@lifeready/core 0.6.0-beta.1

package/esm2015/lib/auth/password.service.js

@@ -0,0 +1,320 @@
+import { __awaiter } from "tslib";
+import { HttpClient } from '@angular/common/http';
+import { Inject, Injectable } from '@angular/core';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import { ProfileService } from '../users/profile.service';
+import { EncryptionService } from '../cryptography/encryption.service';
+import { KeyGraphService } from '../cryptography/key-graph.service';
+import { LR_CONFIG } from '../life-ready.config';
+import { LrAuthException, LrBadArgumentException } from '../_common/exceptions';
+import { LrApolloService } from './../api/lr-apollo.service';
+import { PasswordChangeMutation, PasswordChangeRequestMutation, PasswordChangeConfigQuery, } from './auth.gql';
+import { WebCryptoService } from '../cryptography/web-crypto.service';
+import * as moment_ from 'moment';
+import { IdleService } from '../auth/idle.service';
+import { KeyFactoryService as KFS } from '../cryptography/key-factory.service';
+import * as i0 from "@angular/core";
+import * as i1 from "../life-ready.config";
+import * as i2 from "@angular/common/http";
+import * as i3 from "../api/lr-apollo.service";
+import * as i4 from "@aws-amplify/auth/lib-esm/Auth";
+import * as i5 from "../users/profile.service";
+import * as i6 from "../cryptography/key-factory.service";
+import * as i7 from "../cryptography/encryption.service";
+import * as i8 from "../cryptography/key-graph.service";
+import * as i9 from "../cryptography/web-crypto.service";
+import * as i10 from "./idle.service";
+// "why?" you ask: https://stackoverflow.com/questions/59735280/angular-8-moment-error-cannot-call-a-namespace-moment
+const moment = moment_;
+export class PasswordCheck {
+}
+export class PasswordService {
+    constructor(config, http, apollo, auth, profileService, keyFactory, encryptionService, keyGraph, webCryptoService, idleService) {
+        this.config = config;
+        this.http = http;
+        this.apollo = apollo;
+        this.auth = auth;
+        this.profileService = profileService;
+        this.keyFactory = keyFactory;
+        this.encryptionService = encryptionService;
+        this.keyGraph = keyGraph;
+        this.webCryptoService = webCryptoService;
+        this.idleService = idleService;
+        this.CLIENT_NONCE_LENGTH = 32;
+    }
+    checkPassword(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { years } = this.passwordStrength(password);
+            return {
+                length: password.length,
+                timeToCrack: moment.duration({ years }),
+                passwordExposed: yield this.getExposureCount(password),
+            };
+        });
+    }
+    getExposureCount(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const sha1Password = yield this.webCryptoService.stringDigest('SHA-1', password);
+            const first5sha1 = sha1Password.substring(0, 5);
+            const response = yield this.http
+                .get(`https://api.pwnedpasswords.com/range/${first5sha1}`, {
+                responseType: 'text',
+            })
+                .toPromise();
+            const results = new RegExp(`^(?:${sha1Password.substring(5)}:)(?<count>\\d+)$`, 'im').exec(response);
+            if (results) {
+                return +results.groups.count;
+            }
+            return 0;
+        });
+    }
+    getPassIdpString(passIdp) {
+        return passIdp.toJSON(true).k;
+    }
+    createPassKeyBundle(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const passIdpParams = yield this.keyFactory.createPassIdpParams();
+            const passIdp = (yield this.keyFactory.derivePassIdp(Object.assign({ password }, passIdpParams))).jwk;
+            const passKeyParams = yield this.keyFactory.createPassKeyParams();
+            const passKey = (yield this.keyFactory.derivePassKey(Object.assign({ password }, passKeyParams))).jwk;
+            const passIdpVerifier = yield this.keyFactory.createPkcSignKey();
+            const wrappedPassIdpVerifierPrk = yield this.encryptionService.encrypt(passKey, passIdpVerifier.toJSON(true));
+            // There are two formats that the private key can be represented in JWK:
+            // https://tools.ietf.org/html/rfc8017#page-9
+            // The second form is an optimization:
+            // https://crypto.stackexchange.com/questions/19413/what-are-dp-and-dq-in-encryption-by-rsa-in-c
+            return {
+                passKeyParams,
+                passKey,
+                passIdpParams,
+                passIdp,
+                passIdpVerifier,
+                wrappedPassIdpVerifierPrk,
+            };
+        });
+    }
+    /**
+     * We need to allow for interruption of the process at any point. Each API call can be considered
+     * atomic and either succeeds or fails.
+     *
+     * The LR server APIs use semaphore tokens for locking critical operations, so concurrent calls will
+     * fail.
+     *
+     * We assume the worst case for IdP API calls. So we use the semaphore token from LR to prevent
+     * concurrent calls to IdP APIs, but we have to assume that the IdP API calls will either succeed or
+     * fail within a reasonable amount of time.
+     *
+     * Each location where the server state changes can be a potential point of interruption.
+     * Potential points of interruption are marked with: --Potential Failure Point--
+     *
+     * Places for timeout:
+     * - Login age too old at call to: verifyPassword()
+     * - Login age too old at call to: changePasswordMutation()
+     * - Semaphore token expires at call to: changePasswordComplete()
+     *
+     * Tests:
+     * - Potential Failure Point 1: should be able to restart the process, user remains signed in.
+     * - Potential Failure Point 2: should enter recovery flow
+     * - Potential Failure Point 3: should enter recovery flow
+     * - Potential Failure Point 4: should enter recovery flow
+     *
+     */
+    isLoginRequired() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const changePasswordConfig = yield this.getChangePasswordConfig();
+            const authTime = moment(changePasswordConfig.authTime);
+            const serverTime = moment(changePasswordConfig.serverTime);
+            const duration = moment.duration(serverTime.diff(authTime));
+            const seconds = duration.asSeconds();
+            if (seconds > changePasswordConfig.maxAuthAgeSeconds) {
+                return true;
+            }
+            else {
+                return false;
+            }
+        });
+    }
+    changePassword(password, newPassword) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cognitoUser = yield this.auth.currentAuthenticatedUser();
+            // Validation
+            // todo: Add this back in
+            // Note the passIdp will always have a random salt, so will always be different to the current passIdp.
+            if (password === newPassword) {
+                throw new LrBadArgumentException('New password is the same as the current one.');
+            }
+            const { currentUser } = yield this.profileService.getCurrentUser();
+            const { passIdp, signedChallenge } = yield this.verifyPassword(password, currentUser);
+            // --Potential Failure Point 1--
+            // verifyPassword() asks for a current password challenge hence changes server state.
+            // Place break points here to test the failure scenarios.
+            // Generate the new passIdp
+            const newPassKey = yield this.createPassKeyBundle(newPassword);
+            // Re-encrypt master key with new key
+            const masterKey = yield this.keyGraph.getKey(currentUser.currentUserKey.masterKey.id);
+            const newWrappedMasterKey = yield this.encryptionService.encrypt(newPassKey.passKey, masterKey.jwk.toJSON(true));
+            // If the IdP change password failed, we need to go into recovery mode by forcing
+            // a login. We can't logout the user just yet since the IdP password change needs
+            // the user to be logged in. We _can_ removed any persisted session values for the IdP
+            // but that seems like too much trouble.
+            const { token, newPassKeyId } = yield this.changePasswordMutation(signedChallenge, currentUser.currentUserKey.masterKey.id, newWrappedMasterKey, newPassKey);
+            // --Potential Failure Point 2--
+            // changePasswordMutation() uploads new keys and obtains a semaphore lock to prevent any other
+            // clients from performing IdP password change.
+            // Now we can do the IdP password change.
+            // todo: Add this back in
+            yield this.auth.changePassword(cognitoUser, this.getPassIdpString(passIdp), this.getPassIdpString(newPassKey.passIdp));
+            // --Potential Failure Point 3--
+            // IdP password change
+            // Note that changePassword() could throw an exception for a number of reason. It could throw
+            // a network timeout for example. But we don't know if it's the response that timed out and
+            // the idp password change was actually carried out. So we have to be extra conservative and
+            // only act on a clear success. Otherwise we go into recover mode.
+            yield this.changePasswordComplete(cognitoUser.getSignInUserSession().getAccessToken().getJwtToken(), true, token);
+        });
+    }
+    changePasswordComplete(accessToken, useNewPassword, token = null) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.http
+                .post(`${this.config.authUrl}users/password-change-complete/`, Object.assign({ use_new_password: useNewPassword }, (token && { token })), {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                },
+            })
+                .toPromise();
+        });
+    }
+    getVerifierPrK(passKey, wrappedPrK) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const prkJson = yield this.encryptionService.decrypt(passKey, wrappedPrK);
+                return KFS.asKey(prkJson);
+            }
+            catch (error) {
+                throw new LrAuthException('Wrong current password');
+            }
+        });
+    }
+    verifyPassword(password, currentUser) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Get information from the server to prepare for password change.
+            const passwordRequest = yield this.apollo.mutate({
+                mutation: PasswordChangeRequestMutation,
+                variables: {},
+            });
+            // Get the old passKey so we can decrypt the old password verifier
+            const passKeyResult = yield this.keyFactory.derivePassKey(Object.assign({ password }, currentUser.currentUserKey.passKey.passKeyParams));
+            const verifierPrK = yield this.getVerifierPrK(passKeyResult.jwk, currentUser.currentUserKey.passKey.wrappedPassIdpVerifierPrk);
+            // Sign the server challenge to prove to the server we can decrypt the password verifier.
+            // Generate
+            const clientNonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
+            const signedChallenge = yield this.encryptionService.sign(verifierPrK, {
+                serverNonce: passwordRequest.passwordChangeRequest.challenge.serverNonce,
+                clientNonce,
+            });
+            const passIdpResult = yield this.keyFactory.derivePassIdp(Object.assign({ password }, currentUser.currentUserKey.passKey.passIdpParams));
+            return {
+                passIdp: passIdpResult.jwk,
+                signedChallenge,
+            };
+        });
+    }
+    changePasswordMutation(signedChallenge, masterKeyId, newWrappedMasterKey, passKeyBundle) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield this.apollo.mutate({
+                mutation: PasswordChangeMutation,
+                variables: {
+                    input: {
+                        signedChallenge: JSON.stringify(signedChallenge),
+                        masterKeyId,
+                        newWrappedMasterKey: JSON.stringify(newWrappedMasterKey),
+                        newPassKey: {
+                            passIdpParams: JSON.stringify(passKeyBundle.passIdpParams),
+                            passIdpVerifierPbk: JSON.stringify(passKeyBundle.passIdpVerifier.toJSON()),
+                            wrappedPassIdpVerifierPrk: JSON.stringify(passKeyBundle.wrappedPassIdpVerifierPrk),
+                            passKeyParams: JSON.stringify(passKeyBundle.passKeyParams),
+                        },
+                    },
+                },
+            });
+            return {
+                token: response.passwordChange.token,
+                newPassKeyId: response.passwordChange.newPassKey.id,
+            };
+        });
+    }
+    getChangePasswordConfig() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const res = yield this.apollo.query({
+                query: PasswordChangeConfigQuery,
+            });
+            const ret = res.passwordChangeConfig;
+            ret.authTime = new Date(ret.authTime);
+            ret.serverTime = new Date(ret.serverTime);
+            return ret;
+        });
+    }
+    passwordStrength(password) {
+        const upper = /[A-Z]/g;
+        const lower = /[a-z]/g;
+        const digit = /[0-9]/g;
+        const upperChoices = 26;
+        const lowerChoices = 26;
+        const digitChoices = 10;
+        const specialChoices = 30; // /[!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~]/g
+        function instanceCount(str, re) {
+            return ((str || '').match(re) || []).length;
+        }
+        const uppers = instanceCount(password, upper);
+        const lowers = instanceCount(password, lower);
+        const digits = instanceCount(password, digit);
+        const specials = password.length - uppers - lowers - digits;
+        let choices = 0;
+        if (uppers) {
+            choices += upperChoices;
+        }
+        if (lowers) {
+            choices += lowerChoices;
+        }
+        if (digits) {
+            choices += digitChoices;
+        }
+        if (specials) {
+            choices += specialChoices;
+        }
+        if (password.length === 0) {
+            return {
+                years: 0,
+                // bits of entropy
+                bits: 0,
+            };
+        }
+        const permutations = Math.pow(choices, password.length);
+        const years = (54000 * permutations) /
+            Math.pow(upperChoices + lowerChoices + digitChoices, 12);
+        return {
+            years,
+            // bits of entropy
+            bits: Math.round(Math.log2(permutations)),
+        };
+    }
+}
+PasswordService.ɵprov = i0.ɵɵdefineInjectable({ factory: function PasswordService_Factory() { return new PasswordService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.HttpClient), i0.ɵɵinject(i3.LrApolloService), i0.ɵɵinject(i4.AuthClass), i0.ɵɵinject(i5.ProfileService), i0.ɵɵinject(i6.KeyFactoryService), i0.ɵɵinject(i7.EncryptionService), i0.ɵɵinject(i8.KeyGraphService), i0.ɵɵinject(i9.WebCryptoService), i0.ɵɵinject(i10.IdleService)); }, token: PasswordService, providedIn: "root" });
+PasswordService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+PasswordService.ctorParameters = () => [
+    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
+    { type: HttpClient },
+    { type: LrApolloService },
+    { type: AuthClass },
+    { type: ProfileService },
+    { type: KFS },
+    { type: EncryptionService },
+    { type: KeyGraphService },
+    { type: WebCryptoService },
+    { type: IdleService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGFzc3dvcmQuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiJDOi9Qcm9qZWN0cy90ZXN0L3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2F1dGgvcGFzc3dvcmQuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xELE9BQU8sRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBRW5ELE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUUzRCxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDMUQsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sb0NBQW9DLENBQUM7QUFDdkUsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLG1DQUFtQyxDQUFDO0FBQ3BFLE9BQU8sRUFBbUIsU0FBUyxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDbEUsT0FBTyxFQUFFLGVBQWUsRUFBRSxzQkFBc0IsRUFBRSxNQUFNLHVCQUF1QixDQUFDO0FBQ2hGLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUM3RCxPQUFPLEVBQ0wsc0JBQXNCLEVBQ3RCLDZCQUE2QixFQUM3Qix5QkFBeUIsR0FDMUIsTUFBTSxZQUFZLENBQUM7QUFFcEIsT0FBTyxFQUFFLGdCQUFnQixFQUFFLE1BQU0sb0NBQW9DLENBQUM7QUFFdEUsT0FBTyxLQUFLLE9BQU8sTUFBTSxRQUFRLENBQUM7QUFFbEMsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ25ELE9BQU8sRUFBRSxpQkFBaUIsSUFBSSxHQUFHLEVBQUUsTUFBTSxxQ0FBcUMsQ0FBQzs7Ozs7Ozs7Ozs7O0FBRS9FLHFIQUFxSDtBQUNySCxNQUFNLE1BQU0sR0FBRyxPQUFPLENBQUM7QUF5QnZCLE1BQU0sT0FBTyxhQUFhO0NBSXpCO0FBS0QsTUFBTSxPQUFPLGVBQWU7SUFHMUIsWUFDNkIsTUFBdUIsRUFDMUMsSUFBZ0IsRUFDaEIsTUFBdUIsRUFDdkIsSUFBZSxFQUNmLGNBQThCLEVBQzlCLFVBQWUsRUFDZixpQkFBb0MsRUFDcEMsUUFBeUIsRUFDekIsZ0JBQWtDLEVBQ2xDLFdBQXdCO1FBVEwsV0FBTSxHQUFOLE1BQU0sQ0FBaUI7UUFDMUMsU0FBSSxHQUFKLElBQUksQ0FBWTtRQUNoQixXQUFNLEdBQU4sTUFBTSxDQUFpQjtRQUN2QixTQUFJLEdBQUosSUFBSSxDQUFXO1FBQ2YsbUJBQWMsR0FBZCxjQUFjLENBQWdCO1FBQzlCLGVBQVUsR0FBVixVQUFVLENBQUs7UUFDZixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLGFBQVEsR0FBUixRQUFRLENBQWlCO1FBQ3pCLHFCQUFnQixHQUFoQixnQkFBZ0IsQ0FBa0I7UUFDbEMsZ0JBQVcsR0FBWCxXQUFXLENBQWE7UUFaakIsd0JBQW1CLEdBQUcsRUFBRSxDQUFDO0lBYXZDLENBQUM7SUFFUyxhQUFhLENBQUMsUUFBZ0I7O1lBQ3pDLE1BQU0sRUFBRSxLQUFLLEVBQUUsR0FBRyxJQUFJLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxDQUFDLENBQUM7WUFFbEQsT0FBTztnQkFDTCxNQUFNLEVBQUUsUUFBUSxDQUFDLE1BQU07Z0JBQ3ZCLFdBQVcsRUFBRSxNQUFNLENBQUMsUUFBUSxDQUFDLEVBQUUsS0FBSyxFQUFFLENBQUM7Z0JBQ3ZDLGVBQWUsRUFBRSxNQUFNLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUM7YUFDdkQsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVZLGdCQUFnQixDQUFDLFFBQWdCOztZQUM1QyxNQUFNLFlBQVksR0FBRyxNQUFNLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxZQUFZLENBQzNELE9BQU8sRUFDUCxRQUFRLENBQ1QsQ0FBQztZQUNGLE1BQU0sVUFBVSxHQUFHLFlBQVksQ0FBQyxTQUFTLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO1lBRWhELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUk7aUJBQzdCLEdBQUcsQ0FBQyx3Q0FBd0MsVUFBVSxFQUFFLEVBQUU7Z0JBQ3pELFlBQVksRUFBRSxNQUFNO2FBQ3JCLENBQUM7aUJBQ0QsU0FBUyxFQUFFLENBQUM7WUFFZixNQUFNLE9BQU8sR0FBRyxJQUFJLE1BQU0sQ0FDeEIsT0FBTyxZQUFZLENBQUMsU0FBUyxDQUFDLENBQUMsQ0FBQyxtQkFBbUIsRUFDbkQsSUFBSSxDQUNMLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBRWpCLElBQUksT0FBTyxFQUFFO2dCQUNYLE9BQU8sQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQzthQUM5QjtZQUNELE9BQU8sQ0FBQyxDQUFDO1FBQ1gsQ0FBQztLQUFBO0lBRU0sZ0JBQWdCLENBQUMsT0FBZ0I7UUFDdEMsT0FBUSxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBUyxDQUFDLENBQUMsQ0FBQztJQUN6QyxDQUFDO0lBRVksbUJBQW1CLENBQUMsUUFBZ0I7O1lBQy9DLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBQ2xFLE1BQU0sT0FBTyxHQUFHLENBQ2QsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ2pDLFFBQVEsSUFDTCxhQUFhLEVBQ2hCLENBQ0gsQ0FBQyxHQUFHLENBQUM7WUFFTixNQUFNLGFBQWEsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztZQUNsRSxNQUFNLE9BQU8sR0FBRyxDQUNkLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLGlCQUNqQyxRQUFRLElBQ0wsYUFBYSxFQUNoQixDQUNILENBQUMsR0FBRyxDQUFDO1lBRU4sTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGdCQUFnQixFQUFFLENBQUM7WUFFakUsTUFBTSx5QkFBeUIsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ3BFLE9BQU8sRUFDUCxlQUFlLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUM3QixDQUFDO1lBRUYsd0VBQXdFO1lBQ3hFLDZDQUE2QztZQUM3QyxzQ0FBc0M7WUFDdEMsZ0dBQWdHO1lBRWhHLE9BQU87Z0JBQ0wsYUFBYTtnQkFDYixPQUFPO2dCQUNQLGFBQWE7Z0JBQ2IsT0FBTztnQkFDUCxlQUFlO2dCQUNmLHlCQUF5QjthQUMxQixDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUQ7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7T0F5Qkc7SUFFVSxlQUFlOztZQUMxQixNQUFNLG9CQUFvQixHQUFHLE1BQU0sSUFBSSxDQUFDLHVCQUF1QixFQUFFLENBQUM7WUFDbEUsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLG9CQUFvQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBQ3ZELE1BQU0sVUFBVSxHQUFHLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUMzRCxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsUUFBUSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUMsQ0FBQztZQUM1RCxNQUFNLE9BQU8sR0FBRyxRQUFRLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDckMsSUFBSSxPQUFPLEdBQUcsb0JBQW9CLENBQUMsaUJBQWlCLEVBQUU7Z0JBQ3BELE9BQU8sSUFBSSxDQUFDO2FBQ2I7aUJBQU07Z0JBQ0wsT0FBTyxLQUFLLENBQUM7YUFDZDtRQUNILENBQUM7S0FBQTtJQUVZLGNBQWMsQ0FBQyxRQUFnQixFQUFFLFdBQW1COztZQUMvRCxNQUFNLFdBQVcsR0FBZ0IsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLHdCQUF3QixFQUFFLENBQUM7WUFFNUUsYUFBYTtZQUNiLHlCQUF5QjtZQUN6Qix1R0FBdUc7WUFDdkcsSUFBSSxRQUFRLEtBQUssV0FBVyxFQUFFO2dCQUM1QixNQUFNLElBQUksc0JBQXNCLENBQzlCLDhDQUE4QyxDQUMvQyxDQUFDO2FBQ0g7WUFFRCxNQUFNLEVBQUUsV0FBVyxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLGNBQWMsRUFBRSxDQUFDO1lBRW5FLE1BQU0sRUFBRSxPQUFPLEVBQUUsZUFBZSxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUM1RCxRQUFRLEVBQ1IsV0FBVyxDQUNaLENBQUM7WUFFRixnQ0FBZ0M7WUFDaEMscUZBQXFGO1lBQ3JGLHlEQUF5RDtZQUV6RCwyQkFBMkI7WUFDM0IsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsV0FBVyxDQUFDLENBQUM7WUFFL0QscUNBQXFDO1lBQ3JDLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQzFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FDeEMsQ0FBQztZQUNGLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUM5RCxVQUFVLENBQUMsT0FBTyxFQUNsQixTQUFTLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDM0IsQ0FBQztZQUVGLGlGQUFpRjtZQUNqRixpRkFBaUY7WUFDakYsc0ZBQXNGO1lBQ3RGLHdDQUF3QztZQUV4QyxNQUFNLEVBQUUsS0FBSyxFQUFFLFlBQVksRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLHNCQUFzQixDQUMvRCxlQUFlLEVBQ2YsV0FBVyxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsRUFBRSxFQUN2QyxtQkFBbUIsRUFDbkIsVUFBVSxDQUNYLENBQUM7WUFFRixnQ0FBZ0M7WUFDaEMsOEZBQThGO1lBQzlGLCtDQUErQztZQUUvQyx5Q0FBeUM7WUFDekMseUJBQXlCO1lBQ3pCLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxjQUFjLENBQzVCLFdBQVcsRUFDWCxJQUFJLENBQUMsZ0JBQWdCLENBQUMsT0FBTyxDQUFDLEVBQzlCLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLENBQzFDLENBQUM7WUFFRixnQ0FBZ0M7WUFDaEMsc0JBQXNCO1lBRXRCLDZGQUE2RjtZQUM3RiwyRkFBMkY7WUFDM0YsNEZBQTRGO1lBQzVGLGtFQUFrRTtZQUNsRSxNQUFNLElBQUksQ0FBQyxzQkFBc0IsQ0FDL0IsV0FBVyxDQUFDLG9CQUFvQixFQUFFLENBQUMsY0FBYyxFQUFFLENBQUMsV0FBVyxFQUFFLEVBQ2pFLElBQUksRUFDSixLQUFLLENBQ04sQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVZLHNCQUFzQixDQUNqQyxXQUFtQixFQUNuQixjQUF1QixFQUN2QixRQUFnQixJQUFJOztZQUVwQixPQUFPLElBQUksQ0FBQyxJQUFJO2lCQUNiLElBQUksQ0FDSCxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxpQ0FBaUMsa0JBRXJELGdCQUFnQixFQUFFLGNBQWMsSUFDN0IsQ0FBQyxLQUFLLElBQUksRUFBRSxLQUFLLEVBQUUsQ0FBQyxHQUV6QjtnQkFDRSxPQUFPLEVBQUU7b0JBQ1AsYUFBYSxFQUFFLFVBQVUsV0FBVyxFQUFFO2lCQUN2QzthQUNGLENBQ0Y7aUJBQ0EsU0FBUyxFQUFFLENBQUM7UUFDakIsQ0FBQztLQUFBO0lBRWEsY0FBYyxDQUMxQixPQUFnQixFQUNoQixVQUFrQjs7WUFFbEIsSUFBSTtnQkFDRixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLFVBQVUsQ0FBQyxDQUFDO2dCQUMxRSxPQUFPLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7YUFDM0I7WUFBQyxPQUFPLEtBQUssRUFBRTtnQkFDZCxNQUFNLElBQUksZUFBZSxDQUFDLHdCQUF3QixDQUFDLENBQUM7YUFDckQ7UUFDSCxDQUFDO0tBQUE7SUFFYSxjQUFjLENBQzFCLFFBQWdCLEVBQ2hCLFdBQTJCOztZQUUzQixrRUFBa0U7WUFDbEUsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FDOUM7Z0JBQ0UsUUFBUSxFQUFFLDZCQUE2QjtnQkFDdkMsU0FBUyxFQUFFLEVBQUU7YUFDZCxDQUNGLENBQUM7WUFFRixrRUFBa0U7WUFDbEUsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ3ZELFFBQVEsSUFDTCxXQUFXLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQ25ELENBQUM7WUFFSCxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQzNDLGFBQWEsQ0FBQyxHQUFHLEVBQ2pCLFdBQVcsQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLHlCQUF5QixDQUM3RCxDQUFDO1lBRUYseUZBQXlGO1lBQ3pGLFdBQVc7WUFDWCxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQztZQUUzRSxNQUFNLGVBQWUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFO2dCQUNyRSxXQUFXLEVBQUUsZUFBZSxDQUFDLHFCQUFxQixDQUFDLFNBQVMsQ0FBQyxXQUFXO2dCQUN4RSxXQUFXO2FBQ1osQ0FBQyxDQUFDO1lBRUgsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ3ZELFFBQVEsSUFDTCxXQUFXLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQ25ELENBQUM7WUFFSCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxhQUFhLENBQUMsR0FBRztnQkFDMUIsZUFBZTthQUNoQixDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRWEsc0JBQXNCLENBQ2xDLGVBQXFDLEVBQ3JDLFdBQW1CLEVBQ25CLG1CQUEyQixFQUMzQixhQUE0Qjs7WUFFNUIsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBeUI7Z0JBQ2hFLFFBQVEsRUFBRSxzQkFBc0I7Z0JBQ2hDLFNBQVMsRUFBRTtvQkFDVCxLQUFLLEVBQUU7d0JBQ0wsZUFBZSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO3dCQUNoRCxXQUFXO3dCQUNYLG1CQUFtQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsbUJBQW1CLENBQUM7d0JBQ3hELFVBQVUsRUFBRTs0QkFDVixhQUFhLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDOzRCQUMxRCxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUNoQyxhQUFhLENBQUMsZUFBZSxDQUFDLE1BQU0sRUFBRSxDQUN2Qzs0QkFDRCx5QkFBeUIsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUN2QyxhQUFhLENBQUMseUJBQXlCLENBQ3hDOzRCQUNELGFBQWEsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUM7eUJBQzNEO3FCQUNGO2lCQUNGO2FBQ0YsQ0FBQyxDQUFDO1lBQ0gsT0FBTztnQkFDTCxLQUFLLEVBQUUsUUFBUSxDQUFDLGNBQWMsQ0FBQyxLQUFLO2dCQUNwQyxZQUFZLEVBQUUsUUFBUSxDQUFDLGNBQWMsQ0FBQyxVQUFVLENBQUMsRUFBRTthQUNwRCxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUssdUJBQXVCOztZQUMzQixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFNO2dCQUN2QyxLQUFLLEVBQUUseUJBQXlCO2FBQ2pDLENBQUMsQ0FBQztZQUVILE1BQU0sR0FBRyxHQUFHLEdBQUcsQ0FBQyxvQkFBNEMsQ0FBQztZQUU3RCxHQUFHLENBQUMsUUFBUSxHQUFHLElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUN0QyxHQUFHLENBQUMsVUFBVSxHQUFHLElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUMxQyxPQUFPLEdBQUcsQ0FBQztRQUNiLENBQUM7S0FBQTtJQUVNLGdCQUFnQixDQUFDLFFBQVE7UUFDOUIsTUFBTSxLQUFLLEdBQUcsUUFBUSxDQUFDO1FBQ3ZCLE1BQU0sS0FBSyxHQUFHLFFBQVEsQ0FBQztRQUN2QixNQUFNLEtBQUssR0FBRyxRQUFRLENBQUM7UUFFdkIsTUFBTSxZQUFZLEdBQUcsRUFBRSxDQUFDO1FBQ3hCLE1BQU0sWUFBWSxHQUFHLEVBQUUsQ0FBQztRQUN4QixNQUFNLFlBQVksR0FBRyxFQUFFLENBQUM7UUFDeEIsTUFBTSxjQUFjLEdBQUcsRUFBRSxDQUFDLENBQUMsd0NBQXdDO1FBRW5FLFNBQVMsYUFBYSxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQzVCLE9BQU8sQ0FBQyxDQUFDLEdBQUcsSUFBSSxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDO1FBQzlDLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBRyxhQUFhLENBQUMsUUFBUSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzlDLE1BQU0sTUFBTSxHQUFHLGFBQWEsQ0FBQyxRQUFRLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDOUMsTUFBTSxNQUFNLEdBQUcsYUFBYSxDQUFDLFFBQVEsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUM5QyxNQUFNLFFBQVEsR0FBRyxRQUFRLENBQUMsTUFBTSxHQUFHLE1BQU0sR0FBRyxNQUFNLEdBQUcsTUFBTSxDQUFDO1FBRTVELElBQUksT0FBTyxHQUFHLENBQUMsQ0FBQztRQUNoQixJQUFJLE1BQU0sRUFBRTtZQUNWLE9BQU8sSUFBSSxZQUFZLENBQUM7U0FDekI7UUFDRCxJQUFJLE1BQU0sRUFBRTtZQUNWLE9BQU8sSUFBSSxZQUFZLENBQUM7U0FDekI7UUFDRCxJQUFJLE1BQU0sRUFBRTtZQUNWLE9BQU8sSUFBSSxZQUFZLENBQUM7U0FDekI7UUFDRCxJQUFJLFFBQVEsRUFBRTtZQUNaLE9BQU8sSUFBSSxjQUFjLENBQUM7U0FDM0I7UUFFRCxJQUFJLFFBQVEsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFO1lBQ3pCLE9BQU87Z0JBQ0wsS0FBSyxFQUFFLENBQUM7Z0JBQ1Isa0JBQWtCO2dCQUNsQixJQUFJLEVBQUUsQ0FBQzthQUNSLENBQUM7U0FDSDtRQUVELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUV4RCxNQUFNLEtBQUssR0FDVCxDQUFDLEtBQUssR0FBRyxZQUFZLENBQUM7WUFDdEIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxZQUFZLEdBQUcsWUFBWSxHQUFHLFlBQVksRUFBRSxFQUFFLENBQUMsQ0FBQztRQUMzRCxPQUFPO1lBQ0wsS0FBSztZQUNMLGtCQUFrQjtZQUNsQixJQUFJLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1NBQzFDLENBQUM7SUFDSixDQUFDOzs7O1lBNVhGLFVBQVUsU0FBQztnQkFDVixVQUFVLEVBQUUsTUFBTTthQUNuQjs7OzRDQUtJLE1BQU0sU0FBQyxTQUFTO1lBL0RaLFVBQVU7WUFVVixlQUFlO1lBUGYsU0FBUztZQUVULGNBQWM7WUFpQk8sR0FBRztZQWhCeEIsaUJBQWlCO1lBQ2pCLGVBQWU7WUFVZixnQkFBZ0I7WUFJaEIsV0FBVyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEh0dHBDbGllbnQgfSBmcm9tICdAYW5ndWxhci9jb21tb24vaHR0cCc7XHJcbmltcG9ydCB7IEluamVjdCwgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgeyBDb2duaXRvVXNlciB9IGZyb20gJ0Bhd3MtYW1wbGlmeS9hdXRoJztcclxuaW1wb3J0IHsgQXV0aENsYXNzIH0gZnJvbSAnQGF3cy1hbXBsaWZ5L2F1dGgvbGliLWVzbS9BdXRoJztcclxuaW1wb3J0IHsgSldLLCBKV1MgfSBmcm9tICdub2RlLWpvc2UnO1xyXG5pbXBvcnQgeyBQcm9maWxlU2VydmljZSB9IGZyb20gJy4uL3VzZXJzL3Byb2ZpbGUuc2VydmljZSc7XHJcbmltcG9ydCB7IEVuY3J5cHRpb25TZXJ2aWNlIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2VuY3J5cHRpb24uc2VydmljZSc7XHJcbmltcG9ydCB7IEtleUdyYXBoU2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXktZ3JhcGguc2VydmljZSc7XHJcbmltcG9ydCB7IExpZmVSZWFkeUNvbmZpZywgTFJfQ09ORklHIH0gZnJvbSAnLi4vbGlmZS1yZWFkeS5jb25maWcnO1xyXG5pbXBvcnQgeyBMckF1dGhFeGNlcHRpb24sIExyQmFkQXJndW1lbnRFeGNlcHRpb24gfSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xyXG5pbXBvcnQgeyBMckFwb2xsb1NlcnZpY2UgfSBmcm9tICcuLy4uL2FwaS9sci1hcG9sbG8uc2VydmljZSc7XHJcbmltcG9ydCB7XHJcbiAgUGFzc3dvcmRDaGFuZ2VNdXRhdGlvbixcclxuICBQYXNzd29yZENoYW5nZVJlcXVlc3RNdXRhdGlvbixcclxuICBQYXNzd29yZENoYW5nZUNvbmZpZ1F1ZXJ5LFxyXG59IGZyb20gJy4vYXV0aC5ncWwnO1xyXG5pbXBvcnQgeyBQYXNzS2V5QnVuZGxlIH0gZnJvbSAnLi9hdXRoLnR5cGVzJztcclxuaW1wb3J0IHsgV2ViQ3J5cHRvU2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS93ZWItY3J5cHRvLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBEdXJhdGlvbiB9IGZyb20gJ21vbWVudCc7XHJcbmltcG9ydCAqIGFzIG1vbWVudF8gZnJvbSAnbW9tZW50JztcclxuaW1wb3J0IHsgQXBpQ3VycmVudFVzZXIgfSBmcm9tICcuLi91c2Vycy9wcm9maWxlLnR5cGVzJztcclxuaW1wb3J0IHsgSWRsZVNlcnZpY2UgfSBmcm9tICcuLi9hdXRoL2lkbGUuc2VydmljZSc7XHJcbmltcG9ydCB7IEtleUZhY3RvcnlTZXJ2aWNlIGFzIEtGUyB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXktZmFjdG9yeS5zZXJ2aWNlJztcclxuXHJcbi8vIFwid2h5P1wiIHlvdSBhc2s6IGh0dHBzOi8vc3RhY2tvdmVyZmxvdy5jb20vcXVlc3Rpb25zLzU5NzM1MjgwL2FuZ3VsYXItOC1tb21lbnQtZXJyb3ItY2Fubm90LWNhbGwtYS1uYW1lc3BhY2UtbW9tZW50XHJcbmNvbnN0IG1vbWVudCA9IG1vbWVudF87XHJcblxyXG5pbnRlcmZhY2UgUGFzc3dvcmRDaGFuZ2VSZXF1ZXN0TXV0YXRpb24ge1xyXG4gIHBhc3N3b3JkQ2hhbmdlUmVxdWVzdDoge1xyXG4gICAgY2hhbGxlbmdlOiB7XHJcbiAgICAgIHNlcnZlck5vbmNlOiBzdHJpbmc7XHJcbiAgICB9O1xyXG4gIH07XHJcbn1cclxuXHJcbmludGVyZmFjZSBQYXNzd29yZENoYW5nZU11dGF0aW9uIHtcclxuICBwYXNzd29yZENoYW5nZToge1xyXG4gICAgdG9rZW46IHN0cmluZztcclxuICAgIG5ld1Bhc3NLZXk6IHtcclxuICAgICAgaWQ6IHN0cmluZztcclxuICAgIH07XHJcbiAgfTtcclxufVxyXG5cclxuZXhwb3J0IGludGVyZmFjZSBQYXNzd29yZENoYW5nZUNvbmZpZyB7XHJcbiAgbWF4QXV0aEFnZVNlY29uZHM6IG51bWJlcjtcclxuICBhdXRoVGltZTogc3RyaW5nIHwgRGF0ZTtcclxuICBzZXJ2ZXJUaW1lOiBzdHJpbmcgfCBEYXRlO1xyXG59XHJcblxyXG5leHBvcnQgY2xhc3MgUGFzc3dvcmRDaGVjayB7XHJcbiAgbGVuZ3RoPzogbnVtYmVyO1xyXG4gIHRpbWVUb0NyYWNrPzogRHVyYXRpb247XHJcbiAgcGFzc3dvcmRFeHBvc2VkPzogbnVtYmVyO1xyXG59XHJcblxyXG5ASW5qZWN0YWJsZSh7XHJcbiAgcHJvdmlkZWRJbjogJ3Jvb3QnLFxyXG59KVxyXG5leHBvcnQgY2xhc3MgUGFzc3dvcmRTZXJ2aWNlIHtcclxuICBwcml2YXRlIHJlYWRvbmx5IENMSUVOVF9OT05DRV9MRU5HVEggPSAzMjtcclxuXHJcbiAgY29uc3RydWN0b3IoXHJcbiAgICBASW5qZWN0KExSX0NPTkZJRykgcHJpdmF0ZSBjb25maWc6IExpZmVSZWFkeUNvbmZpZyxcclxuICAgIHByaXZhdGUgaHR0cDogSHR0cENsaWVudCxcclxuICAgIHByaXZhdGUgYXBvbGxvOiBMckFwb2xsb1NlcnZpY2UsXHJcbiAgICBwcml2YXRlIGF1dGg6IEF1dGhDbGFzcyxcclxuICAgIHByaXZhdGUgcHJvZmlsZVNlcnZpY2U6IFByb2ZpbGVTZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSBrZXlGYWN0b3J5OiBLRlMsXHJcbiAgICBwcml2YXRlIGVuY3J5cHRpb25TZXJ2aWNlOiBFbmNyeXB0aW9uU2VydmljZSxcclxuICAgIHByaXZhdGUga2V5R3JhcGg6IEtleUdyYXBoU2VydmljZSxcclxuICAgIHByaXZhdGUgd2ViQ3J5cHRvU2VydmljZTogV2ViQ3J5cHRvU2VydmljZSxcclxuICAgIHByaXZhdGUgaWRsZVNlcnZpY2U6IElkbGVTZXJ2aWNlXHJcbiAgKSB7fVxyXG5cclxuICBwdWJsaWMgYXN5bmMgY2hlY2tQYXNzd29yZChwYXNzd29yZDogc3RyaW5nKTogUHJvbWlzZTxQYXNzd29yZENoZWNrPiB7XHJcbiAgICBjb25zdCB7IHllYXJzIH0gPSB0aGlzLnBhc3N3b3JkU3RyZW5ndGgocGFzc3dvcmQpO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIGxlbmd0aDogcGFzc3dvcmQubGVuZ3RoLFxyXG4gICAgICB0aW1lVG9DcmFjazogbW9tZW50LmR1cmF0aW9uKHsgeWVhcnMgfSksXHJcbiAgICAgIHBhc3N3b3JkRXhwb3NlZDogYXdhaXQgdGhpcy5nZXRFeHBvc3VyZUNvdW50KHBhc3N3b3JkKSxcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgZ2V0RXhwb3N1cmVDb3VudChwYXNzd29yZDogc3RyaW5nKTogUHJvbWlzZTxudW1iZXI+IHtcclxuICAgIGNvbnN0IHNoYTFQYXNzd29yZCA9IGF3YWl0IHRoaXMud2ViQ3J5cHRvU2VydmljZS5zdHJpbmdEaWdlc3QoXHJcbiAgICAgICdTSEEtMScsXHJcbiAgICAgIHBhc3N3b3JkXHJcbiAgICApO1xyXG4gICAgY29uc3QgZmlyc3Q1c2hhMSA9IHNoYTFQYXNzd29yZC5zdWJzdHJpbmcoMCwgNSk7XHJcblxyXG4gICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCB0aGlzLmh0dHBcclxuICAgICAgLmdldChgaHR0cHM6Ly9hcGkucHduZWRwYXNzd29yZHMuY29tL3JhbmdlLyR7Zmlyc3Q1c2hhMX1gLCB7XHJcbiAgICAgICAgcmVzcG9uc2VUeXBlOiAndGV4dCcsXHJcbiAgICAgIH0pXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuXHJcbiAgICBjb25zdCByZXN1bHRzID0gbmV3IFJlZ0V4cChcclxuICAgICAgYF4oPzoke3NoYTFQYXNzd29yZC5zdWJzdHJpbmcoNSl9OikoPzxjb3VudD5cXFxcZCspJGAsXHJcbiAgICAgICdpbSdcclxuICAgICkuZXhlYyhyZXNwb25zZSk7XHJcblxyXG4gICAgaWYgKHJlc3VsdHMpIHtcclxuICAgICAgcmV0dXJuICtyZXN1bHRzLmdyb3Vwcy5jb3VudDtcclxuICAgIH1cclxuICAgIHJldHVybiAwO1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGdldFBhc3NJZHBTdHJpbmcocGFzc0lkcDogSldLLktleSkge1xyXG4gICAgcmV0dXJuIChwYXNzSWRwLnRvSlNPTih0cnVlKSBhcyBhbnkpLms7XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgY3JlYXRlUGFzc0tleUJ1bmRsZShwYXNzd29yZDogc3RyaW5nKTogUHJvbWlzZTxQYXNzS2V5QnVuZGxlPiB7XHJcbiAgICBjb25zdCBwYXNzSWRwUGFyYW1zID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZVBhc3NJZHBQYXJhbXMoKTtcclxuICAgIGNvbnN0IHBhc3NJZHAgPSAoXHJcbiAgICAgIGF3YWl0IHRoaXMua2V5RmFjdG9yeS5kZXJpdmVQYXNzSWRwKHtcclxuICAgICAgICBwYXNzd29yZCxcclxuICAgICAgICAuLi5wYXNzSWRwUGFyYW1zLFxyXG4gICAgICB9KVxyXG4gICAgKS5qd2s7XHJcblxyXG4gICAgY29uc3QgcGFzc0tleVBhcmFtcyA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVQYXNzS2V5UGFyYW1zKCk7XHJcbiAgICBjb25zdCBwYXNzS2V5ID0gKFxyXG4gICAgICBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlUGFzc0tleSh7XHJcbiAgICAgICAgcGFzc3dvcmQsXHJcbiAgICAgICAgLi4ucGFzc0tleVBhcmFtcyxcclxuICAgICAgfSlcclxuICAgICkuandrO1xyXG5cclxuICAgIGNvbnN0IHBhc3NJZHBWZXJpZmllciA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVQa2NTaWduS2V5KCk7XHJcblxyXG4gICAgY29uc3Qgd3JhcHBlZFBhc3NJZHBWZXJpZmllclByayA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcclxuICAgICAgcGFzc0tleSxcclxuICAgICAgcGFzc0lkcFZlcmlmaWVyLnRvSlNPTih0cnVlKVxyXG4gICAgKTtcclxuXHJcbiAgICAvLyBUaGVyZSBhcmUgdHdvIGZvcm1hdHMgdGhhdCB0aGUgcHJpdmF0ZSBrZXkgY2FuIGJlIHJlcHJlc2VudGVkIGluIEpXSzpcclxuICAgIC8vIGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM4MDE3I3BhZ2UtOVxyXG4gICAgLy8gVGhlIHNlY29uZCBmb3JtIGlzIGFuIG9wdGltaXphdGlvbjpcclxuICAgIC8vIGh0dHBzOi8vY3J5cHRvLnN0YWNrZXhjaGFuZ2UuY29tL3F1ZXN0aW9ucy8xOTQxMy93aGF0LWFyZS1kcC1hbmQtZHEtaW4tZW5jcnlwdGlvbi1ieS1yc2EtaW4tY1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIHBhc3NLZXlQYXJhbXMsXHJcbiAgICAgIHBhc3NLZXksXHJcbiAgICAgIHBhc3NJZHBQYXJhbXMsXHJcbiAgICAgIHBhc3NJZHAsXHJcbiAgICAgIHBhc3NJZHBWZXJpZmllcixcclxuICAgICAgd3JhcHBlZFBhc3NJZHBWZXJpZmllclByayxcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICAvKipcclxuICAgKiBXZSBuZWVkIHRvIGFsbG93IGZvciBpbnRlcnJ1cHRpb24gb2YgdGhlIHByb2Nlc3MgYXQgYW55IHBvaW50LiBFYWNoIEFQSSBjYWxsIGNhbiBiZSBjb25zaWRlcmVkXHJcbiAgICogYXRvbWljIGFuZCBlaXRoZXIgc3VjY2VlZHMgb3IgZmFpbHMuXHJcbiAgICpcclxuICAgKiBUaGUgTFIgc2VydmVyIEFQSXMgdXNlIHNlbWFwaG9yZSB0b2tlbnMgZm9yIGxvY2tpbmcgY3JpdGljYWwgb3BlcmF0aW9ucywgc28gY29uY3VycmVudCBjYWxscyB3aWxsXHJcbiAgICogZmFpbC5cclxuICAgKlxyXG4gICAqIFdlIGFzc3VtZSB0aGUgd29yc3QgY2FzZSBmb3IgSWRQIEFQSSBjYWxscy4gU28gd2UgdXNlIHRoZSBzZW1hcGhvcmUgdG9rZW4gZnJvbSBMUiB0byBwcmV2ZW50XHJcbiAgICogY29uY3VycmVudCBjYWxscyB0byBJZFAgQVBJcywgYnV0IHdlIGhhdmUgdG8gYXNzdW1lIHRoYXQgdGhlIElkUCBBUEkgY2FsbHMgd2lsbCBlaXRoZXIgc3VjY2VlZCBvclxyXG4gICAqIGZhaWwgd2l0aGluIGEgcmVhc29uYWJsZSBhbW91bnQgb2YgdGltZS5cclxuICAgKlxyXG4gICAqIEVhY2ggbG9jYXRpb24gd2hlcmUgdGhlIHNlcnZlciBzdGF0ZSBjaGFuZ2VzIGNhbiBiZSBhIHBvdGVudGlhbCBwb2ludCBvZiBpbnRlcnJ1cHRpb24uXHJcbiAgICogUG90ZW50aWFsIHBvaW50cyBvZiBpbnRlcnJ1cHRpb24gYXJlIG1hcmtlZCB3aXRoOiAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50LS1cclxuICAgKlxyXG4gICAqIFBsYWNlcyBmb3IgdGltZW91dDpcclxuICAgKiAtIExvZ2luIGFnZSB0b28gb2xkIGF0IGNhbGwgdG86IHZlcmlmeVBhc3N3b3JkKClcclxuICAgKiAtIExvZ2luIGFnZSB0b28gb2xkIGF0IGNhbGwgdG86IGNoYW5nZVBhc3N3b3JkTXV0YXRpb24oKVxyXG4gICAqIC0gU2VtYXBob3JlIHRva2VuIGV4cGlyZXMgYXQgY2FsbCB0bzogY2hhbmdlUGFzc3dvcmRDb21wbGV0ZSgpXHJcbiAgICpcclxuICAgKiBUZXN0czpcclxuICAgKiAtIFBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDE6IHNob3VsZCBiZSBhYmxlIHRvIHJlc3RhcnQgdGhlIHByb2Nlc3MsIHVzZXIgcmVtYWlucyBzaWduZWQgaW4uXHJcbiAgICogLSBQb3RlbnRpYWwgRmFpbHVyZSBQb2ludCAyOiBzaG91bGQgZW50ZXIgcmVjb3ZlcnkgZmxvd1xyXG4gICAqIC0gUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgMzogc2hvdWxkIGVudGVyIHJlY292ZXJ5IGZsb3dcclxuICAgKiAtIFBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDQ6IHNob3VsZCBlbnRlciByZWNvdmVyeSBmbG93XHJcbiAgICpcclxuICAgKi9cclxuXHJcbiAgcHVibGljIGFzeW5jIGlzTG9naW5SZXF1aXJlZCgpOiBQcm9taXNlPGJvb2xlYW4+IHtcclxuICAgIGNvbnN0IGNoYW5nZVBhc3N3b3JkQ29uZmlnID0gYXdhaXQgdGhpcy5nZXRDaGFuZ2VQYXNzd29yZENvbmZpZygpO1xyXG4gICAgY29uc3QgYXV0aFRpbWUgPSBtb21lbnQoY2hhbmdlUGFzc3dvcmRDb25maWcuYXV0aFRpbWUpO1xyXG4gICAgY29uc3Qgc2VydmVyVGltZSA9IG1vbWVudChjaGFuZ2VQYXNzd29yZENvbmZpZy5zZXJ2ZXJUaW1lKTtcclxuICAgIGNvbnN0IGR1cmF0aW9uID0gbW9tZW50LmR1cmF0aW9uKHNlcnZlclRpbWUuZGlmZihhdXRoVGltZSkpO1xyXG4gICAgY29uc3Qgc2Vjb25kcyA9IGR1cmF0aW9uLmFzU2Vjb25kcygpO1xyXG4gICAgaWYgKHNlY29uZHMgPiBjaGFuZ2VQYXNzd29yZENvbmZpZy5tYXhBdXRoQWdlU2Vjb25kcykge1xyXG4gICAgICByZXR1cm4gdHJ1ZTtcclxuICAgIH0gZWxzZSB7XHJcbiAgICAgIHJldHVybiBmYWxzZTtcclxuICAgIH1cclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyBjaGFuZ2VQYXNzd29yZChwYXNzd29yZDogc3RyaW5nLCBuZXdQYXNzd29yZDogc3RyaW5nKSB7XHJcbiAgICBjb25zdCBjb2duaXRvVXNlcjogQ29nbml0b1VzZXIgPSBhd2FpdCB0aGlzLmF1dGguY3VycmVudEF1dGhlbnRpY2F0ZWRVc2VyKCk7XHJcblxyXG4gICAgLy8gVmFsaWRhdGlvblxyXG4gICAgLy8gdG9kbzogQWRkIHRoaXMgYmFjayBpblxyXG4gICAgLy8gTm90ZSB0aGUgcGFzc0lkcCB3aWxsIGFsd2F5cyBoYXZlIGEgcmFuZG9tIHNhbHQsIHNvIHdpbGwgYWx3YXlzIGJlIGRpZmZlcmVudCB0byB0aGUgY3VycmVudCBwYXNzSWRwLlxyXG4gICAgaWYgKHBhc3N3b3JkID09PSBuZXdQYXNzd29yZCkge1xyXG4gICAgICB0aHJvdyBuZXcgTHJCYWRBcmd1bWVudEV4Y2VwdGlvbihcclxuICAgICAgICAnTmV3IHBhc3N3b3JkIGlzIHRoZSBzYW1lIGFzIHRoZSBjdXJyZW50IG9uZS4nXHJcbiAgICAgICk7XHJcbiAgICB9XHJcblxyXG4gICAgY29uc3QgeyBjdXJyZW50VXNlciB9ID0gYXdhaXQgdGhpcy5wcm9maWxlU2VydmljZS5nZXRDdXJyZW50VXNlcigpO1xyXG5cclxuICAgIGNvbnN0IHsgcGFzc0lkcCwgc2lnbmVkQ2hhbGxlbmdlIH0gPSBhd2FpdCB0aGlzLnZlcmlmeVBhc3N3b3JkKFxyXG4gICAgICBwYXNzd29yZCxcclxuICAgICAgY3VycmVudFVzZXJcclxuICAgICk7XHJcblxyXG4gICAgLy8gLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludCAxLS1cclxuICAgIC8vIHZlcmlmeVBhc3N3b3JkKCkgYXNrcyBmb3IgYSBjdXJyZW50IHBhc3N3b3JkIGNoYWxsZW5nZSBoZW5jZSBjaGFuZ2VzIHNlcnZlciBzdGF0ZS5cclxuICAgIC8vIFBsYWNlIGJyZWFrIHBvaW50cyBoZXJlIHRvIHRlc3QgdGhlIGZhaWx1cmUgc2NlbmFyaW9zLlxyXG5cclxuICAgIC8vIEdlbmVyYXRlIHRoZSBuZXcgcGFzc0lkcFxyXG4gICAgY29uc3QgbmV3UGFzc0tleSA9IGF3YWl0IHRoaXMuY3JlYXRlUGFzc0tleUJ1bmRsZShuZXdQYXNzd29yZCk7XHJcblxyXG4gICAgLy8gUmUtZW5jcnlwdCBtYXN0ZXIga2V5IHdpdGggbmV3IGtleVxyXG4gICAgY29uc3QgbWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5rZXlHcmFwaC5nZXRLZXkoXHJcbiAgICAgIGN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5Lm1hc3RlcktleS5pZFxyXG4gICAgKTtcclxuICAgIGNvbnN0IG5ld1dyYXBwZWRNYXN0ZXJLZXkgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXHJcbiAgICAgIG5ld1Bhc3NLZXkucGFzc0tleSxcclxuICAgICAgbWFzdGVyS2V5Lmp3ay50b0pTT04odHJ1ZSlcclxuICAgICk7XHJcblxyXG4gICAgLy8gSWYgdGhlIElkUCBjaGFuZ2UgcGFzc3dvcmQgZmFpbGVkLCB3ZSBuZWVkIHRvIGdvIGludG8gcmVjb3ZlcnkgbW9kZSBieSBmb3JjaW5nXHJcbiAgICAvLyBhIGxvZ2luLiBXZSBjYW4ndCBsb2dvdXQgdGhlIHVzZXIganVzdCB5ZXQgc2luY2UgdGhlIElkUCBwYXNzd29yZCBjaGFuZ2UgbmVlZHNcclxuICAgIC8vIHRoZSB1c2VyIHRvIGJlIGxvZ2dlZCBpbi4gV2UgX2Nhbl8gcmVtb3ZlZCBhbnkgcGVyc2lzdGVkIHNlc3Npb24gdmFsdWVzIGZvciB0aGUgSWRQXHJcbiAgICAvLyBidXQgdGhhdCBzZWVtcyBsaWtlIHRvbyBtdWNoIHRyb3VibGUuXHJcblxyXG4gICAgY29uc3QgeyB0b2tlbiwgbmV3UGFzc0tleUlkIH0gPSBhd2FpdCB0aGlzLmNoYW5nZVBhc3N3b3JkTXV0YXRpb24oXHJcbiAgICAgIHNpZ25lZENoYWxsZW5nZSxcclxuICAgICAgY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkubWFzdGVyS2V5LmlkLFxyXG4gICAgICBuZXdXcmFwcGVkTWFzdGVyS2V5LFxyXG4gICAgICBuZXdQYXNzS2V5XHJcbiAgICApO1xyXG5cclxuICAgIC8vIC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgMi0tXHJcbiAgICAvLyBjaGFuZ2VQYXNzd29yZE11dGF0aW9uKCkgdXBsb2FkcyBuZXcga2V5cyBhbmQgb2J0YWlucyBhIHNlbWFwaG9yZSBsb2NrIHRvIHByZXZlbnQgYW55IG90aGVyXHJcbiAgICAvLyBjbGllbnRzIGZyb20gcGVyZm9ybWluZyBJZFAgcGFzc3dvcmQgY2hhbmdlLlxyXG5cclxuICAgIC8vIE5vdyB3ZSBjYW4gZG8gdGhlIElkUCBwYXNzd29yZCBjaGFuZ2UuXHJcbiAgICAvLyB0b2RvOiBBZGQgdGhpcyBiYWNrIGluXHJcbiAgICBhd2FpdCB0aGlzLmF1dGguY2hhbmdlUGFzc3dvcmQoXHJcbiAgICAgIGNvZ25pdG9Vc2VyLFxyXG4gICAgICB0aGlzLmdldFBhc3NJZHBTdHJpbmcocGFzc0lkcCksXHJcbiAgICAgIHRoaXMuZ2V0UGFzc0lkcFN0cmluZyhuZXdQYXNzS2V5LnBhc3NJZHApXHJcbiAgICApO1xyXG5cclxuICAgIC8vIC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgMy0tXHJcbiAgICAvLyBJZFAgcGFzc3dvcmQgY2hhbmdlXHJcblxyXG4gICAgLy8gTm90ZSB0aGF0IGNoYW5nZVBhc3N3b3JkKCkgY291bGQgdGhyb3cgYW4gZXhjZXB0aW9uIGZvciBhIG51bWJlciBvZiByZWFzb24uIEl0IGNvdWxkIHRocm93XHJcbiAgICAvLyBhIG5ldHdvcmsgdGltZW91dCBmb3IgZXhhbXBsZS4gQnV0IHdlIGRvbid0IGtub3cgaWYgaXQncyB0aGUgcmVzcG9uc2UgdGhhdCB0aW1lZCBvdXQgYW5kXHJcbiAgICAvLyB0aGUgaWRwIHBhc3N3b3JkIGNoYW5nZSB3YXMgYWN0dWFsbHkgY2FycmllZCBvdXQuIFNvIHdlIGhhdmUgdG8gYmUgZXh0cmEgY29uc2VydmF0aXZlIGFuZFxyXG4gICAgLy8gb25seSBhY3Qgb24gYSBjbGVhciBzdWNjZXNzLiBPdGhlcndpc2Ugd2UgZ28gaW50byByZWNvdmVyIG1vZGUuXHJcbiAgICBhd2FpdCB0aGlzLmNoYW5nZVBhc3N3b3JkQ29tcGxldGUoXHJcbiAgICAgIGNvZ25pdG9Vc2VyLmdldFNpZ25JblVzZXJTZXNzaW9uKCkuZ2V0QWNjZXNzVG9rZW4oKS5nZXRKd3RUb2tlbigpLFxyXG4gICAgICB0cnVlLFxyXG4gICAgICB0b2tlblxyXG4gICAgKTtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyBjaGFuZ2VQYXNzd29yZENvbXBsZXRlKFxyXG4gICAgYWNjZXNzVG9rZW46IHN0cmluZyxcclxuICAgIHVzZU5ld1Bhc3N3b3JkOiBib29sZWFuLFxyXG4gICAgdG9rZW46IHN0cmluZyA9IG51bGxcclxuICApOiBQcm9taXNlPGFueT4ge1xyXG4gICAgcmV0dXJuIHRoaXMuaHR0cFxyXG4gICAgICAucG9zdChcclxuICAgICAgICBgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL3Bhc3N3b3JkLWNoYW5nZS1jb21wbGV0ZS9gLFxyXG4gICAgICAgIHtcclxuICAgICAgICAgIHVzZV9uZXdfcGFzc3dvcmQ6IHVzZU5ld1Bhc3N3b3JkLFxyXG4gICAgICAgICAgLi4uKHRva2VuICYmIHsgdG9rZW4gfSksXHJcbiAgICAgICAgfSxcclxuICAgICAgICB7XHJcbiAgICAgICAgICBoZWFkZXJzOiB7XHJcbiAgICAgICAgICAgIEF1dGhvcml6YXRpb246IGBCZWFyZXIgJHthY2Nlc3NUb2tlbn1gLFxyXG4gICAgICAgICAgfSxcclxuICAgICAgICB9XHJcbiAgICAgIClcclxuICAgICAgLnRvUHJvbWlzZSgpO1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBhc3luYyBnZXRWZXJpZmllclBySyhcclxuICAgIHBhc3NLZXk6IEpXSy5LZXksXHJcbiAgICB3cmFwcGVkUHJLOiBvYmplY3RcclxuICApOiBQcm9taXNlPEpXSy5LZXk+IHtcclxuICAgIHRyeSB7XHJcbiAgICAgIGNvbnN0IHBya0pzb24gPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQocGFzc0tleSwgd3JhcHBlZFBySyk7XHJcbiAgICAgIHJldHVybiBLRlMuYXNLZXkocHJrSnNvbik7XHJcbiAgICB9IGNhdGNoIChlcnJvcikge1xyXG4gICAgICB0aHJvdyBuZXcgTHJBdXRoRXhjZXB0aW9uKCdXcm9uZyBjdXJyZW50IHBhc3N3b3JkJyk7XHJcbiAgICB9XHJcbiAgfVxyXG5cclxuICBwcml2YXRlIGFzeW5jIHZlcmlmeVBhc3N3b3JkKFxyXG4gICAgcGFzc3dvcmQ6IHN0cmluZyxcclxuICAgIGN1cnJlbnRVc2VyOiBBcGlDdXJyZW50VXNlclxyXG4gICk6IFByb21pc2U8eyBwYXNzSWRwOiBKV0suS2V5OyBzaWduZWRDaGFsbGVuZ2U6IEpXUy5DcmVhdGVTaWduUmVzdWx0IH0+IHtcclxuICAgIC8vIEdldCBpbmZvcm1hdGlvbiBmcm9tIHRoZSBzZXJ2ZXIgdG8gcHJlcGFyZSBmb3IgcGFzc3dvcmQgY2hhbmdlLlxyXG4gICAgY29uc3QgcGFzc3dvcmRSZXF1ZXN0ID0gYXdhaXQgdGhpcy5hcG9sbG8ubXV0YXRlPFBhc3N3b3JkQ2hhbmdlUmVxdWVzdE11dGF0aW9uPihcclxuICAgICAge1xyXG4gICAgICAgIG11dGF0aW9uOiBQYXNzd29yZENoYW5nZVJlcXVlc3RNdXRhdGlvbixcclxuICAgICAgICB2YXJpYWJsZXM6IHt9LFxyXG4gICAgICB9XHJcbiAgICApO1xyXG5cclxuICAgIC8vIEdldCB0aGUgb2xkIHBhc3NLZXkgc28gd2UgY2FuIGRlY3J5cHQgdGhlIG9sZCBwYXNzd29yZCB2ZXJpZmllclxyXG4gICAgY29uc3QgcGFzc0tleVJlc3VsdCA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5kZXJpdmVQYXNzS2V5KHtcclxuICAgICAgcGFzc3dvcmQsXHJcbiAgICAgIC4uLmN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5LnBhc3NLZXkucGFzc0tleVBhcmFtcyxcclxuICAgIH0pO1xyXG5cclxuICAgIGNvbnN0IHZlcmlmaWVyUHJLID0gYXdhaXQgdGhpcy5nZXRWZXJpZmllclBySyhcclxuICAgICAgcGFzc0tleVJlc3VsdC5qd2ssXHJcbiAgICAgIGN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5LnBhc3NLZXkud3JhcHBlZFBhc3NJZHBWZXJpZmllclBya1xyXG4gICAgKTtcclxuXHJcbiAgICAvLyBTaWduIHRoZSBzZXJ2ZXIgY2hhbGxlbmdlIHRvIHByb3ZlIHRvIHRoZSBzZXJ2ZXIgd2UgY2FuIGRlY3J5cHQgdGhlIHBhc3N3b3JkIHZlcmlmaWVyLlxyXG4gICAgLy8gR2VuZXJhdGVcclxuICAgIGNvbnN0IGNsaWVudE5vbmNlID0gdGhpcy5rZXlGYWN0b3J5LnJhbmRvbVN0cmluZyh0aGlzLkNMSUVOVF9OT05DRV9MRU5HVEgpO1xyXG5cclxuICAgIGNvbnN0IHNpZ25lZENoYWxsZW5nZSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2Uuc2lnbih2ZXJpZmllclBySywge1xyXG4gICAgICBzZXJ2ZXJOb25jZTogcGFzc3dvcmRSZXF1ZXN0LnBhc3N3b3JkQ2hhbmdlUmVxdWVzdC5jaGFsbGVuZ2Uuc2VydmVyTm9uY2UsXHJcbiAgICAgIGNsaWVudE5vbmNlLFxyXG4gICAgfSk7XHJcblxyXG4gICAgY29uc3QgcGFzc0lkcFJlc3VsdCA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5kZXJpdmVQYXNzSWRwKHtcclxuICAgICAgcGFzc3dvcmQsXHJcbiAgICAgIC4uLmN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5LnBhc3NLZXkucGFzc0lkcFBhcmFtcyxcclxuICAgIH0pO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIHBhc3NJZHA6IHBhc3NJZHBSZXN1bHQuandrLFxyXG4gICAgICBzaWduZWRDaGFsbGVuZ2UsXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBhc3luYyBjaGFuZ2VQYXNzd29yZE11dGF0aW9uKFxyXG4gICAgc2lnbmVkQ2hhbGxlbmdlOiBKV1MuQ3JlYXRlU2lnblJlc3VsdCxcclxuICAgIG1hc3RlcktleUlkOiBzdHJpbmcsXHJcbiAgICBuZXdXcmFwcGVkTWFzdGVyS2V5OiBvYmplY3QsXHJcbiAgICBwYXNzS2V5QnVuZGxlOiBQYXNzS2V5QnVuZGxlXHJcbiAgKTogUHJvbWlzZTx7IHRva2VuOiBzdHJpbmc7IG5ld1Bhc3NLZXlJZDogc3RyaW5nIH0+IHtcclxuICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgdGhpcy5hcG9sbG8ubXV0YXRlPFBhc3N3b3JkQ2hhbmdlTXV0YXRpb24+KHtcclxuICAgICAgbXV0YXRpb246IFBhc3N3b3JkQ2hhbmdlTXV0YXRpb24sXHJcbiAgICAgIHZhcmlhYmxlczoge1xyXG4gICAgICAgIGlucHV0OiB7XHJcbiAgICAgICAgICBzaWduZWRDaGFsbGVuZ2U6IEpTT04uc3RyaW5naWZ5KHNpZ25lZENoYWxsZW5nZSksXHJcbiAgICAgICAgICBtYXN0ZXJLZXlJZCxcclxuICAgICAgICAgIG5ld1dyYXBwZWRNYXN0ZXJLZXk6IEpTT04uc3RyaW5naWZ5KG5ld1dyYXBwZWRNYXN0ZXJLZXkpLFxyXG4gICAgICAgICAgbmV3UGFzc0tleToge1xyXG4gICAgICAgICAgICBwYXNzSWRwUGFyYW1zOiBKU09OLnN0cmluZ2lmeShwYXNzS2V5QnVuZGxlLnBhc3NJZHBQYXJhbXMpLFxyXG4gICAgICAgICAgICBwYXNzSWRwVmVyaWZpZXJQYms6IEpTT04uc3RyaW5naWZ5KFxyXG4gICAgICAgICAgICAgIHBhc3NLZXlCdW5kbGUucGFzc0lkcFZlcmlmaWVyLnRvSlNPTigpXHJcbiAgICAgICAgICAgICksXHJcbiAgICAgICAgICAgIHdyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcms6IEpTT04uc3RyaW5naWZ5KFxyXG4gICAgICAgICAgICAgIHBhc3NLZXlCdW5kbGUud3JhcHBlZFBhc3NJZHBWZXJpZmllclBya1xyXG4gICAgICAgICAgICApLFxyXG4gICAgICAgICAgICBwYXNzS2V5UGFyYW1zOiBKU09OLnN0cmluZ2lmeShwYXNzS2V5QnVuZGxlLnBhc3NLZXlQYXJhbXMpLFxyXG4gICAgICAgICAgfSxcclxuICAgICAgICB9LFxyXG4gICAgICB9LFxyXG4gICAgfSk7XHJcbiAgICByZXR1cm4ge1xyXG4gICAgICB0b2tlbjogcmVzcG9uc2UucGFzc3dvcmRDaGFuZ2UudG9rZW4sXHJcbiAgICAgIG5ld1Bhc3NLZXlJZDogcmVzcG9uc2UucGFzc3dvcmRDaGFuZ2UubmV3UGFzc0tleS5pZCxcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBhc3luYyBnZXRDaGFuZ2VQYXNzd29yZENvbmZpZygpOiBQcm9taXNlPFBhc3N3b3JkQ2hhbmdlQ29uZmlnPiB7XHJcbiAgICBjb25zdCByZXMgPSBhd2FpdCB0aGlzLmFwb2xsby5xdWVyeTxhbnk+KHtcclxuICAgICAgcXVlcnk6IFBhc3N3b3JkQ2hhbmdlQ29uZmlnUXVlcnksXHJcbiAgICB9KTtcclxuXHJcbiAgICBjb25zdCByZXQgPSByZXMucGFzc3dvcmRDaGFuZ2VDb25maWcgYXMgUGFzc3dvcmRDaGFuZ2VDb25maWc7XHJcblxyXG4gICAgcmV0LmF1dGhUaW1lID0gbmV3IERhdGUocmV0LmF1dGhUaW1lKTtcclxuICAgIHJldC5zZXJ2ZXJUaW1lID0gbmV3IERhdGUocmV0LnNlcnZlclRpbWUpO1xyXG4gICAgcmV0dXJuIHJldDtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBwYXNzd29yZFN0cmVuZ3RoKHBhc3N3b3JkKTogeyB5ZWFyczogbnVtYmVyOyBiaXRzOiBudW1iZXIgfSB7XHJcbiAgICBjb25zdCB1cHBlciA9IC9bQS1aXS9nO1xyXG4gICAgY29uc3QgbG93ZXIgPSAvW2Etel0vZztcclxuICAgIGNvbnN0IGRpZ2l0ID0gL1swLTldL2c7XHJcblxyXG4gICAgY29uc3QgdXBwZXJDaG9pY2VzID0gMjY7XHJcbiAgICBjb25zdCBsb3dlckNob2ljZXMgPSAyNjtcclxuICAgIGNvbnN0IGRpZ2l0Q2hvaWNlcyA9IDEwO1xyXG4gICAgY29uc3Qgc3BlY2lhbENob2ljZXMgPSAzMDsgLy8gL1shXCIjJCUmJygpKissLS4vOjs8PT4/QFtcXF1eX2B7fH1+XS9nXHJcblxyXG4gICAgZnVuY3Rpb24gaW5zdGFuY2VDb3VudChzdHIsIHJlKSB7XHJcbiAgICAgIHJldHVybiAoKHN0ciB8fCAnJykubWF0Y2gocmUpIHx8IFtdKS5sZW5ndGg7XHJcbiAgICB9XHJcblxyXG4gICAgY29uc3QgdXBwZXJzID0gaW5zdGFuY2VDb3VudChwYXNzd29yZCwgdXBwZXIpO1xyXG4gICAgY29uc3QgbG93ZXJzID0gaW5zdGFuY2VDb3VudChwYXNzd29yZCwgbG93ZXIpO1xyXG4gICAgY29uc3QgZGlnaXRzID0gaW5zdGFuY2VDb3VudChwYXNzd29yZCwgZGlnaXQpO1xyXG4gICAgY29uc3Qgc3BlY2lhbHMgPSBwYXNzd29yZC5sZW5ndGggLSB1cHBlcnMgLSBsb3dlcnMgLSBkaWdpdHM7XHJcblxyXG4gICAgbGV0IGNob2ljZXMgPSAwO1xyXG4gICAgaWYgKHVwcGVycykge1xyXG4gICAgICBjaG9pY2VzICs9IHVwcGVyQ2hvaWNlcztcclxuICAgIH1cclxuICAgIGlmIChsb3dlcnMpIHtcclxuICAgICAgY2hvaWNlcyArPSBsb3dlckNob2ljZXM7XHJcbiAgICB9XHJcbiAgICBpZiAoZGlnaXRzKSB7XHJcbiAgICAgIGNob2ljZXMgKz0gZGlnaXRDaG9pY2VzO1xyXG4gICAgfVxyXG4gICAgaWYgKHNwZWNpYWxzKSB7XHJcbiAgICAgIGNob2ljZXMgKz0gc3BlY2lhbENob2ljZXM7XHJcbiAgICB9XHJcblxyXG4gICAgaWYgKHBhc3N3b3JkLmxlbmd0aCA9PT0gMCkge1xyXG4gICAgICByZXR1cm4ge1xyXG4gICAgICAgIHllYXJzOiAwLFxyXG4gICAgICAgIC8vIGJpdHMgb2YgZW50cm9weVxyXG4gICAgICAgIGJpdHM6IDAsXHJcbiAgICAgIH07XHJcbiAgICB9XHJcblxyXG4gICAgY29uc3QgcGVybXV0YXRpb25zID0gTWF0aC5wb3coY2hvaWNlcywgcGFzc3dvcmQubGVuZ3RoKTtcclxuXHJcbiAgICBjb25zdCB5ZWFycyA9XHJcbiAgICAgICg1NDAwMCAqIHBlcm11dGF0aW9ucykgL1xyXG4gICAgICBNYXRoLnBvdyh1cHBlckNob2ljZXMgKyBsb3dlckNob2ljZXMgKyBkaWdpdENob2ljZXMsIDEyKTtcclxuICAgIHJldHVybiB7XHJcbiAgICAgIHllYXJzLFxyXG4gICAgICAvLyBiaXRzIG9mIGVudHJvcHlcclxuICAgICAgYml0czogTWF0aC5yb3VuZChNYXRoLmxvZzIocGVybXV0YXRpb25zKSksXHJcbiAgICB9O1xyXG4gIH1cclxufVxyXG4iXX0=

package/esm2015/lib/auth/register.service.js

@@ -0,0 +1,172 @@
+import { __awaiter } from "tslib";
+import { HttpClient } from '@angular/common/http';
+import { Inject, Injectable } from '@angular/core';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import { EncryptionService } from '../cryptography/encryption.service';
+import { KeyFactoryService } from '../cryptography/key-factory.service';
+import { LR_CONFIG } from '../life-ready.config';
+import { PasswordService } from './password.service';
+import * as i0 from "@angular/core";
+import * as i1 from "../life-ready.config";
+import * as i2 from "@aws-amplify/auth/lib-esm/Auth";
+import * as i3 from "@angular/common/http";
+import * as i4 from "../cryptography/key-factory.service";
+import * as i5 from "../cryptography/encryption.service";
+import * as i6 from "./password.service";
+export class RegisterService {
+    constructor(config, auth, http, keyFactory, encryptionService, passwordService) {
+        this.config = config;
+        this.auth = auth;
+        this.http = http;
+        this.keyFactory = keyFactory;
+        this.encryptionService = encryptionService;
+        this.passwordService = passwordService;
+    }
+    /**
+     * Request a verification code to be sent out to an email.
+     * @return Info needed to be submitted along with the verification code
+     */
+    verifyEmail(email) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { claim_id } = yield this.http
+                .post(`${this.config.authUrl}cove/claim/email/`, {
+                address: email,
+                context: 'signup',
+            })
+                .toPromise();
+            return claim_id;
+        });
+    }
+    verifyPhone(phoneNumber) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { claim_id } = yield this.http
+                .post(`${this.config.authUrl}cove/claim/sms/`, {
+                address: phoneNumber,
+                context: 'signup',
+            })
+                .toPromise();
+            return claim_id;
+        });
+    }
+    confirmVerificationCode(verificationId, verificationCode) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { token } = yield this.http
+                .post(`${this.config.authUrl}cove/respond/`, {
+                claim_id: verificationId,
+                v_code: verificationCode,
+            })
+                .toPromise();
+            return token;
+        });
+    }
+    register(email, password, verificationId, verificationToken, verificationType = 'email') {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Generate the key material needed for PassIdp which will be the password used for Cognito.
+            const passKeyBundle = yield this.passwordService.createPassKeyBundle(password);
+            const masterKey = yield this.keyFactory.createKey();
+            const wrappedMasterKey = yield this.encryptionService.encrypt(passKeyBundle.passKey, masterKey.toJSON(true));
+            const rootKey = yield this.keyFactory.createKey();
+            const wrappedRootKey = yield this.encryptionService.encrypt(masterKey, rootKey.toJSON(true));
+            // Encryption PKC key
+            const prk = yield this.keyFactory.createPkcKey();
+            const wrappedPrk = yield this.encryptionService.encrypt(rootKey, prk.toJSON(true));
+            // Signing PKC key
+            const sigPrk = yield this.keyFactory.createPkcSignKey();
+            const wrappedSigPrk = yield this.encryptionService.encrypt(rootKey, sigPrk.toJSON(true));
+            // API call to setup profile
+            const user = yield this.http
+                .post(`${this.config.authUrl}users/`, {
+                claims: [
+                    {
+                        type: verificationType,
+                        token: verificationToken,
+                        claim_id: verificationId,
+                    },
+                ],
+                pass_idp_params: passKeyBundle.passIdpParams,
+                pass_idp_verifier_pbk: passKeyBundle.passIdpVerifier.toJSON(),
+                wrapped_pass_idp_verifier_prk: passKeyBundle.wrappedPassIdpVerifierPrk,
+                pass_key_params: passKeyBundle.passKeyParams,
+                wrapped_master_key: wrappedMasterKey,
+                wrapped_root_key: wrappedRootKey,
+                pbk: prk.toJSON(),
+                wrapped_prk: wrappedPrk,
+                sig_pbk: sigPrk.toJSON(),
+                wrapped_sig_prk: wrappedSigPrk,
+            })
+                .toPromise();
+            // API call to create user on cognito
+            const attributes = {};
+            user.claims.forEach((claim) => {
+                attributes[claim.type] = claim.value;
+            });
+            // Random suffix for uniqueness. If there's a duplicate, then used just needs to
+            // sign up again. But chances of collision is low.
+            const suffix = this.keyFactory.randomDigitsNoZeros(4);
+            const cognitoUser = yield this.auth.signUp({
+                username: `${email.split('@')[0]}.${suffix}`,
+                password: this.passwordService.getPassIdpString(passKeyBundle.passIdp),
+                attributes,
+                // Unfortunately, validationData is not passed to the post
+                // confirmation cognito trigger. So can can't do the association there.
+                // The current workflow will create a new user on LR before signing up
+                // with Cognito. Then Cognito can use the user.id and user.pre_sign_up_token to
+                // do the validation of the attributes.
+                // validationData: [
+                //   new CognitoUserAttribute({
+                //     Name: "user_id",
+                //     Value: String(user.id)
+                //   }),
+                //   new CognitoUserAttribute({
+                //     Name: "user_pre_sign_up_token",
+                //     Value: user.pre_sign_up_token
+                //   })
+                // ]
+                clientMetadata: {
+                    user_id: String(user.id),
+                    user_pre_sign_up_token: String(user.pre_sign_up_token),
+                },
+            });
+            return {
+                username: cognitoUser.user.getUsername(),
+                userId: user.id,
+                preSignUpToken: user.pre_sign_up_token,
+                userSub: cognitoUser.userSub,
+            };
+        });
+    }
+    hibpBreachedAccounts(account) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // The account is just the email
+            try {
+                const response = yield this.http
+                    .get(`${this.config.authUrl}users/hibp/breachedaccount/${account}/?truncateResponse=false`)
+                    .toPromise();
+                return response;
+            }
+            catch (error) {
+                if (error.status === 404) {
+                    return null;
+                }
+                else {
+                    throw error;
+                }
+            }
+        });
+    }
+}
+RegisterService.ɵprov = i0.ɵɵdefineInjectable({ factory: function RegisterService_Factory() { return new RegisterService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.AuthClass), i0.ɵɵinject(i3.HttpClient), i0.ɵɵinject(i4.KeyFactoryService), i0.ɵɵinject(i5.EncryptionService), i0.ɵɵinject(i6.PasswordService)); }, token: RegisterService, providedIn: "root" });
+RegisterService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+RegisterService.ctorParameters = () => [
+    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
+    { type: AuthClass },
+    { type: HttpClient },
+    { type: KeyFactoryService },
+    { type: EncryptionService },
+    { type: PasswordService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVnaXN0ZXIuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiJDOi9Qcm9qZWN0cy90ZXN0L3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2F1dGgvcmVnaXN0ZXIuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xELE9BQU8sRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQ25ELE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUMzRCxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxvQ0FBb0MsQ0FBQztBQUN2RSxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxxQ0FBcUMsQ0FBQztBQUN4RSxPQUFPLEVBQW1CLFNBQVMsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQzs7Ozs7Ozs7QUFNckQsTUFBTSxPQUFPLGVBQWU7SUFDMUIsWUFDNkIsTUFBdUIsRUFDMUMsSUFBZSxFQUNmLElBQWdCLEVBQ2hCLFVBQTZCLEVBQzdCLGlCQUFvQyxFQUNwQyxlQUFnQztRQUxiLFdBQU0sR0FBTixNQUFNLENBQWlCO1FBQzFDLFNBQUksR0FBSixJQUFJLENBQVc7UUFDZixTQUFJLEdBQUosSUFBSSxDQUFZO1FBQ2hCLGVBQVUsR0FBVixVQUFVLENBQW1CO1FBQzdCLHNCQUFpQixHQUFqQixpQkFBaUIsQ0FBbUI7UUFDcEMsb0JBQWUsR0FBZixlQUFlLENBQWlCO0lBQ3ZDLENBQUM7SUFFSjs7O09BR0c7SUFDVSxXQUFXLENBQUMsS0FBYTs7WUFDcEMsTUFBTSxFQUFFLFFBQVEsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUk7aUJBQ2pDLElBQUksQ0FBZSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxtQkFBbUIsRUFBRTtnQkFDN0QsT0FBTyxFQUFFLEtBQUs7Z0JBQ2QsT0FBTyxFQUFFLFFBQVE7YUFDbEIsQ0FBQztpQkFDRCxTQUFTLEVBQUUsQ0FBQztZQUNmLE9BQU8sUUFBUSxDQUFDO1FBQ2xCLENBQUM7S0FBQTtJQUVZLFdBQVcsQ0FBQyxXQUFtQjs7WUFDMUMsTUFBTSxFQUFFLFFBQVEsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUk7aUJBQ2pDLElBQUksQ0FBZSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxpQkFBaUIsRUFBRTtnQkFDM0QsT0FBTyxFQUFFLFdBQVc7Z0JBQ3BCLE9BQU8sRUFBRSxRQUFRO2FBQ2xCLENBQUM7aUJBQ0QsU0FBUyxFQUFFLENBQUM7WUFDZixPQUFPLFFBQVEsQ0FBQztRQUNsQixDQUFDO0tBQUE7SUFFWSx1QkFBdUIsQ0FDbEMsY0FBc0IsRUFDdEIsZ0JBQXdCOztZQUV4QixNQUFNLEVBQUUsS0FBSyxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSTtpQkFDOUIsSUFBSSxDQUFZLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLGVBQWUsRUFBRTtnQkFDdEQsUUFBUSxFQUFFLGNBQWM7Z0JBQ3hCLE1BQU0sRUFBRSxnQkFBZ0I7YUFDekIsQ0FBQztpQkFDRCxTQUFTLEVBQUUsQ0FBQztZQUNmLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztLQUFBO0lBRVksUUFBUSxDQUNuQixLQUFhLEVBQ2IsUUFBZ0IsRUFDaEIsY0FBc0IsRUFDdEIsaUJBQXlCLEVBQ3pCLG1CQUFzQyxPQUFPOztZQUU3Qyw0RkFBNEY7WUFDNUYsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLG1CQUFtQixDQUNsRSxRQUFRLENBQ1QsQ0FBQztZQUVGLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNwRCxNQUFNLGdCQUFnQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDM0QsYUFBYSxDQUFDLE9BQU8sRUFDckIsU0FBUyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDdkIsQ0FBQztZQUVGLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNsRCxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ3pELFNBQVMsRUFDVCxPQUFPLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUNyQixDQUFDO1lBRUYscUJBQXFCO1lBQ3JCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZLEVBQUUsQ0FBQztZQUNqRCxNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ3JELE9BQU8sRUFDUCxHQUFHLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUNqQixDQUFDO1lBRUYsa0JBQWtCO1lBQ2xCLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3hELE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDeEQsT0FBTyxFQUNQLE1BQU0sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3BCLENBQUM7WUFFRiw0QkFBNEI7WUFDNUIsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSTtpQkFDekIsSUFBSSxDQUFNLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLFFBQVEsRUFBRTtnQkFDekMsTUFBTSxFQUFFO29CQUNOO3dCQUNFLElBQUksRUFBRSxnQkFBZ0I7d0JBQ3RCLEtBQUssRUFBRSxpQkFBaUI7d0JBQ3hCLFFBQVEsRUFBRSxjQUFjO3FCQUN6QjtpQkFDRjtnQkFDRCxlQUFlLEVBQUUsYUFBYSxDQUFDLGFBQWE7Z0JBQzVDLHFCQUFxQixFQUFFLGFBQWEsQ0FBQyxlQUFlLENBQUMsTUFBTSxFQUFFO2dCQUM3RCw2QkFBNkIsRUFBRSxhQUFhLENBQUMseUJBQXlCO2dCQUN0RSxlQUFlLEVBQUUsYUFBYSxDQUFDLGFBQWE7Z0JBQzVDLGtCQUFrQixFQUFFLGdCQUFnQjtnQkFDcEMsZ0JBQWdCLEVBQUUsY0FBYztnQkFDaEMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxNQUFNLEVBQUU7Z0JBQ2pCLFdBQVcsRUFBRSxVQUFVO2dCQUN2QixPQUFPLEVBQUUsTUFBTSxDQUFDLE1BQU0sRUFBRTtnQkFDeEIsZUFBZSxFQUFFLGFBQWE7YUFDL0IsQ0FBQztpQkFDRCxTQUFTLEVBQUUsQ0FBQztZQUVmLHFDQUFxQztZQUNyQyxNQUFNLFVBQVUsR0FBRyxFQUFFLENBQUM7WUFDdEIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUMsQ0FBQyxLQUFLLEVBQUUsRUFBRTtnQkFDNUIsVUFBVSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDO1lBQ3ZDLENBQUMsQ0FBQyxDQUFDO1lBRUgsZ0ZBQWdGO1lBQ2hGLGtEQUFrRDtZQUNsRCxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLG1CQUFtQixDQUFDLENBQUMsQ0FBQyxDQUFDO1lBRXRELE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUM7Z0JBQ3pDLFFBQVEsRUFBRSxHQUFHLEtBQUssQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksTUFBTSxFQUFFO2dCQUM1QyxRQUFRLEVBQUUsSUFBSSxDQUFDLGVBQWUsQ0FBQyxnQkFBZ0IsQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDO2dCQUN0RSxVQUFVO2dCQUNWLDBEQUEwRDtnQkFDMUQsdUVBQXVFO2dCQUN2RSxzRUFBc0U7Z0JBQ3RFLCtFQUErRTtnQkFDL0UsdUNBQXVDO2dCQUN2QyxvQkFBb0I7Z0JBQ3BCLCtCQUErQjtnQkFDL0IsdUJBQXVCO2dCQUN2Qiw2QkFBNkI7Z0JBQzdCLFFBQVE7Z0JBQ1IsK0JBQStCO2dCQUMvQixzQ0FBc0M7Z0JBQ3RDLG9DQUFvQztnQkFDcEMsT0FBTztnQkFDUCxJQUFJO2dCQUNKLGNBQWMsRUFBRTtvQkFDZCxPQUFPLEVBQUUsTUFBTSxDQUFDLElBQUksQ0FBQyxFQUFFLENBQUM7b0JBQ3hCLHNCQUFzQixFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsaUJBQWlCLENBQUM7aUJBQ3ZEO2FBQ0YsQ0FBQyxDQUFDO1lBRUgsT0FBTztnQkFDTCxRQUFRLEVBQUUsV0FBVyxDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUU7Z0JBQ3hDLE1BQU0sRUFBRSxJQUFJLENBQUMsRUFBRTtnQkFDZixjQUFjLEVBQUUsSUFBSSxDQUFDLGlCQUFpQjtnQkFDdEMsT0FBTyxFQUFFLFdBQVcsQ0FBQyxPQUFPO2FBQzdCLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFWSxvQkFBb0IsQ0FBQyxPQUFlOztZQUMvQyxnQ0FBZ0M7WUFDaEMsSUFBSTtnQkFDRixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJO3FCQUM3QixHQUFHLENBQ0YsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sOEJBQThCLE9BQU8sMEJBQTBCLENBQ3RGO3FCQUNBLFNBQVMsRUFBRSxDQUFDO2dCQUNmLE9BQU8sUUFBUSxDQUFDO2FBQ2pCO1lBQUMsT0FBTyxLQUFLLEVBQUU7Z0JBQ2QsSUFBSSxLQUFLLENBQUMsTUFBTSxLQUFLLEdBQUcsRUFBRTtvQkFDeEIsT0FBTyxJQUFJLENBQUM7aUJBQ2I7cUJBQU07b0JBQ0wsTUFBTSxLQUFLLENBQUM7aUJBQ2I7YUFDRjtRQUNILENBQUM7S0FBQTs7OztZQTFLRixVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7Ozs0Q0FHSSxNQUFNLFNBQUMsU0FBUztZQVpaLFNBQVM7WUFGVCxVQUFVO1lBSVYsaUJBQWlCO1lBRGpCLGlCQUFpQjtZQUdqQixlQUFlIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSHR0cENsaWVudCB9IGZyb20gJ0Bhbmd1bGFyL2NvbW1vbi9odHRwJztcclxuaW1wb3J0IHsgSW5qZWN0LCBJbmplY3RhYmxlIH0gZnJvbSAnQGFuZ3VsYXIvY29yZSc7XHJcbmltcG9ydCB7IEF1dGhDbGFzcyB9IGZyb20gJ0Bhd3MtYW1wbGlmeS9hdXRoL2xpYi1lc20vQXV0aCc7XHJcbmltcG9ydCB7IEVuY3J5cHRpb25TZXJ2aWNlIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2VuY3J5cHRpb24uc2VydmljZSc7XHJcbmltcG9ydCB7IEtleUZhY3RvcnlTZXJ2aWNlIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2tleS1mYWN0b3J5LnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBMaWZlUmVhZHlDb25maWcsIExSX0NPTkZJRyB9IGZyb20gJy4uL2xpZmUtcmVhZHkuY29uZmlnJztcclxuaW1wb3J0IHsgUGFzc3dvcmRTZXJ2aWNlIH0gZnJvbSAnLi9wYXNzd29yZC5zZXJ2aWNlJztcclxuaW1wb3J0IHsgUmVnaXN0ZXJSZXN1bHQgfSBmcm9tICcuL2F1dGgudHlwZXMnO1xyXG5cclxuQEluamVjdGFibGUoe1xyXG4gIHByb3ZpZGVkSW46ICdyb290JyxcclxufSlcclxuZXhwb3J0IGNsYXNzIFJlZ2lzdGVyU2VydmljZSB7XHJcbiAgY29uc3RydWN0b3IoXHJcbiAgICBASW5qZWN0KExSX0NPTkZJRykgcHJpdmF0ZSBjb25maWc6IExpZmVSZWFkeUNvbmZpZyxcclxuICAgIHByaXZhdGUgYXV0aDogQXV0aENsYXNzLFxyXG4gICAgcHJpdmF0ZSBodHRwOiBIdHRwQ2xpZW50LFxyXG4gICAgcHJpdmF0ZSBrZXlGYWN0b3J5OiBLZXlGYWN0b3J5U2VydmljZSxcclxuICAgIHByaXZhdGUgZW5jcnlwdGlvblNlcnZpY2U6IEVuY3J5cHRpb25TZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSBwYXNzd29yZFNlcnZpY2U6IFBhc3N3b3JkU2VydmljZVxyXG4gICkge31cclxuXHJcbiAgLyoqXHJcbiAgICogUmVxdWVzdCBhIHZlcmlmaWNhdGlvbiBjb2RlIHRvIGJlIHNlbnQgb3V0IHRvIGFuIGVtYWlsLlxyXG4gICAqIEByZXR1cm4gSW5mbyBuZWVkZWQgdG8gYmUgc3VibWl0dGVkIGFsb25nIHdpdGggdGhlIHZlcmlmaWNhdGlvbiBjb2RlXHJcbiAgICovXHJcbiAgcHVibGljIGFzeW5jIHZlcmlmeUVtYWlsKGVtYWlsOiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xyXG4gICAgY29uc3QgeyBjbGFpbV9pZCB9ID0gYXdhaXQgdGhpcy5odHRwXHJcbiAgICAgIC5wb3N0PHsgY2xhaW1faWQgfT4oYCR7dGhpcy5jb25maWcuYXV0aFVybH1jb3ZlL2NsYWltL2VtYWlsL2AsIHtcclxuICAgICAgICBhZGRyZXNzOiBlbWFpbCxcclxuICAgICAgICBjb250ZXh0OiAnc2lnbnVwJyxcclxuICAgICAgfSlcclxuICAgICAgLnRvUHJvbWlzZSgpO1xyXG4gICAgcmV0dXJuIGNsYWltX2lkO1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIHZlcmlmeVBob25lKHBob25lTnVtYmVyOiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xyXG4gICAgY29uc3QgeyBjbGFpbV9pZCB9ID0gYXdhaXQgdGhpcy5odHRwXHJcbiAgICAgIC5wb3N0PHsgY2xhaW1faWQgfT4oYCR7dGhpcy5jb25maWcuYXV0aFVybH1jb3ZlL2NsYWltL3Ntcy9gLCB7XHJcbiAgICAgICAgYWRkcmVzczogcGhvbmVOdW1iZXIsXHJcbiAgICAgICAgY29udGV4dDogJ3NpZ251cCcsXHJcbiAgICAgIH0pXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuICAgIHJldHVybiBjbGFpbV9pZDtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyBjb25maXJtVmVyaWZpY2F0aW9uQ29kZShcclxuICAgIHZlcmlmaWNhdGlvbklkOiBzdHJpbmcsXHJcbiAgICB2ZXJpZmljYXRpb25Db2RlOiBzdHJpbmdcclxuICApOiBQcm9taXNlPHN0cmluZz4ge1xyXG4gICAgY29uc3QgeyB0b2tlbiB9ID0gYXdhaXQgdGhpcy5odHRwXHJcbiAgICAgIC5wb3N0PHsgdG9rZW4gfT4oYCR7dGhpcy5jb25maWcuYXV0aFVybH1jb3ZlL3Jlc3BvbmQvYCwge1xyXG4gICAgICAgIGNsYWltX2lkOiB2ZXJpZmljYXRpb25JZCxcclxuICAgICAgICB2X2NvZGU6IHZlcmlmaWNhdGlvbkNvZGUsXHJcbiAgICAgIH0pXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuICAgIHJldHVybiB0b2tlbjtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyByZWdpc3RlcihcclxuICAgIGVtYWlsOiBzdHJpbmcsXHJcbiAgICBwYXNzd29yZDogc3RyaW5nLFxyXG4gICAgdmVyaWZpY2F0aW9uSWQ6IHN0cmluZyxcclxuICAgIHZlcmlmaWNhdGlvblRva2VuOiBzdHJpbmcsXHJcbiAgICB2ZXJpZmljYXRpb25UeXBlOiAnZW1haWwnIHwgJ3Bob25lJyA9ICdlbWFpbCdcclxuICApOiBQcm9taXNlPFJlZ2lzdGVyUmVzdWx0PiB7XHJcbiAgICAvLyBHZW5lcmF0ZSB0aGUga2V5IG1hdGVyaWFsIG5lZWRlZCBmb3IgUGFzc0lkcCB3aGljaCB3aWxsIGJlIHRoZSBwYXNzd29yZCB1c2VkIGZvciBDb2duaXRvLlxyXG4gICAgY29uc3QgcGFzc0tleUJ1bmRsZSA9IGF3YWl0IHRoaXMucGFzc3dvcmRTZXJ2aWNlLmNyZWF0ZVBhc3NLZXlCdW5kbGUoXHJcbiAgICAgIHBhc3N3b3JkXHJcbiAgICApO1xyXG5cclxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcclxuICAgIGNvbnN0IHdyYXBwZWRNYXN0ZXJLZXkgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXHJcbiAgICAgIHBhc3NLZXlCdW5kbGUucGFzc0tleSxcclxuICAgICAgbWFzdGVyS2V5LnRvSlNPTih0cnVlKVxyXG4gICAgKTtcclxuXHJcbiAgICBjb25zdCByb290S2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xyXG4gICAgY29uc3Qgd3JhcHBlZFJvb3RLZXkgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXHJcbiAgICAgIG1hc3RlcktleSxcclxuICAgICAgcm9vdEtleS50b0pTT04odHJ1ZSlcclxuICAgICk7XHJcblxyXG4gICAgLy8gRW5jcnlwdGlvbiBQS0Mga2V5XHJcbiAgICBjb25zdCBwcmsgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlUGtjS2V5KCk7XHJcbiAgICBjb25zdCB3cmFwcGVkUHJrID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxyXG4gICAgICByb290S2V5LFxyXG4gICAgICBwcmsudG9KU09OKHRydWUpXHJcbiAgICApO1xyXG5cclxuICAgIC8vIFNpZ25pbmcgUEtDIGtleVxyXG4gICAgY29uc3Qgc2lnUHJrID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZVBrY1NpZ25LZXkoKTtcclxuICAgIGNvbnN0IHdyYXBwZWRTaWdQcmsgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXHJcbiAgICAgIHJvb3RLZXksXHJcbiAgICAgIHNpZ1Byay50b0pTT04odHJ1ZSlcclxuICAgICk7XHJcblxyXG4gICAgLy8gQVBJIGNhbGwgdG8gc2V0dXAgcHJvZmlsZVxyXG4gICAgY29uc3QgdXNlciA9IGF3YWl0IHRoaXMuaHR0cFxyXG4gICAgICAucG9zdDxhbnk+KGAke3RoaXMuY29uZmlnLmF1dGhVcmx9dXNlcnMvYCwge1xyXG4gICAgICAgIGNsYWltczogW1xyXG4gICAgICAgICAge1xyXG4gICAgICAgICAgICB0eXBlOiB2ZXJpZmljYXRpb25UeXBlLFxyXG4gICAgICAgICAgICB0b2tlbjogdmVyaWZpY2F0aW9uVG9rZW4sXHJcbiAgICAgICAgICAgIGNsYWltX2lkOiB2ZXJpZmljYXRpb25JZCxcclxuICAgICAgICAgIH0sXHJcbiAgICAgICAgXSxcclxuICAgICAgICBwYXNzX2lkcF9wYXJhbXM6IHBhc3NLZXlCdW5kbGUucGFzc0lkcFBhcmFtcyxcclxuICAgICAgICBwYXNzX2lkcF92ZXJpZmllcl9wYms6IHBhc3NLZXlCdW5kbGUucGFzc0lkcFZlcmlmaWVyLnRvSlNPTigpLFxyXG4gICAgICAgIHdyYXBwZWRfcGFzc19pZHBfdmVyaWZpZXJfcHJrOiBwYXNzS2V5QnVuZGxlLndyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcmssXHJcbiAgICAgICAgcGFzc19rZXlfcGFyYW1zOiBwYXNzS2V5QnVuZGxlLnBhc3NLZXlQYXJhbXMsXHJcbiAgICAgICAgd3JhcHBlZF9tYXN0ZXJfa2V5OiB3cmFwcGVkTWFzdGVyS2V5LFxyXG4gICAgICAgIHdyYXBwZWRfcm9vdF9rZXk6IHdyYXBwZWRSb290S2V5LFxyXG4gICAgICAgIHBiazogcHJrLnRvSlNPTigpLCAvLyBwdWJsaWMgZW5jcnlwdGlvbiBrZXlcclxuICAgICAgICB3cmFwcGVkX3Byazogd3JhcHBlZFByayxcclxuICAgICAgICBzaWdfcGJrOiBzaWdQcmsudG9KU09OKCksIC8vIHB1YmxpYyBzaWduaW5nIGtleVxyXG4gICAgICAgIHdyYXBwZWRfc2lnX3Byazogd3JhcHBlZFNpZ1ByayxcclxuICAgICAgfSlcclxuICAgICAgLnRvUHJvbWlzZSgpO1xyXG5cclxuICAgIC8vIEFQSSBjYWxsIHRvIGNyZWF0ZSB1c2VyIG9uIGNvZ25pdG9cclxuICAgIGNvbnN0IGF0dHJpYnV0ZXMgPSB7fTtcclxuICAgIHVzZXIuY2xhaW1zLmZvckVhY2goKGNsYWltKSA9PiB7XHJcbiAgICAgIGF0dHJpYnV0ZXNbY2xhaW0udHlwZV0gPSBjbGFpbS52YWx1ZTtcclxuICAgIH0pO1xyXG5cclxuICAgIC8vIFJhbmRvbSBzdWZmaXggZm9yIHVuaXF1ZW5lc3MuIElmIHRoZXJlJ3MgYSBkdXBsaWNhdGUsIHRoZW4gdXNlZCBqdXN0IG5lZWRzIHRvXHJcbiAgICAvLyBzaWduIHVwIGFnYWluLiBCdXQgY2hhbmNlcyBvZiBjb2xsaXNpb24gaXMgbG93LlxyXG4gICAgY29uc3Qgc3VmZml4ID0gdGhpcy5rZXlGYWN0b3J5LnJhbmRvbURpZ2l0c05vWmVyb3MoNCk7XHJcblxyXG4gICAgY29uc3QgY29nbml0b1VzZXIgPSBhd2FpdCB0aGlzLmF1dGguc2lnblVwKHtcclxuICAgICAgdXNlcm5hbWU6IGAke2VtYWlsLnNwbGl0KCdAJylbMF19LiR7c3VmZml4fWAsXHJcbiAgICAgIHBhc3N3b3JkOiB0aGlzLnBhc3N3b3JkU2VydmljZS5nZXRQYXNzSWRwU3RyaW5nKHBhc3NLZXlCdW5kbGUucGFzc0lkcCksXHJcbiAgICAgIGF0dHJpYnV0ZXMsXHJcbiAgICAgIC8vIFVuZm9ydHVuYXRlbHksIHZhbGlkYXRpb25EYXRhIGlzIG5vdCBwYXNzZWQgdG8gdGhlIHBvc3RcclxuICAgICAgLy8gY29uZmlybWF0aW9uIGNvZ25pdG8gdHJpZ2dlci4gU28gY2FuIGNhbid0IGRvIHRoZSBhc3NvY2lhdGlvbiB0aGVyZS5cclxuICAgICAgLy8gVGhlIGN1cnJlbnQgd29ya2Zsb3cgd2lsbCBjcmVhdGUgYSBuZXcgdXNlciBvbiBMUiBiZWZvcmUgc2lnbmluZyB1cFxyXG4gICAgICAvLyB3aXRoIENvZ25pdG8uIFRoZW4gQ29nbml0byBjYW4gdXNlIHRoZSB1c2VyLmlkIGFuZCB1c2VyLnByZV9zaWduX3VwX3Rva2VuIHRvXHJcbiAgICAgIC8vIGRvIHRoZSB2YWxpZGF0aW9uIG9mIHRoZSBhdHRyaWJ1dGVzLlxyXG4gICAgICAvLyB2YWxpZGF0aW9uRGF0YTogW1xyXG4gICAgICAvLyAgIG5ldyBDb2duaXRvVXNlckF0dHJpYnV0ZSh7XHJcbiAgICAgIC8vICAgICBOYW1lOiBcInVzZXJfaWRcIixcclxuICAgICAgLy8gICAgIFZhbHVlOiBTdHJpbmcodXNlci5pZClcclxuICAgICAgLy8gICB9KSxcclxuICAgICAgLy8gICBuZXcgQ29nbml0b1VzZXJBdHRyaWJ1dGUoe1xyXG4gICAgICAvLyAgICAgTmFtZTogXCJ1c2VyX3ByZV9zaWduX3VwX3Rva2VuXCIsXHJcbiAgICAgIC8vICAgICBWYWx1ZTogdXNlci5wcmVfc2lnbl91cF90b2tlblxyXG4gICAgICAvLyAgIH0pXHJcbiAgICAgIC8vIF1cclxuICAgICAgY2xpZW50TWV0YWRhdGE6IHtcclxuICAgICAgICB1c2VyX2lkOiBTdHJpbmcodXNlci5pZCksXHJcbiAgICAgICAgdXNlcl9wcmVfc2lnbl91cF90b2tlbjogU3RyaW5nKHVzZXIucHJlX3NpZ25fdXBfdG9rZW4pLFxyXG4gICAgICB9LFxyXG4gICAgfSk7XHJcblxyXG4gICAgcmV0dXJuIHtcclxuICAgICAgdXNlcm5hbWU6IGNvZ25pdG9Vc2VyLnVzZXIuZ2V0VXNlcm5hbWUoKSxcclxuICAgICAgdXNlcklkOiB1c2VyLmlkLFxyXG4gICAgICBwcmVTaWduVXBUb2tlbjogdXNlci5wcmVfc2lnbl91cF90b2tlbixcclxuICAgICAgdXNlclN1YjogY29nbml0b1VzZXIudXNlclN1YixcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgaGlicEJyZWFjaGVkQWNjb3VudHMoYWNjb3VudDogc3RyaW5nKTogUHJvbWlzZTxhbnk+IHtcclxuICAgIC8vIFRoZSBhY2NvdW50IGlzIGp1c3QgdGhlIGVtYWlsXHJcbiAgICB0cnkge1xyXG4gICAgICBjb25zdCByZXNwb25zZSA9IGF3YWl0IHRoaXMuaHR0cFxyXG4gICAgICAgIC5nZXQoXHJcbiAgICAgICAgICBgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2hpYnAvYnJlYWNoZWRhY2NvdW50LyR7YWNjb3VudH0vP3RydW5jYXRlUmVzcG9uc2U9ZmFsc2VgXHJcbiAgICAgICAgKVxyXG4gICAgICAgIC50b1Byb21pc2UoKTtcclxuICAgICAgcmV0dXJuIHJlc3BvbnNlO1xyXG4gICAgfSBjYXRjaCAoZXJyb3IpIHtcclxuICAgICAgaWYgKGVycm9yLnN0YXR1cyA9PT0gNDA0KSB7XHJcbiAgICAgICAgcmV0dXJuIG51bGw7XHJcbiAgICAgIH0gZWxzZSB7XHJcbiAgICAgICAgdGhyb3cgZXJyb3I7XHJcbiAgICAgIH1cclxuICAgIH1cclxuICB9XHJcbn1cclxuIl19