npm - @lifeready/core - Versions diffs - 1.0.21 → 1.0.22 - Mend

@lifeready/core 1.0.21 → 1.0.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (228) hide show

package/esm2015/lib/auth/lbop.service.js DELETED Viewed

@@ -1,355 +0,0 @@
-import { __awaiter } from "tslib";
-import { LrApolloService } from '../api/lr-apollo.service';
-import { HttpClient } from '@angular/common/http';
-import { Inject, Injectable } from '@angular/core';
-import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
-import gql from 'graphql-tag';
-import { EncryptionService } from '../cryptography/encryption.service';
-import { KeyGraphService } from '../cryptography/key-graph.service';
-import { KeyService } from '../cryptography/key.service';
-import { LR_CONFIG } from '../life-ready.config';
-import { LrException, LrBadLogicException, } from '../_common/exceptions';
-import { LifeReadyAuthService } from './life-ready-auth.service';
-import { PasswordService } from './password.service';
-import { Slip39Helper } from 'slip39';
-import { KeyFactoryService as KFS } from '../cryptography/key-factory.service';
-import * as i0 from "@angular/core";
-import * as i1 from "../life-ready.config";
-import * as i2 from "@angular/common/http";
-import * as i3 from "../api/lr-apollo.service";
-import * as i4 from "@aws-amplify/auth/lib-esm/Auth";
-import * as i5 from "./life-ready-auth.service";
-import * as i6 from "../cryptography/key-factory.service";
-import * as i7 from "../cryptography/key.service";
-import * as i8 from "../cryptography/encryption.service";
-import * as i9 from "../cryptography/key-graph.service";
-import * as i10 from "./password.service";
-export const CreateLbopQuery = gql `
-  mutation CreateLbop($input: CreateLbopInput!) {
-    createLbop(input: $input) {
-      lbop {
-        id
-      }
-    }
-  }
-`;
-export const DeleteLbopQuery = gql `
-  mutation DeleteLbop($input: DeleteLbopInput!) {
-    deleteLbop(input: $input) {
-      id
-    }
-  }
-`;
-export const UpdateLbopQuery = gql `
-  mutation UpdateLbop($input: UpdateLbopInput!) {
-    updateLbop(input: $input) {
-      lbop {
-        id
-      }
-    }
-  }
-`;
-export const LbopQuery = gql `
-  query Lbop($id: LrRelayIdInput!) {
-    lbop(id: $id) {
-      id
-      cipherMeta
-    }
-  }
-`;
-export const LbopsQuery = gql `
-  query Lbops {
-    lbops {
-      edges {
-        node {
-          id
-          cipherMeta
-        }
-      }
-    }
-  }
-`;
-export class LbopService {
-    constructor(config, http, lrApollo, auth, authService, keyFactory, keyService, encryptionService, keyGraph, passwordService) {
-        this.config = config;
-        this.http = http;
-        this.lrApollo = lrApollo;
-        this.auth = auth;
-        this.authService = authService;
-        this.keyFactory = keyFactory;
-        this.keyService = keyService;
-        this.encryptionService = encryptionService;
-        this.keyGraph = keyGraph;
-        this.passwordService = passwordService;
-        this.CLIENT_NONCE_LENGTH = 32;
-        // There are 1024 words (10 bits), so 25 words should give ~256 bits of entropy.
-        this.LBOP_WORDS = 25;
-    }
-    getPartial(lbopString) {
-        return lbopString.split(' ')[0];
-    }
-    remove(id) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const res = yield this.lrApollo.mutate({
-                mutation: DeleteLbopQuery,
-                variables: {
-                    input: {
-                        id,
-                    },
-                },
-            });
-            return res.deleteLbop.id;
-        });
-    }
-    update({ id, name }) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const lbop = yield this.get(id);
-            lbop.name = name;
-            const masterKey = yield this.keyService.getCurrentMasterKey();
-            const cipherMeta = yield this.encryptionService.encrypt(masterKey.jwk, lbop);
-            const res = yield this.lrApollo.mutate({
-                mutation: UpdateLbopQuery,
-                variables: {
-                    input: {
-                        id,
-                        cipherMeta: JSON.stringify(cipherMeta),
-                    },
-                },
-            });
-            return res.updateLbop;
-        });
-    }
-    get(id) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const res = yield this.lrApollo.query({
-                query: LbopQuery,
-                variables: {
-                    id,
-                },
-            });
-            const masterKey = yield this.keyService.getCurrentMasterKey();
-            const plainCipherMeta = yield this.encryptionService.decrypt(masterKey.jwk, JSON.parse(res.lbop.cipherMeta));
-            return Object.assign({ id: res.id }, plainCipherMeta);
-        });
-    }
-    list() {
-        return __awaiter(this, void 0, void 0, function* () {
-            const res = yield this.lrApollo.query({
-                query: LbopsQuery,
-            });
-            const masterKey = yield this.keyService.getCurrentMasterKey();
-            return Promise.all(res.lbops.edges.map((edge) => __awaiter(this, void 0, void 0, function* () {
-                const plainCipherMeta = yield this.encryptionService.decrypt(masterKey.jwk, JSON.parse(edge.node.cipherMeta));
-                return Object.assign({ id: edge.node.id }, plainCipherMeta);
-            })));
-        });
-    }
-    create({ name }) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (Slip39Helper.WORD_LIST.length !== 1024) {
-                throw new LrBadLogicException('Slip39Helper.WORD_LIST.length != 1024');
-            }
-            // Get existing to make sure there are not duplicate first words
-            const lbops = yield this.list();
-            // Generate new one
-            let lbopString;
-            while (true) {
-                lbopString = this.keyFactory
-                    .randomChoices(Slip39Helper.WORD_LIST, this.LBOP_WORDS)
-                    .join(' ');
-                const partial = this.getPartial(lbopString);
-                if (!lbops.some((lbop) => lbop.partial === partial)) {
-                    break;
-                }
-            }
-            const lbopKeyParams = yield this.keyFactory.createLbopKeyParams();
-            const lbopKey = (yield this.keyFactory.deriveLbopKey(Object.assign({ password: lbopString }, lbopKeyParams))).jwk;
-            const lbopKeyVerifier = yield this.keyFactory.createSignKey();
-            const wrappedLbopKeyVerifier = yield this.encryptionService.encrypt(lbopKey, lbopKeyVerifier.toJSON(true));
-            // Re-encrypt master key with new key
-            const currentUser = yield this.authService.getUser();
-            const masterKey = yield this.keyGraph.getKey(currentUser.currentUserKey.masterKey.id);
-            const wrappedMasterKey = yield this.encryptionService.encrypt(lbopKey, masterKey.jwk.toJSON(true));
-            const meta = Object.assign(Object.assign({}, (name && { name })), { partial: this.getPartial(lbopString) });
-            const cipherMeta = yield this.encryptionService.encrypt(masterKey.jwk, meta);
-            const res = yield this.lrApollo.mutate({
-                mutation: CreateLbopQuery,
-                variables: {
-                    input: {
-                        cipherMeta: JSON.stringify(cipherMeta),
-                        lbopKeyParams: JSON.stringify(lbopKeyParams),
-                        lbopKeyVerifier: JSON.stringify(lbopKeyVerifier.toJSON(true)),
-                        wrappedLbopKeyVerifier: JSON.stringify(wrappedLbopKeyVerifier),
-                        masterKeyId: currentUser.currentUserKey.masterKey.id,
-                        wrappedMasterKey: JSON.stringify(wrappedMasterKey),
-                    },
-                },
-            });
-            return Object.assign(Object.assign({}, res.createLbop.lbop), { lbopString });
-        });
-    }
-    // --------------------------------------------------------------------------------------------------------------------
-    // --------------------------------------------------------------------------------------------------------------------
-    // Flow below are for password reset via LBOP
-    //
-    // --Potential Failure Point xxx--
-    //
-    // Look for the above and you can test by interrupting at these points.
-    //
-    // The LBOP reset process can be restarted at any point before the call to "set-password/". Once "set-password/" has been
-    // called, we assume the client has a short period of time to change the Idp password to the one they've chosen. The "set-password/"
-    // will set the Idp password to a temporary random password. The user can no longer login using their current password. If the Idp
-    // password change process does not complete or takes longer than the lockout period, the account will not be accessible and a new
-    // LBOP password reset must be carried out.
-    // --------------------------------------------------------------------------------------------------------------------
-    // --------------------------------------------------------------------------------------------------------------------
-    verifyLbops(challengeResult, lbopString) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const clientNonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
-            for (const lbop of challengeResult.lbops) {
-                const lbopKey = (yield this.keyFactory.deriveLbopKey(Object.assign({ password: lbopString }, lbop.lbopKeyParams))).jwk;
-                // If decoding successful then it's the correct lbop
-                try {
-                    const lbopKeyVerifier = (yield this.encryptionService.decrypt(lbopKey, lbop.wrappedLbopKeyVerifier));
-                    // Force a bad signature.
-                    // const serverNonce = challengeResult.challenge.serverNonce + "1",
-                    const serverNonce = challengeResult.challenge.serverNonce;
-                    const signedChallenge = yield this.encryptionService.sign(lbopKeyVerifier, {
-                        serverNonce,
-                        clientNonce,
-                    });
-                    return {
-                        lbop,
-                        signedChallenge,
-                        lbopKey,
-                    };
-                }
-                catch (error) {
-                    continue;
-                }
-            }
-            throw new LrException({
-                source: 'LBOP',
-                code: 'INVALID_PASSPHRASE',
-                message: 'Invalid passphrase.',
-            });
-        });
-    }
-    verifyContact(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const ret = this.http
-                .post(`${this.config.authUrl}users/lbop-reset/verify-contact/`, params)
-                .toPromise();
-            // --Potential Failure Point 1 --
-            // The contact verifications are throttled. But otherwise harmless.
-            return ret;
-        });
-    }
-    confirmContact(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return this.http
-                .post(`${this.config.authUrl}cove/respond/`, {
-                claim_id: params.claimId,
-                v_code: params.vCode,
-            })
-                .toPromise();
-            // --Potential Failure Point 2 --
-            // A verified claim for a contact does not prevent new ones from being generated. So it should be fine to just start again.
-        });
-    }
-    verify(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const challengeResult = yield this.http
-                .post(`${this.config.authUrl}users/lbop-reset/get-challenge/`, {
-                claimId: params.claimId,
-                claimToken: params.claimToken,
-            })
-                .toPromise();
-            // --Potential Failure Point 3 --
-            // This does not lock anything. A second call to "get-challenge/" will create a new challenge amd invalidate the first one.
-            const { signedChallenge, lbop, lbopKey } = yield this.verifyLbops(challengeResult, params.lbop);
-            const res = yield this.http
-                .post(`${this.config.authUrl}users/lbop-reset/verify-challenge/`, {
-                lbopId: lbop.lbopId,
-                signedChallenge,
-            })
-                .toPromise();
-            // --Potential Failure Point 4 --
-            // This does not lock anything. So ok to restart.
-            return {
-                lbopId: lbop.lbopId,
-                verifiedToken: res.verifiedToken,
-                masterKeyId: res.masterKeyId,
-                masterKey: yield KFS.asKey(yield this.encryptionService.decrypt(lbopKey, res.wrappedMasterKey)),
-            };
-        });
-    }
-    setPassword(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Generate the new password derived keys
-            const passKeyBundle = yield this.passwordService.createPassKeyBundle(params.newPassword);
-            // Re-encrypt master key with new key
-            const newWrappedMasterKey = yield this.encryptionService.encrypt(passKeyBundle.passKey, params.masterKey.toJSON(true));
-            const result = yield this.http
-                .post(`${this.config.authUrl}users/lbop-reset/set-password/`, {
-                lbopId: params.lbopId,
-                verifiedToken: params.verifiedToken,
-                masterKeyId: params.masterKeyId,
-                newWrappedMasterKey,
-                newPassKey: {
-                    passKeyParams: passKeyBundle.passKeyParams,
-                    passIdpParams: passKeyBundle.passIdpParams,
-                    passIdpVerifierPbk: passKeyBundle.passIdpVerifier.toJSON(),
-                    wrappedPassIdpVerifierPrk: passKeyBundle.wrappedPassIdpVerifierPrk,
-                },
-            })
-                .toPromise();
-            // --Potential Failure Point 5 --
-            // A timed mutex is locked. The Idp password change must occur within a period of time.
-            // If interrupted here, the user can not login with their old password again. They must
-            // start the whole LBOP password reset process again.
-            // This call will go through the LR proxy which is OK since the LR server knows
-            // the temporary password anyway.
-            let user = yield this.auth.signIn(result.username, result.idpPassword, {
-                noProxy: 'true',
-            });
-            if (user.challengeName !== 'NEW_PASSWORD_REQUIRED') {
-                throw new LrException({
-                    message: 'Internal error. Expecting Cognito to have done a password reset.',
-                });
-            }
-            // --Potential Failure Point 6 --
-            // Must restart the LBOP password reset process again.
-            // Set new password on Idp
-            user = yield this.auth.completeNewPassword(user, this.passwordService.getPassIdpString(passKeyBundle.passIdp), {});
-            // --Potential Failure Point 7 --
-            // Must restart the LBOP password reset process again.
-            yield this.auth.signOut();
-            return yield this.http
-                .post(`${this.config.authUrl}users/lbop-reset/complete/`, {
-                lbopId: params.lbopId,
-                setPasswordToken: result.setPasswordToken,
-            })
-                .toPromise();
-        });
-    }
-}
-LbopService.ɵprov = i0.ɵɵdefineInjectable({ factory: function LbopService_Factory() { return new LbopService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.HttpClient), i0.ɵɵinject(i3.LrApolloService), i0.ɵɵinject(i4.AuthClass), i0.ɵɵinject(i5.LifeReadyAuthService), i0.ɵɵinject(i6.KeyFactoryService), i0.ɵɵinject(i7.KeyService), i0.ɵɵinject(i8.EncryptionService), i0.ɵɵinject(i9.KeyGraphService), i0.ɵɵinject(i10.PasswordService)); }, token: LbopService, providedIn: "root" });
-LbopService.decorators = [
-    { type: Injectable, args: [{
-                providedIn: 'root',
-            },] }
-];
-LbopService.ctorParameters = () => [
-    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
-    { type: HttpClient },
-    { type: LrApolloService },
-    { type: AuthClass },
-    { type: LifeReadyAuthService },
-    { type: KFS },
-    { type: KeyService },
-    { type: EncryptionService },
-    { type: KeyGraphService },
-    { type: PasswordService }
-];
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGJvcC5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6Ii9vcHQvYXRsYXNzaWFuL3BpcGVsaW5lcy9hZ2VudC9idWlsZC9wcm9qZWN0cy9jb3JlL3NyYy8iLCJzb3VyY2VzIjpbImxpYi9hdXRoL2xib3Auc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBQzNELE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUNsRCxPQUFPLEVBQUUsTUFBTSxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUNuRCxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDM0QsT0FBTyxHQUFHLE1BQU0sYUFBYSxDQUFDO0FBRTlCLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLG9DQUFvQyxDQUFDO0FBQ3ZFLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxtQ0FBbUMsQ0FBQztBQUNwRSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFDekQsT0FBTyxFQUFtQixTQUFTLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUNsRSxPQUFPLEVBQ0wsV0FBVyxFQUVYLG1CQUFtQixHQUNwQixNQUFNLHVCQUF1QixDQUFDO0FBQy9CLE9BQU8sRUFBRSxvQkFBb0IsRUFBRSxNQUFNLDJCQUEyQixDQUFDO0FBQ2pFLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUNyRCxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sUUFBUSxDQUFDO0FBQ3RDLE9BQU8sRUFBRSxpQkFBaUIsSUFBSSxHQUFHLEVBQUUsTUFBTSxxQ0FBcUMsQ0FBQzs7Ozs7Ozs7Ozs7O0FBeUUvRSxNQUFNLENBQUMsTUFBTSxlQUFlLEdBQUcsR0FBRyxDQUFBOzs7Ozs7OztDQVFqQyxDQUFDO0FBTUYsTUFBTSxDQUFDLE1BQU0sZUFBZSxHQUFHLEdBQUcsQ0FBQTs7Ozs7O0NBTWpDLENBQUM7QUFXRixNQUFNLENBQUMsTUFBTSxlQUFlLEdBQUcsR0FBRyxDQUFBOzs7Ozs7OztDQVFqQyxDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sU0FBUyxHQUFHLEdBQUcsQ0FBQTs7Ozs7OztDQU8zQixDQUFDO0FBTUYsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHLEdBQUcsQ0FBQTs7Ozs7Ozs7Ozs7Q0FXNUIsQ0FBQztBQUtGLE1BQU0sT0FBTyxXQUFXO0lBS3RCLFlBQzZCLE1BQXVCLEVBQzFDLElBQWdCLEVBQ2hCLFFBQXlCLEVBQ3pCLElBQWUsRUFDZixXQUFpQyxFQUNqQyxVQUFlLEVBQ2YsVUFBc0IsRUFDdEIsaUJBQW9DLEVBQ3BDLFFBQXlCLEVBQ3pCLGVBQWdDO1FBVGIsV0FBTSxHQUFOLE1BQU0sQ0FBaUI7UUFDMUMsU0FBSSxHQUFKLElBQUksQ0FBWTtRQUNoQixhQUFRLEdBQVIsUUFBUSxDQUFpQjtRQUN6QixTQUFJLEdBQUosSUFBSSxDQUFXO1FBQ2YsZ0JBQVcsR0FBWCxXQUFXLENBQXNCO1FBQ2pDLGVBQVUsR0FBVixVQUFVLENBQUs7UUFDZixlQUFVLEdBQVYsVUFBVSxDQUFZO1FBQ3RCLHNCQUFpQixHQUFqQixpQkFBaUIsQ0FBbUI7UUFDcEMsYUFBUSxHQUFSLFFBQVEsQ0FBaUI7UUFDekIsb0JBQWUsR0FBZixlQUFlLENBQWlCO1FBZHpCLHdCQUFtQixHQUFHLEVBQUUsQ0FBQztRQUMxQyxnRkFBZ0Y7UUFDL0QsZUFBVSxHQUFHLEVBQUUsQ0FBQztJQWE5QixDQUFDO0lBRUksVUFBVSxDQUFDLFVBQWtCO1FBQ25DLE9BQU8sVUFBVSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRVksTUFBTSxDQUFDLEVBQVU7O1lBQzVCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQU07Z0JBQzFDLFFBQVEsRUFBRSxlQUFlO2dCQUN6QixTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFO3dCQUNMLEVBQUU7cUJBQ0g7aUJBQ0Y7YUFDRixDQUFDLENBQUM7WUFFSCxPQUFPLEdBQUcsQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUFDO1FBQzNCLENBQUM7S0FBQTtJQUVZLE1BQU0sQ0FBQyxFQUFFLEVBQUUsRUFBRSxJQUFJLEVBQW9COztZQUNoRCxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDaEMsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7WUFFakIsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDOUQsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNyRCxTQUFTLENBQUMsR0FBRyxFQUNiLElBQUksQ0FDTCxDQUFDO1lBRUYsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBa0I7Z0JBQ3RELFFBQVEsRUFBRSxlQUFlO2dCQUN6QixTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFO3dCQUNMLEVBQUU7d0JBQ0YsVUFBVSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDO3FCQUN2QztpQkFDRjthQUNGLENBQUMsQ0FBQztZQUVILE9BQU8sR0FBRyxDQUFDLFVBQVUsQ0FBQztRQUN4QixDQUFDO0tBQUE7SUFFWSxHQUFHLENBQUMsRUFBVTs7WUFDekIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBTTtnQkFDekMsS0FBSyxFQUFFLFNBQVM7Z0JBQ2hCLFNBQVMsRUFBRTtvQkFDVCxFQUFFO2lCQUNIO2FBQ0YsQ0FBQyxDQUFDO1lBRUgsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFFOUQsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMxRCxTQUFTLENBQUMsR0FBRyxFQUNiLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FDaEMsQ0FBQztZQUVGLHVCQUNFLEVBQUUsRUFBRSxHQUFHLENBQUMsRUFBRSxJQUNQLGVBQWUsRUFDbEI7UUFDSixDQUFDO0tBQUE7SUFFWSxJQUFJOztZQUNmLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQWE7Z0JBQ2hELEtBQUssRUFBRSxVQUFVO2FBQ2xCLENBQUMsQ0FBQztZQUVILE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBRTlELE9BQU8sT0FBTyxDQUFDLEdBQUcsQ0FDaEIsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQU8sSUFBSSxFQUFFLEVBQUU7Z0JBQ2pDLE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDMUQsU0FBUyxDQUFDLEdBQUcsRUFDYixJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQ2pDLENBQUM7Z0JBQ0YsdUJBQ0UsRUFBRSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxJQUNiLGVBQWUsRUFDbEI7WUFDSixDQUFDLENBQUEsQ0FBQyxDQUNILENBQUM7UUFDSixDQUFDO0tBQUE7SUFFWSxNQUFNLENBQUMsRUFBRSxJQUFJLEVBQW9COztZQUM1QyxJQUFJLFlBQVksQ0FBQyxTQUFTLENBQUMsTUFBTSxLQUFLLElBQUksRUFBRTtnQkFDMUMsTUFBTSxJQUFJLG1CQUFtQixDQUFDLHVDQUF1QyxDQUFDLENBQUM7YUFDeEU7WUFFRCxnRUFBZ0U7WUFDaEUsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFFaEMsbUJBQW1CO1lBQ25CLElBQUksVUFBVSxDQUFDO1lBQ2YsT0FBTyxJQUFJLEVBQUU7Z0JBQ1gsVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVO3FCQUN6QixhQUFhLENBQUMsWUFBWSxDQUFDLFNBQVMsRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDO3FCQUN0RCxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7Z0JBQ2IsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQztnQkFFNUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxPQUFPLEtBQUssT0FBTyxDQUFDLEVBQUU7b0JBQ25ELE1BQU07aUJBQ1A7YUFDRjtZQUVELE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBQ2xFLE1BQU0sT0FBTyxHQUFHLENBQ2QsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ2pDLFFBQVEsRUFBRSxVQUFVLElBQ2pCLGFBQWEsRUFDaEIsQ0FDSCxDQUFDLEdBQUcsQ0FBQztZQUVOLE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUM5RCxNQUFNLHNCQUFzQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDakUsT0FBTyxFQUNQLGVBQWUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQzdCLENBQUM7WUFFRixxQ0FBcUM7WUFDckMsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ3JELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQzFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FDeEMsQ0FBQztZQUNGLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMzRCxPQUFPLEVBQ1AsU0FBUyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQzNCLENBQUM7WUFFRixNQUFNLElBQUksbUNBQ0wsQ0FBQyxJQUFJLElBQUksRUFBRSxJQUFJLEVBQUUsQ0FBQyxLQUNyQixPQUFPLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsR0FDckMsQ0FBQztZQUNGLE1BQU0sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDckQsU0FBUyxDQUFDLEdBQUcsRUFDYixJQUFJLENBQ0wsQ0FBQztZQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQWtCO2dCQUN0RCxRQUFRLEVBQUUsZUFBZTtnQkFDekIsU0FBUyxFQUFFO29CQUNULEtBQUssRUFBRTt3QkFDTCxVQUFVLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUM7d0JBQ3RDLGFBQWEsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQzt3QkFDNUMsZUFBZSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQzt3QkFDN0Qsc0JBQXNCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQzt3QkFDOUQsV0FBVyxFQUFFLFdBQVcsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLEVBQUU7d0JBQ3BELGdCQUFnQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsZ0JBQWdCLENBQUM7cUJBQ25EO2lCQUNGO2FBQ0YsQ0FBQyxDQUFDO1lBRUgsdUNBQ0ssR0FBRyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEtBQ3RCLFVBQVUsSUFDVjtRQUNKLENBQUM7S0FBQTtJQUVELHVIQUF1SDtJQUN2SCx1SEFBdUg7SUFDdkgsNkNBQTZDO0lBQzdDLEVBQUU7SUFDRixrQ0FBa0M7SUFDbEMsRUFBRTtJQUNGLHVFQUF1RTtJQUN2RSxFQUFFO0lBQ0YseUhBQXlIO0lBQ3pILG9JQUFvSTtJQUNwSSxrSUFBa0k7SUFDbEksa0lBQWtJO0lBQ2xJLDJDQUEyQztJQUMzQyx1SEFBdUg7SUFDdkgsdUhBQXVIO0lBQ3pHLFdBQVcsQ0FDdkIsZUFBZ0MsRUFDaEMsVUFBa0I7O1lBRWxCLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO1lBRTNFLEtBQUssTUFBTSxJQUFJLElBQUksZUFBZSxDQUFDLEtBQUssRUFBRTtnQkFDeEMsTUFBTSxPQUFPLEdBQUcsQ0FDZCxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxpQkFDakMsUUFBUSxFQUFFLFVBQVUsSUFDakIsSUFBSSxDQUFDLGFBQWEsRUFDckIsQ0FDSCxDQUFDLEdBQUcsQ0FBQztnQkFFTixvREFBb0Q7Z0JBQ3BELElBQUk7b0JBQ0YsTUFBTSxlQUFlLEdBQUcsQ0FBQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzNELE9BQU8sRUFDUCxJQUFJLENBQUMsc0JBQXNCLENBQzVCLENBQVEsQ0FBQztvQkFFVix5QkFBeUI7b0JBQ3pCLG1FQUFtRTtvQkFFbkUsTUFBTSxXQUFXLEdBQUcsZUFBZSxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUM7b0JBRTFELE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FDdkQsZUFBZSxFQUNmO3dCQUNFLFdBQVc7d0JBQ1gsV0FBVztxQkFDWixDQUNGLENBQUM7b0JBRUYsT0FBTzt3QkFDTCxJQUFJO3dCQUNKLGVBQWU7d0JBQ2YsT0FBTztxQkFDUixDQUFDO2lCQUNIO2dCQUFDLE9BQU8sS0FBSyxFQUFFO29CQUNkLFNBQVM7aUJBQ1Y7YUFDRjtZQUNELE1BQU0sSUFBSSxXQUFXLENBQUM7Z0JBQ3BCLE1BQU0sRUFBRSxNQUFNO2dCQUNkLElBQUksRUFBRSxvQkFBb0I7Z0JBQzFCLE9BQU8sRUFBRSxxQkFBcUI7YUFDL0IsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztLQUFBO0lBRVksYUFBYSxDQUN4QixNQUEyQjs7WUFFM0IsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLElBQUk7aUJBQ2xCLElBQUksQ0FDSCxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxrQ0FBa0MsRUFDeEQsTUFBTSxDQUNQO2lCQUNBLFNBQVMsRUFBRSxDQUFDO1lBRWYsaUNBQWlDO1lBQ2pDLG1FQUFtRTtZQUVuRSxPQUFPLEdBQUcsQ0FBQztRQUNiLENBQUM7S0FBQTtJQUVZLGNBQWMsQ0FDekIsTUFBNEI7O1lBRTVCLE9BQU8sSUFBSSxDQUFDLElBQUk7aUJBQ2IsSUFBSSxDQUF1QixHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxlQUFlLEVBQUU7Z0JBQ2pFLFFBQVEsRUFBRSxNQUFNLENBQUMsT0FBTztnQkFDeEIsTUFBTSxFQUFFLE1BQU0sQ0FBQyxLQUFLO2FBQ3JCLENBQUM7aUJBQ0QsU0FBUyxFQUFFLENBQUM7WUFFZixpQ0FBaUM7WUFDakMsMkhBQTJIO1FBQzdILENBQUM7S0FBQTtJQUVZLE1BQU0sQ0FBQyxNQUFvQjs7WUFDdEMsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSTtpQkFDcEMsSUFBSSxDQUNILEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLGlDQUFpQyxFQUN2RDtnQkFDRSxPQUFPLEVBQUUsTUFBTSxDQUFDLE9BQU87Z0JBQ3ZCLFVBQVUsRUFBRSxNQUFNLENBQUMsVUFBVTthQUM5QixDQUNGO2lCQUNBLFNBQVMsRUFBRSxDQUFDO1lBRWYsaUNBQWlDO1lBQ2pDLDJIQUEySDtZQUMzSCxNQUFNLEVBQUUsZUFBZSxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQy9ELGVBQWUsRUFDZixNQUFNLENBQUMsSUFBSSxDQUNaLENBQUM7WUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJO2lCQUN4QixJQUFJLENBQU0sR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sb0NBQW9DLEVBQUU7Z0JBQ3JFLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTTtnQkFDbkIsZUFBZTthQUNoQixDQUFDO2lCQUNELFNBQVMsRUFBRSxDQUFDO1lBRWYsaUNBQWlDO1lBQ2pDLGlEQUFpRDtZQUVqRCxPQUFPO2dCQUNMLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTTtnQkFDbkIsYUFBYSxFQUFFLEdBQUcsQ0FBQyxhQUFhO2dCQUNoQyxXQUFXLEVBQUUsR0FBRyxDQUFDLFdBQVc7Z0JBQzVCLFNBQVMsRUFBRSxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQ3hCLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsR0FBRyxDQUFDLGdCQUFnQixDQUFDLENBQ3BFO2FBQ0YsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVZLFdBQVcsQ0FBQyxNQUF5Qjs7WUFDaEQseUNBQXlDO1lBQ3pDLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxtQkFBbUIsQ0FDbEUsTUFBTSxDQUFDLFdBQVcsQ0FDbkIsQ0FBQztZQUVGLHFDQUFxQztZQUNyQyxNQUFNLG1CQUFtQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDOUQsYUFBYSxDQUFDLE9BQU8sRUFDckIsTUFBTSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQzlCLENBQUM7WUFFRixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJO2lCQUMzQixJQUFJLENBQ0gsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sZ0NBQWdDLEVBQ3REO2dCQUNFLE1BQU0sRUFBRSxNQUFNLENBQUMsTUFBTTtnQkFDckIsYUFBYSxFQUFFLE1BQU0sQ0FBQyxhQUFhO2dCQUNuQyxXQUFXLEVBQUUsTUFBTSxDQUFDLFdBQVc7Z0JBQy9CLG1CQUFtQjtnQkFDbkIsVUFBVSxFQUFFO29CQUNWLGFBQWEsRUFBRSxhQUFhLENBQUMsYUFBYTtvQkFDMUMsYUFBYSxFQUFFLGFBQWEsQ0FBQyxhQUFhO29CQUMxQyxrQkFBa0IsRUFBRSxhQUFhLENBQUMsZUFBZSxDQUFDLE1BQU0sRUFBRTtvQkFDMUQseUJBQXlCLEVBQUUsYUFBYSxDQUFDLHlCQUF5QjtpQkFDbkU7YUFDRixDQUNGO2lCQUNBLFNBQVMsRUFBRSxDQUFDO1lBRWYsaUNBQWlDO1lBQ2pDLHVGQUF1RjtZQUN2Rix1RkFBdUY7WUFDdkYscURBQXFEO1lBRXJELCtFQUErRTtZQUMvRSxpQ0FBaUM7WUFDakMsSUFBSSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsUUFBUSxFQUFFLE1BQU0sQ0FBQyxXQUFXLEVBQUU7Z0JBQ3JFLE9BQU8sRUFBRSxNQUFNO2FBQ2hCLENBQUMsQ0FBQztZQUVILElBQUksSUFBSSxDQUFDLGFBQWEsS0FBSyx1QkFBdUIsRUFBRTtnQkFDbEQsTUFBTSxJQUFJLFdBQVcsQ0FBQztvQkFDcEIsT0FBTyxFQUNMLGtFQUFrRTtpQkFDckUsQ0FBQyxDQUFDO2FBQ0o7WUFFRCxpQ0FBaUM7WUFDakMsc0RBQXNEO1lBRXRELDBCQUEwQjtZQUMxQixJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUN4QyxJQUFJLEVBQ0osSUFBSSxDQUFDLGVBQWUsQ0FBQyxnQkFBZ0IsQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLEVBQzVELEVBQUUsQ0FDSCxDQUFDO1lBRUYsaUNBQWlDO1lBQ2pDLHNEQUFzRDtZQUV0RCxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFFMUIsT0FBTyxNQUFNLElBQUksQ0FBQyxJQUFJO2lCQUNuQixJQUFJLENBQU0sR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sNEJBQTRCLEVBQUU7Z0JBQzdELE1BQU0sRUFBRSxNQUFNLENBQUMsTUFBTTtnQkFDckIsZ0JBQWdCLEVBQUUsTUFBTSxDQUFDLGdCQUFnQjthQUMxQyxDQUFDO2lCQUNELFNBQVMsRUFBRSxDQUFDO1FBQ2pCLENBQUM7S0FBQTs7OztZQTNYRixVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7Ozs0Q0FPSSxNQUFNLFNBQUMsU0FBUztZQXRLWixVQUFVO1lBRFYsZUFBZTtZQUdmLFNBQVM7WUFZVCxvQkFBb0I7WUFHQyxHQUFHO1lBVnhCLFVBQVU7WUFGVixpQkFBaUI7WUFDakIsZUFBZTtZQVNmLGVBQWUiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBMckFwb2xsb1NlcnZpY2UgfSBmcm9tICcuLi9hcGkvbHItYXBvbGxvLnNlcnZpY2UnO1xuaW1wb3J0IHsgSHR0cENsaWVudCB9IGZyb20gJ0Bhbmd1bGFyL2NvbW1vbi9odHRwJztcbmltcG9ydCB7IEluamVjdCwgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgQXV0aENsYXNzIH0gZnJvbSAnQGF3cy1hbXBsaWZ5L2F1dGgvbGliLWVzbS9BdXRoJztcbmltcG9ydCBncWwgZnJvbSAnZ3JhcGhxbC10YWcnO1xuaW1wb3J0IHsgSldLIH0gZnJvbSAnbm9kZS1qb3NlJztcbmltcG9ydCB7IEVuY3J5cHRpb25TZXJ2aWNlIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2VuY3J5cHRpb24uc2VydmljZSc7XG5pbXBvcnQgeyBLZXlHcmFwaFNlcnZpY2UgfSBmcm9tICcuLi9jcnlwdG9ncmFwaHkva2V5LWdyYXBoLnNlcnZpY2UnO1xuaW1wb3J0IHsgS2V5U2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXkuc2VydmljZSc7XG5pbXBvcnQgeyBMaWZlUmVhZHlDb25maWcsIExSX0NPTkZJRyB9IGZyb20gJy4uL2xpZmUtcmVhZHkuY29uZmlnJztcbmltcG9ydCB7XG4gIExyRXhjZXB0aW9uLFxuICBMckVycm9yQ29kZSxcbiAgTHJCYWRMb2dpY0V4Y2VwdGlvbixcbn0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcbmltcG9ydCB7IExpZmVSZWFkeUF1dGhTZXJ2aWNlIH0gZnJvbSAnLi9saWZlLXJlYWR5LWF1dGguc2VydmljZSc7XG5pbXBvcnQgeyBQYXNzd29yZFNlcnZpY2UgfSBmcm9tICcuL3Bhc3N3b3JkLnNlcnZpY2UnO1xuaW1wb3J0IHsgU2xpcDM5SGVscGVyIH0gZnJvbSAnc2xpcDM5JztcbmltcG9ydCB7IEtleUZhY3RvcnlTZXJ2aWNlIGFzIEtGUyB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXktZmFjdG9yeS5zZXJ2aWNlJztcblxuaW50ZXJmYWNlIFNldFBhc3N3b3JkQXBpUmVzdWx0IHtcbiAgdXNlcm5hbWU6IHN0cmluZztcbiAgaWRwUGFzc3dvcmQ6IHN0cmluZztcbiAgc2V0UGFzc3dvcmRUb2tlbjogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFNldFBhc3N3b3JkUGFyYW1zIHtcbiAgbGJvcElkOiBzdHJpbmc7XG4gIG5ld1Bhc3N3b3JkOiBzdHJpbmc7XG4gIHZlcmlmaWVkVG9rZW46IHN0cmluZztcbiAgbWFzdGVyS2V5SWQ6IHN0cmluZztcbiAgbWFzdGVyS2V5OiBKV0suS2V5O1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFZlcmlmeUNvbnRhY3RQYXJhbXMge1xuICBlbWFpbD86IHN0cmluZztcbiAgcGhvbmU/OiBzdHJpbmc7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgVmVyaWZ5Q29udGFjdFJlc3VsdCB7XG4gIC8vIFRoZSBjbGFpbV9pZCBpZGVudGlmaWVzIHRoZSBFbWFpbC9TTVMgY29uZmlybWF0aW9uXG4gIGNsYWltSWQ6IHN0cmluZztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBDb25maXJtQ29udGFjdFBhcmFtcyB7XG4gIGNsYWltSWQ6IHN0cmluZztcbiAgdkNvZGU6IHN0cmluZztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBDb25maXJtQ29udGFjdFJlc3VsdCB7XG4gIC8vIFRoZSB0b2tlbiB0byBwcm92ZSB0aGUgY2xpZW50IGhhZCB0aGUgY29ycmVjdCBjb25maXJtYXRpb24gY29kZS5cbiAgdG9rZW46IHN0cmluZztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBWZXJpZnlQYXJhbXMge1xuICBjbGFpbUlkOiBzdHJpbmc7XG4gIGNsYWltVG9rZW46IHN0cmluZztcbiAgbGJvcDogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFZlcmlmeVJlc3VsdCB7XG4gIC8vIHVzZXJJZDogc3RyaW5nO1xuICBsYm9wSWQ6IHN0cmluZztcbiAgdmVyaWZpZWRUb2tlbjogc3RyaW5nO1xuICBtYXN0ZXJLZXlJZDogc3RyaW5nO1xuICBtYXN0ZXJLZXk6IEpXSy5LZXk7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ2hhbGxlbmdlUmVzdWx0IHtcbiAgY2hhbGxlbmdlOiBhbnk7XG4gIGxib3BzOiBhbnk7XG4gIC8vIHVzZXJJZDogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIExib3Age1xuICBpZDogc3RyaW5nO1xuICBwYXJ0aWFsPzogc3RyaW5nO1xuICBuYW1lPzogc3RyaW5nO1xuICBsYm9wU3RyaW5nPzogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIENyZWF0ZUxib3BQYXJhbXMge1xuICBuYW1lPzogc3RyaW5nO1xufVxuXG5pbnRlcmZhY2UgQ3JlYXRlTGJvcFF1ZXJ5IHtcbiAgY3JlYXRlTGJvcDoge1xuICAgIGxib3A6IExib3A7XG4gIH07XG59XG5cbmV4cG9ydCBjb25zdCBDcmVhdGVMYm9wUXVlcnkgPSBncWxgXG4gIG11dGF0aW9uIENyZWF0ZUxib3AoJGlucHV0OiBDcmVhdGVMYm9wSW5wdXQhKSB7XG4gICAgY3JlYXRlTGJvcChpbnB1dDogJGlucHV0KSB7XG4gICAgICBsYm9wIHtcbiAgICAgICAgaWRcbiAgICAgIH1cbiAgICB9XG4gIH1cbmA7XG5cbmludGVyZmFjZSBEZWxldGVMYm9wUXVlcnkge1xuICBkZWxldGVMYm9wOiBMYm9wO1xufVxuXG5leHBvcnQgY29uc3QgRGVsZXRlTGJvcFF1ZXJ5ID0gZ3FsYFxuICBtdXRhdGlvbiBEZWxldGVMYm9wKCRpbnB1dDogRGVsZXRlTGJvcElucHV0ISkge1xuICAgIGRlbGV0ZUxib3AoaW5wdXQ6ICRpbnB1dCkge1xuICAgICAgaWRcbiAgICB9XG4gIH1cbmA7XG5cbmV4cG9ydCBpbnRlcmZhY2UgVXBkYXRlTGJvcFBhcmFtcyB7XG4gIGlkOiBzdHJpbmc7XG4gIG5hbWU6IHN0cmluZztcbn1cblxuaW50ZXJmYWNlIFVwZGF0ZUxib3BRdWVyeSB7XG4gIHVwZGF0ZUxib3A6IExib3A7XG59XG5cbmV4cG9ydCBjb25zdCBVcGRhdGVMYm9wUXVlcnkgPSBncWxgXG4gIG11dGF0aW9uIFVwZGF0ZUxib3AoJGlucHV0OiBVcGRhdGVMYm9wSW5wdXQhKSB7XG4gICAgdXBkYXRlTGJvcChpbnB1dDogJGlucHV0KSB7XG4gICAgICBsYm9wIHtcbiAgICAgICAgaWRcbiAgICAgIH1cbiAgICB9XG4gIH1cbmA7XG5cbmV4cG9ydCBjb25zdCBMYm9wUXVlcnkgPSBncWxgXG4gIHF1ZXJ5IExib3AoJGlkOiBMclJlbGF5SWRJbnB1dCEpIHtcbiAgICBsYm9wKGlkOiAkaWQpIHtcbiAgICAgIGlkXG4gICAgICBjaXBoZXJNZXRhXG4gICAgfVxuICB9XG5gO1xuXG5pbnRlcmZhY2UgTGJvcHNRdWVyeSB7XG4gIGxib3BzOiBhbnk7XG59XG5cbmV4cG9ydCBjb25zdCBMYm9wc1F1ZXJ5ID0gZ3FsYFxuICBxdWVyeSBMYm9wcyB7XG4gICAgbGJvcHMge1xuICAgICAgZWRnZXMge1xuICAgICAgICBub2RlIHtcbiAgICAgICAgICBpZFxuICAgICAgICAgIGNpcGhlck1ldGFcbiAgICAgICAgfVxuICAgICAgfVxuICAgIH1cbiAgfVxuYDtcblxuQEluamVjdGFibGUoe1xuICBwcm92aWRlZEluOiAncm9vdCcsXG59KVxuZXhwb3J0IGNsYXNzIExib3BTZXJ2aWNlIHtcbiAgcHJpdmF0ZSByZWFkb25seSBDTElFTlRfTk9OQ0VfTEVOR1RIID0gMzI7XG4gIC8vIFRoZXJlIGFyZSAxMDI0IHdvcmRzICgxMCBiaXRzKSwgc28gMjUgd29yZHMgc2hvdWxkIGdpdmUgfjI1NiBiaXRzIG9mIGVudHJvcHkuXG4gIHByaXZhdGUgcmVhZG9ubHkgTEJPUF9XT1JEUyA9IDI1O1xuXG4gIGNvbnN0cnVjdG9yKFxuICAgIEBJbmplY3QoTFJfQ09ORklHKSBwcml2YXRlIGNvbmZpZzogTGlmZVJlYWR5Q29uZmlnLFxuICAgIHByaXZhdGUgaHR0cDogSHR0cENsaWVudCxcbiAgICBwcml2YXRlIGxyQXBvbGxvOiBMckFwb2xsb1NlcnZpY2UsXG4gICAgcHJpdmF0ZSBhdXRoOiBBdXRoQ2xhc3MsXG4gICAgcHJpdmF0ZSBhdXRoU2VydmljZTogTGlmZVJlYWR5QXV0aFNlcnZpY2UsXG4gICAgcHJpdmF0ZSBrZXlGYWN0b3J5OiBLRlMsXG4gICAgcHJpdmF0ZSBrZXlTZXJ2aWNlOiBLZXlTZXJ2aWNlLFxuICAgIHByaXZhdGUgZW5jcnlwdGlvblNlcnZpY2U6IEVuY3J5cHRpb25TZXJ2aWNlLFxuICAgIHByaXZhdGUga2V5R3JhcGg6IEtleUdyYXBoU2VydmljZSxcbiAgICBwcml2YXRlIHBhc3N3b3JkU2VydmljZTogUGFzc3dvcmRTZXJ2aWNlXG4gICkge31cblxuICBwcml2YXRlIGdldFBhcnRpYWwobGJvcFN0cmluZzogc3RyaW5nKTogc3RyaW5nIHtcbiAgICByZXR1cm4gbGJvcFN0cmluZy5zcGxpdCgnICcpWzBdO1xuICB9XG5cbiAgcHVibGljIGFzeW5jIHJlbW92ZShpZDogc3RyaW5nKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCByZXMgPSBhd2FpdCB0aGlzLmxyQXBvbGxvLm11dGF0ZTxhbnk+KHtcbiAgICAgIG11dGF0aW9uOiBEZWxldGVMYm9wUXVlcnksXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBpZCxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG5cbiAgICByZXR1cm4gcmVzLmRlbGV0ZUxib3AuaWQ7XG4gIH1cblxuICBwdWJsaWMgYXN5bmMgdXBkYXRlKHsgaWQsIG5hbWUgfTogVXBkYXRlTGJvcFBhcmFtcyk6IFByb21pc2U8TGJvcD4ge1xuICAgIGNvbnN0IGxib3AgPSBhd2FpdCB0aGlzLmdldChpZCk7XG4gICAgbGJvcC5uYW1lID0gbmFtZTtcblxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5U2VydmljZS5nZXRDdXJyZW50TWFzdGVyS2V5KCk7XG4gICAgY29uc3QgY2lwaGVyTWV0YSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIG1hc3RlcktleS5qd2ssXG4gICAgICBsYm9wXG4gICAgKTtcblxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMubHJBcG9sbG8ubXV0YXRlPFVwZGF0ZUxib3BRdWVyeT4oe1xuICAgICAgbXV0YXRpb246IFVwZGF0ZUxib3BRdWVyeSxcbiAgICAgIHZhcmlhYmxlczoge1xuICAgICAgICBpbnB1dDoge1xuICAgICAgICAgIGlkLFxuICAgICAgICAgIGNpcGhlck1ldGE6IEpTT04uc3RyaW5naWZ5KGNpcGhlck1ldGEpLFxuICAgICAgICB9LFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIHJldHVybiByZXMudXBkYXRlTGJvcDtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBnZXQoaWQ6IHN0cmluZyk6IFByb21pc2U8TGJvcD4ge1xuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMubHJBcG9sbG8ucXVlcnk8YW55Pih7XG4gICAgICBxdWVyeTogTGJvcFF1ZXJ5LFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlkLFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5U2VydmljZS5nZXRDdXJyZW50TWFzdGVyS2V5KCk7XG5cbiAgICBjb25zdCBwbGFpbkNpcGhlck1ldGEgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXG4gICAgICBtYXN0ZXJLZXkuandrLFxuICAgICAgSlNPTi5wYXJzZShyZXMubGJvcC5jaXBoZXJNZXRhKVxuICAgICk7XG5cbiAgICByZXR1cm4ge1xuICAgICAgaWQ6IHJlcy5pZCxcbiAgICAgIC4uLnBsYWluQ2lwaGVyTWV0YSxcbiAgICB9O1xuICB9XG5cbiAgcHVibGljIGFzeW5jIGxpc3QoKTogUHJvbWlzZTxMYm9wW10+IHtcbiAgICBjb25zdCByZXMgPSBhd2FpdCB0aGlzLmxyQXBvbGxvLnF1ZXJ5PExib3BzUXVlcnk+KHtcbiAgICAgIHF1ZXJ5OiBMYm9wc1F1ZXJ5LFxuICAgIH0pO1xuXG4gICAgY29uc3QgbWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmdldEN1cnJlbnRNYXN0ZXJLZXkoKTtcblxuICAgIHJldHVybiBQcm9taXNlLmFsbChcbiAgICAgIHJlcy5sYm9wcy5lZGdlcy5tYXAoYXN5bmMgKGVkZ2UpID0+IHtcbiAgICAgICAgY29uc3QgcGxhaW5DaXBoZXJNZXRhID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICAgIG1hc3RlcktleS5qd2ssXG4gICAgICAgICAgSlNPTi5wYXJzZShlZGdlLm5vZGUuY2lwaGVyTWV0YSlcbiAgICAgICAgKTtcbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICBpZDogZWRnZS5ub2RlLmlkLFxuICAgICAgICAgIC4uLnBsYWluQ2lwaGVyTWV0YSxcbiAgICAgICAgfTtcbiAgICAgIH0pXG4gICAgKTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBjcmVhdGUoeyBuYW1lIH06IENyZWF0ZUxib3BQYXJhbXMpOiBQcm9taXNlPExib3A+IHtcbiAgICBpZiAoU2xpcDM5SGVscGVyLldPUkRfTElTVC5sZW5ndGggIT09IDEwMjQpIHtcbiAgICAgIHRocm93IG5ldyBMckJhZExvZ2ljRXhjZXB0aW9uKCdTbGlwMzlIZWxwZXIuV09SRF9MSVNULmxlbmd0aCAhPSAxMDI0Jyk7XG4gICAgfVxuXG4gICAgLy8gR2V0IGV4aXN0aW5nIHRvIG1ha2Ugc3VyZSB0aGVyZSBhcmUgbm90IGR1cGxpY2F0ZSBmaXJzdCB3b3Jkc1xuICAgIGNvbnN0IGxib3BzID0gYXdhaXQgdGhpcy5saXN0KCk7XG5cbiAgICAvLyBHZW5lcmF0ZSBuZXcgb25lXG4gICAgbGV0IGxib3BTdHJpbmc7XG4gICAgd2hpbGUgKHRydWUpIHtcbiAgICAgIGxib3BTdHJpbmcgPSB0aGlzLmtleUZhY3RvcnlcbiAgICAgICAgLnJhbmRvbUNob2ljZXMoU2xpcDM5SGVscGVyLldPUkRfTElTVCwgdGhpcy5MQk9QX1dPUkRTKVxuICAgICAgICAuam9pbignICcpO1xuICAgICAgY29uc3QgcGFydGlhbCA9IHRoaXMuZ2V0UGFydGlhbChsYm9wU3RyaW5nKTtcblxuICAgICAgaWYgKCFsYm9wcy5zb21lKChsYm9wKSA9PiBsYm9wLnBhcnRpYWwgPT09IHBhcnRpYWwpKSB7XG4gICAgICAgIGJyZWFrO1xuICAgICAgfVxuICAgIH1cblxuICAgIGNvbnN0IGxib3BLZXlQYXJhbXMgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlTGJvcEtleVBhcmFtcygpO1xuICAgIGNvbnN0IGxib3BLZXkgPSAoXG4gICAgICBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlTGJvcEtleSh7XG4gICAgICAgIHBhc3N3b3JkOiBsYm9wU3RyaW5nLFxuICAgICAgICAuLi5sYm9wS2V5UGFyYW1zLFxuICAgICAgfSlcbiAgICApLmp3aztcblxuICAgIGNvbnN0IGxib3BLZXlWZXJpZmllciA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVTaWduS2V5KCk7XG4gICAgY29uc3Qgd3JhcHBlZExib3BLZXlWZXJpZmllciA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIGxib3BLZXksXG4gICAgICBsYm9wS2V5VmVyaWZpZXIudG9KU09OKHRydWUpXG4gICAgKTtcblxuICAgIC8vIFJlLWVuY3J5cHQgbWFzdGVyIGtleSB3aXRoIG5ldyBrZXlcbiAgICBjb25zdCBjdXJyZW50VXNlciA9IGF3YWl0IHRoaXMuYXV0aFNlcnZpY2UuZ2V0VXNlcigpO1xuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5R3JhcGguZ2V0S2V5KFxuICAgICAgY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkubWFzdGVyS2V5LmlkXG4gICAgKTtcbiAgICBjb25zdCB3cmFwcGVkTWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgbGJvcEtleSxcbiAgICAgIG1hc3RlcktleS5qd2sudG9KU09OKHRydWUpXG4gICAgKTtcblxuICAgIGNvbnN0IG1ldGEgPSB7XG4gICAgICAuLi4obmFtZSAmJiB7IG5hbWUgfSksXG4gICAgICBwYXJ0aWFsOiB0aGlzLmdldFBhcnRpYWwobGJvcFN0cmluZyksXG4gICAgfTtcbiAgICBjb25zdCBjaXBoZXJNZXRhID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgbWFzdGVyS2V5Lmp3ayxcbiAgICAgIG1ldGFcbiAgICApO1xuXG4gICAgY29uc3QgcmVzID0gYXdhaXQgdGhpcy5sckFwb2xsby5tdXRhdGU8Q3JlYXRlTGJvcFF1ZXJ5Pih7XG4gICAgICBtdXRhdGlvbjogQ3JlYXRlTGJvcFF1ZXJ5LFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlucHV0OiB7XG4gICAgICAgICAgY2lwaGVyTWV0YTogSlNPTi5zdHJpbmdpZnkoY2lwaGVyTWV0YSksXG4gICAgICAgICAgbGJvcEtleVBhcmFtczogSlNPTi5zdHJpbmdpZnkobGJvcEtleVBhcmFtcyksXG4gICAgICAgICAgbGJvcEtleVZlcmlmaWVyOiBKU09OLnN0cmluZ2lmeShsYm9wS2V5VmVyaWZpZXIudG9KU09OKHRydWUpKSxcbiAgICAgICAgICB3cmFwcGVkTGJvcEtleVZlcmlmaWVyOiBKU09OLnN0cmluZ2lmeSh3cmFwcGVkTGJvcEtleVZlcmlmaWVyKSxcbiAgICAgICAgICBtYXN0ZXJLZXlJZDogY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkubWFzdGVyS2V5LmlkLFxuICAgICAgICAgIHdyYXBwZWRNYXN0ZXJLZXk6IEpTT04uc3RyaW5naWZ5KHdyYXBwZWRNYXN0ZXJLZXkpLFxuICAgICAgICB9LFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIHJldHVybiB7XG4gICAgICAuLi5yZXMuY3JlYXRlTGJvcC5sYm9wLFxuICAgICAgbGJvcFN0cmluZyxcbiAgICB9O1xuICB9XG5cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgLy8gRmxvdyBiZWxvdyBhcmUgZm9yIHBhc3N3b3JkIHJlc2V0IHZpYSBMQk9QXG4gIC8vXG4gIC8vIC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgeHh4LS1cbiAgLy9cbiAgLy8gTG9vayBmb3IgdGhlIGFib3ZlIGFuZCB5b3UgY2FuIHRlc3QgYnkgaW50ZXJydXB0aW5nIGF0IHRoZXNlIHBvaW50cy5cbiAgLy9cbiAgLy8gVGhlIExCT1AgcmVzZXQgcHJvY2VzcyBjYW4gYmUgcmVzdGFydGVkIGF0IGFueSBwb2ludCBiZWZvcmUgdGhlIGNhbGwgdG8gXCJzZXQtcGFzc3dvcmQvXCIuIE9uY2UgXCJzZXQtcGFzc3dvcmQvXCIgaGFzIGJlZW5cbiAgLy8gY2FsbGVkLCB3ZSBhc3N1bWUgdGhlIGNsaWVudCBoYXMgYSBzaG9ydCBwZXJpb2Qgb2YgdGltZSB0byBjaGFuZ2UgdGhlIElkcCBwYXNzd29yZCB0byB0aGUgb25lIHRoZXkndmUgY2hvc2VuLiBUaGUgXCJzZXQtcGFzc3dvcmQvXCJcbiAgLy8gd2lsbCBzZXQgdGhlIElkcCBwYXNzd29yZCB0byBhIHRlbXBvcmFyeSByYW5kb20gcGFzc3dvcmQuIFRoZSB1c2VyIGNhbiBubyBsb25nZXIgbG9naW4gdXNpbmcgdGhlaXIgY3VycmVudCBwYXNzd29yZC4gSWYgdGhlIElkcFxuICAvLyBwYXNzd29yZCBjaGFuZ2UgcHJvY2VzcyBkb2VzIG5vdCBjb21wbGV0ZSBvciB0YWtlcyBsb25nZXIgdGhhbiB0aGUgbG9ja291dCBwZXJpb2QsIHRoZSBhY2NvdW50IHdpbGwgbm90IGJlIGFjY2Vzc2libGUgYW5kIGEgbmV3XG4gIC8vIExCT1AgcGFzc3dvcmQgcmVzZXQgbXVzdCBiZSBjYXJyaWVkIG91dC5cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgcHJpdmF0ZSBhc3luYyB2ZXJpZnlMYm9wcyhcbiAgICBjaGFsbGVuZ2VSZXN1bHQ6IENoYWxsZW5nZVJlc3VsdCxcbiAgICBsYm9wU3RyaW5nOiBzdHJpbmdcbiAgKTogUHJvbWlzZTx7IGxib3A6IGFueTsgc2lnbmVkQ2hhbGxlbmdlOiBhbnk7IGxib3BLZXk6IEpXSy5LZXkgfT4ge1xuICAgIGNvbnN0IGNsaWVudE5vbmNlID0gdGhpcy5rZXlGYWN0b3J5LnJhbmRvbVN0cmluZyh0aGlzLkNMSUVOVF9OT05DRV9MRU5HVEgpO1xuXG4gICAgZm9yIChjb25zdCBsYm9wIG9mIGNoYWxsZW5nZVJlc3VsdC5sYm9wcykge1xuICAgICAgY29uc3QgbGJvcEtleSA9IChcbiAgICAgICAgYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmRlcml2ZUxib3BLZXkoe1xuICAgICAgICAgIHBhc3N3b3JkOiBsYm9wU3RyaW5nLFxuICAgICAgICAgIC4uLmxib3AubGJvcEtleVBhcmFtcyxcbiAgICAgICAgfSlcbiAgICAgICkuandrO1xuXG4gICAgICAvLyBJZiBkZWNvZGluZyBzdWNjZXNzZnVsIHRoZW4gaXQncyB0aGUgY29ycmVjdCBsYm9wXG4gICAgICB0cnkge1xuICAgICAgICBjb25zdCBsYm9wS2V5VmVyaWZpZXIgPSAoYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICAgIGxib3BLZXksXG4gICAgICAgICAgbGJvcC53cmFwcGVkTGJvcEtleVZlcmlmaWVyXG4gICAgICAgICkpIGFzIGFueTtcblxuICAgICAgICAvLyBGb3JjZSBhIGJhZCBzaWduYXR1cmUuXG4gICAgICAgIC8vIGNvbnN0IHNlcnZlck5vbmNlID0gY2hhbGxlbmdlUmVzdWx0LmNoYWxsZW5nZS5zZXJ2ZXJOb25jZSArIFwiMVwiLFxuXG4gICAgICAgIGNvbnN0IHNlcnZlck5vbmNlID0gY2hhbGxlbmdlUmVzdWx0LmNoYWxsZW5nZS5zZXJ2ZXJOb25jZTtcblxuICAgICAgICBjb25zdCBzaWduZWRDaGFsbGVuZ2UgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICAgICAgbGJvcEtleVZlcmlmaWVyLFxuICAgICAgICAgIHtcbiAgICAgICAgICAgIHNlcnZlck5vbmNlLFxuICAgICAgICAgICAgY2xpZW50Tm9uY2UsXG4gICAgICAgICAgfVxuICAgICAgICApO1xuXG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgbGJvcCxcbiAgICAgICAgICBzaWduZWRDaGFsbGVuZ2UsXG4gICAgICAgICAgbGJvcEtleSxcbiAgICAgICAgfTtcbiAgICAgIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgICAgIGNvbnRpbnVlO1xuICAgICAgfVxuICAgIH1cbiAgICB0aHJvdyBuZXcgTHJFeGNlcHRpb24oe1xuICAgICAgc291cmNlOiAnTEJPUCcsXG4gICAgICBjb2RlOiAnSU5WQUxJRF9QQVNTUEhSQVNFJyxcbiAgICAgIG1lc3NhZ2U6ICdJbnZhbGlkIHBhc3NwaHJhc2UuJyxcbiAgICB9KTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyB2ZXJpZnlDb250YWN0KFxuICAgIHBhcmFtczogVmVyaWZ5Q29udGFjdFBhcmFtc1xuICApOiBQcm9taXNlPFZlcmlmeUNvbnRhY3RSZXN1bHQ+IHtcbiAgICBjb25zdCByZXQgPSB0aGlzLmh0dHBcbiAgICAgIC5wb3N0PFZlcmlmeUNvbnRhY3RSZXN1bHQ+KFxuICAgICAgICBgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2xib3AtcmVzZXQvdmVyaWZ5LWNvbnRhY3QvYCxcbiAgICAgICAgcGFyYW1zXG4gICAgICApXG4gICAgICAudG9Qcm9taXNlKCk7XG5cbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDEgLS1cbiAgICAvLyBUaGUgY29udGFjdCB2ZXJpZmljYXRpb25zIGFyZSB0aHJvdHRsZWQuIEJ1dCBvdGhlcndpc2UgaGFybWxlc3MuXG5cbiAgICByZXR1cm4gcmV0O1xuICB9XG5cbiAgcHVibGljIGFzeW5jIGNvbmZpcm1Db250YWN0KFxuICAgIHBhcmFtczogQ29uZmlybUNvbnRhY3RQYXJhbXNcbiAgKTogUHJvbWlzZTxDb25maXJtQ29udGFjdFJlc3VsdD4ge1xuICAgIHJldHVybiB0aGlzLmh0dHBcbiAgICAgIC5wb3N0PENvbmZpcm1Db250YWN0UmVzdWx0PihgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfWNvdmUvcmVzcG9uZC9gLCB7XG4gICAgICAgIGNsYWltX2lkOiBwYXJhbXMuY2xhaW1JZCxcbiAgICAgICAgdl9jb2RlOiBwYXJhbXMudkNvZGUsXG4gICAgICB9KVxuICAgICAgLnRvUHJvbWlzZSgpO1xuXG4gICAgLy8gLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludCAyIC0tXG4gICAgLy8gQSB2ZXJpZmllZCBjbGFpbSBmb3IgYSBjb250YWN0IGRvZXMgbm90IHByZXZlbnQgbmV3IG9uZXMgZnJvbSBiZWluZyBnZW5lcmF0ZWQuIFNvIGl0IHNob3VsZCBiZSBmaW5lIHRvIGp1c3Qgc3RhcnQgYWdhaW4uXG4gIH1cblxuICBwdWJsaWMgYXN5bmMgdmVyaWZ5KHBhcmFtczogVmVyaWZ5UGFyYW1zKTogUHJvbWlzZTxWZXJpZnlSZXN1bHQ+IHtcbiAgICBjb25zdCBjaGFsbGVuZ2VSZXN1bHQgPSBhd2FpdCB0aGlzLmh0dHBcbiAgICAgIC5wb3N0PENoYWxsZW5nZVJlc3VsdD4oXG4gICAgICAgIGAke3RoaXMuY29uZmlnLmF1dGhVcmx9dXNlcnMvbGJvcC1yZXNldC9nZXQtY2hhbGxlbmdlL2AsXG4gICAgICAgIHtcbiAgICAgICAgICBjbGFpbUlkOiBwYXJhbXMuY2xhaW1JZCxcbiAgICAgICAgICBjbGFpbVRva2VuOiBwYXJhbXMuY2xhaW1Ub2tlbixcbiAgICAgICAgfVxuICAgICAgKVxuICAgICAgLnRvUHJvbWlzZSgpO1xuXG4gICAgLy8gLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludCAzIC0tXG4gICAgLy8gVGhpcyBkb2VzIG5vdCBsb2NrIGFueXRoaW5nLiBBIHNlY29uZCBjYWxsIHRvIFwiZ2V0LWNoYWxsZW5nZS9cIiB3aWxsIGNyZWF0ZSBhIG5ldyBjaGFsbGVuZ2UgYW1kIGludmFsaWRhdGUgdGhlIGZpcnN0IG9uZS5cbiAgICBjb25zdCB7IHNpZ25lZENoYWxsZW5nZSwgbGJvcCwgbGJvcEtleSB9ID0gYXdhaXQgdGhpcy52ZXJpZnlMYm9wcyhcbiAgICAgIGNoYWxsZW5nZVJlc3VsdCxcbiAgICAgIHBhcmFtcy5sYm9wXG4gICAgKTtcblxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMuaHR0cFxuICAgICAgLnBvc3Q8YW55PihgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2xib3AtcmVzZXQvdmVyaWZ5LWNoYWxsZW5nZS9gLCB7XG4gICAgICAgIGxib3BJZDogbGJvcC5sYm9wSWQsXG4gICAgICAgIHNpZ25lZENoYWxsZW5nZSxcbiAgICAgIH0pXG4gICAgICAudG9Qcm9taXNlKCk7XG5cbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDQgLS1cbiAgICAvLyBUaGlzIGRvZXMgbm90IGxvY2sgYW55dGhpbmcuIFNvIG9rIHRvIHJlc3RhcnQuXG5cbiAgICByZXR1cm4ge1xuICAgICAgbGJvcElkOiBsYm9wLmxib3BJZCxcbiAgICAgIHZlcmlmaWVkVG9rZW46IHJlcy52ZXJpZmllZFRva2VuLFxuICAgICAgbWFzdGVyS2V5SWQ6IHJlcy5tYXN0ZXJLZXlJZCxcbiAgICAgIG1hc3RlcktleTogYXdhaXQgS0ZTLmFzS2V5KFxuICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQobGJvcEtleSwgcmVzLndyYXBwZWRNYXN0ZXJLZXkpXG4gICAgICApLFxuICAgIH07XG4gIH1cblxuICBwdWJsaWMgYXN5bmMgc2V0UGFzc3dvcmQocGFyYW1zOiBTZXRQYXNzd29yZFBhcmFtcyk6IFByb21pc2U8YW55PiB7XG4gICAgLy8gR2VuZXJhdGUgdGhlIG5ldyBwYXNzd29yZCBkZXJpdmVkIGtleXNcbiAgICBjb25zdCBwYXNzS2V5QnVuZGxlID0gYXdhaXQgdGhpcy5wYXNzd29yZFNlcnZpY2UuY3JlYXRlUGFzc0tleUJ1bmRsZShcbiAgICAgIHBhcmFtcy5uZXdQYXNzd29yZFxuICAgICk7XG5cbiAgICAvLyBSZS1lbmNyeXB0IG1hc3RlciBrZXkgd2l0aCBuZXcga2V5XG4gICAgY29uc3QgbmV3V3JhcHBlZE1hc3RlcktleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIHBhc3NLZXlCdW5kbGUucGFzc0tleSxcbiAgICAgIHBhcmFtcy5tYXN0ZXJLZXkudG9KU09OKHRydWUpXG4gICAgKTtcblxuICAgIGNvbnN0IHJlc3VsdCA9IGF3YWl0IHRoaXMuaHR0cFxuICAgICAgLnBvc3Q8U2V0UGFzc3dvcmRBcGlSZXN1bHQ+KFxuICAgICAgICBgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2xib3AtcmVzZXQvc2V0LXBhc3N3b3JkL2AsXG4gICAgICAgIHtcbiAgICAgICAgICBsYm9wSWQ6IHBhcmFtcy5sYm9wSWQsXG4gICAgICAgICAgdmVyaWZpZWRUb2tlbjogcGFyYW1zLnZlcmlmaWVkVG9rZW4sXG4gICAgICAgICAgbWFzdGVyS2V5SWQ6IHBhcmFtcy5tYXN0ZXJLZXlJZCxcbiAgICAgICAgICBuZXdXcmFwcGVkTWFzdGVyS2V5LFxuICAgICAgICAgIG5ld1Bhc3NLZXk6IHtcbiAgICAgICAgICAgIHBhc3NLZXlQYXJhbXM6IHBhc3NLZXlCdW5kbGUucGFzc0tleVBhcmFtcyxcbiAgICAgICAgICAgIHBhc3NJZHBQYXJhbXM6IHBhc3NLZXlCdW5kbGUucGFzc0lkcFBhcmFtcyxcbiAgICAgICAgICAgIHBhc3NJZHBWZXJpZmllclBiazogcGFzc0tleUJ1bmRsZS5wYXNzSWRwVmVyaWZpZXIudG9KU09OKCksXG4gICAgICAgICAgICB3cmFwcGVkUGFzc0lkcFZlcmlmaWVyUHJrOiBwYXNzS2V5QnVuZGxlLndyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcmssXG4gICAgICAgICAgfSxcbiAgICAgICAgfVxuICAgICAgKVxuICAgICAgLnRvUHJvbWlzZSgpO1xuXG4gICAgLy8gLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludCA1IC0tXG4gICAgLy8gQSB0aW1lZCBtdXRleCBpcyBsb2NrZWQuIFRoZSBJZHAgcGFzc3dvcmQgY2hhbmdlIG11c3Qgb2NjdXIgd2l0aGluIGEgcGVyaW9kIG9mIHRpbWUuXG4gICAgLy8gSWYgaW50ZXJydXB0ZWQgaGVyZSwgdGhlIHVzZXIgY2FuIG5vdCBsb2dpbiB3aXRoIHRoZWlyIG9sZCBwYXNzd29yZCBhZ2Fpbi4gVGhleSBtdXN0XG4gICAgLy8gc3RhcnQgdGhlIHdob2xlIExCT1AgcGFzc3dvcmQgcmVzZXQgcHJvY2VzcyBhZ2Fpbi5cblxuICAgIC8vIFRoaXMgY2FsbCB3aWxsIGdvIHRocm91Z2ggdGhlIExSIHByb3h5IHdoaWNoIGlzIE9LIHNpbmNlIHRoZSBMUiBzZXJ2ZXIga25vd3NcbiAgICAvLyB0aGUgdGVtcG9yYXJ5IHBhc3N3b3JkIGFueXdheS5cbiAgICBsZXQgdXNlciA9IGF3YWl0IHRoaXMuYXV0aC5zaWduSW4ocmVzdWx0LnVzZXJuYW1lLCByZXN1bHQuaWRwUGFzc3dvcmQsIHtcbiAgICAgIG5vUHJveHk6ICd0cnVlJyxcbiAgICB9KTtcblxuICAgIGlmICh1c2VyLmNoYWxsZW5nZU5hbWUgIT09ICdORVdfUEFTU1dPUkRfUkVRVUlSRUQnKSB7XG4gICAgICB0aHJvdyBuZXcgTHJFeGNlcHRpb24oe1xuICAgICAgICBtZXNzYWdlOlxuICAgICAgICAgICdJbnRlcm5hbCBlcnJvci4gRXhwZWN0aW5nIENvZ25pdG8gdG8gaGF2ZSBkb25lIGEgcGFzc3dvcmQgcmVzZXQuJyxcbiAgICAgIH0pO1xuICAgIH1cblxuICAgIC8vIC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgNiAtLVxuICAgIC8vIE11c3QgcmVzdGFydCB0aGUgTEJPUCBwYXNzd29yZCByZXNldCBwcm9jZXNzIGFnYWluLlxuXG4gICAgLy8gU2V0IG5ldyBwYXNzd29yZCBvbiBJZHBcbiAgICB1c2VyID0gYXdhaXQgdGhpcy5hdXRoLmNvbXBsZXRlTmV3UGFzc3dvcmQoXG4gICAgICB1c2VyLFxuICAgICAgdGhpcy5wYXNzd29yZFNlcnZpY2UuZ2V0UGFzc0lkcFN0cmluZyhwYXNzS2V5QnVuZGxlLnBhc3NJZHApLFxuICAgICAge31cbiAgICApO1xuXG4gICAgLy8gLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludCA3IC0tXG4gICAgLy8gTXVzdCByZXN0YXJ0IHRoZSBMQk9QIHBhc3N3b3JkIHJlc2V0IHByb2Nlc3MgYWdhaW4uXG5cbiAgICBhd2FpdCB0aGlzLmF1dGguc2lnbk91dCgpO1xuXG4gICAgcmV0dXJuIGF3YWl0IHRoaXMuaHR0cFxuICAgICAgLnBvc3Q8YW55PihgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2xib3AtcmVzZXQvY29tcGxldGUvYCwge1xuICAgICAgICBsYm9wSWQ6IHBhcmFtcy5sYm9wSWQsXG4gICAgICAgIHNldFBhc3N3b3JkVG9rZW46IHJlc3VsdC5zZXRQYXNzd29yZFRva2VuLFxuICAgICAgfSlcbiAgICAgIC50b1Byb21pc2UoKTtcbiAgfVxufVxuIl19