npm - @lifeready/core - Versions diffs - 1.0.21 → 1.0.22 - Mend

@lifeready/core 1.0.21 → 1.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (228) hide show

package/esm2015/lib/message/message.service.js ADDED Viewed

@@ -0,0 +1,116 @@
+import { __awaiter, __decorate } from "tslib";
+import { Injectable, Injector, NgZone } from '@angular/core';
+import { LrMutation, LrService } from '../api/lr-graphql';
+import { EncryptionService } from '../encryption/encryption.service';
+import { KeyExchangeService } from '../key-exchange/key-exchange.service';
+import { KeyGraphService } from '../key/key-graph.service';
+import { RunOutsideAngular } from '../_common/run-outside-angular';
+import { MessageQuery, SendMessageMutation } from './message.gql';
+import * as i0 from "@angular/core";
+import * as i1 from "../key/key-graph.service";
+import * as i2 from "../encryption/encryption.service";
+import * as i3 from "../key-exchange/key-exchange.service";
+let MessageService = class MessageService extends LrService {
+    constructor(ngZone, injector, keyGraph, encryptionService, keyExchangeService) {
+        super(injector);
+        this.ngZone = ngZone;
+        this.injector = injector;
+        this.keyGraph = keyGraph;
+        this.encryptionService = encryptionService;
+        this.keyExchangeService = keyExchangeService;
+        this.encrypt = this.encryptionService.encrypt.bind(this.encryptionService);
+        this.decrypt = this.encryptionService.decrypt.bind(this.encryptionService);
+        this.sign = this.encryptionService.sign.bind(this.encryptionService);
+        this.verify = this.encryptionService.verify.bind(this.encryptionService);
+    }
+    sendMessage(input) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.mutate(this.sendMessageMutation(input));
+        });
+    }
+    sendMessageMutation({ username, userId, plainMessageJson, plainCipherMessageJson, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const userSharedKey = yield this.keyExchangeService.currentUserSharedKey({
+                username,
+                userId,
+            });
+            const input = {
+                receiverUsername: username,
+                receiverId: userId,
+                sharedKeyId: userSharedKey.sharedKey.id,
+                senderSigPbkId: userSharedKey.userSigPrk.id,
+            };
+            if (plainCipherMessageJson) {
+                const sharedKey = yield this.keyGraph.getJwkKey(userSharedKey.sharedKey.id);
+                const cipherMessage = yield this.encrypt(sharedKey, plainCipherMessageJson);
+                const senderSigPrk = yield this.keyGraph.getJwkKey(userSharedKey.userSigPrk.id);
+                const signedCipherMessage = yield this.sign(senderSigPrk, cipherMessage);
+                input.signedCipherMessage = JSON.stringify(signedCipherMessage);
+            }
+            if (plainMessageJson) {
+                input.plainMessage = JSON.stringify(plainMessageJson);
+            }
+            return new LrMutation({
+                mutation: SendMessageMutation,
+                variables: {
+                    input,
+                },
+            });
+        });
+    }
+    decryptMessage(message, options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const signedCipherMessage = yield this.verify(options.senderSigPbk, JSON.parse(message.signedCipherMessage));
+            message.signedCipherMessageClearJson = yield this.decrypt(options.sharedKey, signedCipherMessage);
+        });
+    }
+    getMessage(id) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const res = yield this.query({
+                query: MessageQuery,
+                variables: {
+                    id,
+                },
+            });
+            // this.keyGraph.addKeys(res.keyGraph);
+            const message = res.message;
+            const sharedKey = yield this.keyGraph.getJwkKey(message.sharedKey.id);
+            // The sender would be getting the Prk back. The receiver gets the Pbk back.
+            // But only the Pbk is needed here to verify signature.
+            // So both sender and receiver can access this message.
+            const senderSigPbk = yield this.keyGraph.getJwkKey(message.senderSigPbk.id);
+            // Test bad signature
+            // senderSigPbk = senderSigPbk.toJSON();
+            // senderSigPbk.n = "x" + senderSigPbk.n.substring(1);
+            // senderSigPbk = await KFS.asKey(senderSigPbk);
+            yield this.decryptMessage(message, {
+                sharedKey,
+                senderSigPbk,
+            });
+            if (message.plainMessage) {
+                message.plainMessageJson = JSON.parse(message.plainMessage);
+            }
+            return res.message;
+        });
+    }
+};
+MessageService.ɵprov = i0.ɵɵdefineInjectable({ factory: function MessageService_Factory() { return new MessageService(i0.ɵɵinject(i0.NgZone), i0.ɵɵinject(i0.INJECTOR), i0.ɵɵinject(i1.KeyGraphService), i0.ɵɵinject(i2.EncryptionService), i0.ɵɵinject(i3.KeyExchangeService)); }, token: MessageService, providedIn: "root" });
+MessageService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+MessageService.ctorParameters = () => [
+    { type: NgZone },
+    { type: Injector },
+    { type: KeyGraphService },
+    { type: EncryptionService },
+    { type: KeyExchangeService }
+];
+MessageService = __decorate([
+    RunOutsideAngular({
+        ngZoneName: 'ngZone',
+    })
+], MessageService);
+export { MessageService };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWVzc2FnZS5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6Ii9vcHQvYXRsYXNzaWFuL3BpcGVsaW5lcy9hZ2VudC9idWlsZC9wcm9qZWN0cy9jb3JlL3NyYy8iLCJzb3VyY2VzIjpbImxpYi9tZXNzYWdlL21lc3NhZ2Uuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLEVBQUUsTUFBTSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBRTdELE9BQU8sRUFBRSxVQUFVLEVBQUUsU0FBUyxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFFMUQsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sa0NBQWtDLENBQUM7QUFDckUsT0FBTyxFQUFFLGtCQUFrQixFQUFFLE1BQU0sc0NBQXNDLENBQUM7QUFDMUUsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBQzNELE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGdDQUFnQyxDQUFDO0FBQ25FLE9BQU8sRUFBRSxZQUFZLEVBQUUsbUJBQW1CLEVBQUUsTUFBTSxlQUFlLENBQUM7Ozs7O0lBU3JELGNBQWMsU0FBZCxjQUFlLFNBQVEsU0FBUztJQWMzQyxZQUNVLE1BQWMsRUFDZCxRQUFrQixFQUNsQixRQUF5QixFQUN6QixpQkFBb0MsRUFDcEMsa0JBQXNDO1FBRTlDLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQztRQU5SLFdBQU0sR0FBTixNQUFNLENBQVE7UUFDZCxhQUFRLEdBQVIsUUFBUSxDQUFVO1FBQ2xCLGFBQVEsR0FBUixRQUFRLENBQWlCO1FBQ3pCLHNCQUFpQixHQUFqQixpQkFBaUIsQ0FBbUI7UUFDcEMsdUJBQWtCLEdBQWxCLGtCQUFrQixDQUFvQjtRQWxCL0IsWUFBTyxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUM1RCxJQUFJLENBQUMsaUJBQWlCLENBQ3ZCLENBQUM7UUFDZSxZQUFPLEdBQUcsSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQzVELElBQUksQ0FBQyxpQkFBaUIsQ0FDdkIsQ0FBQztRQUNlLFNBQUksR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUFDLElBQUksQ0FDdEQsSUFBSSxDQUFDLGlCQUFpQixDQUN2QixDQUFDO1FBQ2UsV0FBTSxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUMxRCxJQUFJLENBQUMsaUJBQWlCLENBQ3ZCLENBQUM7SUFVRixDQUFDO0lBRUssV0FBVyxDQUFDLEtBQXVCOztZQUN2QyxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7UUFDdEQsQ0FBQztLQUFBO0lBRUssbUJBQW1CLENBQUMsRUFDeEIsUUFBUSxFQUNSLE1BQU0sRUFDTixnQkFBZ0IsRUFDaEIsc0JBQXNCLEdBQ0w7O1lBQ2pCLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLGtCQUFrQixDQUFDLG9CQUFvQixDQUFDO2dCQUN2RSxRQUFRO2dCQUNSLE1BQU07YUFDUCxDQUFDLENBQUM7WUFFSCxNQUFNLEtBQUssR0FBUTtnQkFDakIsZ0JBQWdCLEVBQUUsUUFBUTtnQkFDMUIsVUFBVSxFQUFFLE1BQU07Z0JBQ2xCLFdBQVcsRUFBRSxhQUFhLENBQUMsU0FBUyxDQUFDLEVBQUU7Z0JBQ3ZDLGNBQWMsRUFBRSxhQUFhLENBQUMsVUFBVSxDQUFDLEVBQUU7YUFDNUMsQ0FBQztZQUVGLElBQUksc0JBQXNCLEVBQUU7Z0JBQzFCLE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQzdDLGFBQWEsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUMzQixDQUFDO2dCQUNGLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FDdEMsU0FBUyxFQUNULHNCQUFzQixDQUN2QixDQUFDO2dCQUVGLE1BQU0sWUFBWSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQ2hELGFBQWEsQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUM1QixDQUFDO2dCQUNGLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLFlBQVksRUFBRSxhQUFhLENBQUMsQ0FBQztnQkFFekUsS0FBSyxDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQyxTQUFTLENBQUMsbUJBQW1CLENBQUMsQ0FBQzthQUNqRTtZQUVELElBQUksZ0JBQWdCLEVBQUU7Z0JBQ3BCLEtBQUssQ0FBQyxZQUFZLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxnQkFBZ0IsQ0FBQyxDQUFDO2FBQ3ZEO1lBRUQsT0FBTyxJQUFJLFVBQVUsQ0FBQztnQkFDcEIsUUFBUSxFQUFFLG1CQUFtQjtnQkFDN0IsU0FBUyxFQUFFO29CQUNULEtBQUs7aUJBQ047YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFSyxjQUFjLENBQ2xCLE9BQW9CLEVBQ3BCLE9BQXNEOztZQUV0RCxNQUFNLG1CQUFtQixHQUFHLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FDM0MsT0FBTyxDQUFDLFlBQVksRUFDcEIsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsbUJBQW1CLENBQUMsQ0FDeEMsQ0FBQztZQUVGLE9BQU8sQ0FBQyw0QkFBNEIsR0FBRyxNQUFNLElBQUksQ0FBQyxPQUFPLENBQ3ZELE9BQU8sQ0FBQyxTQUFTLEVBQ2pCLG1CQUFtQixDQUNwQixDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUssVUFBVSxDQUFDLEVBQVU7O1lBQ3pCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLEtBQUssQ0FBQztnQkFDM0IsS0FBSyxFQUFFLFlBQVk7Z0JBQ25CLFNBQVMsRUFBRTtvQkFDVCxFQUFFO2lCQUNIO2FBQ0YsQ0FBQyxDQUFDO1lBRUgsdUNBQXVDO1lBRXZDLE1BQU0sT0FBTyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUM7WUFFNUIsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFNBQVMsQ0FBQyxPQUFPLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBRXRFLDRFQUE0RTtZQUM1RSx1REFBdUQ7WUFDdkQsdURBQXVEO1lBQ3ZELE1BQU0sWUFBWSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsT0FBTyxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUU1RSxxQkFBcUI7WUFDckIsd0NBQXdDO1lBQ3hDLHNEQUFzRDtZQUN0RCxnREFBZ0Q7WUFFaEQsTUFBTSxJQUFJLENBQUMsY0FBYyxDQUFDLE9BQU8sRUFBRTtnQkFDakMsU0FBUztnQkFDVCxZQUFZO2FBQ2IsQ0FBQyxDQUFDO1lBRUgsSUFBSSxPQUFPLENBQUMsWUFBWSxFQUFFO2dCQUN4QixPQUFPLENBQUMsZ0JBQWdCLEdBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxPQUFPLENBQUMsWUFBWSxDQUFDLENBQUM7YUFDN0Q7WUFFRCxPQUFPLEdBQUcsQ0FBQyxPQUFPLENBQUM7UUFDckIsQ0FBQztLQUFBO0NBQ0YsQ0FBQTs7O1lBaElBLFVBQVUsU0FBQztnQkFDVixVQUFVLEVBQUUsTUFBTTthQUNuQjs7O1lBaEI4QixNQUFNO1lBQWhCLFFBQVE7WUFNcEIsZUFBZTtZQUZmLGlCQUFpQjtZQUNqQixrQkFBa0I7O0FBWWQsY0FBYztJQU4xQixpQkFBaUIsQ0FBQztRQUNqQixVQUFVLEVBQUUsUUFBUTtLQUNyQixDQUFDO0dBSVcsY0FBYyxDQTZIMUI7U0E3SFksY0FBYyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IEluamVjdGFibGUsIEluamVjdG9yLCBOZ1pvbmUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcbmltcG9ydCB7IEpXSyB9IGZyb20gJ25vZGUtam9zZSc7XG5pbXBvcnQgeyBMck11dGF0aW9uLCBMclNlcnZpY2UgfSBmcm9tICcuLi9hcGkvbHItZ3JhcGhxbCc7XG5pbXBvcnQgeyBNZXNzYWdlTm9kZSB9IGZyb20gJy4uL2FwaS90eXBlcyc7XG5pbXBvcnQgeyBFbmNyeXB0aW9uU2VydmljZSB9IGZyb20gJy4uL2VuY3J5cHRpb24vZW5jcnlwdGlvbi5zZXJ2aWNlJztcbmltcG9ydCB7IEtleUV4Y2hhbmdlU2VydmljZSB9IGZyb20gJy4uL2tleS1leGNoYW5nZS9rZXktZXhjaGFuZ2Uuc2VydmljZSc7XG5pbXBvcnQgeyBLZXlHcmFwaFNlcnZpY2UgfSBmcm9tICcuLi9rZXkva2V5LWdyYXBoLnNlcnZpY2UnO1xuaW1wb3J0IHsgUnVuT3V0c2lkZUFuZ3VsYXIgfSBmcm9tICcuLi9fY29tbW9uL3J1bi1vdXRzaWRlLWFuZ3VsYXInO1xuaW1wb3J0IHsgTWVzc2FnZVF1ZXJ5LCBTZW5kTWVzc2FnZU11dGF0aW9uIH0gZnJvbSAnLi9tZXNzYWdlLmdxbCc7XG5pbXBvcnQgeyBTZW5kTWVzc2FnZUlucHV0IH0gZnJvbSAnLi9tZXNzYWdlLnR5cGVzJztcblxuQFJ1bk91dHNpZGVBbmd1bGFyKHtcbiAgbmdab25lTmFtZTogJ25nWm9uZScsXG59KVxuQEluamVjdGFibGUoe1xuICBwcm92aWRlZEluOiAncm9vdCcsXG59KVxuZXhwb3J0IGNsYXNzIE1lc3NhZ2VTZXJ2aWNlIGV4dGVuZHMgTHJTZXJ2aWNlIHtcbiAgcHJpdmF0ZSByZWFkb25seSBlbmNyeXB0ID0gdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0LmJpbmQoXG4gICAgdGhpcy5lbmNyeXB0aW9uU2VydmljZVxuICApO1xuICBwcml2YXRlIHJlYWRvbmx5IGRlY3J5cHQgPSB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQuYmluZChcbiAgICB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlXG4gICk7XG4gIHByaXZhdGUgcmVhZG9ubHkgc2lnbiA9IHRoaXMuZW5jcnlwdGlvblNlcnZpY2Uuc2lnbi5iaW5kKFxuICAgIHRoaXMuZW5jcnlwdGlvblNlcnZpY2VcbiAgKTtcbiAgcHJpdmF0ZSByZWFkb25seSB2ZXJpZnkgPSB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnZlcmlmeS5iaW5kKFxuICAgIHRoaXMuZW5jcnlwdGlvblNlcnZpY2VcbiAgKTtcblxuICBjb25zdHJ1Y3RvcihcbiAgICBwcml2YXRlIG5nWm9uZTogTmdab25lLFxuICAgIHByaXZhdGUgaW5qZWN0b3I6IEluamVjdG9yLFxuICAgIHByaXZhdGUga2V5R3JhcGg6IEtleUdyYXBoU2VydmljZSxcbiAgICBwcml2YXRlIGVuY3J5cHRpb25TZXJ2aWNlOiBFbmNyeXB0aW9uU2VydmljZSxcbiAgICBwcml2YXRlIGtleUV4Y2hhbmdlU2VydmljZTogS2V5RXhjaGFuZ2VTZXJ2aWNlXG4gICkge1xuICAgIHN1cGVyKGluamVjdG9yKTtcbiAgfVxuXG4gIGFzeW5jIHNlbmRNZXNzYWdlKGlucHV0OiBTZW5kTWVzc2FnZUlucHV0KSB7XG4gICAgcmV0dXJuIHRoaXMubXV0YXRlKHRoaXMuc2VuZE1lc3NhZ2VNdXRhdGlvbihpbnB1dCkpO1xuICB9XG5cbiAgYXN5bmMgc2VuZE1lc3NhZ2VNdXRhdGlvbih7XG4gICAgdXNlcm5hbWUsXG4gICAgdXNlcklkLFxuICAgIHBsYWluTWVzc2FnZUpzb24sXG4gICAgcGxhaW5DaXBoZXJNZXNzYWdlSnNvbixcbiAgfTogU2VuZE1lc3NhZ2VJbnB1dCkge1xuICAgIGNvbnN0IHVzZXJTaGFyZWRLZXkgPSBhd2FpdCB0aGlzLmtleUV4Y2hhbmdlU2VydmljZS5jdXJyZW50VXNlclNoYXJlZEtleSh7XG4gICAgICB1c2VybmFtZSxcbiAgICAgIHVzZXJJZCxcbiAgICB9KTtcblxuICAgIGNvbnN0IGlucHV0OiBhbnkgPSB7XG4gICAgICByZWNlaXZlclVzZXJuYW1lOiB1c2VybmFtZSxcbiAgICAgIHJlY2VpdmVySWQ6IHVzZXJJZCxcbiAgICAgIHNoYXJlZEtleUlkOiB1c2VyU2hhcmVkS2V5LnNoYXJlZEtleS5pZCxcbiAgICAgIHNlbmRlclNpZ1Bia0lkOiB1c2VyU2hhcmVkS2V5LnVzZXJTaWdQcmsuaWQsXG4gICAgfTtcblxuICAgIGlmIChwbGFpbkNpcGhlck1lc3NhZ2VKc29uKSB7XG4gICAgICBjb25zdCBzaGFyZWRLZXkgPSBhd2FpdCB0aGlzLmtleUdyYXBoLmdldEp3a0tleShcbiAgICAgICAgdXNlclNoYXJlZEtleS5zaGFyZWRLZXkuaWRcbiAgICAgICk7XG4gICAgICBjb25zdCBjaXBoZXJNZXNzYWdlID0gYXdhaXQgdGhpcy5lbmNyeXB0KFxuICAgICAgICBzaGFyZWRLZXksXG4gICAgICAgIHBsYWluQ2lwaGVyTWVzc2FnZUpzb25cbiAgICAgICk7XG5cbiAgICAgIGNvbnN0IHNlbmRlclNpZ1ByayA9IGF3YWl0IHRoaXMua2V5R3JhcGguZ2V0SndrS2V5KFxuICAgICAgICB1c2VyU2hhcmVkS2V5LnVzZXJTaWdQcmsuaWRcbiAgICAgICk7XG4gICAgICBjb25zdCBzaWduZWRDaXBoZXJNZXNzYWdlID0gYXdhaXQgdGhpcy5zaWduKHNlbmRlclNpZ1ByaywgY2lwaGVyTWVzc2FnZSk7XG5cbiAgICAgIGlucHV0LnNpZ25lZENpcGhlck1lc3NhZ2UgPSBKU09OLnN0cmluZ2lmeShzaWduZWRDaXBoZXJNZXNzYWdlKTtcbiAgICB9XG5cbiAgICBpZiAocGxhaW5NZXNzYWdlSnNvbikge1xuICAgICAgaW5wdXQucGxhaW5NZXNzYWdlID0gSlNPTi5zdHJpbmdpZnkocGxhaW5NZXNzYWdlSnNvbik7XG4gICAgfVxuXG4gICAgcmV0dXJuIG5ldyBMck11dGF0aW9uKHtcbiAgICAgIG11dGF0aW9uOiBTZW5kTWVzc2FnZU11dGF0aW9uLFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlucHV0LFxuICAgICAgfSxcbiAgICB9KTtcbiAgfVxuXG4gIGFzeW5jIGRlY3J5cHRNZXNzYWdlKFxuICAgIG1lc3NhZ2U6IE1lc3NhZ2VOb2RlLFxuICAgIG9wdGlvbnM6IHsgc2hhcmVkS2V5OiBKV0suS2V5OyBzZW5kZXJTaWdQYms6IEpXSy5LZXkgfVxuICApOiBQcm9taXNlPHZvaWQ+IHtcbiAgICBjb25zdCBzaWduZWRDaXBoZXJNZXNzYWdlID0gYXdhaXQgdGhpcy52ZXJpZnkoXG4gICAgICBvcHRpb25zLnNlbmRlclNpZ1BiayxcbiAgICAgIEpTT04ucGFyc2UobWVzc2FnZS5zaWduZWRDaXBoZXJNZXNzYWdlKVxuICAgICk7XG5cbiAgICBtZXNzYWdlLnNpZ25lZENpcGhlck1lc3NhZ2VDbGVhckpzb24gPSBhd2FpdCB0aGlzLmRlY3J5cHQoXG4gICAgICBvcHRpb25zLnNoYXJlZEtleSxcbiAgICAgIHNpZ25lZENpcGhlck1lc3NhZ2VcbiAgICApO1xuICB9XG5cbiAgYXN5bmMgZ2V0TWVzc2FnZShpZDogc3RyaW5nKSB7XG4gICAgY29uc3QgcmVzID0gYXdhaXQgdGhpcy5xdWVyeSh7XG4gICAgICBxdWVyeTogTWVzc2FnZVF1ZXJ5LFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlkLFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIC8vIHRoaXMua2V5R3JhcGguYWRkS2V5cyhyZXMua2V5R3JhcGgpO1xuXG4gICAgY29uc3QgbWVzc2FnZSA9IHJlcy5tZXNzYWdlO1xuXG4gICAgY29uc3Qgc2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5rZXlHcmFwaC5nZXRKd2tLZXkobWVzc2FnZS5zaGFyZWRLZXkuaWQpO1xuXG4gICAgLy8gVGhlIHNlbmRlciB3b3VsZCBiZSBnZXR0aW5nIHRoZSBQcmsgYmFjay4gVGhlIHJlY2VpdmVyIGdldHMgdGhlIFBiayBiYWNrLlxuICAgIC8vIEJ1dCBvbmx5IHRoZSBQYmsgaXMgbmVlZGVkIGhlcmUgdG8gdmVyaWZ5IHNpZ25hdHVyZS5cbiAgICAvLyBTbyBib3RoIHNlbmRlciBhbmQgcmVjZWl2ZXIgY2FuIGFjY2VzcyB0aGlzIG1lc3NhZ2UuXG4gICAgY29uc3Qgc2VuZGVyU2lnUGJrID0gYXdhaXQgdGhpcy5rZXlHcmFwaC5nZXRKd2tLZXkobWVzc2FnZS5zZW5kZXJTaWdQYmsuaWQpO1xuXG4gICAgLy8gVGVzdCBiYWQgc2lnbmF0dXJlXG4gICAgLy8gc2VuZGVyU2lnUGJrID0gc2VuZGVyU2lnUGJrLnRvSlNPTigpO1xuICAgIC8vIHNlbmRlclNpZ1Biay5uID0gXCJ4XCIgKyBzZW5kZXJTaWdQYmsubi5zdWJzdHJpbmcoMSk7XG4gICAgLy8gc2VuZGVyU2lnUGJrID0gYXdhaXQgS0ZTLmFzS2V5KHNlbmRlclNpZ1Biayk7XG5cbiAgICBhd2FpdCB0aGlzLmRlY3J5cHRNZXNzYWdlKG1lc3NhZ2UsIHtcbiAgICAgIHNoYXJlZEtleSxcbiAgICAgIHNlbmRlclNpZ1BiayxcbiAgICB9KTtcblxuICAgIGlmIChtZXNzYWdlLnBsYWluTWVzc2FnZSkge1xuICAgICAgbWVzc2FnZS5wbGFpbk1lc3NhZ2VKc29uID0gSlNPTi5wYXJzZShtZXNzYWdlLnBsYWluTWVzc2FnZSk7XG4gICAgfVxuXG4gICAgcmV0dXJuIHJlcy5tZXNzYWdlO1xuICB9XG59XG4iXX0=

package/esm2015/lib/message/message.types.js ADDED Viewed

@@ -0,0 +1 @@

+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibWVzc2FnZS50eXBlcy5qcyIsInNvdXJjZVJvb3QiOiIvb3B0L2F0bGFzc2lhbi9waXBlbGluZXMvYWdlbnQvYnVpbGQvcHJvamVjdHMvY29yZS9zcmMvIiwic291cmNlcyI6WyJsaWIvbWVzc2FnZS9tZXNzYWdlLnR5cGVzLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiIiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBKV0sgfSBmcm9tICdub2RlLWpvc2UnO1xuaW1wb3J0IHsgSlNPTk9iamVjdCB9IGZyb20gJy4uL2FwaS90eXBlcyc7XG5cbmV4cG9ydCBpbnRlcmZhY2UgU2VuZE1lc3NhZ2VJbnB1dCB7XG4gIHVzZXJuYW1lPzogc3RyaW5nO1xuICB1c2VySWQ/OiBzdHJpbmc7XG4gIHBsYWluTWVzc2FnZUpzb24/OiBKU09OT2JqZWN0O1xuICBwbGFpbkNpcGhlck1lc3NhZ2VKc29uPzogSlNPTk9iamVjdDtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBEZWNyeXB0TWVzc2FnZU9wdGlvbnMge1xuICBzaGFyZWRLZXk6IEpXSy5LZXk7XG4gIHNlbmRlclNpZ1BiazogSldLLktleTtcbn1cbiJdfQ==

package/esm2015/lib/password/password.gql.js ADDED Viewed

@@ -0,0 +1,28 @@
+import gql from 'graphql-tag';
+export const PasswordChangeRequestMutation = gql `
+  mutation {
+    passwordChangeRequest(input: {}) {
+      challenge
+    }
+  }
+`;
+export const PasswordChangeMutation = gql `
+  mutation PasswordChange($input: PasswordChangeInput!) {
+    passwordChange(input: $input) {
+      token
+      newPassKey {
+        id
+      }
+    }
+  }
+`;
+export const PasswordChangeConfigQuery = gql `
+  query PasswordChangeConfigQuery {
+    passwordChangeConfig {
+      maxAuthAgeSeconds
+      authTime
+      serverTime
+    }
+  }
+`;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGFzc3dvcmQuZ3FsLmpzIiwic291cmNlUm9vdCI6Ii9vcHQvYXRsYXNzaWFuL3BpcGVsaW5lcy9hZ2VudC9idWlsZC9wcm9qZWN0cy9jb3JlL3NyYy8iLCJzb3VyY2VzIjpbImxpYi9wYXNzd29yZC9wYXNzd29yZC5ncWwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxHQUFHLE1BQU0sYUFBYSxDQUFDO0FBRTlCLE1BQU0sQ0FBQyxNQUFNLDZCQUE2QixHQUFHLEdBQUcsQ0FBQTs7Ozs7O0NBTS9DLENBQUM7QUFFRixNQUFNLENBQUMsTUFBTSxzQkFBc0IsR0FBRyxHQUFHLENBQUE7Ozs7Ozs7OztDQVN4QyxDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0seUJBQXlCLEdBQUcsR0FBRyxDQUFBOzs7Ozs7OztDQVEzQyxDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IGdxbCBmcm9tICdncmFwaHFsLXRhZyc7XG5cbmV4cG9ydCBjb25zdCBQYXNzd29yZENoYW5nZVJlcXVlc3RNdXRhdGlvbiA9IGdxbGBcbiAgbXV0YXRpb24ge1xuICAgIHBhc3N3b3JkQ2hhbmdlUmVxdWVzdChpbnB1dDoge30pIHtcbiAgICAgIGNoYWxsZW5nZVxuICAgIH1cbiAgfVxuYDtcblxuZXhwb3J0IGNvbnN0IFBhc3N3b3JkQ2hhbmdlTXV0YXRpb24gPSBncWxgXG4gIG11dGF0aW9uIFBhc3N3b3JkQ2hhbmdlKCRpbnB1dDogUGFzc3dvcmRDaGFuZ2VJbnB1dCEpIHtcbiAgICBwYXNzd29yZENoYW5nZShpbnB1dDogJGlucHV0KSB7XG4gICAgICB0b2tlblxuICAgICAgbmV3UGFzc0tleSB7XG4gICAgICAgIGlkXG4gICAgICB9XG4gICAgfVxuICB9XG5gO1xuXG5leHBvcnQgY29uc3QgUGFzc3dvcmRDaGFuZ2VDb25maWdRdWVyeSA9IGdxbGBcbiAgcXVlcnkgUGFzc3dvcmRDaGFuZ2VDb25maWdRdWVyeSB7XG4gICAgcGFzc3dvcmRDaGFuZ2VDb25maWcge1xuICAgICAgbWF4QXV0aEFnZVNlY29uZHNcbiAgICAgIGF1dGhUaW1lXG4gICAgICBzZXJ2ZXJUaW1lXG4gICAgfVxuICB9XG5gO1xuIl19

package/esm2015/lib/password/password.service.js ADDED Viewed

@@ -0,0 +1,315 @@
+import { __awaiter } from "tslib";
+import { HttpClient } from '@angular/common/http';
+import { Inject, Injectable } from '@angular/core';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import * as moment_ from 'moment';
+import { EncryptionService } from '../encryption/encryption.service';
+import { IdleService } from '../idle/idle.service';
+import { KeyFactoryService as KFS } from '../key/key-factory.service';
+import { KeyGraphService } from '../key/key-graph.service';
+import { LR_CONFIG } from '../life-ready.config';
+import { ProfileService } from '../profile/profile.service';
+import { WebCryptoService } from '../web-crypto/web-crypto.service';
+import { LrAuthException } from '../_common/exceptions';
+import { LrApolloService } from './../api/lr-apollo.service';
+import { PasswordChangeConfigQuery, PasswordChangeMutation, PasswordChangeRequestMutation, } from './password.gql';
+import * as i0 from "@angular/core";
+import * as i1 from "../life-ready.config";
+import * as i2 from "@angular/common/http";
+import * as i3 from "../api/lr-apollo.service";
+import * as i4 from "@aws-amplify/auth/lib-esm/Auth";
+import * as i5 from "../profile/profile.service";
+import * as i6 from "../key/key-factory.service";
+import * as i7 from "../encryption/encryption.service";
+import * as i8 from "../key/key-graph.service";
+import * as i9 from "../web-crypto/web-crypto.service";
+import * as i10 from "../idle/idle.service";
+// "why?" you ask: https://stackoverflow.com/questions/59735280/angular-8-moment-error-cannot-call-a-namespace-moment
+const moment = moment_;
+export class PasswordCheck {
+}
+export class PasswordService {
+    constructor(config, http, apollo, auth, profileService, keyFactory, encryptionService, keyGraph, webCryptoService, idleService) {
+        this.config = config;
+        this.http = http;
+        this.apollo = apollo;
+        this.auth = auth;
+        this.profileService = profileService;
+        this.keyFactory = keyFactory;
+        this.encryptionService = encryptionService;
+        this.keyGraph = keyGraph;
+        this.webCryptoService = webCryptoService;
+        this.idleService = idleService;
+        this.CLIENT_NONCE_LENGTH = 32;
+    }
+    checkPassword(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { years } = this.passwordStrength(password);
+            return {
+                length: password.length,
+                timeToCrack: moment.duration({ years }),
+                passwordExposed: yield this.getExposureCount(password),
+            };
+        });
+    }
+    getExposureCount(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const sha1Password = yield this.webCryptoService.stringDigest('SHA-1', password);
+            const first5sha1 = sha1Password.substring(0, 5);
+            const response = yield this.http
+                .get(`https://api.pwnedpasswords.com/range/${first5sha1}`, {
+                responseType: 'text',
+            })
+                .toPromise();
+            const results = new RegExp(`^(?:${sha1Password.substring(5)}:)(?<count>\\d+)$`, 'im').exec(response);
+            if (results) {
+                return +results.groups.count;
+            }
+            return 0;
+        });
+    }
+    getPassIdpString(passIdp) {
+        return passIdp.toJSON(true).k;
+    }
+    createPassKeyBundle(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const passIdpParams = yield this.keyFactory.createPassIdpParams();
+            const passIdp = (yield this.keyFactory.derivePassIdp(Object.assign({ password }, passIdpParams))).jwk;
+            const passKeyParams = yield this.keyFactory.createPassKeyParams();
+            const passKey = (yield this.keyFactory.derivePassKey(Object.assign({ password }, passKeyParams))).jwk;
+            const passIdpVerifier = yield this.keyFactory.createPkcSignKey();
+            const wrappedPassIdpVerifierPrk = yield this.encryptionService.encrypt(passKey, passIdpVerifier.toJSON(true));
+            // There are two formats that the private key can be represented in JWK:
+            // https://tools.ietf.org/html/rfc8017#page-9
+            // The second form is an optimization:
+            // https://crypto.stackexchange.com/questions/19413/what-are-dp-and-dq-in-encryption-by-rsa-in-c
+            return {
+                passKeyParams,
+                passKey,
+                passIdpParams,
+                passIdp,
+                passIdpVerifier,
+                wrappedPassIdpVerifierPrk,
+            };
+        });
+    }
+    /**
+     * We need to allow for interruption of the process at any point. Each API call can be considered
+     * atomic and either succeeds or fails.
+     *
+     * The LR server APIs use semaphore tokens for locking critical operations, so concurrent calls will
+     * fail.
+     *
+     * We assume the worst case for IdP API calls. So we use the semaphore token from LR to prevent
+     * concurrent calls to IdP APIs, but we have to assume that the IdP API calls will either succeed or
+     * fail within a reasonable amount of time.
+     *
+     * Each location where the server state changes can be a potential point of interruption.
+     * Potential points of interruption are marked with: --Potential Failure Point--
+     *
+     * Places for timeout:
+     * - Login age too old at call to: verifyPassword()
+     * - Login age too old at call to: changePasswordMutation()
+     * - Semaphore token expires at call to: changePasswordComplete()
+     *
+     * Tests:
+     * - Potential Failure Point 1: should be able to restart the process, user remains signed in.
+     * - Potential Failure Point 2: should enter recovery flow
+     * - Potential Failure Point 3: should enter recovery flow
+     * - Potential Failure Point 4: should enter recovery flow
+     *
+     */
+    isLoginRequired() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const changePasswordConfig = yield this.getChangePasswordConfig();
+            const authTime = moment(changePasswordConfig.authTime);
+            const serverTime = moment(changePasswordConfig.serverTime);
+            const duration = moment.duration(serverTime.diff(authTime));
+            const seconds = duration.asSeconds();
+            if (seconds > changePasswordConfig.maxAuthAgeSeconds) {
+                return true;
+            }
+            else {
+                return false;
+            }
+        });
+    }
+    changePassword(password, newPassword) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cognitoUser = yield this.auth.currentAuthenticatedUser();
+            // Not checking that passwords are different. It makes it easier to test.
+            const { currentUser } = yield this.profileService.getCurrentUser();
+            const { passIdp, signedChallenge } = yield this.verifyPassword(password, currentUser);
+            // --Potential Failure Point 1--
+            // verifyPassword() asks for a current password challenge hence changes server state.
+            // Place break points here to test the failure scenarios.
+            // Generate the new passIdp
+            const newPassKey = yield this.createPassKeyBundle(newPassword);
+            // Re-encrypt master key with new key
+            const masterKey = yield this.keyGraph.getKey(currentUser.currentUserKey.masterKey.id);
+            const newWrappedMasterKey = yield this.encryptionService.encrypt(newPassKey.passKey, masterKey.jwk.toJSON(true));
+            // If the IdP change password failed, we need to go into recovery mode by forcing
+            // a login. We can't logout the user just yet since the IdP password change needs
+            // the user to be logged in. We _can_ removed any persisted session values for the IdP
+            // but that seems like too much trouble.
+            const { token, newPassKeyId } = yield this.changePasswordMutation(signedChallenge, currentUser.currentUserKey.masterKey.id, newWrappedMasterKey, newPassKey);
+            // --Potential Failure Point 2--
+            // changePasswordMutation() uploads new keys and obtains a semaphore lock to prevent any other
+            // clients from performing IdP password change.
+            // Now we can do the IdP password change.
+            // todo: Add this back in
+            yield this.auth.changePassword(cognitoUser, this.getPassIdpString(passIdp), this.getPassIdpString(newPassKey.passIdp));
+            // --Potential Failure Point 3--
+            // IdP password change
+            // Note that changePassword() could throw an exception for a number of reason. It could throw
+            // a network timeout for example. But we don't know if it's the response that timed out and
+            // the idp password change was actually carried out. So we have to be extra conservative and
+            // only act on a clear success. Otherwise we go into recover mode.
+            yield this.changePasswordComplete(cognitoUser.getSignInUserSession().getAccessToken().getJwtToken(), true, token);
+        });
+    }
+    changePasswordComplete(accessToken, useNewPassword, token = null) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.http
+                .post(`${this.config.authUrl}users/password-change-complete/`, Object.assign({ use_new_password: useNewPassword }, (token && { token })), {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                },
+            })
+                .toPromise();
+        });
+    }
+    getVerifierPrK(passKey, wrappedPrK) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const prkJson = yield this.encryptionService.decrypt(passKey, wrappedPrK);
+                return KFS.asKey(prkJson);
+            }
+            catch (error) {
+                throw new LrAuthException('Wrong current password');
+            }
+        });
+    }
+    verifyPassword(password, currentUser) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Get information from the server to prepare for password change.
+            const passwordRequest = yield this.apollo.mutate({
+                mutation: PasswordChangeRequestMutation,
+                variables: {},
+            });
+            // Get the old passKey so we can decrypt the old password verifier
+            const passKeyResult = yield this.keyFactory.derivePassKey(Object.assign({ password }, currentUser.currentUserKey.passKey.passKeyParams));
+            const verifierPrK = yield this.getVerifierPrK(passKeyResult.jwk, currentUser.currentUserKey.passKey.wrappedPassIdpVerifierPrk);
+            // Sign the server challenge to prove to the server we can decrypt the password verifier.
+            // Generate
+            const clientNonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
+            const signedChallenge = yield this.encryptionService.sign(verifierPrK, {
+                serverNonce: passwordRequest.passwordChangeRequest.challenge.serverNonce,
+                clientNonce,
+            });
+            const passIdpResult = yield this.keyFactory.derivePassIdp(Object.assign({ password }, currentUser.currentUserKey.passKey.passIdpParams));
+            return {
+                passIdp: passIdpResult.jwk,
+                signedChallenge,
+            };
+        });
+    }
+    changePasswordMutation(signedChallenge, masterKeyId, newWrappedMasterKey, passKeyBundle) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield this.apollo.mutate({
+                mutation: PasswordChangeMutation,
+                variables: {
+                    input: {
+                        signedChallenge: JSON.stringify(signedChallenge),
+                        masterKeyId,
+                        newWrappedMasterKey: JSON.stringify(newWrappedMasterKey),
+                        newPassKey: {
+                            passIdpParams: JSON.stringify(passKeyBundle.passIdpParams),
+                            passIdpVerifierPbk: JSON.stringify(passKeyBundle.passIdpVerifier.toJSON()),
+                            wrappedPassIdpVerifierPrk: JSON.stringify(passKeyBundle.wrappedPassIdpVerifierPrk),
+                            passKeyParams: JSON.stringify(passKeyBundle.passKeyParams),
+                        },
+                    },
+                },
+            });
+            return {
+                token: response.passwordChange.token,
+                newPassKeyId: response.passwordChange.newPassKey.id,
+            };
+        });
+    }
+    getChangePasswordConfig() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const res = yield this.apollo.query({
+                query: PasswordChangeConfigQuery,
+            });
+            const ret = res.passwordChangeConfig;
+            ret.authTime = new Date(ret.authTime);
+            ret.serverTime = new Date(ret.serverTime);
+            return ret;
+        });
+    }
+    passwordStrength(password) {
+        const upper = /[A-Z]/g;
+        const lower = /[a-z]/g;
+        const digit = /[0-9]/g;
+        const upperChoices = 26;
+        const lowerChoices = 26;
+        const digitChoices = 10;
+        const specialChoices = 30; // /[!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~]/g
+        function instanceCount(str, re) {
+            return ((str || '').match(re) || []).length;
+        }
+        const uppers = instanceCount(password, upper);
+        const lowers = instanceCount(password, lower);
+        const digits = instanceCount(password, digit);
+        const specials = password.length - uppers - lowers - digits;
+        let choices = 0;
+        if (uppers) {
+            choices += upperChoices;
+        }
+        if (lowers) {
+            choices += lowerChoices;
+        }
+        if (digits) {
+            choices += digitChoices;
+        }
+        if (specials) {
+            choices += specialChoices;
+        }
+        if (password.length === 0) {
+            return {
+                years: 0,
+                // bits of entropy
+                bits: 0,
+            };
+        }
+        const permutations = Math.pow(choices, password.length);
+        const years = (54000 * permutations) /
+            Math.pow(upperChoices + lowerChoices + digitChoices, 12);
+        return {
+            years,
+            // bits of entropy
+            bits: Math.round(Math.log2(permutations)),
+        };
+    }
+}
+PasswordService.ɵprov = i0.ɵɵdefineInjectable({ factory: function PasswordService_Factory() { return new PasswordService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.HttpClient), i0.ɵɵinject(i3.LrApolloService), i0.ɵɵinject(i4.AuthClass), i0.ɵɵinject(i5.ProfileService), i0.ɵɵinject(i6.KeyFactoryService), i0.ɵɵinject(i7.EncryptionService), i0.ɵɵinject(i8.KeyGraphService), i0.ɵɵinject(i9.WebCryptoService), i0.ɵɵinject(i10.IdleService)); }, token: PasswordService, providedIn: "root" });
+PasswordService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+PasswordService.ctorParameters = () => [
+    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
+    { type: HttpClient },
+    { type: LrApolloService },
+    { type: AuthClass },
+    { type: ProfileService },
+    { type: KFS },
+    { type: EncryptionService },
+    { type: KeyGraphService },
+    { type: WebCryptoService },
+    { type: IdleService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGFzc3dvcmQuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIvb3B0L2F0bGFzc2lhbi9waXBlbGluZXMvYWdlbnQvYnVpbGQvcHJvamVjdHMvY29yZS9zcmMvIiwic291cmNlcyI6WyJsaWIvcGFzc3dvcmQvcGFzc3dvcmQuc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xELE9BQU8sRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBRW5ELE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUMzRCxPQUFPLEtBQUssT0FBTyxNQUFNLFFBQVEsQ0FBQztBQUlsQyxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxrQ0FBa0MsQ0FBQztBQUNyRSxPQUFPLEVBQUUsV0FBVyxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDbkQsT0FBTyxFQUFFLGlCQUFpQixJQUFJLEdBQUcsRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBQ3RFLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUMzRCxPQUFPLEVBQW1CLFNBQVMsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sRUFBRSxjQUFjLEVBQUUsTUFBTSw0QkFBNEIsQ0FBQztBQUU1RCxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsTUFBTSxrQ0FBa0MsQ0FBQztBQUNwRSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sdUJBQXVCLENBQUM7QUFDeEQsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBQzdELE9BQU8sRUFDTCx5QkFBeUIsRUFDekIsc0JBQXNCLEVBQ3RCLDZCQUE2QixHQUM5QixNQUFNLGdCQUFnQixDQUFDOzs7Ozs7Ozs7Ozs7QUFFeEIscUhBQXFIO0FBQ3JILE1BQU0sTUFBTSxHQUFHLE9BQU8sQ0FBQztBQXlCdkIsTUFBTSxPQUFPLGFBQWE7Q0FJekI7QUFLRCxNQUFNLE9BQU8sZUFBZTtJQUcxQixZQUM2QixNQUF1QixFQUMxQyxJQUFnQixFQUNoQixNQUF1QixFQUN2QixJQUFlLEVBQ2YsY0FBOEIsRUFDOUIsVUFBZSxFQUNmLGlCQUFvQyxFQUNwQyxRQUF5QixFQUN6QixnQkFBa0MsRUFDbEMsV0FBd0I7UUFUTCxXQUFNLEdBQU4sTUFBTSxDQUFpQjtRQUMxQyxTQUFJLEdBQUosSUFBSSxDQUFZO1FBQ2hCLFdBQU0sR0FBTixNQUFNLENBQWlCO1FBQ3ZCLFNBQUksR0FBSixJQUFJLENBQVc7UUFDZixtQkFBYyxHQUFkLGNBQWMsQ0FBZ0I7UUFDOUIsZUFBVSxHQUFWLFVBQVUsQ0FBSztRQUNmLHNCQUFpQixHQUFqQixpQkFBaUIsQ0FBbUI7UUFDcEMsYUFBUSxHQUFSLFFBQVEsQ0FBaUI7UUFDekIscUJBQWdCLEdBQWhCLGdCQUFnQixDQUFrQjtRQUNsQyxnQkFBVyxHQUFYLFdBQVcsQ0FBYTtRQVpqQix3QkFBbUIsR0FBRyxFQUFFLENBQUM7SUFhdkMsQ0FBQztJQUVTLGFBQWEsQ0FBQyxRQUFnQjs7WUFDekMsTUFBTSxFQUFFLEtBQUssRUFBRSxHQUFHLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUVsRCxPQUFPO2dCQUNMLE1BQU0sRUFBRSxRQUFRLENBQUMsTUFBTTtnQkFDdkIsV0FBVyxFQUFFLE1BQU0sQ0FBQyxRQUFRLENBQUMsRUFBRSxLQUFLLEVBQUUsQ0FBQztnQkFDdkMsZUFBZSxFQUFFLE1BQU0sSUFBSSxDQUFDLGdCQUFnQixDQUFDLFFBQVEsQ0FBQzthQUN2RCxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRVksZ0JBQWdCLENBQUMsUUFBZ0I7O1lBQzVDLE1BQU0sWUFBWSxHQUFHLE1BQU0sSUFBSSxDQUFDLGdCQUFnQixDQUFDLFlBQVksQ0FDM0QsT0FBTyxFQUNQLFFBQVEsQ0FDVCxDQUFDO1lBQ0YsTUFBTSxVQUFVLEdBQUcsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUM7WUFFaEQsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSTtpQkFDN0IsR0FBRyxDQUFDLHdDQUF3QyxVQUFVLEVBQUUsRUFBRTtnQkFDekQsWUFBWSxFQUFFLE1BQU07YUFDckIsQ0FBQztpQkFDRCxTQUFTLEVBQUUsQ0FBQztZQUVmLE1BQU0sT0FBTyxHQUFHLElBQUksTUFBTSxDQUN4QixPQUFPLFlBQVksQ0FBQyxTQUFTLENBQUMsQ0FBQyxDQUFDLG1CQUFtQixFQUNuRCxJQUFJLENBQ0wsQ0FBQyxJQUFJLENBQUMsUUFBUSxDQUFDLENBQUM7WUFFakIsSUFBSSxPQUFPLEVBQUU7Z0JBQ1gsT0FBTyxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDO2FBQzlCO1lBQ0QsT0FBTyxDQUFDLENBQUM7UUFDWCxDQUFDO0tBQUE7SUFFTSxnQkFBZ0IsQ0FBQyxPQUFnQjtRQUN0QyxPQUFRLE9BQU8sQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFTLENBQUMsQ0FBQyxDQUFDO0lBQ3pDLENBQUM7SUFFWSxtQkFBbUIsQ0FBQyxRQUFnQjs7WUFDL0MsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDbEUsTUFBTSxPQUFPLEdBQUcsQ0FDZCxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxpQkFDakMsUUFBUSxJQUNMLGFBQWEsRUFDaEIsQ0FDSCxDQUFDLEdBQUcsQ0FBQztZQUVOLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBQ2xFLE1BQU0sT0FBTyxHQUFHLENBQ2QsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ2pDLFFBQVEsSUFDTCxhQUFhLEVBQ2hCLENBQ0gsQ0FBQyxHQUFHLENBQUM7WUFFTixNQUFNLGVBQWUsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUVqRSxNQUFNLHlCQUF5QixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDcEUsT0FBTyxFQUNQLGVBQWUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQzdCLENBQUM7WUFFRix3RUFBd0U7WUFDeEUsNkNBQTZDO1lBQzdDLHNDQUFzQztZQUN0QyxnR0FBZ0c7WUFFaEcsT0FBTztnQkFDTCxhQUFhO2dCQUNiLE9BQU87Z0JBQ1AsYUFBYTtnQkFDYixPQUFPO2dCQUNQLGVBQWU7Z0JBQ2YseUJBQXlCO2FBQzFCLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQXlCRztJQUVVLGVBQWU7O1lBQzFCLE1BQU0sb0JBQW9CLEdBQUcsTUFBTSxJQUFJLENBQUMsdUJBQXVCLEVBQUUsQ0FBQztZQUNsRSxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsb0JBQW9CLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDdkQsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLG9CQUFvQixDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQzNELE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDO1lBQzVELE1BQU0sT0FBTyxHQUFHLFFBQVEsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNyQyxJQUFJLE9BQU8sR0FBRyxvQkFBb0IsQ0FBQyxpQkFBaUIsRUFBRTtnQkFDcEQsT0FBTyxJQUFJLENBQUM7YUFDYjtpQkFBTTtnQkFDTCxPQUFPLEtBQUssQ0FBQzthQUNkO1FBQ0gsQ0FBQztLQUFBO0lBRVksY0FBYyxDQUFDLFFBQWdCLEVBQUUsV0FBbUI7O1lBQy9ELE1BQU0sV0FBVyxHQUFnQixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQztZQUU1RSx5RUFBeUU7WUFDekUsTUFBTSxFQUFFLFdBQVcsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUVuRSxNQUFNLEVBQUUsT0FBTyxFQUFFLGVBQWUsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FDNUQsUUFBUSxFQUNSLFdBQVcsQ0FDWixDQUFDO1lBRUYsZ0NBQWdDO1lBQ2hDLHFGQUFxRjtZQUNyRix5REFBeUQ7WUFFekQsMkJBQTJCO1lBQzNCLE1BQU0sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRS9ELHFDQUFxQztZQUNyQyxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUMxQyxXQUFXLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQ3hDLENBQUM7WUFDRixNQUFNLG1CQUFtQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDOUQsVUFBVSxDQUFDLE9BQU8sRUFDbEIsU0FBUyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQzNCLENBQUM7WUFFRixpRkFBaUY7WUFDakYsaUZBQWlGO1lBQ2pGLHNGQUFzRjtZQUN0Rix3Q0FBd0M7WUFFeEMsTUFBTSxFQUFFLEtBQUssRUFBRSxZQUFZLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxzQkFBc0IsQ0FDL0QsZUFBZSxFQUNmLFdBQVcsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLEVBQUUsRUFDdkMsbUJBQW1CLEVBQ25CLFVBQVUsQ0FDWCxDQUFDO1lBRUYsZ0NBQWdDO1lBQ2hDLDhGQUE4RjtZQUM5RiwrQ0FBK0M7WUFFL0MseUNBQXlDO1lBQ3pDLHlCQUF5QjtZQUN6QixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsY0FBYyxDQUM1QixXQUFXLEVBQ1gsSUFBSSxDQUFDLGdCQUFnQixDQUFDLE9BQU8sQ0FBQyxFQUM5QixJQUFJLENBQUMsZ0JBQWdCLENBQUMsVUFBVSxDQUFDLE9BQU8sQ0FBQyxDQUMxQyxDQUFDO1lBRUYsZ0NBQWdDO1lBQ2hDLHNCQUFzQjtZQUV0Qiw2RkFBNkY7WUFDN0YsMkZBQTJGO1lBQzNGLDRGQUE0RjtZQUM1RixrRUFBa0U7WUFDbEUsTUFBTSxJQUFJLENBQUMsc0JBQXNCLENBQy9CLFdBQVcsQ0FBQyxvQkFBb0IsRUFBRSxDQUFDLGNBQWMsRUFBRSxDQUFDLFdBQVcsRUFBRSxFQUNqRSxJQUFJLEVBQ0osS0FBSyxDQUNOLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFWSxzQkFBc0IsQ0FDakMsV0FBbUIsRUFDbkIsY0FBdUIsRUFDdkIsUUFBZ0IsSUFBSTs7WUFFcEIsT0FBTyxJQUFJLENBQUMsSUFBSTtpQkFDYixJQUFJLENBQ0gsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8saUNBQWlDLGtCQUVyRCxnQkFBZ0IsRUFBRSxjQUFjLElBQzdCLENBQUMsS0FBSyxJQUFJLEVBQUUsS0FBSyxFQUFFLENBQUMsR0FFekI7Z0JBQ0UsT0FBTyxFQUFFO29CQUNQLGFBQWEsRUFBRSxVQUFVLFdBQVcsRUFBRTtpQkFDdkM7YUFDRixDQUNGO2lCQUNBLFNBQVMsRUFBRSxDQUFDO1FBQ2pCLENBQUM7S0FBQTtJQUVhLGNBQWMsQ0FDMUIsT0FBZ0IsRUFDaEIsVUFBa0I7O1lBRWxCLElBQUk7Z0JBQ0YsTUFBTSxPQUFPLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxVQUFVLENBQUMsQ0FBQztnQkFDMUUsT0FBTyxHQUFHLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxDQUFDO2FBQzNCO1lBQUMsT0FBTyxLQUFLLEVBQUU7Z0JBQ2QsTUFBTSxJQUFJLGVBQWUsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO2FBQ3JEO1FBQ0gsQ0FBQztLQUFBO0lBRWEsY0FBYyxDQUMxQixRQUFnQixFQUNoQixXQUEyQjs7WUFFM0Isa0VBQWtFO1lBQ2xFLE1BQU0sZUFBZSxHQUNuQixNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUFnQztnQkFDdEQsUUFBUSxFQUFFLDZCQUE2QjtnQkFDdkMsU0FBUyxFQUFFLEVBQUU7YUFDZCxDQUFDLENBQUM7WUFFTCxrRUFBa0U7WUFDbEUsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ3ZELFFBQVEsSUFDTCxXQUFXLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQ25ELENBQUM7WUFFSCxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLENBQzNDLGFBQWEsQ0FBQyxHQUFHLEVBQ2pCLFdBQVcsQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLHlCQUF5QixDQUM3RCxDQUFDO1lBRUYseUZBQXlGO1lBQ3pGLFdBQVc7WUFDWCxNQUFNLFdBQVcsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFlBQVksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQUMsQ0FBQztZQUUzRSxNQUFNLGVBQWUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFO2dCQUNyRSxXQUFXLEVBQUUsZUFBZSxDQUFDLHFCQUFxQixDQUFDLFNBQVMsQ0FBQyxXQUFXO2dCQUN4RSxXQUFXO2FBQ1osQ0FBQyxDQUFDO1lBRUgsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ3ZELFFBQVEsSUFDTCxXQUFXLENBQUMsY0FBYyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQ25ELENBQUM7WUFFSCxPQUFPO2dCQUNMLE9BQU8sRUFBRSxhQUFhLENBQUMsR0FBRztnQkFDMUIsZUFBZTthQUNoQixDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRWEsc0JBQXNCLENBQ2xDLGVBQXFDLEVBQ3JDLFdBQW1CLEVBQ25CLG1CQUEyQixFQUMzQixhQUE0Qjs7WUFFNUIsTUFBTSxRQUFRLEdBQUcsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBeUI7Z0JBQ2hFLFFBQVEsRUFBRSxzQkFBc0I7Z0JBQ2hDLFNBQVMsRUFBRTtvQkFDVCxLQUFLLEVBQUU7d0JBQ0wsZUFBZSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDO3dCQUNoRCxXQUFXO3dCQUNYLG1CQUFtQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsbUJBQW1CLENBQUM7d0JBQ3hELFVBQVUsRUFBRTs0QkFDVixhQUFhLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxhQUFhLENBQUMsYUFBYSxDQUFDOzRCQUMxRCxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUNoQyxhQUFhLENBQUMsZUFBZSxDQUFDLE1BQU0sRUFBRSxDQUN2Qzs0QkFDRCx5QkFBeUIsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUN2QyxhQUFhLENBQUMseUJBQXlCLENBQ3hDOzRCQUNELGFBQWEsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUM7eUJBQzNEO3FCQUNGO2lCQUNGO2FBQ0YsQ0FBQyxDQUFDO1lBQ0gsT0FBTztnQkFDTCxLQUFLLEVBQUUsUUFBUSxDQUFDLGNBQWMsQ0FBQyxLQUFLO2dCQUNwQyxZQUFZLEVBQUUsUUFBUSxDQUFDLGNBQWMsQ0FBQyxVQUFVLENBQUMsRUFBRTthQUNwRCxDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRUssdUJBQXVCOztZQUMzQixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFNO2dCQUN2QyxLQUFLLEVBQUUseUJBQXlCO2FBQ2pDLENBQUMsQ0FBQztZQUVILE1BQU0sR0FBRyxHQUFHLEdBQUcsQ0FBQyxvQkFBNEMsQ0FBQztZQUU3RCxHQUFHLENBQUMsUUFBUSxHQUFHLElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUN0QyxHQUFHLENBQUMsVUFBVSxHQUFHLElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUMxQyxPQUFPLEdBQUcsQ0FBQztRQUNiLENBQUM7S0FBQTtJQUVNLGdCQUFnQixDQUFDLFFBQVE7UUFDOUIsTUFBTSxLQUFLLEdBQUcsUUFBUSxDQUFDO1FBQ3ZCLE1BQU0sS0FBSyxHQUFHLFFBQVEsQ0FBQztRQUN2QixNQUFNLEtBQUssR0FBRyxRQUFRLENBQUM7UUFFdkIsTUFBTSxZQUFZLEdBQUcsRUFBRSxDQUFDO1FBQ3hCLE1BQU0sWUFBWSxHQUFHLEVBQUUsQ0FBQztRQUN4QixNQUFNLFlBQVksR0FBRyxFQUFFLENBQUM7UUFDeEIsTUFBTSxjQUFjLEdBQUcsRUFBRSxDQUFDLENBQUMsd0NBQXdDO1FBRW5FLFNBQVMsYUFBYSxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQzVCLE9BQU8sQ0FBQyxDQUFDLEdBQUcsSUFBSSxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDO1FBQzlDLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBRyxhQUFhLENBQUMsUUFBUSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzlDLE1BQU0sTUFBTSxHQUFHLGFBQWEsQ0FBQyxRQUFRLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDOUMsTUFBTSxNQUFNLEdBQUcsYUFBYSxDQUFDLFFBQVEsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUM5QyxNQUFNLFFBQVEsR0FBRyxRQUFRLENBQUMsTUFBTSxHQUFHLE1BQU0sR0FBRyxNQUFNLEdBQUcsTUFBTSxDQUFDO1FBRTVELElBQUksT0FBTyxHQUFHLENBQUMsQ0FBQztRQUNoQixJQUFJLE1BQU0sRUFBRTtZQUNWLE9BQU8sSUFBSSxZQUFZLENBQUM7U0FDekI7UUFDRCxJQUFJLE1BQU0sRUFBRTtZQUNWLE9BQU8sSUFBSSxZQUFZLENBQUM7U0FDekI7UUFDRCxJQUFJLE1BQU0sRUFBRTtZQUNWLE9BQU8sSUFBSSxZQUFZLENBQUM7U0FDekI7UUFDRCxJQUFJLFFBQVEsRUFBRTtZQUNaLE9BQU8sSUFBSSxjQUFjLENBQUM7U0FDM0I7UUFFRCxJQUFJLFFBQVEsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFO1lBQ3pCLE9BQU87Z0JBQ0wsS0FBSyxFQUFFLENBQUM7Z0JBQ1Isa0JBQWtCO2dCQUNsQixJQUFJLEVBQUUsQ0FBQzthQUNSLENBQUM7U0FDSDtRQUVELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUV4RCxNQUFNLEtBQUssR0FDVCxDQUFDLEtBQUssR0FBRyxZQUFZLENBQUM7WUFDdEIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxZQUFZLEdBQUcsWUFBWSxHQUFHLFlBQVksRUFBRSxFQUFFLENBQUMsQ0FBQztRQUMzRCxPQUFPO1lBQ0wsS0FBSztZQUNMLGtCQUFrQjtZQUNsQixJQUFJLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1NBQzFDLENBQUM7SUFDSixDQUFDOzs7O1lBblhGLFVBQVUsU0FBQztnQkFDVixVQUFVLEVBQUUsTUFBTTthQUNuQjs7OzRDQUtJLE1BQU0sU0FBQyxTQUFTO1lBL0RaLFVBQVU7WUFpQlYsZUFBZTtZQWRmLFNBQVM7WUFVVCxjQUFjO1lBSE8sR0FBRztZQUZ4QixpQkFBaUI7WUFHakIsZUFBZTtZQUlmLGdCQUFnQjtZQU5oQixXQUFXIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSHR0cENsaWVudCB9IGZyb20gJ0Bhbmd1bGFyL2NvbW1vbi9odHRwJztcbmltcG9ydCB7IEluamVjdCwgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgQ29nbml0b1VzZXIgfSBmcm9tICdAYXdzLWFtcGxpZnkvYXV0aCc7XG5pbXBvcnQgeyBBdXRoQ2xhc3MgfSBmcm9tICdAYXdzLWFtcGxpZnkvYXV0aC9saWItZXNtL0F1dGgnO1xuaW1wb3J0ICogYXMgbW9tZW50XyBmcm9tICdtb21lbnQnO1xuaW1wb3J0IHsgRHVyYXRpb24gfSBmcm9tICdtb21lbnQnO1xuaW1wb3J0IHsgSldLLCBKV1MgfSBmcm9tICdub2RlLWpvc2UnO1xuaW1wb3J0IHsgUGFzc0tleUJ1bmRsZSB9IGZyb20gJy4uL2F1dGgvYXV0aC50eXBlcyc7XG5pbXBvcnQgeyBFbmNyeXB0aW9uU2VydmljZSB9IGZyb20gJy4uL2VuY3J5cHRpb24vZW5jcnlwdGlvbi5zZXJ2aWNlJztcbmltcG9ydCB7IElkbGVTZXJ2aWNlIH0gZnJvbSAnLi4vaWRsZS9pZGxlLnNlcnZpY2UnO1xuaW1wb3J0IHsgS2V5RmFjdG9yeVNlcnZpY2UgYXMgS0ZTIH0gZnJvbSAnLi4va2V5L2tleS1mYWN0b3J5LnNlcnZpY2UnO1xuaW1wb3J0IHsgS2V5R3JhcGhTZXJ2aWNlIH0gZnJvbSAnLi4va2V5L2tleS1ncmFwaC5zZXJ2aWNlJztcbmltcG9ydCB7IExpZmVSZWFkeUNvbmZpZywgTFJfQ09ORklHIH0gZnJvbSAnLi4vbGlmZS1yZWFkeS5jb25maWcnO1xuaW1wb3J0IHsgUHJvZmlsZVNlcnZpY2UgfSBmcm9tICcuLi9wcm9maWxlL3Byb2ZpbGUuc2VydmljZSc7XG5pbXBvcnQgeyBBcGlDdXJyZW50VXNlciB9IGZyb20gJy4uL3Byb2ZpbGUvcHJvZmlsZS50eXBlcyc7XG5pbXBvcnQgeyBXZWJDcnlwdG9TZXJ2aWNlIH0gZnJvbSAnLi4vd2ViLWNyeXB0by93ZWItY3J5cHRvLnNlcnZpY2UnO1xuaW1wb3J0IHsgTHJBdXRoRXhjZXB0aW9uIH0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcbmltcG9ydCB7IExyQXBvbGxvU2VydmljZSB9IGZyb20gJy4vLi4vYXBpL2xyLWFwb2xsby5zZXJ2aWNlJztcbmltcG9ydCB7XG4gIFBhc3N3b3JkQ2hhbmdlQ29uZmlnUXVlcnksXG4gIFBhc3N3b3JkQ2hhbmdlTXV0YXRpb24sXG4gIFBhc3N3b3JkQ2hhbmdlUmVxdWVzdE11dGF0aW9uLFxufSBmcm9tICcuL3Bhc3N3b3JkLmdxbCc7XG5cbi8vIFwid2h5P1wiIHlvdSBhc2s6IGh0dHBzOi8vc3RhY2tvdmVyZmxvdy5jb20vcXVlc3Rpb25zLzU5NzM1MjgwL2FuZ3VsYXItOC1tb21lbnQtZXJyb3ItY2Fubm90LWNhbGwtYS1uYW1lc3BhY2UtbW9tZW50XG5jb25zdCBtb21lbnQgPSBtb21lbnRfO1xuXG5pbnRlcmZhY2UgUGFzc3dvcmRDaGFuZ2VSZXF1ZXN0TXV0YXRpb24ge1xuICBwYXNzd29yZENoYW5nZVJlcXVlc3Q6IHtcbiAgICBjaGFsbGVuZ2U6IHtcbiAgICAgIHNlcnZlck5vbmNlOiBzdHJpbmc7XG4gICAgfTtcbiAgfTtcbn1cblxuaW50ZXJmYWNlIFBhc3N3b3JkQ2hhbmdlTXV0YXRpb24ge1xuICBwYXNzd29yZENoYW5nZToge1xuICAgIHRva2VuOiBzdHJpbmc7XG4gICAgbmV3UGFzc0tleToge1xuICAgICAgaWQ6IHN0cmluZztcbiAgICB9O1xuICB9O1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFBhc3N3b3JkQ2hhbmdlQ29uZmlnIHtcbiAgbWF4QXV0aEFnZVNlY29uZHM6IG51bWJlcjtcbiAgYXV0aFRpbWU6IHN0cmluZyB8IERhdGU7XG4gIHNlcnZlclRpbWU6IHN0cmluZyB8IERhdGU7XG59XG5cbmV4cG9ydCBjbGFzcyBQYXNzd29yZENoZWNrIHtcbiAgbGVuZ3RoPzogbnVtYmVyO1xuICB0aW1lVG9DcmFjaz86IER1cmF0aW9uO1xuICBwYXNzd29yZEV4cG9zZWQ/OiBudW1iZXI7XG59XG5cbkBJbmplY3RhYmxlKHtcbiAgcHJvdmlkZWRJbjogJ3Jvb3QnLFxufSlcbmV4cG9ydCBjbGFzcyBQYXNzd29yZFNlcnZpY2Uge1xuICBwcml2YXRlIHJlYWRvbmx5IENMSUVOVF9OT05DRV9MRU5HVEggPSAzMjtcblxuICBjb25zdHJ1Y3RvcihcbiAgICBASW5qZWN0KExSX0NPTkZJRykgcHJpdmF0ZSBjb25maWc6IExpZmVSZWFkeUNvbmZpZyxcbiAgICBwcml2YXRlIGh0dHA6IEh0dHBDbGllbnQsXG4gICAgcHJpdmF0ZSBhcG9sbG86IExyQXBvbGxvU2VydmljZSxcbiAgICBwcml2YXRlIGF1dGg6IEF1dGhDbGFzcyxcbiAgICBwcml2YXRlIHByb2ZpbGVTZXJ2aWNlOiBQcm9maWxlU2VydmljZSxcbiAgICBwcml2YXRlIGtleUZhY3Rvcnk6IEtGUyxcbiAgICBwcml2YXRlIGVuY3J5cHRpb25TZXJ2aWNlOiBFbmNyeXB0aW9uU2VydmljZSxcbiAgICBwcml2YXRlIGtleUdyYXBoOiBLZXlHcmFwaFNlcnZpY2UsXG4gICAgcHJpdmF0ZSB3ZWJDcnlwdG9TZXJ2aWNlOiBXZWJDcnlwdG9TZXJ2aWNlLFxuICAgIHByaXZhdGUgaWRsZVNlcnZpY2U6IElkbGVTZXJ2aWNlXG4gICkge31cblxuICBwdWJsaWMgYXN5bmMgY2hlY2tQYXNzd29yZChwYXNzd29yZDogc3RyaW5nKTogUHJvbWlzZTxQYXNzd29yZENoZWNrPiB7XG4gICAgY29uc3QgeyB5ZWFycyB9ID0gdGhpcy5wYXNzd29yZFN0cmVuZ3RoKHBhc3N3b3JkKTtcblxuICAgIHJldHVybiB7XG4gICAgICBsZW5ndGg6IHBhc3N3b3JkLmxlbmd0aCxcbiAgICAgIHRpbWVUb0NyYWNrOiBtb21lbnQuZHVyYXRpb24oeyB5ZWFycyB9KSxcbiAgICAgIHBhc3N3b3JkRXhwb3NlZDogYXdhaXQgdGhpcy5nZXRFeHBvc3VyZUNvdW50KHBhc3N3b3JkKSxcbiAgICB9O1xuICB9XG5cbiAgcHVibGljIGFzeW5jIGdldEV4cG9zdXJlQ291bnQocGFzc3dvcmQ6IHN0cmluZyk6IFByb21pc2U8bnVtYmVyPiB7XG4gICAgY29uc3Qgc2hhMVBhc3N3b3JkID0gYXdhaXQgdGhpcy53ZWJDcnlwdG9TZXJ2aWNlLnN0cmluZ0RpZ2VzdChcbiAgICAgICdTSEEtMScsXG4gICAgICBwYXNzd29yZFxuICAgICk7XG4gICAgY29uc3QgZmlyc3Q1c2hhMSA9IHNoYTFQYXNzd29yZC5zdWJzdHJpbmcoMCwgNSk7XG5cbiAgICBjb25zdCByZXNwb25zZSA9IGF3YWl0IHRoaXMuaHR0cFxuICAgICAgLmdldChgaHR0cHM6Ly9hcGkucHduZWRwYXNzd29yZHMuY29tL3JhbmdlLyR7Zmlyc3Q1c2hhMX1gLCB7XG4gICAgICAgIHJlc3BvbnNlVHlwZTogJ3RleHQnLFxuICAgICAgfSlcbiAgICAgIC50b1Byb21pc2UoKTtcblxuICAgIGNvbnN0IHJlc3VsdHMgPSBuZXcgUmVnRXhwKFxuICAgICAgYF4oPzoke3NoYTFQYXNzd29yZC5zdWJzdHJpbmcoNSl9OikoPzxjb3VudD5cXFxcZCspJGAsXG4gICAgICAnaW0nXG4gICAgKS5leGVjKHJlc3BvbnNlKTtcblxuICAgIGlmIChyZXN1bHRzKSB7XG4gICAgICByZXR1cm4gK3Jlc3VsdHMuZ3JvdXBzLmNvdW50O1xuICAgIH1cbiAgICByZXR1cm4gMDtcbiAgfVxuXG4gIHB1YmxpYyBnZXRQYXNzSWRwU3RyaW5nKHBhc3NJZHA6IEpXSy5LZXkpIHtcbiAgICByZXR1cm4gKHBhc3NJZHAudG9KU09OKHRydWUpIGFzIGFueSkuaztcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBjcmVhdGVQYXNzS2V5QnVuZGxlKHBhc3N3b3JkOiBzdHJpbmcpOiBQcm9taXNlPFBhc3NLZXlCdW5kbGU+IHtcbiAgICBjb25zdCBwYXNzSWRwUGFyYW1zID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZVBhc3NJZHBQYXJhbXMoKTtcbiAgICBjb25zdCBwYXNzSWRwID0gKFxuICAgICAgYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmRlcml2ZVBhc3NJZHAoe1xuICAgICAgICBwYXNzd29yZCxcbiAgICAgICAgLi4ucGFzc0lkcFBhcmFtcyxcbiAgICAgIH0pXG4gICAgKS5qd2s7XG5cbiAgICBjb25zdCBwYXNzS2V5UGFyYW1zID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZVBhc3NLZXlQYXJhbXMoKTtcbiAgICBjb25zdCBwYXNzS2V5ID0gKFxuICAgICAgYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmRlcml2ZVBhc3NLZXkoe1xuICAgICAgICBwYXNzd29yZCxcbiAgICAgICAgLi4ucGFzc0tleVBhcmFtcyxcbiAgICAgIH0pXG4gICAgKS5qd2s7XG5cbiAgICBjb25zdCBwYXNzSWRwVmVyaWZpZXIgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlUGtjU2lnbktleSgpO1xuXG4gICAgY29uc3Qgd3JhcHBlZFBhc3NJZHBWZXJpZmllclByayA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIHBhc3NLZXksXG4gICAgICBwYXNzSWRwVmVyaWZpZXIudG9KU09OKHRydWUpXG4gICAgKTtcblxuICAgIC8vIFRoZXJlIGFyZSB0d28gZm9ybWF0cyB0aGF0IHRoZSBwcml2YXRlIGtleSBjYW4gYmUgcmVwcmVzZW50ZWQgaW4gSldLOlxuICAgIC8vIGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM4MDE3I3BhZ2UtOVxuICAgIC8vIFRoZSBzZWNvbmQgZm9ybSBpcyBhbiBvcHRpbWl6YXRpb246XG4gICAgLy8gaHR0cHM6Ly9jcnlwdG8uc3RhY2tleGNoYW5nZS5jb20vcXVlc3Rpb25zLzE5NDEzL3doYXQtYXJlLWRwLWFuZC1kcS1pbi1lbmNyeXB0aW9uLWJ5LXJzYS1pbi1jXG5cbiAgICByZXR1cm4ge1xuICAgICAgcGFzc0tleVBhcmFtcyxcbiAgICAgIHBhc3NLZXksXG4gICAgICBwYXNzSWRwUGFyYW1zLFxuICAgICAgcGFzc0lkcCxcbiAgICAgIHBhc3NJZHBWZXJpZmllcixcbiAgICAgIHdyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcmssXG4gICAgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBXZSBuZWVkIHRvIGFsbG93IGZvciBpbnRlcnJ1cHRpb24gb2YgdGhlIHByb2Nlc3MgYXQgYW55IHBvaW50LiBFYWNoIEFQSSBjYWxsIGNhbiBiZSBjb25zaWRlcmVkXG4gICAqIGF0b21pYyBhbmQgZWl0aGVyIHN1Y2NlZWRzIG9yIGZhaWxzLlxuICAgKlxuICAgKiBUaGUgTFIgc2VydmVyIEFQSXMgdXNlIHNlbWFwaG9yZSB0b2tlbnMgZm9yIGxvY2tpbmcgY3JpdGljYWwgb3BlcmF0aW9ucywgc28gY29uY3VycmVudCBjYWxscyB3aWxsXG4gICAqIGZhaWwuXG4gICAqXG4gICAqIFdlIGFzc3VtZSB0aGUgd29yc3QgY2FzZSBmb3IgSWRQIEFQSSBjYWxscy4gU28gd2UgdXNlIHRoZSBzZW1hcGhvcmUgdG9rZW4gZnJvbSBMUiB0byBwcmV2ZW50XG4gICAqIGNvbmN1cnJlbnQgY2FsbHMgdG8gSWRQIEFQSXMsIGJ1dCB3ZSBoYXZlIHRvIGFzc3VtZSB0aGF0IHRoZSBJZFAgQVBJIGNhbGxzIHdpbGwgZWl0aGVyIHN1Y2NlZWQgb3JcbiAgICogZmFpbCB3aXRoaW4gYSByZWFzb25hYmxlIGFtb3VudCBvZiB0aW1lLlxuICAgKlxuICAgKiBFYWNoIGxvY2F0aW9uIHdoZXJlIHRoZSBzZXJ2ZXIgc3RhdGUgY2hhbmdlcyBjYW4gYmUgYSBwb3RlbnRpYWwgcG9pbnQgb2YgaW50ZXJydXB0aW9uLlxuICAgKiBQb3RlbnRpYWwgcG9pbnRzIG9mIGludGVycnVwdGlvbiBhcmUgbWFya2VkIHdpdGg6IC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQtLVxuICAgKlxuICAgKiBQbGFjZXMgZm9yIHRpbWVvdXQ6XG4gICAqIC0gTG9naW4gYWdlIHRvbyBvbGQgYXQgY2FsbCB0bzogdmVyaWZ5UGFzc3dvcmQoKVxuICAgKiAtIExvZ2luIGFnZSB0b28gb2xkIGF0IGNhbGwgdG86IGNoYW5nZVBhc3N3b3JkTXV0YXRpb24oKVxuICAgKiAtIFNlbWFwaG9yZSB0b2tlbiBleHBpcmVzIGF0IGNhbGwgdG86IGNoYW5nZVBhc3N3b3JkQ29tcGxldGUoKVxuICAgKlxuICAgKiBUZXN0czpcbiAgICogLSBQb3RlbnRpYWwgRmFpbHVyZSBQb2ludCAxOiBzaG91bGQgYmUgYWJsZSB0byByZXN0YXJ0IHRoZSBwcm9jZXNzLCB1c2VyIHJlbWFpbnMgc2lnbmVkIGluLlxuICAgKiAtIFBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDI6IHNob3VsZCBlbnRlciByZWNvdmVyeSBmbG93XG4gICAqIC0gUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgMzogc2hvdWxkIGVudGVyIHJlY292ZXJ5IGZsb3dcbiAgICogLSBQb3RlbnRpYWwgRmFpbHVyZSBQb2ludCA0OiBzaG91bGQgZW50ZXIgcmVjb3ZlcnkgZmxvd1xuICAgKlxuICAgKi9cblxuICBwdWJsaWMgYXN5bmMgaXNMb2dpblJlcXVpcmVkKCk6IFByb21pc2U8Ym9vbGVhbj4ge1xuICAgIGNvbnN0IGNoYW5nZVBhc3N3b3JkQ29uZmlnID0gYXdhaXQgdGhpcy5nZXRDaGFuZ2VQYXNzd29yZENvbmZpZygpO1xuICAgIGNvbnN0IGF1dGhUaW1lID0gbW9tZW50KGNoYW5nZVBhc3N3b3JkQ29uZmlnLmF1dGhUaW1lKTtcbiAgICBjb25zdCBzZXJ2ZXJUaW1lID0gbW9tZW50KGNoYW5nZVBhc3N3b3JkQ29uZmlnLnNlcnZlclRpbWUpO1xuICAgIGNvbnN0IGR1cmF0aW9uID0gbW9tZW50LmR1cmF0aW9uKHNlcnZlclRpbWUuZGlmZihhdXRoVGltZSkpO1xuICAgIGNvbnN0IHNlY29uZHMgPSBkdXJhdGlvbi5hc1NlY29uZHMoKTtcbiAgICBpZiAoc2Vjb25kcyA+IGNoYW5nZVBhc3N3b3JkQ29uZmlnLm1heEF1dGhBZ2VTZWNvbmRzKSB7XG4gICAgICByZXR1cm4gdHJ1ZTtcbiAgICB9IGVsc2Uge1xuICAgICAgcmV0dXJuIGZhbHNlO1xuICAgIH1cbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBjaGFuZ2VQYXNzd29yZChwYXNzd29yZDogc3RyaW5nLCBuZXdQYXNzd29yZDogc3RyaW5nKSB7XG4gICAgY29uc3QgY29nbml0b1VzZXI6IENvZ25pdG9Vc2VyID0gYXdhaXQgdGhpcy5hdXRoLmN1cnJlbnRBdXRoZW50aWNhdGVkVXNlcigpO1xuXG4gICAgLy8gTm90IGNoZWNraW5nIHRoYXQgcGFzc3dvcmRzIGFyZSBkaWZmZXJlbnQuIEl0IG1ha2VzIGl0IGVhc2llciB0byB0ZXN0LlxuICAgIGNvbnN0IHsgY3VycmVudFVzZXIgfSA9IGF3YWl0IHRoaXMucHJvZmlsZVNlcnZpY2UuZ2V0Q3VycmVudFVzZXIoKTtcblxuICAgIGNvbnN0IHsgcGFzc0lkcCwgc2lnbmVkQ2hhbGxlbmdlIH0gPSBhd2FpdCB0aGlzLnZlcmlmeVBhc3N3b3JkKFxuICAgICAgcGFzc3dvcmQsXG4gICAgICBjdXJyZW50VXNlclxuICAgICk7XG5cbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDEtLVxuICAgIC8vIHZlcmlmeVBhc3N3b3JkKCkgYXNrcyBmb3IgYSBjdXJyZW50IHBhc3N3b3JkIGNoYWxsZW5nZSBoZW5jZSBjaGFuZ2VzIHNlcnZlciBzdGF0ZS5cbiAgICAvLyBQbGFjZSBicmVhayBwb2ludHMgaGVyZSB0byB0ZXN0IHRoZSBmYWlsdXJlIHNjZW5hcmlvcy5cblxuICAgIC8vIEdlbmVyYXRlIHRoZSBuZXcgcGFzc0lkcFxuICAgIGNvbnN0IG5ld1Bhc3NLZXkgPSBhd2FpdCB0aGlzLmNyZWF0ZVBhc3NLZXlCdW5kbGUobmV3UGFzc3dvcmQpO1xuXG4gICAgLy8gUmUtZW5jcnlwdCBtYXN0ZXIga2V5IHdpdGggbmV3IGtleVxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5R3JhcGguZ2V0S2V5KFxuICAgICAgY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkubWFzdGVyS2V5LmlkXG4gICAgKTtcbiAgICBjb25zdCBuZXdXcmFwcGVkTWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgbmV3UGFzc0tleS5wYXNzS2V5LFxuICAgICAgbWFzdGVyS2V5Lmp3ay50b0pTT04odHJ1ZSlcbiAgICApO1xuXG4gICAgLy8gSWYgdGhlIElkUCBjaGFuZ2UgcGFzc3dvcmQgZmFpbGVkLCB3ZSBuZWVkIHRvIGdvIGludG8gcmVjb3ZlcnkgbW9kZSBieSBmb3JjaW5nXG4gICAgLy8gYSBsb2dpbi4gV2UgY2FuJ3QgbG9nb3V0IHRoZSB1c2VyIGp1c3QgeWV0IHNpbmNlIHRoZSBJZFAgcGFzc3dvcmQgY2hhbmdlIG5lZWRzXG4gICAgLy8gdGhlIHVzZXIgdG8gYmUgbG9nZ2VkIGluLiBXZSBfY2FuXyByZW1vdmVkIGFueSBwZXJzaXN0ZWQgc2Vzc2lvbiB2YWx1ZXMgZm9yIHRoZSBJZFBcbiAgICAvLyBidXQgdGhhdCBzZWVtcyBsaWtlIHRvbyBtdWNoIHRyb3VibGUuXG5cbiAgICBjb25zdCB7IHRva2VuLCBuZXdQYXNzS2V5SWQgfSA9IGF3YWl0IHRoaXMuY2hhbmdlUGFzc3dvcmRNdXRhdGlvbihcbiAgICAgIHNpZ25lZENoYWxsZW5nZSxcbiAgICAgIGN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5Lm1hc3RlcktleS5pZCxcbiAgICAgIG5ld1dyYXBwZWRNYXN0ZXJLZXksXG4gICAgICBuZXdQYXNzS2V5XG4gICAgKTtcblxuICAgIC8vIC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgMi0tXG4gICAgLy8gY2hhbmdlUGFzc3dvcmRNdXRhdGlvbigpIHVwbG9hZHMgbmV3IGtleXMgYW5kIG9idGFpbnMgYSBzZW1hcGhvcmUgbG9jayB0byBwcmV2ZW50IGFueSBvdGhlclxuICAgIC8vIGNsaWVudHMgZnJvbSBwZXJmb3JtaW5nIElkUCBwYXNzd29yZCBjaGFuZ2UuXG5cbiAgICAvLyBOb3cgd2UgY2FuIGRvIHRoZSBJZFAgcGFzc3dvcmQgY2hhbmdlLlxuICAgIC8vIHRvZG86IEFkZCB0aGlzIGJhY2sgaW5cbiAgICBhd2FpdCB0aGlzLmF1dGguY2hhbmdlUGFzc3dvcmQoXG4gICAgICBjb2duaXRvVXNlcixcbiAgICAgIHRoaXMuZ2V0UGFzc0lkcFN0cmluZyhwYXNzSWRwKSxcbiAgICAgIHRoaXMuZ2V0UGFzc0lkcFN0cmluZyhuZXdQYXNzS2V5LnBhc3NJZHApXG4gICAgKTtcblxuICAgIC8vIC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgMy0tXG4gICAgLy8gSWRQIHBhc3N3b3JkIGNoYW5nZVxuXG4gICAgLy8gTm90ZSB0aGF0IGNoYW5nZVBhc3N3b3JkKCkgY291bGQgdGhyb3cgYW4gZXhjZXB0aW9uIGZvciBhIG51bWJlciBvZiByZWFzb24uIEl0IGNvdWxkIHRocm93XG4gICAgLy8gYSBuZXR3b3JrIHRpbWVvdXQgZm9yIGV4YW1wbGUuIEJ1dCB3ZSBkb24ndCBrbm93IGlmIGl0J3MgdGhlIHJlc3BvbnNlIHRoYXQgdGltZWQgb3V0IGFuZFxuICAgIC8vIHRoZSBpZHAgcGFzc3dvcmQgY2hhbmdlIHdhcyBhY3R1YWxseSBjYXJyaWVkIG91dC4gU28gd2UgaGF2ZSB0byBiZSBleHRyYSBjb25zZXJ2YXRpdmUgYW5kXG4gICAgLy8gb25seSBhY3Qgb24gYSBjbGVhciBzdWNjZXNzLiBPdGhlcndpc2Ugd2UgZ28gaW50byByZWNvdmVyIG1vZGUuXG4gICAgYXdhaXQgdGhpcy5jaGFuZ2VQYXNzd29yZENvbXBsZXRlKFxuICAgICAgY29nbml0b1VzZXIuZ2V0U2lnbkluVXNlclNlc3Npb24oKS5nZXRBY2Nlc3NUb2tlbigpLmdldEp3dFRva2VuKCksXG4gICAgICB0cnVlLFxuICAgICAgdG9rZW5cbiAgICApO1xuICB9XG5cbiAgcHVibGljIGFzeW5jIGNoYW5nZVBhc3N3b3JkQ29tcGxldGUoXG4gICAgYWNjZXNzVG9rZW46IHN0cmluZyxcbiAgICB1c2VOZXdQYXNzd29yZDogYm9vbGVhbixcbiAgICB0b2tlbjogc3RyaW5nID0gbnVsbFxuICApOiBQcm9taXNlPGFueT4ge1xuICAgIHJldHVybiB0aGlzLmh0dHBcbiAgICAgIC5wb3N0KFxuICAgICAgICBgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL3Bhc3N3b3JkLWNoYW5nZS1jb21wbGV0ZS9gLFxuICAgICAgICB7XG4gICAgICAgICAgdXNlX25ld19wYXNzd29yZDogdXNlTmV3UGFzc3dvcmQsXG4gICAgICAgICAgLi4uKHRva2VuICYmIHsgdG9rZW4gfSksXG4gICAgICAgIH0sXG4gICAgICAgIHtcbiAgICAgICAgICBoZWFkZXJzOiB7XG4gICAgICAgICAgICBBdXRob3JpemF0aW9uOiBgQmVhcmVyICR7YWNjZXNzVG9rZW59YCxcbiAgICAgICAgICB9LFxuICAgICAgICB9XG4gICAgICApXG4gICAgICAudG9Qcm9taXNlKCk7XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGdldFZlcmlmaWVyUHJLKFxuICAgIHBhc3NLZXk6IEpXSy5LZXksXG4gICAgd3JhcHBlZFBySzogb2JqZWN0XG4gICk6IFByb21pc2U8SldLLktleT4ge1xuICAgIHRyeSB7XG4gICAgICBjb25zdCBwcmtKc29uID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KHBhc3NLZXksIHdyYXBwZWRQckspO1xuICAgICAgcmV0dXJuIEtGUy5hc0tleShwcmtKc29uKTtcbiAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgdGhyb3cgbmV3IExyQXV0aEV4Y2VwdGlvbignV3JvbmcgY3VycmVudCBwYXNzd29yZCcpO1xuICAgIH1cbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgdmVyaWZ5UGFzc3dvcmQoXG4gICAgcGFzc3dvcmQ6IHN0cmluZyxcbiAgICBjdXJyZW50VXNlcjogQXBpQ3VycmVudFVzZXJcbiAgKTogUHJvbWlzZTx7IHBhc3NJZHA6IEpXSy5LZXk7IHNpZ25lZENoYWxsZW5nZTogSldTLkNyZWF0ZVNpZ25SZXN1bHQgfT4ge1xuICAgIC8vIEdldCBpbmZvcm1hdGlvbiBmcm9tIHRoZSBzZXJ2ZXIgdG8gcHJlcGFyZSBmb3IgcGFzc3dvcmQgY2hhbmdlLlxuICAgIGNvbnN0IHBhc3N3b3JkUmVxdWVzdCA9XG4gICAgICBhd2FpdCB0aGlzLmFwb2xsby5tdXRhdGU8UGFzc3dvcmRDaGFuZ2VSZXF1ZXN0TXV0YXRpb24+KHtcbiAgICAgICAgbXV0YXRpb246IFBhc3N3b3JkQ2hhbmdlUmVxdWVzdE11dGF0aW9uLFxuICAgICAgICB2YXJpYWJsZXM6IHt9LFxuICAgICAgfSk7XG5cbiAgICAvLyBHZXQgdGhlIG9sZCBwYXNzS2V5IHNvIHdlIGNhbiBkZWNyeXB0IHRoZSBvbGQgcGFzc3dvcmQgdmVyaWZpZXJcbiAgICBjb25zdCBwYXNzS2V5UmVzdWx0ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmRlcml2ZVBhc3NLZXkoe1xuICAgICAgcGFzc3dvcmQsXG4gICAgICAuLi5jdXJyZW50VXNlci5jdXJyZW50VXNlcktleS5wYXNzS2V5LnBhc3NLZXlQYXJhbXMsXG4gICAgfSk7XG5cbiAgICBjb25zdCB2ZXJpZmllclBySyA9IGF3YWl0IHRoaXMuZ2V0VmVyaWZpZXJQcksoXG4gICAgICBwYXNzS2V5UmVzdWx0Lmp3ayxcbiAgICAgIGN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5LnBhc3NLZXkud3JhcHBlZFBhc3NJZHBWZXJpZmllclBya1xuICAgICk7XG5cbiAgICAvLyBTaWduIHRoZSBzZXJ2ZXIgY2hhbGxlbmdlIHRvIHByb3ZlIHRvIHRoZSBzZXJ2ZXIgd2UgY2FuIGRlY3J5cHQgdGhlIHBhc3N3b3JkIHZlcmlmaWVyLlxuICAgIC8vIEdlbmVyYXRlXG4gICAgY29uc3QgY2xpZW50Tm9uY2UgPSB0aGlzLmtleUZhY3RvcnkucmFuZG9tU3RyaW5nKHRoaXMuQ0xJRU5UX05PTkNFX0xFTkdUSCk7XG5cbiAgICBjb25zdCBzaWduZWRDaGFsbGVuZ2UgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24odmVyaWZpZXJQckssIHtcbiAgICAgIHNlcnZlck5vbmNlOiBwYXNzd29yZFJlcXVlc3QucGFzc3dvcmRDaGFuZ2VSZXF1ZXN0LmNoYWxsZW5nZS5zZXJ2ZXJOb25jZSxcbiAgICAgIGNsaWVudE5vbmNlLFxuICAgIH0pO1xuXG4gICAgY29uc3QgcGFzc0lkcFJlc3VsdCA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5kZXJpdmVQYXNzSWRwKHtcbiAgICAgIHBhc3N3b3JkLFxuICAgICAgLi4uY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkucGFzc0tleS5wYXNzSWRwUGFyYW1zLFxuICAgIH0pO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIHBhc3NJZHA6IHBhc3NJZHBSZXN1bHQuandrLFxuICAgICAgc2lnbmVkQ2hhbGxlbmdlLFxuICAgIH07XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGNoYW5nZVBhc3N3b3JkTXV0YXRpb24oXG4gICAgc2lnbmVkQ2hhbGxlbmdlOiBKV1MuQ3JlYXRlU2lnblJlc3VsdCxcbiAgICBtYXN0ZXJLZXlJZDogc3RyaW5nLFxuICAgIG5ld1dyYXBwZWRNYXN0ZXJLZXk6IG9iamVjdCxcbiAgICBwYXNzS2V5QnVuZGxlOiBQYXNzS2V5QnVuZGxlXG4gICk6IFByb21pc2U8eyB0b2tlbjogc3RyaW5nOyBuZXdQYXNzS2V5SWQ6IHN0cmluZyB9PiB7XG4gICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCB0aGlzLmFwb2xsby5tdXRhdGU8UGFzc3dvcmRDaGFuZ2VNdXRhdGlvbj4oe1xuICAgICAgbXV0YXRpb246IFBhc3N3b3JkQ2hhbmdlTXV0YXRpb24sXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBzaWduZWRDaGFsbGVuZ2U6IEpTT04uc3RyaW5naWZ5KHNpZ25lZENoYWxsZW5nZSksXG4gICAgICAgICAgbWFzdGVyS2V5SWQsXG4gICAgICAgICAgbmV3V3JhcHBlZE1hc3RlcktleTogSlNPTi5zdHJpbmdpZnkobmV3V3JhcHBlZE1hc3RlcktleSksXG4gICAgICAgICAgbmV3UGFzc0tleToge1xuICAgICAgICAgICAgcGFzc0lkcFBhcmFtczogSlNPTi5zdHJpbmdpZnkocGFzc0tleUJ1bmRsZS5wYXNzSWRwUGFyYW1zKSxcbiAgICAgICAgICAgIHBhc3NJZHBWZXJpZmllclBiazogSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgICAgICAgIHBhc3NLZXlCdW5kbGUucGFzc0lkcFZlcmlmaWVyLnRvSlNPTigpXG4gICAgICAgICAgICApLFxuICAgICAgICAgICAgd3JhcHBlZFBhc3NJZHBWZXJpZmllclByazogSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgICAgICAgIHBhc3NLZXlCdW5kbGUud3JhcHBlZFBhc3NJZHBWZXJpZmllclBya1xuICAgICAgICAgICAgKSxcbiAgICAgICAgICAgIHBhc3NLZXlQYXJhbXM6IEpTT04uc3RyaW5naWZ5KHBhc3NLZXlCdW5kbGUucGFzc0tleVBhcmFtcyksXG4gICAgICAgICAgfSxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gICAgcmV0dXJuIHtcbiAgICAgIHRva2VuOiByZXNwb25zZS5wYXNzd29yZENoYW5nZS50b2tlbixcbiAgICAgIG5ld1Bhc3NLZXlJZDogcmVzcG9uc2UucGFzc3dvcmRDaGFuZ2UubmV3UGFzc0tleS5pZCxcbiAgICB9O1xuICB9XG5cbiAgYXN5bmMgZ2V0Q2hhbmdlUGFzc3dvcmRDb25maWcoKTogUHJvbWlzZTxQYXNzd29yZENoYW5nZUNvbmZpZz4ge1xuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMuYXBvbGxvLnF1ZXJ5PGFueT4oe1xuICAgICAgcXVlcnk6IFBhc3N3b3JkQ2hhbmdlQ29uZmlnUXVlcnksXG4gICAgfSk7XG5cbiAgICBjb25zdCByZXQgPSByZXMucGFzc3dvcmRDaGFuZ2VDb25maWcgYXMgUGFzc3dvcmRDaGFuZ2VDb25maWc7XG5cbiAgICByZXQuYXV0aFRpbWUgPSBuZXcgRGF0ZShyZXQuYXV0aFRpbWUpO1xuICAgIHJldC5zZXJ2ZXJUaW1lID0gbmV3IERhdGUocmV0LnNlcnZlclRpbWUpO1xuICAgIHJldHVybiByZXQ7XG4gIH1cblxuICBwdWJsaWMgcGFzc3dvcmRTdHJlbmd0aChwYXNzd29yZCk6IHsgeWVhcnM6IG51bWJlcjsgYml0czogbnVtYmVyIH0ge1xuICAgIGNvbnN0IHVwcGVyID0gL1tBLVpdL2c7XG4gICAgY29uc3QgbG93ZXIgPSAvW2Etel0vZztcbiAgICBjb25zdCBkaWdpdCA9IC9bMC05XS9nO1xuXG4gICAgY29uc3QgdXBwZXJDaG9pY2VzID0gMjY7XG4gICAgY29uc3QgbG93ZXJDaG9pY2VzID0gMjY7XG4gICAgY29uc3QgZGlnaXRDaG9pY2VzID0gMTA7XG4gICAgY29uc3Qgc3BlY2lhbENob2ljZXMgPSAzMDsgLy8gL1shXCIjJCUmJygpKissLS4vOjs8PT4/QFtcXF1eX2B7fH1+XS9nXG5cbiAgICBmdW5jdGlvbiBpbnN0YW5jZUNvdW50KHN0ciwgcmUpIHtcbiAgICAgIHJldHVybiAoKHN0ciB8fCAnJykubWF0Y2gocmUpIHx8IFtdKS5sZW5ndGg7XG4gICAgfVxuXG4gICAgY29uc3QgdXBwZXJzID0gaW5zdGFuY2VDb3VudChwYXNzd29yZCwgdXBwZXIpO1xuICAgIGNvbnN0IGxvd2VycyA9IGluc3RhbmNlQ291bnQocGFzc3dvcmQsIGxvd2VyKTtcbiAgICBjb25zdCBkaWdpdHMgPSBpbnN0YW5jZUNvdW50KHBhc3N3b3JkLCBkaWdpdCk7XG4gICAgY29uc3Qgc3BlY2lhbHMgPSBwYXNzd29yZC5sZW5ndGggLSB1cHBlcnMgLSBsb3dlcnMgLSBkaWdpdHM7XG5cbiAgICBsZXQgY2hvaWNlcyA9IDA7XG4gICAgaWYgKHVwcGVycykge1xuICAgICAgY2hvaWNlcyArPSB1cHBlckNob2ljZXM7XG4gICAgfVxuICAgIGlmIChsb3dlcnMpIHtcbiAgICAgIGNob2ljZXMgKz0gbG93ZXJDaG9pY2VzO1xuICAgIH1cbiAgICBpZiAoZGlnaXRzKSB7XG4gICAgICBjaG9pY2VzICs9IGRpZ2l0Q2hvaWNlcztcbiAgICB9XG4gICAgaWYgKHNwZWNpYWxzKSB7XG4gICAgICBjaG9pY2VzICs9IHNwZWNpYWxDaG9pY2VzO1xuICAgIH1cblxuICAgIGlmIChwYXNzd29yZC5sZW5ndGggPT09IDApIHtcbiAgICAgIHJldHVybiB7XG4gICAgICAgIHllYXJzOiAwLFxuICAgICAgICAvLyBiaXRzIG9mIGVudHJvcHlcbiAgICAgICAgYml0czogMCxcbiAgICAgIH07XG4gICAgfVxuXG4gICAgY29uc3QgcGVybXV0YXRpb25zID0gTWF0aC5wb3coY2hvaWNlcywgcGFzc3dvcmQubGVuZ3RoKTtcblxuICAgIGNvbnN0IHllYXJzID1cbiAgICAgICg1NDAwMCAqIHBlcm11dGF0aW9ucykgL1xuICAgICAgTWF0aC5wb3codXBwZXJDaG9pY2VzICsgbG93ZXJDaG9pY2VzICsgZGlnaXRDaG9pY2VzLCAxMik7XG4gICAgcmV0dXJuIHtcbiAgICAgIHllYXJzLFxuICAgICAgLy8gYml0cyBvZiBlbnRyb3B5XG4gICAgICBiaXRzOiBNYXRoLnJvdW5kKE1hdGgubG9nMihwZXJtdXRhdGlvbnMpKSxcbiAgICB9O1xuICB9XG59XG4iXX0=