npm - @lifeready/core - Versions diffs - 1.0.21 → 1.0.23 - Mend

@lifeready/core 1.0.21 → 1.0.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (277) hide show

package/esm2015/lib/password/password.service.js ADDED Viewed

@@ -0,0 +1,316 @@
+import { __awaiter } from "tslib";
+import { HttpClient } from '@angular/common/http';
+import { Inject, Injectable } from '@angular/core';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import * as moment_ from 'moment';
+import { EncryptionService } from '../encryption/encryption.service';
+import { IdleService } from '../idle/idle.service';
+import { KeyFactoryService as KFS } from '../key/key-factory.service';
+import { KeyGraphService } from '../key/key-graph.service';
+import { LR_CONFIG } from '../life-ready.config';
+import { ProfileService } from '../profile/profile.service';
+import { WebCryptoService } from '../web-crypto/web-crypto.service';
+import { LrAuthException } from '../_common/exceptions';
+import { LrApolloService } from './../api/lr-apollo.service';
+import { PasswordChangeConfigQuery, PasswordChangeMutation, PasswordChangeRequestMutation, } from './password.gql';
+import * as i0 from "@angular/core";
+import * as i1 from "../life-ready.config";
+import * as i2 from "@angular/common/http";
+import * as i3 from "../api/lr-apollo.service";
+import * as i4 from "@aws-amplify/auth/lib-esm/Auth";
+import * as i5 from "../profile/profile.service";
+import * as i6 from "../key/key-factory.service";
+import * as i7 from "../encryption/encryption.service";
+import * as i8 from "../key/key-graph.service";
+import * as i9 from "../web-crypto/web-crypto.service";
+import * as i10 from "../idle/idle.service";
+// "why?" you ask: https://stackoverflow.com/questions/59735280/angular-8-moment-error-cannot-call-a-namespace-moment
+const moment = moment_;
+export class PasswordCheck {
+}
+export class PasswordService {
+    constructor(config, http, apollo, auth, profileService, keyFactory, encryptionService, keyGraph, webCryptoService, idleService) {
+        this.config = config;
+        this.http = http;
+        this.apollo = apollo;
+        this.auth = auth;
+        this.profileService = profileService;
+        this.keyFactory = keyFactory;
+        this.encryptionService = encryptionService;
+        this.keyGraph = keyGraph;
+        this.webCryptoService = webCryptoService;
+        this.idleService = idleService;
+        this.CLIENT_NONCE_LENGTH = 32;
+    }
+    checkPassword(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { years } = this.passwordStrength(password);
+            return {
+                length: password.length,
+                timeToCrack: moment.duration({ years }),
+                passwordExposed: yield this.getExposureCount(password),
+            };
+        });
+    }
+    getExposureCount(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const sha1Password = yield this.webCryptoService.stringDigest('SHA-1', password);
+            const first5sha1 = sha1Password.substring(0, 5);
+            const response = yield this.http
+                .get(`https://api.pwnedpasswords.com/range/${first5sha1}`, {
+                responseType: 'text',
+            })
+                .toPromise();
+            const results = new RegExp(`^(?:${sha1Password.substring(5)}:)(?<count>\\d+)$`, 'im').exec(response);
+            if (results) {
+                return +results.groups.count;
+            }
+            return 0;
+        });
+    }
+    getPassIdpString(passIdp) {
+        return passIdp.toJSON(true).k;
+    }
+    createPassKeyBundle(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const passIdpParams = yield this.keyFactory.createPassIdpParams();
+            const passIdp = (yield this.keyFactory.derivePassIdp(Object.assign({ password }, passIdpParams))).jwk;
+            const passKeyParams = yield this.keyFactory.createPassKeyParams();
+            const passKey = (yield this.keyFactory.derivePassKey(Object.assign({ password }, passKeyParams))).jwk;
+            const passIdpVerifier = yield this.keyFactory.createPkcSignKey();
+            const wrappedPassIdpVerifierPrk = yield this.encryptionService.encrypt(passKey, passIdpVerifier.toJSON(true));
+            // There are two formats that the private key can be represented in JWK:
+            // https://tools.ietf.org/html/rfc8017#page-9
+            // The second form is an optimization:
+            // https://crypto.stackexchange.com/questions/19413/what-are-dp-and-dq-in-encryption-by-rsa-in-c
+            return {
+                passKeyParams,
+                passKey,
+                passIdpParams,
+                passIdp,
+                passIdpVerifier,
+                wrappedPassIdpVerifierPrk,
+            };
+        });
+    }
+    /**
+     * We need to allow for interruption of the process at any point. Each API call can be considered
+     * atomic and either succeeds or fails.
+     *
+     * The LR server APIs use semaphore tokens for locking critical operations, so concurrent calls will
+     * fail.
+     *
+     * We assume the worst case for IdP API calls. So we use the semaphore token from LR to prevent
+     * concurrent calls to IdP APIs, but we have to assume that the IdP API calls will either succeed or
+     * fail within a reasonable amount of time.
+     *
+     * Each location where the server state changes can be a potential point of interruption.
+     * Potential points of interruption are marked with: --Potential Failure Point--
+     *
+     * Places for timeout:
+     * - Login age too old at call to: verifyPassword()
+     * - Login age too old at call to: changePasswordMutation()
+     * - Semaphore token expires at call to: changePasswordComplete()
+     *
+     * Tests:
+     * - Potential Failure Point 1: should be able to restart the process, user remains signed in.
+     * - Potential Failure Point 2: should enter recovery flow
+     * - Potential Failure Point 3: should enter recovery flow
+     * - Potential Failure Point 4: should enter recovery flow
+     *
+     */
+    isLoginRequired() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const changePasswordConfig = yield this.getChangePasswordConfig();
+            const authTime = moment(changePasswordConfig.authTime);
+            const serverTime = moment(changePasswordConfig.serverTime);
+            const duration = moment.duration(serverTime.diff(authTime));
+            const seconds = duration.asSeconds();
+            if (seconds > changePasswordConfig.maxAuthAgeSeconds) {
+                return true;
+            }
+            else {
+                return false;
+            }
+        });
+    }
+    changePassword(password, newPassword) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cognitoUser = yield this.auth.currentAuthenticatedUser();
+            // Not checking that passwords are different. It makes it easier to test.
+            const { currentUser } = yield this.profileService.getCurrentUser();
+            const { passIdp, signedChallenge } = yield this.verifyPassword(password, currentUser);
+            // --Potential Failure Point 1--
+            // verifyPassword() asks for a current password challenge hence changes server state.
+            // Place break points here to test the failure scenarios.
+            // Generate the new passIdp
+            const newPassKey = yield this.createPassKeyBundle(newPassword);
+            // Re-encrypt master key with new key
+            const masterKey = yield this.keyGraph.getKey(currentUser.currentUserKey.masterKey.id);
+            const newWrappedMasterKey = yield this.encryptionService.encrypt(newPassKey.passKey, masterKey.jwk.toJSON(true));
+            // If the IdP change password failed, we need to go into recovery mode by forcing
+            // a login. We can't logout the user just yet since the IdP password change needs
+            // the user to be logged in. We _can_ removed any persisted session values for the IdP
+            // but that seems like too much trouble.
+            const { token } = yield this.changePasswordMutation(signedChallenge, currentUser.currentUserKey.masterKey.id, newWrappedMasterKey, newPassKey);
+            // --Potential Failure Point 2--
+            // changePasswordMutation() uploads new keys and obtains a semaphore lock to prevent any other
+            // clients from performing IdP password change.
+            // Now we can do the IdP password change.
+            // todo: Add this back in
+            yield this.auth.changePassword(cognitoUser, this.getPassIdpString(passIdp), this.getPassIdpString(newPassKey.passIdp));
+            // --Potential Failure Point 3--
+            // IdP password change
+            // Note that changePassword() could throw an exception for a number of reason. It could throw
+            // a network timeout for example. But we don't know if it's the response that timed out and
+            // the idp password change was actually carried out. So we have to be extra conservative and
+            // only act on a clear success. Otherwise we go into recover mode.
+            yield this.changePasswordComplete(cognitoUser.getSignInUserSession().getAccessToken().getJwtToken(), true, token);
+        });
+    }
+    changePasswordComplete(accessToken, useNewPassword, token = null) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.http
+                .post(`${this.config.authUrl}users/password-change-complete/`, Object.assign({ use_new_password: useNewPassword }, (token && { token })), {
+                headers: {
+                    Authorization: `Bearer ${accessToken}`,
+                },
+            })
+                .toPromise();
+        });
+    }
+    getVerifierPrK(passKey, wrappedPrK) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const prkJson = yield this.encryptionService.decrypt(passKey, wrappedPrK);
+                return KFS.asKey(prkJson);
+            }
+            catch (error) {
+                throw new LrAuthException('Wrong current password');
+            }
+        });
+    }
+    verifyPassword(password, currentUser) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Get information from the server to prepare for password change.
+            const passwordRequest = yield this.apollo.mutate({
+                mutation: PasswordChangeRequestMutation,
+                variables: {},
+            });
+            // Get the old passKey so we can decrypt the old password verifier
+            const passKeyResult = yield this.keyFactory.derivePassKey(Object.assign({ password }, currentUser.currentUserKey.passKey.passKeyParams));
+            const verifierPrK = yield this.getVerifierPrK(passKeyResult.jwk, currentUser.currentUserKey.passKey.wrappedPassIdpVerifierPrk);
+            // Sign the server challenge to prove to the server we can decrypt the password verifier.
+            // Generate
+            const clientNonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
+            const signedChallenge = yield this.encryptionService.sign(verifierPrK, {
+                serverNonce: passwordRequest.passwordChangeRequest.challenge.serverNonce,
+                clientNonce,
+            });
+            const passIdpResult = yield this.keyFactory.derivePassIdp(Object.assign({ password }, currentUser.currentUserKey.passKey.passIdpParams));
+            return {
+                passIdp: passIdpResult.jwk,
+                signedChallenge,
+            };
+        });
+    }
+    changePasswordMutation(signedChallenge, masterKeyId, newWrappedMasterKey, passKeyBundle) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const response = yield this.apollo.mutate({
+                mutation: PasswordChangeMutation,
+                variables: {
+                    input: {
+                        signedChallenge: JSON.stringify(signedChallenge),
+                        masterKeyId,
+                        newWrappedMasterKey: JSON.stringify(newWrappedMasterKey),
+                        newPassKey: {
+                            passIdpParams: JSON.stringify(passKeyBundle.passIdpParams),
+                            passIdpVerifierPbk: JSON.stringify(passKeyBundle.passIdpVerifier.toJSON()),
+                            wrappedPassIdpVerifierPrk: JSON.stringify(passKeyBundle.wrappedPassIdpVerifierPrk),
+                            passKeyParams: JSON.stringify(passKeyBundle.passKeyParams),
+                        },
+                    },
+                },
+            });
+            return {
+                token: response.passwordChange.token,
+                newPassKeyId: response.passwordChange.newPassKey.id,
+            };
+        });
+    }
+    getChangePasswordConfig() {
+        return __awaiter(this, void 0, void 0, function* () {
+            // eslint-disable-next-line @typescript-eslint/no-explicit-any
+            const res = yield this.apollo.query({
+                query: PasswordChangeConfigQuery,
+            });
+            const ret = res.passwordChangeConfig;
+            ret.authTime = new Date(ret.authTime);
+            ret.serverTime = new Date(ret.serverTime);
+            return ret;
+        });
+    }
+    passwordStrength(password) {
+        const upper = /[A-Z]/g;
+        const lower = /[a-z]/g;
+        const digit = /[0-9]/g;
+        const upperChoices = 26;
+        const lowerChoices = 26;
+        const digitChoices = 10;
+        const specialChoices = 30; // /[!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~]/g
+        function instanceCount(str, re) {
+            return ((str || '').match(re) || []).length;
+        }
+        const uppers = instanceCount(password, upper);
+        const lowers = instanceCount(password, lower);
+        const digits = instanceCount(password, digit);
+        const specials = password.length - uppers - lowers - digits;
+        let choices = 0;
+        if (uppers) {
+            choices += upperChoices;
+        }
+        if (lowers) {
+            choices += lowerChoices;
+        }
+        if (digits) {
+            choices += digitChoices;
+        }
+        if (specials) {
+            choices += specialChoices;
+        }
+        if (password.length === 0) {
+            return {
+                years: 0,
+                // bits of entropy
+                bits: 0,
+            };
+        }
+        const permutations = Math.pow(choices, password.length);
+        const years = (54000 * permutations) /
+            Math.pow(upperChoices + lowerChoices + digitChoices, 12);
+        return {
+            years,
+            // bits of entropy
+            bits: Math.round(Math.log2(permutations)),
+        };
+    }
+}
+PasswordService.ɵprov = i0.ɵɵdefineInjectable({ factory: function PasswordService_Factory() { return new PasswordService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.HttpClient), i0.ɵɵinject(i3.LrApolloService), i0.ɵɵinject(i4.AuthClass), i0.ɵɵinject(i5.ProfileService), i0.ɵɵinject(i6.KeyFactoryService), i0.ɵɵinject(i7.EncryptionService), i0.ɵɵinject(i8.KeyGraphService), i0.ɵɵinject(i9.WebCryptoService), i0.ɵɵinject(i10.IdleService)); }, token: PasswordService, providedIn: "root" });
+PasswordService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+PasswordService.ctorParameters = () => [
+    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
+    { type: HttpClient },
+    { type: LrApolloService },
+    { type: AuthClass },
+    { type: ProfileService },
+    { type: KFS },
+    { type: EncryptionService },
+    { type: KeyGraphService },
+    { type: WebCryptoService },
+    { type: IdleService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGFzc3dvcmQuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL3Byb2plY3RzL2NvcmUvc3JjL2xpYi9wYXNzd29yZC9wYXNzd29yZC5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDbEQsT0FBTyxFQUFFLE1BQU0sRUFBRSxVQUFVLEVBQUUsTUFBTSxlQUFlLENBQUM7QUFFbkQsT0FBTyxFQUFFLFNBQVMsRUFBRSxNQUFNLGdDQUFnQyxDQUFDO0FBQzNELE9BQU8sS0FBSyxPQUFPLE1BQU0sUUFBUSxDQUFDO0FBS2xDLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGtDQUFrQyxDQUFDO0FBQ3JFLE9BQU8sRUFBRSxXQUFXLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUNuRCxPQUFPLEVBQUUsaUJBQWlCLElBQUksR0FBRyxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDdEUsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBQzNELE9BQU8sRUFBbUIsU0FBUyxFQUFFLE1BQU0sc0JBQXNCLENBQUM7QUFDbEUsT0FBTyxFQUFFLGNBQWMsRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBRTVELE9BQU8sRUFBRSxnQkFBZ0IsRUFBRSxNQUFNLGtDQUFrQyxDQUFDO0FBQ3BFLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUN4RCxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDN0QsT0FBTyxFQUNMLHlCQUF5QixFQUN6QixzQkFBc0IsRUFDdEIsNkJBQTZCLEdBQzlCLE1BQU0sZ0JBQWdCLENBQUM7Ozs7Ozs7Ozs7OztBQUV4QixxSEFBcUg7QUFDckgsTUFBTSxNQUFNLEdBQUcsT0FBTyxDQUFDO0FBeUJ2QixNQUFNLE9BQU8sYUFBYTtDQUl6QjtBQUtELE1BQU0sT0FBTyxlQUFlO0lBRzFCLFlBQzZCLE1BQXVCLEVBQzFDLElBQWdCLEVBQ2hCLE1BQXVCLEVBQ3ZCLElBQWUsRUFDZixjQUE4QixFQUM5QixVQUFlLEVBQ2YsaUJBQW9DLEVBQ3BDLFFBQXlCLEVBQ3pCLGdCQUFrQyxFQUNsQyxXQUF3QjtRQVRMLFdBQU0sR0FBTixNQUFNLENBQWlCO1FBQzFDLFNBQUksR0FBSixJQUFJLENBQVk7UUFDaEIsV0FBTSxHQUFOLE1BQU0sQ0FBaUI7UUFDdkIsU0FBSSxHQUFKLElBQUksQ0FBVztRQUNmLG1CQUFjLEdBQWQsY0FBYyxDQUFnQjtRQUM5QixlQUFVLEdBQVYsVUFBVSxDQUFLO1FBQ2Ysc0JBQWlCLEdBQWpCLGlCQUFpQixDQUFtQjtRQUNwQyxhQUFRLEdBQVIsUUFBUSxDQUFpQjtRQUN6QixxQkFBZ0IsR0FBaEIsZ0JBQWdCLENBQWtCO1FBQ2xDLGdCQUFXLEdBQVgsV0FBVyxDQUFhO1FBWmpCLHdCQUFtQixHQUFHLEVBQUUsQ0FBQztJQWF2QyxDQUFDO0lBRVMsYUFBYSxDQUFDLFFBQWdCOztZQUN6QyxNQUFNLEVBQUUsS0FBSyxFQUFFLEdBQUcsSUFBSSxDQUFDLGdCQUFnQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1lBRWxELE9BQU87Z0JBQ0wsTUFBTSxFQUFFLFFBQVEsQ0FBQyxNQUFNO2dCQUN2QixXQUFXLEVBQUUsTUFBTSxDQUFDLFFBQVEsQ0FBQyxFQUFFLEtBQUssRUFBRSxDQUFDO2dCQUN2QyxlQUFlLEVBQUUsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsUUFBUSxDQUFDO2FBQ3ZELENBQUM7UUFDSixDQUFDO0tBQUE7SUFFWSxnQkFBZ0IsQ0FBQyxRQUFnQjs7WUFDNUMsTUFBTSxZQUFZLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsWUFBWSxDQUMzRCxPQUFPLEVBQ1AsUUFBUSxDQUNULENBQUM7WUFDRixNQUFNLFVBQVUsR0FBRyxZQUFZLENBQUMsU0FBUyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQztZQUVoRCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJO2lCQUM3QixHQUFHLENBQUMsd0NBQXdDLFVBQVUsRUFBRSxFQUFFO2dCQUN6RCxZQUFZLEVBQUUsTUFBTTthQUNyQixDQUFDO2lCQUNELFNBQVMsRUFBRSxDQUFDO1lBRWYsTUFBTSxPQUFPLEdBQUcsSUFBSSxNQUFNLENBQ3hCLE9BQU8sWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDLENBQUMsbUJBQW1CLEVBQ25ELElBQUksQ0FDTCxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUVqQixJQUFJLE9BQU8sRUFBRTtnQkFDWCxPQUFPLENBQUMsT0FBTyxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUM7YUFDOUI7WUFDRCxPQUFPLENBQUMsQ0FBQztRQUNYLENBQUM7S0FBQTtJQUVNLGdCQUFnQixDQUFDLE9BQWdCO1FBQ3RDLE9BQVEsT0FBTyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQWdCLENBQUMsQ0FBQyxDQUFDO0lBQ2hELENBQUM7SUFFWSxtQkFBbUIsQ0FBQyxRQUFnQjs7WUFDL0MsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDbEUsTUFBTSxPQUFPLEdBQUcsQ0FDZCxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxpQkFDakMsUUFBUSxJQUNMLGFBQWEsRUFDaEIsQ0FDSCxDQUFDLEdBQUcsQ0FBQztZQUVOLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBQ2xFLE1BQU0sT0FBTyxHQUFHLENBQ2QsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ2pDLFFBQVEsSUFDTCxhQUFhLEVBQ2hCLENBQ0gsQ0FBQyxHQUFHLENBQUM7WUFFTixNQUFNLGVBQWUsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUVqRSxNQUFNLHlCQUF5QixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDcEUsT0FBTyxFQUNQLGVBQWUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQzdCLENBQUM7WUFFRix3RUFBd0U7WUFDeEUsNkNBQTZDO1lBQzdDLHNDQUFzQztZQUN0QyxnR0FBZ0c7WUFFaEcsT0FBTztnQkFDTCxhQUFhO2dCQUNiLE9BQU87Z0JBQ1AsYUFBYTtnQkFDYixPQUFPO2dCQUNQLGVBQWU7Z0JBQ2YseUJBQXlCO2FBQzFCLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFRDs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7Ozs7OztPQXlCRztJQUVVLGVBQWU7O1lBQzFCLE1BQU0sb0JBQW9CLEdBQUcsTUFBTSxJQUFJLENBQUMsdUJBQXVCLEVBQUUsQ0FBQztZQUNsRSxNQUFNLFFBQVEsR0FBRyxNQUFNLENBQUMsb0JBQW9CLENBQUMsUUFBUSxDQUFDLENBQUM7WUFDdkQsTUFBTSxVQUFVLEdBQUcsTUFBTSxDQUFDLG9CQUFvQixDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQzNELE1BQU0sUUFBUSxHQUFHLE1BQU0sQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxRQUFRLENBQUMsQ0FBQyxDQUFDO1lBQzVELE1BQU0sT0FBTyxHQUFHLFFBQVEsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUNyQyxJQUFJLE9BQU8sR0FBRyxvQkFBb0IsQ0FBQyxpQkFBaUIsRUFBRTtnQkFDcEQsT0FBTyxJQUFJLENBQUM7YUFDYjtpQkFBTTtnQkFDTCxPQUFPLEtBQUssQ0FBQzthQUNkO1FBQ0gsQ0FBQztLQUFBO0lBRVksY0FBYyxDQUFDLFFBQWdCLEVBQUUsV0FBbUI7O1lBQy9ELE1BQU0sV0FBVyxHQUFnQixNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsd0JBQXdCLEVBQUUsQ0FBQztZQUU1RSx5RUFBeUU7WUFDekUsTUFBTSxFQUFFLFdBQVcsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUVuRSxNQUFNLEVBQUUsT0FBTyxFQUFFLGVBQWUsRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FDNUQsUUFBUSxFQUNSLFdBQVcsQ0FDWixDQUFDO1lBRUYsZ0NBQWdDO1lBQ2hDLHFGQUFxRjtZQUNyRix5REFBeUQ7WUFFekQsMkJBQTJCO1lBQzNCLE1BQU0sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLG1CQUFtQixDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRS9ELHFDQUFxQztZQUNyQyxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUMxQyxXQUFXLENBQUMsY0FBYyxDQUFDLFNBQVMsQ0FBQyxFQUFFLENBQ3hDLENBQUM7WUFDRixNQUFNLG1CQUFtQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDOUQsVUFBVSxDQUFDLE9BQU8sRUFDbEIsU0FBUyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQzNCLENBQUM7WUFFRixpRkFBaUY7WUFDakYsaUZBQWlGO1lBQ2pGLHNGQUFzRjtZQUN0Rix3Q0FBd0M7WUFFeEMsTUFBTSxFQUFFLEtBQUssRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLHNCQUFzQixDQUNqRCxlQUFlLEVBQ2YsV0FBVyxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsRUFBRSxFQUN2QyxtQkFBbUIsRUFDbkIsVUFBVSxDQUNYLENBQUM7WUFFRixnQ0FBZ0M7WUFDaEMsOEZBQThGO1lBQzlGLCtDQUErQztZQUUvQyx5Q0FBeUM7WUFDekMseUJBQXlCO1lBQ3pCLE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxjQUFjLENBQzVCLFdBQVcsRUFDWCxJQUFJLENBQUMsZ0JBQWdCLENBQUMsT0FBTyxDQUFDLEVBQzlCLElBQUksQ0FBQyxnQkFBZ0IsQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLENBQzFDLENBQUM7WUFFRixnQ0FBZ0M7WUFDaEMsc0JBQXNCO1lBRXRCLDZGQUE2RjtZQUM3RiwyRkFBMkY7WUFDM0YsNEZBQTRGO1lBQzVGLGtFQUFrRTtZQUNsRSxNQUFNLElBQUksQ0FBQyxzQkFBc0IsQ0FDL0IsV0FBVyxDQUFDLG9CQUFvQixFQUFFLENBQUMsY0FBYyxFQUFFLENBQUMsV0FBVyxFQUFFLEVBQ2pFLElBQUksRUFDSixLQUFLLENBQ04sQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVZLHNCQUFzQixDQUNqQyxXQUFtQixFQUNuQixjQUF1QixFQUN2QixRQUFnQixJQUFJOztZQUVwQixPQUFPLElBQUksQ0FBQyxJQUFJO2lCQUNiLElBQUksQ0FDSCxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxpQ0FBaUMsa0JBRXJELGdCQUFnQixFQUFFLGNBQWMsSUFDN0IsQ0FBQyxLQUFLLElBQUksRUFBRSxLQUFLLEVBQUUsQ0FBQyxHQUV6QjtnQkFDRSxPQUFPLEVBQUU7b0JBQ1AsYUFBYSxFQUFFLFVBQVUsV0FBVyxFQUFFO2lCQUN2QzthQUNGLENBQ0Y7aUJBQ0EsU0FBUyxFQUFFLENBQUM7UUFDakIsQ0FBQztLQUFBO0lBRWEsY0FBYyxDQUMxQixPQUFnQixFQUNoQixVQUFzQzs7WUFFdEMsSUFBSTtnQkFDRixNQUFNLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLFVBQVUsQ0FBQyxDQUFDO2dCQUMxRSxPQUFPLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7YUFDM0I7WUFBQyxPQUFPLEtBQUssRUFBRTtnQkFDZCxNQUFNLElBQUksZUFBZSxDQUFDLHdCQUF3QixDQUFDLENBQUM7YUFDckQ7UUFDSCxDQUFDO0tBQUE7SUFFYSxjQUFjLENBQzFCLFFBQWdCLEVBQ2hCLFdBQTJCOztZQUUzQixrRUFBa0U7WUFDbEUsTUFBTSxlQUFlLEdBQ25CLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQWdDO2dCQUN0RCxRQUFRLEVBQUUsNkJBQTZCO2dCQUN2QyxTQUFTLEVBQUUsRUFBRTthQUNkLENBQUMsQ0FBQztZQUVMLGtFQUFrRTtZQUNsRSxNQUFNLGFBQWEsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxpQkFDdkQsUUFBUSxJQUNMLFdBQVcsQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFDbkQsQ0FBQztZQUVILE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FDM0MsYUFBYSxDQUFDLEdBQUcsRUFDakIsV0FBVyxDQUFDLGNBQWMsQ0FBQyxPQUFPLENBQUMseUJBQXlCLENBQzdELENBQUM7WUFFRix5RkFBeUY7WUFDekYsV0FBVztZQUNYLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO1lBRTNFLE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxXQUFXLEVBQUU7Z0JBQ3JFLFdBQVcsRUFBRSxlQUFlLENBQUMscUJBQXFCLENBQUMsU0FBUyxDQUFDLFdBQVc7Z0JBQ3hFLFdBQVc7YUFDWixDQUFDLENBQUM7WUFFSCxNQUFNLGFBQWEsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxpQkFDdkQsUUFBUSxJQUNMLFdBQVcsQ0FBQyxjQUFjLENBQUMsT0FBTyxDQUFDLGFBQWEsRUFDbkQsQ0FBQztZQUVILE9BQU87Z0JBQ0wsT0FBTyxFQUFFLGFBQWEsQ0FBQyxHQUFHO2dCQUMxQixlQUFlO2FBQ2hCLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFYSxzQkFBc0IsQ0FDbEMsZUFBcUMsRUFDckMsV0FBbUIsRUFDbkIsbUJBQStDLEVBQy9DLGFBQTRCOztZQUU1QixNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsTUFBTSxDQUF5QjtnQkFDaEUsUUFBUSxFQUFFLHNCQUFzQjtnQkFDaEMsU0FBUyxFQUFFO29CQUNULEtBQUssRUFBRTt3QkFDTCxlQUFlLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUM7d0JBQ2hELFdBQVc7d0JBQ1gsbUJBQW1CLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxtQkFBbUIsQ0FBQzt3QkFDeEQsVUFBVSxFQUFFOzRCQUNWLGFBQWEsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQyxhQUFhLENBQUM7NEJBQzFELGtCQUFrQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQ2hDLGFBQWEsQ0FBQyxlQUFlLENBQUMsTUFBTSxFQUFFLENBQ3ZDOzRCQUNELHlCQUF5QixFQUFFLElBQUksQ0FBQyxTQUFTLENBQ3ZDLGFBQWEsQ0FBQyx5QkFBeUIsQ0FDeEM7NEJBQ0QsYUFBYSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDLGFBQWEsQ0FBQzt5QkFDM0Q7cUJBQ0Y7aUJBQ0Y7YUFDRixDQUFDLENBQUM7WUFDSCxPQUFPO2dCQUNMLEtBQUssRUFBRSxRQUFRLENBQUMsY0FBYyxDQUFDLEtBQUs7Z0JBQ3BDLFlBQVksRUFBRSxRQUFRLENBQUMsY0FBYyxDQUFDLFVBQVUsQ0FBQyxFQUFFO2FBQ3BELENBQUM7UUFDSixDQUFDO0tBQUE7SUFFSyx1QkFBdUI7O1lBQzNCLDhEQUE4RDtZQUM5RCxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFNO2dCQUN2QyxLQUFLLEVBQUUseUJBQXlCO2FBQ2pDLENBQUMsQ0FBQztZQUVILE1BQU0sR0FBRyxHQUFHLEdBQUcsQ0FBQyxvQkFBNEMsQ0FBQztZQUU3RCxHQUFHLENBQUMsUUFBUSxHQUFHLElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsQ0FBQztZQUN0QyxHQUFHLENBQUMsVUFBVSxHQUFHLElBQUksSUFBSSxDQUFDLEdBQUcsQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUMxQyxPQUFPLEdBQUcsQ0FBQztRQUNiLENBQUM7S0FBQTtJQUVNLGdCQUFnQixDQUFDLFFBQVE7UUFDOUIsTUFBTSxLQUFLLEdBQUcsUUFBUSxDQUFDO1FBQ3ZCLE1BQU0sS0FBSyxHQUFHLFFBQVEsQ0FBQztRQUN2QixNQUFNLEtBQUssR0FBRyxRQUFRLENBQUM7UUFFdkIsTUFBTSxZQUFZLEdBQUcsRUFBRSxDQUFDO1FBQ3hCLE1BQU0sWUFBWSxHQUFHLEVBQUUsQ0FBQztRQUN4QixNQUFNLFlBQVksR0FBRyxFQUFFLENBQUM7UUFDeEIsTUFBTSxjQUFjLEdBQUcsRUFBRSxDQUFDLENBQUMsd0NBQXdDO1FBRW5FLFNBQVMsYUFBYSxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQzVCLE9BQU8sQ0FBQyxDQUFDLEdBQUcsSUFBSSxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsRUFBRSxDQUFDLElBQUksRUFBRSxDQUFDLENBQUMsTUFBTSxDQUFDO1FBQzlDLENBQUM7UUFFRCxNQUFNLE1BQU0sR0FBRyxhQUFhLENBQUMsUUFBUSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQzlDLE1BQU0sTUFBTSxHQUFHLGFBQWEsQ0FBQyxRQUFRLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFDOUMsTUFBTSxNQUFNLEdBQUcsYUFBYSxDQUFDLFFBQVEsRUFBRSxLQUFLLENBQUMsQ0FBQztRQUM5QyxNQUFNLFFBQVEsR0FBRyxRQUFRLENBQUMsTUFBTSxHQUFHLE1BQU0sR0FBRyxNQUFNLEdBQUcsTUFBTSxDQUFDO1FBRTVELElBQUksT0FBTyxHQUFHLENBQUMsQ0FBQztRQUNoQixJQUFJLE1BQU0sRUFBRTtZQUNWLE9BQU8sSUFBSSxZQUFZLENBQUM7U0FDekI7UUFDRCxJQUFJLE1BQU0sRUFBRTtZQUNWLE9BQU8sSUFBSSxZQUFZLENBQUM7U0FDekI7UUFDRCxJQUFJLE1BQU0sRUFBRTtZQUNWLE9BQU8sSUFBSSxZQUFZLENBQUM7U0FDekI7UUFDRCxJQUFJLFFBQVEsRUFBRTtZQUNaLE9BQU8sSUFBSSxjQUFjLENBQUM7U0FDM0I7UUFFRCxJQUFJLFFBQVEsQ0FBQyxNQUFNLEtBQUssQ0FBQyxFQUFFO1lBQ3pCLE9BQU87Z0JBQ0wsS0FBSyxFQUFFLENBQUM7Z0JBQ1Isa0JBQWtCO2dCQUNsQixJQUFJLEVBQUUsQ0FBQzthQUNSLENBQUM7U0FDSDtRQUVELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsT0FBTyxFQUFFLFFBQVEsQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUV4RCxNQUFNLEtBQUssR0FDVCxDQUFDLEtBQUssR0FBRyxZQUFZLENBQUM7WUFDdEIsSUFBSSxDQUFDLEdBQUcsQ0FBQyxZQUFZLEdBQUcsWUFBWSxHQUFHLFlBQVksRUFBRSxFQUFFLENBQUMsQ0FBQztRQUMzRCxPQUFPO1lBQ0wsS0FBSztZQUNMLGtCQUFrQjtZQUNsQixJQUFJLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDO1NBQzFDLENBQUM7SUFDSixDQUFDOzs7O1lBcFhGLFVBQVUsU0FBQztnQkFDVixVQUFVLEVBQUUsTUFBTTthQUNuQjs7OzRDQUtJLE1BQU0sU0FBQyxTQUFTO1lBaEVaLFVBQVU7WUFrQlYsZUFBZTtZQWZmLFNBQVM7WUFXVCxjQUFjO1lBSE8sR0FBRztZQUZ4QixpQkFBaUI7WUFHakIsZUFBZTtZQUlmLGdCQUFnQjtZQU5oQixXQUFXIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgSHR0cENsaWVudCB9IGZyb20gJ0Bhbmd1bGFyL2NvbW1vbi9odHRwJztcbmltcG9ydCB7IEluamVjdCwgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgQ29nbml0b1VzZXIgfSBmcm9tICdAYXdzLWFtcGxpZnkvYXV0aCc7XG5pbXBvcnQgeyBBdXRoQ2xhc3MgfSBmcm9tICdAYXdzLWFtcGxpZnkvYXV0aC9saWItZXNtL0F1dGgnO1xuaW1wb3J0ICogYXMgbW9tZW50XyBmcm9tICdtb21lbnQnO1xuaW1wb3J0IHsgRHVyYXRpb24gfSBmcm9tICdtb21lbnQnO1xuaW1wb3J0IHsgSldLLCBKV1MgfSBmcm9tICdub2RlLWpvc2UnO1xuaW1wb3J0IHsgSlNPTk9iamVjdCB9IGZyb20gJy4uL2FwaS90eXBlcyc7XG5pbXBvcnQgeyBQYXNzS2V5QnVuZGxlIH0gZnJvbSAnLi4vYXV0aC9hdXRoLnR5cGVzJztcbmltcG9ydCB7IEVuY3J5cHRpb25TZXJ2aWNlIH0gZnJvbSAnLi4vZW5jcnlwdGlvbi9lbmNyeXB0aW9uLnNlcnZpY2UnO1xuaW1wb3J0IHsgSWRsZVNlcnZpY2UgfSBmcm9tICcuLi9pZGxlL2lkbGUuc2VydmljZSc7XG5pbXBvcnQgeyBLZXlGYWN0b3J5U2VydmljZSBhcyBLRlMgfSBmcm9tICcuLi9rZXkva2V5LWZhY3Rvcnkuc2VydmljZSc7XG5pbXBvcnQgeyBLZXlHcmFwaFNlcnZpY2UgfSBmcm9tICcuLi9rZXkva2V5LWdyYXBoLnNlcnZpY2UnO1xuaW1wb3J0IHsgTGlmZVJlYWR5Q29uZmlnLCBMUl9DT05GSUcgfSBmcm9tICcuLi9saWZlLXJlYWR5LmNvbmZpZyc7XG5pbXBvcnQgeyBQcm9maWxlU2VydmljZSB9IGZyb20gJy4uL3Byb2ZpbGUvcHJvZmlsZS5zZXJ2aWNlJztcbmltcG9ydCB7IEFwaUN1cnJlbnRVc2VyIH0gZnJvbSAnLi4vcHJvZmlsZS9wcm9maWxlLnR5cGVzJztcbmltcG9ydCB7IFdlYkNyeXB0b1NlcnZpY2UgfSBmcm9tICcuLi93ZWItY3J5cHRvL3dlYi1jcnlwdG8uc2VydmljZSc7XG5pbXBvcnQgeyBMckF1dGhFeGNlcHRpb24gfSBmcm9tICcuLi9fY29tbW9uL2V4Y2VwdGlvbnMnO1xuaW1wb3J0IHsgTHJBcG9sbG9TZXJ2aWNlIH0gZnJvbSAnLi8uLi9hcGkvbHItYXBvbGxvLnNlcnZpY2UnO1xuaW1wb3J0IHtcbiAgUGFzc3dvcmRDaGFuZ2VDb25maWdRdWVyeSxcbiAgUGFzc3dvcmRDaGFuZ2VNdXRhdGlvbixcbiAgUGFzc3dvcmRDaGFuZ2VSZXF1ZXN0TXV0YXRpb24sXG59IGZyb20gJy4vcGFzc3dvcmQuZ3FsJztcblxuLy8gXCJ3aHk/XCIgeW91IGFzazogaHR0cHM6Ly9zdGFja292ZXJmbG93LmNvbS9xdWVzdGlvbnMvNTk3MzUyODAvYW5ndWxhci04LW1vbWVudC1lcnJvci1jYW5ub3QtY2FsbC1hLW5hbWVzcGFjZS1tb21lbnRcbmNvbnN0IG1vbWVudCA9IG1vbWVudF87XG5cbmludGVyZmFjZSBQYXNzd29yZENoYW5nZVJlcXVlc3RNdXRhdGlvbiB7XG4gIHBhc3N3b3JkQ2hhbmdlUmVxdWVzdDoge1xuICAgIGNoYWxsZW5nZToge1xuICAgICAgc2VydmVyTm9uY2U6IHN0cmluZztcbiAgICB9O1xuICB9O1xufVxuXG5pbnRlcmZhY2UgUGFzc3dvcmRDaGFuZ2VNdXRhdGlvbiB7XG4gIHBhc3N3b3JkQ2hhbmdlOiB7XG4gICAgdG9rZW46IHN0cmluZztcbiAgICBuZXdQYXNzS2V5OiB7XG4gICAgICBpZDogc3RyaW5nO1xuICAgIH07XG4gIH07XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgUGFzc3dvcmRDaGFuZ2VDb25maWcge1xuICBtYXhBdXRoQWdlU2Vjb25kczogbnVtYmVyO1xuICBhdXRoVGltZTogc3RyaW5nIHwgRGF0ZTtcbiAgc2VydmVyVGltZTogc3RyaW5nIHwgRGF0ZTtcbn1cblxuZXhwb3J0IGNsYXNzIFBhc3N3b3JkQ2hlY2sge1xuICBsZW5ndGg/OiBudW1iZXI7XG4gIHRpbWVUb0NyYWNrPzogRHVyYXRpb247XG4gIHBhc3N3b3JkRXhwb3NlZD86IG51bWJlcjtcbn1cblxuQEluamVjdGFibGUoe1xuICBwcm92aWRlZEluOiAncm9vdCcsXG59KVxuZXhwb3J0IGNsYXNzIFBhc3N3b3JkU2VydmljZSB7XG4gIHByaXZhdGUgcmVhZG9ubHkgQ0xJRU5UX05PTkNFX0xFTkdUSCA9IDMyO1xuXG4gIGNvbnN0cnVjdG9yKFxuICAgIEBJbmplY3QoTFJfQ09ORklHKSBwcml2YXRlIGNvbmZpZzogTGlmZVJlYWR5Q29uZmlnLFxuICAgIHByaXZhdGUgaHR0cDogSHR0cENsaWVudCxcbiAgICBwcml2YXRlIGFwb2xsbzogTHJBcG9sbG9TZXJ2aWNlLFxuICAgIHByaXZhdGUgYXV0aDogQXV0aENsYXNzLFxuICAgIHByaXZhdGUgcHJvZmlsZVNlcnZpY2U6IFByb2ZpbGVTZXJ2aWNlLFxuICAgIHByaXZhdGUga2V5RmFjdG9yeTogS0ZTLFxuICAgIHByaXZhdGUgZW5jcnlwdGlvblNlcnZpY2U6IEVuY3J5cHRpb25TZXJ2aWNlLFxuICAgIHByaXZhdGUga2V5R3JhcGg6IEtleUdyYXBoU2VydmljZSxcbiAgICBwcml2YXRlIHdlYkNyeXB0b1NlcnZpY2U6IFdlYkNyeXB0b1NlcnZpY2UsXG4gICAgcHJpdmF0ZSBpZGxlU2VydmljZTogSWRsZVNlcnZpY2VcbiAgKSB7fVxuXG4gIHB1YmxpYyBhc3luYyBjaGVja1Bhc3N3b3JkKHBhc3N3b3JkOiBzdHJpbmcpOiBQcm9taXNlPFBhc3N3b3JkQ2hlY2s+IHtcbiAgICBjb25zdCB7IHllYXJzIH0gPSB0aGlzLnBhc3N3b3JkU3RyZW5ndGgocGFzc3dvcmQpO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIGxlbmd0aDogcGFzc3dvcmQubGVuZ3RoLFxuICAgICAgdGltZVRvQ3JhY2s6IG1vbWVudC5kdXJhdGlvbih7IHllYXJzIH0pLFxuICAgICAgcGFzc3dvcmRFeHBvc2VkOiBhd2FpdCB0aGlzLmdldEV4cG9zdXJlQ291bnQocGFzc3dvcmQpLFxuICAgIH07XG4gIH1cblxuICBwdWJsaWMgYXN5bmMgZ2V0RXhwb3N1cmVDb3VudChwYXNzd29yZDogc3RyaW5nKTogUHJvbWlzZTxudW1iZXI+IHtcbiAgICBjb25zdCBzaGExUGFzc3dvcmQgPSBhd2FpdCB0aGlzLndlYkNyeXB0b1NlcnZpY2Uuc3RyaW5nRGlnZXN0KFxuICAgICAgJ1NIQS0xJyxcbiAgICAgIHBhc3N3b3JkXG4gICAgKTtcbiAgICBjb25zdCBmaXJzdDVzaGExID0gc2hhMVBhc3N3b3JkLnN1YnN0cmluZygwLCA1KTtcblxuICAgIGNvbnN0IHJlc3BvbnNlID0gYXdhaXQgdGhpcy5odHRwXG4gICAgICAuZ2V0KGBodHRwczovL2FwaS5wd25lZHBhc3N3b3Jkcy5jb20vcmFuZ2UvJHtmaXJzdDVzaGExfWAsIHtcbiAgICAgICAgcmVzcG9uc2VUeXBlOiAndGV4dCcsXG4gICAgICB9KVxuICAgICAgLnRvUHJvbWlzZSgpO1xuXG4gICAgY29uc3QgcmVzdWx0cyA9IG5ldyBSZWdFeHAoXG4gICAgICBgXig/OiR7c2hhMVBhc3N3b3JkLnN1YnN0cmluZyg1KX06KSg/PGNvdW50PlxcXFxkKykkYCxcbiAgICAgICdpbSdcbiAgICApLmV4ZWMocmVzcG9uc2UpO1xuXG4gICAgaWYgKHJlc3VsdHMpIHtcbiAgICAgIHJldHVybiArcmVzdWx0cy5ncm91cHMuY291bnQ7XG4gICAgfVxuICAgIHJldHVybiAwO1xuICB9XG5cbiAgcHVibGljIGdldFBhc3NJZHBTdHJpbmcocGFzc0lkcDogSldLLktleSkge1xuICAgIHJldHVybiAocGFzc0lkcC50b0pTT04odHJ1ZSkgYXMgSlNPTk9iamVjdCkuaztcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBjcmVhdGVQYXNzS2V5QnVuZGxlKHBhc3N3b3JkOiBzdHJpbmcpOiBQcm9taXNlPFBhc3NLZXlCdW5kbGU+IHtcbiAgICBjb25zdCBwYXNzSWRwUGFyYW1zID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZVBhc3NJZHBQYXJhbXMoKTtcbiAgICBjb25zdCBwYXNzSWRwID0gKFxuICAgICAgYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmRlcml2ZVBhc3NJZHAoe1xuICAgICAgICBwYXNzd29yZCxcbiAgICAgICAgLi4ucGFzc0lkcFBhcmFtcyxcbiAgICAgIH0pXG4gICAgKS5qd2s7XG5cbiAgICBjb25zdCBwYXNzS2V5UGFyYW1zID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZVBhc3NLZXlQYXJhbXMoKTtcbiAgICBjb25zdCBwYXNzS2V5ID0gKFxuICAgICAgYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmRlcml2ZVBhc3NLZXkoe1xuICAgICAgICBwYXNzd29yZCxcbiAgICAgICAgLi4ucGFzc0tleVBhcmFtcyxcbiAgICAgIH0pXG4gICAgKS5qd2s7XG5cbiAgICBjb25zdCBwYXNzSWRwVmVyaWZpZXIgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlUGtjU2lnbktleSgpO1xuXG4gICAgY29uc3Qgd3JhcHBlZFBhc3NJZHBWZXJpZmllclByayA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIHBhc3NLZXksXG4gICAgICBwYXNzSWRwVmVyaWZpZXIudG9KU09OKHRydWUpXG4gICAgKTtcblxuICAgIC8vIFRoZXJlIGFyZSB0d28gZm9ybWF0cyB0aGF0IHRoZSBwcml2YXRlIGtleSBjYW4gYmUgcmVwcmVzZW50ZWQgaW4gSldLOlxuICAgIC8vIGh0dHBzOi8vdG9vbHMuaWV0Zi5vcmcvaHRtbC9yZmM4MDE3I3BhZ2UtOVxuICAgIC8vIFRoZSBzZWNvbmQgZm9ybSBpcyBhbiBvcHRpbWl6YXRpb246XG4gICAgLy8gaHR0cHM6Ly9jcnlwdG8uc3RhY2tleGNoYW5nZS5jb20vcXVlc3Rpb25zLzE5NDEzL3doYXQtYXJlLWRwLWFuZC1kcS1pbi1lbmNyeXB0aW9uLWJ5LXJzYS1pbi1jXG5cbiAgICByZXR1cm4ge1xuICAgICAgcGFzc0tleVBhcmFtcyxcbiAgICAgIHBhc3NLZXksXG4gICAgICBwYXNzSWRwUGFyYW1zLFxuICAgICAgcGFzc0lkcCxcbiAgICAgIHBhc3NJZHBWZXJpZmllcixcbiAgICAgIHdyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcmssXG4gICAgfTtcbiAgfVxuXG4gIC8qKlxuICAgKiBXZSBuZWVkIHRvIGFsbG93IGZvciBpbnRlcnJ1cHRpb24gb2YgdGhlIHByb2Nlc3MgYXQgYW55IHBvaW50LiBFYWNoIEFQSSBjYWxsIGNhbiBiZSBjb25zaWRlcmVkXG4gICAqIGF0b21pYyBhbmQgZWl0aGVyIHN1Y2NlZWRzIG9yIGZhaWxzLlxuICAgKlxuICAgKiBUaGUgTFIgc2VydmVyIEFQSXMgdXNlIHNlbWFwaG9yZSB0b2tlbnMgZm9yIGxvY2tpbmcgY3JpdGljYWwgb3BlcmF0aW9ucywgc28gY29uY3VycmVudCBjYWxscyB3aWxsXG4gICAqIGZhaWwuXG4gICAqXG4gICAqIFdlIGFzc3VtZSB0aGUgd29yc3QgY2FzZSBmb3IgSWRQIEFQSSBjYWxscy4gU28gd2UgdXNlIHRoZSBzZW1hcGhvcmUgdG9rZW4gZnJvbSBMUiB0byBwcmV2ZW50XG4gICAqIGNvbmN1cnJlbnQgY2FsbHMgdG8gSWRQIEFQSXMsIGJ1dCB3ZSBoYXZlIHRvIGFzc3VtZSB0aGF0IHRoZSBJZFAgQVBJIGNhbGxzIHdpbGwgZWl0aGVyIHN1Y2NlZWQgb3JcbiAgICogZmFpbCB3aXRoaW4gYSByZWFzb25hYmxlIGFtb3VudCBvZiB0aW1lLlxuICAgKlxuICAgKiBFYWNoIGxvY2F0aW9uIHdoZXJlIHRoZSBzZXJ2ZXIgc3RhdGUgY2hhbmdlcyBjYW4gYmUgYSBwb3RlbnRpYWwgcG9pbnQgb2YgaW50ZXJydXB0aW9uLlxuICAgKiBQb3RlbnRpYWwgcG9pbnRzIG9mIGludGVycnVwdGlvbiBhcmUgbWFya2VkIHdpdGg6IC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQtLVxuICAgKlxuICAgKiBQbGFjZXMgZm9yIHRpbWVvdXQ6XG4gICAqIC0gTG9naW4gYWdlIHRvbyBvbGQgYXQgY2FsbCB0bzogdmVyaWZ5UGFzc3dvcmQoKVxuICAgKiAtIExvZ2luIGFnZSB0b28gb2xkIGF0IGNhbGwgdG86IGNoYW5nZVBhc3N3b3JkTXV0YXRpb24oKVxuICAgKiAtIFNlbWFwaG9yZSB0b2tlbiBleHBpcmVzIGF0IGNhbGwgdG86IGNoYW5nZVBhc3N3b3JkQ29tcGxldGUoKVxuICAgKlxuICAgKiBUZXN0czpcbiAgICogLSBQb3RlbnRpYWwgRmFpbHVyZSBQb2ludCAxOiBzaG91bGQgYmUgYWJsZSB0byByZXN0YXJ0IHRoZSBwcm9jZXNzLCB1c2VyIHJlbWFpbnMgc2lnbmVkIGluLlxuICAgKiAtIFBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDI6IHNob3VsZCBlbnRlciByZWNvdmVyeSBmbG93XG4gICAqIC0gUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgMzogc2hvdWxkIGVudGVyIHJlY292ZXJ5IGZsb3dcbiAgICogLSBQb3RlbnRpYWwgRmFpbHVyZSBQb2ludCA0OiBzaG91bGQgZW50ZXIgcmVjb3ZlcnkgZmxvd1xuICAgKlxuICAgKi9cblxuICBwdWJsaWMgYXN5bmMgaXNMb2dpblJlcXVpcmVkKCk6IFByb21pc2U8Ym9vbGVhbj4ge1xuICAgIGNvbnN0IGNoYW5nZVBhc3N3b3JkQ29uZmlnID0gYXdhaXQgdGhpcy5nZXRDaGFuZ2VQYXNzd29yZENvbmZpZygpO1xuICAgIGNvbnN0IGF1dGhUaW1lID0gbW9tZW50KGNoYW5nZVBhc3N3b3JkQ29uZmlnLmF1dGhUaW1lKTtcbiAgICBjb25zdCBzZXJ2ZXJUaW1lID0gbW9tZW50KGNoYW5nZVBhc3N3b3JkQ29uZmlnLnNlcnZlclRpbWUpO1xuICAgIGNvbnN0IGR1cmF0aW9uID0gbW9tZW50LmR1cmF0aW9uKHNlcnZlclRpbWUuZGlmZihhdXRoVGltZSkpO1xuICAgIGNvbnN0IHNlY29uZHMgPSBkdXJhdGlvbi5hc1NlY29uZHMoKTtcbiAgICBpZiAoc2Vjb25kcyA+IGNoYW5nZVBhc3N3b3JkQ29uZmlnLm1heEF1dGhBZ2VTZWNvbmRzKSB7XG4gICAgICByZXR1cm4gdHJ1ZTtcbiAgICB9IGVsc2Uge1xuICAgICAgcmV0dXJuIGZhbHNlO1xuICAgIH1cbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBjaGFuZ2VQYXNzd29yZChwYXNzd29yZDogc3RyaW5nLCBuZXdQYXNzd29yZDogc3RyaW5nKSB7XG4gICAgY29uc3QgY29nbml0b1VzZXI6IENvZ25pdG9Vc2VyID0gYXdhaXQgdGhpcy5hdXRoLmN1cnJlbnRBdXRoZW50aWNhdGVkVXNlcigpO1xuXG4gICAgLy8gTm90IGNoZWNraW5nIHRoYXQgcGFzc3dvcmRzIGFyZSBkaWZmZXJlbnQuIEl0IG1ha2VzIGl0IGVhc2llciB0byB0ZXN0LlxuICAgIGNvbnN0IHsgY3VycmVudFVzZXIgfSA9IGF3YWl0IHRoaXMucHJvZmlsZVNlcnZpY2UuZ2V0Q3VycmVudFVzZXIoKTtcblxuICAgIGNvbnN0IHsgcGFzc0lkcCwgc2lnbmVkQ2hhbGxlbmdlIH0gPSBhd2FpdCB0aGlzLnZlcmlmeVBhc3N3b3JkKFxuICAgICAgcGFzc3dvcmQsXG4gICAgICBjdXJyZW50VXNlclxuICAgICk7XG5cbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDEtLVxuICAgIC8vIHZlcmlmeVBhc3N3b3JkKCkgYXNrcyBmb3IgYSBjdXJyZW50IHBhc3N3b3JkIGNoYWxsZW5nZSBoZW5jZSBjaGFuZ2VzIHNlcnZlciBzdGF0ZS5cbiAgICAvLyBQbGFjZSBicmVhayBwb2ludHMgaGVyZSB0byB0ZXN0IHRoZSBmYWlsdXJlIHNjZW5hcmlvcy5cblxuICAgIC8vIEdlbmVyYXRlIHRoZSBuZXcgcGFzc0lkcFxuICAgIGNvbnN0IG5ld1Bhc3NLZXkgPSBhd2FpdCB0aGlzLmNyZWF0ZVBhc3NLZXlCdW5kbGUobmV3UGFzc3dvcmQpO1xuXG4gICAgLy8gUmUtZW5jcnlwdCBtYXN0ZXIga2V5IHdpdGggbmV3IGtleVxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5R3JhcGguZ2V0S2V5KFxuICAgICAgY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkubWFzdGVyS2V5LmlkXG4gICAgKTtcbiAgICBjb25zdCBuZXdXcmFwcGVkTWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgbmV3UGFzc0tleS5wYXNzS2V5LFxuICAgICAgbWFzdGVyS2V5Lmp3ay50b0pTT04odHJ1ZSlcbiAgICApO1xuXG4gICAgLy8gSWYgdGhlIElkUCBjaGFuZ2UgcGFzc3dvcmQgZmFpbGVkLCB3ZSBuZWVkIHRvIGdvIGludG8gcmVjb3ZlcnkgbW9kZSBieSBmb3JjaW5nXG4gICAgLy8gYSBsb2dpbi4gV2UgY2FuJ3QgbG9nb3V0IHRoZSB1c2VyIGp1c3QgeWV0IHNpbmNlIHRoZSBJZFAgcGFzc3dvcmQgY2hhbmdlIG5lZWRzXG4gICAgLy8gdGhlIHVzZXIgdG8gYmUgbG9nZ2VkIGluLiBXZSBfY2FuXyByZW1vdmVkIGFueSBwZXJzaXN0ZWQgc2Vzc2lvbiB2YWx1ZXMgZm9yIHRoZSBJZFBcbiAgICAvLyBidXQgdGhhdCBzZWVtcyBsaWtlIHRvbyBtdWNoIHRyb3VibGUuXG5cbiAgICBjb25zdCB7IHRva2VuIH0gPSBhd2FpdCB0aGlzLmNoYW5nZVBhc3N3b3JkTXV0YXRpb24oXG4gICAgICBzaWduZWRDaGFsbGVuZ2UsXG4gICAgICBjdXJyZW50VXNlci5jdXJyZW50VXNlcktleS5tYXN0ZXJLZXkuaWQsXG4gICAgICBuZXdXcmFwcGVkTWFzdGVyS2V5LFxuICAgICAgbmV3UGFzc0tleVxuICAgICk7XG5cbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDItLVxuICAgIC8vIGNoYW5nZVBhc3N3b3JkTXV0YXRpb24oKSB1cGxvYWRzIG5ldyBrZXlzIGFuZCBvYnRhaW5zIGEgc2VtYXBob3JlIGxvY2sgdG8gcHJldmVudCBhbnkgb3RoZXJcbiAgICAvLyBjbGllbnRzIGZyb20gcGVyZm9ybWluZyBJZFAgcGFzc3dvcmQgY2hhbmdlLlxuXG4gICAgLy8gTm93IHdlIGNhbiBkbyB0aGUgSWRQIHBhc3N3b3JkIGNoYW5nZS5cbiAgICAvLyB0b2RvOiBBZGQgdGhpcyBiYWNrIGluXG4gICAgYXdhaXQgdGhpcy5hdXRoLmNoYW5nZVBhc3N3b3JkKFxuICAgICAgY29nbml0b1VzZXIsXG4gICAgICB0aGlzLmdldFBhc3NJZHBTdHJpbmcocGFzc0lkcCksXG4gICAgICB0aGlzLmdldFBhc3NJZHBTdHJpbmcobmV3UGFzc0tleS5wYXNzSWRwKVxuICAgICk7XG5cbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDMtLVxuICAgIC8vIElkUCBwYXNzd29yZCBjaGFuZ2VcblxuICAgIC8vIE5vdGUgdGhhdCBjaGFuZ2VQYXNzd29yZCgpIGNvdWxkIHRocm93IGFuIGV4Y2VwdGlvbiBmb3IgYSBudW1iZXIgb2YgcmVhc29uLiBJdCBjb3VsZCB0aHJvd1xuICAgIC8vIGEgbmV0d29yayB0aW1lb3V0IGZvciBleGFtcGxlLiBCdXQgd2UgZG9uJ3Qga25vdyBpZiBpdCdzIHRoZSByZXNwb25zZSB0aGF0IHRpbWVkIG91dCBhbmRcbiAgICAvLyB0aGUgaWRwIHBhc3N3b3JkIGNoYW5nZSB3YXMgYWN0dWFsbHkgY2FycmllZCBvdXQuIFNvIHdlIGhhdmUgdG8gYmUgZXh0cmEgY29uc2VydmF0aXZlIGFuZFxuICAgIC8vIG9ubHkgYWN0IG9uIGEgY2xlYXIgc3VjY2Vzcy4gT3RoZXJ3aXNlIHdlIGdvIGludG8gcmVjb3ZlciBtb2RlLlxuICAgIGF3YWl0IHRoaXMuY2hhbmdlUGFzc3dvcmRDb21wbGV0ZShcbiAgICAgIGNvZ25pdG9Vc2VyLmdldFNpZ25JblVzZXJTZXNzaW9uKCkuZ2V0QWNjZXNzVG9rZW4oKS5nZXRKd3RUb2tlbigpLFxuICAgICAgdHJ1ZSxcbiAgICAgIHRva2VuXG4gICAgKTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBjaGFuZ2VQYXNzd29yZENvbXBsZXRlKFxuICAgIGFjY2Vzc1Rva2VuOiBzdHJpbmcsXG4gICAgdXNlTmV3UGFzc3dvcmQ6IGJvb2xlYW4sXG4gICAgdG9rZW46IHN0cmluZyA9IG51bGxcbiAgKSB7XG4gICAgcmV0dXJuIHRoaXMuaHR0cFxuICAgICAgLnBvc3QoXG4gICAgICAgIGAke3RoaXMuY29uZmlnLmF1dGhVcmx9dXNlcnMvcGFzc3dvcmQtY2hhbmdlLWNvbXBsZXRlL2AsXG4gICAgICAgIHtcbiAgICAgICAgICB1c2VfbmV3X3Bhc3N3b3JkOiB1c2VOZXdQYXNzd29yZCxcbiAgICAgICAgICAuLi4odG9rZW4gJiYgeyB0b2tlbiB9KSxcbiAgICAgICAgfSxcbiAgICAgICAge1xuICAgICAgICAgIGhlYWRlcnM6IHtcbiAgICAgICAgICAgIEF1dGhvcml6YXRpb246IGBCZWFyZXIgJHthY2Nlc3NUb2tlbn1gLFxuICAgICAgICAgIH0sXG4gICAgICAgIH1cbiAgICAgIClcbiAgICAgIC50b1Byb21pc2UoKTtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgZ2V0VmVyaWZpZXJQcksoXG4gICAgcGFzc0tleTogSldLLktleSxcbiAgICB3cmFwcGVkUHJLOiBSZWNvcmQ8c3RyaW5nLCBKU09OT2JqZWN0PlxuICApOiBQcm9taXNlPEpXSy5LZXk+IHtcbiAgICB0cnkge1xuICAgICAgY29uc3QgcHJrSnNvbiA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChwYXNzS2V5LCB3cmFwcGVkUHJLKTtcbiAgICAgIHJldHVybiBLRlMuYXNLZXkocHJrSnNvbik7XG4gICAgfSBjYXRjaCAoZXJyb3IpIHtcbiAgICAgIHRocm93IG5ldyBMckF1dGhFeGNlcHRpb24oJ1dyb25nIGN1cnJlbnQgcGFzc3dvcmQnKTtcbiAgICB9XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIHZlcmlmeVBhc3N3b3JkKFxuICAgIHBhc3N3b3JkOiBzdHJpbmcsXG4gICAgY3VycmVudFVzZXI6IEFwaUN1cnJlbnRVc2VyXG4gICk6IFByb21pc2U8eyBwYXNzSWRwOiBKV0suS2V5OyBzaWduZWRDaGFsbGVuZ2U6IEpXUy5DcmVhdGVTaWduUmVzdWx0IH0+IHtcbiAgICAvLyBHZXQgaW5mb3JtYXRpb24gZnJvbSB0aGUgc2VydmVyIHRvIHByZXBhcmUgZm9yIHBhc3N3b3JkIGNoYW5nZS5cbiAgICBjb25zdCBwYXNzd29yZFJlcXVlc3QgPVxuICAgICAgYXdhaXQgdGhpcy5hcG9sbG8ubXV0YXRlPFBhc3N3b3JkQ2hhbmdlUmVxdWVzdE11dGF0aW9uPih7XG4gICAgICAgIG11dGF0aW9uOiBQYXNzd29yZENoYW5nZVJlcXVlc3RNdXRhdGlvbixcbiAgICAgICAgdmFyaWFibGVzOiB7fSxcbiAgICAgIH0pO1xuXG4gICAgLy8gR2V0IHRoZSBvbGQgcGFzc0tleSBzbyB3ZSBjYW4gZGVjcnlwdCB0aGUgb2xkIHBhc3N3b3JkIHZlcmlmaWVyXG4gICAgY29uc3QgcGFzc0tleVJlc3VsdCA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5kZXJpdmVQYXNzS2V5KHtcbiAgICAgIHBhc3N3b3JkLFxuICAgICAgLi4uY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkucGFzc0tleS5wYXNzS2V5UGFyYW1zLFxuICAgIH0pO1xuXG4gICAgY29uc3QgdmVyaWZpZXJQcksgPSBhd2FpdCB0aGlzLmdldFZlcmlmaWVyUHJLKFxuICAgICAgcGFzc0tleVJlc3VsdC5qd2ssXG4gICAgICBjdXJyZW50VXNlci5jdXJyZW50VXNlcktleS5wYXNzS2V5LndyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcmtcbiAgICApO1xuXG4gICAgLy8gU2lnbiB0aGUgc2VydmVyIGNoYWxsZW5nZSB0byBwcm92ZSB0byB0aGUgc2VydmVyIHdlIGNhbiBkZWNyeXB0IHRoZSBwYXNzd29yZCB2ZXJpZmllci5cbiAgICAvLyBHZW5lcmF0ZVxuICAgIGNvbnN0IGNsaWVudE5vbmNlID0gdGhpcy5rZXlGYWN0b3J5LnJhbmRvbVN0cmluZyh0aGlzLkNMSUVOVF9OT05DRV9MRU5HVEgpO1xuXG4gICAgY29uc3Qgc2lnbmVkQ2hhbGxlbmdlID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduKHZlcmlmaWVyUHJLLCB7XG4gICAgICBzZXJ2ZXJOb25jZTogcGFzc3dvcmRSZXF1ZXN0LnBhc3N3b3JkQ2hhbmdlUmVxdWVzdC5jaGFsbGVuZ2Uuc2VydmVyTm9uY2UsXG4gICAgICBjbGllbnROb25jZSxcbiAgICB9KTtcblxuICAgIGNvbnN0IHBhc3NJZHBSZXN1bHQgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlUGFzc0lkcCh7XG4gICAgICBwYXNzd29yZCxcbiAgICAgIC4uLmN1cnJlbnRVc2VyLmN1cnJlbnRVc2VyS2V5LnBhc3NLZXkucGFzc0lkcFBhcmFtcyxcbiAgICB9KTtcblxuICAgIHJldHVybiB7XG4gICAgICBwYXNzSWRwOiBwYXNzSWRwUmVzdWx0Lmp3ayxcbiAgICAgIHNpZ25lZENoYWxsZW5nZSxcbiAgICB9O1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBjaGFuZ2VQYXNzd29yZE11dGF0aW9uKFxuICAgIHNpZ25lZENoYWxsZW5nZTogSldTLkNyZWF0ZVNpZ25SZXN1bHQsXG4gICAgbWFzdGVyS2V5SWQ6IHN0cmluZyxcbiAgICBuZXdXcmFwcGVkTWFzdGVyS2V5OiBSZWNvcmQ8c3RyaW5nLCBKU09OT2JqZWN0PixcbiAgICBwYXNzS2V5QnVuZGxlOiBQYXNzS2V5QnVuZGxlXG4gICk6IFByb21pc2U8eyB0b2tlbjogc3RyaW5nOyBuZXdQYXNzS2V5SWQ6IHN0cmluZyB9PiB7XG4gICAgY29uc3QgcmVzcG9uc2UgPSBhd2FpdCB0aGlzLmFwb2xsby5tdXRhdGU8UGFzc3dvcmRDaGFuZ2VNdXRhdGlvbj4oe1xuICAgICAgbXV0YXRpb246IFBhc3N3b3JkQ2hhbmdlTXV0YXRpb24sXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBzaWduZWRDaGFsbGVuZ2U6IEpTT04uc3RyaW5naWZ5KHNpZ25lZENoYWxsZW5nZSksXG4gICAgICAgICAgbWFzdGVyS2V5SWQsXG4gICAgICAgICAgbmV3V3JhcHBlZE1hc3RlcktleTogSlNPTi5zdHJpbmdpZnkobmV3V3JhcHBlZE1hc3RlcktleSksXG4gICAgICAgICAgbmV3UGFzc0tleToge1xuICAgICAgICAgICAgcGFzc0lkcFBhcmFtczogSlNPTi5zdHJpbmdpZnkocGFzc0tleUJ1bmRsZS5wYXNzSWRwUGFyYW1zKSxcbiAgICAgICAgICAgIHBhc3NJZHBWZXJpZmllclBiazogSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgICAgICAgIHBhc3NLZXlCdW5kbGUucGFzc0lkcFZlcmlmaWVyLnRvSlNPTigpXG4gICAgICAgICAgICApLFxuICAgICAgICAgICAgd3JhcHBlZFBhc3NJZHBWZXJpZmllclByazogSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgICAgICAgIHBhc3NLZXlCdW5kbGUud3JhcHBlZFBhc3NJZHBWZXJpZmllclBya1xuICAgICAgICAgICAgKSxcbiAgICAgICAgICAgIHBhc3NLZXlQYXJhbXM6IEpTT04uc3RyaW5naWZ5KHBhc3NLZXlCdW5kbGUucGFzc0tleVBhcmFtcyksXG4gICAgICAgICAgfSxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gICAgcmV0dXJuIHtcbiAgICAgIHRva2VuOiByZXNwb25zZS5wYXNzd29yZENoYW5nZS50b2tlbixcbiAgICAgIG5ld1Bhc3NLZXlJZDogcmVzcG9uc2UucGFzc3dvcmRDaGFuZ2UubmV3UGFzc0tleS5pZCxcbiAgICB9O1xuICB9XG5cbiAgYXN5bmMgZ2V0Q2hhbmdlUGFzc3dvcmRDb25maWcoKTogUHJvbWlzZTxQYXNzd29yZENoYW5nZUNvbmZpZz4ge1xuICAgIC8vIGVzbGludC1kaXNhYmxlLW5leHQtbGluZSBAdHlwZXNjcmlwdC1lc2xpbnQvbm8tZXhwbGljaXQtYW55XG4gICAgY29uc3QgcmVzID0gYXdhaXQgdGhpcy5hcG9sbG8ucXVlcnk8YW55Pih7XG4gICAgICBxdWVyeTogUGFzc3dvcmRDaGFuZ2VDb25maWdRdWVyeSxcbiAgICB9KTtcblxuICAgIGNvbnN0IHJldCA9IHJlcy5wYXNzd29yZENoYW5nZUNvbmZpZyBhcyBQYXNzd29yZENoYW5nZUNvbmZpZztcblxuICAgIHJldC5hdXRoVGltZSA9IG5ldyBEYXRlKHJldC5hdXRoVGltZSk7XG4gICAgcmV0LnNlcnZlclRpbWUgPSBuZXcgRGF0ZShyZXQuc2VydmVyVGltZSk7XG4gICAgcmV0dXJuIHJldDtcbiAgfVxuXG4gIHB1YmxpYyBwYXNzd29yZFN0cmVuZ3RoKHBhc3N3b3JkKTogeyB5ZWFyczogbnVtYmVyOyBiaXRzOiBudW1iZXIgfSB7XG4gICAgY29uc3QgdXBwZXIgPSAvW0EtWl0vZztcbiAgICBjb25zdCBsb3dlciA9IC9bYS16XS9nO1xuICAgIGNvbnN0IGRpZ2l0ID0gL1swLTldL2c7XG5cbiAgICBjb25zdCB1cHBlckNob2ljZXMgPSAyNjtcbiAgICBjb25zdCBsb3dlckNob2ljZXMgPSAyNjtcbiAgICBjb25zdCBkaWdpdENob2ljZXMgPSAxMDtcbiAgICBjb25zdCBzcGVjaWFsQ2hvaWNlcyA9IDMwOyAvLyAvWyFcIiMkJSYnKCkqKywtLi86Ozw9Pj9AW1xcXV5fYHt8fX5dL2dcblxuICAgIGZ1bmN0aW9uIGluc3RhbmNlQ291bnQoc3RyLCByZSkge1xuICAgICAgcmV0dXJuICgoc3RyIHx8ICcnKS5tYXRjaChyZSkgfHwgW10pLmxlbmd0aDtcbiAgICB9XG5cbiAgICBjb25zdCB1cHBlcnMgPSBpbnN0YW5jZUNvdW50KHBhc3N3b3JkLCB1cHBlcik7XG4gICAgY29uc3QgbG93ZXJzID0gaW5zdGFuY2VDb3VudChwYXNzd29yZCwgbG93ZXIpO1xuICAgIGNvbnN0IGRpZ2l0cyA9IGluc3RhbmNlQ291bnQocGFzc3dvcmQsIGRpZ2l0KTtcbiAgICBjb25zdCBzcGVjaWFscyA9IHBhc3N3b3JkLmxlbmd0aCAtIHVwcGVycyAtIGxvd2VycyAtIGRpZ2l0cztcblxuICAgIGxldCBjaG9pY2VzID0gMDtcbiAgICBpZiAodXBwZXJzKSB7XG4gICAgICBjaG9pY2VzICs9IHVwcGVyQ2hvaWNlcztcbiAgICB9XG4gICAgaWYgKGxvd2Vycykge1xuICAgICAgY2hvaWNlcyArPSBsb3dlckNob2ljZXM7XG4gICAgfVxuICAgIGlmIChkaWdpdHMpIHtcbiAgICAgIGNob2ljZXMgKz0gZGlnaXRDaG9pY2VzO1xuICAgIH1cbiAgICBpZiAoc3BlY2lhbHMpIHtcbiAgICAgIGNob2ljZXMgKz0gc3BlY2lhbENob2ljZXM7XG4gICAgfVxuXG4gICAgaWYgKHBhc3N3b3JkLmxlbmd0aCA9PT0gMCkge1xuICAgICAgcmV0dXJuIHtcbiAgICAgICAgeWVhcnM6IDAsXG4gICAgICAgIC8vIGJpdHMgb2YgZW50cm9weVxuICAgICAgICBiaXRzOiAwLFxuICAgICAgfTtcbiAgICB9XG5cbiAgICBjb25zdCBwZXJtdXRhdGlvbnMgPSBNYXRoLnBvdyhjaG9pY2VzLCBwYXNzd29yZC5sZW5ndGgpO1xuXG4gICAgY29uc3QgeWVhcnMgPVxuICAgICAgKDU0MDAwICogcGVybXV0YXRpb25zKSAvXG4gICAgICBNYXRoLnBvdyh1cHBlckNob2ljZXMgKyBsb3dlckNob2ljZXMgKyBkaWdpdENob2ljZXMsIDEyKTtcbiAgICByZXR1cm4ge1xuICAgICAgeWVhcnMsXG4gICAgICAvLyBiaXRzIG9mIGVudHJvcHlcbiAgICAgIGJpdHM6IE1hdGgucm91bmQoTWF0aC5sb2cyKHBlcm11dGF0aW9ucykpLFxuICAgIH07XG4gIH1cbn1cbiJdfQ==

package/esm2015/lib/persist/persist.service.js ADDED Viewed

@@ -0,0 +1,181 @@
+import { __awaiter } from "tslib";
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import { Injectable, Injector, isDevMode } from '@angular/core';
+import { CookieService } from 'ngx-cookie-service';
+import { EncryptionService } from '../encryption/encryption.service';
+import { KeyFactoryService as KFS } from '../key/key-factory.service';
+import { LrBadArgumentException } from '../_common/exceptions';
+import * as i0 from "@angular/core";
+import * as i1 from "../key/key-factory.service";
+import * as i2 from "ngx-cookie-service";
+import * as i3 from "../encryption/encryption.service";
+export class PersistService {
+    constructor(keyFactory, cookieService, encryptionService, injector) {
+        this.keyFactory = keyFactory;
+        this.cookieService = cookieService;
+        this.encryptionService = encryptionService;
+        this.injector = injector;
+        this.KEY_PREFIX = 'lrSession-';
+        this.cookieSecure = true;
+        this.serverSessionEncryptionKey = null;
+        if (isDevMode()) {
+            this.setCookieSecure(false);
+        }
+    }
+    setServerSessionEncryptionKey(key) {
+        this.serverSessionEncryptionKey = key;
+    }
+    clearServerSessionEncryptionKey() {
+        this.serverSessionEncryptionKey = null;
+    }
+    // It's important that set and delete cookie use exactly the same set of parameters.
+    getCookieParams() {
+        return {
+            path: '/',
+            domain: null,
+            secure: this.cookieSecure,
+            sameSite: 'Lax',
+        };
+    }
+    clear() {
+        // Remove all cookies
+        Object.keys(this.cookieService.getAll()).forEach((key) => {
+            if (key.startsWith(this.KEY_PREFIX)) {
+                this.deletePrefixedName(key);
+            }
+        });
+        // Remove all persisted session variables
+        Object.keys(localStorage).forEach((key) => {
+            if (key.startsWith(this.KEY_PREFIX)) {
+                this.deletePrefixedName(key);
+            }
+        });
+    }
+    setCookieSecure(value) {
+        this.cookieSecure = value;
+        if (!value) {
+            if (isDevMode()) {
+                console.warn('The cookie secure flag in persistService has been set to false, set it to true in production mode');
+            }
+            else {
+                throw new LrBadArgumentException('Can not set PersistService cookie secure flag to false in production mode.');
+            }
+        }
+    }
+    prefixName(name) {
+        return this.KEY_PREFIX + name;
+    }
+    delete(name) {
+        this.deletePrefixedName(this.prefixName(name));
+    }
+    deletePrefixedName(prefixedName) {
+        const params = this.getCookieParams();
+        this.cookieService.delete(prefixedName, // name: string,
+        params.path, // path?: string,
+        params.domain, // domain ?: string,
+        params.secure, // secure ?: boolean,
+        params.sameSite // sameSite ?: 'Lax' | 'None' | 'Strict'): void;
+        );
+        localStorage.removeItem(prefixedName);
+    }
+    set({ name, value, serverSession, expiry, }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const prefixedName = this.prefixName(name);
+            let item;
+            if (serverSession) {
+                item = {
+                    serverSession: true,
+                    data: yield this.encryptionService.encryptToString(this.serverSessionEncryptionKey, value),
+                };
+            }
+            else {
+                item = {
+                    data: value,
+                };
+            }
+            if (expiry) {
+                const key = yield this.keyFactory.createKey();
+                item.expiry = expiry.toISOString();
+                item.data = yield this.encryptionService.encryptToString(key, item.data);
+                const cookieItem = {
+                    key: key.toJSON(true),
+                };
+                // If path is set to anything other than "/" then the cookie is only
+                // accessible by JS if the current URL has the same prefix as the path.
+                // Ideally we don't want the encryption key cookie to be sent at all, but
+                // since the encrypted content is held in localstorage, it is not a security
+                // risk, i.e. it is at least as secure as storing only in localstorage.
+                const params = this.getCookieParams();
+                this.cookieService.set(prefixedName, // name: string,
+                JSON.stringify(cookieItem), // value: string,
+                expiry, // expires?: number | Date,
+                params.path, // path?: string,
+                params.domain, // domain?: string,
+                params.secure, // secure?: boolean,
+                params.sameSite // sameSite?: 'Lax' | 'None' | 'Strict'
+                );
+            }
+            localStorage.setItem(prefixedName, JSON.stringify(item));
+        });
+    }
+    get(name) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const prefixedName = this.prefixName(name);
+            try {
+                const ret = yield this.getImpl(prefixedName);
+                if (ret == null) {
+                    // Clear any cookies to keep things in sync.
+                    this.deletePrefixedName(prefixedName);
+                }
+                return ret;
+            }
+            catch (error) {
+                this.deletePrefixedName(prefixedName);
+                throw error;
+            }
+        });
+    }
+    getImpl(name) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const itemString = localStorage.getItem(name);
+            if (!itemString) {
+                return null;
+            }
+            const item = JSON.parse(itemString);
+            let data;
+            if (item.expiry) {
+                const cookieItemString = this.cookieService.get(name);
+                if (!cookieItemString) {
+                    // Probably expired, but we won't make any interpretations since if we only used
+                    // cookies we can't tell if it's expired or explicitly removed. So we just make
+                    // the behaviour here consistent with that.
+                    console.log('No cookie.');
+                    return null;
+                }
+                const cookieItem = JSON.parse(cookieItemString);
+                const key = yield KFS.asKey(cookieItem.key);
+                data = yield this.encryptionService.decrypt(key, item.data);
+            }
+            else {
+                data = item.data;
+            }
+            if (item.serverSession) {
+                data = yield this.encryptionService.decrypt(this.serverSessionEncryptionKey, data);
+            }
+            return data;
+        });
+    }
+}
+PersistService.ɵprov = i0.ɵɵdefineInjectable({ factory: function PersistService_Factory() { return new PersistService(i0.ɵɵinject(i1.KeyFactoryService), i0.ɵɵinject(i2.CookieService), i0.ɵɵinject(i3.EncryptionService), i0.ɵɵinject(i0.INJECTOR)); }, token: PersistService, providedIn: "root" });
+PersistService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+PersistService.ctorParameters = () => [
+    { type: KFS },
+    { type: CookieService },
+    { type: EncryptionService },
+    { type: Injector }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGVyc2lzdC5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vLi4vcHJvamVjdHMvY29yZS9zcmMvbGliL3BlcnNpc3QvcGVyc2lzdC5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSx1REFBdUQ7QUFDdkQsT0FBTyxFQUFFLFVBQVUsRUFBRSxRQUFRLEVBQUUsU0FBUyxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQ2hFLE9BQU8sRUFBRSxhQUFhLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUVuRCxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxrQ0FBa0MsQ0FBQztBQUNyRSxPQUFPLEVBQUUsaUJBQWlCLElBQUksR0FBRyxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDdEUsT0FBTyxFQUFFLHNCQUFzQixFQUFFLE1BQU0sdUJBQXVCLENBQUM7Ozs7O0FBZS9ELE1BQU0sT0FBTyxjQUFjO0lBTXpCLFlBQ1UsVUFBZSxFQUNmLGFBQTRCLEVBQzVCLGlCQUFvQyxFQUNwQyxRQUFrQjtRQUhsQixlQUFVLEdBQVYsVUFBVSxDQUFLO1FBQ2Ysa0JBQWEsR0FBYixhQUFhLENBQWU7UUFDNUIsc0JBQWlCLEdBQWpCLGlCQUFpQixDQUFtQjtRQUNwQyxhQUFRLEdBQVIsUUFBUSxDQUFVO1FBVFgsZUFBVSxHQUFHLFlBQVksQ0FBQztRQUVuQyxpQkFBWSxHQUFHLElBQUksQ0FBQztRQUNwQiwrQkFBMEIsR0FBWSxJQUFJLENBQUM7UUFRakQsSUFBSSxTQUFTLEVBQUUsRUFBRTtZQUNmLElBQUksQ0FBQyxlQUFlLENBQUMsS0FBSyxDQUFDLENBQUM7U0FDN0I7SUFDSCxDQUFDO0lBRUQsNkJBQTZCLENBQUMsR0FBWTtRQUN4QyxJQUFJLENBQUMsMEJBQTBCLEdBQUcsR0FBRyxDQUFDO0lBQ3hDLENBQUM7SUFFRCwrQkFBK0I7UUFDN0IsSUFBSSxDQUFDLDBCQUEwQixHQUFHLElBQUksQ0FBQztJQUN6QyxDQUFDO0lBRUQsb0ZBQW9GO0lBQzVFLGVBQWU7UUFDckIsT0FBTztZQUNMLElBQUksRUFBRSxHQUFHO1lBQ1QsTUFBTSxFQUFFLElBQUk7WUFDWixNQUFNLEVBQUUsSUFBSSxDQUFDLFlBQVk7WUFDekIsUUFBUSxFQUFFLEtBQWtDO1NBQzdDLENBQUM7SUFDSixDQUFDO0lBRU0sS0FBSztRQUNWLHFCQUFxQjtRQUNyQixNQUFNLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsTUFBTSxFQUFFLENBQUMsQ0FBQyxPQUFPLENBQUMsQ0FBQyxHQUFHLEVBQUUsRUFBRTtZQUN2RCxJQUFJLEdBQUcsQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxFQUFFO2dCQUNuQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLENBQUM7YUFDOUI7UUFDSCxDQUFDLENBQUMsQ0FBQztRQUVILHlDQUF5QztRQUN6QyxNQUFNLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxDQUFDLE9BQU8sQ0FBQyxDQUFDLEdBQUcsRUFBRSxFQUFFO1lBQ3hDLElBQUksR0FBRyxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLEVBQUU7Z0JBQ25DLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsQ0FBQzthQUM5QjtRQUNILENBQUMsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVNLGVBQWUsQ0FBQyxLQUFjO1FBQ25DLElBQUksQ0FBQyxZQUFZLEdBQUcsS0FBSyxDQUFDO1FBQzFCLElBQUksQ0FBQyxLQUFLLEVBQUU7WUFDVixJQUFJLFNBQVMsRUFBRSxFQUFFO2dCQUNmLE9BQU8sQ0FBQyxJQUFJLENBQ1YsbUdBQW1HLENBQ3BHLENBQUM7YUFDSDtpQkFBTTtnQkFDTCxNQUFNLElBQUksc0JBQXNCLENBQzlCLDRFQUE0RSxDQUM3RSxDQUFDO2FBQ0g7U0FDRjtJQUNILENBQUM7SUFFTyxVQUFVLENBQUMsSUFBWTtRQUM3QixPQUFPLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDO0lBQ2hDLENBQUM7SUFFTSxNQUFNLENBQUMsSUFBWTtRQUN4QixJQUFJLENBQUMsa0JBQWtCLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO0lBQ2pELENBQUM7SUFFTyxrQkFBa0IsQ0FBQyxZQUFvQjtRQUM3QyxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7UUFDdEMsSUFBSSxDQUFDLGFBQWEsQ0FBQyxNQUFNLENBQ3ZCLFlBQVksRUFBRSxnQkFBZ0I7UUFDOUIsTUFBTSxDQUFDLElBQUksRUFBRSxpQkFBaUI7UUFDOUIsTUFBTSxDQUFDLE1BQU0sRUFBRSxvQkFBb0I7UUFDbkMsTUFBTSxDQUFDLE1BQU0sRUFBRSxxQkFBcUI7UUFDcEMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxnREFBZ0Q7U0FDakUsQ0FBQztRQUNGLFlBQVksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDeEMsQ0FBQztJQUVZLEdBQUcsQ0FBQyxFQUNmLElBQUksRUFDSixLQUFLLEVBQ0wsYUFBYSxFQUNiLE1BQU0sR0FNUDs7WUFDQyxNQUFNLFlBQVksR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO1lBRTNDLElBQUksSUFBVSxDQUFDO1lBRWYsSUFBSSxhQUFhLEVBQUU7Z0JBQ2pCLElBQUksR0FBRztvQkFDTCxhQUFhLEVBQUUsSUFBSTtvQkFDbkIsSUFBSSxFQUFFLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FDaEQsSUFBSSxDQUFDLDBCQUEwQixFQUMvQixLQUFLLENBQ047aUJBQ0YsQ0FBQzthQUNIO2lCQUFNO2dCQUNMLElBQUksR0FBRztvQkFDTCxJQUFJLEVBQUUsS0FBSztpQkFDWixDQUFDO2FBQ0g7WUFFRCxJQUFJLE1BQU0sRUFBRTtnQkFDVixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQzlDLElBQUksQ0FBQyxNQUFNLEdBQUcsTUFBTSxDQUFDLFdBQVcsRUFBRSxDQUFDO2dCQUNuQyxJQUFJLENBQUMsSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUV6RSxNQUFNLFVBQVUsR0FBZTtvQkFDN0IsR0FBRyxFQUFFLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDO2lCQUN0QixDQUFDO2dCQUVGLG9FQUFvRTtnQkFDcEUsdUVBQXVFO2dCQUN2RSx5RUFBeUU7Z0JBQ3pFLDRFQUE0RTtnQkFDNUUsdUVBQXVFO2dCQUN2RSxNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsZUFBZSxFQUFFLENBQUM7Z0JBQ3RDLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUNwQixZQUFZLEVBQUUsZ0JBQWdCO2dCQUM5QixJQUFJLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQyxFQUFFLGlCQUFpQjtnQkFDN0MsTUFBTSxFQUFFLDJCQUEyQjtnQkFDbkMsTUFBTSxDQUFDLElBQUksRUFBRSxpQkFBaUI7Z0JBQzlCLE1BQU0sQ0FBQyxNQUFNLEVBQUUsbUJBQW1CO2dCQUNsQyxNQUFNLENBQUMsTUFBTSxFQUFFLG9CQUFvQjtnQkFDbkMsTUFBTSxDQUFDLFFBQVEsQ0FBQyx1Q0FBdUM7aUJBQ3hELENBQUM7YUFDSDtZQUVELFlBQVksQ0FBQyxPQUFPLENBQUMsWUFBWSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQztRQUMzRCxDQUFDO0tBQUE7SUFFWSxHQUFHLENBQUMsSUFBWTs7WUFDM0IsTUFBTSxZQUFZLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUUzQyxJQUFJO2dCQUNGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxZQUFZLENBQUMsQ0FBQztnQkFDN0MsSUFBSSxHQUFHLElBQUksSUFBSSxFQUFFO29CQUNmLDRDQUE0QztvQkFDNUMsSUFBSSxDQUFDLGtCQUFrQixDQUFDLFlBQVksQ0FBQyxDQUFDO2lCQUN2QztnQkFDRCxPQUFPLEdBQUcsQ0FBQzthQUNaO1lBQUMsT0FBTyxLQUFLLEVBQUU7Z0JBQ2QsSUFBSSxDQUFDLGtCQUFrQixDQUFDLFlBQVksQ0FBQyxDQUFDO2dCQUN0QyxNQUFNLEtBQUssQ0FBQzthQUNiO1FBQ0gsQ0FBQztLQUFBO0lBRWEsT0FBTyxDQUFDLElBQVk7O1lBQ2hDLE1BQU0sVUFBVSxHQUFHLFlBQVksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLENBQUM7WUFDOUMsSUFBSSxDQUFDLFVBQVUsRUFBRTtnQkFDZixPQUFPLElBQUksQ0FBQzthQUNiO1lBRUQsTUFBTSxJQUFJLEdBQVMsSUFBSSxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUUxQyxJQUFJLElBQVMsQ0FBQztZQUVkLElBQUksSUFBSSxDQUFDLE1BQU0sRUFBRTtnQkFDZixNQUFNLGdCQUFnQixHQUFHLElBQUksQ0FBQyxhQUFhLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxDQUFDO2dCQUN0RCxJQUFJLENBQUMsZ0JBQWdCLEVBQUU7b0JBQ3JCLGdGQUFnRjtvQkFDaEYsK0VBQStFO29CQUMvRSwyQ0FBMkM7b0JBQzNDLE9BQU8sQ0FBQyxHQUFHLENBQUMsWUFBWSxDQUFDLENBQUM7b0JBQzFCLE9BQU8sSUFBSSxDQUFDO2lCQUNiO2dCQUVELE1BQU0sVUFBVSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsZ0JBQWdCLENBQUMsQ0FBQztnQkFFaEQsTUFBTSxHQUFHLEdBQUcsTUFBTSxHQUFHLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsQ0FBQztnQkFFNUMsSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxDQUFDO2FBQzdEO2lCQUFNO2dCQUNMLElBQUksR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDO2FBQ2xCO1lBRUQsSUFBSSxJQUFJLENBQUMsYUFBYSxFQUFFO2dCQUN0QixJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUN6QyxJQUFJLENBQUMsMEJBQTBCLEVBQy9CLElBQUksQ0FDTCxDQUFDO2FBQ0g7WUFFRCxPQUFPLElBQUksQ0FBQztRQUNkLENBQUM7S0FBQTs7OztZQXhNRixVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7OztZQWY2QixHQUFHO1lBSHhCLGFBQWE7WUFFYixpQkFBaUI7WUFITCxRQUFRIiwic291cmNlc0NvbnRlbnQiOlsiLyogZXNsaW50LWRpc2FibGUgQHR5cGVzY3JpcHQtZXNsaW50L25vLWV4cGxpY2l0LWFueSAqL1xuaW1wb3J0IHsgSW5qZWN0YWJsZSwgSW5qZWN0b3IsIGlzRGV2TW9kZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgQ29va2llU2VydmljZSB9IGZyb20gJ25neC1jb29raWUtc2VydmljZSc7XG5pbXBvcnQgeyBKV0sgfSBmcm9tICdub2RlLWpvc2UnO1xuaW1wb3J0IHsgRW5jcnlwdGlvblNlcnZpY2UgfSBmcm9tICcuLi9lbmNyeXB0aW9uL2VuY3J5cHRpb24uc2VydmljZSc7XG5pbXBvcnQgeyBLZXlGYWN0b3J5U2VydmljZSBhcyBLRlMgfSBmcm9tICcuLi9rZXkva2V5LWZhY3Rvcnkuc2VydmljZSc7XG5pbXBvcnQgeyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uIH0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcblxuaW50ZXJmYWNlIEl0ZW0ge1xuICBkYXRhOiBzdHJpbmc7XG4gIGV4cGlyeT86IHN0cmluZzsgLy8gaXNvIGZvcm1hdFxuICBzZXJ2ZXJTZXNzaW9uPzogYm9vbGVhbjtcbn1cblxuaW50ZXJmYWNlIENvb2tpZUl0ZW0ge1xuICBrZXk6IGFueTtcbn1cblxuQEluamVjdGFibGUoe1xuICBwcm92aWRlZEluOiAncm9vdCcsXG59KVxuZXhwb3J0IGNsYXNzIFBlcnNpc3RTZXJ2aWNlIHtcbiAgcHJpdmF0ZSByZWFkb25seSBLRVlfUFJFRklYID0gJ2xyU2Vzc2lvbi0nO1xuXG4gIHByaXZhdGUgY29va2llU2VjdXJlID0gdHJ1ZTtcbiAgcHJpdmF0ZSBzZXJ2ZXJTZXNzaW9uRW5jcnlwdGlvbktleTogSldLLktleSA9IG51bGw7XG5cbiAgY29uc3RydWN0b3IoXG4gICAgcHJpdmF0ZSBrZXlGYWN0b3J5OiBLRlMsXG4gICAgcHJpdmF0ZSBjb29raWVTZXJ2aWNlOiBDb29raWVTZXJ2aWNlLFxuICAgIHByaXZhdGUgZW5jcnlwdGlvblNlcnZpY2U6IEVuY3J5cHRpb25TZXJ2aWNlLFxuICAgIHByaXZhdGUgaW5qZWN0b3I6IEluamVjdG9yXG4gICkge1xuICAgIGlmIChpc0Rldk1vZGUoKSkge1xuICAgICAgdGhpcy5zZXRDb29raWVTZWN1cmUoZmFsc2UpO1xuICAgIH1cbiAgfVxuXG4gIHNldFNlcnZlclNlc3Npb25FbmNyeXB0aW9uS2V5KGtleTogSldLLktleSkge1xuICAgIHRoaXMuc2VydmVyU2Vzc2lvbkVuY3J5cHRpb25LZXkgPSBrZXk7XG4gIH1cblxuICBjbGVhclNlcnZlclNlc3Npb25FbmNyeXB0aW9uS2V5KCkge1xuICAgIHRoaXMuc2VydmVyU2Vzc2lvbkVuY3J5cHRpb25LZXkgPSBudWxsO1xuICB9XG5cbiAgLy8gSXQncyBpbXBvcnRhbnQgdGhhdCBzZXQgYW5kIGRlbGV0ZSBjb29raWUgdXNlIGV4YWN0bHkgdGhlIHNhbWUgc2V0IG9mIHBhcmFtZXRlcnMuXG4gIHByaXZhdGUgZ2V0Q29va2llUGFyYW1zKCkge1xuICAgIHJldHVybiB7XG4gICAgICBwYXRoOiAnLycsXG4gICAgICBkb21haW46IG51bGwsIC8vIHdoaWNoIG1lYW5zIHRoZSBjdXJyZW50IGRvbWFpbiBvZiB0aGUgZnJvbnRlbmQgYXBwLlxuICAgICAgc2VjdXJlOiB0aGlzLmNvb2tpZVNlY3VyZSxcbiAgICAgIHNhbWVTaXRlOiAnTGF4JyBhcyAnTGF4JyB8ICdOb25lJyB8ICdTdHJpY3QnLFxuICAgIH07XG4gIH1cblxuICBwdWJsaWMgY2xlYXIoKSB7XG4gICAgLy8gUmVtb3ZlIGFsbCBjb29raWVzXG4gICAgT2JqZWN0LmtleXModGhpcy5jb29raWVTZXJ2aWNlLmdldEFsbCgpKS5mb3JFYWNoKChrZXkpID0+IHtcbiAgICAgIGlmIChrZXkuc3RhcnRzV2l0aCh0aGlzLktFWV9QUkVGSVgpKSB7XG4gICAgICAgIHRoaXMuZGVsZXRlUHJlZml4ZWROYW1lKGtleSk7XG4gICAgICB9XG4gICAgfSk7XG5cbiAgICAvLyBSZW1vdmUgYWxsIHBlcnNpc3RlZCBzZXNzaW9uIHZhcmlhYmxlc1xuICAgIE9iamVjdC5rZXlzKGxvY2FsU3RvcmFnZSkuZm9yRWFjaCgoa2V5KSA9PiB7XG4gICAgICBpZiAoa2V5LnN0YXJ0c1dpdGgodGhpcy5LRVlfUFJFRklYKSkge1xuICAgICAgICB0aGlzLmRlbGV0ZVByZWZpeGVkTmFtZShrZXkpO1xuICAgICAgfVxuICAgIH0pO1xuICB9XG5cbiAgcHVibGljIHNldENvb2tpZVNlY3VyZSh2YWx1ZTogYm9vbGVhbikge1xuICAgIHRoaXMuY29va2llU2VjdXJlID0gdmFsdWU7XG4gICAgaWYgKCF2YWx1ZSkge1xuICAgICAgaWYgKGlzRGV2TW9kZSgpKSB7XG4gICAgICAgIGNvbnNvbGUud2FybihcbiAgICAgICAgICAnVGhlIGNvb2tpZSBzZWN1cmUgZmxhZyBpbiBwZXJzaXN0U2VydmljZSBoYXMgYmVlbiBzZXQgdG8gZmFsc2UsIHNldCBpdCB0byB0cnVlIGluIHByb2R1Y3Rpb24gbW9kZSdcbiAgICAgICAgKTtcbiAgICAgIH0gZWxzZSB7XG4gICAgICAgIHRocm93IG5ldyBMckJhZEFyZ3VtZW50RXhjZXB0aW9uKFxuICAgICAgICAgICdDYW4gbm90IHNldCBQZXJzaXN0U2VydmljZSBjb29raWUgc2VjdXJlIGZsYWcgdG8gZmFsc2UgaW4gcHJvZHVjdGlvbiBtb2RlLidcbiAgICAgICAgKTtcbiAgICAgIH1cbiAgICB9XG4gIH1cblxuICBwcml2YXRlIHByZWZpeE5hbWUobmFtZTogc3RyaW5nKTogc3RyaW5nIHtcbiAgICByZXR1cm4gdGhpcy5LRVlfUFJFRklYICsgbmFtZTtcbiAgfVxuXG4gIHB1YmxpYyBkZWxldGUobmFtZTogc3RyaW5nKTogdm9pZCB7XG4gICAgdGhpcy5kZWxldGVQcmVmaXhlZE5hbWUodGhpcy5wcmVmaXhOYW1lKG5hbWUpKTtcbiAgfVxuXG4gIHByaXZhdGUgZGVsZXRlUHJlZml4ZWROYW1lKHByZWZpeGVkTmFtZTogc3RyaW5nKTogdm9pZCB7XG4gICAgY29uc3QgcGFyYW1zID0gdGhpcy5nZXRDb29raWVQYXJhbXMoKTtcbiAgICB0aGlzLmNvb2tpZVNlcnZpY2UuZGVsZXRlKFxuICAgICAgcHJlZml4ZWROYW1lLCAvLyBuYW1lOiBzdHJpbmcsXG4gICAgICBwYXJhbXMucGF0aCwgLy8gcGF0aD86IHN0cmluZyxcbiAgICAgIHBhcmFtcy5kb21haW4sIC8vIGRvbWFpbiA/OiBzdHJpbmcsXG4gICAgICBwYXJhbXMuc2VjdXJlLCAvLyBzZWN1cmUgPzogYm9vbGVhbixcbiAgICAgIHBhcmFtcy5zYW1lU2l0ZSAvLyBzYW1lU2l0ZSA/OiAnTGF4JyB8ICdOb25lJyB8ICdTdHJpY3QnKTogdm9pZDtcbiAgICApO1xuICAgIGxvY2FsU3RvcmFnZS5yZW1vdmVJdGVtKHByZWZpeGVkTmFtZSk7XG4gIH1cblxuICBwdWJsaWMgYXN5bmMgc2V0KHtcbiAgICBuYW1lLFxuICAgIHZhbHVlLFxuICAgIHNlcnZlclNlc3Npb24sXG4gICAgZXhwaXJ5LFxuICB9OiB7XG4gICAgbmFtZTogc3RyaW5nO1xuICAgIHZhbHVlOiBhbnk7XG4gICAgc2VydmVyU2Vzc2lvbjogYm9vbGVhbjtcbiAgICBleHBpcnk/OiBEYXRlO1xuICB9KTogUHJvbWlzZTx2b2lkPiB7XG4gICAgY29uc3QgcHJlZml4ZWROYW1lID0gdGhpcy5wcmVmaXhOYW1lKG5hbWUpO1xuXG4gICAgbGV0IGl0ZW06IEl0ZW07XG5cbiAgICBpZiAoc2VydmVyU2Vzc2lvbikge1xuICAgICAgaXRlbSA9IHtcbiAgICAgICAgc2VydmVyU2Vzc2lvbjogdHJ1ZSxcbiAgICAgICAgZGF0YTogYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0VG9TdHJpbmcoXG4gICAgICAgICAgdGhpcy5zZXJ2ZXJTZXNzaW9uRW5jcnlwdGlvbktleSxcbiAgICAgICAgICB2YWx1ZVxuICAgICAgICApLFxuICAgICAgfTtcbiAgICB9IGVsc2Uge1xuICAgICAgaXRlbSA9IHtcbiAgICAgICAgZGF0YTogdmFsdWUsXG4gICAgICB9O1xuICAgIH1cblxuICAgIGlmIChleHBpcnkpIHtcbiAgICAgIGNvbnN0IGtleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcbiAgICAgIGl0ZW0uZXhwaXJ5ID0gZXhwaXJ5LnRvSVNPU3RyaW5nKCk7XG4gICAgICBpdGVtLmRhdGEgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHRUb1N0cmluZyhrZXksIGl0ZW0uZGF0YSk7XG5cbiAgICAgIGNvbnN0IGNvb2tpZUl0ZW06IENvb2tpZUl0ZW0gPSB7XG4gICAgICAgIGtleToga2V5LnRvSlNPTih0cnVlKSxcbiAgICAgIH07XG5cbiAgICAgIC8vIElmIHBhdGggaXMgc2V0IHRvIGFueXRoaW5nIG90aGVyIHRoYW4gXCIvXCIgdGhlbiB0aGUgY29va2llIGlzIG9ubHlcbiAgICAgIC8vIGFjY2Vzc2libGUgYnkgSlMgaWYgdGhlIGN1cnJlbnQgVVJMIGhhcyB0aGUgc2FtZSBwcmVmaXggYXMgdGhlIHBhdGguXG4gICAgICAvLyBJZGVhbGx5IHdlIGRvbid0IHdhbnQgdGhlIGVuY3J5cHRpb24ga2V5IGNvb2tpZSB0byBiZSBzZW50IGF0IGFsbCwgYnV0XG4gICAgICAvLyBzaW5jZSB0aGUgZW5jcnlwdGVkIGNvbnRlbnQgaXMgaGVsZCBpbiBsb2NhbHN0b3JhZ2UsIGl0IGlzIG5vdCBhIHNlY3VyaXR5XG4gICAgICAvLyByaXNrLCBpLmUuIGl0IGlzIGF0IGxlYXN0IGFzIHNlY3VyZSBhcyBzdG9yaW5nIG9ubHkgaW4gbG9jYWxzdG9yYWdlLlxuICAgICAgY29uc3QgcGFyYW1zID0gdGhpcy5nZXRDb29raWVQYXJhbXMoKTtcbiAgICAgIHRoaXMuY29va2llU2VydmljZS5zZXQoXG4gICAgICAgIHByZWZpeGVkTmFtZSwgLy8gbmFtZTogc3RyaW5nLFxuICAgICAgICBKU09OLnN0cmluZ2lmeShjb29raWVJdGVtKSwgLy8gdmFsdWU6IHN0cmluZyxcbiAgICAgICAgZXhwaXJ5LCAvLyBleHBpcmVzPzogbnVtYmVyIHwgRGF0ZSxcbiAgICAgICAgcGFyYW1zLnBhdGgsIC8vIHBhdGg/OiBzdHJpbmcsXG4gICAgICAgIHBhcmFtcy5kb21haW4sIC8vIGRvbWFpbj86IHN0cmluZyxcbiAgICAgICAgcGFyYW1zLnNlY3VyZSwgLy8gc2VjdXJlPzogYm9vbGVhbixcbiAgICAgICAgcGFyYW1zLnNhbWVTaXRlIC8vIHNhbWVTaXRlPzogJ0xheCcgfCAnTm9uZScgfCAnU3RyaWN0J1xuICAgICAgKTtcbiAgICB9XG5cbiAgICBsb2NhbFN0b3JhZ2Uuc2V0SXRlbShwcmVmaXhlZE5hbWUsIEpTT04uc3RyaW5naWZ5KGl0ZW0pKTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBnZXQobmFtZTogc3RyaW5nKTogUHJvbWlzZTxhbnk+IHtcbiAgICBjb25zdCBwcmVmaXhlZE5hbWUgPSB0aGlzLnByZWZpeE5hbWUobmFtZSk7XG5cbiAgICB0cnkge1xuICAgICAgY29uc3QgcmV0ID0gYXdhaXQgdGhpcy5nZXRJbXBsKHByZWZpeGVkTmFtZSk7XG4gICAgICBpZiAocmV0ID09IG51bGwpIHtcbiAgICAgICAgLy8gQ2xlYXIgYW55IGNvb2tpZXMgdG8ga2VlcCB0aGluZ3MgaW4gc3luYy5cbiAgICAgICAgdGhpcy5kZWxldGVQcmVmaXhlZE5hbWUocHJlZml4ZWROYW1lKTtcbiAgICAgIH1cbiAgICAgIHJldHVybiByZXQ7XG4gICAgfSBjYXRjaCAoZXJyb3IpIHtcbiAgICAgIHRoaXMuZGVsZXRlUHJlZml4ZWROYW1lKHByZWZpeGVkTmFtZSk7XG4gICAgICB0aHJvdyBlcnJvcjtcbiAgICB9XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGdldEltcGwobmFtZTogc3RyaW5nKTogUHJvbWlzZTxhbnk+IHtcbiAgICBjb25zdCBpdGVtU3RyaW5nID0gbG9jYWxTdG9yYWdlLmdldEl0ZW0obmFtZSk7XG4gICAgaWYgKCFpdGVtU3RyaW5nKSB7XG4gICAgICByZXR1cm4gbnVsbDtcbiAgICB9XG5cbiAgICBjb25zdCBpdGVtOiBJdGVtID0gSlNPTi5wYXJzZShpdGVtU3RyaW5nKTtcblxuICAgIGxldCBkYXRhOiBhbnk7XG5cbiAgICBpZiAoaXRlbS5leHBpcnkpIHtcbiAgICAgIGNvbnN0IGNvb2tpZUl0ZW1TdHJpbmcgPSB0aGlzLmNvb2tpZVNlcnZpY2UuZ2V0KG5hbWUpO1xuICAgICAgaWYgKCFjb29raWVJdGVtU3RyaW5nKSB7XG4gICAgICAgIC8vIFByb2JhYmx5IGV4cGlyZWQsIGJ1dCB3ZSB3b24ndCBtYWtlIGFueSBpbnRlcnByZXRhdGlvbnMgc2luY2UgaWYgd2Ugb25seSB1c2VkXG4gICAgICAgIC8vIGNvb2tpZXMgd2UgY2FuJ3QgdGVsbCBpZiBpdCdzIGV4cGlyZWQgb3IgZXhwbGljaXRseSByZW1vdmVkLiBTbyB3ZSBqdXN0IG1ha2VcbiAgICAgICAgLy8gdGhlIGJlaGF2aW91ciBoZXJlIGNvbnNpc3RlbnQgd2l0aCB0aGF0LlxuICAgICAgICBjb25zb2xlLmxvZygnTm8gY29va2llLicpO1xuICAgICAgICByZXR1cm4gbnVsbDtcbiAgICAgIH1cblxuICAgICAgY29uc3QgY29va2llSXRlbSA9IEpTT04ucGFyc2UoY29va2llSXRlbVN0cmluZyk7XG5cbiAgICAgIGNvbnN0IGtleSA9IGF3YWl0IEtGUy5hc0tleShjb29raWVJdGVtLmtleSk7XG5cbiAgICAgIGRhdGEgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoa2V5LCBpdGVtLmRhdGEpO1xuICAgIH0gZWxzZSB7XG4gICAgICBkYXRhID0gaXRlbS5kYXRhO1xuICAgIH1cblxuICAgIGlmIChpdGVtLnNlcnZlclNlc3Npb24pIHtcbiAgICAgIGRhdGEgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXG4gICAgICAgIHRoaXMuc2VydmVyU2Vzc2lvbkVuY3J5cHRpb25LZXksXG4gICAgICAgIGRhdGFcbiAgICAgICk7XG4gICAgfVxuXG4gICAgcmV0dXJuIGRhdGE7XG4gIH1cbn1cbiJdfQ==

package/esm2015/lib/plan/plan.gql.js CHANGED Viewed

@@ -120,4 +120,4 @@ export const StripeQuery = gql `
     }
   }
 `;
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGxhbi5ncWwuanMiLCJzb3VyY2VSb290IjoiL29wdC9hdGxhc3NpYW4vcGlwZWxpbmVzL2FnZW50L2J1aWxkL3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL3BsYW4vcGxhbi5ncWwudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxHQUFHLE1BQU0sYUFBYSxDQUFDO0FBRTlCLE1BQU0sQ0FBQyxNQUFNLG1DQUFtQyxHQUFHLEdBQUcsQ0FBQTs7Ozs7Ozs7Ozs7Ozs7OztDQWdCckQsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLHdDQUF3QyxHQUFHLEdBQUcsQ0FBQTs7Ozs7O0NBTTFELENBQUM7QUFFRixNQUFNLENBQUMsTUFBTSxVQUFVLEdBQUc7Ozs7Q0FJekIsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLDRCQUE0QixHQUFHLEdBQUcsQ0FBQTs7Ozs7O1VBTXJDLFVBQVU7Ozs7Ozs7O0VBUWxCLENBQUM7QUFFSCxNQUFNLENBQUMsTUFBTSw0QkFBNEIsR0FBRyxHQUFHLENBQUE7Ozs7OztDQU05QyxDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sc0JBQXNCLEdBQUcsR0FBRyxDQUFBOzs7O1FBSWpDLFVBQVU7Ozs7Q0FJakIsQ0FBQztBQUVGLGlDQUFpQztBQUNqQyxNQUFNLENBQUMsTUFBTSxvQkFBb0IsR0FBRyxHQUFHLENBQUE7Ozs7Ozs7Ozs7Q0FVdEMsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLG1CQUFtQixHQUFHLEdBQUcsQ0FBQTs7Ozs7Ozs7Ozs7UUFXOUIsVUFBVTs7Ozs7O0NBTWpCLENBQUM7QUFFRixNQUFNLENBQUMsTUFBTSwrQkFBK0IsR0FBRyxHQUFHLENBQUE7Ozs7OztVQU14QyxVQUFVOzs7OztFQUtsQixDQUFDO0FBRUgsTUFBTSxDQUFDLE1BQU0sY0FBYyxHQUFHLEdBQUcsQ0FBQTs7Ozs7O1FBTXpCLFVBQVU7Ozs7Q0FJakIsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLFdBQVcsR0FBRyxHQUFHLENBQUE7Ozs7Ozs7Q0FPN0IsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCBncWwgZnJvbSAnZ3JhcGhxbC10YWcnO1xuXG5leHBvcnQgY29uc3QgQ3JlYXRlU3RyaXBlQ2hlY2tvdXRTZXNzaW9uTXV0YXRpb24gPSBncWxgXG4gIG11dGF0aW9uIENyZWF0ZVN0cmlwZUNoZWNrb3V0U2Vzc2lvbihcbiAgICAkcHJpY2VJZDogU3RyaW5nIVxuICAgICRzdWNjZXNzVXJsOiBTdHJpbmchXG4gICAgJGNhbmNlbFVybDogU3RyaW5nIVxuICApIHtcbiAgICBjcmVhdGVTdHJpcGVDaGVja291dFNlc3Npb24oXG4gICAgICBpbnB1dDoge1xuICAgICAgICBwcmljZUlkOiAkcHJpY2VJZFxuICAgICAgICBzdWNjZXNzVXJsOiAkc3VjY2Vzc1VybFxuICAgICAgICBjYW5jZWxVcmw6ICRjYW5jZWxVcmxcbiAgICAgIH1cbiAgICApIHtcbiAgICAgIHNlc3Npb25JZFxuICAgIH1cbiAgfVxuYDtcblxuZXhwb3J0IGNvbnN0IENyZWF0ZVN0cmlwZUJpbGxpbmdQb3J0YWxTZXNzaW9uTXV0YXRpb24gPSBncWxgXG4gIG11dGF0aW9uIENyZWF0ZVN0cmlwZUJpbGxpbmdQb3J0YWxTZXNzaW9uKCRyZXR1cm5Vcmw6IFN0cmluZyEpIHtcbiAgICBjcmVhdGVTdHJpcGVCaWxsaW5nUG9ydGFsU2Vzc2lvbihpbnB1dDogeyByZXR1cm5Vcmw6ICRyZXR1cm5VcmwgfSkge1xuICAgICAgc2Vzc2lvblVybFxuICAgIH1cbiAgfVxuYDtcblxuZXhwb3J0IGNvbnN0IHBsYW5GaWVsZHMgPSBgXG4gIG5hbWVcbiAgZGF0YVxuICBzdGF0ZVxuYDtcblxuZXhwb3J0IGNvbnN0IENyZWF0ZVVzZXJJc3N1ZWRQbGFuTXV0YXRpb24gPSBncWxgXG5tdXRhdGlvbiBDcmVhdGVVc2VySXNzdWVkUGxhbigkaW5wdXQ6IENyZWF0ZVVzZXJJc3N1ZWRQbGFuSW5wdXQhKXtcbiAgY3JlYXRlVXNlcklzc3VlZFBsYW4oaW5wdXQ6ICRpbnB1dCkge1xuICAgIHVzZXJJc3N1ZWRQbGFuIHtcbiAgICAgIGlkXG4gICAgICBwbGFuIHtcbiAgICAgICAgJHtwbGFuRmllbGRzfVxuICAgICAgfVxuICAgICAgdG9rZW5cbiAgICAgIHRva2VuRXhwaXJ5VGltZVxuICAgICAgcGxhblBlcmlvZEVuZFxuICAgICAgcGxhblBlcmlvZEVuZEFmdGVyU2Vjb25kc1xuICAgIH1cbiAgfVxufWA7XG5cbmV4cG9ydCBjb25zdCBEZWxldGVVc2VySXNzdWVkUGxhbk11dGF0aW9uID0gZ3FsYFxuICBtdXRhdGlvbiBEZWxldGVVc2VySXNzdWVkUGxhbigkaW5wdXQ6IERlbGV0ZVVzZXJJc3N1ZWRQbGFuSW5wdXQhKSB7XG4gICAgZGVsZXRlVXNlcklzc3VlZFBsYW4oaW5wdXQ6ICRpbnB1dCkge1xuICAgICAgaWRcbiAgICB9XG4gIH1cbmA7XG5cbmV4cG9ydCBjb25zdCBVc2VySXNzdWFibGVQbGFuc1F1ZXJ5ID0gZ3FsYFxucXVlcnkgVXNlcklzc3VhYmxlUGxhbnMge1xuICB1c2VySXNzdWFibGVQbGFucyB7XG4gICAgcGxhbiB7XG4gICAgICAke3BsYW5GaWVsZHN9XG4gICAgfVxuICB9XG59XG5gO1xuXG4vLyBQdXQgb3RoZXIgZmllbGRzIGluIGFzIG5lZWRlZC5cbmV4cG9ydCBjb25zdCBVc2VySXNzdWVkUGxhbnNRdWVyeSA9IGdxbGBcbiAgcXVlcnkgVXNlcklzc3VlZFBsYW5zIHtcbiAgICB1c2VySXNzdWVkUGxhbnMge1xuICAgICAgZWRnZXMge1xuICAgICAgICBub2RlIHtcbiAgICAgICAgICBpZFxuICAgICAgICB9XG4gICAgICB9XG4gICAgfVxuICB9XG5gO1xuXG5leHBvcnQgY29uc3QgVXNlcklzc3VlZFBsYW5RdWVyeSA9IGdxbGBcbnF1ZXJ5IFVzZXJJc3N1ZWRQbGFuKFxuICAkaWQ6IExyUmVsYXlJZElucHV0IVxuICAkdG9rZW46IFN0cmluZ1xuKSB7XG4gIHVzZXJJc3N1ZWRQbGFuKFxuICAgIGlkOiAkaWRcbiAgICB0b2tlbjogJHRva2VuXG4gICkge1xuICAgIGlkXG4gICAgcGxhbiB7XG4gICAgICAke3BsYW5GaWVsZHN9XG4gICAgfVxuICAgIHBsYW5QZXJpb2RFbmRcbiAgICBwbGFuUGVyaW9kRW5kQWZ0ZXJTZWNvbmRzXG4gIH1cbn1cbmA7XG5cbmV4cG9ydCBjb25zdCBBc3NvY2lhdGVVc2VySXNzdWVkUGxhbk11dGF0aW9uID0gZ3FsYFxubXV0YXRpb24gQXNzb2NpYXRlVXNlcklzc3VlZFBsYW4oJGlucHV0OiBBc3NvY2lhdGVVc2VySXNzdWVkUGxhbklucHV0ISl7XG4gIGFzc29jaWF0ZVVzZXJJc3N1ZWRQbGFuKGlucHV0OiAkaW5wdXQpIHtcbiAgICB1c2VyUGxhbiB7XG4gICAgICBpZFxuICAgICAgcGxhbiB7XG4gICAgICAgICR7cGxhbkZpZWxkc31cbiAgICAgIH1cbiAgICAgIHBlcmlvZEVuZFxuICAgIH1cbiAgfVxufWA7XG5cbmV4cG9ydCBjb25zdCBVc2VyUGxhbnNRdWVyeSA9IGdxbGBcbnF1ZXJ5IFVzZXJQbGFucyB7XG4gIHVzZXJQbGFucyB7XG4gICAgaWRcbiAgICBwZXJpb2RFbmRcbiAgICBwbGFuIHtcbiAgICAgICR7cGxhbkZpZWxkc31cbiAgICB9XG4gIH1cbn1cbmA7XG5cbmV4cG9ydCBjb25zdCBTdHJpcGVRdWVyeSA9IGdxbGBcbiAgcXVlcnkgU3RyaXBlIHtcbiAgICBzdHJpcGUge1xuICAgICAgaWRcbiAgICAgIGN1c3RvbWVyXG4gICAgfVxuICB9XG5gO1xuIl19
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicGxhbi5ncWwuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi8uLi8uLi8uLi9wcm9qZWN0cy9jb3JlL3NyYy9saWIvcGxhbi9wbGFuLmdxbC50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxPQUFPLEdBQUcsTUFBTSxhQUFhLENBQUM7QUFFOUIsTUFBTSxDQUFDLE1BQU0sbUNBQW1DLEdBQUcsR0FBRyxDQUFBOzs7Ozs7Ozs7Ozs7Ozs7O0NBZ0JyRCxDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sd0NBQXdDLEdBQUcsR0FBRyxDQUFBOzs7Ozs7Q0FNMUQsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLFVBQVUsR0FBRzs7OztDQUl6QixDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sNEJBQTRCLEdBQUcsR0FBRyxDQUFBOzs7Ozs7VUFNckMsVUFBVTs7Ozs7Ozs7RUFRbEIsQ0FBQztBQUVILE1BQU0sQ0FBQyxNQUFNLDRCQUE0QixHQUFHLEdBQUcsQ0FBQTs7Ozs7O0NBTTlDLENBQUM7QUFFRixNQUFNLENBQUMsTUFBTSxzQkFBc0IsR0FBRyxHQUFHLENBQUE7Ozs7UUFJakMsVUFBVTs7OztDQUlqQixDQUFDO0FBRUYsaUNBQWlDO0FBQ2pDLE1BQU0sQ0FBQyxNQUFNLG9CQUFvQixHQUFHLEdBQUcsQ0FBQTs7Ozs7Ozs7OztDQVV0QyxDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sbUJBQW1CLEdBQUcsR0FBRyxDQUFBOzs7Ozs7Ozs7OztRQVc5QixVQUFVOzs7Ozs7Q0FNakIsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLCtCQUErQixHQUFHLEdBQUcsQ0FBQTs7Ozs7O1VBTXhDLFVBQVU7Ozs7O0VBS2xCLENBQUM7QUFFSCxNQUFNLENBQUMsTUFBTSxjQUFjLEdBQUcsR0FBRyxDQUFBOzs7Ozs7UUFNekIsVUFBVTs7OztDQUlqQixDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sV0FBVyxHQUFHLEdBQUcsQ0FBQTs7Ozs7OztDQU83QixDQUFDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IGdxbCBmcm9tICdncmFwaHFsLXRhZyc7XG5cbmV4cG9ydCBjb25zdCBDcmVhdGVTdHJpcGVDaGVja291dFNlc3Npb25NdXRhdGlvbiA9IGdxbGBcbiAgbXV0YXRpb24gQ3JlYXRlU3RyaXBlQ2hlY2tvdXRTZXNzaW9uKFxuICAgICRwcmljZUlkOiBTdHJpbmchXG4gICAgJHN1Y2Nlc3NVcmw6IFN0cmluZyFcbiAgICAkY2FuY2VsVXJsOiBTdHJpbmchXG4gICkge1xuICAgIGNyZWF0ZVN0cmlwZUNoZWNrb3V0U2Vzc2lvbihcbiAgICAgIGlucHV0OiB7XG4gICAgICAgIHByaWNlSWQ6ICRwcmljZUlkXG4gICAgICAgIHN1Y2Nlc3NVcmw6ICRzdWNjZXNzVXJsXG4gICAgICAgIGNhbmNlbFVybDogJGNhbmNlbFVybFxuICAgICAgfVxuICAgICkge1xuICAgICAgc2Vzc2lvbklkXG4gICAgfVxuICB9XG5gO1xuXG5leHBvcnQgY29uc3QgQ3JlYXRlU3RyaXBlQmlsbGluZ1BvcnRhbFNlc3Npb25NdXRhdGlvbiA9IGdxbGBcbiAgbXV0YXRpb24gQ3JlYXRlU3RyaXBlQmlsbGluZ1BvcnRhbFNlc3Npb24oJHJldHVyblVybDogU3RyaW5nISkge1xuICAgIGNyZWF0ZVN0cmlwZUJpbGxpbmdQb3J0YWxTZXNzaW9uKGlucHV0OiB7IHJldHVyblVybDogJHJldHVyblVybCB9KSB7XG4gICAgICBzZXNzaW9uVXJsXG4gICAgfVxuICB9XG5gO1xuXG5leHBvcnQgY29uc3QgcGxhbkZpZWxkcyA9IGBcbiAgbmFtZVxuICBkYXRhXG4gIHN0YXRlXG5gO1xuXG5leHBvcnQgY29uc3QgQ3JlYXRlVXNlcklzc3VlZFBsYW5NdXRhdGlvbiA9IGdxbGBcbm11dGF0aW9uIENyZWF0ZVVzZXJJc3N1ZWRQbGFuKCRpbnB1dDogQ3JlYXRlVXNlcklzc3VlZFBsYW5JbnB1dCEpe1xuICBjcmVhdGVVc2VySXNzdWVkUGxhbihpbnB1dDogJGlucHV0KSB7XG4gICAgdXNlcklzc3VlZFBsYW4ge1xuICAgICAgaWRcbiAgICAgIHBsYW4ge1xuICAgICAgICAke3BsYW5GaWVsZHN9XG4gICAgICB9XG4gICAgICB0b2tlblxuICAgICAgdG9rZW5FeHBpcnlUaW1lXG4gICAgICBwbGFuUGVyaW9kRW5kXG4gICAgICBwbGFuUGVyaW9kRW5kQWZ0ZXJTZWNvbmRzXG4gICAgfVxuICB9XG59YDtcblxuZXhwb3J0IGNvbnN0IERlbGV0ZVVzZXJJc3N1ZWRQbGFuTXV0YXRpb24gPSBncWxgXG4gIG11dGF0aW9uIERlbGV0ZVVzZXJJc3N1ZWRQbGFuKCRpbnB1dDogRGVsZXRlVXNlcklzc3VlZFBsYW5JbnB1dCEpIHtcbiAgICBkZWxldGVVc2VySXNzdWVkUGxhbihpbnB1dDogJGlucHV0KSB7XG4gICAgICBpZFxuICAgIH1cbiAgfVxuYDtcblxuZXhwb3J0IGNvbnN0IFVzZXJJc3N1YWJsZVBsYW5zUXVlcnkgPSBncWxgXG5xdWVyeSBVc2VySXNzdWFibGVQbGFucyB7XG4gIHVzZXJJc3N1YWJsZVBsYW5zIHtcbiAgICBwbGFuIHtcbiAgICAgICR7cGxhbkZpZWxkc31cbiAgICB9XG4gIH1cbn1cbmA7XG5cbi8vIFB1dCBvdGhlciBmaWVsZHMgaW4gYXMgbmVlZGVkLlxuZXhwb3J0IGNvbnN0IFVzZXJJc3N1ZWRQbGFuc1F1ZXJ5ID0gZ3FsYFxuICBxdWVyeSBVc2VySXNzdWVkUGxhbnMge1xuICAgIHVzZXJJc3N1ZWRQbGFucyB7XG4gICAgICBlZGdlcyB7XG4gICAgICAgIG5vZGUge1xuICAgICAgICAgIGlkXG4gICAgICAgIH1cbiAgICAgIH1cbiAgICB9XG4gIH1cbmA7XG5cbmV4cG9ydCBjb25zdCBVc2VySXNzdWVkUGxhblF1ZXJ5ID0gZ3FsYFxucXVlcnkgVXNlcklzc3VlZFBsYW4oXG4gICRpZDogTHJSZWxheUlkSW5wdXQhXG4gICR0b2tlbjogU3RyaW5nXG4pIHtcbiAgdXNlcklzc3VlZFBsYW4oXG4gICAgaWQ6ICRpZFxuICAgIHRva2VuOiAkdG9rZW5cbiAgKSB7XG4gICAgaWRcbiAgICBwbGFuIHtcbiAgICAgICR7cGxhbkZpZWxkc31cbiAgICB9XG4gICAgcGxhblBlcmlvZEVuZFxuICAgIHBsYW5QZXJpb2RFbmRBZnRlclNlY29uZHNcbiAgfVxufVxuYDtcblxuZXhwb3J0IGNvbnN0IEFzc29jaWF0ZVVzZXJJc3N1ZWRQbGFuTXV0YXRpb24gPSBncWxgXG5tdXRhdGlvbiBBc3NvY2lhdGVVc2VySXNzdWVkUGxhbigkaW5wdXQ6IEFzc29jaWF0ZVVzZXJJc3N1ZWRQbGFuSW5wdXQhKXtcbiAgYXNzb2NpYXRlVXNlcklzc3VlZFBsYW4oaW5wdXQ6ICRpbnB1dCkge1xuICAgIHVzZXJQbGFuIHtcbiAgICAgIGlkXG4gICAgICBwbGFuIHtcbiAgICAgICAgJHtwbGFuRmllbGRzfVxuICAgICAgfVxuICAgICAgcGVyaW9kRW5kXG4gICAgfVxuICB9XG59YDtcblxuZXhwb3J0IGNvbnN0IFVzZXJQbGFuc1F1ZXJ5ID0gZ3FsYFxucXVlcnkgVXNlclBsYW5zIHtcbiAgdXNlclBsYW5zIHtcbiAgICBpZFxuICAgIHBlcmlvZEVuZFxuICAgIHBsYW4ge1xuICAgICAgJHtwbGFuRmllbGRzfVxuICAgIH1cbiAgfVxufVxuYDtcblxuZXhwb3J0IGNvbnN0IFN0cmlwZVF1ZXJ5ID0gZ3FsYFxuICBxdWVyeSBTdHJpcGUge1xuICAgIHN0cmlwZSB7XG4gICAgICBpZFxuICAgICAgY3VzdG9tZXJcbiAgICB9XG4gIH1cbmA7XG4iXX0=