@lifeready/core 6.1.2 → 6.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (76) hide show
  1. package/bundles/lifeready-core.umd.js +359 -344
  2. package/bundles/lifeready-core.umd.js.map +1 -1
  3. package/bundles/lifeready-core.umd.min.js +1 -1
  4. package/bundles/lifeready-core.umd.min.js.map +1 -1
  5. package/esm2015/lib/auth/auth.config.js +57 -0
  6. package/esm2015/lib/auth/auth.gql.private.js +85 -0
  7. package/esm2015/lib/auth/auth.service.js +602 -0
  8. package/esm2015/lib/auth/auth.types.js +21 -0
  9. package/esm2015/lib/item/item.gql.js +164 -0
  10. package/esm2015/lib/item/item.gql.private.js +23 -0
  11. package/esm2015/lib/item/item.service.js +592 -0
  12. package/esm2015/lib/item/item.types.js +2 -0
  13. package/esm2015/lib/key-exchange/key-exchange.gql.js +174 -0
  14. package/esm2015/lib/key-exchange/key-exchange.service.js +480 -0
  15. package/esm2015/lib/lbop/lbop.service.js +7 -15
  16. package/esm2015/lib/life-ready.module.js +2 -2
  17. package/esm2015/lib/password/password.service.js +1 -1
  18. package/esm2015/lib/plan/plan.gql.js +91 -0
  19. package/esm2015/lib/plan/plan.service.js +191 -0
  20. package/esm2015/lib/plan/plan.types.js +2 -0
  21. package/esm2015/lib/profile/profile.gql.js +2 -64
  22. package/esm2015/lib/profile/profile.service.js +1 -8
  23. package/esm2015/lib/profile/profile.types.js +1 -8
  24. package/esm2015/lib/scenario/scenario.service.js +8 -8
  25. package/esm2015/lib/shared-contact-card/shared-contact-card2.service.js +1 -1
  26. package/esm2015/lib/trusted-party/trusted-party.gql.js +64 -0
  27. package/esm2015/lib/trusted-party/trusted-party.gql.private.js +25 -0
  28. package/esm2015/lib/trusted-party/trusted-party.service.js +240 -0
  29. package/esm2015/lib/trusted-party/trusted-party.types.js +2 -0
  30. package/esm2015/public-api.js +17 -11
  31. package/fesm2015/lifeready-core.js +373 -456
  32. package/fesm2015/lifeready-core.js.map +1 -1
  33. package/lib/{auth2/auth2.service.d.ts → auth/auth.service.d.ts} +2 -2
  34. package/lib/{item2/item2.service.d.ts → item/item.service.d.ts} +39 -39
  35. package/lib/key-exchange/{key-exchange2.gql.d.ts → key-exchange.gql.d.ts} +27 -13
  36. package/lib/key-exchange/{key-exchange2.service.d.ts → key-exchange.service.d.ts} +5 -5
  37. package/lib/lbop/lbop.service.d.ts +1 -5
  38. package/lib/password/password.service.d.ts +1 -1
  39. package/lib/{plan2/plan2.service.d.ts → plan/plan.service.d.ts} +20 -20
  40. package/lib/profile/profile.gql.d.ts +0 -2
  41. package/lib/profile/profile.service.d.ts +1 -2
  42. package/lib/profile/profile.types.d.ts +2 -15
  43. package/lib/scenario/scenario.service.d.ts +3 -3
  44. package/lib/shared-contact-card/shared-contact-card2.service.d.ts +1 -1
  45. package/lib/trusted-party/{trusted-party2.service.d.ts → trusted-party.service.d.ts} +6 -6
  46. package/lifeready-core.metadata.json +1 -1
  47. package/package.json +1 -1
  48. package/public-api.d.ts +16 -10
  49. package/esm2015/lib/auth2/auth.config.js +0 -57
  50. package/esm2015/lib/auth2/auth2.gql.private.js +0 -85
  51. package/esm2015/lib/auth2/auth2.service.js +0 -602
  52. package/esm2015/lib/auth2/auth2.types.js +0 -21
  53. package/esm2015/lib/item2/item2.gql.js +0 -164
  54. package/esm2015/lib/item2/item2.gql.private.js +0 -23
  55. package/esm2015/lib/item2/item2.service.js +0 -592
  56. package/esm2015/lib/item2/item2.types.js +0 -2
  57. package/esm2015/lib/key-exchange/key-exchange2.gql.js +0 -172
  58. package/esm2015/lib/key-exchange/key-exchange2.service.js +0 -480
  59. package/esm2015/lib/plan2/plan2.gql.js +0 -91
  60. package/esm2015/lib/plan2/plan2.service.js +0 -191
  61. package/esm2015/lib/plan2/plan2.types.js +0 -2
  62. package/esm2015/lib/trusted-party/trusted-party2.gql.js +0 -64
  63. package/esm2015/lib/trusted-party/trusted-party2.gql.private.js +0 -25
  64. package/esm2015/lib/trusted-party/trusted-party2.service.js +0 -240
  65. package/esm2015/lib/trusted-party/trusted-party2.types.js +0 -2
  66. /package/lib/{auth2 → auth}/auth.config.d.ts +0 -0
  67. /package/lib/{auth2/auth2.gql.private.d.ts → auth/auth.gql.private.d.ts} +0 -0
  68. /package/lib/{auth2/auth2.types.d.ts → auth/auth.types.d.ts} +0 -0
  69. /package/lib/{item2/item2.gql.d.ts → item/item.gql.d.ts} +0 -0
  70. /package/lib/{item2/item2.gql.private.d.ts → item/item.gql.private.d.ts} +0 -0
  71. /package/lib/{item2/item2.types.d.ts → item/item.types.d.ts} +0 -0
  72. /package/lib/{plan2/plan2.gql.d.ts → plan/plan.gql.d.ts} +0 -0
  73. /package/lib/{plan2/plan2.types.d.ts → plan/plan.types.d.ts} +0 -0
  74. /package/lib/trusted-party/{trusted-party2.gql.d.ts → trusted-party.gql.d.ts} +0 -0
  75. /package/lib/trusted-party/{trusted-party2.gql.private.d.ts → trusted-party.gql.private.d.ts} +0 -0
  76. /package/lib/trusted-party/{trusted-party2.types.d.ts → trusted-party.types.d.ts} +0 -0
package/esm2015/lib/key-exchange/key-exchange2.service.js DELETED
@@ -1,480 +0,0 @@
1
- import { __awaiter, __decorate } from "tslib";
2
- import { Injectable, Injector, NgZone } from '@angular/core';
3
- import { LrMutation, LrService } from '../api/lr-graphql';
4
- import { EncryptionService, JoseSerialization, } from '../encryption/encryption.service';
5
- import { KeyFactoryService } from '../key/key-factory.service';
6
- import { KeyGraphService } from '../key/key-graph.service';
7
- import { KeyService } from '../key/key.service';
8
- import { KcCodeMismatchException } from '../_common/exceptions';
9
- import { RunOutsideAngular } from '../_common/run-outside-angular';
10
- import { CancelKeyExchangeMutation, CompleteKeyExchangeOtkMutation, CurrentUserSharedKeyQuery2, DeclineKeyExchangeMutation, InitiateKeyExchangeOtkMutation, KeyExchangeQuery2, KeyExchangesQuery2, KeyExchangeTokenQuery2, RespondKeyExchangeOtkMutation, } from './key-exchange2.gql';
11
- import * as i0 from "@angular/core";
12
- import * as i1 from "../key/key-factory.service";
13
- import * as i2 from "../key/key.service";
14
- import * as i3 from "../encryption/encryption.service";
15
- import * as i4 from "../key/key-graph.service";
16
- let KeyExchange2Service = class KeyExchange2Service extends LrService {
17
- constructor(ngZone, injector, keyFactory, keyService, encryptionService, keyGraph) {
18
- super(injector);
19
- this.ngZone = ngZone;
20
- this.injector = injector;
21
- this.keyFactory = keyFactory;
22
- this.keyService = keyService;
23
- this.encryptionService = encryptionService;
24
- this.keyGraph = keyGraph;
25
- this.CLIENT_NONCE_LENGTH = 32;
26
- }
27
- getOtKey(keyExchange, otKeyK) {
28
- return __awaiter(this, void 0, void 0, function* () {
29
- if (otKeyK) {
30
- return yield KeyFactoryService.asKey(Object.assign(Object.assign({}, JSON.parse(keyExchange.otk.otKeyParams)), { k: otKeyK }));
31
- }
32
- else if (keyExchange.otk.state === 'OTK_INITIATED' &&
33
- !keyExchange.isInitiator &&
34
- keyExchange.otk.responderPbkCipher) {
35
- // Assuming existing user getting invited where OTK is wrapped in responder's public key.
36
- const prk = this.keyService.currentPxk;
37
- const decryptedCipher = yield this.encryptionService.decrypt(prk.jwk, JSON.parse(keyExchange.otk.responderPbkCipher), {
38
- serializations: [JoseSerialization.COMPACT],
39
- });
40
- if (decryptedCipher.otKey) {
41
- return yield KeyFactoryService.asKey(decryptedCipher.otKey);
42
- }
43
- }
44
- return null;
45
- });
46
- }
47
- decryptOtk(keyExchange, otKeyK) {
48
- return __awaiter(this, void 0, void 0, function* () {
49
- const otKey = yield this.getOtKey(keyExchange, otKeyK);
50
- let otk = keyExchange.otk;
51
- if (otKey && otk.otKeyCipher) {
52
- otk = Object.assign(Object.assign({}, otk), { otKey, otKeyCipherClearJson: yield this.encryptionService.decrypt(otKey, keyExchange.otk.otKeyCipher) });
53
- }
54
- return Object.assign(Object.assign({}, keyExchange), { otk });
55
- });
56
- }
57
- decryptResponseCipher(otKey, otPrk, content) {
58
- return __awaiter(this, void 0, void 0, function* () {
59
- // The response could be wrapped by the OtK in addition to the OtPbk
60
- try {
61
- content = yield this.encryptionService.decrypt(otKey, content);
62
- }
63
- catch (error) {
64
- if (error.message !== 'no key found') {
65
- throw error;
66
- }
67
- // Do nothing to support older versions where message is not wrapped with otk.
68
- }
69
- // The Prk is single-use and only used to send information from the responder back to the initiator.
70
- return yield this.encryptionService.decrypt(otPrk, content);
71
- });
72
- }
73
- decryptKeyExchangeAsInitiator(keyExchange) {
74
- return __awaiter(this, void 0, void 0, function* () {
75
- const rootKey = this.keyService.currentRootKey;
76
- // Decrypt using the root key to get the Prk
77
- const initiatorRootKeyCipherClearJson = (yield this.encryptionService.decrypt(rootKey.jwk, keyExchange.initiatorRootKeyCipher));
78
- const otKey = yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.otKey);
79
- keyExchange = Object.assign(Object.assign({}, keyExchange), { initiatorRootKeyCipherClearJson });
80
- let otk = keyExchange.otk;
81
- if (otk.initiatorOneTimePbkCipher) {
82
- otk = Object.assign(Object.assign({}, otk), { initiatorOneTimePbkCipherClearJson: yield this.decryptResponseCipher(otKey, yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.oneTimePrk), otk.initiatorOneTimePbkCipher) });
83
- }
84
- if (otk.otKeyCipher) {
85
- otk.otKeyCipherClearJson = yield this.encryptionService.decrypt(otKey, otk.otKeyCipher);
86
- }
87
- return Object.assign(Object.assign({}, keyExchange), { otk });
88
- });
89
- }
90
- decryptKeyExchangeAsResponder(keyExchange, otKeyK) {
91
- return __awaiter(this, void 0, void 0, function* () {
92
- return this.decryptOtk(keyExchange, otKeyK);
93
- });
94
- }
95
- decryptKeyExchange(keyExchange, otKeyK) {
96
- return __awaiter(this, void 0, void 0, function* () {
97
- if (keyExchange.isInitiator) {
98
- return this.decryptKeyExchangeAsInitiator(keyExchange);
99
- }
100
- else {
101
- return this.decryptKeyExchangeAsResponder(keyExchange, otKeyK);
102
- }
103
- });
104
- }
105
- getKeyExchanges({ state } = {}) {
106
- return __awaiter(this, void 0, void 0, function* () {
107
- const { keyExchanges } = yield this.query({
108
- query: KeyExchangesQuery2,
109
- variables: {
110
- state,
111
- },
112
- });
113
- return Promise.all(keyExchanges.edges.map((edge) => this.decryptKeyExchange(edge.node)));
114
- });
115
- }
116
- /**
117
- * @param id If the current user can responder the key exchange if they are either the initiator or the receiver.
118
- * @param token If not signed in, or not the initiator or responder, 'token' must be given.
119
- * @param otKeyK Is the raw one-time key (string). If the responder is explicitly specified at time of initiation, then
120
- * it's possible to have the otKey wrapped by the public key of the responder. In which case, the otKeyK is not needed.
121
- */
122
- getKeyExchange(id, { otKeyK, token } = {}) {
123
- return __awaiter(this, void 0, void 0, function* () {
124
- const res = yield this.query({
125
- query: token ? KeyExchangeTokenQuery2 : KeyExchangeQuery2,
126
- variables: {
127
- id,
128
- token,
129
- },
130
- includeKeyGraph: !token,
131
- });
132
- return this.decryptKeyExchange(res.keyExchange, otKeyK);
133
- });
134
- }
135
- getCurrentUserSharedKey(input) {
136
- return __awaiter(this, void 0, void 0, function* () {
137
- return this.query({
138
- query: CurrentUserSharedKeyQuery2,
139
- variables: {
140
- username: input.username,
141
- userId: input.userId,
142
- },
143
- });
144
- });
145
- }
146
- cancelKeyExchange(id) {
147
- return this.mutate(this.cancelKeyExchangeMutation(id));
148
- }
149
- cancelKeyExchangeMutation(id) {
150
- return new LrMutation({
151
- mutation: CancelKeyExchangeMutation,
152
- variables: {
153
- input: {
154
- id,
155
- },
156
- },
157
- });
158
- }
159
- declineKeyExchange(id, token) {
160
- return this.mutate(this.declineKeyExchangeMutation(id, token));
161
- }
162
- declineKeyExchangeMutation(id, token) {
163
- return new LrMutation({
164
- mutation: DeclineKeyExchangeMutation,
165
- variables: {
166
- input: {
167
- id,
168
- token,
169
- },
170
- },
171
- });
172
- }
173
- initiateOtk(input = {}) {
174
- return __awaiter(this, void 0, void 0, function* () {
175
- return this.mutate((yield this.initiateOtkMutation(input)).lrMutation);
176
- });
177
- }
178
- initiateOtkMutation({ message, email, contactCard, upgrade, } = {}) {
179
- return __awaiter(this, void 0, void 0, function* () {
180
- const otKey = yield this.keyFactory.createKey();
181
- const nonce = this.keyFactory.randomString(this.CLIENT_NONCE_LENGTH);
182
- // New PKC key for encryption. This key is used only once when the responder sends
183
- // back their signing public key.
184
- const initiatorOneTimePrk = yield this.keyFactory.createPkcKey();
185
- // Option 1: New PKC key for signing
186
- // const initiatorSigPrk = await this.keyService.createPkcSignKey();
187
- // Option 2: Use the user's global signing key.
188
- // This key is used to prove the initiator's identity.
189
- const initiatorPrk = this.keyService.currentPxk;
190
- const initiatorSigPrk = this.keyService.currentSigPxk;
191
- let initiatorPlainDataSig = null;
192
- if (contactCard && contactCard.ownerPlainDataJson) {
193
- initiatorPlainDataSig = yield this.encryptionService.signToString(initiatorSigPrk.jwk, contactCard.ownerPlainDataJson);
194
- }
195
- const initiator = {
196
- message,
197
- contactCard: contactCard && {
198
- sharedCipherDataClearJson: contactCard.sharedCipherDataClearJson,
199
- },
200
- };
201
- // Content to be encrypted using the OTK.
202
- const plainOtKeyCipher = {
203
- // TODO Make sure we also put the OOB code in here as well since the OOB code is the
204
- // _only_ information the KC server does not have access to. The server may have
205
- // access to OTK and hence the nonce here. It's good to have both the nonce and OOB code
206
- // since the user may not be using the OOB code. And it's simple to always include
207
- // the nonce, so why not.
208
- nonce,
209
- initiator: Object.assign(Object.assign({}, initiator), { oneTimePbk: initiatorOneTimePrk.toJSON(), pbk: initiatorPrk.jwk.toJSON(), sigPbk: initiatorSigPrk.jwk.toJSON() }),
210
- };
211
- const otKeyCipher = yield this.keyGraph.encryptToString(otKey, plainOtKeyCipher);
212
- // Content to be encrypted using the initiator's root key.
213
- const initiatorRootKeyCipherClearJson = {
214
- nonce,
215
- oneTimePrk: initiatorOneTimePrk.toJSON(true),
216
- // Should not need to keep this encrypted since we are using the global signing key.
217
- // sigPrk: initiatorSigPrk.toJSON(true),
218
- // Save it in case the initiator want to decode the otKeyCipher.
219
- // Since the otKey is only used once, and that otKeyCipher contains only
220
- // the public key of the initiator, it's safe just leave the otKey stored here.
221
- otKey: otKey.toJSON(true),
222
- // These should be storing information such as how the fields of the shared contact card is
223
- // derived from the master contact card.
224
- initiatorContactCard: contactCard,
225
- initiator,
226
- };
227
- const rootKey = this.keyService.currentRootKey;
228
- const initiatorRootKeyCipher = yield this.keyGraph.encryptToString(rootKey.jwk, initiatorRootKeyCipherClearJson);
229
- // The raw OTK
230
- const otKeyK = otKey.toJSON(true).k;
231
- // API call
232
- const lrMutation = new LrMutation({
233
- mutation: InitiateKeyExchangeOtkMutation,
234
- variables: {
235
- input: {
236
- // These will be stored on the server
237
- initiatorRootKeyCipher,
238
- initiatorPxkId: initiatorPrk.id,
239
- initiatorSigPxkId: initiatorSigPrk.id,
240
- // These will be sent to the responder
241
- otKeyParams: JSON.stringify(otKey.toJSON()),
242
- otKeyCipher,
243
- sendEmail: email && {
244
- email,
245
- rawOtKey: otKeyK,
246
- },
247
- createTp: true,
248
- initiatorPlainDataSig,
249
- upgrade,
250
- },
251
- },
252
- });
253
- return { lrMutation, otKeyK };
254
- });
255
- }
256
- respondOtk(input) {
257
- return this.mutate(this.respondOtkMutation(input));
258
- }
259
- respondOtkMutation({ keyExchangeId, token, decryptedOtk, message, initiatorContactCard, responderContactCard, }) {
260
- return __awaiter(this, void 0, void 0, function* () {
261
- const rootKey = this.keyService.currentRootKey;
262
- const masterKey = this.keyService.currentMasterKey;
263
- const sharedKey = yield this.keyFactory.createKey();
264
- const mkSharedKey = yield this.keyFactory.createKey();
265
- const rkWrappedSharedKey = yield this.encryptionService.encrypt(rootKey.jwk, sharedKey.toJSON(true));
266
- const mkWrappedMkSharedKey = yield this.encryptionService.encrypt(masterKey.jwk, mkSharedKey.toJSON(true));
267
- const initiatorOneTimePbk = yield KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.oneTimePbk);
268
- const initiatorPbk = yield KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.pbk);
269
- const initiatorSigPbk = yield KeyFactoryService.asKey(decryptedOtk.otKeyCipherClearJson.initiator.sigPbk);
270
- // Option 1: Using new Prk for each TP pair
271
- // Create a new public signing key for the responder.
272
- // const responderSigPrk = await this.keyService.createPkcSignKey()
273
- // const rkWrappedResponderSigPrk = await this.encrypt(rootKey, responderSigPrk.toJSON(true));
274
- // Option 2: Responder already has a signing Prk
275
- const responderPrk = this.keyService.currentPxk;
276
- const responderSigPrk = this.keyService.currentSigPxk;
277
- const signedInitiatorPbk = yield this.encryptionService.sign(responderSigPrk.jwk, initiatorPbk.toJSON());
278
- const signedInitiatorSigPbk = yield this.encryptionService.sign(responderSigPrk.jwk, initiatorSigPbk.toJSON());
279
- const initiatorOneTimePbkCipherClearJson = {
280
- nonce: decryptedOtk.otKeyCipherClearJson.nonce,
281
- sharedKey: sharedKey.toJSON(true),
282
- mkSharedKey: mkSharedKey.toJSON(true),
283
- responder: {
284
- pbk: responderPrk.jwk.toJSON(),
285
- sigPbk: responderSigPrk.jwk.toJSON(),
286
- message,
287
- },
288
- };
289
- let receivedCardInput;
290
- if (decryptedOtk.otKeyCipherClearJson.initiator.contactCard) {
291
- // Set the info about the initiator to be the ones sent by the initiator. We need th responder to do the encryption here
292
- // because the initiator does not have the shared key yet, and we want the responder to have a functional contact card after
293
- // this exchange. The initiator can double check the contact details are correct and sign it when it completes the exchange.
294
- const sharedCipherDataClearJson = decryptedOtk.otKeyCipherClearJson.initiator.contactCard
295
- .sharedCipherDataClearJson;
296
- // Create keys
297
- const receiverKey = yield this.keyFactory.createKey();
298
- const ccSharedKey = yield this.keyFactory.createKey();
299
- const sigPxk = this.keyService.currentSigPxk;
300
- receivedCardInput = {
301
- receiverWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, receiverKey.toJSON(true))),
302
- receiverWrappingKeyId: rootKey.id,
303
- receiverCipherData: initiatorContactCard
304
- ? JSON.stringify(yield this.encryptionService.encrypt(receiverKey, initiatorContactCard.receiverCipherDataClearJson))
305
- : '',
306
- sharedWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(sharedKey, ccSharedKey.toJSON(true))),
307
- };
308
- const sharedCipherData = yield this.encryptionService.encrypt(ccSharedKey, sharedCipherDataClearJson);
309
- receivedCardInput.sharedCipherDataSig = JSON.stringify(yield this.encryptionService.sign(sigPxk.jwk, sharedCipherData));
310
- receivedCardInput.sigPxkId = sigPxk.id;
311
- initiatorOneTimePbkCipherClearJson.responder.contactCard = Object.assign(Object.assign({}, initiatorOneTimePbkCipherClearJson.responder.contactCard), { sharedCipherKey: ccSharedKey.toJSON(true) });
312
- }
313
- let responderCardInput;
314
- if (responderContactCard) {
315
- // Create keys
316
- const ownerKey = yield this.keyFactory.createKey();
317
- const ccSharedKey = yield this.keyFactory.createKey();
318
- const sigPxk = this.keyService.currentSigPxk;
319
- responderCardInput = {
320
- ownerWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, ownerKey.toJSON(true))),
321
- ownerWrappingKeyId: rootKey.id,
322
- ownerCipherData: responderContactCard.ownerCipherDataClearJson
323
- ? JSON.stringify(yield this.encryptionService.encrypt(ownerKey, responderContactCard.ownerCipherDataClearJson))
324
- : '',
325
- sharedWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(sharedKey, ccSharedKey.toJSON(true))),
326
- };
327
- const sharedCipherData = yield this.encryptionService.encrypt(ccSharedKey, responderContactCard.sharedCipherDataClearJson);
328
- responderCardInput.sharedCipherDataSig = JSON.stringify(yield this.encryptionService.sign(sigPxk.jwk, sharedCipherData));
329
- responderCardInput.sigPxkId = sigPxk.id;
330
- if (responderContactCard.ownerPlainDataJson) {
331
- responderCardInput.ownerPlainDataSig = JSON.stringify(yield this.encryptionService.sign(responderSigPrk.jwk, responderContactCard.ownerPlainDataJson));
332
- }
333
- // Contact card info readable by the initiator
334
- initiatorOneTimePbkCipherClearJson.responder.contactCard = Object.assign(Object.assign({}, initiatorOneTimePbkCipherClearJson.responder.contactCard), { sharedCipherDataClearJson: responderContactCard.sharedCipherDataClearJson });
335
- }
336
- // Encrypt with one-time public key
337
- let initiatorOneTimePbkCipher = yield this.encryptionService.encrypt(initiatorOneTimePbk, initiatorOneTimePbkCipherClearJson);
338
- // Encrypt with the otk again to keep use of asymmetric keys to a minimum.
339
- initiatorOneTimePbkCipher = yield this.encryptionService.encrypt(decryptedOtk.otKey, initiatorOneTimePbkCipher);
340
- return new LrMutation({
341
- mutation: RespondKeyExchangeOtkMutation,
342
- variables: {
343
- input: {
344
- keyExchangeId,
345
- keyExchangeToken: token,
346
- rootKeyId: rootKey.id,
347
- masterKeyId: masterKey.id,
348
- // These will be stored on the server
349
- responderPxkId: responderPrk.id,
350
- responderSigPxkId: responderSigPrk.id,
351
- signedInitiatorPbk: JSON.stringify(signedInitiatorPbk),
352
- signedInitiatorSigPbk: JSON.stringify(signedInitiatorSigPbk),
353
- // rkWrappedInitiatorSigPbk: JSON.stringify(rkWrappedInitiatorSigPbk),
354
- // Option 1: Using new Prk for each TP pair
355
- // rkWrappedResponderSigPrk: JSON.stringify(rkWrappedResponderSigPrk),
356
- rkWrappedSharedKey: JSON.stringify(rkWrappedSharedKey),
357
- mkWrappedMkSharedKey: JSON.stringify(mkWrappedMkSharedKey),
358
- // These will be sent to the initiator
359
- initiatorOneTimePbkCipher: JSON.stringify(initiatorOneTimePbkCipher),
360
- initiatorContactCard: receivedCardInput,
361
- responderContactCard: responderCardInput,
362
- },
363
- },
364
- });
365
- });
366
- }
367
- completeOtk(input) {
368
- return this.mutate(this.completeOtkMutation(input));
369
- }
370
- completeOtkMutation({ keyExchangeId, initiatorRootKeyCipher, initiatorOneTimePbkCipher, responderContactCard, initiatorContactCard, }) {
371
- return __awaiter(this, void 0, void 0, function* () {
372
- const rootKey = this.keyService.currentRootKey;
373
- const masterKey = this.keyService.currentMasterKey;
374
- // Decrypt using the root key to get the Prk
375
- const initiatorRootKeyCipherClearJson = (yield this.encryptionService.decrypt(rootKey.jwk, initiatorRootKeyCipher));
376
- // The Prk is single-use and only used to send information from the responder back to the initiator.
377
- const plainInitiatorOneTimePbkCipher = yield this.decryptResponseCipher(yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.otKey), yield KeyFactoryService.asKey(initiatorRootKeyCipherClearJson.oneTimePrk), initiatorOneTimePbkCipher);
378
- // Check the nonce match to ensure the responder was the one holding the OTK
379
- if (initiatorRootKeyCipherClearJson.nonce !==
380
- plainInitiatorOneTimePbkCipher.nonce) {
381
- throw new KcCodeMismatchException('The nonce returned by responder does not match with the one created by the initiator.');
382
- }
383
- // Option 1: Assuming the signing key is unique between users.
384
- // const initiatorSigPrk = await KFS.asKey(ke.plainInitiatorRootKeyCipher.sigPrk);
385
- // const rkWrappedInitiatorSigPrk = await this.encrypt(rootKey, initiatorSigPrk.toJSON(true));
386
- // Option 2: Use the user's global signing key.
387
- // In this case the initiatorSigPrk is already a part of the key graph.
388
- // So there's nothing to do here.
389
- // Protected the signing public key of the responder.
390
- const initiatorSigPrk = this.keyService.currentSigPxk;
391
- const responderSigPbk = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.sigPbk);
392
- const responderPbk = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.pbk);
393
- const signedResponderPbk = yield this.encryptionService.sign(initiatorSigPrk.jwk, responderPbk.toJSON());
394
- const signedResponderSigPbk = yield this.encryptionService.sign(initiatorSigPrk.jwk, responderSigPbk.toJSON());
395
- const sharedKey = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.sharedKey);
396
- const rkWrappedSharedKey = yield this.encryptionService.encrypt(rootKey.jwk, sharedKey.toJSON(true));
397
- const mkSharedKey = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.mkSharedKey);
398
- const mkWrappedMkSharedKey = yield this.encryptionService.encrypt(masterKey.jwk, mkSharedKey.toJSON(true));
399
- let responderContactCardCipherInput;
400
- if (responderContactCard) {
401
- // Create key
402
- const receiverKey = yield this.keyFactory.createKey();
403
- responderContactCardCipherInput = {
404
- receiverWrappedKey: JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, receiverKey.toJSON(true))),
405
- receiverWrappingKeyId: rootKey.id,
406
- receiverCipherData: JSON.stringify(yield this.encryptionService.encrypt(receiverKey, responderContactCard.receiverCipherDataClearJson)),
407
- };
408
- }
409
- // Get the data needed from the initiator's cipher data.
410
- let initiatorContactCardCipherInput;
411
- let initiatorContactCardSharedCipherInput;
412
- if (initiatorRootKeyCipherClearJson.initiatorContactCard) {
413
- // The initiatorContactCard created during the creation of the invite and encrypted using the initiator's
414
- // root key
415
- const initiatorContactCardFromInit = initiatorRootKeyCipherClearJson.initiatorContactCard;
416
- const ownerKey = yield this.keyFactory.createKey();
417
- const sharedCipherKey = yield KeyFactoryService.asKey(plainInitiatorOneTimePbkCipher.responder.contactCard.sharedCipherKey);
418
- const ownerWrappedKey = JSON.stringify(yield this.encryptionService.encrypt(rootKey.jwk, ownerKey.toJSON(true)));
419
- // Allow the initiatorContactCard parameter to override
420
- const ownerCipherDataClearJson = (initiatorContactCard === null || initiatorContactCard === void 0 ? void 0 : initiatorContactCard.ownerCipherDataClearJson) ||
421
- initiatorContactCardFromInit.ownerCipherDataClearJson;
422
- const ownerCipherData = ownerCipherDataClearJson
423
- ? yield this.keyGraph.encryptToString(ownerKey, ownerCipherDataClearJson)
424
- : '';
425
- initiatorContactCardCipherInput = {
426
- ownerWrappedKey,
427
- ownerWrappingKeyId: rootKey.id,
428
- ownerCipherData,
429
- };
430
- initiatorContactCardSharedCipherInput = {
431
- sigPxkId: initiatorSigPrk.id,
432
- };
433
- const sharedCipherData = yield this.encryptionService.encrypt(sharedCipherKey, initiatorContactCardFromInit.sharedCipherDataClearJson);
434
- initiatorContactCardSharedCipherInput.sharedCipherDataSig =
435
- JSON.stringify(yield this.encryptionService.sign(initiatorSigPrk.jwk, sharedCipherData));
436
- }
437
- // TODO ideally we update the shared data in the contact card sent to the responder as well since that
438
- // CC was created by the responder.
439
- return new LrMutation({
440
- mutation: CompleteKeyExchangeOtkMutation,
441
- variables: {
442
- input: {
443
- keyExchangeId,
444
- rootKeyId: rootKey.id,
445
- masterKeyId: masterKey.id,
446
- initiatorSigPxkId: initiatorSigPrk.id,
447
- signedResponderPbk: JSON.stringify(signedResponderPbk),
448
- signedResponderSigPbk: JSON.stringify(signedResponderSigPbk),
449
- rkWrappedSharedKey: JSON.stringify(rkWrappedSharedKey),
450
- mkWrappedMkSharedKey: JSON.stringify(mkWrappedMkSharedKey),
451
- responderContactCardCipher: responderContactCardCipherInput,
452
- initiatorContactCardCipher: initiatorContactCardCipherInput,
453
- initiatorContactCardSharedCipher: initiatorContactCardSharedCipherInput,
454
- },
455
- },
456
- });
457
- });
458
- }
459
- };
460
- KeyExchange2Service.ɵprov = i0.ɵɵdefineInjectable({ factory: function KeyExchange2Service_Factory() { return new KeyExchange2Service(i0.ɵɵinject(i0.NgZone), i0.ɵɵinject(i0.INJECTOR), i0.ɵɵinject(i1.KeyFactoryService), i0.ɵɵinject(i2.KeyService), i0.ɵɵinject(i3.EncryptionService), i0.ɵɵinject(i4.KeyGraphService)); }, token: KeyExchange2Service, providedIn: "root" });
461
- KeyExchange2Service.decorators = [
462
- { type: Injectable, args: [{
463
- providedIn: 'root',
464
- },] }
465
- ];
466
- KeyExchange2Service.ctorParameters = () => [
467
- { type: NgZone },
468
- { type: Injector },
469
- { type: KeyFactoryService },
470
- { type: KeyService },
471
- { type: EncryptionService },
472
- { type: KeyGraphService }
473
- ];
474
- KeyExchange2Service = __decorate([
475
- RunOutsideAngular({
476
- ngZoneName: 'ngZone',
477
- })
478
- ], KeyExchange2Service);
479
- export { KeyExchange2Service };
480
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5LWV4Y2hhbmdlMi5zZXJ2aWNlLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vLi4vcHJvamVjdHMvY29yZS9zcmMvbGliL2tleS1leGNoYW5nZS9rZXktZXhjaGFuZ2UyLnNlcnZpY2UudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IjtBQUFBLE9BQU8sRUFBRSxVQUFVLEVBQUUsUUFBUSxFQUFFLE1BQU0sRUFBRSxNQUFNLGVBQWUsQ0FBQztBQUU3RCxPQUFPLEVBQUUsVUFBVSxFQUFFLFNBQVMsRUFBRSxNQUFNLG1CQUFtQixDQUFDO0FBTzFELE9BQU8sRUFDTCxpQkFBaUIsRUFDakIsaUJBQWlCLEdBQ2xCLE1BQU0sa0NBQWtDLENBQUM7QUFDMUMsT0FBTyxFQUFFLGlCQUFpQixFQUFFLE1BQU0sNEJBQTRCLENBQUM7QUFDL0QsT0FBTyxFQUFFLGVBQWUsRUFBRSxNQUFNLDBCQUEwQixDQUFDO0FBQzNELE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxvQkFBb0IsQ0FBQztBQUNoRCxPQUFPLEVBQUUsdUJBQXVCLEVBQUUsTUFBTSx1QkFBdUIsQ0FBQztBQUNoRSxPQUFPLEVBQUUsaUJBQWlCLEVBQUUsTUFBTSxnQ0FBZ0MsQ0FBQztBQUNuRSxPQUFPLEVBQ0wseUJBQXlCLEVBQ3pCLDhCQUE4QixFQUM5QiwwQkFBMEIsRUFDMUIsMEJBQTBCLEVBQzFCLDhCQUE4QixFQUU5QixpQkFBaUIsRUFDakIsa0JBQWtCLEVBRWxCLHNCQUFzQixFQUN0Qiw2QkFBNkIsR0FDOUIsTUFBTSxxQkFBcUIsQ0FBQzs7Ozs7O0lBNEhoQixtQkFBbUIsU0FBbkIsbUJBQW9CLFNBQVEsU0FBUztJQUdoRCxZQUNVLE1BQWMsRUFDZCxRQUFrQixFQUNsQixVQUE2QixFQUM3QixVQUFzQixFQUN0QixpQkFBb0MsRUFDcEMsUUFBeUI7UUFFakMsS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBUFIsV0FBTSxHQUFOLE1BQU0sQ0FBUTtRQUNkLGFBQVEsR0FBUixRQUFRLENBQVU7UUFDbEIsZUFBVSxHQUFWLFVBQVUsQ0FBbUI7UUFDN0IsZUFBVSxHQUFWLFVBQVUsQ0FBWTtRQUN0QixzQkFBaUIsR0FBakIsaUJBQWlCLENBQW1CO1FBQ3BDLGFBQVEsR0FBUixRQUFRLENBQWlCO1FBUmxCLHdCQUFtQixHQUFHLEVBQUUsQ0FBQztJQVcxQyxDQUFDO0lBRWEsUUFBUSxDQUNwQixXQUFnQyxFQUNoQyxNQUFlOztZQUVmLElBQUksTUFBTSxFQUFFO2dCQUNWLE9BQU8sTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLGlDQUMvQixJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsV0FBVyxDQUFDLEtBQzFDLENBQUMsRUFBRSxNQUFNLElBQ1QsQ0FBQzthQUNKO2lCQUFNLElBQ0wsV0FBVyxDQUFDLEdBQUcsQ0FBQyxLQUFLLEtBQUssZUFBZTtnQkFDekMsQ0FBQyxXQUFXLENBQUMsV0FBVztnQkFDeEIsV0FBVyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsRUFDbEM7Z0JBQ0EseUZBQXlGO2dCQUN6RixNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsVUFBVSxDQUFDLFVBQVUsQ0FBQztnQkFDdkMsTUFBTSxlQUFlLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUMxRCxHQUFHLENBQUMsR0FBRyxFQUNQLElBQUksQ0FBQyxLQUFLLENBQUMsV0FBVyxDQUFDLEdBQUcsQ0FBQyxrQkFBa0IsQ0FBQyxFQUM5QztvQkFDRSxjQUFjLEVBQUUsQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUM7aUJBQzVDLENBQ0YsQ0FBQztnQkFDRixJQUFJLGVBQWUsQ0FBQyxLQUFLLEVBQUU7b0JBQ3pCLE9BQU8sTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDO2lCQUM3RDthQUNGO1lBQ0QsT0FBTyxJQUFJLENBQUM7UUFDZCxDQUFDO0tBQUE7SUFFYSxVQUFVLENBQ3RCLFdBQWdDLEVBQ2hDLE1BQWU7O1lBRWYsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLFdBQVcsRUFBRSxNQUFNLENBQUMsQ0FBQztZQUV2RCxJQUFJLEdBQUcsR0FBRyxXQUFXLENBQUMsR0FBRyxDQUFDO1lBRTFCLElBQUksS0FBSyxJQUFJLEdBQUcsQ0FBQyxXQUFXLEVBQUU7Z0JBQzVCLEdBQUcsbUNBQ0UsR0FBRyxLQUNOLEtBQUssRUFDTCxvQkFBb0IsRUFBRSxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ3hELEtBQUssRUFDTCxXQUFXLENBQUMsR0FBRyxDQUFDLFdBQVcsQ0FDNUIsR0FDRixDQUFDO2FBQ0g7WUFFRCx1Q0FDSyxXQUFXLEtBQ2QsR0FBRyxJQUNIO1FBQ0osQ0FBQztLQUFBO0lBRWEscUJBQXFCLENBQ2pDLEtBQWMsRUFDZCxLQUFjLEVBQ2QsT0FBbUI7O1lBRW5CLG9FQUFvRTtZQUNwRSxJQUFJO2dCQUNGLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQUMsS0FBSyxFQUFFLE9BQU8sQ0FBQyxDQUFDO2FBQ2hFO1lBQUMsT0FBTyxLQUFLLEVBQUU7Z0JBQ2QsSUFBSSxLQUFLLENBQUMsT0FBTyxLQUFLLGNBQWMsRUFBRTtvQkFDcEMsTUFBTSxLQUFLLENBQUM7aUJBQ2I7Z0JBQ0QsOEVBQThFO2FBQy9FO1lBRUQsb0dBQW9HO1lBQ3BHLE9BQU8sTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUFDLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztRQUM5RCxDQUFDO0tBQUE7SUFFYSw2QkFBNkIsQ0FDekMsV0FBZ0M7O1lBRWhDLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDO1lBRS9DLDRDQUE0QztZQUM1QyxNQUFNLCtCQUErQixHQUNuQyxDQUFDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbkMsT0FBTyxDQUFDLEdBQUcsRUFDWCxXQUFXLENBQUMsc0JBQXNCLENBQ25DLENBQXFDLENBQUM7WUFFekMsTUFBTSxLQUFLLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQ3pDLCtCQUErQixDQUFDLEtBQUssQ0FDdEMsQ0FBQztZQUVGLFdBQVcsbUNBQ04sV0FBVyxLQUNkLCtCQUErQixHQUNoQyxDQUFDO1lBRUYsSUFBSSxHQUFHLEdBQUcsV0FBVyxDQUFDLEdBQUcsQ0FBQztZQUUxQixJQUFJLEdBQUcsQ0FBQyx5QkFBeUIsRUFBRTtnQkFDakMsR0FBRyxtQ0FDRSxHQUFHLEtBQ04sa0NBQWtDLEVBQUUsTUFBTSxJQUFJLENBQUMscUJBQXFCLENBQ2xFLEtBQUssRUFDTCxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FDM0IsK0JBQStCLENBQUMsVUFBVSxDQUMzQyxFQUNELEdBQUcsQ0FBQyx5QkFBeUIsQ0FDOUIsR0FDRixDQUFDO2FBQ0g7WUFFRCxJQUFJLEdBQUcsQ0FBQyxXQUFXLEVBQUU7Z0JBQ25CLEdBQUcsQ0FBQyxvQkFBb0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzdELEtBQUssRUFDTCxHQUFHLENBQUMsV0FBVyxDQUNoQixDQUFDO2FBQ0g7WUFFRCx1Q0FDSyxXQUFXLEtBQ2QsR0FBRyxJQUNIO1FBQ0osQ0FBQztLQUFBO0lBRWEsNkJBQTZCLENBQ3pDLFdBQWdDLEVBQ2hDLE1BQWU7O1lBRWYsT0FBTyxJQUFJLENBQUMsVUFBVSxDQUFDLFdBQVcsRUFBRSxNQUFNLENBQUMsQ0FBQztRQUM5QyxDQUFDO0tBQUE7SUFFSyxrQkFBa0IsQ0FBQyxXQUFnQyxFQUFFLE1BQWU7O1lBQ3hFLElBQUksV0FBVyxDQUFDLFdBQVcsRUFBRTtnQkFDM0IsT0FBTyxJQUFJLENBQUMsNkJBQTZCLENBQUMsV0FBVyxDQUFDLENBQUM7YUFDeEQ7aUJBQU07Z0JBQ0wsT0FBTyxJQUFJLENBQUMsNkJBQTZCLENBQUMsV0FBVyxFQUFFLE1BQU0sQ0FBQyxDQUFDO2FBQ2hFO1FBQ0gsQ0FBQztLQUFBO0lBRUssZUFBZSxDQUFDLEVBQUUsS0FBSyxLQUFvQyxFQUFFOztZQUNqRSxNQUFNLEVBQUUsWUFBWSxFQUFFLEdBQUcsTUFBTSxJQUFJLENBQUMsS0FBSyxDQUFDO2dCQUN4QyxLQUFLLEVBQUUsa0JBQWtCO2dCQUN6QixTQUFTLEVBQUU7b0JBQ1QsS0FBSztpQkFDTjthQUNGLENBQUMsQ0FBQztZQUVILE9BQU8sT0FBTyxDQUFDLEdBQUcsQ0FDaEIsWUFBWSxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQyxJQUFJLEVBQUUsRUFBRSxDQUFDLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FDckUsQ0FBQztRQUNKLENBQUM7S0FBQTtJQUVEOzs7OztPQUtHO0lBQ0csY0FBYyxDQUNsQixFQUFVLEVBQ1YsRUFBRSxNQUFNLEVBQUUsS0FBSyxLQUE2QixFQUFFOztZQUU5QyxNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxLQUFLLENBQUM7Z0JBQzNCLEtBQUssRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDLHNCQUFzQixDQUFDLENBQUMsQ0FBQyxpQkFBaUI7Z0JBQ3pELFNBQVMsRUFBRTtvQkFDVCxFQUFFO29CQUNGLEtBQUs7aUJBQ047Z0JBQ0QsZUFBZSxFQUFFLENBQUMsS0FBSzthQUN4QixDQUFDLENBQUM7WUFDSCxPQUFPLElBQUksQ0FBQyxrQkFBa0IsQ0FBQyxHQUFHLENBQUMsV0FBVyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBQzFELENBQUM7S0FBQTtJQUVZLHVCQUF1QixDQUFDLEtBR3BDOztZQUNDLE9BQU8sSUFBSSxDQUFDLEtBQUssQ0FBQztnQkFDaEIsS0FBSyxFQUFFLDBCQUEwQjtnQkFDakMsU0FBUyxFQUFFO29CQUNULFFBQVEsRUFBRSxLQUFLLENBQUMsUUFBUTtvQkFDeEIsTUFBTSxFQUFFLEtBQUssQ0FBQyxNQUFNO2lCQUNyQjthQUNGLENBQUMsQ0FBQztRQUNMLENBQUM7S0FBQTtJQUVELGlCQUFpQixDQUFDLEVBQVU7UUFDMUIsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyx5QkFBeUIsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0lBQ3pELENBQUM7SUFFRCx5QkFBeUIsQ0FBQyxFQUFVO1FBQ2xDLE9BQU8sSUFBSSxVQUFVLENBQUM7WUFDcEIsUUFBUSxFQUFFLHlCQUF5QjtZQUNuQyxTQUFTLEVBQUU7Z0JBQ1QsS0FBSyxFQUFFO29CQUNMLEVBQUU7aUJBQ0g7YUFDRjtTQUNGLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFRCxrQkFBa0IsQ0FBQyxFQUFVLEVBQUUsS0FBYTtRQUMxQyxPQUFPLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDBCQUEwQixDQUFDLEVBQUUsRUFBRSxLQUFLLENBQUMsQ0FBQyxDQUFDO0lBQ2pFLENBQUM7SUFFRCwwQkFBMEIsQ0FBQyxFQUFVLEVBQUUsS0FBYTtRQUNsRCxPQUFPLElBQUksVUFBVSxDQUFDO1lBQ3BCLFFBQVEsRUFBRSwwQkFBMEI7WUFDcEMsU0FBUyxFQUFFO2dCQUNULEtBQUssRUFBRTtvQkFDTCxFQUFFO29CQUNGLEtBQUs7aUJBQ047YUFDRjtTQUNGLENBQUMsQ0FBQztJQUNMLENBQUM7SUFFSyxXQUFXLENBQUMsUUFBMkIsRUFBRTs7WUFDN0MsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsTUFBTSxJQUFJLENBQUMsbUJBQW1CLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUN6RSxDQUFDO0tBQUE7SUFFSyxtQkFBbUIsQ0FBQyxFQUN4QixPQUFPLEVBQ1AsS0FBSyxFQUNMLFdBQVcsRUFDWCxPQUFPLE1BQ2MsRUFBRTs7WUFDdkIsTUFBTSxLQUFLLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBQ2hELE1BQU0sS0FBSyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO1lBRXJFLGtGQUFrRjtZQUNsRixpQ0FBaUM7WUFDakMsTUFBTSxtQkFBbUIsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsWUFBWSxFQUFFLENBQUM7WUFFakUsb0NBQW9DO1lBQ3BDLG9FQUFvRTtZQUVwRSwrQ0FBK0M7WUFDL0Msc0RBQXNEO1lBQ3RELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDO1lBQ2hELE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDO1lBRXRELElBQUkscUJBQXFCLEdBQVcsSUFBSSxDQUFDO1lBRXpDLElBQUksV0FBVyxJQUFJLFdBQVcsQ0FBQyxrQkFBa0IsRUFBRTtnQkFDakQscUJBQXFCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsWUFBWSxDQUMvRCxlQUFlLENBQUMsR0FBRyxFQUNuQixXQUFXLENBQUMsa0JBQWtCLENBQy9CLENBQUM7YUFDSDtZQUVELE1BQU0sU0FBUyxHQUFHO2dCQUNoQixPQUFPO2dCQUNQLFdBQVcsRUFBRSxXQUFXLElBQUk7b0JBQzFCLHlCQUF5QixFQUFFLFdBQVcsQ0FBQyx5QkFBeUI7aUJBQ2pFO2FBQ0YsQ0FBQztZQUVGLHlDQUF5QztZQUN6QyxNQUFNLGdCQUFnQixHQUEwQjtnQkFDOUMsb0ZBQW9GO2dCQUNwRixnRkFBZ0Y7Z0JBQ2hGLHdGQUF3RjtnQkFDeEYsa0ZBQWtGO2dCQUNsRix5QkFBeUI7Z0JBQ3pCLEtBQUs7Z0JBQ0wsU0FBUyxrQ0FDSixTQUFTLEtBQ1osVUFBVSxFQUFFLG1CQUFtQixDQUFDLE1BQU0sRUFBRSxFQUN4QyxHQUFHLEVBQUUsWUFBWSxDQUFDLEdBQUcsQ0FBQyxNQUFNLEVBQUUsRUFDOUIsTUFBTSxFQUFFLGVBQWUsQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFLEdBQ3JDO2FBQ0YsQ0FBQztZQUVGLE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFFBQVEsQ0FBQyxlQUFlLENBQ3JELEtBQUssRUFDTCxnQkFBZ0IsQ0FDakIsQ0FBQztZQUVGLDBEQUEwRDtZQUMxRCxNQUFNLCtCQUErQixHQUFxQztnQkFDeEUsS0FBSztnQkFDTCxVQUFVLEVBQUUsbUJBQW1CLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQztnQkFDNUMsb0ZBQW9GO2dCQUNwRix3Q0FBd0M7Z0JBRXhDLGdFQUFnRTtnQkFDaEUsd0VBQXdFO2dCQUN4RSwrRUFBK0U7Z0JBQy9FLEtBQUssRUFBRSxLQUFLLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQztnQkFDekIsMkZBQTJGO2dCQUMzRix3Q0FBd0M7Z0JBQ3hDLG9CQUFvQixFQUFFLFdBQVc7Z0JBQ2pDLFNBQVM7YUFDVixDQUFDO1lBRUYsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxjQUFjLENBQUM7WUFDL0MsTUFBTSxzQkFBc0IsR0FBRyxNQUFNLElBQUksQ0FBQyxRQUFRLENBQUMsZUFBZSxDQUNoRSxPQUFPLENBQUMsR0FBRyxFQUNYLCtCQUErQixDQUNoQyxDQUFDO1lBRUYsY0FBYztZQUNkLE1BQU0sTUFBTSxHQUFZLEtBQUssQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFnQixDQUFDLENBQUMsQ0FBQztZQUU1RCxXQUFXO1lBQ1gsTUFBTSxVQUFVLEdBQUcsSUFBSSxVQUFVLENBQUM7Z0JBQ2hDLFFBQVEsRUFBRSw4QkFBOEI7Z0JBQ3hDLFNBQVMsRUFBRTtvQkFDVCxLQUFLLEVBQUU7d0JBQ0wscUNBQXFDO3dCQUNyQyxzQkFBc0I7d0JBQ3RCLGNBQWMsRUFBRSxZQUFZLENBQUMsRUFBRTt3QkFDL0IsaUJBQWlCLEVBQUUsZUFBZSxDQUFDLEVBQUU7d0JBQ3JDLHNDQUFzQzt3QkFDdEMsV0FBVyxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRSxDQUFDO3dCQUMzQyxXQUFXO3dCQUNYLFNBQVMsRUFBRSxLQUFLLElBQUk7NEJBQ2xCLEtBQUs7NEJBQ0wsUUFBUSxFQUFFLE1BQU07eUJBQ2pCO3dCQUNELFFBQVEsRUFBRSxJQUFJO3dCQUNkLHFCQUFxQjt3QkFDckIsT0FBTztxQkFDUjtpQkFDRjthQUNGLENBQUMsQ0FBQztZQUVILE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxFQUFFLENBQUM7UUFDaEMsQ0FBQztLQUFBO0lBRUQsVUFBVSxDQUFDLEtBQXVCO1FBQ2hDLE9BQU8sSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsa0JBQWtCLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztJQUNyRCxDQUFDO0lBRUssa0JBQWtCLENBQUMsRUFDdkIsYUFBYSxFQUNiLEtBQUssRUFDTCxZQUFZLEVBQ1osT0FBTyxFQUNQLG9CQUFvQixFQUNwQixvQkFBb0IsR0FDSDs7WUFDakIsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxjQUFjLENBQUM7WUFFL0MsTUFBTSxTQUFTLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxnQkFBZ0IsQ0FBQztZQUVuRCxNQUFNLFNBQVMsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7WUFDcEQsTUFBTSxXQUFXLEdBQUcsTUFBTSxJQUFJLENBQUMsVUFBVSxDQUFDLFNBQVMsRUFBRSxDQUFDO1lBRXRELE1BQU0sa0JBQWtCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUM3RCxPQUFPLENBQUMsR0FBRyxFQUNYLFNBQVMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3ZCLENBQUM7WUFDRixNQUFNLG9CQUFvQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDL0QsU0FBUyxDQUFDLEdBQUcsRUFDYixXQUFXLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUN6QixDQUFDO1lBRUYsTUFBTSxtQkFBbUIsR0FBRyxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FDdkQsWUFBWSxDQUFDLG9CQUFvQixDQUFDLFNBQVMsQ0FBQyxVQUFVLENBQ3ZELENBQUM7WUFFRixNQUFNLFlBQVksR0FBRyxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FDaEQsWUFBWSxDQUFDLG9CQUFvQixDQUFDLFNBQVMsQ0FBQyxHQUFHLENBQ2hELENBQUM7WUFDRixNQUFNLGVBQWUsR0FBRyxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FDbkQsWUFBWSxDQUFDLG9CQUFvQixDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQ25ELENBQUM7WUFFRiwyQ0FBMkM7WUFDM0MscURBQXFEO1lBQ3JELG1FQUFtRTtZQUNuRSw4RkFBOEY7WUFFOUYsZ0RBQWdEO1lBQ2hELE1BQU0sWUFBWSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsVUFBVSxDQUFDO1lBQ2hELE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsYUFBYSxDQUFDO1lBRXRELE1BQU0sa0JBQWtCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUMxRCxlQUFlLENBQUMsR0FBRyxFQUNuQixZQUFZLENBQUMsTUFBTSxFQUFFLENBQ3RCLENBQUM7WUFDRixNQUFNLHFCQUFxQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FDN0QsZUFBZSxDQUFDLEdBQUcsRUFDbkIsZUFBZSxDQUFDLE1BQU0sRUFBRSxDQUN6QixDQUFDO1lBRUYsTUFBTSxrQ0FBa0MsR0FDdEM7Z0JBQ0UsS0FBSyxFQUFFLFlBQVksQ0FBQyxvQkFBb0IsQ0FBQyxLQUFLO2dCQUM5QyxTQUFTLEVBQUUsU0FBUyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUM7Z0JBQ2pDLFdBQVcsRUFBRSxXQUFXLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQztnQkFDckMsU0FBUyxFQUFFO29CQUNULEdBQUcsRUFBRSxZQUFZLENBQUMsR0FBRyxDQUFDLE1BQU0sRUFBRTtvQkFDOUIsTUFBTSxFQUFFLGVBQWUsQ0FBQyxHQUFHLENBQUMsTUFBTSxFQUFFO29CQUNwQyxPQUFPO2lCQUNSO2FBQ0YsQ0FBQztZQUVKLElBQUksaUJBQWlCLENBQUM7WUFDdEIsSUFBSSxZQUFZLENBQUMsb0JBQW9CLENBQUMsU0FBUyxDQUFDLFdBQVcsRUFBRTtnQkFDM0Qsd0hBQXdIO2dCQUN4SCw0SEFBNEg7Z0JBQzVILDRIQUE0SDtnQkFDNUgsTUFBTSx5QkFBeUIsR0FDN0IsWUFBWSxDQUFDLG9CQUFvQixDQUFDLFNBQVMsQ0FBQyxXQUFXO3FCQUNwRCx5QkFBeUIsQ0FBQztnQkFFL0IsY0FBYztnQkFDZCxNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ3RELE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDdEQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUM7Z0JBRTdDLGlCQUFpQixHQUFHO29CQUNsQixrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUNoQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2xDLE9BQU8sQ0FBQyxHQUFHLEVBQ1gsV0FBVyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDekIsQ0FDRjtvQkFDRCxxQkFBcUIsRUFBRSxPQUFPLENBQUMsRUFBRTtvQkFDakMsa0JBQWtCLEVBQUUsb0JBQW9CO3dCQUN0QyxDQUFDLENBQUMsSUFBSSxDQUFDLFNBQVMsQ0FDWixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2xDLFdBQVcsRUFDWCxvQkFBb0IsQ0FBQywyQkFBMkIsQ0FDakQsQ0FDRjt3QkFDSCxDQUFDLENBQUMsRUFBRTtvQkFDTixnQkFBZ0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUM5QixNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2xDLFNBQVMsRUFDVCxXQUFXLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxDQUN6QixDQUNGO2lCQUNGLENBQUM7Z0JBRUYsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzNELFdBQVcsRUFDWCx5QkFBeUIsQ0FDMUIsQ0FBQztnQkFDRixpQkFBaUIsQ0FBQyxtQkFBbUIsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUNwRCxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxJQUFJLENBQUMsTUFBTSxDQUFDLEdBQUcsRUFBRSxnQkFBZ0IsQ0FBQyxDQUNoRSxDQUFDO2dCQUNGLGlCQUFpQixDQUFDLFFBQVEsR0FBRyxNQUFNLENBQUMsRUFBRSxDQUFDO2dCQUV2QyxrQ0FBa0MsQ0FBQyxTQUFTLENBQUMsV0FBVyxtQ0FDbkQsa0NBQWtDLENBQUMsU0FBUyxDQUFDLFdBQVcsS0FDM0QsZUFBZSxFQUFFLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLEdBQzFDLENBQUM7YUFDSDtZQUVELElBQUksa0JBQWtCLENBQUM7WUFDdkIsSUFBSSxvQkFBb0IsRUFBRTtnQkFDeEIsY0FBYztnQkFDZCxNQUFNLFFBQVEsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBQ25ELE1BQU0sV0FBVyxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDdEQsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUM7Z0JBRTdDLGtCQUFrQixHQUFHO29CQUNuQixlQUFlLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDN0IsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNsQyxPQUFPLENBQUMsR0FBRyxFQUNYLFFBQVEsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3RCLENBQ0Y7b0JBQ0Qsa0JBQWtCLEVBQUUsT0FBTyxDQUFDLEVBQUU7b0JBQzlCLGVBQWUsRUFBRSxvQkFBb0IsQ0FBQyx3QkFBd0I7d0JBQzVELENBQUMsQ0FBQyxJQUFJLENBQUMsU0FBUyxDQUNaLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbEMsUUFBUSxFQUNSLG9CQUFvQixDQUFDLHdCQUF3QixDQUM5QyxDQUNGO3dCQUNILENBQUMsQ0FBQyxFQUFFO29CQUVOLGdCQUFnQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQzlCLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbEMsU0FBUyxFQUNULFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3pCLENBQ0Y7aUJBQ0YsQ0FBQztnQkFFRixNQUFNLGdCQUFnQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDM0QsV0FBVyxFQUNYLG9CQUFvQixDQUFDLHlCQUF5QixDQUMvQyxDQUFDO2dCQUNGLGtCQUFrQixDQUFDLG1CQUFtQixHQUFHLElBQUksQ0FBQyxTQUFTLENBQ3JELE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxFQUFFLGdCQUFnQixDQUFDLENBQ2hFLENBQUM7Z0JBQ0Ysa0JBQWtCLENBQUMsUUFBUSxHQUFHLE1BQU0sQ0FBQyxFQUFFLENBQUM7Z0JBRXhDLElBQUksb0JBQW9CLENBQUMsa0JBQWtCLEVBQUU7b0JBQzNDLGtCQUFrQixDQUFDLGlCQUFpQixHQUFHLElBQUksQ0FBQyxTQUFTLENBQ25ELE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FDL0IsZUFBZSxDQUFDLEdBQUcsRUFDbkIsb0JBQW9CLENBQUMsa0JBQWtCLENBQ3hDLENBQ0YsQ0FBQztpQkFDSDtnQkFFRCw4Q0FBOEM7Z0JBQzlDLGtDQUFrQyxDQUFDLFNBQVMsQ0FBQyxXQUFXLG1DQUNuRCxrQ0FBa0MsQ0FBQyxTQUFTLENBQUMsV0FBVyxLQUMzRCx5QkFBeUIsRUFDdkIsb0JBQW9CLENBQUMseUJBQXlCLEdBQ2pELENBQUM7YUFDSDtZQUVELG1DQUFtQztZQUNuQyxJQUFJLHlCQUF5QixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDbEUsbUJBQW1CLEVBQ25CLGtDQUFrQyxDQUNuQyxDQUFDO1lBRUYsMEVBQTBFO1lBQzFFLHlCQUF5QixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FDOUQsWUFBWSxDQUFDLEtBQUssRUFDbEIseUJBQXlCLENBQzFCLENBQUM7WUFFRixPQUFPLElBQUksVUFBVSxDQUFDO2dCQUNwQixRQUFRLEVBQUUsNkJBQTZCO2dCQUN2QyxTQUFTLEVBQUU7b0JBQ1QsS0FBSyxFQUFFO3dCQUNMLGFBQWE7d0JBQ2IsZ0JBQWdCLEVBQUUsS0FBSzt3QkFDdkIsU0FBUyxFQUFFLE9BQU8sQ0FBQyxFQUFFO3dCQUNyQixXQUFXLEVBQUUsU0FBUyxDQUFDLEVBQUU7d0JBQ3pCLHFDQUFxQzt3QkFDckMsY0FBYyxFQUFFLFlBQVksQ0FBQyxFQUFFO3dCQUMvQixpQkFBaUIsRUFBRSxlQUFlLENBQUMsRUFBRTt3QkFDckMsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxrQkFBa0IsQ0FBQzt3QkFDdEQscUJBQXFCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxxQkFBcUIsQ0FBQzt3QkFDNUQsc0VBQXNFO3dCQUV0RSwyQ0FBMkM7d0JBQzNDLHNFQUFzRTt3QkFDdEUsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxrQkFBa0IsQ0FBQzt3QkFDdEQsb0JBQW9CLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxvQkFBb0IsQ0FBQzt3QkFDMUQsc0NBQXNDO3dCQUN0Qyx5QkFBeUIsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUFDLHlCQUF5QixDQUFDO3dCQUNwRSxvQkFBb0IsRUFBRSxpQkFBaUI7d0JBQ3ZDLG9CQUFvQixFQUFFLGtCQUFrQjtxQkFDekM7aUJBQ0Y7YUFDRixDQUFDLENBQUM7UUFDTCxDQUFDO0tBQUE7SUFFRCxXQUFXLENBQUMsS0FBd0I7UUFDbEMsT0FBTyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxtQkFBbUIsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDO0lBQ3RELENBQUM7SUFFSyxtQkFBbUIsQ0FBQyxFQUN4QixhQUFhLEVBQ2Isc0JBQXNCLEVBQ3RCLHlCQUF5QixFQUN6QixvQkFBb0IsRUFDcEIsb0JBQW9CLEdBQ0Y7O1lBQ2xCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsY0FBYyxDQUFDO1lBQy9DLE1BQU0sU0FBUyxHQUFHLElBQUksQ0FBQyxVQUFVLENBQUMsZ0JBQWdCLENBQUM7WUFFbkQsNENBQTRDO1lBQzVDLE1BQU0sK0JBQStCLEdBQ25DLENBQUMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNuQyxPQUFPLENBQUMsR0FBRyxFQUNYLHNCQUFzQixDQUN2QixDQUFxQyxDQUFDO1lBRXpDLG9HQUFvRztZQUNwRyxNQUFNLDhCQUE4QixHQUFHLE1BQU0sSUFBSSxDQUFDLHFCQUFxQixDQUNyRSxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FBQywrQkFBK0IsQ0FBQyxLQUFLLENBQUMsRUFDcEUsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQUMsK0JBQStCLENBQUMsVUFBVSxDQUFDLEVBQ3pFLHlCQUF5QixDQUMxQixDQUFDO1lBRUYsNEVBQTRFO1lBQzVFLElBQ0UsK0JBQStCLENBQUMsS0FBSztnQkFDckMsOEJBQThCLENBQUMsS0FBSyxFQUNwQztnQkFDQSxNQUFNLElBQUksdUJBQXVCLENBQy9CLHVGQUF1RixDQUN4RixDQUFDO2FBQ0g7WUFFRCw4REFBOEQ7WUFDOUQsa0ZBQWtGO1lBQ2xGLDhGQUE4RjtZQUU5RiwrQ0FBK0M7WUFDL0MsdUVBQXVFO1lBQ3ZFLGlDQUFpQztZQUVqQyxxREFBcUQ7WUFDckQsTUFBTSxlQUFlLEdBQUcsSUFBSSxDQUFDLFVBQVUsQ0FBQyxhQUFhLENBQUM7WUFDdEQsTUFBTSxlQUFlLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQ25ELDhCQUE4QixDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQ2hELENBQUM7WUFDRixNQUFNLFlBQVksR0FBRyxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FDaEQsOEJBQThCLENBQUMsU0FBUyxDQUFDLEdBQUcsQ0FDN0MsQ0FBQztZQUVGLE1BQU0sa0JBQWtCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUMxRCxlQUFlLENBQUMsR0FBRyxFQUNuQixZQUFZLENBQUMsTUFBTSxFQUFFLENBQ3RCLENBQUM7WUFDRixNQUFNLHFCQUFxQixHQUFHLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLElBQUksQ0FDN0QsZUFBZSxDQUFDLEdBQUcsRUFDbkIsZUFBZSxDQUFDLE1BQU0sRUFBRSxDQUN6QixDQUFDO1lBRUYsTUFBTSxTQUFTLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQzdDLDhCQUE4QixDQUFDLFNBQVMsQ0FDekMsQ0FBQztZQUNGLE1BQU0sa0JBQWtCLEdBQUcsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUM3RCxPQUFPLENBQUMsR0FBRyxFQUNYLFNBQVMsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQ3ZCLENBQUM7WUFFRixNQUFNLFdBQVcsR0FBRyxNQUFNLGlCQUFpQixDQUFDLEtBQUssQ0FDL0MsOEJBQThCLENBQUMsV0FBVyxDQUMzQyxDQUFDO1lBQ0YsTUFBTSxvQkFBb0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQy9ELFNBQVMsQ0FBQyxHQUFHLEVBQ2IsV0FBVyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDekIsQ0FBQztZQUVGLElBQUksK0JBQStCLENBQUM7WUFDcEMsSUFBSSxvQkFBb0IsRUFBRTtnQkFDeEIsYUFBYTtnQkFDYixNQUFNLFdBQVcsR0FBRyxNQUFNLElBQUksQ0FBQyxVQUFVLENBQUMsU0FBUyxFQUFFLENBQUM7Z0JBRXRELCtCQUErQixHQUFHO29CQUNoQyxrQkFBa0IsRUFBRSxJQUFJLENBQUMsU0FBUyxDQUNoQyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQ2xDLE9BQU8sQ0FBQyxHQUFHLEVBQ1gsV0FBVyxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FDekIsQ0FDRjtvQkFDRCxxQkFBcUIsRUFBRSxPQUFPLENBQUMsRUFBRTtvQkFDakMsa0JBQWtCLEVBQUUsSUFBSSxDQUFDLFNBQVMsQ0FDaEMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsT0FBTyxDQUNsQyxXQUFXLEVBQ1gsb0JBQW9CLENBQUMsMkJBQTJCLENBQ2pELENBQ0Y7aUJBQ0YsQ0FBQzthQUNIO1lBRUQsd0RBQXdEO1lBQ3hELElBQUksK0JBQStCLENBQUM7WUFDcEMsSUFBSSxxQ0FBcUMsQ0FBQztZQUMxQyxJQUFJLCtCQUErQixDQUFDLG9CQUFvQixFQUFFO2dCQUN4RCx5R0FBeUc7Z0JBQ3pHLFdBQVc7Z0JBQ1gsTUFBTSw0QkFBNEIsR0FDaEMsK0JBQStCLENBQUMsb0JBQW9CLENBQUM7Z0JBQ3ZELE1BQU0sUUFBUSxHQUFHLE1BQU0sSUFBSSxDQUFDLFVBQVUsQ0FBQyxTQUFTLEVBQUUsQ0FBQztnQkFDbkQsTUFBTSxlQUFlLEdBQUcsTUFBTSxpQkFBaUIsQ0FBQyxLQUFLLENBQ25ELDhCQUE4QixDQUFDLFNBQVMsQ0FBQyxXQUFXLENBQUMsZUFBZSxDQUNyRSxDQUFDO2dCQUVGLE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxTQUFTLENBQ3BDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLFFBQVEsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FDekUsQ0FBQztnQkFFRix1REFBdUQ7Z0JBQ3ZELE1BQU0sd0JBQXdCLEdBQzVCLENBQUEsb0JBQW9CLGFBQXBCLG9CQUFvQix1QkFBcEIsb0JBQW9CLENBQUUsd0JBQXdCO29CQUM5Qyw0QkFBNEIsQ0FBQyx3QkFBd0IsQ0FBQztnQkFFeEQsTUFBTSxlQUFlLEdBQUcsd0JBQXdCO29CQUM5QyxDQUFDLENBQUMsTUFBTSxJQUFJLENBQUMsUUFBUSxDQUFDLGVBQWUsQ0FDakMsUUFBUSxFQUNSLHdCQUF3QixDQUN6QjtvQkFDSCxDQUFDLENBQUMsRUFBRSxDQUFDO2dCQUVQLCtCQUErQixHQUFHO29CQUNoQyxlQUFlO29CQUNmLGtCQUFrQixFQUFFLE9BQU8sQ0FBQyxFQUFFO29CQUM5QixlQUFlO2lCQUNoQixDQUFDO2dCQUVGLHFDQUFxQyxHQUFHO29CQUN0QyxRQUFRLEVBQUUsZUFBZSxDQUFDLEVBQUU7aUJBQzdCLENBQUM7Z0JBRUYsTUFBTSxnQkFBZ0IsR0FBRyxNQUFNLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxPQUFPLENBQzNELGVBQWUsRUFDZiw0QkFBNEIsQ0FBQyx5QkFBeUIsQ0FDdkQsQ0FBQztnQkFDRixxQ0FBcUMsQ0FBQyxtQkFBbUI7b0JBQ3ZELElBQUksQ0FBQyxTQUFTLENBQ1osTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsSUFBSSxDQUMvQixlQUFlLENBQUMsR0FBRyxFQUNuQixnQkFBZ0IsQ0FDakIsQ0FDRixDQUFDO2FBQ0w7WUFFRCxzR0FBc0c7WUFDdEcsbUNBQW1DO1lBRW5DLE9BQU8sSUFBSSxVQUFVLENBQUM7Z0JBQ3BCLFFBQVEsRUFBRSw4QkFBOEI7Z0JBQ3hDLFNBQVMsRUFBRTtvQkFDVCxLQUFLLEVBQUU7d0JBQ0wsYUFBYTt3QkFDYixTQUFTLEVBQUUsT0FBTyxDQUFDLEVBQUU7d0JBQ3JCLFdBQVcsRUFBRSxTQUFTLENBQUMsRUFBRTt3QkFDekIsaUJBQWlCLEVBQUUsZUFBZSxDQUFDLEVBQUU7d0JBQ3JDLGtCQUFrQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsa0JBQWtCLENBQUM7d0JBQ3RELHFCQUFxQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMscUJBQXFCLENBQUM7d0JBQzVELGtCQUFrQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsa0JBQWtCLENBQUM7d0JBQ3RELG9CQUFvQixFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsb0JBQW9CLENBQUM7d0JBQzFELDBCQUEwQixFQUFFLCtCQUErQjt3QkFDM0QsMEJBQTBCLEVBQUUsK0JBQStCO3dCQUMzRCxnQ0FBZ0MsRUFDOUIscUNBQXFDO3FCQUN4QztpQkFDRjthQUNGLENBQUMsQ0FBQztRQUNMLENBQUM7S0FBQTtDQUNGLENBQUE7OztZQXh1QkEsVUFBVSxTQUFDO2dCQUNWLFVBQVUsRUFBRSxNQUFNO2FBQ25COzs7WUF6SjhCLE1BQU07WUFBaEIsUUFBUTtZQWFwQixpQkFBaUI7WUFFakIsVUFBVTtZQUxqQixpQkFBaUI7WUFJVixlQUFlOztBQTRJWCxtQkFBbUI7SUFOL0IsaUJBQWlCLENBQUM7UUFDakIsVUFBVSxFQUFFLFFBQVE7S0FDckIsQ0FBQztHQUlXLG1CQUFtQixDQXF1Qi9CO1NBcnVCWSxtQkFBbUIiLCJzb3VyY2VzQ29udGVudCI6WyJpbXBvcnQgeyBJbmplY3RhYmxlLCBJbmplY3RvciwgTmdab25lIH0gZnJvbSAnQGFuZ3VsYXIvY29yZSc7XG5pbXBvcnQgeyBKV0sgfSBmcm9tICdub2RlLWpvc2UnO1xuaW1wb3J0IHsgTHJNdXRhdGlvbiwgTHJTZXJ2aWNlIH0gZnJvbSAnLi4vYXBpL2xyLWdyYXBocWwnO1xuaW1wb3J0IHtcbiAgQ29udGFjdENhcmRTaGFyZWRDaXBoZXJEYXRhLFxuICBKU09OT2JqZWN0LFxuICBPdEtleUNpcGhlckNsZWFySnNvbjIsXG59IGZyb20gJy4uL2FwaS90eXBlcyc7XG5pbXBvcnQgeyBPd25lclBsYWluRGF0YUpzb24gfSBmcm9tICcuLi9jb250YWN0LWNhcmQvY29udGFjdC1jYXJkMi5zZXJ2aWNlJztcbmltcG9ydCB7XG4gIEVuY3J5cHRpb25TZXJ2aWNlLFxuICBKb3NlU2VyaWFsaXphdGlvbixcbn0gZnJvbSAnLi4vZW5jcnlwdGlvbi9lbmNyeXB0aW9uLnNlcnZpY2UnO1xuaW1wb3J0IHsgS2V5RmFjdG9yeVNlcnZpY2UgfSBmcm9tICcuLi9rZXkva2V5LWZhY3Rvcnkuc2VydmljZSc7XG5pbXBvcnQgeyBLZXlHcmFwaFNlcnZpY2UgfSBmcm9tICcuLi9rZXkva2V5LWdyYXBoLnNlcnZpY2UnO1xuaW1wb3J0IHsgS2V5U2VydmljZSB9IGZyb20gJy4uL2tleS9rZXkuc2VydmljZSc7XG5pbXBvcnQgeyBLY0NvZGVNaXNtYXRjaEV4Y2VwdGlvbiB9IGZyb20gJy4uL19jb21tb24vZXhjZXB0aW9ucyc7XG5pbXBvcnQgeyBSdW5PdXRzaWRlQW5ndWxhciB9IGZyb20gJy4uL19jb21tb24vcnVuLW91dHNpZGUtYW5ndWxhcic7XG5pbXBvcnQge1xuICBDYW5jZWxLZXlFeGNoYW5nZU11dGF0aW9uLFxuICBDb21wbGV0ZUtleUV4Y2hhbmdlT3RrTXV0YXRpb24sXG4gIEN1cnJlbnRVc2VyU2hhcmVkS2V5UXVlcnkyLFxuICBEZWNsaW5lS2V5RXhjaGFuZ2VNdXRhdGlvbixcbiAgSW5pdGlhdGVLZXlFeGNoYW5nZU90a011dGF0aW9uLFxuICBLZXlFeGNoYW5nZUZyYWdtZW50LFxuICBLZXlFeGNoYW5nZVF1ZXJ5MixcbiAgS2V5RXhjaGFuZ2VzUXVlcnkyLFxuICBLZXlFeGNoYW5nZVN0YXRlMixcbiAgS2V5RXhjaGFuZ2VUb2tlblF1ZXJ5MixcbiAgUmVzcG9uZEtleUV4Y2hhbmdlT3RrTXV0YXRpb24sXG59IGZyb20gJy4va2V5LWV4Y2hhbmdlMi5ncWwnO1xuXG4vKipcbiAqIFRoZSBkZWNyeXB0ZWQgY29udGVudCBvZiB0aGUgb25lLXRpbWUga2V5IGNpcGhlcjtcbiAqIFdoZW4gdXNlciBzdXBwbGllcyB0aGlzIGluZm9ybWF0aW9uIHRoZSBsaWIgZG9lc24ndCBuZWVkIHRvIGRvIGFub3RoZXIgQVBJIGNhbGxcbiAqIHRvIGZldGNoIHRoZSBrZXkgZXhjaGFuZ2Ugbm9kZS4gQW5kIHNpbmNlIHRoZSB0eXBpY2FsIHVzZSBjYXNlIGlzIHRvIGRpc3BsYXlcbiAqIHNvbWUgaW5mb3JtYXRpb24gdG8gdGhlIHVzZXIsIHRoZSBrZXkgZXhjaGFuZ2Ugbm9kZSB3b3VsZCBhbHJlYWR5IGhhdmUgYmVlblxuICogZmV0Y2hlZCBhbmQgZGVjcnlwdGVkLlxuICovXG5leHBvcnQgaW50ZXJmYWNlIERlY3J5cHRlZE90azIge1xuICBvdEtleUNpcGhlckNsZWFySnNvbjogT3RLZXlDaXBoZXJDbGVhckpzb24yO1xuICBvdEtleTogSldLLktleTsgLy8gVGhlIG9uZS10aW1lIGtleVxufVxuXG5leHBvcnQgaW50ZXJmYWNlIENvbnRhY3RDYXJkUmVjZWl2ZXJDaXBoZXJEYXRhIHtcbiAgLy8gVGhlIHJlY2VpdmVyIG9mIHRoZSBjb250YWN0IGNhcmQga2VlcHMgYSBjb3B5XG4gIC8vIG9mIHRoZSBvd25lcidzIGNvbnRhY3QgY2FyZCBpbmZvcm1hdGlvbiwgZW5jcnlwdGVkIHVzaW5nIHRoZSByZWNlaXZlcidzIGtleXMuIFNvIHRoYXQgd2hlblxuICAvLyB0aGUgb3duZXIgZGVjaWRlcyB0byB1cGRhdGUgdGhlaXIgc2hhcmVkIGNvbnRhY3QgY2FyZCBhdCBhIGxhdGVyIGRhdGUsIHRoZSByZWNlaXZlciBjYW5cbiAgLy8gY29tcGFyZSBhZ2FpbnN0IHRoZSBvcmlnaW5hbCBjb250YWN0IGNhcmQgc2VudCBkdXJpbmcga2V5IGV4Y2hhbmdlLiBUaGlzIHdheSwgdGhlIG93bmVyXG4gIC8vIGNhbid0IHVuaWxhdGVyYWxseSB1cGRhdGUgdGhlaXIgc2hhcmVkIGNvbnRhY3QgY2FyZCB3aXRob3V0IHRoZSByZWNlaXZlciBrbm93aW5nIGFib3V0IGl0LlxuICByZWNlaXZlckNpcGhlckRhdGFDbGVhckpzb246IEpTT05PYmplY3Q7XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgQ29udGFjdENhcmRPd25lclBsYWluRGF0YSB7XG4gIC8vIEFjY2Vzc2libGUgYnkgdGhlIHNlcnZlciBhbmQgdGhlIG93bmVyLiBTZXJ2ZXIgc2lkZSBub3RpZmljYXRpb24gZW1haWxzIG5lZWQgdG8ga25vdyBzb21lXG4gIC8vIGluZm9ybWF0aW9uIGFib3V0IHRoZSBvd25lci5cbiAgLy8gVGhlIG93bmVyIGNvdWxkIGVpdGhlciBiZSB0aGUgaW5pdGlhdG9yIG9yIHRoZSByZXNwb25kZXIuXG4gIG93bmVyUGxhaW5EYXRhSnNvbjogT3duZXJQbGFpbkRhdGFKc29uO1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIENvbnRhY3RDYXJkT3duZXJDaXBoZXJEYXRhIHtcbiAgLy8gT3duZXIgb25seSBhY2Nlc3MgdG8gdGhpcyBkYXRhXG4gIG93bmVyQ2lwaGVyRGF0YUNsZWFySnNvbjogSlNPTk9iamVjdDtcbn1cblxuLyoqXG4gKiBTZW5kaW5nIGNvbnRhY3QgY2FyZCBpbmZvcm1hdGlvbiBmcm9tIHRoZSBvd25lciB0byB0aGUgcmVjZWl2ZXIuXG4gKi9cbmV4cG9ydCB0eXBlIFNlbmRDb250YWN0Q2FyZElucHV0ID0gQ29udGFjdENhcmRPd25lclBsYWluRGF0YSAmXG4gIENvbnRhY3RDYXJkT3duZXJDaXBoZXJEYXRhICZcbiAgQ29udGFjdENhcmRTaGFyZWRDaXBoZXJEYXRhO1xuXG5leHBvcnQgaW50ZXJmYWNlIEluaXRpYXRlT3RrSW5wdXQyIHtcbiAgLy8gTm90ZSB0aGF0IGlmIG5laXRoZXIgZW1haWwgbm9yIHJlc3BvbmRlclVzZXJuYW1lIGFyZSBnaXZlbiwgdGhlIG9uZS10aW1lIGtleVxuICAvLyBjYW4gc3RpbGwgYmUgc2VudCB0byB0aGUgcmVzcG9uZGVyIHZpYSBPT0JcbiAgZW1haWw/OiBzdHJpbmc7XG4gIG1lc3NhZ2U/OiBKU09OT2JqZWN0O1xuICBjb250YWN0Q2FyZD86IFNlbmRDb250YWN0Q2FyZElucHV0O1xuICAvLyBJZiBUcnVlLCB0byB1cGdyYWRlIGFuIGVtYWlsIGludml0ZSB0byBhbiBleGlzdGluZyB1c2VyIGludml0ZSBpZiB0aGUgZW1haWxcbiAgLy8gaXMgYWxyZWFkeSBhc3NvY2lhdGVkIHdpdGggYW4gZXhpc3RpbmcgdXNlci5cbiAgdXBncmFkZT86IGJvb2xlYW47XG59XG5cbmV4cG9ydCBpbnRlcmZhY2UgUmVzcG9uZE90a0lucHV0MiB7XG4gIGtleUV4Y2hhbmdlSWQ6IHN0cmluZztcbiAgdG9rZW46IHN0cmluZztcbiAgZGVjcnlwdGVkT3RrOiBEZWNyeXB0ZWRPdGsyO1xuICBtZXNzYWdlPzogSlNPTk9iamVjdDtcbiAgLy8gVGhlIGluaXRpYXRvciBpcyB0aGUgb3duZXIgZm8gdGhlIGluaXRpYXRvckNvbnRhY3RDYXJkLCB0aGUgcmVzcG9uZGVyXG4gIC8vIGlzIHRoZSByZWNlaXZlci5cbiAgaW5pdGlhdG9yQ29udGFjdENhcmQ/OiBDb250YWN0Q2FyZFJlY2VpdmVyQ2lwaGVyRGF0YTtcbiAgcmVzcG9uZGVyQ29udGFjdENhcmQ/OiBTZW5kQ29udGFjdENhcmRJbnB1dDtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBDb21wbGV0ZU90a0lucHV0MiB7XG4gIGtleUV4Y2hhbmdlSWQ6IHN0cmluZztcbiAgLy8gVGhpcyBpcyBhIHBhcnQgb2YgdGhlIGtleSBleGNoYW5nZSBkYXRhLiBJdCdzIGVuY3J5cHRlZCB1c2luZyB0aGUgcm9vdCBrZXlcbiAgaW5pdGlhdG9yUm9vdEtleUNpcGhlcjogc3RyaW5nO1xuICAvLyBUaGlzIGlzIGEgcGFydCBvZiB0aGUga2V5IGV4Y2hhbmdlIGRhdGEuIEl0J3MgZW5jcnlwdGVkIHVzaW5nIHRoZSBvbmUtdGltZSBrZXkuXG4gIGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXI6IHN0cmluZztcbiAgLy8gVGhlIHJlc3BvbmRlciBpcyB0aGUgb3duZXIgZm8gdGhlIHJlc3BvbmRlckNvbnRhY3RDYXJkLCB0aGUgaW5pdGlhdG9yXG4gIC8vIGlzIHRoZSByZWNlaXZlci5cbiAgcmVzcG9uZGVyQ29udGFjdENhcmQ/OiBDb250YWN0Q2FyZFJlY2VpdmVyQ2lwaGVyRGF0YTtcbiAgLy8gVGhlIGluaXRpYXRvciBjYW4gdXBkYXRlIHRoZSBjaXBoZXIgZGF0YSB0aGF0IGFyZSBvbmx5IHZpc2libGUgdG8gdGhlbS4gSXQgbWFrZXNcbiAgLy8gbGVzcyBzZW5zZSB0byB1cGRhdGUgdGhlIHNoYXJlZCBkYXRhIGJlY2F1c2UgdGhlIHJlc3BvbmRlciB3b3VsZCBoYXZlIGFscmVhZHkgc2VlblxuICAvLyB0aGUgc2hhcmVkIGRhdGEgYW5kIGFjY2VwdGVkIHRoYXQgaXQncyBsZWdpdC5cbiAgLy8gQnV0IGluIGFueSBjYXNlLCB0aGUgaW5pdGlhdG9yIGNhbiB1cGRhdGUgdGhlIHNoYXJlZCBjb250YWN0IGNhcmQgaW5mbyBhdCBhbnkgdGltZS5cbiAgaW5pdGlhdG9yQ29udGFjdENhcmQ/OiBDb250YWN0Q2FyZE93bmVyQ2lwaGVyRGF0YTtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBJbml0aWF0b3JSb290S2V5Q2lwaGVyQ2xlYXJKc29uMiB7XG4gIG5vbmNlOiBzdHJpbmc7XG4gIG9uZVRpbWVQcms6IFJlY29yZDxzdHJpbmcsIEpTT05PYmplY3Q+OyAvLyBvbmUtdGltZSBwdWJsaWMgZW5jcnlwdGlvbiBrZXkgcmVzcG9uZGVyIHVzZSB0byBzZW5kIGRhdGEgYmFjayB0byBpbml0aWF0b3JcbiAgb3RLZXk6IFJlY29yZDxzdHJpbmcsIEpTT05PYmplY3Q+OyAvLyBvbmUtdGltZSBzeW1tZXRyaWMga2V5IHRoYXQgbmVlZHMgdG8gYmUgc2hhcmVkIE9PQlxuICBpbml0aWF0b3JDb250YWN0Q2FyZD86IENvbnRhY3RDYXJkT3duZXJDaXBoZXJEYXRhICZcbiAgICBDb250YWN0Q2FyZFNoYXJlZENpcGhlckRhdGE7XG4gIGluaXRpYXRvcjoge1xuICAgIG1lc3NhZ2U/OiBKU09OT2JqZWN0O1xuICAgIGNvbnRhY3RDYXJkPzogQ29udGFjdENhcmRTaGFyZWRDaXBoZXJEYXRhO1xuICB9O1xufVxuXG5leHBvcnQgaW50ZXJmYWNlIEluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJDbGVhckpzb24ge1xuICBub25jZTogc3RyaW5nO1xuICBzaGFyZWRLZXk6IFJlY29yZDxzdHJpbmcsIEpTT05PYmplY3Q+O1xuICBta1NoYXJlZEtleTogUmVjb3JkPHN0cmluZywgSlNPTk9iamVjdD47XG4gIHJlc3BvbmRlcjoge1xuICAgIHBiazogUmVjb3JkPHN0cmluZywgSlNPTk9iamVjdD47XG4gICAgc2lnUGJrOiBSZWNvcmQ8c3RyaW5nLCBKU09OT2JqZWN0PjtcbiAgICBtZXNzYWdlPzogSlNPTk9iamVjdDtcbiAgICBjb250YWN0Q2FyZD86IENvbnRhY3RDYXJkU2hhcmVkQ2lwaGVyRGF0YSAmIHtcbiAgICAgIC8vIE5vdGUgdGhhdCB0aGlzIGlzIF9ub3RfIHRoZSBzYW1lIGtleSBhcyB0aGUgc2hhcmVkS2V5LiBUaGUgc2hhcmVkS2V5IHdyYXBzXG4gICAgICAvLyB0aGlzIGtleSBpbiB0aGUga2V5IGdyYXBoLiBCdXQgYmVjYXVzZSB0aGlzIGtleSBoYXMgbm90IGJlZW4gZW50ZXJlZCBpbnRvXG4gICAgICAvLyB0aGUga2V5IGdyYXBoIHdoZW4gdGhlIHJlc3BvbmRlciBjYWxscyB0aGUgQVBJLCB3ZSBwYXNzIHRoZSBKV0sgZGlyZWN0bHkgaGVyZS5cbiAgICAgIHNoYXJlZENpcGhlcktleTogUmVjb3JkPHN0cmluZywgSlNPTk9iamVjdD47XG4gICAgfTtcbiAgfTtcbn1cblxuZXhwb3J0IGludGVyZmFjZSBHZXRLZXlFeGNoYW5nZU9wdGlvbnMyIHtcbiAgLy8gVGhlIG90S2V5IGFzIGEgcmF3IHN0cmluZy4gaS5lLiBrZXkudG9KU09OKHRydWUpLmtcbiAgb3RLZXlLPzogc3RyaW5nO1xuICAvLyBVc2VyIG5lZWQgdGhlIHRva2VuIGlmIHRoZXkgaGF2ZSBub3QgcmVzcG9uZGVkIHRvIHRoZSBrZXkgZXhjaGFuZ2UgeWV0LlxuICAvLyBPbmNlIHRoZXkndmUgcmVzcG9uZGVkIChoZW5jZSBwcm92ZW4gdGhleSBoYXZlIHRoZSBPT0IgS2V5KSB0aGV5IGJlY29tZVxuICAvLyB0aGUgXCJyZXNwb25kZXJcIiBvZiB0aGlzIGV4Y2hhbmdlLCBhbmQgY2FuIGFjY2VzcyBpdCB3aGVuIHNpZ25lZCBpbi5cbiAgdG9rZW4/OiBzdHJpbmc7XG59XG5cbkBSdW5PdXRzaWRlQW5ndWxhcih7XG4gIG5nWm9uZU5hbWU6ICduZ1pvbmUnLFxufSlcbkBJbmplY3RhYmxlKHtcbiAgcHJvdmlkZWRJbjogJ3Jvb3QnLFxufSlcbmV4cG9ydCBjbGFzcyBLZXlFeGNoYW5nZTJTZXJ2aWNlIGV4dGVuZHMgTHJTZXJ2aWNlIHtcbiAgcHJpdmF0ZSByZWFkb25seSBDTElFTlRfTk9OQ0VfTEVOR1RIID0gMzI7XG5cbiAgY29uc3RydWN0b3IoXG4gICAgcHJpdmF0ZSBuZ1pvbmU6IE5nWm9uZSxcbiAgICBwcml2YXRlIGluamVjdG9yOiBJbmplY3RvcixcbiAgICBwcml2YXRlIGtleUZhY3Rvcnk6IEtleUZhY3RvcnlTZXJ2aWNlLFxuICAgIHByaXZhdGUga2V5U2VydmljZTogS2V5U2VydmljZSxcbiAgICBwcml2YXRlIGVuY3J5cHRpb25TZXJ2aWNlOiBFbmNyeXB0aW9uU2VydmljZSxcbiAgICBwcml2YXRlIGtleUdyYXBoOiBLZXlHcmFwaFNlcnZpY2VcbiAgKSB7XG4gICAgc3VwZXIoaW5qZWN0b3IpO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBnZXRPdEtleShcbiAgICBrZXlFeGNoYW5nZTogS2V5RXhjaGFuZ2VGcmFnbWVudCxcbiAgICBvdEtleUs/OiBzdHJpbmdcbiAgKTogUHJvbWlzZTxKV0suS2V5PiB7XG4gICAgaWYgKG90S2V5Sykge1xuICAgICAgcmV0dXJuIGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KHtcbiAgICAgICAgLi4uSlNPTi5wYXJzZShrZXlFeGNoYW5nZS5vdGsub3RLZXlQYXJhbXMpLFxuICAgICAgICBrOiBvdEtleUssXG4gICAgICB9KTtcbiAgICB9IGVsc2UgaWYgKFxuICAgICAga2V5RXhjaGFuZ2Uub3RrLnN0YXRlID09PSAnT1RLX0lOSVRJQVRFRCcgJiZcbiAgICAgICFrZXlFeGNoYW5nZS5pc0luaXRpYXRvciAmJlxuICAgICAga2V5RXhjaGFuZ2Uub3RrLnJlc3BvbmRlclBia0NpcGhlclxuICAgICkge1xuICAgICAgLy8gQXNzdW1pbmcgZXhpc3RpbmcgdXNlciBnZXR0aW5nIGludml0ZWQgd2hlcmUgT1RLIGlzIHdyYXBwZWQgaW4gcmVzcG9uZGVyJ3MgcHVibGljIGtleS5cbiAgICAgIGNvbnN0IHByayA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50UHhrO1xuICAgICAgY29uc3QgZGVjcnlwdGVkQ2lwaGVyID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICBwcmsuandrLFxuICAgICAgICBKU09OLnBhcnNlKGtleUV4Y2hhbmdlLm90ay5yZXNwb25kZXJQYmtDaXBoZXIpLFxuICAgICAgICB7XG4gICAgICAgICAgc2VyaWFsaXphdGlvbnM6IFtKb3NlU2VyaWFsaXphdGlvbi5DT01QQUNUXSxcbiAgICAgICAgfVxuICAgICAgKTtcbiAgICAgIGlmIChkZWNyeXB0ZWRDaXBoZXIub3RLZXkpIHtcbiAgICAgICAgcmV0dXJuIGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGRlY3J5cHRlZENpcGhlci5vdEtleSk7XG4gICAgICB9XG4gICAgfVxuICAgIHJldHVybiBudWxsO1xuICB9XG5cbiAgcHJpdmF0ZSBhc3luYyBkZWNyeXB0T3RrKFxuICAgIGtleUV4Y2hhbmdlOiBLZXlFeGNoYW5nZUZyYWdtZW50LFxuICAgIG90S2V5Sz86IHN0cmluZ1xuICApOiBQcm9taXNlPEtleUV4Y2hhbmdlRnJhZ21lbnQ+IHtcbiAgICBjb25zdCBvdEtleSA9IGF3YWl0IHRoaXMuZ2V0T3RLZXkoa2V5RXhjaGFuZ2UsIG90S2V5Syk7XG5cbiAgICBsZXQgb3RrID0ga2V5RXhjaGFuZ2Uub3RrO1xuXG4gICAgaWYgKG90S2V5ICYmIG90ay5vdEtleUNpcGhlcikge1xuICAgICAgb3RrID0ge1xuICAgICAgICAuLi5vdGssXG4gICAgICAgIG90S2V5LFxuICAgICAgICBvdEtleUNpcGhlckNsZWFySnNvbjogYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICAgIG90S2V5LFxuICAgICAgICAgIGtleUV4Y2hhbmdlLm90ay5vdEtleUNpcGhlclxuICAgICAgICApLFxuICAgICAgfTtcbiAgICB9XG5cbiAgICByZXR1cm4ge1xuICAgICAgLi4ua2V5RXhjaGFuZ2UsXG4gICAgICBvdGssXG4gICAgfTtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgZGVjcnlwdFJlc3BvbnNlQ2lwaGVyKFxuICAgIG90S2V5OiBKV0suS2V5LFxuICAgIG90UHJrOiBKV0suS2V5LFxuICAgIGNvbnRlbnQ6IEpTT05PYmplY3RcbiAgKTogUHJvbWlzZTxJbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uPiB7XG4gICAgLy8gVGhlIHJlc3BvbnNlIGNvdWxkIGJlIHdyYXBwZWQgYnkgdGhlIE90SyBpbiBhZGRpdGlvbiB0byB0aGUgT3RQYmtcbiAgICB0cnkge1xuICAgICAgY29udGVudCA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZGVjcnlwdChvdEtleSwgY29udGVudCk7XG4gICAgfSBjYXRjaCAoZXJyb3IpIHtcbiAgICAgIGlmIChlcnJvci5tZXNzYWdlICE9PSAnbm8ga2V5IGZvdW5kJykge1xuICAgICAgICB0aHJvdyBlcnJvcjtcbiAgICAgIH1cbiAgICAgIC8vIERvIG5vdGhpbmcgdG8gc3VwcG9ydCBvbGRlciB2ZXJzaW9ucyB3aGVyZSBtZXNzYWdlIGlzIG5vdCB3cmFwcGVkIHdpdGggb3RrLlxuICAgIH1cblxuICAgIC8vIFRoZSBQcmsgaXMgc2luZ2xlLXVzZSBhbmQgb25seSB1c2VkIHRvIHNlbmQgaW5mb3JtYXRpb24gZnJvbSB0aGUgcmVzcG9uZGVyIGJhY2sgdG8gdGhlIGluaXRpYXRvci5cbiAgICByZXR1cm4gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KG90UHJrLCBjb250ZW50KTtcbiAgfVxuXG4gIHByaXZhdGUgYXN5bmMgZGVjcnlwdEtleUV4Y2hhbmdlQXNJbml0aWF0b3IoXG4gICAga2V5RXhjaGFuZ2U6IEtleUV4Y2hhbmdlRnJhZ21lbnRcbiAgKTogUHJvbWlzZTxLZXlFeGNoYW5nZUZyYWdtZW50PiB7XG4gICAgY29uc3Qgcm9vdEtleSA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50Um9vdEtleTtcblxuICAgIC8vIERlY3J5cHQgdXNpbmcgdGhlIHJvb3Qga2V5IHRvIGdldCB0aGUgUHJrXG4gICAgY29uc3QgaW5pdGlhdG9yUm9vdEtleUNpcGhlckNsZWFySnNvbiA9XG4gICAgICAoYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5kZWNyeXB0KFxuICAgICAgICByb290S2V5Lmp3ayxcbiAgICAgICAga2V5RXhjaGFuZ2UuaW5pdGlhdG9yUm9vdEtleUNpcGhlclxuICAgICAgKSkgYXMgSW5pdGlhdG9yUm9vdEtleUNpcGhlckNsZWFySnNvbjI7XG5cbiAgICBjb25zdCBvdEtleSA9IGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KFxuICAgICAgaW5pdGlhdG9yUm9vdEtleUNpcGhlckNsZWFySnNvbi5vdEtleVxuICAgICk7XG5cbiAgICBrZXlFeGNoYW5nZSA9IHtcbiAgICAgIC4uLmtleUV4Y2hhbmdlLFxuICAgICAgaW5pdGlhdG9yUm9vdEtleUNpcGhlckNsZWFySnNvbixcbiAgICB9O1xuXG4gICAgbGV0IG90ayA9IGtleUV4Y2hhbmdlLm90aztcblxuICAgIGlmIChvdGsuaW5pdGlhdG9yT25lVGltZVBia0NpcGhlcikge1xuICAgICAgb3RrID0ge1xuICAgICAgICAuLi5vdGssXG4gICAgICAgIGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJDbGVhckpzb246IGF3YWl0IHRoaXMuZGVjcnlwdFJlc3BvbnNlQ2lwaGVyKFxuICAgICAgICAgIG90S2V5LFxuICAgICAgICAgIGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KFxuICAgICAgICAgICAgaW5pdGlhdG9yUm9vdEtleUNpcGhlckNsZWFySnNvbi5vbmVUaW1lUHJrXG4gICAgICAgICAgKSxcbiAgICAgICAgICBvdGsuaW5pdGlhdG9yT25lVGltZVBia0NpcGhlclxuICAgICAgICApLFxuICAgICAgfTtcbiAgICB9XG5cbiAgICBpZiAob3RrLm90S2V5Q2lwaGVyKSB7XG4gICAgICBvdGsub3RLZXlDaXBoZXJDbGVhckpzb24gPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXG4gICAgICAgIG90S2V5LFxuICAgICAgICBvdGsub3RLZXlDaXBoZXJcbiAgICAgICk7XG4gICAgfVxuXG4gICAgcmV0dXJuIHtcbiAgICAgIC4uLmtleUV4Y2hhbmdlLFxuICAgICAgb3RrLFxuICAgIH07XG4gIH1cblxuICBwcml2YXRlIGFzeW5jIGRlY3J5cHRLZXlFeGNoYW5nZUFzUmVzcG9uZGVyKFxuICAgIGtleUV4Y2hhbmdlOiBLZXlFeGNoYW5nZUZyYWdtZW50LFxuICAgIG90S2V5Sz86IHN0cmluZ1xuICApIHtcbiAgICByZXR1cm4gdGhpcy5kZWNyeXB0T3RrKGtleUV4Y2hhbmdlLCBvdEtleUspO1xuICB9XG5cbiAgYXN5bmMgZGVjcnlwdEtleUV4Y2hhbmdlKGtleUV4Y2hhbmdlOiBLZXlFeGNoYW5nZUZyYWdtZW50LCBvdEtleUs/OiBzdHJpbmcpIHtcbiAgICBpZiAoa2V5RXhjaGFuZ2UuaXNJbml0aWF0b3IpIHtcbiAgICAgIHJldHVybiB0aGlzLmRlY3J5cHRLZXlFeGNoYW5nZUFzSW5pdGlhdG9yKGtleUV4Y2hhbmdlKTtcbiAgICB9IGVsc2Uge1xuICAgICAgcmV0dXJuIHRoaXMuZGVjcnlwdEtleUV4Y2hhbmdlQXNSZXNwb25kZXIoa2V5RXhjaGFuZ2UsIG90S2V5Syk7XG4gICAgfVxuICB9XG5cbiAgYXN5bmMgZ2V0S2V5RXhjaGFuZ2VzKHsgc3RhdGUgfTogeyBzdGF0ZT86IEtleUV4Y2hhbmdlU3RhdGUyIH0gPSB7fSkge1xuICAgIGNvbnN0IHsga2V5RXhjaGFuZ2VzIH0gPSBhd2FpdCB0aGlzLnF1ZXJ5KHtcbiAgICAgIHF1ZXJ5OiBLZXlFeGNoYW5nZXNRdWVyeTIsXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgc3RhdGUsXG4gICAgICB9LFxuICAgIH0pO1xuXG4gICAgcmV0dXJuIFByb21pc2UuYWxsKFxuICAgICAga2V5RXhjaGFuZ2VzLmVkZ2VzLm1hcCgoZWRnZSkgPT4gdGhpcy5kZWNyeXB0S2V5RXhjaGFuZ2UoZWRnZS5ub2RlKSlcbiAgICApO1xuICB9XG5cbiAgLyoqXG4gICAqIEBwYXJhbSBpZCBJZiB0aGUgY3VycmVudCB1c2VyIGNhbiByZXNwb25kZXIgdGhlIGtleSBleGNoYW5nZSBpZiB0aGV5IGFyZSBlaXRoZXIgdGhlIGluaXRpYXRvciBvciB0aGUgcmVjZWl2ZXIuXG4gICAqIEBwYXJhbSB0b2tlbiBJZiBub3Qgc2lnbmVkIGluLCBvciBub3QgdGhlIGluaXRpYXRvciBvciByZXNwb25kZXIsICd0b2tlbicgbXVzdCBiZSBnaXZlbi5cbiAgICogQHBhcmFtIG90S2V5SyBJcyB0aGUgcmF3IG9uZS10aW1lIGtleSAoc3RyaW5nKS4gSWYgdGhlIHJlc3BvbmRlciBpcyBleHBsaWNpdGx5IHNwZWNpZmllZCBhdCB0aW1lIG9mIGluaXRpYXRpb24sIHRoZW5cbiAgICogICBpdCdzIHBvc3NpYmxlIHRvIGhhdmUgdGhlIG90S2V5IHdyYXBwZWQgYnkgdGhlIHB1YmxpYyBrZXkgb2YgdGhlIHJlc3BvbmRlci4gSW4gd2hpY2ggY2FzZSwgdGhlIG90S2V5SyBpcyBub3QgbmVlZGVkLlxuICAgKi9cbiAgYXN5bmMgZ2V0S2V5RXhjaGFuZ2UoXG4gICAgaWQ6IHN0cmluZyxcbiAgICB7IG90S2V5SywgdG9rZW4gfTogR2V0S2V5RXhjaGFuZ2VPcHRpb25zMiA9IHt9XG4gICkge1xuICAgIGNvbnN0IHJlcyA9IGF3YWl0IHRoaXMucXVlcnkoe1xuICAgICAgcXVlcnk6IHRva2VuID8gS2V5RXhjaGFuZ2VUb2tlblF1ZXJ5MiA6IEtleUV4Y2hhbmdlUXVlcnkyLFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlkLFxuICAgICAgICB0b2tlbixcbiAgICAgIH0sXG4gICAgICBpbmNsdWRlS2V5R3JhcGg6ICF0b2tlbiwgLy8gaWYgIXRva2VuIHRoZW4gd2UgYXJlIHBvc3QgYXV0aCwgc28gY2FuIGZldGNoIGtleUdyYXBoXG4gICAgfSk7XG4gICAgcmV0dXJuIHRoaXMuZGVjcnlwdEtleUV4Y2hhbmdlKHJlcy5rZXlFeGNoYW5nZSwgb3RLZXlLKTtcbiAgfVxuXG4gIHB1YmxpYyBhc3luYyBnZXRDdXJyZW50VXNlclNoYXJlZEtleShpbnB1dDoge1xuICAgIHVzZXJuYW1lPzogc3RyaW5nO1xuICAgIHVzZXJJZD86IHN0cmluZztcbiAgfSkge1xuICAgIHJldHVybiB0aGlzLnF1ZXJ5KHtcbiAgICAgIHF1ZXJ5OiBDdXJyZW50VXNlclNoYXJlZEtleVF1ZXJ5MixcbiAgICAgIHZhcmlhYmxlczoge1xuICAgICAgICB1c2VybmFtZTogaW5wdXQudXNlcm5hbWUsXG4gICAgICAgIHVzZXJJZDogaW5wdXQudXNlcklkLFxuICAgICAgfSxcbiAgICB9KTtcbiAgfVxuXG4gIGNhbmNlbEtleUV4Y2hhbmdlKGlkOiBzdHJpbmcpIHtcbiAgICByZXR1cm4gdGhpcy5tdXRhdGUodGhpcy5jYW5jZWxLZXlFeGNoYW5nZU11dGF0aW9uKGlkKSk7XG4gIH1cblxuICBjYW5jZWxLZXlFeGNoYW5nZU11dGF0aW9uKGlkOiBzdHJpbmcpIHtcbiAgICByZXR1cm4gbmV3IExyTXV0YXRpb24oe1xuICAgICAgbXV0YXRpb246IENhbmNlbEtleUV4Y2hhbmdlTXV0YXRpb24sXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBpZCxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cblxuICBkZWNsaW5lS2V5RXhjaGFuZ2UoaWQ6IHN0cmluZywgdG9rZW46IHN0cmluZykge1xuICAgIHJldHVybiB0aGlzLm11dGF0ZSh0aGlzLmRlY2xpbmVLZXlFeGNoYW5nZU11dGF0aW9uKGlkLCB0b2tlbikpO1xuICB9XG5cbiAgZGVjbGluZUtleUV4Y2hhbmdlTXV0YXRpb24oaWQ6IHN0cmluZywgdG9rZW46IHN0cmluZykge1xuICAgIHJldHVybiBuZXcgTHJNdXRhdGlvbih7XG4gICAgICBtdXRhdGlvbjogRGVjbGluZUtleUV4Y2hhbmdlTXV0YXRpb24sXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBpZCxcbiAgICAgICAgICB0b2tlbixcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cblxuICBhc3luYyBpbml0aWF0ZU90ayhpbnB1dDogSW5pdGlhdGVPdGtJbnB1dDIgPSB7fSkge1xuICAgIHJldHVybiB0aGlzLm11dGF0ZSgoYXdhaXQgdGhpcy5pbml0aWF0ZU90a011dGF0aW9uKGlucHV0KSkubHJNdXRhdGlvbik7XG4gIH1cblxuICBhc3luYyBpbml0aWF0ZU90a011dGF0aW9uKHtcbiAgICBtZXNzYWdlLFxuICAgIGVtYWlsLFxuICAgIGNvbnRhY3RDYXJkLFxuICAgIHVwZ3JhZGUsXG4gIH06IEluaXRpYXRlT3RrSW5wdXQyID0ge30pIHtcbiAgICBjb25zdCBvdEtleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcbiAgICBjb25zdCBub25jZSA9IHRoaXMua2V5RmFjdG9yeS5yYW5kb21TdHJpbmcodGhpcy5DTElFTlRfTk9OQ0VfTEVOR1RIKTtcblxuICAgIC8vIE5ldyBQS0Mga2V5IGZvciBlbmNyeXB0aW9uLiBUaGlzIGtleSBpcyB1c2VkIG9ubHkgb25jZSB3aGVuIHRoZSByZXNwb25kZXIgc2VuZHNcbiAgICAvLyBiYWNrIHRoZWlyIHNpZ25pbmcgcHVibGljIGtleS5cbiAgICBjb25zdCBpbml0aWF0b3JPbmVUaW1lUHJrID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZVBrY0tleSgpO1xuXG4gICAgLy8gT3B0aW9uIDE6IE5ldyBQS0Mga2V5IGZvciBzaWduaW5nXG4gICAgLy8gY29uc3QgaW5pdGlhdG9yU2lnUHJrID0gYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmNyZWF0ZVBrY1NpZ25LZXkoKTtcblxuICAgIC8vIE9wdGlvbiAyOiBVc2UgdGhlIHVzZXIncyBnbG9iYWwgc2lnbmluZyBrZXkuXG4gICAgLy8gVGhpcyBrZXkgaXMgdXNlZCB0byBwcm92ZSB0aGUgaW5pdGlhdG9yJ3MgaWRlbnRpdHkuXG4gICAgY29uc3QgaW5pdGlhdG9yUHJrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRQeGs7XG4gICAgY29uc3QgaW5pdGlhdG9yU2lnUHJrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRTaWdQeGs7XG5cbiAgICBsZXQgaW5pdGlhdG9yUGxhaW5EYXRhU2lnOiBzdHJpbmcgPSBudWxsO1xuXG4gICAgaWYgKGNvbnRhY3RDYXJkICYmIGNvbnRhY3RDYXJkLm93bmVyUGxhaW5EYXRhSnNvbikge1xuICAgICAgaW5pdGlhdG9yUGxhaW5EYXRhU2lnID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduVG9TdHJpbmcoXG4gICAgICAgIGluaXRpYXRvclNpZ1Byay5qd2ssXG4gICAgICAgIGNvbnRhY3RDYXJkLm93bmVyUGxhaW5EYXRhSnNvblxuICAgICAgKTtcbiAgICB9XG5cbiAgICBjb25zdCBpbml0aWF0b3IgPSB7XG4gICAgICBtZXNzYWdlLFxuICAgICAgY29udGFjdENhcmQ6IGNvbnRhY3RDYXJkICYmIHtcbiAgICAgICAgc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvbjogY29udGFjdENhcmQuc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvbixcbiAgICAgIH0sXG4gICAgfTtcblxuICAgIC8vIENvbnRlbnQgdG8gYmUgZW5jcnlwdGVkIHVzaW5nIHRoZSBPVEsuXG4gICAgY29uc3QgcGxhaW5PdEtleUNpcGhlcjogT3RLZXlDaXBoZXJDbGVhckpzb24yID0ge1xuICAgICAgLy8gVE9ETyBNYWtlIHN1cmUgd2UgYWxzbyBwdXQgdGhlIE9PQiBjb2RlIGluIGhlcmUgYXMgd2VsbCBzaW5jZSB0aGUgT09CIGNvZGUgaXMgdGhlXG4gICAgICAvLyBfb25seV8gaW5mb3JtYXRpb24gdGhlIEtDIHNlcnZlciBkb2VzIG5vdCBoYXZlIGFjY2VzcyB0by4gVGhlIHNlcnZlciBtYXkgaGF2ZVxuICAgICAgLy8gYWNjZXNzIHRvIE9USyBhbmQgaGVuY2UgdGhlIG5vbmNlIGhlcmUuIEl0J3MgZ29vZCB0byBoYXZlIGJvdGggdGhlIG5vbmNlIGFuZCBPT0IgY29kZVxuICAgICAgLy8gc2luY2UgdGhlIHVzZXIgbWF5IG5vdCBiZSB1c2luZyB0aGUgT09CIGNvZGUuIEFuZCBpdCdzIHNpbXBsZSB0byBhbHdheXMgaW5jbHVkZVxuICAgICAgLy8gdGhlIG5vbmNlLCBzbyB3aHkgbm90LlxuICAgICAgbm9uY2UsXG4gICAgICBpbml0aWF0b3I6IHtcbiAgICAgICAgLi4uaW5pdGlhdG9yLFxuICAgICAgICBvbmVUaW1lUGJrOiBpbml0aWF0b3JPbmVUaW1lUHJrLnRvSlNPTigpLCAvLyBvbmUtdGltZSBwdWJsaWMgZW5jcnlwdGlvbiBrZXkgcmVzcG9uZGVyIHVzZSB0byBzZW5kIGRhdGEgYmFjayB0byBpbml0aWF0b3JcbiAgICAgICAgcGJrOiBpbml0aWF0b3JQcmsuandrLnRvSlNPTigpLCAvLyBwdWJsaWMgZW5jcnlwdGlvbiBrZXlcbiAgICAgICAgc2lnUGJrOiBpbml0aWF0b3JTaWdQcmsuandrLnRvSlNPTigpLCAvLyBwdWJsaWMgc2lnbmluZyBrZXlcbiAgICAgIH0sXG4gICAgfTtcblxuICAgIGNvbnN0IG90S2V5Q2lwaGVyID0gYXdhaXQgdGhpcy5rZXlHcmFwaC5lbmNyeXB0VG9TdHJpbmcoXG4gICAgICBvdEtleSxcbiAgICAgIHBsYWluT3RLZXlDaXBoZXJcbiAgICApO1xuXG4gICAgLy8gQ29udGVudCB0byBiZSBlbmNyeXB0ZWQgdXNpbmcgdGhlIGluaXRpYXRvcidzIHJvb3Qga2V5LlxuICAgIGNvbnN0IGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb246IEluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24yID0ge1xuICAgICAgbm9uY2UsXG4gICAgICBvbmVUaW1lUHJrOiBpbml0aWF0b3JPbmVUaW1lUHJrLnRvSlNPTih0cnVlKSxcbiAgICAgIC8vIFNob3VsZCBub3QgbmVlZCB0byBrZWVwIHRoaXMgZW5jcnlwdGVkIHNpbmNlIHdlIGFyZSB1c2luZyB0aGUgZ2xvYmFsIHNpZ25pbmcga2V5LlxuICAgICAgLy8gc2lnUHJrOiBpbml0aWF0b3JTaWdQcmsudG9KU09OKHRydWUpLFxuXG4gICAgICAvLyBTYXZlIGl0IGluIGNhc2UgdGhlIGluaXRpYXRvciB3YW50IHRvIGRlY29kZSB0aGUgb3RLZXlDaXBoZXIuXG4gICAgICAvLyBTaW5jZSB0aGUgb3RLZXkgaXMgb25seSB1c2VkIG9uY2UsIGFuZCB0aGF0IG90S2V5Q2lwaGVyIGNvbnRhaW5zIG9ubHlcbiAgICAgIC8vIHRoZSBwdWJsaWMga2V5IG9mIHRoZSBpbml0aWF0b3IsIGl0J3Mgc2FmZSBqdXN0IGxlYXZlIHRoZSBvdEtleSBzdG9yZWQgaGVyZS5cbiAgICAgIG90S2V5OiBvdEtleS50b0pTT04odHJ1ZSksXG4gICAgICAvLyBUaGVzZSBzaG91bGQgYmUgc3RvcmluZyBpbmZvcm1hdGlvbiBzdWNoIGFzIGhvdyB0aGUgZmllbGRzIG9mIHRoZSBzaGFyZWQgY29udGFjdCBjYXJkIGlzXG4gICAgICAvLyBkZXJpdmVkIGZyb20gdGhlIG1hc3RlciBjb250YWN0IGNhcmQuXG4gICAgICBpbml0aWF0b3JDb250YWN0Q2FyZDogY29udGFjdENhcmQsXG4gICAgICBpbml0aWF0b3IsXG4gICAgfTtcblxuICAgIGNvbnN0IHJvb3RLZXkgPSB0aGlzLmtleVNlcnZpY2UuY3VycmVudFJvb3RLZXk7XG4gICAgY29uc3QgaW5pdGlhdG9yUm9vdEtleUNpcGhlciA9IGF3YWl0IHRoaXMua2V5R3JhcGguZW5jcnlwdFRvU3RyaW5nKFxuICAgICAgcm9vdEtleS5qd2ssXG4gICAgICBpbml0aWF0b3JSb290S2V5Q2lwaGVyQ2xlYXJKc29uXG4gICAgKTtcblxuICAgIC8vIFRoZSByYXcgT1RLXG4gICAgY29uc3Qgb3RLZXlLOiBzdHJpbmcgPSAob3RLZXkudG9KU09OKHRydWUpIGFzIEpTT05PYmplY3QpLms7XG5cbiAgICAvLyBBUEkgY2FsbFxuICAgIGNvbnN0IGxyTXV0YXRpb24gPSBuZXcgTHJNdXRhdGlvbih7XG4gICAgICBtdXRhdGlvbjogSW5pdGlhdGVLZXlFeGNoYW5nZU90a011dGF0aW9uLFxuICAgICAgdmFyaWFibGVzOiB7XG4gICAgICAgIGlucHV0OiB7XG4gICAgICAgICAgLy8gVGhlc2Ugd2lsbCBiZSBzdG9yZWQgb24gdGhlIHNlcnZlclxuICAgICAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXIsXG4gICAgICAgICAgaW5pdGlhdG9yUHhrSWQ6IGluaXRpYXRvclByay5pZCxcbiAgICAgICAgICBpbml0aWF0b3JTaWdQeGtJZDogaW5pdGlhdG9yU2lnUHJrLmlkLFxuICAgICAgICAgIC8vIFRoZXNlIHdpbGwgYmUgc2VudCB0byB0aGUgcmVzcG9uZGVyXG4gICAgICAgICAgb3RLZXlQYXJhbXM6IEpTT04uc3RyaW5naWZ5KG90S2V5LnRvSlNPTigpKSxcbiAgICAgICAgICBvdEtleUNpcGhlcixcbiAgICAgICAgICBzZW5kRW1haWw6IGVtYWlsICYmIHtcbiAgICAgICAgICAgIGVtYWlsLFxuICAgICAgICAgICAgcmF3T3RLZXk6IG90S2V5SyxcbiAgICAgICAgICB9LFxuICAgICAgICAgIGNyZWF0ZVRwOiB0cnVlLFxuICAgICAgICAgIGluaXRpYXRvclBsYWluRGF0YVNpZyxcbiAgICAgICAgICB1cGdyYWRlLFxuICAgICAgICB9LFxuICAgICAgfSxcbiAgICB9KTtcblxuICAgIHJldHVybiB7IGxyTXV0YXRpb24sIG90S2V5SyB9O1xuICB9XG5cbiAgcmVzcG9uZE90ayhpbnB1dDogUmVzcG9uZE90a0lucHV0Mikge1xuICAgIHJldHVybiB0aGlzLm11dGF0ZSh0aGlzLnJlc3BvbmRPdGtNdXRhdGlvbihpbnB1dCkpO1xuICB9XG5cbiAgYXN5bmMgcmVzcG9uZE90a011dGF0aW9uKHtcbiAgICBrZXlFeGNoYW5nZUlkLFxuICAgIHRva2VuLFxuICAgIGRlY3J5cHRlZE90ayxcbiAgICBtZXNzYWdlLFxuICAgIGluaXRpYXRvckNvbnRhY3RDYXJkLFxuICAgIHJlc3BvbmRlckNvbnRhY3RDYXJkLFxuICB9OiBSZXNwb25kT3RrSW5wdXQyKSB7XG4gICAgY29uc3Qgcm9vdEtleSA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50Um9vdEtleTtcblxuICAgIGNvbnN0IG1hc3RlcktleSA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50TWFzdGVyS2V5O1xuXG4gICAgY29uc3Qgc2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xuICAgIGNvbnN0IG1rU2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xuXG4gICAgY29uc3QgcmtXcmFwcGVkU2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgcm9vdEtleS5qd2ssXG4gICAgICBzaGFyZWRLZXkudG9KU09OKHRydWUpXG4gICAgKTtcbiAgICBjb25zdCBta1dyYXBwZWRNa1NoYXJlZEtleSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIG1hc3RlcktleS5qd2ssXG4gICAgICBta1NoYXJlZEtleS50b0pTT04odHJ1ZSlcbiAgICApO1xuXG4gICAgY29uc3QgaW5pdGlhdG9yT25lVGltZVBiayA9IGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KFxuICAgICAgZGVjcnlwdGVkT3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvci5vbmVUaW1lUGJrXG4gICAgKTtcblxuICAgIGNvbnN0IGluaXRpYXRvclBiayA9IGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KFxuICAgICAgZGVjcnlwdGVkT3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvci5wYmtcbiAgICApO1xuICAgIGNvbnN0IGluaXRpYXRvclNpZ1BiayA9IGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KFxuICAgICAgZGVjcnlwdGVkT3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvci5zaWdQYmtcbiAgICApO1xuXG4gICAgLy8gT3B0aW9uIDE6IFVzaW5nIG5ldyBQcmsgZm9yIGVhY2ggVFAgcGFpclxuICAgIC8vIENyZWF0ZSBhIG5ldyBwdWJsaWMgc2lnbmluZyBrZXkgZm9yIHRoZSByZXNwb25kZXIuXG4gICAgLy8gY29uc3QgcmVzcG9uZGVyU2lnUHJrID0gYXdhaXQgdGhpcy5rZXlTZXJ2aWNlLmNyZWF0ZVBrY1NpZ25LZXkoKVxuICAgIC8vIGNvbnN0IHJrV3JhcHBlZFJlc3BvbmRlclNpZ1ByayA9IGF3YWl0IHRoaXMuZW5jcnlwdChyb290S2V5LCByZXNwb25kZXJTaWdQcmsudG9KU09OKHRydWUpKTtcblxuICAgIC8vIE9wdGlvbiAyOiBSZXNwb25kZXIgYWxyZWFkeSBoYXMgYSBzaWduaW5nIFBya1xuICAgIGNvbnN0IHJlc3BvbmRlclByayA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50UHhrO1xuICAgIGNvbnN0IHJlc3BvbmRlclNpZ1ByayA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50U2lnUHhrO1xuXG4gICAgY29uc3Qgc2lnbmVkSW5pdGlhdG9yUGJrID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduKFxuICAgICAgcmVzcG9uZGVyU2lnUHJrLmp3ayxcbiAgICAgIGluaXRpYXRvclBiay50b0pTT04oKVxuICAgICk7XG4gICAgY29uc3Qgc2lnbmVkSW5pdGlhdG9yU2lnUGJrID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5zaWduKFxuICAgICAgcmVzcG9uZGVyU2lnUHJrLmp3ayxcbiAgICAgIGluaXRpYXRvclNpZ1Biay50b0pTT04oKVxuICAgICk7XG5cbiAgICBjb25zdCBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uOiBJbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uID1cbiAgICAgIHtcbiAgICAgICAgbm9uY2U6IGRlY3J5cHRlZE90ay5vdEtleUNpcGhlckNsZWFySnNvbi5ub25jZSxcbiAgICAgICAgc2hhcmVkS2V5OiBzaGFyZWRLZXkudG9KU09OKHRydWUpLFxuICAgICAgICBta1NoYXJlZEtleTogbWtTaGFyZWRLZXkudG9KU09OKHRydWUpLFxuICAgICAgICByZXNwb25kZXI6IHtcbiAgICAgICAgICBwYms6IHJlc3BvbmRlclByay5qd2sudG9KU09OKCksIC8vIHB1YmxpYyBrZXlcbiAgICAgICAgICBzaWdQYms6IHJlc3BvbmRlclNpZ1Byay5qd2sudG9KU09OKCksIC8vIHB1YmxpYyBrZXlcbiAgICAgICAgICBtZXNzYWdlLFxuICAgICAgICB9LFxuICAgICAgfTtcblxuICAgIGxldCByZWNlaXZlZENhcmRJbnB1dDtcbiAgICBpZiAoZGVjcnlwdGVkT3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvci5jb250YWN0Q2FyZCkge1xuICAgICAgLy8gU2V0IHRoZSBpbmZvIGFib3V0IHRoZSBpbml0aWF0b3IgdG8gYmUgdGhlIG9uZXMgc2VudCBieSB0aGUgaW5pdGlhdG9yLiBXZSBuZWVkIHRoIHJlc3BvbmRlciB0byBkbyB0aGUgZW5jcnlwdGlvbiBoZXJlXG4gICAgICAvLyBiZWNhdXNlIHRoZSBpbml0aWF0b3IgZG9lcyBub3QgaGF2ZSB0aGUgc2hhcmVkIGtleSB5ZXQsIGFuZCB3ZSB3YW50IHRoZSByZXNwb25kZXIgdG8gaGF2ZSBhIGZ1bmN0aW9uYWwgY29udGFjdCBjYXJkIGFmdGVyXG4gICAgICAvLyB0aGlzIGV4Y2hhbmdlLiBUaGUgaW5pdGlhdG9yIGNhbiBkb3VibGUgY2hlY2sgdGhlIGNvbnRhY3QgZGV0YWlscyBhcmUgY29ycmVjdCBhbmQgc2lnbiBpdCB3aGVuIGl0IGNvbXBsZXRlcyB0aGUgZXhjaGFuZ2UuXG4gICAgICBjb25zdCBzaGFyZWRDaXBoZXJEYXRhQ2xlYXJKc29uID1cbiAgICAgICAgZGVjcnlwdGVkT3RrLm90S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvci5jb250YWN0Q2FyZFxuICAgICAgICAgIC5zaGFyZWRDaXBoZXJEYXRhQ2xlYXJKc29uO1xuXG4gICAgICAvLyBDcmVhdGUga2V5c1xuICAgICAgY29uc3QgcmVjZWl2ZXJLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG4gICAgICBjb25zdCBjY1NoYXJlZEtleSA9IGF3YWl0IHRoaXMua2V5RmFjdG9yeS5jcmVhdGVLZXkoKTtcbiAgICAgIGNvbnN0IHNpZ1B4ayA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50U2lnUHhrO1xuXG4gICAgICByZWNlaXZlZENhcmRJbnB1dCA9IHtcbiAgICAgICAgcmVjZWl2ZXJXcmFwcGVkS2V5OiBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICAgICAgICByb290S2V5Lmp3ayxcbiAgICAgICAgICAgIHJlY2VpdmVyS2V5LnRvSlNPTih0cnVlKVxuICAgICAgICAgIClcbiAgICAgICAgKSxcbiAgICAgICAgcmVjZWl2ZXJXcmFwcGluZ0tleUlkOiByb290S2V5LmlkLFxuICAgICAgICByZWNlaXZlckNpcGhlckRhdGE6IGluaXRpYXRvckNvbnRhY3RDYXJkXG4gICAgICAgICAgPyBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICAgICAgICAgIHJlY2VpdmVyS2V5LFxuICAgICAgICAgICAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkLnJlY2VpdmVyQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgICAgICAgICApXG4gICAgICAgICAgICApXG4gICAgICAgICAgOiAnJyxcbiAgICAgICAgc2hhcmVkV3JhcHBlZEtleTogSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICAgICAgc2hhcmVkS2V5LFxuICAgICAgICAgICAgY2NTaGFyZWRLZXkudG9KU09OKHRydWUpXG4gICAgICAgICAgKVxuICAgICAgICApLFxuICAgICAgfTtcblxuICAgICAgY29uc3Qgc2hhcmVkQ2lwaGVyRGF0YSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgICAgY2NTaGFyZWRLZXksXG4gICAgICAgIHNoYXJlZENpcGhlckRhdGFDbGVhckpzb25cbiAgICAgICk7XG4gICAgICByZWNlaXZlZENhcmRJbnB1dC5zaGFyZWRDaXBoZXJEYXRhU2lnID0gSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2Uuc2lnbihzaWdQeGsuandrLCBzaGFyZWRDaXBoZXJEYXRhKVxuICAgICAgKTtcbiAgICAgIHJlY2VpdmVkQ2FyZElucHV0LnNpZ1B4a0lkID0gc2lnUHhrLmlkO1xuXG4gICAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uLnJlc3BvbmRlci5jb250YWN0Q2FyZCA9IHtcbiAgICAgICAgLi4uaW5pdGlhdG9yT25lVGltZVBia0NpcGhlckNsZWFySnNvbi5yZXNwb25kZXIuY29udGFjdENhcmQsXG4gICAgICAgIHNoYXJlZENpcGhlcktleTogY2NTaGFyZWRLZXkudG9KU09OKHRydWUpLFxuICAgICAgfTtcbiAgICB9XG5cbiAgICBsZXQgcmVzcG9uZGVyQ2FyZElucHV0O1xuICAgIGlmIChyZXNwb25kZXJDb250YWN0Q2FyZCkge1xuICAgICAgLy8gQ3JlYXRlIGtleXNcbiAgICAgIGNvbnN0IG93bmVyS2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xuICAgICAgY29uc3QgY2NTaGFyZWRLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG4gICAgICBjb25zdCBzaWdQeGsgPSB0aGlzLmtleVNlcnZpY2UuY3VycmVudFNpZ1B4aztcblxuICAgICAgcmVzcG9uZGVyQ2FyZElucHV0ID0ge1xuICAgICAgICBvd25lcldyYXBwZWRLZXk6IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgICAgICAgIHJvb3RLZXkuandrLFxuICAgICAgICAgICAgb3duZXJLZXkudG9KU09OKHRydWUpXG4gICAgICAgICAgKVxuICAgICAgICApLFxuICAgICAgICBvd25lcldyYXBwaW5nS2V5SWQ6IHJvb3RLZXkuaWQsXG4gICAgICAgIG93bmVyQ2lwaGVyRGF0YTogcmVzcG9uZGVyQ29udGFjdENhcmQub3duZXJDaXBoZXJEYXRhQ2xlYXJKc29uXG4gICAgICAgICAgPyBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICAgICAgICAgIG93bmVyS2V5LFxuICAgICAgICAgICAgICAgIHJlc3BvbmRlckNvbnRhY3RDYXJkLm93bmVyQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgICAgICAgICApXG4gICAgICAgICAgICApXG4gICAgICAgICAgOiAnJyxcblxuICAgICAgICBzaGFyZWRXcmFwcGVkS2V5OiBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQoXG4gICAgICAgICAgICBzaGFyZWRLZXksXG4gICAgICAgICAgICBjY1NoYXJlZEtleS50b0pTT04odHJ1ZSlcbiAgICAgICAgICApXG4gICAgICAgICksXG4gICAgICB9O1xuXG4gICAgICBjb25zdCBzaGFyZWRDaXBoZXJEYXRhID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICBjY1NoYXJlZEtleSxcbiAgICAgICAgcmVzcG9uZGVyQ29udGFjdENhcmQuc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgKTtcbiAgICAgIHJlc3BvbmRlckNhcmRJbnB1dC5zaGFyZWRDaXBoZXJEYXRhU2lnID0gSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2Uuc2lnbihzaWdQeGsuandrLCBzaGFyZWRDaXBoZXJEYXRhKVxuICAgICAgKTtcbiAgICAgIHJlc3BvbmRlckNhcmRJbnB1dC5zaWdQeGtJZCA9IHNpZ1B4ay5pZDtcblxuICAgICAgaWYgKHJlc3BvbmRlckNvbnRhY3RDYXJkLm93bmVyUGxhaW5EYXRhSnNvbikge1xuICAgICAgICByZXNwb25kZXJDYXJkSW5wdXQub3duZXJQbGFpbkRhdGFTaWcgPSBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICAgICAgICByZXNwb25kZXJTaWdQcmsuandrLFxuICAgICAgICAgICAgcmVzcG9uZGVyQ29udGFjdENhcmQub3duZXJQbGFpbkRhdGFKc29uXG4gICAgICAgICAgKVxuICAgICAgICApO1xuICAgICAgfVxuXG4gICAgICAvLyBDb250YWN0IGNhcmQgaW5mbyByZWFkYWJsZSBieSB0aGUgaW5pdGlhdG9yXG4gICAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uLnJlc3BvbmRlci5jb250YWN0Q2FyZCA9IHtcbiAgICAgICAgLi4uaW5pdGlhdG9yT25lVGltZVBia0NpcGhlckNsZWFySnNvbi5yZXNwb25kZXIuY29udGFjdENhcmQsXG4gICAgICAgIHNoYXJlZENpcGhlckRhdGFDbGVhckpzb246XG4gICAgICAgICAgcmVzcG9uZGVyQ29udGFjdENhcmQuc2hhcmVkQ2lwaGVyRGF0YUNsZWFySnNvbixcbiAgICAgIH07XG4gICAgfVxuXG4gICAgLy8gRW5jcnlwdCB3aXRoIG9uZS10aW1lIHB1YmxpYyBrZXlcbiAgICBsZXQgaW5pdGlhdG9yT25lVGltZVBia0NpcGhlciA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIGluaXRpYXRvck9uZVRpbWVQYmssXG4gICAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyQ2xlYXJKc29uXG4gICAgKTtcblxuICAgIC8vIEVuY3J5cHQgd2l0aCB0aGUgb3RrIGFnYWluIHRvIGtlZXAgdXNlIG9mIGFzeW1tZXRyaWMga2V5cyB0byBhIG1pbmltdW0uXG4gICAgaW5pdGlhdG9yT25lVGltZVBia0NpcGhlciA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgIGRlY3J5cHRlZE90ay5vdEtleSxcbiAgICAgIGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJcbiAgICApO1xuXG4gICAgcmV0dXJuIG5ldyBMck11dGF0aW9uKHtcbiAgICAgIG11dGF0aW9uOiBSZXNwb25kS2V5RXhjaGFuZ2VPdGtNdXRhdGlvbixcbiAgICAgIHZhcmlhYmxlczoge1xuICAgICAgICBpbnB1dDoge1xuICAgICAgICAgIGtleUV4Y2hhbmdlSWQsXG4gICAgICAgICAga2V5RXhjaGFuZ2VUb2tlbjogdG9rZW4sXG4gICAgICAgICAgcm9vdEtleUlkOiByb290S2V5LmlkLFxuICAgICAgICAgIG1hc3RlcktleUlkOiBtYXN0ZXJLZXkuaWQsXG4gICAgICAgICAgLy8gVGhlc2Ugd2lsbCBiZSBzdG9yZWQgb24gdGhlIHNlcnZlclxuICAgICAgICAgIHJlc3BvbmRlclB4a0lkOiByZXNwb25kZXJQcmsuaWQsXG4gICAgICAgICAgcmVzcG9uZGVyU2lnUHhrSWQ6IHJlc3BvbmRlclNpZ1Byay5pZCxcbiAgICAgICAgICBzaWduZWRJbml0aWF0b3JQYms6IEpTT04uc3RyaW5naWZ5KHNpZ25lZEluaXRpYXRvclBiayksXG4gICAgICAgICAgc2lnbmVkSW5pdGlhdG9yU2lnUGJrOiBKU09OLnN0cmluZ2lmeShzaWduZWRJbml0aWF0b3JTaWdQYmspLFxuICAgICAgICAgIC8vIHJrV3JhcHBlZEluaXRpYXRvclNpZ1BiazogSlNPTi5zdHJpbmdpZnkocmtXcmFwcGVkSW5pdGlhdG9yU2lnUGJrKSxcblxuICAgICAgICAgIC8vIE9wdGlvbiAxOiBVc2luZyBuZXcgUHJrIGZvciBlYWNoIFRQIHBhaXJcbiAgICAgICAgICAvLyBya1dyYXBwZWRSZXNwb25kZXJTaWdQcms6IEpTT04uc3RyaW5naWZ5KHJrV3JhcHBlZFJlc3BvbmRlclNpZ1ByayksXG4gICAgICAgICAgcmtXcmFwcGVkU2hhcmVkS2V5OiBKU09OLnN0cmluZ2lmeShya1dyYXBwZWRTaGFyZWRLZXkpLFxuICAgICAgICAgIG1rV3JhcHBlZE1rU2hhcmVkS2V5OiBKU09OLnN0cmluZ2lmeShta1dyYXBwZWRNa1NoYXJlZEtleSksXG4gICAgICAgICAgLy8gVGhlc2Ugd2lsbCBiZSBzZW50IHRvIHRoZSBpbml0aWF0b3JcbiAgICAgICAgICBpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyOiBKU09OLnN0cmluZ2lmeShpbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyKSxcbiAgICAgICAgICBpbml0aWF0b3JDb250YWN0Q2FyZDogcmVjZWl2ZWRDYXJkSW5wdXQsXG4gICAgICAgICAgcmVzcG9uZGVyQ29udGFjdENhcmQ6IHJlc3BvbmRlckNhcmRJbnB1dCxcbiAgICAgICAgfSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cblxuICBjb21wbGV0ZU90ayhpbnB1dDogQ29tcGxldGVPdGtJbnB1dDIpIHtcbiAgICByZXR1cm4gdGhpcy5tdXRhdGUodGhpcy5jb21wbGV0ZU90a011dGF0aW9uKGlucHV0KSk7XG4gIH1cblxuICBhc3luYyBjb21wbGV0ZU90a011dGF0aW9uKHtcbiAgICBrZXlFeGNoYW5nZUlkLFxuICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXIsXG4gICAgaW5pdGlhdG9yT25lVGltZVBia0NpcGhlcixcbiAgICByZXNwb25kZXJDb250YWN0Q2FyZCxcbiAgICBpbml0aWF0b3JDb250YWN0Q2FyZCxcbiAgfTogQ29tcGxldGVPdGtJbnB1dDIpIHtcbiAgICBjb25zdCByb290S2V5ID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRSb290S2V5O1xuICAgIGNvbnN0IG1hc3RlcktleSA9IHRoaXMua2V5U2VydmljZS5jdXJyZW50TWFzdGVyS2V5O1xuXG4gICAgLy8gRGVjcnlwdCB1c2luZyB0aGUgcm9vdCBrZXkgdG8gZ2V0IHRoZSBQcmtcbiAgICBjb25zdCBpbml0aWF0b3JSb290S2V5Q2lwaGVyQ2xlYXJKc29uID1cbiAgICAgIChhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmRlY3J5cHQoXG4gICAgICAgIHJvb3RLZXkuandrLFxuICAgICAgICBpbml0aWF0b3JSb290S2V5Q2lwaGVyXG4gICAgICApKSBhcyBJbml0aWF0b3JSb290S2V5Q2lwaGVyQ2xlYXJKc29uMjtcblxuICAgIC8vIFRoZSBQcmsgaXMgc2luZ2xlLXVzZSBhbmQgb25seSB1c2VkIHRvIHNlbmQgaW5mb3JtYXRpb24gZnJvbSB0aGUgcmVzcG9uZGVyIGJhY2sgdG8gdGhlIGluaXRpYXRvci5cbiAgICBjb25zdCBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIgPSBhd2FpdCB0aGlzLmRlY3J5cHRSZXNwb25zZUNpcGhlcihcbiAgICAgIGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24ub3RLZXkpLFxuICAgICAgYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoaW5pdGlhdG9yUm9vdEtleUNpcGhlckNsZWFySnNvbi5vbmVUaW1lUHJrKSxcbiAgICAgIGluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXJcbiAgICApO1xuXG4gICAgLy8gQ2hlY2sgdGhlIG5vbmNlIG1hdGNoIHRvIGVuc3VyZSB0aGUgcmVzcG9uZGVyIHdhcyB0aGUgb25lIGhvbGRpbmcgdGhlIE9US1xuICAgIGlmIChcbiAgICAgIGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24ubm9uY2UgIT09XG4gICAgICBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIubm9uY2VcbiAgICApIHtcbiAgICAgIHRocm93IG5ldyBLY0NvZGVNaXNtYXRjaEV4Y2VwdGlvbihcbiAgICAgICAgJ1RoZSBub25jZSByZXR1cm5lZCBieSByZXNwb25kZXIgZG9lcyBub3QgbWF0Y2ggd2l0aCB0aGUgb25lIGNyZWF0ZWQgYnkgdGhlIGluaXRpYXRvci4nXG4gICAgICApO1xuICAgIH1cblxuICAgIC8vIE9wdGlvbiAxOiBBc3N1bWluZyB0aGUgc2lnbmluZyBrZXkgaXMgdW5pcXVlIGJldHdlZW4gdXNlcnMuXG4gICAgLy8gY29uc3QgaW5pdGlhdG9yU2lnUHJrID0gYXdhaXQgS0ZTLmFzS2V5KGtlLnBsYWluSW5pdGlhdG9yUm9vdEtleUNpcGhlci5zaWdQcmspO1xuICAgIC8vIGNvbnN0IHJrV3JhcHBlZEluaXRpYXRvclNpZ1ByayA9IGF3YWl0IHRoaXMuZW5jcnlwdChyb290S2V5LCBpbml0aWF0b3JTaWdQcmsudG9KU09OKHRydWUpKTtcblxuICAgIC8vIE9wdGlvbiAyOiBVc2UgdGhlIHVzZXIncyBnbG9iYWwgc2lnbmluZyBrZXkuXG4gICAgLy8gSW4gdGhpcyBjYXNlIHRoZSBpbml0aWF0b3JTaWdQcmsgaXMgYWxyZWFkeSBhIHBhcnQgb2YgdGhlIGtleSBncmFwaC5cbiAgICAvLyBTbyB0aGVyZSdzIG5vdGhpbmcgdG8gZG8gaGVyZS5cblxuICAgIC8vIFByb3RlY3RlZCB0aGUgc2lnbmluZyBwdWJsaWMga2V5IG9mIHRoZSByZXNwb25kZXIuXG4gICAgY29uc3QgaW5pdGlhdG9yU2lnUHJrID0gdGhpcy5rZXlTZXJ2aWNlLmN1cnJlbnRTaWdQeGs7XG4gICAgY29uc3QgcmVzcG9uZGVyU2lnUGJrID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoXG4gICAgICBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIucmVzcG9uZGVyLnNpZ1Bia1xuICAgICk7XG4gICAgY29uc3QgcmVzcG9uZGVyUGJrID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoXG4gICAgICBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIucmVzcG9uZGVyLnBia1xuICAgICk7XG5cbiAgICBjb25zdCBzaWduZWRSZXNwb25kZXJQYmsgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICBpbml0aWF0b3JTaWdQcmsuandrLFxuICAgICAgcmVzcG9uZGVyUGJrLnRvSlNPTigpXG4gICAgKTtcbiAgICBjb25zdCBzaWduZWRSZXNwb25kZXJTaWdQYmsgPSBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICBpbml0aWF0b3JTaWdQcmsuandrLFxuICAgICAgcmVzcG9uZGVyU2lnUGJrLnRvSlNPTigpXG4gICAgKTtcblxuICAgIGNvbnN0IHNoYXJlZEtleSA9IGF3YWl0IEtleUZhY3RvcnlTZXJ2aWNlLmFzS2V5KFxuICAgICAgcGxhaW5Jbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyLnNoYXJlZEtleVxuICAgICk7XG4gICAgY29uc3QgcmtXcmFwcGVkU2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgcm9vdEtleS5qd2ssXG4gICAgICBzaGFyZWRLZXkudG9KU09OKHRydWUpXG4gICAgKTtcblxuICAgIGNvbnN0IG1rU2hhcmVkS2V5ID0gYXdhaXQgS2V5RmFjdG9yeVNlcnZpY2UuYXNLZXkoXG4gICAgICBwbGFpbkluaXRpYXRvck9uZVRpbWVQYmtDaXBoZXIubWtTaGFyZWRLZXlcbiAgICApO1xuICAgIGNvbnN0IG1rV3JhcHBlZE1rU2hhcmVkS2V5ID0gYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgbWFzdGVyS2V5Lmp3ayxcbiAgICAgIG1rU2hhcmVkS2V5LnRvSlNPTih0cnVlKVxuICAgICk7XG5cbiAgICBsZXQgcmVzcG9uZGVyQ29udGFjdENhcmRDaXBoZXJJbnB1dDtcbiAgICBpZiAocmVzcG9uZGVyQ29udGFjdENhcmQpIHtcbiAgICAgIC8vIENyZWF0ZSBrZXlcbiAgICAgIGNvbnN0IHJlY2VpdmVyS2V5ID0gYXdhaXQgdGhpcy5rZXlGYWN0b3J5LmNyZWF0ZUtleSgpO1xuXG4gICAgICByZXNwb25kZXJDb250YWN0Q2FyZENpcGhlcklucHV0ID0ge1xuICAgICAgICByZWNlaXZlcldyYXBwZWRLZXk6IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICAgIGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgICAgICAgIHJvb3RLZXkuandrLFxuICAgICAgICAgICAgcmVjZWl2ZXJLZXkudG9KU09OKHRydWUpXG4gICAgICAgICAgKVxuICAgICAgICApLFxuICAgICAgICByZWNlaXZlcldyYXBwaW5nS2V5SWQ6IHJvb3RLZXkuaWQsXG4gICAgICAgIHJlY2VpdmVyQ2lwaGVyRGF0YTogSlNPTi5zdHJpbmdpZnkoXG4gICAgICAgICAgYXdhaXQgdGhpcy5lbmNyeXB0aW9uU2VydmljZS5lbmNyeXB0KFxuICAgICAgICAgICAgcmVjZWl2ZXJLZXksXG4gICAgICAgICAgICByZXNwb25kZXJDb250YWN0Q2FyZC5yZWNlaXZlckNpcGhlckRhdGFDbGVhckpzb25cbiAgICAgICAgICApXG4gICAgICAgICksXG4gICAgICB9O1xuICAgIH1cblxuICAgIC8vIEdldCB0aGUgZGF0YSBuZWVkZWQgZnJvbSB0aGUgaW5pdGlhdG9yJ3MgY2lwaGVyIGRhdGEuXG4gICAgbGV0IGluaXRpYXRvckNvbnRhY3RDYXJkQ2lwaGVySW5wdXQ7XG4gICAgbGV0IGluaXRpYXRvckNvbnRhY3RDYXJkU2hhcmVkQ2lwaGVySW5wdXQ7XG4gICAgaWYgKGluaXRpYXRvclJvb3RLZXlDaXBoZXJDbGVhckpzb24uaW5pdGlhdG9yQ29udGFjdENhcmQpIHtcbiAgICAgIC8vIFRoZSBpbml0aWF0b3JDb250YWN0Q2FyZCBjcmVhdGVkIGR1cmluZyB0aGUgY3JlYXRpb24gb2YgdGhlIGludml0ZSBhbmQgZW5jcnlwdGVkIHVzaW5nIHRoZSBpbml0aWF0b3Inc1xuICAgICAgLy8gcm9vdCBrZXlcbiAgICAgIGNvbnN0IGluaXRpYXRvckNvbnRhY3RDYXJkRnJvbUluaXQgPVxuICAgICAgICBpbml0aWF0b3JSb290S2V5Q2lwaGVyQ2xlYXJKc29uLmluaXRpYXRvckNvbnRhY3RDYXJkO1xuICAgICAgY29uc3Qgb3duZXJLZXkgPSBhd2FpdCB0aGlzLmtleUZhY3RvcnkuY3JlYXRlS2V5KCk7XG4gICAgICBjb25zdCBzaGFyZWRDaXBoZXJLZXkgPSBhd2FpdCBLZXlGYWN0b3J5U2VydmljZS5hc0tleShcbiAgICAgICAgcGxhaW5Jbml0aWF0b3JPbmVUaW1lUGJrQ2lwaGVyLnJlc3BvbmRlci5jb250YWN0Q2FyZC5zaGFyZWRDaXBoZXJLZXlcbiAgICAgICk7XG5cbiAgICAgIGNvbnN0IG93bmVyV3JhcHBlZEtleSA9IEpTT04uc3RyaW5naWZ5KFxuICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLmVuY3J5cHQocm9vdEtleS5qd2ssIG93bmVyS2V5LnRvSlNPTih0cnVlKSlcbiAgICAgICk7XG5cbiAgICAgIC8vIEFsbG93IHRoZSBpbml0aWF0b3JDb250YWN0Q2FyZCBwYXJhbWV0ZXIgdG8gb3ZlcnJpZGVcbiAgICAgIGNvbnN0IG93bmVyQ2lwaGVyRGF0YUNsZWFySnNvbiA9XG4gICAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkPy5vd25lckNpcGhlckRhdGFDbGVhckpzb24gfHxcbiAgICAgICAgaW5pdGlhdG9yQ29udGFjdENhcmRGcm9tSW5pdC5vd25lckNpcGhlckRhdGFDbGVhckpzb247XG5cbiAgICAgIGNvbnN0IG93bmVyQ2lwaGVyRGF0YSA9IG93bmVyQ2lwaGVyRGF0YUNsZWFySnNvblxuICAgICAgICA/IGF3YWl0IHRoaXMua2V5R3JhcGguZW5jcnlwdFRvU3RyaW5nKFxuICAgICAgICAgICAgb3duZXJLZXksXG4gICAgICAgICAgICBvd25lckNpcGhlckRhdGFDbGVhckpzb25cbiAgICAgICAgICApXG4gICAgICAgIDogJyc7XG5cbiAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkQ2lwaGVySW5wdXQgPSB7XG4gICAgICAgIG93bmVyV3JhcHBlZEtleSxcbiAgICAgICAgb3duZXJXcmFwcGluZ0tleUlkOiByb290S2V5LmlkLFxuICAgICAgICBvd25lckNpcGhlckRhdGEsXG4gICAgICB9O1xuXG4gICAgICBpbml0aWF0b3JDb250YWN0Q2FyZFNoYXJlZENpcGhlcklucHV0ID0ge1xuICAgICAgICBzaWdQeGtJZDogaW5pdGlhdG9yU2lnUHJrLmlkLFxuICAgICAgfTtcblxuICAgICAgY29uc3Qgc2hhcmVkQ2lwaGVyRGF0YSA9IGF3YWl0IHRoaXMuZW5jcnlwdGlvblNlcnZpY2UuZW5jcnlwdChcbiAgICAgICAgc2hhcmVkQ2lwaGVyS2V5LFxuICAgICAgICBpbml0aWF0b3JDb250YWN0Q2FyZEZyb21Jbml0LnNoYXJlZENpcGhlckRhdGFDbGVhckpzb25cbiAgICAgICk7XG4gICAgICBpbml0aWF0b3JDb250YWN0Q2FyZFNoYXJlZENpcGhlcklucHV0LnNoYXJlZENpcGhlckRhdGFTaWcgPVxuICAgICAgICBKU09OLnN0cmluZ2lmeShcbiAgICAgICAgICBhd2FpdCB0aGlzLmVuY3J5cHRpb25TZXJ2aWNlLnNpZ24oXG4gICAgICAgICAgICBpbml0aWF0b3JTaWdQcmsuandrLFxuICAgICAgICAgICAgc2hhcmVkQ2lwaGVyRGF0YVxuICAgICAgICAgIClcbiAgICAgICAgKTtcbiAgICB9XG5cbiAgICAvLyBUT0RPIGlkZWFsbHkgd2UgdXBkYXRlIHRoZSBzaGFyZWQgZGF0YSBpbiB0aGUgY29udGFjdCBjYXJkIHNlbnQgdG8gdGhlIHJlc3BvbmRlciBhcyB3ZWxsIHNpbmNlIHRoYXRcbiAgICAvLyBDQyB3YXMgY3JlYXRlZCBieSB0aGUgcmVzcG9uZGVyLlxuXG4gICAgcmV0dXJuIG5ldyBMck11dGF0aW9uKHtcbiAgICAgIG11dGF0aW9uOiBDb21wbGV0ZUtleUV4Y2hhbmdlT3RrTXV0YXRpb24sXG4gICAgICB2YXJpYWJsZXM6IHtcbiAgICAgICAgaW5wdXQ6IHtcbiAgICAgICAgICBrZXlFeGNoYW5nZUlkLFxuICAgICAgICAgIHJvb3RLZXlJZDogcm9vdEtleS5pZCxcbiAgICAgICAgICBtYXN0ZXJLZXlJZDogbWFzdGVyS2V5LmlkLFxuICAgICAgICAgIGluaXRpYXRvclNpZ1B4a0lkOiBpbml0aWF0b3JTaWdQcmsuaWQsXG4gICAgICAgICAgc2lnbmVkUmVzcG9uZGVyUGJrOiBKU09OLnN0cmluZ2lmeShzaWduZWRSZXNwb25kZXJQYmspLFxuICAgICAgICAgIHNpZ25lZFJlc3BvbmRlclNpZ1BiazogSlNPTi5zdHJpbmdpZnkoc2lnbmVkUmVzcG9uZGVyU2lnUGJrKSxcbiAgICAgICAgICBya1dyYXBwZWRTaGFyZWRLZXk6IEpTT04uc3RyaW5naWZ5KHJrV3JhcHBlZFNoYXJlZEtleSksXG4gICAgICAgICAgbWtXcmFwcGVkTWtTaGFyZWRLZXk6IEpTT04uc3RyaW5naWZ5KG1rV3JhcHBlZE1rU2hhcmVkS2V5KSxcbiAgICAgICAgICByZXNwb25kZXJDb250YWN0Q2FyZENpcGhlcjogcmVzcG9uZGVyQ29udGFjdENhcmRDaXBoZXJJbnB1dCxcbiAgICAgICAgICBpbml0aWF0b3JDb250YWN0Q2FyZENpcGhlcjogaW5pdGlhdG9yQ29udGFjdENhcmRDaXBoZXJJbnB1dCxcbiAgICAgICAgICBpbml0aWF0b3JDb250YWN0Q2FyZFNoYXJlZENpcGhlcjpcbiAgICAgICAgICAgIGluaXRpYXRvckNvbnRhY3RDYXJkU2hhcmVkQ2lwaGVySW5wdXQsXG4gICAgICAgIH0sXG4gICAgICB9LFxuICAgIH0pO1xuICB9XG59XG4iXX0=