@aws-cdk/toolkit-lib 0.3.2 → 0.3.4

package/lib/api/aws-auth/sdk-provider.d.ts

@@ -0,0 +1,195 @@
+import type { ContextLookupRoleOptions } from '@aws-cdk/cloud-assembly-schema';
+import type { Environment } from '@aws-cdk/cx-api';
+import type { AssumeRoleCommandInput } from '@aws-sdk/client-sts';
+import type { NodeHttpHandlerOptions } from '@smithy/node-http-handler';
+import type { AwsCredentialIdentityProvider, Logger } from '@smithy/types';
+import { SDK } from './sdk';
+import { type IoHelper } from '../io/private';
+import { PluginHost, Mode } from '../plugin';
+export type AssumeRoleAdditionalOptions = Partial<Omit<AssumeRoleCommandInput, 'ExternalId' | 'RoleArn'>>;
+/**
+ * Options for the default SDK provider
+ */
+export interface SdkProviderOptions extends SdkProviderServices {
+    /**
+     * Profile to read from ~/.aws
+     *
+     * @default - No profile
+     */
+    readonly profile?: string;
+}
+/**
+ * SDK configuration for a given environment
+ * 'forEnvironment' will attempt to assume a role and if it
+ * is not successful, then it will either:
+ *   1. Check to see if the default credentials (local credentials the CLI was executed with)
+ *      are for the given environment. If they are then return those.
+ *   2. If the default credentials are not for the given environment then
+ *      throw an error
+ *
+ * 'didAssumeRole' allows callers to whether they are receiving the assume role
+ * credentials or the default credentials.
+ */
+export interface SdkForEnvironment {
+    /**
+     * The SDK for the given environment
+     */
+    readonly sdk: SDK;
+    /**
+     * Whether or not the assume role was successful.
+     * If the assume role was not successful (false)
+     * then that means that the 'sdk' returned contains
+     * the default credentials (not the assume role credentials)
+     */
+    readonly didAssumeRole: boolean;
+}
+/**
+ * Creates instances of the AWS SDK appropriate for a given account/region.
+ *
+ * Behavior is as follows:
+ *
+ * - First, a set of "base" credentials are established
+ *   - If a target environment is given and the default ("current") SDK credentials are for
+ *     that account, return those; otherwise
+ *   - If a target environment is given, scan all credential provider plugins
+ *     for credentials, and return those if found; otherwise
+ *   - Return default ("current") SDK credentials, noting that they might be wrong.
+ *
+ * - Second, a role may optionally need to be assumed. Use the base credentials
+ *   established in the previous process to assume that role.
+ *   - If assuming the role fails and the base credentials are for the correct
+ *     account, return those. This is a fallback for people who are trying to interact
+ *     with a Default Synthesized stack and already have right credentials setup.
+ *
+ *     Typical cases we see in the wild:
+ *     - Credential plugin setup that, although not recommended, works for them
+ *     - Seeded terminal with `ReadOnly` credentials in order to do `cdk diff`--the `ReadOnly`
+ *       role doesn't have `sts:AssumeRole` and will fail for no real good reason.
+ */
+export declare class SdkProvider {
+    /**
+     * Create a new SdkProvider which gets its defaults in a way that behaves like the AWS CLI does
+     *
+     * The AWS SDK for JS behaves slightly differently from the AWS CLI in a number of ways; see the
+     * class `AwsCliCompatible` for the details.
+     */
+    static withAwsCliCompatibleDefaults(options: SdkProviderOptions): Promise<SdkProvider>;
+    readonly defaultRegion: string;
+    private readonly defaultCredentialProvider;
+    private readonly plugins;
+    private readonly requestHandler;
+    private readonly ioHelper;
+    private readonly logger?;
+    constructor(defaultCredentialProvider: AwsCredentialIdentityProvider, defaultRegion: string | undefined, services: SdkProviderServices);
+    /**
+     * Return an SDK which can do operations in the given environment
+     *
+     * The `environment` parameter is resolved first (see `resolveEnvironment()`).
+     */
+    forEnvironment(environment: Environment, mode: Mode, options?: CredentialsOptions, quiet?: boolean): Promise<SdkForEnvironment>;
+    /**
+     * Return the partition that base credentials are for
+     *
+     * Returns `undefined` if there are no base credentials.
+     */
+    baseCredentialsPartition(environment: Environment, mode: Mode): Promise<string | undefined>;
+    /**
+     * Resolve the environment for a stack
+     *
+     * Replaces the magic values `UNKNOWN_REGION` and `UNKNOWN_ACCOUNT`
+     * with the defaults for the current SDK configuration (`~/.aws/config` or
+     * otherwise).
+     *
+     * It is an error if `UNKNOWN_ACCOUNT` is used but the user hasn't configured
+     * any SDK credentials.
+     */
+    resolveEnvironment(env: Environment): Promise<Environment>;
+    /**
+     * The account we'd auth into if we used default credentials.
+     *
+     * Default credentials are the set of ambiently configured credentials using
+     * one of the environment variables, or ~/.aws/credentials, or the *one*
+     * profile that was passed into the CLI.
+     *
+     * Might return undefined if there are no default/ambient credentials
+     * available (in which case the user should better hope they have
+     * credential plugins configured).
+     *
+     * Uses a cache to avoid STS calls if we don't need 'em.
+     */
+    defaultAccount(): Promise<Account | undefined>;
+    /**
+     * Get credentials for the given account ID in the given mode
+     *
+     * 1. Use the default credentials if the destination account matches the
+     *    current credentials' account.
+     * 2. Otherwise try all credential plugins.
+     * 3. Fail if neither of these yield any credentials.
+     * 4. Return a failure if any of them returned credentials
+     */
+    private obtainBaseCredentials;
+    /**
+     * Return an SDK which uses assumed role credentials
+     *
+     * The base credentials used to retrieve the assumed role credentials will be the
+     * same credentials returned by obtainCredentials if an environment and mode is passed,
+     * otherwise it will be the current credentials.
+     */
+    private withAssumedRole;
+}
+/**
+ * An AWS account
+ *
+ * An AWS account always exists in only one partition. Usually we don't care about
+ * the partition, but when we need to form ARNs we do.
+ */
+export interface Account {
+    /**
+     * The account number
+     */
+    readonly accountId: string;
+    /**
+     * The partition ('aws' or 'aws-cn' or otherwise)
+     */
+    readonly partition: string;
+}
+/**
+ * Options for obtaining credentials for an environment
+ */
+export interface CredentialsOptions {
+    /**
+     * The ARN of the role that needs to be assumed, if any
+     */
+    readonly assumeRoleArn?: string;
+    /**
+     * External ID required to assume the given role.
+     */
+    readonly assumeRoleExternalId?: string;
+    /**
+     * Session tags required to assume the given role.
+     */
+    readonly assumeRoleAdditionalOptions?: AssumeRoleAdditionalOptions;
+}
+/**
+ * Instantiate an SDK for context providers. This function ensures that all
+ * lookup assume role options are used when context providers perform lookups.
+ */
+export declare function initContextProviderSdk(aws: SdkProvider, options: ContextLookupRoleOptions): Promise<SDK>;
+export interface SdkProviderServices {
+    /**
+     * An IO helper for emitting messages
+     */
+    readonly ioHelper: IoHelper;
+    /**
+     * The request handler settings
+     */
+    readonly requestHandler?: NodeHttpHandlerOptions;
+    /**
+     * A plugin host
+     */
+    readonly pluginHost?: PluginHost;
+    /**
+     * An SDK logger
+     */
+    readonly logger?: Logger;
+}

package/lib/api/aws-auth/sdk-provider.js

@@ -0,0 +1,373 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var SdkProvider_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SdkProvider = void 0;
+exports.initContextProviderSdk = initContextProviderSdk;
+const os = require("os");
+const cx_api_1 = require("@aws-cdk/cx-api");
+const credential_providers_1 = require("@aws-sdk/credential-providers");
+const awscli_compatible_1 = require("./awscli-compatible");
+const cached_1 = require("./cached");
+const credential_plugins_1 = require("./credential-plugins");
+const provider_caching_1 = require("./provider-caching");
+const sdk_1 = require("./sdk");
+const tracing_1 = require("./tracing");
+const toolkit_error_1 = require("../../toolkit/toolkit-error");
+const util_1 = require("../../util");
+const private_1 = require("../io/private");
+const plugin_1 = require("../plugin");
+const CACHED_ACCOUNT = Symbol('cached_account');
+/**
+ * Creates instances of the AWS SDK appropriate for a given account/region.
+ *
+ * Behavior is as follows:
+ *
+ * - First, a set of "base" credentials are established
+ *   - If a target environment is given and the default ("current") SDK credentials are for
+ *     that account, return those; otherwise
+ *   - If a target environment is given, scan all credential provider plugins
+ *     for credentials, and return those if found; otherwise
+ *   - Return default ("current") SDK credentials, noting that they might be wrong.
+ *
+ * - Second, a role may optionally need to be assumed. Use the base credentials
+ *   established in the previous process to assume that role.
+ *   - If assuming the role fails and the base credentials are for the correct
+ *     account, return those. This is a fallback for people who are trying to interact
+ *     with a Default Synthesized stack and already have right credentials setup.
+ *
+ *     Typical cases we see in the wild:
+ *     - Credential plugin setup that, although not recommended, works for them
+ *     - Seeded terminal with `ReadOnly` credentials in order to do `cdk diff`--the `ReadOnly`
+ *       role doesn't have `sts:AssumeRole` and will fail for no real good reason.
+ */
+let SdkProvider = SdkProvider_1 = class SdkProvider {
+    /**
+     * Create a new SdkProvider which gets its defaults in a way that behaves like the AWS CLI does
+     *
+     * The AWS SDK for JS behaves slightly differently from the AWS CLI in a number of ways; see the
+     * class `AwsCliCompatible` for the details.
+     */
+    static async withAwsCliCompatibleDefaults(options) {
+        (0, tracing_1.callTrace)(SdkProvider_1.withAwsCliCompatibleDefaults.name, SdkProvider_1.constructor.name, options.logger);
+        const config = await new awscli_compatible_1.AwsCliCompatible(options.ioHelper, options.requestHandler ?? {}, options.logger).baseConfig(options.profile);
+        return new SdkProvider_1(config.credentialProvider, config.defaultRegion, options);
+    }
+    defaultRegion;
+    defaultCredentialProvider;
+    plugins;
+    requestHandler;
+    ioHelper;
+    logger;
+    constructor(defaultCredentialProvider, defaultRegion, services) {
+        this.defaultCredentialProvider = defaultCredentialProvider;
+        this.defaultRegion = defaultRegion ?? 'us-east-1';
+        this.requestHandler = services.requestHandler ?? {};
+        this.ioHelper = services.ioHelper;
+        this.logger = services.logger;
+        this.plugins = new credential_plugins_1.CredentialPlugins(services.pluginHost ?? new plugin_1.PluginHost(), this.ioHelper);
+    }
+    /**
+     * Return an SDK which can do operations in the given environment
+     *
+     * The `environment` parameter is resolved first (see `resolveEnvironment()`).
+     */
+    async forEnvironment(environment, mode, options, quiet = false) {
+        const env = await this.resolveEnvironment(environment);
+        const baseCreds = await this.obtainBaseCredentials(env.account, mode);
+        // At this point, we need at least SOME credentials
+        if (baseCreds.source === 'none') {
+            throw new toolkit_error_1.AuthenticationError(fmtObtainCredentialsError(env.account, baseCreds));
+        }
+        // Simple case is if we don't need to "assumeRole" here. If so, we must now have credentials for the right
+        // account.
+        if (options?.assumeRoleArn === undefined) {
+            if (baseCreds.source === 'incorrectDefault') {
+                throw new toolkit_error_1.AuthenticationError(fmtObtainCredentialsError(env.account, baseCreds));
+            }
+            // Our current credentials must be valid and not expired. Confirm that before we get into doing
+            // actual CloudFormation calls, which might take a long time to hang.
+            const sdk = this._makeSdk(baseCreds.credentials, env.region);
+            await sdk.validateCredentials();
+            return { sdk, didAssumeRole: false };
+        }
+        try {
+            // We will proceed to AssumeRole using whatever we've been given.
+            const sdk = await this.withAssumedRole(baseCreds, options.assumeRoleArn, options.assumeRoleExternalId, options.assumeRoleAdditionalOptions, env.region);
+            return { sdk, didAssumeRole: true };
+        }
+        catch (err) {
+            if (err.name === 'ExpiredToken') {
+                throw err;
+            }
+            // AssumeRole failed. Proceed and warn *if and only if* the baseCredentials were already for the right account
+            // or returned from a plugin. This is to cover some current setups for people using plugins or preferring to
+            // feed the CLI credentials which are sufficient by themselves. Prefer to assume the correct role if we can,
+            // but if we can't then let's just try with available credentials anyway.
+            if (baseCreds.source === 'correctDefault' || baseCreds.source === 'plugin') {
+                await this.ioHelper.notify(private_1.IO.DEFAULT_SDK_DEBUG.msg(err.message));
+                const maker = quiet ? private_1.IO.DEFAULT_SDK_DEBUG : private_1.IO.DEFAULT_SDK_WARN;
+                await this.ioHelper.notify(maker.msg(`${fmtObtainedCredentials(baseCreds)} could not be used to assume '${options.assumeRoleArn}', but are for the right account. Proceeding anyway.`));
+                return {
+                    sdk: this._makeSdk(baseCreds.credentials, env.region),
+                    didAssumeRole: false,
+                };
+            }
+            throw err;
+        }
+    }
+    /**
+     * Return the partition that base credentials are for
+     *
+     * Returns `undefined` if there are no base credentials.
+     */
+    async baseCredentialsPartition(environment, mode) {
+        const env = await this.resolveEnvironment(environment);
+        const baseCreds = await this.obtainBaseCredentials(env.account, mode);
+        if (baseCreds.source === 'none') {
+            return undefined;
+        }
+        return (await this._makeSdk(baseCreds.credentials, env.region).currentAccount()).partition;
+    }
+    /**
+     * Resolve the environment for a stack
+     *
+     * Replaces the magic values `UNKNOWN_REGION` and `UNKNOWN_ACCOUNT`
+     * with the defaults for the current SDK configuration (`~/.aws/config` or
+     * otherwise).
+     *
+     * It is an error if `UNKNOWN_ACCOUNT` is used but the user hasn't configured
+     * any SDK credentials.
+     */
+    async resolveEnvironment(env) {
+        const region = env.region !== cx_api_1.UNKNOWN_REGION ? env.region : this.defaultRegion;
+        const account = env.account !== cx_api_1.UNKNOWN_ACCOUNT ? env.account : (await this.defaultAccount())?.accountId;
+        if (!account) {
+            throw new toolkit_error_1.AuthenticationError('Unable to resolve AWS account to use. It must be either configured when you define your CDK Stack, or through the environment');
+        }
+        return {
+            region,
+            account,
+            name: cx_api_1.EnvironmentUtils.format(account, region),
+        };
+    }
+    /**
+     * The account we'd auth into if we used default credentials.
+     *
+     * Default credentials are the set of ambiently configured credentials using
+     * one of the environment variables, or ~/.aws/credentials, or the *one*
+     * profile that was passed into the CLI.
+     *
+     * Might return undefined if there are no default/ambient credentials
+     * available (in which case the user should better hope they have
+     * credential plugins configured).
+     *
+     * Uses a cache to avoid STS calls if we don't need 'em.
+     */
+    async defaultAccount() {
+        return (0, cached_1.cached)(this, CACHED_ACCOUNT, async () => {
+            try {
+                return await this._makeSdk(this.defaultCredentialProvider, this.defaultRegion).currentAccount();
+            }
+            catch (e) {
+                // Treat 'ExpiredToken' specially. This is a common situation that people may find themselves in, and
+                // they are complaining about if we fail 'cdk synth' on them. We loudly complain in order to show that
+                // the current situation is probably undesirable, but we don't fail.
+                if (e.name === 'ExpiredToken') {
+                    await this.ioHelper.notify(private_1.IO.DEFAULT_SDK_WARN.msg('There are expired AWS credentials in your environment. The CDK app will synth without current account information.'));
+                    return undefined;
+                }
+                await this.ioHelper.notify(private_1.IO.DEFAULT_SDK_DEBUG.msg(`Unable to determine the default AWS account (${e.name}): ${(0, util_1.formatErrorMessage)(e)}`));
+                return undefined;
+            }
+        });
+    }
+    /**
+     * Get credentials for the given account ID in the given mode
+     *
+     * 1. Use the default credentials if the destination account matches the
+     *    current credentials' account.
+     * 2. Otherwise try all credential plugins.
+     * 3. Fail if neither of these yield any credentials.
+     * 4. Return a failure if any of them returned credentials
+     */
+    async obtainBaseCredentials(accountId, mode) {
+        // First try 'current' credentials
+        const defaultAccountId = (await this.defaultAccount())?.accountId;
+        if (defaultAccountId === accountId) {
+            return {
+                source: 'correctDefault',
+                credentials: await this.defaultCredentialProvider,
+            };
+        }
+        // Then try the plugins
+        const pluginCreds = await this.plugins.fetchCredentialsFor(accountId, mode);
+        if (pluginCreds) {
+            return { source: 'plugin', ...pluginCreds };
+        }
+        // Fall back to default credentials with a note that they're not the right ones yet
+        if (defaultAccountId !== undefined) {
+            return {
+                source: 'incorrectDefault',
+                accountId: defaultAccountId,
+                credentials: await this.defaultCredentialProvider,
+                unusedPlugins: this.plugins.availablePluginNames,
+            };
+        }
+        // Apparently we didn't find any at all
+        return {
+            source: 'none',
+            unusedPlugins: this.plugins.availablePluginNames,
+        };
+    }
+    /**
+     * Return an SDK which uses assumed role credentials
+     *
+     * The base credentials used to retrieve the assumed role credentials will be the
+     * same credentials returned by obtainCredentials if an environment and mode is passed,
+     * otherwise it will be the current credentials.
+     */
+    async withAssumedRole(mainCredentials, roleArn, externalId, additionalOptions, region) {
+        await this.ioHelper.notify(private_1.IO.DEFAULT_SDK_DEBUG.msg(`Assuming role '${roleArn}'.`));
+        region = region ?? this.defaultRegion;
+        const sourceDescription = fmtObtainedCredentials(mainCredentials);
+        try {
+            const credentials = await (0, provider_caching_1.makeCachingProvider)((0, credential_providers_1.fromTemporaryCredentials)({
+                masterCredentials: mainCredentials.credentials,
+                params: {
+                    RoleArn: roleArn,
+                    ExternalId: externalId,
+                    RoleSessionName: `aws-cdk-${safeUsername()}`,
+                    ...additionalOptions,
+                    TransitiveTagKeys: additionalOptions?.Tags ? additionalOptions.Tags.map((t) => t.Key) : undefined,
+                },
+                clientConfig: {
+                    region,
+                    requestHandler: this.requestHandler,
+                    customUserAgent: 'aws-cdk',
+                    logger: this.logger,
+                },
+                logger: this.logger,
+            }));
+            // Call the provider at least once here, to catch an error if it occurs
+            await credentials();
+            return this._makeSdk(credentials, region);
+        }
+        catch (err) {
+            if (err.name === 'ExpiredToken') {
+                throw err;
+            }
+            await this.ioHelper.notify(private_1.IO.DEFAULT_SDK_DEBUG.msg(`Assuming role failed: ${err.message}`));
+            throw new toolkit_error_1.AuthenticationError([
+                'Could not assume role in target account',
+                ...(sourceDescription ? [`using ${sourceDescription}`] : []),
+                err.message,
+                ". Please make sure that this role exists in the account. If it doesn't exist, (re)-bootstrap the environment " +
+                    "with the right '--trust', using the latest version of the CDK CLI.",
+            ].join(' '));
+        }
+    }
+    /**
+     * Factory function that creates a new SDK instance
+     *
+     * This is a function here, instead of all the places where this is used creating a `new SDK`
+     * instance, so that it is trivial to mock from tests.
+     *
+     * Use like this:
+     *
+     * ```ts
+     * const mockSdk = jest.spyOn(SdkProvider.prototype, '_makeSdk').mockReturnValue(new MockSdk());
+     * // ...
+     * mockSdk.mockRestore();
+     * ```
+     *
+     * @internal
+     */
+    _makeSdk(credProvider, region) {
+        return new sdk_1.SDK(credProvider, region, this.requestHandler, this.ioHelper, this.logger);
+    }
+};
+exports.SdkProvider = SdkProvider;
+exports.SdkProvider = SdkProvider = SdkProvider_1 = __decorate([
+    tracing_1.traceMemberMethods
+], SdkProvider);
+/**
+ * Return the username with characters invalid for a RoleSessionName removed
+ *
+ * @see https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html#API_AssumeRole_RequestParameters
+ */
+function safeUsername() {
+    try {
+        return os.userInfo().username.replace(/[^\w+=,.@-]/g, '@');
+    }
+    catch {
+        return 'noname';
+    }
+}
+/**
+ * Isolating the code that translates calculation errors into human error messages
+ *
+ * We cover the following cases:
+ *
+ * - No credentials are available at all
+ * - Default credentials are for the wrong account
+ */
+function fmtObtainCredentialsError(targetAccountId, obtainResult) {
+    const msg = [`Need to perform AWS calls for account ${targetAccountId}`];
+    switch (obtainResult.source) {
+        case 'incorrectDefault':
+            msg.push(`but the current credentials are for ${obtainResult.accountId}`);
+            break;
+        case 'none':
+            msg.push('but no credentials have been configured');
+    }
+    if (obtainResult.unusedPlugins.length > 0) {
+        msg.push(`and none of these plugins found any: ${obtainResult.unusedPlugins.join(', ')}`);
+    }
+    return msg.join(', ');
+}
+/**
+ * Format a message indicating where we got base credentials for the assume role
+ *
+ * We cover the following cases:
+ *
+ * - Default credentials for the right account
+ * - Default credentials for the wrong account
+ * - Credentials returned from a plugin
+ */
+function fmtObtainedCredentials(obtainResult) {
+    switch (obtainResult.source) {
+        case 'correctDefault':
+            return 'current credentials';
+        case 'plugin':
+            return `credentials returned by plugin '${obtainResult.pluginName}'`;
+        case 'incorrectDefault':
+            const msg = [];
+            msg.push(`current credentials (which are for account ${obtainResult.accountId}`);
+            if (obtainResult.unusedPlugins.length > 0) {
+                msg.push(`, and none of the following plugins provided credentials: ${obtainResult.unusedPlugins.join(', ')}`);
+            }
+            msg.push(')');
+            return msg.join('');
+    }
+}
+/**
+ * Instantiate an SDK for context providers. This function ensures that all
+ * lookup assume role options are used when context providers perform lookups.
+ */
+async function initContextProviderSdk(aws, options) {
+    const account = options.account;
+    const region = options.region;
+    const creds = {
+        assumeRoleArn: options.lookupRoleArn,
+        assumeRoleExternalId: options.lookupRoleExternalId,
+        assumeRoleAdditionalOptions: options.assumeRoleAdditionalOptions,
+    };
+    return (await aws.forEnvironment(cx_api_1.EnvironmentUtils.make(account, region), plugin_1.Mode.ForReading, creds)).sdk;
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoic2RrLXByb3ZpZGVyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsic2RrLXByb3ZpZGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7QUFxZ0JBLHdEQVdDO0FBaGhCRCx5QkFBeUI7QUFHekIsNENBQW9GO0FBRXBGLHdFQUF5RTtBQUd6RSwyREFBdUQ7QUFDdkQscUNBQWtDO0FBQ2xDLDZEQUF5RDtBQUN6RCx5REFBeUQ7QUFDekQsK0JBQTRCO0FBQzVCLHVDQUEwRDtBQUMxRCwrREFBa0U7QUFDbEUscUNBQWdEO0FBQ2hELDJDQUFrRDtBQUNsRCxzQ0FBNkM7QUFnQjdDLE1BQU0sY0FBYyxHQUFHLE1BQU0sQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO0FBNkJoRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztHQXNCRztBQUVJLElBQU0sV0FBVyxtQkFBakIsTUFBTSxXQUFXO0lBQ3RCOzs7OztPQUtHO0lBQ0ksTUFBTSxDQUFDLEtBQUssQ0FBQyw0QkFBNEIsQ0FBQyxPQUEyQjtRQUMxRSxJQUFBLG1CQUFTLEVBQUMsYUFBVyxDQUFDLDRCQUE0QixDQUFDLElBQUksRUFBRSxhQUFXLENBQUMsV0FBVyxDQUFDLElBQUksRUFBRSxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDdkcsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLG9DQUFnQixDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsT0FBTyxDQUFDLGNBQWMsSUFBSSxFQUFFLEVBQUUsT0FBTyxDQUFDLE1BQU0sQ0FBQyxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDdEksT0FBTyxJQUFJLGFBQVcsQ0FBQyxNQUFNLENBQUMsa0JBQWtCLEVBQUUsTUFBTSxDQUFDLGFBQWEsRUFBRSxPQUFPLENBQUMsQ0FBQztJQUNuRixDQUFDO0lBRWUsYUFBYSxDQUFTO0lBQ3JCLHlCQUF5QixDQUFnQztJQUN6RCxPQUFPLENBQUM7SUFDUixjQUFjLENBQXlCO0lBQ3ZDLFFBQVEsQ0FBVztJQUNuQixNQUFNLENBQVU7SUFFakMsWUFDRSx5QkFBd0QsRUFDeEQsYUFBaUMsRUFDakMsUUFBNkI7UUFFN0IsSUFBSSxDQUFDLHlCQUF5QixHQUFHLHlCQUF5QixDQUFDO1FBQzNELElBQUksQ0FBQyxhQUFhLEdBQUcsYUFBYSxJQUFJLFdBQVcsQ0FBQztRQUNsRCxJQUFJLENBQUMsY0FBYyxHQUFHLFFBQVEsQ0FBQyxjQUFjLElBQUksRUFBRSxDQUFDO1FBQ3BELElBQUksQ0FBQyxRQUFRLEdBQUcsUUFBUSxDQUFDLFFBQVEsQ0FBQztRQUNsQyxJQUFJLENBQUMsTUFBTSxHQUFHLFFBQVEsQ0FBQyxNQUFNLENBQUM7UUFDOUIsSUFBSSxDQUFDLE9BQU8sR0FBRyxJQUFJLHNDQUFpQixDQUFDLFFBQVEsQ0FBQyxVQUFVLElBQUksSUFBSSxtQkFBVSxFQUFFLEVBQUUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQy9GLENBQUM7SUFFRDs7OztPQUlHO0lBQ0ksS0FBSyxDQUFDLGNBQWMsQ0FDekIsV0FBd0IsRUFDeEIsSUFBVSxFQUNWLE9BQTRCLEVBQzVCLEtBQUssR0FBRyxLQUFLO1FBRWIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsa0JBQWtCLENBQUMsV0FBVyxDQUFDLENBQUM7UUFFdkQsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsQ0FBQztRQUV0RSxtREFBbUQ7UUFDbkQsSUFBSSxTQUFTLENBQUMsTUFBTSxLQUFLLE1BQU0sRUFBRSxDQUFDO1lBQ2hDLE1BQU0sSUFBSSxtQ0FBbUIsQ0FBQyx5QkFBeUIsQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLFNBQVMsQ0FBQyxDQUFDLENBQUM7UUFDbkYsQ0FBQztRQUVELDBHQUEwRztRQUMxRyxXQUFXO1FBQ1gsSUFBSSxPQUFPLEVBQUUsYUFBYSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ3pDLElBQUksU0FBUyxDQUFDLE1BQU0sS0FBSyxrQkFBa0IsRUFBRSxDQUFDO2dCQUM1QyxNQUFNLElBQUksbUNBQW1CLENBQUMseUJBQXlCLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxTQUFTLENBQUMsQ0FBQyxDQUFDO1lBQ25GLENBQUM7WUFFRCwrRkFBK0Y7WUFDL0YscUVBQXFFO1lBQ3JFLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLFdBQVcsRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUM7WUFDN0QsTUFBTSxHQUFHLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztZQUNoQyxPQUFPLEVBQUUsR0FBRyxFQUFFLGFBQWEsRUFBRSxLQUFLLEVBQUUsQ0FBQztRQUN2QyxDQUFDO1FBRUQsSUFBSSxDQUFDO1lBQ0gsaUVBQWlFO1lBQ2pFLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FDcEMsU0FBUyxFQUNULE9BQU8sQ0FBQyxhQUFhLEVBQ3JCLE9BQU8sQ0FBQyxvQkFBb0IsRUFDNUIsT0FBTyxDQUFDLDJCQUEyQixFQUNuQyxHQUFHLENBQUMsTUFBTSxDQUNYLENBQUM7WUFFRixPQUFPLEVBQUUsR0FBRyxFQUFFLGFBQWEsRUFBRSxJQUFJLEVBQUUsQ0FBQztRQUN0QyxDQUFDO1FBQUMsT0FBTyxHQUFRLEVBQUUsQ0FBQztZQUNsQixJQUFJLEdBQUcsQ0FBQyxJQUFJLEtBQUssY0FBYyxFQUFFLENBQUM7Z0JBQ2hDLE1BQU0sR0FBRyxDQUFDO1lBQ1osQ0FBQztZQUVELDhHQUE4RztZQUM5Ryw0R0FBNEc7WUFDNUcsNEdBQTRHO1lBQzVHLHlFQUF5RTtZQUN6RSxJQUFJLFNBQVMsQ0FBQyxNQUFNLEtBQUssZ0JBQWdCLElBQUksU0FBUyxDQUFDLE1BQU0sS0FBSyxRQUFRLEVBQUUsQ0FBQztnQkFDM0UsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxZQUFFLENBQUMsaUJBQWlCLENBQUMsR0FBRyxDQUFDLEdBQUcsQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO2dCQUVsRSxNQUFNLEtBQUssR0FBRyxLQUFLLENBQUMsQ0FBQyxDQUFDLFlBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDLENBQUMsWUFBRSxDQUFDLGdCQUFnQixDQUFDO2dCQUNqRSxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQ2xDLEdBQUcsc0JBQXNCLENBQUMsU0FBUyxDQUFDLGlDQUFpQyxPQUFPLENBQUMsYUFBYSxzREFBc0QsQ0FDakosQ0FBQyxDQUFDO2dCQUNILE9BQU87b0JBQ0wsR0FBRyxFQUFFLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLFdBQVcsRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDO29CQUNyRCxhQUFhLEVBQUUsS0FBSztpQkFDckIsQ0FBQztZQUNKLENBQUM7WUFFRCxNQUFNLEdBQUcsQ0FBQztRQUNaLENBQUM7SUFDSCxDQUFDO0lBRUQ7Ozs7T0FJRztJQUNJLEtBQUssQ0FBQyx3QkFBd0IsQ0FBQyxXQUF3QixFQUFFLElBQVU7UUFDeEUsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsa0JBQWtCLENBQUMsV0FBVyxDQUFDLENBQUM7UUFDdkQsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxJQUFJLENBQUMsQ0FBQztRQUN0RSxJQUFJLFNBQVMsQ0FBQyxNQUFNLEtBQUssTUFBTSxFQUFFLENBQUM7WUFDaEMsT0FBTyxTQUFTLENBQUM7UUFDbkIsQ0FBQztRQUNELE9BQU8sQ0FBQyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsU0FBUyxDQUFDLFdBQVcsRUFBRSxHQUFHLENBQUMsTUFBTSxDQUFDLENBQUMsY0FBYyxFQUFFLENBQUMsQ0FBQyxTQUFTLENBQUM7SUFDN0YsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUNJLEtBQUssQ0FBQyxrQkFBa0IsQ0FBQyxHQUFnQjtRQUM5QyxNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsTUFBTSxLQUFLLHVCQUFjLENBQUMsQ0FBQyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUM7UUFDL0UsTUFBTSxPQUFPLEdBQUcsR0FBRyxDQUFDLE9BQU8sS0FBSyx3QkFBZSxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLE1BQU0sSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDLEVBQUUsU0FBUyxDQUFDO1FBRXpHLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUNiLE1BQU0sSUFBSSxtQ0FBbUIsQ0FDM0IsK0hBQStILENBQ2hJLENBQUM7UUFDSixDQUFDO1FBRUQsT0FBTztZQUNMLE1BQU07WUFDTixPQUFPO1lBQ1AsSUFBSSxFQUFFLHlCQUFnQixDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsTUFBTSxDQUFDO1NBQy9DLENBQUM7SUFDSixDQUFDO0lBRUQ7Ozs7Ozs7Ozs7OztPQVlHO0lBQ0ksS0FBSyxDQUFDLGNBQWM7UUFDekIsT0FBTyxJQUFBLGVBQU0sRUFBQyxJQUFJLEVBQUUsY0FBYyxFQUFFLEtBQUssSUFBSSxFQUFFO1lBQzdDLElBQUksQ0FBQztnQkFDSCxPQUFPLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMseUJBQXlCLEVBQUUsSUFBSSxDQUFDLGFBQWEsQ0FBQyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBQ2xHLENBQUM7WUFBQyxPQUFPLENBQU0sRUFBRSxDQUFDO2dCQUNoQixxR0FBcUc7Z0JBQ3JHLHNHQUFzRztnQkFDdEcsb0VBQW9FO2dCQUNwRSxJQUFJLENBQUMsQ0FBQyxJQUFJLEtBQUssY0FBYyxFQUFFLENBQUM7b0JBQzlCLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLGdCQUFnQixDQUFDLEdBQUcsQ0FDaEQsb0hBQW9ILENBQ3JILENBQUMsQ0FBQztvQkFDSCxPQUFPLFNBQVMsQ0FBQztnQkFDbkIsQ0FBQztnQkFFRCxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLFlBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsZ0RBQWdELENBQUMsQ0FBQyxJQUFJLE1BQU0sSUFBQSx5QkFBa0IsRUFBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztnQkFDMUksT0FBTyxTQUFTLENBQUM7WUFDbkIsQ0FBQztRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0ssS0FBSyxDQUFDLHFCQUFxQixDQUFDLFNBQWlCLEVBQUUsSUFBVTtRQUMvRCxrQ0FBa0M7UUFDbEMsTUFBTSxnQkFBZ0IsR0FBRyxDQUFDLE1BQU0sSUFBSSxDQUFDLGNBQWMsRUFBRSxDQUFDLEVBQUUsU0FBUyxDQUFDO1FBQ2xFLElBQUksZ0JBQWdCLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDbkMsT0FBTztnQkFDTCxNQUFNLEVBQUUsZ0JBQWdCO2dCQUN4QixXQUFXLEVBQUUsTUFBTSxJQUFJLENBQUMseUJBQXlCO2FBQ2xELENBQUM7UUFDSixDQUFDO1FBRUQsdUJBQXVCO1FBQ3ZCLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQyxTQUFTLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDNUUsSUFBSSxXQUFXLEVBQUUsQ0FBQztZQUNoQixPQUFPLEVBQUUsTUFBTSxFQUFFLFFBQVEsRUFBRSxHQUFHLFdBQVcsRUFBRSxDQUFDO1FBQzlDLENBQUM7UUFFRCxtRkFBbUY7UUFDbkYsSUFBSSxnQkFBZ0IsS0FBSyxTQUFTLEVBQUUsQ0FBQztZQUNuQyxPQUFPO2dCQUNMLE1BQU0sRUFBRSxrQkFBa0I7Z0JBQzFCLFNBQVMsRUFBRSxnQkFBZ0I7Z0JBQzNCLFdBQVcsRUFBRSxNQUFNLElBQUksQ0FBQyx5QkFBeUI7Z0JBQ2pELGFBQWEsRUFBRSxJQUFJLENBQUMsT0FBTyxDQUFDLG9CQUFvQjthQUNqRCxDQUFDO1FBQ0osQ0FBQztRQUVELHVDQUF1QztRQUN2QyxPQUFPO1lBQ0wsTUFBTSxFQUFFLE1BQU07WUFDZCxhQUFhLEVBQUUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxvQkFBb0I7U0FDakQsQ0FBQztJQUNKLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSyxLQUFLLENBQUMsZUFBZSxDQUMzQixlQUF5RSxFQUN6RSxPQUFlLEVBQ2YsVUFBbUIsRUFDbkIsaUJBQStDLEVBQy9DLE1BQWU7UUFFZixNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFDLFlBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxHQUFHLENBQUMsa0JBQWtCLE9BQU8sSUFBSSxDQUFDLENBQUMsQ0FBQztRQUVwRixNQUFNLEdBQUcsTUFBTSxJQUFJLElBQUksQ0FBQyxhQUFhLENBQUM7UUFFdEMsTUFBTSxpQkFBaUIsR0FBRyxzQkFBc0IsQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUVsRSxJQUFJLENBQUM7WUFDSCxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUEsc0NBQW1CLEVBQUMsSUFBQSwrQ0FBd0IsRUFBQztnQkFDckUsaUJBQWlCLEVBQUUsZUFBZSxDQUFDLFdBQVc7Z0JBQzlDLE1BQU0sRUFBRTtvQkFDTixPQUFPLEVBQUUsT0FBTztvQkFDaEIsVUFBVSxFQUFFLFVBQVU7b0JBQ3RCLGVBQWUsRUFBRSxXQUFXLFlBQVksRUFBRSxFQUFFO29CQUM1QyxHQUFHLGlCQUFpQjtvQkFDcEIsaUJBQWlCLEVBQUUsaUJBQWlCLEVBQUUsSUFBSSxDQUFDLENBQUMsQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsR0FBSSxDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVM7aUJBQ25HO2dCQUNELFlBQVksRUFBRTtvQkFDWixNQUFNO29CQUNOLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYztvQkFDbkMsZUFBZSxFQUFFLFNBQVM7b0JBQzFCLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTTtpQkFDcEI7Z0JBQ0QsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNO2FBQ3BCLENBQUMsQ0FBQyxDQUFDO1lBRUosdUVBQXVFO1lBQ3ZFLE1BQU0sV0FBVyxFQUFFLENBQUM7WUFFcEIsT0FBTyxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUM1QyxDQUFDO1FBQUMsT0FBTyxHQUFRLEVBQUUsQ0FBQztZQUNsQixJQUFJLEdBQUcsQ0FBQyxJQUFJLEtBQUssY0FBYyxFQUFFLENBQUM7Z0JBQ2hDLE1BQU0sR0FBRyxDQUFDO1lBQ1osQ0FBQztZQUVELE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsWUFBRSxDQUFDLGlCQUFpQixDQUFDLEdBQUcsQ0FBQyx5QkFBeUIsR0FBRyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQztZQUM3RixNQUFNLElBQUksbUNBQW1CLENBQzNCO2dCQUNFLHlDQUF5QztnQkFDekMsR0FBRyxDQUFDLGlCQUFpQixDQUFDLENBQUMsQ0FBQyxDQUFDLFNBQVMsaUJBQWlCLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7Z0JBQzVELEdBQUcsQ0FBQyxPQUFPO2dCQUNYLCtHQUErRztvQkFDN0csb0VBQW9FO2FBQ3ZFLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUNaLENBQUM7UUFDSixDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7Ozs7Ozs7Ozs7Ozs7T0FlRztJQUNJLFFBQVEsQ0FDYixZQUEyQyxFQUMzQyxNQUFjO1FBRWQsT0FBTyxJQUFJLFNBQUcsQ0FBQyxZQUFZLEVBQUUsTUFBTSxFQUFFLElBQUksQ0FBQyxjQUFjLEVBQUUsSUFBSSxDQUFDLFFBQVEsRUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUM7SUFDeEYsQ0FBQztDQUNGLENBQUE7QUFoVFksa0NBQVc7c0JBQVgsV0FBVztJQUR2Qiw0QkFBa0I7R0FDTixXQUFXLENBZ1R2QjtBQW9CRDs7OztHQUlHO0FBQ0gsU0FBUyxZQUFZO0lBQ25CLElBQUksQ0FBQztRQUNILE9BQU8sRUFBRSxDQUFDLFFBQVEsRUFBRSxDQUFDLFFBQVEsQ0FBQyxPQUFPLENBQUMsY0FBYyxFQUFFLEdBQUcsQ0FBQyxDQUFDO0lBQzdELENBQUM7SUFBQyxNQUFNLENBQUM7UUFDUCxPQUFPLFFBQVEsQ0FBQztJQUNsQixDQUFDO0FBQ0gsQ0FBQztBQW9DRDs7Ozs7OztHQU9HO0FBQ0gsU0FBUyx5QkFBeUIsQ0FDaEMsZUFBdUIsRUFDdkIsWUFFQztJQUVELE1BQU0sR0FBRyxHQUFHLENBQUMseUNBQXlDLGVBQWUsRUFBRSxDQUFDLENBQUM7SUFDekUsUUFBUSxZQUFZLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDNUIsS0FBSyxrQkFBa0I7WUFDckIsR0FBRyxDQUFDLElBQUksQ0FBQyx1Q0FBdUMsWUFBWSxDQUFDLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDMUUsTUFBTTtRQUNSLEtBQUssTUFBTTtZQUNULEdBQUcsQ0FBQyxJQUFJLENBQUMseUNBQXlDLENBQUMsQ0FBQztJQUN4RCxDQUFDO0lBQ0QsSUFBSSxZQUFZLENBQUMsYUFBYSxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztRQUMxQyxHQUFHLENBQUMsSUFBSSxDQUFDLHdDQUF3QyxZQUFZLENBQUMsYUFBYSxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7SUFDNUYsQ0FBQztJQUNELE9BQU8sR0FBRyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztBQUN4QixDQUFDO0FBRUQ7Ozs7Ozs7O0dBUUc7QUFDSCxTQUFTLHNCQUFzQixDQUFDLFlBQXNFO0lBQ3BHLFFBQVEsWUFBWSxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQzVCLEtBQUssZ0JBQWdCO1lBQ25CLE9BQU8scUJBQXFCLENBQUM7UUFDL0IsS0FBSyxRQUFRO1lBQ1gsT0FBTyxtQ0FBbUMsWUFBWSxDQUFDLFVBQVUsR0FBRyxDQUFDO1FBQ3ZFLEtBQUssa0JBQWtCO1lBQ3JCLE1BQU0sR0FBRyxHQUFHLEVBQUUsQ0FBQztZQUNmLEdBQUcsQ0FBQyxJQUFJLENBQUMsOENBQThDLFlBQVksQ0FBQyxTQUFTLEVBQUUsQ0FBQyxDQUFDO1lBRWpGLElBQUksWUFBWSxDQUFDLGFBQWEsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFLENBQUM7Z0JBQzFDLEdBQUcsQ0FBQyxJQUFJLENBQUMsNkRBQTZELFlBQVksQ0FBQyxhQUFhLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNqSCxDQUFDO1lBQ0QsR0FBRyxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUVkLE9BQU8sR0FBRyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN4QixDQUFDO0FBQ0gsQ0FBQztBQUVEOzs7R0FHRztBQUNJLEtBQUssVUFBVSxzQkFBc0IsQ0FBQyxHQUFnQixFQUFFLE9BQWlDO0lBQzlGLE1BQU0sT0FBTyxHQUFHLE9BQU8sQ0FBQyxPQUFPLENBQUM7SUFDaEMsTUFBTSxNQUFNLEdBQUcsT0FBTyxDQUFDLE1BQU0sQ0FBQztJQUU5QixNQUFNLEtBQUssR0FBdUI7UUFDaEMsYUFBYSxFQUFFLE9BQU8sQ0FBQyxhQUFhO1FBQ3BDLG9CQUFvQixFQUFFLE9BQU8sQ0FBQyxvQkFBb0I7UUFDbEQsMkJBQTJCLEVBQUUsT0FBTyxDQUFDLDJCQUEyQjtLQUNqRSxDQUFDO0lBRUYsT0FBTyxDQUFDLE1BQU0sR0FBRyxDQUFDLGNBQWMsQ0FBQyx5QkFBZ0IsQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLE1BQU0sQ0FBQyxFQUFFLGFBQUksQ0FBQyxVQUFVLEVBQUUsS0FBSyxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUM7QUFDeEcsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIG9zIGZyb20gJ29zJztcbmltcG9ydCB0eXBlIHsgQ29udGV4dExvb2t1cFJvbGVPcHRpb25zIH0gZnJvbSAnQGF3cy1jZGsvY2xvdWQtYXNzZW1ibHktc2NoZW1hJztcbmltcG9ydCB0eXBlIHsgRW52aXJvbm1lbnQgfSBmcm9tICdAYXdzLWNkay9jeC1hcGknO1xuaW1wb3J0IHsgRW52aXJvbm1lbnRVdGlscywgVU5LTk9XTl9BQ0NPVU5ULCBVTktOT1dOX1JFR0lPTiB9IGZyb20gJ0Bhd3MtY2RrL2N4LWFwaSc7XG5pbXBvcnQgdHlwZSB7IEFzc3VtZVJvbGVDb21tYW5kSW5wdXQgfSBmcm9tICdAYXdzLXNkay9jbGllbnQtc3RzJztcbmltcG9ydCB7IGZyb21UZW1wb3JhcnlDcmVkZW50aWFscyB9IGZyb20gJ0Bhd3Mtc2RrL2NyZWRlbnRpYWwtcHJvdmlkZXJzJztcbmltcG9ydCB0eXBlIHsgTm9kZUh0dHBIYW5kbGVyT3B0aW9ucyB9IGZyb20gJ0BzbWl0aHkvbm9kZS1odHRwLWhhbmRsZXInO1xuaW1wb3J0IHR5cGUgeyBBd3NDcmVkZW50aWFsSWRlbnRpdHlQcm92aWRlciwgTG9nZ2VyIH0gZnJvbSAnQHNtaXRoeS90eXBlcyc7XG5pbXBvcnQgeyBBd3NDbGlDb21wYXRpYmxlIH0gZnJvbSAnLi9hd3NjbGktY29tcGF0aWJsZSc7XG5pbXBvcnQgeyBjYWNoZWQgfSBmcm9tICcuL2NhY2hlZCc7XG5pbXBvcnQgeyBDcmVkZW50aWFsUGx1Z2lucyB9IGZyb20gJy4vY3JlZGVudGlhbC1wbHVnaW5zJztcbmltcG9ydCB7IG1ha2VDYWNoaW5nUHJvdmlkZXIgfSBmcm9tICcuL3Byb3ZpZGVyLWNhY2hpbmcnO1xuaW1wb3J0IHsgU0RLIH0gZnJvbSAnLi9zZGsnO1xuaW1wb3J0IHsgY2FsbFRyYWNlLCB0cmFjZU1lbWJlck1ldGhvZHMgfSBmcm9tICcuL3RyYWNpbmcnO1xuaW1wb3J0IHsgQXV0aGVudGljYXRpb25FcnJvciB9IGZyb20gJy4uLy4uL3Rvb2xraXQvdG9vbGtpdC1lcnJvcic7XG5pbXBvcnQgeyBmb3JtYXRFcnJvck1lc3NhZ2UgfSBmcm9tICcuLi8uLi91dGlsJztcbmltcG9ydCB7IElPLCB0eXBlIElvSGVscGVyIH0gZnJvbSAnLi4vaW8vcHJpdmF0ZSc7XG5pbXBvcnQgeyBQbHVnaW5Ib3N0LCBNb2RlIH0gZnJvbSAnLi4vcGx1Z2luJztcblxuZXhwb3J0IHR5cGUgQXNzdW1lUm9sZUFkZGl0aW9uYWxPcHRpb25zID0gUGFydGlhbDxPbWl0PEFzc3VtZVJvbGVDb21tYW5kSW5wdXQsICdFeHRlcm5hbElkJyB8ICdSb2xlQXJuJz4+O1xuXG4vKipcbiAqIE9wdGlvbnMgZm9yIHRoZSBkZWZhdWx0IFNESyBwcm92aWRlclxuICovXG5leHBvcnQgaW50ZXJmYWNlIFNka1Byb3ZpZGVyT3B0aW9ucyBleHRlbmRzIFNka1Byb3ZpZGVyU2VydmljZXMge1xuICAvKipcbiAgICogUHJvZmlsZSB0byByZWFkIGZyb20gfi8uYXdzXG4gICAqXG4gICAqIEBkZWZhdWx0IC0gTm8gcHJvZmlsZVxuICAgKi9cbiAgcmVhZG9ubHkgcHJvZmlsZT86IHN0cmluZztcbn1cblxuY29uc3QgQ0FDSEVEX0FDQ09VTlQgPSBTeW1ib2woJ2NhY2hlZF9hY2NvdW50Jyk7XG5cbi8qKlxuICogU0RLIGNvbmZpZ3VyYXRpb24gZm9yIGEgZ2l2ZW4gZW52aXJvbm1lbnRcbiAqICdmb3JFbnZpcm9ubWVudCcgd2lsbCBhdHRlbXB0IHRvIGFzc3VtZSBhIHJvbGUgYW5kIGlmIGl0XG4gKiBpcyBub3Qgc3VjY2Vzc2Z1bCwgdGhlbiBpdCB3aWxsIGVpdGhlcjpcbiAqICAgMS4gQ2hlY2sgdG8gc2VlIGlmIHRoZSBkZWZhdWx0IGNyZWRlbnRpYWxzIChsb2NhbCBjcmVkZW50aWFscyB0aGUgQ0xJIHdhcyBleGVjdXRlZCB3aXRoKVxuICogICAgICBhcmUgZm9yIHRoZSBnaXZlbiBlbnZpcm9ubWVudC4gSWYgdGhleSBhcmUgdGhlbiByZXR1cm4gdGhvc2UuXG4gKiAgIDIuIElmIHRoZSBkZWZhdWx0IGNyZWRlbnRpYWxzIGFyZSBub3QgZm9yIHRoZSBnaXZlbiBlbnZpcm9ubWVudCB0aGVuXG4gKiAgICAgIHRocm93IGFuIGVycm9yXG4gKlxuICogJ2RpZEFzc3VtZVJvbGUnIGFsbG93cyBjYWxsZXJzIHRvIHdoZXRoZXIgdGhleSBhcmUgcmVjZWl2aW5nIHRoZSBhc3N1bWUgcm9sZVxuICogY3JlZGVudGlhbHMgb3IgdGhlIGRlZmF1bHQgY3JlZGVudGlhbHMuXG4gKi9cbmV4cG9ydCBpbnRlcmZhY2UgU2RrRm9yRW52aXJvbm1lbnQge1xuICAvKipcbiAgICogVGhlIFNESyBmb3IgdGhlIGdpdmVuIGVudmlyb25tZW50XG4gICAqL1xuICByZWFkb25seSBzZGs6IFNESztcblxuICAvKipcbiAgICogV2hldGhlciBvciBub3QgdGhlIGFzc3VtZSByb2xlIHdhcyBzdWNjZXNzZnVsLlxuICAgKiBJZiB0aGUgYXNzdW1lIHJvbGUgd2FzIG5vdCBzdWNjZXNzZnVsIChmYWxzZSlcbiAgICogdGhlbiB0aGF0IG1lYW5zIHRoYXQgdGhlICdzZGsnIHJldHVybmVkIGNvbnRhaW5zXG4gICAqIHRoZSBkZWZhdWx0IGNyZWRlbnRpYWxzIChub3QgdGhlIGFzc3VtZSByb2xlIGNyZWRlbnRpYWxzKVxuICAgKi9cbiAgcmVhZG9ubHkgZGlkQXNzdW1lUm9sZTogYm9vbGVhbjtcbn1cblxuLyoqXG4gKiBDcmVhdGVzIGluc3RhbmNlcyBvZiB0aGUgQVdTIFNESyBhcHByb3ByaWF0ZSBmb3IgYSBnaXZlbiBhY2NvdW50L3JlZ2lvbi5cbiAqXG4gKiBCZWhhdmlvciBpcyBhcyBmb2xsb3dzOlxuICpcbiAqIC0gRmlyc3QsIGEgc2V0IG9mIFwiYmFzZVwiIGNyZWRlbnRpYWxzIGFyZSBlc3RhYmxpc2hlZFxuICogICAtIElmIGEgdGFyZ2V0IGVudmlyb25tZW50IGlzIGdpdmVuIGFuZCB0aGUgZGVmYXVsdCAoXCJjdXJyZW50XCIpIFNESyBjcmVkZW50aWFscyBhcmUgZm9yXG4gKiAgICAgdGhhdCBhY2NvdW50LCByZXR1cm4gdGhvc2U7IG90aGVyd2lzZVxuICogICAtIElmIGEgdGFyZ2V0IGVudmlyb25tZW50IGlzIGdpdmVuLCBzY2FuIGFsbCBjcmVkZW50aWFsIHByb3ZpZGVyIHBsdWdpbnNcbiAqICAgICBmb3IgY3JlZGVudGlhbHMsIGFuZCByZXR1cm4gdGhvc2UgaWYgZm91bmQ7IG90aGVyd2lzZVxuICogICAtIFJldHVybiBkZWZhdWx0IChcImN1cnJlbnRcIikgU0RLIGNyZWRlbnRpYWxzLCBub3RpbmcgdGhhdCB0aGV5IG1pZ2h0IGJlIHdyb25nLlxuICpcbiAqIC0gU2Vjb25kLCBhIHJvbGUgbWF5IG9wdGlvbmFsbHkgbmVlZCB0byBiZSBhc3N1bWVkLiBVc2UgdGhlIGJhc2UgY3JlZGVudGlhbHNcbiAqICAgZXN0YWJsaXNoZWQgaW4gdGhlIHByZXZpb3VzIHByb2Nlc3MgdG8gYXNzdW1lIHRoYXQgcm9sZS5cbiAqICAgLSBJZiBhc3N1bWluZyB0aGUgcm9sZSBmYWlscyBhbmQgdGhlIGJhc2UgY3JlZGVudGlhbHMgYXJlIGZvciB0aGUgY29ycmVjdFxuICogICAgIGFjY291bnQsIHJldHVybiB0aG9zZS4gVGhpcyBpcyBhIGZhbGxiYWNrIGZvciBwZW9wbGUgd2hvIGFyZSB0cnlpbmcgdG8gaW50ZXJhY3RcbiAqICAgICB3aXRoIGEgRGVmYXVsdCBTeW50aGVzaXplZCBzdGFjayBhbmQgYWxyZWFkeSBoYXZlIHJpZ2h0IGNyZWRlbnRpYWxzIHNldHVwLlxuICpcbiAqICAgICBUeXBpY2FsIGNhc2VzIHdlIHNlZSBpbiB0aGUgd2lsZDpcbiAqICAgICAtIENyZWRlbnRpYWwgcGx1Z2luIHNldHVwIHRoYXQsIGFsdGhvdWdoIG5vdCByZWNvbW1lbmRlZCwgd29ya3MgZm9yIHRoZW1cbiAqICAgICAtIFNlZWRlZCB0ZXJtaW5hbCB3aXRoIGBSZWFkT25seWAgY3JlZGVudGlhbHMgaW4gb3JkZXIgdG8gZG8gYGNkayBkaWZmYC0tdGhlIGBSZWFkT25seWBcbiAqICAgICAgIHJvbGUgZG9lc24ndCBoYXZlIGBzdHM6QXNzdW1lUm9sZWAgYW5kIHdpbGwgZmFpbCBmb3Igbm8gcmVhbCBnb29kIHJlYXNvbi5cbiAqL1xuQHRyYWNlTWVtYmVyTWV0aG9kc1xuZXhwb3J0IGNsYXNzIFNka1Byb3ZpZGVyIHtcbiAgLyoqXG4gICAqIENyZWF0ZSBhIG5ldyBTZGtQcm92aWRlciB3aGljaCBnZXRzIGl0cyBkZWZhdWx0cyBpbiBhIHdheSB0aGF0IGJlaGF2ZXMgbGlrZSB0aGUgQVdTIENMSSBkb2VzXG4gICAqXG4gICAqIFRoZSBBV1MgU0RLIGZvciBKUyBiZWhhdmVzIHNsaWdodGx5IGRpZmZlcmVudGx5IGZyb20gdGhlIEFXUyBDTEkgaW4gYSBudW1iZXIgb2Ygd2F5czsgc2VlIHRoZVxuICAgKiBjbGFzcyBgQXdzQ2xpQ29tcGF0aWJsZWAgZm9yIHRoZSBkZXRhaWxzLlxuICAgKi9cbiAgcHVibGljIHN0YXRpYyBhc3luYyB3aXRoQXdzQ2xpQ29tcGF0aWJsZURlZmF1bHRzKG9wdGlvbnM6IFNka1Byb3ZpZGVyT3B0aW9ucykge1xuICAgIGNhbGxUcmFjZShTZGtQcm92aWRlci53aXRoQXdzQ2xpQ29tcGF0aWJsZURlZmF1bHRzLm5hbWUsIFNka1Byb3ZpZGVyLmNvbnN0cnVjdG9yLm5hbWUsIG9wdGlvbnMubG9nZ2VyKTtcbiAgICBjb25zdCBjb25maWcgPSBhd2FpdCBuZXcgQXdzQ2xpQ29tcGF0aWJsZShvcHRpb25zLmlvSGVscGVyLCBvcHRpb25zLnJlcXVlc3RIYW5kbGVyID8/IHt9LCBvcHRpb25zLmxvZ2dlcikuYmFzZUNvbmZpZyhvcHRpb25zLnByb2ZpbGUpO1xuICAgIHJldHVybiBuZXcgU2RrUHJvdmlkZXIoY29uZmlnLmNyZWRlbnRpYWxQcm92aWRlciwgY29uZmlnLmRlZmF1bHRSZWdpb24sIG9wdGlvbnMpO1xuICB9XG5cbiAgcHVibGljIHJlYWRvbmx5IGRlZmF1bHRSZWdpb246IHN0cmluZztcbiAgcHJpdmF0ZSByZWFkb25seSBkZWZhdWx0Q3JlZGVudGlhbFByb3ZpZGVyOiBBd3NDcmVkZW50aWFsSWRlbnRpdHlQcm92aWRlcjtcbiAgcHJpdmF0ZSByZWFkb25seSBwbHVnaW5zO1xuICBwcml2YXRlIHJlYWRvbmx5IHJlcXVlc3RIYW5kbGVyOiBOb2RlSHR0cEhhbmRsZXJPcHRpb25zO1xuICBwcml2YXRlIHJlYWRvbmx5IGlvSGVscGVyOiBJb0hlbHBlcjtcbiAgcHJpdmF0ZSByZWFkb25seSBsb2dnZXI/OiBMb2dnZXI7XG5cbiAgcHVibGljIGNvbnN0cnVjdG9yKFxuICAgIGRlZmF1bHRDcmVkZW50aWFsUHJvdmlkZXI6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyLFxuICAgIGRlZmF1bHRSZWdpb246IHN0cmluZyB8IHVuZGVmaW5lZCxcbiAgICBzZXJ2aWNlczogU2RrUHJvdmlkZXJTZXJ2aWNlcyxcbiAgKSB7XG4gICAgdGhpcy5kZWZhdWx0Q3JlZGVudGlhbFByb3ZpZGVyID0gZGVmYXVsdENyZWRlbnRpYWxQcm92aWRlcjtcbiAgICB0aGlzLmRlZmF1bHRSZWdpb24gPSBkZWZhdWx0UmVnaW9uID8/ICd1cy1lYXN0LTEnO1xuICAgIHRoaXMucmVxdWVzdEhhbmRsZXIgPSBzZXJ2aWNlcy5yZXF1ZXN0SGFuZGxlciA/PyB7fTtcbiAgICB0aGlzLmlvSGVscGVyID0gc2VydmljZXMuaW9IZWxwZXI7XG4gICAgdGhpcy5sb2dnZXIgPSBzZXJ2aWNlcy5sb2dnZXI7XG4gICAgdGhpcy5wbHVnaW5zID0gbmV3IENyZWRlbnRpYWxQbHVnaW5zKHNlcnZpY2VzLnBsdWdpbkhvc3QgPz8gbmV3IFBsdWdpbkhvc3QoKSwgdGhpcy5pb0hlbHBlcik7XG4gIH1cblxuICAvKipcbiAgICogUmV0dXJuIGFuIFNESyB3aGljaCBjYW4gZG8gb3BlcmF0aW9ucyBpbiB0aGUgZ2l2ZW4gZW52aXJvbm1lbnRcbiAgICpcbiAgICogVGhlIGBlbnZpcm9ubWVudGAgcGFyYW1ldGVyIGlzIHJlc29sdmVkIGZpcnN0IChzZWUgYHJlc29sdmVFbnZpcm9ubWVudCgpYCkuXG4gICAqL1xuICBwdWJsaWMgYXN5bmMgZm9yRW52aXJvbm1lbnQoXG4gICAgZW52aXJvbm1lbnQ6IEVudmlyb25tZW50LFxuICAgIG1vZGU6IE1vZGUsXG4gICAgb3B0aW9ucz86IENyZWRlbnRpYWxzT3B0aW9ucyxcbiAgICBxdWlldCA9IGZhbHNlLFxuICApOiBQcm9taXNlPFNka0ZvckVudmlyb25tZW50PiB7XG4gICAgY29uc3QgZW52ID0gYXdhaXQgdGhpcy5yZXNvbHZlRW52aXJvbm1lbnQoZW52aXJvbm1lbnQpO1xuXG4gICAgY29uc3QgYmFzZUNyZWRzID0gYXdhaXQgdGhpcy5vYnRhaW5CYXNlQ3JlZGVudGlhbHMoZW52LmFjY291bnQsIG1vZGUpO1xuXG4gICAgLy8gQXQgdGhpcyBwb2ludCwgd2UgbmVlZCBhdCBsZWFzdCBTT01FIGNyZWRlbnRpYWxzXG4gICAgaWYgKGJhc2VDcmVkcy5zb3VyY2UgPT09ICdub25lJykge1xuICAgICAgdGhyb3cgbmV3IEF1dGhlbnRpY2F0aW9uRXJyb3IoZm10T2J0YWluQ3JlZGVudGlhbHNFcnJvcihlbnYuYWNjb3VudCwgYmFzZUNyZWRzKSk7XG4gICAgfVxuXG4gICAgLy8gU2ltcGxlIGNhc2UgaXMgaWYgd2UgZG9uJ3QgbmVlZCB0byBcImFzc3VtZVJvbGVcIiBoZXJlLiBJZiBzbywgd2UgbXVzdCBub3cgaGF2ZSBjcmVkZW50aWFscyBmb3IgdGhlIHJpZ2h0XG4gICAgLy8gYWNjb3VudC5cbiAgICBpZiAob3B0aW9ucz8uYXNzdW1lUm9sZUFybiA9PT0gdW5kZWZpbmVkKSB7XG4gICAgICBpZiAoYmFzZUNyZWRzLnNvdXJjZSA9PT0gJ2luY29ycmVjdERlZmF1bHQnKSB7XG4gICAgICAgIHRocm93IG5ldyBBdXRoZW50aWNhdGlvbkVycm9yKGZtdE9idGFpbkNyZWRlbnRpYWxzRXJyb3IoZW52LmFjY291bnQsIGJhc2VDcmVkcykpO1xuICAgICAgfVxuXG4gICAgICAvLyBPdXIgY3VycmVudCBjcmVkZW50aWFscyBtdXN0IGJlIHZhbGlkIGFuZCBub3QgZXhwaXJlZC4gQ29uZmlybSB0aGF0IGJlZm9yZSB3ZSBnZXQgaW50byBkb2luZ1xuICAgICAgLy8gYWN0dWFsIENsb3VkRm9ybWF0aW9uIGNhbGxzLCB3aGljaCBtaWdodCB0YWtlIGEgbG9uZyB0aW1lIHRvIGhhbmcuXG4gICAgICBjb25zdCBzZGsgPSB0aGlzLl9tYWtlU2RrKGJhc2VDcmVkcy5jcmVkZW50aWFscywgZW52LnJlZ2lvbik7XG4gICAgICBhd2FpdCBzZGsudmFsaWRhdGVDcmVkZW50aWFscygpO1xuICAgICAgcmV0dXJuIHsgc2RrLCBkaWRBc3N1bWVSb2xlOiBmYWxzZSB9O1xuICAgIH1cblxuICAgIHRyeSB7XG4gICAgICAvLyBXZSB3aWxsIHByb2NlZWQgdG8gQXNzdW1lUm9sZSB1c2luZyB3aGF0ZXZlciB3ZSd2ZSBiZWVuIGdpdmVuLlxuICAgICAgY29uc3Qgc2RrID0gYXdhaXQgdGhpcy53aXRoQXNzdW1lZFJvbGUoXG4gICAgICAgIGJhc2VDcmVkcyxcbiAgICAgICAgb3B0aW9ucy5hc3N1bWVSb2xlQXJuLFxuICAgICAgICBvcHRpb25zLmFzc3VtZVJvbGVFeHRlcm5hbElkLFxuICAgICAgICBvcHRpb25zLmFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9ucyxcbiAgICAgICAgZW52LnJlZ2lvbixcbiAgICAgICk7XG5cbiAgICAgIHJldHVybiB7IHNkaywgZGlkQXNzdW1lUm9sZTogdHJ1ZSB9O1xuICAgIH0gY2F0Y2ggKGVycjogYW55KSB7XG4gICAgICBpZiAoZXJyLm5hbWUgPT09ICdFeHBpcmVkVG9rZW4nKSB7XG4gICAgICAgIHRocm93IGVycjtcbiAgICAgIH1cblxuICAgICAgLy8gQXNzdW1lUm9sZSBmYWlsZWQuIFByb2NlZWQgYW5kIHdhcm4gKmlmIGFuZCBvbmx5IGlmKiB0aGUgYmFzZUNyZWRlbnRpYWxzIHdlcmUgYWxyZWFkeSBmb3IgdGhlIHJpZ2h0IGFjY291bnRcbiAgICAgIC8vIG9yIHJldHVybmVkIGZyb20gYSBwbHVnaW4uIFRoaXMgaXMgdG8gY292ZXIgc29tZSBjdXJyZW50IHNldHVwcyBmb3IgcGVvcGxlIHVzaW5nIHBsdWdpbnMgb3IgcHJlZmVycmluZyB0b1xuICAgICAgLy8gZmVlZCB0aGUgQ0xJIGNyZWRlbnRpYWxzIHdoaWNoIGFyZSBzdWZmaWNpZW50IGJ5IHRoZW1zZWx2ZXMuIFByZWZlciB0byBhc3N1bWUgdGhlIGNvcnJlY3Qgcm9sZSBpZiB3ZSBjYW4sXG4gICAgICAvLyBidXQgaWYgd2UgY2FuJ3QgdGhlbiBsZXQncyBqdXN0IHRyeSB3aXRoIGF2YWlsYWJsZSBjcmVkZW50aWFscyBhbnl3YXkuXG4gICAgICBpZiAoYmFzZUNyZWRzLnNvdXJjZSA9PT0gJ2NvcnJlY3REZWZhdWx0JyB8fCBiYXNlQ3JlZHMuc291cmNlID09PSAncGx1Z2luJykge1xuICAgICAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5ERUZBVUxUX1NES19ERUJVRy5tc2coZXJyLm1lc3NhZ2UpKTtcblxuICAgICAgICBjb25zdCBtYWtlciA9IHF1aWV0ID8gSU8uREVGQVVMVF9TREtfREVCVUcgOiBJTy5ERUZBVUxUX1NES19XQVJOO1xuICAgICAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShtYWtlci5tc2coXG4gICAgICAgICAgYCR7Zm10T2J0YWluZWRDcmVkZW50aWFscyhiYXNlQ3JlZHMpfSBjb3VsZCBub3QgYmUgdXNlZCB0byBhc3N1bWUgJyR7b3B0aW9ucy5hc3N1bWVSb2xlQXJufScsIGJ1dCBhcmUgZm9yIHRoZSByaWdodCBhY2NvdW50LiBQcm9jZWVkaW5nIGFueXdheS5gLFxuICAgICAgICApKTtcbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICBzZGs6IHRoaXMuX21ha2VTZGsoYmFzZUNyZWRzLmNyZWRlbnRpYWxzLCBlbnYucmVnaW9uKSxcbiAgICAgICAgICBkaWRBc3N1bWVSb2xlOiBmYWxzZSxcbiAgICAgICAgfTtcbiAgICAgIH1cblxuICAgICAgdGhyb3cgZXJyO1xuICAgIH1cbiAgfVxuXG4gIC8qKlxuICAgKiBSZXR1cm4gdGhlIHBhcnRpdGlvbiB0aGF0IGJhc2UgY3JlZGVudGlhbHMgYXJlIGZvclxuICAgKlxuICAgKiBSZXR1cm5zIGB1bmRlZmluZWRgIGlmIHRoZXJlIGFyZSBubyBiYXNlIGNyZWRlbnRpYWxzLlxuICAgKi9cbiAgcHVibGljIGFzeW5jIGJhc2VDcmVkZW50aWFsc1BhcnRpdGlvbihlbnZpcm9ubWVudDogRW52aXJvbm1lbnQsIG1vZGU6IE1vZGUpOiBQcm9taXNlPHN0cmluZyB8IHVuZGVmaW5lZD4ge1xuICAgIGNvbnN0IGVudiA9IGF3YWl0IHRoaXMucmVzb2x2ZUVudmlyb25tZW50KGVudmlyb25tZW50KTtcbiAgICBjb25zdCBiYXNlQ3JlZHMgPSBhd2FpdCB0aGlzLm9idGFpbkJhc2VDcmVkZW50aWFscyhlbnYuYWNjb3VudCwgbW9kZSk7XG4gICAgaWYgKGJhc2VDcmVkcy5zb3VyY2UgPT09ICdub25lJykge1xuICAgICAgcmV0dXJuIHVuZGVmaW5lZDtcbiAgICB9XG4gICAgcmV0dXJuIChhd2FpdCB0aGlzLl9tYWtlU2RrKGJhc2VDcmVkcy5jcmVkZW50aWFscywgZW52LnJlZ2lvbikuY3VycmVudEFjY291bnQoKSkucGFydGl0aW9uO1xuICB9XG5cbiAgLyoqXG4gICAqIFJlc29sdmUgdGhlIGVudmlyb25tZW50IGZvciBhIHN0YWNrXG4gICAqXG4gICAqIFJlcGxhY2VzIHRoZSBtYWdpYyB2YWx1ZXMgYFVOS05PV05fUkVHSU9OYCBhbmQgYFVOS05PV05fQUNDT1VOVGBcbiAgICogd2l0aCB0aGUgZGVmYXVsdHMgZm9yIHRoZSBjdXJyZW50IFNESyBjb25maWd1cmF0aW9uIChgfi8uYXdzL2NvbmZpZ2Agb3JcbiAgICogb3RoZXJ3aXNlKS5cbiAgICpcbiAgICogSXQgaXMgYW4gZXJyb3IgaWYgYFVOS05PV05fQUNDT1VOVGAgaXMgdXNlZCBidXQgdGhlIHVzZXIgaGFzbid0IGNvbmZpZ3VyZWRcbiAgICogYW55IFNESyBjcmVkZW50aWFscy5cbiAgICovXG4gIHB1YmxpYyBhc3luYyByZXNvbHZlRW52aXJvbm1lbnQoZW52OiBFbnZpcm9ubWVudCk6IFByb21pc2U8RW52aXJvbm1lbnQ+IHtcbiAgICBjb25zdCByZWdpb24gPSBlbnYucmVnaW9uICE9PSBVTktOT1dOX1JFR0lPTiA/IGVudi5yZWdpb24gOiB0aGlzLmRlZmF1bHRSZWdpb247XG4gICAgY29uc3QgYWNjb3VudCA9IGVudi5hY2NvdW50ICE9PSBVTktOT1dOX0FDQ09VTlQgPyBlbnYuYWNjb3VudCA6IChhd2FpdCB0aGlzLmRlZmF1bHRBY2NvdW50KCkpPy5hY2NvdW50SWQ7XG5cbiAgICBpZiAoIWFjY291bnQpIHtcbiAgICAgIHRocm93IG5ldyBBdXRoZW50aWNhdGlvbkVycm9yKFxuICAgICAgICAnVW5hYmxlIHRvIHJlc29sdmUgQVdTIGFjY291bnQgdG8gdXNlLiBJdCBtdXN0IGJlIGVpdGhlciBjb25maWd1cmVkIHdoZW4geW91IGRlZmluZSB5b3VyIENESyBTdGFjaywgb3IgdGhyb3VnaCB0aGUgZW52aXJvbm1lbnQnLFxuICAgICAgKTtcbiAgICB9XG5cbiAgICByZXR1cm4ge1xuICAgICAgcmVnaW9uLFxuICAgICAgYWNjb3VudCxcbiAgICAgIG5hbWU6IEVudmlyb25tZW50VXRpbHMuZm9ybWF0KGFjY291bnQsIHJlZ2lvbiksXG4gICAgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBUaGUgYWNjb3VudCB3ZSdkIGF1dGggaW50byBpZiB3ZSB1c2VkIGRlZmF1bHQgY3JlZGVudGlhbHMuXG4gICAqXG4gICAqIERlZmF1bHQgY3JlZGVudGlhbHMgYXJlIHRoZSBzZXQgb2YgYW1iaWVudGx5IGNvbmZpZ3VyZWQgY3JlZGVudGlhbHMgdXNpbmdcbiAgICogb25lIG9mIHRoZSBlbnZpcm9ubWVudCB2YXJpYWJsZXMsIG9yIH4vLmF3cy9jcmVkZW50aWFscywgb3IgdGhlICpvbmUqXG4gICAqIHByb2ZpbGUgdGhhdCB3YXMgcGFzc2VkIGludG8gdGhlIENMSS5cbiAgICpcbiAgICogTWlnaHQgcmV0dXJuIHVuZGVmaW5lZCBpZiB0aGVyZSBhcmUgbm8gZGVmYXVsdC9hbWJpZW50IGNyZWRlbnRpYWxzXG4gICAqIGF2YWlsYWJsZSAoaW4gd2hpY2ggY2FzZSB0aGUgdXNlciBzaG91bGQgYmV0dGVyIGhvcGUgdGhleSBoYXZlXG4gICAqIGNyZWRlbnRpYWwgcGx1Z2lucyBjb25maWd1cmVkKS5cbiAgICpcbiAgICogVXNlcyBhIGNhY2hlIHRvIGF2b2lkIFNUUyBjYWxscyBpZiB3ZSBkb24ndCBuZWVkICdlbS5cbiAgICovXG4gIHB1YmxpYyBhc3luYyBkZWZhdWx0QWNjb3VudCgpOiBQcm9taXNlPEFjY291bnQgfCB1bmRlZmluZWQ+IHtcbiAgICByZXR1cm4gY2FjaGVkKHRoaXMsIENBQ0hFRF9BQ0NPVU5ULCBhc3luYyAoKSA9PiB7XG4gICAgICB0cnkge1xuICAgICAgICByZXR1cm4gYXdhaXQgdGhpcy5fbWFrZVNkayh0aGlzLmRlZmF1bHRDcmVkZW50aWFsUHJvdmlkZXIsIHRoaXMuZGVmYXVsdFJlZ2lvbikuY3VycmVudEFjY291bnQoKTtcbiAgICAgIH0gY2F0Y2ggKGU6IGFueSkge1xuICAgICAgICAvLyBUcmVhdCAnRXhwaXJlZFRva2VuJyBzcGVjaWFsbHkuIFRoaXMgaXMgYSBjb21tb24gc2l0dWF0aW9uIHRoYXQgcGVvcGxlIG1heSBmaW5kIHRoZW1zZWx2ZXMgaW4sIGFuZFxuICAgICAgICAvLyB0aGV5IGFyZSBjb21wbGFpbmluZyBhYm91dCBpZiB3ZSBmYWlsICdjZGsgc3ludGgnIG9uIHRoZW0uIFdlIGxvdWRseSBjb21wbGFpbiBpbiBvcmRlciB0byBzaG93IHRoYXRcbiAgICAgICAgLy8gdGhlIGN1cnJlbnQgc2l0dWF0aW9uIGlzIHByb2JhYmx5IHVuZGVzaXJhYmxlLCBidXQgd2UgZG9uJ3QgZmFpbC5cbiAgICAgICAgaWYgKGUubmFtZSA9PT0gJ0V4cGlyZWRUb2tlbicpIHtcbiAgICAgICAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5ERUZBVUxUX1NES19XQVJOLm1zZyhcbiAgICAgICAgICAgICdUaGVyZSBhcmUgZXhwaXJlZCBBV1MgY3JlZGVudGlhbHMgaW4geW91ciBlbnZpcm9ubWVudC4gVGhlIENESyBhcHAgd2lsbCBzeW50aCB3aXRob3V0IGN1cnJlbnQgYWNjb3VudCBpbmZvcm1hdGlvbi4nLFxuICAgICAgICAgICkpO1xuICAgICAgICAgIHJldHVybiB1bmRlZmluZWQ7XG4gICAgICAgIH1cblxuICAgICAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5ERUZBVUxUX1NES19ERUJVRy5tc2coYFVuYWJsZSB0byBkZXRlcm1pbmUgdGhlIGRlZmF1bHQgQVdTIGFjY291bnQgKCR7ZS5uYW1lfSk6ICR7Zm9ybWF0RXJyb3JNZXNzYWdlKGUpfWApKTtcbiAgICAgICAgcmV0dXJuIHVuZGVmaW5lZDtcbiAgICAgIH1cbiAgICB9KTtcbiAgfVxuXG4gIC8qKlxuICAgKiBHZXQgY3JlZGVudGlhbHMgZm9yIHRoZSBnaXZlbiBhY2NvdW50IElEIGluIHRoZSBnaXZlbiBtb2RlXG4gICAqXG4gICAqIDEuIFVzZSB0aGUgZGVmYXVsdCBjcmVkZW50aWFscyBpZiB0aGUgZGVzdGluYXRpb24gYWNjb3VudCBtYXRjaGVzIHRoZVxuICAgKiAgICBjdXJyZW50IGNyZWRlbnRpYWxzJyBhY2NvdW50LlxuICAgKiAyLiBPdGhlcndpc2UgdHJ5IGFsbCBjcmVkZW50aWFsIHBsdWdpbnMuXG4gICAqIDMuIEZhaWwgaWYgbmVpdGhlciBvZiB0aGVzZSB5aWVsZCBhbnkgY3JlZGVudGlhbHMuXG4gICAqIDQuIFJldHVybiBhIGZhaWx1cmUgaWYgYW55IG9mIHRoZW0gcmV0dXJuZWQgY3JlZGVudGlhbHNcbiAgICovXG4gIHByaXZhdGUgYXN5bmMgb2J0YWluQmFzZUNyZWRlbnRpYWxzKGFjY291bnRJZDogc3RyaW5nLCBtb2RlOiBNb2RlKTogUHJvbWlzZTxPYnRhaW5CYXNlQ3JlZGVudGlhbHNSZXN1bHQ+IHtcbiAgICAvLyBGaXJzdCB0cnkgJ2N1cnJlbnQnIGNyZWRlbnRpYWxzXG4gICAgY29uc3QgZGVmYXVsdEFjY291bnRJZCA9IChhd2FpdCB0aGlzLmRlZmF1bHRBY2NvdW50KCkpPy5hY2NvdW50SWQ7XG4gICAgaWYgKGRlZmF1bHRBY2NvdW50SWQgPT09IGFjY291bnRJZCkge1xuICAgICAgcmV0dXJuIHtcbiAgICAgICAgc291cmNlOiAnY29ycmVjdERlZmF1bHQnLFxuICAgICAgICBjcmVkZW50aWFsczogYXdhaXQgdGhpcy5kZWZhdWx0Q3JlZGVudGlhbFByb3ZpZGVyLFxuICAgICAgfTtcbiAgICB9XG5cbiAgICAvLyBUaGVuIHRyeSB0aGUgcGx1Z2luc1xuICAgIGNvbnN0IHBsdWdpbkNyZWRzID0gYXdhaXQgdGhpcy5wbHVnaW5zLmZldGNoQ3JlZGVudGlhbHNGb3IoYWNjb3VudElkLCBtb2RlKTtcbiAgICBpZiAocGx1Z2luQ3JlZHMpIHtcbiAgICAgIHJldHVybiB7IHNvdXJjZTogJ3BsdWdpbicsIC4uLnBsdWdpbkNyZWRzIH07XG4gICAgfVxuXG4gICAgLy8gRmFsbCBiYWNrIHRvIGRlZmF1bHQgY3JlZGVudGlhbHMgd2l0aCBhIG5vdGUgdGhhdCB0aGV5J3JlIG5vdCB0aGUgcmlnaHQgb25lcyB5ZXRcbiAgICBpZiAoZGVmYXVsdEFjY291bnRJZCAhPT0gdW5kZWZpbmVkKSB7XG4gICAgICByZXR1cm4ge1xuICAgICAgICBzb3VyY2U6ICdpbmNvcnJlY3REZWZhdWx0JyxcbiAgICAgICAgYWNjb3VudElkOiBkZWZhdWx0QWNjb3VudElkLFxuICAgICAgICBjcmVkZW50aWFsczogYXdhaXQgdGhpcy5kZWZhdWx0Q3JlZGVudGlhbFByb3ZpZGVyLFxuICAgICAgICB1bnVzZWRQbHVnaW5zOiB0aGlzLnBsdWdpbnMuYXZhaWxhYmxlUGx1Z2luTmFtZXMsXG4gICAgICB9O1xuICAgIH1cblxuICAgIC8vIEFwcGFyZW50bHkgd2UgZGlkbid0IGZpbmQgYW55IGF0IGFsbFxuICAgIHJldHVybiB7XG4gICAgICBzb3VyY2U6ICdub25lJyxcbiAgICAgIHVudXNlZFBsdWdpbnM6IHRoaXMucGx1Z2lucy5hdmFpbGFibGVQbHVnaW5OYW1lcyxcbiAgICB9O1xuICB9XG5cbiAgLyoqXG4gICAqIFJldHVybiBhbiBTREsgd2hpY2ggdXNlcyBhc3N1bWVkIHJvbGUgY3JlZGVudGlhbHNcbiAgICpcbiAgICogVGhlIGJhc2UgY3JlZGVudGlhbHMgdXNlZCB0byByZXRyaWV2ZSB0aGUgYXNzdW1lZCByb2xlIGNyZWRlbnRpYWxzIHdpbGwgYmUgdGhlXG4gICAqIHNhbWUgY3JlZGVudGlhbHMgcmV0dXJuZWQgYnkgb2J0YWluQ3JlZGVudGlhbHMgaWYgYW4gZW52aXJvbm1lbnQgYW5kIG1vZGUgaXMgcGFzc2VkLFxuICAgKiBvdGhlcndpc2UgaXQgd2lsbCBiZSB0aGUgY3VycmVudCBjcmVkZW50aWFscy5cbiAgICovXG4gIHByaXZhdGUgYXN5bmMgd2l0aEFzc3VtZWRSb2xlKFxuICAgIG1haW5DcmVkZW50aWFsczogRXhjbHVkZTxPYnRhaW5CYXNlQ3JlZGVudGlhbHNSZXN1bHQsIHsgc291cmNlOiAnbm9uZScgfT4sXG4gICAgcm9sZUFybjogc3RyaW5nLFxuICAgIGV4dGVybmFsSWQ/OiBzdHJpbmcsXG4gICAgYWRkaXRpb25hbE9wdGlvbnM/OiBBc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnMsXG4gICAgcmVnaW9uPzogc3RyaW5nLFxuICApOiBQcm9taXNlPFNESz4ge1xuICAgIGF3YWl0IHRoaXMuaW9IZWxwZXIubm90aWZ5KElPLkRFRkFVTFRfU0RLX0RFQlVHLm1zZyhgQXNzdW1pbmcgcm9sZSAnJHtyb2xlQXJufScuYCkpO1xuXG4gICAgcmVnaW9uID0gcmVnaW9uID8/IHRoaXMuZGVmYXVsdFJlZ2lvbjtcblxuICAgIGNvbnN0IHNvdXJjZURlc2NyaXB0aW9uID0gZm10T2J0YWluZWRDcmVkZW50aWFscyhtYWluQ3JlZGVudGlhbHMpO1xuXG4gICAgdHJ5IHtcbiAgICAgIGNvbnN0IGNyZWRlbnRpYWxzID0gYXdhaXQgbWFrZUNhY2hpbmdQcm92aWRlcihmcm9tVGVtcG9yYXJ5Q3JlZGVudGlhbHMoe1xuICAgICAgICBtYXN0ZXJDcmVkZW50aWFsczogbWFpbkNyZWRlbnRpYWxzLmNyZWRlbnRpYWxzLFxuICAgICAgICBwYXJhbXM6IHtcbiAgICAgICAgICBSb2xlQXJuOiByb2xlQXJuLFxuICAgICAgICAgIEV4dGVybmFsSWQ6IGV4dGVybmFsSWQsXG4gICAgICAgICAgUm9sZVNlc3Npb25OYW1lOiBgYXdzLWNkay0ke3NhZmVVc2VybmFtZSgpfWAsXG4gICAgICAgICAgLi4uYWRkaXRpb25hbE9wdGlvbnMsXG4gICAgICAgICAgVHJhbnNpdGl2ZVRhZ0tleXM6IGFkZGl0aW9uYWxPcHRpb25zPy5UYWdzID8gYWRkaXRpb25hbE9wdGlvbnMuVGFncy5tYXAoKHQpID0+IHQuS2V5ISkgOiB1bmRlZmluZWQsXG4gICAgICAgIH0sXG4gICAgICAgIGNsaWVudENvbmZpZzoge1xuICAgICAgICAgIHJlZ2lvbixcbiAgICAgICAgICByZXF1ZXN0SGFuZGxlcjogdGhpcy5yZXF1ZXN0SGFuZGxlcixcbiAgICAgICAgICBjdXN0b21Vc2VyQWdlbnQ6ICdhd3MtY2RrJyxcbiAgICAgICAgICBsb2dnZXI6IHRoaXMubG9nZ2VyLFxuICAgICAgICB9LFxuICAgICAgICBsb2dnZXI6IHRoaXMubG9nZ2VyLFxuICAgICAgfSkpO1xuXG4gICAgICAvLyBDYWxsIHRoZSBwcm92aWRlciBhdCBsZWFzdCBvbmNlIGhlcmUsIHRvIGNhdGNoIGFuIGVycm9yIGlmIGl0IG9jY3Vyc1xuICAgICAgYXdhaXQgY3JlZGVudGlhbHMoKTtcblxuICAgICAgcmV0dXJuIHRoaXMuX21ha2VTZGsoY3JlZGVudGlhbHMsIHJlZ2lvbik7XG4gICAgfSBjYXRjaCAoZXJyOiBhbnkpIHtcbiAgICAgIGlmIChlcnIubmFtZSA9PT0gJ0V4cGlyZWRUb2tlbicpIHtcbiAgICAgICAgdGhyb3cgZXJyO1xuICAgICAgfVxuXG4gICAgICBhd2FpdCB0aGlzLmlvSGVscGVyLm5vdGlmeShJTy5ERUZBVUxUX1NES19ERUJVRy5tc2coYEFzc3VtaW5nIHJvbGUgZmFpbGVkOiAke2Vyci5tZXNzYWdlfWApKTtcbiAgICAgIHRocm93IG5ldyBBdXRoZW50aWNhdGlvbkVycm9yKFxuICAgICAgICBbXG4gICAgICAgICAgJ0NvdWxkIG5vdCBhc3N1bWUgcm9sZSBpbiB0YXJnZXQgYWNjb3VudCcsXG4gICAgICAgICAgLi4uKHNvdXJjZURlc2NyaXB0aW9uID8gW2B1c2luZyAke3NvdXJjZURlc2NyaXB0aW9ufWBdIDogW10pLFxuICAgICAgICAgIGVyci5tZXNzYWdlLFxuICAgICAgICAgIFwiLiBQbGVhc2UgbWFrZSBzdXJlIHRoYXQgdGhpcyByb2xlIGV4aXN0cyBpbiB0aGUgYWNjb3VudC4gSWYgaXQgZG9lc24ndCBleGlzdCwgKHJlKS1ib290c3RyYXAgdGhlIGVudmlyb25tZW50IFwiICtcbiAgICAgICAgICAgIFwid2l0aCB0aGUgcmlnaHQgJy0tdHJ1c3QnLCB1c2luZyB0aGUgbGF0ZXN0IHZlcnNpb24gb2YgdGhlIENESyBDTEkuXCIsXG4gICAgICAgIF0uam9pbignICcpLFxuICAgICAgKTtcbiAgICB9XG4gIH1cblxuICAvKipcbiAgICogRmFjdG9yeSBmdW5jdGlvbiB0aGF0IGNyZWF0ZXMgYSBuZXcgU0RLIGluc3RhbmNlXG4gICAqXG4gICAqIFRoaXMgaXMgYSBmdW5jdGlvbiBoZXJlLCBpbnN0ZWFkIG9mIGFsbCB0aGUgcGxhY2VzIHdoZXJlIHRoaXMgaXMgdXNlZCBjcmVhdGluZyBhIGBuZXcgU0RLYFxuICAgKiBpbnN0YW5jZSwgc28gdGhhdCBpdCBpcyB0cml2aWFsIHRvIG1vY2sgZnJvbSB0ZXN0cy5cbiAgICpcbiAgICogVXNlIGxpa2UgdGhpczpcbiAgICpcbiAgICogYGBgdHNcbiAgICogY29uc3QgbW9ja1NkayA9IGplc3Quc3B5T24oU2RrUHJvdmlkZXIucHJvdG90eXBlLCAnX21ha2VTZGsnKS5tb2NrUmV0dXJuVmFsdWUobmV3IE1vY2tTZGsoKSk7XG4gICAqIC8vIC4uLlxuICAgKiBtb2NrU2RrLm1vY2tSZXN0b3JlKCk7XG4gICAqIGBgYFxuICAgKlxuICAgKiBAaW50ZXJuYWxcbiAgICovXG4gIHB1YmxpYyBfbWFrZVNkayhcbiAgICBjcmVkUHJvdmlkZXI6IEF3c0NyZWRlbnRpYWxJZGVudGl0eVByb3ZpZGVyLFxuICAgIHJlZ2lvbjogc3RyaW5nLFxuICApIHtcbiAgICByZXR1cm4gbmV3IFNESyhjcmVkUHJvdmlkZXIsIHJlZ2lvbiwgdGhpcy5yZXF1ZXN0SGFuZGxlciwgdGhpcy5pb0hlbHBlciwgdGhpcy5sb2dnZXIpO1xuICB9XG59XG5cbi8qKlxuICogQW4gQVdTIGFjY291bnRcbiAqXG4gKiBBbiBBV1MgYWNjb3VudCBhbHdheXMgZXhpc3RzIGluIG9ubHkgb25lIHBhcnRpdGlvbi4gVXN1YWxseSB3ZSBkb24ndCBjYXJlIGFib3V0XG4gKiB0aGUgcGFydGl0aW9uLCBidXQgd2hlbiB3ZSBuZWVkIHRvIGZvcm0gQVJOcyB3ZSBkby5cbiAqL1xuZXhwb3J0IGludGVyZmFjZSBBY2NvdW50IHtcbiAgLyoqXG4gICAqIFRoZSBhY2NvdW50IG51bWJlclxuICAgKi9cbiAgcmVhZG9ubHkgYWNjb3VudElkOiBzdHJpbmc7XG5cbiAgLyoqXG4gICAqIFRoZSBwYXJ0aXRpb24gKCdhd3MnIG9yICdhd3MtY24nIG9yIG90aGVyd2lzZSlcbiAgICovXG4gIHJlYWRvbmx5IHBhcnRpdGlvbjogc3RyaW5nO1xufVxuXG4vKipcbiAqIFJldHVybiB0aGUgdXNlcm5hbWUgd2l0aCBjaGFyYWN0ZXJzIGludmFsaWQgZm9yIGEgUm9sZVNlc3Npb25OYW1lIHJlbW92ZWRcbiAqXG4gKiBAc2VlIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9TVFMvbGF0ZXN0L0FQSVJlZmVyZW5jZS9BUElfQXNzdW1lUm9sZS5odG1sI0FQSV9Bc3N1bWVSb2xlX1JlcXVlc3RQYXJhbWV0ZXJzXG4gKi9cbmZ1bmN0aW9uIHNhZmVVc2VybmFtZSgpIHtcbiAgdHJ5IHtcbiAgICByZXR1cm4gb3MudXNlckluZm8oKS51c2VybmFtZS5yZXBsYWNlKC9bXlxcdys9LC5ALV0vZywgJ0AnKTtcbiAgfSBjYXRjaCB7XG4gICAgcmV0dXJuICdub25hbWUnO1xuICB9XG59XG5cbi8qKlxuICogT3B0aW9ucyBmb3Igb2J0YWluaW5nIGNyZWRlbnRpYWxzIGZvciBhbiBlbnZpcm9ubWVudFxuICovXG5leHBvcnQgaW50ZXJmYWNlIENyZWRlbnRpYWxzT3B0aW9ucyB7XG4gIC8qKlxuICAgKiBUaGUgQVJOIG9mIHRoZSByb2xlIHRoYXQgbmVlZHMgdG8gYmUgYXNzdW1lZCwgaWYgYW55XG4gICAqL1xuICByZWFkb25seSBhc3N1bWVSb2xlQXJuPzogc3RyaW5nO1xuXG4gIC8qKlxuICAgKiBFeHRlcm5hbCBJRCByZXF1aXJlZCB0byBhc3N1bWUgdGhlIGdpdmVuIHJvbGUuXG4gICAqL1xuICByZWFkb25seSBhc3N1bWVSb2xlRXh0ZXJuYWxJZD86IHN0cmluZztcblxuICAvKipcbiAgICogU2Vzc2lvbiB0YWdzIHJlcXVpcmVkIHRvIGFzc3VtZSB0aGUgZ2l2ZW4gcm9sZS5cbiAgICovXG4gIHJlYWRvbmx5IGFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9ucz86IEFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9ucztcbn1cblxuLyoqXG4gKiBSZXN1bHQgb2Ygb2J0YWluaW5nIGJhc2UgY3JlZGVudGlhbHNcbiAqL1xudHlwZSBPYnRhaW5CYXNlQ3JlZGVudGlhbHNSZXN1bHQgPVxuICB8IHsgc291cmNlOiAnY29ycmVjdERlZmF1bHQnOyBjcmVkZW50aWFsczogQXdzQ3JlZGVudGlhbElkZW50aXR5UHJvdmlkZXIgfVxuICB8IHsgc291cmNlOiAncGx1Z2luJzsgcGx1Z2luTmFtZTogc3RyaW5nOyBjcmVkZW50aWFsczogQXdzQ3JlZGVudGlhbElkZW50aXR5UHJvdmlkZXIgfVxuICB8IHtcbiAgICBzb3VyY2U6ICdpbmNvcnJlY3REZWZhdWx0JztcbiAgICBjcmVkZW50aWFsczogQXdzQ3JlZGVudGlhbElkZW50aXR5UHJvdmlkZXI7XG4gICAgYWNjb3VudElkOiBzdHJpbmc7XG4gICAgdW51c2VkUGx1Z2luczogc3RyaW5nW107XG4gIH1cbiAgfCB7IHNvdXJjZTogJ25vbmUnOyB1bnVzZWRQbHVnaW5zOiBzdHJpbmdbXSB9O1xuXG4vKipcbiAqIElzb2xhdGluZyB0aGUgY29kZSB0aGF0IHRyYW5zbGF0ZXMgY2FsY3VsYXRpb24gZXJyb3JzIGludG8gaHVtYW4gZXJyb3IgbWVzc2FnZXNcbiAqXG4gKiBXZSBjb3ZlciB0aGUgZm9sbG93aW5nIGNhc2VzOlxuICpcbiAqIC0gTm8gY3JlZGVudGlhbHMgYXJlIGF2YWlsYWJsZSBhdCBhbGxcbiAqIC0gRGVmYXVsdCBjcmVkZW50aWFscyBhcmUgZm9yIHRoZSB3cm9uZyBhY2NvdW50XG4gKi9cbmZ1bmN0aW9uIGZtdE9idGFpbkNyZWRlbnRpYWxzRXJyb3IoXG4gIHRhcmdldEFjY291bnRJZDogc3RyaW5nLFxuICBvYnRhaW5SZXN1bHQ6IE9idGFpbkJhc2VDcmVkZW50aWFsc1Jlc3VsdCAmIHtcbiAgICBzb3VyY2U6ICdub25lJyB8ICdpbmNvcnJlY3REZWZhdWx0JztcbiAgfSxcbik6IHN0cmluZyB7XG4gIGNvbnN0IG1zZyA9IFtgTmVlZCB0byBwZXJmb3JtIEFXUyBjYWxscyBmb3IgYWNjb3VudCAke3RhcmdldEFjY291bnRJZH1gXTtcbiAgc3dpdGNoIChvYnRhaW5SZXN1bHQuc291cmNlKSB7XG4gICAgY2FzZSAnaW5jb3JyZWN0RGVmYXVsdCc6XG4gICAgICBtc2cucHVzaChgYnV0IHRoZSBjdXJyZW50IGNyZWRlbnRpYWxzIGFyZSBmb3IgJHtvYnRhaW5SZXN1bHQuYWNjb3VudElkfWApO1xuICAgICAgYnJlYWs7XG4gICAgY2FzZSAnbm9uZSc6XG4gICAgICBtc2cucHVzaCgnYnV0IG5vIGNyZWRlbnRpYWxzIGhhdmUgYmVlbiBjb25maWd1cmVkJyk7XG4gIH1cbiAgaWYgKG9idGFpblJlc3VsdC51bnVzZWRQbHVnaW5zLmxlbmd0aCA+IDApIHtcbiAgICBtc2cucHVzaChgYW5kIG5vbmUgb2YgdGhlc2UgcGx1Z2lucyBmb3VuZCBhbnk6ICR7b2J0YWluUmVzdWx0LnVudXNlZFBsdWdpbnMuam9pbignLCAnKX1gKTtcbiAgfVxuICByZXR1cm4gbXNnLmpvaW4oJywgJyk7XG59XG5cbi8qKlxuICogRm9ybWF0IGEgbWVzc2FnZSBpbmRpY2F0aW5nIHdoZXJlIHdlIGdvdCBiYXNlIGNyZWRlbnRpYWxzIGZvciB0aGUgYXNzdW1lIHJvbGVcbiAqXG4gKiBXZSBjb3ZlciB0aGUgZm9sbG93aW5nIGNhc2VzOlxuICpcbiAqIC0gRGVmYXVsdCBjcmVkZW50aWFscyBmb3IgdGhlIHJpZ2h0IGFjY291bnRcbiAqIC0gRGVmYXVsdCBjcmVkZW50aWFscyBmb3IgdGhlIHdyb25nIGFjY291bnRcbiAqIC0gQ3JlZGVudGlhbHMgcmV0dXJuZWQgZnJvbSBhIHBsdWdpblxuICovXG5mdW5jdGlvbiBmbXRPYnRhaW5lZENyZWRlbnRpYWxzKG9idGFpblJlc3VsdDogRXhjbHVkZTxPYnRhaW5CYXNlQ3JlZGVudGlhbHNSZXN1bHQsIHsgc291cmNlOiAnbm9uZScgfT4pOiBzdHJpbmcge1xuICBzd2l0Y2ggKG9idGFpblJlc3VsdC5zb3VyY2UpIHtcbiAgICBjYXNlICdjb3JyZWN0RGVmYXVsdCc6XG4gICAgICByZXR1cm4gJ2N1cnJlbnQgY3JlZGVudGlhbHMnO1xuICAgIGNhc2UgJ3BsdWdpbic6XG4gICAgICByZXR1cm4gYGNyZWRlbnRpYWxzIHJldHVybmVkIGJ5IHBsdWdpbiAnJHtvYnRhaW5SZXN1bHQucGx1Z2luTmFtZX0nYDtcbiAgICBjYXNlICdpbmNvcnJlY3REZWZhdWx0JzpcbiAgICAgIGNvbnN0IG1zZyA9IFtdO1xuICAgICAgbXNnLnB1c2goYGN1cnJlbnQgY3JlZGVudGlhbHMgKHdoaWNoIGFyZSBmb3IgYWNjb3VudCAke29idGFpblJlc3VsdC5hY2NvdW50SWR9YCk7XG5cbiAgICAgIGlmIChvYnRhaW5SZXN1bHQudW51c2VkUGx1Z2lucy5sZW5ndGggPiAwKSB7XG4gICAgICAgIG1zZy5wdXNoKGAsIGFuZCBub25lIG9mIHRoZSBmb2xsb3dpbmcgcGx1Z2lucyBwcm92aWRlZCBjcmVkZW50aWFsczogJHtvYnRhaW5SZXN1bHQudW51c2VkUGx1Z2lucy5qb2luKCcsICcpfWApO1xuICAgICAgfVxuICAgICAgbXNnLnB1c2goJyknKTtcblxuICAgICAgcmV0dXJuIG1zZy5qb2luKCcnKTtcbiAgfVxufVxuXG4vKipcbiAqIEluc3RhbnRpYXRlIGFuIFNESyBmb3IgY29udGV4dCBwcm92aWRlcnMuIFRoaXMgZnVuY3Rpb24gZW5zdXJlcyB0aGF0IGFsbFxuICogbG9va3VwIGFzc3VtZSByb2xlIG9wdGlvbnMgYXJlIHVzZWQgd2hlbiBjb250ZXh0IHByb3ZpZGVycyBwZXJmb3JtIGxvb2t1cHMuXG4gKi9cbmV4cG9ydCBhc3luYyBmdW5jdGlvbiBpbml0Q29udGV4dFByb3ZpZGVyU2RrKGF3czogU2RrUHJvdmlkZXIsIG9wdGlvbnM6IENvbnRleHRMb29rdXBSb2xlT3B0aW9ucyk6IFByb21pc2U8U0RLPiB7XG4gIGNvbnN0IGFjY291bnQgPSBvcHRpb25zLmFjY291bnQ7XG4gIGNvbnN0IHJlZ2lvbiA9IG9wdGlvbnMucmVnaW9uO1xuXG4gIGNvbnN0IGNyZWRzOiBDcmVkZW50aWFsc09wdGlvbnMgPSB7XG4gICAgYXNzdW1lUm9sZUFybjogb3B0aW9ucy5sb29rdXBSb2xlQXJuLFxuICAgIGFzc3VtZVJvbGVFeHRlcm5hbElkOiBvcHRpb25zLmxvb2t1cFJvbGVFeHRlcm5hbElkLFxuICAgIGFzc3VtZVJvbGVBZGRpdGlvbmFsT3B0aW9uczogb3B0aW9ucy5hc3N1bWVSb2xlQWRkaXRpb25hbE9wdGlvbnMsXG4gIH07XG5cbiAgcmV0dXJuIChhd2FpdCBhd3MuZm9yRW52aXJvbm1lbnQoRW52aXJvbm1lbnRVdGlscy5tYWtlKGFjY291bnQsIHJlZ2lvbiksIE1vZGUuRm9yUmVhZGluZywgY3JlZHMpKS5zZGs7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgU2RrUHJvdmlkZXJTZXJ2aWNlcyB7XG4gIC8qKlxuICAgKiBBbiBJTyBoZWxwZXIgZm9yIGVtaXR0aW5nIG1lc3NhZ2VzXG4gICAqL1xuICByZWFkb25seSBpb0hlbHBlcjogSW9IZWxwZXI7XG5cbiAgLyoqXG4gICAqIFRoZSByZXF1ZXN0IGhhbmRsZXIgc2V0dGluZ3NcbiAgICovXG4gIHJlYWRvbmx5IHJlcXVlc3RIYW5kbGVyPzogTm9kZUh0dHBIYW5kbGVyT3B0aW9ucztcblxuICAvKipcbiAgICogQSBwbHVnaW4gaG9zdFxuICAgKi9cbiAgcmVhZG9ubHkgcGx1Z2luSG9zdD86IFBsdWdpbkhvc3Q7XG5cbiAgLyoqXG4gICAqIEFuIFNESyBsb2dnZXJcbiAgICovXG4gIHJlYWRvbmx5IGxvZ2dlcj86IExvZ2dlcjtcbn1cbiJdfQ==