@aztec/key-store 0.40.0 → 0.41.0

package/src/key_store.ts

@@ -0,0 +1,403 @@
+import { type PublicKey } from '@aztec/circuit-types';
+import {
+  AztecAddress,
+  CompleteAddress,
+  Fq,
+  Fr,
+  GeneratorIndex,
+  type GrumpkinPrivateKey,
+  GrumpkinScalar,
+  KEY_PREFIXES,
+  type KeyGenerator,
+  type KeyPrefix,
+  KeyValidationRequest,
+  type PartialAddress,
+  Point,
+  computeAddress,
+  computeAppSecretKey,
+  deriveKeys,
+  derivePublicKeyFromSecretKey,
+  getKeyGenerator,
+} from '@aztec/circuits.js';
+import { poseidon2Hash } from '@aztec/foundation/crypto';
+import { type Bufferable, serializeToBuffer } from '@aztec/foundation/serialize';
+import { type AztecKVStore, type AztecMap } from '@aztec/kv-store';
+
+/**
+ * Used for managing keys. Can hold keys of multiple accounts and allows for key rotation.
+ */
+export class KeyStore {
+  #keys: AztecMap<string, Buffer>;
+
+  constructor(database: AztecKVStore) {
+    this.#keys = database.openMap('key_store');
+  }
+
+  /**
+   * Creates a new account from a randomly generated secret key.
+   * @returns A promise that resolves to the newly created account's CompleteAddress.
+   */
+  public createAccount(): Promise<CompleteAddress> {
+    const sk = Fr.random();
+    const partialAddress = Fr.random();
+    return this.addAccount(sk, partialAddress);
+  }
+
+  /**
+   * Adds an account to the key store from the provided secret key.
+   * @param sk - The secret key of the account.
+   * @param partialAddress - The partial address of the account.
+   * @returns The account's complete address.
+   */
+  public async addAccount(sk: Fr, partialAddress: PartialAddress): Promise<CompleteAddress> {
+    const {
+      masterNullifierSecretKey,
+      masterIncomingViewingSecretKey,
+      masterOutgoingViewingSecretKey,
+      masterTaggingSecretKey,
+      publicKeys,
+    } = deriveKeys(sk);
+
+    const publicKeysHash = publicKeys.hash();
+    const account = computeAddress(publicKeysHash, partialAddress);
+
+    // Naming of keys is as follows ${account}-${n/iv/ov/t}${sk/pk}_m
+    await this.#keys.set(`${account.toString()}-ivsk_m`, masterIncomingViewingSecretKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-ovsk_m`, masterOutgoingViewingSecretKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-tsk_m`, masterTaggingSecretKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-nsk_m`, masterNullifierSecretKey.toBuffer());
+
+    await this.#keys.set(`${account.toString()}-npk_m`, publicKeys.masterNullifierPublicKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-ivpk_m`, publicKeys.masterIncomingViewingPublicKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-ovpk_m`, publicKeys.masterOutgoingViewingPublicKey.toBuffer());
+    await this.#keys.set(`${account.toString()}-tpk_m`, publicKeys.masterTaggingPublicKey.toBuffer());
+
+    // We store pk_m_hash under `account-{n/iv/ov/t}pk_m_hash` key to be able to obtain address and key prefix
+    // using the #getKeyPrefixAndAccount function later on
+    await this.#keys.set(`${account.toString()}-npk_m_hash`, publicKeys.masterNullifierPublicKey.hash().toBuffer());
+    await this.#keys.set(
+      `${account.toString()}-ivpk_m_hash`,
+      publicKeys.masterIncomingViewingPublicKey.hash().toBuffer(),
+    );
+    await this.#keys.set(
+      `${account.toString()}-ovpk_m_hash`,
+      publicKeys.masterOutgoingViewingPublicKey.hash().toBuffer(),
+    );
+    await this.#keys.set(`${account.toString()}-tpk_m_hash`, publicKeys.masterTaggingPublicKey.hash().toBuffer());
+
+    // At last, we return the newly derived account address
+    return Promise.resolve(new CompleteAddress(account, publicKeys, partialAddress));
+  }
+
+  /**
+   * Retrieves addresses of accounts stored in the key store.
+   * @returns A Promise that resolves to an array of account addresses.
+   */
+  public getAccounts(): Promise<AztecAddress[]> {
+    const allMapKeys = Array.from(this.#keys.keys());
+    // We return account addresses based on the map keys that end with '-ivsk_m'
+    const accounts = allMapKeys.filter(key => key.endsWith('-ivsk_m')).map(key => key.split('-')[0]);
+    return Promise.resolve(accounts.map(account => AztecAddress.fromString(account)));
+  }
+
+  /**
+   * Gets the key validation request for a given master public key hash and contract address.
+   * @throws If the account corresponding to the master public key hash does not exist in the key store.
+   * @param pkMHash - The master public key hash.
+   * @param contractAddress - The contract address to silo the secret key in the the key validation request with.
+   * @returns The key validation request.
+   */
+  public getKeyValidationRequest(pkMHash: Fr, contractAddress: AztecAddress): Promise<KeyValidationRequest> {
+    const [keyPrefix, account] = this.#getKeyPrefixAndAccount(pkMHash);
+
+    // Now we find the master public key for the account
+    // Since each public keys buffer contains multiple public keys, we need to find the one that matches the hash.
+    // Then we store the index of the key in the buffer to be able to quickly obtain the corresponding secret key.
+    let pkM: PublicKey | undefined;
+    let keyIndexInBuffer = 0;
+    {
+      const pkMsBuffer = this.#keys.get(`${account.toString()}-${keyPrefix}pk_m`);
+      if (!pkMsBuffer) {
+        throw new Error(
+          `Could not find ${keyPrefix}pk_m for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`,
+        );
+      }
+
+      // Now we iterate over the public keys in the buffer to find the one that matches the hash
+      const numKeys = this.#calculateNumKeys(pkMsBuffer, Point);
+      for (; keyIndexInBuffer < numKeys; keyIndexInBuffer++) {
+        const foundPkM = Point.fromBuffer(
+          pkMsBuffer.subarray(keyIndexInBuffer * Point.SIZE_IN_BYTES, (keyIndexInBuffer + 1) * Point.SIZE_IN_BYTES),
+        );
+        if (foundPkM.hash().equals(pkMHash)) {
+          pkM = foundPkM;
+          break;
+        }
+      }
+
+      if (!pkM) {
+        throw new Error(`Could not find ${keyPrefix}pkM for ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`);
+      }
+    }
+
+    // Now we find the secret key for the public key
+    let skM: GrumpkinPrivateKey | undefined;
+    {
+      const skMsBuffer = this.#keys.get(`${account.toString()}-${keyPrefix}sk_m`);
+      if (!skMsBuffer) {
+        throw new Error(
+          `Could not find ${keyPrefix}sk_m for account ${account.toString()} whose address was successfully obtained with ${keyPrefix}pk_m_hash ${pkMHash.toString()}.`,
+        );
+      }
+
+      skM = GrumpkinScalar.fromBuffer(
+        skMsBuffer.subarray(
+          keyIndexInBuffer * GrumpkinScalar.SIZE_IN_BYTES,
+          (keyIndexInBuffer + 1) * GrumpkinScalar.SIZE_IN_BYTES,
+        ),
+      );
+    }
+
+    // We sanity check that it's possible to derive the public key from the secret key
+    if (!derivePublicKeyFromSecretKey(skM).equals(pkM)) {
+      throw new Error(`Could not derive ${keyPrefix}pkM from ${keyPrefix}skM.`);
+    }
+
+    // At last we silo the secret key and return the key validation request
+    const skApp = computeAppSecretKey(skM, contractAddress, keyPrefix!);
+
+    return Promise.resolve(new KeyValidationRequest(pkM, skApp));
+  }
+
+  /**
+   * Gets the master incoming viewing public key for a given account.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account address for which to retrieve the master incoming viewing public key.
+   * @returns The master incoming viewing public key for the account.
+   */
+  public async getMasterIncomingViewingPublicKey(account: AztecAddress): Promise<PublicKey> {
+    const masterIncomingViewingPublicKeyBuffer = this.#keys.get(`${account.toString()}-ivpk_m`);
+    if (!masterIncomingViewingPublicKeyBuffer) {
+      throw new Error(
+        `Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`,
+      );
+    }
+    return Promise.resolve(Point.fromBuffer(masterIncomingViewingPublicKeyBuffer));
+  }
+
+  /**
+   * Retrieves the master outgoing viewing public key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the master outgoing viewing key for.
+   * @returns A Promise that resolves to the master outgoing viewing key.
+   */
+  public async getMasterOutgoingViewingPublicKey(account: AztecAddress): Promise<PublicKey> {
+    const masterOutgoingViewingPublicKeyBuffer = this.#keys.get(`${account.toString()}-ovpk_m`);
+    if (!masterOutgoingViewingPublicKeyBuffer) {
+      throw new Error(
+        `Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`,
+      );
+    }
+    return Promise.resolve(Point.fromBuffer(masterOutgoingViewingPublicKeyBuffer));
+  }
+
+  /**
+   * Retrieves the master tagging public key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the master tagging key for.
+   * @returns A Promise that resolves to the master tagging key.
+   */
+  public async getMasterTaggingPublicKey(account: AztecAddress): Promise<PublicKey> {
+    const masterTaggingPublicKeyBuffer = this.#keys.get(`${account.toString()}-tpk_m`);
+    if (!masterTaggingPublicKeyBuffer) {
+      throw new Error(
+        `Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`,
+      );
+    }
+    return Promise.resolve(Point.fromBuffer(masterTaggingPublicKeyBuffer));
+  }
+
+  /**
+   * Retrieves application incoming viewing secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application incoming viewing secret key for.
+   * @param app - The application address to retrieve the incoming viewing secret key for.
+   * @returns A Promise that resolves to the application incoming viewing secret key.
+   */
+  public async getAppIncomingViewingSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr> {
+    const masterIncomingViewingSecretKeyBuffer = this.#keys.get(`${account.toString()}-ivsk_m`);
+    if (!masterIncomingViewingSecretKeyBuffer) {
+      throw new Error(
+        `Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`,
+      );
+    }
+    const masterIncomingViewingSecretKey = GrumpkinScalar.fromBuffer(masterIncomingViewingSecretKeyBuffer);
+
+    return Promise.resolve(
+      poseidon2Hash([
+        masterIncomingViewingSecretKey.high,
+        masterIncomingViewingSecretKey.low,
+        app,
+        GeneratorIndex.IVSK_M,
+      ]),
+    );
+  }
+
+  /**
+   * Retrieves application outgoing viewing secret key.
+   * @throws If the account does not exist in the key store.
+   * @param account - The account to retrieve the application outgoing viewing secret key for.
+   * @param app - The application address to retrieve the outgoing viewing secret key for.
+   * @returns A Promise that resolves to the application outgoing viewing secret key.
+   */
+  public async getAppOutgoingViewingSecretKey(account: AztecAddress, app: AztecAddress): Promise<Fr> {
+    const masterOutgoingViewingSecretKeyBuffer = this.#keys.get(`${account.toString()}-ovsk_m`);
+    if (!masterOutgoingViewingSecretKeyBuffer) {
+      throw new Error(
+        `Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`,
+      );
+    }
+    const masterOutgoingViewingSecretKey = GrumpkinScalar.fromBuffer(masterOutgoingViewingSecretKeyBuffer);
+
+    return Promise.resolve(
+      poseidon2Hash([
+        masterOutgoingViewingSecretKey.high,
+        masterOutgoingViewingSecretKey.low,
+        app,
+        GeneratorIndex.OVSK_M,
+      ]),
+    );
+  }
+
+  /**
+   * Retrieves the sk_m for the pk_m and a generator index of the key type.
+   * @throws If the provided public key is not associated with any of the registered accounts.
+   * @param pkM - The master public key to get secret key for.
+   * @returns A Promise that resolves to sk_m.
+   * @dev Used when feeding the sk_m to the kernel circuit for keys verification.
+   */
+  public getMasterSecretKeyAndAppKeyGenerator(pkM: PublicKey): Promise<[GrumpkinPrivateKey, KeyGenerator]> {
+    const [keyPrefix, account] = this.#getKeyPrefixAndAccount(pkM);
+
+    // We get the secret keys buffer and iterate over the values in the buffer to find the one that matches pkM
+    let sk: GrumpkinScalar | undefined;
+    {
+      const secretKeysBuffer = this.#keys.get(`${account.toString()}-${keyPrefix}sk_m`);
+      if (!secretKeysBuffer) {
+        throw new Error(
+          `Could not find ${keyPrefix}sk_m for ${keyPrefix}pk_m ${pkM.toString()}. This should not happen.`,
+        );
+      }
+
+      const numKeys = this.#calculateNumKeys(secretKeysBuffer, GrumpkinScalar);
+      for (let i = 0; i < numKeys; i++) {
+        const foundSk = GrumpkinScalar.fromBuffer(
+          secretKeysBuffer.subarray(i * GrumpkinScalar.SIZE_IN_BYTES, (i + 1) * GrumpkinScalar.SIZE_IN_BYTES),
+        );
+        if (derivePublicKeyFromSecretKey(foundSk).equals(pkM)) {
+          sk = foundSk;
+          break;
+        }
+      }
+
+      if (!sk) {
+        throw new Error(`Could not find ${keyPrefix}skM for ${keyPrefix}pkM ${pkM.toString()} in secret keys buffer.`);
+      }
+    }
+
+    // Now we determine the key type and return generator accordingly
+    const generator = getKeyGenerator(keyPrefix);
+    return Promise.resolve([sk, generator]);
+  }
+
+  /**
+   * Retrieves the master incoming viewing secret key (ivsk_m) corresponding to the specified master incoming viewing
+   * public key (Ivpk_m).
+   * @throws If the provided public key is not associated with any of the registered accounts.
+   * @param masterIncomingViewingPublicKey - The master nullifier public key to get secret key for.
+   * @returns A Promise that resolves to the master nullifier secret key.
+   * @dev Used when feeding the master nullifier secret key to the kernel circuit for nullifier keys verification.
+   */
+  public getMasterIncomingViewingSecretKeyForPublicKey(
+    masterIncomingViewingPublicKey: PublicKey,
+  ): Promise<GrumpkinPrivateKey> {
+    // We iterate over the map keys to find the account address that corresponds to the provided public key
+    for (const [key, value] of this.#keys.entries()) {
+      if (value.equals(masterIncomingViewingPublicKey.toBuffer())) {
+        // We extract the account address from the map key
+        const account = key.split('-')[0];
+        // We fetch the secret key and return it
+        const masterIncomingViewingSecretKeyBuffer = this.#keys.get(`${account.toString()}-ivsk_m`);
+        if (!masterIncomingViewingSecretKeyBuffer) {
+          throw new Error(`Could not find master incoming viewing secret key for account ${account.toString()}`);
+        }
+        return Promise.resolve(GrumpkinScalar.fromBuffer(masterIncomingViewingSecretKeyBuffer));
+      }
+    }
+
+    throw new Error(
+      `Could not find master incoming viewing secret key for public key ${masterIncomingViewingPublicKey.toString()}`,
+    );
+  }
+
+  /**
+   * Rotates the master nullifier key for the specified account.
+   *
+   * @dev This function updates the secret and public keys associated with the account.
+   * It appends a new secret key to the existing secret keys, derives the
+   * corresponding public key, and updates the stored keys accordingly.
+   *
+   * @param account - The account address for which the master nullifier key is being rotated.
+   * @param newSecretKey - (Optional) A new secret key of type Fq. If not provided, a random key is generated.
+   * @throws If the account does not have existing nullifier secret keys or public keys.
+   * @returns A Promise that resolves when the key rotation is complete.
+   */
+  public async rotateMasterNullifierKey(account: AztecAddress, newSecretKey: Fq = Fq.random()) {
+    // We append the secret key to the array of secret keys
+    await this.#appendValue(`${account.toString()}-nsk_m`, newSecretKey);
+
+    // Now we derive the public key from the new secret key and append it to the buffer of original public keys
+    const newPublicKey = derivePublicKeyFromSecretKey(newSecretKey);
+    await this.#appendValue(`${account.toString()}-npk_m`, newPublicKey);
+
+    // At last we store npk_m_hash under `account-npk_m_hash` key to be able to obtain address and key prefix
+    // using the #getKeyPrefixAndAccount function later on
+    await this.#appendValue(`${account.toString()}-npk_m_hash`, newPublicKey.hash());
+  }
+
+  /**
+   * Gets the key prefix and account address for a given value.
+   * @returns A tuple containing the key prefix and account address.
+   * @dev Note that this is quite inefficient but it should not matter because there should never be too many keys
+   * in the key store.
+   */
+  #getKeyPrefixAndAccount(value: Bufferable): [KeyPrefix, AztecAddress] {
+    const valueBuffer = serializeToBuffer(value);
+    for (const [key, val] of this.#keys.entries()) {
+      // `val` can contain multiple values due to key rotation so we check if the value is in the buffer instead
+      // of just calling `.equals(...)`
+      if (val.includes(valueBuffer)) {
+        for (const prefix of KEY_PREFIXES) {
+          if (key.includes(`-${prefix}`)) {
+            const account = AztecAddress.fromString(key.split('-')[0]);
+            return [prefix, account];
+          }
+        }
+      }
+    }
+    throw new Error(`Could not find key prefix.`);
+  }
+
+  async #appendValue(key: string, value: Bufferable) {
+    const currentValue = this.#keys.get(key);
+    if (!currentValue) {
+      throw new Error(`Could not find current value for key ${key}`);
+    }
+
+    await this.#keys.set(key, serializeToBuffer([currentValue, value]));
+  }
+
+  #calculateNumKeys(buf: Buffer, T: typeof Point | typeof Fq) {
+    return buf.byteLength / T.SIZE_IN_BYTES;
+  }
+}

package/dest/test_key_store.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"test_key_store.d.ts","sourceRoot":"","sources":["../src/test_key_store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,QAAQ,EAAE,KAAK,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACrE,OAAO,EACL,YAAY,EACZ,eAAe,EACf,EAAE,EAEF,KAAK,kBAAkB,EAEvB,KAAK,cAAc,EAKpB,MAAM,oBAAoB,CAAC;AAE5B,OAAO,EAAE,KAAK,YAAY,EAAiB,MAAM,iBAAiB,CAAC;AAEnE;;;GAGG;AACH,qBAAa,YAAa,YAAW,QAAQ;;gBAG/B,QAAQ,EAAE,YAAY;IAIlC;;;OAGG;IACI,aAAa,IAAI,OAAO,CAAC,eAAe,CAAC;IAMhD;;;;;OAKG;IACU,UAAU,CAAC,EAAE,EAAE,EAAE,EAAE,cAAc,EAAE,cAAc,GAAG,OAAO,CAAC,eAAe,CAAC;IA6BzF;;;OAGG;IACI,WAAW,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;IAO7C;;;;;OAKG;IACU,2BAA2B,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;IAUnF;;;;;OAKG;IACU,iCAAiC,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;IAUzF;;;;;OAKG;IACU,iCAAiC,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;IAUzF;;;;;OAKG;IACU,yBAAyB,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,SAAS,CAAC;IAUjF;;;;;;OAMG;IACU,wBAAwB,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,EAAE,CAAC;IAY5F;;;;;;OAMG;IACU,8BAA8B,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,EAAE,CAAC;IAmBlG;;;;;;OAMG;IACU,8BAA8B,CAAC,OAAO,EAAE,YAAY,EAAE,GAAG,EAAE,YAAY,GAAG,OAAO,CAAC,EAAE,CAAC;IAmBlG;;;;;;;OAOG;IACI,uCAAuC,CAAC,wBAAwB,EAAE,SAAS,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAkBhH;;;;;;;OAOG;IACI,6CAA6C,CAClD,8BAA8B,EAAE,SAAS,GACxC,OAAO,CAAC,kBAAkB,CAAC;IAoB9B;;;;;OAKG;IACU,iBAAiB,CAAC,OAAO,EAAE,YAAY,GAAG,OAAO,CAAC,EAAE,CAAC;CASnE"}

package/dest/test_key_store.js

@@ -1,227 +0,0 @@
-var _TestKeyStore_keys;
-import { __classPrivateFieldGet, __classPrivateFieldSet } from "tslib";
-import { AztecAddress, CompleteAddress, Fr, GeneratorIndex, GrumpkinScalar, Point, computeAddress, computeAppNullifierSecretKey, deriveKeys, } from '@aztec/circuits.js';
-import { poseidon2Hash } from '@aztec/foundation/crypto';
-/**
- * TestKeyStore is an implementation of the KeyStore interface, used for managing key pairs in a testing environment.
- * It should be utilized in testing scenarios where secure key management is not required, and ease-of-use is prioritized.
- */
-export class TestKeyStore {
-    constructor(database) {
-        _TestKeyStore_keys.set(this, void 0);
-        __classPrivateFieldSet(this, _TestKeyStore_keys, database.openMap('key_store'), "f");
-    }
-    /**
-     * Creates a new account from a randomly generated secret key.
-     * @returns A promise that resolves to the newly created account's CompleteAddress.
-     */
-    createAccount() {
-        const sk = Fr.random();
-        const partialAddress = Fr.random();
-        return this.addAccount(sk, partialAddress);
-    }
-    /**
-     * Adds an account to the key store from the provided secret key.
-     * @param sk - The secret key of the account.
-     * @param partialAddress - The partial address of the account.
-     * @returns The account's complete address.
-     */
-    async addAccount(sk, partialAddress) {
-        const { masterNullifierSecretKey, masterIncomingViewingSecretKey, masterOutgoingViewingSecretKey, masterTaggingSecretKey, publicKeys, } = deriveKeys(sk);
-        const publicKeysHash = publicKeys.hash();
-        const accountAddress = computeAddress(publicKeysHash, partialAddress);
-        // We save the keys to db
-        await __classPrivateFieldGet(this, _TestKeyStore_keys, "f").set(`${accountAddress.toString()}-public_keys_hash`, publicKeysHash.toBuffer());
-        await __classPrivateFieldGet(this, _TestKeyStore_keys, "f").set(`${accountAddress.toString()}-nsk_m`, masterNullifierSecretKey.toBuffer());
-        await __classPrivateFieldGet(this, _TestKeyStore_keys, "f").set(`${accountAddress.toString()}-ivsk_m`, masterIncomingViewingSecretKey.toBuffer());
-        await __classPrivateFieldGet(this, _TestKeyStore_keys, "f").set(`${accountAddress.toString()}-ovsk_m`, masterOutgoingViewingSecretKey.toBuffer());
-        await __classPrivateFieldGet(this, _TestKeyStore_keys, "f").set(`${accountAddress.toString()}-tsk_m`, masterTaggingSecretKey.toBuffer());
-        await __classPrivateFieldGet(this, _TestKeyStore_keys, "f").set(`${accountAddress.toString()}-npk_m`, publicKeys.masterNullifierPublicKey.toBuffer());
-        await __classPrivateFieldGet(this, _TestKeyStore_keys, "f").set(`${accountAddress.toString()}-ivpk_m`, publicKeys.masterIncomingViewingPublicKey.toBuffer());
-        await __classPrivateFieldGet(this, _TestKeyStore_keys, "f").set(`${accountAddress.toString()}-ovpk_m`, publicKeys.masterOutgoingViewingPublicKey.toBuffer());
-        await __classPrivateFieldGet(this, _TestKeyStore_keys, "f").set(`${accountAddress.toString()}-tpk_m`, publicKeys.masterTaggingPublicKey.toBuffer());
-        // At last, we return the newly derived account address
-        return Promise.resolve(new CompleteAddress(accountAddress, publicKeys, partialAddress));
-    }
-    /**
-     * Retrieves addresses of accounts stored in the key store.
-     * @returns A Promise that resolves to an array of account addresses.
-     */
-    getAccounts() {
-        const allMapKeys = Array.from(__classPrivateFieldGet(this, _TestKeyStore_keys, "f").keys());
-        // We return account addresses based on the map keys that end with '-nsk_m'
-        const accounts = allMapKeys.filter(key => key.endsWith('-nsk_m')).map(key => key.split('-')[0]);
-        return Promise.resolve(accounts.map(account => AztecAddress.fromString(account)));
-    }
-    /**
-     * Gets the master nullifier public key for a given account.
-     * @throws If the account does not exist in the key store.
-     * @param account - The account address for which to retrieve the master nullifier public key.
-     * @returns The master nullifier public key for the account.
-     */
-    async getMasterNullifierPublicKey(account) {
-        const masterNullifierPublicKeyBuffer = __classPrivateFieldGet(this, _TestKeyStore_keys, "f").get(`${account.toString()}-npk_m`);
-        if (!masterNullifierPublicKeyBuffer) {
-            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
-        }
-        return Promise.resolve(Point.fromBuffer(masterNullifierPublicKeyBuffer));
-    }
-    /**
-     * Gets the master incoming viewing public key for a given account.
-     * @throws If the account does not exist in the key store.
-     * @param account - The account address for which to retrieve the master incoming viewing public key.
-     * @returns The master incoming viewing public key for the account.
-     */
-    async getMasterIncomingViewingPublicKey(account) {
-        const masterIncomingViewingPublicKeyBuffer = __classPrivateFieldGet(this, _TestKeyStore_keys, "f").get(`${account.toString()}-ivpk_m`);
-        if (!masterIncomingViewingPublicKeyBuffer) {
-            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
-        }
-        return Promise.resolve(Point.fromBuffer(masterIncomingViewingPublicKeyBuffer));
-    }
-    /**
-     * Retrieves the master outgoing viewing public key.
-     * @throws If the account does not exist in the key store.
-     * @param account - The account to retrieve the master outgoing viewing key for.
-     * @returns A Promise that resolves to the master outgoing viewing key.
-     */
-    async getMasterOutgoingViewingPublicKey(account) {
-        const masterOutgoingViewingPublicKeyBuffer = __classPrivateFieldGet(this, _TestKeyStore_keys, "f").get(`${account.toString()}-ovpk_m`);
-        if (!masterOutgoingViewingPublicKeyBuffer) {
-            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
-        }
-        return Promise.resolve(Point.fromBuffer(masterOutgoingViewingPublicKeyBuffer));
-    }
-    /**
-     * Retrieves the master tagging public key.
-     * @throws If the account does not exist in the key store.
-     * @param account - The account to retrieve the master tagging key for.
-     * @returns A Promise that resolves to the master tagging key.
-     */
-    async getMasterTaggingPublicKey(account) {
-        const masterTaggingPublicKeyBuffer = __classPrivateFieldGet(this, _TestKeyStore_keys, "f").get(`${account.toString()}-tpk_m`);
-        if (!masterTaggingPublicKeyBuffer) {
-            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
-        }
-        return Promise.resolve(Point.fromBuffer(masterTaggingPublicKeyBuffer));
-    }
-    /**
-     * Retrieves application nullifier secret key.
-     * @throws If the account does not exist in the key store.
-     * @param account - The account to retrieve the application nullifier secret key for.
-     * @param app - The application address to retrieve the nullifier secret key for.
-     * @returns A Promise that resolves to the application nullifier secret key.
-     */
-    async getAppNullifierSecretKey(account, app) {
-        const masterNullifierSecretKeyBuffer = __classPrivateFieldGet(this, _TestKeyStore_keys, "f").get(`${account.toString()}-nsk_m`);
-        if (!masterNullifierSecretKeyBuffer) {
-            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
-        }
-        const masterNullifierSecretKey = GrumpkinScalar.fromBuffer(masterNullifierSecretKeyBuffer);
-        const appNullifierSecretKey = computeAppNullifierSecretKey(masterNullifierSecretKey, app);
-        return Promise.resolve(appNullifierSecretKey);
-    }
-    /**
-     * Retrieves application incoming viewing secret key.
-     * @throws If the account does not exist in the key store.
-     * @param account - The account to retrieve the application incoming viewing secret key for.
-     * @param app - The application address to retrieve the incoming viewing secret key for.
-     * @returns A Promise that resolves to the application incoming viewing secret key.
-     */
-    async getAppIncomingViewingSecretKey(account, app) {
-        const masterIncomingViewingSecretKeyBuffer = __classPrivateFieldGet(this, _TestKeyStore_keys, "f").get(`${account.toString()}-ivsk_m`);
-        if (!masterIncomingViewingSecretKeyBuffer) {
-            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
-        }
-        const masterIncomingViewingSecretKey = GrumpkinScalar.fromBuffer(masterIncomingViewingSecretKeyBuffer);
-        return Promise.resolve(poseidon2Hash([
-            masterIncomingViewingSecretKey.high,
-            masterIncomingViewingSecretKey.low,
-            app,
-            GeneratorIndex.IVSK_M,
-        ]));
-    }
-    /**
-     * Retrieves application outgoing viewing secret key.
-     * @throws If the account does not exist in the key store.
-     * @param account - The account to retrieve the application outgoing viewing secret key for.
-     * @param app - The application address to retrieve the outgoing viewing secret key for.
-     * @returns A Promise that resolves to the application outgoing viewing secret key.
-     */
-    async getAppOutgoingViewingSecretKey(account, app) {
-        const masterOutgoingViewingSecretKeyBuffer = __classPrivateFieldGet(this, _TestKeyStore_keys, "f").get(`${account.toString()}-ovsk_m`);
-        if (!masterOutgoingViewingSecretKeyBuffer) {
-            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
-        }
-        const masterOutgoingViewingSecretKey = GrumpkinScalar.fromBuffer(masterOutgoingViewingSecretKeyBuffer);
-        return Promise.resolve(poseidon2Hash([
-            masterOutgoingViewingSecretKey.high,
-            masterOutgoingViewingSecretKey.low,
-            app,
-            GeneratorIndex.OVSK_M,
-        ]));
-    }
-    /**
-     * Retrieves the master nullifier secret key (nsk_m) corresponding to the specified master nullifier public key
-     * (Npk_m).
-     * @throws If the provided public key is not associated with any of the registered accounts.
-     * @param masterNullifierPublicKey - The master nullifier public key to get secret key for.
-     * @returns A Promise that resolves to the master nullifier secret key.
-     * @dev Used when feeding the master nullifier secret key to the kernel circuit for nullifier keys verification.
-     */
-    getMasterNullifierSecretKeyForPublicKey(masterNullifierPublicKey) {
-        // We iterate over the map keys to find the account address that corresponds to the provided public key
-        for (const [key, value] of __classPrivateFieldGet(this, _TestKeyStore_keys, "f").entries()) {
-            if (value.equals(masterNullifierPublicKey.toBuffer())) {
-                // We extract the account address from the map key
-                const accountAddress = key.split('-')[0];
-                // We fetch the secret key and return it
-                const masterNullifierSecretKeyBuffer = __classPrivateFieldGet(this, _TestKeyStore_keys, "f").get(`${accountAddress.toString()}-nsk_m`);
-                if (!masterNullifierSecretKeyBuffer) {
-                    throw new Error(`Could not find master nullifier secret key for account ${accountAddress.toString()}`);
-                }
-                return Promise.resolve(GrumpkinScalar.fromBuffer(masterNullifierSecretKeyBuffer));
-            }
-        }
-        throw new Error(`Could not find master nullifier secret key for public key ${masterNullifierPublicKey.toString()}`);
-    }
-    /**
-     * Retrieves the master incoming viewing secret key (ivsk_m) corresponding to the specified master incoming viewing
-     * public key (Ivpk_m).
-     * @throws If the provided public key is not associated with any of the registered accounts.
-     * @param masterIncomingViewingPublicKey - The master nullifier public key to get secret key for.
-     * @returns A Promise that resolves to the master nullifier secret key.
-     * @dev Used when feeding the master nullifier secret key to the kernel circuit for nullifier keys verification.
-     */
-    getMasterIncomingViewingSecretKeyForPublicKey(masterIncomingViewingPublicKey) {
-        // We iterate over the map keys to find the account address that corresponds to the provided public key
-        for (const [key, value] of __classPrivateFieldGet(this, _TestKeyStore_keys, "f").entries()) {
-            if (value.equals(masterIncomingViewingPublicKey.toBuffer())) {
-                // We extract the account address from the map key
-                const accountAddress = key.split('-')[0];
-                // We fetch the secret key and return it
-                const masterIncomingViewingSecretKeyBuffer = __classPrivateFieldGet(this, _TestKeyStore_keys, "f").get(`${accountAddress.toString()}-ivsk_m`);
-                if (!masterIncomingViewingSecretKeyBuffer) {
-                    throw new Error(`Could not find master incoming viewing secret key for account ${accountAddress.toString()}`);
-                }
-                return Promise.resolve(GrumpkinScalar.fromBuffer(masterIncomingViewingSecretKeyBuffer));
-            }
-        }
-        throw new Error(`Could not find master incoming viewing secret key for public key ${masterIncomingViewingPublicKey.toString()}`);
-    }
-    /**
-     * Retrieves public keys hash of the account
-     * @throws If the provided account address is not associated with any of the registered accounts.
-     * @param account - The account address to get public keys hash for.
-     * @returns A Promise that resolves to the public keys hash.
-     */
-    async getPublicKeysHash(account) {
-        const publicKeysHashBuffer = __classPrivateFieldGet(this, _TestKeyStore_keys, "f").get(`${account.toString()}-public_keys_hash`);
-        if (!publicKeysHashBuffer) {
-            throw new Error(`Account ${account.toString()} does not exist. Registered accounts: ${await this.getAccounts()}.`);
-        }
-        return Promise.resolve(Fr.fromBuffer(publicKeysHashBuffer));
-    }
-}
-_TestKeyStore_keys = new WeakMap();
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoidGVzdF9rZXlfc3RvcmUuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvdGVzdF9rZXlfc3RvcmUudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFDQSxPQUFPLEVBQ0wsWUFBWSxFQUNaLGVBQWUsRUFDZixFQUFFLEVBQ0YsY0FBYyxFQUVkLGNBQWMsRUFFZCxLQUFLLEVBQ0wsY0FBYyxFQUNkLDRCQUE0QixFQUM1QixVQUFVLEdBQ1gsTUFBTSxvQkFBb0IsQ0FBQztBQUM1QixPQUFPLEVBQUUsYUFBYSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFHekQ7OztHQUdHO0FBQ0gsTUFBTSxPQUFPLFlBQVk7SUFHdkIsWUFBWSxRQUFzQjtRQUZsQyxxQ0FBZ0M7UUFHOUIsdUJBQUEsSUFBSSxzQkFBUyxRQUFRLENBQUMsT0FBTyxDQUFDLFdBQVcsQ0FBQyxNQUFBLENBQUM7SUFDN0MsQ0FBQztJQUVEOzs7T0FHRztJQUNJLGFBQWE7UUFDbEIsTUFBTSxFQUFFLEdBQUcsRUFBRSxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ3ZCLE1BQU0sY0FBYyxHQUFHLEVBQUUsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUNuQyxPQUFPLElBQUksQ0FBQyxVQUFVLENBQUMsRUFBRSxFQUFFLGNBQWMsQ0FBQyxDQUFDO0lBQzdDLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNJLEtBQUssQ0FBQyxVQUFVLENBQUMsRUFBTSxFQUFFLGNBQThCO1FBQzVELE1BQU0sRUFDSix3QkFBd0IsRUFDeEIsOEJBQThCLEVBQzlCLDhCQUE4QixFQUM5QixzQkFBc0IsRUFDdEIsVUFBVSxHQUNYLEdBQUcsVUFBVSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBRW5CLE1BQU0sY0FBYyxHQUFHLFVBQVUsQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUN6QyxNQUFNLGNBQWMsR0FBRyxjQUFjLENBQUMsY0FBYyxFQUFFLGNBQWMsQ0FBQyxDQUFDO1FBRXRFLHlCQUF5QjtRQUN6QixNQUFNLHVCQUFBLElBQUksMEJBQU0sQ0FBQyxHQUFHLENBQUMsR0FBRyxjQUFjLENBQUMsUUFBUSxFQUFFLG1CQUFtQixFQUFFLGNBQWMsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1FBRWpHLE1BQU0sdUJBQUEsSUFBSSwwQkFBTSxDQUFDLEdBQUcsQ0FBQyxHQUFHLGNBQWMsQ0FBQyxRQUFRLEVBQUUsUUFBUSxFQUFFLHdCQUF3QixDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFDaEcsTUFBTSx1QkFBQSxJQUFJLDBCQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsY0FBYyxDQUFDLFFBQVEsRUFBRSxTQUFTLEVBQUUsOEJBQThCLENBQUMsUUFBUSxFQUFFLENBQUMsQ0FBQztRQUN2RyxNQUFNLHVCQUFBLElBQUksMEJBQU0sQ0FBQyxHQUFHLENBQUMsR0FBRyxjQUFjLENBQUMsUUFBUSxFQUFFLFNBQVMsRUFBRSw4QkFBOEIsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDO1FBQ3ZHLE1BQU0sdUJBQUEsSUFBSSwwQkFBTSxDQUFDLEdBQUcsQ0FBQyxHQUFHLGNBQWMsQ0FBQyxRQUFRLEVBQUUsUUFBUSxFQUFFLHNCQUFzQixDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFFOUYsTUFBTSx1QkFBQSxJQUFJLDBCQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsY0FBYyxDQUFDLFFBQVEsRUFBRSxRQUFRLEVBQUUsVUFBVSxDQUFDLHdCQUF3QixDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFDM0csTUFBTSx1QkFBQSxJQUFJLDBCQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsY0FBYyxDQUFDLFFBQVEsRUFBRSxTQUFTLEVBQUUsVUFBVSxDQUFDLDhCQUE4QixDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFDbEgsTUFBTSx1QkFBQSxJQUFJLDBCQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsY0FBYyxDQUFDLFFBQVEsRUFBRSxTQUFTLEVBQUUsVUFBVSxDQUFDLDhCQUE4QixDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFDbEgsTUFBTSx1QkFBQSxJQUFJLDBCQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsY0FBYyxDQUFDLFFBQVEsRUFBRSxRQUFRLEVBQUUsVUFBVSxDQUFDLHNCQUFzQixDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFFekcsdURBQXVEO1FBQ3ZELE9BQU8sT0FBTyxDQUFDLE9BQU8sQ0FBQyxJQUFJLGVBQWUsQ0FBQyxjQUFjLEVBQUUsVUFBVSxFQUFFLGNBQWMsQ0FBQyxDQUFDLENBQUM7SUFDMUYsQ0FBQztJQUVEOzs7T0FHRztJQUNJLFdBQVc7UUFDaEIsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLElBQUksQ0FBQyx1QkFBQSxJQUFJLDBCQUFNLENBQUMsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUNqRCwyRUFBMkU7UUFDM0UsTUFBTSxRQUFRLEdBQUcsVUFBVSxDQUFDLE1BQU0sQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQyxHQUFHLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDaEcsT0FBTyxPQUFPLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxHQUFHLENBQUMsT0FBTyxDQUFDLEVBQUUsQ0FBQyxZQUFZLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUNwRixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSSxLQUFLLENBQUMsMkJBQTJCLENBQUMsT0FBcUI7UUFDNUQsTUFBTSw4QkFBOEIsR0FBRyx1QkFBQSxJQUFJLDBCQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsT0FBTyxDQUFDLFFBQVEsRUFBRSxRQUFRLENBQUMsQ0FBQztRQUNyRixJQUFJLENBQUMsOEJBQThCLEVBQUUsQ0FBQztZQUNwQyxNQUFNLElBQUksS0FBSyxDQUNiLFdBQVcsT0FBTyxDQUFDLFFBQVEsRUFBRSx5Q0FBeUMsTUFBTSxJQUFJLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FDbEcsQ0FBQztRQUNKLENBQUM7UUFDRCxPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDLENBQUM7SUFDM0UsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ksS0FBSyxDQUFDLGlDQUFpQyxDQUFDLE9BQXFCO1FBQ2xFLE1BQU0sb0NBQW9DLEdBQUcsdUJBQUEsSUFBSSwwQkFBTSxDQUFDLEdBQUcsQ0FBQyxHQUFHLE9BQU8sQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLENBQUM7UUFDNUYsSUFBSSxDQUFDLG9DQUFvQyxFQUFFLENBQUM7WUFDMUMsTUFBTSxJQUFJLEtBQUssQ0FDYixXQUFXLE9BQU8sQ0FBQyxRQUFRLEVBQUUseUNBQXlDLE1BQU0sSUFBSSxDQUFDLFdBQVcsRUFBRSxHQUFHLENBQ2xHLENBQUM7UUFDSixDQUFDO1FBQ0QsT0FBTyxPQUFPLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsb0NBQW9DLENBQUMsQ0FBQyxDQUFDO0lBQ2pGLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNJLEtBQUssQ0FBQyxpQ0FBaUMsQ0FBQyxPQUFxQjtRQUNsRSxNQUFNLG9DQUFvQyxHQUFHLHVCQUFBLElBQUksMEJBQU0sQ0FBQyxHQUFHLENBQUMsR0FBRyxPQUFPLENBQUMsUUFBUSxFQUFFLFNBQVMsQ0FBQyxDQUFDO1FBQzVGLElBQUksQ0FBQyxvQ0FBb0MsRUFBRSxDQUFDO1lBQzFDLE1BQU0sSUFBSSxLQUFLLENBQ2IsV0FBVyxPQUFPLENBQUMsUUFBUSxFQUFFLHlDQUF5QyxNQUFNLElBQUksQ0FBQyxXQUFXLEVBQUUsR0FBRyxDQUNsRyxDQUFDO1FBQ0osQ0FBQztRQUNELE9BQU8sT0FBTyxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFDLG9DQUFvQyxDQUFDLENBQUMsQ0FBQztJQUNqRixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSSxLQUFLLENBQUMseUJBQXlCLENBQUMsT0FBcUI7UUFDMUQsTUFBTSw0QkFBNEIsR0FBRyx1QkFBQSxJQUFJLDBCQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsT0FBTyxDQUFDLFFBQVEsRUFBRSxRQUFRLENBQUMsQ0FBQztRQUNuRixJQUFJLENBQUMsNEJBQTRCLEVBQUUsQ0FBQztZQUNsQyxNQUFNLElBQUksS0FBSyxDQUNiLFdBQVcsT0FBTyxDQUFDLFFBQVEsRUFBRSx5Q0FBeUMsTUFBTSxJQUFJLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FDbEcsQ0FBQztRQUNKLENBQUM7UUFDRCxPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyw0QkFBNEIsQ0FBQyxDQUFDLENBQUM7SUFDekUsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNJLEtBQUssQ0FBQyx3QkFBd0IsQ0FBQyxPQUFxQixFQUFFLEdBQWlCO1FBQzVFLE1BQU0sOEJBQThCLEdBQUcsdUJBQUEsSUFBSSwwQkFBTSxDQUFDLEdBQUcsQ0FBQyxHQUFHLE9BQU8sQ0FBQyxRQUFRLEVBQUUsUUFBUSxDQUFDLENBQUM7UUFDckYsSUFBSSxDQUFDLDhCQUE4QixFQUFFLENBQUM7WUFDcEMsTUFBTSxJQUFJLEtBQUssQ0FDYixXQUFXLE9BQU8sQ0FBQyxRQUFRLEVBQUUseUNBQXlDLE1BQU0sSUFBSSxDQUFDLFdBQVcsRUFBRSxHQUFHLENBQ2xHLENBQUM7UUFDSixDQUFDO1FBQ0QsTUFBTSx3QkFBd0IsR0FBRyxjQUFjLENBQUMsVUFBVSxDQUFDLDhCQUE4QixDQUFDLENBQUM7UUFDM0YsTUFBTSxxQkFBcUIsR0FBRyw0QkFBNEIsQ0FBQyx3QkFBd0IsRUFBRSxHQUFHLENBQUMsQ0FBQztRQUMxRixPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQUMscUJBQXFCLENBQUMsQ0FBQztJQUNoRCxDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksS0FBSyxDQUFDLDhCQUE4QixDQUFDLE9BQXFCLEVBQUUsR0FBaUI7UUFDbEYsTUFBTSxvQ0FBb0MsR0FBRyx1QkFBQSxJQUFJLDBCQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsT0FBTyxDQUFDLFFBQVEsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUM1RixJQUFJLENBQUMsb0NBQW9DLEVBQUUsQ0FBQztZQUMxQyxNQUFNLElBQUksS0FBSyxDQUNiLFdBQVcsT0FBTyxDQUFDLFFBQVEsRUFBRSx5Q0FBeUMsTUFBTSxJQUFJLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FDbEcsQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLDhCQUE4QixHQUFHLGNBQWMsQ0FBQyxVQUFVLENBQUMsb0NBQW9DLENBQUMsQ0FBQztRQUV2RyxPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQ3BCLGFBQWEsQ0FBQztZQUNaLDhCQUE4QixDQUFDLElBQUk7WUFDbkMsOEJBQThCLENBQUMsR0FBRztZQUNsQyxHQUFHO1lBQ0gsY0FBYyxDQUFDLE1BQU07U0FDdEIsQ0FBQyxDQUNILENBQUM7SUFDSixDQUFDO0lBRUQ7Ozs7OztPQU1HO0lBQ0ksS0FBSyxDQUFDLDhCQUE4QixDQUFDLE9BQXFCLEVBQUUsR0FBaUI7UUFDbEYsTUFBTSxvQ0FBb0MsR0FBRyx1QkFBQSxJQUFJLDBCQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsT0FBTyxDQUFDLFFBQVEsRUFBRSxTQUFTLENBQUMsQ0FBQztRQUM1RixJQUFJLENBQUMsb0NBQW9DLEVBQUUsQ0FBQztZQUMxQyxNQUFNLElBQUksS0FBSyxDQUNiLFdBQVcsT0FBTyxDQUFDLFFBQVEsRUFBRSx5Q0FBeUMsTUFBTSxJQUFJLENBQUMsV0FBVyxFQUFFLEdBQUcsQ0FDbEcsQ0FBQztRQUNKLENBQUM7UUFDRCxNQUFNLDhCQUE4QixHQUFHLGNBQWMsQ0FBQyxVQUFVLENBQUMsb0NBQW9DLENBQUMsQ0FBQztRQUV2RyxPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQ3BCLGFBQWEsQ0FBQztZQUNaLDhCQUE4QixDQUFDLElBQUk7WUFDbkMsOEJBQThCLENBQUMsR0FBRztZQUNsQyxHQUFHO1lBQ0gsY0FBYyxDQUFDLE1BQU07U0FDdEIsQ0FBQyxDQUNILENBQUM7SUFDSixDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNJLHVDQUF1QyxDQUFDLHdCQUFtQztRQUNoRix1R0FBdUc7UUFDdkcsS0FBSyxNQUFNLENBQUMsR0FBRyxFQUFFLEtBQUssQ0FBQyxJQUFJLHVCQUFBLElBQUksMEJBQU0sQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDO1lBQ2hELElBQUksS0FBSyxDQUFDLE1BQU0sQ0FBQyx3QkFBd0IsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxFQUFFLENBQUM7Z0JBQ3RELGtEQUFrRDtnQkFDbEQsTUFBTSxjQUFjLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztnQkFDekMsd0NBQXdDO2dCQUN4QyxNQUFNLDhCQUE4QixHQUFHLHVCQUFBLElBQUksMEJBQU0sQ0FBQyxHQUFHLENBQUMsR0FBRyxjQUFjLENBQUMsUUFBUSxFQUFFLFFBQVEsQ0FBQyxDQUFDO2dCQUM1RixJQUFJLENBQUMsOEJBQThCLEVBQUUsQ0FBQztvQkFDcEMsTUFBTSxJQUFJLEtBQUssQ0FBQywwREFBMEQsY0FBYyxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsQ0FBQztnQkFDekcsQ0FBQztnQkFDRCxPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLFVBQVUsQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDLENBQUM7WUFDcEYsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLElBQUksS0FBSyxDQUFDLDZEQUE2RCx3QkFBd0IsQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUFDLENBQUM7SUFDdEgsQ0FBQztJQUVEOzs7Ozs7O09BT0c7SUFDSSw2Q0FBNkMsQ0FDbEQsOEJBQXlDO1FBRXpDLHVHQUF1RztRQUN2RyxLQUFLLE1BQU0sQ0FBQyxHQUFHLEVBQUUsS0FBSyxDQUFDLElBQUksdUJBQUEsSUFBSSwwQkFBTSxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUM7WUFDaEQsSUFBSSxLQUFLLENBQUMsTUFBTSxDQUFDLDhCQUE4QixDQUFDLFFBQVEsRUFBRSxDQUFDLEVBQUUsQ0FBQztnQkFDNUQsa0RBQWtEO2dCQUNsRCxNQUFNLGNBQWMsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO2dCQUN6Qyx3Q0FBd0M7Z0JBQ3hDLE1BQU0sb0NBQW9DLEdBQUcsdUJBQUEsSUFBSSwwQkFBTSxDQUFDLEdBQUcsQ0FBQyxHQUFHLGNBQWMsQ0FBQyxRQUFRLEVBQUUsU0FBUyxDQUFDLENBQUM7Z0JBQ25HLElBQUksQ0FBQyxvQ0FBb0MsRUFBRSxDQUFDO29CQUMxQyxNQUFNLElBQUksS0FBSyxDQUFDLGlFQUFpRSxjQUFjLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDO2dCQUNoSCxDQUFDO2dCQUNELE9BQU8sT0FBTyxDQUFDLE9BQU8sQ0FBQyxjQUFjLENBQUMsVUFBVSxDQUFDLG9DQUFvQyxDQUFDLENBQUMsQ0FBQztZQUMxRixDQUFDO1FBQ0gsQ0FBQztRQUVELE1BQU0sSUFBSSxLQUFLLENBQ2Isb0VBQW9FLDhCQUE4QixDQUFDLFFBQVEsRUFBRSxFQUFFLENBQ2hILENBQUM7SUFDSixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSSxLQUFLLENBQUMsaUJBQWlCLENBQUMsT0FBcUI7UUFDbEQsTUFBTSxvQkFBb0IsR0FBRyx1QkFBQSxJQUFJLDBCQUFNLENBQUMsR0FBRyxDQUFDLEdBQUcsT0FBTyxDQUFDLFFBQVEsRUFBRSxtQkFBbUIsQ0FBQyxDQUFDO1FBQ3RGLElBQUksQ0FBQyxvQkFBb0IsRUFBRSxDQUFDO1lBQzFCLE1BQU0sSUFBSSxLQUFLLENBQ2IsV0FBVyxPQUFPLENBQUMsUUFBUSxFQUFFLHlDQUF5QyxNQUFNLElBQUksQ0FBQyxXQUFXLEVBQUUsR0FBRyxDQUNsRyxDQUFDO1FBQ0osQ0FBQztRQUNELE9BQU8sT0FBTyxDQUFDLE9BQU8sQ0FBQyxFQUFFLENBQUMsVUFBVSxDQUFDLG9CQUFvQixDQUFDLENBQUMsQ0FBQztJQUM5RCxDQUFDO0NBQ0YifQ==