From 38ff9263c9e765bf783cb78b7e01a88957a4ec8d Mon Sep 17 00:00:00 2001 From: Yadd Date: Fri, 8 Dec 2023 14:26:53 +0400 Subject: [PATCH 1/9] Add library to find Matrix server --- lemonldap-ng-common/MANIFEST | 2 + .../lib/Lemonldap/NG/Common/Matrix.pm | 149 ++++++++++++++++++ lemonldap-ng-common/t/51-Matrix-Resolve.pm | 72 +++++++++ 3 files changed, 223 insertions(+) create mode 100644 lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm create mode 100644 lemonldap-ng-common/t/51-Matrix-Resolve.pm diff --git a/lemonldap-ng-common/MANIFEST b/lemonldap-ng-common/MANIFEST index a21fe987e2..73e531a4bc 100644 --- a/lemonldap-ng-common/MANIFEST +++ b/lemonldap-ng-common/MANIFEST @@ -50,6 +50,7 @@ lib/Lemonldap/NG/Common/Logger/Null.pm lib/Lemonldap/NG/Common/Logger/Sentry.pm lib/Lemonldap/NG/Common/Logger/Std.pm lib/Lemonldap/NG/Common/Logger/Syslog.pm +lib/Lemonldap/NG/Common/Matrix.pm lib/Lemonldap/NG/Common/Module.pm lib/Lemonldap/NG/Common/Notifications.pm lib/Lemonldap/NG/Common/Notifications/DBI.pm @@ -108,6 +109,7 @@ t/41-Common-EmailAddress.t t/45-importMetadata-config.t t/45-importMetadata.t t/50-Combination-Parser.t +t/51-Matrix-Resolve.pm t/60-Hashed-Session.t t/60-Session-Cache.t t/60-Session-Cli.t diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm new file mode 100644 index 0000000000..0b85abe3fa --- /dev/null +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm @@ -0,0 +1,149 @@ +package Lemonldap::NG::Common::Matrix; + +use strict; +use JSON; +use Lemonldap::NG::Common::UserAgent; +use Mouse::Role; +use Net::DNS; +use Regexp::Common 'net'; +use Regexp::Common::URI::RFC2396 '$hostname'; + +# Check IP:port or IP. Captures IP and port +my $isIpLiteral = qr/^($RE{net}{IPv6}|$RE{net}{IPv4})(?:(? ( + is => 'rw', + lazy => 1, + builder => sub { + + # TODO : LWP options to use a proxy for example + my $ua = Lemonldap::NG::Common::UserAgent->new( $_[0]->{conf} ); + $ua->env_proxy(); + return $ua; + } +); + +has dnsResolver => ( + is => 'rw', + lazy => 1, + builder => sub { + return Net::DNS::Resolver->new; + } +); + +sub serverResolve { + my ( $self, $name ) = @_; + + # From Matrix spec 1.9 + # + # If the hostname is an IP literal, then that IP address should be used, + # together with the given port number, or 8448 if no port is given. + return "https://$1:" . ( $2 || '8448' ) . '/' + if $name =~ $isIpLiteral; + + unless ( $name =~ $isHostname ) { + $self->logger->error("Bad hostname $name"); + return; + } + + # If the hostname is not an IP literal, and the server name includes an + # explicit port, resolve the hostname to an IP address using CNAME, AAAA + # or A records + return "https://$1:$2/" if $2; + + # If the hostname is not an IP literal, a regular HTTPS request is made + # to https:///.well-known/matrix/server + my $resp = $self->ua->get("https://$name/.well-known/matrix/server"); + if ( $resp->is_success ) { + my $content = eval { JSON::from_json( $resp->decoded_content ) }; + unless ($@) { + if ( ref($content) + and ref($content) eq 'HASH' + and my $delegated = $content->{'m.server'} ) + { + # If is an IP literal, then that IP + # address should be used together with the + # or 8448 if no port is provided + return "https://$1:" . ( $2 || '8448' ) . '/' + if $delegated =~ $isIpLiteral; + + unless ( $delegated =~ $isHostname ) { + $self->logger->error("Bad hostname $name"); + return; + } + + # If is not an IP literal, and + # is present, an IP address is discovered by + # looking up CNAME, AAAA or A records for + return "https://$1:$2/" if $2; + + # ALL NEXT CASES ARE EXACTLY THE SAME DNS SEARCH THAN IF NO + # .well-known IS VALID BUT USING ${delegated} INSTEAD OF + # ${name} + + # If is not an IP literal and no + # is present, an SRV record is looked up for + # _matrix-fed._tcp.. This may result in + # another hostname (to be resolved using AAAA or A records) and + # port. + # + # [Deprecated] If is not an IP literal, no + # is present, and a + # _matrix-fed._tcp. SRV record was not + # found, an SRV record is looked up for + # _matrix._tcp.. This may result in another + # hostname # (to be resolved using AAAA or A records) and port. + # + # If no SRV record is found, an IP address is resolved using + # CNAME, # AAAA or A records. Requests are then made to the + # resolve IP address # and a port of 8448, using a Host header + # of + return $self->_dnsResolve($delegated); + } + } + } + return $self->_dnsResolve($name); +} + +sub _dnsResolve { + my ( $self, $name ) = @_; + my @res; + + # If the /.well-known request resulted in an error response, a server is + # found by resolving an SRV record for _matrix-fed._tcp.. This + # may result in a hostname (to be resolved using AAAA or A records) and + # port + @res = $self->dnsSrvResolve("_matrix-fed._tcp.$name"); + + # [Deprecated] If the /.well-known request resulted in an error response, + # and a _matrix-fed._tcp. SRV record was not found, a server is + # found by resolving an SRV record for _matrix._tcp. + @res = $self->dnsSrvResolve("_matrix._tcp.$name") unless @res; + + return ( wantarray ? @res : shift(@res) ) if @res; + + # If the /.well-known request returned an error response, and the + # SRV record was not found, an IP address is resolved using CNAME, + # AAAA and A records. Requests are made to the resolved IP address + # using port 8448 and a Host header containing the + if ( rr($name) ) { + return "https://$name:8448/"; + } + else { + $self->logger->error("Unable to resolve Matrix name $name"); + return; + } +} + +sub dnsSrvResolve { + my ( $self, $name ) = @_; + my $reply = $self->dnsResolver->query( $name, 'SRV' ); + return unless $reply; + return map { 'https://' . $_->target . ':' . $_->port . '/' } + sort { $b->priority <=> $a->priority } $reply->answer; +} + +1; diff --git a/lemonldap-ng-common/t/51-Matrix-Resolve.pm b/lemonldap-ng-common/t/51-Matrix-Resolve.pm new file mode 100644 index 0000000000..0af9e074ed --- /dev/null +++ b/lemonldap-ng-common/t/51-Matrix-Resolve.pm @@ -0,0 +1,72 @@ +package Tester; + +use strict; +use Lemonldap::NG::Common::Logger::Std; +use Mouse; + +with 'Lemonldap::NG::Common::Matrix'; + +has logger => ( + is => 'rw', + builder => sub { + return Lemonldap::NG::Common::Logger::Std->new( + { logLevel => 'error' } ); + } +); + +package Main; + +use strict; +use warnings; +use JSON; +use LWP::Protocol::PSGI; +use Plack::Request; +use Test::More tests => 7; + +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + if ( $req->env->{HTTP_HOST} eq 'm.org' ) { + return [ + 200, + [], + [ + JSON::to_json( { + 'm.server' => 'host.m.org:678', + } + ) + ] + ]; + } + return [ 404, [], [] ]; + } +); + +my $c; +ok( $c = Tester->new, 'Succeed to load Lemonldap::NG::Common::Matrix' ); + +ok( $c->serverResolve('1.2.3.4:879') eq 'https://1.2.3.4:879/', + 'Accept IP with port' ); + +ok( $c->serverResolve('1.2.3.4') eq 'https://1.2.3.4:8448/', + 'Accept IP without port' ); + +ok( $c->serverResolve('hostname:567') eq 'https://hostname:567/', + 'Accept hostname with port' ); + +ok( $c->serverResolve('m.org') eq 'https://host.m.org:678/', + 'Tester tries .well-known' ); + +TODO: { + my $m = $c->serverResolve('matrix.org'); + local $TODO = 'Maybe no DNS'; + ok( defined $m, 'Succeed to get SRV record' ); + local $TODO = 'Maybe DNS changed'; + ok( ( + $m + and $m eq + 'https://matrix-federation.matrix.org.cdn.cloudflare.net:8443/' + ), + 'Value is https://matrix-federation.matrix.org.cdn.cloudflare.net:8443/' + ); +} -- GitLab From b5c2701d03507b69efc15025e038afc2cffb0fd9 Mon Sep 17 00:00:00 2001 From: Yadd Date: Mon, 11 Dec 2023 21:09:52 +0400 Subject: [PATCH 2/9] Add Matrix token validation --- lemonldap-ng-common/MANIFEST | 1 + .../lib/Lemonldap/NG/Common/Matrix.pm | 38 ++++++++++ .../t/51-Matrix-Validate-Token.pm | 73 +++++++++++++++++++ 3 files changed, 112 insertions(+) create mode 100644 lemonldap-ng-common/t/51-Matrix-Validate-Token.pm diff --git a/lemonldap-ng-common/MANIFEST b/lemonldap-ng-common/MANIFEST index 73e531a4bc..f604945d5c 100644 --- a/lemonldap-ng-common/MANIFEST +++ b/lemonldap-ng-common/MANIFEST @@ -110,6 +110,7 @@ t/45-importMetadata-config.t t/45-importMetadata.t t/50-Combination-Parser.t t/51-Matrix-Resolve.pm +t/51-Matrix-Validate-Token.pm t/60-Hashed-Session.t t/60-Session-Cache.t t/60-Session-Cli.t diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm index 0b85abe3fa..53f0f477c0 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm @@ -2,6 +2,7 @@ package Lemonldap::NG::Common::Matrix; use strict; use JSON; +use Lemonldap::NG::Common::FormEncode; use Lemonldap::NG::Common::UserAgent; use Mouse::Role; use Net::DNS; @@ -34,6 +35,10 @@ has dnsResolver => ( } ); +# MATRIX SERVER RESOLUTION +# +# main method: serverResolve + sub serverResolve { my ( $self, $name ) = @_; @@ -146,4 +151,37 @@ sub dnsSrvResolve { sort { $b->priority <=> $a->priority } $reply->answer; } +# MATRIX TOKEN VALIDATION +# +# main method: validateMatrixToken + +sub validateMatrixToken { + my ( $self, $matrixBaseUrl, $accessToken ) = @_; + $matrixBaseUrl =~ s#/+$##; + my $resp = + $self->ua->get( "$matrixBaseUrl/_matrix/federation/v1/openid/userinfo?" + . build_urlencoded( access_token => $accessToken ) ); + if ( $resp->is_success ) { + my $content = eval { JSON::from_json( $resp->decoded_content ) }; + if ($@) { + $self->logger->error("Bad response from $matrixBaseUrl: $@"); + return; + } + if ( ref $content eq 'HASH' and my $sub = $content->{sub} ) { + return $sub; + } + else { + $self->logger->error( + "Bad response from $matrixBaseUrl: " . $resp->decoded_content ); + return; + } + } + else { + $self->userLogger->error( + "Token $accessToken refused by $matrixBaseUrl: " + . $resp->status_line ); + return; + } +} + 1; diff --git a/lemonldap-ng-common/t/51-Matrix-Validate-Token.pm b/lemonldap-ng-common/t/51-Matrix-Validate-Token.pm new file mode 100644 index 0000000000..fca041a0a4 --- /dev/null +++ b/lemonldap-ng-common/t/51-Matrix-Validate-Token.pm @@ -0,0 +1,73 @@ +package Tester; + +use strict; +use Lemonldap::NG::Common::Logger::Std; +use Mouse; + +my $debug = 'error'; + +with 'Lemonldap::NG::Common::Matrix'; + +has logger => ( + is => 'rw', + builder => sub { + return Lemonldap::NG::Common::Logger::Std->new( + { logLevel => $debug } ); + } +); + +has userLogger => ( + is => 'rw', + builder => sub { + return Lemonldap::NG::Common::Logger::Std->new( + { logLevel => $debug } ); + } +); + +package Main; + +use strict; +use warnings; +use JSON; +use LWP::Protocol::PSGI; +use Plack::Request; +use Test::More tests => 4; + +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + if ( $req->env->{HTTP_HOST} eq 'm.org' + and $req->path_info eq '/_matrix/federation/v1/openid/userinfo' ) + { + if ( $req->query_string eq 'access_token=bbb' ) { + return [ + 200, + [], + [ + JSON::to_json( { + sub => '@dwho:badwolf.org' + } + ) + ] + ]; + } + else { + return [ + 403, [], + ['{"errcode": "M_UNAUTHORIZED", "error": "Bad token"}'] + ]; + } + } + return [ 404, [], [] ]; + } +); + +my $c; +ok( $c = Tester->new, 'Succeed to load Lemonldap::NG::Common::Matrix' ); + +ok( $c->validateMatrixToken( 'http://m.org/', 'bbb' ) eq '@dwho:badwolf.org', + 'Get Matrix address' ); + +ok( !$c->validateMatrixToken( 'http://m.org/', 'aaa' ), 'Bad token' ); + +ok( !$c->validateMatrixToken( 'http://m2.org/', 'bbb' ), 'Bad server' ); -- GitLab From 796b99ca6b3d2236a38c57190a146bd6844a5b07 Mon Sep 17 00:00:00 2001 From: Yadd Date: Tue, 12 Dec 2023 06:58:12 +0400 Subject: [PATCH 3/9] Matrix validate: return details if wantarray --- .../lib/Lemonldap/NG/Common/Matrix.pm | 7 +++++- .../t/51-Matrix-Validate-Token.pm | 25 ++++++++++++++++--- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm index 53f0f477c0..082644eeec 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm @@ -168,7 +168,12 @@ sub validateMatrixToken { return; } if ( ref $content eq 'HASH' and my $sub = $content->{sub} ) { - return $sub; + unless ( $sub =~ /^\@(.*):(.*)$/ ) { + $self->logger->error( + "Bad 'sub' received from $matrixBaseUrl: $sub"); + return; + } + return wantarray ? ( $sub, $1, $2 ) : $sub; } else { $self->logger->error( diff --git a/lemonldap-ng-common/t/51-Matrix-Validate-Token.pm b/lemonldap-ng-common/t/51-Matrix-Validate-Token.pm index fca041a0a4..c962c5efea 100644 --- a/lemonldap-ng-common/t/51-Matrix-Validate-Token.pm +++ b/lemonldap-ng-common/t/51-Matrix-Validate-Token.pm @@ -31,7 +31,7 @@ use warnings; use JSON; use LWP::Protocol::PSGI; use Plack::Request; -use Test::More tests => 4; +use Test::More tests => 5; LWP::Protocol::PSGI->register( sub { @@ -65,8 +65,27 @@ LWP::Protocol::PSGI->register( my $c; ok( $c = Tester->new, 'Succeed to load Lemonldap::NG::Common::Matrix' ); -ok( $c->validateMatrixToken( 'http://m.org/', 'bbb' ) eq '@dwho:badwolf.org', - 'Get Matrix address' ); +if ( + ok( + $c->validateMatrixToken( 'http://m.org/', 'bbb' ) eq + '@dwho:badwolf.org', + 'Get Matrix address' + ) + ) +{ + + my @res = $c->validateMatrixToken( 'http://m.org/', 'bbb' ); + ok( ( + $res[0] eq '@dwho:badwolf.org' + and $res[1] eq 'dwho' + and $res[2] eq 'badwolf.org' + ), + 'Get details when wantarray' + ); +} +else { + fail('wantarray test aborted due to previous error'); +} ok( !$c->validateMatrixToken( 'http://m.org/', 'aaa' ), 'Bad token' ); -- GitLab From 7c434f0d53d93c5a4e8b941de6748f244784f24a Mon Sep 17 00:00:00 2001 From: Yadd Date: Tue, 12 Dec 2023 07:16:47 +0400 Subject: [PATCH 4/9] Add doc --- .../lib/Lemonldap/NG/Common/Matrix.pm | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm index 082644eeec..ac70aac8f3 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Matrix.pm @@ -190,3 +190,90 @@ sub validateMatrixToken { } 1; +__END__ + +=head1 NAME + +=encoding utf8 + +Lemonldap::NG::Common::Matrix - Library to interact with Matrix servers + +=head1 SYNOPSIS + + use Mouse; + with 'Lemonldap::NG::Common::Matrix'; + # + # Server resolution + # + my $baseUrl = $self->serverResolve('matrix.org'); + # Gives: https://matrix-federation.matrix.org.cdn.cloudflare.net:8443/ + # + # Token validation + # + my $subject = $self->validateMatrixToken( $baseUrl, 'federationToken' ); + # or + my ( $subject, $username, $domain) = + $self->validateMatrixToken( $baseUrl, 'federationToken' ); + # Gives the Matrix address of this user + + +=head1 DESCRIPTION + +Lemonldap::NG::Common::Matrix is a L that provides additional +methods to interact with Matrix servers. + +=head1 METHODS + +=head2 serverResolve + +Return the base URL corresponding to the given Matrix "Servername", following +L + +=head2 validateMatrixToken + +Verify the given "federation token" and return the matrix address. + +The "federation token" isn't the Matrix C but a token that user +can get by calling C +on its Matrix server. + +=head1 SEE ALSO + +L, L, L + +=head1 AUTHORS + +=over + +=item LemonLDAP::NG team L + +=back + +=head1 BUG REPORT + +Use OW2 system to report bug or ask for features: +L + +=head1 DOWNLOAD + +Lemonldap::NG is available at +L + +=head1 COPYRIGHT AND LICENSE + +See COPYING file for details. + +This library is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program. If not, see L. + +=cut -- GitLab From bd20b1d24662aede020044e9e2c2b52ad6ecef8e Mon Sep 17 00:00:00 2001 From: Yadd Date: Wed, 1 May 2024 06:12:31 +0400 Subject: [PATCH 5/9] Dependencies: + Net::DNS --- debian/control | 4 +++- lemonldap-ng-common/Makefile.PL | 1 + rpm/lemonldap-ng.spec | 3 +++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/control b/debian/control index 5860cef247..0780a7a691 100644 --- a/debian/control +++ b/debian/control @@ -43,6 +43,7 @@ Build-Depends-Indep: fonts-urw-base35 | gsfonts , libmouse-perl, libnet-cidr-lite-perl , libnet-cidr-perl , + libnet-dns-perl , libnet-ldap-perl , libio-socket-timeout-perl , libnet-openid-consumer-perl , @@ -250,6 +251,7 @@ Recommends: libapache-session-browseable-perl, libstring-random-perl, perl-doc Suggests: libconvert-base32-perl, + libnet-dns-perl, libnet-ldap-perl, libsoap-lite-perl, libxml-libxml-perl @@ -332,7 +334,7 @@ Suggests: crowdsec, libhttp-browserdetect-perl, libimage-magick-perl, liblasso-perl, - libnet-facebook-oauth2-perl, + ibnet-facebook-oauth2-perl, libnet-openid-consumer-perl, libnet-openid-server-perl, libnet-oauth-perl, diff --git a/lemonldap-ng-common/Makefile.PL b/lemonldap-ng-common/Makefile.PL index 123a46e9a9..84e038e9fd 100644 --- a/lemonldap-ng-common/Makefile.PL +++ b/lemonldap-ng-common/Makefile.PL @@ -52,6 +52,7 @@ WriteMakefile( 'Date::Parse' => 0, 'String::Random' => 0, 'DBI' => 0, + 'Net::DNS' => 0, 'Net::LDAP' => 0, 'SOAP::Lite' => 0, 'LWP::Protocol::https' => 0, diff --git a/rpm/lemonldap-ng.spec b/rpm/lemonldap-ng.spec index 0f9123f32e..ee8af1457e 100644 --- a/rpm/lemonldap-ng.spec +++ b/rpm/lemonldap-ng.spec @@ -148,6 +148,7 @@ BuildRequires: perl(Mouse) BuildRequires: perl(Mouse::Role) BuildRequires: perl(Net::CIDR) BuildRequires: perl(Net::Facebook::Oauth2) +BuildRequires: perl(Net::DNS) BuildRequires: perl(Net::LDAP) BuildRequires: perl(Net::LDAP::Control::PasswordPolicy) BuildRequires: perl(Net::LDAP::Extension::SetPassword) @@ -354,6 +355,8 @@ Recommends: perl(Data::Password::zxcvbn) # Location Recommends: perl(GeoIP2)} Recommends: perl(HTTP::BrowserDetect)} +# Matrix +Recommends: perl(Net::DNS) # SAML Recommends: perl(Glib) Recommends: perl(Lasso) -- GitLab From 2d14ebdfb503b4c9b655a4fc5ccc0b9f0fa1d3bd Mon Sep 17 00:00:00 2001 From: Yadd Date: Tue, 12 Dec 2023 18:32:54 +0400 Subject: [PATCH 6/9] Matrix token exchange --- debian/control | 2 +- lemonldap-ng-portal/MANIFEST | 3 + .../lib/Lemonldap/NG/Portal/Main/Plugins.pm | 2 + .../NG/Portal/Plugins/MatrixTokenExchange.pm | 90 ++++++++ .../t/51-OIDC-Matrix-Offline-Token-Exchange.t | 195 +++++++++++++++++ .../t/51-OIDC-Matrix-Online-Token-Exchange.t | 205 ++++++++++++++++++ 6 files changed, 496 insertions(+), 1 deletion(-) create mode 100644 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm create mode 100644 lemonldap-ng-portal/t/51-OIDC-Matrix-Offline-Token-Exchange.t create mode 100644 lemonldap-ng-portal/t/51-OIDC-Matrix-Online-Token-Exchange.t diff --git a/debian/control b/debian/control index 0780a7a691..1624999046 100644 --- a/debian/control +++ b/debian/control @@ -334,7 +334,7 @@ Suggests: crowdsec, libhttp-browserdetect-perl, libimage-magick-perl, liblasso-perl, - ibnet-facebook-oauth2-perl, + libnet-facebook-oauth2-perl, libnet-openid-consumer-perl, libnet-openid-server-perl, libnet-oauth-perl, diff --git a/lemonldap-ng-portal/MANIFEST b/lemonldap-ng-portal/MANIFEST index 6f776ec48f..22dee70c94 100644 --- a/lemonldap-ng-portal/MANIFEST +++ b/lemonldap-ng-portal/MANIFEST @@ -141,6 +141,7 @@ lib/Lemonldap/NG/Portal/Plugins/Impersonation.pm lib/Lemonldap/NG/Portal/Plugins/InitializePasswordReset.pm lib/Lemonldap/NG/Portal/Plugins/LocationDetect.pm lib/Lemonldap/NG/Portal/Plugins/MailPasswordReset.pm +lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm lib/Lemonldap/NG/Portal/Plugins/NewLocationWarning.pm lib/Lemonldap/NG/Portal/Plugins/Notifications.pm lib/Lemonldap/NG/Portal/Plugins/OIDCInternalTokenExchange.pm @@ -803,6 +804,8 @@ t/44-CertificateResetByMail-LDAP.t t/50-IssuerGet.t t/50-IssuerJitsiJWT.t t/51-OIDC-Internal-Token-Exchange.t +t/51-OIDC-Matrix-Offline-Token-Exchange.t +t/51-OIDC-Matrix-Online-Token-Exchange.t t/56-CheckDevOps-with-Download.t t/56-CheckDevOps.t t/57-GlobalLogout-with-Confirmation.t diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm index c27bf01f70..795c450c5d 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm @@ -49,6 +49,8 @@ our @pList = ( '::Plugins::AuthOidcPkce', 'or::oidcRPMetaDataOptions/*/oidcRPMetaDataOptionsTokenXAuthorizedRP' => '::Plugins::OIDCInternalTokenExchange', + 'or::oidcRPMetaDataOptions/*/oidcRPMetaDataOptionsMatrixServers' => + '::Plugins::MatrixTokenExchange', ); ##@method list enabledPlugins diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm new file mode 100644 index 0000000000..b15ef6c1a4 --- /dev/null +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm @@ -0,0 +1,90 @@ +package Lemonldap::NG::Portal::Plugins::MatrixTokenExchange; + +use strict; +use Mouse; + +extends 'Lemonldap::NG::Portal::Lib::OIDCTokenExchange'; + +with 'Lemonldap::NG::Common::Matrix'; + +sub getUid { + my ( $self, $req, $rp, $subjectToken, $subjectTokenType ) = @_; + + # 1. Verify that issuer is allowed + my @issuers = split /[;,\s]+/, + ( $self->oidc->rpOptions->{$rp}->{oidcRPMetaDataOptionsMatrixServers} + || '' ); + + if ( $subjectTokenType and $subjectTokenType ne 'access_token' ) { + $self->logger->debug( + "Matrix given token isn't declared as access_token"); + return 0; + } + + my $token_issuer = $req->param('token_issuer'); + if ($token_issuer) { + unless ( grep { $_ eq $token_issuer || $_ eq '*' } @issuers ) { + $self->logger->debug( + "Token issued from unknown matrix server: $token_issuer"); + return 0; + } + $token_issuer = $self->serverResolve($token_issuer); + } + elsif ( $issuers[0] ne '*' ) { + $token_issuer = $self->serverResolve( $issuers[0] ); + } + else { + $self->logger->debug('Missing token_issuer'); + return 0; + } + + # 2. Validate Matrix token against given Matrix server + $self->logger->debug( + "Token exchange asked for Matrix token $subjectToken on $token_issuer"); + + my ( $matrixSub, $uid, $domain ) = + $self->validateMatrixToken( $token_issuer, $subjectToken ); + + unless ($matrixSub) { + $self->logger->debug("Matrix token rejected by $token_issuer"); + return 0; + } + return $uid; +} + +sub validateAudience { + my ( $self, $req, $rp, $target, $requestedTokenType ) = @_; + + if ( $requestedTokenType and $requestedTokenType ne 'access_token' ) { + $self->logger->debug("Requested token isn't declared as access_token"); + return 0; + } + + unless ( $target->{audience} ) { + $target->{rp} = $rp; + return 1; + } + + unless ( $target->{rp} ) { + $self->logger->debug( + "Token exchange request for an unexistent RP $target->{audience}"); + return 0; + } + + return 1 if $target->{rp} eq $rp; + + my $list = + ( $self->oidc->rpOptions->{ $target->{rp} } + ->{oidcRPMetaDataOptionsTokenXAuthorizedRP} // '' ) + . ',' + . ( $self->oidc->rpOptions->{ $target->{rp} } + ->{oidcRPMetaDataOptionsTokenXMatrixAuthorizedRP} // '' ); + unless ( $list and grep { $_ eq $rp } split /[,;\s]+/, $list ) { + $self->logger->debug( + "Token exchange for an unauthorized RP ($rp => $target->{rp})"); + return 0; + } + return 1; +} + +1; diff --git a/lemonldap-ng-portal/t/51-OIDC-Matrix-Offline-Token-Exchange.t b/lemonldap-ng-portal/t/51-OIDC-Matrix-Offline-Token-Exchange.t new file mode 100644 index 0000000000..5d78695688 --- /dev/null +++ b/lemonldap-ng-portal/t/51-OIDC-Matrix-Offline-Token-Exchange.t @@ -0,0 +1,195 @@ +use warnings; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + +BEGIN { + require 't/test-lib.pm'; + require 't/oidc-lib.pm'; +} + +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + if ( $req->env->{HTTP_HOST} =~ /^host\.m\.org/ ) { + if ( $req->path_info eq '/_matrix/federation/v1/openid/userinfo' ) { + if ( $req->query_string eq 'access_token=bbb' ) { + return [ + 200, + [], + [ + JSON::to_json( { + sub => '@french:badwolf.org' + } + ) + ] + ]; + } + else { + return [ 403, [], + ['{"errcode": "M_UNAUTHORIZED", "error": "Bad token"}'] + ]; + } + } + } + if ( $req->env->{HTTP_HOST} =~ /^m\.org/ ) { + return [ + 200, + [], + [ + JSON::to_json( { + 'm.server' => 'host.m.org:678', + } + ) + ] + ]; + } + print STDERR $req->env->{HTTP_HOST} . "\n"; + return [ 404, [], [] ]; + } +); + +sub runTest { + my ( $op, $jwt ) = @_; + Time::Fake->reset; + + my $query; + my $res; + + # Make sure offline session is still valid long after natural session + # expiration time + + Time::Fake->offset("+10d"); + + # Change attribute value + $Lemonldap::NG::Portal::UserDB::Demo::demoAccounts{french}->{cn} = + 'Frédéric Freedom'; + + # Use Matrix token to get an access token + $query = buildForm( { + grant_type => 'urn:ietf:params:oauth:grant-type:token-exchange', + client_id => 'rpid', + subject_token => 'bbb', + scope => 'openid profile email', + audience => 'rpid2', + } + ); + + ok( + $res = $op->_post( + '/oauth2/token', IO::String->new($query), + accept => 'application/json', + length => length($query), + custom => + { HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpid"), } + ), + 'Call /token with Matrix token' + ); + + my $json = expectJSON($res); + + my $access_token = $json->{access_token}; + if ($jwt) { + expectJWT( + $access_token, + name => "Frédéric Freedom", + sub => "customfrench" + ); + } + my $refresh_token2 = $json->{refresh_token}; + my $id_token = $json->{id_token}; + ok( $access_token, "Got refreshed Access token" ); + ok( $id_token, "Got refreshed ID token" ); + + my $id_token_payload = id_token_payload($id_token); + is( + $id_token_payload->{name}, + 'Frédéric Freedom', + 'Found claim in ID token' + ); + ok( ( grep { $_ eq "rpid2" } @{ $id_token_payload->{aud} } ), + 'Check that clientid is in audience' ); + + $json = expectJSON( getUserinfo( $op, $access_token ) ); + + is( $json->{name}, "Frédéric Freedom", "Correct user info" ); + + ## Test introspection of refreshed token #2171 + $json = expectJSON( introspect( $op, 'rpid', $access_token ) ); + + is( $json->{active}, 1, 'Token is active' ); + is( $json->{client_id}, 'rpid2', 'Introspection contains client_id' ); + is( $json->{sub}, 'customfrench', 'Introspection contains sub' ); +} + +my $baseConfig = { + ini => { + domain => 'op.com', + portal => 'http://auth.op.com', + authentication => 'Demo', + timeoutActivity => 3600, + userDB => 'Same', + issuerDBOpenIDConnectActivation => 1, + oidcRPMetaDataExportedVars => { + rp => { + email => "mail", + family_name => "cn", + name => "cn" + }, + rp2 => { + email => "mail", + family_name => "cn", + name => "cn" + }, + }, + oidcRPMetaDataMacros => { + rp => { + custom_sub => '"custom".$uid', + } + }, + oidcRPMetaDataOptions => { + rp => { + oidcRPMetaDataOptionsAccessTokenJWT => 1, + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsClientID => "rpid", + oidcRPMetaDataOptionsAllowOffline => 1, + oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", + oidcRPMetaDataOptionsAccessTokenSignAlg => "RS512", + oidcRPMetaDataOptionsAccessTokenClaims => 1, + oidcRPMetaDataOptionsClientSecret => "rpid", + oidcRPMetaDataOptionsUserIDAttr => "custom_sub", + oidcRPMetaDataOptionsBypassConsent => 1, + oidcRPMetaDataOptionsIDTokenForceClaims => 1, + oidcRPMetaDataOptionsRedirectUris => 'http://test/', + oidcRPMetaDataOptionsMatrixServers => 'm.org', + }, + rp2 => { + oidcRPMetaDataOptionsAccessTokenJWT => 1, + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsClientID => "rpid2", + oidcRPMetaDataOptionsAllowOffline => 1, + oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", + oidcRPMetaDataOptionsAccessTokenSignAlg => "RS512", + oidcRPMetaDataOptionsAccessTokenClaims => 1, + oidcRPMetaDataOptionsClientSecret => "rpid2", + oidcRPMetaDataOptionsUserIDAttr => "custom_sub", + oidcRPMetaDataOptionsBypassConsent => 1, + oidcRPMetaDataOptionsIDTokenForceClaims => 1, + oidcRPMetaDataOptionsRedirectUris => 'http://test/', + oidcRPMetaDataOptionsTokenXAuthorizedRP => 'rp', + }, + }, + oidcServicePrivateKeySig => oidc_key_op_private_sig, + oidcServicePublicKeySig => oidc_cert_op_public_sig, + } +}; + +my $op = LLNG::Manager::Test->new($baseConfig); +runTest($op); + +clean_sessions(); +done_testing(); + diff --git a/lemonldap-ng-portal/t/51-OIDC-Matrix-Online-Token-Exchange.t b/lemonldap-ng-portal/t/51-OIDC-Matrix-Online-Token-Exchange.t new file mode 100644 index 0000000000..2f058b5b24 --- /dev/null +++ b/lemonldap-ng-portal/t/51-OIDC-Matrix-Online-Token-Exchange.t @@ -0,0 +1,205 @@ +use warnings; +use Test::More; +use strict; +use IO::String; +use LWP::UserAgent; +use LWP::Protocol::PSGI; +use MIME::Base64; + +BEGIN { + require 't/test-lib.pm'; + require 't/oidc-lib.pm'; +} + +LWP::Protocol::PSGI->register( + sub { + my $req = Plack::Request->new(@_); + if ( $req->env->{HTTP_HOST} =~ /^host\.m\.org/ ) { + if ( $req->path_info eq '/_matrix/federation/v1/openid/userinfo' ) { + if ( $req->query_string eq 'access_token=bbb' ) { + return [ + 200, + [], + [ + JSON::to_json( { + sub => '@french:badwolf.org' + } + ) + ] + ]; + } + else { + return [ 403, [], + ['{"errcode": "M_UNAUTHORIZED", "error": "Bad token"}'] + ]; + } + } + } + if ( $req->env->{HTTP_HOST} =~ /^m\.org/ ) { + return [ + 200, + [], + [ + JSON::to_json( { + 'm.server' => 'host.m.org:678', + } + ) + ] + ]; + } + print STDERR $req->env->{HTTP_HOST} . "\n"; + return [ 404, [], [] ]; + } +); + +sub checkJWT { + my ($access_token) = @_; + my $payload = expectJWT( + $access_token, + iss => "http://auth.op.com", + name => "Frédéric Accents", + sub => "french", + scope => "openid profile email", + client_id => "rpid", + ); + ok( grep { $_ eq "rpid" } @{ $payload->{aud} }, "rpid is in audience" ); + ok( grep { $_ eq "urn:extra2" } @{ $payload->{aud} }, + "additional audience found" ); + ok( grep { $_ eq "http://my.extra.audience/test" } @{ $payload->{aud} }, + "additional audience found" ); + cmp_ok( $payload->{exp}, ">", time + 1800, "Expiration date sanity check" ); + cmp_ok( $payload->{exp}, "<", time + 7200, "Expiration date sanity check" ); +} + +# Full test case +sub runTest { + my ( $op, $jwt ) = @_; + + Time::Fake->reset; + my ( $res, $query ); + my $idpId = login( $op, "french" ); + + my $code = codeAuthorize( + $op, $idpId, + { + response_type => "code", + scope => "openid profile email", + client_id => "rpid", + state => "af0ifjsldkj", + redirect_uri => "http://test/" + } + ); + + my $json = expectJSON( codeGrant( $op, "rpid", $code, "http://test/" ) ); + my $access_token = $json->{access_token}; + checkJWT($access_token) if ($jwt); + my $refresh_token = $json->{refresh_token}; + my $id_token = $json->{id_token}; + ok( $access_token, "Got access token" ); + ok( $refresh_token, "Got refresh token" ); + ok( $id_token, "Got ID token" ); + + # Use Matrix token to get an access token + $query = buildForm( { + grant_type => 'urn:ietf:params:oauth:grant-type:token-exchange', + client_id => 'rpid', + subject_token => 'bbb', + scope => 'openid profile email', + audience => 'rpid', + } + ); + + ok( + $res = $op->_post( + '/oauth2/token', IO::String->new($query), + accept => 'application/json', + length => length($query), + custom => + { HTTP_AUTHORIZATION => "Basic " . encode_base64("rpid:rpid"), } + ), + 'Call /token with Matrix token' + ); + + # Refresh access token + $json = expectJSON($res); + $access_token = $json->{access_token}; + $id_token = $json->{id_token}; + ok( $access_token, "Got refreshed Access token" ); + ok( $id_token, "Got refreshed ID token" ); + + my $id_token_payload = id_token_payload($id_token); + is( $id_token_payload->{sub}, 'french', 'Found sub in ID token' ); + is( + $id_token_payload->{name}, + 'Frédéric Accents', + 'Found claim in ID token' + ); + + $json = expectJSON( getUserinfo( $op, $access_token ) ); + + ok( $json->{'sub'} eq "french", 'Got User Info' ); + ok( $json->{'name'} eq "Frédéric Accents", 'Got User Info' ); + + # Skip ahead in time again + Time::Fake->offset("+4h"); + + # Verify access token is rejected + $res = getUserinfo( $op, $access_token ); + is( $res->[0], 401, "Access token rejected" ); +} + +my $baseConfig = { + ini => { + domain => 'op.com', + portal => 'http://auth.op.com', + authentication => 'Demo', + userDB => 'Same', + issuerDBOpenIDConnectActivation => 1, + oidcRPMetaDataExportedVars => { + rp => { + email => "mail", + family_name => "cn", + name => "cn" + } + }, + oidcRPMetaDataOptions => { + rp => { + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsClientID => "rpid", + oidcRPMetaDataOptionsAllowOffline => 1, + oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", + oidcRPMetaDataOptionsAccessTokenSignAlg => "RS512", + oidcRPMetaDataOptionsAccessTokenClaims => 1, + oidcRPMetaDataOptionsClientSecret => "rpid", + oidcRPMetaDataOptionsUserIDAttr => "", + oidcRPMetaDataOptionsBypassConsent => 1, + oidcRPMetaDataOptionsRefreshToken => 1, + oidcRPMetaDataOptionsIDTokenForceClaims => 1, + oidcRPMetaDataOptionsAdditionalAudiences => + "http://my.extra.audience/test urn:extra2", + oidcRPMetaDataOptionsRedirectUris => 'http://test/', + oidcRPMetaDataOptionsMatrixServers => 'm.org', + } + }, + oidcServicePrivateKeySig => oidc_key_op_private_sig, + oidcServicePublicKeySig => oidc_cert_op_public_sig, + } +}; + +my $op = LLNG::Manager::Test->new($baseConfig); +runTest($op); + +# Re-run tests with JWT access tokens +$baseConfig->{ini}->{oidcRPMetaDataOptions}->{rp} + ->{oidcRPMetaDataOptionsAccessTokenJWT} = 1; +$op = LLNG::Manager::Test->new($baseConfig); +runTest( $op, 1 ); + +# Re-run tests with activity timeout. +# Make sure Refresh tokens extend session activity +$baseConfig->{ini}->{timeoutActivity} = 7500; +$op = LLNG::Manager::Test->new($baseConfig); +runTest( $op, 1 ); + +clean_sessions(); +done_testing(); -- GitLab From 545238f4534b74f3cc8dd46e7f2576a9c79ee2be Mon Sep 17 00:00:00 2001 From: Yadd Date: Tue, 14 May 2024 07:43:43 +0400 Subject: [PATCH 7/9] Use subject_issuer, not token_issuer and change auth mechanism --- .../lib/Lemonldap/NG/Portal/Main/Plugins.pm | 4 +- .../NG/Portal/Plugins/MatrixTokenExchange.pm | 48 +++++++------------ .../t/51-OIDC-Matrix-Offline-Token-Exchange.t | 43 +++++++++-------- .../t/51-OIDC-Matrix-Online-Token-Exchange.t | 15 +++--- 4 files changed, 49 insertions(+), 61 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm index 795c450c5d..9e51457c1a 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Plugins.pm @@ -49,8 +49,8 @@ our @pList = ( '::Plugins::AuthOidcPkce', 'or::oidcRPMetaDataOptions/*/oidcRPMetaDataOptionsTokenXAuthorizedRP' => '::Plugins::OIDCInternalTokenExchange', - 'or::oidcRPMetaDataOptions/*/oidcRPMetaDataOptionsMatrixServers' => - '::Plugins::MatrixTokenExchange', + 'or::oidcRPMetaDataOptions/*/oidcRPMetaDataOptionsTokenXAuthorizedMatrix' + => '::Plugins::MatrixTokenExchange', ); ##@method list enabledPlugins diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm index b15ef6c1a4..8d0713ae44 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm @@ -10,43 +10,25 @@ with 'Lemonldap::NG::Common::Matrix'; sub getUid { my ( $self, $req, $rp, $subjectToken, $subjectTokenType ) = @_; - # 1. Verify that issuer is allowed - my @issuers = split /[;,\s]+/, - ( $self->oidc->rpOptions->{$rp}->{oidcRPMetaDataOptionsMatrixServers} - || '' ); - if ( $subjectTokenType and $subjectTokenType ne 'access_token' ) { $self->logger->debug( "Matrix given token isn't declared as access_token"); return 0; } - my $token_issuer = $req->param('token_issuer'); - if ($token_issuer) { - unless ( grep { $_ eq $token_issuer || $_ eq '*' } @issuers ) { - $self->logger->debug( - "Token issued from unknown matrix server: $token_issuer"); - return 0; - } - $token_issuer = $self->serverResolve($token_issuer); - } - elsif ( $issuers[0] ne '*' ) { - $token_issuer = $self->serverResolve( $issuers[0] ); - } - else { - $self->logger->debug('Missing token_issuer'); - return 0; - } + my $subject_issuer = $req->param('subject_issuer'); + $subject_issuer = $self->serverResolve($subject_issuer); # 2. Validate Matrix token against given Matrix server $self->logger->debug( - "Token exchange asked for Matrix token $subjectToken on $token_issuer"); + "Token exchange asked for Matrix token $subjectToken on $subject_issuer" + ); my ( $matrixSub, $uid, $domain ) = - $self->validateMatrixToken( $token_issuer, $subjectToken ); + $self->validateMatrixToken( $subject_issuer, $subjectToken ); unless ($matrixSub) { - $self->logger->debug("Matrix token rejected by $token_issuer"); + $self->logger->debug("Matrix token rejected by $subject_issuer"); return 0; } return $uid; @@ -73,15 +55,17 @@ sub validateAudience { return 1 if $target->{rp} eq $rp; - my $list = - ( $self->oidc->rpOptions->{ $target->{rp} } - ->{oidcRPMetaDataOptionsTokenXAuthorizedRP} // '' ) - . ',' - . ( $self->oidc->rpOptions->{ $target->{rp} } - ->{oidcRPMetaDataOptionsTokenXMatrixAuthorizedRP} // '' ); - unless ( $list and grep { $_ eq $rp } split /[,;\s]+/, $list ) { + my $list = $self->oidc->rpOptions->{ $target->{rp} } + ->{oidcRPMetaDataOptionsTokenXAuthorizedMatrix}; + my $subject_issuer = $req->param('subject_issuer'); + unless ($subject_issuer) { + $self->logger->debug('Request without subject_issuer'); + return 0; + } + unless ( $list and grep { $_ eq $subject_issuer } split /[,;\s]+/, $list ) { $self->logger->debug( - "Token exchange for an unauthorized RP ($rp => $target->{rp})"); +"Token exchange for an unauthorized Matrix server ($subject_issuer => $target->{rp})" + ); return 0; } return 1; diff --git a/lemonldap-ng-portal/t/51-OIDC-Matrix-Offline-Token-Exchange.t b/lemonldap-ng-portal/t/51-OIDC-Matrix-Offline-Token-Exchange.t index 5d78695688..c1f2198f79 100644 --- a/lemonldap-ng-portal/t/51-OIDC-Matrix-Offline-Token-Exchange.t +++ b/lemonldap-ng-portal/t/51-OIDC-Matrix-Offline-Token-Exchange.t @@ -70,11 +70,12 @@ sub runTest { # Use Matrix token to get an access token $query = buildForm( { - grant_type => 'urn:ietf:params:oauth:grant-type:token-exchange', - client_id => 'rpid', - subject_token => 'bbb', - scope => 'openid profile email', - audience => 'rpid2', + grant_type => 'urn:ietf:params:oauth:grant-type:token-exchange', + client_id => 'rpid', + subject_token => 'bbb', + subject_issuer => 'm.org', + scope => 'openid profile email offline_access', + audience => 'rpid2', } ); @@ -148,7 +149,10 @@ my $baseConfig = { oidcRPMetaDataMacros => { rp => { custom_sub => '"custom".$uid', - } + }, + rp2 => { + custom_sub => '"custom".$uid', + }, }, oidcRPMetaDataOptions => { rp => { @@ -164,22 +168,21 @@ my $baseConfig = { oidcRPMetaDataOptionsBypassConsent => 1, oidcRPMetaDataOptionsIDTokenForceClaims => 1, oidcRPMetaDataOptionsRedirectUris => 'http://test/', - oidcRPMetaDataOptionsMatrixServers => 'm.org', }, rp2 => { - oidcRPMetaDataOptionsAccessTokenJWT => 1, - oidcRPMetaDataOptionsDisplayName => "RP", - oidcRPMetaDataOptionsClientID => "rpid2", - oidcRPMetaDataOptionsAllowOffline => 1, - oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", - oidcRPMetaDataOptionsAccessTokenSignAlg => "RS512", - oidcRPMetaDataOptionsAccessTokenClaims => 1, - oidcRPMetaDataOptionsClientSecret => "rpid2", - oidcRPMetaDataOptionsUserIDAttr => "custom_sub", - oidcRPMetaDataOptionsBypassConsent => 1, - oidcRPMetaDataOptionsIDTokenForceClaims => 1, - oidcRPMetaDataOptionsRedirectUris => 'http://test/', - oidcRPMetaDataOptionsTokenXAuthorizedRP => 'rp', + oidcRPMetaDataOptionsAccessTokenJWT => 1, + oidcRPMetaDataOptionsDisplayName => "RP", + oidcRPMetaDataOptionsClientID => "rpid2", + oidcRPMetaDataOptionsAllowOffline => 1, + oidcRPMetaDataOptionsIDTokenSignAlg => "HS512", + oidcRPMetaDataOptionsAccessTokenSignAlg => "RS512", + oidcRPMetaDataOptionsAccessTokenClaims => 1, + oidcRPMetaDataOptionsClientSecret => "rpid2", + oidcRPMetaDataOptionsUserIDAttr => "custom_sub", + oidcRPMetaDataOptionsBypassConsent => 1, + oidcRPMetaDataOptionsIDTokenForceClaims => 1, + oidcRPMetaDataOptionsRedirectUris => 'http://test/', + oidcRPMetaDataOptionsTokenXAuthorizedMatrix => 'm.org', }, }, oidcServicePrivateKeySig => oidc_key_op_private_sig, diff --git a/lemonldap-ng-portal/t/51-OIDC-Matrix-Online-Token-Exchange.t b/lemonldap-ng-portal/t/51-OIDC-Matrix-Online-Token-Exchange.t index 2f058b5b24..51d5ac2d09 100644 --- a/lemonldap-ng-portal/t/51-OIDC-Matrix-Online-Token-Exchange.t +++ b/lemonldap-ng-portal/t/51-OIDC-Matrix-Online-Token-Exchange.t @@ -101,11 +101,12 @@ sub runTest { # Use Matrix token to get an access token $query = buildForm( { - grant_type => 'urn:ietf:params:oauth:grant-type:token-exchange', - client_id => 'rpid', - subject_token => 'bbb', - scope => 'openid profile email', - audience => 'rpid', + grant_type => 'urn:ietf:params:oauth:grant-type:token-exchange', + client_id => 'rpid', + subject_token => 'bbb', + subject_issuer => 'm.org', + scope => 'openid profile email', + audience => 'rpid', } ); @@ -177,8 +178,8 @@ my $baseConfig = { oidcRPMetaDataOptionsIDTokenForceClaims => 1, oidcRPMetaDataOptionsAdditionalAudiences => "http://my.extra.audience/test urn:extra2", - oidcRPMetaDataOptionsRedirectUris => 'http://test/', - oidcRPMetaDataOptionsMatrixServers => 'm.org', + oidcRPMetaDataOptionsRedirectUris => 'http://test/', + oidcRPMetaDataOptionsTokenXAuthorizedMatrix => 'm.org', } }, oidcServicePrivateKeySig => oidc_key_op_private_sig, -- GitLab From fcf1af534ca5422e10e1271aec638abb4522ffa9 Mon Sep 17 00:00:00 2001 From: Yadd Date: Tue, 14 May 2024 07:44:22 +0400 Subject: [PATCH 8/9] Add oidcRPMetaDataOptionsTokenXAuthorizedMatrix parameter --- .../lib/Lemonldap/NG/Common/Conf/ReConstants.pm | 2 +- .../lib/Lemonldap/NG/Manager/Attributes.pm | 3 +++ .../lib/Lemonldap/NG/Manager/Build/Attributes.pm | 9 +++++++-- .../lib/Lemonldap/NG/Manager/Build/CTrees.pm | 1 + lemonldap-ng-manager/site/htdocs/static/js/conftree.js | 5 +++++ .../site/htdocs/static/js/conftree.min.js | 2 +- .../site/htdocs/static/js/conftree.min.js.map | 2 +- .../site/htdocs/static/languages/ar.json | 1 + .../site/htdocs/static/languages/en.json | 1 + .../site/htdocs/static/languages/es.json | 1 + .../site/htdocs/static/languages/fr.json | 1 + .../site/htdocs/static/languages/he.json | 1 + .../site/htdocs/static/languages/it.json | 1 + .../site/htdocs/static/languages/pl.json | 1 + .../site/htdocs/static/languages/pt.json | 1 + .../site/htdocs/static/languages/pt_BR.json | 1 + .../site/htdocs/static/languages/ru.json | 1 + .../site/htdocs/static/languages/tr.json | 1 + .../site/htdocs/static/languages/vi.json | 1 + .../site/htdocs/static/languages/zh.json | 1 + .../site/htdocs/static/languages/zh_TW.json | 1 + 21 files changed, 33 insertions(+), 5 deletions(-) diff --git a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm index 5a9ab00cc8..3eaf973ab7 100644 --- a/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm +++ b/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm @@ -27,7 +27,7 @@ our $specialNodeKeys = '(?:(?:(?:saml(?:ID|S)|oidc[OR])P|cas(?:App|Srv))MetaData our $casAppMetaDataNodeKeys = 'casAppMetaData(?:Options(?:(?:UserAttribut|DisplayNam|Servic|Rul)e|(?:Commen|Logou)t|AuthnLevel)|(?:ExportedVar|Macro)s)'; our $casSrvMetaDataNodeKeys = 'casSrvMetaData(?:Options(?:Re(?:solutionRule|new)|ProxiedServices|DisplayName|SortNumber|Comment|Gateway|Tooltip|Icon|Url)|ExportedVars)'; our $oidcOPMetaDataNodeKeys = 'oidcOPMetaData(?:Options(?:C(?:o(?:nfigurationURI|mment)|lient(?:Secret|ID)|heckJWTSignature)|A(?:uthnEndpointAuth(?:Method|SigAlg)|crValues)|(?:Re(?:solutionRul|quirePkc)|MaxAg)e|U(?:se(?:rAttribut|Nonc)e|iLocales)|To(?:kenEndpointAuthMethod|oltip)|S(?:toreIDToken|ortNumber|cope)|(?:JWKSTimeou|Promp)t|I(?:DTokenMaxAge|con)|Display(?:Name)?)|ExportedVars|J(?:SON|WKS))'; -our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:uth(?:n(?:Require(?:Nonc|Stat)e|Level)|orizationCodeExpiration|RequiredForAuthorize|Method)|ccessToken(?:E(?:nc(?:ContentEnc|KeyMgt)Alg|xpiration)|SignAlg|Claims|JWT)|llow(?:(?:ClientCredentials|Password)Grant|Offline)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|dTokenEnc(?:ContentEnc|KeyMgt)Alg|con)|User(?:I(?:nfo(?:Enc(?:ContentEnc|KeyMgt)|Sign)Alg|DAttr)|infoRequireHeaderToken)|Logout(?:Enc(?:ContentEnc|KeyMgt)Alg|SessionRequired|BypassConfirm|Type|Url)|R(?:e(?:qu(?:estUris|irePKCE)|directUris|freshToken)|ule)|P(?:ostLogoutRedirectUris|ublic)|C(?:lient(?:Secret|ID)|omment)|OfflineSessionExpiration|TokenXAuthorizedRP|BypassConsent|Jwks(?:Uri)?|DisplayName|ExtraClaims)|(?:ExportedVar|ScopeRule|Macro)s)'; +our $oidcRPMetaDataNodeKeys = 'oidcRPMetaData(?:Options(?:A(?:uth(?:n(?:Require(?:Nonc|Stat)e|Level)|orizationCodeExpiration|RequiredForAuthorize|Method)|ccessToken(?:E(?:nc(?:ContentEnc|KeyMgt)Alg|xpiration)|SignAlg|Claims|JWT)|llow(?:(?:ClientCredentials|Password)Grant|Offline)|dditionalAudiences)|I(?:DToken(?:ForceClaims|Expiration|SignAlg)|dTokenEnc(?:ContentEnc|KeyMgt)Alg|con)|User(?:I(?:nfo(?:Enc(?:ContentEnc|KeyMgt)|Sign)Alg|DAttr)|infoRequireHeaderToken)|Logout(?:Enc(?:ContentEnc|KeyMgt)Alg|SessionRequired|BypassConfirm|Type|Url)|R(?:e(?:qu(?:estUris|irePKCE)|directUris|freshToken)|ule)|P(?:ostLogoutRedirectUris|ublic)|C(?:lient(?:Secret|ID)|omment)|TokenXAuthorized(?:Matrix|RP)|OfflineSessionExpiration|BypassConsent|Jwks(?:Uri)?|DisplayName|ExtraClaims)|(?:ExportedVar|ScopeRule|Macro)s)'; our $samlIDPMetaDataNodeKeys = 'samlIDPMetaData(?:Options(?:S(?:ign(?:S[LS]OMessage|atureMethod)|toreSAMLToken|[LS]OBinding|ortNumber)|C(?:heck(?:S[LS]OMessageSignatur|Audienc|Tim)e|omment)|Re(?:questedAuthnContext|solutionRule|layStateURL)|(?:EncryptionMod|UserAttribut|DisplayNam)e|F(?:orce(?:Authn|UTF8)|ederationEntityID)|A(?:daptSessionUtime|llowLoginFromIDP)|I(?:sPassive|con)|NameIDFormat|Tooltip)|ExportedAttributes|XML)'; our $samlSPMetaDataNodeKeys = 'samlSPMetaData(?:Options(?:F(?:ederation(?:(?:Optional|Required)Attributes|EntityID)|orceUTF8)|S(?:ign(?:S[LS]OMessage|atureMethod)|essionNotOnOrAfterTimeout)|N(?:ameID(?:SessionKey|Format)|otOnOrAfterTimeout)|C(?:heckS[LS]OMessageSignature|omment)|En(?:ableIDPInitiatedURL|cryptionMode)|(?:OneTimeUs|Rul)e|AuthnLevel)|(?:ExportedAttribute|Macro)s|XML)'; our $virtualHostKeys = '(?:vhost(?:A(?:ccessToTrace|uthnLevel|liases)|(?:Maintenanc|Typ)e|(?:Commen|Por)t|ServiceTokenTTL|DevOpsRulesUrl|Https)|(?:exportedHeader|locationRule)s|post)'; diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm index c4458129a1..2e3f628cf8 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm @@ -3119,6 +3119,9 @@ m[^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: }, 'type' => 'text' }, + 'oidcRPMetaDataOptionsTokenXAuthorizedMatrix' => { + 'type' => 'text' + }, 'oidcRPMetaDataOptionsTokenXAuthorizedRP' => { 'type' => 'text' }, diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm index 64d2cecef1..aee7c1ecb9 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm @@ -3771,8 +3771,8 @@ sub attributes { documentation => 'Available second factor modules', }, available2FSelfRegistration => { - type => 'text', - default => join( ',', qw/Password TOTP WebAuthn Yubikey/ ), + type => 'text', + default => join( ',', qw/Password TOTP WebAuthn Yubikey/ ), documentation => 'Available self-registration modules for second factor', }, @@ -5194,6 +5194,11 @@ m{^(?:ldapi://[^/]*/?|\w[\w\-\.]*(?::\d{1,5})?|ldap(?:s|\+tls)?://\w[\w\-\.]*(?: documentation => 'List of RP authorized to query for an access_token of this RP', }, + oidcRPMetaDataOptionsTokenXAuthorizedMatrix => { + type => 'text', + documentation => +'List of Matrix servers authorized to query for an access_token of this RP', + }, }; } diff --git a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm index 6b214483f5..7dbc6fe25d 100644 --- a/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm +++ b/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/CTrees.pm @@ -246,6 +246,7 @@ sub cTrees { 'oidcRPMetaDataOptionsUserIDAttr', 'oidcRPMetaDataOptionsAdditionalAudiences', 'oidcRPMetaDataOptionsTokenXAuthorizedRP', + 'oidcRPMetaDataOptionsTokenXAuthorizedMatrix', ] }, { diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js index 68a573dc87..30541c83d2 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.js @@ -660,6 +660,11 @@ function templates(tpl,key) { "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsTokenXAuthorizedRP", "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsTokenXAuthorizedRP", "title" : "oidcRPMetaDataOptionsTokenXAuthorizedRP" + }, + { + "get" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsTokenXAuthorizedMatrix", + "id" : tpl+"s/"+key+"/"+"oidcRPMetaDataOptionsTokenXAuthorizedMatrix", + "title" : "oidcRPMetaDataOptionsTokenXAuthorizedMatrix" } ], "id" : "oidcRPMetaDataOptionsAdvanced", diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js index 188c96bb6c..7a13096066 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js @@ -1 +1 @@ -function templates(t,e){switch(t){case"casAppMetaDataNode":return[{cnodes:t+"s/"+e+"/casAppMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+e+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+e+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+e+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/casAppMetaDataOptionsService",id:t+"s/"+e+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"},{get:t+"s/"+e+"/casAppMetaDataOptionsUserAttribute",id:t+"s/"+e+"/casAppMetaDataOptionsUserAttribute",title:"casAppMetaDataOptionsUserAttribute"},{default:-1,get:t+"s/"+e+"/casAppMetaDataOptionsLogout",id:t+"s/"+e+"/casAppMetaDataOptionsLogout",title:"casAppMetaDataOptionsLogout",type:"trool"},{get:t+"s/"+e+"/casAppMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/casAppMetaDataOptionsAuthnLevel",title:"casAppMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/casAppMetaDataOptionsRule",id:t+"s/"+e+"/casAppMetaDataOptionsRule",title:"casAppMetaDataOptionsRule"},{get:t+"s/"+e+"/casAppMetaDataOptionsComment",id:t+"s/"+e+"/casAppMetaDataOptionsComment",title:"casAppMetaDataOptionsComment",type:"longtext"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/casAppMetaDataOptionsDisplayName",id:t+"s/"+e+"/casAppMetaDataOptionsDisplayName",title:"casAppMetaDataOptionsDisplayName"}],id:"casAppMetaDataOptionsDisplay",title:"casAppMetaDataOptionsDisplay",type:"simpleInputContainer"},{cnodes:t+"s/"+e+"/casAppMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/casAppMetaDataMacros",title:"casAppMetaDataMacros",type:"keyTextContainer"}];case"casSrvMetaDataNode":return[{cnodes:t+"s/"+e+"/casSrvMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+e+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+e+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+e+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/casSrvMetaDataOptionsProxiedServices",id:t+"s/"+e+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/casSrvMetaDataOptionsUrl",id:t+"s/"+e+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{default:0,get:t+"s/"+e+"/casSrvMetaDataOptionsRenew",id:t+"s/"+e+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{default:0,get:t+"s/"+e+"/casSrvMetaDataOptionsGateway",id:t+"s/"+e+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"},{get:t+"s/"+e+"/casSrvMetaDataOptionsComment",id:t+"s/"+e+"/casSrvMetaDataOptionsComment",title:"casSrvMetaDataOptionsComment",type:"longtext"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/casSrvMetaDataOptionsDisplayName",id:t+"s/"+e+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/casSrvMetaDataOptionsIcon",id:t+"s/"+e+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"},{get:t+"s/"+e+"/casSrvMetaDataOptionsTooltip",id:t+"s/"+e+"/casSrvMetaDataOptionsTooltip",title:"casSrvMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/casSrvMetaDataOptionsResolutionRule",id:t+"s/"+e+"/casSrvMetaDataOptionsResolutionRule",title:"casSrvMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/casSrvMetaDataOptionsSortNumber",id:t+"s/"+e+"/casSrvMetaDataOptionsSortNumber",title:"casSrvMetaDataOptionsSortNumber",type:"intOrNull"}],id:"casSrvMetaDataOptionsDisplay",title:"casSrvMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"oidcOPMetaDataNode":return[{get:t+"s/"+e+"/oidcOPMetaDataJSON",id:t+"s/"+e+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:t+"s/"+e+"/oidcOPMetaDataJWKS",id:t+"s/"+e+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:t+"s/"+e+"/oidcOPMetaDataExportedVars",default:[{data:"name",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+e+"/oidcOPMetaDataOptionsConfigurationURI",id:t+"s/"+e+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsJWKSTimeout",id:t+"s/"+e+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsClientID",id:t+"s/"+e+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsClientSecret",id:t+"s/"+e+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsStoreIDToken",id:t+"s/"+e+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsUserAttribute",id:t+"s/"+e+"/oidcOPMetaDataOptionsUserAttribute",title:"oidcOPMetaDataOptionsUserAttribute"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsRequirePkce",id:t+"s/"+e+"/oidcOPMetaDataOptionsRequirePkce",title:"oidcOPMetaDataOptionsRequirePkce",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{default:"openid profile",get:t+"s/"+e+"/oidcOPMetaDataOptionsScope",id:t+"s/"+e+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{default:"",get:t+"s/"+e+"/oidcOPMetaDataOptionsDisplay",id:t+"s/"+e+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsPrompt",id:t+"s/"+e+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsMaxAge",id:t+"s/"+e+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsUiLocales",id:t+"s/"+e+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsAcrValues",id:t+"s/"+e+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{default:"get",get:t+"s/"+e+"/oidcOPMetaDataOptionsAuthnEndpointAuthMethod",id:t+"s/"+e+"/oidcOPMetaDataOptionsAuthnEndpointAuthMethod",select:[{k:"",v:"None"},{k:"jws",v:"Signed JWT"}],title:"oidcOPMetaDataOptionsAuthnEndpointAuthMethod",type:"select"},{default:"RS256",get:t+"s/"+e+"/oidcOPMetaDataOptionsAuthnEndpointAuthSigAlg",id:t+"s/"+e+"/oidcOPMetaDataOptionsAuthnEndpointAuthSigAlg",select:[{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"},{k:"PS256",v:"PS256"},{k:"PS384",v:"PS384"},{k:"PS512",v:"PS512"},{k:"ES256",v:"ES256"},{k:"ES384",v:"ES384"},{k:"ES512",v:"ES512"},{k:"EdDSA",v:"EdDSA"}],title:"oidcOPMetaDataOptionsAuthnEndpointAuthSigAlg",type:"select"},{default:"client_secret_post",get:t+"s/"+e+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:t+"s/"+e+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"},{k:"client_secret_jwt",v:"client_secret_jwt"},{k:"private_key_jwt",v:"private_key_jwt"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{default:1,get:t+"s/"+e+"/oidcOPMetaDataOptionsCheckJWTSignature",id:t+"s/"+e+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{default:30,get:t+"s/"+e+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:t+"s/"+e+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{default:1,get:t+"s/"+e+"/oidcOPMetaDataOptionsUseNonce",id:t+"s/"+e+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsComment",id:t+"s/"+e+"/oidcOPMetaDataOptionsComment",title:"oidcOPMetaDataOptionsComment",type:"longtext"}],help:"authopenidconnect.html#options",id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"},{_nodes:[{get:t+"s/"+e+"/oidcOPMetaDataOptionsDisplayName",id:t+"s/"+e+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsIcon",id:t+"s/"+e+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsTooltip",id:t+"s/"+e+"/oidcOPMetaDataOptionsTooltip",title:"oidcOPMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/oidcOPMetaDataOptionsResolutionRule",id:t+"s/"+e+"/oidcOPMetaDataOptionsResolutionRule",title:"oidcOPMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsSortNumber",id:t+"s/"+e+"/oidcOPMetaDataOptionsSortNumber",title:"oidcOPMetaDataOptionsSortNumber",type:"intOrNull"}],help:"authopenidconnect.html#display",id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}];case"oidcRPMetaDataNode":return[{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsPublic",id:t+"s/"+e+"/oidcRPMetaDataOptionsPublic",title:"oidcRPMetaDataOptionsPublic",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsClientID",id:t+"s/"+e+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsClientSecret",id:t+"s/"+e+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRedirectUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"}],help:"idpopenidconnect.html#basic-options",id:"oidcRPMetaDataOptionsBasic",title:"oidcRPMetaDataOptionsBasic",type:"simpleInputContainer"},{cnodes:t+"s/"+e+"/oidcRPMetaDataExportedVars",default:[{data:["mail","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/email",title:"email",type:"oidcAttribute"},{data:["cn","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/name",title:"name",type:"oidcAttribute"},{data:["uid","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/preferred_username",title:"preferred_username",type:"oidcAttribute"}],help:"idpopenidconnect.html#exported-attributes",id:t+"s/"+e+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"oidcAttributeContainer"},{_nodes:[{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsBypassConsent",id:t+"s/"+e+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenForceClaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenForceClaims",title:"oidcRPMetaDataOptionsIDTokenForceClaims",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenJWT",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenJWT",title:"oidcRPMetaDataOptionsAccessTokenJWT",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenClaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenClaims",title:"oidcRPMetaDataOptionsAccessTokenClaims",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsRefreshToken",id:t+"s/"+e+"/oidcRPMetaDataOptionsRefreshToken",title:"oidcRPMetaDataOptionsRefreshToken",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsUserIDAttr",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAdditionalAudiences",id:t+"s/"+e+"/oidcRPMetaDataOptionsAdditionalAudiences",title:"oidcRPMetaDataOptionsAdditionalAudiences"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsTokenXAuthorizedRP",id:t+"s/"+e+"/oidcRPMetaDataOptionsTokenXAuthorizedRP",title:"oidcRPMetaDataOptionsTokenXAuthorizedRP"}],id:"oidcRPMetaDataOptionsAdvanced",title:"oidcRPMetaDataOptionsAdvanced",type:"simpleInputContainer"},{_nodes:[{cnodes:t+"s/"+e+"/oidcRPMetaDataOptionsExtraClaims",default:[],help:"idpopenidconnect.html#oidcextraclaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/oidcRPMetaDataScopeRules",default:[],help:"idpopenidconnect.html#scope-rules",id:t+"s/"+e+"/oidcRPMetaDataScopeRules",title:"oidcRPMetaDataScopeRules",type:"keyTextContainer"}],id:"oidcRPMetaDataOptionsScopes",title:"oidcRPMetaDataOptionsScopes"},{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsRequirePKCE",id:t+"s/"+e+"/oidcRPMetaDataOptionsRequirePKCE",title:"oidcRPMetaDataOptionsRequirePKCE",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowOffline",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowOffline",title:"oidcRPMetaDataOptionsAllowOffline",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowPasswordGrant",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowPasswordGrant",title:"oidcRPMetaDataOptionsAllowPasswordGrant",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",title:"oidcRPMetaDataOptionsAllowClientCredentialsGrant",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRequestUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsRequestUris",title:"oidcRPMetaDataOptionsRequestUris"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnLevel",title:"oidcRPMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRule",id:t+"s/"+e+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthMethod",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthMethod",select:[{k:"",v:"Any"},{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"},{k:"client_secret_jwt",v:"client_secret_jwt"},{k:"private_key_jwt",v:"private_key_jwt"}],title:"oidcRPMetaDataOptionsAuthMethod",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthRequiredForAuthorize",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthRequiredForAuthorize",title:"oidcRPMetaDataOptionsAuthRequiredForAuthorize",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnRequireState",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnRequireState",title:"oidcRPMetaDataOptionsAuthnRequireState",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnRequireNonce",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnRequireNonce",title:"oidcRPMetaDataOptionsAuthnRequireNonce",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsUserinfoRequireHeaderToken",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserinfoRequireHeaderToken",title:"oidcRPMetaDataOptionsUserinfoRequireHeaderToken",type:"bool"}],id:"security",title:"security",type:"simpleInputContainer"},{_nodes:[{default:"RS256",get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"},{k:"PS256",v:"PS256"},{k:"PS384",v:"PS384"},{k:"PS512",v:"PS512"},{k:"ES256",v:"ES256"},{k:"ES384",v:"ES384"},{k:"ES512",v:"ES512"},{k:"EdDSA",v:"EdDSA"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{default:"RS256",get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenSignAlg",select:[{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"},{k:"PS256",v:"PS256"},{k:"PS384",v:"PS384"},{k:"PS512",v:"PS512"},{k:"ES256",v:"ES256"},{k:"ES384",v:"ES384"},{k:"ES512",v:"ES512"},{k:"EdDSA",v:"EdDSA"}],title:"oidcRPMetaDataOptionsAccessTokenSignAlg",type:"select"},{default:"",get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoSignAlg",select:[{k:"",v:"JSON"},{k:"none",v:"JWT/None"},{k:"HS256",v:"JWT/HS256"},{k:"HS384",v:"JWT/HS384"},{k:"HS512",v:"JWT/HS512"},{k:"RS256",v:"JWT/RS256"},{k:"RS384",v:"JWT/RS384"},{k:"RS512",v:"JWT/RS512"},{k:"PS256",v:"JWT/PS256"},{k:"PS384",v:"JWT/PS384"},{k:"PS512",v:"JWT/PS512"},{k:"ES256",v:"JWT/ES256"},{k:"ES384",v:"JWT/ES384"},{k:"ES512",v:"JWT/ES512"},{k:"EdDSA",v:"JWT/EdDSA"}],title:"oidcRPMetaDataOptionsUserInfoSignAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsIdTokenEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsUserInfoEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsLogoutEncContentEncAlg",type:"select"}],id:"algorithms",title:"algorithms",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/oidcRPMetaDataOptionsJwksUri",help:"idpopenidconnect.html",id:t+"s/"+e+"/oidcRPMetaDataOptionsJwksUri",title:"oidcRPMetaDataOptionsJwksUri"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsJwks",id:t+"s/"+e+"/oidcRPMetaDataOptionsJwks",title:"oidcRPMetaDataOptionsJwks",type:"file"}],id:"keys",title:"keys"},{_nodes:[{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",title:"oidcRPMetaDataOptionsAuthorizationCodeExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsOfflineSessionExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsOfflineSessionExpiration",title:"oidcRPMetaDataOptionsOfflineSessionExpiration",type:"intOrNull"}],id:"oidcRPMetaDataOptionsTimeouts",title:"oidcRPMetaDataOptionsTimeouts",type:"simpleInputContainer"},{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutBypassConfirm",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutBypassConfirm",title:"oidcRPMetaDataOptionsLogoutBypassConfirm",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"},{default:"front",get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutType",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"},{k:"back",v:"Back Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutUrl",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",title:"oidcRPMetaDataOptionsPostLogoutRedirectUris"}],id:"logout",title:"logout",type:"simpleInputContainer"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsComment",id:t+"s/"+e+"/oidcRPMetaDataOptionsComment",title:"oidcRPMetaDataOptionsComment",type:"longtext"}],help:"idpopenidconnect.html#options",id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{cnodes:t+"s/"+e+"/oidcRPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/oidcRPMetaDataMacros",title:"oidcRPMetaDataMacros",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/oidcRPMetaDataOptionsDisplayName",id:t+"s/"+e+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIcon",id:t+"s/"+e+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],help:"idpopenidconnect.html#display",id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlIDPMetaDataNode":return[{get:t+"s/"+e+"/samlIDPMetaDataXML",id:t+"s/"+e+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:t+"s/"+e+"/samlIDPMetaDataExportedAttributes",default:[],help:"authsaml.html#exported-attributes",id:t+"s/"+e+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:t+"s/"+e+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsForceUTF8",id:t+"s/"+e+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsStoreSAMLToken",id:t+"s/"+e+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsUserAttribute",id:t+"s/"+e+"/samlIDPMetaDataOptionsUserAttribute",title:"samlIDPMetaDataOptionsUserAttribute"}],help:"authsaml.html#session",id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSignatureMethod",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlIDPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+e+"/samlIDPMetaDataOptionsSignSSOMessage",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+e+"/samlIDPMetaDataOptionsSignSLOMessage",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],help:"authsaml.html#signature",id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSSOBinding",id:t+"s/"+e+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSLOBinding",id:t+"s/"+e+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],help:"authsaml.html#binding",id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+e+"/samlIDPMetaDataOptionsEncryptionMode",id:t+"s/"+e+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckTime",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckAudience",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],help:"authsaml.html#security",id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsNameIDFormat",id:t+"s/"+e+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsForceAuthn",id:t+"s/"+e+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsIsPassive",id:t+"s/"+e+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:t+"s/"+e+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:t+"s/"+e+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsRelayStateURL",id:t+"s/"+e+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"},{_nodes:[{get:t+"s/"+e+"/samlIDPMetaDataOptionsFederationEntityID",id:t+"s/"+e+"/samlIDPMetaDataOptionsFederationEntityID",title:"samlIDPMetaDataOptionsFederationEntityID"}],id:"samlIDPMetaDataOptionsFederation",title:"samlIDPMetaDataOptionsFederation",type:"simpleInputContainer"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsComment",id:t+"s/"+e+"/samlIDPMetaDataOptionsComment",title:"samlIDPMetaDataOptionsComment",type:"longtext"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions"},{_nodes:[{get:t+"s/"+e+"/samlIDPMetaDataOptionsDisplayName",id:t+"s/"+e+"/samlIDPMetaDataOptionsDisplayName",title:"samlIDPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsIcon",id:t+"s/"+e+"/samlIDPMetaDataOptionsIcon",title:"samlIDPMetaDataOptionsIcon"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsTooltip",id:t+"s/"+e+"/samlIDPMetaDataOptionsTooltip",title:"samlIDPMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsResolutionRule",id:t+"s/"+e+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsSortNumber",id:t+"s/"+e+"/samlIDPMetaDataOptionsSortNumber",title:"samlIDPMetaDataOptionsSortNumber",type:"intOrNull"}],help:"authsaml.html#display",id:"samlIDPMetaDataOptionsDisplay",title:"samlIDPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:t+"s/"+e+"/samlSPMetaDataXML",id:t+"s/"+e+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:t+"s/"+e+"/samlSPMetaDataExportedAttributes",default:[],help:"idpsaml.html#exported-attributes",id:t+"s/"+e+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsNameIDFormat",id:t+"s/"+e+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:t+"s/"+e+"/samlSPMetaDataOptionsNameIDSessionKey",id:t+"s/"+e+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{default:0,get:t+"s/"+e+"/samlSPMetaDataOptionsOneTimeUse",id:t+"s/"+e+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{default:72e3,get:t+"s/"+e+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:t+"s/"+e+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{default:72e3,get:t+"s/"+e+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:t+"s/"+e+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsForceUTF8",id:t+"s/"+e+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsSignatureMethod",id:t+"s/"+e+"/samlSPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlSPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+e+"/samlSPMetaDataOptionsSignSSOMessage",id:t+"s/"+e+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+e+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+e+"/samlSPMetaDataOptionsSignSLOMessage",id:t+"s/"+e+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+e+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+e+"/samlSPMetaDataOptionsEncryptionMode",id:t+"s/"+e+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{default:0,get:t+"s/"+e+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:t+"s/"+e+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:t+"s/"+e+"/samlSPMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/samlSPMetaDataOptionsAuthnLevel",title:"samlSPMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/samlSPMetaDataOptionsRule",id:t+"s/"+e+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/samlSPMetaDataOptionsFederationEntityID",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationEntityID",title:"samlSPMetaDataOptionsFederationEntityID"},{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsFederationOptionalAttributes",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationOptionalAttributes",select:[{k:"",v:"keep"},{k:"ignore",v:"ignore"}],title:"samlSPMetaDataOptionsFederationOptionalAttributes",type:"select"},{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsFederationRequiredAttributes",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationRequiredAttributes",select:[{k:"",v:"keep"},{k:"optional",v:"makeoptional"},{k:"ignore",v:"ignore"}],title:"samlSPMetaDataOptionsFederationRequiredAttributes",type:"select"}],id:"samlSPMetaDataOptionsFederation",title:"samlSPMetaDataOptionsFederation",type:"simpleInputContainer"},{get:t+"s/"+e+"/samlSPMetaDataOptionsComment",id:t+"s/"+e+"/samlSPMetaDataOptionsComment",title:"samlSPMetaDataOptionsComment",type:"longtext"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"},{cnodes:t+"s/"+e+"/samlSPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/samlSPMetaDataMacros",title:"samlSPMetaDataMacros",type:"keyTextContainer"}];case"virtualHost":return[{cnodes:t+"s/"+e+"/locationRules",default:[{data:"deny",id:t+"s/"+e+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:t+"s/"+e+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:t+"s/"+e+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:t+"s/"+e+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/post",help:"formreplay.html",id:t+"s/"+e+"/post",title:"post",type:"postContainer"},{_nodes:[{default:-1,get:t+"s/"+e+"/vhostPort",id:t+"s/"+e+"/vhostPort",title:"vhostPort",type:"int"},{default:-1,get:t+"s/"+e+"/vhostHttps",id:t+"s/"+e+"/vhostHttps",title:"vhostHttps",type:"trool"},{default:0,get:t+"s/"+e+"/vhostMaintenance",id:t+"s/"+e+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{default:"",get:t+"s/"+e+"/vhostAliases",id:t+"s/"+e+"/vhostAliases",title:"vhostAliases"},{default:"",get:t+"s/"+e+"/vhostAccessToTrace",id:t+"s/"+e+"/vhostAccessToTrace",title:"vhostAccessToTrace"},{get:t+"s/"+e+"/vhostAuthnLevel",id:t+"s/"+e+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"intOrNull"},{default:"Main",get:t+"s/"+e+"/vhostType",id:t+"s/"+e+"/vhostType",select:[{k:"AuthBasic",v:"AuthBasic"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"DevOpsST",v:"DevOpsST"},{k:"DevOpsCDA",v:"DevOpsCDA"},{k:"Main",v:"Main"},{k:"OAuth2",v:"OAuth2"},{k:"SecureToken",v:"SecureToken"},{k:"ServiceToken",v:"ServiceToken"},{k:"ZimbraPreAuth",v:"ZimbraPreAuth"}],title:"vhostType",type:"select"},{get:t+"s/"+e+"/vhostDevOpsRulesUrl",id:t+"s/"+e+"/vhostDevOpsRulesUrl",title:"vhostDevOpsRulesUrl"},{default:-1,get:t+"s/"+e+"/vhostServiceTokenTTL",id:t+"s/"+e+"/vhostServiceTokenTTL",title:"vhostServiceTokenTTL",type:"int"},{default:"",get:t+"s/"+e+"/vhostComment",id:t+"s/"+e+"/vhostComment",title:"vhostComment",type:"longtext"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions",type:"simpleInputContainer"}];default:return[]}}function setScopeVars(t){t.portal=t.data[0]._nodes[0]._nodes[0],t.getKey(t.portal),t.domain=t.data[0]._nodes[4]._nodes[1],t.getKey(t.domain)} \ No newline at end of file +function templates(t,e){switch(t){case"casAppMetaDataNode":return[{cnodes:t+"s/"+e+"/casAppMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+e+"/casAppMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+e+"/casAppMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+e+"/casAppMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/casAppMetaDataExportedVars",title:"casAppMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/casAppMetaDataOptionsService",id:t+"s/"+e+"/casAppMetaDataOptionsService",title:"casAppMetaDataOptionsService"},{get:t+"s/"+e+"/casAppMetaDataOptionsUserAttribute",id:t+"s/"+e+"/casAppMetaDataOptionsUserAttribute",title:"casAppMetaDataOptionsUserAttribute"},{default:-1,get:t+"s/"+e+"/casAppMetaDataOptionsLogout",id:t+"s/"+e+"/casAppMetaDataOptionsLogout",title:"casAppMetaDataOptionsLogout",type:"trool"},{get:t+"s/"+e+"/casAppMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/casAppMetaDataOptionsAuthnLevel",title:"casAppMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/casAppMetaDataOptionsRule",id:t+"s/"+e+"/casAppMetaDataOptionsRule",title:"casAppMetaDataOptionsRule"},{get:t+"s/"+e+"/casAppMetaDataOptionsComment",id:t+"s/"+e+"/casAppMetaDataOptionsComment",title:"casAppMetaDataOptionsComment",type:"longtext"}],id:"casAppMetaDataOptions",title:"casAppMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/casAppMetaDataOptionsDisplayName",id:t+"s/"+e+"/casAppMetaDataOptionsDisplayName",title:"casAppMetaDataOptionsDisplayName"}],id:"casAppMetaDataOptionsDisplay",title:"casAppMetaDataOptionsDisplay",type:"simpleInputContainer"},{cnodes:t+"s/"+e+"/casAppMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/casAppMetaDataMacros",title:"casAppMetaDataMacros",type:"keyTextContainer"}];case"casSrvMetaDataNode":return[{cnodes:t+"s/"+e+"/casSrvMetaDataExportedVars",default:[{data:"cn",id:t+"s/"+e+"/casSrvMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"mail",id:t+"s/"+e+"/casSrvMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"uid",id:t+"s/"+e+"/casSrvMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/casSrvMetaDataExportedVars",title:"casSrvMetaDataExportedVars",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/casSrvMetaDataOptionsProxiedServices",id:t+"s/"+e+"/casSrvMetaDataOptionsProxiedServices",title:"casSrvMetaDataOptionsProxiedServices",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/casSrvMetaDataOptionsUrl",id:t+"s/"+e+"/casSrvMetaDataOptionsUrl",title:"casSrvMetaDataOptionsUrl"},{default:0,get:t+"s/"+e+"/casSrvMetaDataOptionsRenew",id:t+"s/"+e+"/casSrvMetaDataOptionsRenew",title:"casSrvMetaDataOptionsRenew",type:"bool"},{default:0,get:t+"s/"+e+"/casSrvMetaDataOptionsGateway",id:t+"s/"+e+"/casSrvMetaDataOptionsGateway",title:"casSrvMetaDataOptionsGateway",type:"bool"},{get:t+"s/"+e+"/casSrvMetaDataOptionsComment",id:t+"s/"+e+"/casSrvMetaDataOptionsComment",title:"casSrvMetaDataOptionsComment",type:"longtext"}],id:"casSrvMetaDataOptions",title:"casSrvMetaDataOptions",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/casSrvMetaDataOptionsDisplayName",id:t+"s/"+e+"/casSrvMetaDataOptionsDisplayName",title:"casSrvMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/casSrvMetaDataOptionsIcon",id:t+"s/"+e+"/casSrvMetaDataOptionsIcon",title:"casSrvMetaDataOptionsIcon"},{get:t+"s/"+e+"/casSrvMetaDataOptionsTooltip",id:t+"s/"+e+"/casSrvMetaDataOptionsTooltip",title:"casSrvMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/casSrvMetaDataOptionsResolutionRule",id:t+"s/"+e+"/casSrvMetaDataOptionsResolutionRule",title:"casSrvMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/casSrvMetaDataOptionsSortNumber",id:t+"s/"+e+"/casSrvMetaDataOptionsSortNumber",title:"casSrvMetaDataOptionsSortNumber",type:"intOrNull"}],id:"casSrvMetaDataOptionsDisplay",title:"casSrvMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"oidcOPMetaDataNode":return[{get:t+"s/"+e+"/oidcOPMetaDataJSON",id:t+"s/"+e+"/oidcOPMetaDataJSON",title:"oidcOPMetaDataJSON",type:"file"},{get:t+"s/"+e+"/oidcOPMetaDataJWKS",id:t+"s/"+e+"/oidcOPMetaDataJWKS",title:"oidcOPMetaDataJWKS",type:"file"},{cnodes:t+"s/"+e+"/oidcOPMetaDataExportedVars",default:[{data:"name",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/cn",title:"cn",type:"keyText"},{data:"email",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/mail",title:"mail",type:"keyText"},{data:"family_name",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/sn",title:"sn",type:"keyText"},{data:"sub",id:t+"s/"+e+"/oidcOPMetaDataExportedVars/uid",title:"uid",type:"keyText"}],id:t+"s/"+e+"/oidcOPMetaDataExportedVars",title:"oidcOPMetaDataExportedVars",type:"keyTextContainer"},{_nodes:[{_nodes:[{get:t+"s/"+e+"/oidcOPMetaDataOptionsConfigurationURI",id:t+"s/"+e+"/oidcOPMetaDataOptionsConfigurationURI",title:"oidcOPMetaDataOptionsConfigurationURI"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsJWKSTimeout",id:t+"s/"+e+"/oidcOPMetaDataOptionsJWKSTimeout",title:"oidcOPMetaDataOptionsJWKSTimeout",type:"int"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsClientID",id:t+"s/"+e+"/oidcOPMetaDataOptionsClientID",title:"oidcOPMetaDataOptionsClientID"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsClientSecret",id:t+"s/"+e+"/oidcOPMetaDataOptionsClientSecret",title:"oidcOPMetaDataOptionsClientSecret",type:"password"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsStoreIDToken",id:t+"s/"+e+"/oidcOPMetaDataOptionsStoreIDToken",title:"oidcOPMetaDataOptionsStoreIDToken",type:"bool"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsUserAttribute",id:t+"s/"+e+"/oidcOPMetaDataOptionsUserAttribute",title:"oidcOPMetaDataOptionsUserAttribute"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsRequirePkce",id:t+"s/"+e+"/oidcOPMetaDataOptionsRequirePkce",title:"oidcOPMetaDataOptionsRequirePkce",type:"bool"}],id:"oidcOPMetaDataOptionsConfiguration",title:"oidcOPMetaDataOptionsConfiguration",type:"simpleInputContainer"},{_nodes:[{default:"openid profile",get:t+"s/"+e+"/oidcOPMetaDataOptionsScope",id:t+"s/"+e+"/oidcOPMetaDataOptionsScope",title:"oidcOPMetaDataOptionsScope"},{default:"",get:t+"s/"+e+"/oidcOPMetaDataOptionsDisplay",id:t+"s/"+e+"/oidcOPMetaDataOptionsDisplay",select:[{k:"",v:""},{k:"page",v:"page"},{k:"popup",v:"popup"},{k:"touch",v:"touch"},{k:"wap",v:"wap"}],title:"oidcOPMetaDataOptionsDisplay",type:"select"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsPrompt",id:t+"s/"+e+"/oidcOPMetaDataOptionsPrompt",title:"oidcOPMetaDataOptionsPrompt"},{default:0,get:t+"s/"+e+"/oidcOPMetaDataOptionsMaxAge",id:t+"s/"+e+"/oidcOPMetaDataOptionsMaxAge",title:"oidcOPMetaDataOptionsMaxAge",type:"int"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsUiLocales",id:t+"s/"+e+"/oidcOPMetaDataOptionsUiLocales",title:"oidcOPMetaDataOptionsUiLocales"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsAcrValues",id:t+"s/"+e+"/oidcOPMetaDataOptionsAcrValues",title:"oidcOPMetaDataOptionsAcrValues"},{default:"get",get:t+"s/"+e+"/oidcOPMetaDataOptionsAuthnEndpointAuthMethod",id:t+"s/"+e+"/oidcOPMetaDataOptionsAuthnEndpointAuthMethod",select:[{k:"",v:"None"},{k:"jws",v:"Signed JWT"}],title:"oidcOPMetaDataOptionsAuthnEndpointAuthMethod",type:"select"},{default:"RS256",get:t+"s/"+e+"/oidcOPMetaDataOptionsAuthnEndpointAuthSigAlg",id:t+"s/"+e+"/oidcOPMetaDataOptionsAuthnEndpointAuthSigAlg",select:[{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"},{k:"PS256",v:"PS256"},{k:"PS384",v:"PS384"},{k:"PS512",v:"PS512"},{k:"ES256",v:"ES256"},{k:"ES384",v:"ES384"},{k:"ES512",v:"ES512"},{k:"EdDSA",v:"EdDSA"}],title:"oidcOPMetaDataOptionsAuthnEndpointAuthSigAlg",type:"select"},{default:"client_secret_post",get:t+"s/"+e+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",id:t+"s/"+e+"/oidcOPMetaDataOptionsTokenEndpointAuthMethod",select:[{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"},{k:"client_secret_jwt",v:"client_secret_jwt"},{k:"private_key_jwt",v:"private_key_jwt"}],title:"oidcOPMetaDataOptionsTokenEndpointAuthMethod",type:"select"},{default:1,get:t+"s/"+e+"/oidcOPMetaDataOptionsCheckJWTSignature",id:t+"s/"+e+"/oidcOPMetaDataOptionsCheckJWTSignature",title:"oidcOPMetaDataOptionsCheckJWTSignature",type:"bool"},{default:30,get:t+"s/"+e+"/oidcOPMetaDataOptionsIDTokenMaxAge",id:t+"s/"+e+"/oidcOPMetaDataOptionsIDTokenMaxAge",title:"oidcOPMetaDataOptionsIDTokenMaxAge",type:"int"},{default:1,get:t+"s/"+e+"/oidcOPMetaDataOptionsUseNonce",id:t+"s/"+e+"/oidcOPMetaDataOptionsUseNonce",title:"oidcOPMetaDataOptionsUseNonce",type:"bool"}],id:"oidcOPMetaDataOptionsProtocol",title:"oidcOPMetaDataOptionsProtocol",type:"simpleInputContainer"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsComment",id:t+"s/"+e+"/oidcOPMetaDataOptionsComment",title:"oidcOPMetaDataOptionsComment",type:"longtext"}],help:"authopenidconnect.html#options",id:"oidcOPMetaDataOptions",title:"oidcOPMetaDataOptions"},{_nodes:[{get:t+"s/"+e+"/oidcOPMetaDataOptionsDisplayName",id:t+"s/"+e+"/oidcOPMetaDataOptionsDisplayName",title:"oidcOPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsIcon",id:t+"s/"+e+"/oidcOPMetaDataOptionsIcon",title:"oidcOPMetaDataOptionsIcon"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsTooltip",id:t+"s/"+e+"/oidcOPMetaDataOptionsTooltip",title:"oidcOPMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/oidcOPMetaDataOptionsResolutionRule",id:t+"s/"+e+"/oidcOPMetaDataOptionsResolutionRule",title:"oidcOPMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/oidcOPMetaDataOptionsSortNumber",id:t+"s/"+e+"/oidcOPMetaDataOptionsSortNumber",title:"oidcOPMetaDataOptionsSortNumber",type:"intOrNull"}],help:"authopenidconnect.html#display",id:"oidcOPMetaDataOptionsDisplayParams",title:"oidcOPMetaDataOptionsDisplayParams",type:"simpleInputContainer"}];case"oidcRPMetaDataNode":return[{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsPublic",id:t+"s/"+e+"/oidcRPMetaDataOptionsPublic",title:"oidcRPMetaDataOptionsPublic",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsClientID",id:t+"s/"+e+"/oidcRPMetaDataOptionsClientID",title:"oidcRPMetaDataOptionsClientID"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsClientSecret",id:t+"s/"+e+"/oidcRPMetaDataOptionsClientSecret",title:"oidcRPMetaDataOptionsClientSecret",type:"password"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRedirectUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsRedirectUris",title:"oidcRPMetaDataOptionsRedirectUris"}],help:"idpopenidconnect.html#basic-options",id:"oidcRPMetaDataOptionsBasic",title:"oidcRPMetaDataOptionsBasic",type:"simpleInputContainer"},{cnodes:t+"s/"+e+"/oidcRPMetaDataExportedVars",default:[{data:["mail","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/email",title:"email",type:"oidcAttribute"},{data:["cn","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/name",title:"name",type:"oidcAttribute"},{data:["uid","string","auto"],id:t+"s/"+e+"/oidcRPMetaDataExportedVars/preferred_username",title:"preferred_username",type:"oidcAttribute"}],help:"idpopenidconnect.html#exported-attributes",id:t+"s/"+e+"/oidcRPMetaDataExportedVars",title:"oidcRPMetaDataExportedVars",type:"oidcAttributeContainer"},{_nodes:[{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsBypassConsent",id:t+"s/"+e+"/oidcRPMetaDataOptionsBypassConsent",title:"oidcRPMetaDataOptionsBypassConsent",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenForceClaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenForceClaims",title:"oidcRPMetaDataOptionsIDTokenForceClaims",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenJWT",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenJWT",title:"oidcRPMetaDataOptionsAccessTokenJWT",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenClaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenClaims",title:"oidcRPMetaDataOptionsAccessTokenClaims",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsRefreshToken",id:t+"s/"+e+"/oidcRPMetaDataOptionsRefreshToken",title:"oidcRPMetaDataOptionsRefreshToken",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsUserIDAttr",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserIDAttr",title:"oidcRPMetaDataOptionsUserIDAttr"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAdditionalAudiences",id:t+"s/"+e+"/oidcRPMetaDataOptionsAdditionalAudiences",title:"oidcRPMetaDataOptionsAdditionalAudiences"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsTokenXAuthorizedRP",id:t+"s/"+e+"/oidcRPMetaDataOptionsTokenXAuthorizedRP",title:"oidcRPMetaDataOptionsTokenXAuthorizedRP"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsTokenXAuthorizedMatrix",id:t+"s/"+e+"/oidcRPMetaDataOptionsTokenXAuthorizedMatrix",title:"oidcRPMetaDataOptionsTokenXAuthorizedMatrix"}],id:"oidcRPMetaDataOptionsAdvanced",title:"oidcRPMetaDataOptionsAdvanced",type:"simpleInputContainer"},{_nodes:[{cnodes:t+"s/"+e+"/oidcRPMetaDataOptionsExtraClaims",default:[],help:"idpopenidconnect.html#oidcextraclaims",id:t+"s/"+e+"/oidcRPMetaDataOptionsExtraClaims",title:"oidcRPMetaDataOptionsExtraClaims",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/oidcRPMetaDataScopeRules",default:[],help:"idpopenidconnect.html#scope-rules",id:t+"s/"+e+"/oidcRPMetaDataScopeRules",title:"oidcRPMetaDataScopeRules",type:"keyTextContainer"}],id:"oidcRPMetaDataOptionsScopes",title:"oidcRPMetaDataOptionsScopes"},{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsRequirePKCE",id:t+"s/"+e+"/oidcRPMetaDataOptionsRequirePKCE",title:"oidcRPMetaDataOptionsRequirePKCE",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowOffline",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowOffline",title:"oidcRPMetaDataOptionsAllowOffline",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowPasswordGrant",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowPasswordGrant",title:"oidcRPMetaDataOptionsAllowPasswordGrant",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",id:t+"s/"+e+"/oidcRPMetaDataOptionsAllowClientCredentialsGrant",title:"oidcRPMetaDataOptionsAllowClientCredentialsGrant",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRequestUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsRequestUris",title:"oidcRPMetaDataOptionsRequestUris"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnLevel",title:"oidcRPMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsRule",id:t+"s/"+e+"/oidcRPMetaDataOptionsRule",title:"oidcRPMetaDataOptionsRule"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthMethod",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthMethod",select:[{k:"",v:"Any"},{k:"client_secret_post",v:"client_secret_post"},{k:"client_secret_basic",v:"client_secret_basic"},{k:"client_secret_jwt",v:"client_secret_jwt"},{k:"private_key_jwt",v:"private_key_jwt"}],title:"oidcRPMetaDataOptionsAuthMethod",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthRequiredForAuthorize",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthRequiredForAuthorize",title:"oidcRPMetaDataOptionsAuthRequiredForAuthorize",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnRequireState",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnRequireState",title:"oidcRPMetaDataOptionsAuthnRequireState",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnRequireNonce",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthnRequireNonce",title:"oidcRPMetaDataOptionsAuthnRequireNonce",type:"bool"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsUserinfoRequireHeaderToken",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserinfoRequireHeaderToken",title:"oidcRPMetaDataOptionsUserinfoRequireHeaderToken",type:"bool"}],id:"security",title:"security",type:"simpleInputContainer"},{_nodes:[{default:"RS256",get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenSignAlg",select:[{k:"none",v:"None"},{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"},{k:"PS256",v:"PS256"},{k:"PS384",v:"PS384"},{k:"PS512",v:"PS512"},{k:"ES256",v:"ES256"},{k:"ES384",v:"ES384"},{k:"ES512",v:"ES512"},{k:"EdDSA",v:"EdDSA"}],title:"oidcRPMetaDataOptionsIDTokenSignAlg",type:"select"},{default:"RS256",get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenSignAlg",select:[{k:"HS256",v:"HS256"},{k:"HS384",v:"HS384"},{k:"HS512",v:"HS512"},{k:"RS256",v:"RS256"},{k:"RS384",v:"RS384"},{k:"RS512",v:"RS512"},{k:"PS256",v:"PS256"},{k:"PS384",v:"PS384"},{k:"PS512",v:"PS512"},{k:"ES256",v:"ES256"},{k:"ES384",v:"ES384"},{k:"ES512",v:"ES512"},{k:"EdDSA",v:"EdDSA"}],title:"oidcRPMetaDataOptionsAccessTokenSignAlg",type:"select"},{default:"",get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoSignAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoSignAlg",select:[{k:"",v:"JSON"},{k:"none",v:"JWT/None"},{k:"HS256",v:"JWT/HS256"},{k:"HS384",v:"JWT/HS384"},{k:"HS512",v:"JWT/HS512"},{k:"RS256",v:"JWT/RS256"},{k:"RS384",v:"JWT/RS384"},{k:"RS512",v:"JWT/RS512"},{k:"PS256",v:"JWT/PS256"},{k:"PS384",v:"JWT/PS384"},{k:"PS512",v:"JWT/PS512"},{k:"ES256",v:"JWT/ES256"},{k:"ES384",v:"JWT/ES384"},{k:"ES512",v:"JWT/ES512"},{k:"EdDSA",v:"JWT/EdDSA"}],title:"oidcRPMetaDataOptionsUserInfoSignAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsAccessTokenEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsAccessTokenEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsIdTokenEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsIdTokenEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsIdTokenEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsUserInfoEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsUserInfoEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsUserInfoEncContentEncAlg",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",select:[{k:"",v:"None"},{k:"RSA-OAEP",v:"RSA-OAEP"},{k:"RSA-OAEP-256",v:"RSA-OAEP-256"},{k:"RSA1_5",v:"RSA1_5"},{k:"ECDH-ES",v:"ECDH-ES"},{k:"ECDH-ES+A128KW",v:"ECDH-ES+A128KW"},{k:"ECDH-ES+A192KW",v:"ECDH-ES+A192KW"},{k:"ECDH-ES+A256KW",v:"ECDH-ES+A256KW"}],title:"oidcRPMetaDataOptionsLogoutEncKeyMgtAlg",type:"select"},{default:"A256GCM",get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncContentEncAlg",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutEncContentEncAlg",select:[{k:"A256CBC-HS512",v:"A256CBC-HS512"},{k:"A256GCM",v:"A256GCM"},{k:"A192CBC-HS384",v:"A192CBC-HS384"},{k:"A192GCM",v:"A192GCM"},{k:"A128CBC-HS256",v:"A128CBC-HS256"},{k:"A128GCM",v:"A128GCM"}],title:"oidcRPMetaDataOptionsLogoutEncContentEncAlg",type:"select"}],id:"algorithms",title:"algorithms",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/oidcRPMetaDataOptionsJwksUri",help:"idpopenidconnect.html",id:t+"s/"+e+"/oidcRPMetaDataOptionsJwksUri",title:"oidcRPMetaDataOptionsJwksUri"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsJwks",id:t+"s/"+e+"/oidcRPMetaDataOptionsJwks",title:"oidcRPMetaDataOptionsJwks",type:"file"}],id:"keys",title:"keys"},{_nodes:[{get:t+"s/"+e+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsAuthorizationCodeExpiration",title:"oidcRPMetaDataOptionsAuthorizationCodeExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsIDTokenExpiration",title:"oidcRPMetaDataOptionsIDTokenExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsAccessTokenExpiration",title:"oidcRPMetaDataOptionsAccessTokenExpiration",type:"intOrNull"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsOfflineSessionExpiration",id:t+"s/"+e+"/oidcRPMetaDataOptionsOfflineSessionExpiration",title:"oidcRPMetaDataOptionsOfflineSessionExpiration",type:"intOrNull"}],id:"oidcRPMetaDataOptionsTimeouts",title:"oidcRPMetaDataOptionsTimeouts",type:"simpleInputContainer"},{_nodes:[{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutBypassConfirm",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutBypassConfirm",title:"oidcRPMetaDataOptionsLogoutBypassConfirm",type:"bool"},{default:0,get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutSessionRequired",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutSessionRequired",title:"oidcRPMetaDataOptionsLogoutSessionRequired",type:"bool"},{default:"front",get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutType",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutType",select:[{k:"front",v:"Front Channel"},{k:"back",v:"Back Channel"}],title:"oidcRPMetaDataOptionsLogoutType",type:"select"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutUrl",id:t+"s/"+e+"/oidcRPMetaDataOptionsLogoutUrl",title:"oidcRPMetaDataOptionsLogoutUrl"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",id:t+"s/"+e+"/oidcRPMetaDataOptionsPostLogoutRedirectUris",title:"oidcRPMetaDataOptionsPostLogoutRedirectUris"}],id:"logout",title:"logout",type:"simpleInputContainer"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsComment",id:t+"s/"+e+"/oidcRPMetaDataOptionsComment",title:"oidcRPMetaDataOptionsComment",type:"longtext"}],help:"idpopenidconnect.html#options",id:"oidcRPMetaDataOptions",title:"oidcRPMetaDataOptions"},{cnodes:t+"s/"+e+"/oidcRPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/oidcRPMetaDataMacros",title:"oidcRPMetaDataMacros",type:"keyTextContainer"},{_nodes:[{get:t+"s/"+e+"/oidcRPMetaDataOptionsDisplayName",id:t+"s/"+e+"/oidcRPMetaDataOptionsDisplayName",title:"oidcRPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/oidcRPMetaDataOptionsIcon",id:t+"s/"+e+"/oidcRPMetaDataOptionsIcon",title:"oidcRPMetaDataOptionsIcon"}],help:"idpopenidconnect.html#display",id:"oidcRPMetaDataOptionsDisplay",title:"oidcRPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlIDPMetaDataNode":return[{get:t+"s/"+e+"/samlIDPMetaDataXML",id:t+"s/"+e+"/samlIDPMetaDataXML",title:"samlIDPMetaDataXML",type:"file"},{cnodes:t+"s/"+e+"/samlIDPMetaDataExportedAttributes",default:[],help:"authsaml.html#exported-attributes",id:t+"s/"+e+"/samlIDPMetaDataExportedAttributes",title:"samlIDPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsAdaptSessionUtime",id:t+"s/"+e+"/samlIDPMetaDataOptionsAdaptSessionUtime",title:"samlIDPMetaDataOptionsAdaptSessionUtime",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsForceUTF8",id:t+"s/"+e+"/samlIDPMetaDataOptionsForceUTF8",title:"samlIDPMetaDataOptionsForceUTF8",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsStoreSAMLToken",id:t+"s/"+e+"/samlIDPMetaDataOptionsStoreSAMLToken",title:"samlIDPMetaDataOptionsStoreSAMLToken",type:"bool"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsUserAttribute",id:t+"s/"+e+"/samlIDPMetaDataOptionsUserAttribute",title:"samlIDPMetaDataOptionsUserAttribute"}],help:"authsaml.html#session",id:"samlIDPMetaDataOptionsSession",title:"samlIDPMetaDataOptionsSession",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSignatureMethod",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlIDPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+e+"/samlIDPMetaDataOptionsSignSSOMessage",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignSSOMessage",title:"samlIDPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSSOMessageSignature",title:"samlIDPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+e+"/samlIDPMetaDataOptionsSignSLOMessage",id:t+"s/"+e+"/samlIDPMetaDataOptionsSignSLOMessage",title:"samlIDPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckSLOMessageSignature",title:"samlIDPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],help:"authsaml.html#signature",id:"samlIDPMetaDataOptionsSignature",title:"samlIDPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSSOBinding",id:t+"s/"+e+"/samlIDPMetaDataOptionsSSOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"artifact-get",v:"Artifact GET"}],title:"samlIDPMetaDataOptionsSSOBinding",type:"select"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsSLOBinding",id:t+"s/"+e+"/samlIDPMetaDataOptionsSLOBinding",select:[{k:"",v:""},{k:"http-post",v:"POST"},{k:"http-redirect",v:"Redirect"},{k:"http-soap",v:"SOAP"}],title:"samlIDPMetaDataOptionsSLOBinding",type:"select"}],help:"authsaml.html#binding",id:"samlIDPMetaDataOptionsBinding",title:"samlIDPMetaDataOptionsBinding",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+e+"/samlIDPMetaDataOptionsEncryptionMode",id:t+"s/"+e+"/samlIDPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlIDPMetaDataOptionsEncryptionMode",type:"select"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckTime",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckTime",title:"samlIDPMetaDataOptionsCheckTime",type:"bool"},{default:1,get:t+"s/"+e+"/samlIDPMetaDataOptionsCheckAudience",id:t+"s/"+e+"/samlIDPMetaDataOptionsCheckAudience",title:"samlIDPMetaDataOptionsCheckAudience",type:"bool"}],help:"authsaml.html#security",id:"samlIDPMetaDataOptionsSecurity",title:"samlIDPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsNameIDFormat",id:t+"s/"+e+"/samlIDPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlIDPMetaDataOptionsNameIDFormat",type:"select"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsForceAuthn",id:t+"s/"+e+"/samlIDPMetaDataOptionsForceAuthn",title:"samlIDPMetaDataOptionsForceAuthn",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsIsPassive",id:t+"s/"+e+"/samlIDPMetaDataOptionsIsPassive",title:"samlIDPMetaDataOptionsIsPassive",type:"bool"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsAllowLoginFromIDP",id:t+"s/"+e+"/samlIDPMetaDataOptionsAllowLoginFromIDP",title:"samlIDPMetaDataOptionsAllowLoginFromIDP",type:"bool"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsRequestedAuthnContext",id:t+"s/"+e+"/samlIDPMetaDataOptionsRequestedAuthnContext",select:[{k:"",v:""},{k:"kerberos",v:"Kerberos"},{k:"password-protected-transport",v:"Password protected transport"},{k:"password",v:"Password"},{k:"tls-client",v:"TLS client certificate"}],title:"samlIDPMetaDataOptionsRequestedAuthnContext",type:"select"},{default:0,get:t+"s/"+e+"/samlIDPMetaDataOptionsRelayStateURL",id:t+"s/"+e+"/samlIDPMetaDataOptionsRelayStateURL",title:"samlIDPMetaDataOptionsRelayStateURL",type:"bool"},{_nodes:[{get:t+"s/"+e+"/samlIDPMetaDataOptionsFederationEntityID",id:t+"s/"+e+"/samlIDPMetaDataOptionsFederationEntityID",title:"samlIDPMetaDataOptionsFederationEntityID"}],id:"samlIDPMetaDataOptionsFederation",title:"samlIDPMetaDataOptionsFederation",type:"simpleInputContainer"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsComment",id:t+"s/"+e+"/samlIDPMetaDataOptionsComment",title:"samlIDPMetaDataOptionsComment",type:"longtext"}],help:"authsaml.html#options",id:"samlIDPMetaDataOptions",title:"samlIDPMetaDataOptions"},{_nodes:[{get:t+"s/"+e+"/samlIDPMetaDataOptionsDisplayName",id:t+"s/"+e+"/samlIDPMetaDataOptionsDisplayName",title:"samlIDPMetaDataOptionsDisplayName"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsIcon",id:t+"s/"+e+"/samlIDPMetaDataOptionsIcon",title:"samlIDPMetaDataOptionsIcon"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsTooltip",id:t+"s/"+e+"/samlIDPMetaDataOptionsTooltip",title:"samlIDPMetaDataOptionsTooltip"},{default:"",get:t+"s/"+e+"/samlIDPMetaDataOptionsResolutionRule",id:t+"s/"+e+"/samlIDPMetaDataOptionsResolutionRule",title:"samlIDPMetaDataOptionsResolutionRule",type:"longtext"},{get:t+"s/"+e+"/samlIDPMetaDataOptionsSortNumber",id:t+"s/"+e+"/samlIDPMetaDataOptionsSortNumber",title:"samlIDPMetaDataOptionsSortNumber",type:"intOrNull"}],help:"authsaml.html#display",id:"samlIDPMetaDataOptionsDisplay",title:"samlIDPMetaDataOptionsDisplay",type:"simpleInputContainer"}];case"samlSPMetaDataNode":return[{get:t+"s/"+e+"/samlSPMetaDataXML",id:t+"s/"+e+"/samlSPMetaDataXML",title:"samlSPMetaDataXML",type:"file"},{cnodes:t+"s/"+e+"/samlSPMetaDataExportedAttributes",default:[],help:"idpsaml.html#exported-attributes",id:t+"s/"+e+"/samlSPMetaDataExportedAttributes",title:"samlSPMetaDataExportedAttributes",type:"samlAttributeContainer"},{_nodes:[{_nodes:[{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsNameIDFormat",id:t+"s/"+e+"/samlSPMetaDataOptionsNameIDFormat",select:[{k:"",v:""},{k:"unspecified",v:"Unspecified"},{k:"email",v:"Email"},{k:"x509",v:"X509 certificate"},{k:"windows",v:"Windows"},{k:"kerberos",v:"Kerberos"},{k:"entity",v:"Entity"},{k:"persistent",v:"Persistent"},{k:"transient",v:"Transient"},{k:"encrypted",v:"Encrypted"}],title:"samlSPMetaDataOptionsNameIDFormat",type:"select"},{get:t+"s/"+e+"/samlSPMetaDataOptionsNameIDSessionKey",id:t+"s/"+e+"/samlSPMetaDataOptionsNameIDSessionKey",title:"samlSPMetaDataOptionsNameIDSessionKey"},{default:0,get:t+"s/"+e+"/samlSPMetaDataOptionsOneTimeUse",id:t+"s/"+e+"/samlSPMetaDataOptionsOneTimeUse",title:"samlSPMetaDataOptionsOneTimeUse",type:"bool"},{default:72e3,get:t+"s/"+e+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",id:t+"s/"+e+"/samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsSessionNotOnOrAfterTimeout",type:"int"},{default:72e3,get:t+"s/"+e+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",id:t+"s/"+e+"/samlSPMetaDataOptionsNotOnOrAfterTimeout",title:"samlSPMetaDataOptionsNotOnOrAfterTimeout",type:"int"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsForceUTF8",id:t+"s/"+e+"/samlSPMetaDataOptionsForceUTF8",title:"samlSPMetaDataOptionsForceUTF8",type:"bool"}],id:"samlSPMetaDataOptionsAuthnResponse",title:"samlSPMetaDataOptionsAuthnResponse",type:"simpleInputContainer"},{_nodes:[{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsSignatureMethod",id:t+"s/"+e+"/samlSPMetaDataOptionsSignatureMethod",select:[{k:"",v:"default"},{k:"RSA_SHA1",v:"RSA SHA1"},{k:"RSA_SHA256",v:"RSA SHA256"},{k:"RSA_SHA384",v:"RSA SHA384"},{k:"RSA_SHA512",v:"RSA SHA512"}],title:"samlSPMetaDataOptionsSignatureMethod",type:"select"},{default:-1,get:t+"s/"+e+"/samlSPMetaDataOptionsSignSSOMessage",id:t+"s/"+e+"/samlSPMetaDataOptionsSignSSOMessage",title:"samlSPMetaDataOptionsSignSSOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsCheckSSOMessageSignature",id:t+"s/"+e+"/samlSPMetaDataOptionsCheckSSOMessageSignature",title:"samlSPMetaDataOptionsCheckSSOMessageSignature",type:"bool"},{default:-1,get:t+"s/"+e+"/samlSPMetaDataOptionsSignSLOMessage",id:t+"s/"+e+"/samlSPMetaDataOptionsSignSLOMessage",title:"samlSPMetaDataOptionsSignSLOMessage",type:"trool"},{default:1,get:t+"s/"+e+"/samlSPMetaDataOptionsCheckSLOMessageSignature",id:t+"s/"+e+"/samlSPMetaDataOptionsCheckSLOMessageSignature",title:"samlSPMetaDataOptionsCheckSLOMessageSignature",type:"bool"}],id:"samlSPMetaDataOptionsSignature",title:"samlSPMetaDataOptionsSignature",type:"simpleInputContainer"},{_nodes:[{default:"none",get:t+"s/"+e+"/samlSPMetaDataOptionsEncryptionMode",id:t+"s/"+e+"/samlSPMetaDataOptionsEncryptionMode",select:[{k:"none",v:"None"},{k:"nameid",v:"Name ID"},{k:"assertion",v:"Assertion"}],title:"samlSPMetaDataOptionsEncryptionMode",type:"select"},{default:0,get:t+"s/"+e+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",id:t+"s/"+e+"/samlSPMetaDataOptionsEnableIDPInitiatedURL",title:"samlSPMetaDataOptionsEnableIDPInitiatedURL",type:"bool"},{get:t+"s/"+e+"/samlSPMetaDataOptionsAuthnLevel",id:t+"s/"+e+"/samlSPMetaDataOptionsAuthnLevel",title:"samlSPMetaDataOptionsAuthnLevel",type:"intOrNull"},{get:t+"s/"+e+"/samlSPMetaDataOptionsRule",id:t+"s/"+e+"/samlSPMetaDataOptionsRule",title:"samlSPMetaDataOptionsRule"}],id:"samlSPMetaDataOptionsSecurity",title:"samlSPMetaDataOptionsSecurity",type:"simpleInputContainer"},{_nodes:[{get:t+"s/"+e+"/samlSPMetaDataOptionsFederationEntityID",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationEntityID",title:"samlSPMetaDataOptionsFederationEntityID"},{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsFederationOptionalAttributes",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationOptionalAttributes",select:[{k:"",v:"keep"},{k:"ignore",v:"ignore"}],title:"samlSPMetaDataOptionsFederationOptionalAttributes",type:"select"},{default:"",get:t+"s/"+e+"/samlSPMetaDataOptionsFederationRequiredAttributes",id:t+"s/"+e+"/samlSPMetaDataOptionsFederationRequiredAttributes",select:[{k:"",v:"keep"},{k:"optional",v:"makeoptional"},{k:"ignore",v:"ignore"}],title:"samlSPMetaDataOptionsFederationRequiredAttributes",type:"select"}],id:"samlSPMetaDataOptionsFederation",title:"samlSPMetaDataOptionsFederation",type:"simpleInputContainer"},{get:t+"s/"+e+"/samlSPMetaDataOptionsComment",id:t+"s/"+e+"/samlSPMetaDataOptionsComment",title:"samlSPMetaDataOptionsComment",type:"longtext"}],help:"idpsaml.html#options",id:"samlSPMetaDataOptions",title:"samlSPMetaDataOptions"},{cnodes:t+"s/"+e+"/samlSPMetaDataMacros",default:[],help:"exportedvars.html#extend-variables-using-macros-and-groups",id:t+"s/"+e+"/samlSPMetaDataMacros",title:"samlSPMetaDataMacros",type:"keyTextContainer"}];case"virtualHost":return[{cnodes:t+"s/"+e+"/locationRules",default:[{data:"deny",id:t+"s/"+e+"/locationRules/default",re:"default",title:"default",type:"rule"}],help:"writingrulesand_headers.html#rules",id:t+"s/"+e+"/locationRules",title:"locationRules",type:"ruleContainer"},{cnodes:t+"s/"+e+"/exportedHeaders",help:"writingrulesand_headers.html#headers",id:t+"s/"+e+"/exportedHeaders",title:"exportedHeaders",type:"keyTextContainer"},{cnodes:t+"s/"+e+"/post",help:"formreplay.html",id:t+"s/"+e+"/post",title:"post",type:"postContainer"},{_nodes:[{default:-1,get:t+"s/"+e+"/vhostPort",id:t+"s/"+e+"/vhostPort",title:"vhostPort",type:"int"},{default:-1,get:t+"s/"+e+"/vhostHttps",id:t+"s/"+e+"/vhostHttps",title:"vhostHttps",type:"trool"},{default:0,get:t+"s/"+e+"/vhostMaintenance",id:t+"s/"+e+"/vhostMaintenance",title:"vhostMaintenance",type:"bool"},{default:"",get:t+"s/"+e+"/vhostAliases",id:t+"s/"+e+"/vhostAliases",title:"vhostAliases"},{default:"",get:t+"s/"+e+"/vhostAccessToTrace",id:t+"s/"+e+"/vhostAccessToTrace",title:"vhostAccessToTrace"},{get:t+"s/"+e+"/vhostAuthnLevel",id:t+"s/"+e+"/vhostAuthnLevel",title:"vhostAuthnLevel",type:"intOrNull"},{default:"Main",get:t+"s/"+e+"/vhostType",id:t+"s/"+e+"/vhostType",select:[{k:"AuthBasic",v:"AuthBasic"},{k:"CDA",v:"CDA"},{k:"DevOps",v:"DevOps"},{k:"DevOpsST",v:"DevOpsST"},{k:"DevOpsCDA",v:"DevOpsCDA"},{k:"Main",v:"Main"},{k:"OAuth2",v:"OAuth2"},{k:"SecureToken",v:"SecureToken"},{k:"ServiceToken",v:"ServiceToken"},{k:"ZimbraPreAuth",v:"ZimbraPreAuth"}],title:"vhostType",type:"select"},{get:t+"s/"+e+"/vhostDevOpsRulesUrl",id:t+"s/"+e+"/vhostDevOpsRulesUrl",title:"vhostDevOpsRulesUrl"},{default:-1,get:t+"s/"+e+"/vhostServiceTokenTTL",id:t+"s/"+e+"/vhostServiceTokenTTL",title:"vhostServiceTokenTTL",type:"int"},{default:"",get:t+"s/"+e+"/vhostComment",id:t+"s/"+e+"/vhostComment",title:"vhostComment",type:"longtext"}],help:"configvhost.html#options",id:"vhostOptions",title:"vhostOptions",type:"simpleInputContainer"}];default:return[]}}function setScopeVars(t){t.portal=t.data[0]._nodes[0]._nodes[0],t.getKey(t.portal),t.domain=t.data[0]._nodes[4]._nodes[1],t.getKey(t.domain)} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map index 023171d666..c799a20100 100644 --- a/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map +++ b/lemonldap-ng-manager/site/htdocs/static/js/conftree.min.js.map @@ -1 +1 @@ -{"version":3,"sources":["conftree.js"],"names":["templates","tpl","key","cnodes","default","data","id","title","type","_nodes","get","help","select","k","v","re","setScopeVars","scope","portal","getKey","domain"],"mappings":"AAAA,SAASA,UAAUC,EAAIC,GASrB,OAAOD,GACP,IAAK,qBACH,MAAO,CACR,CACGE,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,oCACb,EACA,CACGH,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,OACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHF,GAAO,wBACPC,MAAU,wBACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,GAEHD,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,wCAC5BI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,4BACzBI,GAAOL,EAAI,KAAKC,EAAQ,4BACxBK,MAAU,0BACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHF,GAAO,wBACPC,MAAU,wBACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,GAEHF,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,QACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,cACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBK,MAAU,uCACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,KACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,UACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,oCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,MACZ,GAEHF,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,iBACZM,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,4BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,MACNC,EAAM,KACT,GAEHP,MAAU,+BACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,6BACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,KACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGH,QAAY,MACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,MACNC,EAAM,YACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,qBACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,qBACNC,EAAM,oBACT,EACA,CACGD,EAAM,sBACNC,EAAM,qBACT,EACA,CACGD,EAAM,oBACNC,EAAM,mBACT,EACA,CACGD,EAAM,kBACNC,EAAM,iBACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,qCACVC,KAAS,KACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,gCACVC,KAAS,MACZ,GAEHF,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,iCACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,GAEHG,KAAS,iCACTL,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,mCACb,GAEHI,KAAS,sCACTL,GAAO,6BACPC,MAAU,6BACVC,KAAS,sBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,CACN,OACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,QACVC,KAAS,eACZ,EACA,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,eACZ,EACA,CACGH,KAAS,CACN,MACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,qBACVC,KAAS,eACZ,GAEHG,KAAS,4CACTL,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,qCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,iCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,0CACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,yCACb,GAEHD,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGN,OAAWF,EAAI,KAAKC,EAAQ,oCAC5BE,QAAY,GACZO,KAAS,wCACTL,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,4BAC5BE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAQ,4BACxBK,MAAU,2BACVC,KAAS,kBACZ,GAEHF,GAAO,8BACPC,MAAU,6BACb,EACA,CACGE,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBK,MAAU,mDACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,KACT,EACA,CACGD,EAAM,qBACNC,EAAM,oBACT,EACA,CACGD,EAAM,sBACNC,EAAM,qBACT,EACA,CACGD,EAAM,oBACNC,EAAM,mBACT,EACA,CACGD,EAAM,kBACNC,EAAM,iBACT,GAEHP,MAAU,kCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mDACzBI,GAAOL,EAAI,KAAKC,EAAQ,mDACxBK,MAAU,kDACVC,KAAS,MACZ,GAEHF,GAAO,WACPC,MAAU,WACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,GAEHP,MAAU,sCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,GAEHP,MAAU,0CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,OACNC,EAAM,UACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,mDACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,2CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6CACzBI,GAAOL,EAAI,KAAKC,EAAQ,6CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,4CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,gDACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,0CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,8CACVC,KAAS,QACZ,GAEHF,GAAO,aACPC,MAAU,aACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,gCACzBS,KAAS,wBACTL,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,4BACVC,KAAS,MACZ,GAEHF,GAAO,OACPC,MAAU,MACb,EACA,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBK,MAAU,mDACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,WACZ,GAEHF,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,2CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,eACT,EACA,CACGD,EAAM,OACNC,EAAM,cACT,GAEHP,MAAU,kCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBK,MAAU,6CACb,GAEHD,GAAO,SACPC,MAAU,SACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,gCACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGJ,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,GAEHI,KAAS,gCACTL,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,GAGD,IAAK,sBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,qCAC5BE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,qCACb,GAEHI,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,GAEHP,MAAU,wCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kDACzBI,GAAOL,EAAI,KAAKC,EAAQ,kDACxBK,MAAU,iDACVC,KAAS,MACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kDACzBI,GAAOL,EAAI,KAAKC,EAAQ,kDACxBK,MAAU,iDACVC,KAAS,MACZ,GAEHG,KAAS,0BACTL,GAAO,kCACPC,MAAU,kCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,EACA,CACGD,EAAM,gBACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,GAEHP,MAAU,mCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,EACA,CACGD,EAAM,gBACNC,EAAM,UACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,GAEHP,MAAU,mCACVC,KAAS,QACZ,GAEHG,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,SACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,GAEHG,KAAS,yBACTL,GAAO,iCACPC,MAAU,iCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,OACNC,EAAM,kBACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,qCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,+BACNC,EAAM,8BACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,wBACT,GAEHP,MAAU,8CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,0CACb,GAEHD,GAAO,mCACPC,MAAU,mCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,gCACVC,KAAS,UACZ,GAEHG,KAAS,wBACTL,GAAO,yBACPC,MAAU,wBACb,EACA,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,mCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,4BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,WACZ,GAEHG,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,qBACzBI,GAAOL,EAAI,KAAKC,EAAQ,qBACxBK,MAAU,oBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,oCAC5BE,QAAY,GACZO,KAAS,mCACTL,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,OACNC,EAAM,kBACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,oCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBK,MAAU,uCACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAQ,mDACzBI,GAAOL,EAAI,KAAKC,EAAQ,mDACxBK,MAAU,kDACVC,KAAS,KACZ,EACA,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,2CACVC,KAAS,KACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,iCACVC,KAAS,MACZ,GAEHF,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,MACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,MACZ,GAEHF,GAAO,iCACPC,MAAU,iCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,SACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,sCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,GAEHD,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,yCACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qDACzBI,GAAOL,EAAI,KAAKC,EAAQ,qDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,GAEHP,MAAU,oDACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qDACzBI,GAAOL,EAAI,KAAKC,EAAQ,qDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,GAEHP,MAAU,oDACVC,KAAS,QACZ,GAEHF,GAAO,kCACPC,MAAU,kCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,uBACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGJ,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,GAGD,IAAK,cACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAQ,iBAC5BE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,yBACxBa,GAAO,UACPR,MAAU,UACVC,KAAS,MACZ,GAEHG,KAAS,qCACTL,GAAOL,EAAI,KAAKC,EAAQ,iBACxBK,MAAU,gBACVC,KAAS,eACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,mBAC5BS,KAAS,uCACTL,GAAOL,EAAI,KAAKC,EAAQ,mBACxBK,MAAU,kBACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,QAC5BS,KAAS,kBACTL,GAAOL,EAAI,KAAKC,EAAQ,QACxBK,MAAU,OACVC,KAAS,eACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,aACzBI,GAAOL,EAAI,KAAKC,EAAQ,aACxBK,MAAU,YACVC,KAAS,KACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,cACzBI,GAAOL,EAAI,KAAKC,EAAQ,cACxBK,MAAU,aACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oBACzBI,GAAOL,EAAI,KAAKC,EAAQ,oBACxBK,MAAU,mBACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gBACzBI,GAAOL,EAAI,KAAKC,EAAQ,gBACxBK,MAAU,cACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,oBACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,mBACzBI,GAAOL,EAAI,KAAKC,EAAQ,mBACxBK,MAAU,kBACVC,KAAS,WACZ,EACA,CACGJ,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,aACzBI,GAAOL,EAAI,KAAKC,EAAQ,aACxBU,OAAW,CACR,CACGC,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,MACNC,EAAM,KACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,GAEHP,MAAU,YACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,uBACzBI,GAAOL,EAAI,KAAKC,EAAQ,uBACxBK,MAAU,qBACb,EACA,CACGH,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wBACzBI,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,KACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gBACzBI,GAAOL,EAAI,KAAKC,EAAQ,gBACxBK,MAAU,eACVC,KAAS,UACZ,GAEHG,KAAS,2BACTL,GAAO,eACPC,MAAU,eACVC,KAAS,sBACZ,GAGD,QACE,MAAO,EACT,CACF,CAEA,SAASQ,aAAaC,GACpBA,EAAMC,OAASD,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMC,MAAM,EACzBD,EAAMG,OAASH,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMG,MAAM,CAC3B"} \ No newline at end of file +{"version":3,"sources":["conftree.js"],"names":["templates","tpl","key","cnodes","default","data","id","title","type","_nodes","get","help","select","k","v","re","setScopeVars","scope","portal","getKey","domain"],"mappings":"AAAA,SAASA,UAAUC,EAAIC,GASrB,OAAOD,GACP,IAAK,qBACH,MAAO,CACR,CACGE,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,oCACb,EACA,CACGH,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,OACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHF,GAAO,wBACPC,MAAU,wBACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,GAEHD,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,KACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,wCAC5BI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,4BACzBI,GAAOL,EAAI,KAAKC,EAAQ,4BACxBK,MAAU,0BACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHF,GAAO,wBACPC,MAAU,wBACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,GAEHF,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,QACTC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,SACZ,EACA,CACGH,KAAS,cACTC,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,KACVC,KAAS,SACZ,EACA,CACGH,KAAS,MACTC,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,MACVC,KAAS,SACZ,GAEHF,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBK,MAAU,uCACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,KACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,UACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,oCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,MACZ,GAEHF,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,iBACZM,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,4BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,MACNC,EAAM,KACT,GAEHP,MAAU,+BACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,6BACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,KACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGH,QAAY,MACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,MACNC,EAAM,YACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,qBACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,qBACNC,EAAM,oBACT,EACA,CACGD,EAAM,sBACNC,EAAM,qBACT,EACA,CACGD,EAAM,oBACNC,EAAM,mBACT,EACA,CACGD,EAAM,kBACNC,EAAM,iBACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,qCACVC,KAAS,KACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,gCACVC,KAAS,MACZ,GAEHF,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,iCACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,GAEHG,KAAS,iCACTL,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,+BACzBI,GAAOL,EAAI,KAAKC,EAAQ,+BACxBK,MAAU,8BACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,mCACb,GAEHI,KAAS,sCACTL,GAAO,6BACPC,MAAU,6BACVC,KAAS,sBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,8BAC5BE,QAAY,CACT,CACGC,KAAS,CACN,OACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,QACVC,KAAS,eACZ,EACA,CACGH,KAAS,CACN,KACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,OACVC,KAAS,eACZ,EACA,CACGH,KAAS,CACN,MACA,SACA,QAEHC,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,qBACVC,KAAS,eACZ,GAEHG,KAAS,4CACTL,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,6BACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBK,MAAU,qCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,iCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,0CACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,yCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBK,MAAU,6CACb,GAEHD,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGN,OAAWF,EAAI,KAAKC,EAAQ,oCAC5BE,QAAY,GACZO,KAAS,wCACTL,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,4BAC5BE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAQ,4BACxBK,MAAU,2BACVC,KAAS,kBACZ,GAEHF,GAAO,8BACPC,MAAU,6BACb,EACA,CACGE,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBK,MAAU,mDACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,KACT,EACA,CACGD,EAAM,qBACNC,EAAM,oBACT,EACA,CACGD,EAAM,sBACNC,EAAM,qBACT,EACA,CACGD,EAAM,oBACNC,EAAM,mBACT,EACA,CACGD,EAAM,kBACNC,EAAM,iBACT,GAEHP,MAAU,kCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mDACzBI,GAAOL,EAAI,KAAKC,EAAQ,mDACxBK,MAAU,kDACVC,KAAS,MACZ,GAEHF,GAAO,WACPC,MAAU,WACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,GAEHP,MAAU,sCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,GAEHP,MAAU,0CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,OACNC,EAAM,UACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,EACA,CACGD,EAAM,QACNC,EAAM,WACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,mDACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,2CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,gDACzBI,GAAOL,EAAI,KAAKC,EAAQ,gDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,+CACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6CACzBI,GAAOL,EAAI,KAAKC,EAAQ,6CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,4CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,gDACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,EACA,CACGD,EAAM,iBACNC,EAAM,gBACT,GAEHP,MAAU,0CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,UACZM,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBU,OAAW,CACR,CACGC,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,GAEHP,MAAU,8CACVC,KAAS,QACZ,GAEHF,GAAO,aACPC,MAAU,aACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,gCACzBS,KAAS,wBACTL,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,8BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,4BACVC,KAAS,MACZ,GAEHF,GAAO,OACPC,MAAU,MACb,EACA,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oDACzBI,GAAOL,EAAI,KAAKC,EAAQ,oDACxBK,MAAU,mDACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,0CACzBI,GAAOL,EAAI,KAAKC,EAAQ,0CACxBK,MAAU,yCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,WACZ,GAEHF,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,2CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,QACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBU,OAAW,CACR,CACGC,EAAM,QACNC,EAAM,eACT,EACA,CACGD,EAAM,OACNC,EAAM,cACT,GAEHP,MAAU,kCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,gCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBK,MAAU,6CACb,GAEHD,GAAO,SACPC,MAAU,SACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,gCACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGJ,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,kCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,GAEHI,KAAS,gCACTL,GAAO,+BACPC,MAAU,+BACVC,KAAS,sBACZ,GAGD,IAAK,sBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,qBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,qCAC5BE,QAAY,GACZO,KAAS,oCACTL,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,oCACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,qCACb,GAEHI,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,GAEHP,MAAU,wCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kDACzBI,GAAOL,EAAI,KAAKC,EAAQ,kDACxBK,MAAU,iDACVC,KAAS,MACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kDACzBI,GAAOL,EAAI,KAAKC,EAAQ,kDACxBK,MAAU,iDACVC,KAAS,MACZ,GAEHG,KAAS,0BACTL,GAAO,kCACPC,MAAU,kCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,EACA,CACGD,EAAM,gBACNC,EAAM,UACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,GAEHP,MAAU,mCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,EACA,CACGD,EAAM,gBACNC,EAAM,UACT,EACA,CACGD,EAAM,YACNC,EAAM,MACT,GAEHP,MAAU,mCACVC,KAAS,QACZ,GAEHG,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,SACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,GAEHG,KAAS,yBACTL,GAAO,iCACPC,MAAU,iCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sCACzBI,GAAOL,EAAI,KAAKC,EAAQ,sCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,OACNC,EAAM,kBACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,qCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,0CACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,+CACzBI,GAAOL,EAAI,KAAKC,EAAQ,+CACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,+BACNC,EAAM,8BACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,wBACT,GAEHP,MAAU,8CACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,MACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,0CACb,GAEHD,GAAO,mCACPC,MAAU,mCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,gCACVC,KAAS,UACZ,GAEHG,KAAS,wBACTL,GAAO,yBACPC,MAAU,wBACb,EACA,CACGE,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBK,MAAU,mCACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,8BACzBI,GAAOL,EAAI,KAAKC,EAAQ,8BACxBK,MAAU,4BACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,iCACzBI,GAAOL,EAAI,KAAKC,EAAQ,iCACxBK,MAAU,+BACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBK,MAAU,uCACVC,KAAS,UACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,oCACzBI,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,WACZ,GAEHG,KAAS,wBACTL,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,GAGD,IAAK,qBACH,MAAO,CACR,CACGE,IAAQT,EAAI,KAAKC,EAAQ,qBACzBI,GAAOL,EAAI,KAAKC,EAAQ,qBACxBK,MAAU,oBACVC,KAAS,MACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,oCAC5BE,QAAY,GACZO,KAAS,mCACTL,GAAOL,EAAI,KAAKC,EAAQ,oCACxBK,MAAU,mCACVC,KAAS,wBACZ,EACA,CACGC,OAAW,CACR,CACGA,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qCACzBI,GAAOL,EAAI,KAAKC,EAAQ,qCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,EACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,QACNC,EAAM,OACT,EACA,CACGD,EAAM,OACNC,EAAM,kBACT,EACA,CACGD,EAAM,UACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,oCACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,yCACzBI,GAAOL,EAAI,KAAKC,EAAQ,yCACxBK,MAAU,uCACb,EACA,CACGH,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,MACZ,EACA,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAQ,mDACzBI,GAAOL,EAAI,KAAKC,EAAQ,mDACxBK,MAAU,kDACVC,KAAS,KACZ,EACA,CACGJ,QAAY,KACZM,IAAQT,EAAI,KAAKC,EAAQ,4CACzBI,GAAOL,EAAI,KAAKC,EAAQ,4CACxBK,MAAU,2CACVC,KAAS,KACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,kCACzBI,GAAOL,EAAI,KAAKC,EAAQ,kCACxBK,MAAU,iCACVC,KAAS,MACZ,GAEHF,GAAO,qCACPC,MAAU,qCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,wCACzBI,GAAOL,EAAI,KAAKC,EAAQ,wCACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,SACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,EACA,CACGD,EAAM,aACNC,EAAM,YACT,GAEHP,MAAU,uCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,MACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBK,MAAU,sCACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,iDACzBI,GAAOL,EAAI,KAAKC,EAAQ,iDACxBK,MAAU,gDACVC,KAAS,MACZ,GAEHF,GAAO,iCACPC,MAAU,iCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,uCACzBI,GAAOL,EAAI,KAAKC,EAAQ,uCACxBU,OAAW,CACR,CACGC,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,SACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,GAEHP,MAAU,sCACVC,KAAS,QACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,8CACzBI,GAAOL,EAAI,KAAKC,EAAQ,8CACxBK,MAAU,6CACVC,KAAS,MACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,mCACzBI,GAAOL,EAAI,KAAKC,EAAQ,mCACxBK,MAAU,kCACVC,KAAS,WACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,6BACzBI,GAAOL,EAAI,KAAKC,EAAQ,6BACxBK,MAAU,2BACb,GAEHD,GAAO,gCACPC,MAAU,gCACVC,KAAS,sBACZ,EACA,CACGC,OAAW,CACR,CACGC,IAAQT,EAAI,KAAKC,EAAQ,2CACzBI,GAAOL,EAAI,KAAKC,EAAQ,2CACxBK,MAAU,yCACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qDACzBI,GAAOL,EAAI,KAAKC,EAAQ,qDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,GAEHP,MAAU,oDACVC,KAAS,QACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,qDACzBI,GAAOL,EAAI,KAAKC,EAAQ,qDACxBU,OAAW,CACR,CACGC,EAAM,GACNC,EAAM,MACT,EACA,CACGD,EAAM,WACNC,EAAM,cACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,GAEHP,MAAU,oDACVC,KAAS,QACZ,GAEHF,GAAO,kCACPC,MAAU,kCACVC,KAAS,sBACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,gCACzBI,GAAOL,EAAI,KAAKC,EAAQ,gCACxBK,MAAU,+BACVC,KAAS,UACZ,GAEHG,KAAS,uBACTL,GAAO,wBACPC,MAAU,uBACb,EACA,CACGJ,OAAWF,EAAI,KAAKC,EAAQ,wBAC5BE,QAAY,GACZO,KAAS,6DACTL,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,kBACZ,GAGD,IAAK,cACH,MAAO,CACR,CACGL,OAAWF,EAAI,KAAKC,EAAQ,iBAC5BE,QAAY,CACT,CACGC,KAAS,OACTC,GAAOL,EAAI,KAAKC,EAAQ,yBACxBa,GAAO,UACPR,MAAU,UACVC,KAAS,MACZ,GAEHG,KAAS,qCACTL,GAAOL,EAAI,KAAKC,EAAQ,iBACxBK,MAAU,gBACVC,KAAS,eACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,mBAC5BS,KAAS,uCACTL,GAAOL,EAAI,KAAKC,EAAQ,mBACxBK,MAAU,kBACVC,KAAS,kBACZ,EACA,CACGL,OAAWF,EAAI,KAAKC,EAAQ,QAC5BS,KAAS,kBACTL,GAAOL,EAAI,KAAKC,EAAQ,QACxBK,MAAU,OACVC,KAAS,eACZ,EACA,CACGC,OAAW,CACR,CACGL,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,aACzBI,GAAOL,EAAI,KAAKC,EAAQ,aACxBK,MAAU,YACVC,KAAS,KACZ,EACA,CACGJ,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,cACzBI,GAAOL,EAAI,KAAKC,EAAQ,cACxBK,MAAU,aACVC,KAAS,OACZ,EACA,CACGJ,QAAY,EACZM,IAAQT,EAAI,KAAKC,EAAQ,oBACzBI,GAAOL,EAAI,KAAKC,EAAQ,oBACxBK,MAAU,mBACVC,KAAS,MACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gBACzBI,GAAOL,EAAI,KAAKC,EAAQ,gBACxBK,MAAU,cACb,EACA,CACGH,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,sBACzBI,GAAOL,EAAI,KAAKC,EAAQ,sBACxBK,MAAU,oBACb,EACA,CACGG,IAAQT,EAAI,KAAKC,EAAQ,mBACzBI,GAAOL,EAAI,KAAKC,EAAQ,mBACxBK,MAAU,kBACVC,KAAS,WACZ,EACA,CACGJ,QAAY,OACZM,IAAQT,EAAI,KAAKC,EAAQ,aACzBI,GAAOL,EAAI,KAAKC,EAAQ,aACxBU,OAAW,CACR,CACGC,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,MACNC,EAAM,KACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,WACNC,EAAM,UACT,EACA,CACGD,EAAM,YACNC,EAAM,WACT,EACA,CACGD,EAAM,OACNC,EAAM,MACT,EACA,CACGD,EAAM,SACNC,EAAM,QACT,EACA,CACGD,EAAM,cACNC,EAAM,aACT,EACA,CACGD,EAAM,eACNC,EAAM,cACT,EACA,CACGD,EAAM,gBACNC,EAAM,eACT,GAEHP,MAAU,YACVC,KAAS,QACZ,EACA,CACGE,IAAQT,EAAI,KAAKC,EAAQ,uBACzBI,GAAOL,EAAI,KAAKC,EAAQ,uBACxBK,MAAU,qBACb,EACA,CACGH,QAAY,CAAC,EACbM,IAAQT,EAAI,KAAKC,EAAQ,wBACzBI,GAAOL,EAAI,KAAKC,EAAQ,wBACxBK,MAAU,uBACVC,KAAS,KACZ,EACA,CACGJ,QAAY,GACZM,IAAQT,EAAI,KAAKC,EAAQ,gBACzBI,GAAOL,EAAI,KAAKC,EAAQ,gBACxBK,MAAU,eACVC,KAAS,UACZ,GAEHG,KAAS,2BACTL,GAAO,eACPC,MAAU,eACVC,KAAS,sBACZ,GAGD,QACE,MAAO,EACT,CACF,CAEA,SAASQ,aAAaC,GACpBA,EAAMC,OAASD,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMC,MAAM,EACzBD,EAAMG,OAASH,EAAMZ,KAAK,GAAGI,OAAO,GAAGA,OAAO,GAC9CQ,EAAME,OAAOF,EAAMG,MAAM,CAC3B"} \ No newline at end of file diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json index f2f19978f6..93f81de9bb 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/ar.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/ar.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"قاعدة الدخول", "oidcRPMetaDataOptionsScopes":"نطاق", "oidcRPMetaDataOptionsTimeouts":"Timeouts", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"خاصّيّة المستخدم", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/en.json b/lemonldap-ng-manager/site/htdocs/static/languages/en.json index e0446f2aa8..321c989857 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/en.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/en.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"Access rule", "oidcRPMetaDataOptionsScopes":"Scope", "oidcRPMetaDataOptionsTimeouts":"Timeouts", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"User attribute", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/es.json b/lemonldap-ng-manager/site/htdocs/static/languages/es.json index 65f9602101..4e7ad0a183 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/es.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/es.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"Regla de acceso", "oidcRPMetaDataOptionsScopes":"Ámbito", "oidcRPMetaDataOptionsTimeouts":"Timeouts", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"Atributo de usuario", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json index e679eea454..fcadc7891d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/fr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/fr.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"Règle d'accès", "oidcRPMetaDataOptionsScopes":"Scope", "oidcRPMetaDataOptionsTimeouts":"Expirations", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Serveurs Matrix autorisés à échanger un access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"RP autorisés à échanger un access_token", "oidcRPMetaDataOptionsUserIDAttr":"Attribut de l'utilisateur", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"Algorithme de chiffrement du contenu pour le chiffrement des réponses user_info", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/he.json b/lemonldap-ng-manager/site/htdocs/static/languages/he.json index 50f1208682..4624eb7c13 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/he.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/he.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"כלל גישה", "oidcRPMetaDataOptionsScopes":"היקף", "oidcRPMetaDataOptionsTimeouts":"Timeouts", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"מאפיין משתמש", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/it.json b/lemonldap-ng-manager/site/htdocs/static/languages/it.json index de6921b85d..695ccf033d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/it.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/it.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"Regola di accesso", "oidcRPMetaDataOptionsScopes":"Scopo", "oidcRPMetaDataOptionsTimeouts":"Timeouts", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"Attributo utente", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json index 097abcd6d8..f98b0b1446 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/pl.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/pl.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"Reguła dostępu", "oidcRPMetaDataOptionsScopes":"Zakres", "oidcRPMetaDataOptionsTimeouts":"Limit czasu", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"Atrybut użytkownika", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pt.json b/lemonldap-ng-manager/site/htdocs/static/languages/pt.json index cf9dbe69f8..143808e5f5 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/pt.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/pt.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"Regra de acesso", "oidcRPMetaDataOptionsScopes":"Escopo", "oidcRPMetaDataOptionsTimeouts":"Timeouts", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"Atributo do usuário", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/pt_BR.json b/lemonldap-ng-manager/site/htdocs/static/languages/pt_BR.json index 04dfeb72d3..28ced1f34d 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/pt_BR.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/pt_BR.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"Regra de acesso", "oidcRPMetaDataOptionsScopes":"Escopo", "oidcRPMetaDataOptionsTimeouts":"Expirações", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"Atributo do usuário", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/ru.json b/lemonldap-ng-manager/site/htdocs/static/languages/ru.json index 80ba8effd3..b22e91e588 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/ru.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/ru.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"Правило доступа", "oidcRPMetaDataOptionsScopes":"Объем", "oidcRPMetaDataOptionsTimeouts":"Время ожидания", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"Атрибут пользователя", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json index 5bb9a353a6..5edbc09f0a 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/tr.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/tr.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"Erişim kuralı", "oidcRPMetaDataOptionsScopes":"Kapsam", "oidcRPMetaDataOptionsTimeouts":"Zaman aşımları", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"Kullanıcı niteliği", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json index 657f619636..7d83bff154 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/vi.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/vi.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"Quy tắc truy cập", "oidcRPMetaDataOptionsScopes":"Phạm vi", "oidcRPMetaDataOptionsTimeouts":"Hết thời gian chờ", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"thuộc tính người dùng", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json index c750d5d133..f2fdec8f8a 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"存取規則", "oidcRPMetaDataOptionsScopes":"範圍", "oidcRPMetaDataOptionsTimeouts":"逾時", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"使用者屬性", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", diff --git a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json index 4762cc46c3..760825ad38 100644 --- a/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json +++ b/lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json @@ -776,6 +776,7 @@ "oidcRPMetaDataOptionsRule":"存取規則", "oidcRPMetaDataOptionsScopes":"範圍", "oidcRPMetaDataOptionsTimeouts":"逾時", +"oidcRPMetaDataOptionsTokenXAuthorizedMatrix":"Matrix servers allowed to exchange access_token", "oidcRPMetaDataOptionsTokenXAuthorizedRP":"Other RP allowed to exchange access_token", "oidcRPMetaDataOptionsUserIDAttr":"使用者屬性", "oidcRPMetaDataOptionsUserInfoEncContentEncAlg":"User_info Encryption content encryption algorithm", -- GitLab From 72365dc2ac557af282c5fd4b97277d3f027f7e40 Mon Sep 17 00:00:00 2001 From: Yadd Date: Tue, 14 May 2024 07:52:07 +0400 Subject: [PATCH 9/9] Refactor --- .../NG/Portal/Plugins/MatrixTokenExchange.pm | 54 +++++++++---------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm index 8d0713ae44..cf2072cfed 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Plugins/MatrixTokenExchange.pm @@ -7,33 +7,6 @@ extends 'Lemonldap::NG::Portal::Lib::OIDCTokenExchange'; with 'Lemonldap::NG::Common::Matrix'; -sub getUid { - my ( $self, $req, $rp, $subjectToken, $subjectTokenType ) = @_; - - if ( $subjectTokenType and $subjectTokenType ne 'access_token' ) { - $self->logger->debug( - "Matrix given token isn't declared as access_token"); - return 0; - } - - my $subject_issuer = $req->param('subject_issuer'); - $subject_issuer = $self->serverResolve($subject_issuer); - - # 2. Validate Matrix token against given Matrix server - $self->logger->debug( - "Token exchange asked for Matrix token $subjectToken on $subject_issuer" - ); - - my ( $matrixSub, $uid, $domain ) = - $self->validateMatrixToken( $subject_issuer, $subjectToken ); - - unless ($matrixSub) { - $self->logger->debug("Matrix token rejected by $subject_issuer"); - return 0; - } - return $uid; -} - sub validateAudience { my ( $self, $req, $rp, $target, $requestedTokenType ) = @_; @@ -71,4 +44,31 @@ sub validateAudience { return 1; } +sub getUid { + my ( $self, $req, $rp, $subjectToken, $subjectTokenType ) = @_; + + if ( $subjectTokenType and $subjectTokenType ne 'access_token' ) { + $self->logger->debug( + "Matrix given token isn't declared as access_token"); + return 0; + } + + my $subject_issuer = $req->param('subject_issuer'); + $subject_issuer = $self->serverResolve($subject_issuer); + + # 2. Validate Matrix token against given Matrix server + $self->logger->debug( + "Token exchange asked for Matrix token $subjectToken on $subject_issuer" + ); + + my ( $matrixSub, $uid, $domain ) = + $self->validateMatrixToken( $subject_issuer, $subjectToken ); + + unless ($matrixSub) { + $self->logger->debug("Matrix token rejected by $subject_issuer"); + return 0; + } + return $uid; +} + 1; -- GitLab