@lifeready/core 0.6.0-beta.1

package/esm2015/lib/auth/life-ready-auth.service.js

@@ -0,0 +1,333 @@
+import { __awaiter } from "tslib";
+import { Inject, Injectable, isDevMode } from '@angular/core';
+import { Hub } from '@aws-amplify/core';
+import { ReplaySubject } from 'rxjs';
+import { KeyGraphService } from '../cryptography/key-graph.service';
+import { KeyService } from '../cryptography/key.service';
+import { ProfileService } from '../users/profile.service';
+import { PasswordChangeStatus } from '../users/profile.types';
+import { LrConcurrentAccessException, LrBadRequestException, } from '../_common/exceptions';
+import { RecoveryStatus, } from './auth.types';
+import { PasswordService } from './password.service';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import { TpPasswordResetUserQuery } from '../trusted-parties/tp-password-reset.gql';
+import { IdleService } from './idle.service';
+import { KeyFactoryService } from '../cryptography/key-factory.service';
+import { LrGraphQLService, LrMutation } from '../api/lr-graphql';
+import { TpPasswordResetProcessorService } from '../api/query-processor/tp-password-reset-processor.service';
+import { SetSessionEncryptionKeyMutation } from './auth.gql';
+import { PersistService } from '../api/persist.service';
+import { JWK } from 'node-jose';
+import { LR_CONFIG } from '../life-ready.config';
+import * as i0 from "@angular/core";
+import * as i1 from "../life-ready.config";
+import * as i2 from "@aws-amplify/auth/lib-esm/Auth";
+import * as i3 from "../cryptography/key-factory.service";
+import * as i4 from "../cryptography/key.service";
+import * as i5 from "../users/profile.service";
+import * as i6 from "../cryptography/key-graph.service";
+import * as i7 from "./password.service";
+import * as i8 from "./idle.service";
+import * as i9 from "../api/lr-graphql/lr-graphql.service";
+import * as i10 from "../api/query-processor/tp-password-reset-processor.service";
+import * as i11 from "../api/persist.service";
+export const initialiseAuth = (authService) => {
+    return () => authService.initialise();
+};
+export class LifeReadyAuthService {
+    constructor(config, auth, keyFactory, keyService, profileService, keyGraphService, passwordService, idleService, lrGraphQL, tpPasswordResetProcessorService, persistService) {
+        this.config = config;
+        this.auth = auth;
+        this.keyFactory = keyFactory;
+        this.keyService = keyService;
+        this.profileService = profileService;
+        this.keyGraphService = keyGraphService;
+        this.passwordService = passwordService;
+        this.idleService = idleService;
+        this.lrGraphQL = lrGraphQL;
+        this.tpPasswordResetProcessorService = tpPasswordResetProcessorService;
+        this.persistService = persistService;
+        this.hubSubject = new ReplaySubject(1);
+    }
+    initialise() {
+        return __awaiter(this, void 0, void 0, function* () {
+            Hub.listen('auth', (data) => this.hubSubject.next(data.payload));
+        });
+    }
+    loginIdpImpl(emailOrPhone, password, passIdpParams, recoveryStatus) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const passIdpResult = yield this.keyFactory.derivePassIdp(Object.assign({ password }, passIdpParams));
+            // Use the derived password to signin with cognito
+            const user = yield this.auth.signIn(emailOrPhone, this.passwordService.getPassIdpString(passIdpResult.jwk));
+            user.recoveryStatus = recoveryStatus;
+            return user;
+        });
+    }
+    loginIdp(emailOrPhone, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Download the salt needed to derive the PassIdp
+            const passIdpApiResult = yield this.profileService.getPassIdpParams(emailOrPhone);
+            if (passIdpApiResult.passwordChangeStatus === PasswordChangeStatus.InProgress) {
+                throw new LrConcurrentAccessException('A password change is in progress');
+            }
+            if (passIdpApiResult.passwordChangeStatus === PasswordChangeStatus.Recovery) {
+                console.log('In recovery mode.');
+                // Let's say we don't know if the password is the new one or the old one. We just have to try both.
+                try {
+                    const user = yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.newPassIdpParams, RecoveryStatus.NEW_PASSWORD);
+                    // New password worked. Let's set to the current password
+                    // --Potential Failure Point 1--
+                    // if changePasswordComplete() doesn't get called, then it should remain
+                    console.log('New password works!');
+                    return user;
+                }
+                catch (error) {
+                    // Just bubble up any other type of error.
+                    if (error.code !== 'NotAuthorizedException') {
+                        throw error;
+                    }
+                    // pass, try again assuming it's the old password
+                }
+                // Now assume it's the previous password. Any exception is allowed to bubble up.
+                try {
+                    const user = yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.currentPassIdpParams, RecoveryStatus.OLD_PASSWORD);
+                    // Old password worked.
+                    console.log('Old password works!');
+                    return user;
+                }
+                catch (error) {
+                    // Just bubble up any other type of error.
+                    throw error.code === 'NotAuthorizedException'
+                        ? new LrBadRequestException('The password change request was interrupted, please try to login with both your new and old password')
+                        : error;
+                }
+            }
+            // Try against as the TP password reset account
+            if (passIdpApiResult.tpPasswordReset) {
+                try {
+                    // TP password reset is in process. We need to try the password against both
+                    // original account and the new reset account.
+                    const reset = passIdpApiResult.tpPasswordReset;
+                    const ret = yield this.loginIdpImpl(reset.resetUsername, password, reset.passIdpParams, RecoveryStatus.NONE);
+                    ret.isTpPasswordResetUser = true;
+                    return ret;
+                }
+                catch (err) {
+                    // continue, try again as regular user.
+                }
+            }
+            // Login as regular user
+            return yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.currentPassIdpParams, RecoveryStatus.NONE);
+        });
+    }
+    handleSessionEncryptionKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.config.disableSessionEncryptionKey) {
+                if (!isDevMode()) {
+                    const msg = 'You should not set disableSessionEncryptionKey=True in mode prod. It defaults to false.';
+                    console.error(msg);
+                    throw new Error(msg);
+                }
+                else {
+                    console.warn('You have set disableSessionEncryptionKey=True. Make sure not to do this in prod mode.');
+                }
+            }
+            else {
+                // Set the session key to a new encryption key for this session
+                const sessionEncryptionKey = yield this.keyFactory.createKey();
+                yield this.lrGraphQL.lrMutate(new LrMutation({
+                    mutation: SetSessionEncryptionKeyMutation,
+                    variables: {
+                        input: {
+                            sessionEncryptionKey: JSON.stringify(sessionEncryptionKey.toJSON(true)),
+                        },
+                    },
+                }), {
+                    includeKeyGraph: false,
+                });
+                this.persistService.setServerSessionEncryptionKey(sessionEncryptionKey);
+            }
+        });
+    }
+    handlePostAuth(cognitoUser) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.handlePasswordRecovery(cognitoUser);
+            yield this.handleSessionEncryptionKey();
+        });
+    }
+    login(emailOrPhone, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cognitoUser = yield this.loginIdp(emailOrPhone, password);
+            // todo: Meet MFA challenges.
+            if (['SMS_MFA', 'SOFTWARE_TOKEN_MFA'].includes(cognitoUser.challengeName)) {
+                return { hasChallenge: true, challenge: cognitoUser };
+            }
+            yield this.handlePostAuth(cognitoUser);
+            if (cognitoUser.isTpPasswordResetUser) {
+                // Assuming there is no MFA on the TP reset user.
+                const resetUser = yield this.loadResetUser(password);
+                return { hasChallenge: false, resetUser };
+            }
+            else {
+                const user = yield this.loadUser(cognitoUser, password);
+                yield this.idleService.start(); // Run idleService whenever user is logged in.
+                return { hasChallenge: false, user };
+            }
+        });
+    }
+    // TODO <AZ> We need to handle the isTpPasswordResetUser=True case here after MFA as well.
+    verifyLogin(challenge, password, rememberMe, code) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.auth.confirmSignIn(challenge, code, challenge.challengeName);
+            // TODO: this.auth.confirmSignIn() could return another challenge.
+            const cognitoUser = yield this.auth.currentAuthenticatedUser();
+            yield this.handlePostAuth(challenge);
+            const user = yield this.loadUser(cognitoUser, password);
+            if (rememberMe) {
+                cognitoUser.setDeviceStatusRemembered({
+                    onSuccess: () => { },
+                    onFailure: (e) => console.error(e),
+                });
+            }
+            return user;
+        });
+    }
+    handlePasswordRecovery(user) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (user.recoveryStatus !== RecoveryStatus.NONE) {
+                const jwtToken = user
+                    .getSignInUserSession()
+                    .getAccessToken()
+                    .getJwtToken();
+                yield this.passwordService.changePasswordComplete(jwtToken, user.recoveryStatus === RecoveryStatus.NEW_PASSWORD);
+            }
+        });
+    }
+    getUser(reload = false) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!reload && this.currentUser) {
+                return this.currentUser;
+            }
+            this.currentUser = yield this.loadUser(yield this.auth.currentAuthenticatedUser());
+            console.log('Starting idle service.');
+            yield this.idleService.start(); // Run idleService whenever user is logged in.
+            return this.currentUser;
+        });
+    }
+    mapTPVaultAccess(features) {
+        const tpVaultFeature = features === null || features === void 0 ? void 0 : features.tpVault;
+        return ((tpVaultFeature === null || tpVaultFeature === void 0 ? void 0 : tpVaultFeature.length) > 0 &&
+            tpVaultFeature.some((feature) => feature.toUpperCase() === 'ACCESS'));
+    }
+    loadUser(cognitoUser, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { currentUser, contactCard, userPlans, } = yield this.profileService.getCurrentUser();
+            if (currentUser.sessionEncryptionKey) {
+                this.persistService.setServerSessionEncryptionKey(yield JWK.asKey(currentUser.sessionEncryptionKey));
+            }
+            const userAttributes = yield this.auth.userAttributes(cognitoUser);
+            if (password) {
+                const passKey = (yield this.keyFactory.derivePassKey(Object.assign({ password }, currentUser.currentUserKey.passKey.passKeyParams))).jwk;
+                yield this.idleService.persistMasterKey(yield this.keyGraphService.unwrapWithPassKey(currentUser.currentUserKey.passKey.id, passKey, currentUser.currentUserKey.masterKey.id));
+            }
+            yield this.keyGraphService.populateKeys(currentUser.currentUserKey);
+            return {
+                id: currentUser.id,
+                sub: this.getUserAttribute('sub', userAttributes),
+                username: currentUser.username,
+                currentUserKey: currentUser.currentUserKey,
+                getAccessJwtToken: () => cognitoUser.getSignInUserSession().getAccessToken().getJwtToken(),
+                email: this.getUserAttribute('email', userAttributes),
+                emailVerified: this.getUserAttribute('email_verified', userAttributes) === 'true',
+                phone: this.getUserAttribute('phone_number', userAttributes),
+                phoneVerified: this.getUserAttribute('phone_number_verified', userAttributes) ===
+                    'true',
+                contactCard: Object.assign({}, (yield this.profileService.decryptContactCard(contactCard))),
+                userDelete: currentUser.userDelete,
+                userPlans,
+                hasTPVaultAccess: this.mapTPVaultAccess(currentUser.features),
+                features: currentUser.features,
+                sessionEncryptionKey: currentUser.sessionEncryptionKey,
+            };
+        });
+    }
+    watchAuth() {
+        return this.hubSubject;
+    }
+    logout() {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.currentUser = null;
+            this.keyService.purgeKeys();
+            this.keyGraphService.purgeKeys();
+            yield Promise.all([this.auth.signOut(), this.profileService.signOut()]);
+        });
+    }
+    getUserAttribute(attributeName, userAttributes) {
+        const userAttribute = userAttributes.find((x) => x.getName() === attributeName);
+        return userAttribute ? userAttribute.getValue() : null;
+    }
+    loadResetUser(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { tpPasswordResetUser: resetUser } = yield this.lrGraphQL.query({
+                query: TpPasswordResetUserQuery,
+            });
+            if (resetUser.sessionEncryptionKey) {
+                this.persistService.setServerSessionEncryptionKey(yield JWK.asKey(resetUser.sessionEncryptionKey));
+            }
+            // Update the keys
+            if (password) {
+                const passKey = (yield this.keyFactory.derivePassKey(Object.assign({ password }, resetUser.passKey.passKeyParams))).jwk;
+                yield this.idleService.persistMasterKey(yield this.keyGraphService.unwrapWithPassKey(resetUser.passKey.id, passKey, resetUser.masterKey.id));
+            }
+            this.keyService.populateKeys({
+                passKey: {
+                    id: resetUser.passKey.id,
+                },
+                masterKey: {
+                    id: resetUser.masterKey.id,
+                },
+            });
+            const userAttributes = yield this.auth.userAttributes(yield this.auth.currentAuthenticatedUser());
+            const sub = this.getUserAttribute('sub', userAttributes);
+            return Object.assign(Object.assign({}, (yield this.tpPasswordResetProcessorService.processTpPasswordResetUserNode(resetUser))), { sub });
+        });
+    }
+    refreshAccessToken() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cognitoUser = yield this.auth.currentAuthenticatedUser();
+            const refreshToken = cognitoUser.getSignInUserSession().getRefreshToken();
+            return new Promise((resolve, reject) => {
+                cognitoUser.refreshSession(refreshToken, (err, data) => {
+                    if (err) {
+                        console.error('Error refreshing token: ', err);
+                        reject(err);
+                    }
+                    else {
+                        console.log('Token refresh complete: ', data);
+                        resolve(0);
+                    }
+                });
+            });
+        });
+    }
+}
+LifeReadyAuthService.ɵprov = i0.ɵɵdefineInjectable({ factory: function LifeReadyAuthService_Factory() { return new LifeReadyAuthService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.AuthClass), i0.ɵɵinject(i3.KeyFactoryService), i0.ɵɵinject(i4.KeyService), i0.ɵɵinject(i5.ProfileService), i0.ɵɵinject(i6.KeyGraphService), i0.ɵɵinject(i7.PasswordService), i0.ɵɵinject(i8.IdleService), i0.ɵɵinject(i9.LrGraphQLService), i0.ɵɵinject(i10.TpPasswordResetProcessorService), i0.ɵɵinject(i11.PersistService)); }, token: LifeReadyAuthService, providedIn: "root" });
+LifeReadyAuthService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+LifeReadyAuthService.ctorParameters = () => [
+    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
+    { type: AuthClass },
+    { type: KeyFactoryService },
+    { type: KeyService },
+    { type: ProfileService },
+    { type: KeyGraphService },
+    { type: PasswordService },
+    { type: IdleService },
+    { type: LrGraphQLService },
+    { type: TpPasswordResetProcessorService },
+    { type: PersistService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGlmZS1yZWFkeS1hdXRoLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiQzovUHJvamVjdHMvdGVzdC9wcm9qZWN0cy9jb3JlL3NyYy8iLCJzb3VyY2VzIjpbImxpYi9hdXRoL2xpZmUtcmVhZHktYXV0aC5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxPQUFPLEVBQUUsTUFBTSxFQUFFLFVBQVUsRUFBRSxTQUFTLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFFOUQsT0FBTyxFQUFFLEdBQUcsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBRXhDLE9BQU8sRUFBYyxhQUFhLEVBQUUsTUFBTSxNQUFNLENBQUM7QUFFakQsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLG1DQUFtQyxDQUFDO0FBQ3BFLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSw2QkFBNkIsQ0FBQztBQUN6RCxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDMUQsT0FBTyxFQUFFLG9CQUFvQixFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDOUQsT0FBTyxFQUNMLDJCQUEyQixFQUMzQixxQkFBcUIsR0FDdEIsTUFBTSx1QkFBdUIsQ0FBQztBQUMvQixPQUFPLEVBS0wsY0FBYyxHQUNmLE1BQU0sY0FBYyxDQUFDO0FBQ3RCLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUNyRCxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDM0QsT0FBTyxFQUFFLHdCQUF3QixFQUFFLE1BQU0sMENBQTBDLENBQUM7QUFDcEYsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBQzdDLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLHFDQUFxQyxDQUFDO0FBQ3hFLE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxVQUFVLEVBQUUsTUFBTSxtQkFBbUIsQ0FBQztBQUVqRSxPQUFPLEVBQUUsK0JBQStCLEVBQUUsTUFBTSw0REFBNEQsQ0FBQztBQUM3RyxPQUFPLEVBQUUsK0JBQStCLEVBQUUsTUFBTSxZQUFZLENBQUM7QUFDN0QsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLHdCQUF3QixDQUFDO0FBQ3hELE9BQU8sRUFBRSxHQUFHLEVBQUUsTUFBTSxXQUFXLENBQUM7QUFDaEMsT0FBTyxFQUFtQixTQUFTLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQzs7Ozs7Ozs7Ozs7OztBQUVsRSxNQUFNLENBQUMsTUFBTSxjQUFjLEdBQUcsQ0FBQyxXQUFpQyxFQUFFLEVBQUU7SUFDbEUsT0FBTyxHQUFHLEVBQUUsQ0FBQyxXQUFXLENBQUMsVUFBVSxFQUFFLENBQUM7QUFDeEMsQ0FBQyxDQUFDO0FBS0YsTUFBTSxPQUFPLG9CQUFvQjtJQUkvQixZQUM2QixNQUF1QixFQUMxQyxJQUFlLEVBQ2YsVUFBNkIsRUFDN0IsVUFBc0IsRUFDdEIsY0FBOEIsRUFDOUIsZUFBZ0MsRUFDaEMsZUFBZ0MsRUFDaEMsV0FBd0IsRUFDeEIsU0FBMkIsRUFDM0IsK0JBQWdFLEVBQ2hFLGNBQThCO1FBVlgsV0FBTSxHQUFOLE1BQU0sQ0FBaUI7UUFDMUMsU0FBSSxHQUFKLElBQUksQ0FBVztRQUNmLGVBQVUsR0FBVixVQUFVLENBQW1CO1FBQzdCLGVBQVUsR0FBVixVQUFVLENBQVk7UUFDdEIsbUJBQWMsR0FBZCxjQUFjLENBQWdCO1FBQzlCLG9CQUFlLEdBQWYsZUFBZSxDQUFpQjtRQUNoQyxvQkFBZSxHQUFmLGVBQWUsQ0FBaUI7UUFDaEMsZ0JBQVcsR0FBWCxXQUFXLENBQWE7UUFDeEIsY0FBUyxHQUFULFNBQVMsQ0FBa0I7UUFDM0Isb0NBQStCLEdBQS9CLCtCQUErQixDQUFpQztRQUNoRSxtQkFBYyxHQUFkLGNBQWMsQ0FBZ0I7UUFkaEMsZUFBVSxHQUF1QixJQUFJLGFBQWEsQ0FBTSxDQUFDLENBQUMsQ0FBQztJQWVoRSxDQUFDO0lBRVMsVUFBVTs7WUFDckIsR0FBRyxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDO1FBQ25FLENBQUM7S0FBQTtJQUVhLFlBQVksQ0FDeEIsWUFBb0IsRUFDcEIsUUFBZ0IsRUFDaEIsYUFBNEIsRUFDNUIsY0FBOEI7O1lBRTlCLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLGlCQUN2RCxRQUFRLElBQ0wsYUFBYSxFQUNoQixDQUFDO1lBQ0gsa0RBQWtEO1lBQ2xELE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQ2pDLFlBQVksRUFDWixJQUFJLENBQUMsZUFBZSxDQUFDLGdCQUFnQixDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsQ0FDekQsQ0FBQztZQUVGLElBQUksQ0FBQyxjQUFjLEdBQUcsY0FBYyxDQUFDO1lBRXJDLE9BQU8sSUFBSSxDQUFDO1FBQ2QsQ0FBQztLQUFBO0lBRWEsUUFBUSxDQUNwQixZQUFvQixFQUNwQixRQUFnQjs7WUFFaEIsaURBQWlEO1lBQ2pELE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLGdCQUFnQixDQUNqRSxZQUFZLENBQ2IsQ0FBQztZQUVGLElBQ0UsZ0JBQWdCLENBQUMsb0JBQW9CLEtBQUssb0JBQW9CLENBQUMsVUFBVSxFQUN6RTtnQkFDQSxNQUFNLElBQUksMkJBQTJCLENBQUMsa0NBQWtDLENBQUMsQ0FBQzthQUMzRTtZQUVELElBQ0UsZ0JBQWdCLENBQUMsb0JBQW9CLEtBQUssb0JBQW9CLENBQUMsUUFBUSxFQUN2RTtnQkFDQSxPQUFPLENBQUMsR0FBRyxDQUFDLG1CQUFtQixDQUFDLENBQUM7Z0JBQ2pDLG1HQUFtRztnQkFDbkcsSUFBSTtvQkFDRixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQ2xDLFlBQVksRUFDWixRQUFRLEVBQ1IsZ0JBQWdCLENBQUMsZ0JBQWdCLEVBQ2pDLGNBQWMsQ0FBQyxZQUFZLENBQzVCLENBQUM7b0JBQ0YseURBQXlEO29CQUV6RCxnQ0FBZ0M7b0JBQ2hDLHdFQUF3RTtvQkFFeEUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO29CQUVuQyxPQUFPLElBQUksQ0FBQztpQkFDYjtnQkFBQyxPQUFPLEtBQUssRUFBRTtvQkFDZCwwQ0FBMEM7b0JBQzFDLElBQUksS0FBSyxDQUFDLElBQUksS0FBSyx3QkFBd0IsRUFBRTt3QkFDM0MsTUFBTSxLQUFLLENBQUM7cUJBQ2I7b0JBQ0QsaURBQWlEO2lCQUNsRDtnQkFFRCxnRkFBZ0Y7Z0JBQ2hGLElBQUk7b0JBQ0YsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUNsQyxZQUFZLEVBQ1osUUFBUSxFQUNSLGdCQUFnQixDQUFDLG9CQUFvQixFQUNyQyxjQUFjLENBQUMsWUFBWSxDQUM1QixDQUFDO29CQUNGLHVCQUF1QjtvQkFDdkIsT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO29CQUVuQyxPQUFPLElBQUksQ0FBQztpQkFDYjtnQkFBQyxPQUFPLEtBQUssRUFBRTtvQkFDZCwwQ0FBMEM7b0JBQzFDLE1BQU0sS0FBSyxDQUFDLElBQUksS0FBSyx3QkFBd0I7d0JBQzNDLENBQUMsQ0FBQyxJQUFJLHFCQUFxQixDQUN2QixzR0FBc0csQ0FDdkc7d0JBQ0gsQ0FBQyxDQUFDLEtBQUssQ0FBQztpQkFDWDthQUNGO1lBRUQsK0NBQStDO1lBQy9DLElBQUksZ0JBQWdCLENBQUMsZUFBZSxFQUFFO2dCQUNwQyxJQUFJO29CQUNGLDRFQUE0RTtvQkFDNUUsOENBQThDO29CQUM5QyxNQUFNLEtBQUssR0FBRyxnQkFBZ0IsQ0FBQyxlQUFlLENBQUM7b0JBQy9DLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FDakMsS0FBSyxDQUFDLGFBQWEsRUFDbkIsUUFBUSxFQUNSLEtBQUssQ0FBQyxhQUFhLEVBQ25CLGNBQWMsQ0FBQyxJQUFJLENBQ3BCLENBQUM7b0JBQ0YsR0FBRyxDQUFDLHFCQUFxQixHQUFHLElBQUksQ0FBQztvQkFFakMsT0FBTyxHQUFHLENBQUM7aUJBQ1o7Z0JBQUMsT0FBTyxHQUFHLEVBQUU7b0JBQ1osdUNBQXVDO2lCQUN4QzthQUNGO1lBRUQsd0JBQXdCO1lBQ3hCLE9BQU8sTUFBTSxJQUFJLENBQUMsWUFBWSxDQUM1QixZQUFZLEVBQ1osUUFBUSxFQUNSLGdCQUFnQixDQUFDLG9CQUFvQixFQUNyQyxjQUFjLENBQUMsSUFBSSxDQUNwQixDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRWUsMEJBQTBCOztZQUN4QyxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUMsMkJBQTJCLEVBQUU7Z0JBQzNDLElBQUksQ0FBQyxTQUFTLEVBQUUsRUFBRTtvQkFDaEIsTUFBTSxHQUFHLEdBQ1AseUZBQXlGLENBQUM7b0JBQzVGLE9BQU8sQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7b0JBQ25CLE1BQU0sSUFBSSxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7aUJBQ3RCO3FCQUFNO29CQUNMLE9BQU8sQ0FBQyxJQUFJLENBQ1YsdUZBQXVGLENBQ3hGLENBQUM7aUJBQ0g7YUFDRjtpQkFBTTtnQkFDTCwrREFBK0Q7Z0JBQy9ELE1BQU0sb0JBQW9CLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO2dCQUMvRCxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUMzQixJQUFJLFVBQVUsQ0FBQztvQkFDYixRQUFRLEVBQUUsK0JBQStCO29CQUN6QyxTQUFTLEVBQUU7d0JBQ1QsS0FBSyxFQUFFOzRCQUNMLG9CQUFvQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQ2xDLG9CQUFvQixDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDbEM7eUJBQ0Y7cUJBQ0Y7aUJBQ0YsQ0FBQyxFQUNGO29CQUNFLGVBQWUsRUFBRSxLQUFLO2lCQUN2QixDQUNGLENBQUM7Z0JBRUYsSUFBSSxDQUFDLGNBQWMsQ0FBQyw2QkFBNkIsQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO2FBQ3pFO1FBQ0gsQ0FBQztLQUFBO0lBRWUsY0FBYyxDQUFDLFdBQWlDOztZQUM5RCxNQUFNLElBQUksQ0FBQyxzQkFBc0IsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUMvQyxNQUFNLElBQUksQ0FBQywwQkFBMEIsRUFBRSxDQUFDO1FBQzFDLENBQUM7S0FBQTtJQUVZLEtBQUssQ0FDaEIsWUFBb0IsRUFDcEIsUUFBZ0I7O1lBRWhCLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxZQUFZLEVBQUUsUUFBUSxDQUFDLENBQUM7WUFFaEUsNkJBQTZCO1lBQzdCLElBQUksQ0FBQyxTQUFTLEVBQUUsb0JBQW9CLENBQUMsQ0FBQyxRQUFRLENBQUMsV0FBVyxDQUFDLGFBQWEsQ0FBQyxFQUFFO2dCQUN6RSxPQUFPLEVBQUUsWUFBWSxFQUFFLElBQUksRUFBRSxTQUFTLEVBQUUsV0FBVyxFQUFFLENBQUM7YUFDdkQ7WUFFRCxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsV0FBVyxDQUFDLENBQUM7WUFFdkMsSUFBSSxXQUFXLENBQUMscUJBQXFCLEVBQUU7Z0JBQ3JDLGlEQUFpRDtnQkFDakQsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLFFBQVEsQ0FBQyxDQUFDO2dCQUNyRCxPQUFPLEVBQUUsWUFBWSxFQUFFLEtBQUssRUFBRSxTQUFTLEVBQUUsQ0FBQzthQUMzQztpQkFBTTtnQkFDTCxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxDQUFDO2dCQUN4RCxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQyw4Q0FBOEM7Z0JBQzlFLE9BQU8sRUFBRSxZQUFZLEVBQUUsS0FBSyxFQUFFLElBQUksRUFBRSxDQUFDO2FBQ3RDO1FBQ0gsQ0FBQztLQUFBO0lBRUQsMEZBQTBGO0lBQzdFLFdBQVcsQ0FDdEIsU0FBK0IsRUFDL0IsUUFBZ0IsRUFDaEIsVUFBbUIsRUFDbkIsSUFBWTs7WUFFWixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsYUFBYSxDQUFDLFNBQVMsRUFBRSxJQUFJLEVBQUUsU0FBUyxDQUFDLGFBQWEsQ0FBQyxDQUFDO1lBRXhFLGtFQUFrRTtZQUVsRSxNQUFNLFdBQVcsR0FBZ0IsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLHdCQUF3QixFQUFFLENBQUM7WUFFNUUsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBRXJDLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxXQUFXLEVBQUUsUUFBUSxDQUFDLENBQUM7WUFFeEQsSUFBSSxVQUFVLEVBQUU7Z0JBQ2QsV0FBVyxDQUFDLHlCQUF5QixDQUFDO29CQUNwQyxTQUFTLEVBQUUsR0FBRyxFQUFFLEdBQUUsQ0FBQztvQkFDbkIsU0FBUyxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztpQkFDbkMsQ0FBQyxDQUFDO2FBQ0o7WUFFRCxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7S0FBQTtJQUVLLHNCQUFzQixDQUFDLElBQTBCOztZQUNyRCxJQUFJLElBQUksQ0FBQyxjQUFjLEtBQUssY0FBYyxDQUFDLElBQUksRUFBRTtnQkFDL0MsTUFBTSxRQUFRLEdBQUcsSUFBSTtxQkFDbEIsb0JBQW9CLEVBQUU7cUJBQ3RCLGNBQWMsRUFBRTtxQkFDaEIsV0FBVyxFQUFFLENBQUM7Z0JBQ2pCLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxzQkFBc0IsQ0FDL0MsUUFBUSxFQUNSLElBQUksQ0FBQyxjQUFjLEtBQUssY0FBYyxDQUFDLFlBQVksQ0FDcEQsQ0FBQzthQUNIO1FBQ0gsQ0FBQztLQUFBO0lBRUssT0FBTyxDQUFDLFNBQWtCLEtBQUs7O1lBQ25DLElBQUksQ0FBQyxNQUFNLElBQUksSUFBSSxDQUFDLFdBQVcsRUFBRTtnQkFDL0IsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDO2FBQ3pCO1lBQ0QsSUFBSSxDQUFDLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQ3BDLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUMzQyxDQUFDO1lBQ0YsT0FBTyxDQUFDLEdBQUcsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO1lBQ3RDLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxLQUFLLEVBQUUsQ0FBQyxDQUFDLDhDQUE4QztZQUM5RSxPQUFPLElBQUksQ0FBQyxXQUFXLENBQUM7UUFDMUIsQ0FBQztLQUFBO0lBRU8sZ0JBQWdCLENBQUMsUUFBYztRQUNyQyxNQUFNLGNBQWMsR0FBRyxRQUFRLGFBQVIsUUFBUSx1QkFBUixRQUFRLENBQUUsT0FBTyxDQUFDO1FBQ3pDLE9BQU8sQ0FDTCxDQUFBLGNBQWMsYUFBZCxjQUFjLHVCQUFkLGNBQWMsQ0FBRSxNQUFNLElBQUcsQ0FBQztZQUMxQixjQUFjLENBQUMsSUFBSSxDQUFDLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLEtBQUssUUFBUSxDQUFDLENBQ3JFLENBQUM7SUFDSixDQUFDO0lBRWEsUUFBUSxDQUNwQixXQUF3QixFQUN4QixRQUFpQjs7WUFFakIsTUFBTSxFQUNKLFdBQVcsRUFDWCxXQUFXLEVBQ1gsU0FBUyxHQUNWLEdBQUcsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBRS9DLElBQUksV0FBVyxDQUFDLG9CQUFvQixFQUFFO2dCQUNwQyxJQUFJLENBQUMsY0FBYyxDQUFDLDZCQUE2QixDQUMvQyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLG9CQUFvQixDQUFDLENBQ2xELENBQUM7YUFDSDtZQUVELE1BQU0sY0FBYyxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxjQUFjLENBQUMsV0FBVyxDQUFDLENBQUM7WUFFbkUsSUFBSSxRQUFRLEVBQUU7Z0JBQ1osTUFBTSxPQUFPLEdBQUcsQ0FDZCxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxpQkFDakMsUUFBUSxJQUNMLFdBQVcsQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFDbkQsQ0FDSCxDQUFDLEdBQUcsQ0FBQztnQkFFTixNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsZ0JBQWdCLENBQ3JDLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxpQkFBaUIsQ0FDMUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsRUFBRSxFQUNyQyxPQUFPLEVBQ1AsV0FBVyxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUN4QyxDQUNGLENBQUM7YUFDSDtZQUNELE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxDQUFDO1lBRXBFLE9BQU87Z0JBQ0wsRUFBRSxFQUFFLFdBQVcsQ0FBQyxFQUFFO2dCQUNsQixHQUFHLEVBQUUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEtBQUssRUFBRSxjQUFjLENBQUM7Z0JBQ2pELFFBQVEsRUFBRSxXQUFXLENBQUMsUUFBUTtnQkFDOUIsY0FBYyxFQUFFLFdBQVcsQ0FBQyxjQUFjO2dCQUMxQyxpQkFBaUIsRUFBRSxHQUFHLEVBQUUsQ0FDdEIsV0FBVyxDQUFDLG9CQUFvQixFQUFFLENBQUMsY0FBYyxFQUFFLENBQUMsV0FBVyxFQUFFO2dCQUNuRSxLQUFLLEVBQUUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE9BQU8sRUFBRSxjQUFjLENBQUM7Z0JBQ3JELGFBQWEsRUFDWCxJQUFJLENBQUMsZ0JBQWdCLENBQUMsZ0JBQWdCLEVBQUUsY0FBYyxDQUFDLEtBQUssTUFBTTtnQkFDcEUsS0FBSyxFQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxjQUFjLEVBQUUsY0FBYyxDQUFDO2dCQUM1RCxhQUFhLEVBQ1gsSUFBSSxDQUFDLGdCQUFnQixDQUFDLHVCQUF1QixFQUFFLGNBQWMsQ0FBQztvQkFDOUQsTUFBTTtnQkFDUixXQUFXLG9CQUNOLENBQUMsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLGtCQUFrQixDQUFDLFdBQVcsQ0FBQyxDQUFDLENBQy9EO2dCQUNELFVBQVUsRUFBRSxXQUFXLENBQUMsVUFBVTtnQkFDbEMsU0FBUztnQkFDVCxnQkFBZ0IsRUFBRSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsV0FBVyxDQUFDLFFBQVEsQ0FBQztnQkFDN0QsUUFBUSxFQUFFLFdBQVcsQ0FBQyxRQUFRO2dCQUM5QixvQkFBb0IsRUFBRSxXQUFXLENBQUMsb0JBQW9CO2FBQ3ZELENBQUM7UUFDSixDQUFDO0tBQUE7SUFFTSxTQUFTO1FBQ2QsT0FBTyxJQUFJLENBQUMsVUFBVSxDQUFDO0lBQ3pCLENBQUM7SUFFWSxNQUFNOztZQUNqQixJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQztZQUN4QixJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQzVCLElBQUksQ0FBQyxlQUFlLENBQUMsU0FBUyxFQUFFLENBQUM7WUFFakMsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsRUFBRSxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQztRQUMxRSxDQUFDO0tBQUE7SUFFTyxnQkFBZ0IsQ0FDdEIsYUFBcUIsRUFDckIsY0FBc0M7UUFFdEMsTUFBTSxhQUFhLEdBQUcsY0FBYyxDQUFDLElBQUksQ0FDdkMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLEVBQUUsS0FBSyxhQUFhLENBQ3JDLENBQUM7UUFFRixPQUFPLGFBQWEsQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUM7SUFDekQsQ0FBQztJQUVZLGFBQWEsQ0FBQyxRQUFpQjs7WUFDMUMsTUFBTSxFQUFFLG1CQUFtQixFQUFFLFNBQVMsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxLQUFLLENBQUM7Z0JBQ3BFLEtBQUssRUFBRSx3QkFBd0I7YUFDaEMsQ0FBQyxDQUFDO1lBRUgsSUFBSSxTQUFTLENBQUMsb0JBQW9CLEVBQUU7Z0JBQ2xDLElBQUksQ0FBQyxjQUFjLENBQUMsNkJBQTZCLENBQy9DLE1BQU0sR0FBRyxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUMsb0JBQW9CLENBQUMsQ0FDaEQsQ0FBQzthQUNIO1lBRUQsa0JBQWtCO1lBQ2xCLElBQUksUUFBUSxFQUFFO2dCQUNaLE1BQU0sT0FBTyxHQUFHLENBQ2QsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ2pDLFFBQVEsSUFDTCxTQUFTLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFDbEMsQ0FDSCxDQUFDLEdBQUcsQ0FBQztnQkFFTixNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsZ0JBQWdCLENBQ3JDLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxpQkFBaUIsQ0FDMUMsU0FBUyxDQUFDLE9BQU8sQ0FBQyxFQUFFLEVBQ3BCLE9BQU8sRUFDUCxTQUFTLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FDdkIsQ0FDRixDQUFDO2FBQ0g7WUFFRCxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQztnQkFDM0IsT0FBTyxFQUFFO29CQUNQLEVBQUUsRUFBRSxTQUFTLENBQUMsT0FBTyxDQUFDLEVBQUU7aUJBQ3pCO2dCQUNELFNBQVMsRUFBRTtvQkFDVCxFQUFFLEVBQUUsU0FBUyxDQUFDLFNBQVMsQ0FBQyxFQUFFO2lCQUMzQjthQUNGLENBQUMsQ0FBQztZQUVILE1BQU0sY0FBYyxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxjQUFjLENBQ25ELE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUMzQyxDQUFDO1lBQ0YsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixDQUFDLEtBQUssRUFBRSxjQUFjLENBQUMsQ0FBQztZQUV6RCx1Q0FDSyxDQUFDLE1BQU0sSUFBSSxDQUFDLCtCQUErQixDQUFDLDhCQUE4QixDQUMzRSxTQUFTLENBQ1YsQ0FBQyxLQUNGLEdBQUcsSUFDSDtRQUNKLENBQUM7S0FBQTtJQUVZLGtCQUFrQjs7WUFDN0IsTUFBTSxXQUFXLEdBQWdCLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUFDO1lBQzVFLE1BQU0sWUFBWSxHQUFHLFdBQVcsQ0FBQyxvQkFBb0IsRUFBRSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBRTFFLE9BQU8sSUFBSSxPQUFPLENBQUMsQ0FBQyxPQUFPLEVBQUUsTUFBTSxFQUFFLEVBQUU7Z0JBQ3JDLFdBQVcsQ0FBQyxjQUFjLENBQUMsWUFBWSxFQUFFLENBQUMsR0FBRyxFQUFFLElBQUksRUFBRSxFQUFFO29CQUNyRCxJQUFJLEdBQUcsRUFBRTt3QkFDUCxPQUFPLENBQUMsS0FBSyxDQUFDLDBCQUEwQixFQUFFLEdBQUcsQ0FBQyxDQUFDO3dCQUMvQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7cUJBQ2I7eUJBQU07d0JBQ0wsT0FBTyxDQUFDLEdBQUcsQ0FBQywwQkFBMEIsRUFBRSxJQUFJLENBQUMsQ0FBQzt3QkFDOUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDO3FCQUNaO2dCQUNILENBQUMsQ0FBQyxDQUFDO1lBQ0wsQ0FBQyxDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7Ozs7WUE5WkYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7NENBTUksTUFBTSxTQUFDLFNBQVM7WUF4QlosU0FBUztZQUdULGlCQUFpQjtZQWxCakIsVUFBVTtZQUNWLGNBQWM7WUFGZCxlQUFlO1lBZWYsZUFBZTtZQUdmLFdBQVc7WUFFWCxnQkFBZ0I7WUFFaEIsK0JBQStCO1lBRS9CLGNBQWMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJbmplY3QsIEluamVjdGFibGUsIGlzRGV2TW9kZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgeyBDb2duaXRvVXNlciB9IGZyb20gJ0Bhd3MtYW1wbGlmeS9hdXRoJztcclxuaW1wb3J0IHsgSHViIH0gZnJvbSAnQGF3cy1hbXBsaWZ5L2NvcmUnO1xyXG5pbXBvcnQgeyBDb2duaXRvVXNlckF0dHJpYnV0ZSB9IGZyb20gJ2FtYXpvbi1jb2duaXRvLWlkZW50aXR5LWpzJztcclxuaW1wb3J0IHsgT2JzZXJ2YWJsZSwgUmVwbGF5U3ViamVjdCB9IGZyb20gJ3J4anMnO1xyXG5pbXBvcnQgeyBQYXNzSWRwUGFyYW1zIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2NyeXB0b2dyYXBoeS50eXBlcyc7XHJcbmltcG9ydCB7IEtleUdyYXBoU2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXktZ3JhcGguc2VydmljZSc7XHJcbmltcG9ydCB7IEtleVNlcnZpY2UgfSBmcm9tICcuLi9jcnlwdG9ncmFwaHkva2V5LnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBQcm9maWxlU2VydmljZSB9IGZyb20gJy4uL3VzZXJzL3Byb2ZpbGUuc2VydmljZSc7XHJcbmltcG9ydCB7IFBhc3N3b3JkQ2hhbmdlU3RhdHVzIH0gZnJvbSAnLi4vdXNlcnMvcHJvZmlsZS50eXBlcyc7XHJcbmltcG9ydCB7XHJcbiAgTHJDb25jdXJyZW50QWNjZXNzRXhjZXB0aW9uLFxyXG4gIExyQmFkUmVxdWVzdEV4Y2VwdGlvbixcclxufSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xyXG5pbXBvcnQge1xyXG4gIENvZ25pdG9DaGFsbGVuZ2VVc2VyLFxyXG4gIEN1cnJlbnRVc2VyLFxyXG4gIFRwUGFzc3dvcmRSZXNldFVzZXIsXHJcbiAgTG9naW5SZXN1bHQsXHJcbiAgUmVjb3ZlcnlTdGF0dXMsXHJcbn0gZnJvbSAnLi9hdXRoLnR5cGVzJztcclxuaW1wb3J0IHsgUGFzc3dvcmRTZXJ2aWNlIH0gZnJvbSAnLi9wYXNzd29yZC5zZXJ2aWNlJztcclxuaW1wb3J0IHsgQXV0aENsYXNzIH0gZnJvbSAnQGF3cy1hbXBsaWZ5L2F1dGgvbGliLWVzbS9BdXRoJztcclxuaW1wb3J0IHsgVHBQYXNzd29yZFJlc2V0VXNlclF1ZXJ5IH0gZnJvbSAnLi4vdHJ1c3RlZC1wYXJ0aWVzL3RwLXBhc3N3b3JkLXJlc2V0LmdxbCc7XHJcbmltcG9ydCB7IElkbGVTZXJ2aWNlIH0gZnJvbSAnLi9pZGxlLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBLZXlGYWN0b3J5U2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXktZmFjdG9yeS5zZXJ2aWNlJztcclxuaW1wb3J0IHsgTHJHcmFwaFFMU2VydmljZSwgTHJNdXRhdGlvbiB9IGZyb20gJy4uL2FwaS9sci1ncmFwaHFsJztcclxuaW1wb3J0IHsgVHBQYXNzd29yZFJlc2V0VXNlck5vZGUgfSBmcm9tICcuLi9hcGkvdHlwZXMnO1xyXG5pbXBvcnQgeyBUcFBhc3N3b3JkUmVzZXRQcm9jZXNzb3JTZXJ2aWNlIH0gZnJvbSAnLi4vYXBpL3F1ZXJ5LXByb2Nlc3Nvci90cC1wYXNzd29yZC1yZXNldC1wcm9jZXNzb3Iuc2VydmljZSc7XHJcbmltcG9ydCB7IFNldFNlc3Npb25FbmNyeXB0aW9uS2V5TXV0YXRpb24gfSBmcm9tICcuL2F1dGguZ3FsJztcclxuaW1wb3J0IHsgUGVyc2lzdFNlcnZpY2UgfSBmcm9tICcuLi9hcGkvcGVyc2lzdC5zZXJ2aWNlJztcclxuaW1wb3J0IHsgSldLIH0gZnJvbSAnbm9kZS1qb3NlJztcclxuaW1wb3J0IHsgTGlmZVJlYWR5Q29uZmlnLCBMUl9DT05GSUcgfSBmcm9tICcuLi9saWZlLXJlYWR5LmNvbmZpZyc7XHJcblxyXG5leHBvcnQgY29uc3QgaW5pdGlhbGlzZUF1dGggPSAoYXV0aFNlcnZpY2U6IExpZmVSZWFkeUF1dGhTZXJ2aWNlKSA9PiB7XHJcbiAgcmV0dXJuICgpID0+IGF1dGhTZXJ2aWNlLmluaXRpYWxpc2UoKTtcclxufTtcclxuXHJcbkBJbmplY3RhYmxlKHtcclxuICBwcm92aWRlZEluOiAncm9vdCcsXHJcbn0pXHJcbmV4cG9ydCBjbGFzcyBMaWZlUmVhZHlBdXRoU2VydmljZSB7XHJcbiAgcHJpdmF0ZSBodWJTdWJqZWN0OiBSZXBsYXlTdWJqZWN0PGFueT4gPSBuZXcgUmVwbGF5U3ViamVjdDxhbnk+KDEpO1xyXG4gIHByaXZhdGUgY3VycmVudFVzZXI6IEN1cnJlbnRVc2VyO1xyXG5cclxuICBjb25zdHJ1Y3RvcihcclxuICAgIEBJbmplY3QoTFJfQ09ORklHKSBwcml2YXRlIGNvbmZpZzogTGlmZVJlYWR5Q29uZmlnLFxyXG4gICAgcHJpdmF0ZSBhdXRoOiBBdXRoQ2xhc3MsXHJcbiAgICBwcml2YXRlIGtleUZhY3Rvcnk6IEtleUZhY3RvcnlTZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSBrZXlTZXJ2aWNlOiBLZXlTZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSBwcm9maWxlU2VydmljZTogUHJvZmlsZVNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGtleUdyYXBoU2VydmljZTogS2V5R3JhcGhTZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSBwYXNzd29yZFNlcnZpY2U6IFBhc3N3b3JkU2VydmljZSxcclxuICAgIHByaXZhdGUgaWRsZVNlcnZpY2U6IElkbGVTZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSBsckdyYXBoUUw6IExyR3JhcGhRTFNlcnZpY2UsXHJcbiAgICBwcml2YXRlIHRwUGFzc3dvcmRSZXNldFByb2Nlc3NvclNlcnZpY2U6IFRwUGFzc3dvcmRSZXNldFByb2Nlc3NvclNlcnZpY2UsXHJcbiAgICBwcml2YXRlIHBlcnNpc3RTZXJ2aWNlOiBQZXJzaXN0U2VydmljZVxyXG4gICkge31cclxuXHJcbiAgcHVibGljIGFzeW5jIGluaXRpYWxpc2UoKSB7XHJcbiAgICBIdWIubGlzdGVuKCdhdXRoJywgKGRhdGEpID0+IHRoaXMuaHViU3ViamVjdC5uZXh0KGRhdGEucGF5bG9hZCkpO1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBhc3luYyBsb2dpbklkcEltcGwoXHJcbiAgICBlbWFpbE9yUGhvbmU6IHN0cmluZyxcclxuICAgIHBhc3N3b3JkOiBzdHJpbmcsXHJcbiAgICBwYXNzSWRwUGFyYW1zOiBQYXNzSWRwUGFyYW1zLFxyXG4gICAgcmVjb3ZlcnlTdGF0dXM6IFJlY292ZXJ5U3RhdHVzXHJcbiAgKTogUHJvbWlzZTxDb2duaXRvQ2hhbGxlbmdlVXNlcj4ge1xyXG4gICAgY29uc3QgcGFzc0lkcFJlc3VsdCA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5kZXJpdmVQYXNzSWRwKHtcclxuICAgICAgcGFzc3dvcmQsXHJcbiAgICAgIC4uLnBhc3NJZHBQYXJhbXMsXHJcbiAgICB9KTtcclxuICAgIC8vIFVzZSB0aGUgZGVyaXZlZCBwYXNzd29yZCB0byBzaWduaW4gd2l0aCBjb2duaXRvXHJcbiAgICBjb25zdCB1c2VyID0gYXdhaXQgdGhpcy5hdXRoLnNpZ25JbihcclxuICAgICAgZW1haWxPclBob25lLFxyXG4gICAgICB0aGlzLnBhc3N3b3JkU2VydmljZS5nZXRQYXNzSWRwU3RyaW5nKHBhc3NJZHBSZXN1bHQuandrKVxyXG4gICAgKTtcclxuXHJcbiAgICB1c2VyLnJlY292ZXJ5U3RhdHVzID0gcmVjb3ZlcnlTdGF0dXM7XHJcblxyXG4gICAgcmV0dXJuIHVzZXI7XHJcbiAgfVxyXG5cclxuICBwcml2YXRlIGFzeW5jIGxvZ2luSWRwKFxyXG4gICAgZW1haWxPclBob25lOiBzdHJpbmcsXHJcbiAgICBwYXNzd29yZDogc3RyaW5nXHJcbiAgKTogUHJvbWlzZTxDb2duaXRvQ2hhbGxlbmdlVXNlcj4ge1xyXG4gICAgLy8gRG93bmxvYWQgdGhlIHNhbHQgbmVlZGVkIHRvIGRlcml2ZSB0aGUgUGFzc0lkcFxyXG4gICAgY29uc3QgcGFzc0lkcEFwaVJlc3VsdCA9IGF3YWl0IHRoaXMucHJvZmlsZVNlcnZpY2UuZ2V0UGFzc0lkcFBhcmFtcyhcclxuICAgICAgZW1haWxPclBob25lXHJcbiAgICApO1xyXG5cclxuICAgIGlmIChcclxuICAgICAgcGFzc0lkcEFwaVJlc3VsdC5wYXNzd29yZENoYW5nZVN0YXR1cyA9PT0gUGFzc3dvcmRDaGFuZ2VTdGF0dXMuSW5Qcm9ncmVzc1xyXG4gICAgKSB7XHJcbiAgICAgIHRocm93IG5ldyBMckNvbmN1cnJlbnRBY2Nlc3NFeGNlcHRpb24oJ0EgcGFzc3dvcmQgY2hhbmdlIGlzIGluIHByb2dyZXNzJyk7XHJcbiAgICB9XHJcblxyXG4gICAgaWYgKFxyXG4gICAgICBwYXNzSWRwQXBpUmVzdWx0LnBhc3N3b3JkQ2hhbmdlU3RhdHVzID09PSBQYXNzd29yZENoYW5nZVN0YXR1cy5SZWNvdmVyeVxyXG4gICAgKSB7XHJcbiAgICAgIGNvbnNvbGUubG9nKCdJbiByZWNvdmVyeSBtb2RlLicpO1xyXG4gICAgICAvLyBMZXQncyBzYXkgd2UgZG9uJ3Qga25vdyBpZiB0aGUgcGFzc3dvcmQgaXMgdGhlIG5ldyBvbmUgb3IgdGhlIG9sZCBvbmUuIFdlIGp1c3QgaGF2ZSB0byB0cnkgYm90aC5cclxuICAgICAgdHJ5IHtcclxuICAgICAgICBjb25zdCB1c2VyID0gYXdhaXQgdGhpcy5sb2dpbklkcEltcGwoXHJcbiAgICAgICAgICBlbWFpbE9yUGhvbmUsXHJcbiAgICAgICAgICBwYXNzd29yZCxcclxuICAgICAgICAgIHBhc3NJZHBBcGlSZXN1bHQubmV3UGFzc0lkcFBhcmFtcyxcclxuICAgICAgICAgIFJlY292ZXJ5U3RhdHVzLk5FV19QQVNTV09SRFxyXG4gICAgICAgICk7XHJcbiAgICAgICAgLy8gTmV3IHBhc3N3b3JkIHdvcmtlZC4gTGV0J3Mgc2V0IHRvIHRoZSBjdXJyZW50IHBhc3N3b3JkXHJcblxyXG4gICAgICAgIC8vIC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgMS0tXHJcbiAgICAgICAgLy8gaWYgY2hhbmdlUGFzc3dvcmRDb21wbGV0ZSgpIGRvZXNuJ3QgZ2V0IGNhbGxlZCwgdGhlbiBpdCBzaG91bGQgcmVtYWluXHJcblxyXG4gICAgICAgIGNvbnNvbGUubG9nKCdOZXcgcGFzc3dvcmQgd29ya3MhJyk7XHJcblxyXG4gICAgICAgIHJldHVybiB1c2VyO1xyXG4gICAgICB9IGNhdGNoIChlcnJvcikge1xyXG4gICAgICAgIC8vIEp1c3QgYnViYmxlIHVwIGFueSBvdGhlciB0eXBlIG9mIGVycm9yLlxyXG4gICAgICAgIGlmIChlcnJvci5jb2RlICE9PSAnTm90QXV0aG9yaXplZEV4Y2VwdGlvbicpIHtcclxuICAgICAgICAgIHRocm93IGVycm9yO1xyXG4gICAgICAgIH1cclxuICAgICAgICAvLyBwYXNzLCB0cnkgYWdhaW4gYXNzdW1pbmcgaXQncyB0aGUgb2xkIHBhc3N3b3JkXHJcbiAgICAgIH1cclxuXHJcbiAgICAgIC8vIE5vdyBhc3N1bWUgaXQncyB0aGUgcHJldmlvdXMgcGFzc3dvcmQuIEFueSBleGNlcHRpb24gaXMgYWxsb3dlZCB0byBidWJibGUgdXAuXHJcbiAgICAgIHRyeSB7XHJcbiAgICAgICAgY29uc3QgdXNlciA9IGF3YWl0IHRoaXMubG9naW5JZHBJbXBsKFxyXG4gICAgICAgICAgZW1haWxPclBob25lLFxyXG4gICAgICAgICAgcGFzc3dvcmQsXHJcbiAgICAgICAgICBwYXNzSWRwQXBpUmVzdWx0LmN1cnJlbnRQYXNzSWRwUGFyYW1zLFxyXG4gICAgICAgICAgUmVjb3ZlcnlTdGF0dXMuT0xEX1BBU1NXT1JEXHJcbiAgICAgICAgKTtcclxuICAgICAgICAvLyBPbGQgcGFzc3dvcmQgd29ya2VkLlxyXG4gICAgICAgIGNvbnNvbGUubG9nKCdPbGQgcGFzc3dvcmQgd29ya3MhJyk7XHJcblxyXG4gICAgICAgIHJldHVybiB1c2VyO1xyXG4gICAgICB9IGNhdGNoIChlcnJvcikge1xyXG4gICAgICAgIC8vIEp1c3QgYnViYmxlIHVwIGFueSBvdGhlciB0eXBlIG9mIGVycm9yLlxyXG4gICAgICAgIHRocm93IGVycm9yLmNvZGUgPT09ICdOb3RBdXRob3JpemVkRXhjZXB0aW9uJ1xyXG4gICAgICAgICAgPyBuZXcgTHJCYWRSZXF1ZXN0RXhjZXB0aW9uKFxyXG4gICAgICAgICAgICAgICdUaGUgcGFzc3dvcmQgY2hhbmdlIHJlcXVlc3Qgd2FzIGludGVycnVwdGVkLCBwbGVhc2UgdHJ5IHRvIGxvZ2luIHdpdGggYm90aCB5b3VyIG5ldyBhbmQgb2xkIHBhc3N3b3JkJ1xyXG4gICAgICAgICAgICApXHJcbiAgICAgICAgICA6IGVycm9yO1xyXG4gICAgICB9XHJcbiAgICB9XHJcblxyXG4gICAgLy8gVHJ5IGFnYWluc3QgYXMgdGhlIFRQIHBhc3N3b3JkIHJlc2V0IGFjY291bnRcclxuICAgIGlmIChwYXNzSWRwQXBpUmVzdWx0LnRwUGFzc3dvcmRSZXNldCkge1xyXG4gICAgICB0cnkge1xyXG4gICAgICAgIC8vIFRQIHBhc3N3b3JkIHJlc2V0IGlzIGluIHByb2Nlc3MuIFdlIG5lZWQgdG8gdHJ5IHRoZSBwYXNzd29yZCBhZ2FpbnN0IGJvdGhcclxuICAgICAgICAvLyBvcmlnaW5hbCBhY2NvdW50IGFuZCB0aGUgbmV3IHJlc2V0IGFjY291bnQuXHJcbiAgICAgICAgY29uc3QgcmVzZXQgPSBwYXNzSWRwQXBpUmVzdWx0LnRwUGFzc3dvcmRSZXNldDtcclxuICAgICAgICBjb25zdCByZXQgPSBhd2FpdCB0aGlzLmxvZ2luSWRwSW1wbChcclxuICAgICAgICAgIHJlc2V0LnJlc2V0VXNlcm5hbWUsXHJcbiAgICAgICAgICBwYXNzd29yZCxcclxuICAgICAgICAgIHJlc2V0LnBhc3NJZHBQYXJhbXMsXHJcbiAgICAgICAgICBSZWNvdmVyeVN0YXR1cy5OT05FXHJcbiAgICAgICAgKTtcclxuICAgICAgICByZXQuaXNUcFBhc3N3b3JkUmVzZXRVc2VyID0gdHJ1ZTtcclxuXHJcbiAgICAgICAgcmV0dXJuIHJldDtcclxuICAgICAgfSBjYXRjaCAoZXJyKSB7XHJcbiAgICAgICAgLy8gY29udGludWUsIHRyeSBhZ2FpbiBhcyByZWd1bGFyIHVzZXIuXHJcbiAgICAgIH1cclxuICAgIH1cclxuXHJcbiAgICAvLyBMb2dpbiBhcyByZWd1bGFyIHVzZXJcclxuICAgIHJldHVybiBhd2FpdCB0aGlzLmxvZ2luSWRwSW1wbChcclxuICAgICAgZW1haWxPclBob25lLFxyXG4gICAgICBwYXNzd29yZCxcclxuICAgICAgcGFzc0lkcEFwaVJlc3VsdC5jdXJyZW50UGFzc0lkcFBhcmFtcyxcclxuICAgICAgUmVjb3ZlcnlTdGF0dXMuTk9ORVxyXG4gICAgKTtcclxuICB9XHJcblxyXG4gIHByb3RlY3RlZCBhc3luYyBoYW5kbGVTZXNzaW9uRW5jcnlwdGlvbktleSgpIHtcclxuICAgIGlmICh0aGlzLmNvbmZpZy5kaXNhYmxlU2Vzc2lvbkVuY3J5cHRpb25LZXkpIHtcclxuICAgICAgaWYgKCFpc0Rldk1vZGUoKSkge1xyXG4gICAgICAgIGNvbnN0IG1zZyA9XHJcbiAgICAgICAgICAnWW91IHNob3VsZCBub3Qgc2V0IGRpc2FibGVTZXNzaW9uRW5jcnlwdGlvbktleT1UcnVlIGluIG1vZGUgcHJvZC4gSXQgZGVmYXVsdHMgdG8gZmFsc2UuJztcclxuICAgICAgICBjb25zb2xlLmVycm9yKG1zZyk7XHJcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKG1zZyk7XHJcbiAgICAgIH0gZWxzZSB7XHJcbiAgICAgICAgY29uc29sZS53YXJuKFxyXG4gICAgICAgICAgJ1lvdSBoYXZlIHNldCBkaXNhYmxlU2Vzc2lvbkVuY3J5cHRpb25LZXk9VHJ1ZS4gTWFrZSBzdXJlIG5vdCB0byBkbyB0aGlzIGluIHByb2QgbW9kZS4nXHJcbiAgICAgICAgKTtcclxuICAgICAgfVxyXG4gICAgfSBlbHNlIHtcclxuICAgICAgLy8gU2V0IHRoZSBzZXNzaW9uIGtleSB0byBhIG5ldyBlbmNyeXB0aW9uIGtleSBmb3IgdGhpcyBzZXNzaW9uXHJcbiAgICAgIGNvbnN0IHNlc3Npb25FbmNyeXB0aW9uS2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xyXG4gICAgICBhd2FpdCB0aGlzLmxyR3JhcGhRTC5sck11dGF0ZShcclxuICAgICAgICBuZXcgTHJNdXRhdGlvbih7XHJcbiAgICAgICAgICBtdXRhdGlvbjogU2V0U2Vzc2lvbkVuY3J5cHRpb25LZXlNdXRhdGlvbixcclxuICAgICAgICAgIHZhcmlhYmxlczoge1xyXG4gICAgICAgICAgICBpbnB1dDoge1xyXG4gICAgICAgICAgICAgIHNlc3Npb25FbmNyeXB0aW9uS2V5OiBKU09OLnN0cmluZ2lmeShcclxuICAgICAgICAgICAgICAgIHNlc3Npb25FbmNyeXB0aW9uS2V5LnRvSlNPTih0cnVlKVxyXG4gICAgICAgICAgICAgICksXHJcbiAgICAgICAgICAgIH0sXHJcbiAgICAgICAgICB9LFxyXG4gICAgICAgIH0pLFxyXG4gICAgICAgIHtcclxuICAgICAgICAgIGluY2x1ZGVLZXlHcmFwaDogZmFsc2UsXHJcbiAgICAgICAgfVxyXG4gICAgICApO1xyXG5cclxuICAgICAgdGhpcy5wZXJzaXN0U2VydmljZS5zZXRTZXJ2ZXJTZXNzaW9uRW5jcnlwdGlvbktleShzZXNzaW9uRW5jcnlwdGlvbktleSk7XHJcbiAgICB9XHJcbiAgfVxyXG5cclxuICBwcm90ZWN0ZWQgYXN5bmMgaGFuZGxlUG9zdEF1dGgoY29nbml0b1VzZXI6IENvZ25pdG9DaGFsbGVuZ2VVc2VyKSB7XHJcbiAgICBhd2FpdCB0aGlzLmhhbmRsZVBhc3N3b3JkUmVjb3ZlcnkoY29nbml0b1VzZXIpO1xyXG4gICAgYXdhaXQgdGhpcy5oYW5kbGVTZXNzaW9uRW5jcnlwdGlvbktleSgpO1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIGxvZ2luKFxyXG4gICAgZW1haWxPclBob25lOiBzdHJpbmcsXHJcbiAgICBwYXNzd29yZDogc3RyaW5nXHJcbiAgKTogUHJvbWlzZTxMb2dpblJlc3VsdD4ge1xyXG4gICAgY29uc3QgY29nbml0b1VzZXIgPSBhd2FpdCB0aGlzLmxvZ2luSWRwKGVtYWlsT3JQaG9uZSwgcGFzc3dvcmQpO1xyXG5cclxuICAgIC8vIHRvZG86IE1lZXQgTUZBIGNoYWxsZW5nZXMuXHJcbiAgICBpZiAoWydTTVNfTUZBJywgJ1NPRlRXQVJFX1RPS0VOX01GQSddLmluY2x1ZGVzKGNvZ25pdG9Vc2VyLmNoYWxsZW5nZU5hbWUpKSB7XHJcbiAgICAgIHJldHVybiB7IGhhc0NoYWxsZW5nZTogdHJ1ZSwgY2hhbGxlbmdlOiBjb2duaXRvVXNlciB9O1xyXG4gICAgfVxyXG5cclxuICAgIGF3YWl0IHRoaXMuaGFuZGxlUG9zdEF1dGgoY29nbml0b1VzZXIpO1xyXG5cclxuICAgIGlmIChjb2duaXRvVXNlci5pc1RwUGFzc3dvcmRSZXNldFVzZXIpIHtcclxuICAgICAgLy8gQXNzdW1pbmcgdGhlcmUgaXMgbm8gTUZBIG9uIHRoZSBUUCByZXNldCB1c2VyLlxyXG4gICAgICBjb25zdCByZXNldFVzZXIgPSBhd2FpdCB0aGlzLmxvYWRSZXNldFVzZXIocGFzc3dvcmQpO1xyXG4gICAgICByZXR1cm4geyBoYXNDaGFsbGVuZ2U6IGZhbHNlLCByZXNldFVzZXIgfTtcclxuICAgIH0gZWxzZSB7XHJcbiAgICAgIGNvbnN0IHVzZXIgPSBhd2FpdCB0aGlzLmxvYWRVc2VyKGNvZ25pdG9Vc2VyLCBwYXNzd29yZCk7XHJcbiAgICAgIGF3YWl0IHRoaXMuaWRsZVNlcnZpY2Uuc3RhcnQoKTsgLy8gUnVuIGlkbGVTZXJ2aWNlIHdoZW5ldmVyIHVzZXIgaXMgbG9nZ2VkIGluLlxyXG4gICAgICByZXR1cm4geyBoYXNDaGFsbGVuZ2U6IGZhbHNlLCB1c2VyIH07XHJcbiAgICB9XHJcbiAgfVxyXG5cclxuICAvLyBUT0RPIDxBWj4gV2UgbmVlZCB0byBoYW5kbGUgdGhlIGlzVHBQYXNzd29yZFJlc2V0VXNlcj1UcnVlIGNhc2UgaGVyZSBhZnRlciBNRkEgYXMgd2VsbC5cclxuICBwdWJsaWMgYXN5bmMgdmVyaWZ5TG9naW4oXHJcbiAgICBjaGFsbGVuZ2U6IENvZ25pdG9DaGFsbGVuZ2VVc2VyLFxyXG4gICAgcGFzc3dvcmQ6IHN0cmluZyxcclxuICAgIHJlbWVtYmVyTWU6IGJvb2xlYW4sXHJcbiAgICBjb2RlOiBzdHJpbmdcclxuICApOiBQcm9taXNlPEN1cnJlbnRVc2VyPiB7XHJcbiAgICBhd2FpdCB0aGlzLmF1dGguY29uZmlybVNpZ25JbihjaGFsbGVuZ2UsIGNvZGUsIGNoYWxsZW5nZS5jaGFsbGVuZ2VOYW1lKTtcclxuXHJcbiAgICAvLyBUT0RPOiB0aGlzLmF1dGguY29uZmlybVNpZ25JbigpIGNvdWxkIHJldHVybiBhbm90aGVyIGNoYWxsZW5nZS5cclxuXHJcbiAgICBjb25zdCBjb2duaXRvVXNlcjogQ29nbml0b1VzZXIgPSBhd2FpdCB0aGlzLmF1dGguY3VycmVudEF1dGhlbnRpY2F0ZWRVc2VyKCk7XHJcblxyXG4gICAgYXdhaXQgdGhpcy5oYW5kbGVQb3N0QXV0aChjaGFsbGVuZ2UpO1xyXG5cclxuICAgIGNvbnN0IHVzZXIgPSBhd2FpdCB0aGlzLmxvYWRVc2VyKGNvZ25pdG9Vc2VyLCBwYXNzd29yZCk7XHJcblxyXG4gICAgaWYgKHJlbWVtYmVyTWUpIHtcclxuICAgICAgY29nbml0b1VzZXIuc2V0RGV2aWNlU3RhdHVzUmVtZW1iZXJlZCh7XHJcbiAgICAgICAgb25TdWNjZXNzOiAoKSA9PiB7fSxcclxuICAgICAgICBvbkZhaWx1cmU6IChlKSA9PiBjb25zb2xlLmVycm9yKGUpLFxyXG4gICAgICB9KTtcclxuICAgIH1cclxuXHJcbiAgICByZXR1cm4gdXNlcjtcclxuICB9XHJcblxyXG4gIGFzeW5jIGhhbmRsZVBhc3N3b3JkUmVjb3ZlcnkodXNlcjogQ29nbml0b0NoYWxsZW5nZVVzZXIpIHtcclxuICAgIGlmICh1c2VyLnJlY292ZXJ5U3RhdHVzICE9PSBSZWNvdmVyeVN0YXR1cy5OT05FKSB7XHJcbiAgICAgIGNvbnN0IGp3dFRva2VuID0gdXNlclxyXG4gICAgICAgIC5nZXRTaWduSW5Vc2VyU2Vzc2lvbigpXHJcbiAgICAgICAgLmdldEFjY2Vzc1Rva2VuKClcclxuICAgICAgICAuZ2V0Snd0VG9rZW4oKTtcclxuICAgICAgYXdhaXQgdGhpcy5wYXNzd29yZFNlcnZpY2UuY2hhbmdlUGFzc3dvcmRDb21wbGV0ZShcclxuICAgICAgICBqd3RUb2tlbixcclxuICAgICAgICB1c2VyLnJlY292ZXJ5U3RhdHVzID09PSBSZWNvdmVyeVN0YXR1cy5ORVdfUEFTU1dPUkRcclxuICAgICAgKTtcclxuICAgIH1cclxuICB9XHJcblxyXG4gIGFzeW5jIGdldFVzZXIocmVsb2FkOiBib29sZWFuID0gZmFsc2UpOiBQcm9taXNlPEN1cnJlbnRVc2VyPiB7XHJcbiAgICBpZiAoIXJlbG9hZCAmJiB0aGlzLmN1cnJlbnRVc2VyKSB7XHJcbiAgICAgIHJldHVybiB0aGlzLmN1cnJlbnRVc2VyO1xyXG4gICAgfVxyXG4gICAgdGhpcy5jdXJyZW50VXNlciA9IGF3YWl0IHRoaXMubG9hZFVzZXIoXHJcbiAgICAgIGF3YWl0IHRoaXMuYXV0aC5jdXJyZW50QXV0aGVudGljYXRlZFVzZXIoKVxyXG4gICAgKTtcclxuICAgIGNvbnNvbGUubG9nKCdTdGFydGluZyBpZGxlIHNlcnZpY2UuJyk7XHJcbiAgICBhd2FpdCB0aGlzLmlkbGVTZXJ2aWNlLnN0YXJ0KCk7IC8vIFJ1biBpZGxlU2VydmljZSB3aGVuZXZlciB1c2VyIGlzIGxvZ2dlZCBpbi5cclxuICAgIHJldHVybiB0aGlzLmN1cnJlbnRVc2VyO1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBtYXBUUFZhdWx0QWNjZXNzKGZlYXR1cmVzPzogYW55KTogYm9vbGVhbiB7XHJcbiAgICBjb25zdCB0cFZhdWx0RmVhdHVyZSA9IGZlYXR1cmVzPy50cFZhdWx0O1xyXG4gICAgcmV0dXJuIChcclxuICAgICAgdHBWYXVsdEZlYXR1cmU/Lmxlbmd0aCA+IDAgJiZcclxuICAgICAgdHBWYXVsdEZlYXR1cmUuc29tZSgoZmVhdHVyZSkgPT4gZmVhdHVyZS50b1VwcGVyQ2FzZSgpID09PSAnQUNDRVNTJylcclxuICAgICk7XHJcbiAgfVxyXG5cclxuICBwcml2YXRlIGFzeW5jIGxvYWRVc2VyKFxyXG4gICAgY29nbml0b1VzZXI6IENvZ25pdG9Vc2VyLFxyXG4gICAgcGFzc3dvcmQ/OiBzdHJpbmdcclxuICApOiBQcm9taXNlPEN1cnJlbnRVc2VyPiB7XHJcbiAgICBjb25zdCB7XHJcbiAgICAgIGN1cnJlbnRVc2VyLFxyXG4gICAgICBjb250YWN0Q2FyZCxcclxuICAgICAgdXNlclBsYW5zLFxyXG4gICAgfSA9IGF3YWl0IHRoaXMucHJvZmlsZVNlcnZpY2UuZ2V0Q3VycmVudFVzZXIoKTtcclxuXHJcbiAgICBpZiAoY3VycmVudFVzZXIuc2Vzc2lvbkVuY3J5cHRpb25LZXkpIHtcclxuICAgICAgdGhpcy5wZXJzaXN0U2VydmljZS5zZXRTZXJ2ZXJTZXNzaW9uRW5jcnlwdGlvbktleShcclxuICAgICAgICBhd2FpdCBKV0suYXNLZXkoY3VycmVudFVzZXIuc2Vzc2lvbkVuY3J5cHRpb25LZXkpXHJcbiAgICAgICk7XHJcbiAgICB9XHJcblxyXG4gICAgY29uc3QgdXNlckF0dHJpYnV0ZXMgPSBhd2FpdCB0aGlzLmF1dGgudXNlckF0dHJpYnV0ZXMoY29nbml0b1VzZXIpO1xyXG5cclxuICAgIGlmIChwYXNzd29yZCkge1xyXG4gICAgICBjb25zdCBwYXNzS2V5ID0gKFxyXG4gICAgICAgIGF3YWl0IHRoaXMua2V5RmFjdG9yeS5kZXJpdmVQYXNzS2V5KHtcclxuICAgICAgICAgIHBhc3N3b3JkLFxyXG4gICAgICAgICAgLi4uY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkucGFzc0tleS5wYXNzS2V5UGFyYW1zLFxyXG4gICAgICAgIH0pXHJcbiAgICAgICkuandrO1xyXG5cclxuICAgICAgYXdhaXQgdGhpcy5pZGxlU2VydmljZS5wZXJzaXN0TWFzdGVyS2V5KFxyXG4gICAgICAgIGF3YWl0IHRoaXMua2V5R3JhcGhTZXJ2aWNlLnVud3JhcFdpdGhQYXNzS2V5KFxyXG4gICAgICAgICAgY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkucGFzc0tleS5pZCxcclxuICAgICAgICAgIHBhc3NLZXksXHJcbiAgICAgICAgICBjdXJyZW50VXNlci5jdXJyZW50VXNlcktleS5tYXN0ZXJLZXkuaWRcclxuICAgICAgICApXHJcbiAgICAgICk7XHJcbiAgICB9XHJcbiAgICBhd2FpdCB0aGlzLmtleUdyYXBoU2VydmljZS5wb3B1bGF0ZUtleXMoY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkpO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIGlkOiBjdXJyZW50VXNlci5pZCxcclxuICAgICAgc3ViOiB0aGlzLmdldFVzZXJBdHRyaWJ1dGUoJ3N1YicsIHVzZXJBdHRyaWJ1dGVzKSxcclxuICAgICAgdXNlcm5hbWU6IGN1cnJlbnRVc2VyLnVzZXJuYW1lLFxyXG4gICAgICBjdXJyZW50VXNlcktleTogY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXksXHJcbiAgICAgIGdldEFjY2Vzc0p3dFRva2VuOiAoKSA9PlxyXG4gICAgICAgIGNvZ25pdG9Vc2VyLmdldFNpZ25JblVzZXJTZXNzaW9uKCkuZ2V0QWNjZXNzVG9rZW4oKS5nZXRKd3RUb2tlbigpLFxyXG4gICAgICBlbWFpbDogdGhpcy5nZXRVc2VyQXR0cmlidXRlKCdlbWFpbCcsIHVzZXJBdHRyaWJ1dGVzKSxcclxuICAgICAgZW1haWxWZXJpZmllZDpcclxuICAgICAgICB0aGlzLmdldFVzZXJBdHRyaWJ1dGUoJ2VtYWlsX3ZlcmlmaWVkJywgdXNlckF0dHJpYnV0ZXMpID09PSAndHJ1ZScsXHJcbiAgICAgIHBob25lOiB0aGlzLmdldFVzZXJBdHRyaWJ1dGUoJ3Bob25lX251bWJlcicsIHVzZXJBdHRyaWJ1dGVzKSxcclxuICAgICAgcGhvbmVWZXJpZmllZDpcclxuICAgICAgICB0aGlzLmdldFVzZXJBdHRyaWJ1dGUoJ3Bob25lX251bWJlcl92ZXJpZmllZCcsIHVzZXJBdHRyaWJ1dGVzKSA9PT1cclxuICAgICAgICAndHJ1ZScsXHJcbiAgICAgIGNvbnRhY3RDYXJkOiB7XHJcbiAgICAgICAgLi4uKGF3YWl0IHRoaXMucHJvZmlsZVNlcnZpY2UuZGVjcnlwdENvbnRhY3RDYXJkKGNvbnRhY3RDYXJkKSksXHJcbiAgICAgIH0sXHJcbiAgICAgIHVzZXJEZWxldGU6IGN1cnJlbnRVc2VyLnVzZXJEZWxldGUsXHJcbiAgICAgIHVzZXJQbGFucyxcclxuICAgICAgaGFzVFBWYXVsdEFjY2VzczogdGhpcy5tYXBUUFZhdWx0QWNjZXNzKGN1cnJlbnRVc2VyLmZlYXR1cmVzKSxcclxuICAgICAgZmVhdHVyZXM6IGN1cnJlbnRVc2VyLmZlYXR1cmVzLFxyXG4gICAgICBzZXNzaW9uRW5jcnlwdGlvbktleTogY3VycmVudFVzZXIuc2Vzc2lvbkVuY3J5cHRpb25LZXksXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgcHVibGljIHdhdGNoQXV0aCgpOiBPYnNlcnZhYmxlPGFueT4ge1xyXG4gICAgcmV0dXJuIHRoaXMuaHViU3ViamVjdDtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyBsb2dvdXQoKTogUHJvbWlzZTx2b2lkPiB7XHJcbiAgICB0aGlzLmN1cnJlbnRVc2VyID0gbnVsbDtcclxuICAgIHRoaXMua2V5U2VydmljZS5wdXJnZUtleXMoKTtcclxuICAgIHRoaXMua2V5R3JhcGhTZXJ2aWNlLnB1cmdlS2V5cygpO1xyXG5cclxuICAgIGF3YWl0IFByb21pc2UuYWxsKFt0aGlzLmF1dGguc2lnbk91dCgpLCB0aGlzLnByb2ZpbGVTZXJ2aWNlLnNpZ25PdXQoKV0pO1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBnZXRVc2VyQXR0cmlidXRlKFxyXG4gICAgYXR0cmlidXRlTmFtZTogc3RyaW5nLFxyXG4gICAgdXNlckF0dHJpYnV0ZXM6IENvZ25pdG9Vc2VyQXR0cmlidXRlW11cclxuICApIHtcclxuICAgIGNvbnN0IHVzZXJBdHRyaWJ1dGUgPSB1c2VyQXR0cmlidXRlcy5maW5kKFxyXG4gICAgICAoeCkgPT4geC5nZXROYW1lKCkgPT09IGF0dHJpYnV0ZU5hbWVcclxuICAgICk7XHJcblxyXG4gICAgcmV0dXJuIHVzZXJBdHRyaWJ1dGUgPyB1c2VyQXR0cmlidXRlLmdldFZhbHVlKCkgOiBudWxsO1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIGxvYWRSZXNldFVzZXIocGFzc3dvcmQ/OiBzdHJpbmcpOiBQcm9taXNlPFRwUGFzc3dvcmRSZXNldFVzZXI+IHtcclxuICAgIGNvbnN0IHsgdHBQYXNzd29yZFJlc2V0VXNlcjogcmVzZXRVc2VyIH0gPSBhd2FpdCB0aGlzLmxyR3JhcGhRTC5xdWVyeSh7XHJcbiAgICAgIHF1ZXJ5OiBUcFBhc3N3b3JkUmVzZXRVc2VyUXVlcnksXHJcbiAgICB9KTtcclxuXHJcbiAgICBpZiAocmVzZXRVc2VyLnNlc3Npb25FbmNyeXB0aW9uS2V5KSB7XHJcbiAgICAgIHRoaXMucGVyc2lzdFNlcnZpY2Uuc2V0U2VydmVyU2Vzc2lvbkVuY3J5cHRpb25LZXkoXHJcbiAgICAgICAgYXdhaXQgSldLLmFzS2V5KHJlc2V0VXNlci5zZXNzaW9uRW5jcnlwdGlvbktleSlcclxuICAgICAgKTtcclxuICAgIH1cclxuXHJcbiAgICAvLyBVcGRhdGUgdGhlIGtleXNcclxuICAgIGlmIChwYXNzd29yZCkge1xyXG4gICAgICBjb25zdCBwYXNzS2V5ID0gKFxyXG4gICAgICAgIGF3YWl0IHRoaXMua2V5RmFjdG9yeS5kZXJpdmVQYXNzS2V5KHtcclxuICAgICAgICAgIHBhc3N3b3JkLFxyXG4gICAgICAgICAgLi4ucmVzZXRVc2VyLnBhc3NLZXkucGFzc0tleVBhcmFtcyxcclxuICAgICAgICB9KVxyXG4gICAgICApLmp3aztcclxuXHJcbiAgICAgIGF3YWl0IHRoaXMuaWRsZVNlcnZpY2UucGVyc2lzdE1hc3RlcktleShcclxuICAgICAgICBhd2FpdCB0aGlzLmtleUdyYXBoU2VydmljZS51bndyYXBXaXRoUGFzc0tleShcclxuICAgICAgICAgIHJlc2V0VXNlci5wYXNzS2V5LmlkLFxyXG4gICAgICAgICAgcGFzc0tleSxcclxuICAgICAgICAgIHJlc2V0VXNlci5tYXN0ZXJLZXkuaWRcclxuICAgICAgICApXHJcbiAgICAgICk7XHJcbiAgICB9XHJcblxyXG4gICAgdGhpcy5rZXlTZXJ2aWNlLnBvcHVsYXRlS2V5cyh7XHJcbiAgICAgIHBhc3NLZXk6IHtcclxuICAgICAgICBpZDogcmVzZXRVc2VyLnBhc3NLZXkuaWQsXHJcbiAgICAgIH0sXHJcbiAgICAgIG1hc3RlcktleToge1xyXG4gICAgICAgIGlkOiByZXNldFVzZXIubWFzdGVyS2V5LmlkLFxyXG4gICAgICB9LFxyXG4gICAgfSk7XHJcblxyXG4gICAgY29uc3QgdXNlckF0dHJpYnV0ZXMgPSBhd2FpdCB0aGlzLmF1dGgudXNlckF0dHJpYnV0ZXMoXHJcbiAgICAgIGF3YWl0IHRoaXMuYXV0aC5jdXJyZW50QXV0aGVudGljYXRlZFVzZXIoKVxyXG4gICAgKTtcclxuICAgIGNvbnN0IHN1YiA9IHRoaXMuZ2V0VXNlckF0dHJpYnV0ZSgnc3ViJywgdXNlckF0dHJpYnV0ZXMpO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIC4uLihhd2FpdCB0aGlzLnRwUGFzc3dvcmRSZXNldFByb2Nlc3NvclNlcnZpY2UucHJvY2Vzc1RwUGFzc3dvcmRSZXNldFVzZXJOb2RlKFxyXG4gICAgICAgIHJlc2V0VXNlclxyXG4gICAgICApKSxcclxuICAgICAgc3ViLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyByZWZyZXNoQWNjZXNzVG9rZW4oKSB7XHJcbiAgICBjb25zdCBjb2duaXRvVXNlcjogQ29nbml0b1VzZXIgPSBhd2FpdCB0aGlzLmF1dGguY3VycmVudEF1dGhlbnRpY2F0ZWRVc2VyKCk7XHJcbiAgICBjb25zdCByZWZyZXNoVG9rZW4gPSBjb2duaXRvVXNlci5nZXRTaWduSW5Vc2VyU2Vzc2lvbigpLmdldFJlZnJlc2hUb2tlbigpO1xyXG5cclxuICAgIHJldHVybiBuZXcgUHJvbWlzZSgocmVzb2x2ZSwgcmVqZWN0KSA9PiB7XHJcbiAgICAgIGNvZ25pdG9Vc2VyLnJlZnJlc2hTZXNzaW9uKHJlZnJlc2hUb2tlbiwgKGVyciwgZGF0YSkgPT4ge1xyXG4gICAgICAgIGlmIChlcnIpIHtcclxuICAgICAgICAgIGNvbnNvbGUuZXJyb3IoJ0Vycm9yIHJlZnJlc2hpbmcgdG9rZW46ICcsIGVycik7XHJcbiAgICAgICAgICByZWplY3QoZXJyKTtcclxuICAgICAgICB9IGVsc2Uge1xyXG4gICAgICAgICAgY29uc29sZS5sb2coJ1Rva2VuIHJlZnJlc2ggY29tcGxldGU6ICcsIGRhdGEpO1xyXG4gICAgICAgICAgcmVzb2x2ZSgwKTtcclxuICAgICAgICB9XHJcbiAgICAgIH0pO1xyXG4gICAgfSk7XHJcbiAgfVxyXG59XHJcbiJdfQ==