npm - @lifeready/core - Versions diffs - 5.0.9 → 5.0.11 - Mend

@lifeready/core 5.0.9 → 5.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/bundles/lifeready-core.umd.js +1529 -737
package/bundles/lifeready-core.umd.js.map +1 -1
package/bundles/lifeready-core.umd.min.js +1 -1
package/bundles/lifeready-core.umd.min.js.map +1 -1
package/esm2015/lib/_common/key.js +28 -0
package/esm2015/lib/_common/types.js +1 -1
package/esm2015/lib/api/types/lr-graphql.types.js +1 -1
package/esm2015/lib/auth/auth.types.js +1 -3
package/esm2015/lib/auth/life-ready-auth.service.js +2 -2
package/esm2015/lib/auth2/auth2.gql.private.js +78 -0
package/esm2015/lib/auth2/auth2.service.js +596 -0
package/esm2015/lib/auth2/auth2.types.js +21 -0
package/esm2015/lib/contact-card/contact-card.service.js +3 -3
package/esm2015/lib/contact-card/contact-card2.service.js +3 -3
package/esm2015/lib/item2/item2.service.js +9 -9
package/esm2015/lib/key/key-factory.service.js +1 -1
package/esm2015/lib/key/key-graph.service.js +3 -3
package/esm2015/lib/key/key-meta.service.js +2 -2
package/esm2015/lib/key/key.service.js +7 -7
package/esm2015/lib/key-exchange/key-exchange.service.js +24 -29
package/esm2015/lib/key-exchange/key-exchange2.service.js +16 -17
package/esm2015/lib/lbop/lbop.service.js +13 -14
package/esm2015/lib/profile/profile.service.js +2 -2
package/esm2015/lib/profile/profile.types.js +1 -1
package/esm2015/lib/register/register.service.js +1 -1
package/esm2015/lib/register/register.types.js +3 -0
package/esm2015/lib/server-config/server-config.gql.js +1 -1
package/esm2015/lib/shared-contact-card/shared-contact-card.service.js +3 -3
package/esm2015/lib/shared-contact-card/shared-contact-card2.service.js +2 -2
package/esm2015/lib/tp-assembly/tp-assembly.js +3 -3
package/esm2015/lib/trusted-party/trusted-party2.service.js +4 -4
package/esm2015/public-api.js +4 -1
package/fesm2015/lifeready-core.js +885 -203
package/fesm2015/lifeready-core.js.map +1 -1
package/lib/_common/key.d.ts +14 -0
package/lib/_common/types.d.ts +6 -0
package/lib/api/types/lr-graphql.types.d.ts +1 -0
package/lib/auth/auth.types.d.ts +0 -6
package/lib/auth2/auth2.gql.private.d.ts +12 -0
package/lib/auth2/auth2.service.d.ts +70 -0
package/lib/auth2/auth2.types.d.ts +50 -0
package/lib/item2/item2.service.d.ts +3 -3
package/lib/key/key-factory.service.d.ts +1 -0
package/lib/key/key-graph.service.d.ts +2 -3
package/lib/key/key.service.d.ts +6 -6
package/lib/key-exchange/key-exchange.service.d.ts +3 -5
package/lib/lbop/lbop.service.d.ts +3 -3
package/lib/profile/profile.types.d.ts +2 -2
package/lib/register/register.service.d.ts +1 -1
package/lib/register/register.types.d.ts +6 -0
package/lib/server-config/server-config.gql.d.ts +1 -1
package/lib/server-config/server-config.service.d.ts +1 -1
package/lib/shared-contact-card/shared-contact-card.service.d.ts +2 -2
package/lifeready-core.metadata.json +1 -1
package/package.json +1 -1
package/public-api.d.ts +3 -0

package/esm2015/lib/auth2/auth2.service.js ADDED Viewed

@@ -0,0 +1,596 @@
+var Auth2Service_1;
+import { __awaiter, __decorate } from "tslib";
+import { HttpClient } from '@angular/common/http';
+import { Inject, Injectable, Injector, isDevMode, NgZone } from '@angular/core';
+import { AuthClass } from '@aws-amplify/auth/lib-esm/Auth';
+import { Hub } from '@aws-amplify/core';
+import { JWK } from 'node-jose';
+import { LrGraphQLService, LrMutation, LrService } from '../api/lr-graphql';
+import { TpClaimState } from '../api/types';
+import { SetSessionEncryptionKeyMutation } from '../auth/auth.gql';
+import { EncryptionService } from '../encryption/encryption.service';
+import { IdleService } from '../idle/idle.service';
+import { KeyFactoryService } from '../key/key-factory.service';
+import { KeyGraphService } from '../key/key-graph.service';
+import { KeyService } from '../key/key.service';
+import { KC_CONFIG } from '../life-ready.config';
+import { PasswordService } from '../password/password.service';
+import { PersistService } from '../persist/persist.service';
+import { TP_PASSWORD_RESET_CLIENT_NONCE_LENGTH, TP_PASSWORD_RESET_USERNAME_SUFFIX, } from '../tp-password-reset/tp-password-reset.constants';
+import { TpPasswordResetAssemblyController } from '../tp-password-reset/tp-password-reset.controller';
+import { CompleteTpPasswordResetRequestMutation, CreateTpAssemblyKeyChallengeMutation, PreCompleteTpPasswordResetRequestMutation, } from '../tp-password-reset/tp-password-reset.gql';
+import { KcBadRequestException, KcBadStateException, KcConcurrentAccessException, KcInternalErrorException, } from '../_common/exceptions';
+import { KeyContainer } from '../_common/key';
+import { RunOutsideAngular } from '../_common/run-outside-angular';
+import { CurrentUserQuery, ResetUserQuery, } from './auth2.gql.private';
+import { CognitoChallengeName, PasswordChangeStatus, RecoveryStatus, } from './auth2.types';
+import * as i0 from "@angular/core";
+import * as i1 from "@angular/common/http";
+import * as i2 from "@aws-amplify/auth/lib-esm/Auth";
+import * as i3 from "../api/lr-graphql/lr-graphql.service";
+import * as i4 from "../key/key.service";
+import * as i5 from "../key/key-graph.service";
+import * as i6 from "../key/key-factory.service";
+import * as i7 from "../password/password.service";
+import * as i8 from "../idle/idle.service";
+import * as i9 from "../persist/persist.service";
+import * as i10 from "../encryption/encryption.service";
+import * as i11 from "../tp-password-reset/tp-password-reset.controller";
+import * as i12 from "../life-ready.config";
+let Auth2Service = Auth2Service_1 = class Auth2Service extends LrService {
+    constructor(ngZone, injector, http, cognito, api, keyService, keyGraphService, keyFactoryService, passwordService, idleService, persistService, encryptionService, assemblyController, kcConfig) {
+        super(injector);
+        this.ngZone = ngZone;
+        this.injector = injector;
+        this.http = http;
+        this.cognito = cognito;
+        this.api = api;
+        this.keyService = keyService;
+        this.keyGraphService = keyGraphService;
+        this.keyFactoryService = keyFactoryService;
+        this.passwordService = passwordService;
+        this.idleService = idleService;
+        this.persistService = persistService;
+        this.encryptionService = encryptionService;
+        this.assemblyController = assemblyController;
+        this.kcConfig = kcConfig;
+        // Could use rxjs observables here. But trying to have kc-client use as little angular
+        // features as possible. Rxjs is not used anywhere else in kc-client.
+        this.logoutListeners = new Set();
+        // Stores the password for use after mfa verification to decrypt masterKey.
+        this.password = null;
+        if (!isDevMode()) {
+            if (this.kcConfig.debug != null) {
+                throw new KcBadRequestException('In production mode, "KcConfig.debug" must be set to null');
+            }
+        }
+    }
+    importPassword(plainPassword) {
+        return this.keyFactoryService.importPassword(plainPassword);
+    }
+    logout() {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            // Notify all listeners to clean up.
+            yield Promise.all([...this.logoutListeners].map((callback) => callback()));
+            this.user = null;
+            this.keyService.purgeKeys();
+            this.keyGraphService.purgeKeys();
+            // Sign out on both cognito and kc-server
+            yield Promise.all([this.cognito.signOut(), this.kcLogout()]);
+            if ((_a = this.kcConfig.debug) === null || _a === void 0 ? void 0 : _a.username) {
+                this.kcConfig.debug.username = null;
+            }
+        });
+    }
+    addLogoutListener(callback) {
+        this.logoutListeners.add(callback);
+    }
+    removeLogoutListener(callback) {
+        this.logoutListeners.delete(callback);
+    }
+    login(emailOrPhone, password, { tpPasswordResetAutoComplete = true } = {}) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            let loginResult = yield this.loginImpl(emailOrPhone, password);
+            // Save the password for use after meeting challenge.
+            if (loginResult.challenge) {
+                this.password = new KeyContainer(password, Auth2Service_1.CHALLENGE_TIMEOUT);
+                return loginResult;
+            }
+            if (tpPasswordResetAutoComplete &&
+                ((_a = loginResult.user.resetUser) === null || _a === void 0 ? void 0 : _a.state) === TpClaimState.APPROVED) {
+                yield this.completeResetRequest(password);
+                loginResult = yield this.loginImpl(emailOrPhone, password);
+            }
+            return loginResult;
+        });
+    }
+    verifyLogin(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { challenge, code, rememberMe } = options;
+            const VALID_CHALLENGE_NAMES = [
+                CognitoChallengeName.SMS_MFA,
+                CognitoChallengeName.SOFTWARE_TOKEN_MFA,
+            ];
+            if (!VALID_CHALLENGE_NAMES.includes(challenge.cognitoUser.challengeName)) {
+                throw new KcBadRequestException(`challengeName must be one of ${VALID_CHALLENGE_NAMES}`);
+            }
+            // TODO: this.auth.confirmSignIn() could return another challenge.
+            const cognitoUser = yield this.cognito.confirmSignIn(challenge.cognitoUser, code, challenge.cognitoUser.challengeName);
+            yield this.handlePostAuth(challenge.recoveryStatus);
+            const user = yield this.loadUser(cognitoUser, this.password.pop());
+            // This is not strictly necessary since the this.password.pop() already clears the
+            // password inside the container. But doesn't hurt either.
+            this.password = null;
+            if (rememberMe) {
+                cognitoUser.setDeviceStatusRemembered({
+                    onSuccess: () => {
+                        return;
+                    },
+                    onFailure: (e) => console.error(e),
+                });
+            }
+            return {
+                user,
+            };
+        });
+    }
+    getUser() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.user) {
+                return this.user;
+            }
+            const cognitoUser = yield this.cognito.currentAuthenticatedUser();
+            return this.loadUser(cognitoUser);
+        });
+    }
+    refreshAccessToken() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cognitoUser = yield this.cognito.currentAuthenticatedUser();
+            const refreshToken = cognitoUser.getSignInUserSession().getRefreshToken();
+            console.log('Token refresh...');
+            return new Promise((resolve, reject) => {
+                cognitoUser.refreshSession(refreshToken, (err) => {
+                    if (err) {
+                        console.error('Error refreshing token: ', err);
+                        reject(err);
+                    }
+                    else {
+                        console.log('Token refresh complete');
+                        resolve(0);
+                    }
+                });
+            });
+        });
+    }
+    // ----------------------------------------------------------------------------------------------------
+    // Helpers
+    // ----------------------------------------------------------------------------------------------------
+    fetchCurrentUser() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return (yield this.api.query({
+                query: CurrentUserQuery,
+                processorOptions: {
+                    hasKeys: false,
+                },
+            })).currentUser;
+        });
+    }
+    fetchResetUser() {
+        return __awaiter(this, void 0, void 0, function* () {
+            return (yield this.api.query({
+                query: ResetUserQuery,
+                processorOptions: {
+                    hasKeys: false,
+                },
+            })).tpPasswordResetUser;
+        });
+    }
+    kcLogout() {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.http
+                .post(`${this.kcConfig.authUrl}auth/sign-out/`, null, {
+                withCredentials: true,
+                responseType: 'text',
+            })
+                .toPromise();
+        });
+    }
+    fetchPassIdpParams(emailOrPhone) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return yield this.http
+                .get(`${this.kcConfig.authUrl}users/pass-idp-params/?login_name=${encodeURIComponent(emailOrPhone)}`)
+                .toPromise();
+        });
+    }
+    loginImpl(emailOrPhone, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.logout();
+            const loginIdpResult = yield this.loginIdp(emailOrPhone, password);
+            // Can't get the user yet because we still ned to meet MFA challenges
+            if ([
+                CognitoChallengeName.SMS_MFA,
+                CognitoChallengeName.SOFTWARE_TOKEN_MFA,
+            ].includes(loginIdpResult.cognitoUser.challengeName)) {
+                return {
+                    challenge: {
+                        cognitoUser: loginIdpResult.cognitoUser,
+                        recoveryStatus: loginIdpResult.recoveryStatus,
+                    },
+                };
+            }
+            yield this.handlePostAuth(loginIdpResult.recoveryStatus);
+            // There should be no MFA on the TP reset user.
+            const user = yield this.loadUser(loginIdpResult.cognitoUser, password);
+            return {
+                user,
+            };
+        });
+    }
+    loginIdp(emailOrPhone, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            // Download the salt needed to derive the PassIdp
+            const passIdpApiResult = yield this.fetchPassIdpParams(emailOrPhone);
+            if (passIdpApiResult.passwordChangeStatus === PasswordChangeStatus.IN_PROGRESS) {
+                throw new KcConcurrentAccessException('A password change is in progress');
+            }
+            if (passIdpApiResult.passwordChangeStatus === PasswordChangeStatus.RECOVERY) {
+                console.log('In recovery mode.');
+                // Let's say we don't know if the password is the new one or the old one. We just have to try both.
+                try {
+                    const user = {
+                        cognitoUser: yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.newPassIdpParams),
+                        recoveryStatus: RecoveryStatus.NEW_PASSWORD,
+                    };
+                    // New password worked. Let's set to the current password
+                    // --Potential Failure Point 1--
+                    // if changePasswordComplete() doesn't get called, then it should remain
+                    console.log('New password works!');
+                    return user;
+                }
+                catch (error) {
+                    // Just bubble up any other type of error.
+                    if (error.code !== 'NotAuthorizedException') {
+                        throw error;
+                    }
+                    // pass, try again assuming it's the old password
+                }
+                // Now assume it's the previous password. Any exception is allowed to bubble up.
+                try {
+                    const user = {
+                        cognitoUser: yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.currentPassIdpParams),
+                        recoveryStatus: RecoveryStatus.OLD_PASSWORD,
+                    };
+                    // Old password worked.
+                    console.log('Old password works!');
+                    return user;
+                }
+                catch (error) {
+                    // Just bubble up any other type of error.
+                    throw error.code === 'NotAuthorizedException'
+                        ? new KcBadRequestException('The password change request was interrupted, please try to login with both your new and old password')
+                        : error;
+                }
+            }
+            // Try again as the TP password reset account
+            if (passIdpApiResult.tpPasswordReset) {
+                try {
+                    // TP password reset is in process. We need to try the password against both
+                    // original account and the new reset account.
+                    const reset = passIdpApiResult.tpPasswordReset;
+                    const user = {
+                        cognitoUser: yield this.loginIdpImpl(reset.resetUsername, password, reset.passIdpParams),
+                        recoveryStatus: RecoveryStatus.NONE,
+                    };
+                    return user;
+                }
+                catch (err) {
+                    // continue, try again as regular user.
+                }
+            }
+            // Login as regular user
+            const user = {
+                cognitoUser: yield this.loginIdpImpl(emailOrPhone, password, passIdpApiResult.currentPassIdpParams),
+                recoveryStatus: RecoveryStatus.NONE,
+            };
+            return user;
+        });
+    }
+    loginIdpImpl(emailOrPhone, password, passIdpParams) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const passIdpResult = yield this.keyFactoryService.derivePassIdp(Object.assign({ password }, passIdpParams));
+            // Use the derived password to signin with cognito
+            return this.cognito.signIn(emailOrPhone, this.passwordService.getPassIdpString(passIdpResult.jwk));
+        });
+    }
+    handlePostAuth(recoveryStatus) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield this.handlePasswordRecovery(recoveryStatus);
+            yield this.handleSessionEncryptionKey();
+        });
+    }
+    handlePasswordRecovery(recoveryStatus) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (recoveryStatus !== RecoveryStatus.NONE) {
+                yield this.passwordService.changePasswordComplete({
+                    useNewPassword: recoveryStatus === RecoveryStatus.NEW_PASSWORD,
+                });
+            }
+        });
+    }
+    handleSessionEncryptionKey() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (this.kcConfig.disableSessionEncryptionKey) {
+                if (!isDevMode()) {
+                    const msg = 'You should not set disableSessionEncryptionKey=True in mode prod. It defaults to false.';
+                    console.error(msg);
+                    throw new KcInternalErrorException(msg);
+                }
+                else {
+                    console.warn('You have set disableSessionEncryptionKey=True. Make sure not to do this in prod mode.');
+                }
+            }
+            else {
+                // Set the session key to a new encryption key for this session
+                const sessionEncryptionKey = yield this.keyFactoryService.createKey();
+                yield this.lrGraphQL.lrMutate(new LrMutation({
+                    mutation: SetSessionEncryptionKeyMutation,
+                    variables: {
+                        input: {
+                            sessionEncryptionKey: JSON.stringify(sessionEncryptionKey.toJSON(true)),
+                        },
+                    },
+                }), {
+                    includeKeyGraph: false,
+                });
+                this.persistService.setServerSessionEncryptionKey(sessionEncryptionKey);
+            }
+        });
+    }
+    getCognitoUserAttribute(attributeName, userAttributes) {
+        const userAttribute = userAttributes.find((x) => x.getName() === attributeName);
+        return userAttribute ? userAttribute.getValue() : null;
+    }
+    loadUserKeys(options) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { userKeys, password, sessionEncryptionKey } = options;
+            if (sessionEncryptionKey) {
+                this.persistService.setServerSessionEncryptionKey(yield JWK.asKey(sessionEncryptionKey));
+            }
+            // password is not needed if the master key is already persisted.
+            if (password) {
+                const passKey = (yield this.keyFactoryService.derivePassKey(Object.assign({ password }, userKeys.passKey.passKeyParams))).jwk;
+                yield this.idleService.persistMasterKey(yield this.keyGraphService.unwrapWithPassKey(userKeys.passKey.id, passKey, userKeys.masterKey.id));
+            }
+        });
+    }
+    loadUser(cognitoUser, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (cognitoUser.getUsername().endsWith(TP_PASSWORD_RESET_USERNAME_SUFFIX)) {
+                this.user = yield this.loadResetUser(cognitoUser, password);
+            }
+            else {
+                this.user = yield this.loadRegularUser(cognitoUser, password);
+            }
+            yield this.idleService.start(); // Run idleService whenever user is logged in.
+            return this.user;
+        });
+    }
+    loadRegularUser(cognitoUser, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const currentUser = yield this.fetchCurrentUser();
+            yield this.loadUserKeys({
+                userKeys: currentUser.currentUserKey,
+                password,
+                sessionEncryptionKey: currentUser.sessionEncryptionKey,
+            });
+            // Regular user populates all keys
+            yield this.keyGraphService.populateKeys(currentUser.currentUserKey);
+            const { username } = currentUser;
+            const userAttributes = yield this.cognito.userAttributes(cognitoUser);
+            return {
+                username,
+                sub: this.getCognitoUserAttribute('sub', userAttributes),
+                loginEmail: this.getCognitoUserAttribute('email', userAttributes),
+                resetUser: null,
+            };
+        });
+    }
+    loadResetUser(cognitoUser, password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const resetUser = yield this.fetchResetUser();
+            const userKeys = {
+                passKey: {
+                    id: resetUser.passKey.id,
+                    passKeyParams: resetUser.passKey.passKeyParams,
+                },
+                masterKey: {
+                    id: resetUser.masterKey.id,
+                },
+            };
+            yield this.loadUserKeys({
+                userKeys,
+                password,
+                sessionEncryptionKey: resetUser.sessionEncryptionKey,
+            });
+            // Reset user only sets a subset of keys
+            yield this.keyService.setKeys(userKeys);
+            const { username } = resetUser;
+            const userAttributes = yield this.cognito.userAttributes(cognitoUser);
+            return {
+                username,
+                sub: this.getCognitoUserAttribute('sub', userAttributes),
+                loginEmail: this.getCognitoUserAttribute('email', userAttributes),
+                resetUser: {
+                    state: resetUser.state,
+                },
+            };
+        });
+    }
+    recoverAssemblyKey(resetUser) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const prk = yield this.keyGraphService.getKey(resetUser.pxk.id);
+            const partials = yield Promise.all(resetUser.approvals
+                .filter((approval) => !!approval.receiverCipherPartialAssemblyKey)
+                .map((approval) => this.encryptionService.decrypt(prk, approval.receiverCipherPartialAssemblyKey)));
+            return this.assemblyController.recoverAssemblyKey(partials);
+        });
+    }
+    completeResetRequest(newPassword) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const resetUser = yield this.fetchResetUser();
+            if (resetUser.state !== TpClaimState.APPROVED) {
+                throw new KcBadStateException('Password reset request has not been approved.');
+            }
+            // --------------------------------------------------------------
+            // Prepare all materials to ensure there are no errors.
+            // --------------------------------------------------------------
+            const assemblyKey = yield this.recoverAssemblyKey(resetUser);
+            const { rootKey } = yield this.encryptionService.decrypt(assemblyKey, resetUser.assemblyCipherData);
+            // Making sure it's a valid key.
+            const rootKeyJwk = yield JWK.asKey(rootKey);
+            const masterKey = yield this.keyGraphService.getKey(resetUser.masterKey.id);
+            const masterKeyWrappedRootKey = yield this.encryptionService.encryptToString(masterKey.jwk, rootKeyJwk.toJSON(true));
+            // The new password
+            const newPassIdpResult = yield this.keyFactoryService.derivePassIdp(Object.assign({ password: newPassword }, resetUser.passKey.passIdpParams));
+            const newIdpPassword = this.passwordService.getPassIdpString(newPassIdpResult.jwk);
+            // --------------------------------------------------------------
+            // Get assembly key challenge
+            // --------------------------------------------------------------
+            const challenge = (yield this.lrGraphQL.lrMutate(new LrMutation({
+                mutation: CreateTpAssemblyKeyChallengeMutation,
+                variables: {
+                    input: {},
+                },
+            }), {
+                includeKeyGraph: false,
+            })).createTpAssemblyKeyChallenge.challenge;
+            // Sign the challenge
+            // Generate a client side nonce that's no in the server's control.
+            challenge.clientNonce = this.keyFactoryService.randomString(TP_PASSWORD_RESET_CLIENT_NONCE_LENGTH);
+            const assemblyKeyVerifierPrk = yield this.encryptionService.decrypt(assemblyKey, resetUser.wrappedAssemblyKeyVerifierPrk);
+            const signedChallenge = yield this.encryptionService.sign(assemblyKeyVerifierPrk, challenge);
+            // --------------------------------------------------------------
+            // Change password for the original user
+            // --------------------------------------------------------------
+            const tempIdpPassword = (yield this.lrGraphQL.lrMutate(new LrMutation({
+                mutation: PreCompleteTpPasswordResetRequestMutation,
+                variables: {
+                    input: {
+                        signedChallenge: JSON.stringify(signedChallenge),
+                    },
+                },
+            }), {
+                includeKeyGraph: false,
+            })).preCompleteTpPasswordResetRequest.idpPassword;
+            // --------------------------------------------------------------
+            // Login as the original user using new temporary password
+            // --------------------------------------------------------------
+            // At this point, the original account's password has been changed
+            // to a temporary password. It is no longer possible for the user
+            // to use the original password to login. Any successful login
+            // can only be using the temporary password. So it's safe to assume
+            // that we want to "complete" the password reset.
+            // There maybe 2FA so we listen for the auth event from Amplify.
+            const retPromise = new Promise((resolve) => {
+                const listener = (data) => __awaiter(this, void 0, void 0, function* () {
+                    if (data.payload.event !== 'signIn') {
+                        return;
+                    }
+                    Hub.remove('auth', listener);
+                    yield this.cognito.signIn(resetUser.username, newIdpPassword);
+                    // Switch over to the new set of keys
+                    yield this.lrGraphQL.lrMutate(new LrMutation({
+                        mutation: CompleteTpPasswordResetRequestMutation,
+                        variables: {
+                            input: {
+                                masterKeyWrappedRootKey,
+                                masterKeyId: masterKey.id,
+                            },
+                        },
+                    }));
+                    resolve();
+                });
+                Hub.listen('auth', listener);
+            });
+            // Signin as the original user. Password has been reset to temporary one. It should return
+            // with NEW_PASSWORD_REQUIRED
+            let user = yield this.cognito.signIn(resetUser.username, tempIdpPassword, {
+                noProxy: 'true',
+            });
+            if (user.challengeName !== 'NEW_PASSWORD_REQUIRED') {
+                throw new KcInternalErrorException('Expecting Cognito to have done a password reset after call to PreCompleteTpPasswordResetRequestMutation.');
+            }
+            // Set new password on Idp
+            // the awsFetch() function passes NEW_PASSWORD_REQUIRED directly to AWS without
+            // going through the proxy.
+            user = yield this.cognito.completeNewPassword(user, newIdpPassword, {});
+            return retPromise;
+        });
+    }
+    // ------------------------------------------------------
+    // Debug utilities
+    // ------------------------------------------------------
+    debugLogin(username, password) {
+        // This will fail if debug is null. But when debug is null, this function
+        // should not be called.
+        this.kcConfig.debug.username = username;
+        return this.debugLoadUser(password);
+    }
+    debugLoadUser(password) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const currentUser = yield this.fetchCurrentUser();
+            const { username, currentUserKey } = currentUser;
+            // Debug mode can not deal with session encryption key yet.
+            // NO SESSION ENCRYPTION KEY.
+            const passKey = (yield this.keyFactoryService.derivePassKey(Object.assign({ password }, currentUserKey.passKey.passKeyParams))).jwk;
+            const masterKey = yield this.keyGraphService.unwrapWithPassKey(currentUserKey.passKey.id, passKey, currentUserKey.masterKey.id);
+            yield this.idleService.persistMasterKey(masterKey);
+            yield this.keyGraphService.populateKeys(currentUserKey);
+            this.user = {
+                username,
+                resetUser: null,
+                sub: 'DEBUG_MODE',
+                loginEmail: 'DEBUG_MODE',
+            };
+            return this.user;
+        });
+    }
+    /**
+     * Clears the caches user. So we can simulate a page refresh and test getUser().
+     */
+    debugClearUser() {
+        this.user = null;
+    }
+};
+Auth2Service.CHALLENGE_TIMEOUT = 1000 * 60 * 5;
+Auth2Service.ɵprov = i0.ɵɵdefineInjectable({ factory: function Auth2Service_Factory() { return new Auth2Service(i0.ɵɵinject(i0.NgZone), i0.ɵɵinject(i0.INJECTOR), i0.ɵɵinject(i1.HttpClient), i0.ɵɵinject(i2.AuthClass), i0.ɵɵinject(i3.LrGraphQLService), i0.ɵɵinject(i4.KeyService), i0.ɵɵinject(i5.KeyGraphService), i0.ɵɵinject(i6.KeyFactoryService), i0.ɵɵinject(i7.PasswordService), i0.ɵɵinject(i8.IdleService), i0.ɵɵinject(i9.PersistService), i0.ɵɵinject(i10.EncryptionService), i0.ɵɵinject(i11.TpPasswordResetAssemblyController), i0.ɵɵinject(i12.KC_CONFIG)); }, token: Auth2Service, providedIn: "root" });
+Auth2Service.decorators = [
+    { type: Injectable, args: [{
+                providedIn: 'root',
+            },] }
+];
+Auth2Service.ctorParameters = () => [
+    { type: NgZone },
+    { type: Injector },
+    { type: HttpClient },
+    { type: AuthClass },
+    { type: LrGraphQLService },
+    { type: KeyService },
+    { type: KeyGraphService },
+    { type: KeyFactoryService },
+    { type: PasswordService },
+    { type: IdleService },
+    { type: PersistService },
+    { type: EncryptionService },
+    { type: TpPasswordResetAssemblyController },
+    { type: undefined, decorators: [{ type: Inject, args: [KC_CONFIG,] }] }
+];
+Auth2Service = Auth2Service_1 = __decorate([
+    RunOutsideAngular({
+        ngZoneName: 'ngZone',
+    })
+], Auth2Service);
+export { Auth2Service };
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXV0aDIuc2VydmljZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uL3Byb2plY3RzL2NvcmUvc3JjL2xpYi9hdXRoMi9hdXRoMi5zZXJ2aWNlLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBQUEsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ2xELE9BQU8sRUFBRSxNQUFNLEVBQUUsVUFBVSxFQUFFLFFBQVEsRUFBRSxTQUFTLEVBQUUsTUFBTSxFQUFFLE1BQU0sZUFBZSxDQUFDO0FBRWhGLE9BQU8sRUFBRSxTQUFTLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUMzRCxPQUFPLEVBQUUsR0FBRyxFQUFFLE1BQU0sbUJBQW1CLENBQUM7QUFFeEMsT0FBTyxFQUFFLEdBQUcsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUNoQyxPQUFPLEVBQUUsZ0JBQWdCLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBQzVFLE9BQU8sRUFBRSxZQUFZLEVBQUUsTUFBTSxjQUFjLENBQUM7QUFDNUMsT0FBTyxFQUFFLCtCQUErQixFQUFFLE1BQU0sa0JBQWtCLENBQUM7QUFDbkUsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sa0NBQWtDLENBQUM7QUFDckUsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQ25ELE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLDRCQUE0QixDQUFDO0FBQy9ELE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSwwQkFBMEIsQ0FBQztBQUMzRCxPQUFPLEVBQUUsVUFBVSxFQUFZLE1BQU0sb0JBQW9CLENBQUM7QUFFMUQsT0FBTyxFQUFZLFNBQVMsRUFBRSxNQUFNLHNCQUFzQixDQUFDO0FBQzNELE9BQU8sRUFBRSxlQUFlLEVBQUUsTUFBTSw4QkFBOEIsQ0FBQztBQUMvRCxPQUFPLEVBQUUsY0FBYyxFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDNUQsT0FBTyxFQUNMLHFDQUFxQyxFQUNyQyxpQ0FBaUMsR0FDbEMsTUFBTSxrREFBa0QsQ0FBQztBQUMxRCxPQUFPLEVBQUUsaUNBQWlDLEVBQUUsTUFBTSxtREFBbUQsQ0FBQztBQUN0RyxPQUFPLEVBQ0wsc0NBQXNDLEVBQ3RDLG9DQUFvQyxFQUNwQyx5Q0FBeUMsR0FDMUMsTUFBTSw0Q0FBNEMsQ0FBQztBQUNwRCxPQUFPLEVBQ0wscUJBQXFCLEVBQ3JCLG1CQUFtQixFQUNuQiwyQkFBMkIsRUFDM0Isd0JBQXdCLEdBQ3pCLE1BQU0sdUJBQXVCLENBQUM7QUFDL0IsT0FBTyxFQUFFLFlBQVksRUFBRSxNQUFNLGdCQUFnQixDQUFDO0FBQzlDLE9BQU8sRUFBRSxpQkFBaUIsRUFBRSxNQUFNLGdDQUFnQyxDQUFDO0FBQ25FLE9BQU8sRUFDTCxnQkFBZ0IsRUFFaEIsY0FBYyxHQUVmLE1BQU0scUJBQXFCLENBQUM7QUFDN0IsT0FBTyxFQUVMLG9CQUFvQixFQU9wQixvQkFBb0IsRUFDcEIsY0FBYyxHQUNmLE1BQU0sZUFBZSxDQUFDOzs7Ozs7Ozs7Ozs7OztJQVFWLFlBQVksMEJBQVosWUFBYSxTQUFRLFNBQVM7SUFVekMsWUFDVSxNQUFjLEVBQ2QsUUFBa0IsRUFDbEIsSUFBZ0IsRUFDaEIsT0FBa0IsRUFDbEIsR0FBcUIsRUFDckIsVUFBc0IsRUFDdEIsZUFBZ0MsRUFDaEMsaUJBQW9DLEVBQ3BDLGVBQWdDLEVBQ2hDLFdBQXdCLEVBQ3hCLGNBQThCLEVBQzlCLGlCQUFvQyxFQUNwQyxrQkFBcUQsRUFDbEMsUUFBa0I7UUFFN0MsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBZlIsV0FBTSxHQUFOLE1BQU0sQ0FBUTtRQUNkLGFBQVEsR0FBUixRQUFRLENBQVU7UUFDbEIsU0FBSSxHQUFKLElBQUksQ0FBWTtRQUNoQixZQUFPLEdBQVAsT0FBTyxDQUFXO1FBQ2xCLFFBQUcsR0FBSCxHQUFHLENBQWtCO1FBQ3JCLGVBQVUsR0FBVixVQUFVLENBQVk7UUFDdEIsb0JBQWUsR0FBZixlQUFlLENBQWlCO1FBQ2hDLHNCQUFpQixHQUFqQixpQkFBaUIsQ0FBbUI7UUFDcEMsb0JBQWUsR0FBZixlQUFlLENBQWlCO1FBQ2hDLGdCQUFXLEdBQVgsV0FBVyxDQUFhO1FBQ3hCLG1CQUFjLEdBQWQsY0FBYyxDQUFnQjtRQUM5QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLHVCQUFrQixHQUFsQixrQkFBa0IsQ0FBbUM7UUFDbEMsYUFBUSxHQUFSLFFBQVEsQ0FBVTtRQXJCL0Msc0ZBQXNGO1FBQ3RGLHFFQUFxRTtRQUM3RCxvQkFBZSxHQUFHLElBQUksR0FBRyxFQUFrQixDQUFDO1FBRXBELDJFQUEyRTtRQUNuRSxhQUFRLEdBQWlCLElBQUksQ0FBQztRQW1CcEMsSUFBSSxDQUFDLFNBQVMsRUFBRSxFQUFFO1lBQ2hCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxLQUFLLElBQUksSUFBSSxFQUFFO2dCQUMvQixNQUFNLElBQUkscUJBQXFCLENBQzdCLDBEQUEwRCxDQUMzRCxDQUFDO2FBQ0g7U0FDRjtJQUNILENBQUM7SUFFRCxjQUFjLENBQUMsYUFBcUI7UUFDbEMsT0FBTyxJQUFJLENBQUMsaUJBQWlCLENBQUMsY0FBYyxDQUFDLGFBQWEsQ0FBQyxDQUFDO0lBQzlELENBQUM7SUFFSyxNQUFNOzs7WUFDVixvQ0FBb0M7WUFDcEMsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUFDLENBQUMsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLENBQUMsR0FBRyxDQUFDLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLENBQUM7WUFFM0UsSUFBSSxDQUFDLElBQUksR0FBRyxJQUFJLENBQUM7WUFDakIsSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztZQUM1QixJQUFJLENBQUMsZUFBZSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBRWpDLHlDQUF5QztZQUN6QyxNQUFNLE9BQU8sQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxFQUFFLElBQUksQ0FBQyxRQUFRLEVBQUUsQ0FBQyxDQUFDLENBQUM7WUFFN0QsVUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssMENBQUUsUUFBUSxFQUFFO2dCQUNqQyxJQUFJLENBQUMsUUFBUSxDQUFDLEtBQUssQ0FBQyxRQUFRLEdBQUcsSUFBSSxDQUFDO2FBQ3JDOztLQUNGO0lBRUQsaUJBQWlCLENBQUMsUUFBd0I7UUFDeEMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxHQUFHLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDckMsQ0FBQztJQUVELG9CQUFvQixDQUFDLFFBQXdCO1FBQzNDLElBQUksQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFSyxLQUFLLENBQ1QsWUFBb0IsRUFDcEIsUUFBbUIsRUFDbkIsRUFBRSwyQkFBMkIsR0FBRyxJQUFJLEtBQW1CLEVBQUU7OztZQUV6RCxJQUFJLFdBQVcsR0FBZ0IsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLFlBQVksRUFBRSxRQUFRLENBQUMsQ0FBQztZQUU1RSxxREFBcUQ7WUFDckQsSUFBSSxXQUFXLENBQUMsU0FBUyxFQUFFO2dCQUN6QixJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksWUFBWSxDQUM5QixRQUFRLEVBQ1IsY0FBWSxDQUFDLGlCQUFpQixDQUMvQixDQUFDO2dCQUVGLE9BQU8sV0FBVyxDQUFDO2FBQ3BCO1lBRUQsSUFDRSwyQkFBMkI7Z0JBQzNCLE9BQUEsV0FBVyxDQUFDLElBQUksQ0FBQyxTQUFTLDBDQUFFLEtBQUssTUFBSyxZQUFZLENBQUMsUUFBUSxFQUMzRDtnQkFDQSxNQUFNLElBQUksQ0FBQyxvQkFBb0IsQ0FBQyxRQUFRLENBQUMsQ0FBQztnQkFDMUMsV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxZQUFZLEVBQUUsUUFBUSxDQUFDLENBQUM7YUFDNUQ7WUFFRCxPQUFPLFdBQVcsQ0FBQzs7S0FDcEI7SUFFSyxXQUFXLENBQUMsT0FJakI7O1lBQ0MsTUFBTSxFQUFFLFNBQVMsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLEdBQUcsT0FBTyxDQUFDO1lBRWhELE1BQU0scUJBQXFCLEdBQUc7Z0JBQzVCLG9CQUFvQixDQUFDLE9BQU87Z0JBQzVCLG9CQUFvQixDQUFDLGtCQUFrQjthQUN4QyxDQUFDO1lBRUYsSUFBSSxDQUFDLHFCQUFxQixDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsV0FBVyxDQUFDLGFBQWEsQ0FBQyxFQUFFO2dCQUN4RSxNQUFNLElBQUkscUJBQXFCLENBQzdCLGdDQUFnQyxxQkFBcUIsRUFBRSxDQUN4RCxDQUFDO2FBQ0g7WUFFRCxrRUFBa0U7WUFDbEUsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsT0FBTyxDQUFDLGFBQWEsQ0FDbEQsU0FBUyxDQUFDLFdBQVcsRUFDckIsSUFBSSxFQUNKLFNBQVMsQ0FBQyxXQUFXLENBQUMsYUFFcUIsQ0FDNUMsQ0FBQztZQUVGLE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxTQUFTLENBQUMsY0FBYyxDQUFDLENBQUM7WUFFcEQsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsRUFBRSxJQUFJLENBQUMsUUFBUSxDQUFDLEdBQUcsRUFBRSxDQUFDLENBQUM7WUFFbkUsa0ZBQWtGO1lBQ2xGLDBEQUEwRDtZQUMxRCxJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksQ0FBQztZQUVyQixJQUFJLFVBQVUsRUFBRTtnQkFDZCxXQUFXLENBQUMseUJBQXlCLENBQUM7b0JBQ3BDLFNBQVMsRUFBRSxHQUFHLEVBQUU7d0JBQ2QsT0FBTztvQkFDVCxDQUFDO29CQUNELFNBQVMsRUFBRSxDQUFDLENBQUMsRUFBRSxFQUFFLENBQUMsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUM7aUJBQ25DLENBQUMsQ0FBQzthQUNKO1lBRUQsT0FBTztnQkFDTCxJQUFJO2FBQ0wsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVLLE9BQU87O1lBQ1gsSUFBSSxJQUFJLENBQUMsSUFBSSxFQUFFO2dCQUNiLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQzthQUNsQjtZQUVELE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyx3QkFBd0IsRUFBRSxDQUFDO1lBRWxFLE9BQU8sSUFBSSxDQUFDLFFBQVEsQ0FBQyxXQUFXLENBQUMsQ0FBQztRQUNwQyxDQUFDO0tBQUE7SUFFSyxrQkFBa0I7O1lBQ3RCLE1BQU0sV0FBVyxHQUNmLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyx3QkFBd0IsRUFBRSxDQUFDO1lBQ2hELE1BQU0sWUFBWSxHQUFHLFdBQVcsQ0FBQyxvQkFBb0IsRUFBRSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBRTFFLE9BQU8sQ0FBQyxHQUFHLENBQUMsa0JBQWtCLENBQUMsQ0FBQztZQUNoQyxPQUFPLElBQUksT0FBTyxDQUFDLENBQUMsT0FBTyxFQUFFLE1BQU0sRUFBRSxFQUFFO2dCQUNyQyxXQUFXLENBQUMsY0FBYyxDQUFDLFlBQVksRUFBRSxDQUFDLEdBQUcsRUFBRSxFQUFFO29CQUMvQyxJQUFJLEdBQUcsRUFBRTt3QkFDUCxPQUFPLENBQUMsS0FBSyxDQUFDLDBCQUEwQixFQUFFLEdBQUcsQ0FBQyxDQUFDO3dCQUMvQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7cUJBQ2I7eUJBQU07d0JBQ0wsT0FBTyxDQUFDLEdBQUcsQ0FBQyx3QkFBd0IsQ0FBQyxDQUFDO3dCQUN0QyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUM7cUJBQ1o7Z0JBQ0gsQ0FBQyxDQUFDLENBQUM7WUFDTCxDQUFDLENBQUMsQ0FBQztRQUNMLENBQUM7S0FBQTtJQUVELHVHQUF1RztJQUN2RyxVQUFVO0lBQ1YsdUdBQXVHO0lBRXpGLGdCQUFnQjs7WUFDNUIsT0FBTyxDQUNMLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQXlCO2dCQUMzQyxLQUFLLEVBQUUsZ0JBQWdCO2dCQUN2QixnQkFBZ0IsRUFBRTtvQkFDaEIsT0FBTyxFQUFFLEtBQUs7aUJBQ2Y7YUFDRixDQUFDLENBQ0gsQ0FBQyxXQUFXLENBQUM7UUFDaEIsQ0FBQztLQUFBO0lBRWEsY0FBYzs7WUFDMUIsT0FBTyxDQUNMLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxLQUFLLENBQXVCO2dCQUN6QyxLQUFLLEVBQUUsY0FBYztnQkFDckIsZ0JBQWdCLEVBQUU7b0JBQ2hCLE9BQU8sRUFBRSxLQUFLO2lCQUNmO2FBQ0YsQ0FBQyxDQUNILENBQUMsbUJBQW1CLENBQUM7UUFDeEIsQ0FBQztLQUFBO0lBRWEsUUFBUTs7WUFDcEIsTUFBTSxJQUFJLENBQUMsSUFBSTtpQkFDWixJQUFJLENBQUMsR0FBRyxJQUFJLENBQUMsUUFBUSxDQUFDLE9BQU8sZ0JBQWdCLEVBQUUsSUFBSSxFQUFFO2dCQUNwRCxlQUFlLEVBQUUsSUFBSTtnQkFDckIsWUFBWSxFQUFFLE1BQU07YUFDckIsQ0FBQztpQkFDRCxTQUFTLEVBQUUsQ0FBQztRQUNqQixDQUFDO0tBQUE7SUFFYSxrQkFBa0IsQ0FDOUIsWUFBb0I7O1lBRXBCLE9BQU8sTUFBTSxJQUFJLENBQUMsSUFBSTtpQkFDbkIsR0FBRyxDQUNGLEdBQ0UsSUFBSSxDQUFDLFFBQVEsQ0FBQyxPQUNoQixxQ0FBcUMsa0JBQWtCLENBQUMsWUFBWSxDQUFDLEVBQUUsQ0FDeEU7aUJBQ0EsU0FBUyxFQUFFLENBQUM7UUFDakIsQ0FBQztLQUFBO0lBRWEsU0FBUyxDQUNyQixZQUFvQixFQUNwQixRQUFtQjs7WUFFbkIsTUFBTSxJQUFJLENBQUMsTUFBTSxFQUFFLENBQUM7WUFDcEIsTUFBTSxjQUFjLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFlBQVksRUFBRSxRQUFRLENBQUMsQ0FBQztZQUVuRSxxRUFBcUU7WUFDckUsSUFDRTtnQkFDRSxvQkFBb0IsQ0FBQyxPQUFPO2dCQUM1QixvQkFBb0IsQ0FBQyxrQkFBa0I7YUFDeEMsQ0FBQyxRQUFRLENBQUMsY0FBYyxDQUFDLFdBQVcsQ0FBQyxhQUFhLENBQUMsRUFDcEQ7Z0JBQ0EsT0FBTztvQkFDTCxTQUFTLEVBQUU7d0JBQ1QsV0FBVyxFQUFFLGNBQWMsQ0FBQyxXQUFXO3dCQUN2QyxjQUFjLEVBQUUsY0FBYyxDQUFDLGNBQWM7cUJBQzlDO2lCQUNGLENBQUM7YUFDSDtZQUVELE1BQU0sSUFBSSxDQUFDLGNBQWMsQ0FBQyxjQUFjLENBQUMsY0FBYyxDQUFDLENBQUM7WUFDekQsK0NBQStDO1lBQy9DLE1BQU0sSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxjQUFjLENBQUMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBRXZFLE9BQU87Z0JBQ0wsSUFBSTthQUNMLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFYSxRQUFRLENBQ3BCLFlBQW9CLEVBQ3BCLFFBQW1COztZQUVuQixpREFBaUQ7WUFDakQsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxZQUFZLENBQUMsQ0FBQztZQUVyRSxJQUNFLGdCQUFnQixDQUFDLG9CQUFvQixLQUFLLG9CQUFvQixDQUFDLFdBQVcsRUFDMUU7Z0JBQ0EsTUFBTSxJQUFJLDJCQUEyQixDQUFDLGtDQUFrQyxDQUFDLENBQUM7YUFDM0U7WUFFRCxJQUNFLGdCQUFnQixDQUFDLG9CQUFvQixLQUFLLG9CQUFvQixDQUFDLFFBQVEsRUFDdkU7Z0JBQ0EsT0FBTyxDQUFDLEdBQUcsQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO2dCQUVqQyxtR0FBbUc7Z0JBQ25HLElBQUk7b0JBQ0YsTUFBTSxJQUFJLEdBQW1CO3dCQUMzQixXQUFXLEVBQUUsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUNsQyxZQUFZLEVBQ1osUUFBUSxFQUNSLGdCQUFnQixDQUFDLGdCQUFnQixDQUNsQzt3QkFDRCxjQUFjLEVBQUUsY0FBYyxDQUFDLFlBQVk7cUJBQzVDLENBQUM7b0JBQ0YseURBQXlEO29CQUV6RCxnQ0FBZ0M7b0JBQ2hDLHdFQUF3RTtvQkFFeEUsT0FBTyxDQUFDLEdBQUcsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO29CQUVuQyxPQUFPLElBQUksQ0FBQztpQkFDYjtnQkFBQyxPQUFPLEtBQUssRUFBRTtvQkFDZCwwQ0FBMEM7b0JBQzFDLElBQUksS0FBSyxDQUFDLElBQUksS0FBSyx3QkFBd0IsRUFBRTt3QkFDM0MsTUFBTSxLQUFLLENBQUM7cUJBQ2I7b0JBQ0QsaURBQWlEO2lCQUNsRDtnQkFFRCxnRkFBZ0Y7Z0JBQ2hGLElBQUk7b0JBQ0YsTUFBTSxJQUFJLEdBQW1CO3dCQUMzQixXQUFXLEVBQUUsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUNsQyxZQUFZLEVBQ1osUUFBUSxFQUNSLGdCQUFnQixDQUFDLG9CQUFvQixDQUN0Qzt3QkFDRCxjQUFjLEVBQUUsY0FBYyxDQUFDLFlBQVk7cUJBQzVDLENBQUM7b0JBQ0YsdUJBQXVCO29CQUN2QixPQUFPLENBQUMsR0FBRyxDQUFDLHFCQUFxQixDQUFDLENBQUM7b0JBRW5DLE9BQU8sSUFBSSxDQUFDO2lCQUNiO2dCQUFDLE9BQU8sS0FBSyxFQUFFO29CQUNkLDBDQUEwQztvQkFDMUMsTUFBTSxLQUFLLENBQUMsSUFBSSxLQUFLLHdCQUF3Qjt3QkFDM0MsQ0FBQyxDQUFDLElBQUkscUJBQXFCLENBQ3ZCLHNHQUFzRyxDQUN2Rzt3QkFDSCxDQUFDLENBQUMsS0FBSyxDQUFDO2lCQUNYO2FBQ0Y7WUFFRCw2Q0FBNkM7WUFDN0MsSUFBSSxnQkFBZ0IsQ0FBQyxlQUFlLEVBQUU7Z0JBQ3BDLElBQUk7b0JBQ0YsNEVBQTRFO29CQUM1RSw4Q0FBOEM7b0JBQzlDLE1BQU0sS0FBSyxHQUFHLGdCQUFnQixDQUFDLGVBQWUsQ0FBQztvQkFDL0MsTUFBTSxJQUFJLEdBQW1CO3dCQUMzQixXQUFXLEVBQUUsTUFBTSxJQUFJLENBQUMsWUFBWSxDQUNsQyxLQUFLLENBQUMsYUFBYSxFQUNuQixRQUFRLEVBQ1IsS0FBSyxDQUFDLGFBQWEsQ0FDcEI7d0JBQ0QsY0FBYyxFQUFFLGNBQWMsQ0FBQyxJQUFJO3FCQUNwQyxDQUFDO29CQUVGLE9BQU8sSUFBSSxDQUFDO2lCQUNiO2dCQUFDLE9BQU8sR0FBRyxFQUFFO29CQUNaLHVDQUF1QztpQkFDeEM7YUFDRjtZQUVELHdCQUF3QjtZQUN4QixNQUFNLElBQUksR0FBbUI7Z0JBQzNCLFdBQVcsRUFBRSxNQUFNLElBQUksQ0FBQyxZQUFZLENBQ2xDLFlBQVksRUFDWixRQUFRLEVBQ1IsZ0JBQWdCLENBQUMsb0JBQW9CLENBQ3RDO2dCQUNELGNBQWMsRUFBRSxjQUFjLENBQUMsSUFBSTthQUNwQyxDQUFDO1lBRUYsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFYSxZQUFZLENBQ3hCLFlBQW9CLEVBQ3BCLFFBQW1CLEVBQ25CLGFBQTRCOztZQUU1QixNQUFNLGFBQWEsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxhQUFhLGlCQUM5RCxRQUFRLElBQ0wsYUFBYSxFQUNoQixDQUFDO1lBRUgsa0RBQWtEO1lBQ2xELE9BQU8sSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQ3hCLFlBQVksRUFDWixJQUFJLENBQUMsZUFBZSxDQUFDLGdCQUFnQixDQUFDLGFBQWEsQ0FBQyxHQUFHLENBQUMsQ0FDekQsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVhLGNBQWMsQ0FBQyxjQUE4Qjs7WUFDekQsTUFBTSxJQUFJLENBQUMsc0JBQXNCLENBQUMsY0FBYyxDQUFDLENBQUM7WUFDbEQsTUFBTSxJQUFJLENBQUMsMEJBQTBCLEVBQUUsQ0FBQztRQUMxQyxDQUFDO0tBQUE7SUFFYSxzQkFBc0IsQ0FBQyxjQUE4Qjs7WUFDakUsSUFBSSxjQUFjLEtBQUssY0FBYyxDQUFDLElBQUksRUFBRTtnQkFDMUMsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLHNCQUFzQixDQUFDO29CQUNoRCxjQUFjLEVBQUUsY0FBYyxLQUFLLGNBQWMsQ0FBQyxZQUFZO2lCQUMvRCxDQUFDLENBQUM7YUFDSjtRQUNILENBQUM7S0FBQTtJQUVhLDBCQUEwQjs7WUFDdEMsSUFBSSxJQUFJLENBQUMsUUFBUSxDQUFDLDJCQUEyQixFQUFFO2dCQUM3QyxJQUFJLENBQUMsU0FBUyxFQUFFLEVBQUU7b0JBQ2hCLE1BQU0sR0FBRyxHQUNQLHlGQUF5RixDQUFDO29CQUM1RixPQUFPLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO29CQUNuQixNQUFNLElBQUksd0JBQXdCLENBQUMsR0FBRyxDQUFDLENBQUM7aUJBQ3pDO3FCQUFNO29CQUNMLE9BQU8sQ0FBQyxJQUFJLENBQ1YsdUZBQXVGLENBQ3hGLENBQUM7aUJBQ0g7YUFDRjtpQkFBTTtnQkFDTCwrREFBK0Q7Z0JBQy9ELE1BQU0sb0JBQW9CLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ3RFLE1BQU0sSUFBSSxDQUFDLFNBQVMsQ0FBQyxRQUFRLENBQzNCLElBQUksVUFBVSxDQUFDO29CQUNiLFFBQVEsRUFBRSwrQkFBK0I7b0JBQ3pDLFNBQVMsRUFBRTt3QkFDVCxLQUFLLEVBQUU7NEJBQ0wsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDbEMsb0JBQW9CLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUNsQzt5QkFDRjtxQkFDRjtpQkFDRixDQUFDLEVBQ0Y7b0JBQ0UsZUFBZSxFQUFFLEtBQUs7aUJBQ3ZCLENBQ0YsQ0FBQztnQkFFRixJQUFJLENBQUMsY0FBYyxDQUFDLDZCQUE2QixDQUFDLG9CQUFvQixDQUFDLENBQUM7YUFDekU7UUFDSCxDQUFDO0tBQUE7SUFFTyx1QkFBdUIsQ0FDN0IsYUFBcUIsRUFDckIsY0FBc0M7UUFFdEMsTUFBTSxhQUFhLEdBQUcsY0FBYyxDQUFDLElBQUksQ0FDdkMsQ0FBQyxDQUFDLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLEVBQUUsS0FBSyxhQUFhLENBQ3JDLENBQUM7UUFFRixPQUFPLGFBQWEsQ0FBQyxDQUFDLENBQUMsYUFBYSxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUM7SUFDekQsQ0FBQztJQUVhLFlBQVksQ0FBQyxPQUkxQjs7WUFDQyxNQUFNLEVBQUUsUUFBUSxFQUFFLFFBQVEsRUFBRSxvQkFBb0IsRUFBRSxHQUFHLE9BQU8sQ0FBQztZQUU3RCxJQUFJLG9CQUFvQixFQUFFO2dCQUN4QixJQUFJLENBQUMsY0FBYyxDQUFDLDZCQUE2QixDQUMvQyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsb0JBQW9CLENBQUMsQ0FDdEMsQ0FBQzthQUNIO1lBRUQsaUVBQWlFO1lBQ2pFLElBQUksUUFBUSxFQUFFO2dCQUNaLE1BQU0sT0FBTyxHQUFHLENBQ2QsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsYUFBYSxpQkFDeEMsUUFBUSxJQUNMLFFBQVEsQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUNqQyxDQUNILENBQUMsR0FBRyxDQUFDO2dCQUVOLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxnQkFBZ0IsQ0FDckMsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLGlCQUFpQixDQUMxQyxRQUFRLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFDbkIsT0FBTyxFQUNQLFFBQVEsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUN0QixDQUNGLENBQUM7YUFDSDtRQUNILENBQUM7S0FBQTtJQUVhLFFBQVEsQ0FDcEIsV0FBd0IsRUFDeEIsUUFBb0I7O1lBRXBCLElBQUksV0FBVyxDQUFDLFdBQVcsRUFBRSxDQUFDLFFBQVEsQ0FBQyxpQ0FBaUMsQ0FBQyxFQUFFO2dCQUN6RSxJQUFJLENBQUMsSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLGFBQWEsQ0FBQyxXQUFXLEVBQUUsUUFBUSxDQUFDLENBQUM7YUFDN0Q7aUJBQU07Z0JBQ0wsSUFBSSxDQUFDLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsV0FBVyxFQUFFLFFBQVEsQ0FBQyxDQUFDO2FBQy9EO1lBRUQsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLEtBQUssRUFBRSxDQUFDLENBQUMsOENBQThDO1lBRTlFLE9BQU8sSUFBSSxDQUFDLElBQUksQ0FBQztRQUNuQixDQUFDO0tBQUE7SUFFYSxlQUFlLENBQzNCLFdBQXdCLEVBQ3hCLFFBQW9COztZQUVwQixNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxnQkFBZ0IsRUFBRSxDQUFDO1lBRWxELE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQztnQkFDdEIsUUFBUSxFQUFFLFdBQVcsQ0FBQyxjQUFjO2dCQUNwQyxRQUFRO2dCQUNSLG9CQUFvQixFQUFFLFdBQVcsQ0FBQyxvQkFBb0I7YUFDdkQsQ0FBQyxDQUFDO1lBRUgsa0NBQWtDO1lBQ2xDLE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxZQUFZLENBQUMsV0FBVyxDQUFDLGNBQWMsQ0FBQyxDQUFDO1lBRXBFLE1BQU0sRUFBRSxRQUFRLEVBQUUsR0FBRyxXQUFXLENBQUM7WUFDakMsTUFBTSxjQUFjLEdBQUcsTUFBTSxJQUFJLENBQUMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxXQUFXLENBQUMsQ0FBQztZQUV0RSxPQUFPO2dCQUNMLFFBQVE7Z0JBQ1IsR0FBRyxFQUFFLElBQUksQ0FBQyx1QkFBdUIsQ0FBQyxLQUFLLEVBQUUsY0FBYyxDQUFDO2dCQUN4RCxVQUFVLEVBQUUsSUFBSSxDQUFDLHVCQUF1QixDQUFDLE9BQU8sRUFBRSxjQUFjLENBQUM7Z0JBQ2pFLFNBQVMsRUFBRSxJQUFJO2FBQ2hCLENBQUM7UUFDSixDQUFDO0tBQUE7SUFFYSxhQUFhLENBQ3pCLFdBQXdCLEVBQ3hCLFFBQW9COztZQUVwQixNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUU5QyxNQUFNLFFBQVEsR0FBRztnQkFDZixPQUFPLEVBQUU7b0JBQ1AsRUFBRSxFQUFFLFNBQVMsQ0FBQyxPQUFPLENBQUMsRUFBRTtvQkFDeEIsYUFBYSxFQUFFLFNBQVMsQ0FBQyxPQUFPLENBQUMsYUFBYTtpQkFDL0M7Z0JBQ0QsU0FBUyxFQUFFO29CQUNULEVBQUUsRUFBRSxTQUFTLENBQUMsU0FBUyxDQUFDLEVBQUU7aUJBQzNCO2FBQ0YsQ0FBQztZQUVGLE1BQU0sSUFBSSxDQUFDLFlBQVksQ0FBQztnQkFDdEIsUUFBUTtnQkFDUixRQUFRO2dCQUNSLG9CQUFvQixFQUFFLFNBQVMsQ0FBQyxvQkFBb0I7YUFDckQsQ0FBQyxDQUFDO1lBRUgsd0NBQXdDO1lBQ3hDLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxPQUFPLENBQUMsUUFBUSxDQUFDLENBQUM7WUFFeEMsTUFBTSxFQUFFLFFBQVEsRUFBRSxHQUFHLFNBQVMsQ0FBQztZQUMvQixNQUFNLGNBQWMsR0FBRyxNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsY0FBYyxDQUFDLFdBQVcsQ0FBQyxDQUFDO1lBRXRFLE9BQU87Z0JBQ0wsUUFBUTtnQkFDUixHQUFHLEVBQUUsSUFBSSxDQUFDLHVCQUF1QixDQUFDLEtBQUssRUFBRSxjQUFjLENBQUM7Z0JBQ3hELFVBQVUsRUFBRSxJQUFJLENBQUMsdUJBQXVCLENBQUMsT0FBTyxFQUFFLGNBQWMsQ0FBQztnQkFDakUsU0FBUyxFQUFFO29CQUNULEtBQUssRUFBRSxTQUFTLENBQUMsS0FBSztpQkFDdkI7YUFDRixDQUFDO1FBQ0osQ0FBQztLQUFBO0lBRWEsa0JBQWtCLENBQzlCLFNBQXNEOztZQUV0RCxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxlQUFlLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDLENBQUM7WUFFaEUsTUFBTSxRQUFRLEdBQUcsTUFBTSxPQUFPLENBQUMsR0FBRyxDQUNoQyxTQUFTLENBQUMsU0FBUztpQkFDaEIsTUFBTSxDQUFDLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsUUFBUSxDQUFDLGdDQUFnQyxDQUFDO2lCQUNqRSxHQUFHLENBQUMsQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUNoQixJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUM1QixHQUFHLEVBQ0gsUUFBUSxDQUFDLGdDQUFnQyxDQUMxQyxDQUNGLENBQ0osQ0FBQztZQUVGLE9BQU8sSUFBSSxDQUFDLGtCQUFrQixDQUFDLGtCQUFrQixDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzlELENBQUM7S0FBQTtJQUVLLG9CQUFvQixDQUFDLFdBQXNCOztZQUMvQyxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxjQUFjLEVBQUUsQ0FBQztZQUU5QyxJQUFJLFNBQVMsQ0FBQyxLQUFLLEtBQUssWUFBWSxDQUFDLFFBQVEsRUFBRTtnQkFDN0MsTUFBTSxJQUFJLG1CQUFtQixDQUMzQiwrQ0FBK0MsQ0FDaEQsQ0FBQzthQUNIO1lBRUQsaUVBQWlFO1lBQ2pFLHVEQUF1RDtZQUN2RCxpRUFBaUU7WUFDakUsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsa0JBQWtCLENBQUMsU0FBUyxDQUFDLENBQUM7WUFFN0QsTUFBTSxFQUFFLE9BQU8sRUFBRSxHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDdEQsV0FBVyxFQUNYLFNBQVMsQ0FBQyxrQkFBa0IsQ0FDN0IsQ0FBQztZQUVGLGdDQUFnQztZQUNoQyxNQUFNLFVBQVUsR0FBRyxNQUFNLEdBQUcsQ0FBQyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUM7WUFFNUMsTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLE1BQU0sQ0FBQyxTQUFTLENBQUMsU0FBUyxDQUFDLEVBQUUsQ0FBQyxDQUFDO1lBRTVFLE1BQU0sdUJBQXVCLEdBQzNCLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLGVBQWUsQ0FDMUMsU0FBUyxDQUFDLEdBQUcsRUFDYixVQUFVLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUN4QixDQUFDO1lBRUosbUJBQW1CO1lBQ25CLE1BQU0sZ0JBQWdCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsYUFBYSxpQkFDakUsUUFBUSxFQUFFLFdBQVcsSUFDbEIsU0FBUyxDQUFDLE9BQU8sQ0FBQyxhQUFhLEVBQ2xDLENBQUM7WUFFSCxNQUFNLGNBQWMsR0FBRyxJQUFJLENBQUMsZUFBZSxDQUFDLGdCQUFnQixDQUMxRCxnQkFBZ0IsQ0FBQyxHQUFHLENBQ3JCLENBQUM7WUFFRixpRUFBaUU7WUFDakUsNkJBQTZCO1lBQzdCLGlFQUFpRTtZQUNqRSxNQUFNLFNBQVMsR0FBRyxDQUNoQixNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUMzQixJQUFJLFVBQVUsQ0FBQztnQkFDYixRQUFRLEVBQUUsb0NBQW9DO2dCQUM5QyxTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFLEVBQUU7aUJBQ1Y7YUFDRixDQUFDLEVBQ0Y7Z0JBQ0UsZUFBZSxFQUFFLEtBQUs7YUFDdkIsQ0FDRixDQUNGLENBQUMsNEJBQTRCLENBQUMsU0FBUyxDQUFDO1lBRXpDLHFCQUFxQjtZQUNyQixrRUFBa0U7WUFDbEUsU0FBUyxDQUFDLFdBQVcsR0FBRyxJQUFJLENBQUMsaUJBQWlCLENBQUMsWUFBWSxDQUN6RCxxQ0FBcUMsQ0FDdEMsQ0FBQztZQUVGLE1BQU0sc0JBQXNCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNqRSxXQUFXLEVBQ1gsU0FBUyxDQUFDLDZCQUE2QixDQUN4QyxDQUFDO1lBQ0YsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUN2RCxzQkFBc0IsRUFDdEIsU0FBUyxDQUNWLENBQUM7WUFFRixpRUFBaUU7WUFDakUsd0NBQXdDO1lBQ3hDLGlFQUFpRTtZQUNqRSxNQUFNLGVBQWUsR0FBRyxDQUN0QixNQUFNLElBQUksQ0FBQyxTQUFTLENBQUMsUUFBUSxDQUMzQixJQUFJLFVBQVUsQ0FBQztnQkFDYixRQUFRLEVBQUUseUNBQXlDO2dCQUNuRCxTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFO3dCQUNMLGVBQWUsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLGVBQWUsQ0FBQztxQkFDakQ7aUJBQ0Y7YUFDRixDQUFDLEVBQ0Y7Z0JBQ0UsZUFBZSxFQUFFLEtBQUs7YUFDdkIsQ0FDRixDQUNGLENBQUMsaUNBQWlDLENBQUMsV0FBVyxDQUFDO1lBRWhELGlFQUFpRTtZQUNqRSwwREFBMEQ7WUFDMUQsaUVBQWlFO1lBQ2pFLGtFQUFrRTtZQUNsRSxpRUFBaUU7WUFDakUsOERBQThEO1lBQzlELG1FQUFtRTtZQUNuRSxpREFBaUQ7WUFFakQsZ0VBQWdFO1lBQ2hFLE1BQU0sVUFBVSxHQUFHLElBQUksT0FBTyxDQUFPLENBQUMsT0FBTyxFQUFFLEVBQUU7Z0JBQy9DLE1BQU0sUUFBUSxHQUFHLENBQU8sSUFBSSxFQUFFLEVBQUU7b0JBQzlCLElBQUksSUFBSSxDQUFDLE9BQU8sQ0FBQyxLQUFLLEtBQUssUUFBUSxFQUFFO3dCQUNuQyxPQUFPO3FCQUNSO29CQUVELEdBQUcsQ0FBQyxNQUFNLENBQUMsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUFDO29CQUU3QixNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsTUFBTSxDQUFDLFNBQVMsQ0FBQyxRQUFRLEVBQUUsY0FBYyxDQUFDLENBQUM7b0JBRTlELHFDQUFxQztvQkFDckMsTUFBTSxJQUFJLENBQUMsU0FBUyxDQUFDLFFBQVEsQ0FDM0IsSUFBSSxVQUFVLENBQUM7d0JBQ2IsUUFBUSxFQUFFLHNDQUFzQzt3QkFDaEQsU0FBUyxFQUFFOzRCQUNULEtBQUssRUFBRTtnQ0FDTCx1QkFBdUI7Z0NBQ3ZCLFdBQVcsRUFBRSxTQUFTLENBQUMsRUFBRTs2QkFDMUI7eUJBQ0Y7cUJBQ0YsQ0FBQyxDQUNILENBQUM7b0JBRUYsT0FBTyxFQUFFLENBQUM7Z0JBQ1osQ0FBQyxDQUFBLENBQUM7Z0JBRUYsR0FBRyxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsUUFBUSxDQUFDLENBQUM7WUFDL0IsQ0FBQyxDQUFDLENBQUM7WUFFSCwwRkFBMEY7WUFDMUYsNkJBQTZCO1lBQzdCLElBQUksSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxNQUFNLENBQUMsU0FBUyxDQUFDLFFBQVEsRUFBRSxlQUFlLEVBQUU7Z0JBQ3hFLE9BQU8sRUFBRSxNQUFNO2FBQ2hCLENBQUMsQ0FBQztZQUVILElBQUksSUFBSSxDQUFDLGFBQWEsS0FBSyx1QkFBdUIsRUFBRTtnQkFDbEQsTUFBTSxJQUFJLHdCQUF3QixDQUNoQywwR0FBMEcsQ0FDM0csQ0FBQzthQUNIO1lBRUQsMEJBQTBCO1lBQzFCLCtFQUErRTtZQUMvRSwyQkFBMkI7WUFDM0IsSUFBSSxHQUFHLE1BQU0sSUFBSSxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQyxJQUFJLEVBQUUsY0FBYyxFQUFFLEVBQUUsQ0FBQyxDQUFDO1lBRXhFLE9BQU8sVUFBVSxDQUFDO1FBQ3BCLENBQUM7S0FBQTtJQUVELHlEQUF5RDtJQUN6RCxrQkFBa0I7SUFDbEIseURBQXlEO0lBQ3pELFVBQVUsQ0FBQyxRQUFnQixFQUFFLFFBQW1CO1FBQzlDLHlFQUF5RTtRQUN6RSx3QkFBd0I7UUFDeEIsSUFBSSxDQUFDLFFBQVEsQ0FBQyxLQUFLLENBQUMsUUFBUSxHQUFHLFFBQVEsQ0FBQztRQUV4QyxPQUFPLElBQUksQ0FBQyxhQUFhLENBQUMsUUFBUSxDQUFDLENBQUM7SUFDdEMsQ0FBQztJQUVhLGFBQWEsQ0FBQyxRQUFtQjs7WUFDN0MsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztZQUVsRCxNQUFNLEVBQUUsUUFBUSxFQUFFLGNBQWMsRUFBRSxHQUFHLFdBQVcsQ0FBQztZQUVqRCwyREFBMkQ7WUFDM0QsNkJBQTZCO1lBRTdCLE1BQU0sT0FBTyxHQUFHLENBQ2QsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsYUFBYSxpQkFDeEMsUUFBUSxJQUNMLGNBQWMsQ0FBQyxPQUFPLENBQUMsYUFBYSxFQUN2QyxDQUNILENBQUMsR0FBRyxDQUFDO1lBRU4sTUFBTSxTQUFTLEdBQUcsTUFBTSxJQUFJLENBQUMsZUFBZSxDQUFDLGlCQUFpQixDQUM1RCxjQUFjLENBQUMsT0FBTyxDQUFDLEVBQUUsRUFDekIsT0FBTyxFQUNQLGNBQWMsQ0FBQyxTQUFTLENBQUMsRUFBRSxDQUM1QixDQUFDO1lBRUYsTUFBTSxJQUFJLENBQUMsV0FBVyxDQUFDLGdCQUFnQixDQUFDLFNBQVMsQ0FBQyxDQUFDO1lBRW5ELE1BQU0sSUFBSSxDQUFDLGVBQWUsQ0FBQyxZQUFZLENBQUMsY0FBYyxDQUFDLENBQUM7WUFFeEQsSUFBSSxDQUFDLElBQUksR0FBRztnQkFDVixRQUFRO2dCQUNSLFNBQVMsRUFBRSxJQUFJO2dCQUNmLEdBQUcsRUFBRSxZQUFZO2dCQUNqQixVQUFVLEVBQUUsWUFBWTthQUN6QixDQUFDO1lBRUYsT0FBTyxJQUFJLENBQUMsSUFBSSxDQUFDO1FBQ25CLENBQUM7S0FBQTtJQUVEOztPQUVHO0lBQ0gsY0FBYztRQUNaLElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxDQUFDO0lBQ25CLENBQUM7Q0FDRixDQUFBO0FBcnZCUSw4QkFBaUIsR0FBRyxJQUFJLEdBQUcsRUFBRSxHQUFHLENBQUMsQ0FBQzs7O1lBSjFDLFVBQVUsU0FBQztnQkFDVixVQUFVLEVBQUUsTUFBTTthQUNuQjs7O1lBNURpRCxNQUFNO1lBQTNCLFFBQVE7WUFENUIsVUFBVTtZQUdWLFNBQVM7WUFJVCxnQkFBZ0I7WUFPaEIsVUFBVTtZQURWLGVBQWU7WUFEZixpQkFBaUI7WUFLakIsZUFBZTtZQU5mLFdBQVc7WUFPWCxjQUFjO1lBUmQsaUJBQWlCO1lBYWpCLGlDQUFpQzs0Q0ErRHJDLE1BQU0sU0FBQyxTQUFTOztBQXhCUixZQUFZO0lBTnhCLGlCQUFpQixDQUFDO1FBQ2pCLFVBQVUsRUFBRSxRQUFRO0tBQ3JCLENBQUM7R0FJVyxZQUFZLENBc3ZCeEI7U0F0dkJZLFlBQVkiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBIdHRwQ2xpZW50IH0gZnJvbSAnQGFuZ3VsYXIvY29tbW9uL2h0dHAnO1xuaW1wb3J0IHsgSW5qZWN0LCBJbmplY3RhYmxlLCBJbmplY3RvciwgaXNEZXZNb2RlLCBOZ1pvbmUgfSBmcm9tICdAYW5ndWxhci9jb3JlJztcbmltcG9ydCB7IENvZ25pdG9Vc2VyIH0gZnJvbSAnQGF3cy1hbXBsaWZ5L2F1dGgnO1xuaW1wb3J0IHsgQXV0aENsYXNzIH0gZnJvbSAnQGF3cy1hbXBsaWZ5L2F1dGgvbGliLWVzbS9BdXRoJztcbmltcG9ydCB7IEh1YiB9IGZyb20gJ0Bhd3MtYW1wbGlmeS9jb3JlJztcbmltcG9ydCB7IENvZ25pdG9Vc2VyQXR0cmlidXRlIH0gZnJvbSAnYW1hem9uLWNvZ25pdG8taWRlbnRpdHktanMnO1xuaW1wb3J0IHsgSldLIH0gZnJvbSAnbm9kZS1qb3NlJztcbmltcG9ydCB7IExyR3JhcGhRTFNlcnZpY2UsIExyTXV0YXRpb24sIExyU2VydmljZSB9IGZyb20gJy4uL2FwaS9sci1ncmFwaHFsJztcbmltcG9ydCB7IFRwQ2xhaW1TdGF0ZSB9IGZyb20gJy4uL2FwaS90eXBlcyc7XG5pbXBvcnQgeyBTZXRTZXNzaW9uRW5jcnlwdGlvbktleU11dGF0aW9uIH0gZnJvbSAnLi4vYXV0aC9hdXRoLmdxbCc7XG5pbXBvcnQgeyBFbmNyeXB0aW9uU2VydmljZSB9IGZyb20gJy4uL2VuY3J5cHRpb24vZW5jcnlwdGlvbi5zZXJ2aWNlJztcbmltcG9ydCB7IElkbGVTZXJ2aWNlIH0gZnJvbSAnLi4vaWRsZS9pZGxlLnNlcnZpY2UnO1xuaW1wb3J0IHsgS2V5RmFjdG9yeVNlcnZpY2UgfSBmcm9tICcuLi9rZXkva2V5LWZhY3Rvcnkuc2VydmljZSc7XG5pbXBvcnQgeyBLZXlHcmFwaFNlcnZpY2UgfSBmcm9tICcuLi9rZXkva2V5LWdyYXBoLnNlcnZpY2UnO1xuaW1wb3J0IHsgS2V5U2VydmljZSwgVXNlcktleXMgfSBmcm9tICcuLi9rZXkva2V5LnNlcnZpY2UnO1xuaW1wb3J0IHsgUGFzc0lkcFBhcmFtcyB9IGZyb20gJy4uL2tleS9rZXkudHlwZXMnO1xuaW1wb3J0IHsgS2NDb25maWcsIEtDX0NPTkZJRyB9IGZyb20gJy4uL2xpZmUtcmVhZHkuY29uZmlnJztcbmltcG9ydCB7IFBhc3N3b3JkU2VydmljZSB9IGZyb20gJy4uL3Bhc3N3b3JkL3Bhc3N3b3JkLnNlcnZpY2UnO1xuaW1wb3J0IHsgUGVyc2lzdFNlcnZpY2UgfSBmcm9tICcuLi9wZXJzaXN0L3BlcnNpc3Quc2VydmljZSc7XG5pbXBvcnQge1xuICBUUF9QQVNTV09SRF9SRVNFVF9DTElFTlRfTk9OQ0VfTEVOR1RILFxuICBUUF9QQVNTV09SRF9SRVNFVF9VU0VSTkFNRV9TVUZGSVgsXG59IGZyb20gJy4uL3RwLXBhc3N3b3JkLXJlc2V0L3RwLXBhc3N3b3JkLXJlc2V0LmNvbnN0YW50cyc7XG5pbXBvcnQgeyBUcFBhc3N3b3JkUmVzZXRBc3NlbWJseUNvbnRyb2xsZXIgfSBmcm9tICcuLi90cC1wYXNzd29yZC1yZXNldC90cC1wYXNzd29yZC1yZXNldC5jb250cm9sbGVyJztcbmltcG9ydCB7XG4gIENvbXBsZXRlVHBQYXNzd29yZFJlc2V0UmVxdWVzdE11dGF0aW9uLFxuICBDcmVhdGVUcEFzc2VtYmx5S2V5Q2hhbGxlbmdlTXV0YXRpb24sXG4gIFByZUNvbXBsZXRlVHBQYXNzd29yZFJlc2V0UmVxdWVzdE11dGF0aW9uLFxufSBmcm9tICcuLi90cC1wYXNzd29yZC1yZXNldC90cC1wYXNzd29yZC1yZXNldC5ncWwnO1xuaW1wb3J0IHtcbiAgS2NCYWRSZXF1ZXN0RXhjZXB0aW9uLFxuICBLY0JhZFN0YXRlRXhjZXB0aW9uLFxuICBLY0NvbmN1cnJlbnRBY2Nlc3NFeGNlcHRpb24sXG4gIEtjSW50ZXJuYWxFcnJvckV4Y2VwdGlvbixcbn0gZnJvbSAnLi4vX2NvbW1vbi9leGNlcHRpb25zJztcbmltcG9ydCB7IEtleUNvbnRhaW5lciB9IGZyb20gJy4uL19jb21tb24va2V5JztcbmltcG9ydCB7IFJ1bk91dHNpZGVBbmd1bGFyIH0gZnJvbSAnLi4vX2NvbW1vbi9ydW4tb3V0c2lkZS1hbmd1bGFyJztcbmltcG9ydCB7XG4gIEN1cnJlbnRVc2VyUXVlcnksXG4gIEN1cnJlbnRVc2VyUXVlcnlSZXN1bHQsXG4gIFJlc2V0VXNlclF1ZXJ5LFxuICBSZXNldFVzZXJRdWVyeVJlc3VsdCxcbn0gZnJvbSAnLi9hdXRoMi5ncWwucHJpdmF0ZSc7XG5pbXBvcnQge1xuICBBdXRoVXNlcixcbiAgQ29nbml0b0NoYWxsZW5nZU5hbWUsXG4gIExvZ2luQ2hhbGxlbmdlLFxuICBMb2dpbk9wdGlvbnMsXG4gIExvZ2luUmVzdWx0LFxuICBMb2dvdXRMaXN0ZW5lcixcbiAgTHJDb2duaXRvVXNlcixcbiAgUGFzc0lkcFJlc3VsdCxcbiAgUGFzc3dvcmRDaGFuZ2VTdGF0dXMsXG4gIFJlY292ZXJ5U3RhdHVzLFxufSBmcm9tICcuL2F1dGgyLnR5cGVzJztcblxuQFJ1bk91dHNpZGVBbmd1bGFyKHtcbiAgbmdab25lTmFtZTogJ25nWm9uZScsXG59KVxuQEluamVjdGFibGUoe1xuICBwcm92aWRlZEluOiAncm9vdCcsXG59KVxuZXhwb3J0IGNsYXNzIEF1dGgyU2VydmljZSBleHRlbmRzIExyU2VydmljZSB7XG4gIHN0YXRpYyBDSEFMTEVOR0VfVElNRU9VVCA9IDEwMDAgKiA2MCAqIDU7XG5cbiAgLy8gQ291bGQgdXNlIHJ4anMgb2JzZXJ2YWJsZXMgaGVyZS4gQnV0IHRyeWluZyB0byBoYXZlIGtjLWNsaWVudCB1c2UgYXMgbGl0dGxlIGFuZ3VsYXJcbiAgLy8gZmVhdHVyZXMgYXMgcG9zc2libGUuIFJ4anMgaXMgbm90IHVzZWQgYW55d2hlcmUgZWxzZSBpbiBrYy1jbGllbnQuXG4gIHByaXZhdGUgbG9nb3V0TGlzdGVuZXJzID0gbmV3IFNldDxMb2dvdXRMaXN0ZW5lcj4oKTtcbiAgcHJpdmF0ZSB1c2VyOiBBdXRoVXNlcjtcbiAgLy8gU3RvcmVzIHRoZSBwYXNzd29yZCBmb3IgdXNlIGFmdGVyIG1mYSB2ZXJpZmljYXRpb24gdG8gZGVjcnlwdCBtYXN0ZXJLZXkuXG4gIHByaXZhdGUgcGFzc3dvcmQ6IEtleUNvbnRhaW5lciA9IG51bGw7XG5cbiAgY29uc3RydWN0b3IoXG4gICAgcHJpdmF0ZSBuZ1pvbmU6IE5nWm9uZSxcbiAgICBwcml2YXRlIGluamVjdG9yOiBJbmplY3RvcixcbiAgICBwcml2YXRlIGh0dHA6IEh0dHBDbGllbnQsXG4gICAgcHJpdmF0ZSBjb2duaXRvOiBBdXRoQ2xhc3MsXG4gICAgcHJpdmF0ZSBhcGk6IExyR3JhcGhRTFNlcnZpY2UsXG4gICAgcHJpdmF0ZSBrZXlTZXJ2aWNlOiBLZXlTZXJ2aWNlLFxuICAgIHByaXZhdGUga2V5R3JhcGhTZXJ2aWNlOiBLZXlHcmFwaFNlcnZpY2UsXG4gICAgcHJpdmF0ZSBrZXlGYWN0b3J5U2VydmljZTogS2V5RmFjdG9yeVNlcnZpY2UsXG4gICAgcHJpdmF0ZSBwYXNzd29yZFNlcnZpY2U6IFBhc3N3b3JkU2VydmljZSxcbiAgICBwcml2YXRlIGlkbGVTZXJ2aWNlOiBJZGxlU2VydmljZSxcbiAgICBwcml2YXRlIHBlcnNpc3RTZXJ2aWNlOiBQZXJzaXN0U2VydmljZSxcbiAgICBwcml2YXRlIGVuY3J5cHRpb25TZXJ2aWNlOiBFbmNyeXB0aW9uU2VydmljZSxcbiAgICBwcml2YXRlIGFzc2VtYmx5Q29udHJvbGxlcjogVHBQYXNzd29yZFJlc2V0QXNzZW1ibHlDb250cm9sbGVyLFxuICAgIEBJbmplY3QoS0NfQ09ORklHKSBwcml2YXRlIGtjQ29uZmlnOiBLY0NvbmZpZ1xuICApIHtcbiAgICBzdXBlcihpbmplY3Rvcik7XG4gICAgaWYgKCFpc0Rldk1vZGUoKSkge1xuICAgICAgaWYgKHRoaXMua2NDb25maWcuZGVidWcgIT0gbnVsbCkge1xuICAgICAgICB0aHJvdyBuZXcgS2NCYWRSZXF1ZXN0RXhjZXB0aW9uKFxuICAgICAgICAgICdJbiBwcm9kdWN0aW9uIG1vZGUsIFwiS2NDb25maWcuZGVidWdcIiBtdXN0IGJlIHNldCB0byBudWxsJ1xuICAgICAgICApO1xuICAgICAgfVxuICAgIH1cbiAgfVxuXG4gIGltcG9ydFBhc3N3b3JkKHBsYWluUGFzc3dvcmQ6IHN0cmluZyk6IFByb21pc2U8Q3J5cHRvS2V5PiB7XG4gICAgcmV0dXJuIHRoaXMua2V5RmFjdG9yeVNlcnZpY2UuaW1wb3J0UGFzc3dvcmQocGxhaW5QYXNzd29yZCk7XG4gIH1cblxuICBhc3luYyBsb2dvdXQoKTogUHJvbWlzZTx2b2lkPiB7XG4gICAgLy8gTm90aWZ5IGFsbCBsaXN0ZW5lcnMgdG8gY2xlYW4gdXAuXG4gICAgYXdhaXQgUHJvbWlzZS5hbGwoWy4uLnRoaXMubG9nb3V0TGlzdGVuZXJzXS5tYXAoKGNhbGxiYWNrKSA9PiBjYWxsYmFjaygpKSk7XG5cbiAgICB0aGlzLnVzZXIgPSBudWxsO1xuICAgIHRoaXMua2V5U2VydmljZS5wdXJnZUtleXMoKTtcbiAgICB0aGlzLmtleUdyYXBoU2VydmljZS5wdXJnZUtleXMoKTtcblxuICAgIC8vIFNpZ24gb3V0IG9uIGJvdGggY29nbml0byBhbmQga2Mtc2VydmVyXG4gICAgYXdhaXQgUHJvbWlzZS5hbGwoW3RoaXMuY29nbml0by5zaWduT3V0KCksIHRoaXMua2NMb2dvdXQoKV0pO1xuXG4gICAgaWYgKHRoaXMua2NDb25maWcuZGVidWc/LnVzZXJuYW1lKSB7XG4gICAgICB0aGlzLmtjQ29uZmlnLmRlYnVnLnVzZXJuYW1lID0gbnVsbDtcbiAgICB9XG4gIH1cblxuICBhZGRMb2dvdXRMaXN0ZW5lcihjYWxsYmFjazogTG9nb3V0TGlzdGVuZXIpIHtcbiAgICB0aGlzLmxvZ291dExpc3RlbmVycy5hZGQoY2FsbGJhY2spO1xuICB9XG5cbiAgcmVtb3ZlTG9nb3V0TGlzdGVuZXIoY2FsbGJhY2s6IExvZ291dExpc3RlbmVyKSB7XG4gICAgdGhpcy5sb2dvdXRMaXN0ZW5lcnMuZGVsZXRlKGNhbGxiYWNrKTtcbiAgfVxuXG4gIGFzeW5jIGxvZ2luKFxuICAgIGVtYWlsT3JQaG9uZTogc3RyaW5nLFxuICAgIHBhc3N3b3JkOiBDcnlwdG9LZXksXG4gICAgeyB0cFBhc3N3b3JkUmVzZXRBdXRvQ29tcGxldGUgPSB0cnVlIH06IExvZ2luT3B0aW9ucyA9IHt9XG4gICk6IFByb21pc2U8TG9naW5SZXN1bHQ+IHtcbiAgICBsZXQgbG9naW5SZXN1bHQ6IExvZ2luUmVzdWx0ID0gYXdhaXQgdGhpcy5sb2dpbkltcGwoZW1haWxPclBob25lLCBwYXNzd29yZCk7XG5cbiAgICAvLyBTYXZlIHRoZSBwYXNzd29yZCBmb3IgdXNlIGFmdGVyIG1lZXRpbmcgY2hhbGxlbmdlLlxuICAgIGlmIChsb2dpblJlc3VsdC5jaGFsbGVuZ2UpIHtcbiAgICAgIHRoaXMucGFzc3dvcmQgPSBuZXcgS2V5Q29udGFpbmVyKFxuICAgICAgICBwYXNzd29yZCxcbiAgICAgICAgQXV0aDJTZXJ2aWNlLkNIQUxMRU5HRV9USU1FT1VUXG4gICAgICApO1xuXG4gICAgICByZXR1cm4gbG9naW5SZXN1bHQ7XG4gICAgfVxuXG4gICAgaWYgKFxuICAgICAgdHBQYXNzd29yZFJlc2V0QXV0b0NvbXBsZXRlICYmXG4gICAgICBsb2dpblJlc3VsdC51c2VyLnJlc2V0VXNlcj8uc3RhdGUgPT09IFRwQ2xhaW1TdGF0ZS5BUFBST1ZFRFxuICAgICkge1xuICAgICAgYXdhaXQgdGhpcy5jb21wbGV0ZVJlc2V0UmVxdWVzdChwYXNzd29yZCk7XG4gICAgICBsb2dpblJlc3VsdCA9IGF3YWl0IHRoaXMubG9naW5JbXBsKGVtYWlsT3JQaG9uZSwgcGFzc3dvcmQpO1xuICAgIH1cblxuICAgIHJldHVybiBsb2dpblJlc3VsdDtcbiAgfVxuXG4gIGFzeW5jIHZlcmlmeUxvZ2luKG9wdGlvbnM6IHtcbiAgICBjaGFsbGVuZ2U6IExvZ2luQ2hhbGxlbmdlO1xuICAgIGNvZGU6IHN0cmluZztcbiAgICByZW1lbWJlck1lOiBib29sZWFuO1xuICB9KTogUHJvbWlzZTxMb2dpblJlc3VsdD4ge1xuICAgIGNvbnN0IHsgY2hhbGxlbmdlLCBjb2RlLCByZW1lbWJlck1lIH0gPSBvcHRpb25zO1xuXG4gICAgY29uc3QgVkFMSURfQ0hBTExFTkdFX05BTUVTID0gW1xuICAgICAgQ29nbml0b0NoYWxsZW5nZU5hbWUuU01TX01GQSxcbiAgICAgIENvZ25pdG9DaGFsbGVuZ2VOYW1lLlNPRlRXQVJFX1RPS0VOX01GQSxcbiAgICBdO1xuXG4gICAgaWYgKCFWQUxJRF9DSEFMTEVOR0VfTkFNRVMuaW5jbHVkZXMoY2hhbGxlbmdlLmNvZ25pdG9Vc2VyLmNoYWxsZW5nZU5hbWUpKSB7XG4gICAgICB0aHJvdyBuZXcgS2NCYWRSZXF1ZXN0RXhjZXB0aW9uKFxuICAgICAgICBgY2hhbGxlbmdlTmFtZSBtdXN0IGJlIG9uZSBvZiAke1ZBTElEX0NIQUxMRU5HRV9OQU1FU31gXG4gICAgICApO1xuICAgIH1cblxuICAgIC8vIFRPRE86IHRoaXMuYXV0aC5jb25maXJtU2lnbkluKCkgY291bGQgcmV0dXJuIGFub3RoZXIgY2hhbGxlbmdlLlxuICAgIGNvbnN0IGNvZ25pdG9Vc2VyID0gYXdhaXQgdGhpcy5jb2duaXRvLmNvbmZpcm1TaWduSW4oXG4gICAgICBjaGFsbGVuZ2UuY29nbml0b1VzZXIsXG4gICAgICBjb2RlLFxuICAgICAgY2hhbGxlbmdlLmNvZ25pdG9Vc2VyLmNoYWxsZW5nZU5hbWUgYXNcbiAgICAgICAgfCBDb2duaXRvQ2hhbGxlbmdlTmFtZS5TTVNfTUZBXG4gICAgICAgIHwgQ29nbml0b0NoYWxsZW5nZU5hbWUuU09GVFdBUkVfVE9LRU5fTUZBXG4gICAgKTtcblxuICAgIGF3YWl0IHRoaXMuaGFuZGxlUG9zdEF1dGgoY2hhbGxlbmdlLnJlY292ZXJ5U3RhdHVzKTtcblxuICAgIGNvbnN0IHVzZXIgPSBhd2FpdCB0aGlzLmxvYWRVc2VyKGNvZ25pdG9Vc2VyLCB0aGlzLnBhc3N3b3JkLnBvcCgpKTtcblxuICAgIC8vIFRoaXMgaXMgbm90IHN0cmljdGx5IG5lY2Vzc2FyeSBzaW5jZSB0aGUgdGhpcy5wYXNzd29yZC5wb3AoKSBhbHJlYWR5IGNsZWFycyB0aGVcbiAgICAvLyBwYXNzd29yZCBpbnNpZGUgdGhlIGNvbnRhaW5lci4gQnV0IGRvZXNuJ3QgaHVydCBlaXRoZXIuXG4gICAgdGhpcy5wYXNzd29yZCA9IG51bGw7XG5cbiAgICBpZiAocmVtZW1iZXJNZSkge1xuICAgICAgY29nbml0b1VzZXIuc2V0RGV2aWNlU3RhdHVzUmVtZW1iZXJlZCh7XG4gICAgICAgIG9uU3VjY2VzczogKCkgPT4ge1xuICAgICAgICAgIHJldHVybjtcbiAgICAgICAgfSxcbiAgICAgICAgb25GYWlsdXJlOiAoZSkgPT4gY29uc29sZS5lcnJvcihlKSxcbiAgICAgIH0pO1xuICAgIH1cblxuICAgIHJldHVybiB7XG4gICAgICB1c2VyLFxuICAgIH07XG4gIH1cblxuICBhc3luYyBnZXRVc2VyKCk6IFByb21pc2U8QXV0aFVzZXI+IHtcbiAgICBpZiAodGhpcy51c2VyKSB7XG4gICAgICByZXR1cm4gdGhpcy51c2VyO1xuICAgIH1cblxuICAgIGNvbnN0IGNvZ25pdG9Vc2VyID0gYXdhaXQgdGhpcy5jb2duaXRvLmN1cnJlbnRBdXRoZW50aWNhdGVkVXNlcigpO1xuXG4gICAgcmV0dXJuIHRoaXMubG9hZFVzZXIoY29nbml0b1VzZXIpO1xuICB9XG5cbiAgYXN5bmMgcmVmcmVzaEFjY2Vzc1Rva2VuKCkge1xuICAgIGNvbnN0IGNvZ25pdG9Vc2VyOiBDb2duaXRvVXNlciA9XG4gICAgICBhd2FpdCB0aGlzLmNvZ25pdG8uY3VycmVudEF1dGhlbnRpY2F0ZWRVc2VyKCk7XG4gICAgY29uc3QgcmVmcmVzaFRva2VuID0gY29nbml0b1VzZXIuZ2V0U2lnbkluVXNlclNlc3Npb24oKS5nZXRSZWZyZXNoVG9rZW4oKTtcblxuICAgIGNvbnNvbGUubG9nKCdUb2tlbiByZWZyZXNoLi4uJyk7XG4gICAgcmV0dXJuIG5ldyBQcm9taXNlKChyZXNvbHZlLCByZWplY3QpID0+IHtcbiAgICAgIGNvZ25pdG9Vc2VyLnJlZnJlc2hTZXNzaW9uKHJlZnJlc2hUb2tlbiwgKGVycikgPT4ge1xuICAgICAgICBpZiAoZXJyKSB7XG4gICAgICAgICAgY29uc29sZS5lcnJvcignRXJyb3IgcmVmcmVzaGluZyB0b2tlbjogJywgZXJyKTtcbiAgICAgICAgICByZWplY3QoZXJyKTtcbiAgICAgICAgfSBlbHNlIHtcbiAgICAgICAgICBjb25zb2xlLmxvZygnVG9rZW4gcmVmcmVzaCBjb21wbGV0ZScpO1xuICAgICAgICAgIHJlc29sdmUoMCk7XG4gICAgICAgIH1cbiAgICAgIH0pO1xuICAgIH0pO1xuICB9XG5cbiAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAvLyBIZWxwZXJzXG4gIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cblxuICBwcml2YXRlIGFzeW5jIGZldGNoQ3VycmVudFVzZXIoKSB7XG4gICAgcmV0dXJuIChcbiAgICAgIGF3YWl0IHRoaXMuYXBpLnF1ZXJ5PEN1cnJlbnRVc2VyUXVlcnlSZXN1bHQ+KHtcbiAgICAgICAgcXVlcnk6IEN1cnJlbnRVc2VyUXVlcnksXG4gICAgICAgIHByb2Nlc3Nvck9wdGlvbnM6IHtcbiAgICAgICAgICBoYXNLZXlzOiBmYWxzZSwgLy8gRG9uJ3QgdHJ5IHRvIGRlY3J5cHQgYW55dGhpbmcgYmVjYXVzZSBrZXlzIGhhdmUgbm90IGJlZW4gc2V0dXAgeWV0XG4gICAgICAgIH0sXG4gICAgICB9KVxuICAgICkuY3VycmVudFVzZXI7XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGZldGNoUmVzZXRVc2VyKCkge1xuICAgIHJldHVybiAoXG4gICAgICBhd2FpdCB0aGlzLmFwaS5xdWVyeTxSZXNldFVzZXJRdWVyeVJlc3VsdD4oe1xuICAgICAgICBxdWVyeTogUmVzZXRVc2VyUXVlcnksXG4gICAgICAgIHByb2Nlc3Nvck9wdGlvbnM6IHtcbiAgICAgICAgICBoYXNLZXlzOiBmYWxzZSwgLy8gRG9uJ3QgdHJ5IHRvIGRlY3J5cHQgYW55dGhpbmcgYmVjYXVzZSBrZXlzIGhhdmUgbm90IGJlZW4gc2V0dXAgeWV0XG4gICAgICAgIH0sXG4gICAgICB9KVxuICAgICkudHBQYXNzd29yZFJlc2V0VXNlcjtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMga2NMb2dvdXQoKTogUHJvbWlzZTx2b2lkPiB7XG4gICAgYXdhaXQgdGhpcy5odHRwXG4gICAgICAucG9zdChgJHt0aGlzLmtjQ29uZmlnLmF1dGhVcmx9YXV0aC9zaWduLW91dC9gLCBudWxsLCB7XG4gICAgICAgIHdpdGhDcmVkZW50aWFsczogdHJ1ZSxcbiAgICAgICAgcmVzcG9uc2VUeXBlOiAndGV4dCcsXG4gICAgICB9KVxuICAgICAgLnRvUHJvbWlzZSgpO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBmZXRjaFBhc3NJZHBQYXJhbXMoXG4gICAgZW1haWxPclBob25lOiBzdHJpbmdcbiAgKTogUHJvbWlzZTxQYXNzSWRwUmVzdWx0PiB7XG4gICAgcmV0dXJuIGF3YWl0IHRoaXMuaHR0cFxuICAgICAgLmdldDxQYXNzSWRwUmVzdWx0PihcbiAgICAgICAgYCR7XG4gICAgICAgICAgdGhpcy5rY0NvbmZpZy5hdXRoVXJsXG4gICAgICAgIH11c2Vycy9wYXNzLWlkcC1wYXJhbXMvP2xvZ2luX25hbWU9JHtlbmNvZGVVUklDb21wb25lbnQoZW1haWxPclBob25lKX1gXG4gICAgICApXG4gICAgICAudG9Qcm9taXNlKCk7XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGxvZ2luSW1wbChcbiAgICBlbWFpbE9yUGhvbmU6IHN0cmluZyxcbiAgICBwYXNzd29yZDogQ3J5cHRvS2V5XG4gICk6IFByb21pc2U8TG9naW5SZXN1bHQ+IHtcbiAgICBhd2FpdCB0aGlzLmxvZ291dCgpO1xuICAgIGNvbnN0IGxvZ2luSWRwUmVzdWx0ID0gYXdhaXQgdGhpcy5sb2dpbklkcChlbWFpbE9yUGhvbmUsIHBhc3N3b3JkKTtcblxuICAgIC8vIENhbid0IGdldCB0aGUgdXNlciB5ZXQgYmVjYXVzZSB3ZSBzdGlsbCBuZWQgdG8gbWVldCBNRkEgY2hhbGxlbmdlc1xuICAgIGlmIChcbiAgICAgIFtcbiAgICAgICAgQ29nbml0b0NoYWxsZW5nZU5hbWUuU01TX01GQSxcbiAgICAgICAgQ29nbml0b0NoYWxsZW5nZU5hbWUuU09GVFdBUkVfVE9LRU5fTUZBLFxuICAgICAgXS5pbmNsdWRlcyhsb2dpbklkcFJlc3VsdC5jb2duaXRvVXNlci5jaGFsbGVuZ2VOYW1lKVxuICAgICkge1xuICAgICAgcmV0dXJuIHtcbiAgICAgICAgY2hhbGxlbmdlOiB7XG4gICAgICAgICAgY29nbml0b1VzZXI6IGxvZ2luSWRwUmVzdWx0LmNvZ25pdG9Vc2VyLFxuICAgICAgICAgIHJlY292ZXJ5U3RhdHVzOiBsb2dpbklkcFJlc3VsdC5yZWNvdmVyeVN0YXR1cyxcbiAgICAgICAgfSxcbiAgICAgIH07XG4gICAgfVxuXG4gICAgYXdhaXQgdGhpcy5oYW5kbGVQb3N0QXV0aChsb2dpbklkcFJlc3VsdC5yZWNvdmVyeVN0YXR1cyk7XG4gICAgLy8gVGhlcmUgc2hvdWxkIGJlIG5vIE1GQSBvbiB0aGUgVFAgcmVzZXQgdXNlci5cbiAgICBjb25zdCB1c2VyID0gYXdhaXQgdGhpcy5sb2FkVXNlcihsb2dpbklkcFJlc3VsdC5jb2duaXRvVXNlciwgcGFzc3dvcmQpO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIHVzZXIsXG4gICAgfTtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgbG9naW5JZHAoXG4gICAgZW1haWxPclBob25lOiBzdHJpbmcsXG4gICAgcGFzc3dvcmQ6IENyeXB0b0tleVxuICApOiBQcm9taXNlPExvZ2luQ2hhbGxlbmdlPiB7XG4gICAgLy8gRG93bmxvYWQgdGhlIHNhbHQgbmVlZGVkIHRvIGRlcml2ZSB0aGUgUGFzc0lkcFxuICAgIGNvbnN0IHBhc3NJZHBBcGlSZXN1bHQgPSBhd2FpdCB0aGlzLmZldGNoUGFzc0lkcFBhcmFtcyhlbWFpbE9yUGhvbmUpO1xuXG4gICAgaWYgKFxuICAgICAgcGFzc0lkcEFwaVJlc3VsdC5wYXNzd29yZENoYW5nZVN0YXR1cyA9PT0gUGFzc3dvcmRDaGFuZ2VTdGF0dXMuSU5fUFJPR1JFU1NcbiAgICApIHtcbiAgICAgIHRocm93IG5ldyBLY0NvbmN1cnJlbnRBY2Nlc3NFeGNlcHRpb24oJ0EgcGFzc3dvcmQgY2hhbmdlIGlzIGluIHByb2dyZXNzJyk7XG4gICAgfVxuXG4gICAgaWYgKFxuICAgICAgcGFzc0lkcEFwaVJlc3VsdC5wYXNzd29yZENoYW5nZVN0YXR1cyA9PT0gUGFzc3dvcmRDaGFuZ2VTdGF0dXMuUkVDT1ZFUllcbiAgICApIHtcbiAgICAgIGNvbnNvbGUubG9nKCdJbiByZWNvdmVyeSBtb2RlLicpO1xuXG4gICAgICAvLyBMZXQncyBzYXkgd2UgZG9uJ3Qga25vdyBpZiB0aGUgcGFzc3dvcmQgaXMgdGhlIG5ldyBvbmUgb3IgdGhlIG9sZCBvbmUuIFdlIGp1c3QgaGF2ZSB0byB0cnkgYm90aC5cbiAgICAgIHRyeSB7XG4gICAgICAgIGNvbnN0IHVzZXI6IExvZ2luQ2hhbGxlbmdlID0ge1xuICAgICAgICAgIGNvZ25pdG9Vc2VyOiBhd2FpdCB0aGlzLmxvZ2luSWRwSW1wbChcbiAgICAgICAgICAgIGVtYWlsT3JQaG9uZSxcbiAgICAgICAgICAgIHBhc3N3b3JkLFxuICAgICAgICAgICAgcGFzc0lkcEFwaVJlc3VsdC5uZXdQYXNzSWRwUGFyYW1zXG4gICAgICAgICAgKSxcbiAgICAgICAgICByZWNvdmVyeVN0YXR1czogUmVjb3ZlcnlTdGF0dXMuTkVXX1BBU1NXT1JELFxuICAgICAgICB9O1xuICAgICAgICAvLyBOZXcgcGFzc3dvcmQgd29ya2VkLiBMZXQncyBzZXQgdG8gdGhlIGN1cnJlbnQgcGFzc3dvcmRcblxuICAgICAgICAvLyAtLVBvdGVudGlhbCBGYWlsdXJlIFBvaW50IDEtLVxuICAgICAgICAvLyBpZiBjaGFuZ2VQYXNzd29yZENvbXBsZXRlKCkgZG9lc24ndCBnZXQgY2FsbGVkLCB0aGVuIGl0IHNob3VsZCByZW1haW5cblxuICAgICAgICBjb25zb2xlLmxvZygnTmV3IHBhc3N3b3JkIHdvcmtzIScpO1xuXG4gICAgICAgIHJldHVybiB1c2VyO1xuICAgICAgfSBjYXRjaCAoZXJyb3IpIHtcbiAgICAgICAgLy8gSnVzdCBidWJibGUgdXAgYW55IG90aGVyIHR5cGUgb2YgZXJyb3IuXG4gICAgICAgIGlmIChlcnJvci5jb2RlICE9PSAnTm90QXV0aG9yaXplZEV4Y2VwdGlvbicpIHtcbiAgICAgICAgICB0aHJvdyBlcnJvcjtcbiAgICAgICAgfVxuICAgICAgICAvLyBwYXNzLCB0cnkgYWdhaW4gYXNzdW1pbmcgaXQncyB0aGUgb2xkIHBhc3N3b3JkXG4gICAgICB9XG5cbiAgICAgIC8vIE5vdyBhc3N1bWUgaXQncyB0aGUgcHJldmlvdXMgcGFzc3dvcmQuIEFueSBleGNlcHRpb24gaXMgYWxsb3dlZCB0byBidWJibGUgdXAuXG4gICAgICB0cnkge1xuICAgICAgICBjb25zdCB1c2VyOiBMb2dpbkNoYWxsZW5nZSA9IHtcbiAgICAgICAgICBjb2duaXRvVXNlcjogYXdhaXQgdGhpcy5sb2dpbklkcEltcGwoXG4gICAgICAgICAgICBlbWFpbE9yUGhvbmUsXG4gICAgICAgICAgICBwYXNzd29yZCxcbiAgICAgICAgICAgIHBhc3NJZHBBcGlSZXN1bHQuY3VycmVudFBhc3NJZHBQYXJhbXNcbiAgICAgICAgICApLFxuICAgICAgICAgIHJlY292ZXJ5U3RhdHVzOiBSZWNvdmVyeVN0YXR1cy5PTERfUEFTU1dPUkQsXG4gICAgICAgIH07XG4gICAgICAgIC8vIE9sZCBwYXNzd29yZCB3b3JrZWQuXG4gICAgICAgIGNvbnNvbGUubG9nKCdPbGQgcGFzc3dvcmQgd29ya3MhJyk7XG5cbiAgICAgICAgcmV0dXJuIHVzZXI7XG4gICAgICB9IGNhdGNoIChlcnJvcikge1xuICAgICAgICAvLyBKdXN0IGJ1YmJsZSB1cCBhbnkgb3RoZXIgdHlwZSBvZiBlcnJvci5cbiAgICAgICAgdGhyb3cgZXJyb3IuY29kZSA9PT0gJ05vdEF1dGhvcml6ZWRFeGNlcHRpb24nXG4gICAgICAgICAgPyBuZXcgS2NCYWRSZXF1ZXN0RXhjZXB0aW9uKFxuICAgICAgICAgICAgICAnVGhlIHBhc3N3b3JkIGNoYW5nZSByZXF1ZXN0IHdhcyBpbnRlcnJ1cHRlZCwgcGxlYXNlIHRyeSB0byBsb2dpbiB3aXRoIGJvdGggeW91ciBuZXcgYW5kIG9sZCBwYXNzd29yZCdcbiAgICAgICAgICAgIClcbiAgICAgICAgICA6IGVycm9yO1xuICAgICAgfVxuICAgIH1cblxuICAgIC8vIFRyeSBhZ2FpbiBhcyB0aGUgVFAgcGFzc3dvcmQgcmVzZXQgYWNjb3VudFxuICAgIGlmIChwYXNzSWRwQXBpUmVzdWx0LnRwUGFzc3dvcmRSZXNldCkge1xuICAgICAgdHJ5IHtcbiAgICAgICAgLy8gVFAgcGFzc3dvcmQgcmVzZXQgaXMgaW4gcHJvY2Vzcy4gV2UgbmVlZCB0byB0cnkgdGhlIHBhc3N3b3JkIGFnYWluc3QgYm90aFxuICAgICAgICAvLyBvcmlnaW5hbCBhY2NvdW50IGFuZCB0aGUgbmV3IHJlc2V0IGFjY291bnQuXG4gICAgICAgIGNvbnN0IHJlc2V0ID0gcGFzc0lkcEFwaVJlc3VsdC50cFBhc3N3b3JkUmVzZXQ7XG4gICAgICAgIGNvbnN0IHVzZXI6IExvZ2luQ2hhbGxlbmdlID0ge1xuICAgICAgICAgIGNvZ25pdG9Vc2VyOiBhd2FpdCB0aGlzLmxvZ2luSWRwSW1wbChcbiAgICAgICAgICAgIHJlc2V0LnJlc2V0VXNlcm5hbWUsXG4gICAgICAgICAgICBwYXNzd29yZCxcbiAgICAgICAgICAgIHJlc2V0LnBhc3NJZHBQYXJhbXNcbiAgICAgICAgICApLFxuICAgICAgICAgIHJlY292ZXJ5U3RhdHVzOiBSZWNvdmVyeVN0YXR1cy5OT05FLFxuICAgICAgICB9O1xuXG4gICAgICAgIHJldHVybiB1c2VyO1xuICAgICAgfSBjYXRjaCAoZXJyKSB7XG4gICAgICAgIC8vIGNvbnRpbnVlLCB0cnkgYWdhaW4gYXMgcmVndWxhciB1c2VyLlxuICAgICAgfVxuICAgIH1cblxuICAgIC8vIExvZ2luIGFzIHJlZ3VsYXIgdXNlclxuICAgIGNvbnN0IHVzZXI6IExvZ2luQ2hhbGxlbmdlID0ge1xuICAgICAgY29nbml0b1VzZXI6IGF3YWl0IHRoaXMubG9naW5JZHBJbXBsKFxuICAgICAgICBlbWFpbE9yUGhvbmUsXG4gICAgICAgIHBhc3N3b3JkLFxuICAgICAgICBwYXNzSWRwQXBpUmVzdWx0LmN1cnJlbnRQYXNzSWRwUGFyYW1zXG4gICAgICApLFxuICAgICAgcmVjb3ZlcnlTdGF0dXM6IFJlY292ZXJ5U3RhdHVzLk5PTkUsXG4gICAgfTtcblxuICAgIHJldHVybiB1c2VyO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBsb2dpbklkcEltcGwoXG4gICAgZW1haWxPclBob25lOiBzdHJpbmcsXG4gICAgcGFzc3dvcmQ6IENyeXB0b0tleSxcbiAgICBwYXNzSWRwUGFyYW1zOiBQYXNzSWRwUGFyYW1zXG4gICk6IFByb21pc2U8THJDb2duaXRvVXNlcj4ge1xuICAgIGNvbnN0IHBhc3NJZHBSZXN1bHQgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnlTZXJ2aWNlLmRlcml2ZVBhc3NJZHAoe1xuICAgICAgcGFzc3dvcmQsXG4gICAgICAuLi5wYXNzSWRwUGFyYW1zLFxuICAgIH0pO1xuXG4gICAgLy8gVXNlIHRoZSBkZXJpdmVkIHBhc3N3b3JkIHRvIHNpZ25pbiB3aXRoIGNvZ25pdG9cbiAgICByZXR1cm4gdGhpcy5jb2duaXRvLnNpZ25JbihcbiAgICAgIGVtYWlsT3JQaG9uZSxcbiAgICAgIHRoaXMucGFzc3dvcmRTZXJ2aWNlLmdldFBhc3NJZHBTdHJpbmcocGFzc0lkcFJlc3VsdC5qd2spXG4gICAgKTtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgaGFuZGxlUG9zdEF1dGgocmVjb3ZlcnlTdGF0dXM6IFJlY292ZXJ5U3RhdHVzKSB7XG4gICAgYXdhaXQgdGhpcy5oYW5kbGVQYXNzd29yZFJlY292ZXJ5KHJlY292ZXJ5U3RhdHVzKTtcbiAgICBhd2FpdCB0aGlzLmhhbmRsZVNlc3Npb25FbmNyeXB0aW9uS2V5KCk7XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGhhbmRsZVBhc3N3b3JkUmVjb3ZlcnkocmVjb3ZlcnlTdGF0dXM6IFJlY292ZXJ5U3RhdHVzKSB7XG4gICAgaWYgKHJlY292ZXJ5U3RhdHVzICE9PSBSZWNvdmVyeVN0YXR1cy5OT05FKSB7XG4gICAgICBhd2FpdCB0aGlzLnBhc3N3b3JkU2VydmljZS5jaGFuZ2VQYXNzd29yZENvbXBsZXRlKHtcbiAgICAgICAgdXNlTmV3UGFzc3dvcmQ6IHJlY292ZXJ5U3RhdHVzID09PSBSZWNvdmVyeVN0YXR1cy5ORVdfUEFTU1dPUkQsXG4gICAgICB9KTtcbiAgICB9XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGhhbmRsZVNlc3Npb25FbmNyeXB0aW9uS2V5KCkge1xuICAgIGlmICh0aGlzLmtjQ29uZmlnLmRpc2FibGVTZXNzaW9uRW5jcnlwdGlvbktleSkge1xuICAgICAgaWYgKCFpc0Rldk1vZGUoKSkge1xuICAgICAgICBjb25zdCBtc2cgPVxuICAgICAgICAgICdZb3Ugc2hvdWxkIG5vdCBzZXQgZGlzYWJsZVNlc3Npb25FbmNyeXB0aW9uS2V5PVRydWUgaW4gbW9kZSBwcm9kLiBJdCBkZWZhdWx0cyB0byBmYWxzZS4nO1xuICAgICAgICBjb25zb2xlLmVycm9yKG1zZyk7XG4gICAgICAgIHRocm93IG5ldyBLY0ludGVybmFsRXJyb3JFeGNlcHRpb24obXNnKTtcbiAgICAgIH0gZWxzZSB7XG4gICAgICAgIGNvbnNvbGUud2FybihcbiAgICAgICAgICAnWW91IGhhdmUgc2V0IGRpc2FibGVTZXNzaW9uRW5jcnlwdGlvbktleT1UcnVlLiBNYWtlIHN1cmUgbm90IHRvIGRvIHRoaXMgaW4gcHJvZCBtb2RlLidcbiAgICAgICAgKTtcbiAgICAgIH1cbiAgICB9IGVsc2Uge1xuICAgICAgLy8gU2V0IHRoZSBzZXNzaW9uIGtleSB0byBhIG5ldyBlbmNyeXB0aW9uIGtleSBmb3IgdGhpcyBzZXNzaW9uXG4gICAgICBjb25zdCBzZXNzaW9uRW5jcnlwdGlvbktleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeVNlcnZpY2UuY3JlYXRlS2V5KCk7XG4gICAgICBhd2FpdCB0aGlzLmxyR3JhcGhRTC5sck11dGF0ZShcbiAgICAgICAgbmV3IExyTXV0YXRpb24oe1xuICAgICAgICAgIG11dGF0aW9uOiBTZXRTZXNzaW9uRW5jcnlwdGlvbktleU11dGF0aW9uLFxuICAgICAgICAgIHZhcmlhYmxlczoge1xuICAgICAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICAgICAgc2Vzc2lvbkVuY3J5cHRpb25LZXk6IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgICAgICAgIHNlc3Npb25FbmNyeXB0aW9uS2V5LnRvSlNPTih0cnVlKVxuICAgICAgICAgICAgICApLFxuICAgICAgICAgICAgfSxcbiAgICAgICAgICB9LFxuICAgICAgICB9KSxcbiAgICAgICAge1xuICAgICAgICAgIGluY2x1ZGVLZXlHcmFwaDogZmFsc2UsXG4gICAgICAgIH1cbiAgICAgICk7XG5cbiAgICAgIHRoaXMucGVyc2lzdFNlcnZpY2Uuc2V0U2VydmVyU2Vzc2lvbkVuY3J5cHRpb25LZXkoc2Vzc2lvbkVuY3J5cHRpb25LZXkpO1xuICAgIH1cbiAgfVxuXG4gIHByaXZhdGUgZ2V0Q29nbml0b1VzZXJBdHRyaWJ1dGUoXG4gICAgYXR0cmlidXRlTmFtZTogc3RyaW5nLFxuICAgIHVzZXJBdHRyaWJ1dGVzOiBDb2duaXRvVXNlckF0dHJpYnV0ZVtdXG4gICkge1xuICAgIGNvbnN0IHVzZXJBdHRyaWJ1dGUgPSB1c2VyQXR0cmlidXRlcy5maW5kKFxuICAgICAgKHgpID0+IHguZ2V0TmFtZSgpID09PSBhdHRyaWJ1dGVOYW1lXG4gICAgKTtcblxuICAgIHJldHVybiB1c2VyQXR0cmlidXRlID8gdXNlckF0dHJpYnV0ZS5nZXRWYWx1ZSgpIDogbnVsbDtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgbG9hZFVzZXJLZXlzKG9wdGlvbnM6IHtcbiAgICB1c2VyS2V5czogVXNlcktleXM7XG4gICAgcGFzc3dvcmQ/OiBDcnlwdG9LZXk7XG4gICAgc2Vzc2lvbkVuY3J5cHRpb25LZXk/OiBzdHJpbmc7XG4gIH0pIHtcbiAgICBjb25zdCB7IHVzZXJLZXlzLCBwYXNzd29yZCwgc2Vzc2lvbkVuY3J5cHRpb25LZXkgfSA9IG9wdGlvbnM7XG5cbiAgICBpZiAoc2Vzc2lvbkVuY3J5cHRpb25LZXkpIHtcbiAgICAgIHRoaXMucGVyc2lzdFNlcnZpY2Uuc2V0U2VydmVyU2Vzc2lvbkVuY3J5cHRpb25LZXkoXG4gICAgICAgIGF3YWl0IEpXSy5hc0tleShzZXNzaW9uRW5jcnlwdGlvbktleSlcbiAgICAgICk7XG4gICAgfVxuXG4gICAgLy8gcGFzc3dvcmQgaXMgbm90IG5lZWRlZCBpZiB0aGUgbWFzdGVyIGtleSBpcyBhbHJlYWR5IHBlcnNpc3RlZC5cbiAgICBpZiAocGFzc3dvcmQpIHtcbiAgICAgIGNvbnN0IHBhc3NLZXkgPSAoXG4gICAgICAgIGF3YWl0IHRoaXMua2V5RmFjdG9yeVNlcnZpY2UuZGVyaXZlUGFzc0tleSh7XG4gICAgICAgICAgcGFzc3dvcmQsXG4gICAgICAgICAgLi4udXNlcktleXMucGFzc0tleS5wYXNzS2V5UGFyYW1zLFxuICAgICAgICB9KVxuICAgICAgKS5qd2s7XG5cbiAgICAgIGF3YWl0IHRoaXMuaWRsZVNlcnZpY2UucGVyc2lzdE1hc3RlcktleShcbiAgICAgICAgYXdhaXQgdGhpcy5rZXlHcmFwaFNlcnZpY2UudW53cmFwV2l0aFBhc3NLZXkoXG4gICAgICAgICAgdXNlcktleXMucGFzc0tleS5pZCxcbiAgICAgICAgICBwYXNzS2V5LFxuICAgICAgICAgIHVzZXJLZXlzLm1hc3RlcktleS5pZFxuICAgICAgICApXG4gICAgICApO1xuICAgIH1cbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgbG9hZFVzZXIoXG4gICAgY29nbml0b1VzZXI6IENvZ25pdG9Vc2VyLFxuICAgIHBhc3N3b3JkPzogQ3J5cHRvS2V5XG4gICk6IFByb21pc2U8QXV0aFVzZXI+IHtcbiAgICBpZiAoY29nbml0b1VzZXIuZ2V0VXNlcm5hbWUoKS5lbmRzV2l0aChUUF9QQVNTV09SRF9SRVNFVF9VU0VSTkFNRV9TVUZGSVgpKSB7XG4gICAgICB0aGlzLnVzZXIgPSBhd2FpdCB0aGlzLmxvYWRSZXNldFVzZXIoY29nbml0b1VzZXIsIHBhc3N3b3JkKTtcbiAgICB9IGVsc2Uge1xuICAgICAgdGhpcy51c2VyID0gYXdhaXQgdGhpcy5sb2FkUmVndWxhclVzZXIoY29nbml0b1VzZXIsIHBhc3N3b3JkKTtcbiAgICB9XG5cbiAgICBhd2FpdCB0aGlzLmlkbGVTZXJ2aWNlLnN0YXJ0KCk7IC8vIFJ1biBpZGxlU2VydmljZSB3aGVuZXZlciB1c2VyIGlzIGxvZ2dlZCBpbi5cblxuICAgIHJldHVybiB0aGlzLnVzZXI7XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGxvYWRSZWd1bGFyVXNlcihcbiAgICBjb2duaXRvVXNlcjogQ29nbml0b1VzZXIsXG4gICAgcGFzc3dvcmQ/OiBDcnlwdG9LZXlcbiAgKTogUHJvbWlzZTxBdXRoVXNlcj4ge1xuICAgIGNvbnN0IGN1cnJlbnRVc2VyID0gYXdhaXQgdGhpcy5mZXRjaEN1cnJlbnRVc2VyKCk7XG5cbiAgICBhd2FpdCB0aGlzLmxvYWRVc2VyS2V5cyh7XG4gICAgICB1c2VyS2V5czogY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXksXG4gICAgICBwYXNzd29yZCxcbiAgICAgIHNlc3Npb25FbmNyeXB0aW9uS2V5OiBjdXJyZW50VXNlci5zZXNzaW9uRW5jcnlwdGlvbktleSxcbiAgICB9KTtcblxuICAgIC8vIFJlZ3VsYXIgdXNlciBwb3B1bGF0ZXMgYWxsIGtleXNcbiAgICBhd2FpdCB0aGlzLmtleUdyYXBoU2VydmljZS5wb3B1bGF0ZUtleXMoY3VycmVudFVzZXIuY3VycmVudFVzZXJLZXkpO1xuXG4gICAgY29uc3QgeyB1c2VybmFtZSB9ID0gY3VycmVudFVzZXI7XG4gICAgY29uc3QgdXNlckF0dHJpYnV0ZXMgPSBhd2FpdCB0aGlzLmNvZ25pdG8udXNlckF0dHJpYnV0ZXMoY29nbml0b1VzZXIpO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIHVzZXJuYW1lLFxuICAgICAgc3ViOiB0aGlzLmdldENvZ25pdG9Vc2VyQXR0cmlidXRlKCdzdWInLCB1c2VyQXR0cmlidXRlcyksXG4gICAgICBsb2dpbkVtYWlsOiB0aGlzLmdldENvZ25pdG9Vc2VyQXR0cmlidXRlKCdlbWFpbCcsIHVzZXJBdHRyaWJ1dGVzKSxcbiAgICAgIHJlc2V0VXNlcjogbnVsbCxcbiAgICB9O1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBsb2FkUmVzZXRVc2VyKFxuICAgIGNvZ25pdG9Vc2VyOiBDb2duaXRvVXNlcixcbiAgICBwYXNzd29yZD86IENyeXB0b0tleVxuICApOiBQcm9taXNlPEF1dGhVc2VyPiB7XG4gICAgY29uc3QgcmVzZXRVc2VyID0gYXdhaXQgdGhpcy5mZXRjaFJlc2V0VXNlcigpO1xuXG4gICAgY29uc3QgdXNlcktleXMgPSB7XG4gICAgICBwYXNzS2V5OiB7XG4gICAgICAgIGlkOiByZXNldFVzZXIucGFzc0tleS5pZCxcbiAgICAgICAgcGFzc0tleVBhcmFtczogcmVzZXRVc2VyLnBhc3NLZXkucGFzc0tleVBhcmFtcyxcbiAgICAgIH0sXG4gICAgICBtYXN0ZXJLZXk6IHtcbiAgICAgICAgaWQ6IHJlc2V0VXNlci5tYXN0ZXJLZXkuaWQsXG4gICAgICB9LFxuICAgIH07XG5cbiAgICBhd2FpdCB0aGlzLmxvYWRVc2VyS2V5cyh7XG4gICAgICB1c2VyS2V5cyxcbiAgICAgIHBhc3N3b3JkLFxuICAgICAgc2Vzc2lvbkVuY3J5cHRpb25LZXk6IHJlc2V0VXNlci5zZXNzaW9uRW5jcnlwdGlvbktleSxcbiAgICB9KTtcblxuICAgIC8vIFJlc2V0IHVzZXIgb25seSBzZXRzIGEgc3Vic2V0IG9mIGtleXNcbiAgICBhd2FpdCB0aGlzLmtleVNlcnZpY2Uuc2V0S2V5cyh1c2VyS2V5cyk7XG5cbiAgICBjb25zdCB7IHVzZXJuYW1lIH0gPSByZXNldFVzZXI7XG4gICAgY29uc3QgdXNlckF0dHJpYnV0ZXMgPSBhd2FpdCB0aGlzLmNvZ25pdG8udXNlckF0dHJpYnV0ZXMoY29nbml0b1VzZXIpO1xuXG4gICAgcmV0dXJuIHtcbiAgICAgIHVzZXJuYW1lLFxuICAgICAgc3ViOiB0aGlzLmdldENvZ25pdG9Vc2VyQXR0cmlidXRlKCdzdWInLCB1c2VyQXR0cmlidXRlcyksXG4gICAgICBsb2dpbkVtYWlsOiB0aGlzLmdldENvZ25pdG9Vc2VyQXR0cmlidXRlKCdlbWFpbCcsIHVzZXJBdHRyaWJ1dGVzKSxcbiAgICAgIHJlc2V0VXNlcjoge1xuICAgICAgICBzdGF0ZTogcmVzZXRVc2VyLnN0YXRlLFxuICAgICAgfSxcbiAgICB9O1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyByZWNvdmVyQXNzZW1ibHlLZXkoXG4gICAgcmVzZXRVc2VyOiBSZXNldFVzZXJRdWVyeVJlc3VsdFsndHBQYXNzd29yZFJlc2V0VXNlciddXG4gICk6IFByb21pc2U8SldLLktleT4ge1xuICAgIGNvbnN0IHByayA9IGF3YWl0IHRoaXMua2V5R3JhcGhTZXJ2aWNlLmdldEtleShyZXNldFVzZXIucHhrLmlkKTtcblxuICAgIGNvbnN0IHBhcnRpYWxzID0gYXdhaXQgUHJvbWlzZS5hbGwoXG4gICAgICByZXNldFVzZXIuYXBwcm92YWxzXG4gICAgICAgIC5maWx0ZXIoKGFwcHJvdmFsKSA9PiAhIWFwcHJvdmFsLnJlY2VpdmVyQ2lwaGVyUGFydGlhbEFzc2VtYmx5S2V5KVxuICAgICAgICAubWFwKChhcHByb3ZhbCkgPT5cbiAgICAgICAgICB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXG4gICAgICAgICAgICBwcmssXG4gICAgICAgICAgICBhcHByb3ZhbC5yZWNlaXZlckNpcGhlclBhcnRpYWxBc3NlbWJseUtleVxuICAgICAgICAgIClcbiAgICAgICAgKVxuICAgICk7XG5cbiAgICByZXR1cm4gdGhpcy5hc3NlbWJseUNvbnRyb2xsZXIucmVjb3ZlckFzc2VtYmx5S2V5KHBhcnRpYWxzKTtcbiAgfVxuXG4gIGFzeW5jIGNvbXBsZXRlUmVzZXRSZXF1ZXN0KG5ld1Bhc3N3b3JkOiBDcnlwdG9LZXkpOiBQcm9taXNlPHZvaWQ+IHtcbiAgICBjb25zdCByZXNldFVzZXIgPSBhd2FpdCB0aGlzLmZldGNoUmVzZXRVc2VyKCk7XG5cbiAgICBpZiAocmVzZXRVc2VyLnN0YXRlICE9PSBUcENsYWltU3RhdGUuQVBQUk9WRUQpIHtcbiAgICAgIHRocm93IG5ldyBLY0JhZFN0YXRlRXhjZXB0aW9uKFxuICAgICAgICAnUGFzc3dvcmQgcmVzZXQgcmVxdWVzdCBoYXMgbm90IGJlZW4gYXBwcm92ZWQuJ1xuICAgICAgKTtcbiAgICB9XG5cbiAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAgIC8vIFByZXBhcmUgYWxsIG1hdGVyaWFscyB0byBlbnN1cmUgdGhlcmUgYXJlIG5vIGVycm9ycy5cbiAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAgIGNvbnN0IGFzc2VtYmx5S2V5ID0gYXdhaXQgdGhpcy5yZWNvdmVyQXNzZW1ibHlLZXkocmVzZXRVc2VyKTtcblxuICAgIGNvbnN0IHsgcm9vdEtleSB9ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgYXNzZW1ibHlLZXksXG4gICAgICByZXNldFVzZXIuYXNzZW1ibHlDaXBoZXJEYXRhXG4gICAgKTtcblxuICAgIC8vIE1ha2luZyBzdXJlIGl0J3MgYSB2YWxpZCBrZXkuXG4gICAgY29uc3Qgcm9vdEtleUp3ayA9IGF3YWl0IEpXSy5hc0tleShyb290S2V5KTtcblxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5R3JhcGhTZXJ2aWNlLmdldEtleShyZXNldFVzZXIubWFzdGVyS2V5LmlkKTtcblxuICAgIGNvbnN0IG1hc3RlcktleVdyYXBwZWRSb290S2V5ID1cbiAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdFRvU3RyaW5nKFxuICAgICAgICBtYXN0ZXJLZXkuandrLFxuICAgICAgICByb290S2V5SndrLnRvSlNPTih0cnVlKVxuICAgICAgKTtcblxuICAgIC8vIFRoZSBuZXcgcGFzc3dvcmRcbiAgICBjb25zdCBuZXdQYXNzSWRwUmVzdWx0ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5U2VydmljZS5kZXJpdmVQYXNzSWRwKHtcbiAgICAgIHBhc3N3b3JkOiBuZXdQYXNzd29yZCxcbiAgICAgIC4uLnJlc2V0VXNlci5wYXNzS2V5LnBhc3NJZHBQYXJhbXMsXG4gICAgfSk7XG5cbiAgICBjb25zdCBuZXdJZHBQYXNzd29yZCA9IHRoaXMucGFzc3dvcmRTZXJ2aWNlLmdldFBhc3NJZHBTdHJpbmcoXG4gICAgICBuZXdQYXNzSWRwUmVzdWx0Lmp3a1xuICAgICk7XG5cbiAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAgIC8vIEdldCBhc3NlbWJseSBrZXkgY2hhbGxlbmdlXG4gICAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgICBjb25zdCBjaGFsbGVuZ2UgPSAoXG4gICAgICBhd2FpdCB0aGlzLmxyR3JhcGhRTC5sck11dGF0ZShcbiAgICAgICAgbmV3IExyTXV0YXRpb24oe1xuICAgICAgICAgIG11dGF0aW9uOiBDcmVhdGVUcEFzc2VtYmx5S2V5Q2hhbGxlbmdlTXV0YXRpb24sXG4gICAgICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgICAgICBpbnB1dDoge30sXG4gICAgICAgICAgfSxcbiAgICAgICAgfSksXG4gICAgICAgIHtcbiAgICAgICAgICBpbmNsdWRlS2V5R3JhcGg6IGZhbHNlLFxuICAgICAgICB9XG4gICAgICApXG4gICAgKS5jcmVhdGVUcEFzc2VtYmx5S2V5Q2hhbGxlbmdlLmNoYWxsZW5nZTtcblxuICAgIC8vIFNpZ24gdGhlIGNoYWxsZW5nZVxuICAgIC8vIEdlbmVyYXRlIGEgY2xpZW50IHNpZGUgbm9uY2UgdGhhdCdzIG5vIGluIHRoZSBzZXJ2ZXIncyBjb250cm9sLlxuICAgIGNoYWxsZW5nZS5jbGllbnROb25jZSA9IHRoaXMua2V5RmFjdG9yeVNlcnZpY2UucmFuZG9tU3RyaW5nKFxuICAgICAgVFBfUEFTU1dPUkRfUkVTRVRfQ0xJRU5UX05PTkNFX0xFTkdUSFxuICAgICk7XG5cbiAgICBjb25zdCBhc3NlbWJseUtleVZlcmlmaWVyUHJrID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgYXNzZW1ibHlLZXksXG4gICAgICByZXNldFVzZXIud3JhcHBlZEFzc2VtYmx5S2V5VmVyaWZpZXJQcmtcbiAgICApO1xuICAgIGNvbnN0IHNpZ25lZENoYWxsZW5nZSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2Uuc2lnbihcbiAgICAgIGFzc2VtYmx5S2V5VmVyaWZpZXJQcmssXG4gICAgICBjaGFsbGVuZ2VcbiAgICApO1xuXG4gICAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgICAvLyBDaGFuZ2UgcGFzc3dvcmQgZm9yIHRoZSBvcmlnaW5hbCB1c2VyXG4gICAgLy8gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgICBjb25zdCB0ZW1wSWRwUGFzc3dvcmQgPSAoXG4gICAgICBhd2FpdCB0aGlzLmxyR3JhcGhRTC5sck11dGF0ZShcbiAgICAgICAgbmV3IExyTXV0YXRpb24oe1xuICAgICAgICAgIG11dGF0aW9uOiBQcmVDb21wbGV0ZVRwUGFzc3dvcmRSZXNldFJlcXVlc3RNdXRhdGlvbixcbiAgICAgICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgICAgIGlucHV0OiB7XG4gICAgICAgICAgICAgIHNpZ25lZENoYWxsZW5nZTogSlNPTi5zdHJpbmdpZnkoc2lnbmVkQ2hhbGxlbmdlKSxcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgfSxcbiAgICAgICAgfSksXG4gICAgICAgIHtcbiAgICAgICAgICBpbmNsdWRlS2V5R3JhcGg6IGZhbHNlLFxuICAgICAgICB9XG4gICAgICApXG4gICAgKS5wcmVDb21wbGV0ZVRwUGFzc3dvcmRSZXNldFJlcXVlc3QuaWRwUGFzc3dvcmQ7XG5cbiAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAgIC8vIExvZ2luIGFzIHRoZSBvcmlnaW5hbCB1c2VyIHVzaW5nIG5ldyB0ZW1wb3JhcnkgcGFzc3dvcmRcbiAgICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICAgIC8vIEF0IHRoaXMgcG9pbnQsIHRoZSBvcmlnaW5hbCBhY2NvdW50J3MgcGFzc3dvcmQgaGFzIGJlZW4gY2hhbmdlZFxuICAgIC8vIHRvIGEgdGVtcG9yYXJ5IHBhc3N3b3JkLiBJdCBpcyBubyBsb25nZXIgcG9zc2libGUgZm9yIHRoZSB1c2VyXG4gICAgLy8gdG8gdXNlIHRoZSBvcmlnaW5hbCBwYXNzd29yZCB0byBsb2dpbi4gQW55IHN1Y2Nlc3NmdWwgbG9naW5cbiAgICAvLyBjYW4gb25seSBiZSB1c2luZyB0aGUgdGVtcG9yYXJ5IHBhc3N3b3JkLiBTbyBpdCdzIHNhZmUgdG8gYXNzdW1lXG4gICAgLy8gdGhhdCB3ZSB3YW50IHRvIFwiY29tcGxldGVcIiB0aGUgcGFzc3dvcmQgcmVzZXQuXG5cbiAgICAvLyBUaGVyZSBtYXliZSAyRkEgc28gd2UgbGlzdGVuIGZvciB0aGUgYXV0aCBldmVudCBmcm9tIEFtcGxpZnkuXG4gICAgY29uc3QgcmV0UHJvbWlzZSA9IG5ldyBQcm9taXNlPHZvaWQ+KChyZXNvbHZlKSA9PiB7XG4gICAgICBjb25zdCBsaXN0ZW5lciA9IGFzeW5jIChkYXRhKSA9PiB7XG4gICAgICAgIGlmIChkYXRhLnBheWxvYWQuZXZlbnQgIT09ICdzaWduSW4nKSB7XG4gICAgICAgICAgcmV0dXJuO1xuICAgICAgICB9XG5cbiAgICAgICAgSHViLnJlbW92ZSgnYXV0aCcsIGxpc3RlbmVyKTtcblxuICAgICAgICBhd2FpdCB0aGlzLmNvZ25pdG8uc2lnbkluKHJlc2V0VXNlci51c2VybmFtZSwgbmV3SWRwUGFzc3dvcmQpO1xuXG4gICAgICAgIC8vIFN3aXRjaCBvdmVyIHRvIHRoZSBuZXcgc2V0IG9mIGtleXNcbiAgICAgICAgYXdhaXQgdGhpcy5sckdyYXBoUUwubHJNdXRhdGUoXG4gICAgICAgICAgbmV3IExyTXV0YXRpb24oe1xuICAgICAgICAgICAgbXV0YXRpb246IENvbXBsZXRlVHBQYXNzd29yZFJlc2V0UmVxdWVzdE11dGF0aW9uLFxuICAgICAgICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgICAgICAgIGlucHV0OiB7XG4gICAgICAgICAgICAgICAgbWFzdGVyS2V5V3JhcHBlZFJvb3RLZXksXG4gICAgICAgICAgICAgICAgbWFzdGVyS2V5SWQ6IG1hc3RlcktleS5pZCxcbiAgICAgICAgICAgICAgfSxcbiAgICAgICAgICAgIH0sXG4gICAgICAgICAgfSlcbiAgICAgICAgKTtcblxuICAgICAgICByZXNvbHZlKCk7XG4gICAgICB9O1xuXG4gICAgICBIdWIubGlzdGVuKCdhdXRoJywgbGlzdGVuZXIpO1xuICAgIH0pO1xuXG4gICAgLy8gU2lnbmluIGFzIHRoZSBvcmlnaW5hbCB1c2VyLiBQYXNzd29yZCBoYXMgYmVlbiByZXNldCB0byB0ZW1wb3Jhcnkgb25lLiBJdCBzaG91bGQgcmV0dXJuXG4gICAgLy8gd2l0aCBORVdfUEFTU1dPUkRfUkVRVUlSRURcbiAgICBsZXQgdXNlciA9IGF3YWl0IHRoaXMuY29nbml0by5zaWduSW4ocmVzZXRVc2VyLnVzZXJuYW1lLCB0ZW1wSWRwUGFzc3dvcmQsIHtcbiAgICAgIG5vUHJveHk6ICd0cnVlJyxcbiAgICB9KTtcblxuICAgIGlmICh1c2VyLmNoYWxsZW5nZU5hbWUgIT09ICdORVdfUEFTU1dPUkRfUkVRVUlSRUQnKSB7XG4gICAgICB0aHJvdyBuZXcgS2NJbnRlcm5hbEVycm9yRXhjZXB0aW9uKFxuICAgICAgICAnRXhwZWN0aW5nIENvZ25pdG8gdG8gaGF2ZSBkb25lIGEgcGFzc3dvcmQgcmVzZXQgYWZ0ZXIgY2FsbCB0byBQcmVDb21wbGV0ZVRwUGFzc3dvcmRSZXNldFJlcXVlc3RNdXRhdGlvbi4nXG4gICAgICApO1xuICAgIH1cblxuICAgIC8vIFNldCBuZXcgcGFzc3dvcmQgb24gSWRwXG4gICAgLy8gdGhlIGF3c0ZldGNoKCkgZnVuY3Rpb24gcGFzc2VzIE5FV19QQVNTV09SRF9SRVFVSVJFRCBkaXJlY3RseSB0byBBV1Mgd2l0aG91dFxuICAgIC8vIGdvaW5nIHRocm91Z2ggdGhlIHByb3h5LlxuICAgIHVzZXIgPSBhd2FpdCB0aGlzLmNvZ25pdG8uY29tcGxldGVOZXdQYXNzd29yZCh1c2VyLCBuZXdJZHBQYXNzd29yZCwge30pO1xuXG4gICAgcmV0dXJuIHJldFByb21pc2U7XG4gIH1cblxuICAvLyAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS1cbiAgLy8gRGVidWcgdXRpbGl0aWVzXG4gIC8vIC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLVxuICBkZWJ1Z0xvZ2luKHVzZXJuYW1lOiBzdHJpbmcsIHBhc3N3b3JkOiBDcnlwdG9LZXkpOiBQcm9taXNlPEF1dGhVc2VyPiB7XG4gICAgLy8gVGhpcyB3aWxsIGZhaWwgaWYgZGVidWcgaXMgbnVsbC4gQnV0IHdoZW4gZGVidWcgaXMgbnVsbCwgdGhpcyBmdW5jdGlvblxuICAgIC8vIHNob3VsZCBub3QgYmUgY2FsbGVkLlxuICAgIHRoaXMua2NDb25maWcuZGVidWcudXNlcm5hbWUgPSB1c2VybmFtZTtcblxuICAgIHJldHVybiB0aGlzLmRlYnVnTG9hZFVzZXIocGFzc3dvcmQpO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBkZWJ1Z0xvYWRVc2VyKHBhc3N3b3JkOiBDcnlwdG9LZXkpOiBQcm9taXNlPEF1dGhVc2VyPiB7XG4gICAgY29uc3QgY3VycmVudFVzZXIgPSBhd2FpdCB0aGlzLmZldGNoQ3VycmVudFVzZXIoKTtcblxuICAgIGNvbnN0IHsgdXNlcm5hbWUsIGN1cnJlbnRVc2VyS2V5IH0gPSBjdXJyZW50VXNlcjtcblxuICAgIC8vIERlYnVnIG1vZGUgY2FuIG5vdCBkZWFsIHdpdGggc2Vzc2lvbiBlbmNyeXB0aW9uIGtleSB5ZXQuXG4gICAgLy8gTk8gU0VTU0lPTiBFTkNSWVBUSU9OIEtFWS5cblxuICAgIGNvbnN0IHBhc3NLZXkgPSAoXG4gICAgICBhd2FpdCB0aGlzLmtleUZhY3RvcnlTZXJ2aWNlLmRlcml2ZVBhc3NLZXkoe1xuICAgICAgICBwYXNzd29yZCxcbiAgICAgICAgLi4uY3VycmVudFVzZXJLZXkucGFzc0tleS5wYXNzS2V5UGFyYW1zLFxuICAgICAgfSlcbiAgICApLmp3aztcblxuICAgIGNvbnN0IG1hc3RlcktleSA9IGF3YWl0IHRoaXMua2V5R3JhcGhTZXJ2aWNlLnVud3JhcFdpdGhQYXNzS2V5KFxuICAgICAgY3VycmVudFVzZXJLZXkucGFzc0tleS5pZCxcbiAgICAgIHBhc3NLZXksXG4gICAgICBjdXJyZW50VXNlcktleS5tYXN0ZXJLZXkuaWRcbiAgICApO1xuXG4gICAgYXdhaXQgdGhpcy5pZGxlU2VydmljZS5wZXJzaXN0TWFzdGVyS2V5KG1hc3RlcktleSk7XG5cbiAgICBhd2FpdCB0aGlzLmtleUdyYXBoU2VydmljZS5wb3B1bGF0ZUtleXMoY3VycmVudFVzZXJLZXkpO1xuXG4gICAgdGhpcy51c2VyID0ge1xuICAgICAgdXNlcm5hbWUsXG4gICAgICByZXNldFVzZXI6IG51bGwsXG4gICAgICBzdWI6ICdERUJVR19NT0RFJyxcbiAgICAgIGxvZ2luRW1haWw6ICdERUJVR19NT0RFJyxcbiAgICB9O1xuXG4gICAgcmV0dXJuIHRoaXMudXNlcjtcbiAgfVxuXG4gIC8qKlxuICAgKiBDbGVhcnMgdGhlIGNhY2hlcyB1c2VyLiBTbyB3ZSBjYW4gc2ltdWxhdGUgYSBwYWdlIHJlZnJlc2ggYW5kIHRlc3QgZ2V0VXNlcigpLlxuICAgKi9cbiAgZGVidWdDbGVhclVzZXIoKSB7XG4gICAgdGhpcy51c2VyID0gbnVsbDtcbiAgfVxufVxuIl19