = asn1.fromDer(authSafe, strict); /* actually it's BER encoded */ if(authSafe.tagClass !== asn1.Class.UNIVERSAL || authSafe.type !== asn1.Type.SEQUENCE || authSafe.constructed !== true) { throw new Error('PKCS#12 AuthenticatedSafe expected to be a ' + 'SEQUENCE OF ContentInfo'); } for(var i = 0; i < authSafe.value.length; i++) { var contentInfo = authSafe.value[i]; // validate contentInfo and capture data var capture = {}; var errors = []; if(!asn1.validate(contentInfo, contentInfoValidator, capture, errors)) { var error = new Error('Cannot read ContentInfo.'); error.errors = errors; throw error; } var obj = { encrypted: false }; var safeContents = null; var data = capture.content.value[0]; switch(asn1.derToOid(capture.contentType)) { case pki.oids.data: if(data.tagClass !== asn1.Class.UNIVERSAL || data.type !== asn1.Type.OCTETSTRING) { throw new Error('PKCS#12 SafeContents Data is not an OCTET STRING.'); } safeContents = _decodePkcs7Data(data).value; break; case pki.oids.encryptedData: safeContents = _decryptSafeContents(data, password); obj.encrypted = true; break; default: var error = new Error('Unsupported PKCS#12 contentType.'); error.contentType = asn1.derToOid(capture.contentType); throw error; } obj.safeBags = _decodeSafeContents(safeContents, strict, password); pfx.safeContents.push(obj); } } /** * Decrypt PKCS#7 EncryptedData structure. * * @param data ASN.1 encoded EncryptedContentInfo object. * @param password The user-provided password. * * @return The decrypted SafeContents (ASN.1 object). */ function _decryptSafeContents(data, password) { var capture = {}; var errors = []; if(!asn1.validate( data, forge.pkcs7.asn1.encryptedDataValidator, capture, errors)) { var error = new Error('Cannot read EncryptedContentInfo.'); error.errors = errors; throw error; } var oid = asn1.derToOid(capture.contentType); if(oid !== pki.oids.data) { var error = new Error( 'PKCS#12 EncryptedContentInfo ContentType is not Data.'); error.oid = oid; throw error; } // get cipher oid = asn1.derToOid(capture.encAlgorithm); var cipher = pki.pbe.getCipher(oid, capture.encParameter, password); // get encrypted data var encryptedContentAsn1 = _decodePkcs7Data(capture.encryptedContentAsn1); var encrypted = forge.util.createBuffer(encryptedContentAsn1.value); cipher.update(encrypted); if(!cipher.finish()) { throw new Error('Failed to decrypt PKCS#12 SafeContents.'); } return cipher.output.getBytes(); } /** * Decode PKCS#12 SafeContents (BER-encoded) into array of Bag objects. * * The safeContents is a BER-encoded SEQUENCE OF SafeBag. * * @param {String} safeContents BER-encoded safeContents. * @param strict true to use strict DER decoding, false not to. * @param {String} password Password to decrypt with (optional). * * @return {Array} Array of Bag objects. */ function _decodeSafeContents(safeContents, strict, password) { // if strict and no safe contents, return empty safes if(!strict && safeContents.length === 0) { return []; } // actually it's BER-encoded safeContents = asn1.fromDer(safeContents, strict); if(safeContents.tagClass !== asn1.Class.UNIVERSAL || safeContents.type !== asn1.Type.SEQUENCE || safeContents.constructed !== true) { throw new Error( 'PKCS#12 SafeContents expected to be a SEQUENCE OF SafeBag.'); } var res = []; for(var i = 0; i < safeContents.value.length; i++) { var safeBag = safeContents.value[i]; // validate SafeBag and capture data var capture = {}; var errors = []; if(!asn1.validate(safeBag, safeBagValidator, capture, errors)) { var error = new Error('Cannot read SafeBag.'); error.errors = errors; throw error; } /* Create bag object and push to result array. */ var bag = { type: asn1.derToOid(capture.bagId), attributes: _decodeBagAttributes(capture.bagAttributes) }; res.push(bag); var validator, decoder; var bagAsn1 = capture.bagValue.value[0]; switch(bag.type) { case pki.oids.pkcs8ShroudedKeyBag: /* bagAsn1 has a EncryptedPrivateKeyInfo, which we need to decrypt. Afterwards we can handle it like a keyBag, which is a PrivateKeyInfo. */ bagAsn1 = pki.decryptPrivateKeyInfo(bagAsn1, password); if(bagAsn1 === null) { throw new Error( 'Unable to decrypt PKCS#8 ShroudedKeyBag, wrong password?'); } /* fall through */ case pki.oids.keyBag: /* A PKCS#12 keyBag is a simple PrivateKeyInfo as understood by our PKI module, hence we don't have to do validation/capturing here, just pass what we already got. */ try { bag.key = pki.privateKeyFromAsn1(bagAsn1); } catch(e) { // ignore unknown key type, pass asn1 value bag.key = null; bag.asn1 = bagAsn1; } continue; /* Nothing more to do. */ case pki.oids.certBag: /* A PKCS#12 certBag can wrap both X.509 and sdsi certificates. Therefore put the SafeBag content through another validator to capture the fields. Afterwards check & store the results. */ validator = certBagValidator; decoder = function() { if(asn1.derToOid(capture.certId) !== pki.oids.x509Certificate) { var error = new Error( 'Unsupported certificate type, only X.509 supported.'); error.oid = asn1.derToOid(capture.certId); throw error; } // true=produce cert hash var certAsn1 = asn1.fromDer(capture.cert, strict); try { bag.cert = pki.certificateFromAsn1(certAsn1, true); } catch(e) { // ignore unknown cert type, pass asn1 value bag.cert = null; bag.asn1 = certAsn1; } }; break; default: var error = new Error('Unsupported PKCS#12 SafeBag type.'); error.oid = bag.type; throw error; } /* Validate SafeBag value (i.e. CertBag, etc.) and capture data if needed. */ if(validator !== undefined && !asn1.validate(bagAsn1, validator, capture, errors)) { var error = new Error('Cannot read PKCS#12 ' + validator.name); error.errors = errors; throw error; } /* Call decoder function from above to store the results. */ decoder(); } return res; } /** * Decode PKCS#12 SET OF PKCS12Attribute into JavaScript object. * * @param attributes SET OF PKCS12Attribute (ASN.1 object). * * @return the decoded attributes. */ function _decodeBagAttributes(attributes) { var decodedAttrs = {}; if(attributes !== undefined) { for(var i = 0; i < attributes.length; ++i) { var capture = {}; var errors = []; if(!asn1.validate(attributes[i], attributeValidator, capture, errors)) { var error = new Error('Cannot read PKCS#12 BagAttribute.'); error.errors = errors; throw error; } var oid = asn1.derToOid(capture.oid); if(pki.oids[oid] === undefined) { // unsupported attribute type, ignore. continue; } decodedAttrs[pki.oids[oid]] = []; for(var j = 0; j < capture.values.length; ++j) { decodedAttrs[pki.oids[oid]].push(capture.values[j].value); } } } return decodedAttrs; } /** * Wraps a private key and certificate in a PKCS#12 PFX wrapper. If a * password is provided then the private key will be encrypted. * * An entire certificate chain may also be included. To do this, pass * an array for the "cert" parameter where the first certificate is * the one that is paired with the private key and each subsequent one * verifies the previous one. The certificates may be in PEM format or * have been already parsed by Forge. * * @todo implement password-based-encryption for the whole package * * @param key the private key. * @param cert the certificate (may be an array of certificates in order * to specify a certificate chain). * @param password the password to use, null for none. * @param options: * algorithm the encryption algorithm to use * ('aes128', 'aes192', 'aes256', '3des'), defaults to 'aes128'. * count the iteration count to use. * saltSize the salt size to use. * useMac true to include a MAC, false not to, defaults to true. * localKeyId the local key ID to use, in hex. * friendlyName the friendly name to use. * generateLocalKeyId true to generate a random local key ID, * false not to, defaults to true. * * @return the PKCS#12 PFX ASN.1 object. */ p12.toPkcs12Asn1 = function(key, cert, password, options) { // set default options options = options || {}; options.saltSize = options.saltSize || 8; options.count = options.count || 2048; options.algorithm = options.algorithm || options.encAlgorithm || 'aes128'; if(!('useMac' in options)) { options.useMac = true; } if(!('localKeyId' in options)) { options.localKeyId = null; } if(!('generateLocalKeyId' in options)) { options.generateLocalKeyId = true; } var localKeyId = options.localKeyId; var bagAttrs; if(localKeyId !== null) { localKeyId = forge.util.hexToBytes(localKeyId); } else if(options.generateLocalKeyId) { // use SHA-1 of paired cert, if available if(cert) { var pairedCert = forge.util.isArray(cert) ? cert[0] : cert; if(typeof pairedCert === 'string') { pairedCert = pki.certificateFromPem(pairedCert); } var sha1 = forge.md.sha1.create(); sha1.update(asn1.toDer(pki.certificateToAsn1(pairedCert)).getBytes()); localKeyId = sha1.digest().getBytes(); } else { // FIXME: consider using SHA-1 of public key (which can be generated // from private key components), see: cert.generateSubjectKeyIdentifier // generate random bytes localKeyId = forge.random.getBytes(20); } } var attrs = []; if(localKeyId !== null) { attrs.push( // localKeyID asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // attrId asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(pki.oids.localKeyId).getBytes()), // attrValues asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, localKeyId) ]) ])); } if('friendlyName' in options) { attrs.push( // friendlyName asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // attrId asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(pki.oids.friendlyName).getBytes()), // attrValues asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BMPSTRING, false, options.friendlyName) ]) ])); } if(attrs.length > 0) { bagAttrs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, attrs); } // collect contents for AuthenticatedSafe var contents = []; // create safe bag(s) for certificate chain var chain = []; if(cert !== null) { if(forge.util.isArray(cert)) { chain = cert; } else { chain = [cert]; } } var certSafeBags = []; for(var i = 0; i < chain.length; ++i) { // convert cert from PEM as necessary cert = chain[i]; if(typeof cert === 'string') { cert = pki.certificateFromPem(cert); } // SafeBag var certBagAttrs = (i === 0) ? bagAttrs : undefined; var certAsn1 = pki.certificateToAsn1(cert); var certSafeBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // bagId asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(pki.oids.certBag).getBytes()), // bagValue asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ // CertBag asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // certId asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(pki.oids.x509Certificate).getBytes()), // certValue (x509Certificate) asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, asn1.toDer(certAsn1).getBytes()) ])])]), // bagAttributes (OPTIONAL) certBagAttrs ]); certSafeBags.push(certSafeBag); } if(certSafeBags.length > 0) { // SafeContents var certSafeContents = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, certSafeBags); // ContentInfo var certCI = // PKCS#7 ContentInfo asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // contentType asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, // OID for the content type is 'data' asn1.oidToDer(pki.oids.data).getBytes()), // content asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, asn1.toDer(certSafeContents).getBytes()) ]) ]); contents.push(certCI); } // create safe contents for private key var keyBag = null; if(key !== null) { // SafeBag var pkAsn1 = pki.wrapRsaPrivateKey(pki.privateKeyToAsn1(key)); if(password === null) { // no encryption keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // bagId asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(pki.oids.keyBag).getBytes()), // bagValue asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ // PrivateKeyInfo pkAsn1 ]), // bagAttributes (OPTIONAL) bagAttrs ]); } else { // encrypted PrivateKeyInfo keyBag = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // bagId asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(pki.oids.pkcs8ShroudedKeyBag).getBytes()), // bagValue asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ // EncryptedPrivateKeyInfo pki.encryptPrivateKeyInfo(pkAsn1, password, options) ]), // bagAttributes (OPTIONAL) bagAttrs ]); } // SafeContents var keySafeContents = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [keyBag]); // ContentInfo var keyCI = // PKCS#7 ContentInfo asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // contentType asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, // OID for the content type is 'data' asn1.oidToDer(pki.oids.data).getBytes()), // content asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, asn1.toDer(keySafeContents).getBytes()) ]) ]); contents.push(keyCI); } // create AuthenticatedSafe by stringing together the contents var safe = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, contents); var macData; if(options.useMac) { // MacData var sha1 = forge.md.sha1.create(); var macSalt = new forge.util.ByteBuffer( forge.random.getBytes(options.saltSize)); var count = options.count; // 160-bit key var key = p12.generateKey(password, macSalt, 3, count, 20); var mac = forge.hmac.create(); mac.start(sha1, key); mac.update(asn1.toDer(safe).getBytes()); var macValue = mac.getMac(); macData = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // mac DigestInfo asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // digestAlgorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // algorithm = SHA-1 asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(pki.oids.sha1).getBytes()), // parameters = Null asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '') ]), // digest asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, macValue.getBytes()) ]), // macSalt OCTET STRING asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, macSalt.getBytes()), // iterations INTEGER (XXX: Only support count < 65536) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(count).getBytes() ) ]); } // PFX return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // version (3) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(3).getBytes()), // PKCS#7 ContentInfo asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // contentType asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, // OID for the content type is 'data' asn1.oidToDer(pki.oids.data).getBytes()), // content asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, asn1.toDer(safe).getBytes()) ]) ]), macData ]); }; /** * Derives a PKCS#12 key. * * @param password the password to derive the key material from, null or * undefined for none. * @param salt the salt, as a ByteBuffer, to use. * @param id the PKCS#12 ID byte (1 = key material, 2 = IV, 3 = MAC). * @param iter the iteration count. * @param n the number of bytes to derive from the password. * @param md the message digest to use, defaults to SHA-1. * * @return a ByteBuffer with the bytes derived from the password. */ p12.generateKey = forge.pbe.generatePkcs12Key; /***/ }), /***/ 4829: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Javascript implementation of PKCS#7 v1.5. * * @author Stefan Siegl * @author Dave Longley * * Copyright (c) 2012 Stefan Siegl * Copyright (c) 2012-2015 Digital Bazaar, Inc. * * Currently this implementation only supports ContentType of EnvelopedData, * EncryptedData, or SignedData at the root level. The top level elements may * contain only a ContentInfo of ContentType Data, i.e. plain data. Further * nesting is not (yet) supported. * * The Forge validators for PKCS #7's ASN.1 structures are available from * a separate file pkcs7asn1.js, since those are referenced from other * PKCS standards like PKCS #12. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(7994); __nccwpck_require__(9549); __nccwpck_require__(7157); __nccwpck_require__(1925); __nccwpck_require__(154); __nccwpck_require__(266); __nccwpck_require__(7821); __nccwpck_require__(8339); __nccwpck_require__(8180); // shortcut for ASN.1 API var asn1 = forge.asn1; // shortcut for PKCS#7 API var p7 = module.exports = forge.pkcs7 = forge.pkcs7 || {}; /** * Converts a PKCS#7 message from PEM format. * * @param pem the PEM-formatted PKCS#7 message. * * @return the PKCS#7 message. */ p7.messageFromPem = function(pem) { var msg = forge.pem.decode(pem)[0]; if(msg.type !== 'PKCS7') { var error = new Error('Could not convert PKCS#7 message from PEM; PEM ' + 'header type is not "PKCS#7".'); error.headerType = msg.type; throw error; } if(msg.procType && msg.procType.type === 'ENCRYPTED') { throw new Error('Could not convert PKCS#7 message from PEM; PEM is encrypted.'); } // convert DER to ASN.1 object var obj = asn1.fromDer(msg.body); return p7.messageFromAsn1(obj); }; /** * Converts a PKCS#7 message to PEM format. * * @param msg The PKCS#7 message object * @param maxline The maximum characters per line, defaults to 64. * * @return The PEM-formatted PKCS#7 message. */ p7.messageToPem = function(msg, maxline) { // convert to ASN.1, then DER, then PEM-encode var pemObj = { type: 'PKCS7', body: asn1.toDer(msg.toAsn1()).getBytes() }; return forge.pem.encode(pemObj, {maxline: maxline}); }; /** * Converts a PKCS#7 message from an ASN.1 object. * * @param obj the ASN.1 representation of a ContentInfo. * * @return the PKCS#7 message. */ p7.messageFromAsn1 = function(obj) { // validate root level ContentInfo and capture data var capture = {}; var errors = []; if(!asn1.validate(obj, p7.asn1.contentInfoValidator, capture, errors)) { var error = new Error('Cannot read PKCS#7 message. ' + 'ASN.1 object is not an PKCS#7 ContentInfo.'); error.errors = errors; throw error; } var contentType = asn1.derToOid(capture.contentType); var msg; switch(contentType) { case forge.pki.oids.envelopedData: msg = p7.createEnvelopedData(); break; case forge.pki.oids.encryptedData: msg = p7.createEncryptedData(); break; case forge.pki.oids.signedData: msg = p7.createSignedData(); break; default: throw new Error('Cannot read PKCS#7 message. ContentType with OID ' + contentType + ' is not (yet) supported.'); } msg.fromAsn1(capture.content.value[0]); return msg; }; p7.createSignedData = function() { var msg = null; msg = { type: forge.pki.oids.signedData, version: 1, certificates: [], crls: [], // TODO: add json-formatted signer stuff here? signers: [], // populated during sign() digestAlgorithmIdentifiers: [], contentInfo: null, signerInfos: [], fromAsn1: function(obj) { // validate SignedData content block and capture data. _fromAsn1(msg, obj, p7.asn1.signedDataValidator); msg.certificates = []; msg.crls = []; msg.digestAlgorithmIdentifiers = []; msg.contentInfo = null; msg.signerInfos = []; if(msg.rawCapture.certificates) { var certs = msg.rawCapture.certificates.value; for(var i = 0; i < certs.length; ++i) { msg.certificates.push(forge.pki.certificateFromAsn1(certs[i])); } } // TODO: parse crls }, toAsn1: function() { // degenerate case with no content if(!msg.contentInfo) { msg.sign(); } var certs = []; for(var i = 0; i < msg.certificates.length; ++i) { certs.push(forge.pki.certificateToAsn1(msg.certificates[i])); } var crls = []; // TODO: implement CRLs // [0] SignedData var signedData = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // Version asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(msg.version).getBytes()), // DigestAlgorithmIdentifiers asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SET, true, msg.digestAlgorithmIdentifiers), // ContentInfo msg.contentInfo ]) ]); if(certs.length > 0) { // [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL signedData.value[0].value.push( asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, certs)); } if(crls.length > 0) { // [1] IMPLICIT CertificateRevocationLists OPTIONAL signedData.value[0].value.push( asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, crls)); } // SignerInfos signedData.value[0].value.push( asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, msg.signerInfos)); // ContentInfo return asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // ContentType asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(msg.type).getBytes()), // [0] SignedData signedData ]); }, /** * Add (another) entity to list of signers. * * Note: If authenticatedAttributes are provided, then, per RFC 2315, * they must include at least two attributes: content type and * message digest. The message digest attribute value will be * auto-calculated during signing and will be ignored if provided. * * Here's an example of providing these two attributes: * * forge.pkcs7.createSignedData(); * p7.addSigner({ * issuer: cert.issuer.attributes, * serialNumber: cert.serialNumber, * key: privateKey, * digestAlgorithm: forge.pki.oids.sha1, * authenticatedAttributes: [{ * type: forge.pki.oids.contentType, * value: forge.pki.oids.data * }, { * type: forge.pki.oids.messageDigest * }] * }); * * TODO: Support [subjectKeyIdentifier] as signer's ID. * * @param signer the signer information: * key the signer's private key. * [certificate] a certificate containing the public key * associated with the signer's private key; use this option as * an alternative to specifying signer.issuer and * signer.serialNumber. * [issuer] the issuer attributes (eg: cert.issuer.attributes). * [serialNumber] the signer's certificate's serial number in * hexadecimal (eg: cert.serialNumber). * [digestAlgorithm] the message digest OID, as a string, to use * (eg: forge.pki.oids.sha1). * [authenticatedAttributes] an optional array of attributes * to also sign along with the content. */ addSigner: function(signer) { var issuer = signer.issuer; var serialNumber = signer.serialNumber; if(signer.certificate) { var cert = signer.certificate; if(typeof cert === 'string') { cert = forge.pki.certificateFromPem(cert); } issuer = cert.issuer.attributes; serialNumber = cert.serialNumber; } var key = signer.key; if(!key) { throw new Error( 'Could not add PKCS#7 signer; no private key specified.'); } if(typeof key === 'string') { key = forge.pki.privateKeyFromPem(key); } // ensure OID known for digest algorithm var digestAlgorithm = signer.digestAlgorithm || forge.pki.oids.sha1; switch(digestAlgorithm) { case forge.pki.oids.sha1: case forge.pki.oids.sha256: case forge.pki.oids.sha384: case forge.pki.oids.sha512: case forge.pki.oids.md5: break; default: throw new Error( 'Could not add PKCS#7 signer; unknown message digest algorithm: ' + digestAlgorithm); } // if authenticatedAttributes is present, then the attributes // must contain at least PKCS #9 content-type and message-digest var authenticatedAttributes = signer.authenticatedAttributes || []; if(authenticatedAttributes.length > 0) { var contentType = false; var messageDigest = false; for(var i = 0; i < authenticatedAttributes.length; ++i) { var attr = authenticatedAttributes[i]; if(!contentType && attr.type === forge.pki.oids.contentType) { contentType = true; if(messageDigest) { break; } continue; } if(!messageDigest && attr.type === forge.pki.oids.messageDigest) { messageDigest = true; if(contentType) { break; } continue; } } if(!contentType || !messageDigest) { throw new Error('Invalid signer.authenticatedAttributes. If ' + 'signer.authenticatedAttributes is specified, then it must ' + 'contain at least two attributes, PKCS #9 content-type and ' + 'PKCS #9 message-digest.'); } } msg.signers.push({ key: key, version: 1, issuer: issuer, serialNumber: serialNumber, digestAlgorithm: digestAlgorithm, signatureAlgorithm: forge.pki.oids.rsaEncryption, signature: null, authenticatedAttributes: authenticatedAttributes, unauthenticatedAttributes: [] }); }, /** * Signs the content. * @param options Options to apply when signing: * [detached] boolean. If signing should be done in detached mode. Defaults to false. */ sign: function(options) { options = options || {}; // auto-generate content info if(typeof msg.content !== 'object' || msg.contentInfo === null) { // use Data ContentInfo msg.contentInfo = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // ContentType asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(forge.pki.oids.data).getBytes()) ]); // add actual content, if present if('content' in msg) { var content; if(msg.content instanceof forge.util.ByteBuffer) { content = msg.content.bytes(); } else if(typeof msg.content === 'string') { content = forge.util.encodeUtf8(msg.content); } if (options.detached) { msg.detachedContent = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, content); } else { msg.contentInfo.value.push( // [0] EXPLICIT content asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, content) ])); } } } // no signers, return early (degenerate case for certificate container) if(msg.signers.length === 0) { return; } // generate digest algorithm identifiers var mds = addDigestAlgorithmIds(); // generate signerInfos addSignerInfos(mds); }, verify: function() { throw new Error('PKCS#7 signature verification not yet implemented.'); }, /** * Add a certificate. * * @param cert the certificate to add. */ addCertificate: function(cert) { // convert from PEM if(typeof cert === 'string') { cert = forge.pki.certificateFromPem(cert); } msg.certificates.push(cert); }, /** * Add a certificate revokation list. * * @param crl the certificate revokation list to add. */ addCertificateRevokationList: function(crl) { throw new Error('PKCS#7 CRL support not yet implemented.'); } }; return msg; function addDigestAlgorithmIds() { var mds = {}; for(var i = 0; i < msg.signers.length; ++i) { var signer = msg.signers[i]; var oid = signer.digestAlgorithm; if(!(oid in mds)) { // content digest mds[oid] = forge.md[forge.pki.oids[oid]].create(); } if(signer.authenticatedAttributes.length === 0) { // no custom attributes to digest; use content message digest signer.md = mds[oid]; } else { // custom attributes to be digested; use own message digest // TODO: optimize to just copy message digest state if that // feature is ever supported with message digests signer.md = forge.md[forge.pki.oids[oid]].create(); } } // add unique digest algorithm identifiers msg.digestAlgorithmIdentifiers = []; for(var oid in mds) { msg.digestAlgorithmIdentifiers.push( // AlgorithmIdentifier asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // algorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(oid).getBytes()), // parameters (null) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '') ])); } return mds; } function addSignerInfos(mds) { var content; if (msg.detachedContent) { // Signature has been made in detached mode. content = msg.detachedContent; } else { // Note: ContentInfo is a SEQUENCE with 2 values, second value is // the content field and is optional for a ContentInfo but required here // since signers are present // get ContentInfo content content = msg.contentInfo.value[1]; // skip [0] EXPLICIT content wrapper content = content.value[0]; } if(!content) { throw new Error( 'Could not sign PKCS#7 message; there is no content to sign.'); } // get ContentInfo content type var contentType = asn1.derToOid(msg.contentInfo.value[0].value); // serialize content var bytes = asn1.toDer(content); // skip identifier and length per RFC 2315 9.3 // skip identifier (1 byte) bytes.getByte(); // read and discard length bytes asn1.getBerValueLength(bytes); bytes = bytes.getBytes(); // digest content DER value bytes for(var oid in mds) { mds[oid].start().update(bytes); } // sign content var signingTime = new Date(); for(var i = 0; i < msg.signers.length; ++i) { var signer = msg.signers[i]; if(signer.authenticatedAttributes.length === 0) { // if ContentInfo content type is not "Data", then // authenticatedAttributes must be present per RFC 2315 if(contentType !== forge.pki.oids.data) { throw new Error( 'Invalid signer; authenticatedAttributes must be present ' + 'when the ContentInfo content type is not PKCS#7 Data.'); } } else { // process authenticated attributes // [0] IMPLICIT signer.authenticatedAttributesAsn1 = asn1.create( asn1.Class.CONTEXT_SPECIFIC, 0, true, []); // per RFC 2315, attributes are to be digested using a SET container // not the above [0] IMPLICIT container var attrsAsn1 = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SET, true, []); for(var ai = 0; ai < signer.authenticatedAttributes.length; ++ai) { var attr = signer.authenticatedAttributes[ai]; if(attr.type === forge.pki.oids.messageDigest) { // use content message digest as value attr.value = mds[signer.digestAlgorithm].digest(); } else if(attr.type === forge.pki.oids.signingTime) { // auto-populate signing time if not already set if(!attr.value) { attr.value = signingTime; } } // convert to ASN.1 and push onto Attributes SET (for signing) and // onto authenticatedAttributesAsn1 to complete SignedData ASN.1 // TODO: optimize away duplication attrsAsn1.value.push(_attributeToAsn1(attr)); signer.authenticatedAttributesAsn1.value.push(_attributeToAsn1(attr)); } // DER-serialize and digest SET OF attributes only bytes = asn1.toDer(attrsAsn1).getBytes(); signer.md.start().update(bytes); } // sign digest signer.signature = signer.key.sign(signer.md, 'RSASSA-PKCS1-V1_5'); } // add signer info msg.signerInfos = _signersToAsn1(msg.signers); } }; /** * Creates an empty PKCS#7 message of type EncryptedData. * * @return the message. */ p7.createEncryptedData = function() { var msg = null; msg = { type: forge.pki.oids.encryptedData, version: 0, encryptedContent: { algorithm: forge.pki.oids['aes256-CBC'] }, /** * Reads an EncryptedData content block (in ASN.1 format) * * @param obj The ASN.1 representation of the EncryptedData content block */ fromAsn1: function(obj) { // Validate EncryptedData content block and capture data. _fromAsn1(msg, obj, p7.asn1.encryptedDataValidator); }, /** * Decrypt encrypted content * * @param key The (symmetric) key as a byte buffer */ decrypt: function(key) { if(key !== undefined) { msg.encryptedContent.key = key; } _decryptContent(msg); } }; return msg; }; /** * Creates an empty PKCS#7 message of type EnvelopedData. * * @return the message. */ p7.createEnvelopedData = function() { var msg = null; msg = { type: forge.pki.oids.envelopedData, version: 0, recipients: [], encryptedContent: { algorithm: forge.pki.oids['aes256-CBC'] }, /** * Reads an EnvelopedData content block (in ASN.1 format) * * @param obj the ASN.1 representation of the EnvelopedData content block. */ fromAsn1: function(obj) { // validate EnvelopedData content block and capture data var capture = _fromAsn1(msg, obj, p7.asn1.envelopedDataValidator); msg.recipients = _recipientsFromAsn1(capture.recipientInfos.value); }, toAsn1: function() { // ContentInfo return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // ContentType asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(msg.type).getBytes()), // [0] EnvelopedData asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // Version asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(msg.version).getBytes()), // RecipientInfos asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, _recipientsToAsn1(msg.recipients)), // EncryptedContentInfo asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, _encryptedContentToAsn1(msg.encryptedContent)) ]) ]) ]); }, /** * Find recipient by X.509 certificate's issuer. * * @param cert the certificate with the issuer to look for. * * @return the recipient object. */ findRecipient: function(cert) { var sAttr = cert.issuer.attributes; for(var i = 0; i < msg.recipients.length; ++i) { var r = msg.recipients[i]; var rAttr = r.issuer; if(r.serialNumber !== cert.serialNumber) { continue; } if(rAttr.length !== sAttr.length) { continue; } var match = true; for(var j = 0; j < sAttr.length; ++j) { if(rAttr[j].type !== sAttr[j].type || rAttr[j].value !== sAttr[j].value) { match = false; break; } } if(match) { return r; } } return null; }, /** * Decrypt enveloped content * * @param recipient The recipient object related to the private key * @param privKey The (RSA) private key object */ decrypt: function(recipient, privKey) { if(msg.encryptedContent.key === undefined && recipient !== undefined && privKey !== undefined) { switch(recipient.encryptedContent.algorithm) { case forge.pki.oids.rsaEncryption: case forge.pki.oids.desCBC: var key = privKey.decrypt(recipient.encryptedContent.content); msg.encryptedContent.key = forge.util.createBuffer(key); break; default: throw new Error('Unsupported asymmetric cipher, ' + 'OID ' + recipient.encryptedContent.algorithm); } } _decryptContent(msg); }, /** * Add (another) entity to list of recipients. * * @param cert The certificate of the entity to add. */ addRecipient: function(cert) { msg.recipients.push({ version: 0, issuer: cert.issuer.attributes, serialNumber: cert.serialNumber, encryptedContent: { // We simply assume rsaEncryption here, since forge.pki only // supports RSA so far. If the PKI module supports other // ciphers one day, we need to modify this one as well. algorithm: forge.pki.oids.rsaEncryption, key: cert.publicKey } }); }, /** * Encrypt enveloped content. * * This function supports two optional arguments, cipher and key, which * can be used to influence symmetric encryption. Unless cipher is * provided, the cipher specified in encryptedContent.algorithm is used * (defaults to AES-256-CBC). If no key is provided, encryptedContent.key * is (re-)used. If that one's not set, a random key will be generated * automatically. * * @param [key] The key to be used for symmetric encryption. * @param [cipher] The OID of the symmetric cipher to use. */ encrypt: function(key, cipher) { // Part 1: Symmetric encryption if(msg.encryptedContent.content === undefined) { cipher = cipher || msg.encryptedContent.algorithm; key = key || msg.encryptedContent.key; var keyLen, ivLen, ciphFn; switch(cipher) { case forge.pki.oids['aes128-CBC']: keyLen = 16; ivLen = 16; ciphFn = forge.aes.createEncryptionCipher; break; case forge.pki.oids['aes192-CBC']: keyLen = 24; ivLen = 16; ciphFn = forge.aes.createEncryptionCipher; break; case forge.pki.oids['aes256-CBC']: keyLen = 32; ivLen = 16; ciphFn = forge.aes.createEncryptionCipher; break; case forge.pki.oids['des-EDE3-CBC']: keyLen = 24; ivLen = 8; ciphFn = forge.des.createEncryptionCipher; break; default: throw new Error('Unsupported symmetric cipher, OID ' + cipher); } if(key === undefined) { key = forge.util.createBuffer(forge.random.getBytes(keyLen)); } else if(key.length() != keyLen) { throw new Error('Symmetric key has wrong length; ' + 'got ' + key.length() + ' bytes, expected ' + keyLen + '.'); } // Keep a copy of the key & IV in the object, so the caller can // use it for whatever reason. msg.encryptedContent.algorithm = cipher; msg.encryptedContent.key = key; msg.encryptedContent.parameter = forge.util.createBuffer( forge.random.getBytes(ivLen)); var ciph = ciphFn(key); ciph.start(msg.encryptedContent.parameter.copy()); ciph.update(msg.content); // The finish function does PKCS#7 padding by default, therefore // no action required by us. if(!ciph.finish()) { throw new Error('Symmetric encryption failed.'); } msg.encryptedContent.content = ciph.output; } // Part 2: asymmetric encryption for each recipient for(var i = 0; i < msg.recipients.length; ++i) { var recipient = msg.recipients[i]; // Nothing to do, encryption already done. if(recipient.encryptedContent.content !== undefined) { continue; } switch(recipient.encryptedContent.algorithm) { case forge.pki.oids.rsaEncryption: recipient.encryptedContent.content = recipient.encryptedContent.key.encrypt( msg.encryptedContent.key.data); break; default: throw new Error('Unsupported asymmetric cipher, OID ' + recipient.encryptedContent.algorithm); } } } }; return msg; }; /** * Converts a single recipient from an ASN.1 object. * * @param obj the ASN.1 RecipientInfo. * * @return the recipient object. */ function _recipientFromAsn1(obj) { // validate EnvelopedData content block and capture data var capture = {}; var errors = []; if(!asn1.validate(obj, p7.asn1.recipientInfoValidator, capture, errors)) { var error = new Error('Cannot read PKCS#7 RecipientInfo. ' + 'ASN.1 object is not an PKCS#7 RecipientInfo.'); error.errors = errors; throw error; } return { version: capture.version.charCodeAt(0), issuer: forge.pki.RDNAttributesAsArray(capture.issuer), serialNumber: forge.util.createBuffer(capture.serial).toHex(), encryptedContent: { algorithm: asn1.derToOid(capture.encAlgorithm), parameter: capture.encParameter ? capture.encParameter.value : undefined, content: capture.encKey } }; } /** * Converts a single recipient object to an ASN.1 object. * * @param obj the recipient object. * * @return the ASN.1 RecipientInfo. */ function _recipientToAsn1(obj) { return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // Version asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(obj.version).getBytes()), // IssuerAndSerialNumber asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // Name forge.pki.distinguishedNameToAsn1({attributes: obj.issuer}), // Serial asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, forge.util.hexToBytes(obj.serialNumber)) ]), // KeyEncryptionAlgorithmIdentifier asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // Algorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(obj.encryptedContent.algorithm).getBytes()), // Parameter, force NULL, only RSA supported for now. asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '') ]), // EncryptedKey asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, obj.encryptedContent.content) ]); } /** * Map a set of RecipientInfo ASN.1 objects to recipient objects. * * @param infos an array of ASN.1 representations RecipientInfo (i.e. SET OF). * * @return an array of recipient objects. */ function _recipientsFromAsn1(infos) { var ret = []; for(var i = 0; i < infos.length; ++i) { ret.push(_recipientFromAsn1(infos[i])); } return ret; } /** * Map an array of recipient objects to ASN.1 RecipientInfo objects. * * @param recipients an array of recipientInfo objects. * * @return an array of ASN.1 RecipientInfos. */ function _recipientsToAsn1(recipients) { var ret = []; for(var i = 0; i < recipients.length; ++i) { ret.push(_recipientToAsn1(recipients[i])); } return ret; } /** * Converts a single signer from an ASN.1 object. * * @param obj the ASN.1 representation of a SignerInfo. * * @return the signer object. */ function _signerFromAsn1(obj) { // validate EnvelopedData content block and capture data var capture = {}; var errors = []; if(!asn1.validate(obj, p7.asn1.signerInfoValidator, capture, errors)) { var error = new Error('Cannot read PKCS#7 SignerInfo. ' + 'ASN.1 object is not an PKCS#7 SignerInfo.'); error.errors = errors; throw error; } var rval = { version: capture.version.charCodeAt(0), issuer: forge.pki.RDNAttributesAsArray(capture.issuer), serialNumber: forge.util.createBuffer(capture.serial).toHex(), digestAlgorithm: asn1.derToOid(capture.digestAlgorithm), signatureAlgorithm: asn1.derToOid(capture.signatureAlgorithm), signature: capture.signature, authenticatedAttributes: [], unauthenticatedAttributes: [] }; // TODO: convert attributes var authenticatedAttributes = capture.authenticatedAttributes || []; var unauthenticatedAttributes = capture.unauthenticatedAttributes || []; return rval; } /** * Converts a single signerInfo object to an ASN.1 object. * * @param obj the signerInfo object. * * @return the ASN.1 representation of a SignerInfo. */ function _signerToAsn1(obj) { // SignerInfo var rval = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // version asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(obj.version).getBytes()), // issuerAndSerialNumber asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // name forge.pki.distinguishedNameToAsn1({attributes: obj.issuer}), // serial asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, forge.util.hexToBytes(obj.serialNumber)) ]), // digestAlgorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // algorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(obj.digestAlgorithm).getBytes()), // parameters (null) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '') ]) ]); // authenticatedAttributes (OPTIONAL) if(obj.authenticatedAttributesAsn1) { // add ASN.1 previously generated during signing rval.value.push(obj.authenticatedAttributesAsn1); } // digestEncryptionAlgorithm rval.value.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // algorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(obj.signatureAlgorithm).getBytes()), // parameters (null) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '') ])); // encryptedDigest rval.value.push(asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, obj.signature)); // unauthenticatedAttributes (OPTIONAL) if(obj.unauthenticatedAttributes.length > 0) { // [1] IMPLICIT var attrsAsn1 = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, []); for(var i = 0; i < obj.unauthenticatedAttributes.length; ++i) { var attr = obj.unauthenticatedAttributes[i]; attrsAsn1.values.push(_attributeToAsn1(attr)); } rval.value.push(attrsAsn1); } return rval; } /** * Map a set of SignerInfo ASN.1 objects to an array of signer objects. * * @param signerInfoAsn1s an array of ASN.1 SignerInfos (i.e. SET OF). * * @return an array of signers objects. */ function _signersFromAsn1(signerInfoAsn1s) { var ret = []; for(var i = 0; i < signerInfoAsn1s.length; ++i) { ret.push(_signerFromAsn1(signerInfoAsn1s[i])); } return ret; } /** * Map an array of signer objects to ASN.1 objects. * * @param signers an array of signer objects. * * @return an array of ASN.1 SignerInfos. */ function _signersToAsn1(signers) { var ret = []; for(var i = 0; i < signers.length; ++i) { ret.push(_signerToAsn1(signers[i])); } return ret; } /** * Convert an attribute object to an ASN.1 Attribute. * * @param attr the attribute object. * * @return the ASN.1 Attribute. */ function _attributeToAsn1(attr) { var value; // TODO: generalize to support more attributes if(attr.type === forge.pki.oids.contentType) { value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(attr.value).getBytes()); } else if(attr.type === forge.pki.oids.messageDigest) { value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, attr.value.bytes()); } else if(attr.type === forge.pki.oids.signingTime) { /* Note per RFC 2985: Dates between 1 January 1950 and 31 December 2049 (inclusive) MUST be encoded as UTCTime. Any dates with year values before 1950 or after 2049 MUST be encoded as GeneralizedTime. [Further,] UTCTime values MUST be expressed in Greenwich Mean Time (Zulu) and MUST include seconds (i.e., times are YYMMDDHHMMSSZ), even where the number of seconds is zero. Midnight (GMT) must be represented as "YYMMDD000000Z". */ // TODO: make these module-level constants var jan_1_1950 = new Date('1950-01-01T00:00:00Z'); var jan_1_2050 = new Date('2050-01-01T00:00:00Z'); var date = attr.value; if(typeof date === 'string') { // try to parse date var timestamp = Date.parse(date); if(!isNaN(timestamp)) { date = new Date(timestamp); } else if(date.length === 13) { // YYMMDDHHMMSSZ (13 chars for UTCTime) date = asn1.utcTimeToDate(date); } else { // assume generalized time date = asn1.generalizedTimeToDate(date); } } if(date >= jan_1_1950 && date < jan_1_2050) { value = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false, asn1.dateToUtcTime(date)); } else { value = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.GENERALIZEDTIME, false, asn1.dateToGeneralizedTime(date)); } } // TODO: expose as common API call // create a RelativeDistinguishedName set // each value in the set is an AttributeTypeAndValue first // containing the type (an OID) and second the value return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // AttributeType asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(attr.type).getBytes()), asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ // AttributeValue value ]) ]); } /** * Map messages encrypted content to ASN.1 objects. * * @param ec The encryptedContent object of the message. * * @return ASN.1 representation of the encryptedContent object (SEQUENCE). */ function _encryptedContentToAsn1(ec) { return [ // ContentType, always Data for the moment asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(forge.pki.oids.data).getBytes()), // ContentEncryptionAlgorithmIdentifier asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // Algorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(ec.algorithm).getBytes()), // Parameters (IV) !ec.parameter ? undefined : asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, ec.parameter.getBytes()) ]), // [0] EncryptedContent asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, ec.content.getBytes()) ]) ]; } /** * Reads the "common part" of an PKCS#7 content block (in ASN.1 format) * * This function reads the "common part" of the PKCS#7 content blocks * EncryptedData and EnvelopedData, i.e. version number and symmetrically * encrypted content block. * * The result of the ASN.1 validate and capture process is returned * to allow the caller to extract further data, e.g. the list of recipients * in case of a EnvelopedData object. * * @param msg the PKCS#7 object to read the data to. * @param obj the ASN.1 representation of the content block. * @param validator the ASN.1 structure validator object to use. * * @return the value map captured by validator object. */ function _fromAsn1(msg, obj, validator) { var capture = {}; var errors = []; if(!asn1.validate(obj, validator, capture, errors)) { var error = new Error('Cannot read PKCS#7 message. ' + 'ASN.1 object is not a supported PKCS#7 message.'); error.errors = error; throw error; } // Check contentType, so far we only support (raw) Data. var contentType = asn1.derToOid(capture.contentType); if(contentType !== forge.pki.oids.data) { throw new Error('Unsupported PKCS#7 message. ' + 'Only wrapped ContentType Data supported.'); } if(capture.encryptedContent) { var content = ''; if(forge.util.isArray(capture.encryptedContent)) { for(var i = 0; i < capture.encryptedContent.length; ++i) { if(capture.encryptedContent[i].type !== asn1.Type.OCTETSTRING) { throw new Error('Malformed PKCS#7 message, expecting encrypted ' + 'content constructed of only OCTET STRING objects.'); } content += capture.encryptedContent[i].value; } } else { content = capture.encryptedContent; } msg.encryptedContent = { algorithm: asn1.derToOid(capture.encAlgorithm), parameter: forge.util.createBuffer(capture.encParameter.value), content: forge.util.createBuffer(content) }; } if(capture.content) { var content = ''; if(forge.util.isArray(capture.content)) { for(var i = 0; i < capture.content.length; ++i) { if(capture.content[i].type !== asn1.Type.OCTETSTRING) { throw new Error('Malformed PKCS#7 message, expecting ' + 'content constructed of only OCTET STRING objects.'); } content += capture.content[i].value; } } else { content = capture.content; } msg.content = forge.util.createBuffer(content); } msg.version = capture.version.charCodeAt(0); msg.rawCapture = capture; return capture; } /** * Decrypt the symmetrically encrypted content block of the PKCS#7 message. * * Decryption is skipped in case the PKCS#7 message object already has a * (decrypted) content attribute. The algorithm, key and cipher parameters * (probably the iv) are taken from the encryptedContent attribute of the * message object. * * @param The PKCS#7 message object. */ function _decryptContent(msg) { if(msg.encryptedContent.key === undefined) { throw new Error('Symmetric key not available.'); } if(msg.content === undefined) { var ciph; switch(msg.encryptedContent.algorithm) { case forge.pki.oids['aes128-CBC']: case forge.pki.oids['aes192-CBC']: case forge.pki.oids['aes256-CBC']: ciph = forge.aes.createDecryptionCipher(msg.encryptedContent.key); break; case forge.pki.oids['desCBC']: case forge.pki.oids['des-EDE3-CBC']: ciph = forge.des.createDecryptionCipher(msg.encryptedContent.key); break; default: throw new Error('Unsupported symmetric cipher, OID ' + msg.encryptedContent.algorithm); } ciph.start(msg.encryptedContent.parameter); ciph.update(msg.encryptedContent.content); if(!ciph.finish()) { throw new Error('Symmetric decryption failed.'); } msg.content = ciph.output; } } /***/ }), /***/ 266: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Javascript implementation of ASN.1 validators for PKCS#7 v1.5. * * @author Dave Longley * @author Stefan Siegl * * Copyright (c) 2012-2015 Digital Bazaar, Inc. * Copyright (c) 2012 Stefan Siegl * * The ASN.1 representation of PKCS#7 is as follows * (see RFC #2315 for details, http://www.ietf.org/rfc/rfc2315.txt): * * A PKCS#7 message consists of a ContentInfo on root level, which may * contain any number of further ContentInfo nested into it. * * ContentInfo ::= SEQUENCE { * contentType ContentType, * content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL * } * * ContentType ::= OBJECT IDENTIFIER * * EnvelopedData ::= SEQUENCE { * version Version, * recipientInfos RecipientInfos, * encryptedContentInfo EncryptedContentInfo * } * * EncryptedData ::= SEQUENCE { * version Version, * encryptedContentInfo EncryptedContentInfo * } * * id-signedData OBJECT IDENTIFIER ::= { iso(1) member-body(2) * us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2 } * * SignedData ::= SEQUENCE { * version INTEGER, * digestAlgorithms DigestAlgorithmIdentifiers, * contentInfo ContentInfo, * certificates [0] IMPLICIT Certificates OPTIONAL, * crls [1] IMPLICIT CertificateRevocationLists OPTIONAL, * signerInfos SignerInfos * } * * SignerInfos ::= SET OF SignerInfo * * SignerInfo ::= SEQUENCE { * version Version, * issuerAndSerialNumber IssuerAndSerialNumber, * digestAlgorithm DigestAlgorithmIdentifier, * authenticatedAttributes [0] IMPLICIT Attributes OPTIONAL, * digestEncryptionAlgorithm DigestEncryptionAlgorithmIdentifier, * encryptedDigest EncryptedDigest, * unauthenticatedAttributes [1] IMPLICIT Attributes OPTIONAL * } * * EncryptedDigest ::= OCTET STRING * * Attributes ::= SET OF Attribute * * Attribute ::= SEQUENCE { * attrType OBJECT IDENTIFIER, * attrValues SET OF AttributeValue * } * * AttributeValue ::= ANY * * Version ::= INTEGER * * RecipientInfos ::= SET OF RecipientInfo * * EncryptedContentInfo ::= SEQUENCE { * contentType ContentType, * contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, * encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL * } * * ContentEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier * * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters * for the algorithm, if any. In the case of AES and DES3, there is only one, * the IV. * * AlgorithmIdentifer ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL * } * * EncryptedContent ::= OCTET STRING * * RecipientInfo ::= SEQUENCE { * version Version, * issuerAndSerialNumber IssuerAndSerialNumber, * keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, * encryptedKey EncryptedKey * } * * IssuerAndSerialNumber ::= SEQUENCE { * issuer Name, * serialNumber CertificateSerialNumber * } * * CertificateSerialNumber ::= INTEGER * * KeyEncryptionAlgorithmIdentifier ::= AlgorithmIdentifier * * EncryptedKey ::= OCTET STRING */ var forge = __nccwpck_require__(9177); __nccwpck_require__(9549); __nccwpck_require__(8339); // shortcut for ASN.1 API var asn1 = forge.asn1; // shortcut for PKCS#7 API var p7v = module.exports = forge.pkcs7asn1 = forge.pkcs7asn1 || {}; forge.pkcs7 = forge.pkcs7 || {}; forge.pkcs7.asn1 = p7v; var contentInfoValidator = { name: 'ContentInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'ContentInfo.ContentType', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'contentType' }, { name: 'ContentInfo.content', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 0, constructed: true, optional: true, captureAsn1: 'content' }] }; p7v.contentInfoValidator = contentInfoValidator; var encryptedContentInfoValidator = { name: 'EncryptedContentInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'EncryptedContentInfo.contentType', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'contentType' }, { name: 'EncryptedContentInfo.contentEncryptionAlgorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'EncryptedContentInfo.contentEncryptionAlgorithm.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'encAlgorithm' }, { name: 'EncryptedContentInfo.contentEncryptionAlgorithm.parameter', tagClass: asn1.Class.UNIVERSAL, captureAsn1: 'encParameter' }] }, { name: 'EncryptedContentInfo.encryptedContent', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 0, /* The PKCS#7 structure output by OpenSSL somewhat differs from what * other implementations do generate. * * OpenSSL generates a structure like this: * SEQUENCE { * ... * [0] * 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38 * C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45 * ... * } * * Whereas other implementations (and this PKCS#7 module) generate: * SEQUENCE { * ... * [0] { * OCTET STRING * 26 DA 67 D2 17 9C 45 3C B1 2A A8 59 2F 29 33 38 * C3 C3 DF 86 71 74 7A 19 9F 40 D0 29 BE 85 90 45 * ... * } * } * * In order to support both, we just capture the context specific * field here. The OCTET STRING bit is removed below. */ capture: 'encryptedContent', captureAsn1: 'encryptedContentAsn1' }] }; p7v.envelopedDataValidator = { name: 'EnvelopedData', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'EnvelopedData.Version', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'version' }, { name: 'EnvelopedData.RecipientInfos', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SET, constructed: true, captureAsn1: 'recipientInfos' }].concat(encryptedContentInfoValidator) }; p7v.encryptedDataValidator = { name: 'EncryptedData', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'EncryptedData.Version', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'version' }].concat(encryptedContentInfoValidator) }; var signerValidator = { name: 'SignerInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'SignerInfo.version', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false }, { name: 'SignerInfo.issuerAndSerialNumber', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'SignerInfo.issuerAndSerialNumber.issuer', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, captureAsn1: 'issuer' }, { name: 'SignerInfo.issuerAndSerialNumber.serialNumber', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'serial' }] }, { name: 'SignerInfo.digestAlgorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'SignerInfo.digestAlgorithm.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'digestAlgorithm' }, { name: 'SignerInfo.digestAlgorithm.parameter', tagClass: asn1.Class.UNIVERSAL, constructed: false, captureAsn1: 'digestParameter', optional: true }] }, { name: 'SignerInfo.authenticatedAttributes', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 0, constructed: true, optional: true, capture: 'authenticatedAttributes' }, { name: 'SignerInfo.digestEncryptionAlgorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, capture: 'signatureAlgorithm' }, { name: 'SignerInfo.encryptedDigest', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, capture: 'signature' }, { name: 'SignerInfo.unauthenticatedAttributes', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 1, constructed: true, optional: true, capture: 'unauthenticatedAttributes' }] }; p7v.signedDataValidator = { name: 'SignedData', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'SignedData.Version', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'version' }, { name: 'SignedData.DigestAlgorithms', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SET, constructed: true, captureAsn1: 'digestAlgorithms' }, contentInfoValidator, { name: 'SignedData.Certificates', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 0, optional: true, captureAsn1: 'certificates' }, { name: 'SignedData.CertificateRevocationLists', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 1, optional: true, captureAsn1: 'crls' }, { name: 'SignedData.SignerInfos', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SET, capture: 'signerInfos', optional: true, value: [signerValidator] }] }; p7v.recipientInfoValidator = { name: 'RecipientInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'RecipientInfo.version', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'version' }, { name: 'RecipientInfo.issuerAndSerial', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'RecipientInfo.issuerAndSerial.issuer', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, captureAsn1: 'issuer' }, { name: 'RecipientInfo.issuerAndSerial.serialNumber', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'serial' }] }, { name: 'RecipientInfo.keyEncryptionAlgorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'RecipientInfo.keyEncryptionAlgorithm.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'encAlgorithm' }, { name: 'RecipientInfo.keyEncryptionAlgorithm.parameter', tagClass: asn1.Class.UNIVERSAL, constructed: false, captureAsn1: 'encParameter', optional: true }] }, { name: 'RecipientInfo.encryptedKey', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, capture: 'encKey' }] }; /***/ }), /***/ 6924: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Javascript implementation of a basic Public Key Infrastructure, including * support for RSA public and private keys. * * @author Dave Longley * * Copyright (c) 2010-2013 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(9549); __nccwpck_require__(1925); __nccwpck_require__(1281); __nccwpck_require__(154); __nccwpck_require__(1611); __nccwpck_require__(466); __nccwpck_require__(4376); __nccwpck_require__(3921); __nccwpck_require__(8339); __nccwpck_require__(8180); // shortcut for asn.1 API var asn1 = forge.asn1; /* Public Key Infrastructure (PKI) implementation. */ var pki = module.exports = forge.pki = forge.pki || {}; /** * NOTE: THIS METHOD IS DEPRECATED. Use pem.decode() instead. * * Converts PEM-formatted data to DER. * * @param pem the PEM-formatted data. * * @return the DER-formatted data. */ pki.pemToDer = function(pem) { var msg = forge.pem.decode(pem)[0]; if(msg.procType && msg.procType.type === 'ENCRYPTED') { throw new Error('Could not convert PEM to DER; PEM is encrypted.'); } return forge.util.createBuffer(msg.body); }; /** * Converts an RSA private key from PEM format. * * @param pem the PEM-formatted private key. * * @return the private key. */ pki.privateKeyFromPem = function(pem) { var msg = forge.pem.decode(pem)[0]; if(msg.type !== 'PRIVATE KEY' && msg.type !== 'RSA PRIVATE KEY') { var error = new Error('Could not convert private key from PEM; PEM ' + 'header type is not "PRIVATE KEY" or "RSA PRIVATE KEY".'); error.headerType = msg.type; throw error; } if(msg.procType && msg.procType.type === 'ENCRYPTED') { throw new Error('Could not convert private key from PEM; PEM is encrypted.'); } // convert DER to ASN.1 object var obj = asn1.fromDer(msg.body); return pki.privateKeyFromAsn1(obj); }; /** * Converts an RSA private key to PEM format. * * @param key the private key. * @param maxline the maximum characters per line, defaults to 64. * * @return the PEM-formatted private key. */ pki.privateKeyToPem = function(key, maxline) { // convert to ASN.1, then DER, then PEM-encode var msg = { type: 'RSA PRIVATE KEY', body: asn1.toDer(pki.privateKeyToAsn1(key)).getBytes() }; return forge.pem.encode(msg, {maxline: maxline}); }; /** * Converts a PrivateKeyInfo to PEM format. * * @param pki the PrivateKeyInfo. * @param maxline the maximum characters per line, defaults to 64. * * @return the PEM-formatted private key. */ pki.privateKeyInfoToPem = function(pki, maxline) { // convert to DER, then PEM-encode var msg = { type: 'PRIVATE KEY', body: asn1.toDer(pki).getBytes() }; return forge.pem.encode(msg, {maxline: maxline}); }; /***/ }), /***/ 6861: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Prime number generation API. * * @author Dave Longley * * Copyright (c) 2014 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(8339); __nccwpck_require__(7052); __nccwpck_require__(7821); (function() { // forge.prime already defined if(forge.prime) { module.exports = forge.prime; return; } /* PRIME API */ var prime = module.exports = forge.prime = forge.prime || {}; var BigInteger = forge.jsbn.BigInteger; // primes are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29 var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2]; var THIRTY = new BigInteger(null); THIRTY.fromInt(30); var op_or = function(x, y) {return x|y;}; /** * Generates a random probable prime with the given number of bits. * * Alternative algorithms can be specified by name as a string or as an * object with custom options like so: * * { * name: 'PRIMEINC', * options: { * maxBlockTime: , * millerRabinTests: , * workerScript: , * workers: . * workLoad: the size of the work load, ie: number of possible prime * numbers for each web worker to check per work assignment, * (default: 100). * } * } * * @param bits the number of bits for the prime number. * @param options the options to use. * [algorithm] the algorithm to use (default: 'PRIMEINC'). * [prng] a custom crypto-secure pseudo-random number generator to use, * that must define "getBytesSync". * * @return callback(err, num) called once the operation completes. */ prime.generateProbablePrime = function(bits, options, callback) { if(typeof options === 'function') { callback = options; options = {}; } options = options || {}; // default to PRIMEINC algorithm var algorithm = options.algorithm || 'PRIMEINC'; if(typeof algorithm === 'string') { algorithm = {name: algorithm}; } algorithm.options = algorithm.options || {}; // create prng with api that matches BigInteger secure random var prng = options.prng || forge.random; var rng = { // x is an array to fill with bytes nextBytes: function(x) { var b = prng.getBytesSync(x.length); for(var i = 0; i < x.length; ++i) { x[i] = b.charCodeAt(i); } } }; if(algorithm.name === 'PRIMEINC') { return primeincFindPrime(bits, rng, algorithm.options, callback); } throw new Error('Invalid prime generation algorithm: ' + algorithm.name); }; function primeincFindPrime(bits, rng, options, callback) { if('workers' in options) { return primeincFindPrimeWithWorkers(bits, rng, options, callback); } return primeincFindPrimeWithoutWorkers(bits, rng, options, callback); } function primeincFindPrimeWithoutWorkers(bits, rng, options, callback) { // initialize random number var num = generateRandom(bits, rng); /* Note: All primes are of the form 30k+i for i < 30 and gcd(30, i)=1. The number we are given is always aligned at 30k + 1. Each time the number is determined not to be prime we add to get to the next 'i', eg: if the number was at 30k + 1 we add 6. */ var deltaIdx = 0; // get required number of MR tests var mrTests = getMillerRabinTests(num.bitLength()); if('millerRabinTests' in options) { mrTests = options.millerRabinTests; } // find prime nearest to 'num' for maxBlockTime ms // 10 ms gives 5ms of leeway for other calculations before dropping // below 60fps (1000/60 == 16.67), but in reality, the number will // likely be higher due to an 'atomic' big int modPow var maxBlockTime = 10; if('maxBlockTime' in options) { maxBlockTime = options.maxBlockTime; } _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback); } function _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback) { var start = +new Date(); do { // overflow, regenerate random number if(num.bitLength() > bits) { num = generateRandom(bits, rng); } // do primality test if(num.isProbablePrime(mrTests)) { return callback(null, num); } // get next potential prime num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0); } while(maxBlockTime < 0 || (+new Date() - start < maxBlockTime)); // keep trying later forge.util.setImmediate(function() { _primeinc(num, bits, rng, deltaIdx, mrTests, maxBlockTime, callback); }); } // NOTE: This algorithm is indeterminate in nature because workers // run in parallel looking at different segments of numbers. Even if this // algorithm is run twice with the same input from a predictable RNG, it // may produce different outputs. function primeincFindPrimeWithWorkers(bits, rng, options, callback) { // web workers unavailable if(typeof Worker === 'undefined') { return primeincFindPrimeWithoutWorkers(bits, rng, options, callback); } // initialize random number var num = generateRandom(bits, rng); // use web workers to generate keys var numWorkers = options.workers; var workLoad = options.workLoad || 100; var range = workLoad * 30 / 8; var workerScript = options.workerScript || 'forge/prime.worker.js'; if(numWorkers === -1) { return forge.util.estimateCores(function(err, cores) { if(err) { // default to 2 cores = 2; } numWorkers = cores - 1; generate(); }); } generate(); function generate() { // require at least 1 worker numWorkers = Math.max(1, numWorkers); // TODO: consider optimizing by starting workers outside getPrime() ... // note that in order to clean up they will have to be made internally // asynchronous which may actually be slower // start workers immediately var workers = []; for(var i = 0; i < numWorkers; ++i) { // FIXME: fix path or use blob URLs workers[i] = new Worker(workerScript); } var running = numWorkers; // listen for requests from workers and assign ranges to find prime for(var i = 0; i < numWorkers; ++i) { workers[i].addEventListener('message', workerMessage); } /* Note: The distribution of random numbers is unknown. Therefore, each web worker is continuously allocated a range of numbers to check for a random number until one is found. Every 30 numbers will be checked just 8 times, because prime numbers have the form: 30k+i, for i < 30 and gcd(30, i)=1 (there are 8 values of i for this) Therefore, if we want a web worker to run N checks before asking for a new range of numbers, each range must contain N*30/8 numbers. For 100 checks (workLoad), this is a range of 375. */ var found = false; function workerMessage(e) { // ignore message, prime already found if(found) { return; } --running; var data = e.data; if(data.found) { // terminate all workers for(var i = 0; i < workers.length; ++i) { workers[i].terminate(); } found = true; return callback(null, new BigInteger(data.prime, 16)); } // overflow, regenerate random number if(num.bitLength() > bits) { num = generateRandom(bits, rng); } // assign new range to check var hex = num.toString(16); // start prime search e.target.postMessage({ hex: hex, workLoad: workLoad }); num.dAddOffset(range, 0); } } } /** * Generates a random number using the given number of bits and RNG. * * @param bits the number of bits for the number. * @param rng the random number generator to use. * * @return the random number. */ function generateRandom(bits, rng) { var num = new BigInteger(bits, rng); // force MSB set var bits1 = bits - 1; if(!num.testBit(bits1)) { num.bitwiseTo(BigInteger.ONE.shiftLeft(bits1), op_or, num); } // align number on 30k+1 boundary num.dAddOffset(31 - num.mod(THIRTY).byteValue(), 0); return num; } /** * Returns the required number of Miller-Rabin tests to generate a * prime with an error probability of (1/2)^80. * * See Handbook of Applied Cryptography Chapter 4, Table 4.4. * * @param bits the bit size. * * @return the required number of iterations. */ function getMillerRabinTests(bits) { if(bits <= 100) return 27; if(bits <= 150) return 18; if(bits <= 200) return 15; if(bits <= 250) return 12; if(bits <= 300) return 9; if(bits <= 350) return 8; if(bits <= 400) return 7; if(bits <= 500) return 6; if(bits <= 600) return 5; if(bits <= 800) return 4; if(bits <= 1250) return 3; return 2; } })(); /***/ }), /***/ 4467: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * A javascript implementation of a cryptographically-secure * Pseudo Random Number Generator (PRNG). The Fortuna algorithm is followed * here though the use of SHA-256 is not enforced; when generating an * a PRNG context, the hashing algorithm and block cipher used for * the generator are specified via a plugin. * * @author Dave Longley * * Copyright (c) 2010-2014 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(8339); var _crypto = null; if(forge.util.isNodejs && !forge.options.usePureJavaScript && !process.versions['node-webkit']) { _crypto = __nccwpck_require__(6417); } /* PRNG API */ var prng = module.exports = forge.prng = forge.prng || {}; /** * Creates a new PRNG context. * * A PRNG plugin must be passed in that will provide: * * 1. A function that initializes the key and seed of a PRNG context. It * will be given a 16 byte key and a 16 byte seed. Any key expansion * or transformation of the seed from a byte string into an array of * integers (or similar) should be performed. * 2. The cryptographic function used by the generator. It takes a key and * a seed. * 3. A seed increment function. It takes the seed and returns seed + 1. * 4. An api to create a message digest. * * For an example, see random.js. * * @param plugin the PRNG plugin to use. */ prng.create = function(plugin) { var ctx = { plugin: plugin, key: null, seed: null, time: null, // number of reseeds so far reseeds: 0, // amount of data generated so far generated: 0, // no initial key bytes keyBytes: '' }; // create 32 entropy pools (each is a message digest) var md = plugin.md; var pools = new Array(32); for(var i = 0; i < 32; ++i) { pools[i] = md.create(); } ctx.pools = pools; // entropy pools are written to cyclically, starting at index 0 ctx.pool = 0; /** * Generates random bytes. The bytes may be generated synchronously or * asynchronously. Web workers must use the asynchronous interface or * else the behavior is undefined. * * @param count the number of random bytes to generate. * @param [callback(err, bytes)] called once the operation completes. * * @return count random bytes as a string. */ ctx.generate = function(count, callback) { // do synchronously if(!callback) { return ctx.generateSync(count); } // simple generator using counter-based CBC var cipher = ctx.plugin.cipher; var increment = ctx.plugin.increment; var formatKey = ctx.plugin.formatKey; var formatSeed = ctx.plugin.formatSeed; var b = forge.util.createBuffer(); // paranoid deviation from Fortuna: // reset key for every request to protect previously // generated random bytes should the key be discovered; // there is no 100ms based reseeding because of this // forced reseed for every `generate` call ctx.key = null; generate(); function generate(err) { if(err) { return callback(err); } // sufficient bytes generated if(b.length() >= count) { return callback(null, b.getBytes(count)); } // if amount of data generated is greater than 1 MiB, trigger reseed if(ctx.generated > 0xfffff) { ctx.key = null; } if(ctx.key === null) { // prevent stack overflow return forge.util.nextTick(function() { _reseed(generate); }); } // generate the random bytes var bytes = cipher(ctx.key, ctx.seed); ctx.generated += bytes.length; b.putBytes(bytes); // generate bytes for a new key and seed ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed))); ctx.seed = formatSeed(cipher(ctx.key, ctx.seed)); forge.util.setImmediate(generate); } }; /** * Generates random bytes synchronously. * * @param count the number of random bytes to generate. * * @return count random bytes as a string. */ ctx.generateSync = function(count) { // simple generator using counter-based CBC var cipher = ctx.plugin.cipher; var increment = ctx.plugin.increment; var formatKey = ctx.plugin.formatKey; var formatSeed = ctx.plugin.formatSeed; // paranoid deviation from Fortuna: // reset key for every request to protect previously // generated random bytes should the key be discovered; // there is no 100ms based reseeding because of this // forced reseed for every `generateSync` call ctx.key = null; var b = forge.util.createBuffer(); while(b.length() < count) { // if amount of data generated is greater than 1 MiB, trigger reseed if(ctx.generated > 0xfffff) { ctx.key = null; } if(ctx.key === null) { _reseedSync(); } // generate the random bytes var bytes = cipher(ctx.key, ctx.seed); ctx.generated += bytes.length; b.putBytes(bytes); // generate bytes for a new key and seed ctx.key = formatKey(cipher(ctx.key, increment(ctx.seed))); ctx.seed = formatSeed(cipher(ctx.key, ctx.seed)); } return b.getBytes(count); }; /** * Private function that asynchronously reseeds a generator. * * @param callback(err) called once the operation completes. */ function _reseed(callback) { if(ctx.pools[0].messageLength >= 32) { _seed(); return callback(); } // not enough seed data... var needed = (32 - ctx.pools[0].messageLength) << 5; ctx.seedFile(needed, function(err, bytes) { if(err) { return callback(err); } ctx.collect(bytes); _seed(); callback(); }); } /** * Private function that synchronously reseeds a generator. */ function _reseedSync() { if(ctx.pools[0].messageLength >= 32) { return _seed(); } // not enough seed data... var needed = (32 - ctx.pools[0].messageLength) << 5; ctx.collect(ctx.seedFileSync(needed)); _seed(); } /** * Private function that seeds a generator once enough bytes are available. */ function _seed() { // update reseed count ctx.reseeds = (ctx.reseeds === 0xffffffff) ? 0 : ctx.reseeds + 1; // goal is to update `key` via: // key = hash(key + s) // where 's' is all collected entropy from selected pools, then... // create a plugin-based message digest var md = ctx.plugin.md.create(); // consume current key bytes md.update(ctx.keyBytes); // digest the entropy of pools whose index k meet the // condition 'n mod 2^k == 0' where n is the number of reseeds var _2powK = 1; for(var k = 0; k < 32; ++k) { if(ctx.reseeds % _2powK === 0) { md.update(ctx.pools[k].digest().getBytes()); ctx.pools[k].start(); } _2powK = _2powK << 1; } // get digest for key bytes ctx.keyBytes = md.digest().getBytes(); // paranoid deviation from Fortuna: // update `seed` via `seed = hash(key)` // instead of initializing to zero once and only // ever incrementing it md.start(); md.update(ctx.keyBytes); var seedBytes = md.digest().getBytes(); // update state ctx.key = ctx.plugin.formatKey(ctx.keyBytes); ctx.seed = ctx.plugin.formatSeed(seedBytes); ctx.generated = 0; } /** * The built-in default seedFile. This seedFile is used when entropy * is needed immediately. * * @param needed the number of bytes that are needed. * * @return the random bytes. */ function defaultSeedFile(needed) { // use window.crypto.getRandomValues strong source of entropy if available var getRandomValues = null; var globalScope = forge.util.globalScope; var _crypto = globalScope.crypto || globalScope.msCrypto; if(_crypto && _crypto.getRandomValues) { getRandomValues = function(arr) { return _crypto.getRandomValues(arr); }; } var b = forge.util.createBuffer(); if(getRandomValues) { while(b.length() < needed) { // max byte length is 65536 before QuotaExceededError is thrown // http://www.w3.org/TR/WebCryptoAPI/#RandomSource-method-getRandomValues var count = Math.max(1, Math.min(needed - b.length(), 65536) / 4); var entropy = new Uint32Array(Math.floor(count)); try { getRandomValues(entropy); for(var i = 0; i < entropy.length; ++i) { b.putInt32(entropy[i]); } } catch(e) { /* only ignore QuotaExceededError */ if(!(typeof QuotaExceededError !== 'undefined' && e instanceof QuotaExceededError)) { throw e; } } } } // be sad and add some weak random data if(b.length() < needed) { /* Draws from Park-Miller "minimal standard" 31 bit PRNG, implemented with David G. Carta's optimization: with 32 bit math and without division (Public Domain). */ var hi, lo, next; var seed = Math.floor(Math.random() * 0x010000); while(b.length() < needed) { lo = 16807 * (seed & 0xFFFF); hi = 16807 * (seed >> 16); lo += (hi & 0x7FFF) << 16; lo += hi >> 15; lo = (lo & 0x7FFFFFFF) + (lo >> 31); seed = lo & 0xFFFFFFFF; // consume lower 3 bytes of seed for(var i = 0; i < 3; ++i) { // throw in more pseudo random next = seed >>> (i << 3); next ^= Math.floor(Math.random() * 0x0100); b.putByte(next & 0xFF); } } } return b.getBytes(needed); } // initialize seed file APIs if(_crypto) { // use nodejs async API ctx.seedFile = function(needed, callback) { _crypto.randomBytes(needed, function(err, bytes) { if(err) { return callback(err); } callback(null, bytes.toString()); }); }; // use nodejs sync API ctx.seedFileSync = function(needed) { return _crypto.randomBytes(needed).toString(); }; } else { ctx.seedFile = function(needed, callback) { try { callback(null, defaultSeedFile(needed)); } catch(e) { callback(e); } }; ctx.seedFileSync = defaultSeedFile; } /** * Adds entropy to a prng ctx's accumulator. * * @param bytes the bytes of entropy as a string. */ ctx.collect = function(bytes) { // iterate over pools distributing entropy cyclically var count = bytes.length; for(var i = 0; i < count; ++i) { ctx.pools[ctx.pool].update(bytes.substr(i, 1)); ctx.pool = (ctx.pool === 31) ? 0 : ctx.pool + 1; } }; /** * Collects an integer of n bits. * * @param i the integer entropy. * @param n the number of bits in the integer. */ ctx.collectInt = function(i, n) { var bytes = ''; for(var x = 0; x < n; x += 8) { bytes += String.fromCharCode((i >> x) & 0xFF); } ctx.collect(bytes); }; /** * Registers a Web Worker to receive immediate entropy from the main thread. * This method is required until Web Workers can access the native crypto * API. This method should be called twice for each created worker, once in * the main thread, and once in the worker itself. * * @param worker the worker to register. */ ctx.registerWorker = function(worker) { // worker receives random bytes if(worker === self) { ctx.seedFile = function(needed, callback) { function listener(e) { var data = e.data; if(data.forge && data.forge.prng) { self.removeEventListener('message', listener); callback(data.forge.prng.err, data.forge.prng.bytes); } } self.addEventListener('message', listener); self.postMessage({forge: {prng: {needed: needed}}}); }; } else { // main thread sends random bytes upon request var listener = function(e) { var data = e.data; if(data.forge && data.forge.prng) { ctx.seedFile(data.forge.prng.needed, function(err, bytes) { worker.postMessage({forge: {prng: {err: err, bytes: bytes}}}); }); } }; // TODO: do we need to remove the event listener when the worker dies? worker.addEventListener('message', listener); } }; return ctx; }; /***/ }), /***/ 4376: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Javascript implementation of PKCS#1 PSS signature padding. * * @author Stefan Siegl * * Copyright (c) 2012 Stefan Siegl */ var forge = __nccwpck_require__(9177); __nccwpck_require__(7821); __nccwpck_require__(8339); // shortcut for PSS API var pss = module.exports = forge.pss = forge.pss || {}; /** * Creates a PSS signature scheme object. * * There are several ways to provide a salt for encoding: * * 1. Specify the saltLength only and the built-in PRNG will generate it. * 2. Specify the saltLength and a custom PRNG with 'getBytesSync' defined that * will be used. * 3. Specify the salt itself as a forge.util.ByteBuffer. * * @param options the options to use: * md the message digest object to use, a forge md instance. * mgf the mask generation function to use, a forge mgf instance. * [saltLength] the length of the salt in octets. * [prng] the pseudo-random number generator to use to produce a salt. * [salt] the salt to use when encoding. * * @return a signature scheme object. */ pss.create = function(options) { // backwards compatibility w/legacy args: hash, mgf, sLen if(arguments.length === 3) { options = { md: arguments[0], mgf: arguments[1], saltLength: arguments[2] }; } var hash = options.md; var mgf = options.mgf; var hLen = hash.digestLength; var salt_ = options.salt || null; if(typeof salt_ === 'string') { // assume binary-encoded string salt_ = forge.util.createBuffer(salt_); } var sLen; if('saltLength' in options) { sLen = options.saltLength; } else if(salt_ !== null) { sLen = salt_.length(); } else { throw new Error('Salt length not specified or specific salt not given.'); } if(salt_ !== null && salt_.length() !== sLen) { throw new Error('Given salt length does not match length of given salt.'); } var prng = options.prng || forge.random; var pssobj = {}; /** * Encodes a PSS signature. * * This function implements EMSA-PSS-ENCODE as per RFC 3447, section 9.1.1. * * @param md the message digest object with the hash to sign. * @param modsBits the length of the RSA modulus in bits. * * @return the encoded message as a binary-encoded string of length * ceil((modBits - 1) / 8). */ pssobj.encode = function(md, modBits) { var i; var emBits = modBits - 1; var emLen = Math.ceil(emBits / 8); /* 2. Let mHash = Hash(M), an octet string of length hLen. */ var mHash = md.digest().getBytes(); /* 3. If emLen < hLen + sLen + 2, output "encoding error" and stop. */ if(emLen < hLen + sLen + 2) { throw new Error('Message is too long to encrypt.'); } /* 4. Generate a random octet string salt of length sLen; if sLen = 0, * then salt is the empty string. */ var salt; if(salt_ === null) { salt = prng.getBytesSync(sLen); } else { salt = salt_.bytes(); } /* 5. Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt; */ var m_ = new forge.util.ByteBuffer(); m_.fillWithByte(0, 8); m_.putBytes(mHash); m_.putBytes(salt); /* 6. Let H = Hash(M'), an octet string of length hLen. */ hash.start(); hash.update(m_.getBytes()); var h = hash.digest().getBytes(); /* 7. Generate an octet string PS consisting of emLen - sLen - hLen - 2 * zero octets. The length of PS may be 0. */ var ps = new forge.util.ByteBuffer(); ps.fillWithByte(0, emLen - sLen - hLen - 2); /* 8. Let DB = PS || 0x01 || salt; DB is an octet string of length * emLen - hLen - 1. */ ps.putByte(0x01); ps.putBytes(salt); var db = ps.getBytes(); /* 9. Let dbMask = MGF(H, emLen - hLen - 1). */ var maskLen = emLen - hLen - 1; var dbMask = mgf.generate(h, maskLen); /* 10. Let maskedDB = DB \xor dbMask. */ var maskedDB = ''; for(i = 0; i < maskLen; i++) { maskedDB += String.fromCharCode(db.charCodeAt(i) ^ dbMask.charCodeAt(i)); } /* 11. Set the leftmost 8emLen - emBits bits of the leftmost octet in * maskedDB to zero. */ var mask = (0xFF00 >> (8 * emLen - emBits)) & 0xFF; maskedDB = String.fromCharCode(maskedDB.charCodeAt(0) & ~mask) + maskedDB.substr(1); /* 12. Let EM = maskedDB || H || 0xbc. * 13. Output EM. */ return maskedDB + h + String.fromCharCode(0xbc); }; /** * Verifies a PSS signature. * * This function implements EMSA-PSS-VERIFY as per RFC 3447, section 9.1.2. * * @param mHash the message digest hash, as a binary-encoded string, to * compare against the signature. * @param em the encoded message, as a binary-encoded string * (RSA decryption result). * @param modsBits the length of the RSA modulus in bits. * * @return true if the signature was verified, false if not. */ pssobj.verify = function(mHash, em, modBits) { var i; var emBits = modBits - 1; var emLen = Math.ceil(emBits / 8); /* c. Convert the message representative m to an encoded message EM * of length emLen = ceil((modBits - 1) / 8) octets, where modBits * is the length in bits of the RSA modulus n */ em = em.substr(-emLen); /* 3. If emLen < hLen + sLen + 2, output "inconsistent" and stop. */ if(emLen < hLen + sLen + 2) { throw new Error('Inconsistent parameters to PSS signature verification.'); } /* 4. If the rightmost octet of EM does not have hexadecimal value * 0xbc, output "inconsistent" and stop. */ if(em.charCodeAt(emLen - 1) !== 0xbc) { throw new Error('Encoded message does not end in 0xBC.'); } /* 5. Let maskedDB be the leftmost emLen - hLen - 1 octets of EM, and * let H be the next hLen octets. */ var maskLen = emLen - hLen - 1; var maskedDB = em.substr(0, maskLen); var h = em.substr(maskLen, hLen); /* 6. If the leftmost 8emLen - emBits bits of the leftmost octet in * maskedDB are not all equal to zero, output "inconsistent" and stop. */ var mask = (0xFF00 >> (8 * emLen - emBits)) & 0xFF; if((maskedDB.charCodeAt(0) & mask) !== 0) { throw new Error('Bits beyond keysize not zero as expected.'); } /* 7. Let dbMask = MGF(H, emLen - hLen - 1). */ var dbMask = mgf.generate(h, maskLen); /* 8. Let DB = maskedDB \xor dbMask. */ var db = ''; for(i = 0; i < maskLen; i++) { db += String.fromCharCode(maskedDB.charCodeAt(i) ^ dbMask.charCodeAt(i)); } /* 9. Set the leftmost 8emLen - emBits bits of the leftmost octet * in DB to zero. */ db = String.fromCharCode(db.charCodeAt(0) & ~mask) + db.substr(1); /* 10. If the emLen - hLen - sLen - 2 leftmost octets of DB are not zero * or if the octet at position emLen - hLen - sLen - 1 (the leftmost * position is "position 1") does not have hexadecimal value 0x01, * output "inconsistent" and stop. */ var checkLen = emLen - hLen - sLen - 2; for(i = 0; i < checkLen; i++) { if(db.charCodeAt(i) !== 0x00) { throw new Error('Leftmost octets not zero as expected'); } } if(db.charCodeAt(checkLen) !== 0x01) { throw new Error('Inconsistent PSS signature, 0x01 marker not found'); } /* 11. Let salt be the last sLen octets of DB. */ var salt = db.substr(-sLen); /* 12. Let M' = (0x)00 00 00 00 00 00 00 00 || mHash || salt */ var m_ = new forge.util.ByteBuffer(); m_.fillWithByte(0, 8); m_.putBytes(mHash); m_.putBytes(salt); /* 13. Let H' = Hash(M'), an octet string of length hLen. */ hash.start(); hash.update(m_.getBytes()); var h_ = hash.digest().getBytes(); /* 14. If H = H', output "consistent." Otherwise, output "inconsistent." */ return h === h_; }; return pssobj; }; /***/ }), /***/ 7821: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * An API for getting cryptographically-secure random bytes. The bytes are * generated using the Fortuna algorithm devised by Bruce Schneier and * Niels Ferguson. * * Getting strong random bytes is not yet easy to do in javascript. The only * truish random entropy that can be collected is from the mouse, keyboard, or * from timing with respect to page loads, etc. This generator makes a poor * attempt at providing random bytes when those sources haven't yet provided * enough entropy to initially seed or to reseed the PRNG. * * @author Dave Longley * * Copyright (c) 2009-2014 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(7994); __nccwpck_require__(4086); __nccwpck_require__(4467); __nccwpck_require__(8339); (function() { // forge.random already defined if(forge.random && forge.random.getBytes) { module.exports = forge.random; return; } (function(jQuery) { // the default prng plugin, uses AES-128 var prng_aes = {}; var _prng_aes_output = new Array(4); var _prng_aes_buffer = forge.util.createBuffer(); prng_aes.formatKey = function(key) { // convert the key into 32-bit integers var tmp = forge.util.createBuffer(key); key = new Array(4); key[0] = tmp.getInt32(); key[1] = tmp.getInt32(); key[2] = tmp.getInt32(); key[3] = tmp.getInt32(); // return the expanded key return forge.aes._expandKey(key, false); }; prng_aes.formatSeed = function(seed) { // convert seed into 32-bit integers var tmp = forge.util.createBuffer(seed); seed = new Array(4); seed[0] = tmp.getInt32(); seed[1] = tmp.getInt32(); seed[2] = tmp.getInt32(); seed[3] = tmp.getInt32(); return seed; }; prng_aes.cipher = function(key, seed) { forge.aes._updateBlock(key, seed, _prng_aes_output, false); _prng_aes_buffer.putInt32(_prng_aes_output[0]); _prng_aes_buffer.putInt32(_prng_aes_output[1]); _prng_aes_buffer.putInt32(_prng_aes_output[2]); _prng_aes_buffer.putInt32(_prng_aes_output[3]); return _prng_aes_buffer.getBytes(); }; prng_aes.increment = function(seed) { // FIXME: do we care about carry or signed issues? ++seed[3]; return seed; }; prng_aes.md = forge.md.sha256; /** * Creates a new PRNG. */ function spawnPrng() { var ctx = forge.prng.create(prng_aes); /** * Gets random bytes. If a native secure crypto API is unavailable, this * method tries to make the bytes more unpredictable by drawing from data that * can be collected from the user of the browser, eg: mouse movement. * * If a callback is given, this method will be called asynchronously. * * @param count the number of random bytes to get. * @param [callback(err, bytes)] called once the operation completes. * * @return the random bytes in a string. */ ctx.getBytes = function(count, callback) { return ctx.generate(count, callback); }; /** * Gets random bytes asynchronously. If a native secure crypto API is * unavailable, this method tries to make the bytes more unpredictable by * drawing from data that can be collected from the user of the browser, * eg: mouse movement. * * @param count the number of random bytes to get. * * @return the random bytes in a string. */ ctx.getBytesSync = function(count) { return ctx.generate(count); }; return ctx; } // create default prng context var _ctx = spawnPrng(); // add other sources of entropy only if window.crypto.getRandomValues is not // available -- otherwise this source will be automatically used by the prng var getRandomValues = null; var globalScope = forge.util.globalScope; var _crypto = globalScope.crypto || globalScope.msCrypto; if(_crypto && _crypto.getRandomValues) { getRandomValues = function(arr) { return _crypto.getRandomValues(arr); }; } if(forge.options.usePureJavaScript || (!forge.util.isNodejs && !getRandomValues)) { // if this is a web worker, do not use weak entropy, instead register to // receive strong entropy asynchronously from the main thread if(typeof window === 'undefined' || window.document === undefined) { // FIXME: } // get load time entropy _ctx.collectInt(+new Date(), 32); // add some entropy from navigator object if(typeof(navigator) !== 'undefined') { var _navBytes = ''; for(var key in navigator) { try { if(typeof(navigator[key]) == 'string') { _navBytes += navigator[key]; } } catch(e) { /* Some navigator keys might not be accessible, e.g. the geolocation attribute throws an exception if touched in Mozilla chrome:// context. Silently ignore this and just don't use this as a source of entropy. */ } } _ctx.collect(_navBytes); _navBytes = null; } // add mouse and keyboard collectors if jquery is available if(jQuery) { // set up mouse entropy capture jQuery().mousemove(function(e) { // add mouse coords _ctx.collectInt(e.clientX, 16); _ctx.collectInt(e.clientY, 16); }); // set up keyboard entropy capture jQuery().keypress(function(e) { _ctx.collectInt(e.charCode, 8); }); } } /* Random API */ if(!forge.random) { forge.random = _ctx; } else { // extend forge.random with _ctx for(var key in _ctx) { forge.random[key] = _ctx[key]; } } // expose spawn PRNG forge.random.createInstance = spawnPrng; module.exports = forge.random; })(typeof(jQuery) !== 'undefined' ? jQuery : null); })(); /***/ }), /***/ 9965: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * RC2 implementation. * * @author Stefan Siegl * * Copyright (c) 2012 Stefan Siegl * * Information on the RC2 cipher is available from RFC #2268, * http://www.ietf.org/rfc/rfc2268.txt */ var forge = __nccwpck_require__(9177); __nccwpck_require__(8339); var piTable = [ 0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79, 0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e, 0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5, 0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32, 0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22, 0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c, 0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f, 0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26, 0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b, 0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7, 0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde, 0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a, 0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e, 0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc, 0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85, 0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31, 0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10, 0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c, 0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b, 0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e, 0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68, 0xfe, 0x7f, 0xc1, 0xad ]; var s = [1, 2, 3, 5]; /** * Rotate a word left by given number of bits. * * Bits that are shifted out on the left are put back in on the right * hand side. * * @param word The word to shift left. * @param bits The number of bits to shift by. * @return The rotated word. */ var rol = function(word, bits) { return ((word << bits) & 0xffff) | ((word & 0xffff) >> (16 - bits)); }; /** * Rotate a word right by given number of bits. * * Bits that are shifted out on the right are put back in on the left * hand side. * * @param word The word to shift right. * @param bits The number of bits to shift by. * @return The rotated word. */ var ror = function(word, bits) { return ((word & 0xffff) >> bits) | ((word << (16 - bits)) & 0xffff); }; /* RC2 API */ module.exports = forge.rc2 = forge.rc2 || {}; /** * Perform RC2 key expansion as per RFC #2268, section 2. * * @param key variable-length user key (between 1 and 128 bytes) * @param effKeyBits number of effective key bits (default: 128) * @return the expanded RC2 key (ByteBuffer of 128 bytes) */ forge.rc2.expandKey = function(key, effKeyBits) { if(typeof key === 'string') { key = forge.util.createBuffer(key); } effKeyBits = effKeyBits || 128; /* introduce variables that match the names used in RFC #2268 */ var L = key; var T = key.length(); var T1 = effKeyBits; var T8 = Math.ceil(T1 / 8); var TM = 0xff >> (T1 & 0x07); var i; for(i = T; i < 128; i++) { L.putByte(piTable[(L.at(i - 1) + L.at(i - T)) & 0xff]); } L.setAt(128 - T8, piTable[L.at(128 - T8) & TM]); for(i = 127 - T8; i >= 0; i--) { L.setAt(i, piTable[L.at(i + 1) ^ L.at(i + T8)]); } return L; }; /** * Creates a RC2 cipher object. * * @param key the symmetric key to use (as base for key generation). * @param bits the number of effective key bits. * @param encrypt false for decryption, true for encryption. * * @return the cipher. */ var createCipher = function(key, bits, encrypt) { var _finish = false, _input = null, _output = null, _iv = null; var mixRound, mashRound; var i, j, K = []; /* Expand key and fill into K[] Array */ key = forge.rc2.expandKey(key, bits); for(i = 0; i < 64; i++) { K.push(key.getInt16Le()); } if(encrypt) { /** * Perform one mixing round "in place". * * @param R Array of four words to perform mixing on. */ mixRound = function(R) { for(i = 0; i < 4; i++) { R[i] += K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) + ((~R[(i + 3) % 4]) & R[(i + 1) % 4]); R[i] = rol(R[i], s[i]); j++; } }; /** * Perform one mashing round "in place". * * @param R Array of four words to perform mashing on. */ mashRound = function(R) { for(i = 0; i < 4; i++) { R[i] += K[R[(i + 3) % 4] & 63]; } }; } else { /** * Perform one r-mixing round "in place". * * @param R Array of four words to perform mixing on. */ mixRound = function(R) { for(i = 3; i >= 0; i--) { R[i] = ror(R[i], s[i]); R[i] -= K[j] + (R[(i + 3) % 4] & R[(i + 2) % 4]) + ((~R[(i + 3) % 4]) & R[(i + 1) % 4]); j--; } }; /** * Perform one r-mashing round "in place". * * @param R Array of four words to perform mashing on. */ mashRound = function(R) { for(i = 3; i >= 0; i--) { R[i] -= K[R[(i + 3) % 4] & 63]; } }; } /** * Run the specified cipher execution plan. * * This function takes four words from the input buffer, applies the IV on * it (if requested) and runs the provided execution plan. * * The plan must be put together in form of a array of arrays. Where the * outer one is simply a list of steps to perform and the inner one needs * to have two elements: the first one telling how many rounds to perform, * the second one telling what to do (i.e. the function to call). * * @param {Array} plan The plan to execute. */ var runPlan = function(plan) { var R = []; /* Get data from input buffer and fill the four words into R */ for(i = 0; i < 4; i++) { var val = _input.getInt16Le(); if(_iv !== null) { if(encrypt) { /* We're encrypting, apply the IV first. */ val ^= _iv.getInt16Le(); } else { /* We're decryption, keep cipher text for next block. */ _iv.putInt16Le(val); } } R.push(val & 0xffff); } /* Reset global "j" variable as per spec. */ j = encrypt ? 0 : 63; /* Run execution plan. */ for(var ptr = 0; ptr < plan.length; ptr++) { for(var ctr = 0; ctr < plan[ptr][0]; ctr++) { plan[ptr][1](R); } } /* Write back result to output buffer. */ for(i = 0; i < 4; i++) { if(_iv !== null) { if(encrypt) { /* We're encrypting in CBC-mode, feed back encrypted bytes into IV buffer to carry it forward to next block. */ _iv.putInt16Le(R[i]); } else { R[i] ^= _iv.getInt16Le(); } } _output.putInt16Le(R[i]); } }; /* Create cipher object */ var cipher = null; cipher = { /** * Starts or restarts the encryption or decryption process, whichever * was previously configured. * * To use the cipher in CBC mode, iv may be given either as a string * of bytes, or as a byte buffer. For ECB mode, give null as iv. * * @param iv the initialization vector to use, null for ECB mode. * @param output the output the buffer to write to, null to create one. */ start: function(iv, output) { if(iv) { /* CBC mode */ if(typeof iv === 'string') { iv = forge.util.createBuffer(iv); } } _finish = false; _input = forge.util.createBuffer(); _output = output || new forge.util.createBuffer(); _iv = iv; cipher.output = _output; }, /** * Updates the next block. * * @param input the buffer to read from. */ update: function(input) { if(!_finish) { // not finishing, so fill the input buffer with more input _input.putBuffer(input); } while(_input.length() >= 8) { runPlan([ [ 5, mixRound ], [ 1, mashRound ], [ 6, mixRound ], [ 1, mashRound ], [ 5, mixRound ] ]); } }, /** * Finishes encrypting or decrypting. * * @param pad a padding function to use, null for PKCS#7 padding, * signature(blockSize, buffer, decrypt). * * @return true if successful, false on error. */ finish: function(pad) { var rval = true; if(encrypt) { if(pad) { rval = pad(8, _input, !encrypt); } else { // add PKCS#7 padding to block (each pad byte is the // value of the number of pad bytes) var padding = (_input.length() === 8) ? 8 : (8 - _input.length()); _input.fillWithByte(padding, padding); } } if(rval) { // do final update _finish = true; cipher.update(); } if(!encrypt) { // check for error: input data not a multiple of block size rval = (_input.length() === 0); if(rval) { if(pad) { rval = pad(8, _output, !encrypt); } else { // ensure padding byte count is valid var len = _output.length(); var count = _output.at(len - 1); if(count > len) { rval = false; } else { // trim off padding bytes _output.truncate(count); } } } } return rval; } }; return cipher; }; /** * Creates an RC2 cipher object to encrypt data in ECB or CBC mode using the * given symmetric key. The output will be stored in the 'output' member * of the returned cipher. * * The key and iv may be given as a string of bytes or a byte buffer. * The cipher is initialized to use 128 effective key bits. * * @param key the symmetric key to use. * @param iv the initialization vector to use. * @param output the buffer to write to, null to create one. * * @return the cipher. */ forge.rc2.startEncrypting = function(key, iv, output) { var cipher = forge.rc2.createEncryptionCipher(key, 128); cipher.start(iv, output); return cipher; }; /** * Creates an RC2 cipher object to encrypt data in ECB or CBC mode using the * given symmetric key. * * The key may be given as a string of bytes or a byte buffer. * * To start encrypting call start() on the cipher with an iv and optional * output buffer. * * @param key the symmetric key to use. * * @return the cipher. */ forge.rc2.createEncryptionCipher = function(key, bits) { return createCipher(key, bits, true); }; /** * Creates an RC2 cipher object to decrypt data in ECB or CBC mode using the * given symmetric key. The output will be stored in the 'output' member * of the returned cipher. * * The key and iv may be given as a string of bytes or a byte buffer. * The cipher is initialized to use 128 effective key bits. * * @param key the symmetric key to use. * @param iv the initialization vector to use. * @param output the buffer to write to, null to create one. * * @return the cipher. */ forge.rc2.startDecrypting = function(key, iv, output) { var cipher = forge.rc2.createDecryptionCipher(key, 128); cipher.start(iv, output); return cipher; }; /** * Creates an RC2 cipher object to decrypt data in ECB or CBC mode using the * given symmetric key. * * The key may be given as a string of bytes or a byte buffer. * * To start decrypting call start() on the cipher with an iv and optional * output buffer. * * @param key the symmetric key to use. * * @return the cipher. */ forge.rc2.createDecryptionCipher = function(key, bits) { return createCipher(key, bits, false); }; /***/ }), /***/ 3921: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Javascript implementation of basic RSA algorithms. * * @author Dave Longley * * Copyright (c) 2010-2014 Digital Bazaar, Inc. * * The only algorithm currently supported for PKI is RSA. * * An RSA key is often stored in ASN.1 DER format. The SubjectPublicKeyInfo * ASN.1 structure is composed of an algorithm of type AlgorithmIdentifier * and a subjectPublicKey of type bit string. * * The AlgorithmIdentifier contains an Object Identifier (OID) and parameters * for the algorithm, if any. In the case of RSA, there aren't any. * * SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING * } * * AlgorithmIdentifer ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL * } * * For an RSA public key, the subjectPublicKey is: * * RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n * publicExponent INTEGER -- e * } * * PrivateKeyInfo ::= SEQUENCE { * version Version, * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, * privateKey PrivateKey, * attributes [0] IMPLICIT Attributes OPTIONAL * } * * Version ::= INTEGER * PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier * PrivateKey ::= OCTET STRING * Attributes ::= SET OF Attribute * * An RSA private key as the following structure: * * RSAPrivateKey ::= SEQUENCE { * version Version, * modulus INTEGER, -- n * publicExponent INTEGER, -- e * privateExponent INTEGER, -- d * prime1 INTEGER, -- p * prime2 INTEGER, -- q * exponent1 INTEGER, -- d mod (p-1) * exponent2 INTEGER, -- d mod (q-1) * coefficient INTEGER -- (inverse of q) mod p * } * * Version ::= INTEGER * * The OID for the RSA key algorithm is: 1.2.840.113549.1.1.1 */ var forge = __nccwpck_require__(9177); __nccwpck_require__(9549); __nccwpck_require__(7052); __nccwpck_require__(1925); __nccwpck_require__(7014); __nccwpck_require__(6861); __nccwpck_require__(7821); __nccwpck_require__(8339); if(typeof BigInteger === 'undefined') { var BigInteger = forge.jsbn.BigInteger; } var _crypto = forge.util.isNodejs ? __nccwpck_require__(6417) : null; // shortcut for asn.1 API var asn1 = forge.asn1; // shortcut for util API var util = forge.util; /* * RSA encryption and decryption, see RFC 2313. */ forge.pki = forge.pki || {}; module.exports = forge.pki.rsa = forge.rsa = forge.rsa || {}; var pki = forge.pki; // for finding primes, which are 30k+i for i = 1, 7, 11, 13, 17, 19, 23, 29 var GCD_30_DELTA = [6, 4, 2, 4, 2, 4, 6, 2]; // validator for a PrivateKeyInfo structure var privateKeyValidator = { // PrivateKeyInfo name: 'PrivateKeyInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ // Version (INTEGER) name: 'PrivateKeyInfo.version', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'privateKeyVersion' }, { // privateKeyAlgorithm name: 'PrivateKeyInfo.privateKeyAlgorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'AlgorithmIdentifier.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'privateKeyOid' }] }, { // PrivateKey name: 'PrivateKeyInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, capture: 'privateKey' }] }; // validator for an RSA private key var rsaPrivateKeyValidator = { // RSAPrivateKey name: 'RSAPrivateKey', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ // Version (INTEGER) name: 'RSAPrivateKey.version', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'privateKeyVersion' }, { // modulus (n) name: 'RSAPrivateKey.modulus', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'privateKeyModulus' }, { // publicExponent (e) name: 'RSAPrivateKey.publicExponent', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'privateKeyPublicExponent' }, { // privateExponent (d) name: 'RSAPrivateKey.privateExponent', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'privateKeyPrivateExponent' }, { // prime1 (p) name: 'RSAPrivateKey.prime1', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'privateKeyPrime1' }, { // prime2 (q) name: 'RSAPrivateKey.prime2', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'privateKeyPrime2' }, { // exponent1 (d mod (p-1)) name: 'RSAPrivateKey.exponent1', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'privateKeyExponent1' }, { // exponent2 (d mod (q-1)) name: 'RSAPrivateKey.exponent2', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'privateKeyExponent2' }, { // coefficient ((inverse of q) mod p) name: 'RSAPrivateKey.coefficient', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'privateKeyCoefficient' }] }; // validator for an RSA public key var rsaPublicKeyValidator = { // RSAPublicKey name: 'RSAPublicKey', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ // modulus (n) name: 'RSAPublicKey.modulus', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'publicKeyModulus' }, { // publicExponent (e) name: 'RSAPublicKey.exponent', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'publicKeyExponent' }] }; // validator for an SubjectPublicKeyInfo structure // Note: Currently only works with an RSA public key var publicKeyValidator = forge.pki.rsa.publicKeyValidator = { name: 'SubjectPublicKeyInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, captureAsn1: 'subjectPublicKeyInfo', value: [{ name: 'SubjectPublicKeyInfo.AlgorithmIdentifier', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'AlgorithmIdentifier.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'publicKeyOid' }] }, { // subjectPublicKey name: 'SubjectPublicKeyInfo.subjectPublicKey', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.BITSTRING, constructed: false, value: [{ // RSAPublicKey name: 'SubjectPublicKeyInfo.subjectPublicKey.RSAPublicKey', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, optional: true, captureAsn1: 'rsaPublicKey' }] }] }; // validator for a DigestInfo structure var digestInfoValidator = { name: 'DigestInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'DigestInfo.DigestAlgorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'DigestInfo.DigestAlgorithm.algorithmIdentifier', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'algorithmIdentifier' }, { // NULL paramters name: 'DigestInfo.DigestAlgorithm.parameters', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.NULL, constructed: false }] }, { // digest name: 'DigestInfo.digest', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OCTETSTRING, constructed: false, capture: 'digest' }] }; /** * Wrap digest in DigestInfo object. * * This function implements EMSA-PKCS1-v1_5-ENCODE as per RFC 3447. * * DigestInfo ::= SEQUENCE { * digestAlgorithm DigestAlgorithmIdentifier, * digest Digest * } * * DigestAlgorithmIdentifier ::= AlgorithmIdentifier * Digest ::= OCTET STRING * * @param md the message digest object with the hash to sign. * * @return the encoded message (ready for RSA encrytion) */ var emsaPkcs1v15encode = function(md) { // get the oid for the algorithm var oid; if(md.algorithm in pki.oids) { oid = pki.oids[md.algorithm]; } else { var error = new Error('Unknown message digest algorithm.'); error.algorithm = md.algorithm; throw error; } var oidBytes = asn1.oidToDer(oid).getBytes(); // create the digest info var digestInfo = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); var digestAlgorithm = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); digestAlgorithm.value.push(asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OID, false, oidBytes)); digestAlgorithm.value.push(asn1.create( asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '')); var digest = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, md.digest().getBytes()); digestInfo.value.push(digestAlgorithm); digestInfo.value.push(digest); // encode digest info return asn1.toDer(digestInfo).getBytes(); }; /** * Performs x^c mod n (RSA encryption or decryption operation). * * @param x the number to raise and mod. * @param key the key to use. * @param pub true if the key is public, false if private. * * @return the result of x^c mod n. */ var _modPow = function(x, key, pub) { if(pub) { return x.modPow(key.e, key.n); } if(!key.p || !key.q) { // allow calculation without CRT params (slow) return x.modPow(key.d, key.n); } // pre-compute dP, dQ, and qInv if necessary if(!key.dP) { key.dP = key.d.mod(key.p.subtract(BigInteger.ONE)); } if(!key.dQ) { key.dQ = key.d.mod(key.q.subtract(BigInteger.ONE)); } if(!key.qInv) { key.qInv = key.q.modInverse(key.p); } /* Chinese remainder theorem (CRT) states: Suppose n1, n2, ..., nk are positive integers which are pairwise coprime (n1 and n2 have no common factors other than 1). For any integers x1, x2, ..., xk there exists an integer x solving the system of simultaneous congruences (where ~= means modularly congruent so a ~= b mod n means a mod n = b mod n): x ~= x1 mod n1 x ~= x2 mod n2 ... x ~= xk mod nk This system of congruences has a single simultaneous solution x between 0 and n - 1. Furthermore, each xk solution and x itself is congruent modulo the product n = n1*n2*...*nk. So x1 mod n = x2 mod n = xk mod n = x mod n. The single simultaneous solution x can be solved with the following equation: x = sum(xi*ri*si) mod n where ri = n/ni and si = ri^-1 mod ni. Where x is less than n, xi = x mod ni. For RSA we are only concerned with k = 2. The modulus n = pq, where p and q are coprime. The RSA decryption algorithm is: y = x^d mod n Given the above: x1 = x^d mod p r1 = n/p = q s1 = q^-1 mod p x2 = x^d mod q r2 = n/q = p s2 = p^-1 mod q So y = (x1r1s1 + x2r2s2) mod n = ((x^d mod p)q(q^-1 mod p) + (x^d mod q)p(p^-1 mod q)) mod n According to Fermat's Little Theorem, if the modulus P is prime, for any integer A not evenly divisible by P, A^(P-1) ~= 1 mod P. Since A is not divisible by P it follows that if: N ~= M mod (P - 1), then A^N mod P = A^M mod P. Therefore: A^N mod P = A^(M mod (P - 1)) mod P. (The latter takes less effort to calculate). In order to calculate x^d mod p more quickly the exponent d mod (p - 1) is stored in the RSA private key (the same is done for x^d mod q). These values are referred to as dP and dQ respectively. Therefore we now have: y = ((x^dP mod p)q(q^-1 mod p) + (x^dQ mod q)p(p^-1 mod q)) mod n Since we'll be reducing x^dP by modulo p (same for q) we can also reduce x by p (and q respectively) before hand. Therefore, let xp = ((x mod p)^dP mod p), and xq = ((x mod q)^dQ mod q), yielding: y = (xp*q*(q^-1 mod p) + xq*p*(p^-1 mod q)) mod n This can be further reduced to a simple algorithm that only requires 1 inverse (the q inverse is used) to be used and stored. The algorithm is called Garner's algorithm. If qInv is the inverse of q, we simply calculate: y = (qInv*(xp - xq) mod p) * q + xq However, there are two further complications. First, we need to ensure that xp > xq to prevent signed BigIntegers from being used so we add p until this is true (since we will be mod'ing with p anyway). Then, there is a known timing attack on algorithms using the CRT. To mitigate this risk, "cryptographic blinding" should be used. This requires simply generating a random number r between 0 and n-1 and its inverse and multiplying x by r^e before calculating y and then multiplying y by r^-1 afterwards. Note that r must be coprime with n (gcd(r, n) === 1) in order to have an inverse. */ // cryptographic blinding var r; do { r = new BigInteger( forge.util.bytesToHex(forge.random.getBytes(key.n.bitLength() / 8)), 16); } while(r.compareTo(key.n) >= 0 || !r.gcd(key.n).equals(BigInteger.ONE)); x = x.multiply(r.modPow(key.e, key.n)).mod(key.n); // calculate xp and xq var xp = x.mod(key.p).modPow(key.dP, key.p); var xq = x.mod(key.q).modPow(key.dQ, key.q); // xp must be larger than xq to avoid signed bit usage while(xp.compareTo(xq) < 0) { xp = xp.add(key.p); } // do last step var y = xp.subtract(xq) .multiply(key.qInv).mod(key.p) .multiply(key.q).add(xq); // remove effect of random for cryptographic blinding y = y.multiply(r.modInverse(key.n)).mod(key.n); return y; }; /** * NOTE: THIS METHOD IS DEPRECATED, use 'sign' on a private key object or * 'encrypt' on a public key object instead. * * Performs RSA encryption. * * The parameter bt controls whether to put padding bytes before the * message passed in. Set bt to either true or false to disable padding * completely (in order to handle e.g. EMSA-PSS encoding seperately before), * signaling whether the encryption operation is a public key operation * (i.e. encrypting data) or not, i.e. private key operation (data signing). * * For PKCS#1 v1.5 padding pass in the block type to use, i.e. either 0x01 * (for signing) or 0x02 (for encryption). The key operation mode (private * or public) is derived from this flag in that case). * * @param m the message to encrypt as a byte string. * @param key the RSA key to use. * @param bt for PKCS#1 v1.5 padding, the block type to use * (0x01 for private key, 0x02 for public), * to disable padding: true = public key, false = private key. * * @return the encrypted bytes as a string. */ pki.rsa.encrypt = function(m, key, bt) { var pub = bt; var eb; // get the length of the modulus in bytes var k = Math.ceil(key.n.bitLength() / 8); if(bt !== false && bt !== true) { // legacy, default to PKCS#1 v1.5 padding pub = (bt === 0x02); eb = _encodePkcs1_v1_5(m, key, bt); } else { eb = forge.util.createBuffer(); eb.putBytes(m); } // load encryption block as big integer 'x' // FIXME: hex conversion inefficient, get BigInteger w/byte strings var x = new BigInteger(eb.toHex(), 16); // do RSA encryption var y = _modPow(x, key, pub); // convert y into the encrypted data byte string, if y is shorter in // bytes than k, then prepend zero bytes to fill up ed // FIXME: hex conversion inefficient, get BigInteger w/byte strings var yhex = y.toString(16); var ed = forge.util.createBuffer(); var zeros = k - Math.ceil(yhex.length / 2); while(zeros > 0) { ed.putByte(0x00); --zeros; } ed.putBytes(forge.util.hexToBytes(yhex)); return ed.getBytes(); }; /** * NOTE: THIS METHOD IS DEPRECATED, use 'decrypt' on a private key object or * 'verify' on a public key object instead. * * Performs RSA decryption. * * The parameter ml controls whether to apply PKCS#1 v1.5 padding * or not. Set ml = false to disable padding removal completely * (in order to handle e.g. EMSA-PSS later on) and simply pass back * the RSA encryption block. * * @param ed the encrypted data to decrypt in as a byte string. * @param key the RSA key to use. * @param pub true for a public key operation, false for private. * @param ml the message length, if known, false to disable padding. * * @return the decrypted message as a byte string. */ pki.rsa.decrypt = function(ed, key, pub, ml) { // get the length of the modulus in bytes var k = Math.ceil(key.n.bitLength() / 8); // error if the length of the encrypted data ED is not k if(ed.length !== k) { var error = new Error('Encrypted message length is invalid.'); error.length = ed.length; error.expected = k; throw error; } // convert encrypted data into a big integer // FIXME: hex conversion inefficient, get BigInteger w/byte strings var y = new BigInteger(forge.util.createBuffer(ed).toHex(), 16); // y must be less than the modulus or it wasn't the result of // a previous mod operation (encryption) using that modulus if(y.compareTo(key.n) >= 0) { throw new Error('Encrypted message is invalid.'); } // do RSA decryption var x = _modPow(y, key, pub); // create the encryption block, if x is shorter in bytes than k, then // prepend zero bytes to fill up eb // FIXME: hex conversion inefficient, get BigInteger w/byte strings var xhex = x.toString(16); var eb = forge.util.createBuffer(); var zeros = k - Math.ceil(xhex.length / 2); while(zeros > 0) { eb.putByte(0x00); --zeros; } eb.putBytes(forge.util.hexToBytes(xhex)); if(ml !== false) { // legacy, default to PKCS#1 v1.5 padding return _decodePkcs1_v1_5(eb.getBytes(), key, pub); } // return message return eb.getBytes(); }; /** * Creates an RSA key-pair generation state object. It is used to allow * key-generation to be performed in steps. It also allows for a UI to * display progress updates. * * @param bits the size for the private key in bits, defaults to 2048. * @param e the public exponent to use, defaults to 65537 (0x10001). * @param [options] the options to use. * prng a custom crypto-secure pseudo-random number generator to use, * that must define "getBytesSync". * algorithm the algorithm to use (default: 'PRIMEINC'). * * @return the state object to use to generate the key-pair. */ pki.rsa.createKeyPairGenerationState = function(bits, e, options) { // TODO: migrate step-based prime generation code to forge.prime // set default bits if(typeof(bits) === 'string') { bits = parseInt(bits, 10); } bits = bits || 2048; // create prng with api that matches BigInteger secure random options = options || {}; var prng = options.prng || forge.random; var rng = { // x is an array to fill with bytes nextBytes: function(x) { var b = prng.getBytesSync(x.length); for(var i = 0; i < x.length; ++i) { x[i] = b.charCodeAt(i); } } }; var algorithm = options.algorithm || 'PRIMEINC'; // create PRIMEINC algorithm state var rval; if(algorithm === 'PRIMEINC') { rval = { algorithm: algorithm, state: 0, bits: bits, rng: rng, eInt: e || 65537, e: new BigInteger(null), p: null, q: null, qBits: bits >> 1, pBits: bits - (bits >> 1), pqState: 0, num: null, keys: null }; rval.e.fromInt(rval.eInt); } else { throw new Error('Invalid key generation algorithm: ' + algorithm); } return rval; }; /** * Attempts to runs the key-generation algorithm for at most n seconds * (approximately) using the given state. When key-generation has completed, * the keys will be stored in state.keys. * * To use this function to update a UI while generating a key or to prevent * causing browser lockups/warnings, set "n" to a value other than 0. A * simple pattern for generating a key and showing a progress indicator is: * * var state = pki.rsa.createKeyPairGenerationState(2048); * var step = function() { * // step key-generation, run algorithm for 100 ms, repeat * if(!forge.pki.rsa.stepKeyPairGenerationState(state, 100)) { * setTimeout(step, 1); * } else { * // key-generation complete * // TODO: turn off progress indicator here * // TODO: use the generated key-pair in "state.keys" * } * }; * // TODO: turn on progress indicator here * setTimeout(step, 0); * * @param state the state to use. * @param n the maximum number of milliseconds to run the algorithm for, 0 * to run the algorithm to completion. * * @return true if the key-generation completed, false if not. */ pki.rsa.stepKeyPairGenerationState = function(state, n) { // set default algorithm if not set if(!('algorithm' in state)) { state.algorithm = 'PRIMEINC'; } // TODO: migrate step-based prime generation code to forge.prime // TODO: abstract as PRIMEINC algorithm // do key generation (based on Tom Wu's rsa.js, see jsbn.js license) // with some minor optimizations and designed to run in steps // local state vars var THIRTY = new BigInteger(null); THIRTY.fromInt(30); var deltaIdx = 0; var op_or = function(x, y) {return x | y;}; // keep stepping until time limit is reached or done var t1 = +new Date(); var t2; var total = 0; while(state.keys === null && (n <= 0 || total < n)) { // generate p or q if(state.state === 0) { /* Note: All primes are of the form: 30k+i, for i < 30 and gcd(30, i)=1, where there are 8 values for i When we generate a random number, we always align it at 30k + 1. Each time the number is determined not to be prime we add to get to the next 'i', eg: if the number was at 30k + 1 we add 6. */ var bits = (state.p === null) ? state.pBits : state.qBits; var bits1 = bits - 1; // get a random number if(state.pqState === 0) { state.num = new BigInteger(bits, state.rng); // force MSB set if(!state.num.testBit(bits1)) { state.num.bitwiseTo( BigInteger.ONE.shiftLeft(bits1), op_or, state.num); } // align number on 30k+1 boundary state.num.dAddOffset(31 - state.num.mod(THIRTY).byteValue(), 0); deltaIdx = 0; ++state.pqState; } else if(state.pqState === 1) { // try to make the number a prime if(state.num.bitLength() > bits) { // overflow, try again state.pqState = 0; // do primality test } else if(state.num.isProbablePrime( _getMillerRabinTests(state.num.bitLength()))) { ++state.pqState; } else { // get next potential prime state.num.dAddOffset(GCD_30_DELTA[deltaIdx++ % 8], 0); } } else if(state.pqState === 2) { // ensure number is coprime with e state.pqState = (state.num.subtract(BigInteger.ONE).gcd(state.e) .compareTo(BigInteger.ONE) === 0) ? 3 : 0; } else if(state.pqState === 3) { // store p or q state.pqState = 0; if(state.p === null) { state.p = state.num; } else { state.q = state.num; } // advance state if both p and q are ready if(state.p !== null && state.q !== null) { ++state.state; } state.num = null; } } else if(state.state === 1) { // ensure p is larger than q (swap them if not) if(state.p.compareTo(state.q) < 0) { state.num = state.p; state.p = state.q; state.q = state.num; } ++state.state; } else if(state.state === 2) { // compute phi: (p - 1)(q - 1) (Euler's totient function) state.p1 = state.p.subtract(BigInteger.ONE); state.q1 = state.q.subtract(BigInteger.ONE); state.phi = state.p1.multiply(state.q1); ++state.state; } else if(state.state === 3) { // ensure e and phi are coprime if(state.phi.gcd(state.e).compareTo(BigInteger.ONE) === 0) { // phi and e are coprime, advance ++state.state; } else { // phi and e aren't coprime, so generate a new p and q state.p = null; state.q = null; state.state = 0; } } else if(state.state === 4) { // create n, ensure n is has the right number of bits state.n = state.p.multiply(state.q); // ensure n is right number of bits if(state.n.bitLength() === state.bits) { // success, advance ++state.state; } else { // failed, get new q state.q = null; state.state = 0; } } else if(state.state === 5) { // set keys var d = state.e.modInverse(state.phi); state.keys = { privateKey: pki.rsa.setPrivateKey( state.n, state.e, d, state.p, state.q, d.mod(state.p1), d.mod(state.q1), state.q.modInverse(state.p)), publicKey: pki.rsa.setPublicKey(state.n, state.e) }; } // update timing t2 = +new Date(); total += t2 - t1; t1 = t2; } return state.keys !== null; }; /** * Generates an RSA public-private key pair in a single call. * * To generate a key-pair in steps (to allow for progress updates and to * prevent blocking or warnings in slow browsers) then use the key-pair * generation state functions. * * To generate a key-pair asynchronously (either through web-workers, if * available, or by breaking up the work on the main thread), pass a * callback function. * * @param [bits] the size for the private key in bits, defaults to 2048. * @param [e] the public exponent to use, defaults to 65537. * @param [options] options for key-pair generation, if given then 'bits' * and 'e' must *not* be given: * bits the size for the private key in bits, (default: 2048). * e the public exponent to use, (default: 65537 (0x10001)). * workerScript the worker script URL. * workers the number of web workers (if supported) to use, * (default: 2). * workLoad the size of the work load, ie: number of possible prime * numbers for each web worker to check per work assignment, * (default: 100). * prng a custom crypto-secure pseudo-random number generator to use, * that must define "getBytesSync". Disables use of native APIs. * algorithm the algorithm to use (default: 'PRIMEINC'). * @param [callback(err, keypair)] called once the operation completes. * * @return an object with privateKey and publicKey properties. */ pki.rsa.generateKeyPair = function(bits, e, options, callback) { // (bits), (options), (callback) if(arguments.length === 1) { if(typeof bits === 'object') { options = bits; bits = undefined; } else if(typeof bits === 'function') { callback = bits; bits = undefined; } } else if(arguments.length === 2) { // (bits, e), (bits, options), (bits, callback), (options, callback) if(typeof bits === 'number') { if(typeof e === 'function') { callback = e; e = undefined; } else if(typeof e !== 'number') { options = e; e = undefined; } } else { options = bits; callback = e; bits = undefined; e = undefined; } } else if(arguments.length === 3) { // (bits, e, options), (bits, e, callback), (bits, options, callback) if(typeof e === 'number') { if(typeof options === 'function') { callback = options; options = undefined; } } else { callback = options; options = e; e = undefined; } } options = options || {}; if(bits === undefined) { bits = options.bits || 2048; } if(e === undefined) { e = options.e || 0x10001; } // use native code if permitted, available, and parameters are acceptable if(!forge.options.usePureJavaScript && !options.prng && bits >= 256 && bits <= 16384 && (e === 0x10001 || e === 3)) { if(callback) { // try native async if(_detectNodeCrypto('generateKeyPair')) { return _crypto.generateKeyPair('rsa', { modulusLength: bits, publicExponent: e, publicKeyEncoding: { type: 'spki', format: 'pem' }, privateKeyEncoding: { type: 'pkcs8', format: 'pem' } }, function(err, pub, priv) { if(err) { return callback(err); } callback(null, { privateKey: pki.privateKeyFromPem(priv), publicKey: pki.publicKeyFromPem(pub) }); }); } if(_detectSubtleCrypto('generateKey') && _detectSubtleCrypto('exportKey')) { // use standard native generateKey return util.globalScope.crypto.subtle.generateKey({ name: 'RSASSA-PKCS1-v1_5', modulusLength: bits, publicExponent: _intToUint8Array(e), hash: {name: 'SHA-256'} }, true /* key can be exported*/, ['sign', 'verify']) .then(function(pair) { return util.globalScope.crypto.subtle.exportKey( 'pkcs8', pair.privateKey); // avoiding catch(function(err) {...}) to support IE <= 8 }).then(undefined, function(err) { callback(err); }).then(function(pkcs8) { if(pkcs8) { var privateKey = pki.privateKeyFromAsn1( asn1.fromDer(forge.util.createBuffer(pkcs8))); callback(null, { privateKey: privateKey, publicKey: pki.setRsaPublicKey(privateKey.n, privateKey.e) }); } }); } if(_detectSubtleMsCrypto('generateKey') && _detectSubtleMsCrypto('exportKey')) { var genOp = util.globalScope.msCrypto.subtle.generateKey({ name: 'RSASSA-PKCS1-v1_5', modulusLength: bits, publicExponent: _intToUint8Array(e), hash: {name: 'SHA-256'} }, true /* key can be exported*/, ['sign', 'verify']); genOp.oncomplete = function(e) { var pair = e.target.result; var exportOp = util.globalScope.msCrypto.subtle.exportKey( 'pkcs8', pair.privateKey); exportOp.oncomplete = function(e) { var pkcs8 = e.target.result; var privateKey = pki.privateKeyFromAsn1( asn1.fromDer(forge.util.createBuffer(pkcs8))); callback(null, { privateKey: privateKey, publicKey: pki.setRsaPublicKey(privateKey.n, privateKey.e) }); }; exportOp.onerror = function(err) { callback(err); }; }; genOp.onerror = function(err) { callback(err); }; return; } } else { // try native sync if(_detectNodeCrypto('generateKeyPairSync')) { var keypair = _crypto.generateKeyPairSync('rsa', { modulusLength: bits, publicExponent: e, publicKeyEncoding: { type: 'spki', format: 'pem' }, privateKeyEncoding: { type: 'pkcs8', format: 'pem' } }); return { privateKey: pki.privateKeyFromPem(keypair.privateKey), publicKey: pki.publicKeyFromPem(keypair.publicKey) }; } } } // use JavaScript implementation var state = pki.rsa.createKeyPairGenerationState(bits, e, options); if(!callback) { pki.rsa.stepKeyPairGenerationState(state, 0); return state.keys; } _generateKeyPair(state, options, callback); }; /** * Sets an RSA public key from BigIntegers modulus and exponent. * * @param n the modulus. * @param e the exponent. * * @return the public key. */ pki.setRsaPublicKey = pki.rsa.setPublicKey = function(n, e) { var key = { n: n, e: e }; /** * Encrypts the given data with this public key. Newer applications * should use the 'RSA-OAEP' decryption scheme, 'RSAES-PKCS1-V1_5' is for * legacy applications. * * @param data the byte string to encrypt. * @param scheme the encryption scheme to use: * 'RSAES-PKCS1-V1_5' (default), * 'RSA-OAEP', * 'RAW', 'NONE', or null to perform raw RSA encryption, * an object with an 'encode' property set to a function * with the signature 'function(data, key)' that returns * a binary-encoded string representing the encoded data. * @param schemeOptions any scheme-specific options. * * @return the encrypted byte string. */ key.encrypt = function(data, scheme, schemeOptions) { if(typeof scheme === 'string') { scheme = scheme.toUpperCase(); } else if(scheme === undefined) { scheme = 'RSAES-PKCS1-V1_5'; } if(scheme === 'RSAES-PKCS1-V1_5') { scheme = { encode: function(m, key, pub) { return _encodePkcs1_v1_5(m, key, 0x02).getBytes(); } }; } else if(scheme === 'RSA-OAEP' || scheme === 'RSAES-OAEP') { scheme = { encode: function(m, key) { return forge.pkcs1.encode_rsa_oaep(key, m, schemeOptions); } }; } else if(['RAW', 'NONE', 'NULL', null].indexOf(scheme) !== -1) { scheme = {encode: function(e) {return e;}}; } else if(typeof scheme === 'string') { throw new Error('Unsupported encryption scheme: "' + scheme + '".'); } // do scheme-based encoding then rsa encryption var e = scheme.encode(data, key, true); return pki.rsa.encrypt(e, key, true); }; /** * Verifies the given signature against the given digest. * * PKCS#1 supports multiple (currently two) signature schemes: * RSASSA-PKCS1-V1_5 and RSASSA-PSS. * * By default this implementation uses the "old scheme", i.e. * RSASSA-PKCS1-V1_5, in which case once RSA-decrypted, the * signature is an OCTET STRING that holds a DigestInfo. * * DigestInfo ::= SEQUENCE { * digestAlgorithm DigestAlgorithmIdentifier, * digest Digest * } * DigestAlgorithmIdentifier ::= AlgorithmIdentifier * Digest ::= OCTET STRING * * To perform PSS signature verification, provide an instance * of Forge PSS object as the scheme parameter. * * @param digest the message digest hash to compare against the signature, * as a binary-encoded string. * @param signature the signature to verify, as a binary-encoded string. * @param scheme signature verification scheme to use: * 'RSASSA-PKCS1-V1_5' or undefined for RSASSA PKCS#1 v1.5, * a Forge PSS object for RSASSA-PSS, * 'NONE' or null for none, DigestInfo will not be expected, but * PKCS#1 v1.5 padding will still be used. * @param options optional verify options * _parseAllDigestBytes testing flag to control parsing of all * digest bytes. Unsupported and not for general usage. * (default: true) * * @return true if the signature was verified, false if not. */ key.verify = function(digest, signature, scheme, options) { if(typeof scheme === 'string') { scheme = scheme.toUpperCase(); } else if(scheme === undefined) { scheme = 'RSASSA-PKCS1-V1_5'; } if(options === undefined) { options = { _parseAllDigestBytes: true }; } if(!('_parseAllDigestBytes' in options)) { options._parseAllDigestBytes = true; } if(scheme === 'RSASSA-PKCS1-V1_5') { scheme = { verify: function(digest, d) { // remove padding d = _decodePkcs1_v1_5(d, key, true); // d is ASN.1 BER-encoded DigestInfo var obj = asn1.fromDer(d, { parseAllBytes: options._parseAllDigestBytes }); // validate DigestInfo var capture = {}; var errors = []; if(!asn1.validate(obj, digestInfoValidator, capture, errors)) { var error = new Error( 'ASN.1 object does not contain a valid RSASSA-PKCS1-v1_5 ' + 'DigestInfo value.'); error.errors = errors; throw error; } // check hash algorithm identifier // see PKCS1-v1-5DigestAlgorithms in RFC 8017 // FIXME: add support to vaidator for strict value choices var oid = asn1.derToOid(capture.algorithmIdentifier); if(!(oid === forge.oids.md2 || oid === forge.oids.md5 || oid === forge.oids.sha1 || oid === forge.oids.sha224 || oid === forge.oids.sha256 || oid === forge.oids.sha384 || oid === forge.oids.sha512 || oid === forge.oids['sha512-224'] || oid === forge.oids['sha512-256'])) { var error = new Error( 'Unknown RSASSA-PKCS1-v1_5 DigestAlgorithm identifier.'); error.oid = oid; throw error; } // compare the given digest to the decrypted one return digest === capture.digest; } }; } else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) { scheme = { verify: function(digest, d) { // remove padding d = _decodePkcs1_v1_5(d, key, true); return digest === d; } }; } // do rsa decryption w/o any decoding, then verify -- which does decoding var d = pki.rsa.decrypt(signature, key, true, false); return scheme.verify(digest, d, key.n.bitLength()); }; return key; }; /** * Sets an RSA private key from BigIntegers modulus, exponent, primes, * prime exponents, and modular multiplicative inverse. * * @param n the modulus. * @param e the public exponent. * @param d the private exponent ((inverse of e) mod n). * @param p the first prime. * @param q the second prime. * @param dP exponent1 (d mod (p-1)). * @param dQ exponent2 (d mod (q-1)). * @param qInv ((inverse of q) mod p) * * @return the private key. */ pki.setRsaPrivateKey = pki.rsa.setPrivateKey = function( n, e, d, p, q, dP, dQ, qInv) { var key = { n: n, e: e, d: d, p: p, q: q, dP: dP, dQ: dQ, qInv: qInv }; /** * Decrypts the given data with this private key. The decryption scheme * must match the one used to encrypt the data. * * @param data the byte string to decrypt. * @param scheme the decryption scheme to use: * 'RSAES-PKCS1-V1_5' (default), * 'RSA-OAEP', * 'RAW', 'NONE', or null to perform raw RSA decryption. * @param schemeOptions any scheme-specific options. * * @return the decrypted byte string. */ key.decrypt = function(data, scheme, schemeOptions) { if(typeof scheme === 'string') { scheme = scheme.toUpperCase(); } else if(scheme === undefined) { scheme = 'RSAES-PKCS1-V1_5'; } // do rsa decryption w/o any decoding var d = pki.rsa.decrypt(data, key, false, false); if(scheme === 'RSAES-PKCS1-V1_5') { scheme = {decode: _decodePkcs1_v1_5}; } else if(scheme === 'RSA-OAEP' || scheme === 'RSAES-OAEP') { scheme = { decode: function(d, key) { return forge.pkcs1.decode_rsa_oaep(key, d, schemeOptions); } }; } else if(['RAW', 'NONE', 'NULL', null].indexOf(scheme) !== -1) { scheme = {decode: function(d) {return d;}}; } else { throw new Error('Unsupported encryption scheme: "' + scheme + '".'); } // decode according to scheme return scheme.decode(d, key, false); }; /** * Signs the given digest, producing a signature. * * PKCS#1 supports multiple (currently two) signature schemes: * RSASSA-PKCS1-V1_5 and RSASSA-PSS. * * By default this implementation uses the "old scheme", i.e. * RSASSA-PKCS1-V1_5. In order to generate a PSS signature, provide * an instance of Forge PSS object as the scheme parameter. * * @param md the message digest object with the hash to sign. * @param scheme the signature scheme to use: * 'RSASSA-PKCS1-V1_5' or undefined for RSASSA PKCS#1 v1.5, * a Forge PSS object for RSASSA-PSS, * 'NONE' or null for none, DigestInfo will not be used but * PKCS#1 v1.5 padding will still be used. * * @return the signature as a byte string. */ key.sign = function(md, scheme) { /* Note: The internal implementation of RSA operations is being transitioned away from a PKCS#1 v1.5 hard-coded scheme. Some legacy code like the use of an encoding block identifier 'bt' will eventually be removed. */ // private key operation var bt = false; if(typeof scheme === 'string') { scheme = scheme.toUpperCase(); } if(scheme === undefined || scheme === 'RSASSA-PKCS1-V1_5') { scheme = {encode: emsaPkcs1v15encode}; bt = 0x01; } else if(scheme === 'NONE' || scheme === 'NULL' || scheme === null) { scheme = {encode: function() {return md;}}; bt = 0x01; } // encode and then encrypt var d = scheme.encode(md, key.n.bitLength()); return pki.rsa.encrypt(d, key, bt); }; return key; }; /** * Wraps an RSAPrivateKey ASN.1 object in an ASN.1 PrivateKeyInfo object. * * @param rsaKey the ASN.1 RSAPrivateKey. * * @return the ASN.1 PrivateKeyInfo. */ pki.wrapRsaPrivateKey = function(rsaKey) { // PrivateKeyInfo return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // version (0) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(0).getBytes()), // privateKeyAlgorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(pki.oids.rsaEncryption).getBytes()), asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '') ]), // PrivateKey asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, asn1.toDer(rsaKey).getBytes()) ]); }; /** * Converts a private key from an ASN.1 object. * * @param obj the ASN.1 representation of a PrivateKeyInfo containing an * RSAPrivateKey or an RSAPrivateKey. * * @return the private key. */ pki.privateKeyFromAsn1 = function(obj) { // get PrivateKeyInfo var capture = {}; var errors = []; if(asn1.validate(obj, privateKeyValidator, capture, errors)) { obj = asn1.fromDer(forge.util.createBuffer(capture.privateKey)); } // get RSAPrivateKey capture = {}; errors = []; if(!asn1.validate(obj, rsaPrivateKeyValidator, capture, errors)) { var error = new Error('Cannot read private key. ' + 'ASN.1 object does not contain an RSAPrivateKey.'); error.errors = errors; throw error; } // Note: Version is currently ignored. // capture.privateKeyVersion // FIXME: inefficient, get a BigInteger that uses byte strings var n, e, d, p, q, dP, dQ, qInv; n = forge.util.createBuffer(capture.privateKeyModulus).toHex(); e = forge.util.createBuffer(capture.privateKeyPublicExponent).toHex(); d = forge.util.createBuffer(capture.privateKeyPrivateExponent).toHex(); p = forge.util.createBuffer(capture.privateKeyPrime1).toHex(); q = forge.util.createBuffer(capture.privateKeyPrime2).toHex(); dP = forge.util.createBuffer(capture.privateKeyExponent1).toHex(); dQ = forge.util.createBuffer(capture.privateKeyExponent2).toHex(); qInv = forge.util.createBuffer(capture.privateKeyCoefficient).toHex(); // set private key return pki.setRsaPrivateKey( new BigInteger(n, 16), new BigInteger(e, 16), new BigInteger(d, 16), new BigInteger(p, 16), new BigInteger(q, 16), new BigInteger(dP, 16), new BigInteger(dQ, 16), new BigInteger(qInv, 16)); }; /** * Converts a private key to an ASN.1 RSAPrivateKey. * * @param key the private key. * * @return the ASN.1 representation of an RSAPrivateKey. */ pki.privateKeyToAsn1 = pki.privateKeyToRSAPrivateKey = function(key) { // RSAPrivateKey return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // version (0 = only 2 primes, 1 multiple primes) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(0).getBytes()), // modulus (n) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, _bnToBytes(key.n)), // publicExponent (e) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, _bnToBytes(key.e)), // privateExponent (d) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, _bnToBytes(key.d)), // privateKeyPrime1 (p) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, _bnToBytes(key.p)), // privateKeyPrime2 (q) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, _bnToBytes(key.q)), // privateKeyExponent1 (dP) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, _bnToBytes(key.dP)), // privateKeyExponent2 (dQ) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, _bnToBytes(key.dQ)), // coefficient (qInv) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, _bnToBytes(key.qInv)) ]); }; /** * Converts a public key from an ASN.1 SubjectPublicKeyInfo or RSAPublicKey. * * @param obj the asn1 representation of a SubjectPublicKeyInfo or RSAPublicKey. * * @return the public key. */ pki.publicKeyFromAsn1 = function(obj) { // get SubjectPublicKeyInfo var capture = {}; var errors = []; if(asn1.validate(obj, publicKeyValidator, capture, errors)) { // get oid var oid = asn1.derToOid(capture.publicKeyOid); if(oid !== pki.oids.rsaEncryption) { var error = new Error('Cannot read public key. Unknown OID.'); error.oid = oid; throw error; } obj = capture.rsaPublicKey; } // get RSA params errors = []; if(!asn1.validate(obj, rsaPublicKeyValidator, capture, errors)) { var error = new Error('Cannot read public key. ' + 'ASN.1 object does not contain an RSAPublicKey.'); error.errors = errors; throw error; } // FIXME: inefficient, get a BigInteger that uses byte strings var n = forge.util.createBuffer(capture.publicKeyModulus).toHex(); var e = forge.util.createBuffer(capture.publicKeyExponent).toHex(); // set public key return pki.setRsaPublicKey( new BigInteger(n, 16), new BigInteger(e, 16)); }; /** * Converts a public key to an ASN.1 SubjectPublicKeyInfo. * * @param key the public key. * * @return the asn1 representation of a SubjectPublicKeyInfo. */ pki.publicKeyToAsn1 = pki.publicKeyToSubjectPublicKeyInfo = function(key) { // SubjectPublicKeyInfo return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // AlgorithmIdentifier asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // algorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(pki.oids.rsaEncryption).getBytes()), // parameters (null) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '') ]), // subjectPublicKey asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, [ pki.publicKeyToRSAPublicKey(key) ]) ]); }; /** * Converts a public key to an ASN.1 RSAPublicKey. * * @param key the public key. * * @return the asn1 representation of a RSAPublicKey. */ pki.publicKeyToRSAPublicKey = function(key) { // RSAPublicKey return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // modulus (n) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, _bnToBytes(key.n)), // publicExponent (e) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, _bnToBytes(key.e)) ]); }; /** * Encodes a message using PKCS#1 v1.5 padding. * * @param m the message to encode. * @param key the RSA key to use. * @param bt the block type to use, i.e. either 0x01 (for signing) or 0x02 * (for encryption). * * @return the padded byte buffer. */ function _encodePkcs1_v1_5(m, key, bt) { var eb = forge.util.createBuffer(); // get the length of the modulus in bytes var k = Math.ceil(key.n.bitLength() / 8); /* use PKCS#1 v1.5 padding */ if(m.length > (k - 11)) { var error = new Error('Message is too long for PKCS#1 v1.5 padding.'); error.length = m.length; error.max = k - 11; throw error; } /* A block type BT, a padding string PS, and the data D shall be formatted into an octet string EB, the encryption block: EB = 00 || BT || PS || 00 || D The block type BT shall be a single octet indicating the structure of the encryption block. For this version of the document it shall have value 00, 01, or 02. For a private-key operation, the block type shall be 00 or 01. For a public-key operation, it shall be 02. The padding string PS shall consist of k-3-||D|| octets. For block type 00, the octets shall have value 00; for block type 01, they shall have value FF; and for block type 02, they shall be pseudorandomly generated and nonzero. This makes the length of the encryption block EB equal to k. */ // build the encryption block eb.putByte(0x00); eb.putByte(bt); // create the padding var padNum = k - 3 - m.length; var padByte; // private key op if(bt === 0x00 || bt === 0x01) { padByte = (bt === 0x00) ? 0x00 : 0xFF; for(var i = 0; i < padNum; ++i) { eb.putByte(padByte); } } else { // public key op // pad with random non-zero values while(padNum > 0) { var numZeros = 0; var padBytes = forge.random.getBytes(padNum); for(var i = 0; i < padNum; ++i) { padByte = padBytes.charCodeAt(i); if(padByte === 0) { ++numZeros; } else { eb.putByte(padByte); } } padNum = numZeros; } } // zero followed by message eb.putByte(0x00); eb.putBytes(m); return eb; } /** * Decodes a message using PKCS#1 v1.5 padding. * * @param em the message to decode. * @param key the RSA key to use. * @param pub true if the key is a public key, false if it is private. * @param ml the message length, if specified. * * @return the decoded bytes. */ function _decodePkcs1_v1_5(em, key, pub, ml) { // get the length of the modulus in bytes var k = Math.ceil(key.n.bitLength() / 8); /* It is an error if any of the following conditions occurs: 1. The encryption block EB cannot be parsed unambiguously. 2. The padding string PS consists of fewer than eight octets or is inconsisent with the block type BT. 3. The decryption process is a public-key operation and the block type BT is not 00 or 01, or the decryption process is a private-key operation and the block type is not 02. */ // parse the encryption block var eb = forge.util.createBuffer(em); var first = eb.getByte(); var bt = eb.getByte(); if(first !== 0x00 || (pub && bt !== 0x00 && bt !== 0x01) || (!pub && bt != 0x02) || (pub && bt === 0x00 && typeof(ml) === 'undefined')) { throw new Error('Encryption block is invalid.'); } var padNum = 0; if(bt === 0x00) { // check all padding bytes for 0x00 padNum = k - 3 - ml; for(var i = 0; i < padNum; ++i) { if(eb.getByte() !== 0x00) { throw new Error('Encryption block is invalid.'); } } } else if(bt === 0x01) { // find the first byte that isn't 0xFF, should be after all padding padNum = 0; while(eb.length() > 1) { if(eb.getByte() !== 0xFF) { --eb.read; break; } ++padNum; } } else if(bt === 0x02) { // look for 0x00 byte padNum = 0; while(eb.length() > 1) { if(eb.getByte() === 0x00) { --eb.read; break; } ++padNum; } } // zero must be 0x00 and padNum must be (k - 3 - message length) var zero = eb.getByte(); if(zero !== 0x00 || padNum !== (k - 3 - eb.length())) { throw new Error('Encryption block is invalid.'); } return eb.getBytes(); } /** * Runs the key-generation algorithm asynchronously, either in the background * via Web Workers, or using the main thread and setImmediate. * * @param state the key-pair generation state. * @param [options] options for key-pair generation: * workerScript the worker script URL. * workers the number of web workers (if supported) to use, * (default: 2, -1 to use estimated cores minus one). * workLoad the size of the work load, ie: number of possible prime * numbers for each web worker to check per work assignment, * (default: 100). * @param callback(err, keypair) called once the operation completes. */ function _generateKeyPair(state, options, callback) { if(typeof options === 'function') { callback = options; options = {}; } options = options || {}; var opts = { algorithm: { name: options.algorithm || 'PRIMEINC', options: { workers: options.workers || 2, workLoad: options.workLoad || 100, workerScript: options.workerScript } } }; if('prng' in options) { opts.prng = options.prng; } generate(); function generate() { // find p and then q (done in series to simplify) getPrime(state.pBits, function(err, num) { if(err) { return callback(err); } state.p = num; if(state.q !== null) { return finish(err, state.q); } getPrime(state.qBits, finish); }); } function getPrime(bits, callback) { forge.prime.generateProbablePrime(bits, opts, callback); } function finish(err, num) { if(err) { return callback(err); } // set q state.q = num; // ensure p is larger than q (swap them if not) if(state.p.compareTo(state.q) < 0) { var tmp = state.p; state.p = state.q; state.q = tmp; } // ensure p is coprime with e if(state.p.subtract(BigInteger.ONE).gcd(state.e) .compareTo(BigInteger.ONE) !== 0) { state.p = null; generate(); return; } // ensure q is coprime with e if(state.q.subtract(BigInteger.ONE).gcd(state.e) .compareTo(BigInteger.ONE) !== 0) { state.q = null; getPrime(state.qBits, finish); return; } // compute phi: (p - 1)(q - 1) (Euler's totient function) state.p1 = state.p.subtract(BigInteger.ONE); state.q1 = state.q.subtract(BigInteger.ONE); state.phi = state.p1.multiply(state.q1); // ensure e and phi are coprime if(state.phi.gcd(state.e).compareTo(BigInteger.ONE) !== 0) { // phi and e aren't coprime, so generate a new p and q state.p = state.q = null; generate(); return; } // create n, ensure n is has the right number of bits state.n = state.p.multiply(state.q); if(state.n.bitLength() !== state.bits) { // failed, get new q state.q = null; getPrime(state.qBits, finish); return; } // set keys var d = state.e.modInverse(state.phi); state.keys = { privateKey: pki.rsa.setPrivateKey( state.n, state.e, d, state.p, state.q, d.mod(state.p1), d.mod(state.q1), state.q.modInverse(state.p)), publicKey: pki.rsa.setPublicKey(state.n, state.e) }; callback(null, state.keys); } } /** * Converts a positive BigInteger into 2's-complement big-endian bytes. * * @param b the big integer to convert. * * @return the bytes. */ function _bnToBytes(b) { // prepend 0x00 if first byte >= 0x80 var hex = b.toString(16); if(hex[0] >= '8') { hex = '00' + hex; } var bytes = forge.util.hexToBytes(hex); // ensure integer is minimally-encoded if(bytes.length > 1 && // leading 0x00 for positive integer ((bytes.charCodeAt(0) === 0 && (bytes.charCodeAt(1) & 0x80) === 0) || // leading 0xFF for negative integer (bytes.charCodeAt(0) === 0xFF && (bytes.charCodeAt(1) & 0x80) === 0x80))) { return bytes.substr(1); } return bytes; } /** * Returns the required number of Miller-Rabin tests to generate a * prime with an error probability of (1/2)^80. * * See Handbook of Applied Cryptography Chapter 4, Table 4.4. * * @param bits the bit size. * * @return the required number of iterations. */ function _getMillerRabinTests(bits) { if(bits <= 100) return 27; if(bits <= 150) return 18; if(bits <= 200) return 15; if(bits <= 250) return 12; if(bits <= 300) return 9; if(bits <= 350) return 8; if(bits <= 400) return 7; if(bits <= 500) return 6; if(bits <= 600) return 5; if(bits <= 800) return 4; if(bits <= 1250) return 3; return 2; } /** * Performs feature detection on the Node crypto interface. * * @param fn the feature (function) to detect. * * @return true if detected, false if not. */ function _detectNodeCrypto(fn) { return forge.util.isNodejs && typeof _crypto[fn] === 'function'; } /** * Performs feature detection on the SubtleCrypto interface. * * @param fn the feature (function) to detect. * * @return true if detected, false if not. */ function _detectSubtleCrypto(fn) { return (typeof util.globalScope !== 'undefined' && typeof util.globalScope.crypto === 'object' && typeof util.globalScope.crypto.subtle === 'object' && typeof util.globalScope.crypto.subtle[fn] === 'function'); } /** * Performs feature detection on the deprecated Microsoft Internet Explorer * outdated SubtleCrypto interface. This function should only be used after * checking for the modern, standard SubtleCrypto interface. * * @param fn the feature (function) to detect. * * @return true if detected, false if not. */ function _detectSubtleMsCrypto(fn) { return (typeof util.globalScope !== 'undefined' && typeof util.globalScope.msCrypto === 'object' && typeof util.globalScope.msCrypto.subtle === 'object' && typeof util.globalScope.msCrypto.subtle[fn] === 'function'); } function _intToUint8Array(x) { var bytes = forge.util.hexToBytes(x.toString(16)); var buffer = new Uint8Array(bytes.length); for(var i = 0; i < bytes.length; ++i) { buffer[i] = bytes.charCodeAt(i); } return buffer; } function _privateKeyFromJwk(jwk) { if(jwk.kty !== 'RSA') { throw new Error( 'Unsupported key algorithm "' + jwk.kty + '"; algorithm must be "RSA".'); } return pki.setRsaPrivateKey( _base64ToBigInt(jwk.n), _base64ToBigInt(jwk.e), _base64ToBigInt(jwk.d), _base64ToBigInt(jwk.p), _base64ToBigInt(jwk.q), _base64ToBigInt(jwk.dp), _base64ToBigInt(jwk.dq), _base64ToBigInt(jwk.qi)); } function _publicKeyFromJwk(jwk) { if(jwk.kty !== 'RSA') { throw new Error('Key algorithm must be "RSA".'); } return pki.setRsaPublicKey( _base64ToBigInt(jwk.n), _base64ToBigInt(jwk.e)); } function _base64ToBigInt(b64) { return new BigInteger(forge.util.bytesToHex(forge.util.decode64(b64)), 16); } /***/ }), /***/ 279: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Secure Hash Algorithm with 160-bit digest (SHA-1) implementation. * * @author Dave Longley * * Copyright (c) 2010-2015 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(6231); __nccwpck_require__(8339); var sha1 = module.exports = forge.sha1 = forge.sha1 || {}; forge.md.sha1 = forge.md.algorithms.sha1 = sha1; /** * Creates a SHA-1 message digest object. * * @return a message digest object. */ sha1.create = function() { // do initialization as necessary if(!_initialized) { _init(); } // SHA-1 state contains five 32-bit integers var _state = null; // input buffer var _input = forge.util.createBuffer(); // used for word storage var _w = new Array(80); // message digest object var md = { algorithm: 'sha1', blockLength: 64, digestLength: 20, // 56-bit length of message so far (does not including padding) messageLength: 0, // true message length fullMessageLength: null, // size of message length in bytes messageLengthSize: 8 }; /** * Starts the digest. * * @return this digest object. */ md.start = function() { // up to 56-bit message length for convenience md.messageLength = 0; // full message length (set md.messageLength64 for backwards-compatibility) md.fullMessageLength = md.messageLength64 = []; var int32s = md.messageLengthSize / 4; for(var i = 0; i < int32s; ++i) { md.fullMessageLength.push(0); } _input = forge.util.createBuffer(); _state = { h0: 0x67452301, h1: 0xEFCDAB89, h2: 0x98BADCFE, h3: 0x10325476, h4: 0xC3D2E1F0 }; return md; }; // start digest automatically for first time md.start(); /** * Updates the digest with the given message input. The given input can * treated as raw input (no encoding will be applied) or an encoding of * 'utf8' maybe given to encode the input using UTF-8. * * @param msg the message input to update with. * @param encoding the encoding to use (default: 'raw', other: 'utf8'). * * @return this digest object. */ md.update = function(msg, encoding) { if(encoding === 'utf8') { msg = forge.util.encodeUtf8(msg); } // update message length var len = msg.length; md.messageLength += len; len = [(len / 0x100000000) >>> 0, len >>> 0]; for(var i = md.fullMessageLength.length - 1; i >= 0; --i) { md.fullMessageLength[i] += len[1]; len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0); md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; len[0] = ((len[1] / 0x100000000) >>> 0); } // add bytes to input buffer _input.putBytes(msg); // process bytes _update(_state, _w, _input); // compact input buffer every 2K or if empty if(_input.read > 2048 || _input.length() === 0) { _input.compact(); } return md; }; /** * Produces the digest. * * @return a byte buffer containing the digest value. */ md.digest = function() { /* Note: Here we copy the remaining bytes in the input buffer and add the appropriate SHA-1 padding. Then we do the final update on a copy of the state so that if the user wants to get intermediate digests they can do so. */ /* Determine the number of bytes that must be added to the message to ensure its length is congruent to 448 mod 512. In other words, the data to be digested must be a multiple of 512 bits (or 128 bytes). This data includes the message, some padding, and the length of the message. Since the length of the message will be encoded as 8 bytes (64 bits), that means that the last segment of the data must have 56 bytes (448 bits) of message and padding. Therefore, the length of the message plus the padding must be congruent to 448 mod 512 because 512 - 128 = 448. In order to fill up the message length it must be filled with padding that begins with 1 bit followed by all 0 bits. Padding must *always* be present, so if the message length is already congruent to 448 mod 512, then 512 padding bits must be added. */ var finalBlock = forge.util.createBuffer(); finalBlock.putBytes(_input.bytes()); // compute remaining size to be digested (include message length size) var remaining = ( md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize); // add padding for overflow blockSize - overflow // _padding starts with 1 byte with first bit is set (byte value 128), then // there may be up to (blockSize - 1) other pad bytes var overflow = remaining & (md.blockLength - 1); finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); // serialize message length in bits in big-endian order; since length // is stored in bytes we multiply by 8 and add carry from next int var next, carry; var bits = md.fullMessageLength[0] * 8; for(var i = 0; i < md.fullMessageLength.length - 1; ++i) { next = md.fullMessageLength[i + 1] * 8; carry = (next / 0x100000000) >>> 0; bits += carry; finalBlock.putInt32(bits >>> 0); bits = next >>> 0; } finalBlock.putInt32(bits); var s2 = { h0: _state.h0, h1: _state.h1, h2: _state.h2, h3: _state.h3, h4: _state.h4 }; _update(s2, _w, finalBlock); var rval = forge.util.createBuffer(); rval.putInt32(s2.h0); rval.putInt32(s2.h1); rval.putInt32(s2.h2); rval.putInt32(s2.h3); rval.putInt32(s2.h4); return rval; }; return md; }; // sha-1 padding bytes not initialized yet var _padding = null; var _initialized = false; /** * Initializes the constant tables. */ function _init() { // create padding _padding = String.fromCharCode(128); _padding += forge.util.fillString(String.fromCharCode(0x00), 64); // now initialized _initialized = true; } /** * Updates a SHA-1 state with the given byte buffer. * * @param s the SHA-1 state to update. * @param w the array to use to store words. * @param bytes the byte buffer to update with. */ function _update(s, w, bytes) { // consume 512 bit (64 byte) chunks var t, a, b, c, d, e, f, i; var len = bytes.length(); while(len >= 64) { // the w array will be populated with sixteen 32-bit big-endian words // and then extended into 80 32-bit words according to SHA-1 algorithm // and for 32-79 using Max Locktyukhin's optimization // initialize hash value for this chunk a = s.h0; b = s.h1; c = s.h2; d = s.h3; e = s.h4; // round 1 for(i = 0; i < 16; ++i) { t = bytes.getInt32(); w[i] = t; f = d ^ (b & (c ^ d)); t = ((a << 5) | (a >>> 27)) + f + e + 0x5A827999 + t; e = d; d = c; // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug c = ((b << 30) | (b >>> 2)) >>> 0; b = a; a = t; } for(; i < 20; ++i) { t = (w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]); t = (t << 1) | (t >>> 31); w[i] = t; f = d ^ (b & (c ^ d)); t = ((a << 5) | (a >>> 27)) + f + e + 0x5A827999 + t; e = d; d = c; // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug c = ((b << 30) | (b >>> 2)) >>> 0; b = a; a = t; } // round 2 for(; i < 32; ++i) { t = (w[i - 3] ^ w[i - 8] ^ w[i - 14] ^ w[i - 16]); t = (t << 1) | (t >>> 31); w[i] = t; f = b ^ c ^ d; t = ((a << 5) | (a >>> 27)) + f + e + 0x6ED9EBA1 + t; e = d; d = c; // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug c = ((b << 30) | (b >>> 2)) >>> 0; b = a; a = t; } for(; i < 40; ++i) { t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]); t = (t << 2) | (t >>> 30); w[i] = t; f = b ^ c ^ d; t = ((a << 5) | (a >>> 27)) + f + e + 0x6ED9EBA1 + t; e = d; d = c; // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug c = ((b << 30) | (b >>> 2)) >>> 0; b = a; a = t; } // round 3 for(; i < 60; ++i) { t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]); t = (t << 2) | (t >>> 30); w[i] = t; f = (b & c) | (d & (b ^ c)); t = ((a << 5) | (a >>> 27)) + f + e + 0x8F1BBCDC + t; e = d; d = c; // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug c = ((b << 30) | (b >>> 2)) >>> 0; b = a; a = t; } // round 4 for(; i < 80; ++i) { t = (w[i - 6] ^ w[i - 16] ^ w[i - 28] ^ w[i - 32]); t = (t << 2) | (t >>> 30); w[i] = t; f = b ^ c ^ d; t = ((a << 5) | (a >>> 27)) + f + e + 0xCA62C1D6 + t; e = d; d = c; // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug c = ((b << 30) | (b >>> 2)) >>> 0; b = a; a = t; } // update hash state s.h0 = (s.h0 + a) | 0; s.h1 = (s.h1 + b) | 0; s.h2 = (s.h2 + c) | 0; s.h3 = (s.h3 + d) | 0; s.h4 = (s.h4 + e) | 0; len -= 64; } } /***/ }), /***/ 4086: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Secure Hash Algorithm with 256-bit digest (SHA-256) implementation. * * See FIPS 180-2 for details. * * @author Dave Longley * * Copyright (c) 2010-2015 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(6231); __nccwpck_require__(8339); var sha256 = module.exports = forge.sha256 = forge.sha256 || {}; forge.md.sha256 = forge.md.algorithms.sha256 = sha256; /** * Creates a SHA-256 message digest object. * * @return a message digest object. */ sha256.create = function() { // do initialization as necessary if(!_initialized) { _init(); } // SHA-256 state contains eight 32-bit integers var _state = null; // input buffer var _input = forge.util.createBuffer(); // used for word storage var _w = new Array(64); // message digest object var md = { algorithm: 'sha256', blockLength: 64, digestLength: 32, // 56-bit length of message so far (does not including padding) messageLength: 0, // true message length fullMessageLength: null, // size of message length in bytes messageLengthSize: 8 }; /** * Starts the digest. * * @return this digest object. */ md.start = function() { // up to 56-bit message length for convenience md.messageLength = 0; // full message length (set md.messageLength64 for backwards-compatibility) md.fullMessageLength = md.messageLength64 = []; var int32s = md.messageLengthSize / 4; for(var i = 0; i < int32s; ++i) { md.fullMessageLength.push(0); } _input = forge.util.createBuffer(); _state = { h0: 0x6A09E667, h1: 0xBB67AE85, h2: 0x3C6EF372, h3: 0xA54FF53A, h4: 0x510E527F, h5: 0x9B05688C, h6: 0x1F83D9AB, h7: 0x5BE0CD19 }; return md; }; // start digest automatically for first time md.start(); /** * Updates the digest with the given message input. The given input can * treated as raw input (no encoding will be applied) or an encoding of * 'utf8' maybe given to encode the input using UTF-8. * * @param msg the message input to update with. * @param encoding the encoding to use (default: 'raw', other: 'utf8'). * * @return this digest object. */ md.update = function(msg, encoding) { if(encoding === 'utf8') { msg = forge.util.encodeUtf8(msg); } // update message length var len = msg.length; md.messageLength += len; len = [(len / 0x100000000) >>> 0, len >>> 0]; for(var i = md.fullMessageLength.length - 1; i >= 0; --i) { md.fullMessageLength[i] += len[1]; len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0); md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; len[0] = ((len[1] / 0x100000000) >>> 0); } // add bytes to input buffer _input.putBytes(msg); // process bytes _update(_state, _w, _input); // compact input buffer every 2K or if empty if(_input.read > 2048 || _input.length() === 0) { _input.compact(); } return md; }; /** * Produces the digest. * * @return a byte buffer containing the digest value. */ md.digest = function() { /* Note: Here we copy the remaining bytes in the input buffer and add the appropriate SHA-256 padding. Then we do the final update on a copy of the state so that if the user wants to get intermediate digests they can do so. */ /* Determine the number of bytes that must be added to the message to ensure its length is congruent to 448 mod 512. In other words, the data to be digested must be a multiple of 512 bits (or 128 bytes). This data includes the message, some padding, and the length of the message. Since the length of the message will be encoded as 8 bytes (64 bits), that means that the last segment of the data must have 56 bytes (448 bits) of message and padding. Therefore, the length of the message plus the padding must be congruent to 448 mod 512 because 512 - 128 = 448. In order to fill up the message length it must be filled with padding that begins with 1 bit followed by all 0 bits. Padding must *always* be present, so if the message length is already congruent to 448 mod 512, then 512 padding bits must be added. */ var finalBlock = forge.util.createBuffer(); finalBlock.putBytes(_input.bytes()); // compute remaining size to be digested (include message length size) var remaining = ( md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize); // add padding for overflow blockSize - overflow // _padding starts with 1 byte with first bit is set (byte value 128), then // there may be up to (blockSize - 1) other pad bytes var overflow = remaining & (md.blockLength - 1); finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); // serialize message length in bits in big-endian order; since length // is stored in bytes we multiply by 8 and add carry from next int var next, carry; var bits = md.fullMessageLength[0] * 8; for(var i = 0; i < md.fullMessageLength.length - 1; ++i) { next = md.fullMessageLength[i + 1] * 8; carry = (next / 0x100000000) >>> 0; bits += carry; finalBlock.putInt32(bits >>> 0); bits = next >>> 0; } finalBlock.putInt32(bits); var s2 = { h0: _state.h0, h1: _state.h1, h2: _state.h2, h3: _state.h3, h4: _state.h4, h5: _state.h5, h6: _state.h6, h7: _state.h7 }; _update(s2, _w, finalBlock); var rval = forge.util.createBuffer(); rval.putInt32(s2.h0); rval.putInt32(s2.h1); rval.putInt32(s2.h2); rval.putInt32(s2.h3); rval.putInt32(s2.h4); rval.putInt32(s2.h5); rval.putInt32(s2.h6); rval.putInt32(s2.h7); return rval; }; return md; }; // sha-256 padding bytes not initialized yet var _padding = null; var _initialized = false; // table of constants var _k = null; /** * Initializes the constant tables. */ function _init() { // create padding _padding = String.fromCharCode(128); _padding += forge.util.fillString(String.fromCharCode(0x00), 64); // create K table for SHA-256 _k = [ 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2]; // now initialized _initialized = true; } /** * Updates a SHA-256 state with the given byte buffer. * * @param s the SHA-256 state to update. * @param w the array to use to store words. * @param bytes the byte buffer to update with. */ function _update(s, w, bytes) { // consume 512 bit (64 byte) chunks var t1, t2, s0, s1, ch, maj, i, a, b, c, d, e, f, g, h; var len = bytes.length(); while(len >= 64) { // the w array will be populated with sixteen 32-bit big-endian words // and then extended into 64 32-bit words according to SHA-256 for(i = 0; i < 16; ++i) { w[i] = bytes.getInt32(); } for(; i < 64; ++i) { // XOR word 2 words ago rot right 17, rot right 19, shft right 10 t1 = w[i - 2]; t1 = ((t1 >>> 17) | (t1 << 15)) ^ ((t1 >>> 19) | (t1 << 13)) ^ (t1 >>> 10); // XOR word 15 words ago rot right 7, rot right 18, shft right 3 t2 = w[i - 15]; t2 = ((t2 >>> 7) | (t2 << 25)) ^ ((t2 >>> 18) | (t2 << 14)) ^ (t2 >>> 3); // sum(t1, word 7 ago, t2, word 16 ago) modulo 2^32 w[i] = (t1 + w[i - 7] + t2 + w[i - 16]) | 0; } // initialize hash value for this chunk a = s.h0; b = s.h1; c = s.h2; d = s.h3; e = s.h4; f = s.h5; g = s.h6; h = s.h7; // round function for(i = 0; i < 64; ++i) { // Sum1(e) s1 = ((e >>> 6) | (e << 26)) ^ ((e >>> 11) | (e << 21)) ^ ((e >>> 25) | (e << 7)); // Ch(e, f, g) (optimized the same way as SHA-1) ch = g ^ (e & (f ^ g)); // Sum0(a) s0 = ((a >>> 2) | (a << 30)) ^ ((a >>> 13) | (a << 19)) ^ ((a >>> 22) | (a << 10)); // Maj(a, b, c) (optimized the same way as SHA-1) maj = (a & b) | (c & (a ^ b)); // main algorithm t1 = h + s1 + ch + _k[i] + w[i]; t2 = s0 + maj; h = g; g = f; f = e; // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug // can't truncate with `| 0` e = (d + t1) >>> 0; d = c; c = b; b = a; // `>>> 0` necessary to avoid iOS/Safari 10 optimization bug // can't truncate with `| 0` a = (t1 + t2) >>> 0; } // update hash state s.h0 = (s.h0 + a) | 0; s.h1 = (s.h1 + b) | 0; s.h2 = (s.h2 + c) | 0; s.h3 = (s.h3 + d) | 0; s.h4 = (s.h4 + e) | 0; s.h5 = (s.h5 + f) | 0; s.h6 = (s.h6 + g) | 0; s.h7 = (s.h7 + h) | 0; len -= 64; } } /***/ }), /***/ 9542: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Secure Hash Algorithm with a 1024-bit block size implementation. * * This includes: SHA-512, SHA-384, SHA-512/224, and SHA-512/256. For * SHA-256 (block size 512 bits), see sha256.js. * * See FIPS 180-4 for details. * * @author Dave Longley * * Copyright (c) 2014-2015 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(6231); __nccwpck_require__(8339); var sha512 = module.exports = forge.sha512 = forge.sha512 || {}; // SHA-512 forge.md.sha512 = forge.md.algorithms.sha512 = sha512; // SHA-384 var sha384 = forge.sha384 = forge.sha512.sha384 = forge.sha512.sha384 || {}; sha384.create = function() { return sha512.create('SHA-384'); }; forge.md.sha384 = forge.md.algorithms.sha384 = sha384; // SHA-512/256 forge.sha512.sha256 = forge.sha512.sha256 || { create: function() { return sha512.create('SHA-512/256'); } }; forge.md['sha512/256'] = forge.md.algorithms['sha512/256'] = forge.sha512.sha256; // SHA-512/224 forge.sha512.sha224 = forge.sha512.sha224 || { create: function() { return sha512.create('SHA-512/224'); } }; forge.md['sha512/224'] = forge.md.algorithms['sha512/224'] = forge.sha512.sha224; /** * Creates a SHA-2 message digest object. * * @param algorithm the algorithm to use (SHA-512, SHA-384, SHA-512/224, * SHA-512/256). * * @return a message digest object. */ sha512.create = function(algorithm) { // do initialization as necessary if(!_initialized) { _init(); } if(typeof algorithm === 'undefined') { algorithm = 'SHA-512'; } if(!(algorithm in _states)) { throw new Error('Invalid SHA-512 algorithm: ' + algorithm); } // SHA-512 state contains eight 64-bit integers (each as two 32-bit ints) var _state = _states[algorithm]; var _h = null; // input buffer var _input = forge.util.createBuffer(); // used for 64-bit word storage var _w = new Array(80); for(var wi = 0; wi < 80; ++wi) { _w[wi] = new Array(2); } // determine digest length by algorithm name (default) var digestLength = 64; switch(algorithm) { case 'SHA-384': digestLength = 48; break; case 'SHA-512/256': digestLength = 32; break; case 'SHA-512/224': digestLength = 28; break; } // message digest object var md = { // SHA-512 => sha512 algorithm: algorithm.replace('-', '').toLowerCase(), blockLength: 128, digestLength: digestLength, // 56-bit length of message so far (does not including padding) messageLength: 0, // true message length fullMessageLength: null, // size of message length in bytes messageLengthSize: 16 }; /** * Starts the digest. * * @return this digest object. */ md.start = function() { // up to 56-bit message length for convenience md.messageLength = 0; // full message length (set md.messageLength128 for backwards-compatibility) md.fullMessageLength = md.messageLength128 = []; var int32s = md.messageLengthSize / 4; for(var i = 0; i < int32s; ++i) { md.fullMessageLength.push(0); } _input = forge.util.createBuffer(); _h = new Array(_state.length); for(var i = 0; i < _state.length; ++i) { _h[i] = _state[i].slice(0); } return md; }; // start digest automatically for first time md.start(); /** * Updates the digest with the given message input. The given input can * treated as raw input (no encoding will be applied) or an encoding of * 'utf8' maybe given to encode the input using UTF-8. * * @param msg the message input to update with. * @param encoding the encoding to use (default: 'raw', other: 'utf8'). * * @return this digest object. */ md.update = function(msg, encoding) { if(encoding === 'utf8') { msg = forge.util.encodeUtf8(msg); } // update message length var len = msg.length; md.messageLength += len; len = [(len / 0x100000000) >>> 0, len >>> 0]; for(var i = md.fullMessageLength.length - 1; i >= 0; --i) { md.fullMessageLength[i] += len[1]; len[1] = len[0] + ((md.fullMessageLength[i] / 0x100000000) >>> 0); md.fullMessageLength[i] = md.fullMessageLength[i] >>> 0; len[0] = ((len[1] / 0x100000000) >>> 0); } // add bytes to input buffer _input.putBytes(msg); // process bytes _update(_h, _w, _input); // compact input buffer every 2K or if empty if(_input.read > 2048 || _input.length() === 0) { _input.compact(); } return md; }; /** * Produces the digest. * * @return a byte buffer containing the digest value. */ md.digest = function() { /* Note: Here we copy the remaining bytes in the input buffer and add the appropriate SHA-512 padding. Then we do the final update on a copy of the state so that if the user wants to get intermediate digests they can do so. */ /* Determine the number of bytes that must be added to the message to ensure its length is congruent to 896 mod 1024. In other words, the data to be digested must be a multiple of 1024 bits (or 128 bytes). This data includes the message, some padding, and the length of the message. Since the length of the message will be encoded as 16 bytes (128 bits), that means that the last segment of the data must have 112 bytes (896 bits) of message and padding. Therefore, the length of the message plus the padding must be congruent to 896 mod 1024 because 1024 - 128 = 896. In order to fill up the message length it must be filled with padding that begins with 1 bit followed by all 0 bits. Padding must *always* be present, so if the message length is already congruent to 896 mod 1024, then 1024 padding bits must be added. */ var finalBlock = forge.util.createBuffer(); finalBlock.putBytes(_input.bytes()); // compute remaining size to be digested (include message length size) var remaining = ( md.fullMessageLength[md.fullMessageLength.length - 1] + md.messageLengthSize); // add padding for overflow blockSize - overflow // _padding starts with 1 byte with first bit is set (byte value 128), then // there may be up to (blockSize - 1) other pad bytes var overflow = remaining & (md.blockLength - 1); finalBlock.putBytes(_padding.substr(0, md.blockLength - overflow)); // serialize message length in bits in big-endian order; since length // is stored in bytes we multiply by 8 and add carry from next int var next, carry; var bits = md.fullMessageLength[0] * 8; for(var i = 0; i < md.fullMessageLength.length - 1; ++i) { next = md.fullMessageLength[i + 1] * 8; carry = (next / 0x100000000) >>> 0; bits += carry; finalBlock.putInt32(bits >>> 0); bits = next >>> 0; } finalBlock.putInt32(bits); var h = new Array(_h.length); for(var i = 0; i < _h.length; ++i) { h[i] = _h[i].slice(0); } _update(h, _w, finalBlock); var rval = forge.util.createBuffer(); var hlen; if(algorithm === 'SHA-512') { hlen = h.length; } else if(algorithm === 'SHA-384') { hlen = h.length - 2; } else { hlen = h.length - 4; } for(var i = 0; i < hlen; ++i) { rval.putInt32(h[i][0]); if(i !== hlen - 1 || algorithm !== 'SHA-512/224') { rval.putInt32(h[i][1]); } } return rval; }; return md; }; // sha-512 padding bytes not initialized yet var _padding = null; var _initialized = false; // table of constants var _k = null; // initial hash states var _states = null; /** * Initializes the constant tables. */ function _init() { // create padding _padding = String.fromCharCode(128); _padding += forge.util.fillString(String.fromCharCode(0x00), 128); // create K table for SHA-512 _k = [ [0x428a2f98, 0xd728ae22], [0x71374491, 0x23ef65cd], [0xb5c0fbcf, 0xec4d3b2f], [0xe9b5dba5, 0x8189dbbc], [0x3956c25b, 0xf348b538], [0x59f111f1, 0xb605d019], [0x923f82a4, 0xaf194f9b], [0xab1c5ed5, 0xda6d8118], [0xd807aa98, 0xa3030242], [0x12835b01, 0x45706fbe], [0x243185be, 0x4ee4b28c], [0x550c7dc3, 0xd5ffb4e2], [0x72be5d74, 0xf27b896f], [0x80deb1fe, 0x3b1696b1], [0x9bdc06a7, 0x25c71235], [0xc19bf174, 0xcf692694], [0xe49b69c1, 0x9ef14ad2], [0xefbe4786, 0x384f25e3], [0x0fc19dc6, 0x8b8cd5b5], [0x240ca1cc, 0x77ac9c65], [0x2de92c6f, 0x592b0275], [0x4a7484aa, 0x6ea6e483], [0x5cb0a9dc, 0xbd41fbd4], [0x76f988da, 0x831153b5], [0x983e5152, 0xee66dfab], [0xa831c66d, 0x2db43210], [0xb00327c8, 0x98fb213f], [0xbf597fc7, 0xbeef0ee4], [0xc6e00bf3, 0x3da88fc2], [0xd5a79147, 0x930aa725], [0x06ca6351, 0xe003826f], [0x14292967, 0x0a0e6e70], [0x27b70a85, 0x46d22ffc], [0x2e1b2138, 0x5c26c926], [0x4d2c6dfc, 0x5ac42aed], [0x53380d13, 0x9d95b3df], [0x650a7354, 0x8baf63de], [0x766a0abb, 0x3c77b2a8], [0x81c2c92e, 0x47edaee6], [0x92722c85, 0x1482353b], [0xa2bfe8a1, 0x4cf10364], [0xa81a664b, 0xbc423001], [0xc24b8b70, 0xd0f89791], [0xc76c51a3, 0x0654be30], [0xd192e819, 0xd6ef5218], [0xd6990624, 0x5565a910], [0xf40e3585, 0x5771202a], [0x106aa070, 0x32bbd1b8], [0x19a4c116, 0xb8d2d0c8], [0x1e376c08, 0x5141ab53], [0x2748774c, 0xdf8eeb99], [0x34b0bcb5, 0xe19b48a8], [0x391c0cb3, 0xc5c95a63], [0x4ed8aa4a, 0xe3418acb], [0x5b9cca4f, 0x7763e373], [0x682e6ff3, 0xd6b2b8a3], [0x748f82ee, 0x5defb2fc], [0x78a5636f, 0x43172f60], [0x84c87814, 0xa1f0ab72], [0x8cc70208, 0x1a6439ec], [0x90befffa, 0x23631e28], [0xa4506ceb, 0xde82bde9], [0xbef9a3f7, 0xb2c67915], [0xc67178f2, 0xe372532b], [0xca273ece, 0xea26619c], [0xd186b8c7, 0x21c0c207], [0xeada7dd6, 0xcde0eb1e], [0xf57d4f7f, 0xee6ed178], [0x06f067aa, 0x72176fba], [0x0a637dc5, 0xa2c898a6], [0x113f9804, 0xbef90dae], [0x1b710b35, 0x131c471b], [0x28db77f5, 0x23047d84], [0x32caab7b, 0x40c72493], [0x3c9ebe0a, 0x15c9bebc], [0x431d67c4, 0x9c100d4c], [0x4cc5d4be, 0xcb3e42b6], [0x597f299c, 0xfc657e2a], [0x5fcb6fab, 0x3ad6faec], [0x6c44198c, 0x4a475817] ]; // initial hash states _states = {}; _states['SHA-512'] = [ [0x6a09e667, 0xf3bcc908], [0xbb67ae85, 0x84caa73b], [0x3c6ef372, 0xfe94f82b], [0xa54ff53a, 0x5f1d36f1], [0x510e527f, 0xade682d1], [0x9b05688c, 0x2b3e6c1f], [0x1f83d9ab, 0xfb41bd6b], [0x5be0cd19, 0x137e2179] ]; _states['SHA-384'] = [ [0xcbbb9d5d, 0xc1059ed8], [0x629a292a, 0x367cd507], [0x9159015a, 0x3070dd17], [0x152fecd8, 0xf70e5939], [0x67332667, 0xffc00b31], [0x8eb44a87, 0x68581511], [0xdb0c2e0d, 0x64f98fa7], [0x47b5481d, 0xbefa4fa4] ]; _states['SHA-512/256'] = [ [0x22312194, 0xFC2BF72C], [0x9F555FA3, 0xC84C64C2], [0x2393B86B, 0x6F53B151], [0x96387719, 0x5940EABD], [0x96283EE2, 0xA88EFFE3], [0xBE5E1E25, 0x53863992], [0x2B0199FC, 0x2C85B8AA], [0x0EB72DDC, 0x81C52CA2] ]; _states['SHA-512/224'] = [ [0x8C3D37C8, 0x19544DA2], [0x73E19966, 0x89DCD4D6], [0x1DFAB7AE, 0x32FF9C82], [0x679DD514, 0x582F9FCF], [0x0F6D2B69, 0x7BD44DA8], [0x77E36F73, 0x04C48942], [0x3F9D85A8, 0x6A1D36C8], [0x1112E6AD, 0x91D692A1] ]; // now initialized _initialized = true; } /** * Updates a SHA-512 state with the given byte buffer. * * @param s the SHA-512 state to update. * @param w the array to use to store words. * @param bytes the byte buffer to update with. */ function _update(s, w, bytes) { // consume 512 bit (128 byte) chunks var t1_hi, t1_lo; var t2_hi, t2_lo; var s0_hi, s0_lo; var s1_hi, s1_lo; var ch_hi, ch_lo; var maj_hi, maj_lo; var a_hi, a_lo; var b_hi, b_lo; var c_hi, c_lo; var d_hi, d_lo; var e_hi, e_lo; var f_hi, f_lo; var g_hi, g_lo; var h_hi, h_lo; var i, hi, lo, w2, w7, w15, w16; var len = bytes.length(); while(len >= 128) { // the w array will be populated with sixteen 64-bit big-endian words // and then extended into 64 64-bit words according to SHA-512 for(i = 0; i < 16; ++i) { w[i][0] = bytes.getInt32() >>> 0; w[i][1] = bytes.getInt32() >>> 0; } for(; i < 80; ++i) { // for word 2 words ago: ROTR 19(x) ^ ROTR 61(x) ^ SHR 6(x) w2 = w[i - 2]; hi = w2[0]; lo = w2[1]; // high bits t1_hi = ( ((hi >>> 19) | (lo << 13)) ^ // ROTR 19 ((lo >>> 29) | (hi << 3)) ^ // ROTR 61/(swap + ROTR 29) (hi >>> 6)) >>> 0; // SHR 6 // low bits t1_lo = ( ((hi << 13) | (lo >>> 19)) ^ // ROTR 19 ((lo << 3) | (hi >>> 29)) ^ // ROTR 61/(swap + ROTR 29) ((hi << 26) | (lo >>> 6))) >>> 0; // SHR 6 // for word 15 words ago: ROTR 1(x) ^ ROTR 8(x) ^ SHR 7(x) w15 = w[i - 15]; hi = w15[0]; lo = w15[1]; // high bits t2_hi = ( ((hi >>> 1) | (lo << 31)) ^ // ROTR 1 ((hi >>> 8) | (lo << 24)) ^ // ROTR 8 (hi >>> 7)) >>> 0; // SHR 7 // low bits t2_lo = ( ((hi << 31) | (lo >>> 1)) ^ // ROTR 1 ((hi << 24) | (lo >>> 8)) ^ // ROTR 8 ((hi << 25) | (lo >>> 7))) >>> 0; // SHR 7 // sum(t1, word 7 ago, t2, word 16 ago) modulo 2^64 (carry lo overflow) w7 = w[i - 7]; w16 = w[i - 16]; lo = (t1_lo + w7[1] + t2_lo + w16[1]); w[i][0] = (t1_hi + w7[0] + t2_hi + w16[0] + ((lo / 0x100000000) >>> 0)) >>> 0; w[i][1] = lo >>> 0; } // initialize hash value for this chunk a_hi = s[0][0]; a_lo = s[0][1]; b_hi = s[1][0]; b_lo = s[1][1]; c_hi = s[2][0]; c_lo = s[2][1]; d_hi = s[3][0]; d_lo = s[3][1]; e_hi = s[4][0]; e_lo = s[4][1]; f_hi = s[5][0]; f_lo = s[5][1]; g_hi = s[6][0]; g_lo = s[6][1]; h_hi = s[7][0]; h_lo = s[7][1]; // round function for(i = 0; i < 80; ++i) { // Sum1(e) = ROTR 14(e) ^ ROTR 18(e) ^ ROTR 41(e) s1_hi = ( ((e_hi >>> 14) | (e_lo << 18)) ^ // ROTR 14 ((e_hi >>> 18) | (e_lo << 14)) ^ // ROTR 18 ((e_lo >>> 9) | (e_hi << 23))) >>> 0; // ROTR 41/(swap + ROTR 9) s1_lo = ( ((e_hi << 18) | (e_lo >>> 14)) ^ // ROTR 14 ((e_hi << 14) | (e_lo >>> 18)) ^ // ROTR 18 ((e_lo << 23) | (e_hi >>> 9))) >>> 0; // ROTR 41/(swap + ROTR 9) // Ch(e, f, g) (optimized the same way as SHA-1) ch_hi = (g_hi ^ (e_hi & (f_hi ^ g_hi))) >>> 0; ch_lo = (g_lo ^ (e_lo & (f_lo ^ g_lo))) >>> 0; // Sum0(a) = ROTR 28(a) ^ ROTR 34(a) ^ ROTR 39(a) s0_hi = ( ((a_hi >>> 28) | (a_lo << 4)) ^ // ROTR 28 ((a_lo >>> 2) | (a_hi << 30)) ^ // ROTR 34/(swap + ROTR 2) ((a_lo >>> 7) | (a_hi << 25))) >>> 0; // ROTR 39/(swap + ROTR 7) s0_lo = ( ((a_hi << 4) | (a_lo >>> 28)) ^ // ROTR 28 ((a_lo << 30) | (a_hi >>> 2)) ^ // ROTR 34/(swap + ROTR 2) ((a_lo << 25) | (a_hi >>> 7))) >>> 0; // ROTR 39/(swap + ROTR 7) // Maj(a, b, c) (optimized the same way as SHA-1) maj_hi = ((a_hi & b_hi) | (c_hi & (a_hi ^ b_hi))) >>> 0; maj_lo = ((a_lo & b_lo) | (c_lo & (a_lo ^ b_lo))) >>> 0; // main algorithm // t1 = (h + s1 + ch + _k[i] + _w[i]) modulo 2^64 (carry lo overflow) lo = (h_lo + s1_lo + ch_lo + _k[i][1] + w[i][1]); t1_hi = (h_hi + s1_hi + ch_hi + _k[i][0] + w[i][0] + ((lo / 0x100000000) >>> 0)) >>> 0; t1_lo = lo >>> 0; // t2 = s0 + maj modulo 2^64 (carry lo overflow) lo = s0_lo + maj_lo; t2_hi = (s0_hi + maj_hi + ((lo / 0x100000000) >>> 0)) >>> 0; t2_lo = lo >>> 0; h_hi = g_hi; h_lo = g_lo; g_hi = f_hi; g_lo = f_lo; f_hi = e_hi; f_lo = e_lo; // e = (d + t1) modulo 2^64 (carry lo overflow) lo = d_lo + t1_lo; e_hi = (d_hi + t1_hi + ((lo / 0x100000000) >>> 0)) >>> 0; e_lo = lo >>> 0; d_hi = c_hi; d_lo = c_lo; c_hi = b_hi; c_lo = b_lo; b_hi = a_hi; b_lo = a_lo; // a = (t1 + t2) modulo 2^64 (carry lo overflow) lo = t1_lo + t2_lo; a_hi = (t1_hi + t2_hi + ((lo / 0x100000000) >>> 0)) >>> 0; a_lo = lo >>> 0; } // update hash state (additional modulo 2^64) lo = s[0][1] + a_lo; s[0][0] = (s[0][0] + a_hi + ((lo / 0x100000000) >>> 0)) >>> 0; s[0][1] = lo >>> 0; lo = s[1][1] + b_lo; s[1][0] = (s[1][0] + b_hi + ((lo / 0x100000000) >>> 0)) >>> 0; s[1][1] = lo >>> 0; lo = s[2][1] + c_lo; s[2][0] = (s[2][0] + c_hi + ((lo / 0x100000000) >>> 0)) >>> 0; s[2][1] = lo >>> 0; lo = s[3][1] + d_lo; s[3][0] = (s[3][0] + d_hi + ((lo / 0x100000000) >>> 0)) >>> 0; s[3][1] = lo >>> 0; lo = s[4][1] + e_lo; s[4][0] = (s[4][0] + e_hi + ((lo / 0x100000000) >>> 0)) >>> 0; s[4][1] = lo >>> 0; lo = s[5][1] + f_lo; s[5][0] = (s[5][0] + f_hi + ((lo / 0x100000000) >>> 0)) >>> 0; s[5][1] = lo >>> 0; lo = s[6][1] + g_lo; s[6][0] = (s[6][0] + g_hi + ((lo / 0x100000000) >>> 0)) >>> 0; s[6][1] = lo >>> 0; lo = s[7][1] + h_lo; s[7][0] = (s[7][0] + h_hi + ((lo / 0x100000000) >>> 0)) >>> 0; s[7][1] = lo >>> 0; len -= 128; } } /***/ }), /***/ 4280: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Functions to output keys in SSH-friendly formats. * * This is part of the Forge project which may be used under the terms of * either the BSD License or the GNU General Public License (GPL) Version 2. * * See: https://github.com/digitalbazaar/forge/blob/cbebca3780658703d925b61b2caffb1d263a6c1d/LICENSE * * @author https://github.com/shellac */ var forge = __nccwpck_require__(9177); __nccwpck_require__(7994); __nccwpck_require__(5104); __nccwpck_require__(6594); __nccwpck_require__(279); __nccwpck_require__(8339); var ssh = module.exports = forge.ssh = forge.ssh || {}; /** * Encodes (and optionally encrypts) a private RSA key as a Putty PPK file. * * @param privateKey the key. * @param passphrase a passphrase to protect the key (falsy for no encryption). * @param comment a comment to include in the key file. * * @return the PPK file as a string. */ ssh.privateKeyToPutty = function(privateKey, passphrase, comment) { comment = comment || ''; passphrase = passphrase || ''; var algorithm = 'ssh-rsa'; var encryptionAlgorithm = (passphrase === '') ? 'none' : 'aes256-cbc'; var ppk = 'PuTTY-User-Key-File-2: ' + algorithm + '\r\n'; ppk += 'Encryption: ' + encryptionAlgorithm + '\r\n'; ppk += 'Comment: ' + comment + '\r\n'; // public key into buffer for ppk var pubbuffer = forge.util.createBuffer(); _addStringToBuffer(pubbuffer, algorithm); _addBigIntegerToBuffer(pubbuffer, privateKey.e); _addBigIntegerToBuffer(pubbuffer, privateKey.n); // write public key var pub = forge.util.encode64(pubbuffer.bytes(), 64); var length = Math.floor(pub.length / 66) + 1; // 66 = 64 + \r\n ppk += 'Public-Lines: ' + length + '\r\n'; ppk += pub; // private key into a buffer var privbuffer = forge.util.createBuffer(); _addBigIntegerToBuffer(privbuffer, privateKey.d); _addBigIntegerToBuffer(privbuffer, privateKey.p); _addBigIntegerToBuffer(privbuffer, privateKey.q); _addBigIntegerToBuffer(privbuffer, privateKey.qInv); // optionally encrypt the private key var priv; if(!passphrase) { // use the unencrypted buffer priv = forge.util.encode64(privbuffer.bytes(), 64); } else { // encrypt RSA key using passphrase var encLen = privbuffer.length() + 16 - 1; encLen -= encLen % 16; // pad private key with sha1-d data -- needs to be a multiple of 16 var padding = _sha1(privbuffer.bytes()); padding.truncate(padding.length() - encLen + privbuffer.length()); privbuffer.putBuffer(padding); var aeskey = forge.util.createBuffer(); aeskey.putBuffer(_sha1('\x00\x00\x00\x00', passphrase)); aeskey.putBuffer(_sha1('\x00\x00\x00\x01', passphrase)); // encrypt some bytes using CBC mode // key is 40 bytes, so truncate *by* 8 bytes var cipher = forge.aes.createEncryptionCipher(aeskey.truncate(8), 'CBC'); cipher.start(forge.util.createBuffer().fillWithByte(0, 16)); cipher.update(privbuffer.copy()); cipher.finish(); var encrypted = cipher.output; // Note: this appears to differ from Putty -- is forge wrong, or putty? // due to padding we finish as an exact multiple of 16 encrypted.truncate(16); // all padding priv = forge.util.encode64(encrypted.bytes(), 64); } // output private key length = Math.floor(priv.length / 66) + 1; // 64 + \r\n ppk += '\r\nPrivate-Lines: ' + length + '\r\n'; ppk += priv; // MAC var mackey = _sha1('putty-private-key-file-mac-key', passphrase); var macbuffer = forge.util.createBuffer(); _addStringToBuffer(macbuffer, algorithm); _addStringToBuffer(macbuffer, encryptionAlgorithm); _addStringToBuffer(macbuffer, comment); macbuffer.putInt32(pubbuffer.length()); macbuffer.putBuffer(pubbuffer); macbuffer.putInt32(privbuffer.length()); macbuffer.putBuffer(privbuffer); var hmac = forge.hmac.create(); hmac.start('sha1', mackey); hmac.update(macbuffer.bytes()); ppk += '\r\nPrivate-MAC: ' + hmac.digest().toHex() + '\r\n'; return ppk; }; /** * Encodes a public RSA key as an OpenSSH file. * * @param key the key. * @param comment a comment. * * @return the public key in OpenSSH format. */ ssh.publicKeyToOpenSSH = function(key, comment) { var type = 'ssh-rsa'; comment = comment || ''; var buffer = forge.util.createBuffer(); _addStringToBuffer(buffer, type); _addBigIntegerToBuffer(buffer, key.e); _addBigIntegerToBuffer(buffer, key.n); return type + ' ' + forge.util.encode64(buffer.bytes()) + ' ' + comment; }; /** * Encodes a private RSA key as an OpenSSH file. * * @param key the key. * @param passphrase a passphrase to protect the key (falsy for no encryption). * * @return the public key in OpenSSH format. */ ssh.privateKeyToOpenSSH = function(privateKey, passphrase) { if(!passphrase) { return forge.pki.privateKeyToPem(privateKey); } // OpenSSH private key is just a legacy format, it seems return forge.pki.encryptRsaPrivateKey(privateKey, passphrase, {legacy: true, algorithm: 'aes128'}); }; /** * Gets the SSH fingerprint for the given public key. * * @param options the options to use. * [md] the message digest object to use (defaults to forge.md.md5). * [encoding] an alternative output encoding, such as 'hex' * (defaults to none, outputs a byte buffer). * [delimiter] the delimiter to use between bytes for 'hex' encoded * output, eg: ':' (defaults to none). * * @return the fingerprint as a byte buffer or other encoding based on options. */ ssh.getPublicKeyFingerprint = function(key, options) { options = options || {}; var md = options.md || forge.md.md5.create(); var type = 'ssh-rsa'; var buffer = forge.util.createBuffer(); _addStringToBuffer(buffer, type); _addBigIntegerToBuffer(buffer, key.e); _addBigIntegerToBuffer(buffer, key.n); // hash public key bytes md.start(); md.update(buffer.getBytes()); var digest = md.digest(); if(options.encoding === 'hex') { var hex = digest.toHex(); if(options.delimiter) { return hex.match(/.{2}/g).join(options.delimiter); } return hex; } else if(options.encoding === 'binary') { return digest.getBytes(); } else if(options.encoding) { throw new Error('Unknown encoding "' + options.encoding + '".'); } return digest; }; /** * Adds len(val) then val to a buffer. * * @param buffer the buffer to add to. * @param val a big integer. */ function _addBigIntegerToBuffer(buffer, val) { var hexVal = val.toString(16); // ensure 2s complement +ve if(hexVal[0] >= '8') { hexVal = '00' + hexVal; } var bytes = forge.util.hexToBytes(hexVal); buffer.putInt32(bytes.length); buffer.putBytes(bytes); } /** * Adds len(val) then val to a buffer. * * @param buffer the buffer to add to. * @param val a string. */ function _addStringToBuffer(buffer, val) { buffer.putInt32(val.length); buffer.putString(val); } /** * Hashes the arguments into one value using SHA-1. * * @return the sha1 hash of the provided arguments. */ function _sha1() { var sha = forge.md.sha1.create(); var num = arguments.length; for (var i = 0; i < num; ++i) { sha.update(arguments[i]); } return sha.digest(); } /***/ }), /***/ 9167: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * A Javascript implementation of Transport Layer Security (TLS). * * @author Dave Longley * * Copyright (c) 2009-2014 Digital Bazaar, Inc. * * The TLS Handshake Protocol involves the following steps: * * - Exchange hello messages to agree on algorithms, exchange random values, * and check for session resumption. * * - Exchange the necessary cryptographic parameters to allow the client and * server to agree on a premaster secret. * * - Exchange certificates and cryptographic information to allow the client * and server to authenticate themselves. * * - Generate a master secret from the premaster secret and exchanged random * values. * * - Provide security parameters to the record layer. * * - Allow the client and server to verify that their peer has calculated the * same security parameters and that the handshake occurred without tampering * by an attacker. * * Up to 4 different messages may be sent during a key exchange. The server * certificate, the server key exchange, the client certificate, and the * client key exchange. * * A typical handshake (from the client's perspective). * * 1. Client sends ClientHello. * 2. Client receives ServerHello. * 3. Client receives optional Certificate. * 4. Client receives optional ServerKeyExchange. * 5. Client receives ServerHelloDone. * 6. Client sends optional Certificate. * 7. Client sends ClientKeyExchange. * 8. Client sends optional CertificateVerify. * 9. Client sends ChangeCipherSpec. * 10. Client sends Finished. * 11. Client receives ChangeCipherSpec. * 12. Client receives Finished. * 13. Client sends/receives application data. * * To reuse an existing session: * * 1. Client sends ClientHello with session ID for reuse. * 2. Client receives ServerHello with same session ID if reusing. * 3. Client receives ChangeCipherSpec message if reusing. * 4. Client receives Finished. * 5. Client sends ChangeCipherSpec. * 6. Client sends Finished. * * Note: Client ignores HelloRequest if in the middle of a handshake. * * Record Layer: * * The record layer fragments information blocks into TLSPlaintext records * carrying data in chunks of 2^14 bytes or less. Client message boundaries are * not preserved in the record layer (i.e., multiple client messages of the * same ContentType MAY be coalesced into a single TLSPlaintext record, or a * single message MAY be fragmented across several records). * * struct { * uint8 major; * uint8 minor; * } ProtocolVersion; * * struct { * ContentType type; * ProtocolVersion version; * uint16 length; * opaque fragment[TLSPlaintext.length]; * } TLSPlaintext; * * type: * The higher-level protocol used to process the enclosed fragment. * * version: * The version of the protocol being employed. TLS Version 1.2 uses version * {3, 3}. TLS Version 1.0 uses version {3, 1}. Note that a client that * supports multiple versions of TLS may not know what version will be * employed before it receives the ServerHello. * * length: * The length (in bytes) of the following TLSPlaintext.fragment. The length * MUST NOT exceed 2^14 = 16384 bytes. * * fragment: * The application data. This data is transparent and treated as an * independent block to be dealt with by the higher-level protocol specified * by the type field. * * Implementations MUST NOT send zero-length fragments of Handshake, Alert, or * ChangeCipherSpec content types. Zero-length fragments of Application data * MAY be sent as they are potentially useful as a traffic analysis * countermeasure. * * Note: Data of different TLS record layer content types MAY be interleaved. * Application data is generally of lower precedence for transmission than * other content types. However, records MUST be delivered to the network in * the same order as they are protected by the record layer. Recipients MUST * receive and process interleaved application layer traffic during handshakes * subsequent to the first one on a connection. * * struct { * ContentType type; // same as TLSPlaintext.type * ProtocolVersion version;// same as TLSPlaintext.version * uint16 length; * opaque fragment[TLSCompressed.length]; * } TLSCompressed; * * length: * The length (in bytes) of the following TLSCompressed.fragment. * The length MUST NOT exceed 2^14 + 1024. * * fragment: * The compressed form of TLSPlaintext.fragment. * * Note: A CompressionMethod.null operation is an identity operation; no fields * are altered. In this implementation, since no compression is supported, * uncompressed records are always the same as compressed records. * * Encryption Information: * * The encryption and MAC functions translate a TLSCompressed structure into a * TLSCiphertext. The decryption functions reverse the process. The MAC of the * record also includes a sequence number so that missing, extra, or repeated * messages are detectable. * * struct { * ContentType type; * ProtocolVersion version; * uint16 length; * select (SecurityParameters.cipher_type) { * case stream: GenericStreamCipher; * case block: GenericBlockCipher; * case aead: GenericAEADCipher; * } fragment; * } TLSCiphertext; * * type: * The type field is identical to TLSCompressed.type. * * version: * The version field is identical to TLSCompressed.version. * * length: * The length (in bytes) of the following TLSCiphertext.fragment. * The length MUST NOT exceed 2^14 + 2048. * * fragment: * The encrypted form of TLSCompressed.fragment, with the MAC. * * Note: Only CBC Block Ciphers are supported by this implementation. * * The TLSCompressed.fragment structures are converted to/from block * TLSCiphertext.fragment structures. * * struct { * opaque IV[SecurityParameters.record_iv_length]; * block-ciphered struct { * opaque content[TLSCompressed.length]; * opaque MAC[SecurityParameters.mac_length]; * uint8 padding[GenericBlockCipher.padding_length]; * uint8 padding_length; * }; * } GenericBlockCipher; * * The MAC is generated as described in Section 6.2.3.1. * * IV: * The Initialization Vector (IV) SHOULD be chosen at random, and MUST be * unpredictable. Note that in versions of TLS prior to 1.1, there was no * IV field, and the last ciphertext block of the previous record (the "CBC * residue") was used as the IV. This was changed to prevent the attacks * described in [CBCATT]. For block ciphers, the IV length is of length * SecurityParameters.record_iv_length, which is equal to the * SecurityParameters.block_size. * * padding: * Padding that is added to force the length of the plaintext to be an * integral multiple of the block cipher's block length. The padding MAY be * any length up to 255 bytes, as long as it results in the * TLSCiphertext.length being an integral multiple of the block length. * Lengths longer than necessary might be desirable to frustrate attacks on * a protocol that are based on analysis of the lengths of exchanged * messages. Each uint8 in the padding data vector MUST be filled with the * padding length value. The receiver MUST check this padding and MUST use * the bad_record_mac alert to indicate padding errors. * * padding_length: * The padding length MUST be such that the total size of the * GenericBlockCipher structure is a multiple of the cipher's block length. * Legal values range from zero to 255, inclusive. This length specifies the * length of the padding field exclusive of the padding_length field itself. * * The encrypted data length (TLSCiphertext.length) is one more than the sum of * SecurityParameters.block_length, TLSCompressed.length, * SecurityParameters.mac_length, and padding_length. * * Example: If the block length is 8 bytes, the content length * (TLSCompressed.length) is 61 bytes, and the MAC length is 20 bytes, then the * length before padding is 82 bytes (this does not include the IV. Thus, the * padding length modulo 8 must be equal to 6 in order to make the total length * an even multiple of 8 bytes (the block length). The padding length can be * 6, 14, 22, and so on, through 254. If the padding length were the minimum * necessary, 6, the padding would be 6 bytes, each containing the value 6. * Thus, the last 8 octets of the GenericBlockCipher before block encryption * would be xx 06 06 06 06 06 06 06, where xx is the last octet of the MAC. * * Note: With block ciphers in CBC mode (Cipher Block Chaining), it is critical * that the entire plaintext of the record be known before any ciphertext is * transmitted. Otherwise, it is possible for the attacker to mount the attack * described in [CBCATT]. * * Implementation note: Canvel et al. [CBCTIME] have demonstrated a timing * attack on CBC padding based on the time required to compute the MAC. In * order to defend against this attack, implementations MUST ensure that * record processing time is essentially the same whether or not the padding * is correct. In general, the best way to do this is to compute the MAC even * if the padding is incorrect, and only then reject the packet. For instance, * if the pad appears to be incorrect, the implementation might assume a * zero-length pad and then compute the MAC. This leaves a small timing * channel, since MAC performance depends, to some extent, on the size of the * data fragment, but it is not believed to be large enough to be exploitable, * due to the large block size of existing MACs and the small size of the * timing signal. */ var forge = __nccwpck_require__(9177); __nccwpck_require__(9549); __nccwpck_require__(5104); __nccwpck_require__(6594); __nccwpck_require__(154); __nccwpck_require__(6924); __nccwpck_require__(7821); __nccwpck_require__(279); __nccwpck_require__(8339); /** * Generates pseudo random bytes by mixing the result of two hash functions, * MD5 and SHA-1. * * prf_TLS1(secret, label, seed) = * P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed); * * Each P_hash function functions as follows: * * P_hash(secret, seed) = HMAC_hash(secret, A(1) + seed) + * HMAC_hash(secret, A(2) + seed) + * HMAC_hash(secret, A(3) + seed) + ... * A() is defined as: * A(0) = seed * A(i) = HMAC_hash(secret, A(i-1)) * * The '+' operator denotes concatenation. * * As many iterations A(N) as are needed are performed to generate enough * pseudo random byte output. If an iteration creates more data than is * necessary, then it is truncated. * * Therefore: * A(1) = HMAC_hash(secret, A(0)) * = HMAC_hash(secret, seed) * A(2) = HMAC_hash(secret, A(1)) * = HMAC_hash(secret, HMAC_hash(secret, seed)) * * Therefore: * P_hash(secret, seed) = * HMAC_hash(secret, HMAC_hash(secret, A(0)) + seed) + * HMAC_hash(secret, HMAC_hash(secret, A(1)) + seed) + * ... * * Therefore: * P_hash(secret, seed) = * HMAC_hash(secret, HMAC_hash(secret, seed) + seed) + * HMAC_hash(secret, HMAC_hash(secret, HMAC_hash(secret, seed)) + seed) + * ... * * @param secret the secret to use. * @param label the label to use. * @param seed the seed value to use. * @param length the number of bytes to generate. * * @return the pseudo random bytes in a byte buffer. */ var prf_TLS1 = function(secret, label, seed, length) { var rval = forge.util.createBuffer(); /* For TLS 1.0, the secret is split in half, into two secrets of equal length. If the secret has an odd length then the last byte of the first half will be the same as the first byte of the second. The length of the two secrets is half of the secret rounded up. */ var idx = (secret.length >> 1); var slen = idx + (secret.length & 1); var s1 = secret.substr(0, slen); var s2 = secret.substr(idx, slen); var ai = forge.util.createBuffer(); var hmac = forge.hmac.create(); seed = label + seed; // determine the number of iterations that must be performed to generate // enough output bytes, md5 creates 16 byte hashes, sha1 creates 20 var md5itr = Math.ceil(length / 16); var sha1itr = Math.ceil(length / 20); // do md5 iterations hmac.start('MD5', s1); var md5bytes = forge.util.createBuffer(); ai.putBytes(seed); for(var i = 0; i < md5itr; ++i) { // HMAC_hash(secret, A(i-1)) hmac.start(null, null); hmac.update(ai.getBytes()); ai.putBuffer(hmac.digest()); // HMAC_hash(secret, A(i) + seed) hmac.start(null, null); hmac.update(ai.bytes() + seed); md5bytes.putBuffer(hmac.digest()); } // do sha1 iterations hmac.start('SHA1', s2); var sha1bytes = forge.util.createBuffer(); ai.clear(); ai.putBytes(seed); for(var i = 0; i < sha1itr; ++i) { // HMAC_hash(secret, A(i-1)) hmac.start(null, null); hmac.update(ai.getBytes()); ai.putBuffer(hmac.digest()); // HMAC_hash(secret, A(i) + seed) hmac.start(null, null); hmac.update(ai.bytes() + seed); sha1bytes.putBuffer(hmac.digest()); } // XOR the md5 bytes with the sha1 bytes rval.putBytes(forge.util.xorBytes( md5bytes.getBytes(), sha1bytes.getBytes(), length)); return rval; }; /** * Generates pseudo random bytes using a SHA256 algorithm. For TLS 1.2. * * @param secret the secret to use. * @param label the label to use. * @param seed the seed value to use. * @param length the number of bytes to generate. * * @return the pseudo random bytes in a byte buffer. */ var prf_sha256 = function(secret, label, seed, length) { // FIXME: implement me for TLS 1.2 }; /** * Gets a MAC for a record using the SHA-1 hash algorithm. * * @param key the mac key. * @param state the sequence number (array of two 32-bit integers). * @param record the record. * * @return the sha-1 hash (20 bytes) for the given record. */ var hmac_sha1 = function(key, seqNum, record) { /* MAC is computed like so: HMAC_hash( key, seqNum + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length + TLSCompressed.fragment) */ var hmac = forge.hmac.create(); hmac.start('SHA1', key); var b = forge.util.createBuffer(); b.putInt32(seqNum[0]); b.putInt32(seqNum[1]); b.putByte(record.type); b.putByte(record.version.major); b.putByte(record.version.minor); b.putInt16(record.length); b.putBytes(record.fragment.bytes()); hmac.update(b.getBytes()); return hmac.digest().getBytes(); }; /** * Compresses the TLSPlaintext record into a TLSCompressed record using the * deflate algorithm. * * @param c the TLS connection. * @param record the TLSPlaintext record to compress. * @param s the ConnectionState to use. * * @return true on success, false on failure. */ var deflate = function(c, record, s) { var rval = false; try { var bytes = c.deflate(record.fragment.getBytes()); record.fragment = forge.util.createBuffer(bytes); record.length = bytes.length; rval = true; } catch(ex) { // deflate error, fail out } return rval; }; /** * Decompresses the TLSCompressed record into a TLSPlaintext record using the * deflate algorithm. * * @param c the TLS connection. * @param record the TLSCompressed record to decompress. * @param s the ConnectionState to use. * * @return true on success, false on failure. */ var inflate = function(c, record, s) { var rval = false; try { var bytes = c.inflate(record.fragment.getBytes()); record.fragment = forge.util.createBuffer(bytes); record.length = bytes.length; rval = true; } catch(ex) { // inflate error, fail out } return rval; }; /** * Reads a TLS variable-length vector from a byte buffer. * * Variable-length vectors are defined by specifying a subrange of legal * lengths, inclusively, using the notation . When these are * encoded, the actual length precedes the vector's contents in the byte * stream. The length will be in the form of a number consuming as many bytes * as required to hold the vector's specified maximum (ceiling) length. A * variable-length vector with an actual length field of zero is referred to * as an empty vector. * * @param b the byte buffer. * @param lenBytes the number of bytes required to store the length. * * @return the resulting byte buffer. */ var readVector = function(b, lenBytes) { var len = 0; switch(lenBytes) { case 1: len = b.getByte(); break; case 2: len = b.getInt16(); break; case 3: len = b.getInt24(); break; case 4: len = b.getInt32(); break; } // read vector bytes into a new buffer return forge.util.createBuffer(b.getBytes(len)); }; /** * Writes a TLS variable-length vector to a byte buffer. * * @param b the byte buffer. * @param lenBytes the number of bytes required to store the length. * @param v the byte buffer vector. */ var writeVector = function(b, lenBytes, v) { // encode length at the start of the vector, where the number of bytes for // the length is the maximum number of bytes it would take to encode the // vector's ceiling b.putInt(v.length(), lenBytes << 3); b.putBuffer(v); }; /** * The tls implementation. */ var tls = {}; /** * Version: TLS 1.2 = 3.3, TLS 1.1 = 3.2, TLS 1.0 = 3.1. Both TLS 1.1 and * TLS 1.2 were still too new (ie: openSSL didn't implement them) at the time * of this implementation so TLS 1.0 was implemented instead. */ tls.Versions = { TLS_1_0: {major: 3, minor: 1}, TLS_1_1: {major: 3, minor: 2}, TLS_1_2: {major: 3, minor: 3} }; tls.SupportedVersions = [ tls.Versions.TLS_1_1, tls.Versions.TLS_1_0 ]; tls.Version = tls.SupportedVersions[0]; /** * Maximum fragment size. True maximum is 16384, but we fragment before that * to allow for unusual small increases during compression. */ tls.MaxFragment = 16384 - 1024; /** * Whether this entity is considered the "client" or "server". * enum { server, client } ConnectionEnd; */ tls.ConnectionEnd = { server: 0, client: 1 }; /** * Pseudo-random function algorithm used to generate keys from the master * secret. * enum { tls_prf_sha256 } PRFAlgorithm; */ tls.PRFAlgorithm = { tls_prf_sha256: 0 }; /** * Bulk encryption algorithms. * enum { null, rc4, des3, aes } BulkCipherAlgorithm; */ tls.BulkCipherAlgorithm = { none: null, rc4: 0, des3: 1, aes: 2 }; /** * Cipher types. * enum { stream, block, aead } CipherType; */ tls.CipherType = { stream: 0, block: 1, aead: 2 }; /** * MAC (Message Authentication Code) algorithms. * enum { null, hmac_md5, hmac_sha1, hmac_sha256, * hmac_sha384, hmac_sha512} MACAlgorithm; */ tls.MACAlgorithm = { none: null, hmac_md5: 0, hmac_sha1: 1, hmac_sha256: 2, hmac_sha384: 3, hmac_sha512: 4 }; /** * Compression algorithms. * enum { null(0), deflate(1), (255) } CompressionMethod; */ tls.CompressionMethod = { none: 0, deflate: 1 }; /** * TLS record content types. * enum { * change_cipher_spec(20), alert(21), handshake(22), * application_data(23), (255) * } ContentType; */ tls.ContentType = { change_cipher_spec: 20, alert: 21, handshake: 22, application_data: 23, heartbeat: 24 }; /** * TLS handshake types. * enum { * hello_request(0), client_hello(1), server_hello(2), * certificate(11), server_key_exchange (12), * certificate_request(13), server_hello_done(14), * certificate_verify(15), client_key_exchange(16), * finished(20), (255) * } HandshakeType; */ tls.HandshakeType = { hello_request: 0, client_hello: 1, server_hello: 2, certificate: 11, server_key_exchange: 12, certificate_request: 13, server_hello_done: 14, certificate_verify: 15, client_key_exchange: 16, finished: 20 }; /** * TLS Alert Protocol. * * enum { warning(1), fatal(2), (255) } AlertLevel; * * enum { * close_notify(0), * unexpected_message(10), * bad_record_mac(20), * decryption_failed(21), * record_overflow(22), * decompression_failure(30), * handshake_failure(40), * bad_certificate(42), * unsupported_certificate(43), * certificate_revoked(44), * certificate_expired(45), * certificate_unknown(46), * illegal_parameter(47), * unknown_ca(48), * access_denied(49), * decode_error(50), * decrypt_error(51), * export_restriction(60), * protocol_version(70), * insufficient_security(71), * internal_error(80), * user_canceled(90), * no_renegotiation(100), * (255) * } AlertDescription; * * struct { * AlertLevel level; * AlertDescription description; * } Alert; */ tls.Alert = {}; tls.Alert.Level = { warning: 1, fatal: 2 }; tls.Alert.Description = { close_notify: 0, unexpected_message: 10, bad_record_mac: 20, decryption_failed: 21, record_overflow: 22, decompression_failure: 30, handshake_failure: 40, bad_certificate: 42, unsupported_certificate: 43, certificate_revoked: 44, certificate_expired: 45, certificate_unknown: 46, illegal_parameter: 47, unknown_ca: 48, access_denied: 49, decode_error: 50, decrypt_error: 51, export_restriction: 60, protocol_version: 70, insufficient_security: 71, internal_error: 80, user_canceled: 90, no_renegotiation: 100 }; /** * TLS Heartbeat Message types. * enum { * heartbeat_request(1), * heartbeat_response(2), * (255) * } HeartbeatMessageType; */ tls.HeartbeatMessageType = { heartbeat_request: 1, heartbeat_response: 2 }; /** * Supported cipher suites. */ tls.CipherSuites = {}; /** * Gets a supported cipher suite from its 2 byte ID. * * @param twoBytes two bytes in a string. * * @return the matching supported cipher suite or null. */ tls.getCipherSuite = function(twoBytes) { var rval = null; for(var key in tls.CipherSuites) { var cs = tls.CipherSuites[key]; if(cs.id[0] === twoBytes.charCodeAt(0) && cs.id[1] === twoBytes.charCodeAt(1)) { rval = cs; break; } } return rval; }; /** * Called when an unexpected record is encountered. * * @param c the connection. * @param record the record. */ tls.handleUnexpected = function(c, record) { // if connection is client and closed, ignore unexpected messages var ignore = (!c.open && c.entity === tls.ConnectionEnd.client); if(!ignore) { c.error(c, { message: 'Unexpected message. Received TLS record out of order.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.unexpected_message } }); } }; /** * Called when a client receives a HelloRequest record. * * @param c the connection. * @param record the record. * @param length the length of the handshake message. */ tls.handleHelloRequest = function(c, record, length) { // ignore renegotiation requests from the server during a handshake, but // if handshaking, send a warning alert that renegotation is denied if(!c.handshaking && c.handshakes > 0) { // send alert warning tls.queue(c, tls.createAlert(c, { level: tls.Alert.Level.warning, description: tls.Alert.Description.no_renegotiation })); tls.flush(c); } // continue c.process(); }; /** * Parses a hello message from a ClientHello or ServerHello record. * * @param record the record to parse. * * @return the parsed message. */ tls.parseHelloMessage = function(c, record, length) { var msg = null; var client = (c.entity === tls.ConnectionEnd.client); // minimum of 38 bytes in message if(length < 38) { c.error(c, { message: client ? 'Invalid ServerHello message. Message too short.' : 'Invalid ClientHello message. Message too short.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.illegal_parameter } }); } else { // use 'remaining' to calculate # of remaining bytes in the message var b = record.fragment; var remaining = b.length(); msg = { version: { major: b.getByte(), minor: b.getByte() }, random: forge.util.createBuffer(b.getBytes(32)), session_id: readVector(b, 1), extensions: [] }; if(client) { msg.cipher_suite = b.getBytes(2); msg.compression_method = b.getByte(); } else { msg.cipher_suites = readVector(b, 2); msg.compression_methods = readVector(b, 1); } // read extensions if there are any bytes left in the message remaining = length - (remaining - b.length()); if(remaining > 0) { // parse extensions var exts = readVector(b, 2); while(exts.length() > 0) { msg.extensions.push({ type: [exts.getByte(), exts.getByte()], data: readVector(exts, 2) }); } // TODO: make extension support modular if(!client) { for(var i = 0; i < msg.extensions.length; ++i) { var ext = msg.extensions[i]; // support SNI extension if(ext.type[0] === 0x00 && ext.type[1] === 0x00) { // get server name list var snl = readVector(ext.data, 2); while(snl.length() > 0) { // read server name type var snType = snl.getByte(); // only HostName type (0x00) is known, break out if // another type is detected if(snType !== 0x00) { break; } // add host name to server name list c.session.extensions.server_name.serverNameList.push( readVector(snl, 2).getBytes()); } } } } } // version already set, do not allow version change if(c.session.version) { if(msg.version.major !== c.session.version.major || msg.version.minor !== c.session.version.minor) { return c.error(c, { message: 'TLS version change is disallowed during renegotiation.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.protocol_version } }); } } // get the chosen (ServerHello) cipher suite if(client) { // FIXME: should be checking configured acceptable cipher suites c.session.cipherSuite = tls.getCipherSuite(msg.cipher_suite); } else { // get a supported preferred (ClientHello) cipher suite // choose the first supported cipher suite var tmp = forge.util.createBuffer(msg.cipher_suites.bytes()); while(tmp.length() > 0) { // FIXME: should be checking configured acceptable suites // cipher suites take up 2 bytes c.session.cipherSuite = tls.getCipherSuite(tmp.getBytes(2)); if(c.session.cipherSuite !== null) { break; } } } // cipher suite not supported if(c.session.cipherSuite === null) { return c.error(c, { message: 'No cipher suites in common.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.handshake_failure }, cipherSuite: forge.util.bytesToHex(msg.cipher_suite) }); } // TODO: handle compression methods if(client) { c.session.compressionMethod = msg.compression_method; } else { // no compression c.session.compressionMethod = tls.CompressionMethod.none; } } return msg; }; /** * Creates security parameters for the given connection based on the given * hello message. * * @param c the TLS connection. * @param msg the hello message. */ tls.createSecurityParameters = function(c, msg) { /* Note: security params are from TLS 1.2, some values like prf_algorithm are ignored for TLS 1.0/1.1 and the builtin as specified in the spec is used. */ // TODO: handle other options from server when more supported // get client and server randoms var client = (c.entity === tls.ConnectionEnd.client); var msgRandom = msg.random.bytes(); var cRandom = client ? c.session.sp.client_random : msgRandom; var sRandom = client ? msgRandom : tls.createRandom().getBytes(); // create new security parameters c.session.sp = { entity: c.entity, prf_algorithm: tls.PRFAlgorithm.tls_prf_sha256, bulk_cipher_algorithm: null, cipher_type: null, enc_key_length: null, block_length: null, fixed_iv_length: null, record_iv_length: null, mac_algorithm: null, mac_length: null, mac_key_length: null, compression_algorithm: c.session.compressionMethod, pre_master_secret: null, master_secret: null, client_random: cRandom, server_random: sRandom }; }; /** * Called when a client receives a ServerHello record. * * When a ServerHello message will be sent: * The server will send this message in response to a client hello message * when it was able to find an acceptable set of algorithms. If it cannot * find such a match, it will respond with a handshake failure alert. * * uint24 length; * struct { * ProtocolVersion server_version; * Random random; * SessionID session_id; * CipherSuite cipher_suite; * CompressionMethod compression_method; * select(extensions_present) { * case false: * struct {}; * case true: * Extension extensions<0..2^16-1>; * }; * } ServerHello; * * @param c the connection. * @param record the record. * @param length the length of the handshake message. */ tls.handleServerHello = function(c, record, length) { var msg = tls.parseHelloMessage(c, record, length); if(c.fail) { return; } // ensure server version is compatible if(msg.version.minor <= c.version.minor) { c.version.minor = msg.version.minor; } else { return c.error(c, { message: 'Incompatible TLS version.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.protocol_version } }); } // indicate session version has been set c.session.version = c.version; // get the session ID from the message var sessionId = msg.session_id.bytes(); // if the session ID is not blank and matches the cached one, resume // the session if(sessionId.length > 0 && sessionId === c.session.id) { // resuming session, expect a ChangeCipherSpec next c.expect = SCC; c.session.resuming = true; // get new server random c.session.sp.server_random = msg.random.bytes(); } else { // not resuming, expect a server Certificate message next c.expect = SCE; c.session.resuming = false; // create new security parameters tls.createSecurityParameters(c, msg); } // set new session ID c.session.id = sessionId; // continue c.process(); }; /** * Called when a server receives a ClientHello record. * * When a ClientHello message will be sent: * When a client first connects to a server it is required to send the * client hello as its first message. The client can also send a client * hello in response to a hello request or on its own initiative in order * to renegotiate the security parameters in an existing connection. * * @param c the connection. * @param record the record. * @param length the length of the handshake message. */ tls.handleClientHello = function(c, record, length) { var msg = tls.parseHelloMessage(c, record, length); if(c.fail) { return; } // get the session ID from the message var sessionId = msg.session_id.bytes(); // see if the given session ID is in the cache var session = null; if(c.sessionCache) { session = c.sessionCache.getSession(sessionId); if(session === null) { // session ID not found sessionId = ''; } else if(session.version.major !== msg.version.major || session.version.minor > msg.version.minor) { // if session version is incompatible with client version, do not resume session = null; sessionId = ''; } } // no session found to resume, generate a new session ID if(sessionId.length === 0) { sessionId = forge.random.getBytes(32); } // update session c.session.id = sessionId; c.session.clientHelloVersion = msg.version; c.session.sp = {}; if(session) { // use version and security parameters from resumed session c.version = c.session.version = session.version; c.session.sp = session.sp; } else { // use highest compatible minor version var version; for(var i = 1; i < tls.SupportedVersions.length; ++i) { version = tls.SupportedVersions[i]; if(version.minor <= msg.version.minor) { break; } } c.version = {major: version.major, minor: version.minor}; c.session.version = c.version; } // if a session is set, resume it if(session !== null) { // resuming session, expect a ChangeCipherSpec next c.expect = CCC; c.session.resuming = true; // get new client random c.session.sp.client_random = msg.random.bytes(); } else { // not resuming, expect a Certificate or ClientKeyExchange c.expect = (c.verifyClient !== false) ? CCE : CKE; c.session.resuming = false; // create new security parameters tls.createSecurityParameters(c, msg); } // connection now open c.open = true; // queue server hello tls.queue(c, tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createServerHello(c) })); if(c.session.resuming) { // queue change cipher spec message tls.queue(c, tls.createRecord(c, { type: tls.ContentType.change_cipher_spec, data: tls.createChangeCipherSpec() })); // create pending state c.state.pending = tls.createConnectionState(c); // change current write state to pending write state c.state.current.write = c.state.pending.write; // queue finished tls.queue(c, tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createFinished(c) })); } else { // queue server certificate tls.queue(c, tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createCertificate(c) })); if(!c.fail) { // queue server key exchange tls.queue(c, tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createServerKeyExchange(c) })); // request client certificate if set if(c.verifyClient !== false) { // queue certificate request tls.queue(c, tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createCertificateRequest(c) })); } // queue server hello done tls.queue(c, tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createServerHelloDone(c) })); } } // send records tls.flush(c); // continue c.process(); }; /** * Called when a client receives a Certificate record. * * When this message will be sent: * The server must send a certificate whenever the agreed-upon key exchange * method is not an anonymous one. This message will always immediately * follow the server hello message. * * Meaning of this message: * The certificate type must be appropriate for the selected cipher suite's * key exchange algorithm, and is generally an X.509v3 certificate. It must * contain a key which matches the key exchange method, as follows. Unless * otherwise specified, the signing algorithm for the certificate must be * the same as the algorithm for the certificate key. Unless otherwise * specified, the public key may be of any length. * * opaque ASN.1Cert<1..2^24-1>; * struct { * ASN.1Cert certificate_list<1..2^24-1>; * } Certificate; * * @param c the connection. * @param record the record. * @param length the length of the handshake message. */ tls.handleCertificate = function(c, record, length) { // minimum of 3 bytes in message if(length < 3) { return c.error(c, { message: 'Invalid Certificate message. Message too short.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.illegal_parameter } }); } var b = record.fragment; var msg = { certificate_list: readVector(b, 3) }; /* The sender's certificate will be first in the list (chain), each subsequent one that follows will certify the previous one, but root certificates (self-signed) that specify the certificate authority may be omitted under the assumption that clients must already possess it. */ var cert, asn1; var certs = []; try { while(msg.certificate_list.length() > 0) { // each entry in msg.certificate_list is a vector with 3 len bytes cert = readVector(msg.certificate_list, 3); asn1 = forge.asn1.fromDer(cert); cert = forge.pki.certificateFromAsn1(asn1, true); certs.push(cert); } } catch(ex) { return c.error(c, { message: 'Could not parse certificate list.', cause: ex, send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.bad_certificate } }); } // ensure at least 1 certificate was provided if in client-mode // or if verifyClient was set to true to require a certificate // (as opposed to 'optional') var client = (c.entity === tls.ConnectionEnd.client); if((client || c.verifyClient === true) && certs.length === 0) { // error, no certificate c.error(c, { message: client ? 'No server certificate provided.' : 'No client certificate provided.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.illegal_parameter } }); } else if(certs.length === 0) { // no certs to verify // expect a ServerKeyExchange or ClientKeyExchange message next c.expect = client ? SKE : CKE; } else { // save certificate in session if(client) { c.session.serverCertificate = certs[0]; } else { c.session.clientCertificate = certs[0]; } if(tls.verifyCertificateChain(c, certs)) { // expect a ServerKeyExchange or ClientKeyExchange message next c.expect = client ? SKE : CKE; } } // continue c.process(); }; /** * Called when a client receives a ServerKeyExchange record. * * When this message will be sent: * This message will be sent immediately after the server certificate * message (or the server hello message, if this is an anonymous * negotiation). * * The server key exchange message is sent by the server only when the * server certificate message (if sent) does not contain enough data to * allow the client to exchange a premaster secret. * * Meaning of this message: * This message conveys cryptographic information to allow the client to * communicate the premaster secret: either an RSA public key to encrypt * the premaster secret with, or a Diffie-Hellman public key with which the * client can complete a key exchange (with the result being the premaster * secret.) * * enum { * dhe_dss, dhe_rsa, dh_anon, rsa, dh_dss, dh_rsa * } KeyExchangeAlgorithm; * * struct { * opaque dh_p<1..2^16-1>; * opaque dh_g<1..2^16-1>; * opaque dh_Ys<1..2^16-1>; * } ServerDHParams; * * struct { * select(KeyExchangeAlgorithm) { * case dh_anon: * ServerDHParams params; * case dhe_dss: * case dhe_rsa: * ServerDHParams params; * digitally-signed struct { * opaque client_random[32]; * opaque server_random[32]; * ServerDHParams params; * } signed_params; * case rsa: * case dh_dss: * case dh_rsa: * struct {}; * }; * } ServerKeyExchange; * * @param c the connection. * @param record the record. * @param length the length of the handshake message. */ tls.handleServerKeyExchange = function(c, record, length) { // this implementation only supports RSA, no Diffie-Hellman support // so any length > 0 is invalid if(length > 0) { return c.error(c, { message: 'Invalid key parameters. Only RSA is supported.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.unsupported_certificate } }); } // expect an optional CertificateRequest message next c.expect = SCR; // continue c.process(); }; /** * Called when a client receives a ClientKeyExchange record. * * @param c the connection. * @param record the record. * @param length the length of the handshake message. */ tls.handleClientKeyExchange = function(c, record, length) { // this implementation only supports RSA, no Diffie-Hellman support // so any length < 48 is invalid if(length < 48) { return c.error(c, { message: 'Invalid key parameters. Only RSA is supported.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.unsupported_certificate } }); } var b = record.fragment; var msg = { enc_pre_master_secret: readVector(b, 2).getBytes() }; // do rsa decryption var privateKey = null; if(c.getPrivateKey) { try { privateKey = c.getPrivateKey(c, c.session.serverCertificate); privateKey = forge.pki.privateKeyFromPem(privateKey); } catch(ex) { c.error(c, { message: 'Could not get private key.', cause: ex, send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.internal_error } }); } } if(privateKey === null) { return c.error(c, { message: 'No private key set.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.internal_error } }); } try { // decrypt 48-byte pre-master secret var sp = c.session.sp; sp.pre_master_secret = privateKey.decrypt(msg.enc_pre_master_secret); // ensure client hello version matches first 2 bytes var version = c.session.clientHelloVersion; if(version.major !== sp.pre_master_secret.charCodeAt(0) || version.minor !== sp.pre_master_secret.charCodeAt(1)) { // error, do not send alert (see BLEI attack below) throw new Error('TLS version rollback attack detected.'); } } catch(ex) { /* Note: Daniel Bleichenbacher [BLEI] can be used to attack a TLS server which is using PKCS#1 encoded RSA, so instead of failing here, we generate 48 random bytes and use that as the pre-master secret. */ sp.pre_master_secret = forge.random.getBytes(48); } // expect a CertificateVerify message if a Certificate was received that // does not have fixed Diffie-Hellman params, otherwise expect // ChangeCipherSpec c.expect = CCC; if(c.session.clientCertificate !== null) { // only RSA support, so expect CertificateVerify // TODO: support Diffie-Hellman c.expect = CCV; } // continue c.process(); }; /** * Called when a client receives a CertificateRequest record. * * When this message will be sent: * A non-anonymous server can optionally request a certificate from the * client, if appropriate for the selected cipher suite. This message, if * sent, will immediately follow the Server Key Exchange message (if it is * sent; otherwise, the Server Certificate message). * * enum { * rsa_sign(1), dss_sign(2), rsa_fixed_dh(3), dss_fixed_dh(4), * rsa_ephemeral_dh_RESERVED(5), dss_ephemeral_dh_RESERVED(6), * fortezza_dms_RESERVED(20), (255) * } ClientCertificateType; * * opaque DistinguishedName<1..2^16-1>; * * struct { * ClientCertificateType certificate_types<1..2^8-1>; * SignatureAndHashAlgorithm supported_signature_algorithms<2^16-1>; * DistinguishedName certificate_authorities<0..2^16-1>; * } CertificateRequest; * * @param c the connection. * @param record the record. * @param length the length of the handshake message. */ tls.handleCertificateRequest = function(c, record, length) { // minimum of 3 bytes in message if(length < 3) { return c.error(c, { message: 'Invalid CertificateRequest. Message too short.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.illegal_parameter } }); } // TODO: TLS 1.2+ has different format including // SignatureAndHashAlgorithm after cert types var b = record.fragment; var msg = { certificate_types: readVector(b, 1), certificate_authorities: readVector(b, 2) }; // save certificate request in session c.session.certificateRequest = msg; // expect a ServerHelloDone message next c.expect = SHD; // continue c.process(); }; /** * Called when a server receives a CertificateVerify record. * * @param c the connection. * @param record the record. * @param length the length of the handshake message. */ tls.handleCertificateVerify = function(c, record, length) { if(length < 2) { return c.error(c, { message: 'Invalid CertificateVerify. Message too short.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.illegal_parameter } }); } // rewind to get full bytes for message so it can be manually // digested below (special case for CertificateVerify messages because // they must be digested *after* handling as opposed to all others) var b = record.fragment; b.read -= 4; var msgBytes = b.bytes(); b.read += 4; var msg = { signature: readVector(b, 2).getBytes() }; // TODO: add support for DSA // generate data to verify var verify = forge.util.createBuffer(); verify.putBuffer(c.session.md5.digest()); verify.putBuffer(c.session.sha1.digest()); verify = verify.getBytes(); try { var cert = c.session.clientCertificate; /*b = forge.pki.rsa.decrypt( msg.signature, cert.publicKey, true, verify.length); if(b !== verify) {*/ if(!cert.publicKey.verify(verify, msg.signature, 'NONE')) { throw new Error('CertificateVerify signature does not match.'); } // digest message now that it has been handled c.session.md5.update(msgBytes); c.session.sha1.update(msgBytes); } catch(ex) { return c.error(c, { message: 'Bad signature in CertificateVerify.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.handshake_failure } }); } // expect ChangeCipherSpec c.expect = CCC; // continue c.process(); }; /** * Called when a client receives a ServerHelloDone record. * * When this message will be sent: * The server hello done message is sent by the server to indicate the end * of the server hello and associated messages. After sending this message * the server will wait for a client response. * * Meaning of this message: * This message means that the server is done sending messages to support * the key exchange, and the client can proceed with its phase of the key * exchange. * * Upon receipt of the server hello done message the client should verify * that the server provided a valid certificate if required and check that * the server hello parameters are acceptable. * * struct {} ServerHelloDone; * * @param c the connection. * @param record the record. * @param length the length of the handshake message. */ tls.handleServerHelloDone = function(c, record, length) { // len must be 0 bytes if(length > 0) { return c.error(c, { message: 'Invalid ServerHelloDone message. Invalid length.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.record_overflow } }); } if(c.serverCertificate === null) { // no server certificate was provided var error = { message: 'No server certificate provided. Not enough security.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.insufficient_security } }; // call application callback var depth = 0; var ret = c.verify(c, error.alert.description, depth, []); if(ret !== true) { // check for custom alert info if(ret || ret === 0) { // set custom message and alert description if(typeof ret === 'object' && !forge.util.isArray(ret)) { if(ret.message) { error.message = ret.message; } if(ret.alert) { error.alert.description = ret.alert; } } else if(typeof ret === 'number') { // set custom alert description error.alert.description = ret; } } // send error return c.error(c, error); } } // create client certificate message if requested if(c.session.certificateRequest !== null) { record = tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createCertificate(c) }); tls.queue(c, record); } // create client key exchange message record = tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createClientKeyExchange(c) }); tls.queue(c, record); // expect no messages until the following callback has been called c.expect = SER; // create callback to handle client signature (for client-certs) var callback = function(c, signature) { if(c.session.certificateRequest !== null && c.session.clientCertificate !== null) { // create certificate verify message tls.queue(c, tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createCertificateVerify(c, signature) })); } // create change cipher spec message tls.queue(c, tls.createRecord(c, { type: tls.ContentType.change_cipher_spec, data: tls.createChangeCipherSpec() })); // create pending state c.state.pending = tls.createConnectionState(c); // change current write state to pending write state c.state.current.write = c.state.pending.write; // create finished message tls.queue(c, tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createFinished(c) })); // expect a server ChangeCipherSpec message next c.expect = SCC; // send records tls.flush(c); // continue c.process(); }; // if there is no certificate request or no client certificate, do // callback immediately if(c.session.certificateRequest === null || c.session.clientCertificate === null) { return callback(c, null); } // otherwise get the client signature tls.getClientSignature(c, callback); }; /** * Called when a ChangeCipherSpec record is received. * * @param c the connection. * @param record the record. */ tls.handleChangeCipherSpec = function(c, record) { if(record.fragment.getByte() !== 0x01) { return c.error(c, { message: 'Invalid ChangeCipherSpec message received.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.illegal_parameter } }); } // create pending state if: // 1. Resuming session in client mode OR // 2. NOT resuming session in server mode var client = (c.entity === tls.ConnectionEnd.client); if((c.session.resuming && client) || (!c.session.resuming && !client)) { c.state.pending = tls.createConnectionState(c); } // change current read state to pending read state c.state.current.read = c.state.pending.read; // clear pending state if: // 1. NOT resuming session in client mode OR // 2. resuming a session in server mode if((!c.session.resuming && client) || (c.session.resuming && !client)) { c.state.pending = null; } // expect a Finished record next c.expect = client ? SFI : CFI; // continue c.process(); }; /** * Called when a Finished record is received. * * When this message will be sent: * A finished message is always sent immediately after a change * cipher spec message to verify that the key exchange and * authentication processes were successful. It is essential that a * change cipher spec message be received between the other * handshake messages and the Finished message. * * Meaning of this message: * The finished message is the first protected with the just- * negotiated algorithms, keys, and secrets. Recipients of finished * messages must verify that the contents are correct. Once a side * has sent its Finished message and received and validated the * Finished message from its peer, it may begin to send and receive * application data over the connection. * * struct { * opaque verify_data[verify_data_length]; * } Finished; * * verify_data * PRF(master_secret, finished_label, Hash(handshake_messages)) * [0..verify_data_length-1]; * * finished_label * For Finished messages sent by the client, the string * "client finished". For Finished messages sent by the server, the * string "server finished". * * verify_data_length depends on the cipher suite. If it is not specified * by the cipher suite, then it is 12. Versions of TLS < 1.2 always used * 12 bytes. * * @param c the connection. * @param record the record. * @param length the length of the handshake message. */ tls.handleFinished = function(c, record, length) { // rewind to get full bytes for message so it can be manually // digested below (special case for Finished messages because they // must be digested *after* handling as opposed to all others) var b = record.fragment; b.read -= 4; var msgBytes = b.bytes(); b.read += 4; // message contains only verify_data var vd = record.fragment.getBytes(); // ensure verify data is correct b = forge.util.createBuffer(); b.putBuffer(c.session.md5.digest()); b.putBuffer(c.session.sha1.digest()); // set label based on entity type var client = (c.entity === tls.ConnectionEnd.client); var label = client ? 'server finished' : 'client finished'; // TODO: determine prf function and verify length for TLS 1.2 var sp = c.session.sp; var vdl = 12; var prf = prf_TLS1; b = prf(sp.master_secret, label, b.getBytes(), vdl); if(b.getBytes() !== vd) { return c.error(c, { message: 'Invalid verify_data in Finished message.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.decrypt_error } }); } // digest finished message now that it has been handled c.session.md5.update(msgBytes); c.session.sha1.update(msgBytes); // resuming session as client or NOT resuming session as server if((c.session.resuming && client) || (!c.session.resuming && !client)) { // create change cipher spec message tls.queue(c, tls.createRecord(c, { type: tls.ContentType.change_cipher_spec, data: tls.createChangeCipherSpec() })); // change current write state to pending write state, clear pending c.state.current.write = c.state.pending.write; c.state.pending = null; // create finished message tls.queue(c, tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createFinished(c) })); } // expect application data next c.expect = client ? SAD : CAD; // handshake complete c.handshaking = false; ++c.handshakes; // save access to peer certificate c.peerCertificate = client ? c.session.serverCertificate : c.session.clientCertificate; // send records tls.flush(c); // now connected c.isConnected = true; c.connected(c); // continue c.process(); }; /** * Called when an Alert record is received. * * @param c the connection. * @param record the record. */ tls.handleAlert = function(c, record) { // read alert var b = record.fragment; var alert = { level: b.getByte(), description: b.getByte() }; // TODO: consider using a table? // get appropriate message var msg; switch(alert.description) { case tls.Alert.Description.close_notify: msg = 'Connection closed.'; break; case tls.Alert.Description.unexpected_message: msg = 'Unexpected message.'; break; case tls.Alert.Description.bad_record_mac: msg = 'Bad record MAC.'; break; case tls.Alert.Description.decryption_failed: msg = 'Decryption failed.'; break; case tls.Alert.Description.record_overflow: msg = 'Record overflow.'; break; case tls.Alert.Description.decompression_failure: msg = 'Decompression failed.'; break; case tls.Alert.Description.handshake_failure: msg = 'Handshake failure.'; break; case tls.Alert.Description.bad_certificate: msg = 'Bad certificate.'; break; case tls.Alert.Description.unsupported_certificate: msg = 'Unsupported certificate.'; break; case tls.Alert.Description.certificate_revoked: msg = 'Certificate revoked.'; break; case tls.Alert.Description.certificate_expired: msg = 'Certificate expired.'; break; case tls.Alert.Description.certificate_unknown: msg = 'Certificate unknown.'; break; case tls.Alert.Description.illegal_parameter: msg = 'Illegal parameter.'; break; case tls.Alert.Description.unknown_ca: msg = 'Unknown certificate authority.'; break; case tls.Alert.Description.access_denied: msg = 'Access denied.'; break; case tls.Alert.Description.decode_error: msg = 'Decode error.'; break; case tls.Alert.Description.decrypt_error: msg = 'Decrypt error.'; break; case tls.Alert.Description.export_restriction: msg = 'Export restriction.'; break; case tls.Alert.Description.protocol_version: msg = 'Unsupported protocol version.'; break; case tls.Alert.Description.insufficient_security: msg = 'Insufficient security.'; break; case tls.Alert.Description.internal_error: msg = 'Internal error.'; break; case tls.Alert.Description.user_canceled: msg = 'User canceled.'; break; case tls.Alert.Description.no_renegotiation: msg = 'Renegotiation not supported.'; break; default: msg = 'Unknown error.'; break; } // close connection on close_notify, not an error if(alert.description === tls.Alert.Description.close_notify) { return c.close(); } // call error handler c.error(c, { message: msg, send: false, // origin is the opposite end origin: (c.entity === tls.ConnectionEnd.client) ? 'server' : 'client', alert: alert }); // continue c.process(); }; /** * Called when a Handshake record is received. * * @param c the connection. * @param record the record. */ tls.handleHandshake = function(c, record) { // get the handshake type and message length var b = record.fragment; var type = b.getByte(); var length = b.getInt24(); // see if the record fragment doesn't yet contain the full message if(length > b.length()) { // cache the record, clear its fragment, and reset the buffer read // pointer before the type and length were read c.fragmented = record; record.fragment = forge.util.createBuffer(); b.read -= 4; // continue return c.process(); } // full message now available, clear cache, reset read pointer to // before type and length c.fragmented = null; b.read -= 4; // save the handshake bytes for digestion after handler is found // (include type and length of handshake msg) var bytes = b.bytes(length + 4); // restore read pointer b.read += 4; // handle expected message if(type in hsTable[c.entity][c.expect]) { // initialize server session if(c.entity === tls.ConnectionEnd.server && !c.open && !c.fail) { c.handshaking = true; c.session = { version: null, extensions: { server_name: { serverNameList: [] } }, cipherSuite: null, compressionMethod: null, serverCertificate: null, clientCertificate: null, md5: forge.md.md5.create(), sha1: forge.md.sha1.create() }; } /* Update handshake messages digest. Finished and CertificateVerify messages are not digested here. They can't be digested as part of the verify_data that they contain. These messages are manually digested in their handlers. HelloRequest messages are simply never included in the handshake message digest according to spec. */ if(type !== tls.HandshakeType.hello_request && type !== tls.HandshakeType.certificate_verify && type !== tls.HandshakeType.finished) { c.session.md5.update(bytes); c.session.sha1.update(bytes); } // handle specific handshake type record hsTable[c.entity][c.expect][type](c, record, length); } else { // unexpected record tls.handleUnexpected(c, record); } }; /** * Called when an ApplicationData record is received. * * @param c the connection. * @param record the record. */ tls.handleApplicationData = function(c, record) { // buffer data, notify that its ready c.data.putBuffer(record.fragment); c.dataReady(c); // continue c.process(); }; /** * Called when a Heartbeat record is received. * * @param c the connection. * @param record the record. */ tls.handleHeartbeat = function(c, record) { // get the heartbeat type and payload var b = record.fragment; var type = b.getByte(); var length = b.getInt16(); var payload = b.getBytes(length); if(type === tls.HeartbeatMessageType.heartbeat_request) { // discard request during handshake or if length is too large if(c.handshaking || length > payload.length) { // continue return c.process(); } // retransmit payload tls.queue(c, tls.createRecord(c, { type: tls.ContentType.heartbeat, data: tls.createHeartbeat( tls.HeartbeatMessageType.heartbeat_response, payload) })); tls.flush(c); } else if(type === tls.HeartbeatMessageType.heartbeat_response) { // check payload against expected payload, discard heartbeat if no match if(payload !== c.expectedHeartbeatPayload) { // continue return c.process(); } // notify that a valid heartbeat was received if(c.heartbeatReceived) { c.heartbeatReceived(c, forge.util.createBuffer(payload)); } } // continue c.process(); }; /** * The transistional state tables for receiving TLS records. It maps the * current TLS engine state and a received record to a function to handle the * record and update the state. * * For instance, if the current state is SHE, then the TLS engine is expecting * a ServerHello record. Once a record is received, the handler function is * looked up using the state SHE and the record's content type. * * The resulting function will either be an error handler or a record handler. * The function will take whatever action is appropriate and update the state * for the next record. * * The states are all based on possible server record types. Note that the * client will never specifically expect to receive a HelloRequest or an alert * from the server so there is no state that reflects this. These messages may * occur at any time. * * There are two tables for mapping states because there is a second tier of * types for handshake messages. Once a record with a content type of handshake * is received, the handshake record handler will look up the handshake type in * the secondary map to get its appropriate handler. * * Valid message orders are as follows: * * =======================FULL HANDSHAKE====================== * Client Server * * ClientHello --------> * ServerHello * Certificate* * ServerKeyExchange* * CertificateRequest* * <-------- ServerHelloDone * Certificate* * ClientKeyExchange * CertificateVerify* * [ChangeCipherSpec] * Finished --------> * [ChangeCipherSpec] * <-------- Finished * Application Data <-------> Application Data * * =====================SESSION RESUMPTION===================== * Client Server * * ClientHello --------> * ServerHello * [ChangeCipherSpec] * <-------- Finished * [ChangeCipherSpec] * Finished --------> * Application Data <-------> Application Data */ // client expect states (indicate which records are expected to be received) var SHE = 0; // rcv server hello var SCE = 1; // rcv server certificate var SKE = 2; // rcv server key exchange var SCR = 3; // rcv certificate request var SHD = 4; // rcv server hello done var SCC = 5; // rcv change cipher spec var SFI = 6; // rcv finished var SAD = 7; // rcv application data var SER = 8; // not expecting any messages at this point // server expect states var CHE = 0; // rcv client hello var CCE = 1; // rcv client certificate var CKE = 2; // rcv client key exchange var CCV = 3; // rcv certificate verify var CCC = 4; // rcv change cipher spec var CFI = 5; // rcv finished var CAD = 6; // rcv application data var CER = 7; // not expecting any messages at this point // map client current expect state and content type to function var __ = tls.handleUnexpected; var R0 = tls.handleChangeCipherSpec; var R1 = tls.handleAlert; var R2 = tls.handleHandshake; var R3 = tls.handleApplicationData; var R4 = tls.handleHeartbeat; var ctTable = []; ctTable[tls.ConnectionEnd.client] = [ // CC,AL,HS,AD,HB /*SHE*/[__,R1,R2,__,R4], /*SCE*/[__,R1,R2,__,R4], /*SKE*/[__,R1,R2,__,R4], /*SCR*/[__,R1,R2,__,R4], /*SHD*/[__,R1,R2,__,R4], /*SCC*/[R0,R1,__,__,R4], /*SFI*/[__,R1,R2,__,R4], /*SAD*/[__,R1,R2,R3,R4], /*SER*/[__,R1,R2,__,R4] ]; // map server current expect state and content type to function ctTable[tls.ConnectionEnd.server] = [ // CC,AL,HS,AD /*CHE*/[__,R1,R2,__,R4], /*CCE*/[__,R1,R2,__,R4], /*CKE*/[__,R1,R2,__,R4], /*CCV*/[__,R1,R2,__,R4], /*CCC*/[R0,R1,__,__,R4], /*CFI*/[__,R1,R2,__,R4], /*CAD*/[__,R1,R2,R3,R4], /*CER*/[__,R1,R2,__,R4] ]; // map client current expect state and handshake type to function var H0 = tls.handleHelloRequest; var H1 = tls.handleServerHello; var H2 = tls.handleCertificate; var H3 = tls.handleServerKeyExchange; var H4 = tls.handleCertificateRequest; var H5 = tls.handleServerHelloDone; var H6 = tls.handleFinished; var hsTable = []; hsTable[tls.ConnectionEnd.client] = [ // HR,01,SH,03,04,05,06,07,08,09,10,SC,SK,CR,HD,15,CK,17,18,19,FI /*SHE*/[__,__,H1,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__], /*SCE*/[H0,__,__,__,__,__,__,__,__,__,__,H2,H3,H4,H5,__,__,__,__,__,__], /*SKE*/[H0,__,__,__,__,__,__,__,__,__,__,__,H3,H4,H5,__,__,__,__,__,__], /*SCR*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,H4,H5,__,__,__,__,__,__], /*SHD*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,H5,__,__,__,__,__,__], /*SCC*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__], /*SFI*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H6], /*SAD*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__], /*SER*/[H0,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__] ]; // map server current expect state and handshake type to function // Note: CAD[CH] does not map to FB because renegotation is prohibited var H7 = tls.handleClientHello; var H8 = tls.handleClientKeyExchange; var H9 = tls.handleCertificateVerify; hsTable[tls.ConnectionEnd.server] = [ // 01,CH,02,03,04,05,06,07,08,09,10,CC,12,13,14,CV,CK,17,18,19,FI /*CHE*/[__,H7,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__], /*CCE*/[__,__,__,__,__,__,__,__,__,__,__,H2,__,__,__,__,__,__,__,__,__], /*CKE*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H8,__,__,__,__], /*CCV*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H9,__,__,__,__,__], /*CCC*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__], /*CFI*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,H6], /*CAD*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__], /*CER*/[__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__,__] ]; /** * Generates the master_secret and keys using the given security parameters. * * The security parameters for a TLS connection state are defined as such: * * struct { * ConnectionEnd entity; * PRFAlgorithm prf_algorithm; * BulkCipherAlgorithm bulk_cipher_algorithm; * CipherType cipher_type; * uint8 enc_key_length; * uint8 block_length; * uint8 fixed_iv_length; * uint8 record_iv_length; * MACAlgorithm mac_algorithm; * uint8 mac_length; * uint8 mac_key_length; * CompressionMethod compression_algorithm; * opaque master_secret[48]; * opaque client_random[32]; * opaque server_random[32]; * } SecurityParameters; * * Note that this definition is from TLS 1.2. In TLS 1.0 some of these * parameters are ignored because, for instance, the PRFAlgorithm is a * builtin-fixed algorithm combining iterations of MD5 and SHA-1 in TLS 1.0. * * The Record Protocol requires an algorithm to generate keys required by the * current connection state. * * The master secret is expanded into a sequence of secure bytes, which is then * split to a client write MAC key, a server write MAC key, a client write * encryption key, and a server write encryption key. In TLS 1.0 a client write * IV and server write IV are also generated. Each of these is generated from * the byte sequence in that order. Unused values are empty. In TLS 1.2, some * AEAD ciphers may additionally require a client write IV and a server write * IV (see Section 6.2.3.3). * * When keys, MAC keys, and IVs are generated, the master secret is used as an * entropy source. * * To generate the key material, compute: * * master_secret = PRF(pre_master_secret, "master secret", * ClientHello.random + ServerHello.random) * * key_block = PRF(SecurityParameters.master_secret, * "key expansion", * SecurityParameters.server_random + * SecurityParameters.client_random); * * until enough output has been generated. Then, the key_block is * partitioned as follows: * * client_write_MAC_key[SecurityParameters.mac_key_length] * server_write_MAC_key[SecurityParameters.mac_key_length] * client_write_key[SecurityParameters.enc_key_length] * server_write_key[SecurityParameters.enc_key_length] * client_write_IV[SecurityParameters.fixed_iv_length] * server_write_IV[SecurityParameters.fixed_iv_length] * * In TLS 1.2, the client_write_IV and server_write_IV are only generated for * implicit nonce techniques as described in Section 3.2.1 of [AEAD]. This * implementation uses TLS 1.0 so IVs are generated. * * Implementation note: The currently defined cipher suite which requires the * most material is AES_256_CBC_SHA256. It requires 2 x 32 byte keys and 2 x 32 * byte MAC keys, for a total 128 bytes of key material. In TLS 1.0 it also * requires 2 x 16 byte IVs, so it actually takes 160 bytes of key material. * * @param c the connection. * @param sp the security parameters to use. * * @return the security keys. */ tls.generateKeys = function(c, sp) { // TLS_RSA_WITH_AES_128_CBC_SHA (required to be compliant with TLS 1.2) & // TLS_RSA_WITH_AES_256_CBC_SHA are the only cipher suites implemented // at present // TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is required to be compliant with // TLS 1.0 but we don't care right now because AES is better and we have // an implementation for it // TODO: TLS 1.2 implementation /* // determine the PRF var prf; switch(sp.prf_algorithm) { case tls.PRFAlgorithm.tls_prf_sha256: prf = prf_sha256; break; default: // should never happen throw new Error('Invalid PRF'); } */ // TLS 1.0/1.1 implementation var prf = prf_TLS1; // concatenate server and client random var random = sp.client_random + sp.server_random; // only create master secret if session is new if(!c.session.resuming) { // create master secret, clean up pre-master secret sp.master_secret = prf( sp.pre_master_secret, 'master secret', random, 48).bytes(); sp.pre_master_secret = null; } // generate the amount of key material needed random = sp.server_random + sp.client_random; var length = 2 * sp.mac_key_length + 2 * sp.enc_key_length; // include IV for TLS/1.0 var tls10 = (c.version.major === tls.Versions.TLS_1_0.major && c.version.minor === tls.Versions.TLS_1_0.minor); if(tls10) { length += 2 * sp.fixed_iv_length; } var km = prf(sp.master_secret, 'key expansion', random, length); // split the key material into the MAC and encryption keys var rval = { client_write_MAC_key: km.getBytes(sp.mac_key_length), server_write_MAC_key: km.getBytes(sp.mac_key_length), client_write_key: km.getBytes(sp.enc_key_length), server_write_key: km.getBytes(sp.enc_key_length) }; // include TLS 1.0 IVs if(tls10) { rval.client_write_IV = km.getBytes(sp.fixed_iv_length); rval.server_write_IV = km.getBytes(sp.fixed_iv_length); } return rval; }; /** * Creates a new initialized TLS connection state. A connection state has * a read mode and a write mode. * * compression state: * The current state of the compression algorithm. * * cipher state: * The current state of the encryption algorithm. This will consist of the * scheduled key for that connection. For stream ciphers, this will also * contain whatever state information is necessary to allow the stream to * continue to encrypt or decrypt data. * * MAC key: * The MAC key for the connection. * * sequence number: * Each connection state contains a sequence number, which is maintained * separately for read and write states. The sequence number MUST be set to * zero whenever a connection state is made the active state. Sequence * numbers are of type uint64 and may not exceed 2^64-1. Sequence numbers do * not wrap. If a TLS implementation would need to wrap a sequence number, * it must renegotiate instead. A sequence number is incremented after each * record: specifically, the first record transmitted under a particular * connection state MUST use sequence number 0. * * @param c the connection. * * @return the new initialized TLS connection state. */ tls.createConnectionState = function(c) { var client = (c.entity === tls.ConnectionEnd.client); var createMode = function() { var mode = { // two 32-bit numbers, first is most significant sequenceNumber: [0, 0], macKey: null, macLength: 0, macFunction: null, cipherState: null, cipherFunction: function(record) {return true;}, compressionState: null, compressFunction: function(record) {return true;}, updateSequenceNumber: function() { if(mode.sequenceNumber[1] === 0xFFFFFFFF) { mode.sequenceNumber[1] = 0; ++mode.sequenceNumber[0]; } else { ++mode.sequenceNumber[1]; } } }; return mode; }; var state = { read: createMode(), write: createMode() }; // update function in read mode will decrypt then decompress a record state.read.update = function(c, record) { if(!state.read.cipherFunction(record, state.read)) { c.error(c, { message: 'Could not decrypt record or bad MAC.', send: true, alert: { level: tls.Alert.Level.fatal, // doesn't matter if decryption failed or MAC was // invalid, return the same error so as not to reveal // which one occurred description: tls.Alert.Description.bad_record_mac } }); } else if(!state.read.compressFunction(c, record, state.read)) { c.error(c, { message: 'Could not decompress record.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.decompression_failure } }); } return !c.fail; }; // update function in write mode will compress then encrypt a record state.write.update = function(c, record) { if(!state.write.compressFunction(c, record, state.write)) { // error, but do not send alert since it would require // compression as well c.error(c, { message: 'Could not compress record.', send: false, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.internal_error } }); } else if(!state.write.cipherFunction(record, state.write)) { // error, but do not send alert since it would require // encryption as well c.error(c, { message: 'Could not encrypt record.', send: false, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.internal_error } }); } return !c.fail; }; // handle security parameters if(c.session) { var sp = c.session.sp; c.session.cipherSuite.initSecurityParameters(sp); // generate keys sp.keys = tls.generateKeys(c, sp); state.read.macKey = client ? sp.keys.server_write_MAC_key : sp.keys.client_write_MAC_key; state.write.macKey = client ? sp.keys.client_write_MAC_key : sp.keys.server_write_MAC_key; // cipher suite setup c.session.cipherSuite.initConnectionState(state, c, sp); // compression setup switch(sp.compression_algorithm) { case tls.CompressionMethod.none: break; case tls.CompressionMethod.deflate: state.read.compressFunction = inflate; state.write.compressFunction = deflate; break; default: throw new Error('Unsupported compression algorithm.'); } } return state; }; /** * Creates a Random structure. * * struct { * uint32 gmt_unix_time; * opaque random_bytes[28]; * } Random; * * gmt_unix_time: * The current time and date in standard UNIX 32-bit format (seconds since * the midnight starting Jan 1, 1970, UTC, ignoring leap seconds) according * to the sender's internal clock. Clocks are not required to be set * correctly by the basic TLS protocol; higher-level or application * protocols may define additional requirements. Note that, for historical * reasons, the data element is named using GMT, the predecessor of the * current worldwide time base, UTC. * random_bytes: * 28 bytes generated by a secure random number generator. * * @return the Random structure as a byte array. */ tls.createRandom = function() { // get UTC milliseconds var d = new Date(); var utc = +d + d.getTimezoneOffset() * 60000; var rval = forge.util.createBuffer(); rval.putInt32(utc); rval.putBytes(forge.random.getBytes(28)); return rval; }; /** * Creates a TLS record with the given type and data. * * @param c the connection. * @param options: * type: the record type. * data: the plain text data in a byte buffer. * * @return the created record. */ tls.createRecord = function(c, options) { if(!options.data) { return null; } var record = { type: options.type, version: { major: c.version.major, minor: c.version.minor }, length: options.data.length(), fragment: options.data }; return record; }; /** * Creates a TLS alert record. * * @param c the connection. * @param alert: * level: the TLS alert level. * description: the TLS alert description. * * @return the created alert record. */ tls.createAlert = function(c, alert) { var b = forge.util.createBuffer(); b.putByte(alert.level); b.putByte(alert.description); return tls.createRecord(c, { type: tls.ContentType.alert, data: b }); }; /* The structure of a TLS handshake message. * * struct { * HandshakeType msg_type; // handshake type * uint24 length; // bytes in message * select(HandshakeType) { * case hello_request: HelloRequest; * case client_hello: ClientHello; * case server_hello: ServerHello; * case certificate: Certificate; * case server_key_exchange: ServerKeyExchange; * case certificate_request: CertificateRequest; * case server_hello_done: ServerHelloDone; * case certificate_verify: CertificateVerify; * case client_key_exchange: ClientKeyExchange; * case finished: Finished; * } body; * } Handshake; */ /** * Creates a ClientHello message. * * opaque SessionID<0..32>; * enum { null(0), deflate(1), (255) } CompressionMethod; * uint8 CipherSuite[2]; * * struct { * ProtocolVersion client_version; * Random random; * SessionID session_id; * CipherSuite cipher_suites<2..2^16-2>; * CompressionMethod compression_methods<1..2^8-1>; * select(extensions_present) { * case false: * struct {}; * case true: * Extension extensions<0..2^16-1>; * }; * } ClientHello; * * The extension format for extended client hellos and server hellos is: * * struct { * ExtensionType extension_type; * opaque extension_data<0..2^16-1>; * } Extension; * * Here: * * - "extension_type" identifies the particular extension type. * - "extension_data" contains information specific to the particular * extension type. * * The extension types defined in this document are: * * enum { * server_name(0), max_fragment_length(1), * client_certificate_url(2), trusted_ca_keys(3), * truncated_hmac(4), status_request(5), (65535) * } ExtensionType; * * @param c the connection. * * @return the ClientHello byte buffer. */ tls.createClientHello = function(c) { // save hello version c.session.clientHelloVersion = { major: c.version.major, minor: c.version.minor }; // create supported cipher suites var cipherSuites = forge.util.createBuffer(); for(var i = 0; i < c.cipherSuites.length; ++i) { var cs = c.cipherSuites[i]; cipherSuites.putByte(cs.id[0]); cipherSuites.putByte(cs.id[1]); } var cSuites = cipherSuites.length(); // create supported compression methods, null always supported, but // also support deflate if connection has inflate and deflate methods var compressionMethods = forge.util.createBuffer(); compressionMethods.putByte(tls.CompressionMethod.none); // FIXME: deflate support disabled until issues with raw deflate data // without zlib headers are resolved /* if(c.inflate !== null && c.deflate !== null) { compressionMethods.putByte(tls.CompressionMethod.deflate); } */ var cMethods = compressionMethods.length(); // create TLS SNI (server name indication) extension if virtual host // has been specified, see RFC 3546 var extensions = forge.util.createBuffer(); if(c.virtualHost) { // create extension struct var ext = forge.util.createBuffer(); ext.putByte(0x00); // type server_name (ExtensionType is 2 bytes) ext.putByte(0x00); /* In order to provide the server name, clients MAY include an * extension of type "server_name" in the (extended) client hello. * The "extension_data" field of this extension SHALL contain * "ServerNameList" where: * * struct { * NameType name_type; * select(name_type) { * case host_name: HostName; * } name; * } ServerName; * * enum { * host_name(0), (255) * } NameType; * * opaque HostName<1..2^16-1>; * * struct { * ServerName server_name_list<1..2^16-1> * } ServerNameList; */ var serverName = forge.util.createBuffer(); serverName.putByte(0x00); // type host_name writeVector(serverName, 2, forge.util.createBuffer(c.virtualHost)); // ServerNameList is in extension_data var snList = forge.util.createBuffer(); writeVector(snList, 2, serverName); writeVector(ext, 2, snList); extensions.putBuffer(ext); } var extLength = extensions.length(); if(extLength > 0) { // add extension vector length extLength += 2; } // determine length of the handshake message // cipher suites and compression methods size will need to be // updated if more get added to the list var sessionId = c.session.id; var length = sessionId.length + 1 + // session ID vector 2 + // version (major + minor) 4 + 28 + // random time and random bytes 2 + cSuites + // cipher suites vector 1 + cMethods + // compression methods vector extLength; // extensions vector // build record fragment var rval = forge.util.createBuffer(); rval.putByte(tls.HandshakeType.client_hello); rval.putInt24(length); // handshake length rval.putByte(c.version.major); // major version rval.putByte(c.version.minor); // minor version rval.putBytes(c.session.sp.client_random); // random time + bytes writeVector(rval, 1, forge.util.createBuffer(sessionId)); writeVector(rval, 2, cipherSuites); writeVector(rval, 1, compressionMethods); if(extLength > 0) { writeVector(rval, 2, extensions); } return rval; }; /** * Creates a ServerHello message. * * @param c the connection. * * @return the ServerHello byte buffer. */ tls.createServerHello = function(c) { // determine length of the handshake message var sessionId = c.session.id; var length = sessionId.length + 1 + // session ID vector 2 + // version (major + minor) 4 + 28 + // random time and random bytes 2 + // chosen cipher suite 1; // chosen compression method // build record fragment var rval = forge.util.createBuffer(); rval.putByte(tls.HandshakeType.server_hello); rval.putInt24(length); // handshake length rval.putByte(c.version.major); // major version rval.putByte(c.version.minor); // minor version rval.putBytes(c.session.sp.server_random); // random time + bytes writeVector(rval, 1, forge.util.createBuffer(sessionId)); rval.putByte(c.session.cipherSuite.id[0]); rval.putByte(c.session.cipherSuite.id[1]); rval.putByte(c.session.compressionMethod); return rval; }; /** * Creates a Certificate message. * * When this message will be sent: * This is the first message the client can send after receiving a server * hello done message and the first message the server can send after * sending a ServerHello. This client message is only sent if the server * requests a certificate. If no suitable certificate is available, the * client should send a certificate message containing no certificates. If * client authentication is required by the server for the handshake to * continue, it may respond with a fatal handshake failure alert. * * opaque ASN.1Cert<1..2^24-1>; * * struct { * ASN.1Cert certificate_list<0..2^24-1>; * } Certificate; * * @param c the connection. * * @return the Certificate byte buffer. */ tls.createCertificate = function(c) { // TODO: check certificate request to ensure types are supported // get a certificate (a certificate as a PEM string) var client = (c.entity === tls.ConnectionEnd.client); var cert = null; if(c.getCertificate) { var hint; if(client) { hint = c.session.certificateRequest; } else { hint = c.session.extensions.server_name.serverNameList; } cert = c.getCertificate(c, hint); } // buffer to hold certificate list var certList = forge.util.createBuffer(); if(cert !== null) { try { // normalize cert to a chain of certificates if(!forge.util.isArray(cert)) { cert = [cert]; } var asn1 = null; for(var i = 0; i < cert.length; ++i) { var msg = forge.pem.decode(cert[i])[0]; if(msg.type !== 'CERTIFICATE' && msg.type !== 'X509 CERTIFICATE' && msg.type !== 'TRUSTED CERTIFICATE') { var error = new Error('Could not convert certificate from PEM; PEM ' + 'header type is not "CERTIFICATE", "X509 CERTIFICATE", or ' + '"TRUSTED CERTIFICATE".'); error.headerType = msg.type; throw error; } if(msg.procType && msg.procType.type === 'ENCRYPTED') { throw new Error('Could not convert certificate from PEM; PEM is encrypted.'); } var der = forge.util.createBuffer(msg.body); if(asn1 === null) { asn1 = forge.asn1.fromDer(der.bytes(), false); } // certificate entry is itself a vector with 3 length bytes var certBuffer = forge.util.createBuffer(); writeVector(certBuffer, 3, der); // add cert vector to cert list vector certList.putBuffer(certBuffer); } // save certificate cert = forge.pki.certificateFromAsn1(asn1); if(client) { c.session.clientCertificate = cert; } else { c.session.serverCertificate = cert; } } catch(ex) { return c.error(c, { message: 'Could not send certificate list.', cause: ex, send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.bad_certificate } }); } } // determine length of the handshake message var length = 3 + certList.length(); // cert list vector // build record fragment var rval = forge.util.createBuffer(); rval.putByte(tls.HandshakeType.certificate); rval.putInt24(length); writeVector(rval, 3, certList); return rval; }; /** * Creates a ClientKeyExchange message. * * When this message will be sent: * This message is always sent by the client. It will immediately follow the * client certificate message, if it is sent. Otherwise it will be the first * message sent by the client after it receives the server hello done * message. * * Meaning of this message: * With this message, the premaster secret is set, either though direct * transmission of the RSA-encrypted secret, or by the transmission of * Diffie-Hellman parameters which will allow each side to agree upon the * same premaster secret. When the key exchange method is DH_RSA or DH_DSS, * client certification has been requested, and the client was able to * respond with a certificate which contained a Diffie-Hellman public key * whose parameters (group and generator) matched those specified by the * server in its certificate, this message will not contain any data. * * Meaning of this message: * If RSA is being used for key agreement and authentication, the client * generates a 48-byte premaster secret, encrypts it using the public key * from the server's certificate or the temporary RSA key provided in a * server key exchange message, and sends the result in an encrypted * premaster secret message. This structure is a variant of the client * key exchange message, not a message in itself. * * struct { * select(KeyExchangeAlgorithm) { * case rsa: EncryptedPreMasterSecret; * case diffie_hellman: ClientDiffieHellmanPublic; * } exchange_keys; * } ClientKeyExchange; * * struct { * ProtocolVersion client_version; * opaque random[46]; * } PreMasterSecret; * * struct { * public-key-encrypted PreMasterSecret pre_master_secret; * } EncryptedPreMasterSecret; * * A public-key-encrypted element is encoded as a vector <0..2^16-1>. * * @param c the connection. * * @return the ClientKeyExchange byte buffer. */ tls.createClientKeyExchange = function(c) { // create buffer to encrypt var b = forge.util.createBuffer(); // add highest client-supported protocol to help server avoid version // rollback attacks b.putByte(c.session.clientHelloVersion.major); b.putByte(c.session.clientHelloVersion.minor); // generate and add 46 random bytes b.putBytes(forge.random.getBytes(46)); // save pre-master secret var sp = c.session.sp; sp.pre_master_secret = b.getBytes(); // RSA-encrypt the pre-master secret var key = c.session.serverCertificate.publicKey; b = key.encrypt(sp.pre_master_secret); /* Note: The encrypted pre-master secret will be stored in a public-key-encrypted opaque vector that has the length prefixed using 2 bytes, so include those 2 bytes in the handshake message length. This is done as a minor optimization instead of calling writeVector(). */ // determine length of the handshake message var length = b.length + 2; // build record fragment var rval = forge.util.createBuffer(); rval.putByte(tls.HandshakeType.client_key_exchange); rval.putInt24(length); // add vector length bytes rval.putInt16(b.length); rval.putBytes(b); return rval; }; /** * Creates a ServerKeyExchange message. * * @param c the connection. * * @return the ServerKeyExchange byte buffer. */ tls.createServerKeyExchange = function(c) { // this implementation only supports RSA, no Diffie-Hellman support, // so this record is empty // determine length of the handshake message var length = 0; // build record fragment var rval = forge.util.createBuffer(); if(length > 0) { rval.putByte(tls.HandshakeType.server_key_exchange); rval.putInt24(length); } return rval; }; /** * Gets the signed data used to verify a client-side certificate. See * tls.createCertificateVerify() for details. * * @param c the connection. * @param callback the callback to call once the signed data is ready. */ tls.getClientSignature = function(c, callback) { // generate data to RSA encrypt var b = forge.util.createBuffer(); b.putBuffer(c.session.md5.digest()); b.putBuffer(c.session.sha1.digest()); b = b.getBytes(); // create default signing function as necessary c.getSignature = c.getSignature || function(c, b, callback) { // do rsa encryption, call callback var privateKey = null; if(c.getPrivateKey) { try { privateKey = c.getPrivateKey(c, c.session.clientCertificate); privateKey = forge.pki.privateKeyFromPem(privateKey); } catch(ex) { c.error(c, { message: 'Could not get private key.', cause: ex, send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.internal_error } }); } } if(privateKey === null) { c.error(c, { message: 'No private key set.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.internal_error } }); } else { b = privateKey.sign(b, null); } callback(c, b); }; // get client signature c.getSignature(c, b, callback); }; /** * Creates a CertificateVerify message. * * Meaning of this message: * This structure conveys the client's Diffie-Hellman public value * (Yc) if it was not already included in the client's certificate. * The encoding used for Yc is determined by the enumerated * PublicValueEncoding. This structure is a variant of the client * key exchange message, not a message in itself. * * When this message will be sent: * This message is used to provide explicit verification of a client * certificate. This message is only sent following a client * certificate that has signing capability (i.e. all certificates * except those containing fixed Diffie-Hellman parameters). When * sent, it will immediately follow the client key exchange message. * * struct { * Signature signature; * } CertificateVerify; * * CertificateVerify.signature.md5_hash * MD5(handshake_messages); * * Certificate.signature.sha_hash * SHA(handshake_messages); * * Here handshake_messages refers to all handshake messages sent or * received starting at client hello up to but not including this * message, including the type and length fields of the handshake * messages. * * select(SignatureAlgorithm) { * case anonymous: struct { }; * case rsa: * digitally-signed struct { * opaque md5_hash[16]; * opaque sha_hash[20]; * }; * case dsa: * digitally-signed struct { * opaque sha_hash[20]; * }; * } Signature; * * In digital signing, one-way hash functions are used as input for a * signing algorithm. A digitally-signed element is encoded as an opaque * vector <0..2^16-1>, where the length is specified by the signing * algorithm and key. * * In RSA signing, a 36-byte structure of two hashes (one SHA and one * MD5) is signed (encrypted with the private key). It is encoded with * PKCS #1 block type 0 or type 1 as described in [PKCS1]. * * In DSS, the 20 bytes of the SHA hash are run directly through the * Digital Signing Algorithm with no additional hashing. * * @param c the connection. * @param signature the signature to include in the message. * * @return the CertificateVerify byte buffer. */ tls.createCertificateVerify = function(c, signature) { /* Note: The signature will be stored in a "digitally-signed" opaque vector that has the length prefixed using 2 bytes, so include those 2 bytes in the handshake message length. This is done as a minor optimization instead of calling writeVector(). */ // determine length of the handshake message var length = signature.length + 2; // build record fragment var rval = forge.util.createBuffer(); rval.putByte(tls.HandshakeType.certificate_verify); rval.putInt24(length); // add vector length bytes rval.putInt16(signature.length); rval.putBytes(signature); return rval; }; /** * Creates a CertificateRequest message. * * @param c the connection. * * @return the CertificateRequest byte buffer. */ tls.createCertificateRequest = function(c) { // TODO: support other certificate types var certTypes = forge.util.createBuffer(); // common RSA certificate type certTypes.putByte(0x01); // add distinguished names from CA store var cAs = forge.util.createBuffer(); for(var key in c.caStore.certs) { var cert = c.caStore.certs[key]; var dn = forge.pki.distinguishedNameToAsn1(cert.subject); var byteBuffer = forge.asn1.toDer(dn); cAs.putInt16(byteBuffer.length()); cAs.putBuffer(byteBuffer); } // TODO: TLS 1.2+ has a different format // determine length of the handshake message var length = 1 + certTypes.length() + 2 + cAs.length(); // build record fragment var rval = forge.util.createBuffer(); rval.putByte(tls.HandshakeType.certificate_request); rval.putInt24(length); writeVector(rval, 1, certTypes); writeVector(rval, 2, cAs); return rval; }; /** * Creates a ServerHelloDone message. * * @param c the connection. * * @return the ServerHelloDone byte buffer. */ tls.createServerHelloDone = function(c) { // build record fragment var rval = forge.util.createBuffer(); rval.putByte(tls.HandshakeType.server_hello_done); rval.putInt24(0); return rval; }; /** * Creates a ChangeCipherSpec message. * * The change cipher spec protocol exists to signal transitions in * ciphering strategies. The protocol consists of a single message, * which is encrypted and compressed under the current (not the pending) * connection state. The message consists of a single byte of value 1. * * struct { * enum { change_cipher_spec(1), (255) } type; * } ChangeCipherSpec; * * @return the ChangeCipherSpec byte buffer. */ tls.createChangeCipherSpec = function() { var rval = forge.util.createBuffer(); rval.putByte(0x01); return rval; }; /** * Creates a Finished message. * * struct { * opaque verify_data[12]; * } Finished; * * verify_data * PRF(master_secret, finished_label, MD5(handshake_messages) + * SHA-1(handshake_messages)) [0..11]; * * finished_label * For Finished messages sent by the client, the string "client * finished". For Finished messages sent by the server, the * string "server finished". * * handshake_messages * All of the data from all handshake messages up to but not * including this message. This is only data visible at the * handshake layer and does not include record layer headers. * This is the concatenation of all the Handshake structures as * defined in 7.4 exchanged thus far. * * @param c the connection. * * @return the Finished byte buffer. */ tls.createFinished = function(c) { // generate verify_data var b = forge.util.createBuffer(); b.putBuffer(c.session.md5.digest()); b.putBuffer(c.session.sha1.digest()); // TODO: determine prf function and verify length for TLS 1.2 var client = (c.entity === tls.ConnectionEnd.client); var sp = c.session.sp; var vdl = 12; var prf = prf_TLS1; var label = client ? 'client finished' : 'server finished'; b = prf(sp.master_secret, label, b.getBytes(), vdl); // build record fragment var rval = forge.util.createBuffer(); rval.putByte(tls.HandshakeType.finished); rval.putInt24(b.length()); rval.putBuffer(b); return rval; }; /** * Creates a HeartbeatMessage (See RFC 6520). * * struct { * HeartbeatMessageType type; * uint16 payload_length; * opaque payload[HeartbeatMessage.payload_length]; * opaque padding[padding_length]; * } HeartbeatMessage; * * The total length of a HeartbeatMessage MUST NOT exceed 2^14 or * max_fragment_length when negotiated as defined in [RFC6066]. * * type: The message type, either heartbeat_request or heartbeat_response. * * payload_length: The length of the payload. * * payload: The payload consists of arbitrary content. * * padding: The padding is random content that MUST be ignored by the * receiver. The length of a HeartbeatMessage is TLSPlaintext.length * for TLS and DTLSPlaintext.length for DTLS. Furthermore, the * length of the type field is 1 byte, and the length of the * payload_length is 2. Therefore, the padding_length is * TLSPlaintext.length - payload_length - 3 for TLS and * DTLSPlaintext.length - payload_length - 3 for DTLS. The * padding_length MUST be at least 16. * * The sender of a HeartbeatMessage MUST use a random padding of at * least 16 bytes. The padding of a received HeartbeatMessage message * MUST be ignored. * * If the payload_length of a received HeartbeatMessage is too large, * the received HeartbeatMessage MUST be discarded silently. * * @param c the connection. * @param type the tls.HeartbeatMessageType. * @param payload the heartbeat data to send as the payload. * @param [payloadLength] the payload length to use, defaults to the * actual payload length. * * @return the HeartbeatRequest byte buffer. */ tls.createHeartbeat = function(type, payload, payloadLength) { if(typeof payloadLength === 'undefined') { payloadLength = payload.length; } // build record fragment var rval = forge.util.createBuffer(); rval.putByte(type); // heartbeat message type rval.putInt16(payloadLength); // payload length rval.putBytes(payload); // payload // padding var plaintextLength = rval.length(); var paddingLength = Math.max(16, plaintextLength - payloadLength - 3); rval.putBytes(forge.random.getBytes(paddingLength)); return rval; }; /** * Fragments, compresses, encrypts, and queues a record for delivery. * * @param c the connection. * @param record the record to queue. */ tls.queue = function(c, record) { // error during record creation if(!record) { return; } if(record.fragment.length() === 0) { if(record.type === tls.ContentType.handshake || record.type === tls.ContentType.alert || record.type === tls.ContentType.change_cipher_spec) { // Empty handshake, alert of change cipher spec messages are not allowed per the TLS specification and should not be sent. return; } } // if the record is a handshake record, update handshake hashes if(record.type === tls.ContentType.handshake) { var bytes = record.fragment.bytes(); c.session.md5.update(bytes); c.session.sha1.update(bytes); bytes = null; } // handle record fragmentation var records; if(record.fragment.length() <= tls.MaxFragment) { records = [record]; } else { // fragment data as long as it is too long records = []; var data = record.fragment.bytes(); while(data.length > tls.MaxFragment) { records.push(tls.createRecord(c, { type: record.type, data: forge.util.createBuffer(data.slice(0, tls.MaxFragment)) })); data = data.slice(tls.MaxFragment); } // add last record if(data.length > 0) { records.push(tls.createRecord(c, { type: record.type, data: forge.util.createBuffer(data) })); } } // compress and encrypt all fragmented records for(var i = 0; i < records.length && !c.fail; ++i) { // update the record using current write state var rec = records[i]; var s = c.state.current.write; if(s.update(c, rec)) { // store record c.records.push(rec); } } }; /** * Flushes all queued records to the output buffer and calls the * tlsDataReady() handler on the given connection. * * @param c the connection. * * @return true on success, false on failure. */ tls.flush = function(c) { for(var i = 0; i < c.records.length; ++i) { var record = c.records[i]; // add record header and fragment c.tlsData.putByte(record.type); c.tlsData.putByte(record.version.major); c.tlsData.putByte(record.version.minor); c.tlsData.putInt16(record.fragment.length()); c.tlsData.putBuffer(c.records[i].fragment); } c.records = []; return c.tlsDataReady(c); }; /** * Maps a pki.certificateError to a tls.Alert.Description. * * @param error the error to map. * * @return the alert description. */ var _certErrorToAlertDesc = function(error) { switch(error) { case true: return true; case forge.pki.certificateError.bad_certificate: return tls.Alert.Description.bad_certificate; case forge.pki.certificateError.unsupported_certificate: return tls.Alert.Description.unsupported_certificate; case forge.pki.certificateError.certificate_revoked: return tls.Alert.Description.certificate_revoked; case forge.pki.certificateError.certificate_expired: return tls.Alert.Description.certificate_expired; case forge.pki.certificateError.certificate_unknown: return tls.Alert.Description.certificate_unknown; case forge.pki.certificateError.unknown_ca: return tls.Alert.Description.unknown_ca; default: return tls.Alert.Description.bad_certificate; } }; /** * Maps a tls.Alert.Description to a pki.certificateError. * * @param desc the alert description. * * @return the certificate error. */ var _alertDescToCertError = function(desc) { switch(desc) { case true: return true; case tls.Alert.Description.bad_certificate: return forge.pki.certificateError.bad_certificate; case tls.Alert.Description.unsupported_certificate: return forge.pki.certificateError.unsupported_certificate; case tls.Alert.Description.certificate_revoked: return forge.pki.certificateError.certificate_revoked; case tls.Alert.Description.certificate_expired: return forge.pki.certificateError.certificate_expired; case tls.Alert.Description.certificate_unknown: return forge.pki.certificateError.certificate_unknown; case tls.Alert.Description.unknown_ca: return forge.pki.certificateError.unknown_ca; default: return forge.pki.certificateError.bad_certificate; } }; /** * Verifies a certificate chain against the given connection's * Certificate Authority store. * * @param c the TLS connection. * @param chain the certificate chain to verify, with the root or highest * authority at the end. * * @return true if successful, false if not. */ tls.verifyCertificateChain = function(c, chain) { try { // Make a copy of c.verifyOptions so that we can modify options.verify // without modifying c.verifyOptions. var options = {}; for (var key in c.verifyOptions) { options[key] = c.verifyOptions[key]; } options.verify = function(vfd, depth, chain) { // convert pki.certificateError to tls alert description var desc = _certErrorToAlertDesc(vfd); // call application callback var ret = c.verify(c, vfd, depth, chain); if(ret !== true) { if(typeof ret === 'object' && !forge.util.isArray(ret)) { // throw custom error var error = new Error('The application rejected the certificate.'); error.send = true; error.alert = { level: tls.Alert.Level.fatal, description: tls.Alert.Description.bad_certificate }; if(ret.message) { error.message = ret.message; } if(ret.alert) { error.alert.description = ret.alert; } throw error; } // convert tls alert description to pki.certificateError if(ret !== vfd) { ret = _alertDescToCertError(ret); } } return ret; }; // verify chain forge.pki.verifyCertificateChain(c.caStore, chain, options); } catch(ex) { // build tls error if not already customized var err = ex; if(typeof err !== 'object' || forge.util.isArray(err)) { err = { send: true, alert: { level: tls.Alert.Level.fatal, description: _certErrorToAlertDesc(ex) } }; } if(!('send' in err)) { err.send = true; } if(!('alert' in err)) { err.alert = { level: tls.Alert.Level.fatal, description: _certErrorToAlertDesc(err.error) }; } // send error c.error(c, err); } return !c.fail; }; /** * Creates a new TLS session cache. * * @param cache optional map of session ID to cached session. * @param capacity the maximum size for the cache (default: 100). * * @return the new TLS session cache. */ tls.createSessionCache = function(cache, capacity) { var rval = null; // assume input is already a session cache object if(cache && cache.getSession && cache.setSession && cache.order) { rval = cache; } else { // create cache rval = {}; rval.cache = cache || {}; rval.capacity = Math.max(capacity || 100, 1); rval.order = []; // store order for sessions, delete session overflow for(var key in cache) { if(rval.order.length <= capacity) { rval.order.push(key); } else { delete cache[key]; } } // get a session from a session ID (or get any session) rval.getSession = function(sessionId) { var session = null; var key = null; // if session ID provided, use it if(sessionId) { key = forge.util.bytesToHex(sessionId); } else if(rval.order.length > 0) { // get first session from cache key = rval.order[0]; } if(key !== null && key in rval.cache) { // get cached session and remove from cache session = rval.cache[key]; delete rval.cache[key]; for(var i in rval.order) { if(rval.order[i] === key) { rval.order.splice(i, 1); break; } } } return session; }; // set a session in the cache rval.setSession = function(sessionId, session) { // remove session from cache if at capacity if(rval.order.length === rval.capacity) { var key = rval.order.shift(); delete rval.cache[key]; } // add session to cache var key = forge.util.bytesToHex(sessionId); rval.order.push(key); rval.cache[key] = session; }; } return rval; }; /** * Creates a new TLS connection. * * See public createConnection() docs for more details. * * @param options the options for this connection. * * @return the new TLS connection. */ tls.createConnection = function(options) { var caStore = null; if(options.caStore) { // if CA store is an array, convert it to a CA store object if(forge.util.isArray(options.caStore)) { caStore = forge.pki.createCaStore(options.caStore); } else { caStore = options.caStore; } } else { // create empty CA store caStore = forge.pki.createCaStore(); } // setup default cipher suites var cipherSuites = options.cipherSuites || null; if(cipherSuites === null) { cipherSuites = []; for(var key in tls.CipherSuites) { cipherSuites.push(tls.CipherSuites[key]); } } // set default entity var entity = (options.server || false) ? tls.ConnectionEnd.server : tls.ConnectionEnd.client; // create session cache if requested var sessionCache = options.sessionCache ? tls.createSessionCache(options.sessionCache) : null; // create TLS connection var c = { version: {major: tls.Version.major, minor: tls.Version.minor}, entity: entity, sessionId: options.sessionId, caStore: caStore, sessionCache: sessionCache, cipherSuites: cipherSuites, connected: options.connected, virtualHost: options.virtualHost || null, verifyClient: options.verifyClient || false, verify: options.verify || function(cn, vfd, dpth, cts) {return vfd;}, verifyOptions: options.verifyOptions || {}, getCertificate: options.getCertificate || null, getPrivateKey: options.getPrivateKey || null, getSignature: options.getSignature || null, input: forge.util.createBuffer(), tlsData: forge.util.createBuffer(), data: forge.util.createBuffer(), tlsDataReady: options.tlsDataReady, dataReady: options.dataReady, heartbeatReceived: options.heartbeatReceived, closed: options.closed, error: function(c, ex) { // set origin if not set ex.origin = ex.origin || ((c.entity === tls.ConnectionEnd.client) ? 'client' : 'server'); // send TLS alert if(ex.send) { tls.queue(c, tls.createAlert(c, ex.alert)); tls.flush(c); } // error is fatal by default var fatal = (ex.fatal !== false); if(fatal) { // set fail flag c.fail = true; } // call error handler first options.error(c, ex); if(fatal) { // fatal error, close connection, do not clear fail c.close(false); } }, deflate: options.deflate || null, inflate: options.inflate || null }; /** * Resets a closed TLS connection for reuse. Called in c.close(). * * @param clearFail true to clear the fail flag (default: true). */ c.reset = function(clearFail) { c.version = {major: tls.Version.major, minor: tls.Version.minor}; c.record = null; c.session = null; c.peerCertificate = null; c.state = { pending: null, current: null }; c.expect = (c.entity === tls.ConnectionEnd.client) ? SHE : CHE; c.fragmented = null; c.records = []; c.open = false; c.handshakes = 0; c.handshaking = false; c.isConnected = false; c.fail = !(clearFail || typeof(clearFail) === 'undefined'); c.input.clear(); c.tlsData.clear(); c.data.clear(); c.state.current = tls.createConnectionState(c); }; // do initial reset of connection c.reset(); /** * Updates the current TLS engine state based on the given record. * * @param c the TLS connection. * @param record the TLS record to act on. */ var _update = function(c, record) { // get record handler (align type in table by subtracting lowest) var aligned = record.type - tls.ContentType.change_cipher_spec; var handlers = ctTable[c.entity][c.expect]; if(aligned in handlers) { handlers[aligned](c, record); } else { // unexpected record tls.handleUnexpected(c, record); } }; /** * Reads the record header and initializes the next record on the given * connection. * * @param c the TLS connection with the next record. * * @return 0 if the input data could be processed, otherwise the * number of bytes required for data to be processed. */ var _readRecordHeader = function(c) { var rval = 0; // get input buffer and its length var b = c.input; var len = b.length(); // need at least 5 bytes to initialize a record if(len < 5) { rval = 5 - len; } else { // enough bytes for header // initialize record c.record = { type: b.getByte(), version: { major: b.getByte(), minor: b.getByte() }, length: b.getInt16(), fragment: forge.util.createBuffer(), ready: false }; // check record version var compatibleVersion = (c.record.version.major === c.version.major); if(compatibleVersion && c.session && c.session.version) { // session version already set, require same minor version compatibleVersion = (c.record.version.minor === c.version.minor); } if(!compatibleVersion) { c.error(c, { message: 'Incompatible TLS version.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.protocol_version } }); } } return rval; }; /** * Reads the next record's contents and appends its message to any * previously fragmented message. * * @param c the TLS connection with the next record. * * @return 0 if the input data could be processed, otherwise the * number of bytes required for data to be processed. */ var _readRecord = function(c) { var rval = 0; // ensure there is enough input data to get the entire record var b = c.input; var len = b.length(); if(len < c.record.length) { // not enough data yet, return how much is required rval = c.record.length - len; } else { // there is enough data to parse the pending record // fill record fragment and compact input buffer c.record.fragment.putBytes(b.getBytes(c.record.length)); b.compact(); // update record using current read state var s = c.state.current.read; if(s.update(c, c.record)) { // see if there is a previously fragmented message that the // new record's message fragment should be appended to if(c.fragmented !== null) { // if the record type matches a previously fragmented // record, append the record fragment to it if(c.fragmented.type === c.record.type) { // concatenate record fragments c.fragmented.fragment.putBuffer(c.record.fragment); c.record = c.fragmented; } else { // error, invalid fragmented record c.error(c, { message: 'Invalid fragmented record.', send: true, alert: { level: tls.Alert.Level.fatal, description: tls.Alert.Description.unexpected_message } }); } } // record is now ready c.record.ready = true; } } return rval; }; /** * Performs a handshake using the TLS Handshake Protocol, as a client. * * This method should only be called if the connection is in client mode. * * @param sessionId the session ID to use, null to start a new one. */ c.handshake = function(sessionId) { // error to call this in non-client mode if(c.entity !== tls.ConnectionEnd.client) { // not fatal error c.error(c, { message: 'Cannot initiate handshake as a server.', fatal: false }); } else if(c.handshaking) { // handshake is already in progress, fail but not fatal error c.error(c, { message: 'Handshake already in progress.', fatal: false }); } else { // clear fail flag on reuse if(c.fail && !c.open && c.handshakes === 0) { c.fail = false; } // now handshaking c.handshaking = true; // default to blank (new session) sessionId = sessionId || ''; // if a session ID was specified, try to find it in the cache var session = null; if(sessionId.length > 0) { if(c.sessionCache) { session = c.sessionCache.getSession(sessionId); } // matching session not found in cache, clear session ID if(session === null) { sessionId = ''; } } // no session given, grab a session from the cache, if available if(sessionId.length === 0 && c.sessionCache) { session = c.sessionCache.getSession(); if(session !== null) { sessionId = session.id; } } // set up session c.session = { id: sessionId, version: null, cipherSuite: null, compressionMethod: null, serverCertificate: null, certificateRequest: null, clientCertificate: null, sp: {}, md5: forge.md.md5.create(), sha1: forge.md.sha1.create() }; // use existing session information if(session) { // only update version on connection, session version not yet set c.version = session.version; c.session.sp = session.sp; } // generate new client random c.session.sp.client_random = tls.createRandom().getBytes(); // connection now open c.open = true; // send hello tls.queue(c, tls.createRecord(c, { type: tls.ContentType.handshake, data: tls.createClientHello(c) })); tls.flush(c); } }; /** * Called when TLS protocol data has been received from somewhere and should * be processed by the TLS engine. * * @param data the TLS protocol data, as a string, to process. * * @return 0 if the data could be processed, otherwise the number of bytes * required for data to be processed. */ c.process = function(data) { var rval = 0; // buffer input data if(data) { c.input.putBytes(data); } // process next record if no failure, process will be called after // each record is handled (since handling can be asynchronous) if(!c.fail) { // reset record if ready and now empty if(c.record !== null && c.record.ready && c.record.fragment.isEmpty()) { c.record = null; } // if there is no pending record, try to read record header if(c.record === null) { rval = _readRecordHeader(c); } // read the next record (if record not yet ready) if(!c.fail && c.record !== null && !c.record.ready) { rval = _readRecord(c); } // record ready to be handled, update engine state if(!c.fail && c.record !== null && c.record.ready) { _update(c, c.record); } } return rval; }; /** * Requests that application data be packaged into a TLS record. The * tlsDataReady handler will be called when the TLS record(s) have been * prepared. * * @param data the application data, as a raw 'binary' encoded string, to * be sent; to send utf-16/utf-8 string data, use the return value * of util.encodeUtf8(str). * * @return true on success, false on failure. */ c.prepare = function(data) { tls.queue(c, tls.createRecord(c, { type: tls.ContentType.application_data, data: forge.util.createBuffer(data) })); return tls.flush(c); }; /** * Requests that a heartbeat request be packaged into a TLS record for * transmission. The tlsDataReady handler will be called when TLS record(s) * have been prepared. * * When a heartbeat response has been received, the heartbeatReceived * handler will be called with the matching payload. This handler can * be used to clear a retransmission timer, etc. * * @param payload the heartbeat data to send as the payload in the message. * @param [payloadLength] the payload length to use, defaults to the * actual payload length. * * @return true on success, false on failure. */ c.prepareHeartbeatRequest = function(payload, payloadLength) { if(payload instanceof forge.util.ByteBuffer) { payload = payload.bytes(); } if(typeof payloadLength === 'undefined') { payloadLength = payload.length; } c.expectedHeartbeatPayload = payload; tls.queue(c, tls.createRecord(c, { type: tls.ContentType.heartbeat, data: tls.createHeartbeat( tls.HeartbeatMessageType.heartbeat_request, payload, payloadLength) })); return tls.flush(c); }; /** * Closes the connection (sends a close_notify alert). * * @param clearFail true to clear the fail flag (default: true). */ c.close = function(clearFail) { // save session if connection didn't fail if(!c.fail && c.sessionCache && c.session) { // only need to preserve session ID, version, and security params var session = { id: c.session.id, version: c.session.version, sp: c.session.sp }; session.sp.keys = null; c.sessionCache.setSession(session.id, session); } if(c.open) { // connection no longer open, clear input c.open = false; c.input.clear(); // if connected or handshaking, send an alert if(c.isConnected || c.handshaking) { c.isConnected = c.handshaking = false; // send close_notify alert tls.queue(c, tls.createAlert(c, { level: tls.Alert.Level.warning, description: tls.Alert.Description.close_notify })); tls.flush(c); } // call handler c.closed(c); } // reset TLS connection, do not clear fail flag c.reset(clearFail); }; return c; }; /* TLS API */ module.exports = forge.tls = forge.tls || {}; // expose non-functions for(var key in tls) { if(typeof tls[key] !== 'function') { forge.tls[key] = tls[key]; } } // expose prf_tls1 for testing forge.tls.prf_tls1 = prf_TLS1; // expose sha1 hmac method forge.tls.hmac_sha1 = hmac_sha1; // expose session cache creation forge.tls.createSessionCache = tls.createSessionCache; /** * Creates a new TLS connection. This does not make any assumptions about the * transport layer that TLS is working on top of, ie: it does not assume there * is a TCP/IP connection or establish one. A TLS connection is totally * abstracted away from the layer is runs on top of, it merely establishes a * secure channel between a client" and a "server". * * A TLS connection contains 4 connection states: pending read and write, and * current read and write. * * At initialization, the current read and write states will be null. Only once * the security parameters have been set and the keys have been generated can * the pending states be converted into current states. Current states will be * updated for each record processed. * * A custom certificate verify callback may be provided to check information * like the common name on the server's certificate. It will be called for * every certificate in the chain. It has the following signature: * * variable func(c, certs, index, preVerify) * Where: * c The TLS connection * verified Set to true if certificate was verified, otherwise the alert * tls.Alert.Description for why the certificate failed. * depth The current index in the chain, where 0 is the server's cert. * certs The certificate chain, *NOTE* if the server was anonymous then * the chain will be empty. * * The function returns true on success and on failure either the appropriate * tls.Alert.Description or an object with 'alert' set to the appropriate * tls.Alert.Description and 'message' set to a custom error message. If true * is not returned then the connection will abort using, in order of * availability, first the returned alert description, second the preVerify * alert description, and lastly the default 'bad_certificate'. * * There are three callbacks that can be used to make use of client-side * certificates where each takes the TLS connection as the first parameter: * * getCertificate(conn, hint) * The second parameter is a hint as to which certificate should be * returned. If the connection entity is a client, then the hint will be * the CertificateRequest message from the server that is part of the * TLS protocol. If the connection entity is a server, then it will be * the servername list provided via an SNI extension the ClientHello, if * one was provided (empty array if not). The hint can be examined to * determine which certificate to use (advanced). Most implementations * will just return a certificate. The return value must be a * PEM-formatted certificate or an array of PEM-formatted certificates * that constitute a certificate chain, with the first in the array/chain * being the client's certificate. * getPrivateKey(conn, certificate) * The second parameter is an forge.pki X.509 certificate object that * is associated with the requested private key. The return value must * be a PEM-formatted private key. * getSignature(conn, bytes, callback) * This callback can be used instead of getPrivateKey if the private key * is not directly accessible in javascript or should not be. For * instance, a secure external web service could provide the signature * in exchange for appropriate credentials. The second parameter is a * string of bytes to be signed that are part of the TLS protocol. These * bytes are used to verify that the private key for the previously * provided client-side certificate is accessible to the client. The * callback is a function that takes 2 parameters, the TLS connection * and the RSA encrypted (signed) bytes as a string. This callback must * be called once the signature is ready. * * @param options the options for this connection: * server: true if the connection is server-side, false for client. * sessionId: a session ID to reuse, null for a new connection. * caStore: an array of certificates to trust. * sessionCache: a session cache to use. * cipherSuites: an optional array of cipher suites to use, * see tls.CipherSuites. * connected: function(conn) called when the first handshake completes. * virtualHost: the virtual server name to use in a TLS SNI extension. * verifyClient: true to require a client certificate in server mode, * 'optional' to request one, false not to (default: false). * verify: a handler used to custom verify certificates in the chain. * verifyOptions: an object with options for the certificate chain validation. * See documentation of pki.verifyCertificateChain for possible options. * verifyOptions.verify is ignored. If you wish to specify a verify handler * use the verify key. * getCertificate: an optional callback used to get a certificate or * a chain of certificates (as an array). * getPrivateKey: an optional callback used to get a private key. * getSignature: an optional callback used to get a signature. * tlsDataReady: function(conn) called when TLS protocol data has been * prepared and is ready to be used (typically sent over a socket * connection to its destination), read from conn.tlsData buffer. * dataReady: function(conn) called when application data has * been parsed from a TLS record and should be consumed by the * application, read from conn.data buffer. * closed: function(conn) called when the connection has been closed. * error: function(conn, error) called when there was an error. * deflate: function(inBytes) if provided, will deflate TLS records using * the deflate algorithm if the server supports it. * inflate: function(inBytes) if provided, will inflate TLS records using * the deflate algorithm if the server supports it. * * @return the new TLS connection. */ forge.tls.createConnection = tls.createConnection; /***/ }), /***/ 8339: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Utility functions for web applications. * * @author Dave Longley * * Copyright (c) 2010-2018 Digital Bazaar, Inc. */ var forge = __nccwpck_require__(9177); var baseN = __nccwpck_require__(2300); /* Utilities API */ var util = module.exports = forge.util = forge.util || {}; // define setImmediate and nextTick (function() { // use native nextTick (unless we're in webpack) // webpack (or better node-libs-browser polyfill) sets process.browser. // this way we can detect webpack properly if(typeof process !== 'undefined' && process.nextTick && !process.browser) { util.nextTick = process.nextTick; if(typeof setImmediate === 'function') { util.setImmediate = setImmediate; } else { // polyfill setImmediate with nextTick, older versions of node // (those w/o setImmediate) won't totally starve IO util.setImmediate = util.nextTick; } return; } // polyfill nextTick with native setImmediate if(typeof setImmediate === 'function') { util.setImmediate = function() { return setImmediate.apply(undefined, arguments); }; util.nextTick = function(callback) { return setImmediate(callback); }; return; } /* Note: A polyfill upgrade pattern is used here to allow combining polyfills. For example, MutationObserver is fast, but blocks UI updates, so it needs to allow UI updates periodically, so it falls back on postMessage or setTimeout. */ // polyfill with setTimeout util.setImmediate = function(callback) { setTimeout(callback, 0); }; // upgrade polyfill to use postMessage if(typeof window !== 'undefined' && typeof window.postMessage === 'function') { var msg = 'forge.setImmediate'; var callbacks = []; util.setImmediate = function(callback) { callbacks.push(callback); // only send message when one hasn't been sent in // the current turn of the event loop if(callbacks.length === 1) { window.postMessage(msg, '*'); } }; function handler(event) { if(event.source === window && event.data === msg) { event.stopPropagation(); var copy = callbacks.slice(); callbacks.length = 0; copy.forEach(function(callback) { callback(); }); } } window.addEventListener('message', handler, true); } // upgrade polyfill to use MutationObserver if(typeof MutationObserver !== 'undefined') { // polyfill with MutationObserver var now = Date.now(); var attr = true; var div = document.createElement('div'); var callbacks = []; new MutationObserver(function() { var copy = callbacks.slice(); callbacks.length = 0; copy.forEach(function(callback) { callback(); }); }).observe(div, {attributes: true}); var oldSetImmediate = util.setImmediate; util.setImmediate = function(callback) { if(Date.now() - now > 15) { now = Date.now(); oldSetImmediate(callback); } else { callbacks.push(callback); // only trigger observer when it hasn't been triggered in // the current turn of the event loop if(callbacks.length === 1) { div.setAttribute('a', attr = !attr); } } }; } util.nextTick = util.setImmediate; })(); // check if running under Node.js util.isNodejs = typeof process !== 'undefined' && process.versions && process.versions.node; // 'self' will also work in Web Workers (instance of WorkerGlobalScope) while // it will point to `window` in the main thread. // To remain compatible with older browsers, we fall back to 'window' if 'self' // is not available. util.globalScope = (function() { if(util.isNodejs) { return global; } return typeof self === 'undefined' ? window : self; })(); // define isArray util.isArray = Array.isArray || function(x) { return Object.prototype.toString.call(x) === '[object Array]'; }; // define isArrayBuffer util.isArrayBuffer = function(x) { return typeof ArrayBuffer !== 'undefined' && x instanceof ArrayBuffer; }; // define isArrayBufferView util.isArrayBufferView = function(x) { return x && util.isArrayBuffer(x.buffer) && x.byteLength !== undefined; }; /** * Ensure a bits param is 8, 16, 24, or 32. Used to validate input for * algorithms where bit manipulation, JavaScript limitations, and/or algorithm * design only allow for byte operations of a limited size. * * @param n number of bits. * * Throw Error if n invalid. */ function _checkBitsParam(n) { if(!(n === 8 || n === 16 || n === 24 || n === 32)) { throw new Error('Only 8, 16, 24, or 32 bits supported: ' + n); } } // TODO: set ByteBuffer to best available backing util.ByteBuffer = ByteStringBuffer; /** Buffer w/BinaryString backing */ /** * Constructor for a binary string backed byte buffer. * * @param [b] the bytes to wrap (either encoded as string, one byte per * character, or as an ArrayBuffer or Typed Array). */ function ByteStringBuffer(b) { // TODO: update to match DataBuffer API // the data in this buffer this.data = ''; // the pointer for reading from this buffer this.read = 0; if(typeof b === 'string') { this.data = b; } else if(util.isArrayBuffer(b) || util.isArrayBufferView(b)) { if(typeof Buffer !== 'undefined' && b instanceof Buffer) { this.data = b.toString('binary'); } else { // convert native buffer to forge buffer // FIXME: support native buffers internally instead var arr = new Uint8Array(b); try { this.data = String.fromCharCode.apply(null, arr); } catch(e) { for(var i = 0; i < arr.length; ++i) { this.putByte(arr[i]); } } } } else if(b instanceof ByteStringBuffer || (typeof b === 'object' && typeof b.data === 'string' && typeof b.read === 'number')) { // copy existing buffer this.data = b.data; this.read = b.read; } // used for v8 optimization this._constructedStringLength = 0; } util.ByteStringBuffer = ByteStringBuffer; /* Note: This is an optimization for V8-based browsers. When V8 concatenates a string, the strings are only joined logically using a "cons string" or "constructed/concatenated string". These containers keep references to one another and can result in very large memory usage. For example, if a 2MB string is constructed by concatenating 4 bytes together at a time, the memory usage will be ~44MB; so ~22x increase. The strings are only joined together when an operation requiring their joining takes place, such as substr(). This function is called when adding data to this buffer to ensure these types of strings are periodically joined to reduce the memory footprint. */ var _MAX_CONSTRUCTED_STRING_LENGTH = 4096; util.ByteStringBuffer.prototype._optimizeConstructedString = function(x) { this._constructedStringLength += x; if(this._constructedStringLength > _MAX_CONSTRUCTED_STRING_LENGTH) { // this substr() should cause the constructed string to join this.data.substr(0, 1); this._constructedStringLength = 0; } }; /** * Gets the number of bytes in this buffer. * * @return the number of bytes in this buffer. */ util.ByteStringBuffer.prototype.length = function() { return this.data.length - this.read; }; /** * Gets whether or not this buffer is empty. * * @return true if this buffer is empty, false if not. */ util.ByteStringBuffer.prototype.isEmpty = function() { return this.length() <= 0; }; /** * Puts a byte in this buffer. * * @param b the byte to put. * * @return this buffer. */ util.ByteStringBuffer.prototype.putByte = function(b) { return this.putBytes(String.fromCharCode(b)); }; /** * Puts a byte in this buffer N times. * * @param b the byte to put. * @param n the number of bytes of value b to put. * * @return this buffer. */ util.ByteStringBuffer.prototype.fillWithByte = function(b, n) { b = String.fromCharCode(b); var d = this.data; while(n > 0) { if(n & 1) { d += b; } n >>>= 1; if(n > 0) { b += b; } } this.data = d; this._optimizeConstructedString(n); return this; }; /** * Puts bytes in this buffer. * * @param bytes the bytes (as a binary encoded string) to put. * * @return this buffer. */ util.ByteStringBuffer.prototype.putBytes = function(bytes) { this.data += bytes; this._optimizeConstructedString(bytes.length); return this; }; /** * Puts a UTF-16 encoded string into this buffer. * * @param str the string to put. * * @return this buffer. */ util.ByteStringBuffer.prototype.putString = function(str) { return this.putBytes(util.encodeUtf8(str)); }; /** * Puts a 16-bit integer in this buffer in big-endian order. * * @param i the 16-bit integer. * * @return this buffer. */ util.ByteStringBuffer.prototype.putInt16 = function(i) { return this.putBytes( String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i & 0xFF)); }; /** * Puts a 24-bit integer in this buffer in big-endian order. * * @param i the 24-bit integer. * * @return this buffer. */ util.ByteStringBuffer.prototype.putInt24 = function(i) { return this.putBytes( String.fromCharCode(i >> 16 & 0xFF) + String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i & 0xFF)); }; /** * Puts a 32-bit integer in this buffer in big-endian order. * * @param i the 32-bit integer. * * @return this buffer. */ util.ByteStringBuffer.prototype.putInt32 = function(i) { return this.putBytes( String.fromCharCode(i >> 24 & 0xFF) + String.fromCharCode(i >> 16 & 0xFF) + String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i & 0xFF)); }; /** * Puts a 16-bit integer in this buffer in little-endian order. * * @param i the 16-bit integer. * * @return this buffer. */ util.ByteStringBuffer.prototype.putInt16Le = function(i) { return this.putBytes( String.fromCharCode(i & 0xFF) + String.fromCharCode(i >> 8 & 0xFF)); }; /** * Puts a 24-bit integer in this buffer in little-endian order. * * @param i the 24-bit integer. * * @return this buffer. */ util.ByteStringBuffer.prototype.putInt24Le = function(i) { return this.putBytes( String.fromCharCode(i & 0xFF) + String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i >> 16 & 0xFF)); }; /** * Puts a 32-bit integer in this buffer in little-endian order. * * @param i the 32-bit integer. * * @return this buffer. */ util.ByteStringBuffer.prototype.putInt32Le = function(i) { return this.putBytes( String.fromCharCode(i & 0xFF) + String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i >> 16 & 0xFF) + String.fromCharCode(i >> 24 & 0xFF)); }; /** * Puts an n-bit integer in this buffer in big-endian order. * * @param i the n-bit integer. * @param n the number of bits in the integer (8, 16, 24, or 32). * * @return this buffer. */ util.ByteStringBuffer.prototype.putInt = function(i, n) { _checkBitsParam(n); var bytes = ''; do { n -= 8; bytes += String.fromCharCode((i >> n) & 0xFF); } while(n > 0); return this.putBytes(bytes); }; /** * Puts a signed n-bit integer in this buffer in big-endian order. Two's * complement representation is used. * * @param i the n-bit integer. * @param n the number of bits in the integer (8, 16, 24, or 32). * * @return this buffer. */ util.ByteStringBuffer.prototype.putSignedInt = function(i, n) { // putInt checks n if(i < 0) { i += 2 << (n - 1); } return this.putInt(i, n); }; /** * Puts the given buffer into this buffer. * * @param buffer the buffer to put into this one. * * @return this buffer. */ util.ByteStringBuffer.prototype.putBuffer = function(buffer) { return this.putBytes(buffer.getBytes()); }; /** * Gets a byte from this buffer and advances the read pointer by 1. * * @return the byte. */ util.ByteStringBuffer.prototype.getByte = function() { return this.data.charCodeAt(this.read++); }; /** * Gets a uint16 from this buffer in big-endian order and advances the read * pointer by 2. * * @return the uint16. */ util.ByteStringBuffer.prototype.getInt16 = function() { var rval = ( this.data.charCodeAt(this.read) << 8 ^ this.data.charCodeAt(this.read + 1)); this.read += 2; return rval; }; /** * Gets a uint24 from this buffer in big-endian order and advances the read * pointer by 3. * * @return the uint24. */ util.ByteStringBuffer.prototype.getInt24 = function() { var rval = ( this.data.charCodeAt(this.read) << 16 ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2)); this.read += 3; return rval; }; /** * Gets a uint32 from this buffer in big-endian order and advances the read * pointer by 4. * * @return the word. */ util.ByteStringBuffer.prototype.getInt32 = function() { var rval = ( this.data.charCodeAt(this.read) << 24 ^ this.data.charCodeAt(this.read + 1) << 16 ^ this.data.charCodeAt(this.read + 2) << 8 ^ this.data.charCodeAt(this.read + 3)); this.read += 4; return rval; }; /** * Gets a uint16 from this buffer in little-endian order and advances the read * pointer by 2. * * @return the uint16. */ util.ByteStringBuffer.prototype.getInt16Le = function() { var rval = ( this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8); this.read += 2; return rval; }; /** * Gets a uint24 from this buffer in little-endian order and advances the read * pointer by 3. * * @return the uint24. */ util.ByteStringBuffer.prototype.getInt24Le = function() { var rval = ( this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2) << 16); this.read += 3; return rval; }; /** * Gets a uint32 from this buffer in little-endian order and advances the read * pointer by 4. * * @return the word. */ util.ByteStringBuffer.prototype.getInt32Le = function() { var rval = ( this.data.charCodeAt(this.read) ^ this.data.charCodeAt(this.read + 1) << 8 ^ this.data.charCodeAt(this.read + 2) << 16 ^ this.data.charCodeAt(this.read + 3) << 24); this.read += 4; return rval; }; /** * Gets an n-bit integer from this buffer in big-endian order and advances the * read pointer by ceil(n/8). * * @param n the number of bits in the integer (8, 16, 24, or 32). * * @return the integer. */ util.ByteStringBuffer.prototype.getInt = function(n) { _checkBitsParam(n); var rval = 0; do { // TODO: Use (rval * 0x100) if adding support for 33 to 53 bits. rval = (rval << 8) + this.data.charCodeAt(this.read++); n -= 8; } while(n > 0); return rval; }; /** * Gets a signed n-bit integer from this buffer in big-endian order, using * two's complement, and advances the read pointer by n/8. * * @param n the number of bits in the integer (8, 16, 24, or 32). * * @return the integer. */ util.ByteStringBuffer.prototype.getSignedInt = function(n) { // getInt checks n var x = this.getInt(n); var max = 2 << (n - 2); if(x >= max) { x -= max << 1; } return x; }; /** * Reads bytes out as a binary encoded string and clears them from the * buffer. Note that the resulting string is binary encoded (in node.js this * encoding is referred to as `binary`, it is *not* `utf8`). * * @param count the number of bytes to read, undefined or null for all. * * @return a binary encoded string of bytes. */ util.ByteStringBuffer.prototype.getBytes = function(count) { var rval; if(count) { // read count bytes count = Math.min(this.length(), count); rval = this.data.slice(this.read, this.read + count); this.read += count; } else if(count === 0) { rval = ''; } else { // read all bytes, optimize to only copy when needed rval = (this.read === 0) ? this.data : this.data.slice(this.read); this.clear(); } return rval; }; /** * Gets a binary encoded string of the bytes from this buffer without * modifying the read pointer. * * @param count the number of bytes to get, omit to get all. * * @return a string full of binary encoded characters. */ util.ByteStringBuffer.prototype.bytes = function(count) { return (typeof(count) === 'undefined' ? this.data.slice(this.read) : this.data.slice(this.read, this.read + count)); }; /** * Gets a byte at the given index without modifying the read pointer. * * @param i the byte index. * * @return the byte. */ util.ByteStringBuffer.prototype.at = function(i) { return this.data.charCodeAt(this.read + i); }; /** * Puts a byte at the given index without modifying the read pointer. * * @param i the byte index. * @param b the byte to put. * * @return this buffer. */ util.ByteStringBuffer.prototype.setAt = function(i, b) { this.data = this.data.substr(0, this.read + i) + String.fromCharCode(b) + this.data.substr(this.read + i + 1); return this; }; /** * Gets the last byte without modifying the read pointer. * * @return the last byte. */ util.ByteStringBuffer.prototype.last = function() { return this.data.charCodeAt(this.data.length - 1); }; /** * Creates a copy of this buffer. * * @return the copy. */ util.ByteStringBuffer.prototype.copy = function() { var c = util.createBuffer(this.data); c.read = this.read; return c; }; /** * Compacts this buffer. * * @return this buffer. */ util.ByteStringBuffer.prototype.compact = function() { if(this.read > 0) { this.data = this.data.slice(this.read); this.read = 0; } return this; }; /** * Clears this buffer. * * @return this buffer. */ util.ByteStringBuffer.prototype.clear = function() { this.data = ''; this.read = 0; return this; }; /** * Shortens this buffer by triming bytes off of the end of this buffer. * * @param count the number of bytes to trim off. * * @return this buffer. */ util.ByteStringBuffer.prototype.truncate = function(count) { var len = Math.max(0, this.length() - count); this.data = this.data.substr(this.read, len); this.read = 0; return this; }; /** * Converts this buffer to a hexadecimal string. * * @return a hexadecimal string. */ util.ByteStringBuffer.prototype.toHex = function() { var rval = ''; for(var i = this.read; i < this.data.length; ++i) { var b = this.data.charCodeAt(i); if(b < 16) { rval += '0'; } rval += b.toString(16); } return rval; }; /** * Converts this buffer to a UTF-16 string (standard JavaScript string). * * @return a UTF-16 string. */ util.ByteStringBuffer.prototype.toString = function() { return util.decodeUtf8(this.bytes()); }; /** End Buffer w/BinaryString backing */ /** Buffer w/UInt8Array backing */ /** * FIXME: Experimental. Do not use yet. * * Constructor for an ArrayBuffer-backed byte buffer. * * The buffer may be constructed from a string, an ArrayBuffer, DataView, or a * TypedArray. * * If a string is given, its encoding should be provided as an option, * otherwise it will default to 'binary'. A 'binary' string is encoded such * that each character is one byte in length and size. * * If an ArrayBuffer, DataView, or TypedArray is given, it will be used * *directly* without any copying. Note that, if a write to the buffer requires * more space, the buffer will allocate a new backing ArrayBuffer to * accommodate. The starting read and write offsets for the buffer may be * given as options. * * @param [b] the initial bytes for this buffer. * @param options the options to use: * [readOffset] the starting read offset to use (default: 0). * [writeOffset] the starting write offset to use (default: the * length of the first parameter). * [growSize] the minimum amount, in bytes, to grow the buffer by to * accommodate writes (default: 1024). * [encoding] the encoding ('binary', 'utf8', 'utf16', 'hex') for the * first parameter, if it is a string (default: 'binary'). */ function DataBuffer(b, options) { // default options options = options || {}; // pointers for read from/write to buffer this.read = options.readOffset || 0; this.growSize = options.growSize || 1024; var isArrayBuffer = util.isArrayBuffer(b); var isArrayBufferView = util.isArrayBufferView(b); if(isArrayBuffer || isArrayBufferView) { // use ArrayBuffer directly if(isArrayBuffer) { this.data = new DataView(b); } else { // TODO: adjust read/write offset based on the type of view // or specify that this must be done in the options ... that the // offsets are byte-based this.data = new DataView(b.buffer, b.byteOffset, b.byteLength); } this.write = ('writeOffset' in options ? options.writeOffset : this.data.byteLength); return; } // initialize to empty array buffer and add any given bytes using putBytes this.data = new DataView(new ArrayBuffer(0)); this.write = 0; if(b !== null && b !== undefined) { this.putBytes(b); } if('writeOffset' in options) { this.write = options.writeOffset; } } util.DataBuffer = DataBuffer; /** * Gets the number of bytes in this buffer. * * @return the number of bytes in this buffer. */ util.DataBuffer.prototype.length = function() { return this.write - this.read; }; /** * Gets whether or not this buffer is empty. * * @return true if this buffer is empty, false if not. */ util.DataBuffer.prototype.isEmpty = function() { return this.length() <= 0; }; /** * Ensures this buffer has enough empty space to accommodate the given number * of bytes. An optional parameter may be given that indicates a minimum * amount to grow the buffer if necessary. If the parameter is not given, * the buffer will be grown by some previously-specified default amount * or heuristic. * * @param amount the number of bytes to accommodate. * @param [growSize] the minimum amount, in bytes, to grow the buffer by if * necessary. */ util.DataBuffer.prototype.accommodate = function(amount, growSize) { if(this.length() >= amount) { return this; } growSize = Math.max(growSize || this.growSize, amount); // grow buffer var src = new Uint8Array( this.data.buffer, this.data.byteOffset, this.data.byteLength); var dst = new Uint8Array(this.length() + growSize); dst.set(src); this.data = new DataView(dst.buffer); return this; }; /** * Puts a byte in this buffer. * * @param b the byte to put. * * @return this buffer. */ util.DataBuffer.prototype.putByte = function(b) { this.accommodate(1); this.data.setUint8(this.write++, b); return this; }; /** * Puts a byte in this buffer N times. * * @param b the byte to put. * @param n the number of bytes of value b to put. * * @return this buffer. */ util.DataBuffer.prototype.fillWithByte = function(b, n) { this.accommodate(n); for(var i = 0; i < n; ++i) { this.data.setUint8(b); } return this; }; /** * Puts bytes in this buffer. The bytes may be given as a string, an * ArrayBuffer, a DataView, or a TypedArray. * * @param bytes the bytes to put. * @param [encoding] the encoding for the first parameter ('binary', 'utf8', * 'utf16', 'hex'), if it is a string (default: 'binary'). * * @return this buffer. */ util.DataBuffer.prototype.putBytes = function(bytes, encoding) { if(util.isArrayBufferView(bytes)) { var src = new Uint8Array(bytes.buffer, bytes.byteOffset, bytes.byteLength); var len = src.byteLength - src.byteOffset; this.accommodate(len); var dst = new Uint8Array(this.data.buffer, this.write); dst.set(src); this.write += len; return this; } if(util.isArrayBuffer(bytes)) { var src = new Uint8Array(bytes); this.accommodate(src.byteLength); var dst = new Uint8Array(this.data.buffer); dst.set(src, this.write); this.write += src.byteLength; return this; } // bytes is a util.DataBuffer or equivalent if(bytes instanceof util.DataBuffer || (typeof bytes === 'object' && typeof bytes.read === 'number' && typeof bytes.write === 'number' && util.isArrayBufferView(bytes.data))) { var src = new Uint8Array(bytes.data.byteLength, bytes.read, bytes.length()); this.accommodate(src.byteLength); var dst = new Uint8Array(bytes.data.byteLength, this.write); dst.set(src); this.write += src.byteLength; return this; } if(bytes instanceof util.ByteStringBuffer) { // copy binary string and process as the same as a string parameter below bytes = bytes.data; encoding = 'binary'; } // string conversion encoding = encoding || 'binary'; if(typeof bytes === 'string') { var view; // decode from string if(encoding === 'hex') { this.accommodate(Math.ceil(bytes.length / 2)); view = new Uint8Array(this.data.buffer, this.write); this.write += util.binary.hex.decode(bytes, view, this.write); return this; } if(encoding === 'base64') { this.accommodate(Math.ceil(bytes.length / 4) * 3); view = new Uint8Array(this.data.buffer, this.write); this.write += util.binary.base64.decode(bytes, view, this.write); return this; } // encode text as UTF-8 bytes if(encoding === 'utf8') { // encode as UTF-8 then decode string as raw binary bytes = util.encodeUtf8(bytes); encoding = 'binary'; } // decode string as raw binary if(encoding === 'binary' || encoding === 'raw') { // one byte per character this.accommodate(bytes.length); view = new Uint8Array(this.data.buffer, this.write); this.write += util.binary.raw.decode(view); return this; } // encode text as UTF-16 bytes if(encoding === 'utf16') { // two bytes per character this.accommodate(bytes.length * 2); view = new Uint16Array(this.data.buffer, this.write); this.write += util.text.utf16.encode(view); return this; } throw new Error('Invalid encoding: ' + encoding); } throw Error('Invalid parameter: ' + bytes); }; /** * Puts the given buffer into this buffer. * * @param buffer the buffer to put into this one. * * @return this buffer. */ util.DataBuffer.prototype.putBuffer = function(buffer) { this.putBytes(buffer); buffer.clear(); return this; }; /** * Puts a string into this buffer. * * @param str the string to put. * @param [encoding] the encoding for the string (default: 'utf16'). * * @return this buffer. */ util.DataBuffer.prototype.putString = function(str) { return this.putBytes(str, 'utf16'); }; /** * Puts a 16-bit integer in this buffer in big-endian order. * * @param i the 16-bit integer. * * @return this buffer. */ util.DataBuffer.prototype.putInt16 = function(i) { this.accommodate(2); this.data.setInt16(this.write, i); this.write += 2; return this; }; /** * Puts a 24-bit integer in this buffer in big-endian order. * * @param i the 24-bit integer. * * @return this buffer. */ util.DataBuffer.prototype.putInt24 = function(i) { this.accommodate(3); this.data.setInt16(this.write, i >> 8 & 0xFFFF); this.data.setInt8(this.write, i >> 16 & 0xFF); this.write += 3; return this; }; /** * Puts a 32-bit integer in this buffer in big-endian order. * * @param i the 32-bit integer. * * @return this buffer. */ util.DataBuffer.prototype.putInt32 = function(i) { this.accommodate(4); this.data.setInt32(this.write, i); this.write += 4; return this; }; /** * Puts a 16-bit integer in this buffer in little-endian order. * * @param i the 16-bit integer. * * @return this buffer. */ util.DataBuffer.prototype.putInt16Le = function(i) { this.accommodate(2); this.data.setInt16(this.write, i, true); this.write += 2; return this; }; /** * Puts a 24-bit integer in this buffer in little-endian order. * * @param i the 24-bit integer. * * @return this buffer. */ util.DataBuffer.prototype.putInt24Le = function(i) { this.accommodate(3); this.data.setInt8(this.write, i >> 16 & 0xFF); this.data.setInt16(this.write, i >> 8 & 0xFFFF, true); this.write += 3; return this; }; /** * Puts a 32-bit integer in this buffer in little-endian order. * * @param i the 32-bit integer. * * @return this buffer. */ util.DataBuffer.prototype.putInt32Le = function(i) { this.accommodate(4); this.data.setInt32(this.write, i, true); this.write += 4; return this; }; /** * Puts an n-bit integer in this buffer in big-endian order. * * @param i the n-bit integer. * @param n the number of bits in the integer (8, 16, 24, or 32). * * @return this buffer. */ util.DataBuffer.prototype.putInt = function(i, n) { _checkBitsParam(n); this.accommodate(n / 8); do { n -= 8; this.data.setInt8(this.write++, (i >> n) & 0xFF); } while(n > 0); return this; }; /** * Puts a signed n-bit integer in this buffer in big-endian order. Two's * complement representation is used. * * @param i the n-bit integer. * @param n the number of bits in the integer. * * @return this buffer. */ util.DataBuffer.prototype.putSignedInt = function(i, n) { _checkBitsParam(n); this.accommodate(n / 8); if(i < 0) { i += 2 << (n - 1); } return this.putInt(i, n); }; /** * Gets a byte from this buffer and advances the read pointer by 1. * * @return the byte. */ util.DataBuffer.prototype.getByte = function() { return this.data.getInt8(this.read++); }; /** * Gets a uint16 from this buffer in big-endian order and advances the read * pointer by 2. * * @return the uint16. */ util.DataBuffer.prototype.getInt16 = function() { var rval = this.data.getInt16(this.read); this.read += 2; return rval; }; /** * Gets a uint24 from this buffer in big-endian order and advances the read * pointer by 3. * * @return the uint24. */ util.DataBuffer.prototype.getInt24 = function() { var rval = ( this.data.getInt16(this.read) << 8 ^ this.data.getInt8(this.read + 2)); this.read += 3; return rval; }; /** * Gets a uint32 from this buffer in big-endian order and advances the read * pointer by 4. * * @return the word. */ util.DataBuffer.prototype.getInt32 = function() { var rval = this.data.getInt32(this.read); this.read += 4; return rval; }; /** * Gets a uint16 from this buffer in little-endian order and advances the read * pointer by 2. * * @return the uint16. */ util.DataBuffer.prototype.getInt16Le = function() { var rval = this.data.getInt16(this.read, true); this.read += 2; return rval; }; /** * Gets a uint24 from this buffer in little-endian order and advances the read * pointer by 3. * * @return the uint24. */ util.DataBuffer.prototype.getInt24Le = function() { var rval = ( this.data.getInt8(this.read) ^ this.data.getInt16(this.read + 1, true) << 8); this.read += 3; return rval; }; /** * Gets a uint32 from this buffer in little-endian order and advances the read * pointer by 4. * * @return the word. */ util.DataBuffer.prototype.getInt32Le = function() { var rval = this.data.getInt32(this.read, true); this.read += 4; return rval; }; /** * Gets an n-bit integer from this buffer in big-endian order and advances the * read pointer by n/8. * * @param n the number of bits in the integer (8, 16, 24, or 32). * * @return the integer. */ util.DataBuffer.prototype.getInt = function(n) { _checkBitsParam(n); var rval = 0; do { // TODO: Use (rval * 0x100) if adding support for 33 to 53 bits. rval = (rval << 8) + this.data.getInt8(this.read++); n -= 8; } while(n > 0); return rval; }; /** * Gets a signed n-bit integer from this buffer in big-endian order, using * two's complement, and advances the read pointer by n/8. * * @param n the number of bits in the integer (8, 16, 24, or 32). * * @return the integer. */ util.DataBuffer.prototype.getSignedInt = function(n) { // getInt checks n var x = this.getInt(n); var max = 2 << (n - 2); if(x >= max) { x -= max << 1; } return x; }; /** * Reads bytes out as a binary encoded string and clears them from the * buffer. * * @param count the number of bytes to read, undefined or null for all. * * @return a binary encoded string of bytes. */ util.DataBuffer.prototype.getBytes = function(count) { // TODO: deprecate this method, it is poorly named and // this.toString('binary') replaces it // add a toTypedArray()/toArrayBuffer() function var rval; if(count) { // read count bytes count = Math.min(this.length(), count); rval = this.data.slice(this.read, this.read + count); this.read += count; } else if(count === 0) { rval = ''; } else { // read all bytes, optimize to only copy when needed rval = (this.read === 0) ? this.data : this.data.slice(this.read); this.clear(); } return rval; }; /** * Gets a binary encoded string of the bytes from this buffer without * modifying the read pointer. * * @param count the number of bytes to get, omit to get all. * * @return a string full of binary encoded characters. */ util.DataBuffer.prototype.bytes = function(count) { // TODO: deprecate this method, it is poorly named, add "getString()" return (typeof(count) === 'undefined' ? this.data.slice(this.read) : this.data.slice(this.read, this.read + count)); }; /** * Gets a byte at the given index without modifying the read pointer. * * @param i the byte index. * * @return the byte. */ util.DataBuffer.prototype.at = function(i) { return this.data.getUint8(this.read + i); }; /** * Puts a byte at the given index without modifying the read pointer. * * @param i the byte index. * @param b the byte to put. * * @return this buffer. */ util.DataBuffer.prototype.setAt = function(i, b) { this.data.setUint8(i, b); return this; }; /** * Gets the last byte without modifying the read pointer. * * @return the last byte. */ util.DataBuffer.prototype.last = function() { return this.data.getUint8(this.write - 1); }; /** * Creates a copy of this buffer. * * @return the copy. */ util.DataBuffer.prototype.copy = function() { return new util.DataBuffer(this); }; /** * Compacts this buffer. * * @return this buffer. */ util.DataBuffer.prototype.compact = function() { if(this.read > 0) { var src = new Uint8Array(this.data.buffer, this.read); var dst = new Uint8Array(src.byteLength); dst.set(src); this.data = new DataView(dst); this.write -= this.read; this.read = 0; } return this; }; /** * Clears this buffer. * * @return this buffer. */ util.DataBuffer.prototype.clear = function() { this.data = new DataView(new ArrayBuffer(0)); this.read = this.write = 0; return this; }; /** * Shortens this buffer by triming bytes off of the end of this buffer. * * @param count the number of bytes to trim off. * * @return this buffer. */ util.DataBuffer.prototype.truncate = function(count) { this.write = Math.max(0, this.length() - count); this.read = Math.min(this.read, this.write); return this; }; /** * Converts this buffer to a hexadecimal string. * * @return a hexadecimal string. */ util.DataBuffer.prototype.toHex = function() { var rval = ''; for(var i = this.read; i < this.data.byteLength; ++i) { var b = this.data.getUint8(i); if(b < 16) { rval += '0'; } rval += b.toString(16); } return rval; }; /** * Converts this buffer to a string, using the given encoding. If no * encoding is given, 'utf8' (UTF-8) is used. * * @param [encoding] the encoding to use: 'binary', 'utf8', 'utf16', 'hex', * 'base64' (default: 'utf8'). * * @return a string representation of the bytes in this buffer. */ util.DataBuffer.prototype.toString = function(encoding) { var view = new Uint8Array(this.data, this.read, this.length()); encoding = encoding || 'utf8'; // encode to string if(encoding === 'binary' || encoding === 'raw') { return util.binary.raw.encode(view); } if(encoding === 'hex') { return util.binary.hex.encode(view); } if(encoding === 'base64') { return util.binary.base64.encode(view); } // decode to text if(encoding === 'utf8') { return util.text.utf8.decode(view); } if(encoding === 'utf16') { return util.text.utf16.decode(view); } throw new Error('Invalid encoding: ' + encoding); }; /** End Buffer w/UInt8Array backing */ /** * Creates a buffer that stores bytes. A value may be given to populate the * buffer with data. This value can either be string of encoded bytes or a * regular string of characters. When passing a string of binary encoded * bytes, the encoding `raw` should be given. This is also the default. When * passing a string of characters, the encoding `utf8` should be given. * * @param [input] a string with encoded bytes to store in the buffer. * @param [encoding] (default: 'raw', other: 'utf8'). */ util.createBuffer = function(input, encoding) { // TODO: deprecate, use new ByteBuffer() instead encoding = encoding || 'raw'; if(input !== undefined && encoding === 'utf8') { input = util.encodeUtf8(input); } return new util.ByteBuffer(input); }; /** * Fills a string with a particular value. If you want the string to be a byte * string, pass in String.fromCharCode(theByte). * * @param c the character to fill the string with, use String.fromCharCode * to fill the string with a byte value. * @param n the number of characters of value c to fill with. * * @return the filled string. */ util.fillString = function(c, n) { var s = ''; while(n > 0) { if(n & 1) { s += c; } n >>>= 1; if(n > 0) { c += c; } } return s; }; /** * Performs a per byte XOR between two byte strings and returns the result as a * string of bytes. * * @param s1 first string of bytes. * @param s2 second string of bytes. * @param n the number of bytes to XOR. * * @return the XOR'd result. */ util.xorBytes = function(s1, s2, n) { var s3 = ''; var b = ''; var t = ''; var i = 0; var c = 0; for(; n > 0; --n, ++i) { b = s1.charCodeAt(i) ^ s2.charCodeAt(i); if(c >= 10) { s3 += t; t = ''; c = 0; } t += String.fromCharCode(b); ++c; } s3 += t; return s3; }; /** * Converts a hex string into a 'binary' encoded string of bytes. * * @param hex the hexadecimal string to convert. * * @return the binary-encoded string of bytes. */ util.hexToBytes = function(hex) { // TODO: deprecate: "Deprecated. Use util.binary.hex.decode instead." var rval = ''; var i = 0; if(hex.length & 1 == 1) { // odd number of characters, convert first character alone i = 1; rval += String.fromCharCode(parseInt(hex[0], 16)); } // convert 2 characters (1 byte) at a time for(; i < hex.length; i += 2) { rval += String.fromCharCode(parseInt(hex.substr(i, 2), 16)); } return rval; }; /** * Converts a 'binary' encoded string of bytes to hex. * * @param bytes the byte string to convert. * * @return the string of hexadecimal characters. */ util.bytesToHex = function(bytes) { // TODO: deprecate: "Deprecated. Use util.binary.hex.encode instead." return util.createBuffer(bytes).toHex(); }; /** * Converts an 32-bit integer to 4-big-endian byte string. * * @param i the integer. * * @return the byte string. */ util.int32ToBytes = function(i) { return ( String.fromCharCode(i >> 24 & 0xFF) + String.fromCharCode(i >> 16 & 0xFF) + String.fromCharCode(i >> 8 & 0xFF) + String.fromCharCode(i & 0xFF)); }; // base64 characters, reverse mapping var _base64 = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='; var _base64Idx = [ /*43 -43 = 0*/ /*'+', 1, 2, 3,'/' */ 62, -1, -1, -1, 63, /*'0','1','2','3','4','5','6','7','8','9' */ 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, /*15, 16, 17,'=', 19, 20, 21 */ -1, -1, -1, 64, -1, -1, -1, /*65 - 43 = 22*/ /*'A','B','C','D','E','F','G','H','I','J','K','L','M', */ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, /*'N','O','P','Q','R','S','T','U','V','W','X','Y','Z' */ 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, /*91 - 43 = 48 */ /*48, 49, 50, 51, 52, 53 */ -1, -1, -1, -1, -1, -1, /*97 - 43 = 54*/ /*'a','b','c','d','e','f','g','h','i','j','k','l','m' */ 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, /*'n','o','p','q','r','s','t','u','v','w','x','y','z' */ 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51 ]; // base58 characters (Bitcoin alphabet) var _base58 = '123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz'; /** * Base64 encodes a 'binary' encoded string of bytes. * * @param input the binary encoded string of bytes to base64-encode. * @param maxline the maximum number of encoded characters per line to use, * defaults to none. * * @return the base64-encoded output. */ util.encode64 = function(input, maxline) { // TODO: deprecate: "Deprecated. Use util.binary.base64.encode instead." var line = ''; var output = ''; var chr1, chr2, chr3; var i = 0; while(i < input.length) { chr1 = input.charCodeAt(i++); chr2 = input.charCodeAt(i++); chr3 = input.charCodeAt(i++); // encode 4 character group line += _base64.charAt(chr1 >> 2); line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4)); if(isNaN(chr2)) { line += '=='; } else { line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6)); line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63); } if(maxline && line.length > maxline) { output += line.substr(0, maxline) + '\r\n'; line = line.substr(maxline); } } output += line; return output; }; /** * Base64 decodes a string into a 'binary' encoded string of bytes. * * @param input the base64-encoded input. * * @return the binary encoded string. */ util.decode64 = function(input) { // TODO: deprecate: "Deprecated. Use util.binary.base64.decode instead." // remove all non-base64 characters input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); var output = ''; var enc1, enc2, enc3, enc4; var i = 0; while(i < input.length) { enc1 = _base64Idx[input.charCodeAt(i++) - 43]; enc2 = _base64Idx[input.charCodeAt(i++) - 43]; enc3 = _base64Idx[input.charCodeAt(i++) - 43]; enc4 = _base64Idx[input.charCodeAt(i++) - 43]; output += String.fromCharCode((enc1 << 2) | (enc2 >> 4)); if(enc3 !== 64) { // decoded at least 2 bytes output += String.fromCharCode(((enc2 & 15) << 4) | (enc3 >> 2)); if(enc4 !== 64) { // decoded 3 bytes output += String.fromCharCode(((enc3 & 3) << 6) | enc4); } } } return output; }; /** * Encodes the given string of characters (a standard JavaScript * string) as a binary encoded string where the bytes represent * a UTF-8 encoded string of characters. Non-ASCII characters will be * encoded as multiple bytes according to UTF-8. * * @param str a standard string of characters to encode. * * @return the binary encoded string. */ util.encodeUtf8 = function(str) { return unescape(encodeURIComponent(str)); }; /** * Decodes a binary encoded string that contains bytes that * represent a UTF-8 encoded string of characters -- into a * string of characters (a standard JavaScript string). * * @param str the binary encoded string to decode. * * @return the resulting standard string of characters. */ util.decodeUtf8 = function(str) { return decodeURIComponent(escape(str)); }; // binary encoding/decoding tools // FIXME: Experimental. Do not use yet. util.binary = { raw: {}, hex: {}, base64: {}, base58: {}, baseN : { encode: baseN.encode, decode: baseN.decode } }; /** * Encodes a Uint8Array as a binary-encoded string. This encoding uses * a value between 0 and 255 for each character. * * @param bytes the Uint8Array to encode. * * @return the binary-encoded string. */ util.binary.raw.encode = function(bytes) { return String.fromCharCode.apply(null, bytes); }; /** * Decodes a binary-encoded string to a Uint8Array. This encoding uses * a value between 0 and 255 for each character. * * @param str the binary-encoded string to decode. * @param [output] an optional Uint8Array to write the output to; if it * is too small, an exception will be thrown. * @param [offset] the start offset for writing to the output (default: 0). * * @return the Uint8Array or the number of bytes written if output was given. */ util.binary.raw.decode = function(str, output, offset) { var out = output; if(!out) { out = new Uint8Array(str.length); } offset = offset || 0; var j = offset; for(var i = 0; i < str.length; ++i) { out[j++] = str.charCodeAt(i); } return output ? (j - offset) : out; }; /** * Encodes a 'binary' string, ArrayBuffer, DataView, TypedArray, or * ByteBuffer as a string of hexadecimal characters. * * @param bytes the bytes to convert. * * @return the string of hexadecimal characters. */ util.binary.hex.encode = util.bytesToHex; /** * Decodes a hex-encoded string to a Uint8Array. * * @param hex the hexadecimal string to convert. * @param [output] an optional Uint8Array to write the output to; if it * is too small, an exception will be thrown. * @param [offset] the start offset for writing to the output (default: 0). * * @return the Uint8Array or the number of bytes written if output was given. */ util.binary.hex.decode = function(hex, output, offset) { var out = output; if(!out) { out = new Uint8Array(Math.ceil(hex.length / 2)); } offset = offset || 0; var i = 0, j = offset; if(hex.length & 1) { // odd number of characters, convert first character alone i = 1; out[j++] = parseInt(hex[0], 16); } // convert 2 characters (1 byte) at a time for(; i < hex.length; i += 2) { out[j++] = parseInt(hex.substr(i, 2), 16); } return output ? (j - offset) : out; }; /** * Base64-encodes a Uint8Array. * * @param input the Uint8Array to encode. * @param maxline the maximum number of encoded characters per line to use, * defaults to none. * * @return the base64-encoded output string. */ util.binary.base64.encode = function(input, maxline) { var line = ''; var output = ''; var chr1, chr2, chr3; var i = 0; while(i < input.byteLength) { chr1 = input[i++]; chr2 = input[i++]; chr3 = input[i++]; // encode 4 character group line += _base64.charAt(chr1 >> 2); line += _base64.charAt(((chr1 & 3) << 4) | (chr2 >> 4)); if(isNaN(chr2)) { line += '=='; } else { line += _base64.charAt(((chr2 & 15) << 2) | (chr3 >> 6)); line += isNaN(chr3) ? '=' : _base64.charAt(chr3 & 63); } if(maxline && line.length > maxline) { output += line.substr(0, maxline) + '\r\n'; line = line.substr(maxline); } } output += line; return output; }; /** * Decodes a base64-encoded string to a Uint8Array. * * @param input the base64-encoded input string. * @param [output] an optional Uint8Array to write the output to; if it * is too small, an exception will be thrown. * @param [offset] the start offset for writing to the output (default: 0). * * @return the Uint8Array or the number of bytes written if output was given. */ util.binary.base64.decode = function(input, output, offset) { var out = output; if(!out) { out = new Uint8Array(Math.ceil(input.length / 4) * 3); } // remove all non-base64 characters input = input.replace(/[^A-Za-z0-9\+\/\=]/g, ''); offset = offset || 0; var enc1, enc2, enc3, enc4; var i = 0, j = offset; while(i < input.length) { enc1 = _base64Idx[input.charCodeAt(i++) - 43]; enc2 = _base64Idx[input.charCodeAt(i++) - 43]; enc3 = _base64Idx[input.charCodeAt(i++) - 43]; enc4 = _base64Idx[input.charCodeAt(i++) - 43]; out[j++] = (enc1 << 2) | (enc2 >> 4); if(enc3 !== 64) { // decoded at least 2 bytes out[j++] = ((enc2 & 15) << 4) | (enc3 >> 2); if(enc4 !== 64) { // decoded 3 bytes out[j++] = ((enc3 & 3) << 6) | enc4; } } } // make sure result is the exact decoded length return output ? (j - offset) : out.subarray(0, j); }; // add support for base58 encoding/decoding with Bitcoin alphabet util.binary.base58.encode = function(input, maxline) { return util.binary.baseN.encode(input, _base58, maxline); }; util.binary.base58.decode = function(input, maxline) { return util.binary.baseN.decode(input, _base58, maxline); }; // text encoding/decoding tools // FIXME: Experimental. Do not use yet. util.text = { utf8: {}, utf16: {} }; /** * Encodes the given string as UTF-8 in a Uint8Array. * * @param str the string to encode. * @param [output] an optional Uint8Array to write the output to; if it * is too small, an exception will be thrown. * @param [offset] the start offset for writing to the output (default: 0). * * @return the Uint8Array or the number of bytes written if output was given. */ util.text.utf8.encode = function(str, output, offset) { str = util.encodeUtf8(str); var out = output; if(!out) { out = new Uint8Array(str.length); } offset = offset || 0; var j = offset; for(var i = 0; i < str.length; ++i) { out[j++] = str.charCodeAt(i); } return output ? (j - offset) : out; }; /** * Decodes the UTF-8 contents from a Uint8Array. * * @param bytes the Uint8Array to decode. * * @return the resulting string. */ util.text.utf8.decode = function(bytes) { return util.decodeUtf8(String.fromCharCode.apply(null, bytes)); }; /** * Encodes the given string as UTF-16 in a Uint8Array. * * @param str the string to encode. * @param [output] an optional Uint8Array to write the output to; if it * is too small, an exception will be thrown. * @param [offset] the start offset for writing to the output (default: 0). * * @return the Uint8Array or the number of bytes written if output was given. */ util.text.utf16.encode = function(str, output, offset) { var out = output; if(!out) { out = new Uint8Array(str.length * 2); } var view = new Uint16Array(out.buffer); offset = offset || 0; var j = offset; var k = offset; for(var i = 0; i < str.length; ++i) { view[k++] = str.charCodeAt(i); j += 2; } return output ? (j - offset) : out; }; /** * Decodes the UTF-16 contents from a Uint8Array. * * @param bytes the Uint8Array to decode. * * @return the resulting string. */ util.text.utf16.decode = function(bytes) { return String.fromCharCode.apply(null, new Uint16Array(bytes.buffer)); }; /** * Deflates the given data using a flash interface. * * @param api the flash interface. * @param bytes the data. * @param raw true to return only raw deflate data, false to include zlib * header and trailer. * * @return the deflated data as a string. */ util.deflate = function(api, bytes, raw) { bytes = util.decode64(api.deflate(util.encode64(bytes)).rval); // strip zlib header and trailer if necessary if(raw) { // zlib header is 2 bytes (CMF,FLG) where FLG indicates that // there is a 4-byte DICT (alder-32) block before the data if // its 5th bit is set var start = 2; var flg = bytes.charCodeAt(1); if(flg & 0x20) { start = 6; } // zlib trailer is 4 bytes of adler-32 bytes = bytes.substring(start, bytes.length - 4); } return bytes; }; /** * Inflates the given data using a flash interface. * * @param api the flash interface. * @param bytes the data. * @param raw true if the incoming data has no zlib header or trailer and is * raw DEFLATE data. * * @return the inflated data as a string, null on error. */ util.inflate = function(api, bytes, raw) { // TODO: add zlib header and trailer if necessary/possible var rval = api.inflate(util.encode64(bytes)).rval; return (rval === null) ? null : util.decode64(rval); }; /** * Sets a storage object. * * @param api the storage interface. * @param id the storage ID to use. * @param obj the storage object, null to remove. */ var _setStorageObject = function(api, id, obj) { if(!api) { throw new Error('WebStorage not available.'); } var rval; if(obj === null) { rval = api.removeItem(id); } else { // json-encode and base64-encode object obj = util.encode64(JSON.stringify(obj)); rval = api.setItem(id, obj); } // handle potential flash error if(typeof(rval) !== 'undefined' && rval.rval !== true) { var error = new Error(rval.error.message); error.id = rval.error.id; error.name = rval.error.name; throw error; } }; /** * Gets a storage object. * * @param api the storage interface. * @param id the storage ID to use. * * @return the storage object entry or null if none exists. */ var _getStorageObject = function(api, id) { if(!api) { throw new Error('WebStorage not available.'); } // get the existing entry var rval = api.getItem(id); /* Note: We check api.init because we can't do (api == localStorage) on IE because of "Class doesn't support Automation" exception. Only the flash api has an init method so this works too, but we need a better solution in the future. */ // flash returns item wrapped in an object, handle special case if(api.init) { if(rval.rval === null) { if(rval.error) { var error = new Error(rval.error.message); error.id = rval.error.id; error.name = rval.error.name; throw error; } // no error, but also no item rval = null; } else { rval = rval.rval; } } // handle decoding if(rval !== null) { // base64-decode and json-decode data rval = JSON.parse(util.decode64(rval)); } return rval; }; /** * Stores an item in local storage. * * @param api the storage interface. * @param id the storage ID to use. * @param key the key for the item. * @param data the data for the item (any javascript object/primitive). */ var _setItem = function(api, id, key, data) { // get storage object var obj = _getStorageObject(api, id); if(obj === null) { // create a new storage object obj = {}; } // update key obj[key] = data; // set storage object _setStorageObject(api, id, obj); }; /** * Gets an item from local storage. * * @param api the storage interface. * @param id the storage ID to use. * @param key the key for the item. * * @return the item. */ var _getItem = function(api, id, key) { // get storage object var rval = _getStorageObject(api, id); if(rval !== null) { // return data at key rval = (key in rval) ? rval[key] : null; } return rval; }; /** * Removes an item from local storage. * * @param api the storage interface. * @param id the storage ID to use. * @param key the key for the item. */ var _removeItem = function(api, id, key) { // get storage object var obj = _getStorageObject(api, id); if(obj !== null && key in obj) { // remove key delete obj[key]; // see if entry has no keys remaining var empty = true; for(var prop in obj) { empty = false; break; } if(empty) { // remove entry entirely if no keys are left obj = null; } // set storage object _setStorageObject(api, id, obj); } }; /** * Clears the local disk storage identified by the given ID. * * @param api the storage interface. * @param id the storage ID to use. */ var _clearItems = function(api, id) { _setStorageObject(api, id, null); }; /** * Calls a storage function. * * @param func the function to call. * @param args the arguments for the function. * @param location the location argument. * * @return the return value from the function. */ var _callStorageFunction = function(func, args, location) { var rval = null; // default storage types if(typeof(location) === 'undefined') { location = ['web', 'flash']; } // apply storage types in order of preference var type; var done = false; var exception = null; for(var idx in location) { type = location[idx]; try { if(type === 'flash' || type === 'both') { if(args[0] === null) { throw new Error('Flash local storage not available.'); } rval = func.apply(this, args); done = (type === 'flash'); } if(type === 'web' || type === 'both') { args[0] = localStorage; rval = func.apply(this, args); done = true; } } catch(ex) { exception = ex; } if(done) { break; } } if(!done) { throw exception; } return rval; }; /** * Stores an item on local disk. * * The available types of local storage include 'flash', 'web', and 'both'. * * The type 'flash' refers to flash local storage (SharedObject). In order * to use flash local storage, the 'api' parameter must be valid. The type * 'web' refers to WebStorage, if supported by the browser. The type 'both' * refers to storing using both 'flash' and 'web', not just one or the * other. * * The location array should list the storage types to use in order of * preference: * * ['flash']: flash only storage * ['web']: web only storage * ['both']: try to store in both * ['flash','web']: store in flash first, but if not available, 'web' * ['web','flash']: store in web first, but if not available, 'flash' * * The location array defaults to: ['web', 'flash'] * * @param api the flash interface, null to use only WebStorage. * @param id the storage ID to use. * @param key the key for the item. * @param data the data for the item (any javascript object/primitive). * @param location an array with the preferred types of storage to use. */ util.setItem = function(api, id, key, data, location) { _callStorageFunction(_setItem, arguments, location); }; /** * Gets an item on local disk. * * Set setItem() for details on storage types. * * @param api the flash interface, null to use only WebStorage. * @param id the storage ID to use. * @param key the key for the item. * @param location an array with the preferred types of storage to use. * * @return the item. */ util.getItem = function(api, id, key, location) { return _callStorageFunction(_getItem, arguments, location); }; /** * Removes an item on local disk. * * Set setItem() for details on storage types. * * @param api the flash interface. * @param id the storage ID to use. * @param key the key for the item. * @param location an array with the preferred types of storage to use. */ util.removeItem = function(api, id, key, location) { _callStorageFunction(_removeItem, arguments, location); }; /** * Clears the local disk storage identified by the given ID. * * Set setItem() for details on storage types. * * @param api the flash interface if flash is available. * @param id the storage ID to use. * @param location an array with the preferred types of storage to use. */ util.clearItems = function(api, id, location) { _callStorageFunction(_clearItems, arguments, location); }; /** * Check if an object is empty. * * Taken from: * http://stackoverflow.com/questions/679915/how-do-i-test-for-an-empty-javascript-object-from-json/679937#679937 * * @param object the object to check. */ util.isEmpty = function(obj) { for(var prop in obj) { if(obj.hasOwnProperty(prop)) { return false; } } return true; }; /** * Format with simple printf-style interpolation. * * %%: literal '%' * %s,%o: convert next argument into a string. * * @param format the string to format. * @param ... arguments to interpolate into the format string. */ util.format = function(format) { var re = /%./g; // current match var match; // current part var part; // current arg index var argi = 0; // collected parts to recombine later var parts = []; // last index found var last = 0; // loop while matches remain while((match = re.exec(format))) { part = format.substring(last, re.lastIndex - 2); // don't add empty strings (ie, parts between %s%s) if(part.length > 0) { parts.push(part); } last = re.lastIndex; // switch on % code var code = match[0][1]; switch(code) { case 's': case 'o': // check if enough arguments were given if(argi < arguments.length) { parts.push(arguments[argi++ + 1]); } else { parts.push(''); } break; // FIXME: do proper formating for numbers, etc //case 'f': //case 'd': case '%': parts.push('%'); break; default: parts.push('<%' + code + '?>'); } } // add trailing part of format string parts.push(format.substring(last)); return parts.join(''); }; /** * Formats a number. * * http://snipplr.com/view/5945/javascript-numberformat--ported-from-php/ */ util.formatNumber = function(number, decimals, dec_point, thousands_sep) { // http://kevin.vanzonneveld.net // + original by: Jonas Raoni Soares Silva (http://www.jsfromhell.com) // + improved by: Kevin van Zonneveld (http://kevin.vanzonneveld.net) // + bugfix by: Michael White (http://crestidg.com) // + bugfix by: Benjamin Lupton // + bugfix by: Allan Jensen (http://www.winternet.no) // + revised by: Jonas Raoni Soares Silva (http://www.jsfromhell.com) // * example 1: number_format(1234.5678, 2, '.', ''); // * returns 1: 1234.57 var n = number, c = isNaN(decimals = Math.abs(decimals)) ? 2 : decimals; var d = dec_point === undefined ? ',' : dec_point; var t = thousands_sep === undefined ? '.' : thousands_sep, s = n < 0 ? '-' : ''; var i = parseInt((n = Math.abs(+n || 0).toFixed(c)), 10) + ''; var j = (i.length > 3) ? i.length % 3 : 0; return s + (j ? i.substr(0, j) + t : '') + i.substr(j).replace(/(\d{3})(?=\d)/g, '$1' + t) + (c ? d + Math.abs(n - i).toFixed(c).slice(2) : ''); }; /** * Formats a byte size. * * http://snipplr.com/view/5949/format-humanize-file-byte-size-presentation-in-javascript/ */ util.formatSize = function(size) { if(size >= 1073741824) { size = util.formatNumber(size / 1073741824, 2, '.', '') + ' GiB'; } else if(size >= 1048576) { size = util.formatNumber(size / 1048576, 2, '.', '') + ' MiB'; } else if(size >= 1024) { size = util.formatNumber(size / 1024, 0) + ' KiB'; } else { size = util.formatNumber(size, 0) + ' bytes'; } return size; }; /** * Converts an IPv4 or IPv6 string representation into bytes (in network order). * * @param ip the IPv4 or IPv6 address to convert. * * @return the 4-byte IPv6 or 16-byte IPv6 address or null if the address can't * be parsed. */ util.bytesFromIP = function(ip) { if(ip.indexOf('.') !== -1) { return util.bytesFromIPv4(ip); } if(ip.indexOf(':') !== -1) { return util.bytesFromIPv6(ip); } return null; }; /** * Converts an IPv4 string representation into bytes (in network order). * * @param ip the IPv4 address to convert. * * @return the 4-byte address or null if the address can't be parsed. */ util.bytesFromIPv4 = function(ip) { ip = ip.split('.'); if(ip.length !== 4) { return null; } var b = util.createBuffer(); for(var i = 0; i < ip.length; ++i) { var num = parseInt(ip[i], 10); if(isNaN(num)) { return null; } b.putByte(num); } return b.getBytes(); }; /** * Converts an IPv6 string representation into bytes (in network order). * * @param ip the IPv6 address to convert. * * @return the 16-byte address or null if the address can't be parsed. */ util.bytesFromIPv6 = function(ip) { var blanks = 0; ip = ip.split(':').filter(function(e) { if(e.length === 0) ++blanks; return true; }); var zeros = (8 - ip.length + blanks) * 2; var b = util.createBuffer(); for(var i = 0; i < 8; ++i) { if(!ip[i] || ip[i].length === 0) { b.fillWithByte(0, zeros); zeros = 0; continue; } var bytes = util.hexToBytes(ip[i]); if(bytes.length < 2) { b.putByte(0); } b.putBytes(bytes); } return b.getBytes(); }; /** * Converts 4-bytes into an IPv4 string representation or 16-bytes into * an IPv6 string representation. The bytes must be in network order. * * @param bytes the bytes to convert. * * @return the IPv4 or IPv6 string representation if 4 or 16 bytes, * respectively, are given, otherwise null. */ util.bytesToIP = function(bytes) { if(bytes.length === 4) { return util.bytesToIPv4(bytes); } if(bytes.length === 16) { return util.bytesToIPv6(bytes); } return null; }; /** * Converts 4-bytes into an IPv4 string representation. The bytes must be * in network order. * * @param bytes the bytes to convert. * * @return the IPv4 string representation or null for an invalid # of bytes. */ util.bytesToIPv4 = function(bytes) { if(bytes.length !== 4) { return null; } var ip = []; for(var i = 0; i < bytes.length; ++i) { ip.push(bytes.charCodeAt(i)); } return ip.join('.'); }; /** * Converts 16-bytes into an IPv16 string representation. The bytes must be * in network order. * * @param bytes the bytes to convert. * * @return the IPv16 string representation or null for an invalid # of bytes. */ util.bytesToIPv6 = function(bytes) { if(bytes.length !== 16) { return null; } var ip = []; var zeroGroups = []; var zeroMaxGroup = 0; for(var i = 0; i < bytes.length; i += 2) { var hex = util.bytesToHex(bytes[i] + bytes[i + 1]); // canonicalize zero representation while(hex[0] === '0' && hex !== '0') { hex = hex.substr(1); } if(hex === '0') { var last = zeroGroups[zeroGroups.length - 1]; var idx = ip.length; if(!last || idx !== last.end + 1) { zeroGroups.push({start: idx, end: idx}); } else { last.end = idx; if((last.end - last.start) > (zeroGroups[zeroMaxGroup].end - zeroGroups[zeroMaxGroup].start)) { zeroMaxGroup = zeroGroups.length - 1; } } } ip.push(hex); } if(zeroGroups.length > 0) { var group = zeroGroups[zeroMaxGroup]; // only shorten group of length > 0 if(group.end - group.start > 0) { ip.splice(group.start, group.end - group.start + 1, ''); if(group.start === 0) { ip.unshift(''); } if(group.end === 7) { ip.push(''); } } } return ip.join(':'); }; /** * Estimates the number of processes that can be run concurrently. If * creating Web Workers, keep in mind that the main JavaScript process needs * its own core. * * @param options the options to use: * update true to force an update (not use the cached value). * @param callback(err, max) called once the operation completes. */ util.estimateCores = function(options, callback) { if(typeof options === 'function') { callback = options; options = {}; } options = options || {}; if('cores' in util && !options.update) { return callback(null, util.cores); } if(typeof navigator !== 'undefined' && 'hardwareConcurrency' in navigator && navigator.hardwareConcurrency > 0) { util.cores = navigator.hardwareConcurrency; return callback(null, util.cores); } if(typeof Worker === 'undefined') { // workers not available util.cores = 1; return callback(null, util.cores); } if(typeof Blob === 'undefined') { // can't estimate, default to 2 util.cores = 2; return callback(null, util.cores); } // create worker concurrency estimation code as blob var blobUrl = URL.createObjectURL(new Blob(['(', function() { self.addEventListener('message', function(e) { // run worker for 4 ms var st = Date.now(); var et = st + 4; while(Date.now() < et); self.postMessage({st: st, et: et}); }); }.toString(), ')()'], {type: 'application/javascript'})); // take 5 samples using 16 workers sample([], 5, 16); function sample(max, samples, numWorkers) { if(samples === 0) { // get overlap average var avg = Math.floor(max.reduce(function(avg, x) { return avg + x; }, 0) / max.length); util.cores = Math.max(1, avg); URL.revokeObjectURL(blobUrl); return callback(null, util.cores); } map(numWorkers, function(err, results) { max.push(reduce(numWorkers, results)); sample(max, samples - 1, numWorkers); }); } function map(numWorkers, callback) { var workers = []; var results = []; for(var i = 0; i < numWorkers; ++i) { var worker = new Worker(blobUrl); worker.addEventListener('message', function(e) { results.push(e.data); if(results.length === numWorkers) { for(var i = 0; i < numWorkers; ++i) { workers[i].terminate(); } callback(null, results); } }); workers.push(worker); } for(var i = 0; i < numWorkers; ++i) { workers[i].postMessage(i); } } function reduce(numWorkers, results) { // find overlapping time windows var overlaps = []; for(var n = 0; n < numWorkers; ++n) { var r1 = results[n]; var overlap = overlaps[n] = []; for(var i = 0; i < numWorkers; ++i) { if(n === i) { continue; } var r2 = results[i]; if((r1.st > r2.st && r1.st < r2.et) || (r2.st > r1.st && r2.st < r1.et)) { overlap.push(i); } } } // get maximum overlaps ... don't include overlapping worker itself // as the main JS process was also being scheduled during the work and // would have to be subtracted from the estimate anyway return overlaps.reduce(function(max, overlap) { return Math.max(max, overlap.length); }, 0); } }; /***/ }), /***/ 8180: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * Javascript implementation of X.509 and related components (such as * Certification Signing Requests) of a Public Key Infrastructure. * * @author Dave Longley * * Copyright (c) 2010-2014 Digital Bazaar, Inc. * * The ASN.1 representation of an X.509v3 certificate is as follows * (see RFC 2459): * * Certificate ::= SEQUENCE { * tbsCertificate TBSCertificate, * signatureAlgorithm AlgorithmIdentifier, * signatureValue BIT STRING * } * * TBSCertificate ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, * serialNumber CertificateSerialNumber, * signature AlgorithmIdentifier, * issuer Name, * validity Validity, * subject Name, * subjectPublicKeyInfo SubjectPublicKeyInfo, * issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, * -- If present, version shall be v2 or v3 * subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, * -- If present, version shall be v2 or v3 * extensions [3] EXPLICIT Extensions OPTIONAL * -- If present, version shall be v3 * } * * Version ::= INTEGER { v1(0), v2(1), v3(2) } * * CertificateSerialNumber ::= INTEGER * * Name ::= CHOICE { * // only one possible choice for now * RDNSequence * } * * RDNSequence ::= SEQUENCE OF RelativeDistinguishedName * * RelativeDistinguishedName ::= SET OF AttributeTypeAndValue * * AttributeTypeAndValue ::= SEQUENCE { * type AttributeType, * value AttributeValue * } * AttributeType ::= OBJECT IDENTIFIER * AttributeValue ::= ANY DEFINED BY AttributeType * * Validity ::= SEQUENCE { * notBefore Time, * notAfter Time * } * * Time ::= CHOICE { * utcTime UTCTime, * generalTime GeneralizedTime * } * * UniqueIdentifier ::= BIT STRING * * SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING * } * * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension * * Extension ::= SEQUENCE { * extnID OBJECT IDENTIFIER, * critical BOOLEAN DEFAULT FALSE, * extnValue OCTET STRING * } * * The only key algorithm currently supported for PKI is RSA. * * RSASSA-PSS signatures are described in RFC 3447 and RFC 4055. * * PKCS#10 v1.7 describes certificate signing requests: * * CertificationRequestInfo: * * CertificationRequestInfo ::= SEQUENCE { * version INTEGER { v1(0) } (v1,...), * subject Name, * subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }}, * attributes [0] Attributes{{ CRIAttributes }} * } * * Attributes { ATTRIBUTE:IOSet } ::= SET OF Attribute{{ IOSet }} * * CRIAttributes ATTRIBUTE ::= { * ... -- add any locally defined attributes here -- } * * Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE { * type ATTRIBUTE.&id({IOSet}), * values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type}) * } * * CertificationRequest ::= SEQUENCE { * certificationRequestInfo CertificationRequestInfo, * signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }}, * signature BIT STRING * } */ var forge = __nccwpck_require__(9177); __nccwpck_require__(7994); __nccwpck_require__(9549); __nccwpck_require__(7157); __nccwpck_require__(6231); __nccwpck_require__(7973); __nccwpck_require__(1925); __nccwpck_require__(154); __nccwpck_require__(4376); __nccwpck_require__(3921); __nccwpck_require__(8339); // shortcut for asn.1 API var asn1 = forge.asn1; /* Public Key Infrastructure (PKI) implementation. */ var pki = module.exports = forge.pki = forge.pki || {}; var oids = pki.oids; // short name OID mappings var _shortNames = {}; _shortNames['CN'] = oids['commonName']; _shortNames['commonName'] = 'CN'; _shortNames['C'] = oids['countryName']; _shortNames['countryName'] = 'C'; _shortNames['L'] = oids['localityName']; _shortNames['localityName'] = 'L'; _shortNames['ST'] = oids['stateOrProvinceName']; _shortNames['stateOrProvinceName'] = 'ST'; _shortNames['O'] = oids['organizationName']; _shortNames['organizationName'] = 'O'; _shortNames['OU'] = oids['organizationalUnitName']; _shortNames['organizationalUnitName'] = 'OU'; _shortNames['E'] = oids['emailAddress']; _shortNames['emailAddress'] = 'E'; // validator for an SubjectPublicKeyInfo structure // Note: Currently only works with an RSA public key var publicKeyValidator = forge.pki.rsa.publicKeyValidator; // validator for an X.509v3 certificate var x509CertificateValidator = { name: 'Certificate', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'Certificate.TBSCertificate', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, captureAsn1: 'tbsCertificate', value: [{ name: 'Certificate.TBSCertificate.version', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 0, constructed: true, optional: true, value: [{ name: 'Certificate.TBSCertificate.version.integer', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'certVersion' }] }, { name: 'Certificate.TBSCertificate.serialNumber', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'certSerialNumber' }, { name: 'Certificate.TBSCertificate.signature', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'Certificate.TBSCertificate.signature.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'certinfoSignatureOid' }, { name: 'Certificate.TBSCertificate.signature.parameters', tagClass: asn1.Class.UNIVERSAL, optional: true, captureAsn1: 'certinfoSignatureParams' }] }, { name: 'Certificate.TBSCertificate.issuer', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, captureAsn1: 'certIssuer' }, { name: 'Certificate.TBSCertificate.validity', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, // Note: UTC and generalized times may both appear so the capture // names are based on their detected order, the names used below // are only for the common case, which validity time really means // "notBefore" and which means "notAfter" will be determined by order value: [{ // notBefore (Time) (UTC time case) name: 'Certificate.TBSCertificate.validity.notBefore (utc)', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.UTCTIME, constructed: false, optional: true, capture: 'certValidity1UTCTime' }, { // notBefore (Time) (generalized time case) name: 'Certificate.TBSCertificate.validity.notBefore (generalized)', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.GENERALIZEDTIME, constructed: false, optional: true, capture: 'certValidity2GeneralizedTime' }, { // notAfter (Time) (only UTC time is supported) name: 'Certificate.TBSCertificate.validity.notAfter (utc)', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.UTCTIME, constructed: false, optional: true, capture: 'certValidity3UTCTime' }, { // notAfter (Time) (only UTC time is supported) name: 'Certificate.TBSCertificate.validity.notAfter (generalized)', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.GENERALIZEDTIME, constructed: false, optional: true, capture: 'certValidity4GeneralizedTime' }] }, { // Name (subject) (RDNSequence) name: 'Certificate.TBSCertificate.subject', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, captureAsn1: 'certSubject' }, // SubjectPublicKeyInfo publicKeyValidator, { // issuerUniqueID (optional) name: 'Certificate.TBSCertificate.issuerUniqueID', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 1, constructed: true, optional: true, value: [{ name: 'Certificate.TBSCertificate.issuerUniqueID.id', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.BITSTRING, constructed: false, // TODO: support arbitrary bit length ids captureBitStringValue: 'certIssuerUniqueId' }] }, { // subjectUniqueID (optional) name: 'Certificate.TBSCertificate.subjectUniqueID', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 2, constructed: true, optional: true, value: [{ name: 'Certificate.TBSCertificate.subjectUniqueID.id', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.BITSTRING, constructed: false, // TODO: support arbitrary bit length ids captureBitStringValue: 'certSubjectUniqueId' }] }, { // Extensions (optional) name: 'Certificate.TBSCertificate.extensions', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 3, constructed: true, captureAsn1: 'certExtensions', optional: true }] }, { // AlgorithmIdentifier (signature algorithm) name: 'Certificate.signatureAlgorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ // algorithm name: 'Certificate.signatureAlgorithm.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'certSignatureOid' }, { name: 'Certificate.TBSCertificate.signature.parameters', tagClass: asn1.Class.UNIVERSAL, optional: true, captureAsn1: 'certSignatureParams' }] }, { // SignatureValue name: 'Certificate.signatureValue', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.BITSTRING, constructed: false, captureBitStringValue: 'certSignature' }] }; var rsassaPssParameterValidator = { name: 'rsapss', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'rsapss.hashAlgorithm', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 0, constructed: true, value: [{ name: 'rsapss.hashAlgorithm.AlgorithmIdentifier', tagClass: asn1.Class.UNIVERSAL, type: asn1.Class.SEQUENCE, constructed: true, optional: true, value: [{ name: 'rsapss.hashAlgorithm.AlgorithmIdentifier.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'hashOid' /* parameter block omitted, for SHA1 NULL anyhow. */ }] }] }, { name: 'rsapss.maskGenAlgorithm', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 1, constructed: true, value: [{ name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier', tagClass: asn1.Class.UNIVERSAL, type: asn1.Class.SEQUENCE, constructed: true, optional: true, value: [{ name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'maskGenOid' }, { name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.params', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'rsapss.maskGenAlgorithm.AlgorithmIdentifier.params.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'maskGenHashOid' /* parameter block omitted, for SHA1 NULL anyhow. */ }] }] }] }, { name: 'rsapss.saltLength', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 2, optional: true, value: [{ name: 'rsapss.saltLength.saltLength', tagClass: asn1.Class.UNIVERSAL, type: asn1.Class.INTEGER, constructed: false, capture: 'saltLength' }] }, { name: 'rsapss.trailerField', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 3, optional: true, value: [{ name: 'rsapss.trailer.trailer', tagClass: asn1.Class.UNIVERSAL, type: asn1.Class.INTEGER, constructed: false, capture: 'trailer' }] }] }; // validator for a CertificationRequestInfo structure var certificationRequestInfoValidator = { name: 'CertificationRequestInfo', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, captureAsn1: 'certificationRequestInfo', value: [{ name: 'CertificationRequestInfo.integer', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.INTEGER, constructed: false, capture: 'certificationRequestInfoVersion' }, { // Name (subject) (RDNSequence) name: 'CertificationRequestInfo.subject', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, captureAsn1: 'certificationRequestInfoSubject' }, // SubjectPublicKeyInfo publicKeyValidator, { name: 'CertificationRequestInfo.attributes', tagClass: asn1.Class.CONTEXT_SPECIFIC, type: 0, constructed: true, optional: true, capture: 'certificationRequestInfoAttributes', value: [{ name: 'CertificationRequestInfo.attributes', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ name: 'CertificationRequestInfo.attributes.type', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false }, { name: 'CertificationRequestInfo.attributes.value', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SET, constructed: true }] }] }] }; // validator for a CertificationRequest structure var certificationRequestValidator = { name: 'CertificationRequest', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, captureAsn1: 'csr', value: [ certificationRequestInfoValidator, { // AlgorithmIdentifier (signature algorithm) name: 'CertificationRequest.signatureAlgorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.SEQUENCE, constructed: true, value: [{ // algorithm name: 'CertificationRequest.signatureAlgorithm.algorithm', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.OID, constructed: false, capture: 'csrSignatureOid' }, { name: 'CertificationRequest.signatureAlgorithm.parameters', tagClass: asn1.Class.UNIVERSAL, optional: true, captureAsn1: 'csrSignatureParams' }] }, { // signature name: 'CertificationRequest.signature', tagClass: asn1.Class.UNIVERSAL, type: asn1.Type.BITSTRING, constructed: false, captureBitStringValue: 'csrSignature' } ] }; /** * Converts an RDNSequence of ASN.1 DER-encoded RelativeDistinguishedName * sets into an array with objects that have type and value properties. * * @param rdn the RDNSequence to convert. * @param md a message digest to append type and value to if provided. */ pki.RDNAttributesAsArray = function(rdn, md) { var rval = []; // each value in 'rdn' in is a SET of RelativeDistinguishedName var set, attr, obj; for(var si = 0; si < rdn.value.length; ++si) { // get the RelativeDistinguishedName set set = rdn.value[si]; // each value in the SET is an AttributeTypeAndValue sequence // containing first a type (an OID) and second a value (defined by // the OID) for(var i = 0; i < set.value.length; ++i) { obj = {}; attr = set.value[i]; obj.type = asn1.derToOid(attr.value[0].value); obj.value = attr.value[1].value; obj.valueTagClass = attr.value[1].type; // if the OID is known, get its name and short name if(obj.type in oids) { obj.name = oids[obj.type]; if(obj.name in _shortNames) { obj.shortName = _shortNames[obj.name]; } } if(md) { md.update(obj.type); md.update(obj.value); } rval.push(obj); } } return rval; }; /** * Converts ASN.1 CRIAttributes into an array with objects that have type and * value properties. * * @param attributes the CRIAttributes to convert. */ pki.CRIAttributesAsArray = function(attributes) { var rval = []; // each value in 'attributes' in is a SEQUENCE with an OID and a SET for(var si = 0; si < attributes.length; ++si) { // get the attribute sequence var seq = attributes[si]; // each value in the SEQUENCE containing first a type (an OID) and // second a set of values (defined by the OID) var type = asn1.derToOid(seq.value[0].value); var values = seq.value[1].value; for(var vi = 0; vi < values.length; ++vi) { var obj = {}; obj.type = type; obj.value = values[vi].value; obj.valueTagClass = values[vi].type; // if the OID is known, get its name and short name if(obj.type in oids) { obj.name = oids[obj.type]; if(obj.name in _shortNames) { obj.shortName = _shortNames[obj.name]; } } // parse extensions if(obj.type === oids.extensionRequest) { obj.extensions = []; for(var ei = 0; ei < obj.value.length; ++ei) { obj.extensions.push(pki.certificateExtensionFromAsn1(obj.value[ei])); } } rval.push(obj); } } return rval; }; /** * Gets an issuer or subject attribute from its name, type, or short name. * * @param obj the issuer or subject object. * @param options a short name string or an object with: * shortName the short name for the attribute. * name the name for the attribute. * type the type for the attribute. * * @return the attribute. */ function _getAttribute(obj, options) { if(typeof options === 'string') { options = {shortName: options}; } var rval = null; var attr; for(var i = 0; rval === null && i < obj.attributes.length; ++i) { attr = obj.attributes[i]; if(options.type && options.type === attr.type) { rval = attr; } else if(options.name && options.name === attr.name) { rval = attr; } else if(options.shortName && options.shortName === attr.shortName) { rval = attr; } } return rval; } /** * Converts signature parameters from ASN.1 structure. * * Currently only RSASSA-PSS supported. The PKCS#1 v1.5 signature scheme had * no parameters. * * RSASSA-PSS-params ::= SEQUENCE { * hashAlgorithm [0] HashAlgorithm DEFAULT * sha1Identifier, * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT * mgf1SHA1Identifier, * saltLength [2] INTEGER DEFAULT 20, * trailerField [3] INTEGER DEFAULT 1 * } * * HashAlgorithm ::= AlgorithmIdentifier * * MaskGenAlgorithm ::= AlgorithmIdentifier * * AlgorithmIdentifer ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL * } * * @param oid The OID specifying the signature algorithm * @param obj The ASN.1 structure holding the parameters * @param fillDefaults Whether to use return default values where omitted * @return signature parameter object */ var _readSignatureParameters = function(oid, obj, fillDefaults) { var params = {}; if(oid !== oids['RSASSA-PSS']) { return params; } if(fillDefaults) { params = { hash: { algorithmOid: oids['sha1'] }, mgf: { algorithmOid: oids['mgf1'], hash: { algorithmOid: oids['sha1'] } }, saltLength: 20 }; } var capture = {}; var errors = []; if(!asn1.validate(obj, rsassaPssParameterValidator, capture, errors)) { var error = new Error('Cannot read RSASSA-PSS parameter block.'); error.errors = errors; throw error; } if(capture.hashOid !== undefined) { params.hash = params.hash || {}; params.hash.algorithmOid = asn1.derToOid(capture.hashOid); } if(capture.maskGenOid !== undefined) { params.mgf = params.mgf || {}; params.mgf.algorithmOid = asn1.derToOid(capture.maskGenOid); params.mgf.hash = params.mgf.hash || {}; params.mgf.hash.algorithmOid = asn1.derToOid(capture.maskGenHashOid); } if(capture.saltLength !== undefined) { params.saltLength = capture.saltLength.charCodeAt(0); } return params; }; /** * Create signature digest for OID. * * @param options * signatureOid: the OID specifying the signature algorithm. * type: a human readable type for error messages * @return a created md instance. throws if unknown oid. */ var _createSignatureDigest = function(options) { switch(oids[options.signatureOid]) { case 'sha1WithRSAEncryption': // deprecated alias case 'sha1WithRSASignature': return forge.md.sha1.create(); case 'md5WithRSAEncryption': return forge.md.md5.create(); case 'sha256WithRSAEncryption': return forge.md.sha256.create(); case 'sha384WithRSAEncryption': return forge.md.sha384.create(); case 'sha512WithRSAEncryption': return forge.md.sha512.create(); case 'RSASSA-PSS': return forge.md.sha256.create(); default: var error = new Error( 'Could not compute ' + options.type + ' digest. ' + 'Unknown signature OID.'); error.signatureOid = options.signatureOid; throw error; } }; /** * Verify signature on certificate or CSR. * * @param options: * certificate the certificate or CSR to verify. * md the signature digest. * signature the signature * @return a created md instance. throws if unknown oid. */ var _verifySignature = function(options) { var cert = options.certificate; var scheme; switch(cert.signatureOid) { case oids.sha1WithRSAEncryption: // deprecated alias case oids.sha1WithRSASignature: /* use PKCS#1 v1.5 padding scheme */ break; case oids['RSASSA-PSS']: var hash, mgf; /* initialize mgf */ hash = oids[cert.signatureParameters.mgf.hash.algorithmOid]; if(hash === undefined || forge.md[hash] === undefined) { var error = new Error('Unsupported MGF hash function.'); error.oid = cert.signatureParameters.mgf.hash.algorithmOid; error.name = hash; throw error; } mgf = oids[cert.signatureParameters.mgf.algorithmOid]; if(mgf === undefined || forge.mgf[mgf] === undefined) { var error = new Error('Unsupported MGF function.'); error.oid = cert.signatureParameters.mgf.algorithmOid; error.name = mgf; throw error; } mgf = forge.mgf[mgf].create(forge.md[hash].create()); /* initialize hash function */ hash = oids[cert.signatureParameters.hash.algorithmOid]; if(hash === undefined || forge.md[hash] === undefined) { var error = new Error('Unsupported RSASSA-PSS hash function.'); error.oid = cert.signatureParameters.hash.algorithmOid; error.name = hash; throw error; } scheme = forge.pss.create( forge.md[hash].create(), mgf, cert.signatureParameters.saltLength ); break; } // verify signature on cert using public key return cert.publicKey.verify( options.md.digest().getBytes(), options.signature, scheme ); }; /** * Converts an X.509 certificate from PEM format. * * Note: If the certificate is to be verified then compute hash should * be set to true. This will scan the TBSCertificate part of the ASN.1 * object while it is converted so it doesn't need to be converted back * to ASN.1-DER-encoding later. * * @param pem the PEM-formatted certificate. * @param computeHash true to compute the hash for verification. * @param strict true to be strict when checking ASN.1 value lengths, false to * allow truncated values (default: true). * * @return the certificate. */ pki.certificateFromPem = function(pem, computeHash, strict) { var msg = forge.pem.decode(pem)[0]; if(msg.type !== 'CERTIFICATE' && msg.type !== 'X509 CERTIFICATE' && msg.type !== 'TRUSTED CERTIFICATE') { var error = new Error( 'Could not convert certificate from PEM; PEM header type ' + 'is not "CERTIFICATE", "X509 CERTIFICATE", or "TRUSTED CERTIFICATE".'); error.headerType = msg.type; throw error; } if(msg.procType && msg.procType.type === 'ENCRYPTED') { throw new Error( 'Could not convert certificate from PEM; PEM is encrypted.'); } // convert DER to ASN.1 object var obj = asn1.fromDer(msg.body, strict); return pki.certificateFromAsn1(obj, computeHash); }; /** * Converts an X.509 certificate to PEM format. * * @param cert the certificate. * @param maxline the maximum characters per line, defaults to 64. * * @return the PEM-formatted certificate. */ pki.certificateToPem = function(cert, maxline) { // convert to ASN.1, then DER, then PEM-encode var msg = { type: 'CERTIFICATE', body: asn1.toDer(pki.certificateToAsn1(cert)).getBytes() }; return forge.pem.encode(msg, {maxline: maxline}); }; /** * Converts an RSA public key from PEM format. * * @param pem the PEM-formatted public key. * * @return the public key. */ pki.publicKeyFromPem = function(pem) { var msg = forge.pem.decode(pem)[0]; if(msg.type !== 'PUBLIC KEY' && msg.type !== 'RSA PUBLIC KEY') { var error = new Error('Could not convert public key from PEM; PEM header ' + 'type is not "PUBLIC KEY" or "RSA PUBLIC KEY".'); error.headerType = msg.type; throw error; } if(msg.procType && msg.procType.type === 'ENCRYPTED') { throw new Error('Could not convert public key from PEM; PEM is encrypted.'); } // convert DER to ASN.1 object var obj = asn1.fromDer(msg.body); return pki.publicKeyFromAsn1(obj); }; /** * Converts an RSA public key to PEM format (using a SubjectPublicKeyInfo). * * @param key the public key. * @param maxline the maximum characters per line, defaults to 64. * * @return the PEM-formatted public key. */ pki.publicKeyToPem = function(key, maxline) { // convert to ASN.1, then DER, then PEM-encode var msg = { type: 'PUBLIC KEY', body: asn1.toDer(pki.publicKeyToAsn1(key)).getBytes() }; return forge.pem.encode(msg, {maxline: maxline}); }; /** * Converts an RSA public key to PEM format (using an RSAPublicKey). * * @param key the public key. * @param maxline the maximum characters per line, defaults to 64. * * @return the PEM-formatted public key. */ pki.publicKeyToRSAPublicKeyPem = function(key, maxline) { // convert to ASN.1, then DER, then PEM-encode var msg = { type: 'RSA PUBLIC KEY', body: asn1.toDer(pki.publicKeyToRSAPublicKey(key)).getBytes() }; return forge.pem.encode(msg, {maxline: maxline}); }; /** * Gets a fingerprint for the given public key. * * @param options the options to use. * [md] the message digest object to use (defaults to forge.md.sha1). * [type] the type of fingerprint, such as 'RSAPublicKey', * 'SubjectPublicKeyInfo' (defaults to 'RSAPublicKey'). * [encoding] an alternative output encoding, such as 'hex' * (defaults to none, outputs a byte buffer). * [delimiter] the delimiter to use between bytes for 'hex' encoded * output, eg: ':' (defaults to none). * * @return the fingerprint as a byte buffer or other encoding based on options. */ pki.getPublicKeyFingerprint = function(key, options) { options = options || {}; var md = options.md || forge.md.sha1.create(); var type = options.type || 'RSAPublicKey'; var bytes; switch(type) { case 'RSAPublicKey': bytes = asn1.toDer(pki.publicKeyToRSAPublicKey(key)).getBytes(); break; case 'SubjectPublicKeyInfo': bytes = asn1.toDer(pki.publicKeyToAsn1(key)).getBytes(); break; default: throw new Error('Unknown fingerprint type "' + options.type + '".'); } // hash public key bytes md.start(); md.update(bytes); var digest = md.digest(); if(options.encoding === 'hex') { var hex = digest.toHex(); if(options.delimiter) { return hex.match(/.{2}/g).join(options.delimiter); } return hex; } else if(options.encoding === 'binary') { return digest.getBytes(); } else if(options.encoding) { throw new Error('Unknown encoding "' + options.encoding + '".'); } return digest; }; /** * Converts a PKCS#10 certification request (CSR) from PEM format. * * Note: If the certification request is to be verified then compute hash * should be set to true. This will scan the CertificationRequestInfo part of * the ASN.1 object while it is converted so it doesn't need to be converted * back to ASN.1-DER-encoding later. * * @param pem the PEM-formatted certificate. * @param computeHash true to compute the hash for verification. * @param strict true to be strict when checking ASN.1 value lengths, false to * allow truncated values (default: true). * * @return the certification request (CSR). */ pki.certificationRequestFromPem = function(pem, computeHash, strict) { var msg = forge.pem.decode(pem)[0]; if(msg.type !== 'CERTIFICATE REQUEST') { var error = new Error('Could not convert certification request from PEM; ' + 'PEM header type is not "CERTIFICATE REQUEST".'); error.headerType = msg.type; throw error; } if(msg.procType && msg.procType.type === 'ENCRYPTED') { throw new Error('Could not convert certification request from PEM; ' + 'PEM is encrypted.'); } // convert DER to ASN.1 object var obj = asn1.fromDer(msg.body, strict); return pki.certificationRequestFromAsn1(obj, computeHash); }; /** * Converts a PKCS#10 certification request (CSR) to PEM format. * * @param csr the certification request. * @param maxline the maximum characters per line, defaults to 64. * * @return the PEM-formatted certification request. */ pki.certificationRequestToPem = function(csr, maxline) { // convert to ASN.1, then DER, then PEM-encode var msg = { type: 'CERTIFICATE REQUEST', body: asn1.toDer(pki.certificationRequestToAsn1(csr)).getBytes() }; return forge.pem.encode(msg, {maxline: maxline}); }; /** * Creates an empty X.509v3 RSA certificate. * * @return the certificate. */ pki.createCertificate = function() { var cert = {}; cert.version = 0x02; cert.serialNumber = '00'; cert.signatureOid = null; cert.signature = null; cert.siginfo = {}; cert.siginfo.algorithmOid = null; cert.validity = {}; cert.validity.notBefore = new Date(); cert.validity.notAfter = new Date(); cert.issuer = {}; cert.issuer.getField = function(sn) { return _getAttribute(cert.issuer, sn); }; cert.issuer.addField = function(attr) { _fillMissingFields([attr]); cert.issuer.attributes.push(attr); }; cert.issuer.attributes = []; cert.issuer.hash = null; cert.subject = {}; cert.subject.getField = function(sn) { return _getAttribute(cert.subject, sn); }; cert.subject.addField = function(attr) { _fillMissingFields([attr]); cert.subject.attributes.push(attr); }; cert.subject.attributes = []; cert.subject.hash = null; cert.extensions = []; cert.publicKey = null; cert.md = null; /** * Sets the subject of this certificate. * * @param attrs the array of subject attributes to use. * @param uniqueId an optional a unique ID to use. */ cert.setSubject = function(attrs, uniqueId) { // set new attributes, clear hash _fillMissingFields(attrs); cert.subject.attributes = attrs; delete cert.subject.uniqueId; if(uniqueId) { // TODO: support arbitrary bit length ids cert.subject.uniqueId = uniqueId; } cert.subject.hash = null; }; /** * Sets the issuer of this certificate. * * @param attrs the array of issuer attributes to use. * @param uniqueId an optional a unique ID to use. */ cert.setIssuer = function(attrs, uniqueId) { // set new attributes, clear hash _fillMissingFields(attrs); cert.issuer.attributes = attrs; delete cert.issuer.uniqueId; if(uniqueId) { // TODO: support arbitrary bit length ids cert.issuer.uniqueId = uniqueId; } cert.issuer.hash = null; }; /** * Sets the extensions of this certificate. * * @param exts the array of extensions to use. */ cert.setExtensions = function(exts) { for(var i = 0; i < exts.length; ++i) { _fillMissingExtensionFields(exts[i], {cert: cert}); } // set new extensions cert.extensions = exts; }; /** * Gets an extension by its name or id. * * @param options the name to use or an object with: * name the name to use. * id the id to use. * * @return the extension or null if not found. */ cert.getExtension = function(options) { if(typeof options === 'string') { options = {name: options}; } var rval = null; var ext; for(var i = 0; rval === null && i < cert.extensions.length; ++i) { ext = cert.extensions[i]; if(options.id && ext.id === options.id) { rval = ext; } else if(options.name && ext.name === options.name) { rval = ext; } } return rval; }; /** * Signs this certificate using the given private key. * * @param key the private key to sign with. * @param md the message digest object to use (defaults to forge.md.sha1). */ cert.sign = function(key, md) { // TODO: get signature OID from private key cert.md = md || forge.md.sha1.create(); var algorithmOid = oids[cert.md.algorithm + 'WithRSAEncryption']; if(!algorithmOid) { var error = new Error('Could not compute certificate digest. ' + 'Unknown message digest algorithm OID.'); error.algorithm = cert.md.algorithm; throw error; } cert.signatureOid = cert.siginfo.algorithmOid = algorithmOid; // get TBSCertificate, convert to DER cert.tbsCertificate = pki.getTBSCertificate(cert); var bytes = asn1.toDer(cert.tbsCertificate); // digest and sign cert.md.update(bytes.getBytes()); cert.signature = key.sign(cert.md); }; /** * Attempts verify the signature on the passed certificate using this * certificate's public key. * * @param child the certificate to verify. * * @return true if verified, false if not. */ cert.verify = function(child) { var rval = false; if(!cert.issued(child)) { var issuer = child.issuer; var subject = cert.subject; var error = new Error( 'The parent certificate did not issue the given child ' + 'certificate; the child certificate\'s issuer does not match the ' + 'parent\'s subject.'); error.expectedIssuer = subject.attributes; error.actualIssuer = issuer.attributes; throw error; } var md = child.md; if(md === null) { // create digest for OID signature types md = _createSignatureDigest({ signatureOid: child.signatureOid, type: 'certificate' }); // produce DER formatted TBSCertificate and digest it var tbsCertificate = child.tbsCertificate || pki.getTBSCertificate(child); var bytes = asn1.toDer(tbsCertificate); md.update(bytes.getBytes()); } if(md !== null) { rval = _verifySignature({ certificate: cert, md: md, signature: child.signature }); } return rval; }; /** * Returns true if this certificate's issuer matches the passed * certificate's subject. Note that no signature check is performed. * * @param parent the certificate to check. * * @return true if this certificate's issuer matches the passed certificate's * subject. */ cert.isIssuer = function(parent) { var rval = false; var i = cert.issuer; var s = parent.subject; // compare hashes if present if(i.hash && s.hash) { rval = (i.hash === s.hash); } else if(i.attributes.length === s.attributes.length) { // all attributes are the same so issuer matches subject rval = true; var iattr, sattr; for(var n = 0; rval && n < i.attributes.length; ++n) { iattr = i.attributes[n]; sattr = s.attributes[n]; if(iattr.type !== sattr.type || iattr.value !== sattr.value) { // attribute mismatch rval = false; } } } return rval; }; /** * Returns true if this certificate's subject matches the issuer of the * given certificate). Note that not signature check is performed. * * @param child the certificate to check. * * @return true if this certificate's subject matches the passed * certificate's issuer. */ cert.issued = function(child) { return child.isIssuer(cert); }; /** * Generates the subjectKeyIdentifier for this certificate as byte buffer. * * @return the subjectKeyIdentifier for this certificate as byte buffer. */ cert.generateSubjectKeyIdentifier = function() { /* See: 4.2.1.2 section of the the RFC3280, keyIdentifier is either: (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bits). (2) The keyIdentifier is composed of a four bit type field with the value 0100 followed by the least significant 60 bits of the SHA-1 hash of the value of the BIT STRING subjectPublicKey (excluding the tag, length, and number of unused bit string bits). */ // skipping the tag, length, and number of unused bits is the same // as just using the RSAPublicKey (for RSA keys, which are the // only ones supported) return pki.getPublicKeyFingerprint(cert.publicKey, {type: 'RSAPublicKey'}); }; /** * Verifies the subjectKeyIdentifier extension value for this certificate * against its public key. If no extension is found, false will be * returned. * * @return true if verified, false if not. */ cert.verifySubjectKeyIdentifier = function() { var oid = oids['subjectKeyIdentifier']; for(var i = 0; i < cert.extensions.length; ++i) { var ext = cert.extensions[i]; if(ext.id === oid) { var ski = cert.generateSubjectKeyIdentifier().getBytes(); return (forge.util.hexToBytes(ext.subjectKeyIdentifier) === ski); } } return false; }; return cert; }; /** * Converts an X.509v3 RSA certificate from an ASN.1 object. * * Note: If the certificate is to be verified then compute hash should * be set to true. There is currently no implementation for converting * a certificate back to ASN.1 so the TBSCertificate part of the ASN.1 * object needs to be scanned before the cert object is created. * * @param obj the asn1 representation of an X.509v3 RSA certificate. * @param computeHash true to compute the hash for verification. * * @return the certificate. */ pki.certificateFromAsn1 = function(obj, computeHash) { // validate certificate and capture data var capture = {}; var errors = []; if(!asn1.validate(obj, x509CertificateValidator, capture, errors)) { var error = new Error('Cannot read X.509 certificate. ' + 'ASN.1 object is not an X509v3 Certificate.'); error.errors = errors; throw error; } // get oid var oid = asn1.derToOid(capture.publicKeyOid); if(oid !== pki.oids.rsaEncryption) { throw new Error('Cannot read public key. OID is not RSA.'); } // create certificate var cert = pki.createCertificate(); cert.version = capture.certVersion ? capture.certVersion.charCodeAt(0) : 0; var serial = forge.util.createBuffer(capture.certSerialNumber); cert.serialNumber = serial.toHex(); cert.signatureOid = forge.asn1.derToOid(capture.certSignatureOid); cert.signatureParameters = _readSignatureParameters( cert.signatureOid, capture.certSignatureParams, true); cert.siginfo.algorithmOid = forge.asn1.derToOid(capture.certinfoSignatureOid); cert.siginfo.parameters = _readSignatureParameters(cert.siginfo.algorithmOid, capture.certinfoSignatureParams, false); cert.signature = capture.certSignature; var validity = []; if(capture.certValidity1UTCTime !== undefined) { validity.push(asn1.utcTimeToDate(capture.certValidity1UTCTime)); } if(capture.certValidity2GeneralizedTime !== undefined) { validity.push(asn1.generalizedTimeToDate( capture.certValidity2GeneralizedTime)); } if(capture.certValidity3UTCTime !== undefined) { validity.push(asn1.utcTimeToDate(capture.certValidity3UTCTime)); } if(capture.certValidity4GeneralizedTime !== undefined) { validity.push(asn1.generalizedTimeToDate( capture.certValidity4GeneralizedTime)); } if(validity.length > 2) { throw new Error('Cannot read notBefore/notAfter validity times; more ' + 'than two times were provided in the certificate.'); } if(validity.length < 2) { throw new Error('Cannot read notBefore/notAfter validity times; they ' + 'were not provided as either UTCTime or GeneralizedTime.'); } cert.validity.notBefore = validity[0]; cert.validity.notAfter = validity[1]; // keep TBSCertificate to preserve signature when exporting cert.tbsCertificate = capture.tbsCertificate; if(computeHash) { // create digest for OID signature type cert.md = _createSignatureDigest({ signatureOid: cert.signatureOid, type: 'certificate' }); // produce DER formatted TBSCertificate and digest it var bytes = asn1.toDer(cert.tbsCertificate); cert.md.update(bytes.getBytes()); } // handle issuer, build issuer message digest var imd = forge.md.sha1.create(); var ibytes = asn1.toDer(capture.certIssuer); imd.update(ibytes.getBytes()); cert.issuer.getField = function(sn) { return _getAttribute(cert.issuer, sn); }; cert.issuer.addField = function(attr) { _fillMissingFields([attr]); cert.issuer.attributes.push(attr); }; cert.issuer.attributes = pki.RDNAttributesAsArray(capture.certIssuer); if(capture.certIssuerUniqueId) { cert.issuer.uniqueId = capture.certIssuerUniqueId; } cert.issuer.hash = imd.digest().toHex(); // handle subject, build subject message digest var smd = forge.md.sha1.create(); var sbytes = asn1.toDer(capture.certSubject); smd.update(sbytes.getBytes()); cert.subject.getField = function(sn) { return _getAttribute(cert.subject, sn); }; cert.subject.addField = function(attr) { _fillMissingFields([attr]); cert.subject.attributes.push(attr); }; cert.subject.attributes = pki.RDNAttributesAsArray(capture.certSubject); if(capture.certSubjectUniqueId) { cert.subject.uniqueId = capture.certSubjectUniqueId; } cert.subject.hash = smd.digest().toHex(); // handle extensions if(capture.certExtensions) { cert.extensions = pki.certificateExtensionsFromAsn1(capture.certExtensions); } else { cert.extensions = []; } // convert RSA public key from ASN.1 cert.publicKey = pki.publicKeyFromAsn1(capture.subjectPublicKeyInfo); return cert; }; /** * Converts an ASN.1 extensions object (with extension sequences as its * values) into an array of extension objects with types and values. * * Supported extensions: * * id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } * KeyUsage ::= BIT STRING { * digitalSignature (0), * nonRepudiation (1), * keyEncipherment (2), * dataEncipherment (3), * keyAgreement (4), * keyCertSign (5), * cRLSign (6), * encipherOnly (7), * decipherOnly (8) * } * * id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } * BasicConstraints ::= SEQUENCE { * cA BOOLEAN DEFAULT FALSE, * pathLenConstraint INTEGER (0..MAX) OPTIONAL * } * * subjectAltName EXTENSION ::= { * SYNTAX GeneralNames * IDENTIFIED BY id-ce-subjectAltName * } * * GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName * * GeneralName ::= CHOICE { * otherName [0] INSTANCE OF OTHER-NAME, * rfc822Name [1] IA5String, * dNSName [2] IA5String, * x400Address [3] ORAddress, * directoryName [4] Name, * ediPartyName [5] EDIPartyName, * uniformResourceIdentifier [6] IA5String, * IPAddress [7] OCTET STRING, * registeredID [8] OBJECT IDENTIFIER * } * * OTHER-NAME ::= TYPE-IDENTIFIER * * EDIPartyName ::= SEQUENCE { * nameAssigner [0] DirectoryString {ub-name} OPTIONAL, * partyName [1] DirectoryString {ub-name} * } * * @param exts the extensions ASN.1 with extension sequences to parse. * * @return the array. */ pki.certificateExtensionsFromAsn1 = function(exts) { var rval = []; for(var i = 0; i < exts.value.length; ++i) { // get extension sequence var extseq = exts.value[i]; for(var ei = 0; ei < extseq.value.length; ++ei) { rval.push(pki.certificateExtensionFromAsn1(extseq.value[ei])); } } return rval; }; /** * Parses a single certificate extension from ASN.1. * * @param ext the extension in ASN.1 format. * * @return the parsed extension as an object. */ pki.certificateExtensionFromAsn1 = function(ext) { // an extension has: // [0] extnID OBJECT IDENTIFIER // [1] critical BOOLEAN DEFAULT FALSE // [2] extnValue OCTET STRING var e = {}; e.id = asn1.derToOid(ext.value[0].value); e.critical = false; if(ext.value[1].type === asn1.Type.BOOLEAN) { e.critical = (ext.value[1].value.charCodeAt(0) !== 0x00); e.value = ext.value[2].value; } else { e.value = ext.value[1].value; } // if the oid is known, get its name if(e.id in oids) { e.name = oids[e.id]; // handle key usage if(e.name === 'keyUsage') { // get value as BIT STRING var ev = asn1.fromDer(e.value); var b2 = 0x00; var b3 = 0x00; if(ev.value.length > 1) { // skip first byte, just indicates unused bits which // will be padded with 0s anyway // get bytes with flag bits b2 = ev.value.charCodeAt(1); b3 = ev.value.length > 2 ? ev.value.charCodeAt(2) : 0; } // set flags e.digitalSignature = (b2 & 0x80) === 0x80; e.nonRepudiation = (b2 & 0x40) === 0x40; e.keyEncipherment = (b2 & 0x20) === 0x20; e.dataEncipherment = (b2 & 0x10) === 0x10; e.keyAgreement = (b2 & 0x08) === 0x08; e.keyCertSign = (b2 & 0x04) === 0x04; e.cRLSign = (b2 & 0x02) === 0x02; e.encipherOnly = (b2 & 0x01) === 0x01; e.decipherOnly = (b3 & 0x80) === 0x80; } else if(e.name === 'basicConstraints') { // handle basic constraints // get value as SEQUENCE var ev = asn1.fromDer(e.value); // get cA BOOLEAN flag (defaults to false) if(ev.value.length > 0 && ev.value[0].type === asn1.Type.BOOLEAN) { e.cA = (ev.value[0].value.charCodeAt(0) !== 0x00); } else { e.cA = false; } // get path length constraint var value = null; if(ev.value.length > 0 && ev.value[0].type === asn1.Type.INTEGER) { value = ev.value[0].value; } else if(ev.value.length > 1) { value = ev.value[1].value; } if(value !== null) { e.pathLenConstraint = asn1.derToInteger(value); } } else if(e.name === 'extKeyUsage') { // handle extKeyUsage // value is a SEQUENCE of OIDs var ev = asn1.fromDer(e.value); for(var vi = 0; vi < ev.value.length; ++vi) { var oid = asn1.derToOid(ev.value[vi].value); if(oid in oids) { e[oids[oid]] = true; } else { e[oid] = true; } } } else if(e.name === 'nsCertType') { // handle nsCertType // get value as BIT STRING var ev = asn1.fromDer(e.value); var b2 = 0x00; if(ev.value.length > 1) { // skip first byte, just indicates unused bits which // will be padded with 0s anyway // get bytes with flag bits b2 = ev.value.charCodeAt(1); } // set flags e.client = (b2 & 0x80) === 0x80; e.server = (b2 & 0x40) === 0x40; e.email = (b2 & 0x20) === 0x20; e.objsign = (b2 & 0x10) === 0x10; e.reserved = (b2 & 0x08) === 0x08; e.sslCA = (b2 & 0x04) === 0x04; e.emailCA = (b2 & 0x02) === 0x02; e.objCA = (b2 & 0x01) === 0x01; } else if( e.name === 'subjectAltName' || e.name === 'issuerAltName') { // handle subjectAltName/issuerAltName e.altNames = []; // ev is a SYNTAX SEQUENCE var gn; var ev = asn1.fromDer(e.value); for(var n = 0; n < ev.value.length; ++n) { // get GeneralName gn = ev.value[n]; var altName = { type: gn.type, value: gn.value }; e.altNames.push(altName); // Note: Support for types 1,2,6,7,8 switch(gn.type) { // rfc822Name case 1: // dNSName case 2: // uniformResourceIdentifier (URI) case 6: break; // IPAddress case 7: // convert to IPv4/IPv6 string representation altName.ip = forge.util.bytesToIP(gn.value); break; // registeredID case 8: altName.oid = asn1.derToOid(gn.value); break; default: // unsupported } } } else if(e.name === 'subjectKeyIdentifier') { // value is an OCTETSTRING w/the hash of the key-type specific // public key structure (eg: RSAPublicKey) var ev = asn1.fromDer(e.value); e.subjectKeyIdentifier = forge.util.bytesToHex(ev.value); } } return e; }; /** * Converts a PKCS#10 certification request (CSR) from an ASN.1 object. * * Note: If the certification request is to be verified then compute hash * should be set to true. There is currently no implementation for converting * a certificate back to ASN.1 so the CertificationRequestInfo part of the * ASN.1 object needs to be scanned before the csr object is created. * * @param obj the asn1 representation of a PKCS#10 certification request (CSR). * @param computeHash true to compute the hash for verification. * * @return the certification request (CSR). */ pki.certificationRequestFromAsn1 = function(obj, computeHash) { // validate certification request and capture data var capture = {}; var errors = []; if(!asn1.validate(obj, certificationRequestValidator, capture, errors)) { var error = new Error('Cannot read PKCS#10 certificate request. ' + 'ASN.1 object is not a PKCS#10 CertificationRequest.'); error.errors = errors; throw error; } // get oid var oid = asn1.derToOid(capture.publicKeyOid); if(oid !== pki.oids.rsaEncryption) { throw new Error('Cannot read public key. OID is not RSA.'); } // create certification request var csr = pki.createCertificationRequest(); csr.version = capture.csrVersion ? capture.csrVersion.charCodeAt(0) : 0; csr.signatureOid = forge.asn1.derToOid(capture.csrSignatureOid); csr.signatureParameters = _readSignatureParameters( csr.signatureOid, capture.csrSignatureParams, true); csr.siginfo.algorithmOid = forge.asn1.derToOid(capture.csrSignatureOid); csr.siginfo.parameters = _readSignatureParameters( csr.siginfo.algorithmOid, capture.csrSignatureParams, false); csr.signature = capture.csrSignature; // keep CertificationRequestInfo to preserve signature when exporting csr.certificationRequestInfo = capture.certificationRequestInfo; if(computeHash) { // create digest for OID signature type csr.md = _createSignatureDigest({ signatureOid: csr.signatureOid, type: 'certification request' }); // produce DER formatted CertificationRequestInfo and digest it var bytes = asn1.toDer(csr.certificationRequestInfo); csr.md.update(bytes.getBytes()); } // handle subject, build subject message digest var smd = forge.md.sha1.create(); csr.subject.getField = function(sn) { return _getAttribute(csr.subject, sn); }; csr.subject.addField = function(attr) { _fillMissingFields([attr]); csr.subject.attributes.push(attr); }; csr.subject.attributes = pki.RDNAttributesAsArray( capture.certificationRequestInfoSubject, smd); csr.subject.hash = smd.digest().toHex(); // convert RSA public key from ASN.1 csr.publicKey = pki.publicKeyFromAsn1(capture.subjectPublicKeyInfo); // convert attributes from ASN.1 csr.getAttribute = function(sn) { return _getAttribute(csr, sn); }; csr.addAttribute = function(attr) { _fillMissingFields([attr]); csr.attributes.push(attr); }; csr.attributes = pki.CRIAttributesAsArray( capture.certificationRequestInfoAttributes || []); return csr; }; /** * Creates an empty certification request (a CSR or certificate signing * request). Once created, its public key and attributes can be set and then * it can be signed. * * @return the empty certification request. */ pki.createCertificationRequest = function() { var csr = {}; csr.version = 0x00; csr.signatureOid = null; csr.signature = null; csr.siginfo = {}; csr.siginfo.algorithmOid = null; csr.subject = {}; csr.subject.getField = function(sn) { return _getAttribute(csr.subject, sn); }; csr.subject.addField = function(attr) { _fillMissingFields([attr]); csr.subject.attributes.push(attr); }; csr.subject.attributes = []; csr.subject.hash = null; csr.publicKey = null; csr.attributes = []; csr.getAttribute = function(sn) { return _getAttribute(csr, sn); }; csr.addAttribute = function(attr) { _fillMissingFields([attr]); csr.attributes.push(attr); }; csr.md = null; /** * Sets the subject of this certification request. * * @param attrs the array of subject attributes to use. */ csr.setSubject = function(attrs) { // set new attributes _fillMissingFields(attrs); csr.subject.attributes = attrs; csr.subject.hash = null; }; /** * Sets the attributes of this certification request. * * @param attrs the array of attributes to use. */ csr.setAttributes = function(attrs) { // set new attributes _fillMissingFields(attrs); csr.attributes = attrs; }; /** * Signs this certification request using the given private key. * * @param key the private key to sign with. * @param md the message digest object to use (defaults to forge.md.sha1). */ csr.sign = function(key, md) { // TODO: get signature OID from private key csr.md = md || forge.md.sha1.create(); var algorithmOid = oids[csr.md.algorithm + 'WithRSAEncryption']; if(!algorithmOid) { var error = new Error('Could not compute certification request digest. ' + 'Unknown message digest algorithm OID.'); error.algorithm = csr.md.algorithm; throw error; } csr.signatureOid = csr.siginfo.algorithmOid = algorithmOid; // get CertificationRequestInfo, convert to DER csr.certificationRequestInfo = pki.getCertificationRequestInfo(csr); var bytes = asn1.toDer(csr.certificationRequestInfo); // digest and sign csr.md.update(bytes.getBytes()); csr.signature = key.sign(csr.md); }; /** * Attempts verify the signature on the passed certification request using * its public key. * * A CSR that has been exported to a file in PEM format can be verified using * OpenSSL using this command: * * openssl req -in -verify -noout -text * * @return true if verified, false if not. */ csr.verify = function() { var rval = false; var md = csr.md; if(md === null) { md = _createSignatureDigest({ signatureOid: csr.signatureOid, type: 'certification request' }); // produce DER formatted CertificationRequestInfo and digest it var cri = csr.certificationRequestInfo || pki.getCertificationRequestInfo(csr); var bytes = asn1.toDer(cri); md.update(bytes.getBytes()); } if(md !== null) { rval = _verifySignature({ certificate: csr, md: md, signature: csr.signature }); } return rval; }; return csr; }; /** * Converts an X.509 subject or issuer to an ASN.1 RDNSequence. * * @param obj the subject or issuer (distinguished name). * * @return the ASN.1 RDNSequence. */ function _dnToAsn1(obj) { // create an empty RDNSequence var rval = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); // iterate over attributes var attr, set; var attrs = obj.attributes; for(var i = 0; i < attrs.length; ++i) { attr = attrs[i]; var value = attr.value; // reuse tag class for attribute value if available var valueTagClass = asn1.Type.PRINTABLESTRING; if('valueTagClass' in attr) { valueTagClass = attr.valueTagClass; if(valueTagClass === asn1.Type.UTF8) { value = forge.util.encodeUtf8(value); } // FIXME: handle more encodings } // create a RelativeDistinguishedName set // each value in the set is an AttributeTypeAndValue first // containing the type (an OID) and second the value set = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // AttributeType asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(attr.type).getBytes()), // AttributeValue asn1.create(asn1.Class.UNIVERSAL, valueTagClass, false, value) ]) ]); rval.value.push(set); } return rval; } /** * Gets all printable attributes (typically of an issuer or subject) in a * simplified JSON format for display. * * @param attrs the attributes. * * @return the JSON for display. */ function _getAttributesAsJson(attrs) { var rval = {}; for(var i = 0; i < attrs.length; ++i) { var attr = attrs[i]; if(attr.shortName && ( attr.valueTagClass === asn1.Type.UTF8 || attr.valueTagClass === asn1.Type.PRINTABLESTRING || attr.valueTagClass === asn1.Type.IA5STRING)) { var value = attr.value; if(attr.valueTagClass === asn1.Type.UTF8) { value = forge.util.encodeUtf8(attr.value); } if(!(attr.shortName in rval)) { rval[attr.shortName] = value; } else if(forge.util.isArray(rval[attr.shortName])) { rval[attr.shortName].push(value); } else { rval[attr.shortName] = [rval[attr.shortName], value]; } } } return rval; } /** * Fills in missing fields in attributes. * * @param attrs the attributes to fill missing fields in. */ function _fillMissingFields(attrs) { var attr; for(var i = 0; i < attrs.length; ++i) { attr = attrs[i]; // populate missing name if(typeof attr.name === 'undefined') { if(attr.type && attr.type in pki.oids) { attr.name = pki.oids[attr.type]; } else if(attr.shortName && attr.shortName in _shortNames) { attr.name = pki.oids[_shortNames[attr.shortName]]; } } // populate missing type (OID) if(typeof attr.type === 'undefined') { if(attr.name && attr.name in pki.oids) { attr.type = pki.oids[attr.name]; } else { var error = new Error('Attribute type not specified.'); error.attribute = attr; throw error; } } // populate missing shortname if(typeof attr.shortName === 'undefined') { if(attr.name && attr.name in _shortNames) { attr.shortName = _shortNames[attr.name]; } } // convert extensions to value if(attr.type === oids.extensionRequest) { attr.valueConstructed = true; attr.valueTagClass = asn1.Type.SEQUENCE; if(!attr.value && attr.extensions) { attr.value = []; for(var ei = 0; ei < attr.extensions.length; ++ei) { attr.value.push(pki.certificateExtensionToAsn1( _fillMissingExtensionFields(attr.extensions[ei]))); } } } if(typeof attr.value === 'undefined') { var error = new Error('Attribute value not specified.'); error.attribute = attr; throw error; } } } /** * Fills in missing fields in certificate extensions. * * @param e the extension. * @param [options] the options to use. * [cert] the certificate the extensions are for. * * @return the extension. */ function _fillMissingExtensionFields(e, options) { options = options || {}; // populate missing name if(typeof e.name === 'undefined') { if(e.id && e.id in pki.oids) { e.name = pki.oids[e.id]; } } // populate missing id if(typeof e.id === 'undefined') { if(e.name && e.name in pki.oids) { e.id = pki.oids[e.name]; } else { var error = new Error('Extension ID not specified.'); error.extension = e; throw error; } } if(typeof e.value !== 'undefined') { return e; } // handle missing value: // value is a BIT STRING if(e.name === 'keyUsage') { // build flags var unused = 0; var b2 = 0x00; var b3 = 0x00; if(e.digitalSignature) { b2 |= 0x80; unused = 7; } if(e.nonRepudiation) { b2 |= 0x40; unused = 6; } if(e.keyEncipherment) { b2 |= 0x20; unused = 5; } if(e.dataEncipherment) { b2 |= 0x10; unused = 4; } if(e.keyAgreement) { b2 |= 0x08; unused = 3; } if(e.keyCertSign) { b2 |= 0x04; unused = 2; } if(e.cRLSign) { b2 |= 0x02; unused = 1; } if(e.encipherOnly) { b2 |= 0x01; unused = 0; } if(e.decipherOnly) { b3 |= 0x80; unused = 7; } // create bit string var value = String.fromCharCode(unused); if(b3 !== 0) { value += String.fromCharCode(b2) + String.fromCharCode(b3); } else if(b2 !== 0) { value += String.fromCharCode(b2); } e.value = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, value); } else if(e.name === 'basicConstraints') { // basicConstraints is a SEQUENCE e.value = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); // cA BOOLEAN flag defaults to false if(e.cA) { e.value.value.push(asn1.create( asn1.Class.UNIVERSAL, asn1.Type.BOOLEAN, false, String.fromCharCode(0xFF))); } if('pathLenConstraint' in e) { e.value.value.push(asn1.create( asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(e.pathLenConstraint).getBytes())); } } else if(e.name === 'extKeyUsage') { // extKeyUsage is a SEQUENCE of OIDs e.value = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); var seq = e.value.value; for(var key in e) { if(e[key] !== true) { continue; } // key is name in OID map if(key in oids) { seq.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(oids[key]).getBytes())); } else if(key.indexOf('.') !== -1) { // assume key is an OID seq.push(asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(key).getBytes())); } } } else if(e.name === 'nsCertType') { // nsCertType is a BIT STRING // build flags var unused = 0; var b2 = 0x00; if(e.client) { b2 |= 0x80; unused = 7; } if(e.server) { b2 |= 0x40; unused = 6; } if(e.email) { b2 |= 0x20; unused = 5; } if(e.objsign) { b2 |= 0x10; unused = 4; } if(e.reserved) { b2 |= 0x08; unused = 3; } if(e.sslCA) { b2 |= 0x04; unused = 2; } if(e.emailCA) { b2 |= 0x02; unused = 1; } if(e.objCA) { b2 |= 0x01; unused = 0; } // create bit string var value = String.fromCharCode(unused); if(b2 !== 0) { value += String.fromCharCode(b2); } e.value = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, value); } else if(e.name === 'subjectAltName' || e.name === 'issuerAltName') { // SYNTAX SEQUENCE e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); var altName; for(var n = 0; n < e.altNames.length; ++n) { altName = e.altNames[n]; var value = altName.value; // handle IP if(altName.type === 7 && altName.ip) { value = forge.util.bytesFromIP(altName.ip); if(value === null) { var error = new Error( 'Extension "ip" value is not a valid IPv4 or IPv6 address.'); error.extension = e; throw error; } } else if(altName.type === 8) { // handle OID if(altName.oid) { value = asn1.oidToDer(asn1.oidToDer(altName.oid)); } else { // deprecated ... convert value to OID value = asn1.oidToDer(value); } } e.value.value.push(asn1.create( asn1.Class.CONTEXT_SPECIFIC, altName.type, false, value)); } } else if(e.name === 'nsComment' && options.cert) { // sanity check value is ASCII (req'd) and not too big if(!(/^[\x00-\x7F]*$/.test(e.comment)) || (e.comment.length < 1) || (e.comment.length > 128)) { throw new Error('Invalid "nsComment" content.'); } // IA5STRING opaque comment e.value = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.IA5STRING, false, e.comment); } else if(e.name === 'subjectKeyIdentifier' && options.cert) { var ski = options.cert.generateSubjectKeyIdentifier(); e.subjectKeyIdentifier = ski.toHex(); // OCTETSTRING w/digest e.value = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, ski.getBytes()); } else if(e.name === 'authorityKeyIdentifier' && options.cert) { // SYNTAX SEQUENCE e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); var seq = e.value.value; if(e.keyIdentifier) { var keyIdentifier = (e.keyIdentifier === true ? options.cert.generateSubjectKeyIdentifier().getBytes() : e.keyIdentifier); seq.push( asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, false, keyIdentifier)); } if(e.authorityCertIssuer) { var authorityCertIssuer = [ asn1.create(asn1.Class.CONTEXT_SPECIFIC, 4, true, [ _dnToAsn1(e.authorityCertIssuer === true ? options.cert.issuer : e.authorityCertIssuer) ]) ]; seq.push( asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, authorityCertIssuer)); } if(e.serialNumber) { var serialNumber = forge.util.hexToBytes(e.serialNumber === true ? options.cert.serialNumber : e.serialNumber); seq.push( asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, false, serialNumber)); } } else if(e.name === 'cRLDistributionPoints') { e.value = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); var seq = e.value.value; // Create sub SEQUENCE of DistributionPointName var subSeq = asn1.create( asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); // Create fullName CHOICE var fullNameGeneralNames = asn1.create( asn1.Class.CONTEXT_SPECIFIC, 0, true, []); var altName; for(var n = 0; n < e.altNames.length; ++n) { altName = e.altNames[n]; var value = altName.value; // handle IP if(altName.type === 7 && altName.ip) { value = forge.util.bytesFromIP(altName.ip); if(value === null) { var error = new Error( 'Extension "ip" value is not a valid IPv4 or IPv6 address.'); error.extension = e; throw error; } } else if(altName.type === 8) { // handle OID if(altName.oid) { value = asn1.oidToDer(asn1.oidToDer(altName.oid)); } else { // deprecated ... convert value to OID value = asn1.oidToDer(value); } } fullNameGeneralNames.value.push(asn1.create( asn1.Class.CONTEXT_SPECIFIC, altName.type, false, value)); } // Add to the parent SEQUENCE subSeq.value.push(asn1.create( asn1.Class.CONTEXT_SPECIFIC, 0, true, [fullNameGeneralNames])); seq.push(subSeq); } // ensure value has been defined by now if(typeof e.value === 'undefined') { var error = new Error('Extension value not specified.'); error.extension = e; throw error; } return e; } /** * Convert signature parameters object to ASN.1 * * @param {String} oid Signature algorithm OID * @param params The signature parametrs object * @return ASN.1 object representing signature parameters */ function _signatureParametersToAsn1(oid, params) { switch(oid) { case oids['RSASSA-PSS']: var parts = []; if(params.hash.algorithmOid !== undefined) { parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(params.hash.algorithmOid).getBytes()), asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '') ]) ])); } if(params.mgf.algorithmOid !== undefined) { parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(params.mgf.algorithmOid).getBytes()), asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(params.mgf.hash.algorithmOid).getBytes()), asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, '') ]) ]) ])); } if(params.saltLength !== undefined) { parts.push(asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(params.saltLength).getBytes()) ])); } return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, parts); default: return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.NULL, false, ''); } } /** * Converts a certification request's attributes to an ASN.1 set of * CRIAttributes. * * @param csr certification request. * * @return the ASN.1 set of CRIAttributes. */ function _CRIAttributesToAsn1(csr) { // create an empty context-specific container var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, []); // no attributes, return empty container if(csr.attributes.length === 0) { return rval; } // each attribute has a sequence with a type and a set of values var attrs = csr.attributes; for(var i = 0; i < attrs.length; ++i) { var attr = attrs[i]; var value = attr.value; // reuse tag class for attribute value if available var valueTagClass = asn1.Type.UTF8; if('valueTagClass' in attr) { valueTagClass = attr.valueTagClass; } if(valueTagClass === asn1.Type.UTF8) { value = forge.util.encodeUtf8(value); } var valueConstructed = false; if('valueConstructed' in attr) { valueConstructed = attr.valueConstructed; } // FIXME: handle more encodings // create a RelativeDistinguishedName set // each value in the set is an AttributeTypeAndValue first // containing the type (an OID) and second the value var seq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // AttributeType asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(attr.type).getBytes()), asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SET, true, [ // AttributeValue asn1.create( asn1.Class.UNIVERSAL, valueTagClass, valueConstructed, value) ]) ]); rval.value.push(seq); } return rval; } var jan_1_1950 = new Date('1950-01-01T00:00:00Z'); var jan_1_2050 = new Date('2050-01-01T00:00:00Z'); /** * Converts a Date object to ASN.1 * Handles the different format before and after 1st January 2050 * * @param date date object. * * @return the ASN.1 object representing the date. */ function _dateToAsn1(date) { if(date >= jan_1_1950 && date < jan_1_2050) { return asn1.create( asn1.Class.UNIVERSAL, asn1.Type.UTCTIME, false, asn1.dateToUtcTime(date)); } else { return asn1.create( asn1.Class.UNIVERSAL, asn1.Type.GENERALIZEDTIME, false, asn1.dateToGeneralizedTime(date)); } } /** * Gets the ASN.1 TBSCertificate part of an X.509v3 certificate. * * @param cert the certificate. * * @return the asn1 TBSCertificate. */ pki.getTBSCertificate = function(cert) { // TBSCertificate var notBefore = _dateToAsn1(cert.validity.notBefore); var notAfter = _dateToAsn1(cert.validity.notAfter); var tbs = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // version asn1.create(asn1.Class.CONTEXT_SPECIFIC, 0, true, [ // integer asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(cert.version).getBytes()) ]), // serialNumber asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, forge.util.hexToBytes(cert.serialNumber)), // signature asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // algorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(cert.siginfo.algorithmOid).getBytes()), // parameters _signatureParametersToAsn1( cert.siginfo.algorithmOid, cert.siginfo.parameters) ]), // issuer _dnToAsn1(cert.issuer), // validity asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ notBefore, notAfter ]), // subject _dnToAsn1(cert.subject), // SubjectPublicKeyInfo pki.publicKeyToAsn1(cert.publicKey) ]); if(cert.issuer.uniqueId) { // issuerUniqueID (optional) tbs.value.push( asn1.create(asn1.Class.CONTEXT_SPECIFIC, 1, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, // TODO: support arbitrary bit length ids String.fromCharCode(0x00) + cert.issuer.uniqueId ) ]) ); } if(cert.subject.uniqueId) { // subjectUniqueID (optional) tbs.value.push( asn1.create(asn1.Class.CONTEXT_SPECIFIC, 2, true, [ asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, // TODO: support arbitrary bit length ids String.fromCharCode(0x00) + cert.subject.uniqueId ) ]) ); } if(cert.extensions.length > 0) { // extensions (optional) tbs.value.push(pki.certificateExtensionsToAsn1(cert.extensions)); } return tbs; }; /** * Gets the ASN.1 CertificationRequestInfo part of a * PKCS#10 CertificationRequest. * * @param csr the certification request. * * @return the asn1 CertificationRequestInfo. */ pki.getCertificationRequestInfo = function(csr) { // CertificationRequestInfo var cri = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // version asn1.create(asn1.Class.UNIVERSAL, asn1.Type.INTEGER, false, asn1.integerToDer(csr.version).getBytes()), // subject _dnToAsn1(csr.subject), // SubjectPublicKeyInfo pki.publicKeyToAsn1(csr.publicKey), // attributes _CRIAttributesToAsn1(csr) ]); return cri; }; /** * Converts a DistinguishedName (subject or issuer) to an ASN.1 object. * * @param dn the DistinguishedName. * * @return the asn1 representation of a DistinguishedName. */ pki.distinguishedNameToAsn1 = function(dn) { return _dnToAsn1(dn); }; /** * Converts an X.509v3 RSA certificate to an ASN.1 object. * * @param cert the certificate. * * @return the asn1 representation of an X.509v3 RSA certificate. */ pki.certificateToAsn1 = function(cert) { // prefer cached TBSCertificate over generating one var tbsCertificate = cert.tbsCertificate || pki.getTBSCertificate(cert); // Certificate return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // TBSCertificate tbsCertificate, // AlgorithmIdentifier (signature algorithm) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // algorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(cert.signatureOid).getBytes()), // parameters _signatureParametersToAsn1(cert.signatureOid, cert.signatureParameters) ]), // SignatureValue asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, String.fromCharCode(0x00) + cert.signature) ]); }; /** * Converts X.509v3 certificate extensions to ASN.1. * * @param exts the extensions to convert. * * @return the extensions in ASN.1 format. */ pki.certificateExtensionsToAsn1 = function(exts) { // create top-level extension container var rval = asn1.create(asn1.Class.CONTEXT_SPECIFIC, 3, true, []); // create extension sequence (stores a sequence for each extension) var seq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); rval.value.push(seq); for(var i = 0; i < exts.length; ++i) { seq.value.push(pki.certificateExtensionToAsn1(exts[i])); } return rval; }; /** * Converts a single certificate extension to ASN.1. * * @param ext the extension to convert. * * @return the extension in ASN.1 format. */ pki.certificateExtensionToAsn1 = function(ext) { // create a sequence for each extension var extseq = asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, []); // extnID (OID) extseq.value.push(asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(ext.id).getBytes())); // critical defaults to false if(ext.critical) { // critical BOOLEAN DEFAULT FALSE extseq.value.push(asn1.create( asn1.Class.UNIVERSAL, asn1.Type.BOOLEAN, false, String.fromCharCode(0xFF))); } var value = ext.value; if(typeof ext.value !== 'string') { // value is asn.1 value = asn1.toDer(value).getBytes(); } // extnValue (OCTET STRING) extseq.value.push(asn1.create( asn1.Class.UNIVERSAL, asn1.Type.OCTETSTRING, false, value)); return extseq; }; /** * Converts a PKCS#10 certification request to an ASN.1 object. * * @param csr the certification request. * * @return the asn1 representation of a certification request. */ pki.certificationRequestToAsn1 = function(csr) { // prefer cached CertificationRequestInfo over generating one var cri = csr.certificationRequestInfo || pki.getCertificationRequestInfo(csr); // Certificate return asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // CertificationRequestInfo cri, // AlgorithmIdentifier (signature algorithm) asn1.create(asn1.Class.UNIVERSAL, asn1.Type.SEQUENCE, true, [ // algorithm asn1.create(asn1.Class.UNIVERSAL, asn1.Type.OID, false, asn1.oidToDer(csr.signatureOid).getBytes()), // parameters _signatureParametersToAsn1(csr.signatureOid, csr.signatureParameters) ]), // signature asn1.create(asn1.Class.UNIVERSAL, asn1.Type.BITSTRING, false, String.fromCharCode(0x00) + csr.signature) ]); }; /** * Creates a CA store. * * @param certs an optional array of certificate objects or PEM-formatted * certificate strings to add to the CA store. * * @return the CA store. */ pki.createCaStore = function(certs) { // create CA store var caStore = { // stored certificates certs: {} }; /** * Gets the certificate that issued the passed certificate or its * 'parent'. * * @param cert the certificate to get the parent for. * * @return the parent certificate or null if none was found. */ caStore.getIssuer = function(cert) { var rval = getBySubject(cert.issuer); // see if there are multiple matches /*if(forge.util.isArray(rval)) { // TODO: resolve multiple matches by checking // authorityKey/subjectKey/issuerUniqueID/other identifiers, etc. // FIXME: or alternatively do authority key mapping // if possible (X.509v1 certs can't work?) throw new Error('Resolving multiple issuer matches not implemented yet.'); }*/ return rval; }; /** * Adds a trusted certificate to the store. * * @param cert the certificate to add as a trusted certificate (either a * pki.certificate object or a PEM-formatted certificate). */ caStore.addCertificate = function(cert) { // convert from pem if necessary if(typeof cert === 'string') { cert = forge.pki.certificateFromPem(cert); } ensureSubjectHasHash(cert.subject); if(!caStore.hasCertificate(cert)) { // avoid duplicate certificates in store if(cert.subject.hash in caStore.certs) { // subject hash already exists, append to array var tmp = caStore.certs[cert.subject.hash]; if(!forge.util.isArray(tmp)) { tmp = [tmp]; } tmp.push(cert); caStore.certs[cert.subject.hash] = tmp; } else { caStore.certs[cert.subject.hash] = cert; } } }; /** * Checks to see if the given certificate is in the store. * * @param cert the certificate to check (either a pki.certificate or a * PEM-formatted certificate). * * @return true if the certificate is in the store, false if not. */ caStore.hasCertificate = function(cert) { // convert from pem if necessary if(typeof cert === 'string') { cert = forge.pki.certificateFromPem(cert); } var match = getBySubject(cert.subject); if(!match) { return false; } if(!forge.util.isArray(match)) { match = [match]; } // compare DER-encoding of certificates var der1 = asn1.toDer(pki.certificateToAsn1(cert)).getBytes(); for(var i = 0; i < match.length; ++i) { var der2 = asn1.toDer(pki.certificateToAsn1(match[i])).getBytes(); if(der1 === der2) { return true; } } return false; }; /** * Lists all of the certificates kept in the store. * * @return an array of all of the pki.certificate objects in the store. */ caStore.listAllCertificates = function() { var certList = []; for(var hash in caStore.certs) { if(caStore.certs.hasOwnProperty(hash)) { var value = caStore.certs[hash]; if(!forge.util.isArray(value)) { certList.push(value); } else { for(var i = 0; i < value.length; ++i) { certList.push(value[i]); } } } } return certList; }; /** * Removes a certificate from the store. * * @param cert the certificate to remove (either a pki.certificate or a * PEM-formatted certificate). * * @return the certificate that was removed or null if the certificate * wasn't in store. */ caStore.removeCertificate = function(cert) { var result; // convert from pem if necessary if(typeof cert === 'string') { cert = forge.pki.certificateFromPem(cert); } ensureSubjectHasHash(cert.subject); if(!caStore.hasCertificate(cert)) { return null; } var match = getBySubject(cert.subject); if(!forge.util.isArray(match)) { result = caStore.certs[cert.subject.hash]; delete caStore.certs[cert.subject.hash]; return result; } // compare DER-encoding of certificates var der1 = asn1.toDer(pki.certificateToAsn1(cert)).getBytes(); for(var i = 0; i < match.length; ++i) { var der2 = asn1.toDer(pki.certificateToAsn1(match[i])).getBytes(); if(der1 === der2) { result = match[i]; match.splice(i, 1); } } if(match.length === 0) { delete caStore.certs[cert.subject.hash]; } return result; }; function getBySubject(subject) { ensureSubjectHasHash(subject); return caStore.certs[subject.hash] || null; } function ensureSubjectHasHash(subject) { // produce subject hash if it doesn't exist if(!subject.hash) { var md = forge.md.sha1.create(); subject.attributes = pki.RDNAttributesAsArray(_dnToAsn1(subject), md); subject.hash = md.digest().toHex(); } } // auto-add passed in certs if(certs) { // parse PEM-formatted certificates as necessary for(var i = 0; i < certs.length; ++i) { var cert = certs[i]; caStore.addCertificate(cert); } } return caStore; }; /** * Certificate verification errors, based on TLS. */ pki.certificateError = { bad_certificate: 'forge.pki.BadCertificate', unsupported_certificate: 'forge.pki.UnsupportedCertificate', certificate_revoked: 'forge.pki.CertificateRevoked', certificate_expired: 'forge.pki.CertificateExpired', certificate_unknown: 'forge.pki.CertificateUnknown', unknown_ca: 'forge.pki.UnknownCertificateAuthority' }; /** * Verifies a certificate chain against the given Certificate Authority store * with an optional custom verify callback. * * @param caStore a certificate store to verify against. * @param chain the certificate chain to verify, with the root or highest * authority at the end (an array of certificates). * @param options a callback to be called for every certificate in the chain or * an object with: * verify a callback to be called for every certificate in the * chain * validityCheckDate the date against which the certificate * validity period should be checked. Pass null to not check * the validity period. By default, the current date is used. * * The verify callback has the following signature: * * verified - Set to true if certificate was verified, otherwise the * pki.certificateError for why the certificate failed. * depth - The current index in the chain, where 0 is the end point's cert. * certs - The certificate chain, *NOTE* an empty chain indicates an anonymous * end point. * * The function returns true on success and on failure either the appropriate * pki.certificateError or an object with 'error' set to the appropriate * pki.certificateError and 'message' set to a custom error message. * * @return true if successful, error thrown if not. */ pki.verifyCertificateChain = function(caStore, chain, options) { /* From: RFC3280 - Internet X.509 Public Key Infrastructure Certificate Section 6: Certification Path Validation See inline parentheticals related to this particular implementation. The primary goal of path validation is to verify the binding between a subject distinguished name or a subject alternative name and subject public key, as represented in the end entity certificate, based on the public key of the trust anchor. This requires obtaining a sequence of certificates that support that binding. That sequence should be provided in the passed 'chain'. The trust anchor should be in the given CA store. The 'end entity' certificate is the certificate provided by the end point (typically a server) and is the first in the chain. To meet this goal, the path validation process verifies, among other things, that a prospective certification path (a sequence of n certificates or a 'chain') satisfies the following conditions: (a) for all x in {1, ..., n-1}, the subject of certificate x is the issuer of certificate x+1; (b) certificate 1 is issued by the trust anchor; (c) certificate n is the certificate to be validated; and (d) for all x in {1, ..., n}, the certificate was valid at the time in question. Note that here 'n' is index 0 in the chain and 1 is the last certificate in the chain and it must be signed by a certificate in the connection's CA store. The path validation process also determines the set of certificate policies that are valid for this path, based on the certificate policies extension, policy mapping extension, policy constraints extension, and inhibit any-policy extension. Note: Policy mapping extension not supported (Not Required). Note: If the certificate has an unsupported critical extension, then it must be rejected. Note: A certificate is self-issued if the DNs that appear in the subject and issuer fields are identical and are not empty. The path validation algorithm assumes the following seven inputs are provided to the path processing logic. What this specific implementation will use is provided parenthetically: (a) a prospective certification path of length n (the 'chain') (b) the current date/time: ('now'). (c) user-initial-policy-set: A set of certificate policy identifiers naming the policies that are acceptable to the certificate user. The user-initial-policy-set contains the special value any-policy if the user is not concerned about certificate policy (Not implemented. Any policy is accepted). (d) trust anchor information, describing a CA that serves as a trust anchor for the certification path. The trust anchor information includes: (1) the trusted issuer name, (2) the trusted public key algorithm, (3) the trusted public key, and (4) optionally, the trusted public key parameters associated with the public key. (Trust anchors are provided via certificates in the CA store). The trust anchor information may be provided to the path processing procedure in the form of a self-signed certificate. The trusted anchor information is trusted because it was delivered to the path processing procedure by some trustworthy out-of-band procedure. If the trusted public key algorithm requires parameters, then the parameters are provided along with the trusted public key (No parameters used in this implementation). (e) initial-policy-mapping-inhibit, which indicates if policy mapping is allowed in the certification path. (Not implemented, no policy checking) (f) initial-explicit-policy, which indicates if the path must be valid for at least one of the certificate policies in the user-initial- policy-set. (Not implemented, no policy checking) (g) initial-any-policy-inhibit, which indicates whether the anyPolicy OID should be processed if it is included in a certificate. (Not implemented, so any policy is valid provided that it is not marked as critical) */ /* Basic Path Processing: For each certificate in the 'chain', the following is checked: 1. The certificate validity period includes the current time. 2. The certificate was signed by its parent (where the parent is either the next in the chain or from the CA store). Allow processing to continue to the next step if no parent is found but the certificate is in the CA store. 3. TODO: The certificate has not been revoked. 4. The certificate issuer name matches the parent's subject name. 5. TODO: If the certificate is self-issued and not the final certificate in the chain, skip this step, otherwise verify that the subject name is within one of the permitted subtrees of X.500 distinguished names and that each of the alternative names in the subjectAltName extension (critical or non-critical) is within one of the permitted subtrees for that name type. 6. TODO: If the certificate is self-issued and not the final certificate in the chain, skip this step, otherwise verify that the subject name is not within one of the excluded subtrees for X.500 distinguished names and none of the subjectAltName extension names are excluded for that name type. 7. The other steps in the algorithm for basic path processing involve handling the policy extension which is not presently supported in this implementation. Instead, if a critical policy extension is found, the certificate is rejected as not supported. 8. If the certificate is not the first or if its the only certificate in the chain (having no parent from the CA store or is self-signed) and it has a critical key usage extension, verify that the keyCertSign bit is set. If the key usage extension exists, verify that the basic constraints extension exists. If the basic constraints extension exists, verify that the cA flag is set. If pathLenConstraint is set, ensure that the number of certificates that precede in the chain (come earlier in the chain as implemented below), excluding the very first in the chain (typically the end-entity one), isn't greater than the pathLenConstraint. This constraint limits the number of intermediate CAs that may appear below a CA before only end-entity certificates may be issued. */ // if a verify callback is passed as the third parameter, package it within // the options object. This is to support a legacy function signature that // expected the verify callback as the third parameter. if(typeof options === 'function') { options = {verify: options}; } options = options || {}; // copy cert chain references to another array to protect against changes // in verify callback chain = chain.slice(0); var certs = chain.slice(0); var validityCheckDate = options.validityCheckDate; // if no validityCheckDate is specified, default to the current date. Make // sure to maintain the value null because it indicates that the validity // period should not be checked. if(typeof validityCheckDate === 'undefined') { validityCheckDate = new Date(); } // verify each cert in the chain using its parent, where the parent // is either the next in the chain or from the CA store var first = true; var error = null; var depth = 0; do { var cert = chain.shift(); var parent = null; var selfSigned = false; if(validityCheckDate) { // 1. check valid time if(validityCheckDate < cert.validity.notBefore || validityCheckDate > cert.validity.notAfter) { error = { message: 'Certificate is not valid yet or has expired.', error: pki.certificateError.certificate_expired, notBefore: cert.validity.notBefore, notAfter: cert.validity.notAfter, // TODO: we might want to reconsider renaming 'now' to // 'validityCheckDate' should this API be changed in the future. now: validityCheckDate }; } } // 2. verify with parent from chain or CA store if(error === null) { parent = chain[0] || caStore.getIssuer(cert); if(parent === null) { // check for self-signed cert if(cert.isIssuer(cert)) { selfSigned = true; parent = cert; } } if(parent) { // FIXME: current CA store implementation might have multiple // certificates where the issuer can't be determined from the // certificate (happens rarely with, eg: old certificates) so normalize // by always putting parents into an array // TODO: there's may be an extreme degenerate case currently uncovered // where an old intermediate certificate seems to have a matching parent // but none of the parents actually verify ... but the intermediate // is in the CA and it should pass this check; needs investigation var parents = parent; if(!forge.util.isArray(parents)) { parents = [parents]; } // try to verify with each possible parent (typically only one) var verified = false; while(!verified && parents.length > 0) { parent = parents.shift(); try { verified = parent.verify(cert); } catch(ex) { // failure to verify, don't care why, try next one } } if(!verified) { error = { message: 'Certificate signature is invalid.', error: pki.certificateError.bad_certificate }; } } if(error === null && (!parent || selfSigned) && !caStore.hasCertificate(cert)) { // no parent issuer and certificate itself is not trusted error = { message: 'Certificate is not trusted.', error: pki.certificateError.unknown_ca }; } } // TODO: 3. check revoked // 4. check for matching issuer/subject if(error === null && parent && !cert.isIssuer(parent)) { // parent is not issuer error = { message: 'Certificate issuer is invalid.', error: pki.certificateError.bad_certificate }; } // 5. TODO: check names with permitted names tree // 6. TODO: check names against excluded names tree // 7. check for unsupported critical extensions if(error === null) { // supported extensions var se = { keyUsage: true, basicConstraints: true }; for(var i = 0; error === null && i < cert.extensions.length; ++i) { var ext = cert.extensions[i]; if(ext.critical && !(ext.name in se)) { error = { message: 'Certificate has an unsupported critical extension.', error: pki.certificateError.unsupported_certificate }; } } } // 8. check for CA if cert is not first or is the only certificate // remaining in chain with no parent or is self-signed if(error === null && (!first || (chain.length === 0 && (!parent || selfSigned)))) { // first check keyUsage extension and then basic constraints var bcExt = cert.getExtension('basicConstraints'); var keyUsageExt = cert.getExtension('keyUsage'); if(keyUsageExt !== null) { // keyCertSign must be true and there must be a basic // constraints extension if(!keyUsageExt.keyCertSign || bcExt === null) { // bad certificate error = { message: 'Certificate keyUsage or basicConstraints conflict ' + 'or indicate that the certificate is not a CA. ' + 'If the certificate is the only one in the chain or ' + 'isn\'t the first then the certificate must be a ' + 'valid CA.', error: pki.certificateError.bad_certificate }; } } // basic constraints cA flag must be set if(error === null && bcExt !== null && !bcExt.cA) { // bad certificate error = { message: 'Certificate basicConstraints indicates the certificate ' + 'is not a CA.', error: pki.certificateError.bad_certificate }; } // if error is not null and keyUsage is available, then we know it // has keyCertSign and there is a basic constraints extension too, // which means we can check pathLenConstraint (if it exists) if(error === null && keyUsageExt !== null && 'pathLenConstraint' in bcExt) { // pathLen is the maximum # of intermediate CA certs that can be // found between the current certificate and the end-entity (depth 0) // certificate; this number does not include the end-entity (depth 0, // last in the chain) even if it happens to be a CA certificate itself var pathLen = depth - 1; if(pathLen > bcExt.pathLenConstraint) { // pathLenConstraint violated, bad certificate error = { message: 'Certificate basicConstraints pathLenConstraint violated.', error: pki.certificateError.bad_certificate }; } } } // call application callback var vfd = (error === null) ? true : error.error; var ret = options.verify ? options.verify(vfd, depth, certs) : vfd; if(ret === true) { // clear any set error error = null; } else { // if passed basic tests, set default message and alert if(vfd === true) { error = { message: 'The application rejected the certificate.', error: pki.certificateError.bad_certificate }; } // check for custom error info if(ret || ret === 0) { // set custom message and error if(typeof ret === 'object' && !forge.util.isArray(ret)) { if(ret.message) { error.message = ret.message; } if(ret.error) { error.error = ret.error; } } else if(typeof ret === 'string') { // set custom error error.error = ret; } } // throw error throw error; } // no longer first cert in chain first = false; ++depth; } while(chain.length > 0); return true; }; /***/ }), /***/ 1223: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var wrappy = __nccwpck_require__(2940) module.exports = wrappy(once) module.exports.strict = wrappy(onceStrict) once.proto = once(function () { Object.defineProperty(Function.prototype, 'once', { value: function () { return once(this) }, configurable: true }) Object.defineProperty(Function.prototype, 'onceStrict', { value: function () { return onceStrict(this) }, configurable: true }) }) function once (fn) { var f = function () { if (f.called) return f.value f.called = true return f.value = fn.apply(this, arguments) } f.called = false return f } function onceStrict (fn) { var f = function () { if (f.called) throw new Error(f.onceError) f.called = true return f.value = fn.apply(this, arguments) } var name = fn.name || 'Function wrapped with `once`' f.onceError = name + " shouldn't be called more than once" f.called = false return f } /***/ }), /***/ 8341: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var once = __nccwpck_require__(1223) var eos = __nccwpck_require__(1205) var fs = __nccwpck_require__(5747) // we only need fs to get the ReadStream and WriteStream prototypes var noop = function () {} var ancient = /^v?\.0/.test(process.version) var isFn = function (fn) { return typeof fn === 'function' } var isFS = function (stream) { if (!ancient) return false // newer node version do not need to care about fs is a special way if (!fs) return false // browser return (stream instanceof (fs.ReadStream || noop) || stream instanceof (fs.WriteStream || noop)) && isFn(stream.close) } var isRequest = function (stream) { return stream.setHeader && isFn(stream.abort) } var destroyer = function (stream, reading, writing, callback) { callback = once(callback) var closed = false stream.on('close', function () { closed = true }) eos(stream, {readable: reading, writable: writing}, function (err) { if (err) return callback(err) closed = true callback() }) var destroyed = false return function (err) { if (closed) return if (destroyed) return destroyed = true if (isFS(stream)) return stream.close(noop) // use close for fs streams to avoid fd leaks if (isRequest(stream)) return stream.abort() // request.destroy just do .end - .abort is what we want if (isFn(stream.destroy)) return stream.destroy() callback(err || new Error('stream was destroyed')) } } var call = function (fn) { fn() } var pipe = function (from, to) { return from.pipe(to) } var pump = function () { var streams = Array.prototype.slice.call(arguments) var callback = isFn(streams[streams.length - 1] || noop) && streams.pop() || noop if (Array.isArray(streams[0])) streams = streams[0] if (streams.length < 2) throw new Error('pump requires two streams per minimum') var error var destroys = streams.map(function (stream, i) { var reading = i < streams.length - 1 var writing = i > 0 return destroyer(stream, reading, writing, function (err) { if (!error) error = err if (err) destroys.forEach(call) if (reading) return destroys.forEach(call) callback(error) }) }) return streams.reduce(pipe) } module.exports = pump /***/ }), /***/ 7214: /***/ ((module) => { "use strict"; const codes = {}; function createErrorType(code, message, Base) { if (!Base) { Base = Error } function getMessage (arg1, arg2, arg3) { if (typeof message === 'string') { return message } else { return message(arg1, arg2, arg3) } } class NodeError extends Base { constructor (arg1, arg2, arg3) { super(getMessage(arg1, arg2, arg3)); } } NodeError.prototype.name = Base.name; NodeError.prototype.code = code; codes[code] = NodeError; } // https://github.com/nodejs/node/blob/v10.8.0/lib/internal/errors.js function oneOf(expected, thing) { if (Array.isArray(expected)) { const len = expected.length; expected = expected.map((i) => String(i)); if (len > 2) { return `one of ${thing} ${expected.slice(0, len - 1).join(', ')}, or ` + expected[len - 1]; } else if (len === 2) { return `one of ${thing} ${expected[0]} or ${expected[1]}`; } else { return `of ${thing} ${expected[0]}`; } } else { return `of ${thing} ${String(expected)}`; } } // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/startsWith function startsWith(str, search, pos) { return str.substr(!pos || pos < 0 ? 0 : +pos, search.length) === search; } // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/endsWith function endsWith(str, search, this_len) { if (this_len === undefined || this_len > str.length) { this_len = str.length; } return str.substring(this_len - search.length, this_len) === search; } // https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/includes function includes(str, search, start) { if (typeof start !== 'number') { start = 0; } if (start + search.length > str.length) { return false; } else { return str.indexOf(search, start) !== -1; } } createErrorType('ERR_INVALID_OPT_VALUE', function (name, value) { return 'The value "' + value + '" is invalid for option "' + name + '"' }, TypeError); createErrorType('ERR_INVALID_ARG_TYPE', function (name, expected, actual) { // determiner: 'must be' or 'must not be' let determiner; if (typeof expected === 'string' && startsWith(expected, 'not ')) { determiner = 'must not be'; expected = expected.replace(/^not /, ''); } else { determiner = 'must be'; } let msg; if (endsWith(name, ' argument')) { // For cases like 'first argument' msg = `The ${name} ${determiner} ${oneOf(expected, 'type')}`; } else { const type = includes(name, '.') ? 'property' : 'argument'; msg = `The "${name}" ${type} ${determiner} ${oneOf(expected, 'type')}`; } msg += `. Received type ${typeof actual}`; return msg; }, TypeError); createErrorType('ERR_STREAM_PUSH_AFTER_EOF', 'stream.push() after EOF'); createErrorType('ERR_METHOD_NOT_IMPLEMENTED', function (name) { return 'The ' + name + ' method is not implemented' }); createErrorType('ERR_STREAM_PREMATURE_CLOSE', 'Premature close'); createErrorType('ERR_STREAM_DESTROYED', function (name) { return 'Cannot call ' + name + ' after a stream was destroyed'; }); createErrorType('ERR_MULTIPLE_CALLBACK', 'Callback called multiple times'); createErrorType('ERR_STREAM_CANNOT_PIPE', 'Cannot pipe, not readable'); createErrorType('ERR_STREAM_WRITE_AFTER_END', 'write after end'); createErrorType('ERR_STREAM_NULL_VALUES', 'May not write null values to stream', TypeError); createErrorType('ERR_UNKNOWN_ENCODING', function (arg) { return 'Unknown encoding: ' + arg }, TypeError); createErrorType('ERR_STREAM_UNSHIFT_AFTER_END_EVENT', 'stream.unshift() after end event'); module.exports.q = codes; /***/ }), /***/ 1359: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; // Copyright Joyent, Inc. and other Node contributors. // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and associated documentation files (the // "Software"), to deal in the Software without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Software, and to permit // persons to whom the Software is furnished to do so, subject to the // following conditions: // // The above copyright notice and this permission notice shall be included // in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. // a duplex stream is just a stream that is both readable and writable. // Since JS doesn't have multiple prototypal inheritance, this class // prototypally inherits from Readable, and then parasitically from // Writable. /**/ var objectKeys = Object.keys || function (obj) { var keys = []; for (var key in obj) { keys.push(key); } return keys; }; /**/ module.exports = Duplex; var Readable = __nccwpck_require__(1433); var Writable = __nccwpck_require__(6993); __nccwpck_require__(4124)(Duplex, Readable); { // Allow the keys array to be GC'ed. var keys = objectKeys(Writable.prototype); for (var v = 0; v < keys.length; v++) { var method = keys[v]; if (!Duplex.prototype[method]) Duplex.prototype[method] = Writable.prototype[method]; } } function Duplex(options) { if (!(this instanceof Duplex)) return new Duplex(options); Readable.call(this, options); Writable.call(this, options); this.allowHalfOpen = true; if (options) { if (options.readable === false) this.readable = false; if (options.writable === false) this.writable = false; if (options.allowHalfOpen === false) { this.allowHalfOpen = false; this.once('end', onend); } } } Object.defineProperty(Duplex.prototype, 'writableHighWaterMark', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { return this._writableState.highWaterMark; } }); Object.defineProperty(Duplex.prototype, 'writableBuffer', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { return this._writableState && this._writableState.getBuffer(); } }); Object.defineProperty(Duplex.prototype, 'writableLength', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { return this._writableState.length; } }); // the no-half-open enforcer function onend() { // If the writable side ended, then we're ok. if (this._writableState.ended) return; // no more data can be written. // But allow more writes to happen in this tick. process.nextTick(onEndNT, this); } function onEndNT(self) { self.end(); } Object.defineProperty(Duplex.prototype, 'destroyed', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { if (this._readableState === undefined || this._writableState === undefined) { return false; } return this._readableState.destroyed && this._writableState.destroyed; }, set: function set(value) { // we ignore the value if the stream // has not been initialized yet if (this._readableState === undefined || this._writableState === undefined) { return; } // backward compatibility, the user is explicitly // managing destroyed this._readableState.destroyed = value; this._writableState.destroyed = value; } }); /***/ }), /***/ 1542: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; // Copyright Joyent, Inc. and other Node contributors. // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and associated documentation files (the // "Software"), to deal in the Software without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Software, and to permit // persons to whom the Software is furnished to do so, subject to the // following conditions: // // The above copyright notice and this permission notice shall be included // in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. // a passthrough stream. // basically just the most minimal sort of Transform stream. // Every written chunk gets output as-is. module.exports = PassThrough; var Transform = __nccwpck_require__(4415); __nccwpck_require__(4124)(PassThrough, Transform); function PassThrough(options) { if (!(this instanceof PassThrough)) return new PassThrough(options); Transform.call(this, options); } PassThrough.prototype._transform = function (chunk, encoding, cb) { cb(null, chunk); }; /***/ }), /***/ 1433: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; // Copyright Joyent, Inc. and other Node contributors. // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and associated documentation files (the // "Software"), to deal in the Software without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Software, and to permit // persons to whom the Software is furnished to do so, subject to the // following conditions: // // The above copyright notice and this permission notice shall be included // in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. module.exports = Readable; /**/ var Duplex; /**/ Readable.ReadableState = ReadableState; /**/ var EE = __nccwpck_require__(8614).EventEmitter; var EElistenerCount = function EElistenerCount(emitter, type) { return emitter.listeners(type).length; }; /**/ /**/ var Stream = __nccwpck_require__(2387); /**/ var Buffer = __nccwpck_require__(4293).Buffer; var OurUint8Array = global.Uint8Array || function () {}; function _uint8ArrayToBuffer(chunk) { return Buffer.from(chunk); } function _isUint8Array(obj) { return Buffer.isBuffer(obj) || obj instanceof OurUint8Array; } /**/ var debugUtil = __nccwpck_require__(1669); var debug; if (debugUtil && debugUtil.debuglog) { debug = debugUtil.debuglog('stream'); } else { debug = function debug() {}; } /**/ var BufferList = __nccwpck_require__(2746); var destroyImpl = __nccwpck_require__(7049); var _require = __nccwpck_require__(9948), getHighWaterMark = _require.getHighWaterMark; var _require$codes = __nccwpck_require__(7214)/* .codes */ .q, ERR_INVALID_ARG_TYPE = _require$codes.ERR_INVALID_ARG_TYPE, ERR_STREAM_PUSH_AFTER_EOF = _require$codes.ERR_STREAM_PUSH_AFTER_EOF, ERR_METHOD_NOT_IMPLEMENTED = _require$codes.ERR_METHOD_NOT_IMPLEMENTED, ERR_STREAM_UNSHIFT_AFTER_END_EVENT = _require$codes.ERR_STREAM_UNSHIFT_AFTER_END_EVENT; // Lazy loaded to improve the startup performance. var StringDecoder; var createReadableStreamAsyncIterator; var from; __nccwpck_require__(4124)(Readable, Stream); var errorOrDestroy = destroyImpl.errorOrDestroy; var kProxyEvents = ['error', 'close', 'destroy', 'pause', 'resume']; function prependListener(emitter, event, fn) { // Sadly this is not cacheable as some libraries bundle their own // event emitter implementation with them. if (typeof emitter.prependListener === 'function') return emitter.prependListener(event, fn); // This is a hack to make sure that our error handler is attached before any // userland ones. NEVER DO THIS. This is here only because this code needs // to continue to work with older versions of Node.js that do not include // the prependListener() method. The goal is to eventually remove this hack. if (!emitter._events || !emitter._events[event]) emitter.on(event, fn);else if (Array.isArray(emitter._events[event])) emitter._events[event].unshift(fn);else emitter._events[event] = [fn, emitter._events[event]]; } function ReadableState(options, stream, isDuplex) { Duplex = Duplex || __nccwpck_require__(1359); options = options || {}; // Duplex streams are both readable and writable, but share // the same options object. // However, some cases require setting options to different // values for the readable and the writable sides of the duplex stream. // These options can be provided separately as readableXXX and writableXXX. if (typeof isDuplex !== 'boolean') isDuplex = stream instanceof Duplex; // object stream flag. Used to make read(n) ignore n and to // make all the buffer merging and length checks go away this.objectMode = !!options.objectMode; if (isDuplex) this.objectMode = this.objectMode || !!options.readableObjectMode; // the point at which it stops calling _read() to fill the buffer // Note: 0 is a valid value, means "don't call _read preemptively ever" this.highWaterMark = getHighWaterMark(this, options, 'readableHighWaterMark', isDuplex); // A linked list is used to store data chunks instead of an array because the // linked list can remove elements from the beginning faster than // array.shift() this.buffer = new BufferList(); this.length = 0; this.pipes = null; this.pipesCount = 0; this.flowing = null; this.ended = false; this.endEmitted = false; this.reading = false; // a flag to be able to tell if the event 'readable'/'data' is emitted // immediately, or on a later tick. We set this to true at first, because // any actions that shouldn't happen until "later" should generally also // not happen before the first read call. this.sync = true; // whenever we return null, then we set a flag to say // that we're awaiting a 'readable' event emission. this.needReadable = false; this.emittedReadable = false; this.readableListening = false; this.resumeScheduled = false; this.paused = true; // Should close be emitted on destroy. Defaults to true. this.emitClose = options.emitClose !== false; // Should .destroy() be called after 'end' (and potentially 'finish') this.autoDestroy = !!options.autoDestroy; // has it been destroyed this.destroyed = false; // Crypto is kind of old and crusty. Historically, its default string // encoding is 'binary' so we have to make this configurable. // Everything else in the universe uses 'utf8', though. this.defaultEncoding = options.defaultEncoding || 'utf8'; // the number of writers that are awaiting a drain event in .pipe()s this.awaitDrain = 0; // if true, a maybeReadMore has been scheduled this.readingMore = false; this.decoder = null; this.encoding = null; if (options.encoding) { if (!StringDecoder) StringDecoder = __nccwpck_require__(4841)/* .StringDecoder */ .s; this.decoder = new StringDecoder(options.encoding); this.encoding = options.encoding; } } function Readable(options) { Duplex = Duplex || __nccwpck_require__(1359); if (!(this instanceof Readable)) return new Readable(options); // Checking for a Stream.Duplex instance is faster here instead of inside // the ReadableState constructor, at least with V8 6.5 var isDuplex = this instanceof Duplex; this._readableState = new ReadableState(options, this, isDuplex); // legacy this.readable = true; if (options) { if (typeof options.read === 'function') this._read = options.read; if (typeof options.destroy === 'function') this._destroy = options.destroy; } Stream.call(this); } Object.defineProperty(Readable.prototype, 'destroyed', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { if (this._readableState === undefined) { return false; } return this._readableState.destroyed; }, set: function set(value) { // we ignore the value if the stream // has not been initialized yet if (!this._readableState) { return; } // backward compatibility, the user is explicitly // managing destroyed this._readableState.destroyed = value; } }); Readable.prototype.destroy = destroyImpl.destroy; Readable.prototype._undestroy = destroyImpl.undestroy; Readable.prototype._destroy = function (err, cb) { cb(err); }; // Manually shove something into the read() buffer. // This returns true if the highWaterMark has not been hit yet, // similar to how Writable.write() returns true if you should // write() some more. Readable.prototype.push = function (chunk, encoding) { var state = this._readableState; var skipChunkCheck; if (!state.objectMode) { if (typeof chunk === 'string') { encoding = encoding || state.defaultEncoding; if (encoding !== state.encoding) { chunk = Buffer.from(chunk, encoding); encoding = ''; } skipChunkCheck = true; } } else { skipChunkCheck = true; } return readableAddChunk(this, chunk, encoding, false, skipChunkCheck); }; // Unshift should *always* be something directly out of read() Readable.prototype.unshift = function (chunk) { return readableAddChunk(this, chunk, null, true, false); }; function readableAddChunk(stream, chunk, encoding, addToFront, skipChunkCheck) { debug('readableAddChunk', chunk); var state = stream._readableState; if (chunk === null) { state.reading = false; onEofChunk(stream, state); } else { var er; if (!skipChunkCheck) er = chunkInvalid(state, chunk); if (er) { errorOrDestroy(stream, er); } else if (state.objectMode || chunk && chunk.length > 0) { if (typeof chunk !== 'string' && !state.objectMode && Object.getPrototypeOf(chunk) !== Buffer.prototype) { chunk = _uint8ArrayToBuffer(chunk); } if (addToFront) { if (state.endEmitted) errorOrDestroy(stream, new ERR_STREAM_UNSHIFT_AFTER_END_EVENT());else addChunk(stream, state, chunk, true); } else if (state.ended) { errorOrDestroy(stream, new ERR_STREAM_PUSH_AFTER_EOF()); } else if (state.destroyed) { return false; } else { state.reading = false; if (state.decoder && !encoding) { chunk = state.decoder.write(chunk); if (state.objectMode || chunk.length !== 0) addChunk(stream, state, chunk, false);else maybeReadMore(stream, state); } else { addChunk(stream, state, chunk, false); } } } else if (!addToFront) { state.reading = false; maybeReadMore(stream, state); } } // We can push more data if we are below the highWaterMark. // Also, if we have no data yet, we can stand some more bytes. // This is to work around cases where hwm=0, such as the repl. return !state.ended && (state.length < state.highWaterMark || state.length === 0); } function addChunk(stream, state, chunk, addToFront) { if (state.flowing && state.length === 0 && !state.sync) { state.awaitDrain = 0; stream.emit('data', chunk); } else { // update the buffer info. state.length += state.objectMode ? 1 : chunk.length; if (addToFront) state.buffer.unshift(chunk);else state.buffer.push(chunk); if (state.needReadable) emitReadable(stream); } maybeReadMore(stream, state); } function chunkInvalid(state, chunk) { var er; if (!_isUint8Array(chunk) && typeof chunk !== 'string' && chunk !== undefined && !state.objectMode) { er = new ERR_INVALID_ARG_TYPE('chunk', ['string', 'Buffer', 'Uint8Array'], chunk); } return er; } Readable.prototype.isPaused = function () { return this._readableState.flowing === false; }; // backwards compatibility. Readable.prototype.setEncoding = function (enc) { if (!StringDecoder) StringDecoder = __nccwpck_require__(4841)/* .StringDecoder */ .s; var decoder = new StringDecoder(enc); this._readableState.decoder = decoder; // If setEncoding(null), decoder.encoding equals utf8 this._readableState.encoding = this._readableState.decoder.encoding; // Iterate over current buffer to convert already stored Buffers: var p = this._readableState.buffer.head; var content = ''; while (p !== null) { content += decoder.write(p.data); p = p.next; } this._readableState.buffer.clear(); if (content !== '') this._readableState.buffer.push(content); this._readableState.length = content.length; return this; }; // Don't raise the hwm > 1GB var MAX_HWM = 0x40000000; function computeNewHighWaterMark(n) { if (n >= MAX_HWM) { // TODO(ronag): Throw ERR_VALUE_OUT_OF_RANGE. n = MAX_HWM; } else { // Get the next highest power of 2 to prevent increasing hwm excessively in // tiny amounts n--; n |= n >>> 1; n |= n >>> 2; n |= n >>> 4; n |= n >>> 8; n |= n >>> 16; n++; } return n; } // This function is designed to be inlinable, so please take care when making // changes to the function body. function howMuchToRead(n, state) { if (n <= 0 || state.length === 0 && state.ended) return 0; if (state.objectMode) return 1; if (n !== n) { // Only flow one buffer at a time if (state.flowing && state.length) return state.buffer.head.data.length;else return state.length; } // If we're asking for more than the current hwm, then raise the hwm. if (n > state.highWaterMark) state.highWaterMark = computeNewHighWaterMark(n); if (n <= state.length) return n; // Don't have enough if (!state.ended) { state.needReadable = true; return 0; } return state.length; } // you can override either this method, or the async _read(n) below. Readable.prototype.read = function (n) { debug('read', n); n = parseInt(n, 10); var state = this._readableState; var nOrig = n; if (n !== 0) state.emittedReadable = false; // if we're doing read(0) to trigger a readable event, but we // already have a bunch of data in the buffer, then just trigger // the 'readable' event and move on. if (n === 0 && state.needReadable && ((state.highWaterMark !== 0 ? state.length >= state.highWaterMark : state.length > 0) || state.ended)) { debug('read: emitReadable', state.length, state.ended); if (state.length === 0 && state.ended) endReadable(this);else emitReadable(this); return null; } n = howMuchToRead(n, state); // if we've ended, and we're now clear, then finish it up. if (n === 0 && state.ended) { if (state.length === 0) endReadable(this); return null; } // All the actual chunk generation logic needs to be // *below* the call to _read. The reason is that in certain // synthetic stream cases, such as passthrough streams, _read // may be a completely synchronous operation which may change // the state of the read buffer, providing enough data when // before there was *not* enough. // // So, the steps are: // 1. Figure out what the state of things will be after we do // a read from the buffer. // // 2. If that resulting state will trigger a _read, then call _read. // Note that this may be asynchronous, or synchronous. Yes, it is // deeply ugly to write APIs this way, but that still doesn't mean // that the Readable class should behave improperly, as streams are // designed to be sync/async agnostic. // Take note if the _read call is sync or async (ie, if the read call // has returned yet), so that we know whether or not it's safe to emit // 'readable' etc. // // 3. Actually pull the requested chunks out of the buffer and return. // if we need a readable event, then we need to do some reading. var doRead = state.needReadable; debug('need readable', doRead); // if we currently have less than the highWaterMark, then also read some if (state.length === 0 || state.length - n < state.highWaterMark) { doRead = true; debug('length less than watermark', doRead); } // however, if we've ended, then there's no point, and if we're already // reading, then it's unnecessary. if (state.ended || state.reading) { doRead = false; debug('reading or ended', doRead); } else if (doRead) { debug('do read'); state.reading = true; state.sync = true; // if the length is currently zero, then we *need* a readable event. if (state.length === 0) state.needReadable = true; // call internal read method this._read(state.highWaterMark); state.sync = false; // If _read pushed data synchronously, then `reading` will be false, // and we need to re-evaluate how much data we can return to the user. if (!state.reading) n = howMuchToRead(nOrig, state); } var ret; if (n > 0) ret = fromList(n, state);else ret = null; if (ret === null) { state.needReadable = state.length <= state.highWaterMark; n = 0; } else { state.length -= n; state.awaitDrain = 0; } if (state.length === 0) { // If we have nothing in the buffer, then we want to know // as soon as we *do* get something into the buffer. if (!state.ended) state.needReadable = true; // If we tried to read() past the EOF, then emit end on the next tick. if (nOrig !== n && state.ended) endReadable(this); } if (ret !== null) this.emit('data', ret); return ret; }; function onEofChunk(stream, state) { debug('onEofChunk'); if (state.ended) return; if (state.decoder) { var chunk = state.decoder.end(); if (chunk && chunk.length) { state.buffer.push(chunk); state.length += state.objectMode ? 1 : chunk.length; } } state.ended = true; if (state.sync) { // if we are sync, wait until next tick to emit the data. // Otherwise we risk emitting data in the flow() // the readable code triggers during a read() call emitReadable(stream); } else { // emit 'readable' now to make sure it gets picked up. state.needReadable = false; if (!state.emittedReadable) { state.emittedReadable = true; emitReadable_(stream); } } } // Don't emit readable right away in sync mode, because this can trigger // another read() call => stack overflow. This way, it might trigger // a nextTick recursion warning, but that's not so bad. function emitReadable(stream) { var state = stream._readableState; debug('emitReadable', state.needReadable, state.emittedReadable); state.needReadable = false; if (!state.emittedReadable) { debug('emitReadable', state.flowing); state.emittedReadable = true; process.nextTick(emitReadable_, stream); } } function emitReadable_(stream) { var state = stream._readableState; debug('emitReadable_', state.destroyed, state.length, state.ended); if (!state.destroyed && (state.length || state.ended)) { stream.emit('readable'); state.emittedReadable = false; } // The stream needs another readable event if // 1. It is not flowing, as the flow mechanism will take // care of it. // 2. It is not ended. // 3. It is below the highWaterMark, so we can schedule // another readable later. state.needReadable = !state.flowing && !state.ended && state.length <= state.highWaterMark; flow(stream); } // at this point, the user has presumably seen the 'readable' event, // and called read() to consume some data. that may have triggered // in turn another _read(n) call, in which case reading = true if // it's in progress. // However, if we're not ended, or reading, and the length < hwm, // then go ahead and try to read some more preemptively. function maybeReadMore(stream, state) { if (!state.readingMore) { state.readingMore = true; process.nextTick(maybeReadMore_, stream, state); } } function maybeReadMore_(stream, state) { // Attempt to read more data if we should. // // The conditions for reading more data are (one of): // - Not enough data buffered (state.length < state.highWaterMark). The loop // is responsible for filling the buffer with enough data if such data // is available. If highWaterMark is 0 and we are not in the flowing mode // we should _not_ attempt to buffer any extra data. We'll get more data // when the stream consumer calls read() instead. // - No data in the buffer, and the stream is in flowing mode. In this mode // the loop below is responsible for ensuring read() is called. Failing to // call read here would abort the flow and there's no other mechanism for // continuing the flow if the stream consumer has just subscribed to the // 'data' event. // // In addition to the above conditions to keep reading data, the following // conditions prevent the data from being read: // - The stream has ended (state.ended). // - There is already a pending 'read' operation (state.reading). This is a // case where the the stream has called the implementation defined _read() // method, but they are processing the call asynchronously and have _not_ // called push() with new data. In this case we skip performing more // read()s. The execution ends in this method again after the _read() ends // up calling push() with more data. while (!state.reading && !state.ended && (state.length < state.highWaterMark || state.flowing && state.length === 0)) { var len = state.length; debug('maybeReadMore read 0'); stream.read(0); if (len === state.length) // didn't get any data, stop spinning. break; } state.readingMore = false; } // abstract method. to be overridden in specific implementation classes. // call cb(er, data) where data is <= n in length. // for virtual (non-string, non-buffer) streams, "length" is somewhat // arbitrary, and perhaps not very meaningful. Readable.prototype._read = function (n) { errorOrDestroy(this, new ERR_METHOD_NOT_IMPLEMENTED('_read()')); }; Readable.prototype.pipe = function (dest, pipeOpts) { var src = this; var state = this._readableState; switch (state.pipesCount) { case 0: state.pipes = dest; break; case 1: state.pipes = [state.pipes, dest]; break; default: state.pipes.push(dest); break; } state.pipesCount += 1; debug('pipe count=%d opts=%j', state.pipesCount, pipeOpts); var doEnd = (!pipeOpts || pipeOpts.end !== false) && dest !== process.stdout && dest !== process.stderr; var endFn = doEnd ? onend : unpipe; if (state.endEmitted) process.nextTick(endFn);else src.once('end', endFn); dest.on('unpipe', onunpipe); function onunpipe(readable, unpipeInfo) { debug('onunpipe'); if (readable === src) { if (unpipeInfo && unpipeInfo.hasUnpiped === false) { unpipeInfo.hasUnpiped = true; cleanup(); } } } function onend() { debug('onend'); dest.end(); } // when the dest drains, it reduces the awaitDrain counter // on the source. This would be more elegant with a .once() // handler in flow(), but adding and removing repeatedly is // too slow. var ondrain = pipeOnDrain(src); dest.on('drain', ondrain); var cleanedUp = false; function cleanup() { debug('cleanup'); // cleanup event handlers once the pipe is broken dest.removeListener('close', onclose); dest.removeListener('finish', onfinish); dest.removeListener('drain', ondrain); dest.removeListener('error', onerror); dest.removeListener('unpipe', onunpipe); src.removeListener('end', onend); src.removeListener('end', unpipe); src.removeListener('data', ondata); cleanedUp = true; // if the reader is waiting for a drain event from this // specific writer, then it would cause it to never start // flowing again. // So, if this is awaiting a drain, then we just call it now. // If we don't know, then assume that we are waiting for one. if (state.awaitDrain && (!dest._writableState || dest._writableState.needDrain)) ondrain(); } src.on('data', ondata); function ondata(chunk) { debug('ondata'); var ret = dest.write(chunk); debug('dest.write', ret); if (ret === false) { // If the user unpiped during `dest.write()`, it is possible // to get stuck in a permanently paused state if that write // also returned false. // => Check whether `dest` is still a piping destination. if ((state.pipesCount === 1 && state.pipes === dest || state.pipesCount > 1 && indexOf(state.pipes, dest) !== -1) && !cleanedUp) { debug('false write response, pause', state.awaitDrain); state.awaitDrain++; } src.pause(); } } // if the dest has an error, then stop piping into it. // however, don't suppress the throwing behavior for this. function onerror(er) { debug('onerror', er); unpipe(); dest.removeListener('error', onerror); if (EElistenerCount(dest, 'error') === 0) errorOrDestroy(dest, er); } // Make sure our error handler is attached before userland ones. prependListener(dest, 'error', onerror); // Both close and finish should trigger unpipe, but only once. function onclose() { dest.removeListener('finish', onfinish); unpipe(); } dest.once('close', onclose); function onfinish() { debug('onfinish'); dest.removeListener('close', onclose); unpipe(); } dest.once('finish', onfinish); function unpipe() { debug('unpipe'); src.unpipe(dest); } // tell the dest that it's being piped to dest.emit('pipe', src); // start the flow if it hasn't been started already. if (!state.flowing) { debug('pipe resume'); src.resume(); } return dest; }; function pipeOnDrain(src) { return function pipeOnDrainFunctionResult() { var state = src._readableState; debug('pipeOnDrain', state.awaitDrain); if (state.awaitDrain) state.awaitDrain--; if (state.awaitDrain === 0 && EElistenerCount(src, 'data')) { state.flowing = true; flow(src); } }; } Readable.prototype.unpipe = function (dest) { var state = this._readableState; var unpipeInfo = { hasUnpiped: false }; // if we're not piping anywhere, then do nothing. if (state.pipesCount === 0) return this; // just one destination. most common case. if (state.pipesCount === 1) { // passed in one, but it's not the right one. if (dest && dest !== state.pipes) return this; if (!dest) dest = state.pipes; // got a match. state.pipes = null; state.pipesCount = 0; state.flowing = false; if (dest) dest.emit('unpipe', this, unpipeInfo); return this; } // slow case. multiple pipe destinations. if (!dest) { // remove all. var dests = state.pipes; var len = state.pipesCount; state.pipes = null; state.pipesCount = 0; state.flowing = false; for (var i = 0; i < len; i++) { dests[i].emit('unpipe', this, { hasUnpiped: false }); } return this; } // try to find the right one. var index = indexOf(state.pipes, dest); if (index === -1) return this; state.pipes.splice(index, 1); state.pipesCount -= 1; if (state.pipesCount === 1) state.pipes = state.pipes[0]; dest.emit('unpipe', this, unpipeInfo); return this; }; // set up data events if they are asked for // Ensure readable listeners eventually get something Readable.prototype.on = function (ev, fn) { var res = Stream.prototype.on.call(this, ev, fn); var state = this._readableState; if (ev === 'data') { // update readableListening so that resume() may be a no-op // a few lines down. This is needed to support once('readable'). state.readableListening = this.listenerCount('readable') > 0; // Try start flowing on next tick if stream isn't explicitly paused if (state.flowing !== false) this.resume(); } else if (ev === 'readable') { if (!state.endEmitted && !state.readableListening) { state.readableListening = state.needReadable = true; state.flowing = false; state.emittedReadable = false; debug('on readable', state.length, state.reading); if (state.length) { emitReadable(this); } else if (!state.reading) { process.nextTick(nReadingNextTick, this); } } } return res; }; Readable.prototype.addListener = Readable.prototype.on; Readable.prototype.removeListener = function (ev, fn) { var res = Stream.prototype.removeListener.call(this, ev, fn); if (ev === 'readable') { // We need to check if there is someone still listening to // readable and reset the state. However this needs to happen // after readable has been emitted but before I/O (nextTick) to // support once('readable', fn) cycles. This means that calling // resume within the same tick will have no // effect. process.nextTick(updateReadableListening, this); } return res; }; Readable.prototype.removeAllListeners = function (ev) { var res = Stream.prototype.removeAllListeners.apply(this, arguments); if (ev === 'readable' || ev === undefined) { // We need to check if there is someone still listening to // readable and reset the state. However this needs to happen // after readable has been emitted but before I/O (nextTick) to // support once('readable', fn) cycles. This means that calling // resume within the same tick will have no // effect. process.nextTick(updateReadableListening, this); } return res; }; function updateReadableListening(self) { var state = self._readableState; state.readableListening = self.listenerCount('readable') > 0; if (state.resumeScheduled && !state.paused) { // flowing needs to be set to true now, otherwise // the upcoming resume will not flow. state.flowing = true; // crude way to check if we should resume } else if (self.listenerCount('data') > 0) { self.resume(); } } function nReadingNextTick(self) { debug('readable nexttick read 0'); self.read(0); } // pause() and resume() are remnants of the legacy readable stream API // If the user uses them, then switch into old mode. Readable.prototype.resume = function () { var state = this._readableState; if (!state.flowing) { debug('resume'); // we flow only if there is no one listening // for readable, but we still have to call // resume() state.flowing = !state.readableListening; resume(this, state); } state.paused = false; return this; }; function resume(stream, state) { if (!state.resumeScheduled) { state.resumeScheduled = true; process.nextTick(resume_, stream, state); } } function resume_(stream, state) { debug('resume', state.reading); if (!state.reading) { stream.read(0); } state.resumeScheduled = false; stream.emit('resume'); flow(stream); if (state.flowing && !state.reading) stream.read(0); } Readable.prototype.pause = function () { debug('call pause flowing=%j', this._readableState.flowing); if (this._readableState.flowing !== false) { debug('pause'); this._readableState.flowing = false; this.emit('pause'); } this._readableState.paused = true; return this; }; function flow(stream) { var state = stream._readableState; debug('flow', state.flowing); while (state.flowing && stream.read() !== null) { ; } } // wrap an old-style stream as the async data source. // This is *not* part of the readable stream interface. // It is an ugly unfortunate mess of history. Readable.prototype.wrap = function (stream) { var _this = this; var state = this._readableState; var paused = false; stream.on('end', function () { debug('wrapped end'); if (state.decoder && !state.ended) { var chunk = state.decoder.end(); if (chunk && chunk.length) _this.push(chunk); } _this.push(null); }); stream.on('data', function (chunk) { debug('wrapped data'); if (state.decoder) chunk = state.decoder.write(chunk); // don't skip over falsy values in objectMode if (state.objectMode && (chunk === null || chunk === undefined)) return;else if (!state.objectMode && (!chunk || !chunk.length)) return; var ret = _this.push(chunk); if (!ret) { paused = true; stream.pause(); } }); // proxy all the other methods. // important when wrapping filters and duplexes. for (var i in stream) { if (this[i] === undefined && typeof stream[i] === 'function') { this[i] = function methodWrap(method) { return function methodWrapReturnFunction() { return stream[method].apply(stream, arguments); }; }(i); } } // proxy certain important events. for (var n = 0; n < kProxyEvents.length; n++) { stream.on(kProxyEvents[n], this.emit.bind(this, kProxyEvents[n])); } // when we try to consume some more bytes, simply unpause the // underlying stream. this._read = function (n) { debug('wrapped _read', n); if (paused) { paused = false; stream.resume(); } }; return this; }; if (typeof Symbol === 'function') { Readable.prototype[Symbol.asyncIterator] = function () { if (createReadableStreamAsyncIterator === undefined) { createReadableStreamAsyncIterator = __nccwpck_require__(3306); } return createReadableStreamAsyncIterator(this); }; } Object.defineProperty(Readable.prototype, 'readableHighWaterMark', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { return this._readableState.highWaterMark; } }); Object.defineProperty(Readable.prototype, 'readableBuffer', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { return this._readableState && this._readableState.buffer; } }); Object.defineProperty(Readable.prototype, 'readableFlowing', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { return this._readableState.flowing; }, set: function set(state) { if (this._readableState) { this._readableState.flowing = state; } } }); // exposed for testing purposes only. Readable._fromList = fromList; Object.defineProperty(Readable.prototype, 'readableLength', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { return this._readableState.length; } }); // Pluck off n bytes from an array of buffers. // Length is the combined lengths of all the buffers in the list. // This function is designed to be inlinable, so please take care when making // changes to the function body. function fromList(n, state) { // nothing buffered if (state.length === 0) return null; var ret; if (state.objectMode) ret = state.buffer.shift();else if (!n || n >= state.length) { // read it all, truncate the list if (state.decoder) ret = state.buffer.join('');else if (state.buffer.length === 1) ret = state.buffer.first();else ret = state.buffer.concat(state.length); state.buffer.clear(); } else { // read part of list ret = state.buffer.consume(n, state.decoder); } return ret; } function endReadable(stream) { var state = stream._readableState; debug('endReadable', state.endEmitted); if (!state.endEmitted) { state.ended = true; process.nextTick(endReadableNT, state, stream); } } function endReadableNT(state, stream) { debug('endReadableNT', state.endEmitted, state.length); // Check that we didn't get one last unshift. if (!state.endEmitted && state.length === 0) { state.endEmitted = true; stream.readable = false; stream.emit('end'); if (state.autoDestroy) { // In case of duplex streams we need a way to detect // if the writable side is ready for autoDestroy as well var wState = stream._writableState; if (!wState || wState.autoDestroy && wState.finished) { stream.destroy(); } } } } if (typeof Symbol === 'function') { Readable.from = function (iterable, opts) { if (from === undefined) { from = __nccwpck_require__(9082); } return from(Readable, iterable, opts); }; } function indexOf(xs, x) { for (var i = 0, l = xs.length; i < l; i++) { if (xs[i] === x) return i; } return -1; } /***/ }), /***/ 4415: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; // Copyright Joyent, Inc. and other Node contributors. // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and associated documentation files (the // "Software"), to deal in the Software without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Software, and to permit // persons to whom the Software is furnished to do so, subject to the // following conditions: // // The above copyright notice and this permission notice shall be included // in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. // a transform stream is a readable/writable stream where you do // something with the data. Sometimes it's called a "filter", // but that's not a great name for it, since that implies a thing where // some bits pass through, and others are simply ignored. (That would // be a valid example of a transform, of course.) // // While the output is causally related to the input, it's not a // necessarily symmetric or synchronous transformation. For example, // a zlib stream might take multiple plain-text writes(), and then // emit a single compressed chunk some time in the future. // // Here's how this works: // // The Transform stream has all the aspects of the readable and writable // stream classes. When you write(chunk), that calls _write(chunk,cb) // internally, and returns false if there's a lot of pending writes // buffered up. When you call read(), that calls _read(n) until // there's enough pending readable data buffered up. // // In a transform stream, the written data is placed in a buffer. When // _read(n) is called, it transforms the queued up data, calling the // buffered _write cb's as it consumes chunks. If consuming a single // written chunk would result in multiple output chunks, then the first // outputted bit calls the readcb, and subsequent chunks just go into // the read buffer, and will cause it to emit 'readable' if necessary. // // This way, back-pressure is actually determined by the reading side, // since _read has to be called to start processing a new chunk. However, // a pathological inflate type of transform can cause excessive buffering // here. For example, imagine a stream where every byte of input is // interpreted as an integer from 0-255, and then results in that many // bytes of output. Writing the 4 bytes {ff,ff,ff,ff} would result in // 1kb of data being output. In this case, you could write a very small // amount of input, and end up with a very large amount of output. In // such a pathological inflating mechanism, there'd be no way to tell // the system to stop doing the transform. A single 4MB write could // cause the system to run out of memory. // // However, even in such a pathological case, only a single written chunk // would be consumed, and then the rest would wait (un-transformed) until // the results of the previous transformed chunk were consumed. module.exports = Transform; var _require$codes = __nccwpck_require__(7214)/* .codes */ .q, ERR_METHOD_NOT_IMPLEMENTED = _require$codes.ERR_METHOD_NOT_IMPLEMENTED, ERR_MULTIPLE_CALLBACK = _require$codes.ERR_MULTIPLE_CALLBACK, ERR_TRANSFORM_ALREADY_TRANSFORMING = _require$codes.ERR_TRANSFORM_ALREADY_TRANSFORMING, ERR_TRANSFORM_WITH_LENGTH_0 = _require$codes.ERR_TRANSFORM_WITH_LENGTH_0; var Duplex = __nccwpck_require__(1359); __nccwpck_require__(4124)(Transform, Duplex); function afterTransform(er, data) { var ts = this._transformState; ts.transforming = false; var cb = ts.writecb; if (cb === null) { return this.emit('error', new ERR_MULTIPLE_CALLBACK()); } ts.writechunk = null; ts.writecb = null; if (data != null) // single equals check for both `null` and `undefined` this.push(data); cb(er); var rs = this._readableState; rs.reading = false; if (rs.needReadable || rs.length < rs.highWaterMark) { this._read(rs.highWaterMark); } } function Transform(options) { if (!(this instanceof Transform)) return new Transform(options); Duplex.call(this, options); this._transformState = { afterTransform: afterTransform.bind(this), needTransform: false, transforming: false, writecb: null, writechunk: null, writeencoding: null }; // start out asking for a readable event once data is transformed. this._readableState.needReadable = true; // we have implemented the _read method, and done the other things // that Readable wants before the first _read call, so unset the // sync guard flag. this._readableState.sync = false; if (options) { if (typeof options.transform === 'function') this._transform = options.transform; if (typeof options.flush === 'function') this._flush = options.flush; } // When the writable side finishes, then flush out anything remaining. this.on('prefinish', prefinish); } function prefinish() { var _this = this; if (typeof this._flush === 'function' && !this._readableState.destroyed) { this._flush(function (er, data) { done(_this, er, data); }); } else { done(this, null, null); } } Transform.prototype.push = function (chunk, encoding) { this._transformState.needTransform = false; return Duplex.prototype.push.call(this, chunk, encoding); }; // This is the part where you do stuff! // override this function in implementation classes. // 'chunk' is an input chunk. // // Call `push(newChunk)` to pass along transformed output // to the readable side. You may call 'push' zero or more times. // // Call `cb(err)` when you are done with this chunk. If you pass // an error, then that'll put the hurt on the whole operation. If you // never call cb(), then you'll never get another chunk. Transform.prototype._transform = function (chunk, encoding, cb) { cb(new ERR_METHOD_NOT_IMPLEMENTED('_transform()')); }; Transform.prototype._write = function (chunk, encoding, cb) { var ts = this._transformState; ts.writecb = cb; ts.writechunk = chunk; ts.writeencoding = encoding; if (!ts.transforming) { var rs = this._readableState; if (ts.needTransform || rs.needReadable || rs.length < rs.highWaterMark) this._read(rs.highWaterMark); } }; // Doesn't matter what the args are here. // _transform does all the work. // That we got here means that the readable side wants more data. Transform.prototype._read = function (n) { var ts = this._transformState; if (ts.writechunk !== null && !ts.transforming) { ts.transforming = true; this._transform(ts.writechunk, ts.writeencoding, ts.afterTransform); } else { // mark that we need a transform, so that any data that comes in // will get processed, now that we've asked for it. ts.needTransform = true; } }; Transform.prototype._destroy = function (err, cb) { Duplex.prototype._destroy.call(this, err, function (err2) { cb(err2); }); }; function done(stream, er, data) { if (er) return stream.emit('error', er); if (data != null) // single equals check for both `null` and `undefined` stream.push(data); // TODO(BridgeAR): Write a test for these two error cases // if there's nothing in the write buffer, then that means // that nothing more will ever be provided if (stream._writableState.length) throw new ERR_TRANSFORM_WITH_LENGTH_0(); if (stream._transformState.transforming) throw new ERR_TRANSFORM_ALREADY_TRANSFORMING(); return stream.push(null); } /***/ }), /***/ 6993: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; // Copyright Joyent, Inc. and other Node contributors. // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and associated documentation files (the // "Software"), to deal in the Software without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Software, and to permit // persons to whom the Software is furnished to do so, subject to the // following conditions: // // The above copyright notice and this permission notice shall be included // in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. // A bit simpler than readable streams. // Implement an async ._write(chunk, encoding, cb), and it'll handle all // the drain event emission and buffering. module.exports = Writable; /* */ function WriteReq(chunk, encoding, cb) { this.chunk = chunk; this.encoding = encoding; this.callback = cb; this.next = null; } // It seems a linked list but it is not // there will be only 2 of these for each stream function CorkedRequest(state) { var _this = this; this.next = null; this.entry = null; this.finish = function () { onCorkedFinish(_this, state); }; } /* */ /**/ var Duplex; /**/ Writable.WritableState = WritableState; /**/ var internalUtil = { deprecate: __nccwpck_require__(7127) }; /**/ /**/ var Stream = __nccwpck_require__(2387); /**/ var Buffer = __nccwpck_require__(4293).Buffer; var OurUint8Array = global.Uint8Array || function () {}; function _uint8ArrayToBuffer(chunk) { return Buffer.from(chunk); } function _isUint8Array(obj) { return Buffer.isBuffer(obj) || obj instanceof OurUint8Array; } var destroyImpl = __nccwpck_require__(7049); var _require = __nccwpck_require__(9948), getHighWaterMark = _require.getHighWaterMark; var _require$codes = __nccwpck_require__(7214)/* .codes */ .q, ERR_INVALID_ARG_TYPE = _require$codes.ERR_INVALID_ARG_TYPE, ERR_METHOD_NOT_IMPLEMENTED = _require$codes.ERR_METHOD_NOT_IMPLEMENTED, ERR_MULTIPLE_CALLBACK = _require$codes.ERR_MULTIPLE_CALLBACK, ERR_STREAM_CANNOT_PIPE = _require$codes.ERR_STREAM_CANNOT_PIPE, ERR_STREAM_DESTROYED = _require$codes.ERR_STREAM_DESTROYED, ERR_STREAM_NULL_VALUES = _require$codes.ERR_STREAM_NULL_VALUES, ERR_STREAM_WRITE_AFTER_END = _require$codes.ERR_STREAM_WRITE_AFTER_END, ERR_UNKNOWN_ENCODING = _require$codes.ERR_UNKNOWN_ENCODING; var errorOrDestroy = destroyImpl.errorOrDestroy; __nccwpck_require__(4124)(Writable, Stream); function nop() {} function WritableState(options, stream, isDuplex) { Duplex = Duplex || __nccwpck_require__(1359); options = options || {}; // Duplex streams are both readable and writable, but share // the same options object. // However, some cases require setting options to different // values for the readable and the writable sides of the duplex stream, // e.g. options.readableObjectMode vs. options.writableObjectMode, etc. if (typeof isDuplex !== 'boolean') isDuplex = stream instanceof Duplex; // object stream flag to indicate whether or not this stream // contains buffers or objects. this.objectMode = !!options.objectMode; if (isDuplex) this.objectMode = this.objectMode || !!options.writableObjectMode; // the point at which write() starts returning false // Note: 0 is a valid value, means that we always return false if // the entire buffer is not flushed immediately on write() this.highWaterMark = getHighWaterMark(this, options, 'writableHighWaterMark', isDuplex); // if _final has been called this.finalCalled = false; // drain event flag. this.needDrain = false; // at the start of calling end() this.ending = false; // when end() has been called, and returned this.ended = false; // when 'finish' is emitted this.finished = false; // has it been destroyed this.destroyed = false; // should we decode strings into buffers before passing to _write? // this is here so that some node-core streams can optimize string // handling at a lower level. var noDecode = options.decodeStrings === false; this.decodeStrings = !noDecode; // Crypto is kind of old and crusty. Historically, its default string // encoding is 'binary' so we have to make this configurable. // Everything else in the universe uses 'utf8', though. this.defaultEncoding = options.defaultEncoding || 'utf8'; // not an actual buffer we keep track of, but a measurement // of how much we're waiting to get pushed to some underlying // socket or file. this.length = 0; // a flag to see when we're in the middle of a write. this.writing = false; // when true all writes will be buffered until .uncork() call this.corked = 0; // a flag to be able to tell if the onwrite cb is called immediately, // or on a later tick. We set this to true at first, because any // actions that shouldn't happen until "later" should generally also // not happen before the first write call. this.sync = true; // a flag to know if we're processing previously buffered items, which // may call the _write() callback in the same tick, so that we don't // end up in an overlapped onwrite situation. this.bufferProcessing = false; // the callback that's passed to _write(chunk,cb) this.onwrite = function (er) { onwrite(stream, er); }; // the callback that the user supplies to write(chunk,encoding,cb) this.writecb = null; // the amount that is being written when _write is called. this.writelen = 0; this.bufferedRequest = null; this.lastBufferedRequest = null; // number of pending user-supplied write callbacks // this must be 0 before 'finish' can be emitted this.pendingcb = 0; // emit prefinish if the only thing we're waiting for is _write cbs // This is relevant for synchronous Transform streams this.prefinished = false; // True if the error was already emitted and should not be thrown again this.errorEmitted = false; // Should close be emitted on destroy. Defaults to true. this.emitClose = options.emitClose !== false; // Should .destroy() be called after 'finish' (and potentially 'end') this.autoDestroy = !!options.autoDestroy; // count buffered requests this.bufferedRequestCount = 0; // allocate the first CorkedRequest, there is always // one allocated and free to use, and we maintain at most two this.corkedRequestsFree = new CorkedRequest(this); } WritableState.prototype.getBuffer = function getBuffer() { var current = this.bufferedRequest; var out = []; while (current) { out.push(current); current = current.next; } return out; }; (function () { try { Object.defineProperty(WritableState.prototype, 'buffer', { get: internalUtil.deprecate(function writableStateBufferGetter() { return this.getBuffer(); }, '_writableState.buffer is deprecated. Use _writableState.getBuffer ' + 'instead.', 'DEP0003') }); } catch (_) {} })(); // Test _writableState for inheritance to account for Duplex streams, // whose prototype chain only points to Readable. var realHasInstance; if (typeof Symbol === 'function' && Symbol.hasInstance && typeof Function.prototype[Symbol.hasInstance] === 'function') { realHasInstance = Function.prototype[Symbol.hasInstance]; Object.defineProperty(Writable, Symbol.hasInstance, { value: function value(object) { if (realHasInstance.call(this, object)) return true; if (this !== Writable) return false; return object && object._writableState instanceof WritableState; } }); } else { realHasInstance = function realHasInstance(object) { return object instanceof this; }; } function Writable(options) { Duplex = Duplex || __nccwpck_require__(1359); // Writable ctor is applied to Duplexes, too. // `realHasInstance` is necessary because using plain `instanceof` // would return false, as no `_writableState` property is attached. // Trying to use the custom `instanceof` for Writable here will also break the // Node.js LazyTransform implementation, which has a non-trivial getter for // `_writableState` that would lead to infinite recursion. // Checking for a Stream.Duplex instance is faster here instead of inside // the WritableState constructor, at least with V8 6.5 var isDuplex = this instanceof Duplex; if (!isDuplex && !realHasInstance.call(Writable, this)) return new Writable(options); this._writableState = new WritableState(options, this, isDuplex); // legacy. this.writable = true; if (options) { if (typeof options.write === 'function') this._write = options.write; if (typeof options.writev === 'function') this._writev = options.writev; if (typeof options.destroy === 'function') this._destroy = options.destroy; if (typeof options.final === 'function') this._final = options.final; } Stream.call(this); } // Otherwise people can pipe Writable streams, which is just wrong. Writable.prototype.pipe = function () { errorOrDestroy(this, new ERR_STREAM_CANNOT_PIPE()); }; function writeAfterEnd(stream, cb) { var er = new ERR_STREAM_WRITE_AFTER_END(); // TODO: defer error events consistently everywhere, not just the cb errorOrDestroy(stream, er); process.nextTick(cb, er); } // Checks that a user-supplied chunk is valid, especially for the particular // mode the stream is in. Currently this means that `null` is never accepted // and undefined/non-string values are only allowed in object mode. function validChunk(stream, state, chunk, cb) { var er; if (chunk === null) { er = new ERR_STREAM_NULL_VALUES(); } else if (typeof chunk !== 'string' && !state.objectMode) { er = new ERR_INVALID_ARG_TYPE('chunk', ['string', 'Buffer'], chunk); } if (er) { errorOrDestroy(stream, er); process.nextTick(cb, er); return false; } return true; } Writable.prototype.write = function (chunk, encoding, cb) { var state = this._writableState; var ret = false; var isBuf = !state.objectMode && _isUint8Array(chunk); if (isBuf && !Buffer.isBuffer(chunk)) { chunk = _uint8ArrayToBuffer(chunk); } if (typeof encoding === 'function') { cb = encoding; encoding = null; } if (isBuf) encoding = 'buffer';else if (!encoding) encoding = state.defaultEncoding; if (typeof cb !== 'function') cb = nop; if (state.ending) writeAfterEnd(this, cb);else if (isBuf || validChunk(this, state, chunk, cb)) { state.pendingcb++; ret = writeOrBuffer(this, state, isBuf, chunk, encoding, cb); } return ret; }; Writable.prototype.cork = function () { this._writableState.corked++; }; Writable.prototype.uncork = function () { var state = this._writableState; if (state.corked) { state.corked--; if (!state.writing && !state.corked && !state.bufferProcessing && state.bufferedRequest) clearBuffer(this, state); } }; Writable.prototype.setDefaultEncoding = function setDefaultEncoding(encoding) { // node::ParseEncoding() requires lower case. if (typeof encoding === 'string') encoding = encoding.toLowerCase(); if (!(['hex', 'utf8', 'utf-8', 'ascii', 'binary', 'base64', 'ucs2', 'ucs-2', 'utf16le', 'utf-16le', 'raw'].indexOf((encoding + '').toLowerCase()) > -1)) throw new ERR_UNKNOWN_ENCODING(encoding); this._writableState.defaultEncoding = encoding; return this; }; Object.defineProperty(Writable.prototype, 'writableBuffer', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { return this._writableState && this._writableState.getBuffer(); } }); function decodeChunk(state, chunk, encoding) { if (!state.objectMode && state.decodeStrings !== false && typeof chunk === 'string') { chunk = Buffer.from(chunk, encoding); } return chunk; } Object.defineProperty(Writable.prototype, 'writableHighWaterMark', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { return this._writableState.highWaterMark; } }); // if we're already writing something, then just put this // in the queue, and wait our turn. Otherwise, call _write // If we return false, then we need a drain event, so set that flag. function writeOrBuffer(stream, state, isBuf, chunk, encoding, cb) { if (!isBuf) { var newChunk = decodeChunk(state, chunk, encoding); if (chunk !== newChunk) { isBuf = true; encoding = 'buffer'; chunk = newChunk; } } var len = state.objectMode ? 1 : chunk.length; state.length += len; var ret = state.length < state.highWaterMark; // we must ensure that previous needDrain will not be reset to false. if (!ret) state.needDrain = true; if (state.writing || state.corked) { var last = state.lastBufferedRequest; state.lastBufferedRequest = { chunk: chunk, encoding: encoding, isBuf: isBuf, callback: cb, next: null }; if (last) { last.next = state.lastBufferedRequest; } else { state.bufferedRequest = state.lastBufferedRequest; } state.bufferedRequestCount += 1; } else { doWrite(stream, state, false, len, chunk, encoding, cb); } return ret; } function doWrite(stream, state, writev, len, chunk, encoding, cb) { state.writelen = len; state.writecb = cb; state.writing = true; state.sync = true; if (state.destroyed) state.onwrite(new ERR_STREAM_DESTROYED('write'));else if (writev) stream._writev(chunk, state.onwrite);else stream._write(chunk, encoding, state.onwrite); state.sync = false; } function onwriteError(stream, state, sync, er, cb) { --state.pendingcb; if (sync) { // defer the callback if we are being called synchronously // to avoid piling up things on the stack process.nextTick(cb, er); // this can emit finish, and it will always happen // after error process.nextTick(finishMaybe, stream, state); stream._writableState.errorEmitted = true; errorOrDestroy(stream, er); } else { // the caller expect this to happen before if // it is async cb(er); stream._writableState.errorEmitted = true; errorOrDestroy(stream, er); // this can emit finish, but finish must // always follow error finishMaybe(stream, state); } } function onwriteStateUpdate(state) { state.writing = false; state.writecb = null; state.length -= state.writelen; state.writelen = 0; } function onwrite(stream, er) { var state = stream._writableState; var sync = state.sync; var cb = state.writecb; if (typeof cb !== 'function') throw new ERR_MULTIPLE_CALLBACK(); onwriteStateUpdate(state); if (er) onwriteError(stream, state, sync, er, cb);else { // Check if we're actually ready to finish, but don't emit yet var finished = needFinish(state) || stream.destroyed; if (!finished && !state.corked && !state.bufferProcessing && state.bufferedRequest) { clearBuffer(stream, state); } if (sync) { process.nextTick(afterWrite, stream, state, finished, cb); } else { afterWrite(stream, state, finished, cb); } } } function afterWrite(stream, state, finished, cb) { if (!finished) onwriteDrain(stream, state); state.pendingcb--; cb(); finishMaybe(stream, state); } // Must force callback to be called on nextTick, so that we don't // emit 'drain' before the write() consumer gets the 'false' return // value, and has a chance to attach a 'drain' listener. function onwriteDrain(stream, state) { if (state.length === 0 && state.needDrain) { state.needDrain = false; stream.emit('drain'); } } // if there's something in the buffer waiting, then process it function clearBuffer(stream, state) { state.bufferProcessing = true; var entry = state.bufferedRequest; if (stream._writev && entry && entry.next) { // Fast case, write everything using _writev() var l = state.bufferedRequestCount; var buffer = new Array(l); var holder = state.corkedRequestsFree; holder.entry = entry; var count = 0; var allBuffers = true; while (entry) { buffer[count] = entry; if (!entry.isBuf) allBuffers = false; entry = entry.next; count += 1; } buffer.allBuffers = allBuffers; doWrite(stream, state, true, state.length, buffer, '', holder.finish); // doWrite is almost always async, defer these to save a bit of time // as the hot path ends with doWrite state.pendingcb++; state.lastBufferedRequest = null; if (holder.next) { state.corkedRequestsFree = holder.next; holder.next = null; } else { state.corkedRequestsFree = new CorkedRequest(state); } state.bufferedRequestCount = 0; } else { // Slow case, write chunks one-by-one while (entry) { var chunk = entry.chunk; var encoding = entry.encoding; var cb = entry.callback; var len = state.objectMode ? 1 : chunk.length; doWrite(stream, state, false, len, chunk, encoding, cb); entry = entry.next; state.bufferedRequestCount--; // if we didn't call the onwrite immediately, then // it means that we need to wait until it does. // also, that means that the chunk and cb are currently // being processed, so move the buffer counter past them. if (state.writing) { break; } } if (entry === null) state.lastBufferedRequest = null; } state.bufferedRequest = entry; state.bufferProcessing = false; } Writable.prototype._write = function (chunk, encoding, cb) { cb(new ERR_METHOD_NOT_IMPLEMENTED('_write()')); }; Writable.prototype._writev = null; Writable.prototype.end = function (chunk, encoding, cb) { var state = this._writableState; if (typeof chunk === 'function') { cb = chunk; chunk = null; encoding = null; } else if (typeof encoding === 'function') { cb = encoding; encoding = null; } if (chunk !== null && chunk !== undefined) this.write(chunk, encoding); // .end() fully uncorks if (state.corked) { state.corked = 1; this.uncork(); } // ignore unnecessary end() calls. if (!state.ending) endWritable(this, state, cb); return this; }; Object.defineProperty(Writable.prototype, 'writableLength', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { return this._writableState.length; } }); function needFinish(state) { return state.ending && state.length === 0 && state.bufferedRequest === null && !state.finished && !state.writing; } function callFinal(stream, state) { stream._final(function (err) { state.pendingcb--; if (err) { errorOrDestroy(stream, err); } state.prefinished = true; stream.emit('prefinish'); finishMaybe(stream, state); }); } function prefinish(stream, state) { if (!state.prefinished && !state.finalCalled) { if (typeof stream._final === 'function' && !state.destroyed) { state.pendingcb++; state.finalCalled = true; process.nextTick(callFinal, stream, state); } else { state.prefinished = true; stream.emit('prefinish'); } } } function finishMaybe(stream, state) { var need = needFinish(state); if (need) { prefinish(stream, state); if (state.pendingcb === 0) { state.finished = true; stream.emit('finish'); if (state.autoDestroy) { // In case of duplex streams we need a way to detect // if the readable side is ready for autoDestroy as well var rState = stream._readableState; if (!rState || rState.autoDestroy && rState.endEmitted) { stream.destroy(); } } } } return need; } function endWritable(stream, state, cb) { state.ending = true; finishMaybe(stream, state); if (cb) { if (state.finished) process.nextTick(cb);else stream.once('finish', cb); } state.ended = true; stream.writable = false; } function onCorkedFinish(corkReq, state, err) { var entry = corkReq.entry; corkReq.entry = null; while (entry) { var cb = entry.callback; state.pendingcb--; cb(err); entry = entry.next; } // reuse the free corkReq. state.corkedRequestsFree.next = corkReq; } Object.defineProperty(Writable.prototype, 'destroyed', { // making it explicit this property is not enumerable // because otherwise some prototype manipulation in // userland will fail enumerable: false, get: function get() { if (this._writableState === undefined) { return false; } return this._writableState.destroyed; }, set: function set(value) { // we ignore the value if the stream // has not been initialized yet if (!this._writableState) { return; } // backward compatibility, the user is explicitly // managing destroyed this._writableState.destroyed = value; } }); Writable.prototype.destroy = destroyImpl.destroy; Writable.prototype._undestroy = destroyImpl.undestroy; Writable.prototype._destroy = function (err, cb) { cb(err); }; /***/ }), /***/ 3306: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var _Object$setPrototypeO; function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; } var finished = __nccwpck_require__(6080); var kLastResolve = Symbol('lastResolve'); var kLastReject = Symbol('lastReject'); var kError = Symbol('error'); var kEnded = Symbol('ended'); var kLastPromise = Symbol('lastPromise'); var kHandlePromise = Symbol('handlePromise'); var kStream = Symbol('stream'); function createIterResult(value, done) { return { value: value, done: done }; } function readAndResolve(iter) { var resolve = iter[kLastResolve]; if (resolve !== null) { var data = iter[kStream].read(); // we defer if data is null // we can be expecting either 'end' or // 'error' if (data !== null) { iter[kLastPromise] = null; iter[kLastResolve] = null; iter[kLastReject] = null; resolve(createIterResult(data, false)); } } } function onReadable(iter) { // we wait for the next tick, because it might // emit an error with process.nextTick process.nextTick(readAndResolve, iter); } function wrapForNext(lastPromise, iter) { return function (resolve, reject) { lastPromise.then(function () { if (iter[kEnded]) { resolve(createIterResult(undefined, true)); return; } iter[kHandlePromise](resolve, reject); }, reject); }; } var AsyncIteratorPrototype = Object.getPrototypeOf(function () {}); var ReadableStreamAsyncIteratorPrototype = Object.setPrototypeOf((_Object$setPrototypeO = { get stream() { return this[kStream]; }, next: function next() { var _this = this; // if we have detected an error in the meanwhile // reject straight away var error = this[kError]; if (error !== null) { return Promise.reject(error); } if (this[kEnded]) { return Promise.resolve(createIterResult(undefined, true)); } if (this[kStream].destroyed) { // We need to defer via nextTick because if .destroy(err) is // called, the error will be emitted via nextTick, and // we cannot guarantee that there is no error lingering around // waiting to be emitted. return new Promise(function (resolve, reject) { process.nextTick(function () { if (_this[kError]) { reject(_this[kError]); } else { resolve(createIterResult(undefined, true)); } }); }); } // if we have multiple next() calls // we will wait for the previous Promise to finish // this logic is optimized to support for await loops, // where next() is only called once at a time var lastPromise = this[kLastPromise]; var promise; if (lastPromise) { promise = new Promise(wrapForNext(lastPromise, this)); } else { // fast path needed to support multiple this.push() // without triggering the next() queue var data = this[kStream].read(); if (data !== null) { return Promise.resolve(createIterResult(data, false)); } promise = new Promise(this[kHandlePromise]); } this[kLastPromise] = promise; return promise; } }, _defineProperty(_Object$setPrototypeO, Symbol.asyncIterator, function () { return this; }), _defineProperty(_Object$setPrototypeO, "return", function _return() { var _this2 = this; // destroy(err, cb) is a private API // we can guarantee we have that here, because we control the // Readable class this is attached to return new Promise(function (resolve, reject) { _this2[kStream].destroy(null, function (err) { if (err) { reject(err); return; } resolve(createIterResult(undefined, true)); }); }); }), _Object$setPrototypeO), AsyncIteratorPrototype); var createReadableStreamAsyncIterator = function createReadableStreamAsyncIterator(stream) { var _Object$create; var iterator = Object.create(ReadableStreamAsyncIteratorPrototype, (_Object$create = {}, _defineProperty(_Object$create, kStream, { value: stream, writable: true }), _defineProperty(_Object$create, kLastResolve, { value: null, writable: true }), _defineProperty(_Object$create, kLastReject, { value: null, writable: true }), _defineProperty(_Object$create, kError, { value: null, writable: true }), _defineProperty(_Object$create, kEnded, { value: stream._readableState.endEmitted, writable: true }), _defineProperty(_Object$create, kHandlePromise, { value: function value(resolve, reject) { var data = iterator[kStream].read(); if (data) { iterator[kLastPromise] = null; iterator[kLastResolve] = null; iterator[kLastReject] = null; resolve(createIterResult(data, false)); } else { iterator[kLastResolve] = resolve; iterator[kLastReject] = reject; } }, writable: true }), _Object$create)); iterator[kLastPromise] = null; finished(stream, function (err) { if (err && err.code !== 'ERR_STREAM_PREMATURE_CLOSE') { var reject = iterator[kLastReject]; // reject if we are waiting for data in the Promise // returned by next() and store the error if (reject !== null) { iterator[kLastPromise] = null; iterator[kLastResolve] = null; iterator[kLastReject] = null; reject(err); } iterator[kError] = err; return; } var resolve = iterator[kLastResolve]; if (resolve !== null) { iterator[kLastPromise] = null; iterator[kLastResolve] = null; iterator[kLastReject] = null; resolve(createIterResult(undefined, true)); } iterator[kEnded] = true; }); stream.on('readable', onReadable.bind(null, iterator)); return iterator; }; module.exports = createReadableStreamAsyncIterator; /***/ }), /***/ 2746: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); if (enumerableOnly) symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; }); keys.push.apply(keys, symbols); } return keys; } function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; if (i % 2) { ownKeys(Object(source), true).forEach(function (key) { _defineProperty(target, key, source[key]); }); } else if (Object.getOwnPropertyDescriptors) { Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)); } else { ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } } return target; } function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; } function _classCallCheck(instance, Constructor) { if (!(instance instanceof Constructor)) { throw new TypeError("Cannot call a class as a function"); } } function _defineProperties(target, props) { for (var i = 0; i < props.length; i++) { var descriptor = props[i]; descriptor.enumerable = descriptor.enumerable || false; descriptor.configurable = true; if ("value" in descriptor) descriptor.writable = true; Object.defineProperty(target, descriptor.key, descriptor); } } function _createClass(Constructor, protoProps, staticProps) { if (protoProps) _defineProperties(Constructor.prototype, protoProps); if (staticProps) _defineProperties(Constructor, staticProps); return Constructor; } var _require = __nccwpck_require__(4293), Buffer = _require.Buffer; var _require2 = __nccwpck_require__(1669), inspect = _require2.inspect; var custom = inspect && inspect.custom || 'inspect'; function copyBuffer(src, target, offset) { Buffer.prototype.copy.call(src, target, offset); } module.exports = /*#__PURE__*/ function () { function BufferList() { _classCallCheck(this, BufferList); this.head = null; this.tail = null; this.length = 0; } _createClass(BufferList, [{ key: "push", value: function push(v) { var entry = { data: v, next: null }; if (this.length > 0) this.tail.next = entry;else this.head = entry; this.tail = entry; ++this.length; } }, { key: "unshift", value: function unshift(v) { var entry = { data: v, next: this.head }; if (this.length === 0) this.tail = entry; this.head = entry; ++this.length; } }, { key: "shift", value: function shift() { if (this.length === 0) return; var ret = this.head.data; if (this.length === 1) this.head = this.tail = null;else this.head = this.head.next; --this.length; return ret; } }, { key: "clear", value: function clear() { this.head = this.tail = null; this.length = 0; } }, { key: "join", value: function join(s) { if (this.length === 0) return ''; var p = this.head; var ret = '' + p.data; while (p = p.next) { ret += s + p.data; } return ret; } }, { key: "concat", value: function concat(n) { if (this.length === 0) return Buffer.alloc(0); var ret = Buffer.allocUnsafe(n >>> 0); var p = this.head; var i = 0; while (p) { copyBuffer(p.data, ret, i); i += p.data.length; p = p.next; } return ret; } // Consumes a specified amount of bytes or characters from the buffered data. }, { key: "consume", value: function consume(n, hasStrings) { var ret; if (n < this.head.data.length) { // `slice` is the same for buffers and strings. ret = this.head.data.slice(0, n); this.head.data = this.head.data.slice(n); } else if (n === this.head.data.length) { // First chunk is a perfect match. ret = this.shift(); } else { // Result spans more than one buffer. ret = hasStrings ? this._getString(n) : this._getBuffer(n); } return ret; } }, { key: "first", value: function first() { return this.head.data; } // Consumes a specified amount of characters from the buffered data. }, { key: "_getString", value: function _getString(n) { var p = this.head; var c = 1; var ret = p.data; n -= ret.length; while (p = p.next) { var str = p.data; var nb = n > str.length ? str.length : n; if (nb === str.length) ret += str;else ret += str.slice(0, n); n -= nb; if (n === 0) { if (nb === str.length) { ++c; if (p.next) this.head = p.next;else this.head = this.tail = null; } else { this.head = p; p.data = str.slice(nb); } break; } ++c; } this.length -= c; return ret; } // Consumes a specified amount of bytes from the buffered data. }, { key: "_getBuffer", value: function _getBuffer(n) { var ret = Buffer.allocUnsafe(n); var p = this.head; var c = 1; p.data.copy(ret); n -= p.data.length; while (p = p.next) { var buf = p.data; var nb = n > buf.length ? buf.length : n; buf.copy(ret, ret.length - n, 0, nb); n -= nb; if (n === 0) { if (nb === buf.length) { ++c; if (p.next) this.head = p.next;else this.head = this.tail = null; } else { this.head = p; p.data = buf.slice(nb); } break; } ++c; } this.length -= c; return ret; } // Make sure the linked list only shows the minimal necessary information. }, { key: custom, value: function value(_, options) { return inspect(this, _objectSpread({}, options, { // Only inspect one level. depth: 0, // It should not recurse. customInspect: false })); } }]); return BufferList; }(); /***/ }), /***/ 7049: /***/ ((module) => { "use strict"; // undocumented cb() API, needed for core, not for public API function destroy(err, cb) { var _this = this; var readableDestroyed = this._readableState && this._readableState.destroyed; var writableDestroyed = this._writableState && this._writableState.destroyed; if (readableDestroyed || writableDestroyed) { if (cb) { cb(err); } else if (err) { if (!this._writableState) { process.nextTick(emitErrorNT, this, err); } else if (!this._writableState.errorEmitted) { this._writableState.errorEmitted = true; process.nextTick(emitErrorNT, this, err); } } return this; } // we set destroyed to true before firing error callbacks in order // to make it re-entrance safe in case destroy() is called within callbacks if (this._readableState) { this._readableState.destroyed = true; } // if this is a duplex stream mark the writable part as destroyed as well if (this._writableState) { this._writableState.destroyed = true; } this._destroy(err || null, function (err) { if (!cb && err) { if (!_this._writableState) { process.nextTick(emitErrorAndCloseNT, _this, err); } else if (!_this._writableState.errorEmitted) { _this._writableState.errorEmitted = true; process.nextTick(emitErrorAndCloseNT, _this, err); } else { process.nextTick(emitCloseNT, _this); } } else if (cb) { process.nextTick(emitCloseNT, _this); cb(err); } else { process.nextTick(emitCloseNT, _this); } }); return this; } function emitErrorAndCloseNT(self, err) { emitErrorNT(self, err); emitCloseNT(self); } function emitCloseNT(self) { if (self._writableState && !self._writableState.emitClose) return; if (self._readableState && !self._readableState.emitClose) return; self.emit('close'); } function undestroy() { if (this._readableState) { this._readableState.destroyed = false; this._readableState.reading = false; this._readableState.ended = false; this._readableState.endEmitted = false; } if (this._writableState) { this._writableState.destroyed = false; this._writableState.ended = false; this._writableState.ending = false; this._writableState.finalCalled = false; this._writableState.prefinished = false; this._writableState.finished = false; this._writableState.errorEmitted = false; } } function emitErrorNT(self, err) { self.emit('error', err); } function errorOrDestroy(stream, err) { // We have tests that rely on errors being emitted // in the same tick, so changing this is semver major. // For now when you opt-in to autoDestroy we allow // the error to be emitted nextTick. In a future // semver major update we should change the default to this. var rState = stream._readableState; var wState = stream._writableState; if (rState && rState.autoDestroy || wState && wState.autoDestroy) stream.destroy(err);else stream.emit('error', err); } module.exports = { destroy: destroy, undestroy: undestroy, errorOrDestroy: errorOrDestroy }; /***/ }), /***/ 6080: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; // Ported from https://github.com/mafintosh/end-of-stream with // permission from the author, Mathias Buus (@mafintosh). var ERR_STREAM_PREMATURE_CLOSE = __nccwpck_require__(7214)/* .codes.ERR_STREAM_PREMATURE_CLOSE */ .q.ERR_STREAM_PREMATURE_CLOSE; function once(callback) { var called = false; return function () { if (called) return; called = true; for (var _len = arguments.length, args = new Array(_len), _key = 0; _key < _len; _key++) { args[_key] = arguments[_key]; } callback.apply(this, args); }; } function noop() {} function isRequest(stream) { return stream.setHeader && typeof stream.abort === 'function'; } function eos(stream, opts, callback) { if (typeof opts === 'function') return eos(stream, null, opts); if (!opts) opts = {}; callback = once(callback || noop); var readable = opts.readable || opts.readable !== false && stream.readable; var writable = opts.writable || opts.writable !== false && stream.writable; var onlegacyfinish = function onlegacyfinish() { if (!stream.writable) onfinish(); }; var writableEnded = stream._writableState && stream._writableState.finished; var onfinish = function onfinish() { writable = false; writableEnded = true; if (!readable) callback.call(stream); }; var readableEnded = stream._readableState && stream._readableState.endEmitted; var onend = function onend() { readable = false; readableEnded = true; if (!writable) callback.call(stream); }; var onerror = function onerror(err) { callback.call(stream, err); }; var onclose = function onclose() { var err; if (readable && !readableEnded) { if (!stream._readableState || !stream._readableState.ended) err = new ERR_STREAM_PREMATURE_CLOSE(); return callback.call(stream, err); } if (writable && !writableEnded) { if (!stream._writableState || !stream._writableState.ended) err = new ERR_STREAM_PREMATURE_CLOSE(); return callback.call(stream, err); } }; var onrequest = function onrequest() { stream.req.on('finish', onfinish); }; if (isRequest(stream)) { stream.on('complete', onfinish); stream.on('abort', onclose); if (stream.req) onrequest();else stream.on('request', onrequest); } else if (writable && !stream._writableState) { // legacy streams stream.on('end', onlegacyfinish); stream.on('close', onlegacyfinish); } stream.on('end', onend); stream.on('finish', onfinish); if (opts.error !== false) stream.on('error', onerror); stream.on('close', onclose); return function () { stream.removeListener('complete', onfinish); stream.removeListener('abort', onclose); stream.removeListener('request', onrequest); if (stream.req) stream.req.removeListener('finish', onfinish); stream.removeListener('end', onlegacyfinish); stream.removeListener('close', onlegacyfinish); stream.removeListener('finish', onfinish); stream.removeListener('end', onend); stream.removeListener('error', onerror); stream.removeListener('close', onclose); }; } module.exports = eos; /***/ }), /***/ 9082: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } } function _asyncToGenerator(fn) { return function () { var self = this, args = arguments; return new Promise(function (resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; } function ownKeys(object, enumerableOnly) { var keys = Object.keys(object); if (Object.getOwnPropertySymbols) { var symbols = Object.getOwnPropertySymbols(object); if (enumerableOnly) symbols = symbols.filter(function (sym) { return Object.getOwnPropertyDescriptor(object, sym).enumerable; }); keys.push.apply(keys, symbols); } return keys; } function _objectSpread(target) { for (var i = 1; i < arguments.length; i++) { var source = arguments[i] != null ? arguments[i] : {}; if (i % 2) { ownKeys(Object(source), true).forEach(function (key) { _defineProperty(target, key, source[key]); }); } else if (Object.getOwnPropertyDescriptors) { Object.defineProperties(target, Object.getOwnPropertyDescriptors(source)); } else { ownKeys(Object(source)).forEach(function (key) { Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key)); }); } } return target; } function _defineProperty(obj, key, value) { if (key in obj) { Object.defineProperty(obj, key, { value: value, enumerable: true, configurable: true, writable: true }); } else { obj[key] = value; } return obj; } var ERR_INVALID_ARG_TYPE = __nccwpck_require__(7214)/* .codes.ERR_INVALID_ARG_TYPE */ .q.ERR_INVALID_ARG_TYPE; function from(Readable, iterable, opts) { var iterator; if (iterable && typeof iterable.next === 'function') { iterator = iterable; } else if (iterable && iterable[Symbol.asyncIterator]) iterator = iterable[Symbol.asyncIterator]();else if (iterable && iterable[Symbol.iterator]) iterator = iterable[Symbol.iterator]();else throw new ERR_INVALID_ARG_TYPE('iterable', ['Iterable'], iterable); var readable = new Readable(_objectSpread({ objectMode: true }, opts)); // Reading boolean to protect against _read // being called before last iteration completion. var reading = false; readable._read = function () { if (!reading) { reading = true; next(); } }; function next() { return _next2.apply(this, arguments); } function _next2() { _next2 = _asyncToGenerator(function* () { try { var _ref = yield iterator.next(), value = _ref.value, done = _ref.done; if (done) { readable.push(null); } else if (readable.push((yield value))) { next(); } else { reading = false; } } catch (err) { readable.destroy(err); } }); return _next2.apply(this, arguments); } return readable; } module.exports = from; /***/ }), /***/ 6989: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; // Ported from https://github.com/mafintosh/pump with // permission from the author, Mathias Buus (@mafintosh). var eos; function once(callback) { var called = false; return function () { if (called) return; called = true; callback.apply(void 0, arguments); }; } var _require$codes = __nccwpck_require__(7214)/* .codes */ .q, ERR_MISSING_ARGS = _require$codes.ERR_MISSING_ARGS, ERR_STREAM_DESTROYED = _require$codes.ERR_STREAM_DESTROYED; function noop(err) { // Rethrow the error if it exists to avoid swallowing it if (err) throw err; } function isRequest(stream) { return stream.setHeader && typeof stream.abort === 'function'; } function destroyer(stream, reading, writing, callback) { callback = once(callback); var closed = false; stream.on('close', function () { closed = true; }); if (eos === undefined) eos = __nccwpck_require__(6080); eos(stream, { readable: reading, writable: writing }, function (err) { if (err) return callback(err); closed = true; callback(); }); var destroyed = false; return function (err) { if (closed) return; if (destroyed) return; destroyed = true; // request.destroy just do .end - .abort is what we want if (isRequest(stream)) return stream.abort(); if (typeof stream.destroy === 'function') return stream.destroy(); callback(err || new ERR_STREAM_DESTROYED('pipe')); }; } function call(fn) { fn(); } function pipe(from, to) { return from.pipe(to); } function popCallback(streams) { if (!streams.length) return noop; if (typeof streams[streams.length - 1] !== 'function') return noop; return streams.pop(); } function pipeline() { for (var _len = arguments.length, streams = new Array(_len), _key = 0; _key < _len; _key++) { streams[_key] = arguments[_key]; } var callback = popCallback(streams); if (Array.isArray(streams[0])) streams = streams[0]; if (streams.length < 2) { throw new ERR_MISSING_ARGS('streams'); } var error; var destroys = streams.map(function (stream, i) { var reading = i < streams.length - 1; var writing = i > 0; return destroyer(stream, reading, writing, function (err) { if (!error) error = err; if (err) destroys.forEach(call); if (reading) return; destroys.forEach(call); callback(error); }); }); return streams.reduce(pipe); } module.exports = pipeline; /***/ }), /***/ 9948: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; var ERR_INVALID_OPT_VALUE = __nccwpck_require__(7214)/* .codes.ERR_INVALID_OPT_VALUE */ .q.ERR_INVALID_OPT_VALUE; function highWaterMarkFrom(options, isDuplex, duplexKey) { return options.highWaterMark != null ? options.highWaterMark : isDuplex ? options[duplexKey] : null; } function getHighWaterMark(state, options, duplexKey, isDuplex) { var hwm = highWaterMarkFrom(options, isDuplex, duplexKey); if (hwm != null) { if (!(isFinite(hwm) && Math.floor(hwm) === hwm) || hwm < 0) { var name = isDuplex ? duplexKey : 'highWaterMark'; throw new ERR_INVALID_OPT_VALUE(name, hwm); } return Math.floor(hwm); } // Default value return state.objectMode ? 16 : 16 * 1024; } module.exports = { getHighWaterMark: getHighWaterMark }; /***/ }), /***/ 2387: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { module.exports = __nccwpck_require__(2413); /***/ }), /***/ 1642: /***/ ((module, exports, __nccwpck_require__) => { var Stream = __nccwpck_require__(2413); if (process.env.READABLE_STREAM === 'disable' && Stream) { module.exports = Stream.Readable; Object.assign(module.exports, Stream); module.exports.Stream = Stream; } else { exports = module.exports = __nccwpck_require__(1433); exports.Stream = Stream || exports; exports.Readable = exports; exports.Writable = __nccwpck_require__(6993); exports.Duplex = __nccwpck_require__(1359); exports.Transform = __nccwpck_require__(4415); exports.PassThrough = __nccwpck_require__(1542); exports.finished = __nccwpck_require__(6080); exports.pipeline = __nccwpck_require__(6989); } /***/ }), /***/ 5118: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; /* eslint-disable node/no-deprecated-api */ var buffer = __nccwpck_require__(4293) var Buffer = buffer.Buffer var safer = {} var key for (key in buffer) { if (!buffer.hasOwnProperty(key)) continue if (key === 'SlowBuffer' || key === 'Buffer') continue safer[key] = buffer[key] } var Safer = safer.Buffer = {} for (key in Buffer) { if (!Buffer.hasOwnProperty(key)) continue if (key === 'allocUnsafe' || key === 'allocUnsafeSlow') continue Safer[key] = Buffer[key] } safer.Buffer.prototype = Buffer.prototype if (!Safer.from || Safer.from === Uint8Array.from) { Safer.from = function (value, encodingOrOffset, length) { if (typeof value === 'number') { throw new TypeError('The "value" argument must not be of type number. Received type ' + typeof value) } if (value && typeof value.length === 'undefined') { throw new TypeError('The first argument must be one of type string, Buffer, ArrayBuffer, Array, or Array-like Object. Received type ' + typeof value) } return Buffer(value, encodingOrOffset, length) } } if (!Safer.alloc) { Safer.alloc = function (size, fill, encoding) { if (typeof size !== 'number') { throw new TypeError('The "size" argument must be of type number. Received type ' + typeof size) } if (size < 0 || size >= 2 * (1 << 30)) { throw new RangeError('The value "' + size + '" is invalid for option "size"') } var buf = Buffer(size) if (!fill || fill.length === 0) { buf.fill(0) } else if (typeof encoding === 'string') { buf.fill(fill, encoding) } else { buf.fill(fill) } return buf } } if (!safer.kStringMaxLength) { try { safer.kStringMaxLength = process.binding('buffer').kStringMaxLength } catch (e) { // we can't determine kStringMaxLength in environments where process.binding // is unsupported, so let's not set it } } if (!safer.constants) { safer.constants = { MAX_LENGTH: safer.kMaxLength } if (safer.kStringMaxLength) { safer.constants.MAX_STRING_LENGTH = safer.kStringMaxLength } } module.exports = safer /***/ }), /***/ 9798: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var fs = __nccwpck_require__(5747); module.exports = function (filepath, split, encoding) { split = typeof split !== 'undefined' ? split : "\n"; encoding = typeof encoding !== 'undefined' ? encoding : "utf8"; var ca = []; var chain = fs.readFileSync(filepath, encoding); if(chain.indexOf("-END CERTIFICATE-") < 0 || chain.indexOf("-BEGIN CERTIFICATE-") < 0){ throw Error("File does not contain 'BEGIN CERTIFICATE' or 'END CERTIFICATE'"); } chain = chain.split(split); var cert = []; var _i, _len; for (_i = 0, _len = chain.length; _i < _len; _i++) { var line = chain[_i]; if (!(line.length !== 0)) { continue; } cert.push(line); if (line.match(/-END CERTIFICATE-/)) { ca.push(cert.join(split)); cert = []; } } return ca; } /***/ }), /***/ 3204: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const { Duplex: DuplexStream, Readable: ReadableStream, Writable: WritableStream, } = __nccwpck_require__(2413); const { CHANNEL_EXTENDED_DATATYPE: { STDERR }, } = __nccwpck_require__(6832); const { bufferSlice } = __nccwpck_require__(9475); const PACKET_SIZE = 32 * 1024; const MAX_WINDOW = 2 * 1024 * 1024; const WINDOW_THRESHOLD = MAX_WINDOW / 2; class ClientStderr extends ReadableStream { constructor(channel, streamOpts) { super(streamOpts); this._channel = channel; } _read(n) { if (this._channel._waitChanDrain) { this._channel._waitChanDrain = false; if (this._channel.incoming.window <= WINDOW_THRESHOLD) windowAdjust(this._channel); } } } class ServerStderr extends WritableStream { constructor(channel) { super({ highWaterMark: MAX_WINDOW }); this._channel = channel; } _write(data, encoding, cb) { const channel = this._channel; const protocol = channel._client._protocol; const outgoing = channel.outgoing; const packetSize = outgoing.packetSize; const id = outgoing.id; let window = outgoing.window; const len = data.length; let p = 0; if (outgoing.state !== 'open') return; while (len - p > 0 && window > 0) { let sliceLen = len - p; if (sliceLen > window) sliceLen = window; if (sliceLen > packetSize) sliceLen = packetSize; if (p === 0 && sliceLen === len) protocol.channelExtData(id, data, STDERR); else protocol.channelExtData(id, bufferSlice(data, p, p + sliceLen), STDERR); p += sliceLen; window -= sliceLen; } outgoing.window = window; if (len - p > 0) { if (window === 0) channel._waitWindow = true; if (p > 0) channel._chunkErr = bufferSlice(data, p, len); else channel._chunkErr = data; channel._chunkcbErr = cb; return; } cb(); } } class Channel extends DuplexStream { constructor(client, info, opts) { const streamOpts = { highWaterMark: MAX_WINDOW, allowHalfOpen: (!opts || (opts && opts.allowHalfOpen !== false)), emitClose: false, }; super(streamOpts); this.allowHalfOpen = streamOpts.allowHalfOpen; const server = !!(opts && opts.server); this.server = server; this.type = info.type; this.subtype = undefined; /* incoming and outgoing contain these properties: { id: undefined, window: undefined, packetSize: undefined, state: 'closed' } */ this.incoming = info.incoming; this.outgoing = info.outgoing; this._callbacks = []; this._client = client; this._hasX11 = false; this._exit = { code: undefined, signal: undefined, dump: undefined, desc: undefined, }; this.stdin = this.stdout = this; if (server) this.stderr = new ServerStderr(this); else this.stderr = new ClientStderr(this, streamOpts); // Outgoing data this._waitWindow = false; // SSH-level backpressure // Incoming data this._waitChanDrain = false; // Channel Readable side backpressure this._chunk = undefined; this._chunkcb = undefined; this._chunkErr = undefined; this._chunkcbErr = undefined; this.on('finish', onFinish) .on('prefinish', onFinish); // For node v0.11+ this.on('end', onEnd).on('close', onEnd); } _read(n) { if (this._waitChanDrain) { this._waitChanDrain = false; if (this.incoming.window <= WINDOW_THRESHOLD) windowAdjust(this); } } _write(data, encoding, cb) { const protocol = this._client._protocol; const outgoing = this.outgoing; const packetSize = outgoing.packetSize; const id = outgoing.id; let window = outgoing.window; const len = data.length; let p = 0; if (outgoing.state !== 'open') return; while (len - p > 0 && window > 0) { let sliceLen = len - p; if (sliceLen > window) sliceLen = window; if (sliceLen > packetSize) sliceLen = packetSize; if (p === 0 && sliceLen === len) protocol.channelData(id, data); else protocol.channelData(id, bufferSlice(data, p, p + sliceLen)); p += sliceLen; window -= sliceLen; } outgoing.window = window; if (len - p > 0) { if (window === 0) this._waitWindow = true; if (p > 0) this._chunk = bufferSlice(data, p, len); else this._chunk = data; this._chunkcb = cb; return; } cb(); } eof() { if (this.outgoing.state === 'open') { this.outgoing.state = 'eof'; this._client._protocol.channelEOF(this.outgoing.id); } } close() { if (this.outgoing.state === 'open' || this.outgoing.state === 'eof') { this.outgoing.state = 'closing'; this._client._protocol.channelClose(this.outgoing.id); } } destroy() { this.end(); this.close(); return this; } // Session type-specific methods ============================================= setWindow(rows, cols, height, width) { if (this.server) throw new Error('Client-only method called in server mode'); if (this.type === 'session' && (this.subtype === 'shell' || this.subtype === 'exec') && this.writable && this.outgoing.state === 'open') { this._client._protocol.windowChange(this.outgoing.id, rows, cols, height, width); } } signal(signalName) { if (this.server) throw new Error('Client-only method called in server mode'); if (this.type === 'session' && this.writable && this.outgoing.state === 'open') { this._client._protocol.signal(this.outgoing.id, signalName); } } exit(statusOrSignal, coreDumped, msg) { if (!this.server) throw new Error('Server-only method called in client mode'); if (this.type === 'session' && this.writable && this.outgoing.state === 'open') { if (typeof statusOrSignal === 'number') { this._client._protocol.exitStatus(this.outgoing.id, statusOrSignal); } else { this._client._protocol.exitSignal(this.outgoing.id, statusOrSignal, coreDumped, msg); } } } } function onFinish() { this.eof(); if (this.server || !this.allowHalfOpen) this.close(); this.writable = false; } function onEnd() { this.readable = false; } function windowAdjust(self) { if (self.outgoing.state === 'closed') return; const amt = MAX_WINDOW - self.incoming.window; if (amt <= 0) return; self.incoming.window += amt; self._client._protocol.channelWindowAdjust(self.outgoing.id, amt); } module.exports = { Channel, MAX_WINDOW, PACKET_SIZE, windowAdjust, WINDOW_THRESHOLD, }; /***/ }), /***/ 9054: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const { Socket } = __nccwpck_require__(1631); const { Duplex } = __nccwpck_require__(2413); const { resolve } = __nccwpck_require__(5622); const { readFile } = __nccwpck_require__(5747); const { execFile, spawn } = __nccwpck_require__(3129); const { isParsedKey, parseKey } = __nccwpck_require__(2218); const { makeBufferParser, readUInt32BE, writeUInt32BE, writeUInt32LE, } = __nccwpck_require__(9475); function once(cb) { let called = false; return (...args) => { if (called) return; called = true; cb(...args); }; } function concat(buf1, buf2) { const combined = Buffer.allocUnsafe(buf1.length + buf2.length); buf1.copy(combined, 0); buf2.copy(combined, buf1.length); return combined; } function noop() {} const EMPTY_BUF = Buffer.alloc(0); const binaryParser = makeBufferParser(); class BaseAgent { getIdentities(cb) { cb(new Error('Missing getIdentities() implementation')); } sign(pubKey, data, options, cb) { if (typeof options === 'function') cb = options; cb(new Error('Missing sign() implementation')); } } class OpenSSHAgent extends BaseAgent { constructor(socketPath) { super(); this.socketPath = socketPath; } getStream(cb) { cb = once(cb); const sock = new Socket(); sock.on('connect', () => { cb(null, sock); }); sock.on('close', onFail) .on('end', onFail) .on('error', onFail); sock.connect(this.socketPath); function onFail() { try { sock.destroy(); } catch {} cb(new Error('Failed to connect to agent')); } } getIdentities(cb) { cb = once(cb); this.getStream((err, stream) => { function onFail(err) { if (stream) { try { stream.destroy(); } catch {} } if (!err) err = new Error('Failed to retrieve identities from agent'); cb(err); } if (err) return onFail(err); const protocol = new AgentProtocol(true); protocol.on('error', onFail); protocol.pipe(stream).pipe(protocol); stream.on('close', onFail) .on('end', onFail) .on('error', onFail); protocol.getIdentities((err, keys) => { if (err) return onFail(err); try { stream.destroy(); } catch {} cb(null, keys); }); }); } sign(pubKey, data, options, cb) { if (typeof options === 'function') { cb = options; options = undefined; } else if (typeof options !== 'object' || options === null) { options = undefined; } cb = once(cb); this.getStream((err, stream) => { function onFail(err) { if (stream) { try { stream.destroy(); } catch {} } if (!err) err = new Error('Failed to sign data with agent'); cb(err); } if (err) return onFail(err); const protocol = new AgentProtocol(true); protocol.on('error', onFail); protocol.pipe(stream).pipe(protocol); stream.on('close', onFail) .on('end', onFail) .on('error', onFail); protocol.sign(pubKey, data, options, (err, sig) => { if (err) return onFail(err); try { stream.destroy(); } catch {} cb(null, sig); }); }); } } const PageantAgent = (() => { const RET_ERR_BADARGS = 10; const RET_ERR_UNAVAILABLE = 11; const RET_ERR_NOMAP = 12; const RET_ERR_BINSTDIN = 13; const RET_ERR_BINSTDOUT = 14; const RET_ERR_BADLEN = 15; const EXEPATH = __nccwpck_require__.ab + "pagent.exe"; const ERROR = { [RET_ERR_BADARGS]: new Error('Invalid pagent.exe arguments'), [RET_ERR_UNAVAILABLE]: new Error('Pageant is not running'), [RET_ERR_NOMAP]: new Error('pagent.exe could not create an mmap'), [RET_ERR_BINSTDIN]: new Error('pagent.exe could not set mode for stdin'), [RET_ERR_BINSTDOUT]: new Error('pagent.exe could not set mode for stdout'), [RET_ERR_BADLEN]: new Error('pagent.exe did not get expected input payload'), }; function destroy(stream) { stream.buffer = null; if (stream.proc) { stream.proc.kill(); stream.proc = undefined; } } class PageantSocket extends Duplex { constructor() { super(); this.proc = undefined; this.buffer = null; } _read(n) {} _write(data, encoding, cb) { if (this.buffer === null) { this.buffer = data; } else { const newBuffer = Buffer.allocUnsafe(this.buffer.length + data.length); this.buffer.copy(newBuffer, 0); data.copy(newBuffer, this.buffer.length); this.buffer = newBuffer; } // Wait for at least all length bytes if (this.buffer.length < 4) return cb(); const len = readUInt32BE(this.buffer, 0); // Make sure we have a full message before querying pageant if ((this.buffer.length - 4) < len) return cb(); data = this.buffer.slice(0, 4 + len); if (this.buffer.length > (4 + len)) return cb(new Error('Unexpected multiple agent requests')); this.buffer = null; let error; const proc = this.proc = spawn(__nccwpck_require__.ab + "pagent.exe", [ data.length ]); proc.stdout.on('data', (data) => { this.push(data); }); proc.on('error', (err) => { error = err; cb(error); }); proc.on('close', (code) => { this.proc = undefined; if (!error) { if (error = ERROR[code]) return cb(error); cb(); } }); proc.stdin.end(data); } _final(cb) { destroy(this); cb(); } _destroy(err, cb) { destroy(this); cb(); } } return class PageantAgent extends OpenSSHAgent { getStream(cb) { cb(null, new PageantSocket()); } }; })(); const CygwinAgent = (() => { const RE_CYGWIN_SOCK = /^!(\d+) s ([A-Z0-9]{8}-[A-Z0-9]{8}-[A-Z0-9]{8}-[A-Z0-9]{8})/; return class CygwinAgent extends OpenSSHAgent { getStream(cb) { cb = once(cb); // The cygwin ssh-agent connection process looks like this: // 1. Read the "socket" as a file to get the underlying TCP port and a // special "secret" that must be sent to the TCP server. // 2. Connect to the server listening on localhost at the TCP port. // 3. Send the "secret" to the server. // 4. The server sends back the same "secret". // 5. Send three 32-bit integer values of zero. This is ordinarily the // pid, uid, and gid of this process, but cygwin will actually // send us the correct values as a response. // 6. The server sends back the pid, uid, gid. // 7. Disconnect. // 8. Repeat steps 2-6, except send the received pid, uid, and gid in // step 5 instead of zeroes. // 9. Connection is ready to be used. let socketPath = this.socketPath; let triedCygpath = false; readFile(socketPath, function readCygsocket(err, data) { if (err) { if (triedCygpath) return cb(new Error('Invalid cygwin unix socket path')); // Try using `cygpath` to convert a possible *nix-style path to the // real Windows path before giving up ... execFile('cygpath', ['-w', socketPath], (err, stdout, stderr) => { if (err || stdout.length === 0) return cb(new Error('Invalid cygwin unix socket path')); triedCygpath = true; socketPath = stdout.toString().replace(/[\r\n]/g, ''); readFile(socketPath, readCygsocket); }); return; } const m = RE_CYGWIN_SOCK.exec(data.toString('ascii')); if (!m) return cb(new Error('Malformed cygwin unix socket file')); let state; let bc = 0; let isRetrying = false; const inBuf = []; let sock; // Use 0 for pid, uid, and gid to ensure we get an error and also // a valid uid and gid from cygwin so that we don't have to figure it // out ourselves let credsBuf = Buffer.alloc(12); // Parse cygwin unix socket file contents const port = parseInt(m[1], 10); const secret = m[2].replace(/-/g, ''); const secretBuf = Buffer.allocUnsafe(16); for (let i = 0, j = 0; j < 32; ++i, j += 2) secretBuf[i] = parseInt(secret.substring(j, j + 2), 16); // Convert to host order (always LE for Windows) for (let i = 0; i < 16; i += 4) writeUInt32LE(secretBuf, readUInt32BE(secretBuf, i), i); tryConnect(); function _onconnect() { bc = 0; state = 'secret'; sock.write(secretBuf); } function _ondata(data) { bc += data.length; if (state === 'secret') { // The secret we sent is echoed back to us by cygwin, not sure of // the reason for that, but we ignore it nonetheless ... if (bc === 16) { bc = 0; state = 'creds'; sock.write(credsBuf); } return; } if (state === 'creds') { // If this is the first attempt, make sure to gather the valid // uid and gid for our next attempt if (!isRetrying) inBuf.push(data); if (bc === 12) { sock.removeListener('connect', _onconnect); sock.removeListener('data', _ondata); sock.removeListener('error', onFail); sock.removeListener('end', onFail); sock.removeListener('close', onFail); if (isRetrying) return cb(null, sock); isRetrying = true; credsBuf = Buffer.concat(inBuf); writeUInt32LE(credsBuf, process.pid, 0); sock.on('error', () => {}); sock.destroy(); tryConnect(); } } } function onFail() { cb(new Error('Problem negotiating cygwin unix socket security')); } function tryConnect() { sock = new Socket(); sock.on('connect', _onconnect); sock.on('data', _ondata); sock.on('error', onFail); sock.on('end', onFail); sock.on('close', onFail); sock.connect(port); } }); } }; })(); // Format of `//./pipe/ANYTHING`, with forward slashes and backward slashes // being interchangeable const WINDOWS_PIPE_REGEX = /^[/\\][/\\]\.[/\\]pipe[/\\].+/; function createAgent(path) { if (process.platform === 'win32' && !WINDOWS_PIPE_REGEX.test(path)) { return (path === 'pageant' ? new PageantAgent() : new CygwinAgent(path)); } return new OpenSSHAgent(path); } const AgentProtocol = (() => { // Client->Server messages const SSH_AGENTC_REQUEST_IDENTITIES = 11; const SSH_AGENTC_SIGN_REQUEST = 13; // const SSH_AGENTC_ADD_IDENTITY = 17; // const SSH_AGENTC_REMOVE_IDENTITY = 18; // const SSH_AGENTC_REMOVE_ALL_IDENTITIES = 19; // const SSH_AGENTC_ADD_SMARTCARD_KEY = 20; // const SSH_AGENTC_REMOVE_SMARTCARD_KEY = 21; // const SSH_AGENTC_LOCK = 22; // const SSH_AGENTC_UNLOCK = 23; // const SSH_AGENTC_ADD_ID_CONSTRAINED = 25; // const SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED = 26; // const SSH_AGENTC_EXTENSION = 27; // Server->Client messages const SSH_AGENT_FAILURE = 5; // const SSH_AGENT_SUCCESS = 6; const SSH_AGENT_IDENTITIES_ANSWER = 12; const SSH_AGENT_SIGN_RESPONSE = 14; // const SSH_AGENT_EXTENSION_FAILURE = 28; // const SSH_AGENT_CONSTRAIN_LIFETIME = 1; // const SSH_AGENT_CONSTRAIN_CONFIRM = 2; // const SSH_AGENT_CONSTRAIN_EXTENSION = 255; const SSH_AGENT_RSA_SHA2_256 = (1 << 1); const SSH_AGENT_RSA_SHA2_512 = (1 << 2); const ROLE_CLIENT = 0; const ROLE_SERVER = 1; // Ensures that responses get sent back in the same order the requests were // received function processResponses(protocol) { let ret; while (protocol[SYM_REQS].length) { const nextResponse = protocol[SYM_REQS][0][SYM_RESP]; if (nextResponse === undefined) break; protocol[SYM_REQS].shift(); ret = protocol.push(nextResponse); } return ret; } const SYM_TYPE = Symbol('Inbound Request Type'); const SYM_RESP = Symbol('Inbound Request Response'); const SYM_CTX = Symbol('Inbound Request Context'); class AgentInboundRequest { constructor(type, ctx) { this[SYM_TYPE] = type; this[SYM_RESP] = undefined; this[SYM_CTX] = ctx; } hasResponded() { return (this[SYM_RESP] !== undefined); } getType() { return this[SYM_TYPE]; } getContext() { return this[SYM_CTX]; } } function respond(protocol, req, data) { req[SYM_RESP] = data; return processResponses(protocol); } function cleanup(protocol) { protocol[SYM_BUFFER] = null; if (protocol[SYM_MODE] === ROLE_CLIENT) { const reqs = protocol[SYM_REQS]; if (reqs && reqs.length) { protocol[SYM_REQS] = []; for (const req of reqs) req.cb(new Error('No reply from server')); } } // Node streams hackery to make streams do the "right thing" try { protocol.end(); } catch {} setImmediate(() => { if (!protocol[SYM_ENDED]) protocol.emit('end'); if (!protocol[SYM_CLOSED]) protocol.emit('close'); }); } function onClose() { this[SYM_CLOSED] = true; } function onEnd() { this[SYM_ENDED] = true; } const SYM_REQS = Symbol('Requests'); const SYM_MODE = Symbol('Agent Protocol Role'); const SYM_BUFFER = Symbol('Agent Protocol Buffer'); const SYM_MSGLEN = Symbol('Agent Protocol Current Message Length'); const SYM_CLOSED = Symbol('Agent Protocol Closed'); const SYM_ENDED = Symbol('Agent Protocol Ended'); // Implementation based on: // https://tools.ietf.org/html/draft-miller-ssh-agent-04 return class AgentProtocol extends Duplex { /* Notes: - `constraint` type consists of: byte constraint_type byte[] constraint_data where `constraint_type` is one of: * SSH_AGENT_CONSTRAIN_LIFETIME - `constraint_data` consists of: uint32 seconds * SSH_AGENT_CONSTRAIN_CONFIRM - `constraint_data` N/A * SSH_AGENT_CONSTRAIN_EXTENSION - `constraint_data` consists of: string extension name byte[] extension-specific details */ constructor(isClient) { super({ autoDestroy: true, emitClose: false }); this[SYM_MODE] = (isClient ? ROLE_CLIENT : ROLE_SERVER); this[SYM_REQS] = []; this[SYM_BUFFER] = null; this[SYM_MSGLEN] = -1; this.once('end', onEnd); this.once('close', onClose); } _read(n) {} _write(data, encoding, cb) { /* Messages are of the format: uint32 message length byte message type byte[message length - 1] message contents */ if (this[SYM_BUFFER] === null) this[SYM_BUFFER] = data; else this[SYM_BUFFER] = concat(this[SYM_BUFFER], data); let buffer = this[SYM_BUFFER]; let bufferLen = buffer.length; let p = 0; while (p < bufferLen) { // Wait for length + type if (bufferLen < 5) break; if (this[SYM_MSGLEN] === -1) this[SYM_MSGLEN] = readUInt32BE(buffer, p); // Check if we have the entire message if (bufferLen < (4 + this[SYM_MSGLEN])) break; const msgType = buffer[p += 4]; ++p; if (this[SYM_MODE] === ROLE_CLIENT) { if (this[SYM_REQS].length === 0) return cb(new Error('Received unexpected message from server')); const req = this[SYM_REQS].shift(); switch (msgType) { case SSH_AGENT_FAILURE: req.cb(new Error('Agent responded with failure')); break; case SSH_AGENT_IDENTITIES_ANSWER: { if (req.type !== SSH_AGENTC_REQUEST_IDENTITIES) return cb(new Error('Agent responded with wrong message type')); /* byte SSH_AGENT_IDENTITIES_ANSWER uint32 nkeys where `nkeys` is 0 or more of: string key blob string comment */ binaryParser.init(buffer, p); const numKeys = binaryParser.readUInt32BE(); if (numKeys === undefined) { binaryParser.clear(); return cb(new Error('Malformed agent response')); } const keys = []; for (let i = 0; i < numKeys; ++i) { let pubKey = binaryParser.readString(); if (pubKey === undefined) { binaryParser.clear(); return cb(new Error('Malformed agent response')); } const comment = binaryParser.readString(true); if (comment === undefined) { binaryParser.clear(); return cb(new Error('Malformed agent response')); } pubKey = parseKey(pubKey); // We continue parsing the packet if we encounter an error // in case the error is due to the key being an unsupported // type if (pubKey instanceof Error) continue; pubKey.comment = pubKey.comment || comment; keys.push(pubKey); } p = binaryParser.pos(); binaryParser.clear(); req.cb(null, keys); break; } case SSH_AGENT_SIGN_RESPONSE: { if (req.type !== SSH_AGENTC_SIGN_REQUEST) return cb(new Error('Agent responded with wrong message type')); /* byte SSH_AGENT_SIGN_RESPONSE string signature */ binaryParser.init(buffer, p); let signature = binaryParser.readString(); p = binaryParser.pos(); binaryParser.clear(); if (signature === undefined) return cb(new Error('Malformed agent response')); // We strip the algorithm from OpenSSH's output and assume it's // using the algorithm we specified. This makes it easier on // custom Agent implementations so they don't have to construct // the correct binary format for a (OpenSSH-style) signature. // TODO: verify signature type based on key and options used // during initial sign request binaryParser.init(signature, 0); binaryParser.readString(true); signature = binaryParser.readString(); binaryParser.clear(); if (signature === undefined) return cb(new Error('Malformed OpenSSH signature format')); req.cb(null, signature); break; } default: return cb( new Error('Agent responded with unsupported message type') ); } } else { switch (msgType) { case SSH_AGENTC_REQUEST_IDENTITIES: { const req = new AgentInboundRequest(msgType); this[SYM_REQS].push(req); /* byte SSH_AGENTC_REQUEST_IDENTITIES */ this.emit('identities', req); break; } case SSH_AGENTC_SIGN_REQUEST: { /* byte SSH_AGENTC_SIGN_REQUEST string key_blob string data uint32 flags */ binaryParser.init(buffer, p); let pubKey = binaryParser.readString(); const data = binaryParser.readString(); const flagsVal = binaryParser.readUInt32BE(); p = binaryParser.pos(); binaryParser.clear(); if (flagsVal === undefined) { const req = new AgentInboundRequest(msgType); this[SYM_REQS].push(req); return this.failureReply(req); } pubKey = parseKey(pubKey); if (pubKey instanceof Error) { const req = new AgentInboundRequest(msgType); this[SYM_REQS].push(req); return this.failureReply(req); } const flags = { hash: undefined, }; let ctx; if (pubKey.type === 'ssh-rsa') { if (flagsVal & SSH_AGENT_RSA_SHA2_256) { ctx = 'rsa-sha2-256'; flags.hash = 'sha256'; } else if (flagsVal & SSH_AGENT_RSA_SHA2_512) { ctx = 'rsa-sha2-512'; flags.hash = 'sha512'; } } if (ctx === undefined) ctx = pubKey.type; const req = new AgentInboundRequest(msgType, ctx); this[SYM_REQS].push(req); this.emit('sign', req, pubKey, data, flags); break; } default: { const req = new AgentInboundRequest(msgType); this[SYM_REQS].push(req); this.failureReply(req); } } } // Get ready for next message this[SYM_MSGLEN] = -1; if (p === bufferLen) { // Nothing left to process for now this[SYM_BUFFER] = null; break; } else { this[SYM_BUFFER] = buffer = buffer.slice(p); bufferLen = buffer.length; p = 0; } } cb(); } _destroy(err, cb) { cleanup(this); cb(); } _final(cb) { cleanup(this); cb(); } // Client->Server messages ================================================= sign(pubKey, data, options, cb) { if (this[SYM_MODE] !== ROLE_CLIENT) throw new Error('Client-only method called with server role'); if (typeof options === 'function') { cb = options; options = undefined; } else if (typeof options !== 'object' || options === null) { options = undefined; } let flags = 0; pubKey = parseKey(pubKey); if (pubKey instanceof Error) throw new Error('Invalid public key argument'); if (pubKey.type === 'ssh-rsa' && options) { switch (options.hash) { case 'sha256': flags = SSH_AGENT_RSA_SHA2_256; break; case 'sha512': flags = SSH_AGENT_RSA_SHA2_512; break; } } pubKey = pubKey.getPublicSSH(); /* byte SSH_AGENTC_SIGN_REQUEST string key_blob string data uint32 flags */ const type = SSH_AGENTC_SIGN_REQUEST; const keyLen = pubKey.length; const dataLen = data.length; let p = 0; const buf = Buffer.allocUnsafe(4 + 1 + 4 + keyLen + 4 + dataLen + 4); writeUInt32BE(buf, buf.length - 4, p); buf[p += 4] = type; writeUInt32BE(buf, keyLen, ++p); pubKey.copy(buf, p += 4); writeUInt32BE(buf, dataLen, p += keyLen); data.copy(buf, p += 4); writeUInt32BE(buf, flags, p += dataLen); if (typeof cb !== 'function') cb = noop; this[SYM_REQS].push({ type, cb }); return this.push(buf); } getIdentities(cb) { if (this[SYM_MODE] !== ROLE_CLIENT) throw new Error('Client-only method called with server role'); /* byte SSH_AGENTC_REQUEST_IDENTITIES */ const type = SSH_AGENTC_REQUEST_IDENTITIES; let p = 0; const buf = Buffer.allocUnsafe(4 + 1); writeUInt32BE(buf, buf.length - 4, p); buf[p += 4] = type; if (typeof cb !== 'function') cb = noop; this[SYM_REQS].push({ type, cb }); return this.push(buf); } // Server->Client messages ================================================= failureReply(req) { if (this[SYM_MODE] !== ROLE_SERVER) throw new Error('Server-only method called with client role'); if (!(req instanceof AgentInboundRequest)) throw new Error('Wrong request argument'); if (req.hasResponded()) return true; let p = 0; const buf = Buffer.allocUnsafe(4 + 1); writeUInt32BE(buf, buf.length - 4, p); buf[p += 4] = SSH_AGENT_FAILURE; return respond(this, req, buf); } getIdentitiesReply(req, keys) { if (this[SYM_MODE] !== ROLE_SERVER) throw new Error('Server-only method called with client role'); if (!(req instanceof AgentInboundRequest)) throw new Error('Wrong request argument'); if (req.hasResponded()) return true; /* byte SSH_AGENT_IDENTITIES_ANSWER uint32 nkeys where `nkeys` is 0 or more of: string key blob string comment */ if (req.getType() !== SSH_AGENTC_REQUEST_IDENTITIES) throw new Error('Invalid response to request'); if (!Array.isArray(keys)) throw new Error('Keys argument must be an array'); let totalKeysLen = 4; // Include `nkeys` size const newKeys = []; for (let i = 0; i < keys.length; ++i) { const entry = keys[i]; if (typeof entry !== 'object' || entry === null) throw new Error(`Invalid key entry: ${entry}`); let pubKey; let comment; if (isParsedKey(entry)) { pubKey = entry; } else if (isParsedKey(entry.pubKey)) { pubKey = entry.pubKey; } else { if (typeof entry.pubKey !== 'object' || entry.pubKey === null) continue; ({ pubKey, comment } = entry.pubKey); pubKey = parseKey(pubKey); if (pubKey instanceof Error) continue; // TODO: add debug output } comment = pubKey.comment || comment; pubKey = pubKey.getPublicSSH(); totalKeysLen += 4 + pubKey.length; if (comment && typeof comment === 'string') comment = Buffer.from(comment); else if (!Buffer.isBuffer(comment)) comment = EMPTY_BUF; totalKeysLen += 4 + comment.length; newKeys.push({ pubKey, comment }); } let p = 0; const buf = Buffer.allocUnsafe(4 + 1 + totalKeysLen); writeUInt32BE(buf, buf.length - 4, p); buf[p += 4] = SSH_AGENT_IDENTITIES_ANSWER; writeUInt32BE(buf, newKeys.length, ++p); p += 4; for (let i = 0; i < newKeys.length; ++i) { const { pubKey, comment } = newKeys[i]; writeUInt32BE(buf, pubKey.length, p); pubKey.copy(buf, p += 4); writeUInt32BE(buf, comment.length, p += pubKey.length); p += 4; if (comment.length) { comment.copy(buf, p); p += comment.length; } } return respond(this, req, buf); } signReply(req, signature) { if (this[SYM_MODE] !== ROLE_SERVER) throw new Error('Server-only method called with client role'); if (!(req instanceof AgentInboundRequest)) throw new Error('Wrong request argument'); if (req.hasResponded()) return true; /* byte SSH_AGENT_SIGN_RESPONSE string signature */ if (req.getType() !== SSH_AGENTC_SIGN_REQUEST) throw new Error('Invalid response to request'); if (!Buffer.isBuffer(signature)) throw new Error('Signature argument must be a Buffer'); if (signature.length === 0) throw new Error('Signature argument must be non-empty'); /* OpenSSH agent signatures are encoded as: string signature format identifier (as specified by the public key/certificate format) byte[n] signature blob in format specific encoding. - This is actually a `string` for: rsa, dss, ecdsa, and ed25519 types */ let p = 0; const sigFormat = req.getContext(); const sigFormatLen = Buffer.byteLength(sigFormat); const buf = Buffer.allocUnsafe( 4 + 1 + 4 + 4 + sigFormatLen + 4 + signature.length ); writeUInt32BE(buf, buf.length - 4, p); buf[p += 4] = SSH_AGENT_SIGN_RESPONSE; writeUInt32BE(buf, 4 + sigFormatLen + 4 + signature.length, ++p); writeUInt32BE(buf, sigFormatLen, p += 4); buf.utf8Write(sigFormat, p += 4, sigFormatLen); writeUInt32BE(buf, signature.length, p += sigFormatLen); signature.copy(buf, p += 4); return respond(this, req, buf); } }; })(); const SYM_AGENT = Symbol('Agent'); const SYM_AGENT_KEYS = Symbol('Agent Keys'); const SYM_AGENT_KEYS_IDX = Symbol('Agent Keys Index'); const SYM_AGENT_CBS = Symbol('Agent Init Callbacks'); class AgentContext { constructor(agent) { if (typeof agent === 'string') agent = createAgent(agent); else if (!isAgent(agent)) throw new Error('Invalid agent argument'); this[SYM_AGENT] = agent; this[SYM_AGENT_KEYS] = null; this[SYM_AGENT_KEYS_IDX] = -1; this[SYM_AGENT_CBS] = null; } init(cb) { if (typeof cb !== 'function') cb = noop; if (this[SYM_AGENT_KEYS] === null) { if (this[SYM_AGENT_CBS] === null) { this[SYM_AGENT_CBS] = [cb]; const doCbs = (...args) => { process.nextTick(() => { const cbs = this[SYM_AGENT_CBS]; this[SYM_AGENT_CBS] = null; for (const cb of cbs) cb(...args); }); }; this[SYM_AGENT].getIdentities(once((err, keys) => { if (err) return doCbs(err); if (!Array.isArray(keys)) { return doCbs(new Error( 'Agent implementation failed to provide keys' )); } const newKeys = []; for (let key of keys) { key = parseKey(key); if (key instanceof Error) { // TODO: add debug output continue; } newKeys.push(key); } this[SYM_AGENT_KEYS] = newKeys; this[SYM_AGENT_KEYS_IDX] = -1; doCbs(); })); } else { this[SYM_AGENT_CBS].push(cb); } } else { process.nextTick(cb); } } nextKey() { if (this[SYM_AGENT_KEYS] === null || ++this[SYM_AGENT_KEYS_IDX] >= this[SYM_AGENT_KEYS].length) { return false; } return this[SYM_AGENT_KEYS][this[SYM_AGENT_KEYS_IDX]]; } currentKey() { if (this[SYM_AGENT_KEYS] === null || this[SYM_AGENT_KEYS_IDX] >= this[SYM_AGENT_KEYS].length) { return null; } return this[SYM_AGENT_KEYS][this[SYM_AGENT_KEYS_IDX]]; } pos() { if (this[SYM_AGENT_KEYS] === null || this[SYM_AGENT_KEYS_IDX] >= this[SYM_AGENT_KEYS].length) { return -1; } return this[SYM_AGENT_KEYS_IDX]; } reset() { this[SYM_AGENT_KEYS_IDX] = -1; } sign(...args) { this[SYM_AGENT].sign(...args); } } function isAgent(val) { return (val instanceof BaseAgent); } module.exports = { AgentContext, AgentProtocol, BaseAgent, createAgent, CygwinAgent, isAgent, OpenSSHAgent, PageantAgent, }; /***/ }), /***/ 6063: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; // TODO: // * add `.connected` or similar property to allow immediate connection // status checking // * add/improve debug output during user authentication phase const { createHash, getHashes, randomFillSync, } = __nccwpck_require__(6417); const { Socket } = __nccwpck_require__(1631); const { lookup: dnsLookup } = __nccwpck_require__(881); const EventEmitter = __nccwpck_require__(8614); const HASHES = getHashes(); const { COMPAT, CHANNEL_EXTENDED_DATATYPE: { STDERR }, CHANNEL_OPEN_FAILURE, DEFAULT_CIPHER, DEFAULT_COMPRESSION, DEFAULT_KEX, DEFAULT_MAC, DEFAULT_SERVER_HOST_KEY, DISCONNECT_REASON, DISCONNECT_REASON_BY_VALUE, SUPPORTED_CIPHER, SUPPORTED_COMPRESSION, SUPPORTED_KEX, SUPPORTED_MAC, SUPPORTED_SERVER_HOST_KEY, } = __nccwpck_require__(6832); const { init: cryptoInit } = __nccwpck_require__(5708); const Protocol = __nccwpck_require__(9031); const { parseKey } = __nccwpck_require__(2218); const { SFTP } = __nccwpck_require__(2026); const { bufferCopy, makeBufferParser, makeError, readUInt32BE, sigSSHToASN1, writeUInt32BE, } = __nccwpck_require__(9475); const { AgentContext, createAgent, isAgent } = __nccwpck_require__(9054); const { Channel, MAX_WINDOW, PACKET_SIZE, windowAdjust, WINDOW_THRESHOLD, } = __nccwpck_require__(3204); const { ChannelManager, generateAlgorithmList, isWritable, onChannelOpenFailure, onCHANNEL_CLOSE, } = __nccwpck_require__(834); const bufferParser = makeBufferParser(); const sigParser = makeBufferParser(); const RE_OPENSSH = /^OpenSSH_(?:(?![0-4])\d)|(?:\d{2,})/; const noop = (err) => {}; class Client extends EventEmitter { constructor() { super(); this.config = { host: undefined, port: undefined, localAddress: undefined, localPort: undefined, forceIPv4: undefined, forceIPv6: undefined, keepaliveCountMax: undefined, keepaliveInterval: undefined, readyTimeout: undefined, ident: undefined, username: undefined, password: undefined, privateKey: undefined, tryKeyboard: undefined, agent: undefined, allowAgentFwd: undefined, authHandler: undefined, hostHashAlgo: undefined, hostHashCb: undefined, strictVendor: undefined, debug: undefined }; this._agent = undefined; this._readyTimeout = undefined; this._chanMgr = undefined; this._callbacks = undefined; this._forwarding = undefined; this._forwardingUnix = undefined; this._acceptX11 = undefined; this._agentFwdEnabled = undefined; this._remoteVer = undefined; this._protocol = undefined; this._sock = undefined; this._resetKA = undefined; } connect(cfg) { if (this._sock && isWritable(this._sock)) { this.once('close', () => { this.connect(cfg); }); this.end(); return this; } this.config.host = cfg.hostname || cfg.host || 'localhost'; this.config.port = cfg.port || 22; this.config.localAddress = (typeof cfg.localAddress === 'string' ? cfg.localAddress : undefined); this.config.localPort = (typeof cfg.localPort === 'string' || typeof cfg.localPort === 'number' ? cfg.localPort : undefined); this.config.forceIPv4 = cfg.forceIPv4 || false; this.config.forceIPv6 = cfg.forceIPv6 || false; this.config.keepaliveCountMax = (typeof cfg.keepaliveCountMax === 'number' && cfg.keepaliveCountMax >= 0 ? cfg.keepaliveCountMax : 3); this.config.keepaliveInterval = (typeof cfg.keepaliveInterval === 'number' && cfg.keepaliveInterval > 0 ? cfg.keepaliveInterval : 0); this.config.readyTimeout = (typeof cfg.readyTimeout === 'number' && cfg.readyTimeout >= 0 ? cfg.readyTimeout : 20000); this.config.ident = (typeof cfg.ident === 'string' || Buffer.isBuffer(cfg.ident) ? cfg.ident : undefined); const algorithms = { kex: undefined, serverHostKey: undefined, cs: { cipher: undefined, mac: undefined, compress: undefined, lang: [], }, sc: undefined, }; let allOfferDefaults = true; if (typeof cfg.algorithms === 'object' && cfg.algorithms !== null) { algorithms.kex = generateAlgorithmList(cfg.algorithms.kex, DEFAULT_KEX, SUPPORTED_KEX); if (algorithms.kex !== DEFAULT_KEX) allOfferDefaults = false; algorithms.serverHostKey = generateAlgorithmList(cfg.algorithms.serverHostKey, DEFAULT_SERVER_HOST_KEY, SUPPORTED_SERVER_HOST_KEY); if (algorithms.serverHostKey !== DEFAULT_SERVER_HOST_KEY) allOfferDefaults = false; algorithms.cs.cipher = generateAlgorithmList(cfg.algorithms.cipher, DEFAULT_CIPHER, SUPPORTED_CIPHER); if (algorithms.cs.cipher !== DEFAULT_CIPHER) allOfferDefaults = false; algorithms.cs.mac = generateAlgorithmList(cfg.algorithms.hmac, DEFAULT_MAC, SUPPORTED_MAC); if (algorithms.cs.mac !== DEFAULT_MAC) allOfferDefaults = false; algorithms.cs.compress = generateAlgorithmList(cfg.algorithms.compress, DEFAULT_COMPRESSION, SUPPORTED_COMPRESSION); if (algorithms.cs.compress !== DEFAULT_COMPRESSION) allOfferDefaults = false; if (!allOfferDefaults) algorithms.sc = algorithms.cs; } if (typeof cfg.username === 'string') this.config.username = cfg.username; else if (typeof cfg.user === 'string') this.config.username = cfg.user; else throw new Error('Invalid username'); this.config.password = (typeof cfg.password === 'string' ? cfg.password : undefined); this.config.privateKey = (typeof cfg.privateKey === 'string' || Buffer.isBuffer(cfg.privateKey) ? cfg.privateKey : undefined); this.config.localHostname = (typeof cfg.localHostname === 'string' ? cfg.localHostname : undefined); this.config.localUsername = (typeof cfg.localUsername === 'string' ? cfg.localUsername : undefined); this.config.tryKeyboard = (cfg.tryKeyboard === true); if (typeof cfg.agent === 'string' && cfg.agent.length) this.config.agent = createAgent(cfg.agent); else if (isAgent(cfg.agent)) this.config.agent = cfg.agent; else this.config.agent = undefined; this.config.allowAgentFwd = (cfg.agentForward === true && this.config.agent !== undefined); let authHandler = this.config.authHandler = ( typeof cfg.authHandler === 'function' || Array.isArray(cfg.authHandler) ? cfg.authHandler : undefined ); this.config.strictVendor = (typeof cfg.strictVendor === 'boolean' ? cfg.strictVendor : true); const debug = this.config.debug = (typeof cfg.debug === 'function' ? cfg.debug : undefined); if (cfg.agentForward === true && !this.config.allowAgentFwd) { throw new Error( 'You must set a valid agent path to allow agent forwarding' ); } let callbacks = this._callbacks = []; this._chanMgr = new ChannelManager(this); this._forwarding = {}; this._forwardingUnix = {}; this._acceptX11 = 0; this._agentFwdEnabled = false; this._agent = (this.config.agent ? this.config.agent : undefined); this._remoteVer = undefined; let privateKey; if (this.config.privateKey) { privateKey = parseKey(this.config.privateKey, cfg.passphrase); if (privateKey instanceof Error) throw new Error(`Cannot parse privateKey: ${privateKey.message}`); if (Array.isArray(privateKey)) { // OpenSSH's newer format only stores 1 key for now privateKey = privateKey[0]; } if (privateKey.getPrivatePEM() === null) { throw new Error( 'privateKey value does not contain a (valid) private key' ); } } let hostVerifier; if (typeof cfg.hostVerifier === 'function') { const hashCb = cfg.hostVerifier; let hasher; if (HASHES.indexOf(cfg.hostHash) !== -1) { // Default to old behavior of hashing on user's behalf hasher = createHash(cfg.hostHash); } hostVerifier = (key, verify) => { if (hasher) { hasher.update(key); key = hasher.digest('hex'); } const ret = hashCb(key, verify); if (ret !== undefined) verify(ret); }; } const sock = this._sock = (cfg.sock || new Socket()); let ready = false; let sawHeader = false; if (this._protocol) this._protocol.cleanup(); const DEBUG_HANDLER = (!debug ? undefined : (p, display, msg) => { debug(`Debug output from server: ${JSON.stringify(msg)}`); }); const proto = this._protocol = new Protocol({ ident: this.config.ident, offer: (allOfferDefaults ? undefined : algorithms), onWrite: (data) => { if (isWritable(sock)) sock.write(data); }, onError: (err) => { if (err.level === 'handshake') clearTimeout(this._readyTimeout); if (!proto._destruct) sock.removeAllListeners('data'); this.emit('error', err); try { sock.end(); } catch {} }, onHeader: (header) => { sawHeader = true; this._remoteVer = header.versions.software; if (header.greeting) this.emit('greeting', header.greeting); }, onHandshakeComplete: (negotiated) => { this.emit('handshake', negotiated); if (!ready) { ready = true; proto.service('ssh-userauth'); } }, debug, hostVerifier, messageHandlers: { DEBUG: DEBUG_HANDLER, DISCONNECT: (p, reason, desc) => { if (reason !== DISCONNECT_REASON.BY_APPLICATION) { if (!desc) { desc = DISCONNECT_REASON_BY_VALUE[reason]; if (desc === undefined) desc = `Unexpected disconnection reason: ${reason}`; } const err = new Error(desc); err.code = reason; this.emit('error', err); } sock.end(); }, SERVICE_ACCEPT: (p, name) => { if (name === 'ssh-userauth') tryNextAuth(); }, USERAUTH_BANNER: (p, msg) => { this.emit('banner', msg); }, USERAUTH_SUCCESS: (p) => { // Start keepalive mechanism resetKA(); clearTimeout(this._readyTimeout); this.emit('ready'); }, USERAUTH_FAILURE: (p, authMethods, partialSuccess) => { if (curAuth.type === 'agent') { const pos = curAuth.agentCtx.pos(); debug && debug(`Client: Agent key #${pos + 1} failed`); return tryNextAgentKey(); } debug && debug(`Client: ${curAuth.type} auth failed`); curPartial = partialSuccess; curAuthsLeft = authMethods; tryNextAuth(); }, USERAUTH_PASSWD_CHANGEREQ: (p, prompt) => { if (curAuth.type === 'password') { // TODO: support a `changePrompt()` on `curAuth` that defaults to // emitting 'change password' as before this.emit('change password', prompt, (newPassword) => { proto.authPassword( this.config.username, this.config.password, newPassword ); }); } }, USERAUTH_PK_OK: (p) => { if (curAuth.type === 'agent') { const key = curAuth.agentCtx.currentKey(); proto.authPK(curAuth.username, key, (buf, cb) => { curAuth.agentCtx.sign(key, buf, {}, (err, signed) => { if (err) { err.level = 'agent'; this.emit('error', err); } else { return cb(signed); } tryNextAgentKey(); }); }); } else if (curAuth.type === 'publickey') { proto.authPK(curAuth.username, curAuth.key, (buf, cb) => { const signature = curAuth.key.sign(buf); if (signature instanceof Error) { signature.message = `Error signing data with key: ${signature.message}`; signature.level = 'client-authentication'; this.emit('error', signature); return tryNextAuth(); } cb(signature); }); } }, USERAUTH_INFO_REQUEST: (p, name, instructions, prompts) => { if (curAuth.type === 'keyboard-interactive') { const nprompts = (Array.isArray(prompts) ? prompts.length : 0); if (nprompts === 0) { debug && debug( 'Client: Sending automatic USERAUTH_INFO_RESPONSE' ); proto.authInfoRes(); return; } // We sent a keyboard-interactive user authentication request and // now the server is sending us the prompts we need to present to // the user curAuth.prompt( name, instructions, '', prompts, (answers) => { proto.authInfoRes(answers); } ); } }, REQUEST_SUCCESS: (p, data) => { if (callbacks.length) callbacks.shift()(false, data); }, REQUEST_FAILURE: (p) => { if (callbacks.length) callbacks.shift()(true); }, GLOBAL_REQUEST: (p, name, wantReply, data) => { switch (name) { case 'hostkeys-00@openssh.com': // Automatically verify keys before passing to end user hostKeysProve(this, data, (err, keys) => { if (err) return; this.emit('hostkeys', keys); }); if (wantReply) proto.requestSuccess(); break; default: // Auto-reject all other global requests, this can be especially // useful if the server is sending us dummy keepalive global // requests if (wantReply) proto.requestFailure(); } }, CHANNEL_OPEN: (p, info) => { // Handle incoming requests from server, typically a forwarded TCP or // X11 connection onCHANNEL_OPEN(this, info); }, CHANNEL_OPEN_CONFIRMATION: (p, info) => { const channel = this._chanMgr.get(info.recipient); if (typeof channel !== 'function') return; const isSFTP = (channel.type === 'sftp'); const type = (isSFTP ? 'session' : channel.type); const chanInfo = { type, incoming: { id: info.recipient, window: MAX_WINDOW, packetSize: PACKET_SIZE, state: 'open' }, outgoing: { id: info.sender, window: info.window, packetSize: info.packetSize, state: 'open' } }; const instance = ( isSFTP ? new SFTP(this, chanInfo, { debug }) : new Channel(this, chanInfo) ); this._chanMgr.update(info.recipient, instance); channel(undefined, instance); }, CHANNEL_OPEN_FAILURE: (p, recipient, reason, description) => { const channel = this._chanMgr.get(recipient); if (typeof channel !== 'function') return; const info = { reason, description }; onChannelOpenFailure(this, recipient, info, channel); }, CHANNEL_DATA: (p, recipient, data) => { const channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; // The remote party should not be sending us data if there is no // window space available ... // TODO: raise error on data with not enough window? if (channel.incoming.window === 0) return; channel.incoming.window -= data.length; if (channel.push(data) === false) { channel._waitChanDrain = true; return; } if (channel.incoming.window <= WINDOW_THRESHOLD) windowAdjust(channel); }, CHANNEL_EXTENDED_DATA: (p, recipient, data, type) => { if (type !== STDERR) return; const channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; // The remote party should not be sending us data if there is no // window space available ... // TODO: raise error on data with not enough window? if (channel.incoming.window === 0) return; channel.incoming.window -= data.length; if (!channel.stderr.push(data)) { channel._waitChanDrain = true; return; } if (channel.incoming.window <= WINDOW_THRESHOLD) windowAdjust(channel); }, CHANNEL_WINDOW_ADJUST: (p, recipient, amount) => { const channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; // The other side is allowing us to send `amount` more bytes of data channel.outgoing.window += amount; if (channel._waitWindow) { channel._waitWindow = false; if (channel._chunk) { channel._write(channel._chunk, null, channel._chunkcb); } else if (channel._chunkcb) { channel._chunkcb(); } else if (channel._chunkErr) { channel.stderr._write(channel._chunkErr, null, channel._chunkcbErr); } else if (channel._chunkcbErr) { channel._chunkcbErr(); } } }, CHANNEL_SUCCESS: (p, recipient) => { const channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; this._resetKA(); if (channel._callbacks.length) channel._callbacks.shift()(false); }, CHANNEL_FAILURE: (p, recipient) => { const channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; this._resetKA(); if (channel._callbacks.length) channel._callbacks.shift()(true); }, CHANNEL_REQUEST: (p, recipient, type, wantReply, data) => { const channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; const exit = channel._exit; if (exit.code !== undefined) return; switch (type) { case 'exit-status': channel.emit('exit', exit.code = data); return; case 'exit-signal': channel.emit('exit', exit.code = null, exit.signal = `SIG${data.signal}`, exit.dump = data.coreDumped, exit.desc = data.errorMessage); return; } // Keepalive request? OpenSSH will send one as a channel request if // there is a channel open if (wantReply) p.channelFailure(channel.outgoing.id); }, CHANNEL_EOF: (p, recipient) => { const channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; if (channel.incoming.state !== 'open') return; channel.incoming.state = 'eof'; if (channel.readable) channel.push(null); if (channel.stderr.readable) channel.stderr.push(null); }, CHANNEL_CLOSE: (p, recipient) => { onCHANNEL_CLOSE(this, recipient, this._chanMgr.get(recipient)); }, }, }); sock.pause(); // TODO: check keepalive implementation // Keepalive-related const kainterval = this.config.keepaliveInterval; const kacountmax = this.config.keepaliveCountMax; let kacount = 0; let katimer; const sendKA = () => { if (++kacount > kacountmax) { clearInterval(katimer); if (sock.readable) { const err = new Error('Keepalive timeout'); err.level = 'client-timeout'; this.emit('error', err); sock.destroy(); } return; } if (isWritable(sock)) { // Append dummy callback to keep correct callback order callbacks.push(resetKA); proto.ping(); } else { clearInterval(katimer); } }; function resetKA() { if (kainterval > 0) { kacount = 0; clearInterval(katimer); if (isWritable(sock)) katimer = setInterval(sendKA, kainterval); } } this._resetKA = resetKA; const onDone = (() => { let called = false; return () => { if (called) return; called = true; if (wasConnected && !sawHeader) { const err = makeError('Connection lost before handshake', 'protocol', true); this.emit('error', err); } }; })(); const onConnect = (() => { let called = false; return () => { if (called) return; called = true; wasConnected = true; debug && debug('Socket connected'); this.emit('connect'); cryptoInit.then(() => { proto.start(); sock.on('data', (data) => { try { proto.parse(data, 0, data.length); } catch (ex) { this.emit('error', ex); try { if (isWritable(sock)) sock.end(); } catch {} } }); // Drain stderr if we are connection hopping using an exec stream if (sock.stderr && typeof sock.stderr.resume === 'function') sock.stderr.resume(); sock.resume(); }).catch((err) => { this.emit('error', err); try { if (isWritable(sock)) sock.end(); } catch {} }); }; })(); let wasConnected = false; sock.on('connect', onConnect) .on('timeout', () => { this.emit('timeout'); }).on('error', (err) => { debug && debug(`Socket error: ${err.message}`); clearTimeout(this._readyTimeout); err.level = 'client-socket'; this.emit('error', err); }).on('end', () => { debug && debug('Socket ended'); onDone(); proto.cleanup(); clearTimeout(this._readyTimeout); clearInterval(katimer); this.emit('end'); }).on('close', () => { debug && debug('Socket closed'); onDone(); proto.cleanup(); clearTimeout(this._readyTimeout); clearInterval(katimer); this.emit('close'); // Notify outstanding channel requests of disconnection ... const callbacks_ = callbacks; callbacks = this._callbacks = []; const err = new Error('No response from server'); for (let i = 0; i < callbacks_.length; ++i) callbacks_[i](err); // Simulate error for any channels waiting to be opened this._chanMgr.cleanup(err); }); // Begin authentication handling =========================================== let curAuth; let curPartial = null; let curAuthsLeft = null; const authsAllowed = ['none']; if (this.config.password !== undefined) authsAllowed.push('password'); if (privateKey !== undefined) authsAllowed.push('publickey'); if (this._agent !== undefined) authsAllowed.push('agent'); if (this.config.tryKeyboard) authsAllowed.push('keyboard-interactive'); if (privateKey !== undefined && this.config.localHostname !== undefined && this.config.localUsername !== undefined) { authsAllowed.push('hostbased'); } if (Array.isArray(authHandler)) authHandler = makeSimpleAuthHandler(authHandler); else if (typeof authHandler !== 'function') authHandler = makeSimpleAuthHandler(authsAllowed); let hasSentAuth = false; const doNextAuth = (nextAuth) => { if (hasSentAuth) return; hasSentAuth = true; if (nextAuth === false) { const err = new Error('All configured authentication methods failed'); err.level = 'client-authentication'; this.emit('error', err); this.end(); return; } if (typeof nextAuth === 'string') { // Remain backwards compatible with original `authHandler()` usage, // which only supported passing names of next method to try using data // from the `connect()` config object const type = nextAuth; if (authsAllowed.indexOf(type) === -1) return skipAuth(`Authentication method not allowed: ${type}`); const username = this.config.username; switch (type) { case 'password': nextAuth = { type, username, password: this.config.password }; break; case 'publickey': nextAuth = { type, username, key: privateKey }; break; case 'hostbased': nextAuth = { type, username, key: privateKey, localHostname: this.config.localHostname, localUsername: this.config.localUsername, }; break; case 'agent': nextAuth = { type, username, agentCtx: new AgentContext(this._agent), }; break; case 'keyboard-interactive': nextAuth = { type, username, prompt: (...args) => this.emit('keyboard-interactive', ...args), }; break; case 'none': nextAuth = { type, username }; break; default: return skipAuth( `Skipping unsupported authentication method: ${nextAuth}` ); } } else if (typeof nextAuth !== 'object' || nextAuth === null) { return skipAuth( `Skipping invalid authentication attempt: ${nextAuth}` ); } else { const username = nextAuth.username; if (typeof username !== 'string') { return skipAuth( `Skipping invalid authentication attempt: ${nextAuth}` ); } const type = nextAuth.type; switch (type) { case 'password': { const { password } = nextAuth; if (typeof password !== 'string' && !Buffer.isBuffer(password)) return skipAuth('Skipping invalid password auth attempt'); nextAuth = { type, username, password }; break; } case 'publickey': { const key = parseKey(nextAuth.key, nextAuth.passphrase); if (key instanceof Error) return skipAuth('Skipping invalid key auth attempt'); if (!key.isPrivateKey()) return skipAuth('Skipping non-private key'); nextAuth = { type, username, key }; break; } case 'hostbased': { const { localHostname, localUsername } = nextAuth; const key = parseKey(nextAuth.key, nextAuth.passphrase); if (key instanceof Error || typeof localHostname !== 'string' || typeof localUsername !== 'string') { return skipAuth('Skipping invalid hostbased auth attempt'); } if (!key.isPrivateKey()) return skipAuth('Skipping non-private key'); nextAuth = { type, username, key, localHostname, localUsername }; break; } case 'agent': { let agent = nextAuth.agent; if (typeof agent === 'string' && agent.length) { agent = createAgent(agent); } else if (!isAgent(agent)) { return skipAuth( `Skipping invalid agent: ${nextAuth.agent}` ); } nextAuth = { type, username, agentCtx: new AgentContext(agent) }; break; } case 'keyboard-interactive': { const { prompt } = nextAuth; if (typeof prompt !== 'function') { return skipAuth( 'Skipping invalid keyboard-interactive auth attempt' ); } nextAuth = { type, username, prompt }; break; } case 'none': nextAuth = { type, username }; break; default: return skipAuth( `Skipping unsupported authentication method: ${nextAuth}` ); } } curAuth = nextAuth; // Begin authentication method's process try { const username = curAuth.username; switch (curAuth.type) { case 'password': proto.authPassword(username, curAuth.password); break; case 'publickey': proto.authPK(username, curAuth.key); break; case 'hostbased': proto.authHostbased(username, curAuth.key, curAuth.localHostname, curAuth.localUsername, (buf, cb) => { const signature = curAuth.key.sign(buf); if (signature instanceof Error) { signature.message = `Error while signing with key: ${signature.message}`; signature.level = 'client-authentication'; this.emit('error', signature); return tryNextAuth(); } cb(signature); }); break; case 'agent': curAuth.agentCtx.init((err) => { if (err) { err.level = 'agent'; this.emit('error', err); return tryNextAuth(); } tryNextAgentKey(); }); break; case 'keyboard-interactive': proto.authKeyboard(username); break; case 'none': proto.authNone(username); break; } } finally { hasSentAuth = false; } }; function skipAuth(msg) { debug && debug(msg); process.nextTick(tryNextAuth); } function tryNextAuth() { hasSentAuth = false; const auth = authHandler(curAuthsLeft, curPartial, doNextAuth); if (hasSentAuth || auth === undefined) return; doNextAuth(auth); } const tryNextAgentKey = () => { if (curAuth.type === 'agent') { const key = curAuth.agentCtx.nextKey(); if (key === false) { debug && debug('Agent: No more keys left to try'); debug && debug('Client: agent auth failed'); tryNextAuth(); } else { const pos = curAuth.agentCtx.pos(); debug && debug(`Agent: Trying key #${pos + 1}`); proto.authPK(curAuth.username, key); } } }; const startTimeout = () => { if (this.config.readyTimeout > 0) { this._readyTimeout = setTimeout(() => { const err = new Error('Timed out while waiting for handshake'); err.level = 'client-timeout'; this.emit('error', err); sock.destroy(); }, this.config.readyTimeout); } }; if (!cfg.sock) { let host = this.config.host; const forceIPv4 = this.config.forceIPv4; const forceIPv6 = this.config.forceIPv6; debug && debug(`Client: Trying ${host} on port ${this.config.port} ...`); const doConnect = () => { startTimeout(); sock.connect({ host, port: this.config.port, localAddress: this.config.localAddress, localPort: this.config.localPort }); sock.setNoDelay(true); sock.setMaxListeners(0); sock.setTimeout(typeof cfg.timeout === 'number' ? cfg.timeout : 0); }; if ((!forceIPv4 && !forceIPv6) || (forceIPv4 && forceIPv6)) { doConnect(); } else { dnsLookup(host, (forceIPv4 ? 4 : 6), (err, address, family) => { if (err) { const type = (forceIPv4 ? 'IPv4' : 'IPv6'); const error = new Error( `Error while looking up ${type} address for '${host}': ${err}` ); clearTimeout(this._readyTimeout); error.level = 'client-dns'; this.emit('error', error); this.emit('close'); return; } host = address; doConnect(); }); } } else { // Custom socket passed in startTimeout(); if (typeof sock.connecting === 'boolean') { // net.Socket if (!sock.connecting) { // Already connected onConnect(); } } else { // Assume socket/stream is already "connected" onConnect(); } } return this; } end() { if (this._sock && isWritable(this._sock)) { this._protocol.disconnect(DISCONNECT_REASON.BY_APPLICATION); this._sock.end(); } return this; } destroy() { this._sock && isWritable(this._sock) && this._sock.destroy(); return this; } exec(cmd, opts, cb) { if (!this._sock || !isWritable(this._sock)) throw new Error('Not connected'); if (typeof opts === 'function') { cb = opts; opts = {}; } const extraOpts = { allowHalfOpen: (opts.allowHalfOpen !== false) }; openChannel(this, 'session', extraOpts, (err, chan) => { if (err) { cb(err); return; } const todo = []; function reqCb(err) { if (err) { chan.close(); cb(err); return; } if (todo.length) todo.shift()(); } if (this.config.allowAgentFwd === true || (opts && opts.agentForward === true && this._agent !== undefined)) { todo.push(() => reqAgentFwd(chan, reqCb)); } if (typeof opts === 'object' && opts !== null) { if (typeof opts.env === 'object' && opts.env !== null) reqEnv(chan, opts.env); if ((typeof opts.pty === 'object' && opts.pty !== null) || opts.pty === true) { todo.push(() => reqPty(chan, opts.pty, reqCb)); } if ((typeof opts.x11 === 'object' && opts.x11 !== null) || opts.x11 === 'number' || opts.x11 === true) { todo.push(() => reqX11(chan, opts.x11, reqCb)); } } todo.push(() => reqExec(chan, cmd, opts, cb)); todo.shift()(); }); return this; } shell(wndopts, opts, cb) { if (!this._sock || !isWritable(this._sock)) throw new Error('Not connected'); if (typeof wndopts === 'function') { cb = wndopts; wndopts = opts = undefined; } else if (typeof opts === 'function') { cb = opts; opts = undefined; } if (wndopts && (wndopts.x11 !== undefined || wndopts.env !== undefined)) { opts = wndopts; wndopts = undefined; } openChannel(this, 'session', (err, chan) => { if (err) { cb(err); return; } const todo = []; function reqCb(err) { if (err) { chan.close(); cb(err); return; } if (todo.length) todo.shift()(); } if (this.config.allowAgentFwd === true || (opts && opts.agentForward === true && this._agent !== undefined)) { todo.push(() => reqAgentFwd(chan, reqCb)); } if (wndopts !== false) todo.push(() => reqPty(chan, wndopts, reqCb)); if (typeof opts === 'object' && opts !== null) { if (typeof opts.env === 'object' && opts.env !== null) reqEnv(chan, opts.env); if ((typeof opts.x11 === 'object' && opts.x11 !== null) || opts.x11 === 'number' || opts.x11 === true) { todo.push(() => reqX11(chan, opts.x11, reqCb)); } } todo.push(() => reqShell(chan, cb)); todo.shift()(); }); return this; } subsys(name, cb) { if (!this._sock || !isWritable(this._sock)) throw new Error('Not connected'); openChannel(this, 'session', (err, chan) => { if (err) { cb(err); return; } reqSubsystem(chan, name, (err, stream) => { if (err) { cb(err); return; } cb(undefined, stream); }); }); return this; } forwardIn(bindAddr, bindPort, cb) { if (!this._sock || !isWritable(this._sock)) throw new Error('Not connected'); // Send a request for the server to start forwarding TCP connections to us // on a particular address and port const wantReply = (typeof cb === 'function'); if (wantReply) { this._callbacks.push((had_err, data) => { if (had_err) { cb(had_err !== true ? had_err : new Error(`Unable to bind to ${bindAddr}:${bindPort}`)); return; } let realPort = bindPort; if (bindPort === 0 && data && data.length >= 4) { realPort = readUInt32BE(data, 0); if (!(this._protocol._compatFlags & COMPAT.DYN_RPORT_BUG)) bindPort = realPort; } this._forwarding[`${bindAddr}:${bindPort}`] = realPort; cb(undefined, realPort); }); } this._protocol.tcpipForward(bindAddr, bindPort, wantReply); return this; } unforwardIn(bindAddr, bindPort, cb) { if (!this._sock || !isWritable(this._sock)) throw new Error('Not connected'); // Send a request to stop forwarding us new connections for a particular // address and port const wantReply = (typeof cb === 'function'); if (wantReply) { this._callbacks.push((had_err) => { if (had_err) { cb(had_err !== true ? had_err : new Error(`Unable to unbind from ${bindAddr}:${bindPort}`)); return; } delete this._forwarding[`${bindAddr}:${bindPort}`]; cb(); }); } this._protocol.cancelTcpipForward(bindAddr, bindPort, wantReply); return this; } forwardOut(srcIP, srcPort, dstIP, dstPort, cb) { if (!this._sock || !isWritable(this._sock)) throw new Error('Not connected'); // Send a request to forward a TCP connection to the server const cfg = { srcIP: srcIP, srcPort: srcPort, dstIP: dstIP, dstPort: dstPort }; if (typeof cb !== 'function') cb = noop; openChannel(this, 'direct-tcpip', cfg, cb); return this; } openssh_noMoreSessions(cb) { if (!this._sock || !isWritable(this._sock)) throw new Error('Not connected'); const wantReply = (typeof cb === 'function'); if (!this.config.strictVendor || (this.config.strictVendor && RE_OPENSSH.test(this._remoteVer))) { if (wantReply) { this._callbacks.push((had_err) => { if (had_err) { cb(had_err !== true ? had_err : new Error('Unable to disable future sessions')); return; } cb(); }); } this._protocol.openssh_noMoreSessions(wantReply); return this; } if (!wantReply) return this; process.nextTick( cb, new Error( 'strictVendor enabled and server is not OpenSSH or compatible version' ) ); return this; } openssh_forwardInStreamLocal(socketPath, cb) { if (!this._sock || !isWritable(this._sock)) throw new Error('Not connected'); const wantReply = (typeof cb === 'function'); if (!this.config.strictVendor || (this.config.strictVendor && RE_OPENSSH.test(this._remoteVer))) { if (wantReply) { this._callbacks.push((had_err) => { if (had_err) { cb(had_err !== true ? had_err : new Error(`Unable to bind to ${socketPath}`)); return; } this._forwardingUnix[socketPath] = true; cb(); }); } this._protocol.openssh_streamLocalForward(socketPath, wantReply); return this; } if (!wantReply) return this; process.nextTick( cb, new Error( 'strictVendor enabled and server is not OpenSSH or compatible version' ) ); return this; } openssh_unforwardInStreamLocal(socketPath, cb) { if (!this._sock || !isWritable(this._sock)) throw new Error('Not connected'); const wantReply = (typeof cb === 'function'); if (!this.config.strictVendor || (this.config.strictVendor && RE_OPENSSH.test(this._remoteVer))) { if (wantReply) { this._callbacks.push((had_err) => { if (had_err) { cb(had_err !== true ? had_err : new Error(`Unable to unbind from ${socketPath}`)); return; } delete this._forwardingUnix[socketPath]; cb(); }); } this._protocol.openssh_cancelStreamLocalForward(socketPath, wantReply); return this; } if (!wantReply) return this; process.nextTick( cb, new Error( 'strictVendor enabled and server is not OpenSSH or compatible version' ) ); return this; } openssh_forwardOutStreamLocal(socketPath, cb) { if (!this._sock || !isWritable(this._sock)) throw new Error('Not connected'); if (typeof cb !== 'function') cb = noop; if (!this.config.strictVendor || (this.config.strictVendor && RE_OPENSSH.test(this._remoteVer))) { openChannel(this, 'direct-streamlocal@openssh.com', { socketPath }, cb); return this; } process.nextTick( cb, new Error( 'strictVendor enabled and server is not OpenSSH or compatible version' ) ); return this; } sftp(cb) { if (!this._sock || !isWritable(this._sock)) throw new Error('Not connected'); openChannel(this, 'sftp', (err, sftp) => { if (err) { cb(err); return; } reqSubsystem(sftp, 'sftp', (err, sftp_) => { if (err) { cb(err); return; } function removeListeners() { sftp.removeListener('ready', onReady); sftp.removeListener('error', onError); sftp.removeListener('exit', onExit); sftp.removeListener('close', onExit); } function onReady() { // TODO: do not remove exit/close in case remote end closes the // channel abruptly and we need to notify outstanding callbacks removeListeners(); cb(undefined, sftp); } function onError(err) { removeListeners(); cb(err); } function onExit(code, signal) { removeListeners(); let msg; if (typeof code === 'number') msg = `Received exit code ${code} while establishing SFTP session`; else if (signal !== undefined) msg = `Received signal ${signal} while establishing SFTP session`; else msg = 'Received unexpected SFTP session termination'; const err = new Error(msg); err.code = code; err.signal = signal; cb(err); } sftp.on('ready', onReady) .on('error', onError) .on('exit', onExit) .on('close', onExit); sftp._init(); }); }); return this; } } function openChannel(self, type, opts, cb) { // Ask the server to open a channel for some purpose // (e.g. session (sftp, exec, shell), or forwarding a TCP connection const initWindow = MAX_WINDOW; const maxPacket = PACKET_SIZE; if (typeof opts === 'function') { cb = opts; opts = {}; } const wrapper = (err, stream) => { cb(err, stream); }; wrapper.type = type; const localChan = self._chanMgr.add(wrapper); if (localChan === -1) { cb(new Error('No free channels available')); return; } switch (type) { case 'session': case 'sftp': self._protocol.session(localChan, initWindow, maxPacket); break; case 'direct-tcpip': self._protocol.directTcpip(localChan, initWindow, maxPacket, opts); break; case 'direct-streamlocal@openssh.com': self._protocol.openssh_directStreamLocal( localChan, initWindow, maxPacket, opts ); break; default: throw new Error(`Unsupported channel type: ${type}`); } } function reqX11(chan, screen, cb) { // Asks server to start sending us X11 connections const cfg = { single: false, protocol: 'MIT-MAGIC-COOKIE-1', cookie: undefined, screen: 0 }; if (typeof screen === 'function') { cb = screen; } else if (typeof screen === 'object' && screen !== null) { if (typeof screen.single === 'boolean') cfg.single = screen.single; if (typeof screen.screen === 'number') cfg.screen = screen.screen; if (typeof screen.protocol === 'string') cfg.protocol = screen.protocol; if (typeof screen.cookie === 'string') cfg.cookie = screen.cookie; else if (Buffer.isBuffer(screen.cookie)) cfg.cookie = screen.cookie.hexSlice(0, screen.cookie.length); } if (cfg.cookie === undefined) cfg.cookie = randomCookie(); const wantReply = (typeof cb === 'function'); if (chan.outgoing.state !== 'open') { if (wantReply) cb(new Error('Channel is not open')); return; } if (wantReply) { chan._callbacks.push((had_err) => { if (had_err) { cb(had_err !== true ? had_err : new Error('Unable to request X11')); return; } chan._hasX11 = true; ++chan._client._acceptX11; chan.once('close', () => { if (chan._client._acceptX11) --chan._client._acceptX11; }); cb(); }); } chan._client._protocol.x11Forward(chan.outgoing.id, cfg, wantReply); } function reqPty(chan, opts, cb) { let rows = 24; let cols = 80; let width = 640; let height = 480; let term = 'vt100'; let modes = null; if (typeof opts === 'function') { cb = opts; } else if (typeof opts === 'object' && opts !== null) { if (typeof opts.rows === 'number') rows = opts.rows; if (typeof opts.cols === 'number') cols = opts.cols; if (typeof opts.width === 'number') width = opts.width; if (typeof opts.height === 'number') height = opts.height; if (typeof opts.term === 'string') term = opts.term; if (typeof opts.modes === 'object') modes = opts.modes; } const wantReply = (typeof cb === 'function'); if (chan.outgoing.state !== 'open') { if (wantReply) cb(new Error('Channel is not open')); return; } if (wantReply) { chan._callbacks.push((had_err) => { if (had_err) { cb(had_err !== true ? had_err : new Error('Unable to request a pseudo-terminal')); return; } cb(); }); } chan._client._protocol.pty(chan.outgoing.id, rows, cols, height, width, term, modes, wantReply); } function reqAgentFwd(chan, cb) { const wantReply = (typeof cb === 'function'); if (chan.outgoing.state !== 'open') { wantReply && cb(new Error('Channel is not open')); return; } if (chan._client._agentFwdEnabled) { wantReply && cb(false); return; } chan._client._agentFwdEnabled = true; chan._callbacks.push((had_err) => { if (had_err) { chan._client._agentFwdEnabled = false; if (wantReply) { cb(had_err !== true ? had_err : new Error('Unable to request agent forwarding')); } return; } if (wantReply) cb(); }); chan._client._protocol.openssh_agentForward(chan.outgoing.id, true); } function reqShell(chan, cb) { if (chan.outgoing.state !== 'open') { cb(new Error('Channel is not open')); return; } chan._callbacks.push((had_err) => { if (had_err) { cb(had_err !== true ? had_err : new Error('Unable to open shell')); return; } chan.subtype = 'shell'; cb(undefined, chan); }); chan._client._protocol.shell(chan.outgoing.id, true); } function reqExec(chan, cmd, opts, cb) { if (chan.outgoing.state !== 'open') { cb(new Error('Channel is not open')); return; } chan._callbacks.push((had_err) => { if (had_err) { cb(had_err !== true ? had_err : new Error('Unable to exec')); return; } chan.subtype = 'exec'; chan.allowHalfOpen = (opts.allowHalfOpen !== false); cb(undefined, chan); }); chan._client._protocol.exec(chan.outgoing.id, cmd, true); } function reqEnv(chan, env) { if (chan.outgoing.state !== 'open') return; const keys = Object.keys(env || {}); for (let i = 0; i < keys.length; ++i) { const key = keys[i]; const val = env[key]; chan._client._protocol.env(chan.outgoing.id, key, val, false); } } function reqSubsystem(chan, name, cb) { if (chan.outgoing.state !== 'open') { cb(new Error('Channel is not open')); return; } chan._callbacks.push((had_err) => { if (had_err) { cb(had_err !== true ? had_err : new Error(`Unable to start subsystem: ${name}`)); return; } chan.subtype = 'subsystem'; cb(undefined, chan); }); chan._client._protocol.subsystem(chan.outgoing.id, name, true); } // TODO: inline implementation into single call site function onCHANNEL_OPEN(self, info) { // The server is trying to open a channel with us, this is usually when // we asked the server to forward us connections on some port and now they // are asking us to accept/deny an incoming connection on their side let localChan = -1; let reason; const accept = () => { const chanInfo = { type: info.type, incoming: { id: localChan, window: MAX_WINDOW, packetSize: PACKET_SIZE, state: 'open' }, outgoing: { id: info.sender, window: info.window, packetSize: info.packetSize, state: 'open' } }; const stream = new Channel(self, chanInfo); self._chanMgr.update(localChan, stream); self._protocol.channelOpenConfirm(info.sender, localChan, MAX_WINDOW, PACKET_SIZE); return stream; }; const reject = () => { if (reason === undefined) { if (localChan === -1) reason = CHANNEL_OPEN_FAILURE.RESOURCE_SHORTAGE; else reason = CHANNEL_OPEN_FAILURE.CONNECT_FAILED; } if (localChan !== -1) self._chanMgr.remove(localChan); self._protocol.channelOpenFail(info.sender, reason, ''); }; const reserveChannel = () => { localChan = self._chanMgr.add(); if (localChan === -1) { reason = CHANNEL_OPEN_FAILURE.RESOURCE_SHORTAGE; if (self.config.debug) { self.config.debug( 'Client: Automatic rejection of incoming channel open: ' + 'no channels available' ); } } return (localChan !== -1); }; const data = info.data; switch (info.type) { case 'forwarded-tcpip': { const val = self._forwarding[`${data.destIP}:${data.destPort}`]; if (val !== undefined && reserveChannel()) { if (data.destPort === 0) data.destPort = val; self.emit('tcp connection', data, accept, reject); return; } break; } case 'forwarded-streamlocal@openssh.com': if (self._forwardingUnix[data.socketPath] !== undefined && reserveChannel()) { self.emit('unix connection', data, accept, reject); return; } break; case 'auth-agent@openssh.com': if (self._agentFwdEnabled && typeof self._agent.getStream === 'function' && reserveChannel()) { self._agent.getStream((err, stream) => { if (err) return reject(); const upstream = accept(); upstream.pipe(stream).pipe(upstream); }); return; } break; case 'x11': if (self._acceptX11 !== 0 && reserveChannel()) { self.emit('x11', data, accept, reject); return; } break; default: // Automatically reject any unsupported channel open requests reason = CHANNEL_OPEN_FAILURE.UNKNOWN_CHANNEL_TYPE; if (self.config.debug) { self.config.debug( 'Client: Automatic rejection of unsupported incoming channel open ' + `type: ${info.type}` ); } } if (reason === undefined) { reason = CHANNEL_OPEN_FAILURE.ADMINISTRATIVELY_PROHIBITED; if (self.config.debug) { self.config.debug( 'Client: Automatic rejection of unexpected incoming channel open for: ' + info.type ); } } reject(); } const randomCookie = (() => { const buffer = Buffer.allocUnsafe(16); return () => { randomFillSync(buffer, 0, 16); return buffer.hexSlice(0, 16); }; })(); function makeSimpleAuthHandler(authList) { if (!Array.isArray(authList)) throw new Error('authList must be an array'); let a = 0; return (authsLeft, partialSuccess, cb) => { if (a === authList.length) return false; return authList[a++]; }; } function hostKeysProve(client, keys_, cb) { if (!client._sock || !isWritable(client._sock)) return; if (typeof cb !== 'function') cb = noop; if (!Array.isArray(keys_)) throw new TypeError('Invalid keys argument type'); const keys = []; for (const key of keys_) { const parsed = parseKey(key); if (parsed instanceof Error) throw parsed; keys.push(parsed); } if (!client.config.strictVendor || (client.config.strictVendor && RE_OPENSSH.test(client._remoteVer))) { client._callbacks.push((had_err, data) => { if (had_err) { cb(had_err !== true ? had_err : new Error('Server failed to prove supplied keys')); return; } // TODO: move all of this parsing/verifying logic out of the client? const ret = []; let keyIdx = 0; bufferParser.init(data, 0); while (bufferParser.avail()) { if (keyIdx === keys.length) break; const key = keys[keyIdx++]; const keyPublic = key.getPublicSSH(); const sigEntry = bufferParser.readString(); sigParser.init(sigEntry, 0); const type = sigParser.readString(true); let value = sigParser.readString(); let algo; if (type !== key.type) { if (key.type === 'ssh-rsa') { switch (type) { case 'rsa-sha2-256': algo = 'sha256'; break; case 'rsa-sha2-512': algo = 'sha512'; break; default: continue; } } else { continue; } } const sessionID = client._protocol._kex.sessionID; const verifyData = Buffer.allocUnsafe( 4 + 29 + 4 + sessionID.length + 4 + keyPublic.length ); let p = 0; writeUInt32BE(verifyData, 29, p); verifyData.utf8Write('hostkeys-prove-00@openssh.com', p += 4, 29); writeUInt32BE(verifyData, sessionID.length, p += 29); bufferCopy(sessionID, verifyData, 0, sessionID.length, p += 4); writeUInt32BE(verifyData, keyPublic.length, p += sessionID.length); bufferCopy(keyPublic, verifyData, 0, keyPublic.length, p += 4); if (!(value = sigSSHToASN1(value, type))) continue; if (key.verify(verifyData, value, algo) === true) ret.push(key); } sigParser.clear(); bufferParser.clear(); cb(null, ret); }); client._protocol.openssh_hostKeysProve(keys); return; } process.nextTick( cb, new Error( 'strictVendor enabled and server is not OpenSSH or compatible version' ) ); } module.exports = Client; /***/ }), /***/ 2994: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; const { Agent: HttpAgent } = __nccwpck_require__(8605); const { Agent: HttpsAgent } = __nccwpck_require__(7211); const { connect: tlsConnect } = __nccwpck_require__(4016); let Client; for (const ctor of [HttpAgent, HttpsAgent]) { class SSHAgent extends ctor { constructor(connectCfg, agentOptions) { super(agentOptions); this._connectCfg = connectCfg; this._defaultSrcIP = (agentOptions && agentOptions.srcIP) || 'localhost'; } createConnection(options, cb) { const srcIP = (options && options.localAddress) || this._defaultSrcIP; const srcPort = (options && options.localPort) || 0; const dstIP = options.host; const dstPort = options.port; if (Client === undefined) Client = __nccwpck_require__(6063); const client = new Client(); let triedForward = false; client.on('ready', () => { client.forwardOut(srcIP, srcPort, dstIP, dstPort, (err, stream) => { triedForward = true; if (err) { client.end(); return cb(err); } stream.once('close', () => client.end()); cb(null, decorateStream(stream, ctor, options)); }); }).on('error', cb).on('close', () => { if (!triedForward) cb(new Error('Unexpected connection close')); }).connect(this._connectCfg); } } exports[ctor === HttpAgent ? 'SSHTTPAgent' : 'SSHTTPSAgent'] = SSHAgent; } function noop() {} function decorateStream(stream, ctor, options) { if (ctor === HttpAgent) { // HTTP stream.setKeepAlive = noop; stream.setNoDelay = noop; stream.setTimeout = noop; stream.ref = noop; stream.unref = noop; stream.destroySoon = stream.destroy; return stream; } // HTTPS options.socket = stream; const wrapped = tlsConnect(options); // This is a workaround for a regression in node v12.16.3+ // https://github.com/nodejs/node/issues/35904 const onClose = (() => { let called = false; return () => { if (called) return; called = true; if (stream.isPaused()) stream.resume(); }; })(); // 'end' listener is needed because 'close' is not emitted in some scenarios // in node v12.x for some unknown reason wrapped.on('end', onClose).on('close', onClose); return wrapped; } /***/ }), /***/ 5869: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const { AgentProtocol, BaseAgent, createAgent, CygwinAgent, OpenSSHAgent, PageantAgent, } = __nccwpck_require__(9054); const { SSHTTPAgent: HTTPAgent, SSHTTPSAgent: HTTPSAgent, } = __nccwpck_require__(2994); const { parseKey } = __nccwpck_require__(2218); const { flagsToString, OPEN_MODE, STATUS_CODE, stringToFlags, } = __nccwpck_require__(2026); module.exports = { AgentProtocol, BaseAgent, createAgent, Client: __nccwpck_require__(6063), CygwinAgent, HTTPAgent, HTTPSAgent, OpenSSHAgent, PageantAgent, Server: __nccwpck_require__(2986), utils: { parseKey, sftp: { flagsToString, OPEN_MODE, STATUS_CODE, stringToFlags, }, }, }; /***/ }), /***/ 9031: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; /* TODO: * Replace `buffer._pos` usage in keyParser.js and elsewhere * Utilize optional "writev" support when writing packets from cipher.encrypt() * Built-in support for automatic re-keying, on by default * Revisit receiving unexpected/unknown packets * Error (fatal or otherwise) or ignore or pass on to user (in some or all cases)? * Including server/client check for single directional packet types? * Check packets for validity or bail as early as possible? * Automatic re-key every 2**31 packets after the last key exchange (sent or received), as suggested by RFC4344. OpenSSH currently does this. * Automatic re-key every so many blocks depending on cipher. RFC4344: Because of a birthday property of block ciphers and some modes of operation, implementations must be careful not to encrypt too many blocks with the same encryption key. Let L be the block length (in bits) of an SSH encryption method's block cipher (e.g., 128 for AES). If L is at least 128, then, after rekeying, an SSH implementation SHOULD NOT encrypt more than 2**(L/4) blocks before rekeying again. If L is at least 128, then SSH implementations should also attempt to force a rekey before receiving more than 2**(L/4) blocks. If L is less than 128 (which is the case for older ciphers such as 3DES, Blowfish, CAST-128, and IDEA), then, although it may be too expensive to rekey every 2**(L/4) blocks, it is still advisable for SSH implementations to follow the original recommendation in [RFC4253]: rekey at least once for every gigabyte of transmitted data. Note that if L is less than or equal to 128, then the recommendation in this subsection supersedes the recommendation in Section 3.1. If an SSH implementation uses a block cipher with a larger block size (e.g., Rijndael with 256-bit blocks), then the recommendations in Section 3.1 may supersede the recommendations in this subsection (depending on the lengths of the packets). */ const { inspect } = __nccwpck_require__(1669); const { bindingAvailable, NullCipher, NullDecipher } = __nccwpck_require__(5708); const { COMPAT_CHECKS, DISCONNECT_REASON, MESSAGE, SIGNALS, TERMINAL_MODE, } = __nccwpck_require__(6832); const { DEFAULT_KEXINIT, KexInit, kexinit, onKEXPayload, } = __nccwpck_require__(4126); const { parseKey, } = __nccwpck_require__(2218); const MESSAGE_HANDLERS = __nccwpck_require__(172); const { bufferCopy, bufferFill, bufferSlice, convertSignature, sendPacket, writeUInt32BE, } = __nccwpck_require__(9475); const { PacketReader, PacketWriter, ZlibPacketReader, ZlibPacketWriter, } = __nccwpck_require__(6715); const MODULE_VER = __nccwpck_require__(6447)/* .version */ .i8; const VALID_DISCONNECT_REASONS = new Map( Object.values(DISCONNECT_REASON).map((n) => [n, 1]) ); const IDENT_RAW = Buffer.from(`SSH-2.0-ssh2js${MODULE_VER}`); const IDENT = Buffer.from(`${IDENT_RAW}\r\n`); const MAX_LINE_LEN = 8192; const MAX_LINES = 1024; const PING_PAYLOAD = Buffer.from([ MESSAGE.GLOBAL_REQUEST, // "keepalive@openssh.com" 0, 0, 0, 21, 107, 101, 101, 112, 97, 108, 105, 118, 101, 64, 111, 112, 101, 110, 115, 115, 104, 46, 99, 111, 109, // Request a reply 1, ]); const NO_TERMINAL_MODES_BUFFER = Buffer.from([ TERMINAL_MODE.TTY_OP_END ]); function noop() {} /* Inbound: * kexinit payload (needed only until exchange hash is generated) * raw ident * rekey packet queue * expected packet (implemented as separate _parse() function?) Outbound: * kexinit payload (needed only until exchange hash is generated) * rekey packet queue * kex secret (needed only until NEWKEYS) * exchange hash (needed only until NEWKEYS) * session ID (set to exchange hash from initial handshake) */ class Protocol { constructor(config) { const onWrite = config.onWrite; if (typeof onWrite !== 'function') throw new Error('Missing onWrite function'); this._onWrite = (data) => { onWrite(data); }; const onError = config.onError; if (typeof onError !== 'function') throw new Error('Missing onError function'); this._onError = (err) => { onError(err); }; const debug = config.debug; this._debug = (typeof debug === 'function' ? (msg) => { debug(msg); } : undefined); const onHeader = config.onHeader; this._onHeader = (typeof onHeader === 'function' ? (...args) => { onHeader(...args); } : noop); const onPacket = config.onPacket; this._onPacket = (typeof onPacket === 'function' ? () => { onPacket(); } : noop); let onHandshakeComplete = config.onHandshakeComplete; if (typeof onHandshakeComplete !== 'function') onHandshakeComplete = noop; this._onHandshakeComplete = (...args) => { this._debug && this._debug('Handshake completed'); // Process packets queued during a rekey where necessary const oldQueue = this._queue; if (oldQueue) { this._queue = undefined; this._debug && this._debug( `Draining outbound queue (${oldQueue.length}) ...` ); for (let i = 0; i < oldQueue.length; ++i) { const data = oldQueue[i]; // data === payload only // XXX: hacky let finalized = this._packetRW.write.finalize(data); if (finalized === data) { const packet = this._cipher.allocPacket(data.length); packet.set(data, 5); finalized = packet; } sendPacket(this, finalized); } this._debug && this._debug('... finished draining outbound queue'); } onHandshakeComplete(...args); }; this._queue = undefined; const messageHandlers = config.messageHandlers; if (typeof messageHandlers === 'object' && messageHandlers !== null) this._handlers = messageHandlers; else this._handlers = {}; this._onPayload = onPayload.bind(this); this._server = !!config.server; this._banner = undefined; let greeting; if (this._server) { if (typeof config.hostKeys !== 'object' || config.hostKeys === null) throw new Error('Missing server host key(s)'); this._hostKeys = config.hostKeys; // Greeting displayed before the ssh identification string is sent, this // is usually ignored by most clients if (typeof config.greeting === 'string' && config.greeting.length) { greeting = (config.greeting.slice(-2) === '\r\n' ? config.greeting : `${config.greeting}\r\n`); } // Banner shown after the handshake completes, but before user // authentication begins if (typeof config.banner === 'string' && config.banner.length) { this._banner = (config.banner.slice(-2) === '\r\n' ? config.banner : `${config.banner}\r\n`); } } else { this._hostKeys = undefined; } let offer = config.offer; if (typeof offer !== 'object' || offer === null) offer = DEFAULT_KEXINIT; else if (offer.constructor !== KexInit) offer = new KexInit(offer); this._kex = undefined; this._kexinit = undefined; this._offer = offer; this._cipher = new NullCipher(0, this._onWrite); this._decipher = undefined; this._skipNextInboundPacket = false; this._packetRW = { read: new PacketReader(), write: new PacketWriter(this), }; this._hostVerifier = (!this._server && typeof config.hostVerifier === 'function' ? config.hostVerifier : undefined); this._parse = parseHeader; this._buffer = undefined; this._authsQueue = []; this._authenticated = false; this._remoteIdentRaw = undefined; let sentIdent; if (typeof config.ident === 'string') { this._identRaw = Buffer.from(`SSH-2.0-${config.ident}`); sentIdent = Buffer.allocUnsafe(this._identRaw.length + 2); sentIdent.set(this._identRaw, 0); sentIdent[sentIdent.length - 2] = 13; // '\r' sentIdent[sentIdent.length - 1] = 10; // '\n' } else if (Buffer.isBuffer(config.ident)) { const fullIdent = Buffer.allocUnsafe(8 + config.ident.length); fullIdent.latin1Write('SSH-2.0-', 0, 8); fullIdent.set(config.ident, 8); this._identRaw = fullIdent; sentIdent = Buffer.allocUnsafe(fullIdent.length + 2); sentIdent.set(fullIdent, 0); sentIdent[sentIdent.length - 2] = 13; // '\r' sentIdent[sentIdent.length - 1] = 10; // '\n' } else { this._identRaw = IDENT_RAW; sentIdent = IDENT; } this._compatFlags = 0; if (this._debug) { if (bindingAvailable) this._debug('Custom crypto binding available'); else this._debug('Custom crypto binding not available'); } this._debug && this._debug( `Local ident: ${inspect(this._identRaw.toString())}` ); this.start = () => { this.start = undefined; if (greeting) this._onWrite(greeting); this._onWrite(sentIdent); }; } _destruct(reason) { this._packetRW.read.cleanup(); this._packetRW.write.cleanup(); this._cipher && this._cipher.free(); this._decipher && this._decipher.free(); if (typeof reason !== 'string' || reason.length === 0) reason = 'fatal error'; this.parse = () => { throw new Error(`Instance unusable after ${reason}`); }; this._onWrite = () => { throw new Error(`Instance unusable after ${reason}`); }; this._destruct = undefined; } cleanup() { this._destruct && this._destruct(); } parse(chunk, i, len) { while (i < len) i = this._parse(chunk, i, len); } // Protocol message API // =========================================================================== // Common/Shared ============================================================= // =========================================================================== // Global // ------ disconnect(reason) { const pktLen = 1 + 4 + 4 + 4; // We don't use _packetRW.write.* here because we need to make sure that // we always get a full packet allocated because this message can be sent // at any time -- even during a key exchange let p = this._packetRW.write.allocStartKEX; const packet = this._packetRW.write.alloc(pktLen, true); const end = p + pktLen; if (!VALID_DISCONNECT_REASONS.has(reason)) reason = DISCONNECT_REASON.PROTOCOL_ERROR; packet[p] = MESSAGE.DISCONNECT; writeUInt32BE(packet, reason, ++p); packet.fill(0, p += 4, end); this._debug && this._debug(`Outbound: Sending DISCONNECT (${reason})`); sendPacket(this, this._packetRW.write.finalize(packet, true), true); } ping() { const p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(PING_PAYLOAD.length); packet.set(PING_PAYLOAD, p); this._debug && this._debug( 'Outbound: Sending ping (GLOBAL_REQUEST: keepalive@openssh.com)' ); sendPacket(this, this._packetRW.write.finalize(packet)); } rekey() { if (this._kexinit === undefined) { this._debug && this._debug('Outbound: Initiated explicit rekey'); this._queue = []; kexinit(this); } else { this._debug && this._debug('Outbound: Ignoring rekey during handshake'); } } // 'ssh-connection' service-specific // --------------------------------- requestSuccess(data) { let p = this._packetRW.write.allocStart; let packet; if (Buffer.isBuffer(data)) { packet = this._packetRW.write.alloc(1 + data.length); packet[p] = MESSAGE.REQUEST_SUCCESS; packet.set(data, ++p); } else { packet = this._packetRW.write.alloc(1); packet[p] = MESSAGE.REQUEST_SUCCESS; } this._debug && this._debug('Outbound: Sending REQUEST_SUCCESS'); sendPacket(this, this._packetRW.write.finalize(packet)); } requestFailure() { const p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1); packet[p] = MESSAGE.REQUEST_FAILURE; this._debug && this._debug('Outbound: Sending REQUEST_FAILURE'); sendPacket(this, this._packetRW.write.finalize(packet)); } channelSuccess(chan) { // Does not consume window space let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4); packet[p] = MESSAGE.CHANNEL_SUCCESS; writeUInt32BE(packet, chan, ++p); this._debug && this._debug(`Outbound: Sending CHANNEL_SUCCESS (r:${chan})`); sendPacket(this, this._packetRW.write.finalize(packet)); } channelFailure(chan) { // Does not consume window space let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4); packet[p] = MESSAGE.CHANNEL_FAILURE; writeUInt32BE(packet, chan, ++p); this._debug && this._debug(`Outbound: Sending CHANNEL_FAILURE (r:${chan})`); sendPacket(this, this._packetRW.write.finalize(packet)); } channelEOF(chan) { // Does not consume window space let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4); packet[p] = MESSAGE.CHANNEL_EOF; writeUInt32BE(packet, chan, ++p); this._debug && this._debug(`Outbound: Sending CHANNEL_EOF (r:${chan})`); sendPacket(this, this._packetRW.write.finalize(packet)); } channelClose(chan) { // Does not consume window space let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4); packet[p] = MESSAGE.CHANNEL_CLOSE; writeUInt32BE(packet, chan, ++p); this._debug && this._debug(`Outbound: Sending CHANNEL_CLOSE (r:${chan})`); sendPacket(this, this._packetRW.write.finalize(packet)); } channelWindowAdjust(chan, amount) { // Does not consume window space let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 4); packet[p] = MESSAGE.CHANNEL_WINDOW_ADJUST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, amount, p += 4); this._debug && this._debug( `Outbound: Sending CHANNEL_WINDOW_ADJUST (r:${chan}, ${amount})` ); sendPacket(this, this._packetRW.write.finalize(packet)); } channelData(chan, data) { const isBuffer = Buffer.isBuffer(data); const dataLen = (isBuffer ? data.length : Buffer.byteLength(data)); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 4 + dataLen); packet[p] = MESSAGE.CHANNEL_DATA; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, dataLen, p += 4); if (isBuffer) packet.set(data, p += 4); else packet.utf8Write(data, p += 4, dataLen); this._debug && this._debug( `Outbound: Sending CHANNEL_DATA (r:${chan}, ${dataLen})` ); sendPacket(this, this._packetRW.write.finalize(packet)); } channelExtData(chan, data, type) { const isBuffer = Buffer.isBuffer(data); const dataLen = (isBuffer ? data.length : Buffer.byteLength(data)); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 4 + 4 + dataLen); packet[p] = MESSAGE.CHANNEL_EXTENDED_DATA; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, type, p += 4); writeUInt32BE(packet, dataLen, p += 4); if (isBuffer) packet.set(data, p += 4); else packet.utf8Write(data, p += 4, dataLen); this._debug && this._debug(`Outbound: Sending CHANNEL_EXTENDED_DATA (r:${chan})`); sendPacket(this, this._packetRW.write.finalize(packet)); } channelOpenConfirm(remote, local, initWindow, maxPacket) { let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 4 + 4 + 4); packet[p] = MESSAGE.CHANNEL_OPEN_CONFIRMATION; writeUInt32BE(packet, remote, ++p); writeUInt32BE(packet, local, p += 4); writeUInt32BE(packet, initWindow, p += 4); writeUInt32BE(packet, maxPacket, p += 4); this._debug && this._debug( `Outbound: Sending CHANNEL_OPEN_CONFIRMATION (r:${remote}, l:${local})` ); sendPacket(this, this._packetRW.write.finalize(packet)); } channelOpenFail(remote, reason, desc) { if (typeof desc !== 'string') desc = ''; const descLen = Buffer.byteLength(desc); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 4 + 4 + descLen + 4); packet[p] = MESSAGE.CHANNEL_OPEN_FAILURE; writeUInt32BE(packet, remote, ++p); writeUInt32BE(packet, reason, p += 4); writeUInt32BE(packet, descLen, p += 4); p += 4; if (descLen) { packet.utf8Write(desc, p, descLen); p += descLen; } writeUInt32BE(packet, 0, p); // Empty language tag this._debug && this._debug(`Outbound: Sending CHANNEL_OPEN_FAILURE (r:${remote})`); sendPacket(this, this._packetRW.write.finalize(packet)); } // =========================================================================== // Client-specific =========================================================== // =========================================================================== // Global // ------ service(name) { if (this._server) throw new Error('Client-only method called in server mode'); const nameLen = Buffer.byteLength(name); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + nameLen); packet[p] = MESSAGE.SERVICE_REQUEST; writeUInt32BE(packet, nameLen, ++p); packet.utf8Write(name, p += 4, nameLen); this._debug && this._debug(`Outbound: Sending SERVICE_REQUEST (${name})`); sendPacket(this, this._packetRW.write.finalize(packet)); } // 'ssh-userauth' service-specific // ------------------------------- authPassword(username, password, newPassword) { if (this._server) throw new Error('Client-only method called in server mode'); const userLen = Buffer.byteLength(username); const passLen = Buffer.byteLength(password); const newPassLen = (newPassword ? Buffer.byteLength(newPassword) : 0); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + userLen + 4 + 14 + 4 + 8 + 1 + 4 + passLen + (newPassword ? 4 + newPassLen : 0) ); packet[p] = MESSAGE.USERAUTH_REQUEST; writeUInt32BE(packet, userLen, ++p); packet.utf8Write(username, p += 4, userLen); writeUInt32BE(packet, 14, p += userLen); packet.utf8Write('ssh-connection', p += 4, 14); writeUInt32BE(packet, 8, p += 14); packet.utf8Write('password', p += 4, 8); packet[p += 8] = (newPassword ? 1 : 0); writeUInt32BE(packet, passLen, ++p); if (Buffer.isBuffer(password)) bufferCopy(password, packet, 0, passLen, p += 4); else packet.utf8Write(password, p += 4, passLen); if (newPassword) { writeUInt32BE(packet, newPassLen, p += passLen); if (Buffer.isBuffer(newPassword)) bufferCopy(newPassword, packet, 0, newPassLen, p += 4); else packet.utf8Write(newPassword, p += 4, newPassLen); this._debug && this._debug( 'Outbound: Sending USERAUTH_REQUEST (changed password)' ); } else { this._debug && this._debug( 'Outbound: Sending USERAUTH_REQUEST (password)' ); } this._authsQueue.push('password'); sendPacket(this, this._packetRW.write.finalize(packet)); } authPK(username, pubKey, cbSign) { if (this._server) throw new Error('Client-only method called in server mode'); pubKey = parseKey(pubKey); if (pubKey instanceof Error) throw new Error('Invalid key'); const keyType = pubKey.type; pubKey = pubKey.getPublicSSH(); const userLen = Buffer.byteLength(username); const algoLen = Buffer.byteLength(keyType); const pubKeyLen = pubKey.length; const sessionID = this._kex.sessionID; const sesLen = sessionID.length; const payloadLen = (cbSign ? 4 + sesLen : 0) + 1 + 4 + userLen + 4 + 14 + 4 + 9 + 1 + 4 + algoLen + 4 + pubKeyLen; let packet; let p; if (cbSign) { packet = Buffer.allocUnsafe(payloadLen); p = 0; writeUInt32BE(packet, sesLen, p); packet.set(sessionID, p += 4); p += sesLen; } else { packet = this._packetRW.write.alloc(payloadLen); p = this._packetRW.write.allocStart; } packet[p] = MESSAGE.USERAUTH_REQUEST; writeUInt32BE(packet, userLen, ++p); packet.utf8Write(username, p += 4, userLen); writeUInt32BE(packet, 14, p += userLen); packet.utf8Write('ssh-connection', p += 4, 14); writeUInt32BE(packet, 9, p += 14); packet.utf8Write('publickey', p += 4, 9); packet[p += 9] = (cbSign ? 1 : 0); writeUInt32BE(packet, algoLen, ++p); packet.utf8Write(keyType, p += 4, algoLen); writeUInt32BE(packet, pubKeyLen, p += algoLen); packet.set(pubKey, p += 4); if (!cbSign) { this._authsQueue.push('publickey'); this._debug && this._debug( 'Outbound: Sending USERAUTH_REQUEST (publickey -- check)' ); sendPacket(this, this._packetRW.write.finalize(packet)); return; } cbSign(packet, (signature) => { signature = convertSignature(signature, keyType); if (signature === false) throw new Error('Error while converting handshake signature'); const sigLen = signature.length; p = this._packetRW.write.allocStart; packet = this._packetRW.write.alloc( 1 + 4 + userLen + 4 + 14 + 4 + 9 + 1 + 4 + algoLen + 4 + pubKeyLen + 4 + 4 + algoLen + 4 + sigLen ); // TODO: simply copy from original "packet" to new `packet` to avoid // having to write each individual field a second time? packet[p] = MESSAGE.USERAUTH_REQUEST; writeUInt32BE(packet, userLen, ++p); packet.utf8Write(username, p += 4, userLen); writeUInt32BE(packet, 14, p += userLen); packet.utf8Write('ssh-connection', p += 4, 14); writeUInt32BE(packet, 9, p += 14); packet.utf8Write('publickey', p += 4, 9); packet[p += 9] = 1; writeUInt32BE(packet, algoLen, ++p); packet.utf8Write(keyType, p += 4, algoLen); writeUInt32BE(packet, pubKeyLen, p += algoLen); packet.set(pubKey, p += 4); writeUInt32BE(packet, 4 + algoLen + 4 + sigLen, p += pubKeyLen); writeUInt32BE(packet, algoLen, p += 4); packet.utf8Write(keyType, p += 4, algoLen); writeUInt32BE(packet, sigLen, p += algoLen); packet.set(signature, p += 4); // Servers shouldn't send packet type 60 in response to signed publickey // attempts, but if they do, interpret as type 60. this._authsQueue.push('publickey'); this._debug && this._debug( 'Outbound: Sending USERAUTH_REQUEST (publickey)' ); sendPacket(this, this._packetRW.write.finalize(packet)); }); } authHostbased(username, pubKey, hostname, userlocal, cbSign) { // TODO: Make DRY by sharing similar code with authPK() if (this._server) throw new Error('Client-only method called in server mode'); pubKey = parseKey(pubKey); if (pubKey instanceof Error) throw new Error('Invalid key'); const keyType = pubKey.type; pubKey = pubKey.getPublicSSH(); const userLen = Buffer.byteLength(username); const algoLen = Buffer.byteLength(keyType); const pubKeyLen = pubKey.length; const sessionID = this._kex.sessionID; const sesLen = sessionID.length; const hostnameLen = Buffer.byteLength(hostname); const userlocalLen = Buffer.byteLength(userlocal); const data = Buffer.allocUnsafe( 4 + sesLen + 1 + 4 + userLen + 4 + 14 + 4 + 9 + 4 + algoLen + 4 + pubKeyLen + 4 + hostnameLen + 4 + userlocalLen ); let p = 0; writeUInt32BE(data, sesLen, p); data.set(sessionID, p += 4); data[p += sesLen] = MESSAGE.USERAUTH_REQUEST; writeUInt32BE(data, userLen, ++p); data.utf8Write(username, p += 4, userLen); writeUInt32BE(data, 14, p += userLen); data.utf8Write('ssh-connection', p += 4, 14); writeUInt32BE(data, 9, p += 14); data.utf8Write('hostbased', p += 4, 9); writeUInt32BE(data, algoLen, p += 9); data.utf8Write(keyType, p += 4, algoLen); writeUInt32BE(data, pubKeyLen, p += algoLen); data.set(pubKey, p += 4); writeUInt32BE(data, hostnameLen, p += pubKeyLen); data.utf8Write(hostname, p += 4, hostnameLen); writeUInt32BE(data, userlocalLen, p += hostnameLen); data.utf8Write(userlocal, p += 4, userlocalLen); cbSign(data, (signature) => { signature = convertSignature(signature, keyType); if (!signature) throw new Error('Error while converting handshake signature'); const sigLen = signature.length; const reqDataLen = (data.length - sesLen - 4); p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( reqDataLen + 4 + 4 + algoLen + 4 + sigLen ); bufferCopy(data, packet, 4 + sesLen, data.length, p); writeUInt32BE(packet, 4 + algoLen + 4 + sigLen, p += reqDataLen); writeUInt32BE(packet, algoLen, p += 4); packet.utf8Write(keyType, p += 4, algoLen); writeUInt32BE(packet, sigLen, p += algoLen); packet.set(signature, p += 4); this._authsQueue.push('hostbased'); this._debug && this._debug( 'Outbound: Sending USERAUTH_REQUEST (hostbased)' ); sendPacket(this, this._packetRW.write.finalize(packet)); }); } authKeyboard(username) { if (this._server) throw new Error('Client-only method called in server mode'); const userLen = Buffer.byteLength(username); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + userLen + 4 + 14 + 4 + 20 + 4 + 4 ); packet[p] = MESSAGE.USERAUTH_REQUEST; writeUInt32BE(packet, userLen, ++p); packet.utf8Write(username, p += 4, userLen); writeUInt32BE(packet, 14, p += userLen); packet.utf8Write('ssh-connection', p += 4, 14); writeUInt32BE(packet, 20, p += 14); packet.utf8Write('keyboard-interactive', p += 4, 20); writeUInt32BE(packet, 0, p += 20); writeUInt32BE(packet, 0, p += 4); this._authsQueue.push('keyboard-interactive'); this._debug && this._debug( 'Outbound: Sending USERAUTH_REQUEST (keyboard-interactive)' ); sendPacket(this, this._packetRW.write.finalize(packet)); } authNone(username) { if (this._server) throw new Error('Client-only method called in server mode'); const userLen = Buffer.byteLength(username); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + userLen + 4 + 14 + 4 + 4); packet[p] = MESSAGE.USERAUTH_REQUEST; writeUInt32BE(packet, userLen, ++p); packet.utf8Write(username, p += 4, userLen); writeUInt32BE(packet, 14, p += userLen); packet.utf8Write('ssh-connection', p += 4, 14); writeUInt32BE(packet, 4, p += 14); packet.utf8Write('none', p += 4, 4); this._authsQueue.push('none'); this._debug && this._debug('Outbound: Sending USERAUTH_REQUEST (none)'); sendPacket(this, this._packetRW.write.finalize(packet)); } authInfoRes(responses) { if (this._server) throw new Error('Client-only method called in server mode'); let responsesTotalLen = 0; let responseLens; if (responses) { responseLens = new Array(responses.length); for (let i = 0; i < responses.length; ++i) { const len = Buffer.byteLength(responses[i]); responseLens[i] = len; responsesTotalLen += 4 + len; } } let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + responsesTotalLen); packet[p] = MESSAGE.USERAUTH_INFO_RESPONSE; if (responses) { writeUInt32BE(packet, responses.length, ++p); p += 4; for (let i = 0; i < responses.length; ++i) { const len = responseLens[i]; writeUInt32BE(packet, len, p); p += 4; if (len) { packet.utf8Write(responses[i], p, len); p += len; } } } else { writeUInt32BE(packet, 0, ++p); } this._debug && this._debug('Outbound: Sending USERAUTH_INFO_RESPONSE'); sendPacket(this, this._packetRW.write.finalize(packet)); } // 'ssh-connection' service-specific // --------------------------------- tcpipForward(bindAddr, bindPort, wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); const addrLen = Buffer.byteLength(bindAddr); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 13 + 1 + 4 + addrLen + 4); packet[p] = MESSAGE.GLOBAL_REQUEST; writeUInt32BE(packet, 13, ++p); packet.utf8Write('tcpip-forward', p += 4, 13); packet[p += 13] = (wantReply === undefined || wantReply === true ? 1 : 0); writeUInt32BE(packet, addrLen, ++p); packet.utf8Write(bindAddr, p += 4, addrLen); writeUInt32BE(packet, bindPort, p += addrLen); this._debug && this._debug('Outbound: Sending GLOBAL_REQUEST (tcpip-forward)'); sendPacket(this, this._packetRW.write.finalize(packet)); } cancelTcpipForward(bindAddr, bindPort, wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); const addrLen = Buffer.byteLength(bindAddr); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 20 + 1 + 4 + addrLen + 4); packet[p] = MESSAGE.GLOBAL_REQUEST; writeUInt32BE(packet, 20, ++p); packet.utf8Write('cancel-tcpip-forward', p += 4, 20); packet[p += 20] = (wantReply === undefined || wantReply === true ? 1 : 0); writeUInt32BE(packet, addrLen, ++p); packet.utf8Write(bindAddr, p += 4, addrLen); writeUInt32BE(packet, bindPort, p += addrLen); this._debug && this._debug('Outbound: Sending GLOBAL_REQUEST (cancel-tcpip-forward)'); sendPacket(this, this._packetRW.write.finalize(packet)); } openssh_streamLocalForward(socketPath, wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); const socketPathLen = Buffer.byteLength(socketPath); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 31 + 1 + 4 + socketPathLen ); packet[p] = MESSAGE.GLOBAL_REQUEST; writeUInt32BE(packet, 31, ++p); packet.utf8Write('streamlocal-forward@openssh.com', p += 4, 31); packet[p += 31] = (wantReply === undefined || wantReply === true ? 1 : 0); writeUInt32BE(packet, socketPathLen, ++p); packet.utf8Write(socketPath, p += 4, socketPathLen); this._debug && this._debug( 'Outbound: Sending GLOBAL_REQUEST (streamlocal-forward@openssh.com)' ); sendPacket(this, this._packetRW.write.finalize(packet)); } openssh_cancelStreamLocalForward(socketPath, wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); const socketPathLen = Buffer.byteLength(socketPath); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 38 + 1 + 4 + socketPathLen ); packet[p] = MESSAGE.GLOBAL_REQUEST; writeUInt32BE(packet, 38, ++p); packet.utf8Write('cancel-streamlocal-forward@openssh.com', p += 4, 38); packet[p += 38] = (wantReply === undefined || wantReply === true ? 1 : 0); writeUInt32BE(packet, socketPathLen, ++p); packet.utf8Write(socketPath, p += 4, socketPathLen); if (this._debug) { this._debug( 'Outbound: Sending GLOBAL_REQUEST ' + '(cancel-streamlocal-forward@openssh.com)' ); } sendPacket(this, this._packetRW.write.finalize(packet)); } directTcpip(chan, initWindow, maxPacket, cfg) { if (this._server) throw new Error('Client-only method called in server mode'); const srcLen = Buffer.byteLength(cfg.srcIP); const dstLen = Buffer.byteLength(cfg.dstIP); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 12 + 4 + 4 + 4 + 4 + srcLen + 4 + 4 + dstLen + 4 ); packet[p] = MESSAGE.CHANNEL_OPEN; writeUInt32BE(packet, 12, ++p); packet.utf8Write('direct-tcpip', p += 4, 12); writeUInt32BE(packet, chan, p += 12); writeUInt32BE(packet, initWindow, p += 4); writeUInt32BE(packet, maxPacket, p += 4); writeUInt32BE(packet, dstLen, p += 4); packet.utf8Write(cfg.dstIP, p += 4, dstLen); writeUInt32BE(packet, cfg.dstPort, p += dstLen); writeUInt32BE(packet, srcLen, p += 4); packet.utf8Write(cfg.srcIP, p += 4, srcLen); writeUInt32BE(packet, cfg.srcPort, p += srcLen); this._debug && this._debug( `Outbound: Sending CHANNEL_OPEN (r:${chan}, direct-tcpip)` ); sendPacket(this, this._packetRW.write.finalize(packet)); } openssh_directStreamLocal(chan, initWindow, maxPacket, cfg) { if (this._server) throw new Error('Client-only method called in server mode'); const pathLen = Buffer.byteLength(cfg.socketPath); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 30 + 4 + 4 + 4 + 4 + pathLen + 4 + 4 ); packet[p] = MESSAGE.CHANNEL_OPEN; writeUInt32BE(packet, 30, ++p); packet.utf8Write('direct-streamlocal@openssh.com', p += 4, 30); writeUInt32BE(packet, chan, p += 30); writeUInt32BE(packet, initWindow, p += 4); writeUInt32BE(packet, maxPacket, p += 4); writeUInt32BE(packet, pathLen, p += 4); packet.utf8Write(cfg.socketPath, p += 4, pathLen); // zero-fill reserved fields (string and uint32) bufferFill(packet, 0, p += pathLen, p + 8); if (this._debug) { this._debug( 'Outbound: Sending CHANNEL_OPEN ' + `(r:${chan}, direct-streamlocal@openssh.com)` ); } sendPacket(this, this._packetRW.write.finalize(packet)); } openssh_noMoreSessions(wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 28 + 1); packet[p] = MESSAGE.GLOBAL_REQUEST; writeUInt32BE(packet, 28, ++p); packet.utf8Write('no-more-sessions@openssh.com', p += 4, 28); packet[p += 28] = (wantReply === undefined || wantReply === true ? 1 : 0); this._debug && this._debug( 'Outbound: Sending GLOBAL_REQUEST (no-more-sessions@openssh.com)' ); sendPacket(this, this._packetRW.write.finalize(packet)); } session(chan, initWindow, maxPacket) { if (this._server) throw new Error('Client-only method called in server mode'); // Does not consume window space let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 7 + 4 + 4 + 4); packet[p] = MESSAGE.CHANNEL_OPEN; writeUInt32BE(packet, 7, ++p); packet.utf8Write('session', p += 4, 7); writeUInt32BE(packet, chan, p += 7); writeUInt32BE(packet, initWindow, p += 4); writeUInt32BE(packet, maxPacket, p += 4); this._debug && this._debug(`Outbound: Sending CHANNEL_OPEN (r:${chan}, session)`); sendPacket(this, this._packetRW.write.finalize(packet)); } windowChange(chan, rows, cols, height, width) { if (this._server) throw new Error('Client-only method called in server mode'); // Does not consume window space let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 4 + 13 + 1 + 4 + 4 + 4 + 4 ); packet[p] = MESSAGE.CHANNEL_REQUEST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, 13, p += 4); packet.utf8Write('window-change', p += 4, 13); packet[p += 13] = 0; writeUInt32BE(packet, cols, ++p); writeUInt32BE(packet, rows, p += 4); writeUInt32BE(packet, width, p += 4); writeUInt32BE(packet, height, p += 4); this._debug && this._debug( `Outbound: Sending CHANNEL_REQUEST (r:${chan}, window-change)` ); sendPacket(this, this._packetRW.write.finalize(packet)); } pty(chan, rows, cols, height, width, term, modes, wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); // Does not consume window space if (!term || !term.length) term = 'vt100'; if (modes && !Buffer.isBuffer(modes) && !Array.isArray(modes) && typeof modes === 'object' && modes !== null) { modes = modesToBytes(modes); } if (!modes || !modes.length) modes = NO_TERMINAL_MODES_BUFFER; const termLen = term.length; const modesLen = modes.length; let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 4 + 7 + 1 + 4 + termLen + 4 + 4 + 4 + 4 + 4 + modesLen ); packet[p] = MESSAGE.CHANNEL_REQUEST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, 7, p += 4); packet.utf8Write('pty-req', p += 4, 7); packet[p += 7] = (wantReply === undefined || wantReply === true ? 1 : 0); writeUInt32BE(packet, termLen, ++p); packet.utf8Write(term, p += 4, termLen); writeUInt32BE(packet, cols, p += termLen); writeUInt32BE(packet, rows, p += 4); writeUInt32BE(packet, width, p += 4); writeUInt32BE(packet, height, p += 4); writeUInt32BE(packet, modesLen, p += 4); p += 4; if (Array.isArray(modes)) { for (let i = 0; i < modesLen; ++i) packet[p++] = modes[i]; } else if (Buffer.isBuffer(modes)) { packet.set(modes, p); } this._debug && this._debug(`Outbound: Sending CHANNEL_REQUEST (r:${chan}, pty-req)`); sendPacket(this, this._packetRW.write.finalize(packet)); } shell(chan, wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); // Does not consume window space let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 4 + 5 + 1); packet[p] = MESSAGE.CHANNEL_REQUEST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, 5, p += 4); packet.utf8Write('shell', p += 4, 5); packet[p += 5] = (wantReply === undefined || wantReply === true ? 1 : 0); this._debug && this._debug(`Outbound: Sending CHANNEL_REQUEST (r:${chan}, shell)`); sendPacket(this, this._packetRW.write.finalize(packet)); } exec(chan, cmd, wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); // Does not consume window space const isBuf = Buffer.isBuffer(cmd); const cmdLen = (isBuf ? cmd.length : Buffer.byteLength(cmd)); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 4 + 4 + 1 + 4 + cmdLen); packet[p] = MESSAGE.CHANNEL_REQUEST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, 4, p += 4); packet.utf8Write('exec', p += 4, 4); packet[p += 4] = (wantReply === undefined || wantReply === true ? 1 : 0); writeUInt32BE(packet, cmdLen, ++p); if (isBuf) packet.set(cmd, p += 4); else packet.utf8Write(cmd, p += 4, cmdLen); this._debug && this._debug( `Outbound: Sending CHANNEL_REQUEST (r:${chan}, exec: ${cmd})` ); sendPacket(this, this._packetRW.write.finalize(packet)); } signal(chan, signal) { if (this._server) throw new Error('Client-only method called in server mode'); // Does not consume window space const origSignal = signal; signal = signal.toUpperCase(); if (signal.slice(0, 3) === 'SIG') signal = signal.slice(3); if (SIGNALS[signal] !== 1) throw new Error(`Invalid signal: ${origSignal}`); const signalLen = signal.length; let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 4 + 6 + 1 + 4 + signalLen ); packet[p] = MESSAGE.CHANNEL_REQUEST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, 6, p += 4); packet.utf8Write('signal', p += 4, 6); packet[p += 6] = 0; writeUInt32BE(packet, signalLen, ++p); packet.utf8Write(signal, p += 4, signalLen); this._debug && this._debug( `Outbound: Sending CHANNEL_REQUEST (r:${chan}, signal: ${signal})` ); sendPacket(this, this._packetRW.write.finalize(packet)); } env(chan, key, val, wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); // Does not consume window space const keyLen = Buffer.byteLength(key); const isBuf = Buffer.isBuffer(val); const valLen = (isBuf ? val.length : Buffer.byteLength(val)); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 4 + 3 + 1 + 4 + keyLen + 4 + valLen ); packet[p] = MESSAGE.CHANNEL_REQUEST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, 3, p += 4); packet.utf8Write('env', p += 4, 3); packet[p += 3] = (wantReply === undefined || wantReply === true ? 1 : 0); writeUInt32BE(packet, keyLen, ++p); packet.utf8Write(key, p += 4, keyLen); writeUInt32BE(packet, valLen, p += keyLen); if (isBuf) packet.set(val, p += 4); else packet.utf8Write(val, p += 4, valLen); this._debug && this._debug( `Outbound: Sending CHANNEL_REQUEST (r:${chan}, env: ${key}=${val})` ); sendPacket(this, this._packetRW.write.finalize(packet)); } x11Forward(chan, cfg, wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); // Does not consume window space const protocol = cfg.protocol; const cookie = cfg.cookie; const isBufProto = Buffer.isBuffer(protocol); const protoLen = (isBufProto ? protocol.length : Buffer.byteLength(protocol)); const isBufCookie = Buffer.isBuffer(cookie); const cookieLen = (isBufCookie ? cookie.length : Buffer.byteLength(cookie)); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 4 + 7 + 1 + 1 + 4 + protoLen + 4 + cookieLen + 4 ); packet[p] = MESSAGE.CHANNEL_REQUEST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, 7, p += 4); packet.utf8Write('x11-req', p += 4, 7); packet[p += 7] = (wantReply === undefined || wantReply === true ? 1 : 0); packet[++p] = (cfg.single ? 1 : 0); writeUInt32BE(packet, protoLen, ++p); if (isBufProto) packet.set(protocol, p += 4); else packet.utf8Write(protocol, p += 4, protoLen); writeUInt32BE(packet, cookieLen, p += protoLen); if (isBufCookie) packet.set(cookie, p += 4); else packet.latin1Write(cookie, p += 4, cookieLen); writeUInt32BE(packet, (cfg.screen || 0), p += cookieLen); this._debug && this._debug(`Outbound: Sending CHANNEL_REQUEST (r:${chan}, x11-req)`); sendPacket(this, this._packetRW.write.finalize(packet)); } subsystem(chan, name, wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); // Does not consume window space const nameLen = Buffer.byteLength(name); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 4 + 9 + 1 + 4 + nameLen); packet[p] = MESSAGE.CHANNEL_REQUEST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, 9, p += 4); packet.utf8Write('subsystem', p += 4, 9); packet[p += 9] = (wantReply === undefined || wantReply === true ? 1 : 0); writeUInt32BE(packet, nameLen, ++p); packet.utf8Write(name, p += 4, nameLen); this._debug && this._debug( `Outbound: Sending CHANNEL_REQUEST (r:${chan}, subsystem: ${name})` ); sendPacket(this, this._packetRW.write.finalize(packet)); } openssh_agentForward(chan, wantReply) { if (this._server) throw new Error('Client-only method called in server mode'); // Does not consume window space let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 4 + 26 + 1); packet[p] = MESSAGE.CHANNEL_REQUEST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, 26, p += 4); packet.utf8Write('auth-agent-req@openssh.com', p += 4, 26); packet[p += 26] = (wantReply === undefined || wantReply === true ? 1 : 0); if (this._debug) { this._debug( 'Outbound: Sending CHANNEL_REQUEST ' + `(r:${chan}, auth-agent-req@openssh.com)` ); } sendPacket(this, this._packetRW.write.finalize(packet)); } openssh_hostKeysProve(keys) { if (this._server) throw new Error('Client-only method called in server mode'); let keysTotal = 0; const publicKeys = []; for (const key of keys) { const publicKey = key.getPublicSSH(); keysTotal += 4 + publicKey.length; publicKeys.push(publicKey); } let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 29 + 1 + keysTotal); packet[p] = MESSAGE.GLOBAL_REQUEST; writeUInt32BE(packet, 29, ++p); packet.utf8Write('hostkeys-prove-00@openssh.com', p += 4, 29); packet[p += 29] = 1; // want reply ++p; for (const buf of publicKeys) { writeUInt32BE(packet, buf.length, p); bufferCopy(buf, packet, 0, buf.length, p += 4); p += buf.length; } if (this._debug) { this._debug( 'Outbound: Sending GLOBAL_REQUEST (hostkeys-prove-00@openssh.com)' ); } sendPacket(this, this._packetRW.write.finalize(packet)); } // =========================================================================== // Server-specific =========================================================== // =========================================================================== // Global // ------ serviceAccept(svcName) { if (!this._server) throw new Error('Server-only method called in client mode'); const svcNameLen = Buffer.byteLength(svcName); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + svcNameLen); packet[p] = MESSAGE.SERVICE_ACCEPT; writeUInt32BE(packet, svcNameLen, ++p); packet.utf8Write(svcName, p += 4, svcNameLen); this._debug && this._debug(`Outbound: Sending SERVICE_ACCEPT (${svcName})`); sendPacket(this, this._packetRW.write.finalize(packet)); if (this._server && this._banner && svcName === 'ssh-userauth') { const banner = this._banner; this._banner = undefined; // Prevent banner from being displayed again const bannerLen = Buffer.byteLength(banner); p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + bannerLen + 4); packet[p] = MESSAGE.USERAUTH_BANNER; writeUInt32BE(packet, bannerLen, ++p); packet.utf8Write(banner, p += 4, bannerLen); writeUInt32BE(packet, 0, p += bannerLen); // Empty language tag this._debug && this._debug('Outbound: Sending USERAUTH_BANNER'); sendPacket(this, this._packetRW.write.finalize(packet)); } } // 'ssh-connection' service-specific forwardedTcpip(chan, initWindow, maxPacket, cfg) { if (!this._server) throw new Error('Server-only method called in client mode'); const boundAddrLen = Buffer.byteLength(cfg.boundAddr); const remoteAddrLen = Buffer.byteLength(cfg.remoteAddr); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 15 + 4 + 4 + 4 + 4 + boundAddrLen + 4 + 4 + remoteAddrLen + 4 ); packet[p] = MESSAGE.CHANNEL_OPEN; writeUInt32BE(packet, 15, ++p); packet.utf8Write('forwarded-tcpip', p += 4, 15); writeUInt32BE(packet, chan, p += 15); writeUInt32BE(packet, initWindow, p += 4); writeUInt32BE(packet, maxPacket, p += 4); writeUInt32BE(packet, boundAddrLen, p += 4); packet.utf8Write(cfg.boundAddr, p += 4, boundAddrLen); writeUInt32BE(packet, cfg.boundPort, p += boundAddrLen); writeUInt32BE(packet, remoteAddrLen, p += 4); packet.utf8Write(cfg.remoteAddr, p += 4, remoteAddrLen); writeUInt32BE(packet, cfg.remotePort, p += remoteAddrLen); this._debug && this._debug( `Outbound: Sending CHANNEL_OPEN (r:${chan}, forwarded-tcpip)` ); sendPacket(this, this._packetRW.write.finalize(packet)); } x11(chan, initWindow, maxPacket, cfg) { if (!this._server) throw new Error('Server-only method called in client mode'); const addrLen = Buffer.byteLength(cfg.originAddr); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 3 + 4 + 4 + 4 + 4 + addrLen + 4 ); packet[p] = MESSAGE.CHANNEL_OPEN; writeUInt32BE(packet, 3, ++p); packet.utf8Write('x11', p += 4, 3); writeUInt32BE(packet, chan, p += 3); writeUInt32BE(packet, initWindow, p += 4); writeUInt32BE(packet, maxPacket, p += 4); writeUInt32BE(packet, addrLen, p += 4); packet.utf8Write(cfg.originAddr, p += 4, addrLen); writeUInt32BE(packet, cfg.originPort, p += addrLen); this._debug && this._debug( `Outbound: Sending CHANNEL_OPEN (r:${chan}, x11)` ); sendPacket(this, this._packetRW.write.finalize(packet)); } openssh_authAgent(chan, initWindow, maxPacket) { if (!this._server) throw new Error('Server-only method called in client mode'); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 22 + 4 + 4 + 4); packet[p] = MESSAGE.CHANNEL_OPEN; writeUInt32BE(packet, 22, ++p); packet.utf8Write('auth-agent@openssh.com', p += 4, 22); writeUInt32BE(packet, chan, p += 22); writeUInt32BE(packet, initWindow, p += 4); writeUInt32BE(packet, maxPacket, p += 4); this._debug && this._debug( `Outbound: Sending CHANNEL_OPEN (r:${chan}, auth-agent@openssh.com)` ); sendPacket(this, this._packetRW.write.finalize(packet)); } openssh_forwardedStreamLocal(chan, initWindow, maxPacket, cfg) { if (!this._server) throw new Error('Server-only method called in client mode'); const pathLen = Buffer.byteLength(cfg.socketPath); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 33 + 4 + 4 + 4 + 4 + pathLen + 4 ); packet[p] = MESSAGE.CHANNEL_OPEN; writeUInt32BE(packet, 33, ++p); packet.utf8Write('forwarded-streamlocal@openssh.com', p += 4, 33); writeUInt32BE(packet, chan, p += 33); writeUInt32BE(packet, initWindow, p += 4); writeUInt32BE(packet, maxPacket, p += 4); writeUInt32BE(packet, pathLen, p += 4); packet.utf8Write(cfg.socketPath, p += 4, pathLen); writeUInt32BE(packet, 0, p += pathLen); if (this._debug) { this._debug( 'Outbound: Sending CHANNEL_OPEN ' + `(r:${chan}, forwarded-streamlocal@openssh.com)` ); } sendPacket(this, this._packetRW.write.finalize(packet)); } exitStatus(chan, status) { if (!this._server) throw new Error('Server-only method called in client mode'); // Does not consume window space let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + 4 + 11 + 1 + 4); packet[p] = MESSAGE.CHANNEL_REQUEST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, 11, p += 4); packet.utf8Write('exit-status', p += 4, 11); packet[p += 11] = 0; writeUInt32BE(packet, status, ++p); this._debug && this._debug( `Outbound: Sending CHANNEL_REQUEST (r:${chan}, exit-status: ${status})` ); sendPacket(this, this._packetRW.write.finalize(packet)); } exitSignal(chan, name, coreDumped, msg) { if (!this._server) throw new Error('Server-only method called in client mode'); // Does not consume window space const origSignal = name; if (typeof origSignal !== 'string' || !origSignal) throw new Error(`Invalid signal: ${origSignal}`); let signal = name.toUpperCase(); if (signal.slice(0, 3) === 'SIG') signal = signal.slice(3); if (SIGNALS[signal] !== 1) throw new Error(`Invalid signal: ${origSignal}`); const nameLen = Buffer.byteLength(signal); const msgLen = (msg ? Buffer.byteLength(msg) : 0); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + 4 + 11 + 1 + 4 + nameLen + 1 + 4 + msgLen + 4 ); packet[p] = MESSAGE.CHANNEL_REQUEST; writeUInt32BE(packet, chan, ++p); writeUInt32BE(packet, 11, p += 4); packet.utf8Write('exit-signal', p += 4, 11); packet[p += 11] = 0; writeUInt32BE(packet, nameLen, ++p); packet.utf8Write(signal, p += 4, nameLen); packet[p += nameLen] = (coreDumped ? 1 : 0); writeUInt32BE(packet, msgLen, ++p); p += 4; if (msgLen) { packet.utf8Write(msg, p, msgLen); p += msgLen; } writeUInt32BE(packet, 0, p); this._debug && this._debug( `Outbound: Sending CHANNEL_REQUEST (r:${chan}, exit-signal: ${name})` ); sendPacket(this, this._packetRW.write.finalize(packet)); } // 'ssh-userauth' service-specific authFailure(authMethods, isPartial) { if (!this._server) throw new Error('Server-only method called in client mode'); if (this._authsQueue.length === 0) throw new Error('No auth in progress'); let methods; if (typeof authMethods === 'boolean') { isPartial = authMethods; authMethods = undefined; } if (authMethods) { methods = []; for (let i = 0; i < authMethods.length; ++i) { if (authMethods[i].toLowerCase() === 'none') continue; methods.push(authMethods[i]); } methods = methods.join(','); } else { methods = ''; } const methodsLen = methods.length; let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + methodsLen + 1); packet[p] = MESSAGE.USERAUTH_FAILURE; writeUInt32BE(packet, methodsLen, ++p); packet.utf8Write(methods, p += 4, methodsLen); packet[p += methodsLen] = (isPartial === true ? 1 : 0); this._authsQueue.shift(); this._debug && this._debug('Outbound: Sending USERAUTH_FAILURE'); sendPacket(this, this._packetRW.write.finalize(packet)); } authSuccess() { if (!this._server) throw new Error('Server-only method called in client mode'); if (this._authsQueue.length === 0) throw new Error('No auth in progress'); const p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1); packet[p] = MESSAGE.USERAUTH_SUCCESS; this._authsQueue.shift(); this._authenticated = true; this._debug && this._debug('Outbound: Sending USERAUTH_SUCCESS'); sendPacket(this, this._packetRW.write.finalize(packet)); if (this._kex.negotiated.cs.compress === 'zlib@openssh.com') this._packetRW.read = new ZlibPacketReader(); if (this._kex.negotiated.sc.compress === 'zlib@openssh.com') this._packetRW.write = new ZlibPacketWriter(this); } authPKOK(keyAlgo, key) { if (!this._server) throw new Error('Server-only method called in client mode'); if (this._authsQueue.length === 0 || this._authsQueue[0] !== 'publickey') throw new Error('"publickey" auth not in progress'); // TODO: support parsed key for `key` const keyAlgoLen = Buffer.byteLength(keyAlgo); const keyLen = key.length; let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + keyAlgoLen + 4 + keyLen); packet[p] = MESSAGE.USERAUTH_PK_OK; writeUInt32BE(packet, keyAlgoLen, ++p); packet.utf8Write(keyAlgo, p += 4, keyAlgoLen); writeUInt32BE(packet, keyLen, p += keyAlgoLen); packet.set(key, p += 4); this._authsQueue.shift(); this._debug && this._debug('Outbound: Sending USERAUTH_PK_OK'); sendPacket(this, this._packetRW.write.finalize(packet)); } authPasswdChg(prompt) { if (!this._server) throw new Error('Server-only method called in client mode'); const promptLen = Buffer.byteLength(prompt); let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc(1 + 4 + promptLen + 4); packet[p] = MESSAGE.USERAUTH_PASSWD_CHANGEREQ; writeUInt32BE(packet, promptLen, ++p); packet.utf8Write(prompt, p += 4, promptLen); writeUInt32BE(packet, 0, p += promptLen); // Empty language tag this._debug && this._debug('Outbound: Sending USERAUTH_PASSWD_CHANGEREQ'); sendPacket(this, this._packetRW.write.finalize(packet)); } authInfoReq(name, instructions, prompts) { if (!this._server) throw new Error('Server-only method called in client mode'); let promptsLen = 0; const nameLen = name ? Buffer.byteLength(name) : 0; const instrLen = instructions ? Buffer.byteLength(instructions) : 0; for (let i = 0; i < prompts.length; ++i) promptsLen += 4 + Buffer.byteLength(prompts[i].prompt) + 1; let p = this._packetRW.write.allocStart; const packet = this._packetRW.write.alloc( 1 + 4 + nameLen + 4 + instrLen + 4 + 4 + promptsLen ); packet[p] = MESSAGE.USERAUTH_INFO_REQUEST; writeUInt32BE(packet, nameLen, ++p); p += 4; if (name) { packet.utf8Write(name, p, nameLen); p += nameLen; } writeUInt32BE(packet, instrLen, p); p += 4; if (instructions) { packet.utf8Write(instructions, p, instrLen); p += instrLen; } writeUInt32BE(packet, 0, p); writeUInt32BE(packet, prompts.length, p += 4); p += 4; for (let i = 0; i < prompts.length; ++i) { const prompt = prompts[i]; const promptLen = Buffer.byteLength(prompt.prompt); writeUInt32BE(packet, promptLen, p); p += 4; if (promptLen) { packet.utf8Write(prompt.prompt, p, promptLen); p += promptLen; } packet[p++] = (prompt.echo ? 1 : 0); } this._debug && this._debug('Outbound: Sending USERAUTH_INFO_REQUEST'); sendPacket(this, this._packetRW.write.finalize(packet)); } } // SSH-protoversion-softwareversion (SP comments) CR LF const RE_IDENT = /^SSH-(2\.0|1\.99)-([^ ]+)(?: (.*))?$/; // TODO: optimize this by starting n bytes from the end of this._buffer instead // of the beginning function parseHeader(chunk, p, len) { let data; let chunkOffset; if (this._buffer) { data = Buffer.allocUnsafe(this._buffer.length + (len - p)); data.set(this._buffer, 0); if (p === 0) { data.set(chunk, this._buffer.length); } else { data.set(new Uint8Array(chunk.buffer, chunk.byteOffset + p, (len - p)), this._buffer.length); } chunkOffset = this._buffer.length; p = 0; } else { data = chunk; chunkOffset = 0; } const op = p; let start = p; let end = p; let needNL = false; let lineLen = 0; let lines = 0; for (; p < data.length; ++p) { const ch = data[p]; if (ch === 13 /* '\r' */) { needNL = true; continue; } if (ch === 10 /* '\n' */) { if (end > start && end - start > 4 && data[start] === 83 /* 'S' */ && data[start + 1] === 83 /* 'S' */ && data[start + 2] === 72 /* 'H' */ && data[start + 3] === 45 /* '-' */) { const full = data.latin1Slice(op, end + 1); const identRaw = (start === op ? full : full.slice(start - op)); const m = RE_IDENT.exec(identRaw); if (!m) throw new Error('Invalid identification string'); const header = { greeting: (start === op ? '' : full.slice(0, start - op)), identRaw, versions: { protocol: m[1], software: m[2], }, comments: m[3] }; // Needed during handshake this._remoteIdentRaw = Buffer.from(identRaw); this._debug && this._debug(`Remote ident: ${inspect(identRaw)}`); this._compatFlags = getCompatFlags(header); this._buffer = undefined; this._decipher = new NullDecipher(0, onKEXPayload.bind(this, { firstPacket: true })); this._parse = parsePacket; this._onHeader(header); if (!this._destruct) { // We disconnected inside _onHeader return len; } kexinit(this); return p + 1 - chunkOffset; } // Only allow pre-ident greetings when we're a client if (this._server) throw new Error('Greetings from clients not permitted'); if (++lines > MAX_LINES) throw new Error('Max greeting lines exceeded'); needNL = false; start = p + 1; lineLen = 0; } else if (needNL) { throw new Error('Invalid header: expected newline'); } else if (++lineLen >= MAX_LINE_LEN) { throw new Error('Header line too long'); } end = p; } if (!this._buffer) this._buffer = bufferSlice(data, op); return p - chunkOffset; } function parsePacket(chunk, p, len) { return this._decipher.decrypt(chunk, p, len); } function onPayload(payload) { // XXX: move this to the Decipher implementations? this._onPacket(); if (payload.length === 0) { this._debug && this._debug('Inbound: Skipping empty packet payload'); return; } payload = this._packetRW.read.read(payload); const type = payload[0]; if (type === MESSAGE.USERAUTH_SUCCESS && !this._server && !this._authenticated) { this._authenticated = true; if (this._kex.negotiated.cs.compress === 'zlib@openssh.com') this._packetRW.write = new ZlibPacketWriter(this); if (this._kex.negotiated.sc.compress === 'zlib@openssh.com') this._packetRW.read = new ZlibPacketReader(); } const handler = MESSAGE_HANDLERS[type]; if (handler === undefined) { this._debug && this._debug(`Inbound: Unsupported message type: ${type}`); return; } return handler(this, payload); } function getCompatFlags(header) { const software = header.versions.software; let flags = 0; for (const rule of COMPAT_CHECKS) { if (typeof rule[0] === 'string') { if (software === rule[0]) flags |= rule[1]; } else if (rule[0].test(software)) { flags |= rule[1]; } } return flags; } function modesToBytes(modes) { const keys = Object.keys(modes); const bytes = Buffer.allocUnsafe((5 * keys.length) + 1); let b = 0; for (let i = 0; i < keys.length; ++i) { const key = keys[i]; if (key === 'TTY_OP_END') continue; const opcode = TERMINAL_MODE[key]; if (opcode === undefined) continue; const val = modes[key]; if (typeof val === 'number' && isFinite(val)) { bytes[b++] = opcode; bytes[b++] = val >>> 24; bytes[b++] = val >>> 16; bytes[b++] = val >>> 8; bytes[b++] = val; } } bytes[b++] = TERMINAL_MODE.TTY_OP_END; if (b < bytes.length) return bufferSlice(bytes, 0, b); return bytes; } module.exports = Protocol; /***/ }), /***/ 2026: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const EventEmitter = __nccwpck_require__(8614); const fs = __nccwpck_require__(5747); const { constants } = fs; const { Readable: ReadableStream, Writable: WritableStream } = __nccwpck_require__(2413); const { inherits, isDate } = __nccwpck_require__(1669); const FastBuffer = Buffer[Symbol.species]; const { bufferCopy, bufferSlice, makeBufferParser, writeUInt32BE, } = __nccwpck_require__(9475); const ATTR = { SIZE: 0x00000001, UIDGID: 0x00000002, PERMISSIONS: 0x00000004, ACMODTIME: 0x00000008, EXTENDED: 0x80000000, }; // Large enough to store all possible attributes const ATTRS_BUF = Buffer.alloc(28); const STATUS_CODE = { OK: 0, EOF: 1, NO_SUCH_FILE: 2, PERMISSION_DENIED: 3, FAILURE: 4, BAD_MESSAGE: 5, NO_CONNECTION: 6, CONNECTION_LOST: 7, OP_UNSUPPORTED: 8 }; const VALID_STATUS_CODES = new Map( Object.values(STATUS_CODE).map((n) => [n, 1]) ); const STATUS_CODE_STR = { [STATUS_CODE.OK]: 'No error', [STATUS_CODE.EOF]: 'End of file', [STATUS_CODE.NO_SUCH_FILE]: 'No such file or directory', [STATUS_CODE.PERMISSION_DENIED]: 'Permission denied', [STATUS_CODE.FAILURE]: 'Failure', [STATUS_CODE.BAD_MESSAGE]: 'Bad message', [STATUS_CODE.NO_CONNECTION]: 'No connection', [STATUS_CODE.CONNECTION_LOST]: 'Connection lost', [STATUS_CODE.OP_UNSUPPORTED]: 'Operation unsupported', }; const REQUEST = { INIT: 1, OPEN: 3, CLOSE: 4, READ: 5, WRITE: 6, LSTAT: 7, FSTAT: 8, SETSTAT: 9, FSETSTAT: 10, OPENDIR: 11, READDIR: 12, REMOVE: 13, MKDIR: 14, RMDIR: 15, REALPATH: 16, STAT: 17, RENAME: 18, READLINK: 19, SYMLINK: 20, EXTENDED: 200 }; const RESPONSE = { VERSION: 2, STATUS: 101, HANDLE: 102, DATA: 103, NAME: 104, ATTRS: 105, EXTENDED: 201 }; const OPEN_MODE = { READ: 0x00000001, WRITE: 0x00000002, APPEND: 0x00000004, CREAT: 0x00000008, TRUNC: 0x00000010, EXCL: 0x00000020 }; const PKT_RW_OVERHEAD = 2 * 1024; const MAX_REQID = 2 ** 32 - 1; const CLIENT_VERSION_BUFFER = Buffer.from([ 0, 0, 0, 5 /* length */, REQUEST.INIT, 0, 0, 0, 3 /* version */ ]); const SERVER_VERSION_BUFFER = Buffer.from([ 0, 0, 0, 5 /* length */, RESPONSE.VERSION, 0, 0, 0, 3 /* version */ ]); const RE_OPENSSH = /^SSH-2.0-(?:OpenSSH|dropbear)/; const OPENSSH_MAX_PKT_LEN = 256 * 1024; const bufferParser = makeBufferParser(); const fakeStderr = { readable: false, writable: false, push: (data) => {}, once: () => {}, on: () => {}, emit: () => {}, end: () => {}, }; function noop() {} // Emulates enough of `Channel` to be able to be used as a drop-in replacement // in order to process incoming data with as little overhead as possible class SFTP extends EventEmitter { constructor(client, chanInfo, cfg) { super(); if (typeof cfg !== 'object' || !cfg) cfg = {}; const remoteIdentRaw = client._protocol._remoteIdentRaw; this.server = !!cfg.server; this._debug = (typeof cfg.debug === 'function' ? cfg.debug : undefined); this._isOpenSSH = (remoteIdentRaw && RE_OPENSSH.test(remoteIdentRaw)); this._version = -1; this._extensions = {}; this._biOpt = cfg.biOpt; this._pktLenBytes = 0; this._pktLen = 0; this._pktPos = 0; this._pktType = 0; this._pktData = undefined; this._writeReqid = -1; this._requests = {}; this._maxInPktLen = OPENSSH_MAX_PKT_LEN; this._maxOutPktLen = 34000; this._maxReadLen = (this._isOpenSSH ? OPENSSH_MAX_PKT_LEN : 34000) - PKT_RW_OVERHEAD; this._maxWriteLen = (this._isOpenSSH ? OPENSSH_MAX_PKT_LEN : 34000) - PKT_RW_OVERHEAD; this.maxOpenHandles = undefined; // Channel compatibility this._client = client; this._protocol = client._protocol; this._callbacks = []; this._hasX11 = false; this._exit = { code: undefined, signal: undefined, dump: undefined, desc: undefined, }; this._waitWindow = false; // SSH-level backpressure this._chunkcb = undefined; this._buffer = []; this.type = chanInfo.type; this.subtype = undefined; this.incoming = chanInfo.incoming; this.outgoing = chanInfo.outgoing; this.stderr = fakeStderr; this.readable = true; } // This handles incoming data to parse push(data) { if (data === null) { cleanupRequests(this); if (!this.readable) return; // No more incoming data from the remote side this.readable = false; this.emit('end'); return; } /* uint32 length byte type byte[length - 1] data payload */ let p = 0; while (p < data.length) { if (this._pktLenBytes < 4) { let nb = Math.min(4 - this._pktLenBytes, data.length - p); this._pktLenBytes += nb; while (nb--) this._pktLen = (this._pktLen << 8) + data[p++]; if (this._pktLenBytes < 4) return; if (this._pktLen === 0) return doFatalSFTPError(this, 'Invalid packet length'); if (this._pktLen > this._maxInPktLen) { const max = this._maxInPktLen; return doFatalSFTPError( this, `Packet length ${this._pktLen} exceeds max length of ${max}` ); } if (p >= data.length) return; } if (this._pktPos < this._pktLen) { const nb = Math.min(this._pktLen - this._pktPos, data.length - p); if (p !== 0 || nb !== data.length) { if (nb === this._pktLen) { this._pkt = new FastBuffer(data.buffer, data.byteOffset + p, nb); } else { if (!this._pkt) this._pkt = Buffer.allocUnsafe(this._pktLen); this._pkt.set( new Uint8Array(data.buffer, data.byteOffset + p, nb), this._pktPos ); } } else if (nb === this._pktLen) { this._pkt = data; } else { if (!this._pkt) this._pkt = Buffer.allocUnsafe(this._pktLen); this._pkt.set(data, this._pktPos); } p += nb; this._pktPos += nb; if (this._pktPos < this._pktLen) return; } const type = this._pkt[0]; const payload = this._pkt; // Prepare for next packet this._pktLen = 0; this._pktLenBytes = 0; this._pkt = undefined; this._pktPos = 0; const handler = (this.server ? SERVER_HANDLERS[type] : CLIENT_HANDLERS[type]); if (!handler) return doFatalSFTPError(this, `Unknown packet type ${type}`); if (this._version === -1) { if (this.server) { if (type !== REQUEST.INIT) return doFatalSFTPError(this, `Expected INIT packet, got ${type}`); } else if (type !== RESPONSE.VERSION) { return doFatalSFTPError(this, `Expected VERSION packet, got ${type}`); } } if (handler(this, payload) === false) return; } } end() { this.destroy(); } destroy() { if (this.outgoing.state === 'open' || this.outgoing.state === 'eof') { this.outgoing.state = 'closing'; this._protocol.channelClose(this.outgoing.id); } } _init() { this._init = noop; if (!this.server) sendOrBuffer(this, CLIENT_VERSION_BUFFER); } // =========================================================================== // Client-specific =========================================================== // =========================================================================== createReadStream(path, options) { if (this.server) throw new Error('Client-only method called in server mode'); return new ReadStream(this, path, options); } createWriteStream(path, options) { if (this.server) throw new Error('Client-only method called in server mode'); return new WriteStream(this, path, options); } open(path, flags_, attrs, cb) { if (this.server) throw new Error('Client-only method called in server mode'); if (typeof attrs === 'function') { cb = attrs; attrs = undefined; } const flags = (typeof flags_ === 'number' ? flags_ : stringToFlags(flags_)); if (flags === null) throw new Error(`Unknown flags string: ${flags_}`); let attrsFlags = 0; let attrsLen = 0; if (typeof attrs === 'string' || typeof attrs === 'number') attrs = { mode: attrs }; if (typeof attrs === 'object' && attrs !== null) { attrs = attrsToBytes(attrs); attrsFlags = attrs.flags; attrsLen = attrs.nb; } /* uint32 id string filename uint32 pflags ATTRS attrs */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen + 4 + 4 + attrsLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.OPEN; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, pathLen, p); buf.utf8Write(path, p += 4, pathLen); writeUInt32BE(buf, flags, p += pathLen); writeUInt32BE(buf, attrsFlags, p += 4); if (attrsLen) { p += 4; if (attrsLen === ATTRS_BUF.length) buf.set(ATTRS_BUF, p); else bufferCopy(ATTRS_BUF, buf, 0, attrsLen, p); p += attrsLen; } this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} OPEN` ); } close(handle, cb) { if (this.server) throw new Error('Client-only method called in server mode'); if (!Buffer.isBuffer(handle)) throw new Error('handle is not a Buffer'); /* uint32 id string handle */ const handleLen = handle.length; let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + handleLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.CLOSE; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, handleLen, p); buf.set(handle, p += 4); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} CLOSE` ); } read(handle, buf, off, len, position, cb) { if (this.server) throw new Error('Client-only method called in server mode'); if (!Buffer.isBuffer(handle)) throw new Error('handle is not a Buffer'); if (!Buffer.isBuffer(buf)) throw new Error('buffer is not a Buffer'); if (off >= buf.length) throw new Error('offset is out of bounds'); if (off + len > buf.length) throw new Error('length extends beyond buffer'); if (position === null) throw new Error('null position currently unsupported'); read_(this, handle, buf, off, len, position, cb); } readData(handle, buf, off, len, position, cb) { // Backwards compatibility this.read(handle, buf, off, len, position, cb); } write(handle, buf, off, len, position, cb) { if (this.server) throw new Error('Client-only method called in server mode'); if (!Buffer.isBuffer(handle)) throw new Error('handle is not a Buffer'); if (!Buffer.isBuffer(buf)) throw new Error('buffer is not a Buffer'); if (off > buf.length) throw new Error('offset is out of bounds'); if (off + len > buf.length) throw new Error('length extends beyond buffer'); if (position === null) throw new Error('null position currently unsupported'); if (!len) { cb && process.nextTick(cb, undefined, 0); return; } const maxDataLen = this._maxWriteLen; const overflow = Math.max(len - maxDataLen, 0); const origPosition = position; if (overflow) len = maxDataLen; /* uint32 id string handle uint64 offset string data */ const handleLen = handle.length; let p = 9; const out = Buffer.allocUnsafe(4 + 1 + 4 + 4 + handleLen + 8 + 4 + len); writeUInt32BE(out, out.length - 4, 0); out[4] = REQUEST.WRITE; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(out, reqid, 5); writeUInt32BE(out, handleLen, p); out.set(handle, p += 4); p += handleLen; for (let i = 7; i >= 0; --i) { out[p + i] = position & 0xFF; position /= 256; } writeUInt32BE(out, len, p += 8); bufferCopy(buf, out, off, off + len, p += 4); this._requests[reqid] = { cb: (err) => { if (err) { if (typeof cb === 'function') cb(err); } else if (overflow) { this.write(handle, buf, off + len, overflow, origPosition + len, cb); } else if (typeof cb === 'function') { cb(undefined, off + len); } } }; const isSent = sendOrBuffer(this, out); if (this._debug) { const how = (isSent ? 'Sent' : 'Buffered'); this._debug(`SFTP: Outbound: ${how} WRITE (id:${reqid})`); } } writeData(handle, buf, off, len, position, cb) { // Backwards compatibility this.write(handle, buf, off, len, position, cb); } fastGet(remotePath, localPath, opts, cb) { if (this.server) throw new Error('Client-only method called in server mode'); fastXfer(this, fs, remotePath, localPath, opts, cb); } fastPut(localPath, remotePath, opts, cb) { if (this.server) throw new Error('Client-only method called in server mode'); fastXfer(fs, this, localPath, remotePath, opts, cb); } readFile(path, options, callback_) { if (this.server) throw new Error('Client-only method called in server mode'); let callback; if (typeof callback_ === 'function') { callback = callback_; } else if (typeof options === 'function') { callback = options; options = undefined; } if (typeof options === 'string') options = { encoding: options, flag: 'r' }; else if (!options) options = { encoding: null, flag: 'r' }; else if (typeof options !== 'object') throw new TypeError('Bad arguments'); const encoding = options.encoding; if (encoding && !Buffer.isEncoding(encoding)) throw new Error(`Unknown encoding: ${encoding}`); // First stat the file, so we know the size. let size; let buffer; // Single buffer with file data let buffers; // List for when size is unknown let pos = 0; let handle; // SFTPv3 does not support using -1 for read position, so we have to track // read position manually let bytesRead = 0; const flag = options.flag || 'r'; const read = () => { if (size === 0) { buffer = Buffer.allocUnsafe(8192); this.read(handle, buffer, 0, 8192, bytesRead, afterRead); } else { this.read(handle, buffer, pos, size - pos, bytesRead, afterRead); } }; const afterRead = (er, nbytes) => { let eof; if (er) { eof = (er.code === STATUS_CODE.EOF); if (!eof) { return this.close(handle, () => { return callback && callback(er); }); } } else { eof = false; } if (eof || (size === 0 && nbytes === 0)) return close(); bytesRead += nbytes; pos += nbytes; if (size !== 0) { if (pos === size) close(); else read(); } else { // Unknown size, just read until we don't get bytes. buffers.push(bufferSlice(buffer, 0, nbytes)); read(); } }; afterRead._wantEOFError = true; const close = () => { this.close(handle, (er) => { if (size === 0) { // Collect the data into the buffers list. buffer = Buffer.concat(buffers, pos); } else if (pos < size) { buffer = bufferSlice(buffer, 0, pos); } if (encoding) buffer = buffer.toString(encoding); return callback && callback(er, buffer); }); }; this.open(path, flag, 0o666, (er, handle_) => { if (er) return callback && callback(er); handle = handle_; const tryStat = (er, st) => { if (er) { // Try stat() for sftp servers that may not support fstat() for // whatever reason this.stat(path, (er_, st_) => { if (er_) { return this.close(handle, () => { callback && callback(er); }); } tryStat(null, st_); }); return; } size = st.size || 0; if (size === 0) { // The kernel lies about many files. // Go ahead and try to read some bytes. buffers = []; return read(); } buffer = Buffer.allocUnsafe(size); read(); }; this.fstat(handle, tryStat); }); } writeFile(path, data, options, callback_) { if (this.server) throw new Error('Client-only method called in server mode'); let callback; if (typeof callback_ === 'function') { callback = callback_; } else if (typeof options === 'function') { callback = options; options = undefined; } if (typeof options === 'string') options = { encoding: options, mode: 0o666, flag: 'w' }; else if (!options) options = { encoding: 'utf8', mode: 0o666, flag: 'w' }; else if (typeof options !== 'object') throw new TypeError('Bad arguments'); if (options.encoding && !Buffer.isEncoding(options.encoding)) throw new Error(`Unknown encoding: ${options.encoding}`); const flag = options.flag || 'w'; this.open(path, flag, options.mode, (openErr, handle) => { if (openErr) { callback && callback(openErr); } else { const buffer = (Buffer.isBuffer(data) ? data : Buffer.from('' + data, options.encoding || 'utf8')); const position = (/a/.test(flag) ? null : 0); // SFTPv3 does not support the notion of 'current position' // (null position), so we just attempt to append to the end of the file // instead if (position === null) { const tryStat = (er, st) => { if (er) { // Try stat() for sftp servers that may not support fstat() for // whatever reason this.stat(path, (er_, st_) => { if (er_) { return this.close(handle, () => { callback && callback(er); }); } tryStat(null, st_); }); return; } writeAll(this, handle, buffer, 0, buffer.length, st.size, callback); }; this.fstat(handle, tryStat); return; } writeAll(this, handle, buffer, 0, buffer.length, position, callback); } }); } appendFile(path, data, options, callback_) { if (this.server) throw new Error('Client-only method called in server mode'); let callback; if (typeof callback_ === 'function') { callback = callback_; } else if (typeof options === 'function') { callback = options; options = undefined; } if (typeof options === 'string') options = { encoding: options, mode: 0o666, flag: 'a' }; else if (!options) options = { encoding: 'utf8', mode: 0o666, flag: 'a' }; else if (typeof options !== 'object') throw new TypeError('Bad arguments'); if (!options.flag) options = Object.assign({ flag: 'a' }, options); this.writeFile(path, data, options, callback); } exists(path, cb) { if (this.server) throw new Error('Client-only method called in server mode'); this.stat(path, (err) => { cb && cb(err ? false : true); }); } unlink(filename, cb) { if (this.server) throw new Error('Client-only method called in server mode'); /* uint32 id string filename */ const fnameLen = Buffer.byteLength(filename); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + fnameLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.REMOVE; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, fnameLen, p); buf.utf8Write(filename, p += 4, fnameLen); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} REMOVE` ); } rename(oldPath, newPath, cb) { if (this.server) throw new Error('Client-only method called in server mode'); /* uint32 id string oldpath string newpath */ const oldLen = Buffer.byteLength(oldPath); const newLen = Buffer.byteLength(newPath); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + oldLen + 4 + newLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.RENAME; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, oldLen, p); buf.utf8Write(oldPath, p += 4, oldLen); writeUInt32BE(buf, newLen, p += oldLen); buf.utf8Write(newPath, p += 4, newLen); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} RENAME` ); } mkdir(path, attrs, cb) { if (this.server) throw new Error('Client-only method called in server mode'); let flags = 0; let attrsLen = 0; if (typeof attrs === 'function') { cb = attrs; attrs = undefined; } if (typeof attrs === 'object' && attrs !== null) { attrs = attrsToBytes(attrs); flags = attrs.flags; attrsLen = attrs.nb; } /* uint32 id string path ATTRS attrs */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen + 4 + attrsLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.MKDIR; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, pathLen, p); buf.utf8Write(path, p += 4, pathLen); writeUInt32BE(buf, flags, p += pathLen); if (attrsLen) { p += 4; if (attrsLen === ATTRS_BUF.length) buf.set(ATTRS_BUF, p); else bufferCopy(ATTRS_BUF, buf, 0, attrsLen, p); p += attrsLen; } this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} MKDIR` ); } rmdir(path, cb) { if (this.server) throw new Error('Client-only method called in server mode'); /* uint32 id string path */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.RMDIR; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, pathLen, p); buf.utf8Write(path, p += 4, pathLen); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} RMDIR` ); } readdir(where, opts, cb) { if (this.server) throw new Error('Client-only method called in server mode'); if (typeof opts === 'function') { cb = opts; opts = {}; } if (typeof opts !== 'object' || opts === null) opts = {}; const doFilter = (opts && opts.full ? false : true); if (!Buffer.isBuffer(where) && typeof where !== 'string') throw new Error('missing directory handle or path'); if (typeof where === 'string') { const entries = []; let e = 0; const reread = (err, handle) => { if (err) return cb(err); this.readdir(handle, opts, (err, list) => { const eof = (err && err.code === STATUS_CODE.EOF); if (err && !eof) return this.close(handle, () => cb(err)); if (eof) { return this.close(handle, (err) => { if (err) return cb(err); cb(undefined, entries); }); } for (let i = 0; i < list.length; ++i, ++e) entries[e] = list[i]; reread(undefined, handle); }); }; return this.opendir(where, reread); } /* uint32 id string handle */ const handleLen = where.length; let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + handleLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.READDIR; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, handleLen, p); buf.set(where, p += 4); this._requests[reqid] = { cb: (doFilter ? (err, list) => { if (typeof cb !== 'function') return; if (err) return cb(err); for (let i = list.length - 1; i >= 0; --i) { if (list[i].filename === '.' || list[i].filename === '..') list.splice(i, 1); } cb(undefined, list); } : cb) }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} READDIR` ); } fstat(handle, cb) { if (this.server) throw new Error('Client-only method called in server mode'); if (!Buffer.isBuffer(handle)) throw new Error('handle is not a Buffer'); /* uint32 id string handle */ const handleLen = handle.length; let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + handleLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.FSTAT; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, handleLen, p); buf.set(handle, p += 4); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} FSTAT` ); } stat(path, cb) { if (this.server) throw new Error('Client-only method called in server mode'); /* uint32 id string path */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.STAT; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, pathLen, p); buf.utf8Write(path, p += 4, pathLen); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} STAT` ); } lstat(path, cb) { if (this.server) throw new Error('Client-only method called in server mode'); /* uint32 id string path */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.LSTAT; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, pathLen, p); buf.utf8Write(path, p += 4, pathLen); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} LSTAT` ); } opendir(path, cb) { if (this.server) throw new Error('Client-only method called in server mode'); /* uint32 id string path */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.OPENDIR; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, pathLen, p); buf.utf8Write(path, p += 4, pathLen); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} OPENDIR` ); } setstat(path, attrs, cb) { if (this.server) throw new Error('Client-only method called in server mode'); let flags = 0; let attrsLen = 0; if (typeof attrs === 'object' && attrs !== null) { attrs = attrsToBytes(attrs); flags = attrs.flags; attrsLen = attrs.nb; } else if (typeof attrs === 'function') { cb = attrs; } /* uint32 id string path ATTRS attrs */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen + 4 + attrsLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.SETSTAT; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, pathLen, p); buf.utf8Write(path, p += 4, pathLen); writeUInt32BE(buf, flags, p += pathLen); if (attrsLen) { p += 4; if (attrsLen === ATTRS_BUF.length) buf.set(ATTRS_BUF, p); else bufferCopy(ATTRS_BUF, buf, 0, attrsLen, p); p += attrsLen; } this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} SETSTAT` ); } fsetstat(handle, attrs, cb) { if (this.server) throw new Error('Client-only method called in server mode'); if (!Buffer.isBuffer(handle)) throw new Error('handle is not a Buffer'); let flags = 0; let attrsLen = 0; if (typeof attrs === 'object' && attrs !== null) { attrs = attrsToBytes(attrs); flags = attrs.flags; attrsLen = attrs.nb; } else if (typeof attrs === 'function') { cb = attrs; } /* uint32 id string handle ATTRS attrs */ const handleLen = handle.length; let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + handleLen + 4 + attrsLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.FSETSTAT; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, handleLen, p); buf.set(handle, p += 4); writeUInt32BE(buf, flags, p += handleLen); if (attrsLen) { p += 4; if (attrsLen === ATTRS_BUF.length) buf.set(ATTRS_BUF, p); else bufferCopy(ATTRS_BUF, buf, 0, attrsLen, p); p += attrsLen; } this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} FSETSTAT` ); } futimes(handle, atime, mtime, cb) { return this.fsetstat(handle, { atime: toUnixTimestamp(atime), mtime: toUnixTimestamp(mtime) }, cb); } utimes(path, atime, mtime, cb) { return this.setstat(path, { atime: toUnixTimestamp(atime), mtime: toUnixTimestamp(mtime) }, cb); } fchown(handle, uid, gid, cb) { return this.fsetstat(handle, { uid: uid, gid: gid }, cb); } chown(path, uid, gid, cb) { return this.setstat(path, { uid: uid, gid: gid }, cb); } fchmod(handle, mode, cb) { return this.fsetstat(handle, { mode: mode }, cb); } chmod(path, mode, cb) { return this.setstat(path, { mode: mode }, cb); } readlink(path, cb) { if (this.server) throw new Error('Client-only method called in server mode'); /* uint32 id string path */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.READLINK; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, pathLen, p); buf.utf8Write(path, p += 4, pathLen); this._requests[reqid] = { cb: (err, names) => { if (typeof cb !== 'function') return; if (err) return cb(err); if (!names || !names.length) return cb(new Error('Response missing link info')); cb(undefined, names[0].filename); } }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} READLINK` ); } symlink(targetPath, linkPath, cb) { if (this.server) throw new Error('Client-only method called in server mode'); /* uint32 id string linkpath string targetpath */ const linkLen = Buffer.byteLength(linkPath); const targetLen = Buffer.byteLength(targetPath); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + linkLen + 4 + targetLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.SYMLINK; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); if (this._isOpenSSH) { // OpenSSH has linkpath and targetpath positions switched writeUInt32BE(buf, targetLen, p); buf.utf8Write(targetPath, p += 4, targetLen); writeUInt32BE(buf, linkLen, p += targetLen); buf.utf8Write(linkPath, p += 4, linkLen); } else { writeUInt32BE(buf, linkLen, p); buf.utf8Write(linkPath, p += 4, linkLen); writeUInt32BE(buf, targetLen, p += linkLen); buf.utf8Write(targetPath, p += 4, targetLen); } this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} SYMLINK` ); } realpath(path, cb) { if (this.server) throw new Error('Client-only method called in server mode'); /* uint32 id string path */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + pathLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.REALPATH; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, pathLen, p); buf.utf8Write(path, p += 4, pathLen); this._requests[reqid] = { cb: (err, names) => { if (typeof cb !== 'function') return; if (err) return cb(err); if (!names || !names.length) return cb(new Error('Response missing path info')); cb(undefined, names[0].filename); } }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} REALPATH` ); } // extended requests ext_openssh_rename(oldPath, newPath, cb) { if (this.server) throw new Error('Client-only method called in server mode'); const ext = this._extensions['posix-rename@openssh.com']; if (!ext || ext !== '1') throw new Error('Server does not support this extended request'); /* uint32 id string "posix-rename@openssh.com" string oldpath string newpath */ const oldLen = Buffer.byteLength(oldPath); const newLen = Buffer.byteLength(newPath); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 24 + 4 + oldLen + 4 + newLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.EXTENDED; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, 24, p); buf.utf8Write('posix-rename@openssh.com', p += 4, 24); writeUInt32BE(buf, oldLen, p += 24); buf.utf8Write(oldPath, p += 4, oldLen); writeUInt32BE(buf, newLen, p += oldLen); buf.utf8Write(newPath, p += 4, newLen); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); if (this._debug) { const which = (isBuffered ? 'Buffered' : 'Sending'); this._debug(`SFTP: Outbound: ${which} posix-rename@openssh.com`); } } ext_openssh_statvfs(path, cb) { if (this.server) throw new Error('Client-only method called in server mode'); const ext = this._extensions['statvfs@openssh.com']; if (!ext || ext !== '2') throw new Error('Server does not support this extended request'); /* uint32 id string "statvfs@openssh.com" string path */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 19 + 4 + pathLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.EXTENDED; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, 19, p); buf.utf8Write('statvfs@openssh.com', p += 4, 19); writeUInt32BE(buf, pathLen, p += 19); buf.utf8Write(path, p += 4, pathLen); this._requests[reqid] = { extended: 'statvfs@openssh.com', cb }; const isBuffered = sendOrBuffer(this, buf); if (this._debug) { const which = (isBuffered ? 'Buffered' : 'Sending'); this._debug(`SFTP: Outbound: ${which} statvfs@openssh.com`); } } ext_openssh_fstatvfs(handle, cb) { if (this.server) throw new Error('Client-only method called in server mode'); const ext = this._extensions['fstatvfs@openssh.com']; if (!ext || ext !== '2') throw new Error('Server does not support this extended request'); if (!Buffer.isBuffer(handle)) throw new Error('handle is not a Buffer'); /* uint32 id string "fstatvfs@openssh.com" string handle */ const handleLen = handle.length; let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 20 + 4 + handleLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.EXTENDED; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, 20, p); buf.utf8Write('fstatvfs@openssh.com', p += 4, 20); writeUInt32BE(buf, handleLen, p += 20); buf.set(handle, p += 4); this._requests[reqid] = { extended: 'fstatvfs@openssh.com', cb }; const isBuffered = sendOrBuffer(this, buf); if (this._debug) { const which = (isBuffered ? 'Buffered' : 'Sending'); this._debug(`SFTP: Outbound: ${which} fstatvfs@openssh.com`); } } ext_openssh_hardlink(oldPath, newPath, cb) { if (this.server) throw new Error('Client-only method called in server mode'); const ext = this._extensions['hardlink@openssh.com']; if (ext !== '1') throw new Error('Server does not support this extended request'); /* uint32 id string "hardlink@openssh.com" string oldpath string newpath */ const oldLen = Buffer.byteLength(oldPath); const newLen = Buffer.byteLength(newPath); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 20 + 4 + oldLen + 4 + newLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.EXTENDED; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, 20, p); buf.utf8Write('hardlink@openssh.com', p += 4, 20); writeUInt32BE(buf, oldLen, p += 20); buf.utf8Write(oldPath, p += 4, oldLen); writeUInt32BE(buf, newLen, p += oldLen); buf.utf8Write(newPath, p += 4, newLen); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); if (this._debug) { const which = (isBuffered ? 'Buffered' : 'Sending'); this._debug(`SFTP: Outbound: ${which} hardlink@openssh.com`); } } ext_openssh_fsync(handle, cb) { if (this.server) throw new Error('Client-only method called in server mode'); const ext = this._extensions['fsync@openssh.com']; if (ext !== '1') throw new Error('Server does not support this extended request'); if (!Buffer.isBuffer(handle)) throw new Error('handle is not a Buffer'); /* uint32 id string "fsync@openssh.com" string handle */ const handleLen = handle.length; let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 17 + 4 + handleLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.EXTENDED; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, 17, p); buf.utf8Write('fsync@openssh.com', p += 4, 17); writeUInt32BE(buf, handleLen, p += 17); buf.set(handle, p += 4); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} fsync@openssh.com` ); } ext_openssh_lsetstat(path, attrs, cb) { if (this.server) throw new Error('Client-only method called in server mode'); const ext = this._extensions['lsetstat@openssh.com']; if (ext !== '1') throw new Error('Server does not support this extended request'); let flags = 0; let attrsLen = 0; if (typeof attrs === 'object' && attrs !== null) { attrs = attrsToBytes(attrs); flags = attrs.flags; attrsLen = attrs.nb; } else if (typeof attrs === 'function') { cb = attrs; } /* uint32 id string "lsetstat@openssh.com" string path ATTRS attrs */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 20 + 4 + pathLen + 4 + attrsLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.EXTENDED; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, 20, p); buf.utf8Write('lsetstat@openssh.com', p += 4, 20); writeUInt32BE(buf, pathLen, p += 20); buf.utf8Write(path, p += 4, pathLen); writeUInt32BE(buf, flags, p += pathLen); if (attrsLen) { p += 4; if (attrsLen === ATTRS_BUF.length) buf.set(ATTRS_BUF, p); else bufferCopy(ATTRS_BUF, buf, 0, attrsLen, p); p += attrsLen; } this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); if (this._debug) { const status = (isBuffered ? 'Buffered' : 'Sending'); this._debug(`SFTP: Outbound: ${status} lsetstat@openssh.com`); } } ext_openssh_expandPath(path, cb) { if (this.server) throw new Error('Client-only method called in server mode'); const ext = this._extensions['expand-path@openssh.com']; if (ext !== '1') throw new Error('Server does not support this extended request'); /* uint32 id string "expand-path@openssh.com" string path */ const pathLen = Buffer.byteLength(path); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 23 + 4 + pathLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.EXTENDED; const reqid = this._writeReqid = (this._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, 23, p); buf.utf8Write('expand-path@openssh.com', p += 4, 23); writeUInt32BE(buf, pathLen, p += 20); buf.utf8Write(path, p += 4, pathLen); this._requests[reqid] = { cb }; const isBuffered = sendOrBuffer(this, buf); if (this._debug) { const status = (isBuffered ? 'Buffered' : 'Sending'); this._debug(`SFTP: Outbound: ${status} expand-path@openssh.com`); } } // =========================================================================== // Server-specific =========================================================== // =========================================================================== handle(reqid, handle) { if (!this.server) throw new Error('Server-only method called in client mode'); if (!Buffer.isBuffer(handle)) throw new Error('handle is not a Buffer'); const handleLen = handle.length; if (handleLen > 256) throw new Error('handle too large (> 256 bytes)'); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + handleLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = RESPONSE.HANDLE; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, handleLen, p); if (handleLen) buf.set(handle, p += 4); const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} HANDLE` ); } status(reqid, code, message) { if (!this.server) throw new Error('Server-only method called in client mode'); if (!VALID_STATUS_CODES.has(code)) throw new Error(`Bad status code: ${code}`); message || (message = ''); const msgLen = Buffer.byteLength(message); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 4 + msgLen + 4); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = RESPONSE.STATUS; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, code, p); writeUInt32BE(buf, msgLen, p += 4); p += 4; if (msgLen) { buf.utf8Write(message, p, msgLen); p += msgLen; } writeUInt32BE(buf, 0, p); // Empty language tag const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} STATUS` ); } data(reqid, data, encoding) { if (!this.server) throw new Error('Server-only method called in client mode'); const isBuffer = Buffer.isBuffer(data); if (!isBuffer && typeof data !== 'string') throw new Error('data is not a Buffer or string'); let isUTF8; if (!isBuffer && !encoding) { encoding = undefined; isUTF8 = true; } const dataLen = ( isBuffer ? data.length : Buffer.byteLength(data, encoding) ); let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + dataLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = RESPONSE.DATA; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, dataLen, p); if (dataLen) { if (isBuffer) buf.set(data, p += 4); else if (isUTF8) buf.utf8Write(data, p += 4, dataLen); else buf.write(data, p += 4, dataLen, encoding); } const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} DATA` ); } name(reqid, names) { if (!this.server) throw new Error('Server-only method called in client mode'); if (!Array.isArray(names)) { if (typeof names !== 'object' || names === null) throw new Error('names is not an object or array'); names = [ names ]; } const count = names.length; let namesLen = 0; let nameAttrs; const attrs = []; for (let i = 0; i < count; ++i) { const name = names[i]; const filename = ( !name || !name.filename || typeof name.filename !== 'string' ? '' : name.filename ); namesLen += 4 + Buffer.byteLength(filename); const longname = ( !name || !name.longname || typeof name.longname !== 'string' ? '' : name.longname ); namesLen += 4 + Buffer.byteLength(longname); if (typeof name.attrs === 'object' && name.attrs !== null) { nameAttrs = attrsToBytes(name.attrs); namesLen += 4 + nameAttrs.nb; if (nameAttrs.nb) { let bytes; if (nameAttrs.nb === ATTRS_BUF.length) { bytes = new Uint8Array(ATTRS_BUF); } else { bytes = new Uint8Array(nameAttrs.nb); bufferCopy(ATTRS_BUF, bytes, 0, nameAttrs.nb, 0); } nameAttrs.bytes = bytes; } attrs.push(nameAttrs); } else { namesLen += 4; attrs.push(null); } } let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + namesLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = RESPONSE.NAME; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, count, p); p += 4; for (let i = 0; i < count; ++i) { const name = names[i]; { const filename = ( !name || !name.filename || typeof name.filename !== 'string' ? '' : name.filename ); const len = Buffer.byteLength(filename); writeUInt32BE(buf, len, p); p += 4; if (len) { buf.utf8Write(filename, p, len); p += len; } } { const longname = ( !name || !name.longname || typeof name.longname !== 'string' ? '' : name.longname ); const len = Buffer.byteLength(longname); writeUInt32BE(buf, len, p); p += 4; if (len) { buf.utf8Write(longname, p, len); p += len; } } const attr = attrs[i]; if (attr) { writeUInt32BE(buf, attr.flags, p); p += 4; if (attr.flags && attr.bytes) { buf.set(attr.bytes, p); p += attr.nb; } } else { writeUInt32BE(buf, 0, p); p += 4; } } const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} NAME` ); } attrs(reqid, attrs) { if (!this.server) throw new Error('Server-only method called in client mode'); if (typeof attrs !== 'object' || attrs === null) throw new Error('attrs is not an object'); attrs = attrsToBytes(attrs); const flags = attrs.flags; const attrsLen = attrs.nb; let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + attrsLen); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = RESPONSE.ATTRS; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, flags, p); if (attrsLen) { p += 4; if (attrsLen === ATTRS_BUF.length) buf.set(ATTRS_BUF, p); else bufferCopy(ATTRS_BUF, buf, 0, attrsLen, p); p += attrsLen; } const isBuffered = sendOrBuffer(this, buf); this._debug && this._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} ATTRS` ); } } function tryCreateBuffer(size) { try { return Buffer.allocUnsafe(size); } catch (ex) { return ex; } } function read_(self, handle, buf, off, len, position, cb, req_) { const maxDataLen = self._maxReadLen; const overflow = Math.max(len - maxDataLen, 0); if (overflow) len = maxDataLen; /* uint32 id string handle uint64 offset uint32 len */ const handleLen = handle.length; let p = 9; let pos = position; const out = Buffer.allocUnsafe(4 + 1 + 4 + 4 + handleLen + 8 + 4); writeUInt32BE(out, out.length - 4, 0); out[4] = REQUEST.READ; const reqid = self._writeReqid = (self._writeReqid + 1) & MAX_REQID; writeUInt32BE(out, reqid, 5); writeUInt32BE(out, handleLen, p); out.set(handle, p += 4); p += handleLen; for (let i = 7; i >= 0; --i) { out[p + i] = pos & 0xFF; pos /= 256; } writeUInt32BE(out, len, p += 8); if (typeof cb !== 'function') cb = noop; const req = (req_ || { nb: 0, position, off, origOff: off, len: undefined, overflow: undefined, cb: (err, data, nb) => { const len = req.len; const overflow = req.overflow; if (err) { if (cb._wantEOFError || err.code !== STATUS_CODE.EOF) return cb(err); } else if (nb > len) { return cb(new Error('Received more data than requested')); } else if (nb === len && overflow) { req.nb += nb; req.position += nb; req.off += nb; read_(self, handle, buf, req.off, overflow, req.position, cb, req); return; } if (req.origOff === 0 && buf.length === req.nb) data = buf; else data = bufferSlice(buf, req.origOff, req.origOff + req.nb); cb(undefined, req.nb + (nb || 0), data, req.position); }, buffer: undefined, }); req.len = len; req.overflow = overflow; // TODO: avoid creating multiple buffer slices when we need to re-call read_() // because of overflow req.buffer = bufferSlice(buf, off, off + len); self._requests[reqid] = req; const isBuffered = sendOrBuffer(self, out); self._debug && self._debug( `SFTP: Outbound: ${isBuffered ? 'Buffered' : 'Sending'} READ` ); } function fastXfer(src, dst, srcPath, dstPath, opts, cb) { let concurrency = 64; let chunkSize = 32768; let onstep; let mode; let fileSize; if (typeof opts === 'function') { cb = opts; } else if (typeof opts === 'object' && opts !== null) { if (typeof opts.concurrency === 'number' && opts.concurrency > 0 && !isNaN(opts.concurrency)) { concurrency = opts.concurrency; } if (typeof opts.chunkSize === 'number' && opts.chunkSize > 0 && !isNaN(opts.chunkSize)) { chunkSize = opts.chunkSize; } if (typeof opts.fileSize === 'number' && opts.fileSize > 0 && !isNaN(opts.fileSize)) { fileSize = opts.fileSize; } if (typeof opts.step === 'function') onstep = opts.step; if (typeof opts.mode === 'string' || typeof opts.mode === 'number') mode = modeNum(opts.mode); } // Internal state variables let fsize; let pdst = 0; let total = 0; let hadError = false; let srcHandle; let dstHandle; let readbuf; let bufsize = chunkSize * concurrency; function onerror(err) { if (hadError) return; hadError = true; let left = 0; let cbfinal; if (srcHandle || dstHandle) { cbfinal = () => { if (--left === 0) cb(err); }; if (srcHandle && (src === fs || src.outgoing.state === 'open')) ++left; if (dstHandle && (dst === fs || dst.outgoing.state === 'open')) ++left; if (srcHandle && (src === fs || src.outgoing.state === 'open')) src.close(srcHandle, cbfinal); if (dstHandle && (dst === fs || dst.outgoing.state === 'open')) dst.close(dstHandle, cbfinal); } else { cb(err); } } src.open(srcPath, 'r', (err, sourceHandle) => { if (err) return onerror(err); srcHandle = sourceHandle; if (fileSize === undefined) src.fstat(srcHandle, tryStat); else tryStat(null, { size: fileSize }); function tryStat(err, attrs) { if (err) { if (src !== fs) { // Try stat() for sftp servers that may not support fstat() for // whatever reason src.stat(srcPath, (err_, attrs_) => { if (err_) return onerror(err); tryStat(null, attrs_); }); return; } return onerror(err); } fsize = attrs.size; dst.open(dstPath, 'w', (err, destHandle) => { if (err) return onerror(err); dstHandle = destHandle; if (fsize <= 0) return onerror(); // Use less memory where possible while (bufsize > fsize) { if (concurrency === 1) { bufsize = fsize; break; } bufsize -= chunkSize; --concurrency; } readbuf = tryCreateBuffer(bufsize); if (readbuf instanceof Error) return onerror(readbuf); if (mode !== undefined) { dst.fchmod(dstHandle, mode, function tryAgain(err) { if (err) { // Try chmod() for sftp servers that may not support fchmod() // for whatever reason dst.chmod(dstPath, mode, (err_) => tryAgain()); return; } startReads(); }); } else { startReads(); } function onread(err, nb, data, dstpos, datapos, origChunkLen) { if (err) return onerror(err); datapos = datapos || 0; dst.write(dstHandle, readbuf, datapos, nb, dstpos, writeCb); function writeCb(err) { if (err) return onerror(err); total += nb; onstep && onstep(total, nb, fsize); if (nb < origChunkLen) return singleRead(datapos, dstpos + nb, origChunkLen - nb); if (total === fsize) { dst.close(dstHandle, (err) => { dstHandle = undefined; if (err) return onerror(err); src.close(srcHandle, (err) => { srcHandle = undefined; if (err) return onerror(err); cb(); }); }); return; } if (pdst >= fsize) return; const chunk = (pdst + chunkSize > fsize ? fsize - pdst : chunkSize); singleRead(datapos, pdst, chunk); pdst += chunk; } } function makeCb(psrc, pdst, chunk) { return (err, nb, data) => { onread(err, nb, data, pdst, psrc, chunk); }; } function singleRead(psrc, pdst, chunk) { src.read(srcHandle, readbuf, psrc, chunk, pdst, makeCb(psrc, pdst, chunk)); } function startReads() { let reads = 0; let psrc = 0; while (pdst < fsize && reads < concurrency) { const chunk = (pdst + chunkSize > fsize ? fsize - pdst : chunkSize); singleRead(psrc, pdst, chunk); psrc += chunk; pdst += chunk; ++reads; } } }); } }); } function writeAll(sftp, handle, buffer, offset, length, position, callback_) { const callback = (typeof callback_ === 'function' ? callback_ : undefined); sftp.write(handle, buffer, offset, length, position, (writeErr, written) => { if (writeErr) { return sftp.close(handle, () => { callback && callback(writeErr); }); } if (written === length) { sftp.close(handle, callback); } else { offset += written; length -= written; position += written; writeAll(sftp, handle, buffer, offset, length, position, callback); } }); } class Stats { constructor(initial) { this.mode = (initial && initial.mode); this.uid = (initial && initial.uid); this.gid = (initial && initial.gid); this.size = (initial && initial.size); this.atime = (initial && initial.atime); this.mtime = (initial && initial.mtime); this.extended = (initial && initial.extended); } isDirectory() { return ((this.mode & constants.S_IFMT) === constants.S_IFDIR); } isFile() { return ((this.mode & constants.S_IFMT) === constants.S_IFREG); } isBlockDevice() { return ((this.mode & constants.S_IFMT) === constants.S_IFBLK); } isCharacterDevice() { return ((this.mode & constants.S_IFMT) === constants.S_IFCHR); } isSymbolicLink() { return ((this.mode & constants.S_IFMT) === constants.S_IFLNK); } isFIFO() { return ((this.mode & constants.S_IFMT) === constants.S_IFIFO); } isSocket() { return ((this.mode & constants.S_IFMT) === constants.S_IFSOCK); } } function attrsToBytes(attrs) { let flags = 0; let nb = 0; if (typeof attrs === 'object' && attrs !== null) { if (typeof attrs.size === 'number') { flags |= ATTR.SIZE; const val = attrs.size; // Big Endian ATTRS_BUF[nb++] = val / 72057594037927940; // 2**56 ATTRS_BUF[nb++] = val / 281474976710656; // 2**48 ATTRS_BUF[nb++] = val / 1099511627776; // 2**40 ATTRS_BUF[nb++] = val / 4294967296; // 2**32 ATTRS_BUF[nb++] = val / 16777216; // 2**24 ATTRS_BUF[nb++] = val / 65536; // 2**16 ATTRS_BUF[nb++] = val / 256; // 2**8 ATTRS_BUF[nb++] = val; } if (typeof attrs.uid === 'number' && typeof attrs.gid === 'number') { flags |= ATTR.UIDGID; const uid = attrs.uid; const gid = attrs.gid; // Big Endian ATTRS_BUF[nb++] = uid >>> 24; ATTRS_BUF[nb++] = uid >>> 16; ATTRS_BUF[nb++] = uid >>> 8; ATTRS_BUF[nb++] = uid; ATTRS_BUF[nb++] = gid >>> 24; ATTRS_BUF[nb++] = gid >>> 16; ATTRS_BUF[nb++] = gid >>> 8; ATTRS_BUF[nb++] = gid; } if (typeof attrs.mode === 'number' || typeof attrs.mode === 'string') { const mode = modeNum(attrs.mode); flags |= ATTR.PERMISSIONS; // Big Endian ATTRS_BUF[nb++] = mode >>> 24; ATTRS_BUF[nb++] = mode >>> 16; ATTRS_BUF[nb++] = mode >>> 8; ATTRS_BUF[nb++] = mode; } if ((typeof attrs.atime === 'number' || isDate(attrs.atime)) && (typeof attrs.mtime === 'number' || isDate(attrs.mtime))) { const atime = toUnixTimestamp(attrs.atime); const mtime = toUnixTimestamp(attrs.mtime); flags |= ATTR.ACMODTIME; // Big Endian ATTRS_BUF[nb++] = atime >>> 24; ATTRS_BUF[nb++] = atime >>> 16; ATTRS_BUF[nb++] = atime >>> 8; ATTRS_BUF[nb++] = atime; ATTRS_BUF[nb++] = mtime >>> 24; ATTRS_BUF[nb++] = mtime >>> 16; ATTRS_BUF[nb++] = mtime >>> 8; ATTRS_BUF[nb++] = mtime; } // TODO: extended attributes } return { flags, nb }; } function toUnixTimestamp(time) { // eslint-disable-next-line no-self-compare if (typeof time === 'number' && time === time) // Valid, non-NaN number return time; if (isDate(time)) return parseInt(time.getTime() / 1000, 10); throw new Error(`Cannot parse time: ${time}`); } function modeNum(mode) { // eslint-disable-next-line no-self-compare if (typeof mode === 'number' && mode === mode) // Valid, non-NaN number return mode; if (typeof mode === 'string') return modeNum(parseInt(mode, 8)); throw new Error(`Cannot parse mode: ${mode}`); } const stringFlagMap = { 'r': OPEN_MODE.READ, 'r+': OPEN_MODE.READ | OPEN_MODE.WRITE, 'w': OPEN_MODE.TRUNC | OPEN_MODE.CREAT | OPEN_MODE.WRITE, 'wx': OPEN_MODE.TRUNC | OPEN_MODE.CREAT | OPEN_MODE.WRITE | OPEN_MODE.EXCL, 'xw': OPEN_MODE.TRUNC | OPEN_MODE.CREAT | OPEN_MODE.WRITE | OPEN_MODE.EXCL, 'w+': OPEN_MODE.TRUNC | OPEN_MODE.CREAT | OPEN_MODE.READ | OPEN_MODE.WRITE, 'wx+': OPEN_MODE.TRUNC | OPEN_MODE.CREAT | OPEN_MODE.READ | OPEN_MODE.WRITE | OPEN_MODE.EXCL, 'xw+': OPEN_MODE.TRUNC | OPEN_MODE.CREAT | OPEN_MODE.READ | OPEN_MODE.WRITE | OPEN_MODE.EXCL, 'a': OPEN_MODE.APPEND | OPEN_MODE.CREAT | OPEN_MODE.WRITE, 'ax': OPEN_MODE.APPEND | OPEN_MODE.CREAT | OPEN_MODE.WRITE | OPEN_MODE.EXCL, 'xa': OPEN_MODE.APPEND | OPEN_MODE.CREAT | OPEN_MODE.WRITE | OPEN_MODE.EXCL, 'a+': OPEN_MODE.APPEND | OPEN_MODE.CREAT | OPEN_MODE.READ | OPEN_MODE.WRITE, 'ax+': OPEN_MODE.APPEND | OPEN_MODE.CREAT | OPEN_MODE.READ | OPEN_MODE.WRITE | OPEN_MODE.EXCL, 'xa+': OPEN_MODE.APPEND | OPEN_MODE.CREAT | OPEN_MODE.READ | OPEN_MODE.WRITE | OPEN_MODE.EXCL }; function stringToFlags(str) { const flags = stringFlagMap[str]; return (flags !== undefined ? flags : null); } const flagsToString = (() => { const stringFlagMapKeys = Object.keys(stringFlagMap); return (flags) => { for (let i = 0; i < stringFlagMapKeys.length; ++i) { const key = stringFlagMapKeys[i]; if (stringFlagMap[key] === flags) return key; } return null; }; })(); function readAttrs(biOpt) { /* uint32 flags uint64 size present only if flag SSH_FILEXFER_ATTR_SIZE uint32 uid present only if flag SSH_FILEXFER_ATTR_UIDGID uint32 gid present only if flag SSH_FILEXFER_ATTR_UIDGID uint32 permissions present only if flag SSH_FILEXFER_ATTR_PERMISSIONS uint32 atime present only if flag SSH_FILEXFER_ACMODTIME uint32 mtime present only if flag SSH_FILEXFER_ACMODTIME uint32 extended_count present only if flag SSH_FILEXFER_ATTR_EXTENDED string extended_type string extended_data ... more extended data (extended_type - extended_data pairs), so that number of pairs equals extended_count */ const flags = bufferParser.readUInt32BE(); if (flags === undefined) return; const attrs = new Stats(); if (flags & ATTR.SIZE) { const size = bufferParser.readUInt64BE(biOpt); if (size === undefined) return; attrs.size = size; } if (flags & ATTR.UIDGID) { const uid = bufferParser.readUInt32BE(); const gid = bufferParser.readUInt32BE(); if (gid === undefined) return; attrs.uid = uid; attrs.gid = gid; } if (flags & ATTR.PERMISSIONS) { const mode = bufferParser.readUInt32BE(); if (mode === undefined) return; attrs.mode = mode; } if (flags & ATTR.ACMODTIME) { const atime = bufferParser.readUInt32BE(); const mtime = bufferParser.readUInt32BE(); if (mtime === undefined) return; attrs.atime = atime; attrs.mtime = mtime; } if (flags & ATTR.EXTENDED) { const count = bufferParser.readUInt32BE(); if (count === undefined) return; const extended = {}; for (let i = 0; i < count; ++i) { const type = bufferParser.readString(true); const data = bufferParser.readString(); if (data === undefined) return; extended[type] = data; } attrs.extended = extended; } return attrs; } function sendOrBuffer(sftp, payload) { const ret = tryWritePayload(sftp, payload); if (ret !== undefined) { sftp._buffer.push(ret); return false; } return true; } function tryWritePayload(sftp, payload) { const outgoing = sftp.outgoing; if (outgoing.state !== 'open') return; if (outgoing.window === 0) { sftp._waitWindow = true; // XXX: Unnecessary? return payload; } let ret; const len = payload.length; let p = 0; while (len - p > 0 && outgoing.window > 0) { const actualLen = Math.min(len - p, outgoing.window, outgoing.packetSize); outgoing.window -= actualLen; if (outgoing.window === 0) { sftp._waitWindow = true; sftp._chunkcb = drainBuffer; } if (p === 0 && actualLen === len) { sftp._protocol.channelData(sftp.outgoing.id, payload); } else { sftp._protocol.channelData(sftp.outgoing.id, bufferSlice(payload, p, p + actualLen)); } p += actualLen; } if (len - p > 0) { if (p > 0) ret = bufferSlice(payload, p, len); else ret = payload; // XXX: should never get here? } return ret; } function drainBuffer() { this._chunkcb = undefined; const buffer = this._buffer; let i = 0; while (i < buffer.length) { const payload = buffer[i]; const ret = tryWritePayload(this, payload); if (ret !== undefined) { if (ret !== payload) buffer[i] = ret; if (i > 0) this._buffer = buffer.slice(i); return; } ++i; } if (i > 0) this._buffer = []; } function doFatalSFTPError(sftp, msg, noDebug) { const err = new Error(msg); err.level = 'sftp-protocol'; if (!noDebug && sftp._debug) sftp._debug(`SFTP: Inbound: ${msg}`); sftp.emit('error', err); sftp.destroy(); cleanupRequests(sftp); return false; } function cleanupRequests(sftp) { const keys = Object.keys(sftp._requests); if (keys.length === 0) return; const reqs = sftp._requests; sftp._requests = {}; const err = new Error('No response from server'); for (let i = 0; i < keys.length; ++i) { const req = reqs[keys[i]]; if (typeof req.cb === 'function') req.cb(err); } } function requestLimits(sftp, cb) { /* uint32 id string "limits@openssh.com" */ let p = 9; const buf = Buffer.allocUnsafe(4 + 1 + 4 + 4 + 18); writeUInt32BE(buf, buf.length - 4, 0); buf[4] = REQUEST.EXTENDED; const reqid = sftp._writeReqid = (sftp._writeReqid + 1) & MAX_REQID; writeUInt32BE(buf, reqid, 5); writeUInt32BE(buf, 18, p); buf.utf8Write('limits@openssh.com', p += 4, 18); sftp._requests[reqid] = { extended: 'limits@openssh.com', cb }; const isBuffered = sendOrBuffer(sftp, buf); if (sftp._debug) { const which = (isBuffered ? 'Buffered' : 'Sending'); sftp._debug(`SFTP: Outbound: ${which} limits@openssh.com`); } } const CLIENT_HANDLERS = { [RESPONSE.VERSION]: (sftp, payload) => { if (sftp._version !== -1) return doFatalSFTPError(sftp, 'Duplicate VERSION packet'); const extensions = {}; /* uint32 version */ bufferParser.init(payload, 1); let version = bufferParser.readUInt32BE(); while (bufferParser.avail()) { const extName = bufferParser.readString(true); const extData = bufferParser.readString(true); if (extData === undefined) { version = undefined; break; } extensions[extName] = extData; } bufferParser.clear(); if (version === undefined) return doFatalSFTPError(sftp, 'Malformed VERSION packet'); if (sftp._debug) { const names = Object.keys(extensions); if (names.length) { sftp._debug( `SFTP: Inbound: Received VERSION (v${version}, exts:${names})` ); } else { sftp._debug(`SFTP: Inbound: Received VERSION (v${version})`); } } sftp._version = version; sftp._extensions = extensions; if (extensions['limits@openssh.com'] === '1') { return requestLimits(sftp, (err, limits) => { if (!err) { if (limits.maxPktLen > 0) sftp._maxOutPktLen = limits.maxPktLen; if (limits.maxReadLen > 0) sftp._maxReadLen = limits.maxReadLen; if (limits.maxWriteLen > 0) sftp._maxWriteLen = limits.maxWriteLen; sftp.maxOpenHandles = ( limits.maxOpenHandles > 0 ? limits.maxOpenHandles : Infinity ); } sftp.emit('ready'); }); } sftp.emit('ready'); }, [RESPONSE.STATUS]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* uint32 error/status code string error message (ISO-10646 UTF-8) string language tag */ const errorCode = bufferParser.readUInt32BE(); const errorMsg = bufferParser.readString(true); bufferParser.clear(); // Note: we avoid checking that the error message and language tag are in // the packet because there are some broken implementations that incorrectly // omit them. The language tag in general was never really used amongst ssh // implementations, so in the case of a missing error message we just // default to something sensible. if (sftp._debug) { const jsonMsg = JSON.stringify(errorMsg); sftp._debug( `SFTP: Inbound: Received STATUS (id:${reqID}, ${errorCode}, ${jsonMsg})` ); } const req = sftp._requests[reqID]; delete sftp._requests[reqID]; if (req && typeof req.cb === 'function') { if (errorCode === STATUS_CODE.OK) { req.cb(); return; } const err = new Error(errorMsg || STATUS_CODE_STR[errorCode] || 'Unknown status'); err.code = errorCode; req.cb(err); } }, [RESPONSE.HANDLE]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string handle */ const handle = bufferParser.readString(); bufferParser.clear(); if (handle === undefined) { if (reqID !== undefined) delete sftp._requests[reqID]; return doFatalSFTPError(sftp, 'Malformed HANDLE packet'); } sftp._debug && sftp._debug(`SFTP: Inbound: Received HANDLE (id:${reqID})`); const req = sftp._requests[reqID]; delete sftp._requests[reqID]; if (req && typeof req.cb === 'function') req.cb(undefined, handle); }, [RESPONSE.DATA]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); let req; if (reqID !== undefined) { req = sftp._requests[reqID]; delete sftp._requests[reqID]; } /* string data */ if (req && typeof req.cb === 'function') { if (req.buffer) { // We have already pre-allocated space to store the data const nb = bufferParser.readString(req.buffer); bufferParser.clear(); if (nb !== undefined) { sftp._debug && sftp._debug( `SFTP: Inbound: Received DATA (id:${reqID}, ${nb})` ); req.cb(undefined, req.buffer, nb); return; } } else { const data = bufferParser.readString(); bufferParser.clear(); if (data !== undefined) { sftp._debug && sftp._debug( `SFTP: Inbound: Received DATA (id:${reqID}, ${data.length})` ); req.cb(undefined, data); return; } } } else { const nb = bufferParser.skipString(); bufferParser.clear(); if (nb !== undefined) { sftp._debug && sftp._debug( `SFTP: Inbound: Received DATA (id:${reqID}, ${nb})` ); return; } } return doFatalSFTPError(sftp, 'Malformed DATA packet'); }, [RESPONSE.NAME]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); let req; if (reqID !== undefined) { req = sftp._requests[reqID]; delete sftp._requests[reqID]; } /* uint32 count repeats count times: string filename string longname ATTRS attrs */ const count = bufferParser.readUInt32BE(); if (count !== undefined) { let names = []; for (let i = 0; i < count; ++i) { // We are going to assume UTF-8 for filenames despite the SFTPv3 // spec not specifying an encoding because the specs for newer // versions of the protocol all explicitly specify UTF-8 for // filenames const filename = bufferParser.readString(true); // `longname` only exists in SFTPv3 and since it typically will // contain the filename, we assume it is also UTF-8 const longname = bufferParser.readString(true); const attrs = readAttrs(sftp._biOpt); if (attrs === undefined) { names = undefined; break; } names.push({ filename, longname, attrs }); } if (names !== undefined) { sftp._debug && sftp._debug( `SFTP: Inbound: Received NAME (id:${reqID}, ${names.length})` ); bufferParser.clear(); if (req && typeof req.cb === 'function') req.cb(undefined, names); return; } } bufferParser.clear(); return doFatalSFTPError(sftp, 'Malformed NAME packet'); }, [RESPONSE.ATTRS]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); let req; if (reqID !== undefined) { req = sftp._requests[reqID]; delete sftp._requests[reqID]; } /* ATTRS attrs */ const attrs = readAttrs(sftp._biOpt); bufferParser.clear(); if (attrs !== undefined) { sftp._debug && sftp._debug(`SFTP: Inbound: Received ATTRS (id:${reqID})`); if (req && typeof req.cb === 'function') req.cb(undefined, attrs); return; } return doFatalSFTPError(sftp, 'Malformed ATTRS packet'); }, [RESPONSE.EXTENDED]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); if (reqID !== undefined) { const req = sftp._requests[reqID]; if (req) { delete sftp._requests[reqID]; switch (req.extended) { case 'statvfs@openssh.com': case 'fstatvfs@openssh.com': { /* uint64 f_bsize // file system block size uint64 f_frsize // fundamental fs block size uint64 f_blocks // number of blocks (unit f_frsize) uint64 f_bfree // free blocks in file system uint64 f_bavail // free blocks for non-root uint64 f_files // total file inodes uint64 f_ffree // free file inodes uint64 f_favail // free file inodes for to non-root uint64 f_fsid // file system id uint64 f_flag // bit mask of f_flag values uint64 f_namemax // maximum filename length */ const biOpt = sftp._biOpt; const stats = { f_bsize: bufferParser.readUInt64BE(biOpt), f_frsize: bufferParser.readUInt64BE(biOpt), f_blocks: bufferParser.readUInt64BE(biOpt), f_bfree: bufferParser.readUInt64BE(biOpt), f_bavail: bufferParser.readUInt64BE(biOpt), f_files: bufferParser.readUInt64BE(biOpt), f_ffree: bufferParser.readUInt64BE(biOpt), f_favail: bufferParser.readUInt64BE(biOpt), f_sid: bufferParser.readUInt64BE(biOpt), f_flag: bufferParser.readUInt64BE(biOpt), f_namemax: bufferParser.readUInt64BE(biOpt), }; if (stats.f_namemax === undefined) break; if (sftp._debug) { sftp._debug( 'SFTP: Inbound: Received EXTENDED_REPLY ' + `(id:${reqID}, ${req.extended})` ); } bufferParser.clear(); if (typeof req.cb === 'function') req.cb(undefined, stats); return; } case 'limits@openssh.com': { /* uint64 max-packet-length uint64 max-read-length uint64 max-write-length uint64 max-open-handles */ const limits = { maxPktLen: bufferParser.readUInt64BE(), maxReadLen: bufferParser.readUInt64BE(), maxWriteLen: bufferParser.readUInt64BE(), maxOpenHandles: bufferParser.readUInt64BE(), }; if (limits.maxOpenHandles === undefined) break; if (sftp._debug) { sftp._debug( 'SFTP: Inbound: Received EXTENDED_REPLY ' + `(id:${reqID}, ${req.extended})` ); } bufferParser.clear(); if (typeof req.cb === 'function') req.cb(undefined, limits); return; } default: // Unknown extended request sftp._debug && sftp._debug( `SFTP: Inbound: Received EXTENDED_REPLY (id:${reqID}, ???)` ); bufferParser.clear(); if (typeof req.cb === 'function') req.cb(); return; } } else { sftp._debug && sftp._debug( `SFTP: Inbound: Received EXTENDED_REPLY (id:${reqID}, ???)` ); bufferParser.clear(); return; } } bufferParser.clear(); return doFatalSFTPError(sftp, 'Malformed EXTENDED_REPLY packet'); }, }; const SERVER_HANDLERS = { [REQUEST.INIT]: (sftp, payload) => { if (sftp._version !== -1) return doFatalSFTPError(sftp, 'Duplicate INIT packet'); const extensions = {}; /* uint32 version */ bufferParser.init(payload, 1); let version = bufferParser.readUInt32BE(); while (bufferParser.avail()) { const extName = bufferParser.readString(true); const extData = bufferParser.readString(true); if (extData === undefined) { version = undefined; break; } extensions[extName] = extData; } bufferParser.clear(); if (version === undefined) return doFatalSFTPError(sftp, 'Malformed INIT packet'); if (sftp._debug) { const names = Object.keys(extensions); if (names.length) { sftp._debug( `SFTP: Inbound: Received INIT (v${version}, exts:${names})` ); } else { sftp._debug(`SFTP: Inbound: Received INIT (v${version})`); } } sendOrBuffer(sftp, SERVER_VERSION_BUFFER); sftp._version = version; sftp._extensions = extensions; sftp.emit('ready'); }, [REQUEST.OPEN]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string filename uint32 pflags ATTRS attrs */ const filename = bufferParser.readString(true); const pflags = bufferParser.readUInt32BE(); const attrs = readAttrs(sftp._biOpt); bufferParser.clear(); if (attrs === undefined) return doFatalSFTPError(sftp, 'Malformed OPEN packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received OPEN (id:${reqID})`); if (!sftp.emit('OPEN', reqID, filename, pflags, attrs)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.CLOSE]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string handle */ const handle = bufferParser.readString(); bufferParser.clear(); if (handle === undefined || handle.length > 256) return doFatalSFTPError(sftp, 'Malformed CLOSE packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received CLOSE (id:${reqID})`); if (!sftp.emit('CLOSE', reqID, handle)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.READ]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string handle uint64 offset uint32 len */ const handle = bufferParser.readString(); const offset = bufferParser.readUInt64BE(sftp._biOpt); const len = bufferParser.readUInt32BE(); bufferParser.clear(); if (len === undefined || handle.length > 256) return doFatalSFTPError(sftp, 'Malformed READ packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received READ (id:${reqID})`); if (!sftp.emit('READ', reqID, handle, offset, len)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.WRITE]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string handle uint64 offset string data */ const handle = bufferParser.readString(); const offset = bufferParser.readUInt64BE(sftp._biOpt); const data = bufferParser.readString(); bufferParser.clear(); if (data === undefined || handle.length > 256) return doFatalSFTPError(sftp, 'Malformed WRITE packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received WRITE (id:${reqID})`); if (!sftp.emit('WRITE', reqID, handle, offset, data)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.LSTAT]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string path */ const path = bufferParser.readString(true); bufferParser.clear(); if (path === undefined) return doFatalSFTPError(sftp, 'Malformed LSTAT packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received LSTAT (id:${reqID})`); if (!sftp.emit('LSTAT', reqID, path)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.FSTAT]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string handle */ const handle = bufferParser.readString(); bufferParser.clear(); if (handle === undefined || handle.length > 256) return doFatalSFTPError(sftp, 'Malformed FSTAT packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received FSTAT (id:${reqID})`); if (!sftp.emit('FSTAT', reqID, handle)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.SETSTAT]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string path ATTRS attrs */ const path = bufferParser.readString(true); const attrs = readAttrs(sftp._biOpt); bufferParser.clear(); if (attrs === undefined) return doFatalSFTPError(sftp, 'Malformed SETSTAT packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received SETSTAT (id:${reqID})`); if (!sftp.emit('SETSTAT', reqID, path, attrs)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.FSETSTAT]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string handle ATTRS attrs */ const handle = bufferParser.readString(); const attrs = readAttrs(sftp._biOpt); bufferParser.clear(); if (attrs === undefined || handle.length > 256) return doFatalSFTPError(sftp, 'Malformed FSETSTAT packet'); sftp._debug && sftp._debug( `SFTP: Inbound: Received FSETSTAT (id:${reqID})` ); if (!sftp.emit('FSETSTAT', reqID, handle, attrs)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.OPENDIR]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string path */ const path = bufferParser.readString(true); bufferParser.clear(); if (path === undefined) return doFatalSFTPError(sftp, 'Malformed OPENDIR packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received OPENDIR (id:${reqID})`); if (!sftp.emit('OPENDIR', reqID, path)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.READDIR]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string handle */ const handle = bufferParser.readString(); bufferParser.clear(); if (handle === undefined || handle.length > 256) return doFatalSFTPError(sftp, 'Malformed READDIR packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received READDIR (id:${reqID})`); if (!sftp.emit('READDIR', reqID, handle)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.REMOVE]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string path */ const path = bufferParser.readString(true); bufferParser.clear(); if (path === undefined) return doFatalSFTPError(sftp, 'Malformed REMOVE packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received REMOVE (id:${reqID})`); if (!sftp.emit('REMOVE', reqID, path)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.MKDIR]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string path ATTRS attrs */ const path = bufferParser.readString(true); const attrs = readAttrs(sftp._biOpt); bufferParser.clear(); if (attrs === undefined) return doFatalSFTPError(sftp, 'Malformed MKDIR packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received MKDIR (id:${reqID})`); if (!sftp.emit('MKDIR', reqID, path, attrs)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.RMDIR]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string path */ const path = bufferParser.readString(true); bufferParser.clear(); if (path === undefined) return doFatalSFTPError(sftp, 'Malformed RMDIR packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received RMDIR (id:${reqID})`); if (!sftp.emit('RMDIR', reqID, path)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.REALPATH]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string path */ const path = bufferParser.readString(true); bufferParser.clear(); if (path === undefined) return doFatalSFTPError(sftp, 'Malformed REALPATH packet'); sftp._debug && sftp._debug( `SFTP: Inbound: Received REALPATH (id:${reqID})` ); if (!sftp.emit('REALPATH', reqID, path)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.STAT]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string path */ const path = bufferParser.readString(true); bufferParser.clear(); if (path === undefined) return doFatalSFTPError(sftp, 'Malformed STAT packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received STAT (id:${reqID})`); if (!sftp.emit('STAT', reqID, path)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.RENAME]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string oldpath string newpath */ const oldPath = bufferParser.readString(true); const newPath = bufferParser.readString(true); bufferParser.clear(); if (newPath === undefined) return doFatalSFTPError(sftp, 'Malformed RENAME packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received RENAME (id:${reqID})`); if (!sftp.emit('RENAME', reqID, oldPath, newPath)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.READLINK]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string path */ const path = bufferParser.readString(true); bufferParser.clear(); if (path === undefined) return doFatalSFTPError(sftp, 'Malformed READLINK packet'); sftp._debug && sftp._debug( `SFTP: Inbound: Received READLINK (id:${reqID})` ); if (!sftp.emit('READLINK', reqID, path)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.SYMLINK]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string linkpath string targetpath */ const linkPath = bufferParser.readString(true); const targetPath = bufferParser.readString(true); bufferParser.clear(); if (targetPath === undefined) return doFatalSFTPError(sftp, 'Malformed SYMLINK packet'); sftp._debug && sftp._debug(`SFTP: Inbound: Received SYMLINK (id:${reqID})`); let handled; if (sftp._isOpenSSH) { // OpenSSH has linkpath and targetpath positions switched handled = sftp.emit('SYMLINK', reqID, targetPath, linkPath); } else { handled = sftp.emit('SYMLINK', reqID, linkPath, targetPath); } if (!handled) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, [REQUEST.EXTENDED]: (sftp, payload) => { bufferParser.init(payload, 1); const reqID = bufferParser.readUInt32BE(); /* string extended-request ... any request-specific data ... */ const extName = bufferParser.readString(true); if (extName === undefined) { bufferParser.clear(); return doFatalSFTPError(sftp, 'Malformed EXTENDED packet'); } let extData; if (bufferParser.avail()) extData = bufferParser.readRaw(); bufferParser.clear(); sftp._debug && sftp._debug( `SFTP: Inbound: Received EXTENDED (id:${reqID})` ); if (!sftp.emit('EXTENDED', reqID, extName, extData)) { // Automatically reject request if no handler for request type sftp.status(reqID, STATUS_CODE.OP_UNSUPPORTED); } }, }; // ============================================================================= // ReadStream/WriteStream-related ============================================== // ============================================================================= const { ERR_INVALID_ARG_TYPE, ERR_OUT_OF_RANGE, validateNumber } = __nccwpck_require__(7609); const kMinPoolSpace = 128; let pool; // It can happen that we expect to read a large chunk of data, and reserve // a large chunk of the pool accordingly, but the read() call only filled // a portion of it. If a concurrently executing read() then uses the same pool, // the "reserved" portion cannot be used, so we allow it to be re-used as a // new pool later. const poolFragments = []; function allocNewPool(poolSize) { if (poolFragments.length > 0) pool = poolFragments.pop(); else pool = Buffer.allocUnsafe(poolSize); pool.used = 0; } // Check the `this.start` and `this.end` of stream. function checkPosition(pos, name) { if (!Number.isSafeInteger(pos)) { validateNumber(pos, name); if (!Number.isInteger(pos)) throw new ERR_OUT_OF_RANGE(name, 'an integer', pos); throw new ERR_OUT_OF_RANGE(name, '>= 0 and <= 2 ** 53 - 1', pos); } if (pos < 0) throw new ERR_OUT_OF_RANGE(name, '>= 0 and <= 2 ** 53 - 1', pos); } function roundUpToMultipleOf8(n) { return (n + 7) & ~7; // Align to 8 byte boundary. } function ReadStream(sftp, path, options) { if (options === undefined) options = {}; else if (typeof options === 'string') options = { encoding: options }; else if (options === null || typeof options !== 'object') throw new TypeError('"options" argument must be a string or an object'); else options = Object.create(options); // A little bit bigger buffer and water marks by default if (options.highWaterMark === undefined) options.highWaterMark = 64 * 1024; // For backwards compat do not emit close on destroy. options.emitClose = false; options.autoDestroy = false; // Node 14 major change. ReadableStream.call(this, options); this.path = path; this.flags = options.flags === undefined ? 'r' : options.flags; this.mode = options.mode === undefined ? 0o666 : options.mode; this.start = options.start; this.end = options.end; this.autoClose = options.autoClose === undefined ? true : options.autoClose; this.pos = 0; this.bytesRead = 0; this.closed = false; this.handle = options.handle === undefined ? null : options.handle; this.sftp = sftp; this._opening = false; if (this.start !== undefined) { checkPosition(this.start, 'start'); this.pos = this.start; } if (this.end === undefined) { this.end = Infinity; } else if (this.end !== Infinity) { checkPosition(this.end, 'end'); if (this.start !== undefined && this.start > this.end) { throw new ERR_OUT_OF_RANGE( 'start', `<= "end" (here: ${this.end})`, this.start ); } } this.on('end', function() { if (this.autoClose) this.destroy(); }); if (!Buffer.isBuffer(this.handle)) this.open(); } inherits(ReadStream, ReadableStream); ReadStream.prototype.open = function() { if (this._opening) return; this._opening = true; this.sftp.open(this.path, this.flags, this.mode, (er, handle) => { this._opening = false; if (er) { this.emit('error', er); if (this.autoClose) this.destroy(); return; } this.handle = handle; this.emit('open', handle); this.emit('ready'); // Start the flow of data. this.read(); }); }; ReadStream.prototype._read = function(n) { if (!Buffer.isBuffer(this.handle)) return this.once('open', () => this._read(n)); // XXX: safe to remove this? if (this.destroyed) return; if (!pool || pool.length - pool.used < kMinPoolSpace) { // Discard the old pool. allocNewPool(this.readableHighWaterMark || this._readableState.highWaterMark); } // Grab another reference to the pool in the case that while we're // in the thread pool another read() finishes up the pool, and // allocates a new one. const thisPool = pool; let toRead = Math.min(pool.length - pool.used, n); const start = pool.used; if (this.end !== undefined) toRead = Math.min(this.end - this.pos + 1, toRead); // Already read everything we were supposed to read! // treat as EOF. if (toRead <= 0) return this.push(null); // the actual read. this.sftp.read(this.handle, pool, pool.used, toRead, this.pos, (er, bytesRead) => { if (er) { this.emit('error', er); if (this.autoClose) this.destroy(); return; } let b = null; // Now that we know how much data we have actually read, re-wind the // 'used' field if we can, and otherwise allow the remainder of our // reservation to be used as a new pool later. if (start + toRead === thisPool.used && thisPool === pool) { thisPool.used = roundUpToMultipleOf8(thisPool.used + bytesRead - toRead); } else { // Round down to the next lowest multiple of 8 to ensure the new pool // fragment start and end positions are aligned to an 8 byte boundary. const alignedEnd = (start + toRead) & ~7; const alignedStart = roundUpToMultipleOf8(start + bytesRead); if (alignedEnd - alignedStart >= kMinPoolSpace) poolFragments.push(thisPool.slice(alignedStart, alignedEnd)); } if (bytesRead > 0) { this.bytesRead += bytesRead; b = thisPool.slice(start, start + bytesRead); } // Move the pool positions, and internal position for reading. this.pos += bytesRead; this.push(b); }); pool.used = roundUpToMultipleOf8(pool.used + toRead); }; ReadStream.prototype._destroy = function(err, cb) { if (this._opening && !Buffer.isBuffer(this.handle)) { this.once('open', closeStream.bind(null, this, cb, err)); return; } closeStream(this, cb, err); this.handle = null; this._opening = false; }; function closeStream(stream, cb, err) { if (!stream.handle) return onclose(); stream.sftp.close(stream.handle, onclose); function onclose(er) { er = er || err; cb(er); stream.closed = true; if (!er) stream.emit('close'); } } ReadStream.prototype.close = function(cb) { this.destroy(null, cb); }; Object.defineProperty(ReadStream.prototype, 'pending', { get() { return this.handle === null; }, configurable: true }); // TODO: add `concurrency` setting to allow more than one in-flight WRITE // request to server to improve throughput function WriteStream(sftp, path, options) { if (options === undefined) options = {}; else if (typeof options === 'string') options = { encoding: options }; else if (options === null || typeof options !== 'object') throw new TypeError('"options" argument must be a string or an object'); else options = Object.create(options); // For backwards compat do not emit close on destroy. options.emitClose = false; options.autoDestroy = false; // Node 14 major change. WritableStream.call(this, options); this.path = path; this.flags = options.flags === undefined ? 'w' : options.flags; this.mode = options.mode === undefined ? 0o666 : options.mode; this.start = options.start; this.autoClose = options.autoClose === undefined ? true : options.autoClose; this.pos = 0; this.bytesWritten = 0; this.closed = false; this.handle = options.handle === undefined ? null : options.handle; this.sftp = sftp; this._opening = false; if (this.start !== undefined) { checkPosition(this.start, 'start'); this.pos = this.start; } if (options.encoding) this.setDefaultEncoding(options.encoding); // Node v6.x only this.on('finish', function() { if (this._writableState.finalCalled) return; if (this.autoClose) this.destroy(); }); if (!Buffer.isBuffer(this.handle)) this.open(); } inherits(WriteStream, WritableStream); WriteStream.prototype._final = function(cb) { if (this.autoClose) this.destroy(); cb(); }; WriteStream.prototype.open = function() { if (this._opening) return; this._opening = true; this.sftp.open(this.path, this.flags, this.mode, (er, handle) => { this._opening = false; if (er) { this.emit('error', er); if (this.autoClose) this.destroy(); return; } this.handle = handle; const tryAgain = (err) => { if (err) { // Try chmod() for sftp servers that may not support fchmod() for // whatever reason this.sftp.chmod(this.path, this.mode, (err_) => tryAgain()); return; } // SFTPv3 requires absolute offsets, no matter the open flag used if (this.flags[0] === 'a') { const tryStat = (err, st) => { if (err) { // Try stat() for sftp servers that may not support fstat() for // whatever reason this.sftp.stat(this.path, (err_, st_) => { if (err_) { this.destroy(); this.emit('error', err); return; } tryStat(null, st_); }); return; } this.pos = st.size; this.emit('open', handle); this.emit('ready'); }; this.sftp.fstat(handle, tryStat); return; } this.emit('open', handle); this.emit('ready'); }; this.sftp.fchmod(handle, this.mode, tryAgain); }); }; WriteStream.prototype._write = function(data, encoding, cb) { if (!Buffer.isBuffer(data)) { const err = new ERR_INVALID_ARG_TYPE('data', 'Buffer', data); return this.emit('error', err); } if (!Buffer.isBuffer(this.handle)) { return this.once('open', function() { this._write(data, encoding, cb); }); } this.sftp.write(this.handle, data, 0, data.length, this.pos, (er, bytes) => { if (er) { if (this.autoClose) this.destroy(); return cb(er); } this.bytesWritten += bytes; cb(); }); this.pos += data.length; }; WriteStream.prototype._writev = function(data, cb) { if (!Buffer.isBuffer(this.handle)) { return this.once('open', function() { this._writev(data, cb); }); } const sftp = this.sftp; const handle = this.handle; let writesLeft = data.length; const onwrite = (er, bytes) => { if (er) { this.destroy(); return cb(er); } this.bytesWritten += bytes; if (--writesLeft === 0) cb(); }; // TODO: try to combine chunks to reduce number of requests to the server? for (let i = 0; i < data.length; ++i) { const chunk = data[i].chunk; sftp.write(handle, chunk, 0, chunk.length, this.pos, onwrite); this.pos += chunk.length; } }; if (typeof WritableStream.prototype.destroy !== 'function') WriteStream.prototype.destroy = ReadStream.prototype.destroy; WriteStream.prototype._destroy = ReadStream.prototype._destroy; WriteStream.prototype.close = function(cb) { if (cb) { if (this.closed) { process.nextTick(cb); return; } this.on('close', cb); } // If we are not autoClosing, we should call // destroy on 'finish'. if (!this.autoClose) this.on('finish', this.destroy.bind(this)); this.end(); }; // There is no shutdown() for files. WriteStream.prototype.destroySoon = WriteStream.prototype.end; Object.defineProperty(WriteStream.prototype, 'pending', { get() { return this.handle === null; }, configurable: true }); // ============================================================================= module.exports = { flagsToString, OPEN_MODE, SFTP, Stats, STATUS_CODE, stringToFlags, }; /***/ }), /***/ 6832: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const crypto = __nccwpck_require__(6417); let cpuInfo; try { cpuInfo = __nccwpck_require__(4137)(); } catch {} const { bindingAvailable } = __nccwpck_require__(5708); const eddsaSupported = (() => { if (typeof crypto.sign === 'function' && typeof crypto.verify === 'function') { const key = '-----BEGIN PRIVATE KEY-----\r\nMC4CAQAwBQYDK2VwBCIEIHKj+sVa9WcD' + '/q2DJUJaf43Kptc8xYuUQA4bOFj9vC8T\r\n-----END PRIVATE KEY-----'; const data = Buffer.from('a'); let sig; let verified; try { sig = crypto.sign(null, data, key); verified = crypto.verify(null, data, key, sig); } catch {} return (Buffer.isBuffer(sig) && sig.length === 64 && verified === true); } return false; })(); const curve25519Supported = (typeof crypto.diffieHellman === 'function' && typeof crypto.generateKeyPairSync === 'function' && typeof crypto.createPublicKey === 'function'); const DEFAULT_KEX = [ // https://tools.ietf.org/html/rfc5656#section-10.1 'ecdh-sha2-nistp256', 'ecdh-sha2-nistp384', 'ecdh-sha2-nistp521', // https://tools.ietf.org/html/rfc4419#section-4 'diffie-hellman-group-exchange-sha256', // https://tools.ietf.org/html/rfc8268 'diffie-hellman-group14-sha256', 'diffie-hellman-group15-sha512', 'diffie-hellman-group16-sha512', 'diffie-hellman-group17-sha512', 'diffie-hellman-group18-sha512', ]; if (curve25519Supported) { DEFAULT_KEX.unshift('curve25519-sha256'); DEFAULT_KEX.unshift('curve25519-sha256@libssh.org'); } const SUPPORTED_KEX = DEFAULT_KEX.concat([ // https://tools.ietf.org/html/rfc4419#section-4 'diffie-hellman-group-exchange-sha1', 'diffie-hellman-group14-sha1', // REQUIRED 'diffie-hellman-group1-sha1', // REQUIRED ]); const DEFAULT_SERVER_HOST_KEY = [ 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', 'ecdsa-sha2-nistp521', 'rsa-sha2-512', // RFC 8332 'rsa-sha2-256', // RFC 8332 'ssh-rsa', ]; if (eddsaSupported) DEFAULT_SERVER_HOST_KEY.unshift('ssh-ed25519'); const SUPPORTED_SERVER_HOST_KEY = DEFAULT_SERVER_HOST_KEY.concat([ 'ssh-dss', ]); const DEFAULT_CIPHER = [ // http://tools.ietf.org/html/rfc5647 'aes128-gcm@openssh.com', 'aes256-gcm@openssh.com', // http://tools.ietf.org/html/rfc4344#section-4 'aes128-ctr', 'aes192-ctr', 'aes256-ctr', ]; if (cpuInfo && cpuInfo.flags && !cpuInfo.flags.aes) { // We know for sure the CPU does not support AES acceleration if (bindingAvailable) DEFAULT_CIPHER.unshift('chacha20-poly1305@openssh.com'); else DEFAULT_CIPHER.push('chacha20-poly1305@openssh.com'); } else if (bindingAvailable && cpuInfo && cpuInfo.arch === 'x86') { // Places chacha20-poly1305 immediately after GCM ciphers since GCM ciphers // seem to outperform it on x86, but it seems to be faster than CTR ciphers DEFAULT_CIPHER.splice(4, 0, 'chacha20-poly1305@openssh.com'); } else { DEFAULT_CIPHER.push('chacha20-poly1305@openssh.com'); } const SUPPORTED_CIPHER = DEFAULT_CIPHER.concat([ 'aes256-cbc', 'aes192-cbc', 'aes128-cbc', 'blowfish-cbc', '3des-cbc', 'aes128-gcm', 'aes256-gcm', // http://tools.ietf.org/html/rfc4345#section-4: 'arcfour256', 'arcfour128', 'cast128-cbc', 'arcfour', ]); const DEFAULT_MAC = [ 'hmac-sha2-256-etm@openssh.com', 'hmac-sha2-512-etm@openssh.com', 'hmac-sha1-etm@openssh.com', 'hmac-sha2-256', 'hmac-sha2-512', 'hmac-sha1', ]; const SUPPORTED_MAC = DEFAULT_MAC.concat([ 'hmac-md5', 'hmac-sha2-256-96', // first 96 bits of HMAC-SHA256 'hmac-sha2-512-96', // first 96 bits of HMAC-SHA512 'hmac-ripemd160', 'hmac-sha1-96', // first 96 bits of HMAC-SHA1 'hmac-md5-96', // first 96 bits of HMAC-MD5 ]); const DEFAULT_COMPRESSION = [ 'none', 'zlib@openssh.com', // ZLIB (LZ77) compression, except // compression/decompression does not start until after // successful user authentication 'zlib', // ZLIB (LZ77) compression ]; const SUPPORTED_COMPRESSION = DEFAULT_COMPRESSION.concat([ ]); const COMPAT = { BAD_DHGEX: 1 << 0, OLD_EXIT: 1 << 1, DYN_RPORT_BUG: 1 << 2, BUG_DHGEX_LARGE: 1 << 3, }; module.exports = { MESSAGE: { // Transport layer protocol -- generic (1-19) DISCONNECT: 1, IGNORE: 2, UNIMPLEMENTED: 3, DEBUG: 4, SERVICE_REQUEST: 5, SERVICE_ACCEPT: 6, // Transport layer protocol -- algorithm negotiation (20-29) KEXINIT: 20, NEWKEYS: 21, // Transport layer protocol -- key exchange method-specific (30-49) KEXDH_INIT: 30, KEXDH_REPLY: 31, KEXDH_GEX_GROUP: 31, KEXDH_GEX_INIT: 32, KEXDH_GEX_REPLY: 33, KEXDH_GEX_REQUEST: 34, KEXECDH_INIT: 30, KEXECDH_REPLY: 31, // User auth protocol -- generic (50-59) USERAUTH_REQUEST: 50, USERAUTH_FAILURE: 51, USERAUTH_SUCCESS: 52, USERAUTH_BANNER: 53, // User auth protocol -- user auth method-specific (60-79) USERAUTH_PASSWD_CHANGEREQ: 60, USERAUTH_PK_OK: 60, USERAUTH_INFO_REQUEST: 60, USERAUTH_INFO_RESPONSE: 61, // Connection protocol -- generic (80-89) GLOBAL_REQUEST: 80, REQUEST_SUCCESS: 81, REQUEST_FAILURE: 82, // Connection protocol -- channel-related (90-127) CHANNEL_OPEN: 90, CHANNEL_OPEN_CONFIRMATION: 91, CHANNEL_OPEN_FAILURE: 92, CHANNEL_WINDOW_ADJUST: 93, CHANNEL_DATA: 94, CHANNEL_EXTENDED_DATA: 95, CHANNEL_EOF: 96, CHANNEL_CLOSE: 97, CHANNEL_REQUEST: 98, CHANNEL_SUCCESS: 99, CHANNEL_FAILURE: 100 // Reserved for client protocols (128-191) // Local extensions (192-155) }, DISCONNECT_REASON: { HOST_NOT_ALLOWED_TO_CONNECT: 1, PROTOCOL_ERROR: 2, KEY_EXCHANGE_FAILED: 3, RESERVED: 4, MAC_ERROR: 5, COMPRESSION_ERROR: 6, SERVICE_NOT_AVAILABLE: 7, PROTOCOL_VERSION_NOT_SUPPORTED: 8, HOST_KEY_NOT_VERIFIABLE: 9, CONNECTION_LOST: 10, BY_APPLICATION: 11, TOO_MANY_CONNECTIONS: 12, AUTH_CANCELED_BY_USER: 13, NO_MORE_AUTH_METHODS_AVAILABLE: 14, ILLEGAL_USER_NAME: 15, }, DISCONNECT_REASON_STR: undefined, CHANNEL_OPEN_FAILURE: { ADMINISTRATIVELY_PROHIBITED: 1, CONNECT_FAILED: 2, UNKNOWN_CHANNEL_TYPE: 3, RESOURCE_SHORTAGE: 4 }, TERMINAL_MODE: { TTY_OP_END: 0, // Indicates end of options. VINTR: 1, // Interrupt character; 255 if none. Similarly for the // other characters. Not all of these characters are // supported on all systems. VQUIT: 2, // The quit character (sends SIGQUIT signal on POSIX // systems). VERASE: 3, // Erase the character to left of the cursor. VKILL: 4, // Kill the current input line. VEOF: 5, // End-of-file character (sends EOF from the // terminal). VEOL: 6, // End-of-line character in addition to carriage // return and/or linefeed. VEOL2: 7, // Additional end-of-line character. VSTART: 8, // Continues paused output (normally control-Q). VSTOP: 9, // Pauses output (normally control-S). VSUSP: 10, // Suspends the current program. VDSUSP: 11, // Another suspend character. VREPRINT: 12, // Reprints the current input line. VWERASE: 13, // Erases a word left of cursor. VLNEXT: 14, // Enter the next character typed literally, even if // it is a special character VFLUSH: 15, // Character to flush output. VSWTCH: 16, // Switch to a different shell layer. VSTATUS: 17, // Prints system status line (load, command, pid, // etc). VDISCARD: 18, // Toggles the flushing of terminal output. IGNPAR: 30, // The ignore parity flag. The parameter SHOULD be 0 // if this flag is FALSE, and 1 if it is TRUE. PARMRK: 31, // Mark parity and framing errors. INPCK: 32, // Enable checking of parity errors. ISTRIP: 33, // Strip 8th bit off characters. INLCR: 34, // Map NL into CR on input. IGNCR: 35, // Ignore CR on input. ICRNL: 36, // Map CR to NL on input. IUCLC: 37, // Translate uppercase characters to lowercase. IXON: 38, // Enable output flow control. IXANY: 39, // Any char will restart after stop. IXOFF: 40, // Enable input flow control. IMAXBEL: 41, // Ring bell on input queue full. ISIG: 50, // Enable signals INTR, QUIT, [D]SUSP. ICANON: 51, // Canonicalize input lines. XCASE: 52, // Enable input and output of uppercase characters by // preceding their lowercase equivalents with "\". ECHO: 53, // Enable echoing. ECHOE: 54, // Visually erase chars. ECHOK: 55, // Kill character discards current line. ECHONL: 56, // Echo NL even if ECHO is off. NOFLSH: 57, // Don't flush after interrupt. TOSTOP: 58, // Stop background jobs from output. IEXTEN: 59, // Enable extensions. ECHOCTL: 60, // Echo control characters as ^(Char). ECHOKE: 61, // Visual erase for line kill. PENDIN: 62, // Retype pending input. OPOST: 70, // Enable output processing. OLCUC: 71, // Convert lowercase to uppercase. ONLCR: 72, // Map NL to CR-NL. OCRNL: 73, // Translate carriage return to newline (output). ONOCR: 74, // Translate newline to carriage return-newline // (output). ONLRET: 75, // Newline performs a carriage return (output). CS7: 90, // 7 bit mode. CS8: 91, // 8 bit mode. PARENB: 92, // Parity enable. PARODD: 93, // Odd parity, else even. TTY_OP_ISPEED: 128, // Specifies the input baud rate in bits per second. TTY_OP_OSPEED: 129, // Specifies the output baud rate in bits per second. }, CHANNEL_EXTENDED_DATATYPE: { STDERR: 1, }, SIGNALS: [ 'ABRT', 'ALRM', 'FPE', 'HUP', 'ILL', 'INT', 'QUIT', 'SEGV', 'TERM', 'USR1', 'USR2', 'KILL', 'PIPE' ].reduce((cur, val) => ({ ...cur, [val]: 1 }), {}), COMPAT, COMPAT_CHECKS: [ [ 'Cisco-1.25', COMPAT.BAD_DHGEX ], [ /^Cisco-1\./, COMPAT.BUG_DHGEX_LARGE ], [ /^[0-9.]+$/, COMPAT.OLD_EXIT ], // old SSH.com implementations [ /^OpenSSH_5\.\d+/, COMPAT.DYN_RPORT_BUG ], ], // KEX proposal-related DEFAULT_KEX, SUPPORTED_KEX, DEFAULT_SERVER_HOST_KEY, SUPPORTED_SERVER_HOST_KEY, DEFAULT_CIPHER, SUPPORTED_CIPHER, DEFAULT_MAC, SUPPORTED_MAC, DEFAULT_COMPRESSION, SUPPORTED_COMPRESSION, curve25519Supported, eddsaSupported, }; module.exports.DISCONNECT_REASON_BY_VALUE = Array.from(Object.entries(module.exports.DISCONNECT_REASON)) .reduce((obj, [key, value]) => ({ ...obj, [value]: key }), {}); /***/ }), /***/ 5708: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; // TODO: // * make max packet size configurable // * if decompression is enabled, use `._packet` in decipher instances as // input to (sync) zlib inflater with appropriate offset and length to // avoid an additional copy of payload data before inflation // * factor decompression status into packet length checks const { createCipheriv, createDecipheriv, createHmac, randomFillSync, timingSafeEqual } = __nccwpck_require__(6417); const { readUInt32BE, writeUInt32BE } = __nccwpck_require__(9475); const FastBuffer = Buffer[Symbol.species]; const MAX_SEQNO = 2 ** 32 - 1; const EMPTY_BUFFER = Buffer.alloc(0); const BUF_INT = Buffer.alloc(4); const DISCARD_CACHE = new Map(); const MAX_PACKET_SIZE = 35000; let binding; let AESGCMCipher; let ChaChaPolyCipher; let GenericCipher; let AESGCMDecipher; let ChaChaPolyDecipher; let GenericDecipher; try { binding = __nccwpck_require__(9041); ({ AESGCMCipher, ChaChaPolyCipher, GenericCipher, AESGCMDecipher, ChaChaPolyDecipher, GenericDecipher } = binding); } catch {} const CIPHER_STREAM = 1 << 0; const CIPHER_INFO = (() => { function info(sslName, blockLen, keyLen, ivLen, authLen, discardLen, flags) { return { sslName, blockLen, keyLen, ivLen: (ivLen !== 0 || (flags & CIPHER_STREAM) ? ivLen : blockLen), authLen, discardLen, stream: !!(flags & CIPHER_STREAM), }; } return { 'chacha20-poly1305@openssh.com': info('chacha20', 8, 64, 0, 16, 0, CIPHER_STREAM), 'aes128-gcm': info('aes-128-gcm', 16, 16, 12, 16, 0, CIPHER_STREAM), 'aes256-gcm': info('aes-256-gcm', 16, 32, 12, 16, 0, CIPHER_STREAM), 'aes128-gcm@openssh.com': info('aes-128-gcm', 16, 16, 12, 16, 0, CIPHER_STREAM), 'aes256-gcm@openssh.com': info('aes-256-gcm', 16, 32, 12, 16, 0, CIPHER_STREAM), 'aes128-cbc': info('aes-128-cbc', 16, 16, 0, 0, 0, 0), 'aes192-cbc': info('aes-192-cbc', 16, 24, 0, 0, 0, 0), 'aes256-cbc': info('aes-256-cbc', 16, 32, 0, 0, 0, 0), 'rijndael-cbc@lysator.liu.se': info('aes-256-cbc', 16, 32, 0, 0, 0, 0), '3des-cbc': info('des-ede3-cbc', 8, 24, 0, 0, 0, 0), 'blowfish-cbc': info('bf-cbc', 8, 16, 0, 0, 0, 0), 'idea-cbc': info('idea-cbc', 8, 16, 0, 0, 0, 0), 'cast128-cbc': info('cast-cbc', 8, 16, 0, 0, 0, 0), 'aes128-ctr': info('aes-128-ctr', 16, 16, 16, 0, 0, CIPHER_STREAM), 'aes192-ctr': info('aes-192-ctr', 16, 24, 16, 0, 0, CIPHER_STREAM), 'aes256-ctr': info('aes-256-ctr', 16, 32, 16, 0, 0, CIPHER_STREAM), '3des-ctr': info('des-ede3', 8, 24, 8, 0, 0, CIPHER_STREAM), 'blowfish-ctr': info('bf-ecb', 8, 16, 8, 0, 0, CIPHER_STREAM), 'cast128-ctr': info('cast5-ecb', 8, 16, 8, 0, 0, CIPHER_STREAM), /* The "arcfour128" algorithm is the RC4 cipher, as described in [SCHNEIER], using a 128-bit key. The first 1536 bytes of keystream generated by the cipher MUST be discarded, and the first byte of the first encrypted packet MUST be encrypted using the 1537th byte of keystream. -- http://tools.ietf.org/html/rfc4345#section-4 */ 'arcfour': info('rc4', 8, 16, 0, 0, 1536, CIPHER_STREAM), 'arcfour128': info('rc4', 8, 16, 0, 0, 1536, CIPHER_STREAM), 'arcfour256': info('rc4', 8, 32, 0, 0, 1536, CIPHER_STREAM), 'arcfour512': info('rc4', 8, 64, 0, 0, 1536, CIPHER_STREAM), }; })(); const MAC_INFO = (() => { function info(sslName, len, actualLen, isETM) { return { sslName, len, actualLen, isETM, }; } return { 'hmac-md5': info('md5', 16, 16, false), 'hmac-md5-96': info('md5', 16, 12, false), 'hmac-ripemd160': info('ripemd160', 20, 20, false), 'hmac-sha1': info('sha1', 20, 20, false), 'hmac-sha1-etm@openssh.com': info('sha1', 20, 20, true), 'hmac-sha1-96': info('sha1', 20, 12, false), 'hmac-sha2-256': info('sha256', 32, 32, false), 'hmac-sha2-256-etm@openssh.com': info('sha256', 32, 32, true), 'hmac-sha2-256-96': info('sha256', 32, 12, false), 'hmac-sha2-512': info('sha512', 64, 64, false), 'hmac-sha2-512-etm@openssh.com': info('sha512', 64, 64, true), 'hmac-sha2-512-96': info('sha512', 64, 12, false), }; })(); // Should only_be used during the initial handshake class NullCipher { constructor(seqno, onWrite) { this.outSeqno = seqno; this._onWrite = onWrite; this._dead = false; } free() { this._dead = true; } allocPacket(payloadLen) { let pktLen = 4 + 1 + payloadLen; let padLen = 8 - (pktLen & (8 - 1)); if (padLen < 4) padLen += 8; pktLen += padLen; const packet = Buffer.allocUnsafe(pktLen); writeUInt32BE(packet, pktLen - 4, 0); packet[4] = padLen; randomFillSync(packet, 5 + payloadLen, padLen); return packet; } encrypt(packet) { // `packet` === unencrypted packet if (this._dead) return; this._onWrite(packet); this.outSeqno = (this.outSeqno + 1) >>> 0; } } const POLY1305_ZEROS = Buffer.alloc(32); const POLY1305_OUT_COMPUTE = Buffer.alloc(16); let POLY1305_WASM_MODULE; let POLY1305_RESULT_MALLOC; let poly1305_auth; class ChaChaPolyCipherNative { constructor(config) { const enc = config.outbound; this.outSeqno = enc.seqno; this._onWrite = enc.onWrite; this._encKeyMain = enc.cipherKey.slice(0, 32); this._encKeyPktLen = enc.cipherKey.slice(32); this._dead = false; } free() { this._dead = true; } allocPacket(payloadLen) { let pktLen = 4 + 1 + payloadLen; let padLen = 8 - ((pktLen - 4) & (8 - 1)); if (padLen < 4) padLen += 8; pktLen += padLen; const packet = Buffer.allocUnsafe(pktLen); writeUInt32BE(packet, pktLen - 4, 0); packet[4] = padLen; randomFillSync(packet, 5 + payloadLen, padLen); return packet; } encrypt(packet) { // `packet` === unencrypted packet if (this._dead) return; // Generate Poly1305 key POLY1305_OUT_COMPUTE[0] = 0; // Set counter to 0 (little endian) writeUInt32BE(POLY1305_OUT_COMPUTE, this.outSeqno, 12); const polyKey = createCipheriv('chacha20', this._encKeyMain, POLY1305_OUT_COMPUTE) .update(POLY1305_ZEROS); // Encrypt packet length const pktLenEnc = createCipheriv('chacha20', this._encKeyPktLen, POLY1305_OUT_COMPUTE) .update(packet.slice(0, 4)); this._onWrite(pktLenEnc); // Encrypt rest of packet POLY1305_OUT_COMPUTE[0] = 1; // Set counter to 1 (little endian) const payloadEnc = createCipheriv('chacha20', this._encKeyMain, POLY1305_OUT_COMPUTE) .update(packet.slice(4)); this._onWrite(payloadEnc); // Calculate Poly1305 MAC poly1305_auth(POLY1305_RESULT_MALLOC, pktLenEnc, pktLenEnc.length, payloadEnc, payloadEnc.length, polyKey); const mac = Buffer.allocUnsafe(16); mac.set( new Uint8Array(POLY1305_WASM_MODULE.HEAPU8.buffer, POLY1305_RESULT_MALLOC, 16), 0 ); this._onWrite(mac); this.outSeqno = (this.outSeqno + 1) >>> 0; } } class ChaChaPolyCipherBinding { constructor(config) { const enc = config.outbound; this.outSeqno = enc.seqno; this._onWrite = enc.onWrite; this._instance = new ChaChaPolyCipher(enc.cipherKey); this._dead = false; } free() { this._dead = true; this._instance.free(); } allocPacket(payloadLen) { let pktLen = 4 + 1 + payloadLen; let padLen = 8 - ((pktLen - 4) & (8 - 1)); if (padLen < 4) padLen += 8; pktLen += padLen; const packet = Buffer.allocUnsafe(pktLen + 16/* MAC */); writeUInt32BE(packet, pktLen - 4, 0); packet[4] = padLen; randomFillSync(packet, 5 + payloadLen, padLen); return packet; } encrypt(packet) { // `packet` === unencrypted packet if (this._dead) return; // Encrypts in-place this._instance.encrypt(packet, this.outSeqno); this._onWrite(packet); this.outSeqno = (this.outSeqno + 1) >>> 0; } } class AESGCMCipherNative { constructor(config) { const enc = config.outbound; this.outSeqno = enc.seqno; this._onWrite = enc.onWrite; this._encSSLName = enc.cipherInfo.sslName; this._encKey = enc.cipherKey; this._encIV = enc.cipherIV; this._dead = false; } free() { this._dead = true; } allocPacket(payloadLen) { let pktLen = 4 + 1 + payloadLen; let padLen = 16 - ((pktLen - 4) & (16 - 1)); if (padLen < 4) padLen += 16; pktLen += padLen; const packet = Buffer.allocUnsafe(pktLen); writeUInt32BE(packet, pktLen - 4, 0); packet[4] = padLen; randomFillSync(packet, 5 + payloadLen, padLen); return packet; } encrypt(packet) { // `packet` === unencrypted packet if (this._dead) return; const cipher = createCipheriv(this._encSSLName, this._encKey, this._encIV); cipher.setAutoPadding(false); const lenData = packet.slice(0, 4); cipher.setAAD(lenData); this._onWrite(lenData); // Encrypt pad length, payload, and padding const encrypted = cipher.update(packet.slice(4)); this._onWrite(encrypted); const final = cipher.final(); // XXX: final.length === 0 always? if (final.length) this._onWrite(final); // Generate MAC const tag = cipher.getAuthTag(); this._onWrite(tag); // Increment counter in IV by 1 for next packet ivIncrement(this._encIV); this.outSeqno = (this.outSeqno + 1) >>> 0; } } class AESGCMCipherBinding { constructor(config) { const enc = config.outbound; this.outSeqno = enc.seqno; this._onWrite = enc.onWrite; this._instance = new AESGCMCipher(enc.cipherInfo.sslName, enc.cipherKey, enc.cipherIV); this._dead = false; } free() { this._dead = true; this._instance.free(); } allocPacket(payloadLen) { let pktLen = 4 + 1 + payloadLen; let padLen = 16 - ((pktLen - 4) & (16 - 1)); if (padLen < 4) padLen += 16; pktLen += padLen; const packet = Buffer.allocUnsafe(pktLen + 16/* authTag */); writeUInt32BE(packet, pktLen - 4, 0); packet[4] = padLen; randomFillSync(packet, 5 + payloadLen, padLen); return packet; } encrypt(packet) { // `packet` === unencrypted packet if (this._dead) return; // Encrypts in-place this._instance.encrypt(packet); this._onWrite(packet); this.outSeqno = (this.outSeqno + 1) >>> 0; } } class GenericCipherNative { constructor(config) { const enc = config.outbound; this.outSeqno = enc.seqno; this._onWrite = enc.onWrite; this._encBlockLen = enc.cipherInfo.blockLen; this._cipherInstance = createCipheriv(enc.cipherInfo.sslName, enc.cipherKey, enc.cipherIV); this._macSSLName = enc.macInfo.sslName; this._macKey = enc.macKey; this._macActualLen = enc.macInfo.actualLen; this._macETM = enc.macInfo.isETM; this._aadLen = (this._macETM ? 4 : 0); this._dead = false; const discardLen = enc.cipherInfo.discardLen; if (discardLen) { let discard = DISCARD_CACHE.get(discardLen); if (discard === undefined) { discard = Buffer.alloc(discardLen); DISCARD_CACHE.set(discardLen, discard); } this._cipherInstance.update(discard); } } free() { this._dead = true; } allocPacket(payloadLen) { const blockLen = this._encBlockLen; let pktLen = 4 + 1 + payloadLen; let padLen = blockLen - ((pktLen - this._aadLen) & (blockLen - 1)); if (padLen < 4) padLen += blockLen; pktLen += padLen; const packet = Buffer.allocUnsafe(pktLen); writeUInt32BE(packet, pktLen - 4, 0); packet[4] = padLen; randomFillSync(packet, 5 + payloadLen, padLen); return packet; } encrypt(packet) { // `packet` === unencrypted packet if (this._dead) return; let mac; if (this._macETM) { // Encrypt pad length, payload, and padding const lenBytes = new Uint8Array(packet.buffer, packet.byteOffset, 4); const encrypted = this._cipherInstance.update( new Uint8Array(packet.buffer, packet.byteOffset + 4, packet.length - 4) ); this._onWrite(lenBytes); this._onWrite(encrypted); // TODO: look into storing seqno as 4-byte buffer and incrementing like we // do for AES-GCM IVs to avoid having to (re)write all 4 bytes every time mac = createHmac(this._macSSLName, this._macKey); writeUInt32BE(BUF_INT, this.outSeqno, 0); mac.update(BUF_INT); mac.update(lenBytes); mac.update(encrypted); } else { // Encrypt length field, pad length, payload, and padding const encrypted = this._cipherInstance.update(packet); this._onWrite(encrypted); // TODO: look into storing seqno as 4-byte buffer and incrementing like we // do for AES-GCM IVs to avoid having to (re)write all 4 bytes every time mac = createHmac(this._macSSLName, this._macKey); writeUInt32BE(BUF_INT, this.outSeqno, 0); mac.update(BUF_INT); mac.update(packet); } let digest = mac.digest(); if (digest.length > this._macActualLen) digest = digest.slice(0, this._macActualLen); this._onWrite(digest); this.outSeqno = (this.outSeqno + 1) >>> 0; } } class GenericCipherBinding { constructor(config) { const enc = config.outbound; this.outSeqno = enc.seqno; this._onWrite = enc.onWrite; this._encBlockLen = enc.cipherInfo.blockLen; this._macLen = enc.macInfo.len; this._macActualLen = enc.macInfo.actualLen; this._aadLen = (enc.macInfo.isETM ? 4 : 0); this._instance = new GenericCipher(enc.cipherInfo.sslName, enc.cipherKey, enc.cipherIV, enc.macInfo.sslName, enc.macKey, enc.macInfo.isETM); this._dead = false; } free() { this._dead = true; this._instance.free(); } allocPacket(payloadLen) { const blockLen = this._encBlockLen; let pktLen = 4 + 1 + payloadLen; let padLen = blockLen - ((pktLen - this._aadLen) & (blockLen - 1)); if (padLen < 4) padLen += blockLen; pktLen += padLen; const packet = Buffer.allocUnsafe(pktLen + this._macLen); writeUInt32BE(packet, pktLen - 4, 0); packet[4] = padLen; randomFillSync(packet, 5 + payloadLen, padLen); return packet; } encrypt(packet) { // `packet` === unencrypted packet if (this._dead) return; // Encrypts in-place this._instance.encrypt(packet, this.outSeqno); if (this._macActualLen < this._macLen) { packet = new FastBuffer(packet.buffer, packet.byteOffset, (packet.length - (this._macLen - this._macActualLen))); } this._onWrite(packet); this.outSeqno = (this.outSeqno + 1) >>> 0; } } class NullDecipher { constructor(seqno, onPayload) { this.inSeqno = seqno; this._onPayload = onPayload; this._len = 0; this._lenBytes = 0; this._packet = null; this._packetPos = 0; } free() {} decrypt(data, p, dataLen) { while (p < dataLen) { // Read packet length if (this._lenBytes < 4) { let nb = Math.min(4 - this._lenBytes, dataLen - p); this._lenBytes += nb; while (nb--) this._len = (this._len << 8) + data[p++]; if (this._lenBytes < 4) return; if (this._len > MAX_PACKET_SIZE || this._len < 8 || (4 + this._len & 7) !== 0) { throw new Error('Bad packet length'); } if (p >= dataLen) return; } // Read padding length, payload, and padding if (this._packetPos < this._len) { const nb = Math.min(this._len - this._packetPos, dataLen - p); let chunk; if (p !== 0 || nb !== dataLen) chunk = new Uint8Array(data.buffer, data.byteOffset + p, nb); else chunk = data; if (nb === this._len) { this._packet = chunk; } else { if (!this._packet) this._packet = Buffer.allocUnsafe(this._len); this._packet.set(chunk, this._packetPos); } p += nb; this._packetPos += nb; if (this._packetPos < this._len) return; } const payload = (!this._packet ? EMPTY_BUFFER : new FastBuffer(this._packet.buffer, this._packet.byteOffset + 1, this._packet.length - this._packet[0] - 1)); // Prepare for next packet this.inSeqno = (this.inSeqno + 1) >>> 0; this._len = 0; this._lenBytes = 0; this._packet = null; this._packetPos = 0; { const ret = this._onPayload(payload); if (ret !== undefined) return (ret === false ? p : ret); } } } } class ChaChaPolyDecipherNative { constructor(config) { const dec = config.inbound; this.inSeqno = dec.seqno; this._onPayload = dec.onPayload; this._decKeyMain = dec.decipherKey.slice(0, 32); this._decKeyPktLen = dec.decipherKey.slice(32); this._len = 0; this._lenBuf = Buffer.alloc(4); this._lenPos = 0; this._packet = null; this._pktLen = 0; this._mac = Buffer.allocUnsafe(16); this._calcMac = Buffer.allocUnsafe(16); this._macPos = 0; } free() {} decrypt(data, p, dataLen) { // `data` === encrypted data while (p < dataLen) { // Read packet length if (this._lenPos < 4) { let nb = Math.min(4 - this._lenPos, dataLen - p); while (nb--) this._lenBuf[this._lenPos++] = data[p++]; if (this._lenPos < 4) return; POLY1305_OUT_COMPUTE[0] = 0; // Set counter to 0 (little endian) writeUInt32BE(POLY1305_OUT_COMPUTE, this.inSeqno, 12); const decLenBytes = createDecipheriv('chacha20', this._decKeyPktLen, POLY1305_OUT_COMPUTE) .update(this._lenBuf); this._len = readUInt32BE(decLenBytes, 0); if (this._len > MAX_PACKET_SIZE || this._len < 8 || (this._len & 7) !== 0) { throw new Error('Bad packet length'); } } // Read padding length, payload, and padding if (this._pktLen < this._len) { if (p >= dataLen) return; const nb = Math.min(this._len - this._pktLen, dataLen - p); let encrypted; if (p !== 0 || nb !== dataLen) encrypted = new Uint8Array(data.buffer, data.byteOffset + p, nb); else encrypted = data; if (nb === this._len) { this._packet = encrypted; } else { if (!this._packet) this._packet = Buffer.allocUnsafe(this._len); this._packet.set(encrypted, this._pktLen); } p += nb; this._pktLen += nb; if (this._pktLen < this._len || p >= dataLen) return; } // Read Poly1305 MAC { const nb = Math.min(16 - this._macPos, dataLen - p); // TODO: avoid copying if entire MAC is in current chunk if (p !== 0 || nb !== dataLen) { this._mac.set( new Uint8Array(data.buffer, data.byteOffset + p, nb), this._macPos ); } else { this._mac.set(data, this._macPos); } p += nb; this._macPos += nb; if (this._macPos < 16) return; } // Generate Poly1305 key POLY1305_OUT_COMPUTE[0] = 0; // Set counter to 0 (little endian) writeUInt32BE(POLY1305_OUT_COMPUTE, this.inSeqno, 12); const polyKey = createCipheriv('chacha20', this._decKeyMain, POLY1305_OUT_COMPUTE) .update(POLY1305_ZEROS); // Calculate and compare Poly1305 MACs poly1305_auth(POLY1305_RESULT_MALLOC, this._lenBuf, 4, this._packet, this._packet.length, polyKey); this._calcMac.set( new Uint8Array(POLY1305_WASM_MODULE.HEAPU8.buffer, POLY1305_RESULT_MALLOC, 16), 0 ); if (!timingSafeEqual(this._calcMac, this._mac)) throw new Error('Invalid MAC'); // Decrypt packet POLY1305_OUT_COMPUTE[0] = 1; // Set counter to 1 (little endian) const packet = createDecipheriv('chacha20', this._decKeyMain, POLY1305_OUT_COMPUTE) .update(this._packet); const payload = new FastBuffer(packet.buffer, packet.byteOffset + 1, packet.length - packet[0] - 1); // Prepare for next packet this.inSeqno = (this.inSeqno + 1) >>> 0; this._len = 0; this._lenPos = 0; this._packet = null; this._pktLen = 0; this._macPos = 0; { const ret = this._onPayload(payload); if (ret !== undefined) return (ret === false ? p : ret); } } } } class ChaChaPolyDecipherBinding { constructor(config) { const dec = config.inbound; this.inSeqno = dec.seqno; this._onPayload = dec.onPayload; this._instance = new ChaChaPolyDecipher(dec.decipherKey); this._len = 0; this._lenBuf = Buffer.alloc(4); this._lenPos = 0; this._packet = null; this._pktLen = 0; this._mac = Buffer.allocUnsafe(16); this._macPos = 0; } free() { this._instance.free(); } decrypt(data, p, dataLen) { // `data` === encrypted data while (p < dataLen) { // Read packet length if (this._lenPos < 4) { let nb = Math.min(4 - this._lenPos, dataLen - p); while (nb--) this._lenBuf[this._lenPos++] = data[p++]; if (this._lenPos < 4) return; this._len = this._instance.decryptLen(this._lenBuf, this.inSeqno); if (this._len > MAX_PACKET_SIZE || this._len < 8 || (this._len & 7) !== 0) { throw new Error('Bad packet length'); } if (p >= dataLen) return; } // Read padding length, payload, and padding if (this._pktLen < this._len) { const nb = Math.min(this._len - this._pktLen, dataLen - p); let encrypted; if (p !== 0 || nb !== dataLen) encrypted = new Uint8Array(data.buffer, data.byteOffset + p, nb); else encrypted = data; if (nb === this._len) { this._packet = encrypted; } else { if (!this._packet) this._packet = Buffer.allocUnsafe(this._len); this._packet.set(encrypted, this._pktLen); } p += nb; this._pktLen += nb; if (this._pktLen < this._len || p >= dataLen) return; } // Read Poly1305 MAC { const nb = Math.min(16 - this._macPos, dataLen - p); // TODO: avoid copying if entire MAC is in current chunk if (p !== 0 || nb !== dataLen) { this._mac.set( new Uint8Array(data.buffer, data.byteOffset + p, nb), this._macPos ); } else { this._mac.set(data, this._macPos); } p += nb; this._macPos += nb; if (this._macPos < 16) return; } this._instance.decrypt(this._packet, this._mac, this.inSeqno); const payload = new FastBuffer(this._packet.buffer, this._packet.byteOffset + 1, this._packet.length - this._packet[0] - 1); // Prepare for next packet this.inSeqno = (this.inSeqno + 1) >>> 0; this._len = 0; this._lenPos = 0; this._packet = null; this._pktLen = 0; this._macPos = 0; { const ret = this._onPayload(payload); if (ret !== undefined) return (ret === false ? p : ret); } } } } class AESGCMDecipherNative { constructor(config) { const dec = config.inbound; this.inSeqno = dec.seqno; this._onPayload = dec.onPayload; this._decipherInstance = null; this._decipherSSLName = dec.decipherInfo.sslName; this._decipherKey = dec.decipherKey; this._decipherIV = dec.decipherIV; this._len = 0; this._lenBytes = 0; this._packet = null; this._packetPos = 0; this._pktLen = 0; this._tag = Buffer.allocUnsafe(16); this._tagPos = 0; } free() {} decrypt(data, p, dataLen) { // `data` === encrypted data while (p < dataLen) { // Read packet length (unencrypted, but AAD) if (this._lenBytes < 4) { let nb = Math.min(4 - this._lenBytes, dataLen - p); this._lenBytes += nb; while (nb--) this._len = (this._len << 8) + data[p++]; if (this._lenBytes < 4) return; if ((this._len + 20) > MAX_PACKET_SIZE || this._len < 16 || (this._len & 15) !== 0) { throw new Error('Bad packet length'); } this._decipherInstance = createDecipheriv( this._decipherSSLName, this._decipherKey, this._decipherIV ); this._decipherInstance.setAutoPadding(false); this._decipherInstance.setAAD(intToBytes(this._len)); } // Read padding length, payload, and padding if (this._pktLen < this._len) { if (p >= dataLen) return; const nb = Math.min(this._len - this._pktLen, dataLen - p); let decrypted; if (p !== 0 || nb !== dataLen) { decrypted = this._decipherInstance.update( new Uint8Array(data.buffer, data.byteOffset + p, nb) ); } else { decrypted = this._decipherInstance.update(data); } if (decrypted.length) { if (nb === this._len) { this._packet = decrypted; } else { if (!this._packet) this._packet = Buffer.allocUnsafe(this._len); this._packet.set(decrypted, this._packetPos); } this._packetPos += decrypted.length; } p += nb; this._pktLen += nb; if (this._pktLen < this._len || p >= dataLen) return; } // Read authentication tag { const nb = Math.min(16 - this._tagPos, dataLen - p); if (p !== 0 || nb !== dataLen) { this._tag.set( new Uint8Array(data.buffer, data.byteOffset + p, nb), this._tagPos ); } else { this._tag.set(data, this._tagPos); } p += nb; this._tagPos += nb; if (this._tagPos < 16) return; } { // Verify authentication tag this._decipherInstance.setAuthTag(this._tag); const decrypted = this._decipherInstance.final(); // XXX: this should never output any data since stream ciphers always // return data from .update() and block ciphers must end on a multiple // of the block length, which would have caused an exception to be // thrown if the total input was not... if (decrypted.length) { if (this._packet) this._packet.set(decrypted, this._packetPos); else this._packet = decrypted; } } const payload = (!this._packet ? EMPTY_BUFFER : new FastBuffer(this._packet.buffer, this._packet.byteOffset + 1, this._packet.length - this._packet[0] - 1)); // Prepare for next packet this.inSeqno = (this.inSeqno + 1) >>> 0; ivIncrement(this._decipherIV); this._len = 0; this._lenBytes = 0; this._packet = null; this._packetPos = 0; this._pktLen = 0; this._tagPos = 0; { const ret = this._onPayload(payload); if (ret !== undefined) return (ret === false ? p : ret); } } } } class AESGCMDecipherBinding { constructor(config) { const dec = config.inbound; this.inSeqno = dec.seqno; this._onPayload = dec.onPayload; this._instance = new AESGCMDecipher(dec.decipherInfo.sslName, dec.decipherKey, dec.decipherIV); this._len = 0; this._lenBytes = 0; this._packet = null; this._pktLen = 0; this._tag = Buffer.allocUnsafe(16); this._tagPos = 0; } free() {} decrypt(data, p, dataLen) { // `data` === encrypted data while (p < dataLen) { // Read packet length (unencrypted, but AAD) if (this._lenBytes < 4) { let nb = Math.min(4 - this._lenBytes, dataLen - p); this._lenBytes += nb; while (nb--) this._len = (this._len << 8) + data[p++]; if (this._lenBytes < 4) return; if ((this._len + 20) > MAX_PACKET_SIZE || this._len < 16 || (this._len & 15) !== 0) { throw new Error(`Bad packet length: ${this._len}`); } } // Read padding length, payload, and padding if (this._pktLen < this._len) { if (p >= dataLen) return; const nb = Math.min(this._len - this._pktLen, dataLen - p); let encrypted; if (p !== 0 || nb !== dataLen) encrypted = new Uint8Array(data.buffer, data.byteOffset + p, nb); else encrypted = data; if (nb === this._len) { this._packet = encrypted; } else { if (!this._packet) this._packet = Buffer.allocUnsafe(this._len); this._packet.set(encrypted, this._pktLen); } p += nb; this._pktLen += nb; if (this._pktLen < this._len || p >= dataLen) return; } // Read authentication tag { const nb = Math.min(16 - this._tagPos, dataLen - p); if (p !== 0 || nb !== dataLen) { this._tag.set( new Uint8Array(data.buffer, data.byteOffset + p, nb), this._tagPos ); } else { this._tag.set(data, this._tagPos); } p += nb; this._tagPos += nb; if (this._tagPos < 16) return; } this._instance.decrypt(this._packet, this._len, this._tag); const payload = new FastBuffer(this._packet.buffer, this._packet.byteOffset + 1, this._packet.length - this._packet[0] - 1); // Prepare for next packet this.inSeqno = (this.inSeqno + 1) >>> 0; this._len = 0; this._lenBytes = 0; this._packet = null; this._pktLen = 0; this._tagPos = 0; { const ret = this._onPayload(payload); if (ret !== undefined) return (ret === false ? p : ret); } } } } // TODO: test incremental .update()s vs. copying to _packet and doing a single // .update() after entire packet read -- a single .update() would allow // verifying MAC before decrypting for ETM MACs class GenericDecipherNative { constructor(config) { const dec = config.inbound; this.inSeqno = dec.seqno; this._onPayload = dec.onPayload; this._decipherInstance = createDecipheriv(dec.decipherInfo.sslName, dec.decipherKey, dec.decipherIV); this._decipherInstance.setAutoPadding(false); this._block = Buffer.allocUnsafe( dec.macInfo.isETM ? 4 : dec.decipherInfo.blockLen ); this._blockSize = dec.decipherInfo.blockLen; this._blockPos = 0; this._len = 0; this._packet = null; this._packetPos = 0; this._pktLen = 0; this._mac = Buffer.allocUnsafe(dec.macInfo.actualLen); this._macPos = 0; this._macSSLName = dec.macInfo.sslName; this._macKey = dec.macKey; this._macActualLen = dec.macInfo.actualLen; this._macETM = dec.macInfo.isETM; this._macInstance = null; const discardLen = dec.decipherInfo.discardLen; if (discardLen) { let discard = DISCARD_CACHE.get(discardLen); if (discard === undefined) { discard = Buffer.alloc(discardLen); DISCARD_CACHE.set(discardLen, discard); } this._decipherInstance.update(discard); } } free() {} decrypt(data, p, dataLen) { // `data` === encrypted data while (p < dataLen) { // Read first encrypted block if (this._blockPos < this._block.length) { const nb = Math.min(this._block.length - this._blockPos, dataLen - p); if (p !== 0 || nb !== dataLen || nb < data.length) { this._block.set( new Uint8Array(data.buffer, data.byteOffset + p, nb), this._blockPos ); } else { this._block.set(data, this._blockPos); } p += nb; this._blockPos += nb; if (this._blockPos < this._block.length) return; let decrypted; let need; if (this._macETM) { this._len = need = readUInt32BE(this._block, 0); } else { // Decrypt first block to get packet length decrypted = this._decipherInstance.update(this._block); this._len = readUInt32BE(decrypted, 0); need = 4 + this._len - this._blockSize; } if (this._len > MAX_PACKET_SIZE || this._len < 5 || (need & (this._blockSize - 1)) !== 0) { throw new Error('Bad packet length'); } // Create MAC up front to calculate in parallel with decryption this._macInstance = createHmac(this._macSSLName, this._macKey); writeUInt32BE(BUF_INT, this.inSeqno, 0); this._macInstance.update(BUF_INT); if (this._macETM) { this._macInstance.update(this._block); } else { this._macInstance.update(new Uint8Array(decrypted.buffer, decrypted.byteOffset, 4)); this._pktLen = decrypted.length - 4; this._packetPos = this._pktLen; this._packet = Buffer.allocUnsafe(this._len); this._packet.set( new Uint8Array(decrypted.buffer, decrypted.byteOffset + 4, this._packetPos), 0 ); } if (p >= dataLen) return; } // Read padding length, payload, and padding if (this._pktLen < this._len) { const nb = Math.min(this._len - this._pktLen, dataLen - p); let encrypted; if (p !== 0 || nb !== dataLen) encrypted = new Uint8Array(data.buffer, data.byteOffset + p, nb); else encrypted = data; if (this._macETM) this._macInstance.update(encrypted); const decrypted = this._decipherInstance.update(encrypted); if (decrypted.length) { if (nb === this._len) { this._packet = decrypted; } else { if (!this._packet) this._packet = Buffer.allocUnsafe(this._len); this._packet.set(decrypted, this._packetPos); } this._packetPos += decrypted.length; } p += nb; this._pktLen += nb; if (this._pktLen < this._len || p >= dataLen) return; } // Read MAC { const nb = Math.min(this._macActualLen - this._macPos, dataLen - p); if (p !== 0 || nb !== dataLen) { this._mac.set( new Uint8Array(data.buffer, data.byteOffset + p, nb), this._macPos ); } else { this._mac.set(data, this._macPos); } p += nb; this._macPos += nb; if (this._macPos < this._macActualLen) return; } // Verify MAC if (!this._macETM) this._macInstance.update(this._packet); let calculated = this._macInstance.digest(); if (this._macActualLen < calculated.length) { calculated = new Uint8Array(calculated.buffer, calculated.byteOffset, this._macActualLen); } if (!timingSafeEquals(calculated, this._mac)) throw new Error('Invalid MAC'); const payload = new FastBuffer(this._packet.buffer, this._packet.byteOffset + 1, this._packet.length - this._packet[0] - 1); // Prepare for next packet this.inSeqno = (this.inSeqno + 1) >>> 0; this._blockPos = 0; this._len = 0; this._packet = null; this._packetPos = 0; this._pktLen = 0; this._macPos = 0; this._macInstance = null; { const ret = this._onPayload(payload); if (ret !== undefined) return (ret === false ? p : ret); } } } } class GenericDecipherBinding { constructor(config) { const dec = config.inbound; this.inSeqno = dec.seqno; this._onPayload = dec.onPayload; this._instance = new GenericDecipher(dec.decipherInfo.sslName, dec.decipherKey, dec.decipherIV, dec.macInfo.sslName, dec.macKey, dec.macInfo.isETM, dec.macInfo.actualLen); this._block = Buffer.allocUnsafe( dec.macInfo.isETM || dec.decipherInfo.stream ? 4 : dec.decipherInfo.blockLen ); this._blockPos = 0; this._len = 0; this._packet = null; this._pktLen = 0; this._mac = Buffer.allocUnsafe(dec.macInfo.actualLen); this._macPos = 0; this._macActualLen = dec.macInfo.actualLen; this._macETM = dec.macInfo.isETM; } free() { this._instance.free(); } decrypt(data, p, dataLen) { // `data` === encrypted data while (p < dataLen) { // Read first encrypted block if (this._blockPos < this._block.length) { const nb = Math.min(this._block.length - this._blockPos, dataLen - p); if (p !== 0 || nb !== dataLen || nb < data.length) { this._block.set( new Uint8Array(data.buffer, data.byteOffset + p, nb), this._blockPos ); } else { this._block.set(data, this._blockPos); } p += nb; this._blockPos += nb; if (this._blockPos < this._block.length) return; let need; if (this._macETM) { this._len = need = readUInt32BE(this._block, 0); } else { // Decrypt first block to get packet length this._instance.decryptBlock(this._block); this._len = readUInt32BE(this._block, 0); need = 4 + this._len - this._block.length; } if (this._len > MAX_PACKET_SIZE || this._len < 5 || (need & (this._block.length - 1)) !== 0) { throw new Error('Bad packet length'); } if (!this._macETM) { this._pktLen = (this._block.length - 4); if (this._pktLen) { this._packet = Buffer.allocUnsafe(this._len); this._packet.set( new Uint8Array(this._block.buffer, this._block.byteOffset + 4, this._pktLen), 0 ); } } if (p >= dataLen) return; } // Read padding length, payload, and padding if (this._pktLen < this._len) { const nb = Math.min(this._len - this._pktLen, dataLen - p); let encrypted; if (p !== 0 || nb !== dataLen) encrypted = new Uint8Array(data.buffer, data.byteOffset + p, nb); else encrypted = data; if (nb === this._len) { this._packet = encrypted; } else { if (!this._packet) this._packet = Buffer.allocUnsafe(this._len); this._packet.set(encrypted, this._pktLen); } p += nb; this._pktLen += nb; if (this._pktLen < this._len || p >= dataLen) return; } // Read MAC { const nb = Math.min(this._macActualLen - this._macPos, dataLen - p); if (p !== 0 || nb !== dataLen) { this._mac.set( new Uint8Array(data.buffer, data.byteOffset + p, nb), this._macPos ); } else { this._mac.set(data, this._macPos); } p += nb; this._macPos += nb; if (this._macPos < this._macActualLen) return; } // Decrypt and verify MAC this._instance.decrypt(this._packet, this.inSeqno, this._block, this._mac); const payload = new FastBuffer(this._packet.buffer, this._packet.byteOffset + 1, this._packet.length - this._packet[0] - 1); // Prepare for next packet this.inSeqno = (this.inSeqno + 1) >>> 0; this._blockPos = 0; this._len = 0; this._packet = null; this._pktLen = 0; this._macPos = 0; this._macInstance = null; { const ret = this._onPayload(payload); if (ret !== undefined) return (ret === false ? p : ret); } } } } // Increments unsigned, big endian counter (last 8 bytes) of AES-GCM IV function ivIncrement(iv) { // eslint-disable-next-line no-unused-expressions ++iv[11] >>> 8 && ++iv[10] >>> 8 && ++iv[9] >>> 8 && ++iv[8] >>> 8 && ++iv[7] >>> 8 && ++iv[6] >>> 8 && ++iv[5] >>> 8 && ++iv[4] >>> 8; } const intToBytes = (() => { const ret = Buffer.alloc(4); return (n) => { ret[0] = (n >>> 24); ret[1] = (n >>> 16); ret[2] = (n >>> 8); ret[3] = n; return ret; }; })(); function timingSafeEquals(a, b) { if (a.length !== b.length) { timingSafeEqual(a, a); return false; } return timingSafeEqual(a, b); } function createCipher(config) { if (typeof config !== 'object' || config === null) throw new Error('Invalid config'); if (typeof config.outbound !== 'object' || config.outbound === null) throw new Error('Invalid outbound'); const outbound = config.outbound; if (typeof outbound.onWrite !== 'function') throw new Error('Invalid outbound.onWrite'); if (typeof outbound.cipherInfo !== 'object' || outbound.cipherInfo === null) throw new Error('Invalid outbound.cipherInfo'); if (!Buffer.isBuffer(outbound.cipherKey) || outbound.cipherKey.length !== outbound.cipherInfo.keyLen) { throw new Error('Invalid outbound.cipherKey'); } if (outbound.cipherInfo.ivLen && (!Buffer.isBuffer(outbound.cipherIV) || outbound.cipherIV.length !== outbound.cipherInfo.ivLen)) { throw new Error('Invalid outbound.cipherIV'); } if (typeof outbound.seqno !== 'number' || outbound.seqno < 0 || outbound.seqno > MAX_SEQNO) { throw new Error('Invalid outbound.seqno'); } const forceNative = !!outbound.forceNative; switch (outbound.cipherInfo.sslName) { case 'aes-128-gcm': case 'aes-256-gcm': return (AESGCMCipher && !forceNative ? new AESGCMCipherBinding(config) : new AESGCMCipherNative(config)); case 'chacha20': return (ChaChaPolyCipher && !forceNative ? new ChaChaPolyCipherBinding(config) : new ChaChaPolyCipherNative(config)); default: { if (typeof outbound.macInfo !== 'object' || outbound.macInfo === null) throw new Error('Invalid outbound.macInfo'); if (!Buffer.isBuffer(outbound.macKey) || outbound.macKey.length !== outbound.macInfo.len) { throw new Error('Invalid outbound.macKey'); } return (GenericCipher && !forceNative ? new GenericCipherBinding(config) : new GenericCipherNative(config)); } } } function createDecipher(config) { if (typeof config !== 'object' || config === null) throw new Error('Invalid config'); if (typeof config.inbound !== 'object' || config.inbound === null) throw new Error('Invalid inbound'); const inbound = config.inbound; if (typeof inbound.onPayload !== 'function') throw new Error('Invalid inbound.onPayload'); if (typeof inbound.decipherInfo !== 'object' || inbound.decipherInfo === null) { throw new Error('Invalid inbound.decipherInfo'); } if (!Buffer.isBuffer(inbound.decipherKey) || inbound.decipherKey.length !== inbound.decipherInfo.keyLen) { throw new Error('Invalid inbound.decipherKey'); } if (inbound.decipherInfo.ivLen && (!Buffer.isBuffer(inbound.decipherIV) || inbound.decipherIV.length !== inbound.decipherInfo.ivLen)) { throw new Error('Invalid inbound.decipherIV'); } if (typeof inbound.seqno !== 'number' || inbound.seqno < 0 || inbound.seqno > MAX_SEQNO) { throw new Error('Invalid inbound.seqno'); } const forceNative = !!inbound.forceNative; switch (inbound.decipherInfo.sslName) { case 'aes-128-gcm': case 'aes-256-gcm': return (AESGCMDecipher && !forceNative ? new AESGCMDecipherBinding(config) : new AESGCMDecipherNative(config)); case 'chacha20': return (ChaChaPolyDecipher && !forceNative ? new ChaChaPolyDecipherBinding(config) : new ChaChaPolyDecipherNative(config)); default: { if (typeof inbound.macInfo !== 'object' || inbound.macInfo === null) throw new Error('Invalid inbound.macInfo'); if (!Buffer.isBuffer(inbound.macKey) || inbound.macKey.length !== inbound.macInfo.len) { throw new Error('Invalid inbound.macKey'); } return (GenericDecipher && !forceNative ? new GenericDecipherBinding(config) : new GenericDecipherNative(config)); } } } module.exports = { CIPHER_INFO, MAC_INFO, bindingAvailable: !!binding, init: (() => { // eslint-disable-next-line no-async-promise-executor return new Promise(async (resolve, reject) => { try { POLY1305_WASM_MODULE = await __nccwpck_require__(4989)(); POLY1305_RESULT_MALLOC = POLY1305_WASM_MODULE._malloc(16); poly1305_auth = POLY1305_WASM_MODULE.cwrap( 'poly1305_auth', null, ['number', 'array', 'number', 'array', 'number', 'array'] ); } catch (ex) { return reject(ex); } resolve(); }); })(), NullCipher, createCipher, NullDecipher, createDecipher, }; /***/ }), /***/ 4989: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var createPoly1305 = (function() { var _scriptDir = typeof document !== 'undefined' && document.currentScript ? document.currentScript.src : undefined; if (typeof __filename !== 'undefined') _scriptDir = _scriptDir || __filename; return ( function(createPoly1305) { createPoly1305 = createPoly1305 || {}; var b;b||(b=typeof createPoly1305 !== 'undefined' ? createPoly1305 : {});var q,r;b.ready=new Promise(function(a,c){q=a;r=c});var u={},w;for(w in b)b.hasOwnProperty(w)&&(u[w]=b[w]);var x="object"===typeof window,y="function"===typeof importScripts,z="object"===typeof process&&"object"===typeof process.versions&&"string"===typeof process.versions.node,B="",C,D,E,F,G; if(z)B=y?__nccwpck_require__(5622).dirname(B)+"/":__dirname+"/",C=function(a,c){var d=H(a);if(d)return c?d:d.toString();F||(F=__nccwpck_require__(5747));G||(G=__nccwpck_require__(5622));a=G.normalize(a);return F.readFileSync(a,c?null:"utf8")},E=function(a){a=C(a,!0);a.buffer||(a=new Uint8Array(a));assert(a.buffer);return a},D=function(a,c,d){var e=H(a);e&&c(e);F||(F=__nccwpck_require__(5747));G||(G=__nccwpck_require__(5622));a=G.normalize(a);F.readFile(a,function(f,l){f?d(f):c(l.buffer)})},1=m){var oa=g.charCodeAt(++v);m=65536+((m&1023)<<10)|oa&1023}if(127>=m){if(k>=n)break;h[k++]=m}else{if(2047>=m){if(k+1>=n)break;h[k++]=192|m>>6}else{if(65535>=m){if(k+2>=n)break;h[k++]=224|m>>12}else{if(k+3>=n)break;h[k++]=240|m>>18;h[k++]=128|m>>12&63}h[k++]=128|m>>6&63}h[k++]=128|m&63}}h[k]= 0}}return p},array:function(g){var p=O(g.length);Q.set(g,p);return p}},l=N(a),A=[];a=0;if(e)for(var t=0;t=n);)++k;if(16h?n+=String.fromCharCode(h):(h-=65536,n+=String.fromCharCode(55296|h>>10,56320|h&1023))}}else n+=String.fromCharCode(h)}g=n}}else g="";else g="boolean"===c?!!g:g;return g}(d);0!==a&&fa(a);return d}var ea="undefined"!==typeof TextDecoder?new TextDecoder("utf8"):void 0,ha,Q,P; function ia(){var a=L.buffer;ha=a;b.HEAP8=Q=new Int8Array(a);b.HEAP16=new Int16Array(a);b.HEAP32=new Int32Array(a);b.HEAPU8=P=new Uint8Array(a);b.HEAPU16=new Uint16Array(a);b.HEAPU32=new Uint32Array(a);b.HEAPF32=new Float32Array(a);b.HEAPF64=new Float64Array(a)}var R,ja=[],ka=[],la=[];function ma(){var a=b.preRun.shift();ja.unshift(a)}var S=0,T=null,U=null;b.preloadedImages={};b.preloadedAudios={}; function K(a){if(b.onAbort)b.onAbort(a);I(a);M=!0;a=new WebAssembly.RuntimeError("abort("+a+"). Build with -s ASSERTIONS=1 for more info.");r(a);throw a;}var V="data:application/octet-stream;base64,",W;W="data:application/octet-stream;base64,AGFzbQEAAAABIAZgAX8Bf2ADf39/AGABfwBgAABgAAF/YAZ/f39/f38AAgcBAWEBYQAAAwsKAAEDAQAAAgQFAgQFAXABAQEFBwEBgAKAgAIGCQF/AUGAjMACCwclCQFiAgABYwADAWQACQFlAAgBZgAHAWcABgFoAAUBaQAKAWoBAAqGTQpPAQJ/QYAIKAIAIgEgAEEDakF8cSICaiEAAkAgAkEAIAAgAU0bDQAgAD8AQRB0SwRAIAAQAEUNAQtBgAggADYCACABDwtBhAhBMDYCAEF/C4wFAg5+Cn8gACgCJCEUIAAoAiAhFSAAKAIcIREgACgCGCESIAAoAhQhEyACQRBPBEAgAC0ATEVBGHQhFyAAKAIEIhZBBWytIQ8gACgCCCIYQQVsrSENIAAoAgwiGUEFbK0hCyAAKAIQIhpBBWytIQkgADUCACEIIBqtIRAgGa0hDiAYrSEMIBatIQoDQCASIAEtAAMiEiABLQAEQQh0ciABLQAFQRB0ciABLQAGIhZBGHRyQQJ2Qf///x9xaq0iAyAOfiABLwAAIAEtAAJBEHRyIBNqIBJBGHRBgICAGHFqrSIEIBB+fCARIAEtAAdBCHQgFnIgAS0ACEEQdHIgAS0ACSIRQRh0ckEEdkH///8fcWqtIgUgDH58IAEtAApBCHQgEXIgAS0AC0EQdHIgAS0ADEEYdHJBBnYgFWqtIgYgCn58IBQgF2ogAS8ADSABLQAPQRB0cmqtIgcgCH58IAMgDH4gBCAOfnwgBSAKfnwgBiAIfnwgByAJfnwgAyAKfiAEIAx+fCAFIAh+fCAGIAl+fCAHIAt+fCADIAh+IAQgCn58IAUgCX58IAYgC358IAcgDX58IAMgCX4gBCAIfnwgBSALfnwgBiANfnwgByAPfnwiA0IaiEL/////D4N8IgRCGohC/////w+DfCIFQhqIQv////8Pg3wiBkIaiEL/////D4N8IgdCGoinQQVsIAOnQf///x9xaiITQRp2IASnQf///x9xaiESIAWnQf///x9xIREgBqdB////H3EhFSAHp0H///8fcSEUIBNB////H3EhEyABQRBqIQEgAkEQayICQQ9LDQALCyAAIBQ2AiQgACAVNgIgIAAgETYCHCAAIBI2AhggACATNgIUCwMAAQu2BAEGfwJAIAAoAjgiBARAIABBPGohBQJAIAJBECAEayIDIAIgA0kbIgZFDQAgBkEDcSEHAkAgBkEBa0EDSQRAQQAhAwwBCyAGQXxxIQhBACEDA0AgBSADIARqaiABIANqLQAAOgAAIAUgA0EBciIEIAAoAjhqaiABIARqLQAAOgAAIAUgA0ECciIEIAAoAjhqaiABIARqLQAAOgAAIAUgA0EDciIEIAAoAjhqaiABIARqLQAAOgAAIANBBGohAyAAKAI4IQQgCEEEayIIDQALCyAHRQ0AA0AgBSADIARqaiABIANqLQAAOgAAIANBAWohAyAAKAI4IQQgB0EBayIHDQALCyAAIAQgBmoiAzYCOCADQRBJDQEgACAFQRAQAiAAQQA2AjggAiAGayECIAEgBmohAQsgAkEQTwRAIAAgASACQXBxIgMQAiACQQ9xIQIgASADaiEBCyACRQ0AIAJBA3EhBCAAQTxqIQVBACEDIAJBAWtBA08EQCACQXxxIQcDQCAFIAAoAjggA2pqIAEgA2otAAA6AAAgBSADQQFyIgYgACgCOGpqIAEgBmotAAA6AAAgBSADQQJyIgYgACgCOGpqIAEgBmotAAA6AAAgBSADQQNyIgYgACgCOGpqIAEgBmotAAA6AAAgA0EEaiEDIAdBBGsiBw0ACwsgBARAA0AgBSAAKAI4IANqaiABIANqLQAAOgAAIANBAWohAyAEQQFrIgQNAAsLIAAgACgCOCACajYCOAsLoS0BDH8jAEEQayIMJAACQAJAAkACQAJAAkACQAJAAkACQAJAAkAgAEH0AU0EQEGICCgCACIFQRAgAEELakF4cSAAQQtJGyIIQQN2IgJ2IgFBA3EEQCABQX9zQQFxIAJqIgNBA3QiAUG4CGooAgAiBEEIaiEAAkAgBCgCCCICIAFBsAhqIgFGBEBBiAggBUF+IAN3cTYCAAwBCyACIAE2AgwgASACNgIICyAEIANBA3QiAUEDcjYCBCABIARqIgEgASgCBEEBcjYCBAwNCyAIQZAIKAIAIgpNDQEgAQRAAkBBAiACdCIAQQAgAGtyIAEgAnRxIgBBACAAa3FBAWsiACAAQQx2QRBxIgJ2IgFBBXZBCHEiACACciABIAB2IgFBAnZBBHEiAHIgASAAdiIBQQF2QQJxIgByIAEgAHYiAUEBdkEBcSIAciABIAB2aiIDQQN0IgBBuAhqKAIAIgQoAggiASAAQbAIaiIARgRAQYgIIAVBfiADd3EiBTYCAAwBCyABIAA2AgwgACABNgIICyAEQQhqIQAgBCAIQQNyNgIEIAQgCGoiAiADQQN0IgEgCGsiA0EBcjYCBCABIARqIAM2AgAgCgRAIApBA3YiAUEDdEGwCGohB0GcCCgCACEEAn8gBUEBIAF0IgFxRQRAQYgIIAEgBXI2AgAgBwwBCyAHKAIICyEBIAcgBDYCCCABIAQ2AgwgBCAHNgIMIAQgATYCCAtBnAggAjYCAEGQCCADNgIADA0LQYwIKAIAIgZFDQEgBkEAIAZrcUEBayIAIABBDHZBEHEiAnYiAUEFdkEIcSIAIAJyIAEgAHYiAUECdkEEcSIAciABIAB2IgFBAXZBAnEiAHIgASAAdiIBQQF2QQFxIgByIAEgAHZqQQJ0QbgKaigCACIBKAIEQXhxIAhrIQMgASECA0ACQCACKAIQIgBFBEAgAigCFCIARQ0BCyAAKAIEQXhxIAhrIgIgAyACIANJIgIbIQMgACABIAIbIQEgACECDAELCyABIAhqIgkgAU0NAiABKAIYIQsgASABKAIMIgRHBEAgASgCCCIAQZgIKAIASRogACAENgIMIAQgADYCCAwMCyABQRRqIgIoAgAiAEUEQCABKAIQIgBFDQQgAUEQaiECCwNAIAIhByAAIgRBFGoiAigCACIADQAgBEEQaiECIAQoAhAiAA0ACyAHQQA2AgAMCwtBfyEIIABBv39LDQAgAEELaiIAQXhxIQhBjAgoAgAiCUUNAEEAIAhrIQMCQAJAAkACf0EAIAhBgAJJDQAaQR8gCEH///8HSw0AGiAAQQh2IgAgAEGA/j9qQRB2QQhxIgJ0IgAgAEGA4B9qQRB2QQRxIgF0IgAgAEGAgA9qQRB2QQJxIgB0QQ92IAEgAnIgAHJrIgBBAXQgCCAAQRVqdkEBcXJBHGoLIgVBAnRBuApqKAIAIgJFBEBBACEADAELQQAhACAIQQBBGSAFQQF2ayAFQR9GG3QhAQNAAkAgAigCBEF4cSAIayIHIANPDQAgAiEEIAciAw0AQQAhAyACIQAMAwsgACACKAIUIgcgByACIAFBHXZBBHFqKAIQIgJGGyAAIAcbIQAgAUEBdCEBIAINAAsLIAAgBHJFBEBBACEEQQIgBXQiAEEAIABrciAJcSIARQ0DIABBACAAa3FBAWsiACAAQQx2QRBxIgJ2IgFBBXZBCHEiACACciABIAB2IgFBAnZBBHEiAHIgASAAdiIBQQF2QQJxIgByIAEgAHYiAUEBdkEBcSIAciABIAB2akECdEG4CmooAgAhAAsgAEUNAQsDQCAAKAIEQXhxIAhrIgEgA0khAiABIAMgAhshAyAAIAQgAhshBCAAKAIQIgEEfyABBSAAKAIUCyIADQALCyAERQ0AIANBkAgoAgAgCGtPDQAgBCAIaiIGIARNDQEgBCgCGCEFIAQgBCgCDCIBRwRAIAQoAggiAEGYCCgCAEkaIAAgATYCDCABIAA2AggMCgsgBEEUaiICKAIAIgBFBEAgBCgCECIARQ0EIARBEGohAgsDQCACIQcgACIBQRRqIgIoAgAiAA0AIAFBEGohAiABKAIQIgANAAsgB0EANgIADAkLIAhBkAgoAgAiAk0EQEGcCCgCACEDAkAgAiAIayIBQRBPBEBBkAggATYCAEGcCCADIAhqIgA2AgAgACABQQFyNgIEIAIgA2ogATYCACADIAhBA3I2AgQMAQtBnAhBADYCAEGQCEEANgIAIAMgAkEDcjYCBCACIANqIgAgACgCBEEBcjYCBAsgA0EIaiEADAsLIAhBlAgoAgAiBkkEQEGUCCAGIAhrIgE2AgBBoAhBoAgoAgAiAiAIaiIANgIAIAAgAUEBcjYCBCACIAhBA3I2AgQgAkEIaiEADAsLQQAhACAIQS9qIgkCf0HgCygCAARAQegLKAIADAELQewLQn83AgBB5AtCgKCAgICABDcCAEHgCyAMQQxqQXBxQdiq1aoFczYCAEH0C0EANgIAQcQLQQA2AgBBgCALIgFqIgVBACABayIHcSICIAhNDQpBwAsoAgAiBARAQbgLKAIAIgMgAmoiASADTQ0LIAEgBEsNCwtBxAstAABBBHENBQJAAkBBoAgoAgAiAwRAQcgLIQADQCADIAAoAgAiAU8EQCABIAAoAgRqIANLDQMLIAAoAggiAA0ACwtBABABIgFBf0YNBiACIQVB5AsoAgAiA0EBayIAIAFxBEAgAiABayAAIAFqQQAgA2txaiEFCyAFIAhNDQYgBUH+////B0sNBkHACygCACIEBEBBuAsoAgAiAyAFaiIAIANNDQcgACAESw0HCyAFEAEiACABRw0BDAgLIAUgBmsgB3EiBUH+////B0sNBSAFEAEiASAAKAIAIAAoAgRqRg0EIAEhAAsCQCAAQX9GDQAgCEEwaiAFTQ0AQegLKAIAIgEgCSAFa2pBACABa3EiAUH+////B0sEQCAAIQEMCAsgARABQX9HBEAgASAFaiEFIAAhAQwIC0EAIAVrEAEaDAULIAAiAUF/Rw0GDAQLAAtBACEEDAcLQQAhAQwFCyABQX9HDQILQcQLQcQLKAIAQQRyNgIACyACQf7///8HSw0BIAIQASEBQQAQASEAIAFBf0YNASAAQX9GDQEgACABTQ0BIAAgAWsiBSAIQShqTQ0BC0G4C0G4CygCACAFaiIANgIAQbwLKAIAIABJBEBBvAsgADYCAAsCQAJAAkBBoAgoAgAiBwRAQcgLIQADQCABIAAoAgAiAyAAKAIEIgJqRg0CIAAoAggiAA0ACwwCC0GYCCgCACIAQQAgACABTRtFBEBBmAggATYCAAtBACEAQcwLIAU2AgBByAsgATYCAEGoCEF/NgIAQawIQeALKAIANgIAQdQLQQA2AgADQCAAQQN0IgNBuAhqIANBsAhqIgI2AgAgA0G8CGogAjYCACAAQQFqIgBBIEcNAAtBlAggBUEoayIDQXggAWtBB3FBACABQQhqQQdxGyIAayICNgIAQaAIIAAgAWoiADYCACAAIAJBAXI2AgQgASADakEoNgIEQaQIQfALKAIANgIADAILIAAtAAxBCHENACADIAdLDQAgASAHTQ0AIAAgAiAFajYCBEGgCCAHQXggB2tBB3FBACAHQQhqQQdxGyIAaiICNgIAQZQIQZQIKAIAIAVqIgEgAGsiADYCACACIABBAXI2AgQgASAHakEoNgIEQaQIQfALKAIANgIADAELQZgIKAIAIAFLBEBBmAggATYCAAsgASAFaiECQcgLIQACQAJAAkACQAJAAkADQCACIAAoAgBHBEAgACgCCCIADQEMAgsLIAAtAAxBCHFFDQELQcgLIQADQCAHIAAoAgAiAk8EQCACIAAoAgRqIgQgB0sNAwsgACgCCCEADAALAAsgACABNgIAIAAgACgCBCAFajYCBCABQXggAWtBB3FBACABQQhqQQdxG2oiCSAIQQNyNgIEIAJBeCACa0EHcUEAIAJBCGpBB3EbaiIFIAggCWoiBmshAiAFIAdGBEBBoAggBjYCAEGUCEGUCCgCACACaiIANgIAIAYgAEEBcjYCBAwDCyAFQZwIKAIARgRAQZwIIAY2AgBBkAhBkAgoAgAgAmoiADYCACAGIABBAXI2AgQgACAGaiAANgIADAMLIAUoAgQiAEEDcUEBRgRAIABBeHEhBwJAIABB/wFNBEAgBSgCCCIDIABBA3YiAEEDdEGwCGpGGiADIAUoAgwiAUYEQEGICEGICCgCAEF+IAB3cTYCAAwCCyADIAE2AgwgASADNgIIDAELIAUoAhghCAJAIAUgBSgCDCIBRwRAIAUoAggiACABNgIMIAEgADYCCAwBCwJAIAVBFGoiACgCACIDDQAgBUEQaiIAKAIAIgMNAEEAIQEMAQsDQCAAIQQgAyIBQRRqIgAoAgAiAw0AIAFBEGohACABKAIQIgMNAAsgBEEANgIACyAIRQ0AAkAgBSAFKAIcIgNBAnRBuApqIgAoAgBGBEAgACABNgIAIAENAUGMCEGMCCgCAEF+IAN3cTYCAAwCCyAIQRBBFCAIKAIQIAVGG2ogATYCACABRQ0BCyABIAg2AhggBSgCECIABEAgASAANgIQIAAgATYCGAsgBSgCFCIARQ0AIAEgADYCFCAAIAE2AhgLIAUgB2ohBSACIAdqIQILIAUgBSgCBEF+cTYCBCAGIAJBAXI2AgQgAiAGaiACNgIAIAJB/wFNBEAgAkEDdiIAQQN0QbAIaiECAn9BiAgoAgAiAUEBIAB0IgBxRQRAQYgIIAAgAXI2AgAgAgwBCyACKAIICyEAIAIgBjYCCCAAIAY2AgwgBiACNgIMIAYgADYCCAwDC0EfIQAgAkH///8HTQRAIAJBCHYiACAAQYD+P2pBEHZBCHEiA3QiACAAQYDgH2pBEHZBBHEiAXQiACAAQYCAD2pBEHZBAnEiAHRBD3YgASADciAAcmsiAEEBdCACIABBFWp2QQFxckEcaiEACyAGIAA2AhwgBkIANwIQIABBAnRBuApqIQQCQEGMCCgCACIDQQEgAHQiAXFFBEBBjAggASADcjYCACAEIAY2AgAgBiAENgIYDAELIAJBAEEZIABBAXZrIABBH0YbdCEAIAQoAgAhAQNAIAEiAygCBEF4cSACRg0DIABBHXYhASAAQQF0IQAgAyABQQRxaiIEKAIQIgENAAsgBCAGNgIQIAYgAzYCGAsgBiAGNgIMIAYgBjYCCAwCC0GUCCAFQShrIgNBeCABa0EHcUEAIAFBCGpBB3EbIgBrIgI2AgBBoAggACABaiIANgIAIAAgAkEBcjYCBCABIANqQSg2AgRBpAhB8AsoAgA2AgAgByAEQScgBGtBB3FBACAEQSdrQQdxG2pBL2siACAAIAdBEGpJGyICQRs2AgQgAkHQCykCADcCECACQcgLKQIANwIIQdALIAJBCGo2AgBBzAsgBTYCAEHICyABNgIAQdQLQQA2AgAgAkEYaiEAA0AgAEEHNgIEIABBCGohASAAQQRqIQAgASAESQ0ACyACIAdGDQMgAiACKAIEQX5xNgIEIAcgAiAHayIEQQFyNgIEIAIgBDYCACAEQf8BTQRAIARBA3YiAEEDdEGwCGohAgJ/QYgIKAIAIgFBASAAdCIAcUUEQEGICCAAIAFyNgIAIAIMAQsgAigCCAshACACIAc2AgggACAHNgIMIAcgAjYCDCAHIAA2AggMBAtBHyEAIAdCADcCECAEQf///wdNBEAgBEEIdiIAIABBgP4/akEQdkEIcSICdCIAIABBgOAfakEQdkEEcSIBdCIAIABBgIAPakEQdkECcSIAdEEPdiABIAJyIAByayIAQQF0IAQgAEEVanZBAXFyQRxqIQALIAcgADYCHCAAQQJ0QbgKaiEDAkBBjAgoAgAiAkEBIAB0IgFxRQRAQYwIIAEgAnI2AgAgAyAHNgIAIAcgAzYCGAwBCyAEQQBBGSAAQQF2ayAAQR9GG3QhACADKAIAIQEDQCABIgIoAgRBeHEgBEYNBCAAQR12IQEgAEEBdCEAIAIgAUEEcWoiAygCECIBDQALIAMgBzYCECAHIAI2AhgLIAcgBzYCDCAHIAc2AggMAwsgAygCCCIAIAY2AgwgAyAGNgIIIAZBADYCGCAGIAM2AgwgBiAANgIICyAJQQhqIQAMBQsgAigCCCIAIAc2AgwgAiAHNgIIIAdBADYCGCAHIAI2AgwgByAANgIIC0GUCCgCACIAIAhNDQBBlAggACAIayIBNgIAQaAIQaAIKAIAIgIgCGoiADYCACAAIAFBAXI2AgQgAiAIQQNyNgIEIAJBCGohAAwDC0GECEEwNgIAQQAhAAwCCwJAIAVFDQACQCAEKAIcIgJBAnRBuApqIgAoAgAgBEYEQCAAIAE2AgAgAQ0BQYwIIAlBfiACd3EiCTYCAAwCCyAFQRBBFCAFKAIQIARGG2ogATYCACABRQ0BCyABIAU2AhggBCgCECIABEAgASAANgIQIAAgATYCGAsgBCgCFCIARQ0AIAEgADYCFCAAIAE2AhgLAkAgA0EPTQRAIAQgAyAIaiIAQQNyNgIEIAAgBGoiACAAKAIEQQFyNgIEDAELIAQgCEEDcjYCBCAGIANBAXI2AgQgAyAGaiADNgIAIANB/wFNBEAgA0EDdiIAQQN0QbAIaiECAn9BiAgoAgAiAUEBIAB0IgBxRQRAQYgIIAAgAXI2AgAgAgwBCyACKAIICyEAIAIgBjYCCCAAIAY2AgwgBiACNgIMIAYgADYCCAwBC0EfIQAgA0H///8HTQRAIANBCHYiACAAQYD+P2pBEHZBCHEiAnQiACAAQYDgH2pBEHZBBHEiAXQiACAAQYCAD2pBEHZBAnEiAHRBD3YgASACciAAcmsiAEEBdCADIABBFWp2QQFxckEcaiEACyAGIAA2AhwgBkIANwIQIABBAnRBuApqIQICQAJAIAlBASAAdCIBcUUEQEGMCCABIAlyNgIAIAIgBjYCACAGIAI2AhgMAQsgA0EAQRkgAEEBdmsgAEEfRht0IQAgAigCACEIA0AgCCIBKAIEQXhxIANGDQIgAEEddiECIABBAXQhACABIAJBBHFqIgIoAhAiCA0ACyACIAY2AhAgBiABNgIYCyAGIAY2AgwgBiAGNgIIDAELIAEoAggiACAGNgIMIAEgBjYCCCAGQQA2AhggBiABNgIMIAYgADYCCAsgBEEIaiEADAELAkAgC0UNAAJAIAEoAhwiAkECdEG4CmoiACgCACABRgRAIAAgBDYCACAEDQFBjAggBkF+IAJ3cTYCAAwCCyALQRBBFCALKAIQIAFGG2ogBDYCACAERQ0BCyAEIAs2AhggASgCECIABEAgBCAANgIQIAAgBDYCGAsgASgCFCIARQ0AIAQgADYCFCAAIAQ2AhgLAkAgA0EPTQRAIAEgAyAIaiIAQQNyNgIEIAAgAWoiACAAKAIEQQFyNgIEDAELIAEgCEEDcjYCBCAJIANBAXI2AgQgAyAJaiADNgIAIAoEQCAKQQN2IgBBA3RBsAhqIQRBnAgoAgAhAgJ/QQEgAHQiACAFcUUEQEGICCAAIAVyNgIAIAQMAQsgBCgCCAshACAEIAI2AgggACACNgIMIAIgBDYCDCACIAA2AggLQZwIIAk2AgBBkAggAzYCAAsgAUEIaiEACyAMQRBqJAAgAAsQACMAIABrQXBxIgAkACAACwYAIAAkAAsEACMAC4AJAgh/BH4jAEGQAWsiBiQAIAYgBS0AA0EYdEGAgIAYcSAFLwAAIAUtAAJBEHRycjYCACAGIAUoAANBAnZBg/7/H3E2AgQgBiAFKAAGQQR2Qf+B/x9xNgIIIAYgBSgACUEGdkH//8AfcTYCDCAFLwANIQggBS0ADyEJIAZCADcCFCAGQgA3AhwgBkEANgIkIAYgCCAJQRB0QYCAPHFyNgIQIAYgBSgAEDYCKCAGIAUoABQ2AiwgBiAFKAAYNgIwIAUoABwhBSAGQQA6AEwgBkEANgI4IAYgBTYCNCAGIAEgAhAEIAQEQCAGIAMgBBAECyAGKAI4IgEEQCAGQTxqIgIgAWpBAToAACABQQFqQQ9NBEAgASAGakE9aiEEAkBBDyABayIDRQ0AIAMgBGoiAUEBa0EAOgAAIARBADoAACADQQNJDQAgAUECa0EAOgAAIARBADoAASABQQNrQQA6AAAgBEEAOgACIANBB0kNACABQQRrQQA6AAAgBEEAOgADIANBCUkNACAEQQAgBGtBA3EiAWoiBEEANgIAIAQgAyABa0F8cSIBaiIDQQRrQQA2AgAgAUEJSQ0AIARBADYCCCAEQQA2AgQgA0EIa0EANgIAIANBDGtBADYCACABQRlJDQAgBEEANgIYIARBADYCFCAEQQA2AhAgBEEANgIMIANBEGtBADYCACADQRRrQQA2AgAgA0EYa0EANgIAIANBHGtBADYCACABIARBBHFBGHIiAWsiA0EgSQ0AIAEgBGohAQNAIAFCADcDGCABQgA3AxAgAUIANwMIIAFCADcDACABQSBqIQEgA0EgayIDQR9LDQALCwsgBkEBOgBMIAYgAkEQEAILIAY1AjQhECAGNQIwIREgBjUCLCEOIAAgBjUCKCAGKAIkIAYoAiAgBigCHCAGKAIYIgNBGnZqIgJBGnZqIgFBGnZqIgtBgICAYHIgAUH///8fcSINIAJB////H3EiCCAGKAIUIAtBGnZBBWxqIgFB////H3EiCUEFaiIFQRp2IANB////H3EgAUEadmoiA2oiAUEadmoiAkEadmoiBEEadmoiDEEfdSIHIANxIAEgDEEfdkEBayIDQf///x9xIgpxciIBQRp0IAUgCnEgByAJcXJyrXwiDzwAACAAIA9CGIg8AAMgACAPQhCIPAACIAAgD0IIiDwAASAAIA4gByAIcSACIApxciICQRR0IAFBBnZyrXwgD0IgiHwiDjwABCAAIA5CGIg8AAcgACAOQhCIPAAGIAAgDkIIiDwABSAAIBEgByANcSAEIApxciIBQQ50IAJBDHZyrXwgDkIgiHwiDjwACCAAIA5CGIg8AAsgACAOQhCIPAAKIAAgDkIIiDwACSAAIBAgAyAMcSAHIAtxckEIdCABQRJ2cq18IA5CIIh8Ig48AAwgACAOQhiIPAAPIAAgDkIQiDwADiAAIA5CCIg8AA0gBkIANwIwIAZCADcCKCAGQgA3AiAgBkIANwIYIAZCADcCECAGQgA3AgggBkIANwIAIAZBkAFqJAALpwwBB38CQCAARQ0AIABBCGsiAyAAQQRrKAIAIgFBeHEiAGohBQJAIAFBAXENACABQQNxRQ0BIAMgAygCACIBayIDQZgIKAIASQ0BIAAgAWohACADQZwIKAIARwRAIAFB/wFNBEAgAygCCCICIAFBA3YiBEEDdEGwCGpGGiACIAMoAgwiAUYEQEGICEGICCgCAEF+IAR3cTYCAAwDCyACIAE2AgwgASACNgIIDAILIAMoAhghBgJAIAMgAygCDCIBRwRAIAMoAggiAiABNgIMIAEgAjYCCAwBCwJAIANBFGoiAigCACIEDQAgA0EQaiICKAIAIgQNAEEAIQEMAQsDQCACIQcgBCIBQRRqIgIoAgAiBA0AIAFBEGohAiABKAIQIgQNAAsgB0EANgIACyAGRQ0BAkAgAyADKAIcIgJBAnRBuApqIgQoAgBGBEAgBCABNgIAIAENAUGMCEGMCCgCAEF+IAJ3cTYCAAwDCyAGQRBBFCAGKAIQIANGG2ogATYCACABRQ0CCyABIAY2AhggAygCECICBEAgASACNgIQIAIgATYCGAsgAygCFCICRQ0BIAEgAjYCFCACIAE2AhgMAQsgBSgCBCIBQQNxQQNHDQBBkAggADYCACAFIAFBfnE2AgQgAyAAQQFyNgIEIAAgA2ogADYCAA8LIAMgBU8NACAFKAIEIgFBAXFFDQACQCABQQJxRQRAIAVBoAgoAgBGBEBBoAggAzYCAEGUCEGUCCgCACAAaiIANgIAIAMgAEEBcjYCBCADQZwIKAIARw0DQZAIQQA2AgBBnAhBADYCAA8LIAVBnAgoAgBGBEBBnAggAzYCAEGQCEGQCCgCACAAaiIANgIAIAMgAEEBcjYCBCAAIANqIAA2AgAPCyABQXhxIABqIQACQCABQf8BTQRAIAUoAggiAiABQQN2IgRBA3RBsAhqRhogAiAFKAIMIgFGBEBBiAhBiAgoAgBBfiAEd3E2AgAMAgsgAiABNgIMIAEgAjYCCAwBCyAFKAIYIQYCQCAFIAUoAgwiAUcEQCAFKAIIIgJBmAgoAgBJGiACIAE2AgwgASACNgIIDAELAkAgBUEUaiICKAIAIgQNACAFQRBqIgIoAgAiBA0AQQAhAQwBCwNAIAIhByAEIgFBFGoiAigCACIEDQAgAUEQaiECIAEoAhAiBA0ACyAHQQA2AgALIAZFDQACQCAFIAUoAhwiAkECdEG4CmoiBCgCAEYEQCAEIAE2AgAgAQ0BQYwIQYwIKAIAQX4gAndxNgIADAILIAZBEEEUIAYoAhAgBUYbaiABNgIAIAFFDQELIAEgBjYCGCAFKAIQIgIEQCABIAI2AhAgAiABNgIYCyAFKAIUIgJFDQAgASACNgIUIAIgATYCGAsgAyAAQQFyNgIEIAAgA2ogADYCACADQZwIKAIARw0BQZAIIAA2AgAPCyAFIAFBfnE2AgQgAyAAQQFyNgIEIAAgA2ogADYCAAsgAEH/AU0EQCAAQQN2IgFBA3RBsAhqIQACf0GICCgCACICQQEgAXQiAXFFBEBBiAggASACcjYCACAADAELIAAoAggLIQIgACADNgIIIAIgAzYCDCADIAA2AgwgAyACNgIIDwtBHyECIANCADcCECAAQf///wdNBEAgAEEIdiIBIAFBgP4/akEQdkEIcSIBdCICIAJBgOAfakEQdkEEcSICdCIEIARBgIAPakEQdkECcSIEdEEPdiABIAJyIARyayIBQQF0IAAgAUEVanZBAXFyQRxqIQILIAMgAjYCHCACQQJ0QbgKaiEBAkACQAJAQYwIKAIAIgRBASACdCIHcUUEQEGMCCAEIAdyNgIAIAEgAzYCACADIAE2AhgMAQsgAEEAQRkgAkEBdmsgAkEfRht0IQIgASgCACEBA0AgASIEKAIEQXhxIABGDQIgAkEddiEBIAJBAXQhAiAEIAFBBHFqIgdBEGooAgAiAQ0ACyAHIAM2AhAgAyAENgIYCyADIAM2AgwgAyADNgIIDAELIAQoAggiACADNgIMIAQgAzYCCCADQQA2AhggAyAENgIMIAMgADYCCAtBqAhBqAgoAgBBAWsiAEF/IAAbNgIACwsLCQEAQYEICwIGUA==";if(!W.startsWith(V)){var na=W;W=b.locateFile?b.locateFile(na,B):B+na}function pa(){var a=W;try{if(a==W&&J)return new Uint8Array(J);var c=H(a);if(c)return c;if(E)return E(a);throw"both async and sync fetching of the wasm failed";}catch(d){K(d)}} function qa(){if(!J&&(x||y)){if("function"===typeof fetch&&!W.startsWith("file://"))return fetch(W,{credentials:"same-origin"}).then(function(a){if(!a.ok)throw"failed to load wasm binary file at '"+W+"'";return a.arrayBuffer()}).catch(function(){return pa()});if(D)return new Promise(function(a,c){D(W,function(d){a(new Uint8Array(d))},c)})}return Promise.resolve().then(function(){return pa()})} function X(a){for(;0>4;f=(f&15)<<4|l>>2;var t=(l&3)<<6|A;c+=String.fromCharCode(e);64!==l&&(c+=String.fromCharCode(f));64!==A&&(c+=String.fromCharCode(t))}while(d>>=0;if(2147483648=d;d*=2){var e=c*(1+.2/d);e=Math.min(e,a+100663296);e=Math.max(a,e);0>>16);ia();var f=1;break a}catch(l){}f=void 0}if(f)return!0}return!1}}; (function(){function a(f){b.asm=f.exports;L=b.asm.b;ia();R=b.asm.j;ka.unshift(b.asm.c);S--;b.monitorRunDependencies&&b.monitorRunDependencies(S);0==S&&(null!==T&&(clearInterval(T),T=null),U&&(f=U,U=null,f()))}function c(f){a(f.instance)}function d(f){return qa().then(function(l){return WebAssembly.instantiate(l,e)}).then(f,function(l){I("failed to asynchronously prepare wasm: "+l);K(l)})}var e={a:sa};S++;b.monitorRunDependencies&&b.monitorRunDependencies(S);if(b.instantiateWasm)try{return b.instantiateWasm(e, a)}catch(f){return I("Module.instantiateWasm callback failed with error: "+f),!1}(function(){return J||"function"!==typeof WebAssembly.instantiateStreaming||W.startsWith(V)||W.startsWith("file://")||"function"!==typeof fetch?d(c):fetch(W,{credentials:"same-origin"}).then(function(f){return WebAssembly.instantiateStreaming(f,e).then(c,function(l){I("wasm streaming compile failed: "+l);I("falling back to ArrayBuffer instantiation");return d(c)})})})().catch(r);return{}})(); b.___wasm_call_ctors=function(){return(b.___wasm_call_ctors=b.asm.c).apply(null,arguments)};b._poly1305_auth=function(){return(b._poly1305_auth=b.asm.d).apply(null,arguments)};var da=b.stackSave=function(){return(da=b.stackSave=b.asm.e).apply(null,arguments)},fa=b.stackRestore=function(){return(fa=b.stackRestore=b.asm.f).apply(null,arguments)},O=b.stackAlloc=function(){return(O=b.stackAlloc=b.asm.g).apply(null,arguments)};b._malloc=function(){return(b._malloc=b.asm.h).apply(null,arguments)}; b._free=function(){return(b._free=b.asm.i).apply(null,arguments)};b.cwrap=function(a,c,d,e){d=d||[];var f=d.every(function(l){return"number"===l});return"string"!==c&&f&&!e?N(a):function(){return ca(a,c,d,arguments)}};var Y;U=function ta(){Y||Z();Y||(U=ta)}; function Z(){function a(){if(!Y&&(Y=!0,b.calledRun=!0,!M)){X(ka);q(b);if(b.onRuntimeInitialized)b.onRuntimeInitialized();if(b.postRun)for("function"==typeof b.postRun&&(b.postRun=[b.postRun]);b.postRun.length;){var c=b.postRun.shift();la.unshift(c)}X(la)}}if(!(0 { "use strict"; const MESSAGE_HANDLERS = new Array(256); [ __nccwpck_require__(4126).HANDLERS, __nccwpck_require__(6475), ].forEach((handlers) => { // eslint-disable-next-line prefer-const for (let [type, handler] of Object.entries(handlers)) { type = +type; if (isFinite(type) && type >= 0 && type < MESSAGE_HANDLERS.length) MESSAGE_HANDLERS[type] = handler; } }); module.exports = MESSAGE_HANDLERS; /***/ }), /***/ 6475: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const { bufferSlice, bufferParser, doFatalError, sigSSHToASN1, writeUInt32BE, } = __nccwpck_require__(9475); const { CHANNEL_OPEN_FAILURE, COMPAT, MESSAGE, TERMINAL_MODE, } = __nccwpck_require__(6832); const { parseKey, } = __nccwpck_require__(2218); const TERMINAL_MODE_BY_VALUE = Array.from(Object.entries(TERMINAL_MODE)) .reduce((obj, [key, value]) => ({ ...obj, [key]: value }), {}); module.exports = { // Transport layer protocol ================================================== [MESSAGE.DISCONNECT]: (self, payload) => { /* byte SSH_MSG_DISCONNECT uint32 reason code string description in ISO-10646 UTF-8 encoding string language tag */ bufferParser.init(payload, 1); const reason = bufferParser.readUInt32BE(); const desc = bufferParser.readString(true); const lang = bufferParser.readString(); bufferParser.clear(); if (lang === undefined) { return doFatalError( self, 'Inbound: Malformed DISCONNECT packet' ); } self._debug && self._debug( `Inbound: Received DISCONNECT (${reason}, "${desc}")` ); const handler = self._handlers.DISCONNECT; handler && handler(self, reason, desc); }, [MESSAGE.IGNORE]: (self, payload) => { /* byte SSH_MSG_IGNORE string data */ self._debug && self._debug('Inbound: Received IGNORE'); }, [MESSAGE.UNIMPLEMENTED]: (self, payload) => { /* byte SSH_MSG_UNIMPLEMENTED uint32 packet sequence number of rejected message */ bufferParser.init(payload, 1); const seqno = bufferParser.readUInt32BE(); bufferParser.clear(); if (seqno === undefined) { return doFatalError( self, 'Inbound: Malformed UNIMPLEMENTED packet' ); } self._debug && self._debug(`Inbound: Received UNIMPLEMENTED (seqno ${seqno})`); }, [MESSAGE.DEBUG]: (self, payload) => { /* byte SSH_MSG_DEBUG boolean always_display string message in ISO-10646 UTF-8 encoding [RFC3629] string language tag [RFC3066] */ bufferParser.init(payload, 1); const display = bufferParser.readBool(); const msg = bufferParser.readString(true); const lang = bufferParser.readString(); bufferParser.clear(); if (lang === undefined) { return doFatalError( self, 'Inbound: Malformed DEBUG packet' ); } self._debug && self._debug('Inbound: Received DEBUG'); const handler = self._handlers.DEBUG; handler && handler(self, display, msg); }, [MESSAGE.SERVICE_REQUEST]: (self, payload) => { /* byte SSH_MSG_SERVICE_REQUEST string service name */ bufferParser.init(payload, 1); const name = bufferParser.readString(true); bufferParser.clear(); if (name === undefined) { return doFatalError( self, 'Inbound: Malformed SERVICE_REQUEST packet' ); } self._debug && self._debug(`Inbound: Received SERVICE_REQUEST (${name})`); const handler = self._handlers.SERVICE_REQUEST; handler && handler(self, name); }, [MESSAGE.SERVICE_ACCEPT]: (self, payload) => { // S->C /* byte SSH_MSG_SERVICE_ACCEPT string service name */ bufferParser.init(payload, 1); const name = bufferParser.readString(true); bufferParser.clear(); if (name === undefined) { return doFatalError( self, 'Inbound: Malformed SERVICE_ACCEPT packet' ); } self._debug && self._debug(`Inbound: Received SERVICE_ACCEPT (${name})`); const handler = self._handlers.SERVICE_ACCEPT; handler && handler(self, name); }, // User auth protocol -- generic ============================================= [MESSAGE.USERAUTH_REQUEST]: (self, payload) => { /* byte SSH_MSG_USERAUTH_REQUEST string user name in ISO-10646 UTF-8 encoding [RFC3629] string service name in US-ASCII string method name in US-ASCII .... method specific fields */ bufferParser.init(payload, 1); const user = bufferParser.readString(true); const service = bufferParser.readString(true); const method = bufferParser.readString(true); let methodData; let methodDesc; switch (method) { case 'none': methodData = null; break; case 'password': { /* boolean string plaintext password in ISO-10646 UTF-8 encoding [RFC3629] [string new password] */ const isChange = bufferParser.readBool(); if (isChange !== undefined) { methodData = bufferParser.readString(true); if (methodData !== undefined && isChange) { const newPassword = bufferParser.readString(true); if (newPassword !== undefined) methodData = { oldPassword: methodData, newPassword }; else methodData = undefined; } } break; } case 'publickey': { /* boolean string public key algorithm name string public key blob [string signature] */ const hasSig = bufferParser.readBool(); if (hasSig !== undefined) { const keyAlgo = bufferParser.readString(true); const key = bufferParser.readString(); if (hasSig) { const blobEnd = bufferParser.pos(); let signature = bufferParser.readString(); if (signature !== undefined) { if (signature.length > (4 + keyAlgo.length + 4) && signature.utf8Slice(4, 4 + keyAlgo.length) === keyAlgo) { // Skip algoLen + algo + sigLen signature = bufferSlice(signature, 4 + keyAlgo.length + 4); } signature = sigSSHToASN1(signature, keyAlgo); if (signature) { const sessionID = self._kex.sessionID; const blob = Buffer.allocUnsafe(4 + sessionID.length + blobEnd); writeUInt32BE(blob, sessionID.length, 0); blob.set(sessionID, 4); blob.set( new Uint8Array(payload.buffer, payload.byteOffset, blobEnd), 4 + sessionID.length ); methodData = { keyAlgo, key, signature, blob, }; } } } else { methodData = { keyAlgo, key }; methodDesc = 'publickey -- check'; } } break; } case 'hostbased': { /* string public key algorithm for host key string public host key and certificates for client host string client host name expressed as the FQDN in US-ASCII string user name on the client host in ISO-10646 UTF-8 encoding [RFC3629] string signature */ const keyAlgo = bufferParser.readString(true); const key = bufferParser.readString(); const localHostname = bufferParser.readString(true); const localUsername = bufferParser.readString(true); const blobEnd = bufferParser.pos(); let signature = bufferParser.readString(); if (signature !== undefined) { if (signature.length > (4 + keyAlgo.length + 4) && signature.utf8Slice(4, 4 + keyAlgo.length) === keyAlgo) { // Skip algoLen + algo + sigLen signature = bufferSlice(signature, 4 + keyAlgo.length + 4); } signature = sigSSHToASN1(signature, keyAlgo); if (signature !== undefined) { const sessionID = self._kex.sessionID; const blob = Buffer.allocUnsafe(4 + sessionID.length + blobEnd); writeUInt32BE(blob, sessionID.length, 0); blob.set(sessionID, 4); blob.set( new Uint8Array(payload.buffer, payload.byteOffset, blobEnd), 4 + sessionID.length ); methodData = { keyAlgo, key, signature, blob, localHostname, localUsername, }; } } break; } case 'keyboard-interactive': /* string language tag (as defined in [RFC-3066]) string submethods (ISO-10646 UTF-8) */ // Skip/ignore language field -- it's deprecated in RFC 4256 bufferParser.skipString(); methodData = bufferParser.readList(); break; default: if (method !== undefined) methodData = bufferParser.readRaw(); } bufferParser.clear(); if (methodData === undefined) { return doFatalError( self, 'Inbound: Malformed USERAUTH_REQUEST packet' ); } if (methodDesc === undefined) methodDesc = method; self._authsQueue.push(method); self._debug && self._debug(`Inbound: Received USERAUTH_REQUEST (${methodDesc})`); const handler = self._handlers.USERAUTH_REQUEST; handler && handler(self, user, service, method, methodData); }, [MESSAGE.USERAUTH_FAILURE]: (self, payload) => { // S->C /* byte SSH_MSG_USERAUTH_FAILURE name-list authentications that can continue boolean partial success */ bufferParser.init(payload, 1); const authMethods = bufferParser.readList(); const partialSuccess = bufferParser.readBool(); bufferParser.clear(); if (partialSuccess === undefined) { return doFatalError( self, 'Inbound: Malformed USERAUTH_FAILURE packet' ); } self._debug && self._debug(`Inbound: Received USERAUTH_FAILURE (${authMethods})`); self._authsQueue.shift(); const handler = self._handlers.USERAUTH_FAILURE; handler && handler(self, authMethods, partialSuccess); }, [MESSAGE.USERAUTH_SUCCESS]: (self, payload) => { // S->C /* byte SSH_MSG_USERAUTH_SUCCESS */ self._debug && self._debug('Inbound: Received USERAUTH_SUCCESS'); self._authsQueue.shift(); const handler = self._handlers.USERAUTH_SUCCESS; handler && handler(self); }, [MESSAGE.USERAUTH_BANNER]: (self, payload) => { // S->C /* byte SSH_MSG_USERAUTH_BANNER string message in ISO-10646 UTF-8 encoding [RFC3629] string language tag [RFC3066] */ bufferParser.init(payload, 1); const msg = bufferParser.readString(true); const lang = bufferParser.readString(); bufferParser.clear(); if (lang === undefined) { return doFatalError( self, 'Inbound: Malformed USERAUTH_BANNER packet' ); } self._debug && self._debug('Inbound: Received USERAUTH_BANNER'); const handler = self._handlers.USERAUTH_BANNER; handler && handler(self, msg); }, // User auth protocol -- method-specific ===================================== 60: (self, payload) => { if (!self._authsQueue.length) { self._debug && self._debug('Inbound: Received payload type 60 without auth'); return; } switch (self._authsQueue[0]) { case 'password': { // S->C /* byte SSH_MSG_USERAUTH_PASSWD_CHANGEREQ string prompt in ISO-10646 UTF-8 encoding [RFC3629] string language tag [RFC3066] */ bufferParser.init(payload, 1); const prompt = bufferParser.readString(true); const lang = bufferParser.readString(); bufferParser.clear(); if (lang === undefined) { return doFatalError( self, 'Inbound: Malformed USERAUTH_PASSWD_CHANGEREQ packet' ); } self._debug && self._debug('Inbound: Received USERAUTH_PASSWD_CHANGEREQ'); const handler = self._handlers.USERAUTH_PASSWD_CHANGEREQ; handler && handler(self, prompt); break; } case 'publickey': { // S->C /* byte SSH_MSG_USERAUTH_PK_OK string public key algorithm name from the request string public key blob from the request */ bufferParser.init(payload, 1); const keyAlgo = bufferParser.readString(true); const key = bufferParser.readString(); bufferParser.clear(); if (key === undefined) { return doFatalError( self, 'Inbound: Malformed USERAUTH_PK_OK packet' ); } self._debug && self._debug('Inbound: Received USERAUTH_PK_OK'); self._authsQueue.shift(); const handler = self._handlers.USERAUTH_PK_OK; handler && handler(self, keyAlgo, key); break; } case 'keyboard-interactive': { // S->C /* byte SSH_MSG_USERAUTH_INFO_REQUEST string name (ISO-10646 UTF-8) string instruction (ISO-10646 UTF-8) string language tag (as defined in [RFC-3066]) int num-prompts string prompt[1] (ISO-10646 UTF-8) boolean echo[1] ... string prompt[num-prompts] (ISO-10646 UTF-8) boolean echo[num-prompts] */ bufferParser.init(payload, 1); const name = bufferParser.readString(true); const instructions = bufferParser.readString(true); bufferParser.readString(); // skip lang const numPrompts = bufferParser.readUInt32BE(); let prompts; if (numPrompts !== undefined) { prompts = new Array(numPrompts); let i; for (i = 0; i < numPrompts; ++i) { const prompt = bufferParser.readString(true); const echo = bufferParser.readBool(); if (echo === undefined) break; prompts[i] = { prompt, echo }; } if (i !== numPrompts) prompts = undefined; } bufferParser.clear(); if (prompts === undefined) { return doFatalError( self, 'Inbound: Malformed USERAUTH_INFO_REQUEST packet' ); } self._debug && self._debug('Inbound: Received USERAUTH_INFO_REQUEST'); const handler = self._handlers.USERAUTH_INFO_REQUEST; handler && handler(self, name, instructions, prompts); break; } default: self._debug && self._debug('Inbound: Received unexpected payload type 60'); } }, 61: (self, payload) => { if (!self._authsQueue.length) { self._debug && self._debug('Inbound: Received payload type 61 without auth'); return; } /* byte SSH_MSG_USERAUTH_INFO_RESPONSE int num-responses string response[1] (ISO-10646 UTF-8) ... string response[num-responses] (ISO-10646 UTF-8) */ if (self._authsQueue[0] !== 'keyboard-interactive') { return doFatalError( self, 'Inbound: Received unexpected payload type 61' ); } bufferParser.init(payload, 1); const numResponses = bufferParser.readUInt32BE(); let responses; if (numResponses !== undefined) { responses = new Array(numResponses); let i; for (i = 0; i < numResponses; ++i) { const response = bufferParser.readString(true); if (response === undefined) break; responses[i] = response; } if (i !== numResponses) responses = undefined; } bufferParser.clear(); if (responses === undefined) { return doFatalError( self, 'Inbound: Malformed USERAUTH_INFO_RESPONSE packet' ); } self._debug && self._debug('Inbound: Received USERAUTH_INFO_RESPONSE'); const handler = self._handlers.USERAUTH_INFO_RESPONSE; handler && handler(self, responses); }, // Connection protocol -- generic ============================================ [MESSAGE.GLOBAL_REQUEST]: (self, payload) => { /* byte SSH_MSG_GLOBAL_REQUEST string request name in US-ASCII only boolean want reply .... request-specific data follows */ bufferParser.init(payload, 1); const name = bufferParser.readString(true); const wantReply = bufferParser.readBool(); let data; if (wantReply !== undefined) { switch (name) { case 'tcpip-forward': case 'cancel-tcpip-forward': { /* string address to bind (e.g., "0.0.0.0") uint32 port number to bind */ const bindAddr = bufferParser.readString(true); const bindPort = bufferParser.readUInt32BE(); if (bindPort !== undefined) data = { bindAddr, bindPort }; break; } case 'streamlocal-forward@openssh.com': case 'cancel-streamlocal-forward@openssh.com': { /* string socket path */ const socketPath = bufferParser.readString(true); if (socketPath !== undefined) data = { socketPath }; break; } case 'no-more-sessions@openssh.com': data = null; break; case 'hostkeys-00@openssh.com': { data = []; while (bufferParser.avail() > 0) { const keyRaw = bufferParser.readString(); if (keyRaw === undefined) { data = undefined; break; } const key = parseKey(keyRaw); if (!(key instanceof Error)) data.push(key); } break; } default: data = bufferParser.readRaw(); } } bufferParser.clear(); if (data === undefined) { return doFatalError( self, 'Inbound: Malformed GLOBAL_REQUEST packet' ); } self._debug && self._debug(`Inbound: GLOBAL_REQUEST (${name})`); const handler = self._handlers.GLOBAL_REQUEST; if (handler) handler(self, name, wantReply, data); else self.requestFailure(); // Auto reject }, [MESSAGE.REQUEST_SUCCESS]: (self, payload) => { /* byte SSH_MSG_REQUEST_SUCCESS .... response specific data */ const data = (payload.length > 1 ? bufferSlice(payload, 1) : null); self._debug && self._debug('Inbound: REQUEST_SUCCESS'); const handler = self._handlers.REQUEST_SUCCESS; handler && handler(self, data); }, [MESSAGE.REQUEST_FAILURE]: (self, payload) => { /* byte SSH_MSG_REQUEST_FAILURE */ self._debug && self._debug('Inbound: Received REQUEST_FAILURE'); const handler = self._handlers.REQUEST_FAILURE; handler && handler(self); }, // Connection protocol -- channel-related ==================================== [MESSAGE.CHANNEL_OPEN]: (self, payload) => { /* byte SSH_MSG_CHANNEL_OPEN string channel type in US-ASCII only uint32 sender channel uint32 initial window size uint32 maximum packet size .... channel type specific data follows */ bufferParser.init(payload, 1); const type = bufferParser.readString(true); const sender = bufferParser.readUInt32BE(); const window = bufferParser.readUInt32BE(); const packetSize = bufferParser.readUInt32BE(); let channelInfo; switch (type) { case 'forwarded-tcpip': // S->C case 'direct-tcpip': { // C->S /* string address that was connected / host to connect uint32 port that was connected / port to connect string originator IP address uint32 originator port */ const destIP = bufferParser.readString(true); const destPort = bufferParser.readUInt32BE(); const srcIP = bufferParser.readString(true); const srcPort = bufferParser.readUInt32BE(); if (srcPort !== undefined) { channelInfo = { type, sender, window, packetSize, data: { destIP, destPort, srcIP, srcPort } }; } break; } case 'forwarded-streamlocal@openssh.com': // S->C case 'direct-streamlocal@openssh.com': { // C->S /* string socket path string reserved for future use (direct-streamlocal@openssh.com additionally has:) uint32 reserved */ const socketPath = bufferParser.readString(true); if (socketPath !== undefined) { channelInfo = { type, sender, window, packetSize, data: { socketPath } }; } break; } case 'x11': { // S->C /* string originator address (e.g., "192.168.7.38") uint32 originator port */ const srcIP = bufferParser.readString(true); const srcPort = bufferParser.readUInt32BE(); if (srcPort !== undefined) { channelInfo = { type, sender, window, packetSize, data: { srcIP, srcPort } }; } break; } default: // Includes: // 'session' (C->S) // 'auth-agent@openssh.com' (S->C) channelInfo = { type, sender, window, packetSize, data: {} }; } bufferParser.clear(); if (channelInfo === undefined) { return doFatalError( self, 'Inbound: Malformed CHANNEL_OPEN packet' ); } self._debug && self._debug(`Inbound: CHANNEL_OPEN (s:${sender}, ${type})`); const handler = self._handlers.CHANNEL_OPEN; if (handler) { handler(self, channelInfo); } else { self.channelOpenFail( channelInfo.sender, CHANNEL_OPEN_FAILURE.ADMINISTRATIVELY_PROHIBITED, '', '' ); } }, [MESSAGE.CHANNEL_OPEN_CONFIRMATION]: (self, payload) => { /* byte SSH_MSG_CHANNEL_OPEN_CONFIRMATION uint32 recipient channel uint32 sender channel uint32 initial window size uint32 maximum packet size .... channel type specific data follows */ // "The 'recipient channel' is the channel number given in the // original open request, and 'sender channel' is the channel number // allocated by the other side." bufferParser.init(payload, 1); const recipient = bufferParser.readUInt32BE(); const sender = bufferParser.readUInt32BE(); const window = bufferParser.readUInt32BE(); const packetSize = bufferParser.readUInt32BE(); const data = (bufferParser.avail() ? bufferParser.readRaw() : undefined); bufferParser.clear(); if (packetSize === undefined) { return doFatalError( self, 'Inbound: Malformed CHANNEL_OPEN_CONFIRMATION packet' ); } self._debug && self._debug( `Inbound: CHANNEL_OPEN_CONFIRMATION (r:${recipient}, s:${sender})` ); const handler = self._handlers.CHANNEL_OPEN_CONFIRMATION; if (handler) handler(self, { recipient, sender, window, packetSize, data }); }, [MESSAGE.CHANNEL_OPEN_FAILURE]: (self, payload) => { /* byte SSH_MSG_CHANNEL_OPEN_FAILURE uint32 recipient channel uint32 reason code string description in ISO-10646 UTF-8 encoding [RFC3629] string language tag [RFC3066] */ bufferParser.init(payload, 1); const recipient = bufferParser.readUInt32BE(); const reason = bufferParser.readUInt32BE(); const description = bufferParser.readString(true); const lang = bufferParser.readString(); bufferParser.clear(); if (lang === undefined) { return doFatalError( self, 'Inbound: Malformed CHANNEL_OPEN_FAILURE packet' ); } self._debug && self._debug(`Inbound: CHANNEL_OPEN_FAILURE (r:${recipient})`); const handler = self._handlers.CHANNEL_OPEN_FAILURE; handler && handler(self, recipient, reason, description); }, [MESSAGE.CHANNEL_WINDOW_ADJUST]: (self, payload) => { /* byte SSH_MSG_CHANNEL_WINDOW_ADJUST uint32 recipient channel uint32 bytes to add */ bufferParser.init(payload, 1); const recipient = bufferParser.readUInt32BE(); const bytesToAdd = bufferParser.readUInt32BE(); bufferParser.clear(); if (bytesToAdd === undefined) { return doFatalError( self, 'Inbound: Malformed CHANNEL_WINDOW_ADJUST packet' ); } self._debug && self._debug( `Inbound: CHANNEL_WINDOW_ADJUST (r:${recipient}, ${bytesToAdd})` ); const handler = self._handlers.CHANNEL_WINDOW_ADJUST; handler && handler(self, recipient, bytesToAdd); }, [MESSAGE.CHANNEL_DATA]: (self, payload) => { /* byte SSH_MSG_CHANNEL_DATA uint32 recipient channel string data */ bufferParser.init(payload, 1); const recipient = bufferParser.readUInt32BE(); const data = bufferParser.readString(); bufferParser.clear(); if (data === undefined) { return doFatalError( self, 'Inbound: Malformed CHANNEL_DATA packet' ); } self._debug && self._debug(`Inbound: CHANNEL_DATA (r:${recipient}, ${data.length})`); const handler = self._handlers.CHANNEL_DATA; handler && handler(self, recipient, data); }, [MESSAGE.CHANNEL_EXTENDED_DATA]: (self, payload) => { /* byte SSH_MSG_CHANNEL_EXTENDED_DATA uint32 recipient channel uint32 data_type_code string data */ bufferParser.init(payload, 1); const recipient = bufferParser.readUInt32BE(); const type = bufferParser.readUInt32BE(); const data = bufferParser.readString(); bufferParser.clear(); if (data === undefined) { return doFatalError( self, 'Inbound: Malformed CHANNEL_EXTENDED_DATA packet' ); } self._debug && self._debug( `Inbound: CHANNEL_EXTENDED_DATA (r:${recipient}, ${data.length})` ); const handler = self._handlers.CHANNEL_EXTENDED_DATA; handler && handler(self, recipient, data, type); }, [MESSAGE.CHANNEL_EOF]: (self, payload) => { /* byte SSH_MSG_CHANNEL_EOF uint32 recipient channel */ bufferParser.init(payload, 1); const recipient = bufferParser.readUInt32BE(); bufferParser.clear(); if (recipient === undefined) { return doFatalError( self, 'Inbound: Malformed CHANNEL_EOF packet' ); } self._debug && self._debug(`Inbound: CHANNEL_EOF (r:${recipient})`); const handler = self._handlers.CHANNEL_EOF; handler && handler(self, recipient); }, [MESSAGE.CHANNEL_CLOSE]: (self, payload) => { /* byte SSH_MSG_CHANNEL_CLOSE uint32 recipient channel */ bufferParser.init(payload, 1); const recipient = bufferParser.readUInt32BE(); bufferParser.clear(); if (recipient === undefined) { return doFatalError( self, 'Inbound: Malformed CHANNEL_CLOSE packet' ); } self._debug && self._debug(`Inbound: CHANNEL_CLOSE (r:${recipient})`); const handler = self._handlers.CHANNEL_CLOSE; handler && handler(self, recipient); }, [MESSAGE.CHANNEL_REQUEST]: (self, payload) => { /* byte SSH_MSG_CHANNEL_REQUEST uint32 recipient channel string request type in US-ASCII characters only boolean want reply .... type-specific data follows */ bufferParser.init(payload, 1); const recipient = bufferParser.readUInt32BE(); const type = bufferParser.readString(true); const wantReply = bufferParser.readBool(); let data; if (wantReply !== undefined) { switch (type) { case 'exit-status': // S->C /* uint32 exit_status */ data = bufferParser.readUInt32BE(); self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type}: ${data})` ); break; case 'exit-signal': { // S->C /* string signal name (without the "SIG" prefix) boolean core dumped string error message in ISO-10646 UTF-8 encoding string language tag */ let signal; let coreDumped; if (self._compatFlags & COMPAT.OLD_EXIT) { /* Instead of `signal name` and `core dumped`, we have just: uint32 signal number */ const num = bufferParser.readUInt32BE(); switch (num) { case 1: signal = 'HUP'; break; case 2: signal = 'INT'; break; case 3: signal = 'QUIT'; break; case 6: signal = 'ABRT'; break; case 9: signal = 'KILL'; break; case 14: signal = 'ALRM'; break; case 15: signal = 'TERM'; break; default: if (num !== undefined) { // Unknown or OS-specific signal = `UNKNOWN (${num})`; } } coreDumped = false; } else { signal = bufferParser.readString(true); coreDumped = bufferParser.readBool(); if (coreDumped === undefined) signal = undefined; } const errorMessage = bufferParser.readString(true); if (bufferParser.skipString() !== undefined) data = { signal, coreDumped, errorMessage }; self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type}: ${signal})` ); break; } case 'pty-req': { // C->S /* string TERM environment variable value (e.g., vt100) uint32 terminal width, characters (e.g., 80) uint32 terminal height, rows (e.g., 24) uint32 terminal width, pixels (e.g., 640) uint32 terminal height, pixels (e.g., 480) string encoded terminal modes */ const term = bufferParser.readString(true); const cols = bufferParser.readUInt32BE(); const rows = bufferParser.readUInt32BE(); const width = bufferParser.readUInt32BE(); const height = bufferParser.readUInt32BE(); const modesBinary = bufferParser.readString(); if (modesBinary !== undefined) { bufferParser.init(modesBinary, 1); let modes = {}; while (bufferParser.avail()) { const opcode = bufferParser.readByte(); if (opcode === TERMINAL_MODE.TTY_OP_END) break; const name = TERMINAL_MODE_BY_VALUE[opcode]; const value = bufferParser.readUInt32BE(); if (opcode === undefined || name === undefined || value === undefined) { modes = undefined; break; } modes[name] = value; } if (modes !== undefined) data = { term, cols, rows, width, height, modes }; } self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type})` ); break; } case 'window-change': { // C->S /* uint32 terminal width, columns uint32 terminal height, rows uint32 terminal width, pixels uint32 terminal height, pixels */ const cols = bufferParser.readUInt32BE(); const rows = bufferParser.readUInt32BE(); const width = bufferParser.readUInt32BE(); const height = bufferParser.readUInt32BE(); if (height !== undefined) data = { cols, rows, width, height }; self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type})` ); break; } case 'x11-req': { // C->S /* boolean single connection string x11 authentication protocol string x11 authentication cookie uint32 x11 screen number */ const single = bufferParser.readBool(); const protocol = bufferParser.readString(true); const cookie = bufferParser.readString(); const screen = bufferParser.readUInt32BE(); if (screen !== undefined) data = { single, protocol, cookie, screen }; self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type})` ); break; } case 'env': { // C->S /* string variable name string variable value */ const name = bufferParser.readString(true); const value = bufferParser.readString(true); if (value !== undefined) data = { name, value }; if (self._debug) { self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type}: ` + `${name}=${value})` ); } break; } case 'shell': // C->S data = null; // No extra data self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type})` ); break; case 'exec': // C->S /* string command */ data = bufferParser.readString(true); self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type}: ${data})` ); break; case 'subsystem': // C->S /* string subsystem name */ data = bufferParser.readString(true); self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type}: ${data})` ); break; case 'signal': // C->S /* string signal name (without the "SIG" prefix) */ data = bufferParser.readString(true); self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type}: ${data})` ); break; case 'xon-xoff': // C->S /* boolean client can do */ data = bufferParser.readBool(); self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type}: ${data})` ); break; case 'auth-agent-req@openssh.com': // C-S data = null; // No extra data self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type})` ); break; default: data = (bufferParser.avail() ? bufferParser.readRaw() : null); self._debug && self._debug( `Inbound: CHANNEL_REQUEST (r:${recipient}, ${type})` ); } } bufferParser.clear(); if (data === undefined) { return doFatalError( self, 'Inbound: Malformed CHANNEL_REQUEST packet' ); } const handler = self._handlers.CHANNEL_REQUEST; handler && handler(self, recipient, type, wantReply, data); }, [MESSAGE.CHANNEL_SUCCESS]: (self, payload) => { /* byte SSH_MSG_CHANNEL_SUCCESS uint32 recipient channel */ bufferParser.init(payload, 1); const recipient = bufferParser.readUInt32BE(); bufferParser.clear(); if (recipient === undefined) { return doFatalError( self, 'Inbound: Malformed CHANNEL_SUCCESS packet' ); } self._debug && self._debug(`Inbound: CHANNEL_SUCCESS (r:${recipient})`); const handler = self._handlers.CHANNEL_SUCCESS; handler && handler(self, recipient); }, [MESSAGE.CHANNEL_FAILURE]: (self, payload) => { /* byte SSH_MSG_CHANNEL_FAILURE uint32 recipient channel */ bufferParser.init(payload, 1); const recipient = bufferParser.readUInt32BE(); bufferParser.clear(); if (recipient === undefined) { return doFatalError( self, 'Inbound: Malformed CHANNEL_FAILURE packet' ); } self._debug && self._debug(`Inbound: CHANNEL_FAILURE (r:${recipient})`); const handler = self._handlers.CHANNEL_FAILURE; handler && handler(self, recipient); }, }; /***/ }), /***/ 4126: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const { createDiffieHellman, createDiffieHellmanGroup, createECDH, createHash, createPublicKey, diffieHellman, generateKeyPairSync, randomFillSync, } = __nccwpck_require__(6417); const { Ber } = __nccwpck_require__(970); const { COMPAT, curve25519Supported, DEFAULT_KEX, DEFAULT_SERVER_HOST_KEY, DEFAULT_CIPHER, DEFAULT_MAC, DEFAULT_COMPRESSION, DISCONNECT_REASON, MESSAGE, } = __nccwpck_require__(6832); const { CIPHER_INFO, createCipher, createDecipher, MAC_INFO, } = __nccwpck_require__(5708); const { parseDERKey } = __nccwpck_require__(2218); const { bufferFill, bufferParser, convertSignature, doFatalError, FastBuffer, sigSSHToASN1, writeUInt32BE, } = __nccwpck_require__(9475); const { PacketReader, PacketWriter, ZlibPacketReader, ZlibPacketWriter, } = __nccwpck_require__(6715); let MESSAGE_HANDLERS; const GEX_MIN_BITS = 2048; // RFC 8270 const GEX_MAX_BITS = 8192; // RFC 8270 const EMPTY_BUFFER = Buffer.alloc(0); // Client/Server function kexinit(self) { /* byte SSH_MSG_KEXINIT byte[16] cookie (random bytes) name-list kex_algorithms name-list server_host_key_algorithms name-list encryption_algorithms_client_to_server name-list encryption_algorithms_server_to_client name-list mac_algorithms_client_to_server name-list mac_algorithms_server_to_client name-list compression_algorithms_client_to_server name-list compression_algorithms_server_to_client name-list languages_client_to_server name-list languages_server_to_client boolean first_kex_packet_follows uint32 0 (reserved for future extension) */ let payload; if (self._compatFlags & COMPAT.BAD_DHGEX) { const entry = self._offer.lists.kex; let kex = entry.array; let found = false; for (let i = 0; i < kex.length; ++i) { if (kex[i].includes('group-exchange')) { if (!found) { found = true; // Copy array lazily kex = kex.slice(); } kex.splice(i--, 1); } } if (found) { let len = 1 + 16 + self._offer.totalSize + 1 + 4; const newKexBuf = Buffer.from(kex.join(',')); len -= (entry.buffer.length - newKexBuf.length); const all = self._offer.lists.all; const rest = new Uint8Array( all.buffer, all.byteOffset + 4 + entry.buffer.length, all.length - (4 + entry.buffer.length) ); payload = Buffer.allocUnsafe(len); writeUInt32BE(payload, newKexBuf.length, 17); payload.set(newKexBuf, 17 + 4); payload.set(rest, 17 + 4 + newKexBuf.length); } } if (payload === undefined) { payload = Buffer.allocUnsafe(1 + 16 + self._offer.totalSize + 1 + 4); self._offer.copyAllTo(payload, 17); } self._debug && self._debug('Outbound: Sending KEXINIT'); payload[0] = MESSAGE.KEXINIT; randomFillSync(payload, 1, 16); // Zero-fill first_kex_packet_follows and reserved bytes bufferFill(payload, 0, payload.length - 5); self._kexinit = payload; // Needed to correct the starting position in allocated "packets" when packets // will be buffered due to active key exchange self._packetRW.write.allocStart = 0; // TODO: only create single buffer and set _kexinit as slice of packet instead { const p = self._packetRW.write.allocStartKEX; const packet = self._packetRW.write.alloc(payload.length, true); packet.set(payload, p); self._cipher.encrypt(self._packetRW.write.finalize(packet, true)); } } function handleKexInit(self, payload) { /* byte SSH_MSG_KEXINIT byte[16] cookie (random bytes) name-list kex_algorithms name-list server_host_key_algorithms name-list encryption_algorithms_client_to_server name-list encryption_algorithms_server_to_client name-list mac_algorithms_client_to_server name-list mac_algorithms_server_to_client name-list compression_algorithms_client_to_server name-list compression_algorithms_server_to_client name-list languages_client_to_server name-list languages_server_to_client boolean first_kex_packet_follows uint32 0 (reserved for future extension) */ const init = { kex: undefined, serverHostKey: undefined, cs: { cipher: undefined, mac: undefined, compress: undefined, lang: undefined, }, sc: { cipher: undefined, mac: undefined, compress: undefined, lang: undefined, }, }; bufferParser.init(payload, 17); if ((init.kex = bufferParser.readList()) === undefined || (init.serverHostKey = bufferParser.readList()) === undefined || (init.cs.cipher = bufferParser.readList()) === undefined || (init.sc.cipher = bufferParser.readList()) === undefined || (init.cs.mac = bufferParser.readList()) === undefined || (init.sc.mac = bufferParser.readList()) === undefined || (init.cs.compress = bufferParser.readList()) === undefined || (init.sc.compress = bufferParser.readList()) === undefined || (init.cs.lang = bufferParser.readList()) === undefined || (init.sc.lang = bufferParser.readList()) === undefined) { bufferParser.clear(); return doFatalError( self, 'Received malformed KEXINIT', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } const pos = bufferParser.pos(); const firstFollows = (pos < payload.length && payload[pos] === 1); bufferParser.clear(); const local = self._offer; const remote = init; let localKex = local.lists.kex.array; if (self._compatFlags & COMPAT.BAD_DHGEX) { let found = false; for (let i = 0; i < localKex.length; ++i) { if (localKex[i].indexOf('group-exchange') !== -1) { if (!found) { found = true; // Copy array lazily localKex = localKex.slice(); } localKex.splice(i--, 1); } } } let clientList; let serverList; let i; const debug = self._debug; debug && debug('Inbound: Handshake in progress'); // Key exchange method ======================================================= debug && debug(`Handshake: (local) KEX method: ${localKex}`); debug && debug(`Handshake: (remote) KEX method: ${remote.kex}`); if (self._server) { serverList = localKex; clientList = remote.kex; } else { serverList = remote.kex; clientList = localKex; } // Check for agreeable key exchange algorithm for (i = 0; i < clientList.length && serverList.indexOf(clientList[i]) === -1; ++i); if (i === clientList.length) { // No suitable match found! debug && debug('Handshake: No matching key exchange algorithm'); return doFatalError( self, 'Handshake failed: no matching key exchange algorithm', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } init.kex = clientList[i]; debug && debug(`Handshake: KEX algorithm: ${clientList[i]}`); if (firstFollows && (!remote.kex.length || clientList[i] !== remote.kex[0])) { // Ignore next inbound packet, it was a wrong first guess at KEX algorithm self._skipNextInboundPacket = true; } // Server host key format ==================================================== const localSrvHostKey = local.lists.serverHostKey.array; debug && debug(`Handshake: (local) Host key format: ${localSrvHostKey}`); debug && debug( `Handshake: (remote) Host key format: ${remote.serverHostKey}` ); if (self._server) { serverList = localSrvHostKey; clientList = remote.serverHostKey; } else { serverList = remote.serverHostKey; clientList = localSrvHostKey; } // Check for agreeable server host key format for (i = 0; i < clientList.length && serverList.indexOf(clientList[i]) === -1; ++i); if (i === clientList.length) { // No suitable match found! debug && debug('Handshake: No matching host key format'); return doFatalError( self, 'Handshake failed: no matching host key format', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } init.serverHostKey = clientList[i]; debug && debug(`Handshake: Host key format: ${clientList[i]}`); // Client->Server cipher ===================================================== const localCSCipher = local.lists.cs.cipher.array; debug && debug(`Handshake: (local) C->S cipher: ${localCSCipher}`); debug && debug(`Handshake: (remote) C->S cipher: ${remote.cs.cipher}`); if (self._server) { serverList = localCSCipher; clientList = remote.cs.cipher; } else { serverList = remote.cs.cipher; clientList = localCSCipher; } // Check for agreeable client->server cipher for (i = 0; i < clientList.length && serverList.indexOf(clientList[i]) === -1; ++i); if (i === clientList.length) { // No suitable match found! debug && debug('Handshake: No matching C->S cipher'); return doFatalError( self, 'Handshake failed: no matching C->S cipher', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } init.cs.cipher = clientList[i]; debug && debug(`Handshake: C->S Cipher: ${clientList[i]}`); // Server->Client cipher ===================================================== const localSCCipher = local.lists.sc.cipher.array; debug && debug(`Handshake: (local) S->C cipher: ${localSCCipher}`); debug && debug(`Handshake: (remote) S->C cipher: ${remote.sc.cipher}`); if (self._server) { serverList = localSCCipher; clientList = remote.sc.cipher; } else { serverList = remote.sc.cipher; clientList = localSCCipher; } // Check for agreeable server->client cipher for (i = 0; i < clientList.length && serverList.indexOf(clientList[i]) === -1; ++i); if (i === clientList.length) { // No suitable match found! debug && debug('Handshake: No matching S->C cipher'); return doFatalError( self, 'Handshake failed: no matching S->C cipher', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } init.sc.cipher = clientList[i]; debug && debug(`Handshake: S->C cipher: ${clientList[i]}`); // Client->Server MAC ======================================================== const localCSMAC = local.lists.cs.mac.array; debug && debug(`Handshake: (local) C->S MAC: ${localCSMAC}`); debug && debug(`Handshake: (remote) C->S MAC: ${remote.cs.mac}`); if (CIPHER_INFO[init.cs.cipher].authLen > 0) { init.cs.mac = ''; debug && debug('Handshake: C->S MAC: '); } else { if (self._server) { serverList = localCSMAC; clientList = remote.cs.mac; } else { serverList = remote.cs.mac; clientList = localCSMAC; } // Check for agreeable client->server hmac algorithm for (i = 0; i < clientList.length && serverList.indexOf(clientList[i]) === -1; ++i); if (i === clientList.length) { // No suitable match found! debug && debug('Handshake: No matching C->S MAC'); return doFatalError( self, 'Handshake failed: no matching C->S MAC', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } init.cs.mac = clientList[i]; debug && debug(`Handshake: C->S MAC: ${clientList[i]}`); } // Server->Client MAC ======================================================== const localSCMAC = local.lists.sc.mac.array; debug && debug(`Handshake: (local) S->C MAC: ${localSCMAC}`); debug && debug(`Handshake: (remote) S->C MAC: ${remote.sc.mac}`); if (CIPHER_INFO[init.sc.cipher].authLen > 0) { init.sc.mac = ''; debug && debug('Handshake: S->C MAC: '); } else { if (self._server) { serverList = localSCMAC; clientList = remote.sc.mac; } else { serverList = remote.sc.mac; clientList = localSCMAC; } // Check for agreeable server->client hmac algorithm for (i = 0; i < clientList.length && serverList.indexOf(clientList[i]) === -1; ++i); if (i === clientList.length) { // No suitable match found! debug && debug('Handshake: No matching S->C MAC'); return doFatalError( self, 'Handshake failed: no matching S->C MAC', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } init.sc.mac = clientList[i]; debug && debug(`Handshake: S->C MAC: ${clientList[i]}`); } // Client->Server compression ================================================ const localCSCompress = local.lists.cs.compress.array; debug && debug(`Handshake: (local) C->S compression: ${localCSCompress}`); debug && debug(`Handshake: (remote) C->S compression: ${remote.cs.compress}`); if (self._server) { serverList = localCSCompress; clientList = remote.cs.compress; } else { serverList = remote.cs.compress; clientList = localCSCompress; } // Check for agreeable client->server compression algorithm for (i = 0; i < clientList.length && serverList.indexOf(clientList[i]) === -1; ++i); if (i === clientList.length) { // No suitable match found! debug && debug('Handshake: No matching C->S compression'); return doFatalError( self, 'Handshake failed: no matching C->S compression', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } init.cs.compress = clientList[i]; debug && debug(`Handshake: C->S compression: ${clientList[i]}`); // Server->Client compression ================================================ const localSCCompress = local.lists.sc.compress.array; debug && debug(`Handshake: (local) S->C compression: ${localSCCompress}`); debug && debug(`Handshake: (remote) S->C compression: ${remote.sc.compress}`); if (self._server) { serverList = localSCCompress; clientList = remote.sc.compress; } else { serverList = remote.sc.compress; clientList = localSCCompress; } // Check for agreeable server->client compression algorithm for (i = 0; i < clientList.length && serverList.indexOf(clientList[i]) === -1; ++i); if (i === clientList.length) { // No suitable match found! debug && debug('Handshake: No matching S->C compression'); return doFatalError( self, 'Handshake failed: no matching S->C compression', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } init.sc.compress = clientList[i]; debug && debug(`Handshake: S->C compression: ${clientList[i]}`); init.cs.lang = ''; init.sc.lang = ''; // XXX: hack -- find a better way to do this if (self._kex) { if (!self._kexinit) { // We received a rekey request, but we haven't sent a KEXINIT in response // yet kexinit(self); } self._decipher._onPayload = onKEXPayload.bind(self, { firstPacket: false }); } self._kex = createKeyExchange(init, self, payload); self._kex.start(); } const createKeyExchange = (() => { function convertToMpint(buf) { let idx = 0; let length = buf.length; while (buf[idx] === 0x00) { ++idx; --length; } let newBuf; if (buf[idx] & 0x80) { newBuf = Buffer.allocUnsafe(1 + length); newBuf[0] = 0; buf.copy(newBuf, 1, idx); buf = newBuf; } else if (length !== buf.length) { newBuf = Buffer.allocUnsafe(length); buf.copy(newBuf, 0, idx); buf = newBuf; } return buf; } class KeyExchange { constructor(negotiated, protocol, remoteKexinit) { this._protocol = protocol; this.sessionID = (protocol._kex ? protocol._kex.sessionID : undefined); this.negotiated = negotiated; this._step = 1; this._public = null; this._dh = null; this._sentNEWKEYS = false; this._receivedNEWKEYS = false; this._finished = false; this._hostVerified = false; // Data needed for initializing cipher/decipher/etc. this._kexinit = protocol._kexinit; this._remoteKexinit = remoteKexinit; this._identRaw = protocol._identRaw; this._remoteIdentRaw = protocol._remoteIdentRaw; this._hostKey = undefined; this._dhData = undefined; this._sig = undefined; } finish() { if (this._finished) return false; this._finished = true; const isServer = this._protocol._server; const negotiated = this.negotiated; const pubKey = this.convertPublicKey(this._dhData); let secret = this.computeSecret(this._dhData); if (secret instanceof Error) { secret.message = `Error while computing DH secret (${this.type}): ${secret.message}`; secret.level = 'handshake'; return doFatalError( this._protocol, secret, DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } const hash = createHash(this.hashName); // V_C hashString(hash, (isServer ? this._remoteIdentRaw : this._identRaw)); // "V_S" hashString(hash, (isServer ? this._identRaw : this._remoteIdentRaw)); // "I_C" hashString(hash, (isServer ? this._remoteKexinit : this._kexinit)); // "I_S" hashString(hash, (isServer ? this._kexinit : this._remoteKexinit)); // "K_S" const serverPublicHostKey = (isServer ? this._hostKey.getPublicSSH() : this._hostKey); hashString(hash, serverPublicHostKey); if (this.type === 'groupex') { // Group exchange-specific const params = this.getDHParams(); const num = Buffer.allocUnsafe(4); // min (uint32) writeUInt32BE(num, this._minBits, 0); hash.update(num); // preferred (uint32) writeUInt32BE(num, this._prefBits, 0); hash.update(num); // max (uint32) writeUInt32BE(num, this._maxBits, 0); hash.update(num); // prime hashString(hash, params.prime); // generator hashString(hash, params.generator); } // method-specific data sent by client hashString(hash, (isServer ? pubKey : this.getPublicKey())); // method-specific data sent by server const serverPublicKey = (isServer ? this.getPublicKey() : pubKey); hashString(hash, serverPublicKey); // shared secret ("K") hashString(hash, secret); // "H" const exchangeHash = hash.digest(); if (!isServer) { bufferParser.init(this._sig, 0); const sigType = bufferParser.readString(true); if (!sigType) { return doFatalError( this._protocol, 'Malformed packet while reading signature', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } if (sigType !== negotiated.serverHostKey) { return doFatalError( this._protocol, `Wrong signature type: ${sigType}, ` + `expected: ${negotiated.serverHostKey}`, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } // "s" let sigValue = bufferParser.readString(); bufferParser.clear(); if (sigValue === undefined) { return doFatalError( this._protocol, 'Malformed packet while reading signature', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } if (!(sigValue = sigSSHToASN1(sigValue, sigType))) { return doFatalError( this._protocol, 'Malformed signature', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } let parsedHostKey; { bufferParser.init(this._hostKey, 0); const name = bufferParser.readString(true); const hostKey = this._hostKey.slice(bufferParser.pos()); bufferParser.clear(); parsedHostKey = parseDERKey(hostKey, name); if (parsedHostKey instanceof Error) { parsedHostKey.level = 'handshake'; return doFatalError( this._protocol, parsedHostKey, DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } } let hashAlgo; // Check if we need to override the default hash algorithm switch (this.negotiated.serverHostKey) { case 'rsa-sha2-256': hashAlgo = 'sha256'; break; case 'rsa-sha2-512': hashAlgo = 'sha512'; break; } this._protocol._debug && this._protocol._debug('Verifying signature ...'); const verified = parsedHostKey.verify(exchangeHash, sigValue, hashAlgo); if (verified !== true) { if (verified instanceof Error) { this._protocol._debug && this._protocol._debug( `Signature verification failed: ${verified.stack}` ); } else { this._protocol._debug && this._protocol._debug( 'Signature verification failed' ); } return doFatalError( this._protocol, 'Handshake failed: signature verification failed', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } this._protocol._debug && this._protocol._debug('Verified signature'); } else { // Server let hashAlgo; // Check if we need to override the default hash algorithm switch (this.negotiated.serverHostKey) { case 'rsa-sha2-256': hashAlgo = 'sha256'; break; case 'rsa-sha2-512': hashAlgo = 'sha512'; break; } this._protocol._debug && this._protocol._debug( 'Generating signature ...' ); let signature = this._hostKey.sign(exchangeHash, hashAlgo); if (signature instanceof Error) { return doFatalError( this._protocol, 'Handshake failed: signature generation failed for ' + `${this._hostKey.type} host key: ${signature.message}`, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } signature = convertSignature(signature, this._hostKey.type); if (signature === false) { return doFatalError( this._protocol, 'Handshake failed: signature conversion failed for ' + `${this._hostKey.type} host key`, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } // Send KEX reply /* byte SSH_MSG_KEXDH_REPLY / SSH_MSG_KEX_DH_GEX_REPLY / SSH_MSG_KEX_ECDH_REPLY string server public host key and certificates (K_S) string string signature of H */ const sigType = this.negotiated.serverHostKey; const sigTypeLen = Buffer.byteLength(sigType); const sigLen = 4 + sigTypeLen + 4 + signature.length; let p = this._protocol._packetRW.write.allocStartKEX; const packet = this._protocol._packetRW.write.alloc( 1 + 4 + serverPublicHostKey.length + 4 + serverPublicKey.length + 4 + sigLen, true ); packet[p] = MESSAGE.KEXDH_REPLY; writeUInt32BE(packet, serverPublicHostKey.length, ++p); packet.set(serverPublicHostKey, p += 4); writeUInt32BE(packet, serverPublicKey.length, p += serverPublicHostKey.length); packet.set(serverPublicKey, p += 4); writeUInt32BE(packet, sigLen, p += serverPublicKey.length); writeUInt32BE(packet, sigTypeLen, p += 4); packet.utf8Write(sigType, p += 4, sigTypeLen); writeUInt32BE(packet, signature.length, p += sigTypeLen); packet.set(signature, p += 4); if (this._protocol._debug) { let type; switch (this.type) { case 'group': type = 'KEXDH_REPLY'; break; case 'groupex': type = 'KEXDH_GEX_REPLY'; break; default: type = 'KEXECDH_REPLY'; } this._protocol._debug(`Outbound: Sending ${type}`); } this._protocol._cipher.encrypt( this._protocol._packetRW.write.finalize(packet, true) ); } trySendNEWKEYS(this); const completeHandshake = () => { if (!this.sessionID) this.sessionID = exchangeHash; { const newSecret = Buffer.allocUnsafe(4 + secret.length); writeUInt32BE(newSecret, secret.length, 0); newSecret.set(secret, 4); secret = newSecret; } // Initialize new ciphers, deciphers, etc. const csCipherInfo = CIPHER_INFO[negotiated.cs.cipher]; const scCipherInfo = CIPHER_INFO[negotiated.sc.cipher]; const csIV = generateKEXVal(csCipherInfo.ivLen, this.hashName, secret, exchangeHash, this.sessionID, 'A'); const scIV = generateKEXVal(scCipherInfo.ivLen, this.hashName, secret, exchangeHash, this.sessionID, 'B'); const csKey = generateKEXVal(csCipherInfo.keyLen, this.hashName, secret, exchangeHash, this.sessionID, 'C'); const scKey = generateKEXVal(scCipherInfo.keyLen, this.hashName, secret, exchangeHash, this.sessionID, 'D'); let csMacInfo; let csMacKey; if (!csCipherInfo.authLen) { csMacInfo = MAC_INFO[negotiated.cs.mac]; csMacKey = generateKEXVal(csMacInfo.len, this.hashName, secret, exchangeHash, this.sessionID, 'E'); } let scMacInfo; let scMacKey; if (!scCipherInfo.authLen) { scMacInfo = MAC_INFO[negotiated.sc.mac]; scMacKey = generateKEXVal(scMacInfo.len, this.hashName, secret, exchangeHash, this.sessionID, 'F'); } const config = { inbound: { onPayload: this._protocol._onPayload, seqno: this._protocol._decipher.inSeqno, decipherInfo: (!isServer ? scCipherInfo : csCipherInfo), decipherIV: (!isServer ? scIV : csIV), decipherKey: (!isServer ? scKey : csKey), macInfo: (!isServer ? scMacInfo : csMacInfo), macKey: (!isServer ? scMacKey : csMacKey), }, outbound: { onWrite: this._protocol._onWrite, seqno: this._protocol._cipher.outSeqno, cipherInfo: (isServer ? scCipherInfo : csCipherInfo), cipherIV: (isServer ? scIV : csIV), cipherKey: (isServer ? scKey : csKey), macInfo: (isServer ? scMacInfo : csMacInfo), macKey: (isServer ? scMacKey : csMacKey), }, }; this._protocol._cipher && this._protocol._cipher.free(); this._protocol._decipher && this._protocol._decipher.free(); this._protocol._cipher = createCipher(config); this._protocol._decipher = createDecipher(config); const rw = { read: undefined, write: undefined, }; switch (negotiated.cs.compress) { case 'zlib': // starts immediately if (isServer) rw.read = new ZlibPacketReader(); else rw.write = new ZlibPacketWriter(this._protocol); break; case 'zlib@openssh.com': // Starts after successful user authentication if (this._protocol._authenticated) { // If a rekey happens and this compression method is selected and // we already authenticated successfully, we need to start // immediately instead if (isServer) rw.read = new ZlibPacketReader(); else rw.write = new ZlibPacketWriter(this._protocol); break; } // FALLTHROUGH default: // none -- never any compression/decompression if (isServer) rw.read = new PacketReader(); else rw.write = new PacketWriter(this._protocol); } switch (negotiated.sc.compress) { case 'zlib': // starts immediately if (isServer) rw.write = new ZlibPacketWriter(this._protocol); else rw.read = new ZlibPacketReader(); break; case 'zlib@openssh.com': // Starts after successful user authentication if (this._protocol._authenticated) { // If a rekey happens and this compression method is selected and // we already authenticated successfully, we need to start // immediately instead if (isServer) rw.write = new ZlibPacketWriter(this._protocol); else rw.read = new ZlibPacketReader(); break; } // FALLTHROUGH default: // none -- never any compression/decompression if (isServer) rw.write = new PacketWriter(this._protocol); else rw.read = new PacketReader(); } this._protocol._packetRW.read.cleanup(); this._protocol._packetRW.write.cleanup(); this._protocol._packetRW = rw; // Cleanup/reset various state this._public = null; this._dh = null; this._kexinit = this._protocol._kexinit = undefined; this._remoteKexinit = undefined; this._identRaw = undefined; this._remoteIdentRaw = undefined; this._hostKey = undefined; this._dhData = undefined; this._sig = undefined; this._protocol._onHandshakeComplete(negotiated); return false; }; if (!isServer) return completeHandshake(); this.finish = completeHandshake; } start() { if (!this._protocol._server) { if (this._protocol._debug) { let type; switch (this.type) { case 'group': type = 'KEXDH_INIT'; break; default: type = 'KEXECDH_INIT'; } this._protocol._debug(`Outbound: Sending ${type}`); } const pubKey = this.getPublicKey(); let p = this._protocol._packetRW.write.allocStartKEX; const packet = this._protocol._packetRW.write.alloc( 1 + 4 + pubKey.length, true ); packet[p] = MESSAGE.KEXDH_INIT; writeUInt32BE(packet, pubKey.length, ++p); packet.set(pubKey, p += 4); this._protocol._cipher.encrypt( this._protocol._packetRW.write.finalize(packet, true) ); } } getPublicKey() { this.generateKeys(); const key = this._public; if (key) return this.convertPublicKey(key); } convertPublicKey(key) { let newKey; let idx = 0; let len = key.length; while (key[idx] === 0x00) { ++idx; --len; } if (key[idx] & 0x80) { newKey = Buffer.allocUnsafe(1 + len); newKey[0] = 0; key.copy(newKey, 1, idx); return newKey; } if (len !== key.length) { newKey = Buffer.allocUnsafe(len); key.copy(newKey, 0, idx); key = newKey; } return key; } computeSecret(otherPublicKey) { this.generateKeys(); try { return convertToMpint(this._dh.computeSecret(otherPublicKey)); } catch (ex) { return ex; } } parse(payload) { const type = payload[0]; switch (this._step) { case 1: if (this._protocol._server) { // Server if (type !== MESSAGE.KEXDH_INIT) { return doFatalError( this._protocol, `Received packet ${type} instead of ${MESSAGE.KEXDH_INIT}`, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } this._protocol._debug && this._protocol._debug( 'Received DH Init' ); /* byte SSH_MSG_KEXDH_INIT / SSH_MSG_KEX_ECDH_INIT string */ bufferParser.init(payload, 1); const dhData = bufferParser.readString(); bufferParser.clear(); if (dhData === undefined) { return doFatalError( this._protocol, 'Received malformed KEX*_INIT', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } // Client public key this._dhData = dhData; let hostKey = this._protocol._hostKeys[this.negotiated.serverHostKey]; if (Array.isArray(hostKey)) hostKey = hostKey[0]; this._hostKey = hostKey; this.finish(); } else { // Client if (type !== MESSAGE.KEXDH_REPLY) { return doFatalError( this._protocol, `Received packet ${type} instead of ${MESSAGE.KEXDH_REPLY}`, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } this._protocol._debug && this._protocol._debug( 'Received DH Reply' ); /* byte SSH_MSG_KEXDH_REPLY / SSH_MSG_KEX_DH_GEX_REPLY / SSH_MSG_KEX_ECDH_REPLY string server public host key and certificates (K_S) string string signature of H */ bufferParser.init(payload, 1); let hostPubKey; let dhData; let sig; if ((hostPubKey = bufferParser.readString()) === undefined || (dhData = bufferParser.readString()) === undefined || (sig = bufferParser.readString()) === undefined) { bufferParser.clear(); return doFatalError( this._protocol, 'Received malformed KEX*_REPLY', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } bufferParser.clear(); // Check that the host public key type matches what was negotiated // during KEXINIT swap bufferParser.init(hostPubKey, 0); const hostPubKeyType = bufferParser.readString(true); bufferParser.clear(); if (hostPubKeyType === undefined) { return doFatalError( this._protocol, 'Received malformed host public key', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } if (hostPubKeyType !== this.negotiated.serverHostKey) { // Check if we need to make an exception switch (this.negotiated.serverHostKey) { case 'rsa-sha2-256': case 'rsa-sha2-512': if (hostPubKeyType === 'ssh-rsa') break; // FALLTHROUGH default: return doFatalError( this._protocol, 'Host key does not match negotiated type', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } } this._hostKey = hostPubKey; this._dhData = dhData; this._sig = sig; let checked = false; let ret; if (this._protocol._hostVerifier === undefined) { ret = true; this._protocol._debug && this._protocol._debug( 'Host accepted by default (no verification)' ); } else { ret = this._protocol._hostVerifier(hostPubKey, (permitted) => { if (checked) return; checked = true; if (permitted === false) { this._protocol._debug && this._protocol._debug( 'Host denied (verification failed)' ); return doFatalError( this._protocol, 'Host denied (verification failed)', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } this._protocol._debug && this._protocol._debug( 'Host accepted (verified)' ); this._hostVerified = true; if (this._receivedNEWKEYS) this.finish(); else trySendNEWKEYS(this); }); } if (ret === undefined) { // Async host verification ++this._step; return; } checked = true; if (ret === false) { this._protocol._debug && this._protocol._debug( 'Host denied (verification failed)' ); return doFatalError( this._protocol, 'Host denied (verification failed)', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } this._protocol._debug && this._protocol._debug( 'Host accepted (verified)' ); this._hostVerified = true; trySendNEWKEYS(this); } ++this._step; break; case 2: if (type !== MESSAGE.NEWKEYS) { return doFatalError( this._protocol, `Received packet ${type} instead of ${MESSAGE.NEWKEYS}`, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } this._protocol._debug && this._protocol._debug( 'Inbound: NEWKEYS' ); this._receivedNEWKEYS = true; ++this._step; if (this._protocol._server || this._hostVerified) return this.finish(); // Signal to current decipher that we need to change to a new decipher // for the next packet return false; default: return doFatalError( this._protocol, `Received unexpected packet ${type} after NEWKEYS`, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } } } class Curve25519Exchange extends KeyExchange { constructor(hashName, ...args) { super(...args); this.type = '25519'; this.hashName = hashName; this._keys = null; } generateKeys() { if (!this._keys) this._keys = generateKeyPairSync('x25519'); } getPublicKey() { this.generateKeys(); const key = this._keys.publicKey.export({ type: 'spki', format: 'der' }); return key.slice(-32); // HACK: avoids parsing DER/BER header } convertPublicKey(key) { let newKey; let idx = 0; let len = key.length; while (key[idx] === 0x00) { ++idx; --len; } if (key.length === 32) return key; if (len !== key.length) { newKey = Buffer.allocUnsafe(len); key.copy(newKey, 0, idx); key = newKey; } return key; } computeSecret(otherPublicKey) { this.generateKeys(); try { const asnWriter = new Ber.Writer(); asnWriter.startSequence(); // algorithm asnWriter.startSequence(); asnWriter.writeOID('1.3.101.110'); // id-X25519 asnWriter.endSequence(); // PublicKey asnWriter.startSequence(Ber.BitString); asnWriter.writeByte(0x00); // XXX: hack to write a raw buffer without a tag -- yuck asnWriter._ensure(otherPublicKey.length); otherPublicKey.copy(asnWriter._buf, asnWriter._offset, 0, otherPublicKey.length); asnWriter._offset += otherPublicKey.length; asnWriter.endSequence(); asnWriter.endSequence(); return convertToMpint(diffieHellman({ privateKey: this._keys.privateKey, publicKey: createPublicKey({ key: asnWriter.buffer, type: 'spki', format: 'der', }), })); } catch (ex) { return ex; } } } class ECDHExchange extends KeyExchange { constructor(curveName, hashName, ...args) { super(...args); this.type = 'ecdh'; this.curveName = curveName; this.hashName = hashName; } generateKeys() { if (!this._dh) { this._dh = createECDH(this.curveName); this._public = this._dh.generateKeys(); } } } class DHGroupExchange extends KeyExchange { constructor(hashName, ...args) { super(...args); this.type = 'groupex'; this.hashName = hashName; this._prime = null; this._generator = null; this._minBits = GEX_MIN_BITS; this._prefBits = dhEstimate(this.negotiated); if (this._protocol._compatFlags & COMPAT.BUG_DHGEX_LARGE) this._prefBits = Math.min(this._prefBits, 4096); this._maxBits = GEX_MAX_BITS; } start() { if (this._protocol._server) return; this._protocol._debug && this._protocol._debug( 'Outbound: Sending KEXDH_GEX_REQUEST' ); let p = this._protocol._packetRW.write.allocStartKEX; const packet = this._protocol._packetRW.write.alloc( 1 + 4 + 4 + 4, true ); packet[p] = MESSAGE.KEXDH_GEX_REQUEST; writeUInt32BE(packet, this._minBits, ++p); writeUInt32BE(packet, this._prefBits, p += 4); writeUInt32BE(packet, this._maxBits, p += 4); this._protocol._cipher.encrypt( this._protocol._packetRW.write.finalize(packet, true) ); } generateKeys() { if (!this._dh && this._prime && this._generator) { this._dh = createDiffieHellman(this._prime, this._generator); this._public = this._dh.generateKeys(); } } setDHParams(prime, generator) { if (!Buffer.isBuffer(prime)) throw new Error('Invalid prime value'); if (!Buffer.isBuffer(generator)) throw new Error('Invalid generator value'); this._prime = prime; this._generator = generator; } getDHParams() { if (this._dh) { return { prime: convertToMpint(this._dh.getPrime()), generator: convertToMpint(this._dh.getGenerator()), }; } } parse(payload) { const type = payload[0]; switch (this._step) { case 1: if (this._protocol._server) { if (type !== MESSAGE.KEXDH_GEX_REQUEST) { return doFatalError( this._protocol, `Received packet ${type} instead of ` + MESSAGE.KEXDH_GEX_REQUEST, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } // TODO: allow user implementation to provide safe prime and // generator on demand to support group exchange on server side return doFatalError( this._protocol, 'Group exchange not implemented for server', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } if (type !== MESSAGE.KEXDH_GEX_GROUP) { return doFatalError( this._protocol, `Received packet ${type} instead of ${MESSAGE.KEXDH_GEX_GROUP}`, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } this._protocol._debug && this._protocol._debug( 'Received DH GEX Group' ); /* byte SSH_MSG_KEX_DH_GEX_GROUP mpint p, safe prime mpint g, generator for subgroup in GF(p) */ bufferParser.init(payload, 1); let prime; let gen; if ((prime = bufferParser.readString()) === undefined || (gen = bufferParser.readString()) === undefined) { bufferParser.clear(); return doFatalError( this._protocol, 'Received malformed KEXDH_GEX_GROUP', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } bufferParser.clear(); // TODO: validate prime this.setDHParams(prime, gen); this.generateKeys(); const pubkey = this.getPublicKey(); this._protocol._debug && this._protocol._debug( 'Outbound: Sending KEXDH_GEX_INIT' ); let p = this._protocol._packetRW.write.allocStartKEX; const packet = this._protocol._packetRW.write.alloc(1 + 4 + pubkey.length, true); packet[p] = MESSAGE.KEXDH_GEX_INIT; writeUInt32BE(packet, pubkey.length, ++p); packet.set(pubkey, p += 4); this._protocol._cipher.encrypt( this._protocol._packetRW.write.finalize(packet, true) ); ++this._step; break; case 2: if (this._protocol._server) { if (type !== MESSAGE.KEXDH_GEX_INIT) { return doFatalError( this._protocol, `Received packet ${type} instead of ${MESSAGE.KEXDH_GEX_INIT}`, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } this._protocol._debug && this._protocol._debug( 'Received DH GEX Init' ); return doFatalError( this._protocol, 'Group exchange not implemented for server', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } else if (type !== MESSAGE.KEXDH_GEX_REPLY) { return doFatalError( this._protocol, `Received packet ${type} instead of ${MESSAGE.KEXDH_GEX_REPLY}`, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } this._protocol._debug && this._protocol._debug( 'Received DH GEX Reply' ); this._step = 1; payload[0] = MESSAGE.KEXDH_REPLY; this.parse = KeyExchange.prototype.parse; this.parse(payload); } } } class DHExchange extends KeyExchange { constructor(groupName, hashName, ...args) { super(...args); this.type = 'group'; this.groupName = groupName; this.hashName = hashName; } start() { if (!this._protocol._server) { this._protocol._debug && this._protocol._debug( 'Outbound: Sending KEXDH_INIT' ); const pubKey = this.getPublicKey(); let p = this._protocol._packetRW.write.allocStartKEX; const packet = this._protocol._packetRW.write.alloc(1 + 4 + pubKey.length, true); packet[p] = MESSAGE.KEXDH_INIT; writeUInt32BE(packet, pubKey.length, ++p); packet.set(pubKey, p += 4); this._protocol._cipher.encrypt( this._protocol._packetRW.write.finalize(packet, true) ); } } generateKeys() { if (!this._dh) { this._dh = createDiffieHellmanGroup(this.groupName); this._public = this._dh.generateKeys(); } } getDHParams() { if (this._dh) { return { prime: convertToMpint(this._dh.getPrime()), generator: convertToMpint(this._dh.getGenerator()), }; } } } return (negotiated, ...args) => { if (typeof negotiated !== 'object' || negotiated === null) throw new Error('Invalid negotiated argument'); const kexType = negotiated.kex; if (typeof kexType === 'string') { args = [negotiated, ...args]; switch (kexType) { case 'curve25519-sha256': case 'curve25519-sha256@libssh.org': if (!curve25519Supported) break; return new Curve25519Exchange('sha256', ...args); case 'ecdh-sha2-nistp256': return new ECDHExchange('prime256v1', 'sha256', ...args); case 'ecdh-sha2-nistp384': return new ECDHExchange('secp384r1', 'sha384', ...args); case 'ecdh-sha2-nistp521': return new ECDHExchange('secp521r1', 'sha512', ...args); case 'diffie-hellman-group1-sha1': return new DHExchange('modp2', 'sha1', ...args); case 'diffie-hellman-group14-sha1': return new DHExchange('modp14', 'sha1', ...args); case 'diffie-hellman-group14-sha256': return new DHExchange('modp14', 'sha256', ...args); case 'diffie-hellman-group15-sha512': return new DHExchange('modp15', 'sha512', ...args); case 'diffie-hellman-group16-sha512': return new DHExchange('modp16', 'sha512', ...args); case 'diffie-hellman-group17-sha512': return new DHExchange('modp17', 'sha512', ...args); case 'diffie-hellman-group18-sha512': return new DHExchange('modp18', 'sha512', ...args); case 'diffie-hellman-group-exchange-sha1': return new DHGroupExchange('sha1', ...args); case 'diffie-hellman-group-exchange-sha256': return new DHGroupExchange('sha256', ...args); } throw new Error(`Unsupported key exchange algorithm: ${kexType}`); } throw new Error(`Invalid key exchange type: ${kexType}`); }; })(); const KexInit = (() => { const KEX_PROPERTY_NAMES = [ 'kex', 'serverHostKey', ['cs', 'cipher' ], ['sc', 'cipher' ], ['cs', 'mac' ], ['sc', 'mac' ], ['cs', 'compress' ], ['sc', 'compress' ], ['cs', 'lang' ], ['sc', 'lang' ], ]; return class KexInit { constructor(obj) { if (typeof obj !== 'object' || obj === null) throw new TypeError('Argument must be an object'); const lists = { kex: undefined, serverHostKey: undefined, cs: { cipher: undefined, mac: undefined, compress: undefined, lang: undefined, }, sc: { cipher: undefined, mac: undefined, compress: undefined, lang: undefined, }, all: undefined, }; let totalSize = 0; for (const prop of KEX_PROPERTY_NAMES) { let base; let val; let desc; let key; if (typeof prop === 'string') { base = lists; val = obj[prop]; desc = key = prop; } else { const parent = prop[0]; base = lists[parent]; key = prop[1]; val = obj[parent][key]; desc = `${parent}.${key}`; } const entry = { array: undefined, buffer: undefined }; if (Buffer.isBuffer(val)) { entry.array = ('' + val).split(','); entry.buffer = val; totalSize += 4 + val.length; } else { if (typeof val === 'string') val = val.split(','); if (Array.isArray(val)) { entry.array = val; entry.buffer = Buffer.from(val.join(',')); } else { throw new TypeError(`Invalid \`${desc}\` type: ${typeof val}`); } totalSize += 4 + entry.buffer.length; } base[key] = entry; } const all = Buffer.allocUnsafe(totalSize); lists.all = all; let allPos = 0; for (const prop of KEX_PROPERTY_NAMES) { let data; if (typeof prop === 'string') data = lists[prop].buffer; else data = lists[prop[0]][prop[1]].buffer; allPos = writeUInt32BE(all, data.length, allPos); all.set(data, allPos); allPos += data.length; } this.totalSize = totalSize; this.lists = lists; } copyAllTo(buf, offset) { const src = this.lists.all; if (typeof offset !== 'number') throw new TypeError(`Invalid offset value: ${typeof offset}`); if (buf.length - offset < src.length) throw new Error('Insufficient space to copy list'); buf.set(src, offset); return src.length; } }; })(); const hashString = (() => { const LEN = Buffer.allocUnsafe(4); return (hash, buf) => { writeUInt32BE(LEN, buf.length, 0); hash.update(LEN); hash.update(buf); }; })(); function generateKEXVal(len, hashName, secret, exchangeHash, sessionID, char) { let ret; if (len) { let digest = createHash(hashName) .update(secret) .update(exchangeHash) .update(char) .update(sessionID) .digest(); while (digest.length < len) { const chunk = createHash(hashName) .update(secret) .update(exchangeHash) .update(digest) .digest(); const extended = Buffer.allocUnsafe(digest.length + chunk.length); extended.set(digest, 0); extended.set(chunk, digest.length); digest = extended; } if (digest.length === len) ret = digest; else ret = new FastBuffer(digest.buffer, digest.byteOffset, len); } else { ret = EMPTY_BUFFER; } return ret; } function onKEXPayload(state, payload) { // XXX: move this to the Decipher implementations? if (payload.length === 0) { this._debug && this._debug('Inbound: Skipping empty packet payload'); return; } if (this._skipNextInboundPacket) { this._skipNextInboundPacket = false; return; } payload = this._packetRW.read.read(payload); const type = payload[0]; switch (type) { case MESSAGE.DISCONNECT: case MESSAGE.IGNORE: case MESSAGE.UNIMPLEMENTED: case MESSAGE.DEBUG: if (!MESSAGE_HANDLERS) MESSAGE_HANDLERS = __nccwpck_require__(172); return MESSAGE_HANDLERS[type](this, payload); case MESSAGE.KEXINIT: if (!state.firstPacket) { return doFatalError( this, 'Received extra KEXINIT during handshake', 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } state.firstPacket = false; return handleKexInit(this, payload); default: if (type < 20 || type > 49) { return doFatalError( this, `Received unexpected packet type ${type}`, 'handshake', DISCONNECT_REASON.KEY_EXCHANGE_FAILED ); } } return this._kex.parse(payload); } function dhEstimate(neg) { const csCipher = CIPHER_INFO[neg.cs.cipher]; const scCipher = CIPHER_INFO[neg.sc.cipher]; // XXX: if OpenSSH's `umac-*` MACs are ever supported, their key lengths will // also need to be considered when calculating `bits` const bits = Math.max( 0, (csCipher.sslName === 'des-ede3-cbc' ? 14 : csCipher.keyLen), csCipher.blockLen, csCipher.ivLen, (scCipher.sslName === 'des-ede3-cbc' ? 14 : scCipher.keyLen), scCipher.blockLen, scCipher.ivLen ) * 8; if (bits <= 112) return 2048; if (bits <= 128) return 3072; if (bits <= 192) return 7680; return 8192; } function trySendNEWKEYS(kex) { if (!kex._sentNEWKEYS) { kex._protocol._debug && kex._protocol._debug( 'Outbound: Sending NEWKEYS' ); const p = kex._protocol._packetRW.write.allocStartKEX; const packet = kex._protocol._packetRW.write.alloc(1, true); packet[p] = MESSAGE.NEWKEYS; kex._protocol._cipher.encrypt( kex._protocol._packetRW.write.finalize(packet, true) ); kex._sentNEWKEYS = true; } } module.exports = { KexInit, kexinit, onKEXPayload, DEFAULT_KEXINIT: new KexInit({ kex: DEFAULT_KEX, serverHostKey: DEFAULT_SERVER_HOST_KEY, cs: { cipher: DEFAULT_CIPHER, mac: DEFAULT_MAC, compress: DEFAULT_COMPRESSION, lang: [], }, sc: { cipher: DEFAULT_CIPHER, mac: DEFAULT_MAC, compress: DEFAULT_COMPRESSION, lang: [], }, }), HANDLERS: { [MESSAGE.KEXINIT]: handleKexInit, }, }; /***/ }), /***/ 2218: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; // TODO: // * utilize `crypto.create(Private|Public)Key()` and `keyObject.export()` // * handle multi-line header values (OpenSSH)? // * more thorough validation? const { createDecipheriv, createECDH, createHash, createHmac, createSign, createVerify, getCiphers, sign: sign_, verify: verify_, } = __nccwpck_require__(6417); const supportedOpenSSLCiphers = getCiphers(); const { Ber } = __nccwpck_require__(970); const bcrypt_pbkdf = __nccwpck_require__(5447).pbkdf; const { CIPHER_INFO } = __nccwpck_require__(5708); const { eddsaSupported, SUPPORTED_CIPHER } = __nccwpck_require__(6832); const { bufferSlice, makeBufferParser, readString, readUInt32BE, writeUInt32BE, } = __nccwpck_require__(9475); const SYM_HASH_ALGO = Symbol('Hash Algorithm'); const SYM_PRIV_PEM = Symbol('Private key PEM'); const SYM_PUB_PEM = Symbol('Public key PEM'); const SYM_PUB_SSH = Symbol('Public key SSH'); const SYM_DECRYPTED = Symbol('Decrypted Key'); // Create OpenSSL cipher name -> SSH cipher name conversion table const CIPHER_INFO_OPENSSL = Object.create(null); { const keys = Object.keys(CIPHER_INFO); for (let i = 0; i < keys.length; ++i) { const cipherName = CIPHER_INFO[keys[i]].sslName; if (!cipherName || CIPHER_INFO_OPENSSL[cipherName]) continue; CIPHER_INFO_OPENSSL[cipherName] = CIPHER_INFO[keys[i]]; } } const binaryKeyParser = makeBufferParser(); function makePEM(type, data) { data = data.base64Slice(0, data.length); let formatted = data.replace(/.{64}/g, '$&\n'); if (data.length & 63) formatted += '\n'; return `-----BEGIN ${type} KEY-----\n${formatted}-----END ${type} KEY-----`; } function combineBuffers(buf1, buf2) { const result = Buffer.allocUnsafe(buf1.length + buf2.length); result.set(buf1, 0); result.set(buf2, buf1.length); return result; } function skipFields(buf, nfields) { const bufLen = buf.length; let pos = (buf._pos || 0); for (let i = 0; i < nfields; ++i) { const left = (bufLen - pos); if (pos >= bufLen || left < 4) return false; const len = readUInt32BE(buf, pos); if (left < 4 + len) return false; pos += 4 + len; } buf._pos = pos; return true; } function genOpenSSLRSAPub(n, e) { const asnWriter = new Ber.Writer(); asnWriter.startSequence(); // algorithm asnWriter.startSequence(); asnWriter.writeOID('1.2.840.113549.1.1.1'); // rsaEncryption // algorithm parameters (RSA has none) asnWriter.writeNull(); asnWriter.endSequence(); // subjectPublicKey asnWriter.startSequence(Ber.BitString); asnWriter.writeByte(0x00); asnWriter.startSequence(); asnWriter.writeBuffer(n, Ber.Integer); asnWriter.writeBuffer(e, Ber.Integer); asnWriter.endSequence(); asnWriter.endSequence(); asnWriter.endSequence(); return makePEM('PUBLIC', asnWriter.buffer); } function genOpenSSHRSAPub(n, e) { const publicKey = Buffer.allocUnsafe(4 + 7 + 4 + e.length + 4 + n.length); writeUInt32BE(publicKey, 7, 0); publicKey.utf8Write('ssh-rsa', 4, 7); let i = 4 + 7; writeUInt32BE(publicKey, e.length, i); publicKey.set(e, i += 4); writeUInt32BE(publicKey, n.length, i += e.length); publicKey.set(n, i + 4); return publicKey; } const genOpenSSLRSAPriv = (() => { function genRSAASN1Buf(n, e, d, p, q, dmp1, dmq1, iqmp) { const asnWriter = new Ber.Writer(); asnWriter.startSequence(); asnWriter.writeInt(0x00, Ber.Integer); asnWriter.writeBuffer(n, Ber.Integer); asnWriter.writeBuffer(e, Ber.Integer); asnWriter.writeBuffer(d, Ber.Integer); asnWriter.writeBuffer(p, Ber.Integer); asnWriter.writeBuffer(q, Ber.Integer); asnWriter.writeBuffer(dmp1, Ber.Integer); asnWriter.writeBuffer(dmq1, Ber.Integer); asnWriter.writeBuffer(iqmp, Ber.Integer); asnWriter.endSequence(); return asnWriter.buffer; } function bigIntFromBuffer(buf) { return BigInt(`0x${buf.hexSlice(0, buf.length)}`); } function bigIntToBuffer(bn) { let hex = bn.toString(16); if ((hex.length & 1) !== 0) { hex = `0${hex}`; } else { const sigbit = hex.charCodeAt(0); // BER/DER integers require leading zero byte to denote a positive value // when first byte >= 0x80 if (sigbit === 56/* '8' */ || sigbit === 57/* '9' */ || (sigbit >= 97/* 'a' */ && sigbit <= 102/* 'f' */)) { hex = `00${hex}`; } } return Buffer.from(hex, 'hex'); } return function genOpenSSLRSAPriv(n, e, d, iqmp, p, q) { const bn_d = bigIntFromBuffer(d); const dmp1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(p) - 1n)); const dmq1 = bigIntToBuffer(bn_d % (bigIntFromBuffer(q) - 1n)); return makePEM('RSA PRIVATE', genRSAASN1Buf(n, e, d, p, q, dmp1, dmq1, iqmp)); }; })(); function genOpenSSLDSAPub(p, q, g, y) { const asnWriter = new Ber.Writer(); asnWriter.startSequence(); // algorithm asnWriter.startSequence(); asnWriter.writeOID('1.2.840.10040.4.1'); // id-dsa // algorithm parameters asnWriter.startSequence(); asnWriter.writeBuffer(p, Ber.Integer); asnWriter.writeBuffer(q, Ber.Integer); asnWriter.writeBuffer(g, Ber.Integer); asnWriter.endSequence(); asnWriter.endSequence(); // subjectPublicKey asnWriter.startSequence(Ber.BitString); asnWriter.writeByte(0x00); asnWriter.writeBuffer(y, Ber.Integer); asnWriter.endSequence(); asnWriter.endSequence(); return makePEM('PUBLIC', asnWriter.buffer); } function genOpenSSHDSAPub(p, q, g, y) { const publicKey = Buffer.allocUnsafe( 4 + 7 + 4 + p.length + 4 + q.length + 4 + g.length + 4 + y.length ); writeUInt32BE(publicKey, 7, 0); publicKey.utf8Write('ssh-dss', 4, 7); let i = 4 + 7; writeUInt32BE(publicKey, p.length, i); publicKey.set(p, i += 4); writeUInt32BE(publicKey, q.length, i += p.length); publicKey.set(q, i += 4); writeUInt32BE(publicKey, g.length, i += q.length); publicKey.set(g, i += 4); writeUInt32BE(publicKey, y.length, i += g.length); publicKey.set(y, i + 4); return publicKey; } function genOpenSSLDSAPriv(p, q, g, y, x) { const asnWriter = new Ber.Writer(); asnWriter.startSequence(); asnWriter.writeInt(0x00, Ber.Integer); asnWriter.writeBuffer(p, Ber.Integer); asnWriter.writeBuffer(q, Ber.Integer); asnWriter.writeBuffer(g, Ber.Integer); asnWriter.writeBuffer(y, Ber.Integer); asnWriter.writeBuffer(x, Ber.Integer); asnWriter.endSequence(); return makePEM('DSA PRIVATE', asnWriter.buffer); } function genOpenSSLEdPub(pub) { const asnWriter = new Ber.Writer(); asnWriter.startSequence(); // algorithm asnWriter.startSequence(); asnWriter.writeOID('1.3.101.112'); // id-Ed25519 asnWriter.endSequence(); // PublicKey asnWriter.startSequence(Ber.BitString); asnWriter.writeByte(0x00); // XXX: hack to write a raw buffer without a tag -- yuck asnWriter._ensure(pub.length); asnWriter._buf.set(pub, asnWriter._offset); asnWriter._offset += pub.length; asnWriter.endSequence(); asnWriter.endSequence(); return makePEM('PUBLIC', asnWriter.buffer); } function genOpenSSHEdPub(pub) { const publicKey = Buffer.allocUnsafe(4 + 11 + 4 + pub.length); writeUInt32BE(publicKey, 11, 0); publicKey.utf8Write('ssh-ed25519', 4, 11); writeUInt32BE(publicKey, pub.length, 15); publicKey.set(pub, 19); return publicKey; } function genOpenSSLEdPriv(priv) { const asnWriter = new Ber.Writer(); asnWriter.startSequence(); // version asnWriter.writeInt(0x00, Ber.Integer); // algorithm asnWriter.startSequence(); asnWriter.writeOID('1.3.101.112'); // id-Ed25519 asnWriter.endSequence(); // PrivateKey asnWriter.startSequence(Ber.OctetString); asnWriter.writeBuffer(priv, Ber.OctetString); asnWriter.endSequence(); asnWriter.endSequence(); return makePEM('PRIVATE', asnWriter.buffer); } function genOpenSSLECDSAPub(oid, Q) { const asnWriter = new Ber.Writer(); asnWriter.startSequence(); // algorithm asnWriter.startSequence(); asnWriter.writeOID('1.2.840.10045.2.1'); // id-ecPublicKey // algorithm parameters (namedCurve) asnWriter.writeOID(oid); asnWriter.endSequence(); // subjectPublicKey asnWriter.startSequence(Ber.BitString); asnWriter.writeByte(0x00); // XXX: hack to write a raw buffer without a tag -- yuck asnWriter._ensure(Q.length); asnWriter._buf.set(Q, asnWriter._offset); asnWriter._offset += Q.length; // end hack asnWriter.endSequence(); asnWriter.endSequence(); return makePEM('PUBLIC', asnWriter.buffer); } function genOpenSSHECDSAPub(oid, Q) { let curveName; switch (oid) { case '1.2.840.10045.3.1.7': // prime256v1/secp256r1 curveName = 'nistp256'; break; case '1.3.132.0.34': // secp384r1 curveName = 'nistp384'; break; case '1.3.132.0.35': // secp521r1 curveName = 'nistp521'; break; default: return; } const publicKey = Buffer.allocUnsafe(4 + 19 + 4 + 8 + 4 + Q.length); writeUInt32BE(publicKey, 19, 0); publicKey.utf8Write(`ecdsa-sha2-${curveName}`, 4, 19); writeUInt32BE(publicKey, 8, 23); publicKey.utf8Write(curveName, 27, 8); writeUInt32BE(publicKey, Q.length, 35); publicKey.set(Q, 39); return publicKey; } function genOpenSSLECDSAPriv(oid, pub, priv) { const asnWriter = new Ber.Writer(); asnWriter.startSequence(); // version asnWriter.writeInt(0x01, Ber.Integer); // privateKey asnWriter.writeBuffer(priv, Ber.OctetString); // parameters (optional) asnWriter.startSequence(0xA0); asnWriter.writeOID(oid); asnWriter.endSequence(); // publicKey (optional) asnWriter.startSequence(0xA1); asnWriter.startSequence(Ber.BitString); asnWriter.writeByte(0x00); // XXX: hack to write a raw buffer without a tag -- yuck asnWriter._ensure(pub.length); asnWriter._buf.set(pub, asnWriter._offset); asnWriter._offset += pub.length; // end hack asnWriter.endSequence(); asnWriter.endSequence(); asnWriter.endSequence(); return makePEM('EC PRIVATE', asnWriter.buffer); } function genOpenSSLECDSAPubFromPriv(curveName, priv) { const tempECDH = createECDH(curveName); tempECDH.setPrivateKey(priv); return tempECDH.getPublicKey(); } const BaseKey = { sign: (() => { if (typeof sign_ === 'function') { return function sign(data, algo) { const pem = this[SYM_PRIV_PEM]; if (pem === null) return new Error('No private key available'); if (!algo || typeof algo !== 'string') algo = this[SYM_HASH_ALGO]; try { return sign_(algo, data, pem); } catch (ex) { return ex; } }; } return function sign(data, algo) { const pem = this[SYM_PRIV_PEM]; if (pem === null) return new Error('No private key available'); if (!algo || typeof algo !== 'string') algo = this[SYM_HASH_ALGO]; const signature = createSign(algo); signature.update(data); try { return signature.sign(pem); } catch (ex) { return ex; } }; })(), verify: (() => { if (typeof verify_ === 'function') { return function verify(data, signature, algo) { const pem = this[SYM_PUB_PEM]; if (pem === null) return new Error('No public key available'); if (!algo || typeof algo !== 'string') algo = this[SYM_HASH_ALGO]; try { return verify_(algo, data, pem, signature); } catch (ex) { return ex; } }; } return function verify(data, signature, algo) { const pem = this[SYM_PUB_PEM]; if (pem === null) return new Error('No public key available'); if (!algo || typeof algo !== 'string') algo = this[SYM_HASH_ALGO]; const verifier = createVerify(algo); verifier.update(data); try { return verifier.verify(pem, signature); } catch (ex) { return ex; } }; })(), isPrivateKey: function isPrivateKey() { return (this[SYM_PRIV_PEM] !== null); }, getPrivatePEM: function getPrivatePEM() { return this[SYM_PRIV_PEM]; }, getPublicPEM: function getPublicPEM() { return this[SYM_PUB_PEM]; }, getPublicSSH: function getPublicSSH() { return this[SYM_PUB_SSH]; }, equals: function equals(key) { const parsed = parseKey(key); if (parsed instanceof Error) return false; return ( this.type === parsed.type && this[SYM_PRIV_PEM] === parsed[SYM_PRIV_PEM] && this[SYM_PUB_PEM] === parsed[SYM_PUB_PEM] && this[SYM_PUB_SSH] === parsed[SYM_PUB_SSH] ); }, }; function OpenSSH_Private(type, comment, privPEM, pubPEM, pubSSH, algo, decrypted) { this.type = type; this.comment = comment; this[SYM_PRIV_PEM] = privPEM; this[SYM_PUB_PEM] = pubPEM; this[SYM_PUB_SSH] = pubSSH; this[SYM_HASH_ALGO] = algo; this[SYM_DECRYPTED] = decrypted; } OpenSSH_Private.prototype = BaseKey; { const regexp = /^-----BEGIN OPENSSH PRIVATE KEY-----(?:\r\n|\n)([\s\S]+)(?:\r\n|\n)-----END OPENSSH PRIVATE KEY-----$/; OpenSSH_Private.parse = (str, passphrase) => { const m = regexp.exec(str); if (m === null) return null; let ret; const data = Buffer.from(m[1], 'base64'); if (data.length < 31) // magic (+ magic null term.) + minimum field lengths return new Error('Malformed OpenSSH private key'); const magic = data.utf8Slice(0, 15); if (magic !== 'openssh-key-v1\0') return new Error(`Unsupported OpenSSH key magic: ${magic}`); const cipherName = readString(data, 15, true); if (cipherName === undefined) return new Error('Malformed OpenSSH private key'); if (cipherName !== 'none' && SUPPORTED_CIPHER.indexOf(cipherName) === -1) return new Error(`Unsupported cipher for OpenSSH key: ${cipherName}`); const kdfName = readString(data, data._pos, true); if (kdfName === undefined) return new Error('Malformed OpenSSH private key'); if (kdfName !== 'none') { if (cipherName === 'none') return new Error('Malformed OpenSSH private key'); if (kdfName !== 'bcrypt') return new Error(`Unsupported kdf name for OpenSSH key: ${kdfName}`); if (!passphrase) { return new Error( 'Encrypted private OpenSSH key detected, but no passphrase given' ); } } else if (cipherName !== 'none') { return new Error('Malformed OpenSSH private key'); } let encInfo; let cipherKey; let cipherIV; if (cipherName !== 'none') encInfo = CIPHER_INFO[cipherName]; const kdfOptions = readString(data, data._pos); if (kdfOptions === undefined) return new Error('Malformed OpenSSH private key'); if (kdfOptions.length) { switch (kdfName) { case 'none': return new Error('Malformed OpenSSH private key'); case 'bcrypt': /* string salt uint32 rounds */ const salt = readString(kdfOptions, 0); if (salt === undefined || kdfOptions._pos + 4 > kdfOptions.length) return new Error('Malformed OpenSSH private key'); const rounds = readUInt32BE(kdfOptions, kdfOptions._pos); const gen = Buffer.allocUnsafe(encInfo.keyLen + encInfo.ivLen); const r = bcrypt_pbkdf(passphrase, passphrase.length, salt, salt.length, gen, gen.length, rounds); if (r !== 0) return new Error('Failed to generate information to decrypt key'); cipherKey = bufferSlice(gen, 0, encInfo.keyLen); cipherIV = bufferSlice(gen, encInfo.keyLen, gen.length); break; } } else if (kdfName !== 'none') { return new Error('Malformed OpenSSH private key'); } if (data._pos + 3 >= data.length) return new Error('Malformed OpenSSH private key'); const keyCount = readUInt32BE(data, data._pos); data._pos += 4; if (keyCount > 0) { // TODO: place sensible limit on max `keyCount` // Read public keys first for (let i = 0; i < keyCount; ++i) { const pubData = readString(data, data._pos); if (pubData === undefined) return new Error('Malformed OpenSSH private key'); const type = readString(pubData, 0, true); if (type === undefined) return new Error('Malformed OpenSSH private key'); } let privBlob = readString(data, data._pos); if (privBlob === undefined) return new Error('Malformed OpenSSH private key'); if (cipherKey !== undefined) { // Encrypted private key(s) if (privBlob.length < encInfo.blockLen || (privBlob.length % encInfo.blockLen) !== 0) { return new Error('Malformed OpenSSH private key'); } try { const options = { authTagLength: encInfo.authLen }; const decipher = createDecipheriv(encInfo.sslName, cipherKey, cipherIV, options); if (encInfo.authLen > 0) { if (data.length - data._pos < encInfo.authLen) return new Error('Malformed OpenSSH private key'); decipher.setAuthTag( bufferSlice(data, data._pos, data._pos += encInfo.authLen) ); } privBlob = combineBuffers(decipher.update(privBlob), decipher.final()); } catch (ex) { return ex; } } // Nothing should we follow the private key(s), except a possible // authentication tag for relevant ciphers if (data._pos !== data.length) return new Error('Malformed OpenSSH private key'); ret = parseOpenSSHPrivKeys(privBlob, keyCount, cipherKey !== undefined); } else { ret = []; } if (ret instanceof Error) return ret; // This will need to change if/when OpenSSH ever starts storing multiple // keys in their key files return ret[0]; }; function parseOpenSSHPrivKeys(data, nkeys, decrypted) { const keys = []; /* uint32 checkint uint32 checkint string privatekey1 string comment1 string privatekey2 string comment2 ... string privatekeyN string commentN char 1 char 2 char 3 ... char padlen % 255 */ if (data.length < 8) return new Error('Malformed OpenSSH private key'); const check1 = readUInt32BE(data, 0); const check2 = readUInt32BE(data, 4); if (check1 !== check2) { if (decrypted) { return new Error( 'OpenSSH key integrity check failed -- bad passphrase?' ); } return new Error('OpenSSH key integrity check failed'); } data._pos = 8; let i; let oid; for (i = 0; i < nkeys; ++i) { let algo; let privPEM; let pubPEM; let pubSSH; // The OpenSSH documentation for the key format actually lies, the // entirety of the private key content is not contained with a string // field, it's actually the literal contents of the private key, so to be // able to find the end of the key data you need to know the layout/format // of each key type ... const type = readString(data, data._pos, true); if (type === undefined) return new Error('Malformed OpenSSH private key'); switch (type) { case 'ssh-rsa': { /* string n -- public string e -- public string d -- private string iqmp -- private string p -- private string q -- private */ const n = readString(data, data._pos); if (n === undefined) return new Error('Malformed OpenSSH private key'); const e = readString(data, data._pos); if (e === undefined) return new Error('Malformed OpenSSH private key'); const d = readString(data, data._pos); if (d === undefined) return new Error('Malformed OpenSSH private key'); const iqmp = readString(data, data._pos); if (iqmp === undefined) return new Error('Malformed OpenSSH private key'); const p = readString(data, data._pos); if (p === undefined) return new Error('Malformed OpenSSH private key'); const q = readString(data, data._pos); if (q === undefined) return new Error('Malformed OpenSSH private key'); pubPEM = genOpenSSLRSAPub(n, e); pubSSH = genOpenSSHRSAPub(n, e); privPEM = genOpenSSLRSAPriv(n, e, d, iqmp, p, q); algo = 'sha1'; break; } case 'ssh-dss': { /* string p -- public string q -- public string g -- public string y -- public string x -- private */ const p = readString(data, data._pos); if (p === undefined) return new Error('Malformed OpenSSH private key'); const q = readString(data, data._pos); if (q === undefined) return new Error('Malformed OpenSSH private key'); const g = readString(data, data._pos); if (g === undefined) return new Error('Malformed OpenSSH private key'); const y = readString(data, data._pos); if (y === undefined) return new Error('Malformed OpenSSH private key'); const x = readString(data, data._pos); if (x === undefined) return new Error('Malformed OpenSSH private key'); pubPEM = genOpenSSLDSAPub(p, q, g, y); pubSSH = genOpenSSHDSAPub(p, q, g, y); privPEM = genOpenSSLDSAPriv(p, q, g, y, x); algo = 'sha1'; break; } case 'ssh-ed25519': { if (!eddsaSupported) return new Error(`Unsupported OpenSSH private key type: ${type}`); /* * string public key * string private key + public key */ const edpub = readString(data, data._pos); if (edpub === undefined || edpub.length !== 32) return new Error('Malformed OpenSSH private key'); const edpriv = readString(data, data._pos); if (edpriv === undefined || edpriv.length !== 64) return new Error('Malformed OpenSSH private key'); pubPEM = genOpenSSLEdPub(edpub); pubSSH = genOpenSSHEdPub(edpub); privPEM = genOpenSSLEdPriv(bufferSlice(edpriv, 0, 32)); algo = null; break; } case 'ecdsa-sha2-nistp256': algo = 'sha256'; oid = '1.2.840.10045.3.1.7'; // FALLTHROUGH case 'ecdsa-sha2-nistp384': if (algo === undefined) { algo = 'sha384'; oid = '1.3.132.0.34'; } // FALLTHROUGH case 'ecdsa-sha2-nistp521': { if (algo === undefined) { algo = 'sha512'; oid = '1.3.132.0.35'; } /* string curve name string Q -- public string d -- private */ // TODO: validate curve name against type if (!skipFields(data, 1)) // Skip curve name return new Error('Malformed OpenSSH private key'); const ecpub = readString(data, data._pos); if (ecpub === undefined) return new Error('Malformed OpenSSH private key'); const ecpriv = readString(data, data._pos); if (ecpriv === undefined) return new Error('Malformed OpenSSH private key'); pubPEM = genOpenSSLECDSAPub(oid, ecpub); pubSSH = genOpenSSHECDSAPub(oid, ecpub); privPEM = genOpenSSLECDSAPriv(oid, ecpub, ecpriv); break; } default: return new Error(`Unsupported OpenSSH private key type: ${type}`); } const privComment = readString(data, data._pos, true); if (privComment === undefined) return new Error('Malformed OpenSSH private key'); keys.push( new OpenSSH_Private(type, privComment, privPEM, pubPEM, pubSSH, algo, decrypted) ); } let cnt = 0; for (i = data._pos; i < data.length; ++i) { if (data[i] !== (++cnt % 255)) return new Error('Malformed OpenSSH private key'); } return keys; } } function OpenSSH_Old_Private(type, comment, privPEM, pubPEM, pubSSH, algo, decrypted) { this.type = type; this.comment = comment; this[SYM_PRIV_PEM] = privPEM; this[SYM_PUB_PEM] = pubPEM; this[SYM_PUB_SSH] = pubSSH; this[SYM_HASH_ALGO] = algo; this[SYM_DECRYPTED] = decrypted; } OpenSSH_Old_Private.prototype = BaseKey; { const regexp = /^-----BEGIN (RSA|DSA|EC) PRIVATE KEY-----(?:\r\n|\n)((?:[^:]+:\s*[\S].*(?:\r\n|\n))*)([\s\S]+)(?:\r\n|\n)-----END (RSA|DSA|EC) PRIVATE KEY-----$/; OpenSSH_Old_Private.parse = (str, passphrase) => { const m = regexp.exec(str); if (m === null) return null; let privBlob = Buffer.from(m[3], 'base64'); let headers = m[2]; let decrypted = false; if (headers !== undefined) { // encrypted key headers = headers.split(/\r\n|\n/g); for (let i = 0; i < headers.length; ++i) { const header = headers[i]; let sepIdx = header.indexOf(':'); if (header.slice(0, sepIdx) === 'DEK-Info') { const val = header.slice(sepIdx + 2); sepIdx = val.indexOf(','); if (sepIdx === -1) continue; const cipherName = val.slice(0, sepIdx).toLowerCase(); if (supportedOpenSSLCiphers.indexOf(cipherName) === -1) { return new Error( `Cipher (${cipherName}) not supported ` + 'for encrypted OpenSSH private key' ); } const encInfo = CIPHER_INFO_OPENSSL[cipherName]; if (!encInfo) { return new Error( `Cipher (${cipherName}) not supported ` + 'for encrypted OpenSSH private key' ); } const cipherIV = Buffer.from(val.slice(sepIdx + 1), 'hex'); if (cipherIV.length !== encInfo.ivLen) return new Error('Malformed encrypted OpenSSH private key'); if (!passphrase) { return new Error( 'Encrypted OpenSSH private key detected, but no passphrase given' ); } const ivSlice = bufferSlice(cipherIV, 0, 8); let cipherKey = createHash('md5') .update(passphrase) .update(ivSlice) .digest(); while (cipherKey.length < encInfo.keyLen) { cipherKey = combineBuffers( cipherKey, createHash('md5') .update(cipherKey) .update(passphrase) .update(ivSlice) .digest() ); } if (cipherKey.length > encInfo.keyLen) cipherKey = bufferSlice(cipherKey, 0, encInfo.keyLen); try { const decipher = createDecipheriv(cipherName, cipherKey, cipherIV); decipher.setAutoPadding(false); privBlob = combineBuffers(decipher.update(privBlob), decipher.final()); decrypted = true; } catch (ex) { return ex; } } } } let type; let privPEM; let pubPEM; let pubSSH; let algo; let reader; let errMsg = 'Malformed OpenSSH private key'; if (decrypted) errMsg += '. Bad passphrase?'; switch (m[1]) { case 'RSA': type = 'ssh-rsa'; privPEM = makePEM('RSA PRIVATE', privBlob); try { reader = new Ber.Reader(privBlob); reader.readSequence(); reader.readInt(); // skip version const n = reader.readString(Ber.Integer, true); if (n === null) return new Error(errMsg); const e = reader.readString(Ber.Integer, true); if (e === null) return new Error(errMsg); pubPEM = genOpenSSLRSAPub(n, e); pubSSH = genOpenSSHRSAPub(n, e); } catch { return new Error(errMsg); } algo = 'sha1'; break; case 'DSA': type = 'ssh-dss'; privPEM = makePEM('DSA PRIVATE', privBlob); try { reader = new Ber.Reader(privBlob); reader.readSequence(); reader.readInt(); // skip version const p = reader.readString(Ber.Integer, true); if (p === null) return new Error(errMsg); const q = reader.readString(Ber.Integer, true); if (q === null) return new Error(errMsg); const g = reader.readString(Ber.Integer, true); if (g === null) return new Error(errMsg); const y = reader.readString(Ber.Integer, true); if (y === null) return new Error(errMsg); pubPEM = genOpenSSLDSAPub(p, q, g, y); pubSSH = genOpenSSHDSAPub(p, q, g, y); } catch { return new Error(errMsg); } algo = 'sha1'; break; case 'EC': let ecSSLName; let ecPriv; let ecOID; try { reader = new Ber.Reader(privBlob); reader.readSequence(); reader.readInt(); // skip version ecPriv = reader.readString(Ber.OctetString, true); reader.readByte(); // Skip "complex" context type byte const offset = reader.readLength(); // Skip context length if (offset !== null) { reader._offset = offset; ecOID = reader.readOID(); if (ecOID === null) return new Error(errMsg); switch (ecOID) { case '1.2.840.10045.3.1.7': // prime256v1/secp256r1 ecSSLName = 'prime256v1'; type = 'ecdsa-sha2-nistp256'; algo = 'sha256'; break; case '1.3.132.0.34': // secp384r1 ecSSLName = 'secp384r1'; type = 'ecdsa-sha2-nistp384'; algo = 'sha384'; break; case '1.3.132.0.35': // secp521r1 ecSSLName = 'secp521r1'; type = 'ecdsa-sha2-nistp521'; algo = 'sha512'; break; default: return new Error(`Unsupported private key EC OID: ${ecOID}`); } } else { return new Error(errMsg); } } catch { return new Error(errMsg); } privPEM = makePEM('EC PRIVATE', privBlob); const pubBlob = genOpenSSLECDSAPubFromPriv(ecSSLName, ecPriv); pubPEM = genOpenSSLECDSAPub(ecOID, pubBlob); pubSSH = genOpenSSHECDSAPub(ecOID, pubBlob); break; } return new OpenSSH_Old_Private(type, '', privPEM, pubPEM, pubSSH, algo, decrypted); }; } function PPK_Private(type, comment, privPEM, pubPEM, pubSSH, algo, decrypted) { this.type = type; this.comment = comment; this[SYM_PRIV_PEM] = privPEM; this[SYM_PUB_PEM] = pubPEM; this[SYM_PUB_SSH] = pubSSH; this[SYM_HASH_ALGO] = algo; this[SYM_DECRYPTED] = decrypted; } PPK_Private.prototype = BaseKey; { const EMPTY_PASSPHRASE = Buffer.alloc(0); const PPK_IV = Buffer.from([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]); const PPK_PP1 = Buffer.from([0, 0, 0, 0]); const PPK_PP2 = Buffer.from([0, 0, 0, 1]); const regexp = /^PuTTY-User-Key-File-2: (ssh-(?:rsa|dss))\r?\nEncryption: (aes256-cbc|none)\r?\nComment: ([^\r\n]*)\r?\nPublic-Lines: \d+\r?\n([\s\S]+?)\r?\nPrivate-Lines: \d+\r?\n([\s\S]+?)\r?\nPrivate-MAC: ([^\r\n]+)/; PPK_Private.parse = (str, passphrase) => { const m = regexp.exec(str); if (m === null) return null; // m[1] = key type // m[2] = encryption type // m[3] = comment // m[4] = base64-encoded public key data: // for "ssh-rsa": // string "ssh-rsa" // mpint e (public exponent) // mpint n (modulus) // for "ssh-dss": // string "ssh-dss" // mpint p (modulus) // mpint q (prime) // mpint g (base number) // mpint y (public key parameter: g^x mod p) // m[5] = base64-encoded private key data: // for "ssh-rsa": // mpint d (private exponent) // mpint p (prime 1) // mpint q (prime 2) // mpint iqmp ([inverse of q] mod p) // for "ssh-dss": // mpint x (private key parameter) // m[6] = SHA1 HMAC over: // string name of algorithm ("ssh-dss", "ssh-rsa") // string encryption type // string comment // string public key data // string private-plaintext (including the final padding) const cipherName = m[2]; const encrypted = (cipherName !== 'none'); if (encrypted && !passphrase) { return new Error( 'Encrypted PPK private key detected, but no passphrase given' ); } let privBlob = Buffer.from(m[5], 'base64'); if (encrypted) { const encInfo = CIPHER_INFO[cipherName]; let cipherKey = combineBuffers( createHash('sha1').update(PPK_PP1).update(passphrase).digest(), createHash('sha1').update(PPK_PP2).update(passphrase).digest() ); if (cipherKey.length > encInfo.keyLen) cipherKey = bufferSlice(cipherKey, 0, encInfo.keyLen); try { const decipher = createDecipheriv(encInfo.sslName, cipherKey, PPK_IV); decipher.setAutoPadding(false); privBlob = combineBuffers(decipher.update(privBlob), decipher.final()); } catch (ex) { return ex; } } const type = m[1]; const comment = m[3]; const pubBlob = Buffer.from(m[4], 'base64'); const mac = m[6]; const typeLen = type.length; const cipherNameLen = cipherName.length; const commentLen = Buffer.byteLength(comment); const pubLen = pubBlob.length; const privLen = privBlob.length; const macData = Buffer.allocUnsafe(4 + typeLen + 4 + cipherNameLen + 4 + commentLen + 4 + pubLen + 4 + privLen); let p = 0; writeUInt32BE(macData, typeLen, p); macData.utf8Write(type, p += 4, typeLen); writeUInt32BE(macData, cipherNameLen, p += typeLen); macData.utf8Write(cipherName, p += 4, cipherNameLen); writeUInt32BE(macData, commentLen, p += cipherNameLen); macData.utf8Write(comment, p += 4, commentLen); writeUInt32BE(macData, pubLen, p += commentLen); macData.set(pubBlob, p += 4); writeUInt32BE(macData, privLen, p += pubLen); macData.set(privBlob, p + 4); if (!passphrase) passphrase = EMPTY_PASSPHRASE; const calcMAC = createHmac( 'sha1', createHash('sha1') .update('putty-private-key-file-mac-key') .update(passphrase) .digest() ).update(macData).digest('hex'); if (calcMAC !== mac) { if (encrypted) { return new Error( 'PPK private key integrity check failed -- bad passphrase?' ); } return new Error('PPK private key integrity check failed'); } let pubPEM; let pubSSH; let privPEM; pubBlob._pos = 0; skipFields(pubBlob, 1); // skip (duplicate) key type switch (type) { case 'ssh-rsa': { const e = readString(pubBlob, pubBlob._pos); if (e === undefined) return new Error('Malformed PPK public key'); const n = readString(pubBlob, pubBlob._pos); if (n === undefined) return new Error('Malformed PPK public key'); const d = readString(privBlob, 0); if (d === undefined) return new Error('Malformed PPK private key'); const p = readString(privBlob, privBlob._pos); if (p === undefined) return new Error('Malformed PPK private key'); const q = readString(privBlob, privBlob._pos); if (q === undefined) return new Error('Malformed PPK private key'); const iqmp = readString(privBlob, privBlob._pos); if (iqmp === undefined) return new Error('Malformed PPK private key'); pubPEM = genOpenSSLRSAPub(n, e); pubSSH = genOpenSSHRSAPub(n, e); privPEM = genOpenSSLRSAPriv(n, e, d, iqmp, p, q); break; } case 'ssh-dss': { const p = readString(pubBlob, pubBlob._pos); if (p === undefined) return new Error('Malformed PPK public key'); const q = readString(pubBlob, pubBlob._pos); if (q === undefined) return new Error('Malformed PPK public key'); const g = readString(pubBlob, pubBlob._pos); if (g === undefined) return new Error('Malformed PPK public key'); const y = readString(pubBlob, pubBlob._pos); if (y === undefined) return new Error('Malformed PPK public key'); const x = readString(privBlob, 0); if (x === undefined) return new Error('Malformed PPK private key'); pubPEM = genOpenSSLDSAPub(p, q, g, y); pubSSH = genOpenSSHDSAPub(p, q, g, y); privPEM = genOpenSSLDSAPriv(p, q, g, y, x); break; } } return new PPK_Private(type, comment, privPEM, pubPEM, pubSSH, 'sha1', encrypted); }; } function OpenSSH_Public(type, comment, pubPEM, pubSSH, algo) { this.type = type; this.comment = comment; this[SYM_PRIV_PEM] = null; this[SYM_PUB_PEM] = pubPEM; this[SYM_PUB_SSH] = pubSSH; this[SYM_HASH_ALGO] = algo; this[SYM_DECRYPTED] = false; } OpenSSH_Public.prototype = BaseKey; { let regexp; if (eddsaSupported) regexp = /^(((?:ssh-(?:rsa|dss|ed25519))|ecdsa-sha2-nistp(?:256|384|521))(?:-cert-v0[01]@openssh.com)?) ([A-Z0-9a-z/+=]+)(?:$|\s+([\S].*)?)$/; else regexp = /^(((?:ssh-(?:rsa|dss))|ecdsa-sha2-nistp(?:256|384|521))(?:-cert-v0[01]@openssh.com)?) ([A-Z0-9a-z/+=]+)(?:$|\s+([\S].*)?)$/; OpenSSH_Public.parse = (str) => { const m = regexp.exec(str); if (m === null) return null; // m[1] = full type // m[2] = base type // m[3] = base64-encoded public key // m[4] = comment const fullType = m[1]; const baseType = m[2]; const data = Buffer.from(m[3], 'base64'); const comment = (m[4] || ''); const type = readString(data, data._pos, true); if (type === undefined || type.indexOf(baseType) !== 0) return new Error('Malformed OpenSSH public key'); return parseDER(data, baseType, comment, fullType); }; } function RFC4716_Public(type, comment, pubPEM, pubSSH, algo) { this.type = type; this.comment = comment; this[SYM_PRIV_PEM] = null; this[SYM_PUB_PEM] = pubPEM; this[SYM_PUB_SSH] = pubSSH; this[SYM_HASH_ALGO] = algo; this[SYM_DECRYPTED] = false; } RFC4716_Public.prototype = BaseKey; { const regexp = /^---- BEGIN SSH2 PUBLIC KEY ----(?:\r?\n)((?:.{0,72}\r?\n)+)---- END SSH2 PUBLIC KEY ----$/; const RE_DATA = /^[A-Z0-9a-z/+=\r\n]+$/; const RE_HEADER = /^([\x21-\x39\x3B-\x7E]{1,64}): ((?:[^\\]*\\\r?\n)*[^\r\n]+)\r?\n/gm; const RE_HEADER_ENDS = /\\\r?\n/g; RFC4716_Public.parse = (str) => { let m = regexp.exec(str); if (m === null) return null; const body = m[1]; let dataStart = 0; let comment = ''; while (m = RE_HEADER.exec(body)) { const headerName = m[1]; const headerValue = m[2].replace(RE_HEADER_ENDS, ''); if (headerValue.length > 1024) { RE_HEADER.lastIndex = 0; return new Error('Malformed RFC4716 public key'); } dataStart = RE_HEADER.lastIndex; if (headerName.toLowerCase() === 'comment') { comment = headerValue; if (comment.length > 1 && comment.charCodeAt(0) === 34/* '"' */ && comment.charCodeAt(comment.length - 1) === 34/* '"' */) { comment = comment.slice(1, -1); } } } let data = body.slice(dataStart); if (!RE_DATA.test(data)) return new Error('Malformed RFC4716 public key'); data = Buffer.from(data, 'base64'); const type = readString(data, 0, true); if (type === undefined) return new Error('Malformed RFC4716 public key'); let pubPEM = null; let pubSSH = null; switch (type) { case 'ssh-rsa': { const e = readString(data, data._pos); if (e === undefined) return new Error('Malformed RFC4716 public key'); const n = readString(data, data._pos); if (n === undefined) return new Error('Malformed RFC4716 public key'); pubPEM = genOpenSSLRSAPub(n, e); pubSSH = genOpenSSHRSAPub(n, e); break; } case 'ssh-dss': { const p = readString(data, data._pos); if (p === undefined) return new Error('Malformed RFC4716 public key'); const q = readString(data, data._pos); if (q === undefined) return new Error('Malformed RFC4716 public key'); const g = readString(data, data._pos); if (g === undefined) return new Error('Malformed RFC4716 public key'); const y = readString(data, data._pos); if (y === undefined) return new Error('Malformed RFC4716 public key'); pubPEM = genOpenSSLDSAPub(p, q, g, y); pubSSH = genOpenSSHDSAPub(p, q, g, y); break; } default: return new Error('Malformed RFC4716 public key'); } return new RFC4716_Public(type, comment, pubPEM, pubSSH, 'sha1'); }; } function parseDER(data, baseType, comment, fullType) { if (!isSupportedKeyType(baseType)) return new Error(`Unsupported OpenSSH public key type: ${baseType}`); let algo; let oid; let pubPEM = null; let pubSSH = null; switch (baseType) { case 'ssh-rsa': { const e = readString(data, data._pos || 0); if (e === undefined) return new Error('Malformed OpenSSH public key'); const n = readString(data, data._pos); if (n === undefined) return new Error('Malformed OpenSSH public key'); pubPEM = genOpenSSLRSAPub(n, e); pubSSH = genOpenSSHRSAPub(n, e); algo = 'sha1'; break; } case 'ssh-dss': { const p = readString(data, data._pos || 0); if (p === undefined) return new Error('Malformed OpenSSH public key'); const q = readString(data, data._pos); if (q === undefined) return new Error('Malformed OpenSSH public key'); const g = readString(data, data._pos); if (g === undefined) return new Error('Malformed OpenSSH public key'); const y = readString(data, data._pos); if (y === undefined) return new Error('Malformed OpenSSH public key'); pubPEM = genOpenSSLDSAPub(p, q, g, y); pubSSH = genOpenSSHDSAPub(p, q, g, y); algo = 'sha1'; break; } case 'ssh-ed25519': { const edpub = readString(data, data._pos || 0); if (edpub === undefined || edpub.length !== 32) return new Error('Malformed OpenSSH public key'); pubPEM = genOpenSSLEdPub(edpub); pubSSH = genOpenSSHEdPub(edpub); algo = null; break; } case 'ecdsa-sha2-nistp256': algo = 'sha256'; oid = '1.2.840.10045.3.1.7'; // FALLTHROUGH case 'ecdsa-sha2-nistp384': if (algo === undefined) { algo = 'sha384'; oid = '1.3.132.0.34'; } // FALLTHROUGH case 'ecdsa-sha2-nistp521': { if (algo === undefined) { algo = 'sha512'; oid = '1.3.132.0.35'; } // TODO: validate curve name against type if (!skipFields(data, 1)) // Skip curve name return new Error('Malformed OpenSSH public key'); const ecpub = readString(data, data._pos || 0); if (ecpub === undefined) return new Error('Malformed OpenSSH public key'); pubPEM = genOpenSSLECDSAPub(oid, ecpub); pubSSH = genOpenSSHECDSAPub(oid, ecpub); break; } default: return new Error(`Unsupported OpenSSH public key type: ${baseType}`); } return new OpenSSH_Public(fullType, comment, pubPEM, pubSSH, algo); } function isSupportedKeyType(type) { switch (type) { case 'ssh-rsa': case 'ssh-dss': case 'ecdsa-sha2-nistp256': case 'ecdsa-sha2-nistp384': case 'ecdsa-sha2-nistp521': return true; case 'ssh-ed25519': if (eddsaSupported) return true; // FALLTHROUGH default: return false; } } function isParsedKey(val) { if (!val) return false; return (typeof val[SYM_DECRYPTED] === 'boolean'); } function parseKey(data, passphrase) { if (isParsedKey(data)) return data; let origBuffer; if (Buffer.isBuffer(data)) { origBuffer = data; data = data.utf8Slice(0, data.length).trim(); } else if (typeof data === 'string') { data = data.trim(); } else { return new Error('Key data must be a Buffer or string'); } // eslint-disable-next-line eqeqeq if (passphrase != undefined) { if (typeof passphrase === 'string') passphrase = Buffer.from(passphrase); else if (!Buffer.isBuffer(passphrase)) return new Error('Passphrase must be a string or Buffer when supplied'); } let ret; // First try as printable string format (e.g. PEM) // Private keys if ((ret = OpenSSH_Private.parse(data, passphrase)) !== null) return ret; if ((ret = OpenSSH_Old_Private.parse(data, passphrase)) !== null) return ret; if ((ret = PPK_Private.parse(data, passphrase)) !== null) return ret; // Public keys if ((ret = OpenSSH_Public.parse(data)) !== null) return ret; if ((ret = RFC4716_Public.parse(data)) !== null) return ret; // Finally try as a binary format if we were originally passed binary data if (origBuffer) { binaryKeyParser.init(origBuffer, 0); const type = binaryKeyParser.readString(true); if (type !== undefined) { data = binaryKeyParser.readRaw(); if (data !== undefined) { ret = parseDER(data, type, '', type); // Ignore potentially useless errors in case the data was not actually // in the binary format if (ret instanceof Error) ret = null; } } binaryKeyParser.clear(); } if (ret) return ret; return new Error('Unsupported key format'); } module.exports = { isParsedKey, isSupportedKeyType, parseDERKey: (data, type) => parseDER(data, type, '', type), parseKey, }; /***/ }), /***/ 7609: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; const assert = __nccwpck_require__(2357); const { inspect } = __nccwpck_require__(1669); // Only use this for integers! Decimal numbers do not work with this function. function addNumericalSeparator(val) { let res = ''; let i = val.length; const start = val[0] === '-' ? 1 : 0; for (; i >= start + 4; i -= 3) res = `_${val.slice(i - 3, i)}${res}`; return `${val.slice(0, i)}${res}`; } function oneOf(expected, thing) { assert(typeof thing === 'string', '`thing` has to be of type string'); if (Array.isArray(expected)) { const len = expected.length; assert(len > 0, 'At least one expected value needs to be specified'); expected = expected.map((i) => String(i)); if (len > 2) { return `one of ${thing} ${expected.slice(0, len - 1).join(', ')}, or ` + expected[len - 1]; } else if (len === 2) { return `one of ${thing} ${expected[0]} or ${expected[1]}`; } return `of ${thing} ${expected[0]}`; } return `of ${thing} ${String(expected)}`; } exports.ERR_INTERNAL_ASSERTION = class ERR_INTERNAL_ASSERTION extends Error { constructor(message) { super(); Error.captureStackTrace(this, ERR_INTERNAL_ASSERTION); const suffix = 'This is caused by either a bug in ssh2 ' + 'or incorrect usage of ssh2 internals.\n' + 'Please open an issue with this stack trace at ' + 'https://github.com/mscdex/ssh2/issues\n'; this.message = (message === undefined ? suffix : `${message}\n${suffix}`); } }; const MAX_32BIT_INT = 2 ** 32; const MAX_32BIT_BIGINT = (() => { try { return new Function('return 2n ** 32n')(); } catch {} })(); exports.ERR_OUT_OF_RANGE = class ERR_OUT_OF_RANGE extends RangeError { constructor(str, range, input, replaceDefaultBoolean) { super(); Error.captureStackTrace(this, ERR_OUT_OF_RANGE); assert(range, 'Missing "range" argument'); let msg = (replaceDefaultBoolean ? str : `The value of "${str}" is out of range.`); let received; if (Number.isInteger(input) && Math.abs(input) > MAX_32BIT_INT) { received = addNumericalSeparator(String(input)); } else if (typeof input === 'bigint') { received = String(input); if (input > MAX_32BIT_BIGINT || input < -MAX_32BIT_BIGINT) received = addNumericalSeparator(received); received += 'n'; } else { received = inspect(input); } msg += ` It must be ${range}. Received ${received}`; this.message = msg; } }; class ERR_INVALID_ARG_TYPE extends TypeError { constructor(name, expected, actual) { super(); Error.captureStackTrace(this, ERR_INVALID_ARG_TYPE); assert(typeof name === 'string', `'name' must be a string`); // determiner: 'must be' or 'must not be' let determiner; if (typeof expected === 'string' && expected.startsWith('not ')) { determiner = 'must not be'; expected = expected.replace(/^not /, ''); } else { determiner = 'must be'; } let msg; if (name.endsWith(' argument')) { // For cases like 'first argument' msg = `The ${name} ${determiner} ${oneOf(expected, 'type')}`; } else { const type = (name.includes('.') ? 'property' : 'argument'); msg = `The "${name}" ${type} ${determiner} ${oneOf(expected, 'type')}`; } msg += `. Received type ${typeof actual}`; this.message = msg; } } exports.ERR_INVALID_ARG_TYPE = ERR_INVALID_ARG_TYPE; exports.validateNumber = function validateNumber(value, name) { if (typeof value !== 'number') throw new ERR_INVALID_ARG_TYPE(name, 'number', value); }; /***/ }), /***/ 9475: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const Ber = __nccwpck_require__(970).Ber; let DISCONNECT_REASON; const FastBuffer = Buffer[Symbol.species]; const TypedArrayFill = Object.getPrototypeOf(Uint8Array.prototype).fill; function readUInt32BE(buf, offset) { return (buf[offset++] * 16777216) + (buf[offset++] * 65536) + (buf[offset++] * 256) + buf[offset]; } function bufferCopy(src, dest, srcStart, srcEnd, destStart) { if (!destStart) destStart = 0; if (srcEnd > src.length) srcEnd = src.length; let nb = srcEnd - srcStart; const destLeft = (dest.length - destStart); if (nb > destLeft) nb = destLeft; dest.set(new Uint8Array(src.buffer, src.byteOffset + srcStart, nb), destStart); return nb; } function bufferSlice(buf, start, end) { if (end === undefined) end = buf.length; return new FastBuffer(buf.buffer, buf.byteOffset + start, end - start); } function makeBufferParser() { let pos = 0; let buffer; const self = { init: (buf, start) => { buffer = buf; pos = (typeof start === 'number' ? start : 0); }, pos: () => pos, length: () => (buffer ? buffer.length : 0), avail: () => (buffer && pos < buffer.length ? buffer.length - pos : 0), clear: () => { buffer = undefined; }, readUInt32BE: () => { if (!buffer || pos + 3 >= buffer.length) return; return (buffer[pos++] * 16777216) + (buffer[pos++] * 65536) + (buffer[pos++] * 256) + buffer[pos++]; }, readUInt64BE: (behavior) => { if (!buffer || pos + 7 >= buffer.length) return; switch (behavior) { case 'always': return BigInt(`0x${buffer.hexSlice(pos, pos += 8)}`); case 'maybe': if (buffer[pos] > 0x1F) return BigInt(`0x${buffer.hexSlice(pos, pos += 8)}`); // FALLTHROUGH default: return (buffer[pos++] * 72057594037927940) + (buffer[pos++] * 281474976710656) + (buffer[pos++] * 1099511627776) + (buffer[pos++] * 4294967296) + (buffer[pos++] * 16777216) + (buffer[pos++] * 65536) + (buffer[pos++] * 256) + buffer[pos++]; } }, skip: (n) => { if (buffer && n > 0) pos += n; }, skipString: () => { const len = self.readUInt32BE(); if (len === undefined) return; pos += len; return (pos <= buffer.length ? len : undefined); }, readByte: () => { if (buffer && pos < buffer.length) return buffer[pos++]; }, readBool: () => { if (buffer && pos < buffer.length) return !!buffer[pos++]; }, readList: () => { const list = self.readString(true); if (list === undefined) return; return (list ? list.split(',') : []); }, readString: (dest, maxLen) => { if (typeof dest === 'number') { maxLen = dest; dest = undefined; } const len = self.readUInt32BE(); if (len === undefined) return; if ((buffer.length - pos) < len || (typeof maxLen === 'number' && len > maxLen)) { return; } if (dest) { if (Buffer.isBuffer(dest)) return bufferCopy(buffer, dest, pos, pos += len); return buffer.utf8Slice(pos, pos += len); } return bufferSlice(buffer, pos, pos += len); }, readRaw: (len) => { if (!buffer) return; if (typeof len !== 'number') return bufferSlice(buffer, pos, pos += (buffer.length - pos)); if ((buffer.length - pos) >= len) return bufferSlice(buffer, pos, pos += len); }, }; return self; } function makeError(msg, level, fatal) { const err = new Error(msg); if (typeof level === 'boolean') { fatal = level; err.level = 'protocol'; } else { err.level = level || 'protocol'; } err.fatal = !!fatal; return err; } function writeUInt32BE(buf, value, offset) { buf[offset++] = (value >>> 24); buf[offset++] = (value >>> 16); buf[offset++] = (value >>> 8); buf[offset++] = value; return offset; } const utilBufferParser = makeBufferParser(); module.exports = { bufferCopy, bufferSlice, FastBuffer, bufferFill: (buf, value, start, end) => { return TypedArrayFill.call(buf, value, start, end); }, makeError, doFatalError: (protocol, msg, level, reason) => { let err; if (DISCONNECT_REASON === undefined) ({ DISCONNECT_REASON } = __nccwpck_require__(9475)); if (msg instanceof Error) { // doFatalError(protocol, err[, reason]) err = msg; if (typeof level !== 'number') reason = DISCONNECT_REASON.PROTOCOL_ERROR; else reason = level; } else { // doFatalError(protocol, msg[, level[, reason]]) err = makeError(msg, level, true); } if (typeof reason !== 'number') reason = DISCONNECT_REASON.PROTOCOL_ERROR; protocol.disconnect(reason); protocol._destruct(); protocol._onError(err); return Infinity; }, readUInt32BE, writeUInt32BE, writeUInt32LE: (buf, value, offset) => { buf[offset++] = value; buf[offset++] = (value >>> 8); buf[offset++] = (value >>> 16); buf[offset++] = (value >>> 24); return offset; }, makeBufferParser, bufferParser: makeBufferParser(), readString: (buffer, start, dest, maxLen) => { if (typeof dest === 'number') { maxLen = dest; dest = undefined; } if (start === undefined) start = 0; const left = (buffer.length - start); if (start < 0 || start >= buffer.length || left < 4) return; const len = readUInt32BE(buffer, start); if (left < (4 + len) || (typeof maxLen === 'number' && len > maxLen)) return; start += 4; const end = start + len; buffer._pos = end; if (dest) { if (Buffer.isBuffer(dest)) return bufferCopy(buffer, dest, start, end); return buffer.utf8Slice(start, end); } return bufferSlice(buffer, start, end); }, sigSSHToASN1: (sig, type) => { switch (type) { case 'ssh-dss': { if (sig.length > 40) return sig; // Change bare signature r and s values to ASN.1 BER values for OpenSSL const asnWriter = new Ber.Writer(); asnWriter.startSequence(); let r = sig.slice(0, 20); let s = sig.slice(20); if (r[0] & 0x80) { const rNew = Buffer.allocUnsafe(21); rNew[0] = 0x00; r.copy(rNew, 1); r = rNew; } else if (r[0] === 0x00 && !(r[1] & 0x80)) { r = r.slice(1); } if (s[0] & 0x80) { const sNew = Buffer.allocUnsafe(21); sNew[0] = 0x00; s.copy(sNew, 1); s = sNew; } else if (s[0] === 0x00 && !(s[1] & 0x80)) { s = s.slice(1); } asnWriter.writeBuffer(r, Ber.Integer); asnWriter.writeBuffer(s, Ber.Integer); asnWriter.endSequence(); return asnWriter.buffer; } case 'ecdsa-sha2-nistp256': case 'ecdsa-sha2-nistp384': case 'ecdsa-sha2-nistp521': { utilBufferParser.init(sig, 0); const r = utilBufferParser.readString(); const s = utilBufferParser.readString(); utilBufferParser.clear(); if (r === undefined || s === undefined) return; const asnWriter = new Ber.Writer(); asnWriter.startSequence(); asnWriter.writeBuffer(r, Ber.Integer); asnWriter.writeBuffer(s, Ber.Integer); asnWriter.endSequence(); return asnWriter.buffer; } default: return sig; } }, convertSignature: (signature, keyType) => { switch (keyType) { case 'ssh-dss': { if (signature.length <= 40) return signature; // This is a quick and dirty way to get from BER encoded r and s that // OpenSSL gives us, to just the bare values back to back (40 bytes // total) like OpenSSH (and possibly others) are expecting const asnReader = new Ber.Reader(signature); asnReader.readSequence(); let r = asnReader.readString(Ber.Integer, true); let s = asnReader.readString(Ber.Integer, true); let rOffset = 0; let sOffset = 0; if (r.length < 20) { const rNew = Buffer.allocUnsafe(20); rNew.set(r, 1); r = rNew; r[0] = 0; } if (s.length < 20) { const sNew = Buffer.allocUnsafe(20); sNew.set(s, 1); s = sNew; s[0] = 0; } if (r.length > 20 && r[0] === 0) rOffset = 1; if (s.length > 20 && s[0] === 0) sOffset = 1; const newSig = Buffer.allocUnsafe((r.length - rOffset) + (s.length - sOffset)); bufferCopy(r, newSig, rOffset, r.length, 0); bufferCopy(s, newSig, sOffset, s.length, r.length - rOffset); return newSig; } case 'ecdsa-sha2-nistp256': case 'ecdsa-sha2-nistp384': case 'ecdsa-sha2-nistp521': { if (signature[0] === 0) return signature; // Convert SSH signature parameters to ASN.1 BER values for OpenSSL const asnReader = new Ber.Reader(signature); asnReader.readSequence(); const r = asnReader.readString(Ber.Integer, true); const s = asnReader.readString(Ber.Integer, true); if (r === null || s === null) return; const newSig = Buffer.allocUnsafe(4 + r.length + 4 + s.length); writeUInt32BE(newSig, r.length, 0); newSig.set(r, 4); writeUInt32BE(newSig, s.length, 4 + r.length); newSig.set(s, 4 + 4 + r.length); return newSig; } } return signature; }, sendPacket: (proto, packet, bypass) => { if (!bypass && proto._kexinit !== undefined) { // We're currently in the middle of a handshake if (proto._queue === undefined) proto._queue = []; proto._queue.push(packet); proto._debug && proto._debug('Outbound: ... packet queued'); return false; } proto._cipher.encrypt(packet); return true; }, }; /***/ }), /***/ 6715: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const { kMaxLength } = __nccwpck_require__(4293); const { createInflate, constants: { DEFLATE, INFLATE, Z_DEFAULT_CHUNK, Z_DEFAULT_COMPRESSION, Z_DEFAULT_MEMLEVEL, Z_DEFAULT_STRATEGY, Z_DEFAULT_WINDOWBITS, Z_PARTIAL_FLUSH, } } = __nccwpck_require__(8761); const ZlibHandle = createInflate()._handle.constructor; function processCallback() { throw new Error('Should not get here'); } function zlibOnError(message, errno, code) { const self = this._owner; // There is no way to cleanly recover. // Continuing only obscures problems. const error = new Error(message); error.errno = errno; error.code = code; self._err = error; } function _close(engine) { // Caller may invoke .close after a zlib error (which will null _handle). if (!engine._handle) return; engine._handle.close(); engine._handle = null; } class Zlib { constructor(mode) { const windowBits = Z_DEFAULT_WINDOWBITS; const level = Z_DEFAULT_COMPRESSION; const memLevel = Z_DEFAULT_MEMLEVEL; const strategy = Z_DEFAULT_STRATEGY; const dictionary = undefined; this._err = undefined; this._writeState = new Uint32Array(2); this._chunkSize = Z_DEFAULT_CHUNK; this._maxOutputLength = kMaxLength; this._outBuffer = Buffer.allocUnsafe(this._chunkSize); this._outOffset = 0; this._handle = new ZlibHandle(mode); this._handle._owner = this; this._handle.onerror = zlibOnError; this._handle.init(windowBits, level, memLevel, strategy, this._writeState, processCallback, dictionary); } writeSync(chunk, retChunks) { const handle = this._handle; if (!handle) throw new Error('Invalid Zlib instance'); let availInBefore = chunk.length; let availOutBefore = this._chunkSize - this._outOffset; let inOff = 0; let availOutAfter; let availInAfter; let buffers; let nread = 0; const state = this._writeState; let buffer = this._outBuffer; let offset = this._outOffset; const chunkSize = this._chunkSize; while (true) { handle.writeSync(Z_PARTIAL_FLUSH, chunk, // in inOff, // in_off availInBefore, // in_len buffer, // out offset, // out_off availOutBefore); // out_len if (this._err) throw this._err; availOutAfter = state[0]; availInAfter = state[1]; const inDelta = availInBefore - availInAfter; const have = availOutBefore - availOutAfter; if (have > 0) { const out = (offset === 0 && have === buffer.length ? buffer : buffer.slice(offset, offset + have)); offset += have; if (!buffers) buffers = out; else if (buffers.push === undefined) buffers = [buffers, out]; else buffers.push(out); nread += out.byteLength; if (nread > this._maxOutputLength) { _close(this); throw new Error( `Output length exceeded maximum of ${this._maxOutputLength}` ); } } else if (have !== 0) { throw new Error('have should not go down'); } // Exhausted the output buffer, or used all the input create a new one. if (availOutAfter === 0 || offset >= chunkSize) { availOutBefore = chunkSize; offset = 0; buffer = Buffer.allocUnsafe(chunkSize); } if (availOutAfter === 0) { // Not actually done. Need to reprocess. // Also, update the availInBefore to the availInAfter value, // so that if we have to hit it a third (fourth, etc.) time, // it'll have the correct byte counts. inOff += inDelta; availInBefore = availInAfter; } else { break; } } this._outBuffer = buffer; this._outOffset = offset; if (nread === 0) buffers = Buffer.alloc(0); if (retChunks) { buffers.totalLen = nread; return buffers; } if (buffers.push === undefined) return buffers; const output = Buffer.allocUnsafe(nread); for (let i = 0, p = 0; i < buffers.length; ++i) { const buf = buffers[i]; output.set(buf, p); p += buf.length; } return output; } } class ZlibPacketWriter { constructor(protocol) { this.allocStart = 0; this.allocStartKEX = 0; this._protocol = protocol; this._zlib = new Zlib(DEFLATE); } cleanup() { if (this._zlib) _close(this._zlib); } alloc(payloadSize, force) { return Buffer.allocUnsafe(payloadSize); } finalize(payload, force) { if (this._protocol._kexinit === undefined || force) { const output = this._zlib.writeSync(payload, true); const packet = this._protocol._cipher.allocPacket(output.totalLen); if (output.push === undefined) { packet.set(output, 5); } else { for (let i = 0, p = 5; i < output.length; ++i) { const chunk = output[i]; packet.set(chunk, p); p += chunk.length; } } return packet; } return payload; } } class PacketWriter { constructor(protocol) { this.allocStart = 5; this.allocStartKEX = 5; this._protocol = protocol; } cleanup() {} alloc(payloadSize, force) { if (this._protocol._kexinit === undefined || force) return this._protocol._cipher.allocPacket(payloadSize); return Buffer.allocUnsafe(payloadSize); } finalize(packet, force) { return packet; } } class ZlibPacketReader { constructor() { this._zlib = new Zlib(INFLATE); } cleanup() { if (this._zlib) _close(this._zlib); } read(data) { return this._zlib.writeSync(data, false); } } class PacketReader { cleanup() {} read(data) { return data; } } module.exports = { PacketReader, PacketWriter, ZlibPacketReader, ZlibPacketWriter, }; /***/ }), /***/ 2986: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; // TODO: // * convert listenerCount() usage to emit() return value checking? // * emit error when connection severed early (e.g. before handshake) // * add '.connected' or similar property to connection objects to allow // immediate connection status checking const { Server: netServer } = __nccwpck_require__(1631); const EventEmitter = __nccwpck_require__(8614); const { listenerCount } = EventEmitter; const { CHANNEL_OPEN_FAILURE, DEFAULT_CIPHER, DEFAULT_COMPRESSION, DEFAULT_KEX, DEFAULT_MAC, DEFAULT_SERVER_HOST_KEY, DISCONNECT_REASON, DISCONNECT_REASON_BY_VALUE, SUPPORTED_CIPHER, SUPPORTED_COMPRESSION, SUPPORTED_KEX, SUPPORTED_MAC, SUPPORTED_SERVER_HOST_KEY, } = __nccwpck_require__(6832); const { init: cryptoInit } = __nccwpck_require__(5708); const { KexInit } = __nccwpck_require__(4126); const { parseKey } = __nccwpck_require__(2218); const Protocol = __nccwpck_require__(9031); const { SFTP } = __nccwpck_require__(2026); const { writeUInt32BE } = __nccwpck_require__(9475); const { Channel, MAX_WINDOW, PACKET_SIZE, windowAdjust, WINDOW_THRESHOLD, } = __nccwpck_require__(3204); const { ChannelManager, generateAlgorithmList, isWritable, onChannelOpenFailure, onCHANNEL_CLOSE, } = __nccwpck_require__(834); const MAX_PENDING_AUTHS = 10; class AuthContext extends EventEmitter { constructor(protocol, username, service, method, cb) { super(); this.username = this.user = username; this.service = service; this.method = method; this._initialResponse = false; this._finalResponse = false; this._multistep = false; this._cbfinal = (allowed, methodsLeft, isPartial) => { if (!this._finalResponse) { this._finalResponse = true; cb(this, allowed, methodsLeft, isPartial); } }; this._protocol = protocol; } accept() { this._cleanup && this._cleanup(); this._initialResponse = true; this._cbfinal(true); } reject(methodsLeft, isPartial) { this._cleanup && this._cleanup(); this._initialResponse = true; this._cbfinal(false, methodsLeft, isPartial); } } class KeyboardAuthContext extends AuthContext { constructor(protocol, username, service, method, submethods, cb) { super(protocol, username, service, method, cb); this._multistep = true; this._cb = undefined; this._onInfoResponse = (responses) => { const callback = this._cb; if (callback) { this._cb = undefined; callback(responses); } }; this.submethods = submethods; this.on('abort', () => { this._cb && this._cb(new Error('Authentication request aborted')); }); } prompt(prompts, title, instructions, cb) { if (!Array.isArray(prompts)) prompts = [ prompts ]; if (typeof title === 'function') { cb = title; title = instructions = undefined; } else if (typeof instructions === 'function') { cb = instructions; instructions = undefined; } else if (typeof cb !== 'function') { cb = undefined; } for (let i = 0; i < prompts.length; ++i) { if (typeof prompts[i] === 'string') { prompts[i] = { prompt: prompts[i], echo: true }; } } this._cb = cb; this._initialResponse = true; this._protocol.authInfoReq(title, instructions, prompts); } } class PKAuthContext extends AuthContext { constructor(protocol, username, service, method, pkInfo, cb) { super(protocol, username, service, method, cb); this.key = { algo: pkInfo.keyAlgo, data: pkInfo.key }; this.signature = pkInfo.signature; this.blob = pkInfo.blob; } accept() { if (!this.signature) { this._initialResponse = true; this._protocol.authPKOK(this.key.algo, this.key.data); } else { AuthContext.prototype.accept.call(this); } } } class HostbasedAuthContext extends AuthContext { constructor(protocol, username, service, method, pkInfo, cb) { super(protocol, username, service, method, cb); this.key = { algo: pkInfo.keyAlgo, data: pkInfo.key }; this.signature = pkInfo.signature; this.blob = pkInfo.blob; this.localHostname = pkInfo.localHostname; this.localUsername = pkInfo.localUsername; } } class PwdAuthContext extends AuthContext { constructor(protocol, username, service, method, password, cb) { super(protocol, username, service, method, cb); this.password = password; this._changeCb = undefined; } requestChange(prompt, cb) { if (this._changeCb) throw new Error('Change request already in progress'); if (typeof prompt !== 'string') throw new Error('prompt argument must be a string'); if (typeof cb !== 'function') throw new Error('Callback argument must be a function'); this._changeCb = cb; this._protocol.authPasswdChg(prompt); } } class Session extends EventEmitter { constructor(client, info, localChan) { super(); this.type = 'session'; this.subtype = undefined; this.server = true; this._ending = false; this._channel = undefined; this._chanInfo = { type: 'session', incoming: { id: localChan, window: MAX_WINDOW, packetSize: PACKET_SIZE, state: 'open' }, outgoing: { id: info.sender, window: info.window, packetSize: info.packetSize, state: 'open' } }; } } class Server extends EventEmitter { constructor(cfg, listener) { super(); if (typeof cfg !== 'object' || cfg === null) throw new Error('Missing configuration object'); const hostKeys = Object.create(null); const hostKeyAlgoOrder = []; const hostKeys_ = cfg.hostKeys; if (!Array.isArray(hostKeys_)) throw new Error('hostKeys must be an array'); const cfgAlgos = ( typeof cfg.algorithms === 'object' && cfg.algorithms !== null ? cfg.algorithms : {} ); const hostKeyAlgos = generateAlgorithmList( cfgAlgos.serverHostKey, DEFAULT_SERVER_HOST_KEY, SUPPORTED_SERVER_HOST_KEY ); for (let i = 0; i < hostKeys_.length; ++i) { let privateKey; if (Buffer.isBuffer(hostKeys_[i]) || typeof hostKeys_[i] === 'string') privateKey = parseKey(hostKeys_[i]); else privateKey = parseKey(hostKeys_[i].key, hostKeys_[i].passphrase); if (privateKey instanceof Error) throw new Error(`Cannot parse privateKey: ${privateKey.message}`); if (Array.isArray(privateKey)) { // OpenSSH's newer format only stores 1 key for now privateKey = privateKey[0]; } if (privateKey.getPrivatePEM() === null) throw new Error('privateKey value contains an invalid private key'); // Discard key if we already found a key of the same type if (hostKeyAlgoOrder.includes(privateKey.type)) continue; if (privateKey.type === 'ssh-rsa') { // SSH supports multiple signature hashing algorithms for RSA, so we add // the algorithms in the desired order let sha1Pos = hostKeyAlgos.indexOf('ssh-rsa'); const sha256Pos = hostKeyAlgos.indexOf('rsa-sha2-256'); const sha512Pos = hostKeyAlgos.indexOf('rsa-sha2-512'); if (sha1Pos === -1) { // Fall back to giving SHA1 the lowest priority sha1Pos = Infinity; } [sha1Pos, sha256Pos, sha512Pos].sort(compareNumbers).forEach((pos) => { if (pos === -1) return; let type; switch (pos) { case sha1Pos: type = 'ssh-rsa'; break; case sha256Pos: type = 'rsa-sha2-256'; break; case sha512Pos: type = 'rsa-sha2-512'; break; default: return; } // Store same RSA key under each hash algorithm name for convenience hostKeys[type] = privateKey; hostKeyAlgoOrder.push(type); }); } else { hostKeys[privateKey.type] = privateKey; hostKeyAlgoOrder.push(privateKey.type); } } const algorithms = { kex: generateAlgorithmList(cfgAlgos.kex, DEFAULT_KEX, SUPPORTED_KEX), serverHostKey: hostKeyAlgoOrder, cs: { cipher: generateAlgorithmList( cfgAlgos.cipher, DEFAULT_CIPHER, SUPPORTED_CIPHER ), mac: generateAlgorithmList(cfgAlgos.hmac, DEFAULT_MAC, SUPPORTED_MAC), compress: generateAlgorithmList( cfgAlgos.compress, DEFAULT_COMPRESSION, SUPPORTED_COMPRESSION ), lang: [], }, sc: undefined, }; algorithms.sc = algorithms.cs; if (typeof listener === 'function') this.on('connection', listener); const origDebug = (typeof cfg.debug === 'function' ? cfg.debug : undefined); const ident = (cfg.ident ? Buffer.from(cfg.ident) : undefined); const offer = new KexInit(algorithms); this._srv = new netServer((socket) => { if (this._connections >= this.maxConnections) { socket.destroy(); return; } ++this._connections; socket.once('close', () => { --this._connections; }); let debug; if (origDebug) { // Prepend debug output with a unique identifier in case there are // multiple clients connected at the same time const debugPrefix = `[${process.hrtime().join('.')}] `; debug = (msg) => { origDebug(`${debugPrefix}${msg}`); }; } // eslint-disable-next-line no-use-before-define new Client(socket, hostKeys, ident, offer, debug, this, cfg); }).on('error', (err) => { this.emit('error', err); }).on('listening', () => { this.emit('listening'); }).on('close', () => { this.emit('close'); }); this._connections = 0; this.maxConnections = Infinity; } injectSocket(socket) { this._srv.emit('connection', socket); } listen(...args) { this._srv.listen(...args); return this; } address() { return this._srv.address(); } getConnections(cb) { this._srv.getConnections(cb); return this; } close(cb) { this._srv.close(cb); return this; } ref() { this._srv.ref(); return this; } unref() { this._srv.unref(); return this; } } Server.KEEPALIVE_CLIENT_INTERVAL = 15000; Server.KEEPALIVE_CLIENT_COUNT_MAX = 3; class Client extends EventEmitter { constructor(socket, hostKeys, ident, offer, debug, server, srvCfg) { super(); let exchanges = 0; let acceptedAuthSvc = false; let pendingAuths = []; let authCtx; let kaTimer; let onPacket; const unsentGlobalRequestsReplies = []; this._sock = socket; this._chanMgr = new ChannelManager(this); this._debug = debug; this.noMoreSessions = false; this.authenticated = false; // Silence pre-header errors function onClientPreHeaderError(err) {} this.on('error', onClientPreHeaderError); const DEBUG_HANDLER = (!debug ? undefined : (p, display, msg) => { debug(`Debug output from client: ${JSON.stringify(msg)}`); }); const kaIntvl = ( typeof srvCfg.keepaliveInterval === 'number' && isFinite(srvCfg.keepaliveInterval) && srvCfg.keepaliveInterval > 0 ? srvCfg.keepaliveInterval : ( typeof Server.KEEPALIVE_CLIENT_INTERVAL === 'number' && isFinite(Server.KEEPALIVE_CLIENT_INTERVAL) && Server.KEEPALIVE_CLIENT_INTERVAL > 0 ? Server.KEEPALIVE_CLIENT_INTERVAL : -1 ) ); const kaCountMax = ( typeof srvCfg.keepaliveCountMax === 'number' && isFinite(srvCfg.keepaliveCountMax) && srvCfg.keepaliveCountMax >= 0 ? srvCfg.keepaliveCountMax : ( typeof Server.KEEPALIVE_CLIENT_COUNT_MAX === 'number' && isFinite(Server.KEEPALIVE_CLIENT_COUNT_MAX) && Server.KEEPALIVE_CLIENT_COUNT_MAX >= 0 ? Server.KEEPALIVE_CLIENT_COUNT_MAX : -1 ) ); let kaCurCount = 0; if (kaIntvl !== -1 && kaCountMax !== -1) { this.once('ready', () => { const onClose = () => { clearInterval(kaTimer); }; this.on('close', onClose).on('end', onClose); kaTimer = setInterval(() => { if (++kaCurCount > kaCountMax) { clearInterval(kaTimer); const err = new Error('Keepalive timeout'); err.level = 'client-timeout'; this.emit('error', err); this.end(); } else { // XXX: if the server ever starts sending real global requests to // the client, we will need to add a dummy callback here to // keep the correct reply order proto.ping(); } }, kaIntvl); }); // TODO: re-verify keepalive behavior with OpenSSH onPacket = () => { kaTimer && kaTimer.refresh(); kaCurCount = 0; }; } const proto = this._protocol = new Protocol({ server: true, hostKeys, ident, offer, onPacket, greeting: srvCfg.greeting, banner: srvCfg.banner, onWrite: (data) => { if (isWritable(socket)) socket.write(data); }, onError: (err) => { if (!proto._destruct) socket.removeAllListeners('data'); this.emit('error', err); try { socket.end(); } catch {} }, onHeader: (header) => { this.removeListener('error', onClientPreHeaderError); const info = { ip: socket.remoteAddress, family: socket.remoteFamily, port: socket.remotePort, header, }; if (!server.emit('connection', this, info)) { // auto reject proto.disconnect(DISCONNECT_REASON.BY_APPLICATION); socket.end(); return; } if (header.greeting) this.emit('greeting', header.greeting); }, onHandshakeComplete: (negotiated) => { if (++exchanges > 1) this.emit('rekey'); this.emit('handshake', negotiated); }, debug, messageHandlers: { DEBUG: DEBUG_HANDLER, DISCONNECT: (p, reason, desc) => { if (reason !== DISCONNECT_REASON.BY_APPLICATION) { if (!desc) { desc = DISCONNECT_REASON_BY_VALUE[reason]; if (desc === undefined) desc = `Unexpected disconnection reason: ${reason}`; } const err = new Error(desc); err.code = reason; this.emit('error', err); } socket.end(); }, CHANNEL_OPEN: (p, info) => { // Handle incoming requests from client // Do early reject in some cases to prevent wasteful channel // allocation if ((info.type === 'session' && this.noMoreSessions) || !this.authenticated) { const reasonCode = CHANNEL_OPEN_FAILURE.ADMINISTRATIVELY_PROHIBITED; return proto.channelOpenFail(info.sender, reasonCode); } let localChan = -1; let reason; let replied = false; let accept; const reject = () => { if (replied) return; replied = true; if (reason === undefined) { if (localChan === -1) reason = CHANNEL_OPEN_FAILURE.RESOURCE_SHORTAGE; else reason = CHANNEL_OPEN_FAILURE.CONNECT_FAILED; } if (localChan !== -1) this._chanMgr.remove(localChan); proto.channelOpenFail(info.sender, reason, ''); }; const reserveChannel = () => { localChan = this._chanMgr.add(); if (localChan === -1) { reason = CHANNEL_OPEN_FAILURE.RESOURCE_SHORTAGE; if (debug) { debug('Automatic rejection of incoming channel open: ' + 'no channels available'); } } return (localChan !== -1); }; const data = info.data; switch (info.type) { case 'session': if (listenerCount(this, 'session') && reserveChannel()) { accept = () => { if (replied) return; replied = true; const instance = new Session(this, info, localChan); this._chanMgr.update(localChan, instance); proto.channelOpenConfirm(info.sender, localChan, MAX_WINDOW, PACKET_SIZE); return instance; }; this.emit('session', accept, reject); return; } break; case 'direct-tcpip': if (listenerCount(this, 'tcpip') && reserveChannel()) { accept = () => { if (replied) return; replied = true; const chanInfo = { type: undefined, incoming: { id: localChan, window: MAX_WINDOW, packetSize: PACKET_SIZE, state: 'open' }, outgoing: { id: info.sender, window: info.window, packetSize: info.packetSize, state: 'open' } }; const stream = new Channel(this, chanInfo, { server: true }); this._chanMgr.update(localChan, stream); proto.channelOpenConfirm(info.sender, localChan, MAX_WINDOW, PACKET_SIZE); return stream; }; this.emit('tcpip', accept, reject, data); return; } break; case 'direct-streamlocal@openssh.com': if (listenerCount(this, 'openssh.streamlocal') && reserveChannel()) { accept = () => { if (replied) return; replied = true; const chanInfo = { type: undefined, incoming: { id: localChan, window: MAX_WINDOW, packetSize: PACKET_SIZE, state: 'open' }, outgoing: { id: info.sender, window: info.window, packetSize: info.packetSize, state: 'open' } }; const stream = new Channel(this, chanInfo, { server: true }); this._chanMgr.update(localChan, stream); proto.channelOpenConfirm(info.sender, localChan, MAX_WINDOW, PACKET_SIZE); return stream; }; this.emit('openssh.streamlocal', accept, reject, data); return; } break; default: // Automatically reject any unsupported channel open requests reason = CHANNEL_OPEN_FAILURE.UNKNOWN_CHANNEL_TYPE; if (debug) { debug('Automatic rejection of unsupported incoming channel open' + ` type: ${info.type}`); } } if (reason === undefined) { reason = CHANNEL_OPEN_FAILURE.ADMINISTRATIVELY_PROHIBITED; if (debug) { debug('Automatic rejection of unexpected incoming channel open' + ` for: ${info.type}`); } } reject(); }, CHANNEL_OPEN_CONFIRMATION: (p, info) => { const channel = this._chanMgr.get(info.recipient); if (typeof channel !== 'function') return; const chanInfo = { type: channel.type, incoming: { id: info.recipient, window: MAX_WINDOW, packetSize: PACKET_SIZE, state: 'open' }, outgoing: { id: info.sender, window: info.window, packetSize: info.packetSize, state: 'open' } }; const instance = new Channel(this, chanInfo, { server: true }); this._chanMgr.update(info.recipient, instance); channel(undefined, instance); }, CHANNEL_OPEN_FAILURE: (p, recipient, reason, description) => { const channel = this._chanMgr.get(recipient); if (typeof channel !== 'function') return; const info = { reason, description }; onChannelOpenFailure(this, recipient, info, channel); }, CHANNEL_DATA: (p, recipient, data) => { let channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; if (channel.constructor === Session) { channel = channel._channel; if (!channel) return; } // The remote party should not be sending us data if there is no // window space available ... // TODO: raise error on data with not enough window? if (channel.incoming.window === 0) return; channel.incoming.window -= data.length; if (channel.push(data) === false) { channel._waitChanDrain = true; return; } if (channel.incoming.window <= WINDOW_THRESHOLD) windowAdjust(channel); }, CHANNEL_EXTENDED_DATA: (p, recipient, data, type) => { // NOOP -- should not be sent by client }, CHANNEL_WINDOW_ADJUST: (p, recipient, amount) => { let channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; if (channel.constructor === Session) { channel = channel._channel; if (!channel) return; } // The other side is allowing us to send `amount` more bytes of data channel.outgoing.window += amount; if (channel._waitWindow) { channel._waitWindow = false; if (channel._chunk) { channel._write(channel._chunk, null, channel._chunkcb); } else if (channel._chunkcb) { channel._chunkcb(); } else if (channel._chunkErr) { channel.stderr._write(channel._chunkErr, null, channel._chunkcbErr); } else if (channel._chunkcbErr) { channel._chunkcbErr(); } } }, CHANNEL_SUCCESS: (p, recipient) => { let channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; if (channel.constructor === Session) { channel = channel._channel; if (!channel) return; } if (channel._callbacks.length) channel._callbacks.shift()(false); }, CHANNEL_FAILURE: (p, recipient) => { let channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; if (channel.constructor === Session) { channel = channel._channel; if (!channel) return; } if (channel._callbacks.length) channel._callbacks.shift()(true); }, CHANNEL_REQUEST: (p, recipient, type, wantReply, data) => { const session = this._chanMgr.get(recipient); if (typeof session !== 'object' || session === null) return; let replied = false; let accept; let reject; if (session.constructor !== Session) { // normal Channel instance if (wantReply) proto.channelFailure(session.outgoing.id); return; } if (wantReply) { // "real session" requests will have custom accept behaviors if (type !== 'shell' && type !== 'exec' && type !== 'subsystem') { accept = () => { if (replied || session._ending || session._channel) return; replied = true; proto.channelSuccess(session._chanInfo.outgoing.id); }; } reject = () => { if (replied || session._ending || session._channel) return; replied = true; proto.channelFailure(session._chanInfo.outgoing.id); }; } if (session._ending) { reject && reject(); return; } switch (type) { // "pre-real session start" requests case 'env': if (listenerCount(session, 'env')) { session.emit('env', accept, reject, { key: data.name, val: data.value }); return; } break; case 'pty-req': if (listenerCount(session, 'pty')) { session.emit('pty', accept, reject, data); return; } break; case 'window-change': if (listenerCount(session, 'window-change')) session.emit('window-change', accept, reject, data); else reject && reject(); break; case 'x11-req': if (listenerCount(session, 'x11')) { session.emit('x11', accept, reject, data); return; } break; // "post-real session start" requests case 'signal': if (listenerCount(session, 'signal')) { session.emit('signal', accept, reject, { name: data }); return; } break; // XXX: is `auth-agent-req@openssh.com` really "post-real session // start"? case 'auth-agent-req@openssh.com': if (listenerCount(session, 'auth-agent')) { session.emit('auth-agent', accept, reject); return; } break; // "real session start" requests case 'shell': if (listenerCount(session, 'shell')) { accept = () => { if (replied || session._ending || session._channel) return; replied = true; if (wantReply) proto.channelSuccess(session._chanInfo.outgoing.id); const channel = new Channel( this, session._chanInfo, { server: true } ); channel.subtype = session.subtype = type; session._channel = channel; return channel; }; session.emit('shell', accept, reject); return; } break; case 'exec': if (listenerCount(session, 'exec')) { accept = () => { if (replied || session._ending || session._channel) return; replied = true; if (wantReply) proto.channelSuccess(session._chanInfo.outgoing.id); const channel = new Channel( this, session._chanInfo, { server: true } ); channel.subtype = session.subtype = type; session._channel = channel; return channel; }; session.emit('exec', accept, reject, { command: data }); return; } break; case 'subsystem': { let useSFTP = (data === 'sftp'); accept = () => { if (replied || session._ending || session._channel) return; replied = true; if (wantReply) proto.channelSuccess(session._chanInfo.outgoing.id); let instance; if (useSFTP) { instance = new SFTP(this, session._chanInfo, { server: true, debug, }); } else { instance = new Channel( this, session._chanInfo, { server: true } ); instance.subtype = session.subtype = `${type}:${data}`; } session._channel = instance; return instance; }; if (data === 'sftp') { if (listenerCount(session, 'sftp')) { session.emit('sftp', accept, reject); return; } useSFTP = false; } if (listenerCount(session, 'subsystem')) { session.emit('subsystem', accept, reject, { name: data }); return; } break; } } debug && debug( `Automatic rejection of incoming channel request: ${type}` ); reject && reject(); }, CHANNEL_EOF: (p, recipient) => { let channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; if (channel.constructor === Session) { if (!channel._ending) { channel._ending = true; channel.emit('eof'); channel.emit('end'); } channel = channel._channel; if (!channel) return; } if (channel.incoming.state !== 'open') return; channel.incoming.state = 'eof'; if (channel.readable) channel.push(null); }, CHANNEL_CLOSE: (p, recipient) => { let channel = this._chanMgr.get(recipient); if (typeof channel !== 'object' || channel === null) return; if (channel.constructor === Session) { channel._ending = true; channel.emit('close'); channel = channel._channel; if (!channel) return; } onCHANNEL_CLOSE(this, recipient, channel); }, // Begin service/auth-related ========================================== SERVICE_REQUEST: (p, service) => { if (exchanges === 0 || acceptedAuthSvc || this.authenticated || service !== 'ssh-userauth') { proto.disconnect(DISCONNECT_REASON.SERVICE_NOT_AVAILABLE); socket.end(); return; } acceptedAuthSvc = true; proto.serviceAccept(service); }, USERAUTH_REQUEST: (p, username, service, method, methodData) => { if (exchanges === 0 || this.authenticated || (authCtx && (authCtx.username !== username || authCtx.service !== service)) // TODO: support hostbased auth || (method !== 'password' && method !== 'publickey' && method !== 'hostbased' && method !== 'keyboard-interactive' && method !== 'none') || pendingAuths.length === MAX_PENDING_AUTHS) { proto.disconnect(DISCONNECT_REASON.PROTOCOL_ERROR); socket.end(); return; } else if (service !== 'ssh-connection') { proto.disconnect(DISCONNECT_REASON.SERVICE_NOT_AVAILABLE); socket.end(); return; } let ctx; switch (method) { case 'keyboard-interactive': ctx = new KeyboardAuthContext(proto, username, service, method, methodData, onAuthDecide); break; case 'publickey': ctx = new PKAuthContext(proto, username, service, method, methodData, onAuthDecide); break; case 'hostbased': ctx = new HostbasedAuthContext(proto, username, service, method, methodData, onAuthDecide); break; case 'password': if (authCtx && authCtx instanceof PwdAuthContext && authCtx._changeCb) { const cb = authCtx._changeCb; authCtx._changeCb = undefined; cb(methodData.newPassword); return; } ctx = new PwdAuthContext(proto, username, service, method, methodData, onAuthDecide); break; case 'none': ctx = new AuthContext(proto, username, service, method, onAuthDecide); break; } if (authCtx) { if (!authCtx._initialResponse) { return pendingAuths.push(ctx); } else if (authCtx._multistep && !authCtx._finalResponse) { // RFC 4252 says to silently abort the current auth request if a // new auth request comes in before the final response from an // auth method that requires additional request/response exchanges // -- this means keyboard-interactive for now ... authCtx._cleanup && authCtx._cleanup(); authCtx.emit('abort'); } } authCtx = ctx; if (listenerCount(this, 'authentication')) this.emit('authentication', authCtx); else authCtx.reject(); }, USERAUTH_INFO_RESPONSE: (p, responses) => { if (authCtx && authCtx instanceof KeyboardAuthContext) authCtx._onInfoResponse(responses); }, // End service/auth-related ============================================ GLOBAL_REQUEST: (p, name, wantReply, data) => { const reply = { type: null, buf: null }; function setReply(type, buf) { reply.type = type; reply.buf = buf; sendReplies(); } if (wantReply) unsentGlobalRequestsReplies.push(reply); if ((name === 'tcpip-forward' || name === 'cancel-tcpip-forward' || name === 'no-more-sessions@openssh.com' || name === 'streamlocal-forward@openssh.com' || name === 'cancel-streamlocal-forward@openssh.com') && listenerCount(this, 'request') && this.authenticated) { let accept; let reject; if (wantReply) { let replied = false; accept = (chosenPort) => { if (replied) return; replied = true; let bufPort; if (name === 'tcpip-forward' && data.bindPort === 0 && typeof chosenPort === 'number') { bufPort = Buffer.allocUnsafe(4); writeUInt32BE(bufPort, chosenPort, 0); } setReply('SUCCESS', bufPort); }; reject = () => { if (replied) return; replied = true; setReply('FAILURE'); }; } if (name === 'no-more-sessions@openssh.com') { this.noMoreSessions = true; accept && accept(); return; } this.emit('request', accept, reject, name, data); } else if (wantReply) { setReply('FAILURE'); } }, }, }); socket.pause(); cryptoInit.then(() => { proto.start(); socket.on('data', (data) => { try { proto.parse(data, 0, data.length); } catch (ex) { this.emit('error', ex); try { if (isWritable(socket)) socket.end(); } catch {} } }); socket.resume(); }).catch((err) => { this.emit('error', err); try { if (isWritable(socket)) socket.end(); } catch {} }); socket.on('error', (err) => { err.level = 'socket'; this.emit('error', err); }).once('end', () => { debug && debug('Socket ended'); proto.cleanup(); this.emit('end'); }).once('close', () => { debug && debug('Socket closed'); proto.cleanup(); this.emit('close'); const err = new Error('No response from server'); // Simulate error for pending channels and close any open channels this._chanMgr.cleanup(err); }); const onAuthDecide = (ctx, allowed, methodsLeft, isPartial) => { if (authCtx === ctx && !this.authenticated) { if (allowed) { authCtx = undefined; this.authenticated = true; proto.authSuccess(); pendingAuths = []; this.emit('ready'); } else { proto.authFailure(methodsLeft, isPartial); if (pendingAuths.length) { authCtx = pendingAuths.pop(); if (listenerCount(this, 'authentication')) this.emit('authentication', authCtx); else authCtx.reject(); } } } }; function sendReplies() { while (unsentGlobalRequestsReplies.length > 0 && unsentGlobalRequestsReplies[0].type) { const reply = unsentGlobalRequestsReplies.shift(); if (reply.type === 'SUCCESS') proto.requestSuccess(reply.buf); if (reply.type === 'FAILURE') proto.requestFailure(); } } } end() { if (this._sock && isWritable(this._sock)) { this._protocol.disconnect(DISCONNECT_REASON.BY_APPLICATION); this._sock.end(); } return this; } x11(originAddr, originPort, cb) { const opts = { originAddr, originPort }; openChannel(this, 'x11', opts, cb); return this; } forwardOut(boundAddr, boundPort, remoteAddr, remotePort, cb) { const opts = { boundAddr, boundPort, remoteAddr, remotePort }; openChannel(this, 'forwarded-tcpip', opts, cb); return this; } openssh_forwardOutStreamLocal(socketPath, cb) { const opts = { socketPath }; openChannel(this, 'forwarded-streamlocal@openssh.com', opts, cb); return this; } rekey(cb) { let error; try { this._protocol.rekey(); } catch (ex) { error = ex; } // TODO: re-throw error if no callback? if (typeof cb === 'function') { if (error) process.nextTick(cb, error); else this.once('rekey', cb); } } } function openChannel(self, type, opts, cb) { // Ask the client to open a channel for some purpose (e.g. a forwarded TCP // connection) const initWindow = MAX_WINDOW; const maxPacket = PACKET_SIZE; if (typeof opts === 'function') { cb = opts; opts = {}; } const wrapper = (err, stream) => { cb(err, stream); }; wrapper.type = type; const localChan = self._chanMgr.add(wrapper); if (localChan === -1) { cb(new Error('No free channels available')); return; } switch (type) { case 'forwarded-tcpip': self._protocol.forwardedTcpip(localChan, initWindow, maxPacket, opts); break; case 'x11': self._protocol.x11(localChan, initWindow, maxPacket, opts); break; case 'forwarded-streamlocal@openssh.com': self._protocol.openssh_forwardedStreamLocal( localChan, initWindow, maxPacket, opts ); break; default: throw new Error(`Unsupported channel type: ${type}`); } } function compareNumbers(a, b) { return a - b; } module.exports = Server; module.exports.IncomingClient = Client; /***/ }), /***/ 834: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const { SFTP } = __nccwpck_require__(2026); const MAX_CHANNEL = 2 ** 32 - 1; function onChannelOpenFailure(self, recipient, info, cb) { self._chanMgr.remove(recipient); if (typeof cb !== 'function') return; let err; if (info instanceof Error) { err = info; } else if (typeof info === 'object' && info !== null) { err = new Error(`(SSH) Channel open failure: ${info.description}`); err.reason = info.reason; } else { err = new Error( '(SSH) Channel open failure: server closed channel unexpectedly' ); err.reason = ''; } cb(err); } function onCHANNEL_CLOSE(self, recipient, channel, err, dead) { if (typeof channel === 'function') { // We got CHANNEL_CLOSE instead of CHANNEL_OPEN_FAILURE when // requesting to open a channel onChannelOpenFailure(self, recipient, err, channel); return; } if (typeof channel !== 'object' || channel === null) return; if (channel.incoming && channel.incoming.state === 'closed') return; self._chanMgr.remove(recipient); if (channel.server && channel.constructor.name === 'Session') return; channel.incoming.state = 'closed'; if (channel.readable) channel.push(null); if (channel.server) { if (channel.stderr.writable) channel.stderr.end(); } else if (channel.stderr.readable) { channel.stderr.push(null); } if (channel.constructor !== SFTP && (channel.outgoing.state === 'open' || channel.outgoing.state === 'eof') && !dead) { channel.close(); } if (channel.outgoing.state === 'closing') channel.outgoing.state = 'closed'; const readState = channel._readableState; const writeState = channel._writableState; if (writeState && !writeState.ending && !writeState.finished && !dead) channel.end(); // Take care of any outstanding channel requests const chanCallbacks = channel._callbacks; channel._callbacks = []; for (let i = 0; i < chanCallbacks.length; ++i) chanCallbacks[i](true); if (channel.server) { if (!channel.readable || channel.destroyed || (readState && readState.endEmitted)) { channel.emit('close'); } else { channel.once('end', () => channel.emit('close')); } } else { let doClose; switch (channel.type) { case 'direct-streamlocal@openssh.com': case 'direct-tcpip': doClose = () => channel.emit('close'); break; default: { // Align more with node child processes, where the close event gets // the same arguments as the exit event const exit = channel._exit; doClose = () => { if (exit.code === null) channel.emit('close', exit.code, exit.signal, exit.dump, exit.desc); else channel.emit('close', exit.code); }; } } if (!channel.readable || channel.destroyed || (readState && readState.endEmitted)) { doClose(); } else { channel.once('end', doClose); } const errReadState = channel.stderr._readableState; if (!channel.stderr.readable || channel.stderr.destroyed || (errReadState && errReadState.endEmitted)) { channel.stderr.emit('close'); } else { channel.stderr.once('end', () => channel.stderr.emit('close')); } } } class ChannelManager { constructor(client) { this._client = client; this._channels = {}; this._cur = -1; this._count = 0; } add(val) { // Attempt to reserve an id let id; // Optimized paths if (this._cur < MAX_CHANNEL) { id = ++this._cur; } else if (this._count === 0) { // Revert and reset back to fast path once we no longer have any channels // open this._cur = 0; id = 0; } else { // Slower lookup path // This path is triggered we have opened at least MAX_CHANNEL channels // while having at least one channel open at any given time, so we have // to search for a free id. const channels = this._channels; for (let i = 0; i < MAX_CHANNEL; ++i) { if (channels[i] === undefined) { id = i; break; } } } if (id === undefined) return -1; this._channels[id] = (val || true); ++this._count; return id; } update(id, val) { if (typeof id !== 'number' || id < 0 || id >= MAX_CHANNEL || !isFinite(id)) throw new Error(`Invalid channel id: ${id}`); if (val && this._channels[id]) this._channels[id] = val; } get(id) { if (typeof id !== 'number' || id < 0 || id >= MAX_CHANNEL || !isFinite(id)) throw new Error(`Invalid channel id: ${id}`); return this._channels[id]; } remove(id) { if (typeof id !== 'number' || id < 0 || id >= MAX_CHANNEL || !isFinite(id)) throw new Error(`Invalid channel id: ${id}`); if (this._channels[id]) { delete this._channels[id]; if (this._count) --this._count; } } cleanup(err) { const channels = this._channels; this._channels = {}; this._cur = -1; this._count = 0; const chanIDs = Object.keys(channels); const client = this._client; for (let i = 0; i < chanIDs.length; ++i) { const id = +chanIDs[i]; const channel = channels[id]; onCHANNEL_CLOSE(client, id, channel._channel || channel, err, true); } } } const isRegExp = (() => { const toString = Object.prototype.toString; return (val) => toString.call(val) === '[object RegExp]'; })(); function generateAlgorithmList(algoList, defaultList, supportedList) { if (Array.isArray(algoList) && algoList.length > 0) { // Exact list for (let i = 0; i < algoList.length; ++i) { if (supportedList.indexOf(algoList[i]) === -1) throw new Error(`Unsupported algorithm: ${algoList[i]}`); } return algoList; } if (typeof algoList === 'object' && algoList !== null) { // Operations based on the default list const keys = Object.keys(algoList); let list = defaultList; for (let i = 0; i < keys.length; ++i) { const key = keys[i]; let val = algoList[key]; switch (key) { case 'append': if (!Array.isArray(val)) val = [val]; if (Array.isArray(val)) { for (let j = 0; j < val.length; ++j) { const append = val[j]; if (typeof append === 'string') { if (!append || list.indexOf(append) !== -1) continue; if (supportedList.indexOf(append) === -1) throw new Error(`Unsupported algorithm: ${append}`); if (list === defaultList) list = list.slice(); list.push(append); } else if (isRegExp(append)) { for (let k = 0; k < supportedList.length; ++k) { const algo = supportedList[k]; if (append.test(algo)) { if (list.indexOf(algo) !== -1) continue; if (list === defaultList) list = list.slice(); list.push(algo); } } } } } break; case 'prepend': if (!Array.isArray(val)) val = [val]; if (Array.isArray(val)) { for (let j = val.length; j >= 0; --j) { const prepend = val[j]; if (typeof prepend === 'string') { if (!prepend || list.indexOf(prepend) !== -1) continue; if (supportedList.indexOf(prepend) === -1) throw new Error(`Unsupported algorithm: ${prepend}`); if (list === defaultList) list = list.slice(); list.unshift(prepend); } else if (isRegExp(prepend)) { for (let k = supportedList.length; k >= 0; --k) { const algo = supportedList[k]; if (prepend.test(algo)) { if (list.indexOf(algo) !== -1) continue; if (list === defaultList) list = list.slice(); list.unshift(algo); } } } } } break; case 'remove': if (!Array.isArray(val)) val = [val]; if (Array.isArray(val)) { for (let j = 0; j < val.length; ++j) { const search = val[j]; if (typeof search === 'string') { if (!search) continue; const idx = list.indexOf(search); if (idx === -1) continue; if (list === defaultList) list = list.slice(); list.splice(idx, 1); } else if (isRegExp(search)) { for (let k = 0; k < list.length; ++k) { if (search.test(list[k])) { if (list === defaultList) list = list.slice(); list.splice(k, 1); --k; } } } } } break; } } return list; } return defaultList; } module.exports = { ChannelManager, generateAlgorithmList, onChannelOpenFailure, onCHANNEL_CLOSE, isWritable: (stream) => { // XXX: hack to workaround regression in node // See: https://github.com/nodejs/node/issues/36029 return (stream && stream.writable && stream._readableState && stream._readableState.ended === false); }, }; /***/ }), /***/ 4841: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; // Copyright Joyent, Inc. and other Node contributors. // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and associated documentation files (the // "Software"), to deal in the Software without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Software, and to permit // persons to whom the Software is furnished to do so, subject to the // following conditions: // // The above copyright notice and this permission notice shall be included // in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE // USE OR OTHER DEALINGS IN THE SOFTWARE. /**/ var Buffer = __nccwpck_require__(2279).Buffer; /**/ var isEncoding = Buffer.isEncoding || function (encoding) { encoding = '' + encoding; switch (encoding && encoding.toLowerCase()) { case 'hex':case 'utf8':case 'utf-8':case 'ascii':case 'binary':case 'base64':case 'ucs2':case 'ucs-2':case 'utf16le':case 'utf-16le':case 'raw': return true; default: return false; } }; function _normalizeEncoding(enc) { if (!enc) return 'utf8'; var retried; while (true) { switch (enc) { case 'utf8': case 'utf-8': return 'utf8'; case 'ucs2': case 'ucs-2': case 'utf16le': case 'utf-16le': return 'utf16le'; case 'latin1': case 'binary': return 'latin1'; case 'base64': case 'ascii': case 'hex': return enc; default: if (retried) return; // undefined enc = ('' + enc).toLowerCase(); retried = true; } } }; // Do not cache `Buffer.isEncoding` when checking encoding names as some // modules monkey-patch it to support additional encodings function normalizeEncoding(enc) { var nenc = _normalizeEncoding(enc); if (typeof nenc !== 'string' && (Buffer.isEncoding === isEncoding || !isEncoding(enc))) throw new Error('Unknown encoding: ' + enc); return nenc || enc; } // StringDecoder provides an interface for efficiently splitting a series of // buffers into a series of JS strings without breaking apart multi-byte // characters. exports.s = StringDecoder; function StringDecoder(encoding) { this.encoding = normalizeEncoding(encoding); var nb; switch (this.encoding) { case 'utf16le': this.text = utf16Text; this.end = utf16End; nb = 4; break; case 'utf8': this.fillLast = utf8FillLast; nb = 4; break; case 'base64': this.text = base64Text; this.end = base64End; nb = 3; break; default: this.write = simpleWrite; this.end = simpleEnd; return; } this.lastNeed = 0; this.lastTotal = 0; this.lastChar = Buffer.allocUnsafe(nb); } StringDecoder.prototype.write = function (buf) { if (buf.length === 0) return ''; var r; var i; if (this.lastNeed) { r = this.fillLast(buf); if (r === undefined) return ''; i = this.lastNeed; this.lastNeed = 0; } else { i = 0; } if (i < buf.length) return r ? r + this.text(buf, i) : this.text(buf, i); return r || ''; }; StringDecoder.prototype.end = utf8End; // Returns only complete characters in a Buffer StringDecoder.prototype.text = utf8Text; // Attempts to complete a partial non-UTF-8 character using bytes from a Buffer StringDecoder.prototype.fillLast = function (buf) { if (this.lastNeed <= buf.length) { buf.copy(this.lastChar, this.lastTotal - this.lastNeed, 0, this.lastNeed); return this.lastChar.toString(this.encoding, 0, this.lastTotal); } buf.copy(this.lastChar, this.lastTotal - this.lastNeed, 0, buf.length); this.lastNeed -= buf.length; }; // Checks the type of a UTF-8 byte, whether it's ASCII, a leading byte, or a // continuation byte. If an invalid byte is detected, -2 is returned. function utf8CheckByte(byte) { if (byte <= 0x7F) return 0;else if (byte >> 5 === 0x06) return 2;else if (byte >> 4 === 0x0E) return 3;else if (byte >> 3 === 0x1E) return 4; return byte >> 6 === 0x02 ? -1 : -2; } // Checks at most 3 bytes at the end of a Buffer in order to detect an // incomplete multi-byte UTF-8 character. The total number of bytes (2, 3, or 4) // needed to complete the UTF-8 character (if applicable) are returned. function utf8CheckIncomplete(self, buf, i) { var j = buf.length - 1; if (j < i) return 0; var nb = utf8CheckByte(buf[j]); if (nb >= 0) { if (nb > 0) self.lastNeed = nb - 1; return nb; } if (--j < i || nb === -2) return 0; nb = utf8CheckByte(buf[j]); if (nb >= 0) { if (nb > 0) self.lastNeed = nb - 2; return nb; } if (--j < i || nb === -2) return 0; nb = utf8CheckByte(buf[j]); if (nb >= 0) { if (nb > 0) { if (nb === 2) nb = 0;else self.lastNeed = nb - 3; } return nb; } return 0; } // Validates as many continuation bytes for a multi-byte UTF-8 character as // needed or are available. If we see a non-continuation byte where we expect // one, we "replace" the validated continuation bytes we've seen so far with // a single UTF-8 replacement character ('\ufffd'), to match v8's UTF-8 decoding // behavior. The continuation byte check is included three times in the case // where all of the continuation bytes for a character exist in the same buffer. // It is also done this way as a slight performance increase instead of using a // loop. function utf8CheckExtraBytes(self, buf, p) { if ((buf[0] & 0xC0) !== 0x80) { self.lastNeed = 0; return '\ufffd'; } if (self.lastNeed > 1 && buf.length > 1) { if ((buf[1] & 0xC0) !== 0x80) { self.lastNeed = 1; return '\ufffd'; } if (self.lastNeed > 2 && buf.length > 2) { if ((buf[2] & 0xC0) !== 0x80) { self.lastNeed = 2; return '\ufffd'; } } } } // Attempts to complete a multi-byte UTF-8 character using bytes from a Buffer. function utf8FillLast(buf) { var p = this.lastTotal - this.lastNeed; var r = utf8CheckExtraBytes(this, buf, p); if (r !== undefined) return r; if (this.lastNeed <= buf.length) { buf.copy(this.lastChar, p, 0, this.lastNeed); return this.lastChar.toString(this.encoding, 0, this.lastTotal); } buf.copy(this.lastChar, p, 0, buf.length); this.lastNeed -= buf.length; } // Returns all complete UTF-8 characters in a Buffer. If the Buffer ended on a // partial character, the character's bytes are buffered until the required // number of bytes are available. function utf8Text(buf, i) { var total = utf8CheckIncomplete(this, buf, i); if (!this.lastNeed) return buf.toString('utf8', i); this.lastTotal = total; var end = buf.length - (total - this.lastNeed); buf.copy(this.lastChar, 0, end); return buf.toString('utf8', i, end); } // For UTF-8, a replacement character is added when ending on a partial // character. function utf8End(buf) { var r = buf && buf.length ? this.write(buf) : ''; if (this.lastNeed) return r + '\ufffd'; return r; } // UTF-16LE typically needs two bytes per character, but even if we have an even // number of bytes available, we need to check if we end on a leading/high // surrogate. In that case, we need to wait for the next two bytes in order to // decode the last character properly. function utf16Text(buf, i) { if ((buf.length - i) % 2 === 0) { var r = buf.toString('utf16le', i); if (r) { var c = r.charCodeAt(r.length - 1); if (c >= 0xD800 && c <= 0xDBFF) { this.lastNeed = 2; this.lastTotal = 4; this.lastChar[0] = buf[buf.length - 2]; this.lastChar[1] = buf[buf.length - 1]; return r.slice(0, -1); } } return r; } this.lastNeed = 1; this.lastTotal = 2; this.lastChar[0] = buf[buf.length - 1]; return buf.toString('utf16le', i, buf.length - 1); } // For UTF-16LE we do not explicitly append special replacement characters if we // end on a partial character, we simply let v8 handle that. function utf16End(buf) { var r = buf && buf.length ? this.write(buf) : ''; if (this.lastNeed) { var end = this.lastTotal - this.lastNeed; return r + this.lastChar.toString('utf16le', 0, end); } return r; } function base64Text(buf, i) { var n = (buf.length - i) % 3; if (n === 0) return buf.toString('base64', i); this.lastNeed = 3 - n; this.lastTotal = 3; if (n === 1) { this.lastChar[0] = buf[buf.length - 1]; } else { this.lastChar[0] = buf[buf.length - 2]; this.lastChar[1] = buf[buf.length - 1]; } return buf.toString('base64', i, buf.length - n); } function base64End(buf) { var r = buf && buf.length ? this.write(buf) : ''; if (this.lastNeed) return r + this.lastChar.toString('base64', 0, 3 - this.lastNeed); return r; } // Pass bytes on through for single-byte encodings (e.g. ascii, latin1, hex) function simpleWrite(buf) { return buf.toString(this.encoding); } function simpleEnd(buf) { return buf && buf.length ? this.write(buf) : ''; } /***/ }), /***/ 2279: /***/ ((module, exports, __nccwpck_require__) => { /*! safe-buffer. MIT License. Feross Aboukhadijeh */ /* eslint-disable node/no-deprecated-api */ var buffer = __nccwpck_require__(4293) var Buffer = buffer.Buffer // alternative to using Object.keys for old browsers function copyProps (src, dst) { for (var key in src) { dst[key] = src[key] } } if (Buffer.from && Buffer.alloc && Buffer.allocUnsafe && Buffer.allocUnsafeSlow) { module.exports = buffer } else { // Copy properties from require('buffer') copyProps(buffer, exports) exports.Buffer = SafeBuffer } function SafeBuffer (arg, encodingOrOffset, length) { return Buffer(arg, encodingOrOffset, length) } SafeBuffer.prototype = Object.create(Buffer.prototype) // Copy static methods from Buffer copyProps(Buffer, SafeBuffer) SafeBuffer.from = function (arg, encodingOrOffset, length) { if (typeof arg === 'number') { throw new TypeError('Argument must not be a number') } return Buffer(arg, encodingOrOffset, length) } SafeBuffer.alloc = function (size, fill, encoding) { if (typeof size !== 'number') { throw new TypeError('Argument must be a number') } var buf = Buffer(size) if (fill !== undefined) { if (typeof encoding === 'string') { buf.fill(fill, encoding) } else { buf.fill(fill) } } else { buf.fill(0) } return buf } SafeBuffer.allocUnsafe = function (size) { if (typeof size !== 'number') { throw new TypeError('Argument must be a number') } return Buffer(size) } SafeBuffer.allocUnsafeSlow = function (size) { if (typeof size !== 'number') { throw new TypeError('Argument must be a number') } return buffer.SlowBuffer(size) } /***/ }), /***/ 9318: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { "use strict"; const os = __nccwpck_require__(2087); const tty = __nccwpck_require__(3867); const hasFlag = __nccwpck_require__(1621); const {env} = process; let forceColor; if (hasFlag('no-color') || hasFlag('no-colors') || hasFlag('color=false') || hasFlag('color=never')) { forceColor = 0; } else if (hasFlag('color') || hasFlag('colors') || hasFlag('color=true') || hasFlag('color=always')) { forceColor = 1; } if ('FORCE_COLOR' in env) { if (env.FORCE_COLOR === 'true') { forceColor = 1; } else if (env.FORCE_COLOR === 'false') { forceColor = 0; } else { forceColor = env.FORCE_COLOR.length === 0 ? 1 : Math.min(parseInt(env.FORCE_COLOR, 10), 3); } } function translateLevel(level) { if (level === 0) { return false; } return { level, hasBasic: true, has256: level >= 2, has16m: level >= 3 }; } function supportsColor(haveStream, streamIsTTY) { if (forceColor === 0) { return 0; } if (hasFlag('color=16m') || hasFlag('color=full') || hasFlag('color=truecolor')) { return 3; } if (hasFlag('color=256')) { return 2; } if (haveStream && !streamIsTTY && forceColor === undefined) { return 0; } const min = forceColor || 0; if (env.TERM === 'dumb') { return min; } if (process.platform === 'win32') { // Windows 10 build 10586 is the first Windows release that supports 256 colors. // Windows 10 build 14931 is the first release that supports 16m/TrueColor. const osRelease = os.release().split('.'); if ( Number(osRelease[0]) >= 10 && Number(osRelease[2]) >= 10586 ) { return Number(osRelease[2]) >= 14931 ? 3 : 2; } return 1; } if ('CI' in env) { if (['TRAVIS', 'CIRCLECI', 'APPVEYOR', 'GITLAB_CI', 'GITHUB_ACTIONS', 'BUILDKITE'].some(sign => sign in env) || env.CI_NAME === 'codeship') { return 1; } return min; } if ('TEAMCITY_VERSION' in env) { return /^(9\.(0*[1-9]\d*)\.|\d{2,}\.)/.test(env.TEAMCITY_VERSION) ? 1 : 0; } if (env.COLORTERM === 'truecolor') { return 3; } if ('TERM_PROGRAM' in env) { const version = parseInt((env.TERM_PROGRAM_VERSION || '').split('.')[0], 10); switch (env.TERM_PROGRAM) { case 'iTerm.app': return version >= 3 ? 3 : 2; case 'Apple_Terminal': return 2; // No default } } if (/-256(color)?$/i.test(env.TERM)) { return 2; } if (/^screen|^xterm|^vt100|^vt220|^rxvt|color|ansi|cygwin|linux/i.test(env.TERM)) { return 1; } if ('COLORTERM' in env) { return 1; } return min; } function getSupportLevel(stream) { const level = supportsColor(stream, stream && stream.isTTY); return translateLevel(level); } module.exports = { supportsColor: getSupportLevel, stdout: translateLevel(supportsColor(true, tty.isatty(1))), stderr: translateLevel(supportsColor(true, tty.isatty(2))) }; /***/ }), /***/ 366: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { var chownr = __nccwpck_require__(9051) var tar = __nccwpck_require__(2283) var pump = __nccwpck_require__(8341) var mkdirp = __nccwpck_require__(7614) var fs = __nccwpck_require__(5747) var path = __nccwpck_require__(5622) var os = __nccwpck_require__(2087) var win32 = os.platform() === 'win32' var noop = function () {} var echo = function (name) { return name } var normalize = !win32 ? echo : function (name) { return name.replace(/\\/g, '/').replace(/[:?<>|]/g, '_') } var statAll = function (fs, stat, cwd, ignore, entries, sort) { var queue = entries || ['.'] return function loop (callback) { if (!queue.length) return callback() var next = queue.shift() var nextAbs = path.join(cwd, next) stat(nextAbs, function (err, stat) { if (err) return callback(err) if (!stat.isDirectory()) return callback(null, next, stat) fs.readdir(nextAbs, function (err, files) { if (err) return callback(err) if (sort) files.sort() for (var i = 0; i < files.length; i++) { if (!ignore(path.join(cwd, next, files[i]))) queue.push(path.join(next, files[i])) } callback(null, next, stat) }) }) } } var strip = function (map, level) { return function (header) { header.name = header.name.split('/').slice(level).join('/') var linkname = header.linkname if (linkname && (header.type === 'link' || path.isAbsolute(linkname))) { header.linkname = linkname.split('/').slice(level).join('/') } return map(header) } } exports.pack = function (cwd, opts) { if (!cwd) cwd = '.' if (!opts) opts = {} var xfs = opts.fs || fs var ignore = opts.ignore || opts.filter || noop var map = opts.map || noop var mapStream = opts.mapStream || echo var statNext = statAll(xfs, opts.dereference ? xfs.stat : xfs.lstat, cwd, ignore, opts.entries, opts.sort) var strict = opts.strict !== false var umask = typeof opts.umask === 'number' ? ~opts.umask : ~processUmask() var dmode = typeof opts.dmode === 'number' ? opts.dmode : 0 var fmode = typeof opts.fmode === 'number' ? opts.fmode : 0 var pack = opts.pack || tar.pack() var finish = opts.finish || noop if (opts.strip) map = strip(map, opts.strip) if (opts.readable) { dmode |= parseInt(555, 8) fmode |= parseInt(444, 8) } if (opts.writable) { dmode |= parseInt(333, 8) fmode |= parseInt(222, 8) } var onsymlink = function (filename, header) { xfs.readlink(path.join(cwd, filename), function (err, linkname) { if (err) return pack.destroy(err) header.linkname = normalize(linkname) pack.entry(header, onnextentry) }) } var onstat = function (err, filename, stat) { if (err) return pack.destroy(err) if (!filename) { if (opts.finalize !== false) pack.finalize() return finish(pack) } if (stat.isSocket()) return onnextentry() // tar does not support sockets... var header = { name: normalize(filename), mode: (stat.mode | (stat.isDirectory() ? dmode : fmode)) & umask, mtime: stat.mtime, size: stat.size, type: 'file', uid: stat.uid, gid: stat.gid } if (stat.isDirectory()) { header.size = 0 header.type = 'directory' header = map(header) || header return pack.entry(header, onnextentry) } if (stat.isSymbolicLink()) { header.size = 0 header.type = 'symlink' header = map(header) || header return onsymlink(filename, header) } // TODO: add fifo etc... header = map(header) || header if (!stat.isFile()) { if (strict) return pack.destroy(new Error('unsupported type for ' + filename)) return onnextentry() } var entry = pack.entry(header, onnextentry) if (!entry) return var rs = mapStream(xfs.createReadStream(path.join(cwd, filename)), header) rs.on('error', function (err) { // always forward errors on destroy entry.destroy(err) }) pump(rs, entry) } var onnextentry = function (err) { if (err) return pack.destroy(err) statNext(onstat) } onnextentry() return pack } var head = function (list) { return list.length ? list[list.length - 1] : null } var processGetuid = function () { return process.getuid ? process.getuid() : -1 } var processUmask = function () { return process.umask ? process.umask() : 0 } exports.extract = function (cwd, opts) { if (!cwd) cwd = '.' if (!opts) opts = {} var xfs = opts.fs || fs var ignore = opts.ignore || opts.filter || noop var map = opts.map || noop var mapStream = opts.mapStream || echo var own = opts.chown !== false && !win32 && processGetuid() === 0 var extract = opts.extract || tar.extract() var stack = [] var now = new Date() var umask = typeof opts.umask === 'number' ? ~opts.umask : ~processUmask() var dmode = typeof opts.dmode === 'number' ? opts.dmode : 0 var fmode = typeof opts.fmode === 'number' ? opts.fmode : 0 var strict = opts.strict !== false if (opts.strip) map = strip(map, opts.strip) if (opts.readable) { dmode |= parseInt(555, 8) fmode |= parseInt(444, 8) } if (opts.writable) { dmode |= parseInt(333, 8) fmode |= parseInt(222, 8) } var utimesParent = function (name, cb) { // we just set the mtime on the parent dir again everytime we write an entry var top while ((top = head(stack)) && name.slice(0, top[0].length) !== top[0]) stack.pop() if (!top) return cb() xfs.utimes(top[0], now, top[1], cb) } var utimes = function (name, header, cb) { if (opts.utimes === false) return cb() if (header.type === 'directory') return xfs.utimes(name, now, header.mtime, cb) if (header.type === 'symlink') return utimesParent(name, cb) // TODO: how to set mtime on link? xfs.utimes(name, now, header.mtime, function (err) { if (err) return cb(err) utimesParent(name, cb) }) } var chperm = function (name, header, cb) { var link = header.type === 'symlink' /* eslint-disable node/no-deprecated-api */ var chmod = link ? xfs.lchmod : xfs.chmod var chown = link ? xfs.lchown : xfs.chown /* eslint-enable node/no-deprecated-api */ if (!chmod) return cb() var mode = (header.mode | (header.type === 'directory' ? dmode : fmode)) & umask chmod(name, mode, function (err) { if (err) return cb(err) if (!own) return cb() if (!chown) return cb() chown(name, header.uid, header.gid, cb) }) } extract.on('entry', function (header, stream, next) { header = map(header) || header header.name = normalize(header.name) var name = path.join(cwd, path.join('/', header.name)) if (ignore(name, header)) { stream.resume() return next() } var stat = function (err) { if (err) return next(err) utimes(name, header, function (err) { if (err) return next(err) if (win32) return next() chperm(name, header, next) }) } var onsymlink = function () { if (win32) return next() // skip symlinks on win for now before it can be tested xfs.unlink(name, function () { xfs.symlink(header.linkname, name, stat) }) } var onlink = function () { if (win32) return next() // skip links on win for now before it can be tested xfs.unlink(name, function () { var srcpath = path.join(cwd, path.join('/', header.linkname)) xfs.link(srcpath, name, function (err) { if (err && err.code === 'EPERM' && opts.hardlinkAsFilesFallback) { stream = xfs.createReadStream(srcpath) return onfile() } stat(err) }) }) } var onfile = function () { var ws = xfs.createWriteStream(name) var rs = mapStream(stream, header) ws.on('error', function (err) { // always forward errors on destroy rs.destroy(err) }) pump(rs, ws, function (err) { if (err) return next(err) ws.on('close', stat) }) } if (header.type === 'directory') { stack.push([name, header.mtime]) return mkdirfix(name, { fs: xfs, own: own, uid: header.uid, gid: header.gid }, stat) } var dir = path.dirname(name) validate(xfs, dir, path.join(cwd, '.'), function (err, valid) { if (err) return next(err) if (!valid) return next(new Error(dir + ' is not a valid path')) mkdirfix(dir, { fs: xfs, own: own, uid: header.uid, gid: header.gid }, function (err) { if (err) return next(err) switch (header.type) { case 'file': return onfile() case 'link': return onlink() case 'symlink': return onsymlink() } if (strict) return next(new Error('unsupported type for ' + name + ' (' + header.type + ')')) stream.resume() next() }) }) }) if (opts.finish) extract.on('finish', opts.finish) return extract } function validate (fs, name, root, cb) { if (name === root) return cb(null, true) fs.lstat(name, function (err, st) { if (err && err.code !== 'ENOENT') return cb(err) if (err || st.isDirectory()) return validate(fs, path.join(name, '..'), root, cb) cb(null, false) }) } function mkdirfix (name, opts, cb) { mkdirp(name, { fs: opts.fs }, function (err, made) { if (!err && made && opts.own) { chownr(made, opts.uid, opts.gid, cb) } else { cb(err) } }) } /***/ }), /***/ 7882: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var util = __nccwpck_require__(1669) var bl = __nccwpck_require__(336) var headers = __nccwpck_require__(8860) var Writable = __nccwpck_require__(1642).Writable var PassThrough = __nccwpck_require__(1642).PassThrough var noop = function () {} var overflow = function (size) { size &= 511 return size && 512 - size } var emptyStream = function (self, offset) { var s = new Source(self, offset) s.end() return s } var mixinPax = function (header, pax) { if (pax.path) header.name = pax.path if (pax.linkpath) header.linkname = pax.linkpath if (pax.size) header.size = parseInt(pax.size, 10) header.pax = pax return header } var Source = function (self, offset) { this._parent = self this.offset = offset PassThrough.call(this, { autoDestroy: false }) } util.inherits(Source, PassThrough) Source.prototype.destroy = function (err) { this._parent.destroy(err) } var Extract = function (opts) { if (!(this instanceof Extract)) return new Extract(opts) Writable.call(this, opts) opts = opts || {} this._offset = 0 this._buffer = bl() this._missing = 0 this._partial = false this._onparse = noop this._header = null this._stream = null this._overflow = null this._cb = null this._locked = false this._destroyed = false this._pax = null this._paxGlobal = null this._gnuLongPath = null this._gnuLongLinkPath = null var self = this var b = self._buffer var oncontinue = function () { self._continue() } var onunlock = function (err) { self._locked = false if (err) return self.destroy(err) if (!self._stream) oncontinue() } var onstreamend = function () { self._stream = null var drain = overflow(self._header.size) if (drain) self._parse(drain, ondrain) else self._parse(512, onheader) if (!self._locked) oncontinue() } var ondrain = function () { self._buffer.consume(overflow(self._header.size)) self._parse(512, onheader) oncontinue() } var onpaxglobalheader = function () { var size = self._header.size self._paxGlobal = headers.decodePax(b.slice(0, size)) b.consume(size) onstreamend() } var onpaxheader = function () { var size = self._header.size self._pax = headers.decodePax(b.slice(0, size)) if (self._paxGlobal) self._pax = Object.assign({}, self._paxGlobal, self._pax) b.consume(size) onstreamend() } var ongnulongpath = function () { var size = self._header.size this._gnuLongPath = headers.decodeLongPath(b.slice(0, size), opts.filenameEncoding) b.consume(size) onstreamend() } var ongnulonglinkpath = function () { var size = self._header.size this._gnuLongLinkPath = headers.decodeLongPath(b.slice(0, size), opts.filenameEncoding) b.consume(size) onstreamend() } var onheader = function () { var offset = self._offset var header try { header = self._header = headers.decode(b.slice(0, 512), opts.filenameEncoding, opts.allowUnknownFormat) } catch (err) { self.emit('error', err) } b.consume(512) if (!header) { self._parse(512, onheader) oncontinue() return } if (header.type === 'gnu-long-path') { self._parse(header.size, ongnulongpath) oncontinue() return } if (header.type === 'gnu-long-link-path') { self._parse(header.size, ongnulonglinkpath) oncontinue() return } if (header.type === 'pax-global-header') { self._parse(header.size, onpaxglobalheader) oncontinue() return } if (header.type === 'pax-header') { self._parse(header.size, onpaxheader) oncontinue() return } if (self._gnuLongPath) { header.name = self._gnuLongPath self._gnuLongPath = null } if (self._gnuLongLinkPath) { header.linkname = self._gnuLongLinkPath self._gnuLongLinkPath = null } if (self._pax) { self._header = header = mixinPax(header, self._pax) self._pax = null } self._locked = true if (!header.size || header.type === 'directory') { self._parse(512, onheader) self.emit('entry', header, emptyStream(self, offset), onunlock) return } self._stream = new Source(self, offset) self.emit('entry', header, self._stream, onunlock) self._parse(header.size, onstreamend) oncontinue() } this._onheader = onheader this._parse(512, onheader) } util.inherits(Extract, Writable) Extract.prototype.destroy = function (err) { if (this._destroyed) return this._destroyed = true if (err) this.emit('error', err) this.emit('close') if (this._stream) this._stream.emit('close') } Extract.prototype._parse = function (size, onparse) { if (this._destroyed) return this._offset += size this._missing = size if (onparse === this._onheader) this._partial = false this._onparse = onparse } Extract.prototype._continue = function () { if (this._destroyed) return var cb = this._cb this._cb = noop if (this._overflow) this._write(this._overflow, undefined, cb) else cb() } Extract.prototype._write = function (data, enc, cb) { if (this._destroyed) return var s = this._stream var b = this._buffer var missing = this._missing if (data.length) this._partial = true // we do not reach end-of-chunk now. just forward it if (data.length < missing) { this._missing -= data.length this._overflow = null if (s) return s.write(data, cb) b.append(data) return cb() } // end-of-chunk. the parser should call cb. this._cb = cb this._missing = 0 var overflow = null if (data.length > missing) { overflow = data.slice(missing) data = data.slice(0, missing) } if (s) s.end(data) else b.append(data) this._overflow = overflow this._onparse() } Extract.prototype._final = function (cb) { if (this._partial) return this.destroy(new Error('Unexpected end of data')) cb() } module.exports = Extract /***/ }), /***/ 8860: /***/ ((__unused_webpack_module, exports) => { var alloc = Buffer.alloc var ZEROS = '0000000000000000000' var SEVENS = '7777777777777777777' var ZERO_OFFSET = '0'.charCodeAt(0) var USTAR_MAGIC = Buffer.from('ustar\x00', 'binary') var USTAR_VER = Buffer.from('00', 'binary') var GNU_MAGIC = Buffer.from('ustar\x20', 'binary') var GNU_VER = Buffer.from('\x20\x00', 'binary') var MASK = parseInt('7777', 8) var MAGIC_OFFSET = 257 var VERSION_OFFSET = 263 var clamp = function (index, len, defaultValue) { if (typeof index !== 'number') return defaultValue index = ~~index // Coerce to integer. if (index >= len) return len if (index >= 0) return index index += len if (index >= 0) return index return 0 } var toType = function (flag) { switch (flag) { case 0: return 'file' case 1: return 'link' case 2: return 'symlink' case 3: return 'character-device' case 4: return 'block-device' case 5: return 'directory' case 6: return 'fifo' case 7: return 'contiguous-file' case 72: return 'pax-header' case 55: return 'pax-global-header' case 27: return 'gnu-long-link-path' case 28: case 30: return 'gnu-long-path' } return null } var toTypeflag = function (flag) { switch (flag) { case 'file': return 0 case 'link': return 1 case 'symlink': return 2 case 'character-device': return 3 case 'block-device': return 4 case 'directory': return 5 case 'fifo': return 6 case 'contiguous-file': return 7 case 'pax-header': return 72 } return 0 } var indexOf = function (block, num, offset, end) { for (; offset < end; offset++) { if (block[offset] === num) return offset } return end } var cksum = function (block) { var sum = 8 * 32 for (var i = 0; i < 148; i++) sum += block[i] for (var j = 156; j < 512; j++) sum += block[j] return sum } var encodeOct = function (val, n) { val = val.toString(8) if (val.length > n) return SEVENS.slice(0, n) + ' ' else return ZEROS.slice(0, n - val.length) + val + ' ' } /* Copied from the node-tar repo and modified to meet * tar-stream coding standard. * * Source: https://github.com/npm/node-tar/blob/51b6627a1f357d2eb433e7378e5f05e83b7aa6cd/lib/header.js#L349 */ function parse256 (buf) { // first byte MUST be either 80 or FF // 80 for positive, FF for 2's comp var positive if (buf[0] === 0x80) positive = true else if (buf[0] === 0xFF) positive = false else return null // build up a base-256 tuple from the least sig to the highest var tuple = [] for (var i = buf.length - 1; i > 0; i--) { var byte = buf[i] if (positive) tuple.push(byte) else tuple.push(0xFF - byte) } var sum = 0 var l = tuple.length for (i = 0; i < l; i++) { sum += tuple[i] * Math.pow(256, i) } return positive ? sum : -1 * sum } var decodeOct = function (val, offset, length) { val = val.slice(offset, offset + length) offset = 0 // If prefixed with 0x80 then parse as a base-256 integer if (val[offset] & 0x80) { return parse256(val) } else { // Older versions of tar can prefix with spaces while (offset < val.length && val[offset] === 32) offset++ var end = clamp(indexOf(val, 32, offset, val.length), val.length, val.length) while (offset < end && val[offset] === 0) offset++ if (end === offset) return 0 return parseInt(val.slice(offset, end).toString(), 8) } } var decodeStr = function (val, offset, length, encoding) { return val.slice(offset, indexOf(val, 0, offset, offset + length)).toString(encoding) } var addLength = function (str) { var len = Buffer.byteLength(str) var digits = Math.floor(Math.log(len) / Math.log(10)) + 1 if (len + digits >= Math.pow(10, digits)) digits++ return (len + digits) + str } exports.decodeLongPath = function (buf, encoding) { return decodeStr(buf, 0, buf.length, encoding) } exports.encodePax = function (opts) { // TODO: encode more stuff in pax var result = '' if (opts.name) result += addLength(' path=' + opts.name + '\n') if (opts.linkname) result += addLength(' linkpath=' + opts.linkname + '\n') var pax = opts.pax if (pax) { for (var key in pax) { result += addLength(' ' + key + '=' + pax[key] + '\n') } } return Buffer.from(result) } exports.decodePax = function (buf) { var result = {} while (buf.length) { var i = 0 while (i < buf.length && buf[i] !== 32) i++ var len = parseInt(buf.slice(0, i).toString(), 10) if (!len) return result var b = buf.slice(i + 1, len - 1).toString() var keyIndex = b.indexOf('=') if (keyIndex === -1) return result result[b.slice(0, keyIndex)] = b.slice(keyIndex + 1) buf = buf.slice(len) } return result } exports.encode = function (opts) { var buf = alloc(512) var name = opts.name var prefix = '' if (opts.typeflag === 5 && name[name.length - 1] !== '/') name += '/' if (Buffer.byteLength(name) !== name.length) return null // utf-8 while (Buffer.byteLength(name) > 100) { var i = name.indexOf('/') if (i === -1) return null prefix += prefix ? '/' + name.slice(0, i) : name.slice(0, i) name = name.slice(i + 1) } if (Buffer.byteLength(name) > 100 || Buffer.byteLength(prefix) > 155) return null if (opts.linkname && Buffer.byteLength(opts.linkname) > 100) return null buf.write(name) buf.write(encodeOct(opts.mode & MASK, 6), 100) buf.write(encodeOct(opts.uid, 6), 108) buf.write(encodeOct(opts.gid, 6), 116) buf.write(encodeOct(opts.size, 11), 124) buf.write(encodeOct((opts.mtime.getTime() / 1000) | 0, 11), 136) buf[156] = ZERO_OFFSET + toTypeflag(opts.type) if (opts.linkname) buf.write(opts.linkname, 157) USTAR_MAGIC.copy(buf, MAGIC_OFFSET) USTAR_VER.copy(buf, VERSION_OFFSET) if (opts.uname) buf.write(opts.uname, 265) if (opts.gname) buf.write(opts.gname, 297) buf.write(encodeOct(opts.devmajor || 0, 6), 329) buf.write(encodeOct(opts.devminor || 0, 6), 337) if (prefix) buf.write(prefix, 345) buf.write(encodeOct(cksum(buf), 6), 148) return buf } exports.decode = function (buf, filenameEncoding, allowUnknownFormat) { var typeflag = buf[156] === 0 ? 0 : buf[156] - ZERO_OFFSET var name = decodeStr(buf, 0, 100, filenameEncoding) var mode = decodeOct(buf, 100, 8) var uid = decodeOct(buf, 108, 8) var gid = decodeOct(buf, 116, 8) var size = decodeOct(buf, 124, 12) var mtime = decodeOct(buf, 136, 12) var type = toType(typeflag) var linkname = buf[157] === 0 ? null : decodeStr(buf, 157, 100, filenameEncoding) var uname = decodeStr(buf, 265, 32) var gname = decodeStr(buf, 297, 32) var devmajor = decodeOct(buf, 329, 8) var devminor = decodeOct(buf, 337, 8) var c = cksum(buf) // checksum is still initial value if header was null. if (c === 8 * 32) return null // valid checksum if (c !== decodeOct(buf, 148, 8)) throw new Error('Invalid tar header. Maybe the tar is corrupted or it needs to be gunzipped?') if (USTAR_MAGIC.compare(buf, MAGIC_OFFSET, MAGIC_OFFSET + 6) === 0) { // ustar (posix) format. // prepend prefix, if present. if (buf[345]) name = decodeStr(buf, 345, 155, filenameEncoding) + '/' + name } else if (GNU_MAGIC.compare(buf, MAGIC_OFFSET, MAGIC_OFFSET + 6) === 0 && GNU_VER.compare(buf, VERSION_OFFSET, VERSION_OFFSET + 2) === 0) { // 'gnu'/'oldgnu' format. Similar to ustar, but has support for incremental and // multi-volume tarballs. } else { if (!allowUnknownFormat) { throw new Error('Invalid tar header: unknown format.') } } // to support old tar versions that use trailing / to indicate dirs if (typeflag === 0 && name && name[name.length - 1] === '/') typeflag = 5 return { name, mode, uid, gid, size, mtime: new Date(1000 * mtime), type, linkname, uname, gname, devmajor, devminor } } /***/ }), /***/ 2283: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { exports.extract = __nccwpck_require__(7882) exports.pack = __nccwpck_require__(4930) /***/ }), /***/ 4930: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { var constants = __nccwpck_require__(3186) var eos = __nccwpck_require__(1205) var inherits = __nccwpck_require__(4124) var alloc = Buffer.alloc var Readable = __nccwpck_require__(1642).Readable var Writable = __nccwpck_require__(1642).Writable var StringDecoder = __nccwpck_require__(4304).StringDecoder var headers = __nccwpck_require__(8860) var DMODE = parseInt('755', 8) var FMODE = parseInt('644', 8) var END_OF_TAR = alloc(1024) var noop = function () {} var overflow = function (self, size) { size &= 511 if (size) self.push(END_OF_TAR.slice(0, 512 - size)) } function modeToType (mode) { switch (mode & constants.S_IFMT) { case constants.S_IFBLK: return 'block-device' case constants.S_IFCHR: return 'character-device' case constants.S_IFDIR: return 'directory' case constants.S_IFIFO: return 'fifo' case constants.S_IFLNK: return 'symlink' } return 'file' } var Sink = function (to) { Writable.call(this) this.written = 0 this._to = to this._destroyed = false } inherits(Sink, Writable) Sink.prototype._write = function (data, enc, cb) { this.written += data.length if (this._to.push(data)) return cb() this._to._drain = cb } Sink.prototype.destroy = function () { if (this._destroyed) return this._destroyed = true this.emit('close') } var LinkSink = function () { Writable.call(this) this.linkname = '' this._decoder = new StringDecoder('utf-8') this._destroyed = false } inherits(LinkSink, Writable) LinkSink.prototype._write = function (data, enc, cb) { this.linkname += this._decoder.write(data) cb() } LinkSink.prototype.destroy = function () { if (this._destroyed) return this._destroyed = true this.emit('close') } var Void = function () { Writable.call(this) this._destroyed = false } inherits(Void, Writable) Void.prototype._write = function (data, enc, cb) { cb(new Error('No body allowed for this entry')) } Void.prototype.destroy = function () { if (this._destroyed) return this._destroyed = true this.emit('close') } var Pack = function (opts) { if (!(this instanceof Pack)) return new Pack(opts) Readable.call(this, opts) this._drain = noop this._finalized = false this._finalizing = false this._destroyed = false this._stream = null } inherits(Pack, Readable) Pack.prototype.entry = function (header, buffer, callback) { if (this._stream) throw new Error('already piping an entry') if (this._finalized || this._destroyed) return if (typeof buffer === 'function') { callback = buffer buffer = null } if (!callback) callback = noop var self = this if (!header.size || header.type === 'symlink') header.size = 0 if (!header.type) header.type = modeToType(header.mode) if (!header.mode) header.mode = header.type === 'directory' ? DMODE : FMODE if (!header.uid) header.uid = 0 if (!header.gid) header.gid = 0 if (!header.mtime) header.mtime = new Date() if (typeof buffer === 'string') buffer = Buffer.from(buffer) if (Buffer.isBuffer(buffer)) { header.size = buffer.length this._encode(header) var ok = this.push(buffer) overflow(self, header.size) if (ok) process.nextTick(callback) else this._drain = callback return new Void() } if (header.type === 'symlink' && !header.linkname) { var linkSink = new LinkSink() eos(linkSink, function (err) { if (err) { // stream was closed self.destroy() return callback(err) } header.linkname = linkSink.linkname self._encode(header) callback() }) return linkSink } this._encode(header) if (header.type !== 'file' && header.type !== 'contiguous-file') { process.nextTick(callback) return new Void() } var sink = new Sink(this) this._stream = sink eos(sink, function (err) { self._stream = null if (err) { // stream was closed self.destroy() return callback(err) } if (sink.written !== header.size) { // corrupting tar self.destroy() return callback(new Error('size mismatch')) } overflow(self, header.size) if (self._finalizing) self.finalize() callback() }) return sink } Pack.prototype.finalize = function () { if (this._stream) { this._finalizing = true return } if (this._finalized) return this._finalized = true this.push(END_OF_TAR) this.push(null) } Pack.prototype.destroy = function (err) { if (this._destroyed) return this._destroyed = true if (err) this.emit('error', err) this.emit('close') if (this._stream && this._stream.destroy) this._stream.destroy() } Pack.prototype._encode = function (header) { if (!header.pax) { var buf = headers.encode(header) if (buf) { this.push(buf) return } } this._encodePax(header) } Pack.prototype._encodePax = function (header) { var paxHeader = headers.encodePax({ name: header.name, linkname: header.linkname, pax: header.pax }) var newHeader = { name: 'PaxHeader', mode: header.mode, uid: header.uid, gid: header.gid, size: paxHeader.length, mtime: header.mtime, type: 'pax-header', linkname: header.linkname && 'PaxHeader', uname: header.uname, gname: header.gname, devmajor: header.devmajor, devminor: header.devminor } this.push(headers.encode(newHeader)) this.push(paxHeader) overflow(this, paxHeader.length) newHeader.size = header.size newHeader.type = header.type this.push(headers.encode(newHeader)) } Pack.prototype._read = function (n) { var drain = this._drain this._drain = noop drain() } module.exports = Pack /***/ }), /***/ 4294: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { module.exports = __nccwpck_require__(4219); /***/ }), /***/ 4219: /***/ ((__unused_webpack_module, exports, __nccwpck_require__) => { "use strict"; var net = __nccwpck_require__(1631); var tls = __nccwpck_require__(4016); var http = __nccwpck_require__(8605); var https = __nccwpck_require__(7211); var events = __nccwpck_require__(8614); var assert = __nccwpck_require__(2357); var util = __nccwpck_require__(1669); exports.httpOverHttp = httpOverHttp; exports.httpsOverHttp = httpsOverHttp; exports.httpOverHttps = httpOverHttps; exports.httpsOverHttps = httpsOverHttps; function httpOverHttp(options) { var agent = new TunnelingAgent(options); agent.request = http.request; return agent; } function httpsOverHttp(options) { var agent = new TunnelingAgent(options); agent.request = http.request; agent.createSocket = createSecureSocket; agent.defaultPort = 443; return agent; } function httpOverHttps(options) { var agent = new TunnelingAgent(options); agent.request = https.request; return agent; } function httpsOverHttps(options) { var agent = new TunnelingAgent(options); agent.request = https.request; agent.createSocket = createSecureSocket; agent.defaultPort = 443; return agent; } function TunnelingAgent(options) { var self = this; self.options = options || {}; self.proxyOptions = self.options.proxy || {}; self.maxSockets = self.options.maxSockets || http.Agent.defaultMaxSockets; self.requests = []; self.sockets = []; self.on('free', function onFree(socket, host, port, localAddress) { var options = toOptions(host, port, localAddress); for (var i = 0, len = self.requests.length; i < len; ++i) { var pending = self.requests[i]; if (pending.host === options.host && pending.port === options.port) { // Detect the request to connect same origin server, // reuse the connection. self.requests.splice(i, 1); pending.request.onSocket(socket); return; } } socket.destroy(); self.removeSocket(socket); }); } util.inherits(TunnelingAgent, events.EventEmitter); TunnelingAgent.prototype.addRequest = function addRequest(req, host, port, localAddress) { var self = this; var options = mergeOptions({request: req}, self.options, toOptions(host, port, localAddress)); if (self.sockets.length >= this.maxSockets) { // We are over limit so we'll add it to the queue. self.requests.push(options); return; } // If we are under maxSockets create a new one. self.createSocket(options, function(socket) { socket.on('free', onFree); socket.on('close', onCloseOrRemove); socket.on('agentRemove', onCloseOrRemove); req.onSocket(socket); function onFree() { self.emit('free', socket, options); } function onCloseOrRemove(err) { self.removeSocket(socket); socket.removeListener('free', onFree); socket.removeListener('close', onCloseOrRemove); socket.removeListener('agentRemove', onCloseOrRemove); } }); }; TunnelingAgent.prototype.createSocket = function createSocket(options, cb) { var self = this; var placeholder = {}; self.sockets.push(placeholder); var connectOptions = mergeOptions({}, self.proxyOptions, { method: 'CONNECT', path: options.host + ':' + options.port, agent: false, headers: { host: options.host + ':' + options.port } }); if (options.localAddress) { connectOptions.localAddress = options.localAddress; } if (connectOptions.proxyAuth) { connectOptions.headers = connectOptions.headers || {}; connectOptions.headers['Proxy-Authorization'] = 'Basic ' + new Buffer(connectOptions.proxyAuth).toString('base64'); } debug('making CONNECT request'); var connectReq = self.request(connectOptions); connectReq.useChunkedEncodingByDefault = false; // for v0.6 connectReq.once('response', onResponse); // for v0.6 connectReq.once('upgrade', onUpgrade); // for v0.6 connectReq.once('connect', onConnect); // for v0.7 or later connectReq.once('error', onError); connectReq.end(); function onResponse(res) { // Very hacky. This is necessary to avoid http-parser leaks. res.upgrade = true; } function onUpgrade(res, socket, head) { // Hacky. process.nextTick(function() { onConnect(res, socket, head); }); } function onConnect(res, socket, head) { connectReq.removeAllListeners(); socket.removeAllListeners(); if (res.statusCode !== 200) { debug('tunneling socket could not be established, statusCode=%d', res.statusCode); socket.destroy(); var error = new Error('tunneling socket could not be established, ' + 'statusCode=' + res.statusCode); error.code = 'ECONNRESET'; options.request.emit('error', error); self.removeSocket(placeholder); return; } if (head.length > 0) { debug('got illegal response body from proxy'); socket.destroy(); var error = new Error('got illegal response body from proxy'); error.code = 'ECONNRESET'; options.request.emit('error', error); self.removeSocket(placeholder); return; } debug('tunneling connection has established'); self.sockets[self.sockets.indexOf(placeholder)] = socket; return cb(socket); } function onError(cause) { connectReq.removeAllListeners(); debug('tunneling socket could not be established, cause=%s\n', cause.message, cause.stack); var error = new Error('tunneling socket could not be established, ' + 'cause=' + cause.message); error.code = 'ECONNRESET'; options.request.emit('error', error); self.removeSocket(placeholder); } }; TunnelingAgent.prototype.removeSocket = function removeSocket(socket) { var pos = this.sockets.indexOf(socket) if (pos === -1) { return; } this.sockets.splice(pos, 1); var pending = this.requests.shift(); if (pending) { // If we have pending requests and a socket gets closed a new one // needs to be created to take over in the pool for the one that closed. this.createSocket(pending, function(socket) { pending.request.onSocket(socket); }); } }; function createSecureSocket(options, cb) { var self = this; TunnelingAgent.prototype.createSocket.call(self, options, function(socket) { var hostHeader = options.request.getHeader('host'); var tlsOptions = mergeOptions({}, self.options, { socket: socket, servername: hostHeader ? hostHeader.replace(/:.*$/, '') : options.host }); // 0 is dummy port for v0.6 var secureSocket = tls.connect(0, tlsOptions); self.sockets[self.sockets.indexOf(socket)] = secureSocket; cb(secureSocket); }); } function toOptions(host, port, localAddress) { if (typeof host === 'string') { // since v0.10 return { host: host, port: port, localAddress: localAddress }; } return host; // for v0.11 or later } function mergeOptions(target) { for (var i = 1, len = arguments.length; i < len; ++i) { var overrides = arguments[i]; if (typeof overrides === 'object') { var keys = Object.keys(overrides); for (var j = 0, keyLen = keys.length; j < keyLen; ++j) { var k = keys[j]; if (overrides[k] !== undefined) { target[k] = overrides[k]; } } } } return target; } var debug; if (process.env.NODE_DEBUG && /\btunnel\b/.test(process.env.NODE_DEBUG)) { debug = function() { var args = Array.prototype.slice.call(arguments); if (typeof args[0] === 'string') { args[0] = 'TUNNEL: ' + args[0]; } else { args.unshift('TUNNEL:'); } console.error.apply(console, args); } } else { debug = function() {}; } exports.debug = debug; // for test /***/ }), /***/ 8729: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { (function(nacl) { 'use strict'; // Ported in 2014 by Dmitry Chestnykh and Devi Mandiri. // Public domain. // // Implementation derived from TweetNaCl version 20140427. // See for details: http://tweetnacl.cr.yp.to/ var gf = function(init) { var i, r = new Float64Array(16); if (init) for (i = 0; i < init.length; i++) r[i] = init[i]; return r; }; // Pluggable, initialized in high-level API below. var randombytes = function(/* x, n */) { throw new Error('no PRNG'); }; var _0 = new Uint8Array(16); var _9 = new Uint8Array(32); _9[0] = 9; var gf0 = gf(), gf1 = gf([1]), _121665 = gf([0xdb41, 1]), D = gf([0x78a3, 0x1359, 0x4dca, 0x75eb, 0xd8ab, 0x4141, 0x0a4d, 0x0070, 0xe898, 0x7779, 0x4079, 0x8cc7, 0xfe73, 0x2b6f, 0x6cee, 0x5203]), D2 = gf([0xf159, 0x26b2, 0x9b94, 0xebd6, 0xb156, 0x8283, 0x149a, 0x00e0, 0xd130, 0xeef3, 0x80f2, 0x198e, 0xfce7, 0x56df, 0xd9dc, 0x2406]), X = gf([0xd51a, 0x8f25, 0x2d60, 0xc956, 0xa7b2, 0x9525, 0xc760, 0x692c, 0xdc5c, 0xfdd6, 0xe231, 0xc0a4, 0x53fe, 0xcd6e, 0x36d3, 0x2169]), Y = gf([0x6658, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666, 0x6666]), I = gf([0xa0b0, 0x4a0e, 0x1b27, 0xc4ee, 0xe478, 0xad2f, 0x1806, 0x2f43, 0xd7a7, 0x3dfb, 0x0099, 0x2b4d, 0xdf0b, 0x4fc1, 0x2480, 0x2b83]); function ts64(x, i, h, l) { x[i] = (h >> 24) & 0xff; x[i+1] = (h >> 16) & 0xff; x[i+2] = (h >> 8) & 0xff; x[i+3] = h & 0xff; x[i+4] = (l >> 24) & 0xff; x[i+5] = (l >> 16) & 0xff; x[i+6] = (l >> 8) & 0xff; x[i+7] = l & 0xff; } function vn(x, xi, y, yi, n) { var i,d = 0; for (i = 0; i < n; i++) d |= x[xi+i]^y[yi+i]; return (1 & ((d - 1) >>> 8)) - 1; } function crypto_verify_16(x, xi, y, yi) { return vn(x,xi,y,yi,16); } function crypto_verify_32(x, xi, y, yi) { return vn(x,xi,y,yi,32); } function core_salsa20(o, p, k, c) { var j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24, j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24, j2 = k[ 4] & 0xff | (k[ 5] & 0xff)<<8 | (k[ 6] & 0xff)<<16 | (k[ 7] & 0xff)<<24, j3 = k[ 8] & 0xff | (k[ 9] & 0xff)<<8 | (k[10] & 0xff)<<16 | (k[11] & 0xff)<<24, j4 = k[12] & 0xff | (k[13] & 0xff)<<8 | (k[14] & 0xff)<<16 | (k[15] & 0xff)<<24, j5 = c[ 4] & 0xff | (c[ 5] & 0xff)<<8 | (c[ 6] & 0xff)<<16 | (c[ 7] & 0xff)<<24, j6 = p[ 0] & 0xff | (p[ 1] & 0xff)<<8 | (p[ 2] & 0xff)<<16 | (p[ 3] & 0xff)<<24, j7 = p[ 4] & 0xff | (p[ 5] & 0xff)<<8 | (p[ 6] & 0xff)<<16 | (p[ 7] & 0xff)<<24, j8 = p[ 8] & 0xff | (p[ 9] & 0xff)<<8 | (p[10] & 0xff)<<16 | (p[11] & 0xff)<<24, j9 = p[12] & 0xff | (p[13] & 0xff)<<8 | (p[14] & 0xff)<<16 | (p[15] & 0xff)<<24, j10 = c[ 8] & 0xff | (c[ 9] & 0xff)<<8 | (c[10] & 0xff)<<16 | (c[11] & 0xff)<<24, j11 = k[16] & 0xff | (k[17] & 0xff)<<8 | (k[18] & 0xff)<<16 | (k[19] & 0xff)<<24, j12 = k[20] & 0xff | (k[21] & 0xff)<<8 | (k[22] & 0xff)<<16 | (k[23] & 0xff)<<24, j13 = k[24] & 0xff | (k[25] & 0xff)<<8 | (k[26] & 0xff)<<16 | (k[27] & 0xff)<<24, j14 = k[28] & 0xff | (k[29] & 0xff)<<8 | (k[30] & 0xff)<<16 | (k[31] & 0xff)<<24, j15 = c[12] & 0xff | (c[13] & 0xff)<<8 | (c[14] & 0xff)<<16 | (c[15] & 0xff)<<24; var x0 = j0, x1 = j1, x2 = j2, x3 = j3, x4 = j4, x5 = j5, x6 = j6, x7 = j7, x8 = j8, x9 = j9, x10 = j10, x11 = j11, x12 = j12, x13 = j13, x14 = j14, x15 = j15, u; for (var i = 0; i < 20; i += 2) { u = x0 + x12 | 0; x4 ^= u<<7 | u>>>(32-7); u = x4 + x0 | 0; x8 ^= u<<9 | u>>>(32-9); u = x8 + x4 | 0; x12 ^= u<<13 | u>>>(32-13); u = x12 + x8 | 0; x0 ^= u<<18 | u>>>(32-18); u = x5 + x1 | 0; x9 ^= u<<7 | u>>>(32-7); u = x9 + x5 | 0; x13 ^= u<<9 | u>>>(32-9); u = x13 + x9 | 0; x1 ^= u<<13 | u>>>(32-13); u = x1 + x13 | 0; x5 ^= u<<18 | u>>>(32-18); u = x10 + x6 | 0; x14 ^= u<<7 | u>>>(32-7); u = x14 + x10 | 0; x2 ^= u<<9 | u>>>(32-9); u = x2 + x14 | 0; x6 ^= u<<13 | u>>>(32-13); u = x6 + x2 | 0; x10 ^= u<<18 | u>>>(32-18); u = x15 + x11 | 0; x3 ^= u<<7 | u>>>(32-7); u = x3 + x15 | 0; x7 ^= u<<9 | u>>>(32-9); u = x7 + x3 | 0; x11 ^= u<<13 | u>>>(32-13); u = x11 + x7 | 0; x15 ^= u<<18 | u>>>(32-18); u = x0 + x3 | 0; x1 ^= u<<7 | u>>>(32-7); u = x1 + x0 | 0; x2 ^= u<<9 | u>>>(32-9); u = x2 + x1 | 0; x3 ^= u<<13 | u>>>(32-13); u = x3 + x2 | 0; x0 ^= u<<18 | u>>>(32-18); u = x5 + x4 | 0; x6 ^= u<<7 | u>>>(32-7); u = x6 + x5 | 0; x7 ^= u<<9 | u>>>(32-9); u = x7 + x6 | 0; x4 ^= u<<13 | u>>>(32-13); u = x4 + x7 | 0; x5 ^= u<<18 | u>>>(32-18); u = x10 + x9 | 0; x11 ^= u<<7 | u>>>(32-7); u = x11 + x10 | 0; x8 ^= u<<9 | u>>>(32-9); u = x8 + x11 | 0; x9 ^= u<<13 | u>>>(32-13); u = x9 + x8 | 0; x10 ^= u<<18 | u>>>(32-18); u = x15 + x14 | 0; x12 ^= u<<7 | u>>>(32-7); u = x12 + x15 | 0; x13 ^= u<<9 | u>>>(32-9); u = x13 + x12 | 0; x14 ^= u<<13 | u>>>(32-13); u = x14 + x13 | 0; x15 ^= u<<18 | u>>>(32-18); } x0 = x0 + j0 | 0; x1 = x1 + j1 | 0; x2 = x2 + j2 | 0; x3 = x3 + j3 | 0; x4 = x4 + j4 | 0; x5 = x5 + j5 | 0; x6 = x6 + j6 | 0; x7 = x7 + j7 | 0; x8 = x8 + j8 | 0; x9 = x9 + j9 | 0; x10 = x10 + j10 | 0; x11 = x11 + j11 | 0; x12 = x12 + j12 | 0; x13 = x13 + j13 | 0; x14 = x14 + j14 | 0; x15 = x15 + j15 | 0; o[ 0] = x0 >>> 0 & 0xff; o[ 1] = x0 >>> 8 & 0xff; o[ 2] = x0 >>> 16 & 0xff; o[ 3] = x0 >>> 24 & 0xff; o[ 4] = x1 >>> 0 & 0xff; o[ 5] = x1 >>> 8 & 0xff; o[ 6] = x1 >>> 16 & 0xff; o[ 7] = x1 >>> 24 & 0xff; o[ 8] = x2 >>> 0 & 0xff; o[ 9] = x2 >>> 8 & 0xff; o[10] = x2 >>> 16 & 0xff; o[11] = x2 >>> 24 & 0xff; o[12] = x3 >>> 0 & 0xff; o[13] = x3 >>> 8 & 0xff; o[14] = x3 >>> 16 & 0xff; o[15] = x3 >>> 24 & 0xff; o[16] = x4 >>> 0 & 0xff; o[17] = x4 >>> 8 & 0xff; o[18] = x4 >>> 16 & 0xff; o[19] = x4 >>> 24 & 0xff; o[20] = x5 >>> 0 & 0xff; o[21] = x5 >>> 8 & 0xff; o[22] = x5 >>> 16 & 0xff; o[23] = x5 >>> 24 & 0xff; o[24] = x6 >>> 0 & 0xff; o[25] = x6 >>> 8 & 0xff; o[26] = x6 >>> 16 & 0xff; o[27] = x6 >>> 24 & 0xff; o[28] = x7 >>> 0 & 0xff; o[29] = x7 >>> 8 & 0xff; o[30] = x7 >>> 16 & 0xff; o[31] = x7 >>> 24 & 0xff; o[32] = x8 >>> 0 & 0xff; o[33] = x8 >>> 8 & 0xff; o[34] = x8 >>> 16 & 0xff; o[35] = x8 >>> 24 & 0xff; o[36] = x9 >>> 0 & 0xff; o[37] = x9 >>> 8 & 0xff; o[38] = x9 >>> 16 & 0xff; o[39] = x9 >>> 24 & 0xff; o[40] = x10 >>> 0 & 0xff; o[41] = x10 >>> 8 & 0xff; o[42] = x10 >>> 16 & 0xff; o[43] = x10 >>> 24 & 0xff; o[44] = x11 >>> 0 & 0xff; o[45] = x11 >>> 8 & 0xff; o[46] = x11 >>> 16 & 0xff; o[47] = x11 >>> 24 & 0xff; o[48] = x12 >>> 0 & 0xff; o[49] = x12 >>> 8 & 0xff; o[50] = x12 >>> 16 & 0xff; o[51] = x12 >>> 24 & 0xff; o[52] = x13 >>> 0 & 0xff; o[53] = x13 >>> 8 & 0xff; o[54] = x13 >>> 16 & 0xff; o[55] = x13 >>> 24 & 0xff; o[56] = x14 >>> 0 & 0xff; o[57] = x14 >>> 8 & 0xff; o[58] = x14 >>> 16 & 0xff; o[59] = x14 >>> 24 & 0xff; o[60] = x15 >>> 0 & 0xff; o[61] = x15 >>> 8 & 0xff; o[62] = x15 >>> 16 & 0xff; o[63] = x15 >>> 24 & 0xff; } function core_hsalsa20(o,p,k,c) { var j0 = c[ 0] & 0xff | (c[ 1] & 0xff)<<8 | (c[ 2] & 0xff)<<16 | (c[ 3] & 0xff)<<24, j1 = k[ 0] & 0xff | (k[ 1] & 0xff)<<8 | (k[ 2] & 0xff)<<16 | (k[ 3] & 0xff)<<24, j2 = k[ 4] & 0xff | (k[ 5] & 0xff)<<8 | (k[ 6] & 0xff)<<16 | (k[ 7] & 0xff)<<24, j3 = k[ 8] & 0xff | (k[ 9] & 0xff)<<8 | (k[10] & 0xff)<<16 | (k[11] & 0xff)<<24, j4 = k[12] & 0xff | (k[13] & 0xff)<<8 | (k[14] & 0xff)<<16 | (k[15] & 0xff)<<24, j5 = c[ 4] & 0xff | (c[ 5] & 0xff)<<8 | (c[ 6] & 0xff)<<16 | (c[ 7] & 0xff)<<24, j6 = p[ 0] & 0xff | (p[ 1] & 0xff)<<8 | (p[ 2] & 0xff)<<16 | (p[ 3] & 0xff)<<24, j7 = p[ 4] & 0xff | (p[ 5] & 0xff)<<8 | (p[ 6] & 0xff)<<16 | (p[ 7] & 0xff)<<24, j8 = p[ 8] & 0xff | (p[ 9] & 0xff)<<8 | (p[10] & 0xff)<<16 | (p[11] & 0xff)<<24, j9 = p[12] & 0xff | (p[13] & 0xff)<<8 | (p[14] & 0xff)<<16 | (p[15] & 0xff)<<24, j10 = c[ 8] & 0xff | (c[ 9] & 0xff)<<8 | (c[10] & 0xff)<<16 | (c[11] & 0xff)<<24, j11 = k[16] & 0xff | (k[17] & 0xff)<<8 | (k[18] & 0xff)<<16 | (k[19] & 0xff)<<24, j12 = k[20] & 0xff | (k[21] & 0xff)<<8 | (k[22] & 0xff)<<16 | (k[23] & 0xff)<<24, j13 = k[24] & 0xff | (k[25] & 0xff)<<8 | (k[26] & 0xff)<<16 | (k[27] & 0xff)<<24, j14 = k[28] & 0xff | (k[29] & 0xff)<<8 | (k[30] & 0xff)<<16 | (k[31] & 0xff)<<24, j15 = c[12] & 0xff | (c[13] & 0xff)<<8 | (c[14] & 0xff)<<16 | (c[15] & 0xff)<<24; var x0 = j0, x1 = j1, x2 = j2, x3 = j3, x4 = j4, x5 = j5, x6 = j6, x7 = j7, x8 = j8, x9 = j9, x10 = j10, x11 = j11, x12 = j12, x13 = j13, x14 = j14, x15 = j15, u; for (var i = 0; i < 20; i += 2) { u = x0 + x12 | 0; x4 ^= u<<7 | u>>>(32-7); u = x4 + x0 | 0; x8 ^= u<<9 | u>>>(32-9); u = x8 + x4 | 0; x12 ^= u<<13 | u>>>(32-13); u = x12 + x8 | 0; x0 ^= u<<18 | u>>>(32-18); u = x5 + x1 | 0; x9 ^= u<<7 | u>>>(32-7); u = x9 + x5 | 0; x13 ^= u<<9 | u>>>(32-9); u = x13 + x9 | 0; x1 ^= u<<13 | u>>>(32-13); u = x1 + x13 | 0; x5 ^= u<<18 | u>>>(32-18); u = x10 + x6 | 0; x14 ^= u<<7 | u>>>(32-7); u = x14 + x10 | 0; x2 ^= u<<9 | u>>>(32-9); u = x2 + x14 | 0; x6 ^= u<<13 | u>>>(32-13); u = x6 + x2 | 0; x10 ^= u<<18 | u>>>(32-18); u = x15 + x11 | 0; x3 ^= u<<7 | u>>>(32-7); u = x3 + x15 | 0; x7 ^= u<<9 | u>>>(32-9); u = x7 + x3 | 0; x11 ^= u<<13 | u>>>(32-13); u = x11 + x7 | 0; x15 ^= u<<18 | u>>>(32-18); u = x0 + x3 | 0; x1 ^= u<<7 | u>>>(32-7); u = x1 + x0 | 0; x2 ^= u<<9 | u>>>(32-9); u = x2 + x1 | 0; x3 ^= u<<13 | u>>>(32-13); u = x3 + x2 | 0; x0 ^= u<<18 | u>>>(32-18); u = x5 + x4 | 0; x6 ^= u<<7 | u>>>(32-7); u = x6 + x5 | 0; x7 ^= u<<9 | u>>>(32-9); u = x7 + x6 | 0; x4 ^= u<<13 | u>>>(32-13); u = x4 + x7 | 0; x5 ^= u<<18 | u>>>(32-18); u = x10 + x9 | 0; x11 ^= u<<7 | u>>>(32-7); u = x11 + x10 | 0; x8 ^= u<<9 | u>>>(32-9); u = x8 + x11 | 0; x9 ^= u<<13 | u>>>(32-13); u = x9 + x8 | 0; x10 ^= u<<18 | u>>>(32-18); u = x15 + x14 | 0; x12 ^= u<<7 | u>>>(32-7); u = x12 + x15 | 0; x13 ^= u<<9 | u>>>(32-9); u = x13 + x12 | 0; x14 ^= u<<13 | u>>>(32-13); u = x14 + x13 | 0; x15 ^= u<<18 | u>>>(32-18); } o[ 0] = x0 >>> 0 & 0xff; o[ 1] = x0 >>> 8 & 0xff; o[ 2] = x0 >>> 16 & 0xff; o[ 3] = x0 >>> 24 & 0xff; o[ 4] = x5 >>> 0 & 0xff; o[ 5] = x5 >>> 8 & 0xff; o[ 6] = x5 >>> 16 & 0xff; o[ 7] = x5 >>> 24 & 0xff; o[ 8] = x10 >>> 0 & 0xff; o[ 9] = x10 >>> 8 & 0xff; o[10] = x10 >>> 16 & 0xff; o[11] = x10 >>> 24 & 0xff; o[12] = x15 >>> 0 & 0xff; o[13] = x15 >>> 8 & 0xff; o[14] = x15 >>> 16 & 0xff; o[15] = x15 >>> 24 & 0xff; o[16] = x6 >>> 0 & 0xff; o[17] = x6 >>> 8 & 0xff; o[18] = x6 >>> 16 & 0xff; o[19] = x6 >>> 24 & 0xff; o[20] = x7 >>> 0 & 0xff; o[21] = x7 >>> 8 & 0xff; o[22] = x7 >>> 16 & 0xff; o[23] = x7 >>> 24 & 0xff; o[24] = x8 >>> 0 & 0xff; o[25] = x8 >>> 8 & 0xff; o[26] = x8 >>> 16 & 0xff; o[27] = x8 >>> 24 & 0xff; o[28] = x9 >>> 0 & 0xff; o[29] = x9 >>> 8 & 0xff; o[30] = x9 >>> 16 & 0xff; o[31] = x9 >>> 24 & 0xff; } function crypto_core_salsa20(out,inp,k,c) { core_salsa20(out,inp,k,c); } function crypto_core_hsalsa20(out,inp,k,c) { core_hsalsa20(out,inp,k,c); } var sigma = new Uint8Array([101, 120, 112, 97, 110, 100, 32, 51, 50, 45, 98, 121, 116, 101, 32, 107]); // "expand 32-byte k" function crypto_stream_salsa20_xor(c,cpos,m,mpos,b,n,k) { var z = new Uint8Array(16), x = new Uint8Array(64); var u, i; for (i = 0; i < 16; i++) z[i] = 0; for (i = 0; i < 8; i++) z[i] = n[i]; while (b >= 64) { crypto_core_salsa20(x,z,k,sigma); for (i = 0; i < 64; i++) c[cpos+i] = m[mpos+i] ^ x[i]; u = 1; for (i = 8; i < 16; i++) { u = u + (z[i] & 0xff) | 0; z[i] = u & 0xff; u >>>= 8; } b -= 64; cpos += 64; mpos += 64; } if (b > 0) { crypto_core_salsa20(x,z,k,sigma); for (i = 0; i < b; i++) c[cpos+i] = m[mpos+i] ^ x[i]; } return 0; } function crypto_stream_salsa20(c,cpos,b,n,k) { var z = new Uint8Array(16), x = new Uint8Array(64); var u, i; for (i = 0; i < 16; i++) z[i] = 0; for (i = 0; i < 8; i++) z[i] = n[i]; while (b >= 64) { crypto_core_salsa20(x,z,k,sigma); for (i = 0; i < 64; i++) c[cpos+i] = x[i]; u = 1; for (i = 8; i < 16; i++) { u = u + (z[i] & 0xff) | 0; z[i] = u & 0xff; u >>>= 8; } b -= 64; cpos += 64; } if (b > 0) { crypto_core_salsa20(x,z,k,sigma); for (i = 0; i < b; i++) c[cpos+i] = x[i]; } return 0; } function crypto_stream(c,cpos,d,n,k) { var s = new Uint8Array(32); crypto_core_hsalsa20(s,n,k,sigma); var sn = new Uint8Array(8); for (var i = 0; i < 8; i++) sn[i] = n[i+16]; return crypto_stream_salsa20(c,cpos,d,sn,s); } function crypto_stream_xor(c,cpos,m,mpos,d,n,k) { var s = new Uint8Array(32); crypto_core_hsalsa20(s,n,k,sigma); var sn = new Uint8Array(8); for (var i = 0; i < 8; i++) sn[i] = n[i+16]; return crypto_stream_salsa20_xor(c,cpos,m,mpos,d,sn,s); } /* * Port of Andrew Moon's Poly1305-donna-16. Public domain. * https://github.com/floodyberry/poly1305-donna */ var poly1305 = function(key) { this.buffer = new Uint8Array(16); this.r = new Uint16Array(10); this.h = new Uint16Array(10); this.pad = new Uint16Array(8); this.leftover = 0; this.fin = 0; var t0, t1, t2, t3, t4, t5, t6, t7; t0 = key[ 0] & 0xff | (key[ 1] & 0xff) << 8; this.r[0] = ( t0 ) & 0x1fff; t1 = key[ 2] & 0xff | (key[ 3] & 0xff) << 8; this.r[1] = ((t0 >>> 13) | (t1 << 3)) & 0x1fff; t2 = key[ 4] & 0xff | (key[ 5] & 0xff) << 8; this.r[2] = ((t1 >>> 10) | (t2 << 6)) & 0x1f03; t3 = key[ 6] & 0xff | (key[ 7] & 0xff) << 8; this.r[3] = ((t2 >>> 7) | (t3 << 9)) & 0x1fff; t4 = key[ 8] & 0xff | (key[ 9] & 0xff) << 8; this.r[4] = ((t3 >>> 4) | (t4 << 12)) & 0x00ff; this.r[5] = ((t4 >>> 1)) & 0x1ffe; t5 = key[10] & 0xff | (key[11] & 0xff) << 8; this.r[6] = ((t4 >>> 14) | (t5 << 2)) & 0x1fff; t6 = key[12] & 0xff | (key[13] & 0xff) << 8; this.r[7] = ((t5 >>> 11) | (t6 << 5)) & 0x1f81; t7 = key[14] & 0xff | (key[15] & 0xff) << 8; this.r[8] = ((t6 >>> 8) | (t7 << 8)) & 0x1fff; this.r[9] = ((t7 >>> 5)) & 0x007f; this.pad[0] = key[16] & 0xff | (key[17] & 0xff) << 8; this.pad[1] = key[18] & 0xff | (key[19] & 0xff) << 8; this.pad[2] = key[20] & 0xff | (key[21] & 0xff) << 8; this.pad[3] = key[22] & 0xff | (key[23] & 0xff) << 8; this.pad[4] = key[24] & 0xff | (key[25] & 0xff) << 8; this.pad[5] = key[26] & 0xff | (key[27] & 0xff) << 8; this.pad[6] = key[28] & 0xff | (key[29] & 0xff) << 8; this.pad[7] = key[30] & 0xff | (key[31] & 0xff) << 8; }; poly1305.prototype.blocks = function(m, mpos, bytes) { var hibit = this.fin ? 0 : (1 << 11); var t0, t1, t2, t3, t4, t5, t6, t7, c; var d0, d1, d2, d3, d4, d5, d6, d7, d8, d9; var h0 = this.h[0], h1 = this.h[1], h2 = this.h[2], h3 = this.h[3], h4 = this.h[4], h5 = this.h[5], h6 = this.h[6], h7 = this.h[7], h8 = this.h[8], h9 = this.h[9]; var r0 = this.r[0], r1 = this.r[1], r2 = this.r[2], r3 = this.r[3], r4 = this.r[4], r5 = this.r[5], r6 = this.r[6], r7 = this.r[7], r8 = this.r[8], r9 = this.r[9]; while (bytes >= 16) { t0 = m[mpos+ 0] & 0xff | (m[mpos+ 1] & 0xff) << 8; h0 += ( t0 ) & 0x1fff; t1 = m[mpos+ 2] & 0xff | (m[mpos+ 3] & 0xff) << 8; h1 += ((t0 >>> 13) | (t1 << 3)) & 0x1fff; t2 = m[mpos+ 4] & 0xff | (m[mpos+ 5] & 0xff) << 8; h2 += ((t1 >>> 10) | (t2 << 6)) & 0x1fff; t3 = m[mpos+ 6] & 0xff | (m[mpos+ 7] & 0xff) << 8; h3 += ((t2 >>> 7) | (t3 << 9)) & 0x1fff; t4 = m[mpos+ 8] & 0xff | (m[mpos+ 9] & 0xff) << 8; h4 += ((t3 >>> 4) | (t4 << 12)) & 0x1fff; h5 += ((t4 >>> 1)) & 0x1fff; t5 = m[mpos+10] & 0xff | (m[mpos+11] & 0xff) << 8; h6 += ((t4 >>> 14) | (t5 << 2)) & 0x1fff; t6 = m[mpos+12] & 0xff | (m[mpos+13] & 0xff) << 8; h7 += ((t5 >>> 11) | (t6 << 5)) & 0x1fff; t7 = m[mpos+14] & 0xff | (m[mpos+15] & 0xff) << 8; h8 += ((t6 >>> 8) | (t7 << 8)) & 0x1fff; h9 += ((t7 >>> 5)) | hibit; c = 0; d0 = c; d0 += h0 * r0; d0 += h1 * (5 * r9); d0 += h2 * (5 * r8); d0 += h3 * (5 * r7); d0 += h4 * (5 * r6); c = (d0 >>> 13); d0 &= 0x1fff; d0 += h5 * (5 * r5); d0 += h6 * (5 * r4); d0 += h7 * (5 * r3); d0 += h8 * (5 * r2); d0 += h9 * (5 * r1); c += (d0 >>> 13); d0 &= 0x1fff; d1 = c; d1 += h0 * r1; d1 += h1 * r0; d1 += h2 * (5 * r9); d1 += h3 * (5 * r8); d1 += h4 * (5 * r7); c = (d1 >>> 13); d1 &= 0x1fff; d1 += h5 * (5 * r6); d1 += h6 * (5 * r5); d1 += h7 * (5 * r4); d1 += h8 * (5 * r3); d1 += h9 * (5 * r2); c += (d1 >>> 13); d1 &= 0x1fff; d2 = c; d2 += h0 * r2; d2 += h1 * r1; d2 += h2 * r0; d2 += h3 * (5 * r9); d2 += h4 * (5 * r8); c = (d2 >>> 13); d2 &= 0x1fff; d2 += h5 * (5 * r7); d2 += h6 * (5 * r6); d2 += h7 * (5 * r5); d2 += h8 * (5 * r4); d2 += h9 * (5 * r3); c += (d2 >>> 13); d2 &= 0x1fff; d3 = c; d3 += h0 * r3; d3 += h1 * r2; d3 += h2 * r1; d3 += h3 * r0; d3 += h4 * (5 * r9); c = (d3 >>> 13); d3 &= 0x1fff; d3 += h5 * (5 * r8); d3 += h6 * (5 * r7); d3 += h7 * (5 * r6); d3 += h8 * (5 * r5); d3 += h9 * (5 * r4); c += (d3 >>> 13); d3 &= 0x1fff; d4 = c; d4 += h0 * r4; d4 += h1 * r3; d4 += h2 * r2; d4 += h3 * r1; d4 += h4 * r0; c = (d4 >>> 13); d4 &= 0x1fff; d4 += h5 * (5 * r9); d4 += h6 * (5 * r8); d4 += h7 * (5 * r7); d4 += h8 * (5 * r6); d4 += h9 * (5 * r5); c += (d4 >>> 13); d4 &= 0x1fff; d5 = c; d5 += h0 * r5; d5 += h1 * r4; d5 += h2 * r3; d5 += h3 * r2; d5 += h4 * r1; c = (d5 >>> 13); d5 &= 0x1fff; d5 += h5 * r0; d5 += h6 * (5 * r9); d5 += h7 * (5 * r8); d5 += h8 * (5 * r7); d5 += h9 * (5 * r6); c += (d5 >>> 13); d5 &= 0x1fff; d6 = c; d6 += h0 * r6; d6 += h1 * r5; d6 += h2 * r4; d6 += h3 * r3; d6 += h4 * r2; c = (d6 >>> 13); d6 &= 0x1fff; d6 += h5 * r1; d6 += h6 * r0; d6 += h7 * (5 * r9); d6 += h8 * (5 * r8); d6 += h9 * (5 * r7); c += (d6 >>> 13); d6 &= 0x1fff; d7 = c; d7 += h0 * r7; d7 += h1 * r6; d7 += h2 * r5; d7 += h3 * r4; d7 += h4 * r3; c = (d7 >>> 13); d7 &= 0x1fff; d7 += h5 * r2; d7 += h6 * r1; d7 += h7 * r0; d7 += h8 * (5 * r9); d7 += h9 * (5 * r8); c += (d7 >>> 13); d7 &= 0x1fff; d8 = c; d8 += h0 * r8; d8 += h1 * r7; d8 += h2 * r6; d8 += h3 * r5; d8 += h4 * r4; c = (d8 >>> 13); d8 &= 0x1fff; d8 += h5 * r3; d8 += h6 * r2; d8 += h7 * r1; d8 += h8 * r0; d8 += h9 * (5 * r9); c += (d8 >>> 13); d8 &= 0x1fff; d9 = c; d9 += h0 * r9; d9 += h1 * r8; d9 += h2 * r7; d9 += h3 * r6; d9 += h4 * r5; c = (d9 >>> 13); d9 &= 0x1fff; d9 += h5 * r4; d9 += h6 * r3; d9 += h7 * r2; d9 += h8 * r1; d9 += h9 * r0; c += (d9 >>> 13); d9 &= 0x1fff; c = (((c << 2) + c)) | 0; c = (c + d0) | 0; d0 = c & 0x1fff; c = (c >>> 13); d1 += c; h0 = d0; h1 = d1; h2 = d2; h3 = d3; h4 = d4; h5 = d5; h6 = d6; h7 = d7; h8 = d8; h9 = d9; mpos += 16; bytes -= 16; } this.h[0] = h0; this.h[1] = h1; this.h[2] = h2; this.h[3] = h3; this.h[4] = h4; this.h[5] = h5; this.h[6] = h6; this.h[7] = h7; this.h[8] = h8; this.h[9] = h9; }; poly1305.prototype.finish = function(mac, macpos) { var g = new Uint16Array(10); var c, mask, f, i; if (this.leftover) { i = this.leftover; this.buffer[i++] = 1; for (; i < 16; i++) this.buffer[i] = 0; this.fin = 1; this.blocks(this.buffer, 0, 16); } c = this.h[1] >>> 13; this.h[1] &= 0x1fff; for (i = 2; i < 10; i++) { this.h[i] += c; c = this.h[i] >>> 13; this.h[i] &= 0x1fff; } this.h[0] += (c * 5); c = this.h[0] >>> 13; this.h[0] &= 0x1fff; this.h[1] += c; c = this.h[1] >>> 13; this.h[1] &= 0x1fff; this.h[2] += c; g[0] = this.h[0] + 5; c = g[0] >>> 13; g[0] &= 0x1fff; for (i = 1; i < 10; i++) { g[i] = this.h[i] + c; c = g[i] >>> 13; g[i] &= 0x1fff; } g[9] -= (1 << 13); mask = (c ^ 1) - 1; for (i = 0; i < 10; i++) g[i] &= mask; mask = ~mask; for (i = 0; i < 10; i++) this.h[i] = (this.h[i] & mask) | g[i]; this.h[0] = ((this.h[0] ) | (this.h[1] << 13) ) & 0xffff; this.h[1] = ((this.h[1] >>> 3) | (this.h[2] << 10) ) & 0xffff; this.h[2] = ((this.h[2] >>> 6) | (this.h[3] << 7) ) & 0xffff; this.h[3] = ((this.h[3] >>> 9) | (this.h[4] << 4) ) & 0xffff; this.h[4] = ((this.h[4] >>> 12) | (this.h[5] << 1) | (this.h[6] << 14)) & 0xffff; this.h[5] = ((this.h[6] >>> 2) | (this.h[7] << 11) ) & 0xffff; this.h[6] = ((this.h[7] >>> 5) | (this.h[8] << 8) ) & 0xffff; this.h[7] = ((this.h[8] >>> 8) | (this.h[9] << 5) ) & 0xffff; f = this.h[0] + this.pad[0]; this.h[0] = f & 0xffff; for (i = 1; i < 8; i++) { f = (((this.h[i] + this.pad[i]) | 0) + (f >>> 16)) | 0; this.h[i] = f & 0xffff; } mac[macpos+ 0] = (this.h[0] >>> 0) & 0xff; mac[macpos+ 1] = (this.h[0] >>> 8) & 0xff; mac[macpos+ 2] = (this.h[1] >>> 0) & 0xff; mac[macpos+ 3] = (this.h[1] >>> 8) & 0xff; mac[macpos+ 4] = (this.h[2] >>> 0) & 0xff; mac[macpos+ 5] = (this.h[2] >>> 8) & 0xff; mac[macpos+ 6] = (this.h[3] >>> 0) & 0xff; mac[macpos+ 7] = (this.h[3] >>> 8) & 0xff; mac[macpos+ 8] = (this.h[4] >>> 0) & 0xff; mac[macpos+ 9] = (this.h[4] >>> 8) & 0xff; mac[macpos+10] = (this.h[5] >>> 0) & 0xff; mac[macpos+11] = (this.h[5] >>> 8) & 0xff; mac[macpos+12] = (this.h[6] >>> 0) & 0xff; mac[macpos+13] = (this.h[6] >>> 8) & 0xff; mac[macpos+14] = (this.h[7] >>> 0) & 0xff; mac[macpos+15] = (this.h[7] >>> 8) & 0xff; }; poly1305.prototype.update = function(m, mpos, bytes) { var i, want; if (this.leftover) { want = (16 - this.leftover); if (want > bytes) want = bytes; for (i = 0; i < want; i++) this.buffer[this.leftover + i] = m[mpos+i]; bytes -= want; mpos += want; this.leftover += want; if (this.leftover < 16) return; this.blocks(this.buffer, 0, 16); this.leftover = 0; } if (bytes >= 16) { want = bytes - (bytes % 16); this.blocks(m, mpos, want); mpos += want; bytes -= want; } if (bytes) { for (i = 0; i < bytes; i++) this.buffer[this.leftover + i] = m[mpos+i]; this.leftover += bytes; } }; function crypto_onetimeauth(out, outpos, m, mpos, n, k) { var s = new poly1305(k); s.update(m, mpos, n); s.finish(out, outpos); return 0; } function crypto_onetimeauth_verify(h, hpos, m, mpos, n, k) { var x = new Uint8Array(16); crypto_onetimeauth(x,0,m,mpos,n,k); return crypto_verify_16(h,hpos,x,0); } function crypto_secretbox(c,m,d,n,k) { var i; if (d < 32) return -1; crypto_stream_xor(c,0,m,0,d,n,k); crypto_onetimeauth(c, 16, c, 32, d - 32, c); for (i = 0; i < 16; i++) c[i] = 0; return 0; } function crypto_secretbox_open(m,c,d,n,k) { var i; var x = new Uint8Array(32); if (d < 32) return -1; crypto_stream(x,0,32,n,k); if (crypto_onetimeauth_verify(c, 16,c, 32,d - 32,x) !== 0) return -1; crypto_stream_xor(m,0,c,0,d,n,k); for (i = 0; i < 32; i++) m[i] = 0; return 0; } function set25519(r, a) { var i; for (i = 0; i < 16; i++) r[i] = a[i]|0; } function car25519(o) { var i, v, c = 1; for (i = 0; i < 16; i++) { v = o[i] + c + 65535; c = Math.floor(v / 65536); o[i] = v - c * 65536; } o[0] += c-1 + 37 * (c-1); } function sel25519(p, q, b) { var t, c = ~(b-1); for (var i = 0; i < 16; i++) { t = c & (p[i] ^ q[i]); p[i] ^= t; q[i] ^= t; } } function pack25519(o, n) { var i, j, b; var m = gf(), t = gf(); for (i = 0; i < 16; i++) t[i] = n[i]; car25519(t); car25519(t); car25519(t); for (j = 0; j < 2; j++) { m[0] = t[0] - 0xffed; for (i = 1; i < 15; i++) { m[i] = t[i] - 0xffff - ((m[i-1]>>16) & 1); m[i-1] &= 0xffff; } m[15] = t[15] - 0x7fff - ((m[14]>>16) & 1); b = (m[15]>>16) & 1; m[14] &= 0xffff; sel25519(t, m, 1-b); } for (i = 0; i < 16; i++) { o[2*i] = t[i] & 0xff; o[2*i+1] = t[i]>>8; } } function neq25519(a, b) { var c = new Uint8Array(32), d = new Uint8Array(32); pack25519(c, a); pack25519(d, b); return crypto_verify_32(c, 0, d, 0); } function par25519(a) { var d = new Uint8Array(32); pack25519(d, a); return d[0] & 1; } function unpack25519(o, n) { var i; for (i = 0; i < 16; i++) o[i] = n[2*i] + (n[2*i+1] << 8); o[15] &= 0x7fff; } function A(o, a, b) { for (var i = 0; i < 16; i++) o[i] = a[i] + b[i]; } function Z(o, a, b) { for (var i = 0; i < 16; i++) o[i] = a[i] - b[i]; } function M(o, a, b) { var v, c, t0 = 0, t1 = 0, t2 = 0, t3 = 0, t4 = 0, t5 = 0, t6 = 0, t7 = 0, t8 = 0, t9 = 0, t10 = 0, t11 = 0, t12 = 0, t13 = 0, t14 = 0, t15 = 0, t16 = 0, t17 = 0, t18 = 0, t19 = 0, t20 = 0, t21 = 0, t22 = 0, t23 = 0, t24 = 0, t25 = 0, t26 = 0, t27 = 0, t28 = 0, t29 = 0, t30 = 0, b0 = b[0], b1 = b[1], b2 = b[2], b3 = b[3], b4 = b[4], b5 = b[5], b6 = b[6], b7 = b[7], b8 = b[8], b9 = b[9], b10 = b[10], b11 = b[11], b12 = b[12], b13 = b[13], b14 = b[14], b15 = b[15]; v = a[0]; t0 += v * b0; t1 += v * b1; t2 += v * b2; t3 += v * b3; t4 += v * b4; t5 += v * b5; t6 += v * b6; t7 += v * b7; t8 += v * b8; t9 += v * b9; t10 += v * b10; t11 += v * b11; t12 += v * b12; t13 += v * b13; t14 += v * b14; t15 += v * b15; v = a[1]; t1 += v * b0; t2 += v * b1; t3 += v * b2; t4 += v * b3; t5 += v * b4; t6 += v * b5; t7 += v * b6; t8 += v * b7; t9 += v * b8; t10 += v * b9; t11 += v * b10; t12 += v * b11; t13 += v * b12; t14 += v * b13; t15 += v * b14; t16 += v * b15; v = a[2]; t2 += v * b0; t3 += v * b1; t4 += v * b2; t5 += v * b3; t6 += v * b4; t7 += v * b5; t8 += v * b6; t9 += v * b7; t10 += v * b8; t11 += v * b9; t12 += v * b10; t13 += v * b11; t14 += v * b12; t15 += v * b13; t16 += v * b14; t17 += v * b15; v = a[3]; t3 += v * b0; t4 += v * b1; t5 += v * b2; t6 += v * b3; t7 += v * b4; t8 += v * b5; t9 += v * b6; t10 += v * b7; t11 += v * b8; t12 += v * b9; t13 += v * b10; t14 += v * b11; t15 += v * b12; t16 += v * b13; t17 += v * b14; t18 += v * b15; v = a[4]; t4 += v * b0; t5 += v * b1; t6 += v * b2; t7 += v * b3; t8 += v * b4; t9 += v * b5; t10 += v * b6; t11 += v * b7; t12 += v * b8; t13 += v * b9; t14 += v * b10; t15 += v * b11; t16 += v * b12; t17 += v * b13; t18 += v * b14; t19 += v * b15; v = a[5]; t5 += v * b0; t6 += v * b1; t7 += v * b2; t8 += v * b3; t9 += v * b4; t10 += v * b5; t11 += v * b6; t12 += v * b7; t13 += v * b8; t14 += v * b9; t15 += v * b10; t16 += v * b11; t17 += v * b12; t18 += v * b13; t19 += v * b14; t20 += v * b15; v = a[6]; t6 += v * b0; t7 += v * b1; t8 += v * b2; t9 += v * b3; t10 += v * b4; t11 += v * b5; t12 += v * b6; t13 += v * b7; t14 += v * b8; t15 += v * b9; t16 += v * b10; t17 += v * b11; t18 += v * b12; t19 += v * b13; t20 += v * b14; t21 += v * b15; v = a[7]; t7 += v * b0; t8 += v * b1; t9 += v * b2; t10 += v * b3; t11 += v * b4; t12 += v * b5; t13 += v * b6; t14 += v * b7; t15 += v * b8; t16 += v * b9; t17 += v * b10; t18 += v * b11; t19 += v * b12; t20 += v * b13; t21 += v * b14; t22 += v * b15; v = a[8]; t8 += v * b0; t9 += v * b1; t10 += v * b2; t11 += v * b3; t12 += v * b4; t13 += v * b5; t14 += v * b6; t15 += v * b7; t16 += v * b8; t17 += v * b9; t18 += v * b10; t19 += v * b11; t20 += v * b12; t21 += v * b13; t22 += v * b14; t23 += v * b15; v = a[9]; t9 += v * b0; t10 += v * b1; t11 += v * b2; t12 += v * b3; t13 += v * b4; t14 += v * b5; t15 += v * b6; t16 += v * b7; t17 += v * b8; t18 += v * b9; t19 += v * b10; t20 += v * b11; t21 += v * b12; t22 += v * b13; t23 += v * b14; t24 += v * b15; v = a[10]; t10 += v * b0; t11 += v * b1; t12 += v * b2; t13 += v * b3; t14 += v * b4; t15 += v * b5; t16 += v * b6; t17 += v * b7; t18 += v * b8; t19 += v * b9; t20 += v * b10; t21 += v * b11; t22 += v * b12; t23 += v * b13; t24 += v * b14; t25 += v * b15; v = a[11]; t11 += v * b0; t12 += v * b1; t13 += v * b2; t14 += v * b3; t15 += v * b4; t16 += v * b5; t17 += v * b6; t18 += v * b7; t19 += v * b8; t20 += v * b9; t21 += v * b10; t22 += v * b11; t23 += v * b12; t24 += v * b13; t25 += v * b14; t26 += v * b15; v = a[12]; t12 += v * b0; t13 += v * b1; t14 += v * b2; t15 += v * b3; t16 += v * b4; t17 += v * b5; t18 += v * b6; t19 += v * b7; t20 += v * b8; t21 += v * b9; t22 += v * b10; t23 += v * b11; t24 += v * b12; t25 += v * b13; t26 += v * b14; t27 += v * b15; v = a[13]; t13 += v * b0; t14 += v * b1; t15 += v * b2; t16 += v * b3; t17 += v * b4; t18 += v * b5; t19 += v * b6; t20 += v * b7; t21 += v * b8; t22 += v * b9; t23 += v * b10; t24 += v * b11; t25 += v * b12; t26 += v * b13; t27 += v * b14; t28 += v * b15; v = a[14]; t14 += v * b0; t15 += v * b1; t16 += v * b2; t17 += v * b3; t18 += v * b4; t19 += v * b5; t20 += v * b6; t21 += v * b7; t22 += v * b8; t23 += v * b9; t24 += v * b10; t25 += v * b11; t26 += v * b12; t27 += v * b13; t28 += v * b14; t29 += v * b15; v = a[15]; t15 += v * b0; t16 += v * b1; t17 += v * b2; t18 += v * b3; t19 += v * b4; t20 += v * b5; t21 += v * b6; t22 += v * b7; t23 += v * b8; t24 += v * b9; t25 += v * b10; t26 += v * b11; t27 += v * b12; t28 += v * b13; t29 += v * b14; t30 += v * b15; t0 += 38 * t16; t1 += 38 * t17; t2 += 38 * t18; t3 += 38 * t19; t4 += 38 * t20; t5 += 38 * t21; t6 += 38 * t22; t7 += 38 * t23; t8 += 38 * t24; t9 += 38 * t25; t10 += 38 * t26; t11 += 38 * t27; t12 += 38 * t28; t13 += 38 * t29; t14 += 38 * t30; // t15 left as is // first car c = 1; v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; t0 += c-1 + 37 * (c-1); // second car c = 1; v = t0 + c + 65535; c = Math.floor(v / 65536); t0 = v - c * 65536; v = t1 + c + 65535; c = Math.floor(v / 65536); t1 = v - c * 65536; v = t2 + c + 65535; c = Math.floor(v / 65536); t2 = v - c * 65536; v = t3 + c + 65535; c = Math.floor(v / 65536); t3 = v - c * 65536; v = t4 + c + 65535; c = Math.floor(v / 65536); t4 = v - c * 65536; v = t5 + c + 65535; c = Math.floor(v / 65536); t5 = v - c * 65536; v = t6 + c + 65535; c = Math.floor(v / 65536); t6 = v - c * 65536; v = t7 + c + 65535; c = Math.floor(v / 65536); t7 = v - c * 65536; v = t8 + c + 65535; c = Math.floor(v / 65536); t8 = v - c * 65536; v = t9 + c + 65535; c = Math.floor(v / 65536); t9 = v - c * 65536; v = t10 + c + 65535; c = Math.floor(v / 65536); t10 = v - c * 65536; v = t11 + c + 65535; c = Math.floor(v / 65536); t11 = v - c * 65536; v = t12 + c + 65535; c = Math.floor(v / 65536); t12 = v - c * 65536; v = t13 + c + 65535; c = Math.floor(v / 65536); t13 = v - c * 65536; v = t14 + c + 65535; c = Math.floor(v / 65536); t14 = v - c * 65536; v = t15 + c + 65535; c = Math.floor(v / 65536); t15 = v - c * 65536; t0 += c-1 + 37 * (c-1); o[ 0] = t0; o[ 1] = t1; o[ 2] = t2; o[ 3] = t3; o[ 4] = t4; o[ 5] = t5; o[ 6] = t6; o[ 7] = t7; o[ 8] = t8; o[ 9] = t9; o[10] = t10; o[11] = t11; o[12] = t12; o[13] = t13; o[14] = t14; o[15] = t15; } function S(o, a) { M(o, a, a); } function inv25519(o, i) { var c = gf(); var a; for (a = 0; a < 16; a++) c[a] = i[a]; for (a = 253; a >= 0; a--) { S(c, c); if(a !== 2 && a !== 4) M(c, c, i); } for (a = 0; a < 16; a++) o[a] = c[a]; } function pow2523(o, i) { var c = gf(); var a; for (a = 0; a < 16; a++) c[a] = i[a]; for (a = 250; a >= 0; a--) { S(c, c); if(a !== 1) M(c, c, i); } for (a = 0; a < 16; a++) o[a] = c[a]; } function crypto_scalarmult(q, n, p) { var z = new Uint8Array(32); var x = new Float64Array(80), r, i; var a = gf(), b = gf(), c = gf(), d = gf(), e = gf(), f = gf(); for (i = 0; i < 31; i++) z[i] = n[i]; z[31]=(n[31]&127)|64; z[0]&=248; unpack25519(x,p); for (i = 0; i < 16; i++) { b[i]=x[i]; d[i]=a[i]=c[i]=0; } a[0]=d[0]=1; for (i=254; i>=0; --i) { r=(z[i>>>3]>>>(i&7))&1; sel25519(a,b,r); sel25519(c,d,r); A(e,a,c); Z(a,a,c); A(c,b,d); Z(b,b,d); S(d,e); S(f,a); M(a,c,a); M(c,b,e); A(e,a,c); Z(a,a,c); S(b,a); Z(c,d,f); M(a,c,_121665); A(a,a,d); M(c,c,a); M(a,d,f); M(d,b,x); S(b,e); sel25519(a,b,r); sel25519(c,d,r); } for (i = 0; i < 16; i++) { x[i+16]=a[i]; x[i+32]=c[i]; x[i+48]=b[i]; x[i+64]=d[i]; } var x32 = x.subarray(32); var x16 = x.subarray(16); inv25519(x32,x32); M(x16,x16,x32); pack25519(q,x16); return 0; } function crypto_scalarmult_base(q, n) { return crypto_scalarmult(q, n, _9); } function crypto_box_keypair(y, x) { randombytes(x, 32); return crypto_scalarmult_base(y, x); } function crypto_box_beforenm(k, y, x) { var s = new Uint8Array(32); crypto_scalarmult(s, x, y); return crypto_core_hsalsa20(k, _0, s, sigma); } var crypto_box_afternm = crypto_secretbox; var crypto_box_open_afternm = crypto_secretbox_open; function crypto_box(c, m, d, n, y, x) { var k = new Uint8Array(32); crypto_box_beforenm(k, y, x); return crypto_box_afternm(c, m, d, n, k); } function crypto_box_open(m, c, d, n, y, x) { var k = new Uint8Array(32); crypto_box_beforenm(k, y, x); return crypto_box_open_afternm(m, c, d, n, k); } var K = [ 0x428a2f98, 0xd728ae22, 0x71374491, 0x23ef65cd, 0xb5c0fbcf, 0xec4d3b2f, 0xe9b5dba5, 0x8189dbbc, 0x3956c25b, 0xf348b538, 0x59f111f1, 0xb605d019, 0x923f82a4, 0xaf194f9b, 0xab1c5ed5, 0xda6d8118, 0xd807aa98, 0xa3030242, 0x12835b01, 0x45706fbe, 0x243185be, 0x4ee4b28c, 0x550c7dc3, 0xd5ffb4e2, 0x72be5d74, 0xf27b896f, 0x80deb1fe, 0x3b1696b1, 0x9bdc06a7, 0x25c71235, 0xc19bf174, 0xcf692694, 0xe49b69c1, 0x9ef14ad2, 0xefbe4786, 0x384f25e3, 0x0fc19dc6, 0x8b8cd5b5, 0x240ca1cc, 0x77ac9c65, 0x2de92c6f, 0x592b0275, 0x4a7484aa, 0x6ea6e483, 0x5cb0a9dc, 0xbd41fbd4, 0x76f988da, 0x831153b5, 0x983e5152, 0xee66dfab, 0xa831c66d, 0x2db43210, 0xb00327c8, 0x98fb213f, 0xbf597fc7, 0xbeef0ee4, 0xc6e00bf3, 0x3da88fc2, 0xd5a79147, 0x930aa725, 0x06ca6351, 0xe003826f, 0x14292967, 0x0a0e6e70, 0x27b70a85, 0x46d22ffc, 0x2e1b2138, 0x5c26c926, 0x4d2c6dfc, 0x5ac42aed, 0x53380d13, 0x9d95b3df, 0x650a7354, 0x8baf63de, 0x766a0abb, 0x3c77b2a8, 0x81c2c92e, 0x47edaee6, 0x92722c85, 0x1482353b, 0xa2bfe8a1, 0x4cf10364, 0xa81a664b, 0xbc423001, 0xc24b8b70, 0xd0f89791, 0xc76c51a3, 0x0654be30, 0xd192e819, 0xd6ef5218, 0xd6990624, 0x5565a910, 0xf40e3585, 0x5771202a, 0x106aa070, 0x32bbd1b8, 0x19a4c116, 0xb8d2d0c8, 0x1e376c08, 0x5141ab53, 0x2748774c, 0xdf8eeb99, 0x34b0bcb5, 0xe19b48a8, 0x391c0cb3, 0xc5c95a63, 0x4ed8aa4a, 0xe3418acb, 0x5b9cca4f, 0x7763e373, 0x682e6ff3, 0xd6b2b8a3, 0x748f82ee, 0x5defb2fc, 0x78a5636f, 0x43172f60, 0x84c87814, 0xa1f0ab72, 0x8cc70208, 0x1a6439ec, 0x90befffa, 0x23631e28, 0xa4506ceb, 0xde82bde9, 0xbef9a3f7, 0xb2c67915, 0xc67178f2, 0xe372532b, 0xca273ece, 0xea26619c, 0xd186b8c7, 0x21c0c207, 0xeada7dd6, 0xcde0eb1e, 0xf57d4f7f, 0xee6ed178, 0x06f067aa, 0x72176fba, 0x0a637dc5, 0xa2c898a6, 0x113f9804, 0xbef90dae, 0x1b710b35, 0x131c471b, 0x28db77f5, 0x23047d84, 0x32caab7b, 0x40c72493, 0x3c9ebe0a, 0x15c9bebc, 0x431d67c4, 0x9c100d4c, 0x4cc5d4be, 0xcb3e42b6, 0x597f299c, 0xfc657e2a, 0x5fcb6fab, 0x3ad6faec, 0x6c44198c, 0x4a475817 ]; function crypto_hashblocks_hl(hh, hl, m, n) { var wh = new Int32Array(16), wl = new Int32Array(16), bh0, bh1, bh2, bh3, bh4, bh5, bh6, bh7, bl0, bl1, bl2, bl3, bl4, bl5, bl6, bl7, th, tl, i, j, h, l, a, b, c, d; var ah0 = hh[0], ah1 = hh[1], ah2 = hh[2], ah3 = hh[3], ah4 = hh[4], ah5 = hh[5], ah6 = hh[6], ah7 = hh[7], al0 = hl[0], al1 = hl[1], al2 = hl[2], al3 = hl[3], al4 = hl[4], al5 = hl[5], al6 = hl[6], al7 = hl[7]; var pos = 0; while (n >= 128) { for (i = 0; i < 16; i++) { j = 8 * i + pos; wh[i] = (m[j+0] << 24) | (m[j+1] << 16) | (m[j+2] << 8) | m[j+3]; wl[i] = (m[j+4] << 24) | (m[j+5] << 16) | (m[j+6] << 8) | m[j+7]; } for (i = 0; i < 80; i++) { bh0 = ah0; bh1 = ah1; bh2 = ah2; bh3 = ah3; bh4 = ah4; bh5 = ah5; bh6 = ah6; bh7 = ah7; bl0 = al0; bl1 = al1; bl2 = al2; bl3 = al3; bl4 = al4; bl5 = al5; bl6 = al6; bl7 = al7; // add h = ah7; l = al7; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; // Sigma1 h = ((ah4 >>> 14) | (al4 << (32-14))) ^ ((ah4 >>> 18) | (al4 << (32-18))) ^ ((al4 >>> (41-32)) | (ah4 << (32-(41-32)))); l = ((al4 >>> 14) | (ah4 << (32-14))) ^ ((al4 >>> 18) | (ah4 << (32-18))) ^ ((ah4 >>> (41-32)) | (al4 << (32-(41-32)))); a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; // Ch h = (ah4 & ah5) ^ (~ah4 & ah6); l = (al4 & al5) ^ (~al4 & al6); a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; // K h = K[i*2]; l = K[i*2+1]; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; // w h = wh[i%16]; l = wl[i%16]; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; th = c & 0xffff | d << 16; tl = a & 0xffff | b << 16; // add h = th; l = tl; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; // Sigma0 h = ((ah0 >>> 28) | (al0 << (32-28))) ^ ((al0 >>> (34-32)) | (ah0 << (32-(34-32)))) ^ ((al0 >>> (39-32)) | (ah0 << (32-(39-32)))); l = ((al0 >>> 28) | (ah0 << (32-28))) ^ ((ah0 >>> (34-32)) | (al0 << (32-(34-32)))) ^ ((ah0 >>> (39-32)) | (al0 << (32-(39-32)))); a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; // Maj h = (ah0 & ah1) ^ (ah0 & ah2) ^ (ah1 & ah2); l = (al0 & al1) ^ (al0 & al2) ^ (al1 & al2); a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; bh7 = (c & 0xffff) | (d << 16); bl7 = (a & 0xffff) | (b << 16); // add h = bh3; l = bl3; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; h = th; l = tl; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; bh3 = (c & 0xffff) | (d << 16); bl3 = (a & 0xffff) | (b << 16); ah1 = bh0; ah2 = bh1; ah3 = bh2; ah4 = bh3; ah5 = bh4; ah6 = bh5; ah7 = bh6; ah0 = bh7; al1 = bl0; al2 = bl1; al3 = bl2; al4 = bl3; al5 = bl4; al6 = bl5; al7 = bl6; al0 = bl7; if (i%16 === 15) { for (j = 0; j < 16; j++) { // add h = wh[j]; l = wl[j]; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; h = wh[(j+9)%16]; l = wl[(j+9)%16]; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; // sigma0 th = wh[(j+1)%16]; tl = wl[(j+1)%16]; h = ((th >>> 1) | (tl << (32-1))) ^ ((th >>> 8) | (tl << (32-8))) ^ (th >>> 7); l = ((tl >>> 1) | (th << (32-1))) ^ ((tl >>> 8) | (th << (32-8))) ^ ((tl >>> 7) | (th << (32-7))); a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; // sigma1 th = wh[(j+14)%16]; tl = wl[(j+14)%16]; h = ((th >>> 19) | (tl << (32-19))) ^ ((tl >>> (61-32)) | (th << (32-(61-32)))) ^ (th >>> 6); l = ((tl >>> 19) | (th << (32-19))) ^ ((th >>> (61-32)) | (tl << (32-(61-32)))) ^ ((tl >>> 6) | (th << (32-6))); a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; wh[j] = (c & 0xffff) | (d << 16); wl[j] = (a & 0xffff) | (b << 16); } } } // add h = ah0; l = al0; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; h = hh[0]; l = hl[0]; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; hh[0] = ah0 = (c & 0xffff) | (d << 16); hl[0] = al0 = (a & 0xffff) | (b << 16); h = ah1; l = al1; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; h = hh[1]; l = hl[1]; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; hh[1] = ah1 = (c & 0xffff) | (d << 16); hl[1] = al1 = (a & 0xffff) | (b << 16); h = ah2; l = al2; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; h = hh[2]; l = hl[2]; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; hh[2] = ah2 = (c & 0xffff) | (d << 16); hl[2] = al2 = (a & 0xffff) | (b << 16); h = ah3; l = al3; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; h = hh[3]; l = hl[3]; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; hh[3] = ah3 = (c & 0xffff) | (d << 16); hl[3] = al3 = (a & 0xffff) | (b << 16); h = ah4; l = al4; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; h = hh[4]; l = hl[4]; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; hh[4] = ah4 = (c & 0xffff) | (d << 16); hl[4] = al4 = (a & 0xffff) | (b << 16); h = ah5; l = al5; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; h = hh[5]; l = hl[5]; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; hh[5] = ah5 = (c & 0xffff) | (d << 16); hl[5] = al5 = (a & 0xffff) | (b << 16); h = ah6; l = al6; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; h = hh[6]; l = hl[6]; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; hh[6] = ah6 = (c & 0xffff) | (d << 16); hl[6] = al6 = (a & 0xffff) | (b << 16); h = ah7; l = al7; a = l & 0xffff; b = l >>> 16; c = h & 0xffff; d = h >>> 16; h = hh[7]; l = hl[7]; a += l & 0xffff; b += l >>> 16; c += h & 0xffff; d += h >>> 16; b += a >>> 16; c += b >>> 16; d += c >>> 16; hh[7] = ah7 = (c & 0xffff) | (d << 16); hl[7] = al7 = (a & 0xffff) | (b << 16); pos += 128; n -= 128; } return n; } function crypto_hash(out, m, n) { var hh = new Int32Array(8), hl = new Int32Array(8), x = new Uint8Array(256), i, b = n; hh[0] = 0x6a09e667; hh[1] = 0xbb67ae85; hh[2] = 0x3c6ef372; hh[3] = 0xa54ff53a; hh[4] = 0x510e527f; hh[5] = 0x9b05688c; hh[6] = 0x1f83d9ab; hh[7] = 0x5be0cd19; hl[0] = 0xf3bcc908; hl[1] = 0x84caa73b; hl[2] = 0xfe94f82b; hl[3] = 0x5f1d36f1; hl[4] = 0xade682d1; hl[5] = 0x2b3e6c1f; hl[6] = 0xfb41bd6b; hl[7] = 0x137e2179; crypto_hashblocks_hl(hh, hl, m, n); n %= 128; for (i = 0; i < n; i++) x[i] = m[b-n+i]; x[n] = 128; n = 256-128*(n<112?1:0); x[n-9] = 0; ts64(x, n-8, (b / 0x20000000) | 0, b << 3); crypto_hashblocks_hl(hh, hl, x, n); for (i = 0; i < 8; i++) ts64(out, 8*i, hh[i], hl[i]); return 0; } function add(p, q) { var a = gf(), b = gf(), c = gf(), d = gf(), e = gf(), f = gf(), g = gf(), h = gf(), t = gf(); Z(a, p[1], p[0]); Z(t, q[1], q[0]); M(a, a, t); A(b, p[0], p[1]); A(t, q[0], q[1]); M(b, b, t); M(c, p[3], q[3]); M(c, c, D2); M(d, p[2], q[2]); A(d, d, d); Z(e, b, a); Z(f, d, c); A(g, d, c); A(h, b, a); M(p[0], e, f); M(p[1], h, g); M(p[2], g, f); M(p[3], e, h); } function cswap(p, q, b) { var i; for (i = 0; i < 4; i++) { sel25519(p[i], q[i], b); } } function pack(r, p) { var tx = gf(), ty = gf(), zi = gf(); inv25519(zi, p[2]); M(tx, p[0], zi); M(ty, p[1], zi); pack25519(r, ty); r[31] ^= par25519(tx) << 7; } function scalarmult(p, q, s) { var b, i; set25519(p[0], gf0); set25519(p[1], gf1); set25519(p[2], gf1); set25519(p[3], gf0); for (i = 255; i >= 0; --i) { b = (s[(i/8)|0] >> (i&7)) & 1; cswap(p, q, b); add(q, p); add(p, p); cswap(p, q, b); } } function scalarbase(p, s) { var q = [gf(), gf(), gf(), gf()]; set25519(q[0], X); set25519(q[1], Y); set25519(q[2], gf1); M(q[3], X, Y); scalarmult(p, q, s); } function crypto_sign_keypair(pk, sk, seeded) { var d = new Uint8Array(64); var p = [gf(), gf(), gf(), gf()]; var i; if (!seeded) randombytes(sk, 32); crypto_hash(d, sk, 32); d[0] &= 248; d[31] &= 127; d[31] |= 64; scalarbase(p, d); pack(pk, p); for (i = 0; i < 32; i++) sk[i+32] = pk[i]; return 0; } var L = new Float64Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]); function modL(r, x) { var carry, i, j, k; for (i = 63; i >= 32; --i) { carry = 0; for (j = i - 32, k = i - 12; j < k; ++j) { x[j] += carry - 16 * x[i] * L[j - (i - 32)]; carry = (x[j] + 128) >> 8; x[j] -= carry * 256; } x[j] += carry; x[i] = 0; } carry = 0; for (j = 0; j < 32; j++) { x[j] += carry - (x[31] >> 4) * L[j]; carry = x[j] >> 8; x[j] &= 255; } for (j = 0; j < 32; j++) x[j] -= carry * L[j]; for (i = 0; i < 32; i++) { x[i+1] += x[i] >> 8; r[i] = x[i] & 255; } } function reduce(r) { var x = new Float64Array(64), i; for (i = 0; i < 64; i++) x[i] = r[i]; for (i = 0; i < 64; i++) r[i] = 0; modL(r, x); } // Note: difference from C - smlen returned, not passed as argument. function crypto_sign(sm, m, n, sk) { var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64); var i, j, x = new Float64Array(64); var p = [gf(), gf(), gf(), gf()]; crypto_hash(d, sk, 32); d[0] &= 248; d[31] &= 127; d[31] |= 64; var smlen = n + 64; for (i = 0; i < n; i++) sm[64 + i] = m[i]; for (i = 0; i < 32; i++) sm[32 + i] = d[32 + i]; crypto_hash(r, sm.subarray(32), n+32); reduce(r); scalarbase(p, r); pack(sm, p); for (i = 32; i < 64; i++) sm[i] = sk[i]; crypto_hash(h, sm, n + 64); reduce(h); for (i = 0; i < 64; i++) x[i] = 0; for (i = 0; i < 32; i++) x[i] = r[i]; for (i = 0; i < 32; i++) { for (j = 0; j < 32; j++) { x[i+j] += h[i] * d[j]; } } modL(sm.subarray(32), x); return smlen; } function unpackneg(r, p) { var t = gf(), chk = gf(), num = gf(), den = gf(), den2 = gf(), den4 = gf(), den6 = gf(); set25519(r[2], gf1); unpack25519(r[1], p); S(num, r[1]); M(den, num, D); Z(num, num, r[2]); A(den, r[2], den); S(den2, den); S(den4, den2); M(den6, den4, den2); M(t, den6, num); M(t, t, den); pow2523(t, t); M(t, t, num); M(t, t, den); M(t, t, den); M(r[0], t, den); S(chk, r[0]); M(chk, chk, den); if (neq25519(chk, num)) M(r[0], r[0], I); S(chk, r[0]); M(chk, chk, den); if (neq25519(chk, num)) return -1; if (par25519(r[0]) === (p[31]>>7)) Z(r[0], gf0, r[0]); M(r[3], r[0], r[1]); return 0; } function crypto_sign_open(m, sm, n, pk) { var i, mlen; var t = new Uint8Array(32), h = new Uint8Array(64); var p = [gf(), gf(), gf(), gf()], q = [gf(), gf(), gf(), gf()]; mlen = -1; if (n < 64) return -1; if (unpackneg(q, pk)) return -1; for (i = 0; i < n; i++) m[i] = sm[i]; for (i = 0; i < 32; i++) m[i+32] = pk[i]; crypto_hash(h, m, n); reduce(h); scalarmult(p, q, h); scalarbase(q, sm.subarray(32)); add(p, q); pack(t, p); n -= 64; if (crypto_verify_32(sm, 0, t, 0)) { for (i = 0; i < n; i++) m[i] = 0; return -1; } for (i = 0; i < n; i++) m[i] = sm[i + 64]; mlen = n; return mlen; } var crypto_secretbox_KEYBYTES = 32, crypto_secretbox_NONCEBYTES = 24, crypto_secretbox_ZEROBYTES = 32, crypto_secretbox_BOXZEROBYTES = 16, crypto_scalarmult_BYTES = 32, crypto_scalarmult_SCALARBYTES = 32, crypto_box_PUBLICKEYBYTES = 32, crypto_box_SECRETKEYBYTES = 32, crypto_box_BEFORENMBYTES = 32, crypto_box_NONCEBYTES = crypto_secretbox_NONCEBYTES, crypto_box_ZEROBYTES = crypto_secretbox_ZEROBYTES, crypto_box_BOXZEROBYTES = crypto_secretbox_BOXZEROBYTES, crypto_sign_BYTES = 64, crypto_sign_PUBLICKEYBYTES = 32, crypto_sign_SECRETKEYBYTES = 64, crypto_sign_SEEDBYTES = 32, crypto_hash_BYTES = 64; nacl.lowlevel = { crypto_core_hsalsa20: crypto_core_hsalsa20, crypto_stream_xor: crypto_stream_xor, crypto_stream: crypto_stream, crypto_stream_salsa20_xor: crypto_stream_salsa20_xor, crypto_stream_salsa20: crypto_stream_salsa20, crypto_onetimeauth: crypto_onetimeauth, crypto_onetimeauth_verify: crypto_onetimeauth_verify, crypto_verify_16: crypto_verify_16, crypto_verify_32: crypto_verify_32, crypto_secretbox: crypto_secretbox, crypto_secretbox_open: crypto_secretbox_open, crypto_scalarmult: crypto_scalarmult, crypto_scalarmult_base: crypto_scalarmult_base, crypto_box_beforenm: crypto_box_beforenm, crypto_box_afternm: crypto_box_afternm, crypto_box: crypto_box, crypto_box_open: crypto_box_open, crypto_box_keypair: crypto_box_keypair, crypto_hash: crypto_hash, crypto_sign: crypto_sign, crypto_sign_keypair: crypto_sign_keypair, crypto_sign_open: crypto_sign_open, crypto_secretbox_KEYBYTES: crypto_secretbox_KEYBYTES, crypto_secretbox_NONCEBYTES: crypto_secretbox_NONCEBYTES, crypto_secretbox_ZEROBYTES: crypto_secretbox_ZEROBYTES, crypto_secretbox_BOXZEROBYTES: crypto_secretbox_BOXZEROBYTES, crypto_scalarmult_BYTES: crypto_scalarmult_BYTES, crypto_scalarmult_SCALARBYTES: crypto_scalarmult_SCALARBYTES, crypto_box_PUBLICKEYBYTES: crypto_box_PUBLICKEYBYTES, crypto_box_SECRETKEYBYTES: crypto_box_SECRETKEYBYTES, crypto_box_BEFORENMBYTES: crypto_box_BEFORENMBYTES, crypto_box_NONCEBYTES: crypto_box_NONCEBYTES, crypto_box_ZEROBYTES: crypto_box_ZEROBYTES, crypto_box_BOXZEROBYTES: crypto_box_BOXZEROBYTES, crypto_sign_BYTES: crypto_sign_BYTES, crypto_sign_PUBLICKEYBYTES: crypto_sign_PUBLICKEYBYTES, crypto_sign_SECRETKEYBYTES: crypto_sign_SECRETKEYBYTES, crypto_sign_SEEDBYTES: crypto_sign_SEEDBYTES, crypto_hash_BYTES: crypto_hash_BYTES }; /* High-level API */ function checkLengths(k, n) { if (k.length !== crypto_secretbox_KEYBYTES) throw new Error('bad key size'); if (n.length !== crypto_secretbox_NONCEBYTES) throw new Error('bad nonce size'); } function checkBoxLengths(pk, sk) { if (pk.length !== crypto_box_PUBLICKEYBYTES) throw new Error('bad public key size'); if (sk.length !== crypto_box_SECRETKEYBYTES) throw new Error('bad secret key size'); } function checkArrayTypes() { var t, i; for (i = 0; i < arguments.length; i++) { if ((t = Object.prototype.toString.call(arguments[i])) !== '[object Uint8Array]') throw new TypeError('unexpected type ' + t + ', use Uint8Array'); } } function cleanup(arr) { for (var i = 0; i < arr.length; i++) arr[i] = 0; } // TODO: Completely remove this in v0.15. if (!nacl.util) { nacl.util = {}; nacl.util.decodeUTF8 = nacl.util.encodeUTF8 = nacl.util.encodeBase64 = nacl.util.decodeBase64 = function() { throw new Error('nacl.util moved into separate package: https://github.com/dchest/tweetnacl-util-js'); }; } nacl.randomBytes = function(n) { var b = new Uint8Array(n); randombytes(b, n); return b; }; nacl.secretbox = function(msg, nonce, key) { checkArrayTypes(msg, nonce, key); checkLengths(key, nonce); var m = new Uint8Array(crypto_secretbox_ZEROBYTES + msg.length); var c = new Uint8Array(m.length); for (var i = 0; i < msg.length; i++) m[i+crypto_secretbox_ZEROBYTES] = msg[i]; crypto_secretbox(c, m, m.length, nonce, key); return c.subarray(crypto_secretbox_BOXZEROBYTES); }; nacl.secretbox.open = function(box, nonce, key) { checkArrayTypes(box, nonce, key); checkLengths(key, nonce); var c = new Uint8Array(crypto_secretbox_BOXZEROBYTES + box.length); var m = new Uint8Array(c.length); for (var i = 0; i < box.length; i++) c[i+crypto_secretbox_BOXZEROBYTES] = box[i]; if (c.length < 32) return false; if (crypto_secretbox_open(m, c, c.length, nonce, key) !== 0) return false; return m.subarray(crypto_secretbox_ZEROBYTES); }; nacl.secretbox.keyLength = crypto_secretbox_KEYBYTES; nacl.secretbox.nonceLength = crypto_secretbox_NONCEBYTES; nacl.secretbox.overheadLength = crypto_secretbox_BOXZEROBYTES; nacl.scalarMult = function(n, p) { checkArrayTypes(n, p); if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); if (p.length !== crypto_scalarmult_BYTES) throw new Error('bad p size'); var q = new Uint8Array(crypto_scalarmult_BYTES); crypto_scalarmult(q, n, p); return q; }; nacl.scalarMult.base = function(n) { checkArrayTypes(n); if (n.length !== crypto_scalarmult_SCALARBYTES) throw new Error('bad n size'); var q = new Uint8Array(crypto_scalarmult_BYTES); crypto_scalarmult_base(q, n); return q; }; nacl.scalarMult.scalarLength = crypto_scalarmult_SCALARBYTES; nacl.scalarMult.groupElementLength = crypto_scalarmult_BYTES; nacl.box = function(msg, nonce, publicKey, secretKey) { var k = nacl.box.before(publicKey, secretKey); return nacl.secretbox(msg, nonce, k); }; nacl.box.before = function(publicKey, secretKey) { checkArrayTypes(publicKey, secretKey); checkBoxLengths(publicKey, secretKey); var k = new Uint8Array(crypto_box_BEFORENMBYTES); crypto_box_beforenm(k, publicKey, secretKey); return k; }; nacl.box.after = nacl.secretbox; nacl.box.open = function(msg, nonce, publicKey, secretKey) { var k = nacl.box.before(publicKey, secretKey); return nacl.secretbox.open(msg, nonce, k); }; nacl.box.open.after = nacl.secretbox.open; nacl.box.keyPair = function() { var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); var sk = new Uint8Array(crypto_box_SECRETKEYBYTES); crypto_box_keypair(pk, sk); return {publicKey: pk, secretKey: sk}; }; nacl.box.keyPair.fromSecretKey = function(secretKey) { checkArrayTypes(secretKey); if (secretKey.length !== crypto_box_SECRETKEYBYTES) throw new Error('bad secret key size'); var pk = new Uint8Array(crypto_box_PUBLICKEYBYTES); crypto_scalarmult_base(pk, secretKey); return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; }; nacl.box.publicKeyLength = crypto_box_PUBLICKEYBYTES; nacl.box.secretKeyLength = crypto_box_SECRETKEYBYTES; nacl.box.sharedKeyLength = crypto_box_BEFORENMBYTES; nacl.box.nonceLength = crypto_box_NONCEBYTES; nacl.box.overheadLength = nacl.secretbox.overheadLength; nacl.sign = function(msg, secretKey) { checkArrayTypes(msg, secretKey); if (secretKey.length !== crypto_sign_SECRETKEYBYTES) throw new Error('bad secret key size'); var signedMsg = new Uint8Array(crypto_sign_BYTES+msg.length); crypto_sign(signedMsg, msg, msg.length, secretKey); return signedMsg; }; nacl.sign.open = function(signedMsg, publicKey) { if (arguments.length !== 2) throw new Error('nacl.sign.open accepts 2 arguments; did you mean to use nacl.sign.detached.verify?'); checkArrayTypes(signedMsg, publicKey); if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) throw new Error('bad public key size'); var tmp = new Uint8Array(signedMsg.length); var mlen = crypto_sign_open(tmp, signedMsg, signedMsg.length, publicKey); if (mlen < 0) return null; var m = new Uint8Array(mlen); for (var i = 0; i < m.length; i++) m[i] = tmp[i]; return m; }; nacl.sign.detached = function(msg, secretKey) { var signedMsg = nacl.sign(msg, secretKey); var sig = new Uint8Array(crypto_sign_BYTES); for (var i = 0; i < sig.length; i++) sig[i] = signedMsg[i]; return sig; }; nacl.sign.detached.verify = function(msg, sig, publicKey) { checkArrayTypes(msg, sig, publicKey); if (sig.length !== crypto_sign_BYTES) throw new Error('bad signature size'); if (publicKey.length !== crypto_sign_PUBLICKEYBYTES) throw new Error('bad public key size'); var sm = new Uint8Array(crypto_sign_BYTES + msg.length); var m = new Uint8Array(crypto_sign_BYTES + msg.length); var i; for (i = 0; i < crypto_sign_BYTES; i++) sm[i] = sig[i]; for (i = 0; i < msg.length; i++) sm[i+crypto_sign_BYTES] = msg[i]; return (crypto_sign_open(m, sm, sm.length, publicKey) >= 0); }; nacl.sign.keyPair = function() { var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); crypto_sign_keypair(pk, sk); return {publicKey: pk, secretKey: sk}; }; nacl.sign.keyPair.fromSecretKey = function(secretKey) { checkArrayTypes(secretKey); if (secretKey.length !== crypto_sign_SECRETKEYBYTES) throw new Error('bad secret key size'); var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); for (var i = 0; i < pk.length; i++) pk[i] = secretKey[32+i]; return {publicKey: pk, secretKey: new Uint8Array(secretKey)}; }; nacl.sign.keyPair.fromSeed = function(seed) { checkArrayTypes(seed); if (seed.length !== crypto_sign_SEEDBYTES) throw new Error('bad seed size'); var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES); var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES); for (var i = 0; i < 32; i++) sk[i] = seed[i]; crypto_sign_keypair(pk, sk, true); return {publicKey: pk, secretKey: sk}; }; nacl.sign.publicKeyLength = crypto_sign_PUBLICKEYBYTES; nacl.sign.secretKeyLength = crypto_sign_SECRETKEYBYTES; nacl.sign.seedLength = crypto_sign_SEEDBYTES; nacl.sign.signatureLength = crypto_sign_BYTES; nacl.hash = function(msg) { checkArrayTypes(msg); var h = new Uint8Array(crypto_hash_BYTES); crypto_hash(h, msg, msg.length); return h; }; nacl.hash.hashLength = crypto_hash_BYTES; nacl.verify = function(x, y) { checkArrayTypes(x, y); // Zero length arguments are considered not equal. if (x.length === 0 || y.length === 0) return false; if (x.length !== y.length) return false; return (vn(x, 0, y, 0, x.length) === 0) ? true : false; }; nacl.setPRNG = function(fn) { randombytes = fn; }; (function() { // Initialize PRNG if environment provides CSPRNG. // If not, methods calling randombytes will throw. var crypto = typeof self !== 'undefined' ? (self.crypto || self.msCrypto) : null; if (crypto && crypto.getRandomValues) { // Browsers. var QUOTA = 65536; nacl.setPRNG(function(x, n) { var i, v = new Uint8Array(n); for (i = 0; i < n; i += QUOTA) { crypto.getRandomValues(v.subarray(i, i + Math.min(n - i, QUOTA))); } for (i = 0; i < n; i++) x[i] = v[i]; cleanup(v); }); } else if (true) { // Node.js. crypto = __nccwpck_require__(6417); if (crypto && crypto.randomBytes) { nacl.setPRNG(function(x, n) { var i, v = crypto.randomBytes(n); for (i = 0; i < n; i++) x[i] = v[i]; cleanup(v); }); } } })(); })( true && module.exports ? module.exports : (self.nacl = self.nacl || {})); /***/ }), /***/ 5030: /***/ ((__unused_webpack_module, exports) => { "use strict"; Object.defineProperty(exports, "__esModule", ({ value: true })); function getUserAgent() { if (typeof navigator === "object" && "userAgent" in navigator) { return navigator.userAgent; } if (typeof process === "object" && "version" in process) { return `Node.js/${process.version.substr(1)} (${process.platform}; ${process.arch})`; } return ""; } exports.getUserAgent = getUserAgent; //# sourceMappingURL=index.js.map /***/ }), /***/ 7127: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { /** * For Node.js, simply re-export the core `util.deprecate` function. */ module.exports = __nccwpck_require__(1669).deprecate; /***/ }), /***/ 2940: /***/ ((module) => { // Returns a wrapper function that returns a wrapped callback // The wrapper function should do some stuff, and return a // presumably different callback function. // This makes sure that own properties are retained, so that // decorations and such are not lost along the way. module.exports = wrappy function wrappy (fn, cb) { if (fn && cb) return wrappy(fn)(cb) if (typeof fn !== 'function') throw new TypeError('need wrapper function') Object.keys(fn).forEach(function (k) { wrapper[k] = fn[k] }) return wrapper function wrapper() { var args = new Array(arguments.length) for (var i = 0; i < args.length; i++) { args[i] = arguments[i] } var ret = fn.apply(this, args) var cb = args[args.length-1] if (typeof ret === 'function' && ret !== cb) { Object.keys(cb).forEach(function (k) { ret[k] = cb[k] }) } return ret } } /***/ }), /***/ 5707: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.ApiClient = exports.CredentialFetchingError = void 0; const core = __importStar(__nccwpck_require__(2186)); const axios_1 = __importDefault(__nccwpck_require__(6545)); class CredentialFetchingError extends Error { } exports.CredentialFetchingError = CredentialFetchingError; class ApiClient { constructor(client, params) { this.client = client; this.params = params; // We use a static unknown SHA when marking a job as complete from the action // to remain in parity with the existing runner. this.UnknownSha = { 'base-commit-sha': 'unknown' }; } getJobDetails() { return __awaiter(this, void 0, void 0, function* () { const detailsURL = `/update_jobs/${this.params.jobId}/details`; const res = yield this.client.get(detailsURL, { headers: { Authorization: this.params.jobToken } }); if (res.status !== 200) { throw new Error(`Unexpected status code: ${res.status}`); } return res.data.data.attributes; }); } getCredentials() { var _a, _b; return __awaiter(this, void 0, void 0, function* () { const credentialsURL = `/update_jobs/${this.params.jobId}/credentials`; try { const res = yield this.client.get(credentialsURL, { headers: { Authorization: this.params.credentialsToken } }); // Mask any secrets we've just retrieved from Actions logs for (const credential of res.data.data.attributes.credentials) { if (credential.password) { core.setSecret(credential.password); } if (credential.token) { core.setSecret(credential.token); } } return res.data.data.attributes.credentials; } catch (error) { if (axios_1.default.isAxiosError(error)) { const err = error; throw new CredentialFetchingError(`fetching credentials: received code ${(_a = err.response) === null || _a === void 0 ? void 0 : _a.status}: ${JSON.stringify((_b = err.response) === null || _b === void 0 ? void 0 : _b.data)}`); } else { throw error; } } }); } reportJobError(error) { return __awaiter(this, void 0, void 0, function* () { const recordErrorURL = `/update_jobs/${this.params.jobId}/record_update_job_error`; const res = yield this.client.post(recordErrorURL, { data: error }, { headers: { Authorization: this.params.jobToken } }); if (res.status !== 204) { throw new Error(`Unexpected status code: ${res.status}`); } }); } markJobAsProcessed() { return __awaiter(this, void 0, void 0, function* () { const markAsProcessedURL = `/update_jobs/${this.params.jobId}/mark_as_processed`; const res = yield this.client.patch(markAsProcessedURL, { data: this.UnknownSha }, { headers: { Authorization: this.params.jobToken } }); if (res.status !== 204) { throw new Error(`Unexpected status code: ${res.status}`); } }); } } exports.ApiClient = ApiClient; /***/ }), /***/ 2429: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.ContainerService = exports.ContainerRuntimeError = void 0; const core = __importStar(__nccwpck_require__(2186)); const tar_stream_1 = __nccwpck_require__(2283); const utils_1 = __nccwpck_require__(1314); class ContainerRuntimeError extends Error { } exports.ContainerRuntimeError = ContainerRuntimeError; exports.ContainerService = { storeInput(name, path, container, input) { return __awaiter(this, void 0, void 0, function* () { const tar = tar_stream_1.pack(); tar.entry({ name }, JSON.stringify(input)); tar.finalize(); yield container.putArchive(tar, { path }); }); }, storeCert(name, path, container, cert) { return __awaiter(this, void 0, void 0, function* () { const tar = tar_stream_1.pack(); tar.entry({ name }, cert); tar.finalize(); yield container.putArchive(tar, { path }); }); }, run(container) { return __awaiter(this, void 0, void 0, function* () { try { const stream = yield container.attach({ stream: true, stdout: true, stderr: true }); container.modem.demuxStream(stream, utils_1.outStream('updater'), utils_1.errStream('updater')); yield container.start(); const outcome = yield container.wait(); if (outcome.StatusCode === 0) { return true; } else { core.info(`Failure running container ${container.id}`); throw new ContainerRuntimeError('The updater encountered one or more errors.'); } } finally { yield container.remove({ v: true }); core.info(`Cleaned up container ${container.id}`); } }); } }; /***/ }), /***/ 4665: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.repositoryName = exports.PROXY_IMAGE_NAME = exports.UPDATER_IMAGE_NAME = void 0; const containers_json_1 = __importDefault(__nccwpck_require__(4832)); exports.UPDATER_IMAGE_NAME = containers_json_1.default.updater; exports.PROXY_IMAGE_NAME = containers_json_1.default.proxy; const imageNamePattern = '^(?(([a-zA-Z0-9._-]+([:[0-9]+[^/]))?([a-zA-Z0-9._/-]+)?))((:[a-zA-Z0-9._/-]+)|(@sha256:[a-zA-Z0-9]{64}))?$'; function repositoryName(imageName) { const match = imageName.match(imageNamePattern); if (match === null || match === void 0 ? void 0 : match.groups) { return match.groups['repository']; } else { throw Error('invalid image name'); } } exports.repositoryName = repositoryName; /***/ }), /***/ 2715: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.ImageService = void 0; const core = __importStar(__nccwpck_require__(2186)); const dockerode_1 = __importDefault(__nccwpck_require__(4571)); const endOfStream = (docker, stream) => __awaiter(void 0, void 0, void 0, function* () { return new Promise((resolve, reject) => { docker.modem.followProgress(stream, (err) => err ? reject(err) : resolve(undefined)); }); }); /** Fetch the configured updater image, if it isn't already available. */ exports.ImageService = { pull(imageName, force = false) { return __awaiter(this, void 0, void 0, function* () { /* This method fetches images hosts on GitHub infrastructure. We expose the `fetch_image` utility method to allow us to pull in arbitrary images for unit tests. */ if (!(imageName.startsWith('ghcr.io/') || imageName.startsWith('docker.pkg.github.com/'))) { throw new Error('Only images distributed via docker.pkg.github.com or ghcr.io can be fetched'); } const docker = new dockerode_1.default(); try { const image = yield docker.getImage(imageName).inspect(); if (!force) { core.info(`Resolved ${imageName} to existing ${image.RepoDigests}`); return; } // else fallthrough to pull } catch (e) { if (!e.message.includes('no such image')) { throw e; } // else fallthrough to pull } const auth = {}; // Images are public so not authentication info is required yield this.fetchImage(imageName, auth, docker); }); }, /* Retrieve the imageName using the auth details provided, if any */ fetchImage(imageName, auth = {}, docker = new dockerode_1.default()) { return __awaiter(this, void 0, void 0, function* () { core.info(`Pulling image ${imageName}...`); const stream = yield docker.pull(imageName, { authconfig: auth }); yield endOfStream(docker, stream); core.info(`Pulled image ${imageName}`); }); } }; /***/ }), /***/ 7063: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.getJobParameters = exports.JobParameters = void 0; const fs_1 = __importDefault(__nccwpck_require__(5747)); const path_1 = __importDefault(__nccwpck_require__(5622)); const core = __importStar(__nccwpck_require__(2186)); const DYNAMIC = 'dynamic'; const DEPENDABOT_ACTOR = 'dependabot[bot]'; // JobParameters are the Action inputs required to execute the job class JobParameters { constructor(jobId, jobToken, credentialsToken, dependabotApiUrl, dependabotApiDockerUrl, workingDirectory) { this.jobId = jobId; this.jobToken = jobToken; this.credentialsToken = credentialsToken; this.dependabotApiUrl = dependabotApiUrl; this.dependabotApiDockerUrl = dependabotApiDockerUrl; this.workingDirectory = workingDirectory; } } exports.JobParameters = JobParameters; function getJobParameters(ctx) { checkEnvironmentAndContext(ctx); if (ctx.actor !== DEPENDABOT_ACTOR) { core.warning('This workflow can only be triggered by Dependabot.'); return null; } if (ctx.eventName === DYNAMIC) { return fromWorkflowInputs(ctx); } else { core.warning(`Dependabot Updater Action does not support '${ctx.eventName}' events.`); return null; } } exports.getJobParameters = getJobParameters; function checkEnvironmentAndContext(ctx) { let valid = true; if (!ctx.actor) { core.error('GITHUB_ACTOR is not defined'); valid = false; } if (!ctx.eventName) { core.error('GITHUB_EVENT_NAME is not defined'); valid = false; } if (!process.env.GITHUB_WORKSPACE) { core.error('GITHUB_WORKSPACE is not defined'); valid = false; } if (!valid) { throw new Error('Required Actions environment variables missing.'); } else { return valid; } } function fromWorkflowInputs(ctx) { const evt = ctx.payload; if (!evt.inputs) { throw new Error('Event payload has no inputs'); } const dependabotApiDockerUrl = evt.inputs.dependabotApiDockerUrl || evt.inputs.dependabotApiUrl; const workingDirectory = absoluteWorkingDirectory(evt.inputs.workingDirectory); return new JobParameters(parseInt(evt.inputs.jobId, 10), evt.inputs.jobToken, evt.inputs.credentialsToken, evt.inputs.dependabotApiUrl, dependabotApiDockerUrl, workingDirectory); } function absoluteWorkingDirectory(workingDirectory) { const workspace = process.env.GITHUB_WORKSPACE; if (!workingDirectory) { throw new Error('The workingDirectory input must not be blank.'); } if (!directoryExistsSync(workspace)) { throw new Error('The GITHUB_WORKSPACE directory does not exist.'); } const fullPath = path_1.default.join(workspace, workingDirectory); if (!directoryExistsSync(fullPath)) { throw new Error(`The workingDirectory '${workingDirectory}' does not exist in GITHUB_WORKSPACE`); } return fullPath; } function directoryExistsSync(directoryPath) { let stats; try { stats = fs_1.default.statSync(directoryPath); } catch (error) { if (error.code === 'ENOENT') { return false; } throw new Error(`Encountered an error when checking whether path '${directoryPath}' exists: ${error.message}`); } return stats.isDirectory(); } /***/ }), /***/ 399: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.run = exports.DependabotErrorType = void 0; const axios_1 = __importDefault(__nccwpck_require__(6545)); const core = __importStar(__nccwpck_require__(2186)); const github = __importStar(__nccwpck_require__(5438)); const api_client_1 = __nccwpck_require__(5707); const inputs_1 = __nccwpck_require__(7063); const image_service_1 = __nccwpck_require__(2715); const docker_tags_1 = __nccwpck_require__(4665); const updater_1 = __nccwpck_require__(4186); var DependabotErrorType; (function (DependabotErrorType) { DependabotErrorType["Unknown"] = "actions_workflow_unknown"; DependabotErrorType["Image"] = "actions_workflow_image"; DependabotErrorType["UpdateRun"] = "actions_workflow_updater"; })(DependabotErrorType = exports.DependabotErrorType || (exports.DependabotErrorType = {})); let jobId; function run(context) { return __awaiter(this, void 0, void 0, function* () { try { botSay('starting update'); // Retrieve JobParameters from the Actions environment const params = inputs_1.getJobParameters(context); // The parameters will be null if the Action environment // is not a valid Dependabot-triggered dynamic event. if (params === null) { botSay('finished: nothing to do'); return; // TODO: This should be setNeutral in future } jobId = params.jobId; core.setSecret(params.jobToken); core.setSecret(params.credentialsToken); const client = axios_1.default.create({ baseURL: params.dependabotApiUrl }); const apiClient = new api_client_1.ApiClient(client, params); core.info('Fetching job details'); // If we fail to succeed in fetching the job details, we cannot be sure the job has entered a 'processing' state, // so we do not try attempt to report back an exception if this fails and instead rely on the the workflow run // webhook as it anticipates scenarios where jobs have failed while 'enqueued'. const details = yield apiClient.getJobDetails(); try { const credentials = yield apiClient.getCredentials(); const updater = new updater_1.Updater(docker_tags_1.UPDATER_IMAGE_NAME, docker_tags_1.PROXY_IMAGE_NAME, apiClient, details, credentials, params.workingDirectory); core.startGroup('Pulling updater images'); try { yield image_service_1.ImageService.pull(docker_tags_1.UPDATER_IMAGE_NAME); yield image_service_1.ImageService.pull(docker_tags_1.PROXY_IMAGE_NAME); } catch (error) { yield failJob(apiClient, 'Error fetching updater images', error, DependabotErrorType.Image); return; } core.endGroup(); try { core.info('Starting update process'); yield updater.runUpdater(); } catch (error) { // If we have encountered a UpdaterFetchError, the Updater will already have // reported the error and marked the job as processed, so we only need to // set an exit status. if (error instanceof updater_1.UpdaterFetchError) { setFailed('Dependabot was unable to retrieve the files required to perform the update', null); botSay('finished: unable to fetch files'); return; } else { yield failJob(apiClient, 'Dependabot encountered an error performing the update', error, DependabotErrorType.UpdateRun); return; } } botSay('finished'); } catch (error) { if (error instanceof api_client_1.CredentialFetchingError) { yield failJob(apiClient, 'Dependabot was unable to retrieve job credentials', error, DependabotErrorType.UpdateRun); } else { yield failJob(apiClient, 'Dependabot was unable to start the update', error); } return; } } catch (error) { // If we've reached this point, we do not have a viable // API client to report back to Dependabot API. // // We output the raw error in the Action logs and defer // to workflow_run monitoring to detect the job failure. setFailed('Dependabot encountered an unexpected problem', error); botSay('finished: unexpected error'); } }); } exports.run = run; function failJob(apiClient, message, error, errorType = DependabotErrorType.Unknown) { return __awaiter(this, void 0, void 0, function* () { yield apiClient.reportJobError({ 'error-type': errorType, 'error-details': { 'action-error': error.message } }); yield apiClient.markJobAsProcessed(); setFailed(message, error); botSay('finished: error reported to Dependabot'); }); } function botSay(message) { core.info(`🤖 ~ ${message} ~`); } function setFailed(message, error) { if (jobId) { message = [message, error, dependabotJobHelp()].filter(Boolean).join('\n\n'); } core.setFailed(message); } function dependabotJobHelp() { if (jobId) { return `For more information see: ${dependabotJobUrl(jobId)} (write access required)`; } else { return null; } } function dependabotJobUrl(id) { const url_parts = [ process.env.GITHUB_SERVER_URL, process.env.GITHUB_REPOSITORY, 'network/updates', id ]; return url_parts.filter(Boolean).join('/'); } run(github.context); /***/ }), /***/ 7364: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.ProxyBuilder = void 0; const fs_1 = __importDefault(__nccwpck_require__(5747)); const core = __importStar(__nccwpck_require__(2186)); const crypto_1 = __importDefault(__nccwpck_require__(6417)); const container_service_1 = __nccwpck_require__(2429); const node_forge_1 = __nccwpck_require__(7655); const utils_1 = __nccwpck_require__(1314); const KEY_SIZE = 2048; const KEY_EXPIRY_YEARS = 2; const CONFIG_FILE_PATH = '/'; const CONFIG_FILE_NAME = 'config.json'; const CA_CERT_INPUT_PATH = '/usr/local/share/ca-certificates'; const CUSTOM_CA_CERT_NAME = 'custom-ca-cert.crt'; const CERT_SUBJECT = [ { name: 'commonName', value: 'Dependabot Internal CA' }, { name: 'organizationName', value: 'GitHub ic.' }, { shortName: 'OU', value: 'Dependabot' }, { name: 'countryName', value: 'US' }, { shortName: 'ST', value: 'California' }, { name: 'localityName', value: 'San Francisco' } ]; class ProxyBuilder { constructor(docker, proxyImage) { this.docker = docker; this.proxyImage = proxyImage; } run(jobId, credentials) { return __awaiter(this, void 0, void 0, function* () { const name = `dependabot-job-${jobId}-proxy`; const config = this.buildProxyConfig(credentials, jobId); const cert = config.ca.cert; const externalNetworkName = `dependabot-job-${jobId}-external-network`; const externalNetwork = yield this.ensureNetwork(externalNetworkName, false); const internalNetworkName = `dependabot-job-${jobId}-internal-network`; const internalNetwork = yield this.ensureNetwork(internalNetworkName, true); const container = yield this.createContainer(jobId, name, externalNetwork, internalNetwork, internalNetworkName); yield container_service_1.ContainerService.storeInput(CONFIG_FILE_NAME, CONFIG_FILE_PATH, container, config); if (process.env.CUSTOM_CA_PATH) { core.info('Detected custom CA certificate, adding to proxy'); const customCert = fs_1.default .readFileSync(process.env.CUSTOM_CA_PATH, 'utf8') .toString(); yield container_service_1.ContainerService.storeCert(CUSTOM_CA_CERT_NAME, CA_CERT_INPUT_PATH, container, customCert); } const stream = yield container.attach({ stream: true, stdout: true, stderr: true }); container.modem.demuxStream(stream, utils_1.outStream(' proxy'), utils_1.errStream(' proxy')); const url = () => __awaiter(this, void 0, void 0, function* () { const containerInfo = yield container.inspect(); if (containerInfo.State.Running === true) { const ipAddress = containerInfo.NetworkSettings.Networks[`${internalNetworkName}`] .IPAddress; return `http://${config.proxy_auth.username}:${config.proxy_auth.password}@${ipAddress}:1080`; } else { throw new Error("proxy container isn't running"); } }); return { container, network: internalNetwork, networkName: internalNetworkName, url, cert, shutdown: () => __awaiter(this, void 0, void 0, function* () { yield container.stop(); yield container.remove(); yield externalNetwork.remove(); yield internalNetwork.remove(); }) }; }); } ensureNetwork(name, internal = true) { return __awaiter(this, void 0, void 0, function* () { const networks = yield this.docker.listNetworks({ filters: JSON.stringify({ name: [name] }) }); if (networks.length > 0) { return this.docker.getNetwork(networks[0].Id); } else { return yield this.docker.createNetwork({ Name: name, Internal: internal }); } }); } buildProxyConfig(credentials, jobId) { const ca = this.generateCertificateAuthority(); const password = crypto_1.default.randomBytes(20).toString('hex'); const proxy_auth = { username: `${jobId}`, password }; const config = { all_credentials: credentials, ca, proxy_auth }; return config; } generateCertificateAuthority() { const keys = node_forge_1.pki.rsa.generateKeyPair(KEY_SIZE); const cert = node_forge_1.pki.createCertificate(); cert.publicKey = keys.publicKey; cert.serialNumber = '01'; cert.validity.notBefore = new Date(); cert.validity.notAfter = new Date(); cert.validity.notAfter.setFullYear(cert.validity.notBefore.getFullYear() + KEY_EXPIRY_YEARS); cert.setSubject(CERT_SUBJECT); cert.setIssuer(CERT_SUBJECT); cert.setExtensions([{ name: 'basicConstraints', cA: true }]); cert.sign(keys.privateKey); const pem = node_forge_1.pki.certificateToPem(cert); const key = node_forge_1.pki.privateKeyToPem(keys.privateKey); return { cert: pem, key }; } createContainer(jobId, containerName, externalNetwork, internalNetwork, internalNetworkName) { return __awaiter(this, void 0, void 0, function* () { const container = yield this.docker.createContainer({ Image: this.proxyImage, name: containerName, AttachStdout: true, AttachStderr: true, Env: [ `http_proxy=${process.env.http_proxy || process.env.HTTP_PROXY || ''}`, `https_proxy=${process.env.https_proxy || process.env.HTTPS_PROXY || ''}`, `no_proxy=${process.env.no_proxy || process.env.NO_PROXY || ''}`, `JOB_ID=${jobId}` ], Entrypoint: [ 'sh', '-c', '/usr/sbin/update-ca-certificates && /update-job-proxy' ], HostConfig: { NetworkMode: internalNetworkName } }); yield externalNetwork.connect({ Container: container.id }); core.info(`Created proxy container: ${container.id}`); return container; }); } } exports.ProxyBuilder = ProxyBuilder; /***/ }), /***/ 1179: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.UpdaterBuilder = void 0; const core = __importStar(__nccwpck_require__(2186)); const container_service_1 = __nccwpck_require__(2429); const JOB_OUTPUT_FILENAME = 'output.json'; const JOB_OUTPUT_PATH = '/home/dependabot/dependabot-updater/output'; const JOB_INPUT_FILENAME = 'job.json'; const JOB_INPUT_PATH = `/home/dependabot/dependabot-updater`; const REPO_CONTENTS_PATH = '/home/dependabot/dependabot-updater/repo'; const CA_CERT_INPUT_PATH = '/usr/local/share/ca-certificates'; const CA_CERT_FILENAME = 'dbot-ca.crt'; const UPDATER_MAX_MEMORY = 8 * 1024 * 1024 * 1024; // 8GB in bytes class UpdaterBuilder { constructor(docker, jobParams, input, outputHostPath, proxy, repoHostPath, updaterImage) { this.docker = docker; this.jobParams = jobParams; this.input = input; this.outputHostPath = outputHostPath; this.proxy = proxy; this.repoHostPath = repoHostPath; this.updaterImage = updaterImage; } run(containerName, updaterCommand) { return __awaiter(this, void 0, void 0, function* () { const cmd = `(echo > /etc/ca-certificates.conf) &&\ rm -Rf /usr/share/ca-certificates/ &&\ /usr/sbin/update-ca-certificates &&\ $DEPENDABOT_HOME/dependabot-updater/bin/run ${updaterCommand}`; const proxyUrl = yield this.proxy.url(); const container = yield this.docker.createContainer({ Image: this.updaterImage, name: containerName, AttachStdout: true, AttachStderr: true, Env: [ `GITHUB_ACTIONS=${process.env.GITHUB_ACTIONS}`, `DEPENDABOT_JOB_ID=${this.jobParams.jobId}`, `DEPENDABOT_JOB_TOKEN=${this.jobParams.jobToken}`, `DEPENDABOT_JOB_PATH=${JOB_INPUT_PATH}/${JOB_INPUT_FILENAME}`, `DEPENDABOT_OPEN_TIMEOUT_IN_SECONDS=15`, `DEPENDABOT_OUTPUT_PATH=${JOB_OUTPUT_PATH}/${JOB_OUTPUT_FILENAME}`, `DEPENDABOT_REPO_CONTENTS_PATH=${REPO_CONTENTS_PATH}`, `DEPENDABOT_API_URL=${this.jobParams.dependabotApiDockerUrl}`, `SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt`, `http_proxy=${proxyUrl}`, `HTTP_PROXY=${proxyUrl}`, `https_proxy=${proxyUrl}`, `HTTPS_PROXY=${proxyUrl}`, `ENABLE_CONNECTIVITY_CHECK=1` ], Cmd: ['sh', '-c', cmd], HostConfig: { Memory: UPDATER_MAX_MEMORY, NetworkMode: this.proxy.networkName, Binds: [ `${this.outputHostPath}:${JOB_OUTPUT_PATH}:rw`, `${this.repoHostPath}:${REPO_CONTENTS_PATH}:rw` ] } }); yield container_service_1.ContainerService.storeCert(CA_CERT_FILENAME, CA_CERT_INPUT_PATH, container, this.proxy.cert); yield container_service_1.ContainerService.storeInput(JOB_INPUT_FILENAME, JOB_INPUT_PATH, container, this.input); core.info(`Created ${updaterCommand} container: ${container.id}`); return container; }); } } exports.UpdaterBuilder = UpdaterBuilder; /***/ }), /***/ 4186: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { if (k2 === undefined) k2 = k; Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); }) : (function(o, m, k, k2) { if (k2 === undefined) k2 = k; o[k2] = m[k]; })); var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { Object.defineProperty(o, "default", { enumerable: true, value: v }); }) : function(o, v) { o["default"] = v; }); var __importStar = (this && this.__importStar) || function (mod) { if (mod && mod.__esModule) return mod; var result = {}; if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); __setModuleDefault(result, mod); return result; }; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.Updater = exports.UpdaterFetchError = void 0; const core = __importStar(__nccwpck_require__(2186)); const dockerode_1 = __importDefault(__nccwpck_require__(4571)); const path_1 = __importDefault(__nccwpck_require__(5622)); const fs_1 = __importDefault(__nccwpck_require__(5747)); const container_service_1 = __nccwpck_require__(2429); const utils_1 = __nccwpck_require__(1314); const proxy_1 = __nccwpck_require__(7364); const updater_builder_1 = __nccwpck_require__(1179); class UpdaterFetchError extends Error { constructor(msg) { super(msg); Object.setPrototypeOf(this, UpdaterFetchError.prototype); } } exports.UpdaterFetchError = UpdaterFetchError; class Updater { constructor(updaterImage, proxyImage, apiClient, details, credentials, workingDirectory) { this.updaterImage = updaterImage; this.proxyImage = proxyImage; this.apiClient = apiClient; this.details = details; this.credentials = credentials; this.workingDirectory = workingDirectory; this.docker = new dockerode_1.default(); this.outputHostPath = path_1.default.join(workingDirectory, 'output'); this.repoHostPath = path_1.default.join(workingDirectory, 'repo'); } /** * Execute an update job and report the result to Dependabot API. */ runUpdater() { return __awaiter(this, void 0, void 0, function* () { // Create required folders in the workingDirectory fs_1.default.mkdirSync(this.outputHostPath); fs_1.default.mkdirSync(this.repoHostPath); const proxy = yield new proxy_1.ProxyBuilder(this.docker, this.proxyImage).run(this.apiClient.params.jobId, this.credentials); yield proxy.container.start(); try { const files = yield this.runFileFetcher(proxy); yield this.runFileUpdater(proxy, files); return true; } finally { yield this.cleanup(proxy); } }); } runFileFetcher(proxy) { return __awaiter(this, void 0, void 0, function* () { const name = `dependabot-job-${this.apiClient.params.jobId}-file-fetcher`; const container = yield this.createContainer(proxy, name, 'fetch_files', { job: this.details }); yield container_service_1.ContainerService.run(container); const outputPath = path_1.default.join(this.outputHostPath, 'output.json'); if (!fs_1.default.existsSync(outputPath)) { throw new UpdaterFetchError('No output.json created by the fetcher container'); } const fileFetcherSync = fs_1.default.readFileSync(outputPath).toString(); const fileFetcherOutput = JSON.parse(fileFetcherSync); const fetchedFiles = { base_commit_sha: fileFetcherOutput.base_commit_sha, base64_dependency_files: fileFetcherOutput.base64_dependency_files, dependency_files: fileFetcherOutput.base64_dependency_files.map((file) => utils_1.base64DecodeDependencyFile(file)) }; return fetchedFiles; }); } runFileUpdater(proxy, files) { return __awaiter(this, void 0, void 0, function* () { core.info(`Running update job ${this.apiClient.params.jobId}`); const name = `dependabot-job-${this.apiClient.params.jobId}-updater`; const containerInput = { base_commit_sha: files.base_commit_sha, base64_dependency_files: files.base64_dependency_files, dependency_files: files.dependency_files, job: this.details }; const container = yield this.createContainer(proxy, name, 'update_files', containerInput); yield container_service_1.ContainerService.run(container); }); } createContainer(proxy, containerName, updaterCommand, input) { return __awaiter(this, void 0, void 0, function* () { return new updater_builder_1.UpdaterBuilder(this.docker, this.apiClient.params, input, this.outputHostPath, proxy, this.repoHostPath, this.updaterImage).run(containerName, updaterCommand); }); } cleanup(proxy) { return __awaiter(this, void 0, void 0, function* () { yield proxy.shutdown(); if (fs_1.default.existsSync(this.outputHostPath)) { fs_1.default.rmdirSync(this.outputHostPath, { recursive: true }); } if (fs_1.default.existsSync(this.repoHostPath)) { fs_1.default.rmdirSync(this.repoHostPath, { recursive: true }); } }); } } exports.Updater = Updater; /***/ }), /***/ 1314: /***/ (function(__unused_webpack_module, exports, __nccwpck_require__) { "use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", ({ value: true })); exports.errStream = exports.outStream = exports.base64DecodeDependencyFile = void 0; const stream_1 = __importDefault(__nccwpck_require__(2413)); const base64Decode = (str) => Buffer.from(str, 'base64').toString('binary'); const base64DecodeDependencyFile = (file) => { const fileCopy = JSON.parse(JSON.stringify(file)); fileCopy.content = base64Decode(fileCopy.content); return fileCopy; }; exports.base64DecodeDependencyFile = base64DecodeDependencyFile; const outStream = (prefix) => { return new stream_1.default.Writable({ write(chunk, _, next) { process.stderr.write(`${prefix} | ${chunk.toString()}`); next(); } }); }; exports.outStream = outStream; const errStream = (prefix) => { return new stream_1.default.Writable({ write(chunk, _, next) { process.stderr.write(`${prefix} | ${chunk.toString()}`); next(); } }); }; exports.errStream = errStream; /***/ }), /***/ 4240: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { module.exports = require(__nccwpck_require__.ab + "build/Release/cpufeatures.node") /***/ }), /***/ 9041: /***/ ((module, __unused_webpack_exports, __nccwpck_require__) => { module.exports = require(__nccwpck_require__.ab + "lib/protocol/crypto/build/Release/sshcrypto.node") /***/ }), /***/ 2877: /***/ ((module) => { module.exports = eval("require")("encoding"); /***/ }), /***/ 8661: /***/ ((module) => { "use strict"; module.exports = JSON.parse('[[[0,44],"disallowed_STD3_valid"],[[45,46],"valid"],[[47,47],"disallowed_STD3_valid"],[[48,57],"valid"],[[58,64],"disallowed_STD3_valid"],[[65,65],"mapped",[97]],[[66,66],"mapped",[98]],[[67,67],"mapped",[99]],[[68,68],"mapped",[100]],[[69,69],"mapped",[101]],[[70,70],"mapped",[102]],[[71,71],"mapped",[103]],[[72,72],"mapped",[104]],[[73,73],"mapped",[105]],[[74,74],"mapped",[106]],[[75,75],"mapped",[107]],[[76,76],"mapped",[108]],[[77,77],"mapped",[109]],[[78,78],"mapped",[110]],[[79,79],"mapped",[111]],[[80,80],"mapped",[112]],[[81,81],"mapped",[113]],[[82,82],"mapped",[114]],[[83,83],"mapped",[115]],[[84,84],"mapped",[116]],[[85,85],"mapped",[117]],[[86,86],"mapped",[118]],[[87,87],"mapped",[119]],[[88,88],"mapped",[120]],[[89,89],"mapped",[121]],[[90,90],"mapped",[122]],[[91,96],"disallowed_STD3_valid"],[[97,122],"valid"],[[123,127],"disallowed_STD3_valid"],[[128,159],"disallowed"],[[160,160],"disallowed_STD3_mapped",[32]],[[161,167],"valid",[],"NV8"],[[168,168],"disallowed_STD3_mapped",[32,776]],[[169,169],"valid",[],"NV8"],[[170,170],"mapped",[97]],[[171,172],"valid",[],"NV8"],[[173,173],"ignored"],[[174,174],"valid",[],"NV8"],[[175,175],"disallowed_STD3_mapped",[32,772]],[[176,177],"valid",[],"NV8"],[[178,178],"mapped",[50]],[[179,179],"mapped",[51]],[[180,180],"disallowed_STD3_mapped",[32,769]],[[181,181],"mapped",[956]],[[182,182],"valid",[],"NV8"],[[183,183],"valid"],[[184,184],"disallowed_STD3_mapped",[32,807]],[[185,185],"mapped",[49]],[[186,186],"mapped",[111]],[[187,187],"valid",[],"NV8"],[[188,188],"mapped",[49,8260,52]],[[189,189],"mapped",[49,8260,50]],[[190,190],"mapped",[51,8260,52]],[[191,191],"valid",[],"NV8"],[[192,192],"mapped",[224]],[[193,193],"mapped",[225]],[[194,194],"mapped",[226]],[[195,195],"mapped",[227]],[[196,196],"mapped",[228]],[[197,197],"mapped",[229]],[[198,198],"mapped",[230]],[[199,199],"mapped",[231]],[[200,200],"mapped",[232]],[[201,201],"mapped",[233]],[[202,202],"mapped",[234]],[[203,203],"mapped",[235]],[[204,204],"mapped",[236]],[[205,205],"mapped",[237]],[[206,206],"mapped",[238]],[[207,207],"mapped",[239]],[[208,208],"mapped",[240]],[[209,209],"mapped",[241]],[[210,210],"mapped",[242]],[[211,211],"mapped",[243]],[[212,212],"mapped",[244]],[[213,213],"mapped",[245]],[[214,214],"mapped",[246]],[[215,215],"valid",[],"NV8"],[[216,216],"mapped",[248]],[[217,217],"mapped",[249]],[[218,218],"mapped",[250]],[[219,219],"mapped",[251]],[[220,220],"mapped",[252]],[[221,221],"mapped",[253]],[[222,222],"mapped",[254]],[[223,223],"deviation",[115,115]],[[224,246],"valid"],[[247,247],"valid",[],"NV8"],[[248,255],"valid"],[[256,256],"mapped",[257]],[[257,257],"valid"],[[258,258],"mapped",[259]],[[259,259],"valid"],[[260,260],"mapped",[261]],[[261,261],"valid"],[[262,262],"mapped",[263]],[[263,263],"valid"],[[264,264],"mapped",[265]],[[265,265],"valid"],[[266,266],"mapped",[267]],[[267,267],"valid"],[[268,268],"mapped",[269]],[[269,269],"valid"],[[270,270],"mapped",[271]],[[271,271],"valid"],[[272,272],"mapped",[273]],[[273,273],"valid"],[[274,274],"mapped",[275]],[[275,275],"valid"],[[276,276],"mapped",[277]],[[277,277],"valid"],[[278,278],"mapped",[279]],[[279,279],"valid"],[[280,280],"mapped",[281]],[[281,281],"valid"],[[282,282],"mapped",[283]],[[283,283],"valid"],[[284,284],"mapped",[285]],[[285,285],"valid"],[[286,286],"mapped",[287]],[[287,287],"valid"],[[288,288],"mapped",[289]],[[289,289],"valid"],[[290,290],"mapped",[291]],[[291,291],"valid"],[[292,292],"mapped",[293]],[[293,293],"valid"],[[294,294],"mapped",[295]],[[295,295],"valid"],[[296,296],"mapped",[297]],[[297,297],"valid"],[[298,298],"mapped",[299]],[[299,299],"valid"],[[300,300],"mapped",[301]],[[301,301],"valid"],[[302,302],"mapped",[303]],[[303,303],"valid"],[[304,304],"mapped",[105,775]],[[305,305],"valid"],[[306,307],"mapped",[105,106]],[[308,308],"mapped",[309]],[[309,309],"valid"],[[310,310],"mapped",[311]],[[311,312],"valid"],[[313,313],"mapped",[314]],[[314,314],"valid"],[[315,315],"mapped",[316]],[[316,316],"valid"],[[317,317],"mapped",[318]],[[318,318],"valid"],[[319,320],"mapped",[108,183]],[[321,321],"mapped",[322]],[[322,322],"valid"],[[323,323],"mapped",[324]],[[324,324],"valid"],[[325,325],"mapped",[326]],[[326,326],"valid"],[[327,327],"mapped",[328]],[[328,328],"valid"],[[329,329],"mapped",[700,110]],[[330,330],"mapped",[331]],[[331,331],"valid"],[[332,332],"mapped",[333]],[[333,333],"valid"],[[334,334],"mapped",[335]],[[335,335],"valid"],[[336,336],"mapped",[337]],[[337,337],"valid"],[[338,338],"mapped",[339]],[[339,339],"valid"],[[340,340],"mapped",[341]],[[341,341],"valid"],[[342,342],"mapped",[343]],[[343,343],"valid"],[[344,344],"mapped",[345]],[[345,345],"valid"],[[346,346],"mapped",[347]],[[347,347],"valid"],[[348,348],"mapped",[349]],[[349,349],"valid"],[[350,350],"mapped",[351]],[[351,351],"valid"],[[352,352],"mapped",[353]],[[353,353],"valid"],[[354,354],"mapped",[355]],[[355,355],"valid"],[[356,356],"mapped",[357]],[[357,357],"valid"],[[358,358],"mapped",[359]],[[359,359],"valid"],[[360,360],"mapped",[361]],[[361,361],"valid"],[[362,362],"mapped",[363]],[[363,363],"valid"],[[364,364],"mapped",[365]],[[365,365],"valid"],[[366,366],"mapped",[367]],[[367,367],"valid"],[[368,368],"mapped",[369]],[[369,369],"valid"],[[370,370],"mapped",[371]],[[371,371],"valid"],[[372,372],"mapped",[373]],[[373,373],"valid"],[[374,374],"mapped",[375]],[[375,375],"valid"],[[376,376],"mapped",[255]],[[377,377],"mapped",[378]],[[378,378],"valid"],[[379,379],"mapped",[380]],[[380,380],"valid"],[[381,381],"mapped",[382]],[[382,382],"valid"],[[383,383],"mapped",[115]],[[384,384],"valid"],[[385,385],"mapped",[595]],[[386,386],"mapped",[387]],[[387,387],"valid"],[[388,388],"mapped",[389]],[[389,389],"valid"],[[390,390],"mapped",[596]],[[391,391],"mapped",[392]],[[392,392],"valid"],[[393,393],"mapped",[598]],[[394,394],"mapped",[599]],[[395,395],"mapped",[396]],[[396,397],"valid"],[[398,398],"mapped",[477]],[[399,399],"mapped",[601]],[[400,400],"mapped",[603]],[[401,401],"mapped",[402]],[[402,402],"valid"],[[403,403],"mapped",[608]],[[404,404],"mapped",[611]],[[405,405],"valid"],[[406,406],"mapped",[617]],[[407,407],"mapped",[616]],[[408,408],"mapped",[409]],[[409,411],"valid"],[[412,412],"mapped",[623]],[[413,413],"mapped",[626]],[[414,414],"valid"],[[415,415],"mapped",[629]],[[416,416],"mapped",[417]],[[417,417],"valid"],[[418,418],"mapped",[419]],[[419,419],"valid"],[[420,420],"mapped",[421]],[[421,421],"valid"],[[422,422],"mapped",[640]],[[423,423],"mapped",[424]],[[424,424],"valid"],[[425,425],"mapped",[643]],[[426,427],"valid"],[[428,428],"mapped",[429]],[[429,429],"valid"],[[430,430],"mapped",[648]],[[431,431],"mapped",[432]],[[432,432],"valid"],[[433,433],"mapped",[650]],[[434,434],"mapped",[651]],[[435,435],"mapped",[436]],[[436,436],"valid"],[[437,437],"mapped",[438]],[[438,438],"valid"],[[439,439],"mapped",[658]],[[440,440],"mapped",[441]],[[441,443],"valid"],[[444,444],"mapped",[445]],[[445,451],"valid"],[[452,454],"mapped",[100,382]],[[455,457],"mapped",[108,106]],[[458,460],"mapped",[110,106]],[[461,461],"mapped",[462]],[[462,462],"valid"],[[463,463],"mapped",[464]],[[464,464],"valid"],[[465,465],"mapped",[466]],[[466,466],"valid"],[[467,467],"mapped",[468]],[[468,468],"valid"],[[469,469],"mapped",[470]],[[470,470],"valid"],[[471,471],"mapped",[472]],[[472,472],"valid"],[[473,473],"mapped",[474]],[[474,474],"valid"],[[475,475],"mapped",[476]],[[476,477],"valid"],[[478,478],"mapped",[479]],[[479,479],"valid"],[[480,480],"mapped",[481]],[[481,481],"valid"],[[482,482],"mapped",[483]],[[483,483],"valid"],[[484,484],"mapped",[485]],[[485,485],"valid"],[[486,486],"mapped",[487]],[[487,487],"valid"],[[488,488],"mapped",[489]],[[489,489],"valid"],[[490,490],"mapped",[491]],[[491,491],"valid"],[[492,492],"mapped",[493]],[[493,493],"valid"],[[494,494],"mapped",[495]],[[495,496],"valid"],[[497,499],"mapped",[100,122]],[[500,500],"mapped",[501]],[[501,501],"valid"],[[502,502],"mapped",[405]],[[503,503],"mapped",[447]],[[504,504],"mapped",[505]],[[505,505],"valid"],[[506,506],"mapped",[507]],[[507,507],"valid"],[[508,508],"mapped",[509]],[[509,509],"valid"],[[510,510],"mapped",[511]],[[511,511],"valid"],[[512,512],"mapped",[513]],[[513,513],"valid"],[[514,514],"mapped",[515]],[[515,515],"valid"],[[516,516],"mapped",[517]],[[517,517],"valid"],[[518,518],"mapped",[519]],[[519,519],"valid"],[[520,520],"mapped",[521]],[[521,521],"valid"],[[522,522],"mapped",[523]],[[523,523],"valid"],[[524,524],"mapped",[525]],[[525,525],"valid"],[[526,526],"mapped",[527]],[[527,527],"valid"],[[528,528],"mapped",[529]],[[529,529],"valid"],[[530,530],"mapped",[531]],[[531,531],"valid"],[[532,532],"mapped",[533]],[[533,533],"valid"],[[534,534],"mapped",[535]],[[535,535],"valid"],[[536,536],"mapped",[537]],[[537,537],"valid"],[[538,538],"mapped",[539]],[[539,539],"valid"],[[540,540],"mapped",[541]],[[541,541],"valid"],[[542,542],"mapped",[543]],[[543,543],"valid"],[[544,544],"mapped",[414]],[[545,545],"valid"],[[546,546],"mapped",[547]],[[547,547],"valid"],[[548,548],"mapped",[549]],[[549,549],"valid"],[[550,550],"mapped",[551]],[[551,551],"valid"],[[552,552],"mapped",[553]],[[553,553],"valid"],[[554,554],"mapped",[555]],[[555,555],"valid"],[[556,556],"mapped",[557]],[[557,557],"valid"],[[558,558],"mapped",[559]],[[559,559],"valid"],[[560,560],"mapped",[561]],[[561,561],"valid"],[[562,562],"mapped",[563]],[[563,563],"valid"],[[564,566],"valid"],[[567,569],"valid"],[[570,570],"mapped",[11365]],[[571,571],"mapped",[572]],[[572,572],"valid"],[[573,573],"mapped",[410]],[[574,574],"mapped",[11366]],[[575,576],"valid"],[[577,577],"mapped",[578]],[[578,578],"valid"],[[579,579],"mapped",[384]],[[580,580],"mapped",[649]],[[581,581],"mapped",[652]],[[582,582],"mapped",[583]],[[583,583],"valid"],[[584,584],"mapped",[585]],[[585,585],"valid"],[[586,586],"mapped",[587]],[[587,587],"valid"],[[588,588],"mapped",[589]],[[589,589],"valid"],[[590,590],"mapped",[591]],[[591,591],"valid"],[[592,680],"valid"],[[681,685],"valid"],[[686,687],"valid"],[[688,688],"mapped",[104]],[[689,689],"mapped",[614]],[[690,690],"mapped",[106]],[[691,691],"mapped",[114]],[[692,692],"mapped",[633]],[[693,693],"mapped",[635]],[[694,694],"mapped",[641]],[[695,695],"mapped",[119]],[[696,696],"mapped",[121]],[[697,705],"valid"],[[706,709],"valid",[],"NV8"],[[710,721],"valid"],[[722,727],"valid",[],"NV8"],[[728,728],"disallowed_STD3_mapped",[32,774]],[[729,729],"disallowed_STD3_mapped",[32,775]],[[730,730],"disallowed_STD3_mapped",[32,778]],[[731,731],"disallowed_STD3_mapped",[32,808]],[[732,732],"disallowed_STD3_mapped",[32,771]],[[733,733],"disallowed_STD3_mapped",[32,779]],[[734,734],"valid",[],"NV8"],[[735,735],"valid",[],"NV8"],[[736,736],"mapped",[611]],[[737,737],"mapped",[108]],[[738,738],"mapped",[115]],[[739,739],"mapped",[120]],[[740,740],"mapped",[661]],[[741,745],"valid",[],"NV8"],[[746,747],"valid",[],"NV8"],[[748,748],"valid"],[[749,749],"valid",[],"NV8"],[[750,750],"valid"],[[751,767],"valid",[],"NV8"],[[768,831],"valid"],[[832,832],"mapped",[768]],[[833,833],"mapped",[769]],[[834,834],"valid"],[[835,835],"mapped",[787]],[[836,836],"mapped",[776,769]],[[837,837],"mapped",[953]],[[838,846],"valid"],[[847,847],"ignored"],[[848,855],"valid"],[[856,860],"valid"],[[861,863],"valid"],[[864,865],"valid"],[[866,866],"valid"],[[867,879],"valid"],[[880,880],"mapped",[881]],[[881,881],"valid"],[[882,882],"mapped",[883]],[[883,883],"valid"],[[884,884],"mapped",[697]],[[885,885],"valid"],[[886,886],"mapped",[887]],[[887,887],"valid"],[[888,889],"disallowed"],[[890,890],"disallowed_STD3_mapped",[32,953]],[[891,893],"valid"],[[894,894],"disallowed_STD3_mapped",[59]],[[895,895],"mapped",[1011]],[[896,899],"disallowed"],[[900,900],"disallowed_STD3_mapped",[32,769]],[[901,901],"disallowed_STD3_mapped",[32,776,769]],[[902,902],"mapped",[940]],[[903,903],"mapped",[183]],[[904,904],"mapped",[941]],[[905,905],"mapped",[942]],[[906,906],"mapped",[943]],[[907,907],"disallowed"],[[908,908],"mapped",[972]],[[909,909],"disallowed"],[[910,910],"mapped",[973]],[[911,911],"mapped",[974]],[[912,912],"valid"],[[913,913],"mapped",[945]],[[914,914],"mapped",[946]],[[915,915],"mapped",[947]],[[916,916],"mapped",[948]],[[917,917],"mapped",[949]],[[918,918],"mapped",[950]],[[919,919],"mapped",[951]],[[920,920],"mapped",[952]],[[921,921],"mapped",[953]],[[922,922],"mapped",[954]],[[923,923],"mapped",[955]],[[924,924],"mapped",[956]],[[925,925],"mapped",[957]],[[926,926],"mapped",[958]],[[927,927],"mapped",[959]],[[928,928],"mapped",[960]],[[929,929],"mapped",[961]],[[930,930],"disallowed"],[[931,931],"mapped",[963]],[[932,932],"mapped",[964]],[[933,933],"mapped",[965]],[[934,934],"mapped",[966]],[[935,935],"mapped",[967]],[[936,936],"mapped",[968]],[[937,937],"mapped",[969]],[[938,938],"mapped",[970]],[[939,939],"mapped",[971]],[[940,961],"valid"],[[962,962],"deviation",[963]],[[963,974],"valid"],[[975,975],"mapped",[983]],[[976,976],"mapped",[946]],[[977,977],"mapped",[952]],[[978,978],"mapped",[965]],[[979,979],"mapped",[973]],[[980,980],"mapped",[971]],[[981,981],"mapped",[966]],[[982,982],"mapped",[960]],[[983,983],"valid"],[[984,984],"mapped",[985]],[[985,985],"valid"],[[986,986],"mapped",[987]],[[987,987],"valid"],[[988,988],"mapped",[989]],[[989,989],"valid"],[[990,990],"mapped",[991]],[[991,991],"valid"],[[992,992],"mapped",[993]],[[993,993],"valid"],[[994,994],"mapped",[995]],[[995,995],"valid"],[[996,996],"mapped",[997]],[[997,997],"valid"],[[998,998],"mapped",[999]],[[999,999],"valid"],[[1000,1000],"mapped",[1001]],[[1001,1001],"valid"],[[1002,1002],"mapped",[1003]],[[1003,1003],"valid"],[[1004,1004],"mapped",[1005]],[[1005,1005],"valid"],[[1006,1006],"mapped",[1007]],[[1007,1007],"valid"],[[1008,1008],"mapped",[954]],[[1009,1009],"mapped",[961]],[[1010,1010],"mapped",[963]],[[1011,1011],"valid"],[[1012,1012],"mapped",[952]],[[1013,1013],"mapped",[949]],[[1014,1014],"valid",[],"NV8"],[[1015,1015],"mapped",[1016]],[[1016,1016],"valid"],[[1017,1017],"mapped",[963]],[[1018,1018],"mapped",[1019]],[[1019,1019],"valid"],[[1020,1020],"valid"],[[1021,1021],"mapped",[891]],[[1022,1022],"mapped",[892]],[[1023,1023],"mapped",[893]],[[1024,1024],"mapped",[1104]],[[1025,1025],"mapped",[1105]],[[1026,1026],"mapped",[1106]],[[1027,1027],"mapped",[1107]],[[1028,1028],"mapped",[1108]],[[1029,1029],"mapped",[1109]],[[1030,1030],"mapped",[1110]],[[1031,1031],"mapped",[1111]],[[1032,1032],"mapped",[1112]],[[1033,1033],"mapped",[1113]],[[1034,1034],"mapped",[1114]],[[1035,1035],"mapped",[1115]],[[1036,1036],"mapped",[1116]],[[1037,1037],"mapped",[1117]],[[1038,1038],"mapped",[1118]],[[1039,1039],"mapped",[1119]],[[1040,1040],"mapped",[1072]],[[1041,1041],"mapped",[1073]],[[1042,1042],"mapped",[1074]],[[1043,1043],"mapped",[1075]],[[1044,1044],"mapped",[1076]],[[1045,1045],"mapped",[1077]],[[1046,1046],"mapped",[1078]],[[1047,1047],"mapped",[1079]],[[1048,1048],"mapped",[1080]],[[1049,1049],"mapped",[1081]],[[1050,1050],"mapped",[1082]],[[1051,1051],"mapped",[1083]],[[1052,1052],"mapped",[1084]],[[1053,1053],"mapped",[1085]],[[1054,1054],"mapped",[1086]],[[1055,1055],"mapped",[1087]],[[1056,1056],"mapped",[1088]],[[1057,1057],"mapped",[1089]],[[1058,1058],"mapped",[1090]],[[1059,1059],"mapped",[1091]],[[1060,1060],"mapped",[1092]],[[1061,1061],"mapped",[1093]],[[1062,1062],"mapped",[1094]],[[1063,1063],"mapped",[1095]],[[1064,1064],"mapped",[1096]],[[1065,1065],"mapped",[1097]],[[1066,1066],"mapped",[1098]],[[1067,1067],"mapped",[1099]],[[1068,1068],"mapped",[1100]],[[1069,1069],"mapped",[1101]],[[1070,1070],"mapped",[1102]],[[1071,1071],"mapped",[1103]],[[1072,1103],"valid"],[[1104,1104],"valid"],[[1105,1116],"valid"],[[1117,1117],"valid"],[[1118,1119],"valid"],[[1120,1120],"mapped",[1121]],[[1121,1121],"valid"],[[1122,1122],"mapped",[1123]],[[1123,1123],"valid"],[[1124,1124],"mapped",[1125]],[[1125,1125],"valid"],[[1126,1126],"mapped",[1127]],[[1127,1127],"valid"],[[1128,1128],"mapped",[1129]],[[1129,1129],"valid"],[[1130,1130],"mapped",[1131]],[[1131,1131],"valid"],[[1132,1132],"mapped",[1133]],[[1133,1133],"valid"],[[1134,1134],"mapped",[1135]],[[1135,1135],"valid"],[[1136,1136],"mapped",[1137]],[[1137,1137],"valid"],[[1138,1138],"mapped",[1139]],[[1139,1139],"valid"],[[1140,1140],"mapped",[1141]],[[1141,1141],"valid"],[[1142,1142],"mapped",[1143]],[[1143,1143],"valid"],[[1144,1144],"mapped",[1145]],[[1145,1145],"valid"],[[1146,1146],"mapped",[1147]],[[1147,1147],"valid"],[[1148,1148],"mapped",[1149]],[[1149,1149],"valid"],[[1150,1150],"mapped",[1151]],[[1151,1151],"valid"],[[1152,1152],"mapped",[1153]],[[1153,1153],"valid"],[[1154,1154],"valid",[],"NV8"],[[1155,1158],"valid"],[[1159,1159],"valid"],[[1160,1161],"valid",[],"NV8"],[[1162,1162],"mapped",[1163]],[[1163,1163],"valid"],[[1164,1164],"mapped",[1165]],[[1165,1165],"valid"],[[1166,1166],"mapped",[1167]],[[1167,1167],"valid"],[[1168,1168],"mapped",[1169]],[[1169,1169],"valid"],[[1170,1170],"mapped",[1171]],[[1171,1171],"valid"],[[1172,1172],"mapped",[1173]],[[1173,1173],"valid"],[[1174,1174],"mapped",[1175]],[[1175,1175],"valid"],[[1176,1176],"mapped",[1177]],[[1177,1177],"valid"],[[1178,1178],"mapped",[1179]],[[1179,1179],"valid"],[[1180,1180],"mapped",[1181]],[[1181,1181],"valid"],[[1182,1182],"mapped",[1183]],[[1183,1183],"valid"],[[1184,1184],"mapped",[1185]],[[1185,1185],"valid"],[[1186,1186],"mapped",[1187]],[[1187,1187],"valid"],[[1188,1188],"mapped",[1189]],[[1189,1189],"valid"],[[1190,1190],"mapped",[1191]],[[1191,1191],"valid"],[[1192,1192],"mapped",[1193]],[[1193,1193],"valid"],[[1194,1194],"mapped",[1195]],[[1195,1195],"valid"],[[1196,1196],"mapped",[1197]],[[1197,1197],"valid"],[[1198,1198],"mapped",[1199]],[[1199,1199],"valid"],[[1200,1200],"mapped",[1201]],[[1201,1201],"valid"],[[1202,1202],"mapped",[1203]],[[1203,1203],"valid"],[[1204,1204],"mapped",[1205]],[[1205,1205],"valid"],[[1206,1206],"mapped",[1207]],[[1207,1207],"valid"],[[1208,1208],"mapped",[1209]],[[1209,1209],"valid"],[[1210,1210],"mapped",[1211]],[[1211,1211],"valid"],[[1212,1212],"mapped",[1213]],[[1213,1213],"valid"],[[1214,1214],"mapped",[1215]],[[1215,1215],"valid"],[[1216,1216],"disallowed"],[[1217,1217],"mapped",[1218]],[[1218,1218],"valid"],[[1219,1219],"mapped",[1220]],[[1220,1220],"valid"],[[1221,1221],"mapped",[1222]],[[1222,1222],"valid"],[[1223,1223],"mapped",[1224]],[[1224,1224],"valid"],[[1225,1225],"mapped",[1226]],[[1226,1226],"valid"],[[1227,1227],"mapped",[1228]],[[1228,1228],"valid"],[[1229,1229],"mapped",[1230]],[[1230,1230],"valid"],[[1231,1231],"valid"],[[1232,1232],"mapped",[1233]],[[1233,1233],"valid"],[[1234,1234],"mapped",[1235]],[[1235,1235],"valid"],[[1236,1236],"mapped",[1237]],[[1237,1237],"valid"],[[1238,1238],"mapped",[1239]],[[1239,1239],"valid"],[[1240,1240],"mapped",[1241]],[[1241,1241],"valid"],[[1242,1242],"mapped",[1243]],[[1243,1243],"valid"],[[1244,1244],"mapped",[1245]],[[1245,1245],"valid"],[[1246,1246],"mapped",[1247]],[[1247,1247],"valid"],[[1248,1248],"mapped",[1249]],[[1249,1249],"valid"],[[1250,1250],"mapped",[1251]],[[1251,1251],"valid"],[[1252,1252],"mapped",[1253]],[[1253,1253],"valid"],[[1254,1254],"mapped",[1255]],[[1255,1255],"valid"],[[1256,1256],"mapped",[1257]],[[1257,1257],"valid"],[[1258,1258],"mapped",[1259]],[[1259,1259],"valid"],[[1260,1260],"mapped",[1261]],[[1261,1261],"valid"],[[1262,1262],"mapped",[1263]],[[1263,1263],"valid"],[[1264,1264],"mapped",[1265]],[[1265,1265],"valid"],[[1266,1266],"mapped",[1267]],[[1267,1267],"valid"],[[1268,1268],"mapped",[1269]],[[1269,1269],"valid"],[[1270,1270],"mapped",[1271]],[[1271,1271],"valid"],[[1272,1272],"mapped",[1273]],[[1273,1273],"valid"],[[1274,1274],"mapped",[1275]],[[1275,1275],"valid"],[[1276,1276],"mapped",[1277]],[[1277,1277],"valid"],[[1278,1278],"mapped",[1279]],[[1279,1279],"valid"],[[1280,1280],"mapped",[1281]],[[1281,1281],"valid"],[[1282,1282],"mapped",[1283]],[[1283,1283],"valid"],[[1284,1284],"mapped",[1285]],[[1285,1285],"valid"],[[1286,1286],"mapped",[1287]],[[1287,1287],"valid"],[[1288,1288],"mapped",[1289]],[[1289,1289],"valid"],[[1290,1290],"mapped",[1291]],[[1291,1291],"valid"],[[1292,1292],"mapped",[1293]],[[1293,1293],"valid"],[[1294,1294],"mapped",[1295]],[[1295,1295],"valid"],[[1296,1296],"mapped",[1297]],[[1297,1297],"valid"],[[1298,1298],"mapped",[1299]],[[1299,1299],"valid"],[[1300,1300],"mapped",[1301]],[[1301,1301],"valid"],[[1302,1302],"mapped",[1303]],[[1303,1303],"valid"],[[1304,1304],"mapped",[1305]],[[1305,1305],"valid"],[[1306,1306],"mapped",[1307]],[[1307,1307],"valid"],[[1308,1308],"mapped",[1309]],[[1309,1309],"valid"],[[1310,1310],"mapped",[1311]],[[1311,1311],"valid"],[[1312,1312],"mapped",[1313]],[[1313,1313],"valid"],[[1314,1314],"mapped",[1315]],[[1315,1315],"valid"],[[1316,1316],"mapped",[1317]],[[1317,1317],"valid"],[[1318,1318],"mapped",[1319]],[[1319,1319],"valid"],[[1320,1320],"mapped",[1321]],[[1321,1321],"valid"],[[1322,1322],"mapped",[1323]],[[1323,1323],"valid"],[[1324,1324],"mapped",[1325]],[[1325,1325],"valid"],[[1326,1326],"mapped",[1327]],[[1327,1327],"valid"],[[1328,1328],"disallowed"],[[1329,1329],"mapped",[1377]],[[1330,1330],"mapped",[1378]],[[1331,1331],"mapped",[1379]],[[1332,1332],"mapped",[1380]],[[1333,1333],"mapped",[1381]],[[1334,1334],"mapped",[1382]],[[1335,1335],"mapped",[1383]],[[1336,1336],"mapped",[1384]],[[1337,1337],"mapped",[1385]],[[1338,1338],"mapped",[1386]],[[1339,1339],"mapped",[1387]],[[1340,1340],"mapped",[1388]],[[1341,1341],"mapped",[1389]],[[1342,1342],"mapped",[1390]],[[1343,1343],"mapped",[1391]],[[1344,1344],"mapped",[1392]],[[1345,1345],"mapped",[1393]],[[1346,1346],"mapped",[1394]],[[1347,1347],"mapped",[1395]],[[1348,1348],"mapped",[1396]],[[1349,1349],"mapped",[1397]],[[1350,1350],"mapped",[1398]],[[1351,1351],"mapped",[1399]],[[1352,1352],"mapped",[1400]],[[1353,1353],"mapped",[1401]],[[1354,1354],"mapped",[1402]],[[1355,1355],"mapped",[1403]],[[1356,1356],"mapped",[1404]],[[1357,1357],"mapped",[1405]],[[1358,1358],"mapped",[1406]],[[1359,1359],"mapped",[1407]],[[1360,1360],"mapped",[1408]],[[1361,1361],"mapped",[1409]],[[1362,1362],"mapped",[1410]],[[1363,1363],"mapped",[1411]],[[1364,1364],"mapped",[1412]],[[1365,1365],"mapped",[1413]],[[1366,1366],"mapped",[1414]],[[1367,1368],"disallowed"],[[1369,1369],"valid"],[[1370,1375],"valid",[],"NV8"],[[1376,1376],"disallowed"],[[1377,1414],"valid"],[[1415,1415],"mapped",[1381,1410]],[[1416,1416],"disallowed"],[[1417,1417],"valid",[],"NV8"],[[1418,1418],"valid",[],"NV8"],[[1419,1420],"disallowed"],[[1421,1422],"valid",[],"NV8"],[[1423,1423],"valid",[],"NV8"],[[1424,1424],"disallowed"],[[1425,1441],"valid"],[[1442,1442],"valid"],[[1443,1455],"valid"],[[1456,1465],"valid"],[[1466,1466],"valid"],[[1467,1469],"valid"],[[1470,1470],"valid",[],"NV8"],[[1471,1471],"valid"],[[1472,1472],"valid",[],"NV8"],[[1473,1474],"valid"],[[1475,1475],"valid",[],"NV8"],[[1476,1476],"valid"],[[1477,1477],"valid"],[[1478,1478],"valid",[],"NV8"],[[1479,1479],"valid"],[[1480,1487],"disallowed"],[[1488,1514],"valid"],[[1515,1519],"disallowed"],[[1520,1524],"valid"],[[1525,1535],"disallowed"],[[1536,1539],"disallowed"],[[1540,1540],"disallowed"],[[1541,1541],"disallowed"],[[1542,1546],"valid",[],"NV8"],[[1547,1547],"valid",[],"NV8"],[[1548,1548],"valid",[],"NV8"],[[1549,1551],"valid",[],"NV8"],[[1552,1557],"valid"],[[1558,1562],"valid"],[[1563,1563],"valid",[],"NV8"],[[1564,1564],"disallowed"],[[1565,1565],"disallowed"],[[1566,1566],"valid",[],"NV8"],[[1567,1567],"valid",[],"NV8"],[[1568,1568],"valid"],[[1569,1594],"valid"],[[1595,1599],"valid"],[[1600,1600],"valid",[],"NV8"],[[1601,1618],"valid"],[[1619,1621],"valid"],[[1622,1624],"valid"],[[1625,1630],"valid"],[[1631,1631],"valid"],[[1632,1641],"valid"],[[1642,1645],"valid",[],"NV8"],[[1646,1647],"valid"],[[1648,1652],"valid"],[[1653,1653],"mapped",[1575,1652]],[[1654,1654],"mapped",[1608,1652]],[[1655,1655],"mapped",[1735,1652]],[[1656,1656],"mapped",[1610,1652]],[[1657,1719],"valid"],[[1720,1721],"valid"],[[1722,1726],"valid"],[[1727,1727],"valid"],[[1728,1742],"valid"],[[1743,1743],"valid"],[[1744,1747],"valid"],[[1748,1748],"valid",[],"NV8"],[[1749,1756],"valid"],[[1757,1757],"disallowed"],[[1758,1758],"valid",[],"NV8"],[[1759,1768],"valid"],[[1769,1769],"valid",[],"NV8"],[[1770,1773],"valid"],[[1774,1775],"valid"],[[1776,1785],"valid"],[[1786,1790],"valid"],[[1791,1791],"valid"],[[1792,1805],"valid",[],"NV8"],[[1806,1806],"disallowed"],[[1807,1807],"disallowed"],[[1808,1836],"valid"],[[1837,1839],"valid"],[[1840,1866],"valid"],[[1867,1868],"disallowed"],[[1869,1871],"valid"],[[1872,1901],"valid"],[[1902,1919],"valid"],[[1920,1968],"valid"],[[1969,1969],"valid"],[[1970,1983],"disallowed"],[[1984,2037],"valid"],[[2038,2042],"valid",[],"NV8"],[[2043,2047],"disallowed"],[[2048,2093],"valid"],[[2094,2095],"disallowed"],[[2096,2110],"valid",[],"NV8"],[[2111,2111],"disallowed"],[[2112,2139],"valid"],[[2140,2141],"disallowed"],[[2142,2142],"valid",[],"NV8"],[[2143,2207],"disallowed"],[[2208,2208],"valid"],[[2209,2209],"valid"],[[2210,2220],"valid"],[[2221,2226],"valid"],[[2227,2228],"valid"],[[2229,2274],"disallowed"],[[2275,2275],"valid"],[[2276,2302],"valid"],[[2303,2303],"valid"],[[2304,2304],"valid"],[[2305,2307],"valid"],[[2308,2308],"valid"],[[2309,2361],"valid"],[[2362,2363],"valid"],[[2364,2381],"valid"],[[2382,2382],"valid"],[[2383,2383],"valid"],[[2384,2388],"valid"],[[2389,2389],"valid"],[[2390,2391],"valid"],[[2392,2392],"mapped",[2325,2364]],[[2393,2393],"mapped",[2326,2364]],[[2394,2394],"mapped",[2327,2364]],[[2395,2395],"mapped",[2332,2364]],[[2396,2396],"mapped",[2337,2364]],[[2397,2397],"mapped",[2338,2364]],[[2398,2398],"mapped",[2347,2364]],[[2399,2399],"mapped",[2351,2364]],[[2400,2403],"valid"],[[2404,2405],"valid",[],"NV8"],[[2406,2415],"valid"],[[2416,2416],"valid",[],"NV8"],[[2417,2418],"valid"],[[2419,2423],"valid"],[[2424,2424],"valid"],[[2425,2426],"valid"],[[2427,2428],"valid"],[[2429,2429],"valid"],[[2430,2431],"valid"],[[2432,2432],"valid"],[[2433,2435],"valid"],[[2436,2436],"disallowed"],[[2437,2444],"valid"],[[2445,2446],"disallowed"],[[2447,2448],"valid"],[[2449,2450],"disallowed"],[[2451,2472],"valid"],[[2473,2473],"disallowed"],[[2474,2480],"valid"],[[2481,2481],"disallowed"],[[2482,2482],"valid"],[[2483,2485],"disallowed"],[[2486,2489],"valid"],[[2490,2491],"disallowed"],[[2492,2492],"valid"],[[2493,2493],"valid"],[[2494,2500],"valid"],[[2501,2502],"disallowed"],[[2503,2504],"valid"],[[2505,2506],"disallowed"],[[2507,2509],"valid"],[[2510,2510],"valid"],[[2511,2518],"disallowed"],[[2519,2519],"valid"],[[2520,2523],"disallowed"],[[2524,2524],"mapped",[2465,2492]],[[2525,2525],"mapped",[2466,2492]],[[2526,2526],"disallowed"],[[2527,2527],"mapped",[2479,2492]],[[2528,2531],"valid"],[[2532,2533],"disallowed"],[[2534,2545],"valid"],[[2546,2554],"valid",[],"NV8"],[[2555,2555],"valid",[],"NV8"],[[2556,2560],"disallowed"],[[2561,2561],"valid"],[[2562,2562],"valid"],[[2563,2563],"valid"],[[2564,2564],"disallowed"],[[2565,2570],"valid"],[[2571,2574],"disallowed"],[[2575,2576],"valid"],[[2577,2578],"disallowed"],[[2579,2600],"valid"],[[2601,2601],"disallowed"],[[2602,2608],"valid"],[[2609,2609],"disallowed"],[[2610,2610],"valid"],[[2611,2611],"mapped",[2610,2620]],[[2612,2612],"disallowed"],[[2613,2613],"valid"],[[2614,2614],"mapped",[2616,2620]],[[2615,2615],"disallowed"],[[2616,2617],"valid"],[[2618,2619],"disallowed"],[[2620,2620],"valid"],[[2621,2621],"disallowed"],[[2622,2626],"valid"],[[2627,2630],"disallowed"],[[2631,2632],"valid"],[[2633,2634],"disallowed"],[[2635,2637],"valid"],[[2638,2640],"disallowed"],[[2641,2641],"valid"],[[2642,2648],"disallowed"],[[2649,2649],"mapped",[2582,2620]],[[2650,2650],"mapped",[2583,2620]],[[2651,2651],"mapped",[2588,2620]],[[2652,2652],"valid"],[[2653,2653],"disallowed"],[[2654,2654],"mapped",[2603,2620]],[[2655,2661],"disallowed"],[[2662,2676],"valid"],[[2677,2677],"valid"],[[2678,2688],"disallowed"],[[2689,2691],"valid"],[[2692,2692],"disallowed"],[[2693,2699],"valid"],[[2700,2700],"valid"],[[2701,2701],"valid"],[[2702,2702],"disallowed"],[[2703,2705],"valid"],[[2706,2706],"disallowed"],[[2707,2728],"valid"],[[2729,2729],"disallowed"],[[2730,2736],"valid"],[[2737,2737],"disallowed"],[[2738,2739],"valid"],[[2740,2740],"disallowed"],[[2741,2745],"valid"],[[2746,2747],"disallowed"],[[2748,2757],"valid"],[[2758,2758],"disallowed"],[[2759,2761],"valid"],[[2762,2762],"disallowed"],[[2763,2765],"valid"],[[2766,2767],"disallowed"],[[2768,2768],"valid"],[[2769,2783],"disallowed"],[[2784,2784],"valid"],[[2785,2787],"valid"],[[2788,2789],"disallowed"],[[2790,2799],"valid"],[[2800,2800],"valid",[],"NV8"],[[2801,2801],"valid",[],"NV8"],[[2802,2808],"disallowed"],[[2809,2809],"valid"],[[2810,2816],"disallowed"],[[2817,2819],"valid"],[[2820,2820],"disallowed"],[[2821,2828],"valid"],[[2829,2830],"disallowed"],[[2831,2832],"valid"],[[2833,2834],"disallowed"],[[2835,2856],"valid"],[[2857,2857],"disallowed"],[[2858,2864],"valid"],[[2865,2865],"disallowed"],[[2866,2867],"valid"],[[2868,2868],"disallowed"],[[2869,2869],"valid"],[[2870,2873],"valid"],[[2874,2875],"disallowed"],[[2876,2883],"valid"],[[2884,2884],"valid"],[[2885,2886],"disallowed"],[[2887,2888],"valid"],[[2889,2890],"disallowed"],[[2891,2893],"valid"],[[2894,2901],"disallowed"],[[2902,2903],"valid"],[[2904,2907],"disallowed"],[[2908,2908],"mapped",[2849,2876]],[[2909,2909],"mapped",[2850,2876]],[[2910,2910],"disallowed"],[[2911,2913],"valid"],[[2914,2915],"valid"],[[2916,2917],"disallowed"],[[2918,2927],"valid"],[[2928,2928],"valid",[],"NV8"],[[2929,2929],"valid"],[[2930,2935],"valid",[],"NV8"],[[2936,2945],"disallowed"],[[2946,2947],"valid"],[[2948,2948],"disallowed"],[[2949,2954],"valid"],[[2955,2957],"disallowed"],[[2958,2960],"valid"],[[2961,2961],"disallowed"],[[2962,2965],"valid"],[[2966,2968],"disallowed"],[[2969,2970],"valid"],[[2971,2971],"disallowed"],[[2972,2972],"valid"],[[2973,2973],"disallowed"],[[2974,2975],"valid"],[[2976,2978],"disallowed"],[[2979,2980],"valid"],[[2981,2983],"disallowed"],[[2984,2986],"valid"],[[2987,2989],"disallowed"],[[2990,2997],"valid"],[[2998,2998],"valid"],[[2999,3001],"valid"],[[3002,3005],"disallowed"],[[3006,3010],"valid"],[[3011,3013],"disallowed"],[[3014,3016],"valid"],[[3017,3017],"disallowed"],[[3018,3021],"valid"],[[3022,3023],"disallowed"],[[3024,3024],"valid"],[[3025,3030],"disallowed"],[[3031,3031],"valid"],[[3032,3045],"disallowed"],[[3046,3046],"valid"],[[3047,3055],"valid"],[[3056,3058],"valid",[],"NV8"],[[3059,3066],"valid",[],"NV8"],[[3067,3071],"disallowed"],[[3072,3072],"valid"],[[3073,3075],"valid"],[[3076,3076],"disallowed"],[[3077,3084],"valid"],[[3085,3085],"disallowed"],[[3086,3088],"valid"],[[3089,3089],"disallowed"],[[3090,3112],"valid"],[[3113,3113],"disallowed"],[[3114,3123],"valid"],[[3124,3124],"valid"],[[3125,3129],"valid"],[[3130,3132],"disallowed"],[[3133,3133],"valid"],[[3134,3140],"valid"],[[3141,3141],"disallowed"],[[3142,3144],"valid"],[[3145,3145],"disallowed"],[[3146,3149],"valid"],[[3150,3156],"disallowed"],[[3157,3158],"valid"],[[3159,3159],"disallowed"],[[3160,3161],"valid"],[[3162,3162],"valid"],[[3163,3167],"disallowed"],[[3168,3169],"valid"],[[3170,3171],"valid"],[[3172,3173],"disallowed"],[[3174,3183],"valid"],[[3184,3191],"disallowed"],[[3192,3199],"valid",[],"NV8"],[[3200,3200],"disallowed"],[[3201,3201],"valid"],[[3202,3203],"valid"],[[3204,3204],"disallowed"],[[3205,3212],"valid"],[[3213,3213],"disallowed"],[[3214,3216],"valid"],[[3217,3217],"disallowed"],[[3218,3240],"valid"],[[3241,3241],"disallowed"],[[3242,3251],"valid"],[[3252,3252],"disallowed"],[[3253,3257],"valid"],[[3258,3259],"disallowed"],[[3260,3261],"valid"],[[3262,3268],"valid"],[[3269,3269],"disallowed"],[[3270,3272],"valid"],[[3273,3273],"disallowed"],[[3274,3277],"valid"],[[3278,3284],"disallowed"],[[3285,3286],"valid"],[[3287,3293],"disallowed"],[[3294,3294],"valid"],[[3295,3295],"disallowed"],[[3296,3297],"valid"],[[3298,3299],"valid"],[[3300,3301],"disallowed"],[[3302,3311],"valid"],[[3312,3312],"disallowed"],[[3313,3314],"valid"],[[3315,3328],"disallowed"],[[3329,3329],"valid"],[[3330,3331],"valid"],[[3332,3332],"disallowed"],[[3333,3340],"valid"],[[3341,3341],"disallowed"],[[3342,3344],"valid"],[[3345,3345],"disallowed"],[[3346,3368],"valid"],[[3369,3369],"valid"],[[3370,3385],"valid"],[[3386,3386],"valid"],[[3387,3388],"disallowed"],[[3389,3389],"valid"],[[3390,3395],"valid"],[[3396,3396],"valid"],[[3397,3397],"disallowed"],[[3398,3400],"valid"],[[3401,3401],"disallowed"],[[3402,3405],"valid"],[[3406,3406],"valid"],[[3407,3414],"disallowed"],[[3415,3415],"valid"],[[3416,3422],"disallowed"],[[3423,3423],"valid"],[[3424,3425],"valid"],[[3426,3427],"valid"],[[3428,3429],"disallowed"],[[3430,3439],"valid"],[[3440,3445],"valid",[],"NV8"],[[3446,3448],"disallowed"],[[3449,3449],"valid",[],"NV8"],[[3450,3455],"valid"],[[3456,3457],"disallowed"],[[3458,3459],"valid"],[[3460,3460],"disallowed"],[[3461,3478],"valid"],[[3479,3481],"disallowed"],[[3482,3505],"valid"],[[3506,3506],"disallowed"],[[3507,3515],"valid"],[[3516,3516],"disallowed"],[[3517,3517],"valid"],[[3518,3519],"disallowed"],[[3520,3526],"valid"],[[3527,3529],"disallowed"],[[3530,3530],"valid"],[[3531,3534],"disallowed"],[[3535,3540],"valid"],[[3541,3541],"disallowed"],[[3542,3542],"valid"],[[3543,3543],"disallowed"],[[3544,3551],"valid"],[[3552,3557],"disallowed"],[[3558,3567],"valid"],[[3568,3569],"disallowed"],[[3570,3571],"valid"],[[3572,3572],"valid",[],"NV8"],[[3573,3584],"disallowed"],[[3585,3634],"valid"],[[3635,3635],"mapped",[3661,3634]],[[3636,3642],"valid"],[[3643,3646],"disallowed"],[[3647,3647],"valid",[],"NV8"],[[3648,3662],"valid"],[[3663,3663],"valid",[],"NV8"],[[3664,3673],"valid"],[[3674,3675],"valid",[],"NV8"],[[3676,3712],"disallowed"],[[3713,3714],"valid"],[[3715,3715],"disallowed"],[[3716,3716],"valid"],[[3717,3718],"disallowed"],[[3719,3720],"valid"],[[3721,3721],"disallowed"],[[3722,3722],"valid"],[[3723,3724],"disallowed"],[[3725,3725],"valid"],[[3726,3731],"disallowed"],[[3732,3735],"valid"],[[3736,3736],"disallowed"],[[3737,3743],"valid"],[[3744,3744],"disallowed"],[[3745,3747],"valid"],[[3748,3748],"disallowed"],[[3749,3749],"valid"],[[3750,3750],"disallowed"],[[3751,3751],"valid"],[[3752,3753],"disallowed"],[[3754,3755],"valid"],[[3756,3756],"disallowed"],[[3757,3762],"valid"],[[3763,3763],"mapped",[3789,3762]],[[3764,3769],"valid"],[[3770,3770],"disallowed"],[[3771,3773],"valid"],[[3774,3775],"disallowed"],[[3776,3780],"valid"],[[3781,3781],"disallowed"],[[3782,3782],"valid"],[[3783,3783],"disallowed"],[[3784,3789],"valid"],[[3790,3791],"disallowed"],[[3792,3801],"valid"],[[3802,3803],"disallowed"],[[3804,3804],"mapped",[3755,3737]],[[3805,3805],"mapped",[3755,3745]],[[3806,3807],"valid"],[[3808,3839],"disallowed"],[[3840,3840],"valid"],[[3841,3850],"valid",[],"NV8"],[[3851,3851],"valid"],[[3852,3852],"mapped",[3851]],[[3853,3863],"valid",[],"NV8"],[[3864,3865],"valid"],[[3866,3871],"valid",[],"NV8"],[[3872,3881],"valid"],[[3882,3892],"valid",[],"NV8"],[[3893,3893],"valid"],[[3894,3894],"valid",[],"NV8"],[[3895,3895],"valid"],[[3896,3896],"valid",[],"NV8"],[[3897,3897],"valid"],[[3898,3901],"valid",[],"NV8"],[[3902,3906],"valid"],[[3907,3907],"mapped",[3906,4023]],[[3908,3911],"valid"],[[3912,3912],"disallowed"],[[3913,3916],"valid"],[[3917,3917],"mapped",[3916,4023]],[[3918,3921],"valid"],[[3922,3922],"mapped",[3921,4023]],[[3923,3926],"valid"],[[3927,3927],"mapped",[3926,4023]],[[3928,3931],"valid"],[[3932,3932],"mapped",[3931,4023]],[[3933,3944],"valid"],[[3945,3945],"mapped",[3904,4021]],[[3946,3946],"valid"],[[3947,3948],"valid"],[[3949,3952],"disallowed"],[[3953,3954],"valid"],[[3955,3955],"mapped",[3953,3954]],[[3956,3956],"valid"],[[3957,3957],"mapped",[3953,3956]],[[3958,3958],"mapped",[4018,3968]],[[3959,3959],"mapped",[4018,3953,3968]],[[3960,3960],"mapped",[4019,3968]],[[3961,3961],"mapped",[4019,3953,3968]],[[3962,3968],"valid"],[[3969,3969],"mapped",[3953,3968]],[[3970,3972],"valid"],[[3973,3973],"valid",[],"NV8"],[[3974,3979],"valid"],[[3980,3983],"valid"],[[3984,3986],"valid"],[[3987,3987],"mapped",[3986,4023]],[[3988,3989],"valid"],[[3990,3990],"valid"],[[3991,3991],"valid"],[[3992,3992],"disallowed"],[[3993,3996],"valid"],[[3997,3997],"mapped",[3996,4023]],[[3998,4001],"valid"],[[4002,4002],"mapped",[4001,4023]],[[4003,4006],"valid"],[[4007,4007],"mapped",[4006,4023]],[[4008,4011],"valid"],[[4012,4012],"mapped",[4011,4023]],[[4013,4013],"valid"],[[4014,4016],"valid"],[[4017,4023],"valid"],[[4024,4024],"valid"],[[4025,4025],"mapped",[3984,4021]],[[4026,4028],"valid"],[[4029,4029],"disallowed"],[[4030,4037],"valid",[],"NV8"],[[4038,4038],"valid"],[[4039,4044],"valid",[],"NV8"],[[4045,4045],"disallowed"],[[4046,4046],"valid",[],"NV8"],[[4047,4047],"valid",[],"NV8"],[[4048,4049],"valid",[],"NV8"],[[4050,4052],"valid",[],"NV8"],[[4053,4056],"valid",[],"NV8"],[[4057,4058],"valid",[],"NV8"],[[4059,4095],"disallowed"],[[4096,4129],"valid"],[[4130,4130],"valid"],[[4131,4135],"valid"],[[4136,4136],"valid"],[[4137,4138],"valid"],[[4139,4139],"valid"],[[4140,4146],"valid"],[[4147,4149],"valid"],[[4150,4153],"valid"],[[4154,4159],"valid"],[[4160,4169],"valid"],[[4170,4175],"valid",[],"NV8"],[[4176,4185],"valid"],[[4186,4249],"valid"],[[4250,4253],"valid"],[[4254,4255],"valid",[],"NV8"],[[4256,4293],"disallowed"],[[4294,4294],"disallowed"],[[4295,4295],"mapped",[11559]],[[4296,4300],"disallowed"],[[4301,4301],"mapped",[11565]],[[4302,4303],"disallowed"],[[4304,4342],"valid"],[[4343,4344],"valid"],[[4345,4346],"valid"],[[4347,4347],"valid",[],"NV8"],[[4348,4348],"mapped",[4316]],[[4349,4351],"valid"],[[4352,4441],"valid",[],"NV8"],[[4442,4446],"valid",[],"NV8"],[[4447,4448],"disallowed"],[[4449,4514],"valid",[],"NV8"],[[4515,4519],"valid",[],"NV8"],[[4520,4601],"valid",[],"NV8"],[[4602,4607],"valid",[],"NV8"],[[4608,4614],"valid"],[[4615,4615],"valid"],[[4616,4678],"valid"],[[4679,4679],"valid"],[[4680,4680],"valid"],[[4681,4681],"disallowed"],[[4682,4685],"valid"],[[4686,4687],"disallowed"],[[4688,4694],"valid"],[[4695,4695],"disallowed"],[[4696,4696],"valid"],[[4697,4697],"disallowed"],[[4698,4701],"valid"],[[4702,4703],"disallowed"],[[4704,4742],"valid"],[[4743,4743],"valid"],[[4744,4744],"valid"],[[4745,4745],"disallowed"],[[4746,4749],"valid"],[[4750,4751],"disallowed"],[[4752,4782],"valid"],[[4783,4783],"valid"],[[4784,4784],"valid"],[[4785,4785],"disallowed"],[[4786,4789],"valid"],[[4790,4791],"disallowed"],[[4792,4798],"valid"],[[4799,4799],"disallowed"],[[4800,4800],"valid"],[[4801,4801],"disallowed"],[[4802,4805],"valid"],[[4806,4807],"disallowed"],[[4808,4814],"valid"],[[4815,4815],"valid"],[[4816,4822],"valid"],[[4823,4823],"disallowed"],[[4824,4846],"valid"],[[4847,4847],"valid"],[[4848,4878],"valid"],[[4879,4879],"valid"],[[4880,4880],"valid"],[[4881,4881],"disallowed"],[[4882,4885],"valid"],[[4886,4887],"disallowed"],[[4888,4894],"valid"],[[4895,4895],"valid"],[[4896,4934],"valid"],[[4935,4935],"valid"],[[4936,4954],"valid"],[[4955,4956],"disallowed"],[[4957,4958],"valid"],[[4959,4959],"valid"],[[4960,4960],"valid",[],"NV8"],[[4961,4988],"valid",[],"NV8"],[[4989,4991],"disallowed"],[[4992,5007],"valid"],[[5008,5017],"valid",[],"NV8"],[[5018,5023],"disallowed"],[[5024,5108],"valid"],[[5109,5109],"valid"],[[5110,5111],"disallowed"],[[5112,5112],"mapped",[5104]],[[5113,5113],"mapped",[5105]],[[5114,5114],"mapped",[5106]],[[5115,5115],"mapped",[5107]],[[5116,5116],"mapped",[5108]],[[5117,5117],"mapped",[5109]],[[5118,5119],"disallowed"],[[5120,5120],"valid",[],"NV8"],[[5121,5740],"valid"],[[5741,5742],"valid",[],"NV8"],[[5743,5750],"valid"],[[5751,5759],"valid"],[[5760,5760],"disallowed"],[[5761,5786],"valid"],[[5787,5788],"valid",[],"NV8"],[[5789,5791],"disallowed"],[[5792,5866],"valid"],[[5867,5872],"valid",[],"NV8"],[[5873,5880],"valid"],[[5881,5887],"disallowed"],[[5888,5900],"valid"],[[5901,5901],"disallowed"],[[5902,5908],"valid"],[[5909,5919],"disallowed"],[[5920,5940],"valid"],[[5941,5942],"valid",[],"NV8"],[[5943,5951],"disallowed"],[[5952,5971],"valid"],[[5972,5983],"disallowed"],[[5984,5996],"valid"],[[5997,5997],"disallowed"],[[5998,6000],"valid"],[[6001,6001],"disallowed"],[[6002,6003],"valid"],[[6004,6015],"disallowed"],[[6016,6067],"valid"],[[6068,6069],"disallowed"],[[6070,6099],"valid"],[[6100,6102],"valid",[],"NV8"],[[6103,6103],"valid"],[[6104,6107],"valid",[],"NV8"],[[6108,6108],"valid"],[[6109,6109],"valid"],[[6110,6111],"disallowed"],[[6112,6121],"valid"],[[6122,6127],"disallowed"],[[6128,6137],"valid",[],"NV8"],[[6138,6143],"disallowed"],[[6144,6149],"valid",[],"NV8"],[[6150,6150],"disallowed"],[[6151,6154],"valid",[],"NV8"],[[6155,6157],"ignored"],[[6158,6158],"disallowed"],[[6159,6159],"disallowed"],[[6160,6169],"valid"],[[6170,6175],"disallowed"],[[6176,6263],"valid"],[[6264,6271],"disallowed"],[[6272,6313],"valid"],[[6314,6314],"valid"],[[6315,6319],"disallowed"],[[6320,6389],"valid"],[[6390,6399],"disallowed"],[[6400,6428],"valid"],[[6429,6430],"valid"],[[6431,6431],"disallowed"],[[6432,6443],"valid"],[[6444,6447],"disallowed"],[[6448,6459],"valid"],[[6460,6463],"disallowed"],[[6464,6464],"valid",[],"NV8"],[[6465,6467],"disallowed"],[[6468,6469],"valid",[],"NV8"],[[6470,6509],"valid"],[[6510,6511],"disallowed"],[[6512,6516],"valid"],[[6517,6527],"disallowed"],[[6528,6569],"valid"],[[6570,6571],"valid"],[[6572,6575],"disallowed"],[[6576,6601],"valid"],[[6602,6607],"disallowed"],[[6608,6617],"valid"],[[6618,6618],"valid",[],"XV8"],[[6619,6621],"disallowed"],[[6622,6623],"valid",[],"NV8"],[[6624,6655],"valid",[],"NV8"],[[6656,6683],"valid"],[[6684,6685],"disallowed"],[[6686,6687],"valid",[],"NV8"],[[6688,6750],"valid"],[[6751,6751],"disallowed"],[[6752,6780],"valid"],[[6781,6782],"disallowed"],[[6783,6793],"valid"],[[6794,6799],"disallowed"],[[6800,6809],"valid"],[[6810,6815],"disallowed"],[[6816,6822],"valid",[],"NV8"],[[6823,6823],"valid"],[[6824,6829],"valid",[],"NV8"],[[6830,6831],"disallowed"],[[6832,6845],"valid"],[[6846,6846],"valid",[],"NV8"],[[6847,6911],"disallowed"],[[6912,6987],"valid"],[[6988,6991],"disallowed"],[[6992,7001],"valid"],[[7002,7018],"valid",[],"NV8"],[[7019,7027],"valid"],[[7028,7036],"valid",[],"NV8"],[[7037,7039],"disallowed"],[[7040,7082],"valid"],[[7083,7085],"valid"],[[7086,7097],"valid"],[[7098,7103],"valid"],[[7104,7155],"valid"],[[7156,7163],"disallowed"],[[7164,7167],"valid",[],"NV8"],[[7168,7223],"valid"],[[7224,7226],"disallowed"],[[7227,7231],"valid",[],"NV8"],[[7232,7241],"valid"],[[7242,7244],"disallowed"],[[7245,7293],"valid"],[[7294,7295],"valid",[],"NV8"],[[7296,7359],"disallowed"],[[7360,7367],"valid",[],"NV8"],[[7368,7375],"disallowed"],[[7376,7378],"valid"],[[7379,7379],"valid",[],"NV8"],[[7380,7410],"valid"],[[7411,7414],"valid"],[[7415,7415],"disallowed"],[[7416,7417],"valid"],[[7418,7423],"disallowed"],[[7424,7467],"valid"],[[7468,7468],"mapped",[97]],[[7469,7469],"mapped",[230]],[[7470,7470],"mapped",[98]],[[7471,7471],"valid"],[[7472,7472],"mapped",[100]],[[7473,7473],"mapped",[101]],[[7474,7474],"mapped",[477]],[[7475,7475],"mapped",[103]],[[7476,7476],"mapped",[104]],[[7477,7477],"mapped",[105]],[[7478,7478],"mapped",[106]],[[7479,7479],"mapped",[107]],[[7480,7480],"mapped",[108]],[[7481,7481],"mapped",[109]],[[7482,7482],"mapped",[110]],[[7483,7483],"valid"],[[7484,7484],"mapped",[111]],[[7485,7485],"mapped",[547]],[[7486,7486],"mapped",[112]],[[7487,7487],"mapped",[114]],[[7488,7488],"mapped",[116]],[[7489,7489],"mapped",[117]],[[7490,7490],"mapped",[119]],[[7491,7491],"mapped",[97]],[[7492,7492],"mapped",[592]],[[7493,7493],"mapped",[593]],[[7494,7494],"mapped",[7426]],[[7495,7495],"mapped",[98]],[[7496,7496],"mapped",[100]],[[7497,7497],"mapped",[101]],[[7498,7498],"mapped",[601]],[[7499,7499],"mapped",[603]],[[7500,7500],"mapped",[604]],[[7501,7501],"mapped",[103]],[[7502,7502],"valid"],[[7503,7503],"mapped",[107]],[[7504,7504],"mapped",[109]],[[7505,7505],"mapped",[331]],[[7506,7506],"mapped",[111]],[[7507,7507],"mapped",[596]],[[7508,7508],"mapped",[7446]],[[7509,7509],"mapped",[7447]],[[7510,7510],"mapped",[112]],[[7511,7511],"mapped",[116]],[[7512,7512],"mapped",[117]],[[7513,7513],"mapped",[7453]],[[7514,7514],"mapped",[623]],[[7515,7515],"mapped",[118]],[[7516,7516],"mapped",[7461]],[[7517,7517],"mapped",[946]],[[7518,7518],"mapped",[947]],[[7519,7519],"mapped",[948]],[[7520,7520],"mapped",[966]],[[7521,7521],"mapped",[967]],[[7522,7522],"mapped",[105]],[[7523,7523],"mapped",[114]],[[7524,7524],"mapped",[117]],[[7525,7525],"mapped",[118]],[[7526,7526],"mapped",[946]],[[7527,7527],"mapped",[947]],[[7528,7528],"mapped",[961]],[[7529,7529],"mapped",[966]],[[7530,7530],"mapped",[967]],[[7531,7531],"valid"],[[7532,7543],"valid"],[[7544,7544],"mapped",[1085]],[[7545,7578],"valid"],[[7579,7579],"mapped",[594]],[[7580,7580],"mapped",[99]],[[7581,7581],"mapped",[597]],[[7582,7582],"mapped",[240]],[[7583,7583],"mapped",[604]],[[7584,7584],"mapped",[102]],[[7585,7585],"mapped",[607]],[[7586,7586],"mapped",[609]],[[7587,7587],"mapped",[613]],[[7588,7588],"mapped",[616]],[[7589,7589],"mapped",[617]],[[7590,7590],"mapped",[618]],[[7591,7591],"mapped",[7547]],[[7592,7592],"mapped",[669]],[[7593,7593],"mapped",[621]],[[7594,7594],"mapped",[7557]],[[7595,7595],"mapped",[671]],[[7596,7596],"mapped",[625]],[[7597,7597],"mapped",[624]],[[7598,7598],"mapped",[626]],[[7599,7599],"mapped",[627]],[[7600,7600],"mapped",[628]],[[7601,7601],"mapped",[629]],[[7602,7602],"mapped",[632]],[[7603,7603],"mapped",[642]],[[7604,7604],"mapped",[643]],[[7605,7605],"mapped",[427]],[[7606,7606],"mapped",[649]],[[7607,7607],"mapped",[650]],[[7608,7608],"mapped",[7452]],[[7609,7609],"mapped",[651]],[[7610,7610],"mapped",[652]],[[7611,7611],"mapped",[122]],[[7612,7612],"mapped",[656]],[[7613,7613],"mapped",[657]],[[7614,7614],"mapped",[658]],[[7615,7615],"mapped",[952]],[[7616,7619],"valid"],[[7620,7626],"valid"],[[7627,7654],"valid"],[[7655,7669],"valid"],[[7670,7675],"disallowed"],[[7676,7676],"valid"],[[7677,7677],"valid"],[[7678,7679],"valid"],[[7680,7680],"mapped",[7681]],[[7681,7681],"valid"],[[7682,7682],"mapped",[7683]],[[7683,7683],"valid"],[[7684,7684],"mapped",[7685]],[[7685,7685],"valid"],[[7686,7686],"mapped",[7687]],[[7687,7687],"valid"],[[7688,7688],"mapped",[7689]],[[7689,7689],"valid"],[[7690,7690],"mapped",[7691]],[[7691,7691],"valid"],[[7692,7692],"mapped",[7693]],[[7693,7693],"valid"],[[7694,7694],"mapped",[7695]],[[7695,7695],"valid"],[[7696,7696],"mapped",[7697]],[[7697,7697],"valid"],[[7698,7698],"mapped",[7699]],[[7699,7699],"valid"],[[7700,7700],"mapped",[7701]],[[7701,7701],"valid"],[[7702,7702],"mapped",[7703]],[[7703,7703],"valid"],[[7704,7704],"mapped",[7705]],[[7705,7705],"valid"],[[7706,7706],"mapped",[7707]],[[7707,7707],"valid"],[[7708,7708],"mapped",[7709]],[[7709,7709],"valid"],[[7710,7710],"mapped",[7711]],[[7711,7711],"valid"],[[7712,7712],"mapped",[7713]],[[7713,7713],"valid"],[[7714,7714],"mapped",[7715]],[[7715,7715],"valid"],[[7716,7716],"mapped",[7717]],[[7717,7717],"valid"],[[7718,7718],"mapped",[7719]],[[7719,7719],"valid"],[[7720,7720],"mapped",[7721]],[[7721,7721],"valid"],[[7722,7722],"mapped",[7723]],[[7723,7723],"valid"],[[7724,7724],"mapped",[7725]],[[7725,7725],"valid"],[[7726,7726],"mapped",[7727]],[[7727,7727],"valid"],[[7728,7728],"mapped",[7729]],[[7729,7729],"valid"],[[7730,7730],"mapped",[7731]],[[7731,7731],"valid"],[[7732,7732],"mapped",[7733]],[[7733,7733],"valid"],[[7734,7734],"mapped",[7735]],[[7735,7735],"valid"],[[7736,7736],"mapped",[7737]],[[7737,7737],"valid"],[[7738,7738],"mapped",[7739]],[[7739,7739],"valid"],[[7740,7740],"mapped",[7741]],[[7741,7741],"valid"],[[7742,7742],"mapped",[7743]],[[7743,7743],"valid"],[[7744,7744],"mapped",[7745]],[[7745,7745],"valid"],[[7746,7746],"mapped",[7747]],[[7747,7747],"valid"],[[7748,7748],"mapped",[7749]],[[7749,7749],"valid"],[[7750,7750],"mapped",[7751]],[[7751,7751],"valid"],[[7752,7752],"mapped",[7753]],[[7753,7753],"valid"],[[7754,7754],"mapped",[7755]],[[7755,7755],"valid"],[[7756,7756],"mapped",[7757]],[[7757,7757],"valid"],[[7758,7758],"mapped",[7759]],[[7759,7759],"valid"],[[7760,7760],"mapped",[7761]],[[7761,7761],"valid"],[[7762,7762],"mapped",[7763]],[[7763,7763],"valid"],[[7764,7764],"mapped",[7765]],[[7765,7765],"valid"],[[7766,7766],"mapped",[7767]],[[7767,7767],"valid"],[[7768,7768],"mapped",[7769]],[[7769,7769],"valid"],[[7770,7770],"mapped",[7771]],[[7771,7771],"valid"],[[7772,7772],"mapped",[7773]],[[7773,7773],"valid"],[[7774,7774],"mapped",[7775]],[[7775,7775],"valid"],[[7776,7776],"mapped",[7777]],[[7777,7777],"valid"],[[7778,7778],"mapped",[7779]],[[7779,7779],"valid"],[[7780,7780],"mapped",[7781]],[[7781,7781],"valid"],[[7782,7782],"mapped",[7783]],[[7783,7783],"valid"],[[7784,7784],"mapped",[7785]],[[7785,7785],"valid"],[[7786,7786],"mapped",[7787]],[[7787,7787],"valid"],[[7788,7788],"mapped",[7789]],[[7789,7789],"valid"],[[7790,7790],"mapped",[7791]],[[7791,7791],"valid"],[[7792,7792],"mapped",[7793]],[[7793,7793],"valid"],[[7794,7794],"mapped",[7795]],[[7795,7795],"valid"],[[7796,7796],"mapped",[7797]],[[7797,7797],"valid"],[[7798,7798],"mapped",[7799]],[[7799,7799],"valid"],[[7800,7800],"mapped",[7801]],[[7801,7801],"valid"],[[7802,7802],"mapped",[7803]],[[7803,7803],"valid"],[[7804,7804],"mapped",[7805]],[[7805,7805],"valid"],[[7806,7806],"mapped",[7807]],[[7807,7807],"valid"],[[7808,7808],"mapped",[7809]],[[7809,7809],"valid"],[[7810,7810],"mapped",[7811]],[[7811,7811],"valid"],[[7812,7812],"mapped",[7813]],[[7813,7813],"valid"],[[7814,7814],"mapped",[7815]],[[7815,7815],"valid"],[[7816,7816],"mapped",[7817]],[[7817,7817],"valid"],[[7818,7818],"mapped",[7819]],[[7819,7819],"valid"],[[7820,7820],"mapped",[7821]],[[7821,7821],"valid"],[[7822,7822],"mapped",[7823]],[[7823,7823],"valid"],[[7824,7824],"mapped",[7825]],[[7825,7825],"valid"],[[7826,7826],"mapped",[7827]],[[7827,7827],"valid"],[[7828,7828],"mapped",[7829]],[[7829,7833],"valid"],[[7834,7834],"mapped",[97,702]],[[7835,7835],"mapped",[7777]],[[7836,7837],"valid"],[[7838,7838],"mapped",[115,115]],[[7839,7839],"valid"],[[7840,7840],"mapped",[7841]],[[7841,7841],"valid"],[[7842,7842],"mapped",[7843]],[[7843,7843],"valid"],[[7844,7844],"mapped",[7845]],[[7845,7845],"valid"],[[7846,7846],"mapped",[7847]],[[7847,7847],"valid"],[[7848,7848],"mapped",[7849]],[[7849,7849],"valid"],[[7850,7850],"mapped",[7851]],[[7851,7851],"valid"],[[7852,7852],"mapped",[7853]],[[7853,7853],"valid"],[[7854,7854],"mapped",[7855]],[[7855,7855],"valid"],[[7856,7856],"mapped",[7857]],[[7857,7857],"valid"],[[7858,7858],"mapped",[7859]],[[7859,7859],"valid"],[[7860,7860],"mapped",[7861]],[[7861,7861],"valid"],[[7862,7862],"mapped",[7863]],[[7863,7863],"valid"],[[7864,7864],"mapped",[7865]],[[7865,7865],"valid"],[[7866,7866],"mapped",[7867]],[[7867,7867],"valid"],[[7868,7868],"mapped",[7869]],[[7869,7869],"valid"],[[7870,7870],"mapped",[7871]],[[7871,7871],"valid"],[[7872,7872],"mapped",[7873]],[[7873,7873],"valid"],[[7874,7874],"mapped",[7875]],[[7875,7875],"valid"],[[7876,7876],"mapped",[7877]],[[7877,7877],"valid"],[[7878,7878],"mapped",[7879]],[[7879,7879],"valid"],[[7880,7880],"mapped",[7881]],[[7881,7881],"valid"],[[7882,7882],"mapped",[7883]],[[7883,7883],"valid"],[[7884,7884],"mapped",[7885]],[[7885,7885],"valid"],[[7886,7886],"mapped",[7887]],[[7887,7887],"valid"],[[7888,7888],"mapped",[7889]],[[7889,7889],"valid"],[[7890,7890],"mapped",[7891]],[[7891,7891],"valid"],[[7892,7892],"mapped",[7893]],[[7893,7893],"valid"],[[7894,7894],"mapped",[7895]],[[7895,7895],"valid"],[[7896,7896],"mapped",[7897]],[[7897,7897],"valid"],[[7898,7898],"mapped",[7899]],[[7899,7899],"valid"],[[7900,7900],"mapped",[7901]],[[7901,7901],"valid"],[[7902,7902],"mapped",[7903]],[[7903,7903],"valid"],[[7904,7904],"mapped",[7905]],[[7905,7905],"valid"],[[7906,7906],"mapped",[7907]],[[7907,7907],"valid"],[[7908,7908],"mapped",[7909]],[[7909,7909],"valid"],[[7910,7910],"mapped",[7911]],[[7911,7911],"valid"],[[7912,7912],"mapped",[7913]],[[7913,7913],"valid"],[[7914,7914],"mapped",[7915]],[[7915,7915],"valid"],[[7916,7916],"mapped",[7917]],[[7917,7917],"valid"],[[7918,7918],"mapped",[7919]],[[7919,7919],"valid"],[[7920,7920],"mapped",[7921]],[[7921,7921],"valid"],[[7922,7922],"mapped",[7923]],[[7923,7923],"valid"],[[7924,7924],"mapped",[7925]],[[7925,7925],"valid"],[[7926,7926],"mapped",[7927]],[[7927,7927],"valid"],[[7928,7928],"mapped",[7929]],[[7929,7929],"valid"],[[7930,7930],"mapped",[7931]],[[7931,7931],"valid"],[[7932,7932],"mapped",[7933]],[[7933,7933],"valid"],[[7934,7934],"mapped",[7935]],[[7935,7935],"valid"],[[7936,7943],"valid"],[[7944,7944],"mapped",[7936]],[[7945,7945],"mapped",[7937]],[[7946,7946],"mapped",[7938]],[[7947,7947],"mapped",[7939]],[[7948,7948],"mapped",[7940]],[[7949,7949],"mapped",[7941]],[[7950,7950],"mapped",[7942]],[[7951,7951],"mapped",[7943]],[[7952,7957],"valid"],[[7958,7959],"disallowed"],[[7960,7960],"mapped",[7952]],[[7961,7961],"mapped",[7953]],[[7962,7962],"mapped",[7954]],[[7963,7963],"mapped",[7955]],[[7964,7964],"mapped",[7956]],[[7965,7965],"mapped",[7957]],[[7966,7967],"disallowed"],[[7968,7975],"valid"],[[7976,7976],"mapped",[7968]],[[7977,7977],"mapped",[7969]],[[7978,7978],"mapped",[7970]],[[7979,7979],"mapped",[7971]],[[7980,7980],"mapped",[7972]],[[7981,7981],"mapped",[7973]],[[7982,7982],"mapped",[7974]],[[7983,7983],"mapped",[7975]],[[7984,7991],"valid"],[[7992,7992],"mapped",[7984]],[[7993,7993],"mapped",[7985]],[[7994,7994],"mapped",[7986]],[[7995,7995],"mapped",[7987]],[[7996,7996],"mapped",[7988]],[[7997,7997],"mapped",[7989]],[[7998,7998],"mapped",[7990]],[[7999,7999],"mapped",[7991]],[[8000,8005],"valid"],[[8006,8007],"disallowed"],[[8008,8008],"mapped",[8000]],[[8009,8009],"mapped",[8001]],[[8010,8010],"mapped",[8002]],[[8011,8011],"mapped",[8003]],[[8012,8012],"mapped",[8004]],[[8013,8013],"mapped",[8005]],[[8014,8015],"disallowed"],[[8016,8023],"valid"],[[8024,8024],"disallowed"],[[8025,8025],"mapped",[8017]],[[8026,8026],"disallowed"],[[8027,8027],"mapped",[8019]],[[8028,8028],"disallowed"],[[8029,8029],"mapped",[8021]],[[8030,8030],"disallowed"],[[8031,8031],"mapped",[8023]],[[8032,8039],"valid"],[[8040,8040],"mapped",[8032]],[[8041,8041],"mapped",[8033]],[[8042,8042],"mapped",[8034]],[[8043,8043],"mapped",[8035]],[[8044,8044],"mapped",[8036]],[[8045,8045],"mapped",[8037]],[[8046,8046],"mapped",[8038]],[[8047,8047],"mapped",[8039]],[[8048,8048],"valid"],[[8049,8049],"mapped",[940]],[[8050,8050],"valid"],[[8051,8051],"mapped",[941]],[[8052,8052],"valid"],[[8053,8053],"mapped",[942]],[[8054,8054],"valid"],[[8055,8055],"mapped",[943]],[[8056,8056],"valid"],[[8057,8057],"mapped",[972]],[[8058,8058],"valid"],[[8059,8059],"mapped",[973]],[[8060,8060],"valid"],[[8061,8061],"mapped",[974]],[[8062,8063],"disallowed"],[[8064,8064],"mapped",[7936,953]],[[8065,8065],"mapped",[7937,953]],[[8066,8066],"mapped",[7938,953]],[[8067,8067],"mapped",[7939,953]],[[8068,8068],"mapped",[7940,953]],[[8069,8069],"mapped",[7941,953]],[[8070,8070],"mapped",[7942,953]],[[8071,8071],"mapped",[7943,953]],[[8072,8072],"mapped",[7936,953]],[[8073,8073],"mapped",[7937,953]],[[8074,8074],"mapped",[7938,953]],[[8075,8075],"mapped",[7939,953]],[[8076,8076],"mapped",[7940,953]],[[8077,8077],"mapped",[7941,953]],[[8078,8078],"mapped",[7942,953]],[[8079,8079],"mapped",[7943,953]],[[8080,8080],"mapped",[7968,953]],[[8081,8081],"mapped",[7969,953]],[[8082,8082],"mapped",[7970,953]],[[8083,8083],"mapped",[7971,953]],[[8084,8084],"mapped",[7972,953]],[[8085,8085],"mapped",[7973,953]],[[8086,8086],"mapped",[7974,953]],[[8087,8087],"mapped",[7975,953]],[[8088,8088],"mapped",[7968,953]],[[8089,8089],"mapped",[7969,953]],[[8090,8090],"mapped",[7970,953]],[[8091,8091],"mapped",[7971,953]],[[8092,8092],"mapped",[7972,953]],[[8093,8093],"mapped",[7973,953]],[[8094,8094],"mapped",[7974,953]],[[8095,8095],"mapped",[7975,953]],[[8096,8096],"mapped",[8032,953]],[[8097,8097],"mapped",[8033,953]],[[8098,8098],"mapped",[8034,953]],[[8099,8099],"mapped",[8035,953]],[[8100,8100],"mapped",[8036,953]],[[8101,8101],"mapped",[8037,953]],[[8102,8102],"mapped",[8038,953]],[[8103,8103],"mapped",[8039,953]],[[8104,8104],"mapped",[8032,953]],[[8105,8105],"mapped",[8033,953]],[[8106,8106],"mapped",[8034,953]],[[8107,8107],"mapped",[8035,953]],[[8108,8108],"mapped",[8036,953]],[[8109,8109],"mapped",[8037,953]],[[8110,8110],"mapped",[8038,953]],[[8111,8111],"mapped",[8039,953]],[[8112,8113],"valid"],[[8114,8114],"mapped",[8048,953]],[[8115,8115],"mapped",[945,953]],[[8116,8116],"mapped",[940,953]],[[8117,8117],"disallowed"],[[8118,8118],"valid"],[[8119,8119],"mapped",[8118,953]],[[8120,8120],"mapped",[8112]],[[8121,8121],"mapped",[8113]],[[8122,8122],"mapped",[8048]],[[8123,8123],"mapped",[940]],[[8124,8124],"mapped",[945,953]],[[8125,8125],"disallowed_STD3_mapped",[32,787]],[[8126,8126],"mapped",[953]],[[8127,8127],"disallowed_STD3_mapped",[32,787]],[[8128,8128],"disallowed_STD3_mapped",[32,834]],[[8129,8129],"disallowed_STD3_mapped",[32,776,834]],[[8130,8130],"mapped",[8052,953]],[[8131,8131],"mapped",[951,953]],[[8132,8132],"mapped",[942,953]],[[8133,8133],"disallowed"],[[8134,8134],"valid"],[[8135,8135],"mapped",[8134,953]],[[8136,8136],"mapped",[8050]],[[8137,8137],"mapped",[941]],[[8138,8138],"mapped",[8052]],[[8139,8139],"mapped",[942]],[[8140,8140],"mapped",[951,953]],[[8141,8141],"disallowed_STD3_mapped",[32,787,768]],[[8142,8142],"disallowed_STD3_mapped",[32,787,769]],[[8143,8143],"disallowed_STD3_mapped",[32,787,834]],[[8144,8146],"valid"],[[8147,8147],"mapped",[912]],[[8148,8149],"disallowed"],[[8150,8151],"valid"],[[8152,8152],"mapped",[8144]],[[8153,8153],"mapped",[8145]],[[8154,8154],"mapped",[8054]],[[8155,8155],"mapped",[943]],[[8156,8156],"disallowed"],[[8157,8157],"disallowed_STD3_mapped",[32,788,768]],[[8158,8158],"disallowed_STD3_mapped",[32,788,769]],[[8159,8159],"disallowed_STD3_mapped",[32,788,834]],[[8160,8162],"valid"],[[8163,8163],"mapped",[944]],[[8164,8167],"valid"],[[8168,8168],"mapped",[8160]],[[8169,8169],"mapped",[8161]],[[8170,8170],"mapped",[8058]],[[8171,8171],"mapped",[973]],[[8172,8172],"mapped",[8165]],[[8173,8173],"disallowed_STD3_mapped",[32,776,768]],[[8174,8174],"disallowed_STD3_mapped",[32,776,769]],[[8175,8175],"disallowed_STD3_mapped",[96]],[[8176,8177],"disallowed"],[[8178,8178],"mapped",[8060,953]],[[8179,8179],"mapped",[969,953]],[[8180,8180],"mapped",[974,953]],[[8181,8181],"disallowed"],[[8182,8182],"valid"],[[8183,8183],"mapped",[8182,953]],[[8184,8184],"mapped",[8056]],[[8185,8185],"mapped",[972]],[[8186,8186],"mapped",[8060]],[[8187,8187],"mapped",[974]],[[8188,8188],"mapped",[969,953]],[[8189,8189],"disallowed_STD3_mapped",[32,769]],[[8190,8190],"disallowed_STD3_mapped",[32,788]],[[8191,8191],"disallowed"],[[8192,8202],"disallowed_STD3_mapped",[32]],[[8203,8203],"ignored"],[[8204,8205],"deviation",[]],[[8206,8207],"disallowed"],[[8208,8208],"valid",[],"NV8"],[[8209,8209],"mapped",[8208]],[[8210,8214],"valid",[],"NV8"],[[8215,8215],"disallowed_STD3_mapped",[32,819]],[[8216,8227],"valid",[],"NV8"],[[8228,8230],"disallowed"],[[8231,8231],"valid",[],"NV8"],[[8232,8238],"disallowed"],[[8239,8239],"disallowed_STD3_mapped",[32]],[[8240,8242],"valid",[],"NV8"],[[8243,8243],"mapped",[8242,8242]],[[8244,8244],"mapped",[8242,8242,8242]],[[8245,8245],"valid",[],"NV8"],[[8246,8246],"mapped",[8245,8245]],[[8247,8247],"mapped",[8245,8245,8245]],[[8248,8251],"valid",[],"NV8"],[[8252,8252],"disallowed_STD3_mapped",[33,33]],[[8253,8253],"valid",[],"NV8"],[[8254,8254],"disallowed_STD3_mapped",[32,773]],[[8255,8262],"valid",[],"NV8"],[[8263,8263],"disallowed_STD3_mapped",[63,63]],[[8264,8264],"disallowed_STD3_mapped",[63,33]],[[8265,8265],"disallowed_STD3_mapped",[33,63]],[[8266,8269],"valid",[],"NV8"],[[8270,8274],"valid",[],"NV8"],[[8275,8276],"valid",[],"NV8"],[[8277,8278],"valid",[],"NV8"],[[8279,8279],"mapped",[8242,8242,8242,8242]],[[8280,8286],"valid",[],"NV8"],[[8287,8287],"disallowed_STD3_mapped",[32]],[[8288,8288],"ignored"],[[8289,8291],"disallowed"],[[8292,8292],"ignored"],[[8293,8293],"disallowed"],[[8294,8297],"disallowed"],[[8298,8303],"disallowed"],[[8304,8304],"mapped",[48]],[[8305,8305],"mapped",[105]],[[8306,8307],"disallowed"],[[8308,8308],"mapped",[52]],[[8309,8309],"mapped",[53]],[[8310,8310],"mapped",[54]],[[8311,8311],"mapped",[55]],[[8312,8312],"mapped",[56]],[[8313,8313],"mapped",[57]],[[8314,8314],"disallowed_STD3_mapped",[43]],[[8315,8315],"mapped",[8722]],[[8316,8316],"disallowed_STD3_mapped",[61]],[[8317,8317],"disallowed_STD3_mapped",[40]],[[8318,8318],"disallowed_STD3_mapped",[41]],[[8319,8319],"mapped",[110]],[[8320,8320],"mapped",[48]],[[8321,8321],"mapped",[49]],[[8322,8322],"mapped",[50]],[[8323,8323],"mapped",[51]],[[8324,8324],"mapped",[52]],[[8325,8325],"mapped",[53]],[[8326,8326],"mapped",[54]],[[8327,8327],"mapped",[55]],[[8328,8328],"mapped",[56]],[[8329,8329],"mapped",[57]],[[8330,8330],"disallowed_STD3_mapped",[43]],[[8331,8331],"mapped",[8722]],[[8332,8332],"disallowed_STD3_mapped",[61]],[[8333,8333],"disallowed_STD3_mapped",[40]],[[8334,8334],"disallowed_STD3_mapped",[41]],[[8335,8335],"disallowed"],[[8336,8336],"mapped",[97]],[[8337,8337],"mapped",[101]],[[8338,8338],"mapped",[111]],[[8339,8339],"mapped",[120]],[[8340,8340],"mapped",[601]],[[8341,8341],"mapped",[104]],[[8342,8342],"mapped",[107]],[[8343,8343],"mapped",[108]],[[8344,8344],"mapped",[109]],[[8345,8345],"mapped",[110]],[[8346,8346],"mapped",[112]],[[8347,8347],"mapped",[115]],[[8348,8348],"mapped",[116]],[[8349,8351],"disallowed"],[[8352,8359],"valid",[],"NV8"],[[8360,8360],"mapped",[114,115]],[[8361,8362],"valid",[],"NV8"],[[8363,8363],"valid",[],"NV8"],[[8364,8364],"valid",[],"NV8"],[[8365,8367],"valid",[],"NV8"],[[8368,8369],"valid",[],"NV8"],[[8370,8373],"valid",[],"NV8"],[[8374,8376],"valid",[],"NV8"],[[8377,8377],"valid",[],"NV8"],[[8378,8378],"valid",[],"NV8"],[[8379,8381],"valid",[],"NV8"],[[8382,8382],"valid",[],"NV8"],[[8383,8399],"disallowed"],[[8400,8417],"valid",[],"NV8"],[[8418,8419],"valid",[],"NV8"],[[8420,8426],"valid",[],"NV8"],[[8427,8427],"valid",[],"NV8"],[[8428,8431],"valid",[],"NV8"],[[8432,8432],"valid",[],"NV8"],[[8433,8447],"disallowed"],[[8448,8448],"disallowed_STD3_mapped",[97,47,99]],[[8449,8449],"disallowed_STD3_mapped",[97,47,115]],[[8450,8450],"mapped",[99]],[[8451,8451],"mapped",[176,99]],[[8452,8452],"valid",[],"NV8"],[[8453,8453],"disallowed_STD3_mapped",[99,47,111]],[[8454,8454],"disallowed_STD3_mapped",[99,47,117]],[[8455,8455],"mapped",[603]],[[8456,8456],"valid",[],"NV8"],[[8457,8457],"mapped",[176,102]],[[8458,8458],"mapped",[103]],[[8459,8462],"mapped",[104]],[[8463,8463],"mapped",[295]],[[8464,8465],"mapped",[105]],[[8466,8467],"mapped",[108]],[[8468,8468],"valid",[],"NV8"],[[8469,8469],"mapped",[110]],[[8470,8470],"mapped",[110,111]],[[8471,8472],"valid",[],"NV8"],[[8473,8473],"mapped",[112]],[[8474,8474],"mapped",[113]],[[8475,8477],"mapped",[114]],[[8478,8479],"valid",[],"NV8"],[[8480,8480],"mapped",[115,109]],[[8481,8481],"mapped",[116,101,108]],[[8482,8482],"mapped",[116,109]],[[8483,8483],"valid",[],"NV8"],[[8484,8484],"mapped",[122]],[[8485,8485],"valid",[],"NV8"],[[8486,8486],"mapped",[969]],[[8487,8487],"valid",[],"NV8"],[[8488,8488],"mapped",[122]],[[8489,8489],"valid",[],"NV8"],[[8490,8490],"mapped",[107]],[[8491,8491],"mapped",[229]],[[8492,8492],"mapped",[98]],[[8493,8493],"mapped",[99]],[[8494,8494],"valid",[],"NV8"],[[8495,8496],"mapped",[101]],[[8497,8497],"mapped",[102]],[[8498,8498],"disallowed"],[[8499,8499],"mapped",[109]],[[8500,8500],"mapped",[111]],[[8501,8501],"mapped",[1488]],[[8502,8502],"mapped",[1489]],[[8503,8503],"mapped",[1490]],[[8504,8504],"mapped",[1491]],[[8505,8505],"mapped",[105]],[[8506,8506],"valid",[],"NV8"],[[8507,8507],"mapped",[102,97,120]],[[8508,8508],"mapped",[960]],[[8509,8510],"mapped",[947]],[[8511,8511],"mapped",[960]],[[8512,8512],"mapped",[8721]],[[8513,8516],"valid",[],"NV8"],[[8517,8518],"mapped",[100]],[[8519,8519],"mapped",[101]],[[8520,8520],"mapped",[105]],[[8521,8521],"mapped",[106]],[[8522,8523],"valid",[],"NV8"],[[8524,8524],"valid",[],"NV8"],[[8525,8525],"valid",[],"NV8"],[[8526,8526],"valid"],[[8527,8527],"valid",[],"NV8"],[[8528,8528],"mapped",[49,8260,55]],[[8529,8529],"mapped",[49,8260,57]],[[8530,8530],"mapped",[49,8260,49,48]],[[8531,8531],"mapped",[49,8260,51]],[[8532,8532],"mapped",[50,8260,51]],[[8533,8533],"mapped",[49,8260,53]],[[8534,8534],"mapped",[50,8260,53]],[[8535,8535],"mapped",[51,8260,53]],[[8536,8536],"mapped",[52,8260,53]],[[8537,8537],"mapped",[49,8260,54]],[[8538,8538],"mapped",[53,8260,54]],[[8539,8539],"mapped",[49,8260,56]],[[8540,8540],"mapped",[51,8260,56]],[[8541,8541],"mapped",[53,8260,56]],[[8542,8542],"mapped",[55,8260,56]],[[8543,8543],"mapped",[49,8260]],[[8544,8544],"mapped",[105]],[[8545,8545],"mapped",[105,105]],[[8546,8546],"mapped",[105,105,105]],[[8547,8547],"mapped",[105,118]],[[8548,8548],"mapped",[118]],[[8549,8549],"mapped",[118,105]],[[8550,8550],"mapped",[118,105,105]],[[8551,8551],"mapped",[118,105,105,105]],[[8552,8552],"mapped",[105,120]],[[8553,8553],"mapped",[120]],[[8554,8554],"mapped",[120,105]],[[8555,8555],"mapped",[120,105,105]],[[8556,8556],"mapped",[108]],[[8557,8557],"mapped",[99]],[[8558,8558],"mapped",[100]],[[8559,8559],"mapped",[109]],[[8560,8560],"mapped",[105]],[[8561,8561],"mapped",[105,105]],[[8562,8562],"mapped",[105,105,105]],[[8563,8563],"mapped",[105,118]],[[8564,8564],"mapped",[118]],[[8565,8565],"mapped",[118,105]],[[8566,8566],"mapped",[118,105,105]],[[8567,8567],"mapped",[118,105,105,105]],[[8568,8568],"mapped",[105,120]],[[8569,8569],"mapped",[120]],[[8570,8570],"mapped",[120,105]],[[8571,8571],"mapped",[120,105,105]],[[8572,8572],"mapped",[108]],[[8573,8573],"mapped",[99]],[[8574,8574],"mapped",[100]],[[8575,8575],"mapped",[109]],[[8576,8578],"valid",[],"NV8"],[[8579,8579],"disallowed"],[[8580,8580],"valid"],[[8581,8584],"valid",[],"NV8"],[[8585,8585],"mapped",[48,8260,51]],[[8586,8587],"valid",[],"NV8"],[[8588,8591],"disallowed"],[[8592,8682],"valid",[],"NV8"],[[8683,8691],"valid",[],"NV8"],[[8692,8703],"valid",[],"NV8"],[[8704,8747],"valid",[],"NV8"],[[8748,8748],"mapped",[8747,8747]],[[8749,8749],"mapped",[8747,8747,8747]],[[8750,8750],"valid",[],"NV8"],[[8751,8751],"mapped",[8750,8750]],[[8752,8752],"mapped",[8750,8750,8750]],[[8753,8799],"valid",[],"NV8"],[[8800,8800],"disallowed_STD3_valid"],[[8801,8813],"valid",[],"NV8"],[[8814,8815],"disallowed_STD3_valid"],[[8816,8945],"valid",[],"NV8"],[[8946,8959],"valid",[],"NV8"],[[8960,8960],"valid",[],"NV8"],[[8961,8961],"valid",[],"NV8"],[[8962,9000],"valid",[],"NV8"],[[9001,9001],"mapped",[12296]],[[9002,9002],"mapped",[12297]],[[9003,9082],"valid",[],"NV8"],[[9083,9083],"valid",[],"NV8"],[[9084,9084],"valid",[],"NV8"],[[9085,9114],"valid",[],"NV8"],[[9115,9166],"valid",[],"NV8"],[[9167,9168],"valid",[],"NV8"],[[9169,9179],"valid",[],"NV8"],[[9180,9191],"valid",[],"NV8"],[[9192,9192],"valid",[],"NV8"],[[9193,9203],"valid",[],"NV8"],[[9204,9210],"valid",[],"NV8"],[[9211,9215],"disallowed"],[[9216,9252],"valid",[],"NV8"],[[9253,9254],"valid",[],"NV8"],[[9255,9279],"disallowed"],[[9280,9290],"valid",[],"NV8"],[[9291,9311],"disallowed"],[[9312,9312],"mapped",[49]],[[9313,9313],"mapped",[50]],[[9314,9314],"mapped",[51]],[[9315,9315],"mapped",[52]],[[9316,9316],"mapped",[53]],[[9317,9317],"mapped",[54]],[[9318,9318],"mapped",[55]],[[9319,9319],"mapped",[56]],[[9320,9320],"mapped",[57]],[[9321,9321],"mapped",[49,48]],[[9322,9322],"mapped",[49,49]],[[9323,9323],"mapped",[49,50]],[[9324,9324],"mapped",[49,51]],[[9325,9325],"mapped",[49,52]],[[9326,9326],"mapped",[49,53]],[[9327,9327],"mapped",[49,54]],[[9328,9328],"mapped",[49,55]],[[9329,9329],"mapped",[49,56]],[[9330,9330],"mapped",[49,57]],[[9331,9331],"mapped",[50,48]],[[9332,9332],"disallowed_STD3_mapped",[40,49,41]],[[9333,9333],"disallowed_STD3_mapped",[40,50,41]],[[9334,9334],"disallowed_STD3_mapped",[40,51,41]],[[9335,9335],"disallowed_STD3_mapped",[40,52,41]],[[9336,9336],"disallowed_STD3_mapped",[40,53,41]],[[9337,9337],"disallowed_STD3_mapped",[40,54,41]],[[9338,9338],"disallowed_STD3_mapped",[40,55,41]],[[9339,9339],"disallowed_STD3_mapped",[40,56,41]],[[9340,9340],"disallowed_STD3_mapped",[40,57,41]],[[9341,9341],"disallowed_STD3_mapped",[40,49,48,41]],[[9342,9342],"disallowed_STD3_mapped",[40,49,49,41]],[[9343,9343],"disallowed_STD3_mapped",[40,49,50,41]],[[9344,9344],"disallowed_STD3_mapped",[40,49,51,41]],[[9345,9345],"disallowed_STD3_mapped",[40,49,52,41]],[[9346,9346],"disallowed_STD3_mapped",[40,49,53,41]],[[9347,9347],"disallowed_STD3_mapped",[40,49,54,41]],[[9348,9348],"disallowed_STD3_mapped",[40,49,55,41]],[[9349,9349],"disallowed_STD3_mapped",[40,49,56,41]],[[9350,9350],"disallowed_STD3_mapped",[40,49,57,41]],[[9351,9351],"disallowed_STD3_mapped",[40,50,48,41]],[[9352,9371],"disallowed"],[[9372,9372],"disallowed_STD3_mapped",[40,97,41]],[[9373,9373],"disallowed_STD3_mapped",[40,98,41]],[[9374,9374],"disallowed_STD3_mapped",[40,99,41]],[[9375,9375],"disallowed_STD3_mapped",[40,100,41]],[[9376,9376],"disallowed_STD3_mapped",[40,101,41]],[[9377,9377],"disallowed_STD3_mapped",[40,102,41]],[[9378,9378],"disallowed_STD3_mapped",[40,103,41]],[[9379,9379],"disallowed_STD3_mapped",[40,104,41]],[[9380,9380],"disallowed_STD3_mapped",[40,105,41]],[[9381,9381],"disallowed_STD3_mapped",[40,106,41]],[[9382,9382],"disallowed_STD3_mapped",[40,107,41]],[[9383,9383],"disallowed_STD3_mapped",[40,108,41]],[[9384,9384],"disallowed_STD3_mapped",[40,109,41]],[[9385,9385],"disallowed_STD3_mapped",[40,110,41]],[[9386,9386],"disallowed_STD3_mapped",[40,111,41]],[[9387,9387],"disallowed_STD3_mapped",[40,112,41]],[[9388,9388],"disallowed_STD3_mapped",[40,113,41]],[[9389,9389],"disallowed_STD3_mapped",[40,114,41]],[[9390,9390],"disallowed_STD3_mapped",[40,115,41]],[[9391,9391],"disallowed_STD3_mapped",[40,116,41]],[[9392,9392],"disallowed_STD3_mapped",[40,117,41]],[[9393,9393],"disallowed_STD3_mapped",[40,118,41]],[[9394,9394],"disallowed_STD3_mapped",[40,119,41]],[[9395,9395],"disallowed_STD3_mapped",[40,120,41]],[[9396,9396],"disallowed_STD3_mapped",[40,121,41]],[[9397,9397],"disallowed_STD3_mapped",[40,122,41]],[[9398,9398],"mapped",[97]],[[9399,9399],"mapped",[98]],[[9400,9400],"mapped",[99]],[[9401,9401],"mapped",[100]],[[9402,9402],"mapped",[101]],[[9403,9403],"mapped",[102]],[[9404,9404],"mapped",[103]],[[9405,9405],"mapped",[104]],[[9406,9406],"mapped",[105]],[[9407,9407],"mapped",[106]],[[9408,9408],"mapped",[107]],[[9409,9409],"mapped",[108]],[[9410,9410],"mapped",[109]],[[9411,9411],"mapped",[110]],[[9412,9412],"mapped",[111]],[[9413,9413],"mapped",[112]],[[9414,9414],"mapped",[113]],[[9415,9415],"mapped",[114]],[[9416,9416],"mapped",[115]],[[9417,9417],"mapped",[116]],[[9418,9418],"mapped",[117]],[[9419,9419],"mapped",[118]],[[9420,9420],"mapped",[119]],[[9421,9421],"mapped",[120]],[[9422,9422],"mapped",[121]],[[9423,9423],"mapped",[122]],[[9424,9424],"mapped",[97]],[[9425,9425],"mapped",[98]],[[9426,9426],"mapped",[99]],[[9427,9427],"mapped",[100]],[[9428,9428],"mapped",[101]],[[9429,9429],"mapped",[102]],[[9430,9430],"mapped",[103]],[[9431,9431],"mapped",[104]],[[9432,9432],"mapped",[105]],[[9433,9433],"mapped",[106]],[[9434,9434],"mapped",[107]],[[9435,9435],"mapped",[108]],[[9436,9436],"mapped",[109]],[[9437,9437],"mapped",[110]],[[9438,9438],"mapped",[111]],[[9439,9439],"mapped",[112]],[[9440,9440],"mapped",[113]],[[9441,9441],"mapped",[114]],[[9442,9442],"mapped",[115]],[[9443,9443],"mapped",[116]],[[9444,9444],"mapped",[117]],[[9445,9445],"mapped",[118]],[[9446,9446],"mapped",[119]],[[9447,9447],"mapped",[120]],[[9448,9448],"mapped",[121]],[[9449,9449],"mapped",[122]],[[9450,9450],"mapped",[48]],[[9451,9470],"valid",[],"NV8"],[[9471,9471],"valid",[],"NV8"],[[9472,9621],"valid",[],"NV8"],[[9622,9631],"valid",[],"NV8"],[[9632,9711],"valid",[],"NV8"],[[9712,9719],"valid",[],"NV8"],[[9720,9727],"valid",[],"NV8"],[[9728,9747],"valid",[],"NV8"],[[9748,9749],"valid",[],"NV8"],[[9750,9751],"valid",[],"NV8"],[[9752,9752],"valid",[],"NV8"],[[9753,9753],"valid",[],"NV8"],[[9754,9839],"valid",[],"NV8"],[[9840,9841],"valid",[],"NV8"],[[9842,9853],"valid",[],"NV8"],[[9854,9855],"valid",[],"NV8"],[[9856,9865],"valid",[],"NV8"],[[9866,9873],"valid",[],"NV8"],[[9874,9884],"valid",[],"NV8"],[[9885,9885],"valid",[],"NV8"],[[9886,9887],"valid",[],"NV8"],[[9888,9889],"valid",[],"NV8"],[[9890,9905],"valid",[],"NV8"],[[9906,9906],"valid",[],"NV8"],[[9907,9916],"valid",[],"NV8"],[[9917,9919],"valid",[],"NV8"],[[9920,9923],"valid",[],"NV8"],[[9924,9933],"valid",[],"NV8"],[[9934,9934],"valid",[],"NV8"],[[9935,9953],"valid",[],"NV8"],[[9954,9954],"valid",[],"NV8"],[[9955,9955],"valid",[],"NV8"],[[9956,9959],"valid",[],"NV8"],[[9960,9983],"valid",[],"NV8"],[[9984,9984],"valid",[],"NV8"],[[9985,9988],"valid",[],"NV8"],[[9989,9989],"valid",[],"NV8"],[[9990,9993],"valid",[],"NV8"],[[9994,9995],"valid",[],"NV8"],[[9996,10023],"valid",[],"NV8"],[[10024,10024],"valid",[],"NV8"],[[10025,10059],"valid",[],"NV8"],[[10060,10060],"valid",[],"NV8"],[[10061,10061],"valid",[],"NV8"],[[10062,10062],"valid",[],"NV8"],[[10063,10066],"valid",[],"NV8"],[[10067,10069],"valid",[],"NV8"],[[10070,10070],"valid",[],"NV8"],[[10071,10071],"valid",[],"NV8"],[[10072,10078],"valid",[],"NV8"],[[10079,10080],"valid",[],"NV8"],[[10081,10087],"valid",[],"NV8"],[[10088,10101],"valid",[],"NV8"],[[10102,10132],"valid",[],"NV8"],[[10133,10135],"valid",[],"NV8"],[[10136,10159],"valid",[],"NV8"],[[10160,10160],"valid",[],"NV8"],[[10161,10174],"valid",[],"NV8"],[[10175,10175],"valid",[],"NV8"],[[10176,10182],"valid",[],"NV8"],[[10183,10186],"valid",[],"NV8"],[[10187,10187],"valid",[],"NV8"],[[10188,10188],"valid",[],"NV8"],[[10189,10189],"valid",[],"NV8"],[[10190,10191],"valid",[],"NV8"],[[10192,10219],"valid",[],"NV8"],[[10220,10223],"valid",[],"NV8"],[[10224,10239],"valid",[],"NV8"],[[10240,10495],"valid",[],"NV8"],[[10496,10763],"valid",[],"NV8"],[[10764,10764],"mapped",[8747,8747,8747,8747]],[[10765,10867],"valid",[],"NV8"],[[10868,10868],"disallowed_STD3_mapped",[58,58,61]],[[10869,10869],"disallowed_STD3_mapped",[61,61]],[[10870,10870],"disallowed_STD3_mapped",[61,61,61]],[[10871,10971],"valid",[],"NV8"],[[10972,10972],"mapped",[10973,824]],[[10973,11007],"valid",[],"NV8"],[[11008,11021],"valid",[],"NV8"],[[11022,11027],"valid",[],"NV8"],[[11028,11034],"valid",[],"NV8"],[[11035,11039],"valid",[],"NV8"],[[11040,11043],"valid",[],"NV8"],[[11044,11084],"valid",[],"NV8"],[[11085,11087],"valid",[],"NV8"],[[11088,11092],"valid",[],"NV8"],[[11093,11097],"valid",[],"NV8"],[[11098,11123],"valid",[],"NV8"],[[11124,11125],"disallowed"],[[11126,11157],"valid",[],"NV8"],[[11158,11159],"disallowed"],[[11160,11193],"valid",[],"NV8"],[[11194,11196],"disallowed"],[[11197,11208],"valid",[],"NV8"],[[11209,11209],"disallowed"],[[11210,11217],"valid",[],"NV8"],[[11218,11243],"disallowed"],[[11244,11247],"valid",[],"NV8"],[[11248,11263],"disallowed"],[[11264,11264],"mapped",[11312]],[[11265,11265],"mapped",[11313]],[[11266,11266],"mapped",[11314]],[[11267,11267],"mapped",[11315]],[[11268,11268],"mapped",[11316]],[[11269,11269],"mapped",[11317]],[[11270,11270],"mapped",[11318]],[[11271,11271],"mapped",[11319]],[[11272,11272],"mapped",[11320]],[[11273,11273],"mapped",[11321]],[[11274,11274],"mapped",[11322]],[[11275,11275],"mapped",[11323]],[[11276,11276],"mapped",[11324]],[[11277,11277],"mapped",[11325]],[[11278,11278],"mapped",[11326]],[[11279,11279],"mapped",[11327]],[[11280,11280],"mapped",[11328]],[[11281,11281],"mapped",[11329]],[[11282,11282],"mapped",[11330]],[[11283,11283],"mapped",[11331]],[[11284,11284],"mapped",[11332]],[[11285,11285],"mapped",[11333]],[[11286,11286],"mapped",[11334]],[[11287,11287],"mapped",[11335]],[[11288,11288],"mapped",[11336]],[[11289,11289],"mapped",[11337]],[[11290,11290],"mapped",[11338]],[[11291,11291],"mapped",[11339]],[[11292,11292],"mapped",[11340]],[[11293,11293],"mapped",[11341]],[[11294,11294],"mapped",[11342]],[[11295,11295],"mapped",[11343]],[[11296,11296],"mapped",[11344]],[[11297,11297],"mapped",[11345]],[[11298,11298],"mapped",[11346]],[[11299,11299],"mapped",[11347]],[[11300,11300],"mapped",[11348]],[[11301,11301],"mapped",[11349]],[[11302,11302],"mapped",[11350]],[[11303,11303],"mapped",[11351]],[[11304,11304],"mapped",[11352]],[[11305,11305],"mapped",[11353]],[[11306,11306],"mapped",[11354]],[[11307,11307],"mapped",[11355]],[[11308,11308],"mapped",[11356]],[[11309,11309],"mapped",[11357]],[[11310,11310],"mapped",[11358]],[[11311,11311],"disallowed"],[[11312,11358],"valid"],[[11359,11359],"disallowed"],[[11360,11360],"mapped",[11361]],[[11361,11361],"valid"],[[11362,11362],"mapped",[619]],[[11363,11363],"mapped",[7549]],[[11364,11364],"mapped",[637]],[[11365,11366],"valid"],[[11367,11367],"mapped",[11368]],[[11368,11368],"valid"],[[11369,11369],"mapped",[11370]],[[11370,11370],"valid"],[[11371,11371],"mapped",[11372]],[[11372,11372],"valid"],[[11373,11373],"mapped",[593]],[[11374,11374],"mapped",[625]],[[11375,11375],"mapped",[592]],[[11376,11376],"mapped",[594]],[[11377,11377],"valid"],[[11378,11378],"mapped",[11379]],[[11379,11379],"valid"],[[11380,11380],"valid"],[[11381,11381],"mapped",[11382]],[[11382,11383],"valid"],[[11384,11387],"valid"],[[11388,11388],"mapped",[106]],[[11389,11389],"mapped",[118]],[[11390,11390],"mapped",[575]],[[11391,11391],"mapped",[576]],[[11392,11392],"mapped",[11393]],[[11393,11393],"valid"],[[11394,11394],"mapped",[11395]],[[11395,11395],"valid"],[[11396,11396],"mapped",[11397]],[[11397,11397],"valid"],[[11398,11398],"mapped",[11399]],[[11399,11399],"valid"],[[11400,11400],"mapped",[11401]],[[11401,11401],"valid"],[[11402,11402],"mapped",[11403]],[[11403,11403],"valid"],[[11404,11404],"mapped",[11405]],[[11405,11405],"valid"],[[11406,11406],"mapped",[11407]],[[11407,11407],"valid"],[[11408,11408],"mapped",[11409]],[[11409,11409],"valid"],[[11410,11410],"mapped",[11411]],[[11411,11411],"valid"],[[11412,11412],"mapped",[11413]],[[11413,11413],"valid"],[[11414,11414],"mapped",[11415]],[[11415,11415],"valid"],[[11416,11416],"mapped",[11417]],[[11417,11417],"valid"],[[11418,11418],"mapped",[11419]],[[11419,11419],"valid"],[[11420,11420],"mapped",[11421]],[[11421,11421],"valid"],[[11422,11422],"mapped",[11423]],[[11423,11423],"valid"],[[11424,11424],"mapped",[11425]],[[11425,11425],"valid"],[[11426,11426],"mapped",[11427]],[[11427,11427],"valid"],[[11428,11428],"mapped",[11429]],[[11429,11429],"valid"],[[11430,11430],"mapped",[11431]],[[11431,11431],"valid"],[[11432,11432],"mapped",[11433]],[[11433,11433],"valid"],[[11434,11434],"mapped",[11435]],[[11435,11435],"valid"],[[11436,11436],"mapped",[11437]],[[11437,11437],"valid"],[[11438,11438],"mapped",[11439]],[[11439,11439],"valid"],[[11440,11440],"mapped",[11441]],[[11441,11441],"valid"],[[11442,11442],"mapped",[11443]],[[11443,11443],"valid"],[[11444,11444],"mapped",[11445]],[[11445,11445],"valid"],[[11446,11446],"mapped",[11447]],[[11447,11447],"valid"],[[11448,11448],"mapped",[11449]],[[11449,11449],"valid"],[[11450,11450],"mapped",[11451]],[[11451,11451],"valid"],[[11452,11452],"mapped",[11453]],[[11453,11453],"valid"],[[11454,11454],"mapped",[11455]],[[11455,11455],"valid"],[[11456,11456],"mapped",[11457]],[[11457,11457],"valid"],[[11458,11458],"mapped",[11459]],[[11459,11459],"valid"],[[11460,11460],"mapped",[11461]],[[11461,11461],"valid"],[[11462,11462],"mapped",[11463]],[[11463,11463],"valid"],[[11464,11464],"mapped",[11465]],[[11465,11465],"valid"],[[11466,11466],"mapped",[11467]],[[11467,11467],"valid"],[[11468,11468],"mapped",[11469]],[[11469,11469],"valid"],[[11470,11470],"mapped",[11471]],[[11471,11471],"valid"],[[11472,11472],"mapped",[11473]],[[11473,11473],"valid"],[[11474,11474],"mapped",[11475]],[[11475,11475],"valid"],[[11476,11476],"mapped",[11477]],[[11477,11477],"valid"],[[11478,11478],"mapped",[11479]],[[11479,11479],"valid"],[[11480,11480],"mapped",[11481]],[[11481,11481],"valid"],[[11482,11482],"mapped",[11483]],[[11483,11483],"valid"],[[11484,11484],"mapped",[11485]],[[11485,11485],"valid"],[[11486,11486],"mapped",[11487]],[[11487,11487],"valid"],[[11488,11488],"mapped",[11489]],[[11489,11489],"valid"],[[11490,11490],"mapped",[11491]],[[11491,11492],"valid"],[[11493,11498],"valid",[],"NV8"],[[11499,11499],"mapped",[11500]],[[11500,11500],"valid"],[[11501,11501],"mapped",[11502]],[[11502,11505],"valid"],[[11506,11506],"mapped",[11507]],[[11507,11507],"valid"],[[11508,11512],"disallowed"],[[11513,11519],"valid",[],"NV8"],[[11520,11557],"valid"],[[11558,11558],"disallowed"],[[11559,11559],"valid"],[[11560,11564],"disallowed"],[[11565,11565],"valid"],[[11566,11567],"disallowed"],[[11568,11621],"valid"],[[11622,11623],"valid"],[[11624,11630],"disallowed"],[[11631,11631],"mapped",[11617]],[[11632,11632],"valid",[],"NV8"],[[11633,11646],"disallowed"],[[11647,11647],"valid"],[[11648,11670],"valid"],[[11671,11679],"disallowed"],[[11680,11686],"valid"],[[11687,11687],"disallowed"],[[11688,11694],"valid"],[[11695,11695],"disallowed"],[[11696,11702],"valid"],[[11703,11703],"disallowed"],[[11704,11710],"valid"],[[11711,11711],"disallowed"],[[11712,11718],"valid"],[[11719,11719],"disallowed"],[[11720,11726],"valid"],[[11727,11727],"disallowed"],[[11728,11734],"valid"],[[11735,11735],"disallowed"],[[11736,11742],"valid"],[[11743,11743],"disallowed"],[[11744,11775],"valid"],[[11776,11799],"valid",[],"NV8"],[[11800,11803],"valid",[],"NV8"],[[11804,11805],"valid",[],"NV8"],[[11806,11822],"valid",[],"NV8"],[[11823,11823],"valid"],[[11824,11824],"valid",[],"NV8"],[[11825,11825],"valid",[],"NV8"],[[11826,11835],"valid",[],"NV8"],[[11836,11842],"valid",[],"NV8"],[[11843,11903],"disallowed"],[[11904,11929],"valid",[],"NV8"],[[11930,11930],"disallowed"],[[11931,11934],"valid",[],"NV8"],[[11935,11935],"mapped",[27597]],[[11936,12018],"valid",[],"NV8"],[[12019,12019],"mapped",[40863]],[[12020,12031],"disallowed"],[[12032,12032],"mapped",[19968]],[[12033,12033],"mapped",[20008]],[[12034,12034],"mapped",[20022]],[[12035,12035],"mapped",[20031]],[[12036,12036],"mapped",[20057]],[[12037,12037],"mapped",[20101]],[[12038,12038],"mapped",[20108]],[[12039,12039],"mapped",[20128]],[[12040,12040],"mapped",[20154]],[[12041,12041],"mapped",[20799]],[[12042,12042],"mapped",[20837]],[[12043,12043],"mapped",[20843]],[[12044,12044],"mapped",[20866]],[[12045,12045],"mapped",[20886]],[[12046,12046],"mapped",[20907]],[[12047,12047],"mapped",[20960]],[[12048,12048],"mapped",[20981]],[[12049,12049],"mapped",[20992]],[[12050,12050],"mapped",[21147]],[[12051,12051],"mapped",[21241]],[[12052,12052],"mapped",[21269]],[[12053,12053],"mapped",[21274]],[[12054,12054],"mapped",[21304]],[[12055,12055],"mapped",[21313]],[[12056,12056],"mapped",[21340]],[[12057,12057],"mapped",[21353]],[[12058,12058],"mapped",[21378]],[[12059,12059],"mapped",[21430]],[[12060,12060],"mapped",[21448]],[[12061,12061],"mapped",[21475]],[[12062,12062],"mapped",[22231]],[[12063,12063],"mapped",[22303]],[[12064,12064],"mapped",[22763]],[[12065,12065],"mapped",[22786]],[[12066,12066],"mapped",[22794]],[[12067,12067],"mapped",[22805]],[[12068,12068],"mapped",[22823]],[[12069,12069],"mapped",[22899]],[[12070,12070],"mapped",[23376]],[[12071,12071],"mapped",[23424]],[[12072,12072],"mapped",[23544]],[[12073,12073],"mapped",[23567]],[[12074,12074],"mapped",[23586]],[[12075,12075],"mapped",[23608]],[[12076,12076],"mapped",[23662]],[[12077,12077],"mapped",[23665]],[[12078,12078],"mapped",[24027]],[[12079,12079],"mapped",[24037]],[[12080,12080],"mapped",[24049]],[[12081,12081],"mapped",[24062]],[[12082,12082],"mapped",[24178]],[[12083,12083],"mapped",[24186]],[[12084,12084],"mapped",[24191]],[[12085,12085],"mapped",[24308]],[[12086,12086],"mapped",[24318]],[[12087,12087],"mapped",[24331]],[[12088,12088],"mapped",[24339]],[[12089,12089],"mapped",[24400]],[[12090,12090],"mapped",[24417]],[[12091,12091],"mapped",[24435]],[[12092,12092],"mapped",[24515]],[[12093,12093],"mapped",[25096]],[[12094,12094],"mapped",[25142]],[[12095,12095],"mapped",[25163]],[[12096,12096],"mapped",[25903]],[[12097,12097],"mapped",[25908]],[[12098,12098],"mapped",[25991]],[[12099,12099],"mapped",[26007]],[[12100,12100],"mapped",[26020]],[[12101,12101],"mapped",[26041]],[[12102,12102],"mapped",[26080]],[[12103,12103],"mapped",[26085]],[[12104,12104],"mapped",[26352]],[[12105,12105],"mapped",[26376]],[[12106,12106],"mapped",[26408]],[[12107,12107],"mapped",[27424]],[[12108,12108],"mapped",[27490]],[[12109,12109],"mapped",[27513]],[[12110,12110],"mapped",[27571]],[[12111,12111],"mapped",[27595]],[[12112,12112],"mapped",[27604]],[[12113,12113],"mapped",[27611]],[[12114,12114],"mapped",[27663]],[[12115,12115],"mapped",[27668]],[[12116,12116],"mapped",[27700]],[[12117,12117],"mapped",[28779]],[[12118,12118],"mapped",[29226]],[[12119,12119],"mapped",[29238]],[[12120,12120],"mapped",[29243]],[[12121,12121],"mapped",[29247]],[[12122,12122],"mapped",[29255]],[[12123,12123],"mapped",[29273]],[[12124,12124],"mapped",[29275]],[[12125,12125],"mapped",[29356]],[[12126,12126],"mapped",[29572]],[[12127,12127],"mapped",[29577]],[[12128,12128],"mapped",[29916]],[[12129,12129],"mapped",[29926]],[[12130,12130],"mapped",[29976]],[[12131,12131],"mapped",[29983]],[[12132,12132],"mapped",[29992]],[[12133,12133],"mapped",[30000]],[[12134,12134],"mapped",[30091]],[[12135,12135],"mapped",[30098]],[[12136,12136],"mapped",[30326]],[[12137,12137],"mapped",[30333]],[[12138,12138],"mapped",[30382]],[[12139,12139],"mapped",[30399]],[[12140,12140],"mapped",[30446]],[[12141,12141],"mapped",[30683]],[[12142,12142],"mapped",[30690]],[[12143,12143],"mapped",[30707]],[[12144,12144],"mapped",[31034]],[[12145,12145],"mapped",[31160]],[[12146,12146],"mapped",[31166]],[[12147,12147],"mapped",[31348]],[[12148,12148],"mapped",[31435]],[[12149,12149],"mapped",[31481]],[[12150,12150],"mapped",[31859]],[[12151,12151],"mapped",[31992]],[[12152,12152],"mapped",[32566]],[[12153,12153],"mapped",[32593]],[[12154,12154],"mapped",[32650]],[[12155,12155],"mapped",[32701]],[[12156,12156],"mapped",[32769]],[[12157,12157],"mapped",[32780]],[[12158,12158],"mapped",[32786]],[[12159,12159],"mapped",[32819]],[[12160,12160],"mapped",[32895]],[[12161,12161],"mapped",[32905]],[[12162,12162],"mapped",[33251]],[[12163,12163],"mapped",[33258]],[[12164,12164],"mapped",[33267]],[[12165,12165],"mapped",[33276]],[[12166,12166],"mapped",[33292]],[[12167,12167],"mapped",[33307]],[[12168,12168],"mapped",[33311]],[[12169,12169],"mapped",[33390]],[[12170,12170],"mapped",[33394]],[[12171,12171],"mapped",[33400]],[[12172,12172],"mapped",[34381]],[[12173,12173],"mapped",[34411]],[[12174,12174],"mapped",[34880]],[[12175,12175],"mapped",[34892]],[[12176,12176],"mapped",[34915]],[[12177,12177],"mapped",[35198]],[[12178,12178],"mapped",[35211]],[[12179,12179],"mapped",[35282]],[[12180,12180],"mapped",[35328]],[[12181,12181],"mapped",[35895]],[[12182,12182],"mapped",[35910]],[[12183,12183],"mapped",[35925]],[[12184,12184],"mapped",[35960]],[[12185,12185],"mapped",[35997]],[[12186,12186],"mapped",[36196]],[[12187,12187],"mapped",[36208]],[[12188,12188],"mapped",[36275]],[[12189,12189],"mapped",[36523]],[[12190,12190],"mapped",[36554]],[[12191,12191],"mapped",[36763]],[[12192,12192],"mapped",[36784]],[[12193,12193],"mapped",[36789]],[[12194,12194],"mapped",[37009]],[[12195,12195],"mapped",[37193]],[[12196,12196],"mapped",[37318]],[[12197,12197],"mapped",[37324]],[[12198,12198],"mapped",[37329]],[[12199,12199],"mapped",[38263]],[[12200,12200],"mapped",[38272]],[[12201,12201],"mapped",[38428]],[[12202,12202],"mapped",[38582]],[[12203,12203],"mapped",[38585]],[[12204,12204],"mapped",[38632]],[[12205,12205],"mapped",[38737]],[[12206,12206],"mapped",[38750]],[[12207,12207],"mapped",[38754]],[[12208,12208],"mapped",[38761]],[[12209,12209],"mapped",[38859]],[[12210,12210],"mapped",[38893]],[[12211,12211],"mapped",[38899]],[[12212,12212],"mapped",[38913]],[[12213,12213],"mapped",[39080]],[[12214,12214],"mapped",[39131]],[[12215,12215],"mapped",[39135]],[[12216,12216],"mapped",[39318]],[[12217,12217],"mapped",[39321]],[[12218,12218],"mapped",[39340]],[[12219,12219],"mapped",[39592]],[[12220,12220],"mapped",[39640]],[[12221,12221],"mapped",[39647]],[[12222,12222],"mapped",[39717]],[[12223,12223],"mapped",[39727]],[[12224,12224],"mapped",[39730]],[[12225,12225],"mapped",[39740]],[[12226,12226],"mapped",[39770]],[[12227,12227],"mapped",[40165]],[[12228,12228],"mapped",[40565]],[[12229,12229],"mapped",[40575]],[[12230,12230],"mapped",[40613]],[[12231,12231],"mapped",[40635]],[[12232,12232],"mapped",[40643]],[[12233,12233],"mapped",[40653]],[[12234,12234],"mapped",[40657]],[[12235,12235],"mapped",[40697]],[[12236,12236],"mapped",[40701]],[[12237,12237],"mapped",[40718]],[[12238,12238],"mapped",[40723]],[[12239,12239],"mapped",[40736]],[[12240,12240],"mapped",[40763]],[[12241,12241],"mapped",[40778]],[[12242,12242],"mapped",[40786]],[[12243,12243],"mapped",[40845]],[[12244,12244],"mapped",[40860]],[[12245,12245],"mapped",[40864]],[[12246,12271],"disallowed"],[[12272,12283],"disallowed"],[[12284,12287],"disallowed"],[[12288,12288],"disallowed_STD3_mapped",[32]],[[12289,12289],"valid",[],"NV8"],[[12290,12290],"mapped",[46]],[[12291,12292],"valid",[],"NV8"],[[12293,12295],"valid"],[[12296,12329],"valid",[],"NV8"],[[12330,12333],"valid"],[[12334,12341],"valid",[],"NV8"],[[12342,12342],"mapped",[12306]],[[12343,12343],"valid",[],"NV8"],[[12344,12344],"mapped",[21313]],[[12345,12345],"mapped",[21316]],[[12346,12346],"mapped",[21317]],[[12347,12347],"valid",[],"NV8"],[[12348,12348],"valid"],[[12349,12349],"valid",[],"NV8"],[[12350,12350],"valid",[],"NV8"],[[12351,12351],"valid",[],"NV8"],[[12352,12352],"disallowed"],[[12353,12436],"valid"],[[12437,12438],"valid"],[[12439,12440],"disallowed"],[[12441,12442],"valid"],[[12443,12443],"disallowed_STD3_mapped",[32,12441]],[[12444,12444],"disallowed_STD3_mapped",[32,12442]],[[12445,12446],"valid"],[[12447,12447],"mapped",[12424,12426]],[[12448,12448],"valid",[],"NV8"],[[12449,12542],"valid"],[[12543,12543],"mapped",[12467,12488]],[[12544,12548],"disallowed"],[[12549,12588],"valid"],[[12589,12589],"valid"],[[12590,12592],"disallowed"],[[12593,12593],"mapped",[4352]],[[12594,12594],"mapped",[4353]],[[12595,12595],"mapped",[4522]],[[12596,12596],"mapped",[4354]],[[12597,12597],"mapped",[4524]],[[12598,12598],"mapped",[4525]],[[12599,12599],"mapped",[4355]],[[12600,12600],"mapped",[4356]],[[12601,12601],"mapped",[4357]],[[12602,12602],"mapped",[4528]],[[12603,12603],"mapped",[4529]],[[12604,12604],"mapped",[4530]],[[12605,12605],"mapped",[4531]],[[12606,12606],"mapped",[4532]],[[12607,12607],"mapped",[4533]],[[12608,12608],"mapped",[4378]],[[12609,12609],"mapped",[4358]],[[12610,12610],"mapped",[4359]],[[12611,12611],"mapped",[4360]],[[12612,12612],"mapped",[4385]],[[12613,12613],"mapped",[4361]],[[12614,12614],"mapped",[4362]],[[12615,12615],"mapped",[4363]],[[12616,12616],"mapped",[4364]],[[12617,12617],"mapped",[4365]],[[12618,12618],"mapped",[4366]],[[12619,12619],"mapped",[4367]],[[12620,12620],"mapped",[4368]],[[12621,12621],"mapped",[4369]],[[12622,12622],"mapped",[4370]],[[12623,12623],"mapped",[4449]],[[12624,12624],"mapped",[4450]],[[12625,12625],"mapped",[4451]],[[12626,12626],"mapped",[4452]],[[12627,12627],"mapped",[4453]],[[12628,12628],"mapped",[4454]],[[12629,12629],"mapped",[4455]],[[12630,12630],"mapped",[4456]],[[12631,12631],"mapped",[4457]],[[12632,12632],"mapped",[4458]],[[12633,12633],"mapped",[4459]],[[12634,12634],"mapped",[4460]],[[12635,12635],"mapped",[4461]],[[12636,12636],"mapped",[4462]],[[12637,12637],"mapped",[4463]],[[12638,12638],"mapped",[4464]],[[12639,12639],"mapped",[4465]],[[12640,12640],"mapped",[4466]],[[12641,12641],"mapped",[4467]],[[12642,12642],"mapped",[4468]],[[12643,12643],"mapped",[4469]],[[12644,12644],"disallowed"],[[12645,12645],"mapped",[4372]],[[12646,12646],"mapped",[4373]],[[12647,12647],"mapped",[4551]],[[12648,12648],"mapped",[4552]],[[12649,12649],"mapped",[4556]],[[12650,12650],"mapped",[4558]],[[12651,12651],"mapped",[4563]],[[12652,12652],"mapped",[4567]],[[12653,12653],"mapped",[4569]],[[12654,12654],"mapped",[4380]],[[12655,12655],"mapped",[4573]],[[12656,12656],"mapped",[4575]],[[12657,12657],"mapped",[4381]],[[12658,12658],"mapped",[4382]],[[12659,12659],"mapped",[4384]],[[12660,12660],"mapped",[4386]],[[12661,12661],"mapped",[4387]],[[12662,12662],"mapped",[4391]],[[12663,12663],"mapped",[4393]],[[12664,12664],"mapped",[4395]],[[12665,12665],"mapped",[4396]],[[12666,12666],"mapped",[4397]],[[12667,12667],"mapped",[4398]],[[12668,12668],"mapped",[4399]],[[12669,12669],"mapped",[4402]],[[12670,12670],"mapped",[4406]],[[12671,12671],"mapped",[4416]],[[12672,12672],"mapped",[4423]],[[12673,12673],"mapped",[4428]],[[12674,12674],"mapped",[4593]],[[12675,12675],"mapped",[4594]],[[12676,12676],"mapped",[4439]],[[12677,12677],"mapped",[4440]],[[12678,12678],"mapped",[4441]],[[12679,12679],"mapped",[4484]],[[12680,12680],"mapped",[4485]],[[12681,12681],"mapped",[4488]],[[12682,12682],"mapped",[4497]],[[12683,12683],"mapped",[4498]],[[12684,12684],"mapped",[4500]],[[12685,12685],"mapped",[4510]],[[12686,12686],"mapped",[4513]],[[12687,12687],"disallowed"],[[12688,12689],"valid",[],"NV8"],[[12690,12690],"mapped",[19968]],[[12691,12691],"mapped",[20108]],[[12692,12692],"mapped",[19977]],[[12693,12693],"mapped",[22235]],[[12694,12694],"mapped",[19978]],[[12695,12695],"mapped",[20013]],[[12696,12696],"mapped",[19979]],[[12697,12697],"mapped",[30002]],[[12698,12698],"mapped",[20057]],[[12699,12699],"mapped",[19993]],[[12700,12700],"mapped",[19969]],[[12701,12701],"mapped",[22825]],[[12702,12702],"mapped",[22320]],[[12703,12703],"mapped",[20154]],[[12704,12727],"valid"],[[12728,12730],"valid"],[[12731,12735],"disallowed"],[[12736,12751],"valid",[],"NV8"],[[12752,12771],"valid",[],"NV8"],[[12772,12783],"disallowed"],[[12784,12799],"valid"],[[12800,12800],"disallowed_STD3_mapped",[40,4352,41]],[[12801,12801],"disallowed_STD3_mapped",[40,4354,41]],[[12802,12802],"disallowed_STD3_mapped",[40,4355,41]],[[12803,12803],"disallowed_STD3_mapped",[40,4357,41]],[[12804,12804],"disallowed_STD3_mapped",[40,4358,41]],[[12805,12805],"disallowed_STD3_mapped",[40,4359,41]],[[12806,12806],"disallowed_STD3_mapped",[40,4361,41]],[[12807,12807],"disallowed_STD3_mapped",[40,4363,41]],[[12808,12808],"disallowed_STD3_mapped",[40,4364,41]],[[12809,12809],"disallowed_STD3_mapped",[40,4366,41]],[[12810,12810],"disallowed_STD3_mapped",[40,4367,41]],[[12811,12811],"disallowed_STD3_mapped",[40,4368,41]],[[12812,12812],"disallowed_STD3_mapped",[40,4369,41]],[[12813,12813],"disallowed_STD3_mapped",[40,4370,41]],[[12814,12814],"disallowed_STD3_mapped",[40,44032,41]],[[12815,12815],"disallowed_STD3_mapped",[40,45208,41]],[[12816,12816],"disallowed_STD3_mapped",[40,45796,41]],[[12817,12817],"disallowed_STD3_mapped",[40,46972,41]],[[12818,12818],"disallowed_STD3_mapped",[40,47560,41]],[[12819,12819],"disallowed_STD3_mapped",[40,48148,41]],[[12820,12820],"disallowed_STD3_mapped",[40,49324,41]],[[12821,12821],"disallowed_STD3_mapped",[40,50500,41]],[[12822,12822],"disallowed_STD3_mapped",[40,51088,41]],[[12823,12823],"disallowed_STD3_mapped",[40,52264,41]],[[12824,12824],"disallowed_STD3_mapped",[40,52852,41]],[[12825,12825],"disallowed_STD3_mapped",[40,53440,41]],[[12826,12826],"disallowed_STD3_mapped",[40,54028,41]],[[12827,12827],"disallowed_STD3_mapped",[40,54616,41]],[[12828,12828],"disallowed_STD3_mapped",[40,51452,41]],[[12829,12829],"disallowed_STD3_mapped",[40,50724,51204,41]],[[12830,12830],"disallowed_STD3_mapped",[40,50724,54980,41]],[[12831,12831],"disallowed"],[[12832,12832],"disallowed_STD3_mapped",[40,19968,41]],[[12833,12833],"disallowed_STD3_mapped",[40,20108,41]],[[12834,12834],"disallowed_STD3_mapped",[40,19977,41]],[[12835,12835],"disallowed_STD3_mapped",[40,22235,41]],[[12836,12836],"disallowed_STD3_mapped",[40,20116,41]],[[12837,12837],"disallowed_STD3_mapped",[40,20845,41]],[[12838,12838],"disallowed_STD3_mapped",[40,19971,41]],[[12839,12839],"disallowed_STD3_mapped",[40,20843,41]],[[12840,12840],"disallowed_STD3_mapped",[40,20061,41]],[[12841,12841],"disallowed_STD3_mapped",[40,21313,41]],[[12842,12842],"disallowed_STD3_mapped",[40,26376,41]],[[12843,12843],"disallowed_STD3_mapped",[40,28779,41]],[[12844,12844],"disallowed_STD3_mapped",[40,27700,41]],[[12845,12845],"disallowed_STD3_mapped",[40,26408,41]],[[12846,12846],"disallowed_STD3_mapped",[40,37329,41]],[[12847,12847],"disallowed_STD3_mapped",[40,22303,41]],[[12848,12848],"disallowed_STD3_mapped",[40,26085,41]],[[12849,12849],"disallowed_STD3_mapped",[40,26666,41]],[[12850,12850],"disallowed_STD3_mapped",[40,26377,41]],[[12851,12851],"disallowed_STD3_mapped",[40,31038,41]],[[12852,12852],"disallowed_STD3_mapped",[40,21517,41]],[[12853,12853],"disallowed_STD3_mapped",[40,29305,41]],[[12854,12854],"disallowed_STD3_mapped",[40,36001,41]],[[12855,12855],"disallowed_STD3_mapped",[40,31069,41]],[[12856,12856],"disallowed_STD3_mapped",[40,21172,41]],[[12857,12857],"disallowed_STD3_mapped",[40,20195,41]],[[12858,12858],"disallowed_STD3_mapped",[40,21628,41]],[[12859,12859],"disallowed_STD3_mapped",[40,23398,41]],[[12860,12860],"disallowed_STD3_mapped",[40,30435,41]],[[12861,12861],"disallowed_STD3_mapped",[40,20225,41]],[[12862,12862],"disallowed_STD3_mapped",[40,36039,41]],[[12863,12863],"disallowed_STD3_mapped",[40,21332,41]],[[12864,12864],"disallowed_STD3_mapped",[40,31085,41]],[[12865,12865],"disallowed_STD3_mapped",[40,20241,41]],[[12866,12866],"disallowed_STD3_mapped",[40,33258,41]],[[12867,12867],"disallowed_STD3_mapped",[40,33267,41]],[[12868,12868],"mapped",[21839]],[[12869,12869],"mapped",[24188]],[[12870,12870],"mapped",[25991]],[[12871,12871],"mapped",[31631]],[[12872,12879],"valid",[],"NV8"],[[12880,12880],"mapped",[112,116,101]],[[12881,12881],"mapped",[50,49]],[[12882,12882],"mapped",[50,50]],[[12883,12883],"mapped",[50,51]],[[12884,12884],"mapped",[50,52]],[[12885,12885],"mapped",[50,53]],[[12886,12886],"mapped",[50,54]],[[12887,12887],"mapped",[50,55]],[[12888,12888],"mapped",[50,56]],[[12889,12889],"mapped",[50,57]],[[12890,12890],"mapped",[51,48]],[[12891,12891],"mapped",[51,49]],[[12892,12892],"mapped",[51,50]],[[12893,12893],"mapped",[51,51]],[[12894,12894],"mapped",[51,52]],[[12895,12895],"mapped",[51,53]],[[12896,12896],"mapped",[4352]],[[12897,12897],"mapped",[4354]],[[12898,12898],"mapped",[4355]],[[12899,12899],"mapped",[4357]],[[12900,12900],"mapped",[4358]],[[12901,12901],"mapped",[4359]],[[12902,12902],"mapped",[4361]],[[12903,12903],"mapped",[4363]],[[12904,12904],"mapped",[4364]],[[12905,12905],"mapped",[4366]],[[12906,12906],"mapped",[4367]],[[12907,12907],"mapped",[4368]],[[12908,12908],"mapped",[4369]],[[12909,12909],"mapped",[4370]],[[12910,12910],"mapped",[44032]],[[12911,12911],"mapped",[45208]],[[12912,12912],"mapped",[45796]],[[12913,12913],"mapped",[46972]],[[12914,12914],"mapped",[47560]],[[12915,12915],"mapped",[48148]],[[12916,12916],"mapped",[49324]],[[12917,12917],"mapped",[50500]],[[12918,12918],"mapped",[51088]],[[12919,12919],"mapped",[52264]],[[12920,12920],"mapped",[52852]],[[12921,12921],"mapped",[53440]],[[12922,12922],"mapped",[54028]],[[12923,12923],"mapped",[54616]],[[12924,12924],"mapped",[52280,44256]],[[12925,12925],"mapped",[51452,51032]],[[12926,12926],"mapped",[50864]],[[12927,12927],"valid",[],"NV8"],[[12928,12928],"mapped",[19968]],[[12929,12929],"mapped",[20108]],[[12930,12930],"mapped",[19977]],[[12931,12931],"mapped",[22235]],[[12932,12932],"mapped",[20116]],[[12933,12933],"mapped",[20845]],[[12934,12934],"mapped",[19971]],[[12935,12935],"mapped",[20843]],[[12936,12936],"mapped",[20061]],[[12937,12937],"mapped",[21313]],[[12938,12938],"mapped",[26376]],[[12939,12939],"mapped",[28779]],[[12940,12940],"mapped",[27700]],[[12941,12941],"mapped",[26408]],[[12942,12942],"mapped",[37329]],[[12943,12943],"mapped",[22303]],[[12944,12944],"mapped",[26085]],[[12945,12945],"mapped",[26666]],[[12946,12946],"mapped",[26377]],[[12947,12947],"mapped",[31038]],[[12948,12948],"mapped",[21517]],[[12949,12949],"mapped",[29305]],[[12950,12950],"mapped",[36001]],[[12951,12951],"mapped",[31069]],[[12952,12952],"mapped",[21172]],[[12953,12953],"mapped",[31192]],[[12954,12954],"mapped",[30007]],[[12955,12955],"mapped",[22899]],[[12956,12956],"mapped",[36969]],[[12957,12957],"mapped",[20778]],[[12958,12958],"mapped",[21360]],[[12959,12959],"mapped",[27880]],[[12960,12960],"mapped",[38917]],[[12961,12961],"mapped",[20241]],[[12962,12962],"mapped",[20889]],[[12963,12963],"mapped",[27491]],[[12964,12964],"mapped",[19978]],[[12965,12965],"mapped",[20013]],[[12966,12966],"mapped",[19979]],[[12967,12967],"mapped",[24038]],[[12968,12968],"mapped",[21491]],[[12969,12969],"mapped",[21307]],[[12970,12970],"mapped",[23447]],[[12971,12971],"mapped",[23398]],[[12972,12972],"mapped",[30435]],[[12973,12973],"mapped",[20225]],[[12974,12974],"mapped",[36039]],[[12975,12975],"mapped",[21332]],[[12976,12976],"mapped",[22812]],[[12977,12977],"mapped",[51,54]],[[12978,12978],"mapped",[51,55]],[[12979,12979],"mapped",[51,56]],[[12980,12980],"mapped",[51,57]],[[12981,12981],"mapped",[52,48]],[[12982,12982],"mapped",[52,49]],[[12983,12983],"mapped",[52,50]],[[12984,12984],"mapped",[52,51]],[[12985,12985],"mapped",[52,52]],[[12986,12986],"mapped",[52,53]],[[12987,12987],"mapped",[52,54]],[[12988,12988],"mapped",[52,55]],[[12989,12989],"mapped",[52,56]],[[12990,12990],"mapped",[52,57]],[[12991,12991],"mapped",[53,48]],[[12992,12992],"mapped",[49,26376]],[[12993,12993],"mapped",[50,26376]],[[12994,12994],"mapped",[51,26376]],[[12995,12995],"mapped",[52,26376]],[[12996,12996],"mapped",[53,26376]],[[12997,12997],"mapped",[54,26376]],[[12998,12998],"mapped",[55,26376]],[[12999,12999],"mapped",[56,26376]],[[13000,13000],"mapped",[57,26376]],[[13001,13001],"mapped",[49,48,26376]],[[13002,13002],"mapped",[49,49,26376]],[[13003,13003],"mapped",[49,50,26376]],[[13004,13004],"mapped",[104,103]],[[13005,13005],"mapped",[101,114,103]],[[13006,13006],"mapped",[101,118]],[[13007,13007],"mapped",[108,116,100]],[[13008,13008],"mapped",[12450]],[[13009,13009],"mapped",[12452]],[[13010,13010],"mapped",[12454]],[[13011,13011],"mapped",[12456]],[[13012,13012],"mapped",[12458]],[[13013,13013],"mapped",[12459]],[[13014,13014],"mapped",[12461]],[[13015,13015],"mapped",[12463]],[[13016,13016],"mapped",[12465]],[[13017,13017],"mapped",[12467]],[[13018,13018],"mapped",[12469]],[[13019,13019],"mapped",[12471]],[[13020,13020],"mapped",[12473]],[[13021,13021],"mapped",[12475]],[[13022,13022],"mapped",[12477]],[[13023,13023],"mapped",[12479]],[[13024,13024],"mapped",[12481]],[[13025,13025],"mapped",[12484]],[[13026,13026],"mapped",[12486]],[[13027,13027],"mapped",[12488]],[[13028,13028],"mapped",[12490]],[[13029,13029],"mapped",[12491]],[[13030,13030],"mapped",[12492]],[[13031,13031],"mapped",[12493]],[[13032,13032],"mapped",[12494]],[[13033,13033],"mapped",[12495]],[[13034,13034],"mapped",[12498]],[[13035,13035],"mapped",[12501]],[[13036,13036],"mapped",[12504]],[[13037,13037],"mapped",[12507]],[[13038,13038],"mapped",[12510]],[[13039,13039],"mapped",[12511]],[[13040,13040],"mapped",[12512]],[[13041,13041],"mapped",[12513]],[[13042,13042],"mapped",[12514]],[[13043,13043],"mapped",[12516]],[[13044,13044],"mapped",[12518]],[[13045,13045],"mapped",[12520]],[[13046,13046],"mapped",[12521]],[[13047,13047],"mapped",[12522]],[[13048,13048],"mapped",[12523]],[[13049,13049],"mapped",[12524]],[[13050,13050],"mapped",[12525]],[[13051,13051],"mapped",[12527]],[[13052,13052],"mapped",[12528]],[[13053,13053],"mapped",[12529]],[[13054,13054],"mapped",[12530]],[[13055,13055],"disallowed"],[[13056,13056],"mapped",[12450,12497,12540,12488]],[[13057,13057],"mapped",[12450,12523,12501,12449]],[[13058,13058],"mapped",[12450,12531,12506,12450]],[[13059,13059],"mapped",[12450,12540,12523]],[[13060,13060],"mapped",[12452,12491,12531,12464]],[[13061,13061],"mapped",[12452,12531,12481]],[[13062,13062],"mapped",[12454,12457,12531]],[[13063,13063],"mapped",[12456,12473,12463,12540,12489]],[[13064,13064],"mapped",[12456,12540,12459,12540]],[[13065,13065],"mapped",[12458,12531,12473]],[[13066,13066],"mapped",[12458,12540,12512]],[[13067,13067],"mapped",[12459,12452,12522]],[[13068,13068],"mapped",[12459,12521,12483,12488]],[[13069,13069],"mapped",[12459,12525,12522,12540]],[[13070,13070],"mapped",[12460,12525,12531]],[[13071,13071],"mapped",[12460,12531,12510]],[[13072,13072],"mapped",[12462,12460]],[[13073,13073],"mapped",[12462,12491,12540]],[[13074,13074],"mapped",[12461,12517,12522,12540]],[[13075,13075],"mapped",[12462,12523,12480,12540]],[[13076,13076],"mapped",[12461,12525]],[[13077,13077],"mapped",[12461,12525,12464,12521,12512]],[[13078,13078],"mapped",[12461,12525,12513,12540,12488,12523]],[[13079,13079],"mapped",[12461,12525,12527,12483,12488]],[[13080,13080],"mapped",[12464,12521,12512]],[[13081,13081],"mapped",[12464,12521,12512,12488,12531]],[[13082,13082],"mapped",[12463,12523,12476,12452,12525]],[[13083,13083],"mapped",[12463,12525,12540,12493]],[[13084,13084],"mapped",[12465,12540,12473]],[[13085,13085],"mapped",[12467,12523,12490]],[[13086,13086],"mapped",[12467,12540,12509]],[[13087,13087],"mapped",[12469,12452,12463,12523]],[[13088,13088],"mapped",[12469,12531,12481,12540,12512]],[[13089,13089],"mapped",[12471,12522,12531,12464]],[[13090,13090],"mapped",[12475,12531,12481]],[[13091,13091],"mapped",[12475,12531,12488]],[[13092,13092],"mapped",[12480,12540,12473]],[[13093,13093],"mapped",[12487,12471]],[[13094,13094],"mapped",[12489,12523]],[[13095,13095],"mapped",[12488,12531]],[[13096,13096],"mapped",[12490,12494]],[[13097,13097],"mapped",[12494,12483,12488]],[[13098,13098],"mapped",[12495,12452,12484]],[[13099,13099],"mapped",[12497,12540,12475,12531,12488]],[[13100,13100],"mapped",[12497,12540,12484]],[[13101,13101],"mapped",[12496,12540,12524,12523]],[[13102,13102],"mapped",[12500,12450,12473,12488,12523]],[[13103,13103],"mapped",[12500,12463,12523]],[[13104,13104],"mapped",[12500,12467]],[[13105,13105],"mapped",[12499,12523]],[[13106,13106],"mapped",[12501,12449,12521,12483,12489]],[[13107,13107],"mapped",[12501,12451,12540,12488]],[[13108,13108],"mapped",[12502,12483,12471,12455,12523]],[[13109,13109],"mapped",[12501,12521,12531]],[[13110,13110],"mapped",[12504,12463,12479,12540,12523]],[[13111,13111],"mapped",[12506,12477]],[[13112,13112],"mapped",[12506,12491,12498]],[[13113,13113],"mapped",[12504,12523,12484]],[[13114,13114],"mapped",[12506,12531,12473]],[[13115,13115],"mapped",[12506,12540,12472]],[[13116,13116],"mapped",[12505,12540,12479]],[[13117,13117],"mapped",[12509,12452,12531,12488]],[[13118,13118],"mapped",[12508,12523,12488]],[[13119,13119],"mapped",[12507,12531]],[[13120,13120],"mapped",[12509,12531,12489]],[[13121,13121],"mapped",[12507,12540,12523]],[[13122,13122],"mapped",[12507,12540,12531]],[[13123,13123],"mapped",[12510,12452,12463,12525]],[[13124,13124],"mapped",[12510,12452,12523]],[[13125,13125],"mapped",[12510,12483,12495]],[[13126,13126],"mapped",[12510,12523,12463]],[[13127,13127],"mapped",[12510,12531,12471,12519,12531]],[[13128,13128],"mapped",[12511,12463,12525,12531]],[[13129,13129],"mapped",[12511,12522]],[[13130,13130],"mapped",[12511,12522,12496,12540,12523]],[[13131,13131],"mapped",[12513,12460]],[[13132,13132],"mapped",[12513,12460,12488,12531]],[[13133,13133],"mapped",[12513,12540,12488,12523]],[[13134,13134],"mapped",[12516,12540,12489]],[[13135,13135],"mapped",[12516,12540,12523]],[[13136,13136],"mapped",[12518,12450,12531]],[[13137,13137],"mapped",[12522,12483,12488,12523]],[[13138,13138],"mapped",[12522,12521]],[[13139,13139],"mapped",[12523,12500,12540]],[[13140,13140],"mapped",[12523,12540,12502,12523]],[[13141,13141],"mapped",[12524,12512]],[[13142,13142],"mapped",[12524,12531,12488,12466,12531]],[[13143,13143],"mapped",[12527,12483,12488]],[[13144,13144],"mapped",[48,28857]],[[13145,13145],"mapped",[49,28857]],[[13146,13146],"mapped",[50,28857]],[[13147,13147],"mapped",[51,28857]],[[13148,13148],"mapped",[52,28857]],[[13149,13149],"mapped",[53,28857]],[[13150,13150],"mapped",[54,28857]],[[13151,13151],"mapped",[55,28857]],[[13152,13152],"mapped",[56,28857]],[[13153,13153],"mapped",[57,28857]],[[13154,13154],"mapped",[49,48,28857]],[[13155,13155],"mapped",[49,49,28857]],[[13156,13156],"mapped",[49,50,28857]],[[13157,13157],"mapped",[49,51,28857]],[[13158,13158],"mapped",[49,52,28857]],[[13159,13159],"mapped",[49,53,28857]],[[13160,13160],"mapped",[49,54,28857]],[[13161,13161],"mapped",[49,55,28857]],[[13162,13162],"mapped",[49,56,28857]],[[13163,13163],"mapped",[49,57,28857]],[[13164,13164],"mapped",[50,48,28857]],[[13165,13165],"mapped",[50,49,28857]],[[13166,13166],"mapped",[50,50,28857]],[[13167,13167],"mapped",[50,51,28857]],[[13168,13168],"mapped",[50,52,28857]],[[13169,13169],"mapped",[104,112,97]],[[13170,13170],"mapped",[100,97]],[[13171,13171],"mapped",[97,117]],[[13172,13172],"mapped",[98,97,114]],[[13173,13173],"mapped",[111,118]],[[13174,13174],"mapped",[112,99]],[[13175,13175],"mapped",[100,109]],[[13176,13176],"mapped",[100,109,50]],[[13177,13177],"mapped",[100,109,51]],[[13178,13178],"mapped",[105,117]],[[13179,13179],"mapped",[24179,25104]],[[13180,13180],"mapped",[26157,21644]],[[13181,13181],"mapped",[22823,27491]],[[13182,13182],"mapped",[26126,27835]],[[13183,13183],"mapped",[26666,24335,20250,31038]],[[13184,13184],"mapped",[112,97]],[[13185,13185],"mapped",[110,97]],[[13186,13186],"mapped",[956,97]],[[13187,13187],"mapped",[109,97]],[[13188,13188],"mapped",[107,97]],[[13189,13189],"mapped",[107,98]],[[13190,13190],"mapped",[109,98]],[[13191,13191],"mapped",[103,98]],[[13192,13192],"mapped",[99,97,108]],[[13193,13193],"mapped",[107,99,97,108]],[[13194,13194],"mapped",[112,102]],[[13195,13195],"mapped",[110,102]],[[13196,13196],"mapped",[956,102]],[[13197,13197],"mapped",[956,103]],[[13198,13198],"mapped",[109,103]],[[13199,13199],"mapped",[107,103]],[[13200,13200],"mapped",[104,122]],[[13201,13201],"mapped",[107,104,122]],[[13202,13202],"mapped",[109,104,122]],[[13203,13203],"mapped",[103,104,122]],[[13204,13204],"mapped",[116,104,122]],[[13205,13205],"mapped",[956,108]],[[13206,13206],"mapped",[109,108]],[[13207,13207],"mapped",[100,108]],[[13208,13208],"mapped",[107,108]],[[13209,13209],"mapped",[102,109]],[[13210,13210],"mapped",[110,109]],[[13211,13211],"mapped",[956,109]],[[13212,13212],"mapped",[109,109]],[[13213,13213],"mapped",[99,109]],[[13214,13214],"mapped",[107,109]],[[13215,13215],"mapped",[109,109,50]],[[13216,13216],"mapped",[99,109,50]],[[13217,13217],"mapped",[109,50]],[[13218,13218],"mapped",[107,109,50]],[[13219,13219],"mapped",[109,109,51]],[[13220,13220],"mapped",[99,109,51]],[[13221,13221],"mapped",[109,51]],[[13222,13222],"mapped",[107,109,51]],[[13223,13223],"mapped",[109,8725,115]],[[13224,13224],"mapped",[109,8725,115,50]],[[13225,13225],"mapped",[112,97]],[[13226,13226],"mapped",[107,112,97]],[[13227,13227],"mapped",[109,112,97]],[[13228,13228],"mapped",[103,112,97]],[[13229,13229],"mapped",[114,97,100]],[[13230,13230],"mapped",[114,97,100,8725,115]],[[13231,13231],"mapped",[114,97,100,8725,115,50]],[[13232,13232],"mapped",[112,115]],[[13233,13233],"mapped",[110,115]],[[13234,13234],"mapped",[956,115]],[[13235,13235],"mapped",[109,115]],[[13236,13236],"mapped",[112,118]],[[13237,13237],"mapped",[110,118]],[[13238,13238],"mapped",[956,118]],[[13239,13239],"mapped",[109,118]],[[13240,13240],"mapped",[107,118]],[[13241,13241],"mapped",[109,118]],[[13242,13242],"mapped",[112,119]],[[13243,13243],"mapped",[110,119]],[[13244,13244],"mapped",[956,119]],[[13245,13245],"mapped",[109,119]],[[13246,13246],"mapped",[107,119]],[[13247,13247],"mapped",[109,119]],[[13248,13248],"mapped",[107,969]],[[13249,13249],"mapped",[109,969]],[[13250,13250],"disallowed"],[[13251,13251],"mapped",[98,113]],[[13252,13252],"mapped",[99,99]],[[13253,13253],"mapped",[99,100]],[[13254,13254],"mapped",[99,8725,107,103]],[[13255,13255],"disallowed"],[[13256,13256],"mapped",[100,98]],[[13257,13257],"mapped",[103,121]],[[13258,13258],"mapped",[104,97]],[[13259,13259],"mapped",[104,112]],[[13260,13260],"mapped",[105,110]],[[13261,13261],"mapped",[107,107]],[[13262,13262],"mapped",[107,109]],[[13263,13263],"mapped",[107,116]],[[13264,13264],"mapped",[108,109]],[[13265,13265],"mapped",[108,110]],[[13266,13266],"mapped",[108,111,103]],[[13267,13267],"mapped",[108,120]],[[13268,13268],"mapped",[109,98]],[[13269,13269],"mapped",[109,105,108]],[[13270,13270],"mapped",[109,111,108]],[[13271,13271],"mapped",[112,104]],[[13272,13272],"disallowed"],[[13273,13273],"mapped",[112,112,109]],[[13274,13274],"mapped",[112,114]],[[13275,13275],"mapped",[115,114]],[[13276,13276],"mapped",[115,118]],[[13277,13277],"mapped",[119,98]],[[13278,13278],"mapped",[118,8725,109]],[[13279,13279],"mapped",[97,8725,109]],[[13280,13280],"mapped",[49,26085]],[[13281,13281],"mapped",[50,26085]],[[13282,13282],"mapped",[51,26085]],[[13283,13283],"mapped",[52,26085]],[[13284,13284],"mapped",[53,26085]],[[13285,13285],"mapped",[54,26085]],[[13286,13286],"mapped",[55,26085]],[[13287,13287],"mapped",[56,26085]],[[13288,13288],"mapped",[57,26085]],[[13289,13289],"mapped",[49,48,26085]],[[13290,13290],"mapped",[49,49,26085]],[[13291,13291],"mapped",[49,50,26085]],[[13292,13292],"mapped",[49,51,26085]],[[13293,13293],"mapped",[49,52,26085]],[[13294,13294],"mapped",[49,53,26085]],[[13295,13295],"mapped",[49,54,26085]],[[13296,13296],"mapped",[49,55,26085]],[[13297,13297],"mapped",[49,56,26085]],[[13298,13298],"mapped",[49,57,26085]],[[13299,13299],"mapped",[50,48,26085]],[[13300,13300],"mapped",[50,49,26085]],[[13301,13301],"mapped",[50,50,26085]],[[13302,13302],"mapped",[50,51,26085]],[[13303,13303],"mapped",[50,52,26085]],[[13304,13304],"mapped",[50,53,26085]],[[13305,13305],"mapped",[50,54,26085]],[[13306,13306],"mapped",[50,55,26085]],[[13307,13307],"mapped",[50,56,26085]],[[13308,13308],"mapped",[50,57,26085]],[[13309,13309],"mapped",[51,48,26085]],[[13310,13310],"mapped",[51,49,26085]],[[13311,13311],"mapped",[103,97,108]],[[13312,19893],"valid"],[[19894,19903],"disallowed"],[[19904,19967],"valid",[],"NV8"],[[19968,40869],"valid"],[[40870,40891],"valid"],[[40892,40899],"valid"],[[40900,40907],"valid"],[[40908,40908],"valid"],[[40909,40917],"valid"],[[40918,40959],"disallowed"],[[40960,42124],"valid"],[[42125,42127],"disallowed"],[[42128,42145],"valid",[],"NV8"],[[42146,42147],"valid",[],"NV8"],[[42148,42163],"valid",[],"NV8"],[[42164,42164],"valid",[],"NV8"],[[42165,42176],"valid",[],"NV8"],[[42177,42177],"valid",[],"NV8"],[[42178,42180],"valid",[],"NV8"],[[42181,42181],"valid",[],"NV8"],[[42182,42182],"valid",[],"NV8"],[[42183,42191],"disallowed"],[[42192,42237],"valid"],[[42238,42239],"valid",[],"NV8"],[[42240,42508],"valid"],[[42509,42511],"valid",[],"NV8"],[[42512,42539],"valid"],[[42540,42559],"disallowed"],[[42560,42560],"mapped",[42561]],[[42561,42561],"valid"],[[42562,42562],"mapped",[42563]],[[42563,42563],"valid"],[[42564,42564],"mapped",[42565]],[[42565,42565],"valid"],[[42566,42566],"mapped",[42567]],[[42567,42567],"valid"],[[42568,42568],"mapped",[42569]],[[42569,42569],"valid"],[[42570,42570],"mapped",[42571]],[[42571,42571],"valid"],[[42572,42572],"mapped",[42573]],[[42573,42573],"valid"],[[42574,42574],"mapped",[42575]],[[42575,42575],"valid"],[[42576,42576],"mapped",[42577]],[[42577,42577],"valid"],[[42578,42578],"mapped",[42579]],[[42579,42579],"valid"],[[42580,42580],"mapped",[42581]],[[42581,42581],"valid"],[[42582,42582],"mapped",[42583]],[[42583,42583],"valid"],[[42584,42584],"mapped",[42585]],[[42585,42585],"valid"],[[42586,42586],"mapped",[42587]],[[42587,42587],"valid"],[[42588,42588],"mapped",[42589]],[[42589,42589],"valid"],[[42590,42590],"mapped",[42591]],[[42591,42591],"valid"],[[42592,42592],"mapped",[42593]],[[42593,42593],"valid"],[[42594,42594],"mapped",[42595]],[[42595,42595],"valid"],[[42596,42596],"mapped",[42597]],[[42597,42597],"valid"],[[42598,42598],"mapped",[42599]],[[42599,42599],"valid"],[[42600,42600],"mapped",[42601]],[[42601,42601],"valid"],[[42602,42602],"mapped",[42603]],[[42603,42603],"valid"],[[42604,42604],"mapped",[42605]],[[42605,42607],"valid"],[[42608,42611],"valid",[],"NV8"],[[42612,42619],"valid"],[[42620,42621],"valid"],[[42622,42622],"valid",[],"NV8"],[[42623,42623],"valid"],[[42624,42624],"mapped",[42625]],[[42625,42625],"valid"],[[42626,42626],"mapped",[42627]],[[42627,42627],"valid"],[[42628,42628],"mapped",[42629]],[[42629,42629],"valid"],[[42630,42630],"mapped",[42631]],[[42631,42631],"valid"],[[42632,42632],"mapped",[42633]],[[42633,42633],"valid"],[[42634,42634],"mapped",[42635]],[[42635,42635],"valid"],[[42636,42636],"mapped",[42637]],[[42637,42637],"valid"],[[42638,42638],"mapped",[42639]],[[42639,42639],"valid"],[[42640,42640],"mapped",[42641]],[[42641,42641],"valid"],[[42642,42642],"mapped",[42643]],[[42643,42643],"valid"],[[42644,42644],"mapped",[42645]],[[42645,42645],"valid"],[[42646,42646],"mapped",[42647]],[[42647,42647],"valid"],[[42648,42648],"mapped",[42649]],[[42649,42649],"valid"],[[42650,42650],"mapped",[42651]],[[42651,42651],"valid"],[[42652,42652],"mapped",[1098]],[[42653,42653],"mapped",[1100]],[[42654,42654],"valid"],[[42655,42655],"valid"],[[42656,42725],"valid"],[[42726,42735],"valid",[],"NV8"],[[42736,42737],"valid"],[[42738,42743],"valid",[],"NV8"],[[42744,42751],"disallowed"],[[42752,42774],"valid",[],"NV8"],[[42775,42778],"valid"],[[42779,42783],"valid"],[[42784,42785],"valid",[],"NV8"],[[42786,42786],"mapped",[42787]],[[42787,42787],"valid"],[[42788,42788],"mapped",[42789]],[[42789,42789],"valid"],[[42790,42790],"mapped",[42791]],[[42791,42791],"valid"],[[42792,42792],"mapped",[42793]],[[42793,42793],"valid"],[[42794,42794],"mapped",[42795]],[[42795,42795],"valid"],[[42796,42796],"mapped",[42797]],[[42797,42797],"valid"],[[42798,42798],"mapped",[42799]],[[42799,42801],"valid"],[[42802,42802],"mapped",[42803]],[[42803,42803],"valid"],[[42804,42804],"mapped",[42805]],[[42805,42805],"valid"],[[42806,42806],"mapped",[42807]],[[42807,42807],"valid"],[[42808,42808],"mapped",[42809]],[[42809,42809],"valid"],[[42810,42810],"mapped",[42811]],[[42811,42811],"valid"],[[42812,42812],"mapped",[42813]],[[42813,42813],"valid"],[[42814,42814],"mapped",[42815]],[[42815,42815],"valid"],[[42816,42816],"mapped",[42817]],[[42817,42817],"valid"],[[42818,42818],"mapped",[42819]],[[42819,42819],"valid"],[[42820,42820],"mapped",[42821]],[[42821,42821],"valid"],[[42822,42822],"mapped",[42823]],[[42823,42823],"valid"],[[42824,42824],"mapped",[42825]],[[42825,42825],"valid"],[[42826,42826],"mapped",[42827]],[[42827,42827],"valid"],[[42828,42828],"mapped",[42829]],[[42829,42829],"valid"],[[42830,42830],"mapped",[42831]],[[42831,42831],"valid"],[[42832,42832],"mapped",[42833]],[[42833,42833],"valid"],[[42834,42834],"mapped",[42835]],[[42835,42835],"valid"],[[42836,42836],"mapped",[42837]],[[42837,42837],"valid"],[[42838,42838],"mapped",[42839]],[[42839,42839],"valid"],[[42840,42840],"mapped",[42841]],[[42841,42841],"valid"],[[42842,42842],"mapped",[42843]],[[42843,42843],"valid"],[[42844,42844],"mapped",[42845]],[[42845,42845],"valid"],[[42846,42846],"mapped",[42847]],[[42847,42847],"valid"],[[42848,42848],"mapped",[42849]],[[42849,42849],"valid"],[[42850,42850],"mapped",[42851]],[[42851,42851],"valid"],[[42852,42852],"mapped",[42853]],[[42853,42853],"valid"],[[42854,42854],"mapped",[42855]],[[42855,42855],"valid"],[[42856,42856],"mapped",[42857]],[[42857,42857],"valid"],[[42858,42858],"mapped",[42859]],[[42859,42859],"valid"],[[42860,42860],"mapped",[42861]],[[42861,42861],"valid"],[[42862,42862],"mapped",[42863]],[[42863,42863],"valid"],[[42864,42864],"mapped",[42863]],[[42865,42872],"valid"],[[42873,42873],"mapped",[42874]],[[42874,42874],"valid"],[[42875,42875],"mapped",[42876]],[[42876,42876],"valid"],[[42877,42877],"mapped",[7545]],[[42878,42878],"mapped",[42879]],[[42879,42879],"valid"],[[42880,42880],"mapped",[42881]],[[42881,42881],"valid"],[[42882,42882],"mapped",[42883]],[[42883,42883],"valid"],[[42884,42884],"mapped",[42885]],[[42885,42885],"valid"],[[42886,42886],"mapped",[42887]],[[42887,42888],"valid"],[[42889,42890],"valid",[],"NV8"],[[42891,42891],"mapped",[42892]],[[42892,42892],"valid"],[[42893,42893],"mapped",[613]],[[42894,42894],"valid"],[[42895,42895],"valid"],[[42896,42896],"mapped",[42897]],[[42897,42897],"valid"],[[42898,42898],"mapped",[42899]],[[42899,42899],"valid"],[[42900,42901],"valid"],[[42902,42902],"mapped",[42903]],[[42903,42903],"valid"],[[42904,42904],"mapped",[42905]],[[42905,42905],"valid"],[[42906,42906],"mapped",[42907]],[[42907,42907],"valid"],[[42908,42908],"mapped",[42909]],[[42909,42909],"valid"],[[42910,42910],"mapped",[42911]],[[42911,42911],"valid"],[[42912,42912],"mapped",[42913]],[[42913,42913],"valid"],[[42914,42914],"mapped",[42915]],[[42915,42915],"valid"],[[42916,42916],"mapped",[42917]],[[42917,42917],"valid"],[[42918,42918],"mapped",[42919]],[[42919,42919],"valid"],[[42920,42920],"mapped",[42921]],[[42921,42921],"valid"],[[42922,42922],"mapped",[614]],[[42923,42923],"mapped",[604]],[[42924,42924],"mapped",[609]],[[42925,42925],"mapped",[620]],[[42926,42927],"disallowed"],[[42928,42928],"mapped",[670]],[[42929,42929],"mapped",[647]],[[42930,42930],"mapped",[669]],[[42931,42931],"mapped",[43859]],[[42932,42932],"mapped",[42933]],[[42933,42933],"valid"],[[42934,42934],"mapped",[42935]],[[42935,42935],"valid"],[[42936,42998],"disallowed"],[[42999,42999],"valid"],[[43000,43000],"mapped",[295]],[[43001,43001],"mapped",[339]],[[43002,43002],"valid"],[[43003,43007],"valid"],[[43008,43047],"valid"],[[43048,43051],"valid",[],"NV8"],[[43052,43055],"disallowed"],[[43056,43065],"valid",[],"NV8"],[[43066,43071],"disallowed"],[[43072,43123],"valid"],[[43124,43127],"valid",[],"NV8"],[[43128,43135],"disallowed"],[[43136,43204],"valid"],[[43205,43213],"disallowed"],[[43214,43215],"valid",[],"NV8"],[[43216,43225],"valid"],[[43226,43231],"disallowed"],[[43232,43255],"valid"],[[43256,43258],"valid",[],"NV8"],[[43259,43259],"valid"],[[43260,43260],"valid",[],"NV8"],[[43261,43261],"valid"],[[43262,43263],"disallowed"],[[43264,43309],"valid"],[[43310,43311],"valid",[],"NV8"],[[43312,43347],"valid"],[[43348,43358],"disallowed"],[[43359,43359],"valid",[],"NV8"],[[43360,43388],"valid",[],"NV8"],[[43389,43391],"disallowed"],[[43392,43456],"valid"],[[43457,43469],"valid",[],"NV8"],[[43470,43470],"disallowed"],[[43471,43481],"valid"],[[43482,43485],"disallowed"],[[43486,43487],"valid",[],"NV8"],[[43488,43518],"valid"],[[43519,43519],"disallowed"],[[43520,43574],"valid"],[[43575,43583],"disallowed"],[[43584,43597],"valid"],[[43598,43599],"disallowed"],[[43600,43609],"valid"],[[43610,43611],"disallowed"],[[43612,43615],"valid",[],"NV8"],[[43616,43638],"valid"],[[43639,43641],"valid",[],"NV8"],[[43642,43643],"valid"],[[43644,43647],"valid"],[[43648,43714],"valid"],[[43715,43738],"disallowed"],[[43739,43741],"valid"],[[43742,43743],"valid",[],"NV8"],[[43744,43759],"valid"],[[43760,43761],"valid",[],"NV8"],[[43762,43766],"valid"],[[43767,43776],"disallowed"],[[43777,43782],"valid"],[[43783,43784],"disallowed"],[[43785,43790],"valid"],[[43791,43792],"disallowed"],[[43793,43798],"valid"],[[43799,43807],"disallowed"],[[43808,43814],"valid"],[[43815,43815],"disallowed"],[[43816,43822],"valid"],[[43823,43823],"disallowed"],[[43824,43866],"valid"],[[43867,43867],"valid",[],"NV8"],[[43868,43868],"mapped",[42791]],[[43869,43869],"mapped",[43831]],[[43870,43870],"mapped",[619]],[[43871,43871],"mapped",[43858]],[[43872,43875],"valid"],[[43876,43877],"valid"],[[43878,43887],"disallowed"],[[43888,43888],"mapped",[5024]],[[43889,43889],"mapped",[5025]],[[43890,43890],"mapped",[5026]],[[43891,43891],"mapped",[5027]],[[43892,43892],"mapped",[5028]],[[43893,43893],"mapped",[5029]],[[43894,43894],"mapped",[5030]],[[43895,43895],"mapped",[5031]],[[43896,43896],"mapped",[5032]],[[43897,43897],"mapped",[5033]],[[43898,43898],"mapped",[5034]],[[43899,43899],"mapped",[5035]],[[43900,43900],"mapped",[5036]],[[43901,43901],"mapped",[5037]],[[43902,43902],"mapped",[5038]],[[43903,43903],"mapped",[5039]],[[43904,43904],"mapped",[5040]],[[43905,43905],"mapped",[5041]],[[43906,43906],"mapped",[5042]],[[43907,43907],"mapped",[5043]],[[43908,43908],"mapped",[5044]],[[43909,43909],"mapped",[5045]],[[43910,43910],"mapped",[5046]],[[43911,43911],"mapped",[5047]],[[43912,43912],"mapped",[5048]],[[43913,43913],"mapped",[5049]],[[43914,43914],"mapped",[5050]],[[43915,43915],"mapped",[5051]],[[43916,43916],"mapped",[5052]],[[43917,43917],"mapped",[5053]],[[43918,43918],"mapped",[5054]],[[43919,43919],"mapped",[5055]],[[43920,43920],"mapped",[5056]],[[43921,43921],"mapped",[5057]],[[43922,43922],"mapped",[5058]],[[43923,43923],"mapped",[5059]],[[43924,43924],"mapped",[5060]],[[43925,43925],"mapped",[5061]],[[43926,43926],"mapped",[5062]],[[43927,43927],"mapped",[5063]],[[43928,43928],"mapped",[5064]],[[43929,43929],"mapped",[5065]],[[43930,43930],"mapped",[5066]],[[43931,43931],"mapped",[5067]],[[43932,43932],"mapped",[5068]],[[43933,43933],"mapped",[5069]],[[43934,43934],"mapped",[5070]],[[43935,43935],"mapped",[5071]],[[43936,43936],"mapped",[5072]],[[43937,43937],"mapped",[5073]],[[43938,43938],"mapped",[5074]],[[43939,43939],"mapped",[5075]],[[43940,43940],"mapped",[5076]],[[43941,43941],"mapped",[5077]],[[43942,43942],"mapped",[5078]],[[43943,43943],"mapped",[5079]],[[43944,43944],"mapped",[5080]],[[43945,43945],"mapped",[5081]],[[43946,43946],"mapped",[5082]],[[43947,43947],"mapped",[5083]],[[43948,43948],"mapped",[5084]],[[43949,43949],"mapped",[5085]],[[43950,43950],"mapped",[5086]],[[43951,43951],"mapped",[5087]],[[43952,43952],"mapped",[5088]],[[43953,43953],"mapped",[5089]],[[43954,43954],"mapped",[5090]],[[43955,43955],"mapped",[5091]],[[43956,43956],"mapped",[5092]],[[43957,43957],"mapped",[5093]],[[43958,43958],"mapped",[5094]],[[43959,43959],"mapped",[5095]],[[43960,43960],"mapped",[5096]],[[43961,43961],"mapped",[5097]],[[43962,43962],"mapped",[5098]],[[43963,43963],"mapped",[5099]],[[43964,43964],"mapped",[5100]],[[43965,43965],"mapped",[5101]],[[43966,43966],"mapped",[5102]],[[43967,43967],"mapped",[5103]],[[43968,44010],"valid"],[[44011,44011],"valid",[],"NV8"],[[44012,44013],"valid"],[[44014,44015],"disallowed"],[[44016,44025],"valid"],[[44026,44031],"disallowed"],[[44032,55203],"valid"],[[55204,55215],"disallowed"],[[55216,55238],"valid",[],"NV8"],[[55239,55242],"disallowed"],[[55243,55291],"valid",[],"NV8"],[[55292,55295],"disallowed"],[[55296,57343],"disallowed"],[[57344,63743],"disallowed"],[[63744,63744],"mapped",[35912]],[[63745,63745],"mapped",[26356]],[[63746,63746],"mapped",[36554]],[[63747,63747],"mapped",[36040]],[[63748,63748],"mapped",[28369]],[[63749,63749],"mapped",[20018]],[[63750,63750],"mapped",[21477]],[[63751,63752],"mapped",[40860]],[[63753,63753],"mapped",[22865]],[[63754,63754],"mapped",[37329]],[[63755,63755],"mapped",[21895]],[[63756,63756],"mapped",[22856]],[[63757,63757],"mapped",[25078]],[[63758,63758],"mapped",[30313]],[[63759,63759],"mapped",[32645]],[[63760,63760],"mapped",[34367]],[[63761,63761],"mapped",[34746]],[[63762,63762],"mapped",[35064]],[[63763,63763],"mapped",[37007]],[[63764,63764],"mapped",[27138]],[[63765,63765],"mapped",[27931]],[[63766,63766],"mapped",[28889]],[[63767,63767],"mapped",[29662]],[[63768,63768],"mapped",[33853]],[[63769,63769],"mapped",[37226]],[[63770,63770],"mapped",[39409]],[[63771,63771],"mapped",[20098]],[[63772,63772],"mapped",[21365]],[[63773,63773],"mapped",[27396]],[[63774,63774],"mapped",[29211]],[[63775,63775],"mapped",[34349]],[[63776,63776],"mapped",[40478]],[[63777,63777],"mapped",[23888]],[[63778,63778],"mapped",[28651]],[[63779,63779],"mapped",[34253]],[[63780,63780],"mapped",[35172]],[[63781,63781],"mapped",[25289]],[[63782,63782],"mapped",[33240]],[[63783,63783],"mapped",[34847]],[[63784,63784],"mapped",[24266]],[[63785,63785],"mapped",[26391]],[[63786,63786],"mapped",[28010]],[[63787,63787],"mapped",[29436]],[[63788,63788],"mapped",[37070]],[[63789,63789],"mapped",[20358]],[[63790,63790],"mapped",[20919]],[[63791,63791],"mapped",[21214]],[[63792,63792],"mapped",[25796]],[[63793,63793],"mapped",[27347]],[[63794,63794],"mapped",[29200]],[[63795,63795],"mapped",[30439]],[[63796,63796],"mapped",[32769]],[[63797,63797],"mapped",[34310]],[[63798,63798],"mapped",[34396]],[[63799,63799],"mapped",[36335]],[[63800,63800],"mapped",[38706]],[[63801,63801],"mapped",[39791]],[[63802,63802],"mapped",[40442]],[[63803,63803],"mapped",[30860]],[[63804,63804],"mapped",[31103]],[[63805,63805],"mapped",[32160]],[[63806,63806],"mapped",[33737]],[[63807,63807],"mapped",[37636]],[[63808,63808],"mapped",[40575]],[[63809,63809],"mapped",[35542]],[[63810,63810],"mapped",[22751]],[[63811,63811],"mapped",[24324]],[[63812,63812],"mapped",[31840]],[[63813,63813],"mapped",[32894]],[[63814,63814],"mapped",[29282]],[[63815,63815],"mapped",[30922]],[[63816,63816],"mapped",[36034]],[[63817,63817],"mapped",[38647]],[[63818,63818],"mapped",[22744]],[[63819,63819],"mapped",[23650]],[[63820,63820],"mapped",[27155]],[[63821,63821],"mapped",[28122]],[[63822,63822],"mapped",[28431]],[[63823,63823],"mapped",[32047]],[[63824,63824],"mapped",[32311]],[[63825,63825],"mapped",[38475]],[[63826,63826],"mapped",[21202]],[[63827,63827],"mapped",[32907]],[[63828,63828],"mapped",[20956]],[[63829,63829],"mapped",[20940]],[[63830,63830],"mapped",[31260]],[[63831,63831],"mapped",[32190]],[[63832,63832],"mapped",[33777]],[[63833,63833],"mapped",[38517]],[[63834,63834],"mapped",[35712]],[[63835,63835],"mapped",[25295]],[[63836,63836],"mapped",[27138]],[[63837,63837],"mapped",[35582]],[[63838,63838],"mapped",[20025]],[[63839,63839],"mapped",[23527]],[[63840,63840],"mapped",[24594]],[[63841,63841],"mapped",[29575]],[[63842,63842],"mapped",[30064]],[[63843,63843],"mapped",[21271]],[[63844,63844],"mapped",[30971]],[[63845,63845],"mapped",[20415]],[[63846,63846],"mapped",[24489]],[[63847,63847],"mapped",[19981]],[[63848,63848],"mapped",[27852]],[[63849,63849],"mapped",[25976]],[[63850,63850],"mapped",[32034]],[[63851,63851],"mapped",[21443]],[[63852,63852],"mapped",[22622]],[[63853,63853],"mapped",[30465]],[[63854,63854],"mapped",[33865]],[[63855,63855],"mapped",[35498]],[[63856,63856],"mapped",[27578]],[[63857,63857],"mapped",[36784]],[[63858,63858],"mapped",[27784]],[[63859,63859],"mapped",[25342]],[[63860,63860],"mapped",[33509]],[[63861,63861],"mapped",[25504]],[[63862,63862],"mapped",[30053]],[[63863,63863],"mapped",[20142]],[[63864,63864],"mapped",[20841]],[[63865,63865],"mapped",[20937]],[[63866,63866],"mapped",[26753]],[[63867,63867],"mapped",[31975]],[[63868,63868],"mapped",[33391]],[[63869,63869],"mapped",[35538]],[[63870,63870],"mapped",[37327]],[[63871,63871],"mapped",[21237]],[[63872,63872],"mapped",[21570]],[[63873,63873],"mapped",[22899]],[[63874,63874],"mapped",[24300]],[[63875,63875],"mapped",[26053]],[[63876,63876],"mapped",[28670]],[[63877,63877],"mapped",[31018]],[[63878,63878],"mapped",[38317]],[[63879,63879],"mapped",[39530]],[[63880,63880],"mapped",[40599]],[[63881,63881],"mapped",[40654]],[[63882,63882],"mapped",[21147]],[[63883,63883],"mapped",[26310]],[[63884,63884],"mapped",[27511]],[[63885,63885],"mapped",[36706]],[[63886,63886],"mapped",[24180]],[[63887,63887],"mapped",[24976]],[[63888,63888],"mapped",[25088]],[[63889,63889],"mapped",[25754]],[[63890,63890],"mapped",[28451]],[[63891,63891],"mapped",[29001]],[[63892,63892],"mapped",[29833]],[[63893,63893],"mapped",[31178]],[[63894,63894],"mapped",[32244]],[[63895,63895],"mapped",[32879]],[[63896,63896],"mapped",[36646]],[[63897,63897],"mapped",[34030]],[[63898,63898],"mapped",[36899]],[[63899,63899],"mapped",[37706]],[[63900,63900],"mapped",[21015]],[[63901,63901],"mapped",[21155]],[[63902,63902],"mapped",[21693]],[[63903,63903],"mapped",[28872]],[[63904,63904],"mapped",[35010]],[[63905,63905],"mapped",[35498]],[[63906,63906],"mapped",[24265]],[[63907,63907],"mapped",[24565]],[[63908,63908],"mapped",[25467]],[[63909,63909],"mapped",[27566]],[[63910,63910],"mapped",[31806]],[[63911,63911],"mapped",[29557]],[[63912,63912],"mapped",[20196]],[[63913,63913],"mapped",[22265]],[[63914,63914],"mapped",[23527]],[[63915,63915],"mapped",[23994]],[[63916,63916],"mapped",[24604]],[[63917,63917],"mapped",[29618]],[[63918,63918],"mapped",[29801]],[[63919,63919],"mapped",[32666]],[[63920,63920],"mapped",[32838]],[[63921,63921],"mapped",[37428]],[[63922,63922],"mapped",[38646]],[[63923,63923],"mapped",[38728]],[[63924,63924],"mapped",[38936]],[[63925,63925],"mapped",[20363]],[[63926,63926],"mapped",[31150]],[[63927,63927],"mapped",[37300]],[[63928,63928],"mapped",[38584]],[[63929,63929],"mapped",[24801]],[[63930,63930],"mapped",[20102]],[[63931,63931],"mapped",[20698]],[[63932,63932],"mapped",[23534]],[[63933,63933],"mapped",[23615]],[[63934,63934],"mapped",[26009]],[[63935,63935],"mapped",[27138]],[[63936,63936],"mapped",[29134]],[[63937,63937],"mapped",[30274]],[[63938,63938],"mapped",[34044]],[[63939,63939],"mapped",[36988]],[[63940,63940],"mapped",[40845]],[[63941,63941],"mapped",[26248]],[[63942,63942],"mapped",[38446]],[[63943,63943],"mapped",[21129]],[[63944,63944],"mapped",[26491]],[[63945,63945],"mapped",[26611]],[[63946,63946],"mapped",[27969]],[[63947,63947],"mapped",[28316]],[[63948,63948],"mapped",[29705]],[[63949,63949],"mapped",[30041]],[[63950,63950],"mapped",[30827]],[[63951,63951],"mapped",[32016]],[[63952,63952],"mapped",[39006]],[[63953,63953],"mapped",[20845]],[[63954,63954],"mapped",[25134]],[[63955,63955],"mapped",[38520]],[[63956,63956],"mapped",[20523]],[[63957,63957],"mapped",[23833]],[[63958,63958],"mapped",[28138]],[[63959,63959],"mapped",[36650]],[[63960,63960],"mapped",[24459]],[[63961,63961],"mapped",[24900]],[[63962,63962],"mapped",[26647]],[[63963,63963],"mapped",[29575]],[[63964,63964],"mapped",[38534]],[[63965,63965],"mapped",[21033]],[[63966,63966],"mapped",[21519]],[[63967,63967],"mapped",[23653]],[[63968,63968],"mapped",[26131]],[[63969,63969],"mapped",[26446]],[[63970,63970],"mapped",[26792]],[[63971,63971],"mapped",[27877]],[[63972,63972],"mapped",[29702]],[[63973,63973],"mapped",[30178]],[[63974,63974],"mapped",[32633]],[[63975,63975],"mapped",[35023]],[[63976,63976],"mapped",[35041]],[[63977,63977],"mapped",[37324]],[[63978,63978],"mapped",[38626]],[[63979,63979],"mapped",[21311]],[[63980,63980],"mapped",[28346]],[[63981,63981],"mapped",[21533]],[[63982,63982],"mapped",[29136]],[[63983,63983],"mapped",[29848]],[[63984,63984],"mapped",[34298]],[[63985,63985],"mapped",[38563]],[[63986,63986],"mapped",[40023]],[[63987,63987],"mapped",[40607]],[[63988,63988],"mapped",[26519]],[[63989,63989],"mapped",[28107]],[[63990,63990],"mapped",[33256]],[[63991,63991],"mapped",[31435]],[[63992,63992],"mapped",[31520]],[[63993,63993],"mapped",[31890]],[[63994,63994],"mapped",[29376]],[[63995,63995],"mapped",[28825]],[[63996,63996],"mapped",[35672]],[[63997,63997],"mapped",[20160]],[[63998,63998],"mapped",[33590]],[[63999,63999],"mapped",[21050]],[[64000,64000],"mapped",[20999]],[[64001,64001],"mapped",[24230]],[[64002,64002],"mapped",[25299]],[[64003,64003],"mapped",[31958]],[[64004,64004],"mapped",[23429]],[[64005,64005],"mapped",[27934]],[[64006,64006],"mapped",[26292]],[[64007,64007],"mapped",[36667]],[[64008,64008],"mapped",[34892]],[[64009,64009],"mapped",[38477]],[[64010,64010],"mapped",[35211]],[[64011,64011],"mapped",[24275]],[[64012,64012],"mapped",[20800]],[[64013,64013],"mapped",[21952]],[[64014,64015],"valid"],[[64016,64016],"mapped",[22618]],[[64017,64017],"valid"],[[64018,64018],"mapped",[26228]],[[64019,64020],"valid"],[[64021,64021],"mapped",[20958]],[[64022,64022],"mapped",[29482]],[[64023,64023],"mapped",[30410]],[[64024,64024],"mapped",[31036]],[[64025,64025],"mapped",[31070]],[[64026,64026],"mapped",[31077]],[[64027,64027],"mapped",[31119]],[[64028,64028],"mapped",[38742]],[[64029,64029],"mapped",[31934]],[[64030,64030],"mapped",[32701]],[[64031,64031],"valid"],[[64032,64032],"mapped",[34322]],[[64033,64033],"valid"],[[64034,64034],"mapped",[35576]],[[64035,64036],"valid"],[[64037,64037],"mapped",[36920]],[[64038,64038],"mapped",[37117]],[[64039,64041],"valid"],[[64042,64042],"mapped",[39151]],[[64043,64043],"mapped",[39164]],[[64044,64044],"mapped",[39208]],[[64045,64045],"mapped",[40372]],[[64046,64046],"mapped",[37086]],[[64047,64047],"mapped",[38583]],[[64048,64048],"mapped",[20398]],[[64049,64049],"mapped",[20711]],[[64050,64050],"mapped",[20813]],[[64051,64051],"mapped",[21193]],[[64052,64052],"mapped",[21220]],[[64053,64053],"mapped",[21329]],[[64054,64054],"mapped",[21917]],[[64055,64055],"mapped",[22022]],[[64056,64056],"mapped",[22120]],[[64057,64057],"mapped",[22592]],[[64058,64058],"mapped",[22696]],[[64059,64059],"mapped",[23652]],[[64060,64060],"mapped",[23662]],[[64061,64061],"mapped",[24724]],[[64062,64062],"mapped",[24936]],[[64063,64063],"mapped",[24974]],[[64064,64064],"mapped",[25074]],[[64065,64065],"mapped",[25935]],[[64066,64066],"mapped",[26082]],[[64067,64067],"mapped",[26257]],[[64068,64068],"mapped",[26757]],[[64069,64069],"mapped",[28023]],[[64070,64070],"mapped",[28186]],[[64071,64071],"mapped",[28450]],[[64072,64072],"mapped",[29038]],[[64073,64073],"mapped",[29227]],[[64074,64074],"mapped",[29730]],[[64075,64075],"mapped",[30865]],[[64076,64076],"mapped",[31038]],[[64077,64077],"mapped",[31049]],[[64078,64078],"mapped",[31048]],[[64079,64079],"mapped",[31056]],[[64080,64080],"mapped",[31062]],[[64081,64081],"mapped",[31069]],[[64082,64082],"mapped",[31117]],[[64083,64083],"mapped",[31118]],[[64084,64084],"mapped",[31296]],[[64085,64085],"mapped",[31361]],[[64086,64086],"mapped",[31680]],[[64087,64087],"mapped",[32244]],[[64088,64088],"mapped",[32265]],[[64089,64089],"mapped",[32321]],[[64090,64090],"mapped",[32626]],[[64091,64091],"mapped",[32773]],[[64092,64092],"mapped",[33261]],[[64093,64094],"mapped",[33401]],[[64095,64095],"mapped",[33879]],[[64096,64096],"mapped",[35088]],[[64097,64097],"mapped",[35222]],[[64098,64098],"mapped",[35585]],[[64099,64099],"mapped",[35641]],[[64100,64100],"mapped",[36051]],[[64101,64101],"mapped",[36104]],[[64102,64102],"mapped",[36790]],[[64103,64103],"mapped",[36920]],[[64104,64104],"mapped",[38627]],[[64105,64105],"mapped",[38911]],[[64106,64106],"mapped",[38971]],[[64107,64107],"mapped",[24693]],[[64108,64108],"mapped",[148206]],[[64109,64109],"mapped",[33304]],[[64110,64111],"disallowed"],[[64112,64112],"mapped",[20006]],[[64113,64113],"mapped",[20917]],[[64114,64114],"mapped",[20840]],[[64115,64115],"mapped",[20352]],[[64116,64116],"mapped",[20805]],[[64117,64117],"mapped",[20864]],[[64118,64118],"mapped",[21191]],[[64119,64119],"mapped",[21242]],[[64120,64120],"mapped",[21917]],[[64121,64121],"mapped",[21845]],[[64122,64122],"mapped",[21913]],[[64123,64123],"mapped",[21986]],[[64124,64124],"mapped",[22618]],[[64125,64125],"mapped",[22707]],[[64126,64126],"mapped",[22852]],[[64127,64127],"mapped",[22868]],[[64128,64128],"mapped",[23138]],[[64129,64129],"mapped",[23336]],[[64130,64130],"mapped",[24274]],[[64131,64131],"mapped",[24281]],[[64132,64132],"mapped",[24425]],[[64133,64133],"mapped",[24493]],[[64134,64134],"mapped",[24792]],[[64135,64135],"mapped",[24910]],[[64136,64136],"mapped",[24840]],[[64137,64137],"mapped",[24974]],[[64138,64138],"mapped",[24928]],[[64139,64139],"mapped",[25074]],[[64140,64140],"mapped",[25140]],[[64141,64141],"mapped",[25540]],[[64142,64142],"mapped",[25628]],[[64143,64143],"mapped",[25682]],[[64144,64144],"mapped",[25942]],[[64145,64145],"mapped",[26228]],[[64146,64146],"mapped",[26391]],[[64147,64147],"mapped",[26395]],[[64148,64148],"mapped",[26454]],[[64149,64149],"mapped",[27513]],[[64150,64150],"mapped",[27578]],[[64151,64151],"mapped",[27969]],[[64152,64152],"mapped",[28379]],[[64153,64153],"mapped",[28363]],[[64154,64154],"mapped",[28450]],[[64155,64155],"mapped",[28702]],[[64156,64156],"mapped",[29038]],[[64157,64157],"mapped",[30631]],[[64158,64158],"mapped",[29237]],[[64159,64159],"mapped",[29359]],[[64160,64160],"mapped",[29482]],[[64161,64161],"mapped",[29809]],[[64162,64162],"mapped",[29958]],[[64163,64163],"mapped",[30011]],[[64164,64164],"mapped",[30237]],[[64165,64165],"mapped",[30239]],[[64166,64166],"mapped",[30410]],[[64167,64167],"mapped",[30427]],[[64168,64168],"mapped",[30452]],[[64169,64169],"mapped",[30538]],[[64170,64170],"mapped",[30528]],[[64171,64171],"mapped",[30924]],[[64172,64172],"mapped",[31409]],[[64173,64173],"mapped",[31680]],[[64174,64174],"mapped",[31867]],[[64175,64175],"mapped",[32091]],[[64176,64176],"mapped",[32244]],[[64177,64177],"mapped",[32574]],[[64178,64178],"mapped",[32773]],[[64179,64179],"mapped",[33618]],[[64180,64180],"mapped",[33775]],[[64181,64181],"mapped",[34681]],[[64182,64182],"mapped",[35137]],[[64183,64183],"mapped",[35206]],[[64184,64184],"mapped",[35222]],[[64185,64185],"mapped",[35519]],[[64186,64186],"mapped",[35576]],[[64187,64187],"mapped",[35531]],[[64188,64188],"mapped",[35585]],[[64189,64189],"mapped",[35582]],[[64190,64190],"mapped",[35565]],[[64191,64191],"mapped",[35641]],[[64192,64192],"mapped",[35722]],[[64193,64193],"mapped",[36104]],[[64194,64194],"mapped",[36664]],[[64195,64195],"mapped",[36978]],[[64196,64196],"mapped",[37273]],[[64197,64197],"mapped",[37494]],[[64198,64198],"mapped",[38524]],[[64199,64199],"mapped",[38627]],[[64200,64200],"mapped",[38742]],[[64201,64201],"mapped",[38875]],[[64202,64202],"mapped",[38911]],[[64203,64203],"mapped",[38923]],[[64204,64204],"mapped",[38971]],[[64205,64205],"mapped",[39698]],[[64206,64206],"mapped",[40860]],[[64207,64207],"mapped",[141386]],[[64208,64208],"mapped",[141380]],[[64209,64209],"mapped",[144341]],[[64210,64210],"mapped",[15261]],[[64211,64211],"mapped",[16408]],[[64212,64212],"mapped",[16441]],[[64213,64213],"mapped",[152137]],[[64214,64214],"mapped",[154832]],[[64215,64215],"mapped",[163539]],[[64216,64216],"mapped",[40771]],[[64217,64217],"mapped",[40846]],[[64218,64255],"disallowed"],[[64256,64256],"mapped",[102,102]],[[64257,64257],"mapped",[102,105]],[[64258,64258],"mapped",[102,108]],[[64259,64259],"mapped",[102,102,105]],[[64260,64260],"mapped",[102,102,108]],[[64261,64262],"mapped",[115,116]],[[64263,64274],"disallowed"],[[64275,64275],"mapped",[1396,1398]],[[64276,64276],"mapped",[1396,1381]],[[64277,64277],"mapped",[1396,1387]],[[64278,64278],"mapped",[1406,1398]],[[64279,64279],"mapped",[1396,1389]],[[64280,64284],"disallowed"],[[64285,64285],"mapped",[1497,1460]],[[64286,64286],"valid"],[[64287,64287],"mapped",[1522,1463]],[[64288,64288],"mapped",[1506]],[[64289,64289],"mapped",[1488]],[[64290,64290],"mapped",[1491]],[[64291,64291],"mapped",[1492]],[[64292,64292],"mapped",[1499]],[[64293,64293],"mapped",[1500]],[[64294,64294],"mapped",[1501]],[[64295,64295],"mapped",[1512]],[[64296,64296],"mapped",[1514]],[[64297,64297],"disallowed_STD3_mapped",[43]],[[64298,64298],"mapped",[1513,1473]],[[64299,64299],"mapped",[1513,1474]],[[64300,64300],"mapped",[1513,1468,1473]],[[64301,64301],"mapped",[1513,1468,1474]],[[64302,64302],"mapped",[1488,1463]],[[64303,64303],"mapped",[1488,1464]],[[64304,64304],"mapped",[1488,1468]],[[64305,64305],"mapped",[1489,1468]],[[64306,64306],"mapped",[1490,1468]],[[64307,64307],"mapped",[1491,1468]],[[64308,64308],"mapped",[1492,1468]],[[64309,64309],"mapped",[1493,1468]],[[64310,64310],"mapped",[1494,1468]],[[64311,64311],"disallowed"],[[64312,64312],"mapped",[1496,1468]],[[64313,64313],"mapped",[1497,1468]],[[64314,64314],"mapped",[1498,1468]],[[64315,64315],"mapped",[1499,1468]],[[64316,64316],"mapped",[1500,1468]],[[64317,64317],"disallowed"],[[64318,64318],"mapped",[1502,1468]],[[64319,64319],"disallowed"],[[64320,64320],"mapped",[1504,1468]],[[64321,64321],"mapped",[1505,1468]],[[64322,64322],"disallowed"],[[64323,64323],"mapped",[1507,1468]],[[64324,64324],"mapped",[1508,1468]],[[64325,64325],"disallowed"],[[64326,64326],"mapped",[1510,1468]],[[64327,64327],"mapped",[1511,1468]],[[64328,64328],"mapped",[1512,1468]],[[64329,64329],"mapped",[1513,1468]],[[64330,64330],"mapped",[1514,1468]],[[64331,64331],"mapped",[1493,1465]],[[64332,64332],"mapped",[1489,1471]],[[64333,64333],"mapped",[1499,1471]],[[64334,64334],"mapped",[1508,1471]],[[64335,64335],"mapped",[1488,1500]],[[64336,64337],"mapped",[1649]],[[64338,64341],"mapped",[1659]],[[64342,64345],"mapped",[1662]],[[64346,64349],"mapped",[1664]],[[64350,64353],"mapped",[1658]],[[64354,64357],"mapped",[1663]],[[64358,64361],"mapped",[1657]],[[64362,64365],"mapped",[1700]],[[64366,64369],"mapped",[1702]],[[64370,64373],"mapped",[1668]],[[64374,64377],"mapped",[1667]],[[64378,64381],"mapped",[1670]],[[64382,64385],"mapped",[1671]],[[64386,64387],"mapped",[1677]],[[64388,64389],"mapped",[1676]],[[64390,64391],"mapped",[1678]],[[64392,64393],"mapped",[1672]],[[64394,64395],"mapped",[1688]],[[64396,64397],"mapped",[1681]],[[64398,64401],"mapped",[1705]],[[64402,64405],"mapped",[1711]],[[64406,64409],"mapped",[1715]],[[64410,64413],"mapped",[1713]],[[64414,64415],"mapped",[1722]],[[64416,64419],"mapped",[1723]],[[64420,64421],"mapped",[1728]],[[64422,64425],"mapped",[1729]],[[64426,64429],"mapped",[1726]],[[64430,64431],"mapped",[1746]],[[64432,64433],"mapped",[1747]],[[64434,64449],"valid",[],"NV8"],[[64450,64466],"disallowed"],[[64467,64470],"mapped",[1709]],[[64471,64472],"mapped",[1735]],[[64473,64474],"mapped",[1734]],[[64475,64476],"mapped",[1736]],[[64477,64477],"mapped",[1735,1652]],[[64478,64479],"mapped",[1739]],[[64480,64481],"mapped",[1733]],[[64482,64483],"mapped",[1737]],[[64484,64487],"mapped",[1744]],[[64488,64489],"mapped",[1609]],[[64490,64491],"mapped",[1574,1575]],[[64492,64493],"mapped",[1574,1749]],[[64494,64495],"mapped",[1574,1608]],[[64496,64497],"mapped",[1574,1735]],[[64498,64499],"mapped",[1574,1734]],[[64500,64501],"mapped",[1574,1736]],[[64502,64504],"mapped",[1574,1744]],[[64505,64507],"mapped",[1574,1609]],[[64508,64511],"mapped",[1740]],[[64512,64512],"mapped",[1574,1580]],[[64513,64513],"mapped",[1574,1581]],[[64514,64514],"mapped",[1574,1605]],[[64515,64515],"mapped",[1574,1609]],[[64516,64516],"mapped",[1574,1610]],[[64517,64517],"mapped",[1576,1580]],[[64518,64518],"mapped",[1576,1581]],[[64519,64519],"mapped",[1576,1582]],[[64520,64520],"mapped",[1576,1605]],[[64521,64521],"mapped",[1576,1609]],[[64522,64522],"mapped",[1576,1610]],[[64523,64523],"mapped",[1578,1580]],[[64524,64524],"mapped",[1578,1581]],[[64525,64525],"mapped",[1578,1582]],[[64526,64526],"mapped",[1578,1605]],[[64527,64527],"mapped",[1578,1609]],[[64528,64528],"mapped",[1578,1610]],[[64529,64529],"mapped",[1579,1580]],[[64530,64530],"mapped",[1579,1605]],[[64531,64531],"mapped",[1579,1609]],[[64532,64532],"mapped",[1579,1610]],[[64533,64533],"mapped",[1580,1581]],[[64534,64534],"mapped",[1580,1605]],[[64535,64535],"mapped",[1581,1580]],[[64536,64536],"mapped",[1581,1605]],[[64537,64537],"mapped",[1582,1580]],[[64538,64538],"mapped",[1582,1581]],[[64539,64539],"mapped",[1582,1605]],[[64540,64540],"mapped",[1587,1580]],[[64541,64541],"mapped",[1587,1581]],[[64542,64542],"mapped",[1587,1582]],[[64543,64543],"mapped",[1587,1605]],[[64544,64544],"mapped",[1589,1581]],[[64545,64545],"mapped",[1589,1605]],[[64546,64546],"mapped",[1590,1580]],[[64547,64547],"mapped",[1590,1581]],[[64548,64548],"mapped",[1590,1582]],[[64549,64549],"mapped",[1590,1605]],[[64550,64550],"mapped",[1591,1581]],[[64551,64551],"mapped",[1591,1605]],[[64552,64552],"mapped",[1592,1605]],[[64553,64553],"mapped",[1593,1580]],[[64554,64554],"mapped",[1593,1605]],[[64555,64555],"mapped",[1594,1580]],[[64556,64556],"mapped",[1594,1605]],[[64557,64557],"mapped",[1601,1580]],[[64558,64558],"mapped",[1601,1581]],[[64559,64559],"mapped",[1601,1582]],[[64560,64560],"mapped",[1601,1605]],[[64561,64561],"mapped",[1601,1609]],[[64562,64562],"mapped",[1601,1610]],[[64563,64563],"mapped",[1602,1581]],[[64564,64564],"mapped",[1602,1605]],[[64565,64565],"mapped",[1602,1609]],[[64566,64566],"mapped",[1602,1610]],[[64567,64567],"mapped",[1603,1575]],[[64568,64568],"mapped",[1603,1580]],[[64569,64569],"mapped",[1603,1581]],[[64570,64570],"mapped",[1603,1582]],[[64571,64571],"mapped",[1603,1604]],[[64572,64572],"mapped",[1603,1605]],[[64573,64573],"mapped",[1603,1609]],[[64574,64574],"mapped",[1603,1610]],[[64575,64575],"mapped",[1604,1580]],[[64576,64576],"mapped",[1604,1581]],[[64577,64577],"mapped",[1604,1582]],[[64578,64578],"mapped",[1604,1605]],[[64579,64579],"mapped",[1604,1609]],[[64580,64580],"mapped",[1604,1610]],[[64581,64581],"mapped",[1605,1580]],[[64582,64582],"mapped",[1605,1581]],[[64583,64583],"mapped",[1605,1582]],[[64584,64584],"mapped",[1605,1605]],[[64585,64585],"mapped",[1605,1609]],[[64586,64586],"mapped",[1605,1610]],[[64587,64587],"mapped",[1606,1580]],[[64588,64588],"mapped",[1606,1581]],[[64589,64589],"mapped",[1606,1582]],[[64590,64590],"mapped",[1606,1605]],[[64591,64591],"mapped",[1606,1609]],[[64592,64592],"mapped",[1606,1610]],[[64593,64593],"mapped",[1607,1580]],[[64594,64594],"mapped",[1607,1605]],[[64595,64595],"mapped",[1607,1609]],[[64596,64596],"mapped",[1607,1610]],[[64597,64597],"mapped",[1610,1580]],[[64598,64598],"mapped",[1610,1581]],[[64599,64599],"mapped",[1610,1582]],[[64600,64600],"mapped",[1610,1605]],[[64601,64601],"mapped",[1610,1609]],[[64602,64602],"mapped",[1610,1610]],[[64603,64603],"mapped",[1584,1648]],[[64604,64604],"mapped",[1585,1648]],[[64605,64605],"mapped",[1609,1648]],[[64606,64606],"disallowed_STD3_mapped",[32,1612,1617]],[[64607,64607],"disallowed_STD3_mapped",[32,1613,1617]],[[64608,64608],"disallowed_STD3_mapped",[32,1614,1617]],[[64609,64609],"disallowed_STD3_mapped",[32,1615,1617]],[[64610,64610],"disallowed_STD3_mapped",[32,1616,1617]],[[64611,64611],"disallowed_STD3_mapped",[32,1617,1648]],[[64612,64612],"mapped",[1574,1585]],[[64613,64613],"mapped",[1574,1586]],[[64614,64614],"mapped",[1574,1605]],[[64615,64615],"mapped",[1574,1606]],[[64616,64616],"mapped",[1574,1609]],[[64617,64617],"mapped",[1574,1610]],[[64618,64618],"mapped",[1576,1585]],[[64619,64619],"mapped",[1576,1586]],[[64620,64620],"mapped",[1576,1605]],[[64621,64621],"mapped",[1576,1606]],[[64622,64622],"mapped",[1576,1609]],[[64623,64623],"mapped",[1576,1610]],[[64624,64624],"mapped",[1578,1585]],[[64625,64625],"mapped",[1578,1586]],[[64626,64626],"mapped",[1578,1605]],[[64627,64627],"mapped",[1578,1606]],[[64628,64628],"mapped",[1578,1609]],[[64629,64629],"mapped",[1578,1610]],[[64630,64630],"mapped",[1579,1585]],[[64631,64631],"mapped",[1579,1586]],[[64632,64632],"mapped",[1579,1605]],[[64633,64633],"mapped",[1579,1606]],[[64634,64634],"mapped",[1579,1609]],[[64635,64635],"mapped",[1579,1610]],[[64636,64636],"mapped",[1601,1609]],[[64637,64637],"mapped",[1601,1610]],[[64638,64638],"mapped",[1602,1609]],[[64639,64639],"mapped",[1602,1610]],[[64640,64640],"mapped",[1603,1575]],[[64641,64641],"mapped",[1603,1604]],[[64642,64642],"mapped",[1603,1605]],[[64643,64643],"mapped",[1603,1609]],[[64644,64644],"mapped",[1603,1610]],[[64645,64645],"mapped",[1604,1605]],[[64646,64646],"mapped",[1604,1609]],[[64647,64647],"mapped",[1604,1610]],[[64648,64648],"mapped",[1605,1575]],[[64649,64649],"mapped",[1605,1605]],[[64650,64650],"mapped",[1606,1585]],[[64651,64651],"mapped",[1606,1586]],[[64652,64652],"mapped",[1606,1605]],[[64653,64653],"mapped",[1606,1606]],[[64654,64654],"mapped",[1606,1609]],[[64655,64655],"mapped",[1606,1610]],[[64656,64656],"mapped",[1609,1648]],[[64657,64657],"mapped",[1610,1585]],[[64658,64658],"mapped",[1610,1586]],[[64659,64659],"mapped",[1610,1605]],[[64660,64660],"mapped",[1610,1606]],[[64661,64661],"mapped",[1610,1609]],[[64662,64662],"mapped",[1610,1610]],[[64663,64663],"mapped",[1574,1580]],[[64664,64664],"mapped",[1574,1581]],[[64665,64665],"mapped",[1574,1582]],[[64666,64666],"mapped",[1574,1605]],[[64667,64667],"mapped",[1574,1607]],[[64668,64668],"mapped",[1576,1580]],[[64669,64669],"mapped",[1576,1581]],[[64670,64670],"mapped",[1576,1582]],[[64671,64671],"mapped",[1576,1605]],[[64672,64672],"mapped",[1576,1607]],[[64673,64673],"mapped",[1578,1580]],[[64674,64674],"mapped",[1578,1581]],[[64675,64675],"mapped",[1578,1582]],[[64676,64676],"mapped",[1578,1605]],[[64677,64677],"mapped",[1578,1607]],[[64678,64678],"mapped",[1579,1605]],[[64679,64679],"mapped",[1580,1581]],[[64680,64680],"mapped",[1580,1605]],[[64681,64681],"mapped",[1581,1580]],[[64682,64682],"mapped",[1581,1605]],[[64683,64683],"mapped",[1582,1580]],[[64684,64684],"mapped",[1582,1605]],[[64685,64685],"mapped",[1587,1580]],[[64686,64686],"mapped",[1587,1581]],[[64687,64687],"mapped",[1587,1582]],[[64688,64688],"mapped",[1587,1605]],[[64689,64689],"mapped",[1589,1581]],[[64690,64690],"mapped",[1589,1582]],[[64691,64691],"mapped",[1589,1605]],[[64692,64692],"mapped",[1590,1580]],[[64693,64693],"mapped",[1590,1581]],[[64694,64694],"mapped",[1590,1582]],[[64695,64695],"mapped",[1590,1605]],[[64696,64696],"mapped",[1591,1581]],[[64697,64697],"mapped",[1592,1605]],[[64698,64698],"mapped",[1593,1580]],[[64699,64699],"mapped",[1593,1605]],[[64700,64700],"mapped",[1594,1580]],[[64701,64701],"mapped",[1594,1605]],[[64702,64702],"mapped",[1601,1580]],[[64703,64703],"mapped",[1601,1581]],[[64704,64704],"mapped",[1601,1582]],[[64705,64705],"mapped",[1601,1605]],[[64706,64706],"mapped",[1602,1581]],[[64707,64707],"mapped",[1602,1605]],[[64708,64708],"mapped",[1603,1580]],[[64709,64709],"mapped",[1603,1581]],[[64710,64710],"mapped",[1603,1582]],[[64711,64711],"mapped",[1603,1604]],[[64712,64712],"mapped",[1603,1605]],[[64713,64713],"mapped",[1604,1580]],[[64714,64714],"mapped",[1604,1581]],[[64715,64715],"mapped",[1604,1582]],[[64716,64716],"mapped",[1604,1605]],[[64717,64717],"mapped",[1604,1607]],[[64718,64718],"mapped",[1605,1580]],[[64719,64719],"mapped",[1605,1581]],[[64720,64720],"mapped",[1605,1582]],[[64721,64721],"mapped",[1605,1605]],[[64722,64722],"mapped",[1606,1580]],[[64723,64723],"mapped",[1606,1581]],[[64724,64724],"mapped",[1606,1582]],[[64725,64725],"mapped",[1606,1605]],[[64726,64726],"mapped",[1606,1607]],[[64727,64727],"mapped",[1607,1580]],[[64728,64728],"mapped",[1607,1605]],[[64729,64729],"mapped",[1607,1648]],[[64730,64730],"mapped",[1610,1580]],[[64731,64731],"mapped",[1610,1581]],[[64732,64732],"mapped",[1610,1582]],[[64733,64733],"mapped",[1610,1605]],[[64734,64734],"mapped",[1610,1607]],[[64735,64735],"mapped",[1574,1605]],[[64736,64736],"mapped",[1574,1607]],[[64737,64737],"mapped",[1576,1605]],[[64738,64738],"mapped",[1576,1607]],[[64739,64739],"mapped",[1578,1605]],[[64740,64740],"mapped",[1578,1607]],[[64741,64741],"mapped",[1579,1605]],[[64742,64742],"mapped",[1579,1607]],[[64743,64743],"mapped",[1587,1605]],[[64744,64744],"mapped",[1587,1607]],[[64745,64745],"mapped",[1588,1605]],[[64746,64746],"mapped",[1588,1607]],[[64747,64747],"mapped",[1603,1604]],[[64748,64748],"mapped",[1603,1605]],[[64749,64749],"mapped",[1604,1605]],[[64750,64750],"mapped",[1606,1605]],[[64751,64751],"mapped",[1606,1607]],[[64752,64752],"mapped",[1610,1605]],[[64753,64753],"mapped",[1610,1607]],[[64754,64754],"mapped",[1600,1614,1617]],[[64755,64755],"mapped",[1600,1615,1617]],[[64756,64756],"mapped",[1600,1616,1617]],[[64757,64757],"mapped",[1591,1609]],[[64758,64758],"mapped",[1591,1610]],[[64759,64759],"mapped",[1593,1609]],[[64760,64760],"mapped",[1593,1610]],[[64761,64761],"mapped",[1594,1609]],[[64762,64762],"mapped",[1594,1610]],[[64763,64763],"mapped",[1587,1609]],[[64764,64764],"mapped",[1587,1610]],[[64765,64765],"mapped",[1588,1609]],[[64766,64766],"mapped",[1588,1610]],[[64767,64767],"mapped",[1581,1609]],[[64768,64768],"mapped",[1581,1610]],[[64769,64769],"mapped",[1580,1609]],[[64770,64770],"mapped",[1580,1610]],[[64771,64771],"mapped",[1582,1609]],[[64772,64772],"mapped",[1582,1610]],[[64773,64773],"mapped",[1589,1609]],[[64774,64774],"mapped",[1589,1610]],[[64775,64775],"mapped",[1590,1609]],[[64776,64776],"mapped",[1590,1610]],[[64777,64777],"mapped",[1588,1580]],[[64778,64778],"mapped",[1588,1581]],[[64779,64779],"mapped",[1588,1582]],[[64780,64780],"mapped",[1588,1605]],[[64781,64781],"mapped",[1588,1585]],[[64782,64782],"mapped",[1587,1585]],[[64783,64783],"mapped",[1589,1585]],[[64784,64784],"mapped",[1590,1585]],[[64785,64785],"mapped",[1591,1609]],[[64786,64786],"mapped",[1591,1610]],[[64787,64787],"mapped",[1593,1609]],[[64788,64788],"mapped",[1593,1610]],[[64789,64789],"mapped",[1594,1609]],[[64790,64790],"mapped",[1594,1610]],[[64791,64791],"mapped",[1587,1609]],[[64792,64792],"mapped",[1587,1610]],[[64793,64793],"mapped",[1588,1609]],[[64794,64794],"mapped",[1588,1610]],[[64795,64795],"mapped",[1581,1609]],[[64796,64796],"mapped",[1581,1610]],[[64797,64797],"mapped",[1580,1609]],[[64798,64798],"mapped",[1580,1610]],[[64799,64799],"mapped",[1582,1609]],[[64800,64800],"mapped",[1582,1610]],[[64801,64801],"mapped",[1589,1609]],[[64802,64802],"mapped",[1589,1610]],[[64803,64803],"mapped",[1590,1609]],[[64804,64804],"mapped",[1590,1610]],[[64805,64805],"mapped",[1588,1580]],[[64806,64806],"mapped",[1588,1581]],[[64807,64807],"mapped",[1588,1582]],[[64808,64808],"mapped",[1588,1605]],[[64809,64809],"mapped",[1588,1585]],[[64810,64810],"mapped",[1587,1585]],[[64811,64811],"mapped",[1589,1585]],[[64812,64812],"mapped",[1590,1585]],[[64813,64813],"mapped",[1588,1580]],[[64814,64814],"mapped",[1588,1581]],[[64815,64815],"mapped",[1588,1582]],[[64816,64816],"mapped",[1588,1605]],[[64817,64817],"mapped",[1587,1607]],[[64818,64818],"mapped",[1588,1607]],[[64819,64819],"mapped",[1591,1605]],[[64820,64820],"mapped",[1587,1580]],[[64821,64821],"mapped",[1587,1581]],[[64822,64822],"mapped",[1587,1582]],[[64823,64823],"mapped",[1588,1580]],[[64824,64824],"mapped",[1588,1581]],[[64825,64825],"mapped",[1588,1582]],[[64826,64826],"mapped",[1591,1605]],[[64827,64827],"mapped",[1592,1605]],[[64828,64829],"mapped",[1575,1611]],[[64830,64831],"valid",[],"NV8"],[[64832,64847],"disallowed"],[[64848,64848],"mapped",[1578,1580,1605]],[[64849,64850],"mapped",[1578,1581,1580]],[[64851,64851],"mapped",[1578,1581,1605]],[[64852,64852],"mapped",[1578,1582,1605]],[[64853,64853],"mapped",[1578,1605,1580]],[[64854,64854],"mapped",[1578,1605,1581]],[[64855,64855],"mapped",[1578,1605,1582]],[[64856,64857],"mapped",[1580,1605,1581]],[[64858,64858],"mapped",[1581,1605,1610]],[[64859,64859],"mapped",[1581,1605,1609]],[[64860,64860],"mapped",[1587,1581,1580]],[[64861,64861],"mapped",[1587,1580,1581]],[[64862,64862],"mapped",[1587,1580,1609]],[[64863,64864],"mapped",[1587,1605,1581]],[[64865,64865],"mapped",[1587,1605,1580]],[[64866,64867],"mapped",[1587,1605,1605]],[[64868,64869],"mapped",[1589,1581,1581]],[[64870,64870],"mapped",[1589,1605,1605]],[[64871,64872],"mapped",[1588,1581,1605]],[[64873,64873],"mapped",[1588,1580,1610]],[[64874,64875],"mapped",[1588,1605,1582]],[[64876,64877],"mapped",[1588,1605,1605]],[[64878,64878],"mapped",[1590,1581,1609]],[[64879,64880],"mapped",[1590,1582,1605]],[[64881,64882],"mapped",[1591,1605,1581]],[[64883,64883],"mapped",[1591,1605,1605]],[[64884,64884],"mapped",[1591,1605,1610]],[[64885,64885],"mapped",[1593,1580,1605]],[[64886,64887],"mapped",[1593,1605,1605]],[[64888,64888],"mapped",[1593,1605,1609]],[[64889,64889],"mapped",[1594,1605,1605]],[[64890,64890],"mapped",[1594,1605,1610]],[[64891,64891],"mapped",[1594,1605,1609]],[[64892,64893],"mapped",[1601,1582,1605]],[[64894,64894],"mapped",[1602,1605,1581]],[[64895,64895],"mapped",[1602,1605,1605]],[[64896,64896],"mapped",[1604,1581,1605]],[[64897,64897],"mapped",[1604,1581,1610]],[[64898,64898],"mapped",[1604,1581,1609]],[[64899,64900],"mapped",[1604,1580,1580]],[[64901,64902],"mapped",[1604,1582,1605]],[[64903,64904],"mapped",[1604,1605,1581]],[[64905,64905],"mapped",[1605,1581,1580]],[[64906,64906],"mapped",[1605,1581,1605]],[[64907,64907],"mapped",[1605,1581,1610]],[[64908,64908],"mapped",[1605,1580,1581]],[[64909,64909],"mapped",[1605,1580,1605]],[[64910,64910],"mapped",[1605,1582,1580]],[[64911,64911],"mapped",[1605,1582,1605]],[[64912,64913],"disallowed"],[[64914,64914],"mapped",[1605,1580,1582]],[[64915,64915],"mapped",[1607,1605,1580]],[[64916,64916],"mapped",[1607,1605,1605]],[[64917,64917],"mapped",[1606,1581,1605]],[[64918,64918],"mapped",[1606,1581,1609]],[[64919,64920],"mapped",[1606,1580,1605]],[[64921,64921],"mapped",[1606,1580,1609]],[[64922,64922],"mapped",[1606,1605,1610]],[[64923,64923],"mapped",[1606,1605,1609]],[[64924,64925],"mapped",[1610,1605,1605]],[[64926,64926],"mapped",[1576,1582,1610]],[[64927,64927],"mapped",[1578,1580,1610]],[[64928,64928],"mapped",[1578,1580,1609]],[[64929,64929],"mapped",[1578,1582,1610]],[[64930,64930],"mapped",[1578,1582,1609]],[[64931,64931],"mapped",[1578,1605,1610]],[[64932,64932],"mapped",[1578,1605,1609]],[[64933,64933],"mapped",[1580,1605,1610]],[[64934,64934],"mapped",[1580,1581,1609]],[[64935,64935],"mapped",[1580,1605,1609]],[[64936,64936],"mapped",[1587,1582,1609]],[[64937,64937],"mapped",[1589,1581,1610]],[[64938,64938],"mapped",[1588,1581,1610]],[[64939,64939],"mapped",[1590,1581,1610]],[[64940,64940],"mapped",[1604,1580,1610]],[[64941,64941],"mapped",[1604,1605,1610]],[[64942,64942],"mapped",[1610,1581,1610]],[[64943,64943],"mapped",[1610,1580,1610]],[[64944,64944],"mapped",[1610,1605,1610]],[[64945,64945],"mapped",[1605,1605,1610]],[[64946,64946],"mapped",[1602,1605,1610]],[[64947,64947],"mapped",[1606,1581,1610]],[[64948,64948],"mapped",[1602,1605,1581]],[[64949,64949],"mapped",[1604,1581,1605]],[[64950,64950],"mapped",[1593,1605,1610]],[[64951,64951],"mapped",[1603,1605,1610]],[[64952,64952],"mapped",[1606,1580,1581]],[[64953,64953],"mapped",[1605,1582,1610]],[[64954,64954],"mapped",[1604,1580,1605]],[[64955,64955],"mapped",[1603,1605,1605]],[[64956,64956],"mapped",[1604,1580,1605]],[[64957,64957],"mapped",[1606,1580,1581]],[[64958,64958],"mapped",[1580,1581,1610]],[[64959,64959],"mapped",[1581,1580,1610]],[[64960,64960],"mapped",[1605,1580,1610]],[[64961,64961],"mapped",[1601,1605,1610]],[[64962,64962],"mapped",[1576,1581,1610]],[[64963,64963],"mapped",[1603,1605,1605]],[[64964,64964],"mapped",[1593,1580,1605]],[[64965,64965],"mapped",[1589,1605,1605]],[[64966,64966],"mapped",[1587,1582,1610]],[[64967,64967],"mapped",[1606,1580,1610]],[[64968,64975],"disallowed"],[[64976,65007],"disallowed"],[[65008,65008],"mapped",[1589,1604,1746]],[[65009,65009],"mapped",[1602,1604,1746]],[[65010,65010],"mapped",[1575,1604,1604,1607]],[[65011,65011],"mapped",[1575,1603,1576,1585]],[[65012,65012],"mapped",[1605,1581,1605,1583]],[[65013,65013],"mapped",[1589,1604,1593,1605]],[[65014,65014],"mapped",[1585,1587,1608,1604]],[[65015,65015],"mapped",[1593,1604,1610,1607]],[[65016,65016],"mapped",[1608,1587,1604,1605]],[[65017,65017],"mapped",[1589,1604,1609]],[[65018,65018],"disallowed_STD3_mapped",[1589,1604,1609,32,1575,1604,1604,1607,32,1593,1604,1610,1607,32,1608,1587,1604,1605]],[[65019,65019],"disallowed_STD3_mapped",[1580,1604,32,1580,1604,1575,1604,1607]],[[65020,65020],"mapped",[1585,1740,1575,1604]],[[65021,65021],"valid",[],"NV8"],[[65022,65023],"disallowed"],[[65024,65039],"ignored"],[[65040,65040],"disallowed_STD3_mapped",[44]],[[65041,65041],"mapped",[12289]],[[65042,65042],"disallowed"],[[65043,65043],"disallowed_STD3_mapped",[58]],[[65044,65044],"disallowed_STD3_mapped",[59]],[[65045,65045],"disallowed_STD3_mapped",[33]],[[65046,65046],"disallowed_STD3_mapped",[63]],[[65047,65047],"mapped",[12310]],[[65048,65048],"mapped",[12311]],[[65049,65049],"disallowed"],[[65050,65055],"disallowed"],[[65056,65059],"valid"],[[65060,65062],"valid"],[[65063,65069],"valid"],[[65070,65071],"valid"],[[65072,65072],"disallowed"],[[65073,65073],"mapped",[8212]],[[65074,65074],"mapped",[8211]],[[65075,65076],"disallowed_STD3_mapped",[95]],[[65077,65077],"disallowed_STD3_mapped",[40]],[[65078,65078],"disallowed_STD3_mapped",[41]],[[65079,65079],"disallowed_STD3_mapped",[123]],[[65080,65080],"disallowed_STD3_mapped",[125]],[[65081,65081],"mapped",[12308]],[[65082,65082],"mapped",[12309]],[[65083,65083],"mapped",[12304]],[[65084,65084],"mapped",[12305]],[[65085,65085],"mapped",[12298]],[[65086,65086],"mapped",[12299]],[[65087,65087],"mapped",[12296]],[[65088,65088],"mapped",[12297]],[[65089,65089],"mapped",[12300]],[[65090,65090],"mapped",[12301]],[[65091,65091],"mapped",[12302]],[[65092,65092],"mapped",[12303]],[[65093,65094],"valid",[],"NV8"],[[65095,65095],"disallowed_STD3_mapped",[91]],[[65096,65096],"disallowed_STD3_mapped",[93]],[[65097,65100],"disallowed_STD3_mapped",[32,773]],[[65101,65103],"disallowed_STD3_mapped",[95]],[[65104,65104],"disallowed_STD3_mapped",[44]],[[65105,65105],"mapped",[12289]],[[65106,65106],"disallowed"],[[65107,65107],"disallowed"],[[65108,65108],"disallowed_STD3_mapped",[59]],[[65109,65109],"disallowed_STD3_mapped",[58]],[[65110,65110],"disallowed_STD3_mapped",[63]],[[65111,65111],"disallowed_STD3_mapped",[33]],[[65112,65112],"mapped",[8212]],[[65113,65113],"disallowed_STD3_mapped",[40]],[[65114,65114],"disallowed_STD3_mapped",[41]],[[65115,65115],"disallowed_STD3_mapped",[123]],[[65116,65116],"disallowed_STD3_mapped",[125]],[[65117,65117],"mapped",[12308]],[[65118,65118],"mapped",[12309]],[[65119,65119],"disallowed_STD3_mapped",[35]],[[65120,65120],"disallowed_STD3_mapped",[38]],[[65121,65121],"disallowed_STD3_mapped",[42]],[[65122,65122],"disallowed_STD3_mapped",[43]],[[65123,65123],"mapped",[45]],[[65124,65124],"disallowed_STD3_mapped",[60]],[[65125,65125],"disallowed_STD3_mapped",[62]],[[65126,65126],"disallowed_STD3_mapped",[61]],[[65127,65127],"disallowed"],[[65128,65128],"disallowed_STD3_mapped",[92]],[[65129,65129],"disallowed_STD3_mapped",[36]],[[65130,65130],"disallowed_STD3_mapped",[37]],[[65131,65131],"disallowed_STD3_mapped",[64]],[[65132,65135],"disallowed"],[[65136,65136],"disallowed_STD3_mapped",[32,1611]],[[65137,65137],"mapped",[1600,1611]],[[65138,65138],"disallowed_STD3_mapped",[32,1612]],[[65139,65139],"valid"],[[65140,65140],"disallowed_STD3_mapped",[32,1613]],[[65141,65141],"disallowed"],[[65142,65142],"disallowed_STD3_mapped",[32,1614]],[[65143,65143],"mapped",[1600,1614]],[[65144,65144],"disallowed_STD3_mapped",[32,1615]],[[65145,65145],"mapped",[1600,1615]],[[65146,65146],"disallowed_STD3_mapped",[32,1616]],[[65147,65147],"mapped",[1600,1616]],[[65148,65148],"disallowed_STD3_mapped",[32,1617]],[[65149,65149],"mapped",[1600,1617]],[[65150,65150],"disallowed_STD3_mapped",[32,1618]],[[65151,65151],"mapped",[1600,1618]],[[65152,65152],"mapped",[1569]],[[65153,65154],"mapped",[1570]],[[65155,65156],"mapped",[1571]],[[65157,65158],"mapped",[1572]],[[65159,65160],"mapped",[1573]],[[65161,65164],"mapped",[1574]],[[65165,65166],"mapped",[1575]],[[65167,65170],"mapped",[1576]],[[65171,65172],"mapped",[1577]],[[65173,65176],"mapped",[1578]],[[65177,65180],"mapped",[1579]],[[65181,65184],"mapped",[1580]],[[65185,65188],"mapped",[1581]],[[65189,65192],"mapped",[1582]],[[65193,65194],"mapped",[1583]],[[65195,65196],"mapped",[1584]],[[65197,65198],"mapped",[1585]],[[65199,65200],"mapped",[1586]],[[65201,65204],"mapped",[1587]],[[65205,65208],"mapped",[1588]],[[65209,65212],"mapped",[1589]],[[65213,65216],"mapped",[1590]],[[65217,65220],"mapped",[1591]],[[65221,65224],"mapped",[1592]],[[65225,65228],"mapped",[1593]],[[65229,65232],"mapped",[1594]],[[65233,65236],"mapped",[1601]],[[65237,65240],"mapped",[1602]],[[65241,65244],"mapped",[1603]],[[65245,65248],"mapped",[1604]],[[65249,65252],"mapped",[1605]],[[65253,65256],"mapped",[1606]],[[65257,65260],"mapped",[1607]],[[65261,65262],"mapped",[1608]],[[65263,65264],"mapped",[1609]],[[65265,65268],"mapped",[1610]],[[65269,65270],"mapped",[1604,1570]],[[65271,65272],"mapped",[1604,1571]],[[65273,65274],"mapped",[1604,1573]],[[65275,65276],"mapped",[1604,1575]],[[65277,65278],"disallowed"],[[65279,65279],"ignored"],[[65280,65280],"disallowed"],[[65281,65281],"disallowed_STD3_mapped",[33]],[[65282,65282],"disallowed_STD3_mapped",[34]],[[65283,65283],"disallowed_STD3_mapped",[35]],[[65284,65284],"disallowed_STD3_mapped",[36]],[[65285,65285],"disallowed_STD3_mapped",[37]],[[65286,65286],"disallowed_STD3_mapped",[38]],[[65287,65287],"disallowed_STD3_mapped",[39]],[[65288,65288],"disallowed_STD3_mapped",[40]],[[65289,65289],"disallowed_STD3_mapped",[41]],[[65290,65290],"disallowed_STD3_mapped",[42]],[[65291,65291],"disallowed_STD3_mapped",[43]],[[65292,65292],"disallowed_STD3_mapped",[44]],[[65293,65293],"mapped",[45]],[[65294,65294],"mapped",[46]],[[65295,65295],"disallowed_STD3_mapped",[47]],[[65296,65296],"mapped",[48]],[[65297,65297],"mapped",[49]],[[65298,65298],"mapped",[50]],[[65299,65299],"mapped",[51]],[[65300,65300],"mapped",[52]],[[65301,65301],"mapped",[53]],[[65302,65302],"mapped",[54]],[[65303,65303],"mapped",[55]],[[65304,65304],"mapped",[56]],[[65305,65305],"mapped",[57]],[[65306,65306],"disallowed_STD3_mapped",[58]],[[65307,65307],"disallowed_STD3_mapped",[59]],[[65308,65308],"disallowed_STD3_mapped",[60]],[[65309,65309],"disallowed_STD3_mapped",[61]],[[65310,65310],"disallowed_STD3_mapped",[62]],[[65311,65311],"disallowed_STD3_mapped",[63]],[[65312,65312],"disallowed_STD3_mapped",[64]],[[65313,65313],"mapped",[97]],[[65314,65314],"mapped",[98]],[[65315,65315],"mapped",[99]],[[65316,65316],"mapped",[100]],[[65317,65317],"mapped",[101]],[[65318,65318],"mapped",[102]],[[65319,65319],"mapped",[103]],[[65320,65320],"mapped",[104]],[[65321,65321],"mapped",[105]],[[65322,65322],"mapped",[106]],[[65323,65323],"mapped",[107]],[[65324,65324],"mapped",[108]],[[65325,65325],"mapped",[109]],[[65326,65326],"mapped",[110]],[[65327,65327],"mapped",[111]],[[65328,65328],"mapped",[112]],[[65329,65329],"mapped",[113]],[[65330,65330],"mapped",[114]],[[65331,65331],"mapped",[115]],[[65332,65332],"mapped",[116]],[[65333,65333],"mapped",[117]],[[65334,65334],"mapped",[118]],[[65335,65335],"mapped",[119]],[[65336,65336],"mapped",[120]],[[65337,65337],"mapped",[121]],[[65338,65338],"mapped",[122]],[[65339,65339],"disallowed_STD3_mapped",[91]],[[65340,65340],"disallowed_STD3_mapped",[92]],[[65341,65341],"disallowed_STD3_mapped",[93]],[[65342,65342],"disallowed_STD3_mapped",[94]],[[65343,65343],"disallowed_STD3_mapped",[95]],[[65344,65344],"disallowed_STD3_mapped",[96]],[[65345,65345],"mapped",[97]],[[65346,65346],"mapped",[98]],[[65347,65347],"mapped",[99]],[[65348,65348],"mapped",[100]],[[65349,65349],"mapped",[101]],[[65350,65350],"mapped",[102]],[[65351,65351],"mapped",[103]],[[65352,65352],"mapped",[104]],[[65353,65353],"mapped",[105]],[[65354,65354],"mapped",[106]],[[65355,65355],"mapped",[107]],[[65356,65356],"mapped",[108]],[[65357,65357],"mapped",[109]],[[65358,65358],"mapped",[110]],[[65359,65359],"mapped",[111]],[[65360,65360],"mapped",[112]],[[65361,65361],"mapped",[113]],[[65362,65362],"mapped",[114]],[[65363,65363],"mapped",[115]],[[65364,65364],"mapped",[116]],[[65365,65365],"mapped",[117]],[[65366,65366],"mapped",[118]],[[65367,65367],"mapped",[119]],[[65368,65368],"mapped",[120]],[[65369,65369],"mapped",[121]],[[65370,65370],"mapped",[122]],[[65371,65371],"disallowed_STD3_mapped",[123]],[[65372,65372],"disallowed_STD3_mapped",[124]],[[65373,65373],"disallowed_STD3_mapped",[125]],[[65374,65374],"disallowed_STD3_mapped",[126]],[[65375,65375],"mapped",[10629]],[[65376,65376],"mapped",[10630]],[[65377,65377],"mapped",[46]],[[65378,65378],"mapped",[12300]],[[65379,65379],"mapped",[12301]],[[65380,65380],"mapped",[12289]],[[65381,65381],"mapped",[12539]],[[65382,65382],"mapped",[12530]],[[65383,65383],"mapped",[12449]],[[65384,65384],"mapped",[12451]],[[65385,65385],"mapped",[12453]],[[65386,65386],"mapped",[12455]],[[65387,65387],"mapped",[12457]],[[65388,65388],"mapped",[12515]],[[65389,65389],"mapped",[12517]],[[65390,65390],"mapped",[12519]],[[65391,65391],"mapped",[12483]],[[65392,65392],"mapped",[12540]],[[65393,65393],"mapped",[12450]],[[65394,65394],"mapped",[12452]],[[65395,65395],"mapped",[12454]],[[65396,65396],"mapped",[12456]],[[65397,65397],"mapped",[12458]],[[65398,65398],"mapped",[12459]],[[65399,65399],"mapped",[12461]],[[65400,65400],"mapped",[12463]],[[65401,65401],"mapped",[12465]],[[65402,65402],"mapped",[12467]],[[65403,65403],"mapped",[12469]],[[65404,65404],"mapped",[12471]],[[65405,65405],"mapped",[12473]],[[65406,65406],"mapped",[12475]],[[65407,65407],"mapped",[12477]],[[65408,65408],"mapped",[12479]],[[65409,65409],"mapped",[12481]],[[65410,65410],"mapped",[12484]],[[65411,65411],"mapped",[12486]],[[65412,65412],"mapped",[12488]],[[65413,65413],"mapped",[12490]],[[65414,65414],"mapped",[12491]],[[65415,65415],"mapped",[12492]],[[65416,65416],"mapped",[12493]],[[65417,65417],"mapped",[12494]],[[65418,65418],"mapped",[12495]],[[65419,65419],"mapped",[12498]],[[65420,65420],"mapped",[12501]],[[65421,65421],"mapped",[12504]],[[65422,65422],"mapped",[12507]],[[65423,65423],"mapped",[12510]],[[65424,65424],"mapped",[12511]],[[65425,65425],"mapped",[12512]],[[65426,65426],"mapped",[12513]],[[65427,65427],"mapped",[12514]],[[65428,65428],"mapped",[12516]],[[65429,65429],"mapped",[12518]],[[65430,65430],"mapped",[12520]],[[65431,65431],"mapped",[12521]],[[65432,65432],"mapped",[12522]],[[65433,65433],"mapped",[12523]],[[65434,65434],"mapped",[12524]],[[65435,65435],"mapped",[12525]],[[65436,65436],"mapped",[12527]],[[65437,65437],"mapped",[12531]],[[65438,65438],"mapped",[12441]],[[65439,65439],"mapped",[12442]],[[65440,65440],"disallowed"],[[65441,65441],"mapped",[4352]],[[65442,65442],"mapped",[4353]],[[65443,65443],"mapped",[4522]],[[65444,65444],"mapped",[4354]],[[65445,65445],"mapped",[4524]],[[65446,65446],"mapped",[4525]],[[65447,65447],"mapped",[4355]],[[65448,65448],"mapped",[4356]],[[65449,65449],"mapped",[4357]],[[65450,65450],"mapped",[4528]],[[65451,65451],"mapped",[4529]],[[65452,65452],"mapped",[4530]],[[65453,65453],"mapped",[4531]],[[65454,65454],"mapped",[4532]],[[65455,65455],"mapped",[4533]],[[65456,65456],"mapped",[4378]],[[65457,65457],"mapped",[4358]],[[65458,65458],"mapped",[4359]],[[65459,65459],"mapped",[4360]],[[65460,65460],"mapped",[4385]],[[65461,65461],"mapped",[4361]],[[65462,65462],"mapped",[4362]],[[65463,65463],"mapped",[4363]],[[65464,65464],"mapped",[4364]],[[65465,65465],"mapped",[4365]],[[65466,65466],"mapped",[4366]],[[65467,65467],"mapped",[4367]],[[65468,65468],"mapped",[4368]],[[65469,65469],"mapped",[4369]],[[65470,65470],"mapped",[4370]],[[65471,65473],"disallowed"],[[65474,65474],"mapped",[4449]],[[65475,65475],"mapped",[4450]],[[65476,65476],"mapped",[4451]],[[65477,65477],"mapped",[4452]],[[65478,65478],"mapped",[4453]],[[65479,65479],"mapped",[4454]],[[65480,65481],"disallowed"],[[65482,65482],"mapped",[4455]],[[65483,65483],"mapped",[4456]],[[65484,65484],"mapped",[4457]],[[65485,65485],"mapped",[4458]],[[65486,65486],"mapped",[4459]],[[65487,65487],"mapped",[4460]],[[65488,65489],"disallowed"],[[65490,65490],"mapped",[4461]],[[65491,65491],"mapped",[4462]],[[65492,65492],"mapped",[4463]],[[65493,65493],"mapped",[4464]],[[65494,65494],"mapped",[4465]],[[65495,65495],"mapped",[4466]],[[65496,65497],"disallowed"],[[65498,65498],"mapped",[4467]],[[65499,65499],"mapped",[4468]],[[65500,65500],"mapped",[4469]],[[65501,65503],"disallowed"],[[65504,65504],"mapped",[162]],[[65505,65505],"mapped",[163]],[[65506,65506],"mapped",[172]],[[65507,65507],"disallowed_STD3_mapped",[32,772]],[[65508,65508],"mapped",[166]],[[65509,65509],"mapped",[165]],[[65510,65510],"mapped",[8361]],[[65511,65511],"disallowed"],[[65512,65512],"mapped",[9474]],[[65513,65513],"mapped",[8592]],[[65514,65514],"mapped",[8593]],[[65515,65515],"mapped",[8594]],[[65516,65516],"mapped",[8595]],[[65517,65517],"mapped",[9632]],[[65518,65518],"mapped",[9675]],[[65519,65528],"disallowed"],[[65529,65531],"disallowed"],[[65532,65532],"disallowed"],[[65533,65533],"disallowed"],[[65534,65535],"disallowed"],[[65536,65547],"valid"],[[65548,65548],"disallowed"],[[65549,65574],"valid"],[[65575,65575],"disallowed"],[[65576,65594],"valid"],[[65595,65595],"disallowed"],[[65596,65597],"valid"],[[65598,65598],"disallowed"],[[65599,65613],"valid"],[[65614,65615],"disallowed"],[[65616,65629],"valid"],[[65630,65663],"disallowed"],[[65664,65786],"valid"],[[65787,65791],"disallowed"],[[65792,65794],"valid",[],"NV8"],[[65795,65798],"disallowed"],[[65799,65843],"valid",[],"NV8"],[[65844,65846],"disallowed"],[[65847,65855],"valid",[],"NV8"],[[65856,65930],"valid",[],"NV8"],[[65931,65932],"valid",[],"NV8"],[[65933,65935],"disallowed"],[[65936,65947],"valid",[],"NV8"],[[65948,65951],"disallowed"],[[65952,65952],"valid",[],"NV8"],[[65953,65999],"disallowed"],[[66000,66044],"valid",[],"NV8"],[[66045,66045],"valid"],[[66046,66175],"disallowed"],[[66176,66204],"valid"],[[66205,66207],"disallowed"],[[66208,66256],"valid"],[[66257,66271],"disallowed"],[[66272,66272],"valid"],[[66273,66299],"valid",[],"NV8"],[[66300,66303],"disallowed"],[[66304,66334],"valid"],[[66335,66335],"valid"],[[66336,66339],"valid",[],"NV8"],[[66340,66351],"disallowed"],[[66352,66368],"valid"],[[66369,66369],"valid",[],"NV8"],[[66370,66377],"valid"],[[66378,66378],"valid",[],"NV8"],[[66379,66383],"disallowed"],[[66384,66426],"valid"],[[66427,66431],"disallowed"],[[66432,66461],"valid"],[[66462,66462],"disallowed"],[[66463,66463],"valid",[],"NV8"],[[66464,66499],"valid"],[[66500,66503],"disallowed"],[[66504,66511],"valid"],[[66512,66517],"valid",[],"NV8"],[[66518,66559],"disallowed"],[[66560,66560],"mapped",[66600]],[[66561,66561],"mapped",[66601]],[[66562,66562],"mapped",[66602]],[[66563,66563],"mapped",[66603]],[[66564,66564],"mapped",[66604]],[[66565,66565],"mapped",[66605]],[[66566,66566],"mapped",[66606]],[[66567,66567],"mapped",[66607]],[[66568,66568],"mapped",[66608]],[[66569,66569],"mapped",[66609]],[[66570,66570],"mapped",[66610]],[[66571,66571],"mapped",[66611]],[[66572,66572],"mapped",[66612]],[[66573,66573],"mapped",[66613]],[[66574,66574],"mapped",[66614]],[[66575,66575],"mapped",[66615]],[[66576,66576],"mapped",[66616]],[[66577,66577],"mapped",[66617]],[[66578,66578],"mapped",[66618]],[[66579,66579],"mapped",[66619]],[[66580,66580],"mapped",[66620]],[[66581,66581],"mapped",[66621]],[[66582,66582],"mapped",[66622]],[[66583,66583],"mapped",[66623]],[[66584,66584],"mapped",[66624]],[[66585,66585],"mapped",[66625]],[[66586,66586],"mapped",[66626]],[[66587,66587],"mapped",[66627]],[[66588,66588],"mapped",[66628]],[[66589,66589],"mapped",[66629]],[[66590,66590],"mapped",[66630]],[[66591,66591],"mapped",[66631]],[[66592,66592],"mapped",[66632]],[[66593,66593],"mapped",[66633]],[[66594,66594],"mapped",[66634]],[[66595,66595],"mapped",[66635]],[[66596,66596],"mapped",[66636]],[[66597,66597],"mapped",[66637]],[[66598,66598],"mapped",[66638]],[[66599,66599],"mapped",[66639]],[[66600,66637],"valid"],[[66638,66717],"valid"],[[66718,66719],"disallowed"],[[66720,66729],"valid"],[[66730,66815],"disallowed"],[[66816,66855],"valid"],[[66856,66863],"disallowed"],[[66864,66915],"valid"],[[66916,66926],"disallowed"],[[66927,66927],"valid",[],"NV8"],[[66928,67071],"disallowed"],[[67072,67382],"valid"],[[67383,67391],"disallowed"],[[67392,67413],"valid"],[[67414,67423],"disallowed"],[[67424,67431],"valid"],[[67432,67583],"disallowed"],[[67584,67589],"valid"],[[67590,67591],"disallowed"],[[67592,67592],"valid"],[[67593,67593],"disallowed"],[[67594,67637],"valid"],[[67638,67638],"disallowed"],[[67639,67640],"valid"],[[67641,67643],"disallowed"],[[67644,67644],"valid"],[[67645,67646],"disallowed"],[[67647,67647],"valid"],[[67648,67669],"valid"],[[67670,67670],"disallowed"],[[67671,67679],"valid",[],"NV8"],[[67680,67702],"valid"],[[67703,67711],"valid",[],"NV8"],[[67712,67742],"valid"],[[67743,67750],"disallowed"],[[67751,67759],"valid",[],"NV8"],[[67760,67807],"disallowed"],[[67808,67826],"valid"],[[67827,67827],"disallowed"],[[67828,67829],"valid"],[[67830,67834],"disallowed"],[[67835,67839],"valid",[],"NV8"],[[67840,67861],"valid"],[[67862,67865],"valid",[],"NV8"],[[67866,67867],"valid",[],"NV8"],[[67868,67870],"disallowed"],[[67871,67871],"valid",[],"NV8"],[[67872,67897],"valid"],[[67898,67902],"disallowed"],[[67903,67903],"valid",[],"NV8"],[[67904,67967],"disallowed"],[[67968,68023],"valid"],[[68024,68027],"disallowed"],[[68028,68029],"valid",[],"NV8"],[[68030,68031],"valid"],[[68032,68047],"valid",[],"NV8"],[[68048,68049],"disallowed"],[[68050,68095],"valid",[],"NV8"],[[68096,68099],"valid"],[[68100,68100],"disallowed"],[[68101,68102],"valid"],[[68103,68107],"disallowed"],[[68108,68115],"valid"],[[68116,68116],"disallowed"],[[68117,68119],"valid"],[[68120,68120],"disallowed"],[[68121,68147],"valid"],[[68148,68151],"disallowed"],[[68152,68154],"valid"],[[68155,68158],"disallowed"],[[68159,68159],"valid"],[[68160,68167],"valid",[],"NV8"],[[68168,68175],"disallowed"],[[68176,68184],"valid",[],"NV8"],[[68185,68191],"disallowed"],[[68192,68220],"valid"],[[68221,68223],"valid",[],"NV8"],[[68224,68252],"valid"],[[68253,68255],"valid",[],"NV8"],[[68256,68287],"disallowed"],[[68288,68295],"valid"],[[68296,68296],"valid",[],"NV8"],[[68297,68326],"valid"],[[68327,68330],"disallowed"],[[68331,68342],"valid",[],"NV8"],[[68343,68351],"disallowed"],[[68352,68405],"valid"],[[68406,68408],"disallowed"],[[68409,68415],"valid",[],"NV8"],[[68416,68437],"valid"],[[68438,68439],"disallowed"],[[68440,68447],"valid",[],"NV8"],[[68448,68466],"valid"],[[68467,68471],"disallowed"],[[68472,68479],"valid",[],"NV8"],[[68480,68497],"valid"],[[68498,68504],"disallowed"],[[68505,68508],"valid",[],"NV8"],[[68509,68520],"disallowed"],[[68521,68527],"valid",[],"NV8"],[[68528,68607],"disallowed"],[[68608,68680],"valid"],[[68681,68735],"disallowed"],[[68736,68736],"mapped",[68800]],[[68737,68737],"mapped",[68801]],[[68738,68738],"mapped",[68802]],[[68739,68739],"mapped",[68803]],[[68740,68740],"mapped",[68804]],[[68741,68741],"mapped",[68805]],[[68742,68742],"mapped",[68806]],[[68743,68743],"mapped",[68807]],[[68744,68744],"mapped",[68808]],[[68745,68745],"mapped",[68809]],[[68746,68746],"mapped",[68810]],[[68747,68747],"mapped",[68811]],[[68748,68748],"mapped",[68812]],[[68749,68749],"mapped",[68813]],[[68750,68750],"mapped",[68814]],[[68751,68751],"mapped",[68815]],[[68752,68752],"mapped",[68816]],[[68753,68753],"mapped",[68817]],[[68754,68754],"mapped",[68818]],[[68755,68755],"mapped",[68819]],[[68756,68756],"mapped",[68820]],[[68757,68757],"mapped",[68821]],[[68758,68758],"mapped",[68822]],[[68759,68759],"mapped",[68823]],[[68760,68760],"mapped",[68824]],[[68761,68761],"mapped",[68825]],[[68762,68762],"mapped",[68826]],[[68763,68763],"mapped",[68827]],[[68764,68764],"mapped",[68828]],[[68765,68765],"mapped",[68829]],[[68766,68766],"mapped",[68830]],[[68767,68767],"mapped",[68831]],[[68768,68768],"mapped",[68832]],[[68769,68769],"mapped",[68833]],[[68770,68770],"mapped",[68834]],[[68771,68771],"mapped",[68835]],[[68772,68772],"mapped",[68836]],[[68773,68773],"mapped",[68837]],[[68774,68774],"mapped",[68838]],[[68775,68775],"mapped",[68839]],[[68776,68776],"mapped",[68840]],[[68777,68777],"mapped",[68841]],[[68778,68778],"mapped",[68842]],[[68779,68779],"mapped",[68843]],[[68780,68780],"mapped",[68844]],[[68781,68781],"mapped",[68845]],[[68782,68782],"mapped",[68846]],[[68783,68783],"mapped",[68847]],[[68784,68784],"mapped",[68848]],[[68785,68785],"mapped",[68849]],[[68786,68786],"mapped",[68850]],[[68787,68799],"disallowed"],[[68800,68850],"valid"],[[68851,68857],"disallowed"],[[68858,68863],"valid",[],"NV8"],[[68864,69215],"disallowed"],[[69216,69246],"valid",[],"NV8"],[[69247,69631],"disallowed"],[[69632,69702],"valid"],[[69703,69709],"valid",[],"NV8"],[[69710,69713],"disallowed"],[[69714,69733],"valid",[],"NV8"],[[69734,69743],"valid"],[[69744,69758],"disallowed"],[[69759,69759],"valid"],[[69760,69818],"valid"],[[69819,69820],"valid",[],"NV8"],[[69821,69821],"disallowed"],[[69822,69825],"valid",[],"NV8"],[[69826,69839],"disallowed"],[[69840,69864],"valid"],[[69865,69871],"disallowed"],[[69872,69881],"valid"],[[69882,69887],"disallowed"],[[69888,69940],"valid"],[[69941,69941],"disallowed"],[[69942,69951],"valid"],[[69952,69955],"valid",[],"NV8"],[[69956,69967],"disallowed"],[[69968,70003],"valid"],[[70004,70005],"valid",[],"NV8"],[[70006,70006],"valid"],[[70007,70015],"disallowed"],[[70016,70084],"valid"],[[70085,70088],"valid",[],"NV8"],[[70089,70089],"valid",[],"NV8"],[[70090,70092],"valid"],[[70093,70093],"valid",[],"NV8"],[[70094,70095],"disallowed"],[[70096,70105],"valid"],[[70106,70106],"valid"],[[70107,70107],"valid",[],"NV8"],[[70108,70108],"valid"],[[70109,70111],"valid",[],"NV8"],[[70112,70112],"disallowed"],[[70113,70132],"valid",[],"NV8"],[[70133,70143],"disallowed"],[[70144,70161],"valid"],[[70162,70162],"disallowed"],[[70163,70199],"valid"],[[70200,70205],"valid",[],"NV8"],[[70206,70271],"disallowed"],[[70272,70278],"valid"],[[70279,70279],"disallowed"],[[70280,70280],"valid"],[[70281,70281],"disallowed"],[[70282,70285],"valid"],[[70286,70286],"disallowed"],[[70287,70301],"valid"],[[70302,70302],"disallowed"],[[70303,70312],"valid"],[[70313,70313],"valid",[],"NV8"],[[70314,70319],"disallowed"],[[70320,70378],"valid"],[[70379,70383],"disallowed"],[[70384,70393],"valid"],[[70394,70399],"disallowed"],[[70400,70400],"valid"],[[70401,70403],"valid"],[[70404,70404],"disallowed"],[[70405,70412],"valid"],[[70413,70414],"disallowed"],[[70415,70416],"valid"],[[70417,70418],"disallowed"],[[70419,70440],"valid"],[[70441,70441],"disallowed"],[[70442,70448],"valid"],[[70449,70449],"disallowed"],[[70450,70451],"valid"],[[70452,70452],"disallowed"],[[70453,70457],"valid"],[[70458,70459],"disallowed"],[[70460,70468],"valid"],[[70469,70470],"disallowed"],[[70471,70472],"valid"],[[70473,70474],"disallowed"],[[70475,70477],"valid"],[[70478,70479],"disallowed"],[[70480,70480],"valid"],[[70481,70486],"disallowed"],[[70487,70487],"valid"],[[70488,70492],"disallowed"],[[70493,70499],"valid"],[[70500,70501],"disallowed"],[[70502,70508],"valid"],[[70509,70511],"disallowed"],[[70512,70516],"valid"],[[70517,70783],"disallowed"],[[70784,70853],"valid"],[[70854,70854],"valid",[],"NV8"],[[70855,70855],"valid"],[[70856,70863],"disallowed"],[[70864,70873],"valid"],[[70874,71039],"disallowed"],[[71040,71093],"valid"],[[71094,71095],"disallowed"],[[71096,71104],"valid"],[[71105,71113],"valid",[],"NV8"],[[71114,71127],"valid",[],"NV8"],[[71128,71133],"valid"],[[71134,71167],"disallowed"],[[71168,71232],"valid"],[[71233,71235],"valid",[],"NV8"],[[71236,71236],"valid"],[[71237,71247],"disallowed"],[[71248,71257],"valid"],[[71258,71295],"disallowed"],[[71296,71351],"valid"],[[71352,71359],"disallowed"],[[71360,71369],"valid"],[[71370,71423],"disallowed"],[[71424,71449],"valid"],[[71450,71452],"disallowed"],[[71453,71467],"valid"],[[71468,71471],"disallowed"],[[71472,71481],"valid"],[[71482,71487],"valid",[],"NV8"],[[71488,71839],"disallowed"],[[71840,71840],"mapped",[71872]],[[71841,71841],"mapped",[71873]],[[71842,71842],"mapped",[71874]],[[71843,71843],"mapped",[71875]],[[71844,71844],"mapped",[71876]],[[71845,71845],"mapped",[71877]],[[71846,71846],"mapped",[71878]],[[71847,71847],"mapped",[71879]],[[71848,71848],"mapped",[71880]],[[71849,71849],"mapped",[71881]],[[71850,71850],"mapped",[71882]],[[71851,71851],"mapped",[71883]],[[71852,71852],"mapped",[71884]],[[71853,71853],"mapped",[71885]],[[71854,71854],"mapped",[71886]],[[71855,71855],"mapped",[71887]],[[71856,71856],"mapped",[71888]],[[71857,71857],"mapped",[71889]],[[71858,71858],"mapped",[71890]],[[71859,71859],"mapped",[71891]],[[71860,71860],"mapped",[71892]],[[71861,71861],"mapped",[71893]],[[71862,71862],"mapped",[71894]],[[71863,71863],"mapped",[71895]],[[71864,71864],"mapped",[71896]],[[71865,71865],"mapped",[71897]],[[71866,71866],"mapped",[71898]],[[71867,71867],"mapped",[71899]],[[71868,71868],"mapped",[71900]],[[71869,71869],"mapped",[71901]],[[71870,71870],"mapped",[71902]],[[71871,71871],"mapped",[71903]],[[71872,71913],"valid"],[[71914,71922],"valid",[],"NV8"],[[71923,71934],"disallowed"],[[71935,71935],"valid"],[[71936,72383],"disallowed"],[[72384,72440],"valid"],[[72441,73727],"disallowed"],[[73728,74606],"valid"],[[74607,74648],"valid"],[[74649,74649],"valid"],[[74650,74751],"disallowed"],[[74752,74850],"valid",[],"NV8"],[[74851,74862],"valid",[],"NV8"],[[74863,74863],"disallowed"],[[74864,74867],"valid",[],"NV8"],[[74868,74868],"valid",[],"NV8"],[[74869,74879],"disallowed"],[[74880,75075],"valid"],[[75076,77823],"disallowed"],[[77824,78894],"valid"],[[78895,82943],"disallowed"],[[82944,83526],"valid"],[[83527,92159],"disallowed"],[[92160,92728],"valid"],[[92729,92735],"disallowed"],[[92736,92766],"valid"],[[92767,92767],"disallowed"],[[92768,92777],"valid"],[[92778,92781],"disallowed"],[[92782,92783],"valid",[],"NV8"],[[92784,92879],"disallowed"],[[92880,92909],"valid"],[[92910,92911],"disallowed"],[[92912,92916],"valid"],[[92917,92917],"valid",[],"NV8"],[[92918,92927],"disallowed"],[[92928,92982],"valid"],[[92983,92991],"valid",[],"NV8"],[[92992,92995],"valid"],[[92996,92997],"valid",[],"NV8"],[[92998,93007],"disallowed"],[[93008,93017],"valid"],[[93018,93018],"disallowed"],[[93019,93025],"valid",[],"NV8"],[[93026,93026],"disallowed"],[[93027,93047],"valid"],[[93048,93052],"disallowed"],[[93053,93071],"valid"],[[93072,93951],"disallowed"],[[93952,94020],"valid"],[[94021,94031],"disallowed"],[[94032,94078],"valid"],[[94079,94094],"disallowed"],[[94095,94111],"valid"],[[94112,110591],"disallowed"],[[110592,110593],"valid"],[[110594,113663],"disallowed"],[[113664,113770],"valid"],[[113771,113775],"disallowed"],[[113776,113788],"valid"],[[113789,113791],"disallowed"],[[113792,113800],"valid"],[[113801,113807],"disallowed"],[[113808,113817],"valid"],[[113818,113819],"disallowed"],[[113820,113820],"valid",[],"NV8"],[[113821,113822],"valid"],[[113823,113823],"valid",[],"NV8"],[[113824,113827],"ignored"],[[113828,118783],"disallowed"],[[118784,119029],"valid",[],"NV8"],[[119030,119039],"disallowed"],[[119040,119078],"valid",[],"NV8"],[[119079,119080],"disallowed"],[[119081,119081],"valid",[],"NV8"],[[119082,119133],"valid",[],"NV8"],[[119134,119134],"mapped",[119127,119141]],[[119135,119135],"mapped",[119128,119141]],[[119136,119136],"mapped",[119128,119141,119150]],[[119137,119137],"mapped",[119128,119141,119151]],[[119138,119138],"mapped",[119128,119141,119152]],[[119139,119139],"mapped",[119128,119141,119153]],[[119140,119140],"mapped",[119128,119141,119154]],[[119141,119154],"valid",[],"NV8"],[[119155,119162],"disallowed"],[[119163,119226],"valid",[],"NV8"],[[119227,119227],"mapped",[119225,119141]],[[119228,119228],"mapped",[119226,119141]],[[119229,119229],"mapped",[119225,119141,119150]],[[119230,119230],"mapped",[119226,119141,119150]],[[119231,119231],"mapped",[119225,119141,119151]],[[119232,119232],"mapped",[119226,119141,119151]],[[119233,119261],"valid",[],"NV8"],[[119262,119272],"valid",[],"NV8"],[[119273,119295],"disallowed"],[[119296,119365],"valid",[],"NV8"],[[119366,119551],"disallowed"],[[119552,119638],"valid",[],"NV8"],[[119639,119647],"disallowed"],[[119648,119665],"valid",[],"NV8"],[[119666,119807],"disallowed"],[[119808,119808],"mapped",[97]],[[119809,119809],"mapped",[98]],[[119810,119810],"mapped",[99]],[[119811,119811],"mapped",[100]],[[119812,119812],"mapped",[101]],[[119813,119813],"mapped",[102]],[[119814,119814],"mapped",[103]],[[119815,119815],"mapped",[104]],[[119816,119816],"mapped",[105]],[[119817,119817],"mapped",[106]],[[119818,119818],"mapped",[107]],[[119819,119819],"mapped",[108]],[[119820,119820],"mapped",[109]],[[119821,119821],"mapped",[110]],[[119822,119822],"mapped",[111]],[[119823,119823],"mapped",[112]],[[119824,119824],"mapped",[113]],[[119825,119825],"mapped",[114]],[[119826,119826],"mapped",[115]],[[119827,119827],"mapped",[116]],[[119828,119828],"mapped",[117]],[[119829,119829],"mapped",[118]],[[119830,119830],"mapped",[119]],[[119831,119831],"mapped",[120]],[[119832,119832],"mapped",[121]],[[119833,119833],"mapped",[122]],[[119834,119834],"mapped",[97]],[[119835,119835],"mapped",[98]],[[119836,119836],"mapped",[99]],[[119837,119837],"mapped",[100]],[[119838,119838],"mapped",[101]],[[119839,119839],"mapped",[102]],[[119840,119840],"mapped",[103]],[[119841,119841],"mapped",[104]],[[119842,119842],"mapped",[105]],[[119843,119843],"mapped",[106]],[[119844,119844],"mapped",[107]],[[119845,119845],"mapped",[108]],[[119846,119846],"mapped",[109]],[[119847,119847],"mapped",[110]],[[119848,119848],"mapped",[111]],[[119849,119849],"mapped",[112]],[[119850,119850],"mapped",[113]],[[119851,119851],"mapped",[114]],[[119852,119852],"mapped",[115]],[[119853,119853],"mapped",[116]],[[119854,119854],"mapped",[117]],[[119855,119855],"mapped",[118]],[[119856,119856],"mapped",[119]],[[119857,119857],"mapped",[120]],[[119858,119858],"mapped",[121]],[[119859,119859],"mapped",[122]],[[119860,119860],"mapped",[97]],[[119861,119861],"mapped",[98]],[[119862,119862],"mapped",[99]],[[119863,119863],"mapped",[100]],[[119864,119864],"mapped",[101]],[[119865,119865],"mapped",[102]],[[119866,119866],"mapped",[103]],[[119867,119867],"mapped",[104]],[[119868,119868],"mapped",[105]],[[119869,119869],"mapped",[106]],[[119870,119870],"mapped",[107]],[[119871,119871],"mapped",[108]],[[119872,119872],"mapped",[109]],[[119873,119873],"mapped",[110]],[[119874,119874],"mapped",[111]],[[119875,119875],"mapped",[112]],[[119876,119876],"mapped",[113]],[[119877,119877],"mapped",[114]],[[119878,119878],"mapped",[115]],[[119879,119879],"mapped",[116]],[[119880,119880],"mapped",[117]],[[119881,119881],"mapped",[118]],[[119882,119882],"mapped",[119]],[[119883,119883],"mapped",[120]],[[119884,119884],"mapped",[121]],[[119885,119885],"mapped",[122]],[[119886,119886],"mapped",[97]],[[119887,119887],"mapped",[98]],[[119888,119888],"mapped",[99]],[[119889,119889],"mapped",[100]],[[119890,119890],"mapped",[101]],[[119891,119891],"mapped",[102]],[[119892,119892],"mapped",[103]],[[119893,119893],"disallowed"],[[119894,119894],"mapped",[105]],[[119895,119895],"mapped",[106]],[[119896,119896],"mapped",[107]],[[119897,119897],"mapped",[108]],[[119898,119898],"mapped",[109]],[[119899,119899],"mapped",[110]],[[119900,119900],"mapped",[111]],[[119901,119901],"mapped",[112]],[[119902,119902],"mapped",[113]],[[119903,119903],"mapped",[114]],[[119904,119904],"mapped",[115]],[[119905,119905],"mapped",[116]],[[119906,119906],"mapped",[117]],[[119907,119907],"mapped",[118]],[[119908,119908],"mapped",[119]],[[119909,119909],"mapped",[120]],[[119910,119910],"mapped",[121]],[[119911,119911],"mapped",[122]],[[119912,119912],"mapped",[97]],[[119913,119913],"mapped",[98]],[[119914,119914],"mapped",[99]],[[119915,119915],"mapped",[100]],[[119916,119916],"mapped",[101]],[[119917,119917],"mapped",[102]],[[119918,119918],"mapped",[103]],[[119919,119919],"mapped",[104]],[[119920,119920],"mapped",[105]],[[119921,119921],"mapped",[106]],[[119922,119922],"mapped",[107]],[[119923,119923],"mapped",[108]],[[119924,119924],"mapped",[109]],[[119925,119925],"mapped",[110]],[[119926,119926],"mapped",[111]],[[119927,119927],"mapped",[112]],[[119928,119928],"mapped",[113]],[[119929,119929],"mapped",[114]],[[119930,119930],"mapped",[115]],[[119931,119931],"mapped",[116]],[[119932,119932],"mapped",[117]],[[119933,119933],"mapped",[118]],[[119934,119934],"mapped",[119]],[[119935,119935],"mapped",[120]],[[119936,119936],"mapped",[121]],[[119937,119937],"mapped",[122]],[[119938,119938],"mapped",[97]],[[119939,119939],"mapped",[98]],[[119940,119940],"mapped",[99]],[[119941,119941],"mapped",[100]],[[119942,119942],"mapped",[101]],[[119943,119943],"mapped",[102]],[[119944,119944],"mapped",[103]],[[119945,119945],"mapped",[104]],[[119946,119946],"mapped",[105]],[[119947,119947],"mapped",[106]],[[119948,119948],"mapped",[107]],[[119949,119949],"mapped",[108]],[[119950,119950],"mapped",[109]],[[119951,119951],"mapped",[110]],[[119952,119952],"mapped",[111]],[[119953,119953],"mapped",[112]],[[119954,119954],"mapped",[113]],[[119955,119955],"mapped",[114]],[[119956,119956],"mapped",[115]],[[119957,119957],"mapped",[116]],[[119958,119958],"mapped",[117]],[[119959,119959],"mapped",[118]],[[119960,119960],"mapped",[119]],[[119961,119961],"mapped",[120]],[[119962,119962],"mapped",[121]],[[119963,119963],"mapped",[122]],[[119964,119964],"mapped",[97]],[[119965,119965],"disallowed"],[[119966,119966],"mapped",[99]],[[119967,119967],"mapped",[100]],[[119968,119969],"disallowed"],[[119970,119970],"mapped",[103]],[[119971,119972],"disallowed"],[[119973,119973],"mapped",[106]],[[119974,119974],"mapped",[107]],[[119975,119976],"disallowed"],[[119977,119977],"mapped",[110]],[[119978,119978],"mapped",[111]],[[119979,119979],"mapped",[112]],[[119980,119980],"mapped",[113]],[[119981,119981],"disallowed"],[[119982,119982],"mapped",[115]],[[119983,119983],"mapped",[116]],[[119984,119984],"mapped",[117]],[[119985,119985],"mapped",[118]],[[119986,119986],"mapped",[119]],[[119987,119987],"mapped",[120]],[[119988,119988],"mapped",[121]],[[119989,119989],"mapped",[122]],[[119990,119990],"mapped",[97]],[[119991,119991],"mapped",[98]],[[119992,119992],"mapped",[99]],[[119993,119993],"mapped",[100]],[[119994,119994],"disallowed"],[[119995,119995],"mapped",[102]],[[119996,119996],"disallowed"],[[119997,119997],"mapped",[104]],[[119998,119998],"mapped",[105]],[[119999,119999],"mapped",[106]],[[120000,120000],"mapped",[107]],[[120001,120001],"mapped",[108]],[[120002,120002],"mapped",[109]],[[120003,120003],"mapped",[110]],[[120004,120004],"disallowed"],[[120005,120005],"mapped",[112]],[[120006,120006],"mapped",[113]],[[120007,120007],"mapped",[114]],[[120008,120008],"mapped",[115]],[[120009,120009],"mapped",[116]],[[120010,120010],"mapped",[117]],[[120011,120011],"mapped",[118]],[[120012,120012],"mapped",[119]],[[120013,120013],"mapped",[120]],[[120014,120014],"mapped",[121]],[[120015,120015],"mapped",[122]],[[120016,120016],"mapped",[97]],[[120017,120017],"mapped",[98]],[[120018,120018],"mapped",[99]],[[120019,120019],"mapped",[100]],[[120020,120020],"mapped",[101]],[[120021,120021],"mapped",[102]],[[120022,120022],"mapped",[103]],[[120023,120023],"mapped",[104]],[[120024,120024],"mapped",[105]],[[120025,120025],"mapped",[106]],[[120026,120026],"mapped",[107]],[[120027,120027],"mapped",[108]],[[120028,120028],"mapped",[109]],[[120029,120029],"mapped",[110]],[[120030,120030],"mapped",[111]],[[120031,120031],"mapped",[112]],[[120032,120032],"mapped",[113]],[[120033,120033],"mapped",[114]],[[120034,120034],"mapped",[115]],[[120035,120035],"mapped",[116]],[[120036,120036],"mapped",[117]],[[120037,120037],"mapped",[118]],[[120038,120038],"mapped",[119]],[[120039,120039],"mapped",[120]],[[120040,120040],"mapped",[121]],[[120041,120041],"mapped",[122]],[[120042,120042],"mapped",[97]],[[120043,120043],"mapped",[98]],[[120044,120044],"mapped",[99]],[[120045,120045],"mapped",[100]],[[120046,120046],"mapped",[101]],[[120047,120047],"mapped",[102]],[[120048,120048],"mapped",[103]],[[120049,120049],"mapped",[104]],[[120050,120050],"mapped",[105]],[[120051,120051],"mapped",[106]],[[120052,120052],"mapped",[107]],[[120053,120053],"mapped",[108]],[[120054,120054],"mapped",[109]],[[120055,120055],"mapped",[110]],[[120056,120056],"mapped",[111]],[[120057,120057],"mapped",[112]],[[120058,120058],"mapped",[113]],[[120059,120059],"mapped",[114]],[[120060,120060],"mapped",[115]],[[120061,120061],"mapped",[116]],[[120062,120062],"mapped",[117]],[[120063,120063],"mapped",[118]],[[120064,120064],"mapped",[119]],[[120065,120065],"mapped",[120]],[[120066,120066],"mapped",[121]],[[120067,120067],"mapped",[122]],[[120068,120068],"mapped",[97]],[[120069,120069],"mapped",[98]],[[120070,120070],"disallowed"],[[120071,120071],"mapped",[100]],[[120072,120072],"mapped",[101]],[[120073,120073],"mapped",[102]],[[120074,120074],"mapped",[103]],[[120075,120076],"disallowed"],[[120077,120077],"mapped",[106]],[[120078,120078],"mapped",[107]],[[120079,120079],"mapped",[108]],[[120080,120080],"mapped",[109]],[[120081,120081],"mapped",[110]],[[120082,120082],"mapped",[111]],[[120083,120083],"mapped",[112]],[[120084,120084],"mapped",[113]],[[120085,120085],"disallowed"],[[120086,120086],"mapped",[115]],[[120087,120087],"mapped",[116]],[[120088,120088],"mapped",[117]],[[120089,120089],"mapped",[118]],[[120090,120090],"mapped",[119]],[[120091,120091],"mapped",[120]],[[120092,120092],"mapped",[121]],[[120093,120093],"disallowed"],[[120094,120094],"mapped",[97]],[[120095,120095],"mapped",[98]],[[120096,120096],"mapped",[99]],[[120097,120097],"mapped",[100]],[[120098,120098],"mapped",[101]],[[120099,120099],"mapped",[102]],[[120100,120100],"mapped",[103]],[[120101,120101],"mapped",[104]],[[120102,120102],"mapped",[105]],[[120103,120103],"mapped",[106]],[[120104,120104],"mapped",[107]],[[120105,120105],"mapped",[108]],[[120106,120106],"mapped",[109]],[[120107,120107],"mapped",[110]],[[120108,120108],"mapped",[111]],[[120109,120109],"mapped",[112]],[[120110,120110],"mapped",[113]],[[120111,120111],"mapped",[114]],[[120112,120112],"mapped",[115]],[[120113,120113],"mapped",[116]],[[120114,120114],"mapped",[117]],[[120115,120115],"mapped",[118]],[[120116,120116],"mapped",[119]],[[120117,120117],"mapped",[120]],[[120118,120118],"mapped",[121]],[[120119,120119],"mapped",[122]],[[120120,120120],"mapped",[97]],[[120121,120121],"mapped",[98]],[[120122,120122],"disallowed"],[[120123,120123],"mapped",[100]],[[120124,120124],"mapped",[101]],[[120125,120125],"mapped",[102]],[[120126,120126],"mapped",[103]],[[120127,120127],"disallowed"],[[120128,120128],"mapped",[105]],[[120129,120129],"mapped",[106]],[[120130,120130],"mapped",[107]],[[120131,120131],"mapped",[108]],[[120132,120132],"mapped",[109]],[[120133,120133],"disallowed"],[[120134,120134],"mapped",[111]],[[120135,120137],"disallowed"],[[120138,120138],"mapped",[115]],[[120139,120139],"mapped",[116]],[[120140,120140],"mapped",[117]],[[120141,120141],"mapped",[118]],[[120142,120142],"mapped",[119]],[[120143,120143],"mapped",[120]],[[120144,120144],"mapped",[121]],[[120145,120145],"disallowed"],[[120146,120146],"mapped",[97]],[[120147,120147],"mapped",[98]],[[120148,120148],"mapped",[99]],[[120149,120149],"mapped",[100]],[[120150,120150],"mapped",[101]],[[120151,120151],"mapped",[102]],[[120152,120152],"mapped",[103]],[[120153,120153],"mapped",[104]],[[120154,120154],"mapped",[105]],[[120155,120155],"mapped",[106]],[[120156,120156],"mapped",[107]],[[120157,120157],"mapped",[108]],[[120158,120158],"mapped",[109]],[[120159,120159],"mapped",[110]],[[120160,120160],"mapped",[111]],[[120161,120161],"mapped",[112]],[[120162,120162],"mapped",[113]],[[120163,120163],"mapped",[114]],[[120164,120164],"mapped",[115]],[[120165,120165],"mapped",[116]],[[120166,120166],"mapped",[117]],[[120167,120167],"mapped",[118]],[[120168,120168],"mapped",[119]],[[120169,120169],"mapped",[120]],[[120170,120170],"mapped",[121]],[[120171,120171],"mapped",[122]],[[120172,120172],"mapped",[97]],[[120173,120173],"mapped",[98]],[[120174,120174],"mapped",[99]],[[120175,120175],"mapped",[100]],[[120176,120176],"mapped",[101]],[[120177,120177],"mapped",[102]],[[120178,120178],"mapped",[103]],[[120179,120179],"mapped",[104]],[[120180,120180],"mapped",[105]],[[120181,120181],"mapped",[106]],[[120182,120182],"mapped",[107]],[[120183,120183],"mapped",[108]],[[120184,120184],"mapped",[109]],[[120185,120185],"mapped",[110]],[[120186,120186],"mapped",[111]],[[120187,120187],"mapped",[112]],[[120188,120188],"mapped",[113]],[[120189,120189],"mapped",[114]],[[120190,120190],"mapped",[115]],[[120191,120191],"mapped",[116]],[[120192,120192],"mapped",[117]],[[120193,120193],"mapped",[118]],[[120194,120194],"mapped",[119]],[[120195,120195],"mapped",[120]],[[120196,120196],"mapped",[121]],[[120197,120197],"mapped",[122]],[[120198,120198],"mapped",[97]],[[120199,120199],"mapped",[98]],[[120200,120200],"mapped",[99]],[[120201,120201],"mapped",[100]],[[120202,120202],"mapped",[101]],[[120203,120203],"mapped",[102]],[[120204,120204],"mapped",[103]],[[120205,120205],"mapped",[104]],[[120206,120206],"mapped",[105]],[[120207,120207],"mapped",[106]],[[120208,120208],"mapped",[107]],[[120209,120209],"mapped",[108]],[[120210,120210],"mapped",[109]],[[120211,120211],"mapped",[110]],[[120212,120212],"mapped",[111]],[[120213,120213],"mapped",[112]],[[120214,120214],"mapped",[113]],[[120215,120215],"mapped",[114]],[[120216,120216],"mapped",[115]],[[120217,120217],"mapped",[116]],[[120218,120218],"mapped",[117]],[[120219,120219],"mapped",[118]],[[120220,120220],"mapped",[119]],[[120221,120221],"mapped",[120]],[[120222,120222],"mapped",[121]],[[120223,120223],"mapped",[122]],[[120224,120224],"mapped",[97]],[[120225,120225],"mapped",[98]],[[120226,120226],"mapped",[99]],[[120227,120227],"mapped",[100]],[[120228,120228],"mapped",[101]],[[120229,120229],"mapped",[102]],[[120230,120230],"mapped",[103]],[[120231,120231],"mapped",[104]],[[120232,120232],"mapped",[105]],[[120233,120233],"mapped",[106]],[[120234,120234],"mapped",[107]],[[120235,120235],"mapped",[108]],[[120236,120236],"mapped",[109]],[[120237,120237],"mapped",[110]],[[120238,120238],"mapped",[111]],[[120239,120239],"mapped",[112]],[[120240,120240],"mapped",[113]],[[120241,120241],"mapped",[114]],[[120242,120242],"mapped",[115]],[[120243,120243],"mapped",[116]],[[120244,120244],"mapped",[117]],[[120245,120245],"mapped",[118]],[[120246,120246],"mapped",[119]],[[120247,120247],"mapped",[120]],[[120248,120248],"mapped",[121]],[[120249,120249],"mapped",[122]],[[120250,120250],"mapped",[97]],[[120251,120251],"mapped",[98]],[[120252,120252],"mapped",[99]],[[120253,120253],"mapped",[100]],[[120254,120254],"mapped",[101]],[[120255,120255],"mapped",[102]],[[120256,120256],"mapped",[103]],[[120257,120257],"mapped",[104]],[[120258,120258],"mapped",[105]],[[120259,120259],"mapped",[106]],[[120260,120260],"mapped",[107]],[[120261,120261],"mapped",[108]],[[120262,120262],"mapped",[109]],[[120263,120263],"mapped",[110]],[[120264,120264],"mapped",[111]],[[120265,120265],"mapped",[112]],[[120266,120266],"mapped",[113]],[[120267,120267],"mapped",[114]],[[120268,120268],"mapped",[115]],[[120269,120269],"mapped",[116]],[[120270,120270],"mapped",[117]],[[120271,120271],"mapped",[118]],[[120272,120272],"mapped",[119]],[[120273,120273],"mapped",[120]],[[120274,120274],"mapped",[121]],[[120275,120275],"mapped",[122]],[[120276,120276],"mapped",[97]],[[120277,120277],"mapped",[98]],[[120278,120278],"mapped",[99]],[[120279,120279],"mapped",[100]],[[120280,120280],"mapped",[101]],[[120281,120281],"mapped",[102]],[[120282,120282],"mapped",[103]],[[120283,120283],"mapped",[104]],[[120284,120284],"mapped",[105]],[[120285,120285],"mapped",[106]],[[120286,120286],"mapped",[107]],[[120287,120287],"mapped",[108]],[[120288,120288],"mapped",[109]],[[120289,120289],"mapped",[110]],[[120290,120290],"mapped",[111]],[[120291,120291],"mapped",[112]],[[120292,120292],"mapped",[113]],[[120293,120293],"mapped",[114]],[[120294,120294],"mapped",[115]],[[120295,120295],"mapped",[116]],[[120296,120296],"mapped",[117]],[[120297,120297],"mapped",[118]],[[120298,120298],"mapped",[119]],[[120299,120299],"mapped",[120]],[[120300,120300],"mapped",[121]],[[120301,120301],"mapped",[122]],[[120302,120302],"mapped",[97]],[[120303,120303],"mapped",[98]],[[120304,120304],"mapped",[99]],[[120305,120305],"mapped",[100]],[[120306,120306],"mapped",[101]],[[120307,120307],"mapped",[102]],[[120308,120308],"mapped",[103]],[[120309,120309],"mapped",[104]],[[120310,120310],"mapped",[105]],[[120311,120311],"mapped",[106]],[[120312,120312],"mapped",[107]],[[120313,120313],"mapped",[108]],[[120314,120314],"mapped",[109]],[[120315,120315],"mapped",[110]],[[120316,120316],"mapped",[111]],[[120317,120317],"mapped",[112]],[[120318,120318],"mapped",[113]],[[120319,120319],"mapped",[114]],[[120320,120320],"mapped",[115]],[[120321,120321],"mapped",[116]],[[120322,120322],"mapped",[117]],[[120323,120323],"mapped",[118]],[[120324,120324],"mapped",[119]],[[120325,120325],"mapped",[120]],[[120326,120326],"mapped",[121]],[[120327,120327],"mapped",[122]],[[120328,120328],"mapped",[97]],[[120329,120329],"mapped",[98]],[[120330,120330],"mapped",[99]],[[120331,120331],"mapped",[100]],[[120332,120332],"mapped",[101]],[[120333,120333],"mapped",[102]],[[120334,120334],"mapped",[103]],[[120335,120335],"mapped",[104]],[[120336,120336],"mapped",[105]],[[120337,120337],"mapped",[106]],[[120338,120338],"mapped",[107]],[[120339,120339],"mapped",[108]],[[120340,120340],"mapped",[109]],[[120341,120341],"mapped",[110]],[[120342,120342],"mapped",[111]],[[120343,120343],"mapped",[112]],[[120344,120344],"mapped",[113]],[[120345,120345],"mapped",[114]],[[120346,120346],"mapped",[115]],[[120347,120347],"mapped",[116]],[[120348,120348],"mapped",[117]],[[120349,120349],"mapped",[118]],[[120350,120350],"mapped",[119]],[[120351,120351],"mapped",[120]],[[120352,120352],"mapped",[121]],[[120353,120353],"mapped",[122]],[[120354,120354],"mapped",[97]],[[120355,120355],"mapped",[98]],[[120356,120356],"mapped",[99]],[[120357,120357],"mapped",[100]],[[120358,120358],"mapped",[101]],[[120359,120359],"mapped",[102]],[[120360,120360],"mapped",[103]],[[120361,120361],"mapped",[104]],[[120362,120362],"mapped",[105]],[[120363,120363],"mapped",[106]],[[120364,120364],"mapped",[107]],[[120365,120365],"mapped",[108]],[[120366,120366],"mapped",[109]],[[120367,120367],"mapped",[110]],[[120368,120368],"mapped",[111]],[[120369,120369],"mapped",[112]],[[120370,120370],"mapped",[113]],[[120371,120371],"mapped",[114]],[[120372,120372],"mapped",[115]],[[120373,120373],"mapped",[116]],[[120374,120374],"mapped",[117]],[[120375,120375],"mapped",[118]],[[120376,120376],"mapped",[119]],[[120377,120377],"mapped",[120]],[[120378,120378],"mapped",[121]],[[120379,120379],"mapped",[122]],[[120380,120380],"mapped",[97]],[[120381,120381],"mapped",[98]],[[120382,120382],"mapped",[99]],[[120383,120383],"mapped",[100]],[[120384,120384],"mapped",[101]],[[120385,120385],"mapped",[102]],[[120386,120386],"mapped",[103]],[[120387,120387],"mapped",[104]],[[120388,120388],"mapped",[105]],[[120389,120389],"mapped",[106]],[[120390,120390],"mapped",[107]],[[120391,120391],"mapped",[108]],[[120392,120392],"mapped",[109]],[[120393,120393],"mapped",[110]],[[120394,120394],"mapped",[111]],[[120395,120395],"mapped",[112]],[[120396,120396],"mapped",[113]],[[120397,120397],"mapped",[114]],[[120398,120398],"mapped",[115]],[[120399,120399],"mapped",[116]],[[120400,120400],"mapped",[117]],[[120401,120401],"mapped",[118]],[[120402,120402],"mapped",[119]],[[120403,120403],"mapped",[120]],[[120404,120404],"mapped",[121]],[[120405,120405],"mapped",[122]],[[120406,120406],"mapped",[97]],[[120407,120407],"mapped",[98]],[[120408,120408],"mapped",[99]],[[120409,120409],"mapped",[100]],[[120410,120410],"mapped",[101]],[[120411,120411],"mapped",[102]],[[120412,120412],"mapped",[103]],[[120413,120413],"mapped",[104]],[[120414,120414],"mapped",[105]],[[120415,120415],"mapped",[106]],[[120416,120416],"mapped",[107]],[[120417,120417],"mapped",[108]],[[120418,120418],"mapped",[109]],[[120419,120419],"mapped",[110]],[[120420,120420],"mapped",[111]],[[120421,120421],"mapped",[112]],[[120422,120422],"mapped",[113]],[[120423,120423],"mapped",[114]],[[120424,120424],"mapped",[115]],[[120425,120425],"mapped",[116]],[[120426,120426],"mapped",[117]],[[120427,120427],"mapped",[118]],[[120428,120428],"mapped",[119]],[[120429,120429],"mapped",[120]],[[120430,120430],"mapped",[121]],[[120431,120431],"mapped",[122]],[[120432,120432],"mapped",[97]],[[120433,120433],"mapped",[98]],[[120434,120434],"mapped",[99]],[[120435,120435],"mapped",[100]],[[120436,120436],"mapped",[101]],[[120437,120437],"mapped",[102]],[[120438,120438],"mapped",[103]],[[120439,120439],"mapped",[104]],[[120440,120440],"mapped",[105]],[[120441,120441],"mapped",[106]],[[120442,120442],"mapped",[107]],[[120443,120443],"mapped",[108]],[[120444,120444],"mapped",[109]],[[120445,120445],"mapped",[110]],[[120446,120446],"mapped",[111]],[[120447,120447],"mapped",[112]],[[120448,120448],"mapped",[113]],[[120449,120449],"mapped",[114]],[[120450,120450],"mapped",[115]],[[120451,120451],"mapped",[116]],[[120452,120452],"mapped",[117]],[[120453,120453],"mapped",[118]],[[120454,120454],"mapped",[119]],[[120455,120455],"mapped",[120]],[[120456,120456],"mapped",[121]],[[120457,120457],"mapped",[122]],[[120458,120458],"mapped",[97]],[[120459,120459],"mapped",[98]],[[120460,120460],"mapped",[99]],[[120461,120461],"mapped",[100]],[[120462,120462],"mapped",[101]],[[120463,120463],"mapped",[102]],[[120464,120464],"mapped",[103]],[[120465,120465],"mapped",[104]],[[120466,120466],"mapped",[105]],[[120467,120467],"mapped",[106]],[[120468,120468],"mapped",[107]],[[120469,120469],"mapped",[108]],[[120470,120470],"mapped",[109]],[[120471,120471],"mapped",[110]],[[120472,120472],"mapped",[111]],[[120473,120473],"mapped",[112]],[[120474,120474],"mapped",[113]],[[120475,120475],"mapped",[114]],[[120476,120476],"mapped",[115]],[[120477,120477],"mapped",[116]],[[120478,120478],"mapped",[117]],[[120479,120479],"mapped",[118]],[[120480,120480],"mapped",[119]],[[120481,120481],"mapped",[120]],[[120482,120482],"mapped",[121]],[[120483,120483],"mapped",[122]],[[120484,120484],"mapped",[305]],[[120485,120485],"mapped",[567]],[[120486,120487],"disallowed"],[[120488,120488],"mapped",[945]],[[120489,120489],"mapped",[946]],[[120490,120490],"mapped",[947]],[[120491,120491],"mapped",[948]],[[120492,120492],"mapped",[949]],[[120493,120493],"mapped",[950]],[[120494,120494],"mapped",[951]],[[120495,120495],"mapped",[952]],[[120496,120496],"mapped",[953]],[[120497,120497],"mapped",[954]],[[120498,120498],"mapped",[955]],[[120499,120499],"mapped",[956]],[[120500,120500],"mapped",[957]],[[120501,120501],"mapped",[958]],[[120502,120502],"mapped",[959]],[[120503,120503],"mapped",[960]],[[120504,120504],"mapped",[961]],[[120505,120505],"mapped",[952]],[[120506,120506],"mapped",[963]],[[120507,120507],"mapped",[964]],[[120508,120508],"mapped",[965]],[[120509,120509],"mapped",[966]],[[120510,120510],"mapped",[967]],[[120511,120511],"mapped",[968]],[[120512,120512],"mapped",[969]],[[120513,120513],"mapped",[8711]],[[120514,120514],"mapped",[945]],[[120515,120515],"mapped",[946]],[[120516,120516],"mapped",[947]],[[120517,120517],"mapped",[948]],[[120518,120518],"mapped",[949]],[[120519,120519],"mapped",[950]],[[120520,120520],"mapped",[951]],[[120521,120521],"mapped",[952]],[[120522,120522],"mapped",[953]],[[120523,120523],"mapped",[954]],[[120524,120524],"mapped",[955]],[[120525,120525],"mapped",[956]],[[120526,120526],"mapped",[957]],[[120527,120527],"mapped",[958]],[[120528,120528],"mapped",[959]],[[120529,120529],"mapped",[960]],[[120530,120530],"mapped",[961]],[[120531,120532],"mapped",[963]],[[120533,120533],"mapped",[964]],[[120534,120534],"mapped",[965]],[[120535,120535],"mapped",[966]],[[120536,120536],"mapped",[967]],[[120537,120537],"mapped",[968]],[[120538,120538],"mapped",[969]],[[120539,120539],"mapped",[8706]],[[120540,120540],"mapped",[949]],[[120541,120541],"mapped",[952]],[[120542,120542],"mapped",[954]],[[120543,120543],"mapped",[966]],[[120544,120544],"mapped",[961]],[[120545,120545],"mapped",[960]],[[120546,120546],"mapped",[945]],[[120547,120547],"mapped",[946]],[[120548,120548],"mapped",[947]],[[120549,120549],"mapped",[948]],[[120550,120550],"mapped",[949]],[[120551,120551],"mapped",[950]],[[120552,120552],"mapped",[951]],[[120553,120553],"mapped",[952]],[[120554,120554],"mapped",[953]],[[120555,120555],"mapped",[954]],[[120556,120556],"mapped",[955]],[[120557,120557],"mapped",[956]],[[120558,120558],"mapped",[957]],[[120559,120559],"mapped",[958]],[[120560,120560],"mapped",[959]],[[120561,120561],"mapped",[960]],[[120562,120562],"mapped",[961]],[[120563,120563],"mapped",[952]],[[120564,120564],"mapped",[963]],[[120565,120565],"mapped",[964]],[[120566,120566],"mapped",[965]],[[120567,120567],"mapped",[966]],[[120568,120568],"mapped",[967]],[[120569,120569],"mapped",[968]],[[120570,120570],"mapped",[969]],[[120571,120571],"mapped",[8711]],[[120572,120572],"mapped",[945]],[[120573,120573],"mapped",[946]],[[120574,120574],"mapped",[947]],[[120575,120575],"mapped",[948]],[[120576,120576],"mapped",[949]],[[120577,120577],"mapped",[950]],[[120578,120578],"mapped",[951]],[[120579,120579],"mapped",[952]],[[120580,120580],"mapped",[953]],[[120581,120581],"mapped",[954]],[[120582,120582],"mapped",[955]],[[120583,120583],"mapped",[956]],[[120584,120584],"mapped",[957]],[[120585,120585],"mapped",[958]],[[120586,120586],"mapped",[959]],[[120587,120587],"mapped",[960]],[[120588,120588],"mapped",[961]],[[120589,120590],"mapped",[963]],[[120591,120591],"mapped",[964]],[[120592,120592],"mapped",[965]],[[120593,120593],"mapped",[966]],[[120594,120594],"mapped",[967]],[[120595,120595],"mapped",[968]],[[120596,120596],"mapped",[969]],[[120597,120597],"mapped",[8706]],[[120598,120598],"mapped",[949]],[[120599,120599],"mapped",[952]],[[120600,120600],"mapped",[954]],[[120601,120601],"mapped",[966]],[[120602,120602],"mapped",[961]],[[120603,120603],"mapped",[960]],[[120604,120604],"mapped",[945]],[[120605,120605],"mapped",[946]],[[120606,120606],"mapped",[947]],[[120607,120607],"mapped",[948]],[[120608,120608],"mapped",[949]],[[120609,120609],"mapped",[950]],[[120610,120610],"mapped",[951]],[[120611,120611],"mapped",[952]],[[120612,120612],"mapped",[953]],[[120613,120613],"mapped",[954]],[[120614,120614],"mapped",[955]],[[120615,120615],"mapped",[956]],[[120616,120616],"mapped",[957]],[[120617,120617],"mapped",[958]],[[120618,120618],"mapped",[959]],[[120619,120619],"mapped",[960]],[[120620,120620],"mapped",[961]],[[120621,120621],"mapped",[952]],[[120622,120622],"mapped",[963]],[[120623,120623],"mapped",[964]],[[120624,120624],"mapped",[965]],[[120625,120625],"mapped",[966]],[[120626,120626],"mapped",[967]],[[120627,120627],"mapped",[968]],[[120628,120628],"mapped",[969]],[[120629,120629],"mapped",[8711]],[[120630,120630],"mapped",[945]],[[120631,120631],"mapped",[946]],[[120632,120632],"mapped",[947]],[[120633,120633],"mapped",[948]],[[120634,120634],"mapped",[949]],[[120635,120635],"mapped",[950]],[[120636,120636],"mapped",[951]],[[120637,120637],"mapped",[952]],[[120638,120638],"mapped",[953]],[[120639,120639],"mapped",[954]],[[120640,120640],"mapped",[955]],[[120641,120641],"mapped",[956]],[[120642,120642],"mapped",[957]],[[120643,120643],"mapped",[958]],[[120644,120644],"mapped",[959]],[[120645,120645],"mapped",[960]],[[120646,120646],"mapped",[961]],[[120647,120648],"mapped",[963]],[[120649,120649],"mapped",[964]],[[120650,120650],"mapped",[965]],[[120651,120651],"mapped",[966]],[[120652,120652],"mapped",[967]],[[120653,120653],"mapped",[968]],[[120654,120654],"mapped",[969]],[[120655,120655],"mapped",[8706]],[[120656,120656],"mapped",[949]],[[120657,120657],"mapped",[952]],[[120658,120658],"mapped",[954]],[[120659,120659],"mapped",[966]],[[120660,120660],"mapped",[961]],[[120661,120661],"mapped",[960]],[[120662,120662],"mapped",[945]],[[120663,120663],"mapped",[946]],[[120664,120664],"mapped",[947]],[[120665,120665],"mapped",[948]],[[120666,120666],"mapped",[949]],[[120667,120667],"mapped",[950]],[[120668,120668],"mapped",[951]],[[120669,120669],"mapped",[952]],[[120670,120670],"mapped",[953]],[[120671,120671],"mapped",[954]],[[120672,120672],"mapped",[955]],[[120673,120673],"mapped",[956]],[[120674,120674],"mapped",[957]],[[120675,120675],"mapped",[958]],[[120676,120676],"mapped",[959]],[[120677,120677],"mapped",[960]],[[120678,120678],"mapped",[961]],[[120679,120679],"mapped",[952]],[[120680,120680],"mapped",[963]],[[120681,120681],"mapped",[964]],[[120682,120682],"mapped",[965]],[[120683,120683],"mapped",[966]],[[120684,120684],"mapped",[967]],[[120685,120685],"mapped",[968]],[[120686,120686],"mapped",[969]],[[120687,120687],"mapped",[8711]],[[120688,120688],"mapped",[945]],[[120689,120689],"mapped",[946]],[[120690,120690],"mapped",[947]],[[120691,120691],"mapped",[948]],[[120692,120692],"mapped",[949]],[[120693,120693],"mapped",[950]],[[120694,120694],"mapped",[951]],[[120695,120695],"mapped",[952]],[[120696,120696],"mapped",[953]],[[120697,120697],"mapped",[954]],[[120698,120698],"mapped",[955]],[[120699,120699],"mapped",[956]],[[120700,120700],"mapped",[957]],[[120701,120701],"mapped",[958]],[[120702,120702],"mapped",[959]],[[120703,120703],"mapped",[960]],[[120704,120704],"mapped",[961]],[[120705,120706],"mapped",[963]],[[120707,120707],"mapped",[964]],[[120708,120708],"mapped",[965]],[[120709,120709],"mapped",[966]],[[120710,120710],"mapped",[967]],[[120711,120711],"mapped",[968]],[[120712,120712],"mapped",[969]],[[120713,120713],"mapped",[8706]],[[120714,120714],"mapped",[949]],[[120715,120715],"mapped",[952]],[[120716,120716],"mapped",[954]],[[120717,120717],"mapped",[966]],[[120718,120718],"mapped",[961]],[[120719,120719],"mapped",[960]],[[120720,120720],"mapped",[945]],[[120721,120721],"mapped",[946]],[[120722,120722],"mapped",[947]],[[120723,120723],"mapped",[948]],[[120724,120724],"mapped",[949]],[[120725,120725],"mapped",[950]],[[120726,120726],"mapped",[951]],[[120727,120727],"mapped",[952]],[[120728,120728],"mapped",[953]],[[120729,120729],"mapped",[954]],[[120730,120730],"mapped",[955]],[[120731,120731],"mapped",[956]],[[120732,120732],"mapped",[957]],[[120733,120733],"mapped",[958]],[[120734,120734],"mapped",[959]],[[120735,120735],"mapped",[960]],[[120736,120736],"mapped",[961]],[[120737,120737],"mapped",[952]],[[120738,120738],"mapped",[963]],[[120739,120739],"mapped",[964]],[[120740,120740],"mapped",[965]],[[120741,120741],"mapped",[966]],[[120742,120742],"mapped",[967]],[[120743,120743],"mapped",[968]],[[120744,120744],"mapped",[969]],[[120745,120745],"mapped",[8711]],[[120746,120746],"mapped",[945]],[[120747,120747],"mapped",[946]],[[120748,120748],"mapped",[947]],[[120749,120749],"mapped",[948]],[[120750,120750],"mapped",[949]],[[120751,120751],"mapped",[950]],[[120752,120752],"mapped",[951]],[[120753,120753],"mapped",[952]],[[120754,120754],"mapped",[953]],[[120755,120755],"mapped",[954]],[[120756,120756],"mapped",[955]],[[120757,120757],"mapped",[956]],[[120758,120758],"mapped",[957]],[[120759,120759],"mapped",[958]],[[120760,120760],"mapped",[959]],[[120761,120761],"mapped",[960]],[[120762,120762],"mapped",[961]],[[120763,120764],"mapped",[963]],[[120765,120765],"mapped",[964]],[[120766,120766],"mapped",[965]],[[120767,120767],"mapped",[966]],[[120768,120768],"mapped",[967]],[[120769,120769],"mapped",[968]],[[120770,120770],"mapped",[969]],[[120771,120771],"mapped",[8706]],[[120772,120772],"mapped",[949]],[[120773,120773],"mapped",[952]],[[120774,120774],"mapped",[954]],[[120775,120775],"mapped",[966]],[[120776,120776],"mapped",[961]],[[120777,120777],"mapped",[960]],[[120778,120779],"mapped",[989]],[[120780,120781],"disallowed"],[[120782,120782],"mapped",[48]],[[120783,120783],"mapped",[49]],[[120784,120784],"mapped",[50]],[[120785,120785],"mapped",[51]],[[120786,120786],"mapped",[52]],[[120787,120787],"mapped",[53]],[[120788,120788],"mapped",[54]],[[120789,120789],"mapped",[55]],[[120790,120790],"mapped",[56]],[[120791,120791],"mapped",[57]],[[120792,120792],"mapped",[48]],[[120793,120793],"mapped",[49]],[[120794,120794],"mapped",[50]],[[120795,120795],"mapped",[51]],[[120796,120796],"mapped",[52]],[[120797,120797],"mapped",[53]],[[120798,120798],"mapped",[54]],[[120799,120799],"mapped",[55]],[[120800,120800],"mapped",[56]],[[120801,120801],"mapped",[57]],[[120802,120802],"mapped",[48]],[[120803,120803],"mapped",[49]],[[120804,120804],"mapped",[50]],[[120805,120805],"mapped",[51]],[[120806,120806],"mapped",[52]],[[120807,120807],"mapped",[53]],[[120808,120808],"mapped",[54]],[[120809,120809],"mapped",[55]],[[120810,120810],"mapped",[56]],[[120811,120811],"mapped",[57]],[[120812,120812],"mapped",[48]],[[120813,120813],"mapped",[49]],[[120814,120814],"mapped",[50]],[[120815,120815],"mapped",[51]],[[120816,120816],"mapped",[52]],[[120817,120817],"mapped",[53]],[[120818,120818],"mapped",[54]],[[120819,120819],"mapped",[55]],[[120820,120820],"mapped",[56]],[[120821,120821],"mapped",[57]],[[120822,120822],"mapped",[48]],[[120823,120823],"mapped",[49]],[[120824,120824],"mapped",[50]],[[120825,120825],"mapped",[51]],[[120826,120826],"mapped",[52]],[[120827,120827],"mapped",[53]],[[120828,120828],"mapped",[54]],[[120829,120829],"mapped",[55]],[[120830,120830],"mapped",[56]],[[120831,120831],"mapped",[57]],[[120832,121343],"valid",[],"NV8"],[[121344,121398],"valid"],[[121399,121402],"valid",[],"NV8"],[[121403,121452],"valid"],[[121453,121460],"valid",[],"NV8"],[[121461,121461],"valid"],[[121462,121475],"valid",[],"NV8"],[[121476,121476],"valid"],[[121477,121483],"valid",[],"NV8"],[[121484,121498],"disallowed"],[[121499,121503],"valid"],[[121504,121504],"disallowed"],[[121505,121519],"valid"],[[121520,124927],"disallowed"],[[124928,125124],"valid"],[[125125,125126],"disallowed"],[[125127,125135],"valid",[],"NV8"],[[125136,125142],"valid"],[[125143,126463],"disallowed"],[[126464,126464],"mapped",[1575]],[[126465,126465],"mapped",[1576]],[[126466,126466],"mapped",[1580]],[[126467,126467],"mapped",[1583]],[[126468,126468],"disallowed"],[[126469,126469],"mapped",[1608]],[[126470,126470],"mapped",[1586]],[[126471,126471],"mapped",[1581]],[[126472,126472],"mapped",[1591]],[[126473,126473],"mapped",[1610]],[[126474,126474],"mapped",[1603]],[[126475,126475],"mapped",[1604]],[[126476,126476],"mapped",[1605]],[[126477,126477],"mapped",[1606]],[[126478,126478],"mapped",[1587]],[[126479,126479],"mapped",[1593]],[[126480,126480],"mapped",[1601]],[[126481,126481],"mapped",[1589]],[[126482,126482],"mapped",[1602]],[[126483,126483],"mapped",[1585]],[[126484,126484],"mapped",[1588]],[[126485,126485],"mapped",[1578]],[[126486,126486],"mapped",[1579]],[[126487,126487],"mapped",[1582]],[[126488,126488],"mapped",[1584]],[[126489,126489],"mapped",[1590]],[[126490,126490],"mapped",[1592]],[[126491,126491],"mapped",[1594]],[[126492,126492],"mapped",[1646]],[[126493,126493],"mapped",[1722]],[[126494,126494],"mapped",[1697]],[[126495,126495],"mapped",[1647]],[[126496,126496],"disallowed"],[[126497,126497],"mapped",[1576]],[[126498,126498],"mapped",[1580]],[[126499,126499],"disallowed"],[[126500,126500],"mapped",[1607]],[[126501,126502],"disallowed"],[[126503,126503],"mapped",[1581]],[[126504,126504],"disallowed"],[[126505,126505],"mapped",[1610]],[[126506,126506],"mapped",[1603]],[[126507,126507],"mapped",[1604]],[[126508,126508],"mapped",[1605]],[[126509,126509],"mapped",[1606]],[[126510,126510],"mapped",[1587]],[[126511,126511],"mapped",[1593]],[[126512,126512],"mapped",[1601]],[[126513,126513],"mapped",[1589]],[[126514,126514],"mapped",[1602]],[[126515,126515],"disallowed"],[[126516,126516],"mapped",[1588]],[[126517,126517],"mapped",[1578]],[[126518,126518],"mapped",[1579]],[[126519,126519],"mapped",[1582]],[[126520,126520],"disallowed"],[[126521,126521],"mapped",[1590]],[[126522,126522],"disallowed"],[[126523,126523],"mapped",[1594]],[[126524,126529],"disallowed"],[[126530,126530],"mapped",[1580]],[[126531,126534],"disallowed"],[[126535,126535],"mapped",[1581]],[[126536,126536],"disallowed"],[[126537,126537],"mapped",[1610]],[[126538,126538],"disallowed"],[[126539,126539],"mapped",[1604]],[[126540,126540],"disallowed"],[[126541,126541],"mapped",[1606]],[[126542,126542],"mapped",[1587]],[[126543,126543],"mapped",[1593]],[[126544,126544],"disallowed"],[[126545,126545],"mapped",[1589]],[[126546,126546],"mapped",[1602]],[[126547,126547],"disallowed"],[[126548,126548],"mapped",[1588]],[[126549,126550],"disallowed"],[[126551,126551],"mapped",[1582]],[[126552,126552],"disallowed"],[[126553,126553],"mapped",[1590]],[[126554,126554],"disallowed"],[[126555,126555],"mapped",[1594]],[[126556,126556],"disallowed"],[[126557,126557],"mapped",[1722]],[[126558,126558],"disallowed"],[[126559,126559],"mapped",[1647]],[[126560,126560],"disallowed"],[[126561,126561],"mapped",[1576]],[[126562,126562],"mapped",[1580]],[[126563,126563],"disallowed"],[[126564,126564],"mapped",[1607]],[[126565,126566],"disallowed"],[[126567,126567],"mapped",[1581]],[[126568,126568],"mapped",[1591]],[[126569,126569],"mapped",[1610]],[[126570,126570],"mapped",[1603]],[[126571,126571],"disallowed"],[[126572,126572],"mapped",[1605]],[[126573,126573],"mapped",[1606]],[[126574,126574],"mapped",[1587]],[[126575,126575],"mapped",[1593]],[[126576,126576],"mapped",[1601]],[[126577,126577],"mapped",[1589]],[[126578,126578],"mapped",[1602]],[[126579,126579],"disallowed"],[[126580,126580],"mapped",[1588]],[[126581,126581],"mapped",[1578]],[[126582,126582],"mapped",[1579]],[[126583,126583],"mapped",[1582]],[[126584,126584],"disallowed"],[[126585,126585],"mapped",[1590]],[[126586,126586],"mapped",[1592]],[[126587,126587],"mapped",[1594]],[[126588,126588],"mapped",[1646]],[[126589,126589],"disallowed"],[[126590,126590],"mapped",[1697]],[[126591,126591],"disallowed"],[[126592,126592],"mapped",[1575]],[[126593,126593],"mapped",[1576]],[[126594,126594],"mapped",[1580]],[[126595,126595],"mapped",[1583]],[[126596,126596],"mapped",[1607]],[[126597,126597],"mapped",[1608]],[[126598,126598],"mapped",[1586]],[[126599,126599],"mapped",[1581]],[[126600,126600],"mapped",[1591]],[[126601,126601],"mapped",[1610]],[[126602,126602],"disallowed"],[[126603,126603],"mapped",[1604]],[[126604,126604],"mapped",[1605]],[[126605,126605],"mapped",[1606]],[[126606,126606],"mapped",[1587]],[[126607,126607],"mapped",[1593]],[[126608,126608],"mapped",[1601]],[[126609,126609],"mapped",[1589]],[[126610,126610],"mapped",[1602]],[[126611,126611],"mapped",[1585]],[[126612,126612],"mapped",[1588]],[[126613,126613],"mapped",[1578]],[[126614,126614],"mapped",[1579]],[[126615,126615],"mapped",[1582]],[[126616,126616],"mapped",[1584]],[[126617,126617],"mapped",[1590]],[[126618,126618],"mapped",[1592]],[[126619,126619],"mapped",[1594]],[[126620,126624],"disallowed"],[[126625,126625],"mapped",[1576]],[[126626,126626],"mapped",[1580]],[[126627,126627],"mapped",[1583]],[[126628,126628],"disallowed"],[[126629,126629],"mapped",[1608]],[[126630,126630],"mapped",[1586]],[[126631,126631],"mapped",[1581]],[[126632,126632],"mapped",[1591]],[[126633,126633],"mapped",[1610]],[[126634,126634],"disallowed"],[[126635,126635],"mapped",[1604]],[[126636,126636],"mapped",[1605]],[[126637,126637],"mapped",[1606]],[[126638,126638],"mapped",[1587]],[[126639,126639],"mapped",[1593]],[[126640,126640],"mapped",[1601]],[[126641,126641],"mapped",[1589]],[[126642,126642],"mapped",[1602]],[[126643,126643],"mapped",[1585]],[[126644,126644],"mapped",[1588]],[[126645,126645],"mapped",[1578]],[[126646,126646],"mapped",[1579]],[[126647,126647],"mapped",[1582]],[[126648,126648],"mapped",[1584]],[[126649,126649],"mapped",[1590]],[[126650,126650],"mapped",[1592]],[[126651,126651],"mapped",[1594]],[[126652,126703],"disallowed"],[[126704,126705],"valid",[],"NV8"],[[126706,126975],"disallowed"],[[126976,127019],"valid",[],"NV8"],[[127020,127023],"disallowed"],[[127024,127123],"valid",[],"NV8"],[[127124,127135],"disallowed"],[[127136,127150],"valid",[],"NV8"],[[127151,127152],"disallowed"],[[127153,127166],"valid",[],"NV8"],[[127167,127167],"valid",[],"NV8"],[[127168,127168],"disallowed"],[[127169,127183],"valid",[],"NV8"],[[127184,127184],"disallowed"],[[127185,127199],"valid",[],"NV8"],[[127200,127221],"valid",[],"NV8"],[[127222,127231],"disallowed"],[[127232,127232],"disallowed"],[[127233,127233],"disallowed_STD3_mapped",[48,44]],[[127234,127234],"disallowed_STD3_mapped",[49,44]],[[127235,127235],"disallowed_STD3_mapped",[50,44]],[[127236,127236],"disallowed_STD3_mapped",[51,44]],[[127237,127237],"disallowed_STD3_mapped",[52,44]],[[127238,127238],"disallowed_STD3_mapped",[53,44]],[[127239,127239],"disallowed_STD3_mapped",[54,44]],[[127240,127240],"disallowed_STD3_mapped",[55,44]],[[127241,127241],"disallowed_STD3_mapped",[56,44]],[[127242,127242],"disallowed_STD3_mapped",[57,44]],[[127243,127244],"valid",[],"NV8"],[[127245,127247],"disallowed"],[[127248,127248],"disallowed_STD3_mapped",[40,97,41]],[[127249,127249],"disallowed_STD3_mapped",[40,98,41]],[[127250,127250],"disallowed_STD3_mapped",[40,99,41]],[[127251,127251],"disallowed_STD3_mapped",[40,100,41]],[[127252,127252],"disallowed_STD3_mapped",[40,101,41]],[[127253,127253],"disallowed_STD3_mapped",[40,102,41]],[[127254,127254],"disallowed_STD3_mapped",[40,103,41]],[[127255,127255],"disallowed_STD3_mapped",[40,104,41]],[[127256,127256],"disallowed_STD3_mapped",[40,105,41]],[[127257,127257],"disallowed_STD3_mapped",[40,106,41]],[[127258,127258],"disallowed_STD3_mapped",[40,107,41]],[[127259,127259],"disallowed_STD3_mapped",[40,108,41]],[[127260,127260],"disallowed_STD3_mapped",[40,109,41]],[[127261,127261],"disallowed_STD3_mapped",[40,110,41]],[[127262,127262],"disallowed_STD3_mapped",[40,111,41]],[[127263,127263],"disallowed_STD3_mapped",[40,112,41]],[[127264,127264],"disallowed_STD3_mapped",[40,113,41]],[[127265,127265],"disallowed_STD3_mapped",[40,114,41]],[[127266,127266],"disallowed_STD3_mapped",[40,115,41]],[[127267,127267],"disallowed_STD3_mapped",[40,116,41]],[[127268,127268],"disallowed_STD3_mapped",[40,117,41]],[[127269,127269],"disallowed_STD3_mapped",[40,118,41]],[[127270,127270],"disallowed_STD3_mapped",[40,119,41]],[[127271,127271],"disallowed_STD3_mapped",[40,120,41]],[[127272,127272],"disallowed_STD3_mapped",[40,121,41]],[[127273,127273],"disallowed_STD3_mapped",[40,122,41]],[[127274,127274],"mapped",[12308,115,12309]],[[127275,127275],"mapped",[99]],[[127276,127276],"mapped",[114]],[[127277,127277],"mapped",[99,100]],[[127278,127278],"mapped",[119,122]],[[127279,127279],"disallowed"],[[127280,127280],"mapped",[97]],[[127281,127281],"mapped",[98]],[[127282,127282],"mapped",[99]],[[127283,127283],"mapped",[100]],[[127284,127284],"mapped",[101]],[[127285,127285],"mapped",[102]],[[127286,127286],"mapped",[103]],[[127287,127287],"mapped",[104]],[[127288,127288],"mapped",[105]],[[127289,127289],"mapped",[106]],[[127290,127290],"mapped",[107]],[[127291,127291],"mapped",[108]],[[127292,127292],"mapped",[109]],[[127293,127293],"mapped",[110]],[[127294,127294],"mapped",[111]],[[127295,127295],"mapped",[112]],[[127296,127296],"mapped",[113]],[[127297,127297],"mapped",[114]],[[127298,127298],"mapped",[115]],[[127299,127299],"mapped",[116]],[[127300,127300],"mapped",[117]],[[127301,127301],"mapped",[118]],[[127302,127302],"mapped",[119]],[[127303,127303],"mapped",[120]],[[127304,127304],"mapped",[121]],[[127305,127305],"mapped",[122]],[[127306,127306],"mapped",[104,118]],[[127307,127307],"mapped",[109,118]],[[127308,127308],"mapped",[115,100]],[[127309,127309],"mapped",[115,115]],[[127310,127310],"mapped",[112,112,118]],[[127311,127311],"mapped",[119,99]],[[127312,127318],"valid",[],"NV8"],[[127319,127319],"valid",[],"NV8"],[[127320,127326],"valid",[],"NV8"],[[127327,127327],"valid",[],"NV8"],[[127328,127337],"valid",[],"NV8"],[[127338,127338],"mapped",[109,99]],[[127339,127339],"mapped",[109,100]],[[127340,127343],"disallowed"],[[127344,127352],"valid",[],"NV8"],[[127353,127353],"valid",[],"NV8"],[[127354,127354],"valid",[],"NV8"],[[127355,127356],"valid",[],"NV8"],[[127357,127358],"valid",[],"NV8"],[[127359,127359],"valid",[],"NV8"],[[127360,127369],"valid",[],"NV8"],[[127370,127373],"valid",[],"NV8"],[[127374,127375],"valid",[],"NV8"],[[127376,127376],"mapped",[100,106]],[[127377,127386],"valid",[],"NV8"],[[127387,127461],"disallowed"],[[127462,127487],"valid",[],"NV8"],[[127488,127488],"mapped",[12411,12363]],[[127489,127489],"mapped",[12467,12467]],[[127490,127490],"mapped",[12469]],[[127491,127503],"disallowed"],[[127504,127504],"mapped",[25163]],[[127505,127505],"mapped",[23383]],[[127506,127506],"mapped",[21452]],[[127507,127507],"mapped",[12487]],[[127508,127508],"mapped",[20108]],[[127509,127509],"mapped",[22810]],[[127510,127510],"mapped",[35299]],[[127511,127511],"mapped",[22825]],[[127512,127512],"mapped",[20132]],[[127513,127513],"mapped",[26144]],[[127514,127514],"mapped",[28961]],[[127515,127515],"mapped",[26009]],[[127516,127516],"mapped",[21069]],[[127517,127517],"mapped",[24460]],[[127518,127518],"mapped",[20877]],[[127519,127519],"mapped",[26032]],[[127520,127520],"mapped",[21021]],[[127521,127521],"mapped",[32066]],[[127522,127522],"mapped",[29983]],[[127523,127523],"mapped",[36009]],[[127524,127524],"mapped",[22768]],[[127525,127525],"mapped",[21561]],[[127526,127526],"mapped",[28436]],[[127527,127527],"mapped",[25237]],[[127528,127528],"mapped",[25429]],[[127529,127529],"mapped",[19968]],[[127530,127530],"mapped",[19977]],[[127531,127531],"mapped",[36938]],[[127532,127532],"mapped",[24038]],[[127533,127533],"mapped",[20013]],[[127534,127534],"mapped",[21491]],[[127535,127535],"mapped",[25351]],[[127536,127536],"mapped",[36208]],[[127537,127537],"mapped",[25171]],[[127538,127538],"mapped",[31105]],[[127539,127539],"mapped",[31354]],[[127540,127540],"mapped",[21512]],[[127541,127541],"mapped",[28288]],[[127542,127542],"mapped",[26377]],[[127543,127543],"mapped",[26376]],[[127544,127544],"mapped",[30003]],[[127545,127545],"mapped",[21106]],[[127546,127546],"mapped",[21942]],[[127547,127551],"disallowed"],[[127552,127552],"mapped",[12308,26412,12309]],[[127553,127553],"mapped",[12308,19977,12309]],[[127554,127554],"mapped",[12308,20108,12309]],[[127555,127555],"mapped",[12308,23433,12309]],[[127556,127556],"mapped",[12308,28857,12309]],[[127557,127557],"mapped",[12308,25171,12309]],[[127558,127558],"mapped",[12308,30423,12309]],[[127559,127559],"mapped",[12308,21213,12309]],[[127560,127560],"mapped",[12308,25943,12309]],[[127561,127567],"disallowed"],[[127568,127568],"mapped",[24471]],[[127569,127569],"mapped",[21487]],[[127570,127743],"disallowed"],[[127744,127776],"valid",[],"NV8"],[[127777,127788],"valid",[],"NV8"],[[127789,127791],"valid",[],"NV8"],[[127792,127797],"valid",[],"NV8"],[[127798,127798],"valid",[],"NV8"],[[127799,127868],"valid",[],"NV8"],[[127869,127869],"valid",[],"NV8"],[[127870,127871],"valid",[],"NV8"],[[127872,127891],"valid",[],"NV8"],[[127892,127903],"valid",[],"NV8"],[[127904,127940],"valid",[],"NV8"],[[127941,127941],"valid",[],"NV8"],[[127942,127946],"valid",[],"NV8"],[[127947,127950],"valid",[],"NV8"],[[127951,127955],"valid",[],"NV8"],[[127956,127967],"valid",[],"NV8"],[[127968,127984],"valid",[],"NV8"],[[127985,127991],"valid",[],"NV8"],[[127992,127999],"valid",[],"NV8"],[[128000,128062],"valid",[],"NV8"],[[128063,128063],"valid",[],"NV8"],[[128064,128064],"valid",[],"NV8"],[[128065,128065],"valid",[],"NV8"],[[128066,128247],"valid",[],"NV8"],[[128248,128248],"valid",[],"NV8"],[[128249,128252],"valid",[],"NV8"],[[128253,128254],"valid",[],"NV8"],[[128255,128255],"valid",[],"NV8"],[[128256,128317],"valid",[],"NV8"],[[128318,128319],"valid",[],"NV8"],[[128320,128323],"valid",[],"NV8"],[[128324,128330],"valid",[],"NV8"],[[128331,128335],"valid",[],"NV8"],[[128336,128359],"valid",[],"NV8"],[[128360,128377],"valid",[],"NV8"],[[128378,128378],"disallowed"],[[128379,128419],"valid",[],"NV8"],[[128420,128420],"disallowed"],[[128421,128506],"valid",[],"NV8"],[[128507,128511],"valid",[],"NV8"],[[128512,128512],"valid",[],"NV8"],[[128513,128528],"valid",[],"NV8"],[[128529,128529],"valid",[],"NV8"],[[128530,128532],"valid",[],"NV8"],[[128533,128533],"valid",[],"NV8"],[[128534,128534],"valid",[],"NV8"],[[128535,128535],"valid",[],"NV8"],[[128536,128536],"valid",[],"NV8"],[[128537,128537],"valid",[],"NV8"],[[128538,128538],"valid",[],"NV8"],[[128539,128539],"valid",[],"NV8"],[[128540,128542],"valid",[],"NV8"],[[128543,128543],"valid",[],"NV8"],[[128544,128549],"valid",[],"NV8"],[[128550,128551],"valid",[],"NV8"],[[128552,128555],"valid",[],"NV8"],[[128556,128556],"valid",[],"NV8"],[[128557,128557],"valid",[],"NV8"],[[128558,128559],"valid",[],"NV8"],[[128560,128563],"valid",[],"NV8"],[[128564,128564],"valid",[],"NV8"],[[128565,128576],"valid",[],"NV8"],[[128577,128578],"valid",[],"NV8"],[[128579,128580],"valid",[],"NV8"],[[128581,128591],"valid",[],"NV8"],[[128592,128639],"valid",[],"NV8"],[[128640,128709],"valid",[],"NV8"],[[128710,128719],"valid",[],"NV8"],[[128720,128720],"valid",[],"NV8"],[[128721,128735],"disallowed"],[[128736,128748],"valid",[],"NV8"],[[128749,128751],"disallowed"],[[128752,128755],"valid",[],"NV8"],[[128756,128767],"disallowed"],[[128768,128883],"valid",[],"NV8"],[[128884,128895],"disallowed"],[[128896,128980],"valid",[],"NV8"],[[128981,129023],"disallowed"],[[129024,129035],"valid",[],"NV8"],[[129036,129039],"disallowed"],[[129040,129095],"valid",[],"NV8"],[[129096,129103],"disallowed"],[[129104,129113],"valid",[],"NV8"],[[129114,129119],"disallowed"],[[129120,129159],"valid",[],"NV8"],[[129160,129167],"disallowed"],[[129168,129197],"valid",[],"NV8"],[[129198,129295],"disallowed"],[[129296,129304],"valid",[],"NV8"],[[129305,129407],"disallowed"],[[129408,129412],"valid",[],"NV8"],[[129413,129471],"disallowed"],[[129472,129472],"valid",[],"NV8"],[[129473,131069],"disallowed"],[[131070,131071],"disallowed"],[[131072,173782],"valid"],[[173783,173823],"disallowed"],[[173824,177972],"valid"],[[177973,177983],"disallowed"],[[177984,178205],"valid"],[[178206,178207],"disallowed"],[[178208,183969],"valid"],[[183970,194559],"disallowed"],[[194560,194560],"mapped",[20029]],[[194561,194561],"mapped",[20024]],[[194562,194562],"mapped",[20033]],[[194563,194563],"mapped",[131362]],[[194564,194564],"mapped",[20320]],[[194565,194565],"mapped",[20398]],[[194566,194566],"mapped",[20411]],[[194567,194567],"mapped",[20482]],[[194568,194568],"mapped",[20602]],[[194569,194569],"mapped",[20633]],[[194570,194570],"mapped",[20711]],[[194571,194571],"mapped",[20687]],[[194572,194572],"mapped",[13470]],[[194573,194573],"mapped",[132666]],[[194574,194574],"mapped",[20813]],[[194575,194575],"mapped",[20820]],[[194576,194576],"mapped",[20836]],[[194577,194577],"mapped",[20855]],[[194578,194578],"mapped",[132380]],[[194579,194579],"mapped",[13497]],[[194580,194580],"mapped",[20839]],[[194581,194581],"mapped",[20877]],[[194582,194582],"mapped",[132427]],[[194583,194583],"mapped",[20887]],[[194584,194584],"mapped",[20900]],[[194585,194585],"mapped",[20172]],[[194586,194586],"mapped",[20908]],[[194587,194587],"mapped",[20917]],[[194588,194588],"mapped",[168415]],[[194589,194589],"mapped",[20981]],[[194590,194590],"mapped",[20995]],[[194591,194591],"mapped",[13535]],[[194592,194592],"mapped",[21051]],[[194593,194593],"mapped",[21062]],[[194594,194594],"mapped",[21106]],[[194595,194595],"mapped",[21111]],[[194596,194596],"mapped",[13589]],[[194597,194597],"mapped",[21191]],[[194598,194598],"mapped",[21193]],[[194599,194599],"mapped",[21220]],[[194600,194600],"mapped",[21242]],[[194601,194601],"mapped",[21253]],[[194602,194602],"mapped",[21254]],[[194603,194603],"mapped",[21271]],[[194604,194604],"mapped",[21321]],[[194605,194605],"mapped",[21329]],[[194606,194606],"mapped",[21338]],[[194607,194607],"mapped",[21363]],[[194608,194608],"mapped",[21373]],[[194609,194611],"mapped",[21375]],[[194612,194612],"mapped",[133676]],[[194613,194613],"mapped",[28784]],[[194614,194614],"mapped",[21450]],[[194615,194615],"mapped",[21471]],[[194616,194616],"mapped",[133987]],[[194617,194617],"mapped",[21483]],[[194618,194618],"mapped",[21489]],[[194619,194619],"mapped",[21510]],[[194620,194620],"mapped",[21662]],[[194621,194621],"mapped",[21560]],[[194622,194622],"mapped",[21576]],[[194623,194623],"mapped",[21608]],[[194624,194624],"mapped",[21666]],[[194625,194625],"mapped",[21750]],[[194626,194626],"mapped",[21776]],[[194627,194627],"mapped",[21843]],[[194628,194628],"mapped",[21859]],[[194629,194630],"mapped",[21892]],[[194631,194631],"mapped",[21913]],[[194632,194632],"mapped",[21931]],[[194633,194633],"mapped",[21939]],[[194634,194634],"mapped",[21954]],[[194635,194635],"mapped",[22294]],[[194636,194636],"mapped",[22022]],[[194637,194637],"mapped",[22295]],[[194638,194638],"mapped",[22097]],[[194639,194639],"mapped",[22132]],[[194640,194640],"mapped",[20999]],[[194641,194641],"mapped",[22766]],[[194642,194642],"mapped",[22478]],[[194643,194643],"mapped",[22516]],[[194644,194644],"mapped",[22541]],[[194645,194645],"mapped",[22411]],[[194646,194646],"mapped",[22578]],[[194647,194647],"mapped",[22577]],[[194648,194648],"mapped",[22700]],[[194649,194649],"mapped",[136420]],[[194650,194650],"mapped",[22770]],[[194651,194651],"mapped",[22775]],[[194652,194652],"mapped",[22790]],[[194653,194653],"mapped",[22810]],[[194654,194654],"mapped",[22818]],[[194655,194655],"mapped",[22882]],[[194656,194656],"mapped",[136872]],[[194657,194657],"mapped",[136938]],[[194658,194658],"mapped",[23020]],[[194659,194659],"mapped",[23067]],[[194660,194660],"mapped",[23079]],[[194661,194661],"mapped",[23000]],[[194662,194662],"mapped",[23142]],[[194663,194663],"mapped",[14062]],[[194664,194664],"disallowed"],[[194665,194665],"mapped",[23304]],[[194666,194667],"mapped",[23358]],[[194668,194668],"mapped",[137672]],[[194669,194669],"mapped",[23491]],[[194670,194670],"mapped",[23512]],[[194671,194671],"mapped",[23527]],[[194672,194672],"mapped",[23539]],[[194673,194673],"mapped",[138008]],[[194674,194674],"mapped",[23551]],[[194675,194675],"mapped",[23558]],[[194676,194676],"disallowed"],[[194677,194677],"mapped",[23586]],[[194678,194678],"mapped",[14209]],[[194679,194679],"mapped",[23648]],[[194680,194680],"mapped",[23662]],[[194681,194681],"mapped",[23744]],[[194682,194682],"mapped",[23693]],[[194683,194683],"mapped",[138724]],[[194684,194684],"mapped",[23875]],[[194685,194685],"mapped",[138726]],[[194686,194686],"mapped",[23918]],[[194687,194687],"mapped",[23915]],[[194688,194688],"mapped",[23932]],[[194689,194689],"mapped",[24033]],[[194690,194690],"mapped",[24034]],[[194691,194691],"mapped",[14383]],[[194692,194692],"mapped",[24061]],[[194693,194693],"mapped",[24104]],[[194694,194694],"mapped",[24125]],[[194695,194695],"mapped",[24169]],[[194696,194696],"mapped",[14434]],[[194697,194697],"mapped",[139651]],[[194698,194698],"mapped",[14460]],[[194699,194699],"mapped",[24240]],[[194700,194700],"mapped",[24243]],[[194701,194701],"mapped",[24246]],[[194702,194702],"mapped",[24266]],[[194703,194703],"mapped",[172946]],[[194704,194704],"mapped",[24318]],[[194705,194706],"mapped",[140081]],[[194707,194707],"mapped",[33281]],[[194708,194709],"mapped",[24354]],[[194710,194710],"mapped",[14535]],[[194711,194711],"mapped",[144056]],[[194712,194712],"mapped",[156122]],[[194713,194713],"mapped",[24418]],[[194714,194714],"mapped",[24427]],[[194715,194715],"mapped",[14563]],[[194716,194716],"mapped",[24474]],[[194717,194717],"mapped",[24525]],[[194718,194718],"mapped",[24535]],[[194719,194719],"mapped",[24569]],[[194720,194720],"mapped",[24705]],[[194721,194721],"mapped",[14650]],[[194722,194722],"mapped",[14620]],[[194723,194723],"mapped",[24724]],[[194724,194724],"mapped",[141012]],[[194725,194725],"mapped",[24775]],[[194726,194726],"mapped",[24904]],[[194727,194727],"mapped",[24908]],[[194728,194728],"mapped",[24910]],[[194729,194729],"mapped",[24908]],[[194730,194730],"mapped",[24954]],[[194731,194731],"mapped",[24974]],[[194732,194732],"mapped",[25010]],[[194733,194733],"mapped",[24996]],[[194734,194734],"mapped",[25007]],[[194735,194735],"mapped",[25054]],[[194736,194736],"mapped",[25074]],[[194737,194737],"mapped",[25078]],[[194738,194738],"mapped",[25104]],[[194739,194739],"mapped",[25115]],[[194740,194740],"mapped",[25181]],[[194741,194741],"mapped",[25265]],[[194742,194742],"mapped",[25300]],[[194743,194743],"mapped",[25424]],[[194744,194744],"mapped",[142092]],[[194745,194745],"mapped",[25405]],[[194746,194746],"mapped",[25340]],[[194747,194747],"mapped",[25448]],[[194748,194748],"mapped",[25475]],[[194749,194749],"mapped",[25572]],[[194750,194750],"mapped",[142321]],[[194751,194751],"mapped",[25634]],[[194752,194752],"mapped",[25541]],[[194753,194753],"mapped",[25513]],[[194754,194754],"mapped",[14894]],[[194755,194755],"mapped",[25705]],[[194756,194756],"mapped",[25726]],[[194757,194757],"mapped",[25757]],[[194758,194758],"mapped",[25719]],[[194759,194759],"mapped",[14956]],[[194760,194760],"mapped",[25935]],[[194761,194761],"mapped",[25964]],[[194762,194762],"mapped",[143370]],[[194763,194763],"mapped",[26083]],[[194764,194764],"mapped",[26360]],[[194765,194765],"mapped",[26185]],[[194766,194766],"mapped",[15129]],[[194767,194767],"mapped",[26257]],[[194768,194768],"mapped",[15112]],[[194769,194769],"mapped",[15076]],[[194770,194770],"mapped",[20882]],[[194771,194771],"mapped",[20885]],[[194772,194772],"mapped",[26368]],[[194773,194773],"mapped",[26268]],[[194774,194774],"mapped",[32941]],[[194775,194775],"mapped",[17369]],[[194776,194776],"mapped",[26391]],[[194777,194777],"mapped",[26395]],[[194778,194778],"mapped",[26401]],[[194779,194779],"mapped",[26462]],[[194780,194780],"mapped",[26451]],[[194781,194781],"mapped",[144323]],[[194782,194782],"mapped",[15177]],[[194783,194783],"mapped",[26618]],[[194784,194784],"mapped",[26501]],[[194785,194785],"mapped",[26706]],[[194786,194786],"mapped",[26757]],[[194787,194787],"mapped",[144493]],[[194788,194788],"mapped",[26766]],[[194789,194789],"mapped",[26655]],[[194790,194790],"mapped",[26900]],[[194791,194791],"mapped",[15261]],[[194792,194792],"mapped",[26946]],[[194793,194793],"mapped",[27043]],[[194794,194794],"mapped",[27114]],[[194795,194795],"mapped",[27304]],[[194796,194796],"mapped",[145059]],[[194797,194797],"mapped",[27355]],[[194798,194798],"mapped",[15384]],[[194799,194799],"mapped",[27425]],[[194800,194800],"mapped",[145575]],[[194801,194801],"mapped",[27476]],[[194802,194802],"mapped",[15438]],[[194803,194803],"mapped",[27506]],[[194804,194804],"mapped",[27551]],[[194805,194805],"mapped",[27578]],[[194806,194806],"mapped",[27579]],[[194807,194807],"mapped",[146061]],[[194808,194808],"mapped",[138507]],[[194809,194809],"mapped",[146170]],[[194810,194810],"mapped",[27726]],[[194811,194811],"mapped",[146620]],[[194812,194812],"mapped",[27839]],[[194813,194813],"mapped",[27853]],[[194814,194814],"mapped",[27751]],[[194815,194815],"mapped",[27926]],[[194816,194816],"mapped",[27966]],[[194817,194817],"mapped",[28023]],[[194818,194818],"mapped",[27969]],[[194819,194819],"mapped",[28009]],[[194820,194820],"mapped",[28024]],[[194821,194821],"mapped",[28037]],[[194822,194822],"mapped",[146718]],[[194823,194823],"mapped",[27956]],[[194824,194824],"mapped",[28207]],[[194825,194825],"mapped",[28270]],[[194826,194826],"mapped",[15667]],[[194827,194827],"mapped",[28363]],[[194828,194828],"mapped",[28359]],[[194829,194829],"mapped",[147153]],[[194830,194830],"mapped",[28153]],[[194831,194831],"mapped",[28526]],[[194832,194832],"mapped",[147294]],[[194833,194833],"mapped",[147342]],[[194834,194834],"mapped",[28614]],[[194835,194835],"mapped",[28729]],[[194836,194836],"mapped",[28702]],[[194837,194837],"mapped",[28699]],[[194838,194838],"mapped",[15766]],[[194839,194839],"mapped",[28746]],[[194840,194840],"mapped",[28797]],[[194841,194841],"mapped",[28791]],[[194842,194842],"mapped",[28845]],[[194843,194843],"mapped",[132389]],[[194844,194844],"mapped",[28997]],[[194845,194845],"mapped",[148067]],[[194846,194846],"mapped",[29084]],[[194847,194847],"disallowed"],[[194848,194848],"mapped",[29224]],[[194849,194849],"mapped",[29237]],[[194850,194850],"mapped",[29264]],[[194851,194851],"mapped",[149000]],[[194852,194852],"mapped",[29312]],[[194853,194853],"mapped",[29333]],[[194854,194854],"mapped",[149301]],[[194855,194855],"mapped",[149524]],[[194856,194856],"mapped",[29562]],[[194857,194857],"mapped",[29579]],[[194858,194858],"mapped",[16044]],[[194859,194859],"mapped",[29605]],[[194860,194861],"mapped",[16056]],[[194862,194862],"mapped",[29767]],[[194863,194863],"mapped",[29788]],[[194864,194864],"mapped",[29809]],[[194865,194865],"mapped",[29829]],[[194866,194866],"mapped",[29898]],[[194867,194867],"mapped",[16155]],[[194868,194868],"mapped",[29988]],[[194869,194869],"mapped",[150582]],[[194870,194870],"mapped",[30014]],[[194871,194871],"mapped",[150674]],[[194872,194872],"mapped",[30064]],[[194873,194873],"mapped",[139679]],[[194874,194874],"mapped",[30224]],[[194875,194875],"mapped",[151457]],[[194876,194876],"mapped",[151480]],[[194877,194877],"mapped",[151620]],[[194878,194878],"mapped",[16380]],[[194879,194879],"mapped",[16392]],[[194880,194880],"mapped",[30452]],[[194881,194881],"mapped",[151795]],[[194882,194882],"mapped",[151794]],[[194883,194883],"mapped",[151833]],[[194884,194884],"mapped",[151859]],[[194885,194885],"mapped",[30494]],[[194886,194887],"mapped",[30495]],[[194888,194888],"mapped",[30538]],[[194889,194889],"mapped",[16441]],[[194890,194890],"mapped",[30603]],[[194891,194891],"mapped",[16454]],[[194892,194892],"mapped",[16534]],[[194893,194893],"mapped",[152605]],[[194894,194894],"mapped",[30798]],[[194895,194895],"mapped",[30860]],[[194896,194896],"mapped",[30924]],[[194897,194897],"mapped",[16611]],[[194898,194898],"mapped",[153126]],[[194899,194899],"mapped",[31062]],[[194900,194900],"mapped",[153242]],[[194901,194901],"mapped",[153285]],[[194902,194902],"mapped",[31119]],[[194903,194903],"mapped",[31211]],[[194904,194904],"mapped",[16687]],[[194905,194905],"mapped",[31296]],[[194906,194906],"mapped",[31306]],[[194907,194907],"mapped",[31311]],[[194908,194908],"mapped",[153980]],[[194909,194910],"mapped",[154279]],[[194911,194911],"disallowed"],[[194912,194912],"mapped",[16898]],[[194913,194913],"mapped",[154539]],[[194914,194914],"mapped",[31686]],[[194915,194915],"mapped",[31689]],[[194916,194916],"mapped",[16935]],[[194917,194917],"mapped",[154752]],[[194918,194918],"mapped",[31954]],[[194919,194919],"mapped",[17056]],[[194920,194920],"mapped",[31976]],[[194921,194921],"mapped",[31971]],[[194922,194922],"mapped",[32000]],[[194923,194923],"mapped",[155526]],[[194924,194924],"mapped",[32099]],[[194925,194925],"mapped",[17153]],[[194926,194926],"mapped",[32199]],[[194927,194927],"mapped",[32258]],[[194928,194928],"mapped",[32325]],[[194929,194929],"mapped",[17204]],[[194930,194930],"mapped",[156200]],[[194931,194931],"mapped",[156231]],[[194932,194932],"mapped",[17241]],[[194933,194933],"mapped",[156377]],[[194934,194934],"mapped",[32634]],[[194935,194935],"mapped",[156478]],[[194936,194936],"mapped",[32661]],[[194937,194937],"mapped",[32762]],[[194938,194938],"mapped",[32773]],[[194939,194939],"mapped",[156890]],[[194940,194940],"mapped",[156963]],[[194941,194941],"mapped",[32864]],[[194942,194942],"mapped",[157096]],[[194943,194943],"mapped",[32880]],[[194944,194944],"mapped",[144223]],[[194945,194945],"mapped",[17365]],[[194946,194946],"mapped",[32946]],[[194947,194947],"mapped",[33027]],[[194948,194948],"mapped",[17419]],[[194949,194949],"mapped",[33086]],[[194950,194950],"mapped",[23221]],[[194951,194951],"mapped",[157607]],[[194952,194952],"mapped",[157621]],[[194953,194953],"mapped",[144275]],[[194954,194954],"mapped",[144284]],[[194955,194955],"mapped",[33281]],[[194956,194956],"mapped",[33284]],[[194957,194957],"mapped",[36766]],[[194958,194958],"mapped",[17515]],[[194959,194959],"mapped",[33425]],[[194960,194960],"mapped",[33419]],[[194961,194961],"mapped",[33437]],[[194962,194962],"mapped",[21171]],[[194963,194963],"mapped",[33457]],[[194964,194964],"mapped",[33459]],[[194965,194965],"mapped",[33469]],[[194966,194966],"mapped",[33510]],[[194967,194967],"mapped",[158524]],[[194968,194968],"mapped",[33509]],[[194969,194969],"mapped",[33565]],[[194970,194970],"mapped",[33635]],[[194971,194971],"mapped",[33709]],[[194972,194972],"mapped",[33571]],[[194973,194973],"mapped",[33725]],[[194974,194974],"mapped",[33767]],[[194975,194975],"mapped",[33879]],[[194976,194976],"mapped",[33619]],[[194977,194977],"mapped",[33738]],[[194978,194978],"mapped",[33740]],[[194979,194979],"mapped",[33756]],[[194980,194980],"mapped",[158774]],[[194981,194981],"mapped",[159083]],[[194982,194982],"mapped",[158933]],[[194983,194983],"mapped",[17707]],[[194984,194984],"mapped",[34033]],[[194985,194985],"mapped",[34035]],[[194986,194986],"mapped",[34070]],[[194987,194987],"mapped",[160714]],[[194988,194988],"mapped",[34148]],[[194989,194989],"mapped",[159532]],[[194990,194990],"mapped",[17757]],[[194991,194991],"mapped",[17761]],[[194992,194992],"mapped",[159665]],[[194993,194993],"mapped",[159954]],[[194994,194994],"mapped",[17771]],[[194995,194995],"mapped",[34384]],[[194996,194996],"mapped",[34396]],[[194997,194997],"mapped",[34407]],[[194998,194998],"mapped",[34409]],[[194999,194999],"mapped",[34473]],[[195000,195000],"mapped",[34440]],[[195001,195001],"mapped",[34574]],[[195002,195002],"mapped",[34530]],[[195003,195003],"mapped",[34681]],[[195004,195004],"mapped",[34600]],[[195005,195005],"mapped",[34667]],[[195006,195006],"mapped",[34694]],[[195007,195007],"disallowed"],[[195008,195008],"mapped",[34785]],[[195009,195009],"mapped",[34817]],[[195010,195010],"mapped",[17913]],[[195011,195011],"mapped",[34912]],[[195012,195012],"mapped",[34915]],[[195013,195013],"mapped",[161383]],[[195014,195014],"mapped",[35031]],[[195015,195015],"mapped",[35038]],[[195016,195016],"mapped",[17973]],[[195017,195017],"mapped",[35066]],[[195018,195018],"mapped",[13499]],[[195019,195019],"mapped",[161966]],[[195020,195020],"mapped",[162150]],[[195021,195021],"mapped",[18110]],[[195022,195022],"mapped",[18119]],[[195023,195023],"mapped",[35488]],[[195024,195024],"mapped",[35565]],[[195025,195025],"mapped",[35722]],[[195026,195026],"mapped",[35925]],[[195027,195027],"mapped",[162984]],[[195028,195028],"mapped",[36011]],[[195029,195029],"mapped",[36033]],[[195030,195030],"mapped",[36123]],[[195031,195031],"mapped",[36215]],[[195032,195032],"mapped",[163631]],[[195033,195033],"mapped",[133124]],[[195034,195034],"mapped",[36299]],[[195035,195035],"mapped",[36284]],[[195036,195036],"mapped",[36336]],[[195037,195037],"mapped",[133342]],[[195038,195038],"mapped",[36564]],[[195039,195039],"mapped",[36664]],[[195040,195040],"mapped",[165330]],[[195041,195041],"mapped",[165357]],[[195042,195042],"mapped",[37012]],[[195043,195043],"mapped",[37105]],[[195044,195044],"mapped",[37137]],[[195045,195045],"mapped",[165678]],[[195046,195046],"mapped",[37147]],[[195047,195047],"mapped",[37432]],[[195048,195048],"mapped",[37591]],[[195049,195049],"mapped",[37592]],[[195050,195050],"mapped",[37500]],[[195051,195051],"mapped",[37881]],[[195052,195052],"mapped",[37909]],[[195053,195053],"mapped",[166906]],[[195054,195054],"mapped",[38283]],[[195055,195055],"mapped",[18837]],[[195056,195056],"mapped",[38327]],[[195057,195057],"mapped",[167287]],[[195058,195058],"mapped",[18918]],[[195059,195059],"mapped",[38595]],[[195060,195060],"mapped",[23986]],[[195061,195061],"mapped",[38691]],[[195062,195062],"mapped",[168261]],[[195063,195063],"mapped",[168474]],[[195064,195064],"mapped",[19054]],[[195065,195065],"mapped",[19062]],[[195066,195066],"mapped",[38880]],[[195067,195067],"mapped",[168970]],[[195068,195068],"mapped",[19122]],[[195069,195069],"mapped",[169110]],[[195070,195071],"mapped",[38923]],[[195072,195072],"mapped",[38953]],[[195073,195073],"mapped",[169398]],[[195074,195074],"mapped",[39138]],[[195075,195075],"mapped",[19251]],[[195076,195076],"mapped",[39209]],[[195077,195077],"mapped",[39335]],[[195078,195078],"mapped",[39362]],[[195079,195079],"mapped",[39422]],[[195080,195080],"mapped",[19406]],[[195081,195081],"mapped",[170800]],[[195082,195082],"mapped",[39698]],[[195083,195083],"mapped",[40000]],[[195084,195084],"mapped",[40189]],[[195085,195085],"mapped",[19662]],[[195086,195086],"mapped",[19693]],[[195087,195087],"mapped",[40295]],[[195088,195088],"mapped",[172238]],[[195089,195089],"mapped",[19704]],[[195090,195090],"mapped",[172293]],[[195091,195091],"mapped",[172558]],[[195092,195092],"mapped",[172689]],[[195093,195093],"mapped",[40635]],[[195094,195094],"mapped",[19798]],[[195095,195095],"mapped",[40697]],[[195096,195096],"mapped",[40702]],[[195097,195097],"mapped",[40709]],[[195098,195098],"mapped",[40719]],[[195099,195099],"mapped",[40726]],[[195100,195100],"mapped",[40763]],[[195101,195101],"mapped",[173568]],[[195102,196605],"disallowed"],[[196606,196607],"disallowed"],[[196608,262141],"disallowed"],[[262142,262143],"disallowed"],[[262144,327677],"disallowed"],[[327678,327679],"disallowed"],[[327680,393213],"disallowed"],[[393214,393215],"disallowed"],[[393216,458749],"disallowed"],[[458750,458751],"disallowed"],[[458752,524285],"disallowed"],[[524286,524287],"disallowed"],[[524288,589821],"disallowed"],[[589822,589823],"disallowed"],[[589824,655357],"disallowed"],[[655358,655359],"disallowed"],[[655360,720893],"disallowed"],[[720894,720895],"disallowed"],[[720896,786429],"disallowed"],[[786430,786431],"disallowed"],[[786432,851965],"disallowed"],[[851966,851967],"disallowed"],[[851968,917501],"disallowed"],[[917502,917503],"disallowed"],[[917504,917504],"disallowed"],[[917505,917505],"disallowed"],[[917506,917535],"disallowed"],[[917536,917631],"disallowed"],[[917632,917759],"disallowed"],[[917760,917999],"ignored"],[[918000,983037],"disallowed"],[[983038,983039],"disallowed"],[[983040,1048573],"disallowed"],[[1048574,1048575],"disallowed"],[[1048576,1114109],"disallowed"],[[1114110,1114111],"disallowed"]]'); /***/ }), /***/ 6447: /***/ ((module) => { "use strict"; module.exports = {"i8":"1.6.0"}; /***/ }), /***/ 2357: /***/ ((module) => { "use strict"; module.exports = require("assert"); /***/ }), /***/ 4293: /***/ ((module) => { "use strict"; module.exports = require("buffer"); /***/ }), /***/ 3129: /***/ ((module) => { "use strict"; module.exports = require("child_process"); /***/ }), /***/ 7619: /***/ ((module) => { "use strict"; module.exports = require("constants"); /***/ }), /***/ 6417: /***/ ((module) => { "use strict"; module.exports = require("crypto"); /***/ }), /***/ 881: /***/ ((module) => { "use strict"; module.exports = require("dns"); /***/ }), /***/ 8614: /***/ ((module) => { "use strict"; module.exports = require("events"); /***/ }), /***/ 5747: /***/ ((module) => { "use strict"; module.exports = require("fs"); /***/ }), /***/ 8605: /***/ ((module) => { "use strict"; module.exports = require("http"); /***/ }), /***/ 7211: /***/ ((module) => { "use strict"; module.exports = require("https"); /***/ }), /***/ 1631: /***/ ((module) => { "use strict"; module.exports = require("net"); /***/ }), /***/ 2087: /***/ ((module) => { "use strict"; module.exports = require("os"); /***/ }), /***/ 5622: /***/ ((module) => { "use strict"; module.exports = require("path"); /***/ }), /***/ 4213: /***/ ((module) => { "use strict"; module.exports = require("punycode"); /***/ }), /***/ 1191: /***/ ((module) => { "use strict"; module.exports = require("querystring"); /***/ }), /***/ 2413: /***/ ((module) => { "use strict"; module.exports = require("stream"); /***/ }), /***/ 4304: /***/ ((module) => { "use strict"; module.exports = require("string_decoder"); /***/ }), /***/ 4016: /***/ ((module) => { "use strict"; module.exports = require("tls"); /***/ }), /***/ 3867: /***/ ((module) => { "use strict"; module.exports = require("tty"); /***/ }), /***/ 8835: /***/ ((module) => { "use strict"; module.exports = require("url"); /***/ }), /***/ 1669: /***/ ((module) => { "use strict"; module.exports = require("util"); /***/ }), /***/ 8761: /***/ ((module) => { "use strict"; module.exports = require("zlib"); /***/ }) /******/ }); /************************************************************************/ /******/ // The module cache /******/ var __webpack_module_cache__ = {}; /******/ /******/ // The require function /******/ function __nccwpck_require__(moduleId) { /******/ // Check if module is in cache /******/ var cachedModule = __webpack_module_cache__[moduleId]; /******/ if (cachedModule !== undefined) { /******/ return cachedModule.exports; /******/ } /******/ // Create a new module (and put it into the cache) /******/ var module = __webpack_module_cache__[moduleId] = { /******/ // no module.id needed /******/ // no module.loaded needed /******/ exports: {} /******/ }; /******/ /******/ // Execute the module function /******/ var threw = true; /******/ try { /******/ __webpack_modules__[moduleId].call(module.exports, module, module.exports, __nccwpck_require__); /******/ threw = false; /******/ } finally { /******/ if(threw) delete __webpack_module_cache__[moduleId]; /******/ } /******/ /******/ // Return the exports of the module /******/ return module.exports; /******/ } /******/ /************************************************************************/ /******/ /* webpack/runtime/compat */ /******/ /******/ if (typeof __nccwpck_require__ !== 'undefined') __nccwpck_require__.ab = __dirname + "/"; /******/ /************************************************************************/ /******/ /******/ // startup /******/ // Load entry module and return exports /******/ // This entry module is referenced by other modules so it can't be inlined /******/ var __webpack_exports__ = __nccwpck_require__(399); /******/ module.exports = __webpack_exports__; /******/ /******/ })() ; //# sourceMappingURL=index.js.map