@lifeready/core 1.0.1 → 1.0.3

package/esm2015/lib/auth/password.service.js

@@ -0,0 +1,320 @@
+import { __awaiter } from "tslib";
+import { HttpClient } from '@angular/common/http';
+import { Inject, Injectable } from '@angular/core';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import { ProfileService } from '../users/profile.service';
+import { EncryptionService } from '../cryptography/encryption.service';
+import { KeyGraphService } from '../cryptography/key-graph.service';
+import { LR_CONFIG } from '../life-ready.config';
+import { LrAuthException, LrBadArgumentException } from '../_common/exceptions';
+import { LrApolloService } from './../api/lr-apollo.service';
+import { PasswordChangeMutation, PasswordChangeRequestMutation, PasswordChangeConfigQuery, } from './auth.gql';
+import { WebCryptoService } from '../cryptography/web-crypto.service';
+import * as moment_ from 'moment';
+import { IdleService } from '../auth/idle.service';
+import { KeyFactoryService as KFS } from '../cryptography/key-factory.service';
+import * as i0 from "@angular/core";
+import * as i1 from "../life-ready.config";
+import * as i2 from "@angular/common/http";
+import * as i3 from "../api/lr-apollo.service";
+import * as i4 from "@aws-amplify/auth/lib-esm/Auth";
+import * as i5 from "../users/profile.service";
+import * as i6 from "../cryptography/key-factory.service";
+import * as i7 from "../cryptography/encryption.service";
+import * as i8 from "../cryptography/key-graph.service";
+import * as i9 from "../cryptography/web-crypto.service";
+import * as i10 from "./idle.service";
+// "why?" you ask: https://stackoverflow.com/questions/59735280/angular-8-moment-error-cannot-call-a-namespace-moment
+const moment = moment_;
+export class PasswordCheck {
+}
+export class PasswordService {
+    constructor(config, http, apollo, auth, profileService, keyFactory, encryptionService, keyGraph, webCryptoService, idleService) {
+        this.config = config;
+        this.http = http;
+        this.apollo = apollo;
+        this.auth = auth;
+        this.profileService = profileService;
+        this.keyFactory = keyFactory;
+        this.encryptionService = encryptionService;
+        this.keyGraph = keyGraph;
+        this.webCryptoService = webCryptoService;
+        this.idleService = idleService;
+        this.CLIENT_NONCE_LENGTH = 32;
+    }
+    checkPassword(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { years } = this.passwordStrength(password);
+            return {
+                length: password.length,
+                timeToCrack: moment.duration({ years }),
+                passwordExposed: yield this.getExposureCount(password),
+            };
+        });
+    }
+    getExposureCount(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const sha1Password = yield this.webCryptoService.stringDigest('SHA-1', password);
+            const first5sha1 = sha1Password.substring(0, 5);
+            const response = yield this.http
+                .get(`https://api.pwnedpasswords.com/range/${first5sha1}`, {
+                responseType: 'text',
+            })
+                .toPromise();
+            const results = new RegExp(`^(?:${sha1Password.substring(5)}:)(?<count>\\d+)$`, 'im').exec(response);
+            if (results) {
+                return +results.groups.count;
+            }
+            return 0;
+        });
+    }
+    getPassIdpString(passIdp) {
+        return passIdp.toJSON(true).k;
+    }
+    createPassKeyBundle(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const passIdpParams = yield this.keyFactory.createPassIdpParams();
+            const passIdp = (yield this.keyFactory.derivePassIdp(Object.assign({ password }, passIdpParams))).jwk;
+            const passKeyParams = yield this.keyFactory.createPassKeyParams();
+            const passKey = (yield this.keyFactory.derivePassKey(Object.assign({ password }, passKeyParams))).jwk;
+            const passIdpVerifier = yield this.keyFactory.createPkcSignKey();
+            const wrappedPassIdpVerifierPrk = yield this.encryptionService.encrypt(passKey, passIdpVerifier.toJSON(true));
+            // There are two formats that the private key can be represented in JWK:
+            // https://tools.ietf.org/html/rfc8017#page-9
+            // The second form is an optimization:
+            // https://crypto.stackexchange.com/questions/19413/what-are-dp-and-dq-in-encryption-by-rsa-in-c
+            return {
+                passKeyParams,
+                passKey,
+                passIdpParams,
+                passIdp,
+                passIdpVerifier,
+                wrappedPassIdpVerifierPrk,
+            };
+        });
+    }
+    /**
+     * We need to allow for interruption of the process at any point. Each API call can be considered
+     * atomic and either succeeds or fails.
+     *
+     * The LR server APIs use semaphore tokens for locking critical operations, so concurrent calls will
+     * fail.
+     *
+     * We assume the worst case for IdP API calls. So we use the semaphore token from LR to prevent
+     * concurrent calls to IdP APIs, but we have to assume that the IdP API calls will either succeed or
+     * fail within a reasonable amount of time.
+     *
+     * Each location where the server state changes can be a potential point of interruption.
+     * Potential points of interruption are marked with: --Potential Failure Point--
+     *
+     * Places for timeout:
+     * - Login age too old at call to: verifyPassword()
+     * - Login age too old at call to: changePasswordMutation()
+     * - Semaphore token expires at call to: changePasswordComplete()
+     *
+     * Tests:
+     * - Potential Failure Point 1: should be able to restart the process, user remains signed in.
+     * - Potential Failure Point 2: should enter recovery flow
+     * - Potential Failure Point 3: should enter recovery flow
+     * - Potential Failure Point 4: should enter recovery flow
+     *
+     */
+    isLoginRequired() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const changePasswordConfig = yield this.getChangePasswordConfig();
+            const authTime = moment(changePasswordConfig.authTime);
+            const serverTime = moment(changePasswordConfig.serverTime);
+            const duration = moment.duration(serverTime.diff(authTime));
+            const seconds = duration.asSeconds();
+            if (seconds > changePasswordConfig.maxAuthAgeSeconds) {
+                return true;
+            }
+            else {
+                return false;
+            }
+        });
+    }
+    changePassword(password, newPassword) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cognitoUser = yield this.auth.currentAuthenticatedUser();
+            // Validation
+            // todo: Add this back in
+            // Note the passIdp will always have a random salt, so will always be different to the current passIdp.
+            if (password === newPassword) {
+                throw new LrBadArgumentException('New password is the same as the current one.');
+            }
+            const { currentUser } = yield this.profileService.getCurrentUser();
+            const { passIdp, signedChallenge } = yield this.verifyPassword(password, currentUser);
+            // --Potential Failure Point 1--
+            // verifyPassword() asks for a current password challenge hence changes server state.
+            // Place break points here to test the failure scenarios.
+            // Generate the new passIdp
+            const newPassKey = yield this.createPassKeyBundle(newPassword);
+            // Re-encrypt master key with new key
+            const masterKey = yield this.keyGraph.getKey(currentUser.currentUserKey.masterKey.id);
+            const newWrappedMasterKey = yield this.encryptionService.encrypt(newPassKey.passKey, masterKey.jwk.toJSON(true));
+            // If the IdP change password failed, we need to go into recovery mode by forcing
+            // a login. We can't logout the user just yet since the IdP password change needs
+            // the user to be logged in. We _can_ removed any persisted session values for the IdP
+            // but that seems like too much trouble.
+            const { token, newPassKeyId } = yield this.changePasswordMutation(signedChallenge, currentUser.currentUserKey.masterKey.id, newWrappedMasterKey, newPassKey);
+            // --Potential Failure Point 2--
+            // changePasswordMutation() uploads new keys and obtains a semaphore lock to prevent any other
+            // clients from performing IdP password change.
+            // Now we can do the IdP password change.
+            // todo: Add this back in
+            yield this.auth.changePassword(cognitoUser, this.getPassIdpString(passIdp), this.getPassIdpString(newPassKey.passIdp));
+            // --Potential Failure Point 3--
+            // IdP password change
+            // Note that changePassword() could throw an exception for a number of reason. It could throw
+            // a network timeout for example. But we don't know if it's the response that timed out and
+            // the idp password change was actually carried out. So we have to be extra conservative and
+            // only act on a clear success. Otherwise we go into recover mode.
+            yield this.changePasswordComplete(cognitoUser.getSignInUserSession().getAccessToken().getJwtToken(), true, token);
+        });
+    }
+    changePasswordComplete(accessToken, useNewPassword, token = null) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.http
+                .post(`${this.config.authUrl}users/password-change-complete/`, Object.assign({ use_new_password: useNewPassword }, (token && { token })), {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                },
+            })
+                .toPromise();
+        });
+    }
+    getVerifierPrK(passKey, wrappedPrK) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const prkJson = yield this.encryptionService.decrypt(passKey, wrappedPrK);
+                return KFS.asKey(prkJson);
+            }
+            catch (error) {
+                throw new LrAuthException('Wrong current password');
+            }
+        });
+    }
+    verifyPassword(password, currentUser) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Get information from the server to prepare for password change.
+            const passwordRequest = yield this.apollo.mutate({
+                mutation: PasswordChangeRequestMutation,
+                variables: {},
+            });
+            // Get the old passKey so we can decrypt the old password verifier
+            const passKeyResult = yield this.keyFactory.derivePassKey(Object.assign({ password }, currentUser.currentUserKey.passKey.passKeyParams));
+            const verifierPrK = yield this.getVerifierPrK(passKeyResult.jwk, currentUser.currentUserKey.passKey.wrappedPassIdpVerifierPrk);
+            // Sign the server challenge to prove to the server we can decrypt the password verifier.
+            // Generate
+            const clientNonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
+            const signedChallenge = yield this.encryptionService.sign(verifierPrK, {
+                serverNonce: passwordRequest.passwordChangeRequest.challenge.serverNonce,
+                clientNonce,
+            });
+            const passIdpResult = yield this.keyFactory.derivePassIdp(Object.assign({ password }, currentUser.currentUserKey.passKey.passIdpParams));
+            return {
+                passIdp: passIdpResult.jwk,
+                signedChallenge,
+            };
+        });
+    }
+    changePasswordMutation(signedChallenge, masterKeyId, newWrappedMasterKey, passKeyBundle) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield this.apollo.mutate({
+                mutation: PasswordChangeMutation,
+                variables: {
+                    input: {
+                        signedChallenge: JSON.stringify(signedChallenge),
+                        masterKeyId,
+                        newWrappedMasterKey: JSON.stringify(newWrappedMasterKey),
+                        newPassKey: {
+                            passIdpParams: JSON.stringify(passKeyBundle.passIdpParams),
+                            passIdpVerifierPbk: JSON.stringify(passKeyBundle.passIdpVerifier.toJSON()),
+                            wrappedPassIdpVerifierPrk: JSON.stringify(passKeyBundle.wrappedPassIdpVerifierPrk),
+                            passKeyParams: JSON.stringify(passKeyBundle.passKeyParams),
+                        },
+                    },
+                },
+            });
+            return {
+                token: response.passwordChange.token,
+                newPassKeyId: response.passwordChange.newPassKey.id,
+            };
+        });
+    }
+    getChangePasswordConfig() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const res = yield this.apollo.query({
+                query: PasswordChangeConfigQuery,
+            });
+            const ret = res.passwordChangeConfig;
+            ret.authTime = new Date(ret.authTime);
+            ret.serverTime = new Date(ret.serverTime);
+            return ret;
+        });
+    }
+    passwordStrength(password) {
+        const upper = /[A-Z]/g;
+        const lower = /[a-z]/g;
+        const digit = /[0-9]/g;
+        const upperChoices = 26;
+        const lowerChoices = 26;
+        const digitChoices = 10;
+        const specialChoices = 30; // /[!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~]/g
+        function instanceCount(str, re) {
+            return ((str || '').match(re) || []).length;
+        }
+        const uppers = instanceCount(password, upper);
+        const lowers = instanceCount(password, lower);
+        const digits = instanceCount(password, digit);
+        const specials = password.length - uppers - lowers - digits;
+        let choices = 0;
+        if (uppers) {
+            choices += upperChoices;
+        }
+        if (lowers) {
+            choices += lowerChoices;
+        }
+        if (digits) {
+            choices += digitChoices;
+        }
+        if (specials) {
+            choices += specialChoices;
+        }
+        if (password.length === 0) {
+            return {
+                years: 0,
+                // bits of entropy
+                bits: 0,
+            };
+        }
+        const permutations = Math.pow(choices, password.length);
+        const years = (54000 * permutations) /
+            Math.pow(upperChoices + lowerChoices + digitChoices, 12);
+        return {
+            years,
+            // bits of entropy
+            bits: Math.round(Math.log2(permutations)),
+        };
+    }
+}
+PasswordService.ɵprov = i0.ɵɵdefineInjectable({ factory: function PasswordService_Factory() { return new PasswordService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.HttpClient), i0.ɵɵinject(i3.LrApolloService), i0.ɵɵinject(i4.AuthClass), i0.ɵɵinject(i5.ProfileService), i0.ɵɵinject(i6.KeyFactoryService), i0.ɵɵinject(i7.EncryptionService), i0.ɵɵinject(i8.KeyGraphService), i0.ɵɵinject(i9.WebCryptoService), i0.ɵɵinject(i10.IdleService)); }, token: PasswordService, providedIn: "root" });
+PasswordService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+PasswordService.ctorParameters = () => [
+    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
+    { type: HttpClient },
+    { type: LrApolloService },
+    { type: AuthClass },
+    { type: ProfileService },
+    { type: KFS },
+    { type: EncryptionService },
+    { type: KeyGraphService },
+    { type: WebCryptoService },
+    { type: IdleService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGFzc3dvcmQuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiJDOi9Qcm9qZWN0cy9uZXdyZXBvL2tjLWNsaWVudC9wcm9qZWN0cy9jb3JlL3NyYy8iLCJzb3VyY2VzIjpbImxpYi9hdXRoL3Bhc3N3b3JkLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUNsRCxPQUFPLEVBQUUsTUFBTSxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUVuRCxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFFM0QsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBQzFELE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLG9DQUFvQyxDQUFDO0FBQ3ZFLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxtQ0FBbUMsQ0FBQztBQUNwRSxPQUFPLEVBQW1CLFNBQVMsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sRUFBRSxlQUFlLEVBQUUsc0JBQXNCLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUNoRixPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDN0QsT0FBTyxFQUNMLHNCQUFzQixFQUN0Qiw2QkFBNkIsRUFDN0IseUJBQXlCLEdBQzFCLE1BQU0sWUFBWSxDQUFDO0FBRXBCLE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLG9DQUFvQyxDQUFDO0FBRXRFLE9BQU8sS0FBSyxPQUFPLE1BQU0sUUFBUSxDQUFDO0FBRWxDLE9BQU8sRUFBRSxXQUFXLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUNuRCxPQUFPLEVBQUUsaUJBQWlCLElBQUksR0FBRyxFQUFFLE1BQU0scUNBQXFDLENBQUM7Ozs7Ozs7Ozs7OztBQUUvRSxxSEFBcUg7QUFDckgsTUFBTSxNQUFNLEdBQUcsT0FBTyxDQUFDO0FBeUJ2QixNQUFNLE9BQU8sYUFBYTtDQUl6QjtBQUtELE1BQU0sT0FBTyxlQUFlO0lBRzFCLFlBQzZCLE1BQXVCLEVBQzFDLElBQWdCLEVBQ2hCLE1BQXVCLEVBQ3ZCLElBQWUsRUFDZixjQUE4QixFQUM5QixVQUFlLEVBQ2YsaUJBQW9DLEVBQ3BDLFFBQXlCLEVBQ3pCLGdCQUFrQyxFQUNsQyxXQUF3QjtRQVRMLFdBQU0sR0FBTixNQUFNLENBQWlCO1FBQzFDLFNBQUksR0FBSixJQUFJLENBQVk7UUFDaEIsV0FBTSxHQUFOLE1BQU0sQ0FBaUI7UUFDdkIsU0FBSSxHQUFKLElBQUksQ0FBVztRQUNmLG1CQUFjLEdBQWQsY0FBYyxDQUFnQjtRQUM5QixlQUFVLEdBQVYsVUFBVSxDQUFLO1FBQ2Ysc0JBQWlCLEdBQWpCLGlCQUFpQixDQUFtQjtRQUNwQyxhQUFRLEdBQVIsUUFBUSxDQUFpQjtRQUN6QixxQkFBZ0IsR0FBaEIsZ0JBQWdCLENBQWtCO1FBQ2xDLGdCQUFXLEdBQVgsV0FBVyxDQUFhO1FBWmpCLHdCQUFtQixHQUFHLEVBQUUsQ0FBQztJQWF2QyxDQUFDO0lBRVMsYUFBYSxDQUFDLFFBQWdCOztZQUN6QyxNQUFNLEVBQUUsS0FBSyxFQUFFLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBRWxELE9BQU87Z0JBQ0wsTUFBTSxFQUFFLFFBQVEsQ0FBQyxNQUFNO2dCQUN2QixXQUFXLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDO2dCQUN2QyxlQUFlLEVBQUUsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxDQUFDO2FBQ3ZELENBQUM7UUFDSixDQUFDO0tBQUE7SUFFWSxnQkFBZ0IsQ0FBQyxRQUFnQjs7WUFDNUMsTUFBTSxZQUFZLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsWUFBWSxDQUMzRCxPQUFPLEVBQ1AsUUFBUSxDQUNULENBQUM7WUFDRixNQUFNLFVBQVUsR0FBRyxZQUFZLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztZQUVoRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJO2lCQUM3QixHQUFHLENBQUMsd0NBQXdDLFVBQVUsRUFBRSxFQUFFO2dCQUN6RCxZQUFZLEVBQUUsTUFBTTthQUNyQixDQUFDO2lCQUNELFNBQVMsRUFBRSxDQUFDO1lBRWYsTUFBTSxPQUFPLEdBQUcsSUFBSSxNQUFNLENBQ3hCLE9BQU8sWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsbUJBQW1CLEVBQ25ELElBQUksQ0FDTCxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUVqQixJQUFJLE9BQU8sRUFBRTtnQkFDWCxPQUFPLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUM7YUFDOUI7WUFDRCxPQUFPLENBQUMsQ0FBQztRQUNYLENBQUM7S0FBQTtJQUVNLGdCQUFnQixDQUFDLE9BQWdCO1FBQ3RDLE9BQVEsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQVMsQ0FBQyxDQUFDLENBQUM7SUFDekMsQ0FBQztJQUVZLG1CQUFtQixDQUFDLFFBQWdCOztZQUMvQyxNQUFNLGFBQWEsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztZQUNsRSxNQUFNLE9BQU8sR0FBRyxDQUNkLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLGlCQUNqQyxRQUFRLElBQ0wsYUFBYSxFQUNoQixDQUNILENBQUMsR0FBRyxDQUFDO1lBRU4sTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDbEUsTUFBTSxPQUFPLEdBQUcsQ0FDZCxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxpQkFDakMsUUFBUSxJQUNMLGFBQWEsRUFDaEIsQ0FDSCxDQUFDLEdBQUcsQ0FBQztZQUVOLE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBRWpFLE1BQU0seUJBQXlCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNwRSxPQUFPLEVBQ1AsZUFBZSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDN0IsQ0FBQztZQUVGLHdFQUF3RTtZQUN4RSw2Q0FBNkM7WUFDN0Msc0NBQXNDO1lBQ3RDLGdHQUFnRztZQUVoRyxPQUFPO2dCQUNMLGFBQWE7Z0JBQ2IsT0FBTztnQkFDUCxhQUFhO2dCQUNiLE9BQU87Z0JBQ1AsZUFBZTtnQkFDZix5QkFBeUI7YUFDMUIsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVEOzs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7O09BeUJHO0lBRVUsZUFBZTs7WUFDMUIsTUFBTSxvQkFBb0IsR0FBRyxNQUFNLElBQUksQ0FBQyx1QkFBdUIsRUFBRSxDQUFDO1lBQ2xFLE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxvQkFBb0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUN2RCxNQUFNLFVBQVUsR0FBRyxNQUFNLENBQUMsb0JBQW9CLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDM0QsTUFBTSxRQUFRLEdBQUcsTUFBTSxDQUFDLFFBQVEsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDLENBQUM7WUFDNUQsTUFBTSxPQUFPLEdBQUcsUUFBUSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ3JDLElBQUksT0FBTyxHQUFHLG9CQUFvQixDQUFDLGlCQUFpQixFQUFFO2dCQUNwRCxPQUFPLElBQUksQ0FBQzthQUNiO2lCQUFNO2dCQUNMLE9BQU8sS0FBSyxDQUFDO2FBQ2Q7UUFDSCxDQUFDO0tBQUE7SUFFWSxjQUFjLENBQUMsUUFBZ0IsRUFBRSxXQUFtQjs7WUFDL0QsTUFBTSxXQUFXLEdBQWdCLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUFDO1lBRTVFLGFBQWE7WUFDYix5QkFBeUI7WUFDekIsdUdBQXVHO1lBQ3ZHLElBQUksUUFBUSxLQUFLLFdBQVcsRUFBRTtnQkFDNUIsTUFBTSxJQUFJLHNCQUFzQixDQUM5Qiw4Q0FBOEMsQ0FDL0MsQ0FBQzthQUNIO1lBRUQsTUFBTSxFQUFFLFdBQVcsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUVuRSxNQUFNLEVBQUUsT0FBTyxFQUFFLGVBQWUsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FDNUQsUUFBUSxFQUNSLFdBQVcsQ0FDWixDQUFDO1lBRUYsZ0NBQWdDO1lBQ2hDLHFGQUFxRjtZQUNyRix5REFBeUQ7WUFFekQsMkJBQTJCO1lBQzNCLE1BQU0sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRS9ELHFDQUFxQztZQUNyQyxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUMxQyxXQUFXLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQ3hDLENBQUM7WUFDRixNQUFNLG1CQUFtQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDOUQsVUFBVSxDQUFDLE9BQU8sRUFDbEIsU0FBUyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQzNCLENBQUM7WUFFRixpRkFBaUY7WUFDakYsaUZBQWlGO1lBQ2pGLHNGQUFzRjtZQUN0Rix3Q0FBd0M7WUFFeEMsTUFBTSxFQUFFLEtBQUssRUFBRSxZQUFZLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxzQkFBc0IsQ0FDL0QsZUFBZSxFQUNmLFdBQVcsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFDdkMsbUJBQW1CLEVBQ25CLFVBQVUsQ0FDWCxDQUFDO1lBRUYsZ0NBQWdDO1lBQ2hDLDhGQUE4RjtZQUM5RiwrQ0FBK0M7WUFFL0MseUNBQXlDO1lBQ3pDLHlCQUF5QjtZQUN6QixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUM1QixXQUFXLEVBQ1gsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE9BQU8sQ0FBQyxFQUM5QixJQUFJLENBQUMsZ0JBQWdCLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUMxQyxDQUFDO1lBRUYsZ0NBQWdDO1lBQ2hDLHNCQUFzQjtZQUV0Qiw2RkFBNkY7WUFDN0YsMkZBQTJGO1lBQzNGLDRGQUE0RjtZQUM1RixrRUFBa0U7WUFDbEUsTUFBTSxJQUFJLENBQUMsc0JBQXNCLENBQy9CLFdBQVcsQ0FBQyxvQkFBb0IsRUFBRSxDQUFDLGNBQWMsRUFBRSxDQUFDLFdBQVcsRUFBRSxFQUNqRSxJQUFJLEVBQ0osS0FBSyxDQUNOLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFWSxzQkFBc0IsQ0FDakMsV0FBbUIsRUFDbkIsY0FBdUIsRUFDdkIsUUFBZ0IsSUFBSTs7WUFFcEIsT0FBTyxJQUFJLENBQUMsSUFBSTtpQkFDYixJQUFJLENBQ0gsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8saUNBQWlDLGtCQUVyRCxnQkFBZ0IsRUFBRSxjQUFjLElBQzdCLENBQUMsS0FBSyxJQUFJLEVBQUUsS0FBSyxFQUFFLENBQUMsR0FFekI7Z0JBQ0UsT0FBTyxFQUFFO29CQUNQLGFBQWEsRUFBRSxVQUFVLFdBQVcsRUFBRTtpQkFDdkM7YUFDRixDQUNGO2lCQUNBLFNBQVMsRUFBRSxDQUFDO1FBQ2pCLENBQUM7S0FBQTtJQUVhLGNBQWMsQ0FDMUIsT0FBZ0IsRUFDaEIsVUFBa0I7O1lBRWxCLElBQUk7Z0JBQ0YsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxVQUFVLENBQUMsQ0FBQztnQkFDMUUsT0FBTyxHQUFHLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO2FBQzNCO1lBQUMsT0FBTyxLQUFLLEVBQUU7Z0JBQ2QsTUFBTSxJQUFJLGVBQWUsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO2FBQ3JEO1FBQ0gsQ0FBQztLQUFBO0lBRWEsY0FBYyxDQUMxQixRQUFnQixFQUNoQixXQUEyQjs7WUFFM0Isa0VBQWtFO1lBQ2xFLE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQzlDO2dCQUNFLFFBQVEsRUFBRSw2QkFBNkI7Z0JBQ3ZDLFNBQVMsRUFBRSxFQUFFO2FBQ2QsQ0FDRixDQUFDO1lBRUYsa0VBQWtFO1lBQ2xFLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLGlCQUN2RCxRQUFRLElBQ0wsV0FBVyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUNuRCxDQUFDO1lBRUgsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUMzQyxhQUFhLENBQUMsR0FBRyxFQUNqQixXQUFXLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyx5QkFBeUIsQ0FDN0QsQ0FBQztZQUVGLHlGQUF5RjtZQUN6RixXQUFXO1lBQ1gsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLENBQUM7WUFFM0UsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLFdBQVcsRUFBRTtnQkFDckUsV0FBVyxFQUFFLGVBQWUsQ0FBQyxxQkFBcUIsQ0FBQyxTQUFTLENBQUMsV0FBVztnQkFDeEUsV0FBVzthQUNaLENBQUMsQ0FBQztZQUVILE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLGlCQUN2RCxRQUFRLElBQ0wsV0FBVyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUNuRCxDQUFDO1lBRUgsT0FBTztnQkFDTCxPQUFPLEVBQUUsYUFBYSxDQUFDLEdBQUc7Z0JBQzFCLGVBQWU7YUFDaEIsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVhLHNCQUFzQixDQUNsQyxlQUFxQyxFQUNyQyxXQUFtQixFQUNuQixtQkFBMkIsRUFDM0IsYUFBNEI7O1lBRTVCLE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQXlCO2dCQUNoRSxRQUFRLEVBQUUsc0JBQXNCO2dCQUNoQyxTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFO3dCQUNMLGVBQWUsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQzt3QkFDaEQsV0FBVzt3QkFDWCxtQkFBbUIsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLG1CQUFtQixDQUFDO3dCQUN4RCxVQUFVLEVBQUU7NEJBQ1YsYUFBYSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDLGFBQWEsQ0FBQzs0QkFDMUQsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDaEMsYUFBYSxDQUFDLGVBQWUsQ0FBQyxNQUFNLEVBQUUsQ0FDdkM7NEJBQ0QseUJBQXlCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDdkMsYUFBYSxDQUFDLHlCQUF5QixDQUN4Qzs0QkFDRCxhQUFhLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDO3lCQUMzRDtxQkFDRjtpQkFDRjthQUNGLENBQUMsQ0FBQztZQUNILE9BQU87Z0JBQ0wsS0FBSyxFQUFFLFFBQVEsQ0FBQyxjQUFjLENBQUMsS0FBSztnQkFDcEMsWUFBWSxFQUFFLFFBQVEsQ0FBQyxjQUFjLENBQUMsVUFBVSxDQUFDLEVBQUU7YUFDcEQsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVLLHVCQUF1Qjs7WUFDM0IsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBTTtnQkFDdkMsS0FBSyxFQUFFLHlCQUF5QjthQUNqQyxDQUFDLENBQUM7WUFFSCxNQUFNLEdBQUcsR0FBRyxHQUFHLENBQUMsb0JBQTRDLENBQUM7WUFFN0QsR0FBRyxDQUFDLFFBQVEsR0FBRyxJQUFJLElBQUksQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDdEMsR0FBRyxDQUFDLFVBQVUsR0FBRyxJQUFJLElBQUksQ0FBQyxHQUFHLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDMUMsT0FBTyxHQUFHLENBQUM7UUFDYixDQUFDO0tBQUE7SUFFTSxnQkFBZ0IsQ0FBQyxRQUFRO1FBQzlCLE1BQU0sS0FBSyxHQUFHLFFBQVEsQ0FBQztRQUN2QixNQUFNLEtBQUssR0FBRyxRQUFRLENBQUM7UUFDdkIsTUFBTSxLQUFLLEdBQUcsUUFBUSxDQUFDO1FBRXZCLE1BQU0sWUFBWSxHQUFHLEVBQUUsQ0FBQztRQUN4QixNQUFNLFlBQVksR0FBRyxFQUFFLENBQUM7UUFDeEIsTUFBTSxZQUFZLEdBQUcsRUFBRSxDQUFDO1FBQ3hCLE1BQU0sY0FBYyxHQUFHLEVBQUUsQ0FBQyxDQUFDLHdDQUF3QztRQUVuRSxTQUFTLGFBQWEsQ0FBQyxHQUFHLEVBQUUsRUFBRTtZQUM1QixPQUFPLENBQUMsQ0FBQyxHQUFHLElBQUksRUFBRSxDQUFDLENBQUMsS0FBSyxDQUFDLEVBQUUsQ0FBQyxJQUFJLEVBQUUsQ0FBQyxDQUFDLE1BQU0sQ0FBQztRQUM5QyxDQUFDO1FBRUQsTUFBTSxNQUFNLEdBQUcsYUFBYSxDQUFDLFFBQVEsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUM5QyxNQUFNLE1BQU0sR0FBRyxhQUFhLENBQUMsUUFBUSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzlDLE1BQU0sTUFBTSxHQUFHLGFBQWEsQ0FBQyxRQUFRLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDOUMsTUFBTSxRQUFRLEdBQUcsUUFBUSxDQUFDLE1BQU0sR0FBRyxNQUFNLEdBQUcsTUFBTSxHQUFHLE1BQU0sQ0FBQztRQUU1RCxJQUFJLE9BQU8sR0FBRyxDQUFDLENBQUM7UUFDaEIsSUFBSSxNQUFNLEVBQUU7WUFDVixPQUFPLElBQUksWUFBWSxDQUFDO1NBQ3pCO1FBQ0QsSUFBSSxNQUFNLEVBQUU7WUFDVixPQUFPLElBQUksWUFBWSxDQUFDO1NBQ3pCO1FBQ0QsSUFBSSxNQUFNLEVBQUU7WUFDVixPQUFPLElBQUksWUFBWSxDQUFDO1NBQ3pCO1FBQ0QsSUFBSSxRQUFRLEVBQUU7WUFDWixPQUFPLElBQUksY0FBYyxDQUFDO1NBQzNCO1FBRUQsSUFBSSxRQUFRLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRTtZQUN6QixPQUFPO2dCQUNMLEtBQUssRUFBRSxDQUFDO2dCQUNSLGtCQUFrQjtnQkFDbEIsSUFBSSxFQUFFLENBQUM7YUFDUixDQUFDO1NBQ0g7UUFFRCxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsTUFBTSxDQUFDLENBQUM7UUFFeEQsTUFBTSxLQUFLLEdBQ1QsQ0FBQyxLQUFLLEdBQUcsWUFBWSxDQUFDO1lBQ3RCLElBQUksQ0FBQyxHQUFHLENBQUMsWUFBWSxHQUFHLFlBQVksR0FBRyxZQUFZLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDM0QsT0FBTztZQUNMLEtBQUs7WUFDTCxrQkFBa0I7WUFDbEIsSUFBSSxFQUFFLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxZQUFZLENBQUMsQ0FBQztTQUMxQyxDQUFDO0lBQ0osQ0FBQzs7OztZQTVYRixVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7Ozs0Q0FLSSxNQUFNLFNBQUMsU0FBUztZQS9EWixVQUFVO1lBVVYsZUFBZTtZQVBmLFNBQVM7WUFFVCxjQUFjO1lBaUJPLEdBQUc7WUFoQnhCLGlCQUFpQjtZQUNqQixlQUFlO1lBVWYsZ0JBQWdCO1lBSWhCLFdBQVciLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBIdHRwQ2xpZW50IH0gZnJvbSAnQGFuZ3VsYXIvY29tbW9uL2h0dHAnO1xyXG5pbXBvcnQgeyBJbmplY3QsIEluamVjdGFibGUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcclxuaW1wb3J0IHsgQ29nbml0b1VzZXIgfSBmcm9tICdAYXdzLWFtcGxpZnkvYXV0aCc7XHJcbmltcG9ydCB7IEF1dGhDbGFzcyB9IGZyb20gJ0Bhd3MtYW1wbGlmeS9hdXRoL2xpYi1lc20vQXV0aCc7XHJcbmltcG9ydCB7IEpXSywgSldTIH0gZnJvbSAnbm9kZS1qb3NlJztcclxuaW1wb3J0IHsgUHJvZmlsZVNlcnZpY2UgfSBmcm9tICcuLi91c2Vycy9wcm9maWxlLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBFbmNyeXB0aW9uU2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9lbmNyeXB0aW9uLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBLZXlHcmFwaFNlcnZpY2UgfSBmcm9tICcuLi9jcnlwdG9ncmFwaHkva2V5LWdyYXBoLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBMaWZlUmVhZHlDb25maWcsIExSX0NPTkZJRyB9IGZyb20gJy4uL2xpZmUtcmVhZHkuY29uZmlnJztcclxuaW1wb3J0IHsgTHJBdXRoRXhjZXB0aW9uLCBMckJhZEFyZ3VtZW50RXhjZXB0aW9uIH0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcclxuaW1wb3J0IHsgTHJBcG9sbG9TZXJ2aWNlIH0gZnJvbSAnLi8uLi9hcGkvbHItYXBvbGxvLnNlcnZpY2UnO1xyXG5pbXBvcnQge1xyXG4gIFBhc3N3b3JkQ2hhbmdlTXV0YXRpb24sXHJcbiAgUGFzc3dvcmRDaGFuZ2VSZXF1ZXN0TXV0YXRpb24sXHJcbiAgUGFzc3dvcmRDaGFuZ2VDb25maWdRdWVyeSxcclxufSBmcm9tICcuL2F1dGguZ3FsJztcclxuaW1wb3J0IHsgUGFzc0tleUJ1bmRsZSB9IGZyb20gJy4vYXV0aC50eXBlcyc7XHJcbmltcG9ydCB7IFdlYkNyeXB0b1NlcnZpY2UgfSBmcm9tICcuLi9jcnlwdG9ncmFwaHkvd2ViLWNyeXB0by5zZXJ2aWNlJztcclxuaW1wb3J0IHsgRHVyYXRpb24gfSBmcm9tICdtb21lbnQnO1xyXG5pbXBvcnQgKiBhcyBtb21lbnRfIGZyb20gJ21vbWVudCc7XHJcbmltcG9ydCB7IEFwaUN1cnJlbnRVc2VyIH0gZnJvbSAnLi4vdXNlcnMvcHJvZmlsZS50eXBlcyc7XHJcbmltcG9ydCB7IElkbGVTZXJ2aWNlIH0gZnJvbSAnLi4vYXV0aC9pZGxlLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBLZXlGYWN0b3J5U2VydmljZSBhcyBLRlMgfSBmcm9tICcuLi9jcnlwdG9ncmFwaHkva2V5LWZhY3Rvcnkuc2VydmljZSc7XHJcblxyXG4vLyBcIndoeT9cIiB5b3UgYXNrOiBodHRwczovL3N0YWNrb3ZlcmZsb3cuY29tL3F1ZXN0aW9ucy81OTczNTI4MC9hbmd1bGFyLTgtbW9tZW50LWVycm9yLWNhbm5vdC1jYWxsLWEtbmFtZXNwYWNlLW1vbWVudFxyXG5jb25zdCBtb21lbnQgPSBtb21lbnRfO1xyXG5cclxuaW50ZXJmYWNlIFBhc3N3b3JkQ2hhbmdlUmVxdWVzdE11dGF0aW9uIHtcclxuICBwYXNzd29yZENoYW5nZVJlcXVlc3Q6IHtcclxuICAgIGNoYWxsZW5nZToge1xyXG4gICAgICBzZXJ2ZXJOb25jZTogc3RyaW5nO1xyXG4gICAgfTtcclxuICB9O1xyXG59XHJcblxyXG5pbnRlcmZhY2UgUGFzc3dvcmRDaGFuZ2VNdXRhdGlvbiB7XHJcbiAgcGFzc3dvcmRDaGFuZ2U6IHtcclxuICAgIHRva2VuOiBzdHJpbmc7XHJcbiAgICBuZXdQYXNzS2V5OiB7XHJcbiAgICAgIGlkOiBzdHJpbmc7XHJcbiAgICB9O1xyXG4gIH07XHJcbn1cclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgUGFzc3dvcmRDaGFuZ2VDb25maWcge1xyXG4gIG1heEF1dGhBZ2VTZWNvbmRzOiBudW1iZXI7XHJcbiAgYXV0aFRpbWU6IHN0cmluZyB8IERhdGU7XHJcbiAgc2VydmVyVGltZTogc3RyaW5nIHwgRGF0ZTtcclxufVxyXG5cclxuZXhwb3J0IGNsYXNzIFBhc3N3b3JkQ2hlY2sge1xyXG4gIGxlbmd0aD86IG51bWJlcjtcclxuICB0aW1lVG9DcmFjaz86IER1cmF0aW9uO1xyXG4gIHBhc3N3b3JkRXhwb3NlZD86IG51bWJlcjtcclxufVxyXG5cclxuQEluamVjdGFibGUoe1xyXG4gIHByb3ZpZGVkSW46ICdyb290JyxcclxufSlcclxuZXhwb3J0IGNsYXNzIFBhc3N3b3JkU2VydmljZSB7XHJcbiAgcHJpdmF0ZSByZWFkb25seSBDTElFTlRfTk9OQ0VfTEVOR1RIID0gMzI7XHJcblxyXG4gIGNvbnN0cnVjdG9yKFxyXG4gICAgQEluamVjdChMUl9DT05GSUcpIHByaXZhdGUgY29uZmlnOiBMaWZlUmVhZHlDb25maWcsXHJcbiAgICBwcml2YXRlIGh0dHA6IEh0dHBDbGllbnQsXHJcbiAgICBwcml2YXRlIGFwb2xsbzogTHJBcG9sbG9TZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSBhdXRoOiBBdXRoQ2xhc3MsXHJcbiAgICBwcml2YXRlIHByb2ZpbGVTZXJ2aWNlOiBQcm9maWxlU2VydmljZSxcclxuICAgIHByaXZhdGUga2V5RmFjdG9yeTogS0ZTLFxyXG4gICAgcHJpdmF0ZSBlbmNyeXB0aW9uU2VydmljZTogRW5jcnlwdGlvblNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGtleUdyYXBoOiBLZXlHcmFwaFNlcnZpY2UsXHJcbiAgICBwcml2YXRlIHdlYkNyeXB0b1NlcnZpY2U6IFdlYkNyeXB0b1NlcnZpY2UsXHJcbiAgICBwcml2YXRlIGlkbGVTZXJ2aWNlOiBJZGxlU2VydmljZVxyXG4gICkge31cclxuXHJcbiAgcHVibGljIGFzeW5jIGNoZWNrUGFzc3dvcmQocGFzc3dvcmQ6IHN0cmluZyk6IFByb21pc2U8UGFzc3dvcmRDaGVjaz4ge1xyXG4gICAgY29uc3QgeyB5ZWFycyB9ID0gdGhpcy5wYXNzd29yZFN0cmVuZ3RoKHBhc3N3b3JkKTtcclxuXHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBsZW5ndGg6IHBhc3N3b3JkLmxlbmd0aCxcclxuICAgICAgdGltZVRvQ3JhY2s6IG1vbWVudC5kdXJhdGlvbih7IHllYXJzIH0pLFxyXG4gICAgICBwYXNzd29yZEV4cG9zZWQ6IGF3YWl0IHRoaXMuZ2V0RXhwb3N1cmVDb3VudChwYXNzd29yZCksXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIGdldEV4cG9zdXJlQ291bnQocGFzc3dvcmQ6IHN0cmluZyk6IFByb21pc2U8bnVtYmVyPiB7XHJcbiAgICBjb25zdCBzaGExUGFzc3dvcmQgPSBhd2FpdCB0aGlzLndlYkNyeXB0b1NlcnZpY2Uuc3RyaW5nRGlnZXN0KFxyXG4gICAgICAnU0hBLTEnLFxyXG4gICAgICBwYXNzd29yZFxyXG4gICAgKTtcclxuICAgIGNvbnN0IGZpcnN0NXNoYTEgPSBzaGExUGFzc3dvcmQuc3Vic3RyaW5nKDAsIDUpO1xyXG5cclxuICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgdGhpcy5odHRwXHJcbiAgICAgIC5nZXQoYGh0dHBzOi8vYXBpLnB3bmVkcGFzc3dvcmRzLmNvbS9yYW5nZS8ke2ZpcnN0NXNoYTF9YCwge1xyXG4gICAgICAgIHJlc3BvbnNlVHlwZTogJ3RleHQnLFxyXG4gICAgICB9KVxyXG4gICAgICAudG9Qcm9taXNlKCk7XHJcblxyXG4gICAgY29uc3QgcmVzdWx0cyA9IG5ldyBSZWdFeHAoXHJcbiAgICAgIGBeKD86JHtzaGExUGFzc3dvcmQuc3Vic3RyaW5nKDUpfTopKD88Y291bnQ+XFxcXGQrKSRgLFxyXG4gICAgICAnaW0nXHJcbiAgICApLmV4ZWMocmVzcG9uc2UpO1xyXG5cclxuICAgIGlmIChyZXN1bHRzKSB7XHJcbiAgICAgIHJldHVybiArcmVzdWx0cy5ncm91cHMuY291bnQ7XHJcbiAgICB9XHJcbiAgICByZXR1cm4gMDtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBnZXRQYXNzSWRwU3RyaW5nKHBhc3NJZHA6IEpXSy5LZXkpIHtcclxuICAgIHJldHVybiAocGFzc0lkcC50b0pTT04odHJ1ZSkgYXMgYW55KS5rO1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIGNyZWF0ZVBhc3NLZXlCdW5kbGUocGFzc3dvcmQ6IHN0cmluZyk6IFByb21pc2U8UGFzc0tleUJ1bmRsZT4ge1xyXG4gICAgY29uc3QgcGFzc0lkcFBhcmFtcyA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVQYXNzSWRwUGFyYW1zKCk7XHJcbiAgICBjb25zdCBwYXNzSWRwID0gKFxyXG4gICAgICBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlUGFzc0lkcCh7XHJcbiAgICAgICAgcGFzc3dvcmQsXHJcbiAgICAgICAgLi4ucGFzc0lkcFBhcmFtcyxcclxuICAgICAgfSlcclxuICAgICkuandrO1xyXG5cclxuICAgIGNvbnN0IHBhc3NLZXlQYXJhbXMgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlUGFzc0tleVBhcmFtcygpO1xyXG4gICAgY29uc3QgcGFzc0tleSA9IChcclxuICAgICAgYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmRlcml2ZVBhc3NLZXkoe1xyXG4gICAgICAgIHBhc3N3b3JkLFxyXG4gICAgICAgIC4uLnBhc3NLZXlQYXJhbXMsXHJcbiAgICAgIH0pXHJcbiAgICApLmp3aztcclxuXHJcbiAgICBjb25zdCBwYXNzSWRwVmVyaWZpZXIgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlUGtjU2lnbktleSgpO1xyXG5cclxuICAgIGNvbnN0IHdyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcmsgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXHJcbiAgICAgIHBhc3NLZXksXHJcbiAgICAgIHBhc3NJZHBWZXJpZmllci50b0pTT04odHJ1ZSlcclxuICAgICk7XHJcblxyXG4gICAgLy8gVGhlcmUgYXJlIHR3byBmb3JtYXRzIHRoYXQgdGhlIHByaXZhdGUga2V5IGNhbiBiZSByZXByZXNlbnRlZCBpbiBKV0s6XHJcbiAgICAvLyBodHRwczovL3Rvb2xzLmlldGYub3JnL2h0bWwvcmZjODAxNyNwYWdlLTlcclxuICAgIC8vIFRoZSBzZWNvbmQgZm9ybSBpcyBhbiBvcHRpbWl6YXRpb246XHJcbiAgICAvLyBodHRwczovL2NyeXB0by5zdGFja2V4Y2hhbmdlLmNvbS9xdWVzdGlvbnMvMTk0MTMvd2hhdC1hcmUtZHAtYW5kLWRxLWluLWVuY3J5cHRpb24tYnktcnNhLWluLWNcclxuXHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBwYXNzS2V5UGFyYW1zLFxyXG4gICAgICBwYXNzS2V5LFxyXG4gICAgICBwYXNzSWRwUGFyYW1zLFxyXG4gICAgICBwYXNzSWRwLFxyXG4gICAgICBwYXNzSWRwVmVyaWZpZXIsXHJcbiAgICAgIHdyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcmssXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgLyoqXHJcbiAgICogV2UgbmVlZCB0byBhbGxvdyBmb3IgaW50ZXJydXB0aW9uIG9mIHRoZSBwcm9jZXNzIGF0IGFueSBwb2ludC4gRWFjaCBBUEkgY2FsbCBjYW4gYmUgY29uc2lkZXJlZFxyXG4gICAqIGF0b21pYyBhbmQgZWl0aGVyIHN1Y2NlZWRzIG9yIGZhaWxzLlxyXG4gICAqXHJcbiAgICogVGhlIExSIHNlcnZlciBBUElzIHVzZSBzZW1hcGhvcmUgdG9rZW5zIGZvciBsb2NraW5nIGNyaXRpY2FsIG9wZXJhdGlvbnMsIHNvIGNvbmN1cnJlbnQgY2FsbHMgd2lsbFxyXG4gICAqIGZhaWwuXHJcbiAgICpcclxuICAgKiBXZSBhc3N1bWUgdGhlIHdvcnN0IGNhc2UgZm9yIElkUCBBUEkgY2FsbHMuIFNvIHdlIHVzZSB0aGUgc2VtYXBob3JlIHRva2VuIGZyb20gTFIgdG8gcHJldmVudFxyXG4gICAqIGNvbmN1cnJlbnQgY2FsbHMgdG8gSWRQIEFQSXMsIGJ1dCB3ZSBoYXZlIHRvIGFzc3VtZSB0aGF0IHRoZSBJZFAgQVBJIGNhbGxzIHdpbGwgZWl0aGVyIHN1Y2NlZWQgb3JcclxuICAgKiBmYWlsIHdpdGhpbiBhIHJlYXNvbmFibGUgYW1vdW50IG9mIHRpbWUuXHJcbiAgICpcclxuICAgKiBFYWNoIGxvY2F0aW9uIHdoZXJlIHRoZSBzZXJ2ZXIgc3RhdGUgY2hhbmdlcyBjYW4gYmUgYSBwb3RlbnRpYWwgcG9pbnQgb2YgaW50ZXJydXB0aW9uLlxyXG4gICAqIFBvdGVudGlhbCBwb2ludHMgb2YgaW50ZXJydXB0aW9uIGFyZSBtYXJrZWQgd2l0aDogLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludC0tXHJcbiAgICpcclxuICAgKiBQbGFjZXMgZm9yIHRpbWVvdXQ6XHJcbiAgICogLSBMb2dpbiBhZ2UgdG9vIG9sZCBhdCBjYWxsIHRvOiB2ZXJpZnlQYXNzd29yZCgpXHJcbiAgICogLSBMb2dpbiBhZ2UgdG9vIG9sZCBhdCBjYWxsIHRvOiBjaGFuZ2VQYXNzd29yZE11dGF0aW9uKClcclxuICAgKiAtIFNlbWFwaG9yZSB0b2tlbiBleHBpcmVzIGF0IGNhbGwgdG86IGNoYW5nZVBhc3N3b3JkQ29tcGxldGUoKVxyXG4gICAqXHJcbiAgICogVGVzdHM6XHJcbiAgICogLSBQb3RlbnRpYWwgRmFpbHVyZSBQb2ludCAxOiBzaG91bGQgYmUgYWJsZSB0byByZXN0YXJ0IHRoZSBwcm9jZXNzLCB1c2VyIHJlbWFpbnMgc2lnbmVkIGluLlxyXG4gICAqIC0gUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgMjogc2hvdWxkIGVudGVyIHJlY292ZXJ5IGZsb3dcclxuICAgKiAtIFBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDM6IHNob3VsZCBlbnRlciByZWNvdmVyeSBmbG93XHJcbiAgICogLSBQb3RlbnRpYWwgRmFpbHVyZSBQb2ludCA0OiBzaG91bGQgZW50ZXIgcmVjb3ZlcnkgZmxvd1xyXG4gICAqXHJcbiAgICovXHJcblxyXG4gIHB1YmxpYyBhc3luYyBpc0xvZ2luUmVxdWlyZWQoKTogUHJvbWlzZTxib29sZWFuPiB7XHJcbiAgICBjb25zdCBjaGFuZ2VQYXNzd29yZENvbmZpZyA9IGF3YWl0IHRoaXMuZ2V0Q2hhbmdlUGFzc3dvcmRDb25maWcoKTtcclxuICAgIGNvbnN0IGF1dGhUaW1lID0gbW9tZW50KGNoYW5nZVBhc3N3b3JkQ29uZmlnLmF1dGhUaW1lKTtcclxuICAgIGNvbnN0IHNlcnZlclRpbWUgPSBtb21lbnQoY2hhbmdlUGFzc3dvcmRDb25maWcuc2VydmVyVGltZSk7XHJcbiAgICBjb25zdCBkdXJhdGlvbiA9IG1vbWVudC5kdXJhdGlvbihzZXJ2ZXJUaW1lLmRpZmYoYXV0aFRpbWUpKTtcclxuICAgIGNvbnN0IHNlY29uZHMgPSBkdXJhdGlvbi5hc1NlY29uZHMoKTtcclxuICAgIGlmIChzZWNvbmRzID4gY2hhbmdlUGFzc3dvcmRDb25maWcubWF4QXV0aEFnZVNlY29uZHMpIHtcclxuICAgICAgcmV0dXJuIHRydWU7XHJcbiAgICB9IGVsc2Uge1xyXG4gICAgICByZXR1cm4gZmFsc2U7XHJcbiAgICB9XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgY2hhbmdlUGFzc3dvcmQocGFzc3dvcmQ6IHN0cmluZywgbmV3UGFzc3dvcmQ6IHN0cmluZykge1xyXG4gICAgY29uc3QgY29nbml0b1VzZXI6IENvZ25pdG9Vc2VyID0gYXdhaXQgdGhpcy5hdXRoLmN1cnJlbnRBdXRoZW50aWNhdGVkVXNlcigpO1xyXG5cclxuICAgIC8vIFZhbGlkYXRpb25cclxuICAgIC8vIHRvZG86IEFkZCB0aGlzIGJhY2sgaW5cclxuICAgIC8vIE5vdGUgdGhlIHBhc3NJZHAgd2lsbCBhbHdheXMgaGF2ZSBhIHJhbmRvbSBzYWx0LCBzbyB3aWxsIGFsd2F5cyBiZSBkaWZmZXJlbnQgdG8gdGhlIGN1cnJlbnQgcGFzc0lkcC5cclxuICAgIGlmIChwYXNzd29yZCA9PT0gbmV3UGFzc3dvcmQpIHtcclxuICAgICAgdGhyb3cgbmV3IExyQmFkQXJndW1lbnRFeGNlcHRpb24oXHJcbiAgICAgICAgJ05ldyBwYXNzd29yZCBpcyB0aGUgc2FtZSBhcyB0aGUgY3VycmVudCBvbmUuJ1xyXG4gICAgICApO1xyXG4gICAgfVxyXG5cclxuICAgIGNvbnN0IHsgY3VycmVudFVzZXIgfSA9IGF3YWl0IHRoaXMucHJvZmlsZVNlcnZpY2UuZ2V0Q3VycmVudFVzZXIoKTtcclxuXHJcbiAgICBjb25zdCB7IHBhc3NJZHAsIHNpZ25lZENoYWxsZW5nZSB9ID0gYXdhaXQgdGhpcy52ZXJpZnlQYXNzd29yZChcclxuICAgICAgcGFzc3dvcmQsXHJcbiAgICAgIGN1cnJlbnRVc2VyXHJcbiAgICApO1xyXG5cclxuICAgIC8vIC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgMS0tXHJcbiAgICAvLyB2ZXJpZnlQYXNzd29yZCgpIGFza3MgZm9yIGEgY3VycmVudCBwYXNzd29yZCBjaGFsbGVuZ2UgaGVuY2UgY2hhbmdlcyBzZXJ2ZXIgc3RhdGUuXHJcbiAgICAvLyBQbGFjZSBicmVhayBwb2ludHMgaGVyZSB0byB0ZXN0IHRoZSBmYWlsdXJlIHNjZW5hcmlvcy5cclxuXHJcbiAgICAvLyBHZW5lcmF0ZSB0aGUgbmV3IHBhc3NJZHBcclxuICAgIGNvbnN0IG5ld1Bhc3NLZXkgPSBhd2FpdCB0aGlzLmNyZWF0ZVBhc3NLZXlCdW5kbGUobmV3UGFzc3dvcmQpO1xyXG5cclxuICAgIC8vIFJlLWVuY3J5cHQgbWFzdGVyIGtleSB3aXRoIG5ldyBrZXlcclxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5R3JhcGguZ2V0S2V5KFxyXG4gICAgICBjdXJyZW50VXNlci5jdXJyZW50VXNlcktleS5tYXN0ZXJLZXkuaWRcclxuICAgICk7XHJcbiAgICBjb25zdCBuZXdXcmFwcGVkTWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxyXG4gICAgICBuZXdQYXNzS2V5LnBhc3NLZXksXHJcbiAgICAgIG1hc3RlcktleS5qd2sudG9KU09OKHRydWUpXHJcbiAgICApO1xyXG5cclxuICAgIC8vIElmIHRoZSBJZFAgY2hhbmdlIHBhc3N3b3JkIGZhaWxlZCwgd2UgbmVlZCB0byBnbyBpbnRvIHJlY292ZXJ5IG1vZGUgYnkgZm9yY2luZ1xyXG4gICAgLy8gYSBsb2dpbi4gV2UgY2FuJ3QgbG9nb3V0IHRoZSB1c2VyIGp1c3QgeWV0IHNpbmNlIHRoZSBJZFAgcGFzc3dvcmQgY2hhbmdlIG5lZWRzXHJcbiAgICAvLyB0aGUgdXNlciB0byBiZSBsb2dnZWQgaW4uIFdlIF9jYW5fIHJlbW92ZWQgYW55IHBlcnNpc3RlZCBzZXNzaW9uIHZhbHVlcyBmb3IgdGhlIElkUFxyXG4gICAgLy8gYnV0IHRoYXQgc2VlbXMgbGlrZSB0b28gbXVjaCB0cm91YmxlLlxyXG5cclxuICAgIGNvbnN0IHsgdG9rZW4sIG5ld1Bhc3NLZXlJZCB9ID0gYXdhaXQgdGhpcy5jaGFuZ2VQYXNzd29yZE11dGF0aW9uKFxyXG4gICAgICBzaWduZWRDaGFsbGVuZ2UsXHJcbiAgICAgIGN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5Lm1hc3RlcktleS5pZCxcclxuICAgICAgbmV3V3JhcHBlZE1hc3RlcktleSxcclxuICAgICAgbmV3UGFzc0tleVxyXG4gICAgKTtcclxuXHJcbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDItLVxyXG4gICAgLy8gY2hhbmdlUGFzc3dvcmRNdXRhdGlvbigpIHVwbG9hZHMgbmV3IGtleXMgYW5kIG9idGFpbnMgYSBzZW1hcGhvcmUgbG9jayB0byBwcmV2ZW50IGFueSBvdGhlclxyXG4gICAgLy8gY2xpZW50cyBmcm9tIHBlcmZvcm1pbmcgSWRQIHBhc3N3b3JkIGNoYW5nZS5cclxuXHJcbiAgICAvLyBOb3cgd2UgY2FuIGRvIHRoZSBJZFAgcGFzc3dvcmQgY2hhbmdlLlxyXG4gICAgLy8gdG9kbzogQWRkIHRoaXMgYmFjayBpblxyXG4gICAgYXdhaXQgdGhpcy5hdXRoLmNoYW5nZVBhc3N3b3JkKFxyXG4gICAgICBjb2duaXRvVXNlcixcclxuICAgICAgdGhpcy5nZXRQYXNzSWRwU3RyaW5nKHBhc3NJZHApLFxyXG4gICAgICB0aGlzLmdldFBhc3NJZHBTdHJpbmcobmV3UGFzc0tleS5wYXNzSWRwKVxyXG4gICAgKTtcclxuXHJcbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDMtLVxyXG4gICAgLy8gSWRQIHBhc3N3b3JkIGNoYW5nZVxyXG5cclxuICAgIC8vIE5vdGUgdGhhdCBjaGFuZ2VQYXNzd29yZCgpIGNvdWxkIHRocm93IGFuIGV4Y2VwdGlvbiBmb3IgYSBudW1iZXIgb2YgcmVhc29uLiBJdCBjb3VsZCB0aHJvd1xyXG4gICAgLy8gYSBuZXR3b3JrIHRpbWVvdXQgZm9yIGV4YW1wbGUuIEJ1dCB3ZSBkb24ndCBrbm93IGlmIGl0J3MgdGhlIHJlc3BvbnNlIHRoYXQgdGltZWQgb3V0IGFuZFxyXG4gICAgLy8gdGhlIGlkcCBwYXNzd29yZCBjaGFuZ2Ugd2FzIGFjdHVhbGx5IGNhcnJpZWQgb3V0LiBTbyB3ZSBoYXZlIHRvIGJlIGV4dHJhIGNvbnNlcnZhdGl2ZSBhbmRcclxuICAgIC8vIG9ubHkgYWN0IG9uIGEgY2xlYXIgc3VjY2Vzcy4gT3RoZXJ3aXNlIHdlIGdvIGludG8gcmVjb3ZlciBtb2RlLlxyXG4gICAgYXdhaXQgdGhpcy5jaGFuZ2VQYXNzd29yZENvbXBsZXRlKFxyXG4gICAgICBjb2duaXRvVXNlci5nZXRTaWduSW5Vc2VyU2Vzc2lvbigpLmdldEFjY2Vzc1Rva2VuKCkuZ2V0Snd0VG9rZW4oKSxcclxuICAgICAgdHJ1ZSxcclxuICAgICAgdG9rZW5cclxuICAgICk7XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgY2hhbmdlUGFzc3dvcmRDb21wbGV0ZShcclxuICAgIGFjY2Vzc1Rva2VuOiBzdHJpbmcsXHJcbiAgICB1c2VOZXdQYXNzd29yZDogYm9vbGVhbixcclxuICAgIHRva2VuOiBzdHJpbmcgPSBudWxsXHJcbiAgKTogUHJvbWlzZTxhbnk+IHtcclxuICAgIHJldHVybiB0aGlzLmh0dHBcclxuICAgICAgLnBvc3QoXHJcbiAgICAgICAgYCR7dGhpcy5jb25maWcuYXV0aFVybH11c2Vycy9wYXNzd29yZC1jaGFuZ2UtY29tcGxldGUvYCxcclxuICAgICAgICB7XHJcbiAgICAgICAgICB1c2VfbmV3X3Bhc3N3b3JkOiB1c2VOZXdQYXNzd29yZCxcclxuICAgICAgICAgIC4uLih0b2tlbiAmJiB7IHRva2VuIH0pLFxyXG4gICAgICAgIH0sXHJcbiAgICAgICAge1xyXG4gICAgICAgICAgaGVhZGVyczoge1xyXG4gICAgICAgICAgICBBdXRob3JpemF0aW9uOiBgQmVhcmVyICR7YWNjZXNzVG9rZW59YCxcclxuICAgICAgICAgIH0sXHJcbiAgICAgICAgfVxyXG4gICAgICApXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuICB9XHJcblxyXG4gIHByaXZhdGUgYXN5bmMgZ2V0VmVyaWZpZXJQcksoXHJcbiAgICBwYXNzS2V5OiBKV0suS2V5LFxyXG4gICAgd3JhcHBlZFBySzogb2JqZWN0XHJcbiAgKTogUHJvbWlzZTxKV0suS2V5PiB7XHJcbiAgICB0cnkge1xyXG4gICAgICBjb25zdCBwcmtKc29uID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KHBhc3NLZXksIHdyYXBwZWRQckspO1xyXG4gICAgICByZXR1cm4gS0ZTLmFzS2V5KHBya0pzb24pO1xyXG4gICAgfSBjYXRjaCAoZXJyb3IpIHtcclxuICAgICAgdGhyb3cgbmV3IExyQXV0aEV4Y2VwdGlvbignV3JvbmcgY3VycmVudCBwYXNzd29yZCcpO1xyXG4gICAgfVxyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBhc3luYyB2ZXJpZnlQYXNzd29yZChcclxuICAgIHBhc3N3b3JkOiBzdHJpbmcsXHJcbiAgICBjdXJyZW50VXNlcjogQXBpQ3VycmVudFVzZXJcclxuICApOiBQcm9taXNlPHsgcGFzc0lkcDogSldLLktleTsgc2lnbmVkQ2hhbGxlbmdlOiBKV1MuQ3JlYXRlU2lnblJlc3VsdCB9PiB7XHJcbiAgICAvLyBHZXQgaW5mb3JtYXRpb24gZnJvbSB0aGUgc2VydmVyIHRvIHByZXBhcmUgZm9yIHBhc3N3b3JkIGNoYW5nZS5cclxuICAgIGNvbnN0IHBhc3N3b3JkUmVxdWVzdCA9IGF3YWl0IHRoaXMuYXBvbGxvLm11dGF0ZTxQYXNzd29yZENoYW5nZVJlcXVlc3RNdXRhdGlvbj4oXHJcbiAgICAgIHtcclxuICAgICAgICBtdXRhdGlvbjogUGFzc3dvcmRDaGFuZ2VSZXF1ZXN0TXV0YXRpb24sXHJcbiAgICAgICAgdmFyaWFibGVzOiB7fSxcclxuICAgICAgfVxyXG4gICAgKTtcclxuXHJcbiAgICAvLyBHZXQgdGhlIG9sZCBwYXNzS2V5IHNvIHdlIGNhbiBkZWNyeXB0IHRoZSBvbGQgcGFzc3dvcmQgdmVyaWZpZXJcclxuICAgIGNvbnN0IHBhc3NLZXlSZXN1bHQgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlUGFzc0tleSh7XHJcbiAgICAgIHBhc3N3b3JkLFxyXG4gICAgICAuLi5jdXJyZW50VXNlci5jdXJyZW50VXNlcktleS5wYXNzS2V5LnBhc3NLZXlQYXJhbXMsXHJcbiAgICB9KTtcclxuXHJcbiAgICBjb25zdCB2ZXJpZmllclBySyA9IGF3YWl0IHRoaXMuZ2V0VmVyaWZpZXJQcksoXHJcbiAgICAgIHBhc3NLZXlSZXN1bHQuandrLFxyXG4gICAgICBjdXJyZW50VXNlci5jdXJyZW50VXNlcktleS5wYXNzS2V5LndyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcmtcclxuICAgICk7XHJcblxyXG4gICAgLy8gU2lnbiB0aGUgc2VydmVyIGNoYWxsZW5nZSB0byBwcm92ZSB0byB0aGUgc2VydmVyIHdlIGNhbiBkZWNyeXB0IHRoZSBwYXNzd29yZCB2ZXJpZmllci5cclxuICAgIC8vIEdlbmVyYXRlXHJcbiAgICBjb25zdCBjbGllbnROb25jZSA9IHRoaXMua2V5RmFjdG9yeS5yYW5kb21TdHJpbmcodGhpcy5DTElFTlRfTk9OQ0VfTEVOR1RIKTtcclxuXHJcbiAgICBjb25zdCBzaWduZWRDaGFsbGVuZ2UgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24odmVyaWZpZXJQckssIHtcclxuICAgICAgc2VydmVyTm9uY2U6IHBhc3N3b3JkUmVxdWVzdC5wYXNzd29yZENoYW5nZVJlcXVlc3QuY2hhbGxlbmdlLnNlcnZlck5vbmNlLFxyXG4gICAgICBjbGllbnROb25jZSxcclxuICAgIH0pO1xyXG5cclxuICAgIGNvbnN0IHBhc3NJZHBSZXN1bHQgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlUGFzc0lkcCh7XHJcbiAgICAgIHBhc3N3b3JkLFxyXG4gICAgICAuLi5jdXJyZW50VXNlci5jdXJyZW50VXNlcktleS5wYXNzS2V5LnBhc3NJZHBQYXJhbXMsXHJcbiAgICB9KTtcclxuXHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBwYXNzSWRwOiBwYXNzSWRwUmVzdWx0Lmp3ayxcclxuICAgICAgc2lnbmVkQ2hhbGxlbmdlLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIHByaXZhdGUgYXN5bmMgY2hhbmdlUGFzc3dvcmRNdXRhdGlvbihcclxuICAgIHNpZ25lZENoYWxsZW5nZTogSldTLkNyZWF0ZVNpZ25SZXN1bHQsXHJcbiAgICBtYXN0ZXJLZXlJZDogc3RyaW5nLFxyXG4gICAgbmV3V3JhcHBlZE1hc3RlcktleTogb2JqZWN0LFxyXG4gICAgcGFzc0tleUJ1bmRsZTogUGFzc0tleUJ1bmRsZVxyXG4gICk6IFByb21pc2U8eyB0b2tlbjogc3RyaW5nOyBuZXdQYXNzS2V5SWQ6IHN0cmluZyB9PiB7XHJcbiAgICBjb25zdCByZXNwb25zZSA9IGF3YWl0IHRoaXMuYXBvbGxvLm11dGF0ZTxQYXNzd29yZENoYW5nZU11dGF0aW9uPih7XHJcbiAgICAgIG11dGF0aW9uOiBQYXNzd29yZENoYW5nZU11dGF0aW9uLFxyXG4gICAgICB2YXJpYWJsZXM6IHtcclxuICAgICAgICBpbnB1dDoge1xyXG4gICAgICAgICAgc2lnbmVkQ2hhbGxlbmdlOiBKU09OLnN0cmluZ2lmeShzaWduZWRDaGFsbGVuZ2UpLFxyXG4gICAgICAgICAgbWFzdGVyS2V5SWQsXHJcbiAgICAgICAgICBuZXdXcmFwcGVkTWFzdGVyS2V5OiBKU09OLnN0cmluZ2lmeShuZXdXcmFwcGVkTWFzdGVyS2V5KSxcclxuICAgICAgICAgIG5ld1Bhc3NLZXk6IHtcclxuICAgICAgICAgICAgcGFzc0lkcFBhcmFtczogSlNPTi5zdHJpbmdpZnkocGFzc0tleUJ1bmRsZS5wYXNzSWRwUGFyYW1zKSxcclxuICAgICAgICAgICAgcGFzc0lkcFZlcmlmaWVyUGJrOiBKU09OLnN0cmluZ2lmeShcclxuICAgICAgICAgICAgICBwYXNzS2V5QnVuZGxlLnBhc3NJZHBWZXJpZmllci50b0pTT04oKVxyXG4gICAgICAgICAgICApLFxyXG4gICAgICAgICAgICB3cmFwcGVkUGFzc0lkcFZlcmlmaWVyUHJrOiBKU09OLnN0cmluZ2lmeShcclxuICAgICAgICAgICAgICBwYXNzS2V5QnVuZGxlLndyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcmtcclxuICAgICAgICAgICAgKSxcclxuICAgICAgICAgICAgcGFzc0tleVBhcmFtczogSlNPTi5zdHJpbmdpZnkocGFzc0tleUJ1bmRsZS5wYXNzS2V5UGFyYW1zKSxcclxuICAgICAgICAgIH0sXHJcbiAgICAgICAgfSxcclxuICAgICAgfSxcclxuICAgIH0pO1xyXG4gICAgcmV0dXJuIHtcclxuICAgICAgdG9rZW46IHJlc3BvbnNlLnBhc3N3b3JkQ2hhbmdlLnRva2VuLFxyXG4gICAgICBuZXdQYXNzS2V5SWQ6IHJlc3BvbnNlLnBhc3N3b3JkQ2hhbmdlLm5ld1Bhc3NLZXkuaWQsXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgZ2V0Q2hhbmdlUGFzc3dvcmRDb25maWcoKTogUHJvbWlzZTxQYXNzd29yZENoYW5nZUNvbmZpZz4ge1xyXG4gICAgY29uc3QgcmVzID0gYXdhaXQgdGhpcy5hcG9sbG8ucXVlcnk8YW55Pih7XHJcbiAgICAgIHF1ZXJ5OiBQYXNzd29yZENoYW5nZUNvbmZpZ1F1ZXJ5LFxyXG4gICAgfSk7XHJcblxyXG4gICAgY29uc3QgcmV0ID0gcmVzLnBhc3N3b3JkQ2hhbmdlQ29uZmlnIGFzIFBhc3N3b3JkQ2hhbmdlQ29uZmlnO1xyXG5cclxuICAgIHJldC5hdXRoVGltZSA9IG5ldyBEYXRlKHJldC5hdXRoVGltZSk7XHJcbiAgICByZXQuc2VydmVyVGltZSA9IG5ldyBEYXRlKHJldC5zZXJ2ZXJUaW1lKTtcclxuICAgIHJldHVybiByZXQ7XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgcGFzc3dvcmRTdHJlbmd0aChwYXNzd29yZCk6IHsgeWVhcnM6IG51bWJlcjsgYml0czogbnVtYmVyIH0ge1xyXG4gICAgY29uc3QgdXBwZXIgPSAvW0EtWl0vZztcclxuICAgIGNvbnN0IGxvd2VyID0gL1thLXpdL2c7XHJcbiAgICBjb25zdCBkaWdpdCA9IC9bMC05XS9nO1xyXG5cclxuICAgIGNvbnN0IHVwcGVyQ2hvaWNlcyA9IDI2O1xyXG4gICAgY29uc3QgbG93ZXJDaG9pY2VzID0gMjY7XHJcbiAgICBjb25zdCBkaWdpdENob2ljZXMgPSAxMDtcclxuICAgIGNvbnN0IHNwZWNpYWxDaG9pY2VzID0gMzA7IC8vIC9bIVwiIyQlJicoKSorLC0uLzo7PD0+P0BbXFxdXl9ge3x9fl0vZ1xyXG5cclxuICAgIGZ1bmN0aW9uIGluc3RhbmNlQ291bnQoc3RyLCByZSkge1xyXG4gICAgICByZXR1cm4gKChzdHIgfHwgJycpLm1hdGNoKHJlKSB8fCBbXSkubGVuZ3RoO1xyXG4gICAgfVxyXG5cclxuICAgIGNvbnN0IHVwcGVycyA9IGluc3RhbmNlQ291bnQocGFzc3dvcmQsIHVwcGVyKTtcclxuICAgIGNvbnN0IGxvd2VycyA9IGluc3RhbmNlQ291bnQocGFzc3dvcmQsIGxvd2VyKTtcclxuICAgIGNvbnN0IGRpZ2l0cyA9IGluc3RhbmNlQ291bnQocGFzc3dvcmQsIGRpZ2l0KTtcclxuICAgIGNvbnN0IHNwZWNpYWxzID0gcGFzc3dvcmQubGVuZ3RoIC0gdXBwZXJzIC0gbG93ZXJzIC0gZGlnaXRzO1xyXG5cclxuICAgIGxldCBjaG9pY2VzID0gMDtcclxuICAgIGlmICh1cHBlcnMpIHtcclxuICAgICAgY2hvaWNlcyArPSB1cHBlckNob2ljZXM7XHJcbiAgICB9XHJcbiAgICBpZiAobG93ZXJzKSB7XHJcbiAgICAgIGNob2ljZXMgKz0gbG93ZXJDaG9pY2VzO1xyXG4gICAgfVxyXG4gICAgaWYgKGRpZ2l0cykge1xyXG4gICAgICBjaG9pY2VzICs9IGRpZ2l0Q2hvaWNlcztcclxuICAgIH1cclxuICAgIGlmIChzcGVjaWFscykge1xyXG4gICAgICBjaG9pY2VzICs9IHNwZWNpYWxDaG9pY2VzO1xyXG4gICAgfVxyXG5cclxuICAgIGlmIChwYXNzd29yZC5sZW5ndGggPT09IDApIHtcclxuICAgICAgcmV0dXJuIHtcclxuICAgICAgICB5ZWFyczogMCxcclxuICAgICAgICAvLyBiaXRzIG9mIGVudHJvcHlcclxuICAgICAgICBiaXRzOiAwLFxyXG4gICAgICB9O1xyXG4gICAgfVxyXG5cclxuICAgIGNvbnN0IHBlcm11dGF0aW9ucyA9IE1hdGgucG93KGNob2ljZXMsIHBhc3N3b3JkLmxlbmd0aCk7XHJcblxyXG4gICAgY29uc3QgeWVhcnMgPVxyXG4gICAgICAoNTQwMDAgKiBwZXJtdXRhdGlvbnMpIC9cclxuICAgICAgTWF0aC5wb3codXBwZXJDaG9pY2VzICsgbG93ZXJDaG9pY2VzICsgZGlnaXRDaG9pY2VzLCAxMik7XHJcbiAgICByZXR1cm4ge1xyXG4gICAgICB5ZWFycyxcclxuICAgICAgLy8gYml0cyBvZiBlbnRyb3B5XHJcbiAgICAgIGJpdHM6IE1hdGgucm91bmQoTWF0aC5sb2cyKHBlcm11dGF0aW9ucykpLFxyXG4gICAgfTtcclxuICB9XHJcbn1cclxuIl19

package/esm2015/lib/auth/register.service.js

@@ -0,0 +1,172 @@
+import { __awaiter } from "tslib";
+import { HttpClient } from '@angular/common/http';
+import { Inject, Injectable } from '@angular/core';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import { EncryptionService } from '../cryptography/encryption.service';
+import { KeyFactoryService } from '../cryptography/key-factory.service';
+import { LR_CONFIG } from '../life-ready.config';
+import { PasswordService } from './password.service';
+import * as i0 from "@angular/core";
+import * as i1 from "../life-ready.config";
+import * as i2 from "@aws-amplify/auth/lib-esm/Auth";
+import * as i3 from "@angular/common/http";
+import * as i4 from "../cryptography/key-factory.service";
+import * as i5 from "../cryptography/encryption.service";
+import * as i6 from "./password.service";
+export class RegisterService {
+    constructor(config, auth, http, keyFactory, encryptionService, passwordService) {
+        this.config = config;
+        this.auth = auth;
+        this.http = http;
+        this.keyFactory = keyFactory;
+        this.encryptionService = encryptionService;
+        this.passwordService = passwordService;
+    }
+    /**
+     * Request a verification code to be sent out to an email.
+     * @return Info needed to be submitted along with the verification code
+     */
+    verifyEmail(email) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { claim_id } = yield this.http
+                .post(`${this.config.authUrl}cove/claim/email/`, {
+                address: email,
+                context: 'signup',
+            })
+                .toPromise();
+            return claim_id;
+        });
+    }
+    verifyPhone(phoneNumber) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { claim_id } = yield this.http
+                .post(`${this.config.authUrl}cove/claim/sms/`, {
+                address: phoneNumber,
+                context: 'signup',
+            })
+                .toPromise();
+            return claim_id;
+        });
+    }
+    confirmVerificationCode(verificationId, verificationCode) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { token } = yield this.http
+                .post(`${this.config.authUrl}cove/respond/`, {
+                claim_id: verificationId,
+                v_code: verificationCode,
+            })
+                .toPromise();
+            return token;
+        });
+    }
+    register(email, password, verificationId, verificationToken, verificationType = 'email') {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Generate the key material needed for PassIdp which will be the password used for Cognito.
+            const passKeyBundle = yield this.passwordService.createPassKeyBundle(password);
+            const masterKey = yield this.keyFactory.createKey();
+            const wrappedMasterKey = yield this.encryptionService.encrypt(passKeyBundle.passKey, masterKey.toJSON(true));
+            const rootKey = yield this.keyFactory.createKey();
+            const wrappedRootKey = yield this.encryptionService.encrypt(masterKey, rootKey.toJSON(true));
+            // Encryption PKC key
+            const prk = yield this.keyFactory.createPkcKey();
+            const wrappedPrk = yield this.encryptionService.encrypt(rootKey, prk.toJSON(true));
+            // Signing PKC key
+            const sigPrk = yield this.keyFactory.createPkcSignKey();
+            const wrappedSigPrk = yield this.encryptionService.encrypt(rootKey, sigPrk.toJSON(true));
+            // API call to setup profile
+            const user = yield this.http
+                .post(`${this.config.authUrl}users/`, {
+                claims: [
+                    {
+                        type: verificationType,
+                        token: verificationToken,
+                        claim_id: verificationId,
+                    },
+                ],
+                pass_idp_params: passKeyBundle.passIdpParams,
+                pass_idp_verifier_pbk: passKeyBundle.passIdpVerifier.toJSON(),
+                wrapped_pass_idp_verifier_prk: passKeyBundle.wrappedPassIdpVerifierPrk,
+                pass_key_params: passKeyBundle.passKeyParams,
+                wrapped_master_key: wrappedMasterKey,
+                wrapped_root_key: wrappedRootKey,
+                pbk: prk.toJSON(),
+                wrapped_prk: wrappedPrk,
+                sig_pbk: sigPrk.toJSON(),
+                wrapped_sig_prk: wrappedSigPrk,
+            })
+                .toPromise();
+            // API call to create user on cognito
+            const attributes = {};
+            user.claims.forEach((claim) => {
+                attributes[claim.type] = claim.value;
+            });
+            // Random suffix for uniqueness. If there's a duplicate, then used just needs to
+            // sign up again. But chances of collision is low.
+            const suffix = this.keyFactory.randomDigitsNoZeros(4);
+            const cognitoUser = yield this.auth.signUp({
+                username: `${email.split('@')[0]}.${suffix}`,
+                password: this.passwordService.getPassIdpString(passKeyBundle.passIdp),
+                attributes,
+                // Unfortunately, validationData is not passed to the post
+                // confirmation cognito trigger. So can can't do the association there.
+                // The current workflow will create a new user on LR before signing up
+                // with Cognito. Then Cognito can use the user.id and user.pre_sign_up_token to
+                // do the validation of the attributes.
+                // validationData: [
+                //   new CognitoUserAttribute({
+                //     Name: "user_id",
+                //     Value: String(user.id)
+                //   }),
+                //   new CognitoUserAttribute({
+                //     Name: "user_pre_sign_up_token",
+                //     Value: user.pre_sign_up_token
+                //   })
+                // ]
+                clientMetadata: {
+                    user_id: String(user.id),
+                    user_pre_sign_up_token: String(user.pre_sign_up_token),
+                },
+            });
+            return {
+                username: cognitoUser.user.getUsername(),
+                userId: user.id,
+                preSignUpToken: user.pre_sign_up_token,
+                userSub: cognitoUser.userSub,
+            };
+        });
+    }
+    hibpBreachedAccounts(account) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // The account is just the email
+            try {
+                const response = yield this.http
+                    .get(`${this.config.authUrl}users/hibp/breachedaccount/${account}/?truncateResponse=false`)
+                    .toPromise();
+                return response;
+            }
+            catch (error) {
+                if (error.status === 404) {
+                    return null;
+                }
+                else {
+                    throw error;
+                }
+            }
+        });
+    }
+}
+RegisterService.ɵprov = i0.ɵɵdefineInjectable({ factory: function RegisterService_Factory() { return new RegisterService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.AuthClass), i0.ɵɵinject(i3.HttpClient), i0.ɵɵinject(i4.KeyFactoryService), i0.ɵɵinject(i5.EncryptionService), i0.ɵɵinject(i6.PasswordService)); }, token: RegisterService, providedIn: "root" });
+RegisterService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+RegisterService.ctorParameters = () => [
+    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
+    { type: AuthClass },
+    { type: HttpClient },
+    { type: KeyFactoryService },
+    { type: EncryptionService },
+    { type: PasswordService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVnaXN0ZXIuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiJDOi9Qcm9qZWN0cy9uZXdyZXBvL2tjLWNsaWVudC9wcm9qZWN0cy9jb3JlL3NyYy8iLCJzb3VyY2VzIjpbImxpYi9hdXRoL3JlZ2lzdGVyLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUNsRCxPQUFPLEVBQUUsTUFBTSxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUNuRCxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDM0QsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sb0NBQW9DLENBQUM7QUFDdkUsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0scUNBQXFDLENBQUM7QUFDeEUsT0FBTyxFQUFtQixTQUFTLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUNsRSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7Ozs7Ozs7O0FBTXJELE1BQU0sT0FBTyxlQUFlO0lBQzFCLFlBQzZCLE1BQXVCLEVBQzFDLElBQWUsRUFDZixJQUFnQixFQUNoQixVQUE2QixFQUM3QixpQkFBb0MsRUFDcEMsZUFBZ0M7UUFMYixXQUFNLEdBQU4sTUFBTSxDQUFpQjtRQUMxQyxTQUFJLEdBQUosSUFBSSxDQUFXO1FBQ2YsU0FBSSxHQUFKLElBQUksQ0FBWTtRQUNoQixlQUFVLEdBQVYsVUFBVSxDQUFtQjtRQUM3QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLG9CQUFlLEdBQWYsZUFBZSxDQUFpQjtJQUN2QyxDQUFDO0lBRUo7OztPQUdHO0lBQ1UsV0FBVyxDQUFDLEtBQWE7O1lBQ3BDLE1BQU0sRUFBRSxRQUFRLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJO2lCQUNqQyxJQUFJLENBQWUsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sbUJBQW1CLEVBQUU7Z0JBQzdELE9BQU8sRUFBRSxLQUFLO2dCQUNkLE9BQU8sRUFBRSxRQUFRO2FBQ2xCLENBQUM7aUJBQ0QsU0FBUyxFQUFFLENBQUM7WUFDZixPQUFPLFFBQVEsQ0FBQztRQUNsQixDQUFDO0tBQUE7SUFFWSxXQUFXLENBQUMsV0FBbUI7O1lBQzFDLE1BQU0sRUFBRSxRQUFRLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJO2lCQUNqQyxJQUFJLENBQWUsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8saUJBQWlCLEVBQUU7Z0JBQzNELE9BQU8sRUFBRSxXQUFXO2dCQUNwQixPQUFPLEVBQUUsUUFBUTthQUNsQixDQUFDO2lCQUNELFNBQVMsRUFBRSxDQUFDO1lBQ2YsT0FBTyxRQUFRLENBQUM7UUFDbEIsQ0FBQztLQUFBO0lBRVksdUJBQXVCLENBQ2xDLGNBQXNCLEVBQ3RCLGdCQUF3Qjs7WUFFeEIsTUFBTSxFQUFFLEtBQUssRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUk7aUJBQzlCLElBQUksQ0FBWSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxlQUFlLEVBQUU7Z0JBQ3RELFFBQVEsRUFBRSxjQUFjO2dCQUN4QixNQUFNLEVBQUUsZ0JBQWdCO2FBQ3pCLENBQUM7aUJBQ0QsU0FBUyxFQUFFLENBQUM7WUFDZixPQUFPLEtBQUssQ0FBQztRQUNmLENBQUM7S0FBQTtJQUVZLFFBQVEsQ0FDbkIsS0FBYSxFQUNiLFFBQWdCLEVBQ2hCLGNBQXNCLEVBQ3RCLGlCQUF5QixFQUN6QixtQkFBc0MsT0FBTzs7WUFFN0MsNEZBQTRGO1lBQzVGLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxtQkFBbUIsQ0FDbEUsUUFBUSxDQUNULENBQUM7WUFFRixNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDcEQsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzNELGFBQWEsQ0FBQyxPQUFPLEVBQ3JCLFNBQVMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3ZCLENBQUM7WUFFRixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDbEQsTUFBTSxjQUFjLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUN6RCxTQUFTLEVBQ1QsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDckIsQ0FBQztZQUVGLHFCQUFxQjtZQUNyQixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDakQsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNyRCxPQUFPLEVBQ1AsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDakIsQ0FBQztZQUVGLGtCQUFrQjtZQUNsQixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUN4RCxNQUFNLGFBQWEsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ3hELE9BQU8sRUFDUCxNQUFNLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUNwQixDQUFDO1lBRUYsNEJBQTRCO1lBQzVCLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUk7aUJBQ3pCLElBQUksQ0FBTSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxRQUFRLEVBQUU7Z0JBQ3pDLE1BQU0sRUFBRTtvQkFDTjt3QkFDRSxJQUFJLEVBQUUsZ0JBQWdCO3dCQUN0QixLQUFLLEVBQUUsaUJBQWlCO3dCQUN4QixRQUFRLEVBQUUsY0FBYztxQkFDekI7aUJBQ0Y7Z0JBQ0QsZUFBZSxFQUFFLGFBQWEsQ0FBQyxhQUFhO2dCQUM1QyxxQkFBcUIsRUFBRSxhQUFhLENBQUMsZUFBZSxDQUFDLE1BQU0sRUFBRTtnQkFDN0QsNkJBQTZCLEVBQUUsYUFBYSxDQUFDLHlCQUF5QjtnQkFDdEUsZUFBZSxFQUFFLGFBQWEsQ0FBQyxhQUFhO2dCQUM1QyxrQkFBa0IsRUFBRSxnQkFBZ0I7Z0JBQ3BDLGdCQUFnQixFQUFFLGNBQWM7Z0JBQ2hDLEdBQUcsRUFBRSxHQUFHLENBQUMsTUFBTSxFQUFFO2dCQUNqQixXQUFXLEVBQUUsVUFBVTtnQkFDdkIsT0FBTyxFQUFFLE1BQU0sQ0FBQyxNQUFNLEVBQUU7Z0JBQ3hCLGVBQWUsRUFBRSxhQUFhO2FBQy9CLENBQUM7aUJBQ0QsU0FBUyxFQUFFLENBQUM7WUFFZixxQ0FBcUM7WUFDckMsTUFBTSxVQUFVLEdBQUcsRUFBRSxDQUFDO1lBQ3RCLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDLENBQUMsS0FBSyxFQUFFLEVBQUU7Z0JBQzVCLFVBQVUsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLEdBQUcsS0FBSyxDQUFDLEtBQUssQ0FBQztZQUN2QyxDQUFDLENBQUMsQ0FBQztZQUVILGdGQUFnRjtZQUNoRixrREFBa0Q7WUFDbEQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUV0RCxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDO2dCQUN6QyxRQUFRLEVBQUUsR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLE1BQU0sRUFBRTtnQkFDNUMsUUFBUSxFQUFFLElBQUksQ0FBQyxlQUFlLENBQUMsZ0JBQWdCLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQztnQkFDdEUsVUFBVTtnQkFDViwwREFBMEQ7Z0JBQzFELHVFQUF1RTtnQkFDdkUsc0VBQXNFO2dCQUN0RSwrRUFBK0U7Z0JBQy9FLHVDQUF1QztnQkFDdkMsb0JBQW9CO2dCQUNwQiwrQkFBK0I7Z0JBQy9CLHVCQUF1QjtnQkFDdkIsNkJBQTZCO2dCQUM3QixRQUFRO2dCQUNSLCtCQUErQjtnQkFDL0Isc0NBQXNDO2dCQUN0QyxvQ0FBb0M7Z0JBQ3BDLE9BQU87Z0JBQ1AsSUFBSTtnQkFDSixjQUFjLEVBQUU7b0JBQ2QsT0FBTyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDO29CQUN4QixzQkFBc0IsRUFBRSxNQUFNLENBQUMsSUFBSSxDQUFDLGlCQUFpQixDQUFDO2lCQUN2RDthQUNGLENBQUMsQ0FBQztZQUVILE9BQU87Z0JBQ0wsUUFBUSxFQUFFLFdBQVcsQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFO2dCQUN4QyxNQUFNLEVBQUUsSUFBSSxDQUFDLEVBQUU7Z0JBQ2YsY0FBYyxFQUFFLElBQUksQ0FBQyxpQkFBaUI7Z0JBQ3RDLE9BQU8sRUFBRSxXQUFXLENBQUMsT0FBTzthQUM3QixDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRVksb0JBQW9CLENBQUMsT0FBZTs7WUFDL0MsZ0NBQWdDO1lBQ2hDLElBQUk7Z0JBQ0YsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSTtxQkFDN0IsR0FBRyxDQUNGLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLDhCQUE4QixPQUFPLDBCQUEwQixDQUN0RjtxQkFDQSxTQUFTLEVBQUUsQ0FBQztnQkFDZixPQUFPLFFBQVEsQ0FBQzthQUNqQjtZQUFDLE9BQU8sS0FBSyxFQUFFO2dCQUNkLElBQUksS0FBSyxDQUFDLE1BQU0sS0FBSyxHQUFHLEVBQUU7b0JBQ3hCLE9BQU8sSUFBSSxDQUFDO2lCQUNiO3FCQUFNO29CQUNMLE1BQU0sS0FBSyxDQUFDO2lCQUNiO2FBQ0Y7UUFDSCxDQUFDO0tBQUE7Ozs7WUExS0YsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7NENBR0ksTUFBTSxTQUFDLFNBQVM7WUFaWixTQUFTO1lBRlQsVUFBVTtZQUlWLGlCQUFpQjtZQURqQixpQkFBaUI7WUFHakIsZUFBZSIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEh0dHBDbGllbnQgfSBmcm9tICdAYW5ndWxhci9jb21tb24vaHR0cCc7XHJcbmltcG9ydCB7IEluamVjdCwgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgeyBBdXRoQ2xhc3MgfSBmcm9tICdAYXdzLWFtcGxpZnkvYXV0aC9saWItZXNtL0F1dGgnO1xyXG5pbXBvcnQgeyBFbmNyeXB0aW9uU2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9lbmNyeXB0aW9uLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBLZXlGYWN0b3J5U2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXktZmFjdG9yeS5zZXJ2aWNlJztcclxuaW1wb3J0IHsgTGlmZVJlYWR5Q29uZmlnLCBMUl9DT05GSUcgfSBmcm9tICcuLi9saWZlLXJlYWR5LmNvbmZpZyc7XHJcbmltcG9ydCB7IFBhc3N3b3JkU2VydmljZSB9IGZyb20gJy4vcGFzc3dvcmQuc2VydmljZSc7XHJcbmltcG9ydCB7IFJlZ2lzdGVyUmVzdWx0IH0gZnJvbSAnLi9hdXRoLnR5cGVzJztcclxuXHJcbkBJbmplY3RhYmxlKHtcclxuICBwcm92aWRlZEluOiAncm9vdCcsXHJcbn0pXHJcbmV4cG9ydCBjbGFzcyBSZWdpc3RlclNlcnZpY2Uge1xyXG4gIGNvbnN0cnVjdG9yKFxyXG4gICAgQEluamVjdChMUl9DT05GSUcpIHByaXZhdGUgY29uZmlnOiBMaWZlUmVhZHlDb25maWcsXHJcbiAgICBwcml2YXRlIGF1dGg6IEF1dGhDbGFzcyxcclxuICAgIHByaXZhdGUgaHR0cDogSHR0cENsaWVudCxcclxuICAgIHByaXZhdGUga2V5RmFjdG9yeTogS2V5RmFjdG9yeVNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGVuY3J5cHRpb25TZXJ2aWNlOiBFbmNyeXB0aW9uU2VydmljZSxcclxuICAgIHByaXZhdGUgcGFzc3dvcmRTZXJ2aWNlOiBQYXNzd29yZFNlcnZpY2VcclxuICApIHt9XHJcblxyXG4gIC8qKlxyXG4gICAqIFJlcXVlc3QgYSB2ZXJpZmljYXRpb24gY29kZSB0byBiZSBzZW50IG91dCB0byBhbiBlbWFpbC5cclxuICAgKiBAcmV0dXJuIEluZm8gbmVlZGVkIHRvIGJlIHN1Ym1pdHRlZCBhbG9uZyB3aXRoIHRoZSB2ZXJpZmljYXRpb24gY29kZVxyXG4gICAqL1xyXG4gIHB1YmxpYyBhc3luYyB2ZXJpZnlFbWFpbChlbWFpbDogc3RyaW5nKTogUHJvbWlzZTxzdHJpbmc+IHtcclxuICAgIGNvbnN0IHsgY2xhaW1faWQgfSA9IGF3YWl0IHRoaXMuaHR0cFxyXG4gICAgICAucG9zdDx7IGNsYWltX2lkIH0+KGAke3RoaXMuY29uZmlnLmF1dGhVcmx9Y292ZS9jbGFpbS9lbWFpbC9gLCB7XHJcbiAgICAgICAgYWRkcmVzczogZW1haWwsXHJcbiAgICAgICAgY29udGV4dDogJ3NpZ251cCcsXHJcbiAgICAgIH0pXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuICAgIHJldHVybiBjbGFpbV9pZDtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyB2ZXJpZnlQaG9uZShwaG9uZU51bWJlcjogc3RyaW5nKTogUHJvbWlzZTxzdHJpbmc+IHtcclxuICAgIGNvbnN0IHsgY2xhaW1faWQgfSA9IGF3YWl0IHRoaXMuaHR0cFxyXG4gICAgICAucG9zdDx7IGNsYWltX2lkIH0+KGAke3RoaXMuY29uZmlnLmF1dGhVcmx9Y292ZS9jbGFpbS9zbXMvYCwge1xyXG4gICAgICAgIGFkZHJlc3M6IHBob25lTnVtYmVyLFxyXG4gICAgICAgIGNvbnRleHQ6ICdzaWdudXAnLFxyXG4gICAgICB9KVxyXG4gICAgICAudG9Qcm9taXNlKCk7XHJcbiAgICByZXR1cm4gY2xhaW1faWQ7XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgY29uZmlybVZlcmlmaWNhdGlvbkNvZGUoXHJcbiAgICB2ZXJpZmljYXRpb25JZDogc3RyaW5nLFxyXG4gICAgdmVyaWZpY2F0aW9uQ29kZTogc3RyaW5nXHJcbiAgKTogUHJvbWlzZTxzdHJpbmc+IHtcclxuICAgIGNvbnN0IHsgdG9rZW4gfSA9IGF3YWl0IHRoaXMuaHR0cFxyXG4gICAgICAucG9zdDx7IHRva2VuIH0+KGAke3RoaXMuY29uZmlnLmF1dGhVcmx9Y292ZS9yZXNwb25kL2AsIHtcclxuICAgICAgICBjbGFpbV9pZDogdmVyaWZpY2F0aW9uSWQsXHJcbiAgICAgICAgdl9jb2RlOiB2ZXJpZmljYXRpb25Db2RlLFxyXG4gICAgICB9KVxyXG4gICAgICAudG9Qcm9taXNlKCk7XHJcbiAgICByZXR1cm4gdG9rZW47XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgcmVnaXN0ZXIoXHJcbiAgICBlbWFpbDogc3RyaW5nLFxyXG4gICAgcGFzc3dvcmQ6IHN0cmluZyxcclxuICAgIHZlcmlmaWNhdGlvbklkOiBzdHJpbmcsXHJcbiAgICB2ZXJpZmljYXRpb25Ub2tlbjogc3RyaW5nLFxyXG4gICAgdmVyaWZpY2F0aW9uVHlwZTogJ2VtYWlsJyB8ICdwaG9uZScgPSAnZW1haWwnXHJcbiAgKTogUHJvbWlzZTxSZWdpc3RlclJlc3VsdD4ge1xyXG4gICAgLy8gR2VuZXJhdGUgdGhlIGtleSBtYXRlcmlhbCBuZWVkZWQgZm9yIFBhc3NJZHAgd2hpY2ggd2lsbCBiZSB0aGUgcGFzc3dvcmQgdXNlZCBmb3IgQ29nbml0by5cclxuICAgIGNvbnN0IHBhc3NLZXlCdW5kbGUgPSBhd2FpdCB0aGlzLnBhc3N3b3JkU2VydmljZS5jcmVhdGVQYXNzS2V5QnVuZGxlKFxyXG4gICAgICBwYXNzd29yZFxyXG4gICAgKTtcclxuXHJcbiAgICBjb25zdCBtYXN0ZXJLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XHJcbiAgICBjb25zdCB3cmFwcGVkTWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxyXG4gICAgICBwYXNzS2V5QnVuZGxlLnBhc3NLZXksXHJcbiAgICAgIG1hc3RlcktleS50b0pTT04odHJ1ZSlcclxuICAgICk7XHJcblxyXG4gICAgY29uc3Qgcm9vdEtleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcclxuICAgIGNvbnN0IHdyYXBwZWRSb290S2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxyXG4gICAgICBtYXN0ZXJLZXksXHJcbiAgICAgIHJvb3RLZXkudG9KU09OKHRydWUpXHJcbiAgICApO1xyXG5cclxuICAgIC8vIEVuY3J5cHRpb24gUEtDIGtleVxyXG4gICAgY29uc3QgcHJrID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZVBrY0tleSgpO1xyXG4gICAgY29uc3Qgd3JhcHBlZFByayA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcclxuICAgICAgcm9vdEtleSxcclxuICAgICAgcHJrLnRvSlNPTih0cnVlKVxyXG4gICAgKTtcclxuXHJcbiAgICAvLyBTaWduaW5nIFBLQyBrZXlcclxuICAgIGNvbnN0IHNpZ1ByayA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVQa2NTaWduS2V5KCk7XHJcbiAgICBjb25zdCB3cmFwcGVkU2lnUHJrID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxyXG4gICAgICByb290S2V5LFxyXG4gICAgICBzaWdQcmsudG9KU09OKHRydWUpXHJcbiAgICApO1xyXG5cclxuICAgIC8vIEFQSSBjYWxsIHRvIHNldHVwIHByb2ZpbGVcclxuICAgIGNvbnN0IHVzZXIgPSBhd2FpdCB0aGlzLmh0dHBcclxuICAgICAgLnBvc3Q8YW55PihgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2AsIHtcclxuICAgICAgICBjbGFpbXM6IFtcclxuICAgICAgICAgIHtcclxuICAgICAgICAgICAgdHlwZTogdmVyaWZpY2F0aW9uVHlwZSxcclxuICAgICAgICAgICAgdG9rZW46IHZlcmlmaWNhdGlvblRva2VuLFxyXG4gICAgICAgICAgICBjbGFpbV9pZDogdmVyaWZpY2F0aW9uSWQsXHJcbiAgICAgICAgICB9LFxyXG4gICAgICAgIF0sXHJcbiAgICAgICAgcGFzc19pZHBfcGFyYW1zOiBwYXNzS2V5QnVuZGxlLnBhc3NJZHBQYXJhbXMsXHJcbiAgICAgICAgcGFzc19pZHBfdmVyaWZpZXJfcGJrOiBwYXNzS2V5QnVuZGxlLnBhc3NJZHBWZXJpZmllci50b0pTT04oKSxcclxuICAgICAgICB3cmFwcGVkX3Bhc3NfaWRwX3ZlcmlmaWVyX3ByazogcGFzc0tleUJ1bmRsZS53cmFwcGVkUGFzc0lkcFZlcmlmaWVyUHJrLFxyXG4gICAgICAgIHBhc3Nfa2V5X3BhcmFtczogcGFzc0tleUJ1bmRsZS5wYXNzS2V5UGFyYW1zLFxyXG4gICAgICAgIHdyYXBwZWRfbWFzdGVyX2tleTogd3JhcHBlZE1hc3RlcktleSxcclxuICAgICAgICB3cmFwcGVkX3Jvb3Rfa2V5OiB3cmFwcGVkUm9vdEtleSxcclxuICAgICAgICBwYms6IHByay50b0pTT04oKSwgLy8gcHVibGljIGVuY3J5cHRpb24ga2V5XHJcbiAgICAgICAgd3JhcHBlZF9wcms6IHdyYXBwZWRQcmssXHJcbiAgICAgICAgc2lnX3Biazogc2lnUHJrLnRvSlNPTigpLCAvLyBwdWJsaWMgc2lnbmluZyBrZXlcclxuICAgICAgICB3cmFwcGVkX3NpZ19wcms6IHdyYXBwZWRTaWdQcmssXHJcbiAgICAgIH0pXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuXHJcbiAgICAvLyBBUEkgY2FsbCB0byBjcmVhdGUgdXNlciBvbiBjb2duaXRvXHJcbiAgICBjb25zdCBhdHRyaWJ1dGVzID0ge307XHJcbiAgICB1c2VyLmNsYWltcy5mb3JFYWNoKChjbGFpbSkgPT4ge1xyXG4gICAgICBhdHRyaWJ1dGVzW2NsYWltLnR5cGVdID0gY2xhaW0udmFsdWU7XHJcbiAgICB9KTtcclxuXHJcbiAgICAvLyBSYW5kb20gc3VmZml4IGZvciB1bmlxdWVuZXNzLiBJZiB0aGVyZSdzIGEgZHVwbGljYXRlLCB0aGVuIHVzZWQganVzdCBuZWVkcyB0b1xyXG4gICAgLy8gc2lnbiB1cCBhZ2Fpbi4gQnV0IGNoYW5jZXMgb2YgY29sbGlzaW9uIGlzIGxvdy5cclxuICAgIGNvbnN0IHN1ZmZpeCA9IHRoaXMua2V5RmFjdG9yeS5yYW5kb21EaWdpdHNOb1plcm9zKDQpO1xyXG5cclxuICAgIGNvbnN0IGNvZ25pdG9Vc2VyID0gYXdhaXQgdGhpcy5hdXRoLnNpZ25VcCh7XHJcbiAgICAgIHVzZXJuYW1lOiBgJHtlbWFpbC5zcGxpdCgnQCcpWzBdfS4ke3N1ZmZpeH1gLFxyXG4gICAgICBwYXNzd29yZDogdGhpcy5wYXNzd29yZFNlcnZpY2UuZ2V0UGFzc0lkcFN0cmluZyhwYXNzS2V5QnVuZGxlLnBhc3NJZHApLFxyXG4gICAgICBhdHRyaWJ1dGVzLFxyXG4gICAgICAvLyBVbmZvcnR1bmF0ZWx5LCB2YWxpZGF0aW9uRGF0YSBpcyBub3QgcGFzc2VkIHRvIHRoZSBwb3N0XHJcbiAgICAgIC8vIGNvbmZpcm1hdGlvbiBjb2duaXRvIHRyaWdnZXIuIFNvIGNhbiBjYW4ndCBkbyB0aGUgYXNzb2NpYXRpb24gdGhlcmUuXHJcbiAgICAgIC8vIFRoZSBjdXJyZW50IHdvcmtmbG93IHdpbGwgY3JlYXRlIGEgbmV3IHVzZXIgb24gTFIgYmVmb3JlIHNpZ25pbmcgdXBcclxuICAgICAgLy8gd2l0aCBDb2duaXRvLiBUaGVuIENvZ25pdG8gY2FuIHVzZSB0aGUgdXNlci5pZCBhbmQgdXNlci5wcmVfc2lnbl91cF90b2tlbiB0b1xyXG4gICAgICAvLyBkbyB0aGUgdmFsaWRhdGlvbiBvZiB0aGUgYXR0cmlidXRlcy5cclxuICAgICAgLy8gdmFsaWRhdGlvbkRhdGE6IFtcclxuICAgICAgLy8gICBuZXcgQ29nbml0b1VzZXJBdHRyaWJ1dGUoe1xyXG4gICAgICAvLyAgICAgTmFtZTogXCJ1c2VyX2lkXCIsXHJcbiAgICAgIC8vICAgICBWYWx1ZTogU3RyaW5nKHVzZXIuaWQpXHJcbiAgICAgIC8vICAgfSksXHJcbiAgICAgIC8vICAgbmV3IENvZ25pdG9Vc2VyQXR0cmlidXRlKHtcclxuICAgICAgLy8gICAgIE5hbWU6IFwidXNlcl9wcmVfc2lnbl91cF90b2tlblwiLFxyXG4gICAgICAvLyAgICAgVmFsdWU6IHVzZXIucHJlX3NpZ25fdXBfdG9rZW5cclxuICAgICAgLy8gICB9KVxyXG4gICAgICAvLyBdXHJcbiAgICAgIGNsaWVudE1ldGFkYXRhOiB7XHJcbiAgICAgICAgdXNlcl9pZDogU3RyaW5nKHVzZXIuaWQpLFxyXG4gICAgICAgIHVzZXJfcHJlX3NpZ25fdXBfdG9rZW46IFN0cmluZyh1c2VyLnByZV9zaWduX3VwX3Rva2VuKSxcclxuICAgICAgfSxcclxuICAgIH0pO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIHVzZXJuYW1lOiBjb2duaXRvVXNlci51c2VyLmdldFVzZXJuYW1lKCksXHJcbiAgICAgIHVzZXJJZDogdXNlci5pZCxcclxuICAgICAgcHJlU2lnblVwVG9rZW46IHVzZXIucHJlX3NpZ25fdXBfdG9rZW4sXHJcbiAgICAgIHVzZXJTdWI6IGNvZ25pdG9Vc2VyLnVzZXJTdWIsXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIGhpYnBCcmVhY2hlZEFjY291bnRzKGFjY291bnQ6IHN0cmluZyk6IFByb21pc2U8YW55PiB7XHJcbiAgICAvLyBUaGUgYWNjb3VudCBpcyBqdXN0IHRoZSBlbWFpbFxyXG4gICAgdHJ5IHtcclxuICAgICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCB0aGlzLmh0dHBcclxuICAgICAgICAuZ2V0KFxyXG4gICAgICAgICAgYCR7dGhpcy5jb25maWcuYXV0aFVybH11c2Vycy9oaWJwL2JyZWFjaGVkYWNjb3VudC8ke2FjY291bnR9Lz90cnVuY2F0ZVJlc3BvbnNlPWZhbHNlYFxyXG4gICAgICAgIClcclxuICAgICAgICAudG9Qcm9taXNlKCk7XHJcbiAgICAgIHJldHVybiByZXNwb25zZTtcclxuICAgIH0gY2F0Y2ggKGVycm9yKSB7XHJcbiAgICAgIGlmIChlcnJvci5zdGF0dXMgPT09IDQwNCkge1xyXG4gICAgICAgIHJldHVybiBudWxsO1xyXG4gICAgICB9IGVsc2Uge1xyXG4gICAgICAgIHRocm93IGVycm9yO1xyXG4gICAgICB9XHJcbiAgICB9XHJcbiAgfVxyXG59XHJcbiJdfQ==