@lifeready/core 1.0.15 → 1.0.17

package/esm2015/lib/auth/life-ready-auth.service.js

@@ -1,488 +1,488 @@
-import { __awaiter } from "tslib";
-import { Inject, Injectable, isDevMode } from '@angular/core';
-import { Hub } from '@aws-amplify/core';
-import { ReplaySubject } from 'rxjs';
-import { KeyGraphService } from '../cryptography/key-graph.service';
-import { KeyService } from '../cryptography/key.service';
-import { ProfileService } from '../users/profile.service';
-import { PasswordChangeStatus } from '../users/profile.types';
-import { LrConcurrentAccessException, LrBadRequestException, LrBadStateException, LrException, } from '../_common/exceptions';
-import { RecoveryStatus, } from './auth.types';
-import { PasswordService } from './password.service';
-import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
-import { CompleteTpPasswordResetRequestMutation, CreateTpAssemblyKeyChallengeMutation, PreCompleteTpPasswordResetRequestMutation, TpPasswordResetUserQuery, } from '../trusted-parties/tp-password-reset.gql';
-import { IdleService } from './idle.service';
-import { KeyFactoryService } from '../cryptography/key-factory.service';
-import { LrGraphQLService, LrMutation } from '../api/lr-graphql';
-import { TpClaimState } from '../api/types';
-import { TpPasswordResetProcessorService } from '../api/query-processor/tp-password-reset-processor.service';
-import { SetSessionEncryptionKeyMutation } from './auth.gql';
-import { PersistService } from '../api/persist.service';
-import { JWK } from 'node-jose';
-import { LR_CONFIG } from '../life-ready.config';
-import { EncryptionService } from '../cryptography/encryption.service';
-import { Slip39Service } from '../cryptography/slip39.service';
-import { TP_PASSWORD_RESET_CLIENT_NONCE_LENGTH, TP_PASSWORD_RESET_USERNAME_SUFFIX, } from '../trusted-parties/tp-password-reset.constants';
-import { TpPasswordResetAssemblyController } from '../trusted-parties/tp-password-reset.controller';
-import * as i0 from "@angular/core";
-import * as i1 from "../life-ready.config";
-import * as i2 from "@aws-amplify/auth/lib-esm/Auth";
-import * as i3 from "../cryptography/key-factory.service";
-import * as i4 from "../cryptography/key.service";
-import * as i5 from "../users/profile.service";
-import * as i6 from "../cryptography/key-graph.service";
-import * as i7 from "./password.service";
-import * as i8 from "./idle.service";
-import * as i9 from "../api/lr-graphql/lr-graphql.service";
-import * as i10 from "../api/query-processor/tp-password-reset-processor.service";
-import * as i11 from "../api/persist.service";
-import * as i12 from "../cryptography/encryption.service";
-import * as i13 from "../cryptography/slip39.service";
-import * as i14 from "../trusted-parties/tp-password-reset.controller";
-export const initialiseAuth = (authService) => {
-    return () => authService.initialise();
-};
-export class LifeReadyAuthService {
-    constructor(config, auth, keyFactory, keyService, profileService, keyGraphService, passwordService, idleService, lrGraphQL, tpPasswordResetProcessorService, persistService, encryptionService, slip39Service, assemblyController) {
-        this.config = config;
-        this.auth = auth;
-        this.keyFactory = keyFactory;
-        this.keyService = keyService;
-        this.profileService = profileService;
-        this.keyGraphService = keyGraphService;
-        this.passwordService = passwordService;
-        this.idleService = idleService;
-        this.lrGraphQL = lrGraphQL;
-        this.tpPasswordResetProcessorService = tpPasswordResetProcessorService;
-        this.persistService = persistService;
-        this.encryptionService = encryptionService;
-        this.slip39Service = slip39Service;
-        this.assemblyController = assemblyController;
-        this.hubSubject = new ReplaySubject(1);
-    }
-    initialise() {
-        return __awaiter(this, void 0, void 0, function* () {
-            Hub.listen('auth', (data) => this.hubSubject.next(data.payload));
-        });
-    }
-    loginIdpImpl(emailOrPhone, password, passIdpParams, recoveryStatus) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const passIdpResult = yield this.keyFactory.derivePassIdp(Object.assign({ password }, passIdpParams));
-            // Use the derived password to signin with cognito
-            const user = yield this.auth.signIn(emailOrPhone, this.passwordService.getPassIdpString(passIdpResult.jwk));
-            user.recoveryStatus = recoveryStatus;
-            return user;
-        });
-    }
-    loginIdp(emailOrPhone, password) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Download the salt needed to derive the PassIdp
-            const passIdpApiResult = yield this.profileService.getPassIdpParams(emailOrPhone);
-            if (passIdpApiResult.passwordChangeStatus === PasswordChangeStatus.InProgress) {
-                throw new LrConcurrentAccessException('A password change is in progress');
-            }
-            if (passIdpApiResult.passwordChangeStatus === PasswordChangeStatus.Recovery) {
-                console.log('In recovery mode.');
-                // Let's say we don't know if the password is the new one or the old one. We just have to try both.
-                try {
-                    const user = yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.newPassIdpParams, RecoveryStatus.NEW_PASSWORD);
-                    // New password worked. Let's set to the current password
-                    // --Potential Failure Point 1--
-                    // if changePasswordComplete() doesn't get called, then it should remain
-                    console.log('New password works!');
-                    return user;
-                }
-                catch (error) {
-                    // Just bubble up any other type of error.
-                    if (error.code !== 'NotAuthorizedException') {
-                        throw error;
-                    }
-                    // pass, try again assuming it's the old password
-                }
-                // Now assume it's the previous password. Any exception is allowed to bubble up.
-                try {
-                    const user = yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.currentPassIdpParams, RecoveryStatus.OLD_PASSWORD);
-                    // Old password worked.
-                    console.log('Old password works!');
-                    return user;
-                }
-                catch (error) {
-                    // Just bubble up any other type of error.
-                    throw error.code === 'NotAuthorizedException'
-                        ? new LrBadRequestException('The password change request was interrupted, please try to login with both your new and old password')
-                        : error;
-                }
-            }
-            // Try against as the TP password reset account
-            if (passIdpApiResult.tpPasswordReset) {
-                try {
-                    // TP password reset is in process. We need to try the password against both
-                    // original account and the new reset account.
-                    const reset = passIdpApiResult.tpPasswordReset;
-                    const ret = yield this.loginIdpImpl(reset.resetUsername, password, reset.passIdpParams, RecoveryStatus.NONE);
-                    ret.isTpPasswordResetUser = true;
-                    return ret;
-                }
-                catch (err) {
-                    // continue, try again as regular user.
-                }
-            }
-            // Login as regular user
-            return yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.currentPassIdpParams, RecoveryStatus.NONE);
-        });
-    }
-    handleSessionEncryptionKey() {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (this.config.disableSessionEncryptionKey) {
-                if (!isDevMode()) {
-                    const msg = 'You should not set disableSessionEncryptionKey=True in mode prod. It defaults to false.';
-                    console.error(msg);
-                    throw new Error(msg);
-                }
-                else {
-                    console.warn('You have set disableSessionEncryptionKey=True. Make sure not to do this in prod mode.');
-                }
-            }
-            else {
-                // Set the session key to a new encryption key for this session
-                const sessionEncryptionKey = yield this.keyFactory.createKey();
-                yield this.lrGraphQL.lrMutate(new LrMutation({
-                    mutation: SetSessionEncryptionKeyMutation,
-                    variables: {
-                        input: {
-                            sessionEncryptionKey: JSON.stringify(sessionEncryptionKey.toJSON(true)),
-                        },
-                    },
-                }), {
-                    includeKeyGraph: false,
-                });
-                this.persistService.setServerSessionEncryptionKey(sessionEncryptionKey);
-            }
-        });
-    }
-    handlePostAuth(cognitoUser) {
-        return __awaiter(this, void 0, void 0, function* () {
-            yield this.handlePasswordRecovery(cognitoUser);
-            yield this.handleSessionEncryptionKey();
-        });
-    }
-    login(emailOrPhone, password, { tpPasswordResetAutoComplete = true } = {}) {
-        var _a;
-        return __awaiter(this, void 0, void 0, function* () {
-            let loginResult = yield this.loginImpl(emailOrPhone, password);
-            if (tpPasswordResetAutoComplete &&
-                ((_a = loginResult.resetUser) === null || _a === void 0 ? void 0 : _a.state) === TpClaimState.APPROVED) {
-                yield this.completeRequest(password);
-                loginResult = yield this.loginImpl(emailOrPhone, password);
-            }
-            return loginResult;
-        });
-    }
-    loginImpl(emailOrPhone, password) {
-        return __awaiter(this, void 0, void 0, function* () {
-            yield this.logout();
-            const cognitoUser = yield this.loginIdp(emailOrPhone, password);
-            // todo: Meet MFA challenges.
-            if (['SMS_MFA', 'SOFTWARE_TOKEN_MFA'].includes(cognitoUser.challengeName)) {
-                return { hasChallenge: true, challenge: cognitoUser };
-            }
-            yield this.handlePostAuth(cognitoUser);
-            if (cognitoUser.isTpPasswordResetUser) {
-                // Assuming there is no MFA on the TP reset user.
-                const resetUser = yield this.loadResetUser(password);
-                return { hasChallenge: false, resetUser };
-            }
-            else {
-                const user = yield this.loadUser(cognitoUser, password);
-                yield this.idleService.start(); // Run idleService whenever user is logged in.
-                return { hasChallenge: false, user };
-            }
-        });
-    }
-    // TODO <AZ> We need to handle the isTpPasswordResetUser=True case here after MFA as well.
-    verifyLogin(challenge, password, rememberMe, code) {
-        return __awaiter(this, void 0, void 0, function* () {
-            yield this.auth.confirmSignIn(challenge, code, challenge.challengeName);
-            // TODO: this.auth.confirmSignIn() could return another challenge.
-            const cognitoUser = yield this.auth.currentAuthenticatedUser();
-            yield this.handlePostAuth(challenge);
-            const user = yield this.loadUser(cognitoUser, password);
-            if (rememberMe) {
-                cognitoUser.setDeviceStatusRemembered({
-                    onSuccess: () => { },
-                    onFailure: (e) => console.error(e),
-                });
-            }
-            return user;
-        });
-    }
-    handlePasswordRecovery(user) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (user.recoveryStatus !== RecoveryStatus.NONE) {
-                const jwtToken = user
-                    .getSignInUserSession()
-                    .getAccessToken()
-                    .getJwtToken();
-                yield this.passwordService.changePasswordComplete(jwtToken, user.recoveryStatus === RecoveryStatus.NEW_PASSWORD);
-            }
-        });
-    }
-    getUserOrResetUser(reload = false) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const cognitoUser = yield this.auth.currentAuthenticatedUser();
-            if (cognitoUser.getUsername().endsWith(TP_PASSWORD_RESET_USERNAME_SUFFIX)) {
-                return this.getResetUser(reload);
-            }
-            else {
-                return this.getUser(reload);
-            }
-        });
-    }
-    getResetUser(reload = false) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!reload && this.currentResetUser) {
-                return this.currentResetUser;
-            }
-            this.currentResetUser = yield this.loadResetUser();
-            yield this.idleService.start(); // Run idleService whenever user is logged in.
-            return this.currentResetUser;
-        });
-    }
-    getUser(reload = false) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (!reload && this.currentUser) {
-                return this.currentUser;
-            }
-            this.currentUser = yield this.loadUser(yield this.auth.currentAuthenticatedUser());
-            console.log('Starting idle service.');
-            yield this.idleService.start(); // Run idleService whenever user is logged in.
-            return this.currentUser;
-        });
-    }
-    mapTPVaultAccess(features) {
-        const tpVaultFeature = features === null || features === void 0 ? void 0 : features.tpVault;
-        return ((tpVaultFeature === null || tpVaultFeature === void 0 ? void 0 : tpVaultFeature.length) > 0 &&
-            tpVaultFeature.some((feature) => feature.toUpperCase() === 'ACCESS'));
-    }
-    loadUser(cognitoUser, password) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { currentUser, contactCard, userPlans, } = yield this.profileService.getCurrentUser();
-            if (currentUser.sessionEncryptionKey) {
-                this.persistService.setServerSessionEncryptionKey(yield JWK.asKey(currentUser.sessionEncryptionKey));
-            }
-            const userAttributes = yield this.auth.userAttributes(cognitoUser);
-            if (password) {
-                const passKey = (yield this.keyFactory.derivePassKey(Object.assign({ password }, currentUser.currentUserKey.passKey.passKeyParams))).jwk;
-                yield this.idleService.persistMasterKey(yield this.keyGraphService.unwrapWithPassKey(currentUser.currentUserKey.passKey.id, passKey, currentUser.currentUserKey.masterKey.id));
-            }
-            yield this.keyGraphService.populateKeys(currentUser.currentUserKey);
-            return {
-                id: currentUser.id,
-                sub: this.getUserAttribute('sub', userAttributes),
-                username: currentUser.username,
-                currentUserKey: currentUser.currentUserKey,
-                getAccessJwtToken: () => cognitoUser.getSignInUserSession().getAccessToken().getJwtToken(),
-                email: this.getUserAttribute('email', userAttributes),
-                emailVerified: this.getUserAttribute('email_verified', userAttributes) === 'true',
-                phone: this.getUserAttribute('phone_number', userAttributes),
-                phoneVerified: this.getUserAttribute('phone_number_verified', userAttributes) ===
-                    'true',
-                contactCard: Object.assign({}, (yield this.profileService.decryptContactCard(contactCard))),
-                userDelete: currentUser.userDelete,
-                userPlans,
-                hasTPVaultAccess: this.mapTPVaultAccess(currentUser.features),
-                features: currentUser.features,
-                sessionEncryptionKey: currentUser.sessionEncryptionKey,
-            };
-        });
-    }
-    watchAuth() {
-        return this.hubSubject;
-    }
-    logout() {
-        return __awaiter(this, void 0, void 0, function* () {
-            this.currentUser = null;
-            this.keyService.purgeKeys();
-            this.keyGraphService.purgeKeys();
-            yield Promise.all([this.auth.signOut(), this.profileService.signOut()]);
-        });
-    }
-    getUserAttribute(attributeName, userAttributes) {
-        const userAttribute = userAttributes.find((x) => x.getName() === attributeName);
-        return userAttribute ? userAttribute.getValue() : null;
-    }
-    loadResetUser(password) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const { tpPasswordResetUser: resetUser } = yield this.lrGraphQL.query({
-                query: TpPasswordResetUserQuery,
-            });
-            if (resetUser.sessionEncryptionKey) {
-                this.persistService.setServerSessionEncryptionKey(yield JWK.asKey(resetUser.sessionEncryptionKey));
-            }
-            // Update the keys
-            if (password) {
-                const passKey = (yield this.keyFactory.derivePassKey(Object.assign({ password }, resetUser.passKey.passKeyParams))).jwk;
-                yield this.idleService.persistMasterKey(yield this.keyGraphService.unwrapWithPassKey(resetUser.passKey.id, passKey, resetUser.masterKey.id));
-            }
-            this.keyService.populateKeys({
-                passKey: {
-                    id: resetUser.passKey.id,
-                },
-                masterKey: {
-                    id: resetUser.masterKey.id,
-                },
-            });
-            const userAttributes = yield this.auth.userAttributes(yield this.auth.currentAuthenticatedUser());
-            const sub = this.getUserAttribute('sub', userAttributes);
-            return Object.assign(Object.assign({}, (yield this.tpPasswordResetProcessorService.processTpPasswordResetUserNode(resetUser))), { sub });
-        });
-    }
-    refreshAccessToken() {
-        return __awaiter(this, void 0, void 0, function* () {
-            const cognitoUser = yield this.auth.currentAuthenticatedUser();
-            const refreshToken = cognitoUser.getSignInUserSession().getRefreshToken();
-            return new Promise((resolve, reject) => {
-                cognitoUser.refreshSession(refreshToken, (err, data) => {
-                    if (err) {
-                        console.error('Error refreshing token: ', err);
-                        reject(err);
-                    }
-                    else {
-                        console.log('Token refresh complete: ', data);
-                        resolve(0);
-                    }
-                });
-            });
-        });
-    }
-    completeRequest(newPassword) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const resetUser = yield this.getResetUser(true);
-            if (resetUser.state !== TpClaimState.APPROVED) {
-                throw new LrBadStateException('Password reset request has not been approved.');
-            }
-            // --------------------------------------------------------------
-            // Prepare all materials to ensure there are no errors.
-            // --------------------------------------------------------------
-            const assemblyKey = yield this.recoverAssemblyKey(resetUser);
-            const { rootKey } = yield this.encryptionService.decrypt(assemblyKey, resetUser.assemblyCipherData);
-            console.log(rootKey);
-            // Making sure it's a valid key.
-            const rootKeyJwk = yield JWK.asKey(rootKey);
-            const masterKey = yield this.keyGraphService.getKey(resetUser.masterKey.id);
-            const masterKeyWrappedRootKey = yield this.encryptionService.encryptToString(masterKey.jwk, rootKeyJwk.toJSON(true));
-            // The new password
-            const newPassIdpResult = yield this.keyFactory.derivePassIdp(Object.assign({ password: newPassword }, resetUser.passKey.passIdpParams));
-            const newIdpPassword = this.passwordService.getPassIdpString(newPassIdpResult.jwk);
-            // --------------------------------------------------------------
-            // Get assembly key challenge
-            // --------------------------------------------------------------
-            const challenge = (yield this.lrGraphQL.lrMutate(new LrMutation({
-                mutation: CreateTpAssemblyKeyChallengeMutation,
-                variables: {
-                    input: {},
-                },
-            }), {
-                includeKeyGraph: false,
-            })).createTpAssemblyKeyChallenge.challenge;
-            console.log(challenge);
-            // Sign the challenge
-            // Generate a client side nonce that's no in the server's control.
-            challenge.clientNonce = this.keyFactory.randomString(TP_PASSWORD_RESET_CLIENT_NONCE_LENGTH);
-            console.log(challenge);
-            const assemblyKeyVerifierPrk = yield this.encryptionService.decrypt(assemblyKey, resetUser.wrappedAssemblyKeyVerifierPrk);
-            const signedChallenge = yield this.encryptionService.sign(assemblyKeyVerifierPrk, challenge);
-            // --------------------------------------------------------------
-            // Change password for the original user
-            // --------------------------------------------------------------
-            const tempIdpPassword = (yield this.lrGraphQL.lrMutate(new LrMutation({
-                mutation: PreCompleteTpPasswordResetRequestMutation,
-                variables: {
-                    input: {
-                        signedChallenge: JSON.stringify(signedChallenge),
-                    },
-                },
-            }), {
-                includeKeyGraph: false,
-            })).preCompleteTpPasswordResetRequest.idpPassword;
-            // --------------------------------------------------------------
-            // Login as the original user using new temporary password
-            // --------------------------------------------------------------
-            // At this point, the original account's password has been changed
-            // to a temporary password. It is no longer possible for the user
-            // to use the original password to login. Any successful login
-            // can only be using the temporary password. So it's safe to assume
-            // that we want to "complete" the password reset.
-            // The maybe 2FA so we listen for the auth event from Amplify.
-            const retPromise = new Promise((resolve) => {
-                const listener = (data) => __awaiter(this, void 0, void 0, function* () {
-                    if (data.payload.event !== 'signIn') {
-                        return;
-                    }
-                    Hub.remove('auth', listener);
-                    console.log(data.payload);
-                    yield this.auth.signIn(resetUser.username, newIdpPassword);
-                    // Switch over to the new set of keys
-                    yield this.lrGraphQL.lrMutate(new LrMutation({
-                        mutation: CompleteTpPasswordResetRequestMutation,
-                        variables: {
-                            input: {
-                                masterKeyWrappedRootKey,
-                                masterKeyId: masterKey.id,
-                            },
-                        },
-                    }));
-                    resolve();
-                });
-                Hub.listen('auth', listener);
-            });
-            // Signin as the original user. Password has been reset to temporary one. It should return
-            // with NEW_PASSWORD_REQUIRED
-            let user = yield this.auth.signIn(resetUser.username, tempIdpPassword, {
-                noProxy: 'true',
-            });
-            if (user.challengeName !== 'NEW_PASSWORD_REQUIRED') {
-                throw new LrException({
-                    message: 'Internal error. Expecting Cognito to have done a password reset after call to PreCompleteTpPasswordResetRequestMutation.',
-                });
-            }
-            // Set new password on Idp
-            // the awsFetch() function passes NEW_PASSWORD_REQUIRED directly to AWS without
-            // going through the proxy.
-            user = yield this.auth.completeNewPassword(user, newIdpPassword, {});
-            return retPromise;
-        });
-    }
-    recoverAssemblyKey(resetUser) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const prk = yield this.keyGraphService.getKey(resetUser.pxk.id);
-            const partials = yield Promise.all(resetUser.approvals
-                .filter((approval) => !!approval.receiverCipherPartialAssemblyKey)
-                .map((approval) => this.encryptionService.decrypt(prk, approval.receiverCipherPartialAssemblyKey)));
-            return this.assemblyController.recoverAssemblyKey(partials);
-        });
-    }
-}
-LifeReadyAuthService.ɵprov = i0.ɵɵdefineInjectable({ factory: function LifeReadyAuthService_Factory() { return new LifeReadyAuthService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.AuthClass), i0.ɵɵinject(i3.KeyFactoryService), i0.ɵɵinject(i4.KeyService), i0.ɵɵinject(i5.ProfileService), i0.ɵɵinject(i6.KeyGraphService), i0.ɵɵinject(i7.PasswordService), i0.ɵɵinject(i8.IdleService), i0.ɵɵinject(i9.LrGraphQLService), i0.ɵɵinject(i10.TpPasswordResetProcessorService), i0.ɵɵinject(i11.PersistService), i0.ɵɵinject(i12.EncryptionService), i0.ɵɵinject(i13.Slip39Service), i0.ɵɵinject(i14.TpPasswordResetAssemblyController)); }, token: LifeReadyAuthService, providedIn: "root" });
-LifeReadyAuthService.decorators = [
-    { type: Injectable, args: [{
-                providedIn: 'root',
-            },] }
-];
-LifeReadyAuthService.ctorParameters = () => [
-    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
-    { type: AuthClass },
-    { type: KeyFactoryService },
-    { type: KeyService },
-    { type: ProfileService },
-    { type: KeyGraphService },
-    { type: PasswordService },
-    { type: IdleService },
-    { type: LrGraphQLService },
-    { type: TpPasswordResetProcessorService },
-    { type: PersistService },
-    { type: EncryptionService },
-    { type: Slip39Service },
-    { type: TpPasswordResetAssemblyController }
-];
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGlmZS1yZWFkeS1hdXRoLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiQzovUHJvamVjdHMva2MtY2xpZW50L3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2F1dGgvbGlmZS1yZWFkeS1hdXRoLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUU5RCxPQUFPLEVBQUUsR0FBRyxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFFeEMsT0FBTyxFQUFjLGFBQWEsRUFBRSxNQUFNLE1BQU0sQ0FBQztBQUVqRCxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sbUNBQW1DLENBQUM7QUFDcEUsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBQ3pELE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUMxRCxPQUFPLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQztBQUM5RCxPQUFPLEVBQ0wsMkJBQTJCLEVBQzNCLHFCQUFxQixFQUNyQixtQkFBbUIsRUFDbkIsV0FBVyxHQUNaLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUtMLGNBQWMsR0FDZixNQUFNLGNBQWMsQ0FBQztBQUN0QixPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFDckQsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLGdDQUFnQyxDQUFDO0FBQzNELE9BQU8sRUFDTCxzQ0FBc0MsRUFDdEMsb0NBQW9DLEVBQ3BDLHlDQUF5QyxFQUN6Qyx3QkFBd0IsR0FDekIsTUFBTSwwQ0FBMEMsQ0FBQztBQUNsRCxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFDN0MsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0scUNBQXFDLENBQUM7QUFDeEUsT0FBTyxFQUFFLGdCQUFnQixFQUFFLFVBQVUsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ2pFLE9BQU8sRUFBRSxZQUFZLEVBQTJCLE1BQU0sY0FBYyxDQUFDO0FBQ3JFLE9BQU8sRUFBRSwrQkFBK0IsRUFBRSxNQUFNLDREQUE0RCxDQUFDO0FBQzdHLE9BQU8sRUFBRSwrQkFBK0IsRUFBRSxNQUFNLFlBQVksQ0FBQztBQUM3RCxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDeEQsT0FBTyxFQUFFLEdBQUcsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUNoQyxPQUFPLEVBQW1CLFNBQVMsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLG9DQUFvQyxDQUFDO0FBQ3ZFLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUMvRCxPQUFPLEVBQ0wscUNBQXFDLEVBQ3JDLGlDQUFpQyxHQUNsQyxNQUFNLGdEQUFnRCxDQUFDO0FBQ3hELE9BQU8sRUFBRSxpQ0FBaUMsRUFBRSxNQUFNLGlEQUFpRCxDQUFDOzs7Ozs7Ozs7Ozs7Ozs7O0FBRXBHLE1BQU0sQ0FBQyxNQUFNLGNBQWMsR0FBRyxDQUFDLFdBQWlDLEVBQUUsRUFBRTtJQUNsRSxPQUFPLEdBQUcsRUFBRSxDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsQ0FBQztBQUN4QyxDQUFDLENBQUM7QUFTRixNQUFNLE9BQU8sb0JBQW9CO0lBSy9CLFlBQzZCLE1BQXVCLEVBQzFDLElBQWUsRUFDZixVQUE2QixFQUM3QixVQUFzQixFQUN0QixjQUE4QixFQUM5QixlQUFnQyxFQUNoQyxlQUFnQyxFQUNoQyxXQUF3QixFQUN4QixTQUEyQixFQUMzQiwrQkFBZ0UsRUFDaEUsY0FBOEIsRUFDOUIsaUJBQW9DLEVBQ3BDLGFBQTRCLEVBQzVCLGtCQUFxRDtRQWJsQyxXQUFNLEdBQU4sTUFBTSxDQUFpQjtRQUMxQyxTQUFJLEdBQUosSUFBSSxDQUFXO1FBQ2YsZUFBVSxHQUFWLFVBQVUsQ0FBbUI7UUFDN0IsZUFBVSxHQUFWLFVBQVUsQ0FBWTtRQUN0QixtQkFBYyxHQUFkLGNBQWMsQ0FBZ0I7UUFDOUIsb0JBQWUsR0FBZixlQUFlLENBQWlCO1FBQ2hDLG9CQUFlLEdBQWYsZUFBZSxDQUFpQjtRQUNoQyxnQkFBVyxHQUFYLFdBQVcsQ0FBYTtRQUN4QixjQUFTLEdBQVQsU0FBUyxDQUFrQjtRQUMzQixvQ0FBK0IsR0FBL0IsK0JBQStCLENBQWlDO1FBQ2hFLG1CQUFjLEdBQWQsY0FBYyxDQUFnQjtRQUM5QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLGtCQUFhLEdBQWIsYUFBYSxDQUFlO1FBQzVCLHVCQUFrQixHQUFsQixrQkFBa0IsQ0FBbUM7UUFsQnZELGVBQVUsR0FBdUIsSUFBSSxhQUFhLENBQU0sQ0FBQyxDQUFDLENBQUM7SUFtQmhFLENBQUM7SUFFUyxVQUFVOztZQUNyQixHQUFHLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7UUFDbkUsQ0FBQztLQUFBO0lBRWEsWUFBWSxDQUN4QixZQUFvQixFQUNwQixRQUFnQixFQUNoQixhQUE0QixFQUM1QixjQUE4Qjs7WUFFOUIsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ3ZELFFBQVEsSUFDTCxhQUFhLEVBQ2hCLENBQUM7WUFDSCxrREFBa0Q7WUFDbEQsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FDakMsWUFBWSxFQUNaLElBQUksQ0FBQyxlQUFlLENBQUMsZ0JBQWdCLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxDQUN6RCxDQUFDO1lBRUYsSUFBSSxDQUFDLGNBQWMsR0FBRyxjQUFjLENBQUM7WUFFckMsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFYSxRQUFRLENBQ3BCLFlBQW9CLEVBQ3BCLFFBQWdCOztZQUVoQixpREFBaUQ7WUFDakQsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsZ0JBQWdCLENBQ2pFLFlBQVksQ0FDYixDQUFDO1lBRUYsSUFDRSxnQkFBZ0IsQ0FBQyxvQkFBb0IsS0FBSyxvQkFBb0IsQ0FBQyxVQUFVLEVBQ3pFO2dCQUNBLE1BQU0sSUFBSSwyQkFBMkIsQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO2FBQzNFO1lBRUQsSUFDRSxnQkFBZ0IsQ0FBQyxvQkFBb0IsS0FBSyxvQkFBb0IsQ0FBQyxRQUFRLEVBQ3ZFO2dCQUNBLE9BQU8sQ0FBQyxHQUFHLENBQUMsbUJBQW1CLENBQUMsQ0FBQztnQkFDakMsbUdBQW1HO2dCQUNuRyxJQUFJO29CQUNGLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FDbEMsWUFBWSxFQUNaLFFBQVEsRUFDUixnQkFBZ0IsQ0FBQyxnQkFBZ0IsRUFDakMsY0FBYyxDQUFDLFlBQVksQ0FDNUIsQ0FBQztvQkFDRix5REFBeUQ7b0JBRXpELGdDQUFnQztvQkFDaEMsd0VBQXdFO29CQUV4RSxPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixDQUFDLENBQUM7b0JBRW5DLE9BQU8sSUFBSSxDQUFDO2lCQUNiO2dCQUFDLE9BQU8sS0FBSyxFQUFFO29CQUNkLDBDQUEwQztvQkFDMUMsSUFBSSxLQUFLLENBQUMsSUFBSSxLQUFLLHdCQUF3QixFQUFFO3dCQUMzQyxNQUFNLEtBQUssQ0FBQztxQkFDYjtvQkFDRCxpREFBaUQ7aUJBQ2xEO2dCQUVELGdGQUFnRjtnQkFDaEYsSUFBSTtvQkFDRixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQ2xDLFlBQVksRUFDWixRQUFRLEVBQ1IsZ0JBQWdCLENBQUMsb0JBQW9CLEVBQ3JDLGNBQWMsQ0FBQyxZQUFZLENBQzVCLENBQUM7b0JBQ0YsdUJBQXVCO29CQUN2QixPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixDQUFDLENBQUM7b0JBRW5DLE9BQU8sSUFBSSxDQUFDO2lCQUNiO2dCQUFDLE9BQU8sS0FBSyxFQUFFO29CQUNkLDBDQUEwQztvQkFDMUMsTUFBTSxLQUFLLENBQUMsSUFBSSxLQUFLLHdCQUF3Qjt3QkFDM0MsQ0FBQyxDQUFDLElBQUkscUJBQXFCLENBQ3ZCLHNHQUFzRyxDQUN2Rzt3QkFDSCxDQUFDLENBQUMsS0FBSyxDQUFDO2lCQUNYO2FBQ0Y7WUFFRCwrQ0FBK0M7WUFDL0MsSUFBSSxnQkFBZ0IsQ0FBQyxlQUFlLEVBQUU7Z0JBQ3BDLElBQUk7b0JBQ0YsNEVBQTRFO29CQUM1RSw4Q0FBOEM7b0JBQzlDLE1BQU0sS0FBSyxHQUFHLGdCQUFnQixDQUFDLGVBQWUsQ0FBQztvQkFDL0MsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUNqQyxLQUFLLENBQUMsYUFBYSxFQUNuQixRQUFRLEVBQ1IsS0FBSyxDQUFDLGFBQWEsRUFDbkIsY0FBYyxDQUFDLElBQUksQ0FDcEIsQ0FBQztvQkFDRixHQUFHLENBQUMscUJBQXFCLEdBQUcsSUFBSSxDQUFDO29CQUVqQyxPQUFPLEdBQUcsQ0FBQztpQkFDWjtnQkFBQyxPQUFPLEdBQUcsRUFBRTtvQkFDWix1Q0FBdUM7aUJBQ3hDO2FBQ0Y7WUFFRCx3QkFBd0I7WUFDeEIsT0FBTyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQzVCLFlBQVksRUFDWixRQUFRLEVBQ1IsZ0JBQWdCLENBQUMsb0JBQW9CLEVBQ3JDLGNBQWMsQ0FBQyxJQUFJLENBQ3BCLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFZSwwQkFBMEI7O1lBQ3hDLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQywyQkFBMkIsRUFBRTtnQkFDM0MsSUFBSSxDQUFDLFNBQVMsRUFBRSxFQUFFO29CQUNoQixNQUFNLEdBQUcsR0FDUCx5RkFBeUYsQ0FBQztvQkFDNUYsT0FBTyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztvQkFDbkIsTUFBTSxJQUFJLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztpQkFDdEI7cUJBQU07b0JBQ0wsT0FBTyxDQUFDLElBQUksQ0FDVix1RkFBdUYsQ0FDeEYsQ0FBQztpQkFDSDthQUNGO2lCQUFNO2dCQUNMLCtEQUErRDtnQkFDL0QsTUFBTSxvQkFBb0IsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQy9ELE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQzNCLElBQUksVUFBVSxDQUFDO29CQUNiLFFBQVEsRUFBRSwrQkFBK0I7b0JBQ3pDLFNBQVMsRUFBRTt3QkFDVCxLQUFLLEVBQUU7NEJBQ0wsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDbEMsb0JBQW9CLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUNsQzt5QkFDRjtxQkFDRjtpQkFDRixDQUFDLEVBQ0Y7b0JBQ0UsZUFBZSxFQUFFLEtBQUs7aUJBQ3ZCLENBQ0YsQ0FBQztnQkFFRixJQUFJLENBQUMsY0FBYyxDQUFDLDZCQUE2QixDQUFDLG9CQUFvQixDQUFDLENBQUM7YUFDekU7UUFDSCxDQUFDO0tBQUE7SUFFZSxjQUFjLENBQUMsV0FBaUM7O1lBQzlELE1BQU0sSUFBSSxDQUFDLHNCQUFzQixDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQy9DLE1BQU0sSUFBSSxDQUFDLDBCQUEwQixFQUFFLENBQUM7UUFDMUMsQ0FBQztLQUFBO0lBRVksS0FBSyxDQUNoQixZQUFvQixFQUNwQixRQUFnQixFQUNoQixFQUFFLDJCQUEyQixHQUFHLElBQUksS0FBbUIsRUFBRTs7O1lBRXpELElBQUksV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLEVBQUUsUUFBUSxDQUFDLENBQUM7WUFFL0QsSUFDRSwyQkFBMkI7Z0JBQzNCLE9BQUEsV0FBVyxDQUFDLFNBQVMsMENBQUUsS0FBSyxNQUFLLFlBQVksQ0FBQyxRQUFRLEVBQ3REO2dCQUNBLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxRQUFRLENBQUMsQ0FBQztnQkFDckMsV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLEVBQUUsUUFBUSxDQUFDLENBQUM7YUFDNUQ7WUFFRCxPQUFPLFdBQVcsQ0FBQzs7S0FDcEI7SUFFWSxTQUFTLENBQ3BCLFlBQW9CLEVBQ3BCLFFBQWdCOztZQUVoQixNQUFNLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNwQixNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsWUFBWSxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBRWhFLDZCQUE2QjtZQUM3QixJQUFJLENBQUMsU0FBUyxFQUFFLG9CQUFvQixDQUFDLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQyxhQUFhLENBQUMsRUFBRTtnQkFDekUsT0FBTyxFQUFFLFlBQVksRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxDQUFDO2FBQ3ZEO1lBRUQsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRXZDLElBQUksV0FBVyxDQUFDLHFCQUFxQixFQUFFO2dCQUNyQyxpREFBaUQ7Z0JBQ2pELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsQ0FBQztnQkFDckQsT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsU0FBUyxFQUFFLENBQUM7YUFDM0M7aUJBQU07Z0JBQ0wsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsRUFBRSxRQUFRLENBQUMsQ0FBQztnQkFDeEQsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUMsOENBQThDO2dCQUM5RSxPQUFPLEVBQUUsWUFBWSxFQUFFLEtBQUssRUFBRSxJQUFJLEVBQUUsQ0FBQzthQUN0QztRQUNILENBQUM7S0FBQTtJQUVELDBGQUEwRjtJQUM3RSxXQUFXLENBQ3RCLFNBQStCLEVBQy9CLFFBQWdCLEVBQ2hCLFVBQW1CLEVBQ25CLElBQVk7O1lBRVosTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxTQUFTLEVBQUUsSUFBSSxFQUFFLFNBQVMsQ0FBQyxhQUFhLENBQUMsQ0FBQztZQUV4RSxrRUFBa0U7WUFFbEUsTUFBTSxXQUFXLEdBQWdCLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUFDO1lBRTVFLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUVyQyxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBRXhELElBQUksVUFBVSxFQUFFO2dCQUNkLFdBQVcsQ0FBQyx5QkFBeUIsQ0FBQztvQkFDcEMsU0FBUyxFQUFFLEdBQUcsRUFBRSxHQUFFLENBQUM7b0JBQ25CLFNBQVMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7aUJBQ25DLENBQUMsQ0FBQzthQUNKO1lBRUQsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFSyxzQkFBc0IsQ0FBQyxJQUEwQjs7WUFDckQsSUFBSSxJQUFJLENBQUMsY0FBYyxLQUFLLGNBQWMsQ0FBQyxJQUFJLEVBQUU7Z0JBQy9DLE1BQU0sUUFBUSxHQUFHLElBQUk7cUJBQ2xCLG9CQUFvQixFQUFFO3FCQUN0QixjQUFjLEVBQUU7cUJBQ2hCLFdBQVcsRUFBRSxDQUFDO2dCQUNqQixNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsc0JBQXNCLENBQy9DLFFBQVEsRUFDUixJQUFJLENBQUMsY0FBYyxLQUFLLGNBQWMsQ0FBQyxZQUFZLENBQ3BELENBQUM7YUFDSDtRQUNILENBQUM7S0FBQTtJQUVLLGtCQUFrQixDQUN0QixTQUFrQixLQUFLOztZQUV2QixNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQztZQUUvRCxJQUFJLFdBQVcsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxRQUFRLENBQUMsaUNBQWlDLENBQUMsRUFBRTtnQkFDekUsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxDQUFDO2FBQ2xDO2lCQUFNO2dCQUNMLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQzthQUM3QjtRQUNILENBQUM7S0FBQTtJQUVLLFlBQVksQ0FBQyxTQUFrQixLQUFLOztZQUN4QyxJQUFJLENBQUMsTUFBTSxJQUFJLElBQUksQ0FBQyxnQkFBZ0IsRUFBRTtnQkFDcEMsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUM7YUFDOUI7WUFFRCxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7WUFFbkQsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUMsOENBQThDO1lBRTlFLE9BQU8sSUFBSSxDQUFDLGdCQUFnQixDQUFDO1FBQy9CLENBQUM7S0FBQTtJQUVLLE9BQU8sQ0FBQyxTQUFrQixLQUFLOztZQUNuQyxJQUFJLENBQUMsTUFBTSxJQUFJLElBQUksQ0FBQyxXQUFXLEVBQUU7Z0JBQy9CLE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQzthQUN6QjtZQUNELElBQUksQ0FBQyxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUNwQyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FDM0MsQ0FBQztZQUNGLE9BQU8sQ0FBQyxHQUFHLENBQUMsd0JBQXdCLENBQUMsQ0FBQztZQUN0QyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQyw4Q0FBOEM7WUFDOUUsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDO1FBQzFCLENBQUM7S0FBQTtJQUVPLGdCQUFnQixDQUFDLFFBQWM7UUFDckMsTUFBTSxjQUFjLEdBQUcsUUFBUSxhQUFSLFFBQVEsdUJBQVIsUUFBUSxDQUFFLE9BQU8sQ0FBQztRQUN6QyxPQUFPLENBQ0wsQ0FBQSxjQUFjLGFBQWQsY0FBYyx1QkFBZCxjQUFjLENBQUUsTUFBTSxJQUFHLENBQUM7WUFDMUIsY0FBYyxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLFdBQVcsRUFBRSxLQUFLLFFBQVEsQ0FBQyxDQUNyRSxDQUFDO0lBQ0osQ0FBQztJQUVhLFFBQVEsQ0FDcEIsV0FBd0IsRUFDeEIsUUFBaUI7O1lBRWpCLE1BQU0sRUFDSixXQUFXLEVBQ1gsV0FBVyxFQUNYLFNBQVMsR0FDVixHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUUvQyxJQUFJLFdBQVcsQ0FBQyxvQkFBb0IsRUFBRTtnQkFDcEMsSUFBSSxDQUFDLGNBQWMsQ0FBQyw2QkFBNkIsQ0FDL0MsTUFBTSxHQUFHLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxvQkFBb0IsQ0FBQyxDQUNsRCxDQUFDO2FBQ0g7WUFFRCxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRW5FLElBQUksUUFBUSxFQUFFO2dCQUNaLE1BQU0sT0FBTyxHQUFHLENBQ2QsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ2pDLFFBQVEsSUFDTCxXQUFXLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQ25ELENBQ0gsQ0FBQyxHQUFHLENBQUM7Z0JBRU4sTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLGdCQUFnQixDQUNyQyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsaUJBQWlCLENBQzFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFDckMsT0FBTyxFQUNQLFdBQVcsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FDeEMsQ0FDRixDQUFDO2FBQ0g7WUFDRCxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsQ0FBQztZQUVwRSxPQUFPO2dCQUNMLEVBQUUsRUFBRSxXQUFXLENBQUMsRUFBRTtnQkFDbEIsR0FBRyxFQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLEVBQUUsY0FBYyxDQUFDO2dCQUNqRCxRQUFRLEVBQUUsV0FBVyxDQUFDLFFBQVE7Z0JBQzlCLGNBQWMsRUFBRSxXQUFXLENBQUMsY0FBYztnQkFDMUMsaUJBQWlCLEVBQUUsR0FBRyxFQUFFLENBQ3RCLFdBQVcsQ0FBQyxvQkFBb0IsRUFBRSxDQUFDLGNBQWMsRUFBRSxDQUFDLFdBQVcsRUFBRTtnQkFDbkUsS0FBSyxFQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLEVBQUUsY0FBYyxDQUFDO2dCQUNyRCxhQUFhLEVBQ1gsSUFBSSxDQUFDLGdCQUFnQixDQUFDLGdCQUFnQixFQUFFLGNBQWMsQ0FBQyxLQUFLLE1BQU07Z0JBQ3BFLEtBQUssRUFBRSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsY0FBYyxFQUFFLGNBQWMsQ0FBQztnQkFDNUQsYUFBYSxFQUNYLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyx1QkFBdUIsRUFBRSxjQUFjLENBQUM7b0JBQzlELE1BQU07Z0JBQ1IsV0FBVyxvQkFDTixDQUFDLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxrQkFBa0IsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUMvRDtnQkFDRCxVQUFVLEVBQUUsV0FBVyxDQUFDLFVBQVU7Z0JBQ2xDLFNBQVM7Z0JBQ1QsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUM7Z0JBQzdELFFBQVEsRUFBRSxXQUFXLENBQUMsUUFBUTtnQkFDOUIsb0JBQW9CLEVBQUUsV0FBVyxDQUFDLG9CQUFvQjthQUN2RCxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRU0sU0FBUztRQUNkLE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQztJQUN6QixDQUFDO0lBRVksTUFBTTs7WUFDakIsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLENBQUM7WUFDeEIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUM1QixJQUFJLENBQUMsZUFBZSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBRWpDLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLEVBQUUsSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDMUUsQ0FBQztLQUFBO0lBRU8sZ0JBQWdCLENBQ3RCLGFBQXFCLEVBQ3JCLGNBQXNDO1FBRXRDLE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxJQUFJLENBQ3ZDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxFQUFFLEtBQUssYUFBYSxDQUNyQyxDQUFDO1FBRUYsT0FBTyxhQUFhLENBQUMsQ0FBQyxDQUFDLGFBQWEsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDO0lBQ3pELENBQUM7SUFFWSxhQUFhLENBQUMsUUFBaUI7O1lBQzFDLE1BQU0sRUFBRSxtQkFBbUIsRUFBRSxTQUFTLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDO2dCQUNwRSxLQUFLLEVBQUUsd0JBQXdCO2FBQ2hDLENBQUMsQ0FBQztZQUVILElBQUksU0FBUyxDQUFDLG9CQUFvQixFQUFFO2dCQUNsQyxJQUFJLENBQUMsY0FBYyxDQUFDLDZCQUE2QixDQUMvQyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLG9CQUFvQixDQUFDLENBQ2hELENBQUM7YUFDSDtZQUVELGtCQUFrQjtZQUNsQixJQUFJLFFBQVEsRUFBRTtnQkFDWixNQUFNLE9BQU8sR0FBRyxDQUNkLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLGlCQUNqQyxRQUFRLElBQ0wsU0FBUyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQ2xDLENBQ0gsQ0FBQyxHQUFHLENBQUM7Z0JBRU4sTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLGdCQUFnQixDQUNyQyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsaUJBQWlCLENBQzFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsRUFBRSxFQUNwQixPQUFPLEVBQ1AsU0FBUyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQ3ZCLENBQ0YsQ0FBQzthQUNIO1lBRUQsSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUM7Z0JBQzNCLE9BQU8sRUFBRTtvQkFDUCxFQUFFLEVBQUUsU0FBUyxDQUFDLE9BQU8sQ0FBQyxFQUFFO2lCQUN6QjtnQkFDRCxTQUFTLEVBQUU7b0JBQ1QsRUFBRSxFQUFFLFNBQVMsQ0FBQyxTQUFTLENBQUMsRUFBRTtpQkFDM0I7YUFDRixDQUFDLENBQUM7WUFFSCxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUNuRCxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FDM0MsQ0FBQztZQUNGLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLEVBQUUsY0FBYyxDQUFDLENBQUM7WUFFekQsdUNBQ0ssQ0FBQyxNQUFNLElBQUksQ0FBQywrQkFBK0IsQ0FBQyw4QkFBOEIsQ0FDM0UsU0FBUyxDQUNWLENBQUMsS0FDRixHQUFHLElBQ0g7UUFDSixDQUFDO0tBQUE7SUFFWSxrQkFBa0I7O1lBQzdCLE1BQU0sV0FBVyxHQUFnQixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQztZQUM1RSxNQUFNLFlBQVksR0FBRyxXQUFXLENBQUMsb0JBQW9CLEVBQUUsQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUUxRSxPQUFPLElBQUksT0FBTyxDQUFDLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFO2dCQUNyQyxXQUFXLENBQUMsY0FBYyxDQUFDLFlBQVksRUFBRSxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUUsRUFBRTtvQkFDckQsSUFBSSxHQUFHLEVBQUU7d0JBQ1AsT0FBTyxDQUFDLEtBQUssQ0FBQywwQkFBMEIsRUFBRSxHQUFHLENBQUMsQ0FBQzt3QkFDL0MsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO3FCQUNiO3lCQUFNO3dCQUNMLE9BQU8sQ0FBQyxHQUFHLENBQUMsMEJBQTBCLEVBQUUsSUFBSSxDQUFDLENBQUM7d0JBQzlDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztxQkFDWjtnQkFDSCxDQUFDLENBQUMsQ0FBQztZQUNMLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztLQUFBO0lBRUssZUFBZSxDQUFDLFdBQW1COztZQUN2QyxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFaEQsSUFBSSxTQUFTLENBQUMsS0FBSyxLQUFLLFlBQVksQ0FBQyxRQUFRLEVBQUU7Z0JBQzdDLE1BQU0sSUFBSSxtQkFBbUIsQ0FDM0IsK0NBQStDLENBQ2hELENBQUM7YUFDSDtZQUVELGlFQUFpRTtZQUNqRSx1REFBdUQ7WUFDdkQsaUVBQWlFO1lBQ2pFLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBRTdELE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ3RELFdBQVcsRUFDWCxTQUFTLENBQUMsa0JBQWtCLENBQzdCLENBQUM7WUFDRixPQUFPLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBRXJCLGdDQUFnQztZQUNoQyxNQUFNLFVBQVUsR0FBRyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFNUMsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBRTVFLE1BQU0sdUJBQXVCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsZUFBZSxDQUMxRSxTQUFTLENBQUMsR0FBRyxFQUNiLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3hCLENBQUM7WUFFRixtQkFBbUI7WUFDbkIsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxpQkFDMUQsUUFBUSxFQUFFLFdBQVcsSUFDbEIsU0FBUyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQ2xDLENBQUM7WUFFSCxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLGdCQUFnQixDQUMxRCxnQkFBZ0IsQ0FBQyxHQUFHLENBQ3JCLENBQUM7WUFFRixpRUFBaUU7WUFDakUsNkJBQTZCO1lBQzdCLGlFQUFpRTtZQUNqRSxNQUFNLFNBQVMsR0FBRyxDQUNoQixNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUMzQixJQUFJLFVBQVUsQ0FBQztnQkFDYixRQUFRLEVBQUUsb0NBQW9DO2dCQUM5QyxTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFLEVBQUU7aUJBQ1Y7YUFDRixDQUFDLEVBQ0Y7Z0JBQ0UsZUFBZSxFQUFFLEtBQUs7YUFDdkIsQ0FDRixDQUNGLENBQUMsNEJBQTRCLENBQUMsU0FBUyxDQUFDO1lBRXpDLE9BQU8sQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUM7WUFFdkIscUJBQXFCO1lBQ3JCLGtFQUFrRTtZQUNsRSxTQUFTLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUNsRCxxQ0FBcUMsQ0FDdEMsQ0FBQztZQUNGLE9BQU8sQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUM7WUFFdkIsTUFBTSxzQkFBc0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2pFLFdBQVcsRUFDWCxTQUFTLENBQUMsNkJBQTZCLENBQ3hDLENBQUM7WUFDRixNQUFNLGVBQWUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQ3ZELHNCQUFzQixFQUN0QixTQUFTLENBQ1YsQ0FBQztZQUVGLGlFQUFpRTtZQUNqRSx3Q0FBd0M7WUFDeEMsaUVBQWlFO1lBQ2pFLE1BQU0sZUFBZSxHQUFHLENBQ3RCLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQzNCLElBQUksVUFBVSxDQUFDO2dCQUNiLFFBQVEsRUFBRSx5Q0FBeUM7Z0JBQ25ELFNBQVMsRUFBRTtvQkFDVCxLQUFLLEVBQUU7d0JBQ0wsZUFBZSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO3FCQUNqRDtpQkFDRjthQUNGLENBQUMsRUFDRjtnQkFDRSxlQUFlLEVBQUUsS0FBSzthQUN2QixDQUNGLENBQ0YsQ0FBQyxpQ0FBaUMsQ0FBQyxXQUFXLENBQUM7WUFFaEQsaUVBQWlFO1lBQ2pFLDBEQUEwRDtZQUMxRCxpRUFBaUU7WUFDakUsa0VBQWtFO1lBQ2xFLGlFQUFpRTtZQUNqRSw4REFBOEQ7WUFDOUQsbUVBQW1FO1lBQ25FLGlEQUFpRDtZQUVqRCw4REFBOEQ7WUFDOUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxPQUFPLENBQU8sQ0FBQyxPQUFPLEVBQUUsRUFBRTtnQkFDL0MsTUFBTSxRQUFRLEdBQUcsQ0FBTyxJQUFJLEVBQUUsRUFBRTtvQkFDOUIsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssS0FBSyxRQUFRLEVBQUU7d0JBQ25DLE9BQU87cUJBQ1I7b0JBRUQsR0FBRyxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQUM7b0JBRTdCLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO29CQUUxQixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxRQUFRLEVBQUUsY0FBYyxDQUFDLENBQUM7b0JBRTNELHFDQUFxQztvQkFDckMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FDM0IsSUFBSSxVQUFVLENBQUM7d0JBQ2IsUUFBUSxFQUFFLHNDQUFzQzt3QkFDaEQsU0FBUyxFQUFFOzRCQUNULEtBQUssRUFBRTtnQ0FDTCx1QkFBdUI7Z0NBQ3ZCLFdBQVcsRUFBRSxTQUFTLENBQUMsRUFBRTs2QkFDMUI7eUJBQ0Y7cUJBQ0YsQ0FBQyxDQUNILENBQUM7b0JBRUYsT0FBTyxFQUFFLENBQUM7Z0JBQ1osQ0FBQyxDQUFBLENBQUM7Z0JBRUYsR0FBRyxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQUM7WUFDL0IsQ0FBQyxDQUFDLENBQUM7WUFFSCwwRkFBMEY7WUFDMUYsNkJBQTZCO1lBQzdCLElBQUksSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLFFBQVEsRUFBRSxlQUFlLEVBQUU7Z0JBQ3JFLE9BQU8sRUFBRSxNQUFNO2FBQ2hCLENBQUMsQ0FBQztZQUVILElBQUksSUFBSSxDQUFDLGFBQWEsS0FBSyx1QkFBdUIsRUFBRTtnQkFDbEQsTUFBTSxJQUFJLFdBQVcsQ0FBQztvQkFDcEIsT0FBTyxFQUNMLDBIQUEwSDtpQkFDN0gsQ0FBQyxDQUFDO2FBQ0o7WUFFRCwwQkFBMEI7WUFDMUIsK0VBQStFO1lBQy9FLDJCQUEyQjtZQUMzQixJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLElBQUksRUFBRSxjQUFjLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFFckUsT0FBTyxVQUFVLENBQUM7UUFDcEIsQ0FBQztLQUFBO0lBRWEsa0JBQWtCLENBQzlCLFNBQWtDOztZQUVsQyxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7WUFFaEUsTUFBTSxRQUFRLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUNoQyxTQUFTLENBQUMsU0FBUztpQkFDaEIsTUFBTSxDQUFDLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLGdDQUFnQyxDQUFDO2lCQUNqRSxHQUFHLENBQUMsQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUNoQixJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUM1QixHQUFHLEVBQ0gsUUFBUSxDQUFDLGdDQUFnQyxDQUMxQyxDQUNGLENBQ0osQ0FBQztZQUVGLE9BQU8sSUFBSSxDQUFDLGtCQUFrQixDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzlELENBQUM7S0FBQTs7OztZQTVuQkYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7NENBT0ksTUFBTSxTQUFDLFNBQVM7WUF6Q1osU0FBUztZQVFULGlCQUFpQjtZQXpCakIsVUFBVTtZQUNWLGNBQWM7WUFGZCxlQUFlO1lBaUJmLGVBQWU7WUFRZixXQUFXO1lBRVgsZ0JBQWdCO1lBRWhCLCtCQUErQjtZQUUvQixjQUFjO1lBR2QsaUJBQWlCO1lBQ2pCLGFBQWE7WUFLYixpQ0FBaUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJbmplY3QsIEluamVjdGFibGUsIGlzRGV2TW9kZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgeyBDb2duaXRvVXNlciB9IGZyb20gJ0Bhd3MtYW1wbGlmeS9hdXRoJztcclxuaW1wb3J0IHsgSHViIH0gZnJvbSAnQGF3cy1hbXBsaWZ5L2NvcmUnO1xyXG5pbXBvcnQgeyBDb2duaXRvVXNlckF0dHJpYnV0ZSB9IGZyb20gJ2FtYXpvbi1jb2duaXRvLWlkZW50aXR5LWpzJztcclxuaW1wb3J0IHsgT2JzZXJ2YWJsZSwgUmVwbGF5U3ViamVjdCB9IGZyb20gJ3J4anMnO1xyXG5pbXBvcnQgeyBQYXNzSWRwUGFyYW1zIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2NyeXB0b2dyYXBoeS50eXBlcyc7XHJcbmltcG9ydCB7IEtleUdyYXBoU2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXktZ3JhcGguc2VydmljZSc7XHJcbmltcG9ydCB7IEtleVNlcnZpY2UgfSBmcm9tICcuLi9jcnlwdG9ncmFwaHkva2V5LnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBQcm9maWxlU2VydmljZSB9IGZyb20gJy4uL3VzZXJzL3Byb2ZpbGUuc2VydmljZSc7XHJcbmltcG9ydCB7IFBhc3N3b3JkQ2hhbmdlU3RhdHVzIH0gZnJvbSAnLi4vdXNlcnMvcHJvZmlsZS50eXBlcyc7XHJcbmltcG9ydCB7XHJcbiAgTHJDb25jdXJyZW50QWNjZXNzRXhjZXB0aW9uLFxyXG4gIExyQmFkUmVxdWVzdEV4Y2VwdGlvbixcclxuICBMckJhZFN0YXRlRXhjZXB0aW9uLFxyXG4gIExyRXhjZXB0aW9uLFxyXG59IGZyb20gJy4uL19jb21tb24vZXhjZXB0aW9ucyc7XHJcbmltcG9ydCB7XHJcbiAgQ29nbml0b0NoYWxsZW5nZVVzZXIsXHJcbiAgQ3VycmVudFVzZXIsXHJcbiAgVHBQYXNzd29yZFJlc2V0VXNlcixcclxuICBMb2dpblJlc3VsdCxcclxuICBSZWNvdmVyeVN0YXR1cyxcclxufSBmcm9tICcuL2F1dGgudHlwZXMnO1xyXG5pbXBvcnQgeyBQYXNzd29yZFNlcnZpY2UgfSBmcm9tICcuL3Bhc3N3b3JkLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBBdXRoQ2xhc3MgfSBmcm9tICdAYXdzLWFtcGxpZnkvYXV0aC9saWItZXNtL0F1dGgnO1xyXG5pbXBvcnQge1xyXG4gIENvbXBsZXRlVHBQYXNzd29yZFJlc2V0UmVxdWVzdE11dGF0aW9uLFxyXG4gIENyZWF0ZVRwQXNzZW1ibHlLZXlDaGFsbGVuZ2VNdXRhdGlvbixcclxuICBQcmVDb21wbGV0ZVRwUGFzc3dvcmRSZXNldFJlcXVlc3RNdXRhdGlvbixcclxuICBUcFBhc3N3b3JkUmVzZXRVc2VyUXVlcnksXHJcbn0gZnJvbSAnLi4vdHJ1c3RlZC1wYXJ0aWVzL3RwLXBhc3N3b3JkLXJlc2V0LmdxbCc7XHJcbmltcG9ydCB7IElkbGVTZXJ2aWNlIH0gZnJvbSAnLi9pZGxlLnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBLZXlGYWN0b3J5U2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXktZmFjdG9yeS5zZXJ2aWNlJztcclxuaW1wb3J0IHsgTHJHcmFwaFFMU2VydmljZSwgTHJNdXRhdGlvbiB9IGZyb20gJy4uL2FwaS9sci1ncmFwaHFsJztcclxuaW1wb3J0IHsgVHBDbGFpbVN0YXRlLCBUcFBhc3N3b3JkUmVzZXRVc2VyTm9kZSB9IGZyb20gJy4uL2FwaS90eXBlcyc7XHJcbmltcG9ydCB7IFRwUGFzc3dvcmRSZXNldFByb2Nlc3NvclNlcnZpY2UgfSBmcm9tICcuLi9hcGkvcXVlcnktcHJvY2Vzc29yL3RwLXBhc3N3b3JkLXJlc2V0LXByb2Nlc3Nvci5zZXJ2aWNlJztcclxuaW1wb3J0IHsgU2V0U2Vzc2lvbkVuY3J5cHRpb25LZXlNdXRhdGlvbiB9IGZyb20gJy4vYXV0aC5ncWwnO1xyXG5pbXBvcnQgeyBQZXJzaXN0U2VydmljZSB9IGZyb20gJy4uL2FwaS9wZXJzaXN0LnNlcnZpY2UnO1xyXG5pbXBvcnQgeyBKV0sgfSBmcm9tICdub2RlLWpvc2UnO1xyXG5pbXBvcnQgeyBMaWZlUmVhZHlDb25maWcsIExSX0NPTkZJRyB9IGZyb20gJy4uL2xpZmUtcmVhZHkuY29uZmlnJztcclxuaW1wb3J0IHsgRW5jcnlwdGlvblNlcnZpY2UgfSBmcm9tICcuLi9jcnlwdG9ncmFwaHkvZW5jcnlwdGlvbi5zZXJ2aWNlJztcclxuaW1wb3J0IHsgU2xpcDM5U2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9zbGlwMzkuc2VydmljZSc7XHJcbmltcG9ydCB7XHJcbiAgVFBfUEFTU1dPUkRfUkVTRVRfQ0xJRU5UX05PTkNFX0xFTkdUSCxcclxuICBUUF9QQVNTV09SRF9SRVNFVF9VU0VSTkFNRV9TVUZGSVgsXHJcbn0gZnJvbSAnLi4vdHJ1c3RlZC1wYXJ0aWVzL3RwLXBhc3N3b3JkLXJlc2V0LmNvbnN0YW50cyc7XHJcbmltcG9ydCB7IFRwUGFzc3dvcmRSZXNldEFzc2VtYmx5Q29udHJvbGxlciB9IGZyb20gJy4uL3RydXN0ZWQtcGFydGllcy90cC1wYXNzd29yZC1yZXNldC5jb250cm9sbGVyJztcclxuXHJcbmV4cG9ydCBjb25zdCBpbml0aWFsaXNlQXV0aCA9IChhdXRoU2VydmljZTogTGlmZVJlYWR5QXV0aFNlcnZpY2UpID0+IHtcclxuICByZXR1cm4gKCkgPT4gYXV0aFNlcnZpY2UuaW5pdGlhbGlzZSgpO1xyXG59O1xyXG5cclxuZXhwb3J0IGludGVyZmFjZSBMb2dpbk9wdGlvbnMge1xyXG4gIHRwUGFzc3dvcmRSZXNldEF1dG9Db21wbGV0ZT86IGJvb2xlYW47XHJcbn1cclxuXHJcbkBJbmplY3RhYmxlKHtcclxuICBwcm92aWRlZEluOiAncm9vdCcsXHJcbn0pXHJcbmV4cG9ydCBjbGFzcyBMaWZlUmVhZHlBdXRoU2VydmljZSB7XHJcbiAgcHJpdmF0ZSBodWJTdWJqZWN0OiBSZXBsYXlTdWJqZWN0PGFueT4gPSBuZXcgUmVwbGF5U3ViamVjdDxhbnk+KDEpO1xyXG4gIHByaXZhdGUgY3VycmVudFVzZXI6IEN1cnJlbnRVc2VyO1xyXG4gIHByaXZhdGUgY3VycmVudFJlc2V0VXNlcjogVHBQYXNzd29yZFJlc2V0VXNlcjtcclxuXHJcbiAgY29uc3RydWN0b3IoXHJcbiAgICBASW5qZWN0KExSX0NPTkZJRykgcHJpdmF0ZSBjb25maWc6IExpZmVSZWFkeUNvbmZpZyxcclxuICAgIHByaXZhdGUgYXV0aDogQXV0aENsYXNzLFxyXG4gICAgcHJpdmF0ZSBrZXlGYWN0b3J5OiBLZXlGYWN0b3J5U2VydmljZSxcclxuICAgIHByaXZhdGUga2V5U2VydmljZTogS2V5U2VydmljZSxcclxuICAgIHByaXZhdGUgcHJvZmlsZVNlcnZpY2U6IFByb2ZpbGVTZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSBrZXlHcmFwaFNlcnZpY2U6IEtleUdyYXBoU2VydmljZSxcclxuICAgIHByaXZhdGUgcGFzc3dvcmRTZXJ2aWNlOiBQYXNzd29yZFNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGlkbGVTZXJ2aWNlOiBJZGxlU2VydmljZSxcclxuICAgIHByaXZhdGUgbHJHcmFwaFFMOiBMckdyYXBoUUxTZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSB0cFBhc3N3b3JkUmVzZXRQcm9jZXNzb3JTZXJ2aWNlOiBUcFBhc3N3b3JkUmVzZXRQcm9jZXNzb3JTZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSBwZXJzaXN0U2VydmljZTogUGVyc2lzdFNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGVuY3J5cHRpb25TZXJ2aWNlOiBFbmNyeXB0aW9uU2VydmljZSxcclxuICAgIHByaXZhdGUgc2xpcDM5U2VydmljZTogU2xpcDM5U2VydmljZSxcclxuICAgIHByaXZhdGUgYXNzZW1ibHlDb250cm9sbGVyOiBUcFBhc3N3b3JkUmVzZXRBc3NlbWJseUNvbnRyb2xsZXJcclxuICApIHt9XHJcblxyXG4gIHB1YmxpYyBhc3luYyBpbml0aWFsaXNlKCkge1xyXG4gICAgSHViLmxpc3RlbignYXV0aCcsIChkYXRhKSA9PiB0aGlzLmh1YlN1YmplY3QubmV4dChkYXRhLnBheWxvYWQpKTtcclxuICB9XHJcblxyXG4gIHByaXZhdGUgYXN5bmMgbG9naW5JZHBJbXBsKFxyXG4gICAgZW1haWxPclBob25lOiBzdHJpbmcsXHJcbiAgICBwYXNzd29yZDogc3RyaW5nLFxyXG4gICAgcGFzc0lkcFBhcmFtczogUGFzc0lkcFBhcmFtcyxcclxuICAgIHJlY292ZXJ5U3RhdHVzOiBSZWNvdmVyeVN0YXR1c1xyXG4gICk6IFByb21pc2U8Q29nbml0b0NoYWxsZW5nZVVzZXI+IHtcclxuICAgIGNvbnN0IHBhc3NJZHBSZXN1bHQgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlUGFzc0lkcCh7XHJcbiAgICAgIHBhc3N3b3JkLFxyXG4gICAgICAuLi5wYXNzSWRwUGFyYW1zLFxyXG4gICAgfSk7XHJcbiAgICAvLyBVc2UgdGhlIGRlcml2ZWQgcGFzc3dvcmQgdG8gc2lnbmluIHdpdGggY29nbml0b1xyXG4gICAgY29uc3QgdXNlciA9IGF3YWl0IHRoaXMuYXV0aC5zaWduSW4oXHJcbiAgICAgIGVtYWlsT3JQaG9uZSxcclxuICAgICAgdGhpcy5wYXNzd29yZFNlcnZpY2UuZ2V0UGFzc0lkcFN0cmluZyhwYXNzSWRwUmVzdWx0Lmp3aylcclxuICAgICk7XHJcblxyXG4gICAgdXNlci5yZWNvdmVyeVN0YXR1cyA9IHJlY292ZXJ5U3RhdHVzO1xyXG5cclxuICAgIHJldHVybiB1c2VyO1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBhc3luYyBsb2dpbklkcChcclxuICAgIGVtYWlsT3JQaG9uZTogc3RyaW5nLFxyXG4gICAgcGFzc3dvcmQ6IHN0cmluZ1xyXG4gICk6IFByb21pc2U8Q29nbml0b0NoYWxsZW5nZVVzZXI+IHtcclxuICAgIC8vIERvd25sb2FkIHRoZSBzYWx0IG5lZWRlZCB0byBkZXJpdmUgdGhlIFBhc3NJZHBcclxuICAgIGNvbnN0IHBhc3NJZHBBcGlSZXN1bHQgPSBhd2FpdCB0aGlzLnByb2ZpbGVTZXJ2aWNlLmdldFBhc3NJZHBQYXJhbXMoXHJcbiAgICAgIGVtYWlsT3JQaG9uZVxyXG4gICAgKTtcclxuXHJcbiAgICBpZiAoXHJcbiAgICAgIHBhc3NJZHBBcGlSZXN1bHQucGFzc3dvcmRDaGFuZ2VTdGF0dXMgPT09IFBhc3N3b3JkQ2hhbmdlU3RhdHVzLkluUHJvZ3Jlc3NcclxuICAgICkge1xyXG4gICAgICB0aHJvdyBuZXcgTHJDb25jdXJyZW50QWNjZXNzRXhjZXB0aW9uKCdBIHBhc3N3b3JkIGNoYW5nZSBpcyBpbiBwcm9ncmVzcycpO1xyXG4gICAgfVxyXG5cclxuICAgIGlmIChcclxuICAgICAgcGFzc0lkcEFwaVJlc3VsdC5wYXNzd29yZENoYW5nZVN0YXR1cyA9PT0gUGFzc3dvcmRDaGFuZ2VTdGF0dXMuUmVjb3ZlcnlcclxuICAgICkge1xyXG4gICAgICBjb25zb2xlLmxvZygnSW4gcmVjb3ZlcnkgbW9kZS4nKTtcclxuICAgICAgLy8gTGV0J3Mgc2F5IHdlIGRvbid0IGtub3cgaWYgdGhlIHBhc3N3b3JkIGlzIHRoZSBuZXcgb25lIG9yIHRoZSBvbGQgb25lLiBXZSBqdXN0IGhhdmUgdG8gdHJ5IGJvdGguXHJcbiAgICAgIHRyeSB7XHJcbiAgICAgICAgY29uc3QgdXNlciA9IGF3YWl0IHRoaXMubG9naW5JZHBJbXBsKFxyXG4gICAgICAgICAgZW1haWxPclBob25lLFxyXG4gICAgICAgICAgcGFzc3dvcmQsXHJcbiAgICAgICAgICBwYXNzSWRwQXBpUmVzdWx0Lm5ld1Bhc3NJZHBQYXJhbXMsXHJcbiAgICAgICAgICBSZWNvdmVyeVN0YXR1cy5ORVdfUEFTU1dPUkRcclxuICAgICAgICApO1xyXG4gICAgICAgIC8vIE5ldyBwYXNzd29yZCB3b3JrZWQuIExldCdzIHNldCB0byB0aGUgY3VycmVudCBwYXNzd29yZFxyXG5cclxuICAgICAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDEtLVxyXG4gICAgICAgIC8vIGlmIGNoYW5nZVBhc3N3b3JkQ29tcGxldGUoKSBkb2Vzbid0IGdldCBjYWxsZWQsIHRoZW4gaXQgc2hvdWxkIHJlbWFpblxyXG5cclxuICAgICAgICBjb25zb2xlLmxvZygnTmV3IHBhc3N3b3JkIHdvcmtzIScpO1xyXG5cclxuICAgICAgICByZXR1cm4gdXNlcjtcclxuICAgICAgfSBjYXRjaCAoZXJyb3IpIHtcclxuICAgICAgICAvLyBKdXN0IGJ1YmJsZSB1cCBhbnkgb3RoZXIgdHlwZSBvZiBlcnJvci5cclxuICAgICAgICBpZiAoZXJyb3IuY29kZSAhPT0gJ05vdEF1dGhvcml6ZWRFeGNlcHRpb24nKSB7XHJcbiAgICAgICAgICB0aHJvdyBlcnJvcjtcclxuICAgICAgICB9XHJcbiAgICAgICAgLy8gcGFzcywgdHJ5IGFnYWluIGFzc3VtaW5nIGl0J3MgdGhlIG9sZCBwYXNzd29yZFxyXG4gICAgICB9XHJcblxyXG4gICAgICAvLyBOb3cgYXNzdW1lIGl0J3MgdGhlIHByZXZpb3VzIHBhc3N3b3JkLiBBbnkgZXhjZXB0aW9uIGlzIGFsbG93ZWQgdG8gYnViYmxlIHVwLlxyXG4gICAgICB0cnkge1xyXG4gICAgICAgIGNvbnN0IHVzZXIgPSBhd2FpdCB0aGlzLmxvZ2luSWRwSW1wbChcclxuICAgICAgICAgIGVtYWlsT3JQaG9uZSxcclxuICAgICAgICAgIHBhc3N3b3JkLFxyXG4gICAgICAgICAgcGFzc0lkcEFwaVJlc3VsdC5jdXJyZW50UGFzc0lkcFBhcmFtcyxcclxuICAgICAgICAgIFJlY292ZXJ5U3RhdHVzLk9MRF9QQVNTV09SRFxyXG4gICAgICAgICk7XHJcbiAgICAgICAgLy8gT2xkIHBhc3N3b3JkIHdvcmtlZC5cclxuICAgICAgICBjb25zb2xlLmxvZygnT2xkIHBhc3N3b3JkIHdvcmtzIScpO1xyXG5cclxuICAgICAgICByZXR1cm4gdXNlcjtcclxuICAgICAgfSBjYXRjaCAoZXJyb3IpIHtcclxuICAgICAgICAvLyBKdXN0IGJ1YmJsZSB1cCBhbnkgb3RoZXIgdHlwZSBvZiBlcnJvci5cclxuICAgICAgICB0aHJvdyBlcnJvci5jb2RlID09PSAnTm90QXV0aG9yaXplZEV4Y2VwdGlvbidcclxuICAgICAgICAgID8gbmV3IExyQmFkUmVxdWVzdEV4Y2VwdGlvbihcclxuICAgICAgICAgICAgICAnVGhlIHBhc3N3b3JkIGNoYW5nZSByZXF1ZXN0IHdhcyBpbnRlcnJ1cHRlZCwgcGxlYXNlIHRyeSB0byBsb2dpbiB3aXRoIGJvdGggeW91ciBuZXcgYW5kIG9sZCBwYXNzd29yZCdcclxuICAgICAgICAgICAgKVxyXG4gICAgICAgICAgOiBlcnJvcjtcclxuICAgICAgfVxyXG4gICAgfVxyXG5cclxuICAgIC8vIFRyeSBhZ2FpbnN0IGFzIHRoZSBUUCBwYXNzd29yZCByZXNldCBhY2NvdW50XHJcbiAgICBpZiAocGFzc0lkcEFwaVJlc3VsdC50cFBhc3N3b3JkUmVzZXQpIHtcclxuICAgICAgdHJ5IHtcclxuICAgICAgICAvLyBUUCBwYXNzd29yZCByZXNldCBpcyBpbiBwcm9jZXNzLiBXZSBuZWVkIHRvIHRyeSB0aGUgcGFzc3dvcmQgYWdhaW5zdCBib3RoXHJcbiAgICAgICAgLy8gb3JpZ2luYWwgYWNjb3VudCBhbmQgdGhlIG5ldyByZXNldCBhY2NvdW50LlxyXG4gICAgICAgIGNvbnN0IHJlc2V0ID0gcGFzc0lkcEFwaVJlc3VsdC50cFBhc3N3b3JkUmVzZXQ7XHJcbiAgICAgICAgY29uc3QgcmV0ID0gYXdhaXQgdGhpcy5sb2dpbklkcEltcGwoXHJcbiAgICAgICAgICByZXNldC5yZXNldFVzZXJuYW1lLFxyXG4gICAgICAgICAgcGFzc3dvcmQsXHJcbiAgICAgICAgICByZXNldC5wYXNzSWRwUGFyYW1zLFxyXG4gICAgICAgICAgUmVjb3ZlcnlTdGF0dXMuTk9ORVxyXG4gICAgICAgICk7XHJcbiAgICAgICAgcmV0LmlzVHBQYXNzd29yZFJlc2V0VXNlciA9IHRydWU7XHJcblxyXG4gICAgICAgIHJldHVybiByZXQ7XHJcbiAgICAgIH0gY2F0Y2ggKGVycikge1xyXG4gICAgICAgIC8vIGNvbnRpbnVlLCB0cnkgYWdhaW4gYXMgcmVndWxhciB1c2VyLlxyXG4gICAgICB9XHJcbiAgICB9XHJcblxyXG4gICAgLy8gTG9naW4gYXMgcmVndWxhciB1c2VyXHJcbiAgICByZXR1cm4gYXdhaXQgdGhpcy5sb2dpbklkcEltcGwoXHJcbiAgICAgIGVtYWlsT3JQaG9uZSxcclxuICAgICAgcGFzc3dvcmQsXHJcbiAgICAgIHBhc3NJZHBBcGlSZXN1bHQuY3VycmVudFBhc3NJZHBQYXJhbXMsXHJcbiAgICAgIFJlY292ZXJ5U3RhdHVzLk5PTkVcclxuICAgICk7XHJcbiAgfVxyXG5cclxuICBwcm90ZWN0ZWQgYXN5bmMgaGFuZGxlU2Vzc2lvbkVuY3J5cHRpb25LZXkoKSB7XHJcbiAgICBpZiAodGhpcy5jb25maWcuZGlzYWJsZVNlc3Npb25FbmNyeXB0aW9uS2V5KSB7XHJcbiAgICAgIGlmICghaXNEZXZNb2RlKCkpIHtcclxuICAgICAgICBjb25zdCBtc2cgPVxyXG4gICAgICAgICAgJ1lvdSBzaG91bGQgbm90IHNldCBkaXNhYmxlU2Vzc2lvbkVuY3J5cHRpb25LZXk9VHJ1ZSBpbiBtb2RlIHByb2QuIEl0IGRlZmF1bHRzIHRvIGZhbHNlLic7XHJcbiAgICAgICAgY29uc29sZS5lcnJvcihtc2cpO1xyXG4gICAgICAgIHRocm93IG5ldyBFcnJvcihtc2cpO1xyXG4gICAgICB9IGVsc2Uge1xyXG4gICAgICAgIGNvbnNvbGUud2FybihcclxuICAgICAgICAgICdZb3UgaGF2ZSBzZXQgZGlzYWJsZVNlc3Npb25FbmNyeXB0aW9uS2V5PVRydWUuIE1ha2Ugc3VyZSBub3QgdG8gZG8gdGhpcyBpbiBwcm9kIG1vZGUuJ1xyXG4gICAgICAgICk7XHJcbiAgICAgIH1cclxuICAgIH0gZWxzZSB7XHJcbiAgICAgIC8vIFNldCB0aGUgc2Vzc2lvbiBrZXkgdG8gYSBuZXcgZW5jcnlwdGlvbiBrZXkgZm9yIHRoaXMgc2Vzc2lvblxyXG4gICAgICBjb25zdCBzZXNzaW9uRW5jcnlwdGlvbktleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcclxuICAgICAgYXdhaXQgdGhpcy5sckdyYXBoUUwubHJNdXRhdGUoXHJcbiAgICAgICAgbmV3IExyTXV0YXRpb24oe1xyXG4gICAgICAgICAgbXV0YXRpb246IFNldFNlc3Npb25FbmNyeXB0aW9uS2V5TXV0YXRpb24sXHJcbiAgICAgICAgICB2YXJpYWJsZXM6IHtcclxuICAgICAgICAgICAgaW5wdXQ6IHtcclxuICAgICAgICAgICAgICBzZXNzaW9uRW5jcnlwdGlvbktleTogSlNPTi5zdHJpbmdpZnkoXHJcbiAgICAgICAgICAgICAgICBzZXNzaW9uRW5jcnlwdGlvbktleS50b0pTT04odHJ1ZSlcclxuICAgICAgICAgICAgICApLFxyXG4gICAgICAgICAgICB9LFxyXG4gICAgICAgICAgfSxcclxuICAgICAgICB9KSxcclxuICAgICAgICB7XHJcbiAgICAgICAgICBpbmNsdWRlS2V5R3JhcGg6IGZhbHNlLFxyXG4gICAgICAgIH1cclxuICAgICAgKTtcclxuXHJcbiAgICAgIHRoaXMucGVyc2lzdFNlcnZpY2Uuc2V0U2VydmVyU2Vzc2lvbkVuY3J5cHRpb25LZXkoc2Vzc2lvbkVuY3J5cHRpb25LZXkpO1xyXG4gICAgfVxyXG4gIH1cclxuXHJcbiAgcHJvdGVjdGVkIGFzeW5jIGhhbmRsZVBvc3RBdXRoKGNvZ25pdG9Vc2VyOiBDb2duaXRvQ2hhbGxlbmdlVXNlcikge1xyXG4gICAgYXdhaXQgdGhpcy5oYW5kbGVQYXNzd29yZFJlY292ZXJ5KGNvZ25pdG9Vc2VyKTtcclxuICAgIGF3YWl0IHRoaXMuaGFuZGxlU2Vzc2lvbkVuY3J5cHRpb25LZXkoKTtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyBsb2dpbihcclxuICAgIGVtYWlsT3JQaG9uZTogc3RyaW5nLFxyXG4gICAgcGFzc3dvcmQ6IHN0cmluZyxcclxuICAgIHsgdHBQYXNzd29yZFJlc2V0QXV0b0NvbXBsZXRlID0gdHJ1ZSB9OiBMb2dpbk9wdGlvbnMgPSB7fVxyXG4gICkge1xyXG4gICAgbGV0IGxvZ2luUmVzdWx0ID0gYXdhaXQgdGhpcy5sb2dpbkltcGwoZW1haWxPclBob25lLCBwYXNzd29yZCk7XHJcblxyXG4gICAgaWYgKFxyXG4gICAgICB0cFBhc3N3b3JkUmVzZXRBdXRvQ29tcGxldGUgJiZcclxuICAgICAgbG9naW5SZXN1bHQucmVzZXRVc2VyPy5zdGF0ZSA9PT0gVHBDbGFpbVN0YXRlLkFQUFJPVkVEXHJcbiAgICApIHtcclxuICAgICAgYXdhaXQgdGhpcy5jb21wbGV0ZVJlcXVlc3QocGFzc3dvcmQpO1xyXG4gICAgICBsb2dpblJlc3VsdCA9IGF3YWl0IHRoaXMubG9naW5JbXBsKGVtYWlsT3JQaG9uZSwgcGFzc3dvcmQpO1xyXG4gICAgfVxyXG5cclxuICAgIHJldHVybiBsb2dpblJlc3VsdDtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyBsb2dpbkltcGwoXHJcbiAgICBlbWFpbE9yUGhvbmU6IHN0cmluZyxcclxuICAgIHBhc3N3b3JkOiBzdHJpbmdcclxuICApOiBQcm9taXNlPExvZ2luUmVzdWx0PiB7XHJcbiAgICBhd2FpdCB0aGlzLmxvZ291dCgpO1xyXG4gICAgY29uc3QgY29nbml0b1VzZXIgPSBhd2FpdCB0aGlzLmxvZ2luSWRwKGVtYWlsT3JQaG9uZSwgcGFzc3dvcmQpO1xyXG5cclxuICAgIC8vIHRvZG86IE1lZXQgTUZBIGNoYWxsZW5nZXMuXHJcbiAgICBpZiAoWydTTVNfTUZBJywgJ1NPRlRXQVJFX1RPS0VOX01GQSddLmluY2x1ZGVzKGNvZ25pdG9Vc2VyLmNoYWxsZW5nZU5hbWUpKSB7XHJcbiAgICAgIHJldHVybiB7IGhhc0NoYWxsZW5nZTogdHJ1ZSwgY2hhbGxlbmdlOiBjb2duaXRvVXNlciB9O1xyXG4gICAgfVxyXG5cclxuICAgIGF3YWl0IHRoaXMuaGFuZGxlUG9zdEF1dGgoY29nbml0b1VzZXIpO1xyXG5cclxuICAgIGlmIChjb2duaXRvVXNlci5pc1RwUGFzc3dvcmRSZXNldFVzZXIpIHtcclxuICAgICAgLy8gQXNzdW1pbmcgdGhlcmUgaXMgbm8gTUZBIG9uIHRoZSBUUCByZXNldCB1c2VyLlxyXG4gICAgICBjb25zdCByZXNldFVzZXIgPSBhd2FpdCB0aGlzLmxvYWRSZXNldFVzZXIocGFzc3dvcmQpO1xyXG4gICAgICByZXR1cm4geyBoYXNDaGFsbGVuZ2U6IGZhbHNlLCByZXNldFVzZXIgfTtcclxuICAgIH0gZWxzZSB7XHJcbiAgICAgIGNvbnN0IHVzZXIgPSBhd2FpdCB0aGlzLmxvYWRVc2VyKGNvZ25pdG9Vc2VyLCBwYXNzd29yZCk7XHJcbiAgICAgIGF3YWl0IHRoaXMuaWRsZVNlcnZpY2Uuc3RhcnQoKTsgLy8gUnVuIGlkbGVTZXJ2aWNlIHdoZW5ldmVyIHVzZXIgaXMgbG9nZ2VkIGluLlxyXG4gICAgICByZXR1cm4geyBoYXNDaGFsbGVuZ2U6IGZhbHNlLCB1c2VyIH07XHJcbiAgICB9XHJcbiAgfVxyXG5cclxuICAvLyBUT0RPIDxBWj4gV2UgbmVlZCB0byBoYW5kbGUgdGhlIGlzVHBQYXNzd29yZFJlc2V0VXNlcj1UcnVlIGNhc2UgaGVyZSBhZnRlciBNRkEgYXMgd2VsbC5cclxuICBwdWJsaWMgYXN5bmMgdmVyaWZ5TG9naW4oXHJcbiAgICBjaGFsbGVuZ2U6IENvZ25pdG9DaGFsbGVuZ2VVc2VyLFxyXG4gICAgcGFzc3dvcmQ6IHN0cmluZyxcclxuICAgIHJlbWVtYmVyTWU6IGJvb2xlYW4sXHJcbiAgICBjb2RlOiBzdHJpbmdcclxuICApOiBQcm9taXNlPEN1cnJlbnRVc2VyPiB7XHJcbiAgICBhd2FpdCB0aGlzLmF1dGguY29uZmlybVNpZ25JbihjaGFsbGVuZ2UsIGNvZGUsIGNoYWxsZW5nZS5jaGFsbGVuZ2VOYW1lKTtcclxuXHJcbiAgICAvLyBUT0RPOiB0aGlzLmF1dGguY29uZmlybVNpZ25JbigpIGNvdWxkIHJldHVybiBhbm90aGVyIGNoYWxsZW5nZS5cclxuXHJcbiAgICBjb25zdCBjb2duaXRvVXNlcjogQ29nbml0b1VzZXIgPSBhd2FpdCB0aGlzLmF1dGguY3VycmVudEF1dGhlbnRpY2F0ZWRVc2VyKCk7XHJcblxyXG4gICAgYXdhaXQgdGhpcy5oYW5kbGVQb3N0QXV0aChjaGFsbGVuZ2UpO1xyXG5cclxuICAgIGNvbnN0IHVzZXIgPSBhd2FpdCB0aGlzLmxvYWRVc2VyKGNvZ25pdG9Vc2VyLCBwYXNzd29yZCk7XHJcblxyXG4gICAgaWYgKHJlbWVtYmVyTWUpIHtcclxuICAgICAgY29nbml0b1VzZXIuc2V0RGV2aWNlU3RhdHVzUmVtZW1iZXJlZCh7XHJcbiAgICAgICAgb25TdWNjZXNzOiAoKSA9PiB7fSxcclxuICAgICAgICBvbkZhaWx1cmU6IChlKSA9PiBjb25zb2xlLmVycm9yKGUpLFxyXG4gICAgICB9KTtcclxuICAgIH1cclxuXHJcbiAgICByZXR1cm4gdXNlcjtcclxuICB9XHJcblxyXG4gIGFzeW5jIGhhbmRsZVBhc3N3b3JkUmVjb3ZlcnkodXNlcjogQ29nbml0b0NoYWxsZW5nZVVzZXIpIHtcclxuICAgIGlmICh1c2VyLnJlY292ZXJ5U3RhdHVzICE9PSBSZWNvdmVyeVN0YXR1cy5OT05FKSB7XHJcbiAgICAgIGNvbnN0IGp3dFRva2VuID0gdXNlclxyXG4gICAgICAgIC5nZXRTaWduSW5Vc2VyU2Vzc2lvbigpXHJcbiAgICAgICAgLmdldEFjY2Vzc1Rva2VuKClcclxuICAgICAgICAuZ2V0Snd0VG9rZW4oKTtcclxuICAgICAgYXdhaXQgdGhpcy5wYXNzd29yZFNlcnZpY2UuY2hhbmdlUGFzc3dvcmRDb21wbGV0ZShcclxuICAgICAgICBqd3RUb2tlbixcclxuICAgICAgICB1c2VyLnJlY292ZXJ5U3RhdHVzID09PSBSZWNvdmVyeVN0YXR1cy5ORVdfUEFTU1dPUkRcclxuICAgICAgKTtcclxuICAgIH1cclxuICB9XHJcblxyXG4gIGFzeW5jIGdldFVzZXJPclJlc2V0VXNlcihcclxuICAgIHJlbG9hZDogYm9vbGVhbiA9IGZhbHNlXHJcbiAgKTogUHJvbWlzZTxDdXJyZW50VXNlciB8IFRwUGFzc3dvcmRSZXNldFVzZXI+IHtcclxuICAgIGNvbnN0IGNvZ25pdG9Vc2VyID0gYXdhaXQgdGhpcy5hdXRoLmN1cnJlbnRBdXRoZW50aWNhdGVkVXNlcigpO1xyXG5cclxuICAgIGlmIChjb2duaXRvVXNlci5nZXRVc2VybmFtZSgpLmVuZHNXaXRoKFRQX1BBU1NXT1JEX1JFU0VUX1VTRVJOQU1FX1NVRkZJWCkpIHtcclxuICAgICAgcmV0dXJuIHRoaXMuZ2V0UmVzZXRVc2VyKHJlbG9hZCk7XHJcbiAgICB9IGVsc2Uge1xyXG4gICAgICByZXR1cm4gdGhpcy5nZXRVc2VyKHJlbG9hZCk7XHJcbiAgICB9XHJcbiAgfVxyXG5cclxuICBhc3luYyBnZXRSZXNldFVzZXIocmVsb2FkOiBib29sZWFuID0gZmFsc2UpOiBQcm9taXNlPFRwUGFzc3dvcmRSZXNldFVzZXI+IHtcclxuICAgIGlmICghcmVsb2FkICYmIHRoaXMuY3VycmVudFJlc2V0VXNlcikge1xyXG4gICAgICByZXR1cm4gdGhpcy5jdXJyZW50UmVzZXRVc2VyO1xyXG4gICAgfVxyXG5cclxuICAgIHRoaXMuY3VycmVudFJlc2V0VXNlciA9IGF3YWl0IHRoaXMubG9hZFJlc2V0VXNlcigpO1xyXG5cclxuICAgIGF3YWl0IHRoaXMuaWRsZVNlcnZpY2Uuc3RhcnQoKTsgLy8gUnVuIGlkbGVTZXJ2aWNlIHdoZW5ldmVyIHVzZXIgaXMgbG9nZ2VkIGluLlxyXG5cclxuICAgIHJldHVybiB0aGlzLmN1cnJlbnRSZXNldFVzZXI7XHJcbiAgfVxyXG5cclxuICBhc3luYyBnZXRVc2VyKHJlbG9hZDogYm9vbGVhbiA9IGZhbHNlKTogUHJvbWlzZTxDdXJyZW50VXNlcj4ge1xyXG4gICAgaWYgKCFyZWxvYWQgJiYgdGhpcy5jdXJyZW50VXNlcikge1xyXG4gICAgICByZXR1cm4gdGhpcy5jdXJyZW50VXNlcjtcclxuICAgIH1cclxuICAgIHRoaXMuY3VycmVudFVzZXIgPSBhd2FpdCB0aGlzLmxvYWRVc2VyKFxyXG4gICAgICBhd2FpdCB0aGlzLmF1dGguY3VycmVudEF1dGhlbnRpY2F0ZWRVc2VyKClcclxuICAgICk7XHJcbiAgICBjb25zb2xlLmxvZygnU3RhcnRpbmcgaWRsZSBzZXJ2aWNlLicpO1xyXG4gICAgYXdhaXQgdGhpcy5pZGxlU2VydmljZS5zdGFydCgpOyAvLyBSdW4gaWRsZVNlcnZpY2Ugd2hlbmV2ZXIgdXNlciBpcyBsb2dnZWQgaW4uXHJcbiAgICByZXR1cm4gdGhpcy5jdXJyZW50VXNlcjtcclxuICB9XHJcblxyXG4gIHByaXZhdGUgbWFwVFBWYXVsdEFjY2VzcyhmZWF0dXJlcz86IGFueSk6IGJvb2xlYW4ge1xyXG4gICAgY29uc3QgdHBWYXVsdEZlYXR1cmUgPSBmZWF0dXJlcz8udHBWYXVsdDtcclxuICAgIHJldHVybiAoXHJcbiAgICAgIHRwVmF1bHRGZWF0dXJlPy5sZW5ndGggPiAwICYmXHJcbiAgICAgIHRwVmF1bHRGZWF0dXJlLnNvbWUoKGZlYXR1cmUpID0+IGZlYXR1cmUudG9VcHBlckNhc2UoKSA9PT0gJ0FDQ0VTUycpXHJcbiAgICApO1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBhc3luYyBsb2FkVXNlcihcclxuICAgIGNvZ25pdG9Vc2VyOiBDb2duaXRvVXNlcixcclxuICAgIHBhc3N3b3JkPzogc3RyaW5nXHJcbiAgKTogUHJvbWlzZTxDdXJyZW50VXNlcj4ge1xyXG4gICAgY29uc3Qge1xyXG4gICAgICBjdXJyZW50VXNlcixcclxuICAgICAgY29udGFjdENhcmQsXHJcbiAgICAgIHVzZXJQbGFucyxcclxuICAgIH0gPSBhd2FpdCB0aGlzLnByb2ZpbGVTZXJ2aWNlLmdldEN1cnJlbnRVc2VyKCk7XHJcblxyXG4gICAgaWYgKGN1cnJlbnRVc2VyLnNlc3Npb25FbmNyeXB0aW9uS2V5KSB7XHJcbiAgICAgIHRoaXMucGVyc2lzdFNlcnZpY2Uuc2V0U2VydmVyU2Vzc2lvbkVuY3J5cHRpb25LZXkoXHJcbiAgICAgICAgYXdhaXQgSldLLmFzS2V5KGN1cnJlbnRVc2VyLnNlc3Npb25FbmNyeXB0aW9uS2V5KVxyXG4gICAgICApO1xyXG4gICAgfVxyXG5cclxuICAgIGNvbnN0IHVzZXJBdHRyaWJ1dGVzID0gYXdhaXQgdGhpcy5hdXRoLnVzZXJBdHRyaWJ1dGVzKGNvZ25pdG9Vc2VyKTtcclxuXHJcbiAgICBpZiAocGFzc3dvcmQpIHtcclxuICAgICAgY29uc3QgcGFzc0tleSA9IChcclxuICAgICAgICBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlUGFzc0tleSh7XHJcbiAgICAgICAgICBwYXNzd29yZCxcclxuICAgICAgICAgIC4uLmN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5LnBhc3NLZXkucGFzc0tleVBhcmFtcyxcclxuICAgICAgICB9KVxyXG4gICAgICApLmp3aztcclxuXHJcbiAgICAgIGF3YWl0IHRoaXMuaWRsZVNlcnZpY2UucGVyc2lzdE1hc3RlcktleShcclxuICAgICAgICBhd2FpdCB0aGlzLmtleUdyYXBoU2VydmljZS51bndyYXBXaXRoUGFzc0tleShcclxuICAgICAgICAgIGN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5LnBhc3NLZXkuaWQsXHJcbiAgICAgICAgICBwYXNzS2V5LFxyXG4gICAgICAgICAgY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkubWFzdGVyS2V5LmlkXHJcbiAgICAgICAgKVxyXG4gICAgICApO1xyXG4gICAgfVxyXG4gICAgYXdhaXQgdGhpcy5rZXlHcmFwaFNlcnZpY2UucG9wdWxhdGVLZXlzKGN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5KTtcclxuXHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBpZDogY3VycmVudFVzZXIuaWQsXHJcbiAgICAgIHN1YjogdGhpcy5nZXRVc2VyQXR0cmlidXRlKCdzdWInLCB1c2VyQXR0cmlidXRlcyksXHJcbiAgICAgIHVzZXJuYW1lOiBjdXJyZW50VXNlci51c2VybmFtZSxcclxuICAgICAgY3VycmVudFVzZXJLZXk6IGN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5LFxyXG4gICAgICBnZXRBY2Nlc3NKd3RUb2tlbjogKCkgPT5cclxuICAgICAgICBjb2duaXRvVXNlci5nZXRTaWduSW5Vc2VyU2Vzc2lvbigpLmdldEFjY2Vzc1Rva2VuKCkuZ2V0Snd0VG9rZW4oKSxcclxuICAgICAgZW1haWw6IHRoaXMuZ2V0VXNlckF0dHJpYnV0ZSgnZW1haWwnLCB1c2VyQXR0cmlidXRlcyksXHJcbiAgICAgIGVtYWlsVmVyaWZpZWQ6XHJcbiAgICAgICAgdGhpcy5nZXRVc2VyQXR0cmlidXRlKCdlbWFpbF92ZXJpZmllZCcsIHVzZXJBdHRyaWJ1dGVzKSA9PT0gJ3RydWUnLFxyXG4gICAgICBwaG9uZTogdGhpcy5nZXRVc2VyQXR0cmlidXRlKCdwaG9uZV9udW1iZXInLCB1c2VyQXR0cmlidXRlcyksXHJcbiAgICAgIHBob25lVmVyaWZpZWQ6XHJcbiAgICAgICAgdGhpcy5nZXRVc2VyQXR0cmlidXRlKCdwaG9uZV9udW1iZXJfdmVyaWZpZWQnLCB1c2VyQXR0cmlidXRlcykgPT09XHJcbiAgICAgICAgJ3RydWUnLFxyXG4gICAgICBjb250YWN0Q2FyZDoge1xyXG4gICAgICAgIC4uLihhd2FpdCB0aGlzLnByb2ZpbGVTZXJ2aWNlLmRlY3J5cHRDb250YWN0Q2FyZChjb250YWN0Q2FyZCkpLFxyXG4gICAgICB9LFxyXG4gICAgICB1c2VyRGVsZXRlOiBjdXJyZW50VXNlci51c2VyRGVsZXRlLFxyXG4gICAgICB1c2VyUGxhbnMsXHJcbiAgICAgIGhhc1RQVmF1bHRBY2Nlc3M6IHRoaXMubWFwVFBWYXVsdEFjY2VzcyhjdXJyZW50VXNlci5mZWF0dXJlcyksXHJcbiAgICAgIGZlYXR1cmVzOiBjdXJyZW50VXNlci5mZWF0dXJlcyxcclxuICAgICAgc2Vzc2lvbkVuY3J5cHRpb25LZXk6IGN1cnJlbnRVc2VyLnNlc3Npb25FbmNyeXB0aW9uS2V5LFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIHB1YmxpYyB3YXRjaEF1dGgoKTogT2JzZXJ2YWJsZTxhbnk+IHtcclxuICAgIHJldHVybiB0aGlzLmh1YlN1YmplY3Q7XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgbG9nb3V0KCk6IFByb21pc2U8dm9pZD4ge1xyXG4gICAgdGhpcy5jdXJyZW50VXNlciA9IG51bGw7XHJcbiAgICB0aGlzLmtleVNlcnZpY2UucHVyZ2VLZXlzKCk7XHJcbiAgICB0aGlzLmtleUdyYXBoU2VydmljZS5wdXJnZUtleXMoKTtcclxuXHJcbiAgICBhd2FpdCBQcm9taXNlLmFsbChbdGhpcy5hdXRoLnNpZ25PdXQoKSwgdGhpcy5wcm9maWxlU2VydmljZS5zaWduT3V0KCldKTtcclxuICB9XHJcblxyXG4gIHByaXZhdGUgZ2V0VXNlckF0dHJpYnV0ZShcclxuICAgIGF0dHJpYnV0ZU5hbWU6IHN0cmluZyxcclxuICAgIHVzZXJBdHRyaWJ1dGVzOiBDb2duaXRvVXNlckF0dHJpYnV0ZVtdXHJcbiAgKSB7XHJcbiAgICBjb25zdCB1c2VyQXR0cmlidXRlID0gdXNlckF0dHJpYnV0ZXMuZmluZChcclxuICAgICAgKHgpID0+IHguZ2V0TmFtZSgpID09PSBhdHRyaWJ1dGVOYW1lXHJcbiAgICApO1xyXG5cclxuICAgIHJldHVybiB1c2VyQXR0cmlidXRlID8gdXNlckF0dHJpYnV0ZS5nZXRWYWx1ZSgpIDogbnVsbDtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyBsb2FkUmVzZXRVc2VyKHBhc3N3b3JkPzogc3RyaW5nKTogUHJvbWlzZTxUcFBhc3N3b3JkUmVzZXRVc2VyPiB7XHJcbiAgICBjb25zdCB7IHRwUGFzc3dvcmRSZXNldFVzZXI6IHJlc2V0VXNlciB9ID0gYXdhaXQgdGhpcy5sckdyYXBoUUwucXVlcnkoe1xyXG4gICAgICBxdWVyeTogVHBQYXNzd29yZFJlc2V0VXNlclF1ZXJ5LFxyXG4gICAgfSk7XHJcblxyXG4gICAgaWYgKHJlc2V0VXNlci5zZXNzaW9uRW5jcnlwdGlvbktleSkge1xyXG4gICAgICB0aGlzLnBlcnNpc3RTZXJ2aWNlLnNldFNlcnZlclNlc3Npb25FbmNyeXB0aW9uS2V5KFxyXG4gICAgICAgIGF3YWl0IEpXSy5hc0tleShyZXNldFVzZXIuc2Vzc2lvbkVuY3J5cHRpb25LZXkpXHJcbiAgICAgICk7XHJcbiAgICB9XHJcblxyXG4gICAgLy8gVXBkYXRlIHRoZSBrZXlzXHJcbiAgICBpZiAocGFzc3dvcmQpIHtcclxuICAgICAgY29uc3QgcGFzc0tleSA9IChcclxuICAgICAgICBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlUGFzc0tleSh7XHJcbiAgICAgICAgICBwYXNzd29yZCxcclxuICAgICAgICAgIC4uLnJlc2V0VXNlci5wYXNzS2V5LnBhc3NLZXlQYXJhbXMsXHJcbiAgICAgICAgfSlcclxuICAgICAgKS5qd2s7XHJcblxyXG4gICAgICBhd2FpdCB0aGlzLmlkbGVTZXJ2aWNlLnBlcnNpc3RNYXN0ZXJLZXkoXHJcbiAgICAgICAgYXdhaXQgdGhpcy5rZXlHcmFwaFNlcnZpY2UudW53cmFwV2l0aFBhc3NLZXkoXHJcbiAgICAgICAgICByZXNldFVzZXIucGFzc0tleS5pZCxcclxuICAgICAgICAgIHBhc3NLZXksXHJcbiAgICAgICAgICByZXNldFVzZXIubWFzdGVyS2V5LmlkXHJcbiAgICAgICAgKVxyXG4gICAgICApO1xyXG4gICAgfVxyXG5cclxuICAgIHRoaXMua2V5U2VydmljZS5wb3B1bGF0ZUtleXMoe1xyXG4gICAgICBwYXNzS2V5OiB7XHJcbiAgICAgICAgaWQ6IHJlc2V0VXNlci5wYXNzS2V5LmlkLFxyXG4gICAgICB9LFxyXG4gICAgICBtYXN0ZXJLZXk6IHtcclxuICAgICAgICBpZDogcmVzZXRVc2VyLm1hc3RlcktleS5pZCxcclxuICAgICAgfSxcclxuICAgIH0pO1xyXG5cclxuICAgIGNvbnN0IHVzZXJBdHRyaWJ1dGVzID0gYXdhaXQgdGhpcy5hdXRoLnVzZXJBdHRyaWJ1dGVzKFxyXG4gICAgICBhd2FpdCB0aGlzLmF1dGguY3VycmVudEF1dGhlbnRpY2F0ZWRVc2VyKClcclxuICAgICk7XHJcbiAgICBjb25zdCBzdWIgPSB0aGlzLmdldFVzZXJBdHRyaWJ1dGUoJ3N1YicsIHVzZXJBdHRyaWJ1dGVzKTtcclxuXHJcbiAgICByZXR1cm4ge1xyXG4gICAgICAuLi4oYXdhaXQgdGhpcy50cFBhc3N3b3JkUmVzZXRQcm9jZXNzb3JTZXJ2aWNlLnByb2Nlc3NUcFBhc3N3b3JkUmVzZXRVc2VyTm9kZShcclxuICAgICAgICByZXNldFVzZXJcclxuICAgICAgKSksXHJcbiAgICAgIHN1YixcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgcmVmcmVzaEFjY2Vzc1Rva2VuKCkge1xyXG4gICAgY29uc3QgY29nbml0b1VzZXI6IENvZ25pdG9Vc2VyID0gYXdhaXQgdGhpcy5hdXRoLmN1cnJlbnRBdXRoZW50aWNhdGVkVXNlcigpO1xyXG4gICAgY29uc3QgcmVmcmVzaFRva2VuID0gY29nbml0b1VzZXIuZ2V0U2lnbkluVXNlclNlc3Npb24oKS5nZXRSZWZyZXNoVG9rZW4oKTtcclxuXHJcbiAgICByZXR1cm4gbmV3IFByb21pc2UoKHJlc29sdmUsIHJlamVjdCkgPT4ge1xyXG4gICAgICBjb2duaXRvVXNlci5yZWZyZXNoU2Vzc2lvbihyZWZyZXNoVG9rZW4sIChlcnIsIGRhdGEpID0+IHtcclxuICAgICAgICBpZiAoZXJyKSB7XHJcbiAgICAgICAgICBjb25zb2xlLmVycm9yKCdFcnJvciByZWZyZXNoaW5nIHRva2VuOiAnLCBlcnIpO1xyXG4gICAgICAgICAgcmVqZWN0KGVycik7XHJcbiAgICAgICAgfSBlbHNlIHtcclxuICAgICAgICAgIGNvbnNvbGUubG9nKCdUb2tlbiByZWZyZXNoIGNvbXBsZXRlOiAnLCBkYXRhKTtcclxuICAgICAgICAgIHJlc29sdmUoMCk7XHJcbiAgICAgICAgfVxyXG4gICAgICB9KTtcclxuICAgIH0pO1xyXG4gIH1cclxuXHJcbiAgYXN5bmMgY29tcGxldGVSZXF1ZXN0KG5ld1Bhc3N3b3JkOiBzdHJpbmcpOiBQcm9taXNlPHZvaWQ+IHtcclxuICAgIGNvbnN0IHJlc2V0VXNlciA9IGF3YWl0IHRoaXMuZ2V0UmVzZXRVc2VyKHRydWUpO1xyXG5cclxuICAgIGlmIChyZXNldFVzZXIuc3RhdGUgIT09IFRwQ2xhaW1TdGF0ZS5BUFBST1ZFRCkge1xyXG4gICAgICB0aHJvdyBuZXcgTHJCYWRTdGF0ZUV4Y2VwdGlvbihcclxuICAgICAgICAnUGFzc3dvcmQgcmVzZXQgcmVxdWVzdCBoYXMgbm90IGJlZW4gYXBwcm92ZWQuJ1xyXG4gICAgICApO1xyXG4gICAgfVxyXG5cclxuICAgIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXHJcbiAgICAvLyBQcmVwYXJlIGFsbCBtYXRlcmlhbHMgdG8gZW5zdXJlIHRoZXJlIGFyZSBubyBlcnJvcnMuXHJcbiAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxyXG4gICAgY29uc3QgYXNzZW1ibHlLZXkgPSBhd2FpdCB0aGlzLnJlY292ZXJBc3NlbWJseUtleShyZXNldFVzZXIpO1xyXG5cclxuICAgIGNvbnN0IHsgcm9vdEtleSB9ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxyXG4gICAgICBhc3NlbWJseUtleSxcclxuICAgICAgcmVzZXRVc2VyLmFzc2VtYmx5Q2lwaGVyRGF0YVxyXG4gICAgKTtcclxuICAgIGNvbnNvbGUubG9nKHJvb3RLZXkpO1xyXG5cclxuICAgIC8vIE1ha2luZyBzdXJlIGl0J3MgYSB2YWxpZCBrZXkuXHJcbiAgICBjb25zdCByb290S2V5SndrID0gYXdhaXQgSldLLmFzS2V5KHJvb3RLZXkpO1xyXG5cclxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5R3JhcGhTZXJ2aWNlLmdldEtleShyZXNldFVzZXIubWFzdGVyS2V5LmlkKTtcclxuXHJcbiAgICBjb25zdCBtYXN0ZXJLZXlXcmFwcGVkUm9vdEtleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdFRvU3RyaW5nKFxyXG4gICAgICBtYXN0ZXJLZXkuandrLFxyXG4gICAgICByb290S2V5SndrLnRvSlNPTih0cnVlKVxyXG4gICAgKTtcclxuXHJcbiAgICAvLyBUaGUgbmV3IHBhc3N3b3JkXHJcbiAgICBjb25zdCBuZXdQYXNzSWRwUmVzdWx0ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmRlcml2ZVBhc3NJZHAoe1xyXG4gICAgICBwYXNzd29yZDogbmV3UGFzc3dvcmQsXHJcbiAgICAgIC4uLnJlc2V0VXNlci5wYXNzS2V5LnBhc3NJZHBQYXJhbXMsXHJcbiAgICB9KTtcclxuXHJcbiAgICBjb25zdCBuZXdJZHBQYXNzd29yZCA9IHRoaXMucGFzc3dvcmRTZXJ2aWNlLmdldFBhc3NJZHBTdHJpbmcoXHJcbiAgICAgIG5ld1Bhc3NJZHBSZXN1bHQuandrXHJcbiAgICApO1xyXG5cclxuICAgIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXHJcbiAgICAvLyBHZXQgYXNzZW1ibHkga2V5IGNoYWxsZW5nZVxyXG4gICAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cclxuICAgIGNvbnN0IGNoYWxsZW5nZSA9IChcclxuICAgICAgYXdhaXQgdGhpcy5sckdyYXBoUUwubHJNdXRhdGUoXHJcbiAgICAgICAgbmV3IExyTXV0YXRpb24oe1xyXG4gICAgICAgICAgbXV0YXRpb246IENyZWF0ZVRwQXNzZW1ibHlLZXlDaGFsbGVuZ2VNdXRhdGlvbixcclxuICAgICAgICAgIHZhcmlhYmxlczoge1xyXG4gICAgICAgICAgICBpbnB1dDoge30sXHJcbiAgICAgICAgICB9LFxyXG4gICAgICAgIH0pLFxyXG4gICAgICAgIHtcclxuICAgICAgICAgIGluY2x1ZGVLZXlHcmFwaDogZmFsc2UsXHJcbiAgICAgICAgfVxyXG4gICAgICApXHJcbiAgICApLmNyZWF0ZVRwQXNzZW1ibHlLZXlDaGFsbGVuZ2UuY2hhbGxlbmdlO1xyXG5cclxuICAgIGNvbnNvbGUubG9nKGNoYWxsZW5nZSk7XHJcblxyXG4gICAgLy8gU2lnbiB0aGUgY2hhbGxlbmdlXHJcbiAgICAvLyBHZW5lcmF0ZSBhIGNsaWVudCBzaWRlIG5vbmNlIHRoYXQncyBubyBpbiB0aGUgc2VydmVyJ3MgY29udHJvbC5cclxuICAgIGNoYWxsZW5nZS5jbGllbnROb25jZSA9IHRoaXMua2V5RmFjdG9yeS5yYW5kb21TdHJpbmcoXHJcbiAgICAgIFRQX1BBU1NXT1JEX1JFU0VUX0NMSUVOVF9OT05DRV9MRU5HVEhcclxuICAgICk7XHJcbiAgICBjb25zb2xlLmxvZyhjaGFsbGVuZ2UpO1xyXG5cclxuICAgIGNvbnN0IGFzc2VtYmx5S2V5VmVyaWZpZXJQcmsgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXHJcbiAgICAgIGFzc2VtYmx5S2V5LFxyXG4gICAgICByZXNldFVzZXIud3JhcHBlZEFzc2VtYmx5S2V5VmVyaWZpZXJQcmtcclxuICAgICk7XHJcbiAgICBjb25zdCBzaWduZWRDaGFsbGVuZ2UgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXHJcbiAgICAgIGFzc2VtYmx5S2V5VmVyaWZpZXJQcmssXHJcbiAgICAgIGNoYWxsZW5nZVxyXG4gICAgKTtcclxuXHJcbiAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxyXG4gICAgLy8gQ2hhbmdlIHBhc3N3b3JkIGZvciB0aGUgb3JpZ2luYWwgdXNlclxyXG4gICAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cclxuICAgIGNvbnN0IHRlbXBJZHBQYXNzd29yZCA9IChcclxuICAgICAgYXdhaXQgdGhpcy5sckdyYXBoUUwubHJNdXRhdGUoXHJcbiAgICAgICAgbmV3IExyTXV0YXRpb24oe1xyXG4gICAgICAgICAgbXV0YXRpb246IFByZUNvbXBsZXRlVHBQYXNzd29yZFJlc2V0UmVxdWVzdE11dGF0aW9uLFxyXG4gICAgICAgICAgdmFyaWFibGVzOiB7XHJcbiAgICAgICAgICAgIGlucHV0OiB7XHJcbiAgICAgICAgICAgICAgc2lnbmVkQ2hhbGxlbmdlOiBKU09OLnN0cmluZ2lmeShzaWduZWRDaGFsbGVuZ2UpLFxyXG4gICAgICAgICAgICB9LFxyXG4gICAgICAgICAgfSxcclxuICAgICAgICB9KSxcclxuICAgICAgICB7XHJcbiAgICAgICAgICBpbmNsdWRlS2V5R3JhcGg6IGZhbHNlLFxyXG4gICAgICAgIH1cclxuICAgICAgKVxyXG4gICAgKS5wcmVDb21wbGV0ZVRwUGFzc3dvcmRSZXNldFJlcXVlc3QuaWRwUGFzc3dvcmQ7XHJcblxyXG4gICAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cclxuICAgIC8vIExvZ2luIGFzIHRoZSBvcmlnaW5hbCB1c2VyIHVzaW5nIG5ldyB0ZW1wb3JhcnkgcGFzc3dvcmRcclxuICAgIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXHJcbiAgICAvLyBBdCB0aGlzIHBvaW50LCB0aGUgb3JpZ2luYWwgYWNjb3VudCdzIHBhc3N3b3JkIGhhcyBiZWVuIGNoYW5nZWRcclxuICAgIC8vIHRvIGEgdGVtcG9yYXJ5IHBhc3N3b3JkLiBJdCBpcyBubyBsb25nZXIgcG9zc2libGUgZm9yIHRoZSB1c2VyXHJcbiAgICAvLyB0byB1c2UgdGhlIG9yaWdpbmFsIHBhc3N3b3JkIHRvIGxvZ2luLiBBbnkgc3VjY2Vzc2Z1bCBsb2dpblxyXG4gICAgLy8gY2FuIG9ubHkgYmUgdXNpbmcgdGhlIHRlbXBvcmFyeSBwYXNzd29yZC4gU28gaXQncyBzYWZlIHRvIGFzc3VtZVxyXG4gICAgLy8gdGhhdCB3ZSB3YW50IHRvIFwiY29tcGxldGVcIiB0aGUgcGFzc3dvcmQgcmVzZXQuXHJcblxyXG4gICAgLy8gVGhlIG1heWJlIDJGQSBzbyB3ZSBsaXN0ZW4gZm9yIHRoZSBhdXRoIGV2ZW50IGZyb20gQW1wbGlmeS5cclxuICAgIGNvbnN0IHJldFByb21pc2UgPSBuZXcgUHJvbWlzZTx2b2lkPigocmVzb2x2ZSkgPT4ge1xyXG4gICAgICBjb25zdCBsaXN0ZW5lciA9IGFzeW5jIChkYXRhKSA9PiB7XHJcbiAgICAgICAgaWYgKGRhdGEucGF5bG9hZC5ldmVudCAhPT0gJ3NpZ25JbicpIHtcclxuICAgICAgICAgIHJldHVybjtcclxuICAgICAgICB9XHJcblxyXG4gICAgICAgIEh1Yi5yZW1vdmUoJ2F1dGgnLCBsaXN0ZW5lcik7XHJcblxyXG4gICAgICAgIGNvbnNvbGUubG9nKGRhdGEucGF5bG9hZCk7XHJcblxyXG4gICAgICAgIGF3YWl0IHRoaXMuYXV0aC5zaWduSW4ocmVzZXRVc2VyLnVzZXJuYW1lLCBuZXdJZHBQYXNzd29yZCk7XHJcblxyXG4gICAgICAgIC8vIFN3aXRjaCBvdmVyIHRvIHRoZSBuZXcgc2V0IG9mIGtleXNcclxuICAgICAgICBhd2FpdCB0aGlzLmxyR3JhcGhRTC5sck11dGF0ZShcclxuICAgICAgICAgIG5ldyBMck11dGF0aW9uKHtcclxuICAgICAgICAgICAgbXV0YXRpb246IENvbXBsZXRlVHBQYXNzd29yZFJlc2V0UmVxdWVzdE11dGF0aW9uLFxyXG4gICAgICAgICAgICB2YXJpYWJsZXM6IHtcclxuICAgICAgICAgICAgICBpbnB1dDoge1xyXG4gICAgICAgICAgICAgICAgbWFzdGVyS2V5V3JhcHBlZFJvb3RLZXksXHJcbiAgICAgICAgICAgICAgICBtYXN0ZXJLZXlJZDogbWFzdGVyS2V5LmlkLFxyXG4gICAgICAgICAgICAgIH0sXHJcbiAgICAgICAgICAgIH0sXHJcbiAgICAgICAgICB9KVxyXG4gICAgICAgICk7XHJcblxyXG4gICAgICAgIHJlc29sdmUoKTtcclxuICAgICAgfTtcclxuXHJcbiAgICAgIEh1Yi5saXN0ZW4oJ2F1dGgnLCBsaXN0ZW5lcik7XHJcbiAgICB9KTtcclxuXHJcbiAgICAvLyBTaWduaW4gYXMgdGhlIG9yaWdpbmFsIHVzZXIuIFBhc3N3b3JkIGhhcyBiZWVuIHJlc2V0IHRvIHRlbXBvcmFyeSBvbmUuIEl0IHNob3VsZCByZXR1cm5cclxuICAgIC8vIHdpdGggTkVXX1BBU1NXT1JEX1JFUVVJUkVEXHJcbiAgICBsZXQgdXNlciA9IGF3YWl0IHRoaXMuYXV0aC5zaWduSW4ocmVzZXRVc2VyLnVzZXJuYW1lLCB0ZW1wSWRwUGFzc3dvcmQsIHtcclxuICAgICAgbm9Qcm94eTogJ3RydWUnLFxyXG4gICAgfSk7XHJcblxyXG4gICAgaWYgKHVzZXIuY2hhbGxlbmdlTmFtZSAhPT0gJ05FV19QQVNTV09SRF9SRVFVSVJFRCcpIHtcclxuICAgICAgdGhyb3cgbmV3IExyRXhjZXB0aW9uKHtcclxuICAgICAgICBtZXNzYWdlOlxyXG4gICAgICAgICAgJ0ludGVybmFsIGVycm9yLiBFeHBlY3RpbmcgQ29nbml0byB0byBoYXZlIGRvbmUgYSBwYXNzd29yZCByZXNldCBhZnRlciBjYWxsIHRvIFByZUNvbXBsZXRlVHBQYXNzd29yZFJlc2V0UmVxdWVzdE11dGF0aW9uLicsXHJcbiAgICAgIH0pO1xyXG4gICAgfVxyXG5cclxuICAgIC8vIFNldCBuZXcgcGFzc3dvcmQgb24gSWRwXHJcbiAgICAvLyB0aGUgYXdzRmV0Y2goKSBmdW5jdGlvbiBwYXNzZXMgTkVXX1BBU1NXT1JEX1JFUVVJUkVEIGRpcmVjdGx5IHRvIEFXUyB3aXRob3V0XHJcbiAgICAvLyBnb2luZyB0aHJvdWdoIHRoZSBwcm94eS5cclxuICAgIHVzZXIgPSBhd2FpdCB0aGlzLmF1dGguY29tcGxldGVOZXdQYXNzd29yZCh1c2VyLCBuZXdJZHBQYXNzd29yZCwge30pO1xyXG5cclxuICAgIHJldHVybiByZXRQcm9taXNlO1xyXG4gIH1cclxuXHJcbiAgcHJpdmF0ZSBhc3luYyByZWNvdmVyQXNzZW1ibHlLZXkoXHJcbiAgICByZXNldFVzZXI6IFRwUGFzc3dvcmRSZXNldFVzZXJOb2RlXHJcbiAgKTogUHJvbWlzZTxKV0suS2V5PiB7XHJcbiAgICBjb25zdCBwcmsgPSBhd2FpdCB0aGlzLmtleUdyYXBoU2VydmljZS5nZXRLZXkocmVzZXRVc2VyLnB4ay5pZCk7XHJcblxyXG4gICAgY29uc3QgcGFydGlhbHMgPSBhd2FpdCBQcm9taXNlLmFsbChcclxuICAgICAgcmVzZXRVc2VyLmFwcHJvdmFsc1xyXG4gICAgICAgIC5maWx0ZXIoKGFwcHJvdmFsKSA9PiAhIWFwcHJvdmFsLnJlY2VpdmVyQ2lwaGVyUGFydGlhbEFzc2VtYmx5S2V5KVxyXG4gICAgICAgIC5tYXAoKGFwcHJvdmFsKSA9PlxyXG4gICAgICAgICAgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxyXG4gICAgICAgICAgICBwcmssXHJcbiAgICAgICAgICAgIGFwcHJvdmFsLnJlY2VpdmVyQ2lwaGVyUGFydGlhbEFzc2VtYmx5S2V5XHJcbiAgICAgICAgICApXHJcbiAgICAgICAgKVxyXG4gICAgKTtcclxuXHJcbiAgICByZXR1cm4gdGhpcy5hc3NlbWJseUNvbnRyb2xsZXIucmVjb3ZlckFzc2VtYmx5S2V5KHBhcnRpYWxzKTtcclxuICB9XHJcbn1cclxuIl19
+import { __awaiter } from "tslib";
+import { Inject, Injectable, isDevMode } from '@angular/core';
+import { Hub } from '@aws-amplify/core';
+import { ReplaySubject } from 'rxjs';
+import { KeyGraphService } from '../cryptography/key-graph.service';
+import { KeyService } from '../cryptography/key.service';
+import { ProfileService } from '../users/profile.service';
+import { PasswordChangeStatus } from '../users/profile.types';
+import { LrConcurrentAccessException, LrBadRequestException, LrBadStateException, LrException, } from '../_common/exceptions';
+import { RecoveryStatus, } from './auth.types';
+import { PasswordService } from './password.service';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import { CompleteTpPasswordResetRequestMutation, CreateTpAssemblyKeyChallengeMutation, PreCompleteTpPasswordResetRequestMutation, TpPasswordResetUserQuery, } from '../trusted-parties/tp-password-reset.gql';
+import { IdleService } from './idle.service';
+import { KeyFactoryService } from '../cryptography/key-factory.service';
+import { LrGraphQLService, LrMutation } from '../api/lr-graphql';
+import { TpClaimState } from '../api/types';
+import { TpPasswordResetProcessorService } from '../api/query-processor/tp-password-reset-processor.service';
+import { SetSessionEncryptionKeyMutation } from './auth.gql';
+import { PersistService } from '../api/persist.service';
+import { JWK } from 'node-jose';
+import { LR_CONFIG } from '../life-ready.config';
+import { EncryptionService } from '../cryptography/encryption.service';
+import { Slip39Service } from '../cryptography/slip39.service';
+import { TP_PASSWORD_RESET_CLIENT_NONCE_LENGTH, TP_PASSWORD_RESET_USERNAME_SUFFIX, } from '../trusted-parties/tp-password-reset.constants';
+import { TpPasswordResetAssemblyController } from '../trusted-parties/tp-password-reset.controller';
+import * as i0 from "@angular/core";
+import * as i1 from "../life-ready.config";
+import * as i2 from "@aws-amplify/auth/lib-esm/Auth";
+import * as i3 from "../cryptography/key-factory.service";
+import * as i4 from "../cryptography/key.service";
+import * as i5 from "../users/profile.service";
+import * as i6 from "../cryptography/key-graph.service";
+import * as i7 from "./password.service";
+import * as i8 from "./idle.service";
+import * as i9 from "../api/lr-graphql/lr-graphql.service";
+import * as i10 from "../api/query-processor/tp-password-reset-processor.service";
+import * as i11 from "../api/persist.service";
+import * as i12 from "../cryptography/encryption.service";
+import * as i13 from "../cryptography/slip39.service";
+import * as i14 from "../trusted-parties/tp-password-reset.controller";
+export const initialiseAuth = (authService) => {
+    return () => authService.initialise();
+};
+export class LifeReadyAuthService {
+    constructor(config, auth, keyFactory, keyService, profileService, keyGraphService, passwordService, idleService, lrGraphQL, tpPasswordResetProcessorService, persistService, encryptionService, slip39Service, assemblyController) {
+        this.config = config;
+        this.auth = auth;
+        this.keyFactory = keyFactory;
+        this.keyService = keyService;
+        this.profileService = profileService;
+        this.keyGraphService = keyGraphService;
+        this.passwordService = passwordService;
+        this.idleService = idleService;
+        this.lrGraphQL = lrGraphQL;
+        this.tpPasswordResetProcessorService = tpPasswordResetProcessorService;
+        this.persistService = persistService;
+        this.encryptionService = encryptionService;
+        this.slip39Service = slip39Service;
+        this.assemblyController = assemblyController;
+        this.hubSubject = new ReplaySubject(1);
+    }
+    initialise() {
+        return __awaiter(this, void 0, void 0, function* () {
+            Hub.listen('auth', (data) => this.hubSubject.next(data.payload));
+        });
+    }
+    loginIdpImpl(emailOrPhone, password, passIdpParams, recoveryStatus) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const passIdpResult = yield this.keyFactory.derivePassIdp(Object.assign({ password }, passIdpParams));
+            // Use the derived password to signin with cognito
+            const user = yield this.auth.signIn(emailOrPhone, this.passwordService.getPassIdpString(passIdpResult.jwk));
+            user.recoveryStatus = recoveryStatus;
+            return user;
+        });
+    }
+    loginIdp(emailOrPhone, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Download the salt needed to derive the PassIdp
+            const passIdpApiResult = yield this.profileService.getPassIdpParams(emailOrPhone);
+            if (passIdpApiResult.passwordChangeStatus === PasswordChangeStatus.InProgress) {
+                throw new LrConcurrentAccessException('A password change is in progress');
+            }
+            if (passIdpApiResult.passwordChangeStatus === PasswordChangeStatus.Recovery) {
+                console.log('In recovery mode.');
+                // Let's say we don't know if the password is the new one or the old one. We just have to try both.
+                try {
+                    const user = yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.newPassIdpParams, RecoveryStatus.NEW_PASSWORD);
+                    // New password worked. Let's set to the current password
+                    // --Potential Failure Point 1--
+                    // if changePasswordComplete() doesn't get called, then it should remain
+                    console.log('New password works!');
+                    return user;
+                }
+                catch (error) {
+                    // Just bubble up any other type of error.
+                    if (error.code !== 'NotAuthorizedException') {
+                        throw error;
+                    }
+                    // pass, try again assuming it's the old password
+                }
+                // Now assume it's the previous password. Any exception is allowed to bubble up.
+                try {
+                    const user = yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.currentPassIdpParams, RecoveryStatus.OLD_PASSWORD);
+                    // Old password worked.
+                    console.log('Old password works!');
+                    return user;
+                }
+                catch (error) {
+                    // Just bubble up any other type of error.
+                    throw error.code === 'NotAuthorizedException'
+                        ? new LrBadRequestException('The password change request was interrupted, please try to login with both your new and old password')
+                        : error;
+                }
+            }
+            // Try against as the TP password reset account
+            if (passIdpApiResult.tpPasswordReset) {
+                try {
+                    // TP password reset is in process. We need to try the password against both
+                    // original account and the new reset account.
+                    const reset = passIdpApiResult.tpPasswordReset;
+                    const ret = yield this.loginIdpImpl(reset.resetUsername, password, reset.passIdpParams, RecoveryStatus.NONE);
+                    ret.isTpPasswordResetUser = true;
+                    return ret;
+                }
+                catch (err) {
+                    // continue, try again as regular user.
+                }
+            }
+            // Login as regular user
+            return yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.currentPassIdpParams, RecoveryStatus.NONE);
+        });
+    }
+    handleSessionEncryptionKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.config.disableSessionEncryptionKey) {
+                if (!isDevMode()) {
+                    const msg = 'You should not set disableSessionEncryptionKey=True in mode prod. It defaults to false.';
+                    console.error(msg);
+                    throw new Error(msg);
+                }
+                else {
+                    console.warn('You have set disableSessionEncryptionKey=True. Make sure not to do this in prod mode.');
+                }
+            }
+            else {
+                // Set the session key to a new encryption key for this session
+                const sessionEncryptionKey = yield this.keyFactory.createKey();
+                yield this.lrGraphQL.lrMutate(new LrMutation({
+                    mutation: SetSessionEncryptionKeyMutation,
+                    variables: {
+                        input: {
+                            sessionEncryptionKey: JSON.stringify(sessionEncryptionKey.toJSON(true)),
+                        },
+                    },
+                }), {
+                    includeKeyGraph: false,
+                });
+                this.persistService.setServerSessionEncryptionKey(sessionEncryptionKey);
+            }
+        });
+    }
+    handlePostAuth(cognitoUser) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.handlePasswordRecovery(cognitoUser);
+            yield this.handleSessionEncryptionKey();
+        });
+    }
+    login(emailOrPhone, password, { tpPasswordResetAutoComplete = true } = {}) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            let loginResult = yield this.loginImpl(emailOrPhone, password);
+            if (tpPasswordResetAutoComplete &&
+                ((_a = loginResult.resetUser) === null || _a === void 0 ? void 0 : _a.state) === TpClaimState.APPROVED) {
+                yield this.completeRequest(password);
+                loginResult = yield this.loginImpl(emailOrPhone, password);
+            }
+            return loginResult;
+        });
+    }
+    loginImpl(emailOrPhone, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.logout();
+            const cognitoUser = yield this.loginIdp(emailOrPhone, password);
+            // todo: Meet MFA challenges.
+            if (['SMS_MFA', 'SOFTWARE_TOKEN_MFA'].includes(cognitoUser.challengeName)) {
+                return { hasChallenge: true, challenge: cognitoUser };
+            }
+            yield this.handlePostAuth(cognitoUser);
+            if (cognitoUser.isTpPasswordResetUser) {
+                // Assuming there is no MFA on the TP reset user.
+                const resetUser = yield this.loadResetUser(password);
+                return { hasChallenge: false, resetUser };
+            }
+            else {
+                const user = yield this.loadUser(cognitoUser, password);
+                yield this.idleService.start(); // Run idleService whenever user is logged in.
+                return { hasChallenge: false, user };
+            }
+        });
+    }
+    // TODO <AZ> We need to handle the isTpPasswordResetUser=True case here after MFA as well.
+    verifyLogin(challenge, password, rememberMe, code) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.auth.confirmSignIn(challenge, code, challenge.challengeName);
+            // TODO: this.auth.confirmSignIn() could return another challenge.
+            const cognitoUser = yield this.auth.currentAuthenticatedUser();
+            yield this.handlePostAuth(challenge);
+            const user = yield this.loadUser(cognitoUser, password);
+            if (rememberMe) {
+                cognitoUser.setDeviceStatusRemembered({
+                    onSuccess: () => { },
+                    onFailure: (e) => console.error(e),
+                });
+            }
+            return user;
+        });
+    }
+    handlePasswordRecovery(user) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (user.recoveryStatus !== RecoveryStatus.NONE) {
+                const jwtToken = user
+                    .getSignInUserSession()
+                    .getAccessToken()
+                    .getJwtToken();
+                yield this.passwordService.changePasswordComplete(jwtToken, user.recoveryStatus === RecoveryStatus.NEW_PASSWORD);
+            }
+        });
+    }
+    getUserOrResetUser(reload = false) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cognitoUser = yield this.auth.currentAuthenticatedUser();
+            if (cognitoUser.getUsername().endsWith(TP_PASSWORD_RESET_USERNAME_SUFFIX)) {
+                return this.getResetUser(reload);
+            }
+            else {
+                return this.getUser(reload);
+            }
+        });
+    }
+    getResetUser(reload = false) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!reload && this.currentResetUser) {
+                return this.currentResetUser;
+            }
+            this.currentResetUser = yield this.loadResetUser();
+            yield this.idleService.start(); // Run idleService whenever user is logged in.
+            return this.currentResetUser;
+        });
+    }
+    getUser(reload = false) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!reload && this.currentUser) {
+                return this.currentUser;
+            }
+            this.currentUser = yield this.loadUser(yield this.auth.currentAuthenticatedUser());
+            console.log('Starting idle service.');
+            yield this.idleService.start(); // Run idleService whenever user is logged in.
+            return this.currentUser;
+        });
+    }
+    mapTPVaultAccess(features) {
+        const tpVaultFeature = features === null || features === void 0 ? void 0 : features.tpVault;
+        return ((tpVaultFeature === null || tpVaultFeature === void 0 ? void 0 : tpVaultFeature.length) > 0 &&
+            tpVaultFeature.some((feature) => feature.toUpperCase() === 'ACCESS'));
+    }
+    loadUser(cognitoUser, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { currentUser, contactCard, userPlans, } = yield this.profileService.getCurrentUser();
+            if (currentUser.sessionEncryptionKey) {
+                this.persistService.setServerSessionEncryptionKey(yield JWK.asKey(currentUser.sessionEncryptionKey));
+            }
+            const userAttributes = yield this.auth.userAttributes(cognitoUser);
+            if (password) {
+                const passKey = (yield this.keyFactory.derivePassKey(Object.assign({ password }, currentUser.currentUserKey.passKey.passKeyParams))).jwk;
+                yield this.idleService.persistMasterKey(yield this.keyGraphService.unwrapWithPassKey(currentUser.currentUserKey.passKey.id, passKey, currentUser.currentUserKey.masterKey.id));
+            }
+            yield this.keyGraphService.populateKeys(currentUser.currentUserKey);
+            return {
+                id: currentUser.id,
+                sub: this.getUserAttribute('sub', userAttributes),
+                username: currentUser.username,
+                currentUserKey: currentUser.currentUserKey,
+                getAccessJwtToken: () => cognitoUser.getSignInUserSession().getAccessToken().getJwtToken(),
+                email: this.getUserAttribute('email', userAttributes),
+                emailVerified: this.getUserAttribute('email_verified', userAttributes) === 'true',
+                phone: this.getUserAttribute('phone_number', userAttributes),
+                phoneVerified: this.getUserAttribute('phone_number_verified', userAttributes) ===
+                    'true',
+                contactCard: Object.assign({}, (yield this.profileService.decryptContactCard(contactCard))),
+                userDelete: currentUser.userDelete,
+                userPlans,
+                hasTPVaultAccess: this.mapTPVaultAccess(currentUser.features),
+                features: currentUser.features,
+                sessionEncryptionKey: currentUser.sessionEncryptionKey,
+            };
+        });
+    }
+    watchAuth() {
+        return this.hubSubject;
+    }
+    logout() {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.currentUser = null;
+            this.keyService.purgeKeys();
+            this.keyGraphService.purgeKeys();
+            yield Promise.all([this.auth.signOut(), this.profileService.signOut()]);
+        });
+    }
+    getUserAttribute(attributeName, userAttributes) {
+        const userAttribute = userAttributes.find((x) => x.getName() === attributeName);
+        return userAttribute ? userAttribute.getValue() : null;
+    }
+    loadResetUser(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { tpPasswordResetUser: resetUser } = yield this.lrGraphQL.query({
+                query: TpPasswordResetUserQuery,
+            });
+            if (resetUser.sessionEncryptionKey) {
+                this.persistService.setServerSessionEncryptionKey(yield JWK.asKey(resetUser.sessionEncryptionKey));
+            }
+            // Update the keys
+            if (password) {
+                const passKey = (yield this.keyFactory.derivePassKey(Object.assign({ password }, resetUser.passKey.passKeyParams))).jwk;
+                yield this.idleService.persistMasterKey(yield this.keyGraphService.unwrapWithPassKey(resetUser.passKey.id, passKey, resetUser.masterKey.id));
+            }
+            this.keyService.populateKeys({
+                passKey: {
+                    id: resetUser.passKey.id,
+                },
+                masterKey: {
+                    id: resetUser.masterKey.id,
+                },
+            });
+            const userAttributes = yield this.auth.userAttributes(yield this.auth.currentAuthenticatedUser());
+            const sub = this.getUserAttribute('sub', userAttributes);
+            return Object.assign(Object.assign({}, (yield this.tpPasswordResetProcessorService.processTpPasswordResetUserNode(resetUser))), { sub });
+        });
+    }
+    refreshAccessToken() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cognitoUser = yield this.auth.currentAuthenticatedUser();
+            const refreshToken = cognitoUser.getSignInUserSession().getRefreshToken();
+            return new Promise((resolve, reject) => {
+                cognitoUser.refreshSession(refreshToken, (err, data) => {
+                    if (err) {
+                        console.error('Error refreshing token: ', err);
+                        reject(err);
+                    }
+                    else {
+                        console.log('Token refresh complete: ', data);
+                        resolve(0);
+                    }
+                });
+            });
+        });
+    }
+    completeRequest(newPassword) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const resetUser = yield this.getResetUser(true);
+            if (resetUser.state !== TpClaimState.APPROVED) {
+                throw new LrBadStateException('Password reset request has not been approved.');
+            }
+            // --------------------------------------------------------------
+            // Prepare all materials to ensure there are no errors.
+            // --------------------------------------------------------------
+            const assemblyKey = yield this.recoverAssemblyKey(resetUser);
+            const { rootKey } = yield this.encryptionService.decrypt(assemblyKey, resetUser.assemblyCipherData);
+            console.log(rootKey);
+            // Making sure it's a valid key.
+            const rootKeyJwk = yield JWK.asKey(rootKey);
+            const masterKey = yield this.keyGraphService.getKey(resetUser.masterKey.id);
+            const masterKeyWrappedRootKey = yield this.encryptionService.encryptToString(masterKey.jwk, rootKeyJwk.toJSON(true));
+            // The new password
+            const newPassIdpResult = yield this.keyFactory.derivePassIdp(Object.assign({ password: newPassword }, resetUser.passKey.passIdpParams));
+            const newIdpPassword = this.passwordService.getPassIdpString(newPassIdpResult.jwk);
+            // --------------------------------------------------------------
+            // Get assembly key challenge
+            // --------------------------------------------------------------
+            const challenge = (yield this.lrGraphQL.lrMutate(new LrMutation({
+                mutation: CreateTpAssemblyKeyChallengeMutation,
+                variables: {
+                    input: {},
+                },
+            }), {
+                includeKeyGraph: false,
+            })).createTpAssemblyKeyChallenge.challenge;
+            console.log(challenge);
+            // Sign the challenge
+            // Generate a client side nonce that's no in the server's control.
+            challenge.clientNonce = this.keyFactory.randomString(TP_PASSWORD_RESET_CLIENT_NONCE_LENGTH);
+            console.log(challenge);
+            const assemblyKeyVerifierPrk = yield this.encryptionService.decrypt(assemblyKey, resetUser.wrappedAssemblyKeyVerifierPrk);
+            const signedChallenge = yield this.encryptionService.sign(assemblyKeyVerifierPrk, challenge);
+            // --------------------------------------------------------------
+            // Change password for the original user
+            // --------------------------------------------------------------
+            const tempIdpPassword = (yield this.lrGraphQL.lrMutate(new LrMutation({
+                mutation: PreCompleteTpPasswordResetRequestMutation,
+                variables: {
+                    input: {
+                        signedChallenge: JSON.stringify(signedChallenge),
+                    },
+                },
+            }), {
+                includeKeyGraph: false,
+            })).preCompleteTpPasswordResetRequest.idpPassword;
+            // --------------------------------------------------------------
+            // Login as the original user using new temporary password
+            // --------------------------------------------------------------
+            // At this point, the original account's password has been changed
+            // to a temporary password. It is no longer possible for the user
+            // to use the original password to login. Any successful login
+            // can only be using the temporary password. So it's safe to assume
+            // that we want to "complete" the password reset.
+            // The maybe 2FA so we listen for the auth event from Amplify.
+            const retPromise = new Promise((resolve) => {
+                const listener = (data) => __awaiter(this, void 0, void 0, function* () {
+                    if (data.payload.event !== 'signIn') {
+                        return;
+                    }
+                    Hub.remove('auth', listener);
+                    console.log(data.payload);
+                    yield this.auth.signIn(resetUser.username, newIdpPassword);
+                    // Switch over to the new set of keys
+                    yield this.lrGraphQL.lrMutate(new LrMutation({
+                        mutation: CompleteTpPasswordResetRequestMutation,
+                        variables: {
+                            input: {
+                                masterKeyWrappedRootKey,
+                                masterKeyId: masterKey.id,
+                            },
+                        },
+                    }));
+                    resolve();
+                });
+                Hub.listen('auth', listener);
+            });
+            // Signin as the original user. Password has been reset to temporary one. It should return
+            // with NEW_PASSWORD_REQUIRED
+            let user = yield this.auth.signIn(resetUser.username, tempIdpPassword, {
+                noProxy: 'true',
+            });
+            if (user.challengeName !== 'NEW_PASSWORD_REQUIRED') {
+                throw new LrException({
+                    message: 'Internal error. Expecting Cognito to have done a password reset after call to PreCompleteTpPasswordResetRequestMutation.',
+                });
+            }
+            // Set new password on Idp
+            // the awsFetch() function passes NEW_PASSWORD_REQUIRED directly to AWS without
+            // going through the proxy.
+            user = yield this.auth.completeNewPassword(user, newIdpPassword, {});
+            return retPromise;
+        });
+    }
+    recoverAssemblyKey(resetUser) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const prk = yield this.keyGraphService.getKey(resetUser.pxk.id);
+            const partials = yield Promise.all(resetUser.approvals
+                .filter((approval) => !!approval.receiverCipherPartialAssemblyKey)
+                .map((approval) => this.encryptionService.decrypt(prk, approval.receiverCipherPartialAssemblyKey)));
+            return this.assemblyController.recoverAssemblyKey(partials);
+        });
+    }
+}
+LifeReadyAuthService.ɵprov = i0.ɵɵdefineInjectable({ factory: function LifeReadyAuthService_Factory() { return new LifeReadyAuthService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.AuthClass), i0.ɵɵinject(i3.KeyFactoryService), i0.ɵɵinject(i4.KeyService), i0.ɵɵinject(i5.ProfileService), i0.ɵɵinject(i6.KeyGraphService), i0.ɵɵinject(i7.PasswordService), i0.ɵɵinject(i8.IdleService), i0.ɵɵinject(i9.LrGraphQLService), i0.ɵɵinject(i10.TpPasswordResetProcessorService), i0.ɵɵinject(i11.PersistService), i0.ɵɵinject(i12.EncryptionService), i0.ɵɵinject(i13.Slip39Service), i0.ɵɵinject(i14.TpPasswordResetAssemblyController)); }, token: LifeReadyAuthService, providedIn: "root" });
+LifeReadyAuthService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+LifeReadyAuthService.ctorParameters = () => [
+    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
+    { type: AuthClass },
+    { type: KeyFactoryService },
+    { type: KeyService },
+    { type: ProfileService },
+    { type: KeyGraphService },
+    { type: PasswordService },
+    { type: IdleService },
+    { type: LrGraphQLService },
+    { type: TpPasswordResetProcessorService },
+    { type: PersistService },
+    { type: EncryptionService },
+    { type: Slip39Service },
+    { type: TpPasswordResetAssemblyController }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGlmZS1yZWFkeS1hdXRoLnNlcnZpY2UuanMiLCJzb3VyY2VSb290IjoiL29wdC9hdGxhc3NpYW4vcGlwZWxpbmVzL2FnZW50L2J1aWxkL3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2F1dGgvbGlmZS1yZWFkeS1hdXRoLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUU5RCxPQUFPLEVBQUUsR0FBRyxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFFeEMsT0FBTyxFQUFjLGFBQWEsRUFBRSxNQUFNLE1BQU0sQ0FBQztBQUVqRCxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sbUNBQW1DLENBQUM7QUFDcEUsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBQ3pELE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUMxRCxPQUFPLEVBQUUsb0JBQW9CLEVBQUUsTUFBTSx3QkFBd0IsQ0FBQztBQUM5RCxPQUFPLEVBQ0wsMkJBQTJCLEVBQzNCLHFCQUFxQixFQUNyQixtQkFBbUIsRUFDbkIsV0FBVyxHQUNaLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUtMLGNBQWMsR0FDZixNQUFNLGNBQWMsQ0FBQztBQUN0QixPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sb0JBQW9CLENBQUM7QUFDckQsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLGdDQUFnQyxDQUFDO0FBQzNELE9BQU8sRUFDTCxzQ0FBc0MsRUFDdEMsb0NBQW9DLEVBQ3BDLHlDQUF5QyxFQUN6Qyx3QkFBd0IsR0FDekIsTUFBTSwwQ0FBMEMsQ0FBQztBQUNsRCxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sZ0JBQWdCLENBQUM7QUFDN0MsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0scUNBQXFDLENBQUM7QUFDeEUsT0FBTyxFQUFFLGdCQUFnQixFQUFFLFVBQVUsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQ2pFLE9BQU8sRUFBRSxZQUFZLEVBQTJCLE1BQU0sY0FBYyxDQUFDO0FBQ3JFLE9BQU8sRUFBRSwrQkFBK0IsRUFBRSxNQUFNLDREQUE0RCxDQUFDO0FBQzdHLE9BQU8sRUFBRSwrQkFBK0IsRUFBRSxNQUFNLFlBQVksQ0FBQztBQUM3RCxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sd0JBQXdCLENBQUM7QUFDeEQsT0FBTyxFQUFFLEdBQUcsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUNoQyxPQUFPLEVBQW1CLFNBQVMsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLG9DQUFvQyxDQUFDO0FBQ3ZFLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUMvRCxPQUFPLEVBQ0wscUNBQXFDLEVBQ3JDLGlDQUFpQyxHQUNsQyxNQUFNLGdEQUFnRCxDQUFDO0FBQ3hELE9BQU8sRUFBRSxpQ0FBaUMsRUFBRSxNQUFNLGlEQUFpRCxDQUFDOzs7Ozs7Ozs7Ozs7Ozs7O0FBRXBHLE1BQU0sQ0FBQyxNQUFNLGNBQWMsR0FBRyxDQUFDLFdBQWlDLEVBQUUsRUFBRTtJQUNsRSxPQUFPLEdBQUcsRUFBRSxDQUFDLFdBQVcsQ0FBQyxVQUFVLEVBQUUsQ0FBQztBQUN4QyxDQUFDLENBQUM7QUFTRixNQUFNLE9BQU8sb0JBQW9CO0lBSy9CLFlBQzZCLE1BQXVCLEVBQzFDLElBQWUsRUFDZixVQUE2QixFQUM3QixVQUFzQixFQUN0QixjQUE4QixFQUM5QixlQUFnQyxFQUNoQyxlQUFnQyxFQUNoQyxXQUF3QixFQUN4QixTQUEyQixFQUMzQiwrQkFBZ0UsRUFDaEUsY0FBOEIsRUFDOUIsaUJBQW9DLEVBQ3BDLGFBQTRCLEVBQzVCLGtCQUFxRDtRQWJsQyxXQUFNLEdBQU4sTUFBTSxDQUFpQjtRQUMxQyxTQUFJLEdBQUosSUFBSSxDQUFXO1FBQ2YsZUFBVSxHQUFWLFVBQVUsQ0FBbUI7UUFDN0IsZUFBVSxHQUFWLFVBQVUsQ0FBWTtRQUN0QixtQkFBYyxHQUFkLGNBQWMsQ0FBZ0I7UUFDOUIsb0JBQWUsR0FBZixlQUFlLENBQWlCO1FBQ2hDLG9CQUFlLEdBQWYsZUFBZSxDQUFpQjtRQUNoQyxnQkFBVyxHQUFYLFdBQVcsQ0FBYTtRQUN4QixjQUFTLEdBQVQsU0FBUyxDQUFrQjtRQUMzQixvQ0FBK0IsR0FBL0IsK0JBQStCLENBQWlDO1FBQ2hFLG1CQUFjLEdBQWQsY0FBYyxDQUFnQjtRQUM5QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLGtCQUFhLEdBQWIsYUFBYSxDQUFlO1FBQzVCLHVCQUFrQixHQUFsQixrQkFBa0IsQ0FBbUM7UUFsQnZELGVBQVUsR0FBdUIsSUFBSSxhQUFhLENBQU0sQ0FBQyxDQUFDLENBQUM7SUFtQmhFLENBQUM7SUFFUyxVQUFVOztZQUNyQixHQUFHLENBQUMsTUFBTSxDQUFDLE1BQU0sRUFBRSxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7UUFDbkUsQ0FBQztLQUFBO0lBRWEsWUFBWSxDQUN4QixZQUFvQixFQUNwQixRQUFnQixFQUNoQixhQUE0QixFQUM1QixjQUE4Qjs7WUFFOUIsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ3ZELFFBQVEsSUFDTCxhQUFhLEVBQ2hCLENBQUM7WUFDSCxrREFBa0Q7WUFDbEQsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FDakMsWUFBWSxFQUNaLElBQUksQ0FBQyxlQUFlLENBQUMsZ0JBQWdCLENBQUMsYUFBYSxDQUFDLEdBQUcsQ0FBQyxDQUN6RCxDQUFDO1lBRUYsSUFBSSxDQUFDLGNBQWMsR0FBRyxjQUFjLENBQUM7WUFFckMsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFYSxRQUFRLENBQ3BCLFlBQW9CLEVBQ3BCLFFBQWdCOztZQUVoQixpREFBaUQ7WUFDakQsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQUMsZ0JBQWdCLENBQ2pFLFlBQVksQ0FDYixDQUFDO1lBRUYsSUFDRSxnQkFBZ0IsQ0FBQyxvQkFBb0IsS0FBSyxvQkFBb0IsQ0FBQyxVQUFVLEVBQ3pFO2dCQUNBLE1BQU0sSUFBSSwyQkFBMkIsQ0FBQyxrQ0FBa0MsQ0FBQyxDQUFDO2FBQzNFO1lBRUQsSUFDRSxnQkFBZ0IsQ0FBQyxvQkFBb0IsS0FBSyxvQkFBb0IsQ0FBQyxRQUFRLEVBQ3ZFO2dCQUNBLE9BQU8sQ0FBQyxHQUFHLENBQUMsbUJBQW1CLENBQUMsQ0FBQztnQkFDakMsbUdBQW1HO2dCQUNuRyxJQUFJO29CQUNGLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FDbEMsWUFBWSxFQUNaLFFBQVEsRUFDUixnQkFBZ0IsQ0FBQyxnQkFBZ0IsRUFDakMsY0FBYyxDQUFDLFlBQVksQ0FDNUIsQ0FBQztvQkFDRix5REFBeUQ7b0JBRXpELGdDQUFnQztvQkFDaEMsd0VBQXdFO29CQUV4RSxPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixDQUFDLENBQUM7b0JBRW5DLE9BQU8sSUFBSSxDQUFDO2lCQUNiO2dCQUFDLE9BQU8sS0FBSyxFQUFFO29CQUNkLDBDQUEwQztvQkFDMUMsSUFBSSxLQUFLLENBQUMsSUFBSSxLQUFLLHdCQUF3QixFQUFFO3dCQUMzQyxNQUFNLEtBQUssQ0FBQztxQkFDYjtvQkFDRCxpREFBaUQ7aUJBQ2xEO2dCQUVELGdGQUFnRjtnQkFDaEYsSUFBSTtvQkFDRixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQ2xDLFlBQVksRUFDWixRQUFRLEVBQ1IsZ0JBQWdCLENBQUMsb0JBQW9CLEVBQ3JDLGNBQWMsQ0FBQyxZQUFZLENBQzVCLENBQUM7b0JBQ0YsdUJBQXVCO29CQUN2QixPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixDQUFDLENBQUM7b0JBRW5DLE9BQU8sSUFBSSxDQUFDO2lCQUNiO2dCQUFDLE9BQU8sS0FBSyxFQUFFO29CQUNkLDBDQUEwQztvQkFDMUMsTUFBTSxLQUFLLENBQUMsSUFBSSxLQUFLLHdCQUF3Qjt3QkFDM0MsQ0FBQyxDQUFDLElBQUkscUJBQXFCLENBQ3ZCLHNHQUFzRyxDQUN2Rzt3QkFDSCxDQUFDLENBQUMsS0FBSyxDQUFDO2lCQUNYO2FBQ0Y7WUFFRCwrQ0FBK0M7WUFDL0MsSUFBSSxnQkFBZ0IsQ0FBQyxlQUFlLEVBQUU7Z0JBQ3BDLElBQUk7b0JBQ0YsNEVBQTRFO29CQUM1RSw4Q0FBOEM7b0JBQzlDLE1BQU0sS0FBSyxHQUFHLGdCQUFnQixDQUFDLGVBQWUsQ0FBQztvQkFDL0MsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUNqQyxLQUFLLENBQUMsYUFBYSxFQUNuQixRQUFRLEVBQ1IsS0FBSyxDQUFDLGFBQWEsRUFDbkIsY0FBYyxDQUFDLElBQUksQ0FDcEIsQ0FBQztvQkFDRixHQUFHLENBQUMscUJBQXFCLEdBQUcsSUFBSSxDQUFDO29CQUVqQyxPQUFPLEdBQUcsQ0FBQztpQkFDWjtnQkFBQyxPQUFPLEdBQUcsRUFBRTtvQkFDWix1Q0FBdUM7aUJBQ3hDO2FBQ0Y7WUFFRCx3QkFBd0I7WUFDeEIsT0FBTyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQzVCLFlBQVksRUFDWixRQUFRLEVBQ1IsZ0JBQWdCLENBQUMsb0JBQW9CLEVBQ3JDLGNBQWMsQ0FBQyxJQUFJLENBQ3BCLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFZSwwQkFBMEI7O1lBQ3hDLElBQUksSUFBSSxDQUFDLE1BQU0sQ0FBQywyQkFBMkIsRUFBRTtnQkFDM0MsSUFBSSxDQUFDLFNBQVMsRUFBRSxFQUFFO29CQUNoQixNQUFNLEdBQUcsR0FDUCx5RkFBeUYsQ0FBQztvQkFDNUYsT0FBTyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztvQkFDbkIsTUFBTSxJQUFJLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztpQkFDdEI7cUJBQU07b0JBQ0wsT0FBTyxDQUFDLElBQUksQ0FDVix1RkFBdUYsQ0FDeEYsQ0FBQztpQkFDSDthQUNGO2lCQUFNO2dCQUNMLCtEQUErRDtnQkFDL0QsTUFBTSxvQkFBb0IsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQy9ELE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQzNCLElBQUksVUFBVSxDQUFDO29CQUNiLFFBQVEsRUFBRSwrQkFBK0I7b0JBQ3pDLFNBQVMsRUFBRTt3QkFDVCxLQUFLLEVBQUU7NEJBQ0wsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDbEMsb0JBQW9CLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUNsQzt5QkFDRjtxQkFDRjtpQkFDRixDQUFDLEVBQ0Y7b0JBQ0UsZUFBZSxFQUFFLEtBQUs7aUJBQ3ZCLENBQ0YsQ0FBQztnQkFFRixJQUFJLENBQUMsY0FBYyxDQUFDLDZCQUE2QixDQUFDLG9CQUFvQixDQUFDLENBQUM7YUFDekU7UUFDSCxDQUFDO0tBQUE7SUFFZSxjQUFjLENBQUMsV0FBaUM7O1lBQzlELE1BQU0sSUFBSSxDQUFDLHNCQUFzQixDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBQy9DLE1BQU0sSUFBSSxDQUFDLDBCQUEwQixFQUFFLENBQUM7UUFDMUMsQ0FBQztLQUFBO0lBRVksS0FBSyxDQUNoQixZQUFvQixFQUNwQixRQUFnQixFQUNoQixFQUFFLDJCQUEyQixHQUFHLElBQUksS0FBbUIsRUFBRTs7O1lBRXpELElBQUksV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLEVBQUUsUUFBUSxDQUFDLENBQUM7WUFFL0QsSUFDRSwyQkFBMkI7Z0JBQzNCLE9BQUEsV0FBVyxDQUFDLFNBQVMsMENBQUUsS0FBSyxNQUFLLFlBQVksQ0FBQyxRQUFRLEVBQ3REO2dCQUNBLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxRQUFRLENBQUMsQ0FBQztnQkFDckMsV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLEVBQUUsUUFBUSxDQUFDLENBQUM7YUFDNUQ7WUFFRCxPQUFPLFdBQVcsQ0FBQzs7S0FDcEI7SUFFWSxTQUFTLENBQ3BCLFlBQW9CLEVBQ3BCLFFBQWdCOztZQUVoQixNQUFNLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztZQUNwQixNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsWUFBWSxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBRWhFLDZCQUE2QjtZQUM3QixJQUFJLENBQUMsU0FBUyxFQUFFLG9CQUFvQixDQUFDLENBQUMsUUFBUSxDQUFDLFdBQVcsQ0FBQyxhQUFhLENBQUMsRUFBRTtnQkFDekUsT0FBTyxFQUFFLFlBQVksRUFBRSxJQUFJLEVBQUUsU0FBUyxFQUFFLFdBQVcsRUFBRSxDQUFDO2FBQ3ZEO1lBRUQsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRXZDLElBQUksV0FBVyxDQUFDLHFCQUFxQixFQUFFO2dCQUNyQyxpREFBaUQ7Z0JBQ2pELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxRQUFRLENBQUMsQ0FBQztnQkFDckQsT0FBTyxFQUFFLFlBQVksRUFBRSxLQUFLLEVBQUUsU0FBUyxFQUFFLENBQUM7YUFDM0M7aUJBQU07Z0JBQ0wsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsRUFBRSxRQUFRLENBQUMsQ0FBQztnQkFDeEQsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUMsOENBQThDO2dCQUM5RSxPQUFPLEVBQUUsWUFBWSxFQUFFLEtBQUssRUFBRSxJQUFJLEVBQUUsQ0FBQzthQUN0QztRQUNILENBQUM7S0FBQTtJQUVELDBGQUEwRjtJQUM3RSxXQUFXLENBQ3RCLFNBQStCLEVBQy9CLFFBQWdCLEVBQ2hCLFVBQW1CLEVBQ25CLElBQVk7O1lBRVosTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxTQUFTLEVBQUUsSUFBSSxFQUFFLFNBQVMsQ0FBQyxhQUFhLENBQUMsQ0FBQztZQUV4RSxrRUFBa0U7WUFFbEUsTUFBTSxXQUFXLEdBQWdCLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyx3QkFBd0IsRUFBRSxDQUFDO1lBRTVFLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsQ0FBQztZQUVyQyxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBRXhELElBQUksVUFBVSxFQUFFO2dCQUNkLFdBQVcsQ0FBQyx5QkFBeUIsQ0FBQztvQkFDcEMsU0FBUyxFQUFFLEdBQUcsRUFBRSxHQUFFLENBQUM7b0JBQ25CLFNBQVMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7aUJBQ25DLENBQUMsQ0FBQzthQUNKO1lBRUQsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFSyxzQkFBc0IsQ0FBQyxJQUEwQjs7WUFDckQsSUFBSSxJQUFJLENBQUMsY0FBYyxLQUFLLGNBQWMsQ0FBQyxJQUFJLEVBQUU7Z0JBQy9DLE1BQU0sUUFBUSxHQUFHLElBQUk7cUJBQ2xCLG9CQUFvQixFQUFFO3FCQUN0QixjQUFjLEVBQUU7cUJBQ2hCLFdBQVcsRUFBRSxDQUFDO2dCQUNqQixNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsc0JBQXNCLENBQy9DLFFBQVEsRUFDUixJQUFJLENBQUMsY0FBYyxLQUFLLGNBQWMsQ0FBQyxZQUFZLENBQ3BELENBQUM7YUFDSDtRQUNILENBQUM7S0FBQTtJQUVLLGtCQUFrQixDQUN0QixTQUFrQixLQUFLOztZQUV2QixNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQztZQUUvRCxJQUFJLFdBQVcsQ0FBQyxXQUFXLEVBQUUsQ0FBQyxRQUFRLENBQUMsaUNBQWlDLENBQUMsRUFBRTtnQkFDekUsT0FBTyxJQUFJLENBQUMsWUFBWSxDQUFDLE1BQU0sQ0FBQyxDQUFDO2FBQ2xDO2lCQUFNO2dCQUNMLE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQzthQUM3QjtRQUNILENBQUM7S0FBQTtJQUVLLFlBQVksQ0FBQyxTQUFrQixLQUFLOztZQUN4QyxJQUFJLENBQUMsTUFBTSxJQUFJLElBQUksQ0FBQyxnQkFBZ0IsRUFBRTtnQkFDcEMsT0FBTyxJQUFJLENBQUMsZ0JBQWdCLENBQUM7YUFDOUI7WUFFRCxJQUFJLENBQUMsZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxFQUFFLENBQUM7WUFFbkQsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUMsOENBQThDO1lBRTlFLE9BQU8sSUFBSSxDQUFDLGdCQUFnQixDQUFDO1FBQy9CLENBQUM7S0FBQTtJQUVLLE9BQU8sQ0FBQyxTQUFrQixLQUFLOztZQUNuQyxJQUFJLENBQUMsTUFBTSxJQUFJLElBQUksQ0FBQyxXQUFXLEVBQUU7Z0JBQy9CLE9BQU8sSUFBSSxDQUFDLFdBQVcsQ0FBQzthQUN6QjtZQUNELElBQUksQ0FBQyxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUNwQyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FDM0MsQ0FBQztZQUNGLE9BQU8sQ0FBQyxHQUFHLENBQUMsd0JBQXdCLENBQUMsQ0FBQztZQUN0QyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsS0FBSyxFQUFFLENBQUMsQ0FBQyw4Q0FBOEM7WUFDOUUsT0FBTyxJQUFJLENBQUMsV0FBVyxDQUFDO1FBQzFCLENBQUM7S0FBQTtJQUVPLGdCQUFnQixDQUFDLFFBQWM7UUFDckMsTUFBTSxjQUFjLEdBQUcsUUFBUSxhQUFSLFFBQVEsdUJBQVIsUUFBUSxDQUFFLE9BQU8sQ0FBQztRQUN6QyxPQUFPLENBQ0wsQ0FBQSxjQUFjLGFBQWQsY0FBYyx1QkFBZCxjQUFjLENBQUUsTUFBTSxJQUFHLENBQUM7WUFDMUIsY0FBYyxDQUFDLElBQUksQ0FBQyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLFdBQVcsRUFBRSxLQUFLLFFBQVEsQ0FBQyxDQUNyRSxDQUFDO0lBQ0osQ0FBQztJQUVhLFFBQVEsQ0FDcEIsV0FBd0IsRUFDeEIsUUFBaUI7O1lBRWpCLE1BQU0sRUFDSixXQUFXLEVBQ1gsV0FBVyxFQUNYLFNBQVMsR0FDVixHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUUvQyxJQUFJLFdBQVcsQ0FBQyxvQkFBb0IsRUFBRTtnQkFDcEMsSUFBSSxDQUFDLGNBQWMsQ0FBQyw2QkFBNkIsQ0FDL0MsTUFBTSxHQUFHLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxvQkFBb0IsQ0FBQyxDQUNsRCxDQUFDO2FBQ0g7WUFFRCxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRW5FLElBQUksUUFBUSxFQUFFO2dCQUNaLE1BQU0sT0FBTyxHQUFHLENBQ2QsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ2pDLFFBQVEsSUFDTCxXQUFXLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQ25ELENBQ0gsQ0FBQyxHQUFHLENBQUM7Z0JBRU4sTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLGdCQUFnQixDQUNyQyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsaUJBQWlCLENBQzFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFDckMsT0FBTyxFQUNQLFdBQVcsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FDeEMsQ0FDRixDQUFDO2FBQ0g7WUFDRCxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsWUFBWSxDQUFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsQ0FBQztZQUVwRSxPQUFPO2dCQUNMLEVBQUUsRUFBRSxXQUFXLENBQUMsRUFBRTtnQkFDbEIsR0FBRyxFQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLEVBQUUsY0FBYyxDQUFDO2dCQUNqRCxRQUFRLEVBQUUsV0FBVyxDQUFDLFFBQVE7Z0JBQzlCLGNBQWMsRUFBRSxXQUFXLENBQUMsY0FBYztnQkFDMUMsaUJBQWlCLEVBQUUsR0FBRyxFQUFFLENBQ3RCLFdBQVcsQ0FBQyxvQkFBb0IsRUFBRSxDQUFDLGNBQWMsRUFBRSxDQUFDLFdBQVcsRUFBRTtnQkFDbkUsS0FBSyxFQUFFLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxPQUFPLEVBQUUsY0FBYyxDQUFDO2dCQUNyRCxhQUFhLEVBQ1gsSUFBSSxDQUFDLGdCQUFnQixDQUFDLGdCQUFnQixFQUFFLGNBQWMsQ0FBQyxLQUFLLE1BQU07Z0JBQ3BFLEtBQUssRUFBRSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsY0FBYyxFQUFFLGNBQWMsQ0FBQztnQkFDNUQsYUFBYSxFQUNYLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyx1QkFBdUIsRUFBRSxjQUFjLENBQUM7b0JBQzlELE1BQU07Z0JBQ1IsV0FBVyxvQkFDTixDQUFDLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxrQkFBa0IsQ0FBQyxXQUFXLENBQUMsQ0FBQyxDQUMvRDtnQkFDRCxVQUFVLEVBQUUsV0FBVyxDQUFDLFVBQVU7Z0JBQ2xDLFNBQVM7Z0JBQ1QsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLGdCQUFnQixDQUFDLFdBQVcsQ0FBQyxRQUFRLENBQUM7Z0JBQzdELFFBQVEsRUFBRSxXQUFXLENBQUMsUUFBUTtnQkFDOUIsb0JBQW9CLEVBQUUsV0FBVyxDQUFDLG9CQUFvQjthQUN2RCxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRU0sU0FBUztRQUNkLE9BQU8sSUFBSSxDQUFDLFVBQVUsQ0FBQztJQUN6QixDQUFDO0lBRVksTUFBTTs7WUFDakIsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLENBQUM7WUFDeEIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUM1QixJQUFJLENBQUMsZUFBZSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBRWpDLE1BQU0sT0FBTyxDQUFDLEdBQUcsQ0FBQyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLEVBQUUsSUFBSSxDQUFDLGNBQWMsQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDMUUsQ0FBQztLQUFBO0lBRU8sZ0JBQWdCLENBQ3RCLGFBQXFCLEVBQ3JCLGNBQXNDO1FBRXRDLE1BQU0sYUFBYSxHQUFHLGNBQWMsQ0FBQyxJQUFJLENBQ3ZDLENBQUMsQ0FBQyxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxFQUFFLEtBQUssYUFBYSxDQUNyQyxDQUFDO1FBRUYsT0FBTyxhQUFhLENBQUMsQ0FBQyxDQUFDLGFBQWEsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLENBQUMsSUFBSSxDQUFDO0lBQ3pELENBQUM7SUFFWSxhQUFhLENBQUMsUUFBaUI7O1lBQzFDLE1BQU0sRUFBRSxtQkFBbUIsRUFBRSxTQUFTLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDO2dCQUNwRSxLQUFLLEVBQUUsd0JBQXdCO2FBQ2hDLENBQUMsQ0FBQztZQUVILElBQUksU0FBUyxDQUFDLG9CQUFvQixFQUFFO2dCQUNsQyxJQUFJLENBQUMsY0FBYyxDQUFDLDZCQUE2QixDQUMvQyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDLG9CQUFvQixDQUFDLENBQ2hELENBQUM7YUFDSDtZQUVELGtCQUFrQjtZQUNsQixJQUFJLFFBQVEsRUFBRTtnQkFDWixNQUFNLE9BQU8sR0FBRyxDQUNkLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLGlCQUNqQyxRQUFRLElBQ0wsU0FBUyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQ2xDLENBQ0gsQ0FBQyxHQUFHLENBQUM7Z0JBRU4sTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLGdCQUFnQixDQUNyQyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsaUJBQWlCLENBQzFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsRUFBRSxFQUNwQixPQUFPLEVBQ1AsU0FBUyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQ3ZCLENBQ0YsQ0FBQzthQUNIO1lBRUQsSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUM7Z0JBQzNCLE9BQU8sRUFBRTtvQkFDUCxFQUFFLEVBQUUsU0FBUyxDQUFDLE9BQU8sQ0FBQyxFQUFFO2lCQUN6QjtnQkFDRCxTQUFTLEVBQUU7b0JBQ1QsRUFBRSxFQUFFLFNBQVMsQ0FBQyxTQUFTLENBQUMsRUFBRTtpQkFDM0I7YUFDRixDQUFDLENBQUM7WUFFSCxNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUNuRCxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FDM0MsQ0FBQztZQUNGLE1BQU0sR0FBRyxHQUFHLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxLQUFLLEVBQUUsY0FBYyxDQUFDLENBQUM7WUFFekQsdUNBQ0ssQ0FBQyxNQUFNLElBQUksQ0FBQywrQkFBK0IsQ0FBQyw4QkFBOEIsQ0FDM0UsU0FBUyxDQUNWLENBQUMsS0FDRixHQUFHLElBQ0g7UUFDSixDQUFDO0tBQUE7SUFFWSxrQkFBa0I7O1lBQzdCLE1BQU0sV0FBVyxHQUFnQixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQztZQUM1RSxNQUFNLFlBQVksR0FBRyxXQUFXLENBQUMsb0JBQW9CLEVBQUUsQ0FBQyxlQUFlLEVBQUUsQ0FBQztZQUUxRSxPQUFPLElBQUksT0FBTyxDQUFDLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFO2dCQUNyQyxXQUFXLENBQUMsY0FBYyxDQUFDLFlBQVksRUFBRSxDQUFDLEdBQUcsRUFBRSxJQUFJLEVBQUUsRUFBRTtvQkFDckQsSUFBSSxHQUFHLEVBQUU7d0JBQ1AsT0FBTyxDQUFDLEtBQUssQ0FBQywwQkFBMEIsRUFBRSxHQUFHLENBQUMsQ0FBQzt3QkFDL0MsTUFBTSxDQUFDLEdBQUcsQ0FBQyxDQUFDO3FCQUNiO3lCQUFNO3dCQUNMLE9BQU8sQ0FBQyxHQUFHLENBQUMsMEJBQTBCLEVBQUUsSUFBSSxDQUFDLENBQUM7d0JBQzlDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztxQkFDWjtnQkFDSCxDQUFDLENBQUMsQ0FBQztZQUNMLENBQUMsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztLQUFBO0lBRUssZUFBZSxDQUFDLFdBQW1COztZQUN2QyxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLENBQUM7WUFFaEQsSUFBSSxTQUFTLENBQUMsS0FBSyxLQUFLLFlBQVksQ0FBQyxRQUFRLEVBQUU7Z0JBQzdDLE1BQU0sSUFBSSxtQkFBbUIsQ0FDM0IsK0NBQStDLENBQ2hELENBQUM7YUFDSDtZQUVELGlFQUFpRTtZQUNqRSx1REFBdUQ7WUFDdkQsaUVBQWlFO1lBQ2pFLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLGtCQUFrQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBRTdELE1BQU0sRUFBRSxPQUFPLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ3RELFdBQVcsRUFDWCxTQUFTLENBQUMsa0JBQWtCLENBQzdCLENBQUM7WUFDRixPQUFPLENBQUMsR0FBRyxDQUFDLE9BQU8sQ0FBQyxDQUFDO1lBRXJCLGdDQUFnQztZQUNoQyxNQUFNLFVBQVUsR0FBRyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFNUMsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBRTVFLE1BQU0sdUJBQXVCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsZUFBZSxDQUMxRSxTQUFTLENBQUMsR0FBRyxFQUNiLFVBQVUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3hCLENBQUM7WUFFRixtQkFBbUI7WUFDbkIsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxpQkFDMUQsUUFBUSxFQUFFLFdBQVcsSUFDbEIsU0FBUyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQ2xDLENBQUM7WUFFSCxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLGdCQUFnQixDQUMxRCxnQkFBZ0IsQ0FBQyxHQUFHLENBQ3JCLENBQUM7WUFFRixpRUFBaUU7WUFDakUsNkJBQTZCO1lBQzdCLGlFQUFpRTtZQUNqRSxNQUFNLFNBQVMsR0FBRyxDQUNoQixNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUMzQixJQUFJLFVBQVUsQ0FBQztnQkFDYixRQUFRLEVBQUUsb0NBQW9DO2dCQUM5QyxTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFLEVBQUU7aUJBQ1Y7YUFDRixDQUFDLEVBQ0Y7Z0JBQ0UsZUFBZSxFQUFFLEtBQUs7YUFDdkIsQ0FDRixDQUNGLENBQUMsNEJBQTRCLENBQUMsU0FBUyxDQUFDO1lBRXpDLE9BQU8sQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUM7WUFFdkIscUJBQXFCO1lBQ3JCLGtFQUFrRTtZQUNsRSxTQUFTLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUNsRCxxQ0FBcUMsQ0FDdEMsQ0FBQztZQUNGLE9BQU8sQ0FBQyxHQUFHLENBQUMsU0FBUyxDQUFDLENBQUM7WUFFdkIsTUFBTSxzQkFBc0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2pFLFdBQVcsRUFDWCxTQUFTLENBQUMsNkJBQTZCLENBQ3hDLENBQUM7WUFDRixNQUFNLGVBQWUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQ3ZELHNCQUFzQixFQUN0QixTQUFTLENBQ1YsQ0FBQztZQUVGLGlFQUFpRTtZQUNqRSx3Q0FBd0M7WUFDeEMsaUVBQWlFO1lBQ2pFLE1BQU0sZUFBZSxHQUFHLENBQ3RCLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQzNCLElBQUksVUFBVSxDQUFDO2dCQUNiLFFBQVEsRUFBRSx5Q0FBeUM7Z0JBQ25ELFNBQVMsRUFBRTtvQkFDVCxLQUFLLEVBQUU7d0JBQ0wsZUFBZSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO3FCQUNqRDtpQkFDRjthQUNGLENBQUMsRUFDRjtnQkFDRSxlQUFlLEVBQUUsS0FBSzthQUN2QixDQUNGLENBQ0YsQ0FBQyxpQ0FBaUMsQ0FBQyxXQUFXLENBQUM7WUFFaEQsaUVBQWlFO1lBQ2pFLDBEQUEwRDtZQUMxRCxpRUFBaUU7WUFDakUsa0VBQWtFO1lBQ2xFLGlFQUFpRTtZQUNqRSw4REFBOEQ7WUFDOUQsbUVBQW1FO1lBQ25FLGlEQUFpRDtZQUVqRCw4REFBOEQ7WUFDOUQsTUFBTSxVQUFVLEdBQUcsSUFBSSxPQUFPLENBQU8sQ0FBQyxPQUFPLEVBQUUsRUFBRTtnQkFDL0MsTUFBTSxRQUFRLEdBQUcsQ0FBTyxJQUFJLEVBQUUsRUFBRTtvQkFDOUIsSUFBSSxJQUFJLENBQUMsT0FBTyxDQUFDLEtBQUssS0FBSyxRQUFRLEVBQUU7d0JBQ25DLE9BQU87cUJBQ1I7b0JBRUQsR0FBRyxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQUM7b0JBRTdCLE9BQU8sQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDO29CQUUxQixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxRQUFRLEVBQUUsY0FBYyxDQUFDLENBQUM7b0JBRTNELHFDQUFxQztvQkFDckMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FDM0IsSUFBSSxVQUFVLENBQUM7d0JBQ2IsUUFBUSxFQUFFLHNDQUFzQzt3QkFDaEQsU0FBUyxFQUFFOzRCQUNULEtBQUssRUFBRTtnQ0FDTCx1QkFBdUI7Z0NBQ3ZCLFdBQVcsRUFBRSxTQUFTLENBQUMsRUFBRTs2QkFDMUI7eUJBQ0Y7cUJBQ0YsQ0FBQyxDQUNILENBQUM7b0JBRUYsT0FBTyxFQUFFLENBQUM7Z0JBQ1osQ0FBQyxDQUFBLENBQUM7Z0JBRUYsR0FBRyxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQUM7WUFDL0IsQ0FBQyxDQUFDLENBQUM7WUFFSCwwRkFBMEY7WUFDMUYsNkJBQTZCO1lBQzdCLElBQUksSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLFFBQVEsRUFBRSxlQUFlLEVBQUU7Z0JBQ3JFLE9BQU8sRUFBRSxNQUFNO2FBQ2hCLENBQUMsQ0FBQztZQUVILElBQUksSUFBSSxDQUFDLGFBQWEsS0FBSyx1QkFBdUIsRUFBRTtnQkFDbEQsTUFBTSxJQUFJLFdBQVcsQ0FBQztvQkFDcEIsT0FBTyxFQUNMLDBIQUEwSDtpQkFDN0gsQ0FBQyxDQUFDO2FBQ0o7WUFFRCwwQkFBMEI7WUFDMUIsK0VBQStFO1lBQy9FLDJCQUEyQjtZQUMzQixJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLElBQUksRUFBRSxjQUFjLEVBQUUsRUFBRSxDQUFDLENBQUM7WUFFckUsT0FBTyxVQUFVLENBQUM7UUFDcEIsQ0FBQztLQUFBO0lBRWEsa0JBQWtCLENBQzlCLFNBQWtDOztZQUVsQyxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7WUFFaEUsTUFBTSxRQUFRLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUNoQyxTQUFTLENBQUMsU0FBUztpQkFDaEIsTUFBTSxDQUFDLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLGdDQUFnQyxDQUFDO2lCQUNqRSxHQUFHLENBQUMsQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUNoQixJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUM1QixHQUFHLEVBQ0gsUUFBUSxDQUFDLGdDQUFnQyxDQUMxQyxDQUNGLENBQ0osQ0FBQztZQUVGLE9BQU8sSUFBSSxDQUFDLGtCQUFrQixDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzlELENBQUM7S0FBQTs7OztZQTVuQkYsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7NENBT0ksTUFBTSxTQUFDLFNBQVM7WUF6Q1osU0FBUztZQVFULGlCQUFpQjtZQXpCakIsVUFBVTtZQUNWLGNBQWM7WUFGZCxlQUFlO1lBaUJmLGVBQWU7WUFRZixXQUFXO1lBRVgsZ0JBQWdCO1lBRWhCLCtCQUErQjtZQUUvQixjQUFjO1lBR2QsaUJBQWlCO1lBQ2pCLGFBQWE7WUFLYixpQ0FBaUMiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJbmplY3QsIEluamVjdGFibGUsIGlzRGV2TW9kZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgQ29nbml0b1VzZXIgfSBmcm9tICdAYXdzLWFtcGxpZnkvYXV0aCc7XG5pbXBvcnQgeyBIdWIgfSBmcm9tICdAYXdzLWFtcGxpZnkvY29yZSc7XG5pbXBvcnQgeyBDb2duaXRvVXNlckF0dHJpYnV0ZSB9IGZyb20gJ2FtYXpvbi1jb2duaXRvLWlkZW50aXR5LWpzJztcbmltcG9ydCB7IE9ic2VydmFibGUsIFJlcGxheVN1YmplY3QgfSBmcm9tICdyeGpzJztcbmltcG9ydCB7IFBhc3NJZHBQYXJhbXMgfSBmcm9tICcuLi9jcnlwdG9ncmFwaHkvY3J5cHRvZ3JhcGh5LnR5cGVzJztcbmltcG9ydCB7IEtleUdyYXBoU2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXktZ3JhcGguc2VydmljZSc7XG5pbXBvcnQgeyBLZXlTZXJ2aWNlIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2tleS5zZXJ2aWNlJztcbmltcG9ydCB7IFByb2ZpbGVTZXJ2aWNlIH0gZnJvbSAnLi4vdXNlcnMvcHJvZmlsZS5zZXJ2aWNlJztcbmltcG9ydCB7IFBhc3N3b3JkQ2hhbmdlU3RhdHVzIH0gZnJvbSAnLi4vdXNlcnMvcHJvZmlsZS50eXBlcyc7XG5pbXBvcnQge1xuICBMckNvbmN1cnJlbnRBY2Nlc3NFeGNlcHRpb24sXG4gIExyQmFkUmVxdWVzdEV4Y2VwdGlvbixcbiAgTHJCYWRTdGF0ZUV4Y2VwdGlvbixcbiAgTHJFeGNlcHRpb24sXG59IGZyb20gJy4uL19jb21tb24vZXhjZXB0aW9ucyc7XG5pbXBvcnQge1xuICBDb2duaXRvQ2hhbGxlbmdlVXNlcixcbiAgQ3VycmVudFVzZXIsXG4gIFRwUGFzc3dvcmRSZXNldFVzZXIsXG4gIExvZ2luUmVzdWx0LFxuICBSZWNvdmVyeVN0YXR1cyxcbn0gZnJvbSAnLi9hdXRoLnR5cGVzJztcbmltcG9ydCB7IFBhc3N3b3JkU2VydmljZSB9IGZyb20gJy4vcGFzc3dvcmQuc2VydmljZSc7XG5pbXBvcnQgeyBBdXRoQ2xhc3MgfSBmcm9tICdAYXdzLWFtcGxpZnkvYXV0aC9saWItZXNtL0F1dGgnO1xuaW1wb3J0IHtcbiAgQ29tcGxldGVUcFBhc3N3b3JkUmVzZXRSZXF1ZXN0TXV0YXRpb24sXG4gIENyZWF0ZVRwQXNzZW1ibHlLZXlDaGFsbGVuZ2VNdXRhdGlvbixcbiAgUHJlQ29tcGxldGVUcFBhc3N3b3JkUmVzZXRSZXF1ZXN0TXV0YXRpb24sXG4gIFRwUGFzc3dvcmRSZXNldFVzZXJRdWVyeSxcbn0gZnJvbSAnLi4vdHJ1c3RlZC1wYXJ0aWVzL3RwLXBhc3N3b3JkLXJlc2V0LmdxbCc7XG5pbXBvcnQgeyBJZGxlU2VydmljZSB9IGZyb20gJy4vaWRsZS5zZXJ2aWNlJztcbmltcG9ydCB7IEtleUZhY3RvcnlTZXJ2aWNlIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2tleS1mYWN0b3J5LnNlcnZpY2UnO1xuaW1wb3J0IHsgTHJHcmFwaFFMU2VydmljZSwgTHJNdXRhdGlvbiB9IGZyb20gJy4uL2FwaS9sci1ncmFwaHFsJztcbmltcG9ydCB7IFRwQ2xhaW1TdGF0ZSwgVHBQYXNzd29yZFJlc2V0VXNlck5vZGUgfSBmcm9tICcuLi9hcGkvdHlwZXMnO1xuaW1wb3J0IHsgVHBQYXNzd29yZFJlc2V0UHJvY2Vzc29yU2VydmljZSB9IGZyb20gJy4uL2FwaS9xdWVyeS1wcm9jZXNzb3IvdHAtcGFzc3dvcmQtcmVzZXQtcHJvY2Vzc29yLnNlcnZpY2UnO1xuaW1wb3J0IHsgU2V0U2Vzc2lvbkVuY3J5cHRpb25LZXlNdXRhdGlvbiB9IGZyb20gJy4vYXV0aC5ncWwnO1xuaW1wb3J0IHsgUGVyc2lzdFNlcnZpY2UgfSBmcm9tICcuLi9hcGkvcGVyc2lzdC5zZXJ2aWNlJztcbmltcG9ydCB7IEpXSyB9IGZyb20gJ25vZGUtam9zZSc7XG5pbXBvcnQgeyBMaWZlUmVhZHlDb25maWcsIExSX0NPTkZJRyB9IGZyb20gJy4uL2xpZmUtcmVhZHkuY29uZmlnJztcbmltcG9ydCB7IEVuY3J5cHRpb25TZXJ2aWNlIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2VuY3J5cHRpb24uc2VydmljZSc7XG5pbXBvcnQgeyBTbGlwMzlTZXJ2aWNlIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L3NsaXAzOS5zZXJ2aWNlJztcbmltcG9ydCB7XG4gIFRQX1BBU1NXT1JEX1JFU0VUX0NMSUVOVF9OT05DRV9MRU5HVEgsXG4gIFRQX1BBU1NXT1JEX1JFU0VUX1VTRVJOQU1FX1NVRkZJWCxcbn0gZnJvbSAnLi4vdHJ1c3RlZC1wYXJ0aWVzL3RwLXBhc3N3b3JkLXJlc2V0LmNvbnN0YW50cyc7XG5pbXBvcnQgeyBUcFBhc3N3b3JkUmVzZXRBc3NlbWJseUNvbnRyb2xsZXIgfSBmcm9tICcuLi90cnVzdGVkLXBhcnRpZXMvdHAtcGFzc3dvcmQtcmVzZXQuY29udHJvbGxlcic7XG5cbmV4cG9ydCBjb25zdCBpbml0aWFsaXNlQXV0aCA9IChhdXRoU2VydmljZTogTGlmZVJlYWR5QXV0aFNlcnZpY2UpID0+IHtcbiAgcmV0dXJuICgpID0+IGF1dGhTZXJ2aWNlLmluaXRpYWxpc2UoKTtcbn07XG5cbmV4cG9ydCBpbnRlcmZhY2UgTG9naW5PcHRpb25zIHtcbiAgdHBQYXNzd29yZFJlc2V0QXV0b0NvbXBsZXRlPzogYm9vbGVhbjtcbn1cblxuQEluamVjdGFibGUoe1xuICBwcm92aWRlZEluOiAncm9vdCcsXG59KVxuZXhwb3J0IGNsYXNzIExpZmVSZWFkeUF1dGhTZXJ2aWNlIHtcbiAgcHJpdmF0ZSBodWJTdWJqZWN0OiBSZXBsYXlTdWJqZWN0PGFueT4gPSBuZXcgUmVwbGF5U3ViamVjdDxhbnk+KDEpO1xuICBwcml2YXRlIGN1cnJlbnRVc2VyOiBDdXJyZW50VXNlcjtcbiAgcHJpdmF0ZSBjdXJyZW50UmVzZXRVc2VyOiBUcFBhc3N3b3JkUmVzZXRVc2VyO1xuXG4gIGNvbnN0cnVjdG9yKFxuICAgIEBJbmplY3QoTFJfQ09ORklHKSBwcml2YXRlIGNvbmZpZzogTGlmZVJlYWR5Q29uZmlnLFxuICAgIHByaXZhdGUgYXV0aDogQXV0aENsYXNzLFxuICAgIHByaXZhdGUga2V5RmFjdG9yeTogS2V5RmFjdG9yeVNlcnZpY2UsXG4gICAgcHJpdmF0ZSBrZXlTZXJ2aWNlOiBLZXlTZXJ2aWNlLFxuICAgIHByaXZhdGUgcHJvZmlsZVNlcnZpY2U6IFByb2ZpbGVTZXJ2aWNlLFxuICAgIHByaXZhdGUga2V5R3JhcGhTZXJ2aWNlOiBLZXlHcmFwaFNlcnZpY2UsXG4gICAgcHJpdmF0ZSBwYXNzd29yZFNlcnZpY2U6IFBhc3N3b3JkU2VydmljZSxcbiAgICBwcml2YXRlIGlkbGVTZXJ2aWNlOiBJZGxlU2VydmljZSxcbiAgICBwcml2YXRlIGxyR3JhcGhRTDogTHJHcmFwaFFMU2VydmljZSxcbiAgICBwcml2YXRlIHRwUGFzc3dvcmRSZXNldFByb2Nlc3NvclNlcnZpY2U6IFRwUGFzc3dvcmRSZXNldFByb2Nlc3NvclNlcnZpY2UsXG4gICAgcHJpdmF0ZSBwZXJzaXN0U2VydmljZTogUGVyc2lzdFNlcnZpY2UsXG4gICAgcHJpdmF0ZSBlbmNyeXB0aW9uU2VydmljZTogRW5jcnlwdGlvblNlcnZpY2UsXG4gICAgcHJpdmF0ZSBzbGlwMzlTZXJ2aWNlOiBTbGlwMzlTZXJ2aWNlLFxuICAgIHByaXZhdGUgYXNzZW1ibHlDb250cm9sbGVyOiBUcFBhc3N3b3JkUmVzZXRBc3NlbWJseUNvbnRyb2xsZXJcbiAgKSB7fVxuXG4gIHB1YmxpYyBhc3luYyBpbml0aWFsaXNlKCkge1xuICAgIEh1Yi5saXN0ZW4oJ2F1dGgnLCAoZGF0YSkgPT4gdGhpcy5odWJTdWJqZWN0Lm5leHQoZGF0YS5wYXlsb2FkKSk7XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGxvZ2luSWRwSW1wbChcbiAgICBlbWFpbE9yUGhvbmU6IHN0cmluZyxcbiAgICBwYXNzd29yZDogc3RyaW5nLFxuICAgIHBhc3NJZHBQYXJhbXM6IFBhc3NJZHBQYXJhbXMsXG4gICAgcmVjb3ZlcnlTdGF0dXM6IFJlY292ZXJ5U3RhdHVzXG4gICk6IFByb21pc2U8Q29nbml0b0NoYWxsZW5nZVVzZXI+IHtcbiAgICBjb25zdCBwYXNzSWRwUmVzdWx0ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmRlcml2ZVBhc3NJZHAoe1xuICAgICAgcGFzc3dvcmQsXG4gICAgICAuLi5wYXNzSWRwUGFyYW1zLFxuICAgIH0pO1xuICAgIC8vIFVzZSB0aGUgZGVyaXZlZCBwYXNzd29yZCB0byBzaWduaW4gd2l0aCBjb2duaXRvXG4gICAgY29uc3QgdXNlciA9IGF3YWl0IHRoaXMuYXV0aC5zaWduSW4oXG4gICAgICBlbWFpbE9yUGhvbmUsXG4gICAgICB0aGlzLnBhc3N3b3JkU2VydmljZS5nZXRQYXNzSWRwU3RyaW5nKHBhc3NJZHBSZXN1bHQuandrKVxuICAgICk7XG5cbiAgICB1c2VyLnJlY292ZXJ5U3RhdHVzID0gcmVjb3ZlcnlTdGF0dXM7XG5cbiAgICByZXR1cm4gdXNlcjtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgbG9naW5JZHAoXG4gICAgZW1haWxPclBob25lOiBzdHJpbmcsXG4gICAgcGFzc3dvcmQ6IHN0cmluZ1xuICApOiBQcm9taXNlPENvZ25pdG9DaGFsbGVuZ2VVc2VyPiB7XG4gICAgLy8gRG93bmxvYWQgdGhlIHNhbHQgbmVlZGVkIHRvIGRlcml2ZSB0aGUgUGFzc0lkcFxuICAgIGNvbnN0IHBhc3NJZHBBcGlSZXN1bHQgPSBhd2FpdCB0aGlzLnByb2ZpbGVTZXJ2aWNlLmdldFBhc3NJZHBQYXJhbXMoXG4gICAgICBlbWFpbE9yUGhvbmVcbiAgICApO1xuXG4gICAgaWYgKFxuICAgICAgcGFzc0lkcEFwaVJlc3VsdC5wYXNzd29yZENoYW5nZVN0YXR1cyA9PT0gUGFzc3dvcmRDaGFuZ2VTdGF0dXMuSW5Qcm9ncmVzc1xuICAgICkge1xuICAgICAgdGhyb3cgbmV3IExyQ29uY3VycmVudEFjY2Vzc0V4Y2VwdGlvbignQSBwYXNzd29yZCBjaGFuZ2UgaXMgaW4gcHJvZ3Jlc3MnKTtcbiAgICB9XG5cbiAgICBpZiAoXG4gICAgICBwYXNzSWRwQXBpUmVzdWx0LnBhc3N3b3JkQ2hhbmdlU3RhdHVzID09PSBQYXNzd29yZENoYW5nZVN0YXR1cy5SZWNvdmVyeVxuICAgICkge1xuICAgICAgY29uc29sZS5sb2coJ0luIHJlY292ZXJ5IG1vZGUuJyk7XG4gICAgICAvLyBMZXQncyBzYXkgd2UgZG9uJ3Qga25vdyBpZiB0aGUgcGFzc3dvcmQgaXMgdGhlIG5ldyBvbmUgb3IgdGhlIG9sZCBvbmUuIFdlIGp1c3QgaGF2ZSB0byB0cnkgYm90aC5cbiAgICAgIHRyeSB7XG4gICAgICAgIGNvbnN0IHVzZXIgPSBhd2FpdCB0aGlzLmxvZ2luSWRwSW1wbChcbiAgICAgICAgICBlbWFpbE9yUGhvbmUsXG4gICAgICAgICAgcGFzc3dvcmQsXG4gICAgICAgICAgcGFzc0lkcEFwaVJlc3VsdC5uZXdQYXNzSWRwUGFyYW1zLFxuICAgICAgICAgIFJlY292ZXJ5U3RhdHVzLk5FV19QQVNTV09SRFxuICAgICAgICApO1xuICAgICAgICAvLyBOZXcgcGFzc3dvcmQgd29ya2VkLiBMZXQncyBzZXQgdG8gdGhlIGN1cnJlbnQgcGFzc3dvcmRcblxuICAgICAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDEtLVxuICAgICAgICAvLyBpZiBjaGFuZ2VQYXNzd29yZENvbXBsZXRlKCkgZG9lc24ndCBnZXQgY2FsbGVkLCB0aGVuIGl0IHNob3VsZCByZW1haW5cblxuICAgICAgICBjb25zb2xlLmxvZygnTmV3IHBhc3N3b3JkIHdvcmtzIScpO1xuXG4gICAgICAgIHJldHVybiB1c2VyO1xuICAgICAgfSBjYXRjaCAoZXJyb3IpIHtcbiAgICAgICAgLy8gSnVzdCBidWJibGUgdXAgYW55IG90aGVyIHR5cGUgb2YgZXJyb3IuXG4gICAgICAgIGlmIChlcnJvci5jb2RlICE9PSAnTm90QXV0aG9yaXplZEV4Y2VwdGlvbicpIHtcbiAgICAgICAgICB0aHJvdyBlcnJvcjtcbiAgICAgICAgfVxuICAgICAgICAvLyBwYXNzLCB0cnkgYWdhaW4gYXNzdW1pbmcgaXQncyB0aGUgb2xkIHBhc3N3b3JkXG4gICAgICB9XG5cbiAgICAgIC8vIE5vdyBhc3N1bWUgaXQncyB0aGUgcHJldmlvdXMgcGFzc3dvcmQuIEFueSBleGNlcHRpb24gaXMgYWxsb3dlZCB0byBidWJibGUgdXAuXG4gICAgICB0cnkge1xuICAgICAgICBjb25zdCB1c2VyID0gYXdhaXQgdGhpcy5sb2dpbklkcEltcGwoXG4gICAgICAgICAgZW1haWxPclBob25lLFxuICAgICAgICAgIHBhc3N3b3JkLFxuICAgICAgICAgIHBhc3NJZHBBcGlSZXN1bHQuY3VycmVudFBhc3NJZHBQYXJhbXMsXG4gICAgICAgICAgUmVjb3ZlcnlTdGF0dXMuT0xEX1BBU1NXT1JEXG4gICAgICAgICk7XG4gICAgICAgIC8vIE9sZCBwYXNzd29yZCB3b3JrZWQuXG4gICAgICAgIGNvbnNvbGUubG9nKCdPbGQgcGFzc3dvcmQgd29ya3MhJyk7XG5cbiAgICAgICAgcmV0dXJuIHVzZXI7XG4gICAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgICAvLyBKdXN0IGJ1YmJsZSB1cCBhbnkgb3RoZXIgdHlwZSBvZiBlcnJvci5cbiAgICAgICAgdGhyb3cgZXJyb3IuY29kZSA9PT0gJ05vdEF1dGhvcml6ZWRFeGNlcHRpb24nXG4gICAgICAgICAgPyBuZXcgTHJCYWRSZXF1ZXN0RXhjZXB0aW9uKFxuICAgICAgICAgICAgICAnVGhlIHBhc3N3b3JkIGNoYW5nZSByZXF1ZXN0IHdhcyBpbnRlcnJ1cHRlZCwgcGxlYXNlIHRyeSB0byBsb2dpbiB3aXRoIGJvdGggeW91ciBuZXcgYW5kIG9sZCBwYXNzd29yZCdcbiAgICAgICAgICAgIClcbiAgICAgICAgICA6IGVycm9yO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIFRyeSBhZ2FpbnN0IGFzIHRoZSBUUCBwYXNzd29yZCByZXNldCBhY2NvdW50XG4gICAgaWYgKHBhc3NJZHBBcGlSZXN1bHQudHBQYXNzd29yZFJlc2V0KSB7XG4gICAgICB0cnkge1xuICAgICAgICAvLyBUUCBwYXNzd29yZCByZXNldCBpcyBpbiBwcm9jZXNzLiBXZSBuZWVkIHRvIHRyeSB0aGUgcGFzc3dvcmQgYWdhaW5zdCBib3RoXG4gICAgICAgIC8vIG9yaWdpbmFsIGFjY291bnQgYW5kIHRoZSBuZXcgcmVzZXQgYWNjb3VudC5cbiAgICAgICAgY29uc3QgcmVzZXQgPSBwYXNzSWRwQXBpUmVzdWx0LnRwUGFzc3dvcmRSZXNldDtcbiAgICAgICAgY29uc3QgcmV0ID0gYXdhaXQgdGhpcy5sb2dpbklkcEltcGwoXG4gICAgICAgICAgcmVzZXQucmVzZXRVc2VybmFtZSxcbiAgICAgICAgICBwYXNzd29yZCxcbiAgICAgICAgICByZXNldC5wYXNzSWRwUGFyYW1zLFxuICAgICAgICAgIFJlY292ZXJ5U3RhdHVzLk5PTkVcbiAgICAgICAgKTtcbiAgICAgICAgcmV0LmlzVHBQYXNzd29yZFJlc2V0VXNlciA9IHRydWU7XG5cbiAgICAgICAgcmV0dXJuIHJldDtcbiAgICAgIH0gY2F0Y2ggKGVycikge1xuICAgICAgICAvLyBjb250aW51ZSwgdHJ5IGFnYWluIGFzIHJlZ3VsYXIgdXNlci5cbiAgICAgIH1cbiAgICB9XG5cbiAgICAvLyBMb2dpbiBhcyByZWd1bGFyIHVzZXJcbiAgICByZXR1cm4gYXdhaXQgdGhpcy5sb2dpbklkcEltcGwoXG4gICAgICBlbWFpbE9yUGhvbmUsXG4gICAgICBwYXNzd29yZCxcbiAgICAgIHBhc3NJZHBBcGlSZXN1bHQuY3VycmVudFBhc3NJZHBQYXJhbXMsXG4gICAgICBSZWNvdmVyeVN0YXR1cy5OT05FXG4gICAgKTtcbiAgfVxuXG4gIHByb3RlY3RlZCBhc3luYyBoYW5kbGVTZXNzaW9uRW5jcnlwdGlvbktleSgpIHtcbiAgICBpZiAodGhpcy5jb25maWcuZGlzYWJsZVNlc3Npb25FbmNyeXB0aW9uS2V5KSB7XG4gICAgICBpZiAoIWlzRGV2TW9kZSgpKSB7XG4gICAgICAgIGNvbnN0IG1zZyA9XG4gICAgICAgICAgJ1lvdSBzaG91bGQgbm90IHNldCBkaXNhYmxlU2Vzc2lvbkVuY3J5cHRpb25LZXk9VHJ1ZSBpbiBtb2RlIHByb2QuIEl0IGRlZmF1bHRzIHRvIGZhbHNlLic7XG4gICAgICAgIGNvbnNvbGUuZXJyb3IobXNnKTtcbiAgICAgICAgdGhyb3cgbmV3IEVycm9yKG1zZyk7XG4gICAgICB9IGVsc2Uge1xuICAgICAgICBjb25zb2xlLndhcm4oXG4gICAgICAgICAgJ1lvdSBoYXZlIHNldCBkaXNhYmxlU2Vzc2lvbkVuY3J5cHRpb25LZXk9VHJ1ZS4gTWFrZSBzdXJlIG5vdCB0byBkbyB0aGlzIGluIHByb2QgbW9kZS4nXG4gICAgICAgICk7XG4gICAgICB9XG4gICAgfSBlbHNlIHtcbiAgICAgIC8vIFNldCB0aGUgc2Vzc2lvbiBrZXkgdG8gYSBuZXcgZW5jcnlwdGlvbiBrZXkgZm9yIHRoaXMgc2Vzc2lvblxuICAgICAgY29uc3Qgc2Vzc2lvbkVuY3J5cHRpb25LZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG4gICAgICBhd2FpdCB0aGlzLmxyR3JhcGhRTC5sck11dGF0ZShcbiAgICAgICAgbmV3IExyTXV0YXRpb24oe1xuICAgICAgICAgIG11dGF0aW9uOiBTZXRTZXNzaW9uRW5jcnlwdGlvbktleU11dGF0aW9uLFxuICAgICAgICAgIHZhcmlhYmxlczoge1xuICAgICAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICAgICAgc2Vzc2lvbkVuY3J5cHRpb25LZXk6IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgICAgICAgIHNlc3Npb25FbmNyeXB0aW9uS2V5LnRvSlNPTih0cnVlKVxuICAgICAgICAgICAgICApLFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICB9LFxuICAgICAgICB9KSxcbiAgICAgICAge1xuICAgICAgICAgIGluY2x1ZGVLZXlHcmFwaDogZmFsc2UsXG4gICAgICAgIH1cbiAgICAgICk7XG5cbiAgICAgIHRoaXMucGVyc2lzdFNlcnZpY2Uuc2V0U2VydmVyU2Vzc2lvbkVuY3J5cHRpb25LZXkoc2Vzc2lvbkVuY3J5cHRpb25LZXkpO1xuICAgIH1cbiAgfVxuXG4gIHByb3RlY3RlZCBhc3luYyBoYW5kbGVQb3N0QXV0aChjb2duaXRvVXNlcjogQ29nbml0b0NoYWxsZW5nZVVzZXIpIHtcbiAgICBhd2FpdCB0aGlzLmhhbmRsZVBhc3N3b3JkUmVjb3ZlcnkoY29nbml0b1VzZXIpO1xuICAgIGF3YWl0IHRoaXMuaGFuZGxlU2Vzc2lvbkVuY3J5cHRpb25LZXkoKTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBsb2dpbihcbiAgICBlbWFpbE9yUGhvbmU6IHN0cmluZyxcbiAgICBwYXNzd29yZDogc3RyaW5nLFxuICAgIHsgdHBQYXNzd29yZFJlc2V0QXV0b0NvbXBsZXRlID0gdHJ1ZSB9OiBMb2dpbk9wdGlvbnMgPSB7fVxuICApIHtcbiAgICBsZXQgbG9naW5SZXN1bHQgPSBhd2FpdCB0aGlzLmxvZ2luSW1wbChlbWFpbE9yUGhvbmUsIHBhc3N3b3JkKTtcblxuICAgIGlmIChcbiAgICAgIHRwUGFzc3dvcmRSZXNldEF1dG9Db21wbGV0ZSAmJlxuICAgICAgbG9naW5SZXN1bHQucmVzZXRVc2VyPy5zdGF0ZSA9PT0gVHBDbGFpbVN0YXRlLkFQUFJPVkVEXG4gICAgKSB7XG4gICAgICBhd2FpdCB0aGlzLmNvbXBsZXRlUmVxdWVzdChwYXNzd29yZCk7XG4gICAgICBsb2dpblJlc3VsdCA9IGF3YWl0IHRoaXMubG9naW5JbXBsKGVtYWlsT3JQaG9uZSwgcGFzc3dvcmQpO1xuICAgIH1cblxuICAgIHJldHVybiBsb2dpblJlc3VsdDtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBsb2dpbkltcGwoXG4gICAgZW1haWxPclBob25lOiBzdHJpbmcsXG4gICAgcGFzc3dvcmQ6IHN0cmluZ1xuICApOiBQcm9taXNlPExvZ2luUmVzdWx0PiB7XG4gICAgYXdhaXQgdGhpcy5sb2dvdXQoKTtcbiAgICBjb25zdCBjb2duaXRvVXNlciA9IGF3YWl0IHRoaXMubG9naW5JZHAoZW1haWxPclBob25lLCBwYXNzd29yZCk7XG5cbiAgICAvLyB0b2RvOiBNZWV0IE1GQSBjaGFsbGVuZ2VzLlxuICAgIGlmIChbJ1NNU19NRkEnLCAnU09GVFdBUkVfVE9LRU5fTUZBJ10uaW5jbHVkZXMoY29nbml0b1VzZXIuY2hhbGxlbmdlTmFtZSkpIHtcbiAgICAgIHJldHVybiB7IGhhc0NoYWxsZW5nZTogdHJ1ZSwgY2hhbGxlbmdlOiBjb2duaXRvVXNlciB9O1xuICAgIH1cblxuICAgIGF3YWl0IHRoaXMuaGFuZGxlUG9zdEF1dGgoY29nbml0b1VzZXIpO1xuXG4gICAgaWYgKGNvZ25pdG9Vc2VyLmlzVHBQYXNzd29yZFJlc2V0VXNlcikge1xuICAgICAgLy8gQXNzdW1pbmcgdGhlcmUgaXMgbm8gTUZBIG9uIHRoZSBUUCByZXNldCB1c2VyLlxuICAgICAgY29uc3QgcmVzZXRVc2VyID0gYXdhaXQgdGhpcy5sb2FkUmVzZXRVc2VyKHBhc3N3b3JkKTtcbiAgICAgIHJldHVybiB7IGhhc0NoYWxsZW5nZTogZmFsc2UsIHJlc2V0VXNlciB9O1xuICAgIH0gZWxzZSB7XG4gICAgICBjb25zdCB1c2VyID0gYXdhaXQgdGhpcy5sb2FkVXNlcihjb2duaXRvVXNlciwgcGFzc3dvcmQpO1xuICAgICAgYXdhaXQgdGhpcy5pZGxlU2VydmljZS5zdGFydCgpOyAvLyBSdW4gaWRsZVNlcnZpY2Ugd2hlbmV2ZXIgdXNlciBpcyBsb2dnZWQgaW4uXG4gICAgICByZXR1cm4geyBoYXNDaGFsbGVuZ2U6IGZhbHNlLCB1c2VyIH07XG4gICAgfVxuICB9XG5cbiAgLy8gVE9ETyA8QVo+IFdlIG5lZWQgdG8gaGFuZGxlIHRoZSBpc1RwUGFzc3dvcmRSZXNldFVzZXI9VHJ1ZSBjYXNlIGhlcmUgYWZ0ZXIgTUZBIGFzIHdlbGwuXG4gIHB1YmxpYyBhc3luYyB2ZXJpZnlMb2dpbihcbiAgICBjaGFsbGVuZ2U6IENvZ25pdG9DaGFsbGVuZ2VVc2VyLFxuICAgIHBhc3N3b3JkOiBzdHJpbmcsXG4gICAgcmVtZW1iZXJNZTogYm9vbGVhbixcbiAgICBjb2RlOiBzdHJpbmdcbiAgKTogUHJvbWlzZTxDdXJyZW50VXNlcj4ge1xuICAgIGF3YWl0IHRoaXMuYXV0aC5jb25maXJtU2lnbkluKGNoYWxsZW5nZSwgY29kZSwgY2hhbGxlbmdlLmNoYWxsZW5nZU5hbWUpO1xuXG4gICAgLy8gVE9ETzogdGhpcy5hdXRoLmNvbmZpcm1TaWduSW4oKSBjb3VsZCByZXR1cm4gYW5vdGhlciBjaGFsbGVuZ2UuXG5cbiAgICBjb25zdCBjb2duaXRvVXNlcjogQ29nbml0b1VzZXIgPSBhd2FpdCB0aGlzLmF1dGguY3VycmVudEF1dGhlbnRpY2F0ZWRVc2VyKCk7XG5cbiAgICBhd2FpdCB0aGlzLmhhbmRsZVBvc3RBdXRoKGNoYWxsZW5nZSk7XG5cbiAgICBjb25zdCB1c2VyID0gYXdhaXQgdGhpcy5sb2FkVXNlcihjb2duaXRvVXNlciwgcGFzc3dvcmQpO1xuXG4gICAgaWYgKHJlbWVtYmVyTWUpIHtcbiAgICAgIGNvZ25pdG9Vc2VyLnNldERldmljZVN0YXR1c1JlbWVtYmVyZWQoe1xuICAgICAgICBvblN1Y2Nlc3M6ICgpID0+IHt9LFxuICAgICAgICBvbkZhaWx1cmU6IChlKSA9PiBjb25zb2xlLmVycm9yKGUpLFxuICAgICAgfSk7XG4gICAgfVxuXG4gICAgcmV0dXJuIHVzZXI7XG4gIH1cblxuICBhc3luYyBoYW5kbGVQYXNzd29yZFJlY292ZXJ5KHVzZXI6IENvZ25pdG9DaGFsbGVuZ2VVc2VyKSB7XG4gICAgaWYgKHVzZXIucmVjb3ZlcnlTdGF0dXMgIT09IFJlY292ZXJ5U3RhdHVzLk5PTkUpIHtcbiAgICAgIGNvbnN0IGp3dFRva2VuID0gdXNlclxuICAgICAgICAuZ2V0U2lnbkluVXNlclNlc3Npb24oKVxuICAgICAgICAuZ2V0QWNjZXNzVG9rZW4oKVxuICAgICAgICAuZ2V0Snd0VG9rZW4oKTtcbiAgICAgIGF3YWl0IHRoaXMucGFzc3dvcmRTZXJ2aWNlLmNoYW5nZVBhc3N3b3JkQ29tcGxldGUoXG4gICAgICAgIGp3dFRva2VuLFxuICAgICAgICB1c2VyLnJlY292ZXJ5U3RhdHVzID09PSBSZWNvdmVyeVN0YXR1cy5ORVdfUEFTU1dPUkRcbiAgICAgICk7XG4gICAgfVxuICB9XG5cbiAgYXN5bmMgZ2V0VXNlck9yUmVzZXRVc2VyKFxuICAgIHJlbG9hZDogYm9vbGVhbiA9IGZhbHNlXG4gICk6IFByb21pc2U8Q3VycmVudFVzZXIgfCBUcFBhc3N3b3JkUmVzZXRVc2VyPiB7XG4gICAgY29uc3QgY29nbml0b1VzZXIgPSBhd2FpdCB0aGlzLmF1dGguY3VycmVudEF1dGhlbnRpY2F0ZWRVc2VyKCk7XG5cbiAgICBpZiAoY29nbml0b1VzZXIuZ2V0VXNlcm5hbWUoKS5lbmRzV2l0aChUUF9QQVNTV09SRF9SRVNFVF9VU0VSTkFNRV9TVUZGSVgpKSB7XG4gICAgICByZXR1cm4gdGhpcy5nZXRSZXNldFVzZXIocmVsb2FkKTtcbiAgICB9IGVsc2Uge1xuICAgICAgcmV0dXJuIHRoaXMuZ2V0VXNlcihyZWxvYWQpO1xuICAgIH1cbiAgfVxuXG4gIGFzeW5jIGdldFJlc2V0VXNlcihyZWxvYWQ6IGJvb2xlYW4gPSBmYWxzZSk6IFByb21pc2U8VHBQYXNzd29yZFJlc2V0VXNlcj4ge1xuICAgIGlmICghcmVsb2FkICYmIHRoaXMuY3VycmVudFJlc2V0VXNlcikge1xuICAgICAgcmV0dXJuIHRoaXMuY3VycmVudFJlc2V0VXNlcjtcbiAgICB9XG5cbiAgICB0aGlzLmN1cnJlbnRSZXNldFVzZXIgPSBhd2FpdCB0aGlzLmxvYWRSZXNldFVzZXIoKTtcblxuICAgIGF3YWl0IHRoaXMuaWRsZVNlcnZpY2Uuc3RhcnQoKTsgLy8gUnVuIGlkbGVTZXJ2aWNlIHdoZW5ldmVyIHVzZXIgaXMgbG9nZ2VkIGluLlxuXG4gICAgcmV0dXJuIHRoaXMuY3VycmVudFJlc2V0VXNlcjtcbiAgfVxuXG4gIGFzeW5jIGdldFVzZXIocmVsb2FkOiBib29sZWFuID0gZmFsc2UpOiBQcm9taXNlPEN1cnJlbnRVc2VyPiB7XG4gICAgaWYgKCFyZWxvYWQgJiYgdGhpcy5jdXJyZW50VXNlcikge1xuICAgICAgcmV0dXJuIHRoaXMuY3VycmVudFVzZXI7XG4gICAgfVxuICAgIHRoaXMuY3VycmVudFVzZXIgPSBhd2FpdCB0aGlzLmxvYWRVc2VyKFxuICAgICAgYXdhaXQgdGhpcy5hdXRoLmN1cnJlbnRBdXRoZW50aWNhdGVkVXNlcigpXG4gICAgKTtcbiAgICBjb25zb2xlLmxvZygnU3RhcnRpbmcgaWRsZSBzZXJ2aWNlLicpO1xuICAgIGF3YWl0IHRoaXMuaWRsZVNlcnZpY2Uuc3RhcnQoKTsgLy8gUnVuIGlkbGVTZXJ2aWNlIHdoZW5ldmVyIHVzZXIgaXMgbG9nZ2VkIGluLlxuICAgIHJldHVybiB0aGlzLmN1cnJlbnRVc2VyO1xuICB9XG5cbiAgcHJpdmF0ZSBtYXBUUFZhdWx0QWNjZXNzKGZlYXR1cmVzPzogYW55KTogYm9vbGVhbiB7XG4gICAgY29uc3QgdHBWYXVsdEZlYXR1cmUgPSBmZWF0dXJlcz8udHBWYXVsdDtcbiAgICByZXR1cm4gKFxuICAgICAgdHBWYXVsdEZlYXR1cmU/Lmxlbmd0aCA+IDAgJiZcbiAgICAgIHRwVmF1bHRGZWF0dXJlLnNvbWUoKGZlYXR1cmUpID0+IGZlYXR1cmUudG9VcHBlckNhc2UoKSA9PT0gJ0FDQ0VTUycpXG4gICAgKTtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgbG9hZFVzZXIoXG4gICAgY29nbml0b1VzZXI6IENvZ25pdG9Vc2VyLFxuICAgIHBhc3N3b3JkPzogc3RyaW5nXG4gICk6IFByb21pc2U8Q3VycmVudFVzZXI+IHtcbiAgICBjb25zdCB7XG4gICAgICBjdXJyZW50VXNlcixcbiAgICAgIGNvbnRhY3RDYXJkLFxuICAgICAgdXNlclBsYW5zLFxuICAgIH0gPSBhd2FpdCB0aGlzLnByb2ZpbGVTZXJ2aWNlLmdldEN1cnJlbnRVc2VyKCk7XG5cbiAgICBpZiAoY3VycmVudFVzZXIuc2Vzc2lvbkVuY3J5cHRpb25LZXkpIHtcbiAgICAgIHRoaXMucGVyc2lzdFNlcnZpY2Uuc2V0U2VydmVyU2Vzc2lvbkVuY3J5cHRpb25LZXkoXG4gICAgICAgIGF3YWl0IEpXSy5hc0tleShjdXJyZW50VXNlci5zZXNzaW9uRW5jcnlwdGlvbktleSlcbiAgICAgICk7XG4gICAgfVxuXG4gICAgY29uc3QgdXNlckF0dHJpYnV0ZXMgPSBhd2FpdCB0aGlzLmF1dGgudXNlckF0dHJpYnV0ZXMoY29nbml0b1VzZXIpO1xuXG4gICAgaWYgKHBhc3N3b3JkKSB7XG4gICAgICBjb25zdCBwYXNzS2V5ID0gKFxuICAgICAgICBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlUGFzc0tleSh7XG4gICAgICAgICAgcGFzc3dvcmQsXG4gICAgICAgICAgLi4uY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkucGFzc0tleS5wYXNzS2V5UGFyYW1zLFxuICAgICAgICB9KVxuICAgICAgKS5qd2s7XG5cbiAgICAgIGF3YWl0IHRoaXMuaWRsZVNlcnZpY2UucGVyc2lzdE1hc3RlcktleShcbiAgICAgICAgYXdhaXQgdGhpcy5rZXlHcmFwaFNlcnZpY2UudW53cmFwV2l0aFBhc3NLZXkoXG4gICAgICAgICAgY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkucGFzc0tleS5pZCxcbiAgICAgICAgICBwYXNzS2V5LFxuICAgICAgICAgIGN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5Lm1hc3RlcktleS5pZFxuICAgICAgICApXG4gICAgICApO1xuICAgIH1cbiAgICBhd2FpdCB0aGlzLmtleUdyYXBoU2VydmljZS5wb3B1bGF0ZUtleXMoY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkpO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIGlkOiBjdXJyZW50VXNlci5pZCxcbiAgICAgIHN1YjogdGhpcy5nZXRVc2VyQXR0cmlidXRlKCdzdWInLCB1c2VyQXR0cmlidXRlcyksXG4gICAgICB1c2VybmFtZTogY3VycmVudFVzZXIudXNlcm5hbWUsXG4gICAgICBjdXJyZW50VXNlcktleTogY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXksXG4gICAgICBnZXRBY2Nlc3NKd3RUb2tlbjogKCkgPT5cbiAgICAgICAgY29nbml0b1VzZXIuZ2V0U2lnbkluVXNlclNlc3Npb24oKS5nZXRBY2Nlc3NUb2tlbigpLmdldEp3dFRva2VuKCksXG4gICAgICBlbWFpbDogdGhpcy5nZXRVc2VyQXR0cmlidXRlKCdlbWFpbCcsIHVzZXJBdHRyaWJ1dGVzKSxcbiAgICAgIGVtYWlsVmVyaWZpZWQ6XG4gICAgICAgIHRoaXMuZ2V0VXNlckF0dHJpYnV0ZSgnZW1haWxfdmVyaWZpZWQnLCB1c2VyQXR0cmlidXRlcykgPT09ICd0cnVlJyxcbiAgICAgIHBob25lOiB0aGlzLmdldFVzZXJBdHRyaWJ1dGUoJ3Bob25lX251bWJlcicsIHVzZXJBdHRyaWJ1dGVzKSxcbiAgICAgIHBob25lVmVyaWZpZWQ6XG4gICAgICAgIHRoaXMuZ2V0VXNlckF0dHJpYnV0ZSgncGhvbmVfbnVtYmVyX3ZlcmlmaWVkJywgdXNlckF0dHJpYnV0ZXMpID09PVxuICAgICAgICAndHJ1ZScsXG4gICAgICBjb250YWN0Q2FyZDoge1xuICAgICAgICAuLi4oYXdhaXQgdGhpcy5wcm9maWxlU2VydmljZS5kZWNyeXB0Q29udGFjdENhcmQoY29udGFjdENhcmQpKSxcbiAgICAgIH0sXG4gICAgICB1c2VyRGVsZXRlOiBjdXJyZW50VXNlci51c2VyRGVsZXRlLFxuICAgICAgdXNlclBsYW5zLFxuICAgICAgaGFzVFBWYXVsdEFjY2VzczogdGhpcy5tYXBUUFZhdWx0QWNjZXNzKGN1cnJlbnRVc2VyLmZlYXR1cmVzKSxcbiAgICAgIGZlYXR1cmVzOiBjdXJyZW50VXNlci5mZWF0dXJlcyxcbiAgICAgIHNlc3Npb25FbmNyeXB0aW9uS2V5OiBjdXJyZW50VXNlci5zZXNzaW9uRW5jcnlwdGlvbktleSxcbiAgICB9O1xuICB9XG5cbiAgcHVibGljIHdhdGNoQXV0aCgpOiBPYnNlcnZhYmxlPGFueT4ge1xuICAgIHJldHVybiB0aGlzLmh1YlN1YmplY3Q7XG4gIH1cblxuICBwdWJsaWMgYXN5bmMgbG9nb3V0KCk6IFByb21pc2U8dm9pZD4ge1xuICAgIHRoaXMuY3VycmVudFVzZXIgPSBudWxsO1xuICAgIHRoaXMua2V5U2VydmljZS5wdXJnZUtleXMoKTtcbiAgICB0aGlzLmtleUdyYXBoU2VydmljZS5wdXJnZUtleXMoKTtcblxuICAgIGF3YWl0IFByb21pc2UuYWxsKFt0aGlzLmF1dGguc2lnbk91dCgpLCB0aGlzLnByb2ZpbGVTZXJ2aWNlLnNpZ25PdXQoKV0pO1xuICB9XG5cbiAgcHJpdmF0ZSBnZXRVc2VyQXR0cmlidXRlKFxuICAgIGF0dHJpYnV0ZU5hbWU6IHN0cmluZyxcbiAgICB1c2VyQXR0cmlidXRlczogQ29nbml0b1VzZXJBdHRyaWJ1dGVbXVxuICApIHtcbiAgICBjb25zdCB1c2VyQXR0cmlidXRlID0gdXNlckF0dHJpYnV0ZXMuZmluZChcbiAgICAgICh4KSA9PiB4LmdldE5hbWUoKSA9PT0gYXR0cmlidXRlTmFtZVxuICAgICk7XG5cbiAgICByZXR1cm4gdXNlckF0dHJpYnV0ZSA/IHVzZXJBdHRyaWJ1dGUuZ2V0VmFsdWUoKSA6IG51bGw7XG4gIH1cblxuICBwdWJsaWMgYXN5bmMgbG9hZFJlc2V0VXNlcihwYXNzd29yZD86IHN0cmluZyk6IFByb21pc2U8VHBQYXNzd29yZFJlc2V0VXNlcj4ge1xuICAgIGNvbnN0IHsgdHBQYXNzd29yZFJlc2V0VXNlcjogcmVzZXRVc2VyIH0gPSBhd2FpdCB0aGlzLmxyR3JhcGhRTC5xdWVyeSh7XG4gICAgICBxdWVyeTogVHBQYXNzd29yZFJlc2V0VXNlclF1ZXJ5LFxuICAgIH0pO1xuXG4gICAgaWYgKHJlc2V0VXNlci5zZXNzaW9uRW5jcnlwdGlvbktleSkge1xuICAgICAgdGhpcy5wZXJzaXN0U2VydmljZS5zZXRTZXJ2ZXJTZXNzaW9uRW5jcnlwdGlvbktleShcbiAgICAgICAgYXdhaXQgSldLLmFzS2V5KHJlc2V0VXNlci5zZXNzaW9uRW5jcnlwdGlvbktleSlcbiAgICAgICk7XG4gICAgfVxuXG4gICAgLy8gVXBkYXRlIHRoZSBrZXlzXG4gICAgaWYgKHBhc3N3b3JkKSB7XG4gICAgICBjb25zdCBwYXNzS2V5ID0gKFxuICAgICAgICBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlUGFzc0tleSh7XG4gICAgICAgICAgcGFzc3dvcmQsXG4gICAgICAgICAgLi4ucmVzZXRVc2VyLnBhc3NLZXkucGFzc0tleVBhcmFtcyxcbiAgICAgICAgfSlcbiAgICAgICkuandrO1xuXG4gICAgICBhd2FpdCB0aGlzLmlkbGVTZXJ2aWNlLnBlcnNpc3RNYXN0ZXJLZXkoXG4gICAgICAgIGF3YWl0IHRoaXMua2V5R3JhcGhTZXJ2aWNlLnVud3JhcFdpdGhQYXNzS2V5KFxuICAgICAgICAgIHJlc2V0VXNlci5wYXNzS2V5LmlkLFxuICAgICAgICAgIHBhc3NLZXksXG4gICAgICAgICAgcmVzZXRVc2VyLm1hc3RlcktleS5pZFxuICAgICAgICApXG4gICAgICApO1xuICAgIH1cblxuICAgIHRoaXMua2V5U2VydmljZS5wb3B1bGF0ZUtleXMoe1xuICAgICAgcGFzc0tleToge1xuICAgICAgICBpZDogcmVzZXRVc2VyLnBhc3NLZXkuaWQsXG4gICAgICB9LFxuICAgICAgbWFzdGVyS2V5OiB7XG4gICAgICAgIGlkOiByZXNldFVzZXIubWFzdGVyS2V5LmlkLFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIGNvbnN0IHVzZXJBdHRyaWJ1dGVzID0gYXdhaXQgdGhpcy5hdXRoLnVzZXJBdHRyaWJ1dGVzKFxuICAgICAgYXdhaXQgdGhpcy5hdXRoLmN1cnJlbnRBdXRoZW50aWNhdGVkVXNlcigpXG4gICAgKTtcbiAgICBjb25zdCBzdWIgPSB0aGlzLmdldFVzZXJBdHRyaWJ1dGUoJ3N1YicsIHVzZXJBdHRyaWJ1dGVzKTtcblxuICAgIHJldHVybiB7XG4gICAgICAuLi4oYXdhaXQgdGhpcy50cFBhc3N3b3JkUmVzZXRQcm9jZXNzb3JTZXJ2aWNlLnByb2Nlc3NUcFBhc3N3b3JkUmVzZXRVc2VyTm9kZShcbiAgICAgICAgcmVzZXRVc2VyXG4gICAgICApKSxcbiAgICAgIHN1YixcbiAgICB9O1xuICB9XG5cbiAgcHVibGljIGFzeW5jIHJlZnJlc2hBY2Nlc3NUb2tlbigpIHtcbiAgICBjb25zdCBjb2duaXRvVXNlcjogQ29nbml0b1VzZXIgPSBhd2FpdCB0aGlzLmF1dGguY3VycmVudEF1dGhlbnRpY2F0ZWRVc2VyKCk7XG4gICAgY29uc3QgcmVmcmVzaFRva2VuID0gY29nbml0b1VzZXIuZ2V0U2lnbkluVXNlclNlc3Npb24oKS5nZXRSZWZyZXNoVG9rZW4oKTtcblxuICAgIHJldHVybiBuZXcgUHJvbWlzZSgocmVzb2x2ZSwgcmVqZWN0KSA9PiB7XG4gICAgICBjb2duaXRvVXNlci5yZWZyZXNoU2Vzc2lvbihyZWZyZXNoVG9rZW4sIChlcnIsIGRhdGEpID0+IHtcbiAgICAgICAgaWYgKGVycikge1xuICAgICAgICAgIGNvbnNvbGUuZXJyb3IoJ0Vycm9yIHJlZnJlc2hpbmcgdG9rZW46ICcsIGVycik7XG4gICAgICAgICAgcmVqZWN0KGVycik7XG4gICAgICAgIH0gZWxzZSB7XG4gICAgICAgICAgY29uc29sZS5sb2coJ1Rva2VuIHJlZnJlc2ggY29tcGxldGU6ICcsIGRhdGEpO1xuICAgICAgICAgIHJlc29sdmUoMCk7XG4gICAgICAgIH1cbiAgICAgIH0pO1xuICAgIH0pO1xuICB9XG5cbiAgYXN5bmMgY29tcGxldGVSZXF1ZXN0KG5ld1Bhc3N3b3JkOiBzdHJpbmcpOiBQcm9taXNlPHZvaWQ+IHtcbiAgICBjb25zdCByZXNldFVzZXIgPSBhd2FpdCB0aGlzLmdldFJlc2V0VXNlcih0cnVlKTtcblxuICAgIGlmIChyZXNldFVzZXIuc3RhdGUgIT09IFRwQ2xhaW1TdGF0ZS5BUFBST1ZFRCkge1xuICAgICAgdGhyb3cgbmV3IExyQmFkU3RhdGVFeGNlcHRpb24oXG4gICAgICAgICdQYXNzd29yZCByZXNldCByZXF1ZXN0IGhhcyBub3QgYmVlbiBhcHByb3ZlZC4nXG4gICAgICApO1xuICAgIH1cblxuICAgIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4gICAgLy8gUHJlcGFyZSBhbGwgbWF0ZXJpYWxzIHRvIGVuc3VyZSB0aGVyZSBhcmUgbm8gZXJyb3JzLlxuICAgIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4gICAgY29uc3QgYXNzZW1ibHlLZXkgPSBhd2FpdCB0aGlzLnJlY292ZXJBc3NlbWJseUtleShyZXNldFVzZXIpO1xuXG4gICAgY29uc3QgeyByb290S2V5IH0gPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXG4gICAgICBhc3NlbWJseUtleSxcbiAgICAgIHJlc2V0VXNlci5hc3NlbWJseUNpcGhlckRhdGFcbiAgICApO1xuICAgIGNvbnNvbGUubG9nKHJvb3RLZXkpO1xuXG4gICAgLy8gTWFraW5nIHN1cmUgaXQncyBhIHZhbGlkIGtleS5cbiAgICBjb25zdCByb290S2V5SndrID0gYXdhaXQgSldLLmFzS2V5KHJvb3RLZXkpO1xuXG4gICAgY29uc3QgbWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5rZXlHcmFwaFNlcnZpY2UuZ2V0S2V5KHJlc2V0VXNlci5tYXN0ZXJLZXkuaWQpO1xuXG4gICAgY29uc3QgbWFzdGVyS2V5V3JhcHBlZFJvb3RLZXkgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHRUb1N0cmluZyhcbiAgICAgIG1hc3RlcktleS5qd2ssXG4gICAgICByb290S2V5SndrLnRvSlNPTih0cnVlKVxuICAgICk7XG5cbiAgICAvLyBUaGUgbmV3IHBhc3N3b3JkXG4gICAgY29uc3QgbmV3UGFzc0lkcFJlc3VsdCA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5kZXJpdmVQYXNzSWRwKHtcbiAgICAgIHBhc3N3b3JkOiBuZXdQYXNzd29yZCxcbiAgICAgIC4uLnJlc2V0VXNlci5wYXNzS2V5LnBhc3NJZHBQYXJhbXMsXG4gICAgfSk7XG5cbiAgICBjb25zdCBuZXdJZHBQYXNzd29yZCA9IHRoaXMucGFzc3dvcmRTZXJ2aWNlLmdldFBhc3NJZHBTdHJpbmcoXG4gICAgICBuZXdQYXNzSWRwUmVzdWx0Lmp3a1xuICAgICk7XG5cbiAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAgIC8vIEdldCBhc3NlbWJseSBrZXkgY2hhbGxlbmdlXG4gICAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgICBjb25zdCBjaGFsbGVuZ2UgPSAoXG4gICAgICBhd2FpdCB0aGlzLmxyR3JhcGhRTC5sck11dGF0ZShcbiAgICAgICAgbmV3IExyTXV0YXRpb24oe1xuICAgICAgICAgIG11dGF0aW9uOiBDcmVhdGVUcEFzc2VtYmx5S2V5Q2hhbGxlbmdlTXV0YXRpb24sXG4gICAgICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgICAgICBpbnB1dDoge30sXG4gICAgICAgICAgfSxcbiAgICAgICAgfSksXG4gICAgICAgIHtcbiAgICAgICAgICBpbmNsdWRlS2V5R3JhcGg6IGZhbHNlLFxuICAgICAgICB9XG4gICAgICApXG4gICAgKS5jcmVhdGVUcEFzc2VtYmx5S2V5Q2hhbGxlbmdlLmNoYWxsZW5nZTtcblxuICAgIGNvbnNvbGUubG9nKGNoYWxsZW5nZSk7XG5cbiAgICAvLyBTaWduIHRoZSBjaGFsbGVuZ2VcbiAgICAvLyBHZW5lcmF0ZSBhIGNsaWVudCBzaWRlIG5vbmNlIHRoYXQncyBubyBpbiB0aGUgc2VydmVyJ3MgY29udHJvbC5cbiAgICBjaGFsbGVuZ2UuY2xpZW50Tm9uY2UgPSB0aGlzLmtleUZhY3RvcnkucmFuZG9tU3RyaW5nKFxuICAgICAgVFBfUEFTU1dPUkRfUkVTRVRfQ0xJRU5UX05PTkNFX0xFTkdUSFxuICAgICk7XG4gICAgY29uc29sZS5sb2coY2hhbGxlbmdlKTtcblxuICAgIGNvbnN0IGFzc2VtYmx5S2V5VmVyaWZpZXJQcmsgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXG4gICAgICBhc3NlbWJseUtleSxcbiAgICAgIHJlc2V0VXNlci53cmFwcGVkQXNzZW1ibHlLZXlWZXJpZmllclBya1xuICAgICk7XG4gICAgY29uc3Qgc2lnbmVkQ2hhbGxlbmdlID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduKFxuICAgICAgYXNzZW1ibHlLZXlWZXJpZmllclByayxcbiAgICAgIGNoYWxsZW5nZVxuICAgICk7XG5cbiAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAgIC8vIENoYW5nZSBwYXNzd29yZCBmb3IgdGhlIG9yaWdpbmFsIHVzZXJcbiAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAgIGNvbnN0IHRlbXBJZHBQYXNzd29yZCA9IChcbiAgICAgIGF3YWl0IHRoaXMubHJHcmFwaFFMLmxyTXV0YXRlKFxuICAgICAgICBuZXcgTHJNdXRhdGlvbih7XG4gICAgICAgICAgbXV0YXRpb246IFByZUNvbXBsZXRlVHBQYXNzd29yZFJlc2V0UmVxdWVzdE11dGF0aW9uLFxuICAgICAgICAgIHZhcmlhYmxlczoge1xuICAgICAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICAgICAgc2lnbmVkQ2hhbGxlbmdlOiBKU09OLnN0cmluZ2lmeShzaWduZWRDaGFsbGVuZ2UpLFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICB9LFxuICAgICAgICB9KSxcbiAgICAgICAge1xuICAgICAgICAgIGluY2x1ZGVLZXlHcmFwaDogZmFsc2UsXG4gICAgICAgIH1cbiAgICAgIClcbiAgICApLnByZUNvbXBsZXRlVHBQYXNzd29yZFJlc2V0UmVxdWVzdC5pZHBQYXNzd29yZDtcblxuICAgIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4gICAgLy8gTG9naW4gYXMgdGhlIG9yaWdpbmFsIHVzZXIgdXNpbmcgbmV3IHRlbXBvcmFyeSBwYXNzd29yZFxuICAgIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXG4gICAgLy8gQXQgdGhpcyBwb2ludCwgdGhlIG9yaWdpbmFsIGFjY291bnQncyBwYXNzd29yZCBoYXMgYmVlbiBjaGFuZ2VkXG4gICAgLy8gdG8gYSB0ZW1wb3JhcnkgcGFzc3dvcmQuIEl0IGlzIG5vIGxvbmdlciBwb3NzaWJsZSBmb3IgdGhlIHVzZXJcbiAgICAvLyB0byB1c2UgdGhlIG9yaWdpbmFsIHBhc3N3b3JkIHRvIGxvZ2luLiBBbnkgc3VjY2Vzc2Z1bCBsb2dpblxuICAgIC8vIGNhbiBvbmx5IGJlIHVzaW5nIHRoZSB0ZW1wb3JhcnkgcGFzc3dvcmQuIFNvIGl0J3Mgc2FmZSB0byBhc3N1bWVcbiAgICAvLyB0aGF0IHdlIHdhbnQgdG8gXCJjb21wbGV0ZVwiIHRoZSBwYXNzd29yZCByZXNldC5cblxuICAgIC8vIFRoZSBtYXliZSAyRkEgc28gd2UgbGlzdGVuIGZvciB0aGUgYXV0aCBldmVudCBmcm9tIEFtcGxpZnkuXG4gICAgY29uc3QgcmV0UHJvbWlzZSA9IG5ldyBQcm9taXNlPHZvaWQ+KChyZXNvbHZlKSA9PiB7XG4gICAgICBjb25zdCBsaXN0ZW5lciA9IGFzeW5jIChkYXRhKSA9PiB7XG4gICAgICAgIGlmIChkYXRhLnBheWxvYWQuZXZlbnQgIT09ICdzaWduSW4nKSB7XG4gICAgICAgICAgcmV0dXJuO1xuICAgICAgICB9XG5cbiAgICAgICAgSHViLnJlbW92ZSgnYXV0aCcsIGxpc3RlbmVyKTtcblxuICAgICAgICBjb25zb2xlLmxvZyhkYXRhLnBheWxvYWQpO1xuXG4gICAgICAgIGF3YWl0IHRoaXMuYXV0aC5zaWduSW4ocmVzZXRVc2VyLnVzZXJuYW1lLCBuZXdJZHBQYXNzd29yZCk7XG5cbiAgICAgICAgLy8gU3dpdGNoIG92ZXIgdG8gdGhlIG5ldyBzZXQgb2Yga2V5c1xuICAgICAgICBhd2FpdCB0aGlzLmxyR3JhcGhRTC5sck11dGF0ZShcbiAgICAgICAgICBuZXcgTHJNdXRhdGlvbih7XG4gICAgICAgICAgICBtdXRhdGlvbjogQ29tcGxldGVUcFBhc3N3b3JkUmVzZXRSZXF1ZXN0TXV0YXRpb24sXG4gICAgICAgICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICAgICAgICBtYXN0ZXJLZXlXcmFwcGVkUm9vdEtleSxcbiAgICAgICAgICAgICAgICBtYXN0ZXJLZXlJZDogbWFzdGVyS2V5LmlkLFxuICAgICAgICAgICAgICB9LFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICB9KVxuICAgICAgICApO1xuXG4gICAgICAgIHJlc29sdmUoKTtcbiAgICAgIH07XG5cbiAgICAgIEh1Yi5saXN0ZW4oJ2F1dGgnLCBsaXN0ZW5lcik7XG4gICAgfSk7XG5cbiAgICAvLyBTaWduaW4gYXMgdGhlIG9yaWdpbmFsIHVzZXIuIFBhc3N3b3JkIGhhcyBiZWVuIHJlc2V0IHRvIHRlbXBvcmFyeSBvbmUuIEl0IHNob3VsZCByZXR1cm5cbiAgICAvLyB3aXRoIE5FV19QQVNTV09SRF9SRVFVSVJFRFxuICAgIGxldCB1c2VyID0gYXdhaXQgdGhpcy5hdXRoLnNpZ25JbihyZXNldFVzZXIudXNlcm5hbWUsIHRlbXBJZHBQYXNzd29yZCwge1xuICAgICAgbm9Qcm94eTogJ3RydWUnLFxuICAgIH0pO1xuXG4gICAgaWYgKHVzZXIuY2hhbGxlbmdlTmFtZSAhPT0gJ05FV19QQVNTV09SRF9SRVFVSVJFRCcpIHtcbiAgICAgIHRocm93IG5ldyBMckV4Y2VwdGlvbih7XG4gICAgICAgIG1lc3NhZ2U6XG4gICAgICAgICAgJ0ludGVybmFsIGVycm9yLiBFeHBlY3RpbmcgQ29nbml0byB0byBoYXZlIGRvbmUgYSBwYXNzd29yZCByZXNldCBhZnRlciBjYWxsIHRvIFByZUNvbXBsZXRlVHBQYXNzd29yZFJlc2V0UmVxdWVzdE11dGF0aW9uLicsXG4gICAgICB9KTtcbiAgICB9XG5cbiAgICAvLyBTZXQgbmV3IHBhc3N3b3JkIG9uIElkcFxuICAgIC8vIHRoZSBhd3NGZXRjaCgpIGZ1bmN0aW9uIHBhc3NlcyBORVdfUEFTU1dPUkRfUkVRVUlSRUQgZGlyZWN0bHkgdG8gQVdTIHdpdGhvdXRcbiAgICAvLyBnb2luZyB0aHJvdWdoIHRoZSBwcm94eS5cbiAgICB1c2VyID0gYXdhaXQgdGhpcy5hdXRoLmNvbXBsZXRlTmV3UGFzc3dvcmQodXNlciwgbmV3SWRwUGFzc3dvcmQsIHt9KTtcblxuICAgIHJldHVybiByZXRQcm9taXNlO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyByZWNvdmVyQXNzZW1ibHlLZXkoXG4gICAgcmVzZXRVc2VyOiBUcFBhc3N3b3JkUmVzZXRVc2VyTm9kZVxuICApOiBQcm9taXNlPEpXSy5LZXk+IHtcbiAgICBjb25zdCBwcmsgPSBhd2FpdCB0aGlzLmtleUdyYXBoU2VydmljZS5nZXRLZXkocmVzZXRVc2VyLnB4ay5pZCk7XG5cbiAgICBjb25zdCBwYXJ0aWFscyA9IGF3YWl0IFByb21pc2UuYWxsKFxuICAgICAgcmVzZXRVc2VyLmFwcHJvdmFsc1xuICAgICAgICAuZmlsdGVyKChhcHByb3ZhbCkgPT4gISFhcHByb3ZhbC5yZWNlaXZlckNpcGhlclBhcnRpYWxBc3NlbWJseUtleSlcbiAgICAgICAgLm1hcCgoYXBwcm92YWwpID0+XG4gICAgICAgICAgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICAgICAgcHJrLFxuICAgICAgICAgICAgYXBwcm92YWwucmVjZWl2ZXJDaXBoZXJQYXJ0aWFsQXNzZW1ibHlLZXlcbiAgICAgICAgICApXG4gICAgICAgIClcbiAgICApO1xuXG4gICAgcmV0dXJuIHRoaXMuYXNzZW1ibHlDb250cm9sbGVyLnJlY292ZXJBc3NlbWJseUtleShwYXJ0aWFscyk7XG4gIH1cbn1cbiJdfQ==