@lifeready/core 1.0.4 → 1.0.5

package/esm2015/lib/auth/lbop.service.js

@@ -1,355 +1,355 @@
-import { __awaiter } from "tslib";
-import { LrApolloService } from '../api/lr-apollo.service';
-import { HttpClient } from '@angular/common/http';
-import { Inject, Injectable } from '@angular/core';
-import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
-import gql from 'graphql-tag';
-import { EncryptionService } from '../cryptography/encryption.service';
-import { KeyGraphService } from '../cryptography/key-graph.service';
-import { KeyService } from '../cryptography/key.service';
-import { LR_CONFIG } from '../life-ready.config';
-import { LrException, LrBadLogicException, } from '../_common/exceptions';
-import { LifeReadyAuthService } from './life-ready-auth.service';
-import { PasswordService } from './password.service';
-import { Slip39Helper } from 'slip39';
-import { KeyFactoryService as KFS } from '../cryptography/key-factory.service';
-import * as i0 from "@angular/core";
-import * as i1 from "../life-ready.config";
-import * as i2 from "@angular/common/http";
-import * as i3 from "../api/lr-apollo.service";
-import * as i4 from "@aws-amplify/auth/lib-esm/Auth";
-import * as i5 from "./life-ready-auth.service";
-import * as i6 from "../cryptography/key-factory.service";
-import * as i7 from "../cryptography/key.service";
-import * as i8 from "../cryptography/encryption.service";
-import * as i9 from "../cryptography/key-graph.service";
-import * as i10 from "./password.service";
-export const CreateLbopQuery = gql `
-  mutation CreateLbop($input: CreateLbopInput!) {
-    createLbop(input: $input) {
-      lbop {
-        id
-      }
-    }
-  }
-`;
-export const DeleteLbopQuery = gql `
-  mutation DeleteLbop($input: DeleteLbopInput!) {
-    deleteLbop(input: $input) {
-      id
-    }
-  }
-`;
-export const UpdateLbopQuery = gql `
-  mutation UpdateLbop($input: UpdateLbopInput!) {
-    updateLbop(input: $input) {
-      lbop {
-        id
-      }
-    }
-  }
-`;
-export const LbopQuery = gql `
-  query Lbop($id: LrRelayIdInput!) {
-    lbop(id: $id) {
-      id
-      cipherMeta
-    }
-  }
-`;
-export const LbopsQuery = gql `
-  query Lbops {
-    lbops {
-      edges {
-        node {
-          id
-          cipherMeta
-        }
-      }
-    }
-  }
-`;
-export class LbopService {
-    constructor(config, http, lrApollo, auth, authService, keyFactory, keyService, encryptionService, keyGraph, passwordService) {
-        this.config = config;
-        this.http = http;
-        this.lrApollo = lrApollo;
-        this.auth = auth;
-        this.authService = authService;
-        this.keyFactory = keyFactory;
-        this.keyService = keyService;
-        this.encryptionService = encryptionService;
-        this.keyGraph = keyGraph;
-        this.passwordService = passwordService;
-        this.CLIENT_NONCE_LENGTH = 32;
-        // There are 1024 words (10 bits), so 25 words should give ~256 bits of entropy.
-        this.LBOP_WORDS = 25;
-    }
-    getPartial(lbopString) {
-        return lbopString.split(' ')[0];
-    }
-    remove(id) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const res = yield this.lrApollo.mutate({
-                mutation: DeleteLbopQuery,
-                variables: {
-                    input: {
-                        id,
-                    },
-                },
-            });
-            return res.deleteLbop.id;
-        });
-    }
-    update({ id, name }) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const lbop = yield this.get(id);
-            lbop.name = name;
-            const masterKey = yield this.keyService.getCurrentMasterKey();
-            const cipherMeta = yield this.encryptionService.encrypt(masterKey.jwk, lbop);
-            const res = yield this.lrApollo.mutate({
-                mutation: UpdateLbopQuery,
-                variables: {
-                    input: {
-                        id,
-                        cipherMeta: JSON.stringify(cipherMeta),
-                    },
-                },
-            });
-            return res.updateLbop;
-        });
-    }
-    get(id) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const res = yield this.lrApollo.query({
-                query: LbopQuery,
-                variables: {
-                    id,
-                },
-            });
-            const masterKey = yield this.keyService.getCurrentMasterKey();
-            const plainCipherMeta = yield this.encryptionService.decrypt(masterKey.jwk, JSON.parse(res.lbop.cipherMeta));
-            return Object.assign({ id: res.id }, plainCipherMeta);
-        });
-    }
-    list() {
-        return __awaiter(this, void 0, void 0, function* () {
-            const res = yield this.lrApollo.query({
-                query: LbopsQuery,
-            });
-            const masterKey = yield this.keyService.getCurrentMasterKey();
-            return Promise.all(res.lbops.edges.map((edge) => __awaiter(this, void 0, void 0, function* () {
-                const plainCipherMeta = yield this.encryptionService.decrypt(masterKey.jwk, JSON.parse(edge.node.cipherMeta));
-                return Object.assign({ id: edge.node.id }, plainCipherMeta);
-            })));
-        });
-    }
-    create({ name }) {
-        return __awaiter(this, void 0, void 0, function* () {
-            if (Slip39Helper.WORD_LIST.length !== 1024) {
-                throw new LrBadLogicException('Slip39Helper.WORD_LIST.length != 1024');
-            }
-            // Get existing to make sure there are not duplicate first words
-            const lbops = yield this.list();
-            // Generate new one
-            let lbopString;
-            while (true) {
-                lbopString = this.keyFactory
-                    .randomChoices(Slip39Helper.WORD_LIST, this.LBOP_WORDS)
-                    .join(' ');
-                const partial = this.getPartial(lbopString);
-                if (!lbops.some((lbop) => lbop.partial === partial)) {
-                    break;
-                }
-            }
-            const lbopKeyParams = yield this.keyFactory.createLbopKeyParams();
-            const lbopKey = (yield this.keyFactory.deriveLbopKey(Object.assign({ password: lbopString }, lbopKeyParams))).jwk;
-            const lbopKeyVerifier = yield this.keyFactory.createSignKey();
-            const wrappedLbopKeyVerifier = yield this.encryptionService.encrypt(lbopKey, lbopKeyVerifier.toJSON(true));
-            // Re-encrypt master key with new key
-            const currentUser = yield this.authService.getUser();
-            const masterKey = yield this.keyGraph.getKey(currentUser.currentUserKey.masterKey.id);
-            const wrappedMasterKey = yield this.encryptionService.encrypt(lbopKey, masterKey.jwk.toJSON(true));
-            const meta = Object.assign(Object.assign({}, (name && { name })), { partial: this.getPartial(lbopString) });
-            const cipherMeta = yield this.encryptionService.encrypt(masterKey.jwk, meta);
-            const res = yield this.lrApollo.mutate({
-                mutation: CreateLbopQuery,
-                variables: {
-                    input: {
-                        cipherMeta: JSON.stringify(cipherMeta),
-                        lbopKeyParams: JSON.stringify(lbopKeyParams),
-                        lbopKeyVerifier: JSON.stringify(lbopKeyVerifier.toJSON(true)),
-                        wrappedLbopKeyVerifier: JSON.stringify(wrappedLbopKeyVerifier),
-                        masterKeyId: currentUser.currentUserKey.masterKey.id,
-                        wrappedMasterKey: JSON.stringify(wrappedMasterKey),
-                    },
-                },
-            });
-            return Object.assign(Object.assign({}, res.createLbop.lbop), { lbopString });
-        });
-    }
-    // --------------------------------------------------------------------------------------------------------------------
-    // --------------------------------------------------------------------------------------------------------------------
-    // Flow below are for password reset via LBOP
-    //
-    // --Potential Failure Point xxx--
-    //
-    // Look for the above and you can test by interrupting at these points.
-    //
-    // The LBOP reset process can be restarted at any point before the call to "set-password/". Once "set-password/" has been
-    // called, we assume the client has a short period of time to change the Idp password to the one they've chosen. The "set-password/"
-    // will set the Idp password to a temporary random password. The user can no longer login using their current password. If the Idp
-    // password change process does not complete or takes longer than the lockout period, the account will not be accessible and a new
-    // LBOP password reset must be carried out.
-    // --------------------------------------------------------------------------------------------------------------------
-    // --------------------------------------------------------------------------------------------------------------------
-    verifyLbops(challengeResult, lbopString) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const clientNonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
-            for (const lbop of challengeResult.lbops) {
-                const lbopKey = (yield this.keyFactory.deriveLbopKey(Object.assign({ password: lbopString }, lbop.lbopKeyParams))).jwk;
-                // If decoding successful then it's the correct lbop
-                try {
-                    const lbopKeyVerifier = (yield this.encryptionService.decrypt(lbopKey, lbop.wrappedLbopKeyVerifier));
-                    // Force a bad signature.
-                    // const serverNonce = challengeResult.challenge.serverNonce + "1",
-                    const serverNonce = challengeResult.challenge.serverNonce;
-                    const signedChallenge = yield this.encryptionService.sign(lbopKeyVerifier, {
-                        serverNonce,
-                        clientNonce,
-                    });
-                    return {
-                        lbop,
-                        signedChallenge,
-                        lbopKey,
-                    };
-                }
-                catch (error) {
-                    continue;
-                }
-            }
-            throw new LrException({
-                source: 'LBOP',
-                code: 'INVALID_PASSPHRASE',
-                message: 'Invalid passphrase.',
-            });
-        });
-    }
-    verifyContact(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const ret = this.http
-                .post(`${this.config.authUrl}users/lbop-reset/verify-contact/`, params)
-                .toPromise();
-            // --Potential Failure Point 1 --
-            // The contact verifications are throttled. But otherwise harmless.
-            return ret;
-        });
-    }
-    confirmContact(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return this.http
-                .post(`${this.config.authUrl}cove/respond/`, {
-                claim_id: params.claimId,
-                v_code: params.vCode,
-            })
-                .toPromise();
-            // --Potential Failure Point 2 --
-            // A verified claim for a contact does not prevent new ones from being generated. So it should be fine to just start again.
-        });
-    }
-    verify(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const challengeResult = yield this.http
-                .post(`${this.config.authUrl}users/lbop-reset/get-challenge/`, {
-                claimId: params.claimId,
-                claimToken: params.claimToken,
-            })
-                .toPromise();
-            // --Potential Failure Point 3 --
-            // This does not lock anything. A second call to "get-challenge/" will create a new challenge amd invalidate the first one.
-            const { signedChallenge, lbop, lbopKey } = yield this.verifyLbops(challengeResult, params.lbop);
-            const res = yield this.http
-                .post(`${this.config.authUrl}users/lbop-reset/verify-challenge/`, {
-                lbopId: lbop.lbopId,
-                signedChallenge,
-            })
-                .toPromise();
-            // --Potential Failure Point 4 --
-            // This does not lock anything. So ok to restart.
-            return {
-                lbopId: lbop.lbopId,
-                verifiedToken: res.verifiedToken,
-                masterKeyId: res.masterKeyId,
-                masterKey: yield KFS.asKey(yield this.encryptionService.decrypt(lbopKey, res.wrappedMasterKey)),
-            };
-        });
-    }
-    setPassword(params) {
-        return __awaiter(this, void 0, void 0, function* () {
-            // Generate the new password derived keys
-            const passKeyBundle = yield this.passwordService.createPassKeyBundle(params.newPassword);
-            // Re-encrypt master key with new key
-            const newWrappedMasterKey = yield this.encryptionService.encrypt(passKeyBundle.passKey, params.masterKey.toJSON(true));
-            const result = yield this.http
-                .post(`${this.config.authUrl}users/lbop-reset/set-password/`, {
-                lbopId: params.lbopId,
-                verifiedToken: params.verifiedToken,
-                masterKeyId: params.masterKeyId,
-                newWrappedMasterKey,
-                newPassKey: {
-                    passKeyParams: passKeyBundle.passKeyParams,
-                    passIdpParams: passKeyBundle.passIdpParams,
-                    passIdpVerifierPbk: passKeyBundle.passIdpVerifier.toJSON(),
-                    wrappedPassIdpVerifierPrk: passKeyBundle.wrappedPassIdpVerifierPrk,
-                },
-            })
-                .toPromise();
-            // --Potential Failure Point 5 --
-            // A timed mutex is locked. The Idp password change must occur within a period of time.
-            // If interrupted here, the user can not login with their old password again. They must
-            // start the whole LBOP password reset process again.
-            // This call will go through the LR proxy which is OK since the LR server knows
-            // the temporary password anyway.
-            let user = yield this.auth.signIn(result.username, result.idpPassword, {
-                noProxy: 'true',
-            });
-            if (user.challengeName !== 'NEW_PASSWORD_REQUIRED') {
-                throw new LrException({
-                    message: 'Internal error. Expecting Cognito to have done a password reset.',
-                });
-            }
-            // --Potential Failure Point 6 --
-            // Must restart the LBOP password reset process again.
-            // Set new password on Idp
-            user = yield this.auth.completeNewPassword(user, this.passwordService.getPassIdpString(passKeyBundle.passIdp), {});
-            // --Potential Failure Point 7 --
-            // Must restart the LBOP password reset process again.
-            yield this.auth.signOut();
-            return yield this.http
-                .post(`${this.config.authUrl}users/lbop-reset/complete/`, {
-                lbopId: params.lbopId,
-                setPasswordToken: result.setPasswordToken,
-            })
-                .toPromise();
-        });
-    }
-}
-LbopService.ɵprov = i0.ɵɵdefineInjectable({ factory: function LbopService_Factory() { return new LbopService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.HttpClient), i0.ɵɵinject(i3.LrApolloService), i0.ɵɵinject(i4.AuthClass), i0.ɵɵinject(i5.LifeReadyAuthService), i0.ɵɵinject(i6.KeyFactoryService), i0.ɵɵinject(i7.KeyService), i0.ɵɵinject(i8.EncryptionService), i0.ɵɵinject(i9.KeyGraphService), i0.ɵɵinject(i10.PasswordService)); }, token: LbopService, providedIn: "root" });
-LbopService.decorators = [
-    { type: Injectable, args: [{
-                providedIn: 'root',
-            },] }
-];
-LbopService.ctorParameters = () => [
-    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
-    { type: HttpClient },
-    { type: LrApolloService },
-    { type: AuthClass },
-    { type: LifeReadyAuthService },
-    { type: KFS },
-    { type: KeyService },
-    { type: EncryptionService },
-    { type: KeyGraphService },
-    { type: PasswordService }
-];
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGJvcC5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IkM6L1Byb2plY3RzL25ld3JlcG8va2MtY2xpZW50L3Byb2plY3RzL2NvcmUvc3JjLyIsInNvdXJjZXMiOlsibGliL2F1dGgvbGJvcC5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7QUFBQSxPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sMEJBQTBCLENBQUM7QUFDM0QsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xELE9BQU8sRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBQ25ELE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUMzRCxPQUFPLEdBQUcsTUFBTSxhQUFhLENBQUM7QUFFOUIsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sb0NBQW9DLENBQUM7QUFDdkUsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLG1DQUFtQyxDQUFDO0FBQ3BFLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSw2QkFBNkIsQ0FBQztBQUN6RCxPQUFPLEVBQW1CLFNBQVMsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xFLE9BQU8sRUFDTCxXQUFXLEVBRVgsbUJBQW1CLEdBQ3BCLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUFFLG9CQUFvQixFQUFFLE1BQU0sMkJBQTJCLENBQUM7QUFDakUsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLG9CQUFvQixDQUFDO0FBQ3JELE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSxRQUFRLENBQUM7QUFDdEMsT0FBTyxFQUFFLGlCQUFpQixJQUFJLEdBQUcsRUFBRSxNQUFNLHFDQUFxQyxDQUFDOzs7Ozs7Ozs7Ozs7QUF5RS9FLE1BQU0sQ0FBQyxNQUFNLGVBQWUsR0FBRyxHQUFHLENBQUE7Ozs7Ozs7O0NBUWpDLENBQUM7QUFNRixNQUFNLENBQUMsTUFBTSxlQUFlLEdBQUcsR0FBRyxDQUFBOzs7Ozs7Q0FNakMsQ0FBQztBQVdGLE1BQU0sQ0FBQyxNQUFNLGVBQWUsR0FBRyxHQUFHLENBQUE7Ozs7Ozs7O0NBUWpDLENBQUM7QUFFRixNQUFNLENBQUMsTUFBTSxTQUFTLEdBQUcsR0FBRyxDQUFBOzs7Ozs7O0NBTzNCLENBQUM7QUFNRixNQUFNLENBQUMsTUFBTSxVQUFVLEdBQUcsR0FBRyxDQUFBOzs7Ozs7Ozs7OztDQVc1QixDQUFDO0FBS0YsTUFBTSxPQUFPLFdBQVc7SUFLdEIsWUFDNkIsTUFBdUIsRUFDMUMsSUFBZ0IsRUFDaEIsUUFBeUIsRUFDekIsSUFBZSxFQUNmLFdBQWlDLEVBQ2pDLFVBQWUsRUFDZixVQUFzQixFQUN0QixpQkFBb0MsRUFDcEMsUUFBeUIsRUFDekIsZUFBZ0M7UUFUYixXQUFNLEdBQU4sTUFBTSxDQUFpQjtRQUMxQyxTQUFJLEdBQUosSUFBSSxDQUFZO1FBQ2hCLGFBQVEsR0FBUixRQUFRLENBQWlCO1FBQ3pCLFNBQUksR0FBSixJQUFJLENBQVc7UUFDZixnQkFBVyxHQUFYLFdBQVcsQ0FBc0I7UUFDakMsZUFBVSxHQUFWLFVBQVUsQ0FBSztRQUNmLGVBQVUsR0FBVixVQUFVLENBQVk7UUFDdEIsc0JBQWlCLEdBQWpCLGlCQUFpQixDQUFtQjtRQUNwQyxhQUFRLEdBQVIsUUFBUSxDQUFpQjtRQUN6QixvQkFBZSxHQUFmLGVBQWUsQ0FBaUI7UUFkekIsd0JBQW1CLEdBQUcsRUFBRSxDQUFDO1FBQzFDLGdGQUFnRjtRQUMvRCxlQUFVLEdBQUcsRUFBRSxDQUFDO0lBYTlCLENBQUM7SUFFSSxVQUFVLENBQUMsVUFBa0I7UUFDbkMsT0FBTyxVQUFVLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ2xDLENBQUM7SUFFWSxNQUFNLENBQUMsRUFBVTs7WUFDNUIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBTTtnQkFDMUMsUUFBUSxFQUFFLGVBQWU7Z0JBQ3pCLFNBQVMsRUFBRTtvQkFDVCxLQUFLLEVBQUU7d0JBQ0wsRUFBRTtxQkFDSDtpQkFDRjthQUNGLENBQUMsQ0FBQztZQUVILE9BQU8sR0FBRyxDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUM7UUFDM0IsQ0FBQztLQUFBO0lBRVksTUFBTSxDQUFDLEVBQUUsRUFBRSxFQUFFLElBQUksRUFBb0I7O1lBQ2hELE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNoQyxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQztZQUVqQixNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztZQUM5RCxNQUFNLFVBQVUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ3JELFNBQVMsQ0FBQyxHQUFHLEVBQ2IsSUFBSSxDQUNMLENBQUM7WUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsTUFBTSxDQUFrQjtnQkFDdEQsUUFBUSxFQUFFLGVBQWU7Z0JBQ3pCLFNBQVMsRUFBRTtvQkFDVCxLQUFLLEVBQUU7d0JBQ0wsRUFBRTt3QkFDRixVQUFVLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUM7cUJBQ3ZDO2lCQUNGO2FBQ0YsQ0FBQyxDQUFDO1lBRUgsT0FBTyxHQUFHLENBQUMsVUFBVSxDQUFDO1FBQ3hCLENBQUM7S0FBQTtJQUVZLEdBQUcsQ0FBQyxFQUFVOztZQUN6QixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsS0FBSyxDQUFNO2dCQUN6QyxLQUFLLEVBQUUsU0FBUztnQkFDaEIsU0FBUyxFQUFFO29CQUNULEVBQUU7aUJBQ0g7YUFDRixDQUFDLENBQUM7WUFFSCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsbUJBQW1CLEVBQUUsQ0FBQztZQUU5RCxNQUFNLGVBQWUsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzFELFNBQVMsQ0FBQyxHQUFHLEVBQ2IsSUFBSSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLFVBQVUsQ0FBQyxDQUNoQyxDQUFDO1lBRUYsdUJBQ0UsRUFBRSxFQUFFLEdBQUcsQ0FBQyxFQUFFLElBQ1AsZUFBZSxFQUNsQjtRQUNKLENBQUM7S0FBQTtJQUVZLElBQUk7O1lBQ2YsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBYTtnQkFDaEQsS0FBSyxFQUFFLFVBQVU7YUFDbEIsQ0FBQyxDQUFDO1lBRUgsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFFOUQsT0FBTyxPQUFPLENBQUMsR0FBRyxDQUNoQixHQUFHLENBQUMsS0FBSyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBTyxJQUFJLEVBQUUsRUFBRTtnQkFDakMsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMxRCxTQUFTLENBQUMsR0FBRyxFQUNiLElBQUksQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FDakMsQ0FBQztnQkFDRix1QkFDRSxFQUFFLEVBQUUsSUFBSSxDQUFDLElBQUksQ0FBQyxFQUFFLElBQ2IsZUFBZSxFQUNsQjtZQUNKLENBQUMsQ0FBQSxDQUFDLENBQ0gsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVZLE1BQU0sQ0FBQyxFQUFFLElBQUksRUFBb0I7O1lBQzVDLElBQUksWUFBWSxDQUFDLFNBQVMsQ0FBQyxNQUFNLEtBQUssSUFBSSxFQUFFO2dCQUMxQyxNQUFNLElBQUksbUJBQW1CLENBQUMsdUNBQXVDLENBQUMsQ0FBQzthQUN4RTtZQUVELGdFQUFnRTtZQUNoRSxNQUFNLEtBQUssR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztZQUVoQyxtQkFBbUI7WUFDbkIsSUFBSSxVQUFVLENBQUM7WUFDZixPQUFPLElBQUksRUFBRTtnQkFDWCxVQUFVLEdBQUcsSUFBSSxDQUFDLFVBQVU7cUJBQ3pCLGFBQWEsQ0FBQyxZQUFZLENBQUMsU0FBUyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUM7cUJBQ3RELElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztnQkFDYixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxDQUFDO2dCQUU1QyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsSUFBSSxDQUFDLE9BQU8sS0FBSyxPQUFPLENBQUMsRUFBRTtvQkFDbkQsTUFBTTtpQkFDUDthQUNGO1lBRUQsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDbEUsTUFBTSxPQUFPLEdBQUcsQ0FDZCxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxpQkFDakMsUUFBUSxFQUFFLFVBQVUsSUFDakIsYUFBYSxFQUNoQixDQUNILENBQUMsR0FBRyxDQUFDO1lBRU4sTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQzlELE1BQU0sc0JBQXNCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNqRSxPQUFPLEVBQ1AsZUFBZSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDN0IsQ0FBQztZQUVGLHFDQUFxQztZQUNyQyxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQUMsT0FBTyxFQUFFLENBQUM7WUFDckQsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FDMUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUN4QyxDQUFDO1lBQ0YsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzNELE9BQU8sRUFDUCxTQUFTLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDM0IsQ0FBQztZQUVGLE1BQU0sSUFBSSxtQ0FDTCxDQUFDLElBQUksSUFBSSxFQUFFLElBQUksRUFBRSxDQUFDLEtBQ3JCLE9BQU8sRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQyxHQUNyQyxDQUFDO1lBQ0YsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNyRCxTQUFTLENBQUMsR0FBRyxFQUNiLElBQUksQ0FDTCxDQUFDO1lBRUYsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBa0I7Z0JBQ3RELFFBQVEsRUFBRSxlQUFlO2dCQUN6QixTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFO3dCQUNMLFVBQVUsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLFVBQVUsQ0FBQzt3QkFDdEMsYUFBYSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsYUFBYSxDQUFDO3dCQUM1QyxlQUFlLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUFDO3dCQUM3RCxzQkFBc0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLHNCQUFzQixDQUFDO3dCQUM5RCxXQUFXLEVBQUUsV0FBVyxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsRUFBRTt3QkFDcEQsZ0JBQWdCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxnQkFBZ0IsQ0FBQztxQkFDbkQ7aUJBQ0Y7YUFDRixDQUFDLENBQUM7WUFFSCx1Q0FDSyxHQUFHLENBQUMsVUFBVSxDQUFDLElBQUksS0FDdEIsVUFBVSxJQUNWO1FBQ0osQ0FBQztLQUFBO0lBRUQsdUhBQXVIO0lBQ3ZILHVIQUF1SDtJQUN2SCw2Q0FBNkM7SUFDN0MsRUFBRTtJQUNGLGtDQUFrQztJQUNsQyxFQUFFO0lBQ0YsdUVBQXVFO0lBQ3ZFLEVBQUU7SUFDRix5SEFBeUg7SUFDekgsb0lBQW9JO0lBQ3BJLGtJQUFrSTtJQUNsSSxrSUFBa0k7SUFDbEksMkNBQTJDO0lBQzNDLHVIQUF1SDtJQUN2SCx1SEFBdUg7SUFDekcsV0FBVyxDQUN2QixlQUFnQyxFQUNoQyxVQUFrQjs7WUFFbEIsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUFDLENBQUM7WUFFM0UsS0FBSyxNQUFNLElBQUksSUFBSSxlQUFlLENBQUMsS0FBSyxFQUFFO2dCQUN4QyxNQUFNLE9BQU8sR0FBRyxDQUNkLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLGlCQUNqQyxRQUFRLEVBQUUsVUFBVSxJQUNqQixJQUFJLENBQUMsYUFBYSxFQUNyQixDQUNILENBQUMsR0FBRyxDQUFDO2dCQUVOLG9EQUFvRDtnQkFDcEQsSUFBSTtvQkFDRixNQUFNLGVBQWUsR0FBRyxDQUFDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDM0QsT0FBTyxFQUNQLElBQUksQ0FBQyxzQkFBc0IsQ0FDNUIsQ0FBUSxDQUFDO29CQUVWLHlCQUF5QjtvQkFDekIsbUVBQW1FO29CQUVuRSxNQUFNLFdBQVcsR0FBRyxlQUFlLENBQUMsU0FBUyxDQUFDLFdBQVcsQ0FBQztvQkFFMUQsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUN2RCxlQUFlLEVBQ2Y7d0JBQ0UsV0FBVzt3QkFDWCxXQUFXO3FCQUNaLENBQ0YsQ0FBQztvQkFFRixPQUFPO3dCQUNMLElBQUk7d0JBQ0osZUFBZTt3QkFDZixPQUFPO3FCQUNSLENBQUM7aUJBQ0g7Z0JBQUMsT0FBTyxLQUFLLEVBQUU7b0JBQ2QsU0FBUztpQkFDVjthQUNGO1lBQ0QsTUFBTSxJQUFJLFdBQVcsQ0FBQztnQkFDcEIsTUFBTSxFQUFFLE1BQU07Z0JBQ2QsSUFBSSxFQUFFLG9CQUFvQjtnQkFDMUIsT0FBTyxFQUFFLHFCQUFxQjthQUMvQixDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFWSxhQUFhLENBQ3hCLE1BQTJCOztZQUUzQixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsSUFBSTtpQkFDbEIsSUFBSSxDQUNILEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLGtDQUFrQyxFQUN4RCxNQUFNLENBQ1A7aUJBQ0EsU0FBUyxFQUFFLENBQUM7WUFFZixpQ0FBaUM7WUFDakMsbUVBQW1FO1lBRW5FLE9BQU8sR0FBRyxDQUFDO1FBQ2IsQ0FBQztLQUFBO0lBRVksY0FBYyxDQUN6QixNQUE0Qjs7WUFFNUIsT0FBTyxJQUFJLENBQUMsSUFBSTtpQkFDYixJQUFJLENBQXVCLEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLGVBQWUsRUFBRTtnQkFDakUsUUFBUSxFQUFFLE1BQU0sQ0FBQyxPQUFPO2dCQUN4QixNQUFNLEVBQUUsTUFBTSxDQUFDLEtBQUs7YUFDckIsQ0FBQztpQkFDRCxTQUFTLEVBQUUsQ0FBQztZQUVmLGlDQUFpQztZQUNqQywySEFBMkg7UUFDN0gsQ0FBQztLQUFBO0lBRVksTUFBTSxDQUFDLE1BQW9COztZQUN0QyxNQUFNLGVBQWUsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJO2lCQUNwQyxJQUFJLENBQ0gsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8saUNBQWlDLEVBQ3ZEO2dCQUNFLE9BQU8sRUFBRSxNQUFNLENBQUMsT0FBTztnQkFDdkIsVUFBVSxFQUFFLE1BQU0sQ0FBQyxVQUFVO2FBQzlCLENBQ0Y7aUJBQ0EsU0FBUyxFQUFFLENBQUM7WUFFZixpQ0FBaUM7WUFDakMsMkhBQTJIO1lBQzNILE1BQU0sRUFBRSxlQUFlLEVBQUUsSUFBSSxFQUFFLE9BQU8sRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FDL0QsZUFBZSxFQUNmLE1BQU0sQ0FBQyxJQUFJLENBQ1osQ0FBQztZQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUk7aUJBQ3hCLElBQUksQ0FBTSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxvQ0FBb0MsRUFBRTtnQkFDckUsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNO2dCQUNuQixlQUFlO2FBQ2hCLENBQUM7aUJBQ0QsU0FBUyxFQUFFLENBQUM7WUFFZixpQ0FBaUM7WUFDakMsaURBQWlEO1lBRWpELE9BQU87Z0JBQ0wsTUFBTSxFQUFFLElBQUksQ0FBQyxNQUFNO2dCQUNuQixhQUFhLEVBQUUsR0FBRyxDQUFDLGFBQWE7Z0JBQ2hDLFdBQVcsRUFBRSxHQUFHLENBQUMsV0FBVztnQkFDNUIsU0FBUyxFQUFFLE1BQU0sR0FBRyxDQUFDLEtBQUssQ0FDeEIsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxHQUFHLENBQUMsZ0JBQWdCLENBQUMsQ0FDcEU7YUFDRixDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRVksV0FBVyxDQUFDLE1BQXlCOztZQUNoRCx5Q0FBeUM7WUFDekMsTUFBTSxhQUFhLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLG1CQUFtQixDQUNsRSxNQUFNLENBQUMsV0FBVyxDQUNuQixDQUFDO1lBRUYscUNBQXFDO1lBQ3JDLE1BQU0sbUJBQW1CLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUM5RCxhQUFhLENBQUMsT0FBTyxFQUNyQixNQUFNLENBQUMsU0FBUyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDOUIsQ0FBQztZQUVGLE1BQU0sTUFBTSxHQUFHLE1BQU0sSUFBSSxDQUFDLElBQUk7aUJBQzNCLElBQUksQ0FDSCxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxnQ0FBZ0MsRUFDdEQ7Z0JBQ0UsTUFBTSxFQUFFLE1BQU0sQ0FBQyxNQUFNO2dCQUNyQixhQUFhLEVBQUUsTUFBTSxDQUFDLGFBQWE7Z0JBQ25DLFdBQVcsRUFBRSxNQUFNLENBQUMsV0FBVztnQkFDL0IsbUJBQW1CO2dCQUNuQixVQUFVLEVBQUU7b0JBQ1YsYUFBYSxFQUFFLGFBQWEsQ0FBQyxhQUFhO29CQUMxQyxhQUFhLEVBQUUsYUFBYSxDQUFDLGFBQWE7b0JBQzFDLGtCQUFrQixFQUFFLGFBQWEsQ0FBQyxlQUFlLENBQUMsTUFBTSxFQUFFO29CQUMxRCx5QkFBeUIsRUFBRSxhQUFhLENBQUMseUJBQXlCO2lCQUNuRTthQUNGLENBQ0Y7aUJBQ0EsU0FBUyxFQUFFLENBQUM7WUFFZixpQ0FBaUM7WUFDakMsdUZBQXVGO1lBQ3ZGLHVGQUF1RjtZQUN2RixxREFBcUQ7WUFFckQsK0VBQStFO1lBQy9FLGlDQUFpQztZQUNqQyxJQUFJLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxRQUFRLEVBQUUsTUFBTSxDQUFDLFdBQVcsRUFBRTtnQkFDckUsT0FBTyxFQUFFLE1BQU07YUFDaEIsQ0FBQyxDQUFDO1lBRUgsSUFBSSxJQUFJLENBQUMsYUFBYSxLQUFLLHVCQUF1QixFQUFFO2dCQUNsRCxNQUFNLElBQUksV0FBVyxDQUFDO29CQUNwQixPQUFPLEVBQ0wsa0VBQWtFO2lCQUNyRSxDQUFDLENBQUM7YUFDSjtZQUVELGlDQUFpQztZQUNqQyxzREFBc0Q7WUFFdEQsMEJBQTBCO1lBQzFCLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsbUJBQW1CLENBQ3hDLElBQUksRUFDSixJQUFJLENBQUMsZUFBZSxDQUFDLGdCQUFnQixDQUFDLGFBQWEsQ0FBQyxPQUFPLENBQUMsRUFDNUQsRUFBRSxDQUNILENBQUM7WUFFRixpQ0FBaUM7WUFDakMsc0RBQXNEO1lBRXRELE1BQU0sSUFBSSxDQUFDLElBQUksQ0FBQyxPQUFPLEVBQUUsQ0FBQztZQUUxQixPQUFPLE1BQU0sSUFBSSxDQUFDLElBQUk7aUJBQ25CLElBQUksQ0FBTSxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyw0QkFBNEIsRUFBRTtnQkFDN0QsTUFBTSxFQUFFLE1BQU0sQ0FBQyxNQUFNO2dCQUNyQixnQkFBZ0IsRUFBRSxNQUFNLENBQUMsZ0JBQWdCO2FBQzFDLENBQUM7aUJBQ0QsU0FBUyxFQUFFLENBQUM7UUFDakIsQ0FBQztLQUFBOzs7O1lBM1hGLFVBQVUsU0FBQztnQkFDVixVQUFVLEVBQUUsTUFBTTthQUNuQjs7OzRDQU9JLE1BQU0sU0FBQyxTQUFTO1lBdEtaLFVBQVU7WUFEVixlQUFlO1lBR2YsU0FBUztZQVlULG9CQUFvQjtZQUdDLEdBQUc7WUFWeEIsVUFBVTtZQUZWLGlCQUFpQjtZQUNqQixlQUFlO1lBU2YsZUFBZSIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCB7IExyQXBvbGxvU2VydmljZSB9IGZyb20gJy4uL2FwaS9sci1hcG9sbG8uc2VydmljZSc7XHJcbmltcG9ydCB7IEh0dHBDbGllbnQgfSBmcm9tICdAYW5ndWxhci9jb21tb24vaHR0cCc7XHJcbmltcG9ydCB7IEluamVjdCwgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xyXG5pbXBvcnQgeyBBdXRoQ2xhc3MgfSBmcm9tICdAYXdzLWFtcGxpZnkvYXV0aC9saWItZXNtL0F1dGgnO1xyXG5pbXBvcnQgZ3FsIGZyb20gJ2dyYXBocWwtdGFnJztcclxuaW1wb3J0IHsgSldLIH0gZnJvbSAnbm9kZS1qb3NlJztcclxuaW1wb3J0IHsgRW5jcnlwdGlvblNlcnZpY2UgfSBmcm9tICcuLi9jcnlwdG9ncmFwaHkvZW5jcnlwdGlvbi5zZXJ2aWNlJztcclxuaW1wb3J0IHsgS2V5R3JhcGhTZXJ2aWNlIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2tleS1ncmFwaC5zZXJ2aWNlJztcclxuaW1wb3J0IHsgS2V5U2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXkuc2VydmljZSc7XHJcbmltcG9ydCB7IExpZmVSZWFkeUNvbmZpZywgTFJfQ09ORklHIH0gZnJvbSAnLi4vbGlmZS1yZWFkeS5jb25maWcnO1xyXG5pbXBvcnQge1xyXG4gIExyRXhjZXB0aW9uLFxyXG4gIExyRXJyb3JDb2RlLFxyXG4gIExyQmFkTG9naWNFeGNlcHRpb24sXHJcbn0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcclxuaW1wb3J0IHsgTGlmZVJlYWR5QXV0aFNlcnZpY2UgfSBmcm9tICcuL2xpZmUtcmVhZHktYXV0aC5zZXJ2aWNlJztcclxuaW1wb3J0IHsgUGFzc3dvcmRTZXJ2aWNlIH0gZnJvbSAnLi9wYXNzd29yZC5zZXJ2aWNlJztcclxuaW1wb3J0IHsgU2xpcDM5SGVscGVyIH0gZnJvbSAnc2xpcDM5JztcclxuaW1wb3J0IHsgS2V5RmFjdG9yeVNlcnZpY2UgYXMgS0ZTIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2tleS1mYWN0b3J5LnNlcnZpY2UnO1xyXG5cclxuaW50ZXJmYWNlIFNldFBhc3N3b3JkQXBpUmVzdWx0IHtcclxuICB1c2VybmFtZTogc3RyaW5nO1xyXG4gIGlkcFBhc3N3b3JkOiBzdHJpbmc7XHJcbiAgc2V0UGFzc3dvcmRUb2tlbjogc3RyaW5nO1xyXG59XHJcblxyXG5leHBvcnQgaW50ZXJmYWNlIFNldFBhc3N3b3JkUGFyYW1zIHtcclxuICBsYm9wSWQ6IHN0cmluZztcclxuICBuZXdQYXNzd29yZDogc3RyaW5nO1xyXG4gIHZlcmlmaWVkVG9rZW46IHN0cmluZztcclxuICBtYXN0ZXJLZXlJZDogc3RyaW5nO1xyXG4gIG1hc3RlcktleTogSldLLktleTtcclxufVxyXG5cclxuZXhwb3J0IGludGVyZmFjZSBWZXJpZnlDb250YWN0UGFyYW1zIHtcclxuICBlbWFpbD86IHN0cmluZztcclxuICBwaG9uZT86IHN0cmluZztcclxufVxyXG5cclxuZXhwb3J0IGludGVyZmFjZSBWZXJpZnlDb250YWN0UmVzdWx0IHtcclxuICAvLyBUaGUgY2xhaW1faWQgaWRlbnRpZmllcyB0aGUgRW1haWwvU01TIGNvbmZpcm1hdGlvblxyXG4gIGNsYWltSWQ6IHN0cmluZztcclxufVxyXG5cclxuZXhwb3J0IGludGVyZmFjZSBDb25maXJtQ29udGFjdFBhcmFtcyB7XHJcbiAgY2xhaW1JZDogc3RyaW5nO1xyXG4gIHZDb2RlOiBzdHJpbmc7XHJcbn1cclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgQ29uZmlybUNvbnRhY3RSZXN1bHQge1xyXG4gIC8vIFRoZSB0b2tlbiB0byBwcm92ZSB0aGUgY2xpZW50IGhhZCB0aGUgY29ycmVjdCBjb25maXJtYXRpb24gY29kZS5cclxuICB0b2tlbjogc3RyaW5nO1xyXG59XHJcblxyXG5leHBvcnQgaW50ZXJmYWNlIFZlcmlmeVBhcmFtcyB7XHJcbiAgY2xhaW1JZDogc3RyaW5nO1xyXG4gIGNsYWltVG9rZW46IHN0cmluZztcclxuICBsYm9wOiBzdHJpbmc7XHJcbn1cclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgVmVyaWZ5UmVzdWx0IHtcclxuICAvLyB1c2VySWQ6IHN0cmluZztcclxuICBsYm9wSWQ6IHN0cmluZztcclxuICB2ZXJpZmllZFRva2VuOiBzdHJpbmc7XHJcbiAgbWFzdGVyS2V5SWQ6IHN0cmluZztcclxuICBtYXN0ZXJLZXk6IEpXSy5LZXk7XHJcbn1cclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgQ2hhbGxlbmdlUmVzdWx0IHtcclxuICBjaGFsbGVuZ2U6IGFueTtcclxuICBsYm9wczogYW55O1xyXG4gIC8vIHVzZXJJZDogc3RyaW5nO1xyXG59XHJcblxyXG5leHBvcnQgaW50ZXJmYWNlIExib3Age1xyXG4gIGlkOiBzdHJpbmc7XHJcbiAgcGFydGlhbD86IHN0cmluZztcclxuICBuYW1lPzogc3RyaW5nO1xyXG4gIGxib3BTdHJpbmc/OiBzdHJpbmc7XHJcbn1cclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgQ3JlYXRlTGJvcFBhcmFtcyB7XHJcbiAgbmFtZT86IHN0cmluZztcclxufVxyXG5cclxuaW50ZXJmYWNlIENyZWF0ZUxib3BRdWVyeSB7XHJcbiAgY3JlYXRlTGJvcDoge1xyXG4gICAgbGJvcDogTGJvcDtcclxuICB9O1xyXG59XHJcblxyXG5leHBvcnQgY29uc3QgQ3JlYXRlTGJvcFF1ZXJ5ID0gZ3FsYFxyXG4gIG11dGF0aW9uIENyZWF0ZUxib3AoJGlucHV0OiBDcmVhdGVMYm9wSW5wdXQhKSB7XHJcbiAgICBjcmVhdGVMYm9wKGlucHV0OiAkaW5wdXQpIHtcclxuICAgICAgbGJvcCB7XHJcbiAgICAgICAgaWRcclxuICAgICAgfVxyXG4gICAgfVxyXG4gIH1cclxuYDtcclxuXHJcbmludGVyZmFjZSBEZWxldGVMYm9wUXVlcnkge1xyXG4gIGRlbGV0ZUxib3A6IExib3A7XHJcbn1cclxuXHJcbmV4cG9ydCBjb25zdCBEZWxldGVMYm9wUXVlcnkgPSBncWxgXHJcbiAgbXV0YXRpb24gRGVsZXRlTGJvcCgkaW5wdXQ6IERlbGV0ZUxib3BJbnB1dCEpIHtcclxuICAgIGRlbGV0ZUxib3AoaW5wdXQ6ICRpbnB1dCkge1xyXG4gICAgICBpZFxyXG4gICAgfVxyXG4gIH1cclxuYDtcclxuXHJcbmV4cG9ydCBpbnRlcmZhY2UgVXBkYXRlTGJvcFBhcmFtcyB7XHJcbiAgaWQ6IHN0cmluZztcclxuICBuYW1lOiBzdHJpbmc7XHJcbn1cclxuXHJcbmludGVyZmFjZSBVcGRhdGVMYm9wUXVlcnkge1xyXG4gIHVwZGF0ZUxib3A6IExib3A7XHJcbn1cclxuXHJcbmV4cG9ydCBjb25zdCBVcGRhdGVMYm9wUXVlcnkgPSBncWxgXHJcbiAgbXV0YXRpb24gVXBkYXRlTGJvcCgkaW5wdXQ6IFVwZGF0ZUxib3BJbnB1dCEpIHtcclxuICAgIHVwZGF0ZUxib3AoaW5wdXQ6ICRpbnB1dCkge1xyXG4gICAgICBsYm9wIHtcclxuICAgICAgICBpZFxyXG4gICAgICB9XHJcbiAgICB9XHJcbiAgfVxyXG5gO1xyXG5cclxuZXhwb3J0IGNvbnN0IExib3BRdWVyeSA9IGdxbGBcclxuICBxdWVyeSBMYm9wKCRpZDogTHJSZWxheUlkSW5wdXQhKSB7XHJcbiAgICBsYm9wKGlkOiAkaWQpIHtcclxuICAgICAgaWRcclxuICAgICAgY2lwaGVyTWV0YVxyXG4gICAgfVxyXG4gIH1cclxuYDtcclxuXHJcbmludGVyZmFjZSBMYm9wc1F1ZXJ5IHtcclxuICBsYm9wczogYW55O1xyXG59XHJcblxyXG5leHBvcnQgY29uc3QgTGJvcHNRdWVyeSA9IGdxbGBcclxuICBxdWVyeSBMYm9wcyB7XHJcbiAgICBsYm9wcyB7XHJcbiAgICAgIGVkZ2VzIHtcclxuICAgICAgICBub2RlIHtcclxuICAgICAgICAgIGlkXHJcbiAgICAgICAgICBjaXBoZXJNZXRhXHJcbiAgICAgICAgfVxyXG4gICAgICB9XHJcbiAgICB9XHJcbiAgfVxyXG5gO1xyXG5cclxuQEluamVjdGFibGUoe1xyXG4gIHByb3ZpZGVkSW46ICdyb290JyxcclxufSlcclxuZXhwb3J0IGNsYXNzIExib3BTZXJ2aWNlIHtcclxuICBwcml2YXRlIHJlYWRvbmx5IENMSUVOVF9OT05DRV9MRU5HVEggPSAzMjtcclxuICAvLyBUaGVyZSBhcmUgMTAyNCB3b3JkcyAoMTAgYml0cyksIHNvIDI1IHdvcmRzIHNob3VsZCBnaXZlIH4yNTYgYml0cyBvZiBlbnRyb3B5LlxyXG4gIHByaXZhdGUgcmVhZG9ubHkgTEJPUF9XT1JEUyA9IDI1O1xyXG5cclxuICBjb25zdHJ1Y3RvcihcclxuICAgIEBJbmplY3QoTFJfQ09ORklHKSBwcml2YXRlIGNvbmZpZzogTGlmZVJlYWR5Q29uZmlnLFxyXG4gICAgcHJpdmF0ZSBodHRwOiBIdHRwQ2xpZW50LFxyXG4gICAgcHJpdmF0ZSBsckFwb2xsbzogTHJBcG9sbG9TZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSBhdXRoOiBBdXRoQ2xhc3MsXHJcbiAgICBwcml2YXRlIGF1dGhTZXJ2aWNlOiBMaWZlUmVhZHlBdXRoU2VydmljZSxcclxuICAgIHByaXZhdGUga2V5RmFjdG9yeTogS0ZTLFxyXG4gICAgcHJpdmF0ZSBrZXlTZXJ2aWNlOiBLZXlTZXJ2aWNlLFxyXG4gICAgcHJpdmF0ZSBlbmNyeXB0aW9uU2VydmljZTogRW5jcnlwdGlvblNlcnZpY2UsXHJcbiAgICBwcml2YXRlIGtleUdyYXBoOiBLZXlHcmFwaFNlcnZpY2UsXHJcbiAgICBwcml2YXRlIHBhc3N3b3JkU2VydmljZTogUGFzc3dvcmRTZXJ2aWNlXHJcbiAgKSB7fVxyXG5cclxuICBwcml2YXRlIGdldFBhcnRpYWwobGJvcFN0cmluZzogc3RyaW5nKTogc3RyaW5nIHtcclxuICAgIHJldHVybiBsYm9wU3RyaW5nLnNwbGl0KCcgJylbMF07XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgcmVtb3ZlKGlkOiBzdHJpbmcpOiBQcm9taXNlPHN0cmluZz4ge1xyXG4gICAgY29uc3QgcmVzID0gYXdhaXQgdGhpcy5sckFwb2xsby5tdXRhdGU8YW55Pih7XHJcbiAgICAgIG11dGF0aW9uOiBEZWxldGVMYm9wUXVlcnksXHJcbiAgICAgIHZhcmlhYmxlczoge1xyXG4gICAgICAgIGlucHV0OiB7XHJcbiAgICAgICAgICBpZCxcclxuICAgICAgICB9LFxyXG4gICAgICB9LFxyXG4gICAgfSk7XHJcblxyXG4gICAgcmV0dXJuIHJlcy5kZWxldGVMYm9wLmlkO1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIHVwZGF0ZSh7IGlkLCBuYW1lIH06IFVwZGF0ZUxib3BQYXJhbXMpOiBQcm9taXNlPExib3A+IHtcclxuICAgIGNvbnN0IGxib3AgPSBhd2FpdCB0aGlzLmdldChpZCk7XHJcbiAgICBsYm9wLm5hbWUgPSBuYW1lO1xyXG5cclxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5U2VydmljZS5nZXRDdXJyZW50TWFzdGVyS2V5KCk7XHJcbiAgICBjb25zdCBjaXBoZXJNZXRhID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxyXG4gICAgICBtYXN0ZXJLZXkuandrLFxyXG4gICAgICBsYm9wXHJcbiAgICApO1xyXG5cclxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMubHJBcG9sbG8ubXV0YXRlPFVwZGF0ZUxib3BRdWVyeT4oe1xyXG4gICAgICBtdXRhdGlvbjogVXBkYXRlTGJvcFF1ZXJ5LFxyXG4gICAgICB2YXJpYWJsZXM6IHtcclxuICAgICAgICBpbnB1dDoge1xyXG4gICAgICAgICAgaWQsXHJcbiAgICAgICAgICBjaXBoZXJNZXRhOiBKU09OLnN0cmluZ2lmeShjaXBoZXJNZXRhKSxcclxuICAgICAgICB9LFxyXG4gICAgICB9LFxyXG4gICAgfSk7XHJcblxyXG4gICAgcmV0dXJuIHJlcy51cGRhdGVMYm9wO1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIGdldChpZDogc3RyaW5nKTogUHJvbWlzZTxMYm9wPiB7XHJcbiAgICBjb25zdCByZXMgPSBhd2FpdCB0aGlzLmxyQXBvbGxvLnF1ZXJ5PGFueT4oe1xyXG4gICAgICBxdWVyeTogTGJvcFF1ZXJ5LFxyXG4gICAgICB2YXJpYWJsZXM6IHtcclxuICAgICAgICBpZCxcclxuICAgICAgfSxcclxuICAgIH0pO1xyXG5cclxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5U2VydmljZS5nZXRDdXJyZW50TWFzdGVyS2V5KCk7XHJcblxyXG4gICAgY29uc3QgcGxhaW5DaXBoZXJNZXRhID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxyXG4gICAgICBtYXN0ZXJLZXkuandrLFxyXG4gICAgICBKU09OLnBhcnNlKHJlcy5sYm9wLmNpcGhlck1ldGEpXHJcbiAgICApO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIGlkOiByZXMuaWQsXHJcbiAgICAgIC4uLnBsYWluQ2lwaGVyTWV0YSxcclxuICAgIH07XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgbGlzdCgpOiBQcm9taXNlPExib3BbXT4ge1xyXG4gICAgY29uc3QgcmVzID0gYXdhaXQgdGhpcy5sckFwb2xsby5xdWVyeTxMYm9wc1F1ZXJ5Pih7XHJcbiAgICAgIHF1ZXJ5OiBMYm9wc1F1ZXJ5LFxyXG4gICAgfSk7XHJcblxyXG4gICAgY29uc3QgbWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmdldEN1cnJlbnRNYXN0ZXJLZXkoKTtcclxuXHJcbiAgICByZXR1cm4gUHJvbWlzZS5hbGwoXHJcbiAgICAgIHJlcy5sYm9wcy5lZGdlcy5tYXAoYXN5bmMgKGVkZ2UpID0+IHtcclxuICAgICAgICBjb25zdCBwbGFpbkNpcGhlck1ldGEgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXHJcbiAgICAgICAgICBtYXN0ZXJLZXkuandrLFxyXG4gICAgICAgICAgSlNPTi5wYXJzZShlZGdlLm5vZGUuY2lwaGVyTWV0YSlcclxuICAgICAgICApO1xyXG4gICAgICAgIHJldHVybiB7XHJcbiAgICAgICAgICBpZDogZWRnZS5ub2RlLmlkLFxyXG4gICAgICAgICAgLi4ucGxhaW5DaXBoZXJNZXRhLFxyXG4gICAgICAgIH07XHJcbiAgICAgIH0pXHJcbiAgICApO1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIGNyZWF0ZSh7IG5hbWUgfTogQ3JlYXRlTGJvcFBhcmFtcyk6IFByb21pc2U8TGJvcD4ge1xyXG4gICAgaWYgKFNsaXAzOUhlbHBlci5XT1JEX0xJU1QubGVuZ3RoICE9PSAxMDI0KSB7XHJcbiAgICAgIHRocm93IG5ldyBMckJhZExvZ2ljRXhjZXB0aW9uKCdTbGlwMzlIZWxwZXIuV09SRF9MSVNULmxlbmd0aCAhPSAxMDI0Jyk7XHJcbiAgICB9XHJcblxyXG4gICAgLy8gR2V0IGV4aXN0aW5nIHRvIG1ha2Ugc3VyZSB0aGVyZSBhcmUgbm90IGR1cGxpY2F0ZSBmaXJzdCB3b3Jkc1xyXG4gICAgY29uc3QgbGJvcHMgPSBhd2FpdCB0aGlzLmxpc3QoKTtcclxuXHJcbiAgICAvLyBHZW5lcmF0ZSBuZXcgb25lXHJcbiAgICBsZXQgbGJvcFN0cmluZztcclxuICAgIHdoaWxlICh0cnVlKSB7XHJcbiAgICAgIGxib3BTdHJpbmcgPSB0aGlzLmtleUZhY3RvcnlcclxuICAgICAgICAucmFuZG9tQ2hvaWNlcyhTbGlwMzlIZWxwZXIuV09SRF9MSVNULCB0aGlzLkxCT1BfV09SRFMpXHJcbiAgICAgICAgLmpvaW4oJyAnKTtcclxuICAgICAgY29uc3QgcGFydGlhbCA9IHRoaXMuZ2V0UGFydGlhbChsYm9wU3RyaW5nKTtcclxuXHJcbiAgICAgIGlmICghbGJvcHMuc29tZSgobGJvcCkgPT4gbGJvcC5wYXJ0aWFsID09PSBwYXJ0aWFsKSkge1xyXG4gICAgICAgIGJyZWFrO1xyXG4gICAgICB9XHJcbiAgICB9XHJcblxyXG4gICAgY29uc3QgbGJvcEtleVBhcmFtcyA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVMYm9wS2V5UGFyYW1zKCk7XHJcbiAgICBjb25zdCBsYm9wS2V5ID0gKFxyXG4gICAgICBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlTGJvcEtleSh7XHJcbiAgICAgICAgcGFzc3dvcmQ6IGxib3BTdHJpbmcsXHJcbiAgICAgICAgLi4ubGJvcEtleVBhcmFtcyxcclxuICAgICAgfSlcclxuICAgICkuandrO1xyXG5cclxuICAgIGNvbnN0IGxib3BLZXlWZXJpZmllciA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVTaWduS2V5KCk7XHJcbiAgICBjb25zdCB3cmFwcGVkTGJvcEtleVZlcmlmaWVyID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxyXG4gICAgICBsYm9wS2V5LFxyXG4gICAgICBsYm9wS2V5VmVyaWZpZXIudG9KU09OKHRydWUpXHJcbiAgICApO1xyXG5cclxuICAgIC8vIFJlLWVuY3J5cHQgbWFzdGVyIGtleSB3aXRoIG5ldyBrZXlcclxuICAgIGNvbnN0IGN1cnJlbnRVc2VyID0gYXdhaXQgdGhpcy5hdXRoU2VydmljZS5nZXRVc2VyKCk7XHJcbiAgICBjb25zdCBtYXN0ZXJLZXkgPSBhd2FpdCB0aGlzLmtleUdyYXBoLmdldEtleShcclxuICAgICAgY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkubWFzdGVyS2V5LmlkXHJcbiAgICApO1xyXG4gICAgY29uc3Qgd3JhcHBlZE1hc3RlcktleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcclxuICAgICAgbGJvcEtleSxcclxuICAgICAgbWFzdGVyS2V5Lmp3ay50b0pTT04odHJ1ZSlcclxuICAgICk7XHJcblxyXG4gICAgY29uc3QgbWV0YSA9IHtcclxuICAgICAgLi4uKG5hbWUgJiYgeyBuYW1lIH0pLFxyXG4gICAgICBwYXJ0aWFsOiB0aGlzLmdldFBhcnRpYWwobGJvcFN0cmluZyksXHJcbiAgICB9O1xyXG4gICAgY29uc3QgY2lwaGVyTWV0YSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcclxuICAgICAgbWFzdGVyS2V5Lmp3ayxcclxuICAgICAgbWV0YVxyXG4gICAgKTtcclxuXHJcbiAgICBjb25zdCByZXMgPSBhd2FpdCB0aGlzLmxyQXBvbGxvLm11dGF0ZTxDcmVhdGVMYm9wUXVlcnk+KHtcclxuICAgICAgbXV0YXRpb246IENyZWF0ZUxib3BRdWVyeSxcclxuICAgICAgdmFyaWFibGVzOiB7XHJcbiAgICAgICAgaW5wdXQ6IHtcclxuICAgICAgICAgIGNpcGhlck1ldGE6IEpTT04uc3RyaW5naWZ5KGNpcGhlck1ldGEpLFxyXG4gICAgICAgICAgbGJvcEtleVBhcmFtczogSlNPTi5zdHJpbmdpZnkobGJvcEtleVBhcmFtcyksXHJcbiAgICAgICAgICBsYm9wS2V5VmVyaWZpZXI6IEpTT04uc3RyaW5naWZ5KGxib3BLZXlWZXJpZmllci50b0pTT04odHJ1ZSkpLFxyXG4gICAgICAgICAgd3JhcHBlZExib3BLZXlWZXJpZmllcjogSlNPTi5zdHJpbmdpZnkod3JhcHBlZExib3BLZXlWZXJpZmllciksXHJcbiAgICAgICAgICBtYXN0ZXJLZXlJZDogY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkubWFzdGVyS2V5LmlkLFxyXG4gICAgICAgICAgd3JhcHBlZE1hc3RlcktleTogSlNPTi5zdHJpbmdpZnkod3JhcHBlZE1hc3RlcktleSksXHJcbiAgICAgICAgfSxcclxuICAgICAgfSxcclxuICAgIH0pO1xyXG5cclxuICAgIHJldHVybiB7XHJcbiAgICAgIC4uLnJlcy5jcmVhdGVMYm9wLmxib3AsXHJcbiAgICAgIGxib3BTdHJpbmcsXHJcbiAgICB9O1xyXG4gIH1cclxuXHJcbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cclxuICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxyXG4gIC8vIEZsb3cgYmVsb3cgYXJlIGZvciBwYXNzd29yZCByZXNldCB2aWEgTEJPUFxyXG4gIC8vXHJcbiAgLy8gLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludCB4eHgtLVxyXG4gIC8vXHJcbiAgLy8gTG9vayBmb3IgdGhlIGFib3ZlIGFuZCB5b3UgY2FuIHRlc3QgYnkgaW50ZXJydXB0aW5nIGF0IHRoZXNlIHBvaW50cy5cclxuICAvL1xyXG4gIC8vIFRoZSBMQk9QIHJlc2V0IHByb2Nlc3MgY2FuIGJlIHJlc3RhcnRlZCBhdCBhbnkgcG9pbnQgYmVmb3JlIHRoZSBjYWxsIHRvIFwic2V0LXBhc3N3b3JkL1wiLiBPbmNlIFwic2V0LXBhc3N3b3JkL1wiIGhhcyBiZWVuXHJcbiAgLy8gY2FsbGVkLCB3ZSBhc3N1bWUgdGhlIGNsaWVudCBoYXMgYSBzaG9ydCBwZXJpb2Qgb2YgdGltZSB0byBjaGFuZ2UgdGhlIElkcCBwYXNzd29yZCB0byB0aGUgb25lIHRoZXkndmUgY2hvc2VuLiBUaGUgXCJzZXQtcGFzc3dvcmQvXCJcclxuICAvLyB3aWxsIHNldCB0aGUgSWRwIHBhc3N3b3JkIHRvIGEgdGVtcG9yYXJ5IHJhbmRvbSBwYXNzd29yZC4gVGhlIHVzZXIgY2FuIG5vIGxvbmdlciBsb2dpbiB1c2luZyB0aGVpciBjdXJyZW50IHBhc3N3b3JkLiBJZiB0aGUgSWRwXHJcbiAgLy8gcGFzc3dvcmQgY2hhbmdlIHByb2Nlc3MgZG9lcyBub3QgY29tcGxldGUgb3IgdGFrZXMgbG9uZ2VyIHRoYW4gdGhlIGxvY2tvdXQgcGVyaW9kLCB0aGUgYWNjb3VudCB3aWxsIG5vdCBiZSBhY2Nlc3NpYmxlIGFuZCBhIG5ld1xyXG4gIC8vIExCT1AgcGFzc3dvcmQgcmVzZXQgbXVzdCBiZSBjYXJyaWVkIG91dC5cclxuICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxyXG4gIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tXHJcbiAgcHJpdmF0ZSBhc3luYyB2ZXJpZnlMYm9wcyhcclxuICAgIGNoYWxsZW5nZVJlc3VsdDogQ2hhbGxlbmdlUmVzdWx0LFxyXG4gICAgbGJvcFN0cmluZzogc3RyaW5nXHJcbiAgKTogUHJvbWlzZTx7IGxib3A6IGFueTsgc2lnbmVkQ2hhbGxlbmdlOiBhbnk7IGxib3BLZXk6IEpXSy5LZXkgfT4ge1xyXG4gICAgY29uc3QgY2xpZW50Tm9uY2UgPSB0aGlzLmtleUZhY3RvcnkucmFuZG9tU3RyaW5nKHRoaXMuQ0xJRU5UX05PTkNFX0xFTkdUSCk7XHJcblxyXG4gICAgZm9yIChjb25zdCBsYm9wIG9mIGNoYWxsZW5nZVJlc3VsdC5sYm9wcykge1xyXG4gICAgICBjb25zdCBsYm9wS2V5ID0gKFxyXG4gICAgICAgIGF3YWl0IHRoaXMua2V5RmFjdG9yeS5kZXJpdmVMYm9wS2V5KHtcclxuICAgICAgICAgIHBhc3N3b3JkOiBsYm9wU3RyaW5nLFxyXG4gICAgICAgICAgLi4ubGJvcC5sYm9wS2V5UGFyYW1zLFxyXG4gICAgICAgIH0pXHJcbiAgICAgICkuandrO1xyXG5cclxuICAgICAgLy8gSWYgZGVjb2Rpbmcgc3VjY2Vzc2Z1bCB0aGVuIGl0J3MgdGhlIGNvcnJlY3QgbGJvcFxyXG4gICAgICB0cnkge1xyXG4gICAgICAgIGNvbnN0IGxib3BLZXlWZXJpZmllciA9IChhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXHJcbiAgICAgICAgICBsYm9wS2V5LFxyXG4gICAgICAgICAgbGJvcC53cmFwcGVkTGJvcEtleVZlcmlmaWVyXHJcbiAgICAgICAgKSkgYXMgYW55O1xyXG5cclxuICAgICAgICAvLyBGb3JjZSBhIGJhZCBzaWduYXR1cmUuXHJcbiAgICAgICAgLy8gY29uc3Qgc2VydmVyTm9uY2UgPSBjaGFsbGVuZ2VSZXN1bHQuY2hhbGxlbmdlLnNlcnZlck5vbmNlICsgXCIxXCIsXHJcblxyXG4gICAgICAgIGNvbnN0IHNlcnZlck5vbmNlID0gY2hhbGxlbmdlUmVzdWx0LmNoYWxsZW5nZS5zZXJ2ZXJOb25jZTtcclxuXHJcbiAgICAgICAgY29uc3Qgc2lnbmVkQ2hhbGxlbmdlID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduKFxyXG4gICAgICAgICAgbGJvcEtleVZlcmlmaWVyLFxyXG4gICAgICAgICAge1xyXG4gICAgICAgICAgICBzZXJ2ZXJOb25jZSxcclxuICAgICAgICAgICAgY2xpZW50Tm9uY2UsXHJcbiAgICAgICAgICB9XHJcbiAgICAgICAgKTtcclxuXHJcbiAgICAgICAgcmV0dXJuIHtcclxuICAgICAgICAgIGxib3AsXHJcbiAgICAgICAgICBzaWduZWRDaGFsbGVuZ2UsXHJcbiAgICAgICAgICBsYm9wS2V5LFxyXG4gICAgICAgIH07XHJcbiAgICAgIH0gY2F0Y2ggKGVycm9yKSB7XHJcbiAgICAgICAgY29udGludWU7XHJcbiAgICAgIH1cclxuICAgIH1cclxuICAgIHRocm93IG5ldyBMckV4Y2VwdGlvbih7XHJcbiAgICAgIHNvdXJjZTogJ0xCT1AnLFxyXG4gICAgICBjb2RlOiAnSU5WQUxJRF9QQVNTUEhSQVNFJyxcclxuICAgICAgbWVzc2FnZTogJ0ludmFsaWQgcGFzc3BocmFzZS4nLFxyXG4gICAgfSk7XHJcbiAgfVxyXG5cclxuICBwdWJsaWMgYXN5bmMgdmVyaWZ5Q29udGFjdChcclxuICAgIHBhcmFtczogVmVyaWZ5Q29udGFjdFBhcmFtc1xyXG4gICk6IFByb21pc2U8VmVyaWZ5Q29udGFjdFJlc3VsdD4ge1xyXG4gICAgY29uc3QgcmV0ID0gdGhpcy5odHRwXHJcbiAgICAgIC5wb3N0PFZlcmlmeUNvbnRhY3RSZXN1bHQ+KFxyXG4gICAgICAgIGAke3RoaXMuY29uZmlnLmF1dGhVcmx9dXNlcnMvbGJvcC1yZXNldC92ZXJpZnktY29udGFjdC9gLFxyXG4gICAgICAgIHBhcmFtc1xyXG4gICAgICApXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuXHJcbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDEgLS1cclxuICAgIC8vIFRoZSBjb250YWN0IHZlcmlmaWNhdGlvbnMgYXJlIHRocm90dGxlZC4gQnV0IG90aGVyd2lzZSBoYXJtbGVzcy5cclxuXHJcbiAgICByZXR1cm4gcmV0O1xyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIGNvbmZpcm1Db250YWN0KFxyXG4gICAgcGFyYW1zOiBDb25maXJtQ29udGFjdFBhcmFtc1xyXG4gICk6IFByb21pc2U8Q29uZmlybUNvbnRhY3RSZXN1bHQ+IHtcclxuICAgIHJldHVybiB0aGlzLmh0dHBcclxuICAgICAgLnBvc3Q8Q29uZmlybUNvbnRhY3RSZXN1bHQ+KGAke3RoaXMuY29uZmlnLmF1dGhVcmx9Y292ZS9yZXNwb25kL2AsIHtcclxuICAgICAgICBjbGFpbV9pZDogcGFyYW1zLmNsYWltSWQsXHJcbiAgICAgICAgdl9jb2RlOiBwYXJhbXMudkNvZGUsXHJcbiAgICAgIH0pXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuXHJcbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDIgLS1cclxuICAgIC8vIEEgdmVyaWZpZWQgY2xhaW0gZm9yIGEgY29udGFjdCBkb2VzIG5vdCBwcmV2ZW50IG5ldyBvbmVzIGZyb20gYmVpbmcgZ2VuZXJhdGVkLiBTbyBpdCBzaG91bGQgYmUgZmluZSB0byBqdXN0IHN0YXJ0IGFnYWluLlxyXG4gIH1cclxuXHJcbiAgcHVibGljIGFzeW5jIHZlcmlmeShwYXJhbXM6IFZlcmlmeVBhcmFtcyk6IFByb21pc2U8VmVyaWZ5UmVzdWx0PiB7XHJcbiAgICBjb25zdCBjaGFsbGVuZ2VSZXN1bHQgPSBhd2FpdCB0aGlzLmh0dHBcclxuICAgICAgLnBvc3Q8Q2hhbGxlbmdlUmVzdWx0PihcclxuICAgICAgICBgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2xib3AtcmVzZXQvZ2V0LWNoYWxsZW5nZS9gLFxyXG4gICAgICAgIHtcclxuICAgICAgICAgIGNsYWltSWQ6IHBhcmFtcy5jbGFpbUlkLFxyXG4gICAgICAgICAgY2xhaW1Ub2tlbjogcGFyYW1zLmNsYWltVG9rZW4sXHJcbiAgICAgICAgfVxyXG4gICAgICApXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuXHJcbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDMgLS1cclxuICAgIC8vIFRoaXMgZG9lcyBub3QgbG9jayBhbnl0aGluZy4gQSBzZWNvbmQgY2FsbCB0byBcImdldC1jaGFsbGVuZ2UvXCIgd2lsbCBjcmVhdGUgYSBuZXcgY2hhbGxlbmdlIGFtZCBpbnZhbGlkYXRlIHRoZSBmaXJzdCBvbmUuXHJcbiAgICBjb25zdCB7IHNpZ25lZENoYWxsZW5nZSwgbGJvcCwgbGJvcEtleSB9ID0gYXdhaXQgdGhpcy52ZXJpZnlMYm9wcyhcclxuICAgICAgY2hhbGxlbmdlUmVzdWx0LFxyXG4gICAgICBwYXJhbXMubGJvcFxyXG4gICAgKTtcclxuXHJcbiAgICBjb25zdCByZXMgPSBhd2FpdCB0aGlzLmh0dHBcclxuICAgICAgLnBvc3Q8YW55PihgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2xib3AtcmVzZXQvdmVyaWZ5LWNoYWxsZW5nZS9gLCB7XHJcbiAgICAgICAgbGJvcElkOiBsYm9wLmxib3BJZCxcclxuICAgICAgICBzaWduZWRDaGFsbGVuZ2UsXHJcbiAgICAgIH0pXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuXHJcbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDQgLS1cclxuICAgIC8vIFRoaXMgZG9lcyBub3QgbG9jayBhbnl0aGluZy4gU28gb2sgdG8gcmVzdGFydC5cclxuXHJcbiAgICByZXR1cm4ge1xyXG4gICAgICBsYm9wSWQ6IGxib3AubGJvcElkLFxyXG4gICAgICB2ZXJpZmllZFRva2VuOiByZXMudmVyaWZpZWRUb2tlbixcclxuICAgICAgbWFzdGVyS2V5SWQ6IHJlcy5tYXN0ZXJLZXlJZCxcclxuICAgICAgbWFzdGVyS2V5OiBhd2FpdCBLRlMuYXNLZXkoXHJcbiAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KGxib3BLZXksIHJlcy53cmFwcGVkTWFzdGVyS2V5KVxyXG4gICAgICApLFxyXG4gICAgfTtcclxuICB9XHJcblxyXG4gIHB1YmxpYyBhc3luYyBzZXRQYXNzd29yZChwYXJhbXM6IFNldFBhc3N3b3JkUGFyYW1zKTogUHJvbWlzZTxhbnk+IHtcclxuICAgIC8vIEdlbmVyYXRlIHRoZSBuZXcgcGFzc3dvcmQgZGVyaXZlZCBrZXlzXHJcbiAgICBjb25zdCBwYXNzS2V5QnVuZGxlID0gYXdhaXQgdGhpcy5wYXNzd29yZFNlcnZpY2UuY3JlYXRlUGFzc0tleUJ1bmRsZShcclxuICAgICAgcGFyYW1zLm5ld1Bhc3N3b3JkXHJcbiAgICApO1xyXG5cclxuICAgIC8vIFJlLWVuY3J5cHQgbWFzdGVyIGtleSB3aXRoIG5ldyBrZXlcclxuICAgIGNvbnN0IG5ld1dyYXBwZWRNYXN0ZXJLZXkgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXHJcbiAgICAgIHBhc3NLZXlCdW5kbGUucGFzc0tleSxcclxuICAgICAgcGFyYW1zLm1hc3RlcktleS50b0pTT04odHJ1ZSlcclxuICAgICk7XHJcblxyXG4gICAgY29uc3QgcmVzdWx0ID0gYXdhaXQgdGhpcy5odHRwXHJcbiAgICAgIC5wb3N0PFNldFBhc3N3b3JkQXBpUmVzdWx0PihcclxuICAgICAgICBgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2xib3AtcmVzZXQvc2V0LXBhc3N3b3JkL2AsXHJcbiAgICAgICAge1xyXG4gICAgICAgICAgbGJvcElkOiBwYXJhbXMubGJvcElkLFxyXG4gICAgICAgICAgdmVyaWZpZWRUb2tlbjogcGFyYW1zLnZlcmlmaWVkVG9rZW4sXHJcbiAgICAgICAgICBtYXN0ZXJLZXlJZDogcGFyYW1zLm1hc3RlcktleUlkLFxyXG4gICAgICAgICAgbmV3V3JhcHBlZE1hc3RlcktleSxcclxuICAgICAgICAgIG5ld1Bhc3NLZXk6IHtcclxuICAgICAgICAgICAgcGFzc0tleVBhcmFtczogcGFzc0tleUJ1bmRsZS5wYXNzS2V5UGFyYW1zLFxyXG4gICAgICAgICAgICBwYXNzSWRwUGFyYW1zOiBwYXNzS2V5QnVuZGxlLnBhc3NJZHBQYXJhbXMsXHJcbiAgICAgICAgICAgIHBhc3NJZHBWZXJpZmllclBiazogcGFzc0tleUJ1bmRsZS5wYXNzSWRwVmVyaWZpZXIudG9KU09OKCksXHJcbiAgICAgICAgICAgIHdyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcms6IHBhc3NLZXlCdW5kbGUud3JhcHBlZFBhc3NJZHBWZXJpZmllclByayxcclxuICAgICAgICAgIH0sXHJcbiAgICAgICAgfVxyXG4gICAgICApXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuXHJcbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDUgLS1cclxuICAgIC8vIEEgdGltZWQgbXV0ZXggaXMgbG9ja2VkLiBUaGUgSWRwIHBhc3N3b3JkIGNoYW5nZSBtdXN0IG9jY3VyIHdpdGhpbiBhIHBlcmlvZCBvZiB0aW1lLlxyXG4gICAgLy8gSWYgaW50ZXJydXB0ZWQgaGVyZSwgdGhlIHVzZXIgY2FuIG5vdCBsb2dpbiB3aXRoIHRoZWlyIG9sZCBwYXNzd29yZCBhZ2Fpbi4gVGhleSBtdXN0XHJcbiAgICAvLyBzdGFydCB0aGUgd2hvbGUgTEJPUCBwYXNzd29yZCByZXNldCBwcm9jZXNzIGFnYWluLlxyXG5cclxuICAgIC8vIFRoaXMgY2FsbCB3aWxsIGdvIHRocm91Z2ggdGhlIExSIHByb3h5IHdoaWNoIGlzIE9LIHNpbmNlIHRoZSBMUiBzZXJ2ZXIga25vd3NcclxuICAgIC8vIHRoZSB0ZW1wb3JhcnkgcGFzc3dvcmQgYW55d2F5LlxyXG4gICAgbGV0IHVzZXIgPSBhd2FpdCB0aGlzLmF1dGguc2lnbkluKHJlc3VsdC51c2VybmFtZSwgcmVzdWx0LmlkcFBhc3N3b3JkLCB7XHJcbiAgICAgIG5vUHJveHk6ICd0cnVlJyxcclxuICAgIH0pO1xyXG5cclxuICAgIGlmICh1c2VyLmNoYWxsZW5nZU5hbWUgIT09ICdORVdfUEFTU1dPUkRfUkVRVUlSRUQnKSB7XHJcbiAgICAgIHRocm93IG5ldyBMckV4Y2VwdGlvbih7XHJcbiAgICAgICAgbWVzc2FnZTpcclxuICAgICAgICAgICdJbnRlcm5hbCBlcnJvci4gRXhwZWN0aW5nIENvZ25pdG8gdG8gaGF2ZSBkb25lIGEgcGFzc3dvcmQgcmVzZXQuJyxcclxuICAgICAgfSk7XHJcbiAgICB9XHJcblxyXG4gICAgLy8gLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludCA2IC0tXHJcbiAgICAvLyBNdXN0IHJlc3RhcnQgdGhlIExCT1AgcGFzc3dvcmQgcmVzZXQgcHJvY2VzcyBhZ2Fpbi5cclxuXHJcbiAgICAvLyBTZXQgbmV3IHBhc3N3b3JkIG9uIElkcFxyXG4gICAgdXNlciA9IGF3YWl0IHRoaXMuYXV0aC5jb21wbGV0ZU5ld1Bhc3N3b3JkKFxyXG4gICAgICB1c2VyLFxyXG4gICAgICB0aGlzLnBhc3N3b3JkU2VydmljZS5nZXRQYXNzSWRwU3RyaW5nKHBhc3NLZXlCdW5kbGUucGFzc0lkcCksXHJcbiAgICAgIHt9XHJcbiAgICApO1xyXG5cclxuICAgIC8vIC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgNyAtLVxyXG4gICAgLy8gTXVzdCByZXN0YXJ0IHRoZSBMQk9QIHBhc3N3b3JkIHJlc2V0IHByb2Nlc3MgYWdhaW4uXHJcblxyXG4gICAgYXdhaXQgdGhpcy5hdXRoLnNpZ25PdXQoKTtcclxuXHJcbiAgICByZXR1cm4gYXdhaXQgdGhpcy5odHRwXHJcbiAgICAgIC5wb3N0PGFueT4oYCR7dGhpcy5jb25maWcuYXV0aFVybH11c2Vycy9sYm9wLXJlc2V0L2NvbXBsZXRlL2AsIHtcclxuICAgICAgICBsYm9wSWQ6IHBhcmFtcy5sYm9wSWQsXHJcbiAgICAgICAgc2V0UGFzc3dvcmRUb2tlbjogcmVzdWx0LnNldFBhc3N3b3JkVG9rZW4sXHJcbiAgICAgIH0pXHJcbiAgICAgIC50b1Byb21pc2UoKTtcclxuICB9XHJcbn1cclxuIl19
+import { __awaiter } from "tslib";
+import { LrApolloService } from '../api/lr-apollo.service';
+import { HttpClient } from '@angular/common/http';
+import { Inject, Injectable } from '@angular/core';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import gql from 'graphql-tag';
+import { EncryptionService } from '../cryptography/encryption.service';
+import { KeyGraphService } from '../cryptography/key-graph.service';
+import { KeyService } from '../cryptography/key.service';
+import { LR_CONFIG } from '../life-ready.config';
+import { LrException, LrBadLogicException, } from '../_common/exceptions';
+import { LifeReadyAuthService } from './life-ready-auth.service';
+import { PasswordService } from './password.service';
+import { Slip39Helper } from 'slip39';
+import { KeyFactoryService as KFS } from '../cryptography/key-factory.service';
+import * as i0 from "@angular/core";
+import * as i1 from "../life-ready.config";
+import * as i2 from "@angular/common/http";
+import * as i3 from "../api/lr-apollo.service";
+import * as i4 from "@aws-amplify/auth/lib-esm/Auth";
+import * as i5 from "./life-ready-auth.service";
+import * as i6 from "../cryptography/key-factory.service";
+import * as i7 from "../cryptography/key.service";
+import * as i8 from "../cryptography/encryption.service";
+import * as i9 from "../cryptography/key-graph.service";
+import * as i10 from "./password.service";
+export const CreateLbopQuery = gql `
+  mutation CreateLbop($input: CreateLbopInput!) {
+    createLbop(input: $input) {
+      lbop {
+        id
+      }
+    }
+  }
+`;
+export const DeleteLbopQuery = gql `
+  mutation DeleteLbop($input: DeleteLbopInput!) {
+    deleteLbop(input: $input) {
+      id
+    }
+  }
+`;
+export const UpdateLbopQuery = gql `
+  mutation UpdateLbop($input: UpdateLbopInput!) {
+    updateLbop(input: $input) {
+      lbop {
+        id
+      }
+    }
+  }
+`;
+export const LbopQuery = gql `
+  query Lbop($id: LrRelayIdInput!) {
+    lbop(id: $id) {
+      id
+      cipherMeta
+    }
+  }
+`;
+export const LbopsQuery = gql `
+  query Lbops {
+    lbops {
+      edges {
+        node {
+          id
+          cipherMeta
+        }
+      }
+    }
+  }
+`;
+export class LbopService {
+    constructor(config, http, lrApollo, auth, authService, keyFactory, keyService, encryptionService, keyGraph, passwordService) {
+        this.config = config;
+        this.http = http;
+        this.lrApollo = lrApollo;
+        this.auth = auth;
+        this.authService = authService;
+        this.keyFactory = keyFactory;
+        this.keyService = keyService;
+        this.encryptionService = encryptionService;
+        this.keyGraph = keyGraph;
+        this.passwordService = passwordService;
+        this.CLIENT_NONCE_LENGTH = 32;
+        // There are 1024 words (10 bits), so 25 words should give ~256 bits of entropy.
+        this.LBOP_WORDS = 25;
+    }
+    getPartial(lbopString) {
+        return lbopString.split(' ')[0];
+    }
+    remove(id) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const res = yield this.lrApollo.mutate({
+                mutation: DeleteLbopQuery,
+                variables: {
+                    input: {
+                        id,
+                    },
+                },
+            });
+            return res.deleteLbop.id;
+        });
+    }
+    update({ id, name }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const lbop = yield this.get(id);
+            lbop.name = name;
+            const masterKey = yield this.keyService.getCurrentMasterKey();
+            const cipherMeta = yield this.encryptionService.encrypt(masterKey.jwk, lbop);
+            const res = yield this.lrApollo.mutate({
+                mutation: UpdateLbopQuery,
+                variables: {
+                    input: {
+                        id,
+                        cipherMeta: JSON.stringify(cipherMeta),
+                    },
+                },
+            });
+            return res.updateLbop;
+        });
+    }
+    get(id) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const res = yield this.lrApollo.query({
+                query: LbopQuery,
+                variables: {
+                    id,
+                },
+            });
+            const masterKey = yield this.keyService.getCurrentMasterKey();
+            const plainCipherMeta = yield this.encryptionService.decrypt(masterKey.jwk, JSON.parse(res.lbop.cipherMeta));
+            return Object.assign({ id: res.id }, plainCipherMeta);
+        });
+    }
+    list() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const res = yield this.lrApollo.query({
+                query: LbopsQuery,
+            });
+            const masterKey = yield this.keyService.getCurrentMasterKey();
+            return Promise.all(res.lbops.edges.map((edge) => __awaiter(this, void 0, void 0, function* () {
+                const plainCipherMeta = yield this.encryptionService.decrypt(masterKey.jwk, JSON.parse(edge.node.cipherMeta));
+                return Object.assign({ id: edge.node.id }, plainCipherMeta);
+            })));
+        });
+    }
+    create({ name }) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (Slip39Helper.WORD_LIST.length !== 1024) {
+                throw new LrBadLogicException('Slip39Helper.WORD_LIST.length != 1024');
+            }
+            // Get existing to make sure there are not duplicate first words
+            const lbops = yield this.list();
+            // Generate new one
+            let lbopString;
+            while (true) {
+                lbopString = this.keyFactory
+                    .randomChoices(Slip39Helper.WORD_LIST, this.LBOP_WORDS)
+                    .join(' ');
+                const partial = this.getPartial(lbopString);
+                if (!lbops.some((lbop) => lbop.partial === partial)) {
+                    break;
+                }
+            }
+            const lbopKeyParams = yield this.keyFactory.createLbopKeyParams();
+            const lbopKey = (yield this.keyFactory.deriveLbopKey(Object.assign({ password: lbopString }, lbopKeyParams))).jwk;
+            const lbopKeyVerifier = yield this.keyFactory.createSignKey();
+            const wrappedLbopKeyVerifier = yield this.encryptionService.encrypt(lbopKey, lbopKeyVerifier.toJSON(true));
+            // Re-encrypt master key with new key
+            const currentUser = yield this.authService.getUser();
+            const masterKey = yield this.keyGraph.getKey(currentUser.currentUserKey.masterKey.id);
+            const wrappedMasterKey = yield this.encryptionService.encrypt(lbopKey, masterKey.jwk.toJSON(true));
+            const meta = Object.assign(Object.assign({}, (name && { name })), { partial: this.getPartial(lbopString) });
+            const cipherMeta = yield this.encryptionService.encrypt(masterKey.jwk, meta);
+            const res = yield this.lrApollo.mutate({
+                mutation: CreateLbopQuery,
+                variables: {
+                    input: {
+                        cipherMeta: JSON.stringify(cipherMeta),
+                        lbopKeyParams: JSON.stringify(lbopKeyParams),
+                        lbopKeyVerifier: JSON.stringify(lbopKeyVerifier.toJSON(true)),
+                        wrappedLbopKeyVerifier: JSON.stringify(wrappedLbopKeyVerifier),
+                        masterKeyId: currentUser.currentUserKey.masterKey.id,
+                        wrappedMasterKey: JSON.stringify(wrappedMasterKey),
+                    },
+                },
+            });
+            return Object.assign(Object.assign({}, res.createLbop.lbop), { lbopString });
+        });
+    }
+    // --------------------------------------------------------------------------------------------------------------------
+    // --------------------------------------------------------------------------------------------------------------------
+    // Flow below are for password reset via LBOP
+    //
+    // --Potential Failure Point xxx--
+    //
+    // Look for the above and you can test by interrupting at these points.
+    //
+    // The LBOP reset process can be restarted at any point before the call to "set-password/". Once "set-password/" has been
+    // called, we assume the client has a short period of time to change the Idp password to the one they've chosen. The "set-password/"
+    // will set the Idp password to a temporary random password. The user can no longer login using their current password. If the Idp
+    // password change process does not complete or takes longer than the lockout period, the account will not be accessible and a new
+    // LBOP password reset must be carried out.
+    // --------------------------------------------------------------------------------------------------------------------
+    // --------------------------------------------------------------------------------------------------------------------
+    verifyLbops(challengeResult, lbopString) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const clientNonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
+            for (const lbop of challengeResult.lbops) {
+                const lbopKey = (yield this.keyFactory.deriveLbopKey(Object.assign({ password: lbopString }, lbop.lbopKeyParams))).jwk;
+                // If decoding successful then it's the correct lbop
+                try {
+                    const lbopKeyVerifier = (yield this.encryptionService.decrypt(lbopKey, lbop.wrappedLbopKeyVerifier));
+                    // Force a bad signature.
+                    // const serverNonce = challengeResult.challenge.serverNonce + "1",
+                    const serverNonce = challengeResult.challenge.serverNonce;
+                    const signedChallenge = yield this.encryptionService.sign(lbopKeyVerifier, {
+                        serverNonce,
+                        clientNonce,
+                    });
+                    return {
+                        lbop,
+                        signedChallenge,
+                        lbopKey,
+                    };
+                }
+                catch (error) {
+                    continue;
+                }
+            }
+            throw new LrException({
+                source: 'LBOP',
+                code: 'INVALID_PASSPHRASE',
+                message: 'Invalid passphrase.',
+            });
+        });
+    }
+    verifyContact(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const ret = this.http
+                .post(`${this.config.authUrl}users/lbop-reset/verify-contact/`, params)
+                .toPromise();
+            // --Potential Failure Point 1 --
+            // The contact verifications are throttled. But otherwise harmless.
+            return ret;
+        });
+    }
+    confirmContact(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return this.http
+                .post(`${this.config.authUrl}cove/respond/`, {
+                claim_id: params.claimId,
+                v_code: params.vCode,
+            })
+                .toPromise();
+            // --Potential Failure Point 2 --
+            // A verified claim for a contact does not prevent new ones from being generated. So it should be fine to just start again.
+        });
+    }
+    verify(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const challengeResult = yield this.http
+                .post(`${this.config.authUrl}users/lbop-reset/get-challenge/`, {
+                claimId: params.claimId,
+                claimToken: params.claimToken,
+            })
+                .toPromise();
+            // --Potential Failure Point 3 --
+            // This does not lock anything. A second call to "get-challenge/" will create a new challenge amd invalidate the first one.
+            const { signedChallenge, lbop, lbopKey } = yield this.verifyLbops(challengeResult, params.lbop);
+            const res = yield this.http
+                .post(`${this.config.authUrl}users/lbop-reset/verify-challenge/`, {
+                lbopId: lbop.lbopId,
+                signedChallenge,
+            })
+                .toPromise();
+            // --Potential Failure Point 4 --
+            // This does not lock anything. So ok to restart.
+            return {
+                lbopId: lbop.lbopId,
+                verifiedToken: res.verifiedToken,
+                masterKeyId: res.masterKeyId,
+                masterKey: yield KFS.asKey(yield this.encryptionService.decrypt(lbopKey, res.wrappedMasterKey)),
+            };
+        });
+    }
+    setPassword(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Generate the new password derived keys
+            const passKeyBundle = yield this.passwordService.createPassKeyBundle(params.newPassword);
+            // Re-encrypt master key with new key
+            const newWrappedMasterKey = yield this.encryptionService.encrypt(passKeyBundle.passKey, params.masterKey.toJSON(true));
+            const result = yield this.http
+                .post(`${this.config.authUrl}users/lbop-reset/set-password/`, {
+                lbopId: params.lbopId,
+                verifiedToken: params.verifiedToken,
+                masterKeyId: params.masterKeyId,
+                newWrappedMasterKey,
+                newPassKey: {
+                    passKeyParams: passKeyBundle.passKeyParams,
+                    passIdpParams: passKeyBundle.passIdpParams,
+                    passIdpVerifierPbk: passKeyBundle.passIdpVerifier.toJSON(),
+                    wrappedPassIdpVerifierPrk: passKeyBundle.wrappedPassIdpVerifierPrk,
+                },
+            })
+                .toPromise();
+            // --Potential Failure Point 5 --
+            // A timed mutex is locked. The Idp password change must occur within a period of time.
+            // If interrupted here, the user can not login with their old password again. They must
+            // start the whole LBOP password reset process again.
+            // This call will go through the LR proxy which is OK since the LR server knows
+            // the temporary password anyway.
+            let user = yield this.auth.signIn(result.username, result.idpPassword, {
+                noProxy: 'true',
+            });
+            if (user.challengeName !== 'NEW_PASSWORD_REQUIRED') {
+                throw new LrException({
+                    message: 'Internal error. Expecting Cognito to have done a password reset.',
+                });
+            }
+            // --Potential Failure Point 6 --
+            // Must restart the LBOP password reset process again.
+            // Set new password on Idp
+            user = yield this.auth.completeNewPassword(user, this.passwordService.getPassIdpString(passKeyBundle.passIdp), {});
+            // --Potential Failure Point 7 --
+            // Must restart the LBOP password reset process again.
+            yield this.auth.signOut();
+            return yield this.http
+                .post(`${this.config.authUrl}users/lbop-reset/complete/`, {
+                lbopId: params.lbopId,
+                setPasswordToken: result.setPasswordToken,
+            })
+                .toPromise();
+        });
+    }
+}
+LbopService.ɵprov = i0.ɵɵdefineInjectable({ factory: function LbopService_Factory() { return new LbopService(i0.ɵɵinject(i1.LR_CONFIG), i0.ɵɵinject(i2.HttpClient), i0.ɵɵinject(i3.LrApolloService), i0.ɵɵinject(i4.AuthClass), i0.ɵɵinject(i5.LifeReadyAuthService), i0.ɵɵinject(i6.KeyFactoryService), i0.ɵɵinject(i7.KeyService), i0.ɵɵinject(i8.EncryptionService), i0.ɵɵinject(i9.KeyGraphService), i0.ɵɵinject(i10.PasswordService)); }, token: LbopService, providedIn: "root" });
+LbopService.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+LbopService.ctorParameters = () => [
+    { type: undefined, decorators: [{ type: Inject, args: [LR_CONFIG,] }] },
+    { type: HttpClient },
+    { type: LrApolloService },
+    { type: AuthClass },
+    { type: LifeReadyAuthService },
+    { type: KFS },
+    { type: KeyService },
+    { type: EncryptionService },
+    { type: KeyGraphService },
+    { type: PasswordService }
+];
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibGJvcC5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6Ii9vcHQvYXRsYXNzaWFuL3BpcGVsaW5lcy9hZ2VudC9idWlsZC9wcm9qZWN0cy9jb3JlL3NyYy8iLCJzb3VyY2VzIjpbImxpYi9hdXRoL2xib3Auc2VydmljZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiO0FBQUEsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBQzNELE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUNsRCxPQUFPLEVBQUUsTUFBTSxFQUFFLFVBQVUsRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUNuRCxPQUFPLEVBQUUsU0FBUyxFQUFFLE1BQU0sZ0NBQWdDLENBQUM7QUFDM0QsT0FBTyxHQUFHLE1BQU0sYUFBYSxDQUFDO0FBRTlCLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLG9DQUFvQyxDQUFDO0FBQ3ZFLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxtQ0FBbUMsQ0FBQztBQUNwRSxPQUFPLEVBQUUsVUFBVSxFQUFFLE1BQU0sNkJBQTZCLENBQUM7QUFDekQsT0FBTyxFQUFtQixTQUFTLEVBQUUsTUFBTSxzQkFBc0IsQ0FBQztBQUNsRSxPQUFPLEVBQ0wsV0FBVyxFQUVYLG1CQUFtQixHQUNwQixNQUFNLHVCQUF1QixDQUFDO0FBQy9CLE9BQU8sRUFBRSxvQkFBb0IsRUFBRSxNQUFNLDJCQUEyQixDQUFDO0FBQ2pFLE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUNyRCxPQUFPLEVBQUUsWUFBWSxFQUFFLE1BQU0sUUFBUSxDQUFDO0FBQ3RDLE9BQU8sRUFBRSxpQkFBaUIsSUFBSSxHQUFHLEVBQUUsTUFBTSxxQ0FBcUMsQ0FBQzs7Ozs7Ozs7Ozs7O0FBeUUvRSxNQUFNLENBQUMsTUFBTSxlQUFlLEdBQUcsR0FBRyxDQUFBOzs7Ozs7OztDQVFqQyxDQUFDO0FBTUYsTUFBTSxDQUFDLE1BQU0sZUFBZSxHQUFHLEdBQUcsQ0FBQTs7Ozs7O0NBTWpDLENBQUM7QUFXRixNQUFNLENBQUMsTUFBTSxlQUFlLEdBQUcsR0FBRyxDQUFBOzs7Ozs7OztDQVFqQyxDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sU0FBUyxHQUFHLEdBQUcsQ0FBQTs7Ozs7OztDQU8zQixDQUFDO0FBTUYsTUFBTSxDQUFDLE1BQU0sVUFBVSxHQUFHLEdBQUcsQ0FBQTs7Ozs7Ozs7Ozs7Q0FXNUIsQ0FBQztBQUtGLE1BQU0sT0FBTyxXQUFXO0lBS3RCLFlBQzZCLE1BQXVCLEVBQzFDLElBQWdCLEVBQ2hCLFFBQXlCLEVBQ3pCLElBQWUsRUFDZixXQUFpQyxFQUNqQyxVQUFlLEVBQ2YsVUFBc0IsRUFDdEIsaUJBQW9DLEVBQ3BDLFFBQXlCLEVBQ3pCLGVBQWdDO1FBVGIsV0FBTSxHQUFOLE1BQU0sQ0FBaUI7UUFDMUMsU0FBSSxHQUFKLElBQUksQ0FBWTtRQUNoQixhQUFRLEdBQVIsUUFBUSxDQUFpQjtRQUN6QixTQUFJLEdBQUosSUFBSSxDQUFXO1FBQ2YsZ0JBQVcsR0FBWCxXQUFXLENBQXNCO1FBQ2pDLGVBQVUsR0FBVixVQUFVLENBQUs7UUFDZixlQUFVLEdBQVYsVUFBVSxDQUFZO1FBQ3RCLHNCQUFpQixHQUFqQixpQkFBaUIsQ0FBbUI7UUFDcEMsYUFBUSxHQUFSLFFBQVEsQ0FBaUI7UUFDekIsb0JBQWUsR0FBZixlQUFlLENBQWlCO1FBZHpCLHdCQUFtQixHQUFHLEVBQUUsQ0FBQztRQUMxQyxnRkFBZ0Y7UUFDL0QsZUFBVSxHQUFHLEVBQUUsQ0FBQztJQWE5QixDQUFDO0lBRUksVUFBVSxDQUFDLFVBQWtCO1FBQ25DLE9BQU8sVUFBVSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUNsQyxDQUFDO0lBRVksTUFBTSxDQUFDLEVBQVU7O1lBQzVCLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQU07Z0JBQzFDLFFBQVEsRUFBRSxlQUFlO2dCQUN6QixTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFO3dCQUNMLEVBQUU7cUJBQ0g7aUJBQ0Y7YUFDRixDQUFDLENBQUM7WUFFSCxPQUFPLEdBQUcsQ0FBQyxVQUFVLENBQUMsRUFBRSxDQUFDO1FBQzNCLENBQUM7S0FBQTtJQUVZLE1BQU0sQ0FBQyxFQUFFLEVBQUUsRUFBRSxJQUFJLEVBQW9COztZQUNoRCxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7WUFDaEMsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7WUFFakIsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFDOUQsTUFBTSxVQUFVLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNyRCxTQUFTLENBQUMsR0FBRyxFQUNiLElBQUksQ0FDTCxDQUFDO1lBRUYsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBa0I7Z0JBQ3RELFFBQVEsRUFBRSxlQUFlO2dCQUN6QixTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFO3dCQUNMLEVBQUU7d0JBQ0YsVUFBVSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsVUFBVSxDQUFDO3FCQUN2QztpQkFDRjthQUNGLENBQUMsQ0FBQztZQUVILE9BQU8sR0FBRyxDQUFDLFVBQVUsQ0FBQztRQUN4QixDQUFDO0tBQUE7SUFFWSxHQUFHLENBQUMsRUFBVTs7WUFDekIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBTTtnQkFDekMsS0FBSyxFQUFFLFNBQVM7Z0JBQ2hCLFNBQVMsRUFBRTtvQkFDVCxFQUFFO2lCQUNIO2FBQ0YsQ0FBQyxDQUFDO1lBRUgsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLG1CQUFtQixFQUFFLENBQUM7WUFFOUQsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMxRCxTQUFTLENBQUMsR0FBRyxFQUNiLElBQUksQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLElBQUksQ0FBQyxVQUFVLENBQUMsQ0FDaEMsQ0FBQztZQUVGLHVCQUNFLEVBQUUsRUFBRSxHQUFHLENBQUMsRUFBRSxJQUNQLGVBQWUsRUFDbEI7UUFDSixDQUFDO0tBQUE7SUFFWSxJQUFJOztZQUNmLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQWE7Z0JBQ2hELEtBQUssRUFBRSxVQUFVO2FBQ2xCLENBQUMsQ0FBQztZQUVILE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBRTlELE9BQU8sT0FBTyxDQUFDLEdBQUcsQ0FDaEIsR0FBRyxDQUFDLEtBQUssQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQU8sSUFBSSxFQUFFLEVBQUU7Z0JBQ2pDLE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDMUQsU0FBUyxDQUFDLEdBQUcsRUFDYixJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxJQUFJLENBQUMsVUFBVSxDQUFDLENBQ2pDLENBQUM7Z0JBQ0YsdUJBQ0UsRUFBRSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsRUFBRSxJQUNiLGVBQWUsRUFDbEI7WUFDSixDQUFDLENBQUEsQ0FBQyxDQUNILENBQUM7UUFDSixDQUFDO0tBQUE7SUFFWSxNQUFNLENBQUMsRUFBRSxJQUFJLEVBQW9COztZQUM1QyxJQUFJLFlBQVksQ0FBQyxTQUFTLENBQUMsTUFBTSxLQUFLLElBQUksRUFBRTtnQkFDMUMsTUFBTSxJQUFJLG1CQUFtQixDQUFDLHVDQUF1QyxDQUFDLENBQUM7YUFDeEU7WUFFRCxnRUFBZ0U7WUFDaEUsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7WUFFaEMsbUJBQW1CO1lBQ25CLElBQUksVUFBVSxDQUFDO1lBQ2YsT0FBTyxJQUFJLEVBQUU7Z0JBQ1gsVUFBVSxHQUFHLElBQUksQ0FBQyxVQUFVO3FCQUN6QixhQUFhLENBQUMsWUFBWSxDQUFDLFNBQVMsRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDO3FCQUN0RCxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7Z0JBQ2IsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsQ0FBQztnQkFFNUMsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxPQUFPLEtBQUssT0FBTyxDQUFDLEVBQUU7b0JBQ25ELE1BQU07aUJBQ1A7YUFDRjtZQUVELE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxtQkFBbUIsRUFBRSxDQUFDO1lBQ2xFLE1BQU0sT0FBTyxHQUFHLENBQ2QsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLGFBQWEsaUJBQ2pDLFFBQVEsRUFBRSxVQUFVLElBQ2pCLGFBQWEsRUFDaEIsQ0FDSCxDQUFDLEdBQUcsQ0FBQztZQUVOLE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLEVBQUUsQ0FBQztZQUM5RCxNQUFNLHNCQUFzQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDakUsT0FBTyxFQUNQLGVBQWUsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQzdCLENBQUM7WUFFRixxQ0FBcUM7WUFDckMsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxDQUFDO1lBQ3JELE1BQU0sU0FBUyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQzFDLFdBQVcsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FDeEMsQ0FBQztZQUNGLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMzRCxPQUFPLEVBQ1AsU0FBUyxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQzNCLENBQUM7WUFFRixNQUFNLElBQUksbUNBQ0wsQ0FBQyxJQUFJLElBQUksRUFBRSxJQUFJLEVBQUUsQ0FBQyxLQUNyQixPQUFPLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxVQUFVLENBQUMsR0FDckMsQ0FBQztZQUNGLE1BQU0sVUFBVSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDckQsU0FBUyxDQUFDLEdBQUcsRUFDYixJQUFJLENBQ0wsQ0FBQztZQUVGLE1BQU0sR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQWtCO2dCQUN0RCxRQUFRLEVBQUUsZUFBZTtnQkFDekIsU0FBUyxFQUFFO29CQUNULEtBQUssRUFBRTt3QkFDTCxVQUFVLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQUM7d0JBQ3RDLGFBQWEsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGFBQWEsQ0FBQzt3QkFDNUMsZUFBZSxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQzt3QkFDN0Qsc0JBQXNCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxzQkFBc0IsQ0FBQzt3QkFDOUQsV0FBVyxFQUFFLFdBQVcsQ0FBQyxjQUFjLENBQUMsU0FBUyxDQUFDLEVBQUU7d0JBQ3BELGdCQUFnQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsZ0JBQWdCLENBQUM7cUJBQ25EO2lCQUNGO2FBQ0YsQ0FBQyxDQUFDO1lBRUgsdUNBQ0ssR0FBRyxDQUFDLFVBQVUsQ0FBQyxJQUFJLEtBQ3RCLFVBQVUsSUFDVjtRQUNKLENBQUM7S0FBQTtJQUVELHVIQUF1SDtJQUN2SCx1SEFBdUg7SUFDdkgsNkNBQTZDO0lBQzdDLEVBQUU7SUFDRixrQ0FBa0M7SUFDbEMsRUFBRTtJQUNGLHVFQUF1RTtJQUN2RSxFQUFFO0lBQ0YseUhBQXlIO0lBQ3pILG9JQUFvSTtJQUNwSSxrSUFBa0k7SUFDbEksa0lBQWtJO0lBQ2xJLDJDQUEyQztJQUMzQyx1SEFBdUg7SUFDdkgsdUhBQXVIO0lBQ3pHLFdBQVcsQ0FDdkIsZUFBZ0MsRUFDaEMsVUFBa0I7O1lBRWxCLE1BQU0sV0FBVyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO1lBRTNFLEtBQUssTUFBTSxJQUFJLElBQUksZUFBZSxDQUFDLEtBQUssRUFBRTtnQkFDeEMsTUFBTSxPQUFPLEdBQUcsQ0FDZCxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxpQkFDakMsUUFBUSxFQUFFLFVBQVUsSUFDakIsSUFBSSxDQUFDLGFBQWEsRUFDckIsQ0FDSCxDQUFDLEdBQUcsQ0FBQztnQkFFTixvREFBb0Q7Z0JBQ3BELElBQUk7b0JBQ0YsTUFBTSxlQUFlLEdBQUcsQ0FBQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzNELE9BQU8sRUFDUCxJQUFJLENBQUMsc0JBQXNCLENBQzVCLENBQVEsQ0FBQztvQkFFVix5QkFBeUI7b0JBQ3pCLG1FQUFtRTtvQkFFbkUsTUFBTSxXQUFXLEdBQUcsZUFBZSxDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUM7b0JBRTFELE1BQU0sZUFBZSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FDdkQsZUFBZSxFQUNmO3dCQUNFLFdBQVc7d0JBQ1gsV0FBVztxQkFDWixDQUNGLENBQUM7b0JBRUYsT0FBTzt3QkFDTCxJQUFJO3dCQUNKLGVBQWU7d0JBQ2YsT0FBTztxQkFDUixDQUFDO2lCQUNIO2dCQUFDLE9BQU8sS0FBSyxFQUFFO29CQUNkLFNBQVM7aUJBQ1Y7YUFDRjtZQUNELE1BQU0sSUFBSSxXQUFXLENBQUM7Z0JBQ3BCLE1BQU0sRUFBRSxNQUFNO2dCQUNkLElBQUksRUFBRSxvQkFBb0I7Z0JBQzFCLE9BQU8sRUFBRSxxQkFBcUI7YUFDL0IsQ0FBQyxDQUFDO1FBQ0wsQ0FBQztLQUFBO0lBRVksYUFBYSxDQUN4QixNQUEyQjs7WUFFM0IsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLElBQUk7aUJBQ2xCLElBQUksQ0FDSCxHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxrQ0FBa0MsRUFDeEQsTUFBTSxDQUNQO2lCQUNBLFNBQVMsRUFBRSxDQUFDO1lBRWYsaUNBQWlDO1lBQ2pDLG1FQUFtRTtZQUVuRSxPQUFPLEdBQUcsQ0FBQztRQUNiLENBQUM7S0FBQTtJQUVZLGNBQWMsQ0FDekIsTUFBNEI7O1lBRTVCLE9BQU8sSUFBSSxDQUFDLElBQUk7aUJBQ2IsSUFBSSxDQUF1QixHQUFHLElBQUksQ0FBQyxNQUFNLENBQUMsT0FBTyxlQUFlLEVBQUU7Z0JBQ2pFLFFBQVEsRUFBRSxNQUFNLENBQUMsT0FBTztnQkFDeEIsTUFBTSxFQUFFLE1BQU0sQ0FBQyxLQUFLO2FBQ3JCLENBQUM7aUJBQ0QsU0FBUyxFQUFFLENBQUM7WUFFZixpQ0FBaUM7WUFDakMsMkhBQTJIO1FBQzdILENBQUM7S0FBQTtJQUVZLE1BQU0sQ0FBQyxNQUFvQjs7WUFDdEMsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSTtpQkFDcEMsSUFBSSxDQUNILEdBQUcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLGlDQUFpQyxFQUN2RDtnQkFDRSxPQUFPLEVBQUUsTUFBTSxDQUFDLE9BQU87Z0JBQ3ZCLFVBQVUsRUFBRSxNQUFNLENBQUMsVUFBVTthQUM5QixDQUNGO2lCQUNBLFNBQVMsRUFBRSxDQUFDO1lBRWYsaUNBQWlDO1lBQ2pDLDJIQUEySDtZQUMzSCxNQUFNLEVBQUUsZUFBZSxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLENBQy9ELGVBQWUsRUFDZixNQUFNLENBQUMsSUFBSSxDQUNaLENBQUM7WUFFRixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJO2lCQUN4QixJQUFJLENBQU0sR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sb0NBQW9DLEVBQUU7Z0JBQ3JFLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTTtnQkFDbkIsZUFBZTthQUNoQixDQUFDO2lCQUNELFNBQVMsRUFBRSxDQUFDO1lBRWYsaUNBQWlDO1lBQ2pDLGlEQUFpRDtZQUVqRCxPQUFPO2dCQUNMLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTTtnQkFDbkIsYUFBYSxFQUFFLEdBQUcsQ0FBQyxhQUFhO2dCQUNoQyxXQUFXLEVBQUUsR0FBRyxDQUFDLFdBQVc7Z0JBQzVCLFNBQVMsRUFBRSxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQ3hCLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsR0FBRyxDQUFDLGdCQUFnQixDQUFDLENBQ3BFO2FBQ0YsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVZLFdBQVcsQ0FBQyxNQUF5Qjs7WUFDaEQseUNBQXlDO1lBQ3pDLE1BQU0sYUFBYSxHQUFHLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxtQkFBbUIsQ0FDbEUsTUFBTSxDQUFDLFdBQVcsQ0FDbkIsQ0FBQztZQUVGLHFDQUFxQztZQUNyQyxNQUFNLG1CQUFtQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDOUQsYUFBYSxDQUFDLE9BQU8sRUFDckIsTUFBTSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQzlCLENBQUM7WUFFRixNQUFNLE1BQU0sR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJO2lCQUMzQixJQUFJLENBQ0gsR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sZ0NBQWdDLEVBQ3REO2dCQUNFLE1BQU0sRUFBRSxNQUFNLENBQUMsTUFBTTtnQkFDckIsYUFBYSxFQUFFLE1BQU0sQ0FBQyxhQUFhO2dCQUNuQyxXQUFXLEVBQUUsTUFBTSxDQUFDLFdBQVc7Z0JBQy9CLG1CQUFtQjtnQkFDbkIsVUFBVSxFQUFFO29CQUNWLGFBQWEsRUFBRSxhQUFhLENBQUMsYUFBYTtvQkFDMUMsYUFBYSxFQUFFLGFBQWEsQ0FBQyxhQUFhO29CQUMxQyxrQkFBa0IsRUFBRSxhQUFhLENBQUMsZUFBZSxDQUFDLE1BQU0sRUFBRTtvQkFDMUQseUJBQXlCLEVBQUUsYUFBYSxDQUFDLHlCQUF5QjtpQkFDbkU7YUFDRixDQUNGO2lCQUNBLFNBQVMsRUFBRSxDQUFDO1lBRWYsaUNBQWlDO1lBQ2pDLHVGQUF1RjtZQUN2Rix1RkFBdUY7WUFDdkYscURBQXFEO1lBRXJELCtFQUErRTtZQUMvRSxpQ0FBaUM7WUFDakMsSUFBSSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsUUFBUSxFQUFFLE1BQU0sQ0FBQyxXQUFXLEVBQUU7Z0JBQ3JFLE9BQU8sRUFBRSxNQUFNO2FBQ2hCLENBQUMsQ0FBQztZQUVILElBQUksSUFBSSxDQUFDLGFBQWEsS0FBSyx1QkFBdUIsRUFBRTtnQkFDbEQsTUFBTSxJQUFJLFdBQVcsQ0FBQztvQkFDcEIsT0FBTyxFQUNMLGtFQUFrRTtpQkFDckUsQ0FBQyxDQUFDO2FBQ0o7WUFFRCxpQ0FBaUM7WUFDakMsc0RBQXNEO1lBRXRELDBCQUEwQjtZQUMxQixJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsSUFBSSxDQUFDLG1CQUFtQixDQUN4QyxJQUFJLEVBQ0osSUFBSSxDQUFDLGVBQWUsQ0FBQyxnQkFBZ0IsQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLEVBQzVELEVBQUUsQ0FDSCxDQUFDO1lBRUYsaUNBQWlDO1lBQ2pDLHNEQUFzRDtZQUV0RCxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLENBQUM7WUFFMUIsT0FBTyxNQUFNLElBQUksQ0FBQyxJQUFJO2lCQUNuQixJQUFJLENBQU0sR0FBRyxJQUFJLENBQUMsTUFBTSxDQUFDLE9BQU8sNEJBQTRCLEVBQUU7Z0JBQzdELE1BQU0sRUFBRSxNQUFNLENBQUMsTUFBTTtnQkFDckIsZ0JBQWdCLEVBQUUsTUFBTSxDQUFDLGdCQUFnQjthQUMxQyxDQUFDO2lCQUNELFNBQVMsRUFBRSxDQUFDO1FBQ2pCLENBQUM7S0FBQTs7OztZQTNYRixVQUFVLFNBQUM7Z0JBQ1YsVUFBVSxFQUFFLE1BQU07YUFDbkI7Ozs0Q0FPSSxNQUFNLFNBQUMsU0FBUztZQXRLWixVQUFVO1lBRFYsZUFBZTtZQUdmLFNBQVM7WUFZVCxvQkFBb0I7WUFHQyxHQUFHO1lBVnhCLFVBQVU7WUFGVixpQkFBaUI7WUFDakIsZUFBZTtZQVNmLGVBQWUiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBMckFwb2xsb1NlcnZpY2UgfSBmcm9tICcuLi9hcGkvbHItYXBvbGxvLnNlcnZpY2UnO1xuaW1wb3J0IHsgSHR0cENsaWVudCB9IGZyb20gJ0Bhbmd1bGFyL2NvbW1vbi9odHRwJztcbmltcG9ydCB7IEluamVjdCwgSW5qZWN0YWJsZSB9IGZyb20gJ0Bhbmd1bGFyL2NvcmUnO1xuaW1wb3J0IHsgQXV0aENsYXNzIH0gZnJvbSAnQGF3cy1hbXBsaWZ5L2F1dGgvbGliLWVzbS9BdXRoJztcbmltcG9ydCBncWwgZnJvbSAnZ3JhcGhxbC10YWcnO1xuaW1wb3J0IHsgSldLIH0gZnJvbSAnbm9kZS1qb3NlJztcbmltcG9ydCB7IEVuY3J5cHRpb25TZXJ2aWNlIH0gZnJvbSAnLi4vY3J5cHRvZ3JhcGh5L2VuY3J5cHRpb24uc2VydmljZSc7XG5pbXBvcnQgeyBLZXlHcmFwaFNlcnZpY2UgfSBmcm9tICcuLi9jcnlwdG9ncmFwaHkva2V5LWdyYXBoLnNlcnZpY2UnO1xuaW1wb3J0IHsgS2V5U2VydmljZSB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXkuc2VydmljZSc7XG5pbXBvcnQgeyBMaWZlUmVhZHlDb25maWcsIExSX0NPTkZJRyB9IGZyb20gJy4uL2xpZmUtcmVhZHkuY29uZmlnJztcbmltcG9ydCB7XG4gIExyRXhjZXB0aW9uLFxuICBMckVycm9yQ29kZSxcbiAgTHJCYWRMb2dpY0V4Y2VwdGlvbixcbn0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcbmltcG9ydCB7IExpZmVSZWFkeUF1dGhTZXJ2aWNlIH0gZnJvbSAnLi9saWZlLXJlYWR5LWF1dGguc2VydmljZSc7XG5pbXBvcnQgeyBQYXNzd29yZFNlcnZpY2UgfSBmcm9tICcuL3Bhc3N3b3JkLnNlcnZpY2UnO1xuaW1wb3J0IHsgU2xpcDM5SGVscGVyIH0gZnJvbSAnc2xpcDM5JztcbmltcG9ydCB7IEtleUZhY3RvcnlTZXJ2aWNlIGFzIEtGUyB9IGZyb20gJy4uL2NyeXB0b2dyYXBoeS9rZXktZmFjdG9yeS5zZXJ2aWNlJztcblxuaW50ZXJmYWNlIFNldFBhc3N3b3JkQXBpUmVzdWx0IHtcbiAgdXNlcm5hbWU6IHN0cmluZztcbiAgaWRwUGFzc3dvcmQ6IHN0cmluZztcbiAgc2V0UGFzc3dvcmRUb2tlbjogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFNldFBhc3N3b3JkUGFyYW1zIHtcbiAgbGJvcElkOiBzdHJpbmc7XG4gIG5ld1Bhc3N3b3JkOiBzdHJpbmc7XG4gIHZlcmlmaWVkVG9rZW46IHN0cmluZztcbiAgbWFzdGVyS2V5SWQ6IHN0cmluZztcbiAgbWFzdGVyS2V5OiBKV0suS2V5O1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFZlcmlmeUNvbnRhY3RQYXJhbXMge1xuICBlbWFpbD86IHN0cmluZztcbiAgcGhvbmU/OiBzdHJpbmc7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgVmVyaWZ5Q29udGFjdFJlc3VsdCB7XG4gIC8vIFRoZSBjbGFpbV9pZCBpZGVudGlmaWVzIHRoZSBFbWFpbC9TTVMgY29uZmlybWF0aW9uXG4gIGNsYWltSWQ6IHN0cmluZztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBDb25maXJtQ29udGFjdFBhcmFtcyB7XG4gIGNsYWltSWQ6IHN0cmluZztcbiAgdkNvZGU6IHN0cmluZztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBDb25maXJtQ29udGFjdFJlc3VsdCB7XG4gIC8vIFRoZSB0b2tlbiB0byBwcm92ZSB0aGUgY2xpZW50IGhhZCB0aGUgY29ycmVjdCBjb25maXJtYXRpb24gY29kZS5cbiAgdG9rZW46IHN0cmluZztcbn1cblxuZXhwb3J0IGludGVyZmFjZSBWZXJpZnlQYXJhbXMge1xuICBjbGFpbUlkOiBzdHJpbmc7XG4gIGNsYWltVG9rZW46IHN0cmluZztcbiAgbGJvcDogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIFZlcmlmeVJlc3VsdCB7XG4gIC8vIHVzZXJJZDogc3RyaW5nO1xuICBsYm9wSWQ6IHN0cmluZztcbiAgdmVyaWZpZWRUb2tlbjogc3RyaW5nO1xuICBtYXN0ZXJLZXlJZDogc3RyaW5nO1xuICBtYXN0ZXJLZXk6IEpXSy5LZXk7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ2hhbGxlbmdlUmVzdWx0IHtcbiAgY2hhbGxlbmdlOiBhbnk7XG4gIGxib3BzOiBhbnk7XG4gIC8vIHVzZXJJZDogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIExib3Age1xuICBpZDogc3RyaW5nO1xuICBwYXJ0aWFsPzogc3RyaW5nO1xuICBuYW1lPzogc3RyaW5nO1xuICBsYm9wU3RyaW5nPzogc3RyaW5nO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIENyZWF0ZUxib3BQYXJhbXMge1xuICBuYW1lPzogc3RyaW5nO1xufVxuXG5pbnRlcmZhY2UgQ3JlYXRlTGJvcFF1ZXJ5IHtcbiAgY3JlYXRlTGJvcDoge1xuICAgIGxib3A6IExib3A7XG4gIH07XG59XG5cbmV4cG9ydCBjb25zdCBDcmVhdGVMYm9wUXVlcnkgPSBncWxgXG4gIG11dGF0aW9uIENyZWF0ZUxib3AoJGlucHV0OiBDcmVhdGVMYm9wSW5wdXQhKSB7XG4gICAgY3JlYXRlTGJvcChpbnB1dDogJGlucHV0KSB7XG4gICAgICBsYm9wIHtcbiAgICAgICAgaWRcbiAgICAgIH1cbiAgICB9XG4gIH1cbmA7XG5cbmludGVyZmFjZSBEZWxldGVMYm9wUXVlcnkge1xuICBkZWxldGVMYm9wOiBMYm9wO1xufVxuXG5leHBvcnQgY29uc3QgRGVsZXRlTGJvcFF1ZXJ5ID0gZ3FsYFxuICBtdXRhdGlvbiBEZWxldGVMYm9wKCRpbnB1dDogRGVsZXRlTGJvcElucHV0ISkge1xuICAgIGRlbGV0ZUxib3AoaW5wdXQ6ICRpbnB1dCkge1xuICAgICAgaWRcbiAgICB9XG4gIH1cbmA7XG5cbmV4cG9ydCBpbnRlcmZhY2UgVXBkYXRlTGJvcFBhcmFtcyB7XG4gIGlkOiBzdHJpbmc7XG4gIG5hbWU6IHN0cmluZztcbn1cblxuaW50ZXJmYWNlIFVwZGF0ZUxib3BRdWVyeSB7XG4gIHVwZGF0ZUxib3A6IExib3A7XG59XG5cbmV4cG9ydCBjb25zdCBVcGRhdGVMYm9wUXVlcnkgPSBncWxgXG4gIG11dGF0aW9uIFVwZGF0ZUxib3AoJGlucHV0OiBVcGRhdGVMYm9wSW5wdXQhKSB7XG4gICAgdXBkYXRlTGJvcChpbnB1dDogJGlucHV0KSB7XG4gICAgICBsYm9wIHtcbiAgICAgICAgaWRcbiAgICAgIH1cbiAgICB9XG4gIH1cbmA7XG5cbmV4cG9ydCBjb25zdCBMYm9wUXVlcnkgPSBncWxgXG4gIHF1ZXJ5IExib3AoJGlkOiBMclJlbGF5SWRJbnB1dCEpIHtcbiAgICBsYm9wKGlkOiAkaWQpIHtcbiAgICAgIGlkXG4gICAgICBjaXBoZXJNZXRhXG4gICAgfVxuICB9XG5gO1xuXG5pbnRlcmZhY2UgTGJvcHNRdWVyeSB7XG4gIGxib3BzOiBhbnk7XG59XG5cbmV4cG9ydCBjb25zdCBMYm9wc1F1ZXJ5ID0gZ3FsYFxuICBxdWVyeSBMYm9wcyB7XG4gICAgbGJvcHMge1xuICAgICAgZWRnZXMge1xuICAgICAgICBub2RlIHtcbiAgICAgICAgICBpZFxuICAgICAgICAgIGNpcGhlck1ldGFcbiAgICAgICAgfVxuICAgICAgfVxuICAgIH1cbiAgfVxuYDtcblxuQEluamVjdGFibGUoe1xuICBwcm92aWRlZEluOiAncm9vdCcsXG59KVxuZXhwb3J0IGNsYXNzIExib3BTZXJ2aWNlIHtcbiAgcHJpdmF0ZSByZWFkb25seSBDTElFTlRfTk9OQ0VfTEVOR1RIID0gMzI7XG4gIC8vIFRoZXJlIGFyZSAxMDI0IHdvcmRzICgxMCBiaXRzKSwgc28gMjUgd29yZHMgc2hvdWxkIGdpdmUgfjI1NiBiaXRzIG9mIGVudHJvcHkuXG4gIHByaXZhdGUgcmVhZG9ubHkgTEJPUF9XT1JEUyA9IDI1O1xuXG4gIGNvbnN0cnVjdG9yKFxuICAgIEBJbmplY3QoTFJfQ09ORklHKSBwcml2YXRlIGNvbmZpZzogTGlmZVJlYWR5Q29uZmlnLFxuICAgIHByaXZhdGUgaHR0cDogSHR0cENsaWVudCxcbiAgICBwcml2YXRlIGxyQXBvbGxvOiBMckFwb2xsb1NlcnZpY2UsXG4gICAgcHJpdmF0ZSBhdXRoOiBBdXRoQ2xhc3MsXG4gICAgcHJpdmF0ZSBhdXRoU2VydmljZTogTGlmZVJlYWR5QXV0aFNlcnZpY2UsXG4gICAgcHJpdmF0ZSBrZXlGYWN0b3J5OiBLRlMsXG4gICAgcHJpdmF0ZSBrZXlTZXJ2aWNlOiBLZXlTZXJ2aWNlLFxuICAgIHByaXZhdGUgZW5jcnlwdGlvblNlcnZpY2U6IEVuY3J5cHRpb25TZXJ2aWNlLFxuICAgIHByaXZhdGUga2V5R3JhcGg6IEtleUdyYXBoU2VydmljZSxcbiAgICBwcml2YXRlIHBhc3N3b3JkU2VydmljZTogUGFzc3dvcmRTZXJ2aWNlXG4gICkge31cblxuICBwcml2YXRlIGdldFBhcnRpYWwobGJvcFN0cmluZzogc3RyaW5nKTogc3RyaW5nIHtcbiAgICByZXR1cm4gbGJvcFN0cmluZy5zcGxpdCgnICcpWzBdO1xuICB9XG5cbiAgcHVibGljIGFzeW5jIHJlbW92ZShpZDogc3RyaW5nKTogUHJvbWlzZTxzdHJpbmc+IHtcbiAgICBjb25zdCByZXMgPSBhd2FpdCB0aGlzLmxyQXBvbGxvLm11dGF0ZTxhbnk+KHtcbiAgICAgIG11dGF0aW9uOiBEZWxldGVMYm9wUXVlcnksXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBpZCxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG5cbiAgICByZXR1cm4gcmVzLmRlbGV0ZUxib3AuaWQ7XG4gIH1cblxuICBwdWJsaWMgYXN5bmMgdXBkYXRlKHsgaWQsIG5hbWUgfTogVXBkYXRlTGJvcFBhcmFtcyk6IFByb21pc2U8TGJvcD4ge1xuICAgIGNvbnN0IGxib3AgPSBhd2FpdCB0aGlzLmdldChpZCk7XG4gICAgbGJvcC5uYW1lID0gbmFtZTtcblxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5U2VydmljZS5nZXRDdXJyZW50TWFzdGVyS2V5KCk7XG4gICAgY29uc3QgY2lwaGVyTWV0YSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIG1hc3RlcktleS5qd2ssXG4gICAgICBsYm9wXG4gICAgKTtcblxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMubHJBcG9sbG8ubXV0YXRlPFVwZGF0ZUxib3BRdWVyeT4oe1xuICAgICAgbXV0YXRpb246IFVwZGF0ZUxib3BRdWVyeSxcbiAgICAgIHZhcmlhYmxlczoge1xuICAgICAgICBpbnB1dDoge1xuICAgICAgICAgIGlkLFxuICAgICAgICAgIGNpcGhlck1ldGE6IEpTT04uc3RyaW5naWZ5KGNpcGhlck1ldGEpLFxuICAgICAgICB9LFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIHJldHVybiByZXMudXBkYXRlTGJvcDtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBnZXQoaWQ6IHN0cmluZyk6IFByb21pc2U8TGJvcD4ge1xuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMubHJBcG9sbG8ucXVlcnk8YW55Pih7XG4gICAgICBxdWVyeTogTGJvcFF1ZXJ5LFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlkLFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5U2VydmljZS5nZXRDdXJyZW50TWFzdGVyS2V5KCk7XG5cbiAgICBjb25zdCBwbGFpbkNpcGhlck1ldGEgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXG4gICAgICBtYXN0ZXJLZXkuandrLFxuICAgICAgSlNPTi5wYXJzZShyZXMubGJvcC5jaXBoZXJNZXRhKVxuICAgICk7XG5cbiAgICByZXR1cm4ge1xuICAgICAgaWQ6IHJlcy5pZCxcbiAgICAgIC4uLnBsYWluQ2lwaGVyTWV0YSxcbiAgICB9O1xuICB9XG5cbiAgcHVibGljIGFzeW5jIGxpc3QoKTogUHJvbWlzZTxMYm9wW10+IHtcbiAgICBjb25zdCByZXMgPSBhd2FpdCB0aGlzLmxyQXBvbGxvLnF1ZXJ5PExib3BzUXVlcnk+KHtcbiAgICAgIHF1ZXJ5OiBMYm9wc1F1ZXJ5LFxuICAgIH0pO1xuXG4gICAgY29uc3QgbWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmdldEN1cnJlbnRNYXN0ZXJLZXkoKTtcblxuICAgIHJldHVybiBQcm9taXNlLmFsbChcbiAgICAgIHJlcy5sYm9wcy5lZGdlcy5tYXAoYXN5bmMgKGVkZ2UpID0+IHtcbiAgICAgICAgY29uc3QgcGxhaW5DaXBoZXJNZXRhID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICAgIG1hc3RlcktleS5qd2ssXG4gICAgICAgICAgSlNPTi5wYXJzZShlZGdlLm5vZGUuY2lwaGVyTWV0YSlcbiAgICAgICAgKTtcbiAgICAgICAgcmV0dXJuIHtcbiAgICAgICAgICBpZDogZWRnZS5ub2RlLmlkLFxuICAgICAgICAgIC4uLnBsYWluQ2lwaGVyTWV0YSxcbiAgICAgICAgfTtcbiAgICAgIH0pXG4gICAgKTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBjcmVhdGUoeyBuYW1lIH06IENyZWF0ZUxib3BQYXJhbXMpOiBQcm9taXNlPExib3A+IHtcbiAgICBpZiAoU2xpcDM5SGVscGVyLldPUkRfTElTVC5sZW5ndGggIT09IDEwMjQpIHtcbiAgICAgIHRocm93IG5ldyBMckJhZExvZ2ljRXhjZXB0aW9uKCdTbGlwMzlIZWxwZXIuV09SRF9MSVNULmxlbmd0aCAhPSAxMDI0Jyk7XG4gICAgfVxuXG4gICAgLy8gR2V0IGV4aXN0aW5nIHRvIG1ha2Ugc3VyZSB0aGVyZSBhcmUgbm90IGR1cGxpY2F0ZSBmaXJzdCB3b3Jkc1xuICAgIGNvbnN0IGxib3BzID0gYXdhaXQgdGhpcy5saXN0KCk7XG5cbiAgICAvLyBHZW5lcmF0ZSBuZXcgb25lXG4gICAgbGV0IGxib3BTdHJpbmc7XG4gICAgd2hpbGUgKHRydWUpIHtcbiAgICAgIGxib3BTdHJpbmcgPSB0aGlzLmtleUZhY3RvcnlcbiAgICAgICAgLnJhbmRvbUNob2ljZXMoU2xpcDM5SGVscGVyLldPUkRfTElTVCwgdGhpcy5MQk9QX1dPUkRTKVxuICAgICAgICAuam9pbignICcpO1xuICAgICAgY29uc3QgcGFydGlhbCA9IHRoaXMuZ2V0UGFydGlhbChsYm9wU3RyaW5nKTtcblxuICAgICAgaWYgKCFsYm9wcy5zb21lKChsYm9wKSA9PiBsYm9wLnBhcnRpYWwgPT09IHBhcnRpYWwpKSB7XG4gICAgICAgIGJyZWFrO1xuICAgICAgfVxuICAgIH1cblxuICAgIGNvbnN0IGxib3BLZXlQYXJhbXMgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlTGJvcEtleVBhcmFtcygpO1xuICAgIGNvbnN0IGxib3BLZXkgPSAoXG4gICAgICBhd2FpdCB0aGlzLmtleUZhY3RvcnkuZGVyaXZlTGJvcEtleSh7XG4gICAgICAgIHBhc3N3b3JkOiBsYm9wU3RyaW5nLFxuICAgICAgICAuLi5sYm9wS2V5UGFyYW1zLFxuICAgICAgfSlcbiAgICApLmp3aztcblxuICAgIGNvbnN0IGxib3BLZXlWZXJpZmllciA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVTaWduS2V5KCk7XG4gICAgY29uc3Qgd3JhcHBlZExib3BLZXlWZXJpZmllciA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIGxib3BLZXksXG4gICAgICBsYm9wS2V5VmVyaWZpZXIudG9KU09OKHRydWUpXG4gICAgKTtcblxuICAgIC8vIFJlLWVuY3J5cHQgbWFzdGVyIGtleSB3aXRoIG5ldyBrZXlcbiAgICBjb25zdCBjdXJyZW50VXNlciA9IGF3YWl0IHRoaXMuYXV0aFNlcnZpY2UuZ2V0VXNlcigpO1xuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5R3JhcGguZ2V0S2V5KFxuICAgICAgY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkubWFzdGVyS2V5LmlkXG4gICAgKTtcbiAgICBjb25zdCB3cmFwcGVkTWFzdGVyS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgbGJvcEtleSxcbiAgICAgIG1hc3RlcktleS5qd2sudG9KU09OKHRydWUpXG4gICAgKTtcblxuICAgIGNvbnN0IG1ldGEgPSB7XG4gICAgICAuLi4obmFtZSAmJiB7IG5hbWUgfSksXG4gICAgICBwYXJ0aWFsOiB0aGlzLmdldFBhcnRpYWwobGJvcFN0cmluZyksXG4gICAgfTtcbiAgICBjb25zdCBjaXBoZXJNZXRhID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgbWFzdGVyS2V5Lmp3ayxcbiAgICAgIG1ldGFcbiAgICApO1xuXG4gICAgY29uc3QgcmVzID0gYXdhaXQgdGhpcy5sckFwb2xsby5tdXRhdGU8Q3JlYXRlTGJvcFF1ZXJ5Pih7XG4gICAgICBtdXRhdGlvbjogQ3JlYXRlTGJvcFF1ZXJ5LFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlucHV0OiB7XG4gICAgICAgICAgY2lwaGVyTWV0YTogSlNPTi5zdHJpbmdpZnkoY2lwaGVyTWV0YSksXG4gICAgICAgICAgbGJvcEtleVBhcmFtczogSlNPTi5zdHJpbmdpZnkobGJvcEtleVBhcmFtcyksXG4gICAgICAgICAgbGJvcEtleVZlcmlmaWVyOiBKU09OLnN0cmluZ2lmeShsYm9wS2V5VmVyaWZpZXIudG9KU09OKHRydWUpKSxcbiAgICAgICAgICB3cmFwcGVkTGJvcEtleVZlcmlmaWVyOiBKU09OLnN0cmluZ2lmeSh3cmFwcGVkTGJvcEtleVZlcmlmaWVyKSxcbiAgICAgICAgICBtYXN0ZXJLZXlJZDogY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkubWFzdGVyS2V5LmlkLFxuICAgICAgICAgIHdyYXBwZWRNYXN0ZXJLZXk6IEpTT04uc3RyaW5naWZ5KHdyYXBwZWRNYXN0ZXJLZXkpLFxuICAgICAgICB9LFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIHJldHVybiB7XG4gICAgICAuLi5yZXMuY3JlYXRlTGJvcC5sYm9wLFxuICAgICAgbGJvcFN0cmluZyxcbiAgICB9O1xuICB9XG5cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgLy8gRmxvdyBiZWxvdyBhcmUgZm9yIHBhc3N3b3JkIHJlc2V0IHZpYSBMQk9QXG4gIC8vXG4gIC8vIC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgeHh4LS1cbiAgLy9cbiAgLy8gTG9vayBmb3IgdGhlIGFib3ZlIGFuZCB5b3UgY2FuIHRlc3QgYnkgaW50ZXJydXB0aW5nIGF0IHRoZXNlIHBvaW50cy5cbiAgLy9cbiAgLy8gVGhlIExCT1AgcmVzZXQgcHJvY2VzcyBjYW4gYmUgcmVzdGFydGVkIGF0IGFueSBwb2ludCBiZWZvcmUgdGhlIGNhbGwgdG8gXCJzZXQtcGFzc3dvcmQvXCIuIE9uY2UgXCJzZXQtcGFzc3dvcmQvXCIgaGFzIGJlZW5cbiAgLy8gY2FsbGVkLCB3ZSBhc3N1bWUgdGhlIGNsaWVudCBoYXMgYSBzaG9ydCBwZXJpb2Qgb2YgdGltZSB0byBjaGFuZ2UgdGhlIElkcCBwYXNzd29yZCB0byB0aGUgb25lIHRoZXkndmUgY2hvc2VuLiBUaGUgXCJzZXQtcGFzc3dvcmQvXCJcbiAgLy8gd2lsbCBzZXQgdGhlIElkcCBwYXNzd29yZCB0byBhIHRlbXBvcmFyeSByYW5kb20gcGFzc3dvcmQuIFRoZSB1c2VyIGNhbiBubyBsb25nZXIgbG9naW4gdXNpbmcgdGhlaXIgY3VycmVudCBwYXNzd29yZC4gSWYgdGhlIElkcFxuICAvLyBwYXNzd29yZCBjaGFuZ2UgcHJvY2VzcyBkb2VzIG5vdCBjb21wbGV0ZSBvciB0YWtlcyBsb25nZXIgdGhhbiB0aGUgbG9ja291dCBwZXJpb2QsIHRoZSBhY2NvdW50IHdpbGwgbm90IGJlIGFjY2Vzc2libGUgYW5kIGEgbmV3XG4gIC8vIExCT1AgcGFzc3dvcmQgcmVzZXQgbXVzdCBiZSBjYXJyaWVkIG91dC5cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgcHJpdmF0ZSBhc3luYyB2ZXJpZnlMYm9wcyhcbiAgICBjaGFsbGVuZ2VSZXN1bHQ6IENoYWxsZW5nZVJlc3VsdCxcbiAgICBsYm9wU3RyaW5nOiBzdHJpbmdcbiAgKTogUHJvbWlzZTx7IGxib3A6IGFueTsgc2lnbmVkQ2hhbGxlbmdlOiBhbnk7IGxib3BLZXk6IEpXSy5LZXkgfT4ge1xuICAgIGNvbnN0IGNsaWVudE5vbmNlID0gdGhpcy5rZXlGYWN0b3J5LnJhbmRvbVN0cmluZyh0aGlzLkNMSUVOVF9OT05DRV9MRU5HVEgpO1xuXG4gICAgZm9yIChjb25zdCBsYm9wIG9mIGNoYWxsZW5nZVJlc3VsdC5sYm9wcykge1xuICAgICAgY29uc3QgbGJvcEtleSA9IChcbiAgICAgICAgYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmRlcml2ZUxib3BLZXkoe1xuICAgICAgICAgIHBhc3N3b3JkOiBsYm9wU3RyaW5nLFxuICAgICAgICAgIC4uLmxib3AubGJvcEtleVBhcmFtcyxcbiAgICAgICAgfSlcbiAgICAgICkuandrO1xuXG4gICAgICAvLyBJZiBkZWNvZGluZyBzdWNjZXNzZnVsIHRoZW4gaXQncyB0aGUgY29ycmVjdCBsYm9wXG4gICAgICB0cnkge1xuICAgICAgICBjb25zdCBsYm9wS2V5VmVyaWZpZXIgPSAoYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICAgIGxib3BLZXksXG4gICAgICAgICAgbGJvcC53cmFwcGVkTGJvcEtleVZlcmlmaWVyXG4gICAgICAgICkpIGFzIGFueTtcblxuICAgICAgICAvLyBGb3JjZSBhIGJhZCBzaWduYXR1cmUuXG4gICAgICAgIC8vIGNvbnN0IHNlcnZlck5vbmNlID0gY2hhbGxlbmdlUmVzdWx0LmNoYWxsZW5nZS5zZXJ2ZXJOb25jZSArIFwiMVwiLFxuXG4gICAgICAgIGNvbnN0IHNlcnZlck5vbmNlID0gY2hhbGxlbmdlUmVzdWx0LmNoYWxsZW5nZS5zZXJ2ZXJOb25jZTtcblxuICAgICAgICBjb25zdCBzaWduZWRDaGFsbGVuZ2UgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICAgICAgbGJvcEtleVZlcmlmaWVyLFxuICAgICAgICAgIHtcbiAgICAgICAgICAgIHNlcnZlck5vbmNlLFxuICAgICAgICAgICAgY2xpZW50Tm9uY2UsXG4gICAgICAgICAgfVxuICAgICAgICApO1xuXG4gICAgICAgIHJldHVybiB7XG4gICAgICAgICAgbGJvcCxcbiAgICAgICAgICBzaWduZWRDaGFsbGVuZ2UsXG4gICAgICAgICAgbGJvcEtleSxcbiAgICAgICAgfTtcbiAgICAgIH0gY2F0Y2ggKGVycm9yKSB7XG4gICAgICAgIGNvbnRpbnVlO1xuICAgICAgfVxuICAgIH1cbiAgICB0aHJvdyBuZXcgTHJFeGNlcHRpb24oe1xuICAgICAgc291cmNlOiAnTEJPUCcsXG4gICAgICBjb2RlOiAnSU5WQUxJRF9QQVNTUEhSQVNFJyxcbiAgICAgIG1lc3NhZ2U6ICdJbnZhbGlkIHBhc3NwaHJhc2UuJyxcbiAgICB9KTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyB2ZXJpZnlDb250YWN0KFxuICAgIHBhcmFtczogVmVyaWZ5Q29udGFjdFBhcmFtc1xuICApOiBQcm9taXNlPFZlcmlmeUNvbnRhY3RSZXN1bHQ+IHtcbiAgICBjb25zdCByZXQgPSB0aGlzLmh0dHBcbiAgICAgIC5wb3N0PFZlcmlmeUNvbnRhY3RSZXN1bHQ+KFxuICAgICAgICBgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2xib3AtcmVzZXQvdmVyaWZ5LWNvbnRhY3QvYCxcbiAgICAgICAgcGFyYW1zXG4gICAgICApXG4gICAgICAudG9Qcm9taXNlKCk7XG5cbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDEgLS1cbiAgICAvLyBUaGUgY29udGFjdCB2ZXJpZmljYXRpb25zIGFyZSB0aHJvdHRsZWQuIEJ1dCBvdGhlcndpc2UgaGFybWxlc3MuXG5cbiAgICByZXR1cm4gcmV0O1xuICB9XG5cbiAgcHVibGljIGFzeW5jIGNvbmZpcm1Db250YWN0KFxuICAgIHBhcmFtczogQ29uZmlybUNvbnRhY3RQYXJhbXNcbiAgKTogUHJvbWlzZTxDb25maXJtQ29udGFjdFJlc3VsdD4ge1xuICAgIHJldHVybiB0aGlzLmh0dHBcbiAgICAgIC5wb3N0PENvbmZpcm1Db250YWN0UmVzdWx0PihgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfWNvdmUvcmVzcG9uZC9gLCB7XG4gICAgICAgIGNsYWltX2lkOiBwYXJhbXMuY2xhaW1JZCxcbiAgICAgICAgdl9jb2RlOiBwYXJhbXMudkNvZGUsXG4gICAgICB9KVxuICAgICAgLnRvUHJvbWlzZSgpO1xuXG4gICAgLy8gLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludCAyIC0tXG4gICAgLy8gQSB2ZXJpZmllZCBjbGFpbSBmb3IgYSBjb250YWN0IGRvZXMgbm90IHByZXZlbnQgbmV3IG9uZXMgZnJvbSBiZWluZyBnZW5lcmF0ZWQuIFNvIGl0IHNob3VsZCBiZSBmaW5lIHRvIGp1c3Qgc3RhcnQgYWdhaW4uXG4gIH1cblxuICBwdWJsaWMgYXN5bmMgdmVyaWZ5KHBhcmFtczogVmVyaWZ5UGFyYW1zKTogUHJvbWlzZTxWZXJpZnlSZXN1bHQ+IHtcbiAgICBjb25zdCBjaGFsbGVuZ2VSZXN1bHQgPSBhd2FpdCB0aGlzLmh0dHBcbiAgICAgIC5wb3N0PENoYWxsZW5nZVJlc3VsdD4oXG4gICAgICAgIGAke3RoaXMuY29uZmlnLmF1dGhVcmx9dXNlcnMvbGJvcC1yZXNldC9nZXQtY2hhbGxlbmdlL2AsXG4gICAgICAgIHtcbiAgICAgICAgICBjbGFpbUlkOiBwYXJhbXMuY2xhaW1JZCxcbiAgICAgICAgICBjbGFpbVRva2VuOiBwYXJhbXMuY2xhaW1Ub2tlbixcbiAgICAgICAgfVxuICAgICAgKVxuICAgICAgLnRvUHJvbWlzZSgpO1xuXG4gICAgLy8gLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludCAzIC0tXG4gICAgLy8gVGhpcyBkb2VzIG5vdCBsb2NrIGFueXRoaW5nLiBBIHNlY29uZCBjYWxsIHRvIFwiZ2V0LWNoYWxsZW5nZS9cIiB3aWxsIGNyZWF0ZSBhIG5ldyBjaGFsbGVuZ2UgYW1kIGludmFsaWRhdGUgdGhlIGZpcnN0IG9uZS5cbiAgICBjb25zdCB7IHNpZ25lZENoYWxsZW5nZSwgbGJvcCwgbGJvcEtleSB9ID0gYXdhaXQgdGhpcy52ZXJpZnlMYm9wcyhcbiAgICAgIGNoYWxsZW5nZVJlc3VsdCxcbiAgICAgIHBhcmFtcy5sYm9wXG4gICAgKTtcblxuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMuaHR0cFxuICAgICAgLnBvc3Q8YW55PihgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2xib3AtcmVzZXQvdmVyaWZ5LWNoYWxsZW5nZS9gLCB7XG4gICAgICAgIGxib3BJZDogbGJvcC5sYm9wSWQsXG4gICAgICAgIHNpZ25lZENoYWxsZW5nZSxcbiAgICAgIH0pXG4gICAgICAudG9Qcm9taXNlKCk7XG5cbiAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDQgLS1cbiAgICAvLyBUaGlzIGRvZXMgbm90IGxvY2sgYW55dGhpbmcuIFNvIG9rIHRvIHJlc3RhcnQuXG5cbiAgICByZXR1cm4ge1xuICAgICAgbGJvcElkOiBsYm9wLmxib3BJZCxcbiAgICAgIHZlcmlmaWVkVG9rZW46IHJlcy52ZXJpZmllZFRva2VuLFxuICAgICAgbWFzdGVyS2V5SWQ6IHJlcy5tYXN0ZXJLZXlJZCxcbiAgICAgIG1hc3RlcktleTogYXdhaXQgS0ZTLmFzS2V5KFxuICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQobGJvcEtleSwgcmVzLndyYXBwZWRNYXN0ZXJLZXkpXG4gICAgICApLFxuICAgIH07XG4gIH1cblxuICBwdWJsaWMgYXN5bmMgc2V0UGFzc3dvcmQocGFyYW1zOiBTZXRQYXNzd29yZFBhcmFtcyk6IFByb21pc2U8YW55PiB7XG4gICAgLy8gR2VuZXJhdGUgdGhlIG5ldyBwYXNzd29yZCBkZXJpdmVkIGtleXNcbiAgICBjb25zdCBwYXNzS2V5QnVuZGxlID0gYXdhaXQgdGhpcy5wYXNzd29yZFNlcnZpY2UuY3JlYXRlUGFzc0tleUJ1bmRsZShcbiAgICAgIHBhcmFtcy5uZXdQYXNzd29yZFxuICAgICk7XG5cbiAgICAvLyBSZS1lbmNyeXB0IG1hc3RlciBrZXkgd2l0aCBuZXcga2V5XG4gICAgY29uc3QgbmV3V3JhcHBlZE1hc3RlcktleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIHBhc3NLZXlCdW5kbGUucGFzc0tleSxcbiAgICAgIHBhcmFtcy5tYXN0ZXJLZXkudG9KU09OKHRydWUpXG4gICAgKTtcblxuICAgIGNvbnN0IHJlc3VsdCA9IGF3YWl0IHRoaXMuaHR0cFxuICAgICAgLnBvc3Q8U2V0UGFzc3dvcmRBcGlSZXN1bHQ+KFxuICAgICAgICBgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2xib3AtcmVzZXQvc2V0LXBhc3N3b3JkL2AsXG4gICAgICAgIHtcbiAgICAgICAgICBsYm9wSWQ6IHBhcmFtcy5sYm9wSWQsXG4gICAgICAgICAgdmVyaWZpZWRUb2tlbjogcGFyYW1zLnZlcmlmaWVkVG9rZW4sXG4gICAgICAgICAgbWFzdGVyS2V5SWQ6IHBhcmFtcy5tYXN0ZXJLZXlJZCxcbiAgICAgICAgICBuZXdXcmFwcGVkTWFzdGVyS2V5LFxuICAgICAgICAgIG5ld1Bhc3NLZXk6IHtcbiAgICAgICAgICAgIHBhc3NLZXlQYXJhbXM6IHBhc3NLZXlCdW5kbGUucGFzc0tleVBhcmFtcyxcbiAgICAgICAgICAgIHBhc3NJZHBQYXJhbXM6IHBhc3NLZXlCdW5kbGUucGFzc0lkcFBhcmFtcyxcbiAgICAgICAgICAgIHBhc3NJZHBWZXJpZmllclBiazogcGFzc0tleUJ1bmRsZS5wYXNzSWRwVmVyaWZpZXIudG9KU09OKCksXG4gICAgICAgICAgICB3cmFwcGVkUGFzc0lkcFZlcmlmaWVyUHJrOiBwYXNzS2V5QnVuZGxlLndyYXBwZWRQYXNzSWRwVmVyaWZpZXJQcmssXG4gICAgICAgICAgfSxcbiAgICAgICAgfVxuICAgICAgKVxuICAgICAgLnRvUHJvbWlzZSgpO1xuXG4gICAgLy8gLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludCA1IC0tXG4gICAgLy8gQSB0aW1lZCBtdXRleCBpcyBsb2NrZWQuIFRoZSBJZHAgcGFzc3dvcmQgY2hhbmdlIG11c3Qgb2NjdXIgd2l0aGluIGEgcGVyaW9kIG9mIHRpbWUuXG4gICAgLy8gSWYgaW50ZXJydXB0ZWQgaGVyZSwgdGhlIHVzZXIgY2FuIG5vdCBsb2dpbiB3aXRoIHRoZWlyIG9sZCBwYXNzd29yZCBhZ2Fpbi4gVGhleSBtdXN0XG4gICAgLy8gc3RhcnQgdGhlIHdob2xlIExCT1AgcGFzc3dvcmQgcmVzZXQgcHJvY2VzcyBhZ2Fpbi5cblxuICAgIC8vIFRoaXMgY2FsbCB3aWxsIGdvIHRocm91Z2ggdGhlIExSIHByb3h5IHdoaWNoIGlzIE9LIHNpbmNlIHRoZSBMUiBzZXJ2ZXIga25vd3NcbiAgICAvLyB0aGUgdGVtcG9yYXJ5IHBhc3N3b3JkIGFueXdheS5cbiAgICBsZXQgdXNlciA9IGF3YWl0IHRoaXMuYXV0aC5zaWduSW4ocmVzdWx0LnVzZXJuYW1lLCByZXN1bHQuaWRwUGFzc3dvcmQsIHtcbiAgICAgIG5vUHJveHk6ICd0cnVlJyxcbiAgICB9KTtcblxuICAgIGlmICh1c2VyLmNoYWxsZW5nZU5hbWUgIT09ICdORVdfUEFTU1dPUkRfUkVRVUlSRUQnKSB7XG4gICAgICB0aHJvdyBuZXcgTHJFeGNlcHRpb24oe1xuICAgICAgICBtZXNzYWdlOlxuICAgICAgICAgICdJbnRlcm5hbCBlcnJvci4gRXhwZWN0aW5nIENvZ25pdG8gdG8gaGF2ZSBkb25lIGEgcGFzc3dvcmQgcmVzZXQuJyxcbiAgICAgIH0pO1xuICAgIH1cblxuICAgIC8vIC0tUG90ZW50aWFsIEZhaWx1cmUgUG9pbnQgNiAtLVxuICAgIC8vIE11c3QgcmVzdGFydCB0aGUgTEJPUCBwYXNzd29yZCByZXNldCBwcm9jZXNzIGFnYWluLlxuXG4gICAgLy8gU2V0IG5ldyBwYXNzd29yZCBvbiBJZHBcbiAgICB1c2VyID0gYXdhaXQgdGhpcy5hdXRoLmNvbXBsZXRlTmV3UGFzc3dvcmQoXG4gICAgICB1c2VyLFxuICAgICAgdGhpcy5wYXNzd29yZFNlcnZpY2UuZ2V0UGFzc0lkcFN0cmluZyhwYXNzS2V5QnVuZGxlLnBhc3NJZHApLFxuICAgICAge31cbiAgICApO1xuXG4gICAgLy8gLS1Qb3RlbnRpYWwgRmFpbHVyZSBQb2ludCA3IC0tXG4gICAgLy8gTXVzdCByZXN0YXJ0IHRoZSBMQk9QIHBhc3N3b3JkIHJlc2V0IHByb2Nlc3MgYWdhaW4uXG5cbiAgICBhd2FpdCB0aGlzLmF1dGguc2lnbk91dCgpO1xuXG4gICAgcmV0dXJuIGF3YWl0IHRoaXMuaHR0cFxuICAgICAgLnBvc3Q8YW55PihgJHt0aGlzLmNvbmZpZy5hdXRoVXJsfXVzZXJzL2xib3AtcmVzZXQvY29tcGxldGUvYCwge1xuICAgICAgICBsYm9wSWQ6IHBhcmFtcy5sYm9wSWQsXG4gICAgICAgIHNldFBhc3N3b3JkVG9rZW46IHJlc3VsdC5zZXRQYXNzd29yZFRva2VuLFxuICAgICAgfSlcbiAgICAgIC50b1Byb21pc2UoKTtcbiAgfVxufVxuIl19