@cubist-labs/cubesigner-sdk 0.2.28 → 0.3.1

package/dist/esm/src/role.d.ts

@@ -0,0 +1,283 @@
+import { Key, KeyWithPoliciesInfo, MfaType, PageOpts, RoleInfo, SignerSession, SignerSessionInfo, SignerSessionLifetime, SignerSessionStorage } from ".";
+import { CubeSignerClient } from "./client";
+/**
+ * Restrict transaction receiver.
+ *
+ * @example { TxReceiver: "0x8c594691c0e592ffa21f153a16ae41db5befcaaa" }
+ */
+export type TxReceiver = {
+    TxReceiver: string;
+};
+/** The kind of deposit contracts. */
+export declare enum DepositContract {
+    /** Canonical deposit contract */
+    Canonical = 0,// eslint-disable-line no-unused-vars
+    /** Wrapper deposit contract */
+    Wrapper = 1
+}
+/** Restrict transactions to calls to deposit contract. */
+export type TxDeposit = TxDepositBase | TxDepositPubkey | TxDepositRole;
+/** Restrict transactions to calls to deposit contract*/
+export type TxDepositBase = {
+    TxDeposit: {
+        kind: DepositContract;
+    };
+};
+/**
+ * Restrict transactions to calls to deposit contract with fixed validator (pubkey):
+ *
+ * @example { TxDeposit: { kind: DespositContract.Canonical, validator: { pubkey: "8879...8"} }}
+ */
+export type TxDepositPubkey = {
+    TxDeposit: {
+        kind: DepositContract;
+        pubkey: string;
+    };
+};
+/**
+ * Restrict transactions to calls to deposit contract with any validator key in a role:
+ *
+ * @example { TxDeposit: { kind: DespositContract.Canonical, validator: { role_id: "Role#c63...af"} }}
+ */
+export type TxDepositRole = {
+    TxDeposit: {
+        kind: DepositContract;
+        role_id: string;
+    };
+};
+/**
+ * Only allow connections from clients whose IP addresses match any of these IPv4 CIDR blocks.
+ *
+ * @example { SourceIpAllowlist: [ "123.456.78.9/16" ] }
+ */
+export type SourceIpAllowlist = {
+    SourceIpAllowlist: string[];
+};
+/** All different kinds of sensitive operations. */
+export declare enum OperationKind {
+    BlobSign = "BlobSign",// eslint-disable-line no-unused-vars
+    EvmSign = "Eth1Sign",// eslint-disable-line no-unused-vars
+    Eth2Sign = "Eth2Sign",// eslint-disable-line no-unused-vars
+    Eth2Stake = "Eth2Stake",// eslint-disable-line no-unused-vars
+    Eth2Unstake = "Eth2Unstake",// eslint-disable-line no-unused-vars
+    SolanaSign = "SolanaSign"
+}
+/**
+ * MFA policy
+ *
+ * @example {
+ * {
+ *   count: 1,
+ *   num_auth_factors: 1,
+ *   allowed_mfa_types: [ "Totp" ],
+ *   allowed_approvers: [ "User#123" ],
+ * }
+ */
+export type MfaPolicy = {
+    count?: number;
+    num_auth_factors?: number;
+    allowed_approvers?: string[];
+    allowed_mfa_types?: MfaType[];
+    restricted_operations?: OperationKind[];
+};
+/**
+ * Require MFA for transactions.
+ *
+ * @example {
+ *     RequireMfa: {
+ *       count: 1,
+ *       allowed_mfa_types: [ "Totp" ],
+ *       allowed_approvers: [ "User#123" ],
+ *       restricted_operations: [
+ *         "Eth1Sign",
+ *         "BlobSign"
+ *       ]
+ *     }
+ *   }
+ */
+export type RequireMfa = {
+    RequireMfa: MfaPolicy;
+};
+/** Allow raw blob signing */
+export declare const AllowRawBlobSigning: "AllowRawBlobSigning";
+export type AllowRawBlobSigning = typeof AllowRawBlobSigning;
+/** Allow EIP-191 signing */
+export declare const AllowEip191Signing: "AllowEip191Signing";
+export type AllowEip191Signing = typeof AllowEip191Signing;
+/** Allow EIP-712 signing */
+export declare const AllowEip712Signing: "AllowEip712Signing";
+export type AllowEip712Signing = typeof AllowEip712Signing;
+/** Key policies that restrict the requests that the signing endpoints accept */
+type KeyDenyPolicy = TxReceiver | TxDeposit | SourceIpAllowlist | RequireMfa;
+/**
+ * Key policy
+ *
+ * @example [
+ *   {
+ *     "TxReceiver": "0x8c594691c0e592ffa21f153a16ae41db5befcaaa"
+ *   },
+ *   {
+ *     "TxDeposit": {
+ *       "kind": "Canonical"
+ *     }
+ *   },
+ *   {
+ *     "RequireMfa": {
+ *       "count": 1,
+ *       "allowed_mfa_types": ["CubeSigner"],
+ *       "restricted_operations": [
+ *         "Eth1Sign",
+ *         "BlobSign"
+ *       ]
+ *     }
+ *   }
+ * ]
+ */
+export type KeyPolicy = (KeyDenyPolicy | AllowRawBlobSigning | AllowEip191Signing | AllowEip712Signing)[];
+/** Role policy */
+export type RolePolicy = KeyDenyPolicy[];
+/** A key guarded by a policy. */
+export declare class KeyWithPolicies {
+    #private;
+    readonly keyId: string;
+    readonly policy?: KeyPolicy;
+    /** @return {Promise<Key>} The key */
+    getKey(): Promise<Key>;
+    /**
+     * Constructor.
+     * @param {CubeSignerClient} csc The CubeSigner instance to use for signing.
+     * @param {KeyWithPoliciesInfo} keyWithPolicies The key and its policies
+     * @internal
+     */
+    constructor(csc: CubeSignerClient, keyWithPolicies: KeyWithPoliciesInfo);
+}
+/** Roles. */
+export declare class Role {
+    #private;
+    /** Human-readable name for the role */
+    get name(): string | undefined;
+    /**
+     * The ID of the role.
+     * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
+     */
+    get id(): string;
+    /**
+     * @return {RoleInfo} the cached properties of this role. The cached properties
+     * reflect the state of the last fetch or update (e.g., after awaiting
+     * `Role.enabled()` or `Role.disable()`).
+     */
+    get cached(): RoleInfo;
+    /** Delete the role. */
+    delete(): Promise<void>;
+    /** Is the role enabled? */
+    enabled(): Promise<boolean>;
+    /** Enable the role. */
+    enable(): Promise<void>;
+    /** Disable the role. */
+    disable(): Promise<void>;
+    /**
+     * Set new policy (overwriting any policies previously set for this role)
+     * @param {RolePolicy} policy The new policy to set
+     */
+    setPolicy(policy: RolePolicy): Promise<void>;
+    /**
+     * Append to existing role policy. This append is not atomic---it uses
+     * {@link policy} to fetch the current policy and then {@link setPolicy}
+     * to set the policy---and should not be used in across concurrent sessions.
+     *
+     * @param {RolePolicy} policy The policy to append to the existing one.
+     */
+    appendPolicy(policy: RolePolicy): Promise<void>;
+    /**
+     * Get the policy for the role.
+     * @return {Promise<RolePolicy>} The policy for the role.
+     */
+    policy(): Promise<RolePolicy>;
+    /**
+     * The list of all users with access to the role.
+     * @example [
+     *   "User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f",
+     *   "User#5593c25b-52e2-4fb5-b39b-96d41d681d82"
+     * ]
+     *
+     * @param {PageOpts} page Optional pagination options; by default, retrieves all users.
+     */
+    users(page?: PageOpts): Promise<string[]>;
+    /**
+     * Add an existing user to an existing role.
+     *
+     * @param {string} userId The user-id of the user to add to the role.
+     */
+    addUser(userId: string): Promise<void>;
+    /**
+     * The list of keys in the role.
+     * @example [
+     *    {
+     *     id: "Key#bfe3eccb-731e-430d-b1e5-ac1363e6b06b",
+     *     policy: { TxReceiver: "0x8c594691c0e592ffa21f153a16ae41db5befcaaa" }
+     *    },
+     *  ]
+     *
+     * @param {PageOpts} page Optional pagination options; by default, retrieves all keys in this role.
+     */
+    keys(page?: PageOpts): Promise<KeyWithPolicies[]>;
+    /**
+     * Add a list of existing keys to an existing role.
+     *
+     * @param {Key[]} keys The list of keys to add to the role.
+     * @param {KeyPolicy?} policy The optional policy to apply to each key.
+     */
+    addKeys(keys: Key[], policy?: KeyPolicy): Promise<void>;
+    /**
+     * Add an existing key to an existing role.
+     *
+     * @param {Key} key The key to add to the role.
+     * @param {KeyPolicy?} policy The optional policy to apply to the key.
+     */
+    addKey(key: Key, policy?: KeyPolicy): Promise<void>;
+    /**
+     * Remove an existing key from an existing role.
+     *
+     * @param {Key} key The key to remove from the role.
+     */
+    removeKey(key: Key): Promise<void>;
+    /**
+     * Create a new session for this role.
+     * @param {SignerSessionStorage} storage The session storage to use
+     * @param {string} purpose Descriptive purpose.
+     * @param {SignerSessionLifetime} lifetimes Optional session lifetimes.
+     * @param {string[]} scopes Session scopes. Only `sign:*` scopes are allowed.
+     * @return {Promise<SignerSession>} New signer session.
+     */
+    createSession(storage: SignerSessionStorage, purpose: string, lifetimes?: SignerSessionLifetime, scopes?: string[]): Promise<SignerSession>;
+    /**
+     * List all signer sessions for this role. Returned objects can be used to
+     * revoke individual sessions, but they cannot be used for authentication.
+     *
+     * @param {PageOpts} page Optional pagination options; by default, retrieves all sessions.
+     * @return {Promise<SignerSessionInfo[]>} Signer sessions for this role.
+     */
+    sessions(page?: PageOpts): Promise<SignerSessionInfo[]>;
+    /**
+     * Constructor.
+     * @param {CubeSignerClient} csc The CubeSigner instance to use for signing.
+     * @param {RoleInfo} data The JSON response from the API server.
+     * @internal
+     */
+    constructor(csc: CubeSignerClient, data: RoleInfo);
+    /**
+     * Update the role.
+     *
+     * @param {UpdateRoleRequest} request The JSON request to send to the API server.
+     * @return {Promise<RoleInfo>} The updated role information.
+     */
+    private update;
+    /**
+     * Fetches the role information.
+     *
+     * @return {RoleInfo} The role information.
+     * @internal
+     */
+    private fetch;
+}
+export {};

package/dist/esm/src/role.js

@@ -0,0 +1,248 @@
+var __classPrivateFieldGet = (this && this.__classPrivateFieldGet) || function (receiver, state, kind, f) {
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a getter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot read private member from an object whose class did not declare it");
+    return kind === "m" ? f : kind === "a" ? f.call(receiver) : f ? f.value : state.get(receiver);
+};
+var __classPrivateFieldSet = (this && this.__classPrivateFieldSet) || function (receiver, state, value, kind, f) {
+    if (kind === "m") throw new TypeError("Private method is not writable");
+    if (kind === "a" && !f) throw new TypeError("Private accessor was defined without a setter");
+    if (typeof state === "function" ? receiver !== state || !f : !state.has(receiver)) throw new TypeError("Cannot write private member to an object whose class did not declare it");
+    return (kind === "a" ? f.call(receiver, value) : f ? f.value = value : state.set(receiver, value)), value;
+};
+var _KeyWithPolicies_csc, _Role_csc, _Role_data;
+import { Key, SignerSession, SignerSessionInfo, SignerSessionManager, } from ".";
+/** The kind of deposit contracts. */
+export var DepositContract;
+(function (DepositContract) {
+    /** Canonical deposit contract */
+    DepositContract[DepositContract["Canonical"] = 0] = "Canonical";
+    /** Wrapper deposit contract */
+    DepositContract[DepositContract["Wrapper"] = 1] = "Wrapper";
+})(DepositContract || (DepositContract = {}));
+/** All different kinds of sensitive operations. */
+export var OperationKind;
+(function (OperationKind) {
+    OperationKind["BlobSign"] = "BlobSign";
+    OperationKind["EvmSign"] = "Eth1Sign";
+    OperationKind["Eth2Sign"] = "Eth2Sign";
+    OperationKind["Eth2Stake"] = "Eth2Stake";
+    OperationKind["Eth2Unstake"] = "Eth2Unstake";
+    OperationKind["SolanaSign"] = "SolanaSign";
+})(OperationKind || (OperationKind = {}));
+/** Allow raw blob signing */
+export const AllowRawBlobSigning = "AllowRawBlobSigning";
+/** Allow EIP-191 signing */
+export const AllowEip191Signing = "AllowEip191Signing";
+/** Allow EIP-712 signing */
+export const AllowEip712Signing = "AllowEip712Signing";
+/** A key guarded by a policy. */
+export class KeyWithPolicies {
+    /** @return {Promise<Key>} The key */
+    async getKey() {
+        const keyInfo = await __classPrivateFieldGet(this, _KeyWithPolicies_csc, "f").keyGet(this.keyId);
+        return new Key(__classPrivateFieldGet(this, _KeyWithPolicies_csc, "f"), keyInfo);
+    }
+    /**
+     * Constructor.
+     * @param {CubeSignerClient} csc The CubeSigner instance to use for signing.
+     * @param {KeyWithPoliciesInfo} keyWithPolicies The key and its policies
+     * @internal
+     */
+    constructor(csc, keyWithPolicies) {
+        _KeyWithPolicies_csc.set(this, void 0);
+        __classPrivateFieldSet(this, _KeyWithPolicies_csc, csc, "f");
+        this.keyId = keyWithPolicies.key_id;
+        this.policy = keyWithPolicies.policy;
+    }
+}
+_KeyWithPolicies_csc = new WeakMap();
+/** Roles. */
+export class Role {
+    /** Human-readable name for the role */
+    get name() {
+        return __classPrivateFieldGet(this, _Role_data, "f").name ?? undefined;
+    }
+    /**
+     * The ID of the role.
+     * @example Role#bfe3eccb-731e-430d-b1e5-ac1363e6b06b
+     */
+    get id() {
+        return __classPrivateFieldGet(this, _Role_data, "f").role_id;
+    }
+    /**
+     * @return {RoleInfo} the cached properties of this role. The cached properties
+     * reflect the state of the last fetch or update (e.g., after awaiting
+     * `Role.enabled()` or `Role.disable()`).
+     */
+    get cached() {
+        return __classPrivateFieldGet(this, _Role_data, "f");
+    }
+    /** Delete the role. */
+    async delete() {
+        await __classPrivateFieldGet(this, _Role_csc, "f").roleDelete(this.id);
+    }
+    /** Is the role enabled? */
+    async enabled() {
+        const data = await this.fetch();
+        return data.enabled;
+    }
+    /** Enable the role. */
+    async enable() {
+        await this.update({ enabled: true });
+    }
+    /** Disable the role. */
+    async disable() {
+        await this.update({ enabled: false });
+    }
+    /**
+     * Set new policy (overwriting any policies previously set for this role)
+     * @param {RolePolicy} policy The new policy to set
+     */
+    async setPolicy(policy) {
+        await this.update({ policy: policy });
+    }
+    /**
+     * Append to existing role policy. This append is not atomic---it uses
+     * {@link policy} to fetch the current policy and then {@link setPolicy}
+     * to set the policy---and should not be used in across concurrent sessions.
+     *
+     * @param {RolePolicy} policy The policy to append to the existing one.
+     */
+    async appendPolicy(policy) {
+        const existing = await this.policy();
+        await this.setPolicy([...existing, ...policy]);
+    }
+    /**
+     * Get the policy for the role.
+     * @return {Promise<RolePolicy>} The policy for the role.
+     */
+    async policy() {
+        const data = await this.fetch();
+        return (data.policy ?? []);
+    }
+    /**
+     * The list of all users with access to the role.
+     * @example [
+     *   "User#c3b9379c-4e8c-4216-bd0a-65ace53cf98f",
+     *   "User#5593c25b-52e2-4fb5-b39b-96d41d681d82"
+     * ]
+     *
+     * @param {PageOpts} page Optional pagination options; by default, retrieves all users.
+     */
+    async users(page) {
+        const users = await __classPrivateFieldGet(this, _Role_csc, "f").roleUsersList(this.id, page).fetch();
+        return (users || []).map((u) => u.user_id);
+    }
+    /**
+     * Add an existing user to an existing role.
+     *
+     * @param {string} userId The user-id of the user to add to the role.
+     */
+    async addUser(userId) {
+        await __classPrivateFieldGet(this, _Role_csc, "f").roleUserAdd(this.id, userId);
+    }
+    /**
+     * The list of keys in the role.
+     * @example [
+     *    {
+     *     id: "Key#bfe3eccb-731e-430d-b1e5-ac1363e6b06b",
+     *     policy: { TxReceiver: "0x8c594691c0e592ffa21f153a16ae41db5befcaaa" }
+     *    },
+     *  ]
+     *
+     * @param {PageOpts} page Optional pagination options; by default, retrieves all keys in this role.
+     */
+    async keys(page) {
+        const keysInRole = await __classPrivateFieldGet(this, _Role_csc, "f").roleKeysList(this.id, page).fetch();
+        return keysInRole.map((k) => new KeyWithPolicies(__classPrivateFieldGet(this, _Role_csc, "f"), k));
+    }
+    /**
+     * Add a list of existing keys to an existing role.
+     *
+     * @param {Key[]} keys The list of keys to add to the role.
+     * @param {KeyPolicy?} policy The optional policy to apply to each key.
+     */
+    async addKeys(keys, policy) {
+        await __classPrivateFieldGet(this, _Role_csc, "f").roleKeysAdd(this.id, keys.map((k) => k.id), policy);
+    }
+    /**
+     * Add an existing key to an existing role.
+     *
+     * @param {Key} key The key to add to the role.
+     * @param {KeyPolicy?} policy The optional policy to apply to the key.
+     */
+    async addKey(key, policy) {
+        await this.addKeys([key], policy);
+    }
+    /**
+     * Remove an existing key from an existing role.
+     *
+     * @param {Key} key The key to remove from the role.
+     */
+    async removeKey(key) {
+        await __classPrivateFieldGet(this, _Role_csc, "f").roleKeysRemove(this.id, key.id);
+    }
+    /**
+     * Create a new session for this role.
+     * @param {SignerSessionStorage} storage The session storage to use
+     * @param {string} purpose Descriptive purpose.
+     * @param {SignerSessionLifetime} lifetimes Optional session lifetimes.
+     * @param {string[]} scopes Session scopes. Only `sign:*` scopes are allowed.
+     * @return {Promise<SignerSession>} New signer session.
+     */
+    async createSession(storage, purpose, lifetimes, scopes) {
+        const sessionData = await __classPrivateFieldGet(this, _Role_csc, "f").sessionCreateForRole(this.id, purpose, scopes, lifetimes);
+        await storage.save(sessionData);
+        const manager = await SignerSessionManager.loadFromStorage(storage);
+        return new SignerSession(manager);
+    }
+    /**
+     * List all signer sessions for this role. Returned objects can be used to
+     * revoke individual sessions, but they cannot be used for authentication.
+     *
+     * @param {PageOpts} page Optional pagination options; by default, retrieves all sessions.
+     * @return {Promise<SignerSessionInfo[]>} Signer sessions for this role.
+     */
+    async sessions(page) {
+        const sessions = await __classPrivateFieldGet(this, _Role_csc, "f").sessionsList(this.id, page).fetch();
+        return sessions.map((t) => new SignerSessionInfo(__classPrivateFieldGet(this, _Role_csc, "f"), t.session_id, t.purpose));
+    }
+    // --------------------------------------------------------------------------
+    // -- INTERNAL --------------------------------------------------------------
+    // --------------------------------------------------------------------------
+    /**
+     * Constructor.
+     * @param {CubeSignerClient} csc The CubeSigner instance to use for signing.
+     * @param {RoleInfo} data The JSON response from the API server.
+     * @internal
+     */
+    constructor(csc, data) {
+        _Role_csc.set(this, void 0);
+        /** The role information */
+        _Role_data.set(this, void 0);
+        __classPrivateFieldSet(this, _Role_csc, csc, "f");
+        __classPrivateFieldSet(this, _Role_data, data, "f");
+    }
+    /**
+     * Update the role.
+     *
+     * @param {UpdateRoleRequest} request The JSON request to send to the API server.
+     * @return {Promise<RoleInfo>} The updated role information.
+     */
+    async update(request) {
+        __classPrivateFieldSet(this, _Role_data, await __classPrivateFieldGet(this, _Role_csc, "f").roleUpdate(this.id, request), "f");
+        return __classPrivateFieldGet(this, _Role_data, "f");
+    }
+    /**
+     * Fetches the role information.
+     *
+     * @return {RoleInfo} The role information.
+     * @internal
+     */
+    async fetch() {
+        __classPrivateFieldSet(this, _Role_data, await __classPrivateFieldGet(this, _Role_csc, "f").roleGet(this.id), "f");
+        return __classPrivateFieldGet(this, _Role_data, "f");
+    }
+}
+_Role_csc = new WeakMap(), _Role_data = new WeakMap();
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicm9sZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9yb2xlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7Ozs7OztBQUFBLE9BQU8sRUFDTCxHQUFHLEVBS0gsYUFBYSxFQUNiLGlCQUFpQixFQUVqQixvQkFBb0IsR0FHckIsTUFBTSxHQUFHLENBQUM7QUFVWCxxQ0FBcUM7QUFDckMsTUFBTSxDQUFOLElBQVksZUFLWDtBQUxELFdBQVksZUFBZTtJQUN6QixpQ0FBaUM7SUFDakMsK0RBQVMsQ0FBQTtJQUNULCtCQUErQjtJQUMvQiwyREFBTyxDQUFBO0FBQ1QsQ0FBQyxFQUxXLGVBQWUsS0FBZixlQUFlLFFBSzFCO0FBNkJELG1EQUFtRDtBQUNuRCxNQUFNLENBQU4sSUFBWSxhQU9YO0FBUEQsV0FBWSxhQUFhO0lBQ3ZCLHNDQUFxQixDQUFBO0lBQ3JCLHFDQUFvQixDQUFBO0lBQ3BCLHNDQUFxQixDQUFBO0lBQ3JCLHdDQUF1QixDQUFBO0lBQ3ZCLDRDQUEyQixDQUFBO0lBQzNCLDBDQUF5QixDQUFBO0FBQzNCLENBQUMsRUFQVyxhQUFhLEtBQWIsYUFBYSxRQU94QjtBQXdDRCw2QkFBNkI7QUFDN0IsTUFBTSxDQUFDLE1BQU0sbUJBQW1CLEdBQUcscUJBQThCLENBQUM7QUFHbEUsNEJBQTRCO0FBQzVCLE1BQU0sQ0FBQyxNQUFNLGtCQUFrQixHQUFHLG9CQUE2QixDQUFDO0FBR2hFLDRCQUE0QjtBQUM1QixNQUFNLENBQUMsTUFBTSxrQkFBa0IsR0FBRyxvQkFBNkIsQ0FBQztBQXdDaEUsaUNBQWlDO0FBQ2pDLE1BQU0sT0FBTyxlQUFlO0lBSzFCLHFDQUFxQztJQUNyQyxLQUFLLENBQUMsTUFBTTtRQUNWLE1BQU0sT0FBTyxHQUFHLE1BQU0sdUJBQUEsSUFBSSw0QkFBSyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDbkQsT0FBTyxJQUFJLEdBQUcsQ0FBQyx1QkFBQSxJQUFJLDRCQUFLLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsWUFBWSxHQUFxQixFQUFFLGVBQW9DO1FBaEI5RCx1Q0FBdUI7UUFpQjlCLHVCQUFBLElBQUksd0JBQVEsR0FBRyxNQUFBLENBQUM7UUFDaEIsSUFBSSxDQUFDLEtBQUssR0FBRyxlQUFlLENBQUMsTUFBTSxDQUFDO1FBQ3BDLElBQUksQ0FBQyxNQUFNLEdBQUcsZUFBZSxDQUFDLE1BQThCLENBQUM7SUFDL0QsQ0FBQztDQUNGOztBQUVELGFBQWE7QUFDYixNQUFNLE9BQU8sSUFBSTtJQUtmLHVDQUF1QztJQUN2QyxJQUFJLElBQUk7UUFDTixPQUFPLHVCQUFBLElBQUksa0JBQU0sQ0FBQyxJQUFJLElBQUksU0FBUyxDQUFDO0lBQ3RDLENBQUM7SUFFRDs7O09BR0c7SUFDSCxJQUFJLEVBQUU7UUFDSixPQUFPLHVCQUFBLElBQUksa0JBQU0sQ0FBQyxPQUFPLENBQUM7SUFDNUIsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxJQUFJLE1BQU07UUFDUixPQUFPLHVCQUFBLElBQUksa0JBQU0sQ0FBQztJQUNwQixDQUFDO0lBRUQsdUJBQXVCO0lBQ3ZCLEtBQUssQ0FBQyxNQUFNO1FBQ1YsTUFBTSx1QkFBQSxJQUFJLGlCQUFLLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUN0QyxDQUFDO0lBRUQsMkJBQTJCO0lBQzNCLEtBQUssQ0FBQyxPQUFPO1FBQ1gsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDaEMsT0FBTyxJQUFJLENBQUMsT0FBTyxDQUFDO0lBQ3RCLENBQUM7SUFFRCx1QkFBdUI7SUFDdkIsS0FBSyxDQUFDLE1BQU07UUFDVixNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsRUFBRSxPQUFPLEVBQUUsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUN2QyxDQUFDO0lBRUQsd0JBQXdCO0lBQ3hCLEtBQUssQ0FBQyxPQUFPO1FBQ1gsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsT0FBTyxFQUFFLEtBQUssRUFBRSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVEOzs7T0FHRztJQUNILEtBQUssQ0FBQyxTQUFTLENBQUMsTUFBa0I7UUFDaEMsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLEVBQUUsTUFBTSxFQUFFLE1BQTRDLEVBQUUsQ0FBQyxDQUFDO0lBQzlFLENBQUM7SUFFRDs7Ozs7O09BTUc7SUFDSCxLQUFLLENBQUMsWUFBWSxDQUFDLE1BQWtCO1FBQ25DLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO1FBQ3JDLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDLEdBQUcsUUFBUSxFQUFFLEdBQUcsTUFBTSxDQUFDLENBQUMsQ0FBQztJQUNqRCxDQUFDO0lBRUQ7OztPQUdHO0lBQ0gsS0FBSyxDQUFDLE1BQU07UUFDVixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNoQyxPQUFPLENBQUMsSUFBSSxDQUFDLE1BQU0sSUFBSSxFQUFFLENBQTBCLENBQUM7SUFDdEQsQ0FBQztJQUVEOzs7Ozs7OztPQVFHO0lBQ0gsS0FBSyxDQUFDLEtBQUssQ0FBQyxJQUFlO1FBQ3pCLE1BQU0sS0FBSyxHQUFHLE1BQU0sdUJBQUEsSUFBSSxpQkFBSyxDQUFDLGFBQWEsQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLElBQUksQ0FBQyxDQUFDLEtBQUssRUFBRSxDQUFDO1FBQ25FLE9BQU8sQ0FBQyxLQUFLLElBQUksRUFBRSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDN0MsQ0FBQztJQUVEOzs7O09BSUc7SUFDSCxLQUFLLENBQUMsT0FBTyxDQUFDLE1BQWM7UUFDMUIsTUFBTSx1QkFBQSxJQUFJLGlCQUFLLENBQUMsV0FBVyxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsTUFBTSxDQUFDLENBQUM7SUFDL0MsQ0FBQztJQUVEOzs7Ozs7Ozs7O09BVUc7SUFDSCxLQUFLLENBQUMsSUFBSSxDQUFDLElBQWU7UUFDeEIsTUFBTSxVQUFVLEdBQUcsTUFBTSx1QkFBQSxJQUFJLGlCQUFLLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsSUFBSSxDQUFDLENBQUMsS0FBSyxFQUFFLENBQUM7UUFDdkUsT0FBTyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxJQUFJLGVBQWUsQ0FBQyx1QkFBQSxJQUFJLGlCQUFLLEVBQUUsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUNsRSxDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSCxLQUFLLENBQUMsT0FBTyxDQUFDLElBQVcsRUFBRSxNQUFrQjtRQUMzQyxNQUFNLHVCQUFBLElBQUksaUJBQUssQ0FBQyxXQUFXLENBQ3pCLElBQUksQ0FBQyxFQUFFLEVBQ1AsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxFQUNyQixNQUFNLENBQ1AsQ0FBQztJQUNKLENBQUM7SUFFRDs7Ozs7T0FLRztJQUNILEtBQUssQ0FBQyxNQUFNLENBQUMsR0FBUSxFQUFFLE1BQWtCO1FBQ3ZDLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLEdBQUcsQ0FBQyxFQUFFLE1BQU0sQ0FBQyxDQUFDO0lBQ3BDLENBQUM7SUFFRDs7OztPQUlHO0lBQ0gsS0FBSyxDQUFDLFNBQVMsQ0FBQyxHQUFRO1FBQ3RCLE1BQU0sdUJBQUEsSUFBSSxpQkFBSyxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLEdBQUcsQ0FBQyxFQUFFLENBQUMsQ0FBQztJQUNsRCxDQUFDO0lBRUQ7Ozs7Ozs7T0FPRztJQUNILEtBQUssQ0FBQyxhQUFhLENBQ2pCLE9BQTZCLEVBQzdCLE9BQWUsRUFDZixTQUFpQyxFQUNqQyxNQUFpQjtRQUVqQixNQUFNLFdBQVcsR0FBRyxNQUFNLHVCQUFBLElBQUksaUJBQUssQ0FBQyxvQkFBb0IsQ0FBQyxJQUFJLENBQUMsRUFBRSxFQUFFLE9BQU8sRUFBRSxNQUFNLEVBQUUsU0FBUyxDQUFDLENBQUM7UUFDOUYsTUFBTSxPQUFPLENBQUMsSUFBSSxDQUFDLFdBQVcsQ0FBQyxDQUFDO1FBQ2hDLE1BQU0sT0FBTyxHQUFHLE1BQU0sb0JBQW9CLENBQUMsZUFBZSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQ3BFLE9BQU8sSUFBSSxhQUFhLENBQUMsT0FBTyxDQUFDLENBQUM7SUFDcEMsQ0FBQztJQUVEOzs7Ozs7T0FNRztJQUNILEtBQUssQ0FBQyxRQUFRLENBQUMsSUFBZTtRQUM1QixNQUFNLFFBQVEsR0FBRyxNQUFNLHVCQUFBLElBQUksaUJBQUssQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEVBQUUsRUFBRSxJQUFJLENBQUMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztRQUNyRSxPQUFPLFFBQVEsQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLElBQUksaUJBQWlCLENBQUMsdUJBQUEsSUFBSSxpQkFBSyxFQUFFLENBQUMsQ0FBQyxVQUFVLEVBQUUsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7SUFDeEYsQ0FBQztJQUVELDZFQUE2RTtJQUM3RSw2RUFBNkU7SUFDN0UsNkVBQTZFO0lBRTdFOzs7OztPQUtHO0lBQ0gsWUFBWSxHQUFxQixFQUFFLElBQWM7UUE5THhDLDRCQUF1QjtRQUNoQywyQkFBMkI7UUFDM0IsNkJBQWdCO1FBNkxkLHVCQUFBLElBQUksYUFBUSxHQUFHLE1BQUEsQ0FBQztRQUNoQix1QkFBQSxJQUFJLGNBQVMsSUFBSSxNQUFBLENBQUM7SUFDcEIsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0ssS0FBSyxDQUFDLE1BQU0sQ0FBQyxPQUEwQjtRQUM3Qyx1QkFBQSxJQUFJLGNBQVMsTUFBTSx1QkFBQSxJQUFJLGlCQUFLLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxFQUFFLEVBQUUsT0FBTyxDQUFDLE1BQUEsQ0FBQztRQUMxRCxPQUFPLHVCQUFBLElBQUksa0JBQU0sQ0FBQztJQUNwQixDQUFDO0lBRUQ7Ozs7O09BS0c7SUFDSyxLQUFLLENBQUMsS0FBSztRQUNqQix1QkFBQSxJQUFJLGNBQVMsTUFBTSx1QkFBQSxJQUFJLGlCQUFLLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUMsTUFBQSxDQUFDO1FBQzlDLE9BQU8sdUJBQUEsSUFBSSxrQkFBTSxDQUFDO0lBQ3BCLENBQUM7Q0FDRiIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7XG4gIEtleSxcbiAgS2V5V2l0aFBvbGljaWVzSW5mbyxcbiAgTWZhVHlwZSxcbiAgUGFnZU9wdHMsXG4gIFJvbGVJbmZvLFxuICBTaWduZXJTZXNzaW9uLFxuICBTaWduZXJTZXNzaW9uSW5mbyxcbiAgU2lnbmVyU2Vzc2lvbkxpZmV0aW1lLFxuICBTaWduZXJTZXNzaW9uTWFuYWdlcixcbiAgU2lnbmVyU2Vzc2lvblN0b3JhZ2UsXG4gIFVwZGF0ZVJvbGVSZXF1ZXN0LFxufSBmcm9tIFwiLlwiO1xuaW1wb3J0IHsgQ3ViZVNpZ25lckNsaWVudCB9IGZyb20gXCIuL2NsaWVudFwiO1xuXG4vKipcbiAqIFJlc3RyaWN0IHRyYW5zYWN0aW9uIHJlY2VpdmVyLlxuICpcbiAqIEBleGFtcGxlIHsgVHhSZWNlaXZlcjogXCIweDhjNTk0NjkxYzBlNTkyZmZhMjFmMTUzYTE2YWU0MWRiNWJlZmNhYWFcIiB9XG4gKi9cbmV4cG9ydCB0eXBlIFR4UmVjZWl2ZXIgPSB7IFR4UmVjZWl2ZXI6IHN0cmluZyB9O1xuXG4vKiogVGhlIGtpbmQgb2YgZGVwb3NpdCBjb250cmFjdHMuICovXG5leHBvcnQgZW51bSBEZXBvc2l0Q29udHJhY3Qge1xuICAvKiogQ2Fub25pY2FsIGRlcG9zaXQgY29udHJhY3QgKi9cbiAgQ2Fub25pY2FsLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIC8qKiBXcmFwcGVyIGRlcG9zaXQgY29udHJhY3QgKi9cbiAgV3JhcHBlciwgLy8gZXNsaW50LWRpc2FibGUtbGluZSBuby11bnVzZWQtdmFyc1xufVxuXG4vKiogUmVzdHJpY3QgdHJhbnNhY3Rpb25zIHRvIGNhbGxzIHRvIGRlcG9zaXQgY29udHJhY3QuICovXG5leHBvcnQgdHlwZSBUeERlcG9zaXQgPSBUeERlcG9zaXRCYXNlIHwgVHhEZXBvc2l0UHVia2V5IHwgVHhEZXBvc2l0Um9sZTtcblxuLyoqIFJlc3RyaWN0IHRyYW5zYWN0aW9ucyB0byBjYWxscyB0byBkZXBvc2l0IGNvbnRyYWN0Ki9cbmV4cG9ydCB0eXBlIFR4RGVwb3NpdEJhc2UgPSB7IFR4RGVwb3NpdDogeyBraW5kOiBEZXBvc2l0Q29udHJhY3QgfSB9O1xuXG4vKipcbiAqIFJlc3RyaWN0IHRyYW5zYWN0aW9ucyB0byBjYWxscyB0byBkZXBvc2l0IGNvbnRyYWN0IHdpdGggZml4ZWQgdmFsaWRhdG9yIChwdWJrZXkpOlxuICpcbiAqIEBleGFtcGxlIHsgVHhEZXBvc2l0OiB7IGtpbmQ6IERlc3Bvc2l0Q29udHJhY3QuQ2Fub25pY2FsLCB2YWxpZGF0b3I6IHsgcHVia2V5OiBcIjg4NzkuLi44XCJ9IH19XG4gKi9cbmV4cG9ydCB0eXBlIFR4RGVwb3NpdFB1YmtleSA9IHsgVHhEZXBvc2l0OiB7IGtpbmQ6IERlcG9zaXRDb250cmFjdDsgcHVia2V5OiBzdHJpbmcgfSB9O1xuXG4vKipcbiAqIFJlc3RyaWN0IHRyYW5zYWN0aW9ucyB0byBjYWxscyB0byBkZXBvc2l0IGNvbnRyYWN0IHdpdGggYW55IHZhbGlkYXRvciBrZXkgaW4gYSByb2xlOlxuICpcbiAqIEBleGFtcGxlIHsgVHhEZXBvc2l0OiB7IGtpbmQ6IERlc3Bvc2l0Q29udHJhY3QuQ2Fub25pY2FsLCB2YWxpZGF0b3I6IHsgcm9sZV9pZDogXCJSb2xlI2M2My4uLmFmXCJ9IH19XG4gKi9cbmV4cG9ydCB0eXBlIFR4RGVwb3NpdFJvbGUgPSB7IFR4RGVwb3NpdDogeyBraW5kOiBEZXBvc2l0Q29udHJhY3Q7IHJvbGVfaWQ6IHN0cmluZyB9IH07XG5cbi8qKlxuICogT25seSBhbGxvdyBjb25uZWN0aW9ucyBmcm9tIGNsaWVudHMgd2hvc2UgSVAgYWRkcmVzc2VzIG1hdGNoIGFueSBvZiB0aGVzZSBJUHY0IENJRFIgYmxvY2tzLlxuICpcbiAqIEBleGFtcGxlIHsgU291cmNlSXBBbGxvd2xpc3Q6IFsgXCIxMjMuNDU2Ljc4LjkvMTZcIiBdIH1cbiAqL1xuZXhwb3J0IHR5cGUgU291cmNlSXBBbGxvd2xpc3QgPSB7IFNvdXJjZUlwQWxsb3dsaXN0OiBzdHJpbmdbXSB9O1xuXG4vKiogQWxsIGRpZmZlcmVudCBraW5kcyBvZiBzZW5zaXRpdmUgb3BlcmF0aW9ucy4gKi9cbmV4cG9ydCBlbnVtIE9wZXJhdGlvbktpbmQge1xuICBCbG9iU2lnbiA9IFwiQmxvYlNpZ25cIiwgLy8gZXNsaW50LWRpc2FibGUtbGluZSBuby11bnVzZWQtdmFyc1xuICBFdm1TaWduID0gXCJFdGgxU2lnblwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIEV0aDJTaWduID0gXCJFdGgyU2lnblwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG4gIEV0aDJTdGFrZSA9IFwiRXRoMlN0YWtlXCIsIC8vIGVzbGludC1kaXNhYmxlLWxpbmUgbm8tdW51c2VkLXZhcnNcbiAgRXRoMlVuc3Rha2UgPSBcIkV0aDJVbnN0YWtlXCIsIC8vIGVzbGludC1kaXNhYmxlLWxpbmUgbm8tdW51c2VkLXZhcnNcbiAgU29sYW5hU2lnbiA9IFwiU29sYW5hU2lnblwiLCAvLyBlc2xpbnQtZGlzYWJsZS1saW5lIG5vLXVudXNlZC12YXJzXG59XG5cbi8qKlxuICogTUZBIHBvbGljeVxuICpcbiAqIEBleGFtcGxlIHtcbiAqIHtcbiAqICAgY291bnQ6IDEsXG4gKiAgIG51bV9hdXRoX2ZhY3RvcnM6IDEsXG4gKiAgIGFsbG93ZWRfbWZhX3R5cGVzOiBbIFwiVG90cFwiIF0sXG4gKiAgIGFsbG93ZWRfYXBwcm92ZXJzOiBbIFwiVXNlciMxMjNcIiBdLFxuICogfVxuICovXG5leHBvcnQgdHlwZSBNZmFQb2xpY3kgPSB7XG4gIGNvdW50PzogbnVtYmVyO1xuICBudW1fYXV0aF9mYWN0b3JzPzogbnVtYmVyO1xuICBhbGxvd2VkX2FwcHJvdmVycz86IHN0cmluZ1tdO1xuICBhbGxvd2VkX21mYV90eXBlcz86IE1mYVR5cGVbXTtcbiAgcmVzdHJpY3RlZF9vcGVyYXRpb25zPzogT3BlcmF0aW9uS2luZFtdO1xufTtcblxuLyoqXG4gKiBSZXF1aXJlIE1GQSBmb3IgdHJhbnNhY3Rpb25zLlxuICpcbiAqIEBleGFtcGxlIHtcbiAqICAgICBSZXF1aXJlTWZhOiB7XG4gKiAgICAgICBjb3VudDogMSxcbiAqICAgICAgIGFsbG93ZWRfbWZhX3R5cGVzOiBbIFwiVG90cFwiIF0sXG4gKiAgICAgICBhbGxvd2VkX2FwcHJvdmVyczogWyBcIlVzZXIjMTIzXCIgXSxcbiAqICAgICAgIHJlc3RyaWN0ZWRfb3BlcmF0aW9uczogW1xuICogICAgICAgICBcIkV0aDFTaWduXCIsXG4gKiAgICAgICAgIFwiQmxvYlNpZ25cIlxuICogICAgICAgXVxuICogICAgIH1cbiAqICAgfVxuICovXG5leHBvcnQgdHlwZSBSZXF1aXJlTWZhID0ge1xuICBSZXF1aXJlTWZhOiBNZmFQb2xpY3k7XG59O1xuXG4vKiogQWxsb3cgcmF3IGJsb2Igc2lnbmluZyAqL1xuZXhwb3J0IGNvbnN0IEFsbG93UmF3QmxvYlNpZ25pbmcgPSBcIkFsbG93UmF3QmxvYlNpZ25pbmdcIiBhcyBjb25zdDtcbmV4cG9ydCB0eXBlIEFsbG93UmF3QmxvYlNpZ25pbmcgPSB0eXBlb2YgQWxsb3dSYXdCbG9iU2lnbmluZztcblxuLyoqIEFsbG93IEVJUC0xOTEgc2lnbmluZyAqL1xuZXhwb3J0IGNvbnN0IEFsbG93RWlwMTkxU2lnbmluZyA9IFwiQWxsb3dFaXAxOTFTaWduaW5nXCIgYXMgY29uc3Q7XG5leHBvcnQgdHlwZSBBbGxvd0VpcDE5MVNpZ25pbmcgPSB0eXBlb2YgQWxsb3dFaXAxOTFTaWduaW5nO1xuXG4vKiogQWxsb3cgRUlQLTcxMiBzaWduaW5nICovXG5leHBvcnQgY29uc3QgQWxsb3dFaXA3MTJTaWduaW5nID0gXCJBbGxvd0VpcDcxMlNpZ25pbmdcIiBhcyBjb25zdDtcbmV4cG9ydCB0eXBlIEFsbG93RWlwNzEyU2lnbmluZyA9IHR5cGVvZiBBbGxvd0VpcDcxMlNpZ25pbmc7XG5cbi8qKiBLZXkgcG9saWNpZXMgdGhhdCByZXN0cmljdCB0aGUgcmVxdWVzdHMgdGhhdCB0aGUgc2lnbmluZyBlbmRwb2ludHMgYWNjZXB0ICovXG50eXBlIEtleURlbnlQb2xpY3kgPSBUeFJlY2VpdmVyIHwgVHhEZXBvc2l0IHwgU291cmNlSXBBbGxvd2xpc3QgfCBSZXF1aXJlTWZhO1xuXG4vKipcbiAqIEtleSBwb2xpY3lcbiAqXG4gKiBAZXhhbXBsZSBbXG4gKiAgIHtcbiAqICAgICBcIlR4UmVjZWl2ZXJcIjogXCIweDhjNTk0NjkxYzBlNTkyZmZhMjFmMTUzYTE2YWU0MWRiNWJlZmNhYWFcIlxuICogICB9LFxuICogICB7XG4gKiAgICAgXCJUeERlcG9zaXRcIjoge1xuICogICAgICAgXCJraW5kXCI6IFwiQ2Fub25pY2FsXCJcbiAqICAgICB9XG4gKiAgIH0sXG4gKiAgIHtcbiAqICAgICBcIlJlcXVpcmVNZmFcIjoge1xuICogICAgICAgXCJjb3VudFwiOiAxLFxuICogICAgICAgXCJhbGxvd2VkX21mYV90eXBlc1wiOiBbXCJDdWJlU2lnbmVyXCJdLFxuICogICAgICAgXCJyZXN0cmljdGVkX29wZXJhdGlvbnNcIjogW1xuICogICAgICAgICBcIkV0aDFTaWduXCIsXG4gKiAgICAgICAgIFwiQmxvYlNpZ25cIlxuICogICAgICAgXVxuICogICAgIH1cbiAqICAgfVxuICogXVxuICovXG5leHBvcnQgdHlwZSBLZXlQb2xpY3kgPSAoXG4gIHwgS2V5RGVueVBvbGljeVxuICB8IEFsbG93UmF3QmxvYlNpZ25pbmdcbiAgfCBBbGxvd0VpcDE5MVNpZ25pbmdcbiAgfCBBbGxvd0VpcDcxMlNpZ25pbmdcbilbXTtcblxuLyoqIFJvbGUgcG9saWN5ICovXG5leHBvcnQgdHlwZSBSb2xlUG9saWN5ID0gS2V5RGVueVBvbGljeVtdO1xuXG4vKiogQSBrZXkgZ3VhcmRlZCBieSBhIHBvbGljeS4gKi9cbmV4cG9ydCBjbGFzcyBLZXlXaXRoUG9saWNpZXMge1xuICByZWFkb25seSAjY3NjOiBDdWJlU2lnbmVyQ2xpZW50O1xuICByZWFkb25seSBrZXlJZDogc3RyaW5nO1xuICByZWFkb25seSBwb2xpY3k/OiBLZXlQb2xpY3k7XG5cbiAgLyoqIEByZXR1cm4ge1Byb21pc2U8S2V5Pn0gVGhlIGtleSAqL1xuICBhc3luYyBnZXRLZXkoKTogUHJvbWlzZTxLZXk+IHtcbiAgICBjb25zdCBrZXlJbmZvID0gYXdhaXQgdGhpcy4jY3NjLmtleUdldCh0aGlzLmtleUlkKTtcbiAgICByZXR1cm4gbmV3IEtleSh0aGlzLiNjc2MsIGtleUluZm8pO1xuICB9XG5cbiAgLyoqXG4gICAqIENvbnN0cnVjdG9yLlxuICAgKiBAcGFyYW0ge0N1YmVTaWduZXJDbGllbnR9IGNzYyBUaGUgQ3ViZVNpZ25lciBpbnN0YW5jZSB0byB1c2UgZm9yIHNpZ25pbmcuXG4gICAqIEBwYXJhbSB7S2V5V2l0aFBvbGljaWVzSW5mb30ga2V5V2l0aFBvbGljaWVzIFRoZSBrZXkgYW5kIGl0cyBwb2xpY2llc1xuICAgKiBAaW50ZXJuYWxcbiAgICovXG4gIGNvbnN0cnVjdG9yKGNzYzogQ3ViZVNpZ25lckNsaWVudCwga2V5V2l0aFBvbGljaWVzOiBLZXlXaXRoUG9saWNpZXNJbmZvKSB7XG4gICAgdGhpcy4jY3NjID0gY3NjO1xuICAgIHRoaXMua2V5SWQgPSBrZXlXaXRoUG9saWNpZXMua2V5X2lkO1xuICAgIHRoaXMucG9saWN5ID0ga2V5V2l0aFBvbGljaWVzLnBvbGljeSBhcyB1bmtub3duIGFzIEtleVBvbGljeTtcbiAgfVxufVxuXG4vKiogUm9sZXMuICovXG5leHBvcnQgY2xhc3MgUm9sZSB7XG4gIHJlYWRvbmx5ICNjc2M6IEN1YmVTaWduZXJDbGllbnQ7XG4gIC8qKiBUaGUgcm9sZSBpbmZvcm1hdGlvbiAqL1xuICAjZGF0YTogUm9sZUluZm87XG5cbiAgLyoqIEh1bWFuLXJlYWRhYmxlIG5hbWUgZm9yIHRoZSByb2xlICovXG4gIGdldCBuYW1lKCk6IHN0cmluZyB8IHVuZGVmaW5lZCB7XG4gICAgcmV0dXJuIHRoaXMuI2RhdGEubmFtZSA/PyB1bmRlZmluZWQ7XG4gIH1cblxuICAvKipcbiAgICogVGhlIElEIG9mIHRoZSByb2xlLlxuICAgKiBAZXhhbXBsZSBSb2xlI2JmZTNlY2NiLTczMWUtNDMwZC1iMWU1LWFjMTM2M2U2YjA2YlxuICAgKi9cbiAgZ2V0IGlkKCk6IHN0cmluZyB7XG4gICAgcmV0dXJuIHRoaXMuI2RhdGEucm9sZV9pZDtcbiAgfVxuXG4gIC8qKlxuICAgKiBAcmV0dXJuIHtSb2xlSW5mb30gdGhlIGNhY2hlZCBwcm9wZXJ0aWVzIG9mIHRoaXMgcm9sZS4gVGhlIGNhY2hlZCBwcm9wZXJ0aWVzXG4gICAqIHJlZmxlY3QgdGhlIHN0YXRlIG9mIHRoZSBsYXN0IGZldGNoIG9yIHVwZGF0ZSAoZS5nLiwgYWZ0ZXIgYXdhaXRpbmdcbiAgICogYFJvbGUuZW5hYmxlZCgpYCBvciBgUm9sZS5kaXNhYmxlKClgKS5cbiAgICovXG4gIGdldCBjYWNoZWQoKTogUm9sZUluZm8ge1xuICAgIHJldHVybiB0aGlzLiNkYXRhO1xuICB9XG5cbiAgLyoqIERlbGV0ZSB0aGUgcm9sZS4gKi9cbiAgYXN5bmMgZGVsZXRlKCk6IFByb21pc2U8dm9pZD4ge1xuICAgIGF3YWl0IHRoaXMuI2NzYy5yb2xlRGVsZXRlKHRoaXMuaWQpO1xuICB9XG5cbiAgLyoqIElzIHRoZSByb2xlIGVuYWJsZWQ/ICovXG4gIGFzeW5jIGVuYWJsZWQoKTogUHJvbWlzZTxib29sZWFuPiB7XG4gICAgY29uc3QgZGF0YSA9IGF3YWl0IHRoaXMuZmV0Y2goKTtcbiAgICByZXR1cm4gZGF0YS5lbmFibGVkO1xuICB9XG5cbiAgLyoqIEVuYWJsZSB0aGUgcm9sZS4gKi9cbiAgYXN5bmMgZW5hYmxlKCkge1xuICAgIGF3YWl0IHRoaXMudXBkYXRlKHsgZW5hYmxlZDogdHJ1ZSB9KTtcbiAgfVxuXG4gIC8qKiBEaXNhYmxlIHRoZSByb2xlLiAqL1xuICBhc3luYyBkaXNhYmxlKCkge1xuICAgIGF3YWl0IHRoaXMudXBkYXRlKHsgZW5hYmxlZDogZmFsc2UgfSk7XG4gIH1cblxuICAvKipcbiAgICogU2V0IG5ldyBwb2xpY3kgKG92ZXJ3cml0aW5nIGFueSBwb2xpY2llcyBwcmV2aW91c2x5IHNldCBmb3IgdGhpcyByb2xlKVxuICAgKiBAcGFyYW0ge1JvbGVQb2xpY3l9IHBvbGljeSBUaGUgbmV3IHBvbGljeSB0byBzZXRcbiAgICovXG4gIGFzeW5jIHNldFBvbGljeShwb2xpY3k6IFJvbGVQb2xpY3kpIHtcbiAgICBhd2FpdCB0aGlzLnVwZGF0ZSh7IHBvbGljeTogcG9saWN5IGFzIHVua25vd24gYXMgUmVjb3JkPHN0cmluZywgbmV2ZXI+W10gfSk7XG4gIH1cblxuICAvKipcbiAgICogQXBwZW5kIHRvIGV4aXN0aW5nIHJvbGUgcG9saWN5LiBUaGlzIGFwcGVuZCBpcyBub3QgYXRvbWljLS0taXQgdXNlc1xuICAgKiB7QGxpbmsgcG9saWN5fSB0byBmZXRjaCB0aGUgY3VycmVudCBwb2xpY3kgYW5kIHRoZW4ge0BsaW5rIHNldFBvbGljeX1cbiAgICogdG8gc2V0IHRoZSBwb2xpY3ktLS1hbmQgc2hvdWxkIG5vdCBiZSB1c2VkIGluIGFjcm9zcyBjb25jdXJyZW50IHNlc3Npb25zLlxuICAgKlxuICAgKiBAcGFyYW0ge1JvbGVQb2xpY3l9IHBvbGljeSBUaGUgcG9saWN5IHRvIGFwcGVuZCB0byB0aGUgZXhpc3Rpbmcgb25lLlxuICAgKi9cbiAgYXN5bmMgYXBwZW5kUG9saWN5KHBvbGljeTogUm9sZVBvbGljeSkge1xuICAgIGNvbnN0IGV4aXN0aW5nID0gYXdhaXQgdGhpcy5wb2xpY3koKTtcbiAgICBhd2FpdCB0aGlzLnNldFBvbGljeShbLi4uZXhpc3RpbmcsIC4uLnBvbGljeV0pO1xuICB9XG5cbiAgLyoqXG4gICAqIEdldCB0aGUgcG9saWN5IGZvciB0aGUgcm9sZS5cbiAgICogQHJldHVybiB7UHJvbWlzZTxSb2xlUG9saWN5Pn0gVGhlIHBvbGljeSBmb3IgdGhlIHJvbGUuXG4gICAqL1xuICBhc3luYyBwb2xpY3koKTogUHJvbWlzZTxSb2xlUG9saWN5PiB7XG4gICAgY29uc3QgZGF0YSA9IGF3YWl0IHRoaXMuZmV0Y2goKTtcbiAgICByZXR1cm4gKGRhdGEucG9saWN5ID8/IFtdKSBhcyB1bmtub3duIGFzIFJvbGVQb2xpY3k7XG4gIH1cblxuICAvKipcbiAgICogVGhlIGxpc3Qgb2YgYWxsIHVzZXJzIHdpdGggYWNjZXNzIHRvIHRoZSByb2xlLlxuICAgKiBAZXhhbXBsZSBbXG4gICAqICAgXCJVc2VyI2MzYjkzNzljLTRlOGMtNDIxNi1iZDBhLTY1YWNlNTNjZjk4ZlwiLFxuICAgKiAgIFwiVXNlciM1NTkzYzI1Yi01MmUyLTRmYjUtYjM5Yi05NmQ0MWQ2ODFkODJcIlxuICAgKiBdXG4gICAqXG4gICAqIEBwYXJhbSB7UGFnZU9wdHN9IHBhZ2UgT3B0aW9uYWwgcGFnaW5hdGlvbiBvcHRpb25zOyBieSBkZWZhdWx0LCByZXRyaWV2ZXMgYWxsIHVzZXJzLlxuICAgKi9cbiAgYXN5bmMgdXNlcnMocGFnZT86IFBhZ2VPcHRzKTogUHJvbWlzZTxzdHJpbmdbXT4ge1xuICAgIGNvbnN0IHVzZXJzID0gYXdhaXQgdGhpcy4jY3NjLnJvbGVVc2Vyc0xpc3QodGhpcy5pZCwgcGFnZSkuZmV0Y2goKTtcbiAgICByZXR1cm4gKHVzZXJzIHx8IFtdKS5tYXAoKHUpID0+IHUudXNlcl9pZCk7XG4gIH1cblxuICAvKipcbiAgICogQWRkIGFuIGV4aXN0aW5nIHVzZXIgdG8gYW4gZXhpc3Rpbmcgcm9sZS5cbiAgICpcbiAgICogQHBhcmFtIHtzdHJpbmd9IHVzZXJJZCBUaGUgdXNlci1pZCBvZiB0aGUgdXNlciB0byBhZGQgdG8gdGhlIHJvbGUuXG4gICAqL1xuICBhc3luYyBhZGRVc2VyKHVzZXJJZDogc3RyaW5nKSB7XG4gICAgYXdhaXQgdGhpcy4jY3NjLnJvbGVVc2VyQWRkKHRoaXMuaWQsIHVzZXJJZCk7XG4gIH1cblxuICAvKipcbiAgICogVGhlIGxpc3Qgb2Yga2V5cyBpbiB0aGUgcm9sZS5cbiAgICogQGV4YW1wbGUgW1xuICAgKiAgICB7XG4gICAqICAgICBpZDogXCJLZXkjYmZlM2VjY2ItNzMxZS00MzBkLWIxZTUtYWMxMzYzZTZiMDZiXCIsXG4gICAqICAgICBwb2xpY3k6IHsgVHhSZWNlaXZlcjogXCIweDhjNTk0NjkxYzBlNTkyZmZhMjFmMTUzYTE2YWU0MWRiNWJlZmNhYWFcIiB9XG4gICAqICAgIH0sXG4gICAqICBdXG4gICAqXG4gICAqIEBwYXJhbSB7UGFnZU9wdHN9IHBhZ2UgT3B0aW9uYWwgcGFnaW5hdGlvbiBvcHRpb25zOyBieSBkZWZhdWx0LCByZXRyaWV2ZXMgYWxsIGtleXMgaW4gdGhpcyByb2xlLlxuICAgKi9cbiAgYXN5bmMga2V5cyhwYWdlPzogUGFnZU9wdHMpOiBQcm9taXNlPEtleVdpdGhQb2xpY2llc1tdPiB7XG4gICAgY29uc3Qga2V5c0luUm9sZSA9IGF3YWl0IHRoaXMuI2NzYy5yb2xlS2V5c0xpc3QodGhpcy5pZCwgcGFnZSkuZmV0Y2goKTtcbiAgICByZXR1cm4ga2V5c0luUm9sZS5tYXAoKGspID0+IG5ldyBLZXlXaXRoUG9saWNpZXModGhpcy4jY3NjLCBrKSk7XG4gIH1cblxuICAvKipcbiAgICogQWRkIGEgbGlzdCBvZiBleGlzdGluZyBrZXlzIHRvIGFuIGV4aXN0aW5nIHJvbGUuXG4gICAqXG4gICAqIEBwYXJhbSB7S2V5W119IGtleXMgVGhlIGxpc3Qgb2Yga2V5cyB0byBhZGQgdG8gdGhlIHJvbGUuXG4gICAqIEBwYXJhbSB7S2V5UG9saWN5P30gcG9saWN5IFRoZSBvcHRpb25hbCBwb2xpY3kgdG8gYXBwbHkgdG8gZWFjaCBrZXkuXG4gICAqL1xuICBhc3luYyBhZGRLZXlzKGtleXM6IEtleVtdLCBwb2xpY3k/OiBLZXlQb2xpY3kpIHtcbiAgICBhd2FpdCB0aGlzLiNjc2Mucm9sZUtleXNBZGQoXG4gICAgICB0aGlzLmlkLFxuICAgICAga2V5cy5tYXAoKGspID0+IGsuaWQpLFxuICAgICAgcG9saWN5LFxuICAgICk7XG4gIH1cblxuICAvKipcbiAgICogQWRkIGFuIGV4aXN0aW5nIGtleSB0byBhbiBleGlzdGluZyByb2xlLlxuICAgKlxuICAgKiBAcGFyYW0ge0tleX0ga2V5IFRoZSBrZXkgdG8gYWRkIHRvIHRoZSByb2xlLlxuICAgKiBAcGFyYW0ge0tleVBvbGljeT99IHBvbGljeSBUaGUgb3B0aW9uYWwgcG9saWN5IHRvIGFwcGx5IHRvIHRoZSBrZXkuXG4gICAqL1xuICBhc3luYyBhZGRLZXkoa2V5OiBLZXksIHBvbGljeT86IEtleVBvbGljeSkge1xuICAgIGF3YWl0IHRoaXMuYWRkS2V5cyhba2V5XSwgcG9saWN5KTtcbiAgfVxuXG4gIC8qKlxuICAgKiBSZW1vdmUgYW4gZXhpc3Rpbmcga2V5IGZyb20gYW4gZXhpc3Rpbmcgcm9sZS5cbiAgICpcbiAgICogQHBhcmFtIHtLZXl9IGtleSBUaGUga2V5IHRvIHJlbW92ZSBmcm9tIHRoZSByb2xlLlxuICAgKi9cbiAgYXN5bmMgcmVtb3ZlS2V5KGtleTogS2V5KSB7XG4gICAgYXdhaXQgdGhpcy4jY3NjLnJvbGVLZXlzUmVtb3ZlKHRoaXMuaWQsIGtleS5pZCk7XG4gIH1cblxuICAvKipcbiAgICogQ3JlYXRlIGEgbmV3IHNlc3Npb24gZm9yIHRoaXMgcm9sZS5cbiAgICogQHBhcmFtIHtTaWduZXJTZXNzaW9uU3RvcmFnZX0gc3RvcmFnZSBUaGUgc2Vzc2lvbiBzdG9yYWdlIHRvIHVzZVxuICAgKiBAcGFyYW0ge3N0cmluZ30gcHVycG9zZSBEZXNjcmlwdGl2ZSBwdXJwb3NlLlxuICAgKiBAcGFyYW0ge1NpZ25lclNlc3Npb25MaWZldGltZX0gbGlmZXRpbWVzIE9wdGlvbmFsIHNlc3Npb24gbGlmZXRpbWVzLlxuICAgKiBAcGFyYW0ge3N0cmluZ1tdfSBzY29wZXMgU2Vzc2lvbiBzY29wZXMuIE9ubHkgYHNpZ246KmAgc2NvcGVzIGFyZSBhbGxvd2VkLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPFNpZ25lclNlc3Npb24+fSBOZXcgc2lnbmVyIHNlc3Npb24uXG4gICAqL1xuICBhc3luYyBjcmVhdGVTZXNzaW9uKFxuICAgIHN0b3JhZ2U6IFNpZ25lclNlc3Npb25TdG9yYWdlLFxuICAgIHB1cnBvc2U6IHN0cmluZyxcbiAgICBsaWZldGltZXM/OiBTaWduZXJTZXNzaW9uTGlmZXRpbWUsXG4gICAgc2NvcGVzPzogc3RyaW5nW10sXG4gICk6IFByb21pc2U8U2lnbmVyU2Vzc2lvbj4ge1xuICAgIGNvbnN0IHNlc3Npb25EYXRhID0gYXdhaXQgdGhpcy4jY3NjLnNlc3Npb25DcmVhdGVGb3JSb2xlKHRoaXMuaWQsIHB1cnBvc2UsIHNjb3BlcywgbGlmZXRpbWVzKTtcbiAgICBhd2FpdCBzdG9yYWdlLnNhdmUoc2Vzc2lvbkRhdGEpO1xuICAgIGNvbnN0IG1hbmFnZXIgPSBhd2FpdCBTaWduZXJTZXNzaW9uTWFuYWdlci5sb2FkRnJvbVN0b3JhZ2Uoc3RvcmFnZSk7XG4gICAgcmV0dXJuIG5ldyBTaWduZXJTZXNzaW9uKG1hbmFnZXIpO1xuICB9XG5cbiAgLyoqXG4gICAqIExpc3QgYWxsIHNpZ25lciBzZXNzaW9ucyBmb3IgdGhpcyByb2xlLiBSZXR1cm5lZCBvYmplY3RzIGNhbiBiZSB1c2VkIHRvXG4gICAqIHJldm9rZSBpbmRpdmlkdWFsIHNlc3Npb25zLCBidXQgdGhleSBjYW5ub3QgYmUgdXNlZCBmb3IgYXV0aGVudGljYXRpb24uXG4gICAqXG4gICAqIEBwYXJhbSB7UGFnZU9wdHN9IHBhZ2UgT3B0aW9uYWwgcGFnaW5hdGlvbiBvcHRpb25zOyBieSBkZWZhdWx0LCByZXRyaWV2ZXMgYWxsIHNlc3Npb25zLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPFNpZ25lclNlc3Npb25JbmZvW10+fSBTaWduZXIgc2Vzc2lvbnMgZm9yIHRoaXMgcm9sZS5cbiAgICovXG4gIGFzeW5jIHNlc3Npb25zKHBhZ2U/OiBQYWdlT3B0cyk6IFByb21pc2U8U2lnbmVyU2Vzc2lvbkluZm9bXT4ge1xuICAgIGNvbnN0IHNlc3Npb25zID0gYXdhaXQgdGhpcy4jY3NjLnNlc3Npb25zTGlzdCh0aGlzLmlkLCBwYWdlKS5mZXRjaCgpO1xuICAgIHJldHVybiBzZXNzaW9ucy5tYXAoKHQpID0+IG5ldyBTaWduZXJTZXNzaW9uSW5mbyh0aGlzLiNjc2MsIHQuc2Vzc2lvbl9pZCwgdC5wdXJwb3NlKSk7XG4gIH1cblxuICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAvLyAtLSBJTlRFUk5BTCAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuXG4gIC8qKlxuICAgKiBDb25zdHJ1Y3Rvci5cbiAgICogQHBhcmFtIHtDdWJlU2lnbmVyQ2xpZW50fSBjc2MgVGhlIEN1YmVTaWduZXIgaW5zdGFuY2UgdG8gdXNlIGZvciBzaWduaW5nLlxuICAgKiBAcGFyYW0ge1JvbGVJbmZvfSBkYXRhIFRoZSBKU09OIHJlc3BvbnNlIGZyb20gdGhlIEFQSSBzZXJ2ZXIuXG4gICAqIEBpbnRlcm5hbFxuICAgKi9cbiAgY29uc3RydWN0b3IoY3NjOiBDdWJlU2lnbmVyQ2xpZW50LCBkYXRhOiBSb2xlSW5mbykge1xuICAgIHRoaXMuI2NzYyA9IGNzYztcbiAgICB0aGlzLiNkYXRhID0gZGF0YTtcbiAgfVxuXG4gIC8qKlxuICAgKiBVcGRhdGUgdGhlIHJvbGUuXG4gICAqXG4gICAqIEBwYXJhbSB7VXBkYXRlUm9sZVJlcXVlc3R9IHJlcXVlc3QgVGhlIEpTT04gcmVxdWVzdCB0byBzZW5kIHRvIHRoZSBBUEkgc2VydmVyLlxuICAgKiBAcmV0dXJuIHtQcm9taXNlPFJvbGVJbmZvPn0gVGhlIHVwZGF0ZWQgcm9sZSBpbmZvcm1hdGlvbi5cbiAgICovXG4gIHByaXZhdGUgYXN5bmMgdXBkYXRlKHJlcXVlc3Q6IFVwZGF0ZVJvbGVSZXF1ZXN0KTogUHJvbWlzZTxSb2xlSW5mbz4ge1xuICAgIHRoaXMuI2RhdGEgPSBhd2FpdCB0aGlzLiNjc2Mucm9sZVVwZGF0ZSh0aGlzLmlkLCByZXF1ZXN0KTtcbiAgICByZXR1cm4gdGhpcy4jZGF0YTtcbiAgfVxuXG4gIC8qKlxuICAgKiBGZXRjaGVzIHRoZSByb2xlIGluZm9ybWF0aW9uLlxuICAgKlxuICAgKiBAcmV0dXJuIHtSb2xlSW5mb30gVGhlIHJvbGUgaW5mb3JtYXRpb24uXG4gICAqIEBpbnRlcm5hbFxuICAgKi9cbiAgcHJpdmF0ZSBhc3luYyBmZXRjaCgpOiBQcm9taXNlPFJvbGVJbmZvPiB7XG4gICAgdGhpcy4jZGF0YSA9IGF3YWl0IHRoaXMuI2NzYy5yb2xlR2V0KHRoaXMuaWQpO1xuICAgIHJldHVybiB0aGlzLiNkYXRhO1xuICB9XG59XG4iXX0=